/* api.c API unit tests * * Copyright (C) 2006-2023 wolfSSL Inc. * * This file is part of wolfSSL. * * wolfSSL is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by * the Free Software Foundation; either version 2 of the License, or * (at your option) any later version. * * wolfSSL is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU General Public License for more details. * * You should have received a copy of the GNU General Public License * along with this program; if not, write to the Free Software * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA */ /* For AES-CBC, input lengths can optionally be validated to be a * multiple of the block size, by defining WOLFSSL_AES_CBC_LENGTH_CHECKS, * also available via the configure option --enable-aescbc-length-checks. */ /*----------------------------------------------------------------------------* | Includes *----------------------------------------------------------------------------*/ #ifdef HAVE_CONFIG_H #include #endif #include #undef TEST_OPENSSL_COEXIST /* can't use this option with this example */ #ifndef FOURK_BUF #define FOURK_BUF 4096 #endif #ifndef TWOK_BUF #define TWOK_BUF 2048 #endif #ifndef ONEK_BUF #define ONEK_BUF 1024 #endif #if defined(WOLFSSL_STATIC_MEMORY) #include #endif /* WOLFSSL_STATIC_MEMORY */ #ifndef HEAP_HINT #define HEAP_HINT NULL #endif /* WOLFSSL_STAIC_MEMORY */ #ifdef WOLFSSL_ASNC_CRYPT #include #endif #ifdef HAVE_ECC #include /* wc_ecc_fp_free */ #ifndef ECC_ASN963_MAX_BUF_SZ #define ECC_ASN963_MAX_BUF_SZ 133 #endif #ifndef ECC_PRIV_KEY_BUF #define ECC_PRIV_KEY_BUF 66 /* For non user defined curves. */ #endif /* ecc key sizes: 14, 16, 20, 24, 28, 30, 32, 40, 48, 64 */ /* logic to choose right key ECC size */ #if (defined(HAVE_ECC112) || defined(HAVE_ALL_CURVES)) && ECC_MIN_KEY_SZ <= 112 #define KEY14 14 #else #define KEY14 32 #endif #if (defined(HAVE_ECC128) || defined(HAVE_ALL_CURVES)) && ECC_MIN_KEY_SZ <= 128 #define KEY16 16 #else #define KEY16 32 #endif #if (defined(HAVE_ECC160) || defined(HAVE_ALL_CURVES)) && ECC_MIN_KEY_SZ <= 160 #define KEY20 20 #else #define KEY20 32 #endif #if (defined(HAVE_ECC192) || defined(HAVE_ALL_CURVES)) && ECC_MIN_KEY_SZ <= 192 #define KEY24 24 #else #define KEY24 32 #endif #if defined(HAVE_ECC224) || defined(HAVE_ALL_CURVES) #define KEY28 28 #else #define KEY28 32 #endif #if defined(HAVE_ECC239) || defined(HAVE_ALL_CURVES) #define KEY30 30 #else #define KEY30 32 #endif #define KEY32 32 #if defined(HAVE_ECC320) || defined(HAVE_ALL_CURVES) #define KEY40 40 #else #define KEY40 32 #endif #if defined(HAVE_ECC384) || defined(HAVE_ALL_CURVES) #define KEY48 48 #else #define KEY48 32 #endif #if defined(HAVE_ECC512) || defined(HAVE_ALL_CURVES) #define KEY64 64 #else #define KEY64 32 #endif #if !defined(HAVE_COMP_KEY) #if !defined(NOCOMP) #define NOCOMP 0 #endif #else #if !defined(COMP) #define COMP 1 #endif #endif #if !defined(DER_SZ) #define DER_SZ(ks) ((ks) * 2 + 1) #endif #endif #ifndef NO_ASN #include #endif #include #include #include /* compatibility layer */ #include #include #include "examples/server/server.h" /* for testing compatibility layer callbacks */ #ifndef NO_MD5 #include #endif #ifndef NO_SHA #include #endif #ifndef NO_SHA256 #include #endif #ifdef WOLFSSL_SHA512 #include #endif #ifdef WOLFSSL_SHA384 #include #endif #ifdef WOLFSSL_SHA3 #include #ifndef HEAP_HINT #define HEAP_HINT NULL #endif #endif #ifndef NO_AES #include #ifdef HAVE_AES_DECRYPT #include #endif #endif #ifdef WOLFSSL_RIPEMD #include #endif #ifndef NO_DES3 #include #include #endif #ifdef WC_RC2 #include #endif #ifndef NO_HMAC #include #endif #ifdef HAVE_CHACHA #include #endif #ifdef HAVE_POLY1305 #include #endif #if defined(HAVE_CHACHA) && defined(HAVE_POLY1305) #include #endif #ifdef HAVE_CAMELLIA #include #endif #ifndef NO_RC4 #include #endif #ifdef HAVE_BLAKE2 #include #endif #include #ifndef NO_RSA #include #define FOURK_BUF 4096 #define GEN_BUF 294 #ifndef USER_CRYPTO_ERROR #define USER_CRYPTO_ERROR (-101) /* error returned by IPP lib. */ #endif #endif #ifndef NO_SIG_WRAPPER #include #endif #ifdef HAVE_AESCCM #include #endif #ifdef HAVE_PKCS7 #include #include #ifdef HAVE_LIBZ #include #endif #endif #ifdef WOLFSSL_SMALL_CERT_VERIFY #include #endif #ifndef NO_DSA #include #ifndef ONEK_BUF #define ONEK_BUF 1024 #endif #ifndef TWOK_BUF #define TWOK_BUF 2048 #endif #ifndef FOURK_BUF #define FOURK_BUF 4096 #endif #ifndef DSA_SIG_SIZE #define DSA_SIG_SIZE 40 #endif #ifndef MAX_DSA_PARAM_SIZE #define MAX_DSA_PARAM_SIZE 256 #endif #endif #ifdef WOLFSSL_CMAC #include #endif #ifdef HAVE_ED25519 #include #endif #ifdef HAVE_CURVE25519 #include #endif #ifdef HAVE_ED448 #include #endif #ifdef HAVE_CURVE448 #include #endif #ifdef HAVE_PKCS12 #include #endif #include #if (defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL) || defined(OPENSSL_ALL)) #include #ifndef NO_ASN /* for ASN_COMMON_NAME DN_tags enum */ #include #endif #ifdef HAVE_OCSP #include #endif #endif #ifdef OPENSSL_EXTRA #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #ifdef OPENSSL_ALL #include #include #endif #ifndef NO_AES #include #endif #ifndef NO_DES3 #include #endif #ifdef HAVE_ECC #include #endif #ifdef HAVE_PKCS7 #include #endif #ifdef HAVE_ED25519 #include #endif #ifdef HAVE_ED448 #include #endif #endif /* OPENSSL_EXTRA */ #if defined(OPENSSL_EXTRA) && defined(WOLFCRYPT_HAVE_SRP) \ && !defined(NO_SHA256) && !defined(RC_NO_RNG) #include #endif #if (defined(SESSION_CERTS) && defined(TEST_PEER_CERT_CHAIN)) || \ defined(HAVE_SESSION_TICKET) || (defined(OPENSSL_EXTRA) && \ defined(WOLFSSL_CERT_EXT) && defined(WOLFSSL_CERT_GEN)) || \ defined(WOLFSSL_TEST_STATIC_BUILD) || defined(WOLFSSL_DTLS) || \ defined(HAVE_ECH) || defined(HAVE_EX_DATA) /* for testing SSL_get_peer_cert_chain, or SESSION_TICKET_HINT_DEFAULT, * for setting authKeyIdSrc in WOLFSSL_X509, or testing DTLS sequence * number tracking */ #include "wolfssl/internal.h" #endif /* force enable test buffers */ #ifndef USE_CERT_BUFFERS_2048 #define USE_CERT_BUFFERS_2048 #endif #ifndef USE_CERT_BUFFERS_256 #define USE_CERT_BUFFERS_256 #endif #include typedef struct testVector { const char* input; const char* output; size_t inLen; size_t outLen; } testVector; #if defined(HAVE_PKCS7) typedef struct { const byte* content; word32 contentSz; int contentOID; int encryptOID; int keyWrapOID; int keyAgreeOID; byte* cert; size_t certSz; byte* privateKey; word32 privateKeySz; } pkcs7EnvelopedVector; #ifndef NO_PKCS7_ENCRYPTED_DATA typedef struct { const byte* content; word32 contentSz; int contentOID; int encryptOID; byte* encryptionKey; word32 encryptionKeySz; } pkcs7EncryptedVector; #endif #endif /* HAVE_PKCS7 */ /*----------------------------------------------------------------------------* | Constants *----------------------------------------------------------------------------*/ /* Test result constants and macros. */ /* Test succeeded. */ #define TEST_SUCCESS (1) /* Test failed. */ #define TEST_FAIL (0) /* Test skipped - not run. */ #define TEST_SKIPPED (-7777) /* Returns the result based on whether check is true. * * @param [in] check Condition for success. * @return When condition is true: TEST_SUCCESS. * @return When condition is false: TEST_FAIL. */ #ifdef DEBUG_WOLFSSL_VERBOSE #define XSTRINGIFY(s) STRINGIFY(s) #define STRINGIFY(s) #s #define TEST_RES_CHECK(check) ({ \ int _ret = (check) ? TEST_SUCCESS : TEST_FAIL; \ if (_ret == TEST_FAIL) { \ fprintf(stderr, " check \"%s\" at %d ", \ XSTRINGIFY(check), __LINE__); \ } \ _ret; }) #else #define TEST_RES_CHECK(check) \ ((check) ? TEST_SUCCESS : TEST_FAIL) #endif /* DEBUG_WOLFSSL_VERBOSE */ #define TEST_STRING "Everyone gets Friday off." #define TEST_STRING_SZ 25 #if (!defined(WOLFSSL_SP_MATH) || defined(WOLFSSL_SP_MATH_ALL)) && \ (!defined(HAVE_FIPS_VERSION) || (HAVE_FIPS_VERSION < 4)) #define TEST_RSA_BITS 1024 #else #define TEST_RSA_BITS 2048 #endif #define TEST_RSA_BYTES (TEST_RSA_BITS/8) #if !defined(NO_FILESYSTEM) && !defined(NO_CERTS) && \ (!defined(NO_WOLFSSL_SERVER) || !defined(NO_WOLFSSL_CLIENT)) static const char* bogusFile = #ifdef _WIN32 "NUL" #else "/dev/null" #endif ; #endif /* !NO_FILESYSTEM && !NO_CERTS && (!NO_WOLFSSL_SERVER || !NO_WOLFSSL_CLIENT) */ enum { TESTING_RSA = 1, TESTING_ECC = 2 }; #ifdef WOLFSSL_QNX_CAAM #include static int testDevId = WOLFSSL_CAAM_DEVID; #else static int testDevId = INVALID_DEVID; #endif #if !defined(NO_FILESYSTEM) && !defined(NO_CERTS) && \ !defined(NO_RSA) && !defined(SINGLE_THREADED) && \ !defined(NO_WOLFSSL_SERVER) && !defined(NO_WOLFSSL_CLIENT) #define HAVE_IO_TESTS_DEPENDENCIES #endif /*----------------------------------------------------------------------------* | BIO with fixed read/write size *----------------------------------------------------------------------------*/ #if defined(OPENSSL_EXTRA) && !defined(NO_BIO) static int wolfssl_bio_s_fixed_mem_write(WOLFSSL_BIO* bio, const char* data, int len) { if ((bio == NULL) || (bio->ptr == NULL) || (data == NULL)) { len = 0; } else { if (bio->wrSz - bio->wrIdx < len) { len = bio->wrSz - bio->wrIdx; } XMEMCPY((char*)bio->ptr + bio->wrIdx, data, len); bio->wrIdx += len; } return len; } static int wolfssl_bio_s_fixed_mem_read(WOLFSSL_BIO* bio, char* data, int len) { if ((bio == NULL) || (bio->ptr == NULL) || (data == NULL)) { len = 0; } else { if (bio->wrSz - bio->rdIdx < len) { len = bio->wrSz - bio->rdIdx; } XMEMCPY(data, (char*)bio->ptr + bio->rdIdx, len); bio->rdIdx += len; } return len; } static WOLFSSL_BIO_METHOD* wolfSSL_BIO_s_fixed_mem(void) { static WOLFSSL_BIO_METHOD meth; meth.type = WOLFSSL_BIO_BIO; XMEMCPY(meth.name, "Fixed Memory Size", 18); meth.writeCb = wolfssl_bio_s_fixed_mem_write; meth.readCb = wolfssl_bio_s_fixed_mem_read; return &meth; } #endif /*----------------------------------------------------------------------------* | Setup *----------------------------------------------------------------------------*/ static int test_wolfSSL_Init(void) { int result; result = wolfSSL_Init(); result = TEST_RES_CHECK(result == WOLFSSL_SUCCESS); return result; } static int test_wolfSSL_Cleanup(void) { int result; result = wolfSSL_Cleanup(); result = TEST_RES_CHECK(result == WOLFSSL_SUCCESS); return result; } /* Initialize the wolfCrypt state. * POST: 0 success. */ static int test_wolfCrypt_Init(void) { int result; result = wolfCrypt_Init(); result = TEST_RES_CHECK(result == 0); return result; } /* END test_wolfCrypt_Init */ static int test_wolfCrypt_Cleanup(void) { int result; result = wolfCrypt_Cleanup(); result = TEST_RES_CHECK(result == 0); return result; } /*----------------------------------------------------------------------------* | Platform dependent function test *----------------------------------------------------------------------------*/ static int test_fileAccess(void) { int res = TEST_SKIPPED; #if defined(WOLFSSL_TEST_PLATFORMDEPEND) && !defined(NO_FILESYSTEM) const char *fname[] = { svrCertFile, svrKeyFile, caCertFile, eccCertFile, eccKeyFile, eccRsaCertFile, cliCertFile, cliCertDerFile, cliKeyFile, dhParamFile, cliEccKeyFile, cliEccCertFile, caEccCertFile, edCertFile, edKeyFile, cliEdCertFile, cliEdKeyFile, caEdCertFile, NULL }; const char derfile[] = "./certs/server-cert.der"; XFILE f; size_t sz; byte *buff; int i; AssertTrue(XFOPEN("badfilename", "rb") == XBADFILE); for (i=0; fname[i] != NULL ; i++) { AssertTrue((f = XFOPEN(fname[i], "rb")) != XBADFILE); XFCLOSE(f); } AssertTrue((f = XFOPEN(derfile, "rb")) != XBADFILE); AssertTrue(XFSEEK(f, 0, XSEEK_END) == 0); sz = (size_t) XFTELL(f); AssertTrue(XFSEEK(f, 0, XSEEK_SET) == 0); AssertTrue(sz == sizeof_server_cert_der_2048); AssertTrue((buff = (byte*)XMALLOC(sz, NULL, DYNAMIC_TYPE_FILE)) != NULL) ; AssertTrue(XFREAD(buff, 1, sz, f) == sz); XMEMCMP(server_cert_der_2048, buff, sz); res = TEST_RES_CHECK(1); #endif return res; } /*----------------------------------------------------------------------------* | Method Allocators *----------------------------------------------------------------------------*/ static int test_wolfSSL_Method_Allocators(void) { #define TEST_METHOD_ALLOCATOR(allocator, condition) \ do { \ WOLFSSL_METHOD *method; \ condition(method = allocator()); \ XFREE(method, 0, DYNAMIC_TYPE_METHOD); \ } while(0) #define TEST_VALID_METHOD_ALLOCATOR(a) \ TEST_METHOD_ALLOCATOR(a, AssertNotNull) #define TEST_INVALID_METHOD_ALLOCATOR(a) \ TEST_METHOD_ALLOCATOR(a, AssertNull) #ifndef NO_OLD_TLS #ifdef WOLFSSL_ALLOW_SSLV3 #ifndef NO_WOLFSSL_SERVER TEST_VALID_METHOD_ALLOCATOR(wolfSSLv3_server_method); #endif #ifndef NO_WOLFSSL_CLIENT TEST_VALID_METHOD_ALLOCATOR(wolfSSLv3_client_method); #endif #endif #ifdef WOLFSSL_ALLOW_TLSV10 #ifndef NO_WOLFSSL_SERVER TEST_VALID_METHOD_ALLOCATOR(wolfTLSv1_server_method); #endif #ifndef NO_WOLFSSL_CLIENT TEST_VALID_METHOD_ALLOCATOR(wolfTLSv1_client_method); #endif #endif #ifndef NO_WOLFSSL_SERVER TEST_VALID_METHOD_ALLOCATOR(wolfTLSv1_1_server_method); #endif #ifndef NO_WOLFSSL_CLIENT TEST_VALID_METHOD_ALLOCATOR(wolfTLSv1_1_client_method); #endif #endif /* !NO_OLD_TLS */ #ifndef WOLFSSL_NO_TLS12 #ifndef NO_WOLFSSL_SERVER TEST_VALID_METHOD_ALLOCATOR(wolfTLSv1_2_server_method); #endif #ifndef NO_WOLFSSL_CLIENT TEST_VALID_METHOD_ALLOCATOR(wolfTLSv1_2_client_method); #endif #endif /* !WOLFSSL_NO_TLS12 */ #ifdef WOLFSSL_TLS13 #ifndef NO_WOLFSSL_SERVER TEST_VALID_METHOD_ALLOCATOR(wolfTLSv1_3_server_method); #endif #ifndef NO_WOLFSSL_CLIENT TEST_VALID_METHOD_ALLOCATOR(wolfTLSv1_3_client_method); #endif #endif /* WOLFSSL_TLS13 */ #ifndef NO_WOLFSSL_SERVER TEST_VALID_METHOD_ALLOCATOR(wolfSSLv23_server_method); #endif #ifndef NO_WOLFSSL_CLIENT TEST_VALID_METHOD_ALLOCATOR(wolfSSLv23_client_method); #endif #ifdef WOLFSSL_DTLS #ifndef NO_OLD_TLS #ifndef NO_WOLFSSL_SERVER TEST_VALID_METHOD_ALLOCATOR(wolfDTLSv1_server_method); #endif #ifndef NO_WOLFSSL_CLIENT TEST_VALID_METHOD_ALLOCATOR(wolfDTLSv1_client_method); #endif #endif #ifndef WOLFSSL_NO_TLS12 #ifndef NO_WOLFSSL_SERVER TEST_VALID_METHOD_ALLOCATOR(wolfDTLSv1_2_server_method); #endif #ifndef NO_WOLFSSL_CLIENT TEST_VALID_METHOD_ALLOCATOR(wolfDTLSv1_2_client_method); #endif #endif #endif /* WOLFSSL_DTLS */ #if !defined(NO_OLD_TLS) && defined(OPENSSL_EXTRA) /* Stubs */ #ifndef NO_WOLFSSL_SERVER TEST_INVALID_METHOD_ALLOCATOR(wolfSSLv2_server_method); #endif #ifndef NO_WOLFSSL_CLIENT TEST_INVALID_METHOD_ALLOCATOR(wolfSSLv2_client_method); #endif #endif /* Test Either Method (client or server) */ #if defined(OPENSSL_EXTRA) || defined(WOLFSSL_EITHER_SIDE) TEST_VALID_METHOD_ALLOCATOR(wolfSSLv23_method); #ifndef NO_OLD_TLS #ifdef WOLFSSL_ALLOW_TLSV10 TEST_VALID_METHOD_ALLOCATOR(wolfTLSv1_method); #endif TEST_VALID_METHOD_ALLOCATOR(wolfTLSv1_1_method); #endif /* !NO_OLD_TLS */ #ifndef WOLFSSL_NO_TLS12 TEST_VALID_METHOD_ALLOCATOR(wolfTLSv1_2_method); #endif /* !WOLFSSL_NO_TLS12 */ #ifdef WOLFSSL_TLS13 TEST_VALID_METHOD_ALLOCATOR(wolfTLSv1_3_method); #endif /* WOLFSSL_TLS13 */ #ifdef WOLFSSL_DTLS TEST_VALID_METHOD_ALLOCATOR(wolfDTLS_method); #ifndef NO_OLD_TLS TEST_VALID_METHOD_ALLOCATOR(wolfDTLSv1_method); #endif /* !NO_OLD_TLS */ #ifndef WOLFSSL_NO_TLS12 TEST_VALID_METHOD_ALLOCATOR(wolfDTLSv1_2_method); #endif /* !WOLFSSL_NO_TLS12 */ #endif /* WOLFSSL_DTLS */ #endif /* OPENSSL_EXTRA || WOLFSSL_EITHER_SIDE */ return TEST_SUCCESS; } /*----------------------------------------------------------------------------* | Context *----------------------------------------------------------------------------*/ #ifndef NO_WOLFSSL_SERVER static int test_wolfSSL_CTX_new(void) { WOLFSSL_CTX *ctx; WOLFSSL_METHOD* method; AssertNull(ctx = wolfSSL_CTX_new(NULL)); AssertNotNull(method = wolfSSLv23_server_method()); AssertNotNull(ctx = wolfSSL_CTX_new(method)); wolfSSL_CTX_free(ctx); return TEST_RES_CHECK(1); } #endif #if (!defined(NO_WOLFSSL_CLIENT) || !defined(NO_WOLFSSL_SERVER)) && \ (!defined(NO_RSA) || defined(HAVE_ECC)) && !defined(NO_FILESYSTEM) static int test_for_double_Free(void) { WOLFSSL_CTX* ctx; WOLFSSL* ssl; int skipTest = 0; const char* testCertFile; const char* testKeyFile; char optionsCiphers[] = "RC4-SHA:RC4-MD5:DES-CBC3-SHA:AES128-SHA:AES256-SHA" ":NULL-SHA:NULL-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA:DHE-PSK-AES256-GCM" "-SHA384:DHE-PSK-AES128-GCM-SHA256:PSK-AES256-GCM-SHA384:PSK-AES128-GCM-SHA256:" "DHE-PSK-AES256-CBC-SHA384:DHE-PSK-AES128-CBC-SHA256:PSK-AES256-CBC-SHA384:PSK-" "AES128-CBC-SHA256:PSK-AES128-CBC-SHA:PSK-AES256-CBC-SHA:DHE-PSK-AES128-CCM:DHE" "-PSK-AES256-CCM:PSK-AES128-CCM:PSK-AES256-CCM:PSK-AES128-CCM-8:PSK-AES256-CCM-" "8:DHE-PSK-NULL-SHA384:DHE-PSK-NULL-SHA256:PSK-NULL-SHA384:PSK-NULL-SHA256:PSK-" "NULL-SHA:AES128-CCM-8:AES256-CCM-8:ECDHE-ECDSA-" "AES128-CCM:ECDHE-ECDSA-AES128-CCM-8:ECDHE-ECDSA-AES256-CCM-8:ECDHE-RSA-AES128-" "SHA:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA:ECDHE-R" "SA-RC4-SHA:ECDHE-RSA-DES-CBC3-SHA:ECDHE-ECDSA-RC4-SHA:ECDHE-ECDSA-DES-CBC3-SHA" ":AES128-SHA256:AES256-SHA256:DHE-RSA-AES128-SHA256:DHE-RSA-AES256-SHA256:ECDH-" "RSA-AES128-SHA:ECDH-RSA-AES256-SHA:ECDH-ECDSA-AES128-SHA:ECDH-ECDSA-AES256-SHA" ":ECDH-RSA-RC4-SHA:ECDH-RSA-DES-CBC3-SHA:ECDH-ECDSA-RC4-SHA:ECDH-ECDSA-DES-CBC3" "-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES" "256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-E" "CDSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDH-RSA-AES128-GCM-SHA25" "6:ECDH-RSA-AES256-GCM-SHA384:ECDH-ECDSA-AES128-GCM-SHA256:ECDH-ECDSA-AES256-GC" "M-SHA384:CAMELLIA128-SHA:DHE-RSA-CAMELLIA128-SHA:CAMELLIA256-SHA:DHE-RSA-CAMEL" "LIA256-SHA:CAMELLIA128-SHA256:DHE-RSA-CAMELLIA128-SHA256:CAMELLIA256-SHA256:DH" "E-RSA-CAMELLIA256-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECD" "H-RSA-AES128-SHA256:ECDH-ECDSA-AES128-SHA256:ECDHE-RSA-AES256-SHA384:ECDHE-ECD" "SA-AES256-SHA384:ECDH-RSA-AES256-SHA384:ECDH-ECDSA-AES256-SHA384:ECDHE-RSA-CHA" "CHA20-POLY1305:ECDHE-ECDSA-CHACHA20-POLY1305:DHE-RSA-CHACHA20-POLY1305:ECDHE-R" "SA-CHACHA20-POLY1305-OLD:ECDHE-ECDSA-CHACHA20-POLY1305-OLD:DHE-RSA-CHACHA20-PO" "LY1305-OLD:ECDHE-ECDSA-NULL-SHA:ECDHE-PSK-NULL-SHA256:ECDHE-PSK-A" "ES128-CBC-SHA256:PSK-CHACHA20-POLY1305:ECDHE-PSK-CHACHA20-POLY1305:DHE-PSK-CHA" "CHA20-POLY1305:EDH-RSA-DES-CBC3-SHA:TLS13-AES128-GCM-SHA256:TLS13-AES256-GCM-S" "HA384:TLS13-CHACHA20-POLY1305-SHA256:TLS13-AES128-CCM-SHA256:TLS13-AES128-CCM-" "8-SHA256:TLS13-SHA256-SHA256:TLS13-SHA384-SHA384"; /* OpenVPN uses a "blacklist" method to specify which ciphers NOT to use */ #ifdef OPENSSL_EXTRA char openvpnCiphers[] = "DEFAULT:!EXP:!LOW:!MEDIUM:!kDH:!kECDH:!DSS:!PSK:" "!SRP:!kRSA:!aNULL:!eNULL"; #endif #ifndef NO_RSA testCertFile = svrCertFile; testKeyFile = svrKeyFile; #elif defined(HAVE_ECC) testCertFile = eccCertFile; testKeyFile = eccKeyFile; #else skipTest = 1; #endif if (skipTest != 1) { #ifndef NO_WOLFSSL_SERVER ctx = wolfSSL_CTX_new(wolfSSLv23_server_method()); AssertNotNull(ctx); #else ctx = wolfSSL_CTX_new(wolfSSLv23_client_method()); AssertNotNull(ctx); #endif AssertTrue(wolfSSL_CTX_use_certificate_file(ctx, testCertFile, WOLFSSL_FILETYPE_PEM)); AssertTrue(wolfSSL_CTX_use_PrivateKey_file(ctx, testKeyFile, WOLFSSL_FILETYPE_PEM)); ssl = wolfSSL_new(ctx); AssertNotNull(ssl); /* First test freeing SSL, then CTX */ wolfSSL_free(ssl); wolfSSL_CTX_free(ctx); #ifndef NO_WOLFSSL_CLIENT ctx = wolfSSL_CTX_new(wolfSSLv23_client_method()); AssertNotNull(ctx); #else ctx = wolfSSL_CTX_new(wolfSSLv23_server_method()); AssertNotNull(ctx); #endif AssertTrue(wolfSSL_CTX_use_certificate_file(ctx, testCertFile, WOLFSSL_FILETYPE_PEM)); AssertTrue(wolfSSL_CTX_use_PrivateKey_file(ctx, testKeyFile, WOLFSSL_FILETYPE_PEM)); ssl = wolfSSL_new(ctx); AssertNotNull(ssl); /* Next test freeing CTX then SSL */ wolfSSL_CTX_free(ctx); wolfSSL_free(ssl); #ifndef NO_WOLFSSL_SERVER ctx = wolfSSL_CTX_new(wolfSSLv23_server_method()); AssertNotNull(ctx); #else ctx = wolfSSL_CTX_new(wolfSSLv23_client_method()); AssertNotNull(ctx); #endif /* Test setting ciphers at ctx level */ AssertTrue(wolfSSL_CTX_use_certificate_file(ctx, testCertFile, WOLFSSL_FILETYPE_PEM)); AssertTrue(wolfSSL_CTX_use_PrivateKey_file(ctx, testKeyFile, WOLFSSL_FILETYPE_PEM)); AssertTrue(wolfSSL_CTX_set_cipher_list(ctx, optionsCiphers)); #if defined(OPENSSL_EXTRA) && defined(WOLFSSL_TLS13) && defined(HAVE_AESGCM) && \ defined(WOLFSSL_SHA384) && defined(WOLFSSL_AES_256) /* only update TLSv13 suites */ AssertTrue(wolfSSL_CTX_set_cipher_list(ctx, "TLS13-AES256-GCM-SHA384")); #endif #if defined(OPENSSL_EXTRA) && defined(HAVE_ECC) && defined(HAVE_AESGCM) && \ !defined(NO_SHA256) && !defined(WOLFSSL_NO_TLS12) && \ defined(WOLFSSL_AES_128) && !defined(NO_RSA) /* only update pre-TLSv13 suites */ AssertTrue(wolfSSL_CTX_set_cipher_list(ctx, "ECDHE-RSA-AES128-GCM-SHA256")); #endif #ifdef OPENSSL_EXTRA AssertTrue(wolfSSL_CTX_set_cipher_list(ctx, openvpnCiphers)); #endif AssertNotNull(ssl = wolfSSL_new(ctx)); wolfSSL_CTX_free(ctx); wolfSSL_free(ssl); #ifndef NO_WOLFSSL_CLIENT ctx = wolfSSL_CTX_new(wolfSSLv23_client_method()); AssertNotNull(ctx); #else ctx = wolfSSL_CTX_new(wolfSSLv23_server_method()); AssertNotNull(ctx); #endif AssertTrue(wolfSSL_CTX_use_certificate_file(ctx, testCertFile, WOLFSSL_FILETYPE_PEM)); AssertTrue(wolfSSL_CTX_use_PrivateKey_file(ctx, testKeyFile, WOLFSSL_FILETYPE_PEM)); ssl = wolfSSL_new(ctx); AssertNotNull(ssl); /* test setting ciphers at SSL level */ AssertTrue(wolfSSL_set_cipher_list(ssl, optionsCiphers)); #if defined(OPENSSL_EXTRA) && defined(WOLFSSL_TLS13) && defined(HAVE_AESGCM) && \ defined(WOLFSSL_SHA384) && defined(WOLFSSL_AES_256) /* only update TLSv13 suites */ AssertTrue(wolfSSL_set_cipher_list(ssl, "TLS13-AES256-GCM-SHA384")); #endif #if defined(OPENSSL_EXTRA) && defined(HAVE_ECC) && defined(HAVE_AESGCM) && \ !defined(NO_SHA256) && !defined(WOLFSSL_NO_TLS12) && \ defined(WOLFSSL_AES_128) && !defined(NO_RSA) /* only update pre-TLSv13 suites */ AssertTrue(wolfSSL_set_cipher_list(ssl, "ECDHE-RSA-AES128-GCM-SHA256")); #endif wolfSSL_CTX_free(ctx); wolfSSL_free(ssl); } return TEST_RES_CHECK(1); } #endif static int test_wolfSSL_CTX_set_cipher_list_bytes(void) { int res = TEST_SKIPPED; #if (defined(OPENSSL_EXTRA) || defined(WOLFSSL_SET_CIPHER_BYTES)) && \ (!defined(NO_WOLFSSL_CLIENT) || !defined(NO_WOLFSSL_SERVER)) && \ (!defined(NO_RSA) || defined(HAVE_ECC)) const char* testCertFile; const char* testKeyFile; WOLFSSL_CTX* ctx; WOLFSSL* ssl; const byte cipherList[] = { /* TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA */ 0xC0, 0x16, /* TLS_DHE_RSA_WITH_AES_256_CBC_SHA */ 0xC0, 0x39, /* TLS_DHE_RSA_WITH_AES_128_CBC_SHA */ 0xC0, 0x33, /* TLS_DH_anon_WITH_AES_128_CBC_SHA */ 0xC0, 0x34, /* TLS_RSA_WITH_AES_256_CBC_SHA */ 0xC0, 0x35, /* TLS_RSA_WITH_AES_128_CBC_SHA */ 0xC0, 0x2F, /* TLS_RSA_WITH_NULL_MD5 */ 0xC0, 0x01, /* TLS_RSA_WITH_NULL_SHA */ 0xC0, 0x02, /* TLS_PSK_WITH_AES_256_CBC_SHA */ 0xC0, 0x8d, /* TLS_PSK_WITH_AES_128_CBC_SHA256 */ 0xC0, 0xae, /* TLS_PSK_WITH_AES_256_CBC_SHA384 */ 0xC0, 0xaf, /* TLS_PSK_WITH_AES_128_CBC_SHA */ 0xC0, 0x8c, /* TLS_PSK_WITH_NULL_SHA256 */ 0xC0, 0xb0, /* TLS_PSK_WITH_NULL_SHA384 */ 0xC0, 0xb1, /* TLS_PSK_WITH_NULL_SHA */ 0xC0, 0x2c, /* SSL_RSA_WITH_RC4_128_SHA */ 0xC0, 0x05, /* SSL_RSA_WITH_RC4_128_MD5 */ 0xC0, 0x04, /* SSL_RSA_WITH_3DES_EDE_CBC_SHA */ 0xC0, 0x0A, /* ECC suites, first byte is 0xC0 (ECC_BYTE) */ /* TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA */ 0xC0, 0x14, /* TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA */ 0xC0, 0x13, /* TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA */ 0xC0, 0x0A, /* TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA */ 0xC0, 0x09, /* TLS_ECDHE_RSA_WITH_RC4_128_SHA */ 0xC0, 0x11, /* TLS_ECDHE_ECDSA_WITH_RC4_128_SHA */ 0xC0, 0x07, /* TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA */ 0xC0, 0x12, /* TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA */ 0xC0, 0x08, /* TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 */ 0xC0, 0x27, /* TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256*/ 0xC0, 0x23, /* TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 */ 0xC0, 0x28, /* TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384*/ 0xC0, 0x24, /* TLS_ECDHE_ECDSA_WITH_NULL_SHA */ 0xC0, 0x06, /* TLS_ECDHE_PSK_WITH_NULL_SHA256 */ 0xC0, 0x3a, /* TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA256 */ 0xC0, 0x37, /* static ECDH, first byte is 0xC0 (ECC_BYTE) */ /* TLS_ECDH_RSA_WITH_AES_256_CBC_SHA */ 0xC0, 0x0F, /* TLS_ECDH_RSA_WITH_AES_128_CBC_SHA */ 0xC0, 0x0E, /* TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA */ 0xC0, 0x05, /* TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA */ 0xC0, 0x04, /* TLS_ECDH_RSA_WITH_RC4_128_SHA */ 0xC0, 0x0C, /* TLS_ECDH_ECDSA_WITH_RC4_128_SHA */ 0xC0, 0x02, /* TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA */ 0xC0, 0x0D, /* TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA */ 0xC0, 0x03, /* TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256 */ 0xC0, 0x29, /* TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256 */ 0xC0, 0x25, /* TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384 */ 0xC0, 0x2A, /* TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384 */ 0xC0, 0x26, /* WDM_WITH_NULL_SHA256 */ 0x00, 0xFE, /* wolfSSL DTLS Multicast */ /* SHA256 */ /* TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 */ 0x00, 0x6b, /* TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 */ 0x00, 0x67, /* TLS_RSA_WITH_AES_256_CBC_SHA256 */ 0x00, 0x3d, /* TLS_RSA_WITH_AES_128_CBC_SHA256 */ 0x00, 0x3c, /* TLS_RSA_WITH_NULL_SHA256 */ 0x00, 0x3b, /* TLS_DHE_PSK_WITH_AES_128_CBC_SHA256 */ 0x00, 0xb2, /* TLS_DHE_PSK_WITH_NULL_SHA256 */ 0x00, 0xb4, /* SHA384 */ /* TLS_DHE_PSK_WITH_AES_256_CBC_SHA384 */ 0x00, 0xb3, /* TLS_DHE_PSK_WITH_NULL_SHA384 */ 0x00, 0xb5, /* AES-GCM */ /* TLS_RSA_WITH_AES_128_GCM_SHA256 */ 0x00, 0x9c, /* TLS_RSA_WITH_AES_256_GCM_SHA384 */ 0x00, 0x9d, /* TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 */ 0x00, 0x9e, /* TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 */ 0x00, 0x9f, /* TLS_DH_anon_WITH_AES_256_GCM_SHA384 */ 0x00, 0xa7, /* TLS_PSK_WITH_AES_128_GCM_SHA256 */ 0x00, 0xa8, /* TLS_PSK_WITH_AES_256_GCM_SHA384 */ 0x00, 0xa9, /* TLS_DHE_PSK_WITH_AES_128_GCM_SHA256 */ 0x00, 0xaa, /* TLS_DHE_PSK_WITH_AES_256_GCM_SHA384 */ 0x00, 0xab, /* ECC AES-GCM, first byte is 0xC0 (ECC_BYTE) */ /* TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 */ 0xC0, 0x2b, /* TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 */ 0xC0, 0x2c, /* TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256 */ 0xC0, 0x2d, /* TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384 */ 0xC0, 0x2e, /* TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 */ 0xC0, 0x2f, /* TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 */ 0xC0, 0x30, /* TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256 */ 0xC0, 0x31, /* TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384 */ 0xC0, 0x32, /* AES-CCM, first byte is 0xC0 but isn't ECC, * also, in some of the other AES-CCM suites * there will be second byte number conflicts * with non-ECC AES-GCM */ /* TLS_RSA_WITH_AES_128_CCM_8 */ 0xC0, 0xa0, /* TLS_RSA_WITH_AES_256_CCM_8 */ 0xC0, 0xa1, /* TLS_ECDHE_ECDSA_WITH_AES_128_CCM */ 0xC0, 0xac, /* TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8 */ 0xC0, 0xae, /* TLS_ECDHE_ECDSA_WITH_AES_256_CCM_8 */ 0xC0, 0xaf, /* TLS_PSK_WITH_AES_128_CCM */ 0xC0, 0xa4, /* TLS_PSK_WITH_AES_256_CCM */ 0xC0, 0xa5, /* TLS_PSK_WITH_AES_128_CCM_8 */ 0xC0, 0xa8, /* TLS_PSK_WITH_AES_256_CCM_8 */ 0xC0, 0xa9, /* TLS_DHE_PSK_WITH_AES_128_CCM */ 0xC0, 0xa6, /* TLS_DHE_PSK_WITH_AES_256_CCM */ 0xC0, 0xa7, /* Camellia */ /* TLS_RSA_WITH_CAMELLIA_128_CBC_SHA */ 0x00, 0x41, /* TLS_RSA_WITH_CAMELLIA_256_CBC_SHA */ 0x00, 0x84, /* TLS_RSA_WITH_CAMELLIA_128_CBC_SHA256 */ 0x00, 0xba, /* TLS_RSA_WITH_CAMELLIA_256_CBC_SHA256 */ 0x00, 0xc0, /* TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA */ 0x00, 0x45, /* TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA */ 0x00, 0x88, /* TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256 */ 0x00, 0xbe, /* TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256 */ 0x00, 0xc4, /* chacha20-poly1305 suites first byte is 0xCC (CHACHA_BYTE) */ /* TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 */ 0xCC, 0xa8, /* TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256 */ 0xCC, 0xa9, /* TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256 */ 0xCC, 0xaa, /* TLS_ECDHE_PSK_WITH_CHACHA20_POLY1305_SHA256 */ 0xCC, 0xac, /* TLS_PSK_WITH_CHACHA20_POLY1305_SHA256 */ 0xCC, 0xab, /* TLS_DHE_PSK_WITH_CHACHA20_POLY1305_SHA256 */ 0xCC, 0xad, /* chacha20-poly1305 earlier version of nonce and padding (CHACHA_BYTE) */ /* TLS_ECDHE_RSA_WITH_CHACHA20_OLD_POLY1305_SHA256 */ 0xCC, 0x13, /* TLS_ECDHE_ECDSA_WITH_CHACHA20_OLD_POLY1305_SHA256 */ 0xCC, 0x14, /* TLS_DHE_RSA_WITH_CHACHA20_OLD_POLY1305_SHA256 */ 0xCC, 0x15, /* ECDHE_PSK RFC8442, first byte is 0xD0 (ECDHE_PSK_BYTE) */ /* TLS_ECDHE_PSK_WITH_AES_128_GCM_SHA256 */ 0xD0, 0x01, /* TLS v1.3 cipher suites */ /* TLS_AES_128_GCM_SHA256 */ 0x13, 0x01, /* TLS_AES_256_GCM_SHA384 */ 0x13, 0x02, /* TLS_CHACHA20_POLY1305_SHA256 */ 0x13, 0x03, /* TLS_AES_128_CCM_SHA256 */ 0x13, 0x04, /* TLS_AES_128_CCM_8_SHA256 */ 0x13, 0x05, /* TLS v1.3 Integrity only cipher suites - 0xC0 (ECC) first byte */ /* TLS_SHA256_SHA256 */ 0xC0, 0xB4, /* TLS_SHA384_SHA384 */ 0xC0, 0xB5 }; #ifndef NO_RSA testCertFile = svrCertFile; testKeyFile = svrKeyFile; #elif defined(HAVE_ECC) testCertFile = eccCertFile; testKeyFile = eccKeyFile; #endif #ifndef NO_WOLFSSL_SERVER ctx = wolfSSL_CTX_new(wolfSSLv23_server_method()); AssertNotNull(ctx); #else ctx = wolfSSL_CTX_new(wolfSSLv23_client_method()); AssertNotNull(ctx); #endif AssertTrue(wolfSSL_CTX_set_cipher_list_bytes(ctx, &cipherList[0U], sizeof(cipherList))); wolfSSL_CTX_free(ctx); #ifndef NO_WOLFSSL_SERVER ctx = wolfSSL_CTX_new(wolfSSLv23_server_method()); AssertNotNull(ctx); #else ctx = wolfSSL_CTX_new(wolfSSLv23_client_method()); AssertNotNull(ctx); #endif AssertTrue(wolfSSL_CTX_use_certificate_file(ctx, testCertFile, WOLFSSL_FILETYPE_PEM)); AssertTrue(wolfSSL_CTX_use_PrivateKey_file(ctx, testKeyFile, WOLFSSL_FILETYPE_PEM)); ssl = wolfSSL_new(ctx); AssertNotNull(ssl); AssertTrue(wolfSSL_set_cipher_list_bytes(ssl, &cipherList[0U], sizeof(cipherList))); wolfSSL_free(ssl); wolfSSL_CTX_free(ctx); res = TEST_RES_CHECK(1); #endif /* (OPENSSL_EXTRA || WOLFSSL_SET_CIPHER_BYTES) && (!NO_WOLFSSL_CLIENT || !NO_WOLFSSL_SERVER) && (!NO_RSA || HAVE_ECC) */ return res; } static int test_wolfSSL_CTX_use_certificate_file(void) { int res = TEST_SKIPPED; #if !defined(NO_FILESYSTEM) && !defined(NO_CERTS) && !defined(NO_WOLFSSL_SERVER) WOLFSSL_CTX *ctx; AssertNotNull(ctx = wolfSSL_CTX_new(wolfSSLv23_server_method())); /* invalid context */ AssertFalse(wolfSSL_CTX_use_certificate_file(NULL, svrCertFile, WOLFSSL_FILETYPE_PEM)); /* invalid cert file */ AssertFalse(wolfSSL_CTX_use_certificate_file(ctx, bogusFile, WOLFSSL_FILETYPE_PEM)); /* invalid cert type */ AssertFalse(wolfSSL_CTX_use_certificate_file(ctx, svrCertFile, 9999)); #ifdef NO_RSA /* rsa needed */ AssertFalse(wolfSSL_CTX_use_certificate_file(ctx, svrCertFile,WOLFSSL_FILETYPE_PEM)); #else /* success */ AssertTrue(wolfSSL_CTX_use_certificate_file(ctx, svrCertFile, WOLFSSL_FILETYPE_PEM)); #endif wolfSSL_CTX_free(ctx); res = TEST_RES_CHECK(1); #endif return res; } #if (defined(OPENSSL_ALL) || defined(WOLFSSL_ASIO)) && !defined(NO_RSA) static int test_wolfSSL_CTX_use_certificate_ASN1(void) { int res = TEST_SKIPPED; #if !defined(NO_CERTS) && !defined(NO_WOLFSSL_SERVER) && !defined(NO_ASN) WOLFSSL_CTX* ctx; int ret; AssertNotNull(ctx = wolfSSL_CTX_new(wolfSSLv23_server_method())); ret = SSL_CTX_use_certificate_ASN1(ctx, sizeof_server_cert_der_2048, server_cert_der_2048); wolfSSL_CTX_free(ctx); res = TEST_RES_CHECK(ret == WOLFSSL_SUCCESS); #endif return res; } #endif /* (OPENSSL_ALL || WOLFSSL_ASIO) && !NO_RSA */ /* Test function for wolfSSL_CTX_use_certificate_buffer. Load cert into * context using buffer. * PRE: NO_CERTS not defined; USE_CERT_BUFFERS_2048 defined; compile with * --enable-testcert flag. */ static int test_wolfSSL_CTX_use_certificate_buffer(void) { int res = TEST_SKIPPED; #if !defined(NO_CERTS) && defined(USE_CERT_BUFFERS_2048) && \ !defined(NO_RSA) && !defined(NO_WOLFSSL_SERVER) WOLFSSL_CTX* ctx; int ret; AssertNotNull(ctx = wolfSSL_CTX_new(wolfSSLv23_server_method())); ret = wolfSSL_CTX_use_certificate_buffer(ctx, server_cert_der_2048, sizeof_server_cert_der_2048, WOLFSSL_FILETYPE_ASN1); wolfSSL_CTX_free(ctx); res = TEST_RES_CHECK(ret == WOLFSSL_SUCCESS); #endif return res; } /*END test_wolfSSL_CTX_use_certificate_buffer*/ static int test_wolfSSL_CTX_use_PrivateKey_file(void) { int res = TEST_SKIPPED; #if !defined(NO_FILESYSTEM) && !defined(NO_CERTS) && !defined(NO_WOLFSSL_SERVER) WOLFSSL_CTX *ctx; AssertNotNull(ctx = wolfSSL_CTX_new(wolfSSLv23_server_method())); /* invalid context */ AssertFalse(wolfSSL_CTX_use_PrivateKey_file(NULL, svrKeyFile, WOLFSSL_FILETYPE_PEM)); /* invalid key file */ AssertFalse(wolfSSL_CTX_use_PrivateKey_file(ctx, bogusFile, WOLFSSL_FILETYPE_PEM)); /* invalid key type */ AssertFalse(wolfSSL_CTX_use_PrivateKey_file(ctx, svrKeyFile, 9999)); /* success */ #ifdef NO_RSA /* rsa needed */ AssertFalse(wolfSSL_CTX_use_PrivateKey_file(ctx, svrKeyFile, WOLFSSL_FILETYPE_PEM)); #else /* success */ AssertTrue(wolfSSL_CTX_use_PrivateKey_file(ctx, svrKeyFile, WOLFSSL_FILETYPE_PEM)); #endif wolfSSL_CTX_free(ctx); res = TEST_RES_CHECK(1); #endif return res; } /* test both file and buffer versions along with unloading trusted peer certs */ static int test_wolfSSL_CTX_trust_peer_cert(void) { int res = TEST_SKIPPED; #if !defined(NO_CERTS) && defined(WOLFSSL_TRUST_PEER_CERT) && \ !defined(NO_WOLFSSL_CLIENT) && !defined(NO_RSA) WOLFSSL_CTX *ctx; WOLFSSL* ssl; AssertNotNull(ctx = wolfSSL_CTX_new(wolfSSLv23_client_method())); AssertNotNull(ssl = wolfSSL_new(ctx)); #if !defined(NO_FILESYSTEM) /* invalid file */ AssertIntNE(wolfSSL_CTX_trust_peer_cert(ctx, NULL, WOLFSSL_FILETYPE_PEM), WOLFSSL_SUCCESS); AssertIntNE(wolfSSL_CTX_trust_peer_cert(ctx, bogusFile, WOLFSSL_FILETYPE_PEM), WOLFSSL_SUCCESS); AssertIntNE(wolfSSL_CTX_trust_peer_cert(ctx, cliCertFile, WOLFSSL_FILETYPE_ASN1), WOLFSSL_SUCCESS); /* success */ AssertIntEQ(wolfSSL_CTX_trust_peer_cert(ctx, cliCertFile, WOLFSSL_FILETYPE_PEM), WOLFSSL_SUCCESS); /* unload cert */ AssertIntNE(wolfSSL_CTX_Unload_trust_peers(NULL), WOLFSSL_SUCCESS); AssertIntEQ(wolfSSL_CTX_Unload_trust_peers(ctx), WOLFSSL_SUCCESS); /* invalid file */ AssertIntNE(wolfSSL_trust_peer_cert(ssl, NULL, WOLFSSL_FILETYPE_PEM), WOLFSSL_SUCCESS); AssertIntNE(wolfSSL_trust_peer_cert(ssl, bogusFile, WOLFSSL_FILETYPE_PEM), WOLFSSL_SUCCESS); AssertIntNE(wolfSSL_trust_peer_cert(ssl, cliCertFile, WOLFSSL_FILETYPE_ASN1), WOLFSSL_SUCCESS); /* success */ AssertIntEQ(wolfSSL_trust_peer_cert(ssl, cliCertFile, WOLFSSL_FILETYPE_PEM), WOLFSSL_SUCCESS); #ifdef WOLFSSL_LOCAL_X509_STORE /* unload cert */ AssertIntNE(wolfSSL_Unload_trust_peers(NULL), WOLFSSL_SUCCESS); AssertIntEQ(wolfSSL_Unload_trust_peers(ssl), WOLFSSL_SUCCESS); #endif #endif /* Test of loading certs from buffers */ /* invalid buffer */ AssertIntNE(wolfSSL_CTX_trust_peer_buffer(ctx, NULL, -1, WOLFSSL_FILETYPE_ASN1), WOLFSSL_SUCCESS); /* success */ #ifdef USE_CERT_BUFFERS_1024 AssertIntEQ(wolfSSL_CTX_trust_peer_buffer(ctx, client_cert_der_1024, sizeof_client_cert_der_1024, WOLFSSL_FILETYPE_ASN1), WOLFSSL_SUCCESS); #endif #ifdef USE_CERT_BUFFERS_2048 AssertIntEQ(wolfSSL_CTX_trust_peer_buffer(ctx, client_cert_der_2048, sizeof_client_cert_der_2048, WOLFSSL_FILETYPE_ASN1), WOLFSSL_SUCCESS); #endif /* unload cert */ AssertIntNE(wolfSSL_CTX_Unload_trust_peers(NULL), WOLFSSL_SUCCESS); AssertIntEQ(wolfSSL_CTX_Unload_trust_peers(ctx), WOLFSSL_SUCCESS); wolfSSL_free(ssl); wolfSSL_CTX_free(ctx); res = TEST_RES_CHECK(1); #endif return res; } static int test_wolfSSL_CTX_load_verify_locations(void) { int res = TEST_SKIPPED; #if !defined(NO_FILESYSTEM) && !defined(NO_CERTS) && !defined(NO_WOLFSSL_CLIENT) WOLFSSL_CTX *ctx; #ifndef NO_RSA WOLFSSL_CERT_MANAGER* cm; #ifdef PERSIST_CERT_CACHE int cacheSz; #endif #endif #if !defined(NO_WOLFSSL_DIR) && !defined(WOLFSSL_TIRTOS) const char* load_certs_path = "./certs/external"; const char* load_no_certs_path = "./examples"; const char* load_expired_path = "./certs/test/expired"; #endif AssertNotNull(ctx = wolfSSL_CTX_new(wolfSSLv23_client_method())); /* invalid arguments */ AssertIntEQ(wolfSSL_CTX_load_verify_locations(NULL, caCertFile, NULL), WOLFSSL_FAILURE); AssertIntEQ(wolfSSL_CTX_load_verify_locations(ctx, NULL, NULL), WOLFSSL_FAILURE); /* invalid ca file */ AssertIntEQ(wolfSSL_CTX_load_verify_locations(ctx, bogusFile, NULL), WS_RETURN_CODE(WOLFSSL_BAD_FILE,WOLFSSL_FAILURE)); #if !defined(NO_WOLFSSL_DIR) && !defined(WOLFSSL_TIRTOS) && \ (defined(WOLFSSL_QT) && \ !(WOLFSSL_LOAD_VERIFY_DEFAULT_FLAGS & WOLFSSL_LOAD_FLAG_IGNORE_BAD_PATH_ERR)) /* invalid path */ AssertIntEQ(wolfSSL_CTX_load_verify_locations(ctx, NULL, bogusFile), WS_RETURN_CODE(BAD_PATH_ERROR,WOLFSSL_FAILURE)); #endif /* load ca cert */ #ifdef NO_RSA AssertIntEQ(wolfSSL_CTX_load_verify_locations(ctx, caCertFile, NULL), WS_RETURN_CODE(ASN_UNKNOWN_OID_E,WOLFSSL_FAILURE)); #else /* Skip the following test without RSA certs. */ AssertIntEQ(wolfSSL_CTX_load_verify_locations(ctx, caCertFile, NULL), WOLFSSL_SUCCESS); #ifdef PERSIST_CERT_CACHE /* Get cert cache size */ cacheSz = wolfSSL_CTX_get_cert_cache_memsize(ctx); #endif /* Test unloading CA's */ AssertIntEQ(wolfSSL_CTX_UnloadCAs(ctx), WOLFSSL_SUCCESS); #ifdef PERSIST_CERT_CACHE /* Verify no certs (result is less than cacheSz) */ AssertIntGT(cacheSz, wolfSSL_CTX_get_cert_cache_memsize(ctx)); #endif /* load ca cert again */ AssertIntEQ(wolfSSL_CTX_load_verify_locations(ctx, caCertFile, NULL), WOLFSSL_SUCCESS); /* Test getting CERT_MANAGER */ AssertNotNull(cm = wolfSSL_CTX_GetCertManager(ctx)); /* Test unloading CA's using CM */ AssertIntEQ(wolfSSL_CertManagerUnloadCAs(cm), WOLFSSL_SUCCESS); #ifdef PERSIST_CERT_CACHE /* Verify no certs (result is less than cacheSz) */ AssertIntGT(cacheSz, wolfSSL_CTX_get_cert_cache_memsize(ctx)); #endif #endif #if !defined(NO_WOLFSSL_DIR) && !defined(WOLFSSL_TIRTOS) /* Test loading CA certificates using a path */ #ifdef NO_RSA /* failure here okay since certs in external directory are RSA */ AssertIntNE(wolfSSL_CTX_load_verify_locations_ex(ctx, NULL, load_certs_path, WOLFSSL_LOAD_FLAG_PEM_CA_ONLY), WOLFSSL_SUCCESS); #else AssertIntEQ(wolfSSL_CTX_load_verify_locations_ex(ctx, NULL, load_certs_path, WOLFSSL_LOAD_FLAG_PEM_CA_ONLY), WOLFSSL_SUCCESS); #endif /* Test loading path with no files */ AssertIntEQ(wolfSSL_CTX_load_verify_locations_ex(ctx, NULL, load_no_certs_path, WOLFSSL_LOAD_FLAG_PEM_CA_ONLY), WOLFSSL_FAILURE); /* Test loading expired CA certificates */ #ifdef NO_RSA AssertIntNE(wolfSSL_CTX_load_verify_locations_ex(ctx, NULL, load_expired_path, WOLFSSL_LOAD_FLAG_DATE_ERR_OKAY | WOLFSSL_LOAD_FLAG_PEM_CA_ONLY), WOLFSSL_SUCCESS); #else AssertIntEQ(wolfSSL_CTX_load_verify_locations_ex(ctx, NULL, load_expired_path, WOLFSSL_LOAD_FLAG_DATE_ERR_OKAY | WOLFSSL_LOAD_FLAG_PEM_CA_ONLY), WOLFSSL_SUCCESS); #endif /* Test loading CA certificates and ignoring all errors */ #ifdef NO_RSA AssertIntEQ(wolfSSL_CTX_load_verify_locations_ex(ctx, NULL, load_certs_path, WOLFSSL_LOAD_FLAG_IGNORE_ERR), WOLFSSL_FAILURE); #else AssertIntEQ(wolfSSL_CTX_load_verify_locations_ex(ctx, NULL, load_certs_path, WOLFSSL_LOAD_FLAG_IGNORE_ERR), WOLFSSL_SUCCESS); #endif #endif wolfSSL_CTX_free(ctx); res = TEST_RES_CHECK(1); #endif return res; } static int test_wolfSSL_CTX_load_system_CA_certs(void) { int res = TEST_SKIPPED; #if defined(WOLFSSL_SYS_CA_CERTS) && !defined(NO_WOLFSSL_CLIENT) && \ (!defined(NO_RSA) || defined(HAVE_ECC)) WOLFSSL_CTX* ctx; byte dirValid = 0; int ret = 0; ctx = wolfSSL_CTX_new(wolfSSLv23_client_method()); if (ctx == NULL) { fprintf(stderr, "wolfSSL_CTX_new failed.\n"); ret = -1; } if (ret == 0) { #if defined(USE_WINDOWS_API) || defined(__APPLE__) dirValid = 1; #else word32 numDirs; const char** caDirs = wolfSSL_get_system_CA_dirs(&numDirs); if (caDirs == NULL || numDirs == 0) { fprintf(stderr, "wolfSSL_get_system_CA_dirs failed.\n"); ret = -1; } else { ReadDirCtx dirCtx; word32 i; for (i = 0; i < numDirs; ++i) { if (wc_ReadDirFirst(&dirCtx, caDirs[i], NULL) == 0) { /* Directory isn't empty. */ dirValid = 1; wc_ReadDirClose(&dirCtx); break; } } } #endif } /* * If the directory isn't empty, we should be able to load CA * certs from it. On Windows/Mac, we assume the CA cert stores are * usable. */ if (ret == 0 && dirValid && wolfSSL_CTX_load_system_CA_certs(ctx) != WOLFSSL_SUCCESS) { fprintf(stderr, "wolfSSL_CTX_load_system_CA_certs failed.\n"); ret = -1; } #ifdef OPENSSL_EXTRA if (ret == 0 && wolfSSL_CTX_set_default_verify_paths(ctx) != WOLFSSL_SUCCESS) { fprintf(stderr, "wolfSSL_CTX_set_default_verify_paths failed.\n"); ret = -1; } #endif /* OPENSSL_EXTRA */ wolfSSL_CTX_free(ctx); res = TEST_RES_CHECK(ret == 0); #endif /* WOLFSSL_SYS_CA_CERTS && !NO_WOLFSSL_CLIENT */ return res; } #if !defined(NO_FILESYSTEM) && !defined(NO_CERTS) static int test_cm_load_ca_buffer(const byte* cert_buf, size_t cert_sz, int file_type) { int ret; WOLFSSL_CERT_MANAGER* cm; cm = wolfSSL_CertManagerNew(); if (cm == NULL) { fprintf(stderr, "test_cm_load_ca failed\n"); return -1; } ret = wolfSSL_CertManagerLoadCABuffer(cm, cert_buf, cert_sz, file_type); wolfSSL_CertManagerFree(cm); return ret; } static int test_cm_load_ca_file(const char* ca_cert_file) { int ret = 0; byte* cert_buf = NULL; size_t cert_sz = 0; #if defined(WOLFSSL_PEM_TO_DER) DerBuffer* pDer = NULL; #endif ret = load_file(ca_cert_file, &cert_buf, &cert_sz); if (ret == 0) { /* normal test */ ret = test_cm_load_ca_buffer(cert_buf, cert_sz, WOLFSSL_FILETYPE_PEM); if (ret == WOLFSSL_SUCCESS) { /* test including null terminator in length */ byte* tmp = (byte*)realloc(cert_buf, cert_sz+1); if (tmp == NULL) { ret = MEMORY_E; } else { cert_buf = tmp; cert_buf[cert_sz] = '\0'; ret = test_cm_load_ca_buffer(cert_buf, cert_sz+1, WOLFSSL_FILETYPE_PEM); } } #if defined(WOLFSSL_PEM_TO_DER) if (ret == WOLFSSL_SUCCESS) { /* test loading DER */ ret = wc_PemToDer(cert_buf, cert_sz, CA_TYPE, &pDer, NULL, NULL, NULL); if (ret == 0 && pDer != NULL) { ret = test_cm_load_ca_buffer(pDer->buffer, pDer->length, WOLFSSL_FILETYPE_ASN1); wc_FreeDer(&pDer); } } #endif } free(cert_buf); return ret; } static int test_cm_load_ca_buffer_ex(const byte* cert_buf, size_t cert_sz, int file_type, word32 flags) { int ret; WOLFSSL_CERT_MANAGER* cm; cm = wolfSSL_CertManagerNew(); if (cm == NULL) { fprintf(stderr, "test_cm_load_ca failed\n"); return -1; } ret = wolfSSL_CertManagerLoadCABuffer_ex(cm, cert_buf, cert_sz, file_type, 0, flags); wolfSSL_CertManagerFree(cm); return ret; } static int test_cm_load_ca_file_ex(const char* ca_cert_file, word32 flags) { int ret = 0; byte* cert_buf = NULL; size_t cert_sz = 0; #if defined(WOLFSSL_PEM_TO_DER) DerBuffer* pDer = NULL; #endif ret = load_file(ca_cert_file, &cert_buf, &cert_sz); if (ret == 0) { /* normal test */ ret = test_cm_load_ca_buffer_ex(cert_buf, cert_sz, WOLFSSL_FILETYPE_PEM, flags); if (ret == WOLFSSL_SUCCESS) { /* test including null terminator in length */ byte* tmp = (byte*)realloc(cert_buf, cert_sz+1); if (tmp == NULL) { ret = MEMORY_E; } else { cert_buf = tmp; cert_buf[cert_sz] = '\0'; ret = test_cm_load_ca_buffer_ex(cert_buf, cert_sz+1, WOLFSSL_FILETYPE_PEM, flags); } } #if defined(WOLFSSL_PEM_TO_DER) if (ret == WOLFSSL_SUCCESS) { /* test loading DER */ ret = wc_PemToDer(cert_buf, cert_sz, CA_TYPE, &pDer, NULL, NULL, NULL); if (ret == 0 && pDer != NULL) { ret = test_cm_load_ca_buffer_ex(pDer->buffer, pDer->length, WOLFSSL_FILETYPE_ASN1, flags); wc_FreeDer(&pDer); } } #endif } free(cert_buf); return ret; } #endif /* !NO_FILESYSTEM && !NO_CERTS */ static int test_wolfSSL_CertManagerCheckOCSPResponse(void) { int res = TEST_SKIPPED; #if defined(HAVE_OCSP) && !defined(NO_RSA) /* Need one of these for wolfSSL_OCSP_REQUEST_new. */ #if defined(OPENSSL_ALL) || defined(WOLFSSL_NGINX) || \ defined(WOLFSSL_HAPROXY) || defined(WOLFSSL_APACHE_HTTPD) || \ defined(HAVE_LIGHTY) WOLFSSL_CERT_MANAGER* cm = NULL; /* Raw OCSP response bytes captured using the following setup: * - Run responder with * openssl ocsp -port 9999 -ndays 9999 * -index certs/ocsp/index-intermediate1-ca-issued-certs.txt * -rsigner certs/ocsp/ocsp-responder-cert.pem * -rkey certs/ocsp/ocsp-responder-key.pem * -CA certs/ocsp/intermediate1-ca-cert.pem * - Run client with * openssl ocsp -host 127.0.0.1:9999 -respout resp.out * -issuer certs/ocsp/intermediate1-ca-cert.pem * -cert certs/ocsp/server1-cert.pem * -CAfile certs/ocsp/root-ca-cert.pem -noverify * - Copy raw response from Wireshark. */ byte response[] = { 0x30, 0x82, 0x07, 0x40, 0x0a, 0x01, 0x00, 0xa0, 0x82, 0x07, 0x39, 0x30, 0x82, 0x07, 0x35, 0x06, 0x09, 0x2b, 0x06, 0x01, 0x05, 0x05, 0x07, 0x30, 0x01, 0x01, 0x04, 0x82, 0x07, 0x26, 0x30, 0x82, 0x07, 0x22, 0x30, 0x82, 0x01, 0x40, 0xa1, 0x81, 0xa1, 0x30, 0x81, 0x9e, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x55, 0x53, 0x31, 0x13, 0x30, 0x11, 0x06, 0x03, 0x55, 0x04, 0x08, 0x0c, 0x0a, 0x57, 0x61, 0x73, 0x68, 0x69, 0x6e, 0x67, 0x74, 0x6f, 0x6e, 0x31, 0x10, 0x30, 0x0e, 0x06, 0x03, 0x55, 0x04, 0x07, 0x0c, 0x07, 0x53, 0x65, 0x61, 0x74, 0x74, 0x6c, 0x65, 0x31, 0x10, 0x30, 0x0e, 0x06, 0x03, 0x55, 0x04, 0x0a, 0x0c, 0x07, 0x77, 0x6f, 0x6c, 0x66, 0x53, 0x53, 0x4c, 0x31, 0x14, 0x30, 0x12, 0x06, 0x03, 0x55, 0x04, 0x0b, 0x0c, 0x0b, 0x45, 0x6e, 0x67, 0x69, 0x6e, 0x65, 0x65, 0x72, 0x69, 0x6e, 0x67, 0x31, 0x1f, 0x30, 0x1d, 0x06, 0x03, 0x55, 0x04, 0x03, 0x0c, 0x16, 0x77, 0x6f, 0x6c, 0x66, 0x53, 0x53, 0x4c, 0x20, 0x4f, 0x43, 0x53, 0x50, 0x20, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x64, 0x65, 0x72, 0x31, 0x1f, 0x30, 0x1d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x09, 0x01, 0x16, 0x10, 0x69, 0x6e, 0x66, 0x6f, 0x40, 0x77, 0x6f, 0x6c, 0x66, 0x73, 0x73, 0x6c, 0x2e, 0x63, 0x6f, 0x6d, 0x18, 0x0f, 0x32, 0x30, 0x32, 0x31, 0x30, 0x35, 0x30, 0x33, 0x32, 0x31, 0x34, 0x37, 0x31, 0x30, 0x5a, 0x30, 0x64, 0x30, 0x62, 0x30, 0x3a, 0x30, 0x09, 0x06, 0x05, 0x2b, 0x0e, 0x03, 0x02, 0x1a, 0x05, 0x00, 0x04, 0x14, 0x71, 0x4d, 0x82, 0x23, 0x40, 0x59, 0xc0, 0x96, 0xa1, 0x37, 0x43, 0xfa, 0x31, 0xdb, 0xba, 0xb1, 0x43, 0x18, 0xda, 0x04, 0x04, 0x14, 0x83, 0xc6, 0x3a, 0x89, 0x2c, 0x81, 0xf4, 0x02, 0xd7, 0x9d, 0x4c, 0xe2, 0x2a, 0xc0, 0x71, 0x82, 0x64, 0x44, 0xda, 0x0e, 0x02, 0x01, 0x05, 0x80, 0x00, 0x18, 0x0f, 0x32, 0x30, 0x32, 0x31, 0x30, 0x35, 0x30, 0x33, 0x32, 0x31, 0x34, 0x37, 0x31, 0x30, 0x5a, 0xa0, 0x11, 0x18, 0x0f, 0x32, 0x30, 0x34, 0x38, 0x30, 0x39, 0x31, 0x37, 0x32, 0x31, 0x34, 0x37, 0x31, 0x30, 0x5a, 0xa1, 0x23, 0x30, 0x21, 0x30, 0x1f, 0x06, 0x09, 0x2b, 0x06, 0x01, 0x05, 0x05, 0x07, 0x30, 0x01, 0x02, 0x04, 0x12, 0x04, 0x10, 0x38, 0x31, 0x60, 0x99, 0xc8, 0x05, 0x09, 0x68, 0x1c, 0x33, 0x49, 0xea, 0x45, 0x26, 0x2f, 0x6d, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x0b, 0x05, 0x00, 0x03, 0x82, 0x01, 0x01, 0x00, 0x4d, 0x58, 0xcc, 0x69, 0x42, 0xe2, 0x9e, 0x64, 0xf6, 0x57, 0xce, 0xcb, 0x5f, 0x14, 0xaf, 0x08, 0x6c, 0xc1, 0x52, 0x7a, 0x40, 0x0a, 0xfd, 0xb6, 0xce, 0xbb, 0x40, 0xf4, 0xb9, 0xa5, 0x88, 0xc7, 0xf3, 0x42, 0x9f, 0xa9, 0x94, 0xbe, 0x6e, 0x7e, 0x09, 0x30, 0x9d, 0x0e, 0x10, 0x6f, 0x9c, 0xd9, 0x4c, 0x71, 0x81, 0x41, 0x64, 0x95, 0xf5, 0x85, 0x77, 0x94, 0x81, 0x61, 0x88, 0xc8, 0x0b, 0x50, 0xbb, 0x37, 0xc8, 0x86, 0x76, 0xd8, 0xa2, 0xed, 0x66, 0x34, 0xfb, 0xe4, 0xe7, 0x09, 0x8c, 0xf5, 0xb5, 0x85, 0xd0, 0x4b, 0xb5, 0xe6, 0x23, 0x62, 0xc3, 0xd0, 0xef, 0xf7, 0x42, 0x89, 0x02, 0x80, 0x64, 0xc9, 0xed, 0xdd, 0x7c, 0x8f, 0x0d, 0xe7, 0x43, 0x9b, 0x88, 0x1f, 0xb0, 0xfd, 0x24, 0x01, 0xc7, 0x55, 0xc3, 0x73, 0x12, 0x84, 0x09, 0x7c, 0x57, 0xa8, 0x5d, 0xab, 0x75, 0x29, 0x5c, 0x36, 0x97, 0x64, 0x40, 0x0b, 0x55, 0x34, 0x0a, 0x5d, 0xb1, 0x1b, 0x61, 0x1b, 0xdc, 0xe5, 0x89, 0xdd, 0x92, 0x62, 0x57, 0xa7, 0x52, 0xb4, 0x38, 0x9a, 0x48, 0xc8, 0x3a, 0x14, 0xde, 0x69, 0x42, 0xe9, 0x37, 0xa4, 0xe7, 0x2d, 0x00, 0xa7, 0x0b, 0x29, 0x18, 0xd5, 0xce, 0xd9, 0x0d, 0xdd, 0xfe, 0xae, 0x86, 0xb3, 0x32, 0x1c, 0xc9, 0x33, 0xb0, 0x2b, 0xb7, 0x3c, 0x0d, 0x43, 0xd8, 0x6c, 0xf2, 0xb7, 0xcd, 0x7b, 0xd5, 0x7d, 0xf0, 0xde, 0x34, 0x9f, 0x6d, 0x83, 0xb9, 0xd5, 0xed, 0xe3, 0xda, 0x96, 0x40, 0x9e, 0xd6, 0xa6, 0xfd, 0x70, 0x80, 0x70, 0x87, 0x61, 0x0f, 0xc5, 0x9f, 0x75, 0xfe, 0x11, 0x78, 0x34, 0xc9, 0x42, 0x16, 0x73, 0x46, 0x7b, 0x05, 0x53, 0x28, 0x43, 0xbe, 0xee, 0x88, 0x67, 0x1d, 0xcc, 0x74, 0xa7, 0xb6, 0x58, 0x7b, 0x29, 0x68, 0x40, 0xcf, 0xce, 0x7b, 0x19, 0x33, 0x68, 0xa0, 0x82, 0x04, 0xc6, 0x30, 0x82, 0x04, 0xc2, 0x30, 0x82, 0x04, 0xbe, 0x30, 0x82, 0x03, 0xa6, 0xa0, 0x03, 0x02, 0x01, 0x02, 0x02, 0x01, 0x04, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x0b, 0x05, 0x00, 0x30, 0x81, 0x97, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x55, 0x53, 0x31, 0x13, 0x30, 0x11, 0x06, 0x03, 0x55, 0x04, 0x08, 0x0c, 0x0a, 0x57, 0x61, 0x73, 0x68, 0x69, 0x6e, 0x67, 0x74, 0x6f, 0x6e, 0x31, 0x10, 0x30, 0x0e, 0x06, 0x03, 0x55, 0x04, 0x07, 0x0c, 0x07, 0x53, 0x65, 0x61, 0x74, 0x74, 0x6c, 0x65, 0x31, 0x10, 0x30, 0x0e, 0x06, 0x03, 0x55, 0x04, 0x0a, 0x0c, 0x07, 0x77, 0x6f, 0x6c, 0x66, 0x53, 0x53, 0x4c, 0x31, 0x14, 0x30, 0x12, 0x06, 0x03, 0x55, 0x04, 0x0b, 0x0c, 0x0b, 0x45, 0x6e, 0x67, 0x69, 0x6e, 0x65, 0x65, 0x72, 0x69, 0x6e, 0x67, 0x31, 0x18, 0x30, 0x16, 0x06, 0x03, 0x55, 0x04, 0x03, 0x0c, 0x0f, 0x77, 0x6f, 0x6c, 0x66, 0x53, 0x53, 0x4c, 0x20, 0x72, 0x6f, 0x6f, 0x74, 0x20, 0x43, 0x41, 0x31, 0x1f, 0x30, 0x1d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x09, 0x01, 0x16, 0x10, 0x69, 0x6e, 0x66, 0x6f, 0x40, 0x77, 0x6f, 0x6c, 0x66, 0x73, 0x73, 0x6c, 0x2e, 0x63, 0x6f, 0x6d, 0x30, 0x1e, 0x17, 0x0d, 0x32, 0x31, 0x30, 0x32, 0x31, 0x30, 0x31, 0x39, 0x34, 0x39, 0x35, 0x34, 0x5a, 0x17, 0x0d, 0x32, 0x33, 0x31, 0x31, 0x30, 0x37, 0x31, 0x39, 0x34, 0x39, 0x35, 0x34, 0x5a, 0x30, 0x81, 0x9e, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x55, 0x53, 0x31, 0x13, 0x30, 0x11, 0x06, 0x03, 0x55, 0x04, 0x08, 0x0c, 0x0a, 0x57, 0x61, 0x73, 0x68, 0x69, 0x6e, 0x67, 0x74, 0x6f, 0x6e, 0x31, 0x10, 0x30, 0x0e, 0x06, 0x03, 0x55, 0x04, 0x07, 0x0c, 0x07, 0x53, 0x65, 0x61, 0x74, 0x74, 0x6c, 0x65, 0x31, 0x10, 0x30, 0x0e, 0x06, 0x03, 0x55, 0x04, 0x0a, 0x0c, 0x07, 0x77, 0x6f, 0x6c, 0x66, 0x53, 0x53, 0x4c, 0x31, 0x14, 0x30, 0x12, 0x06, 0x03, 0x55, 0x04, 0x0b, 0x0c, 0x0b, 0x45, 0x6e, 0x67, 0x69, 0x6e, 0x65, 0x65, 0x72, 0x69, 0x6e, 0x67, 0x31, 0x1f, 0x30, 0x1d, 0x06, 0x03, 0x55, 0x04, 0x03, 0x0c, 0x16, 0x77, 0x6f, 0x6c, 0x66, 0x53, 0x53, 0x4c, 0x20, 0x4f, 0x43, 0x53, 0x50, 0x20, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x64, 0x65, 0x72, 0x31, 0x1f, 0x30, 0x1d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x09, 0x01, 0x16, 0x10, 0x69, 0x6e, 0x66, 0x6f, 0x40, 0x77, 0x6f, 0x6c, 0x66, 0x73, 0x73, 0x6c, 0x2e, 0x63, 0x6f, 0x6d, 0x30, 0x82, 0x01, 0x22, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x01, 0x05, 0x00, 0x03, 0x82, 0x01, 0x0f, 0x00, 0x30, 0x82, 0x01, 0x0a, 0x02, 0x82, 0x01, 0x01, 0x00, 0xb8, 0xba, 0x23, 0xb4, 0xf6, 0xc3, 0x7b, 0x14, 0xc3, 0xa4, 0xf5, 0x1d, 0x61, 0xa1, 0xf5, 0x1e, 0x63, 0xb9, 0x85, 0x23, 0x34, 0x50, 0x6d, 0xf8, 0x7c, 0xa2, 0x8a, 0x04, 0x8b, 0xd5, 0x75, 0x5c, 0x2d, 0xf7, 0x63, 0x88, 0xd1, 0x07, 0x7a, 0xea, 0x0b, 0x45, 0x35, 0x2b, 0xeb, 0x1f, 0xb1, 0x22, 0xb4, 0x94, 0x41, 0x38, 0xe2, 0x9d, 0x74, 0xd6, 0x8b, 0x30, 0x22, 0x10, 0x51, 0xc5, 0xdb, 0xca, 0x3f, 0x46, 0x2b, 0xfe, 0xe5, 0x5a, 0x3f, 0x41, 0x74, 0x67, 0x75, 0x95, 0xa9, 0x94, 0xd5, 0xc3, 0xee, 0x42, 0xf8, 0x8d, 0xeb, 0x92, 0x95, 0xe1, 0xd9, 0x65, 0xb7, 0x43, 0xc4, 0x18, 0xde, 0x16, 0x80, 0x90, 0xce, 0x24, 0x35, 0x21, 0xc4, 0x55, 0xac, 0x5a, 0x51, 0xe0, 0x2e, 0x2d, 0xb3, 0x0a, 0x5a, 0x4f, 0x4a, 0x73, 0x31, 0x50, 0xee, 0x4a, 0x16, 0xbd, 0x39, 0x8b, 0xad, 0x05, 0x48, 0x87, 0xb1, 0x99, 0xe2, 0x10, 0xa7, 0x06, 0x72, 0x67, 0xca, 0x5c, 0xd1, 0x97, 0xbd, 0xc8, 0xf1, 0x76, 0xf8, 0xe0, 0x4a, 0xec, 0xbc, 0x93, 0xf4, 0x66, 0x4c, 0x28, 0x71, 0xd1, 0xd8, 0x66, 0x03, 0xb4, 0x90, 0x30, 0xbb, 0x17, 0xb0, 0xfe, 0x97, 0xf5, 0x1e, 0xe8, 0xc7, 0x5d, 0x9b, 0x8b, 0x11, 0x19, 0x12, 0x3c, 0xab, 0x82, 0x71, 0x78, 0xff, 0xae, 0x3f, 0x32, 0xb2, 0x08, 0x71, 0xb2, 0x1b, 0x8c, 0x27, 0xac, 0x11, 0xb8, 0xd8, 0x43, 0x49, 0xcf, 0xb0, 0x70, 0xb1, 0xf0, 0x8c, 0xae, 0xda, 0x24, 0x87, 0x17, 0x3b, 0xd8, 0x04, 0x65, 0x6c, 0x00, 0x76, 0x50, 0xef, 0x15, 0x08, 0xd7, 0xb4, 0x73, 0x68, 0x26, 0x14, 0x87, 0x95, 0xc3, 0x5f, 0x6e, 0x61, 0xb8, 0x87, 0x84, 0xfa, 0x80, 0x1a, 0x0a, 0x8b, 0x98, 0xf3, 0xe3, 0xff, 0x4e, 0x44, 0x1c, 0x65, 0x74, 0x7c, 0x71, 0x54, 0x65, 0xe5, 0x39, 0x02, 0x03, 0x01, 0x00, 0x01, 0xa3, 0x82, 0x01, 0x0a, 0x30, 0x82, 0x01, 0x06, 0x30, 0x09, 0x06, 0x03, 0x55, 0x1d, 0x13, 0x04, 0x02, 0x30, 0x00, 0x30, 0x1d, 0x06, 0x03, 0x55, 0x1d, 0x0e, 0x04, 0x16, 0x04, 0x14, 0x32, 0x67, 0xe1, 0xb1, 0x79, 0xd2, 0x81, 0xfc, 0x9f, 0x23, 0x0c, 0x70, 0x40, 0x50, 0xb5, 0x46, 0x56, 0xb8, 0x30, 0x36, 0x30, 0x81, 0xc4, 0x06, 0x03, 0x55, 0x1d, 0x23, 0x04, 0x81, 0xbc, 0x30, 0x81, 0xb9, 0x80, 0x14, 0x73, 0xb0, 0x1c, 0xa4, 0x2f, 0x82, 0xcb, 0xcf, 0x47, 0xa5, 0x38, 0xd7, 0xb0, 0x04, 0x82, 0x3a, 0x7e, 0x72, 0x15, 0x21, 0xa1, 0x81, 0x9d, 0xa4, 0x81, 0x9a, 0x30, 0x81, 0x97, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x55, 0x53, 0x31, 0x13, 0x30, 0x11, 0x06, 0x03, 0x55, 0x04, 0x08, 0x0c, 0x0a, 0x57, 0x61, 0x73, 0x68, 0x69, 0x6e, 0x67, 0x74, 0x6f, 0x6e, 0x31, 0x10, 0x30, 0x0e, 0x06, 0x03, 0x55, 0x04, 0x07, 0x0c, 0x07, 0x53, 0x65, 0x61, 0x74, 0x74, 0x6c, 0x65, 0x31, 0x10, 0x30, 0x0e, 0x06, 0x03, 0x55, 0x04, 0x0a, 0x0c, 0x07, 0x77, 0x6f, 0x6c, 0x66, 0x53, 0x53, 0x4c, 0x31, 0x14, 0x30, 0x12, 0x06, 0x03, 0x55, 0x04, 0x0b, 0x0c, 0x0b, 0x45, 0x6e, 0x67, 0x69, 0x6e, 0x65, 0x65, 0x72, 0x69, 0x6e, 0x67, 0x31, 0x18, 0x30, 0x16, 0x06, 0x03, 0x55, 0x04, 0x03, 0x0c, 0x0f, 0x77, 0x6f, 0x6c, 0x66, 0x53, 0x53, 0x4c, 0x20, 0x72, 0x6f, 0x6f, 0x74, 0x20, 0x43, 0x41, 0x31, 0x1f, 0x30, 0x1d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x09, 0x01, 0x16, 0x10, 0x69, 0x6e, 0x66, 0x6f, 0x40, 0x77, 0x6f, 0x6c, 0x66, 0x73, 0x73, 0x6c, 0x2e, 0x63, 0x6f, 0x6d, 0x82, 0x01, 0x63, 0x30, 0x13, 0x06, 0x03, 0x55, 0x1d, 0x25, 0x04, 0x0c, 0x30, 0x0a, 0x06, 0x08, 0x2b, 0x06, 0x01, 0x05, 0x05, 0x07, 0x03, 0x09, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x0b, 0x05, 0x00, 0x03, 0x82, 0x01, 0x01, 0x00, 0x07, 0xca, 0xa6, 0xa1, 0x9f, 0xbf, 0xaf, 0x92, 0x41, 0x35, 0x66, 0x51, 0xac, 0xbc, 0x2c, 0xec, 0xe7, 0x8d, 0x65, 0x7e, 0xe9, 0x40, 0xfe, 0x5a, 0xab, 0x8a, 0x1d, 0x3d, 0x13, 0xdb, 0xb4, 0x43, 0x2c, 0x9a, 0x36, 0x98, 0x21, 0xa5, 0xe8, 0xca, 0xa9, 0x4d, 0xfc, 0xe3, 0xf7, 0x45, 0x88, 0xcd, 0x33, 0xbf, 0x8a, 0x62, 0x10, 0x2f, 0xb2, 0xb7, 0x04, 0xef, 0x26, 0x43, 0x51, 0x1d, 0x43, 0x62, 0x7d, 0x1e, 0x50, 0xc8, 0xd5, 0x98, 0x94, 0x71, 0x8f, 0x3b, 0x23, 0x26, 0xf1, 0x71, 0x8e, 0x1e, 0x3d, 0x3f, 0x21, 0xfd, 0xb7, 0x2d, 0x65, 0xe4, 0x07, 0x65, 0xac, 0x3c, 0xfc, 0xc0, 0x47, 0xa9, 0x32, 0xf6, 0xda, 0x26, 0x93, 0x10, 0xb2, 0xd1, 0x6d, 0xc8, 0x81, 0x31, 0x7c, 0xb0, 0x6b, 0xc5, 0x22, 0x8d, 0xb3, 0xfa, 0xbe, 0x82, 0xea, 0x41, 0x42, 0xc4, 0xc0, 0xef, 0xe3, 0x84, 0x0f, 0x6f, 0x9a, 0x03, 0x63, 0xb3, 0x30, 0xe0, 0x31, 0x81, 0x2a, 0x16, 0xb3, 0x47, 0xd9, 0x5b, 0x38, 0x93, 0x07, 0xd0, 0x6e, 0x79, 0x52, 0x2c, 0xe5, 0x50, 0x84, 0x79, 0x10, 0xe7, 0xf6, 0x31, 0x7a, 0x3e, 0x48, 0xa2, 0x38, 0x21, 0x90, 0x7a, 0xf2, 0x5f, 0x48, 0xa4, 0x46, 0x93, 0x87, 0xdd, 0x5c, 0x83, 0x64, 0xea, 0xb5, 0x99, 0xa2, 0xe9, 0x01, 0x40, 0xfe, 0xf0, 0x48, 0x66, 0x4f, 0x96, 0xf7, 0x83, 0x52, 0xf8, 0x6d, 0xf8, 0x5f, 0xed, 0x0c, 0xbb, 0xbe, 0xd0, 0x69, 0x10, 0x4b, 0x99, 0x8f, 0xf8, 0x61, 0x53, 0x9d, 0x12, 0xca, 0x86, 0xaa, 0xb1, 0x80, 0xb4, 0xa6, 0xc1, 0xcb, 0xb7, 0x48, 0xf7, 0x9f, 0x55, 0xb4, 0x6e, 0xab, 0xd3, 0xa1, 0xaa, 0x4b, 0xa7, 0x21, 0x6e, 0x16, 0x7f, 0xad, 0xbb, 0xea, 0x0f, 0x41, 0x80, 0x9b, 0x7f, 0xd6, 0x46, 0xa2, 0xc0, 0x61, 0x72, 0x59, 0x59, 0xa0, 0x07 }; OcspEntry entry[1]; CertStatus status[1]; OcspRequest* request; byte serial[] = {0x05}; byte issuerHash[] = {0x71, 0x4d, 0x82, 0x23, 0x40, 0x59, 0xc0, 0x96, 0xa1, 0x37, 0x43, 0xfa, 0x31, 0xdb, 0xba, 0xb1, 0x43, 0x18, 0xda, 0x04}; byte issuerKeyHash[] = {0x83, 0xc6, 0x3a, 0x89, 0x2c, 0x81, 0xf4, 0x02, 0xd7, 0x9d, 0x4c, 0xe2, 0x2a, 0xc0, 0x71, 0x82, 0x64, 0x44, 0xda, 0x0e}; XMEMSET(entry, 0, sizeof(OcspEntry)); XMEMSET(status, 0, sizeof(CertStatus)); AssertNotNull(request = wolfSSL_OCSP_REQUEST_new()); request->serial = (byte*)XMALLOC(sizeof(serial), NULL, DYNAMIC_TYPE_OCSP_REQUEST); AssertNotNull(request->serial); request->serialSz = sizeof(serial); XMEMCPY(request->serial, serial, sizeof(serial)); XMEMCPY(request->issuerHash, issuerHash, sizeof(issuerHash)); XMEMCPY(request->issuerKeyHash, issuerKeyHash, sizeof(issuerKeyHash)); AssertNotNull(cm = wolfSSL_CertManagerNew_ex(NULL)); AssertIntEQ(wolfSSL_CertManagerEnableOCSP(cm, 0), WOLFSSL_SUCCESS); AssertIntEQ(wolfSSL_CertManagerLoadCA(cm, "./certs/ocsp/intermediate1-ca-cert.pem", NULL), WOLFSSL_SUCCESS); /* Response should be valid. */ AssertIntEQ(wolfSSL_CertManagerCheckOCSPResponse(cm, response, sizeof(response), NULL, status, entry, request), WOLFSSL_SUCCESS); /* Flip a byte in the request serial number, response should be invalid * now. */ request->serial[0] ^= request->serial[0]; AssertIntNE(wolfSSL_CertManagerCheckOCSPResponse(cm, response, sizeof(response), NULL, status, entry, request), WOLFSSL_SUCCESS); wolfSSL_OCSP_REQUEST_free(request); wolfSSL_CertManagerFree(cm); res = TEST_RES_CHECK(1); #endif /* OPENSSL_ALL || WOLFSSL_NGINX || WOLFSSL_HAPROXY || * WOLFSSL_APACHE_HTTPD || HAVE_LIGHTY */ #endif /* HAVE_OCSP */ return res; } static int test_wolfSSL_CheckOCSPResponse(void) { int result = TEST_SKIPPED; #if defined(HAVE_OCSP) && !defined(NO_RSA) && defined(OPENSSL_ALL) const char* responseFile = "./certs/ocsp/test-response.der"; const char* responseMultiFile = "./certs/ocsp/test-multi-response.der"; const char* responseNoInternFile = "./certs/ocsp/test-response-nointern.der"; const char* caFile = "./certs/ocsp/root-ca-cert.pem"; OcspResponse* res = NULL; byte data[4096]; const unsigned char* pt; int dataSz; XFILE f; WOLFSSL_OCSP_BASICRESP* bs; WOLFSSL_X509_STORE* st; WOLFSSL_X509* issuer; f = XFOPEN(responseFile, "rb"); AssertTrue(f != XBADFILE); dataSz = (word32)XFREAD(data, 1, sizeof(data), f); AssertIntGT(dataSz, 0); XFCLOSE(f); pt = data; res = wolfSSL_d2i_OCSP_RESPONSE(NULL, &pt, dataSz); AssertNotNull(res); issuer = wolfSSL_X509_load_certificate_file(caFile, SSL_FILETYPE_PEM); AssertNotNull(issuer); st = wolfSSL_X509_STORE_new(); AssertNotNull(st); AssertIntEQ(wolfSSL_X509_STORE_add_cert(st, issuer), WOLFSSL_SUCCESS); bs = wolfSSL_OCSP_response_get1_basic(res); AssertNotNull(bs); AssertIntEQ(wolfSSL_OCSP_basic_verify(bs, NULL, st, 0), WOLFSSL_SUCCESS); wolfSSL_OCSP_BASICRESP_free(bs); wolfSSL_OCSP_RESPONSE_free(res); wolfSSL_X509_STORE_free(st); wolfSSL_X509_free(issuer); /* check loading a response with optional certs */ f = XFOPEN(responseNoInternFile, "rb"); AssertTrue(f != XBADFILE); dataSz = (word32)XFREAD(data, 1, sizeof(data), f); AssertIntGT(dataSz, 0); XFCLOSE(f); pt = data; res = wolfSSL_d2i_OCSP_RESPONSE(NULL, &pt, dataSz); AssertNotNull(res); wolfSSL_OCSP_RESPONSE_free(res); /* check loading a response with multiple certs */ { WOLFSSL_CERT_MANAGER* cm = NULL; OcspEntry *entry; CertStatus* status; OcspRequest* request; byte serial1[] = {0x01}; byte serial[] = {0x02}; byte issuerHash[] = { 0x44, 0xA8, 0xDB, 0xD1, 0xBC, 0x97, 0x0A, 0x83, 0x3B, 0x5B, 0x31, 0x9A, 0x4C, 0xB8, 0xD2, 0x52, 0x37, 0x15, 0x8A, 0x88 }; byte issuerKeyHash[] = { 0x73, 0xB0, 0x1C, 0xA4, 0x2F, 0x82, 0xCB, 0xCF, 0x47, 0xA5, 0x38, 0xD7, 0xB0, 0x04, 0x82, 0x3A, 0x7E, 0x72, 0x15, 0x21 }; entry = (OcspEntry*)XMALLOC(sizeof(OcspEntry), NULL, DYNAMIC_TYPE_OPENSSL); AssertNotNull(entry); status = (CertStatus*)XMALLOC(sizeof(CertStatus), NULL, DYNAMIC_TYPE_OPENSSL); AssertNotNull(status); XMEMSET(entry, 0, sizeof(OcspEntry)); XMEMSET(status, 0, sizeof(CertStatus)); AssertNotNull(request = wolfSSL_OCSP_REQUEST_new()); request->serial = (byte*)XMALLOC(sizeof(serial), NULL, DYNAMIC_TYPE_OCSP_REQUEST); AssertNotNull(request->serial); request->serialSz = sizeof(serial); XMEMCPY(request->serial, serial, sizeof(serial)); XMEMCPY(request->issuerHash, issuerHash, sizeof(issuerHash)); XMEMCPY(request->issuerKeyHash, issuerKeyHash, sizeof(issuerKeyHash)); AssertNotNull(cm = wolfSSL_CertManagerNew_ex(NULL)); AssertIntEQ(wolfSSL_CertManagerEnableOCSP(cm, 0), WOLFSSL_SUCCESS); AssertIntEQ(wolfSSL_CertManagerLoadCA(cm, caFile, NULL), WOLFSSL_SUCCESS); f = XFOPEN(responseMultiFile, "rb"); AssertTrue(f != XBADFILE); dataSz = (word32)XFREAD(data, 1, sizeof(data), f); AssertIntGT(dataSz, 0); XFCLOSE(f); AssertIntEQ(wolfSSL_CertManagerCheckOCSPResponse(cm, data, dataSz, NULL, status, entry, request), WOLFSSL_SUCCESS); AssertIntEQ(wolfSSL_CertManagerCheckOCSPResponse(cm, data, dataSz, NULL, entry->status, entry, request), WOLFSSL_SUCCESS); AssertNotNull(entry->status); XMEMCPY(request->serial, serial1, sizeof(serial1)); AssertIntEQ(wolfSSL_CertManagerCheckOCSPResponse(cm, data, dataSz, NULL, status, entry, request), WOLFSSL_SUCCESS); /* store both status's in the entry to check that "next" is not * overwritten */ status->next = entry->status; entry->status = status; XMEMCPY(request->serial, serial, sizeof(serial)); AssertIntEQ(wolfSSL_CertManagerCheckOCSPResponse(cm, data, dataSz, NULL, entry->status, entry, request), WOLFSSL_SUCCESS); AssertNotNull(entry->status->next); /* compare the status found */ AssertIntEQ(status->serialSz, entry->status->serialSz); AssertIntEQ(XMEMCMP(status->serial, entry->status->serial, status->serialSz), 0); wolfSSL_OCSP_CERTID_free(entry); wolfSSL_OCSP_REQUEST_free(request); wolfSSL_CertManagerFree(cm); } #if defined(WC_RSA_PSS) { const char* responsePssFile = "./certs/ocsp/test-response-rsapss.der"; /* check loading a response with RSA-PSS signature */ f = XFOPEN(responsePssFile, "rb"); AssertTrue(f != XBADFILE); dataSz = (word32)XFREAD(data, 1, sizeof(data), f); AssertIntGT(dataSz, 0); XFCLOSE(f); pt = data; res = wolfSSL_d2i_OCSP_RESPONSE(NULL, &pt, dataSz); AssertNotNull(res); /* try to verify the response */ issuer = wolfSSL_X509_load_certificate_file(caFile, SSL_FILETYPE_PEM); AssertNotNull(issuer); st = wolfSSL_X509_STORE_new(); AssertNotNull(st); AssertIntEQ(wolfSSL_X509_STORE_add_cert(st, issuer), WOLFSSL_SUCCESS); bs = wolfSSL_OCSP_response_get1_basic(res); AssertNotNull(bs); AssertIntEQ(wolfSSL_OCSP_basic_verify(bs, NULL, st, 0), WOLFSSL_SUCCESS); wolfSSL_OCSP_BASICRESP_free(bs); wolfSSL_OCSP_RESPONSE_free(res); wolfSSL_X509_STORE_free(st); wolfSSL_X509_free(issuer); } #endif result = TEST_RES_CHECK(1); #endif /* HAVE_OCSP */ return result; } static int test_wolfSSL_CertManagerLoadCABuffer(void) { int res = TEST_SKIPPED; #if !defined(NO_FILESYSTEM) && !defined(NO_CERTS) const char* ca_cert = "./certs/ca-cert.pem"; const char* ca_expired_cert = "./certs/test/expired/expired-ca.pem"; int ret; ret = test_cm_load_ca_file(ca_cert); #if defined(NO_WOLFSSL_CLIENT) && defined(NO_WOLFSSL_SERVER) AssertIntEQ(ret, WOLFSSL_FATAL_ERROR); #elif defined(NO_RSA) AssertIntEQ(ret, ASN_UNKNOWN_OID_E); #else AssertIntEQ(ret, WOLFSSL_SUCCESS); #endif ret = test_cm_load_ca_file(ca_expired_cert); #if defined(NO_WOLFSSL_CLIENT) && defined(NO_WOLFSSL_SERVER) AssertIntEQ(ret, WOLFSSL_FATAL_ERROR); res = TEST_RES_CHECK(ret == WOLFSSL_FATAL_ERROR); #elif defined(NO_RSA) AssertIntEQ(ret, ASN_UNKNOWN_OID_E); res = TEST_RES_CHECK(ret == ASN_UNKNOWN_OID_E); #elif !(WOLFSSL_LOAD_VERIFY_DEFAULT_FLAGS & WOLFSSL_LOAD_FLAG_DATE_ERR_OKAY) && \ !defined(OPENSSL_COMPATIBLE_DEFAULTS) && !defined(NO_ASN_TIME) AssertIntEQ(ret, ASN_AFTER_DATE_E); res = TEST_RES_CHECK(ret == ASN_AFTER_DATE_E); #else AssertIntEQ(ret, WOLFSSL_SUCCESS); res = TEST_RES_CHECK(ret == WOLFSSL_SUCCESS); #endif #endif return res; } static int test_wolfSSL_CertManagerLoadCABuffer_ex(void) { int res = TEST_SKIPPED; #if !defined(NO_FILESYSTEM) && !defined(NO_CERTS) const char* ca_cert = "./certs/ca-cert.pem"; const char* ca_expired_cert = "./certs/test/expired/expired-ca.pem"; int ret; ret = test_cm_load_ca_file_ex(ca_cert, WOLFSSL_LOAD_FLAG_NONE); #if defined(NO_WOLFSSL_CLIENT) && defined(NO_WOLFSSL_SERVER) AssertIntEQ(ret, WOLFSSL_FATAL_ERROR); #elif defined(NO_RSA) AssertIntEQ(ret, ASN_UNKNOWN_OID_E); #else AssertIntEQ(ret, WOLFSSL_SUCCESS); #endif ret = test_cm_load_ca_file_ex(ca_expired_cert, WOLFSSL_LOAD_FLAG_DATE_ERR_OKAY); #if defined(NO_WOLFSSL_CLIENT) && defined(NO_WOLFSSL_SERVER) AssertIntEQ(ret, WOLFSSL_FATAL_ERROR); res = TEST_RES_CHECK(ret == WOLFSSL_FATAL_ERROR); #elif defined(NO_RSA) AssertIntEQ(ret, ASN_UNKNOWN_OID_E); res = TEST_RES_CHECK(ret == ASN_UNKNOWN_OID_E); #else AssertIntEQ(ret, WOLFSSL_SUCCESS); res = TEST_RES_CHECK(ret == WOLFSSL_SUCCESS); #endif #endif return res; } static int test_wolfSSL_CertManagerGetCerts(void) { int res = TEST_SKIPPED; #if defined(OPENSSL_ALL) && !defined(NO_CERTS) && \ !defined(NO_FILESYSTEM) && !defined(NO_RSA) && \ defined(WOLFSSL_SIGNER_DER_CERT) WOLFSSL_CERT_MANAGER* cm = NULL; WOLFSSL_STACK* sk = NULL; X509* x509 = NULL; X509* cert1 = NULL; FILE* file1 = NULL; #ifdef DEBUG_WOLFSSL_VERBOSE WOLFSSL_BIO* bio = NULL; #endif int i = 0; int ret = 0; const byte* der; int derSz = 0; AssertNotNull(file1=fopen("./certs/ca-cert.pem", "rb")); AssertNotNull(cert1 = wolfSSL_PEM_read_X509(file1, NULL, NULL, NULL)); fclose(file1); AssertNotNull(cm = wolfSSL_CertManagerNew_ex(NULL)); AssertNull(sk = wolfSSL_CertManagerGetCerts(cm)); AssertNotNull(der = wolfSSL_X509_get_der(cert1, &derSz)); ret = wolfSSL_CertManagerVerifyBuffer(cm, der, derSz, WOLFSSL_FILETYPE_ASN1); #if defined(OPENSSL_ALL) || defined(WOLFSSL_QT) /* Check that ASN_SELF_SIGNED_E is returned for a self-signed cert for QT * and full OpenSSL compatibility */ AssertIntEQ(ret, ASN_SELF_SIGNED_E); #else AssertIntEQ(ret, ASN_NO_SIGNER_E); #endif AssertIntEQ(WOLFSSL_SUCCESS, wolfSSL_CertManagerLoadCA(cm, "./certs/ca-cert.pem", NULL)); AssertNotNull(sk = wolfSSL_CertManagerGetCerts(cm)); for (i = 0; i < sk_X509_num(sk); i++) { x509 = sk_X509_value(sk, i); AssertIntEQ(0, wolfSSL_X509_cmp(x509, cert1)); #ifdef DEBUG_WOLFSSL_VERBOSE bio = BIO_new(wolfSSL_BIO_s_file()); if (bio != NULL) { BIO_set_fp(bio, stderr, BIO_NOCLOSE); X509_print(bio, x509); BIO_free(bio); } #endif /* DEBUG_WOLFSSL_VERBOSE */ } wolfSSL_X509_free(cert1); sk_X509_pop_free(sk, NULL); wolfSSL_CertManagerFree(cm); res = TEST_RES_CHECK(1); #endif /* defined(OPENSSL_ALL) && !defined(NO_CERTS) && \ !defined(NO_FILESYSTEM) && !defined(NO_RSA) && \ defined(WOLFSSL_SIGNER_DER_CERT) */ return res; } static int test_wolfSSL_CertManagerSetVerify(void) { int res = TEST_SKIPPED; #if !defined(NO_FILESYSTEM) && !defined(NO_CERTS) && \ !defined(NO_WOLFSSL_CM_VERIFY) && !defined(NO_RSA) && \ (!defined(NO_WOLFSSL_CLIENT) || !defined(WOLFSSL_NO_CLIENT_AUTH)) int ret = 0; WOLFSSL_CERT_MANAGER* cm; int tmp = myVerifyAction; const char* ca_cert = "./certs/ca-cert.pem"; const char* expiredCert = "./certs/test/expired/expired-cert.pem"; cm = wolfSSL_CertManagerNew(); AssertNotNull(cm); wolfSSL_CertManagerSetVerify(cm, myVerify); ret = wolfSSL_CertManagerLoadCA(cm, ca_cert, NULL); #if defined(NO_WOLFSSL_CLIENT) && defined(NO_WOLFSSL_SERVER) AssertIntEQ(ret, -1); #else AssertIntEQ(ret, WOLFSSL_SUCCESS); #endif /* Use the test CB that always accepts certs */ myVerifyAction = VERIFY_OVERRIDE_ERROR; ret = wolfSSL_CertManagerVerify(cm, expiredCert, WOLFSSL_FILETYPE_PEM); AssertIntEQ(ret, WOLFSSL_SUCCESS); #ifdef WOLFSSL_ALWAYS_VERIFY_CB { const char* verifyCert = "./certs/server-cert.pem"; /* Use the test CB that always fails certs */ myVerifyAction = VERIFY_FORCE_FAIL; ret = wolfSSL_CertManagerVerify(cm, verifyCert, WOLFSSL_FILETYPE_PEM); AssertIntEQ(ret, VERIFY_CERT_ERROR); } #endif wolfSSL_CertManagerFree(cm); myVerifyAction = tmp; res = TEST_RES_CHECK(1); #endif return res; } #if !defined(NO_FILESYSTEM) && defined(OPENSSL_EXTRA) && \ defined(DEBUG_UNIT_TEST_CERTS) /* Used when debugging name constraint tests. Not static to allow use in * multiple locations with complex define guards. */ void DEBUG_WRITE_CERT_X509(WOLFSSL_X509* x509, const char* fileName) { BIO* out = BIO_new_file(fileName, "wb"); if (out != NULL) { PEM_write_bio_X509(out, x509); BIO_free(out); } } void DEBUG_WRITE_DER(const byte* der, int derSz, const char* fileName) { BIO* out = BIO_new_file(fileName, "wb"); if (out != NULL) { BIO_write(out, der, derSz); BIO_free(out); } } #else #define DEBUG_WRITE_CERT_X509(x509, fileName) #define DEBUG_WRITE_DER(der, derSz, fileName) #endif static int test_wolfSSL_CertManagerNameConstraint(void) { int res = TEST_SKIPPED; #if !defined(NO_FILESYSTEM) && !defined(NO_CERTS) && \ !defined(NO_WOLFSSL_CM_VERIFY) && !defined(NO_RSA) && \ defined(OPENSSL_EXTRA) && defined(WOLFSSL_CERT_GEN) && \ defined(WOLFSSL_CERT_EXT) && defined(WOLFSSL_ALT_NAMES) && \ !defined(NO_SHA256) WOLFSSL_CERT_MANAGER* cm; WOLFSSL_EVP_PKEY *priv; WOLFSSL_X509_NAME* name; const char* ca_cert = "./certs/test/cert-ext-nc.der"; const char* server_cert = "./certs/test/server-goodcn.pem"; int i = 0; static const byte extNameConsOid[] = {85, 29, 30}; RsaKey key; WC_RNG rng; byte *der; int derSz; word32 idx = 0; byte *pt; WOLFSSL_X509 *x509, *ca; wc_InitRng(&rng); /* load in CA private key for signing */ AssertIntEQ(wc_InitRsaKey_ex(&key, HEAP_HINT, testDevId), 0); AssertIntEQ(wc_RsaPrivateKeyDecode(server_key_der_2048, &idx, &key, sizeof_server_key_der_2048), 0); /* get ca certificate then alter it */ AssertNotNull(der = (byte*)XMALLOC(FOURK_BUF, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER)); AssertNotNull(x509 = wolfSSL_X509_load_certificate_file(ca_cert, WOLFSSL_FILETYPE_ASN1)); AssertNotNull(pt = (byte*)wolfSSL_X509_get_tbs(x509, &derSz)); XMEMCPY(der, pt, derSz); /* find the name constraint extension and alter it */ pt = der; for (i = 0; i < derSz - 3; i++) { if (XMEMCMP(pt, extNameConsOid, 3) == 0) { pt += 3; break; } pt++; } AssertIntNE(i, derSz - 3); /* did not find OID if this case is hit */ /* go to the length value and set it to 0 */ while (i < derSz && *pt != 0x81) { pt++; i++; } AssertIntNE(i, derSz); /* did not place to alter */ pt++; *pt = 0x00; /* resign the altered certificate */ AssertIntGT((derSz = wc_SignCert(derSz, CTC_SHA256wRSA, der, FOURK_BUF, &key, NULL, &rng)), 0); AssertNotNull(cm = wolfSSL_CertManagerNew()); AssertIntEQ(wolfSSL_CertManagerLoadCABuffer(cm, der, derSz, WOLFSSL_FILETYPE_ASN1), ASN_PARSE_E); wolfSSL_CertManagerFree(cm); XFREE(der, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); wolfSSL_X509_free(x509); wc_FreeRsaKey(&key); wc_FreeRng(&rng); /* add email alt name to satisfy constraint */ pt = (byte*)server_key_der_2048; AssertNotNull(priv = wolfSSL_d2i_PrivateKey(EVP_PKEY_RSA, NULL, (const unsigned char**)&pt, sizeof_server_key_der_2048)); AssertNotNull(cm = wolfSSL_CertManagerNew()); AssertNotNull(ca = wolfSSL_X509_load_certificate_file(ca_cert, WOLFSSL_FILETYPE_ASN1)); AssertNotNull((der = (byte*)wolfSSL_X509_get_der(ca, &derSz))); DEBUG_WRITE_DER(der, derSz, "ca.der"); AssertIntEQ(wolfSSL_CertManagerLoadCABuffer(cm, der, derSz, WOLFSSL_FILETYPE_ASN1), WOLFSSL_SUCCESS); /* Good cert test with proper alt email name */ AssertNotNull(x509 = wolfSSL_X509_load_certificate_file(server_cert, WOLFSSL_FILETYPE_PEM)); AssertNotNull(name = wolfSSL_X509_get_subject_name(ca)); AssertIntEQ(wolfSSL_X509_set_issuer_name(x509, name), WOLFSSL_SUCCESS); AssertNotNull(name = X509_NAME_new()); AssertIntEQ(X509_NAME_add_entry_by_txt(name, "countryName", MBSTRING_UTF8, (byte*)"US", 2, -1, 0), SSL_SUCCESS); AssertIntEQ(X509_NAME_add_entry_by_txt(name, "commonName", MBSTRING_UTF8, (byte*)"wolfssl.com", 11, -1, 0), SSL_SUCCESS); AssertIntEQ(X509_NAME_add_entry_by_txt(name, "emailAddress", MBSTRING_UTF8, (byte*)"support@info.wolfssl.com", 24, -1, 0), SSL_SUCCESS); AssertIntEQ(wolfSSL_X509_set_subject_name(x509, name), WOLFSSL_SUCCESS); X509_NAME_free(name); wolfSSL_X509_add_altname(x509, "wolfssl@info.wolfssl.com", ASN_RFC822_TYPE); AssertIntGT(wolfSSL_X509_sign(x509, priv, EVP_sha256()), 0); DEBUG_WRITE_CERT_X509(x509, "good-cert.pem"); AssertNotNull((der = (byte*)wolfSSL_X509_get_der(x509, &derSz))); AssertIntEQ(wolfSSL_CertManagerVerifyBuffer(cm, der, derSz, WOLFSSL_FILETYPE_ASN1), WOLFSSL_SUCCESS); wolfSSL_X509_free(x509); /* Cert with bad alt name list */ AssertNotNull(x509 = wolfSSL_X509_load_certificate_file(server_cert, WOLFSSL_FILETYPE_PEM)); AssertNotNull(name = wolfSSL_X509_get_subject_name(ca)); AssertIntEQ(wolfSSL_X509_set_issuer_name(x509, name), WOLFSSL_SUCCESS); AssertNotNull(name = X509_NAME_new()); AssertIntEQ(X509_NAME_add_entry_by_txt(name, "countryName", MBSTRING_UTF8, (byte*)"US", 2, -1, 0), SSL_SUCCESS); AssertIntEQ(X509_NAME_add_entry_by_txt(name, "commonName", MBSTRING_UTF8, (byte*)"wolfssl.com", 11, -1, 0), SSL_SUCCESS); AssertIntEQ(X509_NAME_add_entry_by_txt(name, "emailAddress", MBSTRING_UTF8, (byte*)"support@info.wolfssl.com", 24, -1, 0), SSL_SUCCESS); AssertIntEQ(wolfSSL_X509_set_subject_name(x509, name), WOLFSSL_SUCCESS); X509_NAME_free(name); wolfSSL_X509_add_altname(x509, "wolfssl@info.com", ASN_RFC822_TYPE); wolfSSL_X509_add_altname(x509, "wolfssl@info.wolfssl.com", ASN_RFC822_TYPE); AssertIntGT(wolfSSL_X509_sign(x509, priv, EVP_sha256()), 0); DEBUG_WRITE_CERT_X509(x509, "bad-cert.pem"); AssertNotNull((der = (byte*)wolfSSL_X509_get_der(x509, &derSz))); AssertIntEQ(wolfSSL_CertManagerVerifyBuffer(cm, der, derSz, WOLFSSL_FILETYPE_ASN1), ASN_NAME_INVALID_E); wolfSSL_CertManagerFree(cm); wolfSSL_X509_free(x509); wolfSSL_X509_free(ca); wolfSSL_EVP_PKEY_free(priv); res = TEST_RES_CHECK(1); #endif return res; } static int test_wolfSSL_CertManagerNameConstraint2(void) { int res = TEST_SKIPPED; #if !defined(NO_FILESYSTEM) && !defined(NO_CERTS) && \ !defined(NO_WOLFSSL_CM_VERIFY) && !defined(NO_RSA) && \ defined(OPENSSL_EXTRA) && defined(WOLFSSL_CERT_GEN) && \ defined(WOLFSSL_CERT_EXT) && defined(WOLFSSL_ALT_NAMES) const char* ca_cert = "./certs/test/cert-ext-ndir.der"; const char* ca_cert2 = "./certs/test/cert-ext-ndir-exc.der"; const char* server_cert = "./certs/server-cert.pem"; WOLFSSL_CERT_MANAGER* cm; WOLFSSL_X509 *x509, *ca; const unsigned char *der; const unsigned char *pt; WOLFSSL_EVP_PKEY *priv; WOLFSSL_X509_NAME* name; int derSz; /* C=US*/ char altName[] = { 0x30, 0x0D, 0x31, 0x0B, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x55, 0x53 }; /* C=ID */ char altNameFail[] = { 0x30, 0x0D, 0x31, 0x0B, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x49, 0x44 }; /* C=US ST=California*/ char altNameExc[] = { 0x30, 0x22, 0x31, 0x0B, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x55, 0x53, 0x31, 0x13, 0x30, 0x11, 0x06, 0x03, 0x55, 0x04, 0x08, 0x0C, 0x0A, 0x43, 0x61, 0x6c, 0x69, 0x66, 0x6f, 0x72, 0x6e, 0x69, 0x61 }; /* load in CA private key for signing */ pt = ca_key_der_2048; AssertNotNull(priv = wolfSSL_d2i_PrivateKey(EVP_PKEY_RSA, NULL, &pt, sizeof_ca_key_der_2048)); AssertNotNull(cm = wolfSSL_CertManagerNew()); AssertNotNull(ca = wolfSSL_X509_load_certificate_file(ca_cert, WOLFSSL_FILETYPE_ASN1)); AssertNotNull((der = wolfSSL_X509_get_der(ca, &derSz))); AssertIntEQ(wolfSSL_CertManagerLoadCABuffer(cm, der, derSz, WOLFSSL_FILETYPE_ASN1), WOLFSSL_SUCCESS); AssertNotNull(x509 = wolfSSL_X509_load_certificate_file(server_cert, WOLFSSL_FILETYPE_PEM)); AssertNotNull(name = wolfSSL_X509_get_subject_name(ca)); AssertIntEQ(wolfSSL_X509_set_issuer_name(x509, name), WOLFSSL_SUCCESS); #if defined(WOLFSSL_SHA3) && !defined(WOLFSSL_NOSHA3_256) wolfSSL_X509_sign(x509, priv, EVP_sha3_256()); #else wolfSSL_X509_sign(x509, priv, EVP_sha256()); #endif AssertNotNull((der = wolfSSL_X509_get_der(x509, &derSz))); AssertIntEQ(wolfSSL_CertManagerVerifyBuffer(cm, der, derSz, WOLFSSL_FILETYPE_ASN1), WOLFSSL_SUCCESS); /* add in matching DIR alt name and resign */ wolfSSL_X509_add_altname_ex(x509, altName, sizeof(altName), ASN_DIR_TYPE); #if defined(WOLFSSL_SHA3) && !defined(WOLFSSL_NOSHA3_256) wolfSSL_X509_sign(x509, priv, EVP_sha3_256()); #else wolfSSL_X509_sign(x509, priv, EVP_sha256()); #endif AssertNotNull((der = wolfSSL_X509_get_der(x509, &derSz))); AssertIntEQ(wolfSSL_CertManagerVerifyBuffer(cm, der, derSz, WOLFSSL_FILETYPE_ASN1), WOLFSSL_SUCCESS); wolfSSL_X509_free(x509); /* check verify fail */ AssertNotNull(x509 = wolfSSL_X509_load_certificate_file(server_cert, WOLFSSL_FILETYPE_PEM)); AssertNotNull(name = wolfSSL_X509_get_subject_name(ca)); AssertIntEQ(wolfSSL_X509_set_issuer_name(x509, name), WOLFSSL_SUCCESS); /* add in miss matching DIR alt name and resign */ wolfSSL_X509_add_altname_ex(x509, altNameFail, sizeof(altNameFail), ASN_DIR_TYPE); #if defined(WOLFSSL_SHA3) && !defined(WOLFSSL_NOSHA3_256) wolfSSL_X509_sign(x509, priv, EVP_sha3_256()); #else wolfSSL_X509_sign(x509, priv, EVP_sha256()); #endif AssertNotNull((der = wolfSSL_X509_get_der(x509, &derSz))); #ifndef WOLFSSL_NO_ASN_STRICT AssertIntEQ(wolfSSL_CertManagerVerifyBuffer(cm, der, derSz, WOLFSSL_FILETYPE_ASN1), ASN_NAME_INVALID_E); #else AssertIntEQ(wolfSSL_CertManagerVerifyBuffer(cm, der, derSz, WOLFSSL_FILETYPE_ASN1), WOLFSSL_SUCCESS); #endif /* check that it still fails if one bad altname and one good altname is in * the certificate */ wolfSSL_X509_free(x509); AssertNotNull(x509 = wolfSSL_X509_load_certificate_file(server_cert, WOLFSSL_FILETYPE_PEM)); AssertNotNull(name = wolfSSL_X509_get_subject_name(ca)); AssertIntEQ(wolfSSL_X509_set_issuer_name(x509, name), WOLFSSL_SUCCESS); wolfSSL_X509_add_altname_ex(x509, altName, sizeof(altName), ASN_DIR_TYPE); wolfSSL_X509_add_altname_ex(x509, altNameFail, sizeof(altNameFail), ASN_DIR_TYPE); #if defined(WOLFSSL_SHA3) && !defined(WOLFSSL_NOSHA3_256) wolfSSL_X509_sign(x509, priv, EVP_sha3_256()); #else wolfSSL_X509_sign(x509, priv, EVP_sha256()); #endif AssertNotNull((der = wolfSSL_X509_get_der(x509, &derSz))); #ifndef WOLFSSL_NO_ASN_STRICT AssertIntEQ(wolfSSL_CertManagerVerifyBuffer(cm, der, derSz, WOLFSSL_FILETYPE_ASN1), ASN_NAME_INVALID_E); #else AssertIntEQ(wolfSSL_CertManagerVerifyBuffer(cm, der, derSz, WOLFSSL_FILETYPE_ASN1), WOLFSSL_SUCCESS); #endif /* check it fails with switching position of bad altname */ wolfSSL_X509_free(x509); AssertNotNull(x509 = wolfSSL_X509_load_certificate_file(server_cert, WOLFSSL_FILETYPE_PEM)); AssertNotNull(name = wolfSSL_X509_get_subject_name(ca)); AssertIntEQ(wolfSSL_X509_set_issuer_name(x509, name), WOLFSSL_SUCCESS); wolfSSL_X509_add_altname_ex(x509, altNameFail, sizeof(altNameFail), ASN_DIR_TYPE); wolfSSL_X509_add_altname_ex(x509, altName, sizeof(altName), ASN_DIR_TYPE); #if defined(WOLFSSL_SHA3) && !defined(WOLFSSL_NOSHA3_256) wolfSSL_X509_sign(x509, priv, EVP_sha3_256()); #else wolfSSL_X509_sign(x509, priv, EVP_sha256()); #endif AssertNotNull((der = wolfSSL_X509_get_der(x509, &derSz))); #ifndef WOLFSSL_NO_ASN_STRICT AssertIntEQ(wolfSSL_CertManagerVerifyBuffer(cm, der, derSz, WOLFSSL_FILETYPE_ASN1), ASN_NAME_INVALID_E); #else AssertIntEQ(wolfSSL_CertManagerVerifyBuffer(cm, der, derSz, WOLFSSL_FILETYPE_ASN1), WOLFSSL_SUCCESS); #endif wolfSSL_CertManagerFree(cm); wolfSSL_X509_free(x509); wolfSSL_X509_free(ca); /* now test with excluded name constraint */ AssertNotNull(cm = wolfSSL_CertManagerNew()); AssertNotNull(ca = wolfSSL_X509_load_certificate_file(ca_cert2, WOLFSSL_FILETYPE_ASN1)); AssertNotNull((der = wolfSSL_X509_get_der(ca, &derSz))); AssertIntEQ(wolfSSL_CertManagerLoadCABuffer(cm, der, derSz, WOLFSSL_FILETYPE_ASN1), WOLFSSL_SUCCESS); AssertNotNull(x509 = wolfSSL_X509_load_certificate_file(server_cert, WOLFSSL_FILETYPE_PEM)); wolfSSL_X509_add_altname_ex(x509, altNameExc, sizeof(altNameExc), ASN_DIR_TYPE); AssertNotNull(name = wolfSSL_X509_get_subject_name(ca)); AssertIntEQ(wolfSSL_X509_set_issuer_name(x509, name), WOLFSSL_SUCCESS); #if defined(WOLFSSL_SHA3) && !defined(WOLFSSL_NOSHA3_256) wolfSSL_X509_sign(x509, priv, EVP_sha3_256()); #else wolfSSL_X509_sign(x509, priv, EVP_sha256()); #endif AssertNotNull((der = wolfSSL_X509_get_der(x509, &derSz))); #ifndef WOLFSSL_NO_ASN_STRICT AssertIntEQ(wolfSSL_CertManagerVerifyBuffer(cm, der, derSz, WOLFSSL_FILETYPE_ASN1), ASN_NAME_INVALID_E); #else AssertIntEQ(wolfSSL_CertManagerVerifyBuffer(cm, der, derSz, WOLFSSL_FILETYPE_ASN1), WOLFSSL_SUCCESS); #endif wolfSSL_CertManagerFree(cm); wolfSSL_X509_free(x509); wolfSSL_X509_free(ca); wolfSSL_EVP_PKEY_free(priv); res = TEST_RES_CHECK(1); #endif return res; } static int test_wolfSSL_CertManagerNameConstraint3(void) { int res = TEST_SKIPPED; #if !defined(NO_FILESYSTEM) && !defined(NO_CERTS) && \ !defined(NO_WOLFSSL_CM_VERIFY) && !defined(NO_RSA) && \ defined(OPENSSL_EXTRA) && defined(WOLFSSL_CERT_GEN) && \ defined(WOLFSSL_CERT_EXT) && defined(WOLFSSL_ALT_NAMES) && \ !defined(NO_SHA256) WOLFSSL_CERT_MANAGER* cm; WOLFSSL_EVP_PKEY *priv; WOLFSSL_X509_NAME* name; const char* ca_cert = "./certs/test/cert-ext-mnc.der"; const char* server_cert = "./certs/test/server-goodcn.pem"; byte *der; int derSz; byte *pt; WOLFSSL_X509 *x509, *ca; pt = (byte*)server_key_der_2048; AssertNotNull(priv = wolfSSL_d2i_PrivateKey(EVP_PKEY_RSA, NULL, (const unsigned char**)&pt, sizeof_server_key_der_2048)); AssertNotNull(cm = wolfSSL_CertManagerNew()); AssertNotNull(ca = wolfSSL_X509_load_certificate_file(ca_cert, WOLFSSL_FILETYPE_ASN1)); AssertNotNull((der = (byte*)wolfSSL_X509_get_der(ca, &derSz))); DEBUG_WRITE_DER(der, derSz, "ca.der"); AssertIntEQ(wolfSSL_CertManagerLoadCABuffer(cm, der, derSz, WOLFSSL_FILETYPE_ASN1), WOLFSSL_SUCCESS); /* check satisfying .wolfssl.com constraint passes */ AssertNotNull(x509 = wolfSSL_X509_load_certificate_file(server_cert, WOLFSSL_FILETYPE_PEM)); AssertNotNull(name = wolfSSL_X509_get_subject_name(ca)); AssertIntEQ(wolfSSL_X509_set_issuer_name(x509, name), WOLFSSL_SUCCESS); AssertNotNull(name = X509_NAME_new()); AssertIntEQ(X509_NAME_add_entry_by_txt(name, "countryName", MBSTRING_UTF8, (byte*)"US", 2, -1, 0), SSL_SUCCESS); AssertIntEQ(X509_NAME_add_entry_by_txt(name, "commonName", MBSTRING_UTF8, (byte*)"wolfssl.com", 11, -1, 0), SSL_SUCCESS); AssertIntEQ(X509_NAME_add_entry_by_txt(name, "emailAddress", MBSTRING_UTF8, (byte*)"support@info.wolfssl.com", 24, -1, 0), SSL_SUCCESS); AssertIntEQ(wolfSSL_X509_set_subject_name(x509, name), WOLFSSL_SUCCESS); X509_NAME_free(name); wolfSSL_X509_add_altname(x509, "wolfssl@info.wolfssl.com", ASN_RFC822_TYPE); AssertIntGT(wolfSSL_X509_sign(x509, priv, EVP_sha256()), 0); DEBUG_WRITE_CERT_X509(x509, "good-1st-constraint-cert.pem"); AssertNotNull((der = (byte*)wolfSSL_X509_get_der(x509, &derSz))); AssertIntEQ(wolfSSL_CertManagerVerifyBuffer(cm, der, derSz, WOLFSSL_FILETYPE_ASN1), WOLFSSL_SUCCESS); wolfSSL_X509_free(x509); /* check satisfying .random.com constraint passes */ AssertNotNull(x509 = wolfSSL_X509_load_certificate_file(server_cert, WOLFSSL_FILETYPE_PEM)); AssertNotNull(name = wolfSSL_X509_get_subject_name(ca)); AssertIntEQ(wolfSSL_X509_set_issuer_name(x509, name), WOLFSSL_SUCCESS); AssertNotNull(name = X509_NAME_new()); AssertIntEQ(X509_NAME_add_entry_by_txt(name, "countryName", MBSTRING_UTF8, (byte*)"US", 2, -1, 0), SSL_SUCCESS); AssertIntEQ(X509_NAME_add_entry_by_txt(name, "commonName", MBSTRING_UTF8, (byte*)"wolfssl.com", 11, -1, 0), SSL_SUCCESS); AssertIntEQ(X509_NAME_add_entry_by_txt(name, "emailAddress", MBSTRING_UTF8, (byte*)"support@info.example.com", 24, -1, 0), SSL_SUCCESS); AssertIntEQ(wolfSSL_X509_set_subject_name(x509, name), WOLFSSL_SUCCESS); X509_NAME_free(name); wolfSSL_X509_add_altname(x509, "wolfssl@info.example.com", ASN_RFC822_TYPE); AssertIntGT(wolfSSL_X509_sign(x509, priv, EVP_sha256()), 0); DEBUG_WRITE_CERT_X509(x509, "good-2nd-constraint-cert.pem"); AssertNotNull((der = (byte*)wolfSSL_X509_get_der(x509, &derSz))); AssertIntEQ(wolfSSL_CertManagerVerifyBuffer(cm, der, derSz, WOLFSSL_FILETYPE_ASN1), WOLFSSL_SUCCESS); wolfSSL_X509_free(x509); /* check fail case when neither constraint is matched */ AssertNotNull(x509 = wolfSSL_X509_load_certificate_file(server_cert, WOLFSSL_FILETYPE_PEM)); AssertNotNull(name = wolfSSL_X509_get_subject_name(ca)); AssertIntEQ(wolfSSL_X509_set_issuer_name(x509, name), WOLFSSL_SUCCESS); AssertNotNull(name = X509_NAME_new()); AssertIntEQ(X509_NAME_add_entry_by_txt(name, "countryName", MBSTRING_UTF8, (byte*)"US", 2, -1, 0), SSL_SUCCESS); AssertIntEQ(X509_NAME_add_entry_by_txt(name, "commonName", MBSTRING_UTF8, (byte*)"wolfssl.com", 11, -1, 0), SSL_SUCCESS); AssertIntEQ(X509_NAME_add_entry_by_txt(name, "emailAddress", MBSTRING_UTF8, (byte*)"support@info.com", 16, -1, 0), SSL_SUCCESS); AssertIntEQ(wolfSSL_X509_set_subject_name(x509, name), WOLFSSL_SUCCESS); X509_NAME_free(name); wolfSSL_X509_add_altname(x509, "wolfssl@info.com", ASN_RFC822_TYPE); AssertIntGT(wolfSSL_X509_sign(x509, priv, EVP_sha256()), 0); DEBUG_WRITE_CERT_X509(x509, "bad-cert.pem"); AssertNotNull((der = (byte*)wolfSSL_X509_get_der(x509, &derSz))); AssertIntEQ(wolfSSL_CertManagerVerifyBuffer(cm, der, derSz, WOLFSSL_FILETYPE_ASN1), ASN_NAME_INVALID_E); wolfSSL_CertManagerFree(cm); wolfSSL_X509_free(x509); wolfSSL_X509_free(ca); wolfSSL_EVP_PKEY_free(priv); res = TEST_RES_CHECK(1); #endif return res; } static int test_wolfSSL_CertManagerNameConstraint4(void) { int res = TEST_SKIPPED; #if !defined(NO_FILESYSTEM) && !defined(NO_CERTS) && \ !defined(NO_WOLFSSL_CM_VERIFY) && !defined(NO_RSA) && \ defined(OPENSSL_EXTRA) && defined(WOLFSSL_CERT_GEN) && \ defined(WOLFSSL_CERT_EXT) && defined(WOLFSSL_ALT_NAMES) && \ !defined(NO_SHA256) WOLFSSL_CERT_MANAGER* cm; WOLFSSL_EVP_PKEY *priv; WOLFSSL_X509_NAME* name; const char* ca_cert = "./certs/test/cert-ext-ncdns.der"; const char* server_cert = "./certs/test/server-goodcn.pem"; byte *der; int derSz; byte *pt; WOLFSSL_X509 *x509, *ca; pt = (byte*)server_key_der_2048; AssertNotNull(priv = wolfSSL_d2i_PrivateKey(EVP_PKEY_RSA, NULL, (const unsigned char**)&pt, sizeof_server_key_der_2048)); AssertNotNull(cm = wolfSSL_CertManagerNew()); AssertNotNull(ca = wolfSSL_X509_load_certificate_file(ca_cert, WOLFSSL_FILETYPE_ASN1)); AssertNotNull((der = (byte*)wolfSSL_X509_get_der(ca, &derSz))); DEBUG_WRITE_DER(der, derSz, "ca.der"); AssertIntEQ(wolfSSL_CertManagerLoadCABuffer(cm, der, derSz, WOLFSSL_FILETYPE_ASN1), WOLFSSL_SUCCESS); /* check satisfying wolfssl.com constraint passes */ AssertNotNull(x509 = wolfSSL_X509_load_certificate_file(server_cert, WOLFSSL_FILETYPE_PEM)); AssertNotNull(name = wolfSSL_X509_get_subject_name(ca)); AssertIntEQ(wolfSSL_X509_set_issuer_name(x509, name), WOLFSSL_SUCCESS); AssertNotNull(name = X509_NAME_new()); AssertIntEQ(X509_NAME_add_entry_by_txt(name, "countryName", MBSTRING_UTF8, (byte*)"US", 2, -1, 0), SSL_SUCCESS); AssertIntEQ(X509_NAME_add_entry_by_txt(name, "commonName", MBSTRING_UTF8, (byte*)"wolfssl.com", 11, -1, 0), SSL_SUCCESS); AssertIntEQ(wolfSSL_X509_set_subject_name(x509, name), WOLFSSL_SUCCESS); X509_NAME_free(name); wolfSSL_X509_add_altname(x509, "www.wolfssl.com", ASN_DNS_TYPE); AssertIntGT(wolfSSL_X509_sign(x509, priv, EVP_sha256()), 0); DEBUG_WRITE_CERT_X509(x509, "good-1st-constraint-cert.pem"); AssertNotNull((der = (byte*)wolfSSL_X509_get_der(x509, &derSz))); AssertIntEQ(wolfSSL_CertManagerVerifyBuffer(cm, der, derSz, WOLFSSL_FILETYPE_ASN1), WOLFSSL_SUCCESS); wolfSSL_X509_free(x509); /* check satisfying example.com constraint passes */ AssertNotNull(x509 = wolfSSL_X509_load_certificate_file(server_cert, WOLFSSL_FILETYPE_PEM)); AssertNotNull(name = wolfSSL_X509_get_subject_name(ca)); AssertIntEQ(wolfSSL_X509_set_issuer_name(x509, name), WOLFSSL_SUCCESS); AssertNotNull(name = X509_NAME_new()); AssertIntEQ(X509_NAME_add_entry_by_txt(name, "countryName", MBSTRING_UTF8, (byte*)"US", 2, -1, 0), SSL_SUCCESS); AssertIntEQ(X509_NAME_add_entry_by_txt(name, "commonName", MBSTRING_UTF8, (byte*)"example.com", 11, -1, 0), SSL_SUCCESS); AssertIntEQ(wolfSSL_X509_set_subject_name(x509, name), WOLFSSL_SUCCESS); X509_NAME_free(name); wolfSSL_X509_add_altname(x509, "www.example.com", ASN_DNS_TYPE); AssertIntGT(wolfSSL_X509_sign(x509, priv, EVP_sha256()), 0); DEBUG_WRITE_CERT_X509(x509, "good-2nd-constraint-cert.pem"); AssertNotNull((der = (byte*)wolfSSL_X509_get_der(x509, &derSz))); AssertIntEQ(wolfSSL_CertManagerVerifyBuffer(cm, der, derSz, WOLFSSL_FILETYPE_ASN1), WOLFSSL_SUCCESS); wolfSSL_X509_free(x509); /* check satisfying wolfssl.com constraint passes with list of DNS's */ AssertNotNull(x509 = wolfSSL_X509_load_certificate_file(server_cert, WOLFSSL_FILETYPE_PEM)); AssertNotNull(name = wolfSSL_X509_get_subject_name(ca)); AssertIntEQ(wolfSSL_X509_set_issuer_name(x509, name), WOLFSSL_SUCCESS); AssertNotNull(name = X509_NAME_new()); AssertIntEQ(X509_NAME_add_entry_by_txt(name, "countryName", MBSTRING_UTF8, (byte*)"US", 2, -1, 0), SSL_SUCCESS); AssertIntEQ(X509_NAME_add_entry_by_txt(name, "commonName", MBSTRING_UTF8, (byte*)"wolfssl.com", 11, -1, 0), SSL_SUCCESS); AssertIntEQ(wolfSSL_X509_set_subject_name(x509, name), WOLFSSL_SUCCESS); X509_NAME_free(name); wolfSSL_X509_add_altname(x509, "www.wolfssl.com", ASN_DNS_TYPE); wolfSSL_X509_add_altname(x509, "www.info.wolfssl.com", ASN_DNS_TYPE); wolfSSL_X509_add_altname(x509, "extra.wolfssl.com", ASN_DNS_TYPE); AssertIntGT(wolfSSL_X509_sign(x509, priv, EVP_sha256()), 0); DEBUG_WRITE_CERT_X509(x509, "good-multiple-constraint-cert.pem"); AssertNotNull((der = (byte*)wolfSSL_X509_get_der(x509, &derSz))); AssertIntEQ(wolfSSL_CertManagerVerifyBuffer(cm, der, derSz, WOLFSSL_FILETYPE_ASN1), WOLFSSL_SUCCESS); wolfSSL_X509_free(x509); /* check fail when one DNS in the list is bad */ AssertNotNull(x509 = wolfSSL_X509_load_certificate_file(server_cert, WOLFSSL_FILETYPE_PEM)); AssertNotNull(name = wolfSSL_X509_get_subject_name(ca)); AssertIntEQ(wolfSSL_X509_set_issuer_name(x509, name), WOLFSSL_SUCCESS); AssertNotNull(name = X509_NAME_new()); AssertIntEQ(X509_NAME_add_entry_by_txt(name, "countryName", MBSTRING_UTF8, (byte*)"US", 2, -1, 0), SSL_SUCCESS); AssertIntEQ(X509_NAME_add_entry_by_txt(name, "commonName", MBSTRING_UTF8, (byte*)"wolfssl.com", 11, -1, 0), SSL_SUCCESS); AssertIntEQ(wolfSSL_X509_set_subject_name(x509, name), WOLFSSL_SUCCESS); X509_NAME_free(name); wolfSSL_X509_add_altname(x509, "www.wolfssl.com", ASN_DNS_TYPE); wolfSSL_X509_add_altname(x509, "www.nomatch.com", ASN_DNS_TYPE); wolfSSL_X509_add_altname(x509, "www.info.wolfssl.com", ASN_DNS_TYPE); AssertIntGT(wolfSSL_X509_sign(x509, priv, EVP_sha256()), 0); DEBUG_WRITE_CERT_X509(x509, "bad-multiple-constraint-cert.pem"); AssertNotNull((der = (byte*)wolfSSL_X509_get_der(x509, &derSz))); AssertIntEQ(wolfSSL_CertManagerVerifyBuffer(cm, der, derSz, WOLFSSL_FILETYPE_ASN1), ASN_NAME_INVALID_E); wolfSSL_X509_free(x509); /* check fail case when neither constraint is matched */ AssertNotNull(x509 = wolfSSL_X509_load_certificate_file(server_cert, WOLFSSL_FILETYPE_PEM)); AssertNotNull(name = wolfSSL_X509_get_subject_name(ca)); AssertIntEQ(wolfSSL_X509_set_issuer_name(x509, name), WOLFSSL_SUCCESS); AssertNotNull(name = X509_NAME_new()); AssertIntEQ(X509_NAME_add_entry_by_txt(name, "countryName", MBSTRING_UTF8, (byte*)"US", 2, -1, 0), SSL_SUCCESS); AssertIntEQ(X509_NAME_add_entry_by_txt(name, "commonName", MBSTRING_UTF8, (byte*)"common", 6, -1, 0), SSL_SUCCESS); AssertIntEQ(wolfSSL_X509_set_subject_name(x509, name), WOLFSSL_SUCCESS); X509_NAME_free(name); wolfSSL_X509_add_altname(x509, "www.random.com", ASN_DNS_TYPE); AssertIntGT(wolfSSL_X509_sign(x509, priv, EVP_sha256()), 0); DEBUG_WRITE_CERT_X509(x509, "bad-cert.pem"); AssertNotNull((der = (byte*)wolfSSL_X509_get_der(x509, &derSz))); AssertIntEQ(wolfSSL_CertManagerVerifyBuffer(cm, der, derSz, WOLFSSL_FILETYPE_ASN1), ASN_NAME_INVALID_E); wolfSSL_CertManagerFree(cm); wolfSSL_X509_free(x509); wolfSSL_X509_free(ca); wolfSSL_EVP_PKEY_free(priv); res = TEST_RES_CHECK(1); #endif return res; } static int test_wolfSSL_CertManagerNameConstraint5(void) { int res = TEST_SKIPPED; #if !defined(NO_FILESYSTEM) && !defined(NO_CERTS) && \ !defined(NO_WOLFSSL_CM_VERIFY) && !defined(NO_RSA) && \ defined(OPENSSL_EXTRA) && defined(WOLFSSL_CERT_GEN) && \ defined(WOLFSSL_CERT_EXT) && defined(WOLFSSL_ALT_NAMES) && \ !defined(NO_SHA256) WOLFSSL_CERT_MANAGER* cm; WOLFSSL_EVP_PKEY *priv; WOLFSSL_X509_NAME* name; const char* ca_cert = "./certs/test/cert-ext-ncmixed.der"; const char* server_cert = "./certs/test/server-goodcn.pem"; byte *der; int derSz; byte *pt; WOLFSSL_X509 *x509, *ca; pt = (byte*)server_key_der_2048; AssertNotNull(priv = wolfSSL_d2i_PrivateKey(EVP_PKEY_RSA, NULL, (const unsigned char**)&pt, sizeof_server_key_der_2048)); AssertNotNull(cm = wolfSSL_CertManagerNew()); AssertNotNull(ca = wolfSSL_X509_load_certificate_file(ca_cert, WOLFSSL_FILETYPE_ASN1)); AssertNotNull((der = (byte*)wolfSSL_X509_get_der(ca, &derSz))); DEBUG_WRITE_DER(der, derSz, "ca.der"); AssertIntEQ(wolfSSL_CertManagerLoadCABuffer(cm, der, derSz, WOLFSSL_FILETYPE_ASN1), WOLFSSL_SUCCESS); /* check satisfying wolfssl.com constraint passes */ AssertNotNull(x509 = wolfSSL_X509_load_certificate_file(server_cert, WOLFSSL_FILETYPE_PEM)); AssertNotNull(name = wolfSSL_X509_get_subject_name(ca)); AssertIntEQ(wolfSSL_X509_set_issuer_name(x509, name), WOLFSSL_SUCCESS); AssertNotNull(name = X509_NAME_new()); AssertIntEQ(X509_NAME_add_entry_by_txt(name, "countryName", MBSTRING_UTF8, (byte*)"US", 2, -1, 0), SSL_SUCCESS); AssertIntEQ(X509_NAME_add_entry_by_txt(name, "commonName", MBSTRING_UTF8, (byte*)"example", 7, -1, 0), SSL_SUCCESS); AssertIntEQ(wolfSSL_X509_set_subject_name(x509, name), WOLFSSL_SUCCESS); X509_NAME_free(name); wolfSSL_X509_add_altname(x509, "good.example", ASN_DNS_TYPE); wolfSSL_X509_add_altname(x509, "facts@into.wolfssl.com", ASN_RFC822_TYPE); AssertIntGT(wolfSSL_X509_sign(x509, priv, EVP_sha256()), 0); DEBUG_WRITE_CERT_X509(x509, "good-cert.pem"); AssertNotNull((der = (byte*)wolfSSL_X509_get_der(x509, &derSz))); AssertIntEQ(wolfSSL_CertManagerVerifyBuffer(cm, der, derSz, WOLFSSL_FILETYPE_ASN1), WOLFSSL_SUCCESS); wolfSSL_X509_free(x509); /* fail with DNS check because of common name */ AssertNotNull(x509 = wolfSSL_X509_load_certificate_file(server_cert, WOLFSSL_FILETYPE_PEM)); AssertNotNull(name = wolfSSL_X509_get_subject_name(ca)); AssertIntEQ(wolfSSL_X509_set_issuer_name(x509, name), WOLFSSL_SUCCESS); AssertNotNull(name = X509_NAME_new()); AssertIntEQ(X509_NAME_add_entry_by_txt(name, "countryName", MBSTRING_UTF8, (byte*)"US", 2, -1, 0), SSL_SUCCESS); AssertIntEQ(X509_NAME_add_entry_by_txt(name, "commonName", MBSTRING_UTF8, (byte*)"wolfssl.com", 11, -1, 0), SSL_SUCCESS); AssertIntEQ(wolfSSL_X509_set_subject_name(x509, name), WOLFSSL_SUCCESS); X509_NAME_free(name); wolfSSL_X509_add_altname(x509, "example", ASN_DNS_TYPE); wolfSSL_X509_add_altname(x509, "facts@wolfssl.com", ASN_RFC822_TYPE); AssertIntGT(wolfSSL_X509_sign(x509, priv, EVP_sha256()), 0); DEBUG_WRITE_CERT_X509(x509, "bad-cn-cert.pem"); AssertNotNull((der = (byte*)wolfSSL_X509_get_der(x509, &derSz))); AssertIntEQ(wolfSSL_CertManagerVerifyBuffer(cm, der, derSz, WOLFSSL_FILETYPE_ASN1), ASN_NAME_INVALID_E); wolfSSL_X509_free(x509); /* fail on permitted DNS name constraint */ AssertNotNull(x509 = wolfSSL_X509_load_certificate_file(server_cert, WOLFSSL_FILETYPE_PEM)); AssertNotNull(name = wolfSSL_X509_get_subject_name(ca)); AssertIntEQ(wolfSSL_X509_set_issuer_name(x509, name), WOLFSSL_SUCCESS); AssertNotNull(name = X509_NAME_new()); AssertIntEQ(X509_NAME_add_entry_by_txt(name, "countryName", MBSTRING_UTF8, (byte*)"US", 2, -1, 0), SSL_SUCCESS); AssertIntEQ(wolfSSL_X509_set_subject_name(x509, name), WOLFSSL_SUCCESS); X509_NAME_free(name); wolfSSL_X509_add_altname(x509, "www.example", ASN_DNS_TYPE); wolfSSL_X509_add_altname(x509, "www.wolfssl", ASN_DNS_TYPE); wolfSSL_X509_add_altname(x509, "info@wolfssl.com", ASN_RFC822_TYPE); AssertIntGT(wolfSSL_X509_sign(x509, priv, EVP_sha256()), 0); DEBUG_WRITE_CERT_X509(x509, "bad-1st-constraint-cert.pem"); AssertNotNull((der = (byte*)wolfSSL_X509_get_der(x509, &derSz))); AssertIntEQ(wolfSSL_CertManagerVerifyBuffer(cm, der, derSz, WOLFSSL_FILETYPE_ASN1), ASN_NAME_INVALID_E); wolfSSL_X509_free(x509); /* fail on permitted email name constraint */ AssertNotNull(x509 = wolfSSL_X509_load_certificate_file(server_cert, WOLFSSL_FILETYPE_PEM)); AssertNotNull(name = wolfSSL_X509_get_subject_name(ca)); AssertIntEQ(wolfSSL_X509_set_issuer_name(x509, name), WOLFSSL_SUCCESS); AssertNotNull(name = X509_NAME_new()); AssertIntEQ(X509_NAME_add_entry_by_txt(name, "countryName", MBSTRING_UTF8, (byte*)"US", 2, -1, 0), SSL_SUCCESS); AssertIntEQ(wolfSSL_X509_set_subject_name(x509, name), WOLFSSL_SUCCESS); X509_NAME_free(name); wolfSSL_X509_add_altname(x509, "example", ASN_DNS_TYPE); wolfSSL_X509_add_altname(x509, "info@wolfssl.com", ASN_RFC822_TYPE); wolfSSL_X509_add_altname(x509, "info@example.com", ASN_RFC822_TYPE); AssertIntGT(wolfSSL_X509_sign(x509, priv, EVP_sha256()), 0); DEBUG_WRITE_CERT_X509(x509, "bad-2nd-constraint-cert.pem"); AssertNotNull((der = (byte*)wolfSSL_X509_get_der(x509, &derSz))); AssertIntEQ(wolfSSL_CertManagerVerifyBuffer(cm, der, derSz, WOLFSSL_FILETYPE_ASN1), ASN_NAME_INVALID_E); wolfSSL_X509_free(x509); /* success with empty email name */ AssertNotNull(x509 = wolfSSL_X509_load_certificate_file(server_cert, WOLFSSL_FILETYPE_PEM)); AssertNotNull(name = wolfSSL_X509_get_subject_name(ca)); AssertIntEQ(wolfSSL_X509_set_issuer_name(x509, name), WOLFSSL_SUCCESS); AssertNotNull(name = X509_NAME_new()); AssertIntEQ(X509_NAME_add_entry_by_txt(name, "countryName", MBSTRING_UTF8, (byte*)"US", 2, -1, 0), SSL_SUCCESS); AssertIntEQ(wolfSSL_X509_set_subject_name(x509, name), WOLFSSL_SUCCESS); X509_NAME_free(name); wolfSSL_X509_add_altname(x509, "example", ASN_DNS_TYPE); AssertIntGT(wolfSSL_X509_sign(x509, priv, EVP_sha256()), 0); DEBUG_WRITE_CERT_X509(x509, "good-missing-constraint-cert.pem"); AssertNotNull((der = (byte*)wolfSSL_X509_get_der(x509, &derSz))); AssertIntEQ(wolfSSL_CertManagerVerifyBuffer(cm, der, derSz, WOLFSSL_FILETYPE_ASN1), WOLFSSL_SUCCESS); wolfSSL_X509_free(x509); wolfSSL_CertManagerFree(cm); wolfSSL_X509_free(ca); wolfSSL_EVP_PKEY_free(priv); res = TEST_RES_CHECK(1); #endif return res; } static int test_wolfSSL_FPKI(void) { int res = TEST_SKIPPED; #if defined(WOLFSSL_FPKI) && !defined(NO_RSA) && !defined(NO_FILESYSTEM) XFILE f; const char* fpkiCert = "./certs/fpki-cert.der"; DecodedCert cert; byte buf[4096]; byte* uuid; byte* fascn; word32 fascnSz; word32 uuidSz; int bytes; f = XFOPEN(fpkiCert, "rb"); AssertTrue((f != XBADFILE)); bytes = (int)XFREAD(buf, 1, sizeof(buf), f); XFCLOSE(f); wc_InitDecodedCert(&cert, buf, bytes, NULL); AssertIntEQ(wc_ParseCert(&cert, CERT_TYPE, 0, NULL), 0); AssertIntEQ(wc_GetFASCNFromCert(&cert, NULL, &fascnSz), LENGTH_ONLY_E) ; fascn = (byte*)XMALLOC(fascnSz, NULL, DYNAMIC_TYPE_TMP_BUFFER); AssertNotNull(fascn); AssertIntEQ(wc_GetFASCNFromCert(&cert, fascn, &fascnSz), 0); XFREE(fascn, NULL, DYNAMIC_TYPE_TMP_BUFFER); AssertIntEQ(wc_GetUUIDFromCert(&cert, NULL, &uuidSz), LENGTH_ONLY_E); uuid = (byte*)XMALLOC(uuidSz, NULL, DYNAMIC_TYPE_TMP_BUFFER); AssertNotNull(uuid); AssertIntEQ(wc_GetUUIDFromCert(&cert, uuid, &uuidSz), 0); XFREE(uuid, NULL, DYNAMIC_TYPE_TMP_BUFFER); wc_FreeDecodedCert(&cert); res = TEST_RES_CHECK(1); #endif return res; } /* use RID in confuncture with other names to test parsing of unknown other * names */ static int test_wolfSSL_OtherName(void) { int res = TEST_SKIPPED; #if !defined(NO_RSA) && !defined(NO_FILESYSTEM) XFILE f; const char* ridCert = "./certs/rid-cert.der"; DecodedCert cert; byte buf[4096]; int bytes; f = XFOPEN(ridCert, "rb"); AssertTrue((f != XBADFILE)); bytes = (int)XFREAD(buf, 1, sizeof(buf), f); XFCLOSE(f); wc_InitDecodedCert(&cert, buf, bytes, NULL); AssertIntEQ(wc_ParseCert(&cert, CERT_TYPE, 0, NULL), 0); wc_FreeDecodedCert(&cert); res = TEST_RES_CHECK(1); #endif return res; } static int test_wolfSSL_CertRsaPss(void) { int res = TEST_SKIPPED; /* FIPS v2 and below don't support long salts. */ #if !defined(NO_RSA) && defined(WC_RSA_PSS) && !defined(NO_FILESYSTEM) && \ (!defined(HAVE_FIPS) || (defined(HAVE_FIPS_VERSION) && \ (HAVE_FIPS_VERSION > 2))) && (!defined(HAVE_SELFTEST) || \ (defined(HAVE_SELFTEST_VERSION) && (HAVE_SELFTEST_VERSION > 2))) XFILE f; const char* rsaPssSha256Cert = "./certs/rsapss/ca-rsapss.der"; const char* rsaPssRootSha256Cert = "./certs/rsapss/root-rsapss.pem"; #if defined(WOLFSSL_SHA384) && defined(WOLFSSL_PSS_LONG_SALT) && \ RSA_MAX_SIZE >= 3072 const char* rsaPssSha384Cert = "./certs/rsapss/ca-3072-rsapss.der"; #endif #if defined(WOLFSSL_SHA384) && RSA_MAX_SIZE >= 3072 const char* rsaPssRootSha384Cert = "./certs/rsapss/root-3072-rsapss.pem"; #endif DecodedCert cert; byte buf[4096]; int bytes; WOLFSSL_CERT_MANAGER* cm; cm = wolfSSL_CertManagerNew(); AssertNotNull(cm); AssertIntEQ(WOLFSSL_SUCCESS, wolfSSL_CertManagerLoadCA(cm, rsaPssRootSha256Cert, NULL)); #if defined(WOLFSSL_SHA384) && RSA_MAX_SIZE >= 3072 AssertIntEQ(WOLFSSL_SUCCESS, wolfSSL_CertManagerLoadCA(cm, rsaPssRootSha384Cert, NULL)); #endif f = XFOPEN(rsaPssSha256Cert, "rb"); AssertTrue((f != XBADFILE)); bytes = (int)XFREAD(buf, 1, sizeof(buf), f); XFCLOSE(f); wc_InitDecodedCert(&cert, buf, bytes, NULL); AssertIntEQ(wc_ParseCert(&cert, CERT_TYPE, VERIFY, cm), 0); wc_FreeDecodedCert(&cert); #if defined(WOLFSSL_SHA384) && defined(WOLFSSL_PSS_LONG_SALT) && \ RSA_MAX_SIZE >= 3072 f = XFOPEN(rsaPssSha384Cert, "rb"); AssertTrue((f != XBADFILE)); bytes = (int)XFREAD(buf, 1, sizeof(buf), f); XFCLOSE(f); wc_InitDecodedCert(&cert, buf, bytes, NULL); AssertIntEQ(wc_ParseCert(&cert, CERT_TYPE, VERIFY, cm), 0); wc_FreeDecodedCert(&cert); #endif wolfSSL_CertManagerFree(cm); res = TEST_RES_CHECK(1); #endif return res; } static int test_wolfSSL_CertManagerCRL(void) { int res = TEST_SKIPPED; #if !defined(NO_FILESYSTEM) && !defined(NO_CERTS) && defined(HAVE_CRL) && \ !defined(NO_RSA) const char* ca_cert = "./certs/ca-cert.pem"; const char* crl1 = "./certs/crl/crl.pem"; const char* crl2 = "./certs/crl/crl2.pem"; WOLFSSL_CERT_MANAGER* cm = NULL; AssertNotNull(cm = wolfSSL_CertManagerNew()); AssertIntEQ(WOLFSSL_SUCCESS, wolfSSL_CertManagerLoadCA(cm, ca_cert, NULL)); AssertIntEQ(WOLFSSL_SUCCESS, wolfSSL_CertManagerLoadCRL(cm, crl1, WOLFSSL_FILETYPE_PEM, 0)); AssertIntEQ(WOLFSSL_SUCCESS, wolfSSL_CertManagerLoadCRL(cm, crl2, WOLFSSL_FILETYPE_PEM, 0)); wolfSSL_CertManagerFreeCRL(cm); AssertIntEQ(WOLFSSL_SUCCESS, wolfSSL_CertManagerLoadCRL(cm, crl1, WOLFSSL_FILETYPE_PEM, 0)); AssertIntEQ(WOLFSSL_SUCCESS, wolfSSL_CertManagerLoadCA(cm, ca_cert, NULL)); wolfSSL_CertManagerFree(cm); res = TEST_RES_CHECK(1); #endif return res; } static int test_wolfSSL_CTX_load_verify_locations_ex(void) { int res = TEST_SKIPPED; #if !defined(NO_FILESYSTEM) && !defined(NO_CERTS) && !defined(NO_RSA) && \ !defined(NO_WOLFSSL_CLIENT) WOLFSSL_CTX* ctx; const char* ca_cert = "./certs/ca-cert.pem"; const char* ca_expired_cert = "./certs/test/expired/expired-ca.pem"; ctx = wolfSSL_CTX_new(wolfSSLv23_client_method()); AssertNotNull(ctx); /* test good CA */ AssertTrue(WOLFSSL_SUCCESS == wolfSSL_CTX_load_verify_locations_ex(ctx, ca_cert, NULL, WOLFSSL_LOAD_FLAG_NONE)); /* test expired CA */ #if !defined(OPENSSL_COMPATIBLE_DEFAULTS) && !defined(NO_ASN_TIME) AssertIntNE(wolfSSL_CTX_load_verify_locations_ex(ctx, ca_expired_cert, NULL, WOLFSSL_LOAD_FLAG_NONE), WOLFSSL_SUCCESS); #else AssertIntEQ(wolfSSL_CTX_load_verify_locations_ex(ctx, ca_expired_cert, NULL, WOLFSSL_LOAD_FLAG_NONE), WOLFSSL_SUCCESS); #endif AssertIntEQ(wolfSSL_CTX_load_verify_locations_ex(ctx, ca_expired_cert, NULL, WOLFSSL_LOAD_FLAG_DATE_ERR_OKAY), WOLFSSL_SUCCESS); wolfSSL_CTX_free(ctx); res = TEST_RES_CHECK(1); #endif return res; } static int test_wolfSSL_CTX_load_verify_buffer_ex(void) { int res = TEST_SKIPPED; #if !defined(NO_FILESYSTEM) && !defined(NO_CERTS) && !defined(NO_RSA) && \ defined(USE_CERT_BUFFERS_2048) #if !defined(NO_WOLFSSL_CLIENT) || !defined(NO_WOLFSSL_SERVER) WOLFSSL_CTX* ctx; const char* ca_expired_cert_file = "./certs/test/expired/expired-ca.der"; byte ca_expired_cert[TWOK_BUF]; word32 sizeof_ca_expired_cert; XFILE fp; #ifndef NO_WOLFSSL_CLIENT ctx = wolfSSL_CTX_new(wolfSSLv23_client_method()); #else ctx = wolfSSL_CTX_new(wolfSSLv23_server_method()); #endif AssertNotNull(ctx); /* test good CA */ AssertTrue(WOLFSSL_SUCCESS == wolfSSL_CTX_load_verify_buffer_ex(ctx, ca_cert_der_2048, sizeof_ca_cert_der_2048, WOLFSSL_FILETYPE_ASN1, 0, WOLFSSL_LOAD_FLAG_NONE)); /* load expired CA */ XMEMSET(ca_expired_cert, 0, sizeof(ca_expired_cert)); fp = XFOPEN(ca_expired_cert_file, "rb"); AssertTrue(fp != XBADFILE); sizeof_ca_expired_cert = (word32)XFREAD(ca_expired_cert, 1, sizeof(ca_expired_cert), fp); XFCLOSE(fp); /* test expired CA failure */ #if !defined(OPENSSL_COMPATIBLE_DEFAULTS) && !defined(NO_ASN_TIME) AssertIntNE(wolfSSL_CTX_load_verify_buffer_ex(ctx, ca_expired_cert, sizeof_ca_expired_cert, WOLFSSL_FILETYPE_ASN1, 0, WOLFSSL_LOAD_FLAG_NONE), WOLFSSL_SUCCESS); #else AssertIntEQ(wolfSSL_CTX_load_verify_buffer_ex(ctx, ca_expired_cert, sizeof_ca_expired_cert, WOLFSSL_FILETYPE_ASN1, 0, WOLFSSL_LOAD_FLAG_NONE), WOLFSSL_SUCCESS); #endif /* test expired CA success */ AssertIntEQ(wolfSSL_CTX_load_verify_buffer_ex(ctx, ca_expired_cert, sizeof_ca_expired_cert, WOLFSSL_FILETYPE_ASN1, 0, WOLFSSL_LOAD_FLAG_DATE_ERR_OKAY), WOLFSSL_SUCCESS); wolfSSL_CTX_free(ctx); #endif /* !NO_WOLFSSL_CLIENT || !NO_WOLFSSL_SERVER */ res = TEST_RES_CHECK(1); #endif return res; } static int test_wolfSSL_CTX_load_verify_chain_buffer_format(void) { int res = TEST_SKIPPED; #if !defined(NO_CERTS) && !defined(NO_RSA) && defined(OPENSSL_EXTRA) && \ defined(WOLFSSL_CERT_GEN) && defined(USE_CERT_BUFFERS_2048) && \ (!defined(NO_WOLFSSL_CLIENT) || !defined(NO_WOLFSSL_SERVER)) WOLFSSL_CTX* ctx; #ifndef NO_WOLFSSL_CLIENT AssertNotNull(ctx = wolfSSL_CTX_new(wolfSSLv23_client_method())); #else AssertNotNull(ctx = wolfSSL_CTX_new(wolfSSLv23_server_method())); #endif AssertTrue(WOLFSSL_SUCCESS == wolfSSL_CTX_load_verify_chain_buffer_format( ctx, ca_cert_chain_der, sizeof_ca_cert_chain_der, WOLFSSL_FILETYPE_ASN1)); wolfSSL_CTX_free(ctx); res = TEST_RES_CHECK(1); #endif return res; } static int test_wolfSSL_CTX_add1_chain_cert(void) { int res = TEST_SKIPPED; #if !defined(NO_FILESYSTEM) && !defined(NO_CERTS) && defined(OPENSSL_EXTRA) && \ defined(KEEP_OUR_CERT) && !defined(NO_RSA) && !defined(NO_WOLFSSL_CLIENT) WOLFSSL_CTX* ctx; WOLFSSL* ssl; const char *certChain[] = { "./certs/intermediate/client-int-cert.pem", "./certs/intermediate/ca-int2-cert.pem", "./certs/intermediate/ca-int-cert.pem", "./certs/ca-cert.pem", NULL }; const char** cert; WOLFSSL_X509* x509; WOLF_STACK_OF(X509)* chain = NULL; AssertNotNull(ctx = wolfSSL_CTX_new(wolfSSLv23_client_method())); AssertNotNull(ssl = wolfSSL_new(ctx)); for (cert = certChain; *cert != NULL; cert++) { x509 = wolfSSL_X509_load_certificate_file(*cert, WOLFSSL_FILETYPE_PEM); AssertNotNull(x509); AssertIntEQ(SSL_CTX_add1_chain_cert(ctx, x509), 1); X509_free(x509); } for (cert = certChain; *cert != NULL; cert++) { x509 = wolfSSL_X509_load_certificate_file(*cert, WOLFSSL_FILETYPE_PEM); AssertNotNull(x509); AssertIntEQ(SSL_add1_chain_cert(ssl, x509), 1); X509_free(x509); } AssertIntEQ(SSL_CTX_get0_chain_certs(ctx, &chain), 1); AssertIntEQ(sk_X509_num(chain), 3); AssertIntEQ(SSL_get0_chain_certs(ssl, &chain), 1); AssertIntEQ(sk_X509_num(chain), 3); SSL_free(ssl); SSL_CTX_free(ctx); res = TEST_RES_CHECK(1); #endif return res; } static int test_wolfSSL_CTX_use_certificate_chain_file_format(void) { int res = TEST_SKIPPED; #if !defined(NO_FILESYSTEM) && !defined(NO_CERTS) && !defined(NO_RSA) && \ (!defined(NO_WOLFSSL_CLIENT) || !defined(NO_WOLFSSL_SERVER)) const char* server_chain_der = "./certs/server-cert-chain.der"; const char* client_single_pem = "./certs/client-cert.pem"; WOLFSSL_CTX* ctx; int ret = 0; (void)server_chain_der; (void)client_single_pem; (void)ctx; #ifndef NO_WOLFSSL_CLIENT ctx = wolfSSL_CTX_new(wolfSSLv23_client_method()); AssertNotNull(ctx); #else ctx = wolfSSL_CTX_new(wolfSSLv23_server_method()); AssertNotNull(ctx); #endif AssertIntEQ(wolfSSL_CTX_use_certificate_chain_file_format(ctx, server_chain_der, WOLFSSL_FILETYPE_ASN1), WOLFSSL_SUCCESS); AssertIntEQ(wolfSSL_CTX_use_certificate_chain_file_format(ctx, client_single_pem, WOLFSSL_FILETYPE_PEM), WOLFSSL_SUCCESS); wolfSSL_CTX_free(ctx); res = TEST_RES_CHECK(ret == 0); #endif return res; } static int test_wolfSSL_CTX_SetTmpDH_file(void) { int res = TEST_SKIPPED; #if !defined(NO_FILESYSTEM) && !defined(NO_CERTS) && !defined(NO_DH) && \ (!defined(NO_WOLFSSL_CLIENT) || !defined(NO_WOLFSSL_SERVER)) WOLFSSL_CTX *ctx; (void)ctx; #ifndef NO_WOLFSSL_CLIENT AssertNotNull(ctx = wolfSSL_CTX_new(wolfSSLv23_client_method())); #else AssertNotNull(ctx = wolfSSL_CTX_new(wolfSSLv23_server_method())); #endif /* invalid context */ AssertIntNE(WOLFSSL_SUCCESS, wolfSSL_CTX_SetTmpDH_file(NULL, dhParamFile, WOLFSSL_FILETYPE_PEM)); /* invalid dhParamFile file */ AssertIntNE(WOLFSSL_SUCCESS, wolfSSL_CTX_SetTmpDH_file(ctx, NULL, WOLFSSL_FILETYPE_PEM)); AssertIntNE(WOLFSSL_SUCCESS, wolfSSL_CTX_SetTmpDH_file(ctx, bogusFile, WOLFSSL_FILETYPE_PEM)); /* success */ AssertIntEQ(WOLFSSL_SUCCESS, wolfSSL_CTX_SetTmpDH_file(ctx, dhParamFile, WOLFSSL_FILETYPE_PEM)); wolfSSL_CTX_free(ctx); res = TEST_RES_CHECK(1); #endif return res; } static int test_wolfSSL_CTX_SetTmpDH_buffer(void) { int res = TEST_SKIPPED; #if !defined(NO_CERTS) && !defined(NO_DH) && \ (!defined(NO_WOLFSSL_CLIENT) || !defined(NO_WOLFSSL_SERVER)) WOLFSSL_CTX *ctx; (void)ctx; #ifndef NO_WOLFSSL_CLIENT AssertNotNull(ctx = wolfSSL_CTX_new(wolfSSLv23_client_method())); #else AssertNotNull(ctx = wolfSSL_CTX_new(wolfSSLv23_server_method())); #endif /* invalid context */ AssertIntNE(WOLFSSL_SUCCESS, wolfSSL_CTX_SetTmpDH_buffer(NULL, dh_key_der_2048, sizeof_dh_key_der_2048, WOLFSSL_FILETYPE_ASN1)); /* invalid dhParamFile file */ AssertIntNE(WOLFSSL_SUCCESS, wolfSSL_CTX_SetTmpDH_buffer(NULL, NULL, 0, WOLFSSL_FILETYPE_ASN1)); AssertIntNE(WOLFSSL_SUCCESS, wolfSSL_CTX_SetTmpDH_buffer(ctx, dsa_key_der_2048, sizeof_dsa_key_der_2048, WOLFSSL_FILETYPE_ASN1)); /* success */ AssertIntEQ(WOLFSSL_SUCCESS, wolfSSL_CTX_SetTmpDH_buffer(ctx, dh_key_der_2048, sizeof_dh_key_der_2048, WOLFSSL_FILETYPE_ASN1)); wolfSSL_CTX_free(ctx); res = TEST_RES_CHECK(1); #endif return res; } static int test_wolfSSL_CTX_SetMinMaxDhKey_Sz(void) { int res = TEST_SKIPPED; #if !defined(NO_CERTS) && !defined(NO_DH) && \ (!defined(NO_WOLFSSL_CLIENT) || !defined(NO_WOLFSSL_SERVER)) WOLFSSL_CTX *ctx; (void)ctx; #ifndef NO_WOLFSSL_CLIENT ctx = wolfSSL_CTX_new(wolfSSLv23_client_method()); AssertNotNull(ctx); #else ctx = wolfSSL_CTX_new(wolfSSLv23_server_method()); AssertNotNull(ctx); #endif AssertIntEQ(WOLFSSL_SUCCESS, wolfSSL_CTX_SetMinDhKey_Sz(ctx, 3072)); AssertIntEQ(DH_KEY_SIZE_E, wolfSSL_CTX_SetTmpDH_buffer(ctx, dh_key_der_2048, sizeof_dh_key_der_2048, WOLFSSL_FILETYPE_ASN1)); AssertIntEQ(WOLFSSL_SUCCESS, wolfSSL_CTX_SetMinDhKey_Sz(ctx, 2048)); AssertIntEQ(WOLFSSL_SUCCESS, wolfSSL_CTX_SetTmpDH_buffer(ctx, dh_key_der_2048, sizeof_dh_key_der_2048, WOLFSSL_FILETYPE_ASN1)); AssertIntEQ(WOLFSSL_SUCCESS, wolfSSL_CTX_SetMaxDhKey_Sz(ctx, 1024)); AssertIntEQ(DH_KEY_SIZE_E, wolfSSL_CTX_SetTmpDH_buffer(ctx, dh_key_der_2048, sizeof_dh_key_der_2048, WOLFSSL_FILETYPE_ASN1)); AssertIntEQ(WOLFSSL_SUCCESS, wolfSSL_CTX_SetMaxDhKey_Sz(ctx, 2048)); AssertIntEQ(WOLFSSL_SUCCESS, wolfSSL_CTX_SetTmpDH_buffer(ctx, dh_key_der_2048, sizeof_dh_key_der_2048, WOLFSSL_FILETYPE_ASN1)); wolfSSL_CTX_free(ctx); res = TEST_RES_CHECK(1); #endif return res; } static int test_wolfSSL_CTX_der_load_verify_locations(void) { int res = TEST_SKIPPED; #if !defined(NO_FILESYSTEM) && defined(WOLFSSL_DER_LOAD) && \ (!defined(NO_WOLFSSL_CLIENT) || !defined(NO_WOLFSSL_SERVER)) WOLFSSL_CTX* ctx = NULL; const char* derCert = "./certs/server-cert.der"; const char* nullPath = NULL; const char* invalidPath = "./certs/this-cert-does-not-exist.der"; const char* emptyPath = ""; /* der load Case 1 ctx NULL */ AssertIntEQ(wolfSSL_CTX_der_load_verify_locations(ctx, derCert, WOLFSSL_FILETYPE_ASN1), WOLFSSL_FAILURE); #ifndef NO_WOLFSSL_CLIENT AssertNotNull(ctx = wolfSSL_CTX_new(wolfSSLv23_client_method())); #else AssertNotNull(ctx = wolfSSL_CTX_new(wolfSSLv23_server_method())); #endif /* Case 2 filePath NULL */ AssertIntEQ(wolfSSL_CTX_der_load_verify_locations(ctx, nullPath, WOLFSSL_FILETYPE_ASN1), WOLFSSL_FAILURE); /* Case 3 invalid format */ AssertIntEQ(wolfSSL_CTX_der_load_verify_locations(ctx, derCert, WOLFSSL_FILETYPE_PEM), WOLFSSL_FAILURE); /* Case 4 filePath not valid */ AssertIntEQ(wolfSSL_CTX_der_load_verify_locations(ctx, invalidPath, WOLFSSL_FILETYPE_ASN1), WOLFSSL_FAILURE); /* Case 5 filePath empty */ AssertIntEQ(wolfSSL_CTX_der_load_verify_locations(ctx, emptyPath, WOLFSSL_FILETYPE_ASN1), WOLFSSL_FAILURE); #ifndef NO_RSA /* Case 6 success case */ AssertIntEQ(wolfSSL_CTX_der_load_verify_locations(ctx, derCert, WOLFSSL_FILETYPE_ASN1), WOLFSSL_SUCCESS); #endif wolfSSL_CTX_free(ctx); res = TEST_RES_CHECK(1); #endif return res; } static int test_wolfSSL_CTX_enable_disable(void) { int res = TEST_SKIPPED; #ifndef NO_CERTS WOLFSSL_CTX* ctx = NULL; #ifdef HAVE_CRL AssertIntEQ(wolfSSL_CTX_DisableCRL(ctx), BAD_FUNC_ARG); AssertIntEQ(wolfSSL_CTX_EnableCRL(ctx, 0), BAD_FUNC_ARG); #endif #ifdef HAVE_OCSP AssertIntEQ(wolfSSL_CTX_DisableOCSP(ctx), BAD_FUNC_ARG); AssertIntEQ(wolfSSL_CTX_EnableOCSP(ctx, 0), BAD_FUNC_ARG); #endif #if defined(HAVE_CERTIFICATE_STATUS_REQUEST) || \ defined(HAVE_CERTIFICATE_STATUS_REQUEST_V2) AssertIntEQ(wolfSSL_CTX_DisableOCSPStapling(ctx), BAD_FUNC_ARG); AssertIntEQ(wolfSSL_CTX_EnableOCSPStapling(ctx), BAD_FUNC_ARG); AssertIntEQ(wolfSSL_CTX_DisableOCSPMustStaple(ctx), BAD_FUNC_ARG); AssertIntEQ(wolfSSL_CTX_EnableOCSPMustStaple(ctx), BAD_FUNC_ARG); #endif #ifndef NO_WOLFSSL_CLIENT #ifdef HAVE_EXTENDED_MASTER AssertIntEQ(wolfSSL_CTX_DisableExtendedMasterSecret(ctx), BAD_FUNC_ARG); #endif ctx = wolfSSL_CTX_new(wolfSSLv23_client_method()); AssertNotNull(ctx); #ifdef HAVE_EXTENDED_MASTER AssertIntEQ(wolfSSL_CTX_DisableExtendedMasterSecret(ctx), WOLFSSL_SUCCESS); #endif #elif !defined(NO_WOLFSSL_SERVER) AssertNotNull(ctx = wolfSSL_CTX_new(wolfSSLv23_server_method())); #else return TEST_SUCCESS; #endif #ifdef HAVE_CRL AssertIntEQ(wolfSSL_CTX_DisableCRL(ctx), WOLFSSL_SUCCESS); AssertIntEQ(wolfSSL_CTX_EnableCRL(ctx, 0), WOLFSSL_SUCCESS); #endif #ifdef HAVE_OCSP AssertIntEQ(wolfSSL_CTX_DisableOCSP(ctx), WOLFSSL_SUCCESS); AssertIntEQ(wolfSSL_CTX_EnableOCSP(ctx, WOLFSSL_OCSP_URL_OVERRIDE), WOLFSSL_SUCCESS); AssertIntEQ(wolfSSL_CTX_EnableOCSP(ctx, WOLFSSL_OCSP_NO_NONCE), WOLFSSL_SUCCESS); AssertIntEQ(wolfSSL_CTX_EnableOCSP(ctx, WOLFSSL_OCSP_CHECKALL), WOLFSSL_SUCCESS); #endif #if defined(HAVE_CERTIFICATE_STATUS_REQUEST) || \ defined(HAVE_CERTIFICATE_STATUS_REQUEST_V2) AssertIntEQ(wolfSSL_CTX_DisableOCSPStapling(ctx), WOLFSSL_SUCCESS); AssertIntEQ(wolfSSL_CTX_EnableOCSPStapling(ctx), WOLFSSL_SUCCESS); AssertIntEQ(wolfSSL_CTX_DisableOCSPMustStaple(ctx), WOLFSSL_SUCCESS); AssertIntEQ(wolfSSL_CTX_DisableOCSPMustStaple(ctx), WOLFSSL_SUCCESS); #endif wolfSSL_CTX_free(ctx); res = TEST_RES_CHECK(1); #endif /* NO_CERTS */ return res; } static int test_wolfSSL_CTX_ticket_API(void) { int res = TEST_SKIPPED; #if defined(HAVE_SESSION_TICKET) && !defined(NO_WOLFSSL_SERVER) WOLFSSL_CTX* ctx = NULL; void *userCtx = (void*)"this is my ctx"; AssertNotNull(ctx = wolfSSL_CTX_new(wolfSSLv23_server_method())); AssertIntEQ(WOLFSSL_SUCCESS, wolfSSL_CTX_set_TicketEncCtx(ctx, userCtx)); AssertTrue(userCtx == wolfSSL_CTX_get_TicketEncCtx(ctx)); wolfSSL_CTX_free(ctx); AssertIntNE(WOLFSSL_SUCCESS, wolfSSL_CTX_set_TicketEncCtx(NULL, userCtx)); AssertNull(wolfSSL_CTX_get_TicketEncCtx(NULL)); res = TEST_RES_CHECK(1); #endif /* HAVE_SESSION_TICKET && !NO_WOLFSSL_SERVER */ return res; } static int test_wolfSSL_set_minmax_proto_version(void) { int res = TEST_SKIPPED; #ifdef OPENSSL_EXTRA WOLFSSL_CTX *ctx; WOLFSSL *ssl; int ret; (void)ret; (void)ssl; #ifndef NO_WOLFSSL_CLIENT AssertNotNull(ctx = wolfSSL_CTX_new(wolfSSLv23_client_method())); AssertNotNull(ssl = wolfSSL_new(ctx)); AssertIntEQ(wolfSSL_CTX_set_min_proto_version(NULL, 0), SSL_FAILURE); AssertIntEQ(wolfSSL_CTX_set_max_proto_version(NULL, 0), SSL_FAILURE); AssertIntEQ(wolfSSL_CTX_set_min_proto_version(ctx, 0), SSL_SUCCESS); AssertIntEQ(wolfSSL_CTX_set_max_proto_version(ctx, 0), SSL_SUCCESS); AssertIntEQ(wolfSSL_set_min_proto_version(NULL, 0), SSL_FAILURE); AssertIntEQ(wolfSSL_set_min_proto_version(ssl, 0), SSL_SUCCESS); AssertIntEQ(wolfSSL_set_max_proto_version(NULL, 0), SSL_FAILURE); AssertIntEQ(wolfSSL_set_max_proto_version(ssl, 0), SSL_SUCCESS); wolfSSL_free(ssl); wolfSSL_CTX_free(ctx); #endif #ifndef NO_WOLFSSL_SERVER AssertNotNull(ctx = wolfSSL_CTX_new(wolfSSLv23_server_method())); AssertIntEQ(wolfSSL_CTX_set_min_proto_version(NULL, 0), SSL_FAILURE); AssertIntEQ(wolfSSL_CTX_set_max_proto_version(NULL, 0), SSL_FAILURE); AssertIntEQ(wolfSSL_CTX_set_min_proto_version(ctx, 0), SSL_SUCCESS); AssertIntEQ(wolfSSL_CTX_set_max_proto_version(ctx, 0), SSL_SUCCESS); wolfSSL_CTX_free(ctx); #endif res = TEST_RES_CHECK(1); #endif return res; } #if defined(WOLFSSL_TLS13) && !defined(WOLFSSL_NO_TLS12) && \ defined(OPENSSL_EXTRA) && defined(HAVE_IO_TESTS_DEPENDENCIES) static void test_wolfSSL_CTX_set_max_proto_version_on_result(WOLFSSL* ssl) { AssertStrEQ(wolfSSL_get_version(ssl), "TLSv1.2"); } static void test_wolfSSL_CTX_set_max_proto_version_ctx_ready(WOLFSSL_CTX* ctx) { /* Set TLS 1.2 */ AssertIntEQ(wolfSSL_CTX_set_max_proto_version(ctx, TLS1_2_VERSION), WOLFSSL_SUCCESS); } /* Test using wolfSSL_CTX_set_max_proto_version to limit the version below * what was set at ctx creation. */ static int test_wolfSSL_CTX_set_max_proto_version(void) { callback_functions client_cbs, server_cbs; XMEMSET(&client_cbs, 0, sizeof(client_cbs)); XMEMSET(&server_cbs, 0, sizeof(server_cbs)); client_cbs.method = wolfTLS_client_method; server_cbs.method = wolfTLS_server_method; server_cbs.ctx_ready = test_wolfSSL_CTX_set_max_proto_version_ctx_ready; client_cbs.on_result = test_wolfSSL_CTX_set_max_proto_version_on_result; server_cbs.on_result = test_wolfSSL_CTX_set_max_proto_version_on_result; test_wolfSSL_client_server_nofail(&client_cbs, &server_cbs); AssertIntEQ(client_cbs.return_code, TEST_SUCCESS); AssertIntEQ(server_cbs.return_code, TEST_SUCCESS); return TEST_RES_CHECK(1); } #else static int test_wolfSSL_CTX_set_max_proto_version(void) { return TEST_SKIPPED; } #endif /*----------------------------------------------------------------------------* | SSL *----------------------------------------------------------------------------*/ static int test_server_wolfSSL_new(void) { int res = TEST_SKIPPED; #if !defined(NO_FILESYSTEM) && !defined(NO_CERTS) && !defined(NO_RSA) && \ !defined(NO_WOLFSSL_SERVER) WOLFSSL_CTX *ctx; WOLFSSL_CTX *ctx_nocert; WOLFSSL *ssl; AssertNotNull(ctx_nocert = wolfSSL_CTX_new(wolfSSLv23_server_method())); AssertNotNull(ctx = wolfSSL_CTX_new(wolfSSLv23_server_method())); AssertTrue(wolfSSL_CTX_use_certificate_file(ctx, svrCertFile, WOLFSSL_FILETYPE_PEM)); AssertTrue(wolfSSL_CTX_use_PrivateKey_file(ctx, svrKeyFile, WOLFSSL_FILETYPE_PEM)); /* invalid context */ AssertNull(ssl = wolfSSL_new(NULL)); #if !defined(WOLFSSL_SESSION_EXPORT) && !defined(WOLFSSL_QT) && !defined(OPENSSL_EXTRA) AssertNull(ssl = wolfSSL_new(ctx_nocert)); #endif /* success */ AssertNotNull(ssl = wolfSSL_new(ctx)); wolfSSL_free(ssl); wolfSSL_CTX_free(ctx); wolfSSL_CTX_free(ctx_nocert); res = TEST_RES_CHECK(1); #endif return res; } static int test_client_wolfSSL_new(void) { int res = TEST_SKIPPED; #if !defined(NO_FILESYSTEM) && !defined(NO_CERTS) && !defined(NO_RSA) && \ !defined(NO_WOLFSSL_CLIENT) WOLFSSL_CTX *ctx; WOLFSSL_CTX *ctx_nocert; WOLFSSL *ssl; AssertNotNull(ctx_nocert = wolfSSL_CTX_new(wolfSSLv23_client_method())); AssertNotNull(ctx = wolfSSL_CTX_new(wolfSSLv23_client_method())); AssertTrue(wolfSSL_CTX_load_verify_locations(ctx, caCertFile, 0)); /* invalid context */ AssertNull(ssl = wolfSSL_new(NULL)); /* success */ AssertNotNull(ssl = wolfSSL_new(ctx_nocert)); wolfSSL_free(ssl); /* success */ AssertNotNull(ssl = wolfSSL_new(ctx)); wolfSSL_free(ssl); wolfSSL_CTX_free(ctx); wolfSSL_CTX_free(ctx_nocert); res = TEST_RES_CHECK(1); #endif return res; } static int test_wolfSSL_SetTmpDH_file(void) { int res = TEST_SKIPPED; #if !defined(NO_FILESYSTEM) && !defined(NO_CERTS) && !defined(NO_DH) && \ !defined(NO_WOLFSSL_SERVER) WOLFSSL_CTX *ctx; WOLFSSL *ssl; AssertNotNull(ctx = wolfSSL_CTX_new(wolfSSLv23_server_method())); #ifndef NO_RSA AssertTrue(wolfSSL_CTX_use_certificate_file(ctx, svrCertFile, WOLFSSL_FILETYPE_PEM)); AssertTrue(wolfSSL_CTX_use_PrivateKey_file(ctx, svrKeyFile, WOLFSSL_FILETYPE_PEM)); #elif defined(HAVE_ECC) AssertTrue(wolfSSL_CTX_use_certificate_file(ctx, eccCertFile, WOLFSSL_FILETYPE_PEM)); AssertTrue(wolfSSL_CTX_use_PrivateKey_file(ctx, eccKeyFile, WOLFSSL_FILETYPE_PEM)); #elif defined(HAVE_ED25519) AssertTrue(wolfSSL_CTX_use_certificate_file(ctx, edCertFile, WOLFSSL_FILETYPE_PEM)); AssertTrue(wolfSSL_CTX_use_PrivateKey_file(ctx, edKeyFile, WOLFSSL_FILETYPE_PEM)); #elif defined(HAVE_ED448) AssertTrue(wolfSSL_CTX_use_certificate_file(ctx, ed448CertFile, WOLFSSL_FILETYPE_PEM)); AssertTrue(wolfSSL_CTX_use_PrivateKey_file(ctx, ed448KeyFile, WOLFSSL_FILETYPE_PEM)); #endif AssertNotNull(ssl = wolfSSL_new(ctx)); /* invalid ssl */ AssertIntNE(WOLFSSL_SUCCESS, wolfSSL_SetTmpDH_file(NULL, dhParamFile, WOLFSSL_FILETYPE_PEM)); /* invalid dhParamFile file */ AssertIntNE(WOLFSSL_SUCCESS, wolfSSL_SetTmpDH_file(ssl, NULL, WOLFSSL_FILETYPE_PEM)); AssertIntNE(WOLFSSL_SUCCESS, wolfSSL_SetTmpDH_file(ssl, bogusFile, WOLFSSL_FILETYPE_PEM)); /* success */ AssertIntEQ(WOLFSSL_SUCCESS, wolfSSL_SetTmpDH_file(ssl, dhParamFile, WOLFSSL_FILETYPE_PEM)); wolfSSL_free(ssl); wolfSSL_CTX_free(ctx); res = TEST_RES_CHECK(1); #endif return res; } static int test_wolfSSL_SetTmpDH_buffer(void) { int res = TEST_SKIPPED; #if !defined(NO_CERTS) && !defined(NO_DH) && !defined(NO_WOLFSSL_SERVER) WOLFSSL_CTX *ctx; WOLFSSL *ssl; AssertNotNull(ctx = wolfSSL_CTX_new(wolfSSLv23_server_method())); AssertTrue(wolfSSL_CTX_use_certificate_buffer(ctx, server_cert_der_2048, sizeof_server_cert_der_2048, WOLFSSL_FILETYPE_ASN1)); AssertTrue(wolfSSL_CTX_use_PrivateKey_buffer(ctx, server_key_der_2048, sizeof_server_key_der_2048, WOLFSSL_FILETYPE_ASN1)); AssertNotNull(ssl = wolfSSL_new(ctx)); /* invalid ssl */ AssertIntNE(WOLFSSL_SUCCESS, wolfSSL_SetTmpDH_buffer(NULL, dh_key_der_2048, sizeof_dh_key_der_2048, WOLFSSL_FILETYPE_ASN1)); /* invalid dhParamFile file */ AssertIntNE(WOLFSSL_SUCCESS, wolfSSL_SetTmpDH_buffer(NULL, NULL, 0, WOLFSSL_FILETYPE_ASN1)); AssertIntNE(WOLFSSL_SUCCESS, wolfSSL_SetTmpDH_buffer(ssl, dsa_key_der_2048, sizeof_dsa_key_der_2048, WOLFSSL_FILETYPE_ASN1)); /* success */ AssertIntEQ(WOLFSSL_SUCCESS, wolfSSL_SetTmpDH_buffer(ssl, dh_key_der_2048, sizeof_dh_key_der_2048, WOLFSSL_FILETYPE_ASN1)); wolfSSL_free(ssl); wolfSSL_CTX_free(ctx); res = TEST_RES_CHECK(1); #endif return res; } static int test_wolfSSL_SetMinMaxDhKey_Sz(void) { int res = TEST_SKIPPED; #if !defined(NO_CERTS) && !defined(NO_DH) && !defined(NO_WOLFSSL_SERVER) WOLFSSL_CTX *ctx, *ctx2; WOLFSSL *ssl, *ssl2; ctx = wolfSSL_CTX_new(wolfSSLv23_server_method()); AssertNotNull(ctx); AssertTrue(wolfSSL_CTX_use_certificate_buffer(ctx, server_cert_der_2048, sizeof_server_cert_der_2048, WOLFSSL_FILETYPE_ASN1)); AssertTrue(wolfSSL_CTX_use_PrivateKey_buffer(ctx, server_key_der_2048, sizeof_server_key_der_2048, WOLFSSL_FILETYPE_ASN1)); AssertIntEQ(WOLFSSL_SUCCESS, wolfSSL_CTX_SetMinDhKey_Sz(ctx, 3072)); ssl = wolfSSL_new(ctx); AssertNotNull(ssl); ctx2 = wolfSSL_CTX_new(wolfSSLv23_server_method()); AssertNotNull(ctx2); AssertTrue(wolfSSL_CTX_use_certificate_buffer(ctx2, server_cert_der_2048, sizeof_server_cert_der_2048, WOLFSSL_FILETYPE_ASN1)); AssertTrue(wolfSSL_CTX_use_PrivateKey_buffer(ctx2, server_key_der_2048, sizeof_server_key_der_2048, WOLFSSL_FILETYPE_ASN1)); AssertIntEQ(WOLFSSL_SUCCESS, wolfSSL_CTX_SetMaxDhKey_Sz(ctx, 1024)); ssl2 = wolfSSL_new(ctx2); AssertNotNull(ssl2); AssertIntEQ(DH_KEY_SIZE_E, wolfSSL_SetTmpDH_buffer(ssl, dh_key_der_2048, sizeof_dh_key_der_2048, WOLFSSL_FILETYPE_ASN1)); AssertIntEQ(WOLFSSL_SUCCESS, wolfSSL_SetMinDhKey_Sz(ssl, 2048)); AssertIntEQ(WOLFSSL_SUCCESS, wolfSSL_SetTmpDH_buffer(ssl, dh_key_der_2048, sizeof_dh_key_der_2048, WOLFSSL_FILETYPE_ASN1)); AssertIntEQ(WOLFSSL_SUCCESS, wolfSSL_SetMinDhKey_Sz(ssl, 3072)); AssertIntEQ(DH_KEY_SIZE_E, wolfSSL_SetTmpDH_buffer(ssl, dh_key_der_2048, sizeof_dh_key_der_2048, WOLFSSL_FILETYPE_ASN1)); AssertIntEQ(WOLFSSL_SUCCESS, wolfSSL_SetTmpDH_buffer(ssl2, dh_key_der_2048, sizeof_dh_key_der_2048, WOLFSSL_FILETYPE_ASN1)); AssertIntEQ(WOLFSSL_SUCCESS, wolfSSL_SetMaxDhKey_Sz(ssl2, 2048)); AssertIntEQ(WOLFSSL_SUCCESS, wolfSSL_SetTmpDH_buffer(ssl2, dh_key_der_2048, sizeof_dh_key_der_2048, WOLFSSL_FILETYPE_ASN1)); AssertIntEQ(WOLFSSL_SUCCESS, wolfSSL_SetMaxDhKey_Sz(ssl2, 1024)); AssertIntEQ(DH_KEY_SIZE_E, wolfSSL_SetTmpDH_buffer(ssl, dh_key_der_2048, sizeof_dh_key_der_2048, WOLFSSL_FILETYPE_ASN1)); wolfSSL_free(ssl2); wolfSSL_CTX_free(ctx2); wolfSSL_free(ssl); wolfSSL_CTX_free(ctx); res = TEST_RES_CHECK(1); #endif return res; } /* Test function for wolfSSL_SetMinVersion. Sets the minimum downgrade version * allowed. * POST: return 1 on success. */ static int test_wolfSSL_SetMinVersion(void) { int res = TEST_SKIPPED; #ifndef NO_WOLFSSL_CLIENT int failFlag = WOLFSSL_SUCCESS; WOLFSSL_CTX* ctx; WOLFSSL* ssl; int itr; #ifndef NO_OLD_TLS const int versions[] = { #ifdef WOLFSSL_ALLOW_TLSV10 WOLFSSL_TLSV1, #endif WOLFSSL_TLSV1_1, WOLFSSL_TLSV1_2}; #elif !defined(WOLFSSL_NO_TLS12) const int versions[] = { WOLFSSL_TLSV1_2 }; #else const int versions[] = { WOLFSSL_TLSV1_3 }; #endif ctx = wolfSSL_CTX_new(wolfSSLv23_client_method()); ssl = wolfSSL_new(ctx); for (itr = 0; itr < (int)(sizeof(versions)/sizeof(int)); itr++) { if (wolfSSL_SetMinVersion(ssl, *(versions + itr)) != WOLFSSL_SUCCESS) { failFlag = WOLFSSL_FAILURE; } } wolfSSL_free(ssl); wolfSSL_CTX_free(ctx); res = TEST_RES_CHECK(failFlag == WOLFSSL_SUCCESS); #endif return res; } /* END test_wolfSSL_SetMinVersion */ #ifdef OPENSSL_EXTRA static int test_ED25519(void) { int res = TEST_SKIPPED; #if defined(HAVE_ED25519) && defined(HAVE_ED25519_KEY_EXPORT) && \ defined(WOLFSSL_KEY_GEN) byte priv[ED25519_PRV_KEY_SIZE]; unsigned int privSz = (unsigned int)sizeof(priv); byte pub[ED25519_PUB_KEY_SIZE]; unsigned int pubSz = (unsigned int)sizeof(pub); #if defined(HAVE_ED25519_SIGN) && defined(HAVE_ED25519_KEY_IMPORT) const char* msg = TEST_STRING; unsigned int msglen = (unsigned int)TEST_STRING_SZ; byte sig[ED25519_SIG_SIZE]; unsigned int sigSz = (unsigned int)sizeof(sig); #endif /* HAVE_ED25519_SIGN && HAVE_ED25519_KEY_IMPORT */ AssertIntEQ(wolfSSL_ED25519_generate_key(priv, &privSz, pub, &pubSz), WOLFSSL_SUCCESS); AssertIntEQ(privSz, ED25519_PRV_KEY_SIZE); AssertIntEQ(pubSz, ED25519_PUB_KEY_SIZE); #if defined(HAVE_ED25519_SIGN) && defined(HAVE_ED25519_KEY_IMPORT) AssertIntEQ(wolfSSL_ED25519_sign((byte*)msg, msglen, priv, privSz, sig, &sigSz), WOLFSSL_SUCCESS); AssertIntEQ(sigSz, ED25519_SIG_SIZE); #ifdef HAVE_ED25519_VERIFY AssertIntEQ(wolfSSL_ED25519_verify((byte*)msg, msglen, pub, pubSz, sig, sigSz), WOLFSSL_SUCCESS); #endif /* HAVE_ED25519_VERIFY */ #endif /* HAVE_ED25519_SIGN && HAVE_ED25519_KEY_IMPORT */ res = TEST_RES_CHECK(1); #endif /* HAVE_ED25519 && HAVE_ED25519_KEY_EXPORT && WOLFSSL_KEY_GEN */ return res; } static int test_ED448(void) { int res = TEST_SKIPPED; #if defined(HAVE_ED448) && defined(HAVE_ED448_KEY_EXPORT) && \ defined(WOLFSSL_KEY_GEN) byte priv[ED448_PRV_KEY_SIZE]; unsigned int privSz = (unsigned int)sizeof(priv); byte pub[ED448_PUB_KEY_SIZE]; unsigned int pubSz = (unsigned int)sizeof(pub); #if defined(HAVE_ED448_SIGN) && defined(HAVE_ED448_KEY_IMPORT) const char* msg = TEST_STRING; unsigned int msglen = (unsigned int)TEST_STRING_SZ; byte sig[ED448_SIG_SIZE]; unsigned int sigSz = (unsigned int)sizeof(sig); #endif /* HAVE_ED448_SIGN && HAVE_ED448_KEY_IMPORT */ AssertIntEQ(wolfSSL_ED448_generate_key(priv, &privSz, pub, &pubSz), WOLFSSL_SUCCESS); AssertIntEQ(privSz, ED448_PRV_KEY_SIZE); AssertIntEQ(pubSz, ED448_PUB_KEY_SIZE); #if defined(HAVE_ED448_SIGN) && defined(HAVE_ED448_KEY_IMPORT) AssertIntEQ(wolfSSL_ED448_sign((byte*)msg, msglen, priv, privSz, sig, &sigSz), WOLFSSL_SUCCESS); AssertIntEQ(sigSz, ED448_SIG_SIZE); #ifdef HAVE_ED448_VERIFY AssertIntEQ(wolfSSL_ED448_verify((byte*)msg, msglen, pub, pubSz, sig, sigSz), WOLFSSL_SUCCESS); #endif /* HAVE_ED448_VERIFY */ #endif /* HAVE_ED448_SIGN && HAVE_ED448_KEY_IMPORT */ res = TEST_RES_CHECK(1); #endif /* HAVE_ED448 && HAVE_ED448_KEY_EXPORT && WOLFSSL_KEY_GEN */ return res; } #endif /* OPENSSL_EXTRA */ #include /*----------------------------------------------------------------------------* | EVP *----------------------------------------------------------------------------*/ static int test_wolfSSL_EVP_PKEY_print_public(void) { int res = TEST_SKIPPED; #if defined(OPENSSL_EXTRA) && !defined(NO_BIO) WOLFSSL_BIO* rbio = NULL; WOLFSSL_BIO* wbio = NULL; WOLFSSL_EVP_PKEY* pkey = NULL; char line[256] = { 0 }; char line1[256] = { 0 }; int i; /* test error cases */ AssertIntEQ( EVP_PKEY_print_public(NULL,NULL,0,NULL),0L); /* * test RSA public key print * in this test, pass '3' for indent */ #if !defined(NO_RSA) && defined(USE_CERT_BUFFERS_1024) rbio = BIO_new_mem_buf( client_keypub_der_1024, sizeof_client_keypub_der_1024); AssertNotNull(rbio); wolfSSL_d2i_PUBKEY_bio(rbio, &pkey); AssertNotNull(pkey); wbio = BIO_new(BIO_s_mem()); AssertNotNull(wbio); AssertIntEQ(EVP_PKEY_print_public(wbio, pkey,3,NULL),1); BIO_gets(wbio, line, sizeof(line)); strcpy(line1, " RSA Public-Key: (1024 bit)\n"); AssertIntEQ(XSTRNCMP( line, line1, XSTRLEN(line1)), 0); BIO_gets(wbio, line, sizeof(line)); strcpy(line1, " Modulus:\n"); AssertIntEQ(XSTRNCMP( line, line1, XSTRLEN(line1)), 0); BIO_gets(wbio, line, sizeof(line)); strcpy(line1, " 00:bc:73:0e:a8:49:f3:74:a2:a9:ef:18:a5:da:55:\n"); AssertIntEQ(XSTRNCMP( line, line1, XSTRLEN(line1)), 0); /* skip to the end of modulus element*/ for (i = 0; i < 8 ;i++) { BIO_gets(wbio, line, sizeof(line)); } BIO_gets(wbio, line, sizeof(line)); strcpy(line1, " Exponent: 65537 (0x010001)\n"); AssertIntEQ(XSTRNCMP( line, line1, XSTRLEN(line1)), 0); /* should reach EOF */ AssertIntLE(BIO_gets(wbio, line, sizeof(line)) ,0); EVP_PKEY_free(pkey); pkey = NULL; BIO_free(rbio); BIO_free(wbio); rbio = NULL; wbio = NULL; #endif /* !NO_RSA && USE_CERT_BUFFERS_1024*/ /* * test DSA public key print */ #if !defined(NO_DSA) && defined(USE_CERT_BUFFERS_2048) rbio = BIO_new_mem_buf( dsa_pub_key_der_2048, sizeof_dsa_pub_key_der_2048); AssertNotNull(rbio); wolfSSL_d2i_PUBKEY_bio(rbio, &pkey); AssertNotNull(pkey); wbio = BIO_new(BIO_s_mem()); AssertNotNull(wbio); AssertIntEQ(EVP_PKEY_print_public(wbio, pkey,0,NULL),1); BIO_gets(wbio, line, sizeof(line)); strcpy(line1, "DSA Public-Key: (2048 bit)\n"); AssertIntEQ(XSTRNCMP( line, line1, XSTRLEN(line1)), 0); BIO_gets(wbio, line, sizeof(line)); strcpy(line1, "pub:\n"); AssertIntEQ(XSTRNCMP( line, line1, XSTRLEN(line1)), 0); BIO_gets(wbio, line, sizeof(line)); strcpy(line1, " 00:C2:35:2D:EC:83:83:6C:73:13:9E:52:7C:74:C8:\n"); AssertIntEQ(XSTRNCMP( line, line1, XSTRLEN(line1)), 0); /* skip to the end of pub element*/ for (i = 0; i < 17 ;i++) { BIO_gets(wbio, line, sizeof(line)); } BIO_gets(wbio, line, sizeof(line)); strcpy(line1, "P:\n"); AssertIntEQ(XSTRNCMP( line, line1, XSTRLEN(line1)), 0); /* skip to the end of P element*/ for (i = 0; i < 18 ;i++) { BIO_gets(wbio, line, sizeof(line)); } BIO_gets(wbio, line, sizeof(line)); strcpy(line1, "Q:\n"); AssertIntEQ(XSTRNCMP( line, line1, XSTRLEN(line1)), 0); /* skip to the end of Q element*/ for (i = 0; i < 3 ;i++) { BIO_gets(wbio, line, sizeof(line)); } BIO_gets(wbio, line, sizeof(line)); strcpy(line1, "G:\n"); AssertIntEQ(XSTRNCMP( line, line1, XSTRLEN(line1)), 0); /* skip to the end of G element*/ for (i = 0; i < 18 ;i++) { BIO_gets(wbio, line, sizeof(line)); } /* should reach EOF */ AssertIntLE(BIO_gets(wbio, line, sizeof(line)) ,0); EVP_PKEY_free(pkey); pkey = NULL; BIO_free(rbio); BIO_free(wbio); rbio = NULL; wbio = NULL; #endif /* !NO_DSA && USE_CERT_BUFFERS_2048 */ /* * test ECC public key print */ #if defined(HAVE_ECC) && defined(USE_CERT_BUFFERS_256) rbio = BIO_new_mem_buf( ecc_clikeypub_der_256, sizeof_ecc_clikeypub_der_256); AssertNotNull(rbio); wolfSSL_d2i_PUBKEY_bio(rbio, &pkey); AssertNotNull(pkey); wbio = BIO_new(BIO_s_mem()); AssertNotNull(wbio); AssertIntEQ(EVP_PKEY_print_public(wbio, pkey,0,NULL),1); BIO_gets(wbio, line, sizeof(line)); strcpy(line1, "Public-Key: (256 bit)\n"); AssertIntEQ(XSTRNCMP( line, line1, XSTRLEN(line1)), 0); BIO_gets(wbio, line, sizeof(line)); strcpy(line1, "pub:\n"); AssertIntEQ(XSTRNCMP( line, line1, XSTRLEN(line1)), 0); BIO_gets(wbio, line, sizeof(line)); strcpy(line1, " 04:55:BF:F4:0F:44:50:9A:3D:CE:9B:B7:F0:C5:4D:\n"); AssertIntEQ(XSTRNCMP( line, line1, XSTRLEN(line1)), 0); /* skip to the end of pub element*/ for (i = 0; i < 4 ;i++) { BIO_gets(wbio, line, sizeof(line)); } BIO_gets(wbio, line, sizeof(line)); strcpy(line1, "ASN1 OID: prime256v1\n"); AssertIntEQ(XSTRNCMP( line, line1, XSTRLEN(line1)), 0); BIO_gets(wbio, line, sizeof(line)); strcpy(line1, "NIST CURVE: P-256\n"); AssertIntEQ(XSTRNCMP( line, line1, XSTRLEN(line1)), 0); /* should reach EOF */ AssertIntLE(BIO_gets(wbio, line, sizeof(line)) ,0); EVP_PKEY_free(pkey); pkey = NULL; BIO_free(rbio); BIO_free(wbio); rbio = NULL; wbio = NULL; #endif /* HAVE_ECC && USE_CERT_BUFFERS_256 */ /* * test DH public key print */ #if defined(WOLFSSL_DH_EXTRA) && defined(USE_CERT_BUFFERS_2048) rbio = BIO_new_mem_buf( dh_pub_key_der_2048, sizeof_dh_pub_key_der_2048); AssertNotNull(rbio); wolfSSL_d2i_PUBKEY_bio(rbio, &pkey); AssertNotNull(pkey); wbio = BIO_new(BIO_s_mem()); AssertNotNull(wbio); AssertIntEQ(EVP_PKEY_print_public(wbio, pkey,0,NULL),1); BIO_gets(wbio, line, sizeof(line)); strcpy(line1, "DH Public-Key: (2048 bit)\n"); AssertIntEQ(XSTRNCMP( line, line1, XSTRLEN(line1)), 0); BIO_gets(wbio, line, sizeof(line)); strcpy(line1, "public-key:\n"); AssertIntEQ(XSTRNCMP( line, line1, XSTRLEN(line1)), 0); BIO_gets(wbio, line, sizeof(line)); strcpy(line1, " 34:41:BF:E9:F2:11:BF:05:DB:B2:72:A8:29:CC:BD:\n"); AssertIntEQ(XSTRNCMP( line, line1, XSTRLEN(line1)), 0); /* skip to the end of public-key element*/ for (i = 0; i < 17 ;i++) { BIO_gets(wbio, line, sizeof(line)); } BIO_gets(wbio, line, sizeof(line)); strcpy(line1, "prime:\n"); AssertIntEQ(XSTRNCMP( line, line1, XSTRLEN(line1)), 0); BIO_gets(wbio, line, sizeof(line)); strcpy(line1, " 00:D3:B2:99:84:5C:0A:4C:E7:37:CC:FC:18:37:01:\n"); AssertIntEQ(XSTRNCMP( line, line1, XSTRLEN(line1)), 0); /* skip to the end of prime element*/ for (i = 0; i < 17 ;i++) { BIO_gets(wbio, line, sizeof(line)); } BIO_gets(wbio, line, sizeof(line)); strcpy(line1, "generator: 2 (0x02)\n"); AssertIntEQ(XSTRNCMP( line, line1, XSTRLEN(line1)), 0); /* should reach EOF */ AssertIntLE(BIO_gets(wbio, line, sizeof(line)) ,0); EVP_PKEY_free(pkey); pkey = NULL; BIO_free(rbio); BIO_free(wbio); rbio = NULL; wbio = NULL; #endif /* WOLFSSL_DH_EXTRA && USE_CERT_BUFFERS_2048 */ /* to prevent "unused variable" warning */ (void)pkey; (void)wbio; (void)rbio; (void)line; (void)line1; (void)i; res = TEST_RES_CHECK(1); #endif /* OPENSSL_EXTRA */ return res; } /* Test functions for base64 encode/decode */ static int test_wolfSSL_EVP_ENCODE_CTX_new(void) { int res = TEST_SKIPPED; #if defined(OPENSSL_EXTRA) && \ ( defined(WOLFSSL_BASE64_ENCODE) || defined(WOLFSSL_BASE64_DECODE)) EVP_ENCODE_CTX* ctx = NULL; AssertNotNull( ctx = EVP_ENCODE_CTX_new()); AssertIntEQ( ctx->remaining,0); AssertIntEQ( ctx->data[0],0); AssertIntEQ( ctx->data[sizeof(ctx->data) -1],0); EVP_ENCODE_CTX_free(ctx); res = TEST_RES_CHECK(1); #endif /* OPENSSL_EXTRA && (WOLFSSL_BASE64_ENCODE || WOLFSSL_BASE64_DECODE)*/ return res; } static int test_wolfSSL_EVP_ENCODE_CTX_free(void) { int res = TEST_SKIPPED; #if defined(OPENSSL_EXTRA) && \ ( defined(WOLFSSL_BASE64_ENCODE) || defined(WOLFSSL_BASE64_DECODE)) EVP_ENCODE_CTX* ctx = NULL; AssertNotNull( ctx = EVP_ENCODE_CTX_new()); EVP_ENCODE_CTX_free(ctx); res = TEST_RES_CHECK(1); #endif /*OPENSSL_EXTRA && (WOLFSSL_BASE64_ENCODE || WOLFSSL_BASE64_DECODE)*/ return res; } static int test_wolfSSL_EVP_EncodeInit(void) { int res = TEST_SKIPPED; #if defined(OPENSSL_EXTRA) && defined(WOLFSSL_BASE64_ENCODE) EVP_ENCODE_CTX* ctx = NULL; AssertNotNull( ctx = EVP_ENCODE_CTX_new()); AssertIntEQ( ctx->remaining,0); AssertIntEQ( ctx->data[0],0); AssertIntEQ( ctx->data[sizeof(ctx->data) -1],0); /* make ctx dirty */ ctx->remaining = 10; XMEMSET( ctx->data, 0x77, sizeof(ctx->data)); EVP_EncodeInit(ctx); AssertIntEQ( ctx->remaining,0); AssertIntEQ( ctx->data[0],0); AssertIntEQ( ctx->data[sizeof(ctx->data) -1],0); EVP_ENCODE_CTX_free(ctx); res = TEST_RES_CHECK(1); #endif /* OPENSSL_EXTRA && WOLFSSL_BASE64_ENCODE*/ return res; } static int test_wolfSSL_EVP_EncodeUpdate(void) { int res = TEST_SKIPPED; #if defined(OPENSSL_EXTRA) && defined(WOLFSSL_BASE64_ENCODE) int outl; int total; const unsigned char plain0[] = {"Th"}; const unsigned char plain1[] = {"This is a base64 encodeing test."}; const unsigned char plain2[] = {"This is additional data."}; const unsigned char enc0[] = {"VGg=\n"}; /* expected encoded result for the first output 64 chars plus trailing LF*/ const unsigned char enc1[] = {"VGhpcyBpcyBhIGJhc2U2NCBlbmNvZGVpbmcgdGVzdC5UaGlzIGlzIGFkZGl0aW9u\n"}; const unsigned char enc2[] = {"VGhpcyBpcyBhIGJhc2U2NCBlbmNvZGVpbmcgdGVzdC5UaGlzIGlzIGFkZGl0aW9u\nYWwgZGF0YS4=\n"}; unsigned char encOutBuff[300]; EVP_ENCODE_CTX* ctx = NULL; AssertNotNull( ctx = EVP_ENCODE_CTX_new()); EVP_EncodeInit(ctx); /* illegal parameter test */ AssertIntEQ( EVP_EncodeUpdate( NULL, /* pass NULL as ctx */ encOutBuff, &outl, plain1, sizeof(plain1)-1), 0 /* expected result code 0: fail */ ); AssertIntEQ( EVP_EncodeUpdate( ctx, NULL, /* pass NULL as out buff */ &outl, plain1, sizeof(plain1)-1), 0 /* expected result code 0: fail */ ); AssertIntEQ( EVP_EncodeUpdate( ctx, encOutBuff, NULL, /* pass NULL as outl */ plain1, sizeof(plain1)-1), 0 /* expected result code 0: fail */ ); AssertIntEQ( EVP_EncodeUpdate( ctx, encOutBuff, &outl, NULL, /* pass NULL as in */ sizeof(plain1)-1), 0 /* expected result code 0: fail */ ); AssertIntEQ(EVP_EncodeBlock(NULL, NULL, 0), -1); /* meaningless parameter test */ AssertIntEQ( EVP_EncodeUpdate( ctx, encOutBuff, &outl, plain1, 0), /* pass zero input */ 1 /* expected result code 1: success */ ); /* very small data encoding test */ EVP_EncodeInit(ctx); AssertIntEQ( EVP_EncodeUpdate( ctx, encOutBuff, &outl, plain0, sizeof(plain0)-1), 1 /* expected result code 1: success */ ); AssertIntEQ(outl,0); EVP_EncodeFinal( ctx, encOutBuff + outl, &outl); AssertIntEQ( outl, sizeof(enc0)-1); AssertIntEQ( XSTRNCMP( (const char*)encOutBuff, (const char*)enc0,sizeof(enc0) ), 0); XMEMSET( encOutBuff,0, sizeof(encOutBuff)); AssertIntEQ(EVP_EncodeBlock(encOutBuff, plain0, sizeof(plain0)-1), sizeof(enc0)-1); AssertIntEQ( XSTRNCMP( (const char*)encOutBuff, (const char*)enc0,sizeof(enc0) ), 0); /* pass small size( < 48bytes ) input, then make sure they are not * encoded and just stored in ctx */ EVP_EncodeInit(ctx); total = 0; outl = 0; XMEMSET( encOutBuff,0, sizeof(encOutBuff)); AssertIntEQ( EVP_EncodeUpdate( ctx, encOutBuff, /* buffer for output */ &outl, /* size of output */ plain1, /* input */ sizeof(plain1)-1), /* size of input */ 1); /* expected result code 1:success */ total += outl; AssertIntEQ(outl, 0); /* no output expected */ AssertIntEQ(ctx->remaining, sizeof(plain1) -1); AssertTrue( XSTRNCMP((const char*)(ctx->data), (const char*)plain1, ctx->remaining) ==0 ); AssertTrue(encOutBuff[0] == 0); /* call wolfSSL_EVP_EncodeUpdate again to make it encode * the stored data and the new input together */ AssertIntEQ( EVP_EncodeUpdate( ctx, encOutBuff + outl, /* buffer for output */ &outl, /* size of output */ plain2, /* additional input */ sizeof(plain2) -1), /* size of additional input */ 1); /* expected result code 1:success */ total += outl; AssertIntNE(outl, 0); /* some output is expected this time*/ AssertIntEQ(outl, BASE64_ENCODE_RESULT_BLOCK_SIZE +1); /* 64 bytes and LF */ AssertIntEQ( XSTRNCMP((const char*)encOutBuff,(const char*)enc1,sizeof(enc1) ),0); /* call wolfSSL_EVP_EncodeFinal to flush all the unprocessed input */ EVP_EncodeFinal( ctx, encOutBuff + outl, &outl); total += outl; AssertIntNE(total,0); AssertIntNE(outl,0); AssertIntEQ(XSTRNCMP( (const char*)encOutBuff,(const char*)enc2,sizeof(enc2) ),0); /* test with illeagal parameters */ outl = 1; EVP_EncodeFinal(NULL, encOutBuff + outl, &outl); AssertIntEQ(outl, 0); outl = 1; EVP_EncodeFinal(ctx, NULL, &outl); AssertIntEQ(outl, 0); EVP_EncodeFinal(ctx, encOutBuff + outl, NULL); EVP_EncodeFinal(NULL, NULL, NULL); EVP_ENCODE_CTX_free(ctx); res = TEST_RES_CHECK(1); #endif /* OPENSSL_EXTRA && WOLFSSL_BASE64_ENCODE*/ return res; } static int test_wolfSSL_EVP_EncodeFinal(void) { int res = TEST_SKIPPED; #if defined(OPENSSL_EXTRA) && defined(WOLFSSL_BASE64_ENCODE) /* tests for wolfSSL_EVP_EncodeFinal are included in * test_wolfSSL_EVP_EncodeUpdate */ res = TEST_RES_CHECK(1); #endif /* OPENSSL_EXTRA && WOLFSSL_BASE64_ENCODE*/ return res; } static int test_wolfSSL_EVP_DecodeInit(void) { int res = TEST_SKIPPED; #if defined(OPENSSL_EXTRA) && defined(WOLFSSL_BASE64_DECODE) EVP_ENCODE_CTX* ctx = NULL; AssertNotNull( ctx = EVP_ENCODE_CTX_new()); AssertIntEQ( ctx->remaining,0); AssertIntEQ( ctx->data[0],0); AssertIntEQ( ctx->data[sizeof(ctx->data) -1],0); /* make ctx dirty */ ctx->remaining = 10; XMEMSET( ctx->data, 0x77, sizeof(ctx->data)); EVP_DecodeInit(ctx); AssertIntEQ( ctx->remaining,0); AssertIntEQ( ctx->data[0],0); AssertIntEQ( ctx->data[sizeof(ctx->data) -1],0); EVP_ENCODE_CTX_free(ctx); res = TEST_RES_CHECK(1); #endif /* OPENSSL && WOLFSSL_BASE_DECODE */ return res; } static int test_wolfSSL_EVP_DecodeUpdate(void) { int res = TEST_SKIPPED; #if defined(OPENSSL_EXTRA) && defined(WOLFSSL_BASE64_DECODE) int outl; unsigned char decOutBuff[300]; EVP_ENCODE_CTX* ctx; static const unsigned char enc1[] = {"VGhpcyBpcyBhIGJhc2U2NCBkZWNvZGluZyB0ZXN0Lg==\n"}; /* const unsigned char plain1[] = {"This is a base64 decoding test."} */ ctx = EVP_ENCODE_CTX_new(); EVP_DecodeInit(ctx); /* illegal parameter tests */ /* pass NULL as ctx */ AssertIntEQ( EVP_DecodeUpdate( NULL, /* pass NULL as ctx */ decOutBuff, &outl, enc1, sizeof(enc1)-1), -1 /* expected result code -1: fail */ ); AssertIntEQ( outl, 0); /* pass NULL as output */ AssertIntEQ( EVP_DecodeUpdate( ctx, NULL, /* pass NULL as out buff */ &outl, enc1, sizeof(enc1)-1), -1 /* expected result code -1: fail */ ); AssertIntEQ( outl, 0); /* pass NULL as outl */ AssertIntEQ( EVP_DecodeUpdate( ctx, decOutBuff, NULL, /* pass NULL as outl */ enc1, sizeof(enc1)-1), -1 /* expected result code -1: fail */ ); /* pass NULL as input */ AssertIntEQ( EVP_DecodeUpdate( ctx, decOutBuff, &outl, NULL, /* pass NULL as in */ sizeof(enc1)-1), -1 /* expected result code -1: fail */ ); AssertIntEQ( outl, 0); AssertIntEQ(EVP_DecodeBlock(NULL, NULL, 0), -1); /* pass zero length input */ AssertIntEQ( EVP_DecodeUpdate( ctx, decOutBuff, &outl, enc1, 0), /* pass zero as input len */ 1 /* expected result code 1: success */ ); /* decode correct base64 string */ { static const unsigned char enc2[] = {"VGhpcyBpcyBhIGJhc2U2NCBkZWNvZGluZyB0ZXN0Lg==\n"}; static const unsigned char plain2[] = {"This is a base64 decoding test."}; EVP_EncodeInit(ctx); AssertIntEQ( EVP_DecodeUpdate( ctx, decOutBuff, &outl, enc2, sizeof(enc2)-1), 0 /* expected result code 0: success */ ); AssertIntEQ(outl,sizeof(plain2) -1); AssertIntEQ( EVP_DecodeFinal( ctx, decOutBuff + outl, &outl), 1 /* expected result code 1: success */ ); AssertIntEQ(outl, 0); /* expected DecodeFinal outout no data */ AssertIntEQ(XSTRNCMP( (const char*)plain2,(const char*)decOutBuff, sizeof(plain2) -1 ),0); AssertIntEQ(EVP_DecodeBlock(decOutBuff, enc2, sizeof(enc2)), sizeof(plain2)-1); AssertIntEQ(XSTRNCMP( (const char*)plain2,(const char*)decOutBuff, sizeof(plain2) -1 ),0); } /* decode correct base64 string which does not have '\n' in its last*/ { static const unsigned char enc3[] = {"VGhpcyBpcyBhIGJhc2U2NCBkZWNvZGluZyB0ZXN0Lg=="}; /* 44 chars */ static const unsigned char plain3[] = {"This is a base64 decoding test."}; /* 31 chars */ EVP_EncodeInit(ctx); AssertIntEQ( EVP_DecodeUpdate( ctx, decOutBuff, &outl, enc3, sizeof(enc3)-1), 0 /* expected result code 0: success */ ); AssertIntEQ(outl,sizeof(plain3)-1); /* 31 chars should be output */ AssertIntEQ(XSTRNCMP( (const char*)plain3,(const char*)decOutBuff, sizeof(plain3) -1 ),0); AssertIntEQ( EVP_DecodeFinal( ctx, decOutBuff + outl, &outl), 1 /* expected result code 1: success */ ); AssertIntEQ(outl,0 ); AssertIntEQ(EVP_DecodeBlock(decOutBuff, enc3, sizeof(enc3)-1), sizeof(plain3)-1); AssertIntEQ(XSTRNCMP( (const char*)plain3,(const char*)decOutBuff, sizeof(plain3) -1 ),0); } /* decode string which has a padding char ('=') in the illegal position*/ { static const unsigned char enc4[] = {"VGhpcyBpcyBhIGJhc2U2N=CBkZWNvZGluZyB0ZXN0Lg==\n"}; EVP_EncodeInit(ctx); AssertIntEQ( EVP_DecodeUpdate( ctx, decOutBuff, &outl, enc4, sizeof(enc4)-1), -1 /* expected result code -1: error */ ); AssertIntEQ(outl,0); AssertIntEQ(EVP_DecodeBlock(decOutBuff, enc4, sizeof(enc4)-1), -1); } /* small data decode test */ { static const unsigned char enc00[] = {"VG"}; static const unsigned char enc01[] = {"g=\n"}; static const unsigned char plain4[] = {"Th"}; EVP_EncodeInit(ctx); AssertIntEQ( EVP_DecodeUpdate( ctx, decOutBuff, &outl, enc00, sizeof(enc00)-1), 1 /* expected result code 1: success */ ); AssertIntEQ(outl,0); AssertIntEQ( EVP_DecodeUpdate( ctx, decOutBuff + outl, &outl, enc01, sizeof(enc01)-1), 0 /* expected result code 0: success */ ); AssertIntEQ(outl,sizeof(plain4)-1); /* test with illegal parameters */ AssertIntEQ(EVP_DecodeFinal(NULL,decOutBuff + outl,&outl), -1); AssertIntEQ(EVP_DecodeFinal(ctx,NULL,&outl), -1); AssertIntEQ(EVP_DecodeFinal(ctx,decOutBuff + outl, NULL), -1); AssertIntEQ(EVP_DecodeFinal(NULL,NULL, NULL), -1); EVP_DecodeFinal( ctx, decOutBuff + outl, &outl); AssertIntEQ( outl, 0); AssertIntEQ( XSTRNCMP( (const char*)decOutBuff, (const char*)plain4,sizeof(plain4)-1 ), 0); } EVP_ENCODE_CTX_free(ctx); res = TEST_RES_CHECK(1); #endif /* OPENSSL && WOLFSSL_BASE_DECODE */ return res; } static int test_wolfSSL_EVP_DecodeFinal(void) { int res = TEST_SKIPPED; #if defined(OPENSSL_EXTRA) && defined(WOLFSSL_BASE64_DECODE) /* tests for wolfSSL_EVP_DecodeFinal are included in * test_wolfSSL_EVP_DecodeUpdate */ res = TEST_RES_CHECK(1); #endif /* OPENSSL && WOLFSSL_BASE_DECODE */ return res; } /* Test function for wolfSSL_EVP_get_cipherbynid. */ #ifdef OPENSSL_EXTRA static int test_wolfSSL_EVP_get_cipherbynid(void) { #ifndef NO_AES const WOLFSSL_EVP_CIPHER* c; c = wolfSSL_EVP_get_cipherbynid(419); #if (defined(HAVE_AES_CBC) || defined(WOLFSSL_AES_DIRECT)) && \ defined(WOLFSSL_AES_128) AssertNotNull(c); AssertNotNull(strcmp("EVP_AES_128_CBC", c)); #else AssertNull(c); #endif c = wolfSSL_EVP_get_cipherbynid(423); #if (defined(HAVE_AES_CBC) || defined(WOLFSSL_AES_DIRECT)) && \ defined(WOLFSSL_AES_192) AssertNotNull(c); AssertNotNull(strcmp("EVP_AES_192_CBC", c)); #else AssertNull(c); #endif c = wolfSSL_EVP_get_cipherbynid(427); #if (defined(HAVE_AES_CBC) || defined(WOLFSSL_AES_DIRECT)) && \ defined(WOLFSSL_AES_256) AssertNotNull(c); AssertNotNull(strcmp("EVP_AES_256_CBC", c)); #else AssertNull(c); #endif c = wolfSSL_EVP_get_cipherbynid(904); #if defined(WOLFSSL_AES_COUNTER) && defined(WOLFSSL_AES_128) AssertNotNull(c); AssertNotNull(strcmp("EVP_AES_128_CTR", c)); #else AssertNull(c); #endif c = wolfSSL_EVP_get_cipherbynid(905); #if defined(WOLFSSL_AES_COUNTER) && defined(WOLFSSL_AES_192) AssertNotNull(c); AssertNotNull(strcmp("EVP_AES_192_CTR", c)); #else AssertNull(c); #endif c = wolfSSL_EVP_get_cipherbynid(906); #if defined(WOLFSSL_AES_COUNTER) && defined(WOLFSSL_AES_256) AssertNotNull(c); AssertNotNull(strcmp("EVP_AES_256_CTR", c)); #else AssertNull(c); #endif c = wolfSSL_EVP_get_cipherbynid(418); #if defined(HAVE_AES_ECB) && defined(WOLFSSL_AES_128) AssertNotNull(c); AssertNotNull(strcmp("EVP_AES_128_ECB", c)); #else AssertNull(c); #endif c = wolfSSL_EVP_get_cipherbynid(422); #if defined(HAVE_AES_ECB) && defined(WOLFSSL_AES_192) AssertNotNull(c); AssertNotNull(strcmp("EVP_AES_192_ECB", c)); #else AssertNull(c); #endif c = wolfSSL_EVP_get_cipherbynid(426); #if defined(HAVE_AES_ECB) && defined(WOLFSSL_AES_256) AssertNotNull(c); AssertNotNull(strcmp("EVP_AES_256_ECB", c)); #else AssertNull(c); #endif #endif /* !NO_AES */ #ifndef NO_DES3 AssertNotNull(strcmp("EVP_DES_CBC", wolfSSL_EVP_get_cipherbynid(31))); #ifdef WOLFSSL_DES_ECB AssertNotNull(strcmp("EVP_DES_ECB", wolfSSL_EVP_get_cipherbynid(29))); #endif AssertNotNull(strcmp("EVP_DES_EDE3_CBC", wolfSSL_EVP_get_cipherbynid(44))); #ifdef WOLFSSL_DES_ECB AssertNotNull(strcmp("EVP_DES_EDE3_ECB", wolfSSL_EVP_get_cipherbynid(33))); #endif #endif /* !NO_DES3 */ #if defined(HAVE_CHACHA) && defined(HAVE_POLY1305) AssertNotNull(strcmp("EVP_CHACHA20_POLY13O5", EVP_get_cipherbynid(1018))); #endif /* test for nid is out of range */ AssertNull(wolfSSL_EVP_get_cipherbynid(1)); return TEST_RES_CHECK(1); } static int test_wolfSSL_EVP_CIPHER_CTX(void) { int res = TEST_SKIPPED; #if !defined(NO_AES) && defined(HAVE_AES_CBC) && defined(WOLFSSL_AES_128) EVP_CIPHER_CTX *ctx = EVP_CIPHER_CTX_new(); const EVP_CIPHER *init = EVP_aes_128_cbc(); const EVP_CIPHER *test; byte key[AES_BLOCK_SIZE] = {0}; byte iv[AES_BLOCK_SIZE] = {0}; AssertNotNull(ctx); wolfSSL_EVP_CIPHER_CTX_init(ctx); AssertIntEQ(EVP_CipherInit(ctx, init, key, iv, 1), WOLFSSL_SUCCESS); test = EVP_CIPHER_CTX_cipher(ctx); AssertTrue(init == test); AssertIntEQ(EVP_CIPHER_nid(test), NID_aes_128_cbc); AssertIntEQ(EVP_CIPHER_CTX_reset(ctx), WOLFSSL_SUCCESS); AssertIntEQ(EVP_CIPHER_CTX_reset(NULL), WOLFSSL_FAILURE); EVP_CIPHER_CTX_free(ctx); /* test EVP_CIPHER_CTX_cleanup with NULL */ AssertIntEQ(EVP_CIPHER_CTX_cleanup(NULL), WOLFSSL_SUCCESS); res = TEST_RES_CHECK(1); #endif /* !NO_AES && HAVE_AES_CBC && WOLFSSL_AES_128 */ return res; } #endif /* OPENSSL_EXTRA */ /*----------------------------------------------------------------------------* | IO *----------------------------------------------------------------------------*/ /* helper functions */ #ifdef HAVE_IO_TESTS_DEPENDENCIES #ifdef WOLFSSL_SESSION_EXPORT #ifdef WOLFSSL_DTLS /* set up function for sending session information */ static int test_export(WOLFSSL* inSsl, byte* buf, word32 sz, void* userCtx) { WOLFSSL_CTX* ctx = NULL; WOLFSSL* ssl = NULL; AssertNotNull(inSsl); AssertNotNull(buf); AssertIntNE(0, sz); /* Set ctx to DTLS 1.2 */ ctx = wolfSSL_CTX_new(wolfDTLSv1_2_server_method()); AssertNotNull(ctx); ssl = wolfSSL_new(ctx); AssertNotNull(ssl); AssertIntGE(wolfSSL_dtls_import(ssl, buf, sz), 0); wolfSSL_free(ssl); wolfSSL_CTX_free(ctx); (void)userCtx; return 0; } #endif /* returns negative value on fail and positive (including 0) on success */ static int nonblocking_accept_read(void* args, WOLFSSL* ssl, SOCKET_T* sockfd) { int ret, err, loop_count, count, timeout = 10; char msg[] = "I hear you fa shizzle!"; char input[1024]; loop_count = ((func_args*)args)->argc; #ifdef WOLFSSL_ASYNC_CRYPT err = 0; /* Reset error */ #endif do { #ifdef WOLFSSL_ASYNC_CRYPT if (err == WC_PENDING_E) { ret = wolfSSL_AsyncPoll(ssl, WOLF_POLL_FLAG_CHECK_HW); if (ret < 0) { break; } else if (ret == 0) { continue; } } #endif ret = wolfSSL_accept(ssl); err = wolfSSL_get_error(ssl, 0); if (err == WOLFSSL_ERROR_WANT_READ || err == WOLFSSL_ERROR_WANT_WRITE) { int select_ret; err = WC_PENDING_E; select_ret = tcp_select(*sockfd, timeout); if (select_ret == TEST_TIMEOUT) { return WOLFSSL_FATAL_ERROR; } } } while (err == WC_PENDING_E); if (ret != WOLFSSL_SUCCESS) { char buff[WOLFSSL_MAX_ERROR_SZ]; fprintf(stderr, "error = %d, %s\n", err, wolfSSL_ERR_error_string(err, buff)); return ret; } for (count = 0; count < loop_count; count++) { int select_ret; select_ret = tcp_select(*sockfd, timeout); if (select_ret == TEST_TIMEOUT) { ret = WOLFSSL_FATAL_ERROR; break; } do { ret = wolfSSL_read(ssl, input, sizeof(input)-1); if (ret > 0) { input[ret] = '\0'; fprintf(stderr, "Client message: %s\n", input); } } while (err == WOLFSSL_ERROR_WANT_READ && ret != WOLFSSL_SUCCESS); do { if ((ret = wolfSSL_write(ssl, msg, sizeof(msg))) != sizeof(msg)) { return WOLFSSL_FATAL_ERROR; } err = wolfSSL_get_error(ssl, ret); } while (err == WOLFSSL_ERROR_WANT_READ && ret != WOLFSSL_SUCCESS); } return ret; } #endif /* WOLFSSL_SESSION_EXPORT */ /* TODO: Expand and enable this when EVP_chacha20_poly1305 is supported */ #if defined(HAVE_SESSION_TICKET) && defined(OPENSSL_EXTRA) && \ defined(HAVE_AES_CBC) typedef struct openssl_key_ctx { byte name[WOLFSSL_TICKET_NAME_SZ]; /* server name */ byte key[WOLFSSL_TICKET_KEY_SZ]; /* cipher key */ byte hmacKey[WOLFSSL_TICKET_NAME_SZ]; /* hmac key */ byte iv[WOLFSSL_TICKET_IV_SZ]; /* cipher iv */ } openssl_key_ctx; static THREAD_LS_T openssl_key_ctx myOpenSSLKey_ctx; static THREAD_LS_T WC_RNG myOpenSSLKey_rng; static WC_INLINE int OpenSSLTicketInit(void) { int ret = wc_InitRng(&myOpenSSLKey_rng); if (ret != 0) return ret; ret = wc_RNG_GenerateBlock(&myOpenSSLKey_rng, myOpenSSLKey_ctx.name, sizeof(myOpenSSLKey_ctx.name)); if (ret != 0) return ret; ret = wc_RNG_GenerateBlock(&myOpenSSLKey_rng, myOpenSSLKey_ctx.key, sizeof(myOpenSSLKey_ctx.key)); if (ret != 0) return ret; ret = wc_RNG_GenerateBlock(&myOpenSSLKey_rng, myOpenSSLKey_ctx.hmacKey, sizeof(myOpenSSLKey_ctx.hmacKey)); if (ret != 0) return ret; ret = wc_RNG_GenerateBlock(&myOpenSSLKey_rng, myOpenSSLKey_ctx.iv, sizeof(myOpenSSLKey_ctx.iv)); if (ret != 0) return ret; return 0; } static WC_INLINE int myTicketEncCbOpenSSL(WOLFSSL* ssl, byte name[WOLFSSL_TICKET_NAME_SZ], byte iv[WOLFSSL_TICKET_IV_SZ], WOLFSSL_EVP_CIPHER_CTX *ectx, WOLFSSL_HMAC_CTX *hctx, int enc) { (void)ssl; if (enc) { XMEMCPY(name, myOpenSSLKey_ctx.name, sizeof(myOpenSSLKey_ctx.name)); XMEMCPY(iv, myOpenSSLKey_ctx.iv, sizeof(myOpenSSLKey_ctx.iv)); } else if (XMEMCMP(name, myOpenSSLKey_ctx.name, sizeof(myOpenSSLKey_ctx.name)) != 0 || XMEMCMP(iv, myOpenSSLKey_ctx.iv, sizeof(myOpenSSLKey_ctx.iv)) != 0) { return 0; } HMAC_Init_ex(hctx, myOpenSSLKey_ctx.hmacKey, WOLFSSL_TICKET_NAME_SZ, EVP_sha256(), NULL); if (enc) EVP_EncryptInit_ex(ectx, EVP_aes_256_cbc(), NULL, myOpenSSLKey_ctx.key, iv); else EVP_DecryptInit_ex(ectx, EVP_aes_256_cbc(), NULL, myOpenSSLKey_ctx.key, iv); return 1; } static WC_INLINE void OpenSSLTicketCleanup(void) { wc_FreeRng(&myOpenSSLKey_rng); } #endif #ifdef WOLFSSL_HAVE_TLS_UNIQUE #ifdef WC_SHA512_DIGEST_SIZE #define MD_MAX_SIZE WC_SHA512_DIGEST_SIZE #else #define MD_MAX_SIZE WC_SHA256_DIGEST_SIZE #endif byte server_side_msg1[MD_MAX_SIZE] = {0};/* msg sent by server */ byte server_side_msg2[MD_MAX_SIZE] = {0};/* msg received from client */ byte client_side_msg1[MD_MAX_SIZE] = {0};/* msg sent by client */ byte client_side_msg2[MD_MAX_SIZE] = {0};/* msg received from server */ #endif /* WOLFSSL_HAVE_TLS_UNIQUE */ static THREAD_RETURN WOLFSSL_THREAD test_server_nofail(void* args) { SOCKET_T sockfd = 0; SOCKET_T clientfd = 0; word16 port; callback_functions* cbf; WOLFSSL_CTX* ctx = 0; WOLFSSL* ssl = 0; func_args* opts = (func_args*)args; char msg[] = "I hear you fa shizzle!"; char input[1024]; int idx; int ret, err = 0; int sharedCtx = 0; int doUdp = 0; SOCKADDR_IN_T cliAddr; socklen_t cliLen; const char* certFile = svrCertFile; const char* keyFile = svrKeyFile; #ifdef WOLFSSL_HAVE_TLS_UNIQUE size_t msg_len = 0; #endif #ifdef WOLFSSL_TIRTOS fdOpenSession(Task_self()); #endif opts->return_code = TEST_FAIL; cbf = opts->callbacks; if (cbf != NULL && cbf->ctx) { ctx = cbf->ctx; sharedCtx = 1; } else { WOLFSSL_METHOD* method = NULL; if (cbf != NULL && cbf->method != NULL) { method = cbf->method(); } else { method = wolfSSLv23_server_method(); } ctx = wolfSSL_CTX_new(method); } if (ctx == NULL) { goto done; } if (cbf == NULL || !cbf->ticNoInit) { #if defined(HAVE_SESSION_TICKET) && \ ((defined(HAVE_CHACHA) && defined(HAVE_POLY1305)) || defined(HAVE_AESGCM)) #if defined(OPENSSL_EXTRA) && defined(HAVE_AES_CBC) OpenSSLTicketInit(); wolfSSL_CTX_set_tlsext_ticket_key_cb(ctx, myTicketEncCbOpenSSL); #elif defined(WOLFSSL_NO_DEF_TICKET_ENC_CB) TicketInit(); wolfSSL_CTX_set_TicketEncCb(ctx, myTicketEncCb); #endif #endif } #if defined(USE_WINDOWS_API) port = opts->signal->port; #elif defined(NO_MAIN_DRIVER) && !defined(WOLFSSL_SNIFFER) && \ !defined(WOLFSSL_MDK_SHELL) && !defined(WOLFSSL_TIRTOS) /* Let tcp_listen assign port */ port = 0; #else /* Use default port */ port = wolfSSLPort; #endif if (cbf != NULL) doUdp = cbf->doUdp; /* do it here to detect failure */ tcp_accept( &sockfd, &clientfd, opts, port, 0, doUdp, 0, 0, 1, 0, 0); if (doUdp) { cliLen = sizeof(cliAddr); idx = (int)recvfrom(sockfd, input, sizeof(input), MSG_PEEK, (struct sockaddr*)&cliAddr, &cliLen); AssertIntGT(idx, 0); } else { CloseSocket(sockfd); } wolfSSL_CTX_set_verify(ctx, WOLFSSL_VERIFY_PEER | WOLFSSL_VERIFY_FAIL_IF_NO_PEER_CERT, 0); #ifdef WOLFSSL_ENCRYPTED_KEYS wolfSSL_CTX_set_default_passwd_cb(ctx, PasswordCallBack); #endif if (wolfSSL_CTX_load_verify_locations(ctx, cliCertFile, 0) != WOLFSSL_SUCCESS) { /*err_sys("can't load ca file, Please run from wolfSSL home dir");*/ goto done; } if (cbf != NULL && cbf->certPemFile != NULL) certFile = cbf->certPemFile; #if defined(OPENSSL_EXTRA) || defined(WOLFSSL_EITHER_SIDE) if (!sharedCtx && wolfSSL_CTX_use_certificate_file(ctx, certFile, WOLFSSL_FILETYPE_PEM) != WOLFSSL_SUCCESS) { #else if (wolfSSL_CTX_use_certificate_file(ctx, certFile, WOLFSSL_FILETYPE_PEM) != WOLFSSL_SUCCESS) { #endif /*err_sys("can't load server cert chain file, " "Please run from wolfSSL home dir");*/ goto done; } if (cbf != NULL && cbf->keyPemFile != NULL) keyFile = cbf->keyPemFile; #if defined(OPENSSL_EXTRA) || defined(WOLFSSL_EITHER_SIDE) if (!sharedCtx && wolfSSL_CTX_use_PrivateKey_file(ctx, keyFile, WOLFSSL_FILETYPE_PEM) != WOLFSSL_SUCCESS) { #else if (wolfSSL_CTX_use_PrivateKey_file(ctx, keyFile, WOLFSSL_FILETYPE_PEM) != WOLFSSL_SUCCESS) { #endif /*err_sys("can't load server key file, " "Please run from wolfSSL home dir");*/ goto done; } #ifdef HAVE_CRL if (cbf != NULL && cbf->crlPemFile != NULL) { if (wolfSSL_CTX_EnableCRL(ctx, WOLFSSL_CRL_CHECKALL) != WOLFSSL_SUCCESS) goto done; if (wolfSSL_CTX_LoadCRLFile(ctx, cbf->crlPemFile, WOLFSSL_FILETYPE_PEM) != WOLFSSL_SUCCESS) goto done; } #endif /* call ctx setup callback */ if (cbf != NULL && cbf->ctx_ready != NULL) { cbf->ctx_ready(ctx); } ssl = wolfSSL_new(ctx); if (ssl == NULL) { goto done; } if (doUdp) { err = wolfSSL_dtls_set_peer(ssl, &cliAddr, cliLen); if (err != WOLFSSL_SUCCESS) goto done; } #ifdef WOLFSSL_SESSION_EXPORT /* only add in more complex nonblocking case with session export tests */ if (args && opts->argc > 0) { /* set as nonblock and time out for waiting on read/write */ tcp_set_nonblocking(&clientfd); wolfSSL_dtls_set_using_nonblock(ssl, 1); } #endif #if defined(OPENSSL_EXTRA) || defined(WOLFSSL_EITHER_SIDE) if (sharedCtx && wolfSSL_use_certificate_file(ssl, certFile, WOLFSSL_FILETYPE_PEM) != WOLFSSL_SUCCESS) { #else if (wolfSSL_use_certificate_file(ssl, certFile, WOLFSSL_FILETYPE_PEM) != WOLFSSL_SUCCESS) { #endif /*err_sys("can't load server cert chain file, " "Please run from wolfSSL home dir");*/ goto done; } #if defined(OPENSSL_EXTRA) || defined(WOLFSSL_EITHER_SIDE) if (sharedCtx && wolfSSL_use_PrivateKey_file(ssl, keyFile, WOLFSSL_FILETYPE_PEM) != WOLFSSL_SUCCESS) { #else if (wolfSSL_use_PrivateKey_file(ssl, keyFile, WOLFSSL_FILETYPE_PEM) != WOLFSSL_SUCCESS) { #endif /*err_sys("can't load server key file, " "Please run from wolfSSL home dir");*/ goto done; } if (wolfSSL_set_fd(ssl, clientfd) != WOLFSSL_SUCCESS) { /*err_sys("SSL_set_fd failed");*/ goto done; } #if !defined(NO_FILESYSTEM) && !defined(NO_DH) wolfSSL_SetTmpDH_file(ssl, dhParamFile, WOLFSSL_FILETYPE_PEM); #elif !defined(NO_DH) SetDH(ssl); /* will repick suites with DHE, higher priority than PSK */ #endif /* call ssl setup callback */ if (cbf != NULL && cbf->ssl_ready != NULL) { cbf->ssl_ready(ssl); } #ifdef WOLFSSL_SESSION_EXPORT /* only add in more complex nonblocking case with session export tests */ if (opts->argc > 0) { ret = nonblocking_accept_read(args, ssl, &clientfd); if (ret >= 0) { opts->return_code = TEST_SUCCESS; } #ifdef WOLFSSL_TIRTOS Task_yield(); #endif goto done; } #endif #ifdef WOLFSSL_ASYNC_CRYPT err = 0; /* Reset error */ #endif do { #ifdef WOLFSSL_ASYNC_CRYPT if (err == WC_PENDING_E) { ret = wolfSSL_AsyncPoll(ssl, WOLF_POLL_FLAG_CHECK_HW); if (ret < 0) { break; } else if (ret == 0) { continue; } } #endif ret = wolfSSL_accept(ssl); err = wolfSSL_get_error(ssl, 0); } while (err == WC_PENDING_E); if (ret != WOLFSSL_SUCCESS) { char buff[WOLFSSL_MAX_ERROR_SZ]; fprintf(stderr, "error = %d, %s\n", err, wolfSSL_ERR_error_string(err, buff)); /*err_sys("SSL_accept failed");*/ goto done; } #ifdef WOLFSSL_HAVE_TLS_UNIQUE XMEMSET(server_side_msg2, 0, MD_MAX_SIZE); msg_len = wolfSSL_get_peer_finished(ssl, server_side_msg2, MD_MAX_SIZE); AssertIntGE(msg_len, 0); XMEMSET(server_side_msg1, 0, MD_MAX_SIZE); msg_len = wolfSSL_get_finished(ssl, server_side_msg1, MD_MAX_SIZE); AssertIntGE(msg_len, 0); #endif /* WOLFSSL_HAVE_TLS_UNIQUE */ idx = wolfSSL_read(ssl, input, sizeof(input)-1); if (idx > 0) { input[idx] = '\0'; fprintf(stderr, "Client message: %s\n", input); } if (wolfSSL_write(ssl, msg, sizeof(msg)) != sizeof(msg)) { /*err_sys("SSL_write failed");*/ #ifdef WOLFSSL_TIRTOS return; #else return 0; #endif } if (cbf != NULL && cbf->on_result != NULL) cbf->on_result(ssl); #ifdef WOLFSSL_TIRTOS Task_yield(); #endif opts->return_code = TEST_SUCCESS; done: if (cbf != NULL) cbf->last_err = err; if (cbf != NULL && cbf->on_cleanup != NULL) cbf->on_cleanup(ssl); wolfSSL_shutdown(ssl); wolfSSL_free(ssl); if (!sharedCtx) wolfSSL_CTX_free(ctx); CloseSocket(clientfd); #ifdef WOLFSSL_TIRTOS fdCloseSession(Task_self()); #endif #if defined(NO_MAIN_DRIVER) && defined(HAVE_ECC) && defined(FP_ECC) \ && defined(HAVE_THREAD_LS) wc_ecc_fp_free(); /* free per thread cache */ #endif if (cbf == NULL || !cbf->ticNoInit) { #if defined(HAVE_SESSION_TICKET) && \ ((defined(HAVE_CHACHA) && defined(HAVE_POLY1305)) || defined(HAVE_AESGCM)) #if defined(OPENSSL_EXTRA) && defined(HAVE_AES_CBC) OpenSSLTicketCleanup(); #elif defined(WOLFSSL_NO_DEF_TICKET_ENC_CB) TicketCleanup(); #endif #endif } #ifndef WOLFSSL_TIRTOS return 0; #endif } #if defined(OPENSSL_EXTRA) && !defined(NO_SESSION_CACHE) && !defined(WOLFSSL_TLS13) static THREAD_RETURN WOLFSSL_THREAD test_server_loop(void* args) { SOCKET_T sockfd = 0; SOCKET_T clientfd = 0; word16 port; callback_functions* cbf; WOLFSSL_CTX* ctx = 0; WOLFSSL* ssl = 0; char msg[] = "I hear you fa shizzle!"; char input[1024]; int idx; int ret, err = 0; int sharedCtx = 0; int loop_count = ((func_args*)args)->argc; int count = 0; #ifdef WOLFSSL_TIRTOS fdOpenSession(Task_self()); #endif ((func_args*)args)->return_code = TEST_FAIL; cbf = ((func_args*)args)->callbacks; #if defined(OPENSSL_EXTRA) || defined(WOLFSSL_EITHER_SIDE) if (cbf != NULL && cbf->ctx) { ctx = cbf->ctx; sharedCtx = 1; } else #endif { WOLFSSL_METHOD* method = NULL; if (cbf != NULL && cbf->method != NULL) { method = cbf->method(); } else { method = wolfSSLv23_server_method(); } ctx = wolfSSL_CTX_new(method); } #if defined(USE_WINDOWS_API) port = ((func_args*)args)->signal->port; #elif defined(NO_MAIN_DRIVER) && !defined(WOLFSSL_SNIFFER) && \ !defined(WOLFSSL_MDK_SHELL) && !defined(WOLFSSL_TIRTOS) /* Let tcp_listen assign port */ port = 0; #else /* Use default port */ port = wolfSSLPort; #endif wolfSSL_CTX_set_verify(ctx, WOLFSSL_VERIFY_PEER | WOLFSSL_VERIFY_FAIL_IF_NO_PEER_CERT, 0); #ifdef WOLFSSL_ENCRYPTED_KEYS wolfSSL_CTX_set_default_passwd_cb(ctx, PasswordCallBack); #endif if (wolfSSL_CTX_load_verify_locations(ctx, cliCertFile, 0) != WOLFSSL_SUCCESS) { /*err_sys("can't load ca file, Please run from wolfSSL home dir");*/ goto done; } if (!sharedCtx && wolfSSL_CTX_use_certificate_file(ctx, svrCertFile, WOLFSSL_FILETYPE_PEM) != WOLFSSL_SUCCESS) { /*err_sys("can't load server cert chain file, " "Please run from wolfSSL home dir");*/ goto done; } if (!sharedCtx && wolfSSL_CTX_use_PrivateKey_file(ctx, svrKeyFile, WOLFSSL_FILETYPE_PEM) != WOLFSSL_SUCCESS) { /*err_sys("can't load server key file, " "Please run from wolfSSL home dir");*/ goto done; } /* call ctx setup callback */ if (cbf != NULL && cbf->ctx_ready != NULL) { cbf->ctx_ready(ctx); } while (count != loop_count) { ssl = wolfSSL_new(ctx); if (ssl == NULL) { goto done; } if (sharedCtx && wolfSSL_use_certificate_file(ssl, svrCertFile, WOLFSSL_FILETYPE_PEM) != WOLFSSL_SUCCESS) { /*err_sys("can't load server cert chain file, " "Please run from wolfSSL home dir");*/ goto done; } if (sharedCtx && wolfSSL_use_PrivateKey_file(ssl, svrKeyFile, WOLFSSL_FILETYPE_PEM) != WOLFSSL_SUCCESS) { /*err_sys("can't load server key file, " "Please run from wolfSSL home dir");*/ goto done; } #if !defined(NO_FILESYSTEM) && !defined(NO_DH) wolfSSL_SetTmpDH_file(ssl, dhParamFile, WOLFSSL_FILETYPE_PEM); #elif !defined(NO_DH) SetDH(ssl); /* will repick suites with DHE, higher priority than PSK */ #endif /* call ssl setup callback */ if (cbf != NULL && cbf->ssl_ready != NULL) { cbf->ssl_ready(ssl); } /* do it here to detect failure */ tcp_accept(&sockfd, &clientfd, (func_args*)args, port, 0, 0, 0, 0, 1, 0, 0); CloseSocket(sockfd); if (wolfSSL_set_fd(ssl, clientfd) != WOLFSSL_SUCCESS) { /*err_sys("SSL_set_fd failed");*/ goto done; } #ifdef WOLFSSL_ASYNC_CRYPT err = 0; /* Reset error */ #endif do { #ifdef WOLFSSL_ASYNC_CRYPT if (err == WC_PENDING_E) { ret = wolfSSL_AsyncPoll(ssl, WOLF_POLL_FLAG_CHECK_HW); if (ret < 0) { break; } else if (ret == 0) { continue; } } #endif ret = wolfSSL_accept(ssl); err = wolfSSL_get_error(ssl, 0); } while (err == WC_PENDING_E); if (ret != WOLFSSL_SUCCESS) { char buff[WOLFSSL_MAX_ERROR_SZ]; fprintf(stderr, "error = %d, %s\n", err, wolfSSL_ERR_error_string(err, buff)); /*err_sys("SSL_accept failed");*/ goto done; } idx = wolfSSL_read(ssl, input, sizeof(input)-1); if (idx > 0) { input[idx] = '\0'; fprintf(stderr, "Client message: %s\n", input); } if (wolfSSL_write(ssl, msg, sizeof(msg)) != sizeof(msg)) { /*err_sys("SSL_write failed");*/ #ifdef WOLFSSL_TIRTOS return; #else return 0; #endif } /* free ssl for this connection */ wolfSSL_shutdown(ssl); wolfSSL_free(ssl); ssl = NULL; CloseSocket(clientfd); count++; } #ifdef WOLFSSL_TIRTOS Task_yield(); #endif ((func_args*)args)->return_code = TEST_SUCCESS; done: if (ssl != NULL) { wolfSSL_shutdown(ssl); wolfSSL_free(ssl); } if (!sharedCtx) wolfSSL_CTX_free(ctx); CloseSocket(clientfd); #ifdef WOLFSSL_TIRTOS fdCloseSession(Task_self()); #endif #if defined(NO_MAIN_DRIVER) && defined(HAVE_ECC) && defined(FP_ECC) \ && defined(HAVE_THREAD_LS) wc_ecc_fp_free(); /* free per thread cache */ #endif #ifndef WOLFSSL_TIRTOS return 0; #endif } #endif /* defined(OPENSSL_EXTRA) && !defined(NO_SESSION_CACHE) && !defined(WOLFSSL_TLS13) */ typedef int (*cbType)(WOLFSSL_CTX *ctx, WOLFSSL *ssl); static int test_client_nofail(void* args, cbType cb) { #if !defined(NO_WOLFSSL_CLIENT) SOCKET_T sockfd = 0; callback_functions* cbf; WOLFSSL_CTX* ctx = 0; WOLFSSL* ssl = 0; WOLFSSL_CIPHER* cipher; char msg[64] = "hello wolfssl!"; char reply[1024]; int input; int msgSz = (int)XSTRLEN(msg); int ret, err = 0; int cipherSuite; int sharedCtx = 0; int doUdp = 0; const char* cipherName1, *cipherName2; #ifdef WOLFSSL_TIRTOS fdOpenSession(Task_self()); #endif ((func_args*)args)->return_code = TEST_FAIL; cbf = ((func_args*)args)->callbacks; #if defined(OPENSSL_EXTRA) || defined(WOLFSSL_EITHER_SIDE) if (cbf != NULL && cbf->ctx) { ctx = cbf->ctx; sharedCtx = cbf->isSharedCtx; } else #endif { WOLFSSL_METHOD* method = NULL; if (cbf != NULL && cbf->method != NULL) { method = cbf->method(); } else { method = wolfSSLv23_client_method(); } ctx = wolfSSL_CTX_new(method); } if (cbf != NULL) doUdp = cbf->doUdp; #ifdef WOLFSSL_ENCRYPTED_KEYS wolfSSL_CTX_set_default_passwd_cb(ctx, PasswordCallBack); #endif /* Do connect here so server detects failures */ tcp_connect(&sockfd, wolfSSLIP, ((func_args*)args)->signal->port, doUdp, 0, NULL); /* Connect the socket so that we don't have to set the peer later on */ if (doUdp) udp_connect(&sockfd, wolfSSLIP, ((func_args*)args)->signal->port); if (wolfSSL_CTX_load_verify_locations(ctx, caCertFile, 0) != WOLFSSL_SUCCESS) { /* err_sys("can't load ca file, Please run from wolfSSL home dir");*/ goto done; } #if defined(OPENSSL_EXTRA) || defined(WOLFSSL_EITHER_SIDE) if (!sharedCtx && wolfSSL_CTX_use_certificate_file(ctx, cliCertFile, WOLFSSL_FILETYPE_PEM) != WOLFSSL_SUCCESS) { #else if (wolfSSL_CTX_use_certificate_file(ctx, cliCertFile, WOLFSSL_FILETYPE_PEM) != WOLFSSL_SUCCESS) { #endif /*err_sys("can't load client cert file, " "Please run from wolfSSL home dir");*/ goto done; } #if defined(OPENSSL_EXTRA) || defined(WOLFSSL_EITHER_SIDE) if (!sharedCtx && wolfSSL_CTX_use_PrivateKey_file(ctx, cliKeyFile, WOLFSSL_FILETYPE_PEM) != WOLFSSL_SUCCESS) { #else if (wolfSSL_CTX_use_PrivateKey_file(ctx, cliKeyFile, WOLFSSL_FILETYPE_PEM) != WOLFSSL_SUCCESS) { #endif /*err_sys("can't load client key file, " "Please run from wolfSSL home dir");*/ goto done; } #ifdef HAVE_CRL if (cbf != NULL && cbf->crlPemFile != NULL) { if (wolfSSL_CTX_EnableCRL(ctx, WOLFSSL_CRL_CHECKALL) != WOLFSSL_SUCCESS) goto done; if (wolfSSL_CTX_LoadCRLFile(ctx, cbf->crlPemFile, WOLFSSL_FILETYPE_PEM) != WOLFSSL_SUCCESS) goto done; } #endif /* call ctx setup callback */ if (cbf != NULL && cbf->ctx_ready != NULL) { cbf->ctx_ready(ctx); } ssl = wolfSSL_new(ctx); if (ssl == NULL) { goto done; } #if defined(OPENSSL_EXTRA) || defined(WOLFSSL_EITHER_SIDE) if (sharedCtx && wolfSSL_use_certificate_file(ssl, cliCertFile, WOLFSSL_FILETYPE_PEM) != WOLFSSL_SUCCESS) { #else if (wolfSSL_use_certificate_file(ssl, cliCertFile, WOLFSSL_FILETYPE_PEM) != WOLFSSL_SUCCESS) { #endif /*err_sys("can't load client cert file, " "Please run from wolfSSL home dir");*/ goto done; } #if defined(OPENSSL_EXTRA) || defined(WOLFSSL_EITHER_SIDE) if (sharedCtx && wolfSSL_use_PrivateKey_file(ssl, cliKeyFile, WOLFSSL_FILETYPE_PEM) != WOLFSSL_SUCCESS) { #else if (wolfSSL_use_PrivateKey_file(ssl, cliKeyFile, WOLFSSL_FILETYPE_PEM) != WOLFSSL_SUCCESS) { #endif /*err_sys("can't load client key file, " "Please run from wolfSSL home dir");*/ goto done; } if (!doUdp) { if (wolfSSL_set_fd(ssl, sockfd) != WOLFSSL_SUCCESS) { /*err_sys("SSL_set_fd failed");*/ goto done; } } else { #ifdef WOLFSSL_DTLS if (wolfSSL_set_dtls_fd_connected(ssl, sockfd) != WOLFSSL_SUCCESS) { /*err_sys("SSL_set_fd failed");*/ goto done; } #else goto done; #endif } /* call ssl setup callback */ if (cbf != NULL && cbf->ssl_ready != NULL) { cbf->ssl_ready(ssl); } #ifdef WOLFSSL_ASYNC_CRYPT err = 0; /* Reset error */ #endif do { #ifdef WOLFSSL_ASYNC_CRYPT if (err == WC_PENDING_E) { ret = wolfSSL_AsyncPoll(ssl, WOLF_POLL_FLAG_CHECK_HW); if (ret < 0) { break; } else if (ret == 0) { continue; } } #endif ret = wolfSSL_connect(ssl); err = wolfSSL_get_error(ssl, 0); } while (err == WC_PENDING_E); if (ret != WOLFSSL_SUCCESS) { char buff[WOLFSSL_MAX_ERROR_SZ]; fprintf(stderr, "error = %d, %s\n", err, wolfSSL_ERR_error_string(err, buff)); /*err_sys("SSL_connect failed");*/ goto done; } /* test the various get cipher methods */ /* Internal cipher suite names */ cipherSuite = wolfSSL_get_current_cipher_suite(ssl); cipherName1 = wolfSSL_get_cipher_name(ssl); cipherName2 = wolfSSL_get_cipher_name_from_suite( (cipherSuite >> 8), cipherSuite & 0xFF); AssertStrEQ(cipherName1, cipherName2); /* IANA Cipher Suites Names */ /* Unless WOLFSSL_CIPHER_INTERNALNAME or NO_ERROR_STRINGS, then it's the internal cipher suite name */ cipher = wolfSSL_get_current_cipher(ssl); cipherName1 = wolfSSL_CIPHER_get_name(cipher); cipherName2 = wolfSSL_get_cipher(ssl); AssertStrEQ(cipherName1, cipherName2); #if !defined(WOLFSSL_CIPHER_INTERNALNAME) && !defined(NO_ERROR_STRINGS) && \ !defined(WOLFSSL_QT) cipherName1 = wolfSSL_get_cipher_name_iana_from_suite( (cipherSuite >> 8), cipherSuite & 0xFF); AssertStrEQ(cipherName1, cipherName2); #endif if (cb != NULL) (cb)(ctx, ssl); if (wolfSSL_write(ssl, msg, msgSz) != msgSz) { /*err_sys("SSL_write failed");*/ goto done; } input = wolfSSL_read(ssl, reply, sizeof(reply)-1); if (input > 0) { reply[input] = '\0'; fprintf(stderr, "Server response: %s\n", reply); } if (cbf != NULL && cbf->on_result != NULL) cbf->on_result(ssl); ((func_args*)args)->return_code = TEST_SUCCESS; done: if (cbf != NULL) cbf->last_err = err; if (cbf != NULL && cbf->on_cleanup != NULL) cbf->on_cleanup(ssl); wolfSSL_free(ssl); if (!sharedCtx) wolfSSL_CTX_free(ctx); CloseSocket(sockfd); #ifdef WOLFSSL_TIRTOS fdCloseSession(Task_self()); #endif #if defined(NO_MAIN_DRIVER) && defined(HAVE_ECC) && defined(FP_ECC) \ && defined(HAVE_THREAD_LS) wc_ecc_fp_free(); /* free per thread cache */ #endif #else (void)args; (void)cb; #endif /* !NO_WOLFSSL_CLIENT */ return 0; } void test_wolfSSL_client_server_nofail(callback_functions* client_cb, callback_functions* server_cb) { func_args client_args; func_args server_args; tcp_ready ready; THREAD_TYPE serverThread; XMEMSET(&client_args, 0, sizeof(func_args)); XMEMSET(&server_args, 0, sizeof(func_args)); #ifdef WOLFSSL_TIRTOS fdOpenSession(Task_self()); #endif StartTCP(); InitTcpReady(&ready); #if defined(USE_WINDOWS_API) /* use RNG to get random port if using windows */ ready.port = GetRandomPort(); #endif server_args.signal = &ready; server_args.callbacks = server_cb; client_args.signal = &ready; client_args.callbacks = client_cb; start_thread(test_server_nofail, &server_args, &serverThread); wait_tcp_ready(&server_args); test_client_nofail(&client_args, NULL); join_thread(serverThread); client_cb->return_code = client_args.return_code; server_cb->return_code = server_args.return_code; FreeTcpReady(&ready); #ifdef WOLFSSL_TIRTOS fdOpenSession(Task_self()); #endif } #if defined(OPENSSL_EXTRA) && !defined(NO_SESSION_CACHE) && \ !defined(WOLFSSL_TLS13) && !defined(NO_WOLFSSL_CLIENT) static void test_client_reuse_WOLFSSLobj(void* args, void *cb, void* server_args) { SOCKET_T sockfd = 0; callback_functions* cbf; WOLFSSL_CTX* ctx = 0; WOLFSSL* ssl = 0; WOLFSSL_SESSION* session = NULL; char msg[64] = "hello wolfssl!"; char reply[1024]; int input; int msgSz = (int)XSTRLEN(msg); int ret, err = 0; int sharedCtx = 0; #ifdef WOLFSSL_TIRTOS fdOpenSession(Task_self()); #endif ((func_args*)args)->return_code = TEST_FAIL; cbf = ((func_args*)args)->callbacks; #if defined(OPENSSL_EXTRA) || defined(WOLFSSL_EITHER_SIDE) if (cbf != NULL && cbf->ctx) { ctx = cbf->ctx; sharedCtx = 1; } else #endif { WOLFSSL_METHOD* method = NULL; if (cbf != NULL && cbf->method != NULL) { method = cbf->method(); } else { method = wolfSSLv23_client_method(); } ctx = wolfSSL_CTX_new(method); } #ifdef WOLFSSL_ENCRYPTED_KEYS wolfSSL_CTX_set_default_passwd_cb(ctx, PasswordCallBack); #endif /* Do connect here so server detects failures */ tcp_connect(&sockfd, wolfSSLIP, ((func_args*)args)->signal->port, 0, 0, NULL); if (wolfSSL_CTX_load_verify_locations(ctx, caCertFile, 0) != WOLFSSL_SUCCESS) { /* err_sys("can't load ca file, Please run from wolfSSL home dir");*/ goto done; } if (!sharedCtx && wolfSSL_CTX_use_certificate_file(ctx, cliCertFile, WOLFSSL_FILETYPE_PEM) != WOLFSSL_SUCCESS) { /*err_sys("can't load client cert file, " "Please run from wolfSSL home dir");*/ goto done; } if (!sharedCtx && wolfSSL_CTX_use_PrivateKey_file(ctx, cliKeyFile, WOLFSSL_FILETYPE_PEM) != WOLFSSL_SUCCESS) { /*err_sys("can't load client key file, " "Please run from wolfSSL home dir");*/ goto done; } /* call ctx setup callback */ if (cbf != NULL && cbf->ctx_ready != NULL) { cbf->ctx_ready(ctx); } ssl = wolfSSL_new(ctx); if (ssl == NULL) { goto done; } /* keep handshakre resources for re-using WOLFSSL obj */ wolfSSL_KeepArrays(ssl); if (wolfSSL_KeepHandshakeResources(ssl)) { /* err_sys("SSL_KeepHandshakeResources failed"); */ goto done; } if (sharedCtx && wolfSSL_use_certificate_file(ssl, cliCertFile, WOLFSSL_FILETYPE_PEM) != WOLFSSL_SUCCESS) { /*err_sys("can't load client cert file, " "Please run from wolfSSL home dir");*/ goto done; } if (sharedCtx && wolfSSL_use_PrivateKey_file(ssl, cliKeyFile, WOLFSSL_FILETYPE_PEM) != WOLFSSL_SUCCESS) { /*err_sys("can't load client key file, " "Please run from wolfSSL home dir");*/ goto done; } if (wolfSSL_set_fd(ssl, sockfd) != WOLFSSL_SUCCESS) { /*err_sys("SSL_set_fd failed");*/ goto done; } /* call ssl setup callback */ if (cbf != NULL && cbf->ssl_ready != NULL) { cbf->ssl_ready(ssl); } #ifdef WOLFSSL_ASYNC_CRYPT err = 0; /* Reset error */ #endif do { #ifdef WOLFSSL_ASYNC_CRYPT if (err == WC_PENDING_E) { ret = wolfSSL_AsyncPoll(ssl, WOLF_POLL_FLAG_CHECK_HW); if (ret < 0) { break; } else if (ret == 0) { continue; } } #endif ret = wolfSSL_connect(ssl); err = wolfSSL_get_error(ssl, 0); } while (err == WC_PENDING_E); if (ret != WOLFSSL_SUCCESS) { char buff[WOLFSSL_MAX_ERROR_SZ]; fprintf(stderr, "error = %d, %s\n", err, wolfSSL_ERR_error_string(err, buff)); /*err_sys("SSL_connect failed");*/ goto done; } /* Build first session */ if (cb != NULL) ((cbType)cb)(ctx, ssl); if (wolfSSL_write(ssl, msg, msgSz) != msgSz) { /*err_sys("SSL_write failed");*/ goto done; } input = wolfSSL_read(ssl, reply, sizeof(reply)-1); if (input > 0) { reply[input] = '\0'; fprintf(stderr, "Server response: %s\n", reply); } /* Session Resumption by re-using WOLFSSL object */ wolfSSL_set_quiet_shutdown(ssl, 1); if (wolfSSL_shutdown(ssl) != WOLFSSL_SUCCESS) { /* err_sys ("SSL shutdown failed"); */ goto done; } session = wolfSSL_get1_session(ssl); if (wolfSSL_clear(ssl) != WOLFSSL_SUCCESS) { /* err_sys ("SSL_clear failed"); */ goto done; } wolfSSL_set_session(ssl, session); wolfSSL_SESSION_free(session); session = NULL; /* close socket once */ CloseSocket(sockfd); sockfd = 0; /* wait until server ready */ wait_tcp_ready((func_args*)server_args); fprintf(stderr, "session resumption\n"); /* Do re-connect */ tcp_connect(&sockfd, wolfSSLIP, ((func_args*)args)->signal->port, 0, 0, NULL); if (wolfSSL_set_fd(ssl, sockfd) != WOLFSSL_SUCCESS) { /*err_sys("SSL_set_fd failed");*/ goto done; } #ifdef WOLFSSL_ASYNC_CRYPT err = 0; /* Reset error */ #endif do { #ifdef WOLFSSL_ASYNC_CRYPT if (err == WC_PENDING_E) { ret = wolfSSL_AsyncPoll(ssl, WOLF_POLL_FLAG_CHECK_HW); if (ret < 0) { break; } else if (ret == 0) { continue; } } #endif ret = wolfSSL_connect(ssl); err = wolfSSL_get_error(ssl, 0); } while (err == WC_PENDING_E); if (ret != WOLFSSL_SUCCESS) { char buff[WOLFSSL_MAX_ERROR_SZ]; fprintf(stderr, "error = %d, %s\n", err, wolfSSL_ERR_error_string(err, buff)); /*err_sys("SSL_connect failed");*/ goto done; } /* Build first session */ if (cb != NULL) ((cbType)cb)(ctx, ssl); if (wolfSSL_write(ssl, msg, msgSz) != msgSz) { /*err_sys("SSL_write failed");*/ goto done; } input = wolfSSL_read(ssl, reply, sizeof(reply)-1); if (input > 0) { reply[input] = '\0'; fprintf(stderr, "Server response: %s\n", reply); } ((func_args*)args)->return_code = TEST_SUCCESS; done: wolfSSL_free(ssl); if (!sharedCtx) wolfSSL_CTX_free(ctx); CloseSocket(sockfd); #ifdef WOLFSSL_TIRTOS fdCloseSession(Task_self()); #endif return; } #endif /* defined(OPENSSL_EXTRA) && !defined(NO_SESSION_CACHE) && !defined(WOLFSSL_TLS13) && !defined(NO_WOLFSSL_CLIENT) */ static int test_client_verifyDepth(void* args) { #if defined(OPENSSL_EXTRA) && !defined(WOLFSSL_TIRTOS) && !defined(NO_WOLFSSL_CLIENT) SOCKET_T sockfd = 0; callback_functions* cbf; WOLFSSL_CTX* ctx = 0; WOLFSSL* ssl = 0; char msg[64] = "hello wolfssl!"; char reply[1024]; int input; int msgSz = (int)XSTRLEN(msg); int ret, err = 0; int verify_depth = ((func_args*)args)->argc; ((func_args*)args)->return_code = TEST_FAIL; cbf = ((func_args*)args)->callbacks; { WOLFSSL_METHOD* method = NULL; if (cbf != NULL && cbf->method != NULL) { method = cbf->method(); } else { method = wolfSSLv23_client_method(); } ctx = wolfSSL_CTX_new(method); } /* Do connect here so server detects failures */ tcp_connect(&sockfd, wolfSSLIP, ((func_args*)args)->signal->port, 0, 0, NULL); if (wolfSSL_CTX_load_verify_locations(ctx, caCertFile, 0) != WOLFSSL_SUCCESS) { /* err_sys("can't load ca file, Please run from wolfSSL home dir");*/ goto done; } if (wolfSSL_CTX_use_certificate_file(ctx, cliCertFile, WOLFSSL_FILETYPE_PEM) != WOLFSSL_SUCCESS) { /*err_sys("can't load client cert file, " "Please run from wolfSSL home dir");*/ goto done; } if (wolfSSL_CTX_use_PrivateKey_file(ctx, cliKeyFile, WOLFSSL_FILETYPE_PEM) != WOLFSSL_SUCCESS) { /*err_sys("can't load client key file, " "Please run from wolfSSL home dir");*/ goto done; } SSL_CTX_set_verify(ctx, SSL_VERIFY_PEER, myVerify); /* set verify depth */ if (verify_depth == 0) { myVerifyAction = VERIFY_OVERRIDE_ERROR; SSL_CTX_set_verify_depth(ctx, verify_depth); } else if (verify_depth == -1) { myVerifyAction = VERIFY_USE_PREVERFIY; SSL_CTX_set_verify_depth(ctx, 0); } else if (verify_depth > 0) { myVerifyAction = VERIFY_USE_PREVERFIY; SSL_CTX_set_verify_depth(ctx, verify_depth); } ssl = wolfSSL_new(ctx); if (ssl == NULL) { goto done; } if (wolfSSL_set_fd(ssl, sockfd) != WOLFSSL_SUCCESS) { /*err_sys("SSL_set_fd failed");*/ goto done; } #ifdef WOLFSSL_ASYNC_CRYPT err = 0; /* Reset error */ #endif do { #ifdef WOLFSSL_ASYNC_CRYPT if (err == WC_PENDING_E) { ret = wolfSSL_AsyncPoll(ssl, WOLF_POLL_FLAG_CHECK_HW); if (ret < 0) { break; } else if (ret == 0) { continue; } } #endif ret = wolfSSL_connect(ssl); err = wolfSSL_get_error(ssl, 0); } while (err == WC_PENDING_E); if (ret != WOLFSSL_SUCCESS) { char buff[WOLFSSL_MAX_ERROR_SZ]; fprintf(stderr, "error = %d, %s\n", err, wolfSSL_ERR_error_string(err, buff)); goto done; } if (wolfSSL_write(ssl, msg, msgSz) != msgSz) { goto done; } input = wolfSSL_read(ssl, reply, sizeof(reply)-1); if (input > 0) { reply[input] = '\0'; fprintf(stderr, "Server response: %s\n", reply); } ((func_args*)args)->return_code = TEST_SUCCESS; done: wolfSSL_free(ssl); wolfSSL_CTX_free(ctx); CloseSocket(sockfd); #else (void)args; #endif /* defined(OPENSSL_EXTRA) && !defined(WOLFSSL_TIRTOS) && !defined(NO_WOLFSSL_CLIENT) */ return 0; } #if (defined(OPENSSL_ALL) || defined(WOLFSSL_NGINX) || \ defined(WOLFSSL_HAPROXY) || defined(HAVE_LIGHTY)) && \ defined(HAVE_ALPN) && defined(HAVE_SNI) && \ defined(HAVE_IO_TESTS_DEPENDENCIES) && !defined(NO_BIO) #define HAVE_ALPN_PROTOS_SUPPORT #endif /* Generic TLS client / server with callbacks for API unit tests * Used by SNI / ALPN / crypto callback helper functions */ #if defined(HAVE_IO_TESTS_DEPENDENCIES) && \ (defined(HAVE_SNI) || defined(HAVE_ALPN) || defined(WOLF_CRYPTO_CB) || \ defined(HAVE_ALPN_PROTOS_SUPPORT)) || defined(WOLFSSL_STATIC_MEMORY) #define ENABLE_TLS_CALLBACK_TEST #endif #if defined(ENABLE_TLS_CALLBACK_TEST) || \ (defined(WOLFSSL_DTLS) && defined(WOLFSSL_SESSION_EXPORT)) /* TLS server for API unit testing - generic */ static THREAD_RETURN WOLFSSL_THREAD run_wolfssl_server(void* args) { callback_functions* callbacks = ((func_args*)args)->callbacks; WOLFSSL_CTX* ctx = NULL; WOLFSSL* ssl = NULL; SOCKET_T sfd = 0; SOCKET_T cfd = 0; word16 port; char msg[] = "I hear you fa shizzle!"; int len = (int) XSTRLEN(msg); char input[1024]; int idx; int ret, err = 0; ((func_args*)args)->return_code = TEST_FAIL; #ifdef WOLFSSL_STATIC_MEMORY if (callbacks->method_ex != NULL && callbacks->mem != NULL && callbacks->memSz > 0) { ret = wolfSSL_CTX_load_static_memory(&ctx, callbacks->method_ex, callbacks->mem, callbacks->memSz, 0, 1); if (ret != WOLFSSL_SUCCESS) { fprintf(stderr, "CTX static new failed %d\n", ret); return 0; } } #else if (ctx == NULL) { ctx = wolfSSL_CTX_new(callbacks->method()); } if (ctx == NULL) { fprintf(stderr, "CTX new failed\n"); return 0; } #endif /* set defaults */ if (callbacks->caPemFile == NULL) callbacks->caPemFile = cliCertFile; if (callbacks->certPemFile == NULL) callbacks->certPemFile = svrCertFile; if (callbacks->keyPemFile == NULL) callbacks->keyPemFile = svrKeyFile; #ifdef WOLFSSL_TIRTOS fdOpenSession(Task_self()); #endif wolfSSL_CTX_SetDevId(ctx, callbacks->devId); #if defined(USE_WINDOWS_API) port = ((func_args*)args)->signal->port; #elif defined(NO_MAIN_DRIVER) && !defined(WOLFSSL_SNIFFER) && \ !defined(WOLFSSL_MDK_SHELL) && !defined(WOLFSSL_TIRTOS) /* Let tcp_listen assign port */ port = 0; #else /* Use default port */ port = wolfSSLPort; #endif wolfSSL_CTX_set_verify(ctx, WOLFSSL_VERIFY_PEER | WOLFSSL_VERIFY_FAIL_IF_NO_PEER_CERT, 0); #ifdef WOLFSSL_ENCRYPTED_KEYS wolfSSL_CTX_set_default_passwd_cb(ctx, PasswordCallBack); #endif #if defined(WOLFSSL_SESSION_EXPORT) && defined(WOLFSSL_DTLS) if (callbacks->method == wolfDTLSv1_2_server_method) { AssertIntEQ(WOLFSSL_SUCCESS, wolfSSL_CTX_dtls_set_export(ctx, test_export)); } #endif AssertIntEQ(WOLFSSL_SUCCESS, wolfSSL_CTX_load_verify_locations(ctx, callbacks->caPemFile, 0)); AssertIntEQ(WOLFSSL_SUCCESS, wolfSSL_CTX_use_certificate_file(ctx, callbacks->certPemFile, WOLFSSL_FILETYPE_PEM)); AssertIntEQ(WOLFSSL_SUCCESS, wolfSSL_CTX_use_PrivateKey_file(ctx, callbacks->keyPemFile, WOLFSSL_FILETYPE_PEM)); #ifdef HAVE_CRL if (callbacks->crlPemFile != NULL) { AssertIntEQ(WOLFSSL_SUCCESS, wolfSSL_CTX_LoadCRLFile(ctx, callbacks->crlPemFile, WOLFSSL_FILETYPE_PEM)); } #endif if (callbacks->ctx_ready) callbacks->ctx_ready(ctx); ssl = wolfSSL_new(ctx); if (ssl == NULL) { fprintf(stderr, "SSL new failed\n"); wolfSSL_CTX_free(ctx); return 0; } if (wolfSSL_dtls(ssl)) { SOCKADDR_IN_T cliAddr; socklen_t cliLen; cliLen = sizeof(cliAddr); tcp_accept(&sfd, &cfd, (func_args*)args, port, 0, 1, 0, 0, 0, 0, 0); idx = (int)recvfrom(sfd, input, sizeof(input), MSG_PEEK, (struct sockaddr*)&cliAddr, &cliLen); AssertIntGT(idx, 0); wolfSSL_dtls_set_peer(ssl, &cliAddr, cliLen); } else { tcp_accept(&sfd, &cfd, (func_args*)args, port, 0, 0, 0, 0, 1, 0, 0); CloseSocket(sfd); } AssertIntEQ(WOLFSSL_SUCCESS, wolfSSL_set_fd(ssl, cfd)); if (callbacks->loadToSSL) { wolfSSL_SetDevId(ssl, callbacks->devId); AssertIntEQ(WOLFSSL_SUCCESS, wolfSSL_use_certificate_file(ssl, callbacks->certPemFile, WOLFSSL_FILETYPE_PEM)); AssertIntEQ(WOLFSSL_SUCCESS, wolfSSL_use_PrivateKey_file(ssl, callbacks->keyPemFile, WOLFSSL_FILETYPE_PEM)); } #ifdef NO_PSK #if !defined(NO_FILESYSTEM) && !defined(NO_DH) wolfSSL_SetTmpDH_file(ssl, dhParamFile, WOLFSSL_FILETYPE_PEM); #elif !defined(NO_DH) SetDH(ssl); /* will repick suites with DHE, higher priority than PSK */ #endif #endif if (callbacks->ssl_ready) callbacks->ssl_ready(ssl); #ifdef WOLFSSL_ASYNC_CRYPT err = 0; /* Reset error */ #endif do { #ifdef WOLFSSL_ASYNC_CRYPT if (err == WC_PENDING_E) { ret = wolfSSL_AsyncPoll(ssl, WOLF_POLL_FLAG_CHECK_HW); if (ret < 0) { break; } else if (ret == 0) { continue; } } #endif ret = wolfSSL_accept(ssl); err = wolfSSL_get_error(ssl, ret); } while (err == WC_PENDING_E); if (ret != WOLFSSL_SUCCESS) { char buff[WOLFSSL_MAX_ERROR_SZ]; fprintf(stderr, "accept error = %d, %s\n", err, wolfSSL_ERR_error_string(err, buff)); /*err_sys("SSL_accept failed");*/ } else { #ifdef WOLFSSL_ASYNC_CRYPT err = 0; /* Reset error */ #endif do { #ifdef WOLFSSL_ASYNC_CRYPT if (err == WC_PENDING_E) { ret = wolfSSL_AsyncPoll(ssl, WOLF_POLL_FLAG_CHECK_HW); if (ret < 0) { break; } else if (ret == 0) { continue; } } #endif idx = wolfSSL_read(ssl, input, sizeof(input)-1); err = wolfSSL_get_error(ssl, idx); } while (err == WC_PENDING_E); if (idx > 0) { input[idx] = 0; fprintf(stderr, "Client message: %s\n", input); } #ifdef WOLFSSL_ASYNC_CRYPT err = 0; /* Reset error */ #endif do { #ifdef WOLFSSL_ASYNC_CRYPT if (err == WC_PENDING_E) { ret = wolfSSL_AsyncPoll(ssl, WOLF_POLL_FLAG_CHECK_HW); if (ret < 0) { break; } else if (ret == 0) { continue; } } #endif ret = wolfSSL_write(ssl, msg, len); err = wolfSSL_get_error(ssl, ret); } while (err == WC_PENDING_E); AssertIntEQ(len, ret); #if defined(WOLFSSL_SESSION_EXPORT) && !defined(HAVE_IO_POOL) && \ defined(WOLFSSL_DTLS) if (wolfSSL_dtls(ssl)) { byte* import; word32 sz; wolfSSL_dtls_export(ssl, NULL, &sz); import = (byte*)XMALLOC(sz, NULL, DYNAMIC_TYPE_TMP_BUFFER); AssertNotNull(import); idx = wolfSSL_dtls_export(ssl, import, &sz); AssertIntGE(idx, 0); AssertIntGE(wolfSSL_dtls_import(ssl, import, idx), 0); XFREE(import, NULL, DYNAMIC_TYPE_TMP_BUFFER); } #endif #ifdef WOLFSSL_TIRTOS Task_yield(); #endif ((func_args*)args)->return_code = TEST_SUCCESS; } if (callbacks->on_result) callbacks->on_result(ssl); wolfSSL_shutdown(ssl); wolfSSL_free(ssl); wolfSSL_CTX_free(ctx); CloseSocket(cfd); #ifdef WOLFSSL_TIRTOS fdCloseSession(Task_self()); #endif #if defined(NO_MAIN_DRIVER) && defined(HAVE_ECC) && defined(FP_ECC) \ && defined(HAVE_THREAD_LS) wc_ecc_fp_free(); /* free per thread cache */ #endif #ifndef WOLFSSL_TIRTOS return 0; #endif } /* TLS Client for API unit testing - generic */ static void run_wolfssl_client(void* args) { callback_functions* callbacks = ((func_args*)args)->callbacks; WOLFSSL_CTX* ctx = NULL; WOLFSSL* ssl = NULL; SOCKET_T sfd = 0; char msg[] = "hello wolfssl server!"; int len = (int) XSTRLEN(msg); char input[1024]; int ret, err = 0; ((func_args*)args)->return_code = TEST_FAIL; /* set defaults */ if (callbacks->caPemFile == NULL) callbacks->caPemFile = caCertFile; if (callbacks->certPemFile == NULL) callbacks->certPemFile = cliCertFile; if (callbacks->keyPemFile == NULL) callbacks->keyPemFile = cliKeyFile; #ifdef WOLFSSL_STATIC_MEMORY if (callbacks->method_ex != NULL && callbacks->mem != NULL && callbacks->memSz > 0) { ret = wolfSSL_CTX_load_static_memory(&ctx, callbacks->method_ex, callbacks->mem, callbacks->memSz, 0, 1); if (ret != WOLFSSL_SUCCESS) { fprintf(stderr, "CTX static new failed %d\n", ret); return; } } #else if (ctx == NULL) { ctx = wolfSSL_CTX_new(callbacks->method()); } if (ctx == NULL) { fprintf(stderr, "CTX new failed\n"); return; } #endif #ifdef WOLFSSL_TIRTOS fdOpenSession(Task_self()); #endif if (!callbacks->loadToSSL) { wolfSSL_CTX_SetDevId(ctx, callbacks->devId); } #ifdef WOLFSSL_ENCRYPTED_KEYS wolfSSL_CTX_set_default_passwd_cb(ctx, PasswordCallBack); #endif AssertIntEQ(WOLFSSL_SUCCESS, wolfSSL_CTX_load_verify_locations(ctx, callbacks->caPemFile, 0)); if (!callbacks->loadToSSL) { AssertIntEQ(WOLFSSL_SUCCESS, wolfSSL_CTX_use_certificate_file(ctx, callbacks->certPemFile, WOLFSSL_FILETYPE_PEM)); AssertIntEQ(WOLFSSL_SUCCESS, wolfSSL_CTX_use_PrivateKey_file(ctx, callbacks->keyPemFile, WOLFSSL_FILETYPE_PEM)); } #ifdef HAVE_CRL if (callbacks->crlPemFile != NULL) { AssertIntEQ(WOLFSSL_SUCCESS, wolfSSL_CTX_LoadCRLFile(ctx, callbacks->crlPemFile, WOLFSSL_FILETYPE_PEM)); } #endif if (callbacks->ctx_ready) callbacks->ctx_ready(ctx); ssl = wolfSSL_new(ctx); if (wolfSSL_dtls(ssl)) { tcp_connect(&sfd, wolfSSLIP, ((func_args*)args)->signal->port, 1, 0, ssl); } else { tcp_connect(&sfd, wolfSSLIP, ((func_args*)args)->signal->port, 0, 0, ssl); } AssertIntEQ(WOLFSSL_SUCCESS, wolfSSL_set_fd(ssl, sfd)); if (callbacks->loadToSSL) { wolfSSL_SetDevId(ssl, callbacks->devId); AssertIntEQ(WOLFSSL_SUCCESS, wolfSSL_use_certificate_file(ssl, callbacks->certPemFile, WOLFSSL_FILETYPE_PEM)); AssertIntEQ(WOLFSSL_SUCCESS, wolfSSL_use_PrivateKey_file(ssl, callbacks->keyPemFile, WOLFSSL_FILETYPE_PEM)); } if (callbacks->ssl_ready) callbacks->ssl_ready(ssl); #ifdef WOLFSSL_ASYNC_CRYPT err = 0; /* Reset error */ #endif do { #ifdef WOLFSSL_ASYNC_CRYPT if (err == WC_PENDING_E) { ret = wolfSSL_AsyncPoll(ssl, WOLF_POLL_FLAG_CHECK_HW); if (ret < 0) { break; } else if (ret == 0) { continue; } } #endif ret = wolfSSL_connect(ssl); err = wolfSSL_get_error(ssl, ret); } while (err == WC_PENDING_E); if (ret != WOLFSSL_SUCCESS) { char buff[WOLFSSL_MAX_ERROR_SZ]; fprintf(stderr, "error = %d, %s\n", err, wolfSSL_ERR_error_string(err, buff)); /*err_sys("SSL_connect failed");*/ } else { #ifdef WOLFSSL_ASYNC_CRYPT err = 0; /* Reset error */ #endif do { #ifdef WOLFSSL_ASYNC_CRYPT if (err == WC_PENDING_E) { ret = wolfSSL_AsyncPoll(ssl, WOLF_POLL_FLAG_CHECK_HW); if (ret < 0) { break; } else if (ret == 0) { continue; } } #endif ret = wolfSSL_write(ssl, msg, len); err = wolfSSL_get_error(ssl, ret); } while (err == WC_PENDING_E); AssertIntEQ(len, ret); #ifdef WOLFSSL_ASYNC_CRYPT err = 0; /* Reset error */ #endif do { #ifdef WOLFSSL_ASYNC_CRYPT if (err == WC_PENDING_E) { ret = wolfSSL_AsyncPoll(ssl, WOLF_POLL_FLAG_CHECK_HW); if (ret < 0) { break; } else if (ret == 0) { continue; } } #endif ret = wolfSSL_read(ssl, input, sizeof(input)-1); err = wolfSSL_get_error(ssl, ret); } while (err == WC_PENDING_E); if (ret > 0) { input[ret] = '\0'; /* null term */ fprintf(stderr, "Server response: %s\n", input); } ((func_args*)args)->return_code = TEST_SUCCESS; } if (callbacks->on_result) callbacks->on_result(ssl); wolfSSL_free(ssl); wolfSSL_CTX_free(ctx); CloseSocket(sfd); #ifdef WOLFSSL_TIRTOS fdCloseSession(Task_self()); #endif } #endif /* ENABLE_TLS_CALLBACK_TEST */ static int test_wolfSSL_read_write(void) { /* The unit testing for read and write shall happen simultaneously, since * one can't do anything with one without the other. (Except for a failure * test case.) This function will call all the others that will set up, * execute, and report their test findings. * * Set up the success case first. This function will become the template * for the other tests. This should eventually be renamed * * The success case isn't interesting, how can this fail? * - Do not give the client context a CA certificate. The connect should * fail. Do not need server for this? * - Using NULL for the ssl object on server. Do not need client for this. * - Using NULL for the ssl object on client. Do not need server for this. * - Good ssl objects for client and server. Client write() without server * read(). * - Good ssl objects for client and server. Server write() without client * read(). * - Forgetting the password callback? */ tcp_ready ready; func_args client_args; func_args server_args; THREAD_TYPE serverThread; XMEMSET(&client_args, 0, sizeof(func_args)); XMEMSET(&server_args, 0, sizeof(func_args)); #ifdef WOLFSSL_TIRTOS fdOpenSession(Task_self()); #endif StartTCP(); InitTcpReady(&ready); #if defined(USE_WINDOWS_API) /* use RNG to get random port if using windows */ ready.port = GetRandomPort(); #endif server_args.signal = &ready; client_args.signal = &ready; start_thread(test_server_nofail, &server_args, &serverThread); wait_tcp_ready(&server_args); test_client_nofail(&client_args, NULL); join_thread(serverThread); AssertTrue(client_args.return_code); AssertTrue(server_args.return_code); FreeTcpReady(&ready); #ifdef WOLFSSL_TIRTOS fdOpenSession(Task_self()); #endif return TEST_RES_CHECK(1); } static int test_wolfSSL_reuse_WOLFSSLobj(void) { int res = TEST_SKIPPED; #if defined(OPENSSL_EXTRA) && !defined(NO_SESSION_CACHE) && \ !defined(WOLFSSL_TLS13) /* The unit test for session resumption by re-using WOLFSSL object. * WOLFSSL object is not cleared after first session. It re-use the obeject * for second connection. */ tcp_ready ready; func_args client_args; func_args server_args; THREAD_TYPE serverThread; XMEMSET(&client_args, 0, sizeof(func_args)); XMEMSET(&server_args, 0, sizeof(func_args)); #ifdef WOLFSSL_TIRTOS fdOpenSession(Task_self()); #endif StartTCP(); InitTcpReady(&ready); #if defined(USE_WINDOWS_API) /* use RNG to get random port if using windows */ ready.port = GetRandomPort(); #endif server_args.signal = &ready; client_args.signal = &ready; /* the var is used for loop number */ server_args.argc = 2; start_thread(test_server_loop, &server_args, &serverThread); wait_tcp_ready(&server_args); test_client_reuse_WOLFSSLobj(&client_args, NULL, &server_args); join_thread(serverThread); AssertTrue(client_args.return_code); AssertTrue(server_args.return_code); FreeTcpReady(&ready); #ifdef WOLFSSL_TIRTOS fdOpenSession(Task_self()); #endif res = TEST_RES_CHECK(1); #endif /* defined(OPENSSL_EXTRA) && !defined(NO_SESSION_CACHE) && !defined(WOLFSSL_TLS13) */ return res; } static int test_wolfSSL_CTX_verifyDepth_ServerClient(void) { int res = TEST_SKIPPED; #if defined(OPENSSL_EXTRA) && !defined(WOLFSSL_TIRTOS) && !defined(NO_WOLFSSL_CLIENT) /* This unit test is to check set verify Depth */ tcp_ready ready; func_args client_args; func_args server_args; THREAD_TYPE serverThread; callback_functions client_cbf; XMEMSET(&client_args, 0, sizeof(func_args)); XMEMSET(&server_args, 0, sizeof(func_args)); XMEMSET(&client_cbf, 0, sizeof(callback_functions)); #ifdef WOLFSSL_TLS13 client_cbf.method = wolfTLSv1_3_client_method; #endif /* WOLFSSL_TLS13 */ client_args.callbacks = &client_cbf; StartTCP(); InitTcpReady(&ready); #if defined(USE_WINDOWS_API) /* use RNG to get random port if using windows */ ready.port = GetRandomPort(); #endif server_args.signal = &ready; client_args.signal = &ready; /* the var is used for loop number */ server_args.argc = 1; /* test case 1 verify depth is equal to peer chain */ { start_thread(test_server_nofail, &server_args, &serverThread); wait_tcp_ready(&server_args); /* the var is used for verify depth */ client_args.argc = 2; test_client_verifyDepth(&client_args); join_thread(serverThread); AssertIntEQ(client_args.return_code, TEST_SUCCESS); AssertIntEQ(server_args.return_code, TEST_SUCCESS); } /* test case 2 * verify depth is zero, number of peer's chain is 2. * verify result becomes MAX_CHAIN_ERROR, but it is overridden in * callback. */ /* the var is used for verify depth 0 and VERIFY_OVERRIDE_ERROR */ { start_thread(test_server_nofail, &server_args, &serverThread); wait_tcp_ready(&server_args); client_args.argc = 0; test_client_verifyDepth(&client_args); join_thread(serverThread); AssertIntEQ(client_args.return_code, TEST_SUCCESS); AssertIntEQ(server_args.return_code, TEST_SUCCESS); } /* test case 3 * verify depth is zero, number of peer's chain is 2 * verify result becomes MAX_CHAIN_ERRO. call-back returns failure. * therefore, handshake becomes failure. */ /* the var is used for verify depth 0 and VERIFY_USE_PREVERFIY */ { start_thread(test_server_nofail, &server_args, &serverThread); wait_tcp_ready(&server_args); client_args.argc = -1; test_client_verifyDepth(&client_args); join_thread(serverThread); AssertIntEQ(client_args.return_code, TEST_SUCCESS); AssertIntEQ(server_args.return_code, TEST_SUCCESS); } FreeTcpReady(&ready); res = TEST_RES_CHECK(1); #else (void)test_client_verifyDepth; #endif /* (OPENSSL_EXTRA) && !(WOLFSSL_TIRTOS) && (NO_WOLFSSL_CLIENT) */ return res; } static int test_wolfSSL_CTX_set_cipher_list(void) { int res = TEST_SKIPPED; #if defined(OPENSSL_ALL) && defined(HAVE_IO_TESTS_DEPENDENCIES) && \ !defined(WOLFSSL_TIRTOS) && !defined(NO_AES) && !defined(WOLFSSL_NO_TLS12) \ && !defined(NO_SHA256) && defined(HAVE_ECC) WOLFSSL_CTX* ctx; WOLFSSL_CTX* ctxClient; WOLFSSL* sslClient; tcp_ready ready; func_args client_args; func_args server_args; callback_functions client_cb; callback_functions server_cb; THREAD_TYPE serverThread; XMEMSET(&client_args, 0, sizeof(func_args)); XMEMSET(&server_args, 0, sizeof(func_args)); StartTCP(); InitTcpReady(&ready); XMEMSET(&client_cb, 0, sizeof(callback_functions)); XMEMSET(&server_cb, 0, sizeof(callback_functions)); AssertNotNull((ctx = wolfSSL_CTX_new(wolfTLSv1_2_server_method()))); AssertTrue(wolfSSL_CTX_set_cipher_list(ctx, "DEFAULT:!NULL")); AssertIntEQ(WOLFSSL_SUCCESS, wolfSSL_CTX_load_verify_locations(ctx, caCertFile, 0)); AssertIntEQ(WOLFSSL_SUCCESS, wolfSSL_CTX_use_certificate_file(ctx, cliCertFile, SSL_FILETYPE_PEM)); AssertIntEQ(WOLFSSL_SUCCESS, wolfSSL_CTX_use_PrivateKey_file(ctx, cliKeyFile, SSL_FILETYPE_PEM)); AssertNotNull((ctxClient = wolfSSL_CTX_new(wolfTLSv1_2_client_method()))); AssertTrue(wolfSSL_CTX_set_cipher_list(ctxClient, "ECDHE-RSA-AES128-SHA256")); client_cb.ctx = ctxClient; server_cb.ctx = ctx; /* we are responsible for free'ing WOLFSSL_CTX */ server_cb.isSharedCtx = client_cb.isSharedCtx = 1; server_args.signal = &ready; server_args.callbacks = &server_cb; client_args.signal = &ready; client_args.callbacks = &client_cb; client_args.return_code = TEST_FAIL; start_thread(test_server_nofail, &server_args, &serverThread); wait_tcp_ready(&server_args); test_client_nofail(&client_args, NULL); join_thread(serverThread); wolfSSL_CTX_free(client_cb.ctx); wolfSSL_CTX_free(server_cb.ctx); AssertIntEQ(server_args.return_code, TEST_SUCCESS); FreeTcpReady(&ready); /* check with cipher string that has '+' */ AssertNotNull((ctxClient = wolfSSL_CTX_new(wolfTLSv1_2_client_method()))); AssertTrue(wolfSSL_CTX_set_cipher_list(ctxClient, "ECDHE+AESGCM")); AssertNotNull((sslClient = wolfSSL_new(ctxClient))); /* check for the existance of an ECDHE ECDSA cipher suite */ { int i = 0; int found = 0; const char* suite; WOLF_STACK_OF(WOLFSSL_CIPHER)* sk; WOLFSSL_CIPHER* current; AssertNotNull((sk = wolfSSL_get_ciphers_compat(sslClient))); do { current = wolfSSL_sk_SSL_CIPHER_value(sk, i++); if (current) { suite = wolfSSL_CIPHER_get_name(current); if (suite && XSTRSTR(suite, "ECDSA")) { found = 1; break; } } } while (current); AssertIntEQ(found, 1); } wolfSSL_free(sslClient); wolfSSL_CTX_free(ctxClient); res = TEST_RES_CHECK(1); #endif return res; } static int test_client_get_finished(void* args, cbType cb) { #if defined(WOLFSSL_HAVE_TLS_UNIQUE) && !defined(NO_WOLFSSL_CLIENT) SOCKET_T sockfd = 0; callback_functions* cbf; WOLFSSL_CTX* ctx = 0; WOLFSSL* ssl = 0; char msg[64] = "hello wolfssl!"; char reply[1024]; int msgSz = (int)XSTRLEN(msg); int ret, err = 0; WOLFSSL_METHOD* method = NULL; size_t msg_len = 0; (void) args; (void) cb; ((func_args*)args)->return_code = TEST_FAIL; cbf = ((func_args*)args)->callbacks; if (cbf != NULL && cbf->method != NULL) { method = cbf->method(); } else { method = wolfSSLv23_client_method(); } ctx = wolfSSL_CTX_new(method); /* Do connect here so server detects failures */ tcp_connect(&sockfd, wolfSSLIP, ((func_args*)args)->signal->port, 0, 0, NULL); if (wolfSSL_CTX_load_verify_locations(ctx, caCertFile, 0) != WOLFSSL_SUCCESS) { /* err_sys("can't load ca file, Please run from wolfSSL home dir");*/ goto done; } if (wolfSSL_CTX_use_certificate_file(ctx, cliCertFile, WOLFSSL_FILETYPE_PEM) != WOLFSSL_SUCCESS) { goto done; } if (wolfSSL_CTX_use_PrivateKey_file(ctx, cliKeyFile, WOLFSSL_FILETYPE_PEM) != WOLFSSL_SUCCESS) { goto done; } /* call ctx setup callback */ if (cbf != NULL && cbf->ctx_ready != NULL) { cbf->ctx_ready(ctx); } ssl = wolfSSL_new(ctx); if (ssl == NULL) { goto done; } if (wolfSSL_set_fd(ssl, sockfd) != WOLFSSL_SUCCESS) { goto done; } /* call ssl setup callback */ if (cbf != NULL && cbf->ssl_ready != NULL) { cbf->ssl_ready(ssl); } #ifdef WOLFSSL_ASYNC_CRYPT err = 0; /* Reset error */ #endif do { #ifdef WOLFSSL_ASYNC_CRYPT if (err == WC_PENDING_E) { ret = wolfSSL_AsyncPoll(ssl, WOLF_POLL_FLAG_CHECK_HW); if (ret < 0) { break; } else if (ret == 0) { continue; } } #endif ret = wolfSSL_connect(ssl); err = wolfSSL_get_error(ssl, 0); } while (err == WC_PENDING_E); if (ret != WOLFSSL_SUCCESS) { char buff[WOLFSSL_MAX_ERROR_SZ]; fprintf(stderr, "error = %d, %s\n", err, wolfSSL_ERR_error_string(err, buff)); goto done; } /* get_finished test */ /* 1. get own sent message */ XMEMSET(client_side_msg1, 0, MD_MAX_SIZE); msg_len = wolfSSL_get_finished(ssl, client_side_msg1, MD_MAX_SIZE); AssertIntGE(msg_len, 0); /* 2. get peer message */ XMEMSET(client_side_msg2, 0, MD_MAX_SIZE); msg_len = wolfSSL_get_peer_finished(ssl, client_side_msg2, MD_MAX_SIZE); AssertIntGE(msg_len, 0); if (cb != NULL) (cb)(ctx, ssl); #ifdef WOLFSSL_ASYNC_CRYPT err = 0; /* Reset error */ #endif do { #ifdef WOLFSSL_ASYNC_CRYPT if (err == WC_PENDING_E) { ret = wolfSSL_AsyncPoll(ssl, WOLF_POLL_FLAG_CHECK_HW); if (ret < 0) { break; } else if (ret == 0) { continue; } } #endif ret = wolfSSL_write(ssl, msg, msgSz); err = wolfSSL_get_error(ssl, 0); } while (err == WC_PENDING_E); if (ret != msgSz) { /*err_sys("SSL_write failed");*/ goto done; } #ifdef WOLFSSL_ASYNC_CRYPT err = 0; /* Reset error */ #endif do { #ifdef WOLFSSL_ASYNC_CRYPT if (err == WC_PENDING_E) { ret = wolfSSL_AsyncPoll(ssl, WOLF_POLL_FLAG_CHECK_HW); if (ret < 0) { break; } else if (ret == 0) { continue; } } #endif ret = wolfSSL_read(ssl, reply, sizeof(reply)-1); err = wolfSSL_get_error(ssl, 0); } while (err == WC_PENDING_E); if (ret > 0) { reply[ret] = '\0'; fprintf(stderr, "Server response: %s\n", reply); } ((func_args*)args)->return_code = TEST_SUCCESS; done: wolfSSL_free(ssl); wolfSSL_CTX_free(ctx); CloseSocket(sockfd); #else (void)args; (void)cb; #endif /* WOLFSSL_HAVE_TLS_UNIQUE && !NO_WOLFSSL_CLIENT */ return 0; } static int test_wolfSSL_get_finished(void) { int res = TEST_SKIPPED; #if !defined(NO_RSA) && defined(WOLFSSL_HAVE_TLS_UNIQUE) tcp_ready ready; func_args client_args; func_args server_args; THREAD_TYPE serverThread; XMEMSET(&client_args, 0, sizeof(func_args)); XMEMSET(&server_args, 0, sizeof(func_args)); StartTCP(); InitTcpReady(&ready); #if defined(USE_WINDOWS_API) /* use RNG to get random port if using windows */ ready.port = GetRandomPort(); #endif server_args.signal = &ready; client_args.signal = &ready; start_thread(test_server_nofail, &server_args, &serverThread); wait_tcp_ready(&server_args); test_client_get_finished(&client_args, NULL); join_thread(serverThread); AssertTrue(client_args.return_code); AssertTrue(server_args.return_code); /* test received msg vs sent msg */ AssertIntEQ(0, XMEMCMP(client_side_msg1, server_side_msg2, MD_MAX_SIZE)); AssertIntEQ(0, XMEMCMP(client_side_msg2, server_side_msg1, MD_MAX_SIZE)); FreeTcpReady(&ready); res = TEST_RES_CHECK(1); #else (void)test_client_get_finished; #endif /* !NO_RSA && WOLFSSL_HAVE_TLS_UNIQUE */ return res; } #if defined(HAVE_IO_TESTS_DEPENDENCIES) && defined(HAVE_EXT_CACHE) && \ !defined(SINGLE_THREADED) && defined(WOLFSSL_TLS13) && \ !defined(NO_SESSION_CACHE) /* Sessions to restore/store */ static WOLFSSL_SESSION* test_wolfSSL_CTX_add_session_client_sess; static WOLFSSL_SESSION* test_wolfSSL_CTX_add_session_server_sess; static WOLFSSL_CTX* test_wolfSSL_CTX_add_session_server_ctx; static void test_wolfSSL_CTX_add_session_ctx_ready(WOLFSSL_CTX* ctx) { /* Don't store sessions. Lookup is still enabled. */ AssertIntEQ(wolfSSL_CTX_set_session_cache_mode(ctx, WOLFSSL_SESS_CACHE_NO_INTERNAL_STORE), WOLFSSL_SUCCESS); #ifdef OPENSSL_EXTRA AssertIntEQ(wolfSSL_CTX_get_session_cache_mode(ctx) & WOLFSSL_SESS_CACHE_NO_INTERNAL_STORE, WOLFSSL_SESS_CACHE_NO_INTERNAL_STORE); #endif /* Require both peers to provide certs */ wolfSSL_CTX_set_verify(ctx, WOLFSSL_VERIFY_PEER, NULL); } static void test_wolfSSL_CTX_add_session_on_result(WOLFSSL* ssl) { WOLFSSL_SESSION** sess; if (wolfSSL_is_server(ssl)) sess = &test_wolfSSL_CTX_add_session_server_sess; else sess = &test_wolfSSL_CTX_add_session_client_sess; if (*sess == NULL) { #ifdef NO_SESSION_CACHE_REF AssertNotNull(*sess = wolfSSL_get1_session(ssl)); #else /* Test for backwards compatibility */ if (wolfSSL_is_server(ssl)) { AssertNotNull(*sess = wolfSSL_get1_session(ssl)); } else { AssertNotNull(*sess = wolfSSL_get_session(ssl)); } #endif /* Now save the session in the internal store to make it available * for lookup. For TLS 1.3, we can't save the session without * WOLFSSL_TICKET_HAVE_ID because there is no way to retrieve the * session from cache. */ if (wolfSSL_is_server(ssl) #ifndef WOLFSSL_TICKET_HAVE_ID && wolfSSL_version(ssl) != TLS1_3_VERSION #endif ) AssertIntEQ(wolfSSL_CTX_add_session(wolfSSL_get_SSL_CTX(ssl), *sess), WOLFSSL_SUCCESS); } else { /* If we have a session retrieved then remaining connections should be * resuming on that session */ AssertIntEQ(wolfSSL_session_reused(ssl), 1); } /* Save CTX to be able to decrypt tickets */ if (wolfSSL_is_server(ssl) && test_wolfSSL_CTX_add_session_server_ctx == NULL) { AssertNotNull(test_wolfSSL_CTX_add_session_server_ctx = wolfSSL_get_SSL_CTX(ssl)); AssertIntEQ(wolfSSL_CTX_up_ref(wolfSSL_get_SSL_CTX(ssl)), WOLFSSL_SUCCESS); } #ifdef SESSION_CERTS #ifndef WOLFSSL_TICKET_HAVE_ID if (wolfSSL_version(ssl) != TLS1_3_VERSION && wolfSSL_session_reused(ssl)) #endif { /* With WOLFSSL_TICKET_HAVE_ID the peer certs should be available * for all connections. TLS 1.3 only has tickets so if we don't * include the session id in the ticket then the certificates * will not be available on resumption. */ WOLFSSL_X509* peer = wolfSSL_get_peer_certificate(ssl); AssertNotNull(peer); wolfSSL_X509_free(peer); AssertNotNull(wolfSSL_SESSION_get_peer_chain(*sess)); #ifdef OPENSSL_EXTRA AssertNotNull(SSL_SESSION_get0_peer(*sess)); #endif } #endif /* SESSION_CERTS */ } static void test_wolfSSL_CTX_add_session_ssl_ready(WOLFSSL* ssl) { /* Set the session to reuse for the client */ AssertIntEQ(wolfSSL_set_session(ssl, test_wolfSSL_CTX_add_session_client_sess), WOLFSSL_SUCCESS); } #endif static int test_wolfSSL_CTX_add_session(void) { int res = TEST_SKIPPED; #if defined(HAVE_IO_TESTS_DEPENDENCIES) && defined(HAVE_EXT_CACHE) && \ !defined(SINGLE_THREADED) && defined(WOLFSSL_TLS13) && \ !defined(NO_SESSION_CACHE) tcp_ready ready; func_args client_args; func_args server_args; THREAD_TYPE serverThread; callback_functions client_cb; callback_functions server_cb; method_provider methods[][2] = { #if !defined(NO_OLD_TLS) && ((!defined(NO_AES) && !defined(NO_AES_CBC)) || \ !defined(NO_DES3)) /* Without AES there are almost no ciphersuites available. This leads * to no ciphersuites being available and an error. */ { wolfTLSv1_1_client_method, wolfTLSv1_1_server_method }, #endif #ifndef WOLFSSL_NO_TLS12 { wolfTLSv1_2_client_method, wolfTLSv1_2_server_method }, #endif /* Needs the default ticket callback since it is tied to the * connection context and this makes it easy to carry over the ticket * crypto context between connections */ #if defined(WOLFSSL_TLS13) && !defined(WOLFSSL_NO_DEF_TICKET_ENC_CB) && \ defined(HAVE_SESSION_TICKET) { wolfTLSv1_3_client_method, wolfTLSv1_3_server_method }, #endif }; const size_t methodsLen = sizeof(methods)/sizeof(*methods); size_t i, j; for (i = 0; i < methodsLen; i++) { /* First run creates a connection while the second+ run will attempt * to resume the connection. The trick is that the internal cache * is turned off. wolfSSL_CTX_add_session should put the session in * the cache anyway. */ test_wolfSSL_CTX_add_session_client_sess = NULL; test_wolfSSL_CTX_add_session_server_sess = NULL; test_wolfSSL_CTX_add_session_server_ctx = NULL; #ifdef NO_SESSION_CACHE_REF for (j = 0; j < 5; j++) { #else /* The session may be overwritten in this case. Do only one resumption * to stop this test from failing intermittently. */ for (j = 0; j < 2; j++) { #endif #ifdef WOLFSSL_TIRTOS fdOpenSession(Task_self()); #endif StartTCP(); InitTcpReady(&ready); XMEMSET(&client_args, 0, sizeof(func_args)); XMEMSET(&server_args, 0, sizeof(func_args)); XMEMSET(&client_cb, 0, sizeof(callback_functions)); XMEMSET(&server_cb, 0, sizeof(callback_functions)); client_cb.method = methods[i][0]; server_cb.method = methods[i][1]; server_args.signal = &ready; server_args.callbacks = &server_cb; client_args.signal = &ready; client_args.callbacks = &client_cb; if (test_wolfSSL_CTX_add_session_server_ctx != NULL) { server_cb.ctx = test_wolfSSL_CTX_add_session_server_ctx; server_cb.isSharedCtx = 1; } server_cb.ctx_ready = test_wolfSSL_CTX_add_session_ctx_ready; client_cb.ctx_ready = test_wolfSSL_CTX_add_session_ctx_ready; if (j != 0) client_cb.ssl_ready = test_wolfSSL_CTX_add_session_ssl_ready; server_cb.on_result = test_wolfSSL_CTX_add_session_on_result; client_cb.on_result = test_wolfSSL_CTX_add_session_on_result; server_cb.ticNoInit = 1; /* Use default builtin */ start_thread(test_server_nofail, &server_args, &serverThread); wait_tcp_ready(&server_args); test_client_nofail(&client_args, NULL); join_thread(serverThread); AssertTrue(client_args.return_code); AssertTrue(server_args.return_code); FreeTcpReady(&ready); } wolfSSL_SESSION_free(test_wolfSSL_CTX_add_session_client_sess); wolfSSL_SESSION_free(test_wolfSSL_CTX_add_session_server_sess); wolfSSL_CTX_free(test_wolfSSL_CTX_add_session_server_ctx); } res = TEST_RES_CHECK(1); #endif return res; } #if defined(HAVE_IO_TESTS_DEPENDENCIES) && defined(HAVE_EXT_CACHE) && \ !defined(SINGLE_THREADED) && defined(WOLFSSL_TLS13) && \ !defined(NO_SESSION_CACHE) && defined(OPENSSL_EXTRA) && \ defined(SESSION_CERTS) && defined(HAVE_SESSION_TICKET) && \ !defined(TITAN_SESSION_CACHE) && \ !defined(HUGE_SESSION_CACHE) && \ !defined(BIG_SESSION_CACHE) && \ !defined(MEDIUM_SESSION_CACHE) /* twcase - prefix for test_wolfSSL_CTX_add_session_ext */ /* Sessions to restore/store */ static WOLFSSL_SESSION* twcase_server_first_session_ptr; static WOLFSSL_SESSION* twcase_client_first_session_ptr; static WOLFSSL_CTX* twcase_server_current_ctx_ptr; static int twcase_new_session_called = 0; static int twcase_remove_session_called = 0; static int twcase_get_session_called = 0; /* Test default, SESSIONS_PER_ROW*SESSION_ROWS = 3*11, see ssl.c */ #define SESSION_CACHE_SIZE 33 typedef struct { const byte* key; /* key, altSessionID, session ID, NULL if empty */ WOLFSSL_SESSION* value; } hashTable_entry; typedef struct { hashTable_entry entries[SESSION_CACHE_SIZE]; /* hash slots */ size_t capacity; /* size of entries */ size_t length; /* number of items in the hash table */ wolfSSL_Mutex htLock; /* lock */ }hashTable; static hashTable server_sessionCache; static int twcase_new_sessionCb(WOLFSSL *ssl, WOLFSSL_SESSION *sess) { int i; (void)ssl; /* * This example uses a hash table. * Steps you should take for a non-demo code: * - acquire a lock for the file named according to the session id * - open the file * - encrypt and write the SSL_SESSION object to the file * - release the lock * * Return: * 0: The callback does not wish to hold a reference of the sess * 1: The callback wants to hold a reference of the sess. The callback is * now also responsible for calling wolfSSL_SESSION_free() on sess. */ if (sess == NULL) return 0; if (wc_LockMutex(&server_sessionCache.htLock) != 0) { return 0; } for (i = 0; i < SESSION_CACHE_SIZE; i++) { if (server_sessionCache.entries[i].value == NULL) { if (sess->haveAltSessionID == 1) server_sessionCache.entries[i].key = sess->altSessionID; else server_sessionCache.entries[i].key = sess->sessionID; server_sessionCache.entries[i].value = sess; server_sessionCache.length++; break; } } ++twcase_new_session_called; wc_UnLockMutex(&server_sessionCache.htLock); fprintf(stderr, "\t\ttwcase_new_session_called %d\n", twcase_new_session_called); return 1; } static void twcase_remove_sessionCb(WOLFSSL_CTX *ctx, WOLFSSL_SESSION *sess) { int i; (void)ctx; (void)sess; if (sess == NULL) return; /* * This example uses a hash table. * Steps you should take for a non-demo code: * - acquire a lock for the file named according to the session id * - remove the file * - release the lock */ if (wc_LockMutex(&server_sessionCache.htLock) != 0) { return; } for (i = 0; i < SESSION_CACHE_SIZE; i++) { if (server_sessionCache.entries[i].key != NULL && XMEMCMP(server_sessionCache.entries[i].key, sess->sessionID, SSL_MAX_SSL_SESSION_ID_LENGTH) == 0) { wolfSSL_SESSION_free(server_sessionCache.entries[i].value); server_sessionCache.entries[i].value = NULL; server_sessionCache.entries[i].key = NULL; server_sessionCache.length--; break; } } ++twcase_remove_session_called; wc_UnLockMutex(&server_sessionCache.htLock); fprintf(stderr, "\t\ttwcase_remove_session_called %d\n", twcase_remove_session_called); } static WOLFSSL_SESSION *twcase_get_sessionCb(WOLFSSL *ssl, const unsigned char *id, int len, int *ref) { int i; (void)ssl; (void)id; (void)len; /* * This example uses a hash table. * Steps you should take for a non-demo code: * - acquire a lock for the file named according to the session id in the * 2nd arg * - read and decrypt contents of file and create a new SSL_SESSION * - object release the lock * - return the new session object */ fprintf(stderr, "\t\ttwcase_get_session_called %d\n", ++twcase_get_session_called); /* This callback want to retain a copy of the object. If we want wolfSSL to * be responsible for the pointer then set to 0. */ *ref = 1; for (i = 0; i < SESSION_CACHE_SIZE; i++) { if (server_sessionCache.entries[i].key != NULL && XMEMCMP(server_sessionCache.entries[i].key, id, SSL_MAX_SSL_SESSION_ID_LENGTH) == 0) { return server_sessionCache.entries[i].value; } } return NULL; } static void twcase_get_sessionCb_cleanup(void) { int i; int cnt = 0; /* If twcase_get_sessionCb sets *ref = 1, the application is responsible * for freeing sessions */ for (i = 0; i < SESSION_CACHE_SIZE; i++) { if (server_sessionCache.entries[i].value != NULL) { wolfSSL_SESSION_free(server_sessionCache.entries[i].value); cnt++; } } fprintf(stderr, "\t\ttwcase_get_sessionCb_cleanup freed %d sessions\n", cnt); } static void twcase_cache_intOff_extOff(WOLFSSL_CTX* ctx) { /* off - Disable internal cache */ AssertIntEQ(wolfSSL_CTX_set_session_cache_mode(ctx, WOLFSSL_SESS_CACHE_NO_INTERNAL_STORE), WOLFSSL_SUCCESS); #ifdef OPENSSL_EXTRA AssertIntEQ(wolfSSL_CTX_get_session_cache_mode(ctx) & WOLFSSL_SESS_CACHE_NO_INTERNAL_STORE, WOLFSSL_SESS_CACHE_NO_INTERNAL_STORE); #endif /* off - Donot setup external cache */ /* Require both peers to provide certs */ wolfSSL_CTX_set_verify(ctx, WOLFSSL_VERIFY_PEER, NULL); } static void twcase_cache_intOn_extOff(WOLFSSL_CTX* ctx) { /* on - internal cache is on by default*/ /* off - Donot setup external cache */ /* Require both peers to provide certs */ wolfSSL_CTX_set_verify(ctx, WOLFSSL_VERIFY_PEER, NULL); } static void twcase_cache_intOff_extOn(WOLFSSL_CTX* ctx) { /* off - Disable internal cache */ AssertIntEQ(wolfSSL_CTX_set_session_cache_mode(ctx, WOLFSSL_SESS_CACHE_NO_INTERNAL_STORE), WOLFSSL_SUCCESS); #ifdef OPENSSL_EXTRA AssertIntEQ(wolfSSL_CTX_get_session_cache_mode(ctx) & WOLFSSL_SESS_CACHE_NO_INTERNAL_STORE, WOLFSSL_SESS_CACHE_NO_INTERNAL_STORE); #endif /* on - Enable external cache */ wolfSSL_CTX_sess_set_new_cb(ctx, twcase_new_sessionCb); wolfSSL_CTX_sess_set_remove_cb(ctx, twcase_remove_sessionCb); wolfSSL_CTX_sess_set_get_cb(ctx, twcase_get_sessionCb); /* Require both peers to provide certs */ wolfSSL_CTX_set_verify(ctx, WOLFSSL_VERIFY_PEER, NULL); } static void twcase_cache_intOn_extOn(WOLFSSL_CTX* ctx) { /* on - internal cache is on by default */ /* on - Enable external cache */ wolfSSL_CTX_sess_set_new_cb(ctx, twcase_new_sessionCb); wolfSSL_CTX_sess_set_remove_cb(ctx, twcase_remove_sessionCb); wolfSSL_CTX_sess_set_get_cb(ctx, twcase_get_sessionCb); /* Require both peers to provide certs */ wolfSSL_CTX_set_verify(ctx, WOLFSSL_VERIFY_PEER, NULL); } static void twcase_cache_intOn_extOn_noTicket(WOLFSSL_CTX* ctx) { /* on - internal cache is on by default */ /* on - Enable external cache */ wolfSSL_CTX_sess_set_new_cb(ctx, twcase_new_sessionCb); wolfSSL_CTX_sess_set_remove_cb(ctx, twcase_remove_sessionCb); wolfSSL_CTX_sess_set_get_cb(ctx, twcase_get_sessionCb); wolfSSL_CTX_set_options(ctx, WOLFSSL_OP_NO_TICKET); /* Require both peers to provide certs */ wolfSSL_CTX_set_verify(ctx, WOLFSSL_VERIFY_PEER, NULL); } static void twcase_server_sess_ctx_pre_shutdown(WOLFSSL* ssl) { WOLFSSL_SESSION** sess; if (wolfSSL_is_server(ssl)) sess = &twcase_server_first_session_ptr; else return; if (*sess == NULL) { AssertNotNull(*sess = wolfSSL_get1_session(ssl)); /* Now save the session in the internal store to make it available * for lookup. For TLS 1.3, we can't save the session without * WOLFSSL_TICKET_HAVE_ID because there is no way to retrieve the * session from cache. */ if (wolfSSL_is_server(ssl) #ifndef WOLFSSL_TICKET_HAVE_ID && wolfSSL_version(ssl) != TLS1_3_VERSION && wolfSSL_version(ssl) != DTLS1_3_VERSION #endif ) { AssertIntEQ(wolfSSL_CTX_add_session(wolfSSL_get_SSL_CTX(ssl), *sess), WOLFSSL_SUCCESS); } } /* Save CTX to be able to decrypt tickets */ if (twcase_server_current_ctx_ptr == NULL) { AssertNotNull(twcase_server_current_ctx_ptr = wolfSSL_get_SSL_CTX(ssl)); AssertIntEQ(wolfSSL_CTX_up_ref(wolfSSL_get_SSL_CTX(ssl)), WOLFSSL_SUCCESS); } #ifdef SESSION_CERTS #ifndef WOLFSSL_TICKET_HAVE_ID if (wolfSSL_version(ssl) != TLS1_3_VERSION && wolfSSL_session_reused(ssl)) #endif { /* With WOLFSSL_TICKET_HAVE_ID the peer certs should be available * for all connections. TLS 1.3 only has tickets so if we don't * include the session id in the ticket then the certificates * will not be available on resumption. */ WOLFSSL_X509* peer = wolfSSL_get_peer_certificate(ssl); AssertNotNull(peer); wolfSSL_X509_free(peer); AssertNotNull(wolfSSL_SESSION_get_peer_chain(*sess)); } #endif } static void twcase_client_sess_ctx_pre_shutdown(WOLFSSL* ssl) { WOLFSSL_SESSION** sess; sess = &twcase_client_first_session_ptr; if (*sess == NULL) { AssertNotNull(*sess = wolfSSL_get1_session(ssl)); } else { /* If we have a session retrieved then remaining connections should be * resuming on that session */ AssertIntEQ(wolfSSL_session_reused(ssl), 1); } #ifdef SESSION_CERTS #ifndef WOLFSSL_TICKET_HAVE_ID if (wolfSSL_version(ssl) != TLS1_3_VERSION && wolfSSL_session_reused(ssl)) #endif { WOLFSSL_X509* peer = wolfSSL_get_peer_certificate(ssl); AssertNotNull(peer); wolfSSL_X509_free(peer); AssertNotNull(wolfSSL_SESSION_get_peer_chain(*sess)); #ifdef OPENSSL_EXTRA AssertNotNull(wolfSSL_SESSION_get0_peer(*sess)); #endif } #endif } static void twcase_client_set_sess_ssl_ready(WOLFSSL* ssl) { /* Set the session to reuse for the client */ AssertNotNull(ssl); AssertNotNull(twcase_client_first_session_ptr); AssertIntEQ(wolfSSL_set_session(ssl,twcase_client_first_session_ptr), WOLFSSL_SUCCESS); } #endif static int test_wolfSSL_CTX_add_session_ext(void) { int res = TEST_SKIPPED; #if defined(HAVE_IO_TESTS_DEPENDENCIES) && defined(HAVE_EXT_CACHE) && \ !defined(SINGLE_THREADED) && defined(WOLFSSL_TLS13) && \ !defined(NO_SESSION_CACHE) && defined(OPENSSL_EXTRA) && \ defined(SESSION_CERTS) && defined(HAVE_SESSION_TICKET) && \ !defined(TITAN_SESSION_CACHE) && \ !defined(HUGE_SESSION_CACHE) && \ !defined(BIG_SESSION_CACHE) && \ !defined(MEDIUM_SESSION_CACHE) /* Test the default 33 sessions */ struct test_params { method_provider client_meth; method_provider server_meth; const char* tls_version; } params[] = { #if defined(WOLFSSL_TLS13) && !defined(WOLFSSL_NO_DEF_TICKET_ENC_CB) && \ defined(HAVE_SESSION_TICKET) && defined(WOLFSSL_TICKET_HAVE_ID) { wolfTLSv1_3_client_method, wolfTLSv1_3_server_method, "TLSv1_3" }, #ifdef WOLFSSL_DTLS13 { wolfDTLSv1_3_client_method, wolfDTLSv1_3_server_method, "DTLSv1_3" }, #endif #endif #ifndef WOLFSSL_NO_TLS12 { wolfTLSv1_2_client_method, wolfTLSv1_2_server_method, "TLSv1_2" }, #ifdef WOLFSSL_DTLS { wolfDTLSv1_2_client_method, wolfDTLSv1_2_server_method, "DTLSv1_2" }, #endif #endif #if !defined(NO_OLD_TLS) && ((!defined(NO_AES) && !defined(NO_AES_CBC)) || \ !defined(NO_DES3)) { wolfTLSv1_1_client_method, wolfTLSv1_1_server_method, "TLSv1_1" }, #ifdef WOLFSSL_DTLS { wolfDTLSv1_client_method, wolfDTLSv1_server_method, "DTLSv1_0" }, #endif #endif }; const int paramsLen = sizeof(params)/sizeof(*params); int i, j; /* Clear cache before starting */ wolfSSL_CTX_flush_sessions(NULL, -1); XMEMSET(&server_sessionCache, 0, sizeof(hashTable)); if (wc_InitMutex(&server_sessionCache.htLock) != 0) return BAD_MUTEX_E; server_sessionCache.capacity = SESSION_CACHE_SIZE; for (i = 0; i < paramsLen; i++) { fprintf(stderr, "\tBegin %s\n", params[i].tls_version); for (j = 0; j < 5; j++) { int tls13 = XSTRSTR(params[i].tls_version, "TLSv1_3") != NULL; int dtls = XSTRSTR(params[i].tls_version, "DTLS") != NULL; callback_functions client_cb; callback_functions server_cb; (void)dtls; /* Test five cache configurations */ twcase_client_first_session_ptr = NULL; twcase_server_first_session_ptr = NULL; twcase_server_current_ctx_ptr = NULL; twcase_new_session_called = 0; twcase_remove_session_called = 0; twcase_get_session_called = 0; /* connection 1 - first connection */ fprintf(stderr, "\tconnect: %s: j=%d, methodsLen=%d\n", params[i].tls_version, j, paramsLen); XMEMSET(&client_cb, 0, sizeof(callback_functions)); XMEMSET(&server_cb, 0, sizeof(callback_functions)); client_cb.method = params[i].client_meth; server_cb.method = params[i].server_meth; if (dtls) client_cb.doUdp = server_cb.doUdp = 1; /* Setup internal and external cache */ switch (j) { case 0: /* SSL_OP_NO_TICKET stateful ticket case */ server_cb.ctx_ready = twcase_cache_intOn_extOn_noTicket; break; case 1: server_cb.ctx_ready = twcase_cache_intOn_extOn; break; case 2: server_cb.ctx_ready = twcase_cache_intOff_extOn; break; case 3: server_cb.ctx_ready = twcase_cache_intOn_extOff; break; case 4: server_cb.ctx_ready = twcase_cache_intOff_extOff; break; } client_cb.ctx_ready = twcase_cache_intOff_extOff; /* Add session to internal cache and save SSL session for testing */ server_cb.on_result = twcase_server_sess_ctx_pre_shutdown; /* Save client SSL session for testing */ client_cb.on_result = twcase_client_sess_ctx_pre_shutdown; server_cb.ticNoInit = 1; /* Use default builtin */ /* Don't free/release ctx */ server_cb.ctx = twcase_server_current_ctx_ptr; server_cb.isSharedCtx = 1; test_wolfSSL_client_server_nofail(&client_cb, &server_cb); AssertTrue(client_cb.return_code); AssertTrue(server_cb.return_code); AssertIntEQ(twcase_get_session_called, 0); switch (j) { case 0: case 1: case 2: /* cache cannot be searched with out a connection */ /* Add a new session */ AssertIntEQ(twcase_new_session_called, 1); /* In twcase_server_sess_ctx_pre_shutdown * wolfSSL_CTX_add_session which evicts the existing session * in cache and adds it back in */ AssertIntLE(twcase_remove_session_called, 1); break; case 3: case 4: /* no external cache */ AssertIntEQ(twcase_new_session_called, 0); AssertIntEQ(twcase_remove_session_called, 0); break; } /* connection 2 - session resume */ fprintf(stderr, "\tresume: %s: j=%d, methodsLen=%d\n", params[i].tls_version, j, paramsLen); twcase_new_session_called = 0; twcase_remove_session_called = 0; twcase_get_session_called = 0; server_cb.on_result = 0; client_cb.on_result = 0; server_cb.ticNoInit = 1; /* Use default builtin */ server_cb.ctx = twcase_server_current_ctx_ptr; /* try session resumption */ client_cb.ssl_ready = twcase_client_set_sess_ssl_ready; test_wolfSSL_client_server_nofail(&client_cb, &server_cb); AssertTrue(client_cb.return_code); AssertTrue(server_cb.return_code); /* Clear cache before checking */ wolfSSL_CTX_flush_sessions(NULL, -1); switch (j) { case 0: if (tls13) { /* (D)TLSv1.3 stateful case */ /* cache hit */ /* DTLS accesses cache once for stateless parsing and * once for stateful parsing */ AssertIntEQ(twcase_get_session_called, !dtls ? 1 : 2); /* (D)TLSv1.3 creates a new ticket, * updates both internal and external cache */ AssertIntEQ(twcase_new_session_called, 1); AssertIntEQ(twcase_remove_session_called, 1); } else { /* non (D)TLSv1.3 case, no update */ /* DTLS accesses cache once for stateless parsing and * once for stateful parsing */ #ifdef WOLFSSL_DTLS_NO_HVR_ON_RESUME AssertIntEQ(twcase_get_session_called, !dtls ? 1 : 2); #else AssertIntEQ(twcase_get_session_called, 1); #endif AssertIntEQ(twcase_new_session_called, 0); /* Called on session added in * twcase_server_sess_ctx_pre_shutdown */ AssertIntEQ(twcase_remove_session_called, 1); } break; case 1: if (tls13) { /* (D)TLSv1.3 case */ /* cache hit */ AssertIntEQ(twcase_get_session_called, 1); /* (D)TLSv1.3 creates a new ticket, * updates both internal and external cache */ AssertIntEQ(twcase_new_session_called, 1); /* Called on session added in * twcase_server_sess_ctx_pre_shutdown and by wolfSSL */ AssertIntEQ(twcase_remove_session_called, 1); } else { /* non (D)TLSv1.3 case */ /* cache hit */ /* DTLS accesses cache once for stateless parsing and * once for stateful parsing */ #ifdef WOLFSSL_DTLS_NO_HVR_ON_RESUME AssertIntEQ(twcase_get_session_called, !dtls ? 1 : 2); #else AssertIntEQ(twcase_get_session_called, 1); #endif AssertIntEQ(twcase_new_session_called, 0); /* Called on session added in * twcase_server_sess_ctx_pre_shutdown */ AssertIntEQ(twcase_remove_session_called, 1); } break; case 2: if (tls13) { /* (D)TLSv1.3 case */ /* cache hit */ AssertIntEQ(twcase_get_session_called, 1); /* (D)TLSv1.3 creates a new ticket, * updates both internal and external cache */ AssertIntEQ(twcase_new_session_called, 1); /* Called on session added in * twcase_server_sess_ctx_pre_shutdown and by wolfSSL */ AssertIntEQ(twcase_remove_session_called, 1); } else { /* non (D)TLSv1.3 case */ /* cache hit */ /* DTLS accesses cache once for stateless parsing and * once for stateful parsing */ #ifdef WOLFSSL_DTLS_NO_HVR_ON_RESUME AssertIntEQ(twcase_get_session_called, !dtls ? 1 : 2); #else AssertIntEQ(twcase_get_session_called, 1); #endif AssertIntEQ(twcase_new_session_called, 0); /* Called on session added in * twcase_server_sess_ctx_pre_shutdown */ AssertIntEQ(twcase_remove_session_called, 1); } break; case 3: case 4: /* no external cache */ AssertIntEQ(twcase_get_session_called, 0); AssertIntEQ(twcase_new_session_called, 0); AssertIntEQ(twcase_remove_session_called, 0); break; } wolfSSL_SESSION_free(twcase_client_first_session_ptr); wolfSSL_SESSION_free(twcase_server_first_session_ptr); wolfSSL_CTX_free(twcase_server_current_ctx_ptr); } twcase_get_sessionCb_cleanup(); XMEMSET(&server_sessionCache.entries, 0, sizeof(server_sessionCache.entries)); fprintf(stderr, "\tEnd %s\n", params[i].tls_version); } wc_FreeMutex(&server_sessionCache.htLock); res = TEST_RES_CHECK(1); #endif return res; } #if defined(WOLFSSL_DTLS) && defined(WOLFSSL_SESSION_EXPORT) /* canned export of a session using older version 3 */ static unsigned char version_3[] = { 0xA5, 0xA3, 0x01, 0x88, 0x00, 0x3c, 0x00, 0x01, 0x00, 0x00, 0x00, 0x80, 0x0C, 0x00, 0x00, 0x00, 0x00, 0x80, 0x00, 0x1C, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01, 0x01, 0x01, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01, 0x00, 0x00, 0x00, 0x00, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0xC0, 0x30, 0x05, 0x09, 0x0A, 0x01, 0x01, 0x00, 0x0D, 0x05, 0xFE, 0xFD, 0x01, 0x25, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01, 0x00, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x06, 0x00, 0x05, 0x00, 0x06, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x06, 0x00, 0x01, 0x00, 0x07, 0x00, 0x00, 0x00, 0x30, 0x00, 0x00, 0x00, 0x10, 0x01, 0x01, 0x00, 0x02, 0x00, 0x00, 0x00, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0x00, 0x00, 0x00, 0x3F, 0x00, 0x00, 0x00, 0x00, 0x00, 0x30, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x20, 0x05, 0x12, 0xCF, 0x22, 0xA1, 0x9F, 0x1C, 0x39, 0x1D, 0x31, 0x11, 0x12, 0x1D, 0x11, 0x18, 0x0D, 0x0B, 0xF3, 0xE1, 0x4D, 0xDC, 0xB1, 0xF1, 0x39, 0x98, 0x91, 0x6C, 0x48, 0xE5, 0xED, 0x11, 0x12, 0xA0, 0x00, 0xF2, 0x25, 0x4C, 0x09, 0x26, 0xD1, 0x74, 0xDF, 0x23, 0x40, 0x15, 0x6A, 0x42, 0x2A, 0x26, 0xA5, 0xAC, 0x56, 0xD5, 0x4A, 0x20, 0xB7, 0xE9, 0xEF, 0xEB, 0xAF, 0xA8, 0x1E, 0x23, 0x7C, 0x04, 0xAA, 0xA1, 0x6D, 0x92, 0x79, 0x7B, 0xFA, 0x80, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01, 0x0C, 0x79, 0x7B, 0xFA, 0x80, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0xAA, 0xA1, 0x6D, 0x92, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x10, 0x00, 0x20, 0x00, 0x04, 0x00, 0x10, 0x00, 0x10, 0x08, 0x02, 0x05, 0x08, 0x01, 0x30, 0x28, 0x00, 0x00, 0x0F, 0x00, 0x02, 0x00, 0x09, 0x31, 0x32, 0x37, 0x2E, 0x30, 0x2E, 0x30, 0x2E, 0x31, 0xED, 0x4F }; #endif /* defined(WOLFSSL_DTLS) && defined(WOLFSSL_SESSION_EXPORT) */ static int test_wolfSSL_dtls_export(void) { int res = TEST_SKIPPED; #if defined(WOLFSSL_DTLS) && defined(WOLFSSL_SESSION_EXPORT) tcp_ready ready; func_args client_args; func_args server_args; THREAD_TYPE serverThread; callback_functions server_cbf; callback_functions client_cbf; #ifdef WOLFSSL_TIRTOS fdOpenSession(Task_self()); #endif InitTcpReady(&ready); #if defined(USE_WINDOWS_API) /* use RNG to get random port if using windows */ ready.port = GetRandomPort(); #endif /* set using dtls */ XMEMSET(&client_args, 0, sizeof(func_args)); XMEMSET(&server_args, 0, sizeof(func_args)); XMEMSET(&server_cbf, 0, sizeof(callback_functions)); XMEMSET(&client_cbf, 0, sizeof(callback_functions)); server_cbf.method = wolfDTLSv1_2_server_method; client_cbf.method = wolfDTLSv1_2_client_method; server_args.callbacks = &server_cbf; client_args.callbacks = &client_cbf; server_args.signal = &ready; client_args.signal = &ready; start_thread(run_wolfssl_server, &server_args, &serverThread); wait_tcp_ready(&server_args); run_wolfssl_client(&client_args); join_thread(serverThread); AssertTrue(client_args.return_code); AssertTrue(server_args.return_code); FreeTcpReady(&ready); #ifdef WOLFSSL_TIRTOS fdOpenSession(Task_self()); #endif { SOCKET_T sockfd = 0; WOLFSSL_CTX* ctx; WOLFSSL* ssl; char msg[64] = "hello wolfssl!"; char reply[1024]; int msgSz = (int)XSTRLEN(msg); byte *session, *window; unsigned int sessionSz, windowSz; #ifndef TEST_IPV6 struct sockaddr_in peerAddr; #else struct sockaddr_in6 peerAddr; #endif /* TEST_IPV6 */ int i; /* Set ctx to DTLS 1.2 */ AssertNotNull(ctx = wolfSSL_CTX_new(wolfDTLSv1_2_server_method())); AssertNotNull(ssl = wolfSSL_new(ctx)); /* test importing version 3 */ AssertIntGE(wolfSSL_dtls_import(ssl, version_3, sizeof(version_3)), 0); /* test importing bad length and bad version */ version_3[2] += 1; AssertIntLT(wolfSSL_dtls_import(ssl, version_3, sizeof(version_3)), 0); version_3[2] -= 1; version_3[1] = 0XA0; AssertIntLT(wolfSSL_dtls_import(ssl, version_3, sizeof(version_3)), 0); wolfSSL_free(ssl); wolfSSL_CTX_free(ctx); /* check storing client state after connection and storing window only */ #ifdef WOLFSSL_TIRTOS fdOpenSession(Task_self()); #endif InitTcpReady(&ready); #if defined(USE_WINDOWS_API) /* use RNG to get random port if using windows */ ready.port = GetRandomPort(); #endif /* set using dtls */ XMEMSET(&server_args, 0, sizeof(func_args)); XMEMSET(&server_cbf, 0, sizeof(callback_functions)); server_cbf.method = wolfDTLSv1_2_server_method; server_cbf.doUdp = 1; server_args.callbacks = &server_cbf; server_args.argc = 3; /* set loop_count to 3 */ server_args.signal = &ready; start_thread(test_server_nofail, &server_args, &serverThread); wait_tcp_ready(&server_args); /* create and connect with client */ AssertNotNull(ctx = wolfSSL_CTX_new(wolfDTLSv1_2_client_method())); AssertIntEQ(WOLFSSL_SUCCESS, wolfSSL_CTX_load_verify_locations(ctx, caCertFile, 0)); AssertIntEQ(WOLFSSL_SUCCESS, wolfSSL_CTX_use_certificate_file(ctx, cliCertFile, SSL_FILETYPE_PEM)); AssertIntEQ(WOLFSSL_SUCCESS, wolfSSL_CTX_use_PrivateKey_file(ctx, cliKeyFile, SSL_FILETYPE_PEM)); tcp_connect(&sockfd, wolfSSLIP, server_args.signal->port, 1, 0, NULL); AssertNotNull(ssl = wolfSSL_new(ctx)); AssertIntEQ(wolfSSL_set_fd(ssl, sockfd), WOLFSSL_SUCCESS); /* store server information connected too */ XMEMSET(&peerAddr, 0, sizeof(peerAddr)); #ifndef TEST_IPV6 peerAddr.sin_family = AF_INET; AssertIntEQ(XINET_PTON(AF_INET, wolfSSLIP, &peerAddr.sin_addr),1); peerAddr.sin_port = XHTONS(server_args.signal->port); #else peerAddr.sin6_family = AF_INET6; AssertIntEQ( XINET_PTON(AF_INET6, wolfSSLIP, &peerAddr.sin6_addr),1); peerAddr.sin6_port = XHTONS(server_args.signal->port); #endif AssertIntEQ(wolfSSL_dtls_set_peer(ssl, &peerAddr, sizeof(peerAddr)), WOLFSSL_SUCCESS); AssertIntEQ(wolfSSL_connect(ssl), WOLFSSL_SUCCESS); AssertIntEQ(wolfSSL_dtls_export(ssl, NULL, &sessionSz), 0); session = (byte*)XMALLOC(sessionSz, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); AssertIntGT(wolfSSL_dtls_export(ssl, session, &sessionSz), 0); AssertIntEQ(wolfSSL_write(ssl, msg, msgSz), msgSz); AssertIntGT(wolfSSL_read(ssl, reply, sizeof(reply)), 0); AssertIntEQ(wolfSSL_dtls_export_state_only(ssl, NULL, &windowSz), 0); window = (byte*)XMALLOC(windowSz, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); AssertIntGT(wolfSSL_dtls_export_state_only(ssl, window, &windowSz), 0); wolfSSL_free(ssl); for (i = 1; i < server_args.argc; i++) { /* restore state */ AssertNotNull(ssl = wolfSSL_new(ctx)); AssertIntGT(wolfSSL_dtls_import(ssl, session, sessionSz), 0); AssertIntGT(wolfSSL_dtls_import(ssl, window, windowSz), 0); AssertIntEQ(wolfSSL_set_fd(ssl, sockfd), WOLFSSL_SUCCESS); AssertIntEQ(wolfSSL_dtls_set_peer(ssl, &peerAddr, sizeof(peerAddr)), WOLFSSL_SUCCESS); AssertIntEQ(wolfSSL_write(ssl, msg, msgSz), msgSz); AssertIntGE(wolfSSL_read(ssl, reply, sizeof(reply)), 0); AssertIntGT(wolfSSL_dtls_export_state_only(ssl, window, &windowSz), 0); wolfSSL_free(ssl); } XFREE(session, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); XFREE(window, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); wolfSSL_CTX_free(ctx); fprintf(stderr, "done and waiting for server\n"); join_thread(serverThread); AssertIntEQ(server_args.return_code, TEST_SUCCESS); FreeTcpReady(&ready); #ifdef WOLFSSL_TIRTOS fdOpenSession(Task_self()); #endif } res = TEST_RES_CHECK(1); #endif return res; } #if defined(WOLFSSL_SESSION_EXPORT) && !defined(WOLFSSL_NO_TLS12) #ifdef WOLFSSL_TLS13 static const byte canned_client_tls13_session[] = { 0xA7, 0xA4, 0x01, 0x18, 0x00, 0x41, 0x00, 0x00, 0x01, 0x00, 0x00, 0x80, 0x04, 0x00, 0x00, 0x00, 0x00, 0x80, 0x00, 0x1C, 0x01, 0x00, 0x00, 0x01, 0x00, 0x01, 0x01, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01, 0x00, 0x00, 0x00, 0x01, 0x01, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01, 0x00, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x13, 0x01, 0x0A, 0x0F, 0x10, 0x01, 0x02, 0x09, 0x00, 0x05, 0x00, 0x00, 0x00, 0x00, 0x03, 0x04, 0x00, 0xB7, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01, 0x00, 0x00, 0x00, 0x27, 0x00, 0x00, 0x00, 0x11, 0x01, 0x01, 0x00, 0x20, 0x84, 0x4F, 0x18, 0xD8, 0xC1, 0x24, 0xD8, 0xBB, 0x17, 0x9E, 0x31, 0xA3, 0xF8, 0xA7, 0x3C, 0xBA, 0xEC, 0xFA, 0xB4, 0x7F, 0xC5, 0x78, 0xEB, 0x6D, 0xE3, 0x2B, 0x7B, 0x94, 0xBE, 0x20, 0x11, 0x7E, 0x17, 0x10, 0xA7, 0x10, 0x19, 0xEC, 0x62, 0xCC, 0xBE, 0xF5, 0x01, 0x35, 0x3C, 0xEA, 0xEF, 0x44, 0x3C, 0x40, 0xA2, 0xBC, 0x18, 0x43, 0xA1, 0xA1, 0x65, 0x5C, 0x48, 0xE2, 0xF9, 0x38, 0xEB, 0x11, 0x10, 0x72, 0x7C, 0x78, 0x22, 0x13, 0x3B, 0x19, 0x40, 0xF0, 0x73, 0xBE, 0x96, 0x14, 0x78, 0x26, 0xB9, 0x6B, 0x2E, 0x72, 0x22, 0x0D, 0x90, 0x94, 0xDD, 0x78, 0x77, 0xFC, 0x0C, 0x2E, 0x63, 0x6E, 0xF0, 0x0C, 0x35, 0x41, 0xCD, 0xF3, 0x49, 0x31, 0x08, 0xD0, 0x6F, 0x02, 0x3D, 0xC1, 0xD3, 0xB7, 0xEE, 0x3A, 0xA0, 0x8E, 0xA1, 0x4D, 0xC3, 0x2E, 0x5E, 0x06, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x0C, 0x35, 0x41, 0xCD, 0xF3, 0x49, 0x31, 0x08, 0xD0, 0x6F, 0x02, 0x3D, 0xC1, 0xD3, 0xB7, 0xEE, 0x3A, 0xA0, 0x8E, 0xA1, 0x4D, 0xC3, 0x2E, 0x5E, 0x06, 0x00, 0x10, 0x00, 0x10, 0x00, 0x0C, 0x00, 0x10, 0x00, 0x10, 0x07, 0x02, 0x04, 0x00, 0x00, 0x20, 0x28, 0x00, 0x00, 0x06, 0x00, 0x00, 0x00, 0x00, 0x00, 0x03 }; static const byte canned_server_tls13_session[] = { 0xA7, 0xA4, 0x01, 0x18, 0x00, 0x41, 0x01, 0x00, 0x01, 0x00, 0x00, 0x80, 0x04, 0x00, 0x00, 0x00, 0x00, 0x80, 0x00, 0x1C, 0x01, 0x00, 0x00, 0x00, 0x00, 0x01, 0x01, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01, 0x00, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x13, 0x01, 0x0A, 0x0F, 0x10, 0x01, 0x02, 0x00, 0x0F, 0x05, 0x00, 0x00, 0x00, 0x00, 0x03, 0x04, 0x00, 0xB7, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0x00, 0x00, 0x00, 0x17, 0x00, 0x00, 0x00, 0x11, 0x01, 0x01, 0x00, 0x20, 0x84, 0x4F, 0x18, 0xD8, 0xC1, 0x24, 0xD8, 0xBB, 0x17, 0x9E, 0x31, 0xA3, 0xF8, 0xA7, 0x3C, 0xBA, 0xEC, 0xFA, 0xB4, 0x7F, 0xC5, 0x78, 0xEB, 0x6D, 0xE3, 0x2B, 0x7B, 0x94, 0xBE, 0x20, 0x11, 0x7E, 0x17, 0x10, 0xA7, 0x10, 0x19, 0xEC, 0x62, 0xCC, 0xBE, 0xF5, 0x01, 0x35, 0x3C, 0xEA, 0xEF, 0x44, 0x3C, 0x40, 0xA2, 0xBC, 0x18, 0x43, 0xA1, 0xA1, 0x65, 0x5C, 0x48, 0xE2, 0xF9, 0x38, 0xEB, 0x11, 0x10, 0x72, 0x7C, 0x78, 0x22, 0x13, 0x3B, 0x19, 0x40, 0xF0, 0x73, 0xBE, 0x96, 0x14, 0x78, 0x26, 0xB9, 0x6B, 0x2E, 0x72, 0x22, 0x0D, 0x90, 0x94, 0xDD, 0x78, 0x77, 0xFC, 0x0C, 0x2E, 0x63, 0x6E, 0xF0, 0x0C, 0x35, 0x41, 0xCD, 0xF3, 0x49, 0x31, 0x08, 0xD0, 0x6F, 0x02, 0x3D, 0xC1, 0xD3, 0xB7, 0xEE, 0x3A, 0xA0, 0x8E, 0xA1, 0x4D, 0xC3, 0x2E, 0x5E, 0x06, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x0C, 0xD3, 0xB7, 0xEE, 0x3A, 0xA0, 0x8E, 0xA1, 0x4D, 0xC3, 0x2E, 0x5E, 0x06, 0x35, 0x41, 0xCD, 0xF3, 0x49, 0x31, 0x08, 0xD0, 0x6F, 0x02, 0x3D, 0xC1, 0x00, 0x10, 0x00, 0x10, 0x00, 0x0C, 0x00, 0x10, 0x00, 0x10, 0x07, 0x02, 0x04, 0x00, 0x00, 0x20, 0x28, 0x00, 0x00, 0x06, 0x00, 0x00, 0x00, 0x00, 0x00, 0x04 }; #endif /* WOLFSSL_TLS13 */ static const byte canned_client_session[] = { 0xA7, 0xA4, 0x01, 0x40, 0x00, 0x41, 0x00, 0x00, 0x00, 0x00, 0x00, 0x80, 0x02, 0x00, 0x00, 0x00, 0x00, 0x80, 0x00, 0x1C, 0x00, 0x00, 0x00, 0x01, 0x00, 0x01, 0x01, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01, 0x00, 0x00, 0x00, 0x01, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0xC0, 0x27, 0x0A, 0x0D, 0x10, 0x01, 0x01, 0x0A, 0x00, 0x05, 0x00, 0x01, 0x01, 0x01, 0x03, 0x03, 0x00, 0xBF, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0x00, 0x00, 0x00, 0x50, 0x00, 0x00, 0x00, 0x0A, 0x01, 0x01, 0x00, 0x20, 0x69, 0x11, 0x6D, 0x97, 0x15, 0x6E, 0x52, 0x27, 0xD6, 0x1D, 0x1D, 0xF5, 0x0D, 0x59, 0xA5, 0xAC, 0x2E, 0x8C, 0x0E, 0xCB, 0x26, 0x1E, 0xE2, 0xCE, 0xBB, 0xCE, 0xE1, 0x7D, 0xD7, 0xEF, 0xA5, 0x44, 0x80, 0x2A, 0xDE, 0xBB, 0x75, 0xB0, 0x1D, 0x75, 0x17, 0x20, 0x4C, 0x08, 0x05, 0x1B, 0xBA, 0x60, 0x1F, 0x6C, 0x91, 0x8C, 0xAA, 0xBB, 0xE5, 0xA3, 0x0B, 0x12, 0x3E, 0xC0, 0x35, 0x43, 0x1D, 0xE2, 0x10, 0xE2, 0x02, 0x92, 0x4B, 0x8F, 0x05, 0xA9, 0x4B, 0xCC, 0x90, 0xC3, 0x0E, 0xC2, 0x0F, 0xE9, 0x33, 0x85, 0x9B, 0x3C, 0x19, 0x21, 0xD5, 0x62, 0xE5, 0xE1, 0x17, 0x8F, 0x8C, 0x19, 0x52, 0xD8, 0x59, 0x10, 0x2D, 0x20, 0x6F, 0xBA, 0xC1, 0x1C, 0xD1, 0x82, 0xC7, 0x32, 0x1B, 0xBB, 0xCC, 0x30, 0x03, 0xD7, 0x3A, 0xC8, 0x18, 0xED, 0x58, 0xC8, 0x11, 0xFE, 0x71, 0x9C, 0x71, 0xD8, 0x6B, 0xE0, 0x25, 0x64, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x0C, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x10, 0x00, 0x10, 0x00, 0x10, 0x00, 0x10, 0x00, 0x00, 0x06, 0x01, 0x04, 0x08, 0x01, 0x20, 0x28, 0x00, 0x09, 0xE1, 0x50, 0x70, 0x02, 0x2F, 0x7E, 0xDA, 0xBD, 0x40, 0xC5, 0x58, 0x87, 0xCE, 0x43, 0xF3, 0xC5, 0x8F, 0xA1, 0x59, 0x93, 0xEF, 0x7E, 0xD3, 0xD0, 0xB5, 0x87, 0x1D, 0x81, 0x54, 0x14, 0x63, 0x00, 0x06, 0x00, 0x00, 0x00, 0x00, 0x00, 0x03 }; static const byte canned_server_session[] = { 0xA7, 0xA4, 0x01, 0x40, 0x00, 0x41, 0x00, 0x00, 0x00, 0x00, 0x00, 0x80, 0x02, 0x00, 0x00, 0x00, 0x00, 0x80, 0x00, 0x1C, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01, 0x01, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0xC0, 0x27, 0x08, 0x0F, 0x10, 0x01, 0x01, 0x00, 0x11, 0x05, 0x00, 0x01, 0x01, 0x01, 0x03, 0x03, 0x00, 0xBF, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0x00, 0x00, 0x00, 0x40, 0x00, 0x00, 0x00, 0x0A, 0x01, 0x01, 0x00, 0x20, 0x69, 0x11, 0x6D, 0x97, 0x15, 0x6E, 0x52, 0x27, 0xD6, 0x1D, 0x1D, 0xF5, 0x0D, 0x59, 0xA5, 0xAC, 0x2E, 0x8C, 0x0E, 0xCB, 0x26, 0x1E, 0xE2, 0xCE, 0xBB, 0xCE, 0xE1, 0x7D, 0xD7, 0xEF, 0xA5, 0x44, 0x80, 0x2A, 0xDE, 0xBB, 0x75, 0xB0, 0x1D, 0x75, 0x17, 0x20, 0x4C, 0x08, 0x05, 0x1B, 0xBA, 0x60, 0x1F, 0x6C, 0x91, 0x8C, 0xAA, 0xBB, 0xE5, 0xA3, 0x0B, 0x12, 0x3E, 0xC0, 0x35, 0x43, 0x1D, 0xE2, 0x10, 0xE2, 0x02, 0x92, 0x4B, 0x8F, 0x05, 0xA9, 0x4B, 0xCC, 0x90, 0xC3, 0x0E, 0xC2, 0x0F, 0xE9, 0x33, 0x85, 0x9B, 0x3C, 0x19, 0x21, 0xD5, 0x62, 0xE5, 0xE1, 0x17, 0x8F, 0x8C, 0x19, 0x52, 0xD8, 0x59, 0x10, 0x2D, 0x20, 0x6F, 0xBA, 0xC1, 0x1C, 0xD1, 0x82, 0xC7, 0x32, 0x1B, 0xBB, 0xCC, 0x30, 0x03, 0xD7, 0x3A, 0xC8, 0x18, 0xED, 0x58, 0xC8, 0x11, 0xFE, 0x71, 0x9C, 0x71, 0xD8, 0x6B, 0xE0, 0x25, 0x64, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x0C, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x10, 0x00, 0x10, 0x00, 0x10, 0x00, 0x10, 0x00, 0x00, 0x06, 0x01, 0x04, 0x08, 0x01, 0x20, 0x28, 0x00, 0xC5, 0x8F, 0xA1, 0x59, 0x93, 0xEF, 0x7E, 0xD3, 0xD0, 0xB5, 0x87, 0x1D, 0x81, 0x54, 0x14, 0x63, 0x09, 0xE1, 0x50, 0x70, 0x02, 0x2F, 0x7E, 0xDA, 0xBD, 0x40, 0xC5, 0x58, 0x87, 0xCE, 0x43, 0xF3, 0x00, 0x06, 0x00, 0x00, 0x00, 0x00, 0x00, 0x04 }; static THREAD_RETURN WOLFSSL_THREAD tls_export_server(void* args) { SOCKET_T sockfd = 0; SOCKET_T clientfd = 0; word16 port; callback_functions* cbf; WOLFSSL_CTX* ctx = 0; WOLFSSL* ssl = 0; char msg[] = "I hear you fa shizzle!"; char input[1024]; int idx; #ifdef WOLFSSL_TIRTOS fdOpenSession(Task_self()); #endif ((func_args*)args)->return_code = TEST_FAIL; cbf = ((func_args*)args)->callbacks; { WOLFSSL_METHOD* method = NULL; if (cbf != NULL && cbf->method != NULL) { method = cbf->method(); } else { method = wolfTLSv1_2_server_method(); } ctx = wolfSSL_CTX_new(method); } if (ctx == NULL) { goto done; } wolfSSL_CTX_set_cipher_list(ctx, "ECDHE-RSA-AES128-SHA256"); #if defined(USE_WINDOWS_API) port = ((func_args*)args)->signal->port; #elif defined(NO_MAIN_DRIVER) && !defined(WOLFSSL_SNIFFER) && \ !defined(WOLFSSL_MDK_SHELL) && !defined(WOLFSSL_TIRTOS) /* Let tcp_listen assign port */ port = 0; #else /* Use default port */ port = wolfSSLPort; #endif /* do it here to detect failure */ tcp_accept(&sockfd, &clientfd, (func_args*)args, port, 0, 0, 0, 0, 1, 0, 0); CloseSocket(sockfd); /* call ctx setup callback */ if (cbf != NULL && cbf->ctx_ready != NULL) { cbf->ctx_ready(ctx); } ssl = wolfSSL_new(ctx); if (ssl == NULL) { goto done; } wolfSSL_set_fd(ssl, clientfd); /* call ssl setup callback */ if (cbf != NULL && cbf->ssl_ready != NULL) { cbf->ssl_ready(ssl); } idx = wolfSSL_read(ssl, input, sizeof(input)-1); if (idx > 0) { input[idx] = '\0'; fprintf(stderr, "Client message export/import: %s\n", input); } else { fprintf(stderr, "ret = %d error = %d\n", idx, wolfSSL_get_error(ssl, idx)); goto done; } if (wolfSSL_write(ssl, msg, sizeof(msg)) != sizeof(msg)) { /*err_sys("SSL_write failed");*/ #ifdef WOLFSSL_TIRTOS return; #else return 0; #endif } #ifdef WOLFSSL_TIRTOS Task_yield(); #endif ((func_args*)args)->return_code = TEST_SUCCESS; done: wolfSSL_shutdown(ssl); wolfSSL_free(ssl); wolfSSL_CTX_free(ctx); CloseSocket(clientfd); #ifdef WOLFSSL_TIRTOS fdCloseSession(Task_self()); #endif #if defined(NO_MAIN_DRIVER) && defined(HAVE_ECC) && defined(FP_ECC) \ && defined(HAVE_THREAD_LS) wc_ecc_fp_free(); /* free per thread cache */ #endif #if defined(HAVE_SESSION_TICKET) && \ ((defined(HAVE_CHACHA) && defined(HAVE_POLY1305)) || defined(HAVE_AESGCM)) #if defined(OPENSSL_EXTRA) && defined(HAVE_AESGCM) OpenSSLTicketCleanup(); #elif defined(WOLFSSL_NO_DEF_TICKET_ENC_CB) TicketCleanup(); #endif #endif #ifndef WOLFSSL_TIRTOS return 0; #endif } static void load_tls12_canned_server(WOLFSSL* ssl) { int clientfd = wolfSSL_get_fd(ssl); AssertIntEQ(wolfSSL_tls_import(ssl, canned_server_session, sizeof(canned_server_session)), sizeof(canned_server_session)); wolfSSL_set_fd(ssl, clientfd); } #ifdef WOLFSSL_TLS13 static void load_tls13_canned_server(WOLFSSL* ssl) { int clientfd = wolfSSL_get_fd(ssl); AssertIntEQ(wolfSSL_tls_import(ssl, canned_server_tls13_session, sizeof(canned_server_tls13_session)), sizeof(canned_server_tls13_session)); wolfSSL_set_fd(ssl, clientfd); } #endif /* v is for version WOLFSSL_TLSV1_2 or WOLFSSL_TLSV1_3 */ static int test_wolfSSL_tls_export_run(int v) { SOCKET_T sockfd = 0; WOLFSSL_CTX* ctx = 0; WOLFSSL* ssl = 0; char msg[64] = "hello wolfssl!"; char reply[1024]; word32 replySz; int msgSz = (int)XSTRLEN(msg); const byte* clientSession = NULL; int clientSessionSz = 0; tcp_ready ready; func_args server_args; THREAD_TYPE serverThread; callback_functions server_cbf; #ifdef WOLFSSL_TIRTOS fdOpenSession(Task_self()); #endif InitTcpReady(&ready); #if defined(USE_WINDOWS_API) /* use RNG to get random port if using windows */ ready.port = GetRandomPort(); #endif XMEMSET(&server_args, 0, sizeof(func_args)); XMEMSET(&server_cbf, 0, sizeof(callback_functions)); switch (v) { case WOLFSSL_TLSV1_2: server_cbf.method = wolfTLSv1_2_server_method; server_cbf.ssl_ready = load_tls12_canned_server; /* setup the client side */ AssertNotNull(ctx = wolfSSL_CTX_new(wolfTLSv1_2_client_method())); wolfSSL_CTX_set_cipher_list(ctx, "ECDHE-RSA-AES128-SHA256"); clientSession = canned_client_session; clientSessionSz = sizeof(canned_client_session); break; #ifdef WOLFSSL_TLS13 case WOLFSSL_TLSV1_3: server_cbf.method = wolfTLSv1_3_server_method; server_cbf.ssl_ready = load_tls13_canned_server; /* setup the client side */ AssertNotNull(ctx = wolfSSL_CTX_new(wolfTLSv1_3_client_method())); clientSession = canned_client_tls13_session; clientSessionSz = sizeof(canned_client_tls13_session); break; #endif } server_args.callbacks = &server_cbf; server_args.signal = &ready; start_thread(tls_export_server, &server_args, &serverThread); wait_tcp_ready(&server_args); #ifdef WOLFSSL_TIRTOS fdOpenSession(Task_self()); #endif AssertNotNull(ssl = wolfSSL_new(ctx)); tcp_connect(&sockfd, wolfSSLIP, ready.port, 0, 0, ssl); AssertIntEQ(wolfSSL_tls_import(ssl, clientSession, clientSessionSz), clientSessionSz); replySz = sizeof(reply); AssertIntGT(wolfSSL_tls_export(ssl, (byte*)reply, &replySz), 0); #if !defined(NO_PSK) && defined(HAVE_ANON) /* index 20 has is setting if PSK was on and 49 is if anon is allowed */ AssertIntEQ(XMEMCMP(reply, clientSession, replySz), 0); #endif wolfSSL_set_fd(ssl, sockfd); AssertIntEQ(wolfSSL_write(ssl, msg, msgSz), msgSz); AssertIntGT(wolfSSL_read(ssl, reply, sizeof(reply)-1), 0); wolfSSL_free(ssl); wolfSSL_CTX_free(ctx); CloseSocket(sockfd); #ifdef WOLFSSL_TIRTOS fdCloseSession(Task_self()); #endif #if defined(NO_MAIN_DRIVER) && defined(HAVE_ECC) && defined(FP_ECC) \ && defined(HAVE_THREAD_LS) wc_ecc_fp_free(); /* free per thread cache */ #endif join_thread(serverThread); AssertIntEQ(server_args.return_code, TEST_SUCCESS); FreeTcpReady(&ready); #ifdef WOLFSSL_TIRTOS fdOpenSession(Task_self()); #endif return TEST_RES_CHECK(1); } #endif static int test_wolfSSL_tls_export(void) { int res = TEST_SKIPPED; #if defined(WOLFSSL_SESSION_EXPORT) && !defined(WOLFSSL_NO_TLS12) test_wolfSSL_tls_export_run(WOLFSSL_TLSV1_2); #ifdef WOLFSSL_TLS13 test_wolfSSL_tls_export_run(WOLFSSL_TLSV1_3); #endif res = TEST_RES_CHECK(1); #endif return res; } /*----------------------------------------------------------------------------* | TLS extensions tests *----------------------------------------------------------------------------*/ #ifdef ENABLE_TLS_CALLBACK_TEST /* Connection test runner - generic */ static void test_wolfSSL_client_server(callback_functions* client_callbacks, callback_functions* server_callbacks) { tcp_ready ready; func_args client_args; func_args server_args; THREAD_TYPE serverThread; XMEMSET(&client_args, 0, sizeof(func_args)); XMEMSET(&server_args, 0, sizeof(func_args)); StartTCP(); client_args.callbacks = client_callbacks; server_args.callbacks = server_callbacks; #ifdef WOLFSSL_TIRTOS fdOpenSession(Task_self()); #endif /* RUN Server side */ InitTcpReady(&ready); #if defined(USE_WINDOWS_API) /* use RNG to get random port if using windows */ ready.port = GetRandomPort(); #endif server_args.signal = &ready; client_args.signal = &ready; start_thread(run_wolfssl_server, &server_args, &serverThread); wait_tcp_ready(&server_args); /* RUN Client side */ run_wolfssl_client(&client_args); join_thread(serverThread); FreeTcpReady(&ready); #ifdef WOLFSSL_TIRTOS fdCloseSession(Task_self()); #endif client_callbacks->return_code = client_args.return_code; server_callbacks->return_code = server_args.return_code; } #endif /* ENABLE_TLS_CALLBACK_TEST */ #ifdef HAVE_SNI static int test_wolfSSL_UseSNI_params(void) { int res = TEST_SKIPPED; #if !defined(NO_WOLFSSL_CLIENT) WOLFSSL_CTX *ctx = wolfSSL_CTX_new(wolfSSLv23_client_method()); WOLFSSL *ssl = wolfSSL_new(ctx); AssertNotNull(ctx); AssertNotNull(ssl); /* invalid [ctx|ssl] */ AssertIntNE(WOLFSSL_SUCCESS, wolfSSL_CTX_UseSNI(NULL, 0, "ctx", 3)); AssertIntNE(WOLFSSL_SUCCESS, wolfSSL_UseSNI( NULL, 0, "ssl", 3)); /* invalid type */ AssertIntNE(WOLFSSL_SUCCESS, wolfSSL_CTX_UseSNI(ctx, -1, "ctx", 3)); AssertIntNE(WOLFSSL_SUCCESS, wolfSSL_UseSNI( ssl, -1, "ssl", 3)); /* invalid data */ AssertIntNE(WOLFSSL_SUCCESS, wolfSSL_CTX_UseSNI(ctx, 0, NULL, 3)); AssertIntNE(WOLFSSL_SUCCESS, wolfSSL_UseSNI( ssl, 0, NULL, 3)); /* success case */ AssertIntEQ(WOLFSSL_SUCCESS, wolfSSL_CTX_UseSNI(ctx, 0, "ctx", 3)); AssertIntEQ(WOLFSSL_SUCCESS, wolfSSL_UseSNI( ssl, 0, "ssl", 3)); wolfSSL_free(ssl); wolfSSL_CTX_free(ctx); res = TEST_RES_CHECK(1); #endif /* !NO_WOLFSSL_CLIENT */ return res; } /* BEGIN of connection tests callbacks */ static void use_SNI_at_ctx(WOLFSSL_CTX* ctx) { AssertIntEQ(WOLFSSL_SUCCESS, wolfSSL_CTX_UseSNI(ctx, WOLFSSL_SNI_HOST_NAME, "www.wolfssl.com", 15)); } static void use_SNI_at_ssl(WOLFSSL* ssl) { AssertIntEQ(WOLFSSL_SUCCESS, wolfSSL_UseSNI(ssl, WOLFSSL_SNI_HOST_NAME, "www.wolfssl.com", 15)); } static void different_SNI_at_ssl(WOLFSSL* ssl) { AssertIntEQ(WOLFSSL_SUCCESS, wolfSSL_UseSNI(ssl, WOLFSSL_SNI_HOST_NAME, "ww2.wolfssl.com", 15)); } static void use_SNI_WITH_CONTINUE_at_ssl(WOLFSSL* ssl) { use_SNI_at_ssl(ssl); wolfSSL_SNI_SetOptions(ssl, WOLFSSL_SNI_HOST_NAME, WOLFSSL_SNI_CONTINUE_ON_MISMATCH); } static void use_SNI_WITH_FAKE_ANSWER_at_ssl(WOLFSSL* ssl) { use_SNI_at_ssl(ssl); wolfSSL_SNI_SetOptions(ssl, WOLFSSL_SNI_HOST_NAME, WOLFSSL_SNI_ANSWER_ON_MISMATCH); } static void use_MANDATORY_SNI_at_ctx(WOLFSSL_CTX* ctx) { use_SNI_at_ctx(ctx); wolfSSL_CTX_SNI_SetOptions(ctx, WOLFSSL_SNI_HOST_NAME, WOLFSSL_SNI_ABORT_ON_ABSENCE); } static void use_MANDATORY_SNI_at_ssl(WOLFSSL* ssl) { use_SNI_at_ssl(ssl); wolfSSL_SNI_SetOptions(ssl, WOLFSSL_SNI_HOST_NAME, WOLFSSL_SNI_ABORT_ON_ABSENCE); } static void use_PSEUDO_MANDATORY_SNI_at_ctx(WOLFSSL_CTX* ctx) { use_SNI_at_ctx(ctx); wolfSSL_CTX_SNI_SetOptions(ctx, WOLFSSL_SNI_HOST_NAME, WOLFSSL_SNI_ANSWER_ON_MISMATCH | WOLFSSL_SNI_ABORT_ON_ABSENCE); } static void verify_UNKNOWN_SNI_on_server(WOLFSSL* ssl) { AssertIntEQ(UNKNOWN_SNI_HOST_NAME_E, wolfSSL_get_error(ssl, 0)); } static void verify_SNI_ABSENT_on_server(WOLFSSL* ssl) { AssertIntEQ(SNI_ABSENT_ERROR, wolfSSL_get_error(ssl, 0)); } static void verify_SNI_no_matching(WOLFSSL* ssl) { byte type = WOLFSSL_SNI_HOST_NAME; void* request = (void*) &type; /* to be overwritten */ AssertIntEQ(WOLFSSL_SNI_NO_MATCH, wolfSSL_SNI_Status(ssl, type)); AssertNotNull(request); AssertIntEQ(0, wolfSSL_SNI_GetRequest(ssl, type, &request)); AssertNull(request); } static void verify_SNI_real_matching(WOLFSSL* ssl) { byte type = WOLFSSL_SNI_HOST_NAME; void* request = NULL; AssertIntEQ(WOLFSSL_SNI_REAL_MATCH, wolfSSL_SNI_Status(ssl, type)); AssertIntEQ(15, wolfSSL_SNI_GetRequest(ssl, type, &request)); AssertNotNull(request); AssertStrEQ("www.wolfssl.com", (char*)request); } static void verify_SNI_fake_matching(WOLFSSL* ssl) { byte type = WOLFSSL_SNI_HOST_NAME; void* request = NULL; AssertIntEQ(WOLFSSL_SNI_FAKE_MATCH, wolfSSL_SNI_Status(ssl, type)); AssertIntEQ(15, wolfSSL_SNI_GetRequest(ssl, type, &request)); AssertNotNull(request); AssertStrEQ("ww2.wolfssl.com", (char*)request); } static void verify_FATAL_ERROR_on_client(WOLFSSL* ssl) { AssertIntEQ(FATAL_ERROR, wolfSSL_get_error(ssl, 0)); } /* END of connection tests callbacks */ static int test_wolfSSL_UseSNI_connection(void) { int res = TEST_SKIPPED; #if !defined(NO_WOLFSSL_CLIENT) && !defined(NO_WOLFSSL_SERVER) callback_functions client_cb; callback_functions server_cb; size_t i; struct { method_provider client_meth; method_provider server_meth; } methods[] = { #if defined(WOLFSSL_NO_TLS12) && !defined(WOLFSSL_TLS13) {wolfSSLv23_client_method, wolfSSLv23_server_method}, #endif #ifndef WOLFSSL_NO_TLS12 {wolfTLSv1_2_client_method, wolfTLSv1_2_server_method}, #endif #ifdef WOLFSSL_TLS13 {wolfTLSv1_3_client_method, wolfTLSv1_3_server_method}, #endif }; for (i = 0; i < (sizeof(methods)/sizeof(*methods)); i++) { XMEMSET(&client_cb, 0, sizeof(callback_functions)); XMEMSET(&server_cb, 0, sizeof(callback_functions)); client_cb.method = methods[i].client_meth; server_cb.method = methods[i].server_meth; client_cb.devId = testDevId; server_cb.devId = testDevId; /* success case at ctx */ printf("success case at ctx\n"); client_cb.ctx_ready = use_SNI_at_ctx; client_cb.ssl_ready = NULL; client_cb.on_result = NULL; server_cb.ctx_ready = use_SNI_at_ctx; server_cb.ssl_ready = NULL; server_cb.on_result = verify_SNI_real_matching; test_wolfSSL_client_server(&client_cb, &server_cb); /* success case at ssl */ printf("success case at ssl\n"); client_cb.ctx_ready = NULL; client_cb.ssl_ready = use_SNI_at_ssl; client_cb.on_result = verify_SNI_real_matching; server_cb.ctx_ready = NULL; server_cb.ssl_ready = use_SNI_at_ssl; server_cb.on_result = verify_SNI_real_matching; test_wolfSSL_client_server(&client_cb, &server_cb); /* default mismatch behavior */ printf("default mismatch behavior\n"); client_cb.ctx_ready = NULL; client_cb.ssl_ready = different_SNI_at_ssl; client_cb.on_result = verify_FATAL_ERROR_on_client; server_cb.ctx_ready = NULL; server_cb.ssl_ready = use_SNI_at_ssl; server_cb.on_result = verify_UNKNOWN_SNI_on_server; test_wolfSSL_client_server(&client_cb, &server_cb); /* continue on mismatch */ printf("continue on mismatch\n"); client_cb.ctx_ready = NULL; client_cb.ssl_ready = different_SNI_at_ssl; client_cb.on_result = NULL; server_cb.ctx_ready = NULL; server_cb.ssl_ready = use_SNI_WITH_CONTINUE_at_ssl; server_cb.on_result = verify_SNI_no_matching; test_wolfSSL_client_server(&client_cb, &server_cb); /* fake answer on mismatch */ printf("fake answer on mismatch\n"); client_cb.ctx_ready = NULL; client_cb.ssl_ready = different_SNI_at_ssl; client_cb.on_result = NULL; server_cb.ctx_ready = NULL; server_cb.ssl_ready = use_SNI_WITH_FAKE_ANSWER_at_ssl; server_cb.on_result = verify_SNI_fake_matching; test_wolfSSL_client_server(&client_cb, &server_cb); /* sni abort - success */ printf("sni abort - success\n"); client_cb.ctx_ready = use_SNI_at_ctx; client_cb.ssl_ready = NULL; client_cb.on_result = NULL; server_cb.ctx_ready = use_MANDATORY_SNI_at_ctx; server_cb.ssl_ready = NULL; server_cb.on_result = verify_SNI_real_matching; test_wolfSSL_client_server(&client_cb, &server_cb); /* sni abort - abort when absent (ctx) */ printf("sni abort - abort when absent (ctx)\n"); client_cb.ctx_ready = NULL; client_cb.ssl_ready = NULL; client_cb.on_result = verify_FATAL_ERROR_on_client; server_cb.ctx_ready = use_MANDATORY_SNI_at_ctx; server_cb.ssl_ready = NULL; server_cb.on_result = verify_SNI_ABSENT_on_server; test_wolfSSL_client_server(&client_cb, &server_cb); /* sni abort - abort when absent (ssl) */ printf("sni abort - abort when absent (ssl)\n"); client_cb.ctx_ready = NULL; client_cb.ssl_ready = NULL; client_cb.on_result = verify_FATAL_ERROR_on_client; server_cb.ctx_ready = NULL; server_cb.ssl_ready = use_MANDATORY_SNI_at_ssl; server_cb.on_result = verify_SNI_ABSENT_on_server; test_wolfSSL_client_server(&client_cb, &server_cb); /* sni abort - success when overwritten */ printf("sni abort - success when overwritten\n"); client_cb.ctx_ready = NULL; client_cb.ssl_ready = NULL; client_cb.on_result = NULL; server_cb.ctx_ready = use_MANDATORY_SNI_at_ctx; server_cb.ssl_ready = use_SNI_at_ssl; server_cb.on_result = verify_SNI_no_matching; test_wolfSSL_client_server(&client_cb, &server_cb); /* sni abort - success when allowing mismatches */ printf("sni abort - success when allowing mismatches\n"); client_cb.ctx_ready = NULL; client_cb.ssl_ready = different_SNI_at_ssl; client_cb.on_result = NULL; server_cb.ctx_ready = use_PSEUDO_MANDATORY_SNI_at_ctx; server_cb.ssl_ready = NULL; server_cb.on_result = verify_SNI_fake_matching; test_wolfSSL_client_server(&client_cb, &server_cb); } res = TEST_RES_CHECK(1); #endif /* !NO_WOLFSSL_CLIENT && !NO_WOLFSSL_SERVER */ return res; } static int test_wolfSSL_SNI_GetFromBuffer(void) { byte buff[] = { /* www.paypal.com */ 0x00, 0x00, 0x00, 0x00, 0xff, 0x01, 0x00, 0x00, 0x60, 0x03, 0x03, 0x5c, 0xc4, 0xb3, 0x8c, 0x87, 0xef, 0xa4, 0x09, 0xe0, 0x02, 0xab, 0x86, 0xca, 0x76, 0xf0, 0x9e, 0x01, 0x65, 0xf6, 0xa6, 0x06, 0x13, 0x1d, 0x0f, 0xa5, 0x79, 0xb0, 0xd4, 0x77, 0x22, 0xeb, 0x1a, 0x00, 0x00, 0x16, 0x00, 0x6b, 0x00, 0x67, 0x00, 0x39, 0x00, 0x33, 0x00, 0x3d, 0x00, 0x3c, 0x00, 0x35, 0x00, 0x2f, 0x00, 0x05, 0x00, 0x04, 0x00, 0x0a, 0x01, 0x00, 0x00, 0x21, 0x00, 0x00, 0x00, 0x13, 0x00, 0x11, 0x00, 0x00, 0x0e, 0x77, 0x77, 0x77, 0x2e, 0x70, 0x61, 0x79, 0x70, 0x61, 0x6c, 0x2e, 0x63, 0x6f, 0x6d, 0x00, 0x0d, 0x00, 0x06, 0x00, 0x04, 0x04, 0x01, 0x02, 0x01 }; byte buff2[] = { /* api.textmate.org */ 0x16, 0x03, 0x01, 0x00, 0xc6, 0x01, 0x00, 0x00, 0xc2, 0x03, 0x03, 0x52, 0x8b, 0x7b, 0xca, 0x69, 0xec, 0x97, 0xd5, 0x08, 0x03, 0x50, 0xfe, 0x3b, 0x99, 0xc3, 0x20, 0xce, 0xa5, 0xf6, 0x99, 0xa5, 0x71, 0xf9, 0x57, 0x7f, 0x04, 0x38, 0xf6, 0x11, 0x0b, 0xb8, 0xd3, 0x00, 0x00, 0x5e, 0x00, 0xff, 0xc0, 0x24, 0xc0, 0x23, 0xc0, 0x0a, 0xc0, 0x09, 0xc0, 0x07, 0xc0, 0x08, 0xc0, 0x28, 0xc0, 0x27, 0xc0, 0x14, 0xc0, 0x13, 0xc0, 0x11, 0xc0, 0x12, 0xc0, 0x26, 0xc0, 0x25, 0xc0, 0x2a, 0xc0, 0x29, 0xc0, 0x05, 0xc0, 0x04, 0xc0, 0x02, 0xc0, 0x03, 0xc0, 0x0f, 0xc0, 0x0e, 0xc0, 0x0c, 0xc0, 0x0d, 0x00, 0x3d, 0x00, 0x3c, 0x00, 0x2f, 0x00, 0x05, 0x00, 0x04, 0x00, 0x35, 0x00, 0x0a, 0x00, 0x67, 0x00, 0x6b, 0x00, 0x33, 0x00, 0x39, 0x00, 0x16, 0x00, 0xaf, 0x00, 0xae, 0x00, 0x8d, 0x00, 0x8c, 0x00, 0x8a, 0x00, 0x8b, 0x00, 0xb1, 0x00, 0xb0, 0x00, 0x2c, 0x00, 0x3b, 0x01, 0x00, 0x00, 0x3b, 0x00, 0x00, 0x00, 0x15, 0x00, 0x13, 0x00, 0x00, 0x10, 0x61, 0x70, 0x69, 0x2e, 0x74, 0x65, 0x78, 0x74, 0x6d, 0x61, 0x74, 0x65, 0x2e, 0x6f, 0x72, 0x67, 0x00, 0x0a, 0x00, 0x08, 0x00, 0x06, 0x00, 0x17, 0x00, 0x18, 0x00, 0x19, 0x00, 0x0b, 0x00, 0x02, 0x01, 0x00, 0x00, 0x0d, 0x00, 0x0c, 0x00, 0x0a, 0x05, 0x01, 0x04, 0x01, 0x02, 0x01, 0x04, 0x03, 0x02, 0x03 }; byte buff3[] = { /* no sni extension */ 0x16, 0x03, 0x03, 0x00, 0x4d, 0x01, 0x00, 0x00, 0x49, 0x03, 0x03, 0xea, 0xa1, 0x9f, 0x60, 0xdd, 0x52, 0x12, 0x13, 0xbd, 0x84, 0x34, 0xd5, 0x1c, 0x38, 0x25, 0xa8, 0x97, 0xd2, 0xd5, 0xc6, 0x45, 0xaf, 0x1b, 0x08, 0xe4, 0x1e, 0xbb, 0xdf, 0x9d, 0x39, 0xf0, 0x65, 0x00, 0x00, 0x16, 0x00, 0x6b, 0x00, 0x67, 0x00, 0x39, 0x00, 0x33, 0x00, 0x3d, 0x00, 0x3c, 0x00, 0x35, 0x00, 0x2f, 0x00, 0x05, 0x00, 0x04, 0x00, 0x0a, 0x01, 0x00, 0x00, 0x0a, 0x00, 0x0d, 0x00, 0x06, 0x00, 0x04, 0x04, 0x01, 0x02, 0x01 }; byte buff4[] = { /* last extension has zero size */ 0x16, 0x03, 0x01, 0x00, 0xba, 0x01, 0x00, 0x00, 0xb6, 0x03, 0x03, 0x83, 0xa3, 0xe6, 0xdc, 0x16, 0xa1, 0x43, 0xe9, 0x45, 0x15, 0xbd, 0x64, 0xa9, 0xb6, 0x07, 0xb4, 0x50, 0xc6, 0xdd, 0xff, 0xc2, 0xd3, 0x0d, 0x4f, 0x36, 0xb4, 0x41, 0x51, 0x61, 0xc1, 0xa5, 0x9e, 0x00, 0x00, 0x28, 0xcc, 0x14, 0xcc, 0x13, 0xc0, 0x2b, 0xc0, 0x2f, 0x00, 0x9e, 0xc0, 0x0a, 0xc0, 0x09, 0xc0, 0x13, 0xc0, 0x14, 0xc0, 0x07, 0xc0, 0x11, 0x00, 0x33, 0x00, 0x32, 0x00, 0x39, 0x00, 0x9c, 0x00, 0x2f, 0x00, 0x35, 0x00, 0x0a, 0x00, 0x05, 0x00, 0x04, 0x01, 0x00, 0x00, 0x65, 0xff, 0x01, 0x00, 0x01, 0x00, 0x00, 0x0a, 0x00, 0x08, 0x00, 0x06, 0x00, 0x17, 0x00, 0x18, 0x00, 0x19, 0x00, 0x0b, 0x00, 0x02, 0x01, 0x00, 0x00, 0x23, 0x00, 0x00, 0x33, 0x74, 0x00, 0x00, 0x00, 0x10, 0x00, 0x1b, 0x00, 0x19, 0x06, 0x73, 0x70, 0x64, 0x79, 0x2f, 0x33, 0x08, 0x73, 0x70, 0x64, 0x79, 0x2f, 0x33, 0x2e, 0x31, 0x08, 0x68, 0x74, 0x74, 0x70, 0x2f, 0x31, 0x2e, 0x31, 0x75, 0x50, 0x00, 0x00, 0x00, 0x05, 0x00, 0x05, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x0d, 0x00, 0x12, 0x00, 0x10, 0x04, 0x01, 0x05, 0x01, 0x02, 0x01, 0x04, 0x03, 0x05, 0x03, 0x02, 0x03, 0x04, 0x02, 0x02, 0x02, 0x00, 0x12, 0x00, 0x00 }; byte buff5[] = { /* SSL v2.0 client hello */ 0x00, 0x2b, 0x01, 0x03, 0x01, 0x00, 0x09, 0x00, 0x00, /* dummy bytes bellow, just to pass size check */ 0xb6, 0x03, 0x03, 0x83, 0xa3, 0xe6, 0xdc, 0x16, 0xa1, 0x43, 0xe9, 0x45, 0x15, 0xbd, 0x64, 0xa9, 0xb6, 0x07, 0xb4, 0x50, 0xc6, 0xdd, 0xff, 0xc2, 0xd3, 0x0d, 0x4f, 0x36, 0xb4, 0x41, 0x51, 0x61, 0xc1, 0xa5, 0x9e, 0x00, }; byte result[32] = {0}; word32 length = 32; AssertIntEQ(0, wolfSSL_SNI_GetFromBuffer(buff4, sizeof(buff4), 0, result, &length)); AssertIntEQ(0, wolfSSL_SNI_GetFromBuffer(buff3, sizeof(buff3), 0, result, &length)); AssertIntEQ(0, wolfSSL_SNI_GetFromBuffer(buff2, sizeof(buff2), 1, result, &length)); AssertIntEQ(BUFFER_ERROR, wolfSSL_SNI_GetFromBuffer(buff, sizeof(buff), 0, result, &length)); buff[0] = 0x16; AssertIntEQ(BUFFER_ERROR, wolfSSL_SNI_GetFromBuffer(buff, sizeof(buff), 0, result, &length)); buff[1] = 0x03; AssertIntEQ(SNI_UNSUPPORTED, wolfSSL_SNI_GetFromBuffer(buff, sizeof(buff), 0, result, &length)); buff[2] = 0x03; AssertIntEQ(INCOMPLETE_DATA, wolfSSL_SNI_GetFromBuffer(buff, sizeof(buff), 0, result, &length)); buff[4] = 0x64; AssertIntEQ(WOLFSSL_SUCCESS, wolfSSL_SNI_GetFromBuffer(buff, sizeof(buff), 0, result, &length)); result[length] = 0; AssertStrEQ("www.paypal.com", (const char*) result); length = 32; AssertIntEQ(WOLFSSL_SUCCESS, wolfSSL_SNI_GetFromBuffer(buff2, sizeof(buff2), 0, result, &length)); result[length] = 0; AssertStrEQ("api.textmate.org", (const char*) result); /* SSL v2.0 tests */ AssertIntEQ(SNI_UNSUPPORTED, wolfSSL_SNI_GetFromBuffer(buff5, sizeof(buff5), 0, result, &length)); buff5[2] = 0x02; AssertIntEQ(BUFFER_ERROR, wolfSSL_SNI_GetFromBuffer(buff5, sizeof(buff5), 0, result, &length)); buff5[2] = 0x01; buff5[6] = 0x08; AssertIntEQ(BUFFER_ERROR, wolfSSL_SNI_GetFromBuffer(buff5, sizeof(buff5), 0, result, &length)); buff5[6] = 0x09; buff5[8] = 0x01; AssertIntEQ(BUFFER_ERROR, wolfSSL_SNI_GetFromBuffer(buff5, sizeof(buff5), 0, result, &length)); return TEST_RES_CHECK(1); } #endif /* HAVE_SNI */ #endif /* HAVE_IO_TESTS_DEPENDENCIES */ static int test_wolfSSL_UseTrustedCA(void) { int res = TEST_SKIPPED; #if defined(HAVE_TRUSTED_CA) && !defined(NO_CERTS) && !defined(NO_FILESYSTEM) \ && !defined(NO_RSA) #if !defined(NO_WOLFSSL_CLIENT) || !defined(NO_WOLFSSL_SERVER) WOLFSSL_CTX *ctx; WOLFSSL *ssl; byte id[20]; #ifndef NO_WOLFSSL_SERVER AssertNotNull((ctx = wolfSSL_CTX_new(wolfSSLv23_server_method()))); AssertTrue(wolfSSL_CTX_use_certificate_file(ctx, svrCertFile, WOLFSSL_FILETYPE_PEM)); AssertTrue(wolfSSL_CTX_use_PrivateKey_file(ctx, svrKeyFile, WOLFSSL_FILETYPE_PEM)); #else AssertNotNull((ctx = wolfSSL_CTX_new(wolfSSLv23_client_method()))); #endif AssertNotNull((ssl = wolfSSL_new(ctx))); XMEMSET(id, 0, sizeof(id)); /* error cases */ AssertIntNE(WOLFSSL_SUCCESS, wolfSSL_UseTrustedCA(NULL, 0, NULL, 0)); AssertIntNE(WOLFSSL_SUCCESS, wolfSSL_UseTrustedCA(ssl, WOLFSSL_TRUSTED_CA_CERT_SHA1+1, NULL, 0)); AssertIntNE(WOLFSSL_SUCCESS, wolfSSL_UseTrustedCA(ssl, WOLFSSL_TRUSTED_CA_CERT_SHA1, NULL, 0)); AssertIntNE(WOLFSSL_SUCCESS, wolfSSL_UseTrustedCA(ssl, WOLFSSL_TRUSTED_CA_CERT_SHA1, id, 5)); #ifdef NO_SHA AssertIntNE(WOLFSSL_SUCCESS, wolfSSL_UseTrustedCA(ssl, WOLFSSL_TRUSTED_CA_KEY_SHA1, id, sizeof(id))); #endif AssertIntNE(WOLFSSL_SUCCESS, wolfSSL_UseTrustedCA(ssl, WOLFSSL_TRUSTED_CA_X509_NAME, id, 0)); /* success cases */ AssertIntEQ(WOLFSSL_SUCCESS, wolfSSL_UseTrustedCA(ssl, WOLFSSL_TRUSTED_CA_PRE_AGREED, NULL, 0)); #ifndef NO_SHA AssertIntEQ(WOLFSSL_SUCCESS, wolfSSL_UseTrustedCA(ssl, WOLFSSL_TRUSTED_CA_KEY_SHA1, id, sizeof(id))); #endif AssertIntEQ(WOLFSSL_SUCCESS, wolfSSL_UseTrustedCA(ssl, WOLFSSL_TRUSTED_CA_X509_NAME, id, 5)); wolfSSL_free(ssl); wolfSSL_CTX_free(ctx); res = TEST_RES_CHECK(1); #endif /* !NO_WOLFSSL_CLIENT || !NO_WOLFSSL_SERVER */ #endif /* HAVE_TRUSTED_CA */ return res; } static int test_wolfSSL_UseMaxFragment(void) { int res = TEST_SKIPPED; #if defined(HAVE_MAX_FRAGMENT) && !defined(NO_CERTS) && \ !defined(NO_FILESYSTEM) && !defined(NO_RSA) #if !defined(NO_WOLFSSL_CLIENT) || !defined(NO_WOLFSSL_SERVER) #ifndef NO_WOLFSSL_SERVER WOLFSSL_CTX* ctx = wolfSSL_CTX_new(wolfSSLv23_server_method()); #else WOLFSSL_CTX* ctx = wolfSSL_CTX_new(wolfSSLv23_client_method()); #endif WOLFSSL *ssl; #ifdef OPENSSL_EXTRA int (*UseMaxFragment)(SSL *s, uint8_t mode); int (*CTX_UseMaxFragment)(SSL_CTX *c, uint8_t mode); #else int (*UseMaxFragment)(WOLFSSL *s, unsigned char mode); int (*CTX_UseMaxFragment)(WOLFSSL_CTX *c, unsigned char mode); #endif #ifndef NO_WOLFSSL_SERVER AssertTrue(wolfSSL_CTX_use_certificate_file(ctx, svrCertFile, WOLFSSL_FILETYPE_PEM)); AssertTrue(wolfSSL_CTX_use_PrivateKey_file(ctx, svrKeyFile, WOLFSSL_FILETYPE_PEM)); #endif AssertNotNull(ctx); ssl = wolfSSL_new(ctx); AssertNotNull(ssl); #ifdef OPENSSL_EXTRA CTX_UseMaxFragment = SSL_CTX_set_tlsext_max_fragment_length; UseMaxFragment = SSL_set_tlsext_max_fragment_length; #else UseMaxFragment = wolfSSL_UseMaxFragment; CTX_UseMaxFragment = wolfSSL_CTX_UseMaxFragment; #endif /* error cases */ AssertIntNE(WOLFSSL_SUCCESS, CTX_UseMaxFragment(NULL, WOLFSSL_MFL_2_9)); AssertIntNE(WOLFSSL_SUCCESS, UseMaxFragment( NULL, WOLFSSL_MFL_2_9)); AssertIntNE(WOLFSSL_SUCCESS, CTX_UseMaxFragment(ctx, WOLFSSL_MFL_MIN-1)); AssertIntNE(WOLFSSL_SUCCESS, CTX_UseMaxFragment(ctx, WOLFSSL_MFL_MAX+1)); AssertIntNE(WOLFSSL_SUCCESS, UseMaxFragment(ssl, WOLFSSL_MFL_MIN-1)); AssertIntNE(WOLFSSL_SUCCESS, UseMaxFragment(ssl, WOLFSSL_MFL_MAX+1)); /* success case */ #ifdef OPENSSL_EXTRA AssertIntEQ(BAD_FUNC_ARG, CTX_UseMaxFragment(ctx, WOLFSSL_MFL_2_8)); #else AssertIntEQ(WOLFSSL_SUCCESS, CTX_UseMaxFragment(ctx, WOLFSSL_MFL_2_8)); #endif AssertIntEQ(WOLFSSL_SUCCESS, CTX_UseMaxFragment(ctx, WOLFSSL_MFL_2_9)); AssertIntEQ(WOLFSSL_SUCCESS, CTX_UseMaxFragment(ctx, WOLFSSL_MFL_2_10)); AssertIntEQ(WOLFSSL_SUCCESS, CTX_UseMaxFragment(ctx, WOLFSSL_MFL_2_11)); AssertIntEQ(WOLFSSL_SUCCESS, CTX_UseMaxFragment(ctx, WOLFSSL_MFL_2_12)); #ifdef OPENSSL_EXTRA AssertIntEQ(BAD_FUNC_ARG, CTX_UseMaxFragment(ctx, WOLFSSL_MFL_2_13)); AssertIntEQ(BAD_FUNC_ARG, UseMaxFragment( ssl, WOLFSSL_MFL_2_8)); #else AssertIntEQ(WOLFSSL_SUCCESS, CTX_UseMaxFragment(ctx, WOLFSSL_MFL_2_13)); AssertIntEQ(WOLFSSL_SUCCESS, UseMaxFragment( ssl, WOLFSSL_MFL_2_8)); #endif AssertIntEQ(WOLFSSL_SUCCESS, UseMaxFragment( ssl, WOLFSSL_MFL_2_9)); AssertIntEQ(WOLFSSL_SUCCESS, UseMaxFragment( ssl, WOLFSSL_MFL_2_10)); AssertIntEQ(WOLFSSL_SUCCESS, UseMaxFragment( ssl, WOLFSSL_MFL_2_11)); AssertIntEQ(WOLFSSL_SUCCESS, UseMaxFragment( ssl, WOLFSSL_MFL_2_12)); #ifdef OPENSSL_EXTRA AssertIntEQ(BAD_FUNC_ARG, UseMaxFragment( ssl, WOLFSSL_MFL_2_13)); #else AssertIntEQ(WOLFSSL_SUCCESS, UseMaxFragment( ssl, WOLFSSL_MFL_2_13)); #endif wolfSSL_free(ssl); wolfSSL_CTX_free(ctx); res = TEST_RES_CHECK(1); #endif /* !NO_WOLFSSL_CLIENT || !NO_WOLFSSL_SERVER */ #endif return res; } static int test_wolfSSL_UseTruncatedHMAC(void) { int res = TEST_SKIPPED; #if defined(HAVE_TRUNCATED_HMAC) && !defined(NO_CERTS) && \ !defined(NO_FILESYSTEM) && !defined(NO_RSA) #if !defined(NO_WOLFSSL_CLIENT) || !defined(NO_WOLFSSL_SERVER) #ifndef NO_WOLFSSL_SERVER WOLFSSL_CTX* ctx = wolfSSL_CTX_new(wolfSSLv23_server_method()); #else WOLFSSL_CTX* ctx = wolfSSL_CTX_new(wolfSSLv23_client_method()); #endif WOLFSSL *ssl; AssertNotNull(ctx); #ifndef NO_WOLFSSL_SERVER AssertTrue(wolfSSL_CTX_use_certificate_file(ctx, svrCertFile, WOLFSSL_FILETYPE_PEM)); AssertTrue(wolfSSL_CTX_use_PrivateKey_file(ctx, svrKeyFile, WOLFSSL_FILETYPE_PEM)); #endif ssl = wolfSSL_new(ctx); AssertNotNull(ssl); /* error cases */ AssertIntNE(WOLFSSL_SUCCESS, wolfSSL_CTX_UseTruncatedHMAC(NULL)); AssertIntNE(WOLFSSL_SUCCESS, wolfSSL_UseTruncatedHMAC(NULL)); /* success case */ AssertIntEQ(WOLFSSL_SUCCESS, wolfSSL_CTX_UseTruncatedHMAC(ctx)); AssertIntEQ(WOLFSSL_SUCCESS, wolfSSL_UseTruncatedHMAC(ssl)); wolfSSL_free(ssl); wolfSSL_CTX_free(ctx); res = TEST_RES_CHECK(1); #endif /* !NO_WOLFSSL_CLIENT || !NO_WOLFSSL_SERVER */ #endif return res; } static int test_wolfSSL_UseSupportedCurve(void) { int res = TEST_SKIPPED; #if defined(HAVE_SUPPORTED_CURVES) && !defined(NO_WOLFSSL_CLIENT) && !defined(NO_TLS) WOLFSSL_CTX* ctx = wolfSSL_CTX_new(wolfSSLv23_client_method()); WOLFSSL *ssl = wolfSSL_new(ctx); AssertNotNull(ctx); AssertNotNull(ssl); /* error cases */ AssertIntNE(WOLFSSL_SUCCESS, wolfSSL_CTX_UseSupportedCurve(NULL, WOLFSSL_ECC_SECP256R1)); AssertIntNE(WOLFSSL_SUCCESS, wolfSSL_CTX_UseSupportedCurve(ctx, 0)); AssertIntNE(WOLFSSL_SUCCESS, wolfSSL_UseSupportedCurve(NULL, WOLFSSL_ECC_SECP256R1)); AssertIntNE(WOLFSSL_SUCCESS, wolfSSL_UseSupportedCurve(ssl, 0)); /* success case */ AssertIntEQ(WOLFSSL_SUCCESS, wolfSSL_CTX_UseSupportedCurve(ctx, WOLFSSL_ECC_SECP256R1)); AssertIntEQ(WOLFSSL_SUCCESS, wolfSSL_UseSupportedCurve(ssl, WOLFSSL_ECC_SECP256R1)); wolfSSL_free(ssl); wolfSSL_CTX_free(ctx); res = TEST_RES_CHECK(1); #endif return res; } #if defined(HAVE_ALPN) && defined(HAVE_IO_TESTS_DEPENDENCIES) static void verify_ALPN_FATAL_ERROR_on_client(WOLFSSL* ssl) { AssertIntEQ(UNKNOWN_ALPN_PROTOCOL_NAME_E, wolfSSL_get_error(ssl, 0)); } static void use_ALPN_all(WOLFSSL* ssl) { /* http/1.1,spdy/1,spdy/2,spdy/3 */ char alpn_list[] = {0x68, 0x74, 0x74, 0x70, 0x2f, 0x31, 0x2e, 0x31, 0x2c, 0x73, 0x70, 0x64, 0x79, 0x2f, 0x31, 0x2c, 0x73, 0x70, 0x64, 0x79, 0x2f, 0x32, 0x2c, 0x73, 0x70, 0x64, 0x79, 0x2f, 0x33}; AssertIntEQ(WOLFSSL_SUCCESS, wolfSSL_UseALPN(ssl, alpn_list, sizeof(alpn_list), WOLFSSL_ALPN_FAILED_ON_MISMATCH)); } static void use_ALPN_all_continue(WOLFSSL* ssl) { /* http/1.1,spdy/1,spdy/2,spdy/3 */ char alpn_list[] = {0x68, 0x74, 0x74, 0x70, 0x2f, 0x31, 0x2e, 0x31, 0x2c, 0x73, 0x70, 0x64, 0x79, 0x2f, 0x31, 0x2c, 0x73, 0x70, 0x64, 0x79, 0x2f, 0x32, 0x2c, 0x73, 0x70, 0x64, 0x79, 0x2f, 0x33}; AssertIntEQ(WOLFSSL_SUCCESS, wolfSSL_UseALPN(ssl, alpn_list, sizeof(alpn_list), WOLFSSL_ALPN_CONTINUE_ON_MISMATCH)); } static void use_ALPN_one(WOLFSSL* ssl) { /* spdy/2 */ char proto[] = {0x73, 0x70, 0x64, 0x79, 0x2f, 0x32}; AssertIntEQ(WOLFSSL_SUCCESS, wolfSSL_UseALPN(ssl, proto, sizeof(proto), WOLFSSL_ALPN_FAILED_ON_MISMATCH)); } static void use_ALPN_unknown(WOLFSSL* ssl) { /* http/2.0 */ char proto[] = {0x68, 0x74, 0x74, 0x70, 0x2f, 0x32, 0x2e, 0x30}; AssertIntEQ(WOLFSSL_SUCCESS, wolfSSL_UseALPN(ssl, proto, sizeof(proto), WOLFSSL_ALPN_FAILED_ON_MISMATCH)); } static void use_ALPN_unknown_continue(WOLFSSL* ssl) { /* http/2.0 */ char proto[] = {0x68, 0x74, 0x74, 0x70, 0x2f, 0x32, 0x2e, 0x30}; AssertIntEQ(WOLFSSL_SUCCESS, wolfSSL_UseALPN(ssl, proto, sizeof(proto), WOLFSSL_ALPN_CONTINUE_ON_MISMATCH)); } static void verify_ALPN_not_matching_spdy3(WOLFSSL* ssl) { /* spdy/3 */ char nego_proto[] = {0x73, 0x70, 0x64, 0x79, 0x2f, 0x33}; char *proto = NULL; word16 protoSz = 0; AssertIntEQ(WOLFSSL_SUCCESS, wolfSSL_ALPN_GetProtocol(ssl, &proto, &protoSz)); /* check value */ AssertIntNE(1, sizeof(nego_proto) == protoSz); if (proto) { AssertIntNE(0, XMEMCMP(nego_proto, proto, sizeof(nego_proto))); } } static void verify_ALPN_not_matching_continue(WOLFSSL* ssl) { char *proto = NULL; word16 protoSz = 0; AssertIntEQ(WOLFSSL_ALPN_NOT_FOUND, wolfSSL_ALPN_GetProtocol(ssl, &proto, &protoSz)); /* check value */ AssertIntEQ(1, (0 == protoSz)); AssertIntEQ(1, (NULL == proto)); } static void verify_ALPN_matching_http1(WOLFSSL* ssl) { /* http/1.1 */ char nego_proto[] = {0x68, 0x74, 0x74, 0x70, 0x2f, 0x31, 0x2e, 0x31}; char *proto; word16 protoSz = 0; AssertIntEQ(WOLFSSL_SUCCESS, wolfSSL_ALPN_GetProtocol(ssl, &proto, &protoSz)); /* check value */ AssertIntEQ(1, sizeof(nego_proto) == protoSz); AssertIntEQ(0, XMEMCMP(nego_proto, proto, protoSz)); } static void verify_ALPN_matching_spdy2(WOLFSSL* ssl) { /* spdy/2 */ char nego_proto[] = {0x73, 0x70, 0x64, 0x79, 0x2f, 0x32}; char *proto; word16 protoSz = 0; AssertIntEQ(WOLFSSL_SUCCESS, wolfSSL_ALPN_GetProtocol(ssl, &proto, &protoSz)); /* check value */ AssertIntEQ(1, sizeof(nego_proto) == protoSz); AssertIntEQ(0, XMEMCMP(nego_proto, proto, protoSz)); } static void verify_ALPN_client_list(WOLFSSL* ssl) { /* http/1.1,spdy/1,spdy/2,spdy/3 */ char alpn_list[] = {0x68, 0x74, 0x74, 0x70, 0x2f, 0x31, 0x2e, 0x31, 0x2c, 0x73, 0x70, 0x64, 0x79, 0x2f, 0x31, 0x2c, 0x73, 0x70, 0x64, 0x79, 0x2f, 0x32, 0x2c, 0x73, 0x70, 0x64, 0x79, 0x2f, 0x33}; char *clist = NULL; word16 clistSz = 0; AssertIntEQ(WOLFSSL_SUCCESS, wolfSSL_ALPN_GetPeerProtocol(ssl, &clist, &clistSz)); /* check value */ AssertIntEQ(1, sizeof(alpn_list) == clistSz); AssertIntEQ(0, XMEMCMP(alpn_list, clist, clistSz)); AssertIntEQ(WOLFSSL_SUCCESS, wolfSSL_ALPN_FreePeerProtocol(ssl, &clist)); } static int test_wolfSSL_UseALPN_connection(void) { int res = TEST_SKIPPED; #if !defined(NO_WOLFSSL_CLIENT) && !defined(NO_WOLFSSL_SERVER) callback_functions client_cb; callback_functions server_cb; XMEMSET(&client_cb, 0, sizeof(callback_functions)); XMEMSET(&server_cb, 0, sizeof(callback_functions)); client_cb.method = wolfSSLv23_client_method; server_cb.method = wolfSSLv23_server_method; client_cb.devId = testDevId; server_cb.devId = testDevId; /* success case same list */ client_cb.ctx_ready = NULL; client_cb.ssl_ready = use_ALPN_all; client_cb.on_result = NULL; server_cb.ctx_ready = NULL; server_cb.ssl_ready = use_ALPN_all; server_cb.on_result = verify_ALPN_matching_http1; test_wolfSSL_client_server(&client_cb, &server_cb); /* success case only one for server */ client_cb.ctx_ready = NULL; client_cb.ssl_ready = use_ALPN_all; client_cb.on_result = NULL; server_cb.ctx_ready = NULL; server_cb.ssl_ready = use_ALPN_one; server_cb.on_result = verify_ALPN_matching_spdy2; test_wolfSSL_client_server(&client_cb, &server_cb); /* success case only one for client */ client_cb.ctx_ready = NULL; client_cb.ssl_ready = use_ALPN_one; client_cb.on_result = NULL; server_cb.ctx_ready = NULL; server_cb.ssl_ready = use_ALPN_all; server_cb.on_result = verify_ALPN_matching_spdy2; test_wolfSSL_client_server(&client_cb, &server_cb); /* success case none for client */ client_cb.ctx_ready = NULL; client_cb.ssl_ready = NULL; client_cb.on_result = NULL; server_cb.ctx_ready = NULL; server_cb.ssl_ready = use_ALPN_all; server_cb.on_result = NULL; test_wolfSSL_client_server(&client_cb, &server_cb); /* success case mismatch behavior but option 'continue' set */ client_cb.ctx_ready = NULL; client_cb.ssl_ready = use_ALPN_all_continue; client_cb.on_result = verify_ALPN_not_matching_continue; server_cb.ctx_ready = NULL; server_cb.ssl_ready = use_ALPN_unknown_continue; server_cb.on_result = NULL; test_wolfSSL_client_server(&client_cb, &server_cb); /* success case read protocol send by client */ client_cb.ctx_ready = NULL; client_cb.ssl_ready = use_ALPN_all; client_cb.on_result = NULL; server_cb.ctx_ready = NULL; server_cb.ssl_ready = use_ALPN_one; server_cb.on_result = verify_ALPN_client_list; test_wolfSSL_client_server(&client_cb, &server_cb); /* mismatch behavior with same list * the first and only this one must be taken */ client_cb.ctx_ready = NULL; client_cb.ssl_ready = use_ALPN_all; client_cb.on_result = NULL; server_cb.ctx_ready = NULL; server_cb.ssl_ready = use_ALPN_all; server_cb.on_result = verify_ALPN_not_matching_spdy3; test_wolfSSL_client_server(&client_cb, &server_cb); /* default mismatch behavior */ client_cb.ctx_ready = NULL; client_cb.ssl_ready = use_ALPN_all; client_cb.on_result = NULL; server_cb.ctx_ready = NULL; server_cb.ssl_ready = use_ALPN_unknown; server_cb.on_result = verify_ALPN_FATAL_ERROR_on_client; test_wolfSSL_client_server(&client_cb, &server_cb); res = TEST_RES_CHECK(1); #endif /* !NO_WOLFSSL_CLIENT && !NO_WOLFSSL_SERVER */ return res; } static int test_wolfSSL_UseALPN_params(void) { int res = TEST_SKIPPED; #ifndef NO_WOLFSSL_CLIENT /* "http/1.1" */ char http1[] = {0x68, 0x74, 0x74, 0x70, 0x2f, 0x31, 0x2e, 0x31}; /* "spdy/1" */ char spdy1[] = {0x73, 0x70, 0x64, 0x79, 0x2f, 0x31}; /* "spdy/2" */ char spdy2[] = {0x73, 0x70, 0x64, 0x79, 0x2f, 0x32}; /* "spdy/3" */ char spdy3[] = {0x73, 0x70, 0x64, 0x79, 0x2f, 0x33}; char buff[256]; word32 idx; WOLFSSL_CTX *ctx = wolfSSL_CTX_new(wolfSSLv23_client_method()); WOLFSSL *ssl = wolfSSL_new(ctx); AssertNotNull(ctx); AssertNotNull(ssl); /* error cases */ AssertIntNE(WOLFSSL_SUCCESS, wolfSSL_UseALPN(NULL, http1, sizeof(http1), WOLFSSL_ALPN_FAILED_ON_MISMATCH)); AssertIntNE(WOLFSSL_SUCCESS, wolfSSL_UseALPN(ssl, NULL, 0, WOLFSSL_ALPN_FAILED_ON_MISMATCH)); /* success case */ /* http1 only */ AssertIntEQ(WOLFSSL_SUCCESS, wolfSSL_UseALPN(ssl, http1, sizeof(http1), WOLFSSL_ALPN_FAILED_ON_MISMATCH)); /* http1, spdy1 */ XMEMCPY(buff, http1, sizeof(http1)); idx = sizeof(http1); buff[idx++] = ','; XMEMCPY(buff+idx, spdy1, sizeof(spdy1)); idx += sizeof(spdy1); AssertIntEQ(WOLFSSL_SUCCESS, wolfSSL_UseALPN(ssl, buff, idx, WOLFSSL_ALPN_FAILED_ON_MISMATCH)); /* http1, spdy2, spdy1 */ XMEMCPY(buff, http1, sizeof(http1)); idx = sizeof(http1); buff[idx++] = ','; XMEMCPY(buff+idx, spdy2, sizeof(spdy2)); idx += sizeof(spdy2); buff[idx++] = ','; XMEMCPY(buff+idx, spdy1, sizeof(spdy1)); idx += sizeof(spdy1); AssertIntEQ(WOLFSSL_SUCCESS, wolfSSL_UseALPN(ssl, buff, idx, WOLFSSL_ALPN_FAILED_ON_MISMATCH)); /* spdy3, http1, spdy2, spdy1 */ XMEMCPY(buff, spdy3, sizeof(spdy3)); idx = sizeof(spdy3); buff[idx++] = ','; XMEMCPY(buff+idx, http1, sizeof(http1)); idx += sizeof(http1); buff[idx++] = ','; XMEMCPY(buff+idx, spdy2, sizeof(spdy2)); idx += sizeof(spdy2); buff[idx++] = ','; XMEMCPY(buff+idx, spdy1, sizeof(spdy1)); idx += sizeof(spdy1); AssertIntEQ(WOLFSSL_SUCCESS, wolfSSL_UseALPN(ssl, buff, idx, WOLFSSL_ALPN_CONTINUE_ON_MISMATCH)); wolfSSL_free(ssl); wolfSSL_CTX_free(ctx); res = TEST_RES_CHECK(1); #endif return res; } #endif /* HAVE_ALPN */ #ifdef HAVE_ALPN_PROTOS_SUPPORT static void CTX_set_alpn_protos(SSL_CTX *ctx) { unsigned char p[] = { 8, 'h', 't', 't', 'p', '/', '1', '.', '1', 6, 's', 'p', 'd', 'y', '/', '2', 6, 's', 'p', 'd', 'y', '/', '1', }; unsigned char p_len = sizeof(p); int ret; ret = SSL_CTX_set_alpn_protos(ctx, p, p_len); #ifdef WOLFSSL_ERROR_CODE_OPENSSL AssertIntEQ(ret, 0); #else AssertIntEQ(ret, SSL_SUCCESS); #endif } static void set_alpn_protos(SSL* ssl) { unsigned char p[] = { 6, 's', 'p', 'd', 'y', '/', '3', 8, 'h', 't', 't', 'p', '/', '1', '.', '1', 6, 's', 'p', 'd', 'y', '/', '2', 6, 's', 'p', 'd', 'y', '/', '1', }; unsigned char p_len = sizeof(p); int ret; ret = SSL_set_alpn_protos(ssl, p, p_len); #ifdef WOLFSSL_ERROR_CODE_OPENSSL AssertIntEQ(ret, 0); #else AssertIntEQ(ret, SSL_SUCCESS); #endif } static void verify_alpn_matching_spdy3(WOLFSSL* ssl) { /* "spdy/3" */ char nego_proto[] = {0x73, 0x70, 0x64, 0x79, 0x2f, 0x33}; const unsigned char *proto; unsigned int protoSz = 0; SSL_get0_alpn_selected(ssl, &proto, &protoSz); /* check value */ AssertIntEQ(1, sizeof(nego_proto) == protoSz); AssertIntEQ(0, XMEMCMP(nego_proto, proto, protoSz)); } static void verify_alpn_matching_http1(WOLFSSL* ssl) { /* "http/1.1" */ char nego_proto[] = {0x68, 0x74, 0x74, 0x70, 0x2f, 0x31, 0x2e, 0x31}; const unsigned char *proto; unsigned int protoSz = 0; SSL_get0_alpn_selected(ssl, &proto, &protoSz); /* check value */ AssertIntEQ(1, sizeof(nego_proto) == protoSz); AssertIntEQ(0, XMEMCMP(nego_proto, proto, protoSz)); } static int test_wolfSSL_set_alpn_protos(void) { int res = TEST_SKIPPED; #if !defined(NO_WOLFSSL_CLIENT) && !defined(NO_WOLFSSL_SERVER) callback_functions client_cb; callback_functions server_cb; XMEMSET(&client_cb, 0, sizeof(callback_functions)); XMEMSET(&server_cb, 0, sizeof(callback_functions)); client_cb.method = wolfSSLv23_client_method; server_cb.method = wolfSSLv23_server_method; client_cb.devId = testDevId; server_cb.devId = testDevId; /* use CTX_alpn_protos */ client_cb.ctx_ready = CTX_set_alpn_protos; client_cb.ssl_ready = NULL; client_cb.on_result = NULL; server_cb.ctx_ready = CTX_set_alpn_protos; server_cb.ssl_ready = NULL; server_cb.on_result = verify_alpn_matching_http1; test_wolfSSL_client_server(&client_cb, &server_cb); /* use set_alpn_protos */ client_cb.ctx_ready = NULL; client_cb.ssl_ready = set_alpn_protos; client_cb.on_result = NULL; server_cb.ctx_ready = NULL; server_cb.ssl_ready = set_alpn_protos; server_cb.on_result = verify_alpn_matching_spdy3; test_wolfSSL_client_server(&client_cb, &server_cb); res = TEST_RES_CHECK(1); #endif /* !NO_WOLFSSL_CLIENT && !NO_WOLFSSL_SERVER */ return res; } #endif /* HAVE_ALPN_PROTOS_SUPPORT */ static int test_wolfSSL_DisableExtendedMasterSecret(void) { int res = TEST_SKIPPED; #if defined(HAVE_EXTENDED_MASTER) && !defined(NO_WOLFSSL_CLIENT) WOLFSSL_CTX *ctx = wolfSSL_CTX_new(wolfSSLv23_client_method()); WOLFSSL *ssl = wolfSSL_new(ctx); AssertNotNull(ctx); AssertNotNull(ssl); /* error cases */ AssertIntNE(WOLFSSL_SUCCESS, wolfSSL_CTX_DisableExtendedMasterSecret(NULL)); AssertIntNE(WOLFSSL_SUCCESS, wolfSSL_DisableExtendedMasterSecret(NULL)); /* success cases */ AssertIntEQ(WOLFSSL_SUCCESS, wolfSSL_CTX_DisableExtendedMasterSecret(ctx)); AssertIntEQ(WOLFSSL_SUCCESS, wolfSSL_DisableExtendedMasterSecret(ssl)); wolfSSL_free(ssl); wolfSSL_CTX_free(ctx); res = TEST_RES_CHECK(1); #endif return res; } static int test_wolfSSL_wolfSSL_UseSecureRenegotiation(void) { int res = TEST_SKIPPED; #if defined(HAVE_SECURE_RENEGOTIATION) && !defined(NO_WOLFSSL_CLIENT) WOLFSSL_CTX *ctx = wolfSSL_CTX_new(wolfSSLv23_client_method()); WOLFSSL *ssl = wolfSSL_new(ctx); AssertNotNull(ctx); AssertNotNull(ssl); /* error cases */ AssertIntNE(WOLFSSL_SUCCESS, wolfSSL_CTX_UseSecureRenegotiation(NULL)); AssertIntNE(WOLFSSL_SUCCESS, wolfSSL_UseSecureRenegotiation(NULL)); /* success cases */ AssertIntEQ(WOLFSSL_SUCCESS, wolfSSL_CTX_UseSecureRenegotiation(ctx)); AssertIntEQ(WOLFSSL_SUCCESS, wolfSSL_UseSecureRenegotiation(ssl)); wolfSSL_free(ssl); wolfSSL_CTX_free(ctx); res = TEST_RES_CHECK(1); #endif return res; } /* Test reconnecting with a different ciphersuite after a renegotiation. */ static int test_wolfSSL_SCR_Reconnect(void) { int res = TEST_SKIPPED; #if defined(HAVE_SECURE_RENEGOTIATION) && \ defined(BUILD_TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) && \ defined(BUILD_TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256) struct test_memio_ctx test_ctx; WOLFSSL_CTX *ctx_c = NULL, *ctx_s = NULL; WOLFSSL *ssl_c = NULL, *ssl_s = NULL; byte data; XMEMSET(&test_ctx, 0, sizeof(test_ctx)); test_ctx.c_ciphers = "ECDHE-RSA-AES256-GCM-SHA384"; test_ctx.s_ciphers = "ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-CHACHA20-POLY1305"; AssertIntEQ(test_memio_setup(&test_ctx, &ctx_c, &ctx_s, &ssl_c, &ssl_s, wolfTLSv1_2_client_method, wolfTLSv1_2_server_method), 0); AssertIntEQ(WOLFSSL_SUCCESS, wolfSSL_CTX_UseSecureRenegotiation(ctx_c)); AssertIntEQ(WOLFSSL_SUCCESS, wolfSSL_CTX_UseSecureRenegotiation(ctx_s)); AssertIntEQ(WOLFSSL_SUCCESS, wolfSSL_UseSecureRenegotiation(ssl_c)); AssertIntEQ(WOLFSSL_SUCCESS, wolfSSL_UseSecureRenegotiation(ssl_s)); AssertIntEQ(test_memio_do_handshake(ssl_c, ssl_s, 10, NULL), 0); /* WOLFSSL_FATAL_ERROR since it will block */ AssertIntEQ(wolfSSL_Rehandshake(ssl_s), WOLFSSL_FATAL_ERROR); AssertIntEQ(wolfSSL_get_error(ssl_s, WOLFSSL_FATAL_ERROR), WOLFSSL_ERROR_WANT_READ); AssertIntEQ(wolfSSL_read(ssl_c, &data, 1), WOLFSSL_FATAL_ERROR); AssertIntEQ(wolfSSL_get_error(ssl_s, WOLFSSL_FATAL_ERROR), WOLFSSL_ERROR_WANT_READ); AssertIntEQ(test_memio_do_handshake(ssl_c, ssl_s, 10, NULL), 0); wolfSSL_free(ssl_c); ssl_c = NULL; wolfSSL_free(ssl_s); ssl_s = NULL; wolfSSL_CTX_free(ctx_c); ctx_c = NULL; test_ctx.c_ciphers = "ECDHE-RSA-CHACHA20-POLY1305"; AssertIntEQ(test_memio_setup(&test_ctx, &ctx_c, &ctx_s, &ssl_c, &ssl_s, wolfTLSv1_2_client_method, wolfTLSv1_2_server_method), 0); AssertIntEQ(test_memio_do_handshake(ssl_c, ssl_s, 10, NULL), 0); wolfSSL_free(ssl_s); wolfSSL_free(ssl_c); wolfSSL_CTX_free(ctx_s); wolfSSL_CTX_free(ctx_c); res = TEST_RES_CHECK(1); #endif return res; } #if !defined(NO_FILESYSTEM) && !defined(NO_WOLFSSL_SERVER) && \ (!defined(NO_RSA) || defined(HAVE_ECC)) /* Called when writing. */ static int DummySend(WOLFSSL* ssl, char* buf, int sz, void* ctx) { (void)ssl; (void)buf; (void)sz; (void)ctx; /* Force error return from wolfSSL_accept_TLSv13(). */ return WANT_WRITE; } /* Called when reading. */ static int BufferInfoRecv(WOLFSSL* ssl, char* buf, int sz, void* ctx) { WOLFSSL_BUFFER_INFO* msg = (WOLFSSL_BUFFER_INFO*)ctx; int len = (int)msg->length; (void)ssl; (void)sz; /* Pass back as much of message as will fit in buffer. */ if (len > sz) len = sz; XMEMCPY(buf, msg->buffer, len); /* Move over returned data. */ msg->buffer += len; msg->length -= len; /* Amount actually copied. */ return len; } #endif /* Test the detection of duplicate known TLS extensions. * Specifically in a ClientHello. */ static int test_tls_ext_duplicate(void) { int res = TEST_SKIPPED; #if !defined(NO_WOLFSSL_SERVER) && (!defined(NO_RSA) || defined(HAVE_ECC)) && \ !defined(NO_FILESYSTEM) const unsigned char clientHelloDupTlsExt[] = { 0x16, 0x03, 0x03, 0x00, 0x6a, 0x01, 0x00, 0x00, 0x66, 0x03, 0x03, 0xf4, 0x65, 0xbd, 0x22, 0xfe, 0x6e, 0xab, 0x66, 0xdd, 0xcf, 0xe9, 0x65, 0x55, 0xe8, 0xdf, 0xc3, 0x8e, 0x4b, 0x00, 0xbc, 0xf8, 0x23, 0x57, 0x1b, 0xa0, 0xc8, 0xa9, 0xe2, 0x8c, 0x91, 0x6e, 0xf9, 0x20, 0xf7, 0x5c, 0xc5, 0x5b, 0x75, 0x8c, 0x47, 0x0a, 0x0e, 0xc4, 0x1a, 0xda, 0xef, 0x75, 0xe5, 0x21, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x04, 0x13, 0x01, 0x00, 0x9e, 0x01, 0x00, /* Extensions - duplicate signature algorithms. */ 0x00, 0x19, 0x00, 0x0d, 0x00, 0x04, 0x00, 0x02, 0x04, 0x01, 0x00, 0x0d, 0x00, 0x04, 0x00, 0x02, 0x04, 0x01, /* Supported Versions extension for TLS 1.3. */ 0x00, 0x2b, 0x00, 0x05, 0x04, 0x03, 0x04, 0x03, 0x03 }; WOLFSSL_BUFFER_INFO msg; const char* testCertFile; const char* testKeyFile; WOLFSSL_CTX *ctx; WOLFSSL *ssl; #ifndef NO_RSA testCertFile = svrCertFile; testKeyFile = svrKeyFile; #elif defined(HAVE_ECC) testCertFile = eccCertFile; testKeyFile = eccKeyFile; #endif ctx = wolfSSL_CTX_new(wolfSSLv23_server_method()); AssertNotNull(ctx); AssertTrue(wolfSSL_CTX_use_certificate_file(ctx, testCertFile, WOLFSSL_FILETYPE_PEM)); AssertTrue(wolfSSL_CTX_use_PrivateKey_file(ctx, testKeyFile, WOLFSSL_FILETYPE_PEM)); /* Read from 'msg'. */ wolfSSL_SetIORecv(ctx, BufferInfoRecv); /* No where to send to - dummy sender. */ wolfSSL_SetIOSend(ctx, DummySend); ssl = wolfSSL_new(ctx); AssertNotNull(ssl); msg.buffer = (unsigned char*)clientHelloDupTlsExt; msg.length = (unsigned int)sizeof(clientHelloDupTlsExt); wolfSSL_SetIOReadCtx(ssl, &msg); AssertIntNE(wolfSSL_accept(ssl), WOLFSSL_SUCCESS); AssertIntEQ(wolfSSL_get_error(ssl, 0), DUPLICATE_TLS_EXT_E); wolfSSL_free(ssl); wolfSSL_CTX_free(ctx); res = TEST_RES_CHECK(1); #endif return res; } /*----------------------------------------------------------------------------* | X509 Tests *----------------------------------------------------------------------------*/ static int test_wolfSSL_X509_NAME_get_entry(void) { int res = TEST_SKIPPED; #if !defined(NO_CERTS) && !defined(NO_RSA) #if defined(OPENSSL_ALL) || \ (defined(OPENSSL_EXTRA) && \ (defined(KEEP_PEER_CERT) || defined(SESSION_CERTS))) /* use openssl like name to test mapping */ X509_NAME_ENTRY* ne; X509_NAME* name; X509* x509; #ifndef NO_FILESYSTEM ASN1_STRING* asn; char* subCN = NULL; #endif int idx; ASN1_OBJECT *object = NULL; #if defined(WOLFSSL_APACHE_HTTPD) || defined(OPENSSL_ALL) || \ defined(WOLFSSL_NGINX) #ifndef NO_BIO BIO* bio; #endif #endif #ifndef NO_FILESYSTEM x509 = wolfSSL_X509_load_certificate_file(cliCertFile, WOLFSSL_FILETYPE_PEM); AssertNotNull(x509); name = X509_get_subject_name(x509); idx = X509_NAME_get_index_by_NID(name, NID_commonName, -1); AssertIntGE(idx, 0); ne = X509_NAME_get_entry(name, idx); AssertNotNull(ne); asn = X509_NAME_ENTRY_get_data(ne); AssertNotNull(asn); subCN = (char*)ASN1_STRING_data(asn); AssertNotNull(subCN); wolfSSL_FreeX509(x509); #endif x509 = wolfSSL_X509_load_certificate_file(cliCertFile, WOLFSSL_FILETYPE_PEM); AssertNotNull(x509); name = X509_get_subject_name(x509); idx = X509_NAME_get_index_by_NID(name, NID_commonName, -1); AssertIntGE(idx, 0); #if defined(WOLFSSL_APACHE_HTTPD) || defined(OPENSSL_ALL) || \ defined(WOLFSSL_NGINX) #ifndef NO_BIO AssertNotNull(bio = BIO_new(BIO_s_mem())); AssertIntEQ(X509_NAME_print_ex(bio, name, 4, (XN_FLAG_RFC2253 & ~XN_FLAG_DN_REV)), WOLFSSL_SUCCESS); AssertIntEQ(X509_NAME_print_ex_fp(stderr, name, 4, (XN_FLAG_RFC2253 & ~XN_FLAG_DN_REV)), WOLFSSL_SUCCESS); BIO_free(bio); #endif #endif ne = X509_NAME_get_entry(name, idx); AssertNotNull(ne); AssertNotNull(object = X509_NAME_ENTRY_get_object(ne)); wolfSSL_FreeX509(x509); res = TEST_RES_CHECK(1); #endif /* OPENSSL_ALL || (OPENSSL_EXTRA && (KEEP_PEER_CERT || SESSION_CERTS) */ #endif /* !NO_CERTS && !NO_RSA */ return res; } /* Testing functions dealing with PKCS12 parsing out X509 certs */ static int test_wolfSSL_PKCS12(void) { int res = TEST_SKIPPED; /* .p12 file is encrypted with DES3 */ #ifndef HAVE_FIPS /* Password used in cert "wolfSSL test" is only 12-bytes * (96-bit) FIPS mode requires Minimum of 14-byte (112-bit) * Password Key */ #if defined(OPENSSL_EXTRA) && !defined(NO_DES3) && !defined(NO_FILESYSTEM) && \ !defined(NO_ASN) && !defined(NO_PWDBASED) && !defined(NO_RSA) && \ !defined(NO_SHA) && defined(HAVE_PKCS12) && !defined(NO_BIO) byte buf[6000]; char file[] = "./certs/test-servercert.p12"; char order[] = "./certs/ecc-rsa-server.p12"; #ifdef WC_RC2 char rc2p12[] = "./certs/test-servercert-rc2.p12"; #endif char pass[] = "a password"; const char goodPsw[] = "wolfSSL test"; const char badPsw[] = "bad"; #ifdef HAVE_ECC WOLFSSL_X509_NAME* subject; WOLFSSL_X509 *x509; #endif XFILE f; int bytes, ret, goodPswLen, badPswLen; WOLFSSL_BIO *bio; WOLFSSL_EVP_PKEY *pkey; WC_PKCS12 *pkcs12; WC_PKCS12 *pkcs12_2; WOLFSSL_X509 *cert; WOLFSSL_X509 *tmp; WOLF_STACK_OF(WOLFSSL_X509) *ca; #if (defined(OPENSSL_ALL) || defined(WOLFSSL_ASIO) || defined(WOLFSSL_HAPROXY) \ || defined(WOLFSSL_NGINX)) && defined(SESSION_CERTS) WOLFSSL_CTX *ctx; WOLFSSL *ssl; WOLF_STACK_OF(WOLFSSL_X509) *tmp_ca = NULL; #endif f = XFOPEN(file, "rb"); AssertTrue((f != XBADFILE)); bytes = (int)XFREAD(buf, 1, sizeof(buf), f); XFCLOSE(f); goodPswLen = (int)XSTRLEN(goodPsw); badPswLen = (int)XSTRLEN(badPsw); bio = wolfSSL_BIO_new(wolfSSL_BIO_s_mem()); AssertNotNull(bio); AssertIntEQ(BIO_write(bio, buf, bytes), bytes); /* d2i consumes BIO */ d2i_PKCS12_bio(bio, &pkcs12); AssertNotNull(pkcs12); BIO_free(bio); /* check verify MAC directly */ ret = PKCS12_verify_mac(pkcs12, goodPsw, goodPswLen); AssertIntEQ(ret, 1); /* check verify MAC fail case directly */ ret = PKCS12_verify_mac(pkcs12, badPsw, badPswLen); AssertIntEQ(ret, 0); /* check verify MAC fail case */ ret = PKCS12_parse(pkcs12, "bad", &pkey, &cert, NULL); AssertIntEQ(ret, 0); AssertNull(pkey); AssertNull(cert); /* check parse with no extra certs kept */ ret = PKCS12_parse(pkcs12, "wolfSSL test", &pkey, &cert, NULL); AssertIntEQ(ret, 1); AssertNotNull(pkey); AssertNotNull(cert); wolfSSL_EVP_PKEY_free(pkey); wolfSSL_X509_free(cert); /* check parse with extra certs kept */ ret = PKCS12_parse(pkcs12, "wolfSSL test", &pkey, &cert, &ca); AssertIntEQ(ret, 1); AssertNotNull(pkey); AssertNotNull(cert); AssertNotNull(ca); #if (defined(OPENSSL_ALL) || defined(WOLFSSL_ASIO) || defined(WOLFSSL_HAPROXY) \ || defined(WOLFSSL_NGINX)) && defined(SESSION_CERTS) /* Check that SSL_CTX_set0_chain correctly sets the certChain buffer */ #if !defined(NO_WOLFSSL_CLIENT) || !defined(NO_WOLFSSL_SERVER) #if !defined(NO_WOLFSSL_CLIENT) && defined(SESSION_CERTS) AssertNotNull(ctx = wolfSSL_CTX_new(wolfSSLv23_client_method())); #else AssertNotNull(ctx = wolfSSL_CTX_new(wolfSSLv23_server_method())); #endif /* Copy stack structure */ AssertNotNull(tmp_ca = X509_chain_up_ref(ca)); AssertIntEQ(SSL_CTX_set0_chain(ctx, tmp_ca), 1); /* CTX now owns the tmp_ca stack structure */ tmp_ca = NULL; AssertIntEQ(wolfSSL_CTX_get_extra_chain_certs(ctx, &tmp_ca), 1); AssertNotNull(tmp_ca); AssertIntEQ(sk_X509_num(tmp_ca), sk_X509_num(ca)); /* Check that the main cert is also set */ AssertNotNull(SSL_CTX_get0_certificate(ctx)); AssertNotNull(ssl = SSL_new(ctx)); AssertNotNull(SSL_get_certificate(ssl)); SSL_free(ssl); SSL_CTX_free(ctx); #endif #endif /* !NO_WOLFSSL_CLIENT || !NO_WOLFSSL_SERVER */ /* should be 2 other certs on stack */ tmp = sk_X509_pop(ca); AssertNotNull(tmp); X509_free(tmp); tmp = sk_X509_pop(ca); AssertNotNull(tmp); X509_free(tmp); AssertNull(sk_X509_pop(ca)); EVP_PKEY_free(pkey); X509_free(cert); sk_X509_pop_free(ca, X509_free); /* check PKCS12_create */ AssertNull(PKCS12_create(pass, NULL, NULL, NULL, NULL, -1, -1, -1, -1,0)); AssertIntEQ(PKCS12_parse(pkcs12, "wolfSSL test", &pkey, &cert, &ca), SSL_SUCCESS); AssertNotNull((pkcs12_2 = PKCS12_create(pass, NULL, pkey, cert, ca, -1, -1, 100, -1, 0))); EVP_PKEY_free(pkey); X509_free(cert); sk_X509_pop_free(ca, NULL); AssertIntEQ(PKCS12_parse(pkcs12_2, "a password", &pkey, &cert, &ca), SSL_SUCCESS); PKCS12_free(pkcs12_2); AssertNotNull((pkcs12_2 = PKCS12_create(pass, NULL, pkey, cert, ca, NID_pbe_WithSHA1And3_Key_TripleDES_CBC, NID_pbe_WithSHA1And3_Key_TripleDES_CBC, 2000, 1, 0))); EVP_PKEY_free(pkey); X509_free(cert); sk_X509_pop_free(ca, NULL); /* convert to DER then back and parse */ AssertNotNull(bio = BIO_new(BIO_s_mem())); AssertIntEQ(i2d_PKCS12_bio(bio, pkcs12_2), SSL_SUCCESS); PKCS12_free(pkcs12_2); AssertNotNull(pkcs12_2 = d2i_PKCS12_bio(bio, NULL)); BIO_free(bio); AssertIntEQ(PKCS12_parse(pkcs12_2, "a password", &pkey, &cert, &ca), SSL_SUCCESS); /* should be 2 other certs on stack */ tmp = sk_X509_pop(ca); AssertNotNull(tmp); X509_free(tmp); tmp = sk_X509_pop(ca); AssertNotNull(tmp); X509_free(tmp); AssertNull(sk_X509_pop(ca)); #ifndef NO_RC4 PKCS12_free(pkcs12_2); AssertNotNull((pkcs12_2 = PKCS12_create(pass, NULL, pkey, cert, NULL, NID_pbe_WithSHA1And128BitRC4, NID_pbe_WithSHA1And128BitRC4, 2000, 1, 0))); EVP_PKEY_free(pkey); X509_free(cert); sk_X509_pop_free(ca, NULL); AssertIntEQ(PKCS12_parse(pkcs12_2, "a password", &pkey, &cert, &ca), SSL_SUCCESS); #endif /* NO_RC4 */ EVP_PKEY_free(pkey); X509_free(cert); PKCS12_free(pkcs12); PKCS12_free(pkcs12_2); sk_X509_pop_free(ca, NULL); #ifdef HAVE_ECC /* test order of parsing */ f = XFOPEN(order, "rb"); AssertTrue(f != XBADFILE); bytes = (int)XFREAD(buf, 1, sizeof(buf), f); XFCLOSE(f); AssertNotNull(bio = BIO_new_mem_buf((void*)buf, bytes)); AssertNotNull(pkcs12 = d2i_PKCS12_bio(bio, NULL)); AssertIntEQ((ret = PKCS12_parse(pkcs12, "", &pkey, &cert, &ca)), WOLFSSL_SUCCESS); /* check use of pkey after parse */ #if (defined(OPENSSL_ALL) || defined(WOLFSSL_ASIO) || defined(WOLFSSL_HAPROXY) \ || defined(WOLFSSL_NGINX)) && defined(SESSION_CERTS) #if !defined(NO_WOLFSSL_CLIENT) || !defined(NO_WOLFSSL_SERVER) #if !defined(NO_WOLFSSL_CLIENT) && defined(SESSION_CERTS) AssertNotNull(ctx = wolfSSL_CTX_new(wolfSSLv23_client_method())); #else AssertNotNull(ctx = wolfSSL_CTX_new(wolfSSLv23_server_method())); #endif AssertIntEQ(SSL_CTX_use_PrivateKey(ctx, pkey), WOLFSSL_SUCCESS); SSL_CTX_free(ctx); #endif /* !NO_WOLFSSL_CLIENT || !NO_WOLFSSL_SERVER */ #endif AssertNotNull(pkey); AssertNotNull(cert); AssertNotNull(ca); /* compare subject lines of certificates */ AssertNotNull(subject = wolfSSL_X509_get_subject_name(cert)); AssertNotNull(x509 = wolfSSL_X509_load_certificate_file(eccRsaCertFile, SSL_FILETYPE_PEM)); AssertIntEQ(wolfSSL_X509_NAME_cmp((const WOLFSSL_X509_NAME*)subject, (const WOLFSSL_X509_NAME*)wolfSSL_X509_get_subject_name(x509)), 0); X509_free(x509); /* test expected fail case */ AssertNotNull(x509 = wolfSSL_X509_load_certificate_file(eccCertFile, SSL_FILETYPE_PEM)); AssertIntNE(wolfSSL_X509_NAME_cmp((const WOLFSSL_X509_NAME*)subject, (const WOLFSSL_X509_NAME*)wolfSSL_X509_get_subject_name(x509)), 0); X509_free(x509); X509_free(cert); /* get subject line from ca stack */ AssertNotNull(cert = sk_X509_pop(ca)); AssertNotNull(subject = wolfSSL_X509_get_subject_name(cert)); /* compare subject from certificate in ca to expected */ AssertNotNull(x509 = wolfSSL_X509_load_certificate_file(eccCertFile, SSL_FILETYPE_PEM)); AssertIntEQ(wolfSSL_X509_NAME_cmp((const WOLFSSL_X509_NAME*)subject, (const WOLFSSL_X509_NAME*)wolfSSL_X509_get_subject_name(x509)), 0); EVP_PKEY_free(pkey); X509_free(x509); X509_free(cert); BIO_free(bio); PKCS12_free(pkcs12); sk_X509_pop_free(ca, NULL); /* TEST d2i_PKCS12_fp */ /* test order of parsing */ f = XFOPEN(file, "rb"); AssertTrue(f != XBADFILE); AssertNotNull(pkcs12 = d2i_PKCS12_fp(f, NULL)); XFCLOSE(f); /* check verify MAC fail case */ ret = PKCS12_parse(pkcs12, "bad", &pkey, &cert, NULL); AssertIntEQ(ret, 0); AssertNull(pkey); AssertNull(cert); /* check parse with no extra certs kept */ ret = PKCS12_parse(pkcs12, "wolfSSL test", &pkey, &cert, NULL); AssertIntEQ(ret, 1); AssertNotNull(pkey); AssertNotNull(cert); wolfSSL_EVP_PKEY_free(pkey); wolfSSL_X509_free(cert); /* check parse with extra certs kept */ ret = PKCS12_parse(pkcs12, "wolfSSL test", &pkey, &cert, &ca); AssertIntEQ(ret, 1); AssertNotNull(pkey); AssertNotNull(cert); AssertNotNull(ca); wolfSSL_EVP_PKEY_free(pkey); wolfSSL_X509_free(cert); sk_X509_pop_free(ca, NULL); PKCS12_free(pkcs12); #endif /* HAVE_ECC */ #ifdef WC_RC2 /* test PKCS#12 with RC2 encryption */ f = XFOPEN(rc2p12, "rb"); AssertTrue(f != XBADFILE); bytes = (int)XFREAD(buf, 1, sizeof(buf), f); XFCLOSE(f); AssertNotNull(bio = BIO_new_mem_buf((void*)buf, bytes)); AssertNotNull(pkcs12 = d2i_PKCS12_bio(bio, NULL)); /* check verify MAC fail case */ ret = PKCS12_parse(pkcs12, "bad", &pkey, &cert, NULL); AssertIntEQ(ret, 0); AssertNull(pkey); AssertNull(cert); /* check parse iwth not extra certs kept */ ret = PKCS12_parse(pkcs12, "wolfSSL test", &pkey, &cert, NULL); AssertIntEQ(ret, WOLFSSL_SUCCESS); AssertNotNull(pkey); AssertNotNull(cert); wolfSSL_EVP_PKEY_free(pkey); wolfSSL_X509_free(cert); /* check parse with extra certs kept */ ret = PKCS12_parse(pkcs12, "wolfSSL test", &pkey, &cert, &ca); AssertIntEQ(ret, WOLFSSL_SUCCESS); AssertNotNull(pkey); AssertNotNull(cert); AssertNotNull(ca); wolfSSL_EVP_PKEY_free(pkey); wolfSSL_X509_free(cert); sk_X509_pop_free(ca, NULL); BIO_free(bio); PKCS12_free(pkcs12); #endif /* WC_RC2 */ /* Test i2d_PKCS12_bio */ f = XFOPEN(file, "rb"); AssertTrue((f != XBADFILE)); AssertNotNull(pkcs12 = d2i_PKCS12_fp(f, NULL)); XFCLOSE(f); bio = BIO_new(BIO_s_mem()); AssertNotNull(bio); ret = i2d_PKCS12_bio(bio, pkcs12); AssertIntEQ(ret, 1); ret = i2d_PKCS12_bio(NULL, pkcs12); AssertIntEQ(ret, 0); ret = i2d_PKCS12_bio(bio, NULL); AssertIntEQ(ret, 0); PKCS12_free(pkcs12); BIO_free(bio); (void)order; res = TEST_RES_CHECK(1); #endif /* OPENSSL_EXTRA */ #endif /* HAVE_FIPS */ return res; } #if !defined(NO_FILESYSTEM) && !defined(NO_ASN) && defined(HAVE_PKCS8) && \ defined(WOLFSSL_ENCRYPTED_KEYS) && !defined(NO_DES3) && !defined(NO_PWDBASED) && \ (!defined(NO_RSA) || defined(HAVE_ECC)) && !defined(NO_MD5) #define TEST_PKCS8_ENC #endif #if !defined(NO_FILESYSTEM) && !defined(NO_ASN) && defined(HAVE_PKCS8) \ && defined(HAVE_ECC) && defined(WOLFSSL_ENCRYPTED_KEYS) /* used to keep track if FailTestCallback was called */ static int failTestCallbackCalled = 0; static WC_INLINE int FailTestCallBack(char* passwd, int sz, int rw, void* userdata) { (void)passwd; (void)sz; (void)rw; (void)userdata; /* mark called, test_wolfSSL_no_password_cb() will check and fail if set */ failTestCallbackCalled = 1; return -1; } #endif static int test_wolfSSL_no_password_cb(void) { int res = TEST_SKIPPED; #if !defined(NO_FILESYSTEM) && !defined(NO_ASN) && defined(HAVE_PKCS8) \ && defined(HAVE_ECC) && defined(WOLFSSL_ENCRYPTED_KEYS) WOLFSSL_CTX* ctx; byte buff[FOURK_BUF]; const char eccPkcs8PrivKeyDerFile[] = "./certs/ecc-privkeyPkcs8.der"; const char eccPkcs8PrivKeyPemFile[] = "./certs/ecc-privkeyPkcs8.pem"; XFILE f; int bytes; #ifndef NO_WOLFSSL_CLIENT AssertNotNull(ctx = wolfSSL_CTX_new(wolfTLS_client_method())); #else AssertNotNull(ctx = wolfSSL_CTX_new(wolfTLS_server_method())); #endif wolfSSL_CTX_set_default_passwd_cb(ctx, FailTestCallBack); AssertTrue((f = XFOPEN(eccPkcs8PrivKeyDerFile, "rb")) != XBADFILE); bytes = (int)XFREAD(buff, 1, sizeof(buff), f); XFCLOSE(f); AssertIntLE(bytes, sizeof(buff)); AssertIntEQ(wolfSSL_CTX_use_PrivateKey_buffer(ctx, buff, bytes, WOLFSSL_FILETYPE_ASN1), WOLFSSL_SUCCESS); AssertTrue((f = XFOPEN(eccPkcs8PrivKeyPemFile, "rb")) != XBADFILE); bytes = (int)XFREAD(buff, 1, sizeof(buff), f); XFCLOSE(f); AssertIntLE(bytes, sizeof(buff)); AssertIntEQ(wolfSSL_CTX_use_PrivateKey_buffer(ctx, buff, bytes, WOLFSSL_FILETYPE_PEM), WOLFSSL_SUCCESS); wolfSSL_CTX_free(ctx); if (failTestCallbackCalled != 0) { Fail(("Password callback should not be called by default"), ("Password callback was called without attempting " "to first decipher private key without password.")); } res = TEST_RES_CHECK(1); #endif return res; } #ifdef TEST_PKCS8_ENC /* for PKCS8 test case */ static int PKCS8TestCallBack(char* passwd, int sz, int rw, void* userdata) { int flag = 0; (void)rw; if (userdata != NULL) { flag = *((int*)userdata); /* user set data */ } switch (flag) { case 1: /* flag set for specific WOLFSSL_CTX structure, note userdata * can be anything the user wishes to be passed to the callback * associated with the WOLFSSL_CTX */ XSTRNCPY(passwd, "yassl123", sz); return 8; default: return BAD_FUNC_ARG; } } #endif /* TEST_PKCS8_ENC */ /* Testing functions dealing with PKCS8 */ static int test_wolfSSL_PKCS8(void) { int res = TEST_SKIPPED; #if !defined(NO_FILESYSTEM) && !defined(NO_ASN) && defined(HAVE_PKCS8) && \ !defined(WOLFCRYPT_ONLY) #if !defined(NO_WOLFSSL_CLIENT) || !defined(NO_WOLFSSL_SERVER) byte buff[FOURK_BUF]; byte der[FOURK_BUF]; #ifndef NO_RSA const char serverKeyPkcs8PemFile[] = "./certs/server-keyPkcs8.pem"; const char serverKeyPkcs8DerFile[] = "./certs/server-keyPkcs8.der"; #endif const char eccPkcs8PrivKeyPemFile[] = "./certs/ecc-privkeyPkcs8.pem"; #ifdef HAVE_ECC const char eccPkcs8PrivKeyDerFile[] = "./certs/ecc-privkeyPkcs8.der"; #endif XFILE f; int bytes; WOLFSSL_CTX* ctx; #if defined(HAVE_ECC) && !defined(NO_CODING) int ret; ecc_key key; word32 x = 0; #endif #ifdef TEST_PKCS8_ENC #if !defined(NO_RSA) && !defined(NO_SHA) const char serverKeyPkcs8EncPemFile[] = "./certs/server-keyPkcs8Enc.pem"; const char serverKeyPkcs8EncDerFile[] = "./certs/server-keyPkcs8Enc.der"; #endif #if defined(HAVE_ECC) && !defined(NO_SHA) const char eccPkcs8EncPrivKeyPemFile[] = "./certs/ecc-keyPkcs8Enc.pem"; const char eccPkcs8EncPrivKeyDerFile[] = "./certs/ecc-keyPkcs8Enc.der"; #endif int flag; #endif (void)der; #ifndef NO_WOLFSSL_CLIENT #ifndef WOLFSSL_NO_TLS12 AssertNotNull(ctx = wolfSSL_CTX_new(wolfTLSv1_2_client_method())); #else AssertNotNull(ctx = wolfSSL_CTX_new(wolfTLSv1_3_client_method())); #endif #else #ifndef WOLFSSL_NO_TLS12 AssertNotNull(ctx = wolfSSL_CTX_new(wolfTLSv1_2_server_method())); #else AssertNotNull(ctx = wolfSSL_CTX_new(wolfTLSv1_3_server_method())); #endif #endif #ifdef TEST_PKCS8_ENC wolfSSL_CTX_set_default_passwd_cb(ctx, PKCS8TestCallBack); wolfSSL_CTX_set_default_passwd_cb_userdata(ctx, (void*)&flag); flag = 1; /* used by password callback as return code */ #if !defined(NO_RSA) && !defined(NO_SHA) /* test loading PEM PKCS8 encrypted file */ f = XFOPEN(serverKeyPkcs8EncPemFile, "rb"); AssertTrue((f != XBADFILE)); bytes = (int)XFREAD(buff, 1, sizeof(buff), f); XFCLOSE(f); AssertIntEQ(wolfSSL_CTX_use_PrivateKey_buffer(ctx, buff, bytes, WOLFSSL_FILETYPE_PEM), WOLFSSL_SUCCESS); /* this next case should fail because of password callback return code */ flag = 0; /* used by password callback as return code */ AssertIntNE(wolfSSL_CTX_use_PrivateKey_buffer(ctx, buff, bytes, WOLFSSL_FILETYPE_PEM), WOLFSSL_SUCCESS); /* decrypt PKCS8 PEM to key in DER format with not using WOLFSSL_CTX */ AssertIntGT(wc_KeyPemToDer(buff, bytes, der, (word32)sizeof(der), "yassl123"), 0); /* test that error value is returned with a bad password */ AssertIntLT(wc_KeyPemToDer(buff, bytes, der, (word32)sizeof(der), "bad"), 0); /* test loading PEM PKCS8 encrypted file */ f = XFOPEN(serverKeyPkcs8EncDerFile, "rb"); AssertTrue((f != XBADFILE)); bytes = (int)XFREAD(buff, 1, sizeof(buff), f); XFCLOSE(f); flag = 1; /* used by password callback as return code */ AssertIntEQ(wolfSSL_CTX_use_PrivateKey_buffer(ctx, buff, bytes, WOLFSSL_FILETYPE_ASN1), WOLFSSL_SUCCESS); /* this next case should fail because of password callback return code */ flag = 0; /* used by password callback as return code */ AssertIntNE(wolfSSL_CTX_use_PrivateKey_buffer(ctx, buff, bytes, WOLFSSL_FILETYPE_ASN1), WOLFSSL_SUCCESS); #endif /* !NO_RSA && !NO_SHA */ #if defined(HAVE_ECC) && !defined(NO_SHA) /* test loading PEM PKCS8 encrypted ECC Key file */ f = XFOPEN(eccPkcs8EncPrivKeyPemFile, "rb"); AssertTrue((f != XBADFILE)); bytes = (int)XFREAD(buff, 1, sizeof(buff), f); XFCLOSE(f); flag = 1; /* used by password callback as return code */ AssertIntEQ(wolfSSL_CTX_use_PrivateKey_buffer(ctx, buff, bytes, WOLFSSL_FILETYPE_PEM), WOLFSSL_SUCCESS); /* this next case should fail because of password callback return code */ flag = 0; /* used by password callback as return code */ AssertIntNE(wolfSSL_CTX_use_PrivateKey_buffer(ctx, buff, bytes, WOLFSSL_FILETYPE_PEM), WOLFSSL_SUCCESS); /* decrypt PKCS8 PEM to key in DER format with not using WOLFSSL_CTX */ AssertIntGT(wc_KeyPemToDer(buff, bytes, der, (word32)sizeof(der), "yassl123"), 0); /* test that error value is returned with a bad password */ AssertIntLT(wc_KeyPemToDer(buff, bytes, der, (word32)sizeof(der), "bad"), 0); /* test loading DER PKCS8 encrypted ECC Key file */ f = XFOPEN(eccPkcs8EncPrivKeyDerFile, "rb"); AssertTrue((f != XBADFILE)); bytes = (int)XFREAD(buff, 1, sizeof(buff), f); XFCLOSE(f); flag = 1; /* used by password callback as return code */ AssertIntEQ(wolfSSL_CTX_use_PrivateKey_buffer(ctx, buff, bytes, WOLFSSL_FILETYPE_ASN1), WOLFSSL_SUCCESS); /* this next case should fail because of password callback return code */ flag = 0; /* used by password callback as return code */ AssertIntNE(wolfSSL_CTX_use_PrivateKey_buffer(ctx, buff, bytes, WOLFSSL_FILETYPE_ASN1), WOLFSSL_SUCCESS); /* leave flag as "okay" */ flag = 1; #endif /* HAVE_ECC && !NO_SHA */ #endif /* TEST_PKCS8_ENC */ #ifndef NO_RSA /* test loading ASN.1 (DER) PKCS8 private key file (not encrypted) */ f = XFOPEN(serverKeyPkcs8DerFile, "rb"); AssertTrue((f != XBADFILE)); bytes = (int)XFREAD(buff, 1, sizeof(buff), f); XFCLOSE(f); AssertIntEQ(wolfSSL_CTX_use_PrivateKey_buffer(ctx, buff, bytes, WOLFSSL_FILETYPE_ASN1), WOLFSSL_SUCCESS); /* test loading PEM PKCS8 private key file (not encrypted) */ f = XFOPEN(serverKeyPkcs8PemFile, "rb"); AssertTrue((f != XBADFILE)); bytes = (int)XFREAD(buff, 1, sizeof(buff), f); XFCLOSE(f); AssertIntEQ(wolfSSL_CTX_use_PrivateKey_buffer(ctx, buff, bytes, WOLFSSL_FILETYPE_PEM), WOLFSSL_SUCCESS); #endif /* !NO_RSA */ /* Test PKCS8 PEM ECC key no crypt */ f = XFOPEN(eccPkcs8PrivKeyPemFile, "rb"); AssertTrue((f != XBADFILE)); bytes = (int)XFREAD(buff, 1, sizeof(buff), f); XFCLOSE(f); #ifdef HAVE_ECC /* Test PKCS8 PEM ECC key no crypt */ AssertIntEQ(wolfSSL_CTX_use_PrivateKey_buffer(ctx, buff, bytes, WOLFSSL_FILETYPE_PEM), WOLFSSL_SUCCESS); #ifndef NO_CODING /* decrypt PKCS8 PEM to key in DER format */ AssertIntGT((bytes = wc_KeyPemToDer(buff, bytes, der, (word32)sizeof(der), NULL)), 0); ret = wc_ecc_init(&key); if (ret == 0) { ret = wc_EccPrivateKeyDecode(der, &x, &key, bytes); wc_ecc_free(&key); } AssertIntEQ(ret, 0); #endif /* Test PKCS8 DER ECC key no crypt */ f = XFOPEN(eccPkcs8PrivKeyDerFile, "rb"); AssertTrue((f != XBADFILE)); bytes = (int)XFREAD(buff, 1, sizeof(buff), f); XFCLOSE(f); /* Test using a PKCS8 ECC PEM */ AssertIntEQ(wolfSSL_CTX_use_PrivateKey_buffer(ctx, buff, bytes, WOLFSSL_FILETYPE_ASN1), WOLFSSL_SUCCESS); #else /* if HAVE_ECC is not defined then BEGIN EC PRIVATE KEY is not found */ AssertIntEQ((bytes = wc_KeyPemToDer(buff, bytes, der, (word32)sizeof(der), NULL)), ASN_NO_PEM_HEADER); #endif /* HAVE_ECC */ wolfSSL_CTX_free(ctx); res = TEST_RES_CHECK(1); #endif /* !NO_WOLFSSL_CLIENT || !NO_WOLFSSL_SERVER */ #endif /* !NO_FILESYSTEM && !NO_ASN && HAVE_PKCS8 */ return res; } static int test_wolfSSL_PKCS8_ED25519(void) { int res = TEST_SKIPPED; #if !defined(NO_ASN) && defined(HAVE_PKCS8) && defined(HAVE_AES_CBC) && \ defined(WOLFSSL_ENCRYPTED_KEYS) && defined(HAVE_ED25519) && \ defined(HAVE_ED25519_KEY_IMPORT) const byte encPrivKey[] = \ "-----BEGIN ENCRYPTED PRIVATE KEY-----\n" "MIGbMFcGCSqGSIb3DQEFDTBKMCkGCSqGSIb3DQEFDDAcBAheCGLmWGh7+AICCAAw\n" "DAYIKoZIhvcNAgkFADAdBglghkgBZQMEASoEEC4L5P6GappsTyhOOoQfvh8EQJMX\n" "OAdlsYKCOcFo4djg6AI1lRdeBRwVFWkha7gBdoCJOzS8wDvTbYcJMPvANu5ft3nl\n" "2L9W4v7swXkV+X+a1ww=\n" "-----END ENCRYPTED PRIVATE KEY-----\n"; const char password[] = "abcdefghijklmnopqrstuvwxyz"; byte der[FOURK_BUF]; WOLFSSL_CTX* ctx; int bytes; XMEMSET(der, 0, sizeof(der)); AssertIntGT((bytes = wc_KeyPemToDer(encPrivKey, sizeof(encPrivKey), der, (word32)sizeof(der), password)), 0); #if !defined(NO_WOLFSSL_CLIENT) || !defined(NO_WOLFSSL_SERVER) #ifndef NO_WOLFSSL_SERVER AssertNotNull(ctx = wolfSSL_CTX_new(wolfSSLv23_server_method())); #else AssertNotNull(ctx = wolfSSL_CTX_new(wolfSSLv23_client_method())); #endif AssertIntEQ(wolfSSL_CTX_use_PrivateKey_buffer(ctx, der, bytes, WOLFSSL_FILETYPE_ASN1), WOLFSSL_SUCCESS); wolfSSL_CTX_free(ctx); res = TEST_RES_CHECK(1); #endif /* !NO_WOLFSSL_CLIENT || !NO_WOLFSSL_SERVER */ #endif return res; } static int test_wolfSSL_PKCS8_ED448(void) { int res = TEST_SKIPPED; #if !defined(NO_ASN) && defined(HAVE_PKCS8) && defined(HAVE_AES_CBC) && \ defined(WOLFSSL_ENCRYPTED_KEYS) && defined(HAVE_ED448) && \ defined(HAVE_ED448_KEY_IMPORT) const byte encPrivKey[] = \ "-----BEGIN ENCRYPTED PRIVATE KEY-----\n" "MIGrMFcGCSqGSIb3DQEFDTBKMCkGCSqGSIb3DQEFDDAcBAjSbZKnG4EPggICCAAw\n" "DAYIKoZIhvcNAgkFADAdBglghkgBZQMEASoEEFvCFWBBHBlJBsYleBJlJWcEUNC7\n" "Tf5pZviT5Btar4D/MNg6BsQHSDf5KW4ix871EsgDY2Zz+euaoWspiMntz7gU+PQu\n" "T/JJcbD2Ly8BbE3l5WHMifAQqNLxJBfXrHkfYtAo\n" "-----END ENCRYPTED PRIVATE KEY-----\n"; const char password[] = "abcdefghijklmnopqrstuvwxyz"; byte der[FOURK_BUF]; WOLFSSL_CTX* ctx; int bytes; XMEMSET(der, 0, sizeof(der)); AssertIntGT((bytes = wc_KeyPemToDer(encPrivKey, sizeof(encPrivKey), der, (word32)sizeof(der), password)), 0); #if !defined(NO_WOLFSSL_CLIENT) || !defined(NO_WOLFSSL_SERVER) #ifndef NO_WOLFSSL_SERVER AssertNotNull(ctx = wolfSSL_CTX_new(wolfSSLv23_server_method())); #else AssertNotNull(ctx = wolfSSL_CTX_new(wolfSSLv23_client_method())); #endif AssertIntEQ(wolfSSL_CTX_use_PrivateKey_buffer(ctx, der, bytes, WOLFSSL_FILETYPE_ASN1), WOLFSSL_SUCCESS); wolfSSL_CTX_free(ctx); res = TEST_RES_CHECK(1); #endif /* !NO_WOLFSSL_CLIENT || !NO_WOLFSSL_SERVER */ #endif return res; } /* Testing functions dealing with PKCS5 */ static int test_wolfSSL_PKCS5(void) { int res = TEST_SKIPPED; #if defined(OPENSSL_EXTRA) && !defined(NO_SHA) && !defined(NO_PWDBASED) #ifdef HAVE_FIPS /* Password minimum length is 14 (112-bit) in FIPS MODE */ const char* passwd = "myfipsPa$$W0rd"; #else const char *passwd = "pass1234"; #endif const unsigned char *salt = (unsigned char *)"salt1234"; unsigned char *out = (unsigned char *)XMALLOC(WC_SHA_DIGEST_SIZE, NULL, DYNAMIC_TYPE_TMP_BUFFER); int ret = 0; AssertNotNull(out); ret = PKCS5_PBKDF2_HMAC_SHA1(passwd,(int)XSTRLEN(passwd), salt, (int)XSTRLEN((const char *) salt), 10, WC_SHA_DIGEST_SIZE,out); AssertIntEQ(ret, SSL_SUCCESS); #ifdef WOLFSSL_SHA512 ret = PKCS5_PBKDF2_HMAC(passwd,(int)XSTRLEN(passwd), salt, (int)XSTRLEN((const char *) salt), 10, wolfSSL_EVP_sha512(), WC_SHA_DIGEST_SIZE, out); AssertIntEQ(ret, SSL_SUCCESS); #endif XFREE(out, NULL, DYNAMIC_TYPE_TMP_BUFFER); res = TEST_RES_CHECK(1); #endif /* defined(OPENSSL_EXTRA) && !defined(NO_SHA) */ return res; } /* test parsing URI from certificate */ static int test_wolfSSL_URI(void) { int res = TEST_SKIPPED; #if !defined(NO_CERTS) && !defined(NO_RSA) && !defined(NO_FILESYSTEM) \ && (defined(KEEP_PEER_CERT) || defined(SESSION_CERTS) || \ defined(OPENSSL_EXTRA)) WOLFSSL_X509* x509; const char uri[] = "./certs/client-uri-cert.pem"; const char urn[] = "./certs/client-absolute-urn.pem"; const char badUri[] = "./certs/client-relative-uri.pem"; x509 = wolfSSL_X509_load_certificate_file(uri, WOLFSSL_FILETYPE_PEM); AssertNotNull(x509); wolfSSL_FreeX509(x509); x509 = wolfSSL_X509_load_certificate_file(urn, WOLFSSL_FILETYPE_PEM); AssertNotNull(x509); wolfSSL_FreeX509(x509); x509 = wolfSSL_X509_load_certificate_file(badUri, WOLFSSL_FILETYPE_PEM); #if !defined(IGNORE_NAME_CONSTRAINTS) && !defined(WOLFSSL_NO_ASN_STRICT) \ && !defined(WOLFSSL_FPKI) AssertNull(x509); #else AssertNotNull(x509); wolfSSL_FreeX509(x509); #endif res = TEST_RES_CHECK(1); #endif return res; } static int test_wolfSSL_TBS(void) { int res = TEST_SKIPPED; #if !defined(NO_CERTS) && !defined(NO_RSA) && !defined(NO_FILESYSTEM) \ && defined(OPENSSL_EXTRA) WOLFSSL_X509* x509; const unsigned char* tbs; int tbsSz; AssertNotNull(x509 = wolfSSL_X509_load_certificate_file(caCertFile, WOLFSSL_FILETYPE_PEM)); AssertNull(tbs = wolfSSL_X509_get_tbs(NULL, &tbsSz)); AssertNull(tbs = wolfSSL_X509_get_tbs(x509, NULL)); AssertNotNull(tbs = wolfSSL_X509_get_tbs(x509, &tbsSz)); AssertIntEQ(tbsSz, 1003); wolfSSL_FreeX509(x509); res = TEST_RES_CHECK(1); #endif return res; } static int test_wolfSSL_X509_verify(void) { int res = TEST_SKIPPED; #if !defined(NO_CERTS) && !defined(NO_RSA) && !defined(NO_FILESYSTEM) \ && defined(OPENSSL_EXTRA) WOLFSSL_X509* ca; WOLFSSL_X509* serv; WOLFSSL_EVP_PKEY* pkey; unsigned char buf[2048]; const unsigned char* pt = NULL; int bufSz; AssertNotNull(ca = wolfSSL_X509_load_certificate_file(caCertFile, WOLFSSL_FILETYPE_PEM)); AssertIntNE(wolfSSL_X509_get_pubkey_buffer(NULL, buf, &bufSz), WOLFSSL_SUCCESS); AssertIntEQ(wolfSSL_X509_get_pubkey_buffer(ca, NULL, &bufSz), WOLFSSL_SUCCESS); AssertIntEQ(bufSz, 294); bufSz = 2048; AssertIntEQ(wolfSSL_X509_get_pubkey_buffer(ca, buf, &bufSz), WOLFSSL_SUCCESS); AssertIntEQ(wolfSSL_X509_get_pubkey_type(NULL), WOLFSSL_FAILURE); AssertIntEQ(wolfSSL_X509_get_pubkey_type(ca), RSAk); AssertNotNull(serv = wolfSSL_X509_load_certificate_file(svrCertFile, WOLFSSL_FILETYPE_PEM)); /* success case */ pt = buf; AssertNotNull(pkey = wolfSSL_d2i_PUBKEY(NULL, &pt, bufSz)); AssertIntEQ(i2d_PUBKEY(pkey, NULL), bufSz); AssertIntEQ(wolfSSL_X509_verify(serv, pkey), WOLFSSL_SUCCESS); wolfSSL_EVP_PKEY_free(pkey); /* fail case */ bufSz = 2048; AssertIntEQ(wolfSSL_X509_get_pubkey_buffer(serv, buf, &bufSz), WOLFSSL_SUCCESS); pt = buf; AssertNotNull(pkey = wolfSSL_d2i_PUBKEY(NULL, &pt, bufSz)); AssertIntEQ(wolfSSL_X509_verify(serv, pkey), WOLFSSL_FAILURE); AssertIntEQ(wolfSSL_X509_verify(NULL, pkey), WOLFSSL_FATAL_ERROR); AssertIntEQ(wolfSSL_X509_verify(serv, NULL), WOLFSSL_FATAL_ERROR); wolfSSL_EVP_PKEY_free(pkey); wolfSSL_FreeX509(ca); wolfSSL_FreeX509(serv); res = TEST_RES_CHECK(1); #endif return res; } #if !defined(NO_FILESYSTEM) && !defined(NO_CERTS) && !defined(NO_RSA) && \ !defined(NO_WOLFSSL_CLIENT) && !defined(NO_DH) && !defined(NO_AES) && \ defined(HAVE_IO_TESTS_DEPENDENCIES) && !defined(SINGLE_THREADED) && \ defined(OPENSSL_EXTRA) && defined(WOLFSSL_CERT_GEN) && !defined(NO_BIO) \ && !defined(NO_ASN_TIME) /* create certificate with version 2 */ static void test_set_x509_badversion(WOLFSSL_CTX* ctx) { WOLFSSL_X509 *x509, *x509v2; WOLFSSL_EVP_PKEY *priv, *pub; unsigned char *der = NULL, *key = NULL, *pt; char *header, *name; int derSz; long keySz; XFILE fp; WOLFSSL_ASN1_TIME *notBefore, *notAfter; time_t t; AssertNotNull(x509 = wolfSSL_X509_load_certificate_file(cliCertFile, WOLFSSL_FILETYPE_PEM)); fp = XFOPEN(cliKeyFile, "rb"); AssertIntEQ(wolfSSL_PEM_read(fp, &name, &header, &key, &keySz), WOLFSSL_SUCCESS); XFCLOSE(fp); pt = key; AssertNotNull(priv = wolfSSL_d2i_PrivateKey(EVP_PKEY_RSA, NULL, (const unsigned char**)&pt, keySz)); /* create the version 2 certificate */ AssertNotNull(x509v2 = X509_new()); AssertIntEQ(wolfSSL_X509_set_version(x509v2, 1), WOLFSSL_SUCCESS); AssertIntEQ(wolfSSL_X509_set_subject_name(x509v2, wolfSSL_X509_get_subject_name(x509)), WOLFSSL_SUCCESS); AssertIntEQ(wolfSSL_X509_set_issuer_name(x509v2, wolfSSL_X509_get_issuer_name(x509)), WOLFSSL_SUCCESS); AssertNotNull(pub = wolfSSL_X509_get_pubkey(x509)); AssertIntEQ(X509_set_pubkey(x509v2, pub), WOLFSSL_SUCCESS); t = time(NULL); AssertNotNull(notBefore = wolfSSL_ASN1_TIME_adj(NULL, t, 0, 0)); AssertNotNull(notAfter = wolfSSL_ASN1_TIME_adj(NULL, t, 365, 0)); AssertTrue(wolfSSL_X509_set_notBefore(x509v2, notBefore)); AssertTrue(wolfSSL_X509_set_notAfter(x509v2, notAfter)); AssertIntGT(wolfSSL_X509_sign(x509v2, priv, EVP_sha256()), 0); derSz = wolfSSL_i2d_X509(x509v2, &der); AssertIntGT(derSz, 0); AssertIntEQ(wolfSSL_CTX_use_certificate_buffer(ctx, der, derSz, WOLFSSL_FILETYPE_ASN1), WOLFSSL_SUCCESS); XFREE(der, HEAP_HINT, DYNAMIC_TYPE_OPENSSL); /* TODO: Replace with API call */ XFREE(key, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); XFREE(name, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); XFREE(header, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); wolfSSL_X509_free(x509); wolfSSL_X509_free(x509v2); wolfSSL_EVP_PKEY_free(priv); wolfSSL_EVP_PKEY_free(pub); wolfSSL_ASN1_TIME_free(notBefore); wolfSSL_ASN1_TIME_free(notAfter); } /* override certificate version error */ static int test_override_x509(int preverify, WOLFSSL_X509_STORE_CTX* store) { #ifndef OPENSSL_COMPATIBLE_DEFAULTS AssertIntEQ(store->error, ASN_VERSION_E); #else AssertIntEQ(store->error, 0); #endif AssertIntEQ((int)wolfSSL_X509_get_version(store->current_cert), 1); (void)preverify; return 1; } /* set verify callback that will override bad certificate version */ static void test_set_override_x509(WOLFSSL_CTX* ctx) { wolfSSL_CTX_set_verify(ctx, WOLFSSL_VERIFY_PEER, test_override_x509); } #endif static int test_wolfSSL_X509_TLS_version(void) { int res = TEST_SKIPPED; #if !defined(NO_FILESYSTEM) && !defined(NO_CERTS) && !defined(NO_RSA) && \ !defined(NO_WOLFSSL_CLIENT) && !defined(NO_DH) && !defined(NO_AES) && \ defined(HAVE_IO_TESTS_DEPENDENCIES) && !defined(SINGLE_THREADED) && \ defined(OPENSSL_EXTRA) && defined(WOLFSSL_CERT_GEN) && !defined(NO_BIO) \ && !defined(NO_ASN_TIME) tcp_ready ready; func_args server_args; func_args client_args; THREAD_TYPE serverThread; callback_functions func_cb_client; callback_functions func_cb_server; /* test server rejects a client certificate that is not version 3 */ #ifdef WOLFSSL_TIRTOS fdOpenSession(Task_self()); #endif XMEMSET(&server_args, 0, sizeof(func_args)); XMEMSET(&client_args, 0, sizeof(func_args)); XMEMSET(&func_cb_client, 0, sizeof(callback_functions)); XMEMSET(&func_cb_server, 0, sizeof(callback_functions)); StartTCP(); InitTcpReady(&ready); #if defined(USE_WINDOWS_API) /* use RNG to get random port if using windows */ ready.port = GetRandomPort(); #endif server_args.signal = &ready; client_args.signal = &ready; server_args.return_code = TEST_FAIL; client_args.return_code = TEST_FAIL; func_cb_client.ctx_ready = &test_set_x509_badversion; #ifndef WOLFSSL_NO_TLS12 func_cb_client.method = wolfTLSv1_2_client_method; #else func_cb_client.method = wolfTLSv1_3_client_method; #endif client_args.callbacks = &func_cb_client; #ifndef WOLFSSL_NO_TLS12 func_cb_server.method = wolfTLSv1_2_server_method; #else func_cb_server.method = wolfTLSv1_3_server_method; #endif server_args.callbacks = &func_cb_server; start_thread(test_server_nofail, &server_args, &serverThread); wait_tcp_ready(&server_args); test_client_nofail(&client_args, NULL); join_thread(serverThread); #ifndef OPENSSL_COMPATIBLE_DEFAULTS AssertIntEQ(client_args.return_code, TEST_FAIL); AssertIntEQ(server_args.return_code, TEST_FAIL); #else AssertIntEQ(client_args.return_code, TEST_SUCCESS); AssertIntEQ(server_args.return_code, TEST_SUCCESS); #endif FreeTcpReady(&ready); #ifdef WOLFSSL_TIRTOS fdCloseSession(Task_self()); #endif /* Now re run but override the bad X509 version */ #ifdef WOLFSSL_TIRTOS fdOpenSession(Task_self()); #endif XMEMSET(&server_args, 0, sizeof(func_args)); XMEMSET(&client_args, 0, sizeof(func_args)); XMEMSET(&func_cb_client, 0, sizeof(callback_functions)); XMEMSET(&func_cb_server, 0, sizeof(callback_functions)); StartTCP(); InitTcpReady(&ready); #if defined(USE_WINDOWS_API) /* use RNG to get random port if using windows */ ready.port = GetRandomPort(); #endif server_args.signal = &ready; client_args.signal = &ready; server_args.return_code = TEST_FAIL; client_args.return_code = TEST_FAIL; func_cb_client.ctx_ready = &test_set_x509_badversion; func_cb_server.ctx_ready = &test_set_override_x509; #ifndef WOLFSSL_NO_TLS12 func_cb_client.method = wolfTLSv1_2_client_method; #else func_cb_client.method = wolfTLSv1_3_client_method; #endif client_args.callbacks = &func_cb_client; #ifndef WOLFSSL_NO_TLS12 func_cb_server.method = wolfTLSv1_2_server_method; #else func_cb_server.method = wolfTLSv1_3_server_method; #endif server_args.callbacks = &func_cb_server; start_thread(test_server_nofail, &server_args, &serverThread); wait_tcp_ready(&server_args); test_client_nofail(&client_args, NULL); join_thread(serverThread); AssertIntEQ(client_args.return_code, TEST_SUCCESS); AssertIntEQ(server_args.return_code, TEST_SUCCESS); FreeTcpReady(&ready); #ifdef WOLFSSL_TIRTOS fdCloseSession(Task_self()); #endif res = TEST_RES_CHECK(1); #endif return res; } /* Testing function wolfSSL_CTX_SetMinVersion; sets the minimum downgrade * version allowed. * POST: 1 on success. */ static int test_wolfSSL_CTX_SetMinVersion(void) { int res = TEST_SKIPPED; #ifndef NO_WOLFSSL_CLIENT int failFlag = WOLFSSL_SUCCESS; WOLFSSL_CTX* ctx; int itr; #ifndef NO_OLD_TLS const int versions[] = { #ifdef WOLFSSL_ALLOW_TLSV10 WOLFSSL_TLSV1, #endif WOLFSSL_TLSV1_1, WOLFSSL_TLSV1_2 }; #elif !defined(WOLFSSL_NO_TLS12) const int versions[] = { WOLFSSL_TLSV1_2 }; #elif defined(WOLFSSL_TLS13) const int versions[] = { WOLFSSL_TLSV1_3 }; #else const int versions[0]; #endif ctx = wolfSSL_CTX_new(wolfSSLv23_client_method()); for (itr = 0; itr < (int)(sizeof(versions)/sizeof(int)); itr++) { if (wolfSSL_CTX_SetMinVersion(ctx, *(versions + itr)) != WOLFSSL_SUCCESS) { failFlag = WOLFSSL_FAILURE; } } wolfSSL_CTX_free(ctx); res = TEST_RES_CHECK(failFlag == WOLFSSL_SUCCESS); #endif return res; } /* END test_wolfSSL_CTX_SetMinVersion */ /*----------------------------------------------------------------------------* | OCSP Stapling *----------------------------------------------------------------------------*/ /* Testing wolfSSL_UseOCSPStapling function. OCSP stapling eliminates the need * need to contact the CA, lowering the cost of cert revocation checking. * PRE: HAVE_OCSP and HAVE_CERTIFICATE_STATUS_REQUEST * POST: 1 returned for success. */ static int test_wolfSSL_UseOCSPStapling(void) { int res = TEST_SKIPPED; #if defined(HAVE_CERTIFICATE_STATUS_REQUEST) && defined(HAVE_OCSP) && \ !defined(NO_WOLFSSL_CLIENT) int ret; WOLFSSL_CTX* ctx; WOLFSSL* ssl; #ifndef NO_WOLFSSL_CLIENT #ifndef WOLFSSL_NO_TLS12 ctx = wolfSSL_CTX_new(wolfTLSv1_2_client_method()); #else ctx = wolfSSL_CTX_new(wolfTLSv1_3_client_method()); #endif #else #ifndef WOLFSSL_NO_TLS12 ctx = wolfSSL_CTX_new(wolfTLSv1_2_server_method()); #else ctx = wolfSSL_CTX_new(wolfTLSv1_3_server_method()); #endif #endif ssl = wolfSSL_new(ctx); ret = wolfSSL_UseOCSPStapling(ssl, WOLFSSL_CSR2_OCSP, WOLFSSL_CSR2_OCSP_USE_NONCE); wolfSSL_free(ssl); wolfSSL_CTX_free(ctx); res = TEST_RES_CHECK(ret == WOLFSSL_SUCCESS); #endif return res; } /*END test_wolfSSL_UseOCSPStapling */ /* Testing OCSP stapling version 2, wolfSSL_UseOCSPStaplingV2 function. OCSP * stapling eliminates the need to contact the CA and lowers cert revocation * check. * PRE: HAVE_CERTIFICATE_STATUS_REQUEST_V2 and HAVE_OCSP defined. */ static int test_wolfSSL_UseOCSPStaplingV2(void) { int res = TEST_SKIPPED; #if defined(HAVE_CERTIFICATE_STATUS_REQUEST_V2) && defined(HAVE_OCSP) && \ !defined(NO_WOLFSSL_CLIENT) int ret; WOLFSSL_CTX* ctx; WOLFSSL* ssl; #ifndef NO_WOLFSSL_CLIENT #ifndef WOLFSSL_NO_TLS12 ctx = wolfSSL_CTX_new(wolfTLSv1_2_client_method()); #else ctx = wolfSSL_CTX_new(wolfTLSv1_3_client_method()); #endif #else #ifndef WOLFSSL_NO_TLS12 ctx = wolfSSL_CTX_new(wolfTLSv1_2_server_method()); #else ctx = wolfSSL_CTX_new(wolfTLSv1_3_server_method()); #endif #endif ssl = wolfSSL_new(ctx); ret = wolfSSL_UseOCSPStaplingV2(ssl, WOLFSSL_CSR2_OCSP, WOLFSSL_CSR2_OCSP_USE_NONCE ); wolfSSL_free(ssl); wolfSSL_CTX_free(ctx); res = TEST_RES_CHECK(ret == WOLFSSL_SUCCESS); #endif return res; } /*END test_wolfSSL_UseOCSPStaplingV2*/ /*----------------------------------------------------------------------------* | Multicast Tests *----------------------------------------------------------------------------*/ static int test_wolfSSL_mcast(void) { int res = TEST_SKIPPED; #if defined(WOLFSSL_DTLS) && defined(WOLFSSL_MULTICAST) && \ (defined(WOLFSSL_TLS13) || defined(WOLFSSL_SNIFFER)) WOLFSSL_CTX* ctx; WOLFSSL* ssl; int result; byte preMasterSecret[512]; byte clientRandom[32]; byte serverRandom[32]; byte suite[2] = {0, 0xfe}; /* WDM_WITH_NULL_SHA256 */ byte buf[256]; word16 newId; ctx = wolfSSL_CTX_new(wolfDTLSv1_2_client_method()); AssertNotNull(ctx); result = wolfSSL_CTX_mcast_set_member_id(ctx, 0); AssertIntEQ(result, WOLFSSL_SUCCESS); ssl = wolfSSL_new(ctx); AssertNotNull(ssl); XMEMSET(preMasterSecret, 0x23, sizeof(preMasterSecret)); XMEMSET(clientRandom, 0xA5, sizeof(clientRandom)); XMEMSET(serverRandom, 0x5A, sizeof(serverRandom)); result = wolfSSL_set_secret(ssl, 23, preMasterSecret, sizeof(preMasterSecret), clientRandom, serverRandom, suite); AssertIntEQ(result, WOLFSSL_SUCCESS); result = wolfSSL_mcast_read(ssl, &newId, buf, sizeof(buf)); AssertIntLE(result, 0); AssertIntLE(newId, 100); wolfSSL_free(ssl); wolfSSL_CTX_free(ctx); res = TEST_RES_CHECK(1); #endif /* WOLFSSL_DTLS && WOLFSSL_MULTICAST && (WOLFSSL_TLS13 || * WOLFSSL_SNIFFER) */ return res; } /*----------------------------------------------------------------------------* | Wolfcrypt *----------------------------------------------------------------------------*/ /* * Unit test for the wc_InitBlake2b() */ static int test_wc_InitBlake2b(void) { int res = TEST_SKIPPED; #ifdef HAVE_BLAKE2 Blake2b blake; int ret = 0; /* Test good arg. */ ret = wc_InitBlake2b(&blake, 64); if (ret != 0) { ret = WOLFSSL_FATAL_ERROR; } /* Test bad arg. */ if (!ret) { ret = wc_InitBlake2b(NULL, 64); if (ret == 0) { ret = WOLFSSL_FATAL_ERROR; } else { ret = 0; } } if (!ret) { ret = wc_InitBlake2b(NULL, 128); if (ret == 0) { ret = WOLFSSL_FATAL_ERROR; } else { ret = 0; } } if (!ret) { ret = wc_InitBlake2b(&blake, 128); if (ret == 0) { ret = WOLFSSL_FATAL_ERROR; } else { ret = 0; } } if (!ret) { ret = wc_InitBlake2b(NULL, 0); if (ret == 0) { ret = WOLFSSL_FATAL_ERROR; } else { ret = 0; } } if (!ret) { ret = wc_InitBlake2b(&blake, 0); if (ret == 0) { ret = WOLFSSL_FATAL_ERROR; } else { ret = 0; } } res = TEST_RES_CHECK(ret == 0); #endif return res; } /*END test_wc_InitBlake2b*/ /* * Unit test for the wc_InitBlake2b_WithKey() */ static int test_wc_InitBlake2b_WithKey(void) { int res = TEST_SKIPPED; #ifdef HAVE_BLAKE2 Blake2b blake; word32 digestSz = BLAKE2B_KEYBYTES; byte key[BLAKE2B_KEYBYTES]; word32 keylen = BLAKE2B_KEYBYTES; int ret = 0; XMEMSET(key, 0, sizeof(key)); /* Test good arg. */ ret = wc_InitBlake2b_WithKey(&blake, digestSz, key, keylen); if (ret != 0) { ret = WOLFSSL_FATAL_ERROR; } /* Test bad args. */ if (ret == 0) { ret = wc_InitBlake2b_WithKey(NULL, digestSz, key, keylen); if (ret == BAD_FUNC_ARG) { ret = 0; } } if (ret == 0) { ret = wc_InitBlake2b_WithKey(&blake, digestSz, key, 256); if (ret == BAD_FUNC_ARG) { ret = 0; } } if (ret == 0) { ret = wc_InitBlake2b_WithKey(&blake, digestSz, NULL, keylen); } res = TEST_RES_CHECK(ret == 0); #endif return res; } /*END wc_InitBlake2b_WithKey*/ /* * Unit test for the wc_InitBlake2s_WithKey() */ static int test_wc_InitBlake2s_WithKey(void) { int res = TEST_SKIPPED; #ifdef HAVE_BLAKE2S Blake2s blake; word32 digestSz = BLAKE2S_KEYBYTES; byte *key = (byte*)"01234567890123456789012345678901"; word32 keylen = BLAKE2S_KEYBYTES; int ret = 0; /* Test good arg. */ ret = wc_InitBlake2s_WithKey(&blake, digestSz, key, keylen); if (ret != 0) { ret = WOLFSSL_FATAL_ERROR; } /* Test bad args. */ if (ret == 0) { ret = wc_InitBlake2s_WithKey(NULL, digestSz, key, keylen); if (ret == BAD_FUNC_ARG) { ret = 0; } } if (ret == 0) { ret = wc_InitBlake2s_WithKey(&blake, digestSz, key, 256); if (ret == BAD_FUNC_ARG) { ret = 0; } } if (ret == 0) { ret = wc_InitBlake2s_WithKey(&blake, digestSz, NULL, keylen); } res = TEST_RES_CHECK(ret == 0); #endif return res; } /*END wc_InitBlake2s_WithKey*/ /* * Unit test for the wc_InitMd5() */ static int test_wc_InitMd5(void) { int res = TEST_SKIPPED; #ifndef NO_MD5 wc_Md5 md5; int ret; int flag = 0; /* Test good arg. */ ret = wc_InitMd5(&md5); if (ret != 0) { flag = WOLFSSL_FATAL_ERROR; } /* Test bad arg. */ if (!flag) { ret = wc_InitMd5(NULL); if (ret != BAD_FUNC_ARG) { flag = WOLFSSL_FATAL_ERROR; } } wc_Md5Free(&md5); res = TEST_RES_CHECK(flag == 0); #endif return res; } /* END test_wc_InitMd5 */ /* * Testing wc_UpdateMd5() */ static int test_wc_Md5Update(void) { int res = TEST_SKIPPED; #ifndef NO_MD5 wc_Md5 md5; byte hash[WC_MD5_DIGEST_SIZE]; testVector a, b, c; int ret; int flag = 0; ret = wc_InitMd5(&md5); if (ret != 0) { flag = ret; } /* Input */ if (!flag) { a.input = "a"; a.inLen = XSTRLEN(a.input); ret = wc_Md5Update(&md5, (byte*)a.input, (word32)a.inLen); if (ret != 0) { flag = ret; } } if (!flag) { ret = wc_Md5Final(&md5, hash); if (ret != 0) { flag = ret; } } /* Update input. */ if (!flag) { a.input = "abc"; a.output = "\x90\x01\x50\x98\x3c\xd2\x4f\xb0\xd6\x96\x3f\x7d\x28\xe1\x7f" "\x72"; a.inLen = XSTRLEN(a.input); a.outLen = XSTRLEN(a.output); ret = wc_Md5Update(&md5, (byte*) a.input, (word32) a.inLen); if (ret != 0) { flag = ret; } } if (!flag) { ret = wc_Md5Final(&md5, hash); if (ret != 0) { flag = ret; } } if (!flag) { if (XMEMCMP(hash, a.output, WC_MD5_DIGEST_SIZE) != 0) { flag = WOLFSSL_FATAL_ERROR; } } /*Pass in bad values. */ if (!flag) { b.input = NULL; b.inLen = 0; ret = wc_Md5Update(&md5, (byte*)b.input, (word32)b.inLen); if (ret != 0) { flag = ret; } } if (!flag) { c.input = NULL; c.inLen = WC_MD5_DIGEST_SIZE; ret = wc_Md5Update(&md5, (byte*)c.input, (word32)c.inLen); if (ret != BAD_FUNC_ARG) { flag = WOLFSSL_FATAL_ERROR; } } if (!flag) { ret = wc_Md5Update(NULL, (byte*)a.input, (word32)a.inLen); if (ret != BAD_FUNC_ARG) { flag = WOLFSSL_FATAL_ERROR; } } wc_Md5Free(&md5); res = TEST_RES_CHECK(flag == 0); #endif return res; } /* END test_wc_Md5Update() */ /* * Unit test on wc_Md5Final() in wolfcrypt/src/md5.c */ static int test_wc_Md5Final(void) { int res = TEST_SKIPPED; #ifndef NO_MD5 /* Instantiate */ wc_Md5 md5; byte* hash_test[3]; byte hash1[WC_MD5_DIGEST_SIZE]; byte hash2[2*WC_MD5_DIGEST_SIZE]; byte hash3[5*WC_MD5_DIGEST_SIZE]; int times, i, ret; int flag = 0; /* Initialize */ ret = wc_InitMd5(&md5); if (ret != 0) { flag = ret; } if (!flag) { hash_test[0] = hash1; hash_test[1] = hash2; hash_test[2] = hash3; } times = sizeof(hash_test)/sizeof(byte*); for (i = 0; i < times; i++) { if (!flag) { ret = wc_Md5Final(&md5, hash_test[i]); if (ret != 0) { flag = WOLFSSL_FATAL_ERROR; } } } /* Test bad args. */ if (!flag) { ret = wc_Md5Final(NULL, NULL); if (ret != BAD_FUNC_ARG) { flag = WOLFSSL_FATAL_ERROR; } } if (!flag) { ret = wc_Md5Final(NULL, hash1); if (ret != BAD_FUNC_ARG) { flag = WOLFSSL_FATAL_ERROR; } } if (!flag) { ret = wc_Md5Final(&md5, NULL); if (ret != BAD_FUNC_ARG) { flag = WOLFSSL_FATAL_ERROR; } } wc_Md5Free(&md5); res = TEST_RES_CHECK(flag == 0); #endif return res; } /* * Unit test for the wc_InitSha() */ static int test_wc_InitSha(void) { int res = TEST_SKIPPED; #ifndef NO_SHA wc_Sha sha; int ret; int flag = 0; /* Test good arg. */ ret = wc_InitSha(&sha); if (ret != 0) { flag = WOLFSSL_FATAL_ERROR; } /* Test bad arg. */ if (!flag) { ret = wc_InitSha(NULL); if (ret != BAD_FUNC_ARG) { flag = WOLFSSL_FATAL_ERROR; } } wc_ShaFree(&sha); res = TEST_RES_CHECK(flag == 0); #endif return res; } /* END test_wc_InitSha */ /* * Tesing wc_ShaUpdate() */ static int test_wc_ShaUpdate(void) { int res = TEST_SKIPPED; #ifndef NO_SHA wc_Sha sha; byte hash[WC_SHA_DIGEST_SIZE]; testVector a, b, c; int flag = 0; int ret; ret = wc_InitSha(&sha); if (ret != 0) { flag = ret; } /* Input. */ if (!flag) { a.input = "a"; a.inLen = XSTRLEN(a.input); ret = wc_ShaUpdate(&sha, NULL, 0); if (ret != 0) { flag = ret; } ret = wc_ShaUpdate(&sha, (byte*)a.input, 0); if (ret != 0) { flag = ret; } ret = wc_ShaUpdate(&sha, (byte*)a.input, (word32)a.inLen); if (ret != 0) { flag = ret; } } if (!flag) { ret = wc_ShaFinal(&sha, hash); if (ret != 0) { flag = ret; } } /* Update input. */ if (!flag) { a.input = "abc"; a.output = "\xA9\x99\x3E\x36\x47\x06\x81\x6A\xBA\x3E\x25\x71\x78\x50\xC2" "\x6C\x9C\xD0\xD8\x9D"; a.inLen = XSTRLEN(a.input); a.outLen = XSTRLEN(a.output); ret = wc_ShaUpdate(&sha, (byte*)a.input, (word32)a.inLen); if (ret != 0) { flag = ret; } } if (!flag) { ret = wc_ShaFinal(&sha, hash); if (ret !=0) { flag = ret; } } if (!flag) { if (XMEMCMP(hash, a.output, WC_SHA_DIGEST_SIZE) != 0) { flag = WOLFSSL_FATAL_ERROR; } } /* Try passing in bad values. */ if (!flag) { b.input = NULL; b.inLen = 0; ret = wc_ShaUpdate(&sha, (byte*)b.input, (word32)b.inLen); if (ret != 0) { flag = ret; } } if (!flag) { c.input = NULL; c.inLen = WC_SHA_DIGEST_SIZE; ret = wc_ShaUpdate(&sha, (byte*)c.input, (word32)c.inLen); if (ret != BAD_FUNC_ARG) { flag = WOLFSSL_FATAL_ERROR; } } if (!flag) { ret = wc_ShaUpdate(NULL, (byte*)a.input, (word32)a.inLen); if (ret != BAD_FUNC_ARG) { flag = WOLFSSL_FATAL_ERROR; } } wc_ShaFree(&sha); res = TEST_RES_CHECK(flag == 0); #endif return res; } /* END test_wc_ShaUpdate() */ /* * Unit test on wc_ShaFinal */ static int test_wc_ShaFinal(void) { int res = TEST_SKIPPED; #ifndef NO_SHA wc_Sha sha; byte* hash_test[3]; byte hash1[WC_SHA_DIGEST_SIZE]; byte hash2[2*WC_SHA_DIGEST_SIZE]; byte hash3[5*WC_SHA_DIGEST_SIZE]; int times, i, ret; int flag = 0; /*Initialize*/ ret = wc_InitSha(&sha); if (ret) { flag = ret; } if (!flag) { hash_test[0] = hash1; hash_test[1] = hash2; hash_test[2] = hash3; } times = sizeof(hash_test)/sizeof(byte*); for (i = 0; i < times; i++) { if (!flag) { ret = wc_ShaFinal(&sha, hash_test[i]); if (ret != 0) { flag = WOLFSSL_FATAL_ERROR; } } } /* Test bad args. */ if (!flag) { ret = wc_ShaFinal(NULL, NULL); if (ret != BAD_FUNC_ARG) { flag = WOLFSSL_FATAL_ERROR; } } if (!flag) { ret = wc_ShaFinal(NULL, hash1); if (ret != BAD_FUNC_ARG) { flag = WOLFSSL_FATAL_ERROR; } } if (!flag) { ret = wc_ShaFinal(&sha, NULL); if (ret != BAD_FUNC_ARG) { flag = WOLFSSL_FATAL_ERROR; } } wc_ShaFree(&sha); res = TEST_RES_CHECK(flag == 0); #endif return res; } /* END test_wc_ShaFinal */ /* * Unit test for wc_InitSha256() */ static int test_wc_InitSha256(void) { int res = TEST_SKIPPED; #ifndef NO_SHA256 wc_Sha256 sha256; int ret; int flag = 0; /* Test good arg. */ ret = wc_InitSha256(&sha256); if (ret != 0) { flag = WOLFSSL_FATAL_ERROR; } /* Test bad arg. */ if (!flag) { ret = wc_InitSha256(NULL); if (ret != BAD_FUNC_ARG) { flag = WOLFSSL_FATAL_ERROR; } } wc_Sha256Free(&sha256); res = TEST_RES_CHECK(flag == 0); #endif return res; } /* END test_wc_InitSha256 */ /* * Unit test for wc_Sha256Update() */ static int test_wc_Sha256Update(void) { int res = TEST_SKIPPED; #ifndef NO_SHA256 wc_Sha256 sha256; byte hash[WC_SHA256_DIGEST_SIZE]; testVector a, b, c; int ret; int flag = 0; ret = wc_InitSha256(&sha256); if (ret != 0) { flag = ret; } /* Input. */ if (!flag) { a.input = "a"; a.inLen = XSTRLEN(a.input); ret = wc_Sha256Update(&sha256, NULL, 0); if (ret != 0) { flag = ret; } ret = wc_Sha256Update(&sha256, (byte*)a.input, 0); if (ret != 0) { flag = ret; } ret = wc_Sha256Update(&sha256, (byte*)a.input, (word32)a.inLen); if (ret != 0) { flag = ret; } } if (!flag) { ret = wc_Sha256Final(&sha256, hash); if (ret != 0) { flag = ret; } } /* Update input. */ if (!flag) { a.input = "abc"; a.output = "\xBA\x78\x16\xBF\x8F\x01\xCF\xEA\x41\x41\x40\xDE\x5D\xAE\x22" "\x23\xB0\x03\x61\xA3\x96\x17\x7A\x9C\xB4\x10\xFF\x61\xF2\x00" "\x15\xAD"; a.inLen = XSTRLEN(a.input); a.outLen = XSTRLEN(a.output); ret = wc_Sha256Update(&sha256, (byte*)a.input, (word32)a.inLen); if (ret != 0) { flag = ret; } } if (!flag) { ret = wc_Sha256Final(&sha256, hash); if (ret != 0) { flag = ret; } } if (!flag) { if (XMEMCMP(hash, a.output, WC_SHA256_DIGEST_SIZE) != 0) { flag = WOLFSSL_FATAL_ERROR; } } /* Try passing in bad values */ if (!flag) { b.input = NULL; b.inLen = 0; ret = wc_Sha256Update(&sha256, (byte*)b.input, (word32)b.inLen); if (ret != 0) { flag = ret; } } if (!flag) { c.input = NULL; c.inLen = WC_SHA256_DIGEST_SIZE; ret = wc_Sha256Update(&sha256, (byte*)c.input, (word32)c.inLen); if (ret != BAD_FUNC_ARG) { flag = WOLFSSL_FATAL_ERROR; } } if (!flag) { ret = wc_Sha256Update(NULL, (byte*)a.input, (word32)a.inLen); if (ret != BAD_FUNC_ARG) { flag = WOLFSSL_FATAL_ERROR; } } wc_Sha256Free(&sha256); res = TEST_RES_CHECK(flag == 0); #endif return res; } /* END test_wc_Sha256Update */ /* * Unit test function for wc_Sha256Final() */ static int test_wc_Sha256Final(void) { int res = TEST_SKIPPED; #ifndef NO_SHA256 wc_Sha256 sha256; byte* hash_test[3]; byte hash1[WC_SHA256_DIGEST_SIZE]; byte hash2[2*WC_SHA256_DIGEST_SIZE]; byte hash3[5*WC_SHA256_DIGEST_SIZE]; int times, i, ret; int flag = 0; /* Initialize */ ret = wc_InitSha256(&sha256); if (ret != 0) { flag = ret; } if (!flag) { hash_test[0] = hash1; hash_test[1] = hash2; hash_test[2] = hash3; } times = sizeof(hash_test) / sizeof(byte*); for (i = 0; i < times; i++) { if (!flag) { ret = wc_Sha256Final(&sha256, hash_test[i]); if (ret != 0) { flag = WOLFSSL_FATAL_ERROR; } } } /* Test bad args. */ if (!flag ) { ret = wc_Sha256Final(NULL, NULL); if (ret != BAD_FUNC_ARG) { flag = WOLFSSL_FATAL_ERROR; } } if (!flag) { ret = wc_Sha256Final(NULL, hash1); if (ret != BAD_FUNC_ARG) { flag = WOLFSSL_FATAL_ERROR; } } if (!flag) { ret = wc_Sha256Final(&sha256, NULL); if (ret != BAD_FUNC_ARG) { flag = WOLFSSL_FATAL_ERROR; } } wc_Sha256Free(&sha256); res = TEST_RES_CHECK(flag == 0); #endif return res; } /* END test_wc_Sha256Final */ /* * Unit test function for wc_Sha256FinalRaw() */ static int test_wc_Sha256FinalRaw(void) { int res = TEST_SKIPPED; #if !defined(NO_SHA256) && !defined(HAVE_SELFTEST) && !defined(WOLFSSL_DEVCRYPTO) && (!defined(HAVE_FIPS) || \ (defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION >= 3))) && \ !defined(WOLFSSL_NO_HASH_RAW) wc_Sha256 sha256; byte* hash_test[3]; byte hash1[WC_SHA256_DIGEST_SIZE]; byte hash2[2*WC_SHA256_DIGEST_SIZE]; byte hash3[5*WC_SHA256_DIGEST_SIZE]; int times, i, ret; int flag = 0; /* Initialize */ ret = wc_InitSha256(&sha256); if (ret != 0) { flag = ret; } if (!flag) { hash_test[0] = hash1; hash_test[1] = hash2; hash_test[2] = hash3; } times = sizeof(hash_test) / sizeof(byte*); for (i = 0; i < times; i++) { if (!flag) { ret = wc_Sha256FinalRaw(&sha256, hash_test[i]); if (ret != 0) { flag = WOLFSSL_FATAL_ERROR; } } } /* Test bad args. */ if (!flag) { ret = wc_Sha256FinalRaw(NULL, NULL); if (ret != BAD_FUNC_ARG) { flag = WOLFSSL_FATAL_ERROR; } } if (!flag) { ret = wc_Sha256FinalRaw(NULL, hash1); if (ret != BAD_FUNC_ARG) { flag = WOLFSSL_FATAL_ERROR; } } if (!flag) { ret = wc_Sha256FinalRaw(&sha256, NULL); if (ret != BAD_FUNC_ARG) { flag = WOLFSSL_FATAL_ERROR; } } wc_Sha256Free(&sha256); res = TEST_RES_CHECK(flag == 0); #endif return res; } /* END test_wc_Sha256FinalRaw */ /* * Unit test function for wc_Sha256GetFlags() */ static int test_wc_Sha256GetFlags(void) { int res = TEST_SKIPPED; #if !defined(NO_SHA256) && defined(WOLFSSL_HASH_FLAGS) wc_Sha256 sha256; word32 flags = 0; int flag = 0; /* Initialize */ flag = wc_InitSha256(&sha256); if (flag == 0) { flag = wc_Sha256GetFlags(&sha256, &flags); } if (flag == 0) { if (flags & WC_HASH_FLAG_ISCOPY) { flag = 0; } } wc_Sha256Free(&sha256); res = TEST_RES_CHECK(flag == 0); #endif return res; } /* END test_wc_Sha256GetFlags */ /* * Unit test function for wc_Sha256Free() */ static int test_wc_Sha256Free(void) { int res = TEST_SKIPPED; #ifndef NO_SHA256 wc_Sha256Free(NULL); res = TEST_RES_CHECK(1); #endif return res; } /* END test_wc_Sha256Free */ /* * Unit test function for wc_Sha256GetHash() */ static int test_wc_Sha256GetHash(void) { int res = TEST_SKIPPED; #ifndef NO_SHA256 wc_Sha256 sha256; byte hash1[WC_SHA256_DIGEST_SIZE]; int flag = 0; /* Initialize */ flag = wc_InitSha256(&sha256); if (flag == 0) { flag = wc_Sha256GetHash(&sha256, hash1); } /*test bad arguments*/ if (flag == 0) { flag = wc_Sha256GetHash(NULL, NULL); if (flag == BAD_FUNC_ARG) { flag = 0; } } if (flag == 0) { flag = wc_Sha256GetHash(NULL, hash1); if (flag == BAD_FUNC_ARG) { flag = 0; } } if (flag == 0) { flag = wc_Sha256GetHash(&sha256, NULL); if (flag == BAD_FUNC_ARG) { flag = 0; } } wc_Sha256Free(&sha256); res = TEST_RES_CHECK(flag == 0); #endif return res; } /* END test_wc_Sha256GetHash */ /* * Unit test function for wc_Sha256Copy() */ static int test_wc_Sha256Copy(void) { int res = TEST_SKIPPED; #ifndef NO_SHA256 wc_Sha256 sha256; wc_Sha256 temp; int flag = 0; /* Initialize */ flag = wc_InitSha256(&sha256); if (flag == 0) { flag = wc_InitSha256(&temp); } if (flag == 0) { flag = wc_Sha256Copy(&sha256, &temp); } /*test bad arguments*/ if (flag == 0) { flag = wc_Sha256Copy(NULL, NULL); if (flag == BAD_FUNC_ARG) { flag = 0; } } if (flag == 0) { flag = wc_Sha256Copy(NULL, &temp); if (flag == BAD_FUNC_ARG) { flag = 0; } } if (flag == 0) { flag = wc_Sha256Copy(&sha256, NULL); if (flag == BAD_FUNC_ARG) { flag = 0; } } wc_Sha256Free(&sha256); wc_Sha256Free(&temp); res = TEST_RES_CHECK(flag == 0); #endif return res; } /* END test_wc_Sha256Copy */ /* * Testing wc_InitSha512() */ static int test_wc_InitSha512(void) { int res = TEST_SKIPPED; #ifdef WOLFSSL_SHA512 wc_Sha512 sha512; int ret; int flag = 0; /* Test good arg. */ ret = wc_InitSha512(&sha512); if (ret != 0) { flag = WOLFSSL_FATAL_ERROR; } /* Test bad arg. */ if (!flag) { ret = wc_InitSha512(NULL); if (ret != BAD_FUNC_ARG) { flag = WOLFSSL_FATAL_ERROR; } } wc_Sha512Free(&sha512); res = TEST_RES_CHECK(flag == 0); #endif return res; } /* END test_wc_InitSha512 */ /* * wc_Sha512Update() test. */ static int test_wc_Sha512Update(void) { int res = TEST_SKIPPED; #ifdef WOLFSSL_SHA512 wc_Sha512 sha512; byte hash[WC_SHA512_DIGEST_SIZE]; testVector a, b, c; int ret; int flag = 0; ret = wc_InitSha512(&sha512); if (ret != 0) { flag = ret; } /* Input. */ if (!flag) { a.input = "a"; a.inLen = XSTRLEN(a.input); ret = wc_Sha512Update(&sha512, NULL, 0); if (ret != 0) { flag = ret; } ret = wc_Sha512Update(&sha512,(byte*)a.input, 0); if (ret != 0) { flag = ret; } ret = wc_Sha512Update(&sha512, (byte*)a.input, (word32)a.inLen); if (ret != 0) { flag = ret; } ret = wc_Sha512Final(&sha512, hash); if (ret != 0) { flag = ret; } } /* Update input. */ if (!flag) { a.input = "abc"; a.output = "\xdd\xaf\x35\xa1\x93\x61\x7a\xba\xcc\x41\x73\x49\xae\x20\x41" "\x31\x12\xe6\xfa\x4e\x89\xa9\x7e\xa2\x0a\x9e\xee\xe6\x4b" "\x55\xd3\x9a\x21\x92\x99\x2a\x27\x4f\xc1\xa8\x36\xba\x3c" "\x23\xa3\xfe\xeb\xbd\x45\x4d\x44\x23\x64\x3c\xe8\x0e\x2a" "\x9a\xc9\x4f\xa5\x4c\xa4\x9f"; a.inLen = XSTRLEN(a.input); a.outLen = XSTRLEN(a.output); ret = wc_Sha512Update(&sha512, (byte*) a.input, (word32) a.inLen); if (ret != 0) { flag = ret; } } if (!flag) { ret = wc_Sha512Final(&sha512, hash); if (ret != 0) { flag = ret; } } if (!flag) { if (XMEMCMP(hash, a.output, WC_SHA512_DIGEST_SIZE) != 0) { flag = WOLFSSL_FATAL_ERROR; } } /* Try passing in bad values */ if (!flag) { b.input = NULL; b.inLen = 0; ret = wc_Sha512Update(&sha512, (byte*)b.input, (word32)b.inLen); if (ret != 0) { flag = ret; } } if (!flag) { c.input = NULL; c.inLen = WC_SHA512_DIGEST_SIZE; ret = wc_Sha512Update(&sha512, (byte*)c.input, (word32)c.inLen); if (ret != BAD_FUNC_ARG) { flag = WOLFSSL_FATAL_ERROR; } } if (!flag) { ret = wc_Sha512Update(NULL, (byte*)a.input, (word32)a.inLen); if (ret != BAD_FUNC_ARG) { flag = WOLFSSL_FATAL_ERROR; } } wc_Sha512Free(&sha512); res = TEST_RES_CHECK(flag == 0); #endif return res; } /* END test_wc_Sha512Update */ #ifdef WOLFSSL_SHA512 #if !defined(HAVE_FIPS) && !defined(HAVE_SELFTEST) && \ (!defined(WOLFSSL_NOSHA512_224) || !defined(WOLFSSL_NOSHA512_256)) /* Perfoms test for * - wc_Sha512Final/wc_Sha512FinalRaw * - wc_Sha512_224Final/wc_Sha512_224Final * - wc_Sha512_256Final/wc_Sha512_256Final * parameter: * - type : must be one of WC_HASH_TYPE_SHA512, WC_HASH_TYPE_SHA512_224 or * WC_HASH_TYPE_SHA512_256 * - isRaw: if is non-zero, xxxFinalRaw function will be tested *return 0 on success */ static int test_Sha512_Family_Final(int type, int isRaw) { wc_Sha512 sha512; byte* hash_test[3]; byte hash1[WC_SHA512_DIGEST_SIZE]; byte hash2[2*WC_SHA512_DIGEST_SIZE]; byte hash3[5*WC_SHA512_DIGEST_SIZE]; int times, i, ret; int(*initFp)(wc_Sha512*); int(*finalFp)(wc_Sha512*, byte*); void(*freeFp)(wc_Sha512*); if (type == WC_HASH_TYPE_SHA512) { initFp = wc_InitSha512; #if !defined(HAVE_FIPS) && !defined(HAVE_SELFTEST) && \ !defined(WOLFSSL_NO_HASH_RAW) finalFp = (isRaw)? wc_Sha512FinalRaw : wc_Sha512Final; #else finalFp = (isRaw)? NULL : wc_Sha512Final; #endif freeFp = wc_Sha512Free; } #if !defined(HAVE_FIPS) && !defined(HAVE_SELFTEST) #if !defined(WOLFSSL_NOSHA512_224) else if (type == WC_HASH_TYPE_SHA512_224) { initFp = wc_InitSha512_224; #if !defined(WOLFSSL_NO_HASH_RAW) finalFp = (isRaw)? wc_Sha512_224FinalRaw : wc_Sha512_224Final; #else finalFp = (isRaw)? NULL : wc_Sha512_224Final; #endif freeFp = wc_Sha512_224Free; } #endif #if !defined(WOLFSSL_NOSHA512_256) else if (type == WC_HASH_TYPE_SHA512_256) { initFp = wc_InitSha512_256; #if !defined(WOLFSSL_NO_HASH_RAW) finalFp = (isRaw)? wc_Sha512_256FinalRaw : wc_Sha512_256Final; #else finalFp = (isRaw)? NULL : wc_Sha512_256Final; #endif freeFp = wc_Sha512_256Free; } #endif #endif /* !HAVE_FIPS && !HAVE_SELFTEST */ else return TEST_FAIL; /* Initialize */ ret = initFp(&sha512); if (!ret) { hash_test[0] = hash1; hash_test[1] = hash2; hash_test[2] = hash3; } times = sizeof(hash_test) / sizeof(byte *); /* Good test args. */ for (i = 0; i < times && ret == 0; i++) { ret = finalFp(&sha512, hash_test[i]); } /* Test bad args. */ if (!ret) { if (finalFp(NULL, NULL) != BAD_FUNC_ARG) { ret = WOLFSSL_FATAL_ERROR; } } if (!ret) { if (finalFp(NULL, hash1) != BAD_FUNC_ARG) { ret = WOLFSSL_FATAL_ERROR; } } if (!ret) { if (finalFp(&sha512, NULL) != BAD_FUNC_ARG) { ret = WOLFSSL_FATAL_ERROR; } } freeFp(&sha512); return ret; } #endif /* !HAVE_FIPS && !HAVE_SELFTEST && (!WOLFSSL_NOSHA512_224 || !WOLFSSL_NOSHA512_256) */ #endif /* WOLFSSL_SHA512 */ /* * Unit test function for wc_Sha512Final() */ static int test_wc_Sha512Final(void) { int res = TEST_SKIPPED; #ifdef WOLFSSL_SHA512 wc_Sha512 sha512; byte* hash_test[3]; byte hash1[WC_SHA512_DIGEST_SIZE]; byte hash2[2*WC_SHA512_DIGEST_SIZE]; byte hash3[5*WC_SHA512_DIGEST_SIZE]; int times, i, ret; int flag = 0; /* Initialize */ ret = wc_InitSha512(&sha512); if (ret != 0) { flag = ret; } if (!flag) { hash_test[0] = hash1; hash_test[1] = hash2; hash_test[2] = hash3; } times = sizeof(hash_test) / sizeof(byte *); for (i = 0; i < times; i++) { if (!flag) { ret = wc_Sha512Final(&sha512, hash_test[i]); if (ret != 0) { flag = WOLFSSL_FATAL_ERROR; } } } /* Test bad args. */ if (!flag) { ret = wc_Sha512Final(NULL, NULL); if (ret != BAD_FUNC_ARG) { flag = WOLFSSL_FATAL_ERROR; } } if (!flag) { ret = wc_Sha512Final(NULL, hash1); if (ret != BAD_FUNC_ARG) { flag = WOLFSSL_FATAL_ERROR; } } if (!flag) { ret = wc_Sha512Final(&sha512, NULL); if (ret != BAD_FUNC_ARG) { flag = WOLFSSL_FATAL_ERROR; } } wc_Sha512Free(&sha512); res = TEST_RES_CHECK(flag == 0); #endif return res; } /* END test_wc_Sha512Final */ /* * Unit test function for wc_Sha512GetFlags() */ static int test_wc_Sha512GetFlags(void) { int res = TEST_SKIPPED; #if defined(WOLFSSL_SHA512) && defined(WOLFSSL_HASH_FLAGS) wc_Sha512 sha512; word32 flags = 0; int flag = 0; /* Initialize */ flag = wc_InitSha512(&sha512); if (flag == 0) { flag = wc_Sha512GetFlags(&sha512, &flags); } if (flag == 0) { if (flags & WC_HASH_FLAG_ISCOPY) { flag = 0; } } wc_Sha512Free(&sha512); res = TEST_RES_CHECK(flag == 0); #endif return res; } /* END test_wc_Sha512GetFlags */ /* * Unit test function for wc_Sha512FinalRaw() */ static int test_wc_Sha512FinalRaw(void) { int res = TEST_SKIPPED; #if (defined(WOLFSSL_SHA512) && !defined(HAVE_SELFTEST) && (!defined(HAVE_FIPS) || \ (defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION >= 3)))) && \ !defined(WOLFSSL_NO_HASH_RAW) wc_Sha512 sha512; byte* hash_test[3]; byte hash1[WC_SHA512_DIGEST_SIZE]; byte hash2[2*WC_SHA512_DIGEST_SIZE]; byte hash3[5*WC_SHA512_DIGEST_SIZE]; int times, i, ret; int flag = 0; /* Initialize */ ret = wc_InitSha512(&sha512); if (ret != 0) { flag = ret; } if (!flag) { hash_test[0] = hash1; hash_test[1] = hash2; hash_test[2] = hash3; } times = sizeof(hash_test) / sizeof(byte*); /* Good test args. */ for (i = 0; i < times; i++) { if (!flag) { ret = wc_Sha512FinalRaw(&sha512, hash_test[i]); if (ret != 0) { flag = WOLFSSL_FATAL_ERROR; } } } /* Test bad args. */ if (!flag ) { ret = wc_Sha512FinalRaw(NULL, NULL); if (ret != BAD_FUNC_ARG) { flag = WOLFSSL_FATAL_ERROR; } } if (!flag) { ret = wc_Sha512FinalRaw(NULL, hash1); if (ret != BAD_FUNC_ARG) { flag = WOLFSSL_FATAL_ERROR; } } if (!flag) { ret = wc_Sha512FinalRaw(&sha512, NULL); if (ret != BAD_FUNC_ARG) { flag = WOLFSSL_FATAL_ERROR; } } wc_Sha512Free(&sha512); res = TEST_RES_CHECK(flag == 0); #endif return res; } /* END test_wc_Sha512FinalRaw */ /* * Unit test function for wc_Sha512Free() */ static int test_wc_Sha512Free(void) { int res = TEST_SKIPPED; #ifdef WOLFSSL_SHA512 wc_Sha512Free(NULL); res = TEST_RES_CHECK(1); #endif return res; } /* END test_wc_Sha512Free */ #ifdef WOLFSSL_SHA512 #if !defined(HAVE_FIPS) && !defined(HAVE_SELFTEST) && \ (!defined(WOLFSSL_NOSHA512_224) || !defined(WOLFSSL_NOSHA512_256)) static int test_Sha512_Family_GetHash(int type ) { int flag = 0; int(*initFp)(wc_Sha512*); int(*ghashFp)(wc_Sha512*, byte*); wc_Sha512 sha512; byte hash1[WC_SHA512_DIGEST_SIZE]; if (type == WC_HASH_TYPE_SHA512) { initFp = wc_InitSha512; ghashFp = wc_Sha512GetHash; } #if !defined(HAVE_FIPS) && !defined(HAVE_SELFTEST) #if !defined(WOLFSSL_NOSHA512_224) else if (type == WC_HASH_TYPE_SHA512_224) { initFp = wc_InitSha512_224; ghashFp = wc_Sha512_224GetHash; } #endif #if !defined(WOLFSSL_NOSHA512_256) else if (type == WC_HASH_TYPE_SHA512_256) { initFp = wc_InitSha512_256; ghashFp = wc_Sha512_256GetHash; } #endif #endif /* !HAVE_FIPS && !HAVE_SELFTEST */ else { initFp = NULL; ghashFp = NULL; } if (initFp == NULL || ghashFp == NULL) return TEST_FAIL; if (!flag) { flag = initFp(&sha512); } if (!flag) { flag = ghashFp(&sha512, hash1); } /*test bad arguments*/ if (!flag) { if (ghashFp(NULL, NULL) != BAD_FUNC_ARG ) flag = WOLFSSL_FATAL_ERROR; } if (!flag) { if (ghashFp(NULL, hash1) != BAD_FUNC_ARG ) flag = WOLFSSL_FATAL_ERROR; } if (!flag) { if (ghashFp(&sha512, NULL) != BAD_FUNC_ARG ) flag = WOLFSSL_FATAL_ERROR; } wc_Sha512Free(&sha512); return flag; } #endif /* !HAVE_FIPS && !HAVE_SELFTEST && (!WOLFSSL_NOSHA512_224 || !WOLFSSL_NOSHA512_256) */ #endif /* WOLFSSL_SHA512 */ /* * Unit test function for wc_Sha512GetHash() */ static int test_wc_Sha512GetHash(void) { int res = TEST_SKIPPED; #ifdef WOLFSSL_SHA512 wc_Sha512 sha512; byte hash1[WC_SHA512_DIGEST_SIZE]; int flag = 0; /* Initialize */ flag = wc_InitSha512(&sha512); if (flag == 0) { flag = wc_Sha512GetHash(&sha512, hash1); } /*test bad arguments*/ if (flag == 0) { flag = wc_Sha512GetHash(NULL, NULL); if (flag == BAD_FUNC_ARG) { flag = 0; } } if (flag == 0) { flag = wc_Sha512GetHash(NULL, hash1); if (flag == BAD_FUNC_ARG) { flag = 0; } } if (flag == 0) { flag = wc_Sha512GetHash(&sha512, NULL); if (flag == BAD_FUNC_ARG) { flag = 0; } } wc_Sha512Free(&sha512); res = TEST_RES_CHECK(flag == 0); #endif return res; } /* END test_wc_Sha512GetHash */ /* * Unit test function for wc_Sha512Copy() */ static int test_wc_Sha512Copy(void) { int res = TEST_SKIPPED; #ifdef WOLFSSL_SHA512 wc_Sha512 sha512; wc_Sha512 temp; int flag; /* Initialize */ flag = wc_InitSha512(&sha512); if (flag == 0) { flag = wc_InitSha512(&temp); } if (flag == 0) { flag = wc_Sha512Copy(&sha512, &temp); } /*test bad arguments*/ if (flag == 0) { flag = wc_Sha512Copy(NULL, NULL); if (flag == BAD_FUNC_ARG) { flag = 0; } } if (flag == 0) { flag = wc_Sha512Copy(NULL, &temp); if (flag == BAD_FUNC_ARG) { flag = 0; } } if (flag == 0) { flag = wc_Sha512Copy(&sha512, NULL); if (flag == BAD_FUNC_ARG) { flag = 0; } } wc_Sha512Free(&sha512); wc_Sha512Free(&temp); res = TEST_RES_CHECK(flag == 0); #endif return res; } /* END test_wc_Sha512Copy */ static int test_wc_InitSha512_224(void) { int res = TEST_SKIPPED; #if !defined(HAVE_FIPS) && !defined(HAVE_SELFTEST) #if defined(WOLFSSL_SHA512) && !defined(WOLFSSL_NOSHA512_224) wc_Sha512 sha512; int ret; int flag = 0; /* Test good arg. */ ret = wc_InitSha512_224(&sha512); if (ret != 0) { flag = WOLFSSL_FATAL_ERROR; } /* Test bad arg. */ if (!flag) { ret = wc_InitSha512_224(NULL); if (ret != BAD_FUNC_ARG) { flag = WOLFSSL_FATAL_ERROR; } } wc_Sha512_224Free(&sha512); res = TEST_RES_CHECK(flag == 0); #endif /* WOLFSSL_SHA512 && !WOLFSSL_NOSHA512_224 */ #endif /* !HAVE_FIPS && !HAVE_SELFTEST */ return res; } static int test_wc_Sha512_224Update(void) { int res = TEST_SKIPPED; #if !defined(HAVE_FIPS) && !defined(HAVE_SELFTEST) #if defined(WOLFSSL_SHA512) && !defined(WOLFSSL_NOSHA512_224) wc_Sha512 sha512; byte hash[WC_SHA512_DIGEST_SIZE]; testVector a, c; int ret; int flag = 0; ret = wc_InitSha512_224(&sha512); if (ret != 0) { flag = ret; } /* Input. */ if (!flag) { a.input = "a"; a.inLen = XSTRLEN(a.input); ret = wc_Sha512_224Update(&sha512, NULL, 0); if (ret != 0) { flag = ret; } ret = wc_Sha512_224Update(&sha512,(byte*)a.input, 0); if (ret != 0) { flag = ret; } ret = wc_Sha512_224Update(&sha512, (byte*)a.input, (word32)a.inLen); if (ret != 0) { flag = ret; } ret = wc_Sha512_224Final(&sha512, hash); if (ret != 0) { flag = ret; } } /* Update input. */ if (!flag) { a.input = "abc"; a.output = "\x46\x34\x27\x0f\x70\x7b\x6a\x54\xda\xae\x75\x30\x46\x08" "\x42\xe2\x0e\x37\xed\x26\x5c\xee\xe9\xa4\x3e\x89\x24\xaa"; a.inLen = XSTRLEN(a.input); a.outLen = XSTRLEN(a.output); ret = wc_Sha512_224Update(&sha512, (byte*) a.input, (word32) a.inLen); if (ret != 0) { flag = ret; } } if (!flag) { ret = wc_Sha512_224Final(&sha512, hash); if (ret != 0) { flag = ret; } } if (!flag) { if (XMEMCMP(hash, a.output, WC_SHA512_224_DIGEST_SIZE) != 0) { flag = WOLFSSL_FATAL_ERROR; } } if (!flag) { c.input = NULL; c.inLen = WC_SHA512_224_DIGEST_SIZE; ret = wc_Sha512_224Update(&sha512, (byte*)c.input, (word32)c.inLen); if (ret != BAD_FUNC_ARG) { flag = WOLFSSL_FATAL_ERROR; } } if (!flag) { ret = wc_Sha512_224Update(NULL, (byte*)a.input, (word32)a.inLen); if (ret != BAD_FUNC_ARG) { flag = WOLFSSL_FATAL_ERROR; } } wc_Sha512_224Free(&sha512); res = TEST_RES_CHECK(flag == 0); #endif /* WOLFSSL_SHA512 && !WOLFSSL_NOSHA512_224 */ #endif /* !HAVE_FIPS && !HAVE_SELFTEST */ return res; } static int test_wc_Sha512_224Final(void) { int res = TEST_SKIPPED; #if !defined(HAVE_FIPS) && !defined(HAVE_SELFTEST) #if defined(WOLFSSL_SHA512) && !defined(WOLFSSL_NOSHA512_224) int ret = test_Sha512_Family_Final(WC_HASH_TYPE_SHA512_224, 0); res = TEST_RES_CHECK(ret == 0); #endif /* WOLFSSL_SHA512 && !WOLFSSL_NOSHA512_224 */ #endif /* !HAVE_FIPS && !HAVE_SELFTEST */ return res; } static int test_wc_Sha512_224GetFlags(void) { int res = TEST_SKIPPED; #if !defined(HAVE_FIPS) && !defined(HAVE_SELFTEST) #if defined(WOLFSSL_SHA512) && !defined(WOLFSSL_NOSHA512_224) && defined(WOLFSSL_HASH_FLAGS) wc_Sha512 sha512, copy; word32 flags = 0; int flag = 0; /* Initialize */ flag = wc_InitSha512_224(&sha512); if (!flag) { flag = wc_InitSha512_224(©); } if (!flag) { flag = wc_Sha512_224Copy(&sha512, ©); } if (!flag) { flag = wc_Sha512_224GetFlags(©, &flags); } if (!flag) { if (flags & WC_HASH_FLAG_ISCOPY) flag = 0; else flag = WOLFSSL_FATAL_ERROR; } wc_Sha512_224Free(©); wc_Sha512_224Free(&sha512); res = TEST_RES_CHECK(flag == 0); #endif #endif /* !HAVE_FIPS && !HAVE_SELFTEST */ return res; } static int test_wc_Sha512_224FinalRaw(void) { int res = TEST_SKIPPED; #if !defined(HAVE_FIPS) && !defined(HAVE_SELFTEST) && \ defined(WOLFSSL_SHA512) && !defined(WOLFSSL_NOSHA512_224) && \ !defined(WOLFSSL_NO_HASH_RAW) int ret = test_Sha512_Family_Final(WC_HASH_TYPE_SHA512_224, 1); res = TEST_RES_CHECK(ret == 0); #endif return res; } static int test_wc_Sha512_224Free(void) { int res = TEST_SKIPPED; #if !defined(HAVE_FIPS) && !defined(HAVE_SELFTEST) #if defined(WOLFSSL_SHA512) && !defined(WOLFSSL_NOSHA512_224) wc_Sha512_224Free(NULL); res = TEST_RES_CHECK(1); #endif #endif /* !HAVE_FIPS && !HAVE_SELFTEST */ return res; } static int test_wc_Sha512_224GetHash(void) { int res = TEST_SKIPPED; #if !defined(HAVE_FIPS) && !defined(HAVE_SELFTEST) #if defined(WOLFSSL_SHA512) && !defined(WOLFSSL_NOSHA512_224) int ret = test_Sha512_Family_GetHash(WC_HASH_TYPE_SHA512_224); res = TEST_RES_CHECK(ret == 0); #endif #endif /* !HAVE_FIPS && !HAVE_SELFTEST */ return res; } static int test_wc_Sha512_224Copy(void) { int res = TEST_SKIPPED; #if !defined(HAVE_FIPS) && !defined(HAVE_SELFTEST) #if defined(WOLFSSL_SHA512) && !defined(WOLFSSL_NOSHA512_224) wc_Sha512 sha512; wc_Sha512 temp; int flag = 0; /* Initialize */ flag = wc_InitSha512_224(&sha512); if (flag == 0) { flag = wc_InitSha512_224(&temp); } if (flag == 0) { flag = wc_Sha512_224Copy(&sha512, &temp); } /*test bad arguments*/ if (flag == 0) { if (wc_Sha512_224Copy(NULL, NULL) != BAD_FUNC_ARG) flag = WOLFSSL_FATAL_ERROR; } if (flag == 0) { if (wc_Sha512_224Copy(NULL, &temp) != BAD_FUNC_ARG) flag = WOLFSSL_FATAL_ERROR; } if (flag == 0) { if (wc_Sha512_224Copy(&sha512, NULL) != BAD_FUNC_ARG) flag = WOLFSSL_FATAL_ERROR; } wc_Sha512_224Free(&sha512); wc_Sha512_224Free(&temp); res = TEST_RES_CHECK(flag == 0); #endif #endif /* !HAVE_FIPS && !HAVE_SELFTEST */ return res; } static int test_wc_InitSha512_256(void) { int res = TEST_SKIPPED; #if !defined(HAVE_FIPS) && !defined(HAVE_SELFTEST) #if defined(WOLFSSL_SHA512) && !defined(WOLFSSL_NOSHA512_256) wc_Sha512 sha512; int ret; int flag = 0; /* Test good arg. */ ret = wc_InitSha512_256(&sha512); if (ret != 0) { flag = WOLFSSL_FATAL_ERROR; } /* Test bad arg. */ if (!flag) { ret = wc_InitSha512_256(NULL); if (ret != BAD_FUNC_ARG) { flag = WOLFSSL_FATAL_ERROR; } } wc_Sha512_256Free(&sha512); res = TEST_RES_CHECK(flag == 0); #endif /* WOLFSSL_SHA512 && !WOLFSSL_NOSHA512_256 */ #endif /* !HAVE_FIPS && !HAVE_SELFTEST */ return res; } static int test_wc_Sha512_256Update(void) { int res = TEST_SKIPPED; #if !defined(HAVE_FIPS) && !defined(HAVE_SELFTEST) #if defined(WOLFSSL_SHA512) && !defined(WOLFSSL_NOSHA512_256) wc_Sha512 sha512; byte hash[WC_SHA512_DIGEST_SIZE]; testVector a, c; int ret; int flag = 0; ret = wc_InitSha512_256(&sha512); if (ret != 0) { flag = ret; } /* Input. */ if (!flag) { a.input = "a"; a.inLen = XSTRLEN(a.input); ret = wc_Sha512_256Update(&sha512, NULL, 0); if (ret != 0) { flag = ret; } ret = wc_Sha512_256Update(&sha512,(byte*)a.input, 0); if (ret != 0) { flag = ret; } ret = wc_Sha512_256Update(&sha512, (byte*)a.input, (word32)a.inLen); if (ret != 0) { flag = ret; } ret = wc_Sha512_256Final(&sha512, hash); if (ret != 0) { flag = ret; } } /* Update input. */ if (!flag) { a.input = "abc"; a.output = "\x53\x04\x8e\x26\x81\x94\x1e\xf9\x9b\x2e\x29\xb7\x6b\x4c" "\x7d\xab\xe4\xc2\xd0\xc6\x34\xfc\x6d\x46\xe0\xe2\xf1\x31" "\x07\xe7\xaf\x23"; a.inLen = XSTRLEN(a.input); a.outLen = XSTRLEN(a.output); ret = wc_Sha512_256Update(&sha512, (byte*) a.input, (word32) a.inLen); if (ret != 0) { flag = ret; } } if (!flag) { ret = wc_Sha512_256Final(&sha512, hash); if (ret != 0) { flag = ret; } } if (!flag) { if (XMEMCMP(hash, a.output, WC_SHA512_256_DIGEST_SIZE) != 0) { flag = WOLFSSL_FATAL_ERROR; } } if (!flag) { c.input = NULL; c.inLen = WC_SHA512_256_DIGEST_SIZE; ret = wc_Sha512_256Update(&sha512, (byte*)c.input, (word32)c.inLen); if (ret != BAD_FUNC_ARG) { flag = WOLFSSL_FATAL_ERROR; } } if (!flag) { ret = wc_Sha512_256Update(NULL, (byte*)a.input, (word32)a.inLen); if (ret != BAD_FUNC_ARG) { flag = WOLFSSL_FATAL_ERROR; } } wc_Sha512_256Free(&sha512); res = TEST_RES_CHECK(flag == 0); #endif /* WOLFSSL_SHA512 && !WOLFSSL_NOSHA512_256 */ #endif /* !HAVE_FIPS && !HAVE_SELFTEST */ return res; } static int test_wc_Sha512_256Final(void) { int res = TEST_SKIPPED; #if !defined(HAVE_FIPS) && !defined(HAVE_SELFTEST) #if defined(WOLFSSL_SHA512) && !defined(WOLFSSL_NOSHA512_256) int ret = test_Sha512_Family_Final(WC_HASH_TYPE_SHA512_256, 0); res = TEST_RES_CHECK(ret == 0); #endif /* WOLFSSL_SHA512 && !WOLFSSL_NOSHA512_256 */ #endif /* !HAVE_FIPS && !HAVE_SELFTEST */ return res; } static int test_wc_Sha512_256GetFlags(void) { int res = TEST_SKIPPED; #if !defined(HAVE_FIPS) && !defined(HAVE_SELFTEST) #if defined(WOLFSSL_SHA512) && !defined(WOLFSSL_NOSHA512_256) && defined(WOLFSSL_HASH_FLAGS) wc_Sha512 sha512, copy; word32 flags = 0; int flag = 0; /* Initialize */ flag = wc_InitSha512_256(&sha512); if (!flag ) { flag = wc_InitSha512_256(©); } if (!flag ) { flag = wc_Sha512_256Copy(&sha512, ©); } if (!flag ) { flag = wc_Sha512_256GetFlags(©, &flags); } if (!flag) { if (flags & WC_HASH_FLAG_ISCOPY) flag = 0; else flag = WOLFSSL_FATAL_ERROR; } wc_Sha512_256Free(&sha512); res = TEST_RES_CHECK(flag == 0); #endif #endif /* !HAVE_FIPS && !HAVE_SELFTEST */ return res; } static int test_wc_Sha512_256FinalRaw(void) { int res = TEST_SKIPPED; #if !defined(HAVE_FIPS) && !defined(HAVE_SELFTEST) && \ defined(WOLFSSL_SHA512) && !defined(WOLFSSL_NOSHA512_256) && \ !defined(WOLFSSL_NO_HASH_RAW) int ret = test_Sha512_Family_Final(WC_HASH_TYPE_SHA512_256, 1); res = TEST_RES_CHECK(ret == 0); #endif return res; } static int test_wc_Sha512_256Free(void) { int res = TEST_SKIPPED; #if !defined(HAVE_FIPS) && !defined(HAVE_SELFTEST) #if defined(WOLFSSL_SHA512) && !defined(WOLFSSL_NOSHA512_256) wc_Sha512_256Free(NULL); res = TEST_RES_CHECK(1); #endif #endif /* !HAVE_FIPS && !HAVE_SELFTEST */ return res; } static int test_wc_Sha512_256GetHash(void) { int res = TEST_SKIPPED; #if !defined(HAVE_FIPS) && !defined(HAVE_SELFTEST) #if defined(WOLFSSL_SHA512) && !defined(WOLFSSL_NOSHA512_256) int ret = test_Sha512_Family_GetHash(WC_HASH_TYPE_SHA512_256); res = TEST_RES_CHECK(ret == 0); #endif #endif /* !HAVE_FIPS && !HAVE_SELFTEST */ return res; } static int test_wc_Sha512_256Copy(void) { int res = TEST_SKIPPED; #if !defined(HAVE_FIPS) && !defined(HAVE_SELFTEST) #if defined(WOLFSSL_SHA512) && !defined(WOLFSSL_NOSHA512_256) wc_Sha512 sha512; wc_Sha512 temp; int flag = 0; /* Initialize */ flag = wc_InitSha512_256(&sha512); if (flag == 0) { flag = wc_InitSha512_256(&temp); } if (flag == 0) { flag = wc_Sha512_256Copy(&sha512, &temp); } /*test bad arguments*/ if (flag == 0) { if (wc_Sha512_256Copy(NULL, NULL) != BAD_FUNC_ARG) flag = WOLFSSL_FATAL_ERROR; } if (flag == 0) { if (wc_Sha512_256Copy(NULL, &temp) != BAD_FUNC_ARG) flag = WOLFSSL_FATAL_ERROR; } if (flag == 0) { if (wc_Sha512_256Copy(&sha512, NULL) != BAD_FUNC_ARG) flag = WOLFSSL_FATAL_ERROR; } wc_Sha512_256Free(&sha512); wc_Sha512_256Free(&temp); res = TEST_RES_CHECK(flag == 0); #endif #endif /* !HAVE_FIPS && !HAVE_SELFTEST */ return res; } /* * Testing wc_InitSha384() */ static int test_wc_InitSha384(void) { int res = TEST_SKIPPED; #ifdef WOLFSSL_SHA384 wc_Sha384 sha384; int ret; int flag = 0; /* Test good arg. */ ret = wc_InitSha384(&sha384); if (ret != 0) { flag = WOLFSSL_FATAL_ERROR; } /* Test bad arg. */ if (!flag) { ret = wc_InitSha384(NULL); if (ret != BAD_FUNC_ARG) { flag = WOLFSSL_FATAL_ERROR; } } wc_Sha384Free(&sha384); res = TEST_RES_CHECK(flag == 0); #endif return res; } /* END test_wc_InitSha384 */ /* * test wc_Sha384Update() */ static int test_wc_Sha384Update(void) { int res = TEST_SKIPPED; #ifdef WOLFSSL_SHA384 wc_Sha384 sha384; byte hash[WC_SHA384_DIGEST_SIZE]; testVector a, b, c; int ret; int flag = 0; ret = wc_InitSha384(&sha384); if (ret != 0) { flag = ret; } /* Input */ if (!flag) { a.input = "a"; a.inLen = XSTRLEN(a.input); ret = wc_Sha384Update(&sha384, NULL, 0); if (ret != 0) { flag = ret; } ret = wc_Sha384Update(&sha384, (byte*)a.input, 0); if (ret != 0) { flag = ret; } ret = wc_Sha384Update(&sha384, (byte*)a.input, (word32)a.inLen); if (ret != 0) { flag = ret; } } if (!flag) { ret = wc_Sha384Final(&sha384, hash); if (ret != 0) { flag = ret; } } /* Update input. */ if (!flag) { a.input = "abc"; a.output = "\xcb\x00\x75\x3f\x45\xa3\x5e\x8b\xb5\xa0\x3d\x69\x9a\xc6\x50" "\x07\x27\x2c\x32\xab\x0e\xde\xd1\x63\x1a\x8b\x60\x5a\x43\xff" "\x5b\xed\x80\x86\x07\x2b\xa1\xe7\xcc\x23\x58\xba\xec\xa1\x34" "\xc8\x25\xa7"; a.inLen = XSTRLEN(a.input); a.outLen = XSTRLEN(a.output); ret = wc_Sha384Update(&sha384, (byte*)a.input, (word32)a.inLen); if (ret != 0) { flag = ret; } } if (!flag) { ret = wc_Sha384Final(&sha384, hash); if (ret != 0) { flag = ret; } } if (!flag) { if (XMEMCMP(hash, a.output, WC_SHA384_DIGEST_SIZE) != 0) { flag = WOLFSSL_FATAL_ERROR; } } /* Pass in bad values. */ if (!flag) { b.input = NULL; b.inLen = 0; ret = wc_Sha384Update(&sha384, (byte*)b.input, (word32)b.inLen); if (ret != 0) { flag = ret; } } if (!flag) { c.input = NULL; c.inLen = WC_SHA384_DIGEST_SIZE; ret = wc_Sha384Update(&sha384, (byte*)c.input, (word32)c.inLen); if (ret != BAD_FUNC_ARG) { flag = WOLFSSL_FATAL_ERROR; } } if (!flag) { ret = wc_Sha384Update(NULL, (byte*)a.input, (word32)a.inLen); if (ret != BAD_FUNC_ARG) { flag = WOLFSSL_FATAL_ERROR; } } wc_Sha384Free(&sha384); res = TEST_RES_CHECK(flag == 0); #endif return res; } /* END test_wc_Sha384Update */ /* * Unit test function for wc_Sha384Final(); */ static int test_wc_Sha384Final(void) { int res = TEST_SKIPPED; #ifdef WOLFSSL_SHA384 wc_Sha384 sha384; byte* hash_test[3]; byte hash1[WC_SHA384_DIGEST_SIZE]; byte hash2[2*WC_SHA384_DIGEST_SIZE]; byte hash3[5*WC_SHA384_DIGEST_SIZE]; int times, i, ret; int flag = 0; /* Initialize */ ret = wc_InitSha384(&sha384); if (ret) { flag = ret; } if (!flag) { hash_test[0] = hash1; hash_test[1] = hash2; hash_test[2] = hash3; } times = sizeof(hash_test) / sizeof(byte*); /* Good test args. */ for (i = 0; i < times; i++) { if (!flag) { ret = wc_Sha384Final(&sha384, hash_test[i]); if (ret != 0) { flag = WOLFSSL_FATAL_ERROR; } } } /* Test bad args. */ if (!flag) { ret = wc_Sha384Final(NULL, NULL); if (ret != BAD_FUNC_ARG) { flag = WOLFSSL_FATAL_ERROR; } } if (!flag) { ret = wc_Sha384Final(NULL, hash1); if (ret != BAD_FUNC_ARG) { flag = WOLFSSL_FATAL_ERROR; } } if (!flag) { ret = wc_Sha384Final(&sha384, NULL); if (ret != BAD_FUNC_ARG) { flag = WOLFSSL_FATAL_ERROR; } } wc_Sha384Free(&sha384); res = TEST_RES_CHECK(flag == 0); #endif return res; } /* END test_wc_Sha384Final */ /* * Unit test function for wc_Sha384GetFlags() */ static int test_wc_Sha384GetFlags(void) { int res = TEST_SKIPPED; #if defined(WOLFSSL_SHA384) && defined(WOLFSSL_HASH_FLAGS) wc_Sha384 sha384; word32 flags = 0; int flag = 0; /* Initialize */ flag = wc_InitSha384(&sha384); if (flag == 0) { flag = wc_Sha384GetFlags(&sha384, &flags); } if (flag == 0) { if (flags & WC_HASH_FLAG_ISCOPY) { flag = 0; } } wc_Sha384Free(&sha384); res = TEST_RES_CHECK(flag == 0); #endif return res; } /* END test_wc_Sha384GetFlags */ /* * Unit test function for wc_Sha384FinalRaw() */ static int test_wc_Sha384FinalRaw(void) { int res = TEST_SKIPPED; #if (defined(WOLFSSL_SHA384) && !defined(HAVE_SELFTEST) && (!defined(HAVE_FIPS) || \ (defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION >= 3)))) && \ !defined(WOLFSSL_NO_HASH_RAW) wc_Sha384 sha384; byte* hash_test[3]; byte hash1[WC_SHA384_DIGEST_SIZE]; byte hash2[2*WC_SHA384_DIGEST_SIZE]; byte hash3[5*WC_SHA384_DIGEST_SIZE]; int times, i, ret; int flag = 0; /* Initialize */ ret = wc_InitSha384(&sha384); if (ret != 0) { flag = ret; } if (!flag) { hash_test[0] = hash1; hash_test[1] = hash2; hash_test[2] = hash3; } times = sizeof(hash_test) / sizeof(byte*); /* Good test args. */ for (i = 0; i < times; i++) { if (!flag) { ret = wc_Sha384FinalRaw(&sha384, hash_test[i]); if (ret != 0) { flag = WOLFSSL_FATAL_ERROR; } } } /* Test bad args. */ if (!flag ) { ret = wc_Sha384FinalRaw(NULL, NULL); if (ret != BAD_FUNC_ARG) { flag = WOLFSSL_FATAL_ERROR; } } if (!flag) { ret = wc_Sha384FinalRaw(NULL, hash1); if (ret != BAD_FUNC_ARG) { flag = WOLFSSL_FATAL_ERROR; } } if (!flag) { ret = wc_Sha384FinalRaw(&sha384, NULL); if (ret != BAD_FUNC_ARG) { flag = WOLFSSL_FATAL_ERROR; } } wc_Sha384Free(&sha384); res = TEST_RES_CHECK(flag == 0); #endif return res; } /* END test_wc_Sha384FinalRaw */ /* * Unit test function for wc_Sha384Free() */ static int test_wc_Sha384Free(void) { int res = TEST_SKIPPED; #ifdef WOLFSSL_SHA384 wc_Sha384Free(NULL); res = TEST_RES_CHECK(1); #endif return res; } /* END test_wc_Sha384Free */ /* * Unit test function for wc_Sha384GetHash() */ static int test_wc_Sha384GetHash(void) { int res = TEST_SKIPPED; #ifdef WOLFSSL_SHA384 wc_Sha384 sha384; byte hash1[WC_SHA384_DIGEST_SIZE]; int flag = 0; /* Initialize */ flag = wc_InitSha384(&sha384); if (flag == 0) { flag = wc_Sha384GetHash(&sha384, hash1); } /*test bad arguments*/ if (flag == 0) { flag = wc_Sha384GetHash(NULL, NULL); if (flag == BAD_FUNC_ARG) { flag = 0; } } if (flag == 0) { flag = wc_Sha384GetHash(NULL, hash1); if (flag == BAD_FUNC_ARG) { flag = 0; } } if (flag == 0) { flag = wc_Sha384GetHash(&sha384, NULL); if (flag == BAD_FUNC_ARG) { flag = 0; } } wc_Sha384Free(&sha384); res = TEST_RES_CHECK(flag == 0); #endif return res; } /* END test_wc_Sha384GetHash */ /* * Unit test function for wc_Sha384Copy() */ static int test_wc_Sha384Copy(void) { int res = TEST_SKIPPED; #ifdef WOLFSSL_SHA384 wc_Sha384 sha384; wc_Sha384 temp; int flag = 0; /* Initialize */ flag = wc_InitSha384(&sha384); if (flag == 0) { flag = wc_InitSha384(&temp); } if (flag == 0) { flag = wc_Sha384Copy(&sha384, &temp); } /*test bad arguments*/ if (flag == 0) { flag = wc_Sha384Copy(NULL, NULL); if (flag == BAD_FUNC_ARG) { flag = 0; } } if (flag == 0) { flag = wc_Sha384Copy(NULL, &temp); if (flag == BAD_FUNC_ARG) { flag = 0; } } if (flag == 0) { flag = wc_Sha384Copy(&sha384, NULL); if (flag == BAD_FUNC_ARG) { flag = 0; } } wc_Sha384Free(&sha384); wc_Sha384Free(&temp); res = TEST_RES_CHECK(flag == 0); #endif return res; } /* END test_wc_Sha384Copy */ /* * Testing wc_InitSha224(); */ static int test_wc_InitSha224(void) { int res = TEST_SKIPPED; #ifdef WOLFSSL_SHA224 wc_Sha224 sha224; int ret; int flag = 0; /* Test good arg. */ ret = wc_InitSha224(&sha224); if (ret != 0) { flag = WOLFSSL_FATAL_ERROR; } /* Test bad arg. */ if (!flag) { ret = wc_InitSha224(NULL); if (ret != BAD_FUNC_ARG) { flag = WOLFSSL_FATAL_ERROR; } } wc_Sha224Free(&sha224); res = TEST_RES_CHECK(flag == 0); #endif return res; } /* END test_wc_InitSha224 */ /* * Unit test on wc_Sha224Update */ static int test_wc_Sha224Update(void) { int res = TEST_SKIPPED; #ifdef WOLFSSL_SHA224 wc_Sha224 sha224; byte hash[WC_SHA224_DIGEST_SIZE]; testVector a, b, c; int ret; int flag = 0; ret = wc_InitSha224(&sha224); if (ret != 0) { flag = ret; } /* Input. */ if (!flag) { a.input = "a"; a.inLen = XSTRLEN(a.input); ret = wc_Sha224Update(&sha224, NULL, 0); if (ret != 0) { flag = ret; } ret = wc_Sha224Update(&sha224, (byte*)a.input, 0); if (ret != 0) { flag = ret; } ret = wc_Sha224Update(&sha224, (byte*)a.input, (word32)a.inLen); if (ret != 0) { flag = ret; } } if (!flag) { ret = wc_Sha224Final(&sha224, hash); if (ret != 0) { flag = ret; } } /* Update input. */ if (!flag) { a.input = "abc"; a.output = "\x23\x09\x7d\x22\x34\x05\xd8\x22\x86\x42\xa4\x77\xbd\xa2" "\x55\xb3\x2a\xad\xbc\xe4\xbd\xa0\xb3\xf7\xe3\x6c\x9d\xa7"; a.inLen = XSTRLEN(a.input); a.outLen = XSTRLEN(a.output); ret = wc_Sha224Update(&sha224, (byte*)a.input, (word32)a.inLen); if (ret != 0) { flag = ret; } } if (!flag) { ret = wc_Sha224Final(&sha224, hash); if (ret != 0) { flag = ret; } } if (!flag) { if (XMEMCMP(hash, a.output, WC_SHA224_DIGEST_SIZE) != 0) { flag = WOLFSSL_FATAL_ERROR; } } /* Pass in bad values. */ if (!flag) { b.input = NULL; b.inLen = 0; ret = wc_Sha224Update(&sha224, (byte*)b.input, (word32)b.inLen); if (ret != 0) { flag = ret; } } if (!flag) { c.input = NULL; c.inLen = WC_SHA224_DIGEST_SIZE; ret = wc_Sha224Update(&sha224, (byte*)c.input, (word32)c.inLen); if (ret != BAD_FUNC_ARG) { flag = WOLFSSL_FATAL_ERROR; } } if (!flag) { ret = wc_Sha224Update(NULL, (byte*)a.input, (word32)a.inLen); if (ret != BAD_FUNC_ARG) { flag = WOLFSSL_FATAL_ERROR; } } wc_Sha224Free(&sha224); res = TEST_RES_CHECK(flag == 0); #endif return res; } /* END test_wc_Sha224Update */ /* * Unit test for wc_Sha224Final(); */ static int test_wc_Sha224Final(void) { int res = TEST_SKIPPED; #ifdef WOLFSSL_SHA224 wc_Sha224 sha224; byte* hash_test[3]; byte hash1[WC_SHA224_DIGEST_SIZE]; byte hash2[2*WC_SHA224_DIGEST_SIZE]; byte hash3[5*WC_SHA224_DIGEST_SIZE]; int times, i, ret; int flag = 0; /* Initialize */ ret = wc_InitSha224(&sha224); if (ret) { flag = ret; } if (!flag) { hash_test[0] = hash1; hash_test[1] = hash2; hash_test[2] = hash3; } times = sizeof(hash_test) / sizeof(byte*); /* Good test args. */ /* Testing oversized buffers. */ for (i = 0; i < times; i++) { if (!flag) { ret = wc_Sha224Final(&sha224, hash_test[i]); if (ret != 0) { flag = WOLFSSL_FATAL_ERROR; } } } /* Test bad args. */ if (!flag) { ret = wc_Sha224Final(NULL, NULL); if (ret != BAD_FUNC_ARG) { flag = WOLFSSL_FATAL_ERROR; } } if (!flag) { ret = wc_Sha224Final(NULL, hash1); if (ret != BAD_FUNC_ARG) { flag = WOLFSSL_FATAL_ERROR; } } if (!flag) { ret = wc_Sha224Final(&sha224, NULL); if (ret != BAD_FUNC_ARG) { flag = WOLFSSL_FATAL_ERROR; } } wc_Sha224Free(&sha224); res = TEST_RES_CHECK(flag == 0); #endif return res; } /* END test_wc_Sha224Final */ /* * Unit test function for wc_Sha224SetFlags() */ static int test_wc_Sha224SetFlags(void) { int res = TEST_SKIPPED; #if defined(WOLFSSL_SHA224) && defined(WOLFSSL_HASH_FLAGS) wc_Sha224 sha224; word32 flags = 0; int flag = 0; /* Initialize */ flag = wc_InitSha224(&sha224); if (flag == 0) { flag = wc_Sha224SetFlags(&sha224, flags); } if (flag == 0) { if (flags & WC_HASH_FLAG_ISCOPY) { flag = 0; } } wc_Sha224Free(&sha224); res = TEST_RES_CHECK(flag == 0); #endif return res; } /* END test_wc_Sha224SetFlags */ /* * Unit test function for wc_Sha224GetFlags() */ static int test_wc_Sha224GetFlags(void) { int res = TEST_SKIPPED; #if defined(WOLFSSL_SHA224) && defined(WOLFSSL_HASH_FLAGS) wc_Sha224 sha224; word32 flags = 0; int flag = 0; /* Initialize */ flag = wc_InitSha224(&sha224); if (flag == 0) { flag = wc_Sha224GetFlags(&sha224, &flags); } if (flag == 0) { if (flags & WC_HASH_FLAG_ISCOPY) { flag = 0; } } wc_Sha224Free(&sha224); res = TEST_RES_CHECK(flag == 0); #endif return res; } /* END test_wc_Sha224GetFlags */ /* * Unit test function for wc_Sha224Free() */ static int test_wc_Sha224Free(void) { int res = TEST_SKIPPED; #ifdef WOLFSSL_SHA224 wc_Sha224Free(NULL); res = TEST_RES_CHECK(1); #endif return res; } /* END test_wc_Sha224Free */ /* * Unit test function for wc_Sha224GetHash() */ static int test_wc_Sha224GetHash(void) { int res = TEST_SKIPPED; #ifdef WOLFSSL_SHA224 wc_Sha224 sha224; byte hash1[WC_SHA224_DIGEST_SIZE]; int flag = 0; /* Initialize */ flag = wc_InitSha224(&sha224); if (flag == 0) { flag = wc_Sha224GetHash(&sha224, hash1); } /*test bad arguments*/ if (flag == 0) { flag = wc_Sha224GetHash(NULL, NULL); if (flag == BAD_FUNC_ARG) { flag = 0; } } if (flag == 0) { flag = wc_Sha224GetHash(NULL, hash1); if (flag == BAD_FUNC_ARG) { flag = 0; } } if (flag == 0) { flag = wc_Sha224GetHash(&sha224, NULL); if (flag == BAD_FUNC_ARG) { flag = 0; } } wc_Sha224Free(&sha224); res = TEST_RES_CHECK(flag == 0); #endif return res; } /* END test_wc_Sha224GetHash */ /* * Unit test function for wc_Sha224Copy() */ static int test_wc_Sha224Copy(void) { int res = TEST_SKIPPED; #ifdef WOLFSSL_SHA224 wc_Sha224 sha224; wc_Sha224 temp; int flag = 0; /* Initialize */ flag = wc_InitSha224(&sha224); if (flag == 0) { flag = wc_InitSha224(&temp); } if (flag == 0) { flag = wc_Sha224Copy(&sha224, &temp); } /*test bad arguments*/ if (flag == 0) { flag = wc_Sha224Copy(NULL, NULL); if (flag == BAD_FUNC_ARG) { flag = 0; } } if (flag == 0) { flag = wc_Sha224Copy(NULL, &temp); if (flag == BAD_FUNC_ARG) { flag = 0; } } if (flag == 0) { flag = wc_Sha224Copy(&sha224, NULL); if (flag == BAD_FUNC_ARG) { flag = 0; } } wc_Sha224Free(&sha224); wc_Sha224Free(&temp); res = TEST_RES_CHECK(flag == 0); #endif return res; } /* END test_wc_Sha224Copy */ /* * Testing wc_InitRipeMd() */ static int test_wc_InitRipeMd(void) { int res = TEST_SKIPPED; #ifdef WOLFSSL_RIPEMD RipeMd ripemd; int ret; int flag = 0; /* Test good arg. */ ret = wc_InitRipeMd(&ripemd); if (ret != 0) { flag = WOLFSSL_FATAL_ERROR; } /* Test bad arg. */ if (!flag) { ret = wc_InitRipeMd(NULL); if (ret != BAD_FUNC_ARG) { flag = WOLFSSL_FATAL_ERROR; } } res = TEST_RES_CHECK(flag == 0); #endif return res; } /* END test_wc_InitRipeMd */ /* * Testing wc_RipeMdUpdate() */ static int test_wc_RipeMdUpdate(void) { int res = TEST_SKIPPED; #ifdef WOLFSSL_RIPEMD RipeMd ripemd; byte hash[RIPEMD_DIGEST_SIZE]; testVector a, b, c; int ret; int flag = 0; ret = wc_InitRipeMd(&ripemd); if (ret != 0) { flag = ret; } /* Input */ if (!flag) { a.input = "a"; a.inLen = XSTRLEN(a.input); ret = wc_RipeMdUpdate(&ripemd, (byte*)a.input, (word32)a.inLen); if (ret != 0) { flag = ret; } } if (!flag) { ret = wc_RipeMdFinal(&ripemd, hash); if (ret != 0) { flag = ret; } } /* Update input. */ if (!flag) { a.input = "abc"; a.output = "\x8e\xb2\x08\xf7\xe0\x5d\x98\x7a\x9b\x04\x4a\x8e\x98\xc6" "\xb0\x87\xf1\x5a\x0b\xfc"; a.inLen = XSTRLEN(a.input); a.outLen = XSTRLEN(a.output); ret = wc_RipeMdUpdate(&ripemd, (byte*)a.input, (word32)a.inLen); if (ret != 0) { flag = ret; } } if (!flag) { ret = wc_RipeMdFinal(&ripemd, hash); if (ret != 0) { flag = ret; } } if (!flag) { if (XMEMCMP(hash, a.output, RIPEMD_DIGEST_SIZE) != 0) { flag = WOLFSSL_FATAL_ERROR; } } /* Pass in bad values. */ if (!flag) { b.input = NULL; b.inLen = 0; ret = wc_RipeMdUpdate(&ripemd, (byte*)b.input, (word32)b.inLen); if (ret != 0) { flag = ret; } } if (!flag) { c.input = NULL; c.inLen = RIPEMD_DIGEST_SIZE; ret = wc_RipeMdUpdate(&ripemd, (byte*)c.input, (word32)c.inLen); if (ret != BAD_FUNC_ARG) { flag = WOLFSSL_FATAL_ERROR; } } if (!flag) { ret = wc_RipeMdUpdate(NULL, (byte*)a.input, (word32)a.inLen); if (ret != BAD_FUNC_ARG) { flag = WOLFSSL_FATAL_ERROR; } } res = TEST_RES_CHECK(flag == 0); #endif return res; } /* END test_wc_RipeMdUdpate */ /* * Unit test function for wc_RipeMdFinal() */ static int test_wc_RipeMdFinal(void) { int res = TEST_SKIPPED; #ifdef WOLFSSL_RIPEMD RipeMd ripemd; byte* hash_test[3]; byte hash1[RIPEMD_DIGEST_SIZE]; byte hash2[2*RIPEMD_DIGEST_SIZE]; byte hash3[5*RIPEMD_DIGEST_SIZE]; int times, i, ret; int flag = 0; /* Initialize */ ret = wc_InitRipeMd(&ripemd); if (ret != 0) { flag = ret; } if (!flag) { hash_test[0] = hash1; hash_test[1] = hash2; hash_test[2] = hash3; } times = sizeof(hash_test) / sizeof(byte*); /* Testing oversized buffers. */ for (i = 0; i < times; i++) { if (!flag) { ret = wc_RipeMdFinal(&ripemd, hash_test[i]); if (ret != 0) { flag = WOLFSSL_FATAL_ERROR; } } } /* Test bad args. */ if (!flag) { ret = wc_RipeMdFinal(NULL, NULL); if (ret != BAD_FUNC_ARG) { flag = WOLFSSL_FATAL_ERROR; } } if (!flag) { ret = wc_RipeMdFinal(NULL, hash1); if (ret != BAD_FUNC_ARG) { flag = WOLFSSL_FATAL_ERROR; } } if (!flag) { ret = wc_RipeMdFinal(&ripemd, NULL); if (ret != BAD_FUNC_ARG) { flag = WOLFSSL_FATAL_ERROR; } } res = TEST_RES_CHECK(flag == 0); #endif return res; } /* END test_wc_RipeMdFinal */ /* * Testing wc_InitSha3_224, wc_InitSha3_256, wc_InitSha3_384, and * wc_InitSha3_512 */ static int test_wc_InitSha3(void) { int res = TEST_SKIPPED; #if defined(WOLFSSL_SHA3) wc_Sha3 sha3; int ret = 0; (void)sha3; #if !defined(WOLFSSL_NOSHA3_224) ret = wc_InitSha3_224(&sha3, HEAP_HINT, testDevId); /* Test bad args. */ if (ret == 0) { ret = wc_InitSha3_224(NULL, HEAP_HINT, testDevId); if (ret == BAD_FUNC_ARG) { ret = 0; } else if (ret == 0) { ret = WOLFSSL_FATAL_ERROR; } } wc_Sha3_224_Free(&sha3); #endif /* NOSHA3_224 */ #if !defined(WOLFSSL_NOSHA3_256) if (ret == 0) { ret = wc_InitSha3_256(&sha3, HEAP_HINT, testDevId); /* Test bad args. */ if (ret == 0) { ret = wc_InitSha3_256(NULL, HEAP_HINT, testDevId); if (ret == BAD_FUNC_ARG) { ret = 0; } else if (ret == 0) { ret = WOLFSSL_FATAL_ERROR; } } wc_Sha3_256_Free(&sha3); } /* END sha3_256 */ #endif /* NOSHA3_256 */ #if !defined(WOLFSSL_NOSHA3_384) if (ret == 0) { ret = wc_InitSha3_384(&sha3, HEAP_HINT, testDevId); /* Test bad args. */ if (ret == 0) { ret = wc_InitSha3_384(NULL, HEAP_HINT, testDevId); if (ret == BAD_FUNC_ARG) { ret = 0; } else if (ret == 0) { ret = WOLFSSL_FATAL_ERROR; } } wc_Sha3_384_Free(&sha3); } /* END sha3_384 */ #endif /* NOSHA3_384 */ #if !defined(WOLFSSL_NOSHA3_512) if (ret == 0) { ret = wc_InitSha3_512(&sha3, HEAP_HINT, testDevId); /* Test bad args. */ if (ret == 0) { ret = wc_InitSha3_512(NULL, HEAP_HINT, testDevId); if (ret == BAD_FUNC_ARG) { ret = 0; } else if (ret == 0) { ret = WOLFSSL_FATAL_ERROR; } } wc_Sha3_512_Free(&sha3); } /* END sha3_512 */ #endif /* NOSHA3_512 */ res = TEST_RES_CHECK(ret == 0); #endif return res; } /* END test_wc_InitSha3 */ /* * Testing wc_Sha3_Update() */ static int testing_wc_Sha3_Update(void) { int res = TEST_SKIPPED; #if defined(WOLFSSL_SHA3) && !defined(WOLFSSL_XILINX_CRYPT) && \ !defined(WOLFSSL_AFALG_XILINX) wc_Sha3 sha3; byte msg[] = "Everybody's working for the weekend."; byte msg2[] = "Everybody gets Friday off."; byte msgCmp[] = "\x45\x76\x65\x72\x79\x62\x6f\x64\x79\x27\x73\x20" "\x77\x6f\x72\x6b\x69\x6e\x67\x20\x66\x6f\x72\x20\x74" "\x68\x65\x20\x77\x65\x65\x6b\x65\x6e\x64\x2e\x45\x76" "\x65\x72\x79\x62\x6f\x64\x79\x20\x67\x65\x74\x73\x20" "\x46\x72\x69\x64\x61\x79\x20\x6f\x66\x66\x2e"; word32 msglen = sizeof(msg) - 1; word32 msg2len = sizeof(msg2); word32 msgCmplen = sizeof(msgCmp); int ret = 0; #if !defined(WOLFSSL_NOSHA3_224) ret = wc_InitSha3_224(&sha3, HEAP_HINT, testDevId); if (ret != 0) { return TEST_FAIL; } ret = wc_Sha3_224_Update(&sha3, msg, msglen); if (XMEMCMP(msg, sha3.t, msglen) || sha3.i != msglen) { ret = WOLFSSL_FATAL_ERROR; } if (ret == 0) { ret = wc_Sha3_224_Update(&sha3, msg2, msg2len); if (ret == 0 && XMEMCMP(sha3.t, msgCmp, msgCmplen) != 0) { ret = WOLFSSL_FATAL_ERROR; } } /* Pass bad args. */ if (ret == 0) { ret = wc_Sha3_224_Update(NULL, msg2, msg2len); if (ret == BAD_FUNC_ARG) { ret = wc_Sha3_224_Update(&sha3, NULL, 5); } if (ret == BAD_FUNC_ARG) { wc_Sha3_224_Free(&sha3); if (wc_InitSha3_224(&sha3, HEAP_HINT, testDevId)) { return TEST_FAIL; } ret = wc_Sha3_224_Update(&sha3, NULL, 0); if (ret == 0) { ret = wc_Sha3_224_Update(&sha3, msg2, msg2len); } if (ret == 0 && XMEMCMP(msg2, sha3.t, msg2len) != 0) { ret = WOLFSSL_FATAL_ERROR; } } } wc_Sha3_224_Free(&sha3); #endif /* SHA3_224 */ #if !defined(WOLFSSL_NOSHA3_256) if (ret == 0) { ret = wc_InitSha3_256(&sha3, HEAP_HINT, testDevId); if (ret != 0) { return TEST_FAIL; } ret = wc_Sha3_256_Update(&sha3, msg, msglen); if (XMEMCMP(msg, sha3.t, msglen) || sha3.i != msglen) { ret = WOLFSSL_FATAL_ERROR; } if (ret == 0) { ret = wc_Sha3_256_Update(&sha3, msg2, msg2len); if (XMEMCMP(sha3.t, msgCmp, msgCmplen) != 0) { ret = WOLFSSL_FATAL_ERROR; } } /* Pass bad args. */ if (ret == 0) { ret = wc_Sha3_256_Update(NULL, msg2, msg2len); if (ret == BAD_FUNC_ARG) { ret = wc_Sha3_256_Update(&sha3, NULL, 5); } if (ret == BAD_FUNC_ARG) { wc_Sha3_256_Free(&sha3); if (wc_InitSha3_256(&sha3, HEAP_HINT, testDevId)) { return TEST_FAIL; } ret = wc_Sha3_256_Update(&sha3, NULL, 0); if (ret == 0) { ret = wc_Sha3_256_Update(&sha3, msg2, msg2len); } if (ret == 0 && XMEMCMP(msg2, sha3.t, msg2len) != 0) { ret = WOLFSSL_FATAL_ERROR; } } } wc_Sha3_256_Free(&sha3); } #endif /* SHA3_256 */ #if !defined(WOLFSSL_NOSHA3_384) if (ret == 0) { ret = wc_InitSha3_384(&sha3, HEAP_HINT, testDevId); if (ret != 0) { return TEST_FAIL; } ret = wc_Sha3_384_Update(&sha3, msg, msglen); if (XMEMCMP(msg, sha3.t, msglen) || sha3.i != msglen) { ret = WOLFSSL_FATAL_ERROR; } if (ret == 0) { ret = wc_Sha3_384_Update(&sha3, msg2, msg2len); if (XMEMCMP(sha3.t, msgCmp, msgCmplen) != 0) { ret = WOLFSSL_FATAL_ERROR; } } /* Pass bad args. */ if (ret == 0) { ret = wc_Sha3_384_Update(NULL, msg2, msg2len); if (ret == BAD_FUNC_ARG) { ret = wc_Sha3_384_Update(&sha3, NULL, 5); } if (ret == BAD_FUNC_ARG) { wc_Sha3_384_Free(&sha3); if (wc_InitSha3_384(&sha3, HEAP_HINT, testDevId)) { return TEST_FAIL; } ret = wc_Sha3_384_Update(&sha3, NULL, 0); if (ret == 0) { ret = wc_Sha3_384_Update(&sha3, msg2, msg2len); } if (ret == 0 && XMEMCMP(msg2, sha3.t, msg2len) != 0) { ret = WOLFSSL_FATAL_ERROR; } } } wc_Sha3_384_Free(&sha3); } #endif /* SHA3_384 */ #if !defined(WOLFSSL_NOSHA3_512) if (ret == 0) { ret = wc_InitSha3_512(&sha3, HEAP_HINT, testDevId); if (ret != 0) { return TEST_FAIL; } ret = wc_Sha3_512_Update(&sha3, msg, msglen); if (XMEMCMP(msg, sha3.t, msglen) || sha3.i != msglen) { ret = WOLFSSL_FATAL_ERROR; } if (ret == 0) { ret = wc_Sha3_512_Update(&sha3, msg2, msg2len); if (XMEMCMP(sha3.t, msgCmp, msgCmplen) != 0) { ret = WOLFSSL_FATAL_ERROR; } } /* Pass bad args. */ if (ret == 0) { ret = wc_Sha3_512_Update(NULL, msg2, msg2len); if (ret == BAD_FUNC_ARG) { ret = wc_Sha3_512_Update(&sha3, NULL, 5); } if (ret == BAD_FUNC_ARG) { wc_Sha3_512_Free(&sha3); if (wc_InitSha3_512(&sha3, HEAP_HINT, testDevId)) { return TEST_FAIL; } ret = wc_Sha3_512_Update(&sha3, NULL, 0); if (ret == 0) { ret = wc_Sha3_512_Update(&sha3, msg2, msg2len); } if (ret == 0 && XMEMCMP(msg2, sha3.t, msg2len) != 0) { ret = WOLFSSL_FATAL_ERROR; } } } wc_Sha3_512_Free(&sha3); } #endif /* SHA3_512 */ res = TEST_RES_CHECK(ret == 0); #endif /* WOLFSSL_SHA3 */ return res; } /* END testing_wc_Sha3_Update */ /* * Testing wc_Sha3_224_Final() */ static int test_wc_Sha3_224_Final(void) { int res = TEST_SKIPPED; #if defined(WOLFSSL_SHA3) && !defined(WOLFSSL_NOSHA3_224) wc_Sha3 sha3; const char* msg = "abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnom" "nopnopq"; const char* expOut = "\x8a\x24\x10\x8b\x15\x4a\xda\x21\xc9\xfd\x55" "\x74\x49\x44\x79\xba\x5c\x7e\x7a\xb7\x6e\xf2" "\x64\xea\xd0\xfc\xce\x33"; byte hash[WC_SHA3_224_DIGEST_SIZE]; byte hashRet[WC_SHA3_224_DIGEST_SIZE]; int ret = 0; /* Init stack variables. */ XMEMSET(hash, 0, sizeof(hash)); ret = wc_InitSha3_224(&sha3, HEAP_HINT, testDevId); if (ret != 0) { return TEST_FAIL; } ret= wc_Sha3_224_Update(&sha3, (byte*)msg, (word32)XSTRLEN(msg)); if (ret == 0) { ret = wc_Sha3_224_Final(&sha3, hash); if (ret == 0 && XMEMCMP(expOut, hash, WC_SHA3_224_DIGEST_SIZE) != 0) { ret = WOLFSSL_FATAL_ERROR; } } /* Test bad args. */ if (ret == 0) { ret = wc_Sha3_224_Final(NULL, hash); if (ret == 0) { ret = wc_Sha3_224_Final(&sha3, NULL); } if (ret == BAD_FUNC_ARG) { ret = 0; } else if (ret == 0) { ret = WOLFSSL_FATAL_ERROR; } } wc_Sha3_224_Free(&sha3); if (ret == 0) { ret = wc_InitSha3_224(&sha3, HEAP_HINT, testDevId); if (ret != 0) { return TEST_FAIL; } /* Init stack variables. */ XMEMSET(hash, 0, sizeof(hash)); XMEMSET(hashRet, 0, sizeof(hashRet)); ret= wc_Sha3_224_Update(&sha3, (byte*)msg, (word32)XSTRLEN(msg)); if (ret == 0) { ret = wc_Sha3_224_GetHash(&sha3, hashRet); } if (ret == 0) { ret = wc_Sha3_224_Final(&sha3, hash); if (ret == 0 && XMEMCMP(hash, hashRet, WC_SHA3_224_DIGEST_SIZE) != 0) { ret = WOLFSSL_FATAL_ERROR; } } if (ret == 0) { /* Test bad args. */ ret = wc_Sha3_224_GetHash(NULL, hashRet); if (ret == BAD_FUNC_ARG) { ret = wc_Sha3_224_GetHash(&sha3, NULL); } if (ret == BAD_FUNC_ARG) { ret = 0; } else if (ret == 0) { ret = WOLFSSL_FATAL_ERROR; } } } wc_Sha3_224_Free(&sha3); res = TEST_RES_CHECK(ret == 0); #endif return res; } /* END test_wc_Sha3_224_Final */ /* * Testing wc_Sha3_256_Final() */ static int test_wc_Sha3_256_Final(void) { int res = TEST_SKIPPED; #if defined(WOLFSSL_SHA3) && !defined(WOLFSSL_NOSHA3_256) wc_Sha3 sha3; const char* msg = "abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnom" "nopnopq"; const char* expOut = "\x41\xc0\xdb\xa2\xa9\xd6\x24\x08\x49\x10\x03\x76\xa8" "\x23\x5e\x2c\x82\xe1\xb9\x99\x8a\x99\x9e\x21\xdb\x32" "\xdd\x97\x49\x6d\x33\x76"; byte hash[WC_SHA3_256_DIGEST_SIZE]; byte hashRet[WC_SHA3_256_DIGEST_SIZE]; int ret = 0; /* Init stack variables. */ XMEMSET(hash, 0, sizeof(hash)); ret = wc_InitSha3_256(&sha3, HEAP_HINT, testDevId); if (ret != 0) { return TEST_FAIL; } ret= wc_Sha3_256_Update(&sha3, (byte*)msg, (word32)XSTRLEN(msg)); if (ret == 0) { ret = wc_Sha3_256_Final(&sha3, hash); if (ret == 0 && XMEMCMP(expOut, hash, WC_SHA3_256_DIGEST_SIZE) != 0) { ret = WOLFSSL_FATAL_ERROR; } } /* Test bad args. */ if (ret == 0) { ret = wc_Sha3_256_Final(NULL, hash); if (ret == 0) { ret = wc_Sha3_256_Final(&sha3, NULL); } if (ret == BAD_FUNC_ARG) { ret = 0; } else if (ret == 0) { ret = WOLFSSL_FATAL_ERROR; } } wc_Sha3_256_Free(&sha3); if (ret == 0) { ret = wc_InitSha3_256(&sha3, HEAP_HINT, testDevId); if (ret != 0) { return TEST_FAIL; } /* Init stack variables. */ XMEMSET(hash, 0, sizeof(hash)); XMEMSET(hashRet, 0, sizeof(hashRet)); ret= wc_Sha3_256_Update(&sha3, (byte*)msg, (word32)XSTRLEN(msg)); if (ret == 0) { ret = wc_Sha3_256_GetHash(&sha3, hashRet); } if (ret == 0) { ret = wc_Sha3_256_Final(&sha3, hash); if (ret == 0 && XMEMCMP(hash, hashRet, WC_SHA3_256_DIGEST_SIZE) != 0) { ret = WOLFSSL_FATAL_ERROR; } } if (ret == 0) { /* Test bad args. */ ret = wc_Sha3_256_GetHash(NULL, hashRet); if (ret == BAD_FUNC_ARG) { ret = wc_Sha3_256_GetHash(&sha3, NULL); } if (ret == BAD_FUNC_ARG) { ret = 0; } else if (ret == 0) { ret = WOLFSSL_FATAL_ERROR; } } } wc_Sha3_256_Free(&sha3); res = TEST_RES_CHECK(ret == 0); #endif return res; } /* END test_wc_Sha3_256_Final */ /* * Testing wc_Sha3_384_Final() */ static int test_wc_Sha3_384_Final(void) { int res = TEST_SKIPPED; #if defined(WOLFSSL_SHA3) && !defined(WOLFSSL_NOSHA3_384) wc_Sha3 sha3; const char* msg = "abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnom" "nopnopq"; const char* expOut = "\x99\x1c\x66\x57\x55\xeb\x3a\x4b\x6b\xbd\xfb\x75\xc7" "\x8a\x49\x2e\x8c\x56\xa2\x2c\x5c\x4d\x7e\x42\x9b\xfd" "\xbc\x32\xb9\xd4\xad\x5a\xa0\x4a\x1f\x07\x6e\x62\xfe" "\xa1\x9e\xef\x51\xac\xd0\x65\x7c\x22"; byte hash[WC_SHA3_384_DIGEST_SIZE]; byte hashRet[WC_SHA3_384_DIGEST_SIZE]; int ret = 0; /* Init stack variables. */ XMEMSET(hash, 0, sizeof(hash)); ret = wc_InitSha3_384(&sha3, HEAP_HINT, testDevId); if (ret != 0) { return TEST_FAIL; } ret= wc_Sha3_384_Update(&sha3, (byte*)msg, (word32)XSTRLEN(msg)); if (ret == 0) { ret = wc_Sha3_384_Final(&sha3, hash); if (ret == 0 && XMEMCMP(expOut, hash, WC_SHA3_384_DIGEST_SIZE) != 0) { ret = WOLFSSL_FATAL_ERROR; } } /* Test bad args. */ if (ret == 0) { ret = wc_Sha3_384_Final(NULL, hash); if (ret == 0) { ret = wc_Sha3_384_Final(&sha3, NULL); } if (ret == BAD_FUNC_ARG) { ret = 0; } else if (ret == 0) { ret = WOLFSSL_FATAL_ERROR; } } wc_Sha3_384_Free(&sha3); if (ret == 0) { ret = wc_InitSha3_384(&sha3, HEAP_HINT, testDevId); if (ret != 0) { return TEST_FAIL; } /* Init stack variables. */ XMEMSET(hash, 0, sizeof(hash)); XMEMSET(hashRet, 0, sizeof(hashRet)); ret= wc_Sha3_384_Update(&sha3, (byte*)msg, (word32)XSTRLEN(msg)); if (ret == 0) { ret = wc_Sha3_384_GetHash(&sha3, hashRet); } if (ret == 0) { ret = wc_Sha3_384_Final(&sha3, hash); if (ret == 0 && XMEMCMP(hash, hashRet, WC_SHA3_384_DIGEST_SIZE) != 0) { ret = WOLFSSL_FATAL_ERROR; } } if (ret == 0) { /* Test bad args. */ ret = wc_Sha3_384_GetHash(NULL, hashRet); if (ret == BAD_FUNC_ARG) { ret = wc_Sha3_384_GetHash(&sha3, NULL); } if (ret == BAD_FUNC_ARG) { ret = 0; } else if (ret == 0) { ret = WOLFSSL_FATAL_ERROR; } } } wc_Sha3_384_Free(&sha3); res = TEST_RES_CHECK(ret == 0); #endif return res; } /* END test_wc_Sha3_384_Final */ /* * Testing wc_Sha3_512_Final() */ static int test_wc_Sha3_512_Final(void) { int res = TEST_SKIPPED; #if defined(WOLFSSL_SHA3) && !defined(WOLFSSL_NOSHA3_512) && \ !defined(WOLFSSL_NOSHA3_384) wc_Sha3 sha3; const char* msg = "abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnom" "nopnopq"; const char* expOut = "\x04\xa3\x71\xe8\x4e\xcf\xb5\xb8\xb7\x7c\xb4\x86\x10" "\xfc\xa8\x18\x2d\xd4\x57\xce\x6f\x32\x6a\x0f\xd3\xd7" "\xec\x2f\x1e\x91\x63\x6d\xee\x69\x1f\xbe\x0c\x98\x53" "\x02\xba\x1b\x0d\x8d\xc7\x8c\x08\x63\x46\xb5\x33\xb4" "\x9c\x03\x0d\x99\xa2\x7d\xaf\x11\x39\xd6\xe7\x5e"; byte hash[WC_SHA3_512_DIGEST_SIZE]; byte hashRet[WC_SHA3_512_DIGEST_SIZE]; int ret = 0; /* Init stack variables. */ XMEMSET(hash, 0, sizeof(hash)); ret = wc_InitSha3_512(&sha3, HEAP_HINT, testDevId); if (ret != 0) { return TEST_FAIL; } ret= wc_Sha3_512_Update(&sha3, (byte*)msg, (word32)XSTRLEN(msg)); if (ret == 0) { ret = wc_Sha3_512_Final(&sha3, hash); if (ret == 0 && XMEMCMP(expOut, hash, WC_SHA3_512_DIGEST_SIZE) != 0) { ret = WOLFSSL_FATAL_ERROR; } } /* Test bad args. */ if (ret == 0) { ret = wc_Sha3_512_Final(NULL, hash); if (ret == 0) { ret = wc_Sha3_384_Final(&sha3, NULL); } if (ret == BAD_FUNC_ARG) { ret = 0; } else if (ret == 0) { ret = WOLFSSL_FATAL_ERROR; } } wc_Sha3_512_Free(&sha3); if (ret == 0) { ret = wc_InitSha3_512(&sha3, HEAP_HINT, testDevId); if (ret != 0) { return TEST_FAIL; } /* Init stack variables. */ XMEMSET(hash, 0, sizeof(hash)); XMEMSET(hashRet, 0, sizeof(hashRet)); ret= wc_Sha3_512_Update(&sha3, (byte*)msg, (word32)XSTRLEN(msg)); if (ret == 0) { ret = wc_Sha3_512_GetHash(&sha3, hashRet); } if (ret == 0) { ret = wc_Sha3_512_Final(&sha3, hash); if (ret == 0 && XMEMCMP(hash, hashRet, WC_SHA3_512_DIGEST_SIZE) != 0) { ret = WOLFSSL_FATAL_ERROR; } } if (ret == 0) { /* Test bad args. */ ret = wc_Sha3_512_GetHash(NULL, hashRet); if (ret == BAD_FUNC_ARG) { ret = wc_Sha3_512_GetHash(&sha3, NULL); } if (ret == BAD_FUNC_ARG) { ret = 0; } else if (ret == 0) { ret = WOLFSSL_FATAL_ERROR; } } } wc_Sha3_512_Free(&sha3); res = TEST_RES_CHECK(ret == 0); #endif return res; } /* END test_wc_Sha3_512_Final */ /* * Testing wc_Sha3_224_Copy() */ static int test_wc_Sha3_224_Copy(void) { int res = TEST_SKIPPED; #if defined(WOLFSSL_SHA3) && !defined(WOLFSSL_NOSHA3_224) wc_Sha3 sha3, sha3Cpy; const char* msg = TEST_STRING; word32 msglen = (word32)TEST_STRING_SZ; byte hash[WC_SHA3_224_DIGEST_SIZE]; byte hashCpy[WC_SHA3_224_DIGEST_SIZE]; int ret = 0; XMEMSET(hash, 0, sizeof(hash)); XMEMSET(hashCpy, 0, sizeof(hashCpy)); ret = wc_InitSha3_224(&sha3, HEAP_HINT, testDevId); if (ret != 0) { return TEST_FAIL; } ret = wc_InitSha3_224(&sha3Cpy, HEAP_HINT, testDevId); if (ret != 0) { wc_Sha3_224_Free(&sha3); return TEST_FAIL; } ret = wc_Sha3_224_Update(&sha3, (byte*)msg, msglen); if (ret == 0) { ret = wc_Sha3_224_Copy(&sha3Cpy, &sha3); if (ret == 0) { ret = wc_Sha3_224_Final(&sha3, hash); if (ret == 0) { ret = wc_Sha3_224_Final(&sha3Cpy, hashCpy); } } if (ret == 0 && XMEMCMP(hash, hashCpy, sizeof(hash)) != 0) { ret = WOLFSSL_FATAL_ERROR; } } /* Test bad args. */ if (ret == 0) { ret = wc_Sha3_224_Copy(NULL, &sha3); if (ret == BAD_FUNC_ARG) { ret = wc_Sha3_224_Copy(&sha3Cpy, NULL); } if (ret == BAD_FUNC_ARG) { ret = 0; } else if (ret == 0) { ret = WOLFSSL_FATAL_ERROR; } } res = TEST_RES_CHECK(ret == 0); #endif return res; } /* END test_wc_Sha3_224_Copy */ /* * Testing wc_Sha3_256_Copy() */ static int test_wc_Sha3_256_Copy(void) { int res = TEST_SKIPPED; #if defined(WOLFSSL_SHA3) && !defined(WOLFSSL_NOSHA3_256) wc_Sha3 sha3, sha3Cpy; const char* msg = TEST_STRING; word32 msglen = (word32)TEST_STRING_SZ; byte hash[WC_SHA3_256_DIGEST_SIZE]; byte hashCpy[WC_SHA3_256_DIGEST_SIZE]; int ret = 0; XMEMSET(hash, 0, sizeof(hash)); XMEMSET(hashCpy, 0, sizeof(hashCpy)); ret = wc_InitSha3_256(&sha3, HEAP_HINT, testDevId); if (ret != 0) { return TEST_FAIL; } ret = wc_InitSha3_256(&sha3Cpy, HEAP_HINT, testDevId); if (ret != 0) { wc_Sha3_256_Free(&sha3); return TEST_FAIL; } ret = wc_Sha3_256_Update(&sha3, (byte*)msg, msglen); if (ret == 0) { ret = wc_Sha3_256_Copy(&sha3Cpy, &sha3); if (ret == 0) { ret = wc_Sha3_256_Final(&sha3, hash); if (ret == 0) { ret = wc_Sha3_256_Final(&sha3Cpy, hashCpy); } } if (ret == 0 && XMEMCMP(hash, hashCpy, sizeof(hash)) != 0) { ret = WOLFSSL_FATAL_ERROR; } } /* Test bad args. */ if (ret == 0) { ret = wc_Sha3_256_Copy(NULL, &sha3); if (ret == BAD_FUNC_ARG) { ret = wc_Sha3_256_Copy(&sha3Cpy, NULL); } if (ret == BAD_FUNC_ARG) { ret = 0; } else if (ret == 0) { ret = WOLFSSL_FATAL_ERROR; } } res = TEST_RES_CHECK(ret == 0); #endif return res; } /* END test_wc_Sha3_256_Copy */ /* * Testing wc_Sha3_384_Copy() */ static int test_wc_Sha3_384_Copy(void) { int res = TEST_SKIPPED; #if defined(WOLFSSL_SHA3) && !defined(WOLFSSL_NOSHA3_384) wc_Sha3 sha3, sha3Cpy; const char* msg = TEST_STRING; word32 msglen = (word32)TEST_STRING_SZ; byte hash[WC_SHA3_384_DIGEST_SIZE]; byte hashCpy[WC_SHA3_384_DIGEST_SIZE]; int ret = 0; XMEMSET(hash, 0, sizeof(hash)); XMEMSET(hashCpy, 0, sizeof(hashCpy)); ret = wc_InitSha3_384(&sha3, HEAP_HINT, testDevId); if (ret != 0) { return TEST_FAIL; } ret = wc_InitSha3_384(&sha3Cpy, HEAP_HINT, testDevId); if (ret != 0) { wc_Sha3_384_Free(&sha3); return TEST_FAIL; } ret = wc_Sha3_384_Update(&sha3, (byte*)msg, msglen); if (ret == 0) { ret = wc_Sha3_384_Copy(&sha3Cpy, &sha3); if (ret == 0) { ret = wc_Sha3_384_Final(&sha3, hash); if (ret == 0) { ret = wc_Sha3_384_Final(&sha3Cpy, hashCpy); } } if (ret == 0 && XMEMCMP(hash, hashCpy, sizeof(hash)) != 0) { ret = WOLFSSL_FATAL_ERROR; } } /* Test bad args. */ if (ret == 0) { ret = wc_Sha3_384_Copy(NULL, &sha3); if (ret == BAD_FUNC_ARG) { ret = wc_Sha3_384_Copy(&sha3Cpy, NULL); } if (ret == BAD_FUNC_ARG) { ret = 0; } else if (ret == 0) { ret = WOLFSSL_FATAL_ERROR; } } res = TEST_RES_CHECK(ret == 0); #endif return res; } /* END test_wc_Sha3_384_Copy */ /* * Testing wc_Sha3_512_Copy() */ static int test_wc_Sha3_512_Copy(void) { int res = TEST_SKIPPED; #if defined(WOLFSSL_SHA3) && !defined(WOLFSSL_NOSHA3_512) wc_Sha3 sha3, sha3Cpy; const char* msg = TEST_STRING; word32 msglen = (word32)TEST_STRING_SZ; byte hash[WC_SHA3_512_DIGEST_SIZE]; byte hashCpy[WC_SHA3_512_DIGEST_SIZE]; int ret = 0; XMEMSET(hash, 0, sizeof(hash)); XMEMSET(hashCpy, 0, sizeof(hashCpy)); ret = wc_InitSha3_512(&sha3, HEAP_HINT, testDevId); if (ret != 0) { return TEST_FAIL; } ret = wc_InitSha3_512(&sha3Cpy, HEAP_HINT, testDevId); if (ret != 0) { wc_Sha3_512_Free(&sha3); return TEST_FAIL; } ret = wc_Sha3_512_Update(&sha3, (byte*)msg, msglen); if (ret == 0) { ret = wc_Sha3_512_Copy(&sha3Cpy, &sha3); if (ret == 0) { ret = wc_Sha3_512_Final(&sha3, hash); if (ret == 0) { ret = wc_Sha3_512_Final(&sha3Cpy, hashCpy); } } if (ret == 0 && XMEMCMP(hash, hashCpy, sizeof(hash)) != 0) { ret = WOLFSSL_FATAL_ERROR; } } /* Test bad args. */ if (ret == 0) { ret = wc_Sha3_512_Copy(NULL, &sha3); if (ret == BAD_FUNC_ARG) { ret = wc_Sha3_512_Copy(&sha3Cpy, NULL); } if (ret == BAD_FUNC_ARG) { ret = 0; } else if (ret == 0) { ret = WOLFSSL_FATAL_ERROR; } } res = TEST_RES_CHECK(ret == 0); #endif return res; } /* END test_wc_Sha3_512_Copy */ /* * Unit test function for wc_Sha3_GetFlags() */ static int test_wc_Sha3_GetFlags(void) { int res = TEST_SKIPPED; #if defined(WOLFSSL_SHA3) && defined(WOLFSSL_HASH_FLAGS) wc_Sha3 sha3; word32 flags = 0; int ret = 0; /* Initialize */ ret = wc_InitSha3_224(&sha3, HEAP_HINT, testDevId); if (ret != 0) { return TEST_FAIL; } if (ret == 0) { ret = wc_Sha3_GetFlags(&sha3, &flags); } if (ret == 0) { if (flags & WC_HASH_FLAG_ISCOPY) { ret = 0; } } wc_Sha3_224_Free(&sha3); res = TEST_RES_CHECK(ret == 0); #endif return res; } /* END test_wc_Sha3_GetFlags */ static int test_wc_InitShake256(void) { int res = TEST_SKIPPED; #ifdef WOLFSSL_SHAKE256 wc_Shake shake; int ret = 0; ret = wc_InitShake256(&shake, HEAP_HINT, testDevId); /* Test bad args. */ if (ret == 0) { ret = wc_InitShake256(NULL, HEAP_HINT, testDevId); if (ret == BAD_FUNC_ARG) { ret = 0; } else if (ret == 0) { ret = WOLFSSL_FATAL_ERROR; } } wc_Shake256_Free(&shake); res = TEST_RES_CHECK(ret == 0); #endif return res; } /* END test_wc_InitSha3 */ static int testing_wc_Shake256_Update(void) { int res = TEST_SKIPPED; #ifdef WOLFSSL_SHAKE256 wc_Shake shake; byte msg[] = "Everybody's working for the weekend."; byte msg2[] = "Everybody gets Friday off."; byte msgCmp[] = "\x45\x76\x65\x72\x79\x62\x6f\x64\x79\x27\x73\x20" "\x77\x6f\x72\x6b\x69\x6e\x67\x20\x66\x6f\x72\x20\x74" "\x68\x65\x20\x77\x65\x65\x6b\x65\x6e\x64\x2e\x45\x76" "\x65\x72\x79\x62\x6f\x64\x79\x20\x67\x65\x74\x73\x20" "\x46\x72\x69\x64\x61\x79\x20\x6f\x66\x66\x2e"; word32 msglen = sizeof(msg) - 1; word32 msg2len = sizeof(msg2); word32 msgCmplen = sizeof(msgCmp); int ret = 0; ret = wc_InitShake256(&shake, HEAP_HINT, testDevId); if (ret != 0) { return TEST_FAIL; } ret = wc_Shake256_Update(&shake, msg, msglen); if (XMEMCMP(msg, shake.t, msglen) || shake.i != msglen) { ret = WOLFSSL_FATAL_ERROR; } if (ret == 0) { ret = wc_Shake256_Update(&shake, msg2, msg2len); if (XMEMCMP(shake.t, msgCmp, msgCmplen) != 0) { ret = WOLFSSL_FATAL_ERROR; } } /* Pass bad args. */ if (ret == 0) { ret = wc_Shake256_Update(NULL, msg2, msg2len); if (ret == BAD_FUNC_ARG) { ret = wc_Shake256_Update(&shake, NULL, 5); } if (ret == BAD_FUNC_ARG) { wc_Shake256_Free(&shake); if (wc_InitShake256(&shake, HEAP_HINT, testDevId)) { return TEST_FAIL; } ret = wc_Shake256_Update(&shake, NULL, 0); if (ret == 0) { ret = wc_Shake256_Update(&shake, msg2, msg2len); } if (ret == 0 && XMEMCMP(msg2, shake.t, msg2len) != 0) { ret = WOLFSSL_FATAL_ERROR; } } } wc_Shake256_Free(&shake); res = TEST_RES_CHECK(ret == 0); #endif /* WOLFSSL_SHAKE256 */ return res; } static int test_wc_Shake256_Final(void) { int res = TEST_SKIPPED; #ifdef WOLFSSL_SHAKE256 wc_Shake shake; const char* msg = "abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnom" "nopnopq"; const char* expOut = "\x4d\x8c\x2d\xd2\x43\x5a\x01\x28\xee\xfb\xb8\xc3\x6f" "\x6f\x87\x13\x3a\x79\x11\xe1\x8d\x97\x9e\xe1\xae\x6b" "\xe5\xd4\xfd\x2e\x33\x29\x40\xd8\x68\x8a\x4e\x6a\x59" "\xaa\x80\x60\xf1\xf9\xbc\x99\x6c\x05\xac\xa3\xc6\x96" "\xa8\xb6\x62\x79\xdc\x67\x2c\x74\x0b\xb2\x24\xec\x37" "\xa9\x2b\x65\xdb\x05\x39\xc0\x20\x34\x55\xf5\x1d\x97" "\xcc\xe4\xcf\xc4\x91\x27\xd7\x26\x0a\xfc\x67\x3a\xf2" "\x08\xba\xf1\x9b\xe2\x12\x33\xf3\xde\xbe\x78\xd0\x67" "\x60\xcf\xa5\x51\xee\x1e\x07\x91\x41\xd4"; byte hash[114]; int ret = 0; /* Init stack variables. */ XMEMSET(hash, 0, sizeof(hash)); ret = wc_InitShake256(&shake, HEAP_HINT, testDevId); if (ret != 0) { return TEST_FAIL; } ret= wc_Shake256_Update(&shake, (byte*)msg, (word32)XSTRLEN(msg)); if (ret == 0) { ret = wc_Shake256_Final(&shake, hash, (word32)sizeof(hash)); if (ret == 0 && XMEMCMP(expOut, hash, (word32)sizeof(hash)) != 0) { ret = WOLFSSL_FATAL_ERROR; } } /* Test bad args. */ if (ret == 0) { ret = wc_Shake256_Final(NULL, hash, (word32)sizeof(hash)); if (ret == 0) { ret = wc_Shake256_Final(&shake, NULL, (word32)sizeof(hash)); } if (ret == BAD_FUNC_ARG) { ret = 0; } else if (ret == 0) { ret = WOLFSSL_FATAL_ERROR; } } wc_Shake256_Free(&shake); res = TEST_RES_CHECK(ret == 0); #endif return res; } /* * Testing wc_Shake256_Copy() */ static int test_wc_Shake256_Copy(void) { int res = TEST_SKIPPED; #ifdef WOLFSSL_SHAKE256 wc_Shake shake, shakeCpy; const char* msg = TEST_STRING; word32 msglen = (word32)TEST_STRING_SZ; byte hash[144]; byte hashCpy[144]; word32 hashLen = sizeof(hash); word32 hashLenCpy = sizeof(hashCpy); int ret; XMEMSET(hash, 0, sizeof(hash)); XMEMSET(hashCpy, 0, sizeof(hashCpy)); ret = wc_InitShake256(&shake, HEAP_HINT, testDevId); if (ret != 0) { return TEST_FAIL; } ret = wc_InitShake256(&shakeCpy, HEAP_HINT, testDevId); if (ret != 0) { wc_Shake256_Free(&shake); return TEST_FAIL; } ret = wc_Shake256_Update(&shake, (byte*)msg, msglen); if (ret == 0) { ret = wc_Shake256_Copy(&shakeCpy, &shake); if (ret == 0) { ret = wc_Shake256_Final(&shake, hash, hashLen); if (ret == 0) { ret = wc_Shake256_Final(&shakeCpy, hashCpy, hashLenCpy); } } if (ret == 0 && XMEMCMP(hash, hashCpy, sizeof(hash)) != 0) { ret = WOLFSSL_FATAL_ERROR; } } /* Test bad args. */ if (ret == 0) { ret = wc_Shake256_Copy(NULL, &shake); if (ret == BAD_FUNC_ARG) { ret = wc_Shake256_Copy(&shakeCpy, NULL); } if (ret == BAD_FUNC_ARG) { ret = 0; } else if (ret == 0) { ret = WOLFSSL_FATAL_ERROR; } } wc_Shake256_Free(&shake); res = TEST_RES_CHECK(ret == 0); #endif return res; } /* END test_wc_Shake256_Copy */ /* * Unit test function for wc_Shake256Hash() */ static int test_wc_Shake256Hash(void) { int res = TEST_SKIPPED; #ifdef WOLFSSL_SHAKE256 const byte data[] = { /* Hello World */ 0x48,0x65,0x6c,0x6c,0x6f,0x20,0x57,0x6f, 0x72,0x6c,0x64 }; word32 len = sizeof(data); byte hash[144]; word32 hashLen = sizeof(hash); int ret; ret = wc_Shake256Hash(data, len, hash, hashLen); res = TEST_RES_CHECK(ret == 0); #endif return res; } /* END test_wc_Shake256Hash */ /* * Test function for wc_HmacSetKey */ static int test_wc_Md5HmacSetKey(void) { int res = TEST_SKIPPED; #if !defined(NO_HMAC) && !defined(NO_MD5) Hmac hmac; int ret, times, itr; int flag = 0; const char* keys[]= { "\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b", #ifndef HAVE_FIPS "Jefe", /* smaller than minimum FIPS key size */ #endif "\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA" }; times = sizeof(keys) / sizeof(char*); flag = 0; ret = wc_HmacInit(&hmac, NULL, INVALID_DEVID); if (ret != 0) return TEST_FAIL; for (itr = 0; itr < times; itr++) { ret = wc_HmacSetKey(&hmac, WC_MD5, (byte*)keys[itr], (word32)XSTRLEN(keys[itr])); #if defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION >= 5) wc_HmacFree(&hmac); if (ret == BAD_FUNC_ARG) { return TEST_SUCCESS; } else { return TEST_FAIL; } #else if (ret != 0) { flag = ret; } #endif } /* Bad args. */ if (!flag) { ret = wc_HmacSetKey(NULL, WC_MD5, (byte*)keys[0], (word32)XSTRLEN(keys[0])); if (ret != BAD_FUNC_ARG) { flag = WOLFSSL_FATAL_ERROR; } } if (!flag) { ret = wc_HmacSetKey(&hmac, WC_MD5, NULL, (word32)XSTRLEN(keys[0])); if (ret != BAD_FUNC_ARG) { flag = WOLFSSL_FATAL_ERROR; } } if (!flag) { ret = wc_HmacSetKey(&hmac, 20, (byte*)keys[0], (word32)XSTRLEN(keys[0])); if (ret != BAD_FUNC_ARG) { flag = WOLFSSL_FATAL_ERROR; } } if (!flag) { ret = wc_HmacSetKey(&hmac, WC_MD5, (byte*)keys[0], 0); #ifdef HAVE_FIPS if (ret != HMAC_MIN_KEYLEN_E) { flag = WOLFSSL_FATAL_ERROR; } #else if (ret != 0) { flag = WOLFSSL_FATAL_ERROR; } #endif } wc_HmacFree(&hmac); res = TEST_RES_CHECK(flag == 0); #endif return res; } /* END test_wc_Md5HmacSetKey */ /* * testing wc_HmacSetKey() on wc_Sha hash. */ static int test_wc_ShaHmacSetKey(void) { int res = TEST_SKIPPED; #if !defined(NO_HMAC) && !defined(NO_SHA) Hmac hmac; int ret, times, itr; int flag = 0; const char* keys[]= { "\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b" "\x0b\x0b\x0b", #ifndef HAVE_FIPS "Jefe", /* smaller than minimum FIPS key size */ #endif "\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA" "\xAA\xAA\xAA" }; times = sizeof(keys) / sizeof(char*); flag = 0; ret = wc_HmacInit(&hmac, NULL, INVALID_DEVID); if (ret != 0) return ret; for (itr = 0; itr < times; itr++) { ret = wc_HmacSetKey(&hmac, WC_SHA, (byte*)keys[itr], (word32)XSTRLEN(keys[itr])); if (ret != 0) { flag = ret; } } /* Bad args. */ if (!flag) { ret = wc_HmacSetKey(NULL, WC_SHA, (byte*)keys[0], (word32)XSTRLEN(keys[0])); if (ret != BAD_FUNC_ARG) { flag = WOLFSSL_FATAL_ERROR; } } if (!flag) { ret = wc_HmacSetKey(&hmac, WC_SHA, NULL, (word32)XSTRLEN(keys[0])); if (ret != BAD_FUNC_ARG) { flag = WOLFSSL_FATAL_ERROR; } } if (!flag) { ret = wc_HmacSetKey(&hmac, 20, (byte*)keys[0], (word32)XSTRLEN(keys[0])); if (ret != BAD_FUNC_ARG) { flag = WOLFSSL_FATAL_ERROR; } } if (!flag) { ret = wc_HmacSetKey(&hmac, WC_SHA, (byte*)keys[0], 0); #ifdef HAVE_FIPS if (ret != HMAC_MIN_KEYLEN_E) { flag = WOLFSSL_FATAL_ERROR; } #else if (ret != 0) { flag = WOLFSSL_FATAL_ERROR; } #endif } wc_HmacFree(&hmac); res = TEST_RES_CHECK(flag == 0); #endif return res; } /* END test_wc_ShaHmacSetKey() */ /* * testing wc_HmacSetKey() on Sha224 hash. */ static int test_wc_Sha224HmacSetKey(void) { int res = TEST_SKIPPED; #if !defined(NO_HMAC) && defined(WOLFSSL_SHA224) Hmac hmac; int ret, times, itr; int flag = 0; const char* keys[]= { "\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b" "\x0b\x0b\x0b", #ifndef HAVE_FIPS "Jefe", /* smaller than minimum FIPS key size */ #endif "\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA" "\xAA\xAA\xAA" }; times = sizeof(keys) / sizeof(char*); flag = 0; ret = wc_HmacInit(&hmac, NULL, INVALID_DEVID); if (ret != 0) return ret; for (itr = 0; itr < times; itr++) { ret = wc_HmacSetKey(&hmac, WC_SHA224, (byte*)keys[itr], (word32)XSTRLEN(keys[itr])); if (ret != 0) { flag = ret; } } /* Bad args. */ if (!flag) { ret = wc_HmacSetKey(NULL, WC_SHA224, (byte*)keys[0], (word32)XSTRLEN(keys[0])); if (ret != BAD_FUNC_ARG) { flag = WOLFSSL_FATAL_ERROR; } } if (!flag) { ret = wc_HmacSetKey(&hmac, WC_SHA224, NULL, (word32)XSTRLEN(keys[0])); if (ret != BAD_FUNC_ARG) { flag = WOLFSSL_FATAL_ERROR; } } if (!flag) { ret = wc_HmacSetKey(&hmac, 20, (byte*)keys[0], (word32)XSTRLEN(keys[0])); if (ret != BAD_FUNC_ARG) { flag = WOLFSSL_FATAL_ERROR; } } if (!flag) { ret = wc_HmacSetKey(&hmac, WC_SHA224, (byte*)keys[0], 0); #ifdef HAVE_FIPS if (ret != HMAC_MIN_KEYLEN_E) { flag = WOLFSSL_FATAL_ERROR; } #else if (ret != 0) { flag = WOLFSSL_FATAL_ERROR; } #endif } wc_HmacFree(&hmac); res = TEST_RES_CHECK(flag == 0); #endif return res; } /* END test_wc_Sha224HmacSetKey() */ /* * testing wc_HmacSetKey() on Sha256 hash */ static int test_wc_Sha256HmacSetKey(void) { int res = TEST_SKIPPED; #if !defined(NO_HMAC) && !defined(NO_SHA256) Hmac hmac; int ret, times, itr; int flag = 0; const char* keys[]= { "\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b" "\x0b\x0b\x0b", #ifndef HAVE_FIPS "Jefe", /* smaller than minimum FIPS key size */ #endif "\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA" "\xAA\xAA\xAA" }; times = sizeof(keys) / sizeof(char*); flag = 0; ret = wc_HmacInit(&hmac, NULL, INVALID_DEVID); if (ret != 0) return ret; for (itr = 0; itr < times; itr++) { ret = wc_HmacSetKey(&hmac, WC_SHA256, (byte*)keys[itr], (word32)XSTRLEN(keys[itr])); if (ret != 0) { flag = ret; } } /* Bad args. */ if (!flag) { ret = wc_HmacSetKey(NULL, WC_SHA256, (byte*)keys[0], (word32)XSTRLEN(keys[0])); if (ret != BAD_FUNC_ARG) { flag = WOLFSSL_FATAL_ERROR; } } if (!flag) { ret = wc_HmacSetKey(&hmac, WC_SHA256, NULL, (word32)XSTRLEN(keys[0])); if (ret != BAD_FUNC_ARG) { flag = WOLFSSL_FATAL_ERROR; } } if (!flag) { ret = wc_HmacSetKey(&hmac, 20, (byte*)keys[0], (word32)XSTRLEN(keys[0])); if (ret != BAD_FUNC_ARG) { flag = WOLFSSL_FATAL_ERROR; } } if (!flag) { ret = wc_HmacSetKey(&hmac, WC_SHA256, (byte*)keys[0], 0); #ifdef HAVE_FIPS if (ret != HMAC_MIN_KEYLEN_E) { flag = WOLFSSL_FATAL_ERROR; } #else if (ret != 0) { flag = WOLFSSL_FATAL_ERROR; } #endif } wc_HmacFree(&hmac); res = TEST_RES_CHECK(flag == 0); #endif return res; } /* END test_wc_Sha256HmacSetKey() */ /* * testing wc_HmacSetKey on Sha384 hash. */ static int test_wc_Sha384HmacSetKey(void) { int res = TEST_SKIPPED; #if !defined(NO_HMAC) && defined(WOLFSSL_SHA384) Hmac hmac; int ret, times, itr; int flag = 0; const char* keys[]= { "\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b" "\x0b\x0b\x0b", #ifndef HAVE_FIPS "Jefe", /* smaller than minimum FIPS key size */ #endif "\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA" "\xAA\xAA\xAA" }; times = sizeof(keys) / sizeof(char*); flag = 0; ret = wc_HmacInit(&hmac, NULL, INVALID_DEVID); if (ret != 0) return ret; for (itr = 0; itr < times; itr++) { ret = wc_HmacSetKey(&hmac, WC_SHA384, (byte*)keys[itr], (word32)XSTRLEN(keys[itr])); if (ret != 0) { flag = ret; } } /* Bad args. */ if (!flag) { ret = wc_HmacSetKey(NULL, WC_SHA384, (byte*)keys[0], (word32)XSTRLEN(keys[0])); if (ret != BAD_FUNC_ARG) { flag = WOLFSSL_FATAL_ERROR; } } if (!flag) { ret = wc_HmacSetKey(&hmac, WC_SHA384, NULL, (word32)XSTRLEN(keys[0])); if (ret != BAD_FUNC_ARG) { flag = WOLFSSL_FATAL_ERROR; } } if (!flag) { ret = wc_HmacSetKey(&hmac, 20, (byte*)keys[0], (word32)XSTRLEN(keys[0])); if (ret != BAD_FUNC_ARG) { flag = WOLFSSL_FATAL_ERROR; } } if (!flag) { ret = wc_HmacSetKey(&hmac, WC_SHA384, (byte*)keys[0], 0); #ifdef HAVE_FIPS if (ret != HMAC_MIN_KEYLEN_E) { flag = WOLFSSL_FATAL_ERROR; } #else if (ret != 0) { flag = WOLFSSL_FATAL_ERROR; } #endif } wc_HmacFree(&hmac); res = TEST_RES_CHECK(flag == 0); #endif return res; } /* END test_wc_Sha384HmacSetKey() */ /* * testing wc_HmacUpdate on wc_Md5 hash. */ static int test_wc_Md5HmacUpdate(void) { int res = TEST_SKIPPED; #if !defined(NO_HMAC) && !defined(NO_MD5) && !(defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION >= 5)) Hmac hmac; testVector a, b; int ret; int flag = 0; #ifdef HAVE_FIPS const char* keys = "\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b"; #else const char* keys = "Jefe"; #endif a.input = "what do ya want for nothing?"; a.inLen = XSTRLEN(a.input); b.input = "Hi There"; b.inLen = XSTRLEN(b.input); flag = 0; ret = wc_HmacInit(&hmac, NULL, INVALID_DEVID); if (ret != 0) return ret; ret = wc_HmacSetKey(&hmac, WC_MD5, (byte*)keys, (word32)XSTRLEN(keys)); if (ret != 0) { flag = ret; } if (!flag) { ret = wc_HmacUpdate(&hmac, (byte*)b.input, (word32)b.inLen); if (ret != 0) { flag = ret; } } /* Update Hmac. */ if (!flag) { ret = wc_HmacUpdate(&hmac, (byte*)a.input, (word32)a.inLen); if (ret != 0) { flag = ret; } } /* Test bad args. */ if (!flag) { ret = wc_HmacUpdate(NULL, (byte*)a.input, (word32)a.inLen); if (ret != BAD_FUNC_ARG) { flag = WOLFSSL_FATAL_ERROR; } } if (!flag) { ret = wc_HmacUpdate(&hmac, NULL, (word32)a.inLen); if (ret != BAD_FUNC_ARG) { flag = WOLFSSL_FATAL_ERROR; } } if (!flag) { ret = wc_HmacUpdate(&hmac, (byte*)a.input, 0); if (ret != 0) { flag = ret; } } wc_HmacFree(&hmac); res = TEST_RES_CHECK(flag == 0); #endif return res; } /* END test_wc_Md5HmacUpdate */ /* * testing wc_HmacUpdate on SHA hash. */ static int test_wc_ShaHmacUpdate(void) { int res = TEST_SKIPPED; #if !defined(NO_HMAC) && !defined(NO_SHA) Hmac hmac; testVector a, b; int ret; int flag = 0; #ifdef HAVE_FIPS const char* keys = "\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b"; #else const char* keys = "Jefe"; #endif a.input = "what do ya want for nothing?"; a.inLen = XSTRLEN(a.input); b.input = "Hi There"; b.inLen = XSTRLEN(b.input); flag = 0; ret = wc_HmacInit(&hmac, NULL, INVALID_DEVID); if (ret != 0) return ret; ret = wc_HmacSetKey(&hmac, WC_SHA, (byte*)keys, (word32)XSTRLEN(keys)); if (ret != 0) { flag = ret; } if (!flag) { ret = wc_HmacUpdate(&hmac, (byte*)b.input, (word32)b.inLen); if (ret != 0) { flag = ret; } } /* Update Hmac. */ if (!flag) { ret = wc_HmacUpdate(&hmac, (byte*)a.input, (word32)a.inLen); if (ret != 0) { flag = ret; } } /* Test bad args. */ if (!flag) { ret = wc_HmacUpdate(NULL, (byte*)a.input, (word32)a.inLen); if (ret != BAD_FUNC_ARG) { flag = WOLFSSL_FATAL_ERROR; } } if (!flag) { ret = wc_HmacUpdate(&hmac, NULL, (word32)a.inLen); if (ret != BAD_FUNC_ARG) { flag = WOLFSSL_FATAL_ERROR; } } if (!flag) { ret = wc_HmacUpdate(&hmac, (byte*)a.input, 0); if (ret != 0) { flag = ret; } } wc_HmacFree(&hmac); res = TEST_RES_CHECK(flag == 0); #endif return res; } /* END test_wc_ShaHmacUpdate */ /* * testing wc_HmacUpdate on SHA224 hash. */ static int test_wc_Sha224HmacUpdate(void) { int res = TEST_SKIPPED; #if !defined(NO_HMAC) && defined(WOLFSSL_SHA224) Hmac hmac; testVector a, b; int ret; int flag = 0; #ifdef HAVE_FIPS const char* keys = "\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b"; #else const char* keys = "Jefe"; #endif a.input = "what do ya want for nothing?"; a.inLen = XSTRLEN(a.input); b.input = "Hi There"; b.inLen = XSTRLEN(b.input); flag = 0; ret = wc_HmacInit(&hmac, NULL, INVALID_DEVID); if (ret != 0) return ret; ret = wc_HmacSetKey(&hmac, WC_SHA224, (byte*)keys, (word32)XSTRLEN(keys)); if (ret != 0) { flag = ret; } if (!flag) { ret = wc_HmacUpdate(&hmac, (byte*)b.input, (word32)b.inLen); if (ret != 0) { flag = ret; } } /* Update Hmac. */ if (!flag) { ret = wc_HmacUpdate(&hmac, (byte*)a.input, (word32)a.inLen); if (ret != 0) { flag = ret; } } /* Test bad args. */ if (!flag) { ret = wc_HmacUpdate(NULL, (byte*)a.input, (word32)a.inLen); if (ret != BAD_FUNC_ARG) { flag = WOLFSSL_FATAL_ERROR; } } if (!flag) { ret = wc_HmacUpdate(&hmac, NULL, (word32)a.inLen); if (ret != BAD_FUNC_ARG) { flag = WOLFSSL_FATAL_ERROR; } } if (!flag) { ret = wc_HmacUpdate(&hmac, (byte*)a.input, 0); if (ret != 0) { flag = ret; } } wc_HmacFree(&hmac); res = TEST_RES_CHECK(flag == 0); #endif return res; } /* END test_wc_Sha224HmacUpdate */ /* * testing wc_HmacUpdate on SHA256 hash. */ static int test_wc_Sha256HmacUpdate(void) { int res = TEST_SKIPPED; #if !defined(NO_HMAC) && !defined(NO_SHA256) Hmac hmac; testVector a, b; int ret; int flag = 0; #ifdef HAVE_FIPS const char* keys = "\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b"; #else const char* keys = "Jefe"; #endif a.input = "what do ya want for nothing?"; a.inLen = XSTRLEN(a.input); b.input = "Hi There"; b.inLen = XSTRLEN(b.input); flag = 0; ret = wc_HmacInit(&hmac, NULL, INVALID_DEVID); if (ret != 0) return ret; ret = wc_HmacSetKey(&hmac, WC_SHA256, (byte*)keys, (word32)XSTRLEN(keys)); if (ret != 0) { flag = ret; } if (!flag) { ret = wc_HmacUpdate(&hmac, (byte*)b.input, (word32)b.inLen); if (ret != 0) { flag = ret; } } /* Update Hmac. */ if (!flag) { ret = wc_HmacUpdate(&hmac, (byte*)a.input, (word32)a.inLen); if (ret != 0) { flag = ret; } } /* Test bad args. */ if (!flag) { ret = wc_HmacUpdate(NULL, (byte*)a.input, (word32)a.inLen); if (ret != BAD_FUNC_ARG) { flag = WOLFSSL_FATAL_ERROR; } } if (!flag) { ret = wc_HmacUpdate(&hmac, NULL, (word32)a.inLen); if (ret != BAD_FUNC_ARG) { flag = WOLFSSL_FATAL_ERROR; } } if (!flag) { ret = wc_HmacUpdate(&hmac, (byte*)a.input, 0); if (ret != 0) { flag = ret; } } wc_HmacFree(&hmac); res = TEST_RES_CHECK(flag == 0); #endif return res; } /* END test_wc_Sha256HmacUpdate */ /* * testing wc_HmacUpdate on SHA384 hash. */ static int test_wc_Sha384HmacUpdate(void) { int res = TEST_SKIPPED; #if !defined(NO_HMAC) && defined(WOLFSSL_SHA384) Hmac hmac; testVector a, b; int ret; int flag = 0; #ifdef HAVE_FIPS const char* keys = "\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b"; #else const char* keys = "Jefe"; #endif a.input = "what do ya want for nothing?"; a.inLen = XSTRLEN(a.input); b.input = "Hi There"; b.inLen = XSTRLEN(b.input); flag = 0; ret = wc_HmacInit(&hmac, NULL, INVALID_DEVID); if (ret != 0) return ret; ret = wc_HmacSetKey(&hmac, WC_SHA384, (byte*)keys, (word32)XSTRLEN(keys)); if (ret != 0) { flag = ret; } if (!flag) { ret = wc_HmacUpdate(&hmac, (byte*)b.input, (word32)b.inLen); if (ret != 0) { flag = ret; } } /* Update Hmac. */ if (!flag) { ret = wc_HmacUpdate(&hmac, (byte*)a.input, (word32)a.inLen); if (ret != 0) { flag = ret; } } /* Test bad args. */ if (!flag) { ret = wc_HmacUpdate(NULL, (byte*)a.input, (word32)a.inLen); if (ret != BAD_FUNC_ARG) { flag = WOLFSSL_FATAL_ERROR; } } if (!flag) { ret = wc_HmacUpdate(&hmac, NULL, (word32)a.inLen); if (ret != BAD_FUNC_ARG) { flag = WOLFSSL_FATAL_ERROR; } } if (!flag) { ret = wc_HmacUpdate(&hmac, (byte*)a.input, 0); if (ret != 0) { flag = ret; } } wc_HmacFree(&hmac); res = TEST_RES_CHECK(flag == 0); #endif return res; } /* END test_wc_Sha384HmacUpdate */ /* * Testing wc_HmacFinal() with MD5 */ static int test_wc_Md5HmacFinal(void) { int res = TEST_SKIPPED; #if !defined(NO_HMAC) && !defined(NO_MD5) && !(defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION >= 5)) Hmac hmac; byte hash[WC_MD5_DIGEST_SIZE]; testVector a; int ret; const char* key; int flag = 0; key = "\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b"; a.input = "Hi There"; a.output = "\x92\x94\x72\x7a\x36\x38\xbb\x1c\x13\xf4\x8e\xf8\x15\x8b\xfc" "\x9d"; a.inLen = XSTRLEN(a.input); a.outLen = XSTRLEN(a.output); flag = 0; ret = wc_HmacInit(&hmac, NULL, INVALID_DEVID); if (ret != 0) return ret; ret = wc_HmacSetKey(&hmac, WC_MD5, (byte*)key, (word32)XSTRLEN(key)); if (ret != 0) { flag = ret; } if (!flag) { ret = wc_HmacUpdate(&hmac, (byte*)a.input, (word32)a.inLen); if (ret != 0) { flag = ret; } } if (!flag) { ret = wc_HmacFinal(&hmac, hash); if (ret != 0) { flag = ret; } } if (!flag) { if (XMEMCMP(hash, a.output, WC_MD5_DIGEST_SIZE) != 0) { flag = WOLFSSL_FATAL_ERROR; } } /* Try bad parameters. */ if (!flag) { ret = wc_HmacFinal(NULL, hash); if (ret != BAD_FUNC_ARG) { flag = WOLFSSL_FATAL_ERROR; } } #ifndef HAVE_FIPS if (!flag) { ret = wc_HmacFinal(&hmac, NULL); if (ret != BAD_FUNC_ARG) { flag = WOLFSSL_FATAL_ERROR; } } #endif wc_HmacFree(&hmac); res = TEST_RES_CHECK(flag == 0); #endif return res; } /* END test_wc_Md5HmacFinal */ /* * Testing wc_HmacFinal() with SHA */ static int test_wc_ShaHmacFinal(void) { int res = TEST_SKIPPED; #if !defined(NO_HMAC) && !defined(NO_SHA) Hmac hmac; byte hash[WC_SHA_DIGEST_SIZE]; testVector a; int ret; int flag = 0; const char* key; key = "\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b" "\x0b\x0b\x0b"; a.input = "Hi There"; a.output = "\xb6\x17\x31\x86\x55\x05\x72\x64\xe2\x8b\xc0\xb6\xfb\x37\x8c" "\x8e\xf1\x46\xbe\x00"; a.inLen = XSTRLEN(a.input); a.outLen = XSTRLEN(a.output); flag = 0; ret = wc_HmacInit(&hmac, NULL, INVALID_DEVID); if (ret != 0) return ret; ret = wc_HmacSetKey(&hmac, WC_SHA, (byte*)key, (word32)XSTRLEN(key)); if (ret != 0) { flag = ret; } if (!flag) { ret = wc_HmacUpdate(&hmac, (byte*)a.input, (word32)a.inLen); if (ret != 0) { flag = ret; } } if (!flag) { ret = wc_HmacFinal(&hmac, hash); if (ret != 0) { flag = ret; } } if (!flag) { if (XMEMCMP(hash, a.output, WC_SHA_DIGEST_SIZE) != 0) { flag = WOLFSSL_FATAL_ERROR; } } /* Try bad parameters. */ if (!flag) { ret = wc_HmacFinal(NULL, hash); if (ret != BAD_FUNC_ARG) { flag = WOLFSSL_FATAL_ERROR; } } #ifndef HAVE_FIPS if (!flag) { ret = wc_HmacFinal(&hmac, NULL); if (ret != BAD_FUNC_ARG) { flag = WOLFSSL_FATAL_ERROR; } } #endif wc_HmacFree(&hmac); res = TEST_RES_CHECK(flag == 0); #endif return res; } /* END test_wc_ShaHmacFinal */ /* * Testing wc_HmacFinal() with SHA224 */ static int test_wc_Sha224HmacFinal(void) { int res = TEST_SKIPPED; #if !defined(NO_HMAC) && defined(WOLFSSL_SHA224) Hmac hmac; byte hash[WC_SHA224_DIGEST_SIZE]; testVector a; int ret; int flag = 0; const char* key; key = "\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b" "\x0b\x0b\x0b"; a.input = "Hi There"; a.output = "\x89\x6f\xb1\x12\x8a\xbb\xdf\x19\x68\x32\x10\x7c\xd4\x9d\xf3" "\x3f\x47\xb4\xb1\x16\x99\x12\xba\x4f\x53\x68\x4b\x22"; a.inLen = XSTRLEN(a.input); a.outLen = XSTRLEN(a.output); flag = 0; ret = wc_HmacInit(&hmac, NULL, INVALID_DEVID); if (ret != 0) return ret; ret = wc_HmacSetKey(&hmac, WC_SHA224, (byte*)key, (word32)XSTRLEN(key)); if (ret != 0) { flag = ret; } if (!flag) { ret = wc_HmacUpdate(&hmac, (byte*)a.input, (word32)a.inLen); if (ret != 0) { flag = ret; } } if (!flag) { ret = wc_HmacFinal(&hmac, hash); if (ret != 0) { flag = ret; } } if (!flag) { if (XMEMCMP(hash, a.output, WC_SHA224_DIGEST_SIZE) != 0) { flag = WOLFSSL_FATAL_ERROR; } } /* Try bad parameters. */ if (!flag) { ret = wc_HmacFinal(NULL, hash); if (ret != BAD_FUNC_ARG) { flag = WOLFSSL_FATAL_ERROR; } } #ifndef HAVE_FIPS if (!flag) { ret = wc_HmacFinal(&hmac, NULL); if (ret != BAD_FUNC_ARG) { flag = WOLFSSL_FATAL_ERROR; } } #endif wc_HmacFree(&hmac); res = TEST_RES_CHECK(flag == 0); #endif return res; } /* END test_wc_Sha224HmacFinal */ /* * Testing wc_HmacFinal() with SHA256 */ static int test_wc_Sha256HmacFinal(void) { int res = TEST_SKIPPED; #if !defined(NO_HMAC) && !defined(NO_SHA256) Hmac hmac; byte hash[WC_SHA256_DIGEST_SIZE]; testVector a; int ret; int flag = 0; const char* key; key = "\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b" "\x0b\x0b\x0b"; a.input = "Hi There"; a.output = "\xb0\x34\x4c\x61\xd8\xdb\x38\x53\x5c\xa8\xaf\xce\xaf\x0b\xf1" "\x2b\x88\x1d\xc2\x00\xc9\x83\x3d\xa7\x26\xe9\x37\x6c\x2e\x32" "\xcf\xf7"; a.inLen = XSTRLEN(a.input); a.outLen = XSTRLEN(a.output); flag = 0; ret = wc_HmacInit(&hmac, NULL, INVALID_DEVID); if (ret != 0) return TEST_FAIL; ret = wc_HmacSetKey(&hmac, WC_SHA256, (byte*)key, (word32)XSTRLEN(key)); if (ret != 0) { flag = ret; } if (!flag) { ret = wc_HmacUpdate(&hmac, (byte*)a.input, (word32)a.inLen); if (ret != 0) { flag = ret; } } if (!flag) { ret = wc_HmacFinal(&hmac, hash); if (ret != 0) { flag = ret; } } if (!flag) { if (XMEMCMP(hash, a.output, WC_SHA256_DIGEST_SIZE) != 0) { flag = WOLFSSL_FATAL_ERROR; } } /* Try bad parameters. */ if (!flag) { ret = wc_HmacFinal(NULL, hash); if (ret != BAD_FUNC_ARG) { flag = WOLFSSL_FATAL_ERROR; } } #ifndef HAVE_FIPS if (!flag) { ret = wc_HmacFinal(&hmac, NULL); if (ret != BAD_FUNC_ARG) { flag = WOLFSSL_FATAL_ERROR; } } #endif wc_HmacFree(&hmac); res = TEST_RES_CHECK(flag == 0); #endif return res; } /* END test_wc_Sha256HmacFinal */ /* * Testing wc_HmacFinal() with SHA384 */ static int test_wc_Sha384HmacFinal(void) { int res = TEST_SKIPPED; #if !defined(NO_HMAC) && defined(WOLFSSL_SHA384) Hmac hmac; byte hash[WC_SHA384_DIGEST_SIZE]; testVector a; int ret; int flag = 0; const char* key; key = "\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b" "\x0b\x0b\x0b"; a.input = "Hi There"; a.output = "\xaf\xd0\x39\x44\xd8\x48\x95\x62\x6b\x08\x25\xf4\xab\x46\x90" "\x7f\x15\xf9\xda\xdb\xe4\x10\x1e\xc6\x82\xaa\x03\x4c\x7c\xeb" "\xc5\x9c\xfa\xea\x9e\xa9\x07\x6e\xde\x7f\x4a\xf1\x52\xe8\xb2" "\xfa\x9c\xb6"; a.inLen = XSTRLEN(a.input); a.outLen = XSTRLEN(a.output); flag = 0; ret = wc_HmacInit(&hmac, NULL, INVALID_DEVID); if (ret != 0) return ret; ret = wc_HmacSetKey(&hmac, WC_SHA384, (byte*)key, (word32)XSTRLEN(key)); if (ret != 0) { flag = ret; } if (!flag) { ret = wc_HmacUpdate(&hmac, (byte*)a.input, (word32)a.inLen); if (ret != 0) { flag = ret; } } if (!flag) { ret = wc_HmacFinal(&hmac, hash); if (ret != 0) { flag = ret; } } if (!flag) { if (XMEMCMP(hash, a.output, WC_SHA384_DIGEST_SIZE) != 0) { flag = WOLFSSL_FATAL_ERROR; } } /* Try bad parameters. */ if (!flag) { ret = wc_HmacFinal(NULL, hash); if (ret != BAD_FUNC_ARG) { flag = WOLFSSL_FATAL_ERROR; } } #ifndef HAVE_FIPS if (!flag) { ret = wc_HmacFinal(&hmac, NULL); if (ret != BAD_FUNC_ARG) { flag = WOLFSSL_FATAL_ERROR; } } #endif wc_HmacFree(&hmac); res = TEST_RES_CHECK(flag == 0); #endif return res; } /* END test_wc_Sha384HmacFinal */ /* * Testing wc_InitCmac() */ static int test_wc_InitCmac(void) { int res = TEST_SKIPPED; #if defined(WOLFSSL_CMAC) && !defined(NO_AES) Cmac cmac1, cmac2, cmac3; /* AES 128 key. */ byte key1[] = "\x01\x02\x03\x04\x05\x06\x07\x08" "\x09\x10\x11\x12\x13\x14\x15\x16"; /* AES 192 key. */ byte key2[] = "\x01\x02\x03\x04\x05\x06\x07\x08" "\x09\x01\x11\x12\x13\x14\x15\x16" "\x01\x02\x03\x04\x05\x06\x07\x08"; /* AES 256 key. */ byte key3[] = "\x01\x02\x03\x04\x05\x06\x07\x08" "\x09\x01\x11\x12\x13\x14\x15\x16" "\x01\x02\x03\x04\x05\x06\x07\x08" "\x09\x01\x11\x12\x13\x14\x15\x16"; word32 key1Sz = (word32)sizeof(key1) - 1; word32 key2Sz = (word32)sizeof(key2) - 1; word32 key3Sz = (word32)sizeof(key3) - 1; int type = WC_CMAC_AES; int ret = 0; #ifdef WOLFSSL_AES_128 ret = wc_InitCmac(&cmac1, key1, key1Sz, type, NULL); #endif #ifdef WOLFSSL_AES_192 if (ret == 0) { wc_AesFree(&cmac1.aes); ret = wc_InitCmac(&cmac2, key2, key2Sz, type, NULL); } #endif #ifdef WOLFSSL_AES_256 if (ret == 0) { wc_AesFree(&cmac2.aes); ret = wc_InitCmac(&cmac3, key3, key3Sz, type, NULL); } #endif /* Test bad args. */ if (ret == 0) { wc_AesFree(&cmac3.aes); ret = wc_InitCmac(NULL, key3, key3Sz, type, NULL); if (ret == BAD_FUNC_ARG) { ret = wc_InitCmac(&cmac3, NULL, key3Sz, type, NULL); } if (ret == BAD_FUNC_ARG) { ret = wc_InitCmac(&cmac3, key3, 0, type, NULL); } if (ret == BAD_FUNC_ARG) { ret = wc_InitCmac(&cmac3, key3, key3Sz, 0, NULL); } if (ret == BAD_FUNC_ARG) { ret = 0; } else { ret = WOLFSSL_FATAL_ERROR; } } (void)key1; (void)key1Sz; (void)key2; (void)key2Sz; (void)cmac1; (void)cmac2; res = TEST_RES_CHECK(ret == 0); #endif return res; } /* END test_wc_InitCmac */ /* * Testing wc_CmacUpdate() */ static int test_wc_CmacUpdate(void) { int res = TEST_SKIPPED; #if defined(WOLFSSL_CMAC) && !defined(NO_AES) && defined(WOLFSSL_AES_128) Cmac cmac; byte key[] = { 0x64, 0x4c, 0xbf, 0x12, 0x85, 0x9d, 0xf0, 0x55, 0x7e, 0xa9, 0x1f, 0x08, 0xe0, 0x51, 0xff, 0x27 }; byte in[] = "\xe2\xb4\xb6\xf9\x48\x44\x02\x64" "\x5c\x47\x80\x9e\xd5\xa8\x3a\x17" "\xb3\x78\xcf\x85\x22\x41\x74\xd9" "\xa0\x97\x39\x71\x62\xf1\x8e\x8f" "\xf4"; word32 inSz = (word32)sizeof(in) - 1; word32 keySz = (word32)sizeof(key); int type = WC_CMAC_AES; int ret = 0; ret = wc_InitCmac(&cmac, key, keySz, type, NULL); if (ret != 0) { return ret; } ret = wc_CmacUpdate(&cmac, in, inSz); /* Test bad args. */ if (ret == 0) { ret = wc_CmacUpdate(NULL, in, inSz); if (ret == BAD_FUNC_ARG) { ret = wc_CmacUpdate(&cmac, NULL, 30); } if (ret == BAD_FUNC_ARG) { ret = 0; } else if (ret == 0) { ret = WOLFSSL_FATAL_ERROR; } wc_AesFree(&cmac.aes); } res = TEST_RES_CHECK(ret == 0); #endif return res; } /* END test_wc_CmacUpdate */ /* * Testing wc_CmacFinal() */ static int test_wc_CmacFinal(void) { int res = TEST_SKIPPED; #if defined(WOLFSSL_CMAC) && !defined(NO_AES) && defined(WOLFSSL_AES_128) Cmac cmac; byte key[] = { 0x64, 0x4c, 0xbf, 0x12, 0x85, 0x9d, 0xf0, 0x55, 0x7e, 0xa9, 0x1f, 0x08, 0xe0, 0x51, 0xff, 0x27 }; byte msg[] = { 0xe2, 0xb4, 0xb6, 0xf9, 0x48, 0x44, 0x02, 0x64, 0x5c, 0x47, 0x80, 0x9e, 0xd5, 0xa8, 0x3a, 0x17, 0xb3, 0x78, 0xcf, 0x85, 0x22, 0x41, 0x74, 0xd9, 0xa0, 0x97, 0x39, 0x71, 0x62, 0xf1, 0x8e, 0x8f, 0xf4 }; /* Test vectors from CMACGenAES128.rsp from * http://csrc.nist.gov/groups/STM/cavp/block-cipher-modes.html#cmac * Per RFC4493 truncation of lsb is possible. */ byte expMac[] = { 0x4e, 0x6e, 0xc5, 0x6f, 0xf9, 0x5d, 0x0e, 0xae, 0x1c, 0xf8, 0x3e, 0xfc, 0xf4, 0x4b, 0xeb }; byte mac[AES_BLOCK_SIZE]; word32 msgSz = (word32)sizeof(msg); word32 keySz = (word32)sizeof(key); word32 macSz = sizeof(mac); word32 badMacSz = 17; int expMacSz = sizeof(expMac); int type = WC_CMAC_AES; int ret = 0; XMEMSET(mac, 0, macSz); ret = wc_InitCmac(&cmac, key, keySz, type, NULL); if (ret != 0) { return ret; } ret = wc_CmacUpdate(&cmac, msg, msgSz); if (ret == 0) { ret = wc_CmacFinal(&cmac, mac, &macSz); if (ret == 0 && XMEMCMP(mac, expMac, expMacSz) != 0) { ret = WOLFSSL_FATAL_ERROR; } /* Pass in bad args. */ if (ret == 0) { ret = wc_CmacFinal(NULL, mac, &macSz); if (ret == BAD_FUNC_ARG) { ret = wc_CmacFinal(&cmac, NULL, &macSz); } if (ret == BAD_FUNC_ARG) { ret = wc_CmacFinal(&cmac, mac, &badMacSz); if (ret == BUFFER_E) { ret = 0; } } else if (ret == 0) { ret = WOLFSSL_FATAL_ERROR; } } } res = TEST_RES_CHECK(ret == 0); #endif return res; } /* END test_wc_CmacFinal */ /* * Testing wc_AesCmacGenerate() && wc_AesCmacVerify() */ static int test_wc_AesCmacGenerate(void) { int res = TEST_SKIPPED; #if defined(WOLFSSL_CMAC) && !defined(NO_AES) && defined(WOLFSSL_AES_128) Cmac cmac; byte key[] = { 0x26, 0xef, 0x8b, 0x40, 0x34, 0x11, 0x7d, 0x9e, 0xbe, 0xc0, 0xc7, 0xfc, 0x31, 0x08, 0x54, 0x69 }; byte msg[] = "\x18\x90\x49\xef\xfd\x7c\xf9\xc8" "\xf3\x59\x65\xbc\xb0\x97\x8f\xd4"; byte expMac[] = "\x29\x5f\x2f\x71\xfc\x58\xe6\xf6" "\x3d\x32\x65\x4c\x66\x23\xc5"; byte mac[AES_BLOCK_SIZE]; word32 keySz = sizeof(key); word32 macSz = sizeof(mac); word32 msgSz = sizeof(msg) - 1; word32 expMacSz = sizeof(expMac) - 1; int type = WC_CMAC_AES; int ret = 0; XMEMSET(mac, 0, macSz); ret = wc_InitCmac(&cmac, key, keySz, type, NULL); if (ret != 0) { return ret; } ret = wc_CmacUpdate(&cmac, msg, msgSz); if (ret != 0) { return ret; } else { wc_AesFree(&cmac.aes); } ret = wc_AesCmacGenerate(mac, &macSz, msg, msgSz, key, keySz); if (ret == 0 && XMEMCMP(mac, expMac, expMacSz) != 0) { ret = WOLFSSL_FATAL_ERROR; } /* Pass in bad args. */ if (ret == 0) { ret = wc_AesCmacGenerate(NULL, &macSz, msg, msgSz, key, keySz); if (ret == BAD_FUNC_ARG) { ret = wc_AesCmacGenerate(mac, &macSz, msg, msgSz, NULL, keySz); } if (ret == BAD_FUNC_ARG) { ret = wc_AesCmacGenerate(mac, &macSz, msg, msgSz, key, 0); } if (ret == BAD_FUNC_ARG) { ret = wc_AesCmacGenerate(mac, &macSz, NULL, msgSz, key, keySz); } if (ret == BAD_FUNC_ARG) { ret = 0; } else if (ret == 0) { ret = WOLFSSL_FATAL_ERROR; } } if (ret == 0) { ret = wc_AesCmacVerify(mac, macSz, msg, msgSz, key, keySz); /* Test bad args. */ if (ret == 0) { ret = wc_AesCmacVerify(NULL, macSz, msg, msgSz, key, keySz); if (ret == BAD_FUNC_ARG) { ret = wc_AesCmacVerify(mac, 0, msg, msgSz, key, keySz); } if (ret == BAD_FUNC_ARG) { ret = wc_AesCmacVerify(mac, macSz, msg, msgSz, NULL, keySz); } if (ret == BAD_FUNC_ARG) { ret = wc_AesCmacVerify(mac, macSz, msg, msgSz, key, 0); } if (ret == BAD_FUNC_ARG) { ret = wc_AesCmacVerify(mac, macSz, NULL, msgSz, key, keySz); } if (ret == BAD_FUNC_ARG) { ret = 0; } else if (ret == 0) { ret = WOLFSSL_FATAL_ERROR; } } } res = TEST_RES_CHECK(ret == 0); #endif return res; } /* END test_wc_AesCmacGenerate */ /* * Testing streaming AES-GCM API. */ static int test_wc_AesGcmStream(void) { int res = TEST_SKIPPED; #if !defined(NO_AES) && defined(WOLFSSL_AES_128) && defined(HAVE_AESGCM) && \ defined(WOLFSSL_AESGCM_STREAM) int ret = 0; int i; WC_RNG rng[1]; Aes aesEnc[1]; Aes aesDec[1]; byte tag[AES_BLOCK_SIZE]; byte in[AES_BLOCK_SIZE * 3 + 2] = { 0, }; byte out[AES_BLOCK_SIZE * 3 + 2]; byte plain[AES_BLOCK_SIZE * 3 + 2]; byte aad[AES_BLOCK_SIZE * 3 + 2] = { 0, }; byte key[AES_128_KEY_SIZE] = { 0, }; byte iv[AES_IV_SIZE] = { 1, }; byte ivOut[AES_IV_SIZE]; static const byte expTagAAD1[AES_BLOCK_SIZE] = { 0x6c, 0x35, 0xe6, 0x7f, 0x59, 0x9e, 0xa9, 0x2f, 0x27, 0x2d, 0x5f, 0x8e, 0x7e, 0x42, 0xd3, 0x05 }; static const byte expTagPlain1[AES_BLOCK_SIZE] = { 0x24, 0xba, 0x57, 0x95, 0xd0, 0x27, 0x9e, 0x78, 0x3a, 0x88, 0x4c, 0x0a, 0x5d, 0x50, 0x23, 0xd1 }; static const byte expTag[AES_BLOCK_SIZE] = { 0x22, 0x91, 0x70, 0xad, 0x42, 0xc3, 0xad, 0x96, 0xe0, 0x31, 0x57, 0x60, 0xb7, 0x92, 0xa3, 0x6d }; /* Create a random for generating IV/nonce. */ AssertIntEQ(wc_InitRng(rng), 0); /* Initialize data structures. */ AssertIntEQ(wc_AesInit(aesEnc, NULL, INVALID_DEVID), 0); AssertIntEQ(wc_AesInit(aesDec, NULL, INVALID_DEVID), 0); /* BadParameters to streaming init. */ AssertIntEQ(wc_AesGcmEncryptInit(NULL, NULL, 0, NULL, 0), BAD_FUNC_ARG); AssertIntEQ(wc_AesGcmDecryptInit(NULL, NULL, 0, NULL, 0), BAD_FUNC_ARG); AssertIntEQ(wc_AesGcmDecryptInit(aesEnc, NULL, AES_128_KEY_SIZE, NULL, 0), BAD_FUNC_ARG); AssertIntEQ(wc_AesGcmDecryptInit(aesEnc, NULL, 0, NULL, GCM_NONCE_MID_SZ), BAD_FUNC_ARG); /* Bad parameters to encrypt update. */ AssertIntEQ(wc_AesGcmEncryptUpdate(NULL, NULL, NULL, 0, NULL, 0), BAD_FUNC_ARG); AssertIntEQ(wc_AesGcmEncryptUpdate(aesEnc, NULL, NULL, 1, NULL, 0), BAD_FUNC_ARG); AssertIntEQ(wc_AesGcmEncryptUpdate(aesEnc, NULL, in, 1, NULL, 0), BAD_FUNC_ARG); AssertIntEQ(wc_AesGcmEncryptUpdate(aesEnc, out, NULL, 1, NULL, 0), BAD_FUNC_ARG); AssertIntEQ(wc_AesGcmEncryptUpdate(aesEnc, NULL, NULL, 0, NULL, 1), BAD_FUNC_ARG); /* Bad parameters to decrypt update. */ AssertIntEQ(wc_AesGcmDecryptUpdate(NULL, NULL, NULL, 0, NULL, 0), BAD_FUNC_ARG); AssertIntEQ(wc_AesGcmDecryptUpdate(aesDec, NULL, NULL, 1, NULL, 0), BAD_FUNC_ARG); AssertIntEQ(wc_AesGcmDecryptUpdate(aesDec, NULL, in, 1, NULL, 0), BAD_FUNC_ARG); AssertIntEQ(wc_AesGcmDecryptUpdate(aesDec, out, NULL, 1, NULL, 0), BAD_FUNC_ARG); AssertIntEQ(wc_AesGcmDecryptUpdate(aesDec, NULL, NULL, 0, NULL, 1), BAD_FUNC_ARG); /* Bad parameters to encrypt final. */ AssertIntEQ(wc_AesGcmEncryptFinal(NULL, NULL, 0), BAD_FUNC_ARG); AssertIntEQ(wc_AesGcmEncryptFinal(NULL, tag, 0), BAD_FUNC_ARG); AssertIntEQ(wc_AesGcmEncryptFinal(NULL, NULL, AES_BLOCK_SIZE), BAD_FUNC_ARG); AssertIntEQ(wc_AesGcmEncryptFinal(aesEnc, tag, 0), BAD_FUNC_ARG); AssertIntEQ(wc_AesGcmEncryptFinal(aesEnc, NULL, AES_BLOCK_SIZE), BAD_FUNC_ARG); AssertIntEQ(wc_AesGcmEncryptFinal(aesEnc, tag, AES_BLOCK_SIZE + 1), BAD_FUNC_ARG); /* Bad parameters to decrypt final. */ AssertIntEQ(wc_AesGcmDecryptFinal(NULL, NULL, 0), BAD_FUNC_ARG); AssertIntEQ(wc_AesGcmDecryptFinal(NULL, tag, 0), BAD_FUNC_ARG); AssertIntEQ(wc_AesGcmDecryptFinal(NULL, NULL, AES_BLOCK_SIZE), BAD_FUNC_ARG); AssertIntEQ(wc_AesGcmDecryptFinal(aesDec, tag, 0), BAD_FUNC_ARG); AssertIntEQ(wc_AesGcmDecryptFinal(aesDec, NULL, AES_BLOCK_SIZE), BAD_FUNC_ARG); AssertIntEQ(wc_AesGcmDecryptFinal(aesDec, tag, AES_BLOCK_SIZE + 1), BAD_FUNC_ARG); /* Check calling final before setting key fails. */ AssertIntEQ(wc_AesGcmEncryptFinal(aesEnc, tag, sizeof(tag)), MISSING_KEY); AssertIntEQ(wc_AesGcmEncryptFinal(aesDec, tag, sizeof(tag)), MISSING_KEY); /* Check calling update before setting key else fails. */ AssertIntEQ(wc_AesGcmEncryptUpdate(aesEnc, NULL, NULL, 0, aad, 1), MISSING_KEY); AssertIntEQ(wc_AesGcmDecryptUpdate(aesDec, NULL, NULL, 0, aad, 1), MISSING_KEY); /* Set key but not IV. */ AssertIntEQ(wc_AesGcmInit(aesEnc, key, sizeof(key), NULL, 0), 0); AssertIntEQ(wc_AesGcmInit(aesDec, key, sizeof(key), NULL, 0), 0); /* Check calling final before setting IV fails. */ AssertIntEQ(wc_AesGcmEncryptFinal(aesEnc, tag, sizeof(tag)), MISSING_IV); AssertIntEQ(wc_AesGcmEncryptFinal(aesDec, tag, sizeof(tag)), MISSING_IV); /* Check calling update before setting IV else fails. */ AssertIntEQ(wc_AesGcmEncryptUpdate(aesEnc, NULL, NULL, 0, aad, 1), MISSING_IV); AssertIntEQ(wc_AesGcmDecryptUpdate(aesDec, NULL, NULL, 0, aad, 1), MISSING_IV); /* Set IV using fixed part IV and external IV APIs. */ AssertIntEQ(wc_AesGcmSetIV(aesEnc, GCM_NONCE_MID_SZ, iv, AES_IV_FIXED_SZ, rng), 0); AssertIntEQ(wc_AesGcmEncryptInit_ex(aesEnc, NULL, 0, ivOut, GCM_NONCE_MID_SZ), 0); AssertIntEQ(wc_AesGcmSetExtIV(aesDec, ivOut, GCM_NONCE_MID_SZ), 0); AssertIntEQ(wc_AesGcmInit(aesDec, NULL, 0, NULL, 0), 0); /* Encrypt and decrypt data. */ AssertIntEQ(wc_AesGcmEncryptUpdate(aesEnc, out, in, 1, aad, 1), 0); AssertIntEQ(wc_AesGcmDecryptUpdate(aesDec, plain, out, 1, aad, 1), 0); AssertIntEQ(XMEMCMP(plain, in, 1), 0); /* Finalize and check tag matches. */ AssertIntEQ(wc_AesGcmEncryptFinal(aesEnc, tag, AES_BLOCK_SIZE), 0); AssertIntEQ(wc_AesGcmDecryptFinal(aesDec, tag, AES_BLOCK_SIZE), 0); /* Set key and IV through streaming init API. */ AssertIntEQ(wc_AesGcmInit(aesEnc, key, sizeof(key), iv, AES_IV_SIZE), 0); AssertIntEQ(wc_AesGcmInit(aesDec, key, sizeof(key), iv, AES_IV_SIZE), 0); /* Encrypt/decrypt one block and AAD of one block. */ AssertIntEQ(wc_AesGcmEncryptUpdate(aesEnc, out, in, AES_BLOCK_SIZE, aad, AES_BLOCK_SIZE), 0); AssertIntEQ(wc_AesGcmDecryptUpdate(aesDec, plain, out, AES_BLOCK_SIZE, aad, AES_BLOCK_SIZE), 0); AssertIntEQ(XMEMCMP(plain, in, AES_BLOCK_SIZE), 0); /* Finalize and check tag matches. */ AssertIntEQ(wc_AesGcmEncryptFinal(aesEnc, tag, AES_BLOCK_SIZE), 0); AssertIntEQ(wc_AesGcmDecryptFinal(aesDec, tag, AES_BLOCK_SIZE), 0); /* Set key and IV through streaming init API. */ AssertIntEQ(wc_AesGcmInit(aesEnc, key, sizeof(key), iv, AES_IV_SIZE), 0); AssertIntEQ(wc_AesGcmInit(aesDec, key, sizeof(key), iv, AES_IV_SIZE), 0); /* No data to encrypt/decrypt one byte of AAD. */ AssertIntEQ(wc_AesGcmEncryptUpdate(aesEnc, NULL, NULL, 0, aad, 1), 0); AssertIntEQ(wc_AesGcmDecryptUpdate(aesDec, NULL, NULL, 0, aad, 1), 0); /* Finalize and check tag matches. */ AssertIntEQ(wc_AesGcmEncryptFinal(aesEnc, tag, AES_BLOCK_SIZE), 0); AssertIntEQ(XMEMCMP(tag, expTagAAD1, AES_BLOCK_SIZE), 0); AssertIntEQ(wc_AesGcmDecryptFinal(aesDec, tag, AES_BLOCK_SIZE), 0); /* Set key and IV through streaming init API. */ AssertIntEQ(wc_AesGcmInit(aesEnc, key, sizeof(key), iv, AES_IV_SIZE), 0); AssertIntEQ(wc_AesGcmInit(aesDec, key, sizeof(key), iv, AES_IV_SIZE), 0); /* Encrypt/decrypt one byte and no AAD. */ AssertIntEQ(wc_AesGcmEncryptUpdate(aesEnc, out, in, 1, NULL, 0), 0); AssertIntEQ(wc_AesGcmDecryptUpdate(aesDec, plain, out, 1, NULL, 0), 0); AssertIntEQ(XMEMCMP(plain, in, 1), 0); /* Finalize and check tag matches. */ AssertIntEQ(wc_AesGcmEncryptFinal(aesEnc, tag, AES_BLOCK_SIZE), 0); AssertIntEQ(XMEMCMP(tag, expTagPlain1, AES_BLOCK_SIZE), 0); AssertIntEQ(wc_AesGcmDecryptFinal(aesDec, tag, AES_BLOCK_SIZE), 0); /* Set key and IV through streaming init API. */ AssertIntEQ(wc_AesGcmInit(aesEnc, key, sizeof(key), iv, AES_IV_SIZE), 0); AssertIntEQ(wc_AesGcmInit(aesDec, key, sizeof(key), iv, AES_IV_SIZE), 0); /* Encryption AES is one byte at a time */ for (i = 0; i < (int)sizeof(aad); i++) { AssertIntEQ(wc_AesGcmEncryptUpdate(aesEnc, NULL, NULL, 0, aad + i, 1), 0); } for (i = 0; i < (int)sizeof(in); i++) { AssertIntEQ(wc_AesGcmEncryptUpdate(aesEnc, out + i, in + i, 1, NULL, 0), 0); } /* Decryption AES is two bytes at a time */ for (i = 0; i < (int)sizeof(aad); i += 2) { AssertIntEQ(wc_AesGcmDecryptUpdate(aesDec, NULL, NULL, 0, aad + i, 2), 0); } for (i = 0; i < (int)sizeof(aad); i += 2) { AssertIntEQ(wc_AesGcmDecryptUpdate(aesDec, plain + i, out + i, 2, NULL, 0), 0); } AssertIntEQ(XMEMCMP(plain, in, sizeof(in)), 0); /* Finalize and check tag matches. */ AssertIntEQ(wc_AesGcmEncryptFinal(aesEnc, tag, AES_BLOCK_SIZE), 0); AssertIntEQ(XMEMCMP(tag, expTag, AES_BLOCK_SIZE), 0); AssertIntEQ(wc_AesGcmDecryptFinal(aesDec, tag, AES_BLOCK_SIZE), 0); /* Check streaming encryption can be decrypted with one shot. */ AssertIntEQ(wc_AesGcmSetKey(aesDec, key, sizeof(key)), 0); AssertIntEQ(wc_AesGcmDecrypt(aesDec, plain, out, sizeof(in), iv, AES_IV_SIZE, tag, AES_BLOCK_SIZE, aad, sizeof(aad)), 0); AssertIntEQ(XMEMCMP(plain, in, sizeof(in)), 0); wc_AesFree(aesEnc); wc_AesFree(aesDec); wc_FreeRng(rng); res = TEST_RES_CHECK(ret == 0); #endif return res; } /* END test_wc_AesGcmStream */ /* * unit test for wc_Des3_SetIV() */ static int test_wc_Des3_SetIV(void) { int res = TEST_SKIPPED; #ifndef NO_DES3 Des3 des; int ret = 0; const byte key[] = { 0x01,0x23,0x45,0x67,0x89,0xab,0xcd,0xef, 0xfe,0xde,0xba,0x98,0x76,0x54,0x32,0x10, 0x89,0xab,0xcd,0xef,0x01,0x23,0x45,0x67 }; const byte iv[] = { 0x12,0x34,0x56,0x78,0x90,0xab,0xcd,0xef, 0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01, 0x11,0x21,0x31,0x41,0x51,0x61,0x71,0x81 }; ret = wc_Des3Init(&des, NULL, INVALID_DEVID); if (ret != 0) return ret; /* DES_ENCRYPTION or DES_DECRYPTION */ ret = wc_Des3_SetKey(&des, key, iv, DES_ENCRYPTION); if (ret == 0) { if (XMEMCMP(iv, des.reg, DES_BLOCK_SIZE) != 0) { ret = WOLFSSL_FATAL_ERROR; } } #ifndef HAVE_FIPS /* no sanity checks with FIPS wrapper */ /* Test explicitly wc_Des3_SetIV() */ if (ret == 0) { ret = wc_Des3_SetIV(NULL, iv); if (ret == BAD_FUNC_ARG) { ret = wc_Des3_SetIV(&des, NULL); } else if (ret == 0) { ret = WOLFSSL_FATAL_ERROR; } } #endif wc_Des3Free(&des); res = TEST_RES_CHECK(ret == 0); #endif return res; } /* END test_wc_Des3_SetIV */ /* * unit test for wc_Des3_SetKey() */ static int test_wc_Des3_SetKey(void) { int res = TEST_SKIPPED; #ifndef NO_DES3 Des3 des; int ret = 0; const byte key[] = { 0x01,0x23,0x45,0x67,0x89,0xab,0xcd,0xef, 0xfe,0xde,0xba,0x98,0x76,0x54,0x32,0x10, 0x89,0xab,0xcd,0xef,0x01,0x23,0x45,0x67 }; const byte iv[] = { 0x12,0x34,0x56,0x78,0x90,0xab,0xcd,0xef, 0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01, 0x11,0x21,0x31,0x41,0x51,0x61,0x71,0x81 }; ret = wc_Des3Init(&des, NULL, INVALID_DEVID); if (ret != 0) return ret; /* DES_ENCRYPTION or DES_DECRYPTION */ ret = wc_Des3_SetKey(&des, key, iv, DES_ENCRYPTION); if (ret == 0) { if (XMEMCMP(iv, des.reg, DES_BLOCK_SIZE) != 0) { ret = WOLFSSL_FATAL_ERROR; } } /* Test bad args. */ if (ret == 0) { ret = wc_Des3_SetKey(NULL, key, iv, DES_ENCRYPTION); if (ret == BAD_FUNC_ARG) { ret = wc_Des3_SetKey(&des, NULL, iv, DES_ENCRYPTION); } if (ret == BAD_FUNC_ARG) { ret = wc_Des3_SetKey(&des, key, iv, -1); } if (ret == BAD_FUNC_ARG) { /* Default case. Should return 0. */ ret = wc_Des3_SetKey(&des, key, NULL, DES_ENCRYPTION); } } /* END if ret != 0 */ wc_Des3Free(&des); res = TEST_RES_CHECK(ret == 0); #endif return res; } /* END test_wc_Des3_SetKey */ /* * Test function for wc_Des3_CbcEncrypt and wc_Des3_CbcDecrypt */ static int test_wc_Des3_CbcEncryptDecrypt(void) { int res = TEST_SKIPPED; #ifndef NO_DES3 Des3 des; int ret = 0; byte cipher[24]; byte plain[24]; const byte key[] = { 0x01,0x23,0x45,0x67,0x89,0xab,0xcd,0xef, 0xfe,0xde,0xba,0x98,0x76,0x54,0x32,0x10, 0x89,0xab,0xcd,0xef,0x01,0x23,0x45,0x67 }; const byte iv[] = { 0x12,0x34,0x56,0x78,0x90,0xab,0xcd,0xef, 0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01, 0x11,0x21,0x31,0x41,0x51,0x61,0x71,0x81 }; const byte vector[] = { /* "Now is the time for all " w/o trailing 0 */ 0x4e,0x6f,0x77,0x20,0x69,0x73,0x20,0x74, 0x68,0x65,0x20,0x74,0x69,0x6d,0x65,0x20, 0x66,0x6f,0x72,0x20,0x61,0x6c,0x6c,0x20 }; ret = wc_Des3Init(&des, NULL, INVALID_DEVID); if (ret != 0) return ret; ret = wc_Des3_SetKey(&des, key, iv, DES_ENCRYPTION); if (ret == 0) { ret = wc_Des3_CbcEncrypt(&des, cipher, vector, 24); if (ret == 0) { ret = wc_Des3_SetKey(&des, key, iv, DES_DECRYPTION); } if (ret == 0) { ret = wc_Des3_CbcDecrypt(&des, plain, cipher, 24); } } if (ret == 0) { if (XMEMCMP(plain, vector, 24) != 0) { ret = WOLFSSL_FATAL_ERROR; } } /* Pass in bad args. */ if (ret == 0) { ret = wc_Des3_CbcEncrypt(NULL, cipher, vector, 24); if (ret == BAD_FUNC_ARG) { ret = wc_Des3_CbcEncrypt(&des, NULL, vector, 24); } if (ret == BAD_FUNC_ARG) { ret = wc_Des3_CbcEncrypt(&des, cipher, NULL, sizeof(vector)); } if (ret != BAD_FUNC_ARG) { ret = WOLFSSL_FATAL_ERROR; } else { ret = 0; } } if (ret == 0) { ret = wc_Des3_CbcDecrypt(NULL, plain, cipher, 24); if (ret == BAD_FUNC_ARG) { ret = wc_Des3_CbcDecrypt(&des, NULL, cipher, 24); } if (ret == BAD_FUNC_ARG) { ret = wc_Des3_CbcDecrypt(&des, plain, NULL, 24); } if (ret != BAD_FUNC_ARG) { ret = WOLFSSL_FATAL_ERROR; } else { ret = 0; } } wc_Des3Free(&des); res = TEST_RES_CHECK(ret == 0); #endif return res; } /* END wc_Des3_CbcEncrypt */ /* * Unit test for wc_Des3_CbcEncryptWithKey and wc_Des3_CbcDecryptWithKey */ static int test_wc_Des3_CbcEncryptDecryptWithKey(void) { int res = TEST_SKIPPED; #ifndef NO_DES3 int ret = 0; word32 vectorSz, cipherSz; byte cipher[24]; byte plain[24]; byte vector[] = /* Now is the time for all w/o trailing 0 */ { 0x4e,0x6f,0x77,0x20,0x69,0x73,0x20,0x74, 0x68,0x65,0x20,0x74,0x69,0x6d,0x65,0x20, 0x66,0x6f,0x72,0x20,0x61,0x6c,0x6c,0x20 }; byte key[] = { 0x01,0x23,0x45,0x67,0x89,0xab,0xcd,0xef, 0xfe,0xde,0xba,0x98,0x76,0x54,0x32,0x10, 0x89,0xab,0xcd,0xef,0x01,0x23,0x45,0x67 }; byte iv[] = { 0x12,0x34,0x56,0x78,0x90,0xab,0xcd,0xef, 0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01, 0x11,0x21,0x31,0x41,0x51,0x61,0x71,0x81 }; vectorSz = sizeof(byte) * 24; cipherSz = sizeof(byte) * 24; ret = wc_Des3_CbcEncryptWithKey(cipher, vector, vectorSz, key, iv); if (ret == 0) { ret = wc_Des3_CbcDecryptWithKey(plain, cipher, cipherSz, key, iv); if (ret == 0) { if (XMEMCMP(plain, vector, 24) != 0) { ret = WOLFSSL_FATAL_ERROR; } } } /* pass in bad args. */ if (ret == 0) { ret = wc_Des3_CbcEncryptWithKey(NULL, vector, vectorSz, key, iv); if (ret == BAD_FUNC_ARG) { ret = wc_Des3_CbcEncryptWithKey(cipher, NULL, vectorSz, key, iv); } if (ret == BAD_FUNC_ARG) { ret = wc_Des3_CbcEncryptWithKey(cipher, vector, vectorSz, NULL, iv); } if (ret == BAD_FUNC_ARG) { ret = wc_Des3_CbcEncryptWithKey(cipher, vector, vectorSz, key, NULL); } else { /* Return code catch. */ ret = WOLFSSL_FAILURE; } } if (ret == 0) { ret = wc_Des3_CbcDecryptWithKey(NULL, cipher, cipherSz, key, iv); if (ret == BAD_FUNC_ARG) { ret = wc_Des3_CbcDecryptWithKey(plain, NULL, cipherSz, key, iv); } if (ret == BAD_FUNC_ARG) { ret = wc_Des3_CbcDecryptWithKey(plain, cipher, cipherSz, NULL, iv); } if (ret == BAD_FUNC_ARG) { ret = wc_Des3_CbcDecryptWithKey(plain, cipher, cipherSz, key, NULL); } else { ret = WOLFSSL_FAILURE; } } res = TEST_RES_CHECK(ret == 0); #endif return res; } /* END test_wc_Des3_CbcEncryptDecryptWithKey */ /* * Unit test for wc_Des3_EcbEncrypt */ static int test_wc_Des3_EcbEncrypt(void) { int res = TEST_SKIPPED; #if !defined(NO_DES3) && defined(WOLFSSL_DES_ECB) Des3 des; int ret = 0; byte cipher[24]; word32 cipherSz = sizeof(cipher); const byte key[] = { 0x01,0x23,0x45,0x67,0x89,0xab,0xcd,0xef, 0xfe,0xde,0xba,0x98,0x76,0x54,0x32,0x10, 0x89,0xab,0xcd,0xef,0x01,0x23,0x45,0x67 }; const byte iv[] = { 0x12,0x34,0x56,0x78,0x90,0xab,0xcd,0xef, 0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01, 0x11,0x21,0x31,0x41,0x51,0x61,0x71,0x81 }; const byte vector[] = { /* "Now is the time for all " w/o trailing 0 */ 0x4e,0x6f,0x77,0x20,0x69,0x73,0x20,0x74, 0x68,0x65,0x20,0x74,0x69,0x6d,0x65,0x20, 0x66,0x6f,0x72,0x20,0x61,0x6c,0x6c,0x20 }; ret = wc_Des3Init(&des, NULL, INVALID_DEVID); if (ret != 0) { return ret; } if (ret == 0 ) { ret = wc_Des3_SetKey(&des, key, iv, DES_ENCRYPTION); } /* Bad Cases */ if (ret == 0) { ret = wc_Des3_EcbEncrypt(NULL, cipher, vector, cipherSz); if (ret == BAD_FUNC_ARG) { ret = 0; } } if (ret == 0) { ret = wc_Des3_EcbEncrypt(&des, 0, vector, cipherSz); if (ret == BAD_FUNC_ARG) { ret = 0; } } if (ret == 0) { ret = wc_Des3_EcbEncrypt(&des, cipher, NULL, cipherSz); if (ret == BAD_FUNC_ARG) { ret = 0; } } if (ret == 0) { ret = wc_Des3_EcbEncrypt(&des, cipher, vector, 0); if (ret == BAD_FUNC_ARG) { ret = 0; } } if (ret == 0) { ret = wc_Des3_EcbEncrypt(NULL, 0, NULL, 0); if (ret == BAD_FUNC_ARG) { ret = 0; } } /* Good Cases */ if (ret == 0) { ret = wc_Des3_EcbEncrypt(&des, cipher, vector, cipherSz); } wc_Des3Free(&des); res = TEST_RES_CHECK(ret == 0); #endif return res; } /* END test_wc_Des3_EcbEncrypt */ /* * Testing wc_Chacha_SetKey() and wc_Chacha_SetIV() */ static int test_wc_Chacha_SetKey(void) { int res = TEST_SKIPPED; #ifdef HAVE_CHACHA ChaCha ctx; const byte key[] = { 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x01 }; byte cipher[128]; int ret = 0; ret = wc_Chacha_SetKey(&ctx, key, (word32)(sizeof(key)/sizeof(byte))); /* Test bad args. */ if (ret == 0) { ret = wc_Chacha_SetKey(NULL, key, (word32)(sizeof(key)/sizeof(byte))); if (ret == BAD_FUNC_ARG) { ret = wc_Chacha_SetKey(&ctx, key, 18); } if (ret == BAD_FUNC_ARG) { ret = 0; } else { ret = WOLFSSL_FATAL_ERROR; } } if (ret == 0) { ret = wc_Chacha_SetIV(&ctx, cipher, 0); } if (ret == 0) { /* Test bad args. */ ret = wc_Chacha_SetIV(NULL, cipher, 0); if (ret == BAD_FUNC_ARG) { ret = 0; } else { ret = WOLFSSL_FAILURE; } } res = TEST_RES_CHECK(ret == 0); #endif return res; } /* END test_wc_Chacha_SetKey */ /* * unit test for wc_Poly1305SetKey() */ static int test_wc_Poly1305SetKey(void) { int res = TEST_SKIPPED; #ifdef HAVE_POLY1305 Poly1305 ctx; const byte key[] = { 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x01 }; int ret = 0; ret = wc_Poly1305SetKey(&ctx, key, (word32)(sizeof(key)/sizeof(byte))); /* Test bad args. */ if (ret == 0) { ret = wc_Poly1305SetKey(NULL, key, (word32)(sizeof(key)/sizeof(byte))); if (ret == BAD_FUNC_ARG) { ret = wc_Poly1305SetKey(&ctx, NULL, (word32)(sizeof(key)/sizeof(byte))); } if (ret == BAD_FUNC_ARG) { ret = wc_Poly1305SetKey(&ctx, key, 18); } if (ret == BAD_FUNC_ARG) { ret = 0; } else { ret = WOLFSSL_FATAL_ERROR; } } res = TEST_RES_CHECK(ret == 0); #endif return res; } /* END test_wc_Poly1305_SetKey() */ /* * Testing wc_Chacha_Process() */ static int test_wc_Chacha_Process(void) { int res = TEST_SKIPPED; #ifdef HAVE_CHACHA ChaCha enc, dec; byte cipher[128]; byte plain[128]; const byte key[] = { 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x01 }; const char* input = "Everybody gets Friday off."; word32 keySz = sizeof(key)/sizeof(byte); unsigned long int inlen = XSTRLEN(input); int ret = 0; /*Initialize stack varialbes.*/ XMEMSET(cipher, 0, 128); XMEMSET(plain, 0, 128); ret = wc_Chacha_SetKey(&enc, key, keySz); AssertIntEQ(ret, 0); ret = wc_Chacha_SetKey(&dec, key, keySz); AssertIntEQ(ret, 0); ret = wc_Chacha_SetIV(&enc, cipher, 0); AssertIntEQ(ret, 0); ret = wc_Chacha_SetIV(&dec, cipher, 0); AssertIntEQ(ret, 0); ret = wc_Chacha_Process(&enc, cipher, (byte*)input, (word32)inlen); AssertIntEQ(ret, 0); ret = wc_Chacha_Process(&dec, plain, cipher, (word32)inlen); AssertIntEQ(ret, 0); ret = XMEMCMP(input, plain, (int)inlen); AssertIntEQ(ret, 0); #if !defined(USE_INTEL_CHACHA_SPEEDUP) && !defined(WOLFSSL_ARMASM) /* test checking and using leftovers, currently just in C code */ ret = wc_Chacha_SetIV(&enc, cipher, 0); AssertIntEQ(ret, 0); ret = wc_Chacha_SetIV(&dec, cipher, 0); AssertIntEQ(ret, 0); ret = wc_Chacha_Process(&enc, cipher, (byte*)input, (word32)inlen - 2); AssertIntEQ(ret, 0); ret = wc_Chacha_Process(&enc, cipher + (inlen - 2), (byte*)input + (inlen - 2), 2); AssertIntEQ(ret, 0); ret = wc_Chacha_Process(&dec, plain, (byte*)cipher, (word32)inlen - 2); AssertIntEQ(ret, 0); ret = wc_Chacha_Process(&dec, cipher + (inlen - 2), (byte*)input + (inlen - 2), 2); AssertIntEQ(ret, 0); ret = XMEMCMP(input, plain, (int)inlen); AssertIntEQ(ret, 0); /* check edge cases with counter increment */ { /* expected results collected from wolfSSL 4.3.0 encrypted in one call*/ const byte expected[] = { 0x54,0xB1,0xE2,0xD4,0xA2,0x4D,0x52,0x5F, 0x42,0x04,0x89,0x7C,0x6E,0x2D,0xFC,0x2D, 0x10,0x25,0xB6,0x92,0x71,0xD5,0xC3,0x20, 0xE3,0x0E,0xEC,0xF4,0xD8,0x10,0x70,0x29, 0x2D,0x4C,0x2A,0x56,0x21,0xE1,0xC7,0x37, 0x0B,0x86,0xF5,0x02,0x8C,0xB8,0xB8,0x38, 0x41,0xFD,0xDF,0xD9,0xC3,0xE6,0xC8,0x88, 0x06,0x82,0xD4,0x80,0x6A,0x50,0x69,0xD5, 0xB9,0xB0,0x2F,0x44,0x36,0x5D,0xDA,0x5E, 0xDE,0xF6,0xF5,0xFC,0x44,0xDC,0x07,0x51, 0xA7,0x32,0x42,0xDB,0xCC,0xBD,0xE2,0xE5, 0x0B,0xB1,0x14,0xFF,0x12,0x80,0x16,0x43, 0xE7,0x40,0xD5,0xEA,0xC7,0x3F,0x69,0x07, 0x64,0xD4,0x86,0x6C,0xE2,0x1F,0x8F,0x6E, 0x35,0x41,0xE7,0xD3,0xB5,0x5D,0xD6,0xD4, 0x9F,0x00,0xA9,0xAE,0x3D,0x28,0xA5,0x37, 0x80,0x3D,0x11,0x25,0xE2,0xB6,0x99,0xD9, 0x9B,0x98,0xE9,0x37,0xB9,0xF8,0xA0,0x04, 0xDF,0x13,0x49,0x3F,0x19,0x6A,0x45,0x06, 0x21,0xB4,0xC7,0x3B,0x49,0x45,0xB4,0xC8, 0x03,0x5B,0x43,0x89,0xBD,0xB3,0x96,0x4B, 0x17,0x6F,0x85,0xC6,0xCF,0xA6,0x05,0x35, 0x1E,0x25,0x03,0xBB,0x55,0x0A,0xD5,0x54, 0x41,0xEA,0xEB,0x50,0x40,0x1B,0x43,0x19, 0x59,0x1B,0x0E,0x12,0x3E,0xA2,0x71,0xC3, 0x1A,0xA7,0x11,0x50,0x43,0x9D,0x56,0x3B, 0x63,0x2F,0x63,0xF1,0x8D,0xAE,0xF3,0x23, 0xFA,0x1E,0xD8,0x6A,0xE1,0xB2,0x4B,0xF3, 0xB9,0x13,0x7A,0x72,0x2B,0x6D,0xCC,0x41, 0x1C,0x69,0x7C,0xCD,0x43,0x6F,0xE4,0xE2, 0x38,0x99,0xFB,0xC3,0x38,0x92,0x62,0x35, 0xC0,0x1D,0x60,0xE4,0x4B,0xDD,0x0C,0x14 }; const byte iv2[] = { 0x9D,0xED,0xE7,0x0F,0xEC,0x81,0x51,0xD9, 0x77,0x39,0x71,0xA6,0x21,0xDF,0xB8,0x93 }; byte input2[256]; int i; for (i = 0; i < 256; i++) input2[i] = i; ret = wc_Chacha_SetIV(&enc, iv2, 0); AssertIntEQ(ret, 0); ret = wc_Chacha_Process(&enc, cipher, input2, 64); AssertIntEQ(ret, 0); AssertIntEQ(XMEMCMP(expected, cipher, 64), 0); ret = wc_Chacha_Process(&enc, cipher, input2 + 64, 128); AssertIntEQ(ret, 0); AssertIntEQ(XMEMCMP(expected + 64, cipher, 128), 0); /* partial */ ret = wc_Chacha_Process(&enc, cipher, input2 + 192, 32); AssertIntEQ(ret, 0); AssertIntEQ(XMEMCMP(expected + 192, cipher, 32), 0); ret = wc_Chacha_Process(&enc, cipher, input2 + 224, 32); AssertIntEQ(ret, 0); AssertIntEQ(XMEMCMP(expected + 224, cipher, 32), 0); } #endif /* Test bad args. */ ret = wc_Chacha_Process(NULL, cipher, (byte*)input, (word32)inlen); AssertIntEQ(ret, BAD_FUNC_ARG); if (ret == BAD_FUNC_ARG) { ret = 0; } res = TEST_RES_CHECK(ret == 0); #endif return res; } /* END test_wc_Chacha_Process */ /* * Testing wc_ChaCha20Poly1305_Encrypt() and wc_ChaCha20Poly1305_Decrypt() */ static int test_wc_ChaCha20Poly1305_aead(void) { int res = TEST_SKIPPED; #if defined(HAVE_CHACHA) && defined(HAVE_POLY1305) const byte key[] = { 0x80, 0x81, 0x82, 0x83, 0x84, 0x85, 0x86, 0x87, 0x88, 0x89, 0x8a, 0x8b, 0x8c, 0x8d, 0x8e, 0x8f, 0x90, 0x91, 0x92, 0x93, 0x94, 0x95, 0x96, 0x97, 0x98, 0x99, 0x9a, 0x9b, 0x9c, 0x9d, 0x9e, 0x9f }; const byte plaintext[] = { 0x4c, 0x61, 0x64, 0x69, 0x65, 0x73, 0x20, 0x61, 0x6e, 0x64, 0x20, 0x47, 0x65, 0x6e, 0x74, 0x6c, 0x65, 0x6d, 0x65, 0x6e, 0x20, 0x6f, 0x66, 0x20, 0x74, 0x68, 0x65, 0x20, 0x63, 0x6c, 0x61, 0x73, 0x73, 0x20, 0x6f, 0x66, 0x20, 0x27, 0x39, 0x39, 0x3a, 0x20, 0x49, 0x66, 0x20, 0x49, 0x20, 0x63, 0x6f, 0x75, 0x6c, 0x64, 0x20, 0x6f, 0x66, 0x66, 0x65, 0x72, 0x20, 0x79, 0x6f, 0x75, 0x20, 0x6f, 0x6e, 0x6c, 0x79, 0x20, 0x6f, 0x6e, 0x65, 0x20, 0x74, 0x69, 0x70, 0x20, 0x66, 0x6f, 0x72, 0x20, 0x74, 0x68, 0x65, 0x20, 0x66, 0x75, 0x74, 0x75, 0x72, 0x65, 0x2c, 0x20, 0x73, 0x75, 0x6e, 0x73, 0x63, 0x72, 0x65, 0x65, 0x6e, 0x20, 0x77, 0x6f, 0x75, 0x6c, 0x64, 0x20, 0x62, 0x65, 0x20, 0x69, 0x74, 0x2e }; const byte iv[] = { 0x07, 0x00, 0x00, 0x00, 0x40, 0x41, 0x42, 0x43, 0x44, 0x45, 0x46, 0x47 }; const byte aad[] = { /* additional data */ 0x50, 0x51, 0x52, 0x53, 0xc0, 0xc1, 0xc2, 0xc3, 0xc4, 0xc5, 0xc6, 0xc7 }; const byte cipher[] = { /* expected output from operation */ 0xd3, 0x1a, 0x8d, 0x34, 0x64, 0x8e, 0x60, 0xdb, 0x7b, 0x86, 0xaf, 0xbc, 0x53, 0xef, 0x7e, 0xc2, 0xa4, 0xad, 0xed, 0x51, 0x29, 0x6e, 0x08, 0xfe, 0xa9, 0xe2, 0xb5, 0xa7, 0x36, 0xee, 0x62, 0xd6, 0x3d, 0xbe, 0xa4, 0x5e, 0x8c, 0xa9, 0x67, 0x12, 0x82, 0xfa, 0xfb, 0x69, 0xda, 0x92, 0x72, 0x8b, 0x1a, 0x71, 0xde, 0x0a, 0x9e, 0x06, 0x0b, 0x29, 0x05, 0xd6, 0xa5, 0xb6, 0x7e, 0xcd, 0x3b, 0x36, 0x92, 0xdd, 0xbd, 0x7f, 0x2d, 0x77, 0x8b, 0x8c, 0x98, 0x03, 0xae, 0xe3, 0x28, 0x09, 0x1b, 0x58, 0xfa, 0xb3, 0x24, 0xe4, 0xfa, 0xd6, 0x75, 0x94, 0x55, 0x85, 0x80, 0x8b, 0x48, 0x31, 0xd7, 0xbc, 0x3f, 0xf4, 0xde, 0xf0, 0x8e, 0x4b, 0x7a, 0x9d, 0xe5, 0x76, 0xd2, 0x65, 0x86, 0xce, 0xc6, 0x4b, 0x61, 0x16 }; const byte authTag[] = { /* expected output from operation */ 0x1a, 0xe1, 0x0b, 0x59, 0x4f, 0x09, 0xe2, 0x6a, 0x7e, 0x90, 0x2e, 0xcb, 0xd0, 0x60, 0x06, 0x91 }; byte generatedCiphertext[272]; byte generatedPlaintext[272]; byte generatedAuthTag[CHACHA20_POLY1305_AEAD_AUTHTAG_SIZE]; int ret = 0; /* Initialize stack variables. */ XMEMSET(generatedCiphertext, 0, 272); XMEMSET(generatedPlaintext, 0, 272); /* Test Encrypt */ ret = wc_ChaCha20Poly1305_Encrypt(key, iv, aad, sizeof(aad), plaintext, sizeof(plaintext), generatedCiphertext, generatedAuthTag); AssertIntEQ(ret, 0); ret = XMEMCMP(generatedCiphertext, cipher, sizeof(cipher)/sizeof(byte)); AssertIntEQ(ret, 0); /* Test bad args. */ ret = wc_ChaCha20Poly1305_Encrypt(NULL, iv, aad, sizeof(aad), plaintext, sizeof(plaintext), generatedCiphertext, generatedAuthTag); AssertIntEQ(ret, BAD_FUNC_ARG); ret = wc_ChaCha20Poly1305_Encrypt(key, NULL, aad, sizeof(aad), plaintext, sizeof(plaintext), generatedCiphertext, generatedAuthTag); AssertIntEQ(ret, BAD_FUNC_ARG); ret = wc_ChaCha20Poly1305_Encrypt(key, iv, aad, sizeof(aad), NULL, sizeof(plaintext), generatedCiphertext, generatedAuthTag); AssertIntEQ(ret, BAD_FUNC_ARG); ret = wc_ChaCha20Poly1305_Encrypt(key, iv, aad, sizeof(aad), NULL, sizeof(plaintext), generatedCiphertext, generatedAuthTag); AssertIntEQ(ret, BAD_FUNC_ARG); ret = wc_ChaCha20Poly1305_Encrypt(key, iv, aad, sizeof(aad), plaintext, sizeof(plaintext), NULL, generatedAuthTag); AssertIntEQ(ret, BAD_FUNC_ARG); ret = wc_ChaCha20Poly1305_Encrypt(key, iv, aad, sizeof(aad), plaintext, sizeof(plaintext), generatedCiphertext, NULL); if (ret == BAD_FUNC_ARG) { ret = 0; (void)ret; /* suppress never read */ } ret = wc_ChaCha20Poly1305_Decrypt(key, iv, aad, sizeof(aad), cipher, sizeof(cipher), authTag, generatedPlaintext); AssertIntEQ(ret, 0); ret = XMEMCMP(generatedPlaintext, plaintext, sizeof(plaintext)/sizeof(byte)); AssertIntEQ(ret, 0); /* Test bad args. */ ret = wc_ChaCha20Poly1305_Decrypt(NULL, iv, aad, sizeof(aad), cipher, sizeof(cipher), authTag, generatedPlaintext); AssertIntEQ(ret, BAD_FUNC_ARG); ret = wc_ChaCha20Poly1305_Decrypt(key, NULL, aad, sizeof(aad), cipher, sizeof(cipher), authTag, generatedPlaintext); AssertIntEQ(ret, BAD_FUNC_ARG); ret = wc_ChaCha20Poly1305_Decrypt(key, iv, aad, sizeof(aad), NULL, sizeof(cipher), authTag, generatedPlaintext); AssertIntEQ(ret, BAD_FUNC_ARG); ret = wc_ChaCha20Poly1305_Decrypt(key, iv, aad, sizeof(aad), cipher, sizeof(cipher), NULL, generatedPlaintext); AssertIntEQ(ret, BAD_FUNC_ARG); ret = wc_ChaCha20Poly1305_Decrypt(key, iv, aad, sizeof(aad), cipher, sizeof(cipher), authTag, NULL); AssertIntEQ(ret, BAD_FUNC_ARG); ret = wc_ChaCha20Poly1305_Decrypt(key, iv, aad, sizeof(aad), NULL, sizeof(cipher), authTag, generatedPlaintext); AssertIntEQ(ret, BAD_FUNC_ARG); if (ret == BAD_FUNC_ARG) { ret = 0; } res = TEST_RES_CHECK(ret == 0); #endif return res; } /* END test-wc_ChaCha20Poly1305_EncryptDecrypt */ /* * Testing function for wc_Rc2SetKey(). */ static int test_wc_Rc2SetKey(void) { int res = TEST_SKIPPED; #ifdef WC_RC2 Rc2 rc2; byte key40[] = { 0x01, 0x02, 0x03, 0x04, 0x05 }; byte iv[] = { 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08 }; int ret = 0; /* valid key and IV */ ret = wc_Rc2SetKey(&rc2, key40, (word32) sizeof(key40) / sizeof(byte), iv, 40); if (ret == 0) { /* valid key, no IV */ ret = wc_Rc2SetKey(&rc2, key40, (word32) sizeof(key40) / sizeof(byte), NULL, 40); } /* bad arguments */ if (ret == 0) { /* null Rc2 struct */ ret = wc_Rc2SetKey(NULL, key40, (word32) sizeof(key40) / sizeof(byte), iv, 40); if (ret == BAD_FUNC_ARG) { ret = 0; } } if (ret == 0) { /* null key */ ret = wc_Rc2SetKey(&rc2, NULL, (word32) sizeof(key40) / sizeof(byte), iv, 40); if (ret == BAD_FUNC_ARG) { ret = 0; } } if (ret == 0) { /* key size == 0 */ ret = wc_Rc2SetKey(&rc2, key40, 0, iv, 40); if (ret == WC_KEY_SIZE_E) { ret = 0; } } if (ret == 0) { /* key size > 128 */ ret = wc_Rc2SetKey(&rc2, key40, 129, iv, 40); if (ret == WC_KEY_SIZE_E) { ret = 0; } } if (ret == 0) { /* effective bits == 0 */ ret = wc_Rc2SetKey(&rc2, key40, (word32)sizeof(key40) / sizeof(byte), iv, 0); if (ret == WC_KEY_SIZE_E) { ret = 0; } } if (ret == 0) { /* effective bits > 1024 */ ret = wc_Rc2SetKey(&rc2, key40, (word32)sizeof(key40) / sizeof(byte), iv, 1025); if (ret == WC_KEY_SIZE_E) { ret = 0; } } res = TEST_RES_CHECK(ret == 0); #endif return res; } /* END test_wc_Rc2SetKey */ /* * Testing function for wc_Rc2SetIV(). */ static int test_wc_Rc2SetIV(void) { int res = TEST_SKIPPED; #ifdef WC_RC2 Rc2 rc2; byte iv[] = { 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08 }; int ret = 0; /* valid IV */ ret = wc_Rc2SetIV(&rc2, iv); if (ret == 0) { /* valid NULL IV */ ret = wc_Rc2SetIV(&rc2, NULL); } /* bad arguments */ if (ret == 0) { ret = wc_Rc2SetIV(NULL, iv); if (ret == BAD_FUNC_ARG) { ret = 0; } } res = TEST_RES_CHECK(ret == 0); #endif return res; } /* END test_wc_Rc2SetKey */ /* * Testing function for wc_Rc2EcbEncrypt(). */ static int test_wc_Rc2EcbEncryptDecrypt(void) { int res = TEST_SKIPPED; #ifdef WC_RC2 Rc2 rc2; int ret = 0; int effectiveKeyBits = 63; byte cipher[RC2_BLOCK_SIZE]; byte plain[RC2_BLOCK_SIZE]; byte key[] = { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 }; byte input[] = { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 }; byte output[] = { 0xeb, 0xb7, 0x73, 0xf9, 0x93, 0x27, 0x8e, 0xff }; XMEMSET(cipher, 0, sizeof(cipher)); XMEMSET(plain, 0, sizeof(plain)); ret = wc_Rc2SetKey(&rc2, key, (word32) sizeof(key) / sizeof(byte), NULL, effectiveKeyBits); if (ret == 0) { ret = wc_Rc2EcbEncrypt(&rc2, cipher, input, RC2_BLOCK_SIZE); if (ret != 0 || XMEMCMP(cipher, output, RC2_BLOCK_SIZE) != 0) { ret = WOLFSSL_FATAL_ERROR; } if (ret == 0) { ret = wc_Rc2EcbDecrypt(&rc2, plain, cipher, RC2_BLOCK_SIZE); if (ret != 0 || XMEMCMP(plain, input, RC2_BLOCK_SIZE) != 0) { ret = WOLFSSL_FATAL_ERROR; } } } /* Rc2EcbEncrypt bad arguments */ if (ret == 0) { /* null Rc2 struct */ ret = wc_Rc2EcbEncrypt(NULL, cipher, input, RC2_BLOCK_SIZE); if (ret == BAD_FUNC_ARG) { ret = 0; } } if (ret == 0) { /* null out buffer */ ret = wc_Rc2EcbEncrypt(&rc2, NULL, input, RC2_BLOCK_SIZE); if (ret == BAD_FUNC_ARG) { ret = 0; } } if (ret == 0) { /* null input buffer */ ret = wc_Rc2EcbEncrypt(&rc2, cipher, NULL, RC2_BLOCK_SIZE); if (ret == BAD_FUNC_ARG) { ret = 0; } } if (ret == 0) { /* output buffer sz != RC2_BLOCK_SIZE (8) */ ret = wc_Rc2EcbEncrypt(&rc2, cipher, input, 7); if (ret == BUFFER_E) { ret = 0; } } /* Rc2EcbDecrypt bad arguments */ if (ret == 0) { /* null Rc2 struct */ ret = wc_Rc2EcbDecrypt(NULL, plain, output, RC2_BLOCK_SIZE); if (ret == BAD_FUNC_ARG) { ret = 0; } } if (ret == 0) { /* null out buffer */ ret = wc_Rc2EcbDecrypt(&rc2, NULL, output, RC2_BLOCK_SIZE); if (ret == BAD_FUNC_ARG) { ret = 0; } } if (ret == 0) { /* null input buffer */ ret = wc_Rc2EcbDecrypt(&rc2, plain, NULL, RC2_BLOCK_SIZE); if (ret == BAD_FUNC_ARG) { ret = 0; } } if (ret == 0) { /* output buffer sz != RC2_BLOCK_SIZE (8) */ ret = wc_Rc2EcbDecrypt(&rc2, plain, output, 7); if (ret == BUFFER_E) { ret = 0; } } res = TEST_RES_CHECK(ret == 0); #endif return res; } /* END test_wc_Rc2SetKey */ /* * Testing function for wc_Rc2CbcEncrypt(). */ static int test_wc_Rc2CbcEncryptDecrypt(void) { int res = TEST_SKIPPED; #ifdef WC_RC2 Rc2 rc2; int ret = 0; int effectiveKeyBits = 63; byte cipher[RC2_BLOCK_SIZE*2]; byte plain[RC2_BLOCK_SIZE*2]; /* vector taken from test.c */ byte key[] = { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 }; byte iv[] = { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 }; byte input[] = { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 }; byte output[] = { 0xeb, 0xb7, 0x73, 0xf9, 0x93, 0x27, 0x8e, 0xff, 0xf0, 0x51, 0x77, 0x8b, 0x65, 0xdb, 0x13, 0x57 }; XMEMSET(cipher, 0, sizeof(cipher)); XMEMSET(plain, 0, sizeof(plain)); ret = wc_Rc2SetKey(&rc2, key, (word32) sizeof(key) / sizeof(byte), iv, effectiveKeyBits); if (ret == 0) { ret = wc_Rc2CbcEncrypt(&rc2, cipher, input, sizeof(input)); if (ret != 0 || XMEMCMP(cipher, output, sizeof(output)) != 0) { ret = WOLFSSL_FATAL_ERROR; } else { /* reset IV for decrypt */ ret = wc_Rc2SetIV(&rc2, iv); } if (ret == 0) { ret = wc_Rc2CbcDecrypt(&rc2, plain, cipher, sizeof(cipher)); if (ret != 0 || XMEMCMP(plain, input, sizeof(input)) != 0) { ret = WOLFSSL_FATAL_ERROR; } } } /* Rc2CbcEncrypt bad arguments */ if (ret == 0) { /* null Rc2 struct */ ret = wc_Rc2CbcEncrypt(NULL, cipher, input, sizeof(input)); if (ret == BAD_FUNC_ARG) { ret = 0; } } if (ret == 0) { /* null out buffer */ ret = wc_Rc2CbcEncrypt(&rc2, NULL, input, sizeof(input)); if (ret == BAD_FUNC_ARG) { ret = 0; } } if (ret == 0) { /* null input buffer */ ret = wc_Rc2CbcEncrypt(&rc2, cipher, NULL, sizeof(input)); if (ret == BAD_FUNC_ARG) { ret = 0; } } /* Rc2CbcDecrypt bad arguments */ if (ret == 0) { /* in size is 0 */ ret = wc_Rc2CbcDecrypt(&rc2, plain, output, 0); if (ret != 0) { ret = WOLFSSL_FATAL_ERROR; } } if (ret == 0) { /* null Rc2 struct */ ret = wc_Rc2CbcDecrypt(NULL, plain, output, sizeof(output)); if (ret == BAD_FUNC_ARG) { ret = 0; } } if (ret == 0) { /* null out buffer */ ret = wc_Rc2CbcDecrypt(&rc2, NULL, output, sizeof(output)); if (ret == BAD_FUNC_ARG) { ret = 0; } } if (ret == 0) { /* null input buffer */ ret = wc_Rc2CbcDecrypt(&rc2, plain, NULL, sizeof(output)); if (ret == BAD_FUNC_ARG) { ret = 0; } } res = TEST_RES_CHECK(ret == 0); #endif return res; } /* END test_wc_Rc2SetKey */ /* * Testing function for wc_AesSetIV */ static int test_wc_AesSetIV(void) { int res = TEST_SKIPPED; #if !defined(NO_AES) && defined(WOLFSSL_AES_128) Aes aes; int ret = 0; byte key16[] = { 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37, 0x38, 0x39, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66 }; byte iv1[] = "1234567890abcdef"; byte iv2[] = "0987654321fedcba"; ret = wc_AesInit(&aes, NULL, INVALID_DEVID); if (ret != 0) return ret; ret = wc_AesSetKey(&aes, key16, (word32) sizeof(key16) / sizeof(byte), iv1, AES_ENCRYPTION); if (ret == 0) { ret = wc_AesSetIV(&aes, iv2); } /* Test bad args. */ if (ret == 0) { ret = wc_AesSetIV(NULL, iv1); if (ret == BAD_FUNC_ARG) { /* NULL iv should return 0. */ ret = wc_AesSetIV(&aes, NULL); } else { ret = WOLFSSL_FATAL_ERROR; } } wc_AesFree(&aes); res = TEST_RES_CHECK(ret == 0); #endif return res; } /* test_wc_AesSetIV */ /* * Testing function for wc_AesSetKey(). */ static int test_wc_AesSetKey(void) { int res = TEST_SKIPPED; #ifndef NO_AES Aes aes; int ret = 0; byte key16[] = { 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37, 0x38, 0x39, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66 }; #ifdef WOLFSSL_AES_192 byte key24[] = { 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37, 0x38, 0x39, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66, 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37 }; #endif #ifdef WOLFSSL_AES_256 byte key32[] = { 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37, 0x38, 0x39, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66, 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37, 0x38, 0x39, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66 }; #endif byte badKey16[] = { 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37, 0x38, 0x39, 0x61, 0x62, 0x63, 0x64, 0x65 }; byte iv[] = "1234567890abcdef"; ret = wc_AesInit(&aes, NULL, INVALID_DEVID); if (ret != 0) return ret; #ifdef WOLFSSL_AES_128 ret = wc_AesSetKey(&aes, key16, (word32) sizeof(key16) / sizeof(byte), iv, AES_ENCRYPTION); #endif #ifdef WOLFSSL_AES_192 if (ret == 0) { ret = wc_AesSetKey (&aes, key24, (word32) sizeof(key24) / sizeof(byte), iv, AES_ENCRYPTION); } #endif #ifdef WOLFSSL_AES_256 if (ret == 0) { ret = wc_AesSetKey (&aes, key32, (word32) sizeof(key32) / sizeof(byte), iv, AES_ENCRYPTION); } #endif /* Pass in bad args. */ if (ret == 0) { ret = wc_AesSetKey (NULL, key16, (word32) sizeof(key16) / sizeof(byte), iv, AES_ENCRYPTION); if (ret == BAD_FUNC_ARG) { ret = wc_AesSetKey(&aes, badKey16, (word32) sizeof(badKey16) / sizeof(byte), iv, AES_ENCRYPTION); } if (ret == BAD_FUNC_ARG) { ret = 0; } else { ret = WOLFSSL_FATAL_ERROR; } } wc_AesFree(&aes); res = TEST_RES_CHECK(ret == 0); #endif return res; } /* END test_wc_AesSetKey */ /* * test function for wc_AesCbcEncrypt(), wc_AesCbcDecrypt(), * and wc_AesCbcDecryptWithKey() */ static int test_wc_AesCbcEncryptDecrypt(void) { int res = TEST_SKIPPED; #if !defined(NO_AES) && defined(HAVE_AES_CBC) && defined(HAVE_AES_DECRYPT)&& \ defined(WOLFSSL_AES_256) Aes aes; int ret = 0; byte key32[] = { 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37, 0x38, 0x39, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66, 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37, 0x38, 0x39, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66 }; byte vector[] = /* Now is the time for all good men w/o trailing 0 */ { 0x4e,0x6f,0x77,0x20,0x69,0x73,0x20,0x74, 0x68,0x65,0x20,0x74,0x69,0x6d,0x65,0x20, 0x66,0x6f,0x72,0x20,0x61,0x6c,0x6c,0x20, 0x67,0x6f,0x6f,0x64,0x20,0x6d,0x65,0x6e }; byte iv[] = "1234567890abcdef"; byte enc[sizeof(vector)]; byte dec[sizeof(vector)]; int cbcE = WOLFSSL_FATAL_ERROR; int cbcD = WOLFSSL_FATAL_ERROR; int cbcDWK = WOLFSSL_FATAL_ERROR; byte dec2[sizeof(vector)]; /* Init stack variables. */ XMEMSET(enc, 0, sizeof(enc)); XMEMSET(dec, 0, sizeof(vector)); XMEMSET(dec2, 0, sizeof(vector)); ret = wc_AesInit(&aes, NULL, INVALID_DEVID); if (ret != 0) return ret; ret = wc_AesSetKey(&aes, key32, AES_BLOCK_SIZE * 2, iv, AES_ENCRYPTION); if (ret == 0) { ret = wc_AesCbcEncrypt(&aes, enc, vector, sizeof(vector)); if (ret == 0) { /* Re init for decrypt and set flag. */ cbcE = 0; wc_AesFree(&aes); ret = wc_AesSetKey(&aes, key32, AES_BLOCK_SIZE * 2, iv, AES_DECRYPTION); } if (ret == 0) { ret = wc_AesCbcDecrypt(&aes, dec, enc, sizeof(vector)); if (ret != 0 || XMEMCMP(vector, dec, sizeof(vector)) != 0) { ret = WOLFSSL_FATAL_ERROR; } else { /* Set flag. */ cbcD = 0; } } } /* If encrypt succeeds but cbc decrypt fails, we can still test. */ if (ret == 0 || cbcE == 0) { ret = wc_AesCbcDecryptWithKey(dec2, enc, AES_BLOCK_SIZE, key32, sizeof(key32)/sizeof(byte), iv); if (ret == 0 || XMEMCMP(vector, dec2, AES_BLOCK_SIZE) == 0) { cbcDWK = 0; } } /* Pass in bad args */ if (cbcE == 0) { cbcE = wc_AesCbcEncrypt(NULL, enc, vector, sizeof(vector)); if (cbcE == BAD_FUNC_ARG) { cbcE = wc_AesCbcEncrypt(&aes, NULL, vector, sizeof(vector)); } if (cbcE == BAD_FUNC_ARG) { cbcE = wc_AesCbcEncrypt(&aes, enc, NULL, sizeof(vector)); } if (cbcE == BAD_FUNC_ARG) { cbcE = 0; } else { cbcE = WOLFSSL_FATAL_ERROR; } #ifdef WOLFSSL_AES_CBC_LENGTH_CHECKS if (cbcE == 0) { cbcE = wc_AesCbcEncrypt(&aes, enc, vector, sizeof(vector) - 1); } if (cbcE == BAD_LENGTH_E) { cbcE = 0; } else { cbcE = WOLFSSL_FATAL_ERROR; } #endif } if (cbcE == 0) { #if defined(HAVE_FIPS) && defined(HAVE_FIPS_VERSION) && \ (HAVE_FIPS_VERSION == 2) && defined(WOLFSSL_AESNI) fprintf(stderr, "Zero length inputs not supported with AESNI in FIPS " "mode (v2), skip test"); #else /* Test passing in size of 0 */ XMEMSET(enc, 0, sizeof(enc)); cbcE = wc_AesCbcEncrypt(&aes, enc, vector, 0); if (cbcE == 0) { /* Check enc was not modified */ int i; for (i = 0; i < (int)sizeof(enc); i++) cbcE |= enc[i]; } #endif } if (cbcE != 0) { wc_AesFree(&aes); return TEST_FAIL; } if (cbcD == 0) { cbcD = wc_AesCbcDecrypt(NULL, dec, enc, AES_BLOCK_SIZE); if (cbcD == BAD_FUNC_ARG) { cbcD = wc_AesCbcDecrypt(&aes, NULL, enc, AES_BLOCK_SIZE); } if (cbcD == BAD_FUNC_ARG) { cbcD = wc_AesCbcDecrypt(&aes, dec, NULL, AES_BLOCK_SIZE); } if (cbcD == BAD_FUNC_ARG) { cbcD = wc_AesCbcDecrypt(&aes, dec, enc, AES_BLOCK_SIZE * 2 - 1); } #ifdef WOLFSSL_AES_CBC_LENGTH_CHECKS if (cbcD == BAD_LENGTH_E) { cbcD = 0; } else { cbcD = WOLFSSL_FATAL_ERROR; } #else if (cbcD == BAD_FUNC_ARG) { cbcD = 0; } else { cbcD = WOLFSSL_FATAL_ERROR; } #endif } if (cbcD == 0) { /* Test passing in size of 0 */ XMEMSET(dec, 0, sizeof(dec)); cbcD = wc_AesCbcDecrypt(&aes, dec, enc, 0); if (cbcD == 0) { /* Check dec was not modified */ int i; for (i = 0; i < (int)sizeof(dec); i++) cbcD |= dec[i]; } } if (cbcD != 0) { wc_AesFree(&aes); return TEST_FAIL; } if (cbcDWK == 0) { cbcDWK = wc_AesCbcDecryptWithKey(NULL, enc, AES_BLOCK_SIZE, key32, sizeof(key32)/sizeof(byte), iv); if (cbcDWK == BAD_FUNC_ARG) { cbcDWK = wc_AesCbcDecryptWithKey(dec2, NULL, AES_BLOCK_SIZE, key32, sizeof(key32)/sizeof(byte), iv); } if (cbcDWK == BAD_FUNC_ARG) { cbcDWK = wc_AesCbcDecryptWithKey(dec2, enc, AES_BLOCK_SIZE, NULL, sizeof(key32)/sizeof(byte), iv); } if (cbcDWK == BAD_FUNC_ARG) { cbcDWK = wc_AesCbcDecryptWithKey(dec2, enc, AES_BLOCK_SIZE, key32, sizeof(key32)/sizeof(byte), NULL); } if (cbcDWK == BAD_FUNC_ARG) { cbcDWK = 0; } else { cbcDWK = WOLFSSL_FATAL_ERROR; } } wc_AesFree(&aes); res = TEST_RES_CHECK(cbcDWK == 0); #endif return res; } /* END test_wc_AesCbcEncryptDecrypt */ /* * Testing wc_AesCtrEncrypt and wc_AesCtrDecrypt */ static int test_wc_AesCtrEncryptDecrypt(void) { int res = TEST_SKIPPED; #if !defined(NO_AES) && defined(WOLFSSL_AES_COUNTER) && defined(WOLFSSL_AES_256) Aes aesEnc, aesDec; int ret = 0; byte key32[] = { 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37, 0x38, 0x39, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66, 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37, 0x38, 0x39, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66 }; byte vector[] = /* Now is the time for all w/o trailing 0 */ { 0x4e,0x6f,0x77,0x20,0x69,0x73,0x20,0x74, 0x68,0x65,0x20,0x74,0x69,0x6d,0x65,0x20, 0x66,0x6f,0x72,0x20,0x61,0x6c,0x6c,0x20 }; byte iv[] = "1234567890abcdef"; byte enc[AES_BLOCK_SIZE * 2]; byte dec[AES_BLOCK_SIZE * 2]; /* Init stack variables. */ XMEMSET(enc, 0, AES_BLOCK_SIZE * 2); XMEMSET(dec, 0, AES_BLOCK_SIZE * 2); ret = wc_AesInit(&aesEnc, NULL, INVALID_DEVID); if (ret != 0) return ret; ret = wc_AesInit(&aesDec, NULL, INVALID_DEVID); if (ret != 0) { wc_AesFree(&aesEnc); return ret; } ret = wc_AesSetKey(&aesEnc, key32, AES_BLOCK_SIZE * 2, iv, AES_ENCRYPTION); if (ret == 0) { ret = wc_AesCtrEncrypt(&aesEnc, enc, vector, sizeof(vector)/sizeof(byte)); if (ret == 0) { /* Decrypt with wc_AesCtrEncrypt() */ ret = wc_AesSetKey(&aesDec, key32, AES_BLOCK_SIZE * 2, iv, AES_ENCRYPTION); } if (ret == 0) { ret = wc_AesCtrEncrypt(&aesDec, dec, enc, sizeof(enc)/sizeof(byte)); if (ret != 0 || XMEMCMP(vector, dec, sizeof(vector))) { ret = WOLFSSL_FATAL_ERROR; } } } /* Test bad args. */ if (ret == 0) { ret = wc_AesCtrEncrypt(NULL, dec, enc, sizeof(enc)/sizeof(byte)); if (ret == BAD_FUNC_ARG) { ret = wc_AesCtrEncrypt(&aesDec, NULL, enc, sizeof(enc)/sizeof(byte)); } if (ret == BAD_FUNC_ARG) { ret = wc_AesCtrEncrypt(&aesDec, dec, NULL, sizeof(enc)/sizeof(byte)); } if (ret == BAD_FUNC_ARG) { ret = 0; } else { ret = WOLFSSL_FATAL_ERROR; } } wc_AesFree(&aesEnc); wc_AesFree(&aesDec); res = TEST_RES_CHECK(ret == 0); #endif return res; } /* END test_wc_AesCtrEncryptDecrypt */ /* * test function for wc_AesGcmSetKey() */ static int test_wc_AesGcmSetKey(void) { int res = TEST_SKIPPED; #if !defined(NO_AES) && defined(HAVE_AESGCM) Aes aes; int ret = 0; #ifdef WOLFSSL_AES_128 byte key16[] = { 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37, 0x38, 0x39, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66 }; #endif #ifdef WOLFSSL_AES_192 byte key24[] = { 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37, 0x38, 0x39, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66, 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37 }; #endif #ifdef WOLFSSL_AES_256 byte key32[] = { 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37, 0x38, 0x39, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66, 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37, 0x38, 0x39, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66 }; #endif byte badKey16[] = { 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37, 0x38, 0x39, 0x61, 0x62, 0x63, 0x64, 0x65 }; byte badKey24[] = { 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37, 0x38, 0x39, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66, 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36 }; byte badKey32[] = { 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x37, 0x37, 0x38, 0x39, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66, 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37, 0x38, 0x39, 0x61, 0x62, 0x63, 0x64, 0x65 }; ret = wc_AesInit(&aes, NULL, INVALID_DEVID); if (ret != 0) return ret; #ifdef WOLFSSL_AES_128 ret = wc_AesGcmSetKey(&aes, key16, sizeof(key16)/sizeof(byte)); #endif #ifdef WOLFSSL_AES_192 if (ret == 0) { ret = wc_AesGcmSetKey(&aes, key24, sizeof(key24)/sizeof(byte)); } #endif #ifdef WOLFSSL_AES_256 if (ret == 0) { ret = wc_AesGcmSetKey(&aes, key32, sizeof(key32)/sizeof(byte)); } #endif /* Pass in bad args. */ if (ret == 0) { ret = wc_AesGcmSetKey(&aes, badKey16, sizeof(badKey16)/sizeof(byte)); if (ret == BAD_FUNC_ARG) { ret = wc_AesGcmSetKey(&aes, badKey24, sizeof(badKey24)/sizeof(byte)); } if (ret == BAD_FUNC_ARG) { ret = wc_AesGcmSetKey(&aes, badKey32, sizeof(badKey32)/sizeof(byte)); } if (ret == BAD_FUNC_ARG) { ret = 0; } else { ret = WOLFSSL_FATAL_ERROR; } } wc_AesFree(&aes); res = TEST_RES_CHECK(ret == 0); #endif return res; } /* END test_wc_AesGcmSetKey */ /* * test function for wc_AesGcmEncrypt and wc_AesGcmDecrypt */ static int test_wc_AesGcmEncryptDecrypt(void) { int res = TEST_SKIPPED; /* WOLFSSL_AFALG requires 12 byte IV */ #if !defined(NO_AES) && defined(HAVE_AESGCM) && defined(WOLFSSL_AES_256) && \ !defined(WOLFSSL_AFALG) && !defined(WOLFSSL_DEVCRYPTO_AES) Aes aes; byte key32[] = { 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37, 0x38, 0x39, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66, 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37, 0x38, 0x39, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66 }; byte vector[] = /* Now is the time for all w/o trailing 0 */ { 0x4e,0x6f,0x77,0x20,0x69,0x73,0x20,0x74, 0x68,0x65,0x20,0x74,0x69,0x6d,0x65,0x20, 0x66,0x6f,0x72,0x20,0x61,0x6c,0x6c,0x20 }; const byte a[] = { 0xfe, 0xed, 0xfa, 0xce, 0xde, 0xad, 0xbe, 0xef, 0xfe, 0xed, 0xfa, 0xce, 0xde, 0xad, 0xbe, 0xef, 0xab, 0xad, 0xda, 0xd2 }; byte iv[] = "1234567890a"; byte longIV[] = "1234567890abcdefghij"; byte enc[sizeof(vector)]; byte resultT[AES_BLOCK_SIZE]; byte dec[sizeof(vector)]; int gcmD = WOLFSSL_FATAL_ERROR; int gcmE = WOLFSSL_FATAL_ERROR; int ret = 0; /* Init stack variables. */ XMEMSET(enc, 0, sizeof(vector)); XMEMSET(dec, 0, sizeof(vector)); XMEMSET(resultT, 0, AES_BLOCK_SIZE); ret = wc_AesInit(&aes, NULL, INVALID_DEVID); if (ret != 0) return ret; ret = wc_AesGcmSetKey(&aes, key32, sizeof(key32)/sizeof(byte)); if (ret == 0) { gcmE = wc_AesGcmEncrypt(&aes, enc, vector, sizeof(vector), iv, sizeof(iv)/sizeof(byte), resultT, sizeof(resultT), a, sizeof(a)); } if (gcmE == 0) { /* If encrypt fails, no decrypt. */ gcmD = wc_AesGcmDecrypt(&aes, dec, enc, sizeof(vector), iv, sizeof(iv)/sizeof(byte), resultT, sizeof(resultT), a, sizeof(a)); if (gcmD == 0 && (XMEMCMP(vector, dec, sizeof(vector)) != 0)) { gcmD = WOLFSSL_FATAL_ERROR; } } /*Test bad args for wc_AesGcmEncrypt and wc_AesGcmDecrypt */ if (gcmE == 0) { gcmE = wc_AesGcmEncrypt(NULL, enc, vector, sizeof(vector), iv, sizeof(iv)/sizeof(byte), resultT, sizeof(resultT), a, sizeof(a)); if (gcmE == BAD_FUNC_ARG) { gcmE = wc_AesGcmEncrypt(&aes, enc, vector, sizeof(vector), iv, sizeof(iv)/sizeof(byte), resultT, sizeof(resultT) + 1, a, sizeof(a)); } if (gcmE == BAD_FUNC_ARG) { gcmE = wc_AesGcmEncrypt(&aes, enc, vector, sizeof(vector), iv, sizeof(iv)/sizeof(byte), resultT, sizeof(resultT) - 5, a, sizeof(a)); } #if (defined(HAVE_FIPS) && defined(HAVE_FIPS_VERSION) && \ (HAVE_FIPS_VERSION == 2)) || defined(HAVE_SELFTEST) || \ defined(WOLFSSL_AES_GCM_FIXED_IV_AAD) /* FIPS does not check the lower bound of ivSz */ #else if (gcmE == BAD_FUNC_ARG) { gcmE = wc_AesGcmEncrypt(&aes, enc, vector, sizeof(vector), iv, 0, resultT, sizeof(resultT), a, sizeof(a)); } #endif if (gcmE == BAD_FUNC_ARG) { gcmE = 0; } else { gcmE = WOLFSSL_FATAL_ERROR; } } /* This case is now considered good. Long IVs are now allowed. * Except for the original FIPS release, it still has an upper * bound on the IV length. */ #if (!defined(HAVE_FIPS) || \ (defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION >= 2))) && \ !defined(WOLFSSL_AES_GCM_FIXED_IV_AAD) if (gcmE == 0) { gcmE = wc_AesGcmEncrypt(&aes, enc, vector, sizeof(vector), longIV, sizeof(longIV)/sizeof(byte), resultT, sizeof(resultT), a, sizeof(a)); } #else (void)longIV; #endif /* Old FIPS */ /* END wc_AesGcmEncrypt */ if (gcmE != 0) { wc_AesFree(&aes); return TEST_FAIL; } #ifdef HAVE_AES_DECRYPT if (gcmD == 0) { gcmD = wc_AesGcmDecrypt(NULL, dec, enc, sizeof(enc)/sizeof(byte), iv, sizeof(iv)/sizeof(byte), resultT, sizeof(resultT), a, sizeof(a)); if (gcmD == BAD_FUNC_ARG) { gcmD = wc_AesGcmDecrypt(&aes, NULL, enc, sizeof(enc)/sizeof(byte), iv, sizeof(iv)/sizeof(byte), resultT, sizeof(resultT), a, sizeof(a)); } if (gcmD == BAD_FUNC_ARG) { gcmD = wc_AesGcmDecrypt(&aes, dec, NULL, sizeof(enc)/sizeof(byte), iv, sizeof(iv)/sizeof(byte), resultT, sizeof(resultT), a, sizeof(a)); } if (gcmD == BAD_FUNC_ARG) { gcmD = wc_AesGcmDecrypt(&aes, dec, enc, sizeof(enc)/sizeof(byte), NULL, sizeof(iv)/sizeof(byte), resultT, sizeof(resultT), a, sizeof(a)); } if (gcmD == BAD_FUNC_ARG) { gcmD = wc_AesGcmDecrypt(&aes, dec, enc, sizeof(enc)/sizeof(byte), iv, sizeof(iv)/sizeof(byte), NULL, sizeof(resultT), a, sizeof(a)); } if (gcmD == BAD_FUNC_ARG) { gcmD = wc_AesGcmDecrypt(&aes, dec, enc, sizeof(enc)/sizeof(byte), iv, sizeof(iv)/sizeof(byte), resultT, sizeof(resultT) + 1, a, sizeof(a)); } #if ((defined(HAVE_FIPS) && defined(HAVE_FIPS_VERSION) && \ (HAVE_FIPS_VERSION == 2)) || defined(HAVE_SELFTEST)) && \ !defined(WOLFSSL_AES_GCM_FIXED_IV_AAD) /* FIPS does not check the lower bound of ivSz */ #else if (gcmD == BAD_FUNC_ARG) { gcmD = wc_AesGcmDecrypt(&aes, dec, enc, sizeof(enc)/sizeof(byte), iv, 0, resultT, sizeof(resultT), a, sizeof(a)); } #endif if (gcmD == BAD_FUNC_ARG) { gcmD = 0; } else { gcmD = WOLFSSL_FATAL_ERROR; } res = TEST_RES_CHECK(gcmD == 0); } /* END wc_AesGcmDecrypt */ #endif /* HAVE_AES_DECRYPT */ wc_AesFree(&aes); #endif return res; } /* END test_wc_AesGcmEncryptDecrypt */ /* * test function for mixed (one-shot encrpytion + stream decryption) AES GCM * using a long IV (older FIPS does NOT support long IVs). Relates to zd15423 */ static int test_wc_AesGcmMixedEncDecLongIV(void) { int ret = TEST_SKIPPED; #if (!defined(HAVE_FIPS) || \ (defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION >= 2))) && \ !defined(NO_AES) && defined(HAVE_AESGCM) && defined(WOLFSSL_AESGCM_STREAM) const byte key[] = { 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37, 0x38, 0x39, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66, 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37, 0x38, 0x39, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66 }; const byte in[] = { 0x4e,0x6f,0x77,0x20,0x69,0x73,0x20,0x74, 0x68,0x65,0x20,0x74,0x69,0x6d,0x65,0x20, 0x66,0x6f,0x72,0x20,0x61,0x6c,0x6c,0x20 }; const byte aad[] = { 0xfe, 0xed, 0xfa, 0xce, 0xde, 0xad, 0xbe, 0xef, 0xfe, 0xed, 0xfa, 0xce, 0xde, 0xad, 0xbe, 0xef, 0xab, 0xad, 0xda, 0xd2 }; Aes aesEnc, aesDec; byte iv[] = "1234567890abcdefghij"; byte out[sizeof(in)]; byte plain[sizeof(in)]; byte tag[AES_BLOCK_SIZE]; XMEMSET(out, 0, sizeof(out)); XMEMSET(plain, 0, sizeof(plain)); XMEMSET(tag, 0, sizeof(tag)); /* Perform one-shot encryption using long IV */ AssertIntEQ(wc_AesInit(&aesEnc, NULL, INVALID_DEVID), 0); AssertIntEQ(wc_AesGcmSetKey(&aesEnc, key, sizeof(key)), 0); AssertIntEQ(wc_AesGcmEncrypt(&aesEnc, out, in, sizeof(in), iv, sizeof(iv), tag, sizeof(tag), aad, sizeof(aad)), 0); /* Perform streaming decryption using long IV */ AssertIntEQ(wc_AesInit(&aesDec, NULL, INVALID_DEVID), 0); AssertIntEQ(wc_AesGcmInit(&aesDec, key, sizeof(key), iv, sizeof(iv)), 0); AssertIntEQ(wc_AesGcmDecryptUpdate(&aesDec, plain, out, sizeof(out), aad, sizeof(aad)), 0); AssertIntEQ(wc_AesGcmDecryptFinal(&aesDec, tag, sizeof(tag)), 0); AssertIntEQ(XMEMCMP(plain, in, sizeof(in)), 0); /* Free resources */ wc_AesFree(&aesEnc); wc_AesFree(&aesDec); ret = TEST_SUCCESS; #endif return ret; } /* END wc_AesGcmMixedEncDecLongIV */ /* * unit test for wc_GmacSetKey() */ static int test_wc_GmacSetKey(void) { int res = TEST_SKIPPED; #if !defined(NO_AES) && defined(HAVE_AESGCM) Gmac gmac; byte key16[] = { 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37, 0x38, 0x39, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66 }; #ifdef WOLFSSL_AES_192 byte key24[] = { 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37, 0x38, 0x39, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66, 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37 }; #endif #ifdef WOLFSSL_AES_256 byte key32[] = { 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37, 0x38, 0x39, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66, 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37, 0x38, 0x39, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66 }; #endif byte badKey16[] = { 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37, 0x38, 0x39, 0x61, 0x62, 0x63, 0x64, 0x66 }; byte badKey24[] = { 0x30, 0x31, 0x32, 0x33, 0x34, 0x36, 0x37, 0x38, 0x39, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66, 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37 }; byte badKey32[] = { 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37, 0x38, 0x39, 0x61, 0x62, 0x64, 0x65, 0x66, 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37, 0x38, 0x39, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66 }; int ret = 0; ret = wc_AesInit(&gmac.aes, NULL, INVALID_DEVID); if (ret != 0) return ret; #ifdef WOLFSSL_AES_128 ret = wc_GmacSetKey(&gmac, key16, sizeof(key16)/sizeof(byte)); #endif #ifdef WOLFSSL_AES_192 if (ret == 0) { ret = wc_GmacSetKey(&gmac, key24, sizeof(key24)/sizeof(byte)); } #endif #ifdef WOLFSSL_AES_256 if (ret == 0) { ret = wc_GmacSetKey(&gmac, key32, sizeof(key32)/sizeof(byte)); } #endif /* Pass in bad args. */ if (ret == 0) { ret = wc_GmacSetKey(NULL, key16, sizeof(key16)/sizeof(byte)); if (ret == BAD_FUNC_ARG) { ret = wc_GmacSetKey(&gmac, NULL, sizeof(key16)/sizeof(byte)); } if (ret == BAD_FUNC_ARG) { ret = wc_GmacSetKey(&gmac, badKey16, sizeof(badKey16)/sizeof(byte)); } if (ret == BAD_FUNC_ARG) { ret = wc_GmacSetKey(&gmac, badKey24, sizeof(badKey24)/sizeof(byte)); } if (ret == BAD_FUNC_ARG) { ret = wc_GmacSetKey(&gmac, badKey32, sizeof(badKey32)/sizeof(byte)); } if (ret == BAD_FUNC_ARG) { ret = 0; } else { ret = WOLFSSL_FATAL_ERROR; } } wc_AesFree(&gmac.aes); res = TEST_RES_CHECK(ret == 0); #endif return res; } /* END test_wc_GmacSetKey */ /* * unit test for wc_GmacUpdate */ static int test_wc_GmacUpdate(void) { int res = TEST_SKIPPED; #if !defined(NO_AES) && defined(HAVE_AESGCM) Gmac gmac; #ifdef WOLFSSL_AES_128 const byte key16[] = { 0x89, 0xc9, 0x49, 0xe9, 0xc8, 0x04, 0xaf, 0x01, 0x4d, 0x56, 0x04, 0xb3, 0x94, 0x59, 0xf2, 0xc8 }; #endif #ifdef WOLFSSL_AES_192 byte key24[] = { 0x41, 0xc5, 0xda, 0x86, 0x67, 0xef, 0x72, 0x52, 0x20, 0xff, 0xe3, 0x9a, 0xe0, 0xac, 0x59, 0x0a, 0xc9, 0xfc, 0xa7, 0x29, 0xab, 0x60, 0xad, 0xa0 }; #endif #ifdef WOLFSSL_AES_256 byte key32[] = { 0x78, 0xdc, 0x4e, 0x0a, 0xaf, 0x52, 0xd9, 0x35, 0xc3, 0xc0, 0x1e, 0xea, 0x57, 0x42, 0x8f, 0x00, 0xca, 0x1f, 0xd4, 0x75, 0xf5, 0xda, 0x86, 0xa4, 0x9c, 0x8d, 0xd7, 0x3d, 0x68, 0xc8, 0xe2, 0x23 }; #endif #ifdef WOLFSSL_AES_128 const byte authIn[] = { 0x82, 0xad, 0xcd, 0x63, 0x8d, 0x3f, 0xa9, 0xd9, 0xf3, 0xe8, 0x41, 0x00, 0xd6, 0x1e, 0x07, 0x77 }; #endif #ifdef WOLFSSL_AES_192 const byte authIn2[] = { 0x8b, 0x5c, 0x12, 0x4b, 0xef, 0x6e, 0x2f, 0x0f, 0xe4, 0xd8, 0xc9, 0x5c, 0xd5, 0xfa, 0x4c, 0xf1 }; #endif const byte authIn3[] = { 0xb9, 0x6b, 0xaa, 0x8c, 0x1c, 0x75, 0xa6, 0x71, 0xbf, 0xb2, 0xd0, 0x8d, 0x06, 0xbe, 0x5f, 0x36 }; #ifdef WOLFSSL_AES_128 const byte tag1[] = /* Known. */ { 0x88, 0xdb, 0x9d, 0x62, 0x17, 0x2e, 0xd0, 0x43, 0xaa, 0x10, 0xf1, 0x6d, 0x22, 0x7d, 0xc4, 0x1b }; #endif #ifdef WOLFSSL_AES_192 const byte tag2[] = /* Known */ { 0x20, 0x4b, 0xdb, 0x1b, 0xd6, 0x21, 0x54, 0xbf, 0x08, 0x92, 0x2a, 0xaa, 0x54, 0xee, 0xd7, 0x05 }; #endif const byte tag3[] = /* Known */ { 0x3e, 0x5d, 0x48, 0x6a, 0xa2, 0xe3, 0x0b, 0x22, 0xe0, 0x40, 0xb8, 0x57, 0x23, 0xa0, 0x6e, 0x76 }; #ifdef WOLFSSL_AES_128 const byte iv[] = { 0xd1, 0xb1, 0x04, 0xc8, 0x15, 0xbf, 0x1e, 0x94, 0xe2, 0x8c, 0x8f, 0x16 }; #endif #ifdef WOLFSSL_AES_192 const byte iv2[] = { 0x05, 0xad, 0x13, 0xa5, 0xe2, 0xc2, 0xab, 0x66, 0x7e, 0x1a, 0x6f, 0xbc }; #endif const byte iv3[] = { 0xd7, 0x9c, 0xf2, 0x2d, 0x50, 0x4c, 0xc7, 0x93, 0xc3, 0xfb, 0x6c, 0x8a }; byte tagOut[16]; byte tagOut2[24]; byte tagOut3[32]; int ret = 0; /* Init stack variables. */ XMEMSET(tagOut, 0, sizeof(tagOut)); XMEMSET(tagOut2, 0, sizeof(tagOut2)); XMEMSET(tagOut3, 0, sizeof(tagOut3)); ret = wc_AesInit(&gmac.aes, NULL, INVALID_DEVID); if (ret != 0) return ret; #ifdef WOLFSSL_AES_128 ret = wc_GmacSetKey(&gmac, key16, sizeof(key16)); if (ret == 0) { ret = wc_GmacUpdate(&gmac, iv, sizeof(iv), authIn, sizeof(authIn), tagOut, sizeof(tag1)); if (ret == 0) { ret = XMEMCMP(tag1, tagOut, sizeof(tag1)); } wc_AesFree(&gmac.aes); } #endif #ifdef WOLFSSL_AES_192 if (ret == 0) { XMEMSET(&gmac, 0, sizeof(Gmac)); ret = wc_GmacSetKey(&gmac, key24, sizeof(key24)/sizeof(byte)); } if (ret == 0) { ret = wc_GmacUpdate(&gmac, iv2, sizeof(iv2), authIn2, sizeof(authIn2), tagOut2, sizeof(tag2)); } if (ret == 0) { ret = XMEMCMP(tagOut2, tag2, sizeof(tag2)); wc_AesFree(&gmac.aes); } #endif #ifdef WOLFSSL_AES_256 if (ret == 0) { XMEMSET(&gmac, 0, sizeof(Gmac)); ret = wc_GmacSetKey(&gmac, key32, sizeof(key32)/sizeof(byte)); } if (ret == 0) { ret = wc_GmacUpdate(&gmac, iv3, sizeof(iv3), authIn3, sizeof(authIn3), tagOut3, sizeof(tag3)); } if (ret == 0) { ret = XMEMCMP(tag3, tagOut3, sizeof(tag3)); } #endif /*Pass bad args. */ if (ret == 0) { ret = wc_GmacUpdate(NULL, iv3, sizeof(iv3), authIn3, sizeof(authIn3), tagOut3, sizeof(tag3)); if (ret == BAD_FUNC_ARG) { ret = wc_GmacUpdate(&gmac, iv3, sizeof(iv3), authIn3, sizeof(authIn3), tagOut3, sizeof(tag3) - 5); } if (ret == BAD_FUNC_ARG) { ret = wc_GmacUpdate(&gmac, iv3, sizeof(iv3), authIn3, sizeof(authIn3), tagOut3, sizeof(tag3) + 1); } if (ret == BAD_FUNC_ARG) { ret = 0; } else { ret = WOLFSSL_FATAL_ERROR; } } wc_AesFree(&gmac.aes); res = TEST_RES_CHECK(ret == 0); #endif return res; } /* END test_wc_GmacUpdate */ /* * testing wc_CamelliaSetKey */ static int test_wc_CamelliaSetKey(void) { int res = TEST_SKIPPED; #ifdef HAVE_CAMELLIA Camellia camellia; /*128-bit key*/ static const byte key16[] = { 0x01, 0x23, 0x45, 0x67, 0x89, 0xab, 0xcd, 0xef, 0xfe, 0xdc, 0xba, 0x98, 0x76, 0x54, 0x32, 0x10 }; /* 192-bit key */ static const byte key24[] = { 0x01, 0x23, 0x45, 0x67, 0x89, 0xab, 0xcd, 0xef, 0xfe, 0xdc, 0xba, 0x98, 0x76, 0x54, 0x32, 0x10, 0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77 }; /* 256-bit key */ static const byte key32[] = { 0x01, 0x23, 0x45, 0x67, 0x89, 0xab, 0xcd, 0xef, 0xfe, 0xdc, 0xba, 0x98, 0x76, 0x54, 0x32, 0x10, 0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77, 0x88, 0x99, 0xaa, 0xbb, 0xcc, 0xdd, 0xee, 0xff }; static const byte iv[] = { 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0A, 0x0B, 0x0C, 0x0D, 0x0E, 0x0F }; int ret = 0; ret = wc_CamelliaSetKey(&camellia, key16, (word32)sizeof(key16), iv); if (ret == 0) { ret = wc_CamelliaSetKey(&camellia, key16, (word32)sizeof(key16), NULL); if (ret == 0) { ret = wc_CamelliaSetKey(&camellia, key24, (word32)sizeof(key24), iv); } if (ret == 0) { ret = wc_CamelliaSetKey(&camellia, key24, (word32)sizeof(key24), NULL); } if (ret == 0) { ret = wc_CamelliaSetKey(&camellia, key32, (word32)sizeof(key32), iv); } if (ret == 0) { ret = wc_CamelliaSetKey(&camellia, key32, (word32)sizeof(key32), NULL); } } /* Bad args. */ if (ret == 0) { ret = wc_CamelliaSetKey(NULL, key32, (word32)sizeof(key32), iv); if (ret != BAD_FUNC_ARG) { ret = WOLFSSL_FATAL_ERROR; } else { ret = 0; } } /* END bad args. */ res = TEST_RES_CHECK(ret == 0); #endif return res; } /* END test_wc_CammeliaSetKey */ /* * Testing wc_CamelliaSetIV() */ static int test_wc_CamelliaSetIV(void) { int res = TEST_SKIPPED; #ifdef HAVE_CAMELLIA Camellia camellia; static const byte iv[] = { 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0A, 0x0B, 0x0C, 0x0D, 0x0E, 0x0F }; int ret = 0; ret = wc_CamelliaSetIV(&camellia, iv); if (ret == 0) { ret = wc_CamelliaSetIV(&camellia, NULL); } /* Bad args. */ if (ret == 0) { ret = wc_CamelliaSetIV(NULL, NULL); if (ret != BAD_FUNC_ARG) { ret = WOLFSSL_FATAL_ERROR; } else { ret = 0; } } res = TEST_RES_CHECK(ret == 0); #endif return res; } /*END test_wc_CamelliaSetIV*/ /* * Test wc_CamelliaEncryptDirect and wc_CamelliaDecryptDirect */ static int test_wc_CamelliaEncryptDecryptDirect(void) { int res = TEST_SKIPPED; #ifdef HAVE_CAMELLIA Camellia camellia; static const byte key24[] = { 0x01, 0x23, 0x45, 0x67, 0x89, 0xab, 0xcd, 0xef, 0xfe, 0xdc, 0xba, 0x98, 0x76, 0x54, 0x32, 0x10, 0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77 }; static const byte iv[] = { 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0A, 0x0B, 0x0C, 0x0D, 0x0E, 0x0F }; static const byte plainT[] = { 0x6B, 0xC1, 0xBE, 0xE2, 0x2E, 0x40, 0x9F, 0x96, 0xE9, 0x3D, 0x7E, 0x11, 0x73, 0x93, 0x17, 0x2A }; byte enc[sizeof(plainT)]; byte dec[sizeof(enc)]; int camE = WOLFSSL_FATAL_ERROR; int camD = WOLFSSL_FATAL_ERROR; int ret = 0; /*Init stack variables.*/ XMEMSET(enc, 0, 16); XMEMSET(enc, 0, 16); ret = wc_CamelliaSetKey(&camellia, key24, (word32)sizeof(key24), iv); if (ret == 0) { ret = wc_CamelliaEncryptDirect(&camellia, enc, plainT); if (ret == 0) { ret = wc_CamelliaDecryptDirect(&camellia, dec, enc); if (XMEMCMP(plainT, dec, CAMELLIA_BLOCK_SIZE)) { ret = WOLFSSL_FATAL_ERROR; } } } /* Pass bad args. */ if (ret == 0) { camE = wc_CamelliaEncryptDirect(NULL, enc, plainT); if (camE == BAD_FUNC_ARG) { camE = wc_CamelliaEncryptDirect(&camellia, NULL, plainT); } if (camE == BAD_FUNC_ARG) { camE = wc_CamelliaEncryptDirect(&camellia, enc, NULL); } if (camE == BAD_FUNC_ARG) { camE = 0; } else { camE = WOLFSSL_FATAL_ERROR; } } if (camE != 0) { return TEST_FAIL; } if (ret == 0) { camD = wc_CamelliaDecryptDirect(NULL, dec, enc); if (camD == BAD_FUNC_ARG) { camD = wc_CamelliaDecryptDirect(&camellia, NULL, enc); } if (camD == BAD_FUNC_ARG) { camD = wc_CamelliaDecryptDirect(&camellia, dec, NULL); } if (camD == BAD_FUNC_ARG) { camD = 0; } else { camD = WOLFSSL_FATAL_ERROR; } } res = TEST_RES_CHECK(camD == 0); #endif return res; } /* END test-wc_CamelliaEncryptDecryptDirect */ /* * Testing wc_CamelliaCbcEncrypt and wc_CamelliaCbcDecrypt */ static int test_wc_CamelliaCbcEncryptDecrypt(void) { int res = TEST_SKIPPED; #ifdef HAVE_CAMELLIA Camellia camellia; static const byte key24[] = { 0x01, 0x23, 0x45, 0x67, 0x89, 0xab, 0xcd, 0xef, 0xfe, 0xdc, 0xba, 0x98, 0x76, 0x54, 0x32, 0x10, 0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77 }; static const byte plainT[] = { 0x6B, 0xC1, 0xBE, 0xE2, 0x2E, 0x40, 0x9F, 0x96, 0xE9, 0x3D, 0x7E, 0x11, 0x73, 0x93, 0x17, 0x2A }; byte enc[CAMELLIA_BLOCK_SIZE]; byte dec[CAMELLIA_BLOCK_SIZE]; int camCbcE = WOLFSSL_FATAL_ERROR; int camCbcD = WOLFSSL_FATAL_ERROR; int ret = 0; /* Init stack variables. */ XMEMSET(enc, 0, CAMELLIA_BLOCK_SIZE); XMEMSET(enc, 0, CAMELLIA_BLOCK_SIZE); ret = wc_CamelliaSetKey(&camellia, key24, (word32)sizeof(key24), NULL); if (ret == 0) { ret = wc_CamelliaCbcEncrypt(&camellia, enc, plainT, CAMELLIA_BLOCK_SIZE); if (ret != 0) { ret = WOLFSSL_FATAL_ERROR; } } if (ret == 0) { ret = wc_CamelliaSetKey(&camellia, key24, (word32)sizeof(key24), NULL); if (ret == 0) { ret = wc_CamelliaCbcDecrypt(&camellia, dec, enc, CAMELLIA_BLOCK_SIZE); if (XMEMCMP(plainT, dec, CAMELLIA_BLOCK_SIZE)) { ret = WOLFSSL_FATAL_ERROR; } } } /* Pass in bad args. */ if (ret == 0) { camCbcE = wc_CamelliaCbcEncrypt(NULL, enc, plainT, CAMELLIA_BLOCK_SIZE); if (camCbcE == BAD_FUNC_ARG) { camCbcE = wc_CamelliaCbcEncrypt(&camellia, NULL, plainT, CAMELLIA_BLOCK_SIZE); } if (camCbcE == BAD_FUNC_ARG) { camCbcE = wc_CamelliaCbcEncrypt(&camellia, enc, NULL, CAMELLIA_BLOCK_SIZE); } if (camCbcE == BAD_FUNC_ARG) { camCbcE = 0; } else { camCbcE = WOLFSSL_FATAL_ERROR; } } if (camCbcE != 0) { return TEST_FAIL; } if (ret == 0) { camCbcD = wc_CamelliaCbcDecrypt(NULL, dec, enc, CAMELLIA_BLOCK_SIZE); if (camCbcD == BAD_FUNC_ARG) { camCbcD = wc_CamelliaCbcDecrypt(&camellia, NULL, enc, CAMELLIA_BLOCK_SIZE); } if (camCbcD == BAD_FUNC_ARG) { camCbcD = wc_CamelliaCbcDecrypt(&camellia, dec, NULL, CAMELLIA_BLOCK_SIZE); } if (camCbcD == BAD_FUNC_ARG) { camCbcD = 0; } else { camCbcD = WOLFSSL_FATAL_ERROR; } } /* END bad args. */ res = TEST_RES_CHECK(camCbcD == 0); #endif return res; } /* END test_wc_CamelliaCbcEncryptDecrypt */ /* * Testing wc_Arc4SetKey() */ static int test_wc_Arc4SetKey(void) { int res = TEST_SKIPPED; #ifndef NO_RC4 Arc4 arc; const char* key = "\x01\x23\x45\x67\x89\xab\xcd\xef"; int keyLen = 8; int ret = 0; ret = wc_Arc4SetKey(&arc, (byte*)key, keyLen); /* Test bad args. */ if (ret == 0) { ret = wc_Arc4SetKey(NULL, (byte*)key, keyLen); if (ret == BAD_FUNC_ARG) ret = wc_Arc4SetKey(&arc, NULL, keyLen); /* NULL key */ if (ret == BAD_FUNC_ARG) ret = wc_Arc4SetKey(&arc, (byte*)key, 0); /* length == 0 */ if (ret == BAD_FUNC_ARG) ret = WOLFSSL_ERROR_NONE; else ret = WOLFSSL_FATAL_ERROR; } /* END test bad args. */ res = TEST_RES_CHECK(ret == 0); #endif return res; } /* END test_wc_Arc4SetKey */ /* * Testing wc_Arc4Process for ENC/DEC. */ static int test_wc_Arc4Process(void) { int res = TEST_SKIPPED; #ifndef NO_RC4 Arc4 enc, dec; const char* key = "\x01\x23\x45\x67\x89\xab\xcd\xef"; int keyLen = 8; const char* input = "\x01\x23\x45\x67\x89\xab\xcd\xef"; byte cipher[8]; byte plain[8]; int ret; /* Init stack variables */ XMEMSET(cipher, 0, sizeof(cipher)); XMEMSET(plain, 0, sizeof(plain)); /* Use for async. */ ret = wc_Arc4Init(&enc, NULL, INVALID_DEVID); if (ret == 0) { ret = wc_Arc4Init(&dec, NULL, INVALID_DEVID); } if (ret == 0) { ret = wc_Arc4SetKey(&enc, (byte*)key, keyLen); } if (ret == 0) { ret = wc_Arc4SetKey(&dec, (byte*)key, keyLen); } if (ret == 0) { ret = wc_Arc4Process(&enc, cipher, (byte*)input, keyLen); } if (ret == 0) { ret = wc_Arc4Process(&dec, plain, cipher, keyLen); if (ret != 0 || XMEMCMP(plain, input, keyLen)) { ret = WOLFSSL_FATAL_ERROR; } else { ret = 0; } } /* Bad args. */ if (ret == 0) { ret = wc_Arc4Process(NULL, plain, cipher, keyLen); if (ret == BAD_FUNC_ARG) { ret = wc_Arc4Process(&dec, NULL, cipher, keyLen); } if (ret == BAD_FUNC_ARG) { ret = wc_Arc4Process(&dec, plain, NULL, keyLen); } if (ret == BAD_FUNC_ARG) { ret = 0; } else { ret = WOLFSSL_FATAL_ERROR; } } wc_Arc4Free(&enc); wc_Arc4Free(&dec); res = TEST_RES_CHECK(ret == 0); #endif return res; }/* END test_wc_Arc4Process */ /* * Testing wc_Init RsaKey() */ static int test_wc_InitRsaKey(void) { int res = TEST_SKIPPED; #ifndef NO_RSA RsaKey key; int ret = 0; ret = wc_InitRsaKey(&key, HEAP_HINT); /* Test bad args. */ if (ret == 0) { ret = wc_InitRsaKey(NULL, HEAP_HINT); #ifndef HAVE_USER_RSA if (ret == BAD_FUNC_ARG) { ret = 0; } else { #else if (ret == USER_CRYPTO_ERROR) { ret = 0; } else { #endif ret = WOLFSSL_FATAL_ERROR; } } /* end if */ if (wc_FreeRsaKey(&key) || ret != 0) { ret = WOLFSSL_FATAL_ERROR; } res = TEST_RES_CHECK(ret == 0); #endif return res; } /* END test_wc_InitRsaKey */ /* * Testing wc_RsaPrivateKeyDecode() */ static int test_wc_RsaPrivateKeyDecode(void) { int res = TEST_SKIPPED; #if !defined(NO_RSA) && (defined(USE_CERT_BUFFERS_1024)\ || defined(USE_CERT_BUFFERS_2048)) && !defined(HAVE_FIPS) RsaKey key; byte* tmp; word32 idx = 0; int bytes = 0; int ret = 0; tmp = (byte*)XMALLOC(FOURK_BUF, NULL, DYNAMIC_TYPE_TMP_BUFFER); if (tmp == NULL) { ret = WOLFSSL_FATAL_ERROR; } if (ret == 0) { ret = wc_InitRsaKey(&key, HEAP_HINT); } if (ret == 0) { #ifdef USE_CERT_BUFFERS_1024 XMEMCPY(tmp, client_key_der_1024, sizeof_client_key_der_1024); bytes = sizeof_client_key_der_1024; #else XMEMCPY(tmp, client_key_der_2048, sizeof_client_key_der_2048); bytes = sizeof_client_key_der_2048; #endif /* Use cert buffers. */ ret = wc_RsaPrivateKeyDecode(tmp, &idx, &key, (word32)bytes); } #ifndef HAVE_USER_RSA /* Test bad args. */ if (ret == 0) { ret = wc_RsaPrivateKeyDecode(NULL, &idx, &key, (word32)bytes); if (ret == BAD_FUNC_ARG) { ret = wc_RsaPrivateKeyDecode(tmp, NULL, &key, (word32)bytes); } if (ret == BAD_FUNC_ARG) { ret = wc_RsaPrivateKeyDecode(tmp, &idx, NULL, (word32)bytes); } if (ret == BAD_FUNC_ARG) { ret = 0; } else { ret = WOLFSSL_FATAL_ERROR; } } #else /* Test bad args. User RSA. */ if (ret == 0) { ret = wc_RsaPrivateKeyDecode(NULL, &idx, &key, (word32)bytes); if (ret == USER_CRYPTO_ERROR) { ret = wc_RsaPrivateKeyDecode(tmp, NULL, &key, (word32)bytes); } if (ret == USER_CRYPTO_ERROR) { ret = wc_RsaPrivateKeyDecode(tmp, &idx, NULL, (word32)bytes); } if (ret == USER_CRYPTO_ERROR) { ret = 0; } else { ret = WOLFSSL_FATAL_ERROR; } } #endif if (tmp != NULL) { XFREE(tmp, NULL, DYNAMIC_TYPE_TMP_BUFFER); } if (wc_FreeRsaKey(&key) || ret != 0) { ret = WOLFSSL_FATAL_ERROR; } res = TEST_RES_CHECK(ret == 0); #endif return res; } /* END test_wc_RsaPrivateKeyDecode */ /* * Testing wc_RsaPublicKeyDecode() */ static int test_wc_RsaPublicKeyDecode(void) { int res = TEST_SKIPPED; #if !defined(NO_RSA) && (defined(USE_CERT_BUFFERS_1024)\ || defined(USE_CERT_BUFFERS_2048)) && !defined(HAVE_FIPS) RsaKey keyPub; byte* tmp; word32 idx = 0; int bytes = 0; word32 keySz = 0; word32 tstKeySz = 0; int ret = 0; #if defined(WC_RSA_PSS) && !defined(NO_FILESYSTEM) XFILE f; const char* rsaPssPubKey = "./certs/rsapss/ca-rsapss-key.der"; const char* rsaPssPubKeyNoParams = "./certs/rsapss/ca-3072-rsapss-key.der"; byte buf[4096]; #endif tmp = (byte*)XMALLOC(GEN_BUF, NULL, DYNAMIC_TYPE_TMP_BUFFER); if (tmp == NULL) { ret = WOLFSSL_FATAL_ERROR; } if (ret == 0) { ret = wc_InitRsaKey(&keyPub, HEAP_HINT); } if (ret == 0) { #ifdef USE_CERT_BUFFERS_1024 XMEMCPY(tmp, client_keypub_der_1024, sizeof_client_keypub_der_1024); bytes = sizeof_client_keypub_der_1024; keySz = 1024; #else XMEMCPY(tmp, client_keypub_der_2048, sizeof_client_keypub_der_2048); bytes = sizeof_client_keypub_der_2048; keySz = 2048; #endif ret = wc_RsaPublicKeyDecode(tmp, &idx, &keyPub, (word32)bytes); } #ifndef HAVE_USER_RSA /* Pass in bad args. */ if (ret == 0) { ret = wc_RsaPublicKeyDecode(NULL, &idx, &keyPub, (word32)bytes); if (ret == BAD_FUNC_ARG) { ret = wc_RsaPublicKeyDecode(tmp, NULL, &keyPub, (word32)bytes); } if (ret == BAD_FUNC_ARG) { ret = wc_RsaPublicKeyDecode(tmp, &idx, NULL, (word32)bytes); } if (ret == BAD_FUNC_ARG) { ret = 0; } else { ret = WOLFSSL_FATAL_ERROR; } } #else /* Pass in bad args. */ if (ret == 0) { ret = wc_RsaPublicKeyDecode(NULL, &idx, &keyPub, (word32)bytes); if (ret == USER_CRYPTO_ERROR) { ret = wc_RsaPublicKeyDecode(tmp, NULL, &keyPub, (word32)bytes); } if (ret == USER_CRYPTO_ERROR) { ret = wc_RsaPublicKeyDecode(tmp, &idx, NULL, (word32)bytes); } if (ret == USER_CRYPTO_ERROR) { ret = 0; } else { ret = WOLFSSL_FATAL_ERROR; } } #endif if (wc_FreeRsaKey(&keyPub) || ret != 0) { ret = WOLFSSL_FATAL_ERROR; } if (ret == 0) { /* Test for getting modulus key size */ idx = 0; ret = wc_RsaPublicKeyDecode_ex(tmp, &idx, (word32)bytes, NULL, &tstKeySz, NULL, NULL); ret = (ret == 0 && tstKeySz == keySz/8) ? 0 : WOLFSSL_FATAL_ERROR; } #if defined(WC_RSA_PSS) && !defined(NO_FILESYSTEM) f = XFOPEN(rsaPssPubKey, "rb"); AssertTrue((f != XBADFILE)); bytes = (int)XFREAD(buf, 1, sizeof(buf), f); XFCLOSE(f); idx = 0; AssertIntEQ(wc_RsaPublicKeyDecode_ex(buf, &idx, bytes, NULL, NULL, NULL, NULL), 0); f = XFOPEN(rsaPssPubKeyNoParams, "rb"); AssertTrue((f != XBADFILE)); bytes = (int)XFREAD(buf, 1, sizeof(buf), f); XFCLOSE(f); idx = 0; AssertIntEQ(wc_RsaPublicKeyDecode_ex(buf, &idx, bytes, NULL, NULL, NULL, NULL), 0); #endif if (tmp != NULL) { XFREE(tmp, NULL, DYNAMIC_TYPE_TMP_BUFFER); } res = TEST_RES_CHECK(ret == 0); #endif return res; } /* END test_wc_RsaPublicKeyDecode */ /* * Testing wc_RsaPublicKeyDecodeRaw() */ static int test_wc_RsaPublicKeyDecodeRaw(void) { int res = TEST_SKIPPED; #if !defined(NO_RSA) RsaKey key; const byte n = 0x23; const byte e = 0x03; int nSz = sizeof(n); int eSz = sizeof(e); int ret; ret = wc_InitRsaKey(&key, HEAP_HINT); if (ret == 0) { ret = wc_RsaPublicKeyDecodeRaw(&n, nSz, &e, eSz, &key); } #ifndef HAVE_USER_RSA /* Pass in bad args. */ if (ret == 0) { ret = wc_RsaPublicKeyDecodeRaw(NULL, nSz, &e, eSz, &key); if (ret == BAD_FUNC_ARG) { ret = wc_RsaPublicKeyDecodeRaw(&n, nSz, NULL, eSz, &key); } if (ret == BAD_FUNC_ARG) { ret = wc_RsaPublicKeyDecodeRaw(&n, nSz, &e, eSz, NULL); } if (ret == BAD_FUNC_ARG) { ret = 0; } else { ret = WOLFSSL_FATAL_ERROR; } } #else /* Pass in bad args. User RSA. */ if (ret == 0) { ret = wc_RsaPublicKeyDecodeRaw(NULL, nSz, &e, eSz, &key); if (ret == USER_CRYPTO_ERROR) { ret = wc_RsaPublicKeyDecodeRaw(&n, nSz, NULL, eSz, &key); } if (ret == USER_CRYPTO_ERROR) { ret = wc_RsaPublicKeyDecodeRaw(&n, nSz, &e, eSz, NULL); } if (ret == USER_CRYPTO_ERROR) { ret = 0; } else { ret = WOLFSSL_FATAL_ERROR; } } #endif if (wc_FreeRsaKey(&key) || ret != 0) { ret = WOLFSSL_FATAL_ERROR; } res = TEST_RES_CHECK(ret == 0); #endif return res; } /* END test_wc_RsaPublicKeyDecodeRaw */ #if (!defined(NO_RSA) || !defined(HAVE_FAST_RSA)) && defined(WOLFSSL_KEY_GEN) /* In FIPS builds, wc_MakeRsaKey() will return an error if it cannot find * a probable prime in 5*(modLen/2) attempts. In non-FIPS builds, it keeps * trying until it gets a probable prime. */ #ifdef HAVE_FIPS static int MakeRsaKeyRetry(RsaKey* key, int size, long e, WC_RNG* rng) { int ret; for (;;) { ret = wc_MakeRsaKey(key, size, e, rng); if (ret != PRIME_GEN_E) break; fprintf(stderr, "MakeRsaKey couldn't find prime; " "trying again.\n"); } return ret; } #define MAKE_RSA_KEY(a, b, c, d) MakeRsaKeyRetry(a, b, c, d) #else #define MAKE_RSA_KEY(a, b, c, d) wc_MakeRsaKey(a, b, c, d) #endif #endif /* * Testing wc_MakeRsaKey() */ static int test_wc_MakeRsaKey(void) { int res = TEST_SKIPPED; #if !defined(NO_RSA) && defined(WOLFSSL_KEY_GEN) RsaKey genKey; WC_RNG rng; #if (!defined(WOLFSSL_SP_MATH) || defined(WOLFSSL_SP_MATH_ALL)) && \ (!defined(HAVE_FIPS_VERSION) || (HAVE_FIPS_VERSION < 4)) int bits = 1024; #else int bits = 2048; #endif int ret = 0; ret = wc_InitRsaKey(&genKey, HEAP_HINT); if (ret == 0) { ret = wc_InitRng(&rng); if (ret == 0) { ret = MAKE_RSA_KEY(&genKey, bits, WC_RSA_EXPONENT, &rng); if (ret == 0 && wc_FreeRsaKey(&genKey) != 0) { ret = WOLFSSL_FATAL_ERROR; } } } #ifndef HAVE_USER_RSA /* Test bad args. */ if (ret == 0) { ret = MAKE_RSA_KEY(NULL, bits, WC_RSA_EXPONENT, &rng); if (ret == BAD_FUNC_ARG) { ret = MAKE_RSA_KEY(&genKey, bits, WC_RSA_EXPONENT, NULL); } if (ret == BAD_FUNC_ARG) { /* e < 3 */ ret = MAKE_RSA_KEY(&genKey, bits, 2, &rng); } if (ret == BAD_FUNC_ARG) { /* e & 1 == 0 */ ret = MAKE_RSA_KEY(&genKey, bits, 6, &rng); } if (ret == BAD_FUNC_ARG) { ret = 0; } else { ret = WOLFSSL_FATAL_ERROR; } } #else /* Test bad args. */ if (ret == 0) { ret = MAKE_RSA_KEY(NULL, bits, WC_RSA_EXPONENT, &rng); if (ret == USER_CRYPTO_ERROR) { ret = MAKE_RSA_KEY(&genKey, bits, WC_RSA_EXPONENT, NULL); } if (ret == USER_CRYPTO_ERROR) { /* e < 3 */ ret = MAKE_RSA_KEY(&genKey, bits, 2, &rng); } if (ret == USER_CRYPTO_ERROR) { /* e & 1 == 0 */ ret = MAKE_RSA_KEY(&genKey, bits, 6, &rng); } if (ret == USER_CRYPTO_ERROR) { ret = 0; } else { ret = WOLFSSL_FATAL_ERROR; } } #endif if (wc_FreeRng(&rng) || ret != 0) { ret = WOLFSSL_FATAL_ERROR; } res = TEST_RES_CHECK(ret == 0); #endif return res; } /* END test_wc_MakeRsaKey */ /* * Test the bounds checking on the cipher text versus the key modulus. * 1. Make a new RSA key. * 2. Set c to 1. * 3. Decrypt c into k. (error) * 4. Copy the key modulus to c and sub 1 from the copy. * 5. Decrypt c into k. (error) * Valid bounds test cases are covered by all the other RSA tests. */ static int test_RsaDecryptBoundsCheck(void) { int res = TEST_SKIPPED; #if !defined(NO_RSA) && defined(WC_RSA_NO_PADDING) && \ (defined(USE_CERT_BUFFERS_1024) || defined(USE_CERT_BUFFERS_2048)) && \ defined(WOLFSSL_PUBLIC_MP) && !defined(NO_RSA_BOUNDS_CHECK) WC_RNG rng; RsaKey key; byte flatC[256]; word32 flatCSz; byte out[256]; word32 outSz = sizeof(out); int ret; XMEMSET(&rng, 0, sizeof(rng)); ret = wc_InitRng(&rng); if (ret == 0) ret = wc_InitRsaKey(&key, HEAP_HINT); if (ret == 0) { const byte* derKey; word32 derKeySz; word32 idx = 0; #ifdef USE_CERT_BUFFERS_1024 derKey = server_key_der_1024; derKeySz = (word32)sizeof_server_key_der_1024; flatCSz = 128; #else derKey = server_key_der_2048; derKeySz = (word32)sizeof_server_key_der_2048; flatCSz = 256; #endif ret = wc_RsaPrivateKeyDecode(derKey, &idx, &key, derKeySz); } if (ret == 0) { XMEMSET(flatC, 0, flatCSz); flatC[flatCSz-1] = 1; ret = wc_RsaDirect(flatC, flatCSz, out, &outSz, &key, RSA_PRIVATE_DECRYPT, &rng); if (ret == RSA_OUT_OF_RANGE_E) { mp_int c; mp_init_copy(&c, &key.n); mp_sub_d(&c, 1, &c); mp_to_unsigned_bin(&c, flatC); ret = wc_RsaDirect(flatC, flatCSz, out, &outSz, &key, RSA_PRIVATE_DECRYPT, NULL); mp_clear(&c); } if (ret == RSA_OUT_OF_RANGE_E) ret = 0; else ret = WOLFSSL_FATAL_ERROR; } if (wc_FreeRsaKey(&key) || wc_FreeRng(&rng) || ret != 0) ret = WOLFSSL_FATAL_ERROR; res = TEST_RES_CHECK(ret == 0); #endif return res; } /* END test_wc_RsaDecryptBoundsCheck */ /* * Testing wc_SetKeyUsage() */ static int test_wc_SetKeyUsage(void) { int res = TEST_SKIPPED; #if !defined(NO_RSA) && defined(WOLFSSL_CERT_EXT) && defined(WOLFSSL_CERT_GEN) && !defined(HAVE_FIPS) Cert myCert; int ret = 0; ret = wc_InitCert(&myCert); if (ret == 0) { ret = wc_SetKeyUsage(&myCert, "keyEncipherment,keyAgreement"); if (ret == 0) { ret = wc_SetKeyUsage(&myCert, "digitalSignature,nonRepudiation"); } if (ret == 0) { ret = wc_SetKeyUsage(&myCert, "contentCommitment,encipherOnly"); } if (ret == 0) { ret = wc_SetKeyUsage(&myCert, "decipherOnly"); } if (ret == 0) { ret = wc_SetKeyUsage(&myCert, "cRLSign,keyCertSign"); } } /* Test bad args. */ if (ret == 0) { ret = wc_SetKeyUsage(NULL, "decipherOnly"); if (ret == BAD_FUNC_ARG) { ret = wc_SetKeyUsage(&myCert, NULL); } if (ret == BAD_FUNC_ARG) { ret = wc_SetKeyUsage(&myCert, ""); } if (ret == KEYUSAGE_E) { ret = wc_SetKeyUsage(&myCert, ","); } if (ret == KEYUSAGE_E) { ret = wc_SetKeyUsage(&myCert, "digitalSignature, cRLSign"); } if (ret == KEYUSAGE_E) { ret = 0; } else { ret = WOLFSSL_FATAL_ERROR; } } res = TEST_RES_CHECK(ret == 0); #endif return res; } /* END test_wc_SetKeyUsage */ /* * Testing wc_CheckProbablePrime() */ static int test_wc_CheckProbablePrime(void) { int res = TEST_SKIPPED; #if !defined(NO_RSA) && defined(WOLFSSL_KEY_GEN) && !defined(HAVE_SELFTEST) && \ !defined(HAVE_FIPS) && defined(WC_RSA_BLINDING) #define CHECK_PROBABLE_PRIME_KEY_BITS 2048 RsaKey key; WC_RNG rng; byte e[3]; word32 eSz = (word32)sizeof(e); byte n[CHECK_PROBABLE_PRIME_KEY_BITS / 8]; word32 nSz = (word32)sizeof(n); byte d[CHECK_PROBABLE_PRIME_KEY_BITS / 8]; word32 dSz = (word32)sizeof(d); byte p[CHECK_PROBABLE_PRIME_KEY_BITS / 8 / 2]; word32 pSz = (word32)sizeof(p); byte q[CHECK_PROBABLE_PRIME_KEY_BITS / 8 / 2]; word32 qSz = (word32)sizeof(q); int nlen = CHECK_PROBABLE_PRIME_KEY_BITS; int ret = 0; int* isPrime; int test[5]; isPrime = test; ret = wc_InitRsaKey(&key, HEAP_HINT); if (ret == 0) { ret = wc_InitRng(&rng); } if (ret == 0) { ret = wc_RsaSetRNG(&key, &rng); } if (ret == 0) { ret = wc_MakeRsaKey(&key, CHECK_PROBABLE_PRIME_KEY_BITS, WC_RSA_EXPONENT, &rng); } if (ret == 0) { PRIVATE_KEY_UNLOCK(); ret = wc_RsaExportKey(&key, e, &eSz, n, &nSz, d, &dSz, p, &pSz, q, &qSz); PRIVATE_KEY_LOCK(); } /* Bad cases */ if (ret == 0) { ret = wc_CheckProbablePrime(NULL, pSz, q, qSz, e, eSz, nlen, isPrime); if (ret == BAD_FUNC_ARG) { ret = 0; } } if (ret == 0) { ret = wc_CheckProbablePrime(p, 0, q, qSz, e, eSz, nlen, isPrime); if (ret == BAD_FUNC_ARG) { ret = 0; } } if (ret == 0) { ret = wc_CheckProbablePrime(p, pSz, NULL, qSz, e, eSz, nlen, isPrime); if (ret == BAD_FUNC_ARG) { ret = 0; } } if (ret == 0) { ret = wc_CheckProbablePrime(p, pSz, q, 0, e, eSz, nlen, isPrime); if (ret == BAD_FUNC_ARG) { ret = 0; } } if (ret == 0) { ret = wc_CheckProbablePrime(p, pSz, q, qSz, NULL, eSz, nlen, isPrime); if (ret == BAD_FUNC_ARG) { ret = 0; } } if (ret == 0) { ret = wc_CheckProbablePrime(p, pSz, q, qSz, e, 0, nlen, isPrime); if (ret == BAD_FUNC_ARG) { ret = 0; } } if (ret == 0) { ret = wc_CheckProbablePrime(NULL, 0, NULL, 0, NULL, 0, nlen, isPrime); if (ret == BAD_FUNC_ARG) { ret = 0; } } /* Good case */ if (ret == 0) { ret = wc_CheckProbablePrime(p, pSz, q, qSz, e, eSz, nlen, isPrime); } wc_FreeRsaKey(&key); wc_FreeRng(&rng); #undef CHECK_PROBABLE_PRIME_KEY_BITS res = TEST_RES_CHECK(ret == 0); #endif return res; } /* END test_wc_CheckProbablePrime */ /* * Testing wc_RsaPSS_Verify() */ static int test_wc_RsaPSS_Verify(void) { int res = TEST_SKIPPED; #if !defined(NO_RSA) && defined(WOLFSSL_KEY_GEN) && !defined(HAVE_SELFTEST) && \ !defined(HAVE_FIPS) && defined(WC_RSA_BLINDING) && defined(WC_RSA_PSS) RsaKey key; WC_RNG rng; int sz = 256; byte* pt; const char* szMessage = "This is the string to be signed"; unsigned char pSignature[2048/8]; /* 2048 is RSA_KEY_SIZE */ unsigned char pDecrypted[2048/8]; word32 outLen = sizeof(pDecrypted); int ret = 0; pt = pDecrypted; ret = wc_InitRsaKey(&key, HEAP_HINT); if (ret == 0) { ret = wc_InitRng(&rng); } if (ret == 0) { ret = wc_RsaSetRNG(&key, &rng); } if (ret == 0) { ret = wc_MakeRsaKey(&key, 2048, WC_RSA_EXPONENT, &rng); } if (ret == 0) { ret = wc_RsaPSS_Sign((byte*)szMessage, (word32)XSTRLEN(szMessage)+1, pSignature, sizeof(pSignature), WC_HASH_TYPE_SHA256, WC_MGF1SHA256, &key, &rng); if (ret > 0) { sz = ret; ret = 0; } } /* Bad cases */ if (ret == 0) { ret = wc_RsaPSS_Verify(NULL, sz, pt, outLen, WC_HASH_TYPE_SHA256, WC_MGF1SHA256, &key); if (ret == BAD_FUNC_ARG) { ret = 0; } } if (ret == 0) { ret = wc_RsaPSS_Verify(pSignature, 0, pt, outLen, WC_HASH_TYPE_SHA256, WC_MGF1SHA256, &key); if (ret == BAD_FUNC_ARG) { ret = 0; } } if (ret == 0) { ret = wc_RsaPSS_Verify(pSignature, sz, NULL, outLen, WC_HASH_TYPE_SHA256, WC_MGF1SHA256, &key); if (ret == BAD_FUNC_ARG) { ret = 0; } } if (ret == 0) { ret = wc_RsaPSS_Verify(NULL, 0, NULL, outLen, WC_HASH_TYPE_SHA256, WC_MGF1SHA256, &key); if (ret == BAD_FUNC_ARG) { ret = 0; } } /* Good case */ if (ret == 0) { ret = wc_RsaPSS_Verify(pSignature, sz, pt, outLen, WC_HASH_TYPE_SHA256, WC_MGF1SHA256, &key); if (ret > 0) { ret = 0; } } wc_FreeRsaKey(&key); wc_FreeRng(&rng); res = TEST_RES_CHECK(ret == 0); #endif return res; } /* END test_wc_RsaPSS_Verify */ /* * Testing wc_RsaPSS_VerifyCheck() */ static int test_wc_RsaPSS_VerifyCheck(void) { int res = TEST_SKIPPED; #if !defined(NO_RSA) && defined(WOLFSSL_KEY_GEN) && !defined(HAVE_SELFTEST) && \ !defined(HAVE_FIPS) && defined(WC_RSA_BLINDING) && defined(WC_RSA_PSS) RsaKey key; WC_RNG rng; int sz = 256; /* 2048/8 */ byte* pt; byte digest[32]; word32 digestSz = sizeof(digest); unsigned char pSignature[2048/8]; /* 2048 is RSA_KEY_SIZE */ word32 pSignatureSz = sizeof(pSignature); unsigned char pDecrypted[2048/8]; word32 outLen = sizeof(pDecrypted); int ret = 0; pt = pDecrypted; XMEMSET(digest, 0, sizeof(digest)); XMEMSET(pSignature, 0, sizeof(pSignature)); ret = wc_InitRsaKey(&key, HEAP_HINT); if (ret == 0) { ret = wc_InitRng(&rng); } if (ret == 0) { ret = wc_RsaSetRNG(&key, &rng); } if (ret == 0) { ret = wc_MakeRsaKey(&key, 2048, WC_RSA_EXPONENT, &rng); } if (ret == 0) { digestSz = wc_HashGetDigestSize(WC_HASH_TYPE_SHA256); ret = wc_Hash(WC_HASH_TYPE_SHA256, pSignature, sz, digest, digestSz); } if (ret == 0) { ret = wc_RsaPSS_Sign(digest, digestSz, pSignature, pSignatureSz, WC_HASH_TYPE_SHA256, WC_MGF1SHA256, &key, &rng); if (ret > 0) { sz = ret; ret = 0; } } /* Bad cases */ if (ret == 0) { ret = wc_RsaPSS_VerifyCheck(NULL, sz, pt, outLen, digest, digestSz, WC_HASH_TYPE_SHA256, WC_MGF1SHA256, &key); if (ret == BAD_FUNC_ARG) { ret = 0; } } if (ret == 0) { ret = wc_RsaPSS_VerifyCheck(pSignature, 0, pt, outLen, digest, digestSz, WC_HASH_TYPE_SHA256, WC_MGF1SHA256, &key); if (ret == BAD_FUNC_ARG) { ret = 0; } } if (ret == 0) { ret = wc_RsaPSS_VerifyCheck(pSignature, sz, NULL, outLen, digest, digestSz, WC_HASH_TYPE_SHA256, WC_MGF1SHA256, &key); if (ret == BAD_FUNC_ARG) { ret = 0; } } if (ret == 0) { ret = wc_RsaPSS_VerifyCheck(NULL, 0, NULL, outLen, digest, digestSz, WC_HASH_TYPE_SHA256, WC_MGF1SHA256, &key); if (ret == BAD_FUNC_ARG) { ret = 0; } } /* Good case */ if (ret == 0) { ret = wc_RsaPSS_VerifyCheck(pSignature, sz, pt, outLen, digest, digestSz, WC_HASH_TYPE_SHA256, WC_MGF1SHA256, &key); if (ret > 0) { ret = 0; } } wc_FreeRsaKey(&key); wc_FreeRng(&rng); res = TEST_RES_CHECK(ret == 0); #endif return res; } /* END test_wc_RsaPSS_VerifyCheck */ /* * Testing wc_RsaPSS_VerifyCheckInline() */ static int test_wc_RsaPSS_VerifyCheckInline(void) { int res = TEST_SKIPPED; #if !defined(NO_RSA) && defined(WOLFSSL_KEY_GEN) && !defined(HAVE_SELFTEST) && \ !defined(HAVE_FIPS) && defined(WC_RSA_BLINDING) && defined(WC_RSA_PSS) RsaKey key; WC_RNG rng; int sz = 256; byte* pt; byte digest[32]; word32 digestSz = sizeof(digest); unsigned char pSignature[2048/8]; /* 2048 is RSA_KEY_SIZE */ unsigned char pDecrypted[2048/8]; int ret; pt = pDecrypted; ret = wc_InitRsaKey(&key, HEAP_HINT); XMEMSET(digest, 0, sizeof(digest)); XMEMSET(pSignature, 0, sizeof(pSignature)); if (ret == 0) { ret = wc_InitRng(&rng); } if (ret == 0) { ret = wc_RsaSetRNG(&key, &rng); } if (ret == 0) { ret = wc_MakeRsaKey(&key, 2048, WC_RSA_EXPONENT, &rng); } if (ret == 0) { digestSz = wc_HashGetDigestSize(WC_HASH_TYPE_SHA256); ret = wc_Hash(WC_HASH_TYPE_SHA256, pSignature, sz, digest, digestSz); } if (ret == 0) { ret = wc_RsaPSS_Sign(digest, digestSz, pSignature, sizeof(pSignature), WC_HASH_TYPE_SHA256, WC_MGF1SHA256, &key, &rng); if (ret > 0) { sz = ret; ret = 0; } } /* Bad Cases */ if (ret == 0) { ret = wc_RsaPSS_VerifyCheckInline(NULL, sz, &pt, digest, digestSz, WC_HASH_TYPE_SHA256, WC_MGF1SHA256, &key); if (ret == BAD_FUNC_ARG) { ret = 0; } } if (ret == 0) { ret = wc_RsaPSS_VerifyCheckInline(pSignature, 0, NULL, digest, digestSz, WC_HASH_TYPE_SHA256, WC_MGF1SHA256, &key); if (ret == BAD_FUNC_ARG) { ret = 0; } } if (ret == 0) { ret = wc_RsaPSS_VerifyCheckInline(NULL, 0, &pt, digest, digestSz, WC_HASH_TYPE_SHA256, WC_MGF1SHA256, &key); if (ret == BAD_FUNC_ARG) { ret = 0; } } if (ret == 0) { ret = wc_RsaPSS_VerifyCheckInline(pSignature, sz, &pt, digest, digestSz, WC_HASH_TYPE_SHA, WC_MGF1SHA256, &key); if (ret == BAD_FUNC_ARG) { ret = 0; } } /* Good case */ if (ret == 0) { ret = wc_RsaPSS_VerifyCheckInline(pSignature, sz, &pt, digest, digestSz, WC_HASH_TYPE_SHA256, WC_MGF1SHA256, &key); if (ret > 0) { ret = 0; } } wc_FreeRsaKey(&key); wc_FreeRng(&rng); res = TEST_RES_CHECK(ret == 0); #endif return res; } /* END test_wc_RsaPSS_VerifyCheckInline */ #if defined(OPENSSL_EXTRA) || defined(HAVE_WEBSERVER) static void sample_mutex_cb (int flag, int type, const char* file, int line) { (void)flag; (void)type; (void)file; (void)line; } #endif /* * Testing wc_LockMutex_ex */ static int test_wc_LockMutex_ex(void) { int res = TEST_SKIPPED; #if defined(OPENSSL_EXTRA) || defined(HAVE_WEBSERVER) int ret = 0; int flag = CRYPTO_LOCK; int type = 0; const char* file = "./test-LockMutex_ex.txt"; int line = 0; /* without SetMutexCb */ ret = wc_LockMutex_ex(flag, type, file, line); if (ret == BAD_STATE_E) { ret = 0; } /* with SetMutexCb */ if (ret == 0) { ret = wc_SetMutexCb(sample_mutex_cb); if (ret == 0) { ret = wc_LockMutex_ex(flag, type, file, line); } } res = TEST_RES_CHECK(ret == 0); #endif return res; }/*End test_wc_LockMutex_ex*/ /* * Testing wc_SetMutexCb */ static int test_wc_SetMutexCb(void) { int res = TEST_SKIPPED; #if defined(OPENSSL_EXTRA) || defined(HAVE_WEBSERVER) int ret = wc_SetMutexCb(sample_mutex_cb); res = TEST_RES_CHECK(ret == 0); #endif return res; }/*End test_wc_SetMutexCb*/ /* * Testing wc_RsaKeyToDer() */ static int test_wc_RsaKeyToDer(void) { int res = TEST_SKIPPED; #if !defined(NO_RSA) && defined(WOLFSSL_KEY_GEN) RsaKey genKey; WC_RNG rng; byte* der; int ret = 0; #if (!defined(WOLFSSL_SP_MATH) || defined(WOLFSSL_SP_MATH_ALL)) && \ (!defined(HAVE_FIPS_VERSION) || (HAVE_FIPS_VERSION < 4)) int bits = 1024; word32 derSz = 611; /* (2 x 128) + 2 (possible leading 00) + (5 x 64) + 5 (possible leading 00) + 3 (e) + 8 (ASN tag) + 10 (ASN length) + 4 seqSz + 3 version */ #else int bits = 2048; word32 derSz = 1196; /* (2 x 256) + 2 (possible leading 00) + (5 x 128) + 5 (possible leading 00) + 3 (e) + 8 (ASN tag) + 17 (ASN length) + 4 seqSz + 3 version */ #endif XMEMSET(&rng, 0, sizeof(rng)); XMEMSET(&genKey, 0, sizeof(genKey)); der = (byte*)XMALLOC(derSz, NULL, DYNAMIC_TYPE_TMP_BUFFER); if (der == NULL) { ret = WOLFSSL_FATAL_ERROR; } /* Init structures. */ if (ret == 0) { ret = wc_InitRsaKey(&genKey, HEAP_HINT); } if (ret == 0) { ret = wc_InitRng(&rng); } /* Make key. */ if (ret == 0) { ret = MAKE_RSA_KEY(&genKey, bits, WC_RSA_EXPONENT, &rng); if (ret != 0) { ret = WOLFSSL_FATAL_ERROR; } } if (ret == 0) { ret = wc_RsaKeyToDer(&genKey, der, derSz); if (ret > 0) { ret = 0; } else { ret = WOLFSSL_FATAL_ERROR; } } #ifndef HAVE_USER_RSA /* Pass good/bad args. */ if (ret == 0) { ret = wc_RsaKeyToDer(NULL, der, FOURK_BUF); if (ret == BAD_FUNC_ARG) { /* Get just the output length */ ret = wc_RsaKeyToDer(&genKey, NULL, 0); } if (ret > 0) { /* Try Public Key. */ genKey.type = 0; ret = wc_RsaKeyToDer(&genKey, der, FOURK_BUF); #ifdef WOLFSSL_CHECK_MEM_ZERO /* Put back to Private Key */ genKey.type = 1; #endif } if (ret == BAD_FUNC_ARG) { ret = 0; } else { ret = WOLFSSL_FATAL_ERROR; } } #else /* Pass good/bad args. */ if (ret == 0) { ret = wc_RsaKeyToDer(NULL, der, FOURK_BUF); if (ret == USER_CRYPTO_ERROR) { /* Get just the output length */ ret = wc_RsaKeyToDer(&genKey, NULL, 0); } if (ret > 0) { /* Try Public Key. */ genKey.type = 0; ret = wc_RsaKeyToDer(&genKey, der, FOURK_BUF); #ifdef WOLFSSL_CHECK_MEM_ZERO /* Put back to Private Key */ genKey.type = 1; #endif } if (ret == USER_CRYPTO_ERROR) { ret = 0; } else { ret = WOLFSSL_FATAL_ERROR; } } #endif if (der != NULL) { XFREE(der, NULL, DYNAMIC_TYPE_TMP_BUFFER); } if (wc_FreeRsaKey(&genKey) || ret != 0) { ret = WOLFSSL_FATAL_ERROR; } if (wc_FreeRng(&rng) || ret != 0) { ret = WOLFSSL_FATAL_ERROR; } res = TEST_RES_CHECK(ret == 0); #endif return res; } /* END test_wc_RsaKeyToDer */ /* * Testing wc_RsaKeyToPublicDer() */ static int test_wc_RsaKeyToPublicDer(void) { int res = TEST_SKIPPED; #if !defined(NO_RSA) && defined(WOLFSSL_KEY_GEN) RsaKey key; WC_RNG rng; byte* der; int ret = 0; #if (!defined(WOLFSSL_SP_MATH) || defined(WOLFSSL_SP_MATH_ALL)) && \ (!defined(HAVE_FIPS_VERSION) || (HAVE_FIPS_VERSION < 4)) int bits = 1024; word32 derLen = 162; #else int bits = 2048; word32 derLen = 294; #endif XMEMSET(&rng, 0, sizeof(rng)); XMEMSET(&key, 0, sizeof(key)); der = (byte*)XMALLOC(derLen, NULL, DYNAMIC_TYPE_TMP_BUFFER); if (der == NULL) { ret = WOLFSSL_FATAL_ERROR; } if (ret == 0) { ret = wc_InitRsaKey(&key, HEAP_HINT); } if (ret == 0) { ret = wc_InitRng(&rng); } if (ret == 0) { ret = MAKE_RSA_KEY(&key, bits, WC_RSA_EXPONENT, &rng); } if (ret == 0) { /* test getting size only */ ret = wc_RsaKeyToPublicDer(&key, NULL, derLen); if (ret >= 0) ret = 0; } if (ret == 0) { ret = wc_RsaKeyToPublicDer(&key, der, derLen); if (ret >= 0) { ret = 0; } else { ret = WOLFSSL_FATAL_ERROR; } } if (ret == 0) { /* test getting size only */ ret = wc_RsaKeyToPublicDer_ex(&key, NULL, derLen, 0); if (ret >= 0) ret = 0; } if (ret == 0) { ret = wc_RsaKeyToPublicDer_ex(&key, der, derLen, 0); if (ret >= 0) { ret = 0; } else { ret = WOLFSSL_FATAL_ERROR; } } #ifndef HAVE_USER_RSA /* Pass in bad args. */ if (ret == 0) { ret = wc_RsaKeyToPublicDer(NULL, der, derLen); if (ret == BAD_FUNC_ARG) { ret = wc_RsaKeyToPublicDer(&key, der, -1); } if (ret == BUFFER_E || ret == BAD_FUNC_ARG) { ret = 0; } else { ret = WOLFSSL_FATAL_ERROR; } } #else /* Pass in bad args. */ if (ret == 0) { ret = wc_RsaKeyToPublicDer(NULL, der, derLen); if (ret == USER_CRYPTO_ERROR) { ret = wc_RsaKeyToPublicDer(&key, der, -1); } if (ret == USER_CRYPTO_ERROR) { ret = 0; } else { ret = WOLFSSL_FATAL_ERROR; } } #endif if (der != NULL) { XFREE(der, NULL, DYNAMIC_TYPE_TMP_BUFFER); } if (wc_FreeRsaKey(&key) || ret != 0) { ret = WOLFSSL_FATAL_ERROR; } if (wc_FreeRng(&rng) || ret != 0) { ret = WOLFSSL_FATAL_ERROR; } res = TEST_RES_CHECK(ret == 0); #endif return res; } /* END test_wc_RsaKeyToPublicDer */ /* * Testing wc_RsaPublicEncrypt() and wc_RsaPrivateDecrypt() */ static int test_wc_RsaPublicEncryptDecrypt(void) { int res = TEST_SKIPPED; #if !defined(NO_RSA) && defined(WOLFSSL_KEY_GEN) RsaKey key; WC_RNG rng; int ret = 0; const char inStr[] = TEST_STRING; const word32 plainLen = (word32)TEST_STRING_SZ; const word32 inLen = (word32)TEST_STRING_SZ; int bits = TEST_RSA_BITS; const word32 cipherLen = TEST_RSA_BYTES; word32 cipherLenResult = cipherLen; WC_DECLARE_VAR(in, byte, TEST_STRING_SZ, NULL); WC_DECLARE_VAR(plain, byte, TEST_STRING_SZ, NULL); WC_DECLARE_VAR(cipher, byte, TEST_RSA_BYTES, NULL); #ifdef WC_DECLARE_VAR_IS_HEAP_ALLOC if (in == NULL || plain == NULL || cipher == NULL) { fprintf(stderr, "test_wc_RsaPublicEncryptDecrypt malloc failed\n"); return MEMORY_E; } #endif XMEMCPY(in, inStr, inLen); ret = wc_InitRsaKey(&key, HEAP_HINT); if (ret == 0) { ret = wc_InitRng(&rng); } if (ret == 0) { ret = MAKE_RSA_KEY(&key, bits, WC_RSA_EXPONENT, &rng); } /* Encrypt. */ if (ret == 0) { ret = wc_RsaPublicEncrypt(in, inLen, cipher, cipherLen, &key, &rng); if (ret >= 0) { cipherLenResult = ret; ret = 0; } else { ret = WOLFSSL_FATAL_ERROR; } } /* Pass bad args. */ /* Tests PsaPublicEncryptEx() which, is tested by another fn. No need dup.*/ if (ret != 0) { return TEST_FAIL; } /* Decrypt */ #if defined(WC_RSA_BLINDING) && !defined(HAVE_FIPS) /* Bind rng */ if (ret == 0) { ret = wc_RsaSetRNG(&key, &rng); } #endif if (ret == 0) { ret = wc_RsaPrivateDecrypt(cipher, cipherLenResult, plain, plainLen, &key); } if (ret >= 0) { ret = XMEMCMP(plain, inStr, plainLen); } /* Pass in bad args. */ /* Tests RsaPrivateDecryptEx() which, is tested by another fn. No need dup.*/ WC_FREE_VAR(in, NULL); WC_FREE_VAR(plain, NULL); WC_FREE_VAR(cipher, NULL); if (wc_FreeRsaKey(&key) || ret != 0) { ret = WOLFSSL_FATAL_ERROR; } if (wc_FreeRng(&rng) || ret != 0) { ret = WOLFSSL_FATAL_ERROR; } res = TEST_RES_CHECK(ret == 0); #endif return res; } /* END test_wc_RsaPublicEncryptDecrypt */ /* * Testing wc_RsaPrivateDecrypt_ex() and wc_RsaPrivateDecryptInline_ex() */ static int test_wc_RsaPublicEncryptDecrypt_ex(void) { int result = TEST_SKIPPED; #if !defined(NO_RSA) && defined(WOLFSSL_KEY_GEN) && !defined(HAVE_FIPS)\ && !defined(WC_NO_RSA_OAEP) && !defined(HAVE_USER_RSA)\ && !defined(NO_SHA256) RsaKey key; WC_RNG rng; int ret; const char inStr[] = TEST_STRING; const word32 inLen = (word32)TEST_STRING_SZ; const word32 plainSz = (word32)TEST_STRING_SZ; byte* res = NULL; int idx = 0; int bits = TEST_RSA_BITS; const word32 cipherSz = TEST_RSA_BYTES; WC_DECLARE_VAR(in, byte, TEST_STRING_SZ, NULL); WC_DECLARE_VAR(plain, byte, TEST_STRING_SZ, NULL); WC_DECLARE_VAR(cipher, byte, TEST_RSA_BYTES, NULL); #ifdef WC_DECLARE_VAR_IS_HEAP_ALLOC if (in == NULL || plain == NULL || cipher == NULL) { fprintf(stderr, "test_wc_RsaPublicEncryptDecrypt_exmalloc failed\n"); return TEST_FAIL; } #endif XMEMCPY(in, inStr, inLen); /* Initialize stack structures. */ XMEMSET(&rng, 0, sizeof(rng)); XMEMSET(&key, 0, sizeof(key)); ret = wc_InitRsaKey_ex(&key, HEAP_HINT, INVALID_DEVID); if (ret == 0) { ret = wc_InitRng(&rng); } if (ret == 0) { ret = MAKE_RSA_KEY(&key, bits, WC_RSA_EXPONENT, &rng); } /* Encrypt */ if (ret == 0) { ret = wc_RsaPublicEncrypt_ex(in, inLen, cipher, cipherSz, &key, &rng, WC_RSA_OAEP_PAD, WC_HASH_TYPE_SHA256, WC_MGF1SHA256, NULL, 0); if (ret >= 0) { idx = ret; ret = 0; } else { ret = WOLFSSL_FATAL_ERROR; } } /* Pass bad args. */ /* Tests RsaPublicEncryptEx again. No need duplicate. */ if (ret != 0) { return TEST_FAIL; } #ifndef WOLFSSL_RSA_PUBLIC_ONLY /* Decrypt */ #if defined(WC_RSA_BLINDING) && !defined(HAVE_FIPS) if (ret == 0) { ret = wc_RsaSetRNG(&key, &rng); } #endif if (ret == 0) { ret = wc_RsaPrivateDecrypt_ex(cipher, (word32)idx, plain, plainSz, &key, WC_RSA_OAEP_PAD, WC_HASH_TYPE_SHA256, WC_MGF1SHA256, NULL, 0); } if (ret >= 0) { if (!XMEMCMP(plain, inStr, plainSz)) { ret = 0; } else { ret = WOLFSSL_FATAL_ERROR; } } /*Pass bad args.*/ /* Tests RsaPrivateDecryptEx() again. No need duplicate. */ if (ret != 0) { return TEST_FAIL; } if (ret == 0) { ret = wc_RsaPrivateDecryptInline_ex(cipher, (word32)idx, &res, &key, WC_RSA_OAEP_PAD, WC_HASH_TYPE_SHA256, WC_MGF1SHA256, NULL, 0); if (ret >= 0) { if (!XMEMCMP(inStr, res, plainSz)) { ret = 0; } else { ret = WOLFSSL_FATAL_ERROR; } } } #endif WC_FREE_VAR(in, NULL); WC_FREE_VAR(plain, NULL); WC_FREE_VAR(cipher, NULL); if (wc_FreeRsaKey(&key) || ret != 0) { ret = WOLFSSL_FATAL_ERROR; } if (wc_FreeRng(&rng) || ret != 0) { ret = WOLFSSL_FATAL_ERROR; } result = TEST_RES_CHECK(ret == 0); #endif return result; } /* END test_wc_RsaPublicEncryptDecrypt_ex */ /* * Tesing wc_RsaSSL_Sign() and wc_RsaSSL_Verify() */ static int test_wc_RsaSSL_SignVerify(void) { int res = TEST_SKIPPED; #if !defined(NO_RSA) && defined(WOLFSSL_KEY_GEN) RsaKey key; WC_RNG rng; int ret = 0; const char inStr[] = TEST_STRING; const word32 plainSz = (word32)TEST_STRING_SZ; const word32 inLen = (word32)TEST_STRING_SZ; word32 idx = 0; int bits = TEST_RSA_BITS; const word32 outSz = TEST_RSA_BYTES; WC_DECLARE_VAR(in, byte, TEST_STRING_SZ, NULL); WC_DECLARE_VAR(out, byte, TEST_RSA_BYTES, NULL); WC_DECLARE_VAR(plain, byte, TEST_STRING_SZ, NULL); #ifdef WC_DECLARE_VAR_IS_HEAP_ALLOC if (in == NULL || out == NULL || plain == NULL) { fprintf(stderr, "test_wc_RsaSSL_SignVerify failed\n"); return TEST_FAIL; } #endif XMEMCPY(in, inStr, inLen); ret = wc_InitRsaKey(&key, HEAP_HINT); if (ret == 0) { ret = wc_InitRng(&rng); } if (ret == 0) { ret = MAKE_RSA_KEY(&key, bits, WC_RSA_EXPONENT, &rng); } /* Sign. */ if (ret == 0) { ret = wc_RsaSSL_Sign(in, inLen, out, outSz, &key, &rng); if (ret == (int)outSz) { idx = ret; ret = 0; } else { ret = WOLFSSL_FATAL_ERROR; } } #ifndef HAVE_USER_RSA /* Test bad args. */ if (ret == 0) { ret = wc_RsaSSL_Sign(NULL, inLen, out, outSz, &key, &rng); if (ret == BAD_FUNC_ARG) { ret = wc_RsaSSL_Sign(in, 0, out, outSz, &key, &rng); } if (ret == BAD_FUNC_ARG) { ret = wc_RsaSSL_Sign(in, inLen, NULL, outSz, &key, &rng); } if (ret == BAD_FUNC_ARG) { ret = wc_RsaSSL_Sign(in, inLen, out, outSz, NULL, &rng); } if (ret == BAD_FUNC_ARG) { ret = 0; } else { ret = WOLFSSL_FATAL_ERROR; } } #else /* Test bad args. */ if (ret == 0) { ret = wc_RsaSSL_Sign(NULL, inLen, out, outSz, &key, &rng); if (ret == USER_CRYPTO_ERROR) { ret = wc_RsaSSL_Sign(in, 0, out, outSz, &key, &rng); } if (ret == USER_CRYPTO_ERROR) { ret = wc_RsaSSL_Sign(in, inLen, NULL, outSz, &key, &rng); } if (ret == USER_CRYPTO_ERROR) { ret = wc_RsaSSL_Sign(in, inLen, out, outSz, NULL, &rng); } if (ret == USER_CRYPTO_ERROR) { ret = 0; } else { ret = WOLFSSL_FATAL_ERROR; } } #endif if (ret != 0) { return TEST_FAIL; } /* Verify. */ ret = wc_RsaSSL_Verify(out, idx, plain, plainSz, &key); if (ret == (int)inLen) { ret = 0; } else { ret = WOLFSSL_FATAL_ERROR; } #ifndef HAVE_USER_RSA /* Pass bad args. */ if (ret == 0) { ret = wc_RsaSSL_Verify(NULL, idx, plain, plainSz, &key); if (ret == BAD_FUNC_ARG) { ret = wc_RsaSSL_Verify(out, 0, plain, plainSz, &key); } if (ret == BAD_FUNC_ARG) { ret = wc_RsaSSL_Verify(out, idx, NULL, plainSz, &key); } if (ret == BAD_FUNC_ARG) { ret = wc_RsaSSL_Verify(out, idx, plain, plainSz, NULL); } if (ret == BAD_FUNC_ARG) { ret = 0; } else { ret = WOLFSSL_FATAL_ERROR; } } #else /* Pass bad args. */ if (ret == 0) { ret = wc_RsaSSL_Verify(NULL, idx, plain, plainSz, &key); if (ret == USER_CRYPTO_ERROR) { ret = wc_RsaSSL_Verify(out, 0, plain, plainSz, &key); } if (ret == USER_CRYPTO_ERROR) { ret = wc_RsaSSL_Verify(out, idx, NULL, plainSz, &key); } if (ret == USER_CRYPTO_ERROR) { ret = wc_RsaSSL_Verify(out, idx, plain, plainSz, NULL); } if (ret == USER_CRYPTO_ERROR) { ret = 0; } else { ret = WOLFSSL_FATAL_ERROR; } } #endif WC_FREE_VAR(in, NULL); WC_FREE_VAR(out, NULL); WC_FREE_VAR(plain, NULL); if (wc_FreeRsaKey(&key) || ret != 0) { ret = WOLFSSL_FATAL_ERROR; } if (wc_FreeRng(&rng) || ret != 0) { ret = WOLFSSL_FATAL_ERROR; } res = TEST_RES_CHECK(ret == 0); #endif return res; } /* END test_wc_RsaSSL_SignVerify */ /* * Testing wc_RsaEncryptSize() */ static int test_wc_RsaEncryptSize(void) { int res = TEST_SKIPPED; #if !defined(NO_RSA) && defined(WOLFSSL_KEY_GEN) RsaKey key; WC_RNG rng; int ret; ret = wc_InitRsaKey(&key, HEAP_HINT); if (ret == 0) { ret = wc_InitRng(&rng); } #if (!defined(WOLFSSL_SP_MATH) || defined(WOLFSSL_SP_MATH_ALL)) && \ (!defined(HAVE_FIPS_VERSION) || (HAVE_FIPS_VERSION < 4)) if (ret == 0) { ret = MAKE_RSA_KEY(&key, 1024, WC_RSA_EXPONENT, &rng); if (ret == 0) { ret = wc_RsaEncryptSize(&key); } if (ret == 128) { ret = 0; } else { ret = WOLFSSL_FATAL_ERROR; } } if (wc_FreeRsaKey(&key) || ret != 0) { ret = WOLFSSL_FATAL_ERROR; } else { ret = 0; } #endif if (ret == 0) { ret = MAKE_RSA_KEY(&key, 2048, WC_RSA_EXPONENT, &rng); if (ret == 0) { ret = wc_RsaEncryptSize(&key); } if (ret == 256) { ret = 0; } else { ret = WOLFSSL_FATAL_ERROR; } } /* Pass in bad arg. */ if (ret == 0) { ret = wc_RsaEncryptSize(NULL); #ifndef HAVE_USER_RSA if (ret == BAD_FUNC_ARG) { ret = 0; } else { ret = WOLFSSL_FATAL_ERROR; } #endif } if (wc_FreeRsaKey(&key) || ret != 0) { ret = WOLFSSL_FATAL_ERROR; } if (wc_FreeRng(&rng) || ret != 0) { ret = WOLFSSL_FATAL_ERROR; } res = TEST_RES_CHECK(ret == 0); #endif return res; } /* END test_wc_RsaEncryptSize*/ /* * Testing wc_RsaFlattenPublicKey() */ static int test_wc_RsaFlattenPublicKey(void) { int res = TEST_SKIPPED; #if !defined(NO_RSA) && defined(WOLFSSL_KEY_GEN) RsaKey key; WC_RNG rng; int ret = 0; byte e[256]; byte n[256]; word32 eSz = sizeof(e); word32 nSz = sizeof(n); #if (!defined(WOLFSSL_SP_MATH) || defined(WOLFSSL_SP_MATH_ALL)) && \ (!defined(HAVE_FIPS_VERSION) || (HAVE_FIPS_VERSION < 4)) int bits = 1024; #else int bits = 2048; #endif ret = wc_InitRsaKey(&key, HEAP_HINT); if (ret == 0) { ret = wc_InitRng(&rng); } if (ret == 0) { ret = MAKE_RSA_KEY(&key, bits, WC_RSA_EXPONENT, &rng); if (ret >= 0) { ret = 0; } else { ret = WOLFSSL_FATAL_ERROR; } } if (ret == 0) { ret = wc_RsaFlattenPublicKey(&key, e, &eSz, n, &nSz); } #ifndef HAVE_USER_RSA /* Pass bad args. */ if (ret == 0) { ret = wc_RsaFlattenPublicKey(NULL, e, &eSz, n, &nSz); if (ret == BAD_FUNC_ARG) { ret = wc_RsaFlattenPublicKey(&key, NULL, &eSz, n, &nSz); } if (ret == BAD_FUNC_ARG) { ret = wc_RsaFlattenPublicKey(&key, e, NULL, n, &nSz); } if (ret == BAD_FUNC_ARG) { ret = wc_RsaFlattenPublicKey(&key, e, &eSz, NULL, &nSz); } if (ret == BAD_FUNC_ARG) { ret = wc_RsaFlattenPublicKey(&key, e, &eSz, n, NULL); } if (ret == BAD_FUNC_ARG) { ret = 0; } else { ret = WOLFSSL_FATAL_ERROR; } } #else /* Pass bad args. */ if (ret == 0) { ret = wc_RsaFlattenPublicKey(NULL, e, &eSz, n, &nSz); if (ret == USER_CRYPTO_ERROR) { ret = wc_RsaFlattenPublicKey(&key, NULL, &eSz, n, &nSz); } if (ret == USER_CRYPTO_ERROR) { ret = wc_RsaFlattenPublicKey(&key, e, NULL, n, &nSz); } if (ret == USER_CRYPTO_ERROR) { ret = wc_RsaFlattenPublicKey(&key, e, &eSz, NULL, &nSz); } if (ret == USER_CRYPTO_ERROR) { ret = wc_RsaFlattenPublicKey(&key, e, &eSz, n, NULL); } if (ret == USER_CRYPTO_ERROR) { ret = 0; } else { ret = WOLFSSL_FATAL_ERROR; } } #endif if (wc_FreeRsaKey(&key) || ret != 0) { ret = WOLFSSL_FATAL_ERROR; } if (wc_FreeRng(&rng) || ret != 0) { ret = WOLFSSL_FATAL_ERROR; } res = TEST_RES_CHECK(ret == 0); #endif return res; } /* END test_wc_RsaFlattenPublicKey */ /* * unit test for wc_AesCcmSetKey */ static int test_wc_AesCcmSetKey(void) { int res = TEST_SKIPPED; #ifdef HAVE_AESCCM Aes aes; int ret = 0; const byte key16[] = { 0xc0, 0xc1, 0xc2, 0xc3, 0xc4, 0xc5, 0xc6, 0xc7, 0xc8, 0xc9, 0xca, 0xcb, 0xcc, 0xcd, 0xce, 0xcf }; const byte key24[] = { 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37, 0x38, 0x39, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66, 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37 }; const byte key32[] = { 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37, 0x38, 0x39, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66, 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37, 0x38, 0x39, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66 }; ret = wc_AesInit(&aes, NULL, INVALID_DEVID); if (ret != 0) return ret; #ifdef WOLFSSL_AES_128 ret = wc_AesCcmSetKey(&aes, key16, sizeof(key16)); #endif #ifdef WOLFSSL_AES_192 if (ret == 0) { ret = wc_AesCcmSetKey(&aes, key24, sizeof(key24)); } #endif #ifdef WOLFSSL_AES_256 if (ret == 0) { ret = wc_AesCcmSetKey(&aes, key32, sizeof(key32)); } #endif /* Test bad args. */ if (ret == 0) { ret = wc_AesCcmSetKey(&aes, key16, sizeof(key16) - 1); if (ret == BAD_FUNC_ARG) { ret = wc_AesCcmSetKey(&aes, key24, sizeof(key24) - 1); } if (ret == BAD_FUNC_ARG) { ret = wc_AesCcmSetKey(&aes, key32, sizeof(key32) - 1); } if (ret != BAD_FUNC_ARG) { ret = WOLFSSL_FATAL_ERROR; } else { ret = 0; } } wc_AesFree(&aes); res = TEST_RES_CHECK(ret == 0); #endif return res; } /* END test_wc_AesCcmSetKey */ /* * Unit test function for wc_AesCcmEncrypt and wc_AesCcmDecrypt */ static int test_wc_AesCcmEncryptDecrypt(void) { int res = TEST_SKIPPED; #if defined(HAVE_AESCCM) && defined(WOLFSSL_AES_128) Aes aes; int ret = 0; const byte key16[] = { 0xc0, 0xc1, 0xc2, 0xc3, 0xc4, 0xc5, 0xc6, 0xc7, 0xc8, 0xc9, 0xca, 0xcb, 0xcc, 0xcd, 0xce, 0xcf }; /* plaintext */ const byte plainT[] = { 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f, 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17, 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e }; /* nonce */ const byte iv[] = { 0x00, 0x00, 0x00, 0x03, 0x02, 0x01, 0x00, 0xa0, 0xa1, 0xa2, 0xa3, 0xa4, 0xa5 }; const byte c[] = /* cipher text. */ { 0x58, 0x8c, 0x97, 0x9a, 0x61, 0xc6, 0x63, 0xd2, 0xf0, 0x66, 0xd0, 0xc2, 0xc0, 0xf9, 0x89, 0x80, 0x6d, 0x5f, 0x6b, 0x61, 0xda, 0xc3, 0x84 }; const byte t[] = /* Auth tag */ { 0x17, 0xe8, 0xd1, 0x2c, 0xfd, 0xf9, 0x26, 0xe0 }; const byte authIn[] = { 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07 }; byte cipherOut[sizeof(plainT)]; byte authTag[sizeof(t)]; int ccmE = WOLFSSL_FATAL_ERROR; #ifdef HAVE_AES_DECRYPT int ccmD = WOLFSSL_FATAL_ERROR; byte plainOut[sizeof(cipherOut)]; #endif ret = wc_AesInit(&aes, NULL, INVALID_DEVID); if (ret != 0) return ret; ret = wc_AesCcmSetKey(&aes, key16, sizeof(key16)); if (ret == 0) { ccmE = wc_AesCcmEncrypt(&aes, cipherOut, plainT, sizeof(cipherOut), iv, sizeof(iv), authTag, sizeof(authTag), authIn , sizeof(authIn)); if ((XMEMCMP(cipherOut, c, sizeof(c)) && ccmE == 0) || XMEMCMP(t, authTag, sizeof(t))) { ccmE = WOLFSSL_FATAL_ERROR; ret = WOLFSSL_FATAL_ERROR; } #ifdef HAVE_AES_DECRYPT if (ret == 0) { ccmD = wc_AesCcmDecrypt(&aes, plainOut, cipherOut, sizeof(plainOut), iv, sizeof(iv), authTag, sizeof(authTag), authIn, sizeof(authIn)); if (XMEMCMP(plainOut, plainT, sizeof(plainT)) && ccmD == 0) { ccmD = WOLFSSL_FATAL_ERROR; } } #endif } /* Pass in bad args. Encrypt*/ if (ret == 0 && ccmE == 0) { ccmE = wc_AesCcmEncrypt(NULL, cipherOut, plainT, sizeof(cipherOut), iv, sizeof(iv), authTag, sizeof(authTag), authIn , sizeof(authIn)); if (ccmE == BAD_FUNC_ARG) { ccmE = wc_AesCcmEncrypt(&aes, NULL, plainT, sizeof(cipherOut), iv, sizeof(iv), authTag, sizeof(authTag), authIn , sizeof(authIn)); } if (ccmE == BAD_FUNC_ARG) { ccmE = wc_AesCcmEncrypt(&aes, cipherOut, NULL, sizeof(cipherOut), iv, sizeof(iv), authTag, sizeof(authTag), authIn , sizeof(authIn)); } if (ccmE == BAD_FUNC_ARG) { ccmE = wc_AesCcmEncrypt(&aes, cipherOut, plainT, sizeof(cipherOut), NULL, sizeof(iv), authTag, sizeof(authTag), authIn , sizeof(authIn)); } if (ccmE == BAD_FUNC_ARG) { ccmE = wc_AesCcmEncrypt(&aes, cipherOut, plainT, sizeof(cipherOut), iv, sizeof(iv), NULL, sizeof(authTag), authIn , sizeof(authIn)); } if (ccmE == BAD_FUNC_ARG) { ccmE = wc_AesCcmEncrypt(&aes, cipherOut, plainT, sizeof(cipherOut), iv, sizeof(iv) + 1, authTag, sizeof(authTag), authIn , sizeof(authIn)); } if (ccmE == BAD_FUNC_ARG) { ccmE = wc_AesCcmEncrypt(&aes, cipherOut, plainT, sizeof(cipherOut), iv, sizeof(iv) - 7, authTag, sizeof(authTag), authIn , sizeof(authIn)); } if (ccmE != BAD_FUNC_ARG) { ccmE = WOLFSSL_FATAL_ERROR; } else { ccmE = 0; } } /* End Encrypt */ if (ccmE != 0) { wc_AesFree(&aes); return TEST_FAIL; } #ifdef HAVE_AES_DECRYPT /* Pass in bad args. Decrypt*/ if (ret == 0 && ccmD == 0) { ccmD = wc_AesCcmDecrypt(NULL, plainOut, cipherOut, sizeof(plainOut), iv, sizeof(iv), authTag, sizeof(authTag), authIn, sizeof(authIn)); if (ccmD == BAD_FUNC_ARG) { ccmD = wc_AesCcmDecrypt(&aes, NULL, cipherOut, sizeof(plainOut), iv, sizeof(iv), authTag, sizeof(authTag), authIn, sizeof(authIn)); } if (ccmD == BAD_FUNC_ARG) { ccmD = wc_AesCcmDecrypt(&aes, plainOut, NULL, sizeof(plainOut), iv, sizeof(iv), authTag, sizeof(authTag), authIn, sizeof(authIn)); } if (ccmD == BAD_FUNC_ARG) { ccmD = wc_AesCcmDecrypt(&aes, plainOut, cipherOut, sizeof(plainOut), NULL, sizeof(iv), authTag, sizeof(authTag), authIn, sizeof(authIn)); } if (ccmD == BAD_FUNC_ARG) { ccmD = wc_AesCcmDecrypt(&aes, plainOut, cipherOut, sizeof(plainOut), iv, sizeof(iv), NULL, sizeof(authTag), authIn, sizeof(authIn)); } if (ccmD == BAD_FUNC_ARG) { ccmD = wc_AesCcmDecrypt(&aes, plainOut, cipherOut, sizeof(plainOut), iv, sizeof(iv) + 1, authTag, sizeof(authTag), authIn, sizeof(authIn)); } if (ccmD == BAD_FUNC_ARG) { ccmD = wc_AesCcmDecrypt(&aes, plainOut, cipherOut, sizeof(plainOut), iv, sizeof(iv) - 7, authTag, sizeof(authTag), authIn, sizeof(authIn)); } if (ccmD != BAD_FUNC_ARG) { ccmD = WOLFSSL_FATAL_ERROR; } else { ccmD = 0; } } /* END Decrypt */ res = TEST_RES_CHECK(ccmD == 0); #endif wc_AesFree(&aes); #endif /* HAVE_AESCCM */ return res; } /* END test_wc_AesCcmEncryptDecrypt */ /* * Testing wc_InitDsaKey() */ static int test_wc_InitDsaKey(void) { int res = TEST_SKIPPED; #ifndef NO_DSA DsaKey key; int ret = 0; ret = wc_InitDsaKey(&key); /* Pass in bad args. */ if (ret == 0) { ret = wc_InitDsaKey(NULL); if (ret == BAD_FUNC_ARG) { ret = 0; } else { ret = WOLFSSL_FATAL_ERROR; } } wc_FreeDsaKey(&key); res = TEST_RES_CHECK(ret == 0); #endif return res; } /* END test_wc_InitDsaKey */ /* * Testing wc_DsaSign() and wc_DsaVerify() */ static int test_wc_DsaSignVerify(void) { int res = TEST_SKIPPED; #if !defined(NO_DSA) DsaKey key; WC_RNG rng; wc_Sha sha; int ret = 0; byte signature[DSA_SIG_SIZE]; byte hash[WC_SHA_DIGEST_SIZE]; word32 idx = 0; word32 bytes; int answer; #ifdef USE_CERT_BUFFERS_1024 byte tmp[ONEK_BUF]; XMEMSET(tmp, 0, sizeof(tmp)); XMEMCPY(tmp, dsa_key_der_1024, sizeof_dsa_key_der_1024); bytes = sizeof_dsa_key_der_1024; #elif defined(USE_CERT_BUFFERS_2048) byte tmp[TWOK_BUF]; XMEMSET(tmp, 0, sizeof(tmp)); XMEMCPY(tmp, dsa_key_der_2048, sizeof_dsa_key_der_2048); bytes = sizeof_dsa_key_der_2048; #else byte tmp[TWOK_BUF]; XMEMSET(tmp, 0, sizeof(tmp)); XFILE fp = XFOPEN("./certs/dsa2048.der", "rb"); if (fp == XBADFILE) { return WOLFSSL_BAD_FILE; } bytes = (word32) XFREAD(tmp, 1, sizeof(tmp), fp); XFCLOSE(fp); #endif /* END USE_CERT_BUFFERS_1024 */ ret = wc_InitSha(&sha); if (ret == 0) { ret = wc_ShaUpdate(&sha, tmp, bytes); if (ret == 0) { ret = wc_ShaFinal(&sha, hash); } if (ret == 0) { ret = wc_InitDsaKey(&key); } if (ret == 0) { ret = wc_DsaPrivateKeyDecode(tmp, &idx, &key, bytes); } if (ret == 0) { ret = wc_InitRng(&rng); } } /* Sign. */ if (ret == 0) { ret = wc_DsaSign(hash, signature, &key, &rng); } /* Test bad args. */ if (ret == 0) { ret = wc_DsaSign(NULL, signature, &key, &rng); if (ret == BAD_FUNC_ARG) { ret = wc_DsaSign(hash, NULL, &key, &rng); } if (ret == BAD_FUNC_ARG) { ret = wc_DsaSign(hash, signature, NULL, &rng); } if (ret == BAD_FUNC_ARG) { ret = wc_DsaSign(hash, signature, &key, NULL); } if (ret == BAD_FUNC_ARG) { ret = 0; } else { ret = WOLFSSL_FATAL_ERROR; } } if (ret == 0) { /* Verify. */ ret = wc_DsaVerify(hash, signature, &key, &answer); if (ret != 0 || answer != 1) { ret = WOLFSSL_FATAL_ERROR; } else { ret = 0; } } /* Pass in bad args. */ if (ret == 0) { ret = wc_DsaVerify(NULL, signature, &key, &answer); if (ret == BAD_FUNC_ARG) { ret = wc_DsaVerify(hash, NULL, &key, &answer); } if (ret == BAD_FUNC_ARG) { ret = wc_DsaVerify(hash, signature, NULL, &answer); } if (ret == BAD_FUNC_ARG) { ret = wc_DsaVerify(hash, signature, &key, NULL); } if (ret == BAD_FUNC_ARG) { ret = 0; } else { ret = WOLFSSL_FATAL_ERROR; } } #if !defined(HAVE_FIPS) && defined(WOLFSSL_PUBLIC_MP) /* hard set q to 0 and test fail case */ mp_free(&key.q); mp_init(&key.q); AssertIntEQ(wc_DsaSign(hash, signature, &key, &rng), BAD_FUNC_ARG); mp_set(&key.q, 1); AssertIntEQ(wc_DsaSign(hash, signature, &key, &rng), BAD_FUNC_ARG); #endif if (wc_FreeRng(&rng) && ret == 0) { ret = WOLFSSL_FATAL_ERROR; } wc_FreeDsaKey(&key); wc_ShaFree(&sha); res = TEST_RES_CHECK(ret == 0); #endif return res; } /* END test_wc_DsaSign */ /* * Testing wc_DsaPrivateKeyDecode() and wc_DsaPublicKeyDecode() */ static int test_wc_DsaPublicPrivateKeyDecode(void) { int res = TEST_SKIPPED; #if !defined(NO_DSA) DsaKey key; word32 bytes; word32 idx = 0; int priv = 0; int pub = 0; int ret = 0; #ifdef USE_CERT_BUFFERS_1024 byte tmp[ONEK_BUF]; XMEMCPY(tmp, dsa_key_der_1024, sizeof_dsa_key_der_1024); bytes = sizeof_dsa_key_der_1024; #elif defined(USE_CERT_BUFFERS_2048) byte tmp[TWOK_BUF]; XMEMCPY(tmp, dsa_key_der_2048, sizeof_dsa_key_der_2048); bytes = sizeof_dsa_key_der_2048; #else byte tmp[TWOK_BUF]; XMEMSET(tmp, 0, sizeof(tmp)); XFILE fp = XFOPEN("./certs/dsa2048.der", "rb"); if (fp == XBADFILE) { return WOLFSSL_BAD_FILE; } bytes = (word32) XFREAD(tmp, 1, sizeof(tmp), fp); XFCLOSE(fp); #endif /* END USE_CERT_BUFFERS_1024 */ ret = wc_InitDsaKey(&key); if (ret == 0) { priv = wc_DsaPrivateKeyDecode(tmp, &idx, &key, bytes); /* Test bad args. */ if (priv == 0) { priv = wc_DsaPrivateKeyDecode(NULL, &idx, &key, bytes); if (priv == BAD_FUNC_ARG) { priv = wc_DsaPrivateKeyDecode(tmp, NULL, &key, bytes); } if (priv == BAD_FUNC_ARG) { priv = wc_DsaPrivateKeyDecode(tmp, &idx, NULL, bytes); } if (priv == BAD_FUNC_ARG) { priv = wc_DsaPrivateKeyDecode(tmp, &idx, &key, bytes); } if (priv == ASN_PARSE_E || priv == BUFFER_E) { priv = 0; } else { priv = WOLFSSL_FATAL_ERROR; } } wc_FreeDsaKey(&key); ret = wc_InitDsaKey(&key); } if (ret == 0) { idx = 0; /* Reset */ pub = wc_DsaPublicKeyDecode(tmp, &idx, &key, bytes); /* Test bad args. */ if (pub == 0) { pub = wc_DsaPublicKeyDecode(NULL, &idx, &key, bytes); if (pub == BAD_FUNC_ARG) { pub = wc_DsaPublicKeyDecode(tmp, NULL, &key, bytes); } if (pub == BAD_FUNC_ARG) { pub = wc_DsaPublicKeyDecode(tmp, &idx, NULL, bytes); } if (pub == BAD_FUNC_ARG) { pub = wc_DsaPublicKeyDecode(tmp, &idx, &key, bytes); } if (pub == ASN_PARSE_E || pub == BUFFER_E) { pub = 0; } else { pub = WOLFSSL_FATAL_ERROR; } } } /* END Public Key */ wc_FreeDsaKey(&key); res = TEST_RES_CHECK(ret == 0 && pub == 0 && priv == 0); #endif /* !NO_DSA */ return res; } /* END test_wc_DsaPublicPrivateKeyDecode */ /* * Testing wc_MakeDsaKey() and wc_MakeDsaParameters() */ static int test_wc_MakeDsaKey(void) { int res = TEST_SKIPPED; #if !defined(NO_DSA) && defined(WOLFSSL_KEY_GEN) DsaKey genKey; WC_RNG rng; int ret = 0; XMEMSET(&rng, 0, sizeof(rng)); XMEMSET(&genKey, 0, sizeof(genKey)); ret = wc_InitRng(&rng); if (ret == 0) { ret = wc_InitDsaKey(&genKey); } if (ret == 0) { ret = wc_MakeDsaParameters(&rng, ONEK_BUF, &genKey); } /* Test bad args. */ if (ret == 0) { ret = wc_MakeDsaParameters(NULL, ONEK_BUF, &genKey); if (ret == BAD_FUNC_ARG) { ret = wc_MakeDsaParameters(&rng, ONEK_BUF, NULL); } if (ret == BAD_FUNC_ARG) { ret = wc_MakeDsaParameters(&rng, ONEK_BUF + 1, &genKey); } if (ret == BAD_FUNC_ARG) { ret = 0; } else { ret = WOLFSSL_FATAL_ERROR; } } if (ret == 0) { ret = wc_MakeDsaKey(&rng, &genKey); } /* Test bad args. */ if (ret == 0) { ret = wc_MakeDsaKey(NULL, &genKey); if (ret == BAD_FUNC_ARG) { ret = wc_MakeDsaKey(&rng, NULL); } if (ret == BAD_FUNC_ARG) { ret = 0; } else { ret = WOLFSSL_FATAL_ERROR; } } if (wc_FreeRng(&rng) && ret == 0) { ret = WOLFSSL_FAILURE; } wc_FreeDsaKey(&genKey); res = TEST_RES_CHECK(ret == 0); #endif return res; } /* END test_wc_MakeDsaKey */ /* * Testing wc_DsaKeyToDer() */ static int test_wc_DsaKeyToDer(void) { int res = TEST_SKIPPED; #if !defined(NO_DSA) && defined(WOLFSSL_KEY_GEN) DsaKey genKey; WC_RNG rng; word32 bytes; word32 idx = 0; int ret = 0; #ifdef USE_CERT_BUFFERS_1024 byte tmp[ONEK_BUF]; byte der[ONEK_BUF]; XMEMSET(tmp, 0, sizeof(tmp)); XMEMSET(der, 0, sizeof(der)); XMEMCPY(tmp, dsa_key_der_1024, sizeof_dsa_key_der_1024); bytes = sizeof_dsa_key_der_1024; #elif defined(USE_CERT_BUFFERS_2048) byte tmp[TWOK_BUF]; byte der[TWOK_BUF]; XMEMSET(tmp, 0, sizeof(tmp)); XMEMSET(der, 0, sizeof(der)); XMEMCPY(tmp, dsa_key_der_2048, sizeof_dsa_key_der_2048); bytes = sizeof_dsa_key_der_2048; #else byte tmp[TWOK_BUF]; byte der[TWOK_BUF]; XMEMSET(tmp, 0, sizeof(tmp)); XMEMSET(der, 0, sizeof(der)); XFILE fp = XFOPEN("./certs/dsa2048.der", "rb"); if (fp == XBADFILE) { return WOLFSSL_BAD_FILE; } bytes = (word32) XFREAD(tmp, 1, sizeof(tmp), fp); XFCLOSE(fp); #endif /* END USE_CERT_BUFFERS_1024 */ XMEMSET(&rng, 0, sizeof(rng)); XMEMSET(&genKey, 0, sizeof(genKey)); ret = wc_InitRng(&rng); if (ret == 0) { ret = wc_InitDsaKey(&genKey); } if (ret == 0) { ret = wc_MakeDsaParameters(&rng, sizeof(tmp), &genKey); if (ret == 0) { wc_FreeDsaKey(&genKey); ret = wc_InitDsaKey(&genKey); } } if (ret == 0) { ret = wc_DsaPrivateKeyDecode(tmp, &idx, &genKey, bytes); } if (ret == 0) { ret = wc_DsaKeyToDer(&genKey, der, bytes); if ( ret >= 0 && ( ret = XMEMCMP(der, tmp, bytes) ) == 0 ) { ret = 0; } } /* Test bad args. */ if (ret == 0) { ret = wc_DsaKeyToDer(NULL, der, FOURK_BUF); if (ret == BAD_FUNC_ARG) { ret = wc_DsaKeyToDer(&genKey, NULL, FOURK_BUF); } if (ret == BAD_FUNC_ARG) { ret = 0; } else { ret = WOLFSSL_FATAL_ERROR; } } if (wc_FreeRng(&rng) && ret == 0) { ret = WOLFSSL_FATAL_ERROR; } wc_FreeDsaKey(&genKey); res = TEST_RES_CHECK(ret == 0); #endif /* !NO_DSA && WOLFSSL_KEY_GEN */ return res; } /* END test_wc_DsaKeyToDer */ /* * Testing wc_DsaKeyToPublicDer() * (indirectly testing setDsaPublicKey()) */ static int test_wc_DsaKeyToPublicDer(void) { int res = TEST_SKIPPED; #ifndef HAVE_SELFTEST #if !defined(NO_DSA) && defined(WOLFSSL_KEY_GEN) DsaKey genKey; WC_RNG rng; byte* der; word32 sz; int ret = 0; der = (byte*)XMALLOC(ONEK_BUF, NULL, DYNAMIC_TYPE_TMP_BUFFER); if (der == NULL) { ret = WOLFSSL_FATAL_ERROR; } if (ret == 0) { ret = wc_InitDsaKey(&genKey); } if (ret == 0) { ret = wc_InitRng(&rng); } if (ret == 0) { ret = wc_MakeDsaParameters(&rng, ONEK_BUF, &genKey); } if (ret == 0) { ret = wc_MakeDsaKey(&rng, &genKey); } if (ret == 0) { ret = wc_DsaKeyToPublicDer(&genKey, der, ONEK_BUF); if (ret >= 0) { sz = ret; ret = 0; } else { ret = WOLFSSL_FATAL_ERROR; } } if (ret == 0) { word32 idx = 0; wc_FreeDsaKey(&genKey); ret = wc_DsaPublicKeyDecode(der, &idx, &genKey, sz); } /* Test without the SubjectPublicKeyInfo header */ if (ret == 0) { ret = wc_SetDsaPublicKey(der, &genKey, ONEK_BUF, 0); if (ret >= 0) { sz = ret; ret = 0; } else { ret = WOLFSSL_FATAL_ERROR; } } if (ret == 0) { word32 idx = 0; wc_FreeDsaKey(&genKey); ret = wc_DsaPublicKeyDecode(der, &idx, &genKey, sz); } /* Test bad args. */ if (ret == 0) { ret = wc_DsaKeyToPublicDer(NULL, der, FOURK_BUF); if (ret == BAD_FUNC_ARG) { ret = wc_DsaKeyToPublicDer(&genKey, NULL, FOURK_BUF); } if (ret == BAD_FUNC_ARG) { ret = 0; } else { ret = WOLFSSL_FATAL_ERROR; } } if (wc_FreeRng(&rng) && ret == 0) { ret = WOLFSSL_FATAL_ERROR; } XFREE(der, NULL, DYNAMIC_TYPE_TMP_BUFFER); wc_FreeDsaKey(&genKey); res = TEST_RES_CHECK(ret == 0); #endif /* !NO_DSA && WOLFSSL_KEY_GEN */ #endif /* !HAVE_SELFTEST */ return res; } /* END test_wc_DsaKeyToPublicDer */ /* * Testing wc_DsaImportParamsRaw() */ static int test_wc_DsaImportParamsRaw(void) { int res = TEST_SKIPPED; #if !defined(NO_DSA) DsaKey key; int ret = 0; /* [mod = L=1024, N=160], from CAVP KeyPair */ const char* p = "d38311e2cd388c3ed698e82fdf88eb92b5a9a483dc88005d" "4b725ef341eabb47cf8a7a8a41e792a156b7ce97206c4f9c" "5ce6fc5ae7912102b6b502e59050b5b21ce263dddb2044b6" "52236f4d42ab4b5d6aa73189cef1ace778d7845a5c1c1c71" "47123188f8dc551054ee162b634d60f097f719076640e209" "80a0093113a8bd73"; const char* q = "96c5390a8b612c0e422bb2b0ea194a3ec935a281"; const char* g = "06b7861abbd35cc89e79c52f68d20875389b127361ca66822" "138ce4991d2b862259d6b4548a6495b195aa0e0b6137ca37e" "b23b94074d3c3d300042bdf15762812b6333ef7b07ceba786" "07610fcc9ee68491dbc1e34cd12615474e52b18bc934fb00c" "61d39e7da8902291c4434a4e2224c3f4fd9f93cd6f4f17fc0" "76341a7e7d9"; /* invalid p and q parameters */ const char* invalidP = "d38311e2cd388c3ed698e82fdf88eb92b5a9a483dc88005d"; const char* invalidQ = "96c5390a"; ret = wc_InitDsaKey(&key); if (ret == 0) { ret = wc_DsaImportParamsRaw(&key, p, q, g); } /* test bad args */ if (ret == 0) { /* null key struct */ ret = wc_DsaImportParamsRaw(NULL, p, q, g); if (ret == BAD_FUNC_ARG) { /* null param pointers */ ret = wc_DsaImportParamsRaw(&key, NULL, NULL, NULL); } if (ret == BAD_FUNC_ARG) { /* illegal p length */ ret = wc_DsaImportParamsRaw(&key, invalidP, q, g); } if (ret == BAD_FUNC_ARG) { /* illegal q length */ ret = wc_DsaImportParamsRaw(&key, p, invalidQ, g); if (ret == BAD_FUNC_ARG) ret = 0; } } wc_FreeDsaKey(&key); res = TEST_RES_CHECK(ret == 0); #endif return res; } /* END test_wc_DsaImportParamsRaw */ /* * Testing wc_DsaImportParamsRawCheck() */ static int test_wc_DsaImportParamsRawCheck(void) { int res = TEST_SKIPPED; #if !defined(NO_DSA) && !defined(HAVE_FIPS) && !defined(HAVE_SELFTEST) DsaKey key; int ret = 0; int trusted = 0; /* [mod = L=1024, N=160], from CAVP KeyPair */ const char* p = "d38311e2cd388c3ed698e82fdf88eb92b5a9a483dc88005d" "4b725ef341eabb47cf8a7a8a41e792a156b7ce97206c4f9c" "5ce6fc5ae7912102b6b502e59050b5b21ce263dddb2044b6" "52236f4d42ab4b5d6aa73189cef1ace778d7845a5c1c1c71" "47123188f8dc551054ee162b634d60f097f719076640e209" "80a0093113a8bd73"; const char* q = "96c5390a8b612c0e422bb2b0ea194a3ec935a281"; const char* g = "06b7861abbd35cc89e79c52f68d20875389b127361ca66822" "138ce4991d2b862259d6b4548a6495b195aa0e0b6137ca37e" "b23b94074d3c3d300042bdf15762812b6333ef7b07ceba786" "07610fcc9ee68491dbc1e34cd12615474e52b18bc934fb00c" "61d39e7da8902291c4434a4e2224c3f4fd9f93cd6f4f17fc0" "76341a7e7d9"; /* invalid p and q parameters */ const char* invalidP = "d38311e2cd388c3ed698e82fdf88eb92b5a9a483dc88005d"; const char* invalidQ = "96c5390a"; ret = wc_InitDsaKey(&key); if (ret == 0) { ret = wc_DsaImportParamsRawCheck(&key, p, q, g, trusted, NULL); } /* test bad args */ if (ret == 0) { /* null key struct */ ret = wc_DsaImportParamsRawCheck(NULL, p, q, g, trusted, NULL); if (ret == BAD_FUNC_ARG) { /* null param pointers */ ret = wc_DsaImportParamsRawCheck(&key, NULL, NULL, NULL, trusted, NULL); } if (ret == BAD_FUNC_ARG) { /* illegal p length */ ret = wc_DsaImportParamsRawCheck(&key, invalidP, q, g, trusted, NULL); } if (ret == BAD_FUNC_ARG) { /* illegal q length */ ret = wc_DsaImportParamsRawCheck(&key, p, invalidQ, g, trusted, NULL); if (ret == BAD_FUNC_ARG) ret = 0; } } wc_FreeDsaKey(&key); res = TEST_RES_CHECK(ret == 0); #endif return res; } /* END test_wc_DsaImportParamsRawCheck */ /* * Testing wc_DsaExportParamsRaw() */ static int test_wc_DsaExportParamsRaw(void) { int res = TEST_SKIPPED; #if !defined(NO_DSA) DsaKey key; int ret = 0; /* [mod = L=1024, N=160], from CAVP KeyPair */ const char* p = "d38311e2cd388c3ed698e82fdf88eb92b5a9a483dc88005d" "4b725ef341eabb47cf8a7a8a41e792a156b7ce97206c4f9c" "5ce6fc5ae7912102b6b502e59050b5b21ce263dddb2044b6" "52236f4d42ab4b5d6aa73189cef1ace778d7845a5c1c1c71" "47123188f8dc551054ee162b634d60f097f719076640e209" "80a0093113a8bd73"; const char* q = "96c5390a8b612c0e422bb2b0ea194a3ec935a281"; const char* g = "06b7861abbd35cc89e79c52f68d20875389b127361ca66822" "138ce4991d2b862259d6b4548a6495b195aa0e0b6137ca37e" "b23b94074d3c3d300042bdf15762812b6333ef7b07ceba786" "07610fcc9ee68491dbc1e34cd12615474e52b18bc934fb00c" "61d39e7da8902291c4434a4e2224c3f4fd9f93cd6f4f17fc0" "76341a7e7d9"; const char* pCompare = "\xd3\x83\x11\xe2\xcd\x38\x8c\x3e\xd6\x98\xe8\x2f" "\xdf\x88\xeb\x92\xb5\xa9\xa4\x83\xdc\x88\x00\x5d" "\x4b\x72\x5e\xf3\x41\xea\xbb\x47\xcf\x8a\x7a\x8a" "\x41\xe7\x92\xa1\x56\xb7\xce\x97\x20\x6c\x4f\x9c" "\x5c\xe6\xfc\x5a\xe7\x91\x21\x02\xb6\xb5\x02\xe5" "\x90\x50\xb5\xb2\x1c\xe2\x63\xdd\xdb\x20\x44\xb6" "\x52\x23\x6f\x4d\x42\xab\x4b\x5d\x6a\xa7\x31\x89" "\xce\xf1\xac\xe7\x78\xd7\x84\x5a\x5c\x1c\x1c\x71" "\x47\x12\x31\x88\xf8\xdc\x55\x10\x54\xee\x16\x2b" "\x63\x4d\x60\xf0\x97\xf7\x19\x07\x66\x40\xe2\x09" "\x80\xa0\x09\x31\x13\xa8\xbd\x73"; const char* qCompare = "\x96\xc5\x39\x0a\x8b\x61\x2c\x0e\x42\x2b\xb2\xb0" "\xea\x19\x4a\x3e\xc9\x35\xa2\x81"; const char* gCompare = "\x06\xb7\x86\x1a\xbb\xd3\x5c\xc8\x9e\x79\xc5\x2f" "\x68\xd2\x08\x75\x38\x9b\x12\x73\x61\xca\x66\x82" "\x21\x38\xce\x49\x91\xd2\xb8\x62\x25\x9d\x6b\x45" "\x48\xa6\x49\x5b\x19\x5a\xa0\xe0\xb6\x13\x7c\xa3" "\x7e\xb2\x3b\x94\x07\x4d\x3c\x3d\x30\x00\x42\xbd" "\xf1\x57\x62\x81\x2b\x63\x33\xef\x7b\x07\xce\xba" "\x78\x60\x76\x10\xfc\xc9\xee\x68\x49\x1d\xbc\x1e" "\x34\xcd\x12\x61\x54\x74\xe5\x2b\x18\xbc\x93\x4f" "\xb0\x0c\x61\xd3\x9e\x7d\xa8\x90\x22\x91\xc4\x43" "\x4a\x4e\x22\x24\xc3\xf4\xfd\x9f\x93\xcd\x6f\x4f" "\x17\xfc\x07\x63\x41\xa7\xe7\xd9"; byte pOut[MAX_DSA_PARAM_SIZE]; byte qOut[MAX_DSA_PARAM_SIZE]; byte gOut[MAX_DSA_PARAM_SIZE]; word32 pOutSz, qOutSz, gOutSz; ret = wc_InitDsaKey(&key); if (ret == 0) { /* first test using imported raw parameters, for expected */ ret = wc_DsaImportParamsRaw(&key, p, q, g); } if (ret == 0) { pOutSz = sizeof(pOut); qOutSz = sizeof(qOut); gOutSz = sizeof(gOut); ret = wc_DsaExportParamsRaw(&key, pOut, &pOutSz, qOut, &qOutSz, gOut, &gOutSz); } if (ret == 0) { /* validate exported parameters are correct */ if ((XMEMCMP(pOut, pCompare, pOutSz) != 0) || (XMEMCMP(qOut, qCompare, qOutSz) != 0) || (XMEMCMP(gOut, gCompare, gOutSz) != 0) ) { ret = -1; } } /* test bad args */ if (ret == 0) { /* null key struct */ ret = wc_DsaExportParamsRaw(NULL, pOut, &pOutSz, qOut, &qOutSz, gOut, &gOutSz); if (ret == BAD_FUNC_ARG) { /* null output pointers */ ret = wc_DsaExportParamsRaw(&key, NULL, &pOutSz, NULL, &qOutSz, NULL, &gOutSz); } if (ret == LENGTH_ONLY_E) { /* null output size pointers */ ret = wc_DsaExportParamsRaw(&key, pOut, NULL, qOut, NULL, gOut, NULL); } if (ret == BAD_FUNC_ARG) { /* p output buffer size too small */ pOutSz = 1; ret = wc_DsaExportParamsRaw(&key, pOut, &pOutSz, qOut, &qOutSz, gOut, &gOutSz); pOutSz = sizeof(pOut); } if (ret == BUFFER_E) { /* q output buffer size too small */ qOutSz = 1; ret = wc_DsaExportParamsRaw(&key, pOut, &pOutSz, qOut, &qOutSz, gOut, &gOutSz); qOutSz = sizeof(qOut); } if (ret == BUFFER_E) { /* g output buffer size too small */ gOutSz = 1; ret = wc_DsaExportParamsRaw(&key, pOut, &pOutSz, qOut, &qOutSz, gOut, &gOutSz); if (ret == BUFFER_E) ret = 0; } } wc_FreeDsaKey(&key); res = TEST_RES_CHECK(ret == 0); #endif return res; } /* END test_wc_DsaExportParamsRaw */ /* * Testing wc_DsaExportKeyRaw() */ static int test_wc_DsaExportKeyRaw(void) { int res = TEST_SKIPPED; #if !defined(NO_DSA) && defined(WOLFSSL_KEY_GEN) DsaKey key; WC_RNG rng; int ret = 0; byte xOut[MAX_DSA_PARAM_SIZE]; byte yOut[MAX_DSA_PARAM_SIZE]; word32 xOutSz, yOutSz; XMEMSET(&rng, 0, sizeof(rng)); XMEMSET(&key, 0, sizeof(key)); ret = wc_InitRng(&rng); if (ret == 0) { ret = wc_InitDsaKey(&key); } if (ret == 0) { ret = wc_MakeDsaParameters(&rng, 1024, &key); if (ret == 0) { ret = wc_MakeDsaKey(&rng, &key); } } /* try successful export */ if (ret == 0) { xOutSz = sizeof(xOut); yOutSz = sizeof(yOut); ret = wc_DsaExportKeyRaw(&key, xOut, &xOutSz, yOut, &yOutSz); } /* test bad args */ if (ret == 0) { /* null key struct */ ret = wc_DsaExportKeyRaw(NULL, xOut, &xOutSz, yOut, &yOutSz); if (ret == BAD_FUNC_ARG) { /* null output pointers */ ret = wc_DsaExportKeyRaw(&key, NULL, &xOutSz, NULL, &yOutSz); } if (ret == LENGTH_ONLY_E) { /* null output size pointers */ ret = wc_DsaExportKeyRaw(&key, xOut, NULL, yOut, NULL); } if (ret == BAD_FUNC_ARG) { /* x output buffer size too small */ xOutSz = 1; ret = wc_DsaExportKeyRaw(&key, xOut, &xOutSz, yOut, &yOutSz); xOutSz = sizeof(xOut); } if (ret == BUFFER_E) { /* y output buffer size too small */ yOutSz = 1; ret = wc_DsaExportKeyRaw(&key, xOut, &xOutSz, yOut, &yOutSz); if (ret == BUFFER_E) ret = 0; } } wc_FreeDsaKey(&key); wc_FreeRng(&rng); res = TEST_RES_CHECK(ret == 0); #endif return res; } /* END test_wc_DsaExportParamsRaw */ /* * Testing wc_ed25519_make_key(). */ static int test_wc_ed25519_make_key(void) { int res = TEST_SKIPPED; #if defined(HAVE_ED25519) ed25519_key key; WC_RNG rng; unsigned char pubkey[ED25519_PUB_KEY_SIZE]; int ret = 0; ret = wc_InitRng(&rng); if (ret == 0) { ret = wc_ed25519_init(&key); } if (ret == 0) { ret = wc_ed25519_make_public(&key, pubkey, sizeof(pubkey)); if (ret == ECC_PRIV_KEY_E) { ret = 0; } else if (ret == 0) { ret = -1; } } if (ret == 0) { ret = wc_ed25519_make_key(&rng, ED25519_KEY_SIZE, &key); } /* Test bad args. */ if (ret == 0) { ret = wc_ed25519_make_key(NULL, ED25519_KEY_SIZE, &key); if (ret == BAD_FUNC_ARG) { ret = wc_ed25519_make_key(&rng, ED25519_KEY_SIZE, NULL); } if (ret == BAD_FUNC_ARG) { ret = wc_ed25519_make_key(&rng, ED25519_KEY_SIZE - 1, &key); } if (ret == BAD_FUNC_ARG) { ret = wc_ed25519_make_key(&rng, ED25519_KEY_SIZE + 1, &key); } if (ret == BAD_FUNC_ARG) { ret = 0; } else if (ret == 0) { ret = WOLFSSL_FATAL_ERROR; } } if (wc_FreeRng(&rng) && ret == 0) { ret = WOLFSSL_FATAL_ERROR; } wc_ed25519_free(&key); res = TEST_RES_CHECK(ret == 0); #endif return res; } /* END test_wc_ed25519_make_key */ /* * Testing wc_ed25519_init() */ static int test_wc_ed25519_init(void) { int res = TEST_SKIPPED; #if defined(HAVE_ED25519) ed25519_key key; int ret = 0; ret = wc_ed25519_init(&key); /* Test bad args. */ if (ret == 0) { ret = wc_ed25519_init(NULL); if (ret == BAD_FUNC_ARG) { ret = 0; } else if (ret == 0) { ret = WOLFSSL_FATAL_ERROR; } } wc_ed25519_free(&key); res = TEST_RES_CHECK(ret == 0); #endif return res; } /* END test_wc_ed25519_init */ /* * Test wc_ed25519_sign_msg() and wc_ed25519_verify_msg() */ static int test_wc_ed25519_sign_msg(void) { int res = TEST_SKIPPED; #if defined(HAVE_ED25519) && defined(HAVE_ED25519_SIGN) WC_RNG rng; ed25519_key key; int ret = 0; byte msg[] = "Everybody gets Friday off.\n"; byte sig[ED25519_SIG_SIZE]; word32 msglen = sizeof(msg); word32 siglen = sizeof(sig); word32 badSigLen = sizeof(sig) - 1; #ifdef HAVE_ED25519_VERIFY int verify_ok = 0; /*1 = Verify success.*/ #endif /* Initialize stack variables. */ XMEMSET(sig, 0, siglen); /* Initialize key. */ ret = wc_InitRng(&rng); if (ret == 0) { ret = wc_ed25519_init(&key); if (ret == 0) { ret = wc_ed25519_make_key(&rng, ED25519_KEY_SIZE, &key); } } if (ret == 0) { ret = wc_ed25519_sign_msg(msg, msglen, sig, &siglen, &key); } /* Test bad args. */ if (ret == 0 && siglen == ED25519_SIG_SIZE) { ret = wc_ed25519_sign_msg(NULL, msglen, sig, &siglen, &key); if (ret == BAD_FUNC_ARG) { ret = wc_ed25519_sign_msg(msg, msglen, NULL, &siglen, &key); } if (ret == BAD_FUNC_ARG) { ret = wc_ed25519_sign_msg(msg, msglen, sig, NULL, &key); } if (ret == BAD_FUNC_ARG) { ret = wc_ed25519_sign_msg(msg, msglen, sig, &siglen, NULL); } if (ret == BAD_FUNC_ARG) { ret = wc_ed25519_sign_msg(msg, msglen, sig, &badSigLen, &key); } if (ret == BUFFER_E && badSigLen == ED25519_SIG_SIZE) { badSigLen -= 1; ret = 0; } else if (ret == 0) { ret = WOLFSSL_FATAL_ERROR; } } /* END sign */ #ifdef HAVE_ED25519_VERIFY if (ret == 0) { ret = wc_ed25519_verify_msg(sig, siglen, msg, msglen, &verify_ok, &key); if (ret == 0 && verify_ok == 1) { ret = 0; } else if (ret == 0) { ret = WOLFSSL_FATAL_ERROR; } /* Test bad args. */ if (ret == 0) { AssertIntEQ(wc_ed25519_verify_msg(sig, siglen - 1, msg, msglen, &verify_ok, &key), BAD_FUNC_ARG); AssertIntEQ(wc_ed25519_verify_msg(sig, siglen + 1, msg, msglen, &verify_ok, &key), BAD_FUNC_ARG); ret = wc_ed25519_verify_msg(NULL, siglen, msg, msglen, &verify_ok, &key); if (ret == BAD_FUNC_ARG) { ret = wc_ed25519_verify_msg(sig, siglen, NULL, msglen, &verify_ok, &key); } if (ret == BAD_FUNC_ARG) { ret = wc_ed25519_verify_msg(sig, siglen, msg, msglen, NULL, &key); } if (ret == BAD_FUNC_ARG) { ret = wc_ed25519_verify_msg(sig, siglen, msg, msglen, &verify_ok, NULL); } if (ret == BAD_FUNC_ARG) { ret = wc_ed25519_verify_msg(sig, badSigLen, msg, msglen, &verify_ok, &key); } if (ret == BAD_FUNC_ARG) { ret = 0; } else if (ret == 0) { ret = WOLFSSL_FATAL_ERROR; } } } /* END verify. */ #endif /* Verify. */ if (wc_FreeRng(&rng) && ret == 0) { ret = WOLFSSL_FATAL_ERROR; } wc_ed25519_free(&key); res = TEST_RES_CHECK(ret == 0); #endif return res; } /* END test_wc_ed25519_sign_msg */ /* * Testing wc_ed25519_import_public() */ static int test_wc_ed25519_import_public(void) { int res = TEST_SKIPPED; #if defined(HAVE_ED25519) && defined(HAVE_ED25519_KEY_IMPORT) WC_RNG rng; ed25519_key pubKey; const byte in[] = "Ed25519PublicKeyUnitTest......\n"; word32 inlen = sizeof(in); int ret = 0; ret = wc_InitRng(&rng); if (ret == 0) { ret = wc_ed25519_init(&pubKey); if (ret == 0) { ret = wc_ed25519_make_key(&rng, ED25519_KEY_SIZE, &pubKey); } } if (ret == 0) { ret = wc_ed25519_import_public_ex(in, inlen, &pubKey, 1); if (ret == 0 && XMEMCMP(in, pubKey.p, inlen) == 0) { ret = 0; } else { ret = WOLFSSL_FATAL_ERROR; } /* Test bad args. */ if (ret == 0) { ret = wc_ed25519_import_public(NULL, inlen, &pubKey); if (ret == BAD_FUNC_ARG) { ret = wc_ed25519_import_public(in, inlen, NULL); } if (ret == BAD_FUNC_ARG) { ret = wc_ed25519_import_public(in, inlen - 1, &pubKey); } if (ret == BAD_FUNC_ARG) { ret = 0; } else if (ret == 0) { ret = WOLFSSL_FATAL_ERROR; } } } if (wc_FreeRng(&rng) && ret == 0) { ret = WOLFSSL_FATAL_ERROR; } wc_ed25519_free(&pubKey); res = TEST_RES_CHECK(ret == 0); #endif return res; } /* END wc_ed25519_import_public */ /* * Testing wc_ed25519_import_private_key() */ static int test_wc_ed25519_import_private_key(void) { int res = TEST_SKIPPED; #if defined(HAVE_ED25519) && defined(HAVE_ED25519_KEY_IMPORT) WC_RNG rng; ed25519_key key; int ret; const byte privKey[] = "Ed25519PrivateKeyUnitTest.....\n"; const byte pubKey[] = "Ed25519PublicKeyUnitTest......\n"; word32 privKeySz = sizeof(privKey); word32 pubKeySz = sizeof(pubKey); #ifdef HAVE_ED25519_KEY_EXPORT byte bothKeys[sizeof(privKey) + sizeof(pubKey)]; word32 bothKeysSz = sizeof(bothKeys); #endif ret = wc_InitRng(&rng); if (ret != 0) { return ret; } ret = wc_ed25519_init(&key); if (ret != 0) { wc_FreeRng(&rng); return ret; } ret = wc_ed25519_make_key(&rng, ED25519_KEY_SIZE, &key); if (ret == 0) { ret = wc_ed25519_import_private_key_ex(privKey, privKeySz, pubKey, pubKeySz, &key, 1); if (ret == 0 && (XMEMCMP(pubKey, key.p, privKeySz) != 0 || XMEMCMP(privKey, key.k, pubKeySz) != 0)) { ret = WOLFSSL_FATAL_ERROR; } } #ifdef HAVE_ED25519_KEY_EXPORT if (ret == 0) ret = wc_ed25519_export_private(&key, bothKeys, &bothKeysSz); if (ret == 0) { ret = wc_ed25519_import_private_key_ex(bothKeys, bothKeysSz, NULL, 0, &key, 1); if (ret == 0 && (XMEMCMP(pubKey, key.p, privKeySz) != 0 || XMEMCMP(privKey, key.k, pubKeySz) != 0)) { ret = WOLFSSL_FATAL_ERROR; } } #endif /* Test bad args. */ if (ret == 0) { ret = wc_ed25519_import_private_key(NULL, privKeySz, pubKey, pubKeySz, &key); if (ret == BAD_FUNC_ARG) { ret = wc_ed25519_import_private_key(privKey, privKeySz, NULL, pubKeySz, &key); } if (ret == BAD_FUNC_ARG) { ret = wc_ed25519_import_private_key(privKey, privKeySz, pubKey, pubKeySz, NULL); } if (ret == BAD_FUNC_ARG) { ret = wc_ed25519_import_private_key(privKey, privKeySz - 1, pubKey, pubKeySz, &key); } if (ret == BAD_FUNC_ARG) { ret = wc_ed25519_import_private_key(privKey, privKeySz, pubKey, pubKeySz - 1, &key); } if (ret == BAD_FUNC_ARG) { ret = wc_ed25519_import_private_key(privKey, privKeySz, NULL, 0, &key); } if (ret == BAD_FUNC_ARG) { ret = 0; } else if (ret == 0) { ret = WOLFSSL_FATAL_ERROR; } } if (wc_FreeRng(&rng) && ret == 0) { ret = WOLFSSL_FATAL_ERROR; } wc_ed25519_free(&key); res = TEST_RES_CHECK(ret == 0); #endif return res; } /* END test_wc_ed25519_import_private_key */ /* * Testing wc_ed25519_export_public() and wc_ed25519_export_private_only() */ static int test_wc_ed25519_export(void) { int res = TEST_SKIPPED; #if defined(HAVE_ED25519) && defined(HAVE_ED25519_KEY_EXPORT) WC_RNG rng; ed25519_key key; int ret = 0; byte priv[ED25519_PRV_KEY_SIZE]; byte pub[ED25519_PUB_KEY_SIZE]; word32 privSz = sizeof(priv); word32 pubSz = sizeof(pub); ret = wc_InitRng(&rng); if (ret != 0) { return ret; } ret = wc_ed25519_init(&key); if (ret != 0) { wc_FreeRng(&rng); return ret; } if (ret == 0) { ret = wc_ed25519_make_key(&rng, ED25519_KEY_SIZE, &key); } if (ret == 0) { ret = wc_ed25519_export_public(&key, pub, &pubSz); if (ret == 0 && (pubSz != ED25519_KEY_SIZE || XMEMCMP(key.p, pub, pubSz) != 0)) { ret = WOLFSSL_FATAL_ERROR; } if (ret == 0) { ret = wc_ed25519_export_public(NULL, pub, &pubSz); if (ret == BAD_FUNC_ARG) { ret = wc_ed25519_export_public(&key, NULL, &pubSz); } if (ret == BAD_FUNC_ARG) { ret = wc_ed25519_export_public(&key, pub, NULL); } if (ret == BAD_FUNC_ARG) { ret = 0; } else if (ret == 0) { ret = WOLFSSL_FATAL_ERROR; } } } if (ret == 0) { ret = wc_ed25519_export_private_only(&key, priv, &privSz); if (ret == 0 && (privSz != ED25519_KEY_SIZE || XMEMCMP(key.k, priv, privSz) != 0)) { ret = WOLFSSL_FATAL_ERROR; } if (ret == 0) { ret = wc_ed25519_export_private_only(NULL, priv, &privSz); if (ret == BAD_FUNC_ARG) { ret = wc_ed25519_export_private_only(&key, NULL, &privSz); } if (ret == BAD_FUNC_ARG) { ret = wc_ed25519_export_private_only(&key, priv, NULL); } if (ret == BAD_FUNC_ARG) { ret = 0; } else if (ret == 0) { ret = WOLFSSL_FATAL_ERROR; } } } if (wc_FreeRng(&rng) && ret == 0) { ret = WOLFSSL_FATAL_ERROR; } wc_ed25519_free(&key); res = TEST_RES_CHECK(ret == 0); #endif return res; } /* END test_wc_ed25519_export */ /* * Testing wc_ed25519_size() */ static int test_wc_ed25519_size(void) { int res = TEST_SKIPPED; #if defined(HAVE_ED25519) WC_RNG rng; ed25519_key key; int ret; ret = wc_InitRng(&rng); if (ret != 0) { return ret; } ret = wc_ed25519_init(&key); if (ret != 0) { wc_FreeRng(&rng); return ret; } ret = wc_ed25519_make_key(&rng, ED25519_KEY_SIZE, &key); if (ret != 0) { wc_FreeRng(&rng); wc_ed25519_free(&key); return ret; } ret = wc_ed25519_size(&key); /* Test bad args. */ if (ret == ED25519_KEY_SIZE) { ret = wc_ed25519_size(NULL); if (ret == BAD_FUNC_ARG) { ret = 0; } } if (ret == 0) { ret = wc_ed25519_sig_size(&key); if (ret == ED25519_SIG_SIZE) { ret = 0; } /* Test bad args. */ if (ret == 0) { ret = wc_ed25519_sig_size(NULL); if (ret == BAD_FUNC_ARG) { ret = 0; } } } /* END wc_ed25519_sig_size() */ if (ret == 0) { ret = wc_ed25519_pub_size(&key); if (ret == ED25519_PUB_KEY_SIZE) { ret = 0; } if (ret == 0) { ret = wc_ed25519_pub_size(NULL); if (ret == BAD_FUNC_ARG) { ret = 0; } } } /* END wc_ed25519_pub_size */ if (ret == 0) { ret = wc_ed25519_priv_size(&key); if (ret == ED25519_PRV_KEY_SIZE) { ret = 0; } if (ret == 0) { ret = wc_ed25519_priv_size(NULL); if (ret == BAD_FUNC_ARG) { ret = 0; } } } /* END wc_ed25519_pub_size */ if (wc_FreeRng(&rng) && ret == 0) { ret = WOLFSSL_FATAL_ERROR; } wc_ed25519_free(&key); res = TEST_RES_CHECK(ret == 0); #endif return res; } /* END test_wc_ed25519_size */ /* * Testing wc_ed25519_export_private() and wc_ed25519_export_key() */ static int test_wc_ed25519_exportKey(void) { int res = TEST_SKIPPED; #if defined(HAVE_ED25519) && defined(HAVE_ED25519_KEY_EXPORT) WC_RNG rng; ed25519_key key; int ret = 0; byte priv[ED25519_PRV_KEY_SIZE]; byte pub[ED25519_PUB_KEY_SIZE]; byte privOnly[ED25519_PRV_KEY_SIZE]; word32 privSz = sizeof(priv); word32 pubSz = sizeof(pub); word32 privOnlySz = sizeof(privOnly); ret = wc_InitRng(&rng); if (ret != 0) { return TEST_FAIL; } ret = wc_ed25519_init(&key); if (ret != 0) { wc_FreeRng(&rng); return TEST_FAIL; } ret = wc_ed25519_make_key(&rng, ED25519_KEY_SIZE, &key); if (ret != 0) { wc_FreeRng(&rng); wc_ed25519_free(&key); return TEST_FAIL; } ret = wc_ed25519_export_private(&key, privOnly, &privOnlySz); if (ret == 0) { ret = wc_ed25519_export_private(NULL, privOnly, &privOnlySz); if (ret == BAD_FUNC_ARG) { ret = wc_ed25519_export_private(&key, NULL, &privOnlySz); } if (ret == BAD_FUNC_ARG) { ret = wc_ed25519_export_private(&key, privOnly, NULL); } if (ret == BAD_FUNC_ARG) { ret = 0; } else if (ret == 0) { ret = WOLFSSL_FATAL_ERROR; } } if (ret == 0) { ret = wc_ed25519_export_key(&key, priv, &privSz, pub, &pubSz); if (ret == 0) { ret = wc_ed25519_export_key(NULL, priv, &privSz, pub, &pubSz); if (ret == BAD_FUNC_ARG) { ret = wc_ed25519_export_key(&key, NULL, &privSz, pub, &pubSz); } if (ret == BAD_FUNC_ARG) { ret = wc_ed25519_export_key(&key, priv, NULL, pub, &pubSz); } if (ret == BAD_FUNC_ARG) { ret = wc_ed25519_export_key(&key, priv, &privSz, NULL, &pubSz); } if (ret == BAD_FUNC_ARG) { ret = wc_ed25519_export_key(&key, priv, &privSz, pub, NULL); } if (ret == BAD_FUNC_ARG) { ret = 0; } else if (ret == 0) { ret = WOLFSSL_FATAL_ERROR; } } } /* END wc_ed25519_export_key() */ /* Cross check output. */ if (ret == 0 && XMEMCMP(priv, privOnly, privSz) != 0) { ret = WOLFSSL_FATAL_ERROR; } if (wc_FreeRng(&rng) && ret == 0) { ret = WOLFSSL_FATAL_ERROR; } wc_ed25519_free(&key); res = TEST_RES_CHECK(ret == 0); #endif return res; } /* END test_wc_ed25519_exportKey */ /* * Testing wc_Ed25519PublicKeyToDer */ static int test_wc_Ed25519PublicKeyToDer(void) { int res = TEST_SKIPPED; #if defined(HAVE_ED25519) && defined(HAVE_ED25519_KEY_EXPORT) && \ (defined(WOLFSSL_CERT_GEN) || defined(WOLFSSL_KEY_GEN)) int tmp; ed25519_key key; byte derBuf[1024]; int ret = 0; /* Test bad args */ tmp = wc_Ed25519PublicKeyToDer(NULL, NULL, 0, 0); if (tmp != BAD_FUNC_ARG) { ret = WOLFSSL_FATAL_ERROR; } if (ret == 0) { wc_ed25519_init(&key); tmp = wc_Ed25519PublicKeyToDer(&key, derBuf, 0, 0); if (tmp != BUFFER_E) { ret = WOLFSSL_FATAL_ERROR; } wc_ed25519_free(&key); } /* Test good args */ if (ret == 0) { WC_RNG rng; ret = wc_InitRng(&rng); if (ret != 0) { return TEST_FAIL; } ret = wc_ed25519_init(&key); if (ret != 0) { wc_FreeRng(&rng); return TEST_FAIL; } ret = wc_ed25519_make_key(&rng, ED25519_KEY_SIZE, &key); if (ret != 0) { wc_FreeRng(&rng); wc_ed25519_free(&key); return TEST_FAIL; } tmp = wc_Ed25519PublicKeyToDer(&key, derBuf, 1024, 1); if (tmp <= 0) { ret = WOLFSSL_FATAL_ERROR; } wc_FreeRng(&rng); wc_ed25519_free(&key); } res = TEST_RES_CHECK(ret == 0); #endif return res; } /* END testing wc_Ed25519PublicKeyToDer */ /* * Testing wc_curve25519_init and wc_curve25519_free. */ static int test_wc_curve25519_init(void) { int res = TEST_SKIPPED; #if defined(HAVE_CURVE25519) curve25519_key key; int ret = 0; ret = wc_curve25519_init(&key); /* Test bad args for wc_curve25519_init */ if (ret == 0) { ret = wc_curve25519_init(NULL); if (ret == BAD_FUNC_ARG) { ret = 0; } else if (ret == 0) { ret = WOLFSSL_FATAL_ERROR; } } /* Test good args for wc_curve_25519_free */ wc_curve25519_free(&key); wc_curve25519_free(NULL); res = TEST_RES_CHECK(ret == 0); #endif return res; } /* END test_wc_curve25519_init and wc_curve_25519_free*/ /* * Testing test_wc_curve25519_size. */ static int test_wc_curve25519_size(void) { int res = TEST_SKIPPED; #if defined(HAVE_CURVE25519) curve25519_key key; int ret = 0; ret = wc_curve25519_init(&key); /* Test good args for wc_curve25519_size */ if (ret == 0) { ret = wc_curve25519_size(&key); } /* Test bad args for wc_curve25519_size */ if (ret != 0) { ret = wc_curve25519_size(NULL); } wc_curve25519_free(&key); res = TEST_RES_CHECK(ret == 0); #endif return res; } /* END test_wc_curve25519_size*/ /* * Testing test_wc_curve25519_export_key_raw(). */ static int test_wc_curve25519_export_key_raw(void) { int res = TEST_SKIPPED; #if defined(HAVE_CURVE25519) && defined(HAVE_CURVE25519_KEY_EXPORT) curve25519_key key; WC_RNG rng; int ret = 0; byte privateKey[CURVE25519_KEYSIZE]; byte publicKey[CURVE25519_KEYSIZE]; word32 prvkSz; word32 pubkSz; byte prik[CURVE25519_KEYSIZE]; byte pubk[CURVE25519_KEYSIZE]; word32 prksz; word32 pbksz; if (0 != wc_InitRng(&rng)) { return TEST_FAIL; } if (0 != wc_curve25519_init(&key)) { wc_FreeRng(&rng); return TEST_FAIL; } ret = wc_curve25519_make_key(&rng, CURVE25519_KEYSIZE, &key); /* bad-argument-test cases target function sould return BAD_FUNC_ARG */ if (ret == 0) { prvkSz = CURVE25519_KEYSIZE; pubkSz = CURVE25519_KEYSIZE; if (BAD_FUNC_ARG != wc_curve25519_export_key_raw( NULL, privateKey, &prvkSz, publicKey, &pubkSz)) { ret = -1; } } if (ret == 0) { prvkSz = CURVE25519_KEYSIZE; pubkSz = CURVE25519_KEYSIZE; if (BAD_FUNC_ARG != wc_curve25519_export_key_raw( &key, NULL, &prvkSz, publicKey, &pubkSz)) { ret = -1; } } if (ret == 0) { prvkSz = CURVE25519_KEYSIZE; pubkSz = CURVE25519_KEYSIZE; if (BAD_FUNC_ARG != wc_curve25519_export_key_raw( &key, privateKey, NULL, publicKey, &pubkSz)) { ret = -1; } } if (ret == 0) { /* prvkSz = CURVE25519_KEYSIZE; */ pubkSz = CURVE25519_KEYSIZE; if (BAD_FUNC_ARG != wc_curve25519_export_key_raw( &key, privateKey, &prvkSz, NULL, &pubkSz)) { ret = -1; } } if (ret == 0) { prvkSz = CURVE25519_KEYSIZE; pubkSz = CURVE25519_KEYSIZE; if (BAD_FUNC_ARG != wc_curve25519_export_key_raw( &key, privateKey, &prvkSz, publicKey, NULL )) { ret = -1; } } /* cross-testing */ if (ret == 0) { prksz = CURVE25519_KEYSIZE; ret = wc_curve25519_export_private_raw(&key, prik, &prksz); } if (ret == 0) { pbksz = CURVE25519_KEYSIZE; ret = wc_curve25519_export_public(&key, pubk, &pbksz); } if (ret == 0) { prvkSz = CURVE25519_KEYSIZE; /* pubkSz = CURVE25519_KEYSIZE; */ ret = wc_curve25519_export_key_raw(&key, privateKey, &prvkSz, publicKey, &pubkSz); } if (ret == 0) { if ((prksz == CURVE25519_KEYSIZE) && (pbksz == CURVE25519_KEYSIZE) && (prvkSz == CURVE25519_KEYSIZE) && (pubkSz == CURVE25519_KEYSIZE)) { if (0 != XMEMCMP(privateKey, prik, CURVE25519_KEYSIZE) || 0 != XMEMCMP(publicKey, pubk, CURVE25519_KEYSIZE)) { ret = -1; } } } wc_curve25519_free(&key); wc_FreeRng(&rng); res = TEST_RES_CHECK(ret == 0); #endif return res; } /* end of test_wc_curve25519_export_key_raw */ /* * Testing test_wc_curve25519_export_key_raw_ex(). */ static int test_wc_curve25519_export_key_raw_ex(void) { int res = TEST_SKIPPED; #if defined(HAVE_CURVE25519) && defined(HAVE_CURVE25519_KEY_EXPORT) curve25519_key key; WC_RNG rng; int ret; byte privateKey[CURVE25519_KEYSIZE]; byte publicKey[CURVE25519_KEYSIZE]; word32 prvkSz; word32 pubkSz; byte prik[CURVE25519_KEYSIZE]; byte pubk[CURVE25519_KEYSIZE]; word32 prksz; word32 pbksz; if (0 != wc_InitRng(&rng)) { return TEST_FAIL; } if (0 != wc_curve25519_init(&key)) { wc_FreeRng(&rng); return TEST_FAIL; } ret = wc_curve25519_make_key(&rng, CURVE25519_KEYSIZE, &key); /* bad-argument-test cases target function sould return BAD_FUNC_ARG */ if (ret == 0) { prvkSz = CURVE25519_KEYSIZE; pubkSz = CURVE25519_KEYSIZE; if (BAD_FUNC_ARG != wc_curve25519_export_key_raw_ex( NULL , privateKey, &prvkSz, publicKey, &pubkSz, EC25519_LITTLE_ENDIAN)) { ret = -1; } } if (ret == 0) { prvkSz = CURVE25519_KEYSIZE; pubkSz = CURVE25519_KEYSIZE; if (BAD_FUNC_ARG != wc_curve25519_export_key_raw_ex( &key , NULL, &prvkSz, publicKey, &pubkSz, EC25519_LITTLE_ENDIAN)) { ret = -1; } } if (ret == 0) { prvkSz = CURVE25519_KEYSIZE; pubkSz = CURVE25519_KEYSIZE; if (BAD_FUNC_ARG != wc_curve25519_export_key_raw_ex( &key,privateKey, NULL, publicKey, &pubkSz, EC25519_LITTLE_ENDIAN)) { ret = -1; } } if (ret == 0) { /* prvkSz = CURVE25519_KEYSIZE; */ pubkSz = CURVE25519_KEYSIZE; if (BAD_FUNC_ARG != wc_curve25519_export_key_raw_ex( &key, privateKey, &prvkSz, NULL, &pubkSz, EC25519_LITTLE_ENDIAN)) { ret = -1; } } if (ret == 0) { prvkSz = CURVE25519_KEYSIZE; pubkSz = CURVE25519_KEYSIZE; if (BAD_FUNC_ARG != wc_curve25519_export_key_raw_ex( &key, privateKey, &prvkSz, publicKey, NULL, EC25519_LITTLE_ENDIAN)) { ret = -1; } } if (ret == 0) { prvkSz = CURVE25519_KEYSIZE; /* pubkSz = CURVE25519_KEYSIZE; */ if (BAD_FUNC_ARG != wc_curve25519_export_key_raw_ex( NULL, privateKey, &prvkSz, publicKey, &pubkSz, EC25519_BIG_ENDIAN)) { ret = -1; } } if (ret == 0) { prvkSz = CURVE25519_KEYSIZE; pubkSz = CURVE25519_KEYSIZE; if (BAD_FUNC_ARG != wc_curve25519_export_key_raw_ex( &key, NULL, &prvkSz, publicKey, &pubkSz, EC25519_BIG_ENDIAN)) { ret = -1; } } if (ret == 0) { prvkSz = CURVE25519_KEYSIZE; pubkSz = CURVE25519_KEYSIZE; if (BAD_FUNC_ARG != wc_curve25519_export_key_raw_ex( &key, privateKey, NULL, publicKey, &pubkSz, EC25519_BIG_ENDIAN)) { ret = -1; } } if (ret == 0) { /* prvkSz = CURVE25519_KEYSIZE; */ pubkSz = CURVE25519_KEYSIZE; if (BAD_FUNC_ARG != wc_curve25519_export_key_raw_ex( &key, privateKey, &prvkSz, NULL, &pubkSz, EC25519_BIG_ENDIAN)) { ret = -1; } } if (ret == 0) { prvkSz = CURVE25519_KEYSIZE; pubkSz = CURVE25519_KEYSIZE; if (BAD_FUNC_ARG != wc_curve25519_export_key_raw_ex( &key, privateKey, &prvkSz, publicKey, NULL, EC25519_BIG_ENDIAN)) { ret = -1; } } /* illegal value for endien */ if (ret == 0) { prvkSz = CURVE25519_KEYSIZE; /* pubkSz = CURVE25519_KEYSIZE; */ if (BAD_FUNC_ARG != wc_curve25519_export_key_raw_ex(&key, privateKey, &prvkSz, publicKey, NULL, EC25519_BIG_ENDIAN + 10)) { ret = -1; } } /* cross-testing */ if (ret == 0) { prksz = CURVE25519_KEYSIZE; ret = wc_curve25519_export_private_raw( &key, prik, &prksz); } if (ret == 0) { pbksz = CURVE25519_KEYSIZE; ret = wc_curve25519_export_public( &key, pubk, &pbksz); } if (ret == 0) { prvkSz = CURVE25519_KEYSIZE; /* pubkSz = CURVE25519_KEYSIZE; */ ret = wc_curve25519_export_key_raw_ex( &key, privateKey, &prvkSz, publicKey, &pubkSz, EC25519_BIG_ENDIAN); } if (ret == 0 && (prksz != CURVE25519_KEYSIZE || pbksz != CURVE25519_KEYSIZE || prvkSz != CURVE25519_KEYSIZE || pubkSz != CURVE25519_KEYSIZE)) { ret = -1; } if (ret == 0 && (0 != XMEMCMP(privateKey, prik, CURVE25519_KEYSIZE) || 0 != XMEMCMP(publicKey, pubk, CURVE25519_KEYSIZE))) { ret = -1; } if (ret == 0) { ret = wc_curve25519_export_key_raw_ex(&key, privateKey, &prvkSz, publicKey, &pubkSz, EC25519_LITTLE_ENDIAN); } if (ret == 0 && (prvkSz != CURVE25519_KEYSIZE || pubkSz != CURVE25519_KEYSIZE)) { ret = -1; } /* try once with another endian */ if (ret == 0) { prvkSz = CURVE25519_KEYSIZE; pubkSz = CURVE25519_KEYSIZE; ret = wc_curve25519_export_key_raw_ex( &key, privateKey, &prvkSz, publicKey, &pubkSz, EC25519_BIG_ENDIAN); } if (ret == 0 && (prvkSz != CURVE25519_KEYSIZE || pubkSz != CURVE25519_KEYSIZE)) { ret = -1; } wc_curve25519_free(&key); wc_FreeRng(&rng); res = TEST_RES_CHECK(ret == 0); #endif return res; } /* end of test_wc_curve25519_export_key_raw_ex */ /* * Testing wc_curve25519_make_key */ static int test_wc_curve25519_make_key(void) { int res = TEST_SKIPPED; #if defined(HAVE_CURVE25519) WC_RNG rng; curve25519_key key; int keysize; int ret; ret = wc_curve25519_init(&key); if (ret == 0) { ret = wc_InitRng(&rng); } if (ret == 0) { ret = wc_curve25519_make_key(&rng, CURVE25519_KEYSIZE, &key); if (ret == 0) { keysize = wc_curve25519_size(&key); if (keysize != CURVE25519_KEYSIZE) { ret = WOLFSSL_FATAL_ERROR; } } if (ret == 0) { ret = wc_curve25519_make_key(&rng, keysize, &key); } } /*test bad cases*/ if (ret == 0) { ret = wc_curve25519_make_key(NULL, 0, NULL); if (ret == BAD_FUNC_ARG) { ret = 0; } } if (ret == 0) { ret = wc_curve25519_make_key(&rng, keysize, NULL); if (ret == BAD_FUNC_ARG) { ret = 0; } } if (ret == 0) { ret = wc_curve25519_make_key(NULL, keysize, &key); if (ret == BAD_FUNC_ARG) { ret = 0; } } if (ret == 0) { ret = wc_curve25519_make_key(&rng, 0, &key); if (ret == ECC_BAD_ARG_E) { ret = 0; } } wc_curve25519_free(&key); wc_FreeRng(&rng); res = TEST_RES_CHECK(ret == 0); #endif return res; } /*END test_wc_curve25519_make_key*/ /* * Testing wc_curve25519_shared_secret_ex */ static int test_wc_curve25519_shared_secret_ex(void) { int res = TEST_SKIPPED; #if defined(HAVE_CURVE25519) WC_RNG rng; curve25519_key private_key, public_key; byte out[CURVE25519_KEYSIZE]; word32 outLen = sizeof(out); int endian = EC25519_BIG_ENDIAN; int ret; ret = wc_curve25519_init(&private_key); if (ret == 0) { ret = wc_curve25519_init(&public_key); } if (ret == 0) { ret = wc_InitRng(&rng); } if (ret == 0) { ret = wc_curve25519_make_key(&rng, CURVE25519_KEYSIZE, &private_key); } if (ret == 0) { ret = wc_curve25519_make_key(&rng, CURVE25519_KEYSIZE, &public_key); } if (ret == 0) { ret = wc_curve25519_shared_secret_ex(&private_key, &public_key, out, &outLen, endian); } /*test bad cases*/ if (ret == 0) { ret = wc_curve25519_shared_secret_ex(NULL, NULL, NULL, 0, endian); if (ret == 0) { ret = -1; } if (ret == BAD_FUNC_ARG) { ret = 0; } } if (ret == 0) { ret = wc_curve25519_shared_secret_ex(NULL, &public_key, out, &outLen, endian); if (ret == 0) { ret = -1; } else if (ret == BAD_FUNC_ARG) { ret = 0; } } if (ret == 0) { ret = wc_curve25519_shared_secret_ex(&private_key, NULL, out, &outLen, endian); if (ret == 0) { ret = -1; } else if (ret == BAD_FUNC_ARG) { ret = 0; } } if (ret == 0) { ret = wc_curve25519_shared_secret_ex(&private_key, &public_key, NULL, &outLen, endian); if (ret == 0) { ret = -1; } else if (ret == BAD_FUNC_ARG) { ret = 0; } } if (ret == 0) { ret = wc_curve25519_shared_secret_ex(&private_key, &public_key, out, NULL, endian); if (ret == 0) { ret = -1; } else if (ret == BAD_FUNC_ARG) { ret = 0; } } if (ret == 0) { /*curve25519.c is checking for public_key size less than or equal to 0x7f, *increasing to 0x8f checks for error being returned*/ public_key.p.point[CURVE25519_KEYSIZE-1] = 0x8F; ret = wc_curve25519_shared_secret_ex(&private_key, &public_key, out, &outLen, endian); if (ret == 0) { ret = -1; } else if (ret == ECC_BAD_ARG_E) { ret = 0; } } outLen = outLen - 2; if (ret == 0) { ret = wc_curve25519_shared_secret_ex(&private_key, &public_key, out, &outLen, endian); if (ret == 0) { ret = -1; } else if (ret == BAD_FUNC_ARG) { ret = 0; } } wc_curve25519_free(&private_key); wc_curve25519_free(&public_key); wc_FreeRng(&rng); res = TEST_RES_CHECK(ret == 0); #endif return res; } /*END test_wc_curve25519_shared_secret_ex*/ /* * Testing wc_curve25519_make_pub */ static int test_wc_curve25519_make_pub(void) { int res = TEST_SKIPPED; #ifdef HAVE_CURVE25519 WC_RNG rng; curve25519_key key; byte out[CURVE25519_KEYSIZE]; int ret; ret = wc_curve25519_init(&key); if (ret == 0) { ret = wc_InitRng(&rng); if (ret == 0) { ret = wc_curve25519_make_key(&rng, CURVE25519_KEYSIZE, &key); } } if (ret == 0) { ret = wc_curve25519_make_pub((int)sizeof(out), out, (int)sizeof(key.k), key.k); } /*test bad cases*/ if (ret == 0) { ret = wc_curve25519_make_pub((int)sizeof(key.k) - 1, key.k, (int)sizeof out, out); if (ret == ECC_BAD_ARG_E) { ret = 0; } } if (ret == 0) { ret = wc_curve25519_make_pub((int)sizeof out, out, (int)sizeof(key.k), NULL); if (ret == ECC_BAD_ARG_E) { ret = 0; } } if (ret == 0) { ret = wc_curve25519_make_pub((int)sizeof out - 1, out, (int)sizeof(key.k), key.k); if (ret == ECC_BAD_ARG_E) { ret = 0; } } if (ret == 0) { ret = wc_curve25519_make_pub((int)sizeof out, NULL, (int)sizeof(key.k), key.k); if (ret == ECC_BAD_ARG_E) { ret = 0; } } if (ret == 0) { /* verify clamping test */ key.k[0] |= ~248; ret = wc_curve25519_make_pub((int)sizeof out, out, (int)sizeof(key.k), key.k); if (ret == ECC_BAD_ARG_E) { ret = 0; } key.k[0] &= 248; } /* repeat the expected-to-succeed test. */ if (ret == 0) { ret = wc_curve25519_make_pub((int)sizeof out, out, (int)sizeof(key.k), key.k); } wc_curve25519_free(&key); wc_FreeRng(&rng); res = TEST_RES_CHECK(ret == 0); #endif return res; } /*END test_wc_curve25519_make_pub */ /* * Testing test_wc_curve25519_export_public_ex */ static int test_wc_curve25519_export_public_ex(void) { int res = TEST_SKIPPED; #if defined(HAVE_CURVE25519) WC_RNG rng; curve25519_key key; byte out[CURVE25519_KEYSIZE]; word32 outLen = sizeof(out); int endian = EC25519_BIG_ENDIAN; int ret; ret = wc_curve25519_init(&key); if (ret == 0) { ret = wc_InitRng(&rng); } if (ret == 0) { ret = wc_curve25519_make_key(&rng, CURVE25519_KEYSIZE, &key); if (ret == 0) { ret = wc_curve25519_export_public(&key, out, &outLen); } if (ret == 0) { ret = wc_curve25519_export_public_ex(&key, out, &outLen, endian); } } /*test bad cases*/ if (ret == 0) { ret = wc_curve25519_export_public_ex(NULL, NULL, NULL, endian); if (ret == BAD_FUNC_ARG) { ret = 0; } } if (ret == 0) { ret = wc_curve25519_export_public_ex(NULL, out, &outLen, endian); if (ret == BAD_FUNC_ARG) { ret = 0; } } if (ret == 0) { ret = wc_curve25519_export_public_ex(&key, NULL, &outLen, endian); if (ret == BAD_FUNC_ARG) { ret = 0; } } if (ret == 0) { ret = wc_curve25519_export_public_ex(&key, out, NULL, endian); if (ret == BAD_FUNC_ARG) { ret = 0; } } outLen = outLen - 2; if (ret == 0) { ret = wc_curve25519_export_public_ex(&key, out, &outLen, endian); if (ret == ECC_BAD_ARG_E) { ret = 0; } } wc_curve25519_free(&key); wc_FreeRng(&rng); res = TEST_RES_CHECK(ret == 0); #endif return res; } /*END test_wc_curve25519_export_public_ex*/ /* * Testing test_wc_curve25519_import_private_raw_ex */ static int test_wc_curve25519_import_private_raw_ex(void) { int res = TEST_SKIPPED; #if defined(HAVE_CURVE25519) WC_RNG rng; curve25519_key key; byte priv[CURVE25519_KEYSIZE]; byte pub[CURVE25519_KEYSIZE]; word32 privSz = sizeof(priv); word32 pubSz = sizeof(pub); int endian = EC25519_BIG_ENDIAN; int ret; ret = wc_curve25519_init(&key); if (ret == 0) { ret = wc_InitRng(&rng); } if (ret == 0) { ret = wc_curve25519_make_key(&rng, CURVE25519_KEYSIZE, &key); if (ret == 0) { ret = wc_curve25519_export_private_raw_ex(&key, priv, &privSz, endian); } if (ret == 0) { ret = wc_curve25519_export_public(&key, pub, &pubSz); } if (ret == 0) { ret = wc_curve25519_import_private_raw_ex(priv, privSz, pub, pubSz, &key, endian); } } /*test bad cases*/ if (ret == 0) { ret = wc_curve25519_import_private_raw_ex(NULL, 0, NULL, 0, NULL, endian); if (ret == BAD_FUNC_ARG) { ret = 0; } } if (ret == 0) { ret = wc_curve25519_import_private_raw_ex(NULL, privSz, pub, pubSz, &key, endian); if (ret == BAD_FUNC_ARG) { ret = 0; } } if (ret == 0) { ret = wc_curve25519_import_private_raw_ex(priv, privSz, NULL, pubSz, &key, endian); if (ret == BAD_FUNC_ARG) { ret = 0; } } if (ret == 0) { ret = wc_curve25519_import_private_raw_ex(priv, privSz, pub, pubSz, NULL, endian); if (ret == BAD_FUNC_ARG) { ret = 0; } } if (ret == 0) { ret = wc_curve25519_import_private_raw_ex(priv, 0, pub, pubSz, &key, endian); if (ret == ECC_BAD_ARG_E) { ret = 0; } } if (ret == 0) { ret = wc_curve25519_import_private_raw_ex(priv, privSz, pub, 0, &key, endian); if (ret == ECC_BAD_ARG_E) { ret = 0; } } if (ret == 0) { ret = wc_curve25519_import_private_raw_ex(priv, privSz, pub, pubSz, &key, EC25519_LITTLE_ENDIAN); } wc_curve25519_free(&key); wc_FreeRng(&rng); res = TEST_RES_CHECK(ret == 0); #endif return res; } /*END test_wc_curve25519_import_private_raw_ex*/ /* * Testing test_wc_curve25519_import_private */ static int test_wc_curve25519_import_private(void) { int res = TEST_SKIPPED; #if defined(HAVE_CURVE25519) curve25519_key key; WC_RNG rng; byte priv[CURVE25519_KEYSIZE]; word32 privSz = sizeof(priv); int ret; ret = wc_curve25519_init(&key); if (ret == 0) { ret = wc_InitRng(&rng); } if (ret == 0) { ret = wc_curve25519_make_key(&rng, CURVE25519_KEYSIZE, &key); if (ret == 0) { ret = wc_curve25519_export_private_raw(&key, priv, &privSz); } } if (ret == 0) { ret = wc_curve25519_import_private(priv, privSz, &key); } wc_curve25519_free(&key); wc_FreeRng(&rng); res = TEST_RES_CHECK(ret == 0); #endif return res; } /*END test_wc_curve25519_import*/ /* * Testing test_wc_curve25519_export_private_raw_ex */ static int test_wc_curve25519_export_private_raw_ex(void) { int res = TEST_SKIPPED; #if defined(HAVE_CURVE25519) curve25519_key key; byte out[CURVE25519_KEYSIZE]; word32 outLen = sizeof(out); int endian = EC25519_BIG_ENDIAN; int ret; ret = wc_curve25519_init(&key); if (ret == 0) { ret = wc_curve25519_export_private_raw_ex(&key, out, &outLen, endian); } /*test bad cases*/ if (ret == 0) { ret = wc_curve25519_export_private_raw_ex(NULL, NULL, NULL, endian); if (ret == BAD_FUNC_ARG) { ret = 0; } } if (ret == 0) { ret = wc_curve25519_export_private_raw_ex(NULL, out, &outLen, endian); if (ret == BAD_FUNC_ARG) { ret = 0; } } if (ret == 0) { ret = wc_curve25519_export_private_raw_ex(&key, NULL, &outLen, endian); if (ret == BAD_FUNC_ARG) { ret = 0; } } if (ret == 0) { ret = wc_curve25519_export_private_raw_ex(&key, out, NULL, endian); if (ret == BAD_FUNC_ARG) { ret = 0; } } if (ret == 0) { ret = wc_curve25519_export_private_raw_ex(&key, out, &outLen, EC25519_LITTLE_ENDIAN); } outLen = outLen - 2; if (ret == 0) { ret = wc_curve25519_export_private_raw_ex(&key, out, &outLen, endian); if (ret == ECC_BAD_ARG_E) { ret = 0; } } wc_curve25519_free(&key); res = TEST_RES_CHECK(ret == 0); #endif return res; }/*END test_wc_curve25519_export_private_raw_ex*/ /* * Testing wc_ed448_make_key(). */ static int test_wc_ed448_make_key(void) { int res = TEST_SKIPPED; #if defined(HAVE_ED448) ed448_key key; WC_RNG rng; unsigned char pubkey[ED448_PUB_KEY_SIZE]; int ret; ret = wc_InitRng(&rng); if (ret == 0) { ret = wc_ed448_init(&key); } if (ret == 0) { ret = wc_ed448_make_public(&key, pubkey, sizeof(pubkey)); if (ret == ECC_PRIV_KEY_E) { ret = 0; } else if (ret == 0) { ret = -1; } } if (ret == 0) { ret = wc_ed448_make_key(&rng, ED448_KEY_SIZE, &key); } /* Test bad args. */ if (ret == 0) { ret = wc_ed448_make_key(NULL, ED448_KEY_SIZE, &key); if (ret == BAD_FUNC_ARG) { ret = wc_ed448_make_key(&rng, ED448_KEY_SIZE, NULL); } if (ret == BAD_FUNC_ARG) { ret = wc_ed448_make_key(&rng, ED448_KEY_SIZE - 1, &key); } if (ret == BAD_FUNC_ARG) { ret = wc_ed448_make_key(&rng, ED448_KEY_SIZE + 1, &key); } if (ret == BAD_FUNC_ARG) { ret = 0; } else if (ret == 0) { ret = WOLFSSL_FATAL_ERROR; } } if (wc_FreeRng(&rng) && ret == 0) { ret = WOLFSSL_FATAL_ERROR; } wc_ed448_free(&key); res = TEST_RES_CHECK(ret == 0); #endif return res; } /* END test_wc_ed448_make_key */ /* * Testing wc_ed448_init() */ static int test_wc_ed448_init(void) { int res = TEST_SKIPPED; #if defined(HAVE_ED448) ed448_key key; int ret; ret = wc_ed448_init(&key); /* Test bad args. */ if (ret == 0) { ret = wc_ed448_init(NULL); if (ret == BAD_FUNC_ARG) { ret = 0; } else if (ret == 0) { ret = WOLFSSL_FATAL_ERROR; } } wc_ed448_free(&key); res = TEST_RES_CHECK(ret == 0); #endif return res; } /* END test_wc_ed448_init */ /* * Test wc_ed448_sign_msg() and wc_ed448_verify_msg() */ static int test_wc_ed448_sign_msg(void) { int res = TEST_SKIPPED; #if defined(HAVE_ED448) && defined(HAVE_ED448_SIGN) WC_RNG rng; ed448_key key; byte msg[] = "Everybody gets Friday off.\n"; byte sig[ED448_SIG_SIZE]; word32 msglen = sizeof(msg); word32 siglen = sizeof(sig); word32 badSigLen = sizeof(sig) - 1; #ifdef HAVE_ED448_VERIFY int verify_ok = 0; /*1 = Verify success.*/ #endif int ret; /* Initialize stack variables. */ XMEMSET(sig, 0, siglen); /* Initialize key. */ ret = wc_InitRng(&rng); if (ret == 0) { ret = wc_ed448_init(&key); if (ret == 0) { ret = wc_ed448_make_key(&rng, ED448_KEY_SIZE, &key); } } if (ret == 0) { ret = wc_ed448_sign_msg(msg, msglen, sig, &siglen, &key, NULL, 0); } /* Test bad args. */ if (ret == 0 && siglen == ED448_SIG_SIZE) { ret = wc_ed448_sign_msg(NULL, msglen, sig, &siglen, &key, NULL, 0); if (ret == BAD_FUNC_ARG) { ret = wc_ed448_sign_msg(msg, msglen, NULL, &siglen, &key, NULL, 0); } if (ret == BAD_FUNC_ARG) { ret = wc_ed448_sign_msg(msg, msglen, sig, NULL, &key, NULL, 0); } if (ret == BAD_FUNC_ARG) { ret = wc_ed448_sign_msg(msg, msglen, sig, &siglen, NULL, NULL, 0); } if (ret == BAD_FUNC_ARG) { ret = wc_ed448_sign_msg(msg, msglen, sig, &badSigLen, &key, NULL, 0); } if (ret == BUFFER_E && badSigLen == ED448_SIG_SIZE) { badSigLen -= 1; ret = 0; } else if (ret == 0) { ret = WOLFSSL_FATAL_ERROR; } } /* END sign */ #ifdef HAVE_ED448_VERIFY if (ret == 0) { ret = wc_ed448_verify_msg(sig, siglen, msg, msglen, &verify_ok, &key, NULL, 0); if (ret == 0 && verify_ok == 1) { ret = 0; } else if (ret == 0) { ret = WOLFSSL_FATAL_ERROR; } /* Test bad args. */ if (ret == 0) { AssertIntEQ(wc_ed448_verify_msg(sig, siglen - 1, msg, msglen, &verify_ok, &key, NULL, 0), BAD_FUNC_ARG); AssertIntEQ(wc_ed448_verify_msg(sig, siglen + 1, msg, msglen, &verify_ok, &key, NULL, 0), BAD_FUNC_ARG); ret = wc_ed448_verify_msg(NULL, siglen, msg, msglen, &verify_ok, &key, NULL, 0); if (ret == BAD_FUNC_ARG) { ret = wc_ed448_verify_msg(sig, siglen, NULL, msglen, &verify_ok, &key, NULL, 0); } if (ret == BAD_FUNC_ARG) { ret = wc_ed448_verify_msg(sig, siglen, msg, msglen, NULL, &key, NULL, 0); } if (ret == BAD_FUNC_ARG) { ret = wc_ed448_verify_msg(sig, siglen, msg, msglen, &verify_ok, NULL, NULL, 0); } if (ret == BAD_FUNC_ARG) { ret = wc_ed448_verify_msg(sig, badSigLen, msg, msglen, &verify_ok, &key, NULL, 0); } if (ret == BAD_FUNC_ARG) { ret = 0; } else if (ret == 0) { ret = WOLFSSL_FATAL_ERROR; } } } /* END verify. */ #endif /* Verify. */ if (wc_FreeRng(&rng) && ret == 0) { ret = WOLFSSL_FATAL_ERROR; } wc_ed448_free(&key); res = TEST_RES_CHECK(ret == 0); #endif return res; } /* END test_wc_ed448_sign_msg */ /* * Testing wc_ed448_import_public() */ static int test_wc_ed448_import_public(void) { int res = TEST_SKIPPED; #if defined(HAVE_ED448) && defined(HAVE_ED448_KEY_IMPORT) WC_RNG rng; ed448_key pubKey; const byte in[] = "Ed448PublicKeyUnitTest.................................\n"; word32 inlen = sizeof(in); int ret = 0; ret = wc_InitRng(&rng); if (ret == 0) { ret = wc_ed448_init(&pubKey); if (ret == 0) { ret = wc_ed448_make_key(&rng, ED448_KEY_SIZE, &pubKey); } } if (ret == 0) { ret = wc_ed448_import_public_ex(in, inlen, &pubKey, 1); if (ret == 0 && XMEMCMP(in, pubKey.p, inlen) == 0) { ret = 0; } else { ret = WOLFSSL_FATAL_ERROR; } /* Test bad args. */ if (ret == 0) { ret = wc_ed448_import_public(NULL, inlen, &pubKey); if (ret == BAD_FUNC_ARG) { ret = wc_ed448_import_public(in, inlen, NULL); } if (ret == BAD_FUNC_ARG) { ret = wc_ed448_import_public(in, inlen - 1, &pubKey); } if (ret == BAD_FUNC_ARG) { ret = 0; } else if (ret == 0) { ret = WOLFSSL_FATAL_ERROR; } } } if (wc_FreeRng(&rng) && ret == 0) { ret = WOLFSSL_FATAL_ERROR; } wc_ed448_free(&pubKey); res = TEST_RES_CHECK(ret == 0); #endif return res; } /* END wc_ed448_import_public */ /* * Testing wc_ed448_import_private_key() */ static int test_wc_ed448_import_private_key(void) { int res = TEST_SKIPPED; #if defined(HAVE_ED448) && defined(HAVE_ED448_KEY_IMPORT) WC_RNG rng; ed448_key key; const byte privKey[] = "Ed448PrivateKeyUnitTest................................\n"; const byte pubKey[] = "Ed448PublicKeyUnitTest.................................\n"; word32 privKeySz = sizeof(privKey); word32 pubKeySz = sizeof(pubKey); #ifdef HAVE_ED448_KEY_EXPORT byte bothKeys[sizeof(privKey) + sizeof(pubKey)]; word32 bothKeysSz = sizeof(bothKeys); #endif int ret; ret = wc_InitRng(&rng); if (ret != 0) { return TEST_FAIL; } ret = wc_ed448_init(&key); if (ret != 0) { wc_FreeRng(&rng); return TEST_FAIL; } ret = wc_ed448_make_key(&rng, ED448_KEY_SIZE, &key); if (ret == 0) { ret = wc_ed448_import_private_key_ex(privKey, privKeySz, pubKey, pubKeySz, &key, 1); if (ret == 0 && (XMEMCMP(pubKey, key.p, privKeySz) != 0 || XMEMCMP(privKey, key.k, pubKeySz) != 0)) { ret = WOLFSSL_FATAL_ERROR; } } #ifdef HAVE_ED448_KEY_EXPORT if (ret == 0) ret = wc_ed448_export_private(&key, bothKeys, &bothKeysSz); if (ret == 0) { ret = wc_ed448_import_private_key_ex(bothKeys, bothKeysSz, NULL, 0, &key, 1); if (ret == 0 && (XMEMCMP(pubKey, key.p, privKeySz) != 0 || XMEMCMP(privKey, key.k, pubKeySz) != 0)) { ret = WOLFSSL_FATAL_ERROR; } } #endif /* Test bad args. */ if (ret == 0) { ret = wc_ed448_import_private_key(NULL, privKeySz, pubKey, pubKeySz, &key); if (ret == BAD_FUNC_ARG) { ret = wc_ed448_import_private_key(privKey, privKeySz, NULL, pubKeySz, &key); } if (ret == BAD_FUNC_ARG) { ret = wc_ed448_import_private_key(privKey, privKeySz, pubKey, pubKeySz, NULL); } if (ret == BAD_FUNC_ARG) { ret = wc_ed448_import_private_key(privKey, privKeySz - 1, pubKey, pubKeySz, &key); } if (ret == BAD_FUNC_ARG) { ret = wc_ed448_import_private_key(privKey, privKeySz, pubKey, pubKeySz - 1, &key); } if (ret == BAD_FUNC_ARG) { ret = wc_ed448_import_private_key(privKey, privKeySz, NULL, 0, &key); } if (ret == BAD_FUNC_ARG) { ret = 0; } else if (ret == 0) { ret = WOLFSSL_FATAL_ERROR; } } if (wc_FreeRng(&rng) && ret == 0) { ret = WOLFSSL_FATAL_ERROR; } wc_ed448_free(&key); res = TEST_RES_CHECK(ret == 0); #endif return res; } /* END test_wc_ed448_import_private_key */ /* * Testing wc_ed448_export_public() and wc_ed448_export_private_only() */ static int test_wc_ed448_export(void) { int res = TEST_SKIPPED; #if defined(HAVE_ED448) && defined(HAVE_ED448_KEY_EXPORT) WC_RNG rng; ed448_key key; byte priv[ED448_PRV_KEY_SIZE]; byte pub[ED448_PUB_KEY_SIZE]; word32 privSz = sizeof(priv); word32 pubSz = sizeof(pub); int ret; ret = wc_InitRng(&rng); if (ret != 0) { return TEST_FAIL; } ret = wc_ed448_init(&key); if (ret != 0) { wc_FreeRng(&rng); return TEST_FAIL; } if (ret == 0) { ret = wc_ed448_make_key(&rng, ED448_KEY_SIZE, &key); } if (ret == 0) { ret = wc_ed448_export_public(&key, pub, &pubSz); if (ret == 0 && (pubSz != ED448_KEY_SIZE || XMEMCMP(key.p, pub, pubSz) != 0)) { ret = WOLFSSL_FATAL_ERROR; } if (ret == 0) { ret = wc_ed448_export_public(NULL, pub, &pubSz); if (ret == BAD_FUNC_ARG) { ret = wc_ed448_export_public(&key, NULL, &pubSz); } if (ret == BAD_FUNC_ARG) { ret = wc_ed448_export_public(&key, pub, NULL); } if (ret == BAD_FUNC_ARG) { ret = 0; } else if (ret == 0) { ret = WOLFSSL_FATAL_ERROR; } } } if (ret == 0) { ret = wc_ed448_export_private_only(&key, priv, &privSz); if (ret == 0 && (privSz != ED448_KEY_SIZE || XMEMCMP(key.k, priv, privSz) != 0)) { ret = WOLFSSL_FATAL_ERROR; } if (ret == 0) { ret = wc_ed448_export_private_only(NULL, priv, &privSz); if (ret == BAD_FUNC_ARG) { ret = wc_ed448_export_private_only(&key, NULL, &privSz); } if (ret == BAD_FUNC_ARG) { ret = wc_ed448_export_private_only(&key, priv, NULL); } if (ret == BAD_FUNC_ARG) { ret = 0; } else if (ret == 0) { ret = WOLFSSL_FATAL_ERROR; } } } if (wc_FreeRng(&rng) && ret == 0) { ret = WOLFSSL_FATAL_ERROR; } wc_ed448_free(&key); res = TEST_RES_CHECK(ret == 0); #endif return res; } /* END test_wc_ed448_export */ /* * Testing wc_ed448_size() */ static int test_wc_ed448_size(void) { int res = TEST_SKIPPED; #if defined(HAVE_ED448) WC_RNG rng; ed448_key key; int ret = 0; ret = wc_InitRng(&rng); if (ret != 0) { return TEST_FAIL; } ret = wc_ed448_init(&key); if (ret != 0) { wc_FreeRng(&rng); return TEST_FAIL; } ret = wc_ed448_make_key(&rng, ED448_KEY_SIZE, &key); if (ret != 0) { wc_FreeRng(&rng); wc_ed448_free(&key); return TEST_FAIL; } ret = wc_ed448_size(&key); /* Test bad args. */ if (ret == ED448_KEY_SIZE) { ret = wc_ed448_size(NULL); if (ret == BAD_FUNC_ARG) { ret = 0; } } if (ret == 0) { ret = wc_ed448_sig_size(&key); if (ret == ED448_SIG_SIZE) { ret = 0; } /* Test bad args. */ if (ret == 0) { ret = wc_ed448_sig_size(NULL); if (ret == BAD_FUNC_ARG) { ret = 0; } } } /* END wc_ed448_sig_size() */ if (ret == 0) { ret = wc_ed448_pub_size(&key); if (ret == ED448_PUB_KEY_SIZE) { ret = 0; } if (ret == 0) { ret = wc_ed448_pub_size(NULL); if (ret == BAD_FUNC_ARG) { ret = 0; } } } /* END wc_ed448_pub_size */ if (ret == 0) { ret = wc_ed448_priv_size(&key); if (ret == ED448_PRV_KEY_SIZE) { ret = 0; } if (ret == 0) { ret = wc_ed448_priv_size(NULL); if (ret == BAD_FUNC_ARG) { ret = 0; } } } /* END wc_ed448_pub_size */ if (wc_FreeRng(&rng) && ret == 0) { ret = WOLFSSL_FATAL_ERROR; } wc_ed448_free(&key); res = TEST_RES_CHECK(ret == 0); #endif return res; } /* END test_wc_ed448_size */ /* * Testing wc_ed448_export_private() and wc_ed448_export_key() */ static int test_wc_ed448_exportKey(void) { int res = TEST_SKIPPED; #if defined(HAVE_ED448) && defined(HAVE_ED448_KEY_EXPORT) WC_RNG rng; ed448_key key; byte priv[ED448_PRV_KEY_SIZE]; byte pub[ED448_PUB_KEY_SIZE]; byte privOnly[ED448_PRV_KEY_SIZE]; word32 privSz = sizeof(priv); word32 pubSz = sizeof(pub); word32 privOnlySz = sizeof(privOnly); int ret; ret = wc_InitRng(&rng); if (ret != 0) { return TEST_FAIL; } ret = wc_ed448_init(&key); if (ret != 0) { wc_FreeRng(&rng); return TEST_FAIL; } ret = wc_ed448_make_key(&rng, ED448_KEY_SIZE, &key); if (ret != 0) { wc_FreeRng(&rng); wc_ed448_free(&key); return TEST_FAIL; } ret = wc_ed448_export_private(&key, privOnly, &privOnlySz); if (ret == 0) { ret = wc_ed448_export_private(NULL, privOnly, &privOnlySz); if (ret == BAD_FUNC_ARG) { ret = wc_ed448_export_private(&key, NULL, &privOnlySz); } if (ret == BAD_FUNC_ARG) { ret = wc_ed448_export_private(&key, privOnly, NULL); } if (ret == BAD_FUNC_ARG) { ret = 0; } else if (ret == 0) { ret = WOLFSSL_FATAL_ERROR; } } if (ret == 0) { ret = wc_ed448_export_key(&key, priv, &privSz, pub, &pubSz); if (ret == 0) { ret = wc_ed448_export_key(NULL, priv, &privSz, pub, &pubSz); if (ret == BAD_FUNC_ARG) { ret = wc_ed448_export_key(&key, NULL, &privSz, pub, &pubSz); } if (ret == BAD_FUNC_ARG) { ret = wc_ed448_export_key(&key, priv, NULL, pub, &pubSz); } if (ret == BAD_FUNC_ARG) { ret = wc_ed448_export_key(&key, priv, &privSz, NULL, &pubSz); } if (ret == BAD_FUNC_ARG) { ret = wc_ed448_export_key(&key, priv, &privSz, pub, NULL); } if (ret == BAD_FUNC_ARG) { ret = 0; } else if (ret == 0) { ret = WOLFSSL_FATAL_ERROR; } } } /* END wc_ed448_export_key() */ /* Cross check output. */ if (ret == 0 && XMEMCMP(priv, privOnly, privSz) != 0) { ret = WOLFSSL_FATAL_ERROR; } if (wc_FreeRng(&rng) && ret == 0) { ret = WOLFSSL_FATAL_ERROR; } wc_ed448_free(&key); res = TEST_RES_CHECK(ret == 0); #endif return res; } /* END test_wc_ed448_exportKey */ /* * Testing wc_Ed448PublicKeyToDer */ static int test_wc_Ed448PublicKeyToDer(void) { int res = TEST_SKIPPED; #if defined(HAVE_ED448) && defined(HAVE_ED448_KEY_EXPORT) && \ (defined(WOLFSSL_CERT_GEN) || defined(WOLFSSL_KEY_GEN)) int tmp; ed448_key key; byte derBuf[1024]; int ret = 0; /* Test bad args */ tmp = wc_Ed448PublicKeyToDer(NULL, NULL, 0, 0); if (tmp != BAD_FUNC_ARG) { ret = WOLFSSL_FATAL_ERROR; } if (ret == 0) { wc_ed448_init(&key); tmp = wc_Ed448PublicKeyToDer(&key, derBuf, 0, 0); if (tmp != BUFFER_E) { ret = WOLFSSL_FATAL_ERROR; } wc_ed448_free(&key); } /* Test good args */ if (ret == 0) { WC_RNG rng; ret = wc_InitRng(&rng); if (ret != 0) { return TEST_FAIL; } ret = wc_ed448_init(&key); if (ret != 0) { wc_FreeRng(&rng); return TEST_FAIL; } ret = wc_ed448_make_key(&rng, ED448_KEY_SIZE, &key); if (ret != 0) { wc_FreeRng(&rng); wc_ed448_free(&key); return TEST_FAIL; } tmp = wc_Ed448PublicKeyToDer(&key, derBuf, 1024, 1); if (tmp <= 0) { ret = WOLFSSL_FATAL_ERROR; } wc_FreeRng(&rng); wc_ed448_free(&key); } res = TEST_RES_CHECK(ret == 0); #endif return res; } /* END testing wc_Ed448PublicKeyToDer */ /* * Testing wc_curve448_init and wc_curve448_free. */ static int test_wc_curve448_init(void) { int res = TEST_SKIPPED; #if defined(HAVE_CURVE448) curve448_key key; int ret = 0; ret = wc_curve448_init(&key); /* Test bad args for wc_curve448_init */ if (ret == 0) { ret = wc_curve448_init(NULL); if (ret == BAD_FUNC_ARG) { ret = 0; } else if (ret == 0) { ret = WOLFSSL_FATAL_ERROR; } } /* Test good args for wc_curve_448_free */ wc_curve448_free(&key); wc_curve448_free(NULL); res = TEST_RES_CHECK(ret == 0); #endif return res; } /* END test_wc_curve448_init and wc_curve_448_free*/ /* * Testing wc_curve448_make_key */ static int test_wc_curve448_make_key(void) { int res = TEST_SKIPPED; #if defined(HAVE_CURVE448) WC_RNG rng; curve448_key key; int keysize; int ret; ret = wc_curve448_init(&key); if (ret == 0) { ret = wc_InitRng(&rng); } if (ret == 0) { ret = wc_curve448_make_key(&rng, CURVE448_KEY_SIZE, &key); if (ret == 0) { keysize = wc_curve448_size(&key); if (keysize != CURVE448_KEY_SIZE) { ret = WOLFSSL_FATAL_ERROR; } } if (ret == 0) { ret = wc_curve448_make_key(&rng, keysize, &key); } } /* test bad cases */ if (ret == 0) { ret = wc_curve448_make_key(NULL, 0, NULL); if (ret == BAD_FUNC_ARG) { ret = 0; } } if (ret == 0) { ret = wc_curve448_make_key(&rng, keysize, NULL); if (ret == BAD_FUNC_ARG) { ret = 0; } } if (ret == 0) { ret = wc_curve448_make_key(NULL, keysize, &key); if (ret == BAD_FUNC_ARG) { ret = 0; } } if (ret == 0) { ret = wc_curve448_make_key(&rng, 0, &key); if (ret == ECC_BAD_ARG_E) { ret = 0; } } if (wc_FreeRng(&rng) != 0 && ret == 0) { ret = WOLFSSL_FATAL_ERROR; } wc_curve448_free(&key); res = TEST_RES_CHECK(ret == 0); #endif return res; } /*END test_wc_curve448_make_key*/ /* * Testing test_wc_curve448_shared_secret_ex */ static int test_wc_curve448_shared_secret_ex(void) { int res = TEST_SKIPPED; #if defined(HAVE_CURVE448) WC_RNG rng; curve448_key private_key, public_key; byte out[CURVE448_KEY_SIZE]; word32 outLen = sizeof(out); int endian = EC448_BIG_ENDIAN; int ret; ret = wc_curve448_init(&private_key); if (ret == 0) { ret = wc_InitRng(&rng); if (ret == 0) { ret = wc_curve448_make_key(&rng, CURVE448_KEY_SIZE, &private_key); } } if (ret == 0) { ret = wc_curve448_init(&public_key); } if (ret == 0) { if (ret == 0) { ret = wc_curve448_make_key(&rng, CURVE448_KEY_SIZE, &public_key); } } if (ret == 0) { ret = wc_curve448_shared_secret_ex(&private_key, &public_key, out, &outLen, endian); } /* test bad cases */ if (ret == 0) { ret = wc_curve448_shared_secret_ex(NULL, NULL, NULL, 0, endian); if (ret == BAD_FUNC_ARG) { ret = 0; } } if (ret == 0) { ret = wc_curve448_shared_secret_ex(NULL, &public_key, out, &outLen, endian); if (ret == BAD_FUNC_ARG) { ret = 0; } } if (ret == 0) { ret = wc_curve448_shared_secret_ex(&private_key, NULL, out, &outLen, endian); if (ret == BAD_FUNC_ARG) { ret = 0; } } if (ret == 0) { ret = wc_curve448_shared_secret_ex(&private_key, &public_key, NULL, &outLen, endian); if (ret == BAD_FUNC_ARG) { ret = 0; } } if (ret == 0) { ret = wc_curve448_shared_secret_ex(&private_key, &public_key, out, NULL, endian); if (ret == BAD_FUNC_ARG) { ret = 0; } } outLen = outLen - 2; if (ret == 0) { ret = wc_curve448_shared_secret_ex(&private_key, &public_key, out, &outLen, endian); if (ret == BAD_FUNC_ARG) { ret = 0; } } wc_curve448_free(&private_key); wc_curve448_free(&public_key); wc_FreeRng(&rng); res = TEST_RES_CHECK(ret == 0); #endif return res; } /*END test_wc_curve448_shared_secret_ex*/ /* * Testing test_wc_curve448_export_public_ex */ static int test_wc_curve448_export_public_ex(void) { int res = TEST_SKIPPED; #if defined(HAVE_CURVE448) WC_RNG rng; curve448_key key; byte out[CURVE448_KEY_SIZE]; word32 outLen = sizeof(out); int endian = EC448_BIG_ENDIAN; int ret; ret = wc_curve448_init(&key); if (ret == 0) { ret = wc_InitRng(&rng); } if (ret == 0) { ret = wc_curve448_make_key(&rng, CURVE448_KEY_SIZE, &key); if (ret == 0) { ret = wc_curve448_export_public(&key, out, &outLen); } if (ret == 0) { ret = wc_curve448_export_public_ex(&key, out, &outLen, endian); } } /*test bad cases*/ if (ret == 0) { ret = wc_curve448_export_public_ex(NULL, NULL, NULL, endian); if (ret == BAD_FUNC_ARG) { ret = 0; } } if (ret == 0) { ret = wc_curve448_export_public_ex(NULL, out, &outLen, endian); if (ret == BAD_FUNC_ARG) { ret = 0; } } if (ret == 0) { ret = wc_curve448_export_public_ex(&key, NULL, &outLen, endian); if (ret == BAD_FUNC_ARG) { ret = 0; } } if (ret == 0) { ret = wc_curve448_export_public_ex(&key, out, NULL, endian); if (ret == BAD_FUNC_ARG) { ret = 0; } } outLen = outLen - 2; if (ret == 0) { ret = wc_curve448_export_public_ex(&key, out, &outLen, endian); if (ret == ECC_BAD_ARG_E) { ret = 0; } } wc_curve448_free(&key); wc_FreeRng(&rng); res = TEST_RES_CHECK(ret == 0); #endif return res; } /*END test_wc_curve448_export_public_ex*/ /* * Testing test_wc_curve448_export_private_raw_ex */ static int test_wc_curve448_export_private_raw_ex(void) { int res = TEST_SKIPPED; #if defined(HAVE_CURVE448) curve448_key key; byte out[CURVE448_KEY_SIZE]; word32 outLen = sizeof(out); int endian = EC448_BIG_ENDIAN; int ret; ret = wc_curve448_init(&key); if (ret == 0) { ret = wc_curve448_export_private_raw_ex(&key, out, &outLen, endian); } /*test bad cases*/ if (ret == 0) { ret = wc_curve448_export_private_raw_ex(NULL, NULL, NULL, endian); if (ret == BAD_FUNC_ARG) { ret = 0; } } if (ret == 0) { ret = wc_curve448_export_private_raw_ex(NULL, out, &outLen, endian); if (ret == BAD_FUNC_ARG) { ret = 0; } } if (ret == 0) { ret = wc_curve448_export_private_raw_ex(&key, NULL, &outLen, endian); if (ret == BAD_FUNC_ARG) { ret = 0; } } if (ret == 0) { ret = wc_curve448_export_private_raw_ex(&key, out, NULL, endian); if (ret == BAD_FUNC_ARG) { ret = 0; } } if (ret == 0) { ret = wc_curve448_export_private_raw_ex(&key, out, &outLen, EC448_LITTLE_ENDIAN); } outLen = outLen - 2; if (ret == 0) { ret = wc_curve448_export_private_raw_ex(&key, out, &outLen, endian); if (ret == ECC_BAD_ARG_E) { ret = 0; } } wc_curve448_free(&key); res = TEST_RES_CHECK(ret == 0); #endif return res; }/*END test_wc_curve448_export_private_raw_ex*/ /* * Testing test_wc_curve448_import_private_raw_ex */ static int test_wc_curve448_import_private_raw_ex(void) { int res = TEST_SKIPPED; #if defined(HAVE_CURVE448) WC_RNG rng; curve448_key key; byte priv[CURVE448_KEY_SIZE]; byte pub[CURVE448_KEY_SIZE]; word32 privSz = sizeof(priv); word32 pubSz = sizeof(pub); int endian = EC448_BIG_ENDIAN; int ret; ret = wc_curve448_init(&key); if (ret == 0) { ret = wc_InitRng(&rng); } if (ret == 0) { ret = wc_curve448_make_key(&rng, CURVE448_KEY_SIZE, &key); if (ret == 0) { ret = wc_curve448_export_private_raw(&key, priv, &privSz); } if (ret == 0) { ret = wc_curve448_export_public(&key, pub, &pubSz); } if (ret == 0) { ret = wc_curve448_import_private_raw_ex(priv, privSz, pub, pubSz, &key, endian); } } /* test bad cases */ if (ret == 0) { ret = wc_curve448_import_private_raw_ex(NULL, 0, NULL, 0, NULL, 0); if (ret == BAD_FUNC_ARG) { ret = 0; } } if (ret == 0) { ret = wc_curve448_import_private_raw_ex(NULL, privSz, pub, pubSz, &key, endian); if (ret == BAD_FUNC_ARG) { ret = 0; } } if (ret == 0) { ret = wc_curve448_import_private_raw_ex(priv, privSz, NULL, pubSz, &key, endian); if (ret == BAD_FUNC_ARG) { ret = 0; } } if (ret == 0) { ret = wc_curve448_import_private_raw_ex(priv, privSz, pub, pubSz, NULL, endian); if (ret == BAD_FUNC_ARG) { ret = 0; } } if (ret == 0) { ret = wc_curve448_import_private_raw_ex(priv, 0, pub, pubSz, &key, endian); if (ret == ECC_BAD_ARG_E) { ret = 0; } } if (ret == 0) { ret = wc_curve448_import_private_raw_ex(priv, privSz, pub, 0, &key, endian); if (ret == ECC_BAD_ARG_E) { ret = 0; } } if (ret == 0) { ret = wc_curve448_import_private_raw_ex(priv, privSz, pub, pubSz, &key, EC448_LITTLE_ENDIAN); } if (wc_FreeRng(&rng) != 0 && ret == 0) { ret = WOLFSSL_FATAL_ERROR; } wc_curve448_free(&key); res = TEST_RES_CHECK(ret == 0); #endif return res; } /*END test_wc_curve448_import_private_raw_ex*/ /* * Testing test_curve448_export_key_raw */ static int test_wc_curve448_export_key_raw(void) { int res = TEST_SKIPPED; #if defined(HAVE_CURVE448) WC_RNG rng; curve448_key key; byte priv[CURVE448_KEY_SIZE]; byte pub[CURVE448_KEY_SIZE]; word32 privSz = sizeof(priv); word32 pubSz = sizeof(pub); int ret; ret = wc_curve448_init(&key); if (ret == 0) { ret = wc_InitRng(&rng); } if (ret == 0) { ret = wc_curve448_make_key(&rng, CURVE448_KEY_SIZE, &key); if (ret == 0) { ret = wc_curve448_export_private_raw(&key, priv, &privSz); } if (ret == 0) { ret = wc_curve448_export_public(&key, pub, &pubSz); } if (ret == 0) { ret = wc_curve448_export_key_raw(&key, priv, &privSz, pub, &pubSz); } } wc_curve448_free(&key); wc_FreeRng(&rng); res = TEST_RES_CHECK(ret == 0); #endif return res; }/*END test_wc_curve448_import_private_raw_ex*/ /* * Testing test_wc_curve448_import_private */ static int test_wc_curve448_import_private(void) { int res = TEST_SKIPPED; #if defined(HAVE_CURVE448) curve448_key key; WC_RNG rng; byte priv[CURVE448_KEY_SIZE]; word32 privSz = sizeof(priv); int ret; ret = wc_curve448_init(&key); if (ret == 0) { ret = wc_InitRng(&rng); } if (ret == 0) { ret = wc_curve448_make_key(&rng, CURVE448_KEY_SIZE, &key); if (ret == 0) { ret = wc_curve448_export_private_raw(&key, priv, &privSz); } } if (ret == 0) { ret = wc_curve448_import_private(priv, privSz, &key); } wc_curve448_free(&key); wc_FreeRng(&rng); res = TEST_RES_CHECK(ret == 0); #endif return res; } /*END test_wc_curve448_import*/ /* * Testing test_wc_curve448_size. */ static int test_wc_curve448_size(void) { int res = TEST_SKIPPED; #if defined(HAVE_CURVE448) curve448_key key; int ret = 0; ret = wc_curve448_init(&key); /* Test good args for wc_curve448_size */ if (ret == 0) { ret = wc_curve448_size(&key); } /* Test bad args for wc_curve448_size */ if (ret != 0) { ret = wc_curve448_size(NULL); } wc_curve448_free(&key); res = TEST_RES_CHECK(ret == 0); #endif return res; } /* END test_wc_curve448_size*/ /* * Testing wc_ecc_make_key. */ static int test_wc_ecc_make_key(void) { int res = TEST_SKIPPED; #if defined(HAVE_ECC) && !defined(WC_NO_RNG) WC_RNG rng; ecc_key key; int ret; ret = wc_InitRng(&rng); if (ret != 0) return TEST_FAIL; ret = wc_ecc_init(&key); if (ret == 0) { ret = wc_ecc_make_key(&rng, KEY14, &key); #if defined(WOLFSSL_ASYNC_CRYPT) ret = wc_AsyncWait(ret, &key.asyncDev, WC_ASYNC_FLAG_NONE); #endif /* Pass in bad args. */ if (ret == 0) { ret = wc_ecc_make_key(NULL, KEY14, &key); if (ret == BAD_FUNC_ARG) { ret = wc_ecc_make_key(&rng, KEY14, NULL); } if (ret == BAD_FUNC_ARG) { ret = 0; } else if (ret == 0) { ret = WOLFSSL_FATAL_ERROR; } } wc_ecc_free(&key); } if (wc_FreeRng(&rng) != 0 && ret == 0) { ret = WOLFSSL_FATAL_ERROR; } #ifdef FP_ECC wc_ecc_fp_free(); #endif res = TEST_RES_CHECK(ret == 0); #endif return res; } /* END test_wc_ecc_make_key */ /* * Testing wc_ecc_init() */ static int test_wc_ecc_init(void) { int res = TEST_SKIPPED; #ifdef HAVE_ECC ecc_key key; int ret; ret = wc_ecc_init(&key); /* Pass in bad args. */ if (ret == 0) { ret = wc_ecc_init(NULL); if (ret == BAD_FUNC_ARG) { ret = 0; } else if (ret == 0) { ret = WOLFSSL_FATAL_ERROR; } } wc_ecc_free(&key); res = TEST_RES_CHECK(ret == 0); #endif return res; } /* END test_wc_ecc_init */ /* * Testing wc_ecc_check_key() */ static int test_wc_ecc_check_key(void) { int res = TEST_SKIPPED; #if defined(HAVE_ECC) && !defined(WC_NO_RNG) WC_RNG rng; ecc_key key; int ret; XMEMSET(&rng, 0, sizeof(rng)); XMEMSET(&key, 0, sizeof(key)); ret = wc_InitRng(&rng); if (ret == 0) { ret = wc_ecc_init(&key); if (ret == 0) { ret = wc_ecc_make_key(&rng, KEY14, &key); #if defined(WOLFSSL_ASYNC_CRYPT) ret = wc_AsyncWait(ret, &key.asyncDev, WC_ASYNC_FLAG_NONE); #endif } } if (ret == 0) { ret = wc_ecc_check_key(&key); } /* Pass in bad args. */ if (ret == 0) { ret = wc_ecc_check_key(NULL); if (ret == BAD_FUNC_ARG) { ret = 0; } else if (ret == 0) { ret = WOLFSSL_FATAL_ERROR; } } if (wc_FreeRng(&rng) && ret == 0) { ret = WOLFSSL_FATAL_ERROR; } wc_ecc_free(&key); #ifdef FP_ECC wc_ecc_fp_free(); #endif res = TEST_RES_CHECK(ret == 0); #endif return res; } /* END test_wc_ecc_check_key */ /* * Testing wc_ecc_get_generator() */ static int test_wc_ecc_get_generator(void) { int res = TEST_SKIPPED; #if defined(HAVE_ECC) && !defined(WC_NO_RNG) && !defined(HAVE_SELFTEST) && \ !defined(HAVE_FIPS) && defined(OPENSSL_EXTRA) ecc_point* pt; int ret = 0; pt = wc_ecc_new_point(); if (!pt) { ret = WOLFSSL_FATAL_ERROR; } if (ret == 0) { ret = wc_ecc_get_generator(pt, wc_ecc_get_curve_idx(ECC_SECP256R1)); } /* Test bad args. */ if (ret == MP_OKAY) { /* Returns Zero for bad arg. */ ret = wc_ecc_get_generator(pt, -1); if (ret != MP_OKAY) wc_ecc_get_generator(NULL, wc_ecc_get_curve_idx(ECC_SECP256R1)); if (ret != MP_OKAY) wc_ecc_get_generator(pt, 1000); /* If we ever get to 1000 curves * increase this number */ if (ret != MP_OKAY) wc_ecc_get_generator(NULL, -1); ret = (ret == MP_OKAY) ? WOLFSSL_FATAL_ERROR : 0; } wc_ecc_del_point(pt); res = TEST_RES_CHECK(ret == 0); #endif return res; } /* END test_wc_ecc_get_generator */ /* * Testing wc_ecc_size() */ static int test_wc_ecc_size(void) { int res = TEST_SKIPPED; #if defined(HAVE_ECC) && !defined(WC_NO_RNG) WC_RNG rng; ecc_key key; int ret; XMEMSET(&rng, 0, sizeof(rng)); XMEMSET(&key, 0, sizeof(key)); ret = wc_InitRng(&rng); if (ret == 0) { ret = wc_ecc_init(&key); if (ret == 0) { ret = wc_ecc_make_key(&rng, KEY14, &key); #if defined(WOLFSSL_ASYNC_CRYPT) ret = wc_AsyncWait(ret, &key.asyncDev, WC_ASYNC_FLAG_NONE); #endif } } if (ret == 0) { ret = wc_ecc_size(&key); if (ret == KEY14) { ret = 0; } else if (ret == 0) { ret = WOLFSSL_FATAL_ERROR; } } /* Test bad args. */ if (ret == 0) { /* Returns Zero for bad arg. */ ret = wc_ecc_size(NULL); } if (wc_FreeRng(&rng) && ret == 0) { ret = WOLFSSL_FATAL_ERROR; } wc_ecc_free(&key); res = TEST_RES_CHECK(ret == 0); #endif return res; } /* END test_wc_ecc_size */ static int test_wc_ecc_params(void) { int res = TEST_SKIPPED; /* FIPS/CAVP self-test modules do not have `wc_ecc_get_curve_params`. It was added after certifications */ #if defined(HAVE_ECC) && !defined(HAVE_FIPS) && !defined(HAVE_SELFTEST) const ecc_set_type* ecc_set; #if !defined(NO_ECC256) && !defined(NO_ECC_SECP) /* Test for SECP256R1 curve */ int curve_id = ECC_SECP256R1; int curve_idx = wc_ecc_get_curve_idx(curve_id); AssertIntNE(curve_idx, ECC_CURVE_INVALID); ecc_set = wc_ecc_get_curve_params(curve_idx); AssertNotNull(ecc_set); AssertIntEQ(ecc_set->id, curve_id); #endif /* Test case when SECP256R1 is not enabled */ /* Test that we get curve params for index 0 */ ecc_set = wc_ecc_get_curve_params(0); AssertNotNull(ecc_set); res = TEST_RES_CHECK(1); #endif /* HAVE_ECC && !HAVE_FIPS && !HAVE_SELFTEST */ return res; } /* * Testing wc_ecc_sign_hash() and wc_ecc_verify_hash() */ static int test_wc_ecc_signVerify_hash(void) { int res = TEST_SKIPPED; #if defined(HAVE_ECC) && defined(HAVE_ECC_SIGN) && !defined(NO_ASN) && !defined(WC_NO_RNG) WC_RNG rng; ecc_key key; int ret; int signH = WOLFSSL_FATAL_ERROR; #ifdef HAVE_ECC_VERIFY int verifyH = WOLFSSL_FATAL_ERROR; int verify = 0; #endif word32 siglen = ECC_BUFSIZE; byte sig[ECC_BUFSIZE]; byte adjustedSig[ECC_BUFSIZE+1]; byte digest[] = TEST_STRING; word32 digestlen = (word32)TEST_STRING_SZ; /* Init stack var */ XMEMSET(sig, 0, siglen); XMEMSET(&key, 0, sizeof(key)); XMEMSET(adjustedSig, 0, ECC_BUFSIZE+1); /* Init structs. */ ret = wc_InitRng(&rng); if (ret == 0) { ret = wc_ecc_init(&key); if (ret == 0) { ret = wc_ecc_make_key(&rng, KEY14, &key); #if defined(WOLFSSL_ASYNC_CRYPT) ret = wc_AsyncWait(ret, &key.asyncDev, WC_ASYNC_FLAG_NONE); #endif } } if (ret == 0) { ret = wc_ecc_sign_hash(digest, digestlen, sig, &siglen, &rng, &key); } /* Check bad args. */ if (ret == 0) { signH = wc_ecc_sign_hash(NULL, digestlen, sig, &siglen, &rng, &key); if (signH == ECC_BAD_ARG_E) { signH = wc_ecc_sign_hash(digest, digestlen, NULL, &siglen, &rng, &key); } if (signH == ECC_BAD_ARG_E) { signH = wc_ecc_sign_hash(digest, digestlen, sig, NULL, &rng, &key); } if (signH == ECC_BAD_ARG_E) { signH = wc_ecc_sign_hash(digest, digestlen, sig, &siglen, NULL, &key); } if (signH == ECC_BAD_ARG_E) { signH = wc_ecc_sign_hash(digest, digestlen, sig, &siglen, &rng, NULL); } if (signH == ECC_BAD_ARG_E) { signH = 0; } else if (ret == 0) { signH = WOLFSSL_FATAL_ERROR; } } #ifdef HAVE_ECC_VERIFY ret = wc_ecc_verify_hash(sig, siglen, digest, digestlen, &verify, &key); if (verify != 1 && ret == 0) { ret = WOLFSSL_FATAL_ERROR; } /* test check on length of signature passed in */ XMEMCPY(adjustedSig, sig, siglen); adjustedSig[1] = adjustedSig[1] + 1; /* add 1 to length for extra byte*/ #ifndef NO_STRICT_ECDSA_LEN AssertIntNE(wc_ecc_verify_hash(adjustedSig, siglen+1, digest, digestlen, &verify, &key), 0); #else /* if NO_STRICT_ECDSA_LEN is set then extra bytes after the signature * is allowed */ AssertIntEQ(wc_ecc_verify_hash(adjustedSig, siglen+1, digest, digestlen, &verify, &key), 0); #endif /* Test bad args. */ if (ret == 0) { verifyH = wc_ecc_verify_hash(NULL, siglen, digest, digestlen, &verify, &key); if (verifyH == ECC_BAD_ARG_E) { verifyH = wc_ecc_verify_hash(sig, siglen, NULL, digestlen, &verify, &key); } if (verifyH == ECC_BAD_ARG_E) { verifyH = wc_ecc_verify_hash(sig, siglen, digest, digestlen, NULL, &key); } if (verifyH == ECC_BAD_ARG_E) { verifyH = wc_ecc_verify_hash(sig, siglen, digest, digestlen, &verify, NULL); } if (verifyH == ECC_BAD_ARG_E) { verifyH = 0; } else if (ret == 0) { verifyH = WOLFSSL_FATAL_ERROR; } } #endif /* HAVE_ECC_VERIFY */ if (wc_FreeRng(&rng) && ret == 0) { ret = WOLFSSL_FATAL_ERROR; } wc_ecc_free(&key); #ifdef FP_ECC wc_ecc_fp_free(); #endif res = TEST_RES_CHECK(ret == 0 && signH == 0 && verifyH == 0); #endif return res; } /* END test_wc_ecc_sign_hash */ /* * Testing wc_ecc_shared_secret() */ static int test_wc_ecc_shared_secret(void) { int res = TEST_SKIPPED; #if defined(HAVE_ECC) && defined(HAVE_ECC_DHE) && !defined(WC_NO_RNG) ecc_key key, pubKey; WC_RNG rng; int ret; byte out[KEY32]; int keySz = sizeof(out); word32 outlen = (word32)sizeof(out); #if defined(HAVE_ECC) && !defined(NO_ECC256) const char* qx = "bb33ac4c27504ac64aa504c33cde9f36db722dce94ea2bfacb2009392c16e861"; const char* qy = "02e9af4dd302939a315b9792217ff0cf18da9111023486e82058330b803489d8"; const char* d = "45b66902739c6c85a1385b72e8e8c7acc4038d533504fa6c28dc348de1a8098c"; const char* curveName = "SECP256R1"; const byte expected_shared_secret[] = { 0x65, 0xc0, 0xd4, 0x61, 0x17, 0xe6, 0x09, 0x75, 0xf0, 0x12, 0xa0, 0x4d, 0x0b, 0x41, 0x30, 0x7a, 0x51, 0xf0, 0xb3, 0xaf, 0x23, 0x8f, 0x0f, 0xdf, 0xf1, 0xff, 0x23, 0x64, 0x28, 0xca, 0xf8, 0x06 }; #endif PRIVATE_KEY_UNLOCK(); /* Initialize variables. */ XMEMSET(out, 0, keySz); XMEMSET(&rng, 0, sizeof(rng)); XMEMSET(&key, 0, sizeof(key)); XMEMSET(&pubKey, 0, sizeof(pubKey)); ret = wc_InitRng(&rng); if (ret == 0) { ret = wc_ecc_init(&key); if (ret == 0) { ret = wc_ecc_init(&pubKey); } } #if defined(HAVE_ECC) && !defined(NO_ECC256) if (ret == 0) { ret = wc_ecc_import_raw(&key, qx, qy, d, curveName); } if (ret == 0) { ret = wc_ecc_import_raw(&pubKey, qx, qy, NULL, curveName); } #else if (ret == 0) { ret = wc_ecc_make_key(&rng, keySz, &key); #if defined(WOLFSSL_ASYNC_CRYPT) ret = wc_AsyncWait(ret, &key.asyncDev, WC_ASYNC_FLAG_NONE); #endif } if (ret == 0) { ret = wc_ecc_make_key(&rng, keySz, &pubKey); #if defined(WOLFSSL_ASYNC_CRYPT) ret = wc_AsyncWait(ret, &pubKey.asyncDev, WC_ASYNC_FLAG_NONE); #endif } #endif #if defined(ECC_TIMING_RESISTANT) && (!defined(HAVE_FIPS) || \ (!defined(HAVE_FIPS_VERSION) || (HAVE_FIPS_VERSION != 2))) && \ !defined(HAVE_SELFTEST) if (ret == 0) { ret = wc_ecc_set_rng(&key, &rng); } #endif if (ret == 0) { ret = wc_ecc_shared_secret(&key, &pubKey, out, &outlen); #if defined(HAVE_ECC) && !defined(NO_ECC256) if (ret == 0) { if (0 != XMEMCMP(out, expected_shared_secret, outlen)) { ret = WOLFSSL_FATAL_ERROR; } } #endif /* Test bad args. */ if (ret == 0) { ret = wc_ecc_shared_secret(NULL, &pubKey, out, &outlen); if (ret == BAD_FUNC_ARG) { ret = wc_ecc_shared_secret(&key, NULL, out, &outlen); } if (ret == BAD_FUNC_ARG) { ret = wc_ecc_shared_secret(&key, &pubKey, NULL, &outlen); } if (ret == BAD_FUNC_ARG) { ret = wc_ecc_shared_secret(&key, &pubKey, out, NULL); } if (ret == BAD_FUNC_ARG) { /* Invalid length */ outlen = 1; ret = wc_ecc_shared_secret(&key, &pubKey, out, &outlen); } if (ret == BUFFER_E) { ret = 0; } else if (ret == 0) { ret = WOLFSSL_FATAL_ERROR; } } } if (wc_FreeRng(&rng) && ret == 0) { ret = WOLFSSL_FATAL_ERROR; } wc_ecc_free(&key); wc_ecc_free(&pubKey); #ifdef FP_ECC wc_ecc_fp_free(); #endif PRIVATE_KEY_LOCK(); res = TEST_RES_CHECK(ret == 0); #endif return res; } /* END tests_wc_ecc_shared_secret */ /* * testint wc_ecc_export_x963() */ static int test_wc_ecc_export_x963(void) { int res = TEST_SKIPPED; #if defined(HAVE_ECC) && defined(HAVE_ECC_KEY_EXPORT) && !defined(WC_NO_RNG) ecc_key key; WC_RNG rng; byte out[ECC_ASN963_MAX_BUF_SZ]; word32 outlen = sizeof(out); int ret = 0; PRIVATE_KEY_UNLOCK(); /* Initialize variables. */ XMEMSET(out, 0, outlen); XMEMSET(&rng, 0, sizeof(rng)); XMEMSET(&key, 0, sizeof(key)); ret = wc_InitRng(&rng); if (ret == 0) { ret = wc_ecc_init(&key); if (ret == 0) { ret = wc_ecc_make_key(&rng, KEY20, &key); #if defined(WOLFSSL_ASYNC_CRYPT) ret = wc_AsyncWait(ret, &key.asyncDev, WC_ASYNC_FLAG_NONE); #endif } } if (ret == 0) { ret = wc_ecc_export_x963(&key, out, &outlen); } /* Test bad args. */ if (ret == 0) { ret = wc_ecc_export_x963(NULL, out, &outlen); if (ret == ECC_BAD_ARG_E) { ret = wc_ecc_export_x963(&key, NULL, &outlen); } if (ret == LENGTH_ONLY_E) { ret = wc_ecc_export_x963(&key, out, NULL); } if (ret == ECC_BAD_ARG_E) { key.idx = -4; ret = wc_ecc_export_x963(&key, out, &outlen); } if (ret == ECC_BAD_ARG_E) { ret = 0; } else { ret = WOLFSSL_FATAL_ERROR; } } if (wc_FreeRng(&rng) && ret == 0) { ret = WOLFSSL_FATAL_ERROR; } wc_ecc_free(&key); #ifdef FP_ECC wc_ecc_fp_free(); #endif PRIVATE_KEY_LOCK(); res = TEST_RES_CHECK(ret == 0); #endif return res; } /* END test_wc_ecc_export_x963 */ /* * Testing wc_ecc_export_x963_ex() * compile with --enable-compkey will use compression. */ static int test_wc_ecc_export_x963_ex(void) { int res = TEST_SKIPPED; #if defined(HAVE_ECC) && defined(HAVE_ECC_KEY_EXPORT) && !defined(WC_NO_RNG) ecc_key key; WC_RNG rng; int ret = 0; byte out[ECC_ASN963_MAX_BUF_SZ]; word32 outlen = sizeof(out); #ifdef HAVE_COMP_KEY word32 badOutLen = 5; #endif /* Init stack variables. */ XMEMSET(out, 0, outlen); XMEMSET(&rng, 0, sizeof(rng)); XMEMSET(&key, 0, sizeof(key)); ret = wc_InitRng(&rng); if (ret == 0) { ret = wc_ecc_init(&key); if (ret == 0) { ret = wc_ecc_make_key(&rng, KEY64, &key); #if defined(WOLFSSL_ASYNC_CRYPT) ret = wc_AsyncWait(ret, &key.asyncDev, WC_ASYNC_FLAG_NONE); #endif } } #ifdef HAVE_COMP_KEY if (ret == 0) { ret = wc_ecc_export_x963_ex(&key, out, &outlen, COMP); } #else if (ret == 0) { ret = wc_ecc_export_x963_ex(&key, out, &outlen, NOCOMP); } #endif /* Test bad args. */ #ifdef HAVE_COMP_KEY if (ret == 0) { ret = wc_ecc_export_x963_ex(NULL, out, &outlen, COMP); if (ret == BAD_FUNC_ARG) { ret = wc_ecc_export_x963_ex(&key, NULL, &outlen, COMP); } if (ret == BAD_FUNC_ARG) { ret = wc_ecc_export_x963_ex(&key, out, NULL, COMP); } if (ret == BAD_FUNC_ARG) { ret = wc_ecc_export_x963_ex(&key, out, &badOutLen, COMP); } #if defined(HAVE_FIPS) && (!defined(FIPS_VERSION_LT) || FIPS_VERSION_LT(5,3)) if (ret == BUFFER_E) #else if (ret == LENGTH_ONLY_E) #endif { key.idx = -4; ret = wc_ecc_export_x963_ex(&key, out, &outlen, COMP); } if (ret == ECC_BAD_ARG_E) { ret = 0; } else { ret = WOLFSSL_FATAL_ERROR; } } #else if (ret == 0) { ret = wc_ecc_export_x963_ex(NULL, out, &outlen, NOCOMP); if (ret == BAD_FUNC_ARG) { ret = wc_ecc_export_x963_ex(&key, NULL, &outlen, NOCOMP); } if (ret == BAD_FUNC_ARG) { ret = wc_ecc_export_x963_ex(&key, out, &outlen, 1); } if (ret == NOT_COMPILED_IN) { ret = wc_ecc_export_x963_ex(&key, out, NULL, NOCOMP); } if (ret == BAD_FUNC_ARG) { key.idx = -4; ret = wc_ecc_export_x963_ex(&key, out, &outlen, NOCOMP); } if (ret == ECC_BAD_ARG_E) { ret = 0; } else if (ret == 0) { ret = WOLFSSL_FATAL_ERROR; } } #endif if (wc_FreeRng(&rng) && ret == 0) { ret = WOLFSSL_FATAL_ERROR; } wc_ecc_free(&key); #ifdef FP_ECC wc_ecc_fp_free(); #endif res = TEST_RES_CHECK(ret == 0); #endif return res; } /* END test_wc_ecc_export_x963_ex */ /* * testing wc_ecc_import_x963() */ static int test_wc_ecc_import_x963(void) { int res = TEST_SKIPPED; #if defined(HAVE_ECC) && defined(HAVE_ECC_KEY_IMPORT) && \ defined(HAVE_ECC_KEY_EXPORT) && !defined(WC_NO_RNG) ecc_key pubKey, key; WC_RNG rng; byte x963[ECC_ASN963_MAX_BUF_SZ]; word32 x963Len = (word32)sizeof(x963); int ret; /* Init stack variables. */ XMEMSET(x963, 0, x963Len); XMEMSET(&rng, 0, sizeof(rng)); XMEMSET(&key, 0, sizeof(key)); XMEMSET(&pubKey, 0, sizeof(pubKey)); ret = wc_InitRng(&rng); if (ret == 0) { ret = wc_ecc_init(&pubKey); if (ret == 0) { ret = wc_ecc_init(&key); } if (ret == 0) { ret = wc_ecc_make_key(&rng, KEY24, &key); #if defined(WOLFSSL_ASYNC_CRYPT) ret = wc_AsyncWait(ret, &key.asyncDev, WC_ASYNC_FLAG_NONE); #endif } if (ret == 0) { PRIVATE_KEY_UNLOCK(); ret = wc_ecc_export_x963(&key, x963, &x963Len); PRIVATE_KEY_LOCK(); } } if (ret == 0) { ret = wc_ecc_import_x963(x963, x963Len, &pubKey); } /* Test bad args. */ if (ret == 0) { ret = wc_ecc_import_x963(NULL, x963Len, &pubKey); if (ret == BAD_FUNC_ARG) { ret = wc_ecc_import_x963(x963, x963Len, NULL); } if (ret == BAD_FUNC_ARG) { ret = wc_ecc_import_x963(x963, x963Len + 1, &pubKey); } if (ret == ECC_BAD_ARG_E) { ret = 0; } else if (ret == 0) { ret = WOLFSSL_FATAL_ERROR; } } if (wc_FreeRng(&rng) && ret == 0) { ret = WOLFSSL_FATAL_ERROR; } wc_ecc_free(&key); wc_ecc_free(&pubKey); #ifdef FP_ECC wc_ecc_fp_free(); #endif res = TEST_RES_CHECK(ret == 0); #endif return res; } /* END wc_ecc_import_x963 */ /* * testing wc_ecc_import_private_key() */ static int ecc_import_private_key(void) { int res = TEST_SKIPPED; #if defined(HAVE_ECC) && defined(HAVE_ECC_KEY_IMPORT) && \ defined(HAVE_ECC_KEY_EXPORT) && !defined(WC_NO_RNG) ecc_key key, keyImp; WC_RNG rng; byte privKey[ECC_PRIV_KEY_BUF]; /* Raw private key.*/ byte x963Key[ECC_ASN963_MAX_BUF_SZ]; word32 privKeySz = (word32)sizeof(privKey); word32 x963KeySz = (word32)sizeof(x963Key); int ret; /* Init stack variables. */ XMEMSET(privKey, 0, privKeySz); XMEMSET(x963Key, 0, x963KeySz); XMEMSET(&rng, 0, sizeof(rng)); XMEMSET(&key, 0, sizeof(key)); XMEMSET(&keyImp, 0, sizeof(keyImp)); ret = wc_InitRng(&rng); if (ret == 0) { ret = wc_ecc_init(&key); if (ret == 0) { ret = wc_ecc_init(&keyImp); } if (ret == 0) { ret = wc_ecc_make_key(&rng, KEY48, &key); #if defined(WOLFSSL_ASYNC_CRYPT) ret = wc_AsyncWait(ret, &key.asyncDev, WC_ASYNC_FLAG_NONE); #endif } if (ret == 0) { PRIVATE_KEY_UNLOCK(); ret = wc_ecc_export_x963(&key, x963Key, &x963KeySz); PRIVATE_KEY_LOCK(); } if (ret == 0) { ret = wc_ecc_export_private_only(&key, privKey, &privKeySz); } } if (ret == 0) { ret = wc_ecc_import_private_key(privKey, privKeySz, x963Key, x963KeySz, &keyImp); } /* Pass in bad args. */ if (ret == 0) { ret = wc_ecc_import_private_key(privKey, privKeySz, x963Key, x963KeySz, NULL); if (ret == BAD_FUNC_ARG) { ret = wc_ecc_import_private_key(NULL, privKeySz, x963Key, x963KeySz, &keyImp); } if (ret == BAD_FUNC_ARG) { ret = 0; } else if (ret == 0) { ret = WOLFSSL_FATAL_ERROR; } } if (wc_FreeRng(&rng) && ret == 0) { ret = WOLFSSL_FATAL_ERROR; } wc_ecc_free(&key); wc_ecc_free(&keyImp); #ifdef FP_ECC wc_ecc_fp_free(); #endif res = TEST_RES_CHECK(ret == 0); #endif return res; } /* END wc_ecc_import_private_key */ /* * Testing wc_ecc_export_private_only() */ static int test_wc_ecc_export_private_only(void) { int res = TEST_SKIPPED; #if defined(HAVE_ECC) && defined(HAVE_ECC_KEY_EXPORT) && !defined(WC_NO_RNG) ecc_key key; WC_RNG rng; byte out[ECC_PRIV_KEY_BUF]; word32 outlen = sizeof(out); int ret; /* Init stack variables. */ XMEMSET(out, 0, outlen); XMEMSET(&rng, 0, sizeof(rng)); XMEMSET(&key, 0, sizeof(key)); ret = wc_InitRng(&rng); if (ret == 0) { ret = wc_ecc_init(&key); if (ret == 0) { ret = wc_ecc_make_key(&rng, KEY32, &key); #if defined(WOLFSSL_ASYNC_CRYPT) ret = wc_AsyncWait(ret, &key.asyncDev, WC_ASYNC_FLAG_NONE); #endif } } if (ret == 0) { ret = wc_ecc_export_private_only(&key, out, &outlen); } /* Pass in bad args. */ if (ret == 0) { ret = wc_ecc_export_private_only(NULL, out, &outlen); if (ret == BAD_FUNC_ARG) { ret = wc_ecc_export_private_only(&key, NULL, &outlen); } if (ret == BAD_FUNC_ARG) { ret = wc_ecc_export_private_only(&key, out, NULL); } if (ret == BAD_FUNC_ARG) { ret = 0; } else if (ret == 0) { ret = WOLFSSL_FATAL_ERROR; } } if (wc_FreeRng(&rng) && ret == 0) { ret = WOLFSSL_FATAL_ERROR; } wc_ecc_free(&key); #ifdef FP_ECC wc_ecc_fp_free(); #endif res = TEST_RES_CHECK(ret == 0); #endif return res; } /* END test_wc_ecc_export_private_only */ /* * Testing wc_ecc_rs_to_sig() */ static int test_wc_ecc_rs_to_sig(void) { int res = TEST_SKIPPED; #if defined(HAVE_ECC) && !defined(NO_ASN) /* first [P-192,SHA-1] vector from FIPS 186-3 NIST vectors */ const char* R = "6994d962bdd0d793ffddf855ec5bf2f91a9698b46258a63e"; const char* S = "02ba6465a234903744ab02bc8521405b73cf5fc00e1a9f41"; const char* zeroStr = "0"; byte sig[ECC_MAX_SIG_SIZE]; word32 siglen = (word32)sizeof(sig); /*R and S max size is the order of curve. 2^192.*/ int keySz = KEY24; byte r[KEY24]; byte s[KEY24]; word32 rlen = (word32)sizeof(r); word32 slen = (word32)sizeof(s); int ret; /* Init stack variables. */ XMEMSET(sig, 0, ECC_MAX_SIG_SIZE); XMEMSET(r, 0, keySz); XMEMSET(s, 0, keySz); ret = wc_ecc_rs_to_sig(R, S, sig, &siglen); if (ret == 0) { ret = wc_ecc_sig_to_rs(sig, siglen, r, &rlen, s, &slen); #if !defined(HAVE_SELFTEST) && !defined(HAVE_FIPS) || \ (defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION > 2)) if (ret == ASN_PARSE_E) { ret = 0; } #endif } /* Test bad args. */ if (ret == 0) { ret = wc_ecc_rs_to_sig(NULL, S, sig, &siglen); if (ret == ECC_BAD_ARG_E) { ret = wc_ecc_rs_to_sig(R, NULL, sig, &siglen); } if (ret == ECC_BAD_ARG_E) { ret = wc_ecc_rs_to_sig(R, S, sig, NULL); } if (ret == ECC_BAD_ARG_E) { ret = wc_ecc_rs_to_sig(R, S, NULL, &siglen); } if (ret == ECC_BAD_ARG_E) { ret = wc_ecc_rs_to_sig(R, zeroStr, sig, &siglen); } if (ret == MP_ZERO_E) { ret = wc_ecc_rs_to_sig(zeroStr, S, sig, &siglen); } if (ret == MP_ZERO_E) { ret = wc_ecc_sig_to_rs(NULL, siglen, r, &rlen, s, &slen); } if (ret == ECC_BAD_ARG_E) { ret = wc_ecc_sig_to_rs(sig, siglen, NULL, &rlen, s, &slen); } if (ret == ECC_BAD_ARG_E) { ret = wc_ecc_sig_to_rs(sig, siglen, r, NULL, s, &slen); } if (ret == ECC_BAD_ARG_E) { ret = wc_ecc_sig_to_rs(sig, siglen, r, &rlen, NULL, &slen); } if (ret == ECC_BAD_ARG_E) { ret = wc_ecc_sig_to_rs(sig, siglen, r, &rlen, s, NULL); } if (ret == ECC_BAD_ARG_E) { ret = 0; } else if (ret == 0) { ret = WOLFSSL_FATAL_ERROR; } } res = TEST_RES_CHECK(ret == 0); #endif return res; } /* END test_wc_ecc_rs_to_sig */ static int test_wc_ecc_import_raw(void) { int res = TEST_SKIPPED; #if defined(HAVE_ECC) && !defined(NO_ECC256) ecc_key key; int ret = 0; const char* qx = "bb33ac4c27504ac64aa504c33cde9f36db722dce94ea2bfacb2009392c16e861"; const char* qy = "02e9af4dd302939a315b9792217ff0cf18da9111023486e82058330b803489d8"; const char* d = "45b66902739c6c85a1385b72e8e8c7acc4038d533504fa6c28dc348de1a8098c"; const char* curveName = "SECP256R1"; #ifdef WOLFSSL_VALIDATE_ECC_IMPORT const char* kNullStr = ""; #endif ret = wc_ecc_init(&key); /* Test good import */ if (ret == 0) { ret = wc_ecc_import_raw(&key, qx, qy, d, curveName); } /* Test bad args. */ if (ret == 0) { ret = wc_ecc_import_raw(NULL, qx, qy, d, curveName); if (ret == BAD_FUNC_ARG) { ret = wc_ecc_import_raw(&key, NULL, qy, d, curveName); } if (ret == BAD_FUNC_ARG) { ret = wc_ecc_import_raw(&key, qx, NULL, d, curveName); } if (ret == BAD_FUNC_ARG) { ret = wc_ecc_import_raw(&key, qx, qy, d, NULL); } #ifdef WOLFSSL_VALIDATE_ECC_IMPORT if (ret == BAD_FUNC_ARG) { #if !defined(USE_FAST_MATH) && !defined(WOLFSSL_SP_MATH) wc_ecc_free(&key); #endif ret = wc_ecc_import_raw(&key, kNullStr, kNullStr, kNullStr, curveName); if (ret == ECC_INF_E) ret = BAD_FUNC_ARG; /* This is expected by other tests */ } #endif #if !defined(HAVE_SELFTEST) && !defined(HAVE_FIPS) if (ret == BAD_FUNC_ARG) { #if !defined(USE_FAST_MATH) && !defined(WOLFSSL_SP_MATH) wc_ecc_free(&key); #endif ret = wc_ecc_import_raw(&key, "0", qy, d, curveName); /* Note: SP math "is point" failure returns MP_VAL */ if (ret == ECC_INF_E || ret == MP_VAL) { ret = BAD_FUNC_ARG; /* This is expected by other tests */ } } if (ret == BAD_FUNC_ARG) { #if !defined(USE_FAST_MATH) && !defined(WOLFSSL_SP_MATH) wc_ecc_free(&key); #endif ret = wc_ecc_import_raw(&key, qx, "0", d, curveName); /* Note: SP math "is point" failure returns MP_VAL */ if (ret == ECC_INF_E || ret == MP_VAL) { ret = BAD_FUNC_ARG; /* This is expected by other tests */ } } #endif if (ret == BAD_FUNC_ARG) { ret = 0; } } wc_ecc_free(&key); res = TEST_RES_CHECK(ret == 0); #endif return res; } /* END test_wc_ecc_import_raw */ static int test_wc_ecc_import_unsigned(void) { int res = TEST_SKIPPED; #if defined(HAVE_ECC) && !defined(NO_ECC256) && !defined(HAVE_SELFTEST) && \ (!defined(HAVE_FIPS) || (defined(HAVE_FIPS_VERSION) && HAVE_FIPS_VERSION >= 2)) ecc_key key; const byte qx[] = { 0xbb, 0x33, 0xac, 0x4c, 0x27, 0x50, 0x4a, 0xc6, 0x4a, 0xa5, 0x04, 0xc3, 0x3c, 0xde, 0x9f, 0x36, 0xdb, 0x72, 0x2d, 0xce, 0x94, 0xea, 0x2b, 0xfa, 0xcb, 0x20, 0x09, 0x39, 0x2c, 0x16, 0xe8, 0x61 }; const byte qy[] = { 0x02, 0xe9, 0xaf, 0x4d, 0xd3, 0x02, 0x93, 0x9a, 0x31, 0x5b, 0x97, 0x92, 0x21, 0x7f, 0xf0, 0xcf, 0x18, 0xda, 0x91, 0x11, 0x02, 0x34, 0x86, 0xe8, 0x20, 0x58, 0x33, 0x0b, 0x80, 0x34, 0x89, 0xd8 }; const byte d[] = { 0x45, 0xb6, 0x69, 0x02, 0x73, 0x9c, 0x6c, 0x85, 0xa1, 0x38, 0x5b, 0x72, 0xe8, 0xe8, 0xc7, 0xac, 0xc4, 0x03, 0x8d, 0x53, 0x35, 0x04, 0xfa, 0x6c, 0x28, 0xdc, 0x34, 0x8d, 0xe1, 0xa8, 0x09, 0x8c }; #ifdef WOLFSSL_VALIDATE_ECC_IMPORT const byte nullBytes[32] = {0}; #endif int curveId = ECC_SECP256R1; int ret; ret = wc_ecc_init(&key); if (ret == 0) { ret = wc_ecc_import_unsigned(&key, (byte*)qx, (byte*)qy, (byte*)d, curveId); } /* Test bad args. */ if (ret == 0) { ret = wc_ecc_import_unsigned(NULL, (byte*)qx, (byte*)qy, (byte*)d, curveId); if (ret == BAD_FUNC_ARG) { ret = wc_ecc_import_unsigned(&key, NULL, (byte*)qy, (byte*)d, curveId); } if (ret == BAD_FUNC_ARG) { ret = wc_ecc_import_unsigned(&key, (byte*)qx, NULL, (byte*)d, curveId); } if (ret == BAD_FUNC_ARG) { ret = wc_ecc_import_unsigned(&key, (byte*)qx, (byte*)qy, (byte*)d, ECC_CURVE_INVALID); } #ifdef WOLFSSL_VALIDATE_ECC_IMPORT if (ret == BAD_FUNC_ARG) { ret = wc_ecc_import_unsigned(&key, (byte*)nullBytes, (byte*)nullBytes, (byte*)nullBytes, curveId); } #endif if (ret == BAD_FUNC_ARG || ret == ECC_INF_E) { ret = 0; } } wc_ecc_free(&key); res = TEST_RES_CHECK(ret == 0); #endif return res; } /* END test_wc_ecc_import_unsigned */ /* * Testing wc_ecc_sig_size() */ static int test_wc_ecc_sig_size(void) { int res = TEST_SKIPPED; #if defined(HAVE_ECC) && !defined(WC_NO_RNG) ecc_key key; WC_RNG rng; int keySz = KEY16; int ret = 0; XMEMSET(&rng, 0, sizeof(rng)); XMEMSET(&key, 0, sizeof(key)); ret = wc_InitRng(&rng); if (ret == 0) { ret = wc_ecc_init(&key); if (ret == 0) { ret = wc_ecc_make_key(&rng, keySz, &key); #if defined(WOLFSSL_ASYNC_CRYPT) ret = wc_AsyncWait(ret, &key.asyncDev, WC_ASYNC_FLAG_NONE); #endif } } if (ret == 0) { ret = wc_ecc_sig_size(&key); if (ret <= (2 * keySz + SIG_HEADER_SZ + ECC_MAX_PAD_SZ)) { ret = 0; } } if (wc_FreeRng(&rng) && ret == 0) { ret = WOLFSSL_FATAL_ERROR; } wc_ecc_free(&key); res = TEST_RES_CHECK(ret == 0); #endif return res; } /* END test_wc_ecc_sig_size */ /* * Testing wc_ecc_ctx_new() */ static int test_wc_ecc_ctx_new(void) { int res = TEST_SKIPPED; #if defined(HAVE_ECC) && defined(HAVE_ECC_ENCRYPT) && !defined(WC_NO_RNG) WC_RNG rng; int ret = 0; ecEncCtx* cli = NULL; ecEncCtx* srv = NULL; ret = wc_InitRng(&rng); if (ret == 0) { cli = wc_ecc_ctx_new(REQ_RESP_CLIENT, &rng); srv = wc_ecc_ctx_new(REQ_RESP_SERVER, &rng); } if (ret == 0 && (cli == NULL || srv == NULL)) { ret = WOLFSSL_FATAL_ERROR; } wc_ecc_ctx_free(cli); wc_ecc_ctx_free(srv); /* Test bad args. */ if (ret == 0) { /* wc_ecc_ctx_new_ex() will free if returned NULL. */ cli = wc_ecc_ctx_new(0, &rng); if (cli != NULL) { ret = WOLFSSL_FATAL_ERROR; } cli = wc_ecc_ctx_new(REQ_RESP_CLIENT, NULL); if (cli != NULL) { ret = WOLFSSL_FATAL_ERROR; } } if (wc_FreeRng(&rng) && ret == 0) { ret = WOLFSSL_FATAL_ERROR; } wc_ecc_ctx_free(cli); res = TEST_RES_CHECK(ret == 0); #endif return res; } /* END test_wc_ecc_ctx_new */ /* * Tesing wc_ecc_reset() */ static int test_wc_ecc_ctx_reset(void) { int res = TEST_SKIPPED; #if defined(HAVE_ECC) && defined(HAVE_ECC_ENCRYPT) && !defined(WC_NO_RNG) ecEncCtx* ctx = NULL; WC_RNG rng; int ret = 0; ret = wc_InitRng(&rng); if (ret == 0) { if ( (ctx = wc_ecc_ctx_new(REQ_RESP_CLIENT, &rng)) == NULL ) { ret = WOLFSSL_FATAL_ERROR; } } if (ret == 0) { ret = wc_ecc_ctx_reset(ctx, &rng); } /* Pass in bad args. */ if (ret == 0) { ret = wc_ecc_ctx_reset(NULL, &rng); if (ret == BAD_FUNC_ARG) { ret = wc_ecc_ctx_reset(ctx, NULL); } if (ret == BAD_FUNC_ARG) { ret = 0; } else if (ret == 0) { ret = WOLFSSL_FATAL_ERROR; } } if (wc_FreeRng(&rng) && ret == 0) { ret = WOLFSSL_FATAL_ERROR; } wc_ecc_ctx_free(ctx); res = TEST_RES_CHECK(ret == 0); #endif return res; } /* END test_wc_ecc_ctx_reset */ /* * Testing wc_ecc_ctx_set_peer_salt() and wc_ecc_ctx_get_own_salt() */ static int test_wc_ecc_ctx_set_peer_salt(void) { int res = TEST_SKIPPED; #if defined(HAVE_ECC) && defined(HAVE_ECC_ENCRYPT) && !defined(WC_NO_RNG) WC_RNG rng; ecEncCtx* cliCtx = NULL; ecEncCtx* servCtx = NULL; const byte* cliSalt = NULL; const byte* servSalt = NULL; int ret = 0; ret = wc_InitRng(&rng); if (ret == 0) { if ( ( (cliCtx = wc_ecc_ctx_new(REQ_RESP_CLIENT, &rng)) == NULL ) || ( (servCtx = wc_ecc_ctx_new(REQ_RESP_SERVER, &rng)) == NULL) ) { ret = WOLFSSL_FATAL_ERROR; } } /* Test bad args. */ if (ret == 0) { cliSalt = wc_ecc_ctx_get_own_salt(NULL); if (cliSalt != NULL) { ret = WOLFSSL_FATAL_ERROR; } } if (ret == 0) { cliSalt = wc_ecc_ctx_get_own_salt(cliCtx); servSalt = wc_ecc_ctx_get_own_salt(servCtx); if (cliSalt == NULL || servSalt == NULL) { ret = WOLFSSL_FATAL_ERROR; } } if (ret == 0) { ret = wc_ecc_ctx_set_peer_salt(cliCtx, servSalt); } /* Test bad args. */ if (ret == 0) { ret = wc_ecc_ctx_set_peer_salt(NULL, servSalt); if (ret == BAD_FUNC_ARG) { ret = wc_ecc_ctx_set_peer_salt(cliCtx, NULL); } if (ret == BAD_FUNC_ARG) { ret = 0; } else if (ret == 0) { ret = WOLFSSL_FATAL_ERROR; } } if (wc_FreeRng(&rng) && ret == 0) { ret = WOLFSSL_FATAL_ERROR; } wc_ecc_ctx_free(cliCtx); wc_ecc_ctx_free(servCtx); res = TEST_RES_CHECK(ret == 0); #endif return res; } /* END test_wc_ecc_ctx_set_peer_salt */ /* * Testing wc_ecc_ctx_set_info() */ static int test_wc_ecc_ctx_set_info(void) { int res = TEST_SKIPPED; #if defined(HAVE_ECC) && defined(HAVE_ECC_ENCRYPT) && !defined(WC_NO_RNG) ecEncCtx* ctx = NULL; WC_RNG rng; int ret; const char* optInfo = "Optional Test Info."; int optInfoSz = (int)XSTRLEN(optInfo); const char* badOptInfo = NULL; ret = wc_InitRng(&rng); if ( (ctx = wc_ecc_ctx_new(REQ_RESP_CLIENT, &rng)) == NULL || ret != 0 ) { ret = WOLFSSL_FATAL_ERROR; } if (ret == 0) { ret = wc_ecc_ctx_set_info(ctx, (byte*)optInfo, optInfoSz); } /* Test bad args. */ if (ret == 0) { ret = wc_ecc_ctx_set_info(NULL, (byte*)optInfo, optInfoSz); if (ret == BAD_FUNC_ARG) { ret = wc_ecc_ctx_set_info(ctx, (byte*)badOptInfo, optInfoSz); } if (ret == BAD_FUNC_ARG) { ret = wc_ecc_ctx_set_info(ctx, (byte*)optInfo, -1); } if (ret == BAD_FUNC_ARG) { ret = 0; } else if (ret == 0) { ret = WOLFSSL_FATAL_ERROR; } } if (wc_FreeRng(&rng) && ret == 0) { ret = WOLFSSL_FATAL_ERROR; } wc_ecc_ctx_free(ctx); res = TEST_RES_CHECK(ret == 0); #endif return res; } /* END test_wc_ecc_ctx_set_info */ /* * Testing wc_ecc_encrypt() and wc_ecc_decrypt() */ static int test_wc_ecc_encryptDecrypt(void) { int res = TEST_SKIPPED; #if defined(HAVE_ECC) && defined(HAVE_ECC_ENCRYPT) && !defined(WC_NO_RNG) && \ defined(HAVE_AES_CBC) && defined(WOLFSSL_AES_128) ecc_key srvKey, cliKey, tmpKey; WC_RNG rng; int ret; const char* msg = "EccBlock Size 16"; word32 msgSz = (word32)XSTRLEN("EccBlock Size 16"); #ifdef WOLFSSL_ECIES_OLD byte out[(sizeof("EccBlock Size 16") - 1) + WC_SHA256_DIGEST_SIZE]; #elif defined(WOLFSSL_ECIES_GEN_IV) byte out[KEY20 * 2 + 1 + AES_BLOCK_SIZE + (sizeof("EccBlock Size 16") - 1) + WC_SHA256_DIGEST_SIZE]; #else byte out[KEY20 * 2 + 1 + (sizeof("EccBlock Size 16") - 1) + WC_SHA256_DIGEST_SIZE]; #endif word32 outSz = (word32)sizeof(out); byte plain[sizeof("EccBlock Size 16")]; word32 plainSz = (word32)sizeof(plain); int keySz = KEY20; /* Init stack variables. */ XMEMSET(out, 0, outSz); XMEMSET(plain, 0, plainSz); XMEMSET(&rng, 0, sizeof(rng)); XMEMSET(&srvKey, 0, sizeof(srvKey)); XMEMSET(&cliKey, 0, sizeof(cliKey)); ret = wc_InitRng(&rng); if (ret == 0) { ret = wc_ecc_init(&cliKey); if (ret == 0) { ret = wc_ecc_make_key(&rng, keySz, &cliKey); #if defined(WOLFSSL_ASYNC_CRYPT) ret = wc_AsyncWait(ret, &cliKey.asyncDev, WC_ASYNC_FLAG_NONE); #endif } if (ret == 0) { ret = wc_ecc_init(&srvKey); } if (ret == 0) { ret = wc_ecc_make_key(&rng, keySz, &srvKey); #if defined(WOLFSSL_ASYNC_CRYPT) ret = wc_AsyncWait(ret, &srvKey.asyncDev, WC_ASYNC_FLAG_NONE); #endif } if (ret == 0) { ret = wc_ecc_init(&tmpKey); } } #if defined(ECC_TIMING_RESISTANT) && (!defined(HAVE_FIPS) || \ (!defined(HAVE_FIPS_VERSION) || (HAVE_FIPS_VERSION != 2))) && \ !defined(HAVE_SELFTEST) if (ret == 0) { ret = wc_ecc_set_rng(&srvKey, &rng); } if (ret == 0) { ret = wc_ecc_set_rng(&cliKey, &rng); } #endif if (ret == 0) { ret = wc_ecc_encrypt(&cliKey, &srvKey, (byte*)msg, msgSz, out, &outSz, NULL); } if (ret == 0) { ret = wc_ecc_encrypt(NULL, &srvKey, (byte*)msg, msgSz, out, &outSz, NULL); if (ret == BAD_FUNC_ARG) { ret = wc_ecc_encrypt(&cliKey, NULL, (byte*)msg, msgSz, out, &outSz, NULL); } if (ret == BAD_FUNC_ARG) { ret = wc_ecc_encrypt(&cliKey, &srvKey, NULL, msgSz, out, &outSz, NULL); } if (ret == BAD_FUNC_ARG) { ret = wc_ecc_encrypt(&cliKey, &srvKey, (byte*)msg, msgSz, NULL, &outSz, NULL); } if (ret == BAD_FUNC_ARG) { ret = wc_ecc_encrypt(&cliKey, &srvKey, (byte*)msg, msgSz, out, NULL, NULL); } if (ret == BAD_FUNC_ARG) { ret = 0; } else if (ret == 0) { ret = WOLFSSL_FATAL_ERROR; } } #ifdef WOLFSSL_ECIES_OLD if (ret == 0) { tmpKey.dp = cliKey.dp; ret = wc_ecc_copy_point(&cliKey.pubkey, &tmpKey.pubkey); } #endif if (ret == 0) { ret = wc_ecc_decrypt(&srvKey, &tmpKey, out, outSz, plain, &plainSz, NULL); } if (ret == 0) { ret = wc_ecc_decrypt(NULL, &tmpKey, out, outSz, plain, &plainSz, NULL); #ifdef WOLFSSL_ECIES_OLD /* NULL parameter allowed in new implementations - public key comes from * the message. */ if (ret == BAD_FUNC_ARG) { ret = wc_ecc_decrypt(&srvKey, NULL, out, outSz, plain, &plainSz, NULL); } #endif if (ret == BAD_FUNC_ARG) { ret = wc_ecc_decrypt(&srvKey, &tmpKey, NULL, outSz, plain, &plainSz, NULL); } if (ret == BAD_FUNC_ARG) { ret = wc_ecc_decrypt(&srvKey, &tmpKey, out, outSz, NULL, &plainSz, NULL); } if (ret == BAD_FUNC_ARG) { ret = wc_ecc_decrypt(&srvKey, &tmpKey, out, outSz, plain, NULL, NULL); } if (ret == BAD_FUNC_ARG) { ret = 0; } else if (ret == 0) { ret = WOLFSSL_FATAL_ERROR; } } if (XMEMCMP(msg, plain, msgSz) != 0) { ret = WOLFSSL_FATAL_ERROR; } if (wc_FreeRng(&rng) && ret == 0) { ret = WOLFSSL_FATAL_ERROR; } wc_ecc_free(&tmpKey); wc_ecc_free(&cliKey); wc_ecc_free(&srvKey); res = TEST_RES_CHECK(ret == 0); #endif return res; } /* END test_wc_ecc_encryptDecrypt */ /* * Testing wc_ecc_del_point() and wc_ecc_new_point() */ static int test_wc_ecc_del_point(void) { int res = TEST_SKIPPED; #if defined(HAVE_ECC) ecc_point* pt; pt = wc_ecc_new_point(); wc_ecc_del_point(pt); res = TEST_RES_CHECK(pt != NULL); #endif return res; } /* END test_wc_ecc_del_point */ /* * Testing wc_ecc_point_is_at_infinity(), wc_ecc_export_point_der(), * wc_ecc_import_point_der(), wc_ecc_copy_point(), wc_ecc_point_is_on_curve(), * and wc_ecc_cmp_point() */ static int test_wc_ecc_pointFns(void) { int res = TEST_SKIPPED; #if defined(HAVE_ECC) && defined(HAVE_ECC_KEY_EXPORT) && \ !defined(WC_NO_RNG) && !defined(WOLFSSL_ATECC508A) && \ !defined(WOLFSSL_ATECC608A) ecc_key key; WC_RNG rng; int ret; ecc_point* point = NULL; ecc_point* cpypt = NULL; int idx = 0; int keySz = KEY32; byte der[DER_SZ(KEY32)]; word32 derlenChk = 0; word32 derSz = DER_SZ(KEY32); /* Init stack variables. */ XMEMSET(der, 0, derSz); XMEMSET(&rng, 0, sizeof(rng)); XMEMSET(&key, 0, sizeof(key)); ret = wc_InitRng(&rng); if (ret == 0) { ret = wc_ecc_init(&key); if (ret == 0) { ret = wc_ecc_make_key(&rng, keySz, &key); #if defined(WOLFSSL_ASYNC_CRYPT) ret = wc_AsyncWait(ret, &key.asyncDev, WC_ASYNC_FLAG_NONE); #endif } } if (ret == 0) { point = wc_ecc_new_point(); if (!point) { ret = WOLFSSL_FATAL_ERROR; } } if (ret == 0) { cpypt = wc_ecc_new_point(); if (!cpypt) { ret = WOLFSSL_FATAL_ERROR; } } /* Export */ if (ret == 0) { ret = wc_ecc_export_point_der((idx = key.idx), &key.pubkey, NULL, &derlenChk); /* Check length value. */ if (derSz == derlenChk && ret == LENGTH_ONLY_E) { ret = wc_ecc_export_point_der((idx = key.idx), &key.pubkey, der, &derSz); } } /* Test bad args. */ if (ret == 0) { ret = wc_ecc_export_point_der(-2, &key.pubkey, der, &derSz); if (ret == ECC_BAD_ARG_E) { ret = wc_ecc_export_point_der((idx = key.idx), NULL, der, &derSz); } if (ret == ECC_BAD_ARG_E) { ret = wc_ecc_export_point_der((idx = key.idx), &key.pubkey, der, NULL); } if (ret == ECC_BAD_ARG_E) { ret = 0; } else if (ret == 0) { ret = WOLFSSL_FATAL_ERROR; } } /* Import */ if (ret == 0) { ret = wc_ecc_import_point_der(der, derSz, idx, point); /* Condition double checks wc_ecc_cmp_point(). */ if (ret == 0 && XMEMCMP((void *)&key.pubkey, (void *)point, sizeof(key.pubkey))) { ret = wc_ecc_cmp_point(&key.pubkey, point); } } /* Test bad args. */ if (ret == 0) { ret = wc_ecc_import_point_der(NULL, derSz, idx, point); if (ret == ECC_BAD_ARG_E) { ret = wc_ecc_import_point_der(der, derSz, idx, NULL); } if (ret == ECC_BAD_ARG_E) { ret = wc_ecc_import_point_der(der, derSz, -1, point); } if (ret == ECC_BAD_ARG_E) { ret = wc_ecc_import_point_der(der, derSz + 1, idx, point); } if (ret == ECC_BAD_ARG_E) { ret = 0; } else if (ret == 0) { ret = WOLFSSL_FATAL_ERROR; } } /* Copy */ if (ret == 0) { ret = wc_ecc_copy_point(point, cpypt); } /* Test bad args. */ if (ret == 0) { ret = wc_ecc_copy_point(NULL, cpypt); if (ret == ECC_BAD_ARG_E) { ret = wc_ecc_copy_point(point, NULL); } if (ret == ECC_BAD_ARG_E) { ret = 0; } else if (ret == 0) { ret = WOLFSSL_FATAL_ERROR; } } /* Compare point */ if (ret == 0) { ret = wc_ecc_cmp_point(point, cpypt); } /* Test bad args. */ if (ret == 0) { ret = wc_ecc_cmp_point(NULL, cpypt); if (ret == BAD_FUNC_ARG) { ret = wc_ecc_cmp_point(point, NULL); } if (ret == BAD_FUNC_ARG) { ret = 0; } else if (ret == 0) { ret = WOLFSSL_FATAL_ERROR; } } /* At infinity if return == 1, otherwise return == 0. */ if (ret == 0) { ret = wc_ecc_point_is_at_infinity(point); } /* Test bad args. */ if (ret == 0) { ret = wc_ecc_point_is_at_infinity(NULL); if (ret == BAD_FUNC_ARG) { ret = 0; } else if (ret == 0) { ret = WOLFSSL_FATAL_ERROR; } } #if !defined(HAVE_SELFTEST) && (!defined(HAVE_FIPS) || \ (defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION>2))) #ifdef USE_ECC_B_PARAM /* On curve if ret == 0 */ if (ret == 0) { ret = wc_ecc_point_is_on_curve(point, idx); } /* Test bad args. */ if (ret == 0) { ret = wc_ecc_point_is_on_curve(NULL, idx); if (ret == BAD_FUNC_ARG) { ret = wc_ecc_point_is_on_curve(point, 1000); } if (ret == ECC_BAD_ARG_E) { ret = 0; } else if (ret == 0) { ret = WOLFSSL_FATAL_ERROR; } } #endif /* USE_ECC_B_PARAM */ #endif /* !HAVE_SELFTEST && (!HAVE_FIPS || HAVE_FIPS_VERSION > 2) */ /* Free */ wc_ecc_del_point(point); wc_ecc_del_point(cpypt); wc_ecc_free(&key); if (wc_FreeRng(&rng) && ret == 0) { ret = WOLFSSL_FATAL_ERROR; } res = TEST_RES_CHECK(ret == 0); #endif return res; } /* END test_wc_ecc_pointFns */ /* * Testing wc_ecc_sahred_secret_ssh() */ static int test_wc_ecc_shared_secret_ssh(void) { int res = TEST_SKIPPED; #if defined(HAVE_ECC) && defined(HAVE_ECC_DHE) && \ !defined(WC_NO_RNG) && !defined(WOLFSSL_ATECC508A) && \ !defined(WOLFSSL_ATECC608A) ecc_key key, key2; WC_RNG rng; int ret; int keySz = KEY32; int key2Sz = KEY24; byte secret[KEY32]; word32 secretLen = keySz; /* Init stack variables. */ XMEMSET(secret, 0, secretLen); XMEMSET(&rng, 0, sizeof(rng)); XMEMSET(&key, 0, sizeof(key)); XMEMSET(&key2, 0, sizeof(key2)); /* Make keys */ ret = wc_InitRng(&rng); if (ret == 0) { ret = wc_ecc_init(&key); if (ret == 0) { ret = wc_ecc_make_key(&rng, keySz, &key); #if defined(WOLFSSL_ASYNC_CRYPT) ret = wc_AsyncWait(ret, &key.asyncDev, WC_ASYNC_FLAG_NONE); #endif } if (wc_FreeRng(&rng) && ret == 0) { ret = WOLFSSL_FATAL_ERROR; } } if (ret == 0) { ret = wc_InitRng(&rng); if (ret == 0) { ret = wc_ecc_init(&key2); } if (ret == 0) { ret = wc_ecc_make_key(&rng, key2Sz, &key2); #if defined(WOLFSSL_ASYNC_CRYPT) ret = wc_AsyncWait(ret, &key2.asyncDev, WC_ASYNC_FLAG_NONE); #endif } } #if defined(ECC_TIMING_RESISTANT) && (!defined(HAVE_FIPS) || \ (!defined(HAVE_FIPS_VERSION) || (HAVE_FIPS_VERSION != 2))) && \ !defined(HAVE_SELFTEST) if (ret == 0) { ret = wc_ecc_set_rng(&key, &rng); } #endif if (ret == 0) { ret = wc_ecc_shared_secret_ssh(&key, &key2.pubkey, secret, &secretLen); } /* Pass in bad args. */ if (ret == 0) { ret = wc_ecc_shared_secret_ssh(NULL, &key2.pubkey, secret, &secretLen); if (ret == BAD_FUNC_ARG) { ret = wc_ecc_shared_secret_ssh(&key, NULL, secret, &secretLen); } if (ret == BAD_FUNC_ARG) { ret = wc_ecc_shared_secret_ssh(&key, &key2.pubkey, NULL, &secretLen); } if (ret == BAD_FUNC_ARG) { ret = wc_ecc_shared_secret_ssh(&key, &key2.pubkey, secret, NULL); } if (ret == BAD_FUNC_ARG) { key.type = ECC_PUBLICKEY; ret = wc_ecc_shared_secret_ssh(&key, &key2.pubkey, secret, &secretLen); if (ret == ECC_BAD_ARG_E) { ret = 0; } else if (ret == 0) { ret = WOLFSSL_FATAL_ERROR; } } else if (ret == 0) { ret = WOLFSSL_FATAL_ERROR; } } if (wc_FreeRng(&rng) && ret == 0) { ret = WOLFSSL_FATAL_ERROR; } wc_ecc_free(&key); wc_ecc_free(&key2); #ifdef FP_ECC wc_ecc_fp_free(); #endif res = TEST_RES_CHECK(ret == 0); #endif return res; } /* END test_wc_ecc_shared_secret_ssh */ /* * Testing wc_ecc_verify_hash_ex() and wc_ecc_verify_hash_ex() */ static int test_wc_ecc_verify_hash_ex(void) { int res = TEST_SKIPPED; #if defined(HAVE_ECC) && defined(HAVE_ECC_SIGN) && defined(WOLFSSL_PUBLIC_MP) \ && !defined(WC_NO_RNG) && !defined(WOLFSSL_ATECC508A) && \ !defined(WOLFSSL_ATECC608A) && !defined(WOLFSSL_KCAPI_ECC) ecc_key key; WC_RNG rng; int ret; mp_int r; mp_int s; mp_int z; unsigned char hash[] = "Everyone gets Friday off.EccSig"; unsigned char iHash[] = "Everyone gets Friday off......."; unsigned char shortHash[] = TEST_STRING; word32 hashlen = sizeof(hash); word32 iHashLen = sizeof(iHash); word32 shortHashLen = sizeof(shortHash); int keySz = KEY32; int sig = WOLFSSL_FATAL_ERROR; int ver = WOLFSSL_FATAL_ERROR; int verify_ok = 0; /* Initialize r and s. */ ret = mp_init_multi(&r, &s, &z, NULL, NULL, NULL); if (ret != MP_OKAY) { return MP_INIT_E; } ret = wc_InitRng(&rng); if (ret == 0) { ret = wc_ecc_init(&key); if (ret == 0) { ret = wc_ecc_make_key(&rng, keySz, &key); #if defined(WOLFSSL_ASYNC_CRYPT) ret = wc_AsyncWait(ret, &key.asyncDev, WC_ASYNC_FLAG_NONE); #endif } } if (ret == 0) { ret = wc_ecc_sign_hash_ex(hash, hashlen, &rng, &key, &r, &s); if (ret == 0) { /* verify_ok should be 1. */ ret = wc_ecc_verify_hash_ex(&r, &s, hash, hashlen, &verify_ok, &key); if (verify_ok != 1 && ret == 0) { ret = WOLFSSL_FATAL_ERROR; } } if (ret == 0) { /* verify_ok should be 0 */ ret = wc_ecc_verify_hash_ex(&r, &s, iHash, iHashLen, &verify_ok, &key); if (verify_ok != 0 && ret == 0) { ret = WOLFSSL_FATAL_ERROR; } } if (ret == 0) { /* verify_ok should be 0. */ ret = wc_ecc_verify_hash_ex(&r, &s, shortHash, shortHashLen, &verify_ok, &key); if (verify_ok != 0 && ret == 0) { ret = WOLFSSL_FATAL_ERROR; } } } /* Test bad args. */ if (ret == 0) { if (wc_ecc_sign_hash_ex(NULL, hashlen, &rng, &key, &r, &s) == ECC_BAD_ARG_E) { sig = 0; } if (sig == 0 && wc_ecc_sign_hash_ex(hash, hashlen, NULL, &key, &r, &s) != ECC_BAD_ARG_E) { sig = WOLFSSL_FATAL_ERROR; } if (sig == 0 && wc_ecc_sign_hash_ex(hash, hashlen, &rng, NULL, &r, &s) != ECC_BAD_ARG_E) { sig = WOLFSSL_FATAL_ERROR; } if (sig == 0 && wc_ecc_sign_hash_ex(hash, hashlen, &rng, &key, NULL, &s) != ECC_BAD_ARG_E) { sig = WOLFSSL_FATAL_ERROR; } if (sig == 0 && wc_ecc_sign_hash_ex(hash, hashlen, &rng, &key, &r, NULL) != ECC_BAD_ARG_E) { sig = WOLFSSL_FATAL_ERROR; } } /* Test bad args. */ if (ret == 0) { if (wc_ecc_verify_hash_ex(NULL, &s, shortHash, shortHashLen, &verify_ok, &key) == ECC_BAD_ARG_E) { ver = 0; } if (ver == 0 && wc_ecc_verify_hash_ex(&r, NULL, shortHash, shortHashLen, &verify_ok, &key) != ECC_BAD_ARG_E) { ver = WOLFSSL_FATAL_ERROR; } if (wc_ecc_verify_hash_ex(&z, &s, shortHash, shortHashLen, &verify_ok, &key) != MP_ZERO_E) { ver = WOLFSSL_FATAL_ERROR; } if (wc_ecc_verify_hash_ex(&r, &z, shortHash, shortHashLen, &verify_ok, &key) != MP_ZERO_E) { ver = WOLFSSL_FATAL_ERROR; } if (wc_ecc_verify_hash_ex(&z, &z, shortHash, shortHashLen, &verify_ok, &key) != MP_ZERO_E) { ver = WOLFSSL_FATAL_ERROR; } if (ver == 0 && wc_ecc_verify_hash_ex(&r, &s, NULL, shortHashLen, &verify_ok, &key) != ECC_BAD_ARG_E) { ver = WOLFSSL_FATAL_ERROR; } if (ver == 0 && wc_ecc_verify_hash_ex(&r, &s, shortHash, shortHashLen, NULL, &key) != ECC_BAD_ARG_E) { ver = WOLFSSL_FATAL_ERROR; } if (ver == 0 && wc_ecc_verify_hash_ex(&r, &s, shortHash, shortHashLen, &verify_ok, NULL) != ECC_BAD_ARG_E) { ver = WOLFSSL_FATAL_ERROR; } } wc_ecc_free(&key); mp_free(&r); mp_free(&s); if (wc_FreeRng(&rng)) { return WOLFSSL_FATAL_ERROR; } if (ret == 0 && (sig != 0 || ver != 0)) { ret = WOLFSSL_FATAL_ERROR; } res = TEST_RES_CHECK(ret == 0); #endif return res; } /* END test_wc_ecc_verify_hash_ex */ /* * Testing wc_ecc_mulmod() */ static int test_wc_ecc_mulmod(void) { int res = TEST_SKIPPED; #if defined(HAVE_ECC) && !defined(WC_NO_RNG) && \ !(defined(WOLFSSL_ATECC508A) || defined(WOLFSSL_ATECC608A) || \ defined(WOLFSSL_VALIDATE_ECC_IMPORT)) ecc_key key1, key2, key3; WC_RNG rng; int ret = 0; ret = wc_InitRng(&rng); if (ret == 0) { ret = wc_ecc_init(&key1); if (ret == 0) { ret = wc_ecc_init(&key2); } if (ret == 0) { ret = wc_ecc_init(&key3); } if (ret == 0) { ret = wc_ecc_make_key(&rng, KEY32, &key1); #if defined(WOLFSSL_ASYNC_CRYPT) ret = wc_AsyncWait(ret, &key1.asyncDev, WC_ASYNC_FLAG_NONE); #endif } wc_FreeRng(&rng); } if (ret == 0) { ret = wc_ecc_import_raw_ex(&key2, key1.dp->Gx, key1.dp->Gy, key1.dp->Af, ECC_SECP256R1); if (ret == 0) { ret = wc_ecc_import_raw_ex(&key3, key1.dp->Gx, key1.dp->Gy, key1.dp->prime, ECC_SECP256R1); } } if (ret == 0) { ret = wc_ecc_mulmod(&key1.k, &key2.pubkey, &key3.pubkey, &key2.k, &key3.k, 1); } /* Test bad args. */ if (ret == 0) { ret = wc_ecc_mulmod(NULL, &key2.pubkey, &key3.pubkey, &key2.k, &key3.k, 1); if (ret == ECC_BAD_ARG_E) { ret = wc_ecc_mulmod(&key1.k, NULL, &key3.pubkey, &key2.k, &key3.k, 1); } if (ret == ECC_BAD_ARG_E) { ret = wc_ecc_mulmod(&key1.k, &key2.pubkey, NULL, &key2.k, &key3.k, 1); } if (ret == ECC_BAD_ARG_E) { ret = wc_ecc_mulmod(&key1.k, &key2.pubkey, &key3.pubkey, &key2.k, NULL, 1); } if (ret == ECC_BAD_ARG_E) { ret = 0; } else if (ret == 0) { ret = WOLFSSL_FATAL_ERROR; } } wc_ecc_free(&key1); wc_ecc_free(&key2); wc_ecc_free(&key3); #ifdef FP_ECC wc_ecc_fp_free(); #endif res = TEST_RES_CHECK(ret == 0); #endif /* HAVE_ECC && !WOLFSSL_ATECC508A */ return res; } /* END test_wc_ecc_mulmod */ /* * Testing wc_ecc_is_valid_idx() */ static int test_wc_ecc_is_valid_idx(void) { int res = TEST_SKIPPED; #if defined(HAVE_ECC) && !defined(WC_NO_RNG) ecc_key key; WC_RNG rng; int ret; int iVal = -2; int iVal2 = 3000; XMEMSET(&rng, 0, sizeof(rng)); XMEMSET(&key, 0, sizeof(key)); ret = wc_InitRng(&rng); if (ret == 0) { ret = wc_ecc_init(&key); if (ret == 0) { ret = wc_ecc_make_key(&rng, 32, &key); #if defined(WOLFSSL_ASYNC_CRYPT) ret = wc_AsyncWait(ret, &key.asyncDev, WC_ASYNC_FLAG_NONE); #endif } } if (ret == 0) { ret = wc_ecc_is_valid_idx(key.idx); if (ret == 1) { ret = 0; } else { ret = WOLFSSL_FATAL_ERROR; } } /* Test bad args. */ if (ret == 0) { ret = wc_ecc_is_valid_idx(iVal); /* should return 0 */ if (ret == 0) { ret = wc_ecc_is_valid_idx(iVal2); } if (ret != 0) { ret = WOLFSSL_FATAL_ERROR; } } if (wc_FreeRng(&rng) && ret == 0) { ret = WOLFSSL_FATAL_ERROR; } wc_ecc_free(&key); #ifdef FP_ECC wc_ecc_fp_free(); #endif res = TEST_RES_CHECK(ret == 0); #endif return res; } /* END test_wc_ecc_is_valid_idx */ /* * Testing wc_ecc_get_curve_id_from_oid() */ static int test_wc_ecc_get_curve_id_from_oid(void) { int res = TEST_SKIPPED; #if defined(HAVE_ECC) && !defined(NO_ECC256) && !defined(HAVE_SELFTEST) && \ !defined(HAVE_FIPS) const byte oid[] = {0x2A,0x86,0x48,0xCE,0x3D,0x03,0x01,0x07}; word32 len = sizeof(oid); int ret; /* Bad Cases */ ret = wc_ecc_get_curve_id_from_oid(NULL, len); if (ret == BAD_FUNC_ARG) { ret = 0; } if (ret == 0) { ret = wc_ecc_get_curve_id_from_oid(oid, 0); if (ret == ECC_CURVE_INVALID) { ret = 0; } } /* Good Case */ if (ret == 0) { ret = wc_ecc_get_curve_id_from_oid(oid, len); if (ret == ECC_SECP256R1) { ret = 0; } } res = TEST_RES_CHECK(ret == 0); #endif return res; }/* END test_wc_ecc_get_curve_id_from_oid */ /* * Testing wc_ecc_sig_size_calc() */ static int test_wc_ecc_sig_size_calc(void) { int res = TEST_SKIPPED; #if defined(HAVE_ECC) && !defined(WC_NO_RNG) && !defined(HAVE_SELFTEST) ecc_key key; WC_RNG rng; int sz = 0; int ret = 0; ret = wc_InitRng(&rng); if (ret == 0) { ret = wc_ecc_init(&key); if (ret == 0) { ret = wc_ecc_make_key(&rng, 16, &key); #if defined(WOLFSSL_ASYNC_CRYPT) ret = wc_AsyncWait(ret, &key.asyncDev, WC_ASYNC_FLAG_NONE); #endif } sz = key.dp->size; } if (ret == 0) { ret = wc_ecc_sig_size_calc(sz); if (ret > 0) { ret = 0; } } wc_ecc_free(&key); wc_FreeRng(&rng); res = TEST_RES_CHECK(ret == 0); #endif return res; } /* END test_wc_ecc_sig_size_calc */ /* * Testing ToTraditional */ static int test_ToTraditional(void) { int res = TEST_SKIPPED; #if !defined(NO_ASN) && (defined(HAVE_PKCS8) || defined(HAVE_PKCS12)) && \ (defined(WOLFSSL_TEST_CERT) || defined(OPENSSL_EXTRA) || \ defined(OPENSSL_EXTRA_X509_SMALL)) XFILE f; byte input[TWOK_BUF]; word32 sz; int ret; f = XFOPEN("./certs/server-keyPkcs8.der", "rb"); AssertTrue((f != XBADFILE)); sz = (word32)XFREAD(input, 1, sizeof(input), f); XFCLOSE(f); /* Good case */ ret = ToTraditional(input, sz); if (ret > 0) { ret = 0; } /* Bad cases */ if (ret == 0) { ret = ToTraditional(NULL, 0); if (ret == BAD_FUNC_ARG) { ret = 0; } } if (ret == 0) { ret = ToTraditional(NULL, sz); if (ret == BAD_FUNC_ARG) { ret = 0; } } if (ret == 0) { ret = ToTraditional(input, 0); if (ret == ASN_PARSE_E || ret == BUFFER_E) { ret = 0; } } res = TEST_RES_CHECK(ret == 0); #endif return res; }/* End test_ToTraditional*/ /* * Testing wc_EccPrivateKeyToDer */ static int test_wc_EccPrivateKeyToDer(void) { int res = TEST_SKIPPED; #if defined(HAVE_ECC) && defined(HAVE_ECC_KEY_EXPORT) && !defined(WC_NO_RNG) byte output[ONEK_BUF]; ecc_key eccKey; WC_RNG rng; word32 inLen; int ret; ret = wc_InitRng(&rng); if (ret == 0) { ret = wc_ecc_init(&eccKey); if (ret == 0) { ret = wc_ecc_make_key(&rng, KEY14, &eccKey); #if defined(WOLFSSL_ASYNC_CRYPT) ret = wc_AsyncWait(ret, &eccKey.asyncDev, WC_ASYNC_FLAG_NONE); #endif } inLen = (word32)sizeof(output); /* Bad Cases */ if (ret == 0) { ret = wc_EccPrivateKeyToDer(NULL, NULL, 0); if (ret == BAD_FUNC_ARG) { ret = 0; } } if (ret == 0) { ret = wc_EccPrivateKeyToDer(NULL, output, inLen); if (ret == BAD_FUNC_ARG) { ret = 0; } } if (ret == 0) { ret = wc_EccPrivateKeyToDer(&eccKey, NULL, inLen); if (ret == LENGTH_ONLY_E) { ret = 0; } } if (ret == 0) { ret = wc_EccPrivateKeyToDer(&eccKey, output, 0); if (ret == BAD_FUNC_ARG) { ret = 0; } } /*Good Case */ if (ret == 0) { ret = wc_EccPrivateKeyToDer(&eccKey, output, inLen); if (ret > 0) { #if defined(OPENSSL_EXTRA) && defined(HAVE_ALL_CURVES) /* test importing private only into a PKEY struct */ EC_KEY* ec; EVP_PKEY* pkey; const unsigned char* der = output; pkey = d2i_PrivateKey(EVP_PKEY_EC, NULL, &der, ret); AssertNotNull(pkey); der = output; ec = d2i_ECPrivateKey(NULL, &der, ret); AssertNotNull(ec); AssertIntEQ(EVP_PKEY_assign_EC_KEY(pkey, ec), SSL_SUCCESS); EVP_PKEY_free(pkey); /* EC_KEY should be free'd by free'ing pkey */ #endif ret = 0; } } wc_ecc_free(&eccKey); } wc_FreeRng(&rng); res = TEST_RES_CHECK(ret == 0); #endif return res; }/* End test_wc_EccPrivateKeyToDer*/ /* * Testing wc_DhPublicKeyDecode */ static int test_wc_DhPublicKeyDecode(void) { int res = TEST_SKIPPED; #ifndef NO_DH #if defined(WOLFSSL_DH_EXTRA) && defined(USE_CERT_BUFFERS_2048) DhKey key; word32 inOutIdx; AssertIntEQ(wc_InitDhKey(&key), 0); AssertIntEQ(wc_DhPublicKeyDecode(NULL,NULL,NULL,0), BAD_FUNC_ARG); AssertIntEQ(wc_DhPublicKeyDecode(dh_pub_key_der_2048,NULL,NULL,0), BAD_FUNC_ARG); AssertIntEQ(wc_DhPublicKeyDecode(dh_pub_key_der_2048,NULL,NULL,0), BAD_FUNC_ARG); inOutIdx = 0; AssertIntEQ(wc_DhPublicKeyDecode(dh_pub_key_der_2048,&inOutIdx,NULL, 0), BAD_FUNC_ARG); inOutIdx = 0; AssertIntEQ(wc_DhPublicKeyDecode(dh_pub_key_der_2048,&inOutIdx,&key, 0), BAD_FUNC_ARG); inOutIdx = 0; AssertIntEQ(wc_DhPublicKeyDecode(dh_pub_key_der_2048,&inOutIdx,&key, sizeof_dh_pub_key_der_2048), 0); AssertTrue(key.p.used != 0 && key.g.used != 0 && key.q.used == 0 && key.pub.used != 0 && key.priv.used == 0); wc_FreeDhKey(&key); res = TEST_RES_CHECK(1); #endif #endif /* !NO_DH */ return res; } /* * Testing wc_Ed25519KeyToDer */ static int test_wc_Ed25519KeyToDer(void) { int res = TEST_SKIPPED; #if defined(HAVE_ED25519) && defined(HAVE_ED25519_KEY_EXPORT) && \ (defined(WOLFSSL_CERT_GEN) || defined(WOLFSSL_KEY_GEN)) byte output[ONEK_BUF]; ed25519_key ed25519Key; WC_RNG rng; word32 inLen; int ret; ret = wc_InitRng(&rng); if (ret == 0) { ret = wc_ed25519_init(&ed25519Key); if (ret == 0) { ret = wc_ed25519_make_key(&rng, ED25519_KEY_SIZE, &ed25519Key); } inLen = (word32)sizeof(output); /* Bad Cases */ if (ret == 0) { ret = wc_Ed25519KeyToDer(NULL, NULL, 0); if (ret == BAD_FUNC_ARG) { ret = 0; } } if (ret == 0) { ret = wc_Ed25519KeyToDer(NULL, output, inLen); if (ret == BAD_FUNC_ARG) { ret = 0; } } if (ret == 0) { ret = wc_Ed25519KeyToDer(&ed25519Key, output, 0); if (ret == BAD_FUNC_ARG) { ret = 0; } } /* Good Cases */ if (ret == 0) { /* length only */ ret = wc_Ed25519KeyToDer(&ed25519Key, NULL, inLen); if (ret > 0) { ret = 0; } } if (ret == 0) { ret = wc_Ed25519KeyToDer(&ed25519Key, output, inLen); if (ret > 0) { ret = 0; } } wc_ed25519_free(&ed25519Key); } wc_FreeRng(&rng); res = TEST_RES_CHECK(ret == 0); #endif return res; }/* End test_wc_Ed25519KeyToDer*/ /* * Testing wc_Ed25519PrivateKeyToDer */ static int test_wc_Ed25519PrivateKeyToDer(void) { int res = TEST_SKIPPED; #if defined(HAVE_ED25519) && defined(HAVE_ED25519_KEY_EXPORT) && \ (defined(WOLFSSL_CERT_GEN) || defined(WOLFSSL_KEY_GEN)) byte output[ONEK_BUF]; ed25519_key ed25519PrivKey; WC_RNG rng; word32 inLen; int ret; ret = wc_InitRng(&rng); if (ret == 0) { ret = wc_ed25519_init(&ed25519PrivKey); if (ret == 0) { ret = wc_ed25519_make_key(&rng, ED25519_KEY_SIZE, &ed25519PrivKey); } inLen = (word32)sizeof(output); /* Bad Cases */ if (ret == 0) { ret = wc_Ed25519PrivateKeyToDer(NULL, NULL, 0); if (ret == BAD_FUNC_ARG) { ret = 0; } } if (ret == 0) { ret = wc_Ed25519PrivateKeyToDer(NULL, output, inLen); if (ret == BAD_FUNC_ARG) { ret = 0; } } if (ret == 0) { ret = wc_Ed25519PrivateKeyToDer(&ed25519PrivKey, output, 0); if (ret == BAD_FUNC_ARG) { ret = 0; } } /* Good Cases */ if (ret == 0) { /* length only */ ret = wc_Ed25519PrivateKeyToDer(&ed25519PrivKey, NULL, inLen); if (ret > 0) { ret = 0; } } if (ret == 0) { ret = wc_Ed25519PrivateKeyToDer(&ed25519PrivKey, output, inLen); if (ret > 0) { ret = 0; } } wc_ed25519_free(&ed25519PrivKey); } wc_FreeRng(&rng); res = TEST_RES_CHECK(ret == 0); #endif return res; }/* End test_wc_Ed25519PrivateKeyToDer*/ /* * Testing wc_Ed448KeyToDer */ static int test_wc_Ed448KeyToDer(void) { int res = TEST_SKIPPED; #if defined(HAVE_ED448) && defined(HAVE_ED448_KEY_EXPORT) && \ (defined(WOLFSSL_CERT_GEN) || defined(WOLFSSL_KEY_GEN)) byte output[ONEK_BUF]; ed448_key ed448Key; WC_RNG rng; word32 inLen; int ret; ret = wc_InitRng(&rng); if (ret == 0) { ret = wc_ed448_init(&ed448Key); if (ret == 0) { ret = wc_ed448_make_key(&rng, ED448_KEY_SIZE, &ed448Key); } inLen = sizeof(output); /* Bad Cases */ if (ret == 0) { ret = wc_Ed448KeyToDer(NULL, NULL, 0); if (ret == BAD_FUNC_ARG) { ret = 0; } } if (ret == 0) { ret = wc_Ed448KeyToDer(NULL, output, inLen); if (ret == BAD_FUNC_ARG) { ret = 0; } } if (ret == 0) { ret = wc_Ed448KeyToDer(&ed448Key, output, 0); if (ret == BAD_FUNC_ARG) { ret = 0; } } /* Good Cases */ if (ret == 0) { /* length only */ ret = wc_Ed448KeyToDer(&ed448Key, NULL, inLen); if (ret > 0) { ret = 0; } } if (ret == 0) { ret = wc_Ed448KeyToDer(&ed448Key, output, inLen); if (ret > 0) { ret = 0; } } wc_ed448_free(&ed448Key); } wc_FreeRng(&rng); res = TEST_RES_CHECK(ret == 0); #endif return res; }/* End test_wc_Ed448KeyToDer*/ /* * Testing wc_Ed448PrivateKeyToDer */ static int test_wc_Ed448PrivateKeyToDer(void) { int res = TEST_SKIPPED; #if defined(HAVE_ED448) && defined(HAVE_ED448_KEY_EXPORT) && \ (defined(WOLFSSL_CERT_GEN) || defined(WOLFSSL_KEY_GEN)) byte output[ONEK_BUF]; ed448_key ed448PrivKey; WC_RNG rng; word32 inLen; int ret; ret = wc_InitRng(&rng); if (ret == 0) { ret = wc_ed448_init(&ed448PrivKey); if (ret == 0) { ret = wc_ed448_make_key(&rng, ED448_KEY_SIZE, &ed448PrivKey); } inLen = sizeof(output); /* Bad Cases */ if (ret == 0) { ret = wc_Ed448PrivateKeyToDer(NULL, NULL, 0); if (ret == BAD_FUNC_ARG) { ret = 0; } } if (ret == 0) { ret = wc_Ed448PrivateKeyToDer(NULL, output, inLen); if (ret == BAD_FUNC_ARG) { ret = 0; } } if (ret == 0) { ret = wc_Ed448PrivateKeyToDer(&ed448PrivKey, output, 0); if (ret == BAD_FUNC_ARG) { ret = 0; } } /* Good cases */ if (ret == 0) { /* length only */ ret = wc_Ed448PrivateKeyToDer(&ed448PrivKey, NULL, inLen); if (ret > 0) { ret = 0; } } if (ret == 0) { ret = wc_Ed448PrivateKeyToDer(&ed448PrivKey, output, inLen); if (ret > 0) { ret = 0; } } wc_ed448_free(&ed448PrivKey); } wc_FreeRng(&rng); res = TEST_RES_CHECK(ret == 0); #endif return res; }/* End test_wc_Ed448PrivateKeyToDer*/ /* * Testing wc_SetSubjectBuffer */ static int test_wc_SetSubjectBuffer(void) { int res = TEST_SKIPPED; #if defined(WOLFSSL_CERT_GEN) && !defined(NO_RSA) && !defined(NO_FILESYSTEM) Cert cert; FILE* file; byte* der; word32 derSz; int ret = 0; derSz = FOURK_BUF; der = (byte*)XMALLOC(FOURK_BUF, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); if (der == NULL) { ret = -1; } if (ret == 0) { file = XFOPEN("./certs/ca-cert.der", "rb"); if (file != NULL) { derSz = (word32)XFREAD(der, 1, FOURK_BUF, file); XFCLOSE(file); } else { ret = -1; } } if (ret == 0) { ret = wc_InitCert(&cert); } if (ret == 0) { ret = wc_SetSubjectBuffer(&cert, der, derSz); } if (ret == 0) { ret = wc_SetSubjectBuffer(NULL, der, derSz); if (ret == BAD_FUNC_ARG) { ret = 0; } } XFREE(der, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); res = TEST_RES_CHECK(ret == 0); #endif return res; }/* End test_wc_SetSubjectBuffer*/ /* * Testing wc_SetSubjectKeyIdFromPublicKey_ex */ static int test_wc_SetSubjectKeyIdFromPublicKey_ex(void) { int res = TEST_SKIPPED; #if defined(WOLFSSL_CERT_EXT) && defined(WOLFSSL_CERT_GEN) WC_RNG rng; Cert cert; #if defined(HAVE_ED25519) && defined(HAVE_ED25519_KEY_EXPORT) ed25519_key ed25519Key; #endif #if !defined(NO_RSA) && defined(HAVE_RSA) RsaKey rsaKey; int bits = 2048; #endif #if defined(HAVE_ECC) ecc_key eccKey; #endif #if defined(HAVE_ED448) && defined(HAVE_ED448_KEY_EXPORT) ed448_key ed448Key; #endif int ret = 0; #ifndef HAVE_FIPS ret = wc_InitRng_ex(&rng, HEAP_HINT, testDevId); #else ret = wc_InitRng(&rng); #endif wc_InitCert(&cert); #if defined(HAVE_ED25519) && defined(HAVE_ED25519_KEY_EXPORT) if (ret == 0) { /*ED25519*/ ret = wc_ed25519_init(&ed25519Key); if (ret == 0) { ret = wc_ed25519_make_key(&rng, ED25519_KEY_SIZE, &ed25519Key); } if (ret == 0) { ret = wc_SetSubjectKeyIdFromPublicKey_ex(&cert, ED25519_TYPE, &ed25519Key); } wc_ed25519_free(&ed25519Key); } #endif #if !defined(NO_RSA) && defined(HAVE_RSA) && defined(WOLFSSL_KEY_GEN) if (ret == 0) { /*RSA*/ ret = wc_InitRsaKey(&rsaKey, HEAP_HINT); if (ret == 0) { MAKE_RSA_KEY(&rsaKey, bits, WC_RSA_EXPONENT, &rng); } if (ret == 0) { ret = wc_SetSubjectKeyIdFromPublicKey_ex(&cert, RSA_TYPE, &rsaKey); } wc_FreeRsaKey(&rsaKey); } #endif #if defined(HAVE_ECC) if (ret == 0) { /*ECC*/ ret = wc_ecc_init(&eccKey); if (ret == 0) { ret = wc_ecc_make_key(&rng, KEY14, &eccKey); #if defined(WOLFSSL_ASYNC_CRYPT) ret = wc_AsyncWait(ret, &eccKey.asyncDev, WC_ASYNC_FLAG_NONE); #endif } if (ret == 0) { ret = wc_SetSubjectKeyIdFromPublicKey_ex(&cert, ECC_TYPE, &eccKey); } wc_ecc_free(&eccKey); } #endif #if defined(HAVE_ED448) && defined(HAVE_ED448_KEY_EXPORT) if (ret == 0) { /*ED448*/ ret = wc_ed448_init(&ed448Key); if (ret == 0) { ret = wc_ed448_make_key(&rng, ED448_KEY_SIZE, &ed448Key); } if (ret == 0) { ret = wc_SetSubjectKeyIdFromPublicKey_ex(&cert, ED448_TYPE, &ed448Key); } wc_ed448_free(&ed448Key); } #endif wc_FreeRng(&rng); res = TEST_RES_CHECK(ret == 0); #endif return res; }/* End test_wc_SetSubjectKeyIdFromPublicKey_ex*/ /* * Testing wc_SetAuthKeyIdFromPublicKey_ex */ static int test_wc_SetAuthKeyIdFromPublicKey_ex(void) { int res = TEST_SKIPPED; #if defined(WOLFSSL_CERT_EXT) && defined(WOLFSSL_CERT_GEN) WC_RNG rng; Cert cert; #if defined(HAVE_ED25519) && defined(HAVE_ED25519_KEY_EXPORT) ed25519_key ed25519Key; #endif #if !defined(NO_RSA) && defined(HAVE_RSA) RsaKey rsaKey; int bits = 2048; #endif #if defined(HAVE_ECC) ecc_key eccKey; #endif #if defined(HAVE_ED448) && defined(HAVE_ED448_KEY_EXPORT) ed448_key ed448Key; #endif int ret = 0; #ifndef HAVE_FIPS ret = wc_InitRng_ex(&rng, HEAP_HINT, testDevId); #else ret = wc_InitRng(&rng); #endif wc_InitCert(&cert); #if defined(HAVE_ED25519) && defined(HAVE_ED25519_KEY_EXPORT) if (ret == 0) { /*ED25519*/ ret = wc_ed25519_init(&ed25519Key); if (ret == 0) { ret = wc_ed25519_make_key(&rng, ED25519_KEY_SIZE, &ed25519Key); } if (ret == 0) { ret = wc_SetAuthKeyIdFromPublicKey_ex(&cert, ED25519_TYPE, &ed25519Key); } wc_ed25519_free(&ed25519Key); } #endif #if !defined(NO_RSA) && defined(HAVE_RSA) && defined(WOLFSSL_KEY_GEN) if (ret == 0) { /*RSA*/ ret = wc_InitRsaKey(&rsaKey, HEAP_HINT); if (ret == 0) { MAKE_RSA_KEY(&rsaKey, bits, WC_RSA_EXPONENT, &rng); } if (ret == 0) { ret = wc_SetAuthKeyIdFromPublicKey_ex(&cert, RSA_TYPE, &rsaKey); } wc_FreeRsaKey(&rsaKey); } #endif #if defined(HAVE_ECC) if (ret == 0) { /*ECC*/ ret = wc_ecc_init(&eccKey); if (ret == 0) { ret = wc_ecc_make_key(&rng, KEY14, &eccKey); #if defined(WOLFSSL_ASYNC_CRYPT) ret = wc_AsyncWait(ret, &eccKey.asyncDev, WC_ASYNC_FLAG_NONE); #endif } if (ret == 0) { ret = wc_SetAuthKeyIdFromPublicKey_ex(&cert, ECC_TYPE, &eccKey); } wc_ecc_free(&eccKey); } #endif #if defined(HAVE_ED448) && defined(HAVE_ED448_KEY_EXPORT) if (ret == 0) { /*ED448*/ ret = wc_ed448_init(&ed448Key); if (ret == 0) { ret = wc_ed448_make_key(&rng, ED448_KEY_SIZE, &ed448Key); } if (ret == 0) { ret = wc_SetAuthKeyIdFromPublicKey_ex(&cert, ED448_TYPE, &ed448Key); } wc_ed448_free(&ed448Key); } #endif wc_FreeRng(&rng); res = TEST_RES_CHECK(ret == 0); #endif /*defined(WOLFSSL_CERT_EXT) && defined(WOLFSSL_CERT_GEN)*/ return res; }/* End test_wc_SetAuthKeyIdFromPublicKey_ex*/ /* * Testing wc_PKCS7_New() */ static int test_wc_PKCS7_New(void) { int res = TEST_SKIPPED; #if defined(HAVE_PKCS7) PKCS7* pkcs7; pkcs7 = wc_PKCS7_New(NULL, testDevId); wc_PKCS7_Free(pkcs7); res = TEST_RES_CHECK(pkcs7 != NULL); #endif return res; } /* END test-wc_PKCS7_New */ /* * Testing wc_PKCS7_Init() */ static int test_wc_PKCS7_Init(void) { int res = TEST_SKIPPED; #if defined(HAVE_PKCS7) PKCS7* pkcs7; void* heap = NULL; pkcs7 = wc_PKCS7_New(heap, testDevId); AssertNotNull(pkcs7); AssertIntEQ(wc_PKCS7_Init(pkcs7, heap, testDevId), 0); /* Pass in bad args. */ AssertIntEQ(wc_PKCS7_Init(NULL, heap, testDevId), BAD_FUNC_ARG); wc_PKCS7_Free(pkcs7); res = TEST_RES_CHECK(1); #endif return res; } /* END test-wc_PKCS7_Init */ /* * Testing wc_PKCS7_InitWithCert() */ static int test_wc_PKCS7_InitWithCert(void) { int res = TEST_SKIPPED; #if defined(HAVE_PKCS7) PKCS7* pkcs7; #ifndef NO_RSA #if defined(USE_CERT_BUFFERS_2048) unsigned char cert[sizeof(client_cert_der_2048)]; int certSz = (int)sizeof(cert); XMEMSET(cert, 0, certSz); XMEMCPY(cert, client_cert_der_2048, sizeof(client_cert_der_2048)); #elif defined(USE_CERT_BUFFERS_1024) unsigned char cert[sizeof(client_cert_der_1024)]; int certSz = (int)sizeof(cert); XMEMSET(cert, 0, certSz); XMEMCPY(cert, client_cert_der_1024, sizeof_client_cert_der_1024); #else unsigned char cert[ONEK_BUF]; XFILE fp; int certSz; fp = XFOPEN("./certs/1024/client-cert.der", "rb"); AssertTrue(fp != XBADFILE); certSz = (int)XFREAD(cert, 1, sizeof_client_cert_der_1024, fp); XFCLOSE(fp); #endif #elif defined(HAVE_ECC) #if defined(USE_CERT_BUFFERS_256) unsigned char cert[sizeof(cliecc_cert_der_256)]; int certSz = (int)sizeof(cert); XMEMSET(cert, 0, certSz); XMEMCPY(cert, cliecc_cert_der_256, sizeof(cliecc_cert_der_256)); #else unsigned char cert[ONEK_BUF]; XFILE fp; int certSz; fp = XFOPEN("./certs/client-ecc-cert.der", "rb"); AssertTrue(fp != XBADFILE); certSz = (int)XFREAD(cert, 1, sizeof(cliecc_cert_der_256), fp); XFCLOSE(fp); #endif #else #error PKCS7 requires ECC or RSA #endif #ifdef HAVE_ECC { /* bad test case from ZD 11011, malformed cert gives bad ECC key */ static unsigned char certWithInvalidEccKey[] = { 0x30, 0x82, 0x03, 0x5F, 0x30, 0x82, 0x03, 0x04, 0xA0, 0x03, 0x02, 0x01, 0x02, 0x02, 0x14, 0x61, 0xB3, 0x1E, 0x59, 0xF3, 0x68, 0x6C, 0xA4, 0x79, 0x42, 0x83, 0x2F, 0x1A, 0x50, 0x71, 0x03, 0xBE, 0x31, 0xAA, 0x2C, 0x30, 0x0A, 0x06, 0x08, 0x2A, 0x86, 0x48, 0xCE, 0x3D, 0x04, 0x03, 0x02, 0x30, 0x81, 0x8D, 0x31, 0x0B, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x55, 0x53, 0x31, 0x0F, 0x30, 0x0D, 0x06, 0x03, 0x55, 0x04, 0x08, 0x0C, 0x06, 0x4F, 0x72, 0x65, 0x67, 0x6F, 0x6E, 0x31, 0x0E, 0x30, 0x0C, 0x06, 0x03, 0x55, 0x04, 0x07, 0x0C, 0x05, 0x53, 0x61, 0x6C, 0x65, 0x6D, 0x31, 0x13, 0x30, 0x11, 0x06, 0x03, 0x55, 0x04, 0x0A, 0x0C, 0x0A, 0x43, 0x6C, 0x69, 0x65, 0x6E, 0x74, 0x20, 0x45, 0x43, 0x43, 0x31, 0x0D, 0x30, 0x0B, 0x06, 0x03, 0x55, 0x04, 0x0B, 0x0C, 0x04, 0x46, 0x61, 0x73, 0x74, 0x31, 0x18, 0x30, 0x16, 0x06, 0x03, 0x55, 0x04, 0x03, 0x0C, 0x0F, 0x77, 0x77, 0x77, 0x2E, 0x77, 0x6F, 0x6C, 0x66, 0x73, 0x73, 0x6C, 0x2E, 0x63, 0x6F, 0x6D, 0x31, 0x1F, 0x30, 0x1D, 0x06, 0x09, 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x09, 0x01, 0x16, 0x10, 0x69, 0x6E, 0x66, 0x6F, 0x40, 0x77, 0x6F, 0x6C, 0x66, 0x73, 0x73, 0x6C, 0x2E, 0x63, 0x6F, 0x6D, 0x30, 0x1E, 0x17, 0x0D, 0x32, 0x30, 0x30, 0x36, 0x31, 0x39, 0x31, 0x33, 0x32, 0x33, 0x34, 0x31, 0x5A, 0x17, 0x0D, 0x32, 0x33, 0x30, 0x33, 0x31, 0x36, 0x31, 0x33, 0x32, 0x33, 0x34, 0x31, 0x5A, 0x30, 0x81, 0x8D, 0x31, 0x0B, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x55, 0x53, 0x31, 0x0F, 0x30, 0x0D, 0x06, 0x03, 0x55, 0x04, 0x08, 0x0C, 0x06, 0x4F, 0x72, 0x65, 0x67, 0x6F, 0x6E, 0x31, 0x0E, 0x30, 0x0C, 0x06, 0x03, 0x55, 0x04, 0x07, 0x0C, 0x05, 0x53, 0x61, 0x6C, 0x65, 0x6D, 0x31, 0x13, 0x30, 0x11, 0x06, 0x03, 0x55, 0x04, 0x0A, 0x0C, 0x0A, 0x43, 0x6C, 0x69, 0x65, 0x6E, 0x74, 0x20, 0x45, 0x43, 0x43, 0x31, 0x0D, 0x30, 0x0B, 0x06, 0x03, 0x55, 0x04, 0x0B, 0x0C, 0x04, 0x46, 0x61, 0x73, 0x74, 0x31, 0x18, 0x30, 0x26, 0x06, 0x03, 0x55, 0x04, 0x03, 0x0C, 0x0F, 0x77, 0x77, 0x77, 0x2E, 0x77, 0x6F, 0x6C, 0x66, 0x73, 0x73, 0x6C, 0x2E, 0x63, 0x6F, 0x6D, 0x31, 0x1F, 0x30, 0x1D, 0x06, 0x09, 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x09, 0x01, 0x16, 0x10, 0x69, 0x6E, 0x66, 0x6F, 0x40, 0x77, 0x6F, 0x6C, 0x66, 0x73, 0x73, 0x6C, 0x2E, 0x63, 0x6F, 0x6D, 0x30, 0x59, 0x30, 0x13, 0x06, 0x07, 0x2A, 0x86, 0x48, 0xCE, 0x3D, 0x02, 0x01, 0x06, 0x08, 0x2A, 0x86, 0x48, 0xCE, 0x3D, 0x03, 0x01, 0x07, 0x03, 0x02, 0x00, 0x04, 0x55, 0xBF, 0xF4, 0x0F, 0x44, 0x50, 0x9A, 0x3D, 0xCE, 0x9B, 0xB7, 0xF0, 0xC5, 0x4D, 0xF5, 0x70, 0x7B, 0xD4, 0xEC, 0x24, 0x8E, 0x19, 0x80, 0xEC, 0x5A, 0x4C, 0xA2, 0x24, 0x03, 0x62, 0x2C, 0x9B, 0xDA, 0xEF, 0xA2, 0x35, 0x12, 0x43, 0x84, 0x76, 0x16, 0xC6, 0x56, 0x95, 0x06, 0xCC, 0x01, 0xA9, 0xBD, 0xF6, 0x75, 0x1A, 0x42, 0xF7, 0xBD, 0xA9, 0xB2, 0x36, 0x22, 0x5F, 0xC7, 0x5D, 0x7F, 0xB4, 0xA3, 0x82, 0x01, 0x3E, 0x30, 0x82, 0x01, 0x3A, 0x30, 0x1D, 0x06, 0x03, 0x55, 0x1D, 0x0E, 0x04, 0x16, 0x04, 0x14, 0xEB, 0xD4, 0x4B, 0x59, 0x6B, 0x95, 0x61, 0x3F, 0x51, 0x57, 0xB6, 0x04, 0x4D, 0x89, 0x41, 0x88, 0x44, 0x5C, 0xAB, 0xF2, 0x30, 0x81, 0xCD, 0x06, 0x03, 0x55, 0x1D, 0x23, 0x04, 0x81, 0xC5, 0x30, 0x81, 0xC2, 0x80, 0x14, 0xEB, 0xD4, 0x4B, 0x59, 0x72, 0x95, 0x61, 0x3F, 0x51, 0x57, 0xB6, 0x04, 0x4D, 0x89, 0x41, 0x88, 0x44, 0x5C, 0xAB, 0xF2, 0xA1, 0x81, 0x93, 0xA4, 0x81, 0x90, 0x30, 0x81, 0x8D, 0x31, 0x0B, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x55, 0x53, 0x31, 0x0F, 0x30, 0x0D, 0x06, 0x03, 0x55, 0x08, 0x08, 0x0C, 0x06, 0x4F, 0x72, 0x65, 0x67, 0x6F, 0x6E, 0x31, 0x0E, 0x30, 0x0C, 0x06, 0x03, 0x55, 0x04, 0x07, 0x0C, 0x05, 0x53, 0x61, 0x6C, 0x65, 0x6D, 0x31, 0x13, 0x30, 0x11, 0x06, 0x03, 0x55, 0x04, 0x0A, 0x0C, 0x0A, 0x43, 0x6C, 0x69, 0x65, 0x6E, 0x74, 0x20, 0x45, 0x43, 0x43, 0x31, 0x0D, 0x30, 0x0B, 0x06, 0x03, 0x55, 0x04, 0x0B, 0x0C, 0x04, 0x46, 0x61, 0x73, 0x74, 0x31, 0x18, 0x30, 0x16, 0x06, 0x03, 0x55, 0x04, 0x03, 0x0C, 0x0F, 0x77, 0x77, 0x77, 0x2E, 0x77, 0x6F, 0x6C, 0x66, 0x73, 0x73, 0x6C, 0x2E, 0x63, 0x6F, 0x6D, 0x30, 0x1F, 0x30, 0x1D, 0x06, 0x09, 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x09, 0x01, 0x16, 0x10, 0x69, 0x6E, 0x66, 0x6F, 0x40, 0x77, 0x6F, 0x6C, 0x66, 0x73, 0x73, 0x6C, 0x2E, 0x63, 0x6F, 0x6D, 0x82, 0x14, 0x61, 0xB3, 0x1E, 0x59, 0xF3, 0x68, 0x6C, 0xA4, 0x79, 0x42, 0x83, 0x2F, 0x1A, 0x50, 0x71, 0x03, 0xBE, 0x32, 0xAA, 0x2C, 0x30, 0x0C, 0x06, 0x03, 0x55, 0x1D, 0x13, 0x04, 0x05, 0x30, 0x03, 0x01, 0x01, 0xFF, 0x30, 0x1C, 0x06, 0x03, 0x55, 0x1D, 0x11, 0x04, 0x15, 0x30, 0x13, 0x82, 0x0B, 0x65, 0x78, 0x61, 0x6D, 0x70, 0x6C, 0x65, 0x2E, 0x63, 0x6F, 0x6D, 0x87, 0x04, 0x23, 0x00, 0x00, 0x01, 0x30, 0x1D, 0x06, 0x03, 0x55, 0x1D, 0x25, 0x04, 0x16, 0x30, 0x14, 0x06, 0x08, 0x2B, 0x06, 0x01, 0x05, 0x05, 0x07, 0x03, 0x01, 0x06, 0x08, 0x2B, 0x06, 0x01, 0x05, 0x05, 0x07, 0x03, 0x02, 0x30, 0x0A, 0x06, 0x08, 0x2A, 0x86, 0x48, 0xCE, 0x3D, 0x04, 0x03, 0x02, 0x03, 0x49, 0x00, 0x30, 0x46, 0x02, 0x21, 0x00, 0xE4, 0xA0, 0x23, 0x26, 0x2B, 0x0B, 0x42, 0x0F, 0x97, 0x37, 0x6D, 0xCB, 0x14, 0x23, 0xC3, 0xC3, 0xE6, 0x44, 0xCF, 0x5F, 0x4C, 0x26, 0xA3, 0x72, 0x64, 0x7A, 0x9C, 0xCB, 0x64, 0xAB, 0xA6, 0xBE, 0x02, 0x21, 0x00, 0xAA, 0xC5, 0xA3, 0x50, 0xF6, 0xF1, 0xA5, 0xDB, 0x05, 0xE0, 0x75, 0xD2, 0xF7, 0xBA, 0x49, 0x5F, 0x8F, 0x7D, 0x1C, 0x44, 0xB1, 0x6E, 0xDF, 0xC8, 0xDA, 0x10, 0x48, 0x2D, 0x53, 0x08, 0xA8, 0xB4}; #endif AssertNotNull(pkcs7 = wc_PKCS7_New(HEAP_HINT, testDevId)); /* If initialization is not successful, it's free'd in init func. */ AssertIntEQ(wc_PKCS7_InitWithCert(pkcs7, (byte*)cert, (word32)certSz), 0); wc_PKCS7_Free(pkcs7); AssertNotNull(pkcs7 = wc_PKCS7_New(HEAP_HINT, testDevId)); /* Valid initialization usage. */ AssertIntEQ(wc_PKCS7_InitWithCert(pkcs7, NULL, 0), 0); /* Pass in bad args. No need free for null checks, free at end.*/ AssertIntEQ(wc_PKCS7_InitWithCert(NULL, (byte*)cert, (word32)certSz), BAD_FUNC_ARG); AssertIntEQ(wc_PKCS7_InitWithCert(pkcs7, NULL, (word32)certSz), BAD_FUNC_ARG); #ifdef HAVE_ECC AssertIntLT(wc_PKCS7_InitWithCert(pkcs7, certWithInvalidEccKey, sizeof(certWithInvalidEccKey)), 0); } #endif wc_PKCS7_Free(pkcs7); res = TEST_RES_CHECK(1); #endif return res; } /* END test_wc_PKCS7_InitWithCert */ /* * Testing wc_PKCS7_EncodeData() */ static int test_wc_PKCS7_EncodeData(void) { int res = TEST_SKIPPED; #if defined(HAVE_PKCS7) PKCS7* pkcs7; byte output[FOURK_BUF]; byte data[] = "My encoded DER cert."; #ifndef NO_RSA #if defined(USE_CERT_BUFFERS_2048) unsigned char cert[sizeof(client_cert_der_2048)]; unsigned char key[sizeof(client_key_der_2048)]; int certSz = (int)sizeof(cert); int keySz = (int)sizeof(key); XMEMSET(cert, 0, certSz); XMEMSET(key, 0, keySz); XMEMCPY(cert, client_cert_der_2048, certSz); XMEMCPY(key, client_key_der_2048, keySz); #elif defined(USE_CERT_BUFFERS_1024) unsigned char cert[sizeof(sizeof_client_cert_der_1024)]; unsigned char key[sizeof_client_key_der_1024]; int certSz = (int)sizeof(cert); int keySz = (int)sizeof(key); XMEMSET(cert, 0, certSz); XMEMSET(key, 0, keySz); XMEMCPY(cert, client_cert_der_1024, certSz); XMEMCPY(key, client_key_der_1024, keySz); #else unsigned char cert[ONEK_BUF]; unsigned char key[ONEK_BUF]; XFILE fp; int certSz; int keySz; fp = XFOPEN("./certs/1024/client-cert.der", "rb"); AssertTrue(fp != XBADFILE); certSz = (int)XFREAD(cert, 1, sizeof_client_cert_der_1024, fp); XFCLOSE(fp); fp = XFOPEN("./certs/1024/client-key.der", "rb"); AssertTrue(fp != XBADFILE); keySz = (int)XFREAD(key, 1, sizeof_client_key_der_1024, fp); XFCLOSE(fp); #endif #elif defined(HAVE_ECC) #if defined(USE_CERT_BUFFERS_256) unsigned char cert[sizeof(cliecc_cert_der_256)]; unsigned char key[sizeof(ecc_clikey_der_256)]; int certSz = (int)sizeof(cert); int keySz = (int)sizeof(key); XMEMSET(cert, 0, certSz); XMEMSET(key, 0, keySz); XMEMCPY(cert, cliecc_cert_der_256, sizeof_cliecc_cert_der_256); XMEMCPY(key, ecc_clikey_der_256, sizeof_ecc_clikey_der_256); #else unsigned char cert[ONEK_BUF]; unsigned char key[ONEK_BUF]; XFILE fp; int certSz, keySz; fp = XFOPEN("./certs/client-ecc-cert.der", "rb"); AssertTrue(fp != XBADFILE); certSz = (int)XFREAD(cert, 1, sizeof_cliecc_cert_der_256, fp); XFCLOSE(fp); fp = XFOPEN("./certs/client-ecc-key.der", "rb"); AssertTrue(fp != XBADFILE); keySz = (int)XFREAD(key, 1, sizeof_ecc_clikey_der_256, fp); XFCLOSE(fp); #endif #endif XMEMSET(output, 0, sizeof(output)); AssertNotNull(pkcs7 = wc_PKCS7_New(HEAP_HINT, testDevId)); AssertIntEQ(wc_PKCS7_Init(pkcs7, HEAP_HINT, INVALID_DEVID), 0); AssertIntEQ(wc_PKCS7_InitWithCert(pkcs7, (byte*)cert, certSz), 0); pkcs7->content = data; pkcs7->contentSz = sizeof(data); pkcs7->privateKey = key; pkcs7->privateKeySz = keySz; AssertIntGT(wc_PKCS7_EncodeData(pkcs7, output, (word32)sizeof(output)), 0); /* Test bad args. */ AssertIntEQ(wc_PKCS7_EncodeData(NULL, output, (word32)sizeof(output)), BAD_FUNC_ARG); AssertIntEQ(wc_PKCS7_EncodeData(pkcs7, NULL, (word32)sizeof(output)), BAD_FUNC_ARG); AssertIntEQ(wc_PKCS7_EncodeData(pkcs7, output, 5), BUFFER_E); wc_PKCS7_Free(pkcs7); res = TEST_RES_CHECK(1); #endif return res; } /* END test_wc_PKCS7_EncodeData */ #if defined(HAVE_PKCS7) && defined(HAVE_PKCS7_RSA_RAW_SIGN_CALLBACK) && \ !defined(NO_RSA) && !defined(NO_SHA256) /* RSA sign raw digest callback */ static int rsaSignRawDigestCb(PKCS7* pkcs7, byte* digest, word32 digestSz, byte* out, word32 outSz, byte* privateKey, word32 privateKeySz, int devid, int hashOID) { /* specific DigestInfo ASN.1 encoding prefix for a SHA2565 digest */ byte digInfoEncoding[] = { 0x30, 0x31, 0x30, 0x0d, 0x06, 0x09, 0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x02, 0x01, 0x05, 0x00, 0x04, 0x20 }; int ret; byte digestInfo[ONEK_BUF]; byte sig[FOURK_BUF]; word32 digestInfoSz = 0; word32 idx = 0; RsaKey rsa; /* SHA-256 required only for this example callback due to above * digInfoEncoding[] */ if (pkcs7 == NULL || digest == NULL || out == NULL || (sizeof(digestInfo) < sizeof(digInfoEncoding) + digestSz) || (hashOID != SHA256h)) { return -1; } /* build DigestInfo */ XMEMCPY(digestInfo, digInfoEncoding, sizeof(digInfoEncoding)); digestInfoSz += sizeof(digInfoEncoding); XMEMCPY(digestInfo + digestInfoSz, digest, digestSz); digestInfoSz += digestSz; /* set up RSA key */ ret = wc_InitRsaKey_ex(&rsa, pkcs7->heap, devid); if (ret != 0) { return ret; } ret = wc_RsaPrivateKeyDecode(privateKey, &idx, &rsa, privateKeySz); /* sign DigestInfo */ if (ret == 0) { ret = wc_RsaSSL_Sign(digestInfo, digestInfoSz, sig, sizeof(sig), &rsa, pkcs7->rng); if (ret > 0) { if (ret > (int)outSz) { /* output buffer too small */ ret = -1; } else { /* success, ret holds sig size */ XMEMCPY(out, sig, ret); } } } wc_FreeRsaKey(&rsa); return ret; } #endif /* * Testing wc_PKCS7_EncodeSignedData() */ static int test_wc_PKCS7_EncodeSignedData(void) { int res = TEST_SKIPPED; #if defined(HAVE_PKCS7) PKCS7* pkcs7; WC_RNG rng; byte output[FOURK_BUF]; byte badOut[1]; word32 outputSz = (word32)sizeof(output); word32 badOutSz = 0; byte data[] = "Test data to encode."; #ifndef NO_RSA #if defined(USE_CERT_BUFFERS_2048) byte key[sizeof(client_key_der_2048)]; byte cert[sizeof(client_cert_der_2048)]; word32 keySz = (word32)sizeof(key); word32 certSz = (word32)sizeof(cert); XMEMSET(key, 0, keySz); XMEMSET(cert, 0, certSz); XMEMCPY(key, client_key_der_2048, keySz); XMEMCPY(cert, client_cert_der_2048, certSz); #elif defined(USE_CERT_BUFFERS_1024) byte key[sizeof_client_key_der_1024]; byte cert[sizeof(sizeof_client_cert_der_1024)]; word32 keySz = (word32)sizeof(key); word32 certSz = (word32)sizeof(cert); XMEMSET(key, 0, keySz); XMEMSET(cert, 0, certSz); XMEMCPY(key, client_key_der_1024, keySz); XMEMCPY(cert, client_cert_der_1024, certSz); #else unsigned char cert[ONEK_BUF]; unsigned char key[ONEK_BUF]; XFILE fp; int certSz; int keySz; fp = XFOPEN("./certs/1024/client-cert.der", "rb"); AssertTrue(fp != XBADFILE); certSz = (int)XFREAD(cert, 1, sizeof_client_cert_der_1024, fp); XFCLOSE(fp); fp = XFOPEN("./certs/1024/client-key.der", "rb"); AssertTrue(fp != XBADFILE); keySz = (int)XFREAD(key, 1, sizeof_client_key_der_1024, fp); XFCLOSE(fp); #endif #elif defined(HAVE_ECC) #if defined(USE_CERT_BUFFERS_256) unsigned char cert[sizeof(cliecc_cert_der_256)]; unsigned char key[sizeof(ecc_clikey_der_256)]; int certSz = (int)sizeof(cert); int keySz = (int)sizeof(key); XMEMSET(cert, 0, certSz); XMEMSET(key, 0, keySz); XMEMCPY(cert, cliecc_cert_der_256, certSz); XMEMCPY(key, ecc_clikey_der_256, keySz); #else unsigned char cert[ONEK_BUF]; unsigned char key[ONEK_BUF]; XFILE fp; int certSz, keySz; fp = XOPEN("./certs/client-ecc-cert.der", "rb"); AssertTrue(fp != XBADFILE); certSz = (int)XFREAD(cert, 1, ONEK_BUF, fp); XFCLOSE(fp); fp = XFOPEN("./certs/client-ecc-key.der", "rb"); AssertTrue(fp != XBADFILE); keySz = (int)XFREAD(key, 1, ONEK_BUF, fp); XFCLOSE(fp); #endif #endif XMEMSET(output, 0, outputSz); AssertIntEQ(wc_InitRng(&rng), 0); AssertNotNull(pkcs7 = wc_PKCS7_New(HEAP_HINT, testDevId)); AssertIntEQ(wc_PKCS7_Init(pkcs7, HEAP_HINT, INVALID_DEVID), 0); AssertIntEQ(wc_PKCS7_InitWithCert(pkcs7, cert, certSz), 0); pkcs7->content = data; pkcs7->contentSz = (word32)sizeof(data); pkcs7->privateKey = key; pkcs7->privateKeySz = (word32)sizeof(key); pkcs7->encryptOID = RSAk; #ifdef NO_SHA pkcs7->hashOID = SHA256h; #else pkcs7->hashOID = SHAh; #endif pkcs7->rng = &rng; AssertIntGT(wc_PKCS7_EncodeSignedData(pkcs7, output, outputSz), 0); wc_PKCS7_Free(pkcs7); AssertNotNull(pkcs7 = wc_PKCS7_New(HEAP_HINT, testDevId)); AssertIntEQ(wc_PKCS7_InitWithCert(pkcs7, NULL, 0), 0); AssertIntEQ(wc_PKCS7_VerifySignedData(pkcs7, output, outputSz), 0); /* Pass in bad args. */ AssertIntEQ(wc_PKCS7_EncodeSignedData(NULL, output, outputSz), BAD_FUNC_ARG); AssertIntEQ(wc_PKCS7_EncodeSignedData(pkcs7, NULL, outputSz), BAD_FUNC_ARG); AssertIntEQ(wc_PKCS7_EncodeSignedData(pkcs7, badOut, badOutSz), BAD_FUNC_ARG); pkcs7->hashOID = 0; /* bad hashOID */ AssertIntEQ(wc_PKCS7_EncodeSignedData(pkcs7, output, outputSz), BAD_FUNC_ARG); #if defined(HAVE_PKCS7) && defined(HAVE_PKCS7_RSA_RAW_SIGN_CALLBACK) && \ !defined(NO_RSA) && !defined(NO_SHA256) /* test RSA sign raw digest callback, if using RSA and compiled in. * Example callback assumes SHA-256, so only run test if compiled in. */ wc_PKCS7_Free(pkcs7); AssertNotNull(pkcs7 = wc_PKCS7_New(HEAP_HINT, testDevId)); AssertIntEQ(wc_PKCS7_InitWithCert(pkcs7, cert, certSz), 0); pkcs7->content = data; pkcs7->contentSz = (word32)sizeof(data); pkcs7->privateKey = key; pkcs7->privateKeySz = (word32)sizeof(key); pkcs7->encryptOID = RSAk; pkcs7->hashOID = SHA256h; pkcs7->rng = &rng; AssertIntEQ(wc_PKCS7_SetRsaSignRawDigestCb(pkcs7, rsaSignRawDigestCb), 0); AssertIntGT(wc_PKCS7_EncodeSignedData(pkcs7, output, outputSz), 0); #endif wc_PKCS7_Free(pkcs7); wc_FreeRng(&rng); res = TEST_RES_CHECK(1); #endif return res; } /* END test_wc_PKCS7_EncodeSignedData */ /* * Testing wc_PKCS7_EncodeSignedData_ex() and wc_PKCS7_VerifySignedData_ex() */ static int test_wc_PKCS7_EncodeSignedData_ex(void) { int res = TEST_SKIPPED; #if defined(HAVE_PKCS7) int ret, i; PKCS7* pkcs7; WC_RNG rng; byte outputHead[FOURK_BUF/2]; byte outputFoot[FOURK_BUF/2]; word32 outputHeadSz = (word32)sizeof(outputHead); word32 outputFootSz = (word32)sizeof(outputFoot); byte data[FOURK_BUF]; wc_HashAlg hash; #ifdef NO_SHA enum wc_HashType hashType = WC_HASH_TYPE_SHA256; #else enum wc_HashType hashType = WC_HASH_TYPE_SHA; #endif byte hashBuf[WC_MAX_DIGEST_SIZE]; word32 hashSz = wc_HashGetDigestSize(hashType); #ifndef NO_RSA #if defined(USE_CERT_BUFFERS_2048) byte key[sizeof(client_key_der_2048)]; byte cert[sizeof(client_cert_der_2048)]; word32 keySz = (word32)sizeof(key); word32 certSz = (word32)sizeof(cert); XMEMSET(key, 0, keySz); XMEMSET(cert, 0, certSz); XMEMCPY(key, client_key_der_2048, keySz); XMEMCPY(cert, client_cert_der_2048, certSz); #elif defined(USE_CERT_BUFFERS_1024) byte key[sizeof_client_key_der_1024]; byte cert[sizeof(sizeof_client_cert_der_1024)]; word32 keySz = (word32)sizeof(key); word32 certSz = (word32)sizeof(cert); XMEMSET(key, 0, keySz); XMEMSET(cert, 0, certSz); XMEMCPY(key, client_key_der_1024, keySz); XMEMCPY(cert, client_cert_der_1024, certSz); #else unsigned char cert[ONEK_BUF]; unsigned char key[ONEK_BUF]; XFILE fp; int certSz; int keySz; fp = XFOPEN("./certs/1024/client-cert.der", "rb"); AssertTrue((fp != XBADFILE)); certSz = (int)XFREAD(cert, 1, sizeof_client_cert_der_1024, fp); XFCLOSE(fp); fp = XFOPEN("./certs/1024/client-key.der", "rb"); AssertTrue(fp != XBADFILE); keySz = (int)XFREAD(key, 1, sizeof_client_key_der_1024, fp); XFCLOSE(fp); #endif #elif defined(HAVE_ECC) #if defined(USE_CERT_BUFFERS_256) unsigned char cert[sizeof(cliecc_cert_der_256)]; unsigned char key[sizeof(ecc_clikey_der_256)]; int certSz = (int)sizeof(cert); int keySz = (int)sizeof(key); XMEMSET(cert, 0, certSz); XMEMSET(key, 0, keySz); XMEMCPY(cert, cliecc_cert_der_256, sizeof_cliecc_cert_der_256); XMEMCPY(key, ecc_clikey_der_256, sizeof_ecc_clikey_der_256); #else unsigned char cert[ONEK_BUF]; unsigned char key[ONEK_BUF]; XFILE fp; int certSz, keySz; fp = XFOPEN("./certs/client-ecc-cert.der", "rb"); AssertTrue(fp != XBADFILE); certSz = (int)XFREAD(cert, 1, sizeof_cliecc_cert_der_256, fp); XFCLOSE(fp); fp = XFOPEN("./certs/client-ecc-key.der", "rb"); AssertTrue(fp != XBADFILE); keySz = (int)XFREAD(key, 1, sizeof_ecc_clikey_der_256, fp); XFCLOSE(fp); #endif #endif /* initialize large data with sequence */ for (i=0; i<(int)sizeof(data); i++) data[i] = i & 0xff; XMEMSET(outputHead, 0, outputHeadSz); XMEMSET(outputFoot, 0, outputFootSz); AssertIntEQ(wc_InitRng(&rng), 0); AssertNotNull(pkcs7 = wc_PKCS7_New(HEAP_HINT, testDevId)); AssertIntEQ(wc_PKCS7_Init(pkcs7, HEAP_HINT, INVALID_DEVID), 0); AssertIntEQ(wc_PKCS7_InitWithCert(pkcs7, cert, certSz), 0); pkcs7->content = NULL; /* not used for ex */ pkcs7->contentSz = (word32)sizeof(data); pkcs7->privateKey = key; pkcs7->privateKeySz = (word32)sizeof(key); pkcs7->encryptOID = RSAk; #ifdef NO_SHA pkcs7->hashOID = SHA256h; #else pkcs7->hashOID = SHAh; #endif pkcs7->rng = &rng; /* calculate hash for content */ ret = wc_HashInit(&hash, hashType); if (ret == 0) { ret = wc_HashUpdate(&hash, hashType, data, sizeof(data)); if (ret == 0) { ret = wc_HashFinal(&hash, hashType, hashBuf); } wc_HashFree(&hash, hashType); } AssertIntEQ(ret, 0); /* Perform PKCS7 sign using hash directly */ AssertIntEQ(wc_PKCS7_EncodeSignedData_ex(pkcs7, hashBuf, hashSz, outputHead, &outputHeadSz, outputFoot, &outputFootSz), 0); AssertIntGT(outputHeadSz, 0); AssertIntGT(outputFootSz, 0); wc_PKCS7_Free(pkcs7); AssertNotNull(pkcs7 = wc_PKCS7_New(HEAP_HINT, testDevId)); AssertIntEQ(wc_PKCS7_InitWithCert(pkcs7, NULL, 0), 0); /* required parameter even on verify when using _ex, if using outputHead * and outputFoot */ pkcs7->contentSz = (word32)sizeof(data); AssertIntEQ(wc_PKCS7_VerifySignedData_ex(pkcs7, hashBuf, hashSz, outputHead, outputHeadSz, outputFoot, outputFootSz), 0); wc_PKCS7_Free(pkcs7); /* assembly complete PKCS7 sign and use normal verify */ { byte* output = (byte*)XMALLOC( outputHeadSz + sizeof(data) + outputFootSz, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); word32 outputSz = 0; AssertNotNull(output); XMEMCPY(&output[outputSz], outputHead, outputHeadSz); outputSz += outputHeadSz; XMEMCPY(&output[outputSz], data, sizeof(data)); outputSz += sizeof(data); XMEMCPY(&output[outputSz], outputFoot, outputFootSz); outputSz += outputFootSz; AssertNotNull(pkcs7 = wc_PKCS7_New(HEAP_HINT, testDevId)); AssertIntEQ(wc_PKCS7_InitWithCert(pkcs7, NULL, 0), 0); AssertIntEQ(wc_PKCS7_VerifySignedData(pkcs7, output, outputSz), 0); XFREE(output, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); } /* Pass in bad args. */ AssertIntEQ(wc_PKCS7_EncodeSignedData_ex(NULL, hashBuf, hashSz, outputHead, &outputHeadSz, outputFoot, &outputFootSz), BAD_FUNC_ARG); AssertIntEQ(wc_PKCS7_EncodeSignedData_ex(pkcs7, NULL, hashSz, outputHead, &outputHeadSz, outputFoot, &outputFootSz), BAD_FUNC_ARG); AssertIntEQ(wc_PKCS7_EncodeSignedData_ex(pkcs7, hashBuf, 0, outputHead, &outputHeadSz, outputFoot, &outputFootSz), BAD_FUNC_ARG); AssertIntEQ(wc_PKCS7_EncodeSignedData_ex(pkcs7, hashBuf, hashSz, NULL, &outputHeadSz, outputFoot, &outputFootSz), BAD_FUNC_ARG); AssertIntEQ(wc_PKCS7_EncodeSignedData_ex(pkcs7, hashBuf, hashSz, outputHead, NULL, outputFoot, &outputFootSz), BAD_FUNC_ARG); AssertIntEQ(wc_PKCS7_EncodeSignedData_ex(pkcs7, hashBuf, hashSz, outputHead, &outputHeadSz, NULL, &outputFootSz), BAD_FUNC_ARG); AssertIntEQ(wc_PKCS7_EncodeSignedData_ex(pkcs7, hashBuf, hashSz, outputHead, &outputHeadSz, outputFoot, NULL), BAD_FUNC_ARG); pkcs7->hashOID = 0; /* bad hashOID */ AssertIntEQ(wc_PKCS7_EncodeSignedData_ex(pkcs7, hashBuf, hashSz, outputHead, &outputHeadSz, outputFoot, &outputFootSz), BAD_FUNC_ARG); AssertIntEQ(wc_PKCS7_VerifySignedData_ex(NULL, hashBuf, hashSz, outputHead, outputHeadSz, outputFoot, outputFootSz), BAD_FUNC_ARG); AssertIntEQ(wc_PKCS7_VerifySignedData_ex(pkcs7, NULL, hashSz, outputHead, outputHeadSz, outputFoot, outputFootSz), BAD_FUNC_ARG); #ifndef NO_PKCS7_STREAM AssertIntEQ(wc_PKCS7_VerifySignedData_ex(pkcs7, hashBuf, 0, outputHead, outputHeadSz, outputFoot, outputFootSz), WC_PKCS7_WANT_READ_E); #else AssertIntEQ(wc_PKCS7_VerifySignedData_ex(pkcs7, hashBuf, 0, outputHead, outputHeadSz, outputFoot, outputFootSz), BUFFER_E); #endif AssertIntEQ(wc_PKCS7_VerifySignedData_ex(pkcs7, hashBuf, hashSz, NULL, outputHeadSz, outputFoot, outputFootSz), BAD_FUNC_ARG); #ifndef NO_PKCS7_STREAM /* can pass in 0 buffer length with streaming API */ AssertIntEQ(wc_PKCS7_VerifySignedData_ex(pkcs7, hashBuf, hashSz, outputHead, 0, outputFoot, outputFootSz), WC_PKCS7_WANT_READ_E); #else AssertIntEQ(wc_PKCS7_VerifySignedData_ex(pkcs7, hashBuf, hashSz, outputHead, 0, outputFoot, outputFootSz), BAD_FUNC_ARG); #endif AssertIntEQ(wc_PKCS7_VerifySignedData_ex(pkcs7, hashBuf, hashSz, outputHead, outputHeadSz, NULL, outputFootSz), BAD_FUNC_ARG); #ifndef NO_PKCS7_STREAM AssertIntEQ(wc_PKCS7_VerifySignedData_ex(pkcs7, hashBuf, hashSz, outputHead, outputHeadSz, outputFoot, 0), WC_PKCS7_WANT_READ_E); #else AssertIntEQ(wc_PKCS7_VerifySignedData_ex(pkcs7, hashBuf, hashSz, outputHead, outputHeadSz, outputFoot, 0), ASN_PARSE_E); #endif wc_PKCS7_Free(pkcs7); wc_FreeRng(&rng); res = TEST_RES_CHECK(1); #endif return res; } /* END test_wc_PKCS7_EncodeSignedData_ex */ #if defined(HAVE_PKCS7) && !defined(NO_FILESYSTEM) /** * Loads certs/keys from files or buffers into the argument buffers, * helper function called by CreatePKCS7SignedData(). * * Returns 0 on success, negative on error. */ static int LoadPKCS7SignedDataCerts( int useIntermediateCertChain, int pkAlgoType, byte* intCARoot, word32* intCARootSz, byte* intCA1, word32* intCA1Sz, byte* intCA2, word32* intCA2Sz, byte* cert, word32* certSz, byte* key, word32* keySz) { int ret = 0; FILE* fp = NULL; #ifndef NO_RSA const char* intCARootRSA = "./certs/ca-cert.der"; const char* intCA1RSA = "./certs/intermediate/ca-int-cert.der"; const char* intCA2RSA = "./certs/intermediate/ca-int2-cert.der"; const char* intServCertRSA = "./certs/intermediate/server-int-cert.der"; const char* intServKeyRSA = "./certs/server-key.der"; #if !defined(USE_CERT_BUFFERS_2048) && !defined(USE_CERT_BUFFERS_1024) const char* cli1024Cert = "./certs/1024/client-cert.der"; const char* cli1024Key = "./certs/1024/client-key.der"; #endif #endif #ifdef HAVE_ECC const char* intCARootECC = "./certs/ca-ecc-cert.der"; const char* intCA1ECC = "./certs/intermediate/ca-int-ecc-cert.der"; const char* intCA2ECC = "./certs/intermediate/ca-int2-ecc-cert.der"; const char* intServCertECC = "./certs/intermediate/server-int-ecc-cert.der"; const char* intServKeyECC = "./certs/ecc-key.der"; #ifndef USE_CERT_BUFFERS_256 const char* cliEccCert = "./certs/client-ecc-cert.der"; const char* cliEccKey = "./certs/client-ecc-key.der"; #endif #endif if (cert == NULL || certSz == NULL || key == NULL || keySz == NULL || ((useIntermediateCertChain == 1) && (intCARoot == NULL || intCARootSz == NULL || intCA1 == NULL || intCA1Sz == NULL || intCA2 == NULL || intCA2Sz == NULL))) { return BAD_FUNC_ARG; } /* Read/load certs and keys to use for signing based on PK type and chain */ switch (pkAlgoType) { #ifndef NO_RSA case RSA_TYPE: if (useIntermediateCertChain == 1) { fp = XFOPEN(intCARootRSA, "rb"); AssertNotNull(fp); *intCARootSz = (word32)XFREAD(intCARoot, 1, *intCARootSz, fp); XFCLOSE(fp); AssertIntGT(*intCARootSz, 0); fp = XFOPEN(intCA1RSA, "rb"); AssertNotNull(fp); *intCA1Sz = (word32)XFREAD(intCA1, 1, *intCA1Sz, fp); XFCLOSE(fp); AssertIntGT(*intCA1Sz, 0); fp = XFOPEN(intCA2RSA, "rb"); AssertNotNull(fp); *intCA2Sz = (word32)XFREAD(intCA2, 1, *intCA2Sz, fp); XFCLOSE(fp); AssertIntGT(*intCA2Sz, 0); fp = XFOPEN(intServCertRSA, "rb"); AssertNotNull(fp); *certSz = (word32)XFREAD(cert, 1, *certSz, fp); XFCLOSE(fp); AssertIntGT(*certSz, 0); fp = XFOPEN(intServKeyRSA, "rb"); AssertNotNull(fp); *keySz = (word32)XFREAD(key, 1, *keySz, fp); XFCLOSE(fp); AssertIntGT(*keySz, 0); } else { #if defined(USE_CERT_BUFFERS_2048) *keySz = sizeof_client_key_der_2048; *certSz = sizeof_client_cert_der_2048; XMEMCPY(key, client_key_der_2048, *keySz); XMEMCPY(cert, client_cert_der_2048, *certSz); #elif defined(USE_CERT_BUFFERS_1024) *keySz = sizeof_client_key_der_1024; *certSz = sizeof_client_cert_der_1024; XMEMCPY(key, client_key_der_1024, *keySz); XMEMCPY(cert, client_cert_der_1024, *certSz); #else fp = XFOPEN(cli1024Key, "rb"); AssertNotNull(fp); *keySz = (word32)XFREAD(key, 1, *keySz, fp); XFCLOSE(fp); AssertIntGT(*keySz, 0); fp = XFOPEN(cli1024Cert, "rb"); AssertNotNull(fp); *certSz = (word32)XFREAD(cert, 1, *certSz, fp); XFCLOSE(fp); AssertIntGT(*certSz, 0); #endif /* USE_CERT_BUFFERS_2048 */ } break; #endif /* !NO_RSA */ #ifdef HAVE_ECC case ECC_TYPE: if (useIntermediateCertChain == 1) { fp = XFOPEN(intCARootECC, "rb"); AssertNotNull(fp); *intCARootSz = (word32)XFREAD(intCARoot, 1, *intCARootSz, fp); XFCLOSE(fp); AssertIntGT(*intCARootSz, 0); fp = XFOPEN(intCA1ECC, "rb"); AssertNotNull(fp); *intCA1Sz = (word32)XFREAD(intCA1, 1, *intCA1Sz, fp); XFCLOSE(fp); AssertIntGT(*intCA1Sz, 0); fp = XFOPEN(intCA2ECC, "rb"); AssertNotNull(fp); *intCA2Sz = (word32)XFREAD(intCA2, 1, *intCA2Sz, fp); XFCLOSE(fp); AssertIntGT(*intCA2Sz, 0); fp = XFOPEN(intServCertECC, "rb"); AssertNotNull(fp); *certSz = (word32)XFREAD(cert, 1, *certSz, fp); XFCLOSE(fp); AssertIntGT(*certSz, 0); fp = XFOPEN(intServKeyECC, "rb"); AssertNotNull(fp); *keySz = (word32)XFREAD(key, 1, *keySz, fp); XFCLOSE(fp); AssertIntGT(*keySz, 0); } else { #if defined(USE_CERT_BUFFERS_256) *keySz = sizeof_ecc_clikey_der_256; *certSz = sizeof_cliecc_cert_der_256; XMEMCPY(key, ecc_clikey_der_256, *keySz); XMEMCPY(cert, cliecc_cert_der_256, *certSz); #else fp = XFOPEN(cliEccKey, "rb"); AssertNotNull(fp); *keySz = (word32)XFREAD(key, 1, *keySz, fp); XFCLOSE(fp); AssertIntGT(*keySz, 0); fp = XFOPEN(cliEccCert, "rb"); AssertNotNull(fp); *certSz = (word32)XFREAD(cert, 1, *certSz, fp); XFCLOSE(fp); AssertIntGT(*certSz, 0); #endif /* USE_CERT_BUFFERS_256 */ } break; #endif /* HAVE_ECC */ default: WOLFSSL_MSG("Unsupported SignedData PK type"); ret = BAD_FUNC_ARG; break; } return ret; } /** * Creates a PKCS7/CMS SignedData bundle to use for testing. * * output output buffer to place SignedData * outputSz size of output buffer * data data buffer to be signed * dataSz size of data buffer * withAttribs [1/0] include attributes in SignedData message * detachedSig [1/0] create detached signature, no content * useIntCertChain [1/0] use certificate chain and include intermediate and * root CAs in bundle * pkAlgoType RSA_TYPE or ECC_TYPE, choose what key/cert type to use * * Return size of bundle created on success, negative on error */ static int CreatePKCS7SignedData(unsigned char* output, int outputSz, byte* data, word32 dataSz, int withAttribs, int detachedSig, int useIntermediateCertChain, int pkAlgoType) { int ret = 0; WC_RNG rng; PKCS7* pkcs7 = NULL; static byte messageTypeOid[] = { 0x06, 0x0a, 0x60, 0x86, 0x48, 0x01, 0x86, 0xF8, 0x45, 0x01, 0x09, 0x02 }; static byte messageType[] = { 0x13, 2, '1', '9' }; PKCS7Attrib attribs[] = { { messageTypeOid, sizeof(messageTypeOid), messageType, sizeof(messageType) } }; byte intCARoot[TWOK_BUF]; byte intCA1[TWOK_BUF]; byte intCA2[TWOK_BUF]; byte cert[TWOK_BUF]; byte key[TWOK_BUF]; word32 intCARootSz = sizeof(intCARoot); word32 intCA1Sz = sizeof(intCA1); word32 intCA2Sz = sizeof(intCA2); word32 certSz = sizeof(cert); word32 keySz = sizeof(key); XMEMSET(intCARoot, 0, intCARootSz); XMEMSET(intCA1, 0, intCA1Sz); XMEMSET(intCA2, 0, intCA2Sz); XMEMSET(cert, 0, certSz); XMEMSET(key, 0, keySz); ret = LoadPKCS7SignedDataCerts(useIntermediateCertChain, pkAlgoType, intCARoot, &intCARootSz, intCA1, &intCA1Sz, intCA2, &intCA2Sz, cert, &certSz, key, &keySz); AssertIntEQ(ret, 0); XMEMSET(output, 0, outputSz); AssertIntEQ(wc_InitRng(&rng), 0); AssertNotNull(pkcs7 = wc_PKCS7_New(HEAP_HINT, testDevId)); AssertIntEQ(wc_PKCS7_Init(pkcs7, HEAP_HINT, INVALID_DEVID), 0); AssertIntEQ(wc_PKCS7_InitWithCert(pkcs7, cert, certSz), 0); if (useIntermediateCertChain == 1) { /* Add intermediate and root CA certs into SignedData Certs SET */ AssertIntEQ(wc_PKCS7_AddCertificate(pkcs7, intCA2, intCA2Sz), 0); AssertIntEQ(wc_PKCS7_AddCertificate(pkcs7, intCA1, intCA1Sz), 0); AssertIntEQ(wc_PKCS7_AddCertificate(pkcs7, intCARoot, intCARootSz), 0); } pkcs7->content = data; pkcs7->contentSz = dataSz; pkcs7->privateKey = key; pkcs7->privateKeySz = (word32)sizeof(key); if (pkAlgoType == RSA_TYPE) { pkcs7->encryptOID = RSAk; } else { pkcs7->encryptOID = ECDSAk; } #ifdef NO_SHA pkcs7->hashOID = SHA256h; #else pkcs7->hashOID = SHAh; #endif pkcs7->rng = &rng; if (withAttribs) { /* include a signed attribute */ pkcs7->signedAttribs = attribs; pkcs7->signedAttribsSz = (sizeof(attribs)/sizeof(PKCS7Attrib)); } if (detachedSig) { AssertIntEQ(wc_PKCS7_SetDetached(pkcs7, 1), 0); } outputSz = wc_PKCS7_EncodeSignedData(pkcs7, output, outputSz); AssertIntGT(outputSz, 0); wc_PKCS7_Free(pkcs7); AssertNotNull(pkcs7 = wc_PKCS7_New(HEAP_HINT, testDevId)); AssertIntEQ(wc_PKCS7_InitWithCert(pkcs7, NULL, 0), 0); if (detachedSig) { pkcs7->content = data; pkcs7->contentSz = dataSz; } AssertIntEQ(wc_PKCS7_VerifySignedData(pkcs7, output, outputSz), 0); wc_PKCS7_Free(pkcs7); wc_FreeRng(&rng); return outputSz; } #endif /* * Testing wc_PKCS_VerifySignedData() */ static int test_wc_PKCS7_VerifySignedData(void) { int res = TEST_SKIPPED; #if defined(HAVE_PKCS7) && !defined(NO_FILESYSTEM) PKCS7* pkcs7; byte output[6000]; /* Large size needed for bundles with int CA certs */ word32 outputSz = sizeof(output); byte data[] = "Test data to encode."; byte badOut[1]; word32 badOutSz = 0; byte badContent[] = "This is different content than was signed"; int ret; wc_HashAlg hash; #ifdef NO_SHA enum wc_HashType hashType = WC_HASH_TYPE_SHA256; #else enum wc_HashType hashType = WC_HASH_TYPE_SHA; #endif byte hashBuf[WC_MAX_DIGEST_SIZE]; word32 hashSz = wc_HashGetDigestSize(hashType); #ifndef NO_RSA PKCS7DecodedAttrib* decodedAttrib = NULL; /* contentType OID (1.2.840.113549.1.9.3) */ static const byte contentTypeOid[] = { 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xF7, 0x0d, 0x01, 0x09, 0x03 }; /* PKCS#7 DATA content type (contentType defaults to DATA) */ static const byte dataType[] = { 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x07, 0x01 }; /* messageDigest OID (1.2.840.113549.1.9.4) */ static const byte messageDigestOid[] = { 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x09, 0x04 }; #ifndef NO_ASN_TIME /* signingTime OID () */ static const byte signingTimeOid[] = { 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x09, 0x05}; #endif #if !defined(NO_ASN) && !defined(NO_ASN_TIME) int dateLength = 0; byte dateFormat; const byte* datePart = NULL; struct tm timearg; time_t now; struct tm* nowTm = NULL; #ifdef NEED_TMP_TIME struct tm tmpTimeStorage; struct tm* tmpTime = &tmpTimeStorage; #endif #endif /* !NO_ASN && !NO_ASN_TIME */ /* Success test with RSA certs/key */ AssertIntGT((outputSz = CreatePKCS7SignedData(output, outputSz, data, (word32)sizeof(data), 0, 0, 0, RSA_TYPE)), 0); /* calculate hash for content, used later */ ret = wc_HashInit(&hash, hashType); if (ret == 0) { ret = wc_HashUpdate(&hash, hashType, data, sizeof(data)); if (ret == 0) { ret = wc_HashFinal(&hash, hashType, hashBuf); } wc_HashFree(&hash, hashType); } AssertIntEQ(ret, 0); AssertNotNull(pkcs7 = wc_PKCS7_New(HEAP_HINT, testDevId)); AssertIntEQ(wc_PKCS7_Init(pkcs7, HEAP_HINT, INVALID_DEVID), 0); AssertIntEQ(wc_PKCS7_InitWithCert(pkcs7, NULL, 0), 0); AssertIntEQ(wc_PKCS7_VerifySignedData(pkcs7, output, outputSz), 0); /* Check that decoded signed attributes are correct */ /* messageDigest should be first */ decodedAttrib = pkcs7->decodedAttrib; AssertNotNull(decodedAttrib); AssertIntEQ(decodedAttrib->oidSz, (word32)sizeof(messageDigestOid)); AssertIntEQ(XMEMCMP(decodedAttrib->oid, messageDigestOid, decodedAttrib->oidSz), 0); /* + 2 for OCTET STRING and length bytes */ AssertIntEQ(decodedAttrib->valueSz, hashSz + 2); AssertNotNull(decodedAttrib->value); AssertIntEQ(XMEMCMP(decodedAttrib->value + 2, hashBuf, hashSz), 0); #ifndef NO_ASN_TIME /* signingTime should be second */ decodedAttrib = decodedAttrib->next; AssertNotNull(decodedAttrib); AssertIntEQ(decodedAttrib->oidSz, (word32)sizeof(signingTimeOid)); AssertIntEQ(XMEMCMP(decodedAttrib->oid, signingTimeOid, decodedAttrib->oidSz), 0); AssertIntGT(decodedAttrib->valueSz, 0); AssertNotNull(decodedAttrib->value); #endif /* Verify signingTime if ASN and time are available */ #if !defined(NO_ASN) && !defined(NO_ASN_TIME) AssertIntEQ(wc_GetDateInfo(decodedAttrib->value, decodedAttrib->valueSz, &datePart, &dateFormat, &dateLength), 0); AssertNotNull(datePart); AssertIntGT(dateLength, 0); XMEMSET(&timearg, 0, sizeof(timearg)); AssertIntEQ(wc_GetDateAsCalendarTime(datePart, dateLength, dateFormat, &timearg), 0); /* Get current time and compare year/month/day against attribute value */ AssertIntEQ(wc_GetTime(&now, sizeof(now)), 0); nowTm = (struct tm*)XGMTIME((time_t*)&now, tmpTime); AssertNotNull(nowTm); AssertIntEQ(timearg.tm_year, nowTm->tm_year); AssertIntEQ(timearg.tm_mon, nowTm->tm_mon); AssertIntEQ(timearg.tm_mday, nowTm->tm_mday); #endif /* !NO_ASN && !NO_ASN_TIME */ /* contentType should be third */ decodedAttrib = decodedAttrib->next; AssertNotNull(decodedAttrib); AssertIntEQ(decodedAttrib->oidSz, (word32)sizeof(contentTypeOid)); AssertIntEQ(XMEMCMP(decodedAttrib->oid, contentTypeOid, decodedAttrib->oidSz), 0); AssertIntEQ(decodedAttrib->valueSz, (int)sizeof(dataType) + 2); AssertNotNull(decodedAttrib->value); AssertIntEQ(XMEMCMP(decodedAttrib->value + 2, dataType, sizeof(dataType)), 0); #endif /* !NO_RSA */ #ifdef HAVE_ECC #ifndef NO_RSA wc_PKCS7_Free(pkcs7); #endif /* Success test with ECC certs/key */ outputSz = sizeof(output); XMEMSET(output, 0, outputSz); AssertIntGT((outputSz = CreatePKCS7SignedData(output, outputSz, data, (word32)sizeof(data), 0, 0, 0, ECC_TYPE)), 0); AssertNotNull(pkcs7 = wc_PKCS7_New(HEAP_HINT, testDevId)); AssertIntEQ(wc_PKCS7_Init(pkcs7, HEAP_HINT, INVALID_DEVID), 0); AssertIntEQ(wc_PKCS7_InitWithCert(pkcs7, NULL, 0), 0); AssertIntEQ(wc_PKCS7_VerifySignedData(pkcs7, output, outputSz), 0); #endif /* HAVE_ECC */ /* Test bad args. */ #if !defined(NO_RSA) || defined(HAVE_ECC) AssertIntEQ(wc_PKCS7_VerifySignedData(NULL, output, outputSz), BAD_FUNC_ARG); AssertIntEQ(wc_PKCS7_VerifySignedData(pkcs7, NULL, outputSz), BAD_FUNC_ARG); #ifndef NO_PKCS7_STREAM /* can pass in 0 buffer length with streaming API */ AssertIntEQ(wc_PKCS7_VerifySignedData(pkcs7, badOut, badOutSz), WC_PKCS7_WANT_READ_E); #else AssertIntEQ(wc_PKCS7_VerifySignedData(pkcs7, badOut, badOutSz), BAD_FUNC_ARG); #endif wc_PKCS7_Free(pkcs7); #endif /* !NO_RSA || HAVE_ECC */ /* Invalid content should error, use detached signature so we can * easily change content */ #ifndef NO_RSA /* Try RSA certs/key/sig first */ outputSz = sizeof(output); XMEMSET(output, 0, outputSz); AssertIntGT((outputSz = CreatePKCS7SignedData(output, outputSz, data, (word32)sizeof(data), 1, 1, 0, RSA_TYPE)), 0); AssertNotNull(pkcs7 = wc_PKCS7_New(HEAP_HINT, testDevId)); AssertIntEQ(wc_PKCS7_InitWithCert(pkcs7, NULL, 0), 0); pkcs7->content = badContent; pkcs7->contentSz = sizeof(badContent); AssertIntEQ(wc_PKCS7_VerifySignedData(pkcs7, output, outputSz), SIG_VERIFY_E); wc_PKCS7_Free(pkcs7); /* Test success case with detached signature and valid content */ AssertNotNull(pkcs7 = wc_PKCS7_New(HEAP_HINT, testDevId)); AssertIntEQ(wc_PKCS7_InitWithCert(pkcs7, NULL, 0), 0); pkcs7->content = data; pkcs7->contentSz = sizeof(data); AssertIntEQ(wc_PKCS7_VerifySignedData(pkcs7, output, outputSz), 0); wc_PKCS7_Free(pkcs7); /* verify using pre-computed content digest only (no content) */ { AssertNotNull(pkcs7 = wc_PKCS7_New(HEAP_HINT, testDevId)); AssertIntEQ(wc_PKCS7_Init(pkcs7, NULL, 0), 0); AssertIntEQ(wc_PKCS7_VerifySignedData_ex(pkcs7, hashBuf, hashSz, output, outputSz, NULL, 0), 0); wc_PKCS7_Free(pkcs7); } #endif /* !NO_RSA */ #ifdef HAVE_ECC /* Try ECC certs/key/sig next */ outputSz = sizeof(output); XMEMSET(output, 0, outputSz); AssertIntGT((outputSz = CreatePKCS7SignedData(output, outputSz, data, (word32)sizeof(data), 1, 1, 0, ECC_TYPE)), 0); AssertNotNull(pkcs7 = wc_PKCS7_New(HEAP_HINT, testDevId)); AssertIntEQ(wc_PKCS7_InitWithCert(pkcs7, NULL, 0), 0); pkcs7->content = badContent; pkcs7->contentSz = sizeof(badContent); AssertIntEQ(wc_PKCS7_VerifySignedData(pkcs7, output, outputSz), SIG_VERIFY_E); wc_PKCS7_Free(pkcs7); /* Test success case with detached signature and valid content */ AssertNotNull(pkcs7 = wc_PKCS7_New(HEAP_HINT, testDevId)); AssertIntEQ(wc_PKCS7_InitWithCert(pkcs7, NULL, 0), 0); pkcs7->content = data; pkcs7->contentSz = sizeof(data); AssertIntEQ(wc_PKCS7_VerifySignedData(pkcs7, output, outputSz), 0); wc_PKCS7_Free(pkcs7); /* verify using pre-computed content digest only (no content) */ { /* calculate hash for content */ ret = wc_HashInit(&hash, hashType); if (ret == 0) { ret = wc_HashUpdate(&hash, hashType, data, sizeof(data)); if (ret == 0) { ret = wc_HashFinal(&hash, hashType, hashBuf); } wc_HashFree(&hash, hashType); } AssertIntEQ(ret, 0); AssertNotNull(pkcs7 = wc_PKCS7_New(HEAP_HINT, testDevId)); AssertIntEQ(wc_PKCS7_Init(pkcs7, NULL, 0), 0); AssertIntEQ(wc_PKCS7_VerifySignedData_ex(pkcs7, hashBuf, hashSz, output, outputSz, NULL, 0), 0); wc_PKCS7_Free(pkcs7); } #endif /* Test verify on signedData containing intermediate/root CA certs */ #ifndef NO_RSA outputSz = sizeof(output); XMEMSET(output, 0, outputSz); AssertIntGT((outputSz = CreatePKCS7SignedData(output, outputSz, data, (word32)sizeof(data), 0, 0, 1, RSA_TYPE)), 0); AssertNotNull(pkcs7 = wc_PKCS7_New(HEAP_HINT, testDevId)); AssertIntEQ(wc_PKCS7_InitWithCert(pkcs7, NULL, 0), 0); AssertIntEQ(wc_PKCS7_VerifySignedData(pkcs7, output, outputSz), 0); wc_PKCS7_Free(pkcs7); #endif /* !NO_RSA */ #ifdef HAVE_ECC outputSz = sizeof(output); XMEMSET(output, 0, outputSz); AssertIntGT((outputSz = CreatePKCS7SignedData(output, outputSz, data, (word32)sizeof(data), 0, 0, 1, ECC_TYPE)), 0); AssertNotNull(pkcs7 = wc_PKCS7_New(HEAP_HINT, testDevId)); AssertIntEQ(wc_PKCS7_InitWithCert(pkcs7, NULL, 0), 0); AssertIntEQ(wc_PKCS7_VerifySignedData(pkcs7, output, outputSz), 0); wc_PKCS7_Free(pkcs7); #endif /* HAVE_ECC */ res = TEST_RES_CHECK(1); #endif return res; } /* END test_wc_PKCS7_VerifySignedData() */ #if defined(HAVE_PKCS7) && !defined(NO_AES) && defined(HAVE_AES_CBC) && \ !defined(NO_AES_256) static const byte defKey[] = { 0x01,0x02,0x03,0x04,0x05,0x06,0x07,0x08, 0x01,0x02,0x03,0x04,0x05,0x06,0x07,0x08, 0x01,0x02,0x03,0x04,0x05,0x06,0x07,0x08, 0x01,0x02,0x03,0x04,0x05,0x06,0x07,0x08 }; static byte aesHandle[32]; /* simulated hardware key handle */ /* return 0 on success */ static int myDecryptionFunc(PKCS7* pkcs7, int encryptOID, byte* iv, int ivSz, byte* aad, word32 aadSz, byte* authTag, word32 authTagSz, byte* in, int inSz, byte* out, void* usrCtx) { int ret; Aes aes; if (usrCtx == NULL) { /* no simulated handle passed in */ return -1; } switch (encryptOID) { case AES256CBCb: if (ivSz != AES_BLOCK_SIZE) return BAD_FUNC_ARG; break; default: WOLFSSL_MSG("Unsupported content cipher type for test"); return ALGO_ID_E; }; /* simulate using handle to get key */ ret = wc_AesInit(&aes, HEAP_HINT, INVALID_DEVID); if (ret == 0) { ret = wc_AesSetKey(&aes, (byte*)usrCtx, 32, iv, AES_DECRYPTION); if (ret == 0) ret = wc_AesCbcDecrypt(&aes, out, in, inSz); wc_AesFree(&aes); } (void)aad; (void)aadSz; (void)authTag; (void)authTagSz; (void)pkcs7; return ret; } /* returns key size on success */ static int myCEKwrapFunc(PKCS7* pkcs7, byte* cek, word32 cekSz, byte* keyId, word32 keyIdSz, byte* orginKey, word32 orginKeySz, byte* out, word32 outSz, int keyWrapAlgo, int type, int direction) { int ret = -1; if (out == NULL) return BAD_FUNC_ARG; if (keyId[0] != 0x00) { return -1; } if (type != (int)PKCS7_KEKRI) { return -1; } switch (keyWrapAlgo) { case AES256_WRAP: /* simulate setting a handle for later decryption but use key * as handle in the test case here */ ret = wc_AesKeyUnWrap(defKey, sizeof(defKey), cek, cekSz, aesHandle, sizeof(aesHandle), NULL); if (ret < 0) return ret; ret = wc_PKCS7_SetDecodeEncryptedCtx(pkcs7, (void*)aesHandle); if (ret < 0) return ret; /* return key size on success */ return sizeof(defKey); default: WOLFSSL_MSG("Unsupported key wrap algorithm in example"); return BAD_KEYWRAP_ALG_E; }; (void)cekSz; (void)cek; (void)outSz; (void)keyIdSz; (void)direction; (void)orginKey; /* used with KAKRI */ (void)orginKeySz; return ret; } #endif /* HAVE_PKCS7 && !NO_AES && HAVE_AES_CBC && !NO_AES_256 */ /* * Testing wc_PKCS7_EncodeEnvelopedData() */ static int test_wc_PKCS7_EncodeDecodeEnvelopedData(void) { int res = TEST_SKIPPED; #if defined(HAVE_PKCS7) PKCS7* pkcs7; #ifdef ECC_TIMING_RESISTANT WC_RNG rng; #endif word32 tempWrd32 = 0; byte* tmpBytePtr = NULL; const char input[] = "Test data to encode."; int i; int testSz = 0; #if !defined(NO_RSA) && (!defined(NO_AES) || (!defined(NO_SHA) || \ !defined(NO_SHA256) || defined(WOLFSSL_SHA512))) byte* rsaCert = NULL; byte* rsaPrivKey = NULL; word32 rsaCertSz; word32 rsaPrivKeySz; #if !defined(NO_FILESYSTEM) && (!defined(USE_CERT_BUFFERS_1024) && \ !defined(USE_CERT_BUFFERS_2048) ) static const char* rsaClientCert = "./certs/client-cert.der"; static const char* rsaClientKey = "./certs/client-key.der"; rsaCertSz = (word32)sizeof(rsaClientCert); rsaPrivKeySz = (word32)sizeof(rsaClientKey); #endif #endif #if defined(HAVE_ECC) && (!defined(NO_AES) || (!defined(NO_SHA) ||\ !defined(NO_SHA256) || defined(WOLFSSL_SHA512))) byte* eccCert = NULL; byte* eccPrivKey = NULL; word32 eccCertSz; word32 eccPrivKeySz; #if !defined(NO_FILESYSTEM) && !defined(USE_CERT_BUFFERS_256) static const char* eccClientCert = "./certs/client-ecc-cert.der"; static const char* eccClientKey = "./certs/ecc-client-key.der"; #endif #endif /* Generic buffer size. */ byte output[ONEK_BUF]; byte decoded[sizeof(input)/sizeof(char)]; int decodedSz = 0; #ifndef NO_FILESYSTEM XFILE certFile; XFILE keyFile; #endif #if !defined(NO_RSA) && (!defined(NO_AES) || (!defined(NO_SHA) ||\ !defined(NO_SHA256) || defined(WOLFSSL_SHA512))) /* RSA certs and keys. */ #if defined(USE_CERT_BUFFERS_1024) rsaCertSz = (word32)sizeof_client_cert_der_1024; /* Allocate buffer space. */ AssertNotNull(rsaCert = (byte*)XMALLOC(rsaCertSz, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER)); /* Init buffer. */ XMEMCPY(rsaCert, client_cert_der_1024, rsaCertSz); rsaPrivKeySz = (word32)sizeof_client_key_der_1024; AssertNotNull(rsaPrivKey = (byte*)XMALLOC(rsaPrivKeySz, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER)); XMEMCPY(rsaPrivKey, client_key_der_1024, rsaPrivKeySz); #elif defined(USE_CERT_BUFFERS_2048) rsaCertSz = (word32)sizeof_client_cert_der_2048; /* Allocate buffer */ AssertNotNull(rsaCert = (byte*)XMALLOC(rsaCertSz, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER)); /* Init buffer. */ XMEMCPY(rsaCert, client_cert_der_2048, rsaCertSz); rsaPrivKeySz = (word32)sizeof_client_key_der_2048; AssertNotNull(rsaPrivKey = (byte*)XMALLOC(rsaPrivKeySz, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER)); XMEMCPY(rsaPrivKey, client_key_der_2048, rsaPrivKeySz); #else /* File system. */ certFile = XFOPEN(rsaClientCert, "rb"); AssertTrue(certFile != XBADFILE); rsaCertSz = (word32)FOURK_BUF; AssertNotNull(rsaCert = (byte*)XMALLOC(FOURK_BUF, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER)); rsaCertSz = (word32)XFREAD(rsaCert, 1, rsaCertSz, certFile); XFCLOSE(certFile); keyFile = XFOPEN(rsaClientKey, "rb"); AssertTrue(keyFile != XBADFILE); AssertNotNull(rsaPrivKey = (byte*)XMALLOC(FOURK_BUF, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER)); rsaPrivKeySz = (word32)FOURK_BUF; rsaPrivKeySz = (word32)XFREAD(rsaPrivKey, 1, rsaPrivKeySz, keyFile); XFCLOSE(keyFile); #endif /* USE_CERT_BUFFERS */ #endif /* NO_RSA */ /* ECC */ #if defined(HAVE_ECC) && (!defined(NO_AES) || (!defined(NO_SHA) ||\ !defined(NO_SHA256) || defined(WOLFSSL_SHA512))) #ifdef USE_CERT_BUFFERS_256 AssertNotNull(eccCert = (byte*)XMALLOC(TWOK_BUF, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER)); /* Init buffer. */ eccCertSz = (word32)sizeof_cliecc_cert_der_256; XMEMCPY(eccCert, cliecc_cert_der_256, eccCertSz); AssertNotNull(eccPrivKey = (byte*)XMALLOC(TWOK_BUF, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER)); eccPrivKeySz = (word32)sizeof_ecc_clikey_der_256; XMEMCPY(eccPrivKey, ecc_clikey_der_256, eccPrivKeySz); #else /* File system. */ certFile = XFOPEN(eccClientCert, "rb"); AssertTrue(certFile != XBADFILE); eccCertSz = (word32)FOURK_BUF; AssertNotNull(eccCert = (byte*)XMALLOC(FOURK_BUF, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER)); eccCertSz = (word32)XFREAD(eccCert, 1, eccCertSz, certFile); XFCLOSE(certFile); keyFile = XFOPEN(eccClientKey, "rb"); AssertTrue(keyFile != XBADFILE); eccPrivKeySz = (word32)FOURK_BUF; AssertNotNull(eccPrivKey = (byte*)XMALLOC(FOURK_BUF, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER)); eccPrivKeySz = (word32)XFREAD(eccPrivKey, 1, eccPrivKeySz, keyFile); XFCLOSE(keyFile); #endif /* USE_CERT_BUFFERS_256 */ #endif /* END HAVE_ECC */ #ifndef NO_FILESYSTEM /* Silence. */ (void)keyFile; (void)certFile; #endif { const pkcs7EnvelopedVector testVectors[] = { /* DATA is a global variable defined in the makefile. */ #if !defined(NO_RSA) #ifndef NO_DES3 {(byte*)input, (word32)(sizeof(input)/sizeof(char)), DATA, DES3b, 0, 0, rsaCert, rsaCertSz, rsaPrivKey, rsaPrivKeySz}, #endif /* NO_DES3 */ #if !defined(NO_AES) && defined(HAVE_AES_CBC) #ifndef NO_AES_128 {(byte*)input, (word32)(sizeof(input)/sizeof(char)), DATA, AES128CBCb, 0, 0, rsaCert, rsaCertSz, rsaPrivKey, rsaPrivKeySz}, #endif #ifndef NO_AES_192 {(byte*)input, (word32)(sizeof(input)/sizeof(char)), DATA, AES192CBCb, 0, 0, rsaCert, rsaCertSz, rsaPrivKey, rsaPrivKeySz}, #endif #ifndef NO_AES_256 {(byte*)input, (word32)(sizeof(input)/sizeof(char)), DATA, AES256CBCb, 0, 0, rsaCert, rsaCertSz, rsaPrivKey, rsaPrivKeySz}, #endif #endif /* NO_AES && HAVE_AES_CBC */ #endif /* NO_RSA */ #if defined(HAVE_ECC) #if !defined(NO_AES) && defined(HAVE_AES_CBC) #if !defined(NO_SHA) && !defined(NO_AES_128) {(byte*)input, (word32)(sizeof(input)/sizeof(char)), DATA, AES128CBCb, AES128_WRAP, dhSinglePass_stdDH_sha1kdf_scheme, eccCert, eccCertSz, eccPrivKey, eccPrivKeySz}, #endif #if !defined(NO_SHA256) && !defined(NO_AES_256) {(byte*)input, (word32)(sizeof(input)/sizeof(char)), DATA, AES256CBCb, AES256_WRAP, dhSinglePass_stdDH_sha256kdf_scheme, eccCert, eccCertSz, eccPrivKey, eccPrivKeySz}, #endif #if defined(WOLFSSL_SHA512) && !defined(NO_AES_256) {(byte*)input, (word32)(sizeof(input)/sizeof(char)), DATA, AES256CBCb, AES256_WRAP, dhSinglePass_stdDH_sha512kdf_scheme, eccCert, eccCertSz, eccPrivKey, eccPrivKeySz}, #endif #endif /* NO_AES && HAVE_AES_CBC*/ #endif /* END HAVE_ECC */ }; /* END pkcs7EnvelopedVector */ #ifdef ECC_TIMING_RESISTANT AssertIntEQ(wc_InitRng(&rng), 0); #endif AssertNotNull(pkcs7 = wc_PKCS7_New(HEAP_HINT, testDevId)); AssertIntEQ(wc_PKCS7_Init(pkcs7, HEAP_HINT, testDevId), 0); testSz = (int)sizeof(testVectors)/(int)sizeof(pkcs7EnvelopedVector); for (i = 0; i < testSz; i++) { AssertIntEQ(wc_PKCS7_InitWithCert(pkcs7, (testVectors + i)->cert, (word32)(testVectors + i)->certSz), 0); #ifdef ECC_TIMING_RESISTANT pkcs7->rng = &rng; #endif pkcs7->content = (byte*)(testVectors + i)->content; pkcs7->contentSz = (testVectors + i)->contentSz; pkcs7->contentOID = (testVectors + i)->contentOID; pkcs7->encryptOID = (testVectors + i)->encryptOID; pkcs7->keyWrapOID = (testVectors + i)->keyWrapOID; pkcs7->keyAgreeOID = (testVectors + i)->keyAgreeOID; pkcs7->privateKey = (testVectors + i)->privateKey; pkcs7->privateKeySz = (testVectors + i)->privateKeySz; AssertIntGE(wc_PKCS7_EncodeEnvelopedData(pkcs7, output, (word32)sizeof(output)), 0); decodedSz = wc_PKCS7_DecodeEnvelopedData(pkcs7, output, (word32)sizeof(output), decoded, (word32)sizeof(decoded)); AssertIntGE(decodedSz, 0); /* Verify the size of each buffer. */ AssertIntEQ((word32)sizeof(input)/sizeof(char), decodedSz); /* Don't free the last time through the loop. */ if (i < testSz - 1) { wc_PKCS7_Free(pkcs7); AssertNotNull(pkcs7 = wc_PKCS7_New(HEAP_HINT, testDevId)); } } /* END test loop. */ } /* Test bad args. */ AssertIntEQ(wc_PKCS7_EncodeEnvelopedData(NULL, output, (word32)sizeof(output)), BAD_FUNC_ARG); AssertIntEQ(wc_PKCS7_EncodeEnvelopedData(pkcs7, NULL, (word32)sizeof(output)), BAD_FUNC_ARG); AssertIntEQ(wc_PKCS7_EncodeEnvelopedData(pkcs7, output, 0), BAD_FUNC_ARG); /* Decode. */ AssertIntEQ(wc_PKCS7_DecodeEnvelopedData(NULL, output, (word32)sizeof(output), decoded, (word32)sizeof(decoded)), BAD_FUNC_ARG); AssertIntEQ(wc_PKCS7_DecodeEnvelopedData(pkcs7, output, (word32)sizeof(output), NULL, (word32)sizeof(decoded)), BAD_FUNC_ARG); AssertIntEQ(wc_PKCS7_DecodeEnvelopedData(pkcs7, output, (word32)sizeof(output), decoded, 0), BAD_FUNC_ARG); AssertIntEQ(wc_PKCS7_DecodeEnvelopedData(pkcs7, NULL, (word32)sizeof(output), decoded, (word32)sizeof(decoded)), BAD_FUNC_ARG); AssertIntEQ(wc_PKCS7_DecodeEnvelopedData(pkcs7, output, 0, decoded, (word32)sizeof(decoded)), BAD_FUNC_ARG); /* Should get a return of BAD_FUNC_ARG with structure data. Order matters.*/ #if defined(HAVE_ECC) && !defined(NO_AES) && defined(HAVE_AES_CBC) /* only a failure for KARI test cases */ tempWrd32 = pkcs7->singleCertSz; pkcs7->singleCertSz = 0; AssertIntEQ(wc_PKCS7_DecodeEnvelopedData(pkcs7, output, (word32)sizeof(output), decoded, (word32)sizeof(decoded)), BAD_FUNC_ARG); pkcs7->singleCertSz = tempWrd32; tmpBytePtr = pkcs7->singleCert; pkcs7->singleCert = NULL; AssertIntEQ(wc_PKCS7_DecodeEnvelopedData(pkcs7, output, (word32)sizeof(output), decoded, (word32)sizeof(decoded)), BAD_FUNC_ARG); pkcs7->singleCert = tmpBytePtr; #endif tempWrd32 = pkcs7->privateKeySz; pkcs7->privateKeySz = 0; AssertIntEQ(wc_PKCS7_DecodeEnvelopedData(pkcs7, output, (word32)sizeof(output), decoded, (word32)sizeof(decoded)), BAD_FUNC_ARG); pkcs7->privateKeySz = tempWrd32; tmpBytePtr = pkcs7->privateKey; pkcs7->privateKey = NULL; AssertIntEQ(wc_PKCS7_DecodeEnvelopedData(pkcs7, output, (word32)sizeof(output), decoded, (word32)sizeof(decoded)), BAD_FUNC_ARG); pkcs7->privateKey = tmpBytePtr; wc_PKCS7_Free(pkcs7); #if !defined(NO_AES) && defined(HAVE_AES_CBC) && !defined(NO_AES_256) /* test of decrypt callback with KEKRI enveloped data */ { int envelopedSz; const byte keyId[] = { 0x00 }; AssertNotNull(pkcs7 = wc_PKCS7_New(HEAP_HINT, testDevId)); pkcs7->content = (byte*)input; pkcs7->contentSz = (word32)(sizeof(input)/sizeof(char)); pkcs7->contentOID = DATA; pkcs7->encryptOID = AES256CBCb; AssertIntGT(wc_PKCS7_AddRecipient_KEKRI(pkcs7, AES256_WRAP, (byte*)defKey, sizeof(defKey), (byte*)keyId, sizeof(keyId), NULL, NULL, 0, NULL, 0, 0), 0); AssertIntEQ(wc_PKCS7_SetSignerIdentifierType(pkcs7, CMS_SKID), 0); AssertIntGT((envelopedSz = wc_PKCS7_EncodeEnvelopedData(pkcs7, output, (word32)sizeof(output))), 0); wc_PKCS7_Free(pkcs7); /* decode envelopedData */ AssertNotNull(pkcs7 = wc_PKCS7_New(HEAP_HINT, testDevId)); AssertIntEQ(wc_PKCS7_SetWrapCEKCb(pkcs7, myCEKwrapFunc), 0); AssertIntEQ(wc_PKCS7_SetDecodeEncryptedCb(pkcs7, myDecryptionFunc), 0); AssertIntGT((decodedSz = wc_PKCS7_DecodeEnvelopedData(pkcs7, output, envelopedSz, decoded, sizeof(decoded))), 0); wc_PKCS7_Free(pkcs7); } #endif /* !NO_AES && !NO_AES_256 */ #ifndef NO_RSA if (rsaCert) { XFREE(rsaCert, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); } if (rsaPrivKey) { XFREE(rsaPrivKey, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); } #endif /*NO_RSA */ #ifdef HAVE_ECC if (eccCert) { XFREE(eccCert, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); } if (eccPrivKey) { XFREE(eccPrivKey, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); } #endif /* HAVE_ECC */ #ifdef ECC_TIMING_RESISTANT wc_FreeRng(&rng); #endif #if defined(USE_CERT_BUFFERS_2048) && !defined(NO_DES3) && \ !defined(NO_RSA) && !defined(NO_SHA) { byte out[7]; byte *cms; word32 cmsSz; XFILE cmsFile; XMEMSET(out, 0, sizeof(out)); AssertNotNull(pkcs7 = wc_PKCS7_New(HEAP_HINT, testDevId)); cmsFile = XFOPEN("./certs/test/ktri-keyid-cms.msg", "rb"); AssertTrue(cmsFile != XBADFILE); cmsSz = (word32)FOURK_BUF; AssertNotNull(cms = (byte*)XMALLOC(FOURK_BUF, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER)); cmsSz = (word32)XFREAD(cms, 1, cmsSz, cmsFile); XFCLOSE(cmsFile); AssertIntEQ(wc_PKCS7_InitWithCert(pkcs7, (byte*)client_cert_der_2048, sizeof_client_cert_der_2048), 0); pkcs7->privateKey = (byte*)client_key_der_2048; pkcs7->privateKeySz = sizeof_client_key_der_2048; AssertIntLT(wc_PKCS7_DecodeEnvelopedData(pkcs7, cms, cmsSz, out, 2), 0); AssertIntGT(wc_PKCS7_DecodeEnvelopedData(pkcs7, cms, cmsSz, out, sizeof(out)), 0); XFREE(cms, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); AssertIntEQ(XMEMCMP(out, "test", 4), 0); wc_PKCS7_Free(pkcs7); } #endif /* USE_CERT_BUFFERS_2048 && !NO_DES3 && !NO_RSA && !NO_SHA */ res = TEST_RES_CHECK(1); #endif /* HAVE_PKCS7 */ return res; } /* END test_wc_PKCS7_EncodeEnvelopedData() */ /* * Testing wc_PKCS7_EncodeEncryptedData() */ static int test_wc_PKCS7_EncodeEncryptedData(void) { int res = TEST_SKIPPED; #if defined(HAVE_PKCS7) && !defined(NO_PKCS7_ENCRYPTED_DATA) PKCS7* pkcs7 = NULL; byte* tmpBytePtr = NULL; byte encrypted[TWOK_BUF]; byte decoded[TWOK_BUF]; word32 tmpWrd32 = 0; int tmpInt = 0; int decodedSz; int encryptedSz; int testSz; int i; const byte data[] = { /* Hello World */ 0x48,0x65,0x6c,0x6c,0x6f,0x20,0x57,0x6f, 0x72,0x6c,0x64 }; #ifndef NO_DES3 byte desKey[] = { 0x01,0x23,0x45,0x67,0x89,0xab,0xcd,0xef }; byte des3Key[] = { 0x01,0x23,0x45,0x67,0x89,0xab,0xcd,0xef, 0xfe,0xde,0xba,0x98,0x76,0x54,0x32,0x10, 0x89,0xab,0xcd,0xef,0x01,0x23,0x45,0x67 }; #endif #if !defined(NO_AES) && defined(HAVE_AES_CBC) #ifndef NO_AES_128 byte aes128Key[] = { 0x01,0x02,0x03,0x04,0x05,0x06,0x07,0x08, 0x01,0x02,0x03,0x04,0x05,0x06,0x07,0x08 }; #endif #ifndef NO_AES_192 byte aes192Key[] = { 0x01,0x02,0x03,0x04,0x05,0x06,0x07,0x08, 0x01,0x02,0x03,0x04,0x05,0x06,0x07,0x08, 0x01,0x02,0x03,0x04,0x05,0x06,0x07,0x08 }; #endif #ifndef NO_AES_256 byte aes256Key[] = { 0x01,0x02,0x03,0x04,0x05,0x06,0x07,0x08, 0x01,0x02,0x03,0x04,0x05,0x06,0x07,0x08, 0x01,0x02,0x03,0x04,0x05,0x06,0x07,0x08, 0x01,0x02,0x03,0x04,0x05,0x06,0x07,0x08 }; #endif #endif /* !NO_AES && HAVE_AES_CBC */ const pkcs7EncryptedVector testVectors[] = { #ifndef NO_DES3 {data, (word32)sizeof(data), DATA, DES3b, des3Key, sizeof(des3Key)}, {data, (word32)sizeof(data), DATA, DESb, desKey, sizeof(desKey)}, #endif /* !NO_DES3 */ #if !defined(NO_AES) && defined(HAVE_AES_CBC) #ifndef NO_AES_128 {data, (word32)sizeof(data), DATA, AES128CBCb, aes128Key, sizeof(aes128Key)}, #endif #ifndef NO_AES_192 {data, (word32)sizeof(data), DATA, AES192CBCb, aes192Key, sizeof(aes192Key)}, #endif #ifndef NO_AES_256 {data, (word32)sizeof(data), DATA, AES256CBCb, aes256Key, sizeof(aes256Key)}, #endif #endif /* !NO_AES && HAVE_AES_CBC */ }; testSz = sizeof(testVectors) / sizeof(pkcs7EncryptedVector); for (i = 0; i < testSz; i++) { AssertNotNull(pkcs7 = wc_PKCS7_New(HEAP_HINT, testDevId)); AssertIntEQ(wc_PKCS7_Init(pkcs7, HEAP_HINT, testDevId), 0); pkcs7->content = (byte*)testVectors[i].content; pkcs7->contentSz = testVectors[i].contentSz; pkcs7->contentOID = testVectors[i].contentOID; pkcs7->encryptOID = testVectors[i].encryptOID; pkcs7->encryptionKey = testVectors[i].encryptionKey; pkcs7->encryptionKeySz = testVectors[i].encryptionKeySz; pkcs7->heap = HEAP_HINT; /* encode encryptedData */ encryptedSz = wc_PKCS7_EncodeEncryptedData(pkcs7, encrypted, sizeof(encrypted)); AssertIntGT(encryptedSz, 0); /* Decode encryptedData */ decodedSz = wc_PKCS7_DecodeEncryptedData(pkcs7, encrypted, encryptedSz, decoded, sizeof(decoded)); AssertIntEQ(XMEMCMP(decoded, data, decodedSz), 0); /* Keep values for last itr. */ if (i < testSz - 1) { wc_PKCS7_Free(pkcs7); } } if (pkcs7 == NULL || testSz == 0) { AssertNotNull(pkcs7 = wc_PKCS7_New(HEAP_HINT, testDevId)); AssertIntEQ(wc_PKCS7_Init(pkcs7, HEAP_HINT, testDevId), 0); } AssertIntEQ(wc_PKCS7_EncodeEncryptedData(NULL, encrypted, sizeof(encrypted)),BAD_FUNC_ARG); AssertIntEQ(wc_PKCS7_EncodeEncryptedData(pkcs7, NULL, sizeof(encrypted)), BAD_FUNC_ARG); AssertIntEQ(wc_PKCS7_EncodeEncryptedData(pkcs7, encrypted, 0), BAD_FUNC_ARG); /* Testing the struct. */ tmpBytePtr = pkcs7->content; pkcs7->content = NULL; AssertIntEQ(wc_PKCS7_EncodeEncryptedData(pkcs7, encrypted, sizeof(encrypted)), BAD_FUNC_ARG); pkcs7->content = tmpBytePtr; tmpWrd32 = pkcs7->contentSz; pkcs7->contentSz = 0; AssertIntEQ(wc_PKCS7_EncodeEncryptedData(pkcs7, encrypted, sizeof(encrypted)), BAD_FUNC_ARG); pkcs7->contentSz = tmpWrd32; tmpInt = pkcs7->encryptOID; pkcs7->encryptOID = 0; AssertIntEQ(wc_PKCS7_EncodeEncryptedData(pkcs7, encrypted, sizeof(encrypted)), BAD_FUNC_ARG); pkcs7->encryptOID = tmpInt; tmpBytePtr = pkcs7->encryptionKey; pkcs7->encryptionKey = NULL; AssertIntEQ(wc_PKCS7_EncodeEncryptedData(pkcs7, encrypted, sizeof(encrypted)), BAD_FUNC_ARG); pkcs7->encryptionKey = tmpBytePtr; tmpWrd32 = pkcs7->encryptionKeySz; pkcs7->encryptionKeySz = 0; AssertIntEQ(wc_PKCS7_EncodeEncryptedData(pkcs7, encrypted, sizeof(encrypted)), BAD_FUNC_ARG); pkcs7->encryptionKeySz = tmpWrd32; AssertIntEQ(wc_PKCS7_DecodeEncryptedData(NULL, encrypted, encryptedSz, decoded, sizeof(decoded)), BAD_FUNC_ARG); AssertIntEQ(wc_PKCS7_DecodeEncryptedData(pkcs7, NULL, encryptedSz, decoded, sizeof(decoded)), BAD_FUNC_ARG); AssertIntEQ(wc_PKCS7_DecodeEncryptedData(pkcs7, encrypted, 0, decoded, sizeof(decoded)), BAD_FUNC_ARG); AssertIntEQ(wc_PKCS7_DecodeEncryptedData(pkcs7, encrypted, encryptedSz, NULL, sizeof(decoded)), BAD_FUNC_ARG); AssertIntEQ(wc_PKCS7_DecodeEncryptedData(pkcs7, encrypted, encryptedSz, decoded, 0), BAD_FUNC_ARG); /* Test struct fields */ tmpBytePtr = pkcs7->encryptionKey; pkcs7->encryptionKey = NULL; AssertIntEQ(wc_PKCS7_DecodeEncryptedData(pkcs7, encrypted, encryptedSz, decoded, sizeof(decoded)), BAD_FUNC_ARG); pkcs7->encryptionKey = tmpBytePtr; pkcs7->encryptionKeySz = 0; AssertIntEQ(wc_PKCS7_DecodeEncryptedData(pkcs7, encrypted, encryptedSz, decoded, sizeof(decoded)), BAD_FUNC_ARG); wc_PKCS7_Free(pkcs7); res = TEST_RES_CHECK(1); #endif return res; } /* END test_wc_PKCS7_EncodeEncryptedData() */ /* * Testing wc_PKCS7_Degenerate() */ static int test_wc_PKCS7_Degenerate(void) { int res = TEST_SKIPPED; #if defined(HAVE_PKCS7) && !defined(NO_FILESYSTEM) PKCS7* pkcs7; char fName[] = "./certs/test-degenerate.p7b"; XFILE f; byte der[4096]; word32 derSz; int ret; AssertNotNull(f = XFOPEN(fName, "rb")); AssertIntGT((ret = (int)fread(der, 1, sizeof(der), f)), 0); derSz = (word32)ret; XFCLOSE(f); /* test degenerate success */ AssertNotNull(pkcs7 = wc_PKCS7_New(HEAP_HINT, testDevId)); AssertIntEQ(wc_PKCS7_Init(pkcs7, HEAP_HINT, INVALID_DEVID), 0); AssertIntEQ(wc_PKCS7_InitWithCert(pkcs7, NULL, 0), 0); #ifndef NO_RSA AssertIntEQ(wc_PKCS7_VerifySignedData(pkcs7, der, derSz), 0); #else AssertIntNE(wc_PKCS7_VerifySignedData(pkcs7, der, derSz), 0); #endif wc_PKCS7_Free(pkcs7); /* test with turning off degenerate cases */ AssertNotNull(pkcs7 = wc_PKCS7_New(HEAP_HINT, testDevId)); AssertIntEQ(wc_PKCS7_Init(pkcs7, HEAP_HINT, INVALID_DEVID), 0); AssertIntEQ(wc_PKCS7_InitWithCert(pkcs7, NULL, 0), 0); wc_PKCS7_AllowDegenerate(pkcs7, 0); /* override allowing degenerate case */ AssertIntEQ(wc_PKCS7_VerifySignedData(pkcs7, der, derSz), PKCS7_NO_SIGNER_E); wc_PKCS7_Free(pkcs7); res = TEST_RES_CHECK(1); #endif return res; } /* END test_wc_PKCS7_Degenerate() */ #if defined(HAVE_PKCS7) && !defined(NO_FILESYSTEM) && \ defined(ASN_BER_TO_DER) && !defined(NO_DES3) && !defined(NO_SHA) static byte berContent[] = { 0x30, 0x80, 0x06, 0x09, 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x07, 0x03, 0xA0, 0x80, 0x30, 0x80, 0x02, 0x01, 0x00, 0x31, 0x82, 0x01, 0x48, 0x30, 0x82, 0x01, 0x44, 0x02, 0x01, 0x00, 0x30, 0x81, 0xAC, 0x30, 0x81, 0x9E, 0x31, 0x0B, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x55, 0x53, 0x31, 0x10, 0x30, 0x0E, 0x06, 0x03, 0x55, 0x04, 0x08, 0x0C, 0x07, 0x4D, 0x6F, 0x6E, 0x74, 0x61, 0x6E, 0x61, 0x31, 0x10, 0x30, 0x0E, 0x06, 0x03, 0x55, 0x04, 0x07, 0x0C, 0x07, 0x42, 0x6F, 0x7A, 0x65, 0x6D, 0x61, 0x6E, 0x31, 0x15, 0x30, 0x13, 0x06, 0x03, 0x55, 0x04, 0x0A, 0x0C, 0x0C, 0x77, 0x6F, 0x6C, 0x66, 0x53, 0x53, 0x4C, 0x5F, 0x31, 0x30, 0x32, 0x34, 0x31, 0x19, 0x30, 0x17, 0x06, 0x03, 0x55, 0x04, 0x0B, 0x0C, 0x10, 0x50, 0x72, 0x6F, 0x67, 0x72, 0x61, 0x6D, 0x6D, 0x69, 0x6E, 0x67, 0x2D, 0x31, 0x30, 0x32, 0x34, 0x31, 0x18, 0x30, 0x16, 0x06, 0x03, 0x55, 0x04, 0x03, 0x0C, 0x0F, 0x77, 0x77, 0x77, 0x2E, 0x77, 0x6F, 0x6C, 0x66, 0x73, 0x73, 0x6C, 0x2E, 0x63, 0x6F, 0x6D, 0x31, 0x1F, 0x30, 0x1D, 0x06, 0x09, 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x09, 0x01, 0x16, 0x10, 0x69, 0x6E, 0x66, 0x6F, 0x40, 0x77, 0x6F, 0x6C, 0x66, 0x73, 0x73, 0x6C, 0x2E, 0x63, 0x6F, 0x6D, 0x02, 0x09, 0x00, 0xBB, 0xD3, 0x10, 0x03, 0xE6, 0x9D, 0x28, 0x03, 0x30, 0x0D, 0x06, 0x09, 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x01, 0x01, 0x05, 0x00, 0x04, 0x81, 0x80, 0x2F, 0xF9, 0x77, 0x4F, 0x04, 0x5C, 0x16, 0x62, 0xF0, 0x77, 0x8D, 0x95, 0x4C, 0xB1, 0x44, 0x9A, 0x8C, 0x3C, 0x8C, 0xE4, 0xD1, 0xC1, 0x14, 0x72, 0xD0, 0x4A, 0x1A, 0x94, 0x27, 0x0F, 0xAA, 0xE8, 0xD0, 0xA2, 0xE7, 0xED, 0x4C, 0x7F, 0x0F, 0xC7, 0x1B, 0xFB, 0x81, 0x0E, 0x76, 0x8F, 0xDD, 0x32, 0x11, 0x68, 0xA0, 0x13, 0xD2, 0x8D, 0x95, 0xEF, 0x80, 0x53, 0x81, 0x0E, 0x1F, 0xC8, 0xD6, 0x76, 0x5C, 0x31, 0xD3, 0x77, 0x33, 0x29, 0xA6, 0x1A, 0xD3, 0xC6, 0x14, 0x36, 0xCA, 0x8E, 0x7D, 0x72, 0xA0, 0x29, 0x4C, 0xC7, 0x3A, 0xAF, 0xFE, 0xF7, 0xFC, 0xD7, 0xE2, 0x8F, 0x6A, 0x20, 0x46, 0x09, 0x40, 0x22, 0x2D, 0x79, 0x38, 0x11, 0xB1, 0x4A, 0xE3, 0x48, 0xE8, 0x10, 0x37, 0xA0, 0x22, 0xF7, 0xB4, 0x79, 0xD1, 0xA9, 0x3D, 0xC2, 0xAB, 0x37, 0xAE, 0x82, 0x68, 0x1A, 0x16, 0xEF, 0x33, 0x0C, 0x30, 0x80, 0x06, 0x09, 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x07, 0x01, 0x30, 0x14, 0x06, 0x08, 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x03, 0x07, 0x04, 0x08, 0xAD, 0xD0, 0x38, 0x9B, 0x16, 0x4B, 0x7F, 0x99, 0xA0, 0x80, 0x04, 0x82, 0x03, 0xE8, 0x6D, 0x48, 0xFB, 0x8A, 0xBD, 0xED, 0x6C, 0xCD, 0xC6, 0x48, 0xFD, 0xB7, 0xB0, 0x7C, 0x86, 0x2C, 0x8D, 0xF0, 0x23, 0x12, 0xD8, 0xA3, 0x2A, 0x21, 0x6F, 0x8B, 0x75, 0xBB, 0x47, 0x7F, 0xC9, 0xBA, 0xBA, 0xFF, 0x91, 0x09, 0x01, 0x7A, 0x5C, 0x96, 0x02, 0xB8, 0x8E, 0xF8, 0x67, 0x7E, 0x8F, 0xF9, 0x51, 0x0E, 0xFF, 0x8E, 0xE2, 0x61, 0xC0, 0xDF, 0xFA, 0xE2, 0x4C, 0x50, 0x90, 0xAE, 0xA1, 0x15, 0x38, 0x3D, 0xBE, 0x88, 0xD7, 0x57, 0xC0, 0x11, 0x44, 0xA2, 0x61, 0x05, 0x49, 0x6A, 0x94, 0x04, 0x10, 0xD9, 0xC2, 0x2D, 0x15, 0x20, 0x0D, 0xBD, 0xA2, 0xEF, 0xE4, 0x68, 0xFA, 0x39, 0x75, 0x7E, 0xD8, 0x64, 0x44, 0xCB, 0xE0, 0x00, 0x6D, 0x57, 0x4E, 0x8A, 0x17, 0xA9, 0x83, 0x6C, 0x7F, 0xFE, 0x01, 0xEE, 0xDE, 0x99, 0x3A, 0xB2, 0xFF, 0xD3, 0x72, 0x78, 0xBA, 0xF1, 0x23, 0x54, 0x48, 0x02, 0xD8, 0x38, 0xA9, 0x54, 0xE5, 0x4A, 0x81, 0xB9, 0xC0, 0x67, 0xB2, 0x7D, 0x3C, 0x6F, 0xCE, 0xA4, 0xDD, 0x34, 0x5F, 0x60, 0xB1, 0xA3, 0x7A, 0xE4, 0x43, 0xF2, 0x89, 0x64, 0x35, 0x09, 0x32, 0x51, 0xFB, 0x5C, 0x67, 0x0C, 0x3B, 0xFC, 0x36, 0x6B, 0x37, 0x43, 0x6C, 0x03, 0xCD, 0x44, 0xC7, 0x2B, 0x62, 0xD6, 0xD1, 0xF4, 0x07, 0x7B, 0x19, 0x91, 0xF0, 0xD7, 0xF5, 0x54, 0xBC, 0x0F, 0x42, 0x6B, 0x69, 0xF7, 0xA3, 0xC8, 0xEE, 0xB9, 0x7A, 0x9E, 0x3D, 0xDF, 0x53, 0x47, 0xF7, 0x50, 0x67, 0x00, 0xCF, 0x2B, 0x3B, 0xE9, 0x85, 0xEE, 0xBD, 0x4C, 0x64, 0x66, 0x0B, 0x77, 0x80, 0x9D, 0xEF, 0x11, 0x32, 0x77, 0xA8, 0xA4, 0x5F, 0xEE, 0x2D, 0xE0, 0x43, 0x87, 0x76, 0x87, 0x53, 0x4E, 0xD7, 0x1A, 0x04, 0x7B, 0xE1, 0xD1, 0xE1, 0xF5, 0x87, 0x51, 0x13, 0xE0, 0xC2, 0xAA, 0xA3, 0x4B, 0xAA, 0x9E, 0xB4, 0xA6, 0x1D, 0x4E, 0x28, 0x57, 0x0B, 0x80, 0x90, 0x81, 0x4E, 0x04, 0xF5, 0x30, 0x8D, 0x51, 0xCE, 0x57, 0x2F, 0x88, 0xC5, 0x70, 0xC4, 0x06, 0x8F, 0xDD, 0x37, 0xC1, 0x34, 0x1E, 0x0E, 0x15, 0x32, 0x23, 0x92, 0xAB, 0x40, 0xEA, 0xF7, 0x43, 0xE2, 0x1D, 0xE2, 0x4B, 0xC9, 0x91, 0xF4, 0x63, 0x21, 0x34, 0xDB, 0xE9, 0x86, 0x83, 0x1A, 0xD2, 0x52, 0xEF, 0x7A, 0xA2, 0xEE, 0xA4, 0x11, 0x56, 0xD3, 0x6C, 0xF5, 0x6D, 0xE4, 0xA5, 0x2D, 0x99, 0x02, 0x10, 0xDF, 0x29, 0xC5, 0xE3, 0x0B, 0xC4, 0xA1, 0xEE, 0x5F, 0x4A, 0x10, 0xEE, 0x85, 0x73, 0x2A, 0x92, 0x15, 0x2C, 0xC8, 0xF4, 0x8C, 0xD7, 0x3D, 0xBC, 0xAD, 0x18, 0xE0, 0x59, 0xD3, 0xEE, 0x75, 0x90, 0x1C, 0xCC, 0x76, 0xC6, 0x64, 0x17, 0xD2, 0xD0, 0x91, 0xA6, 0xD0, 0xC1, 0x4A, 0xAA, 0x58, 0x22, 0xEC, 0x45, 0x98, 0xF2, 0xCC, 0x4C, 0xE4, 0xBF, 0xED, 0xF6, 0x44, 0x72, 0x36, 0x65, 0x3F, 0xE3, 0xB5, 0x8B, 0x3E, 0x54, 0x9C, 0x82, 0x86, 0x5E, 0xB0, 0xF2, 0x12, 0xE5, 0x69, 0xFA, 0x46, 0xA2, 0x54, 0xFC, 0xF5, 0x4B, 0xE0, 0x24, 0x3B, 0x99, 0x04, 0x1A, 0x7A, 0xF7, 0xD1, 0xFF, 0x68, 0x97, 0xB2, 0x85, 0x82, 0x95, 0x27, 0x2B, 0xF4, 0xE7, 0x1A, 0x74, 0x19, 0xEC, 0x8C, 0x4E, 0xA7, 0x0F, 0xAD, 0x4F, 0x5A, 0x02, 0x80, 0xC1, 0x6A, 0x9E, 0x54, 0xE4, 0x8E, 0xA3, 0x41, 0x3F, 0x6F, 0x9C, 0x82, 0x9F, 0x83, 0xB0, 0x44, 0x01, 0x5F, 0x10, 0x9D, 0xD3, 0xB6, 0x33, 0x5B, 0xAF, 0xAC, 0x6B, 0x57, 0x2A, 0x01, 0xED, 0x0E, 0x17, 0xB9, 0x80, 0x76, 0x12, 0x1C, 0x51, 0x56, 0xDD, 0x6D, 0x94, 0xAB, 0xD2, 0xE5, 0x15, 0x2D, 0x3C, 0xC5, 0xE8, 0x62, 0x05, 0x8B, 0x40, 0xB1, 0xC2, 0x83, 0xCA, 0xAC, 0x4B, 0x8B, 0x39, 0xF7, 0xA0, 0x08, 0x43, 0x5C, 0xF7, 0xE8, 0xED, 0x40, 0x72, 0x73, 0xE3, 0x6B, 0x18, 0x67, 0xA0, 0xB6, 0x0F, 0xED, 0x8F, 0x9A, 0xE4, 0x27, 0x62, 0x23, 0xAA, 0x6D, 0x6C, 0x31, 0xC9, 0x9D, 0x6B, 0xE0, 0xBF, 0x9D, 0x7D, 0x2E, 0x76, 0x71, 0x06, 0x39, 0xAC, 0x96, 0x1C, 0xAF, 0x30, 0xF2, 0x62, 0x9C, 0x84, 0x3F, 0x43, 0x5E, 0x19, 0xA8, 0xE5, 0x3C, 0x9D, 0x43, 0x3C, 0x43, 0x41, 0xE8, 0x82, 0xE7, 0x5B, 0xF3, 0xE2, 0x15, 0xE3, 0x52, 0x20, 0xFD, 0x0D, 0xB2, 0x4D, 0x48, 0xAD, 0x53, 0x7E, 0x0C, 0xF0, 0xB9, 0xBE, 0xC9, 0x58, 0x4B, 0xC8, 0xA8, 0xA3, 0x36, 0xF1, 0x2C, 0xD2, 0xE1, 0xC8, 0xC4, 0x3C, 0x48, 0x70, 0xC2, 0x6D, 0x6C, 0x3D, 0x99, 0xAC, 0x43, 0x19, 0x69, 0xCA, 0x67, 0x1A, 0xC9, 0xE1, 0x47, 0xFA, 0x0A, 0xE6, 0x5B, 0x6F, 0x61, 0xD0, 0x03, 0xE4, 0x03, 0x4B, 0xFD, 0xE2, 0xA5, 0x8D, 0x83, 0x01, 0x7E, 0xC0, 0x7B, 0x2E, 0x0B, 0x29, 0xDD, 0xD6, 0xDC, 0x71, 0x46, 0xBD, 0x9A, 0x40, 0x46, 0x1E, 0x0A, 0xB1, 0x00, 0xE7, 0x71, 0x29, 0x77, 0xFC, 0x9A, 0x76, 0x8A, 0x5F, 0x66, 0x9B, 0x63, 0x91, 0x12, 0x78, 0xBF, 0x67, 0xAD, 0xA1, 0x72, 0x9E, 0xC5, 0x3E, 0xE5, 0xCB, 0xAF, 0xD6, 0x5A, 0x0D, 0xB6, 0x9B, 0xA3, 0x78, 0xE8, 0xB0, 0x8F, 0x69, 0xED, 0xC1, 0x73, 0xD5, 0xE5, 0x1C, 0x18, 0xA0, 0x58, 0x4C, 0x49, 0xBD, 0x91, 0xCE, 0x15, 0x0D, 0xAA, 0x5A, 0x07, 0xEA, 0x1C, 0xA7, 0x4B, 0x11, 0x31, 0x80, 0xAF, 0xA1, 0x0A, 0xED, 0x6C, 0x70, 0xE4, 0xDB, 0x75, 0x86, 0xAE, 0xBF, 0x4A, 0x05, 0x72, 0xDE, 0x84, 0x8C, 0x7B, 0x59, 0x81, 0x58, 0xE0, 0xC0, 0x15, 0xB5, 0xF3, 0xD5, 0x73, 0x78, 0x83, 0x53, 0xDA, 0x92, 0xC1, 0xE6, 0x71, 0x74, 0xC7, 0x7E, 0xAA, 0x36, 0x06, 0xF0, 0xDF, 0xBA, 0xFB, 0xEF, 0x54, 0xE8, 0x11, 0xB2, 0x33, 0xA3, 0x0B, 0x9E, 0x0C, 0x59, 0x75, 0x13, 0xFA, 0x7F, 0x88, 0xB9, 0x86, 0xBD, 0x1A, 0xDB, 0x52, 0x12, 0xFB, 0x6D, 0x1A, 0xCB, 0x49, 0x94, 0x94, 0xC4, 0xA9, 0x99, 0xC0, 0xA4, 0xB6, 0x60, 0x36, 0x09, 0x94, 0x2A, 0xD5, 0xC4, 0x26, 0xF4, 0xA3, 0x6A, 0x0E, 0x57, 0x8B, 0x7C, 0xA4, 0x1D, 0x75, 0xE8, 0x2A, 0xF3, 0xC4, 0x3C, 0x7D, 0x45, 0x6D, 0xD8, 0x24, 0xD1, 0x3B, 0xF7, 0xCF, 0xE4, 0x45, 0x2A, 0x55, 0xE5, 0xA9, 0x1F, 0x1C, 0x8F, 0x55, 0x8D, 0xC1, 0xF7, 0x74, 0xCC, 0x26, 0xC7, 0xBA, 0x2E, 0x5C, 0xC1, 0x71, 0x0A, 0xAA, 0xD9, 0x6D, 0x76, 0xA7, 0xF9, 0xD1, 0x18, 0xCB, 0x5A, 0x52, 0x98, 0xA8, 0x0D, 0x3F, 0x06, 0xFC, 0x49, 0x11, 0x21, 0x5F, 0x86, 0x19, 0x33, 0x81, 0xB5, 0x7A, 0xDA, 0xA1, 0x47, 0xBF, 0x7C, 0xD7, 0x05, 0x96, 0xC7, 0xF5, 0xC1, 0x61, 0xE5, 0x18, 0xA5, 0x38, 0x68, 0xED, 0xB4, 0x17, 0x62, 0x0D, 0x01, 0x5E, 0xC3, 0x04, 0xA6, 0xBA, 0xB1, 0x01, 0x60, 0x5C, 0xC1, 0x3A, 0x34, 0x97, 0xD6, 0xDB, 0x67, 0x73, 0x4D, 0x33, 0x96, 0x01, 0x67, 0x44, 0xEA, 0x47, 0x5E, 0x44, 0xB5, 0xE5, 0xD1, 0x6C, 0x20, 0xA9, 0x6D, 0x4D, 0xBC, 0x02, 0xF0, 0x70, 0xE4, 0xDD, 0xE9, 0xD5, 0x5C, 0x28, 0x29, 0x0B, 0xB4, 0x60, 0x2A, 0xF1, 0xF7, 0x1A, 0xF0, 0x36, 0xAE, 0x51, 0x3A, 0xAE, 0x6E, 0x48, 0x7D, 0xC7, 0x5C, 0xF3, 0xDC, 0xF6, 0xED, 0x27, 0x4E, 0x8E, 0x48, 0x18, 0x3E, 0x08, 0xF1, 0xD8, 0x3D, 0x0D, 0xE7, 0x2F, 0x65, 0x8A, 0x6F, 0xE2, 0x1E, 0x06, 0xC1, 0x04, 0x58, 0x7B, 0x4A, 0x75, 0x60, 0x92, 0x13, 0xC6, 0x40, 0x2D, 0x3A, 0x8A, 0xD1, 0x03, 0x05, 0x1F, 0x28, 0x66, 0xC2, 0x57, 0x2A, 0x4C, 0xE1, 0xA3, 0xCB, 0xA1, 0x95, 0x30, 0x10, 0xED, 0xDF, 0xAE, 0x70, 0x49, 0x4E, 0xF6, 0xB4, 0x5A, 0xB6, 0x22, 0x56, 0x37, 0x05, 0xE7, 0x3E, 0xB2, 0xE3, 0x96, 0x62, 0xEC, 0x09, 0x53, 0xC0, 0x50, 0x3D, 0xA7, 0xBC, 0x9B, 0x39, 0x02, 0x26, 0x16, 0xB5, 0x34, 0x17, 0xD4, 0xCA, 0xFE, 0x1D, 0xE4, 0x5A, 0xDA, 0x4C, 0xC2, 0xCA, 0x8E, 0x79, 0xBF, 0xD8, 0x4C, 0xBB, 0xFA, 0x30, 0x7B, 0xA9, 0x3E, 0x52, 0x19, 0xB1, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 }; #endif /* HAVE_PKCS7 && !NO_FILESYSTEM && ASN_BER_TO_DER && * !NO_DES3 && !NO_SHA */ /* * Testing wc_PKCS7_BER() */ static int test_wc_PKCS7_BER(void) { int res = TEST_SKIPPED; #if defined(HAVE_PKCS7) && !defined(NO_FILESYSTEM) && \ !defined(NO_SHA) && defined(ASN_BER_TO_DER) PKCS7* pkcs7; char fName[] = "./certs/test-ber-exp02-05-2022.p7b"; XFILE f; byte der[4096]; #ifndef NO_DES3 byte decoded[2048]; #endif word32 derSz; int ret; AssertNotNull(f = XFOPEN(fName, "rb")); AssertIntGT((ret = (int)fread(der, 1, sizeof(der), f)), 0); derSz = (word32)ret; XFCLOSE(f); AssertNotNull(pkcs7 = wc_PKCS7_New(HEAP_HINT, testDevId)); AssertIntEQ(wc_PKCS7_Init(pkcs7, HEAP_HINT, INVALID_DEVID), 0); AssertIntEQ(wc_PKCS7_InitWithCert(pkcs7, NULL, 0), 0); #ifndef NO_RSA AssertIntEQ(wc_PKCS7_VerifySignedData(pkcs7, der, derSz), 0); #else AssertIntNE(wc_PKCS7_VerifySignedData(pkcs7, der, derSz), 0); #endif wc_PKCS7_Free(pkcs7); #ifndef NO_DES3 /* decode BER content */ AssertNotNull(f = XFOPEN("./certs/1024/client-cert.der", "rb")); AssertIntGT((ret = (int)fread(der, 1, sizeof(der), f)), 0); derSz = (word32)ret; XFCLOSE(f); AssertNotNull(pkcs7 = wc_PKCS7_New(HEAP_HINT, testDevId)); #ifndef NO_RSA AssertIntEQ(wc_PKCS7_InitWithCert(pkcs7, der, derSz), 0); #else AssertIntNE(wc_PKCS7_InitWithCert(pkcs7, der, derSz), 0); #endif AssertNotNull(f = XFOPEN("./certs/1024/client-key.der", "rb")); AssertIntGT((ret = (int)fread(der, 1, sizeof(der), f)), 0); derSz = (word32)ret; XFCLOSE(f); pkcs7->privateKey = der; pkcs7->privateKeySz = derSz; #ifndef NO_RSA #ifdef WOLFSSL_SP_MATH AssertIntEQ(wc_PKCS7_DecodeEnvelopedData(pkcs7, berContent, sizeof(berContent), decoded, sizeof(decoded)), WC_KEY_SIZE_E); #else AssertIntGT(wc_PKCS7_DecodeEnvelopedData(pkcs7, berContent, sizeof(berContent), decoded, sizeof(decoded)), 0); #endif #else AssertIntEQ(wc_PKCS7_DecodeEnvelopedData(pkcs7, berContent, sizeof(berContent), decoded, sizeof(decoded)), NOT_COMPILED_IN); #endif wc_PKCS7_Free(pkcs7); #endif /* !NO_DES3 */ res = TEST_RES_CHECK(1); #endif return res; } /* END test_wc_PKCS7_BER() */ static int test_PKCS7_signed_enveloped(void) { int res = TEST_SKIPPED; #if defined(HAVE_PKCS7) && !defined(NO_RSA) && !defined(NO_AES) && \ !defined(NO_FILESYSTEM) XFILE f; PKCS7* pkcs7; #ifdef HAVE_AES_CBC PKCS7* inner; #endif void* pt; WC_RNG rng; unsigned char key[FOURK_BUF/2]; unsigned char cert[FOURK_BUF/2]; unsigned char env[FOURK_BUF]; int envSz = FOURK_BUF; int keySz; int certSz; unsigned char sig[FOURK_BUF * 2]; int sigSz = FOURK_BUF * 2; #ifdef HAVE_AES_CBC unsigned char decoded[FOURK_BUF]; int decodedSz = FOURK_BUF; #endif /* load cert */ AssertNotNull(f = XFOPEN(cliCertDerFile, "rb")); AssertIntGT((certSz = (int)XFREAD(cert, 1, sizeof(cert), f)), 0); XFCLOSE(f); /* load key */ AssertNotNull(f = XFOPEN(cliKeyFile, "rb")); AssertIntGT((keySz = (int)XFREAD(key, 1, sizeof(key), f)), 0); XFCLOSE(f); keySz = wolfSSL_KeyPemToDer(key, keySz, key, keySz, NULL); /* sign cert for envelope */ AssertNotNull(pkcs7 = wc_PKCS7_New(NULL, 0)); AssertIntEQ(wc_InitRng(&rng), 0); AssertIntEQ(wc_PKCS7_InitWithCert(pkcs7, cert, certSz), 0); pkcs7->content = cert; pkcs7->contentSz = certSz; pkcs7->contentOID = DATA; pkcs7->privateKey = key; pkcs7->privateKeySz = keySz; pkcs7->encryptOID = RSAk; pkcs7->hashOID = SHA256h; pkcs7->rng = &rng; AssertIntGT((sigSz = wc_PKCS7_EncodeSignedData(pkcs7, sig, sigSz)), 0); wc_PKCS7_Free(pkcs7); wc_FreeRng(&rng); #ifdef HAVE_AES_CBC /* create envelope */ AssertNotNull(pkcs7 = wc_PKCS7_New(NULL, 0)); AssertIntEQ(wc_PKCS7_InitWithCert(pkcs7, cert, certSz), 0); pkcs7->content = sig; pkcs7->contentSz = sigSz; pkcs7->contentOID = DATA; pkcs7->encryptOID = AES256CBCb; pkcs7->privateKey = key; pkcs7->privateKeySz = keySz; AssertIntGT((envSz = wc_PKCS7_EncodeEnvelopedData(pkcs7, env, envSz)), 0); AssertIntLT(wc_PKCS7_EncodeEnvelopedData(pkcs7, env, 2), 0); wc_PKCS7_Free(pkcs7); #endif /* create bad signed enveloped data */ sigSz = FOURK_BUF * 2; AssertNotNull(pkcs7 = wc_PKCS7_New(NULL, 0)); AssertIntEQ(wc_InitRng(&rng), 0); AssertIntEQ(wc_PKCS7_InitWithCert(pkcs7, cert, certSz), 0); pkcs7->content = env; pkcs7->contentSz = envSz; pkcs7->contentOID = DATA; pkcs7->privateKey = key; pkcs7->privateKeySz = keySz; pkcs7->encryptOID = RSAk; pkcs7->hashOID = SHA256h; pkcs7->rng = &rng; /* Set no certs in bundle for this test. Hang on to the pointer though to * free it later. */ pt = (void*)pkcs7->certList; pkcs7->certList = NULL; /* no certs in bundle */ AssertIntGT((sigSz = wc_PKCS7_EncodeSignedData(pkcs7, sig, sigSz)), 0); pkcs7->certList = (Pkcs7Cert*)pt; /* restore pointer for PKCS7 free call */ wc_PKCS7_Free(pkcs7); /* check verify fails */ AssertNotNull(pkcs7 = wc_PKCS7_New(NULL, 0)); AssertIntEQ(wc_PKCS7_InitWithCert(pkcs7, NULL, 0), 0); AssertIntEQ(wc_PKCS7_VerifySignedData(pkcs7, sig, sigSz), PKCS7_SIGNEEDS_CHECK); /* try verifying the signature manually */ { RsaKey rKey; word32 idx = 0; byte digest[MAX_SEQ_SZ + MAX_ALGO_SZ + MAX_OCTET_STR_SZ + WC_MAX_DIGEST_SIZE]; int digestSz; AssertIntEQ(wc_InitRsaKey(&rKey, HEAP_HINT), 0); AssertIntEQ(wc_RsaPrivateKeyDecode(key, &idx, &rKey, keySz), 0); digestSz = wc_RsaSSL_Verify(pkcs7->signature, pkcs7->signatureSz, digest, sizeof(digest), &rKey); AssertIntGT(digestSz, 0); AssertIntEQ(digestSz, pkcs7->pkcs7DigestSz); AssertIntEQ(XMEMCMP(digest, pkcs7->pkcs7Digest, digestSz), 0); AssertIntEQ(wc_FreeRsaKey(&rKey), 0); /* verify was success */ } wc_PKCS7_Free(pkcs7); /* initializing the PKCS7 struct with the signing certificate should pass */ AssertNotNull(pkcs7 = wc_PKCS7_New(NULL, 0)); AssertIntEQ(wc_PKCS7_InitWithCert(pkcs7, cert, certSz), 0); AssertIntEQ(wc_PKCS7_VerifySignedData(pkcs7, sig, sigSz), 0); wc_PKCS7_Free(pkcs7); /* create valid degenerate bundle */ sigSz = FOURK_BUF * 2; AssertNotNull(pkcs7 = wc_PKCS7_New(NULL, 0)); pkcs7->content = env; pkcs7->contentSz = envSz; pkcs7->contentOID = DATA; pkcs7->privateKey = key; pkcs7->privateKeySz = keySz; pkcs7->encryptOID = RSAk; pkcs7->hashOID = SHA256h; pkcs7->rng = &rng; AssertIntEQ(wc_PKCS7_SetSignerIdentifierType(pkcs7, DEGENERATE_SID), 0); AssertIntGT((sigSz = wc_PKCS7_EncodeSignedData(pkcs7, sig, sigSz)), 0); wc_PKCS7_Free(pkcs7); wc_FreeRng(&rng); /* check verify */ AssertNotNull(pkcs7 = wc_PKCS7_New(NULL, 0)); AssertIntEQ(wc_PKCS7_Init(pkcs7, HEAP_HINT, testDevId), 0); AssertIntEQ(wc_PKCS7_VerifySignedData(pkcs7, sig, sigSz), 0); AssertNotNull(pkcs7->content); #ifdef HAVE_AES_CBC /* check decode */ AssertNotNull(inner = wc_PKCS7_New(NULL, 0)); AssertIntEQ(wc_PKCS7_InitWithCert(inner, cert, certSz), 0); inner->privateKey = key; inner->privateKeySz = keySz; AssertIntGT((decodedSz = wc_PKCS7_DecodeEnvelopedData(inner, pkcs7->content, pkcs7->contentSz, decoded, decodedSz)), 0); wc_PKCS7_Free(inner); #endif wc_PKCS7_Free(pkcs7); #ifdef HAVE_AES_CBC /* check cert set */ AssertNotNull(pkcs7 = wc_PKCS7_New(NULL, 0)); AssertIntEQ(wc_PKCS7_InitWithCert(pkcs7, NULL, 0), 0); AssertIntEQ(wc_PKCS7_VerifySignedData(pkcs7, decoded, decodedSz), 0); AssertNotNull(pkcs7->singleCert); AssertIntNE(pkcs7->singleCertSz, 0); wc_PKCS7_Free(pkcs7); #endif res = TEST_RES_CHECK(1); #endif /* HAVE_PKCS7 && !NO_RSA && !NO_AES */ return res; } static int test_wc_PKCS7_NoDefaultSignedAttribs(void) { int res = TEST_SKIPPED; #if defined(HAVE_PKCS7) && !defined(NO_FILESYSTEM) && !defined(NO_RSA) \ && !defined(NO_AES) PKCS7* pkcs7; void* heap = NULL; pkcs7 = wc_PKCS7_New(heap, testDevId); AssertNotNull(pkcs7); AssertIntEQ(wc_PKCS7_Init(pkcs7, heap, testDevId), 0); AssertIntEQ(wc_PKCS7_NoDefaultSignedAttribs(NULL), BAD_FUNC_ARG); AssertIntEQ(wc_PKCS7_NoDefaultSignedAttribs(pkcs7), 0); wc_PKCS7_Free(pkcs7); res = TEST_RES_CHECK(1); #endif return res; } static int test_wc_PKCS7_SetOriEncryptCtx(void) { int res = TEST_SKIPPED; #if defined(HAVE_PKCS7) && !defined(NO_FILESYSTEM) && !defined(NO_RSA) \ && !defined(NO_AES) PKCS7* pkcs7; void* heap = NULL; WOLFSSL_CTX* ctx; ctx = NULL; pkcs7 = wc_PKCS7_New(heap, testDevId); AssertNotNull(pkcs7); AssertIntEQ(wc_PKCS7_Init(pkcs7, heap, testDevId), 0); AssertIntEQ(wc_PKCS7_SetOriEncryptCtx(NULL, ctx), BAD_FUNC_ARG); AssertIntEQ(wc_PKCS7_SetOriEncryptCtx(pkcs7, ctx), 0); wc_PKCS7_Free(pkcs7); res = TEST_RES_CHECK(1); #endif return res; } static int test_wc_PKCS7_SetOriDecryptCtx(void) { int res = TEST_SKIPPED; #if defined(HAVE_PKCS7) && !defined(NO_FILESYSTEM) && !defined(NO_RSA) \ && !defined(NO_AES) PKCS7* pkcs7; void* heap = NULL; WOLFSSL_CTX* ctx; ctx = NULL; pkcs7 = wc_PKCS7_New(heap, testDevId); AssertNotNull(pkcs7); AssertIntEQ(wc_PKCS7_Init(pkcs7, heap, testDevId), 0); AssertIntEQ(wc_PKCS7_SetOriDecryptCtx(NULL, ctx), BAD_FUNC_ARG); AssertIntEQ(wc_PKCS7_SetOriDecryptCtx(pkcs7, ctx), 0); wc_PKCS7_Free(pkcs7); res = TEST_RES_CHECK(1); #endif return res; } static int test_wc_PKCS7_DecodeCompressedData(void) { int res = TEST_SKIPPED; #if defined(HAVE_PKCS7) && !defined(NO_FILESYSTEM) && !defined(NO_RSA) \ && !defined(NO_AES) && defined(HAVE_LIBZ) PKCS7* pkcs7; void* heap = NULL; byte out[4096]; byte *decompressed; int outSz, decompressedSz; const char* cert = "./certs/client-cert.pem"; byte* cert_buf = NULL; size_t cert_sz = 0; AssertIntEQ(load_file(cert, &cert_buf, &cert_sz), 0); AssertNotNull((decompressed = (byte*)XMALLOC(cert_sz, heap, DYNAMIC_TYPE_TMP_BUFFER))); decompressedSz = (int)cert_sz; AssertNotNull((pkcs7 = wc_PKCS7_New(heap, testDevId))); pkcs7->content = (byte*)cert_buf; pkcs7->contentSz = (word32)cert_sz; pkcs7->contentOID = DATA; AssertIntGT((outSz = wc_PKCS7_EncodeCompressedData(pkcs7, out, sizeof(out))), 0); wc_PKCS7_Free(pkcs7); /* compressed key should be smaller than when started */ AssertIntLT(outSz, cert_sz); /* test decompression */ AssertNotNull((pkcs7 = wc_PKCS7_New(heap, testDevId))); AssertIntEQ(pkcs7->contentOID, 0); /* fail case with out buffer too small */ AssertIntLT(wc_PKCS7_DecodeCompressedData(pkcs7, out, outSz, decompressed, outSz), 0); /* success case */ AssertIntEQ(wc_PKCS7_DecodeCompressedData(pkcs7, out, outSz, decompressed, decompressedSz), cert_sz); AssertIntEQ(pkcs7->contentOID, DATA); AssertIntEQ(XMEMCMP(decompressed, cert_buf, cert_sz), 0); XFREE(decompressed, heap, DYNAMIC_TYPE_TMP_BUFFER); decompressed = NULL; /* test decompression function with different 'max' inputs */ outSz = sizeof(out); AssertIntGT((outSz = wc_Compress(out, outSz, cert_buf, (word32)cert_sz, 0)), 0); AssertIntLT(wc_DeCompressDynamic(&decompressed, 1, DYNAMIC_TYPE_TMP_BUFFER, out, outSz, 0, heap), 0); AssertNull(decompressed); AssertIntGT(wc_DeCompressDynamic(&decompressed, -1, DYNAMIC_TYPE_TMP_BUFFER, out, outSz, 0, heap), 0); AssertNotNull(decompressed); AssertIntEQ(XMEMCMP(decompressed, cert_buf, cert_sz), 0); XFREE(decompressed, heap, DYNAMIC_TYPE_TMP_BUFFER); decompressed = NULL; AssertIntGT(wc_DeCompressDynamic(&decompressed, DYNAMIC_TYPE_TMP_BUFFER, 5, out, outSz, 0, heap), 0); AssertNotNull(decompressed); AssertIntEQ(XMEMCMP(decompressed, cert_buf, cert_sz), 0); XFREE(decompressed, heap, DYNAMIC_TYPE_TMP_BUFFER); if (cert_buf) free(cert_buf); wc_PKCS7_Free(pkcs7); res = TEST_RES_CHECK(1); #endif return res; } static int test_wc_i2d_PKCS12(void) { int res = TEST_SKIPPED; #if !defined(NO_ASN) && !defined(NO_PWDBASED) && defined(HAVE_PKCS12) \ && !defined(NO_FILESYSTEM) && !defined(NO_RSA) \ && !defined(NO_AES) && !defined(NO_DES3) && !defined(NO_SHA) WC_PKCS12* pkcs12 = NULL; unsigned char der[FOURK_BUF * 2]; unsigned char* pt; int derSz; unsigned char out[FOURK_BUF * 2]; int outSz = FOURK_BUF * 2; const char p12_f[] = "./certs/test-servercert.p12"; XFILE f; f = XFOPEN(p12_f, "rb"); AssertNotNull(f); derSz = (int)XFREAD(der, 1, sizeof(der), f); AssertIntGT(derSz, 0); XFCLOSE(f); AssertNotNull(pkcs12 = wc_PKCS12_new()); AssertIntEQ(wc_d2i_PKCS12(der, derSz, pkcs12), 0); AssertIntEQ(wc_i2d_PKCS12(pkcs12, NULL, &outSz), LENGTH_ONLY_E); AssertIntEQ(outSz, derSz); outSz = derSz - 1; pt = out; AssertIntLE(wc_i2d_PKCS12(pkcs12, &pt, &outSz), 0); outSz = derSz; AssertIntEQ(wc_i2d_PKCS12(pkcs12, &pt, &outSz), derSz); AssertIntEQ((pt == out), 0); pt = NULL; AssertIntEQ(wc_i2d_PKCS12(pkcs12, &pt, NULL), derSz); XFREE(pt, NULL, DYNAMIC_TYPE_PKCS); wc_PKCS12_free(pkcs12); /* Run the same test but use wc_d2i_PKCS12_fp. */ AssertNotNull(pkcs12 = wc_PKCS12_new()); AssertIntEQ(wc_d2i_PKCS12_fp("./certs/test-servercert.p12", &pkcs12), 0); AssertIntEQ(wc_i2d_PKCS12(pkcs12, NULL, &outSz), LENGTH_ONLY_E); AssertIntEQ(outSz, derSz); wc_PKCS12_free(pkcs12); /* wc_d2i_PKCS12_fp can also allocate the PKCS12 object for the caller. */ pkcs12 = NULL; AssertIntEQ(wc_d2i_PKCS12_fp("./certs/test-servercert.p12", &pkcs12), 0); AssertIntEQ(wc_i2d_PKCS12(pkcs12, NULL, &outSz), LENGTH_ONLY_E); AssertIntEQ(outSz, derSz); wc_PKCS12_free(pkcs12); res = TEST_RES_CHECK(1); #endif return res; } /* Testing wc_SignatureGetSize() for signature type ECC */ static int test_wc_SignatureGetSize_ecc(void) { int res = TEST_SKIPPED; #ifndef NO_SIG_WRAPPER int ret; #if defined(HAVE_ECC) && !defined(NO_ECC256) enum wc_SignatureType sig_type; word32 key_len; /* Initialize ECC Key */ ecc_key ecc; const char* qx = "fa2737fb93488d19caef11ae7faf6b7f4bcd67b286e3fc54e8a65c2b74aeccb0"; const char* qy = "d4ccd6dae698208aa8c3a6f39e45510d03be09b2f124bfc067856c324f9b4d09"; const char* d = "be34baa8d040a3b991f9075b56ba292f755b90e4b6dc10dad36715c33cfdac25"; ret = wc_ecc_init(&ecc); if (ret == 0) { ret = wc_ecc_import_raw(&ecc, qx, qy, d, "SECP256R1"); } if (ret == 0) { /* Input for signature type ECC */ sig_type = WC_SIGNATURE_TYPE_ECC; key_len = sizeof(ecc_key); ret = wc_SignatureGetSize(sig_type, &ecc, key_len); /* Test bad args */ if (ret > 0) { sig_type = (enum wc_SignatureType) 100; ret = wc_SignatureGetSize(sig_type, &ecc, key_len); if (ret == BAD_FUNC_ARG) { sig_type = WC_SIGNATURE_TYPE_ECC; ret = wc_SignatureGetSize(sig_type, NULL, key_len); } if (ret >= 0) { key_len = (word32) 0; ret = wc_SignatureGetSize(sig_type, &ecc, key_len); } if (ret == BAD_FUNC_ARG) { ret = SIG_TYPE_E; } } } else { ret = WOLFSSL_FATAL_ERROR; } wc_ecc_free(&ecc); #else ret = SIG_TYPE_E; #endif res = TEST_RES_CHECK(ret == SIG_TYPE_E); #endif /* NO_SIG_WRAPPER */ return res; }/* END test_wc_SignatureGetSize_ecc() */ /* Testing wc_SignatureGetSize() for signature type rsa */ static int test_wc_SignatureGetSize_rsa(void) { int res = TEST_SKIPPED; #ifndef NO_SIG_WRAPPER int ret = 0; #ifndef NO_RSA enum wc_SignatureType sig_type; word32 key_len; word32 idx = 0; /* Initialize RSA Key */ RsaKey rsa_key; byte* tmp = NULL; size_t bytes; #ifdef USE_CERT_BUFFERS_1024 bytes = (size_t)sizeof_client_key_der_1024; if (bytes < (size_t)sizeof_client_key_der_1024) bytes = (size_t)sizeof_client_cert_der_1024; #elif defined(USE_CERT_BUFFERS_2048) bytes = (size_t)sizeof_client_key_der_2048; if (bytes < (size_t)sizeof_client_cert_der_2048) bytes = (size_t)sizeof_client_cert_der_2048; #else bytes = FOURK_BUF; #endif tmp = (byte*)XMALLOC(bytes, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); if (tmp != NULL) { #ifdef USE_CERT_BUFFERS_1024 XMEMCPY(tmp, client_key_der_1024, (size_t)sizeof_client_key_der_1024); #elif defined(USE_CERT_BUFFERS_2048) XMEMCPY(tmp, client_key_der_2048, (size_t)sizeof_client_key_der_2048); #elif !defined(NO_FILESYSTEM) file = XFOPEN(clientKey, "rb"); if (file != XBADFILE) { bytes = (size_t)XFREAD(tmp, 1, FOURK_BUF, file); XFCLOSE(file); } else { ret = WOLFSSL_FATAL_ERROR; } #else ret = WOLFSSL_FATAL_ERROR; #endif } else { ret = WOLFSSL_FATAL_ERROR; } if (ret == 0) { ret = wc_InitRsaKey_ex(&rsa_key, HEAP_HINT, testDevId); } if (ret == 0) { ret = wc_RsaPrivateKeyDecode(tmp, &idx, &rsa_key, (word32)bytes); } if (ret == 0) { /* Input for signature type RSA */ sig_type = WC_SIGNATURE_TYPE_RSA; key_len = sizeof(RsaKey); ret = wc_SignatureGetSize(sig_type, &rsa_key, key_len); /* Test bad args */ if (ret > 0) { sig_type = (enum wc_SignatureType) 100; ret = wc_SignatureGetSize(sig_type, &rsa_key, key_len); if (ret == BAD_FUNC_ARG) { sig_type = WC_SIGNATURE_TYPE_RSA; ret = wc_SignatureGetSize(sig_type, NULL, key_len); } #ifndef HAVE_USER_RSA if (ret == BAD_FUNC_ARG) #else if (ret == 0) #endif { key_len = (word32)0; ret = wc_SignatureGetSize(sig_type, &rsa_key, key_len); } if (ret == BAD_FUNC_ARG) { ret = SIG_TYPE_E; } } } else { ret = WOLFSSL_FATAL_ERROR; } wc_FreeRsaKey(&rsa_key); XFREE(tmp, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); #else ret = SIG_TYPE_E; #endif res = TEST_RES_CHECK(ret == SIG_TYPE_E); #endif /* NO_SIG_WRAPPER */ return res; }/* END test_wc_SignatureGetSize_rsa(void) */ /*----------------------------------------------------------------------------* | hash.h Tests *----------------------------------------------------------------------------*/ static int test_wc_HashInit(void) { int ret = 0, i; /* 0 indicates tests passed, 1 indicates failure */ wc_HashAlg hash; /* enum for holding supported algorithms, #ifndef's restrict if disabled */ enum wc_HashType enumArray[] = { #ifndef NO_MD5 WC_HASH_TYPE_MD5, #endif #ifndef NO_SHA WC_HASH_TYPE_SHA, #endif #ifndef WOLFSSL_SHA224 WC_HASH_TYPE_SHA224, #endif #ifndef NO_SHA256 WC_HASH_TYPE_SHA256, #endif #ifndef WOLFSSL_SHA384 WC_HASH_TYPE_SHA384, #endif #ifndef WOLFSSL_SHA512 WC_HASH_TYPE_SHA512, #endif }; /* dynamically finds the length */ int enumlen = (sizeof(enumArray)/sizeof(enum wc_HashType)); /* For loop to test various arguments... */ for (i = 0; i < enumlen; i++) { /* check for bad args */ if (wc_HashInit(&hash, enumArray[i]) == BAD_FUNC_ARG) { ret = 1; break; } wc_HashFree(&hash, enumArray[i]); /* check for null ptr */ if (wc_HashInit(NULL, enumArray[i]) != BAD_FUNC_ARG) { ret = 1; break; } } /* end of for loop */ return TEST_RES_CHECK(ret == 0); } /* end of test_wc_HashInit */ /* * Unit test function for wc_HashSetFlags() */ static int test_wc_HashSetFlags(void) { int res = TEST_SKIPPED; #ifdef WOLFSSL_HASH_FLAGS wc_HashAlg hash; int ret = 0; word32 flags = 0; int i, j; int notSupportedLen; /* enum for holding supported algorithms, #ifndef's restrict if disabled */ enum wc_HashType enumArray[] = { #ifndef NO_MD5 WC_HASH_TYPE_MD5, #endif #ifndef NO_SHA WC_HASH_TYPE_SHA, #endif #ifdef WOLFSSL_SHA224 WC_HASH_TYPE_SHA224, #endif #ifndef NO_SHA256 WC_HASH_TYPE_SHA256, #endif #ifdef WOLFSSL_SHA384 WC_HASH_TYPE_SHA384, #endif #ifdef WOLFSSL_SHA512 WC_HASH_TYPE_SHA512, #endif #ifdef WOLFSSL_SHA3 WC_HASH_TYPE_SHA3_224, #endif }; enum wc_HashType notSupported[] = { WC_HASH_TYPE_MD5_SHA, WC_HASH_TYPE_MD2, WC_HASH_TYPE_MD4, WC_HASH_TYPE_BLAKE2B, WC_HASH_TYPE_BLAKE2S, WC_HASH_TYPE_NONE, }; /* dynamically finds the length */ int enumlen = (sizeof(enumArray)/sizeof(enum wc_HashType)); /* For loop to test various arguments... */ for (i = 0; i < enumlen; i++) { ret = wc_HashInit(&hash, enumArray[i]); if (ret == 0) { ret = wc_HashSetFlags(&hash, enumArray[i], flags); } if (ret == 0) { if (flags & WC_HASH_FLAG_ISCOPY) { ret = 0; } } if (ret == 0) { ret = wc_HashSetFlags(NULL, enumArray[i], flags); if (ret == BAD_FUNC_ARG) { ret = 0; } } wc_HashFree(&hash, enumArray[i]); } /* For loop to test not supported cases */ notSupportedLen = (sizeof(notSupported)/sizeof(enum wc_HashType)); for (j = 0; ret == 0 && j < notSupportedLen; j++) { ret = wc_HashInit(&hash, notSupported[j]); if (ret == 0) { ret = -1; } else if (ret == BAD_FUNC_ARG) { ret = wc_HashSetFlags(&hash, notSupported[j], flags); if (ret == 0) { ret = -1; } else if (ret == BAD_FUNC_ARG) { ret = 0; } } if (ret == 0) { ret = wc_HashFree(&hash, notSupported[j]); if (ret == 0) { ret = -1; } else if (ret == BAD_FUNC_ARG) { ret = 0; } } } res = TEST_RES_CHECK(ret == 0); #endif return res; } /* END test_wc_HashSetFlags */ /* * Unit test function for wc_HashGetFlags() */ static int test_wc_HashGetFlags(void) { int res = TEST_SKIPPED; #ifdef WOLFSSL_HASH_FLAGS wc_HashAlg hash; int ret = 0; word32 flags = 0; int i, j; /* enum for holding supported algorithms, #ifndef's restrict if disabled */ enum wc_HashType enumArray[] = { #ifndef NO_MD5 WC_HASH_TYPE_MD5, #endif #ifndef NO_SHA WC_HASH_TYPE_SHA, #endif #ifdef WOLFSSL_SHA224 WC_HASH_TYPE_SHA224, #endif #ifndef NO_SHA256 WC_HASH_TYPE_SHA256, #endif #ifdef WOLFSSL_SHA384 WC_HASH_TYPE_SHA384, #endif #ifdef WOLFSSL_SHA512 WC_HASH_TYPE_SHA512, #endif #ifdef WOLFSSL_SHA3 WC_HASH_TYPE_SHA3_224, #endif }; enum wc_HashType notSupported[] = { WC_HASH_TYPE_MD5_SHA, WC_HASH_TYPE_MD2, WC_HASH_TYPE_MD4, WC_HASH_TYPE_BLAKE2B, WC_HASH_TYPE_BLAKE2S, WC_HASH_TYPE_NONE, }; int enumlen = (sizeof(enumArray)/sizeof(enum wc_HashType)); int notSupportedLen; /* For loop to test various arguments... */ for (i = 0; i < enumlen; i++) { ret = wc_HashInit(&hash, enumArray[i]); if (ret == 0) { ret = wc_HashGetFlags(&hash, enumArray[i], &flags); } if (ret == 0) { if (flags & WC_HASH_FLAG_ISCOPY) { ret = 0; } } if (ret == 0) { ret = wc_HashGetFlags(NULL, enumArray[i], &flags); if (ret == BAD_FUNC_ARG) { ret = 0; } } wc_HashFree(&hash, enumArray[i]); if (ret != 0) { break; } } /* For loop to test not supported cases */ notSupportedLen = (sizeof(notSupported)/sizeof(enum wc_HashType)); for (j = 0; ret == 0 && j < notSupportedLen; j++) { ret = wc_HashInit(&hash, notSupported[j]); if (ret == 0) { ret = -1; } else if (ret == BAD_FUNC_ARG) { ret = wc_HashGetFlags(&hash, notSupported[j], &flags); if (ret == 0) { ret = -1; } else if (ret == BAD_FUNC_ARG) { ret = 0; } } if (ret == 0) { ret = wc_HashFree(&hash, notSupported[j]); if (ret == 0) { ret = -1; } if (ret == BAD_FUNC_ARG) { ret = 0; } } } res = TEST_RES_CHECK(ret == 0); #endif return res; } /* END test_wc_HashGetFlags */ /*----------------------------------------------------------------------------* | Compatibility Tests *----------------------------------------------------------------------------*/ /*----------------------------------------------------------------------------* | ASN.1 Tests *----------------------------------------------------------------------------*/ static int test_wolfSSL_ASN1_BIT_STRING(void) { int res = TEST_SKIPPED; #if !defined(NO_CERTS) && defined(OPENSSL_ALL) ASN1_BIT_STRING* str; AssertNotNull(str = ASN1_BIT_STRING_new()); /* Empty data testing. */ AssertIntEQ(ASN1_BIT_STRING_get_bit(str, 1), 0); ASN1_BIT_STRING_free(str); AssertNotNull(str = ASN1_BIT_STRING_new()); /* Invalid parameter testing. */ AssertIntEQ(ASN1_BIT_STRING_set_bit(NULL, 42, 1), 0); AssertIntEQ(ASN1_BIT_STRING_set_bit(str, -1, 1), 0); AssertIntEQ(ASN1_BIT_STRING_set_bit(str, 42, 2), 0); AssertIntEQ(ASN1_BIT_STRING_set_bit(str, 42, -1), 0); /* No bit string - bit is always 0. */ AssertIntEQ(ASN1_BIT_STRING_get_bit(NULL, 42), 0); AssertIntEQ(ASN1_BIT_STRING_get_bit(NULL, -1), 0); AssertIntEQ(ASN1_BIT_STRING_get_bit(str, -1), 0); AssertIntEQ(ASN1_BIT_STRING_get_bit(str, 0), 0); AssertIntEQ(ASN1_BIT_STRING_set_bit(str, 42, 1), 1); AssertIntEQ(ASN1_BIT_STRING_get_bit(str, 42), 1); AssertIntEQ(ASN1_BIT_STRING_get_bit(str, 41), 0); AssertIntEQ(ASN1_BIT_STRING_get_bit(str, -1), 0); AssertIntEQ(ASN1_BIT_STRING_set_bit(str, 84, 1), 1); AssertIntEQ(ASN1_BIT_STRING_get_bit(str, 84), 1); AssertIntEQ(ASN1_BIT_STRING_get_bit(str, 83), 0); AssertIntEQ(ASN1_BIT_STRING_set_bit(str, 91, 0), 1); AssertIntEQ(ASN1_BIT_STRING_get_bit(str, 91), 0); AssertIntEQ(ASN1_BIT_STRING_set_bit(str, 89, 0), 1); AssertIntEQ(ASN1_BIT_STRING_get_bit(str, 89), 0); AssertIntEQ(ASN1_BIT_STRING_set_bit(str, 42, 0), 1); AssertIntEQ(ASN1_BIT_STRING_get_bit(str, 42), 0); ASN1_BIT_STRING_free(str); ASN1_BIT_STRING_free(NULL); res = TEST_RES_CHECK(1); #endif return res; } static int test_wolfSSL_ASN1_INTEGER(void) { int res = TEST_SKIPPED; #if defined(OPENSSL_EXTRA) && !defined(NO_ASN) ASN1_INTEGER* a; ASN1_INTEGER* dup; const unsigned char invalidLenDer[] = { 0x02, 0x20, 0x00 }; const unsigned char longDer[] = { 0x02, 0x20, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08 }; const unsigned char* p; /* Invalid parameter testing. */ ASN1_INTEGER_free(NULL); AssertNull(wolfSSL_ASN1_INTEGER_dup(NULL)); AssertNotNull(a = ASN1_INTEGER_new()); AssertNotNull(dup = wolfSSL_ASN1_INTEGER_dup(a)); ASN1_INTEGER_free(dup); ASN1_INTEGER_free(a); p = longDer; AssertNull(d2i_ASN1_INTEGER(NULL, &p, sizeof(invalidLenDer))); p = longDer; AssertNotNull(a = d2i_ASN1_INTEGER(NULL, &p, sizeof(longDer))); AssertPtrNE(p, longDer); AssertNotNull(dup = wolfSSL_ASN1_INTEGER_dup(a)); ASN1_INTEGER_free(dup); ASN1_INTEGER_free(a); res = TEST_RES_CHECK(1); #endif return res; } static int test_wolfSSL_ASN1_INTEGER_cmp(void) { int res = TEST_SKIPPED; #if defined(OPENSSL_EXTRA) && !defined(NO_ASN) ASN1_INTEGER* a; ASN1_INTEGER* b; AssertNotNull(a = ASN1_INTEGER_new()); AssertNotNull(b = ASN1_INTEGER_new()); AssertIntEQ(ASN1_INTEGER_set(a, 1), 1); AssertIntEQ(ASN1_INTEGER_set(b, 1), 1); /* Invalid parameter testing. */ AssertIntEQ(wolfSSL_ASN1_INTEGER_cmp(NULL, NULL), -1); AssertIntEQ(wolfSSL_ASN1_INTEGER_cmp(a, NULL), -1); AssertIntEQ(wolfSSL_ASN1_INTEGER_cmp(NULL, b), -1); AssertIntEQ(wolfSSL_ASN1_INTEGER_cmp(a, b), 0); AssertIntEQ(ASN1_INTEGER_set(b, -1), 1); AssertIntGT(wolfSSL_ASN1_INTEGER_cmp(a, b), 0); AssertIntEQ(ASN1_INTEGER_set(a, -2), 1); AssertIntLT(wolfSSL_ASN1_INTEGER_cmp(a, b), 0); AssertIntEQ(ASN1_INTEGER_set(b, 1), 1); AssertIntLT(wolfSSL_ASN1_INTEGER_cmp(a, b), 0); AssertIntEQ(ASN1_INTEGER_set(a, 0x01), 1); AssertIntEQ(ASN1_INTEGER_set(b, 0x1000), 1); AssertIntLT(wolfSSL_ASN1_INTEGER_cmp(a, b), 0); AssertIntGT(wolfSSL_ASN1_INTEGER_cmp(b, a), 0); ASN1_INTEGER_free(b); ASN1_INTEGER_free(a); res = TEST_RES_CHECK(1); #endif return res; } static int test_wolfSSL_ASN1_INTEGER_BN(void) { int res = TEST_SKIPPED; #if defined(OPENSSL_EXTRA) && !defined(NO_ASN) ASN1_INTEGER* ai; ASN1_INTEGER* ai2; BIGNUM* bn; BIGNUM* bn2; ai = ASN1_INTEGER_new(); AssertNotNull(ai); bn2 = BN_new(); AssertNotNull(bn2); /* Invalid parameter testing. */ AssertNull(bn = ASN1_INTEGER_to_BN(NULL, NULL)); AssertNull(ai2 = BN_to_ASN1_INTEGER(NULL, NULL)); /* at the moment hard setting since no set function */ ai->data[0] = 0xff; /* No DER encoding. */ ai->length = 1; #if defined(WOLFSSL_QT) || defined(WOLFSSL_HAPROXY) AssertNotNull(bn = ASN1_INTEGER_to_BN(ai, NULL)); BN_free(bn); #else AssertNull(ASN1_INTEGER_to_BN(ai, NULL)); #endif ai->data[0] = 0x02; /* tag for ASN_INTEGER */ ai->data[1] = 0x04; /* bad length of integer */ ai->data[2] = 0x03; ai->length = 3; #if defined(WOLFSSL_QT) || defined(WOLFSSL_HAPROXY) /* Interpreted as a number 0x020403. */ AssertNotNull(bn = ASN1_INTEGER_to_BN(ai, NULL)); BN_free(bn); #else AssertNull(ASN1_INTEGER_to_BN(ai, NULL)); #endif ai->data[0] = 0x02; /* tag for ASN_INTEGER */ ai->data[1] = 0x01; /* length of integer */ ai->data[2] = 0x03; ai->length = 3; AssertNotNull(bn = ASN1_INTEGER_to_BN(ai, NULL)); AssertNotNull(ai2 = BN_to_ASN1_INTEGER(bn, NULL)); AssertIntEQ(ASN1_INTEGER_cmp(ai, ai2), 0); AssertNotNull(bn2 = ASN1_INTEGER_to_BN(ai2, bn2)); AssertIntEQ(BN_cmp(bn, bn2), 0); ai->data[0] = 0x02; /* tag for ASN_INTEGER */ ai->data[1] = 0x02; /* length of integer */ ai->data[2] = 0x00; /* padding byte to ensure positive */ ai->data[3] = 0xff; ai->length = 4; AssertNotNull(bn = ASN1_INTEGER_to_BN(ai, bn)); AssertNotNull(ai2 = BN_to_ASN1_INTEGER(bn, ai2)); AssertIntEQ(ASN1_INTEGER_cmp(ai, ai2), 0); AssertNotNull(bn2 = ASN1_INTEGER_to_BN(ai2, bn2)); AssertIntEQ(BN_cmp(bn, bn2), 0); ai->data[0] = 0x02; /* tag for ASN_INTEGER */ ai->data[1] = 0x01; /* length of integer */ ai->data[2] = 0x00; ai->length = 3; AssertNotNull(bn = ASN1_INTEGER_to_BN(ai, bn)); AssertNotNull(ai2 = BN_to_ASN1_INTEGER(bn, ai2)); AssertIntEQ(ASN1_INTEGER_cmp(ai, ai2), 0); AssertNotNull(bn2 = ASN1_INTEGER_to_BN(ai2, bn2)); AssertIntEQ(BN_cmp(bn, bn2), 0); ai->data[0] = 0x02; /* tag for ASN_INTEGER */ ai->data[1] = 0x01; /* length of integer */ ai->data[2] = 0x01; ai->length = 3; ai->negative = 1; AssertNotNull(bn = ASN1_INTEGER_to_BN(ai, bn)); AssertNotNull(ai2 = BN_to_ASN1_INTEGER(bn, ai2)); AssertIntEQ(ASN1_INTEGER_cmp(ai, ai2), 0); AssertNotNull(bn2 = ASN1_INTEGER_to_BN(ai2, bn2)); AssertIntEQ(BN_cmp(bn, bn2), 0); BN_free(bn2); BN_free(bn); ASN1_INTEGER_free(ai2); ASN1_INTEGER_free(ai); res = TEST_RES_CHECK(1); #endif return res; } static int test_wolfSSL_ASN1_INTEGER_get_set(void) { int res = TEST_SKIPPED; #if defined(OPENSSL_EXTRA) && !defined(NO_ASN) ASN1_INTEGER *a; long val; int ret; a = ASN1_INTEGER_new(); /* Invalid parameter testing. */ AssertIntEQ(ASN1_INTEGER_get(NULL), 0); #if defined(WOLFSSL_QT) || defined(WOLFSSL_HAPROXY) AssertIntEQ(ASN1_INTEGER_get(a), 0); #else AssertIntEQ(ASN1_INTEGER_get(a), -1); #endif ASN1_INTEGER_free(a); a = ASN1_INTEGER_new(); val = 0; ret = ASN1_INTEGER_set(NULL, val); AssertIntEQ(ret, 0); ASN1_INTEGER_free(a); /* 0 */ a = ASN1_INTEGER_new(); val = 0; ret = ASN1_INTEGER_set(a, val); AssertIntEQ(ret, 1); AssertIntEQ(ASN1_INTEGER_get(a), val); ASN1_INTEGER_free(a); /* 40 */ a = ASN1_INTEGER_new(); val = 40; ret = ASN1_INTEGER_set(a, val); AssertIntEQ(ret, 1); AssertIntEQ(ASN1_INTEGER_get(a), val); ASN1_INTEGER_free(a); /* -40 */ a = ASN1_INTEGER_new(); val = -40; ret = ASN1_INTEGER_set(a, val); AssertIntEQ(ret, 1); AssertIntEQ(ASN1_INTEGER_get(a), val); ASN1_INTEGER_free(a); /* 128 */ a = ASN1_INTEGER_new(); val = 128; ret = ASN1_INTEGER_set(a, val); AssertIntEQ(ret, 1); AssertIntEQ(ASN1_INTEGER_get(a), val); ASN1_INTEGER_free(a); /* -128 */ a = ASN1_INTEGER_new(); val = -128; ret = ASN1_INTEGER_set(a, val); AssertIntEQ(ret, 1); AssertIntEQ(ASN1_INTEGER_get(a), val); ASN1_INTEGER_free(a); /* 200 */ a = ASN1_INTEGER_new(); val = 200; ret = ASN1_INTEGER_set(a, val); AssertIntEQ(ret, 1); AssertIntEQ(ASN1_INTEGER_get(a), val); ASN1_INTEGER_free(a); /* int max (2147483647) */ a = ASN1_INTEGER_new(); val = 2147483647; ret = ASN1_INTEGER_set(a, val); AssertIntEQ(ret, 1); AssertIntEQ(ASN1_INTEGER_get(a), val); ASN1_INTEGER_free(a); /* int min (-2147483648) */ a = ASN1_INTEGER_new(); val = -2147483647 - 1; ret = ASN1_INTEGER_set(a, val); AssertIntEQ(ret, 1); AssertIntEQ(ASN1_INTEGER_get(a), val); ASN1_INTEGER_free(a); /* long max positive */ a = ASN1_INTEGER_new(); val = (long)(((unsigned long)-1) >> 1); ret = ASN1_INTEGER_set(a, val); AssertIntEQ(ret, 1); AssertIntEQ(ASN1_INTEGER_get(a), val); ASN1_INTEGER_free(a); res = TEST_RES_CHECK(1); #endif return res; } #if defined(OPENSSL_EXTRA) typedef struct ASN1IntTestVector { const byte* der; const size_t derSz; const long value; } ASN1IntTestVector; #endif static int test_wolfSSL_d2i_ASN1_INTEGER(void) { int res = TEST_SKIPPED; #if defined(OPENSSL_EXTRA) size_t i; WOLFSSL_ASN1_INTEGER* a = NULL; WOLFSSL_ASN1_INTEGER* b = NULL; WOLFSSL_ASN1_INTEGER* c = NULL; const byte* p = NULL; byte* reEncoded = NULL; int reEncodedSz; static const byte zeroDer[] = { 0x02, 0x01, 0x00 }; static const byte oneDer[] = { 0x02, 0x01, 0x01 }; static const byte negativeDer[] = { 0x02, 0x03, 0xC1, 0x16, 0x0D }; static const byte positiveDer[] = { 0x02, 0x03, 0x01, 0x00, 0x01 }; static const byte primeDer[] = { 0x02, 0x82, 0x01, 0x01, 0x00, 0xc0, 0x95, 0x08, 0xe1, 0x57, 0x41, 0xf2, 0x71, 0x6d, 0xb7, 0xd2, 0x45, 0x41, 0x27, 0x01, 0x65, 0xc6, 0x45, 0xae, 0xf2, 0xbc, 0x24, 0x30, 0xb8, 0x95, 0xce, 0x2f, 0x4e, 0xd6, 0xf6, 0x1c, 0x88, 0xbc, 0x7c, 0x9f, 0xfb, 0xa8, 0x67, 0x7f, 0xfe, 0x5c, 0x9c, 0x51, 0x75, 0xf7, 0x8a, 0xca, 0x07, 0xe7, 0x35, 0x2f, 0x8f, 0xe1, 0xbd, 0x7b, 0xc0, 0x2f, 0x7c, 0xab, 0x64, 0xa8, 0x17, 0xfc, 0xca, 0x5d, 0x7b, 0xba, 0xe0, 0x21, 0xe5, 0x72, 0x2e, 0x6f, 0x2e, 0x86, 0xd8, 0x95, 0x73, 0xda, 0xac, 0x1b, 0x53, 0xb9, 0x5f, 0x3f, 0xd7, 0x19, 0x0d, 0x25, 0x4f, 0xe1, 0x63, 0x63, 0x51, 0x8b, 0x0b, 0x64, 0x3f, 0xad, 0x43, 0xb8, 0xa5, 0x1c, 0x5c, 0x34, 0xb3, 0xae, 0x00, 0xa0, 0x63, 0xc5, 0xf6, 0x7f, 0x0b, 0x59, 0x68, 0x78, 0x73, 0xa6, 0x8c, 0x18, 0xa9, 0x02, 0x6d, 0xaf, 0xc3, 0x19, 0x01, 0x2e, 0xb8, 0x10, 0xe3, 0xc6, 0xcc, 0x40, 0xb4, 0x69, 0xa3, 0x46, 0x33, 0x69, 0x87, 0x6e, 0xc4, 0xbb, 0x17, 0xa6, 0xf3, 0xe8, 0xdd, 0xad, 0x73, 0xbc, 0x7b, 0x2f, 0x21, 0xb5, 0xfd, 0x66, 0x51, 0x0c, 0xbd, 0x54, 0xb3, 0xe1, 0x6d, 0x5f, 0x1c, 0xbc, 0x23, 0x73, 0xd1, 0x09, 0x03, 0x89, 0x14, 0xd2, 0x10, 0xb9, 0x64, 0xc3, 0x2a, 0xd0, 0xa1, 0x96, 0x4a, 0xbc, 0xe1, 0xd4, 0x1a, 0x5b, 0xc7, 0xa0, 0xc0, 0xc1, 0x63, 0x78, 0x0f, 0x44, 0x37, 0x30, 0x32, 0x96, 0x80, 0x32, 0x23, 0x95, 0xa1, 0x77, 0xba, 0x13, 0xd2, 0x97, 0x73, 0xe2, 0x5d, 0x25, 0xc9, 0x6a, 0x0d, 0xc3, 0x39, 0x60, 0xa4, 0xb4, 0xb0, 0x69, 0x42, 0x42, 0x09, 0xe9, 0xd8, 0x08, 0xbc, 0x33, 0x20, 0xb3, 0x58, 0x22, 0xa7, 0xaa, 0xeb, 0xc4, 0xe1, 0xe6, 0x61, 0x83, 0xc5, 0xd2, 0x96, 0xdf, 0xd9, 0xd0, 0x4f, 0xad, 0xd7 }; static const byte garbageDer[] = {0xDE, 0xAD, 0xBE, 0xEF}; static const ASN1IntTestVector testVectors[] = { {zeroDer, sizeof(zeroDer), 0}, {oneDer, sizeof(oneDer), 1}, {negativeDer, sizeof(negativeDer), -4123123}, {positiveDer, sizeof(positiveDer), 65537}, {primeDer, sizeof(primeDer), 0} }; static const size_t NUM_TEST_VECTORS = sizeof(testVectors)/sizeof(testVectors[0]); /* Check d2i error conditions */ /* NULL pointer to input. */ AssertNull((a = wolfSSL_d2i_ASN1_INTEGER(&b, NULL, 1))); AssertNull(b); /* NULL input. */ AssertNull((a = wolfSSL_d2i_ASN1_INTEGER(&b, &p, 1))); AssertNull(b); /* 0 length. */ p = testVectors[0].der; AssertNull((a = wolfSSL_d2i_ASN1_INTEGER(&b, &p, 0))); AssertNull(b); /* Negative length. */ p = testVectors[0].der; AssertNull((a = wolfSSL_d2i_ASN1_INTEGER(&b, &p, -1))); AssertNull(b); /* Garbage DER input. */ p = garbageDer; AssertNull((a = wolfSSL_d2i_ASN1_INTEGER(&b, &p, sizeof(garbageDer)))); AssertNull(b); { /* Check i2d error conditions */ /* NULL input. */ byte* p2 = NULL; AssertIntLT(wolfSSL_i2d_ASN1_INTEGER(NULL, &p2), 0); /* 0 length input data buffer (a->length == 0). */ AssertNotNull((a = wolfSSL_ASN1_INTEGER_new())); AssertIntLT(wolfSSL_i2d_ASN1_INTEGER(a, &p2), 0); a->data = NULL; /* NULL input data buffer. */ AssertIntLT(wolfSSL_i2d_ASN1_INTEGER(a, &p2), 0); /* Reset a->data. */ a->data = a->intData; /* Set a to valid value. */ AssertIntEQ(wolfSSL_ASN1_INTEGER_set(a, 1), WOLFSSL_SUCCESS); /* NULL output buffer. */ AssertIntLT(wolfSSL_i2d_ASN1_INTEGER(a, NULL), 0); wolfSSL_ASN1_INTEGER_free(a); } for (i = 0; i < NUM_TEST_VECTORS; ++i) { p = testVectors[i].der; a = wolfSSL_d2i_ASN1_INTEGER(&b, &p, testVectors[i].derSz); AssertIntEQ(wolfSSL_ASN1_INTEGER_cmp(a, b), 0); if (testVectors[i].derSz <= sizeof(long)) { c = wolfSSL_ASN1_INTEGER_new(); wolfSSL_ASN1_INTEGER_set(c, testVectors[i].value); AssertIntEQ(wolfSSL_ASN1_INTEGER_cmp(a, c), 0); wolfSSL_ASN1_INTEGER_free(c); } /* Convert to DER without a pre-allocated output buffer. */ AssertIntGT((reEncodedSz = wolfSSL_i2d_ASN1_INTEGER(a, &reEncoded)), 0); AssertIntEQ(reEncodedSz, testVectors[i].derSz); AssertIntEQ(XMEMCMP(reEncoded, testVectors[i].der, reEncodedSz), 0); /* Convert to DER with a pre-allocated output buffer. In this case, the * output buffer pointer should be incremented just past the end of the * encoded data. */ p = reEncoded; AssertIntGT((reEncodedSz = wolfSSL_i2d_ASN1_INTEGER(a, &reEncoded)), 0); AssertIntEQ(reEncodedSz, testVectors[i].derSz); AssertPtrEq(p, reEncoded - reEncodedSz); AssertIntEQ(XMEMCMP(p, testVectors[i].der, reEncodedSz), 0); XFREE(reEncoded - reEncodedSz, NULL, DYNAMIC_TYPE_ASN1); reEncoded = NULL; wolfSSL_ASN1_INTEGER_free(a); } res = TEST_RES_CHECK(1); #endif /* OPENSSL_EXTRA */ return res; } static int test_wolfSSL_a2i_ASN1_INTEGER(void) { int res = TEST_SKIPPED; #if defined(OPENSSL_EXTRA) && !defined(NO_BIO) BIO* bio; BIO* out; BIO* fixed; ASN1_INTEGER* ai; char buf[] = "123456\n12345\n1123456789123456\\\n78901234567890 \r\n\n"; char tmp[1024]; int tmpSz; const char expected1[] = "123456"; const char expected2[] = "112345678912345678901234567890"; char longStr[] = "123456781234567812345678123456781234567812345678\n" "123456781234567812345678123456781234567812345678\\\n12345678\n"; AssertNotNull(out = BIO_new(BIO_s_mem())); AssertNotNull(ai = ASN1_INTEGER_new()); AssertNotNull(bio = BIO_new_mem_buf(buf, -1)); /* Invalid parameter testing. */ AssertIntEQ(a2i_ASN1_INTEGER(NULL, NULL, NULL, -1), 0); AssertIntEQ(a2i_ASN1_INTEGER(bio, NULL, NULL, -1), 0); AssertIntEQ(a2i_ASN1_INTEGER(NULL, ai, NULL, -1), 0); AssertIntEQ(a2i_ASN1_INTEGER(NULL, NULL, tmp, -1), 0); AssertIntEQ(a2i_ASN1_INTEGER(NULL, NULL, NULL, 1024), 0); AssertIntEQ(a2i_ASN1_INTEGER(NULL, ai, tmp, 1024), 0); AssertIntEQ(a2i_ASN1_INTEGER(bio, NULL, tmp, 1024), 0); AssertIntEQ(a2i_ASN1_INTEGER(bio, ai, NULL, 1024), 0); AssertIntEQ(a2i_ASN1_INTEGER(bio, ai, tmp, -1), 0); AssertIntEQ(i2a_ASN1_INTEGER(NULL, NULL), 0); AssertIntEQ(i2a_ASN1_INTEGER(bio, NULL), 0); AssertIntEQ(i2a_ASN1_INTEGER(NULL, ai), 0); /* No data to read from BIO. */ AssertIntEQ(a2i_ASN1_INTEGER(out, ai, tmp, 1024), 0); /* read first line */ AssertIntEQ(a2i_ASN1_INTEGER(bio, ai, tmp, 1024), 1); AssertIntEQ(i2a_ASN1_INTEGER(out, ai), 6); XMEMSET(tmp, 0, 1024); tmpSz = BIO_read(out, tmp, 1024); AssertIntEQ(tmpSz, 6); AssertIntEQ(XMEMCMP(tmp, expected1, tmpSz), 0); /* fail on second line (not % 2) */ AssertIntEQ(a2i_ASN1_INTEGER(bio, ai, tmp, 1024), 0); /* read 3rd long line */ AssertIntEQ(a2i_ASN1_INTEGER(bio, ai, tmp, 1024), 1); AssertIntEQ(i2a_ASN1_INTEGER(out, ai), 30); XMEMSET(tmp, 0, 1024); tmpSz = BIO_read(out, tmp, 1024); AssertIntEQ(tmpSz, 30); AssertIntEQ(XMEMCMP(tmp, expected2, tmpSz), 0); /* fail on empty line */ AssertIntEQ(a2i_ASN1_INTEGER(bio, ai, tmp, 1024), 0); BIO_free(bio); /* Make long integer, requiring dynamic memory, even longer. */ AssertNotNull(bio = BIO_new_mem_buf(longStr, -1)); AssertIntEQ(a2i_ASN1_INTEGER(bio, ai, tmp, 1024), 1); AssertIntEQ(i2a_ASN1_INTEGER(out, ai), 48); XMEMSET(tmp, 0, 1024); tmpSz = BIO_read(out, tmp, 1024); AssertIntEQ(tmpSz, 48); AssertIntEQ(a2i_ASN1_INTEGER(bio, ai, tmp, 1024), 1); AssertIntEQ(i2a_ASN1_INTEGER(out, ai), 56); XMEMSET(tmp, 0, 1024); tmpSz = BIO_read(out, tmp, 1024); AssertIntEQ(tmpSz, 56); AssertIntEQ(wolfSSL_ASN1_INTEGER_set(ai, 1), 1); BIO_free(bio); BIO_free(out); AssertNotNull(fixed = BIO_new(wolfSSL_BIO_s_fixed_mem())); AssertIntEQ(BIO_set_write_buf_size(fixed, 1), 1); /* Ensure there is 0 bytes avaialble to write into. */ AssertIntEQ(BIO_write(fixed, tmp, 1), 1); AssertIntEQ(i2a_ASN1_INTEGER(fixed, ai), 0); AssertIntEQ(BIO_set_write_buf_size(fixed, 1), 1); AssertIntEQ(i2a_ASN1_INTEGER(fixed, ai), 0); BIO_free(fixed); ASN1_INTEGER_free(ai); res = TEST_RES_CHECK(1); #endif return res; } static int test_wolfSSL_i2c_ASN1_INTEGER(void) { int res = TEST_SKIPPED; #if defined(OPENSSL_EXTRA) && !defined(NO_ASN) ASN1_INTEGER *a; unsigned char *pp,*tpp; int ret; a = wolfSSL_ASN1_INTEGER_new(); /* Invalid parameter testing. */ /* Set pp to an invalid value. */ pp = NULL; AssertIntEQ(i2c_ASN1_INTEGER(NULL, &pp), 0); AssertIntEQ(i2c_ASN1_INTEGER(a, &pp), 0); AssertIntEQ(i2c_ASN1_INTEGER(NULL, NULL), 0); /* 40 */ a->intData[0] = ASN_INTEGER; a->intData[1] = 1; a->intData[2] = 40; AssertIntEQ(ret = i2c_ASN1_INTEGER(a, NULL), 1); AssertNotNull(pp = (unsigned char*)XMALLOC(ret + 1, NULL, DYNAMIC_TYPE_TMP_BUFFER)); tpp = pp; XMEMSET(pp, 0, ret + 1); AssertIntEQ(i2c_ASN1_INTEGER(a, &pp), 1); pp--; AssertIntEQ(*pp, 40); XFREE(tpp, NULL, DYNAMIC_TYPE_TMP_BUFFER); /* 128 */ a->intData[0] = ASN_INTEGER; a->intData[1] = 1; a->intData[2] = 128; AssertIntEQ(ret = i2c_ASN1_INTEGER(a, NULL), 2); AssertNotNull(pp = (unsigned char*)XMALLOC(ret + 1, NULL, DYNAMIC_TYPE_TMP_BUFFER)); tpp = pp; XMEMSET(pp, 0, ret + 1); AssertIntEQ(i2c_ASN1_INTEGER(a, &pp), 2); pp--; AssertIntEQ(*(pp--), 128); AssertIntEQ(*pp, 0); XFREE(tpp, NULL, DYNAMIC_TYPE_TMP_BUFFER); /* -40 */ a->intData[0] = ASN_INTEGER; a->intData[1] = 1; a->intData[2] = 40; a->negative = 1; AssertIntEQ(ret = i2c_ASN1_INTEGER(a, NULL), 1); AssertNotNull(pp = (unsigned char*)XMALLOC(ret + 1, NULL, DYNAMIC_TYPE_TMP_BUFFER)); tpp = pp; XMEMSET(pp, 0, ret + 1); AssertIntEQ(i2c_ASN1_INTEGER(a, &pp), 1); pp--; AssertIntEQ(*pp, 216); XFREE(tpp, NULL, DYNAMIC_TYPE_TMP_BUFFER); /* -128 */ a->intData[0] = ASN_INTEGER; a->intData[1] = 1; a->intData[2] = 128; a->negative = 1; AssertIntEQ(ret = i2c_ASN1_INTEGER(a, NULL), 1); AssertNotNull(pp = (unsigned char*)XMALLOC(ret + 1, NULL, DYNAMIC_TYPE_TMP_BUFFER)); tpp = pp; XMEMSET(pp, 0, ret + 1); AssertIntEQ(i2c_ASN1_INTEGER(a, &pp), 1); pp--; AssertIntEQ(*pp, 128); XFREE(tpp, NULL, DYNAMIC_TYPE_TMP_BUFFER); /* -200 */ a->intData[0] = ASN_INTEGER; a->intData[1] = 1; a->intData[2] = 200; a->negative = 1; AssertIntEQ(ret = i2c_ASN1_INTEGER(a, NULL), 2); AssertNotNull(pp = (unsigned char*)XMALLOC(ret + 1, NULL, DYNAMIC_TYPE_TMP_BUFFER)); tpp = pp; XMEMSET(pp, 0, ret + 1); AssertIntEQ(i2c_ASN1_INTEGER(a, &pp), 2); pp--; AssertIntEQ(*(pp--), 56); AssertIntEQ(*pp, 255); XFREE(tpp, NULL, DYNAMIC_TYPE_TMP_BUFFER); /* Empty */ a->intData[0] = ASN_INTEGER; a->intData[1] = 0; a->negative = 0; AssertIntEQ(ret = i2c_ASN1_INTEGER(a, NULL), 1); AssertNotNull(pp = (unsigned char*)XMALLOC(ret + 1, NULL, DYNAMIC_TYPE_TMP_BUFFER)); tpp = pp; XMEMSET(pp, 0, ret + 1); AssertIntEQ(i2c_ASN1_INTEGER(a, &pp), 1); pp--; AssertIntEQ(*pp, 0); XFREE(tpp, NULL, DYNAMIC_TYPE_TMP_BUFFER); /* 0 */ a->intData[0] = ASN_INTEGER; a->intData[1] = 1; a->intData[2] = 0; a->negative = 1; AssertIntEQ(ret = i2c_ASN1_INTEGER(a, NULL), 1); AssertNotNull(pp = (unsigned char*)XMALLOC(ret + 1, NULL, DYNAMIC_TYPE_TMP_BUFFER)); tpp = pp; XMEMSET(pp, 0, ret + 1); AssertIntEQ(i2c_ASN1_INTEGER(a, &pp), 1); pp--; AssertIntEQ(*pp, 0); XFREE(tpp, NULL, DYNAMIC_TYPE_TMP_BUFFER); /* 0x100 */ a->intData[0] = ASN_INTEGER; a->intData[1] = 2; a->intData[2] = 0x01; a->intData[3] = 0x00; a->negative = 0; AssertIntEQ(ret = i2c_ASN1_INTEGER(a, NULL), 2); AssertNotNull(pp = (unsigned char*)XMALLOC(ret + 1, NULL, DYNAMIC_TYPE_TMP_BUFFER)); tpp = pp; XMEMSET(pp, 0, ret + 1); AssertIntEQ(i2c_ASN1_INTEGER(a, &pp), 2); pp -= 2; AssertIntEQ(pp[0], 0x01); AssertIntEQ(pp[1], 0x00); XFREE(tpp, NULL, DYNAMIC_TYPE_TMP_BUFFER); /* -0x8000 => 0x8000 */ a->intData[0] = ASN_INTEGER; a->intData[1] = 2; a->intData[2] = 0x80; a->intData[3] = 0x00; a->negative = 1; AssertIntEQ(ret = i2c_ASN1_INTEGER(a, NULL), 2); AssertNotNull(pp = (unsigned char*)XMALLOC(ret + 1, NULL, DYNAMIC_TYPE_TMP_BUFFER)); tpp = pp; XMEMSET(pp, 0, ret + 1); AssertIntEQ(i2c_ASN1_INTEGER(a, &pp), 2); pp -= 2; AssertIntEQ(pp[0], 0x80); AssertIntEQ(pp[1], 0x00); XFREE(tpp, NULL, DYNAMIC_TYPE_TMP_BUFFER); /* -0x8001 => 0xFF7FFF */ a->intData[0] = ASN_INTEGER; a->intData[1] = 2; a->intData[2] = 0x80; a->intData[3] = 0x01; a->negative = 1; AssertIntEQ(ret = i2c_ASN1_INTEGER(a, NULL), 3); AssertNotNull(pp = (unsigned char*)XMALLOC(ret + 1, NULL, DYNAMIC_TYPE_TMP_BUFFER)); tpp = pp; XMEMSET(pp, 0, ret + 1); AssertIntEQ(i2c_ASN1_INTEGER(a, &pp), 3); pp -= 3; AssertIntEQ(pp[0], 0xFF); AssertIntEQ(pp[1], 0x7F); AssertIntEQ(pp[2], 0xFF); XFREE(tpp, NULL, DYNAMIC_TYPE_TMP_BUFFER); wolfSSL_ASN1_INTEGER_free(a); res = TEST_RES_CHECK(1); #endif /* OPENSSL_EXTRA && !NO_ASN */ return res; } static int test_wolfSSL_ASN1_OBJECT(void) { int res = TEST_SKIPPED; #if defined(OPENSSL_EXTRA) ASN1_OBJECT* a; ASN1_OBJECT s; const unsigned char der[] = { 0x06, 0x01, 0x00 }; /* Invalid parameter testing. */ ASN1_OBJECT_free(NULL); AssertNull(wolfSSL_ASN1_OBJECT_dup(NULL)); /* Test that a static ASN1_OBJECT can be freed. */ XMEMSET(&s, 0, sizeof(ASN1_OBJECT)); ASN1_OBJECT_free(&s); AssertNotNull(a = wolfSSL_ASN1_OBJECT_dup(&s)); ASN1_OBJECT_free(a); s.obj = der; s.objSz = sizeof(der); AssertNotNull(a = wolfSSL_ASN1_OBJECT_dup(&s)); ASN1_OBJECT_free(a); ASN1_OBJECT_free(&s); res = TEST_RES_CHECK(1); #endif /* OPENSSL_EXTRA */ return res; } static int test_wolfSSL_ASN1_get_object(void) { int res = TEST_SKIPPED; #if defined(OPENSSL_EXTRA) && defined(HAVE_ECC) && defined(USE_CERT_BUFFERS_256) const unsigned char* derBuf = cliecc_cert_der_256; const unsigned char* nullPtr = NULL; const unsigned char objDerInvalidLen[] = { 0x30, 0x81 }; const unsigned char objDerBadLen[] = { 0x30, 0x04 }; const unsigned char objDerNotObj[] = { 0x02, 0x01, 0x00 }; const unsigned char objDerNoData[] = { 0x06, 0x00 }; const unsigned char* p; unsigned char objDer[8]; unsigned char* der; unsigned char* derPtr; int len = sizeof_cliecc_cert_der_256; long asnLen = 0; int tag = 0; int cls = 0; ASN1_OBJECT* a; ASN1_OBJECT s; XMEMSET(&s, 0, sizeof(ASN1_OBJECT)); /* Invalid encoding at length. */ p = objDerInvalidLen; AssertIntEQ(ASN1_get_object(&p, &asnLen, &tag, &cls, sizeof(objDerBadLen)), 0x80); p = objDerBadLen; /* Error = 0x80, Constructed = 0x20 */ AssertIntEQ(ASN1_get_object(&p, &asnLen, &tag, &cls, sizeof(objDerBadLen)), 0x80 | 0x20); /* Read a couple TLV triplets and make sure they match the expected values */ /* SEQUENCE */ AssertIntEQ(ASN1_get_object(&derBuf, &asnLen, &tag, &cls, len) & 0x80, 0); AssertIntEQ(asnLen, 862); AssertIntEQ(tag, 0x10); AssertIntEQ(cls, 0); /* SEQUENCE */ AssertIntEQ(ASN1_get_object(&derBuf, &asnLen, &tag, &cls, len - (derBuf - cliecc_cert_der_256)) & 0x80, 0); AssertIntEQ(asnLen, 772); AssertIntEQ(tag, 0x10); AssertIntEQ(cls, 0); /* [0] */ AssertIntEQ(ASN1_get_object(&derBuf, &asnLen, &tag, &cls, len - (derBuf - cliecc_cert_der_256)) & 0x80, 0); AssertIntEQ(asnLen, 3); AssertIntEQ(tag, 0); AssertIntEQ(cls, 0x80); /* INTEGER */ AssertIntEQ(ASN1_get_object(&derBuf, &asnLen, &tag, &cls, len - (derBuf - cliecc_cert_der_256)) & 0x80, 0); AssertIntEQ(asnLen, 1); AssertIntEQ(tag, 0x2); AssertIntEQ(cls, 0); derBuf += asnLen; /* INTEGER */ AssertIntEQ(ASN1_get_object(&derBuf, &asnLen, &tag, &cls, len - (derBuf - cliecc_cert_der_256)) & 0x80, 0); AssertIntEQ(asnLen, 20); AssertIntEQ(tag, 0x2); AssertIntEQ(cls, 0); derBuf += asnLen; /* SEQUENCE */ AssertIntEQ(ASN1_get_object(&derBuf, &asnLen, &tag, &cls, len - (derBuf - cliecc_cert_der_256)) & 0x80, 0); AssertIntEQ(asnLen, 10); AssertIntEQ(tag, 0x10); AssertIntEQ(cls, 0); /* Found OBJECT_ID. */ /* Invalid parameter testing. */ AssertIntEQ(ASN1_get_object(NULL, NULL, NULL, NULL, 0), 0x80); AssertIntEQ(ASN1_get_object(&nullPtr, NULL, NULL, NULL, 0), 0x80); AssertIntEQ(ASN1_get_object(NULL, &asnLen, &tag, &cls, len), 0x80); AssertIntEQ(ASN1_get_object(&nullPtr, &asnLen, &tag, &cls, len), 0x80); AssertIntEQ(ASN1_get_object(&derBuf, NULL, &tag, &cls, len), 0x80); AssertIntEQ(ASN1_get_object(&derBuf, &asnLen, NULL, &cls, len), 0x80); AssertIntEQ(ASN1_get_object(&derBuf, &asnLen, &tag, NULL, len), 0x80); AssertIntEQ(ASN1_get_object(&derBuf, &asnLen, &tag, &cls, 0), 0x80); AssertIntEQ(ASN1_get_object(&derBuf, &asnLen, &tag, &cls, -1), 0x80); AssertNull(d2i_ASN1_OBJECT(NULL, NULL, -1)); AssertNull(d2i_ASN1_OBJECT(NULL, &nullPtr, -1)); AssertNull(d2i_ASN1_OBJECT(NULL, &derBuf, -1)); AssertNull(d2i_ASN1_OBJECT(NULL, NULL, 0)); AssertNull(d2i_ASN1_OBJECT(&a, NULL, len)); AssertNull(d2i_ASN1_OBJECT(&a, &nullPtr, len)); AssertNull(d2i_ASN1_OBJECT(&a, &derBuf, -1)); AssertNull(c2i_ASN1_OBJECT(NULL, NULL, -1)); AssertNull(c2i_ASN1_OBJECT(NULL, &nullPtr, -1)); AssertNull(c2i_ASN1_OBJECT(NULL, &derBuf, -1)); AssertNull(c2i_ASN1_OBJECT(NULL, NULL, 1)); AssertNull(c2i_ASN1_OBJECT(NULL, &nullPtr, 1)); /* Invalid encoding at length. */ p = objDerInvalidLen; AssertNull(d2i_ASN1_OBJECT(&a, &p, sizeof(objDerInvalidLen))); p = objDerBadLen; AssertNull(d2i_ASN1_OBJECT(&a, &p, sizeof(objDerBadLen))); p = objDerNotObj; AssertNull(d2i_ASN1_OBJECT(&a, &p, sizeof(objDerNotObj))); p = objDerNoData; AssertNull(d2i_ASN1_OBJECT(&a, &p, sizeof(objDerNoData))); /* Create an ASN OBJECT from content */ p = derBuf + 2; AssertNotNull(a = c2i_ASN1_OBJECT(NULL, &p, 8)); ASN1_OBJECT_free(a); /* Create an ASN OBJECT from DER */ AssertNotNull(d2i_ASN1_OBJECT(&a, &derBuf, len)); /* Invalid parameter testing. */ AssertIntEQ(i2d_ASN1_OBJECT(NULL, NULL), 0); AssertIntEQ(i2d_ASN1_OBJECT(&s, NULL), 0); AssertIntEQ(i2d_ASN1_OBJECT(a, NULL), 8); der = NULL; AssertIntEQ(i2d_ASN1_OBJECT(a, &der), 8); derPtr = objDer; AssertIntEQ(i2d_ASN1_OBJECT(a, &derPtr), 8); AssertPtrNE(derPtr, objDer); AssertIntEQ(XMEMCMP(der, objDer, 8), 0); XFREE(der, NULL, DYNAMIC_TYPE_OPENSSL); ASN1_OBJECT_free(a); res = TEST_RES_CHECK(1); #endif /* OPENSSL_EXTRA && HAVE_ECC && USE_CERT_BUFFERS_256 */ return res; } static int test_wolfSSL_i2a_ASN1_OBJECT(void) { int res = TEST_SKIPPED; #if defined(OPENSSL_EXTRA) && !defined(NO_ASN) && !defined(NO_BIO) ASN1_OBJECT* obj = NULL; ASN1_OBJECT* a = NULL; BIO *bio = NULL; const unsigned char notObjDer[] = { 0x04, 0x01, 0xff }; const unsigned char badLenDer[] = { 0x06, 0x04, 0x01 }; const unsigned char goodDer[] = { 0x06, 0x01, 0x01 }; const unsigned char* p; AssertNotNull(obj = OBJ_nid2obj(NID_sha256)); AssertTrue((bio = BIO_new(BIO_s_mem())) != NULL); AssertIntGT(wolfSSL_i2a_ASN1_OBJECT(bio, obj), 0); AssertIntGT(wolfSSL_i2a_ASN1_OBJECT(bio, NULL), 0); AssertIntEQ(wolfSSL_i2a_ASN1_OBJECT(NULL, obj), 0); /* No DER encoding in ASN1_OBJECT. */ a = wolfSSL_ASN1_OBJECT_new(); AssertIntEQ(wolfSSL_i2a_ASN1_OBJECT(bio, a), 0); ASN1_OBJECT_free(a); /* DER encoding - not OBJECT_ID */ p = notObjDer; AssertNotNull(a = c2i_ASN1_OBJECT(NULL, &p, 3)); AssertIntEQ(wolfSSL_i2a_ASN1_OBJECT(bio, a), 0); ASN1_OBJECT_free(a); /* Bad length encoding. */ p = badLenDer; AssertNotNull(a = c2i_ASN1_OBJECT(NULL, &p, 3)); AssertIntEQ(wolfSSL_i2a_ASN1_OBJECT(bio, a), 0); ASN1_OBJECT_free(a); /* Good encoding - but unknown. */ p = goodDer; AssertNotNull(a = c2i_ASN1_OBJECT(NULL, &p, 3)); AssertIntGT(wolfSSL_i2a_ASN1_OBJECT(bio, a), 0); ASN1_OBJECT_free(a); BIO_free(bio); ASN1_OBJECT_free(obj); res = TEST_RES_CHECK(1); #endif return res; } static int test_wolfSSL_i2t_ASN1_OBJECT(void) { int res = TEST_SKIPPED; #if defined(OPENSSL_EXTRA) && \ defined(WOLFSSL_CERT_EXT) && defined(WOLFSSL_CERT_GEN) char buf[50] = {0}; ASN1_OBJECT* obj; const char* oid = "2.5.29.19"; const char* ln = "X509v3 Basic Constraints"; obj = NULL; AssertIntEQ(i2t_ASN1_OBJECT(NULL, sizeof(buf), obj), 0); AssertIntEQ(i2t_ASN1_OBJECT(buf, sizeof(buf), NULL), 0); AssertIntEQ(i2t_ASN1_OBJECT(buf, 0, NULL), 0); AssertNotNull(obj = OBJ_txt2obj(oid, 0)); XMEMSET(buf, 0, sizeof(buf)); AssertIntEQ(i2t_ASN1_OBJECT(buf, sizeof(buf), obj), XSTRLEN(ln)); AssertIntEQ(XSTRNCMP(buf, ln, XSTRLEN(ln)), 0); ASN1_OBJECT_free(obj); res = TEST_RES_CHECK(1); #endif /* OPENSSL_EXTRA && WOLFSSL_CERT_EXT && WOLFSSL_CERT_GEN */ return res; } static int test_wolfSSL_sk_ASN1_OBJECT(void) { int res = TEST_SKIPPED; #if !defined(NO_ASN) && (defined(OPENSSL_EXTRA) || defined(WOLFSSL_WPAS_SMALL)) WOLFSSL_STACK* sk; WOLFSSL_ASN1_OBJECT* obj; AssertNotNull(obj = wolfSSL_ASN1_OBJECT_new()); AssertNotNull(sk = wolfSSL_sk_new_asn1_obj()); wolfSSL_sk_ASN1_OBJECT_free(sk); AssertNotNull(sk = wolfSSL_sk_new_asn1_obj()); AssertIntEQ(wolfSSL_sk_ASN1_OBJECT_push(NULL, NULL), 0); AssertIntEQ(wolfSSL_sk_ASN1_OBJECT_push(sk, NULL), 0); AssertIntEQ(wolfSSL_sk_ASN1_OBJECT_push(NULL, obj), 0); AssertIntEQ(wolfSSL_sk_ASN1_OBJECT_push(sk, obj), 1); wolfSSL_sk_ASN1_OBJECT_pop_free(sk, NULL); /* obj freed in pop_free call. */ AssertNotNull(obj = wolfSSL_ASN1_OBJECT_new()); AssertNotNull(sk = wolfSSL_sk_new_asn1_obj()); AssertIntEQ(wolfSSL_sk_ASN1_OBJECT_push(sk, obj), 1); AssertPtrEq(obj, wolfSSL_sk_ASN1_OBJECT_pop(sk)); wolfSSL_sk_ASN1_OBJECT_free(sk); wolfSSL_ASN1_OBJECT_free(obj); res = TEST_RES_CHECK(1); #endif /* !NO_ASN && (OPENSSL_EXTRA || WOLFSSL_WPAS_SMALL) */ return res; } static int test_wolfSSL_ASN1_STRING(void) { int res = TEST_SKIPPED; #if defined(OPENSSL_EXTRA) ASN1_STRING* str = NULL; ASN1_STRING* c = NULL; const char data[] = "hello wolfSSL"; const char data2[] = "Same len data"; const char longData[] = "This string must be longer than CTC_NAME_SIZE that is defined as 64."; AssertNotNull(str = ASN1_STRING_type_new(V_ASN1_OCTET_STRING)); ASN1_STRING_free(str); AssertNotNull(str = ASN1_STRING_type_new(V_ASN1_OCTET_STRING)); AssertIntEQ(ASN1_STRING_type(str), V_ASN1_OCTET_STRING); AssertIntEQ(ASN1_STRING_type(NULL), 0); /* Check setting to NULL works. */ AssertIntEQ(ASN1_STRING_set(str, NULL, 0), 1); AssertIntEQ(ASN1_STRING_set(str, (const void*)data, sizeof(data)), 1); AssertIntEQ(ASN1_STRING_set(str, (const void*)data, -1), 1); AssertIntEQ(ASN1_STRING_set(str, NULL, -1), 0); AssertIntEQ(ASN1_STRING_set(NULL, NULL, 0), 0); AssertIntEQ(wolfSSL_ASN1_STRING_copy(NULL, NULL), 0); AssertIntEQ(wolfSSL_ASN1_STRING_copy(str, NULL), 0); AssertIntEQ(wolfSSL_ASN1_STRING_copy(NULL, str), 0); AssertNull(wolfSSL_ASN1_STRING_dup(NULL)); AssertNotNull(c = wolfSSL_ASN1_STRING_dup(str)); AssertIntEQ(ASN1_STRING_cmp(NULL, NULL), -1); AssertIntEQ(ASN1_STRING_cmp(str, NULL), -1); AssertIntEQ(ASN1_STRING_cmp(NULL, c), -1); AssertIntEQ(ASN1_STRING_cmp(str, c), 0); AssertIntEQ(ASN1_STRING_set(c, (const void*)data2, -1), 1); AssertIntGT(ASN1_STRING_cmp(str, c), 0); AssertIntEQ(ASN1_STRING_set(str, (const void*)longData, -1), 1); AssertIntEQ(wolfSSL_ASN1_STRING_copy(c, str), 1); AssertIntEQ(ASN1_STRING_cmp(str, c), 0); /* Check setting back to smaller size frees dynamic data. */ AssertIntEQ(ASN1_STRING_set(str, (const void*)data, -1), 1); AssertIntLT(ASN1_STRING_cmp(str, c), 0); AssertIntGT(ASN1_STRING_cmp(c, str), 0); AssertNull(ASN1_STRING_get0_data(NULL)); AssertNotNull(ASN1_STRING_get0_data(str)); AssertNull(ASN1_STRING_data(NULL)); AssertNotNull(ASN1_STRING_data(str)); AssertIntEQ(ASN1_STRING_length(NULL), 0); AssertIntGT(ASN1_STRING_length(str), 0); ASN1_STRING_free(c); ASN1_STRING_free(str); ASN1_STRING_free(NULL); #ifndef NO_WOLFSSL_STUB AssertNull(d2i_DISPLAYTEXT(NULL, NULL, 0)); #endif res = TEST_RES_CHECK(1); #endif return res; } static int test_wolfSSL_ASN1_STRING_to_UTF8(void) { int res = TEST_SKIPPED; #if defined(OPENSSL_ALL) && !defined(NO_ASN) && !defined(NO_RSA) WOLFSSL_X509* x509; WOLFSSL_X509_NAME* subject; WOLFSSL_X509_NAME_ENTRY* e; WOLFSSL_ASN1_STRING* a; FILE* file; int idx = 0; char targetOutput[16] = "www.wolfssl.com"; unsigned char* actual_output; int len = 0; int result = 0; AssertNotNull(file = fopen("./certs/server-cert.pem", "rb")); AssertNotNull(x509 = wolfSSL_PEM_read_X509(file, NULL, NULL, NULL)); fclose(file); /* wolfSSL_ASN1_STRING_to_UTF8(): NID_commonName */ AssertNotNull(subject = wolfSSL_X509_get_subject_name(x509)); AssertIntEQ((idx = wolfSSL_X509_NAME_get_index_by_NID(subject, NID_commonName, -1)), 5); AssertNotNull(e = wolfSSL_X509_NAME_get_entry(subject, idx)); AssertNotNull(a = wolfSSL_X509_NAME_ENTRY_get_data(e)); AssertIntEQ((len = wolfSSL_ASN1_STRING_to_UTF8(&actual_output, a)), 15); result = strncmp((const char*)actual_output, targetOutput, len); AssertIntEQ(result, 0); /* wolfSSL_ASN1_STRING_to_UTF8(NULL, valid) */ AssertIntEQ((len = wolfSSL_ASN1_STRING_to_UTF8(NULL, a)), -1); /* wolfSSL_ASN1_STRING_to_UTF8(valid, NULL) */ AssertIntEQ((len = wolfSSL_ASN1_STRING_to_UTF8(&actual_output, NULL)), -1); /* wolfSSL_ASN1_STRING_to_UTF8(NULL, NULL) */ AssertIntEQ((len = wolfSSL_ASN1_STRING_to_UTF8(NULL, NULL)), -1); wolfSSL_X509_free(x509); XFREE(actual_output, NULL, DYNAMIC_TYPE_TMP_BUFFER); AssertNotNull(a = ASN1_STRING_new()); AssertIntEQ(wolfSSL_ASN1_STRING_to_UTF8(&actual_output, a), -1); ASN1_STRING_free(a); res = TEST_RES_CHECK(1); #endif return res; } static int test_wolfSSL_i2s_ASN1_STRING(void) { int res = TEST_SKIPPED; #if defined(OPENSSL_EXTRA) && !defined(NO_ASN) WOLFSSL_ASN1_STRING* str; const char* data = "test_wolfSSL_i2s_ASN1_STRING"; char* ret; AssertNotNull(str = ASN1_STRING_new()); AssertNull(wolfSSL_i2s_ASN1_STRING(NULL, NULL)); /* No data. */ AssertNull(wolfSSL_i2s_ASN1_STRING(NULL, str)); AssertIntEQ(ASN1_STRING_set(str, data, 0), 1); AssertNotNull(ret = wolfSSL_i2s_ASN1_STRING(NULL, str)); XFREE(ret, NULL, DYNAMIC_TYPE_TMP_BUFFER); AssertIntEQ(ASN1_STRING_set(str, data, -1), 1); /* No type. */ AssertNotNull(ret = wolfSSL_i2s_ASN1_STRING(NULL, str)); XFREE(ret, NULL, DYNAMIC_TYPE_TMP_BUFFER); ASN1_STRING_free(str); res = TEST_RES_CHECK(1); #endif return res; } static int test_wolfSSL_ASN1_STRING_canon(void) { int res = TEST_SKIPPED; #if defined(WOLFSSL_TEST_STATIC_BUILD) #if !defined(NO_CERTS) && (defined(OPENSSL_ALL) || defined(OPENSSL_EXTRA) || \ defined(OPENSSL_EXTRA_X509_SMALL)) WOLFSSL_ASN1_STRING* orig; WOLFSSL_ASN1_STRING* canon; const char* data = "test_wolfSSL_ASN1_STRING_canon"; const char* whitespaceOnly = "\t\r\n"; const char* modData = " \x01\f\t\x02\r\n\v\xff\nTt \n"; const char* canonData = "\x01 \x02 \xff tt"; const char longData[] = "This string must be longer than CTC_NAME_SIZE that is defined as 64."; AssertNotNull(orig = ASN1_STRING_new()); AssertNotNull(canon = ASN1_STRING_new()); /* Invalid parameter testing. */ AssertIntEQ(wolfSSL_ASN1_STRING_canon(NULL, NULL), BAD_FUNC_ARG); AssertIntEQ(wolfSSL_ASN1_STRING_canon(canon, NULL), BAD_FUNC_ARG); AssertIntEQ(wolfSSL_ASN1_STRING_canon(NULL, orig), BAD_FUNC_ARG); AssertIntEQ(wolfSSL_ASN1_STRING_canon(canon, orig), 1); AssertIntEQ(ASN1_STRING_cmp(orig, canon), 0); AssertIntEQ(ASN1_STRING_set(orig, longData, (int)XSTRLEN(data)), 1); AssertIntEQ(wolfSSL_ASN1_STRING_canon(canon, orig), 1); AssertIntEQ(ASN1_STRING_cmp(orig, canon), 0); AssertIntEQ(ASN1_STRING_set(orig, data, (int)XSTRLEN(data)), 1); AssertIntEQ(wolfSSL_ASN1_STRING_canon(canon, orig), 1); AssertIntEQ(ASN1_STRING_cmp(orig, canon), 0); ASN1_STRING_free(orig); AssertNotNull(orig = ASN1_STRING_type_new(MBSTRING_UTF8)); AssertIntEQ(ASN1_STRING_set(orig, modData, 15), 1); AssertIntEQ(wolfSSL_ASN1_STRING_canon(canon, orig), 1); AssertIntEQ(ASN1_STRING_set(orig, canonData, 8), 1); AssertIntEQ(ASN1_STRING_cmp(orig, canon), 0); ASN1_STRING_free(orig); AssertNotNull(orig = ASN1_STRING_type_new(V_ASN1_PRINTABLESTRING)); AssertIntEQ(ASN1_STRING_set(orig, whitespaceOnly, 3), 1); AssertIntEQ(wolfSSL_ASN1_STRING_canon(canon, orig), 1); ASN1_STRING_free(orig); AssertNotNull(orig = ASN1_STRING_type_new(MBSTRING_UTF8)); AssertIntEQ(ASN1_STRING_cmp(orig, canon), 0); ASN1_STRING_free(orig); ASN1_STRING_free(canon); res = TEST_RES_CHECK(1); #endif #endif return res; } static int test_wolfSSL_ASN1_STRING_print(void) { int res = TEST_SKIPPED; #if defined(OPENSSL_ALL) && !defined(NO_ASN) && !defined(NO_CERTS) && \ !defined(NO_BIO) ASN1_STRING* asnStr = NULL; const char HELLO_DATA[]= \ {'H','e','l','l','o',' ','w','o','l','f','S','S','L','!'}; #define MAX_UNPRINTABLE_CHAR 32 #define MAX_BUF 255 unsigned char unprintableData[MAX_UNPRINTABLE_CHAR + sizeof(HELLO_DATA)]; unsigned char expected[sizeof(unprintableData)+1]; unsigned char rbuf[MAX_BUF]; BIO *bio; int p_len, i; /* setup */ for (i = 0; i < (int)sizeof(HELLO_DATA); i++) { unprintableData[i] = HELLO_DATA[i]; expected[i] = HELLO_DATA[i]; } for (i = 0; i < (int)MAX_UNPRINTABLE_CHAR; i++) { unprintableData[sizeof(HELLO_DATA)+i] = i; if (i == (int)'\n' || i == (int)'\r') expected[sizeof(HELLO_DATA)+i] = i; else expected[sizeof(HELLO_DATA)+i] = '.'; } unprintableData[sizeof(unprintableData)-1] = '\0'; expected[sizeof(expected)-1] = '\0'; XMEMSET(rbuf, 0, MAX_BUF); bio = BIO_new(BIO_s_mem()); BIO_set_write_buf_size(bio, MAX_BUF); asnStr = ASN1_STRING_type_new(V_ASN1_OCTET_STRING); ASN1_STRING_set(asnStr,(const void*)unprintableData, (int)sizeof(unprintableData)); /* test */ AssertIntEQ(wolfSSL_ASN1_STRING_print(NULL, NULL), 0); AssertIntEQ(wolfSSL_ASN1_STRING_print(bio, NULL), 0); AssertIntEQ(wolfSSL_ASN1_STRING_print(NULL, asnStr), 0); AssertIntEQ(p_len = wolfSSL_ASN1_STRING_print(bio, asnStr), 46); BIO_read(bio, (void*)rbuf, 46); AssertStrEQ((char*)rbuf, (const char*)expected); BIO_free(bio); AssertNotNull(bio = BIO_new(wolfSSL_BIO_s_fixed_mem())); AssertIntEQ(BIO_set_write_buf_size(bio, 1), 1); /* Ensure there is 0 bytes avaialble to write into. */ AssertIntEQ(BIO_write(bio, rbuf, 1), 1); AssertIntEQ(wolfSSL_ASN1_STRING_print(bio, asnStr), 0); AssertIntEQ(BIO_set_write_buf_size(bio, 1), 1); AssertIntEQ(wolfSSL_ASN1_STRING_print(bio, asnStr), 0); AssertIntEQ(BIO_set_write_buf_size(bio, 45), 1); AssertIntEQ(wolfSSL_ASN1_STRING_print(bio, asnStr), 0); BIO_free(bio); ASN1_STRING_free(asnStr); res = TEST_RES_CHECK(1); #endif /* OPENSSL_EXTRA && !NO_ASN && !NO_CERTS && !NO_BIO */ return res; } static int test_wolfSSL_ASN1_STRING_print_ex(void) { int res = TEST_SKIPPED; #if defined(OPENSSL_EXTRA) && !defined(NO_ASN) && !defined(NO_BIO) ASN1_STRING* asn_str; const char data[] = "Hello wolfSSL!"; ASN1_STRING* esc_str; const char esc_data[] = "a+;<>"; ASN1_STRING* neg_int; const char neg_int_data[] = "\xff"; ASN1_STRING* neg_enum; const char neg_enum_data[] = "\xff"; BIO *bio; BIO *fixed; unsigned long flags; int p_len; unsigned char rbuf[255]; /* setup */ XMEMSET(rbuf, 0, 255); AssertNotNull(bio = BIO_new(BIO_s_mem())); BIO_set_write_buf_size(bio, 255); AssertNotNull(fixed = BIO_new(wolfSSL_BIO_s_fixed_mem())); asn_str = ASN1_STRING_type_new(V_ASN1_OCTET_STRING); ASN1_STRING_set(asn_str, (const void*)data, sizeof(data)); esc_str = ASN1_STRING_type_new(V_ASN1_OCTET_STRING); ASN1_STRING_set(esc_str, (const void*)esc_data, sizeof(esc_data)); neg_int = ASN1_STRING_type_new(V_ASN1_NEG_INTEGER); ASN1_STRING_set(neg_int, (const void*)neg_int_data, sizeof(neg_int_data) - 1); neg_enum = ASN1_STRING_type_new(V_ASN1_NEG_ENUMERATED); ASN1_STRING_set(neg_enum, (const void*)neg_enum_data, sizeof(neg_enum_data) - 1); /* Invalid parameter testing. */ AssertIntEQ(wolfSSL_ASN1_STRING_print_ex(NULL, NULL, 0), 0); AssertIntEQ(wolfSSL_ASN1_STRING_print_ex(bio, NULL, 0), 0); AssertIntEQ(wolfSSL_ASN1_STRING_print_ex(NULL, asn_str, 0), 0); /* no flags */ XMEMSET(rbuf, 0, 255); flags = 0; p_len = wolfSSL_ASN1_STRING_print_ex(bio, asn_str, flags); AssertIntEQ(p_len, 15); BIO_read(bio, (void*)rbuf, 15); AssertStrEQ((char*)rbuf, "Hello wolfSSL!"); AssertIntEQ(BIO_set_write_buf_size(fixed, 1), 1); /* Ensure there is 0 bytes avaialble to write into. */ AssertIntEQ(BIO_write(fixed, rbuf, 1), 1); AssertIntEQ(wolfSSL_ASN1_STRING_print_ex(fixed, asn_str, flags), 0); AssertIntEQ(BIO_set_write_buf_size(fixed, 1), 1); AssertIntEQ(wolfSSL_ASN1_STRING_print_ex(fixed, asn_str, flags), 0); AssertIntEQ(BIO_set_write_buf_size(fixed, 14), 1); AssertIntEQ(wolfSSL_ASN1_STRING_print_ex(fixed, asn_str, flags), 0); /* RFC2253 Escape */ XMEMSET(rbuf, 0, 255); flags = ASN1_STRFLGS_ESC_2253; p_len = wolfSSL_ASN1_STRING_print_ex(bio, esc_str, flags); AssertIntEQ(p_len, 9); BIO_read(bio, (void*)rbuf, 9); AssertStrEQ((char*)rbuf, "a\\+\\;\\<\\>"); AssertIntEQ(BIO_set_write_buf_size(fixed, 1), 1); /* Ensure there is 0 bytes avaialble to write into. */ AssertIntEQ(BIO_write(fixed, rbuf, 1), 1); AssertIntEQ(wolfSSL_ASN1_STRING_print_ex(fixed, esc_str, flags), 0); AssertIntEQ(BIO_set_write_buf_size(fixed, 1), 1); AssertIntEQ(wolfSSL_ASN1_STRING_print_ex(fixed, esc_str, flags), 0); AssertIntEQ(BIO_set_write_buf_size(fixed, 8), 1); AssertIntEQ(wolfSSL_ASN1_STRING_print_ex(fixed, esc_str, flags), 0); /* Show type */ XMEMSET(rbuf, 0, 255); flags = ASN1_STRFLGS_SHOW_TYPE; p_len = wolfSSL_ASN1_STRING_print_ex(bio, asn_str, flags); AssertIntEQ(p_len, 28); BIO_read(bio, (void*)rbuf, 28); AssertStrEQ((char*)rbuf, "OCTET STRING:Hello wolfSSL!"); AssertIntEQ(BIO_set_write_buf_size(fixed, 1), 1); /* Ensure there is 0 bytes avaialble to write into. */ AssertIntEQ(BIO_write(fixed, rbuf, 1), 1); AssertIntEQ(wolfSSL_ASN1_STRING_print_ex(fixed, asn_str, flags), 0); AssertIntEQ(BIO_set_write_buf_size(fixed, 1), 1); AssertIntEQ(wolfSSL_ASN1_STRING_print_ex(fixed, asn_str, flags), 0); AssertIntEQ(BIO_set_write_buf_size(fixed, 12), 1); AssertIntEQ(wolfSSL_ASN1_STRING_print_ex(fixed, asn_str, flags), 0); AssertIntEQ(BIO_set_write_buf_size(fixed, 27), 1); AssertIntEQ(wolfSSL_ASN1_STRING_print_ex(fixed, asn_str, flags), 0); /* Dump All */ XMEMSET(rbuf, 0, 255); flags = ASN1_STRFLGS_DUMP_ALL; p_len = wolfSSL_ASN1_STRING_print_ex(bio, asn_str, flags); AssertIntEQ(p_len, 31); BIO_read(bio, (void*)rbuf, 31); AssertStrEQ((char*)rbuf, "#48656C6C6F20776F6C6653534C2100"); AssertIntEQ(BIO_set_write_buf_size(fixed, 1), 1); /* Ensure there is 0 bytes avaialble to write into. */ AssertIntEQ(BIO_write(fixed, rbuf, 1), 1); AssertIntEQ(wolfSSL_ASN1_STRING_print_ex(fixed, asn_str, flags), 0); AssertIntEQ(BIO_set_write_buf_size(fixed, 1), 1); AssertIntEQ(wolfSSL_ASN1_STRING_print_ex(fixed, asn_str, flags), 0); AssertIntEQ(BIO_set_write_buf_size(fixed, 30), 1); AssertIntEQ(wolfSSL_ASN1_STRING_print_ex(fixed, asn_str, flags), 0); /* Dump Der */ XMEMSET(rbuf, 0, 255); flags = ASN1_STRFLGS_DUMP_ALL | ASN1_STRFLGS_DUMP_DER; p_len = wolfSSL_ASN1_STRING_print_ex(bio, asn_str, flags); AssertIntEQ(p_len, 35); BIO_read(bio, (void*)rbuf, 35); AssertStrEQ((char*)rbuf, "#040F48656C6C6F20776F6C6653534C2100"); AssertIntEQ(BIO_set_write_buf_size(fixed, 1), 1); /* Ensure there is 0 bytes avaialble to write into. */ AssertIntEQ(BIO_write(fixed, rbuf, 1), 1); AssertIntEQ(wolfSSL_ASN1_STRING_print_ex(fixed, asn_str, flags), 0); AssertIntEQ(BIO_set_write_buf_size(fixed, 1), 1); AssertIntEQ(wolfSSL_ASN1_STRING_print_ex(fixed, asn_str, flags), 0); AssertIntEQ(BIO_set_write_buf_size(fixed, 2), 1); AssertIntEQ(wolfSSL_ASN1_STRING_print_ex(fixed, asn_str, flags), 0); AssertIntEQ(BIO_set_write_buf_size(fixed, 30), 1); AssertIntEQ(wolfSSL_ASN1_STRING_print_ex(fixed, asn_str, flags), 0); /* Dump All + Show type */ XMEMSET(rbuf, 0, 255); flags = ASN1_STRFLGS_DUMP_ALL | ASN1_STRFLGS_SHOW_TYPE; p_len = wolfSSL_ASN1_STRING_print_ex(bio, asn_str, flags); AssertIntEQ(p_len, 44); BIO_read(bio, (void*)rbuf, 44); AssertStrEQ((char*)rbuf, "OCTET STRING:#48656C6C6F20776F6C6653534C2100"); /* Dump All + Show type - Negative Integer. */ XMEMSET(rbuf, 0, 255); flags = ASN1_STRFLGS_DUMP_ALL | ASN1_STRFLGS_SHOW_TYPE; p_len = wolfSSL_ASN1_STRING_print_ex(bio, neg_int, flags); AssertIntEQ(p_len, 11); BIO_read(bio, (void*)rbuf, 11); AssertStrEQ((char*)rbuf, "INTEGER:#FF"); /* Dump All + Show type - Negative Enumerated. */ XMEMSET(rbuf, 0, 255); flags = ASN1_STRFLGS_DUMP_ALL | ASN1_STRFLGS_SHOW_TYPE; p_len = wolfSSL_ASN1_STRING_print_ex(bio, neg_enum, flags); AssertIntEQ(p_len, 14); BIO_read(bio, (void*)rbuf, 14); AssertStrEQ((char*)rbuf, "ENUMERATED:#FF"); BIO_free(fixed); BIO_free(bio); ASN1_STRING_free(asn_str); ASN1_STRING_free(esc_str); ASN1_STRING_free(neg_int); ASN1_STRING_free(neg_enum); AssertStrEQ(wolfSSL_ASN1_tag2str(-1), "(unknown)"); AssertStrEQ(wolfSSL_ASN1_tag2str(31), "(unknown)"); res = TEST_RES_CHECK(1); #endif return res; } static int test_wolfSSL_ASN1_UNIVERSALSTRING_to_string(void) { int res = TEST_SKIPPED; #if defined(OPENSSL_ALL) && !defined(NO_ASN) ASN1_STRING* asn1str_test; ASN1_STRING* asn1str_answer; /* Each character is encoded using 4 bytes */ char input[] = { 0, 0, 0, 'T', 0, 0, 0, 'e', 0, 0, 0, 's', 0, 0, 0, 't', }; char output[] = "Test"; char badInput[] = { 1, 0, 0, 'T', 0, 1, 0, 'e', 0, 0, 1, 's', }; AssertIntEQ(ASN1_UNIVERSALSTRING_to_string(NULL), 0); /* Test wrong type. */ AssertNotNull(asn1str_test = ASN1_STRING_type_new(V_ASN1_OCTET_STRING)); AssertIntEQ(ASN1_UNIVERSALSTRING_to_string(asn1str_test), 0); ASN1_STRING_free(asn1str_test); AssertNotNull(asn1str_test = ASN1_STRING_type_new(V_ASN1_UNIVERSALSTRING)); /* Test bad length. */ AssertIntEQ(ASN1_STRING_set(asn1str_test, input, sizeof(input) - 1), 1); AssertIntEQ(ASN1_UNIVERSALSTRING_to_string(asn1str_test), 0); /* Test bad input. */ AssertIntEQ(ASN1_STRING_set(asn1str_test, badInput + 0, 4), 1); AssertIntEQ(ASN1_UNIVERSALSTRING_to_string(asn1str_test), 0); AssertIntEQ(ASN1_STRING_set(asn1str_test, badInput + 4, 4), 1); AssertIntEQ(ASN1_UNIVERSALSTRING_to_string(asn1str_test), 0); AssertIntEQ(ASN1_STRING_set(asn1str_test, badInput + 8, 4), 1); AssertIntEQ(ASN1_UNIVERSALSTRING_to_string(asn1str_test), 0); AssertIntEQ(ASN1_STRING_set(asn1str_test, input, sizeof(input)), 1); AssertIntEQ(ASN1_UNIVERSALSTRING_to_string(asn1str_test), 1); AssertNotNull( asn1str_answer = ASN1_STRING_type_new(V_ASN1_PRINTABLESTRING)); AssertIntEQ(ASN1_STRING_set(asn1str_answer, output, sizeof(output)-1), 1); AssertIntEQ(ASN1_STRING_cmp(asn1str_test, asn1str_answer), 0); ASN1_STRING_free(asn1str_test); ASN1_STRING_free(asn1str_answer); res = TEST_RES_CHECK(1); #endif /* OPENSSL_ALL && !NO_ASN */ return res; } static int test_wolfSSL_ASN1_GENERALIZEDTIME_free(void) { int res = TEST_SKIPPED; #if defined(OPENSSL_EXTRA) WOLFSSL_ASN1_GENERALIZEDTIME* asn1_gtime; unsigned char nullstr[32]; XMEMSET(nullstr, 0, 32); asn1_gtime = (WOLFSSL_ASN1_GENERALIZEDTIME*)XMALLOC( sizeof(WOLFSSL_ASN1_GENERALIZEDTIME), NULL, DYNAMIC_TYPE_TMP_BUFFER); if (asn1_gtime) { XMEMCPY(asn1_gtime->data,"20180504123500Z",ASN_GENERALIZED_TIME_SIZE); wolfSSL_ASN1_GENERALIZEDTIME_free(asn1_gtime); AssertIntEQ(0, XMEMCMP(asn1_gtime->data, nullstr, 32)); XFREE(asn1_gtime, NULL, DYNAMIC_TYPE_TMP_BUFFER); } wolfSSL_ASN1_GENERALIZEDTIME_free(NULL); res = TEST_RES_CHECK(1); #endif /* OPENSSL_EXTRA */ return res; } static int test_wolfSSL_ASN1_GENERALIZEDTIME_print(void) { int res = TEST_SKIPPED; #if defined(OPENSSL_EXTRA) && !defined(NO_BIO) WOLFSSL_ASN1_GENERALIZEDTIME gtime; BIO* bio; unsigned char buf[24]; int i; AssertNotNull(bio = BIO_new(BIO_s_mem())); BIO_set_write_buf_size(bio, 24); XMEMSET(>ime, 0, sizeof(WOLFSSL_ASN1_GENERALIZEDTIME)); XMEMCPY(gtime.data, "20180504123500Z", ASN_GENERALIZED_TIME_SIZE); gtime.length = ASN_GENERALIZED_TIME_SIZE; /* Type not set. */ AssertIntEQ(wolfSSL_ASN1_GENERALIZEDTIME_print(bio, >ime), 0); gtime.type = V_ASN1_GENERALIZEDTIME; /* Invalid parameters testing. */ AssertIntEQ(wolfSSL_ASN1_GENERALIZEDTIME_print(NULL, NULL), BAD_FUNC_ARG); AssertIntEQ(wolfSSL_ASN1_GENERALIZEDTIME_print(bio, NULL), BAD_FUNC_ARG); AssertIntEQ(wolfSSL_ASN1_GENERALIZEDTIME_print(NULL, >ime), BAD_FUNC_ARG); AssertIntEQ(wolfSSL_ASN1_GENERALIZEDTIME_print(bio, >ime), 1); AssertIntEQ(BIO_read(bio, buf, sizeof(buf)), 20); AssertIntEQ(XMEMCMP(buf, "May 04 12:35:00 2018", 20), 0); BIO_free(bio); AssertNotNull(bio = BIO_new(wolfSSL_BIO_s_fixed_mem())); AssertIntEQ(BIO_set_write_buf_size(bio, 1), 1); /* Ensure there is 0 bytes avaialble to write into. */ AssertIntEQ(BIO_write(bio, buf, 1), 1); AssertIntEQ(wolfSSL_ASN1_GENERALIZEDTIME_print(bio, >ime), 0); for (i = 1; i < 20; i++) { AssertIntEQ(BIO_set_write_buf_size(bio, i), 1); AssertIntEQ(wolfSSL_ASN1_GENERALIZEDTIME_print(bio, >ime), 0); } BIO_free(bio); wolfSSL_ASN1_GENERALIZEDTIME_free(>ime); res = TEST_RES_CHECK(1); #endif /* OPENSSL_EXTRA */ return res; } static int test_wolfSSL_ASN1_TIME(void) { int res = TEST_SKIPPED; #if defined(OPENSSL_EXTRA) && !defined(NO_ASN_TIME) WOLFSSL_ASN1_TIME* asn_time; unsigned char *data; AssertNotNull(asn_time = ASN1_TIME_new()); #ifndef NO_WOLFSSL_STUB AssertNotNull(ASN1_TIME_set(asn_time, 1)); #endif AssertIntEQ(ASN1_TIME_set_string(NULL, NULL), 0); AssertIntEQ(ASN1_TIME_set_string(asn_time, NULL), 0); AssertIntEQ(ASN1_TIME_set_string(NULL, "String longer than CTC_DATA_SIZE that is 32 bytes"), 0); AssertIntEQ(ASN1_TIME_set_string(NULL, "101219181011Z"), 1); AssertIntEQ(ASN1_TIME_set_string(asn_time, "101219181011Z"), 1); AssertIntEQ(wolfSSL_ASN1_TIME_get_length(NULL), 0); AssertIntEQ(wolfSSL_ASN1_TIME_get_length(asn_time), ASN_UTC_TIME_SIZE - 1); AssertNull(wolfSSL_ASN1_TIME_get_data(NULL)); AssertNotNull(data = wolfSSL_ASN1_TIME_get_data(asn_time)); AssertIntEQ(XMEMCMP(data, "101219181011Z", 14), 0); AssertIntEQ(ASN1_TIME_check(NULL), 0); AssertIntEQ(ASN1_TIME_check(asn_time), 1); ASN1_TIME_free(asn_time); ASN1_TIME_free(NULL); res = TEST_RES_CHECK(1); #endif return res; } static int test_wolfSSL_ASN1_TIME_to_string(void) { int res = TEST_SKIPPED; #ifndef NO_ASN_TIME #if defined(WOLFSSL_MYSQL_COMPATIBLE) || defined(WOLFSSL_NGINX) || \ defined(WOLFSSL_HAPROXY) || defined(OPENSSL_EXTRA) || defined(OPENSSL_ALL) WOLFSSL_ASN1_TIME* t; char buf[ASN_GENERALIZED_TIME_SIZE]; AssertNotNull((t = ASN1_TIME_new())); AssertIntEQ(ASN1_TIME_set_string(t, "030222211515Z"), 1); /* Invalid parameter testing. */ AssertNull(ASN1_TIME_to_string(NULL, NULL, 4)); AssertNull(ASN1_TIME_to_string(t, NULL, 4)); AssertNull(ASN1_TIME_to_string(NULL, buf, 4)); AssertNull(ASN1_TIME_to_string(NULL, NULL, 5)); AssertNull(ASN1_TIME_to_string(NULL, buf, 5)); AssertNull(ASN1_TIME_to_string(t, NULL, 5)); AssertNull(ASN1_TIME_to_string(t, buf, 4)); /* Buffer needs to be longer than minimum of 5 characters. */ AssertNull(ASN1_TIME_to_string(t, buf, 5)); ASN1_TIME_free(t); res = TEST_RES_CHECK(1); #endif #endif /* NO_ASN_TIME */ return res; } static int test_wolfSSL_ASN1_TIME_diff_compare(void) { int res = TEST_SKIPPED; #if defined(OPENSSL_EXTRA) && !defined(NO_ASN_TIME) ASN1_TIME* fromTime; ASN1_TIME* closeToTime; ASN1_TIME* toTime; ASN1_TIME* invalidTime; int daysDiff; int secsDiff; AssertNotNull((fromTime = ASN1_TIME_new())); /* Feb 22, 2003, 21:15:15 */ AssertIntEQ(ASN1_TIME_set_string(fromTime, "030222211515Z"), 1); AssertNotNull((closeToTime = ASN1_TIME_new())); /* Feb 22, 2003, 21:16:15 */ AssertIntEQ(ASN1_TIME_set_string(closeToTime, "030222211615Z"), 1); AssertNotNull((toTime = ASN1_TIME_new())); /* Dec 19, 2010, 18:10:11 */ AssertIntEQ(ASN1_TIME_set_string(toTime, "101219181011Z"), 1); AssertNotNull((invalidTime = ASN1_TIME_new())); /* Dec 19, 2010, 18:10:11 but 'U' instead of 'Z' which is invalid. */ AssertIntEQ(ASN1_TIME_set_string(invalidTime, "102519181011U"), 1); AssertIntEQ(ASN1_TIME_diff(&daysDiff, &secsDiff, fromTime, invalidTime), 0); AssertIntEQ(ASN1_TIME_diff(&daysDiff, &secsDiff, invalidTime, toTime), 0); AssertIntEQ(ASN1_TIME_diff(&daysDiff, &secsDiff, fromTime, toTime), 1); /* Error conditions. */ AssertIntEQ(ASN1_TIME_diff(NULL, &secsDiff, fromTime, toTime), 0); AssertIntEQ(ASN1_TIME_diff(&daysDiff, NULL, fromTime, toTime), 0); /* If both times are NULL, difference is 0. */ AssertIntEQ(ASN1_TIME_diff(&daysDiff, &secsDiff, NULL, NULL), 1); AssertIntEQ(daysDiff, 0); AssertIntEQ(secsDiff, 0); /* If one time is NULL, it defaults to the current time. */ AssertIntEQ(ASN1_TIME_diff(&daysDiff, &secsDiff, NULL, toTime), 1); AssertIntEQ(ASN1_TIME_diff(&daysDiff, &secsDiff, fromTime, NULL), 1); /* Normal operation. Both times non-NULL. */ AssertIntEQ(ASN1_TIME_diff(&daysDiff, &secsDiff, fromTime, toTime), 1); AssertIntEQ(daysDiff, 2856); AssertIntEQ(secsDiff, 75296); /* Swapping the times should return negative values. */ AssertIntEQ(ASN1_TIME_diff(&daysDiff, &secsDiff, toTime, fromTime), 1); AssertIntEQ(daysDiff, -2856); AssertIntEQ(secsDiff, -75296); /* Compare with invalid time string. */ AssertIntEQ(ASN1_TIME_compare(fromTime, invalidTime), -2); AssertIntEQ(ASN1_TIME_compare(invalidTime, toTime), -2); /* Compare with days difference of 0. */ AssertIntEQ(ASN1_TIME_compare(fromTime, closeToTime), -1); AssertIntEQ(ASN1_TIME_compare(closeToTime, fromTime), 1); /* Days and seconds differences not 0. */ AssertIntEQ(ASN1_TIME_compare(fromTime, toTime), -1); AssertIntEQ(ASN1_TIME_compare(toTime, fromTime), 1); /* Same time. */ AssertIntEQ(ASN1_TIME_compare(fromTime, fromTime), 0); /* Compare regression test: No seconds difference, just difference in days. */ ASN1_TIME_set_string(fromTime, "19700101000000Z"); ASN1_TIME_set_string(toTime, "19800101000000Z"); AssertIntEQ(ASN1_TIME_compare(fromTime, toTime), -1); AssertIntEQ(ASN1_TIME_compare(toTime, fromTime), 1); AssertIntEQ(ASN1_TIME_compare(fromTime, fromTime), 0); /* Edge case with Unix epoch. */ AssertNotNull(ASN1_TIME_set_string(fromTime, "19700101000000Z")); AssertNotNull(ASN1_TIME_set_string(toTime, "19800101000000Z")); AssertIntEQ(ASN1_TIME_diff(&daysDiff, &secsDiff, fromTime, toTime), 1); AssertIntEQ(daysDiff, 3652); AssertIntEQ(secsDiff, 0); /* Edge case with year > 2038 (year 2038 problem). */ AssertNotNull(ASN1_TIME_set_string(toTime, "99991231235959Z")); AssertIntEQ(ASN1_TIME_diff(&daysDiff, &secsDiff, fromTime, toTime), 1); AssertIntEQ(daysDiff, 2932896); AssertIntEQ(secsDiff, 86399); ASN1_TIME_free(fromTime); ASN1_TIME_free(closeToTime); ASN1_TIME_free(toTime); ASN1_TIME_free(invalidTime); res = TEST_RES_CHECK(1); #endif return res; } static int test_wolfSSL_ASN1_TIME_adj(void) { int res = TEST_SKIPPED; #if defined(OPENSSL_EXTRA) && !defined(NO_ASN_TIME) \ && !defined(USER_TIME) && !defined(TIME_OVERRIDES) const int year = 365*24*60*60; const int day = 24*60*60; const int hour = 60*60; const int mini = 60; const byte asn_utc_time = ASN_UTC_TIME; #if !defined(TIME_T_NOT_64BIT) && !defined(NO_64BIT) const byte asn_gen_time = ASN_GENERALIZED_TIME; #endif WOLFSSL_ASN1_TIME* asn_time; WOLFSSL_ASN1_TIME* s; int offset_day; long offset_sec; char date_str[CTC_DATE_SIZE + 1]; time_t t; AssertNotNull(s = wolfSSL_ASN1_TIME_new()); /* UTC notation test */ /* 2000/2/15 20:30:00 */ t = (time_t)30 * year + 45 * day + 20 * hour + 30 * mini + 7 * day; offset_day = 7; offset_sec = 45 * mini; /* offset_sec = -45 * min;*/ AssertNotNull(asn_time = wolfSSL_ASN1_TIME_adj(s, t, offset_day, offset_sec)); AssertTrue(asn_time->type == asn_utc_time); XSTRNCPY(date_str, (const char*)&asn_time->data, CTC_DATE_SIZE); date_str[CTC_DATE_SIZE] = '\0'; AssertIntEQ(0, XMEMCMP(date_str, "000222211500Z", 13)); /* negative offset */ offset_sec = -45 * mini; asn_time = wolfSSL_ASN1_TIME_adj(s, t, offset_day, offset_sec); AssertNotNull(asn_time); AssertTrue(asn_time->type == asn_utc_time); XSTRNCPY(date_str, (const char*)&asn_time->data, CTC_DATE_SIZE); date_str[CTC_DATE_SIZE] = '\0'; AssertIntEQ(0, XMEMCMP(date_str, "000222194500Z", 13)); XFREE(s, NULL, DYNAMIC_TYPE_OPENSSL); XMEMSET(date_str, 0, sizeof(date_str)); /* Generalized time will overflow time_t if not long */ #if !defined(TIME_T_NOT_64BIT) && !defined(NO_64BIT) s = (WOLFSSL_ASN1_TIME*)XMALLOC(sizeof(WOLFSSL_ASN1_TIME), NULL, DYNAMIC_TYPE_OPENSSL); /* GeneralizedTime notation test */ /* 2055/03/01 09:00:00 */ t = (time_t)85 * year + 59 * day + 9 * hour + 21 * day; offset_day = 12; offset_sec = 10 * mini; asn_time = wolfSSL_ASN1_TIME_adj(s, t, offset_day, offset_sec); AssertTrue(asn_time->type == asn_gen_time); XSTRNCPY(date_str, (const char*)&asn_time->data, CTC_DATE_SIZE); date_str[CTC_DATE_SIZE] = '\0'; AssertIntEQ(0, XMEMCMP(date_str, "20550313091000Z", 15)); XFREE(s, NULL, DYNAMIC_TYPE_OPENSSL); XMEMSET(date_str, 0, sizeof(date_str)); #endif /* !TIME_T_NOT_64BIT && !NO_64BIT */ /* if WOLFSSL_ASN1_TIME struct is not allocated */ s = NULL; t = (time_t)30 * year + 45 * day + 20 * hour + 30 * mini + 15 + 7 * day; offset_day = 7; offset_sec = 45 * mini; asn_time = wolfSSL_ASN1_TIME_adj(s, t, offset_day, offset_sec); AssertTrue(asn_time->type == asn_utc_time); XSTRNCPY(date_str, (const char*)&asn_time->data, CTC_DATE_SIZE); date_str[CTC_DATE_SIZE] = '\0'; AssertIntEQ(0, XMEMCMP(date_str, "000222211515Z", 13)); XFREE(asn_time, NULL, DYNAMIC_TYPE_OPENSSL); asn_time = wolfSSL_ASN1_TIME_adj(NULL, t, offset_day, offset_sec); AssertTrue(asn_time->type == asn_utc_time); XSTRNCPY(date_str, (const char*)&asn_time->data, CTC_DATE_SIZE); date_str[CTC_DATE_SIZE] = '\0'; AssertIntEQ(0, XMEMCMP(date_str, "000222211515Z", 13)); XFREE(asn_time, NULL, DYNAMIC_TYPE_OPENSSL); res = TEST_RES_CHECK(1); #endif return res; } static int test_wolfSSL_ASN1_TIME_to_tm(void) { int res = TEST_SKIPPED; #if (defined(WOLFSSL_MYSQL_COMPATIBLE) || defined(WOLFSSL_NGINX) || \ defined(WOLFSSL_HAPROXY) || defined(OPENSSL_EXTRA) || \ defined(OPENSSL_ALL)) && !defined(NO_ASN_TIME) ASN1_TIME asnTime; struct tm tm; XMEMSET(&asnTime, 0, sizeof(ASN1_TIME)); AssertIntEQ(ASN1_TIME_set_string(&asnTime, "000222211515Z"), 1); AssertIntEQ(ASN1_TIME_to_tm(&asnTime, NULL), 1); AssertIntEQ(ASN1_TIME_to_tm(&asnTime, &tm), 1); AssertIntEQ(tm.tm_sec, 15); AssertIntEQ(tm.tm_min, 15); AssertIntEQ(tm.tm_hour, 21); AssertIntEQ(tm.tm_mday, 22); AssertIntEQ(tm.tm_mon, 1); AssertIntEQ(tm.tm_year, 100); AssertIntEQ(tm.tm_isdst, 0); #ifdef XMKTIME AssertIntEQ(tm.tm_wday, 2); AssertIntEQ(tm.tm_yday, 52); #endif AssertIntEQ(ASN1_TIME_set_string(&asnTime, "500222211515Z"), 1); AssertIntEQ(ASN1_TIME_to_tm(&asnTime, &tm), 1); AssertIntEQ(tm.tm_year, 50); /* Get current time. */ AssertIntEQ(ASN1_TIME_to_tm(NULL, NULL), 0); AssertIntEQ(ASN1_TIME_to_tm(NULL, &tm), 1); XMEMSET(&asnTime, 0, sizeof(ASN1_TIME)); /* 0 length. */ AssertIntEQ(ASN1_TIME_to_tm(&asnTime, &tm), 0); /* No type. */ asnTime.length = 1; AssertIntEQ(ASN1_TIME_to_tm(&asnTime, &tm), 0); /* Not UTCTIME length. */ asnTime.type = V_ASN1_UTCTIME; AssertIntEQ(ASN1_TIME_to_tm(&asnTime, &tm), 0); /* Not GENERALIZEDTIME length. */ asnTime.type = V_ASN1_GENERALIZEDTIME; AssertIntEQ(ASN1_TIME_to_tm(&asnTime, &tm), 0); /* Not Zulu timezone. */ AssertIntEQ(ASN1_TIME_set_string(&asnTime, "000222211515U"), 1); AssertIntEQ(ASN1_TIME_to_tm(&asnTime, &tm), 0); AssertIntEQ(ASN1_TIME_set_string(&asnTime, "20000222211515U"), 1); AssertIntEQ(ASN1_TIME_to_tm(&asnTime, &tm), 0); res = TEST_RES_CHECK(1); #endif return res; } static int test_wolfSSL_ASN1_TIME_to_generalizedtime(void) { int res = TEST_SKIPPED; #if defined(OPENSSL_EXTRA) && !defined(NO_ASN_TIME) WOLFSSL_ASN1_TIME *t; WOLFSSL_ASN1_TIME *out; WOLFSSL_ASN1_TIME *gtime; int tlen = 0; unsigned char *data; AssertNotNull(t = wolfSSL_ASN1_TIME_new()); AssertNull(wolfSSL_ASN1_TIME_to_generalizedtime(NULL, &out)); /* type not set. */ AssertNull(wolfSSL_ASN1_TIME_to_generalizedtime(t, &out)); XFREE(t, NULL, DYNAMIC_TYPE_TMP_BUFFER); /* UTC Time test */ AssertNotNull(t = wolfSSL_ASN1_TIME_new()); XMEMSET(t->data, 0, ASN_GENERALIZED_TIME_SIZE); t->type = ASN_UTC_TIME; t->length = ASN_UTC_TIME_SIZE; XMEMCPY(t->data, "050727123456Z", ASN_UTC_TIME_SIZE); tlen = wolfSSL_ASN1_TIME_get_length(t); AssertIntEQ(tlen, ASN_UTC_TIME_SIZE); data = wolfSSL_ASN1_TIME_get_data(t); AssertStrEQ((char*)data, "050727123456Z"); out = NULL; gtime = wolfSSL_ASN1_TIME_to_generalizedtime(t, &out); wolfSSL_ASN1_TIME_free(gtime); AssertNotNull(out = wolfSSL_ASN1_TIME_new()); gtime = wolfSSL_ASN1_TIME_to_generalizedtime(t, &out); AssertPtrEq(gtime, out); AssertIntEQ(gtime->type, ASN_GENERALIZED_TIME); AssertIntEQ(gtime->length, ASN_GENERALIZED_TIME_SIZE); AssertStrEQ((char*)gtime->data, "20050727123456Z"); /* Generalized Time test */ XMEMSET(t, 0, ASN_GENERALIZED_TIME_SIZE); XMEMSET(out, 0, ASN_GENERALIZED_TIME_SIZE); XMEMSET(data, 0, ASN_GENERALIZED_TIME_SIZE); t->type = ASN_GENERALIZED_TIME; t->length = ASN_GENERALIZED_TIME_SIZE; XMEMCPY(t->data, "20050727123456Z", ASN_GENERALIZED_TIME_SIZE); tlen = wolfSSL_ASN1_TIME_get_length(t); AssertIntEQ(tlen, ASN_GENERALIZED_TIME_SIZE); data = wolfSSL_ASN1_TIME_get_data(t); AssertStrEQ((char*)data, "20050727123456Z"); gtime = wolfSSL_ASN1_TIME_to_generalizedtime(t, &out); AssertIntEQ(gtime->type, ASN_GENERALIZED_TIME); AssertIntEQ(gtime->length, ASN_GENERALIZED_TIME_SIZE); AssertStrEQ((char*)gtime->data, "20050727123456Z"); /* UTC Time to Generalized Time 1900's test */ XMEMSET(t, 0, ASN_GENERALIZED_TIME_SIZE); XMEMSET(out, 0, ASN_GENERALIZED_TIME_SIZE); XMEMSET(data, 0, ASN_GENERALIZED_TIME_SIZE); t->type = ASN_UTC_TIME; t->length = ASN_UTC_TIME_SIZE; XMEMCPY(t->data, "500727123456Z", ASN_UTC_TIME_SIZE); gtime = wolfSSL_ASN1_TIME_to_generalizedtime(t, &out); AssertIntEQ(gtime->type, ASN_GENERALIZED_TIME); AssertIntEQ(gtime->length, ASN_GENERALIZED_TIME_SIZE); AssertStrEQ((char*)gtime->data, "19500727123456Z"); XFREE(out, NULL, DYNAMIC_TYPE_TMP_BUFFER); /* Null parameter test */ XMEMSET(t, 0, ASN_GENERALIZED_TIME_SIZE); gtime = NULL; out = NULL; t->type = ASN_UTC_TIME; t->length = ASN_UTC_TIME_SIZE; XMEMCPY(t->data, "050727123456Z", ASN_UTC_TIME_SIZE); AssertNotNull(gtime = wolfSSL_ASN1_TIME_to_generalizedtime(t, NULL)); AssertIntEQ(gtime->type, ASN_GENERALIZED_TIME); AssertIntEQ(gtime->length, ASN_GENERALIZED_TIME_SIZE); AssertStrEQ((char*)gtime->data, "20050727123456Z"); XFREE(gtime, NULL, DYNAMIC_TYPE_TMP_BUFFER); XFREE(t, NULL, DYNAMIC_TYPE_TMP_BUFFER); res = TEST_RES_CHECK(1); #endif return res; } static int test_wolfSSL_ASN1_TIME_print(void) { int res = TEST_SKIPPED; #if !defined(NO_CERTS) && !defined(NO_RSA) && !defined(NO_BIO) && \ (defined(WOLFSSL_MYSQL_COMPATIBLE) || defined(WOLFSSL_NGINX) || \ defined(WOLFSSL_HAPROXY) || defined(OPENSSL_EXTRA) || \ defined(OPENSSL_ALL)) && defined(USE_CERT_BUFFERS_2048) && \ !defined(NO_ASN_TIME) BIO* bio; BIO* fixed; X509* x509; const unsigned char* der = client_cert_der_2048; ASN1_TIME* notAfter; ASN1_TIME* notBefore; unsigned char buf[25]; AssertNotNull(bio = BIO_new(BIO_s_mem())); AssertNotNull(fixed = BIO_new(wolfSSL_BIO_s_fixed_mem())); AssertNotNull(x509 = wolfSSL_X509_load_certificate_buffer(der, sizeof_client_cert_der_2048, WOLFSSL_FILETYPE_ASN1)); AssertNotNull(notBefore = X509_get_notBefore(x509)); AssertIntEQ(ASN1_TIME_print(NULL, NULL), 0); AssertIntEQ(ASN1_TIME_print(bio, NULL), 0); AssertIntEQ(ASN1_TIME_print(NULL, notBefore), 0); AssertIntEQ(ASN1_TIME_print(bio, notBefore), 1); AssertIntEQ(BIO_read(bio, buf, sizeof(buf)), 24); AssertIntEQ(XMEMCMP(buf, "Dec 16 21:17:49 2022 GMT", sizeof(buf) - 1), 0); /* Test BIO_write fails. */ AssertIntEQ(BIO_set_write_buf_size(fixed, 1), 1); /* Ensure there is 0 bytes avaialble to write into. */ AssertIntEQ(BIO_write(fixed, buf, 1), 1); AssertIntEQ(ASN1_TIME_print(fixed, notBefore), 0); AssertIntEQ(BIO_set_write_buf_size(fixed, 1), 1); AssertIntEQ(ASN1_TIME_print(fixed, notBefore), 0); AssertIntEQ(BIO_set_write_buf_size(fixed, 23), 1); AssertIntEQ(ASN1_TIME_print(fixed, notBefore), 0); /* create a bad time and test results */ AssertNotNull(notAfter = X509_get_notAfter(x509)); AssertIntEQ(ASN1_TIME_check(notAfter), 1); notAfter->data[8] = 0; notAfter->data[3] = 0; AssertIntNE(ASN1_TIME_print(bio, notAfter), 1); AssertIntEQ(BIO_read(bio, buf, sizeof(buf)), 14); AssertIntEQ(XMEMCMP(buf, "Bad time value", 14), 0); AssertIntEQ(ASN1_TIME_check(notAfter), 0); BIO_free(bio); BIO_free(fixed); X509_free(x509); res = TEST_RES_CHECK(1); #endif return res; } static int test_wolfSSL_ASN1_UTCTIME_print(void) { int res = TEST_SKIPPED; #if defined(OPENSSL_EXTRA) && !defined(NO_ASN_TIME) && !defined(NO_BIO) BIO* bio; ASN1_UTCTIME* utc = NULL; unsigned char buf[25]; const char* validDate = "190424111501Z"; /* UTC = YYMMDDHHMMSSZ */ const char* invalidDate = "190424111501X"; /* UTC = YYMMDDHHMMSSZ */ const char* genDate = "20190424111501Z"; /* GEN = YYYYMMDDHHMMSSZ */ /* Valid date */ AssertNotNull(bio = BIO_new(BIO_s_mem())); AssertNotNull(utc = (ASN1_UTCTIME*)XMALLOC(sizeof(ASN1_UTCTIME), NULL, DYNAMIC_TYPE_ASN1)); utc->type = ASN_UTC_TIME; utc->length = ASN_UTC_TIME_SIZE; XMEMCPY(utc->data, (byte*)validDate, ASN_UTC_TIME_SIZE); AssertIntEQ(ASN1_UTCTIME_print(NULL, NULL), 0); AssertIntEQ(ASN1_UTCTIME_print(bio, NULL), 0); AssertIntEQ(ASN1_UTCTIME_print(NULL, utc), 0); AssertIntEQ(ASN1_UTCTIME_print(bio, utc), 1); AssertIntEQ(BIO_read(bio, buf, sizeof(buf)), 24); AssertIntEQ(XMEMCMP(buf, "Apr 24 11:15:01 2019 GMT", sizeof(buf)-1), 0); XMEMSET(buf, 0, sizeof(buf)); BIO_free(bio); /* Invalid format */ AssertNotNull(bio = BIO_new(BIO_s_mem())); utc->type = ASN_UTC_TIME; utc->length = ASN_UTC_TIME_SIZE; XMEMCPY(utc->data, (byte*)invalidDate, ASN_UTC_TIME_SIZE); AssertIntEQ(ASN1_UTCTIME_print(bio, utc), 0); AssertIntEQ(BIO_read(bio, buf, sizeof(buf)), 14); AssertIntEQ(XMEMCMP(buf, "Bad time value", 14), 0); /* Invalid type */ utc->type = ASN_GENERALIZED_TIME; utc->length = ASN_GENERALIZED_TIME_SIZE; XMEMCPY(utc->data, (byte*)genDate, ASN_GENERALIZED_TIME_SIZE); AssertIntEQ(ASN1_UTCTIME_print(bio, utc), 0); XFREE(utc, NULL, DYNAMIC_TYPE_ASN1); BIO_free(bio); res = TEST_RES_CHECK(1); #endif /* OPENSSL_EXTRA && !NO_ASN_TIME && !NO_BIO */ return res; } static int test_wolfSSL_ASN1_TYPE(void) { int res = TEST_SKIPPED; #if defined(OPENSSL_ALL) || defined(WOLFSSL_APACHE_HTTPD) || \ defined(WOLFSSL_HAPROXY) || defined(WOLFSSL_WPAS) WOLFSSL_ASN1_TYPE* t; WOLFSSL_ASN1_OBJECT* obj; #ifndef NO_ASN_TIME WOLFSSL_ASN1_TIME* time; #endif WOLFSSL_ASN1_STRING* str; unsigned char data[] = { 0x00 }; ASN1_TYPE_set(NULL, V_ASN1_NULL, NULL); AssertNotNull(t = wolfSSL_ASN1_TYPE_new()); ASN1_TYPE_set(t, V_ASN1_EOC, NULL); wolfSSL_ASN1_TYPE_free(t); AssertNotNull(t = wolfSSL_ASN1_TYPE_new()); ASN1_TYPE_set(t, V_ASN1_NULL, NULL); ASN1_TYPE_set(t, V_ASN1_NULL, data); wolfSSL_ASN1_TYPE_free(t); AssertNotNull(t = wolfSSL_ASN1_TYPE_new()); AssertNotNull(obj = wolfSSL_ASN1_OBJECT_new()); ASN1_TYPE_set(t, V_ASN1_OBJECT, obj); wolfSSL_ASN1_TYPE_free(t); #ifndef NO_ASN_TIME AssertNotNull(t = wolfSSL_ASN1_TYPE_new()); AssertNotNull(time = wolfSSL_ASN1_TIME_new()); ASN1_TYPE_set(t, V_ASN1_UTCTIME, time); wolfSSL_ASN1_TYPE_free(t); AssertNotNull(t = wolfSSL_ASN1_TYPE_new()); AssertNotNull(time = wolfSSL_ASN1_TIME_new()); ASN1_TYPE_set(t, V_ASN1_GENERALIZEDTIME, time); wolfSSL_ASN1_TYPE_free(t); #endif AssertNotNull(t = wolfSSL_ASN1_TYPE_new()); AssertNotNull(str = wolfSSL_ASN1_STRING_new()); ASN1_TYPE_set(t, V_ASN1_UTF8STRING, str); wolfSSL_ASN1_TYPE_free(t); AssertNotNull(t = wolfSSL_ASN1_TYPE_new()); AssertNotNull(str = wolfSSL_ASN1_STRING_new()); ASN1_TYPE_set(t, V_ASN1_PRINTABLESTRING, str); wolfSSL_ASN1_TYPE_free(t); AssertNotNull(t = wolfSSL_ASN1_TYPE_new()); AssertNotNull(str = wolfSSL_ASN1_STRING_new()); ASN1_TYPE_set(t, V_ASN1_T61STRING, str); wolfSSL_ASN1_TYPE_free(t); AssertNotNull(t = wolfSSL_ASN1_TYPE_new()); AssertNotNull(str = wolfSSL_ASN1_STRING_new()); ASN1_TYPE_set(t, V_ASN1_IA5STRING, str); wolfSSL_ASN1_TYPE_free(t); AssertNotNull(t = wolfSSL_ASN1_TYPE_new()); AssertNotNull(str = wolfSSL_ASN1_STRING_new()); ASN1_TYPE_set(t, V_ASN1_UNIVERSALSTRING, str); wolfSSL_ASN1_TYPE_free(t); AssertNotNull(t = wolfSSL_ASN1_TYPE_new()); AssertNotNull(str = wolfSSL_ASN1_STRING_new()); ASN1_TYPE_set(t, V_ASN1_SEQUENCE, str); wolfSSL_ASN1_TYPE_free(t); res = TEST_RES_CHECK(1); #endif return res; } /* Testing code used in dpp.c in hostap */ #if defined(OPENSSL_ALL) && defined(HAVE_ECC) && defined(USE_CERT_BUFFERS_256) typedef struct { /* AlgorithmIdentifier ecPublicKey with optional parameters present * as an OID identifying the curve */ X509_ALGOR *alg; /* Compressed format public key per ANSI X9.63 */ ASN1_BIT_STRING *pub_key; } DPP_BOOTSTRAPPING_KEY; ASN1_SEQUENCE(DPP_BOOTSTRAPPING_KEY) = { ASN1_SIMPLE(DPP_BOOTSTRAPPING_KEY, alg, X509_ALGOR), ASN1_SIMPLE(DPP_BOOTSTRAPPING_KEY, pub_key, ASN1_BIT_STRING) } ASN1_SEQUENCE_END(DPP_BOOTSTRAPPING_KEY) IMPLEMENT_ASN1_FUNCTIONS(DPP_BOOTSTRAPPING_KEY) typedef struct { ASN1_INTEGER *integer; } TEST_ASN1; #define WOLFSSL_ASN1_INTEGER_ASN1 2 ASN1_SEQUENCE(TEST_ASN1) = { ASN1_SIMPLE(TEST_ASN1, integer, ASN1_INTEGER), } ASN1_SEQUENCE_END(TEST_ASN1) IMPLEMENT_ASN1_FUNCTIONS(TEST_ASN1) #endif static int test_wolfSSL_IMPLEMENT_ASN1_FUNCTIONS(void) { int res = TEST_SKIPPED; /* Testing code used in dpp.c in hostap */ #if defined(OPENSSL_ALL) && defined(HAVE_ECC) && defined(USE_CERT_BUFFERS_256) #if !defined(HAVE_FIPS) || (defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION>2)) EC_KEY *eckey; EVP_PKEY *key; size_t len; unsigned char *der = NULL; DPP_BOOTSTRAPPING_KEY *bootstrap = NULL; const unsigned char *in = ecc_clikey_der_256; const EC_GROUP *group; const EC_POINT *point; int nid; TEST_ASN1 test_asn1; const unsigned char badObjDer[] = { 0x06, 0x00 }; const unsigned char goodObjDer[] = { 0x06, 0x07, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x02, 0x01 }; WOLFSSL_ASN1_ITEM emptyTemplate; XMEMSET(&emptyTemplate, 0, sizeof(WOLFSSL_ASN1_ITEM)); AssertNotNull(bootstrap = DPP_BOOTSTRAPPING_KEY_new()); der = NULL; AssertIntEQ(i2d_DPP_BOOTSTRAPPING_KEY(NULL, &der), 0); AssertIntEQ(wolfSSL_ASN1_item_i2d(bootstrap, &der, NULL), 0); AssertIntEQ(i2d_DPP_BOOTSTRAPPING_KEY(bootstrap, &der), 0); AssertNotNull(key = d2i_PrivateKey(EVP_PKEY_EC, NULL, &in, (long)sizeof_ecc_clikey_der_256)); AssertNotNull(eckey = EVP_PKEY_get1_EC_KEY(key)); AssertNotNull(group = EC_KEY_get0_group(eckey)); AssertNotNull(point = EC_KEY_get0_public_key(eckey)); nid = EC_GROUP_get_curve_name(group); AssertIntEQ(X509_ALGOR_set0(bootstrap->alg, OBJ_nid2obj(EVP_PKEY_EC), V_ASN1_OBJECT, OBJ_nid2obj(nid)), 1); AssertIntEQ(EC_POINT_point2oct(group, point, 0, NULL, 0, NULL), 0); #ifdef HAVE_COMP_KEY AssertIntGT((len = EC_POINT_point2oct( group, point, POINT_CONVERSION_COMPRESSED, NULL, 0, NULL)), 0); #else AssertIntGT((len = EC_POINT_point2oct( group, point, POINT_CONVERSION_UNCOMPRESSED, NULL, 0, NULL)), 0); #endif AssertNotNull(der = (unsigned char*)XMALLOC(len, NULL, DYNAMIC_TYPE_ASN1)); #ifdef HAVE_COMP_KEY AssertIntEQ(EC_POINT_point2oct(group, point, POINT_CONVERSION_COMPRESSED, der, len-1, NULL), 0); AssertIntEQ(EC_POINT_point2oct(group, point, POINT_CONVERSION_COMPRESSED, der, len, NULL), len); #else AssertIntEQ(EC_POINT_point2oct(group, point, POINT_CONVERSION_UNCOMPRESSED, der, len-1, NULL), 0); AssertIntEQ(EC_POINT_point2oct(group, point, POINT_CONVERSION_UNCOMPRESSED, der, len, NULL), len); #endif bootstrap->pub_key->data = der; bootstrap->pub_key->length = (int)len; /* Not actually used */ bootstrap->pub_key->flags &= ~(ASN1_STRING_FLAG_BITS_LEFT | 0x07); bootstrap->pub_key->flags |= ASN1_STRING_FLAG_BITS_LEFT; AssertIntGT(i2d_DPP_BOOTSTRAPPING_KEY(bootstrap, NULL), 0); der = NULL; AssertIntGT(i2d_DPP_BOOTSTRAPPING_KEY(bootstrap, &der), 0); AssertIntGT(i2d_DPP_BOOTSTRAPPING_KEY(bootstrap, &der), 0); XFREE(der, NULL, DYNAMIC_TYPE_ASN1); EVP_PKEY_free(key); EC_KEY_free(eckey); DPP_BOOTSTRAPPING_KEY_free(bootstrap); DPP_BOOTSTRAPPING_KEY_free(NULL); /* Create bootstrap key with bad OBJECT_ID DER data, parameter that is * a NULL and an empty BIT_STRING. */ AssertNotNull(bootstrap = DPP_BOOTSTRAPPING_KEY_new()); bootstrap->alg->algorithm = wolfSSL_ASN1_OBJECT_new(); bootstrap->alg->algorithm->obj = badObjDer; bootstrap->alg->algorithm->objSz = (unsigned int)sizeof(badObjDer); bootstrap->alg->parameter = wolfSSL_ASN1_TYPE_new(); bootstrap->alg->parameter->type = V_ASN1_NULL; bootstrap->alg->parameter->value.ptr = NULL; bootstrap->pub_key->data = NULL; bootstrap->pub_key->length = 0; /* Not actually used */ bootstrap->pub_key->flags &= ~(ASN1_STRING_FLAG_BITS_LEFT | 0x07); bootstrap->pub_key->flags |= ASN1_STRING_FLAG_BITS_LEFT; /* Encode with bad OBJECT_ID. */ der = NULL; AssertIntEQ(i2d_DPP_BOOTSTRAPPING_KEY(bootstrap, &der), 0); /* Fix OBJECT_ID and encode with empty BIT_STRING. */ bootstrap->alg->algorithm->obj = goodObjDer; bootstrap->alg->algorithm->objSz = (unsigned int)sizeof(goodObjDer); bootstrap->alg->algorithm->grp = 2; der = NULL; AssertIntEQ(i2d_DPP_BOOTSTRAPPING_KEY(bootstrap, &der), 16); AssertIntEQ(wolfSSL_ASN1_item_i2d(bootstrap, &der, &emptyTemplate), 0); XFREE(der, NULL, DYNAMIC_TYPE_ASN1); DPP_BOOTSTRAPPING_KEY_free(bootstrap); /* Test error cases. */ AssertNull(TEST_ASN1_new()); AssertNull(wolfSSL_ASN1_item_new(NULL)); TEST_ASN1_free(NULL); XMEMSET(&test_asn1, 0, sizeof(TEST_ASN1)); AssertIntEQ(i2d_TEST_ASN1(&test_asn1, &der), 0); res = TEST_RES_CHECK(1); #endif /* !HAVE_FIPS || HAVE_FIPS_VERSION > 2 */ #endif /* OPENSSL_ALL && HAVE_ECC && USE_CERT_BUFFERS_256 */ return res; } static int test_wolfSSL_lhash(void) { int res = TEST_SKIPPED; #ifdef OPENSSL_ALL const char testStr[] = "Like a true nature's child\n" "We were born\n" "Born to be wild"; #ifdef NO_SHA AssertIntEQ(lh_strhash(testStr), 0xf9dc8a43); #else AssertIntEQ(lh_strhash(testStr), 0x5b7541dc); #endif res = TEST_RES_CHECK(1); #endif return res; } static int test_wolfSSL_X509_NAME(void) { int res = TEST_SKIPPED; #if (defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL)) && \ !defined(NO_CERTS) && !defined(NO_FILESYSTEM) \ && !defined(NO_RSA) && defined(WOLFSSL_CERT_GEN) && \ (defined(WOLFSSL_CERT_REQ) || defined(WOLFSSL_CERT_EXT) || \ defined(OPENSSL_EXTRA)) X509* x509; const unsigned char* c; unsigned char buf[4096]; int bytes; XFILE f; const X509_NAME* a; const X509_NAME* b; X509_NAME* d2i_name = NULL; int sz; unsigned char* tmp; char file[] = "./certs/ca-cert.der"; #ifndef OPENSSL_EXTRA_X509_SMALL byte empty[] = { /* CN=empty emailAddress= */ 0x30, 0x21, 0x31, 0x0E, 0x30, 0x0C, 0x06, 0x03, 0x55, 0x04, 0x03, 0x0C, 0x05, 0x65, 0x6D, 0x70, 0x74, 0x79, 0x31, 0x0F, 0x30, 0x0D, 0x06, 0x09, 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x09, 0x01, 0x16, 0x00 }; #endif #ifndef OPENSSL_EXTRA_X509_SMALL /* test compile of deprecated function, returns 0 */ AssertIntEQ(CRYPTO_thread_id(), 0); #endif AssertNotNull(a = X509_NAME_new()); X509_NAME_free((X509_NAME*)a); f = XFOPEN(file, "rb"); AssertTrue(f != XBADFILE); bytes = (int)XFREAD(buf, 1, sizeof(buf), f); XFCLOSE(f); c = buf; AssertNotNull(x509 = wolfSSL_X509_d2i(NULL, c, bytes)); /* test cmp function */ AssertNotNull(a = X509_get_issuer_name(x509)); AssertNotNull(b = X509_get_subject_name(x509)); #ifndef OPENSSL_EXTRA_X509_SMALL AssertIntEQ(X509_NAME_cmp(a, b), 0); /* self signed should be 0 */ #endif tmp = buf; AssertIntGT((sz = i2d_X509_NAME((X509_NAME*)a, &tmp)), 0); if (sz > 0 && tmp == buf) { fprintf(stderr, "\nERROR - %s line %d failed with:", __FILE__, __LINE__); fprintf(stderr, " Expected pointer to be incremented\n"); abort(); } #ifndef OPENSSL_EXTRA_X509_SMALL tmp = buf; AssertNotNull(d2i_name = d2i_X509_NAME(NULL, &tmp, sz)); #endif /* if output parameter is NULL, should still return required size. */ AssertIntGT((sz = i2d_X509_NAME((X509_NAME*)b, NULL)), 0); /* retry but with the function creating a buffer */ tmp = NULL; AssertIntGT((sz = i2d_X509_NAME((X509_NAME*)b, &tmp)), 0); XFREE(tmp, NULL, DYNAMIC_TYPE_OPENSSL); #ifdef WOLFSSL_CERT_NAME_ALL /* test for givenName and name */ { WOLFSSL_X509_NAME_ENTRY* entry; const byte gName[] = "test-given-name"; const byte name[] = "test-name"; entry = wolfSSL_X509_NAME_ENTRY_create_by_NID(NULL, NID_givenName, ASN_UTF8STRING, gName, sizeof(gName)); AssertNotNull(entry); wolfSSL_X509_NAME_add_entry((X509_NAME*)b, entry, -1, 0); wolfSSL_X509_NAME_ENTRY_free(entry); entry = wolfSSL_X509_NAME_ENTRY_create_by_NID(NULL, NID_name, ASN_UTF8STRING, name, sizeof(name)); AssertNotNull(entry); wolfSSL_X509_NAME_add_entry((X509_NAME*)b, entry, -1, 0); wolfSSL_X509_NAME_ENTRY_free(entry); tmp = NULL; AssertIntGT((sz = i2d_X509_NAME((X509_NAME*)b, &tmp)), 0); XFREE(tmp, NULL, DYNAMIC_TYPE_OPENSSL); } #endif AssertNotNull(b = X509_NAME_dup((X509_NAME*)a)); #ifndef OPENSSL_EXTRA_X509_SMALL AssertIntEQ(X509_NAME_cmp(a, b), 0); #endif X509_NAME_free((X509_NAME*)b); X509_NAME_free(d2i_name); X509_free(x509); #ifndef OPENSSL_EXTRA_X509_SMALL /* test with an empty domain component */ tmp = empty; sz = sizeof(empty); AssertNotNull(d2i_name = d2i_X509_NAME(NULL, &tmp, sz)); AssertIntEQ(X509_NAME_entry_count(d2i_name), 2); /* size of empty emailAddress will be 0 */ tmp = buf; AssertIntEQ(X509_NAME_get_text_by_NID(d2i_name, NID_emailAddress, (char*)tmp, sizeof(buf)), 0); /* should contain no organization name */ tmp = buf; AssertIntEQ(X509_NAME_get_text_by_NID(d2i_name, NID_organizationName, (char*)tmp, sizeof(buf)), -1); X509_NAME_free(d2i_name); #endif res = TEST_RES_CHECK(1); #endif /* defined(OPENSSL_EXTRA) && !defined(NO_DES3) */ return res; } static int test_wolfSSL_X509_NAME_hash(void) { int res = TEST_SKIPPED; #if defined(OPENSSL_EXTRA) && !defined(NO_FILESYSTEM) \ && !defined(NO_RSA) && !defined(NO_SHA) && !defined(NO_BIO) BIO* bio; X509* x509 = NULL; AssertNotNull(bio = BIO_new(BIO_s_file())); AssertIntGT(BIO_read_filename(bio, svrCertFile), 0); AssertNotNull(PEM_read_bio_X509(bio, &x509, NULL, NULL)); AssertIntEQ(X509_NAME_hash(X509_get_subject_name(x509)), 0x137DC03F); AssertIntEQ(X509_NAME_hash(X509_get_issuer_name(x509)), 0xFDB2DA4); X509_free(x509); BIO_free(bio); res = TEST_RES_CHECK(1); #endif return res; } static int test_wolfSSL_X509_NAME_print_ex(void) { int res = TEST_SKIPPED; #if (defined(OPENSSL_ALL) || (defined(OPENSSL_EXTRA) && \ (defined(HAVE_STUNNEL) || defined(WOLFSSL_NGINX) || \ defined(HAVE_LIGHTY) || defined(WOLFSSL_HAPROXY) || \ defined(WOLFSSL_OPENSSH) || defined(HAVE_SBLIM_SFCB)))) && \ !defined(NO_BIO) && !defined(NO_RSA) int memSz; byte* mem = NULL; BIO* bio = NULL; BIO* membio = NULL; X509* x509 = NULL; X509_NAME* name = NULL; const char* expNormal = "C=US, CN=wolfssl.com"; const char* expReverse = "CN=wolfssl.com, C=US"; const char* expNotEscaped = "C= US,+\"\\ , CN=#wolfssl.com<>;"; const char* expNotEscapedRev = "CN=#wolfssl.com<>;, C= US,+\"\\ "; const char* expRFC5523 = "CN=\\#wolfssl.com\\<\\>\\;, C=\\ US\\,\\+\\\"\\\\\\ "; /* Test with real cert (svrCertFile) first */ AssertNotNull(bio = BIO_new(BIO_s_file())); AssertIntGT(BIO_read_filename(bio, svrCertFile), 0); AssertNotNull(PEM_read_bio_X509(bio, &x509, NULL, NULL)); AssertNotNull(name = X509_get_subject_name(x509)); /* Test without flags */ AssertNotNull(membio = BIO_new(BIO_s_mem())); AssertIntEQ(X509_NAME_print_ex(membio, name, 0, 0), WOLFSSL_SUCCESS); BIO_free(membio); /* Test flag: XN_FLAG_RFC2253 */ AssertNotNull(membio = BIO_new(BIO_s_mem())); AssertIntEQ(X509_NAME_print_ex(membio, name, 0, XN_FLAG_RFC2253), WOLFSSL_SUCCESS); BIO_free(membio); /* Test flag: XN_FLAG_RFC2253 | XN_FLAG_DN_REV */ AssertNotNull(membio = BIO_new(BIO_s_mem())); AssertIntEQ(X509_NAME_print_ex(membio, name, 0, XN_FLAG_RFC2253 | XN_FLAG_DN_REV), WOLFSSL_SUCCESS); BIO_free(membio); X509_free(x509); BIO_free(bio); /* Test normal case without escaped characters */ { /* Create name: "/C=US/CN=wolfssl.com" */ AssertNotNull(name = X509_NAME_new()); AssertIntEQ(X509_NAME_add_entry_by_txt(name, "countryName", MBSTRING_UTF8, (byte*)"US", 2, -1, 0), WOLFSSL_SUCCESS); AssertIntEQ(X509_NAME_add_entry_by_txt(name, "commonName", MBSTRING_UTF8, (byte*)"wolfssl.com", 11, -1, 0), WOLFSSL_SUCCESS); /* Test without flags */ AssertNotNull(membio = BIO_new(BIO_s_mem())); AssertIntEQ(X509_NAME_print_ex(membio, name, 0, 0), WOLFSSL_SUCCESS); AssertIntGE((memSz = BIO_get_mem_data(membio, &mem)), 0); AssertIntEQ(memSz, XSTRLEN(expNormal)); AssertIntEQ(XSTRNCMP((char*)mem, expNormal, XSTRLEN(expNormal)), 0); BIO_free(membio); /* Test flags: XN_FLAG_RFC2253 - should be reversed */ AssertNotNull(membio = BIO_new(BIO_s_mem())); AssertIntEQ(X509_NAME_print_ex(membio, name, 0, XN_FLAG_RFC2253), WOLFSSL_SUCCESS); AssertIntGE((memSz = BIO_get_mem_data(membio, &mem)), 0); AssertIntEQ(memSz, XSTRLEN(expReverse)); BIO_free(membio); /* Test flags: XN_FLAG_DN_REV - reversed */ AssertNotNull(membio = BIO_new(BIO_s_mem())); AssertIntEQ(X509_NAME_print_ex(membio, name, 0, XN_FLAG_DN_REV), WOLFSSL_SUCCESS); AssertIntGE((memSz = BIO_get_mem_data(membio, &mem)), 0); AssertIntEQ(memSz, XSTRLEN(expReverse)); AssertIntEQ(XSTRNCMP((char*)mem, expReverse, XSTRLEN(expReverse)), 0); BIO_free(membio); X509_NAME_free(name); } /* Test RFC2253 characters are escaped with backslashes */ { AssertNotNull(name = X509_NAME_new()); AssertIntEQ(X509_NAME_add_entry_by_txt(name, "countryName", /* space at beginning and end, and: ,+"\ */ MBSTRING_UTF8, (byte*)" US,+\"\\ ", 8, -1, 0), WOLFSSL_SUCCESS); AssertIntEQ(X509_NAME_add_entry_by_txt(name, "commonName", /* # at beginning, and: <>;*/ MBSTRING_UTF8, (byte*)"#wolfssl.com<>;", 15, -1, 0), WOLFSSL_SUCCESS); /* Test without flags */ AssertNotNull(membio = BIO_new(BIO_s_mem())); AssertIntEQ(X509_NAME_print_ex(membio, name, 0, 0), WOLFSSL_SUCCESS); AssertIntGE((memSz = BIO_get_mem_data(membio, &mem)), 0); AssertIntEQ(memSz, XSTRLEN(expNotEscaped)); AssertIntEQ(XSTRNCMP((char*)mem, expNotEscaped, XSTRLEN(expNotEscaped)), 0); BIO_free(membio); /* Test flags: XN_FLAG_RFC5523 - should be reversed and escaped */ AssertNotNull(membio = BIO_new(BIO_s_mem())); AssertIntEQ(X509_NAME_print_ex(membio, name, 0, XN_FLAG_RFC2253), WOLFSSL_SUCCESS); AssertIntGE((memSz = BIO_get_mem_data(membio, &mem)), 0); AssertIntEQ(memSz, XSTRLEN(expRFC5523)); AssertIntEQ(XSTRNCMP((char*)mem, expRFC5523, XSTRLEN(expRFC5523)), 0); BIO_free(membio); /* Test flags: XN_FLAG_DN_REV - reversed but not escaped */ AssertNotNull(membio = BIO_new(BIO_s_mem())); AssertIntEQ(X509_NAME_print_ex(membio, name, 0, XN_FLAG_DN_REV), WOLFSSL_SUCCESS); AssertIntGE((memSz = BIO_get_mem_data(membio, &mem)), 0); AssertIntEQ(memSz, XSTRLEN(expNotEscapedRev)); AssertIntEQ(XSTRNCMP((char*)mem, expNotEscapedRev, XSTRLEN(expNotEscapedRev)), 0); BIO_free(membio); X509_NAME_free(name); } res = TEST_RES_CHECK(1); #endif return res; } #ifndef NO_BIO static int test_wolfSSL_X509_INFO_multiple_info(void) { int res = TEST_SKIPPED; #if defined(OPENSSL_ALL) && !defined(NO_RSA) STACK_OF(X509_INFO) *info_stack; X509_INFO *info; int len; int i; const char* files[] = { cliCertFile, cliKeyFile, /* This needs to be the order as svrCertFile contains the * intermediate cert as well. */ svrKeyFile, svrCertFile, NULL, }; const char** curFile; BIO *fileBIO; BIO *concatBIO = NULL; byte tmp[FOURK_BUF]; /* concatenate the cert and the key file to force PEM_X509_INFO_read_bio * to group objects together. */ AssertNotNull(concatBIO = BIO_new(BIO_s_mem())); for (curFile = files; *curFile != NULL; curFile++) { int fileLen; AssertNotNull(fileBIO = BIO_new_file(*curFile, "rb")); fileLen = wolfSSL_BIO_get_len(fileBIO); while ((len = BIO_read(fileBIO, tmp, sizeof(tmp))) > 0) { AssertIntEQ(BIO_write(concatBIO, tmp, len), len); fileLen -= len; } /* Make sure we read the entire file */ AssertIntEQ(fileLen, 0); BIO_free(fileBIO); } AssertNotNull(info_stack = PEM_X509_INFO_read_bio(concatBIO, NULL, NULL, NULL)); AssertIntEQ(sk_X509_INFO_num(info_stack), 3); for (i = 0; i < sk_X509_INFO_num(info_stack); i++) { AssertNotNull(info = sk_X509_INFO_value(info_stack, i)); AssertNotNull(info->x509); AssertNull(info->crl); if (i != 0) { AssertNotNull(info->x_pkey); AssertIntEQ(X509_check_private_key(info->x509, info->x_pkey->dec_pkey), 1); } else { AssertNull(info->x_pkey); } } sk_X509_INFO_pop_free(info_stack, X509_INFO_free); BIO_free(concatBIO); res = TEST_RES_CHECK(1); #endif return res; } #endif #ifndef NO_BIO static int test_wolfSSL_X509_INFO(void) { int res = TEST_SKIPPED; #if defined(OPENSSL_ALL) && !defined(NO_RSA) STACK_OF(X509_INFO) *info_stack; X509_INFO *info; BIO *cert; int i; /* PEM in hex format to avoid null terminator */ byte data[] = { 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x42, 0x45, 0x47, 0x49, 0x4e, 0x20, 0x43, 0x45, 0x52, 0x54, 0x63, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x0a, 0x4d, 0x49, 0x49, 0x44, 0x4d, 0x54, 0x42, 0x75, 0x51, 0x3d, 0x0a, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x45, 0x4e, 0x44, 0x20, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d }; /* PEM in hex format to avoid null terminator */ byte data2[] = { 0x41, 0x53, 0x4e, 0x31, 0x20, 0x4f, 0x49, 0x44, 0x3a, 0x20, 0x70, 0x72, 0x69, 0x6d, 0x65, 0x32, 0x35, 0x36, 0x76, 0x31, 0x0a, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x42, 0x45, 0x47, 0x49, 0x4e, 0x20, 0x45, 0x43, 0x20, 0x50, 0x41, 0x52, 0x41, 0x4d, 0x45, 0x54, 0x45, 0x52, 0x53, 0x2d, 0x2d, 0x2d, 0x2d, 0x43, 0x65, 0x72, 0x74, 0x69, 0x2d, 0x0a, 0x42, 0x67, 0x67, 0x71, 0x68, 0x6b, 0x6a, 0x4f, 0x50, 0x51, 0x4d, 0x42, 0x42, 0x77, 0x3d, 0x3d, 0x0a, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d }; AssertNotNull(cert = BIO_new_file(cliCertFileExt, "rb")); AssertNotNull(info_stack = PEM_X509_INFO_read_bio(cert, NULL, NULL, NULL)); for (i = 0; i < sk_X509_INFO_num(info_stack); i++) { AssertNotNull(info = sk_X509_INFO_value(info_stack, i)); AssertNotNull(info->x509); AssertNull(info->crl); AssertNull(info->x_pkey); } sk_X509_INFO_pop_free(info_stack, X509_INFO_free); BIO_free(cert); AssertNotNull(cert = BIO_new_file(cliCertFileExt, "rb")); AssertNotNull(info_stack = PEM_X509_INFO_read_bio(cert, NULL, NULL, NULL)); sk_X509_INFO_pop_free(info_stack, X509_INFO_free); BIO_free(cert); /* This case should fail due to invalid input. */ AssertNotNull(cert = BIO_new(BIO_s_mem())); AssertIntEQ(BIO_write(cert, data, sizeof(data)), sizeof(data)); AssertNull(info_stack = PEM_X509_INFO_read_bio(cert, NULL, NULL, NULL)); sk_X509_INFO_pop_free(info_stack, X509_INFO_free); BIO_free(cert); AssertNotNull(cert = BIO_new(BIO_s_mem())); AssertIntEQ(BIO_write(cert, data2, sizeof(data2)), sizeof(data2)); AssertNull(info_stack = PEM_X509_INFO_read_bio(cert, NULL, NULL, NULL)); sk_X509_INFO_pop_free(info_stack, X509_INFO_free); BIO_free(cert); res = TEST_RES_CHECK(1); #endif return res; } #endif static int test_wolfSSL_X509_subject_name_hash(void) { int res = TEST_SKIPPED; #if defined(OPENSSL_EXTRA) && !defined(NO_CERTS) && !defined(NO_FILESYSTEM) \ && !defined(NO_RSA) && (!defined(NO_SHA) || !defined(NO_SHA256)) X509* x509; X509_NAME* subjectName = NULL; unsigned long ret1 = 0; unsigned long ret2 = 0; AssertNotNull(x509 = wolfSSL_X509_load_certificate_file(cliCertFile, SSL_FILETYPE_PEM)); AssertNotNull(subjectName = wolfSSL_X509_get_subject_name(x509)); /* These two * - X509_subject_name_hash(x509) * - X509_NAME_hash(X509_get_subject_name(x509)) * should give the same hash, if !defined(NO_SHA) is true. */ ret1 = X509_subject_name_hash(x509); AssertIntNE(ret1, 0); #if !defined(NO_SHA) ret2 = X509_NAME_hash(X509_get_subject_name(x509)); AssertIntNE(ret2, 0); AssertIntEQ(ret1, ret2); #else (void) ret2; #endif X509_free(x509); res = TEST_RES_CHECK(1); #endif return res; } static int test_wolfSSL_X509_issuer_name_hash(void) { int res = TEST_SKIPPED; #if defined(OPENSSL_EXTRA) && !defined(NO_CERTS) && !defined(NO_FILESYSTEM) \ && !defined(NO_RSA) && (!defined(NO_SHA) || !defined(NO_SHA256)) X509* x509; X509_NAME* issuertName = NULL; unsigned long ret1 = 0; unsigned long ret2 = 0; AssertNotNull(x509 = wolfSSL_X509_load_certificate_file(cliCertFile, SSL_FILETYPE_PEM)); AssertNotNull(issuertName = wolfSSL_X509_get_issuer_name(x509)); /* These two * - X509_issuer_name_hash(x509) * - X509_NAME_hash(X509_get_issuer_name(x509)) * should give the same hash, if !defined(NO_SHA) is true. */ ret1 = X509_issuer_name_hash(x509); AssertIntNE(ret1, 0); #if !defined(NO_SHA) ret2 = X509_NAME_hash(X509_get_issuer_name(x509)); AssertIntNE(ret2, 0); AssertIntEQ(ret1, ret2); #else (void) ret2; #endif X509_free(x509); res = TEST_RES_CHECK(1); #endif return res; } static int test_wolfSSL_X509_check_host(void) { int res = TEST_SKIPPED; #if defined(OPENSSL_EXTRA) && !defined(NO_CERTS) && !defined(NO_FILESYSTEM) \ && !defined(NO_SHA) && !defined(NO_RSA) X509* x509; const char altName[] = "example.com"; AssertNotNull(x509 = wolfSSL_X509_load_certificate_file(cliCertFile, SSL_FILETYPE_PEM)); AssertIntEQ(X509_check_host(x509, altName, XSTRLEN(altName), 0, NULL), WOLFSSL_SUCCESS); AssertIntEQ(X509_check_host(x509, NULL, 0, 0, NULL), WOLFSSL_FAILURE); X509_free(x509); AssertIntEQ(X509_check_host(NULL, altName, XSTRLEN(altName), 0, NULL), WOLFSSL_FAILURE); res = TEST_RES_CHECK(1); #endif return res; } static int test_wolfSSL_X509_check_email(void) { int res = TEST_SKIPPED; #if defined(OPENSSL_EXTRA) && defined(WOLFSSL_CERT_GEN) && !defined(NO_RSA) X509* x509; const char goodEmail[] = "info@wolfssl.com"; const char badEmail[] = "disinfo@wolfssl.com"; AssertNotNull(x509 = wolfSSL_X509_load_certificate_file(cliCertFile, SSL_FILETYPE_PEM)); /* Should fail on non-matching email address */ AssertIntEQ(wolfSSL_X509_check_email(x509, badEmail, XSTRLEN(badEmail), 0), WOLFSSL_FAILURE); /* Should succeed on matching email address */ AssertIntEQ(wolfSSL_X509_check_email(x509, goodEmail, XSTRLEN(goodEmail), 0), WOLFSSL_SUCCESS); /* Should compute length internally when not provided */ AssertIntEQ(wolfSSL_X509_check_email(x509, goodEmail, 0, 0), WOLFSSL_SUCCESS); /* Should fail when email address is NULL */ AssertIntEQ(wolfSSL_X509_check_email(x509, NULL, 0, 0), WOLFSSL_FAILURE); X509_free(x509); /* Should fail when x509 is NULL */ AssertIntEQ(wolfSSL_X509_check_email(NULL, goodEmail, 0, 0), WOLFSSL_FAILURE); res = TEST_RES_CHECK(1); #endif /* OPENSSL_EXTRA && WOLFSSL_CERT_GEN */ return res; } static int test_wolfSSL_DES(void) { int res = TEST_SKIPPED; #if defined(OPENSSL_EXTRA) && !defined(NO_DES3) const_DES_cblock myDes; DES_cblock iv; DES_key_schedule key; word32 i; DES_LONG dl; unsigned char msg[] = "hello wolfssl"; DES_check_key(1); DES_set_key(&myDes, &key); /* check, check of odd parity */ XMEMSET(myDes, 4, sizeof(const_DES_cblock)); myDes[0] = 6; /*set even parity*/ XMEMSET(key, 5, sizeof(DES_key_schedule)); AssertIntEQ(DES_set_key_checked(&myDes, &key), -1); AssertIntNE(key[0], myDes[0]); /* should not have copied over key */ /* set odd parity for success case */ DES_set_odd_parity(&myDes); AssertIntEQ(DES_check_key_parity(&myDes), 1); fprintf(stderr, "%02x %02x %02x %02x", myDes[0], myDes[1], myDes[2], myDes[3]); AssertIntEQ(DES_set_key_checked(&myDes, &key), 0); for (i = 0; i < sizeof(DES_key_schedule); i++) { AssertIntEQ(key[i], myDes[i]); } AssertIntEQ(DES_is_weak_key(&myDes), 0); /* check weak key */ XMEMSET(myDes, 1, sizeof(const_DES_cblock)); XMEMSET(key, 5, sizeof(DES_key_schedule)); AssertIntEQ(DES_set_key_checked(&myDes, &key), -2); AssertIntNE(key[0], myDes[0]); /* should not have copied over key */ /* now do unchecked copy of a weak key over */ DES_set_key_unchecked(&myDes, &key); /* compare arrays, should be the same */ for (i = 0; i < sizeof(DES_key_schedule); i++) { AssertIntEQ(key[i], myDes[i]); } AssertIntEQ(DES_is_weak_key(&myDes), 1); /* check DES_key_sched API */ XMEMSET(key, 1, sizeof(DES_key_schedule)); AssertIntEQ(DES_key_sched(&myDes, NULL), 0); AssertIntEQ(DES_key_sched(NULL, &key), 0); AssertIntEQ(DES_key_sched(&myDes, &key), 0); /* compare arrays, should be the same */ for (i = 0; i < sizeof(DES_key_schedule); i++) { AssertIntEQ(key[i], myDes[i]); } /* DES_cbc_cksum should return the last 4 of the last 8 bytes after * DES_cbc_encrypt on the input */ XMEMSET(iv, 0, sizeof(DES_cblock)); XMEMSET(myDes, 5, sizeof(DES_key_schedule)); AssertIntGT((dl = DES_cbc_cksum(msg, &key, sizeof(msg), &myDes, &iv)), 0); AssertIntEQ(dl, 480052723); res = TEST_RES_CHECK(1); #endif /* defined(OPENSSL_EXTRA) && !defined(NO_DES3) */ return res; } static int test_wc_PemToDer(void) { int res = TEST_SKIPPED; #if !defined(NO_CERTS) && defined(WOLFSSL_PEM_TO_DER) && !defined(NO_FILESYSTEM) int ret; DerBuffer* pDer = NULL; const char* ca_cert = "./certs/server-cert.pem"; byte* cert_buf = NULL; size_t cert_sz = 0; int eccKey = 0; EncryptedInfo info; XMEMSET(&info, 0, sizeof(info)); ret = load_file(ca_cert, &cert_buf, &cert_sz); if (ret == 0) { ret = wc_PemToDer(cert_buf, cert_sz, CERT_TYPE, &pDer, NULL, &info, &eccKey); AssertIntEQ(ret, 0); wc_FreeDer(&pDer); } if (cert_buf) free(cert_buf); #ifdef HAVE_ECC { const char* ecc_private_key = "./certs/ecc-privOnlyKey.pem"; byte key_buf[256] = {0}; /* Test fail of loading a key with cert type */ AssertIntEQ(load_file(ecc_private_key, &cert_buf, &cert_sz), 0); key_buf[0] = '\n'; XMEMCPY(key_buf + 1, cert_buf, cert_sz); AssertIntNE((ret = wc_PemToDer(key_buf, cert_sz + 1, CERT_TYPE, &pDer, NULL, &info, &eccKey)), 0); #ifdef OPENSSL_EXTRA AssertIntEQ((ret = wc_PemToDer(key_buf, cert_sz + 1, PRIVATEKEY_TYPE, &pDer, NULL, &info, &eccKey)), 0); #endif wc_FreeDer(&pDer); if (cert_buf) free(cert_buf); } #endif res = TEST_RES_CHECK(1); #endif return res; } static int test_wc_AllocDer(void) { int res = TEST_SKIPPED; #if !defined(NO_CERTS) int ret; DerBuffer* pDer = NULL; word32 testSize = 1024; ret = wc_AllocDer(&pDer, testSize, CERT_TYPE, HEAP_HINT); AssertIntEQ(ret, 0); AssertNotNull(pDer); wc_FreeDer(&pDer); res = TEST_RES_CHECK(1); #endif return res; } static int test_wc_CertPemToDer(void) { int res = TEST_SKIPPED; #if !defined(NO_CERTS) && defined(WOLFSSL_PEM_TO_DER) && !defined(NO_FILESYSTEM) int ret; const char* ca_cert = "./certs/ca-cert.pem"; byte* cert_buf = NULL; size_t cert_sz = 0, cert_dersz = 0; byte* cert_der = NULL; ret = load_file(ca_cert, &cert_buf, &cert_sz); if (ret == 0) { cert_dersz = cert_sz; /* DER will be smaller than PEM */ cert_der = (byte*)malloc(cert_dersz); if (cert_der) { ret = wc_CertPemToDer(cert_buf, (int)cert_sz, cert_der, (int)cert_dersz, CERT_TYPE); AssertIntGE(ret, 0); } } if (cert_der) free(cert_der); if (cert_buf) free(cert_buf); res = TEST_RES_CHECK(1); #endif return res; } static int test_wc_KeyPemToDer(void) { int res = TEST_SKIPPED; #if defined(WOLFSSL_PEM_TO_DER) && !defined(NO_FILESYSTEM) && !defined(NO_RSA) int ret; const byte cert_buf[] = \ "-----BEGIN PRIVATE KEY-----\n" "MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQDMG5KgWxP002pA\n" "QJIdA4H5N0oM1Wf0LrHcos5RYUlrHDkC2b5p2BUpVRPmgDAFD2+8leim98x0BvcB\n" "k48TNzrVynuwyVEY664+iQyzEBO5v27HPRydOddprbLCvRO036XINGIjauy1jHFi\n" "HaDVx3bexSwgp9aefUGAszFXi4q1J4GacV7Cr2b/wBqUHqWv4ZXPu6R9/UYngTkD\n" "UDJL5gLlLfcLzNyyodKPHPCIAKdWn6mSVdcHk8XVpK4y9lgz4E7YDWA6ohKZgWgG\n" "2RDha8CMilFMDgYa0G0SiS9g3PQx0qh3AMXJJsKSVhScFCZufAE0kV6KvjP7jAqP\n" "XBiSkRGPAgMBAAECggEAW7hmRyY2jRX2UMJThrM9VIs6fRLnYI0dQ0tsEJj536ay\n" "nevQjArc05KWW0Yujg+WRDZPcry3RUqd9Djlmhp/F3Si6dpF1b+PMS3wJYVrf9Sd\n" "SO5W7faArU4vnyBNe0HnY1Ta5xSVI65lg1RSIs88RTZwsooJwXYDGf0shq0/21CE\n" "V8HOb27DDYNcEnm35lzaONjFnMqQQT2Vs9anRrPiSEXNleEvTgLVXZtGTyCGTz6v\n" "x86Y8eSWL9YNHvPE1I+mDPuocfSR7eRNgRu7SK3mn94W5mqd7Ns072YKX/2XN1mO\n" "66+ZFHO6v4dK1u7cSjuwrU1EhLHpUsgDz6Bna5InyQKBgQDv5l8RPy8UneKSADaf\n" "M5L/5675I/5t4nqVjvbnQje00YveLTAEjlJBNR93Biln3sYgnvNamYDCxyEuUZ/I\n" "S/vmBL9PoxfGZow4FcsIBOEbIn3E0SYJgCBNWthquUvGpKsYDnThJuhO+1cVmxAJ\n" "BUOjLFnJYHM0a+Vmk9GexT2OBwKBgQDZzkUBOK7Im3eiYytFocUJyhqMH30d49X9\n" "ujC7kGw4UWAqVe7YCSvlBa8nzWpRWK2kRpu3M0272RU0V4geyWqT+nr/SvRRPtNP\n" "F5dY8l3yR7hjtSejqqjOfBcZT6ETJxI4tiG0+Nl5BlfM5M+0nxnkWpRcHuOR3j79\n" "YUFERyN+OQKBgQCjlOKeUAc6d65W/+4/AFvsQ378Q57qLtSHxsR1TKHPmlNVXFqx\n" "wJo1/JNIBduWCEHxXHF0BdfW+RGXE/FwEt/hKLuLAhrkHmjelX2sKieU6R/5ZOQa\n" "9lMQbDHGFDOncAF6leD85hriQGBRSzrT69MDIOrYdfwYcroqCAGX0cb3YQKBgQC8\n" "iIFQylj5SyHmjcMSNjKSA8CxFDzAV8yPIdE3Oo+CvGXqn5HsrRuy1hXE9VmXapR8\n" "A6ackSszdHiXY0FvrNe1mfdH7wDHJwPQjdIzazCJHS3uGQxj7sDKY7226ie6pXJv\n" "ZrCMr2/IBAaSVGm6ppHKCeIsT4ybYm7R85KEYLPHeQKBgBeJOMBinXQfWN/1jT9b\n" "6Ywrutvp2zP8hVxQGSZJ0WG4iewZyFLsPUlbWRXOSYNPElHmdD0ZomdLVm+lSpAA\n" "XSH5FJ/IFCwqq7Eft6Gf8NFRV+NjPMUny+PnjHe4oFP8YK/Ek22K3ttNG8Hw69Aw\n" "AQue5o6oVfhgLiJzMdo/77gw\n" "-----END PRIVATE KEY-----\n"; const int cert_sz = sizeof(cert_buf); const char cert_pw[] = "password"; int cert_dersz = 0; byte* cert_der = NULL; /* Bad arg: Cert buffer is NULL */ ret = wc_KeyPemToDer(NULL, cert_sz, cert_der, cert_dersz, ""); AssertIntEQ(ret, BAD_FUNC_ARG); /* Bad arg: Cert DER buffer non-NULL but size zero (or less) */ ret = wc_KeyPemToDer(cert_buf, cert_sz, (byte*)&cert_der, 0, ""); AssertIntEQ(ret, BAD_FUNC_ARG); /* Test normal operation */ cert_dersz = cert_sz; /* DER will be smaller than PEM */ cert_der = (byte*)malloc(cert_dersz); AssertNotNull(cert_der); if (cert_der) { ret = wc_KeyPemToDer(cert_buf, cert_sz, cert_der, cert_dersz, cert_pw); AssertIntGE(ret, 0); AssertIntLE(ret, cert_sz); free(cert_der); cert_der = NULL; ret = 0; } if (ret == 0) { /* Test NULL for DER buffer to return needed DER buffer size */ ret = wc_KeyPemToDer(cert_buf, cert_sz, NULL, 0, ""); AssertIntGT(ret, 0); AssertIntLE(ret, cert_sz); cert_dersz = ret; cert_der = (byte*)malloc(cert_dersz); AssertNotNull(cert_der); if (cert_der) { ret = wc_KeyPemToDer(cert_buf, cert_sz, cert_der, cert_dersz, cert_pw); AssertIntGE(ret, 0); AssertIntLE(ret, cert_sz); free(cert_der); cert_der = NULL; } } res = TEST_RES_CHECK(1); #endif return res; } static int test_wc_PubKeyPemToDer(void) { int res = TEST_SKIPPED; #if defined(WOLFSSL_PEM_TO_DER) && !defined(NO_FILESYSTEM) && \ (defined(WOLFSSL_CERT_EXT) || defined(WOLFSSL_PUB_PEM_TO_DER)) int ret; const char* key = "./certs/ecc-client-keyPub.pem"; byte* cert_buf = NULL; size_t cert_sz = 0, cert_dersz = 0; byte* cert_der = NULL; ret = wc_PubKeyPemToDer(cert_buf, (int)cert_sz, cert_der, (int)cert_dersz); AssertIntGE(ret, BAD_FUNC_ARG); ret = load_file(key, &cert_buf, &cert_sz); if (ret == 0) { cert_dersz = cert_sz; /* DER will be smaller than PEM */ cert_der = (byte*)malloc(cert_dersz); AssertNotNull(cert_der); if (cert_der) { ret = wc_PubKeyPemToDer(cert_buf, (int)cert_sz, cert_der, (int)cert_dersz); AssertIntGE(ret, 0); free(cert_der); cert_der = NULL; ret = 0; } } if (ret == 0) { /* Test NULL for DER buffer to return needed DER buffer size */ ret = wc_PubKeyPemToDer(cert_buf, (int)cert_sz, NULL, 0); AssertIntGT(ret, 0); AssertIntLE(ret, cert_sz); cert_dersz = ret; cert_der = (byte*)malloc(cert_dersz); AssertNotNull(cert_der); if (cert_der) { ret = wc_PubKeyPemToDer(cert_buf, (int)cert_sz, cert_der, (int)cert_dersz); AssertIntGE(ret, 0); free(cert_der); cert_der = NULL; } } if (cert_buf) { free(cert_buf); } res = TEST_RES_CHECK(1); #endif return res; } static int test_wc_PemPubKeyToDer(void) { int res = TEST_SKIPPED; #if !defined(NO_FILESYSTEM) && \ (defined(WOLFSSL_CERT_EXT) || defined(WOLFSSL_PUB_PEM_TO_DER)) int ret; const char* key = "./certs/ecc-client-keyPub.pem"; size_t cert_dersz = 1024; byte* cert_der = (byte*)malloc(cert_dersz); ret = wc_PemPubKeyToDer(NULL, cert_der, (int)cert_dersz); AssertIntGE(ret, BAD_FUNC_ARG); if (cert_der) { ret = wc_PemPubKeyToDer(key, cert_der, (int)cert_dersz); AssertIntGE(ret, 0); free(cert_der); } res = TEST_RES_CHECK(1); #endif return res; } static int test_wc_GetPubKeyDerFromCert(void) { int res = TEST_SKIPPED; #if !defined(NO_RSA) || defined(HAVE_ECC) int ret; word32 idx = 0; byte keyDer[TWOK_BUF]; /* large enough for up to RSA 2048 */ word32 keyDerSz = (word32)sizeof(keyDer); DecodedCert decoded; #if !defined(NO_RSA) && defined(WOLFSSL_CERT_REQ) && !defined(NO_FILESYSTEM) byte certBuf[6000]; /* for PEM and CSR, client-cert.pem is 5-6kB */ word32 certBufSz = sizeof(certBuf); #endif #if ((!defined(USE_CERT_BUFFERS_2048) && !defined(USE_CERT_BUFFERS_1024)) || \ defined(WOLFSSL_CERT_REQ)) && !defined(NO_RSA) && !defined(NO_FILESYSTEM) XFILE fp; #endif #ifndef NO_RSA RsaKey rsaKey; #if defined(USE_CERT_BUFFERS_2048) byte* rsaCertDer = (byte*)client_cert_der_2048; word32 rsaCertDerSz = sizeof_client_cert_der_2048; #elif defined(USE_CERT_BUFFERS_1024) byte* rsaCertDer = (byte*)client_cert_der_1024; word32 rsaCertDerSz = sizeof_client_cert_der_1024; #else unsigned char rsaCertDer[TWOK_BUF]; word32 rsaCertDerSz; #endif #endif #ifdef HAVE_ECC ecc_key eccKey; #if defined(USE_CERT_BUFFERS_256) byte* eccCert = (byte*)cliecc_cert_der_256; word32 eccCertSz = sizeof_cliecc_cert_der_256; #else unsigned char eccCert[ONEK_BUF]; word32 eccCertSz; XFILE fp2; #endif #endif #ifndef NO_RSA #if !defined(USE_CERT_BUFFERS_1024) && !defined(USE_CERT_BUFFERS_2048) fp = XFOPEN("./certs/1024/client-cert.der", "rb"); AssertTrue((fp != XBADFILE)); rsaCertDerSz = (word32)XFREAD(rsaCertDer, 1, sizeof(rsaCertDer), fp); XFCLOSE(fp); #endif /* good test case - RSA DER cert */ wc_InitDecodedCert(&decoded, rsaCertDer, rsaCertDerSz, NULL); ret = wc_ParseCert(&decoded, CERT_TYPE, NO_VERIFY, NULL); AssertIntEQ(ret, 0); ret = wc_GetPubKeyDerFromCert(&decoded, keyDer, &keyDerSz); AssertIntEQ(ret, 0); AssertIntGT(keyDerSz, 0); /* sanity check, verify we can import DER public key */ ret = wc_InitRsaKey(&rsaKey, HEAP_HINT); AssertIntEQ(ret, 0); ret = wc_RsaPublicKeyDecode(keyDer, &idx, &rsaKey, keyDerSz); AssertIntEQ(ret, 0); wc_FreeRsaKey(&rsaKey); /* test LENGTH_ONLY_E case */ keyDerSz = 0; ret = wc_GetPubKeyDerFromCert(&decoded, NULL, &keyDerSz); AssertIntEQ(ret, LENGTH_ONLY_E); AssertIntGT(keyDerSz, 0); /* bad args: DecodedCert NULL */ ret = wc_GetPubKeyDerFromCert(NULL, keyDer, &keyDerSz); AssertIntEQ(ret, BAD_FUNC_ARG); /* bad args: output key buff size */ ret = wc_GetPubKeyDerFromCert(&decoded, keyDer, NULL); AssertIntEQ(ret, BAD_FUNC_ARG); /* bad args: zero size output key buffer */ keyDerSz = 0; ret = wc_GetPubKeyDerFromCert(&decoded, keyDer, &keyDerSz); AssertIntEQ(ret, BAD_FUNC_ARG); wc_FreeDecodedCert(&decoded); /* Certificate Request Tests */ #if defined(WOLFSSL_CERT_REQ) && !defined(NO_FILESYSTEM) { XMEMSET(certBuf, 0, sizeof(certBuf)); fp = XFOPEN("./certs/csr.signed.der", "rb"); AssertTrue((fp != XBADFILE)); certBufSz = (word32)XFREAD(certBuf, 1, certBufSz, fp); XFCLOSE(fp); wc_InitDecodedCert(&decoded, certBuf, certBufSz, NULL); ret = wc_ParseCert(&decoded, CERTREQ_TYPE, VERIFY, NULL); AssertIntEQ(ret, 0); /* good test case - RSA DER certificate request */ keyDerSz = sizeof(keyDer); ret = wc_GetPubKeyDerFromCert(&decoded, keyDer, &keyDerSz); AssertIntEQ(ret, 0); AssertIntGT(keyDerSz, 0); /* sanity check, verify we can import DER public key */ ret = wc_InitRsaKey(&rsaKey, HEAP_HINT); AssertIntEQ(ret, 0); idx = 0; ret = wc_RsaPublicKeyDecode(keyDer, &idx, &rsaKey, keyDerSz); AssertIntEQ(ret, 0); wc_FreeRsaKey(&rsaKey); wc_FreeDecodedCert(&decoded); } #endif /* WOLFSSL_CERT_REQ */ #endif /* NO_RSA */ #ifdef HAVE_ECC #ifndef USE_CERT_BUFFERS_256 fp2 = XFOPEN("./certs/client-ecc-cert.der", "rb"); AssertTrue((fp2 != XBADFILE)); eccCertSz = (word32)XFREAD(eccCert, 1, ONEK_BUF, fp2); XFCLOSE(fp2); #endif wc_InitDecodedCert(&decoded, eccCert, eccCertSz, NULL); ret = wc_ParseCert(&decoded, CERT_TYPE, NO_VERIFY, NULL); AssertIntEQ(ret, 0); /* good test case - ECC */ XMEMSET(keyDer, 0, sizeof(keyDer)); keyDerSz = sizeof(keyDer); ret = wc_GetPubKeyDerFromCert(&decoded, keyDer, &keyDerSz); AssertIntEQ(ret, 0); AssertIntGT(keyDerSz, 0); /* sanity check, verify we can import DER public key */ ret = wc_ecc_init(&eccKey); AssertIntEQ(ret, 0); idx = 0; /* reset idx to 0, used above in RSA case */ ret = wc_EccPublicKeyDecode(keyDer, &idx, &eccKey, keyDerSz); AssertIntEQ(ret, 0); wc_ecc_free(&eccKey); /* test LENGTH_ONLY_E case */ keyDerSz = 0; ret = wc_GetPubKeyDerFromCert(&decoded, NULL, &keyDerSz); AssertIntEQ(ret, LENGTH_ONLY_E); AssertIntGT(keyDerSz, 0); wc_FreeDecodedCert(&decoded); #endif res = TEST_RES_CHECK(1); #endif /* !NO_RSA || HAVE_ECC */ return res; } static int test_wc_CheckCertSigPubKey(void) { int res = TEST_SKIPPED; #if defined(OPENSSL_EXTRA) && !defined(NO_CERTS) && !defined(NO_FILESYSTEM) && \ !defined(NO_RSA) && defined(WOLFSSL_PEM_TO_DER) && defined(HAVE_ECC) int ret; const char* ca_cert = "./certs/ca-cert.pem"; byte* cert_buf = NULL; size_t cert_sz = 0; byte* cert_der = NULL; word32 cert_dersz = 0; byte keyDer[TWOK_BUF]; /* large enough for up to RSA 2048 */ word32 keyDerSz = (word32)sizeof(keyDer); DecodedCert decoded; ret = load_file(ca_cert, &cert_buf, &cert_sz); if (ret == 0) { cert_dersz = (word32)cert_sz; /* DER will be smaller than PEM */ cert_der = (byte*)malloc(cert_dersz); if (cert_der) { ret = wc_CertPemToDer(cert_buf, (int)cert_sz, cert_der, (int)cert_dersz, CERT_TYPE); AssertIntGE(ret, 0); } } wc_InitDecodedCert(&decoded, cert_der, cert_dersz, NULL); ret = wc_ParseCert(&decoded, CERT_TYPE, NO_VERIFY, NULL); AssertIntEQ(ret, 0); ret = wc_GetPubKeyDerFromCert(&decoded, keyDer, &keyDerSz); AssertIntEQ(ret, 0); AssertIntGT(keyDerSz, 0); /* Good test case. */ ret = wc_CheckCertSigPubKey(cert_der, cert_dersz, NULL, keyDer, keyDerSz, RSAk); AssertIntEQ(ret, 0); /* No certificate. */ ret = wc_CheckCertSigPubKey(NULL, cert_dersz, NULL, keyDer, keyDerSz, ECDSAk); AssertIntEQ(ret, BAD_FUNC_ARG); /* Bad cert size. */ ret = wc_CheckCertSigPubKey(cert_der, 0, NULL, keyDer, keyDerSz, RSAk); AssertTrue(ret == ASN_PARSE_E || ret == BUFFER_E); /* No public key. */ ret = wc_CheckCertSigPubKey(cert_der, cert_dersz, NULL, NULL, keyDerSz, RSAk); AssertIntEQ(ret, ASN_NO_SIGNER_E); /* Bad public key size. */ ret = wc_CheckCertSigPubKey(cert_der, cert_dersz, NULL, keyDer, 0, RSAk); AssertIntEQ(ret, BAD_FUNC_ARG); /* Wrong aglo. */ ret = wc_CheckCertSigPubKey(cert_der, cert_dersz, NULL, keyDer, keyDerSz, ECDSAk); AssertIntEQ(ret, ASN_PARSE_E); wc_FreeDecodedCert(&decoded); if (cert_der) free(cert_der); if (cert_buf) free(cert_buf); res = TEST_RES_CHECK(1); #endif return res; } static int test_wolfSSL_certs(void) { int res = TEST_SKIPPED; #if defined(OPENSSL_EXTRA) && !defined(NO_CERTS) && !defined(NO_FILESYSTEM) && \ !defined(NO_RSA) X509* x509ext; #ifdef OPENSSL_ALL X509* x509; WOLFSSL_X509_EXTENSION* ext; ASN1_OBJECT* obj; #endif WOLFSSL* ssl; WOLFSSL_CTX* ctx; STACK_OF(ASN1_OBJECT)* sk; ASN1_STRING* asn1_str; AUTHORITY_KEYID* akey; BASIC_CONSTRAINTS* bc; int crit; #ifndef NO_WOLFSSL_SERVER AssertNotNull(ctx = SSL_CTX_new(SSLv23_server_method())); #else AssertNotNull(ctx = SSL_CTX_new(SSLv23_client_method())); #endif AssertTrue(SSL_CTX_use_certificate_file(ctx, svrCertFile, SSL_FILETYPE_PEM)); AssertTrue(SSL_CTX_use_PrivateKey_file(ctx, svrKeyFile, SSL_FILETYPE_PEM)); AssertTrue(SSL_CTX_use_PrivateKey_file(ctx, cliKeyFile, SSL_FILETYPE_PEM)); #if !defined(HAVE_USER_RSA) && !defined(NO_CHECK_PRIVATE_KEY) AssertIntEQ(SSL_CTX_check_private_key(ctx), SSL_FAILURE); #endif AssertTrue(SSL_CTX_use_PrivateKey_file(ctx, svrKeyFile, SSL_FILETYPE_PEM)); #if !defined(HAVE_USER_RSA) && !defined(NO_CHECK_PRIVATE_KEY) AssertIntEQ(SSL_CTX_check_private_key(ctx), SSL_SUCCESS); #endif AssertNotNull(ssl = SSL_new(ctx)); #if !defined(HAVE_USER_RSA) && !defined(NO_CHECK_PRIVATE_KEY) AssertIntEQ(wolfSSL_check_private_key(ssl), WOLFSSL_SUCCESS); #endif #ifdef HAVE_PK_CALLBACKS AssertIntEQ((int)SSL_set_tlsext_debug_arg(ssl, NULL), WOLFSSL_SUCCESS); #endif /* HAVE_PK_CALLBACKS */ /* create and use x509 */ #ifdef OPENSSL_ALL x509 = wolfSSL_X509_load_certificate_file(cliCertFile, WOLFSSL_FILETYPE_PEM); AssertNotNull(x509); #endif x509ext = wolfSSL_X509_load_certificate_file(cliCertFileExt, WOLFSSL_FILETYPE_PEM); AssertNotNull(x509ext); AssertIntEQ(SSL_use_certificate(ssl, x509ext), WOLFSSL_SUCCESS); #if !defined(HAVE_USER_RSA) && !defined(NO_CHECK_PRIVATE_KEY) /* with loading in a new cert the check on private key should now fail */ AssertIntNE(wolfSSL_check_private_key(ssl), WOLFSSL_SUCCESS); #endif #if defined(USE_CERT_BUFFERS_2048) AssertIntEQ(SSL_use_certificate_ASN1(ssl, (unsigned char*)server_cert_der_2048, sizeof_server_cert_der_2048), WOLFSSL_SUCCESS); #endif #if !defined(NO_SHA) && !defined(NO_SHA256) && !defined(NO_PWDBASED) /************* Get Digest of Certificate ******************/ { byte digest[64]; /* max digest size */ word32 digestSz; XMEMSET(digest, 0, sizeof(digest)); AssertIntEQ(X509_digest(x509ext, wolfSSL_EVP_sha1(), digest, &digestSz), WOLFSSL_SUCCESS); AssertIntEQ(X509_digest(x509ext, wolfSSL_EVP_sha256(), digest, &digestSz), WOLFSSL_SUCCESS); AssertIntEQ(X509_digest(NULL, wolfSSL_EVP_sha1(), digest, &digestSz), WOLFSSL_FAILURE); } #endif /* !NO_SHA && !NO_SHA256 && !NO_PWDBASED */ /* test and checkout X509 extensions */ bc = (BASIC_CONSTRAINTS*)X509_get_ext_d2i(x509ext, NID_basic_constraints, &crit, NULL); AssertNotNull(bc); AssertIntEQ(crit, 0); #ifdef OPENSSL_ALL ext = X509V3_EXT_i2d(NID_basic_constraints, crit, bc); AssertNotNull(ext); X509_EXTENSION_free(ext); AssertNotNull(ext = X509_EXTENSION_new()); X509_EXTENSION_set_critical(ext, 1); AssertNotNull(obj = OBJ_nid2obj(NID_basic_constraints)); AssertIntEQ(X509_EXTENSION_set_object(ext, obj), SSL_SUCCESS); ASN1_OBJECT_free(obj); X509_EXTENSION_free(ext); AssertNotNull(ext = X509_EXTENSION_new()); X509_EXTENSION_set_critical(ext, 0); AssertIntEQ(X509_EXTENSION_set_data(ext, NULL), SSL_FAILURE); asn1_str = (ASN1_STRING*)X509_get_ext_d2i(x509ext, NID_key_usage, &crit, NULL); AssertIntEQ(X509_EXTENSION_set_data(ext, asn1_str), SSL_SUCCESS); ASN1_STRING_free(asn1_str); /* X509_EXTENSION_set_data has made a copy * and X509_get_ext_d2i has created new */ X509_EXTENSION_free(ext); #endif BASIC_CONSTRAINTS_free(bc); asn1_str = (ASN1_STRING*)X509_get_ext_d2i(x509ext, NID_key_usage, &crit, NULL); AssertNotNull(asn1_str); AssertIntEQ(crit, 1); AssertIntEQ(asn1_str->type, NID_key_usage); #ifdef OPENSSL_ALL ext = X509V3_EXT_i2d(NID_key_usage, crit, asn1_str); AssertNotNull(ext); X509_EXTENSION_free(ext); #endif ASN1_STRING_free(asn1_str); #ifdef OPENSSL_ALL sk = (STACK_OF(ASN1_OBJECT)*)X509_get_ext_d2i(x509, NID_ext_key_usage, &crit, NULL); AssertNotNull(sk); ext = X509V3_EXT_i2d(NID_ext_key_usage, crit, sk); AssertNotNull(ext); X509_EXTENSION_free(ext); sk_ASN1_OBJECT_pop_free(sk, NULL); #else sk = (STACK_OF(ASN1_OBJECT)*)X509_get_ext_d2i(x509ext, NID_ext_key_usage, &crit, NULL); AssertNull(sk); #endif akey = (AUTHORITY_KEYID*)X509_get_ext_d2i(x509ext, NID_authority_key_identifier, &crit, NULL); AssertNotNull(akey); #ifdef OPENSSL_ALL ext = X509V3_EXT_i2d(NID_authority_key_identifier, crit, akey); AssertNotNull(ext); X509_EXTENSION_free(ext); #endif wolfSSL_AUTHORITY_KEYID_free(akey); sk = (STACK_OF(ASN1_OBJECT)*)X509_get_ext_d2i(x509ext, NID_private_key_usage_period, &crit, NULL); /* AssertNotNull(sk); NID not yet supported */ AssertIntEQ(crit, -1); sk_ASN1_OBJECT_free(sk); sk = (STACK_OF(GENERAL_NAME)*)X509_get_ext_d2i(x509ext, NID_subject_alt_name, &crit, NULL); { int i; for (i = 0; i < sk_GENERAL_NAME_num(sk); i++) { GENERAL_NAME* gen = sk_GENERAL_NAME_value(sk, i); AssertIntEQ(gen->type, GEN_DNS); AssertIntEQ(gen->d.dNSName->type, V_ASN1_IA5STRING); } } /* AssertNotNull(sk); no alt names set */ sk_GENERAL_NAME_free(sk); sk = (STACK_OF(ASN1_OBJECT)*)X509_get_ext_d2i(x509ext, NID_issuer_alt_name, &crit, NULL); /* AssertNotNull(sk); NID not yet supported */ AssertIntEQ(crit, -1); sk_ASN1_OBJECT_free(sk); sk = (STACK_OF(ASN1_OBJECT)*)X509_get_ext_d2i(x509ext, NID_info_access, &crit, NULL); /* AssertNotNull(sk); no auth info set */ sk_ASN1_OBJECT_free(sk); sk = (STACK_OF(ASN1_OBJECT)*)X509_get_ext_d2i(x509ext, NID_sinfo_access, &crit, NULL); /* AssertNotNull(sk); NID not yet supported */ AssertIntEQ(crit, -1); sk_ASN1_OBJECT_free(sk); sk = (STACK_OF(ASN1_OBJECT)*)X509_get_ext_d2i(x509ext, NID_name_constraints, &crit, NULL); /* AssertNotNull(sk); NID not yet supported */ AssertIntEQ(crit, -1); sk_ASN1_OBJECT_free(sk); sk = (STACK_OF(ASN1_OBJECT)*)X509_get_ext_d2i(x509ext, NID_certificate_policies, &crit, NULL); #if !defined(WOLFSSL_SEP) && !defined(WOLFSSL_CERT_EXT) AssertNull(sk); #else /* AssertNotNull(sk); no cert policy set */ #endif sk_ASN1_OBJECT_free(sk); sk = (STACK_OF(ASN1_OBJECT)*)X509_get_ext_d2i(x509ext, NID_policy_mappings, &crit, NULL); /* AssertNotNull(sk); NID not yet supported */ AssertIntEQ(crit, -1); sk_ASN1_OBJECT_free(sk); sk = (STACK_OF(ASN1_OBJECT)*)X509_get_ext_d2i(x509ext, NID_policy_constraints, &crit, NULL); /* AssertNotNull(sk); NID not yet supported */ AssertIntEQ(crit, -1); sk_ASN1_OBJECT_free(sk); sk = (STACK_OF(ASN1_OBJECT)*)X509_get_ext_d2i(x509ext, NID_inhibit_any_policy, &crit, NULL); /* AssertNotNull(sk); NID not yet supported */ AssertIntEQ(crit, -1); sk_ASN1_OBJECT_free(sk); sk = (STACK_OF(ASN1_OBJECT)*)X509_get_ext_d2i(x509ext, NID_tlsfeature, &crit, NULL); /* AssertNotNull(sk); NID not yet supported */ AssertIntEQ(crit, -1); sk_ASN1_OBJECT_free(sk); /* test invalid cases */ crit = 0; sk = (STACK_OF(ASN1_OBJECT)*)X509_get_ext_d2i(x509ext, -1, &crit, NULL); AssertNull(sk); AssertIntEQ(crit, -1); sk = (STACK_OF(ASN1_OBJECT)*)X509_get_ext_d2i(NULL, NID_tlsfeature, NULL, NULL); AssertNull(sk); AssertIntEQ(SSL_get_hit(ssl), 0); #ifdef OPENSSL_ALL X509_free(x509); #endif X509_free(x509ext); SSL_free(ssl); SSL_CTX_free(ctx); res = TEST_RES_CHECK(1); #endif /* OPENSSL_EXTRA && !NO_CERTS */ return res; } static int test_wolfSSL_X509_check_private_key(void) { int res = TEST_SKIPPED; #if defined(OPENSSL_EXTRA) && !defined(NO_CERTS) && !defined(NO_RSA) && \ defined(USE_CERT_BUFFERS_2048) && !defined(NO_CHECK_PRIVATE_KEY) X509* x509; EVP_PKEY* pkey = NULL; const byte* key; /* Check with correct key */ AssertNotNull((x509 = X509_load_certificate_file(cliCertFile, SSL_FILETYPE_PEM))); key = client_key_der_2048; AssertNotNull(d2i_PrivateKey(EVP_PKEY_RSA, &pkey, &key, (long)sizeof_client_key_der_2048)); AssertIntEQ(X509_check_private_key(x509, pkey), 1); EVP_PKEY_free(pkey); pkey = NULL; /* Check with wrong key */ key = server_key_der_2048; AssertNotNull(d2i_PrivateKey(EVP_PKEY_RSA, &pkey, &key, (long)sizeof_server_key_der_2048)); AssertIntEQ(X509_check_private_key(x509, pkey), 0); /* test for incorrect parameter */ AssertIntEQ(X509_check_private_key(NULL, pkey), 0); AssertIntEQ(X509_check_private_key(x509, NULL), 0); AssertIntEQ(X509_check_private_key(NULL, NULL), 0); EVP_PKEY_free(pkey); X509_free(x509); res = TEST_RES_CHECK(1); #endif return res; } static int test_wolfSSL_private_keys(void) { int res = TEST_SKIPPED; #if defined(OPENSSL_EXTRA) && !defined(NO_CERTS) && \ !defined(NO_FILESYSTEM) #if !defined(NO_WOLFSSL_CLIENT) || !defined(NO_WOLFSSL_SERVER) WOLFSSL* ssl; WOLFSSL_CTX* ctx; EVP_PKEY* pkey = NULL; OpenSSL_add_all_digests(); OpenSSL_add_all_algorithms(); #ifndef NO_RSA #ifndef NO_WOLFSSL_SERVER AssertNotNull(ctx = SSL_CTX_new(wolfSSLv23_server_method())); #else AssertNotNull(ctx = SSL_CTX_new(wolfSSLv23_client_method())); #endif AssertTrue(SSL_CTX_use_PrivateKey_file(ctx, svrKeyFile, WOLFSSL_FILETYPE_PEM)); /* Have to load a cert before you can check the private key against that * certificates public key! */ #if !defined(HAVE_USER_RSA) && !defined(NO_CHECK_PRIVATE_KEY) AssertIntEQ(wolfSSL_CTX_check_private_key(ctx), WOLFSSL_FAILURE); #endif AssertTrue(SSL_CTX_use_certificate_file(ctx, svrCertFile, WOLFSSL_FILETYPE_PEM)); #if !defined(HAVE_USER_RSA) && !defined(NO_CHECK_PRIVATE_KEY) AssertIntEQ(wolfSSL_CTX_check_private_key(ctx), WOLFSSL_SUCCESS); #endif AssertNotNull(ssl = SSL_new(ctx)); #if !defined(HAVE_USER_RSA) && !defined(NO_CHECK_PRIVATE_KEY) AssertIntEQ(wolfSSL_check_private_key(ssl), WOLFSSL_SUCCESS); #endif #ifdef USE_CERT_BUFFERS_2048 { const unsigned char* server_key = (const unsigned char*)server_key_der_2048; unsigned char buf[FOURK_BUF]; word32 bufSz; AssertIntEQ(SSL_use_RSAPrivateKey_ASN1(ssl, (unsigned char*)client_key_der_2048, sizeof_client_key_der_2048), WOLFSSL_SUCCESS); #if !defined(HAVE_USER_RSA) && !defined(NO_CHECK_PRIVATE_KEY) /* Should mismatch now that a different private key loaded */ AssertIntNE(wolfSSL_check_private_key(ssl), WOLFSSL_SUCCESS); #endif AssertIntEQ(SSL_use_PrivateKey_ASN1(0, ssl, (unsigned char*)server_key, sizeof_server_key_der_2048), WOLFSSL_SUCCESS); #if !defined(HAVE_USER_RSA) && !defined(NO_CHECK_PRIVATE_KEY) /* After loading back in DER format of original key, should match */ AssertIntEQ(wolfSSL_check_private_key(ssl), WOLFSSL_SUCCESS); #endif /* test loading private key to the WOLFSSL_CTX */ AssertIntEQ(SSL_CTX_use_PrivateKey_ASN1(0, ctx, (unsigned char*)client_key_der_2048, sizeof_client_key_der_2048), WOLFSSL_SUCCESS); #if !defined(HAVE_USER_RSA) && !defined(NO_CHECK_PRIVATE_KEY) /* Should mismatch now that a different private key loaded */ AssertIntNE(wolfSSL_CTX_check_private_key(ctx), WOLFSSL_SUCCESS); #endif AssertIntEQ(SSL_CTX_use_PrivateKey_ASN1(0, ctx, (unsigned char*)server_key, sizeof_server_key_der_2048), WOLFSSL_SUCCESS); #if !defined(HAVE_USER_RSA) && !defined(NO_CHECK_PRIVATE_KEY) /* After loading back in DER format of original key, should match */ AssertIntEQ(wolfSSL_CTX_check_private_key(ctx), WOLFSSL_SUCCESS); #endif /* pkey not set yet, expecting to fail */ AssertIntEQ(SSL_use_PrivateKey(ssl, pkey), WOLFSSL_FAILURE); /* set PKEY and test again */ AssertNotNull(wolfSSL_d2i_PrivateKey(EVP_PKEY_RSA, &pkey, &server_key, (long)sizeof_server_key_der_2048)); AssertIntEQ(SSL_use_PrivateKey(ssl, pkey), WOLFSSL_SUCCESS); /* reuse PKEY structure and test * this should be checked with a memory management sanity checker */ AssertFalse(server_key == (const unsigned char*)server_key_der_2048); server_key = (const unsigned char*)server_key_der_2048; AssertNotNull(wolfSSL_d2i_PrivateKey(EVP_PKEY_RSA, &pkey, &server_key, (long)sizeof_server_key_der_2048)); AssertIntEQ(SSL_use_PrivateKey(ssl, pkey), WOLFSSL_SUCCESS); /* check striping PKCS8 header with wolfSSL_d2i_PrivateKey */ bufSz = FOURK_BUF; AssertIntGT((bufSz = wc_CreatePKCS8Key(buf, &bufSz, (byte*)server_key_der_2048, sizeof_server_key_der_2048, RSAk, NULL, 0)), 0); server_key = (const unsigned char*)buf; AssertNotNull(wolfSSL_d2i_PrivateKey(EVP_PKEY_RSA, &pkey, &server_key, (long)bufSz)); } #endif EVP_PKEY_free(pkey); SSL_free(ssl); /* frees x509 also since loaded into ssl */ SSL_CTX_free(ctx); #endif /* end of RSA private key match tests */ #ifdef HAVE_ECC #ifndef NO_WOLFSSL_SERVER AssertNotNull(ctx = SSL_CTX_new(wolfSSLv23_server_method())); #else AssertNotNull(ctx = SSL_CTX_new(wolfSSLv23_client_method())); #endif AssertTrue(SSL_CTX_use_certificate_file(ctx, eccCertFile, WOLFSSL_FILETYPE_PEM)); AssertTrue(SSL_CTX_use_PrivateKey_file(ctx, eccKeyFile, WOLFSSL_FILETYPE_PEM)); AssertNotNull(ssl = SSL_new(ctx)); #if !defined(HAVE_USER_RSA) && !defined(NO_CHECK_PRIVATE_KEY) AssertIntEQ(wolfSSL_check_private_key(ssl), WOLFSSL_SUCCESS); #endif SSL_free(ssl); AssertTrue(SSL_CTX_use_PrivateKey_file(ctx, cliEccKeyFile, WOLFSSL_FILETYPE_PEM)); AssertNotNull(ssl = SSL_new(ctx)); #ifdef WOLFSSL_VALIDATE_ECC_IMPORT AssertIntNE(wolfSSL_check_private_key(ssl), WOLFSSL_SUCCESS); #endif SSL_free(ssl); SSL_CTX_free(ctx); #endif /* end of ECC private key match tests */ #if defined(HAVE_ED25519) && defined(HAVE_ED25519_KEY_IMPORT) #ifndef NO_WOLFSSL_SERVER AssertNotNull(ctx = SSL_CTX_new(wolfSSLv23_server_method())); #else AssertNotNull(ctx = SSL_CTX_new(wolfSSLv23_client_method())); #endif AssertTrue(SSL_CTX_use_certificate_file(ctx, edCertFile, WOLFSSL_FILETYPE_PEM)); AssertTrue(SSL_CTX_use_PrivateKey_file(ctx, edKeyFile, WOLFSSL_FILETYPE_PEM)); AssertNotNull(ssl = SSL_new(ctx)); #if !defined(HAVE_USER_RSA) && !defined(NO_CHECK_PRIVATE_KEY) AssertIntEQ(wolfSSL_check_private_key(ssl), WOLFSSL_SUCCESS); #endif SSL_free(ssl); AssertTrue(SSL_CTX_use_PrivateKey_file(ctx, cliEdKeyFile, WOLFSSL_FILETYPE_PEM)); AssertNotNull(ssl = SSL_new(ctx)); #if !defined(HAVE_USER_RSA) && !defined(NO_CHECK_PRIVATE_KEY) AssertIntNE(wolfSSL_check_private_key(ssl), WOLFSSL_SUCCESS); #endif SSL_free(ssl); SSL_CTX_free(ctx); #endif /* end of Ed25519 private key match tests */ #if defined(HAVE_ED448) && defined(HAVE_ED448_KEY_IMPORT) #ifndef NO_WOLFSSL_SERVER AssertNotNull(ctx = SSL_CTX_new(wolfSSLv23_server_method())); #else AssertNotNull(ctx = SSL_CTX_new(wolfSSLv23_client_method())); #endif AssertTrue(SSL_CTX_use_certificate_file(ctx, ed448CertFile, WOLFSSL_FILETYPE_PEM)); AssertTrue(SSL_CTX_use_PrivateKey_file(ctx, ed448KeyFile, WOLFSSL_FILETYPE_PEM)); AssertNotNull(ssl = SSL_new(ctx)); #if !defined(HAVE_USER_RSA) && !defined(NO_CHECK_PRIVATE_KEY) AssertIntEQ(wolfSSL_check_private_key(ssl), WOLFSSL_SUCCESS); #endif SSL_free(ssl); AssertTrue(SSL_CTX_use_PrivateKey_file(ctx, cliEd448KeyFile, WOLFSSL_FILETYPE_PEM)); AssertNotNull(ssl = SSL_new(ctx)); #if !defined(HAVE_USER_RSA) && !defined(NO_CHECK_PRIVATE_KEY) AssertIntNE(wolfSSL_check_private_key(ssl), WOLFSSL_SUCCESS); #endif SSL_free(ssl); SSL_CTX_free(ctx); #endif /* end of Ed448 private key match tests */ EVP_cleanup(); /* test existence of no-op macros in wolfssl/openssl/ssl.h */ CONF_modules_free(); ENGINE_cleanup(); CONF_modules_unload(); (void)ssl; (void)ctx; (void)pkey; res = TEST_RES_CHECK(1); #endif /* !NO_WOLFSSL_CLIENT || !NO_WOLFSSL_SERVER */ #endif /* defined(OPENSSL_EXTRA) && !defined(NO_CERTS) */ return res; } static int test_wolfSSL_PEM_read_PrivateKey(void) { int res = TEST_SKIPPED; #if defined(OPENSSL_EXTRA) && !defined(NO_RSA) \ && !defined(NO_FILESYSTEM) XFILE file; const char* fname = "./certs/server-key.pem"; EVP_PKEY* pkey; RSA* rsa; WOLFSSL_EVP_PKEY_CTX* ctx; unsigned char* sig; size_t sigLen; const unsigned char tbs[] = {0, 1, 2, 3, 4, 5, 6, 7}; size_t tbsLen = sizeof(tbs); /* Check error case. */ AssertNull(pkey = PEM_read_PrivateKey(NULL, NULL, NULL, NULL)); /* Read in an RSA key. */ file = XFOPEN(fname, "rb"); AssertTrue(file != XBADFILE); AssertNotNull(pkey = PEM_read_PrivateKey(file, NULL, NULL, NULL)); XFCLOSE(file); /* Make sure the key is usable by signing some data with it. */ AssertNotNull(rsa = EVP_PKEY_get0_RSA(pkey)); AssertIntGT((sigLen = RSA_size(rsa)), 0); AssertNotNull(sig = (unsigned char*)XMALLOC(sigLen, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER)); AssertNotNull(ctx = EVP_PKEY_CTX_new(pkey, NULL)); AssertIntEQ(EVP_PKEY_sign_init(ctx), WOLFSSL_SUCCESS); AssertIntEQ(EVP_PKEY_sign(ctx, sig, &sigLen, tbs, tbsLen), WOLFSSL_SUCCESS); XFREE(sig, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); EVP_PKEY_CTX_free(ctx); EVP_PKEY_free(pkey); res = TEST_RES_CHECK(1); #endif return res; } static int test_wolfSSL_PEM_read_PUBKEY(void) { int res = TEST_SKIPPED; #if defined(OPENSSL_EXTRA) && !defined(NO_RSA) \ && !defined(NO_FILESYSTEM) XFILE file; const char* fname = "./certs/client-keyPub.pem"; EVP_PKEY* pkey; /* Check error case. */ AssertNull(pkey = PEM_read_PUBKEY(NULL, NULL, NULL, NULL)); /* Read in an RSA key. */ file = XFOPEN(fname, "rb"); AssertTrue(file != XBADFILE); AssertNotNull(pkey = PEM_read_PUBKEY(file, NULL, NULL, NULL)); EVP_PKEY_free(pkey); XFCLOSE(file); res = TEST_RES_CHECK(1); #endif return res; } static int test_wolfSSL_PEM_PrivateKey(void) { int res = TEST_SKIPPED; #if defined(OPENSSL_EXTRA) && !defined(NO_CERTS) && \ (!defined(NO_RSA) || defined(HAVE_ECC)) && defined(USE_CERT_BUFFERS_2048) #ifndef NO_BIO BIO* bio = NULL; #endif EVP_PKEY* pkey = NULL; const unsigned char* server_key = (const unsigned char*)server_key_der_2048; #ifndef NO_BIO /* test creating new EVP_PKEY with bad arg */ AssertNull((pkey = PEM_read_bio_PrivateKey(NULL, NULL, NULL, NULL))); /* test loading RSA key using BIO */ #if !defined(NO_RSA) && !defined(NO_FILESYSTEM) { XFILE file; const char* fname = "./certs/server-key.pem"; const char* fname_rsa_p8 = "./certs/server-keyPkcs8.pem"; size_t sz; byte* buf; EVP_PKEY* pkey2; EVP_PKEY* pkey3; RSA* rsa_key = NULL; file = XFOPEN(fname, "rb"); AssertTrue((file != XBADFILE)); AssertTrue(XFSEEK(file, 0, XSEEK_END) == 0); sz = XFTELL(file); AssertTrue(XFSEEK(file, 0, XSEEK_SET) == 0); AssertNotNull(buf = (byte*)XMALLOC(sz, NULL, DYNAMIC_TYPE_FILE)); if (buf) { AssertIntEQ(XFREAD(buf, 1, sz, file), sz); } XFCLOSE(file); /* Test using BIO new mem and loading PEM private key */ bio = BIO_new_mem_buf(buf, (int)sz); AssertNotNull(bio); AssertNotNull((pkey = PEM_read_bio_PrivateKey(bio, NULL, NULL, NULL))); XFREE(buf, NULL, DYNAMIC_TYPE_FILE); BIO_free(bio); bio = NULL; AssertNotNull(pkey2 = EVP_PKEY_new()); pkey2->type = EVP_PKEY_RSA; /* Test parameter copy */ AssertIntEQ(EVP_PKEY_copy_parameters(pkey2, pkey), 0); EVP_PKEY_free(pkey2); EVP_PKEY_free(pkey); pkey = NULL; /* Qt unit test case : rsa pkcs8 key */ file = XFOPEN(fname_rsa_p8, "rb"); AssertTrue((file != XBADFILE)); AssertTrue(XFSEEK(file, 0, XSEEK_END) == 0); sz = XFTELL(file); AssertTrue(XFSEEK(file, 0, XSEEK_SET) == 0); AssertNotNull(buf = (byte*)XMALLOC(sz, NULL, DYNAMIC_TYPE_FILE)); if (buf) AssertIntEQ(XFREAD(buf, 1, sz, file), sz); XFCLOSE(file); AssertNotNull(bio = BIO_new_mem_buf(buf, (int)sz)); AssertNotNull((pkey = PEM_read_bio_PrivateKey(bio, NULL, NULL, NULL))); XFREE(buf, NULL, DYNAMIC_TYPE_FILE); BIO_free(bio); bio = NULL; AssertNotNull(pkey3 = EVP_PKEY_new()); AssertNotNull(rsa_key = EVP_PKEY_get1_RSA(pkey)); AssertIntEQ(EVP_PKEY_set1_RSA(pkey3, rsa_key), WOLFSSL_SUCCESS); #ifdef WOLFSSL_ERROR_CODE_OPENSSL AssertIntEQ(EVP_PKEY_cmp(pkey, pkey3), 1/* match */); #else AssertIntEQ(EVP_PKEY_cmp(pkey, pkey3), 0); #endif RSA_free(rsa_key); EVP_PKEY_free(pkey3); EVP_PKEY_free(pkey); pkey = NULL; } #endif /* test loading ECC key using BIO */ #if defined(HAVE_ECC) && !defined(NO_FILESYSTEM) { XFILE file; const char* fname = "./certs/ecc-key.pem"; const char* fname_ecc_p8 = "./certs/ecc-keyPkcs8.pem"; size_t sz; byte* buf; EVP_PKEY* pkey2; EVP_PKEY* pkey3; EC_KEY* ec_key; int nid = 0; file = XFOPEN(fname, "rb"); AssertTrue((file != XBADFILE)); AssertTrue(XFSEEK(file, 0, XSEEK_END) == 0); sz = XFTELL(file); AssertTrue(XFSEEK(file, 0, XSEEK_SET) == 0); AssertNotNull(buf = (byte*)XMALLOC(sz, NULL, DYNAMIC_TYPE_FILE)); if (buf) AssertIntEQ(XFREAD(buf, 1, sz, file), sz); XFCLOSE(file); /* Test using BIO new mem and loading PEM private key */ AssertNotNull(bio = BIO_new_mem_buf(buf, (int)sz)); AssertNotNull((pkey = PEM_read_bio_PrivateKey(bio, NULL, NULL, NULL))); XFREE(buf, NULL, DYNAMIC_TYPE_FILE); BIO_free(bio); bio = NULL; AssertNotNull(pkey2 = EVP_PKEY_new()); AssertNotNull(pkey3 = EVP_PKEY_new()); pkey2->type = EVP_PKEY_EC; /* Test parameter copy */ AssertIntEQ(EVP_PKEY_copy_parameters(pkey2, pkey), 1); /* Qt unit test case 1*/ AssertNotNull(ec_key = EVP_PKEY_get1_EC_KEY(pkey)); AssertIntEQ(EVP_PKEY_set1_EC_KEY(pkey3, ec_key), WOLFSSL_SUCCESS); #ifdef WOLFSSL_ERROR_CODE_OPENSSL AssertIntEQ(EVP_PKEY_cmp(pkey, pkey3), 1/* match */); #else AssertIntEQ(EVP_PKEY_cmp(pkey, pkey3), 0); #endif /* Test default digest */ AssertIntEQ(EVP_PKEY_get_default_digest_nid(pkey, &nid), 1); AssertIntEQ(nid, NID_sha256); EC_KEY_free(ec_key); EVP_PKEY_free(pkey3); EVP_PKEY_free(pkey2); EVP_PKEY_free(pkey); pkey = NULL; /* Qt unit test case ec pkcs8 key */ file = XFOPEN(fname_ecc_p8, "rb"); AssertTrue((file != XBADFILE)); AssertTrue(XFSEEK(file, 0, XSEEK_END) == 0); sz = XFTELL(file); AssertTrue(XFSEEK(file, 0, XSEEK_SET) == 0); AssertNotNull(buf = (byte*)XMALLOC(sz, NULL, DYNAMIC_TYPE_FILE)); if (buf) AssertIntEQ(XFREAD(buf, 1, sz, file), sz); XFCLOSE(file); AssertNotNull(bio = BIO_new_mem_buf(buf, (int)sz)); AssertNotNull((pkey = PEM_read_bio_PrivateKey(bio, NULL, NULL, NULL))); XFREE(buf, NULL, DYNAMIC_TYPE_FILE); BIO_free(bio); bio = NULL; AssertNotNull(pkey3 = EVP_PKEY_new()); /* Qt unit test case */ AssertNotNull(ec_key = EVP_PKEY_get1_EC_KEY(pkey)); AssertIntEQ(EVP_PKEY_set1_EC_KEY(pkey3, ec_key), WOLFSSL_SUCCESS); #ifdef WOLFSSL_ERROR_CODE_OPENSSL AssertIntEQ(EVP_PKEY_cmp(pkey, pkey3), 1/* match */); #else AssertIntEQ(EVP_PKEY_cmp(pkey, pkey3), 0); #endif EC_KEY_free(ec_key); EVP_PKEY_free(pkey3); EVP_PKEY_free(pkey); pkey = NULL; } #endif #if !defined(NO_BIO) && !defined(NO_RSA) && (defined(WOLFSSL_KEY_GEN) || \ defined(WOLFSSL_CERT_GEN)) { #define BIO_PEM_TEST_CHAR 'a' EVP_PKEY* pkey2 = NULL; unsigned char extra[10]; int i; BIO* pub_bio = NULL; XMEMSET(extra, BIO_PEM_TEST_CHAR, sizeof(extra)); AssertNotNull(bio = wolfSSL_BIO_new(wolfSSL_BIO_s_mem())); AssertIntEQ(BIO_set_write_buf_size(bio, 4096), SSL_FAILURE); AssertNotNull(pub_bio = wolfSSL_BIO_new(wolfSSL_BIO_s_mem())); AssertIntEQ(BIO_set_write_buf_size(pub_bio, 4096), SSL_FAILURE); AssertNull(d2i_PrivateKey(EVP_PKEY_EC, &pkey, &server_key, (long)sizeof_server_key_der_2048)); AssertNull(pkey); AssertNotNull(wolfSSL_d2i_PrivateKey(EVP_PKEY_RSA, &pkey, &server_key, (long)sizeof_server_key_der_2048)); AssertIntEQ(PEM_write_bio_PrivateKey(NULL, pkey, NULL, NULL, 0, NULL, NULL), WOLFSSL_FAILURE); AssertIntEQ(PEM_write_bio_PrivateKey(bio, NULL, NULL, NULL, 0, NULL, NULL), WOLFSSL_FAILURE); AssertIntEQ(PEM_write_bio_PrivateKey(bio, pkey, NULL, NULL, 0, NULL, NULL), WOLFSSL_SUCCESS); AssertIntGT(BIO_pending(bio), 0); AssertIntEQ(BIO_pending(bio), 1679); /* Check if the pubkey API writes only the public key */ #ifdef WOLFSSL_KEY_GEN AssertIntEQ(PEM_write_bio_PUBKEY(NULL, pkey), WOLFSSL_FAILURE); AssertIntEQ(PEM_write_bio_PUBKEY(pub_bio, NULL), WOLFSSL_FAILURE); AssertIntEQ(PEM_write_bio_PUBKEY(pub_bio, pkey), WOLFSSL_SUCCESS); AssertIntGT(BIO_pending(pub_bio), 0); /* Previously both the private key and the pubkey calls would write * out the private key and the PEM header was the only difference. * The public PEM should be significantly shorter than the * private key versison. */ AssertIntEQ(BIO_pending(pub_bio), 451); #endif /* test creating new EVP_PKEY with good args */ AssertNotNull((pkey2 = PEM_read_bio_PrivateKey(bio, NULL, NULL, NULL))); if (pkey && pkey->pkey.ptr && pkey2 && pkey2->pkey.ptr) AssertIntEQ((int)XMEMCMP(pkey->pkey.ptr, pkey2->pkey.ptr, pkey->pkey_sz), 0); /* test of reuse of EVP_PKEY */ AssertNull(PEM_read_bio_PrivateKey(bio, &pkey, NULL, NULL)); AssertIntEQ(BIO_pending(bio), 0); AssertIntEQ(PEM_write_bio_PrivateKey(bio, pkey, NULL, NULL, 0, NULL, NULL), SSL_SUCCESS); AssertIntEQ(BIO_write(bio, extra, 10), 10); /* add 10 extra bytes after PEM */ AssertNotNull(PEM_read_bio_PrivateKey(bio, &pkey, NULL, NULL)); AssertNotNull(pkey); if (pkey && pkey->pkey.ptr && pkey2 && pkey2->pkey.ptr) { AssertIntEQ((int)XMEMCMP(pkey->pkey.ptr, pkey2->pkey.ptr, pkey->pkey_sz),0); } AssertIntEQ(BIO_pending(bio), 10); /* check 10 extra bytes still there */ AssertIntEQ(BIO_read(bio, extra, 10), 10); for (i = 0; i < 10; i++) { AssertIntEQ(extra[i], BIO_PEM_TEST_CHAR); } BIO_free(pub_bio); BIO_free(bio); bio = NULL; EVP_PKEY_free(pkey); pkey = NULL; EVP_PKEY_free(pkey2); } #endif /* key is DES encrypted */ #if !defined(NO_DES3) && defined(WOLFSSL_ENCRYPTED_KEYS) && \ !defined(NO_RSA) && !defined(NO_BIO) && !defined(NO_FILESYSTEM) && \ !defined(NO_MD5) && defined(WOLFSSL_KEY_GEN) && \ !defined(HAVE_USER_RSA) && !defined(NO_RSA) { XFILE f; wc_pem_password_cb* passwd_cb; void* passwd_cb_userdata; SSL_CTX* ctx; char passwd[] = "bad password"; #ifndef WOLFSSL_NO_TLS12 #ifndef NO_WOLFSSL_SERVER AssertNotNull(ctx = SSL_CTX_new(TLSv1_2_server_method())); #else AssertNotNull(ctx = SSL_CTX_new(TLSv1_2_client_method())); #endif #else #ifndef NO_WOLFSSL_SERVER AssertNotNull(ctx = SSL_CTX_new(wolfTLSv1_3_server_method())); #else AssertNotNull(ctx = SSL_CTX_new(wolfTLSv1_3_client_method())); #endif #endif AssertNotNull(bio = BIO_new_file("./certs/server-keyEnc.pem", "rb")); SSL_CTX_set_default_passwd_cb(ctx, PasswordCallBack); AssertNotNull(passwd_cb = SSL_CTX_get_default_passwd_cb(ctx)); AssertNull(passwd_cb_userdata = SSL_CTX_get_default_passwd_cb_userdata(ctx)); /* fail case with password call back */ AssertNull(pkey = PEM_read_bio_PrivateKey(bio, NULL, NULL, (void*)passwd)); BIO_free(bio); AssertNotNull(bio = BIO_new_file("./certs/server-keyEnc.pem", "rb")); AssertNull(pkey = PEM_read_bio_PrivateKey(bio, NULL, passwd_cb, (void*)passwd)); BIO_free(bio); f = XFOPEN("./certs/server-keyEnc.pem", "rb"); AssertNotNull(bio = BIO_new_fp(f, BIO_CLOSE)); /* use callback that works */ AssertNotNull(pkey = PEM_read_bio_PrivateKey(bio, NULL, passwd_cb, (void*)"yassl123")); AssertIntEQ(SSL_CTX_use_PrivateKey(ctx, pkey), SSL_SUCCESS); EVP_PKEY_free(pkey); pkey = NULL; BIO_free(bio); bio = NULL; SSL_CTX_free(ctx); } #endif /* !defined(NO_DES3) */ #endif /* !NO_BIO */ #if defined(HAVE_ECC) && !defined(NO_FILESYSTEM) { unsigned char buf[2048]; size_t bytes; XFILE f; SSL_CTX* ctx; #ifndef WOLFSSL_NO_TLS12 #ifndef NO_WOLFSSL_SERVER AssertNotNull(ctx = SSL_CTX_new(TLSv1_2_server_method())); #else AssertNotNull(ctx = SSL_CTX_new(TLSv1_2_client_method())); #endif #else #ifndef NO_WOLFSSL_SERVER AssertNotNull(ctx = SSL_CTX_new(wolfTLSv1_3_server_method())); #else AssertNotNull(ctx = SSL_CTX_new(wolfTLSv1_3_client_method())); #endif #endif f = XFOPEN("./certs/ecc-key.der", "rb"); AssertTrue((f != XBADFILE)); bytes = (size_t)XFREAD(buf, 1, sizeof(buf), f); XFCLOSE(f); server_key = buf; pkey = NULL; AssertNull(d2i_PrivateKey(EVP_PKEY_RSA, &pkey, &server_key, bytes)); AssertNull(pkey); AssertNotNull(d2i_PrivateKey(EVP_PKEY_EC, &pkey, &server_key, bytes)); AssertIntEQ(SSL_CTX_use_PrivateKey(ctx, pkey), SSL_SUCCESS); EVP_PKEY_free(pkey); pkey = NULL; SSL_CTX_free(ctx); } #endif res = TEST_RES_CHECK(1); #ifndef NO_BIO (void)bio; #endif (void)pkey; (void)server_key; #endif /* OPENSSL_EXTRA && !NO_CERTS && !NO_RSA && USE_CERT_BUFFERS_2048 */ return res; } static int test_wolfSSL_PEM_file_RSAKey(void) { int res = TEST_SKIPPED; #if (defined(OPENSSL_EXTRA) || defined(OPENSSL_ALL)) && \ defined(WOLFSSL_KEY_GEN) && !defined(NO_RSA) && \ !defined(HAVE_USER_RSA) && !defined(NO_FILESYSTEM) && !defined(NO_CERTS) RSA* rsa = NULL; XFILE fp; AssertTrue((fp = XFOPEN("./certs/rsa-pub-2048.pem", "rb")) != XBADFILE); AssertNotNull((rsa = PEM_read_RSA_PUBKEY(fp, NULL, NULL, NULL))); XFCLOSE(fp); AssertIntEQ(RSA_size(rsa), 256); AssertIntEQ(PEM_write_RSAPublicKey(XBADFILE, rsa), WOLFSSL_FAILURE); AssertIntEQ(PEM_write_RSAPublicKey(stderr, NULL), WOLFSSL_FAILURE); AssertIntEQ(PEM_write_RSAPublicKey(stderr, rsa), WOLFSSL_SUCCESS); AssertIntEQ(PEM_write_RSA_PUBKEY(XBADFILE, rsa), WOLFSSL_FAILURE); AssertIntEQ(PEM_write_RSA_PUBKEY(stderr, NULL), WOLFSSL_FAILURE); AssertIntEQ(PEM_write_RSA_PUBKEY(stderr, rsa), WOLFSSL_SUCCESS); RSA_free(rsa); res = TEST_RES_CHECK(1); #endif /* defined(OPENSSL_EXTRA) || defined(OPENSSL_ALL)) && \ (defined(WOLFSSL_KEY_GEN) || WOLFSSL_CERT_GEN) && \ !defined(NO_FILESYSTEM) && !defined(NO_RSA) && !defined(NO_CERTS) */ return res; } static int test_wolfSSL_PEM_file_RSAPrivateKey(void) { int res = TEST_SKIPPED; #if !defined(NO_RSA) && defined(OPENSSL_EXTRA) && defined(WOLFSSL_KEY_GEN) && \ !defined(HAVE_USER_RSA) && !defined(NO_FILESYSTEM) && \ (defined(WOLFSSL_PEM_TO_DER) || defined(WOLFSSL_DER_TO_PEM)) RSA* rsa = NULL; XFILE f = NULL; f = XFOPEN(svrKeyFile, "r"); AssertTrue((f != XBADFILE)); AssertNotNull((rsa = PEM_read_RSAPrivateKey(f, NULL, NULL, NULL))); AssertIntEQ(RSA_size(rsa), 256); AssertIntEQ(PEM_write_RSAPrivateKey(XBADFILE, rsa, NULL, NULL, 0, NULL, NULL), WOLFSSL_FAILURE); AssertIntEQ(PEM_write_RSAPrivateKey(stderr, NULL, NULL, NULL, 0, NULL, NULL), WOLFSSL_FAILURE); AssertIntEQ(PEM_write_RSAPrivateKey(stderr, rsa, NULL, NULL, 0, NULL, NULL), WOLFSSL_SUCCESS); RSA_free(rsa); XFCLOSE(f); #ifdef HAVE_ECC f = XFOPEN(eccKeyFile, "r"); AssertTrue((f != XBADFILE)); AssertNull((rsa = PEM_read_RSAPrivateKey(f, NULL, NULL, NULL))); XFCLOSE(f); #endif /* HAVE_ECC */ res = TEST_RES_CHECK(1); #endif /* defined(OPENSSL_EXTRA) && !defined(NO_CERTS) */ return res; } #ifndef NO_BIO static int test_wolfSSL_PEM_bio_RSAKey(void) { int res = TEST_SKIPPED; #if (defined(OPENSSL_EXTRA) || defined(OPENSSL_ALL)) && \ defined(WOLFSSL_KEY_GEN) && !defined(NO_RSA) && \ !defined(HAVE_USER_RSA) && !defined(NO_FILESYSTEM) && !defined(NO_CERTS) RSA* rsa = NULL; BIO* bio = NULL; /* PrivateKey */ AssertNotNull(bio = BIO_new_file(svrKeyFile, "rb")); AssertNull((rsa = PEM_read_bio_RSAPrivateKey(NULL, NULL, NULL, NULL))); AssertNotNull(PEM_read_bio_RSAPrivateKey(bio, &rsa, NULL, NULL)); AssertNotNull(rsa); AssertIntEQ(RSA_size(rsa), 256); AssertIntEQ(PEM_write_bio_RSAPrivateKey(NULL, NULL, NULL, NULL, 0, NULL, \ NULL), WOLFSSL_FAILURE); BIO_free(bio); AssertNotNull(bio = wolfSSL_BIO_new(wolfSSL_BIO_s_mem())); AssertIntEQ(PEM_write_bio_RSAPrivateKey(bio, rsa, NULL, NULL, 0, NULL, \ NULL), WOLFSSL_SUCCESS); BIO_free(bio); RSA_free(rsa); /* PUBKEY */ AssertNotNull(bio = BIO_new_file("./certs/rsa-pub-2048.pem", "rb")); AssertNull((rsa = PEM_read_bio_RSA_PUBKEY(NULL, NULL, NULL, NULL))); AssertNotNull((rsa = PEM_read_bio_RSA_PUBKEY(bio, NULL, NULL, NULL))); AssertIntEQ(RSA_size(rsa), 256); AssertIntEQ(PEM_write_bio_RSA_PUBKEY(NULL, NULL), WOLFSSL_FAILURE); BIO_free(bio); AssertNotNull(bio = wolfSSL_BIO_new(wolfSSL_BIO_s_mem())); AssertIntEQ(PEM_write_bio_RSA_PUBKEY(bio, rsa), WOLFSSL_SUCCESS); BIO_free(bio); RSA_free(rsa); /* Ensure that keys beginning with BEGIN RSA PUBLIC KEY can be read, too. */ AssertNotNull(bio = BIO_new_file("./certs/server-keyPub.pem", "rb")); AssertNotNull((rsa = PEM_read_bio_RSA_PUBKEY(bio, NULL, NULL, NULL))); BIO_free(bio); RSA_free(rsa); #ifdef HAVE_ECC /* ensure that non-rsa keys do not work */ AssertNotNull(bio = BIO_new_file(eccKeyFile, "rb")); /* ecc key */ AssertNull((rsa = PEM_read_bio_RSAPrivateKey(bio, NULL, NULL, NULL))); AssertNull((rsa = PEM_read_bio_RSA_PUBKEY(bio, NULL, NULL, NULL))); BIO_free(bio); RSA_free(rsa); #endif /* HAVE_ECC */ res = TEST_RES_CHECK(1); #endif /* defined(OPENSSL_EXTRA) || defined(OPENSSL_ALL)) && \ (defined(WOLFSSL_KEY_GEN) || WOLFSSL_CERT_GEN) && \ !defined(NO_FILESYSTEM) && !defined(NO_RSA) && !defined(NO_CERTS) */ return res; } static int test_wolfSSL_PEM_bio_RSAPrivateKey(void) { int res = TEST_SKIPPED; #if defined(OPENSSL_EXTRA) && !defined(NO_CERTS) && \ !defined(NO_FILESYSTEM) && !defined(NO_RSA) RSA* rsa = NULL; RSA* rsa_dup = NULL; BIO* bio = NULL; AssertNotNull(bio = BIO_new_file(svrKeyFile, "rb")); AssertNotNull((rsa = PEM_read_bio_RSAPrivateKey(bio, NULL, NULL, NULL))); AssertIntEQ(RSA_size(rsa), 256); #if defined(WOLFSSL_KEY_GEN) && !defined(NO_RSA) && !defined(HAVE_USER_RSA) AssertNull(rsa_dup = RSAPublicKey_dup(NULL)); /* Test duplicating empty key. */ rsa_dup = RSA_new(); AssertNull(RSAPublicKey_dup(rsa_dup)); RSA_free(rsa_dup); AssertNotNull(rsa_dup = RSAPublicKey_dup(rsa)); AssertPtrNE(rsa_dup, rsa); #endif /* test if valgrind complains about unreleased memory */ RSA_up_ref(rsa); RSA_free(rsa); BIO_free(bio); RSA_free(rsa); RSA_free(rsa_dup); #ifdef HAVE_ECC AssertNotNull(bio = BIO_new_file(eccKeyFile, "rb")); AssertNull((rsa = PEM_read_bio_RSAPrivateKey(bio, NULL, NULL, NULL))); BIO_free(bio); #endif /* HAVE_ECC */ res = TEST_RES_CHECK(1); #endif /* defined(OPENSSL_EXTRA) && !defined(NO_CERTS) */ return res; } static int test_wolfSSL_PEM_read_RSA_PUBKEY(void) { int res = TEST_SKIPPED; #if defined(OPENSSL_EXTRA) && !defined(NO_CERTS) && \ !defined(NO_FILESYSTEM) && !defined(NO_RSA) XFILE file; const char* fname = "./certs/client-keyPub.pem"; RSA *rsa; AssertNull(wolfSSL_PEM_read_RSA_PUBKEY(XBADFILE, NULL, NULL, NULL)); file = XFOPEN(fname, "rb"); AssertTrue((file != XBADFILE)); AssertNotNull((rsa = PEM_read_RSA_PUBKEY(file, NULL, NULL, NULL))); AssertIntEQ(RSA_size(rsa), 256); RSA_free(rsa); XFCLOSE(file); res = TEST_RES_CHECK(1); #endif /* defined(OPENSSL_EXTRA) && !defined(NO_CERTS) */ return res; } static int test_wolfSSL_PEM_bio_DSAKey(void) { int res = TEST_SKIPPED; #ifndef HAVE_SELFTEST #if (defined(WOLFSSL_QT) || defined(OPENSSL_ALL)) && !defined(NO_CERTS) && \ defined(WOLFSSL_KEY_GEN) && !defined(NO_FILESYSTEM) && !defined(NO_DSA) DSA* dsa = NULL; BIO* bio = NULL; /* PrivateKey */ AssertNotNull(bio = BIO_new_file("./certs/1024/dsa1024.pem", "rb")); AssertNull((dsa = PEM_read_bio_DSAPrivateKey(NULL, NULL, NULL, NULL))); AssertNotNull((dsa = PEM_read_bio_DSAPrivateKey(bio, NULL, NULL, NULL))); AssertIntEQ(BN_num_bytes(dsa->g), 128); AssertIntEQ(PEM_write_bio_DSAPrivateKey(NULL, NULL, NULL, NULL, 0, NULL, NULL), WOLFSSL_FAILURE); BIO_free(bio); AssertNotNull(bio = wolfSSL_BIO_new(wolfSSL_BIO_s_mem())); AssertIntEQ(PEM_write_bio_DSAPrivateKey(bio, dsa, NULL, NULL, 0, NULL, NULL), WOLFSSL_SUCCESS); BIO_free(bio); DSA_free(dsa); /* PUBKEY */ AssertNotNull(bio = BIO_new_file("./certs/1024/dsa-pub-1024.pem", "rb")); AssertNull((dsa = PEM_read_bio_DSA_PUBKEY(NULL, NULL, NULL, NULL))); AssertNotNull((dsa = PEM_read_bio_DSA_PUBKEY(bio, NULL, NULL, NULL))); AssertIntEQ(BN_num_bytes(dsa->g), 128); AssertIntEQ(PEM_write_bio_DSA_PUBKEY(NULL, NULL), WOLFSSL_FAILURE); BIO_free(bio); AssertNotNull(bio = wolfSSL_BIO_new(wolfSSL_BIO_s_mem())); AssertIntEQ(PEM_write_bio_DSA_PUBKEY(bio, dsa), WOLFSSL_SUCCESS); BIO_free(bio); DSA_free(dsa); #ifdef HAVE_ECC /* ensure that non-dsa keys do not work */ AssertNotNull(bio = BIO_new_file(eccKeyFile, "rb")); /* ecc key */ AssertNull((dsa = PEM_read_bio_DSAPrivateKey(bio, NULL, NULL, NULL))); AssertNull((dsa = PEM_read_bio_DSA_PUBKEY(bio, NULL, NULL, NULL))); BIO_free(bio); DSA_free(dsa); #endif /* HAVE_ECC */ res = TEST_RES_CHECK(1); #endif /* defined(WOLFSSL_QT) || defined(OPENSSL_ALL)) && \ !defined(NO_CERTS) && defined(WOLFSSL_KEY_GEN) && \ !defined(NO_FILESYSTEM) && !defined(NO_DSA) */ #endif /* HAVE_SELFTEST */ return res; } static int test_wolfSSL_PEM_bio_ECKey(void) { int res = TEST_SKIPPED; #if (defined(OPENSSL_EXTRA) || defined(OPENSSL_ALL)) && \ defined(WOLFSSL_KEY_GEN) && !defined(NO_FILESYSTEM) && defined(HAVE_ECC) EC_KEY* ec = NULL; EC_KEY* ec2; BIO* bio = NULL; #if defined(WOLFSSL_PEM_TO_DER) || defined(WOLFSSL_DER_TO_PEM) unsigned char* pem = NULL; int pLen; #endif static char ec_key_bad_1[] = "-----BEGIN PUBLIC KEY-----\n" "MAA=\n" "-----END PUBLIC KEY-----"; static char ec_priv_key_bad_1[] = "-----BEGIN EC PRIVATE KEY-----\n" "MAA=\n" "-----END EC PRIVATE KEY-----"; /* PrivateKey */ AssertNotNull(bio = BIO_new_file("./certs/ecc-key.pem", "rb")); AssertNull((ec = PEM_read_bio_ECPrivateKey(NULL, NULL, NULL, NULL))); ec2 = NULL; AssertNotNull((ec = PEM_read_bio_ECPrivateKey(bio, &ec2, NULL, NULL))); AssertIntEQ(ec == ec2, 1); AssertIntEQ(wc_ecc_size((ecc_key*)ec->internal), 32); AssertIntEQ(PEM_write_bio_ECPrivateKey(NULL, NULL, NULL, NULL, 0, NULL, NULL), WOLFSSL_FAILURE); AssertIntEQ(PEM_write_bio_ECPrivateKey(bio, NULL, NULL, NULL, 0, NULL, NULL), WOLFSSL_FAILURE); AssertIntEQ(PEM_write_bio_ECPrivateKey(NULL, ec, NULL, NULL, 0, NULL, NULL), WOLFSSL_FAILURE); BIO_free(bio); /* Public key data - fail. */ AssertNotNull(bio = BIO_new_file("./certs/ecc-client-keyPub.pem", "rb")); AssertNull(PEM_read_bio_ECPrivateKey(bio, NULL, NULL, NULL)); BIO_free(bio); AssertNotNull(bio = wolfSSL_BIO_new(wolfSSL_BIO_s_mem())); AssertIntEQ(PEM_write_bio_ECPrivateKey(bio, ec, NULL, NULL, 0, NULL, \ NULL), WOLFSSL_SUCCESS); BIO_free(bio); AssertIntEQ(PEM_write_ECPrivateKey(XBADFILE, NULL, NULL, NULL, 0, NULL, NULL),WOLFSSL_FAILURE); AssertIntEQ(PEM_write_ECPrivateKey(stderr, NULL, NULL, NULL, 0, NULL, NULL), WOLFSSL_FAILURE); AssertIntEQ(PEM_write_ECPrivateKey(XBADFILE, ec, NULL, NULL, 0, NULL, NULL), WOLFSSL_FAILURE); AssertIntEQ(PEM_write_ECPrivateKey(stderr, ec, NULL, NULL, 0, NULL, NULL), WOLFSSL_SUCCESS); AssertIntEQ(wolfSSL_PEM_write_mem_ECPrivateKey(NULL, NULL, NULL, 0, NULL, NULL), 0); #if defined(WOLFSSL_PEM_TO_DER) || defined(WOLFSSL_DER_TO_PEM) AssertIntEQ(wolfSSL_PEM_write_mem_ECPrivateKey(ec, NULL, NULL, 0, NULL, NULL), 0); AssertIntEQ(wolfSSL_PEM_write_mem_ECPrivateKey(NULL, NULL, NULL, 0, &pem, NULL), 0); AssertIntEQ(wolfSSL_PEM_write_mem_ECPrivateKey(NULL, NULL, NULL, 0, NULL, &pLen), 0); AssertIntEQ(wolfSSL_PEM_write_mem_ECPrivateKey(NULL, NULL, NULL, 0, &pem, &pLen), 0); AssertIntEQ(wolfSSL_PEM_write_mem_ECPrivateKey(ec, NULL, NULL, 0, NULL, &pLen), 0); AssertIntEQ(wolfSSL_PEM_write_mem_ECPrivateKey(ec, NULL, NULL, 0, &pem, NULL), 0); AssertIntEQ(wolfSSL_PEM_write_mem_ECPrivateKey(ec, NULL, NULL, 0, &pem, &pLen), 1); AssertIntGT(pLen, 0); XFREE(pem, NULL, DYNAMIC_TYPE_TMP_BUFFER); #endif EC_KEY_free(ec); /* PUBKEY */ AssertNotNull(bio = BIO_new_file("./certs/ecc-client-keyPub.pem", "rb")); AssertNull((ec = PEM_read_bio_EC_PUBKEY(NULL, NULL, NULL, NULL))); ec2 = NULL; AssertNotNull((ec = PEM_read_bio_EC_PUBKEY(bio, &ec2, NULL, NULL))); AssertIntEQ(ec == ec2, 1); AssertIntEQ(wc_ecc_size((ecc_key*)ec->internal), 32); AssertIntEQ(PEM_write_bio_EC_PUBKEY(NULL, NULL), WOLFSSL_FAILURE); BIO_free(bio); /* Test 0x30, 0x00 fails. */ AssertNotNull(bio = BIO_new_mem_buf((unsigned char*)ec_key_bad_1, sizeof(ec_key_bad_1))); AssertNull(PEM_read_bio_EC_PUBKEY(bio, NULL, NULL, NULL)); BIO_free(bio); /* Private key data - fail. */ AssertNotNull(bio = BIO_new_file("./certs/ecc-key.pem", "rb")); AssertNull(PEM_read_bio_EC_PUBKEY(bio, NULL, NULL, NULL)); BIO_free(bio); AssertNotNull(bio = wolfSSL_BIO_new(wolfSSL_BIO_s_mem())); AssertIntEQ(PEM_write_bio_EC_PUBKEY(bio, ec), WOLFSSL_SUCCESS); BIO_free(bio); /* Same test as above, but with a file pointer rather than a BIO. */ AssertIntEQ(PEM_write_EC_PUBKEY(NULL, NULL), WOLFSSL_FAILURE); AssertIntEQ(PEM_write_EC_PUBKEY(NULL, ec), WOLFSSL_FAILURE); AssertIntEQ(PEM_write_EC_PUBKEY(stderr, NULL), WOLFSSL_FAILURE); AssertIntEQ(PEM_write_EC_PUBKEY(stderr, ec), WOLFSSL_SUCCESS); EC_KEY_free(ec); #ifndef NO_RSA /* ensure that non-ec keys do not work */ AssertNotNull(bio = BIO_new_file(svrKeyFile, "rb")); /* rsa key */ AssertNull((ec = PEM_read_bio_ECPrivateKey(bio, NULL, NULL, NULL))); AssertNull((ec = PEM_read_bio_EC_PUBKEY(bio, NULL, NULL, NULL))); BIO_free(bio); EC_KEY_free(ec); #endif /* HAVE_ECC */ /* Test 0x30, 0x00 fails. */ AssertNotNull(bio = BIO_new_mem_buf((unsigned char*)ec_priv_key_bad_1, sizeof(ec_priv_key_bad_1))); AssertNull(PEM_read_bio_ECPrivateKey(bio, NULL, NULL, NULL)); BIO_free(bio); res = TEST_RES_CHECK(1); #endif /* defined(OPENSSL_EXTRA) && !defined(NO_CERTS) */ return res; } static int test_wolfSSL_PEM_PUBKEY(void) { int res = TEST_SKIPPED; #if defined(OPENSSL_EXTRA) && defined(HAVE_ECC) BIO* bio = NULL; EVP_PKEY* pkey = NULL; /* test creating new EVP_PKEY with bad arg */ AssertNull((pkey = PEM_read_bio_PUBKEY(NULL, NULL, NULL, NULL))); /* test loading ECC key using BIO */ #if defined(HAVE_ECC) && !defined(NO_FILESYSTEM) { XFILE file; const char* fname = "./certs/ecc-client-keyPub.pem"; size_t sz; byte* buf; EVP_PKEY* pkey2; EC_KEY* ec_key; file = XFOPEN(fname, "rb"); AssertTrue((file != XBADFILE)); AssertIntEQ(XFSEEK(file, 0, XSEEK_END), 0); sz = XFTELL(file); AssertIntEQ(XFSEEK(file, 0, XSEEK_SET), 0); AssertNotNull(buf = (byte*)XMALLOC(sz, NULL, DYNAMIC_TYPE_FILE)); if (buf) AssertIntEQ(XFREAD(buf, 1, sz, file), sz); XFCLOSE(file); /* Test using BIO new mem and loading PEM private key */ AssertNotNull(bio = BIO_new_mem_buf(buf, (int)sz)); AssertNotNull((pkey = PEM_read_bio_PUBKEY(bio, NULL, NULL, NULL))); XFREE(buf, NULL, DYNAMIC_TYPE_FILE); BIO_free(bio); bio = NULL; /* Qt unit test case*/ AssertNotNull(pkey2 = EVP_PKEY_new()); AssertNotNull(ec_key = EVP_PKEY_get1_EC_KEY(pkey)); AssertIntEQ(EVP_PKEY_set1_EC_KEY(pkey2, ec_key), WOLFSSL_SUCCESS); #ifdef WOLFSSL_ERROR_CODE_OPENSSL AssertIntEQ(EVP_PKEY_cmp(pkey, pkey2), 1/* match */); #else AssertIntEQ(EVP_PKEY_cmp(pkey, pkey2), 0); #endif EC_KEY_free(ec_key); EVP_PKEY_free(pkey2); EVP_PKEY_free(pkey); pkey = NULL; } #endif (void)bio; (void)pkey; res = TEST_RES_CHECK(1); #endif return res; } #endif /* !NO_BIO */ static int test_DSA_do_sign_verify(void) { int res = TEST_SKIPPED; #if !defined(HAVE_SELFTEST) && !defined(HAVE_FIPS) #if defined(OPENSSL_EXTRA) && !defined(NO_FILESYSTEM) && \ !defined(NO_DSA) unsigned char digest[WC_SHA_DIGEST_SIZE]; DSA_SIG* sig; DSA* dsa; word32 bytes; byte sigBin[DSA_SIG_SIZE]; int dsacheck; #ifdef USE_CERT_BUFFERS_1024 byte tmp[ONEK_BUF]; XMEMSET(tmp, 0, sizeof(tmp)); XMEMCPY(tmp, dsa_key_der_1024, sizeof_dsa_key_der_1024); bytes = sizeof_dsa_key_der_1024; #elif defined(USE_CERT_BUFFERS_2048) byte tmp[TWOK_BUF]; XMEMSET(tmp, 0, sizeof(tmp)); XMEMCPY(tmp, dsa_key_der_2048, sizeof_dsa_key_der_2048); bytes = sizeof_dsa_key_der_2048; #else byte tmp[TWOK_BUF]; XMEMSET(tmp, 0, sizeof(tmp)); XFILE fp = XFOPEN("./certs/dsa2048.der", "rb"); if (fp == XBADFILE) { return WOLFSSL_BAD_FILE; } bytes = (word32) XFREAD(tmp, 1, sizeof(tmp), fp); XFCLOSE(fp); #endif /* END USE_CERT_BUFFERS_1024 */ XMEMSET(digest, 202, sizeof(digest)); AssertNotNull(dsa = DSA_new()); AssertIntEQ(DSA_LoadDer(dsa, tmp, bytes), 1); AssertIntEQ(wolfSSL_DSA_do_sign(digest, sigBin, dsa), 1); AssertIntEQ(wolfSSL_DSA_do_verify(digest, sigBin, dsa, &dsacheck), 1); AssertNotNull(sig = DSA_do_sign(digest, WC_SHA_DIGEST_SIZE, dsa)); AssertIntEQ(DSA_do_verify(digest, WC_SHA_DIGEST_SIZE, sig, dsa), 1); DSA_SIG_free(sig); DSA_free(dsa); res = TEST_RES_CHECK(1); #endif #endif /* !HAVE_SELFTEST && !HAVE_FIPS */ return res; } static int test_wolfSSL_tmp_dh(void) { int res = TEST_SKIPPED; #if defined(OPENSSL_EXTRA) && !defined(NO_CERTS) && !defined(NO_FILESYSTEM) && \ !defined(NO_DSA) && !defined(NO_RSA) && !defined(NO_DH) && !defined(NO_BIO) #if !defined(NO_WOLFSSL_CLIENT) || !defined(NO_WOLFSSL_SERVER) byte buff[6000]; char file[] = "./certs/dsaparams.pem"; XFILE f; int bytes; DSA* dsa; DH* dh; #if defined(WOLFSSL_DH_EXTRA) && \ (defined(WOLFSSL_QT) || defined(OPENSSL_ALL) || defined(WOLFSSL_OPENSSH)) DH* dh2; #endif BIO* bio; SSL* ssl; SSL_CTX* ctx; #ifndef NO_WOLFSSL_SERVER AssertNotNull(ctx = SSL_CTX_new(wolfSSLv23_server_method())); #else AssertNotNull(ctx = SSL_CTX_new(wolfSSLv23_client_method())); #endif AssertTrue(SSL_CTX_use_certificate_file(ctx, svrCertFile, WOLFSSL_FILETYPE_PEM)); AssertTrue(SSL_CTX_use_PrivateKey_file(ctx, svrKeyFile, WOLFSSL_FILETYPE_PEM)); AssertNotNull(ssl = SSL_new(ctx)); f = XFOPEN(file, "rb"); AssertTrue((f != XBADFILE)); bytes = (int)XFREAD(buff, 1, sizeof(buff), f); XFCLOSE(f); bio = BIO_new_mem_buf((void*)buff, bytes); AssertNotNull(bio); dsa = wolfSSL_PEM_read_bio_DSAparams(bio, NULL, NULL, NULL); AssertNotNull(dsa); dh = wolfSSL_DSA_dup_DH(dsa); AssertNotNull(dh); #if defined(WOLFSSL_DH_EXTRA) && \ (defined(WOLFSSL_QT) || defined(OPENSSL_ALL) || defined(WOLFSSL_OPENSSH)) AssertNotNull(dh2 = wolfSSL_DH_dup(dh)); #endif AssertIntEQ((int)SSL_CTX_set_tmp_dh(ctx, dh), WOLFSSL_SUCCESS); #ifndef NO_WOLFSSL_SERVER AssertIntEQ((int)SSL_set_tmp_dh(ssl, dh), WOLFSSL_SUCCESS); #else AssertIntEQ((int)SSL_set_tmp_dh(ssl, dh), SIDE_ERROR); #endif BIO_free(bio); DSA_free(dsa); DH_free(dh); #if defined(WOLFSSL_DH_EXTRA) && \ (defined(WOLFSSL_QT) || defined(OPENSSL_ALL) || defined(WOLFSSL_OPENSSH)) DH_free(dh2); #endif SSL_free(ssl); SSL_CTX_free(ctx); res = TEST_RES_CHECK(1); #endif /* !NO_WOLFSSL_CLIENT || !NO_WOLFSSL_SERVER */ #endif return res; } static int test_wolfSSL_ctrl(void) { int res = TEST_SKIPPED; #if defined (OPENSSL_EXTRA) && !defined(NO_BIO) byte buff[6000]; BIO* bio; int bytes; BUF_MEM* ptr = NULL; XMEMSET(buff, 0, sizeof(buff)); bytes = sizeof(buff); bio = BIO_new_mem_buf((void*)buff, bytes); AssertNotNull(bio); AssertNotNull(BIO_s_socket()); AssertIntEQ((int)wolfSSL_BIO_get_mem_ptr(bio, &ptr), WOLFSSL_SUCCESS); /* needs tested after stubs filled out @TODO SSL_ctrl SSL_CTX_ctrl */ BIO_free(bio); res = TEST_RES_CHECK(1); #endif /* defined(OPENSSL_EXTRA) && !defined(NO_BIO) */ return res; } static int test_wolfSSL_EVP_PKEY_new_mac_key(void) { int res = TEST_SKIPPED; #ifdef OPENSSL_EXTRA static const unsigned char pw[] = "password"; static const int pwSz = sizeof(pw) - 1; size_t checkPwSz = 0; const unsigned char* checkPw = NULL; WOLFSSL_EVP_PKEY* key = NULL; AssertNull(key = wolfSSL_EVP_PKEY_new_mac_key(0, NULL, pw, pwSz)); AssertNull(key = wolfSSL_EVP_PKEY_new_mac_key(0, NULL, NULL, pwSz)); AssertNotNull(key = wolfSSL_EVP_PKEY_new_mac_key(EVP_PKEY_HMAC, NULL, pw, pwSz)); if (key) { AssertIntEQ(key->type, EVP_PKEY_HMAC); AssertIntEQ(key->save_type, EVP_PKEY_HMAC); AssertIntEQ(key->pkey_sz, pwSz); AssertIntEQ(XMEMCMP(key->pkey.ptr, pw, pwSz), 0); } AssertNotNull(checkPw = wolfSSL_EVP_PKEY_get0_hmac(key, &checkPwSz)); AssertIntEQ((int)checkPwSz, pwSz); if (checkPw) { AssertIntEQ(XMEMCMP(checkPw, pw, pwSz), 0); } wolfSSL_EVP_PKEY_free(key); AssertNotNull(key = wolfSSL_EVP_PKEY_new_mac_key(EVP_PKEY_HMAC, NULL, pw, 0)); if (key) { AssertIntEQ(key->pkey_sz, 0); } checkPw = wolfSSL_EVP_PKEY_get0_hmac(key, &checkPwSz); (void)checkPw; AssertIntEQ((int)checkPwSz, 0); wolfSSL_EVP_PKEY_free(key); AssertNotNull(key = wolfSSL_EVP_PKEY_new_mac_key(EVP_PKEY_HMAC, NULL, NULL, 0)); if (key) { AssertIntEQ(key->pkey_sz, 0); } checkPw = wolfSSL_EVP_PKEY_get0_hmac(key, &checkPwSz); (void)checkPw; AssertIntEQ((int)checkPwSz, 0); wolfSSL_EVP_PKEY_free(key); res = TEST_RES_CHECK(1); #endif /* OPENSSL_EXTRA */ return res; } static int test_wolfSSL_EVP_PKEY_new_CMAC_key(void) { int res = TEST_SKIPPED; #ifdef OPENSSL_EXTRA #if defined(WOLFSSL_CMAC) && !defined(NO_AES) && defined(WOLFSSL_AES_DIRECT) const char *priv = "ABCDEFGHIJKLMNOP"; const WOLFSSL_EVP_CIPHER* cipher = EVP_aes_128_cbc(); WOLFSSL_EVP_PKEY* key = NULL; AssertNull(key = wolfSSL_EVP_PKEY_new_CMAC_key( NULL, NULL, AES_128_KEY_SIZE, cipher)); AssertNull(key = wolfSSL_EVP_PKEY_new_CMAC_key( NULL, (const unsigned char *)priv, 0, cipher)); AssertNull(key = wolfSSL_EVP_PKEY_new_CMAC_key( NULL, (const unsigned char *)priv, AES_128_KEY_SIZE, NULL)); AssertNotNull(key = wolfSSL_EVP_PKEY_new_CMAC_key( NULL, (const unsigned char *)priv, AES_128_KEY_SIZE, cipher)); wolfSSL_EVP_PKEY_free(key); res = TEST_RES_CHECK(1); #endif /* defined(WOLFSSL_CMAC) && !defined(NO_AES) && defined(WOLFSSL_AES_DIRECT) */ #endif /* OPENSSL_EXTRA */ return res; } static int test_wolfSSL_EVP_Digest(void) { int res = TEST_SKIPPED; #if defined(OPENSSL_EXTRA) && !defined(NO_SHA256) && !defined(NO_PWDBASED) const char* in = "abc"; int inLen = (int)XSTRLEN(in); byte out[WC_SHA256_DIGEST_SIZE]; unsigned int outLen; const char* expOut = "\xBA\x78\x16\xBF\x8F\x01\xCF\xEA\x41\x41\x40\xDE\x5D\xAE\x22" "\x23\xB0\x03\x61\xA3\x96\x17\x7A\x9C\xB4\x10\xFF\x61\xF2\x00" "\x15\xAD"; AssertIntEQ(wolfSSL_EVP_Digest((unsigned char*)in, inLen, out, &outLen, "SHA256", NULL), 1); AssertIntEQ(outLen, WC_SHA256_DIGEST_SIZE); AssertIntEQ(XMEMCMP(out, expOut, WC_SHA256_DIGEST_SIZE), 0); res = TEST_RES_CHECK(1); #endif /* OPEN_EXTRA && ! NO_SHA256 */ return res; } static int test_wolfSSL_EVP_Digest_all(void) { int res = TEST_SKIPPED; #ifdef OPENSSL_EXTRA const char* digests[] = { #ifndef NO_MD5 "MD5", #endif #ifndef NO_SHA "SHA", #endif #ifdef WOLFSSL_SHA224 "SHA224", #endif #ifndef NO_SHA256 "SHA256", #endif #ifdef WOLFSSL_SHA384 "SHA384", #endif #ifdef WOLFSSL_SHA512 "SHA512", #endif #if defined(WOLFSSL_SHA512) && !defined(WOLFSSL_NOSHA512_224) "SHA512_224", #endif #if defined(WOLFSSL_SHA512) && !defined(WOLFSSL_NOSHA512_256) "SHA512_256", #endif #ifdef WOLFSSL_SHA3 #ifndef WOLFSSL_NOSHA3_224 "SHA3_224", #endif #ifndef WOLFSSL_NOSHA3_256 "SHA3_256", #endif "SHA3_384", #ifndef WOLFSSL_NOSHA3_512 "SHA3_512", #endif #endif /* WOLFSSL_SHA3 */ NULL }; const char** d; const unsigned char in[] = "abc"; int inLen = XSTR_SIZEOF(in); byte out[WC_MAX_DIGEST_SIZE]; unsigned int outLen; for (d = digests; *d != NULL; d++) { AssertIntEQ(EVP_Digest(in, inLen, out, &outLen, *d, NULL), 1); AssertIntGT(outLen, 0); AssertIntEQ(EVP_MD_size(*d), outLen); } res = TEST_RES_CHECK(1); #endif return res; } static int test_wolfSSL_EVP_MD_size(void) { int res = TEST_SKIPPED; #ifdef OPENSSL_EXTRA WOLFSSL_EVP_MD_CTX mdCtx; #ifdef WOLFSSL_SHA3 #ifndef WOLFSSL_NOSHA3_224 wolfSSL_EVP_MD_CTX_init(&mdCtx); AssertIntEQ(wolfSSL_EVP_DigestInit(&mdCtx, "SHA3_224"), 1); AssertIntEQ(wolfSSL_EVP_MD_CTX_size(&mdCtx), WC_SHA3_224_DIGEST_SIZE); AssertIntEQ(wolfSSL_EVP_MD_CTX_block_size(&mdCtx), WC_SHA3_224_BLOCK_SIZE); AssertIntEQ(wolfSSL_EVP_MD_CTX_cleanup(&mdCtx), 1); #endif #ifndef WOLFSSL_NOSHA3_256 wolfSSL_EVP_MD_CTX_init(&mdCtx); AssertIntEQ(wolfSSL_EVP_DigestInit(&mdCtx, "SHA3_256"), 1); AssertIntEQ(wolfSSL_EVP_MD_CTX_size(&mdCtx), WC_SHA3_256_DIGEST_SIZE); AssertIntEQ(wolfSSL_EVP_MD_CTX_block_size(&mdCtx), WC_SHA3_256_BLOCK_SIZE); AssertIntEQ(wolfSSL_EVP_MD_CTX_cleanup(&mdCtx), 1); #endif wolfSSL_EVP_MD_CTX_init(&mdCtx); AssertIntEQ(wolfSSL_EVP_DigestInit(&mdCtx, "SHA3_384"), 1); AssertIntEQ(wolfSSL_EVP_MD_CTX_size(&mdCtx), WC_SHA3_384_DIGEST_SIZE); AssertIntEQ(wolfSSL_EVP_MD_CTX_block_size(&mdCtx), WC_SHA3_384_BLOCK_SIZE); AssertIntEQ(wolfSSL_EVP_MD_CTX_cleanup(&mdCtx), 1); #ifndef WOLFSSL_NOSHA3_512 wolfSSL_EVP_MD_CTX_init(&mdCtx); AssertIntEQ(wolfSSL_EVP_DigestInit(&mdCtx, "SHA3_512"), 1); AssertIntEQ(wolfSSL_EVP_MD_CTX_size(&mdCtx), WC_SHA3_512_DIGEST_SIZE); AssertIntEQ(wolfSSL_EVP_MD_CTX_block_size(&mdCtx), WC_SHA3_512_BLOCK_SIZE); AssertIntEQ(wolfSSL_EVP_MD_CTX_cleanup(&mdCtx), 1); #endif #endif /* WOLFSSL_SHA3 */ #ifndef NO_SHA256 wolfSSL_EVP_MD_CTX_init(&mdCtx); AssertIntEQ(wolfSSL_EVP_DigestInit(&mdCtx, "SHA256"), 1); AssertIntEQ(wolfSSL_EVP_MD_size(wolfSSL_EVP_MD_CTX_md(&mdCtx)), WC_SHA256_DIGEST_SIZE); AssertIntEQ(wolfSSL_EVP_MD_block_size(wolfSSL_EVP_MD_CTX_md(&mdCtx)), WC_SHA256_BLOCK_SIZE); AssertIntEQ(wolfSSL_EVP_MD_CTX_size(&mdCtx), WC_SHA256_DIGEST_SIZE); AssertIntEQ(wolfSSL_EVP_MD_CTX_block_size(&mdCtx), WC_SHA256_BLOCK_SIZE); AssertIntEQ(wolfSSL_EVP_MD_CTX_cleanup(&mdCtx), 1); #endif #ifndef NO_MD5 wolfSSL_EVP_MD_CTX_init(&mdCtx); AssertIntEQ(wolfSSL_EVP_DigestInit(&mdCtx, "MD5"), 1); AssertIntEQ(wolfSSL_EVP_MD_size(wolfSSL_EVP_MD_CTX_md(&mdCtx)), WC_MD5_DIGEST_SIZE); AssertIntEQ(wolfSSL_EVP_MD_block_size(wolfSSL_EVP_MD_CTX_md(&mdCtx)), WC_MD5_BLOCK_SIZE); AssertIntEQ(wolfSSL_EVP_MD_CTX_size(&mdCtx), WC_MD5_DIGEST_SIZE); AssertIntEQ(wolfSSL_EVP_MD_CTX_block_size(&mdCtx), WC_MD5_BLOCK_SIZE); AssertIntEQ(wolfSSL_EVP_MD_CTX_cleanup(&mdCtx), 1); #endif #ifdef WOLFSSL_SHA224 wolfSSL_EVP_MD_CTX_init(&mdCtx); AssertIntEQ(wolfSSL_EVP_DigestInit(&mdCtx, "SHA224"), 1); AssertIntEQ(wolfSSL_EVP_MD_size(wolfSSL_EVP_MD_CTX_md(&mdCtx)), WC_SHA224_DIGEST_SIZE); AssertIntEQ(wolfSSL_EVP_MD_block_size(wolfSSL_EVP_MD_CTX_md(&mdCtx)), WC_SHA224_BLOCK_SIZE); AssertIntEQ(wolfSSL_EVP_MD_CTX_size(&mdCtx), WC_SHA224_DIGEST_SIZE); AssertIntEQ(wolfSSL_EVP_MD_CTX_block_size(&mdCtx), WC_SHA224_BLOCK_SIZE); AssertIntEQ(wolfSSL_EVP_MD_CTX_cleanup(&mdCtx), 1); #endif #ifdef WOLFSSL_SHA384 wolfSSL_EVP_MD_CTX_init(&mdCtx); AssertIntEQ(wolfSSL_EVP_DigestInit(&mdCtx, "SHA384"), 1); AssertIntEQ(wolfSSL_EVP_MD_size(wolfSSL_EVP_MD_CTX_md(&mdCtx)), WC_SHA384_DIGEST_SIZE); AssertIntEQ(wolfSSL_EVP_MD_block_size(wolfSSL_EVP_MD_CTX_md(&mdCtx)), WC_SHA384_BLOCK_SIZE); AssertIntEQ(wolfSSL_EVP_MD_CTX_size(&mdCtx), WC_SHA384_DIGEST_SIZE); AssertIntEQ(wolfSSL_EVP_MD_CTX_block_size(&mdCtx), WC_SHA384_BLOCK_SIZE); AssertIntEQ(wolfSSL_EVP_MD_CTX_cleanup(&mdCtx), 1); #endif #ifdef WOLFSSL_SHA512 wolfSSL_EVP_MD_CTX_init(&mdCtx); AssertIntEQ(wolfSSL_EVP_DigestInit(&mdCtx, "SHA512"), 1); AssertIntEQ(wolfSSL_EVP_MD_size(wolfSSL_EVP_MD_CTX_md(&mdCtx)), WC_SHA512_DIGEST_SIZE); AssertIntEQ(wolfSSL_EVP_MD_block_size(wolfSSL_EVP_MD_CTX_md(&mdCtx)), WC_SHA512_BLOCK_SIZE); AssertIntEQ(wolfSSL_EVP_MD_CTX_size(&mdCtx), WC_SHA512_DIGEST_SIZE); AssertIntEQ(wolfSSL_EVP_MD_CTX_block_size(&mdCtx), WC_SHA512_BLOCK_SIZE); AssertIntEQ(wolfSSL_EVP_MD_CTX_cleanup(&mdCtx), 1); #endif #ifndef NO_SHA wolfSSL_EVP_MD_CTX_init(&mdCtx); AssertIntEQ(wolfSSL_EVP_DigestInit(&mdCtx, "SHA"), 1); AssertIntEQ(wolfSSL_EVP_MD_size(wolfSSL_EVP_MD_CTX_md(&mdCtx)), WC_SHA_DIGEST_SIZE); AssertIntEQ(wolfSSL_EVP_MD_block_size(wolfSSL_EVP_MD_CTX_md(&mdCtx)), WC_SHA_BLOCK_SIZE); AssertIntEQ(wolfSSL_EVP_MD_CTX_size(&mdCtx), WC_SHA_DIGEST_SIZE); AssertIntEQ(wolfSSL_EVP_MD_CTX_block_size(&mdCtx), WC_SHA_BLOCK_SIZE); AssertIntEQ(wolfSSL_EVP_MD_CTX_cleanup(&mdCtx), 1); wolfSSL_EVP_MD_CTX_init(&mdCtx); AssertIntEQ(wolfSSL_EVP_DigestInit(&mdCtx, "SHA1"), 1); AssertIntEQ(wolfSSL_EVP_MD_size(wolfSSL_EVP_MD_CTX_md(&mdCtx)), WC_SHA_DIGEST_SIZE); AssertIntEQ(wolfSSL_EVP_MD_block_size(wolfSSL_EVP_MD_CTX_md(&mdCtx)), WC_SHA_BLOCK_SIZE); AssertIntEQ(wolfSSL_EVP_MD_CTX_size(&mdCtx), WC_SHA_DIGEST_SIZE); AssertIntEQ(wolfSSL_EVP_MD_CTX_block_size(&mdCtx), WC_SHA_BLOCK_SIZE); AssertIntEQ(wolfSSL_EVP_MD_CTX_cleanup(&mdCtx), 1); #endif /* error case */ wolfSSL_EVP_MD_CTX_init(&mdCtx); AssertIntEQ(wolfSSL_EVP_DigestInit(&mdCtx, ""), BAD_FUNC_ARG); AssertIntEQ(wolfSSL_EVP_MD_size(wolfSSL_EVP_MD_CTX_md(&mdCtx)), BAD_FUNC_ARG); AssertIntEQ(wolfSSL_EVP_MD_CTX_block_size(&mdCtx), BAD_FUNC_ARG); /* Cleanup is valid on uninit'ed struct */ AssertIntEQ(wolfSSL_EVP_MD_CTX_cleanup(&mdCtx), 1); res = TEST_RES_CHECK(1); #endif /* OPENSSL_EXTRA */ return res; } static int test_wolfSSL_EVP_MD_pkey_type(void) { int res = TEST_SKIPPED; #ifdef OPENSSL_EXTRA const WOLFSSL_EVP_MD* md; #ifndef NO_MD5 AssertNotNull(md = EVP_md5()); AssertIntEQ(EVP_MD_pkey_type(md), NID_md5WithRSAEncryption); #endif #ifndef NO_SHA AssertNotNull(md = EVP_sha1()); AssertIntEQ(EVP_MD_pkey_type(md), NID_sha1WithRSAEncryption); #endif #ifdef WOLFSSL_SHA224 AssertNotNull(md = EVP_sha224()); AssertIntEQ(EVP_MD_pkey_type(md), NID_sha224WithRSAEncryption); #endif AssertNotNull(md = EVP_sha256()); AssertIntEQ(EVP_MD_pkey_type(md), NID_sha256WithRSAEncryption); #ifdef WOLFSSL_SHA384 AssertNotNull(md = EVP_sha384()); AssertIntEQ(EVP_MD_pkey_type(md), NID_sha384WithRSAEncryption); #endif #ifdef WOLFSSL_SHA512 AssertNotNull(md = EVP_sha512()); AssertIntEQ(EVP_MD_pkey_type(md), NID_sha512WithRSAEncryption); #endif res = TEST_RES_CHECK(1); #endif return res; } #ifdef OPENSSL_EXTRA static void test_hmac_signing(const WOLFSSL_EVP_MD *type, const byte* testKey, size_t testKeySz, const char* testData, size_t testDataSz, const byte* testResult, size_t testResultSz) { unsigned char check[WC_MAX_DIGEST_SIZE]; size_t checkSz = -1; WOLFSSL_EVP_PKEY* key; WOLFSSL_EVP_MD_CTX mdCtx; AssertNotNull(key = wolfSSL_EVP_PKEY_new_mac_key(EVP_PKEY_HMAC, NULL, testKey, (int)testKeySz)); wolfSSL_EVP_MD_CTX_init(&mdCtx); AssertIntEQ(wolfSSL_EVP_DigestSignInit(&mdCtx, NULL, type, NULL, key), 1); AssertIntEQ(wolfSSL_EVP_DigestSignUpdate(&mdCtx, testData, (unsigned int)testDataSz), 1); AssertIntEQ(wolfSSL_EVP_DigestSignFinal(&mdCtx, NULL, &checkSz), 1); AssertIntEQ((int)checkSz, (int)testResultSz); AssertIntEQ(wolfSSL_EVP_DigestSignFinal(&mdCtx, check, &checkSz), 1); AssertIntEQ((int)checkSz,(int)testResultSz); AssertIntEQ(XMEMCMP(testResult, check, testResultSz), 0); AssertIntEQ(wolfSSL_EVP_MD_CTX_cleanup(&mdCtx), 1); AssertIntEQ(wolfSSL_EVP_DigestVerifyInit(&mdCtx, NULL, type, NULL, key), 1); AssertIntEQ(wolfSSL_EVP_DigestVerifyUpdate(&mdCtx, testData, (unsigned int)testDataSz), 1); AssertIntEQ(wolfSSL_EVP_DigestVerifyFinal(&mdCtx, testResult, checkSz), 1); AssertIntEQ(wolfSSL_EVP_MD_CTX_cleanup(&mdCtx), 1); wolfSSL_EVP_MD_CTX_init(&mdCtx); AssertIntEQ(wolfSSL_EVP_DigestSignInit(&mdCtx, NULL, type, NULL, key), 1); AssertIntEQ(wolfSSL_EVP_DigestSignUpdate(&mdCtx, testData, 4), 1); AssertIntEQ(wolfSSL_EVP_DigestSignFinal(&mdCtx, NULL, &checkSz), 1); AssertIntEQ((int)checkSz, (int)testResultSz); AssertIntEQ(wolfSSL_EVP_DigestSignFinal(&mdCtx, check, &checkSz), 1); AssertIntEQ((int)checkSz,(int)testResultSz); AssertIntEQ(wolfSSL_EVP_DigestSignUpdate(&mdCtx, testData + 4, (unsigned int)testDataSz - 4), 1); AssertIntEQ(wolfSSL_EVP_DigestSignFinal(&mdCtx, check, &checkSz), 1); AssertIntEQ((int)checkSz,(int)testResultSz); AssertIntEQ(XMEMCMP(testResult, check, testResultSz), 0); AssertIntEQ(wolfSSL_EVP_MD_CTX_cleanup(&mdCtx), 1); AssertIntEQ(wolfSSL_EVP_DigestVerifyInit(&mdCtx, NULL, type, NULL, key), 1); AssertIntEQ(wolfSSL_EVP_DigestVerifyUpdate(&mdCtx, testData, 4), 1); AssertIntEQ(wolfSSL_EVP_DigestVerifyUpdate(&mdCtx, testData + 4, (unsigned int)testDataSz - 4), 1); AssertIntEQ(wolfSSL_EVP_DigestVerifyFinal(&mdCtx, testResult, checkSz), 1); AssertIntEQ(wolfSSL_EVP_MD_CTX_cleanup(&mdCtx), 1); wolfSSL_EVP_PKEY_free(key); } #endif static int test_wolfSSL_EVP_MD_hmac_signing(void) { int res = TEST_SKIPPED; #ifdef OPENSSL_EXTRA static const unsigned char testKey[] = { 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b }; static const char testData[] = "Hi There"; #ifdef WOLFSSL_SHA224 static const unsigned char testResultSha224[] = { 0x89, 0x6f, 0xb1, 0x12, 0x8a, 0xbb, 0xdf, 0x19, 0x68, 0x32, 0x10, 0x7c, 0xd4, 0x9d, 0xf3, 0x3f, 0x47, 0xb4, 0xb1, 0x16, 0x99, 0x12, 0xba, 0x4f, 0x53, 0x68, 0x4b, 0x22 }; #endif #ifndef NO_SHA256 static const unsigned char testResultSha256[] = { 0xb0, 0x34, 0x4c, 0x61, 0xd8, 0xdb, 0x38, 0x53, 0x5c, 0xa8, 0xaf, 0xce, 0xaf, 0x0b, 0xf1, 0x2b, 0x88, 0x1d, 0xc2, 0x00, 0xc9, 0x83, 0x3d, 0xa7, 0x26, 0xe9, 0x37, 0x6c, 0x2e, 0x32, 0xcf, 0xf7 }; #endif #ifdef WOLFSSL_SHA384 static const unsigned char testResultSha384[] = { 0xaf, 0xd0, 0x39, 0x44, 0xd8, 0x48, 0x95, 0x62, 0x6b, 0x08, 0x25, 0xf4, 0xab, 0x46, 0x90, 0x7f, 0x15, 0xf9, 0xda, 0xdb, 0xe4, 0x10, 0x1e, 0xc6, 0x82, 0xaa, 0x03, 0x4c, 0x7c, 0xeb, 0xc5, 0x9c, 0xfa, 0xea, 0x9e, 0xa9, 0x07, 0x6e, 0xde, 0x7f, 0x4a, 0xf1, 0x52, 0xe8, 0xb2, 0xfa, 0x9c, 0xb6 }; #endif #ifdef WOLFSSL_SHA512 static const unsigned char testResultSha512[] = { 0x87, 0xaa, 0x7c, 0xde, 0xa5, 0xef, 0x61, 0x9d, 0x4f, 0xf0, 0xb4, 0x24, 0x1a, 0x1d, 0x6c, 0xb0, 0x23, 0x79, 0xf4, 0xe2, 0xce, 0x4e, 0xc2, 0x78, 0x7a, 0xd0, 0xb3, 0x05, 0x45, 0xe1, 0x7c, 0xde, 0xda, 0xa8, 0x33, 0xb7, 0xd6, 0xb8, 0xa7, 0x02, 0x03, 0x8b, 0x27, 0x4e, 0xae, 0xa3, 0xf4, 0xe4, 0xbe, 0x9d, 0x91, 0x4e, 0xeb, 0x61, 0xf1, 0x70, 0x2e, 0x69, 0x6c, 0x20, 0x3a, 0x12, 0x68, 0x54 }; #endif #ifdef WOLFSSL_SHA3 #ifndef WOLFSSL_NOSHA3_224 static const unsigned char testResultSha3_224[] = { 0x3b, 0x16, 0x54, 0x6b, 0xbc, 0x7b, 0xe2, 0x70, 0x6a, 0x03, 0x1d, 0xca, 0xfd, 0x56, 0x37, 0x3d, 0x98, 0x84, 0x36, 0x76, 0x41, 0xd8, 0xc5, 0x9a, 0xf3, 0xc8, 0x60, 0xf7 }; #endif #ifndef WOLFSSL_NOSHA3_256 static const unsigned char testResultSha3_256[] = { 0xba, 0x85, 0x19, 0x23, 0x10, 0xdf, 0xfa, 0x96, 0xe2, 0xa3, 0xa4, 0x0e, 0x69, 0x77, 0x43, 0x51, 0x14, 0x0b, 0xb7, 0x18, 0x5e, 0x12, 0x02, 0xcd, 0xcc, 0x91, 0x75, 0x89, 0xf9, 0x5e, 0x16, 0xbb }; #endif #ifndef WOLFSSL_NOSHA3_384 static const unsigned char testResultSha3_384[] = { 0x68, 0xd2, 0xdc, 0xf7, 0xfd, 0x4d, 0xdd, 0x0a, 0x22, 0x40, 0xc8, 0xa4, 0x37, 0x30, 0x5f, 0x61, 0xfb, 0x73, 0x34, 0xcf, 0xb5, 0xd0, 0x22, 0x6e, 0x1b, 0xc2, 0x7d, 0xc1, 0x0a, 0x2e, 0x72, 0x3a, 0x20, 0xd3, 0x70, 0xb4, 0x77, 0x43, 0x13, 0x0e, 0x26, 0xac, 0x7e, 0x3d, 0x53, 0x28, 0x86, 0xbd }; #endif #ifndef WOLFSSL_NOSHA3_512 static const unsigned char testResultSha3_512[] = { 0xeb, 0x3f, 0xbd, 0x4b, 0x2e, 0xaa, 0xb8, 0xf5, 0xc5, 0x04, 0xbd, 0x3a, 0x41, 0x46, 0x5a, 0xac, 0xec, 0x15, 0x77, 0x0a, 0x7c, 0xab, 0xac, 0x53, 0x1e, 0x48, 0x2f, 0x86, 0x0b, 0x5e, 0xc7, 0xba, 0x47, 0xcc, 0xb2, 0xc6, 0xf2, 0xaf, 0xce, 0x8f, 0x88, 0xd2, 0x2b, 0x6d, 0xc6, 0x13, 0x80, 0xf2, 0x3a, 0x66, 0x8f, 0xd3, 0x88, 0x8b, 0xb8, 0x05, 0x37, 0xc0, 0xa0, 0xb8, 0x64, 0x07, 0x68, 0x9e }; #endif #endif #ifndef NO_SHA256 test_hmac_signing(wolfSSL_EVP_sha256(), testKey, sizeof(testKey), testData, XSTRLEN(testData), testResultSha256, sizeof(testResultSha256)); #endif #ifdef WOLFSSL_SHA224 test_hmac_signing(wolfSSL_EVP_sha224(), testKey, sizeof(testKey), testData, XSTRLEN(testData), testResultSha224, sizeof(testResultSha224)); #endif #ifdef WOLFSSL_SHA384 test_hmac_signing(wolfSSL_EVP_sha384(), testKey, sizeof(testKey), testData, XSTRLEN(testData), testResultSha384, sizeof(testResultSha384)); #endif #ifdef WOLFSSL_SHA512 test_hmac_signing(wolfSSL_EVP_sha512(), testKey, sizeof(testKey), testData, XSTRLEN(testData), testResultSha512, sizeof(testResultSha512)); #endif #ifdef WOLFSSL_SHA3 #ifndef WOLFSSL_NOSHA3_224 test_hmac_signing(wolfSSL_EVP_sha3_224(), testKey, sizeof(testKey), testData, XSTRLEN(testData), testResultSha3_224, sizeof(testResultSha3_224)); #endif #ifndef WOLFSSL_NOSHA3_256 test_hmac_signing(wolfSSL_EVP_sha3_256(), testKey, sizeof(testKey), testData, XSTRLEN(testData), testResultSha3_256, sizeof(testResultSha3_256)); #endif #ifndef WOLFSSL_NOSHA3_384 test_hmac_signing(wolfSSL_EVP_sha3_384(), testKey, sizeof(testKey), testData, XSTRLEN(testData), testResultSha3_384, sizeof(testResultSha3_384)); #endif #ifndef WOLFSSL_NOSHA3_512 test_hmac_signing(wolfSSL_EVP_sha3_512(), testKey, sizeof(testKey), testData, XSTRLEN(testData), testResultSha3_512, sizeof(testResultSha3_512)); #endif #endif res = TEST_RES_CHECK(1); #endif /* OPENSSL_EXTRA */ return res; } static int test_wolfSSL_EVP_MD_rsa_signing(void) { int res = TEST_SKIPPED; #if defined(OPENSSL_EXTRA) && !defined(NO_RSA) && !defined(HAVE_USER_RSA) && \ defined(USE_CERT_BUFFERS_2048) WOLFSSL_EVP_PKEY* privKey; WOLFSSL_EVP_PKEY* pubKey; WOLFSSL_EVP_PKEY_CTX* keyCtx; const char testData[] = "Hi There"; WOLFSSL_EVP_MD_CTX mdCtx; WOLFSSL_EVP_MD_CTX mdCtxCopy; size_t checkSz = -1; int sz = 2048 / 8; const unsigned char* cp; const unsigned char* p; unsigned char check[2048/8]; size_t i; int paddings[] = { RSA_PKCS1_PADDING, #if !defined(HAVE_FIPS) && !defined(HAVE_SELFTEST) && defined(WC_RSA_PSS) RSA_PKCS1_PSS_PADDING, #endif }; cp = client_key_der_2048; AssertNotNull((privKey = wolfSSL_d2i_PrivateKey(EVP_PKEY_RSA, NULL, &cp, sizeof_client_key_der_2048))); p = client_keypub_der_2048; AssertNotNull((pubKey = wolfSSL_d2i_PUBKEY(NULL, &p, sizeof_client_keypub_der_2048))); wolfSSL_EVP_MD_CTX_init(&mdCtx); wolfSSL_EVP_MD_CTX_init(&mdCtxCopy); AssertIntEQ(wolfSSL_EVP_DigestSignInit(&mdCtx, NULL, wolfSSL_EVP_sha256(), NULL, privKey), 1); AssertIntEQ(wolfSSL_EVP_DigestSignUpdate(&mdCtx, testData, (unsigned int)XSTRLEN(testData)), 1); AssertIntEQ(wolfSSL_EVP_DigestSignFinal(&mdCtx, NULL, &checkSz), 1); AssertIntEQ((int)checkSz, sz); AssertIntEQ(wolfSSL_EVP_DigestSignFinal(&mdCtx, check, &checkSz), 1); AssertIntEQ((int)checkSz,sz); AssertIntEQ(wolfSSL_EVP_MD_CTX_copy_ex(&mdCtxCopy, &mdCtx), 1); AssertIntEQ(wolfSSL_EVP_MD_CTX_copy_ex(&mdCtxCopy, &mdCtx), 1); AssertIntEQ(wolfSSL_EVP_MD_CTX_cleanup(&mdCtxCopy), 1); AssertIntEQ(wolfSSL_EVP_MD_CTX_cleanup(&mdCtx), 1); wolfSSL_EVP_MD_CTX_init(&mdCtx); AssertIntEQ(wolfSSL_EVP_DigestVerifyInit(&mdCtx, NULL, wolfSSL_EVP_sha256(), NULL, pubKey), 1); AssertIntEQ(wolfSSL_EVP_DigestVerifyUpdate(&mdCtx, testData, (unsigned int)XSTRLEN(testData)), 1); AssertIntEQ(wolfSSL_EVP_DigestVerifyFinal(&mdCtx, check, checkSz), 1); AssertIntEQ(wolfSSL_EVP_MD_CTX_cleanup(&mdCtx), 1); wolfSSL_EVP_MD_CTX_init(&mdCtx); AssertIntEQ(wolfSSL_EVP_DigestSignInit(&mdCtx, NULL, wolfSSL_EVP_sha256(), NULL, privKey), 1); AssertIntEQ(wolfSSL_EVP_DigestSignUpdate(&mdCtx, testData, 4), 1); AssertIntEQ(wolfSSL_EVP_DigestSignFinal(&mdCtx, NULL, &checkSz), 1); AssertIntEQ((int)checkSz, sz); AssertIntEQ(wolfSSL_EVP_DigestSignFinal(&mdCtx, check, &checkSz), 1); AssertIntEQ((int)checkSz, sz); AssertIntEQ(wolfSSL_EVP_DigestSignUpdate(&mdCtx, testData + 4, (unsigned int)XSTRLEN(testData) - 4), 1); AssertIntEQ(wolfSSL_EVP_DigestSignFinal(&mdCtx, check, &checkSz), 1); AssertIntEQ((int)checkSz, sz); AssertIntEQ(wolfSSL_EVP_MD_CTX_cleanup(&mdCtx), 1); wolfSSL_EVP_MD_CTX_init(&mdCtx); AssertIntEQ(wolfSSL_EVP_DigestVerifyInit(&mdCtx, NULL, wolfSSL_EVP_sha256(), NULL, pubKey), 1); AssertIntEQ(wolfSSL_EVP_DigestVerifyUpdate(&mdCtx, testData, 4), 1); AssertIntEQ(wolfSSL_EVP_DigestVerifyUpdate(&mdCtx, testData + 4, (unsigned int)XSTRLEN(testData) - 4), 1); AssertIntEQ(wolfSSL_EVP_DigestVerifyFinal(&mdCtx, check, checkSz), 1); AssertIntEQ(wolfSSL_EVP_MD_CTX_cleanup(&mdCtx), 1); /* Check all signing padding types */ for (i = 0; i < sizeof(paddings)/sizeof(int); i++) { wolfSSL_EVP_MD_CTX_init(&mdCtx); AssertIntEQ(wolfSSL_EVP_DigestSignInit(&mdCtx, &keyCtx, wolfSSL_EVP_sha256(), NULL, privKey), 1); AssertIntEQ(wolfSSL_EVP_PKEY_CTX_set_rsa_padding(keyCtx, paddings[i]), 1); AssertIntEQ(wolfSSL_EVP_DigestSignUpdate(&mdCtx, testData, (unsigned int)XSTRLEN(testData)), 1); AssertIntEQ(wolfSSL_EVP_DigestSignFinal(&mdCtx, NULL, &checkSz), 1); AssertIntEQ((int)checkSz, sz); AssertIntEQ(wolfSSL_EVP_DigestSignFinal(&mdCtx, check, &checkSz), 1); AssertIntEQ((int)checkSz,sz); AssertIntEQ(wolfSSL_EVP_MD_CTX_cleanup(&mdCtx), 1); wolfSSL_EVP_MD_CTX_init(&mdCtx); AssertIntEQ(wolfSSL_EVP_DigestVerifyInit(&mdCtx, &keyCtx, wolfSSL_EVP_sha256(), NULL, pubKey), 1); AssertIntEQ(wolfSSL_EVP_PKEY_CTX_set_rsa_padding(keyCtx, paddings[i]), 1); AssertIntEQ(wolfSSL_EVP_DigestVerifyUpdate(&mdCtx, testData, (unsigned int)XSTRLEN(testData)), 1); AssertIntEQ(wolfSSL_EVP_DigestVerifyFinal(&mdCtx, check, checkSz), 1); AssertIntEQ(wolfSSL_EVP_MD_CTX_cleanup(&mdCtx), 1); } wolfSSL_EVP_PKEY_free(pubKey); wolfSSL_EVP_PKEY_free(privKey); res = TEST_RES_CHECK(1); #endif return res; } static int test_wolfSSL_EVP_MD_ecc_signing(void) { int res = TEST_SKIPPED; #if defined(OPENSSL_EXTRA) && defined(HAVE_ECC) && defined(USE_CERT_BUFFERS_256) WOLFSSL_EVP_PKEY* privKey; WOLFSSL_EVP_PKEY* pubKey; const char testData[] = "Hi There"; WOLFSSL_EVP_MD_CTX mdCtx; size_t checkSz = -1; const unsigned char* cp; const unsigned char* p; unsigned char check[2048/8]; cp = ecc_clikey_der_256; privKey = wolfSSL_d2i_PrivateKey(EVP_PKEY_EC, NULL, &cp, sizeof_ecc_clikey_der_256); AssertNotNull(privKey); p = ecc_clikeypub_der_256; AssertNotNull((pubKey = wolfSSL_d2i_PUBKEY(NULL, &p, sizeof_ecc_clikeypub_der_256))); wolfSSL_EVP_MD_CTX_init(&mdCtx); AssertIntEQ(wolfSSL_EVP_DigestSignInit(&mdCtx, NULL, wolfSSL_EVP_sha256(), NULL, privKey), 1); AssertIntEQ(wolfSSL_EVP_DigestSignUpdate(&mdCtx, testData, (unsigned int)XSTRLEN(testData)), 1); AssertIntEQ(wolfSSL_EVP_DigestSignFinal(&mdCtx, NULL, &checkSz), 1); AssertIntEQ(wolfSSL_EVP_DigestSignFinal(&mdCtx, check, &checkSz), 1); AssertIntEQ(wolfSSL_EVP_MD_CTX_cleanup(&mdCtx), 1); wolfSSL_EVP_MD_CTX_init(&mdCtx); AssertIntEQ(wolfSSL_EVP_DigestVerifyInit(&mdCtx, NULL, wolfSSL_EVP_sha256(), NULL, pubKey), 1); AssertIntEQ(wolfSSL_EVP_DigestVerifyUpdate(&mdCtx, testData, (unsigned int)XSTRLEN(testData)), 1); AssertIntEQ(wolfSSL_EVP_DigestVerifyFinal(&mdCtx, check, checkSz), 1); AssertIntEQ(wolfSSL_EVP_MD_CTX_cleanup(&mdCtx), 1); wolfSSL_EVP_MD_CTX_init(&mdCtx); AssertIntEQ(wolfSSL_EVP_DigestSignInit(&mdCtx, NULL, wolfSSL_EVP_sha256(), NULL, privKey), 1); AssertIntEQ(wolfSSL_EVP_DigestSignUpdate(&mdCtx, testData, 4), 1); AssertIntEQ(wolfSSL_EVP_DigestSignFinal(&mdCtx, NULL, &checkSz), 1); AssertIntEQ(wolfSSL_EVP_DigestSignFinal(&mdCtx, check, &checkSz), 1); AssertIntEQ(wolfSSL_EVP_DigestSignUpdate(&mdCtx, testData + 4, (unsigned int)XSTRLEN(testData) - 4), 1); AssertIntEQ(wolfSSL_EVP_DigestSignFinal(&mdCtx, check, &checkSz), 1); AssertIntEQ(wolfSSL_EVP_MD_CTX_cleanup(&mdCtx), 1); wolfSSL_EVP_MD_CTX_init(&mdCtx); AssertIntEQ(wolfSSL_EVP_DigestVerifyInit(&mdCtx, NULL, wolfSSL_EVP_sha256(), NULL, pubKey), 1); AssertIntEQ(wolfSSL_EVP_DigestVerifyUpdate(&mdCtx, testData, 4), 1); AssertIntEQ(wolfSSL_EVP_DigestVerifyUpdate(&mdCtx, testData + 4, (unsigned int)XSTRLEN(testData) - 4), 1); AssertIntEQ(wolfSSL_EVP_DigestVerifyFinal(&mdCtx, check, checkSz), 1); AssertIntEQ(wolfSSL_EVP_MD_CTX_cleanup(&mdCtx), 1); wolfSSL_EVP_PKEY_free(pubKey); wolfSSL_EVP_PKEY_free(privKey); res = TEST_RES_CHECK(1); #endif return res; } static int test_wolfSSL_CTX_add_extra_chain_cert(void) { int res = TEST_SKIPPED; #if defined(OPENSSL_EXTRA) && !defined(NO_CERTS) && \ !defined(NO_FILESYSTEM) && !defined(NO_RSA) && !defined(NO_BIO) #if !defined(NO_WOLFSSL_CLIENT) || !defined(NO_WOLFSSL_SERVER) char caFile[] = "./certs/client-ca.pem"; char clientFile[] = "./certs/client-cert.pem"; SSL_CTX* ctx; X509* x509; BIO *bio = NULL; X509 *cert = NULL; X509 *ca; STACK_OF(X509) *chain = NULL; STACK_OF(X509) *chain2 = NULL; #ifndef NO_WOLFSSL_SERVER AssertNotNull(ctx = SSL_CTX_new(wolfSSLv23_server_method())); #else AssertNotNull(ctx = SSL_CTX_new(wolfSSLv23_client_method())); #endif x509 = wolfSSL_X509_load_certificate_file(caFile, WOLFSSL_FILETYPE_PEM); AssertNotNull(x509); AssertIntEQ((int)SSL_CTX_add_extra_chain_cert(ctx, x509), WOLFSSL_SUCCESS); x509 = wolfSSL_X509_load_certificate_file(clientFile, WOLFSSL_FILETYPE_PEM); AssertNotNull(x509); #if !defined(HAVE_USER_RSA) && !defined(HAVE_FAST_RSA) /* additional test of getting EVP_PKEY key size from X509 * Do not run with user RSA because wolfSSL_RSA_size is not currently * allowed with user RSA */ { EVP_PKEY* pkey; #if defined(HAVE_ECC) X509* ecX509; #endif /* HAVE_ECC */ AssertNotNull(pkey = X509_get_pubkey(x509)); /* current RSA key is 2048 bit (256 bytes) */ AssertIntEQ(EVP_PKEY_size(pkey), 256); EVP_PKEY_free(pkey); #if defined(HAVE_ECC) #if defined(USE_CERT_BUFFERS_256) AssertNotNull(ecX509 = wolfSSL_X509_load_certificate_buffer( cliecc_cert_der_256, sizeof_cliecc_cert_der_256, SSL_FILETYPE_ASN1)); #else AssertNotNull(ecX509 = wolfSSL_X509_load_certificate_file(cliEccCertFile, SSL_FILETYPE_PEM)); #endif pkey = X509_get_pubkey(ecX509); AssertNotNull(pkey); /* current ECC key is 256 bit (32 bytes) */ AssertIntEQ(EVP_PKEY_size(pkey), 32); X509_free(ecX509); EVP_PKEY_free(pkey); #endif /* HAVE_ECC */ } #endif /* !defined(HAVE_USER_RSA) && !defined(HAVE_FAST_RSA) */ AssertIntEQ((int)SSL_CTX_add_extra_chain_cert(ctx, x509), SSL_SUCCESS); #ifdef WOLFSSL_ENCRYPTED_KEYS AssertNull(SSL_CTX_get_default_passwd_cb(ctx)); AssertNull(SSL_CTX_get_default_passwd_cb_userdata(ctx)); #endif SSL_CTX_free(ctx); #ifndef NO_WOLFSSL_SERVER AssertNotNull(ctx = SSL_CTX_new(wolfSSLv23_server_method())); #else AssertNotNull(ctx = SSL_CTX_new(wolfSSLv23_client_method())); #endif /* Test haproxy use case */ AssertNotNull(bio = BIO_new_file(svrCertFile, "r")); /* Read Certificate */ AssertNotNull(cert = PEM_read_bio_X509_AUX(bio, NULL, NULL, NULL)); AssertNotNull(ca = PEM_read_bio_X509(bio, NULL, NULL, NULL)); AssertNotNull(chain = sk_X509_new_null()); AssertIntEQ(sk_X509_push(chain, ca), 1); AssertNotNull(chain2 = X509_chain_up_ref(chain)); AssertNotNull(ca = sk_X509_shift(chain2)); AssertIntEQ(SSL_CTX_use_certificate(ctx, cert), 1); AssertIntEQ(SSL_CTX_add_extra_chain_cert(ctx, ca), 1); BIO_free(bio); X509_free(cert); sk_X509_pop_free(chain, X509_free); sk_X509_pop_free(chain2, X509_free); SSL_CTX_free(ctx); res = TEST_RES_CHECK(1); #endif /* !NO_WOLFSSL_CLIENT || !NO_WOLFSSL_SERVER */ #endif /* defined(OPENSSL_EXTRA) && !defined(NO_CERTS) && \ !defined(NO_FILESYSTEM) && !defined(NO_RSA) && !defined (NO_BIO) */ return res; } #if !defined(NO_WOLFSSL_CLIENT) && !defined(NO_WOLFSSL_SERVER) static int test_wolfSSL_ERR_peek_last_error_line(void) { int res = TEST_SKIPPED; #if defined(OPENSSL_EXTRA) && !defined(NO_CERTS) && \ !defined(NO_FILESYSTEM) && defined(DEBUG_WOLFSSL) && \ !defined(NO_OLD_TLS) && !defined(WOLFSSL_NO_TLS12) && \ defined(HAVE_IO_TESTS_DEPENDENCIES) && !defined(NO_ERROR_QUEUE) tcp_ready ready; func_args client_args; func_args server_args; #ifndef SINGLE_THREADED THREAD_TYPE serverThread; #endif callback_functions client_cb; callback_functions server_cb; int line = 0; int flag = ERR_TXT_STRING; const char* file = NULL; const char* data = NULL; /* create a failed connection and inspect the error */ #ifdef WOLFSSL_TIRTOS fdOpenSession(Task_self()); #endif XMEMSET(&client_args, 0, sizeof(func_args)); XMEMSET(&server_args, 0, sizeof(func_args)); StartTCP(); InitTcpReady(&ready); XMEMSET(&client_cb, 0, sizeof(callback_functions)); XMEMSET(&server_cb, 0, sizeof(callback_functions)); client_cb.method = wolfTLSv1_1_client_method; server_cb.method = wolfTLSv1_2_server_method; server_args.signal = &ready; server_args.callbacks = &server_cb; client_args.signal = &ready; client_args.callbacks = &client_cb; #ifndef SINGLE_THREADED start_thread(test_server_nofail, &server_args, &serverThread); wait_tcp_ready(&server_args); test_client_nofail(&client_args, NULL); join_thread(serverThread); #endif FreeTcpReady(&ready); AssertIntGT(ERR_get_error_line_data(NULL, NULL, &data, &flag), 0); AssertNotNull(data); /* check clearing error state */ ERR_remove_state(0); AssertIntEQ((int)ERR_peek_last_error_line(NULL, NULL), 0); ERR_peek_last_error_line(NULL, &line); AssertIntEQ(line, 0); ERR_peek_last_error_line(&file, NULL); AssertNull(file); /* retry connection to fill error queue */ XMEMSET(&client_args, 0, sizeof(func_args)); XMEMSET(&server_args, 0, sizeof(func_args)); StartTCP(); InitTcpReady(&ready); client_cb.method = wolfTLSv1_1_client_method; server_cb.method = wolfTLSv1_2_server_method; server_args.signal = &ready; server_args.callbacks = &server_cb; client_args.signal = &ready; client_args.callbacks = &client_cb; start_thread(test_server_nofail, &server_args, &serverThread); wait_tcp_ready(&server_args); test_client_nofail(&client_args, NULL); join_thread(serverThread); FreeTcpReady(&ready); /* check that error code was stored */ AssertIntNE((int)ERR_peek_last_error_line(NULL, NULL), 0); ERR_peek_last_error_line(NULL, &line); AssertIntNE(line, 0); ERR_peek_last_error_line(&file, NULL); AssertNotNull(file); #ifdef WOLFSSL_TIRTOS fdOpenSession(Task_self()); #endif fprintf(stderr, "\nTesting error print out\n"); ERR_print_errors_fp(stderr); fprintf(stderr, "Done testing print out\n\n"); res = TEST_RES_CHECK(1); #endif /* defined(OPENSSL_EXTRA) && !defined(NO_CERTS) && \ !defined(NO_FILESYSTEM) && !defined(DEBUG_WOLFSSL) */ return res; } #endif #if defined(OPENSSL_EXTRA) && !defined(NO_CERTS) && \ !defined(NO_FILESYSTEM) && !defined(NO_RSA) static int verify_cb(int ok, X509_STORE_CTX *ctx) { (void) ok; (void) ctx; fprintf(stderr, "ENTER verify_cb\n"); return SSL_SUCCESS; } #endif static int test_wolfSSL_X509_Name_canon(void) { int res = TEST_SKIPPED; #if defined(OPENSSL_ALL) && !defined(NO_CERTS) && \ !defined(NO_FILESYSTEM) && !defined(NO_SHA) && \ defined(WOLFSSL_CERT_GEN) && \ (defined(WOLFSSL_CERT_REQ) || defined(WOLFSSL_CERT_EXT)) && !defined(NO_RSA) const long ex_hash1 = 0x0fdb2da4; const long ex_hash2 = 0x9f3e8c9e; X509_NAME *name = NULL; X509 *x509 = NULL; FILE* file = NULL; unsigned long hash = 0; byte digest[WC_MAX_DIGEST_SIZE] = {0}; byte *pbuf = NULL; word32 len = 0; (void) ex_hash2; file = XFOPEN(caCertFile, "rb"); AssertNotNull(file); AssertNotNull(x509 = PEM_read_X509(file, NULL, NULL, NULL)); AssertNotNull(name = X509_get_issuer_name(x509)); /* When output buffer is NULL, should return necessary output buffer * length.*/ AssertIntGT(wolfSSL_i2d_X509_NAME_canon(name, NULL), 0); AssertIntGT((len = wolfSSL_i2d_X509_NAME_canon(name, &pbuf)), 0); AssertIntEQ(wc_ShaHash((const byte*)pbuf, (word32)len, digest), 0); hash = (((unsigned long)digest[3] << 24) | ((unsigned long)digest[2] << 16) | ((unsigned long)digest[1] << 8) | ((unsigned long)digest[0])); AssertIntEQ(hash, ex_hash1); XFCLOSE(file); X509_free(x509); XFREE(pbuf, NULL, DYNAMIC_TYPE_OPENSSL); pbuf = NULL; file = XFOPEN(cliCertFile, "rb"); AssertNotNull(file); AssertNotNull(x509 = PEM_read_X509(file, NULL, NULL, NULL)); AssertNotNull(name = X509_get_issuer_name(x509)); AssertIntGT((len = wolfSSL_i2d_X509_NAME_canon(name, &pbuf)), 0); AssertIntEQ(wc_ShaHash((const byte*)pbuf, (word32)len, digest), 0); hash = (((unsigned long)digest[3] << 24) | ((unsigned long)digest[2] << 16) | ((unsigned long)digest[1] << 8) | ((unsigned long)digest[0])); AssertIntEQ(hash, ex_hash2); XFCLOSE(file); X509_free(x509); XFREE(pbuf, NULL, DYNAMIC_TYPE_OPENSSL); res = TEST_RES_CHECK(1); #endif return res; } static int test_wolfSSL_X509_LOOKUP_ctrl_hash_dir(void) { int res = TEST_SKIPPED; #if defined(OPENSSL_ALL) && !defined(NO_FILESYSTEM) && !defined(NO_WOLFSSL_DIR) const int MAX_DIR = 4; const char paths[][32] = { "./certs/ed25519", "./certs/ecc", "./certs/crl", "./certs/", }; char CertCrl_path[MAX_FILENAME_SZ]; char *p; X509_STORE* str; X509_LOOKUP* lookup; WOLFSSL_STACK* sk = NULL; int len, total_len, i; (void) sk; XMEMSET(CertCrl_path, 0, MAX_FILENAME_SZ); /* illegal string */ AssertNotNull((str = wolfSSL_X509_STORE_new())); AssertNotNull(lookup = X509_STORE_add_lookup(str, X509_LOOKUP_file())); AssertIntEQ(X509_LOOKUP_ctrl(lookup, X509_L_ADD_DIR, "", SSL_FILETYPE_PEM,NULL), 0); /* free store */ X509_STORE_free(str); /* short folder string */ AssertNotNull((str = wolfSSL_X509_STORE_new())); AssertNotNull(lookup = X509_STORE_add_lookup(str, X509_LOOKUP_file())); AssertIntEQ(X509_LOOKUP_ctrl(lookup, X509_L_ADD_DIR, "./", SSL_FILETYPE_PEM,NULL), 1); #if defined(WOLFSSL_INT_H) /* only available when including internal.h */ AssertNotNull(sk = lookup->dirs->dir_entry); #endif /* free store */ X509_STORE_free(str); /* typical function check */ p = &CertCrl_path[0]; total_len = 0; for (i = MAX_DIR - 1; i>=0 && total_len < MAX_FILENAME_SZ; i--) { len = (int)XSTRLEN((const char*)&paths[i]); total_len += len; XSTRNCPY(p, paths[i], MAX_FILENAME_SZ - total_len); p += len; if (i != 0) *(p++) = SEPARATOR_CHAR; } AssertNotNull((str = wolfSSL_X509_STORE_new())); AssertNotNull(lookup = X509_STORE_add_lookup(str, X509_LOOKUP_file())); AssertIntEQ(X509_LOOKUP_ctrl(lookup, X509_L_ADD_DIR, CertCrl_path, SSL_FILETYPE_PEM,NULL), 1); #if defined(WOLFSSL_INT_H) /* only available when including internal.h */ AssertNotNull(sk = lookup->dirs->dir_entry); #endif X509_STORE_free(str); res = TEST_RES_CHECK(1); #endif return res; } static int test_wolfSSL_X509_LOOKUP_ctrl_file(void) { int res = TEST_SKIPPED; #if defined(OPENSSL_ALL) && !defined(NO_CERTS) && \ !defined(NO_FILESYSTEM) && !defined(NO_RSA) && \ defined(WOLFSSL_SIGNER_DER_CERT) X509_STORE_CTX* ctx; X509_STORE* str; X509_LOOKUP* lookup; X509* cert1; X509* x509Ca; X509* x509Svr; X509* issuer; WOLFSSL_STACK* sk = NULL; X509_NAME* caName; X509_NAME* issuerName; FILE* file1 = NULL; int i, cert_count, cmp; char der[] = "certs/ca-cert.der"; #ifdef HAVE_CRL char pem[][100] = { "./certs/crl/crl.pem", "./certs/crl/crl2.pem", "./certs/crl/caEccCrl.pem", "./certs/crl/eccCliCRL.pem", "./certs/crl/eccSrvCRL.pem", "" }; #endif AssertNotNull(file1=fopen("./certs/ca-cert.pem", "rb")); AssertNotNull(cert1 = wolfSSL_PEM_read_X509(file1, NULL, NULL, NULL)); fclose(file1); AssertNotNull(ctx = X509_STORE_CTX_new()); AssertNotNull((str = wolfSSL_X509_STORE_new())); AssertNotNull(lookup = X509_STORE_add_lookup(str, X509_LOOKUP_file())); AssertIntEQ(X509_LOOKUP_ctrl(lookup, X509_L_FILE_LOAD, caCertFile, SSL_FILETYPE_PEM,NULL), 1); AssertNotNull(sk = wolfSSL_CertManagerGetCerts(str->cm)); AssertIntEQ((cert_count = sk_X509_num(sk)), 1); /* check if CA cert is loaded into the store */ for (i = 0; i < cert_count; i++) { x509Ca = sk_X509_value(sk, i); AssertIntEQ(0, wolfSSL_X509_cmp(x509Ca, cert1)); } AssertNotNull((x509Svr = wolfSSL_X509_load_certificate_file(svrCertFile, SSL_FILETYPE_PEM))); AssertIntEQ(X509_STORE_CTX_init(ctx, str, x509Svr, NULL), SSL_SUCCESS); AssertNull(X509_STORE_CTX_get0_current_issuer(NULL)); issuer = X509_STORE_CTX_get0_current_issuer(ctx); AssertNotNull(issuer); caName = X509_get_subject_name(x509Ca); AssertNotNull(caName); issuerName = X509_get_subject_name(issuer); AssertNotNull(issuerName); cmp = X509_NAME_cmp(caName, issuerName); AssertIntEQ(cmp, 0); /* load der format */ X509_free(issuer); X509_STORE_CTX_free(ctx); X509_STORE_free(str); sk_X509_pop_free(sk, NULL); X509_free(x509Svr); AssertNotNull((str = wolfSSL_X509_STORE_new())); AssertNotNull(lookup = X509_STORE_add_lookup(str, X509_LOOKUP_file())); AssertIntEQ(X509_LOOKUP_ctrl(lookup, X509_L_FILE_LOAD, der, SSL_FILETYPE_ASN1,NULL), 1); AssertNotNull(sk = wolfSSL_CertManagerGetCerts(str->cm)); AssertIntEQ((cert_count = sk_X509_num(sk)), 1); /* check if CA cert is loaded into the store */ for (i = 0; i < cert_count; i++) { x509Ca = sk_X509_value(sk, i); AssertIntEQ(0, wolfSSL_X509_cmp(x509Ca, cert1)); } X509_STORE_free(str); sk_X509_pop_free(sk, NULL); X509_free(cert1); #ifdef HAVE_CRL AssertNotNull(str = wolfSSL_X509_STORE_new()); AssertNotNull(lookup = X509_STORE_add_lookup(str, X509_LOOKUP_file())); AssertIntEQ(X509_LOOKUP_ctrl(lookup, X509_L_FILE_LOAD, caCertFile, SSL_FILETYPE_PEM,NULL), 1); AssertIntEQ(X509_LOOKUP_ctrl(lookup, X509_L_FILE_LOAD, "certs/server-revoked-cert.pem", SSL_FILETYPE_PEM,NULL), 1); if (str) { AssertIntEQ(wolfSSL_CertManagerVerify(str->cm, svrCertFile, WOLFSSL_FILETYPE_PEM), 1); /* since store hasn't yet known the revoked cert*/ AssertIntEQ(wolfSSL_CertManagerVerify(str->cm, "certs/server-revoked-cert.pem", WOLFSSL_FILETYPE_PEM), 1); } for (i = 0; pem[i][0] != '\0'; i++) { AssertIntEQ(X509_LOOKUP_ctrl(lookup, X509_L_FILE_LOAD, pem[i], SSL_FILETYPE_PEM, NULL), 1); } if (str) { /* since store knows crl list */ AssertIntEQ(wolfSSL_CertManagerVerify(str->cm, "certs/server-revoked-cert.pem", WOLFSSL_FILETYPE_PEM ), CRL_CERT_REVOKED); } AssertIntEQ(X509_LOOKUP_ctrl(NULL, 0, NULL, 0, NULL), 0); X509_STORE_free(str); #endif res = TEST_RES_CHECK(1); #endif return res; } static int test_wolfSSL_X509_STORE_CTX_trusted_stack_cleanup(void) { int res = TEST_SKIPPED; #if defined(OPENSSL_EXTRA) X509_STORE_CTX_cleanup(NULL); X509_STORE_CTX_trusted_stack(NULL, NULL); AssertTrue(1); /* to confirm previous call gives no harm */ res = TEST_RES_CHECK(1); #endif return res; } static int test_wolfSSL_X509_STORE_CTX_get0_current_issuer(void) { int res = TEST_SKIPPED; #if defined(OPENSSL_EXTRA) && !defined(NO_RSA) #ifdef WOLFSSL_SIGNER_DER_CERT int cmp; #endif X509_STORE_CTX* ctx; X509_STORE* str; X509* x509Ca; X509* x509Svr; X509* issuer; X509_NAME* caName; X509_NAME* issuerName; AssertNotNull(ctx = X509_STORE_CTX_new()); AssertNotNull((str = wolfSSL_X509_STORE_new())); AssertNotNull((x509Ca = wolfSSL_X509_load_certificate_file(caCertFile, SSL_FILETYPE_PEM))); AssertIntEQ(X509_STORE_add_cert(str, x509Ca), SSL_SUCCESS); AssertNotNull((x509Svr = wolfSSL_X509_load_certificate_file(svrCertFile, SSL_FILETYPE_PEM))); AssertIntEQ(X509_STORE_CTX_init(ctx, str, x509Svr, NULL), SSL_SUCCESS); AssertNull(X509_STORE_CTX_get0_current_issuer(NULL)); issuer = X509_STORE_CTX_get0_current_issuer(ctx); AssertNotNull(issuer); caName = X509_get_subject_name(x509Ca); AssertNotNull(caName); issuerName = X509_get_subject_name(issuer); AssertNotNull(issuerName); #ifdef WOLFSSL_SIGNER_DER_CERT cmp = X509_NAME_cmp(caName, issuerName); AssertIntEQ(cmp, 0); #endif X509_free(issuer); X509_STORE_CTX_free(ctx); X509_free(x509Svr); X509_STORE_free(str); X509_free(x509Ca); res = TEST_RES_CHECK(1); #endif return res; } static int test_wolfSSL_PKCS7_certs(void) { int res = TEST_SKIPPED; #if defined(OPENSSL_ALL) && !defined(NO_CERTS) && !defined(NO_BIO) && \ !defined(NO_FILESYSTEM) && !defined(NO_RSA) && defined(HAVE_PKCS7) STACK_OF(X509)* sk = NULL; STACK_OF(X509_INFO)* info_sk = NULL; PKCS7 *p7 = NULL; BIO* bio; const byte* p = NULL; int buflen = 0; int i; /* Test twice. Once with d2i and once without to test * that everything is free'd correctly. */ for (i = 0; i < 2; i++) { AssertNotNull(p7 = PKCS7_new()); p7->version = 1; #ifdef NO_SHA p7->hashOID = SHA256h; #else p7->hashOID = SHAh; #endif AssertNotNull(bio = BIO_new(BIO_s_file())); AssertIntGT(BIO_read_filename(bio, svrCertFile), 0); AssertNotNull(info_sk = PEM_X509_INFO_read_bio(bio, NULL, NULL, NULL)); AssertIntEQ(sk_X509_INFO_num(info_sk), 2); AssertNotNull(sk = sk_X509_new_null()); while (sk_X509_INFO_num(info_sk)) { X509_INFO* info; AssertNotNull(info = sk_X509_INFO_shift(info_sk)); AssertIntEQ(sk_X509_push(sk, info->x509), 1); info->x509 = NULL; X509_INFO_free(info); } sk_X509_INFO_free(info_sk); BIO_free(bio); bio = BIO_new(BIO_s_mem()); AssertIntEQ(wolfSSL_PKCS7_encode_certs(p7, sk, bio), 1); AssertIntGT((buflen = BIO_get_mem_data(bio, &p)), 0); if (i == 0) { PKCS7_free(p7); AssertNotNull(d2i_PKCS7(&p7, &p, buflen)); /* Reset certs to force wolfSSL_PKCS7_to_stack to regenerate them */ ((WOLFSSL_PKCS7*)p7)->certs = NULL; /* PKCS7_free free's the certs */ AssertNotNull(wolfSSL_PKCS7_to_stack(p7)); } BIO_free(bio); PKCS7_free(p7); } res = TEST_RES_CHECK(1); #endif /* defined(OPENSSL_ALL) && !defined(NO_CERTS) && \ !defined(NO_FILESYSTEM) && !defined(NO_RSA) && defined(HAVE_PKCS7) */ return res; } static int test_wolfSSL_X509_STORE_CTX(void) { int res = TEST_SKIPPED; #if defined(OPENSSL_EXTRA) && !defined(NO_CERTS) && \ !defined(NO_FILESYSTEM) && !defined(NO_RSA) X509_STORE_CTX* ctx; X509_STORE* str; X509* x509; #ifdef OPENSSL_ALL X509* x5092; STACK_OF(X509) *sk, *sk2, *sk3; #endif AssertNotNull(ctx = X509_STORE_CTX_new()); AssertNotNull((str = wolfSSL_X509_STORE_new())); AssertNotNull((x509 = wolfSSL_X509_load_certificate_file(svrCertFile, SSL_FILETYPE_PEM))); AssertIntEQ(X509_STORE_add_cert(str, x509), SSL_SUCCESS); #ifdef OPENSSL_ALL /* sk_X509_new only in OPENSSL_ALL */ sk = sk_X509_new_null(); AssertNotNull(sk); AssertIntEQ(X509_STORE_CTX_init(ctx, str, x509, sk), SSL_SUCCESS); #else AssertIntEQ(X509_STORE_CTX_init(ctx, str, x509, NULL), SSL_SUCCESS); #endif AssertIntEQ(SSL_get_ex_data_X509_STORE_CTX_idx(), 0); X509_STORE_CTX_set_error(ctx, -5); X509_STORE_CTX_set_error(NULL, -5); X509_STORE_CTX_free(ctx); #ifdef OPENSSL_ALL sk_X509_pop_free(sk, NULL); #endif X509_STORE_free(str); X509_free(x509); AssertNotNull(ctx = X509_STORE_CTX_new()); X509_STORE_CTX_set_verify_cb(ctx, verify_cb); X509_STORE_CTX_free(ctx); #ifdef OPENSSL_ALL /* test X509_STORE_CTX_get(1)_chain */ AssertNotNull((x509 = X509_load_certificate_file(svrCertFile, SSL_FILETYPE_PEM))); AssertNotNull((x5092 = X509_load_certificate_file(cliCertFile, SSL_FILETYPE_PEM))); AssertNotNull((sk = sk_X509_new_null())); AssertIntEQ(sk_X509_push(sk, x509), 1); AssertNotNull((str = X509_STORE_new())); AssertNotNull((ctx = X509_STORE_CTX_new())); AssertIntEQ(X509_STORE_CTX_init(ctx, str, x5092, sk), 1); AssertNull((sk2 = X509_STORE_CTX_get_chain(NULL))); AssertNotNull((sk2 = X509_STORE_CTX_get_chain(ctx))); AssertIntEQ(sk_num(sk2), 1); /* sanity, make sure chain has 1 cert */ AssertNull((sk3 = X509_STORE_CTX_get1_chain(NULL))); AssertNotNull((sk3 = X509_STORE_CTX_get1_chain(ctx))); AssertIntEQ(sk_num(sk3), 1); /* sanity, make sure chain has 1 cert */ X509_STORE_CTX_free(ctx); X509_STORE_free(str); /* CTX certs not freed yet */ X509_free(x5092); sk_X509_pop_free(sk, NULL); /* sk3 is dup so free here */ sk_X509_pop_free(sk3, NULL); #endif /* test X509_STORE_CTX_get/set_ex_data */ { int i = 0, tmpData = 5; void* tmpDataRet; AssertNotNull(ctx = X509_STORE_CTX_new()); #ifdef HAVE_EX_DATA for (i = 0; i < MAX_EX_DATA; i++) { AssertIntEQ(X509_STORE_CTX_set_ex_data(ctx, i, &tmpData), WOLFSSL_SUCCESS); tmpDataRet = (int*)X509_STORE_CTX_get_ex_data(ctx, i); AssertNotNull(tmpDataRet); AssertIntEQ(tmpData, *(int*)tmpDataRet); } #else AssertIntEQ(X509_STORE_CTX_set_ex_data(ctx, i, &tmpData), WOLFSSL_FAILURE); tmpDataRet = (int*)X509_STORE_CTX_get_ex_data(ctx, i); AssertNull(tmpDataRet); #endif X509_STORE_CTX_free(ctx); } /* test X509_STORE_get/set_ex_data */ { int i = 0, tmpData = 99; void* tmpDataRet; AssertNotNull(str = X509_STORE_new()); #ifdef HAVE_EX_DATA for (i = 0; i < MAX_EX_DATA; i++) { AssertIntEQ(X509_STORE_set_ex_data(str, i, &tmpData), WOLFSSL_SUCCESS); tmpDataRet = (int*)X509_STORE_get_ex_data(str, i); AssertNotNull(tmpDataRet); AssertIntEQ(tmpData, *(int*)tmpDataRet); } #else AssertIntEQ(X509_STORE_set_ex_data(str, i, &tmpData), WOLFSSL_FAILURE); tmpDataRet = (int*)X509_STORE_get_ex_data(str, i); AssertNull(tmpDataRet); #endif X509_STORE_free(str); } res = TEST_RES_CHECK(1); #endif /* defined(OPENSSL_EXTRA) && !defined(NO_CERTS) && \ !defined(NO_FILESYSTEM) && !defined(NO_RSA) */ return res; } static int test_wolfSSL_X509_STORE_set_flags(void) { int res = TEST_SKIPPED; #if defined(OPENSSL_EXTRA) && !defined(NO_CERTS) && \ !defined(NO_FILESYSTEM) && !defined(NO_RSA) X509_STORE* store; X509* x509; AssertNotNull((store = wolfSSL_X509_STORE_new())); AssertNotNull((x509 = wolfSSL_X509_load_certificate_file(svrCertFile, WOLFSSL_FILETYPE_PEM))); AssertIntEQ(X509_STORE_add_cert(store, x509), WOLFSSL_SUCCESS); #ifdef HAVE_CRL AssertIntEQ(X509_STORE_set_flags(store, WOLFSSL_CRL_CHECKALL), WOLFSSL_SUCCESS); #else AssertIntEQ(X509_STORE_set_flags(store, WOLFSSL_CRL_CHECKALL), NOT_COMPILED_IN); #endif wolfSSL_X509_free(x509); wolfSSL_X509_STORE_free(store); res = TEST_RES_CHECK(1); #endif /* defined(OPENSSL_EXTRA) && !defined(NO_CERTS) && \ !defined(NO_FILESYSTEM) && !defined(NO_RSA) */ return res; } static int test_wolfSSL_X509_LOOKUP_load_file(void) { int res = TEST_SKIPPED; #if defined(OPENSSL_EXTRA) && defined(HAVE_CRL) && \ !defined(NO_FILESYSTEM) && !defined(NO_RSA) && \ (!defined(NO_WOLFSSL_CLIENT) || !defined(WOLFSSL_NO_CLIENT_AUTH)) WOLFSSL_X509_STORE* store; WOLFSSL_X509_LOOKUP* lookup; AssertNotNull(store = wolfSSL_X509_STORE_new()); AssertNotNull(lookup = X509_STORE_add_lookup(store, X509_LOOKUP_file())); AssertIntEQ(wolfSSL_X509_LOOKUP_load_file(lookup, "certs/client-ca.pem", X509_FILETYPE_PEM), 1); AssertIntEQ(wolfSSL_X509_LOOKUP_load_file(lookup, "certs/crl/crl2.pem", X509_FILETYPE_PEM), 1); if (store) { AssertIntEQ(wolfSSL_CertManagerVerify(store->cm, cliCertFile, WOLFSSL_FILETYPE_PEM), 1); AssertIntEQ(wolfSSL_CertManagerVerify(store->cm, svrCertFile, WOLFSSL_FILETYPE_PEM), ASN_NO_SIGNER_E); } AssertIntEQ(wolfSSL_X509_LOOKUP_load_file(lookup, "certs/ca-cert.pem", X509_FILETYPE_PEM), 1); if (store) { AssertIntEQ(wolfSSL_CertManagerVerify(store->cm, svrCertFile, WOLFSSL_FILETYPE_PEM), 1); } wolfSSL_X509_STORE_free(store); res = TEST_RES_CHECK(1); #endif /* defined(OPENSSL_EXTRA) && defined(HAVE_CRL) && \ !defined(NO_FILESYSTEM) && !defined(NO_RSA) */ return res; } static int test_wolfSSL_X509_STORE_CTX_set_time(void) { int res = TEST_SKIPPED; #if defined(OPENSSL_EXTRA) WOLFSSL_X509_STORE_CTX* ctx; time_t c_time; AssertNotNull(ctx = wolfSSL_X509_STORE_CTX_new()); c_time = 365*24*60*60; wolfSSL_X509_STORE_CTX_set_time(ctx, 0, c_time); AssertTrue( (ctx->param->flags & WOLFSSL_USE_CHECK_TIME) == WOLFSSL_USE_CHECK_TIME); AssertTrue(ctx->param->check_time == c_time); wolfSSL_X509_STORE_CTX_free(ctx); res = TEST_RES_CHECK(1); #endif /* OPENSSL_EXTRA */ return res; } static int test_wolfSSL_CTX_get0_set1_param(void) { int res = TEST_SKIPPED; #if defined(OPENSSL_EXTRA) #if !defined(NO_WOLFSSL_CLIENT) || !defined(NO_WOLFSSL_SERVER) int ret; SSL_CTX* ctx; WOLFSSL_X509_VERIFY_PARAM* pParam; WOLFSSL_X509_VERIFY_PARAM* pvpm; char testIPv4[] = "127.0.0.1"; char testhostName[] = "foo.hoge.com"; #ifndef NO_WOLFSSL_SERVER AssertNotNull(ctx = SSL_CTX_new(wolfSSLv23_server_method())); #else AssertNotNull(ctx = SSL_CTX_new(wolfSSLv23_client_method())); #endif AssertNull(SSL_CTX_get0_param(NULL)); AssertNotNull(pParam = SSL_CTX_get0_param(ctx)); pvpm = (WOLFSSL_X509_VERIFY_PARAM *)XMALLOC( sizeof(WOLFSSL_X509_VERIFY_PARAM), NULL, DYNAMIC_TYPE_OPENSSL); AssertNotNull(pvpm); XMEMSET(pvpm, 0, sizeof(WOLFSSL_X509_VERIFY_PARAM)); wolfSSL_X509_VERIFY_PARAM_set1_host(pvpm, testhostName, (int)XSTRLEN(testhostName)); wolfSSL_X509_VERIFY_PARAM_set1_ip_asc(pvpm, testIPv4); wolfSSL_X509_VERIFY_PARAM_set_hostflags(pvpm, 0x01); ret = SSL_CTX_set1_param(ctx, pvpm); AssertIntEQ(1, ret); AssertIntEQ(0, XSTRNCMP(pParam->hostName, testhostName, (int)XSTRLEN(testhostName))); AssertIntEQ(0x01, pParam->hostFlags); AssertIntEQ(0, XSTRNCMP(pParam->ipasc, testIPv4, WOLFSSL_MAX_IPSTR)); /* test for incorrect patameter */ AssertIntEQ(1,SSL_CTX_set1_param(ctx, NULL)); AssertIntEQ(1,SSL_CTX_set1_param(NULL, pvpm)); AssertIntEQ(1,SSL_CTX_set1_param(NULL, NULL)); SSL_CTX_free(ctx); XFREE(pvpm, NULL, DYNAMIC_TYPE_OPENSSL); res = TEST_RES_CHECK(1); #endif /* !NO_WOLFSSL_CLIENT || !NO_WOLFSSL_SERVER */ #endif /* OPENSSL_EXTRA && !defined(NO_RSA)*/ return res; } static int test_wolfSSL_get0_param(void) { int res = TEST_SKIPPED; #if defined(OPENSSL_EXTRA) && !defined(NO_RSA) #if !defined(NO_WOLFSSL_CLIENT) || !defined(NO_WOLFSSL_SERVER) SSL_CTX* ctx; SSL* ssl; WOLFSSL_X509_VERIFY_PARAM* pParam; #ifndef NO_WOLFSSL_SERVER AssertNotNull(ctx = SSL_CTX_new(wolfSSLv23_server_method())); #else AssertNotNull(ctx = SSL_CTX_new(wolfSSLv23_client_method())); #endif AssertTrue(SSL_CTX_use_certificate_file(ctx, svrCertFile, SSL_FILETYPE_PEM)); AssertTrue(SSL_CTX_use_PrivateKey_file(ctx, svrKeyFile, SSL_FILETYPE_PEM)); AssertNotNull(ssl = SSL_new(ctx)); pParam = SSL_get0_param(ssl); (void)pParam; SSL_free(ssl); SSL_CTX_free(ctx); res = TEST_RES_CHECK(1); #endif /* !NO_WOLFSSL_CLIENT || !NO_WOLFSSL_SERVER */ #endif /* OPENSSL_EXTRA && !defined(NO_RSA)*/ return res; } static int test_wolfSSL_X509_VERIFY_PARAM_set1_host(void) { int res = TEST_SKIPPED; #if defined(OPENSSL_EXTRA) const char host[] = "www.example.com"; WOLFSSL_X509_VERIFY_PARAM* pParam; AssertNotNull(pParam = (WOLFSSL_X509_VERIFY_PARAM*)XMALLOC( sizeof(WOLFSSL_X509_VERIFY_PARAM), HEAP_HINT, DYNAMIC_TYPE_OPENSSL)); XMEMSET(pParam, 0, sizeof(WOLFSSL_X509_VERIFY_PARAM)); X509_VERIFY_PARAM_set1_host(pParam, host, sizeof(host)); AssertIntEQ(XMEMCMP(pParam->hostName, host, sizeof(host)), 0); XMEMSET(pParam, 0, sizeof(WOLFSSL_X509_VERIFY_PARAM)); AssertIntNE(XMEMCMP(pParam->hostName, host, sizeof(host)), 0); XFREE(pParam, HEAP_HINT, DYNAMIC_TYPE_OPENSSL); res = TEST_RES_CHECK(1); #endif /* OPENSSL_EXTRA */ return res; } static int test_wolfSSL_set1_host(void) { int res = TEST_SKIPPED; #if defined(OPENSSL_EXTRA) && !defined(NO_RSA) #if !defined(NO_WOLFSSL_CLIENT) || !defined(NO_WOLFSSL_SERVER) const char host[] = "www.test_wolfSSL_set1_host.com"; const char emptyStr[] = ""; SSL_CTX* ctx; SSL* ssl; WOLFSSL_X509_VERIFY_PARAM* pParam; #ifndef NO_WOLFSSL_SERVER AssertNotNull(ctx = SSL_CTX_new(wolfSSLv23_server_method())); #else AssertNotNull(ctx = SSL_CTX_new(wolfSSLv23_client_method())); #endif AssertTrue(SSL_CTX_use_certificate_file(ctx, svrCertFile, SSL_FILETYPE_PEM)); AssertTrue(SSL_CTX_use_PrivateKey_file(ctx, svrKeyFile, SSL_FILETYPE_PEM)); AssertNotNull(ssl = SSL_new(ctx)); pParam = SSL_get0_param(ssl); /* we should get back host string */ SSL_set1_host(ssl, host); AssertIntEQ(XMEMCMP(pParam->hostName, host, sizeof(host)), 0); /* we should get back empty string */ SSL_set1_host(ssl, emptyStr); AssertIntEQ(XMEMCMP(pParam->hostName, emptyStr, sizeof(emptyStr)), 0); /* we should get back host string */ SSL_set1_host(ssl, host); AssertIntEQ(XMEMCMP(pParam->hostName, host, sizeof(host)), 0); /* we should get back empty string */ SSL_set1_host(ssl, NULL); AssertIntEQ(XMEMCMP(pParam->hostName, emptyStr, sizeof(emptyStr)), 0); SSL_free(ssl); SSL_CTX_free(ctx); res = TEST_RES_CHECK(1); #endif /* !NO_WOLFSSL_CLIENT || !NO_WOLFSSL_SERVER */ #endif /* OPENSSL_EXTRA */ return res; } static int test_wolfSSL_X509_VERIFY_PARAM_set1_ip(void) { int res = TEST_SKIPPED; #if defined(OPENSSL_EXTRA) unsigned char buf[16] = {0}; WOLFSSL_X509_VERIFY_PARAM* param; AssertNotNull(param = X509_VERIFY_PARAM_new()); /* test 127.0.0.1 */ buf[0] =0x7f; buf[1] = 0; buf[2] = 0; buf[3] = 1; AssertIntEQ(X509_VERIFY_PARAM_set1_ip(param, &buf[0], 4), SSL_SUCCESS); AssertIntEQ(XSTRNCMP(param->ipasc, "127.0.0.1", sizeof(param->ipasc)), 0); /* test 2001:db8:3333:4444:5555:6666:7777:8888 */ buf[0]=32;buf[1]=1;buf[2]=13;buf[3]=184; buf[4]=51;buf[5]=51;buf[6]=68;buf[7]=68; buf[8]=85;buf[9]=85;buf[10]=102;buf[11]=102; buf[12]=119;buf[13]=119;buf[14]=136;buf[15]=136; AssertIntEQ(X509_VERIFY_PARAM_set1_ip(param, &buf[0], 16), SSL_SUCCESS); AssertIntEQ(XSTRNCMP(param->ipasc, "2001:db8:3333:4444:5555:6666:7777:8888", sizeof(param->ipasc)), 0); /* test 2001:db8:: */ buf[0]=32;buf[1]=1;buf[2]=13;buf[3]=184; buf[4]=0;buf[5]=0;buf[6]=0;buf[7]=0; buf[8]=0;buf[9]=0;buf[10]=0;buf[11]=0; buf[12]=0;buf[13]=0;buf[14]=0;buf[15]=0; AssertIntEQ(X509_VERIFY_PARAM_set1_ip(param, &buf[0], 16), SSL_SUCCESS); AssertIntEQ(XSTRNCMP(param->ipasc, "2001:db8::", sizeof(param->ipasc)), 0); /* test ::1234:5678 */ buf[0]=0;buf[1]=0;buf[2]=0;buf[3]=0; buf[4]=0;buf[5]=0;buf[6]=0;buf[7]=0; buf[8]=0;buf[9]=0;buf[10]=0;buf[11]=0; buf[12]=18;buf[13]=52;buf[14]=86;buf[15]=120; AssertIntEQ(X509_VERIFY_PARAM_set1_ip(param, &buf[0], 16), SSL_SUCCESS); AssertIntEQ(XSTRNCMP(param->ipasc, "::1234:5678", sizeof(param->ipasc)), 0); /* test 2001:db8::1234:5678 */ buf[0]=32;buf[1]=1;buf[2]=13;buf[3]=184; buf[4]=0;buf[5]=0;buf[6]=0;buf[7]=0; buf[8]=0;buf[9]=0;buf[10]=0;buf[11]=0; buf[12]=18;buf[13]=52;buf[14]=86;buf[15]=120; AssertIntEQ(X509_VERIFY_PARAM_set1_ip(param, &buf[0], 16), SSL_SUCCESS); AssertIntEQ(XSTRNCMP(param->ipasc, "2001:db8::1234:5678", sizeof(param->ipasc)), 0); /* test 2001:0db8:0001:0000:0000:0ab9:c0a8:0102*/ /* 2001:db8:1::ab9:c0a8:102 */ buf[0]=32;buf[1]=1;buf[2]=13;buf[3]=184; buf[4]=0;buf[5]=1;buf[6]=0;buf[7]=0; buf[8]=0;buf[9]=0;buf[10]=10;buf[11]=185; buf[12]=192;buf[13]=168;buf[14]=1;buf[15]=2; AssertIntEQ(X509_VERIFY_PARAM_set1_ip(param, &buf[0], 16), SSL_SUCCESS); AssertIntEQ(XSTRNCMP(param->ipasc, "2001:db8:1::ab9:c0a8:102", sizeof(param->ipasc)), 0); XFREE(param, HEAP_HINT, DYNAMIC_TYPE_OPENSSL); res = TEST_RES_CHECK(1); #endif /* OPENSSL_EXTRA */ return res; } static int test_wolfSSL_X509_STORE_CTX_get0_store(void) { int res = TEST_SKIPPED; #if defined(OPENSSL_EXTRA) X509_STORE* store; X509_STORE_CTX* ctx; X509_STORE_CTX* ctx_no_init; AssertNotNull((store = X509_STORE_new())); AssertNotNull(ctx = X509_STORE_CTX_new()); AssertNotNull(ctx_no_init = X509_STORE_CTX_new()); AssertIntEQ(X509_STORE_CTX_init(ctx, store, NULL, NULL), SSL_SUCCESS); AssertNull(X509_STORE_CTX_get0_store(NULL)); /* should return NULL if ctx has not bee initialized */ AssertNull(X509_STORE_CTX_get0_store(ctx_no_init)); AssertNotNull(X509_STORE_CTX_get0_store(ctx)); wolfSSL_X509_STORE_CTX_free(ctx); wolfSSL_X509_STORE_CTX_free(ctx_no_init); X509_STORE_free(store); res = TEST_RES_CHECK(1); #endif /* OPENSSL_EXTRA */ return res; } static int test_wolfSSL_CTX_set_client_CA_list(void) { int res = TEST_SKIPPED; #if defined(OPENSSL_ALL) && !defined(NO_RSA) && !defined(NO_CERTS) && \ !defined(NO_WOLFSSL_CLIENT) && !defined(NO_BIO) WOLFSSL_CTX* ctx; WOLFSSL* ssl; X509_NAME* name = NULL; STACK_OF(X509_NAME)* names = NULL; STACK_OF(X509_NAME)* ca_list = NULL; int i, names_len; AssertNotNull(ctx = wolfSSL_CTX_new(wolfSSLv23_server_method())); /* Send two X501 names in cert request */ names = SSL_load_client_CA_file(cliCertFile); AssertNotNull(names); ca_list = SSL_load_client_CA_file(caCertFile); AssertNotNull(ca_list); AssertIntEQ(sk_X509_NAME_push(names, sk_X509_NAME_value(ca_list, 0)), 1); SSL_CTX_set_client_CA_list(ctx, names); /* This should only free the stack structure */ sk_X509_NAME_free(ca_list); AssertNotNull(ca_list = SSL_CTX_get_client_CA_list(ctx)); AssertIntEQ(sk_X509_NAME_num(ca_list), sk_X509_NAME_num(names)); AssertIntGT((names_len = sk_X509_NAME_num(names)), 0); for (i=0; iport, 0, 0, NULL); AssertNotNull(ctx_client = wolfSSL_CTX_new(wolfTLSv1_2_client_method())); AssertIntEQ(WOLFSSL_SUCCESS, wolfSSL_CTX_load_verify_locations(ctx_client, caCertFile, 0)); AssertIntEQ(WOLFSSL_SUCCESS, wolfSSL_CTX_use_certificate_file(ctx_client, cliCertFile, SSL_FILETYPE_PEM)); AssertIntEQ(WOLFSSL_SUCCESS, wolfSSL_CTX_use_PrivateKey_file(ctx_client, cliKeyFile, SSL_FILETYPE_PEM)); AssertNotNull(ssl_client = wolfSSL_new(ctx_client)); AssertIntEQ(wolfSSL_set_fd(ssl_client, sockfd), WOLFSSL_SUCCESS); AssertIntEQ(wolfSSL_connect(ssl_client), WOLFSSL_SUCCESS); AssertNotNull(ca_list = SSL_get_client_CA_list(ssl_client)); /* We are expecting two cert names to be sent */ AssertIntEQ(sk_X509_NAME_num(ca_list), 2); AssertNotNull(names = SSL_CTX_get_client_CA_list(ctx)); for (i=0; icallbacks; WOLFSSL_CTX* ctx = callbacks->ctx; WOLFSSL* ssl = NULL; SOCKET_T sfd = 0; SOCKET_T cfd = 0; word16 port; char input[1024]; int idx; int ret, err = 0; const char* privateName = "ech-private-name.com"; int privateNameLen = (int)XSTRLEN(privateName); ((func_args*)args)->return_code = TEST_FAIL; port = ((func_args*)args)->signal->port; AssertIntEQ(WOLFSSL_SUCCESS, wolfSSL_CTX_load_verify_locations(ctx, cliCertFile, 0)); AssertIntEQ(WOLFSSL_SUCCESS, wolfSSL_CTX_use_certificate_file(ctx, svrCertFile, WOLFSSL_FILETYPE_PEM)); AssertIntEQ(WOLFSSL_SUCCESS, wolfSSL_CTX_use_PrivateKey_file(ctx, svrKeyFile, WOLFSSL_FILETYPE_PEM)); if (callbacks->ctx_ready) callbacks->ctx_ready(ctx); ssl = wolfSSL_new(ctx); /* set the sni for the server */ wolfSSL_UseSNI(ssl, WOLFSSL_SNI_HOST_NAME, privateName, privateNameLen); tcp_accept(&sfd, &cfd, (func_args*)args, port, 0, 0, 0, 0, 1, NULL, NULL); CloseSocket(sfd); AssertIntEQ(WOLFSSL_SUCCESS, wolfSSL_set_fd(ssl, cfd)); if (callbacks->ssl_ready) callbacks->ssl_ready(ssl); do { err = 0; /* Reset error */ ret = wolfSSL_accept(ssl); if (ret != WOLFSSL_SUCCESS) { err = wolfSSL_get_error(ssl, 0); } } while (ret != WOLFSSL_SUCCESS && err == WC_PENDING_E); if (ret != WOLFSSL_SUCCESS) { char buff[WOLFSSL_MAX_ERROR_SZ]; printf("error = %d, %s\n", err, wolfSSL_ERR_error_string(err, buff)); } else { if (0 < (idx = wolfSSL_read(ssl, input, sizeof(input)-1))) { input[idx] = 0; printf("Client message: %s\n", input); } AssertIntEQ(privateNameLen, wolfSSL_write(ssl, privateName, privateNameLen)); ((func_args*)args)->return_code = TEST_SUCCESS; } if (callbacks->on_result) callbacks->on_result(ssl); wolfSSL_shutdown(ssl); wolfSSL_free(ssl); wolfSSL_CTX_free(ctx); CloseSocket(cfd); #ifdef FP_ECC wc_ecc_fp_free(); #endif return 0; } #endif /* HAVE_ECH && WOLFSSL_TLS13 */ #if defined(OPENSSL_EXTRA) && defined(HAVE_SECRET_CALLBACK) static THREAD_RETURN WOLFSSL_THREAD server_task(void* args) { callback_functions* callbacks = ((func_args*)args)->callbacks; WOLFSSL_CTX* ctx = wolfSSL_CTX_new(callbacks->method()); WOLFSSL* ssl = NULL; SOCKET_T sfd = 0; SOCKET_T cfd = 0; word16 port; char msg[] = "I hear you fa shizzle!"; int len = (int) XSTRLEN(msg); char input[1024]; int idx; int ret, err = 0; #ifdef WOLFSSL_TIRTOS fdOpenSession(Task_self()); #endif ((func_args*)args)->return_code = TEST_FAIL; port = ((func_args*)args)->signal->port; AssertIntEQ(WOLFSSL_SUCCESS, wolfSSL_CTX_load_verify_locations(ctx, cliCertFile, 0)); AssertIntEQ(WOLFSSL_SUCCESS, wolfSSL_CTX_use_certificate_file(ctx, svrCertFile, WOLFSSL_FILETYPE_PEM)); AssertIntEQ(WOLFSSL_SUCCESS, wolfSSL_CTX_use_PrivateKey_file(ctx, svrKeyFile, WOLFSSL_FILETYPE_PEM)); if (callbacks->ctx_ready) callbacks->ctx_ready(ctx); ssl = wolfSSL_new(ctx); tcp_accept(&sfd, &cfd, (func_args*)args, port, 0, 0, 0, 0, 1, NULL, NULL); CloseSocket(sfd); AssertIntEQ(WOLFSSL_SUCCESS, wolfSSL_set_fd(ssl, cfd)); if (callbacks->ssl_ready) callbacks->ssl_ready(ssl); do { err = 0; /* Reset error */ ret = wolfSSL_accept(ssl); if (ret != WOLFSSL_SUCCESS) { err = wolfSSL_get_error(ssl, 0); } } while (ret != WOLFSSL_SUCCESS && err == WC_PENDING_E); if (ret != WOLFSSL_SUCCESS) { char buff[WOLFSSL_MAX_ERROR_SZ]; fprintf(stderr, "error = %d, %s\n", err, wolfSSL_ERR_error_string(err, buff)); } else { if (0 < (idx = wolfSSL_read(ssl, input, sizeof(input)-1))) { input[idx] = 0; fprintf(stderr, "Client message: %s\n", input); } AssertIntEQ(len, wolfSSL_write(ssl, msg, len)); #ifdef WOLFSSL_TIRTOS Task_yield(); #endif ((func_args*)args)->return_code = TEST_SUCCESS; } if (callbacks->on_result) callbacks->on_result(ssl); wolfSSL_shutdown(ssl); wolfSSL_free(ssl); wolfSSL_CTX_free(ctx); CloseSocket(cfd); #ifdef WOLFSSL_TIRTOS fdCloseSession(Task_self()); #endif #ifndef WOLFSSL_TIRTOS return 0; #endif } static void keyLog_callback(const WOLFSSL* ssl, const char* line ) { AssertNotNull(ssl); AssertNotNull(line); XFILE fp; const byte lf = '\n'; fp = XFOPEN("./MyKeyLog.txt", "a"); XFWRITE( line, 1, strlen(line),fp); XFWRITE( (void*)&lf,1,1,fp); XFCLOSE(fp); } #endif /* OPENSSL_EXTRA && HAVE_SECRET_CALLBACK */ static int test_wolfSSL_CTX_set_keylog_callback(void) { int res = TEST_SKIPPED; #if defined(OPENSSL_EXTRA) && defined(HAVE_SECRET_CALLBACK) && \ !defined(NO_WOLFSSL_CLIENT) SSL_CTX* ctx; AssertNotNull(ctx = SSL_CTX_new(wolfSSLv23_client_method())); SSL_CTX_set_keylog_callback(ctx, keyLog_callback ); SSL_CTX_free(ctx); SSL_CTX_set_keylog_callback(NULL, NULL); res = TEST_RES_CHECK(1); #endif /* OPENSSL_EXTRA && HAVE_SECRET_CALLBACK && !NO_WOLFSSL_CLIENT */ return res; } static int test_wolfSSL_CTX_get_keylog_callback(void) { int res = TEST_SKIPPED; #if defined(OPENSSL_EXTRA) && defined(HAVE_SECRET_CALLBACK) && \ !defined(NO_WOLFSSL_CLIENT) SSL_CTX* ctx; AssertNotNull(ctx = SSL_CTX_new(wolfSSLv23_client_method())); AssertPtrEq(SSL_CTX_get_keylog_callback(ctx),NULL); SSL_CTX_set_keylog_callback(ctx, keyLog_callback ); AssertPtrEq(SSL_CTX_get_keylog_callback(ctx),keyLog_callback); SSL_CTX_set_keylog_callback(ctx, NULL ); AssertPtrEq(SSL_CTX_get_keylog_callback(ctx),NULL); SSL_CTX_free(ctx); res = TEST_RES_CHECK(1); #endif /* OPENSSL_EXTRA && HAVE_SECRET_CALLBACK && !NO_WOLFSSL_CLIENT */ return res; } static int test_wolfSSL_Tls12_Key_Logging_test(void) { int res = TEST_SKIPPED; #if defined(OPENSSL_EXTRA) && defined(HAVE_SECRET_CALLBACK) /* This test is intended for checking whether keylog callback is called * in client during TLS handshake between the client and a server. */ tcp_ready ready; func_args client_args; func_args server_args; THREAD_TYPE serverThread; callback_functions server_cbf; callback_functions client_cbf; SOCKET_T sockfd = 0; WOLFSSL_CTX* ctx; WOLFSSL* ssl; XFILE fp; char msg[64] = "hello wolfssl!"; char reply[1024]; int msgSz = (int)XSTRLEN(msg); #ifdef WOLFSSL_TIRTOS fdOpenSession(Task_self()); #endif InitTcpReady(&ready); ready.port = 22222; XMEMSET(&client_args, 0, sizeof(func_args)); XMEMSET(&server_args, 0, sizeof(func_args)); XMEMSET(&server_cbf, 0, sizeof(callback_functions)); XMEMSET(&client_cbf, 0, sizeof(callback_functions)); server_cbf.method = wolfTLSv1_2_server_method; server_args.callbacks = &server_cbf; server_args.signal = &ready; /* clean up keylog file */ fp = XFOPEN("./MyKeyLog.txt", "w"); XFCLOSE(fp); /* start server task */ start_thread(server_task, &server_args, &serverThread); wait_tcp_ready(&server_args); /* run as a TLS1.2 client */ AssertNotNull(ctx = wolfSSL_CTX_new(wolfTLSv1_2_client_method())); AssertIntEQ(WOLFSSL_SUCCESS, wolfSSL_CTX_load_verify_locations(ctx, caCertFile, 0)); AssertIntEQ(WOLFSSL_SUCCESS, wolfSSL_CTX_use_certificate_file(ctx, cliCertFile, SSL_FILETYPE_PEM)); AssertIntEQ(WOLFSSL_SUCCESS, wolfSSL_CTX_use_PrivateKey_file(ctx, cliKeyFile, SSL_FILETYPE_PEM)); tcp_connect(&sockfd, wolfSSLIP, server_args.signal->port, 0, 0, NULL); /* set keylog callback */ wolfSSL_CTX_set_keylog_callback(ctx,keyLog_callback); /* get connected the server task */ AssertNotNull(ssl = wolfSSL_new(ctx)); AssertIntEQ(wolfSSL_set_fd(ssl, sockfd), WOLFSSL_SUCCESS); AssertIntEQ(wolfSSL_connect(ssl), WOLFSSL_SUCCESS); AssertIntEQ(wolfSSL_write(ssl, msg, msgSz), msgSz); AssertIntGT(wolfSSL_read(ssl, reply, sizeof(reply)), 0); wolfSSL_shutdown(ssl); wolfSSL_free(ssl); wolfSSL_CTX_free(ctx); CloseSocket(sockfd); join_thread(serverThread); FreeTcpReady(&ready); #ifdef WOLFSSL_TIRTOS fdOpenSession(Task_self()); #endif /* check if the keylog file exists */ char buff[300] = {0}; int found = 0; fp = XFOPEN("./MyKeyLog.txt", "r"); AssertNotNull(fp); while (XFGETS( buff, (int)sizeof(buff),fp) != NULL ) { if (0 == strncmp(buff,"CLIENT_RANDOM ", sizeof("CLIENT_RANDOM ")-1)) { found = 1; break; } } XFCLOSE(fp); /* a log starting with "CLIENT_RANDOM " should exit in the file */ AssertNotNull( found ); res = TEST_RES_CHECK(1); #endif /* OPENSSL_EXTRA && HAVE_SECRET_CALLBACK */ return res; } static int test_wolfSSL_Tls13_Key_Logging_test(void) { int res = TEST_SKIPPED; #if defined(WOLFSSL_TLS13) && defined(OPENSSL_EXTRA) && \ defined(HAVE_SECRET_CALLBACK) /* This test is intended for checking whether keylog callback is called * in client during TLS handshake between the client and a server. */ tcp_ready ready; func_args client_args; func_args server_args; THREAD_TYPE serverThread; callback_functions server_cbf; callback_functions client_cbf; SOCKET_T sockfd = 0; WOLFSSL_CTX* ctx; WOLFSSL* ssl; XFILE fp; char msg[64] = "hello wolfssl!"; char reply[1024]; int msgSz = (int)XSTRLEN(msg); #ifdef WOLFSSL_TIRTOS fdOpenSession(Task_self()); #endif InitTcpReady(&ready); ready.port = 22222; XMEMSET(&client_args, 0, sizeof(func_args)); XMEMSET(&server_args, 0, sizeof(func_args)); XMEMSET(&server_cbf, 0, sizeof(callback_functions)); XMEMSET(&client_cbf, 0, sizeof(callback_functions)); server_cbf.method = wolfTLSv1_3_server_method; /* TLS1.3 */ server_args.callbacks = &server_cbf; server_args.signal = &ready; /* clean up keylog file */ fp = XFOPEN("./MyKeyLog.txt", "w"); XFCLOSE(fp); /* start server task */ start_thread(server_task, &server_args, &serverThread); wait_tcp_ready(&server_args); /* run as a TLS1.3 client */ AssertNotNull(ctx = wolfSSL_CTX_new(wolfTLSv1_3_client_method())); AssertIntEQ(WOLFSSL_SUCCESS, wolfSSL_CTX_load_verify_locations(ctx, caCertFile, 0)); AssertIntEQ(WOLFSSL_SUCCESS, wolfSSL_CTX_use_certificate_file(ctx, cliCertFile, SSL_FILETYPE_PEM)); AssertIntEQ(WOLFSSL_SUCCESS, wolfSSL_CTX_use_PrivateKey_file(ctx, cliKeyFile, SSL_FILETYPE_PEM)); tcp_connect(&sockfd, wolfSSLIP, server_args.signal->port, 0, 0, NULL); /* set keylog callback */ wolfSSL_CTX_set_keylog_callback(ctx,keyLog_callback); /* get connected the server task */ AssertNotNull(ssl = wolfSSL_new(ctx)); AssertIntEQ(wolfSSL_set_fd(ssl, sockfd), WOLFSSL_SUCCESS); AssertIntEQ(wolfSSL_connect(ssl), WOLFSSL_SUCCESS); AssertIntEQ(wolfSSL_write(ssl, msg, msgSz), msgSz); AssertIntGT(wolfSSL_read(ssl, reply, sizeof(reply)), 0); wolfSSL_free(ssl); wolfSSL_CTX_free(ctx); join_thread(serverThread); FreeTcpReady(&ready); #ifdef WOLFSSL_TIRTOS fdOpenSession(Task_self()); #endif /* check if the keylog file exists */ { char buff[300] = {0}; int found[4] = {0}; int numfnd = 0; int i; fp = XFOPEN("./MyKeyLog.txt", "r"); AssertNotNull(fp); while (XFGETS( buff, (int)sizeof(buff),fp) != NULL ) { if (0 == strncmp(buff,"CLIENT_HANDSHAKE_TRAFFIC_SECRET ", sizeof("CLIENT_HANDSHAKE_TRAFFIC_SECRET ")-1)) { found[0] = 1; continue; } else if (0 == strncmp(buff,"SERVER_HANDSHAKE_TRAFFIC_SECRET ", sizeof("SERVER_HANDSHAKE_TRAFFIC_SECRET ")-1)) { found[1] = 1; continue; } else if (0 == strncmp(buff,"CLIENT_TRAFFIC_SECRET_0 ", sizeof("CLIENT_TRAFFIC_SECRET_0 ")-1)) { found[2] = 1; continue; } else if (0 == strncmp(buff,"SERVER_TRAFFIC_SECRET_0 ", sizeof("SERVER_TRAFFIC_SECRET_0 ")-1)) { found[3] = 1; continue; } } XFCLOSE(fp); for (i = 0; i < 4; i++) { if (found[i] != 0) numfnd++; } AssertIntEQ(numfnd, 4); } res = TEST_RES_CHECK(1); #endif /* OPENSSL_EXTRA && HAVE_SECRET_CALLBACK && WOLFSSL_TLS13 */ return res; } #if defined(WOLFSSL_TLS13) && defined(HAVE_ECH) static int test_wolfSSL_Tls13_ECH_params(void) { #if !defined(NO_WOLFSSL_CLIENT) word32 outputLen = 0; byte testBuf[72]; WOLFSSL_CTX *ctx = wolfSSL_CTX_new(wolfTLSv1_3_client_method()); WOLFSSL *ssl = wolfSSL_new(ctx); AssertNotNull(ctx); AssertNotNull(ssl); /* invalid ctx */ AssertIntNE(WOLFSSL_SUCCESS, wolfSSL_CTX_GenerateEchConfig(NULL, "ech-public-name.com", 0, 0, 0)); /* invalid public name */ AssertIntNE(WOLFSSL_SUCCESS, wolfSSL_CTX_GenerateEchConfig(ctx, NULL, 0, 0, 0)); /* invalid algorithms */ AssertIntNE(WOLFSSL_SUCCESS, wolfSSL_CTX_GenerateEchConfig(ctx, "ech-public-name.com", 1000, 1000, 1000)); /* invalid ctx */ AssertIntNE(WOLFSSL_SUCCESS, wolfSSL_CTX_GetEchConfigs(NULL, NULL, &outputLen)); /* invalid output len */ AssertIntNE(WOLFSSL_SUCCESS, wolfSSL_CTX_GetEchConfigs(ctx, NULL, NULL)); /* invalid ssl */ AssertIntNE(WOLFSSL_SUCCESS, wolfSSL_SetEchConfigsBase64(NULL, (char*)testBuf, sizeof(testBuf))); /* invalid configs64 */ AssertIntNE(WOLFSSL_SUCCESS, wolfSSL_SetEchConfigsBase64(ssl, NULL, sizeof(testBuf))); /* invalid size */ AssertIntNE(WOLFSSL_SUCCESS, wolfSSL_SetEchConfigsBase64(ssl, (char*)testBuf, 0)); /* invalid ssl */ AssertIntNE(WOLFSSL_SUCCESS, wolfSSL_SetEchConfigs(NULL, testBuf, sizeof(testBuf))); /* invalid configs */ AssertIntNE(WOLFSSL_SUCCESS, wolfSSL_SetEchConfigs(ssl, NULL, sizeof(testBuf))); /* invalid size */ AssertIntNE(WOLFSSL_SUCCESS, wolfSSL_SetEchConfigs(ssl, testBuf, 0)); /* invalid ssl */ AssertIntNE(WOLFSSL_SUCCESS, wolfSSL_GetEchConfigs(NULL, NULL, &outputLen)); /* invalid size */ AssertIntNE(WOLFSSL_SUCCESS, wolfSSL_GetEchConfigs(ssl, NULL, NULL)); wolfSSL_free(ssl); wolfSSL_CTX_free(ctx); #endif /* !NO_WOLFSSL_CLIENT */ return TEST_SUCCESS; } static int test_wolfSSL_Tls13_ECH(void) { tcp_ready ready; func_args client_args; func_args server_args; THREAD_TYPE serverThread; callback_functions server_cbf; callback_functions client_cbf; SOCKET_T sockfd = 0; WOLFSSL_CTX* ctx; WOLFSSL* ssl; const char* publicName = "ech-public-name.com"; const char* privateName = "ech-private-name.com"; int privateNameLen = 20; char reply[1024]; int replyLen = 0; byte rawEchConfig[128]; word32 rawEchConfigLen = sizeof(rawEchConfig); InitTcpReady(&ready); ready.port = 22222; XMEMSET(&client_args, 0, sizeof(func_args)); XMEMSET(&server_args, 0, sizeof(func_args)); XMEMSET(&server_cbf, 0, sizeof(callback_functions)); XMEMSET(&client_cbf, 0, sizeof(callback_functions)); server_cbf.method = wolfTLSv1_3_server_method; /* TLS1.3 */ /* create the server context here so we can get the ech config */ AssertNotNull(server_cbf.ctx = wolfSSL_CTX_new(wolfTLSv1_3_server_method())); /* generate ech config */ AssertIntEQ(WOLFSSL_SUCCESS, wolfSSL_CTX_GenerateEchConfig(server_cbf.ctx, publicName, 0, 0, 0)); /* get the config for the client to use */ AssertIntEQ(WOLFSSL_SUCCESS, wolfSSL_CTX_GetEchConfigs(server_cbf.ctx, rawEchConfig, &rawEchConfigLen)); server_args.callbacks = &server_cbf; server_args.signal = &ready; /* start server task */ start_thread(server_task_ech, &server_args, &serverThread); wait_tcp_ready(&server_args); /* run as a TLS1.3 client */ AssertNotNull(ctx = wolfSSL_CTX_new(wolfTLSv1_3_client_method())); AssertIntEQ(WOLFSSL_SUCCESS, wolfSSL_CTX_load_verify_locations(ctx, caCertFile, 0)); AssertIntEQ(WOLFSSL_SUCCESS, wolfSSL_CTX_use_certificate_file(ctx, cliCertFile, SSL_FILETYPE_PEM)); AssertIntEQ(WOLFSSL_SUCCESS, wolfSSL_CTX_use_PrivateKey_file(ctx, cliKeyFile, SSL_FILETYPE_PEM)); tcp_connect(&sockfd, wolfSSLIP, server_args.signal->port, 0, 0, NULL); /* get connected the server task */ AssertNotNull(ssl = wolfSSL_new(ctx)); /* set the ech configs for the client */ AssertIntEQ(WOLFSSL_SUCCESS, wolfSSL_SetEchConfigs(ssl, rawEchConfig, rawEchConfigLen)); /* set the sni for the client */ AssertIntEQ(WOLFSSL_SUCCESS, wolfSSL_UseSNI(ssl, WOLFSSL_SNI_HOST_NAME, privateName, privateNameLen)); AssertIntEQ(wolfSSL_set_fd(ssl, sockfd), WOLFSSL_SUCCESS); AssertIntEQ(wolfSSL_connect(ssl), WOLFSSL_SUCCESS); AssertIntEQ(wolfSSL_write(ssl, privateName, privateNameLen), privateNameLen); AssertIntGT((replyLen = wolfSSL_read(ssl, reply, sizeof(reply))), 0); /* add th null terminator for string compare */ reply[replyLen] = 0; /* check that the server replied with the private name */ AssertStrEQ(privateName, reply); wolfSSL_free(ssl); wolfSSL_CTX_free(ctx); join_thread(serverThread); FreeTcpReady(&ready); return TEST_SUCCESS; } #endif /* HAVE_ECH && WOLFSSL_TLS13 */ #if defined(HAVE_IO_TESTS_DEPENDENCIES) && \ defined(OPENSSL_EXTRA) && !defined(NO_CERTS) && \ defined(WOLFSSL_TLS13) && defined(WOLFSSL_POST_HANDSHAKE_AUTH) static void post_auth_version_cb(WOLFSSL* ssl) { /* do handshake and then test version error */ AssertIntEQ(wolfSSL_accept(ssl), WOLFSSL_SUCCESS); AssertStrEQ("TLSv1.2", wolfSSL_get_version(ssl)); } static void post_auth_version_client_cb(WOLFSSL* ssl) { /* do handshake and then test version error */ AssertIntEQ(wolfSSL_connect(ssl), WOLFSSL_SUCCESS); AssertStrEQ("TLSv1.2", wolfSSL_get_version(ssl)); AssertIntEQ(wolfSSL_verify_client_post_handshake(ssl), WOLFSSL_FAILURE); #if defined(OPENSSL_ALL) && !defined(NO_ERROR_QUEUE) /* check was added to error queue */ AssertIntEQ(wolfSSL_ERR_get_error(), -UNSUPPORTED_PROTO_VERSION); /* check the string matches expected string */ AssertStrEQ(wolfSSL_ERR_error_string(-UNSUPPORTED_PROTO_VERSION, NULL), "WRONG_SSL_VERSION"); #endif } static void post_auth_cb(WOLFSSL* ssl) { WOLFSSL_X509* x509; /* do handshake and then test version error */ AssertIntEQ(wolfSSL_accept(ssl), WOLFSSL_SUCCESS); AssertStrEQ("TLSv1.3", wolfSSL_get_version(ssl)); AssertNull(x509 = wolfSSL_get_peer_certificate(ssl)); wolfSSL_X509_free(x509); AssertIntEQ(wolfSSL_verify_client_post_handshake(ssl), WOLFSSL_SUCCESS); } static void set_post_auth_cb(WOLFSSL* ssl) { if (!wolfSSL_is_server(ssl)) { AssertIntEQ(wolfSSL_allow_post_handshake_auth(ssl), 0); } else { wolfSSL_set_verify(ssl, WOLFSSL_VERIFY_POST_HANDSHAKE, NULL); } } #endif static int test_wolfSSL_Tls13_postauth(void) { int res = TEST_SKIPPED; #if defined(HAVE_IO_TESTS_DEPENDENCIES) && \ defined(OPENSSL_EXTRA) && !defined(NO_CERTS) && \ defined(WOLFSSL_TLS13) && defined(WOLFSSL_POST_HANDSHAKE_AUTH) tcp_ready ready; func_args client_args; func_args server_args; callback_functions server_cbf; callback_functions client_cbf; THREAD_TYPE serverThread; XMEMSET(&client_args, 0, sizeof(func_args)); XMEMSET(&server_args, 0, sizeof(func_args)); StartTCP(); InitTcpReady(&ready); #if defined(USE_WINDOWS_API) /* use RNG to get random port if using windows */ ready.port = GetRandomPort(); #endif server_args.signal = &ready; client_args.signal = &ready; /* test version failure doing post auth with TLS 1.2 connection */ XMEMSET(&server_cbf, 0, sizeof(callback_functions)); XMEMSET(&client_cbf, 0, sizeof(callback_functions)); server_cbf.method = wolfTLSv1_2_server_method; server_cbf.ssl_ready = set_post_auth_cb; server_cbf.on_result = post_auth_version_cb; client_cbf.ssl_ready = set_post_auth_cb; client_cbf.on_result = post_auth_version_client_cb; server_args.callbacks = &server_cbf; client_args.callbacks = &client_cbf; start_thread(test_server_nofail, &server_args, &serverThread); wait_tcp_ready(&server_args); test_client_nofail(&client_args, NULL); join_thread(serverThread); /* tests on post auth with TLS 1.3 */ XMEMSET(&server_cbf, 0, sizeof(callback_functions)); XMEMSET(&client_cbf, 0, sizeof(callback_functions)); server_cbf.method = wolfTLSv1_3_server_method; server_cbf.ssl_ready = set_post_auth_cb; client_cbf.ssl_ready = set_post_auth_cb; server_cbf.on_result = post_auth_cb; client_cbf.on_result = NULL; server_args.callbacks = &server_cbf; client_args.callbacks = &client_cbf; start_thread(test_server_nofail, &server_args, &serverThread); wait_tcp_ready(&server_args); test_client_nofail(&client_args, NULL); join_thread(serverThread); FreeTcpReady(&ready); res = TEST_RES_CHECK(1); #endif return res; } static int test_wolfSSL_X509_NID(void) { int res = TEST_SKIPPED; #if (defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL)) && \ !defined(NO_RSA) && defined(USE_CERT_BUFFERS_2048) && !defined(NO_ASN) int sigType; int nameSz; X509* cert; EVP_PKEY* pubKeyTmp; X509_NAME* name; char commonName[80]; char countryName[80]; char localityName[80]; char stateName[80]; char orgName[80]; char orgUnit[80]; /* ------ PARSE ORIGINAL SELF-SIGNED CERTIFICATE ------ */ /* convert cert from DER to internal WOLFSSL_X509 struct */ AssertNotNull(cert = wolfSSL_X509_d2i(&cert, client_cert_der_2048, sizeof_client_cert_der_2048)); /* ------ EXTRACT CERTIFICATE ELEMENTS ------ */ /* extract PUBLIC KEY from cert */ AssertNotNull(pubKeyTmp = X509_get_pubkey(cert)); /* extract signatureType */ AssertIntNE((sigType = wolfSSL_X509_get_signature_type(cert)), 0); /* extract subjectName info */ AssertNotNull(name = X509_get_subject_name(cert)); AssertIntEQ(X509_NAME_get_text_by_NID(name, -1, NULL, 0), -1); AssertIntGT((nameSz = X509_NAME_get_text_by_NID(name, NID_commonName, NULL, 0)), 0); AssertIntEQ(nameSz, 15); AssertIntGT((nameSz = X509_NAME_get_text_by_NID(name, NID_commonName, commonName, sizeof(commonName))), 0); AssertIntEQ(nameSz, 15); AssertIntEQ(XMEMCMP(commonName, "www.wolfssl.com", nameSz), 0); AssertIntGT((nameSz = X509_NAME_get_text_by_NID(name, NID_commonName, commonName, 9)), 0); AssertIntEQ(nameSz, 8); AssertIntEQ(XMEMCMP(commonName, "www.wolf", nameSz), 0); AssertIntGT((nameSz = X509_NAME_get_text_by_NID(name, NID_countryName, countryName, sizeof(countryName))), 0); AssertIntEQ(XMEMCMP(countryName, "US", nameSz), 0); AssertIntGT((nameSz = X509_NAME_get_text_by_NID(name, NID_localityName, localityName, sizeof(localityName))), 0); AssertIntEQ(XMEMCMP(localityName, "Bozeman", nameSz), 0); AssertIntGT((nameSz = X509_NAME_get_text_by_NID(name, NID_stateOrProvinceName, stateName, sizeof(stateName))), 0); AssertIntEQ(XMEMCMP(stateName, "Montana", nameSz), 0); AssertIntGT((nameSz = X509_NAME_get_text_by_NID(name, NID_organizationName, orgName, sizeof(orgName))), 0); AssertIntEQ(XMEMCMP(orgName, "wolfSSL_2048", nameSz), 0); AssertIntGT((nameSz = X509_NAME_get_text_by_NID(name, NID_organizationalUnitName, orgUnit, sizeof(orgUnit))), 0); AssertIntEQ(XMEMCMP(orgUnit, "Programming-2048", nameSz), 0); EVP_PKEY_free(pubKeyTmp); X509_free(cert); res = TEST_RES_CHECK(1); #endif return res; } static int test_wolfSSL_CTX_set_srp_username(void) { int res = TEST_SKIPPED; #if defined(OPENSSL_EXTRA) && defined(WOLFCRYPT_HAVE_SRP) \ && !defined(NO_SHA256) && !defined(WC_NO_RNG) && !defined(NO_WOLFSSL_CLIENT) WOLFSSL_CTX* ctx; WOLFSSL* ssl; const char *username = "TESTUSER"; const char *password = "TESTPASSWORD"; int r; ctx = wolfSSL_CTX_new(wolfSSLv23_client_method()); AssertNotNull(ctx); r = wolfSSL_CTX_set_srp_username(ctx, (char *)username); AssertIntEQ(r,SSL_SUCCESS); wolfSSL_CTX_free(ctx); ctx = wolfSSL_CTX_new(wolfSSLv23_client_method()); AssertNotNull(ctx); r = wolfSSL_CTX_set_srp_password(ctx, (char *)password); AssertIntEQ(r,SSL_SUCCESS); r = wolfSSL_CTX_set_srp_username(ctx, (char *)username); AssertIntEQ(r,SSL_SUCCESS); AssertNotNull(ssl = SSL_new(ctx)); AssertNotNull(SSL_get_srp_username(ssl)); AssertStrEQ(SSL_get_srp_username(ssl), username); wolfSSL_free(ssl); wolfSSL_CTX_free(ctx); res = TEST_RES_CHECK(1); #endif /* OPENSSL_EXTRA && WOLFCRYPT_HAVE_SRP */ /* && !NO_SHA256 && !WC_NO_RNG && !NO_WOLFSSL_CLIENT */ return res; } static int test_wolfSSL_CTX_set_srp_password(void) { int res = TEST_SKIPPED; #if defined(OPENSSL_EXTRA) && defined(WOLFCRYPT_HAVE_SRP) \ && !defined(NO_SHA256) && !defined(WC_NO_RNG) && !defined(NO_WOLFSSL_CLIENT) WOLFSSL_CTX* ctx; const char *username = "TESTUSER"; const char *password = "TESTPASSWORD"; int r; ctx = wolfSSL_CTX_new(wolfSSLv23_client_method()); AssertNotNull(ctx); r = wolfSSL_CTX_set_srp_password(ctx, (char *)password); AssertIntEQ(r,SSL_SUCCESS); wolfSSL_CTX_free(ctx); ctx = wolfSSL_CTX_new(wolfSSLv23_client_method()); AssertNotNull(ctx); r = wolfSSL_CTX_set_srp_username(ctx, (char *)username); AssertIntEQ(r,SSL_SUCCESS); r = wolfSSL_CTX_set_srp_password(ctx, (char *)password); AssertIntEQ(r,SSL_SUCCESS); wolfSSL_CTX_free(ctx); res = TEST_RES_CHECK(1); #endif /* OPENSSL_EXTRA && WOLFCRYPT_HAVE_SRP */ /* && !NO_SHA256 && !WC_NO_RNG && !NO_WOLFSSL_CLIENT */ return res; } static int test_wolfSSL_X509_STORE(void) { int res = TEST_SKIPPED; #if defined(OPENSSL_EXTRA) && !defined(NO_RSA) X509_STORE *store; #ifdef HAVE_CRL X509_STORE_CTX *storeCtx; X509_CRL *crl; X509 *ca, *cert; const char crlPem[] = "./certs/crl/crl.revoked"; const char srvCert[] = "./certs/server-revoked-cert.pem"; const char caCert[] = "./certs/ca-cert.pem"; XFILE fp; AssertNotNull(store = (X509_STORE *)X509_STORE_new()); AssertNotNull((ca = wolfSSL_X509_load_certificate_file(caCert, SSL_FILETYPE_PEM))); AssertIntEQ(X509_STORE_add_cert(store, ca), SSL_SUCCESS); AssertNotNull((cert = wolfSSL_X509_load_certificate_file(srvCert, SSL_FILETYPE_PEM))); AssertNotNull((storeCtx = X509_STORE_CTX_new())); AssertIntEQ(X509_STORE_CTX_init(storeCtx, store, cert, NULL), SSL_SUCCESS); AssertIntEQ(X509_verify_cert(storeCtx), SSL_SUCCESS); X509_STORE_free(store); X509_STORE_CTX_free(storeCtx); X509_free(cert); X509_free(ca); /* should fail to verify now after adding in CRL */ AssertNotNull(store = (X509_STORE *)X509_STORE_new()); AssertNotNull((ca = wolfSSL_X509_load_certificate_file(caCert, SSL_FILETYPE_PEM))); AssertIntEQ(X509_STORE_add_cert(store, ca), SSL_SUCCESS); fp = XFOPEN(crlPem, "rb"); AssertTrue((fp != XBADFILE)); AssertNotNull(crl = (X509_CRL *)PEM_read_X509_CRL(fp, (X509_CRL **)NULL, NULL, NULL)); XFCLOSE(fp); AssertIntEQ(X509_STORE_add_crl(store, crl), SSL_SUCCESS); AssertIntEQ(X509_STORE_set_flags(store, X509_V_FLAG_CRL_CHECK),SSL_SUCCESS); AssertNotNull((storeCtx = X509_STORE_CTX_new())); AssertNotNull((cert = wolfSSL_X509_load_certificate_file(srvCert, SSL_FILETYPE_PEM))); AssertIntEQ(X509_STORE_CTX_init(storeCtx, store, cert, NULL), SSL_SUCCESS); AssertIntNE(X509_verify_cert(storeCtx), SSL_SUCCESS); AssertIntEQ(X509_STORE_CTX_get_error(storeCtx), CRL_CERT_REVOKED); X509_CRL_free(crl); X509_STORE_free(store); X509_STORE_CTX_free(storeCtx); X509_free(cert); X509_free(ca); #endif /* HAVE_CRL */ #ifndef WOLFCRYPT_ONLY { #if !defined(NO_WOLFSSL_CLIENT) || !defined(NO_WOLFSSL_SERVER) SSL_CTX* ctx; SSL* ssl; int i; for (i = 0; i < 2; i++) { #ifndef NO_WOLFSSL_SERVER AssertNotNull(ctx = SSL_CTX_new(wolfSSLv23_server_method())); #else AssertNotNull(ctx = SSL_CTX_new(wolfSSLv23_client_method())); #endif AssertNotNull(store = (X509_STORE *)X509_STORE_new()); SSL_CTX_set_cert_store(ctx, store); AssertNotNull(store = (X509_STORE *)X509_STORE_new()); SSL_CTX_set_cert_store(ctx, store); AssertNotNull(store = (X509_STORE *)X509_STORE_new()); AssertIntEQ(SSL_CTX_use_certificate_file(ctx, svrCertFile, SSL_FILETYPE_PEM), SSL_SUCCESS); AssertIntEQ(SSL_CTX_use_PrivateKey_file(ctx, svrKeyFile, SSL_FILETYPE_PEM), SSL_SUCCESS); AssertNotNull(ssl = SSL_new(ctx)); if (i == 0) { AssertIntEQ(SSL_set0_verify_cert_store(ssl, store), SSL_SUCCESS); } else { AssertIntEQ(SSL_set1_verify_cert_store(ssl, store), SSL_SUCCESS); X509_STORE_free(store); } SSL_free(ssl); SSL_CTX_free(ctx); } #endif /* !NO_WOLFSSL_CLIENT || !NO_WOLFSSL_SERVER */ } #endif res = TEST_RES_CHECK(1); #endif return res; } static int test_wolfSSL_X509_STORE_load_locations(void) { int res = TEST_SKIPPED; #if (defined(OPENSSL_ALL) || defined(WOLFSSL_APACHE_HTTPD)) && \ !defined(NO_FILESYSTEM) && !defined(NO_WOLFSSL_DIR) && !defined(NO_RSA) SSL_CTX *ctx; X509_STORE *store; const char ca_file[] = "./certs/ca-cert.pem"; const char client_pem_file[] = "./certs/client-cert.pem"; const char client_der_file[] = "./certs/client-cert.der"; const char ecc_file[] = "./certs/ecc-key.pem"; const char certs_path[] = "./certs/"; const char bad_path[] = "./bad-path/"; #ifdef HAVE_CRL const char crl_path[] = "./certs/crl/"; const char crl_file[] = "./certs/crl/crl.pem"; #endif #ifndef NO_WOLFSSL_SERVER AssertNotNull(ctx = SSL_CTX_new(SSLv23_server_method())); #else AssertNotNull(ctx = SSL_CTX_new(SSLv23_client_method())); #endif AssertNotNull(store = SSL_CTX_get_cert_store(ctx)); AssertIntEQ(wolfSSL_CertManagerLoadCA(store->cm, ca_file, NULL), WOLFSSL_SUCCESS); /* Test bad arguments */ AssertIntEQ(X509_STORE_load_locations(NULL, ca_file, NULL), WOLFSSL_FAILURE); AssertIntEQ(X509_STORE_load_locations(store, NULL, NULL), WOLFSSL_FAILURE); AssertIntEQ(X509_STORE_load_locations(store, client_der_file, NULL), WOLFSSL_FAILURE); AssertIntEQ(X509_STORE_load_locations(store, ecc_file, NULL), WOLFSSL_FAILURE); AssertIntEQ(X509_STORE_load_locations(store, NULL, bad_path), WOLFSSL_FAILURE); #ifdef HAVE_CRL /* Test with CRL */ AssertIntEQ(X509_STORE_load_locations(store, crl_file, NULL), WOLFSSL_SUCCESS); AssertIntEQ(X509_STORE_load_locations(store, NULL, crl_path), WOLFSSL_SUCCESS); #endif /* Test with CA */ AssertIntEQ(X509_STORE_load_locations(store, ca_file, NULL), WOLFSSL_SUCCESS); /* Test with client_cert and certs path */ AssertIntEQ(X509_STORE_load_locations(store, client_pem_file, NULL), WOLFSSL_SUCCESS); AssertIntEQ(X509_STORE_load_locations(store, NULL, certs_path), WOLFSSL_SUCCESS); #if defined(OPENSSL_EXTRA) || defined(DEBUG_WOLFSSL_VERBOSE) /* Clear nodes */ ERR_clear_error(); #endif SSL_CTX_free(ctx); res = TEST_RES_CHECK(1); #endif return res; } static int test_X509_STORE_get0_objects(void) { int res = TEST_SKIPPED; #if defined(OPENSSL_ALL) && !defined(NO_FILESYSTEM) && \ !defined(NO_WOLFSSL_DIR) && !defined(NO_RSA) X509_STORE *store; X509_STORE *store_cpy; SSL_CTX *ctx; X509_OBJECT *obj; STACK_OF(X509_OBJECT) *objs; int i; /* Setup store */ #ifndef NO_WOLFSSL_SERVER AssertNotNull(ctx = SSL_CTX_new(SSLv23_server_method())); #else AssertNotNull(ctx = SSL_CTX_new(SSLv23_client_method())); #endif AssertNotNull(store_cpy = X509_STORE_new()); AssertNotNull(store = SSL_CTX_get_cert_store(ctx)); AssertIntEQ(X509_STORE_load_locations(store, cliCertFile, NULL), WOLFSSL_SUCCESS); AssertIntEQ(X509_STORE_load_locations(store, caCertFile, NULL), WOLFSSL_SUCCESS); AssertIntEQ(X509_STORE_load_locations(store, svrCertFile, NULL), WOLFSSL_SUCCESS); #ifdef HAVE_CRL AssertIntEQ(X509_STORE_load_locations(store, NULL, crlPemDir), WOLFSSL_SUCCESS); #endif /* Store ready */ /* Similar to HaProxy ssl_set_cert_crl_file use case */ AssertNotNull(objs = X509_STORE_get0_objects(store)); #ifdef HAVE_CRL #ifdef WOLFSSL_SIGNER_DER_CERT AssertIntEQ(sk_X509_OBJECT_num(objs), 4); #else AssertIntEQ(sk_X509_OBJECT_num(objs), 1); #endif #else #ifdef WOLFSSL_SIGNER_DER_CERT AssertIntEQ(sk_X509_OBJECT_num(objs), 3); #else AssertIntEQ(sk_X509_OBJECT_num(objs), 0); #endif #endif for (i = 0; i < sk_X509_OBJECT_num(objs); i++) { obj = (X509_OBJECT*)sk_X509_OBJECT_value(objs, i); switch (X509_OBJECT_get_type(obj)) { case X509_LU_X509: AssertNotNull(X509_OBJECT_get0_X509(obj)); AssertIntEQ(X509_STORE_add_cert(store_cpy, X509_OBJECT_get0_X509(obj)), WOLFSSL_SUCCESS); break; case X509_LU_CRL: #ifdef HAVE_CRL AssertNotNull(X509_OBJECT_get0_X509_CRL(obj)); AssertIntEQ(X509_STORE_add_crl(store_cpy, X509_OBJECT_get0_X509_CRL(obj)), WOLFSSL_SUCCESS); break; #endif case X509_LU_NONE: default: Fail(("X509_OBJECT_get_type should return x509 or crl " "(when built with crl support)"), ("Unrecognized X509_OBJECT type or none")); } } X509_STORE_free(store_cpy); SSL_CTX_free(ctx); res = TEST_RES_CHECK(1); #endif return res; } static int test_wolfSSL_BN_CTX(void) { int res = TEST_SKIPPED; #if defined(OPENSSL_EXTRA) && !defined(NO_ASN) && \ !defined(OPENSSL_EXTRA_NO_BN) && !defined(WOLFSSL_SP_MATH) WOLFSSL_BN_CTX* bn_ctx; WOLFSSL_BIGNUM* t; AssertNotNull(bn_ctx = wolfSSL_BN_CTX_new()); /* No implementation. */ BN_CTX_init(NULL); AssertNotNull(t = BN_CTX_get(NULL)); BN_free(t); AssertNotNull(t = BN_CTX_get(bn_ctx)); BN_free(t); #ifndef NO_WOLFSSL_STUB /* No implementation. */ BN_CTX_start(NULL); BN_CTX_start(bn_ctx); #endif BN_CTX_free(NULL); BN_CTX_free(bn_ctx); res = TEST_RES_CHECK(1); #endif /* defined(OPENSSL_EXTRA) && !defined(NO_ASN) */ return res; } static int test_wolfSSL_BN(void) { int res = TEST_SKIPPED; #if defined(OPENSSL_EXTRA) && !defined(NO_ASN) && \ !defined(OPENSSL_EXTRA_NO_BN) && !defined(WOLFSSL_SP_MATH) BIGNUM* a; BIGNUM* b; BIGNUM* c; BIGNUM* d; BIGNUM emptyBN; /* Setup */ XMEMSET(&emptyBN, 0, sizeof(emptyBN)); /* internal not set emptyBN. */ AssertNotNull(a = BN_new()); AssertNotNull(b = BN_new()); AssertNotNull(c = BN_dup(b)); AssertNotNull(d = BN_new()); /* Invalid parameter testing. */ BN_free(NULL); AssertNull(BN_dup(NULL)); AssertNull(BN_dup(&emptyBN)); AssertNull(BN_copy(NULL, NULL)); AssertNull(BN_copy(b, NULL)); AssertNull(BN_copy(NULL, c)); AssertNull(BN_copy(b, &emptyBN)); AssertNull(BN_copy(&emptyBN, c)); BN_clear(NULL); BN_clear(&emptyBN); AssertIntEQ(BN_num_bytes(NULL), 0); AssertIntEQ(BN_num_bytes(&emptyBN), 0); AssertIntEQ(BN_num_bits(NULL), 0); AssertIntEQ(BN_num_bits(&emptyBN), 0); AssertIntEQ(BN_is_negative(NULL), 0); AssertIntEQ(BN_is_negative(&emptyBN), 0); /* END Invalid Parameters */ AssertIntEQ(BN_set_word(a, 3), SSL_SUCCESS); AssertIntEQ(BN_set_word(b, 2), SSL_SUCCESS); AssertIntEQ(BN_set_word(c, 5), SSL_SUCCESS); AssertIntEQ(BN_num_bits(a), 2); AssertIntEQ(BN_num_bytes(a), 1); #if !defined(WOLFSSL_SP_MATH) && (!defined(WOLFSSL_SP_MATH_ALL) || \ defined(WOLFSSL_SP_INT_NEGATIVE)) AssertIntEQ(BN_set_word(a, 1), SSL_SUCCESS); AssertIntEQ(BN_set_word(b, 5), SSL_SUCCESS); AssertIntEQ(BN_is_word(a, (WOLFSSL_BN_ULONG)BN_get_word(a)), SSL_SUCCESS); AssertIntEQ(BN_is_word(a, 3), SSL_FAILURE); AssertIntEQ(BN_sub(c, a, b), SSL_SUCCESS); #if defined(WOLFSSL_KEY_GEN) || defined(HAVE_COMP_KEY) { /* Do additional tests on negative BN conversions. */ char * ret; ASN1_INTEGER * asn1; BIGNUM * tmp; /* Sanity check we have a negative BN. */ AssertIntEQ(BN_is_negative(c), 1); AssertNotNull(ret = BN_bn2dec(c)); AssertIntEQ(XMEMCMP(ret, "-4", sizeof("-4")), 0); XFREE(ret, NULL, DYNAMIC_TYPE_OPENSSL); /* Convert to ASN1_INTEGER and back to BN. */ AssertNotNull(asn1 = BN_to_ASN1_INTEGER(c, NULL)); AssertNotNull(tmp = ASN1_INTEGER_to_BN(asn1, NULL)); /* After converting back BN should be negative and correct. */ AssertIntEQ(BN_is_negative(tmp), 1); AssertNotNull(ret = BN_bn2dec(tmp)); AssertIntEQ(XMEMCMP(ret, "-4", sizeof("-4")), 0); XFREE(ret, NULL, DYNAMIC_TYPE_OPENSSL); ASN1_INTEGER_free(asn1); BN_free(tmp); } #endif AssertIntEQ(BN_get_word(c), 4); #endif AssertIntEQ(BN_set_word(a, 3), 1); AssertIntEQ(BN_set_word(b, 3), 1); AssertIntEQ(BN_set_word(c, 4), 1); /* NULL == NULL, NULL < num, num > NULL */ AssertIntEQ(BN_cmp(NULL, NULL), 0); AssertIntEQ(BN_cmp(&emptyBN, &emptyBN), 0); AssertIntLT(BN_cmp(NULL, b), 0); AssertIntLT(BN_cmp(&emptyBN, b), 0); AssertIntGT(BN_cmp(a, NULL), 0); AssertIntGT(BN_cmp(a, &emptyBN), 0); AssertIntEQ(BN_cmp(a, b), 0); AssertIntLT(BN_cmp(a, c), 0); AssertIntGT(BN_cmp(c, b), 0); AssertIntEQ(BN_print_fp(XBADFILE, NULL), 0); AssertIntEQ(BN_print_fp(XBADFILE, &emptyBN), 0); AssertIntEQ(BN_print_fp(stderr, NULL), 0); AssertIntEQ(BN_print_fp(stderr, &emptyBN), 0); AssertIntEQ(BN_print_fp(XBADFILE, a), 0); AssertIntEQ(BN_print_fp(stderr, a), 1); BN_clear(a); BN_free(a); BN_free(b); BN_free(c); BN_clear_free(d); res = TEST_RES_CHECK(1); #endif /* defined(OPENSSL_EXTRA) && !defined(NO_ASN) */ return res; } static int test_wolfSSL_BN_init(void) { int res = TEST_SKIPPED; #if defined(OPENSSL_EXTRA) && !defined(NO_ASN) && \ !defined(OPENSSL_EXTRA_NO_BN) && !defined(WOLFSSL_SP_MATH) #if !defined(USE_INTEGER_HEAP_MATH) && !defined(HAVE_WOLF_BIGINT) BIGNUM* ap; BIGNUM bv; BIGNUM cv; BIGNUM dv; AssertNotNull(ap = BN_new()); BN_init(NULL); XMEMSET(&bv, 0, sizeof(bv)); AssertNull(BN_dup(&bv)); BN_init(&bv); BN_init(&cv); BN_init(&dv); AssertIntEQ(BN_set_word(ap, 3), SSL_SUCCESS); AssertIntEQ(BN_set_word(&bv, 2), SSL_SUCCESS); AssertIntEQ(BN_set_word(&cv, 5), SSL_SUCCESS); /* a^b mod c = */ AssertIntEQ(BN_mod_exp(&dv, NULL, &bv, &cv, NULL), WOLFSSL_FAILURE); AssertIntEQ(BN_mod_exp(&dv, ap, &bv, &cv, NULL), WOLFSSL_SUCCESS); /* check result 3^2 mod 5 */ AssertIntEQ(BN_get_word(&dv), 4); /* a*b mod c = */ AssertIntEQ(BN_mod_mul(&dv, NULL, &bv, &cv, NULL), SSL_FAILURE); AssertIntEQ(BN_mod_mul(&dv, ap, &bv, &cv, NULL), SSL_SUCCESS); /* check result 3*2 mod 5 */ AssertIntEQ(BN_get_word(&dv), 1); BN_free(ap); res = TEST_RES_CHECK(1); #endif #endif /* defined(OPENSSL_EXTRA) && !defined(NO_ASN) */ return res; } static int test_wolfSSL_BN_enc_dec(void) { int res = TEST_SKIPPED; #if defined(OPENSSL_EXTRA) && !defined(NO_ASN) && !defined(WOLFSSL_SP_MATH) BIGNUM* a; BIGNUM* b; BIGNUM* c = NULL; BIGNUM emptyBN; char* str; const char* emptyStr = ""; const char* numberStr = "12345"; const char* badStr = "g12345"; #if defined(WOLFSSL_KEY_GEN) || defined(HAVE_COMP_KEY) const char* twoStr = "2"; #endif unsigned char binNum[] = { 0x01, 0x02, 0x03, 0x04, 0x05 }; unsigned char outNum[5]; /* Setup */ XMEMSET(&emptyBN, 0, sizeof(emptyBN)); AssertNotNull(a = BN_new()); AssertNotNull(b = BN_new()); AssertIntEQ(BN_set_word(a, 2), 1); /* Invalid parameters */ AssertIntEQ(BN_bn2bin(NULL, NULL), -1); AssertIntEQ(BN_bn2bin(&emptyBN, NULL), -1); AssertIntEQ(BN_bn2bin(NULL, outNum), -1); AssertIntEQ(BN_bn2bin(&emptyBN, outNum), -1); AssertNull(BN_bn2hex(NULL)); AssertNull(BN_bn2hex(&emptyBN)); AssertNull(BN_bn2dec(NULL)); AssertNull(BN_bn2dec(&emptyBN)); AssertNull(BN_bin2bn(NULL, sizeof(binNum), NULL)); AssertNull(BN_bin2bn(NULL, sizeof(binNum), a)); AssertNull(BN_bin2bn(binNum, -1, a)); AssertNull(BN_bin2bn(binNum, -1, NULL)); AssertNull(BN_bin2bn(binNum, sizeof(binNum), &emptyBN)); AssertIntEQ(BN_hex2bn(NULL, NULL), 0); AssertIntEQ(BN_hex2bn(NULL, numberStr), 0); AssertIntEQ(BN_hex2bn(&a, NULL), 0); AssertIntEQ(BN_hex2bn(&a, emptyStr), 0); AssertIntEQ(BN_hex2bn(&a, badStr), 0); AssertIntEQ(BN_hex2bn(&c, badStr), 0); AssertIntEQ(BN_dec2bn(NULL, NULL), 0); AssertIntEQ(BN_dec2bn(NULL, numberStr), 0); AssertIntEQ(BN_dec2bn(&a, NULL), 0); AssertIntEQ(BN_dec2bn(&a, emptyStr), 0); AssertIntEQ(BN_dec2bn(&a, badStr), 0); AssertIntEQ(BN_dec2bn(&c, badStr), 0); AssertIntEQ(BN_set_word(a, 2), 1); AssertIntEQ(BN_bn2bin(a, NULL), 1); AssertIntEQ(BN_bn2bin(a, outNum), 1); AssertNotNull(BN_bin2bn(outNum, 1, b)); AssertIntEQ(BN_cmp(a, b), 0); AssertNotNull(BN_bin2bn(binNum, sizeof(binNum), b)); AssertIntEQ(BN_cmp(a, b), -1); AssertNotNull(str = BN_bn2hex(a)); AssertNotNull(BN_hex2bn(&b, str)); AssertIntEQ(BN_cmp(a, b), 0); AssertNotNull(BN_hex2bn(&b, numberStr)); AssertIntEQ(BN_cmp(a, b), -1); XFREE(str, NULL, DYNAMIC_TYPE_OPENSSL); #if defined(WOLFSSL_KEY_GEN) || defined(HAVE_COMP_KEY) AssertNotNull(str = BN_bn2dec(a)); AssertStrEQ(str, twoStr); XFREE(str, NULL, DYNAMIC_TYPE_OPENSSL); #ifndef NO_RSA AssertNotNull(str = BN_bn2dec(a)); AssertNotNull(BN_dec2bn(&b, str)); AssertIntEQ(BN_cmp(a, b), 0); AssertNotNull(BN_dec2bn(&b, numberStr)); AssertIntEQ(BN_cmp(a, b), -1); XFREE(str, NULL, DYNAMIC_TYPE_OPENSSL); #else /* No implementation - fail with good parameters. */ AssertIntEQ(BN_dec2bn(&a, numberStr), 0); #endif #endif BN_free(b); BN_free(a); res = TEST_RES_CHECK(1); #endif /* defined(OPENSSL_EXTRA) && !defined(NO_ASN) */ return res; } static int test_wolfSSL_BN_word(void) { int res = TEST_SKIPPED; #if defined(OPENSSL_EXTRA) && !defined(NO_ASN) && !defined(WOLFSSL_SP_MATH) BIGNUM* a; BIGNUM* b; BIGNUM* c; BIGNUM av; AssertNotNull(a = BN_new()); AssertNotNull(b = BN_new()); AssertNotNull(c = BN_new()); XMEMSET(&av, 0, sizeof(av)); /* Invalid parameter. */ AssertIntEQ(BN_add_word(NULL, 3), 0); AssertIntEQ(BN_add_word(&av, 3), 0); AssertIntEQ(BN_sub_word(NULL, 3), 0); AssertIntEQ(BN_sub_word(&av, 3), 0); AssertIntEQ(BN_set_word(NULL, 3), 0); AssertIntEQ(BN_set_word(&av, 3), 0); AssertIntEQ(BN_get_word(NULL), 0); AssertIntEQ(BN_get_word(&av), 0); AssertIntEQ(BN_is_word(NULL, 3), 0); AssertIntEQ(BN_is_word(&av, 3), 0); #if defined(WOLFSSL_KEY_GEN) && (!defined(NO_RSA) || !defined(NO_DH) || \ !defined(NO_DSA)) AssertIntEQ(BN_mod_word(NULL, 3), -1); AssertIntEQ(BN_mod_word(&av, 3), -1); #endif AssertIntEQ(BN_one(NULL), 0); AssertIntEQ(BN_one(&av), 0); BN_zero(NULL); BN_zero(&av); AssertIntEQ(BN_is_one(NULL), 0); AssertIntEQ(BN_is_one(&av), 0); AssertIntEQ(BN_is_zero(NULL), 0); AssertIntEQ(BN_is_zero(&av), 0); AssertIntEQ(BN_set_word(a, 3), 1); AssertIntEQ(BN_set_word(b, 2), 1); AssertIntEQ(BN_set_word(c, 5), 1); /* a + 3 = */ AssertIntEQ(BN_add_word(a, 3), 1); /* check result 3 + 3*/ AssertIntEQ(BN_get_word(a), 6); AssertIntEQ(BN_is_word(a, 6), 1); AssertIntEQ(BN_is_word(a, 5), 0); /* set a back to 3 */ AssertIntEQ(BN_set_word(a, 3), 1); /* a - 3 = */ AssertIntEQ(BN_sub_word(a, 3), 1); /* check result 3 - 3*/ AssertIntEQ(BN_get_word(a), 0); AssertIntEQ(BN_one(a), 1); AssertIntEQ(BN_is_word(a, 1), 1); AssertIntEQ(BN_is_word(a, 0), 0); AssertIntEQ(BN_is_one(a), 1); AssertIntEQ(BN_is_zero(a), 0); BN_zero(a); AssertIntEQ(BN_is_word(a, 0), 1); AssertIntEQ(BN_is_word(a, 1), 0); AssertIntEQ(BN_is_zero(a), 1); AssertIntEQ(BN_is_one(a), 0); #if defined(WOLFSSL_KEY_GEN) && (!defined(NO_RSA) || !defined(NO_DH) || \ !defined(NO_DSA)) AssertIntEQ(BN_set_word(a, 5), 1); AssertIntEQ(BN_mod_word(a, 3), 2); AssertIntEQ(BN_mod_word(a, 0), -1); #endif BN_free(c); BN_free(b); BN_free(a); res = TEST_RES_CHECK(1); #endif /* defined(OPENSSL_EXTRA) && !defined(NO_ASN) */ return res; } static int test_wolfSSL_BN_bits(void) { int res = TEST_SKIPPED; #if defined(OPENSSL_EXTRA) && !defined(NO_ASN) && \ !defined(OPENSSL_EXTRA_NO_BN) && !defined(WOLFSSL_SP_MATH) BIGNUM* a; BIGNUM emptyBN; /* Setup */ XMEMSET(&emptyBN, 0, sizeof(emptyBN)); AssertNotNull(a = BN_new()); /* Invalid parameters. */ AssertIntEQ(BN_set_bit(NULL, 1), 0); AssertIntEQ(BN_set_bit(&emptyBN, 1), 0); AssertIntEQ(BN_set_bit(a, -1), 0); AssertIntEQ(BN_clear_bit(NULL, 1), 0); AssertIntEQ(BN_clear_bit(&emptyBN, 1), 0); AssertIntEQ(BN_clear_bit(a, -1), 0); AssertIntEQ(BN_is_bit_set(NULL, 1), 0); AssertIntEQ(BN_is_bit_set(&emptyBN, 1), 0); AssertIntEQ(BN_is_bit_set(a, -1), 0); AssertIntEQ(BN_is_odd(NULL), 0); AssertIntEQ(BN_is_odd(&emptyBN), 0); AssertIntEQ(BN_set_word(a, 0), 1); AssertIntEQ(BN_is_zero(a), 1); AssertIntEQ(BN_set_bit(a, 0x45), 1); AssertIntEQ(BN_is_zero(a), 0); AssertIntEQ(BN_is_bit_set(a, 0x45), 1); AssertIntEQ(BN_clear_bit(a, 0x45), 1); AssertIntEQ(BN_is_bit_set(a, 0x45), 0); AssertIntEQ(BN_is_zero(a), 1); AssertIntEQ(BN_set_bit(a, 0), 1); AssertIntEQ(BN_is_odd(a), 1); AssertIntEQ(BN_clear_bit(a, 0), 1); AssertIntEQ(BN_is_odd(a), 0); AssertIntEQ(BN_set_bit(a, 1), 1); AssertIntEQ(BN_is_odd(a), 0); AssertIntEQ(BN_set_bit(a, 129), 1); AssertIntEQ(BN_get_word(a), WOLFSSL_BN_MAX_VAL); #ifndef NO_WOLFSSL_STUB AssertIntEQ(BN_mask_bits(a, 1), 0); #endif BN_free(a); res = TEST_RES_CHECK(1); #endif return res; } static int test_wolfSSL_BN_shift(void) { int res = TEST_SKIPPED; #if defined(OPENSSL_EXTRA) && !defined(NO_ASN) && \ !defined(OPENSSL_EXTRA_NO_BN) && !defined(WOLFSSL_SP_MATH) BIGNUM* a; BIGNUM* b; BIGNUM emptyBN; /* Setup */ XMEMSET(&emptyBN, 0, sizeof(emptyBN)); AssertNotNull(a = BN_new()); AssertNotNull(b = BN_new()); /* Invalid parameters. */ AssertIntEQ(BN_lshift(NULL, NULL, 1), 0); AssertIntEQ(BN_lshift(&emptyBN, NULL, 1), 0); AssertIntEQ(BN_lshift(NULL, &emptyBN, 1), 0); AssertIntEQ(BN_lshift(b, NULL, 1), 0); AssertIntEQ(BN_lshift(b, &emptyBN, 1), 0); AssertIntEQ(BN_lshift(NULL, a, 1), 0); AssertIntEQ(BN_lshift(&emptyBN, a, 1), 0); AssertIntEQ(BN_lshift(b, a, -1), 0); AssertIntEQ(BN_rshift(NULL, NULL, 1), 0); AssertIntEQ(BN_rshift(&emptyBN, NULL, 1), 0); AssertIntEQ(BN_rshift(NULL, &emptyBN, 1), 0); AssertIntEQ(BN_rshift(b, NULL, 1), 0); AssertIntEQ(BN_rshift(b, &emptyBN, 1), 0); AssertIntEQ(BN_rshift(NULL, a, 1), 0); AssertIntEQ(BN_rshift(&emptyBN, a, 1), 0); AssertIntEQ(BN_rshift(b, a, -1), 0); AssertIntEQ(BN_set_word(a, 1), 1); AssertIntEQ(BN_lshift(b, a, 1), 1); AssertIntEQ(BN_is_word(b, 2), 1); AssertIntEQ(BN_lshift(a, a, 1), 1); AssertIntEQ(BN_is_word(a, 2), 1); AssertIntEQ(BN_rshift(b, a, 1), 1); AssertIntEQ(BN_is_word(b, 1), 1); AssertIntEQ(BN_rshift(a, a, 1), 1); AssertIntEQ(BN_is_word(a, 1), 1); BN_free(b); BN_free(a); res = TEST_RES_CHECK(1); #endif return res; } static int test_wolfSSL_BN_math(void) { int res = TEST_SKIPPED; #if defined(OPENSSL_EXTRA) && !defined(NO_ASN) && \ !defined(OPENSSL_EXTRA_NO_BN) && !defined(WOLFSSL_SP_MATH) BIGNUM* a; BIGNUM* b; BIGNUM* r; BIGNUM* rem; BIGNUM emptyBN; BN_ULONG val1; BN_ULONG val2; /* Setup */ XMEMSET(&emptyBN, 0, sizeof(emptyBN)); AssertNotNull(a = BN_new()); AssertNotNull(b = BN_new()); AssertNotNull(r = BN_new()); AssertNotNull(rem = BN_new()); /* Invalid parameters. */ AssertIntEQ(BN_add(NULL, NULL, NULL), 0); AssertIntEQ(BN_add(r, NULL, NULL), 0); AssertIntEQ(BN_add(NULL, a, NULL), 0); AssertIntEQ(BN_add(NULL, NULL, b), 0); AssertIntEQ(BN_add(r, a, NULL), 0); AssertIntEQ(BN_add(r, NULL, b), 0); AssertIntEQ(BN_add(NULL, a, b), 0); AssertIntEQ(BN_add(&emptyBN, &emptyBN, &emptyBN), 0); AssertIntEQ(BN_add(r, &emptyBN, &emptyBN), 0); AssertIntEQ(BN_add(&emptyBN, a, &emptyBN), 0); AssertIntEQ(BN_add(&emptyBN, &emptyBN, b), 0); AssertIntEQ(BN_add(r, a, &emptyBN), 0); AssertIntEQ(BN_add(r, &emptyBN, b), 0); AssertIntEQ(BN_add(&emptyBN, a, b), 0); AssertIntEQ(BN_sub(NULL, NULL, NULL), 0); AssertIntEQ(BN_sub(r, NULL, NULL), 0); AssertIntEQ(BN_sub(NULL, a, NULL), 0); AssertIntEQ(BN_sub(NULL, NULL, b), 0); AssertIntEQ(BN_sub(r, a, NULL), 0); AssertIntEQ(BN_sub(r, NULL, b), 0); AssertIntEQ(BN_sub(NULL, a, b), 0); AssertIntEQ(BN_sub(&emptyBN, &emptyBN, &emptyBN), 0); AssertIntEQ(BN_sub(r, &emptyBN, &emptyBN), 0); AssertIntEQ(BN_sub(&emptyBN, a, &emptyBN), 0); AssertIntEQ(BN_sub(&emptyBN, &emptyBN, b), 0); AssertIntEQ(BN_sub(r, a, &emptyBN), 0); AssertIntEQ(BN_sub(r, &emptyBN, b), 0); AssertIntEQ(BN_sub(&emptyBN, a, b), 0); AssertIntEQ(BN_mul(NULL, NULL, NULL, NULL), 0); AssertIntEQ(BN_mul(r, NULL, NULL, NULL), 0); AssertIntEQ(BN_mul(NULL, a, NULL, NULL), 0); AssertIntEQ(BN_mul(NULL, NULL, b, NULL), 0); AssertIntEQ(BN_mul(r, a, NULL, NULL), 0); AssertIntEQ(BN_mul(r, NULL, b, NULL), 0); AssertIntEQ(BN_mul(NULL, a, b, NULL), 0); AssertIntEQ(BN_mul(&emptyBN, &emptyBN, &emptyBN, NULL), 0); AssertIntEQ(BN_mul(r, &emptyBN, &emptyBN, NULL), 0); AssertIntEQ(BN_mul(&emptyBN, a, &emptyBN, NULL), 0); AssertIntEQ(BN_mul(&emptyBN, &emptyBN, b, NULL), 0); AssertIntEQ(BN_mul(r, a, &emptyBN, NULL), 0); AssertIntEQ(BN_mul(r, &emptyBN, b, NULL), 0); AssertIntEQ(BN_mul(&emptyBN, a, b, NULL), 0); AssertIntEQ(BN_div(NULL, NULL, NULL, NULL, NULL), 0); AssertIntEQ(BN_div(r, NULL, NULL, NULL, NULL), 0); AssertIntEQ(BN_div(NULL, rem, NULL, NULL, NULL), 0); AssertIntEQ(BN_div(NULL, NULL, a, NULL, NULL), 0); AssertIntEQ(BN_div(NULL, NULL, NULL, b, NULL), 0); AssertIntEQ(BN_div(NULL, rem, a, b, NULL), 0); AssertIntEQ(BN_div(r, NULL, a, b, NULL), 0); AssertIntEQ(BN_div(r, rem, NULL, b, NULL), 0); AssertIntEQ(BN_div(r, rem, a, NULL, NULL), 0); AssertIntEQ(BN_div(&emptyBN, &emptyBN, &emptyBN, &emptyBN, NULL), 0); AssertIntEQ(BN_div(r, &emptyBN, &emptyBN, &emptyBN, NULL), 0); AssertIntEQ(BN_div(&emptyBN, rem, &emptyBN, &emptyBN, NULL), 0); AssertIntEQ(BN_div(&emptyBN, &emptyBN, a, &emptyBN, NULL), 0); AssertIntEQ(BN_div(&emptyBN, &emptyBN, &emptyBN, b, NULL), 0); AssertIntEQ(BN_div(&emptyBN, rem, a, b, NULL), 0); AssertIntEQ(BN_div(r, &emptyBN, a, b, NULL), 0); AssertIntEQ(BN_div(r, rem, &emptyBN, b, NULL), 0); AssertIntEQ(BN_div(r, rem, a, &emptyBN, NULL), 0); AssertIntEQ(BN_mod(NULL, NULL, NULL, NULL), 0); AssertIntEQ(BN_mod(r, NULL, NULL, NULL), 0); AssertIntEQ(BN_mod(NULL, a, NULL, NULL), 0); AssertIntEQ(BN_mod(NULL, NULL, b, NULL), 0); AssertIntEQ(BN_mod(r, a, NULL, NULL), 0); AssertIntEQ(BN_mod(r, NULL, b, NULL), 0); AssertIntEQ(BN_mod(NULL, a, b, NULL), 0); AssertIntEQ(BN_mod(&emptyBN, &emptyBN, &emptyBN, NULL), 0); AssertIntEQ(BN_mod(r, &emptyBN, &emptyBN, NULL), 0); AssertIntEQ(BN_mod(&emptyBN, a, &emptyBN, NULL), 0); AssertIntEQ(BN_mod(&emptyBN, &emptyBN, b, NULL), 0); AssertIntEQ(BN_mod(r, a, &emptyBN, NULL), 0); AssertIntEQ(BN_mod(r, &emptyBN, b, NULL), 0); AssertIntEQ(BN_mod(&emptyBN, a, b, NULL), 0); /* END Invalid parameters. */ val1 = 8; val2 = 3; AssertIntEQ(BN_set_word(a, val1), 1); AssertIntEQ(BN_set_word(b, val2), 1); AssertIntEQ(BN_add(r, a, b), 1); AssertIntEQ(BN_is_word(r, val1 + val2), 1); AssertIntEQ(BN_sub(r, a, b), 1); AssertIntEQ(BN_is_word(r, val1 - val2), 1); AssertIntEQ(BN_mul(r, a, b, NULL), 1); AssertIntEQ(BN_is_word(r, val1 * val2), 1); AssertIntEQ(BN_div(r, rem, a, b, NULL), 1); AssertIntEQ(BN_is_word(r, val1 / val2), 1); AssertIntEQ(BN_is_word(rem, val1 % val2), 1); AssertIntEQ(BN_mod(r, a, b, NULL), 1); AssertIntEQ(BN_is_word(r, val1 % val2), 1); BN_free(rem); BN_free(r); BN_free(b); BN_free(a); res = TEST_RES_CHECK(1); #endif return res; } static int test_wolfSSL_BN_math_mod(void) { int res = TEST_SKIPPED; #if defined(OPENSSL_EXTRA) && !defined(NO_ASN) && \ !defined(OPENSSL_EXTRA_NO_BN) && !defined(WOLFSSL_SP_MATH) BIGNUM* a; BIGNUM* b; BIGNUM* m; BIGNUM* r; BIGNUM* t; BIGNUM emptyBN; BN_ULONG val1; BN_ULONG val2; BN_ULONG val3; /* Setup */ XMEMSET(&emptyBN, 0, sizeof(emptyBN)); AssertNotNull(a = BN_new()); AssertNotNull(b = BN_new()); AssertNotNull(m = BN_new()); AssertNotNull(r = BN_new()); /* Invalid parameters. */ AssertIntEQ(BN_mod_add(NULL, NULL, NULL, NULL, NULL), 0); AssertIntEQ(BN_mod_add(r, NULL, NULL, NULL, NULL), 0); AssertIntEQ(BN_mod_add(NULL, a, NULL, NULL, NULL), 0); AssertIntEQ(BN_mod_add(NULL, NULL, b, NULL, NULL), 0); AssertIntEQ(BN_mod_add(NULL, NULL, NULL, m, NULL), 0); AssertIntEQ(BN_mod_add(NULL, a, b, m, NULL), 0); AssertIntEQ(BN_mod_add(r, NULL, b, m, NULL), 0); AssertIntEQ(BN_mod_add(r, a, NULL, m, NULL), 0); AssertIntEQ(BN_mod_add(r, a, m, NULL, NULL), 0); AssertIntEQ(BN_mod_add(&emptyBN, &emptyBN, &emptyBN, &emptyBN, NULL), 0); AssertIntEQ(BN_mod_add(r, &emptyBN, &emptyBN, &emptyBN, NULL), 0); AssertIntEQ(BN_mod_add(&emptyBN, a, &emptyBN, &emptyBN, NULL), 0); AssertIntEQ(BN_mod_add(&emptyBN, &emptyBN, b, &emptyBN, NULL), 0); AssertIntEQ(BN_mod_add(&emptyBN, &emptyBN, &emptyBN, m, NULL), 0); AssertIntEQ(BN_mod_add(&emptyBN, a, b, m, NULL), 0); AssertIntEQ(BN_mod_add(r, &emptyBN, b, m, NULL), 0); AssertIntEQ(BN_mod_add(r, a, &emptyBN, m, NULL), 0); AssertIntEQ(BN_mod_add(r, a, m, &emptyBN, NULL), 0); AssertIntEQ(BN_mod_mul(NULL, NULL, NULL, NULL, NULL), 0); AssertIntEQ(BN_mod_mul(r, NULL, NULL, NULL, NULL), 0); AssertIntEQ(BN_mod_mul(NULL, a, NULL, NULL, NULL), 0); AssertIntEQ(BN_mod_mul(NULL, NULL, b, NULL, NULL), 0); AssertIntEQ(BN_mod_mul(NULL, NULL, NULL, m, NULL), 0); AssertIntEQ(BN_mod_mul(NULL, a, b, m, NULL), 0); AssertIntEQ(BN_mod_mul(r, NULL, b, m, NULL), 0); AssertIntEQ(BN_mod_mul(r, a, NULL, m, NULL), 0); AssertIntEQ(BN_mod_mul(r, a, m, NULL, NULL), 0); AssertIntEQ(BN_mod_mul(&emptyBN, &emptyBN, &emptyBN, &emptyBN, NULL), 0); AssertIntEQ(BN_mod_mul(r, &emptyBN, &emptyBN, &emptyBN, NULL), 0); AssertIntEQ(BN_mod_mul(&emptyBN, a, &emptyBN, &emptyBN, NULL), 0); AssertIntEQ(BN_mod_mul(&emptyBN, &emptyBN, b, &emptyBN, NULL), 0); AssertIntEQ(BN_mod_mul(&emptyBN, &emptyBN, &emptyBN, m, NULL), 0); AssertIntEQ(BN_mod_mul(&emptyBN, a, b, m, NULL), 0); AssertIntEQ(BN_mod_mul(r, &emptyBN, b, m, NULL), 0); AssertIntEQ(BN_mod_mul(r, a, &emptyBN, m, NULL), 0); AssertIntEQ(BN_mod_mul(r, a, m, &emptyBN, NULL), 0); AssertIntEQ(BN_mod_exp(NULL, NULL, NULL, NULL, NULL), 0); AssertIntEQ(BN_mod_exp(r, NULL, NULL, NULL, NULL), 0); AssertIntEQ(BN_mod_exp(NULL, a, NULL, NULL, NULL), 0); AssertIntEQ(BN_mod_exp(NULL, NULL, b, NULL, NULL), 0); AssertIntEQ(BN_mod_exp(NULL, NULL, NULL, m, NULL), 0); AssertIntEQ(BN_mod_exp(NULL, a, b, m, NULL), 0); AssertIntEQ(BN_mod_exp(r, NULL, b, m, NULL), 0); AssertIntEQ(BN_mod_exp(r, a, NULL, m, NULL), 0); AssertIntEQ(BN_mod_exp(r, a, m, NULL, NULL), 0); AssertIntEQ(BN_mod_exp(&emptyBN, &emptyBN, &emptyBN, &emptyBN, NULL), 0); AssertIntEQ(BN_mod_exp(r, &emptyBN, &emptyBN, &emptyBN, NULL), 0); AssertIntEQ(BN_mod_exp(&emptyBN, a, &emptyBN, &emptyBN, NULL), 0); AssertIntEQ(BN_mod_exp(&emptyBN, &emptyBN, b, &emptyBN, NULL), 0); AssertIntEQ(BN_mod_exp(&emptyBN, &emptyBN, &emptyBN, m, NULL), 0); AssertIntEQ(BN_mod_exp(&emptyBN, a, b, m, NULL), 0); AssertIntEQ(BN_mod_exp(r, &emptyBN, b, m, NULL), 0); AssertIntEQ(BN_mod_exp(r, a, &emptyBN, m, NULL), 0); AssertIntEQ(BN_mod_exp(r, a, m, &emptyBN, NULL), 0); AssertNull(BN_mod_inverse(r, NULL, NULL, NULL)); AssertNull(BN_mod_inverse(r, a, NULL, NULL)); AssertNull(BN_mod_inverse(r, NULL, m, NULL)); AssertNull(BN_mod_inverse(r, NULL, m, NULL)); AssertNull(BN_mod_inverse(r, a, NULL, NULL)); AssertNull(BN_mod_inverse(&emptyBN, &emptyBN, &emptyBN, NULL)); AssertNull(BN_mod_inverse(r, &emptyBN, &emptyBN, NULL)); AssertNull(BN_mod_inverse(&emptyBN, a, &emptyBN, NULL)); AssertNull(BN_mod_inverse(&emptyBN, &emptyBN, m, NULL)); AssertNull(BN_mod_inverse(&emptyBN, a, m, NULL)); AssertNull(BN_mod_inverse(r, &emptyBN, m, NULL)); AssertNull(BN_mod_inverse(r, a, &emptyBN, NULL)); /* END Invalid parameters. */ val1 = 9; val2 = 13; val3 = 5; AssertIntEQ(BN_set_word(a, val1), 1); AssertIntEQ(BN_set_word(b, val2), 1); AssertIntEQ(BN_set_word(m, val3), 1); AssertIntEQ(BN_mod_add(r, a, b, m, NULL), 1); AssertIntEQ(BN_is_word(r, (val1 + val2) % val3), 1); AssertIntEQ(BN_mod_mul(r, a, b, m, NULL), 1); AssertIntEQ(BN_is_word(r, (val1 * val2) % val3), 1); AssertIntEQ(BN_set_word(a, 2), 1); AssertIntEQ(BN_set_word(b, 3), 1); AssertIntEQ(BN_set_word(m, 5), 1); /* (2 ^ 3) % 5 = 8 % 5 = 3 */ AssertIntEQ(BN_mod_exp(r, a, b, m, NULL), 1); AssertIntEQ(BN_is_word(r, 3), 1); /* (2 * 3) % 5 = 6 % 5 = 1 => inv = 3 */ AssertNotNull(BN_mod_inverse(r, a, m, NULL)); AssertIntEQ(BN_is_word(r, 3), 1); AssertNotNull(t = BN_mod_inverse(NULL, a, m, NULL)); AssertIntEQ(BN_is_word(t, 3), 1); BN_free(t); /* No inverse case. No inverse when a divides b. */ AssertIntEQ(BN_set_word(a, 3), 1); AssertIntEQ(BN_set_word(m, 9), 1); AssertNull(BN_mod_inverse(r, a, m, NULL)); BN_free(r); BN_free(m); BN_free(b); BN_free(a); res = TEST_RES_CHECK(1); #endif return res; } static int test_wolfSSL_BN_math_other(void) { int res = TEST_SKIPPED; #if defined(OPENSSL_EXTRA) && !defined(NO_ASN) && \ !defined(OPENSSL_EXTRA_NO_BN) && !defined(WOLFSSL_SP_MATH) #if !defined(NO_RSA) && defined(WOLFSSL_KEY_GEN) BIGNUM* a; BIGNUM* b; BIGNUM* r; BIGNUM emptyBN; /* Setup */ XMEMSET(&emptyBN, 0, sizeof(emptyBN)); AssertNotNull(a = BN_new()); AssertNotNull(b = BN_new()); AssertNotNull(r = BN_new()); /* Invalid parameters. */ AssertIntEQ(BN_gcd(NULL, NULL, NULL, NULL), 0); AssertIntEQ(BN_gcd(r, NULL, NULL, NULL), 0); AssertIntEQ(BN_gcd(NULL, a, NULL, NULL), 0); AssertIntEQ(BN_gcd(NULL, NULL, b, NULL), 0); AssertIntEQ(BN_gcd(NULL, a, b, NULL), 0); AssertIntEQ(BN_gcd(r, NULL, b, NULL), 0); AssertIntEQ(BN_gcd(r, a, NULL, NULL), 0); AssertIntEQ(BN_gcd(&emptyBN, &emptyBN, &emptyBN, NULL), 0); AssertIntEQ(BN_gcd(r, &emptyBN, &emptyBN, NULL), 0); AssertIntEQ(BN_gcd(&emptyBN, a, &emptyBN, NULL), 0); AssertIntEQ(BN_gcd(&emptyBN, &emptyBN, b, NULL), 0); AssertIntEQ(BN_gcd(&emptyBN, a, b, NULL), 0); AssertIntEQ(BN_gcd(r, &emptyBN, b, NULL), 0); AssertIntEQ(BN_gcd(r, a, &emptyBN, NULL), 0); /* END Invalid parameters. */ /* No comman factors between 2 and 3. */ AssertIntEQ(BN_set_word(a, 2), 1); AssertIntEQ(BN_set_word(b, 3), 1); AssertIntEQ(BN_gcd(r, a, b, NULL), 1); AssertIntEQ(BN_is_word(r, 1), 1); /* 3 is largest value that divides both 6 and 9. */ AssertIntEQ(BN_set_word(a, 6), 1); AssertIntEQ(BN_set_word(b, 9), 1); AssertIntEQ(BN_gcd(r, a, b, NULL), 1); AssertIntEQ(BN_is_word(r, 3), 1); /* GCD of 0 and 0 is undefined. */ AssertIntEQ(BN_set_word(a, 0), 1); AssertIntEQ(BN_set_word(b, 0), 1); AssertIntEQ(BN_gcd(r, a, b, NULL), 0); /* Teardown */ BN_free(r); BN_free(b); BN_free(a); res = TEST_RES_CHECK(1); #endif #endif return res; } static int test_wolfSSL_BN_rand(void) { int res = TEST_SKIPPED; #if defined(OPENSSL_EXTRA) && !defined(OPENSSL_EXTRA_NO_BN) BIGNUM* bn; BIGNUM* range; BIGNUM emptyBN; XMEMSET(&emptyBN, 0, sizeof(emptyBN)); AssertNotNull(bn = BN_new()); AssertNotNull(range = BN_new()); /* Invalid parameters. */ AssertIntEQ(BN_rand(NULL, -1, 0, 0), 0); AssertIntEQ(BN_rand(bn, -1, 0, 0), 0); AssertIntEQ(BN_rand(NULL, 1, 0, 0), 0); AssertIntEQ(BN_rand(&emptyBN, -1, 0, 0), 0); AssertIntEQ(BN_rand(bn, -1, 0, 0), 0); AssertIntEQ(BN_rand(&emptyBN, 1, 0, 0), 0); AssertIntEQ(BN_pseudo_rand(NULL, -1, 0, 0), 0); AssertIntEQ(BN_pseudo_rand(bn, -1, 0, 0), 0); AssertIntEQ(BN_pseudo_rand(NULL, 1, 0, 0), 0); AssertIntEQ(BN_pseudo_rand(&emptyBN, -1, 0, 0), 0); AssertIntEQ(BN_pseudo_rand(bn, -1, 0, 0), 0); AssertIntEQ(BN_pseudo_rand(&emptyBN, 1, 0, 0), 0); AssertIntEQ(BN_rand_range(NULL, NULL), 0); AssertIntEQ(BN_rand_range(bn, NULL), 0); AssertIntEQ(BN_rand_range(NULL, range), 0); AssertIntEQ(BN_rand_range(&emptyBN, &emptyBN), 0); AssertIntEQ(BN_rand_range(bn, &emptyBN), 0); AssertIntEQ(BN_rand_range(&emptyBN, range), 0); /* 0 bit random value must be 0 and so cannot set bit in any position. */ AssertIntEQ(BN_rand(bn, 0, WOLFSSL_BN_RAND_TOP_ONE, WOLFSSL_BN_RAND_BOTTOM_ODD), 0); AssertIntEQ(BN_rand(bn, 0, WOLFSSL_BN_RAND_TOP_TWO, WOLFSSL_BN_RAND_BOTTOM_ODD), 0); AssertIntEQ(BN_rand(bn, 0, WOLFSSL_BN_RAND_TOP_ANY, WOLFSSL_BN_RAND_BOTTOM_ODD), 0); AssertIntEQ(BN_rand(bn, 0, WOLFSSL_BN_RAND_TOP_ONE, WOLFSSL_BN_RAND_BOTTOM_ANY), 0); AssertIntEQ(BN_rand(bn, 0, WOLFSSL_BN_RAND_TOP_TWO, WOLFSSL_BN_RAND_BOTTOM_ANY), 0); AssertIntEQ(BN_pseudo_rand(bn, 0, WOLFSSL_BN_RAND_TOP_ONE, WOLFSSL_BN_RAND_BOTTOM_ODD), 0); AssertIntEQ(BN_pseudo_rand(bn, 0, WOLFSSL_BN_RAND_TOP_TWO, WOLFSSL_BN_RAND_BOTTOM_ODD), 0); AssertIntEQ(BN_pseudo_rand(bn, 0, WOLFSSL_BN_RAND_TOP_ANY, WOLFSSL_BN_RAND_BOTTOM_ODD), 0); AssertIntEQ(BN_pseudo_rand(bn, 0, WOLFSSL_BN_RAND_TOP_ONE, WOLFSSL_BN_RAND_BOTTOM_ANY), 0); AssertIntEQ(BN_pseudo_rand(bn, 0, WOLFSSL_BN_RAND_TOP_TWO, WOLFSSL_BN_RAND_BOTTOM_ANY), 0); /* 1 bit random value must have no more than one top bit set. */ AssertIntEQ(BN_rand(bn, 1, WOLFSSL_BN_RAND_TOP_TWO, WOLFSSL_BN_RAND_BOTTOM_ANY), 0); AssertIntEQ(BN_rand(bn, 1, WOLFSSL_BN_RAND_TOP_TWO, WOLFSSL_BN_RAND_BOTTOM_ODD), 0); AssertIntEQ(BN_pseudo_rand(bn, 1, WOLFSSL_BN_RAND_TOP_TWO, WOLFSSL_BN_RAND_BOTTOM_ANY), 0); AssertIntEQ(BN_pseudo_rand(bn, 1, WOLFSSL_BN_RAND_TOP_TWO, WOLFSSL_BN_RAND_BOTTOM_ODD), 0); /* END Invalid parameters. */ /* 0 bit random: 0. */ AssertIntEQ(BN_rand(bn, 0, WOLFSSL_BN_RAND_TOP_ANY, WOLFSSL_BN_RAND_BOTTOM_ANY), 1); AssertIntEQ(BN_is_zero(bn), 1); AssertIntEQ(BN_set_word(bn, 2), 1); /* Make sure not zero. */ AssertIntEQ(BN_pseudo_rand(bn, 0, WOLFSSL_BN_RAND_TOP_ANY, WOLFSSL_BN_RAND_BOTTOM_ANY), 1); AssertIntEQ(BN_is_zero(bn), 1); /* 1 bit random: 0 or 1. */ AssertIntEQ(BN_rand(bn, 1, WOLFSSL_BN_RAND_TOP_ANY, WOLFSSL_BN_RAND_BOTTOM_ANY), 1); AssertIntLT(BN_get_word(bn), 2); /* Make sure valid range. */ AssertIntEQ(BN_rand(bn, 1, WOLFSSL_BN_RAND_TOP_ONE, WOLFSSL_BN_RAND_BOTTOM_ANY), 1); AssertIntEQ(BN_get_word(bn), 1); AssertIntEQ(BN_rand(bn, 1, WOLFSSL_BN_RAND_TOP_ONE, WOLFSSL_BN_RAND_BOTTOM_ODD), 1); AssertIntEQ(BN_get_word(bn), 1); AssertIntEQ(BN_pseudo_rand(bn, 1, WOLFSSL_BN_RAND_TOP_ANY, WOLFSSL_BN_RAND_BOTTOM_ANY), 1); AssertIntLT(BN_get_word(bn), 2); /* Make sure valid range. */ AssertIntEQ(BN_pseudo_rand(bn, 1, WOLFSSL_BN_RAND_TOP_ONE, WOLFSSL_BN_RAND_BOTTOM_ANY), 1); AssertIntEQ(BN_get_word(bn), 1); AssertIntEQ(BN_pseudo_rand(bn, 1, WOLFSSL_BN_RAND_TOP_ONE, WOLFSSL_BN_RAND_BOTTOM_ODD), 1); AssertIntEQ(BN_get_word(bn), 1); AssertIntEQ(BN_rand(bn, 8, WOLFSSL_BN_RAND_TOP_ONE, WOLFSSL_BN_RAND_BOTTOM_ANY), 1); AssertIntEQ(BN_num_bits(bn), 8); AssertIntEQ(BN_is_bit_set(bn, 7), 1); AssertIntEQ(BN_pseudo_rand(bn, 8, WOLFSSL_BN_RAND_TOP_ONE, WOLFSSL_BN_RAND_BOTTOM_ANY), 1); AssertIntEQ(BN_num_bits(bn), 8); AssertIntEQ(BN_is_bit_set(bn, 7), 1); AssertIntEQ(BN_rand(bn, 8, WOLFSSL_BN_RAND_TOP_TWO, WOLFSSL_BN_RAND_BOTTOM_ANY), 1); AssertIntEQ(BN_is_bit_set(bn, 7), 1); AssertIntEQ(BN_is_bit_set(bn, 6), 1); AssertIntEQ(BN_pseudo_rand(bn, 8, WOLFSSL_BN_RAND_TOP_TWO, WOLFSSL_BN_RAND_BOTTOM_ANY), 1); AssertIntEQ(BN_is_bit_set(bn, 7), 1); AssertIntEQ(BN_is_bit_set(bn, 6), 1); AssertIntEQ(BN_rand(bn, 8, WOLFSSL_BN_RAND_TOP_ONE, WOLFSSL_BN_RAND_BOTTOM_ODD), 1); AssertIntEQ(BN_is_bit_set(bn, 0), 1); AssertIntEQ(BN_pseudo_rand(bn, 8, WOLFSSL_BN_RAND_TOP_ONE, WOLFSSL_BN_RAND_BOTTOM_ODD), 1); AssertIntEQ(BN_is_bit_set(bn, 0), 1); /* Regression test: Older versions of wolfSSL_BN_rand would round the * requested number of bits up to the nearest multiple of 8. E.g. in this * case, requesting a 13-bit random number would actually return a 16-bit * random number. */ AssertIntEQ(BN_rand(bn, 13, WOLFSSL_BN_RAND_TOP_ONE, WOLFSSL_BN_RAND_BOTTOM_ANY), 1); AssertIntEQ(BN_num_bits(bn), 13); AssertIntEQ(BN_rand(range, 64, WOLFSSL_BN_RAND_TOP_ONE, WOLFSSL_BN_RAND_BOTTOM_ANY), 1); AssertIntEQ(BN_rand_range(bn, range), 1); AssertIntEQ(BN_set_word(range, 0), 1); AssertIntEQ(BN_rand_range(bn, range), 1); AssertIntEQ(BN_set_word(range, 1), 1); AssertIntEQ(BN_rand_range(bn, range), 1); BN_free(bn); BN_free(range); res = TEST_RES_CHECK(1); #endif return res; } static int test_wolfSSL_BN_prime(void) { int res = TEST_SKIPPED; #if defined(OPENSSL_EXTRA) && !defined(NO_ASN) && \ !defined(OPENSSL_EXTRA_NO_BN) && !defined(WOLFSSL_SP_MATH) #if defined(WOLFSSL_KEY_GEN) && (!defined(NO_RSA) || !defined(NO_DH) || !defined(NO_DSA)) BIGNUM* a; BIGNUM* add; BIGNUM* rem; BIGNUM emptyBN; XMEMSET(&emptyBN, 0, sizeof(emptyBN)); AssertNotNull(a = BN_new()); AssertNotNull(add = BN_new()); AssertNotNull(rem = BN_new()); /* Invalid parameters. */ /* BN_generate_prime_ex() * prime - must have valid BIGNUM * bits - Greater then 0 * safe - not supported, must be 0 * add - not supported, must be NULL * rem - not supported, must be NULL * cb - anything */ AssertIntEQ(BN_generate_prime_ex(NULL, -1, 1, add, rem, NULL), 0); AssertIntEQ(BN_generate_prime_ex(&emptyBN, -1, 1, add, rem, NULL), 0); AssertIntEQ(BN_generate_prime_ex(a, -1, 1, add, rem, NULL), 0); AssertIntEQ(BN_generate_prime_ex(NULL, 2, 1, add, rem, NULL), 0); AssertIntEQ(BN_generate_prime_ex(&emptyBN, 2, 1, add, rem, NULL), 0); AssertIntEQ(BN_generate_prime_ex(NULL, -1, 0, add, rem, NULL), 0); AssertIntEQ(BN_generate_prime_ex(&emptyBN, -1, 0, add, rem, NULL), 0); AssertIntEQ(BN_generate_prime_ex(NULL, -1, 1, NULL, rem, NULL), 0); AssertIntEQ(BN_generate_prime_ex(&emptyBN, -1, 1, NULL, rem, NULL), 0); AssertIntEQ(BN_generate_prime_ex(NULL, -1, 1, add, NULL, NULL), 0); AssertIntEQ(BN_generate_prime_ex(&emptyBN, -1, 1, add, NULL, NULL), 0); AssertIntEQ(BN_generate_prime_ex(NULL, 2, 0, NULL, NULL, NULL), 0); AssertIntEQ(BN_generate_prime_ex(&emptyBN, 2, 0, NULL, NULL, NULL), 0); AssertIntEQ(BN_generate_prime_ex(a, -1, 0, NULL, NULL, NULL), 0); AssertIntEQ(BN_generate_prime_ex(a, 0, 0, NULL, NULL, NULL), 0); AssertIntEQ(BN_generate_prime_ex(a, 2, 1, NULL, NULL, NULL), 0); AssertIntEQ(BN_generate_prime_ex(a, 2, 0, add, NULL, NULL), 0); AssertIntEQ(BN_generate_prime_ex(a, 2, 0, NULL, rem, NULL), 0); AssertIntEQ(BN_is_prime_ex(NULL, -1, NULL, NULL), -1); AssertIntEQ(BN_is_prime_ex(&emptyBN, -1, NULL, NULL), -1); AssertIntEQ(BN_is_prime_ex(a, -1, NULL, NULL), -1); AssertIntEQ(BN_is_prime_ex(a, 2048, NULL, NULL), -1); AssertIntEQ(BN_is_prime_ex(NULL, 1, NULL, NULL), -1); AssertIntEQ(BN_is_prime_ex(&emptyBN, 1, NULL, NULL), -1); /* END Invalid parameters. */ AssertIntEQ(BN_generate_prime_ex(a, 512, 0, NULL, NULL, NULL), 1); AssertIntEQ(BN_is_prime_ex(a, 8, NULL, NULL), 1); AssertIntEQ(BN_clear_bit(a, 0), 1); AssertIntEQ(BN_is_prime_ex(a, 8, NULL, NULL), 0); BN_free(rem); BN_free(add); BN_free(a); res = TEST_RES_CHECK(1); #endif #endif /* defined(OPENSSL_EXTRA) && !defined(NO_ASN) */ return res; } #if defined(OPENSSL_EXTRA) && !defined(NO_CERTS) && \ !defined(NO_FILESYSTEM) && !defined(NO_RSA) #define TEST_ARG 0x1234 static void msg_cb(int write_p, int version, int content_type, const void *buf, size_t len, SSL *ssl, void *arg) { (void)write_p; (void)version; (void)content_type; (void)buf; (void)len; (void)ssl; AssertTrue(arg == (void*)TEST_ARG); } #endif #if defined(OPENSSL_EXTRA) && !defined(NO_CERTS) && \ !defined(NO_FILESYSTEM) && defined(DEBUG_WOLFSSL) && \ defined(HAVE_IO_TESTS_DEPENDENCIES) && !defined(NO_WOLFSSL_CLIENT) && \ !defined(NO_WOLFSSL_SERVER) #ifndef SINGLE_THREADED #if defined(SESSION_CERTS) #include "wolfssl/internal.h" #endif static int msgCb(SSL_CTX *ctx, SSL *ssl) { #if defined(OPENSSL_ALL) && defined(SESSION_CERTS) && !defined(NO_BIO) STACK_OF(X509)* sk; X509* x509; int i, num; BIO* bio; #endif (void) ctx; fprintf(stderr, "\n===== msgcb called ====\n"); #if defined(SESSION_CERTS) && defined(TEST_PEER_CERT_CHAIN) AssertTrue(SSL_get_peer_cert_chain(ssl) != NULL); AssertIntEQ(((WOLFSSL_X509_CHAIN *)SSL_get_peer_cert_chain(ssl))->count, 2); AssertNotNull(SSL_get0_verified_chain(ssl)); #else (void) ssl; #endif #if defined(OPENSSL_ALL) && defined(SESSION_CERTS) && !defined(NO_BIO) bio = BIO_new(BIO_s_file()); BIO_set_fp(bio, stderr, BIO_NOCLOSE); sk = SSL_get_peer_cert_chain(ssl); AssertNotNull(sk); if (!sk) { BIO_free(bio); return SSL_FAILURE; } num = sk_X509_num(sk); AssertTrue(num > 0); for (i = 0; i < num; i++) { x509 = sk_X509_value(sk,i); AssertNotNull(x509); if (!x509) break; fprintf(stderr, "Certificate at index [%d] = :\n",i); X509_print(bio,x509); fprintf(stderr, "\n\n"); } BIO_free(bio); #endif return SSL_SUCCESS; } #endif #endif static int test_wolfSSL_msgCb(void) { int res = TEST_SKIPPED; #if defined(OPENSSL_EXTRA) && !defined(NO_CERTS) && \ !defined(NO_FILESYSTEM) && defined(DEBUG_WOLFSSL) && \ defined(HAVE_IO_TESTS_DEPENDENCIES) && !defined(NO_WOLFSSL_CLIENT) && \ !defined(NO_WOLFSSL_SERVER) tcp_ready ready; func_args client_args; func_args server_args; #ifndef SINGLE_THREADED THREAD_TYPE serverThread; #endif callback_functions client_cb; callback_functions server_cb; /* create a failed connection and inspect the error */ #ifdef WOLFSSL_TIRTOS fdOpenSession(Task_self()); #endif XMEMSET(&client_args, 0, sizeof(func_args)); XMEMSET(&server_args, 0, sizeof(func_args)); StartTCP(); InitTcpReady(&ready); XMEMSET(&client_cb, 0, sizeof(callback_functions)); XMEMSET(&server_cb, 0, sizeof(callback_functions)); #ifndef WOLFSSL_NO_TLS12 client_cb.method = wolfTLSv1_2_client_method; server_cb.method = wolfTLSv1_2_server_method; #else client_cb.method = wolfTLSv1_3_client_method; server_cb.method = wolfTLSv1_3_server_method; #endif server_args.signal = &ready; server_args.callbacks = &server_cb; client_args.signal = &ready; client_args.callbacks = &client_cb; client_args.return_code = TEST_FAIL; #ifndef SINGLE_THREADED start_thread(test_server_nofail, &server_args, &serverThread); wait_tcp_ready(&server_args); test_client_nofail(&client_args, msgCb); join_thread(serverThread); #endif FreeTcpReady(&ready); #ifndef SINGLE_THREADED AssertTrue(client_args.return_code); AssertTrue(server_args.return_code); #endif #ifdef WOLFSSL_TIRTOS fdOpenSession(Task_self()); #endif res = TEST_RES_CHECK(1); #endif return res; } static int test_wolfSSL_either_side(void) { int res = TEST_SKIPPED; #if (defined(OPENSSL_EXTRA) || defined(WOLFSSL_EITHER_SIDE)) && \ !defined(NO_FILESYSTEM) && defined(HAVE_IO_TESTS_DEPENDENCIES) && \ !defined(NO_WOLFSSL_CLIENT) && !defined(NO_WOLFSSL_SERVER) tcp_ready ready; func_args client_args; func_args server_args; #ifndef SINGLE_THREADED THREAD_TYPE serverThread; #endif callback_functions client_cb; callback_functions server_cb; /* create a failed connection and inspect the error */ #ifdef WOLFSSL_TIRTOS fdOpenSession(Task_self()); #endif XMEMSET(&client_args, 0, sizeof(func_args)); XMEMSET(&server_args, 0, sizeof(func_args)); StartTCP(); InitTcpReady(&ready); XMEMSET(&client_cb, 0, sizeof(callback_functions)); XMEMSET(&server_cb, 0, sizeof(callback_functions)); /* Use different CTX for client and server */ client_cb.ctx = wolfSSL_CTX_new(wolfSSLv23_method()); AssertNotNull(client_cb.ctx); server_cb.ctx = wolfSSL_CTX_new(wolfSSLv23_method()); AssertNotNull(server_cb.ctx); /* we are responsible for free'ing WOLFSSL_CTX */ server_cb.isSharedCtx = client_cb.isSharedCtx = 1; server_args.signal = &ready; server_args.callbacks = &server_cb; client_args.signal = &ready; client_args.callbacks = &client_cb; client_args.return_code = TEST_FAIL; #ifndef SINGLE_THREADED start_thread(test_server_nofail, &server_args, &serverThread); wait_tcp_ready(&server_args); test_client_nofail(&client_args, NULL); join_thread(serverThread); #endif wolfSSL_CTX_free(client_cb.ctx); wolfSSL_CTX_free(server_cb.ctx); FreeTcpReady(&ready); #ifndef SINGLE_THREADED AssertTrue(client_args.return_code); AssertTrue(server_args.return_code); #endif #ifdef WOLFSSL_TIRTOS fdOpenSession(Task_self()); #endif res = TEST_RES_CHECK(1); #endif return res; } static int test_wolfSSL_DTLS_either_side(void) { int res = TEST_SKIPPED; #if (defined(OPENSSL_EXTRA) || defined(WOLFSSL_EITHER_SIDE)) && \ !defined(NO_FILESYSTEM) && defined(HAVE_IO_TESTS_DEPENDENCIES) && \ !defined(NO_WOLFSSL_CLIENT) && !defined(NO_WOLFSSL_SERVER) && \ defined(WOLFSSL_DTLS) tcp_ready ready; func_args client_args; func_args server_args; #ifndef SINGLE_THREADED THREAD_TYPE serverThread; #endif callback_functions client_cb; callback_functions server_cb; #ifdef WOLFSSL_TIRTOS fdOpenSession(Task_self()); #endif XMEMSET(&client_args, 0, sizeof(func_args)); XMEMSET(&server_args, 0, sizeof(func_args)); StartTCP(); InitTcpReady(&ready); XMEMSET(&client_cb, 0, sizeof(callback_functions)); XMEMSET(&server_cb, 0, sizeof(callback_functions)); /* Use different CTX for client and server */ client_cb.ctx = wolfSSL_CTX_new(wolfDTLS_method()); AssertNotNull(client_cb.ctx); server_cb.ctx = wolfSSL_CTX_new(wolfDTLS_method()); AssertNotNull(server_cb.ctx); /* we are responsible for free'ing WOLFSSL_CTX */ server_cb.isSharedCtx = client_cb.isSharedCtx = 1; server_args.signal = &ready; server_args.callbacks = &server_cb; client_args.signal = &ready; client_args.callbacks = &client_cb; client_args.return_code = TEST_FAIL; #ifndef SINGLE_THREADED start_thread(test_server_nofail, &server_args, &serverThread); wait_tcp_ready(&server_args); test_client_nofail(&client_args, NULL); join_thread(serverThread); #endif wolfSSL_CTX_free(client_cb.ctx); wolfSSL_CTX_free(server_cb.ctx); FreeTcpReady(&ready); #ifndef SINGLE_THREADED AssertTrue(client_args.return_code); AssertTrue(server_args.return_code); #endif #ifdef WOLFSSL_TIRTOS fdOpenSession(Task_self()); #endif res = TEST_RES_CHECK(1); #endif return res; } static int test_generate_cookie(void) { int res = TEST_SKIPPED; #if defined(WOLFSSL_DTLS) && defined(OPENSSL_EXTRA) && defined(USE_WOLFSSL_IO) SSL_CTX* ctx; SSL* ssl; byte buf[FOURK_BUF] = {0}; AssertNotNull(ctx = wolfSSL_CTX_new(wolfDTLS_method())); AssertNotNull(ssl = SSL_new(ctx)); /* Test unconnected */ AssertIntEQ(EmbedGenerateCookie(ssl, buf, FOURK_BUF, NULL), GEN_COOKIE_E); wolfSSL_CTX_SetGenCookie(ctx, EmbedGenerateCookie); wolfSSL_SetCookieCtx(ssl, ctx); AssertNotNull(wolfSSL_GetCookieCtx(ssl)); AssertNull(wolfSSL_GetCookieCtx(NULL)); SSL_free(ssl); SSL_CTX_free(ctx); res = TEST_RES_CHECK(1); #endif return res; } static int test_wolfSSL_set_options(void) { int res = TEST_SKIPPED; #if !defined(NO_CERTS) && !defined(NO_FILESYSTEM) && !defined(NO_RSA) #if !defined(NO_WOLFSSL_CLIENT) || !defined(NO_WOLFSSL_SERVER) WOLFSSL* ssl; WOLFSSL_CTX* ctx; #if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL) char appData[] = "extra msg"; #endif #ifdef OPENSSL_EXTRA unsigned char protos[] = { 7, 't', 'l', 's', '/', '1', '.', '2', 8, 'h', 't', 't', 'p', '/', '1', '.', '1' }; unsigned int len = sizeof(protos); void *arg = (void *)TEST_ARG; #endif #ifndef NO_WOLFSSL_SERVER AssertNotNull(ctx = wolfSSL_CTX_new(wolfSSLv23_server_method())); #else AssertNotNull(ctx = wolfSSL_CTX_new(wolfSSLv23_client_method())); #endif AssertTrue(wolfSSL_CTX_use_certificate_file(ctx, svrCertFile, WOLFSSL_FILETYPE_PEM)); AssertTrue(wolfSSL_CTX_use_PrivateKey_file(ctx, svrKeyFile, WOLFSSL_FILETYPE_PEM)); AssertTrue(wolfSSL_CTX_set_options(ctx, WOLFSSL_OP_NO_TLSv1) == WOLFSSL_OP_NO_TLSv1); AssertTrue(wolfSSL_CTX_get_options(ctx) == WOLFSSL_OP_NO_TLSv1); AssertIntGT((int)wolfSSL_CTX_set_options(ctx, (WOLFSSL_OP_COOKIE_EXCHANGE | WOLFSSL_OP_NO_SSLv2)), 0); AssertTrue((wolfSSL_CTX_set_options(ctx, WOLFSSL_OP_COOKIE_EXCHANGE) & WOLFSSL_OP_COOKIE_EXCHANGE) == WOLFSSL_OP_COOKIE_EXCHANGE); AssertTrue((wolfSSL_CTX_set_options(ctx, WOLFSSL_OP_NO_TLSv1_2) & WOLFSSL_OP_NO_TLSv1_2) == WOLFSSL_OP_NO_TLSv1_2); AssertTrue((wolfSSL_CTX_set_options(ctx, WOLFSSL_OP_NO_COMPRESSION) & WOLFSSL_OP_NO_COMPRESSION) == WOLFSSL_OP_NO_COMPRESSION); AssertFalse((wolfSSL_CTX_clear_options(ctx, WOLFSSL_OP_NO_COMPRESSION) & WOLFSSL_OP_NO_COMPRESSION)); wolfSSL_CTX_free(ctx); #ifndef NO_WOLFSSL_SERVER ctx = wolfSSL_CTX_new(wolfSSLv23_server_method()); AssertNotNull(ctx); #else ctx = wolfSSL_CTX_new(wolfSSLv23_client_method()); AssertNotNull(ctx); #endif AssertTrue(wolfSSL_CTX_use_certificate_file(ctx, svrCertFile, WOLFSSL_FILETYPE_PEM)); AssertTrue(wolfSSL_CTX_use_PrivateKey_file(ctx, svrKeyFile, WOLFSSL_FILETYPE_PEM)); #ifdef OPENSSL_EXTRA AssertTrue(wolfSSL_CTX_set_msg_callback(ctx, msg_cb) == WOLFSSL_SUCCESS); #endif AssertNotNull(ssl = wolfSSL_new(ctx)); #if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL) #ifdef HAVE_EX_DATA AssertIntEQ(wolfSSL_set_app_data(ssl, (void*)appData), WOLFSSL_SUCCESS); AssertNotNull(wolfSSL_get_app_data((const WOLFSSL*)ssl)); if (ssl) { AssertIntEQ(XMEMCMP(wolfSSL_get_app_data((const WOLFSSL*)ssl), appData, sizeof(appData)), 0); } #else AssertIntEQ(wolfSSL_set_app_data(ssl, (void*)appData), WOLFSSL_FAILURE); AssertNull(wolfSSL_get_app_data((const WOLFSSL*)ssl)); #endif #endif AssertTrue(wolfSSL_set_options(ssl, WOLFSSL_OP_NO_TLSv1) == WOLFSSL_OP_NO_TLSv1); AssertTrue(wolfSSL_get_options(ssl) == WOLFSSL_OP_NO_TLSv1); AssertIntGT((int)wolfSSL_set_options(ssl, (WOLFSSL_OP_COOKIE_EXCHANGE | WOLFSSL_OP_NO_SSLv2)), 0); AssertTrue((wolfSSL_set_options(ssl, WOLFSSL_OP_COOKIE_EXCHANGE) & WOLFSSL_OP_COOKIE_EXCHANGE) == WOLFSSL_OP_COOKIE_EXCHANGE); AssertTrue((wolfSSL_set_options(ssl, WOLFSSL_OP_NO_TLSv1_2) & WOLFSSL_OP_NO_TLSv1_2) == WOLFSSL_OP_NO_TLSv1_2); AssertTrue((wolfSSL_set_options(ssl, WOLFSSL_OP_NO_COMPRESSION) & WOLFSSL_OP_NO_COMPRESSION) == WOLFSSL_OP_NO_COMPRESSION); #ifdef OPENSSL_EXTRA AssertFalse((wolfSSL_clear_options(ssl, WOLFSSL_OP_NO_COMPRESSION) & WOLFSSL_OP_NO_COMPRESSION)); #endif #ifdef OPENSSL_EXTRA AssertTrue(wolfSSL_set_msg_callback(ssl, msg_cb) == WOLFSSL_SUCCESS); wolfSSL_set_msg_callback_arg(ssl, arg); #ifdef WOLFSSL_ERROR_CODE_OPENSSL AssertTrue(wolfSSL_CTX_set_alpn_protos(ctx, protos, len) == 0); #else AssertTrue(wolfSSL_CTX_set_alpn_protos(ctx, protos, len) == WOLFSSL_SUCCESS); #endif #endif #if defined(WOLFSSL_NGINX) || defined(WOLFSSL_HAPROXY) || \ defined(WOLFSSL_MYSQL_COMPATIBLE) || defined(OPENSSL_ALL) || \ defined(HAVE_LIGHTY) || defined(HAVE_STUNNEL) #if defined(HAVE_ALPN) && !defined(NO_BIO) #ifdef WOLFSSL_ERROR_CODE_OPENSSL AssertTrue(wolfSSL_set_alpn_protos(ssl, protos, len) == 0); #else AssertTrue(wolfSSL_set_alpn_protos(ssl, protos, len) == WOLFSSL_SUCCESS); #endif #endif /* HAVE_ALPN && !NO_BIO */ #endif wolfSSL_free(ssl); wolfSSL_CTX_free(ctx); res = TEST_RES_CHECK(1); #endif /* !NO_WOLFSSL_CLIENT || !NO_WOLFSSL_SERVER */ #endif /* !defined(NO_CERTS) && !defined(NO_FILESYSTEM) && !defined(NO_RSA) */ return res; } static int test_wolfSSL_sk_SSL_CIPHER(void) { int res = TEST_SKIPPED; #if defined(OPENSSL_ALL) && !defined(NO_CERTS) && \ !defined(NO_FILESYSTEM) && !defined(NO_RSA) #if !defined(NO_WOLFSSL_CLIENT) || !defined(NO_WOLFSSL_SERVER) SSL* ssl; SSL_CTX* ctx; STACK_OF(SSL_CIPHER) *sk, *dupSk; #ifndef NO_WOLFSSL_SERVER AssertNotNull(ctx = SSL_CTX_new(wolfSSLv23_server_method())); #else AssertNotNull(ctx = SSL_CTX_new(wolfSSLv23_client_method())); #endif AssertTrue(SSL_CTX_use_certificate_file(ctx, svrCertFile, SSL_FILETYPE_PEM)); AssertTrue(SSL_CTX_use_PrivateKey_file(ctx, svrKeyFile, SSL_FILETYPE_PEM)); AssertNotNull(ssl = SSL_new(ctx)); AssertNotNull(sk = SSL_get_ciphers(ssl)); AssertNotNull(dupSk = sk_SSL_CIPHER_dup(sk)); AssertIntGT(sk_SSL_CIPHER_num(sk), 0); AssertIntEQ(sk_SSL_CIPHER_num(sk), sk_SSL_CIPHER_num(dupSk)); /* error case because connection has not been established yet */ AssertIntEQ(sk_SSL_CIPHER_find(sk, SSL_get_current_cipher(ssl)), -1); sk_SSL_CIPHER_free(dupSk); /* sk is pointer to internal struct that should be free'd in SSL_free */ SSL_free(ssl); SSL_CTX_free(ctx); res = TEST_RES_CHECK(1); #endif /* !NO_WOLFSSL_CLIENT || !NO_WOLFSSL_SERVER */ #endif /* defined(OPENSSL_EXTRA) && !defined(NO_CERTS) && \ !defined(NO_FILESYSTEM) && !defined(NO_RSA) */ return res; } static int test_wolfSSL_set1_curves_list(void) { int res = TEST_SKIPPED; #if defined(OPENSSL_EXTRA) && defined(HAVE_ECC) #if !defined(NO_WOLFSSL_CLIENT) || !defined(NO_WOLFSSL_SERVER) SSL* ssl = NULL; SSL_CTX* ctx = NULL; #ifndef NO_WOLFSSL_SERVER AssertNotNull(ctx = SSL_CTX_new(wolfSSLv23_server_method())); #else AssertNotNull(ctx = SSL_CTX_new(wolfSSLv23_client_method())); #endif AssertTrue(SSL_CTX_use_certificate_file(ctx, eccCertFile, SSL_FILETYPE_PEM)); AssertTrue(SSL_CTX_use_PrivateKey_file(ctx, eccKeyFile, SSL_FILETYPE_PEM)); AssertNotNull(ssl = SSL_new(ctx)); AssertIntEQ(SSL_CTX_set1_curves_list(ctx, NULL), WOLFSSL_FAILURE); #ifdef HAVE_ECC AssertIntEQ(SSL_CTX_set1_curves_list(ctx, "P-25X"), WOLFSSL_FAILURE); AssertIntEQ(SSL_CTX_set1_curves_list(ctx, "P-256"), WOLFSSL_SUCCESS); #endif #ifdef HAVE_CURVE25519 AssertIntEQ(SSL_CTX_set1_curves_list(ctx, "X25519"), WOLFSSL_SUCCESS); #else AssertIntEQ(SSL_CTX_set1_curves_list(ctx, "X25519"), WOLFSSL_FAILURE); #endif #ifdef HAVE_CURVE448 AssertIntEQ(SSL_CTX_set1_curves_list(ctx, "X448"), WOLFSSL_SUCCESS); #else AssertIntEQ(SSL_CTX_set1_curves_list(ctx, "X448"), WOLFSSL_FAILURE); #endif AssertIntEQ(SSL_set1_curves_list(ssl, NULL), WOLFSSL_FAILURE); #ifdef HAVE_ECC AssertIntEQ(SSL_set1_curves_list(ssl, "P-25X"), WOLFSSL_FAILURE); AssertIntEQ(SSL_set1_curves_list(ssl, "P-256"), WOLFSSL_SUCCESS); #endif #ifdef HAVE_CURVE25519 AssertIntEQ(SSL_set1_curves_list(ssl, "X25519"), WOLFSSL_SUCCESS); #else AssertIntEQ(SSL_set1_curves_list(ssl, "X25519"), WOLFSSL_FAILURE); #endif #ifdef HAVE_CURVE448 AssertIntEQ(SSL_set1_curves_list(ssl, "X448"), WOLFSSL_SUCCESS); #else AssertIntEQ(SSL_set1_curves_list(ssl, "X448"), WOLFSSL_FAILURE); #endif SSL_free(ssl); SSL_CTX_free(ctx); res = TEST_RES_CHECK(1); #endif /* !NO_WOLFSSL_CLIENT || !NO_WOLFSSL_SERVER */ #endif return res; } static int test_wolfSSL_set1_sigalgs_list(void) { int res = TEST_SKIPPED; #if defined(OPENSSL_EXTRA) && !defined(NO_CERTS) && !defined(NO_RSA) #if !defined(NO_WOLFSSL_CLIENT) || !defined(NO_WOLFSSL_SERVER) SSL* ssl; SSL_CTX* ctx; #ifndef NO_WOLFSSL_SERVER AssertNotNull(ctx = SSL_CTX_new(wolfSSLv23_server_method())); #else AssertNotNull(ctx = SSL_CTX_new(wolfSSLv23_client_method())); #endif AssertTrue(SSL_CTX_use_certificate_file(ctx, svrCertFile, SSL_FILETYPE_PEM)); AssertTrue(SSL_CTX_use_PrivateKey_file(ctx, svrKeyFile, SSL_FILETYPE_PEM)); AssertNotNull(ssl = SSL_new(ctx)); AssertIntEQ(wolfSSL_CTX_set1_sigalgs_list(NULL, NULL), WOLFSSL_FAILURE); AssertIntEQ(wolfSSL_CTX_set1_sigalgs_list(ctx, NULL), WOLFSSL_FAILURE); AssertIntEQ(wolfSSL_set1_sigalgs_list(NULL, NULL), WOLFSSL_FAILURE); AssertIntEQ(wolfSSL_set1_sigalgs_list(ssl, NULL), WOLFSSL_FAILURE); AssertIntEQ(wolfSSL_CTX_set1_sigalgs_list(ctx, ""), WOLFSSL_FAILURE); AssertIntEQ(wolfSSL_set1_sigalgs_list(ssl, ""), WOLFSSL_FAILURE); #ifndef NO_RSA #ifndef NO_SHA256 AssertIntEQ(wolfSSL_CTX_set1_sigalgs_list(NULL, "RSA+SHA256"), WOLFSSL_FAILURE); AssertIntEQ(wolfSSL_set1_sigalgs_list(NULL, "RSA+SHA256"), WOLFSSL_FAILURE); AssertIntEQ(wolfSSL_CTX_set1_sigalgs_list(ctx, "RSA+SHA256"), WOLFSSL_SUCCESS); AssertIntEQ(wolfSSL_set1_sigalgs_list(ssl, "RSA+SHA256"), WOLFSSL_SUCCESS); AssertIntEQ(wolfSSL_CTX_set1_sigalgs_list(ctx, "RSA-SHA256"), WOLFSSL_FAILURE); AssertIntEQ(wolfSSL_set1_sigalgs_list(ssl, "RSA-SHA256"), WOLFSSL_FAILURE); #ifdef WC_RSA_PSS AssertIntEQ(wolfSSL_CTX_set1_sigalgs_list(ctx, "RSA-PSS+SHA256"), WOLFSSL_SUCCESS); AssertIntEQ(wolfSSL_set1_sigalgs_list(ssl, "RSA-PSS+SHA256"), WOLFSSL_SUCCESS); AssertIntEQ(wolfSSL_CTX_set1_sigalgs_list(ctx, "PSS+SHA256"), WOLFSSL_SUCCESS); AssertIntEQ(wolfSSL_set1_sigalgs_list(ssl, "PSS+SHA256"), WOLFSSL_SUCCESS); #endif #ifdef WOLFSSL_SHA512 AssertIntEQ(wolfSSL_CTX_set1_sigalgs_list(ctx, "RSA+SHA256:RSA+SHA512"), WOLFSSL_SUCCESS); AssertIntEQ(wolfSSL_set1_sigalgs_list(ssl, "RSA+SHA256:RSA+SHA512"), WOLFSSL_SUCCESS); #elif defined(WOLFSSL_SHA384) AssertIntEQ(wolfSSL_CTX_set1_sigalgs_list(ctx, "RSA+SHA256:RSA+SHA384"), WOLFSSL_SUCCESS); AssertIntEQ(wolfSSL_set1_sigalgs_list(ssl, "RSA+SHA256:RSA+SHA384"), WOLFSSL_SUCCESS); #endif AssertIntEQ(wolfSSL_CTX_set1_sigalgs_list(ctx, "RSA"), WOLFSSL_FAILURE); AssertIntEQ(wolfSSL_set1_sigalgs_list(ssl, "RSA"), WOLFSSL_FAILURE); AssertIntEQ(wolfSSL_CTX_set1_sigalgs_list(ctx, "RSA:RSA+SHA256"), WOLFSSL_FAILURE); AssertIntEQ(wolfSSL_set1_sigalgs_list(ssl, "RSA:RSA+SHA256"), WOLFSSL_FAILURE); AssertIntEQ(wolfSSL_CTX_set1_sigalgs_list(ctx, "RSA+SHA256+SHA256"), WOLFSSL_FAILURE); AssertIntEQ(wolfSSL_set1_sigalgs_list(ssl, "RSA+SHA256+RSA"), WOLFSSL_FAILURE); #endif #endif #ifdef HAVE_ECC #ifndef NO_SHA256 AssertIntEQ(wolfSSL_CTX_set1_sigalgs_list(ctx, "ECDSA+SHA256"), WOLFSSL_SUCCESS); AssertIntEQ(wolfSSL_set1_sigalgs_list(ssl, "ECDSA+SHA256"), WOLFSSL_SUCCESS); #ifdef WOLFSSL_SHA512 AssertIntEQ(wolfSSL_CTX_set1_sigalgs_list(ctx, "ECDSA+SHA256:ECDSA+SHA512"), WOLFSSL_SUCCESS); AssertIntEQ(wolfSSL_set1_sigalgs_list(ssl, "ECDSA+SHA256:ECDSA+SHA512"), WOLFSSL_SUCCESS); #elif defined(WOLFSSL_SHA384) AssertIntEQ(wolfSSL_CTX_set1_sigalgs_list(ctx, "ECDSA+SHA256:ECDSA+SHA384"), WOLFSSL_SUCCESS); AssertIntEQ(wolfSSL_set1_sigalgs_list(ssl, "ECDSA+SHA256:ECDSA+SHA384"), WOLFSSL_SUCCESS); #endif #endif #endif #ifdef HAVE_ED25519 AssertIntEQ(wolfSSL_CTX_set1_sigalgs_list(ctx, "ED25519"), WOLFSSL_SUCCESS); AssertIntEQ(wolfSSL_set1_sigalgs_list(ssl, "ED25519"), WOLFSSL_SUCCESS); #endif #ifdef HAVE_ED448 AssertIntEQ(wolfSSL_CTX_set1_sigalgs_list(ctx, "ED448"), WOLFSSL_SUCCESS); AssertIntEQ(wolfSSL_set1_sigalgs_list(ssl, "ED448"), WOLFSSL_SUCCESS); #endif #ifndef NO_DSA #ifndef NO_SHA256 AssertIntEQ(wolfSSL_CTX_set1_sigalgs_list(ctx, "DSA+SHA256"), WOLFSSL_SUCCESS); AssertIntEQ(wolfSSL_set1_sigalgs_list(ssl, "DSA+SHA256"), WOLFSSL_SUCCESS); #endif #if !defined(NO_SHA) && (!defined(NO_OLD_TLS) || \ defined(WOLFSSL_ALLOW_TLS_SHA1)) AssertIntEQ(wolfSSL_CTX_set1_sigalgs_list(ctx, "DSA+SHA1"), WOLFSSL_SUCCESS); AssertIntEQ(wolfSSL_set1_sigalgs_list(ssl, "DSA+SHA1"), WOLFSSL_SUCCESS); #endif #endif SSL_free(ssl); SSL_CTX_free(ctx); res = TEST_RES_CHECK(1); #endif /* !NO_WOLFSSL_CLIENT || !NO_WOLFSSL_SERVER */ #endif return res; } /* Testing wolfSSL_set_tlsext_status_type function. * PRE: OPENSSL and HAVE_CERTIFICATE_STATUS_REQUEST defined. */ static int test_wolfSSL_set_tlsext_status_type(void) { int res = TEST_SKIPPED; #if defined(OPENSSL_EXTRA) && defined(HAVE_CERTIFICATE_STATUS_REQUEST) && \ !defined(NO_RSA) && !defined(NO_WOLFSSL_SERVER) SSL* ssl; SSL_CTX* ctx; AssertNotNull(ctx = SSL_CTX_new(wolfSSLv23_server_method())); AssertTrue(SSL_CTX_use_certificate_file(ctx, svrCertFile, SSL_FILETYPE_PEM)); AssertTrue(SSL_CTX_use_PrivateKey_file(ctx, svrKeyFile, SSL_FILETYPE_PEM)); AssertNotNull(ssl = SSL_new(ctx)); AssertIntEQ(SSL_set_tlsext_status_type(ssl,TLSEXT_STATUSTYPE_ocsp), SSL_SUCCESS); AssertIntEQ(SSL_get_tlsext_status_type(ssl), TLSEXT_STATUSTYPE_ocsp); SSL_free(ssl); SSL_CTX_free(ctx); res = TEST_RES_CHECK(1); #endif /* OPENSSL_EXTRA && HAVE_CERTIFICATE_STATUS_REQUEST && !NO_RSA */ return res; } #ifndef NO_BIO static int test_wolfSSL_PEM_read_bio(void) { int res = TEST_SKIPPED; #if defined(OPENSSL_EXTRA) && !defined(NO_CERTS) && \ !defined(NO_FILESYSTEM) && !defined(NO_RSA) byte buff[6000]; XFILE f; int bytes; X509* x509; BIO* bio = NULL; BUF_MEM* buf; f = XFOPEN(cliCertFile, "rb"); AssertTrue((f != XBADFILE)); bytes = (int)XFREAD(buff, 1, sizeof(buff), f); XFCLOSE(f); AssertNull(x509 = PEM_read_bio_X509_AUX(bio, NULL, NULL, NULL)); AssertNotNull(bio = BIO_new_mem_buf((void*)buff, bytes)); AssertIntEQ(BIO_set_mem_eof_return(bio, -0xDEAD), 1); AssertNotNull(x509 = PEM_read_bio_X509_AUX(bio, NULL, NULL, NULL)); AssertIntEQ((int)BIO_set_fd(bio, 0, BIO_CLOSE), 1); /* BIO should return the set EOF value */ AssertIntEQ(BIO_read(bio, buff, sizeof(buff)), -0xDEAD); AssertIntEQ(BIO_set_close(bio, BIO_NOCLOSE), 1); AssertIntEQ(BIO_set_close(NULL, BIO_NOCLOSE), 1); AssertIntEQ(SSL_SUCCESS, BIO_get_mem_ptr(bio, &buf)); BIO_free(bio); BUF_MEM_free(buf); X509_free(x509); res = TEST_RES_CHECK(1); #endif /* defined(OPENSSL_EXTRA) && !defined(NO_CERTS) && \ !defined(NO_FILESYSTEM) && !defined(NO_RSA) */ return res; } #if defined(OPENSSL_EXTRA) static long bioCallback(BIO *bio, int cmd, const char* argp, int argi, long argl, long ret) { (void)bio; (void)cmd; (void)argp; (void)argi; (void)argl; return ret; } #endif static int test_wolfSSL_BIO(void) { int res = TEST_SKIPPED; #if defined(OPENSSL_EXTRA) const unsigned char* p; byte buff[20]; BIO* bio1; BIO* bio2; BIO* bio3; char* bufPt; int i; for (i = 0; i < 20; i++) { buff[i] = i; } /* test BIO_free with NULL */ AssertIntEQ(BIO_free(NULL), WOLFSSL_FAILURE); /* Creating and testing type BIO_s_bio */ AssertNotNull(bio1 = BIO_new(BIO_s_bio())); AssertNotNull(bio2 = BIO_new(BIO_s_bio())); AssertNotNull(bio3 = BIO_new(BIO_s_bio())); /* read/write before set up */ AssertIntEQ(BIO_read(bio1, buff, 2), WOLFSSL_BIO_UNSET); AssertIntEQ(BIO_write(bio1, buff, 2), WOLFSSL_BIO_UNSET); AssertIntEQ(BIO_set_nbio(bio1, 1), 1); AssertIntEQ(BIO_set_write_buf_size(bio1, 20), WOLFSSL_SUCCESS); AssertIntEQ(BIO_set_write_buf_size(bio2, 8), WOLFSSL_SUCCESS); AssertIntEQ(BIO_make_bio_pair(bio1, bio2), WOLFSSL_SUCCESS); AssertIntEQ(BIO_nwrite(bio1, &bufPt, 10), 10); XMEMCPY(bufPt, buff, 10); AssertIntEQ(BIO_write(bio1, buff + 10, 10), 10); /* write buffer full */ AssertIntEQ(BIO_write(bio1, buff, 10), WOLFSSL_BIO_ERROR); AssertIntEQ(BIO_flush(bio1), WOLFSSL_SUCCESS); AssertIntEQ((int)BIO_ctrl_pending(bio1), 0); /* write the other direction with pair */ AssertIntEQ((int)BIO_nwrite(bio2, &bufPt, 10), 8); XMEMCPY(bufPt, buff, 8); AssertIntEQ(BIO_write(bio2, buff, 10), WOLFSSL_BIO_ERROR); /* try read */ AssertIntEQ((int)BIO_ctrl_pending(bio1), 8); AssertIntEQ((int)BIO_ctrl_pending(bio2), 20); /* try read using ctrl function */ AssertIntEQ((int)BIO_ctrl(bio1, BIO_CTRL_WPENDING, 0, NULL), 8); AssertIntEQ((int)BIO_ctrl(bio1, BIO_CTRL_PENDING, 0, NULL), 8); AssertIntEQ((int)BIO_ctrl(bio2, BIO_CTRL_WPENDING, 0, NULL), 20); AssertIntEQ((int)BIO_ctrl(bio2, BIO_CTRL_PENDING, 0, NULL), 20); AssertIntEQ(BIO_nread(bio2, &bufPt, (int)BIO_ctrl_pending(bio2)), 20); for (i = 0; i < 20; i++) { AssertIntEQ((int)bufPt[i], i); } AssertIntEQ(BIO_nread(bio2, &bufPt, 1), WOLFSSL_BIO_ERROR); AssertIntEQ(BIO_nread(bio1, &bufPt, (int)BIO_ctrl_pending(bio1)), 8); for (i = 0; i < 8; i++) { AssertIntEQ((int)bufPt[i], i); } AssertIntEQ(BIO_nread(bio1, &bufPt, 1), WOLFSSL_BIO_ERROR); AssertIntEQ(BIO_ctrl_reset_read_request(bio1), 1); /* new pair */ AssertIntEQ(BIO_make_bio_pair(bio1, bio3), WOLFSSL_FAILURE); BIO_free(bio2); /* free bio2 and automatically remove from pair */ AssertIntEQ(BIO_make_bio_pair(bio1, bio3), WOLFSSL_SUCCESS); AssertIntEQ((int)BIO_ctrl_pending(bio3), 0); AssertIntEQ(BIO_nread(bio3, &bufPt, 10), WOLFSSL_BIO_ERROR); /* test wrap around... */ AssertIntEQ(BIO_reset(bio1), 0); AssertIntEQ(BIO_reset(bio3), 0); /* fill write buffer, read only small amount then write again */ AssertIntEQ(BIO_nwrite(bio1, &bufPt, 20), 20); XMEMCPY(bufPt, buff, 20); AssertIntEQ(BIO_nread(bio3, &bufPt, 4), 4); for (i = 0; i < 4; i++) { AssertIntEQ(bufPt[i], i); } /* try writing over read index */ AssertIntEQ(BIO_nwrite(bio1, &bufPt, 5), 4); XMEMSET(bufPt, 0, 4); AssertIntEQ((int)BIO_ctrl_pending(bio3), 20); /* read and write 0 bytes */ AssertIntEQ(BIO_nread(bio3, &bufPt, 0), 0); AssertIntEQ(BIO_nwrite(bio1, &bufPt, 0), 0); /* should read only to end of write buffer then need to read again */ AssertIntEQ(BIO_nread(bio3, &bufPt, 20), 16); for (i = 0; i < 16; i++) { AssertIntEQ(bufPt[i], buff[4 + i]); } AssertIntEQ(BIO_nread(bio3, NULL, 0), WOLFSSL_FAILURE); AssertIntEQ(BIO_nread0(bio3, &bufPt), 4); for (i = 0; i < 4; i++) { AssertIntEQ(bufPt[i], 0); } /* read index should not have advanced with nread0 */ AssertIntEQ(BIO_nread(bio3, &bufPt, 5), 4); for (i = 0; i < 4; i++) { AssertIntEQ(bufPt[i], 0); } /* write and fill up buffer checking reset of index state */ AssertIntEQ(BIO_nwrite(bio1, &bufPt, 20), 20); XMEMCPY(bufPt, buff, 20); /* test reset on data in bio1 write buffer */ AssertIntEQ(BIO_reset(bio1), 0); AssertIntEQ((int)BIO_ctrl_pending(bio3), 0); AssertIntEQ(BIO_nread(bio3, &bufPt, 3), WOLFSSL_BIO_ERROR); AssertIntEQ(BIO_nwrite(bio1, &bufPt, 20), 20); AssertIntEQ((int)BIO_ctrl(bio1, BIO_CTRL_INFO, 0, &p), 20); AssertNotNull(p); XMEMCPY(bufPt, buff, 20); AssertIntEQ(BIO_nread(bio3, &bufPt, 6), 6); for (i = 0; i < 6; i++) { AssertIntEQ(bufPt[i], i); } /* test case of writing twice with offset read index */ AssertIntEQ(BIO_nwrite(bio1, &bufPt, 3), 3); AssertIntEQ(BIO_nwrite(bio1, &bufPt, 4), 3); /* try overwriting */ AssertIntEQ(BIO_nwrite(bio1, &bufPt, 4), WOLFSSL_BIO_ERROR); AssertIntEQ(BIO_nread(bio3, &bufPt, 0), 0); AssertIntEQ(BIO_nwrite(bio1, &bufPt, 4), WOLFSSL_BIO_ERROR); AssertIntEQ(BIO_nread(bio3, &bufPt, 1), 1); AssertIntEQ(BIO_nwrite(bio1, &bufPt, 4), 1); AssertIntEQ(BIO_nwrite(bio1, &bufPt, 4), WOLFSSL_BIO_ERROR); BIO_free(bio1); BIO_free(bio3); #if defined(OPENSSL_ALL) || defined(WOLFSSL_ASIO) { BIO* bioA = NULL; BIO* bioB = NULL; AssertIntEQ(BIO_new_bio_pair(NULL, 256, NULL, 256), BAD_FUNC_ARG); AssertIntEQ(BIO_new_bio_pair(&bioA, 256, &bioB, 256), WOLFSSL_SUCCESS); BIO_free(bioA); bioA = NULL; BIO_free(bioB); bioB = NULL; } #endif /* OPENSSL_ALL || WOLFSSL_ASIO */ /* BIOs with file pointers */ #if !defined(NO_FILESYSTEM) { XFILE f1; XFILE f2; BIO* f_bio1; BIO* f_bio2; unsigned char cert[300]; char testFile[] = "tests/bio_write_test.txt"; char msg[] = "bio_write_test.txt contains the first 300 bytes of certs/server-cert.pem\ncreated by tests/unit.test\n\n"; AssertNotNull(f_bio1 = BIO_new(BIO_s_file())); AssertNotNull(f_bio2 = BIO_new(BIO_s_file())); /* Failure due to wrong BIO type */ AssertIntEQ((int)BIO_set_mem_eof_return(f_bio1, -1), 0); AssertIntEQ((int)BIO_set_mem_eof_return(NULL, -1), 0); f1 = XFOPEN(svrCertFile, "rwb"); AssertTrue((f1 != XBADFILE)); AssertIntEQ((int)BIO_set_fp(f_bio1, f1, BIO_CLOSE), WOLFSSL_SUCCESS); AssertIntEQ(BIO_write_filename(f_bio2, testFile), WOLFSSL_SUCCESS); AssertIntEQ(BIO_read(f_bio1, cert, sizeof(cert)), sizeof(cert)); AssertIntEQ(BIO_tell(f_bio1),sizeof(cert)); AssertIntEQ(BIO_write(f_bio2, msg, sizeof(msg)), sizeof(msg)); AssertIntEQ(BIO_tell(f_bio2),sizeof(msg)); AssertIntEQ(BIO_write(f_bio2, cert, sizeof(cert)), sizeof(cert)); AssertIntEQ(BIO_tell(f_bio2),sizeof(cert) + sizeof(msg)); AssertIntEQ((int)BIO_get_fp(f_bio2, &f2), WOLFSSL_SUCCESS); AssertIntEQ(BIO_reset(f_bio2), 0); AssertIntEQ(BIO_tell(NULL),-1); AssertIntEQ(BIO_tell(f_bio2),0); AssertIntEQ(BIO_seek(f_bio2, 4), 0); AssertIntEQ(BIO_tell(f_bio2),4); BIO_free(f_bio1); BIO_free(f_bio2); AssertNotNull(f_bio1 = BIO_new_file(svrCertFile, "rwb")); AssertIntEQ((int)BIO_set_mem_eof_return(f_bio1, -1), 0); AssertIntEQ(BIO_read(f_bio1, cert, sizeof(cert)), sizeof(cert)); BIO_free(f_bio1); } #endif /* !defined(NO_FILESYSTEM) */ /* BIO info callback */ { const char* testArg = "test"; BIO* cb_bio; AssertNotNull(cb_bio = BIO_new(BIO_s_mem())); BIO_set_callback(cb_bio, bioCallback); AssertNotNull(BIO_get_callback(cb_bio)); BIO_set_callback(cb_bio, NULL); AssertNull(BIO_get_callback(cb_bio)); BIO_set_callback_arg(cb_bio, (char*)testArg); AssertStrEQ(BIO_get_callback_arg(cb_bio), testArg); AssertNull(BIO_get_callback_arg(NULL)); BIO_free(cb_bio); } /* BIO_vfree */ AssertNotNull(bio1 = BIO_new(BIO_s_bio())); BIO_vfree(NULL); BIO_vfree(bio1); res = TEST_RES_CHECK(1); #endif return res; } #endif /* !NO_BIO */ static int test_wolfSSL_a2i_IPADDRESS(void) { int res = TEST_SKIPPED; #if defined(OPENSSL_ALL) && !defined(WOLFSSL_USER_IO) const unsigned char* data; int dataSz = 0; ASN1_OCTET_STRING *st; const unsigned char ipv4_exp[] = {0x7F, 0, 0, 1}; const unsigned char ipv6_exp[] = { 0x20, 0x21, 0x0d, 0xb8, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0xff, 0x00, 0x00, 0x42, 0x77, 0x77 }; const unsigned char ipv6_home[] = { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01 }; AssertNull(st = a2i_IPADDRESS("127.0.0.1bad")); AssertNotNull(st = a2i_IPADDRESS("127.0.0.1")); data = ASN1_STRING_get0_data(st); dataSz = ASN1_STRING_length(st); AssertIntEQ(dataSz, WOLFSSL_IP4_ADDR_LEN); AssertIntEQ(XMEMCMP(data, ipv4_exp, dataSz), 0); ASN1_STRING_free(st); AssertNotNull(st = a2i_IPADDRESS("::1")); data = ASN1_STRING_get0_data(st); dataSz = ASN1_STRING_length(st); AssertIntEQ(dataSz, WOLFSSL_IP6_ADDR_LEN); AssertIntEQ(XMEMCMP(data, ipv6_home, dataSz), 0); ASN1_STRING_free(st); AssertNotNull(st = a2i_IPADDRESS("2021:db8::ff00:42:7777")); data = ASN1_STRING_get0_data(st); dataSz = ASN1_STRING_length(st); AssertIntEQ(dataSz, WOLFSSL_IP6_ADDR_LEN); AssertIntEQ(XMEMCMP(data, ipv6_exp, dataSz), 0); ASN1_STRING_free(st); res = TEST_RES_CHECK(1); #endif return res; } static int test_wolfSSL_DES_ecb_encrypt(void) { int res = TEST_SKIPPED; #if defined(OPENSSL_EXTRA) && !defined(NO_DES3) && defined(WOLFSSL_DES_ECB) WOLFSSL_DES_cblock input1,input2,output1,output2,back1,back2; WOLFSSL_DES_key_schedule key; XMEMCPY(key,"12345678",sizeof(WOLFSSL_DES_key_schedule)); XMEMCPY(input1, "Iamhuman",sizeof(WOLFSSL_DES_cblock)); XMEMCPY(input2, "Whoisit?",sizeof(WOLFSSL_DES_cblock)); XMEMSET(output1, 0, sizeof(WOLFSSL_DES_cblock)); XMEMSET(output2, 0, sizeof(WOLFSSL_DES_cblock)); XMEMSET(back1, 0, sizeof(WOLFSSL_DES_cblock)); XMEMSET(back2, 0, sizeof(WOLFSSL_DES_cblock)); /* Encrypt messages */ wolfSSL_DES_ecb_encrypt(&input1,&output1,&key,DES_ENCRYPT); wolfSSL_DES_ecb_encrypt(&input2,&output2,&key,DES_ENCRYPT); { /* Decrypt messages */ int ret1 = 0; int ret2 = 0; wolfSSL_DES_ecb_encrypt(&output1,&back1,&key,DES_DECRYPT); ret1 = XMEMCMP((unsigned char *) back1,(unsigned char *) input1,sizeof(WOLFSSL_DES_cblock)); AssertIntEQ(ret1,0); wolfSSL_DES_ecb_encrypt(&output2,&back2,&key,DES_DECRYPT); ret2 = XMEMCMP((unsigned char *) back2,(unsigned char *) input2,sizeof(WOLFSSL_DES_cblock)); AssertIntEQ(ret2,0); } res = TEST_RES_CHECK(1); #endif return res; } static int test_wolfSSL_X509_cmp_time(void) { int res = TEST_SKIPPED; #if defined(OPENSSL_EXTRA) && !defined(NO_ASN_TIME) \ && !defined(USER_TIME) && !defined(TIME_OVERRIDES) WOLFSSL_ASN1_TIME asn_time; time_t t; AssertIntEQ(0, wolfSSL_X509_cmp_time(NULL, &t)); XMEMSET(&asn_time, 0, sizeof(WOLFSSL_ASN1_TIME)); AssertIntEQ(0, wolfSSL_X509_cmp_time(&asn_time, &t)); AssertIntEQ(ASN1_TIME_set_string(&asn_time, "000222211515Z"), 1); AssertIntEQ(-1, wolfSSL_X509_cmp_time(&asn_time, NULL)); res = TEST_RES_CHECK(1); #endif return res; } static int test_wolfSSL_X509_time_adj(void) { int res = TEST_SKIPPED; #if defined(OPENSSL_EXTRA) && !defined(NO_ASN_TIME) && \ !defined(USER_TIME) && !defined(TIME_OVERRIDES) && \ defined(USE_CERT_BUFFERS_2048) && !defined(NO_RSA) && \ !defined(NO_ASN_TIME) X509* x509; time_t t, not_before, not_after; AssertNotNull(x509 = wolfSSL_X509_load_certificate_buffer( client_cert_der_2048, sizeof_client_cert_der_2048, WOLFSSL_FILETYPE_ASN1)); t = 0; not_before = wc_Time(0); not_after = wc_Time(0) + (60 * 24 * 30); /* 30 days after */ AssertNotNull(X509_time_adj(X509_get_notBefore(x509), not_before, &t)); AssertNotNull(X509_time_adj(X509_get_notAfter(x509), not_after, &t)); /* Check X509_gmtime_adj, too. */ AssertNotNull(X509_gmtime_adj(X509_get_notAfter(x509), not_after)); X509_free(x509); res = TEST_RES_CHECK(1); #endif return res; } static int test_wolfSSL_X509(void) { int res = TEST_SKIPPED; #if defined(OPENSSL_EXTRA) && !defined(NO_CERTS) && !defined(NO_FILESYSTEM)\ && !defined(NO_RSA) X509* x509; #ifndef NO_BIO BIO* bio; X509_STORE_CTX* ctx; X509_STORE* store; #endif char der[] = "certs/ca-cert.der"; XFILE fp; AssertNotNull(x509 = X509_new()); X509_free(x509); #ifndef NO_BIO x509 = wolfSSL_X509_load_certificate_file(cliCertFile, SSL_FILETYPE_PEM); AssertNotNull(bio = BIO_new(BIO_s_mem())); #ifdef WOLFSSL_CERT_GEN AssertIntEQ(i2d_X509_bio(bio, x509), SSL_SUCCESS); #endif AssertNotNull(ctx = X509_STORE_CTX_new()); AssertIntEQ(X509_verify_cert(ctx), SSL_FATAL_ERROR); AssertNotNull(store = X509_STORE_new()); AssertIntEQ(X509_STORE_add_cert(store, x509), SSL_SUCCESS); AssertIntEQ(X509_STORE_CTX_init(ctx, store, x509, NULL), SSL_SUCCESS); AssertIntEQ(X509_verify_cert(ctx), SSL_SUCCESS); X509_STORE_CTX_free(ctx); X509_STORE_free(store); X509_free(x509); BIO_free(bio); #endif /** d2i_X509_fp test **/ fp = XFOPEN(der, "rb"); AssertTrue((fp != XBADFILE)); AssertNotNull(x509 = (X509 *)d2i_X509_fp(fp, (X509 **)NULL)); AssertNotNull(x509); X509_free(x509); XFCLOSE(fp); fp = XFOPEN(der, "rb"); AssertTrue((fp != XBADFILE)); AssertNotNull((X509 *)d2i_X509_fp(fp, (X509 **)&x509)); AssertNotNull(x509); X509_free(x509); XFCLOSE(fp); /* X509_up_ref test */ AssertIntEQ(X509_up_ref(NULL), 0); AssertNotNull(x509 = X509_new()); /* refCount = 1 */ AssertIntEQ(X509_up_ref(x509), 1); /* refCount = 2 */ AssertIntEQ(X509_up_ref(x509), 1); /* refCount = 3 */ X509_free(x509); /* refCount = 2 */ X509_free(x509); /* refCount = 1 */ X509_free(x509); /* refCount = 0, free */ res = TEST_RES_CHECK(1); #endif return res; } static int test_wolfSSL_X509_get_ext_count(void) { int res = TEST_SKIPPED; #if defined(OPENSSL_ALL) && !defined(NO_CERTS) && !defined(NO_FILESYSTEM) && \ !defined(NO_RSA) int ret = 0; WOLFSSL_X509* x509; const char ocspRootCaFile[] = "./certs/ocsp/root-ca-cert.pem"; FILE* f; /* NULL parameter check */ AssertIntEQ(X509_get_ext_count(NULL), WOLFSSL_FAILURE); AssertNotNull(x509 = wolfSSL_X509_load_certificate_file(svrCertFile, SSL_FILETYPE_PEM)); AssertIntEQ(X509_get_ext_count(x509), 5); wolfSSL_X509_free(x509); AssertNotNull(x509 = wolfSSL_X509_load_certificate_file(ocspRootCaFile, SSL_FILETYPE_PEM)); AssertIntEQ(X509_get_ext_count(x509), 5); wolfSSL_X509_free(x509); AssertNotNull(f = fopen("./certs/server-cert.pem", "rb")); AssertNotNull(x509 = wolfSSL_PEM_read_X509(f, NULL, NULL, NULL)); fclose(f); /* wolfSSL_X509_get_ext_count() valid input */ AssertIntEQ((ret = wolfSSL_X509_get_ext_count(x509)), 5); /* wolfSSL_X509_get_ext_count() NULL argument */ AssertIntEQ((ret = wolfSSL_X509_get_ext_count(NULL)), WOLFSSL_FAILURE); wolfSSL_X509_free(x509); res = TEST_RES_CHECK(1); #endif return res; } static int test_wolfSSL_X509_sign2(void) { int res = TEST_SKIPPED; /* test requires WOLFSSL_AKID_NAME to match expected output */ #if defined(OPENSSL_EXTRA) && !defined(NO_RSA) && !defined(NO_CERTS) && \ defined(WOLFSSL_CERT_GEN) && defined(WOLFSSL_ALT_NAMES) && \ defined(WOLFSSL_CERT_EXT) && defined(WOLFSSL_AKID_NAME) && \ (defined(WOLFSSL_QT) || defined(OPENSSL_ALL) || defined(WOLFSSL_IP_ALT_NAME)) WOLFSSL_X509 *x509, *ca; const unsigned char *der; const unsigned char *pt; WOLFSSL_EVP_PKEY *priv; WOLFSSL_X509_NAME *name; int derSz; #ifndef NO_ASN_TIME WOLFSSL_ASN1_TIME *notBefore, *notAfter; const int year = 365*24*60*60; const int day = 24*60*60; const int hour = 60*60; const int mini = 60; time_t t; #endif const unsigned char expected[] = { 0x30, 0x82, 0x05, 0x13, 0x30, 0x82, 0x03, 0xFB, 0xA0, 0x03, 0x02, 0x01, 0x02, 0x02, 0x14, 0x73, 0xFB, 0x54, 0xD6, 0x03, 0x7D, 0x4C, 0x07, 0x84, 0xE2, 0x00, 0x11, 0x8C, 0xDD, 0x90, 0xDC, 0x48, 0x8D, 0xEA, 0x53, 0x30, 0x0D, 0x06, 0x09, 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x01, 0x0B, 0x05, 0x00, 0x30, 0x81, 0x94, 0x31, 0x0B, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x55, 0x53, 0x31, 0x10, 0x30, 0x0E, 0x06, 0x03, 0x55, 0x04, 0x08, 0x0C, 0x07, 0x4D, 0x6F, 0x6E, 0x74, 0x61, 0x6E, 0x61, 0x31, 0x10, 0x30, 0x0E, 0x06, 0x03, 0x55, 0x04, 0x07, 0x0C, 0x07, 0x42, 0x6F, 0x7A, 0x65, 0x6D, 0x61, 0x6E, 0x31, 0x11, 0x30, 0x0F, 0x06, 0x03, 0x55, 0x04, 0x0A, 0x0C, 0x08, 0x53, 0x61, 0x77, 0x74, 0x6F, 0x6F, 0x74, 0x68, 0x31, 0x13, 0x30, 0x11, 0x06, 0x03, 0x55, 0x04, 0x0B, 0x0C, 0x0A, 0x43, 0x6F, 0x6E, 0x73, 0x75, 0x6C, 0x74, 0x69, 0x6E, 0x67, 0x31, 0x18, 0x30, 0x16, 0x06, 0x03, 0x55, 0x04, 0x03, 0x0C, 0x0F, 0x77, 0x77, 0x77, 0x2E, 0x77, 0x6F, 0x6C, 0x66, 0x73, 0x73, 0x6C, 0x2E, 0x63, 0x6F, 0x6D, 0x31, 0x1F, 0x30, 0x1D, 0x06, 0x09, 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x09, 0x01, 0x16, 0x10, 0x69, 0x6E, 0x66, 0x6F, 0x40, 0x77, 0x6F, 0x6C, 0x66, 0x73, 0x73, 0x6C, 0x2E, 0x63, 0x6F, 0x6D, 0x30, 0x1E, 0x17, 0x0D, 0x30, 0x30, 0x30, 0x32, 0x31, 0x35, 0x32, 0x30, 0x33, 0x30, 0x30, 0x30, 0x5A, 0x17, 0x0D, 0x30, 0x31, 0x30, 0x32, 0x31, 0x34, 0x32, 0x30, 0x33, 0x30, 0x30, 0x30, 0x5A, 0x30, 0x81, 0x9E, 0x31, 0x0B, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x55, 0x53, 0x31, 0x10, 0x30, 0x0E, 0x06, 0x03, 0x55, 0x04, 0x08, 0x0C, 0x07, 0x4D, 0x6F, 0x6E, 0x74, 0x61, 0x6E, 0x61, 0x31, 0x10, 0x30, 0x0E, 0x06, 0x03, 0x55, 0x04, 0x07, 0x0C, 0x07, 0x42, 0x6F, 0x7A, 0x65, 0x6D, 0x61, 0x6E, 0x31, 0x15, 0x30, 0x13, 0x06, 0x03, 0x55, 0x04, 0x0A, 0x0C, 0x0C, 0x77, 0x6F, 0x6C, 0x66, 0x53, 0x53, 0x4C, 0x5F, 0x32, 0x30, 0x34, 0x38, 0x31, 0x19, 0x30, 0x17, 0x06, 0x03, 0x55, 0x04, 0x0B, 0x0C, 0x10, 0x50, 0x72, 0x6F, 0x67, 0x72, 0x61, 0x6D, 0x6D, 0x69, 0x6E, 0x67, 0x2D, 0x32, 0x30, 0x34, 0x38, 0x31, 0x18, 0x30, 0x16, 0x06, 0x03, 0x55, 0x04, 0x03, 0x0C, 0x0F, 0x77, 0x77, 0x77, 0x2E, 0x77, 0x6F, 0x6C, 0x66, 0x73, 0x73, 0x6C, 0x2E, 0x63, 0x6F, 0x6D, 0x31, 0x1F, 0x30, 0x1D, 0x06, 0x09, 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x09, 0x01, 0x16, 0x10, 0x69, 0x6E, 0x66, 0x6F, 0x40, 0x77, 0x6F, 0x6C, 0x66, 0x73, 0x73, 0x6C, 0x2E, 0x63, 0x6F, 0x6D, 0x30, 0x82, 0x01, 0x22, 0x30, 0x0D, 0x06, 0x09, 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x01, 0x01, 0x05, 0x00, 0x03, 0x82, 0x01, 0x0F, 0x00, 0x30, 0x82, 0x01, 0x0A, 0x02, 0x82, 0x01, 0x01, 0x00, 0xC3, 0x03, 0xD1, 0x2B, 0xFE, 0x39, 0xA4, 0x32, 0x45, 0x3B, 0x53, 0xC8, 0x84, 0x2B, 0x2A, 0x7C, 0x74, 0x9A, 0xBD, 0xAA, 0x2A, 0x52, 0x07, 0x47, 0xD6, 0xA6, 0x36, 0xB2, 0x07, 0x32, 0x8E, 0xD0, 0xBA, 0x69, 0x7B, 0xC6, 0xC3, 0x44, 0x9E, 0xD4, 0x81, 0x48, 0xFD, 0x2D, 0x68, 0xA2, 0x8B, 0x67, 0xBB, 0xA1, 0x75, 0xC8, 0x36, 0x2C, 0x4A, 0xD2, 0x1B, 0xF7, 0x8B, 0xBA, 0xCF, 0x0D, 0xF9, 0xEF, 0xEC, 0xF1, 0x81, 0x1E, 0x7B, 0x9B, 0x03, 0x47, 0x9A, 0xBF, 0x65, 0xCC, 0x7F, 0x65, 0x24, 0x69, 0xA6, 0xE8, 0x14, 0x89, 0x5B, 0xE4, 0x34, 0xF7, 0xC5, 0xB0, 0x14, 0x93, 0xF5, 0x67, 0x7B, 0x3A, 0x7A, 0x78, 0xE1, 0x01, 0x56, 0x56, 0x91, 0xA6, 0x13, 0x42, 0x8D, 0xD2, 0x3C, 0x40, 0x9C, 0x4C, 0xEF, 0xD1, 0x86, 0xDF, 0x37, 0x51, 0x1B, 0x0C, 0xA1, 0x3B, 0xF5, 0xF1, 0xA3, 0x4A, 0x35, 0xE4, 0xE1, 0xCE, 0x96, 0xDF, 0x1B, 0x7E, 0xBF, 0x4E, 0x97, 0xD0, 0x10, 0xE8, 0xA8, 0x08, 0x30, 0x81, 0xAF, 0x20, 0x0B, 0x43, 0x14, 0xC5, 0x74, 0x67, 0xB4, 0x32, 0x82, 0x6F, 0x8D, 0x86, 0xC2, 0x88, 0x40, 0x99, 0x36, 0x83, 0xBA, 0x1E, 0x40, 0x72, 0x22, 0x17, 0xD7, 0x52, 0x65, 0x24, 0x73, 0xB0, 0xCE, 0xEF, 0x19, 0xCD, 0xAE, 0xFF, 0x78, 0x6C, 0x7B, 0xC0, 0x12, 0x03, 0xD4, 0x4E, 0x72, 0x0D, 0x50, 0x6D, 0x3B, 0xA3, 0x3B, 0xA3, 0x99, 0x5E, 0x9D, 0xC8, 0xD9, 0x0C, 0x85, 0xB3, 0xD9, 0x8A, 0xD9, 0x54, 0x26, 0xDB, 0x6D, 0xFA, 0xAC, 0xBB, 0xFF, 0x25, 0x4C, 0xC4, 0xD1, 0x79, 0xF4, 0x71, 0xD3, 0x86, 0x40, 0x18, 0x13, 0xB0, 0x63, 0xB5, 0x72, 0x4E, 0x30, 0xC4, 0x97, 0x84, 0x86, 0x2D, 0x56, 0x2F, 0xD7, 0x15, 0xF7, 0x7F, 0xC0, 0xAE, 0xF5, 0xFC, 0x5B, 0xE5, 0xFB, 0xA1, 0xBA, 0xD3, 0x02, 0x03, 0x01, 0x00, 0x01, 0xA3, 0x82, 0x01, 0x4F, 0x30, 0x82, 0x01, 0x4B, 0x30, 0x0C, 0x06, 0x03, 0x55, 0x1D, 0x13, 0x04, 0x05, 0x30, 0x03, 0x01, 0x01, 0xFF, 0x30, 0x1C, 0x06, 0x03, 0x55, 0x1D, 0x11, 0x04, 0x15, 0x30, 0x13, 0x82, 0x0B, 0x65, 0x78, 0x61, 0x6D, 0x70, 0x6C, 0x65, 0x2E, 0x63, 0x6F, 0x6D, 0x87, 0x04, 0x7F, 0x00, 0x00, 0x01, 0x30, 0x1D, 0x06, 0x03, 0x55, 0x1D, 0x0E, 0x04, 0x16, 0x04, 0x14, 0x33, 0xD8, 0x45, 0x66, 0xD7, 0x68, 0x87, 0x18, 0x7E, 0x54, 0x0D, 0x70, 0x27, 0x91, 0xC7, 0x26, 0xD7, 0x85, 0x65, 0xC0, 0x30, 0x81, 0xDE, 0x06, 0x03, 0x55, 0x1D, 0x23, 0x04, 0x81, 0xD6, 0x30, 0x81, 0xD3, 0x80, 0x14, 0x33, 0xD8, 0x45, 0x66, 0xD7, 0x68, 0x87, 0x18, 0x7E, 0x54, 0x0D, 0x70, 0x27, 0x91, 0xC7, 0x26, 0xD7, 0x85, 0x65, 0xC0, 0xA1, 0x81, 0xA4, 0xA4, 0x81, 0xA1, 0x30, 0x81, 0x9E, 0x31, 0x0B, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x55, 0x53, 0x31, 0x10, 0x30, 0x0E, 0x06, 0x03, 0x55, 0x04, 0x08, 0x0C, 0x07, 0x4D, 0x6F, 0x6E, 0x74, 0x61, 0x6E, 0x61, 0x31, 0x10, 0x30, 0x0E, 0x06, 0x03, 0x55, 0x04, 0x07, 0x0C, 0x07, 0x42, 0x6F, 0x7A, 0x65, 0x6D, 0x61, 0x6E, 0x31, 0x15, 0x30, 0x13, 0x06, 0x03, 0x55, 0x04, 0x0A, 0x0C, 0x0C, 0x77, 0x6F, 0x6C, 0x66, 0x53, 0x53, 0x4C, 0x5F, 0x32, 0x30, 0x34, 0x38, 0x31, 0x19, 0x30, 0x17, 0x06, 0x03, 0x55, 0x04, 0x0B, 0x0C, 0x10, 0x50, 0x72, 0x6F, 0x67, 0x72, 0x61, 0x6D, 0x6D, 0x69, 0x6E, 0x67, 0x2D, 0x32, 0x30, 0x34, 0x38, 0x31, 0x18, 0x30, 0x16, 0x06, 0x03, 0x55, 0x04, 0x03, 0x0C, 0x0F, 0x77, 0x77, 0x77, 0x2E, 0x77, 0x6F, 0x6C, 0x66, 0x73, 0x73, 0x6C, 0x2E, 0x63, 0x6F, 0x6D, 0x31, 0x1F, 0x30, 0x1D, 0x06, 0x09, 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x09, 0x01, 0x16, 0x10, 0x69, 0x6E, 0x66, 0x6F, 0x40, 0x77, 0x6F, 0x6C, 0x66, 0x73, 0x73, 0x6C, 0x2E, 0x63, 0x6F, 0x6D, 0x82, 0x14, 0x73, 0xFB, 0x54, 0xD6, 0x03, 0x7D, 0x4C, 0x07, 0x84, 0xE2, 0x00, 0x11, 0x8C, 0xDD, 0x90, 0xDC, 0x48, 0x8D, 0xEA, 0x53, 0x30, 0x1D, 0x06, 0x03, 0x55, 0x1D, 0x25, 0x04, 0x16, 0x30, 0x14, 0x06, 0x08, 0x2B, 0x06, 0x01, 0x05, 0x05, 0x07, 0x03, 0x01, 0x06, 0x08, 0x2B, 0x06, 0x01, 0x05, 0x05, 0x07, 0x03, 0x02, 0x30, 0x0D, 0x06, 0x09, 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x01, 0x0B, 0x05, 0x00, 0x03, 0x82, 0x01, 0x01, 0x00, 0x4A, 0xFD, 0x81, 0xC9, 0xE9, 0xE6, 0x2D, 0xC7, 0x1F, 0xFA, 0x0A, 0xDC, 0x80, 0x21, 0xCE, 0xD9, 0x27, 0xD4, 0xA4, 0xA1, 0xEC, 0x87, 0x50, 0xA9, 0xE4, 0x6D, 0xF6, 0x04, 0x93, 0x5A, 0x1E, 0x51, 0xF4, 0x8F, 0x92, 0x3E, 0x58, 0x90, 0xD7, 0xE5, 0xD7, 0x4A, 0x3D, 0xF3, 0xC6, 0x1E, 0xE4, 0x78, 0x57, 0xCB, 0xE7, 0xED, 0x3F, 0x6A, 0x7D, 0x1E, 0xE2, 0xF1, 0x9F, 0xAA, 0x18, 0x0A, 0xC9, 0x1A, 0xD6, 0x78, 0x71, 0xB3, 0xB6, 0xE9, 0x55, 0x84, 0x27, 0x36, 0xA0, 0x89, 0x5C, 0x5A, 0x0A, 0x97, 0x53, 0x95, 0x36, 0x68, 0x39, 0xA9, 0x17, 0x51, 0x84, 0x2A, 0x68, 0x5F, 0xAE, 0xF3, 0x26, 0x32, 0x57, 0x99, 0x4A, 0x65, 0xE2, 0x14, 0x1E, 0xD8, 0x00, 0x24, 0xC1, 0xD1, 0x75, 0x56, 0xD3, 0x99, 0xD3, 0x55, 0x10, 0x88, 0xEC, 0x13, 0x05, 0x89, 0x18, 0x58, 0x55, 0x86, 0xFF, 0xA1, 0x2C, 0xB1, 0x96, 0xE5, 0x63, 0x1C, 0x83, 0xCA, 0xF6, 0x58, 0x0C, 0xD5, 0xD2, 0x27, 0x70, 0x61, 0x87, 0xCC, 0x17, 0x36, 0x6A, 0x75, 0x55, 0xB1, 0x13, 0xB6, 0xC8, 0x94, 0x0B, 0x1F, 0xE0, 0x32, 0xCA, 0x94, 0xA2, 0x46, 0x95, 0xBC, 0xA2, 0xA0, 0x2A, 0x4C, 0xEB, 0xFE, 0x14, 0xA3, 0x1D, 0x38, 0x13, 0x07, 0xB9, 0x98, 0x62, 0x88, 0xF1, 0x8F, 0xBC, 0xD7, 0x3F, 0x72, 0xD4, 0x2F, 0x77, 0xF2, 0x48, 0x0E, 0x9C, 0xAC, 0xE1, 0x44, 0x88, 0x58, 0x9A, 0x8E, 0x81, 0xBD, 0xB8, 0x6E, 0xF4, 0x64, 0x9B, 0x3A, 0xF1, 0x1D, 0x13, 0xE3, 0x51, 0xB9, 0xD1, 0x4D, 0xA3, 0xB5, 0x5D, 0x7B, 0x18, 0xBD, 0xDE, 0xAB, 0x1F, 0x82, 0x23, 0xAE, 0x6E, 0xB7, 0xE9, 0xEA, 0x54, 0xE6, 0xF5, 0x3E, 0x10, 0x80, 0x25, 0x36, 0x83, 0x46, 0xB2, 0x97, 0x8D, 0x3A, 0x06, 0xB6, 0xCC, 0x8D, 0xBE, 0xB4, 0xE6, 0x5E, 0xCA, 0x7B }; pt = ca_key_der_2048; AssertNotNull(priv = wolfSSL_d2i_PrivateKey(EVP_PKEY_RSA, NULL, &pt, sizeof_ca_key_der_2048)); pt = client_cert_der_2048; AssertNotNull(x509 = wolfSSL_d2i_X509(NULL, &pt, sizeof_client_cert_der_2048)); pt = ca_cert_der_2048; AssertNotNull(ca = wolfSSL_d2i_X509(NULL, &pt, sizeof_ca_cert_der_2048)); AssertNotNull(name = wolfSSL_X509_get_subject_name(ca)); AssertIntEQ(wolfSSL_X509_set_issuer_name(x509, name), WOLFSSL_SUCCESS); #ifndef NO_ASN_TIME t = (time_t)30 * year + 45 * day + 20 * hour + 30 * mini + 7 * day; AssertNotNull(notBefore = wolfSSL_ASN1_TIME_adj(NULL, t, 0, 0)); AssertNotNull(notAfter = wolfSSL_ASN1_TIME_adj(NULL, t, 365, 0)); AssertIntEQ(notAfter->length, 13); AssertTrue(wolfSSL_X509_set_notBefore(x509, notBefore)); AssertTrue(wolfSSL_X509_set_notAfter(x509, notAfter)); #endif wolfSSL_X509_sign(x509, priv, EVP_sha256()); AssertNotNull((der = wolfSSL_X509_get_der(x509, &derSz))); AssertIntEQ(derSz, sizeof(expected)); #ifndef NO_ASN_TIME AssertIntEQ(XMEMCMP(der, expected, derSz), 0); #endif wolfSSL_X509_free(ca); wolfSSL_X509_free(x509); wolfSSL_EVP_PKEY_free(priv); #ifndef NO_ASN_TIME wolfSSL_ASN1_TIME_free(notBefore); wolfSSL_ASN1_TIME_free(notAfter); #endif res = TEST_RES_CHECK(1); #endif return res; } static int test_wolfSSL_X509_sign(void) { int res = TEST_SKIPPED; #if defined(OPENSSL_EXTRA) && !defined(NO_CERTS) && !defined(NO_ASN_TIME) && \ defined(WOLFSSL_CERT_GEN) && defined(WOLFSSL_CERT_REQ) && !defined(NO_RSA) int ret; char *cn; word32 cnSz; X509_NAME *name; X509 *x509, *ca; DecodedCert dCert; EVP_PKEY *pub; EVP_PKEY *priv; EVP_MD_CTX *mctx; #if defined(USE_CERT_BUFFERS_1024) const unsigned char* rsaPriv = client_key_der_1024; const unsigned char* rsaPub = client_keypub_der_1024; const unsigned char* certIssuer = client_cert_der_1024; long clientKeySz = (long)sizeof_client_key_der_1024; long clientPubKeySz = (long)sizeof_client_keypub_der_1024; long certIssuerSz = (long)sizeof_client_cert_der_1024; #elif defined(USE_CERT_BUFFERS_2048) const unsigned char* rsaPriv = client_key_der_2048; const unsigned char* rsaPub = client_keypub_der_2048; const unsigned char* certIssuer = client_cert_der_2048; long clientKeySz = (long)sizeof_client_key_der_2048; long clientPubKeySz = (long)sizeof_client_keypub_der_2048; long certIssuerSz = (long)sizeof_client_cert_der_2048; #endif byte sn[16]; int snSz = sizeof(sn); /* Set X509_NAME fields */ AssertNotNull(name = X509_NAME_new()); AssertIntEQ(X509_NAME_add_entry_by_txt(name, "countryName", MBSTRING_UTF8, (byte*)"US", 2, -1, 0), SSL_SUCCESS); AssertIntEQ(X509_NAME_add_entry_by_txt(name, "commonName", MBSTRING_UTF8, (byte*)"wolfssl.com", 11, -1, 0), SSL_SUCCESS); AssertIntEQ(X509_NAME_add_entry_by_txt(name, "emailAddress", MBSTRING_UTF8, (byte*)"support@wolfssl.com", 19, -1, 0), SSL_SUCCESS); /* Get private and public keys */ AssertNotNull(priv = wolfSSL_d2i_PrivateKey(EVP_PKEY_RSA, NULL, &rsaPriv, clientKeySz)); AssertNotNull(pub = wolfSSL_d2i_PUBKEY(NULL, &rsaPub, clientPubKeySz)); AssertNotNull(x509 = X509_new()); /* Set version 3 */ AssertIntNE(X509_set_version(x509, 2L), 0); /* Set subject name, add pubkey, and sign certificate */ AssertIntEQ(X509_set_subject_name(x509, name), SSL_SUCCESS); X509_NAME_free(name); AssertIntEQ(X509_set_pubkey(x509, pub), SSL_SUCCESS); #ifdef WOLFSSL_ALT_NAMES /* Add some subject alt names */ AssertIntNE(wolfSSL_X509_add_altname(NULL, "ipsum", ASN_DNS_TYPE), SSL_SUCCESS); AssertIntEQ(wolfSSL_X509_add_altname(x509, NULL, ASN_DNS_TYPE), SSL_SUCCESS); AssertIntEQ(wolfSSL_X509_add_altname(x509, "sphygmomanometer", ASN_DNS_TYPE), SSL_SUCCESS); AssertIntEQ(wolfSSL_X509_add_altname(x509, "supercalifragilisticexpialidocious", ASN_DNS_TYPE), SSL_SUCCESS); AssertIntEQ(wolfSSL_X509_add_altname(x509, "Llanfairpwllgwyngyllgogerychwyrndrobwllllantysiliogogogoch", ASN_DNS_TYPE), SSL_SUCCESS); #if defined(OPENSSL_ALL) || defined(WOLFSSL_IP_ALT_NAME) { unsigned char ip4_type[] = {127,128,0,255}; unsigned char ip6_type[] = {0xdd, 0xcc, 0xba, 0xab, 0xff, 0xee, 0x99, 0x88, 0x77, 0x66, 0x55, 0x44, 0x00, 0x33, 0x22, 0x11}; AssertIntEQ(wolfSSL_X509_add_altname_ex(x509, (char*)ip4_type, sizeof(ip4_type), ASN_IP_TYPE), SSL_SUCCESS); AssertIntEQ(wolfSSL_X509_add_altname_ex(x509, (char*)ip6_type, sizeof(ip6_type), ASN_IP_TYPE), SSL_SUCCESS); } #endif #endif /* WOLFSSL_ALT_NAMES */ /* test valid sign case */ AssertIntGT(ret = X509_sign(x509, priv, EVP_sha256()), 0); /* test valid X509_sign_ctx case */ AssertNotNull(mctx = EVP_MD_CTX_new()); AssertIntEQ(EVP_DigestSignInit(mctx, NULL, EVP_sha256(), NULL, priv), 1); AssertIntGT(X509_sign_ctx(x509, mctx), 0); #if defined(OPENSSL_ALL) && defined(WOLFSSL_ALT_NAMES) AssertIntEQ(X509_get_ext_count(x509), 1); #endif #if defined(WOLFSSL_ALT_NAMES) && (defined(OPENSSL_ALL) || defined(WOLFSSL_IP_ALT_NAME)) AssertIntEQ(wolfSSL_X509_check_ip_asc(x509, "127.128.0.255", 0), 1); AssertIntEQ(wolfSSL_X509_check_ip_asc(x509, "DDCC:BAAB:FFEE:9988:7766:5544:0033:2211", 0), 1); #endif AssertIntEQ(wolfSSL_X509_get_serial_number(x509, sn, &snSz), WOLFSSL_SUCCESS); DEBUG_WRITE_CERT_X509(x509, "signed.pem"); /* Variation in size depends on ASN.1 encoding when MSB is set. * WOLFSSL_ASN_TEMPLATE code does not generate a serial number * with the MSB set. See GenerateInteger in asn.c */ #ifndef USE_CERT_BUFFERS_1024 #ifndef WOLFSSL_ALT_NAMES /* Valid case - size should be 781-786 with 16 byte serial number */ AssertTrue((781 + snSz <= ret) && (ret <= 781 + 5 + snSz)); #elif defined(OPENSSL_ALL) || defined(WOLFSSL_IP_ALT_NAME) /* Valid case - size should be 955-960 with 16 byte serial number */ AssertTrue((939 + snSz <= ret) && (ret <= 939 + 5 + snSz)); #else /* Valid case - size should be 926-931 with 16 byte serial number */ AssertTrue((910 + snSz <= ret) && (ret <= 910 + 5 + snSz)); #endif #else #ifndef WOLFSSL_ALT_NAMES /* Valid case - size should be 537-542 with 16 byte serial number */ AssertTrue((521 + snSz <= ret) && (ret <= 521 + 5 + snSz)); #elif defined(OPENSSL_ALL) || defined(WOLFSSL_IP_ALT_NAME) /* Valid case - size should be 695-670 with 16 byte serial number */ AssertTrue((679 + snSz <= ret) && (ret <= 679 + 5 + snSz)); #else /* Valid case - size should be 666-671 with 16 byte serial number */ AssertTrue((650 + snSz <= ret) && (ret <= 650 + 5 + snSz)); #endif #endif /* check that issuer name is as expected after signature */ InitDecodedCert(&dCert, certIssuer, (word32)certIssuerSz, 0); AssertIntEQ(ParseCert(&dCert, CERT_TYPE, NO_VERIFY, NULL), 0); AssertNotNull(ca = d2i_X509(NULL, &certIssuer, (int)certIssuerSz)); AssertNotNull(name = X509_get_subject_name(ca)); cnSz = X509_NAME_get_sz(name); AssertNotNull(cn = (char*)XMALLOC(cnSz, HEAP_HINT, DYNAMIC_TYPE_OPENSSL)); AssertNotNull(cn = X509_NAME_oneline(name, cn, cnSz)); AssertIntEQ(0, XSTRNCMP(cn, dCert.subject, XSTRLEN(cn))); XFREE(cn, HEAP_HINT, DYNAMIC_TYPE_OPENSSL); #ifdef WOLFSSL_MULTI_ATTRIB /* test adding multiple OU's to the signer */ AssertNotNull(name = X509_get_subject_name(ca)); AssertIntEQ(X509_NAME_add_entry_by_txt(name, "OU", MBSTRING_UTF8, (byte*)"OU1", 3, -1, 0), SSL_SUCCESS); AssertIntEQ(X509_NAME_add_entry_by_txt(name, "OU", MBSTRING_UTF8, (byte*)"OU2", 3, -1, 0), SSL_SUCCESS); AssertIntGT(X509_sign(ca, priv, EVP_sha256()), 0); #endif AssertNotNull(name = X509_get_subject_name(ca)); AssertIntEQ(X509_set_issuer_name(x509, name), SSL_SUCCESS); AssertIntGT(X509_sign(x509, priv, EVP_sha256()), 0); AssertNotNull(name = X509_get_issuer_name(x509)); cnSz = X509_NAME_get_sz(name); AssertNotNull(cn = (char*)XMALLOC(cnSz, HEAP_HINT, DYNAMIC_TYPE_OPENSSL)); AssertNotNull(cn = X509_NAME_oneline(name, cn, cnSz)); /* compare and don't include the multi-attrib "/OU=OU1/OU=OU2" above */ AssertIntEQ(0, XSTRNCMP(cn, dCert.issuer, XSTRLEN(dCert.issuer))); XFREE(cn, HEAP_HINT, DYNAMIC_TYPE_OPENSSL); FreeDecodedCert(&dCert); /* Test invalid parameters */ AssertIntEQ(X509_sign(NULL, priv, EVP_sha256()), 0); AssertIntEQ(X509_sign(x509, NULL, EVP_sha256()), 0); AssertIntEQ(X509_sign(x509, priv, NULL), 0); AssertIntEQ(X509_sign_ctx(NULL, mctx), 0); EVP_MD_CTX_free(mctx); AssertNotNull(mctx = EVP_MD_CTX_new()); AssertIntEQ(X509_sign_ctx(x509, mctx), 0); AssertIntEQ(X509_sign_ctx(x509, NULL), 0); /* test invalid version number */ #if defined(OPENSSL_ALL) AssertIntNE(X509_set_version(x509, 6L), 0); AssertIntGT(X509_sign(x509, priv, EVP_sha256()), 0); /* uses ParseCert which fails on bad version number */ AssertIntEQ(X509_get_ext_count(x509), SSL_FAILURE); #endif EVP_MD_CTX_free(mctx); EVP_PKEY_free(priv); EVP_PKEY_free(pub); X509_free(x509); X509_free(ca); res = TEST_RES_CHECK(1); #endif return res; } static int test_wolfSSL_X509_get0_tbs_sigalg(void) { int res = TEST_SKIPPED; #if (defined(OPENSSL_ALL) || defined(WOLFSSL_APACHE_HTTPD)) X509* x509 = NULL; const X509_ALGOR* alg; AssertNotNull(x509 = X509_new()); AssertNull(alg = X509_get0_tbs_sigalg(NULL)); AssertNotNull(alg = X509_get0_tbs_sigalg(x509)); X509_free(x509); res = TEST_RES_CHECK(1); #endif return res; } static int test_wolfSSL_X509_ALGOR_get0(void) { int res = TEST_SKIPPED; #if (defined(OPENSSL_ALL) || defined(WOLFSSL_APACHE_HTTPD)) && \ !defined(NO_SHA256) && !defined(NO_RSA) X509* x509 = NULL; const ASN1_OBJECT* obj = NULL; const X509_ALGOR* alg; int pptype = 0; const void *ppval = NULL; AssertNotNull(x509 = wolfSSL_X509_load_certificate_file(cliCertFile, SSL_FILETYPE_PEM)); AssertNotNull(alg = X509_get0_tbs_sigalg(x509)); /* Invalid case */ X509_ALGOR_get0(&obj, NULL, NULL, NULL); AssertNull(obj); /* Valid case */ X509_ALGOR_get0(&obj, &pptype, &ppval, alg); AssertNotNull(obj); AssertNull(ppval); AssertIntNE(pptype, 0); /* Make sure NID of X509_ALGOR is Sha256 with RSA */ AssertIntEQ(OBJ_obj2nid(obj), NID_sha256WithRSAEncryption); X509_free(x509); res = TEST_RES_CHECK(1); #endif return res; } static int test_wolfSSL_X509_VERIFY_PARAM(void) { int res = TEST_SKIPPED; #if defined(OPENSSL_EXTRA) X509_VERIFY_PARAM *paramTo; X509_VERIFY_PARAM *paramFrom; int ret; char testIPv4[] = "127.0.0.1"; char testIPv6[] = "0001:0000:0000:0000:0000:0000:0000:0000/32"; char testhostName1[] = "foo.hoge.com"; char testhostName2[] = "foobar.hoge.com"; paramTo = X509_VERIFY_PARAM_new(); AssertNotNull(paramTo); XMEMSET(paramTo, 0, sizeof(X509_VERIFY_PARAM )); paramFrom = X509_VERIFY_PARAM_new(); AssertNotNull(paramFrom); XMEMSET(paramFrom, 0, sizeof(X509_VERIFY_PARAM )); ret = X509_VERIFY_PARAM_set1_host(paramFrom, testhostName1, (int)XSTRLEN(testhostName1)); AssertIntEQ(1, ret); AssertIntEQ(0, XSTRNCMP(paramFrom->hostName, testhostName1, (int)XSTRLEN(testhostName1))); X509_VERIFY_PARAM_set_hostflags(NULL, 0x00); X509_VERIFY_PARAM_set_hostflags(paramFrom, 0x01); AssertIntEQ(0x01, paramFrom->hostFlags); ret = X509_VERIFY_PARAM_set1_ip_asc(NULL, testIPv4); AssertIntEQ(0, ret); ret = X509_VERIFY_PARAM_set1_ip_asc(paramFrom, testIPv4); AssertIntEQ(1, ret); AssertIntEQ(0, XSTRNCMP(paramFrom->ipasc, testIPv4, WOLFSSL_MAX_IPSTR)); ret = X509_VERIFY_PARAM_set1_ip_asc(paramFrom, NULL); AssertIntEQ(1, ret); ret = X509_VERIFY_PARAM_set1_ip_asc(paramFrom, testIPv6); AssertIntEQ(1, ret); AssertIntEQ(0, XSTRNCMP(paramFrom->ipasc, testIPv6, WOLFSSL_MAX_IPSTR)); /* null pointer */ ret = X509_VERIFY_PARAM_set1(NULL, paramFrom); AssertIntEQ(WOLFSSL_FAILURE, ret); /* in the case of "from" null, returns success */ ret = X509_VERIFY_PARAM_set1(paramTo, NULL); AssertIntEQ(WOLFSSL_SUCCESS, ret); ret = X509_VERIFY_PARAM_set1(NULL, NULL); AssertIntEQ(WOLFSSL_FAILURE, ret); /* inherit flags test : VPARAM_DEFAULT */ ret = X509_VERIFY_PARAM_set1(paramTo, paramFrom); AssertIntEQ(1, ret); AssertIntEQ(0, XSTRNCMP(paramTo->hostName, testhostName1, (int)XSTRLEN(testhostName1))); AssertIntEQ(0x01, paramTo->hostFlags); AssertIntEQ(0, XSTRNCMP(paramTo->ipasc, testIPv6, WOLFSSL_MAX_IPSTR)); /* inherit flags test : VPARAM OVERWRITE */ X509_VERIFY_PARAM_set1_host(paramTo, testhostName2, (int)XSTRLEN(testhostName2)); X509_VERIFY_PARAM_set1_ip_asc(paramTo, testIPv4); X509_VERIFY_PARAM_set_hostflags(paramTo, 0x00); paramTo->inherit_flags = X509_VP_FLAG_OVERWRITE; ret = X509_VERIFY_PARAM_set1(paramTo, paramFrom); AssertIntEQ(1, ret); AssertIntEQ(0, XSTRNCMP(paramTo->hostName, testhostName1, (int)XSTRLEN(testhostName1))); AssertIntEQ(0x01, paramTo->hostFlags); AssertIntEQ(0, XSTRNCMP(paramTo->ipasc, testIPv6, WOLFSSL_MAX_IPSTR)); /* inherit flags test : VPARAM_RESET_FLAGS */ X509_VERIFY_PARAM_set1_host(paramTo, testhostName2, (int)XSTRLEN(testhostName2)); X509_VERIFY_PARAM_set1_ip_asc(paramTo, testIPv4); X509_VERIFY_PARAM_set_hostflags(paramTo, 0x10); paramTo->inherit_flags = X509_VP_FLAG_RESET_FLAGS; ret = X509_VERIFY_PARAM_set1(paramTo, paramFrom); AssertIntEQ(1, ret); AssertIntEQ(0, XSTRNCMP(paramTo->hostName, testhostName1, (int)XSTRLEN(testhostName1))); AssertIntEQ(0x01, paramTo->hostFlags); AssertIntEQ(0, XSTRNCMP(paramTo->ipasc, testIPv6, WOLFSSL_MAX_IPSTR)); /* inherit flags test : VPARAM_LOCKED */ X509_VERIFY_PARAM_set1_host(paramTo, testhostName2, (int)XSTRLEN(testhostName2)); X509_VERIFY_PARAM_set1_ip_asc(paramTo, testIPv4); X509_VERIFY_PARAM_set_hostflags(paramTo, 0x00); paramTo->inherit_flags = X509_VP_FLAG_LOCKED; ret = X509_VERIFY_PARAM_set1(paramTo, paramFrom); AssertIntEQ(1, ret); AssertIntEQ(0, XSTRNCMP(paramTo->hostName, testhostName2, (int)XSTRLEN(testhostName2))); AssertIntEQ(0x00, paramTo->hostFlags); AssertIntEQ(0, XSTRNCMP(paramTo->ipasc, testIPv4, WOLFSSL_MAX_IPSTR)); /* test for incorrect parameters */ ret = X509_VERIFY_PARAM_set_flags(NULL, X509_V_FLAG_CRL_CHECK_ALL ); AssertIntEQ(0, ret); ret = X509_VERIFY_PARAM_set_flags(NULL, 0 ); AssertIntEQ(0, ret); /* inherit flags test : VPARAM_ONCE, not testable yet */ ret = X509_VERIFY_PARAM_set_flags(paramTo, X509_V_FLAG_CRL_CHECK_ALL); AssertIntEQ(1, ret); ret = X509_VERIFY_PARAM_get_flags(paramTo); AssertIntEQ(X509_V_FLAG_CRL_CHECK_ALL, ret); ret = X509_VERIFY_PARAM_clear_flags(paramTo, X509_V_FLAG_CRL_CHECK_ALL); AssertIntEQ(1, ret); ret = X509_VERIFY_PARAM_get_flags(paramTo); AssertIntEQ(0, ret); X509_VERIFY_PARAM_free(paramTo); X509_VERIFY_PARAM_free(paramFrom); X509_VERIFY_PARAM_free(NULL); /* to confirm NULL parameter gives no harm */ res = TEST_RES_CHECK(1); #endif return res; } #if defined(OPENSSL_EXTRA) && defined(HAVE_IO_TESTS_DEPENDENCIES) static int test_wolfSSL_check_domain_verify_count = 0; static WC_INLINE int test_wolfSSL_check_domain_verify_cb(int preverify, WOLFSSL_X509_STORE_CTX* store) { AssertIntEQ(X509_STORE_CTX_get_error(store), 0); AssertIntEQ(preverify, 1); test_wolfSSL_check_domain_verify_count++; return 1; } static void test_wolfSSL_check_domain_client_cb(WOLFSSL* ssl) { X509_VERIFY_PARAM *param = SSL_get0_param(ssl); /* Domain check should only be done on the leaf cert */ X509_VERIFY_PARAM_set_hostflags(param, X509_CHECK_FLAG_NO_PARTIAL_WILDCARDS); AssertIntEQ(X509_VERIFY_PARAM_set1_host(param, "wolfSSL Server Chain", 0), 1); wolfSSL_set_verify(ssl, WOLFSSL_VERIFY_PEER, test_wolfSSL_check_domain_verify_cb); } static void test_wolfSSL_check_domain_server_cb(WOLFSSL_CTX* ctx) { /* Use a cert with different domains in chain */ AssertIntEQ(wolfSSL_CTX_use_certificate_chain_file(ctx, "certs/intermediate/server-chain.pem"), WOLFSSL_SUCCESS); } static int test_wolfSSL_check_domain(void) { tcp_ready ready; func_args client_args; func_args server_args; THREAD_TYPE serverThread; callback_functions func_cb_client; callback_functions func_cb_server; XMEMSET(&client_args, 0, sizeof(func_args)); XMEMSET(&server_args, 0, sizeof(func_args)); XMEMSET(&func_cb_client, 0, sizeof(callback_functions)); XMEMSET(&func_cb_server, 0, sizeof(callback_functions)); #ifdef WOLFSSL_TIRTOS fdOpenSession(Task_self()); #endif StartTCP(); InitTcpReady(&ready); #if defined(USE_WINDOWS_API) /* use RNG to get random port if using windows */ ready.port = GetRandomPort(); #endif server_args.signal = &ready; client_args.signal = &ready; func_cb_client.ssl_ready = &test_wolfSSL_check_domain_client_cb; func_cb_server.ctx_ready = &test_wolfSSL_check_domain_server_cb; client_args.callbacks = &func_cb_client; server_args.callbacks = &func_cb_server; start_thread(test_server_nofail, &server_args, &serverThread); wait_tcp_ready(&server_args); test_client_nofail(&client_args, NULL); join_thread(serverThread); AssertTrue(client_args.return_code); AssertTrue(server_args.return_code); FreeTcpReady(&ready); /* Should have been called once for each cert in sent chain */ #ifdef WOLFSSL_VERIFY_CB_ALL_CERTS AssertIntEQ(test_wolfSSL_check_domain_verify_count, 3); #else AssertIntEQ(test_wolfSSL_check_domain_verify_count, 1); #endif return TEST_RES_CHECK(1); } #endif /* OPENSSL_EXTRA && HAVE_IO_TESTS_DEPENDENCIES */ static int test_wolfSSL_X509_get_X509_PUBKEY(void) { int res = TEST_SKIPPED; #if (defined(OPENSSL_ALL) || defined(WOLFSSL_APACHE_HTTPD)) X509* x509 = NULL; X509_PUBKEY* pubKey; AssertNotNull(x509 = X509_new()); AssertNull(pubKey = wolfSSL_X509_get_X509_PUBKEY(NULL)); AssertNotNull(pubKey = wolfSSL_X509_get_X509_PUBKEY(x509)); X509_free(x509); res = TEST_RES_CHECK(1); #endif return res; } static int test_wolfSSL_X509_PUBKEY_RSA(void) { int res = TEST_SKIPPED; #if (defined(OPENSSL_ALL) || defined(WOLFSSL_APACHE_HTTPD)) && \ !defined(NO_SHA256) && !defined(NO_RSA) X509* x509 = NULL; ASN1_OBJECT* obj = NULL; const ASN1_OBJECT* pa_oid = NULL; X509_PUBKEY* pubKey; X509_PUBKEY* pubKey2; EVP_PKEY* evpKey; const unsigned char *pk; int ppklen, pptype; X509_ALGOR *pa; const void *pval; AssertNotNull(x509 = X509_load_certificate_file(cliCertFile, SSL_FILETYPE_PEM)); AssertNotNull(pubKey = X509_get_X509_PUBKEY(x509)); AssertIntEQ(X509_PUBKEY_get0_param(&obj, &pk, &ppklen, &pa, pubKey), 1); AssertNotNull(pk); AssertNotNull(pa); AssertNotNull(pubKey); AssertIntGT(ppklen, 0); AssertIntEQ(OBJ_obj2nid(obj), NID_rsaEncryption); AssertNotNull(evpKey = X509_PUBKEY_get(pubKey)); AssertNotNull(pubKey2 = X509_PUBKEY_new()); AssertIntEQ(X509_PUBKEY_set(&pubKey2, evpKey), 1); AssertIntEQ(X509_PUBKEY_get0_param(&obj, &pk, &ppklen, &pa, pubKey2), 1); AssertNotNull(pk); AssertNotNull(pa); AssertIntGT(ppklen, 0); X509_ALGOR_get0(&pa_oid, &pptype, &pval, pa); AssertNotNull(pa_oid); AssertNull(pval); AssertIntEQ(pptype, V_ASN1_NULL); AssertIntEQ(OBJ_obj2nid(pa_oid), EVP_PKEY_RSA); X509_PUBKEY_free(pubKey2); X509_free(x509); EVP_PKEY_free(evpKey); res = TEST_RES_CHECK(1); #endif return res; } static int test_wolfSSL_X509_PUBKEY_EC(void) { int res = TEST_SKIPPED; #if (defined(OPENSSL_ALL) || defined(WOLFSSL_APACHE_HTTPD)) && defined(HAVE_ECC) X509* x509 = NULL; ASN1_OBJECT* obj = NULL; ASN1_OBJECT* poid; const ASN1_OBJECT* pa_oid = NULL; X509_PUBKEY* pubKey; X509_PUBKEY* pubKey2; EVP_PKEY* evpKey; const unsigned char *pk; int ppklen, pptype; X509_ALGOR *pa; const void *pval; char buf[50]; AssertNotNull(x509 = X509_load_certificate_file(cliEccCertFile, SSL_FILETYPE_PEM)); AssertNotNull(pubKey = X509_get_X509_PUBKEY(x509)); AssertNotNull(evpKey = X509_PUBKEY_get(pubKey)); AssertNotNull(pubKey2 = X509_PUBKEY_new()); AssertIntEQ(X509_PUBKEY_set(&pubKey2, evpKey), 1); AssertIntEQ(X509_PUBKEY_get0_param(&obj, &pk, &ppklen, &pa, pubKey2), 1); AssertNotNull(pk); AssertNotNull(pa); AssertIntGT(ppklen, 0); X509_ALGOR_get0(&pa_oid, &pptype, &pval, pa); AssertNotNull(pa_oid); AssertNotNull(pval); AssertIntEQ(pptype, V_ASN1_OBJECT); AssertIntEQ(OBJ_obj2nid(pa_oid), EVP_PKEY_EC); poid = (ASN1_OBJECT *)pval; AssertIntGT(OBJ_obj2txt(buf, (int)sizeof(buf), poid, 0), 0); AssertIntEQ(OBJ_txt2nid(buf), NID_X9_62_prime256v1); X509_PUBKEY_free(pubKey2); X509_free(x509); EVP_PKEY_free(evpKey); res = TEST_RES_CHECK(1); #endif return res; } static int test_wolfSSL_X509_PUBKEY_DSA(void) { int res = TEST_SKIPPED; #if (defined(OPENSSL_ALL) || defined(WOLFSSL_APACHE_HTTPD)) && !defined(NO_DSA) word32 bytes; #ifdef USE_CERT_BUFFERS_1024 byte tmp[ONEK_BUF]; #elif defined(USE_CERT_BUFFERS_2048) byte tmp[TWOK_BUF]; #else byte tmp[TWOK_BUF]; #endif /* END USE_CERT_BUFFERS_1024 */ const unsigned char* dsaKeyDer = tmp; ASN1_OBJECT* obj = NULL; ASN1_STRING* str; const ASN1_OBJECT* pa_oid = NULL; X509_PUBKEY* pubKey = NULL; EVP_PKEY* evpKey = NULL; const unsigned char *pk; int ppklen, pptype; X509_ALGOR *pa; const void *pval; #ifdef USE_CERT_BUFFERS_1024 XMEMSET(tmp, 0, sizeof(tmp)); XMEMCPY(tmp, dsa_key_der_1024, sizeof_dsa_key_der_1024); bytes = sizeof_dsa_key_der_1024; #elif defined(USE_CERT_BUFFERS_2048) XMEMSET(tmp, 0, sizeof(tmp)); XMEMCPY(tmp, dsa_key_der_2048, sizeof_dsa_key_der_2048); bytes = sizeof_dsa_key_der_2048; #else { XFILE fp; XMEMSET(tmp, 0, sizeof(tmp)); fp = XFOPEN("./certs/dsa2048.der", "rb"); if (fp == XBADFILE) { return WOLFSSL_BAD_FILE; } bytes = (word32) XFREAD(tmp, 1, sizeof(tmp), fp); XFCLOSE(fp); } #endif /* Initialize pkey with der format dsa key */ AssertNotNull(d2i_PrivateKey(EVP_PKEY_DSA, &evpKey, &dsaKeyDer, bytes)); AssertNotNull(pubKey = X509_PUBKEY_new()); AssertIntEQ(X509_PUBKEY_set(&pubKey, evpKey), 1); AssertIntEQ(X509_PUBKEY_get0_param(&obj, &pk, &ppklen, &pa, pubKey), 1); AssertNotNull(pk); AssertNotNull(pa); AssertIntGT(ppklen, 0); X509_ALGOR_get0(&pa_oid, &pptype, &pval, pa); AssertNotNull(pa_oid); AssertNotNull(pval); AssertIntEQ(pptype, V_ASN1_SEQUENCE); AssertIntEQ(OBJ_obj2nid(pa_oid), EVP_PKEY_DSA); str = (ASN1_STRING *)pval; DEBUG_WRITE_DER(ASN1_STRING_data(str), ASN1_STRING_length(str), "str.der"); #ifdef USE_CERT_BUFFERS_1024 AssertIntEQ(ASN1_STRING_length(str), 291); #else AssertIntEQ(ASN1_STRING_length(str), 549); #endif /* END USE_CERT_BUFFERS_1024 */ X509_PUBKEY_free(pubKey); EVP_PKEY_free(evpKey); res = TEST_RES_CHECK(1); #endif return res; } static int test_wolfSSL_RAND(void) { int res = TEST_SKIPPED; #if defined(OPENSSL_EXTRA) byte seed[16]; XMEMSET(seed, 0, sizeof(seed)); RAND_seed(seed, sizeof(seed)); AssertIntEQ(RAND_poll(), 1); RAND_cleanup(); AssertIntEQ(RAND_egd(NULL), -1); #ifndef NO_FILESYSTEM { char fname[100]; AssertNotNull(RAND_file_name(fname, (sizeof(fname) - 1))); AssertIntEQ(RAND_write_file(NULL), 0); } #endif res = TEST_RES_CHECK(1); #endif return res; } static int test_wolfSSL_BUF(void) { int res = TEST_SKIPPED; #if defined(OPENSSL_EXTRA) BUF_MEM* buf; AssertNotNull(buf = BUF_MEM_new()); AssertIntEQ(BUF_MEM_grow(buf, 10), 10); AssertIntEQ(BUF_MEM_grow(buf, -1), 0); BUF_MEM_free(buf); res = TEST_RES_CHECK(1); #endif return res; } #if defined(OPENSSL_EXTRA) && !defined(WOLFSSL_NO_OPENSSL_RAND_CB) static int stub_rand_seed(const void *buf, int num) { (void)buf; (void)num; return 123; } static int stub_rand_bytes(unsigned char *buf, int num) { (void)buf; (void)num; return 456; } static byte* was_stub_rand_cleanup_called(void) { static byte was_called = 0; return &was_called; } static void stub_rand_cleanup(void) { byte* was_called = was_stub_rand_cleanup_called(); *was_called = 1; return; } static byte* was_stub_rand_add_called(void) { static byte was_called = 0; return &was_called; } static int stub_rand_add(const void *buf, int num, double entropy) { byte* was_called = was_stub_rand_add_called(); (void)buf; (void)num; (void)entropy; *was_called = 1; return 0; } static int stub_rand_pseudo_bytes(unsigned char *buf, int num) { (void)buf; (void)num; return 9876; } static int stub_rand_status(void) { return 5432; } #endif /* OPENSSL_EXTRA && !WOLFSSL_NO_OPENSSL_RAND_CB */ static int test_wolfSSL_RAND_set_rand_method(void) { int res = TEST_SKIPPED; #if defined(OPENSSL_EXTRA) && !defined(WOLFSSL_NO_OPENSSL_RAND_CB) RAND_METHOD rand_methods = {NULL, NULL, NULL, NULL, NULL, NULL}; unsigned char* buf = NULL; int num = 0; double entropy = 0; byte* was_cleanup_called = was_stub_rand_cleanup_called(); byte* was_add_called = was_stub_rand_add_called(); buf = (byte*)XMALLOC(32 * sizeof(byte), NULL, DYNAMIC_TYPE_TMP_BUFFER); AssertIntNE(wolfSSL_RAND_status(), 5432); AssertIntEQ(*was_cleanup_called, 0); RAND_cleanup(); AssertIntEQ(*was_cleanup_called, 0); rand_methods.seed = &stub_rand_seed; rand_methods.bytes = &stub_rand_bytes; rand_methods.cleanup = &stub_rand_cleanup; rand_methods.add = &stub_rand_add; rand_methods.pseudorand = &stub_rand_pseudo_bytes; rand_methods.status = &stub_rand_status; AssertIntEQ(RAND_set_rand_method(&rand_methods), WOLFSSL_SUCCESS); AssertIntEQ(RAND_seed(buf, num), 123); AssertIntEQ(RAND_bytes(buf, num), 456); AssertIntEQ(RAND_pseudo_bytes(buf, num), 9876); AssertIntEQ(RAND_status(), 5432); AssertIntEQ(*was_add_called, 0); /* The function pointer for RAND_add returns int, but RAND_add itself returns void. */ RAND_add(buf, num, entropy); AssertIntEQ(*was_add_called, 1); was_add_called = 0; AssertIntEQ(*was_cleanup_called, 0); RAND_cleanup(); AssertIntEQ(*was_cleanup_called, 1); *was_cleanup_called = 0; AssertIntEQ(RAND_set_rand_method(NULL), WOLFSSL_SUCCESS); AssertIntNE(RAND_status(), 5432); AssertIntEQ(*was_cleanup_called, 0); RAND_cleanup(); AssertIntEQ(*was_cleanup_called, 0); XFREE(buf, NULL, DYNAMIC_TYPE_TMP_BUFFER); res = TEST_RES_CHECK(1); #endif /* OPENSSL_EXTRA && !WOLFSSL_NO_OPENSSL_RAND_CB */ return res; } static int test_wolfSSL_RAND_bytes(void) { int res = TEST_SKIPPED; #if defined(OPENSSL_EXTRA) const int size1 = RNG_MAX_BLOCK_LEN; /* in bytes */ const int size2 = RNG_MAX_BLOCK_LEN + 1; /* in bytes */ const int size3 = RNG_MAX_BLOCK_LEN * 2; /* in bytes */ const int size4 = RNG_MAX_BLOCK_LEN * 4; /* in bytes */ int max_bufsize; byte *my_buf; /* sanity check */ AssertIntEQ(RAND_bytes(NULL, 16), 0); AssertIntEQ(RAND_bytes(NULL, 0), 0); max_bufsize = size4; my_buf = (byte*)XMALLOC(max_bufsize * sizeof(byte), NULL, DYNAMIC_TYPE_TMP_BUFFER); AssertIntEQ(RAND_bytes(my_buf, 0), 1); AssertIntEQ(RAND_bytes(my_buf, -1), 0); AssertNotNull(my_buf); XMEMSET(my_buf, 0, max_bufsize); AssertIntEQ(RAND_bytes(my_buf, size1), 1); AssertIntEQ(RAND_bytes(my_buf, size2), 1); AssertIntEQ(RAND_bytes(my_buf, size3), 1); AssertIntEQ(RAND_bytes(my_buf, size4), 1); XFREE(my_buf, NULL, DYNAMIC_TYPE_TMP_BUFFER); res = TEST_RES_CHECK(1); #endif return res; } static int test_wolfSSL_PKCS8_Compat(void) { int res = TEST_SKIPPED; #if defined(OPENSSL_EXTRA) && !defined(NO_FILESYSTEM) && defined(HAVE_ECC) #ifndef NO_BIO PKCS8_PRIV_KEY_INFO* pt; BIO* bio; XFILE f; int bytes; char pkcs8_buffer[512]; #if defined(OPENSSL_ALL) || defined(WOLFSSL_WPAS_SMALL) EVP_PKEY *pkey = NULL; #endif /* file from wolfssl/certs/ directory */ f = XFOPEN("./certs/ecc-keyPkcs8.pem", "rb"); AssertTrue(f != XBADFILE); AssertIntGT((bytes = (int)XFREAD(pkcs8_buffer, 1, sizeof(pkcs8_buffer), f)), 0); XFCLOSE(f); AssertNotNull(bio = BIO_new_mem_buf((void*)pkcs8_buffer, bytes)); AssertNotNull(pt = d2i_PKCS8_PRIV_KEY_INFO_bio(bio, NULL)); #if defined(OPENSSL_ALL) || defined(WOLFSSL_WPAS_SMALL) AssertNotNull(pkey = EVP_PKCS82PKEY(pt)); AssertIntEQ(EVP_PKEY_type(pkey->type), EVP_PKEY_EC); /* gets PKCS8 pointer to pkey */ AssertNotNull(EVP_PKEY2PKCS8(pkey)); EVP_PKEY_free(pkey); #endif BIO_free(bio); PKCS8_PRIV_KEY_INFO_free(pt); res = TEST_RES_CHECK(1); #endif #endif return res; } static int test_wolfSSL_PKCS8_d2i(void) { int res = TEST_SKIPPED; #if !defined(HAVE_FIPS) && defined(OPENSSL_EXTRA) /* This test ends up using HMAC as a part of PBKDF2, and HMAC * requires a 12 byte password in FIPS mode. This test ends up * trying to use an 8 byte password. */ #ifndef NO_FILESYSTEM unsigned char pkcs8_buffer[2048]; const unsigned char* p; int bytes; XFILE file; WOLFSSL_EVP_PKEY* pkey = NULL; #ifndef NO_BIO BIO* bio; #if defined(OPENSSL_ALL) && \ ((!defined(NO_RSA) && !defined(NO_DES3)) || \ defined(HAVE_ECC)) && \ !defined(NO_BIO) && !defined(NO_PWDBASED) && defined(HAVE_PKCS8) WOLFSSL_EVP_PKEY* evpPkey = NULL; #endif #endif #ifndef NO_RSA const char rsaDerPkcs8File[] = "./certs/server-keyPkcs8.der"; const char rsaPemPkcs8File[] = "./certs/server-keyPkcs8.pem"; #ifndef NO_DES3 const char rsaDerPkcs8EncFile[] = "./certs/server-keyPkcs8Enc.der"; #endif #endif /* NO_RSA */ #ifdef HAVE_ECC const char ecDerPkcs8File[] = "certs/ecc-keyPkcs8.der"; const char ecPemPkcs8File[] = "certs/ecc-keyPkcs8.pem"; #ifndef NO_DES3 const char ecDerPkcs8EncFile[] = "certs/ecc-keyPkcs8Enc.der"; #endif #endif /* HAVE_ECC */ #endif /* !NO_FILESYSTEM */ #if defined(OPENSSL_ALL) && (!defined(NO_RSA) || defined(HAVE_ECC)) #ifndef NO_RSA #ifdef USE_CERT_BUFFERS_1024 const unsigned char* rsa = (unsigned char*)server_key_der_1024; int rsaSz = sizeof_server_key_der_1024; #else const unsigned char* rsa = (unsigned char*)server_key_der_2048; int rsaSz = sizeof_server_key_der_2048; #endif #endif #ifdef HAVE_ECC const unsigned char* ec = (unsigned char*)ecc_key_der_256; int ecSz = sizeof_ecc_key_der_256; #endif #endif /* OPENSSL_ALL && (!NO_RSA || HAVE_ECC) */ #ifndef NO_FILESYSTEM (void)pkcs8_buffer; (void)p; (void)bytes; (void)file; #ifndef NO_BIO (void)bio; #endif #endif #ifdef OPENSSL_ALL #ifndef NO_RSA /* Try to auto-detect normal RSA private key */ AssertNotNull(pkey = d2i_AutoPrivateKey(NULL, &rsa, rsaSz)); EVP_PKEY_free(pkey); #endif #ifdef HAVE_ECC /* Try to auto-detect normal EC private key */ AssertNotNull(pkey = d2i_AutoPrivateKey(NULL, &ec, ecSz)); EVP_PKEY_free(pkey); #endif #endif /* OPENSSL_ALL */ #ifndef NO_FILESYSTEM #ifndef NO_RSA /* Get DER encoded RSA PKCS#8 data. */ file = XFOPEN(rsaDerPkcs8File, "rb"); AssertTrue(file != XBADFILE); XMEMSET(pkcs8_buffer, 0, sizeof(pkcs8_buffer)); AssertIntGT((bytes = (int)XFREAD(pkcs8_buffer, 1, sizeof(pkcs8_buffer), file)), 0); XFCLOSE(file); p = pkcs8_buffer; #ifdef OPENSSL_ALL /* Try to decode - auto-detect key type. */ AssertNotNull(pkey = d2i_AutoPrivateKey(NULL, &p, bytes)); #else AssertNotNull(pkey = d2i_PrivateKey(EVP_PKEY_RSA, NULL, &p, bytes)); #endif /* Get PEM encoded RSA PKCS#8 data. */ file = XFOPEN(rsaPemPkcs8File, "rb"); AssertTrue(file != XBADFILE); AssertIntGT((bytes = (int)XFREAD(pkcs8_buffer, 1, sizeof(pkcs8_buffer), file)), 0); XFCLOSE(file); #if defined(OPENSSL_ALL) && \ !defined(NO_BIO) && !defined(NO_PWDBASED) && defined(HAVE_PKCS8) AssertNotNull(bio = BIO_new(BIO_s_mem())); /* Write PKCS#8 PEM to BIO. */ AssertIntEQ(PEM_write_bio_PKCS8PrivateKey(bio, pkey, NULL, NULL, 0, NULL, NULL), bytes); /* Compare file and written data */ AssertIntEQ(BIO_get_mem_data(bio, &p), bytes); AssertIntEQ(XMEMCMP(p, pkcs8_buffer, bytes), 0); BIO_free(bio); #if !defined(NO_DES3) && !defined(NO_SHA) AssertNotNull(bio = BIO_new(BIO_s_mem())); /* Write Encrypted PKCS#8 PEM to BIO. */ bytes = 1834; AssertIntEQ(PEM_write_bio_PKCS8PrivateKey(bio, pkey, EVP_des_ede3_cbc(), NULL, 0, PasswordCallBack, (void*)"yassl123"), bytes); AssertNotNull(evpPkey = PEM_read_bio_PrivateKey(bio, NULL, PasswordCallBack, (void*)"yassl123")); EVP_PKEY_free(evpPkey); BIO_free(bio); #endif /* !NO_DES3 && !NO_SHA */ #endif /* !NO_BIO && !NO_PWDBASED && HAVE_PKCS8 */ EVP_PKEY_free(pkey); /* PKCS#8 encrypted RSA key */ #ifndef NO_DES3 file = XFOPEN(rsaDerPkcs8EncFile, "rb"); AssertTrue(file != XBADFILE); XMEMSET(pkcs8_buffer, 0, sizeof(pkcs8_buffer)); AssertIntGT((bytes = (int)XFREAD(pkcs8_buffer, 1, sizeof(pkcs8_buffer), file)), 0); XFCLOSE(file); #if defined(OPENSSL_ALL) && \ !defined(NO_BIO) && !defined(NO_PWDBASED) && defined(HAVE_PKCS8) AssertNotNull(bio = BIO_new_mem_buf((void*)pkcs8_buffer, bytes)); AssertNotNull(pkey = d2i_PKCS8PrivateKey_bio(bio, NULL, PasswordCallBack, (void*)"yassl123")); EVP_PKEY_free(pkey); BIO_free(bio); #endif /* OPENSSL_ALL && !NO_BIO && !NO_PWDBASED && HAVE_PKCS8 */ #endif /* !NO_DES3 */ #endif /* NO_RSA */ #ifdef HAVE_ECC /* PKCS#8 encode EC key */ file = XFOPEN(ecDerPkcs8File, "rb"); AssertTrue(file != XBADFILE); XMEMSET(pkcs8_buffer, 0, sizeof(pkcs8_buffer)); AssertIntGT((bytes = (int)XFREAD(pkcs8_buffer, 1, sizeof(pkcs8_buffer), file)), 0); XFCLOSE(file); p = pkcs8_buffer; #ifdef OPENSSL_ALL /* Try to decode - auto-detect key type. */ AssertNotNull(pkey = d2i_AutoPrivateKey(NULL, &p, bytes)); #else AssertNotNull(pkey = d2i_PrivateKey(EVP_PKEY_EC, NULL, &p, bytes)); #endif /* Get PEM encoded RSA PKCS#8 data. */ file = XFOPEN(ecPemPkcs8File, "rb"); AssertTrue(file != XBADFILE); XMEMSET(pkcs8_buffer, 0, sizeof(pkcs8_buffer)); AssertIntGT((bytes = (int)XFREAD(pkcs8_buffer, 1, sizeof(pkcs8_buffer), file)), 0); XFCLOSE(file); #if defined(OPENSSL_ALL) && \ !defined(NO_BIO) && !defined(NO_PWDBASED) && defined(HAVE_PKCS8) && \ defined(HAVE_AES_CBC) AssertNotNull(bio = BIO_new(BIO_s_mem())); /* Write PKCS#8 PEM to BIO. */ AssertIntEQ(PEM_write_bio_PKCS8PrivateKey(bio, pkey, NULL, NULL, 0, NULL, NULL), bytes); /* Compare file and written data */ AssertIntEQ(BIO_get_mem_data(bio, &p), bytes); AssertIntEQ(XMEMCMP(p, pkcs8_buffer, bytes), 0); BIO_free(bio); AssertNotNull(bio = BIO_new(BIO_s_mem())); /* Write Encrypted PKCS#8 PEM to BIO. */ bytes = 379; AssertIntEQ(PEM_write_bio_PKCS8PrivateKey(bio, pkey, EVP_aes_256_cbc(), NULL, 0, PasswordCallBack, (void*)"yassl123"), bytes); AssertNotNull(evpPkey = PEM_read_bio_PrivateKey(bio, NULL, PasswordCallBack, (void*)"yassl123")); EVP_PKEY_free(evpPkey); BIO_free(bio); #endif /* OPENSSL_ALL && !NO_BIO && !NO_PWDBASED && HAVE_PKCS8 && HAVE_AES_CBC */ EVP_PKEY_free(pkey); /* PKCS#8 encrypted EC key */ #ifndef NO_DES3 file = XFOPEN(ecDerPkcs8EncFile, "rb"); AssertTrue(file != XBADFILE); XMEMSET(pkcs8_buffer, 0, sizeof(pkcs8_buffer)); AssertIntGT((bytes = (int)XFREAD(pkcs8_buffer, 1, sizeof(pkcs8_buffer), file)), 0); XFCLOSE(file); #if defined(OPENSSL_ALL) && \ !defined(NO_BIO) && !defined(NO_PWDBASED) && defined(HAVE_PKCS8) AssertNotNull(bio = BIO_new_mem_buf((void*)pkcs8_buffer, bytes)); AssertNotNull(pkey = d2i_PKCS8PrivateKey_bio(bio, NULL, PasswordCallBack, (void*)"yassl123")); EVP_PKEY_free(pkey); BIO_free(bio); #endif /* OPENSSL_ALL && !NO_BIO && !NO_PWDBASED && HAVE_PKCS8 */ #endif /* !NO_DES3 */ #endif /* HAVE_ECC */ #endif /* !NO_FILESYSTEM */ res = TEST_RES_CHECK(1); #endif /* HAVE_FIPS && OPENSSL_EXTRA */ return res; } #if defined(ERROR_QUEUE_PER_THREAD) && !defined(NO_ERROR_QUEUE) && \ defined(OPENSSL_EXTRA) && defined(DEBUG_WOLFSSL) #define LOGGING_THREADS 5 #define ERROR_COUNT 10 /* copied from logging.c since this is not exposed otherwise */ #ifndef ERROR_QUEUE_MAX #ifdef ERROR_QUEUE_PER_THREAD #define ERROR_QUEUE_MAX 16 #else /* this breaks from compat of unlimited error queue size */ #define ERROR_QUEUE_MAX 100 #endif #endif static volatile int loggingThreadsReady; static THREAD_RETURN WOLFSSL_THREAD test_logging(void* args) { const char* file; int line; unsigned long err; int errorCount = 0; int i; (void)args; while (!loggingThreadsReady); for (i = 0; i < ERROR_COUNT; i++) ERR_put_error(ERR_LIB_PEM, SYS_F_ACCEPT, -990 - i, __FILE__, __LINE__); while ((err = ERR_get_error_line(&file, &line))) { AssertIntEQ(err, 990 + errorCount); errorCount++; } AssertIntEQ(errorCount, ERROR_COUNT); /* test max queue behavior, trying to add an arbitrary 3 errors over */ ERR_clear_error(); /* ERR_get_error_line() does not remove */ errorCount = 0; for (i = 0; i < ERROR_QUEUE_MAX + 3; i++) ERR_put_error(ERR_LIB_PEM, SYS_F_ACCEPT, -990 - i, __FILE__, __LINE__); while ((err = ERR_get_error_line(&file, &line))) { AssertIntEQ(err, 990 + errorCount); errorCount++; } /* test that the 3 errors over the max were dropped */ AssertIntEQ(errorCount, ERROR_QUEUE_MAX); return 0; } #endif static int test_error_queue_per_thread(void) { int res = TEST_SKIPPED; #if defined(ERROR_QUEUE_PER_THREAD) && !defined(NO_ERROR_QUEUE) && \ defined(OPENSSL_EXTRA) && defined(DEBUG_WOLFSSL) THREAD_TYPE loggingThreads[LOGGING_THREADS]; int i; ERR_clear_error(); /* clear out any error nodes */ loggingThreadsReady = 0; for (i = 0; i < LOGGING_THREADS; i++) start_thread(test_logging, NULL, &loggingThreads[i]); loggingThreadsReady = 1; for (i = 0; i < LOGGING_THREADS; i++) join_thread(loggingThreads[i]); res = TEST_RES_CHECK(1); #endif return res; } static int test_wolfSSL_ERR_put_error(void) { int res = TEST_SKIPPED; #if !defined(NO_ERROR_QUEUE) && defined(OPENSSL_EXTRA) && \ defined(DEBUG_WOLFSSL) const char* file; int line; ERR_clear_error(); /* clear out any error nodes */ ERR_put_error(0,SYS_F_ACCEPT, 0, "this file", 0); AssertIntEQ(ERR_get_error_line(&file, &line), 0); ERR_put_error(0,SYS_F_BIND, 1, "this file", 1); AssertIntEQ(ERR_get_error_line(&file, &line), 1); ERR_put_error(0,SYS_F_CONNECT, 2, "this file", 2); AssertIntEQ(ERR_get_error_line(&file, &line), 2); ERR_put_error(0,SYS_F_FOPEN, 3, "this file", 3); AssertIntEQ(ERR_get_error_line(&file, &line), 3); ERR_put_error(0,SYS_F_FREAD, 4, "this file", 4); AssertIntEQ(ERR_get_error_line(&file, &line), 4); ERR_put_error(0,SYS_F_GETADDRINFO, 5, "this file", 5); AssertIntEQ(ERR_get_error_line(&file, &line), 5); ERR_put_error(0,SYS_F_GETSOCKOPT, 6, "this file", 6); AssertIntEQ(ERR_get_error_line(&file, &line), 6); ERR_put_error(0,SYS_F_GETSOCKNAME, 7, "this file", 7); AssertIntEQ(ERR_get_error_line(&file, &line), 7); ERR_put_error(0,SYS_F_GETHOSTBYNAME, 8, "this file", 8); AssertIntEQ(ERR_get_error_line(&file, &line), 8); ERR_put_error(0,SYS_F_GETNAMEINFO, 9, "this file", 9); AssertIntEQ(ERR_get_error_line(&file, &line), 9); ERR_put_error(0,SYS_F_GETSERVBYNAME, 10, "this file", 10); AssertIntEQ(ERR_get_error_line(&file, &line), 10); ERR_put_error(0,SYS_F_IOCTLSOCKET, 11, "this file", 11); AssertIntEQ(ERR_get_error_line(&file, &line), 11); ERR_put_error(0,SYS_F_LISTEN, 12, "this file", 12); AssertIntEQ(ERR_get_error_line(&file, &line), 12); ERR_put_error(0,SYS_F_OPENDIR, 13, "this file", 13); AssertIntEQ(ERR_get_error_line(&file, &line), 13); ERR_put_error(0,SYS_F_SETSOCKOPT, 14, "this file", 14); AssertIntEQ(ERR_get_error_line(&file, &line), 14); ERR_put_error(0,SYS_F_SOCKET, 15, "this file", 15); AssertIntEQ(ERR_get_error_line(&file, &line), 15); #if defined(OPENSSL_ALL) && defined(WOLFSSL_PYTHON) ERR_put_error(ERR_LIB_ASN1, SYS_F_ACCEPT, ASN1_R_HEADER_TOO_LONG, "this file", 100); AssertIntEQ(wolfSSL_ERR_peek_last_error_line(&file, &line), (ERR_LIB_ASN1 << 24) | ASN1_R_HEADER_TOO_LONG); AssertIntEQ(line, 100); AssertIntEQ(wolfSSL_ERR_peek_error(), (ERR_LIB_ASN1 << 24) | ASN1_R_HEADER_TOO_LONG); AssertIntEQ(ERR_get_error_line(&file, &line), ASN1_R_HEADER_TOO_LONG); #endif /* try reading past end of error queue */ file = NULL; AssertIntEQ(ERR_get_error_line(&file, &line), 0); AssertNull(file); AssertIntEQ(ERR_get_error_line_data(&file, &line, NULL, NULL), 0); PEMerr(4,4); AssertIntEQ(ERR_get_error(), 4); /* Empty and free up all error nodes */ ERR_clear_error(); /* Verify all nodes are cleared */ ERR_put_error(0,SYS_F_ACCEPT, 0, "this file", 0); ERR_clear_error(); AssertIntEQ(ERR_get_error_line(&file, &line), 0); res = TEST_RES_CHECK(1); #endif return res; } /* * This is a regression test for a bug where the peek/get error functions were * drawing from the end of the queue rather than the front. */ static int test_wolfSSL_ERR_get_error_order(void) { int res = TEST_SKIPPED; #ifdef WOLFSSL_HAVE_ERROR_QUEUE /* Empty the queue. */ wolfSSL_ERR_clear_error(); wolfSSL_ERR_put_error(0, 0, ASN_NO_SIGNER_E, "test", 0); wolfSSL_ERR_put_error(0, 0, ASN_SELF_SIGNED_E, "test", 0); AssertIntEQ(wolfSSL_ERR_peek_error(), -ASN_NO_SIGNER_E); AssertIntEQ(wolfSSL_ERR_get_error(), -ASN_NO_SIGNER_E); AssertIntEQ(wolfSSL_ERR_peek_error(), -ASN_SELF_SIGNED_E); AssertIntEQ(wolfSSL_ERR_get_error(), -ASN_SELF_SIGNED_E); res = TEST_RES_CHECK(1); #endif /* WOLFSSL_HAVE_ERROR_QUEUE */ return res; } #ifndef NO_BIO static int test_wolfSSL_ERR_print_errors(void) { int res = TEST_SKIPPED; #if !defined(NO_ERROR_QUEUE) && defined(OPENSSL_EXTRA) && \ defined(DEBUG_WOLFSSL) && !defined(NO_ERROR_STRINGS) BIO* bio; char buf[1024]; AssertNotNull(bio = BIO_new(BIO_s_mem())); ERR_clear_error(); /* clear out any error nodes */ ERR_put_error(0,SYS_F_ACCEPT, -173, "ssl.c", 0); /* Choosing -299 as an unused errno between MIN_CODE_E < x < WC_LAST_E. */ ERR_put_error(0,SYS_F_BIND, -299, "asn.c", 100); ERR_print_errors(bio); AssertIntEQ(BIO_gets(bio, buf, sizeof(buf)), 56); AssertIntEQ(XSTRNCMP("error:173:wolfSSL library:Bad function argument:ssl.c:0", buf, 55), 0); AssertIntEQ(BIO_gets(bio, buf, sizeof(buf)), 57); AssertIntEQ(XSTRNCMP("error:299:wolfSSL library:unknown error number:asn.c:100", buf, 56), 0); AssertIntEQ(BIO_gets(bio, buf, sizeof(buf)), 1); AssertIntEQ(buf[0], '\0'); AssertIntEQ(ERR_get_error_line(NULL, NULL), 0); BIO_free(bio); res = TEST_RES_CHECK(1); #endif return res; } #if !defined(NO_ERROR_QUEUE) && defined(OPENSSL_EXTRA) && \ defined(DEBUG_WOLFSSL) static int test_wolfSSL_error_cb(const char *str, size_t len, void *u) { wolfSSL_BIO_write((BIO*)u, str, (int)len); return 0; } #endif static int test_wolfSSL_ERR_print_errors_cb(void) { int res = TEST_SKIPPED; #if !defined(NO_ERROR_QUEUE) && defined(OPENSSL_EXTRA) && \ defined(DEBUG_WOLFSSL) BIO* bio; char buf[1024]; AssertNotNull(bio = BIO_new(BIO_s_mem())); ERR_clear_error(); /* clear out any error nodes */ ERR_put_error(0,SYS_F_ACCEPT, -173, "ssl.c", 0); ERR_put_error(0,SYS_F_BIND, -275, "asn.c", 100); ERR_print_errors_cb(test_wolfSSL_error_cb, bio); AssertIntEQ(BIO_gets(bio, buf, sizeof(buf)), 108); AssertIntEQ(XSTRNCMP("wolfSSL error occurred, error = 173 line:0 file:ssl.c", buf, 53), 0); AssertIntEQ(XSTRNCMP("wolfSSL error occurred, error = 275 line:100 file:asn.c", buf + 53, 55), 0); AssertIntEQ(BIO_gets(bio, buf, sizeof(buf)), 0); BIO_free(bio); res = TEST_RES_CHECK(1); #endif return res; } /* * Testing WOLFSSL_ERROR_MSG */ static int test_WOLFSSL_ERROR_MSG(void) { int res = TEST_SKIPPED; #if defined(DEBUG_WOLFSSL) || defined(OPENSSL_ALL) || defined(WOLFSSL_NGINX) ||\ defined(WOLFSSL_HAPROXY) || defined(OPENSSL_EXTRA) const char* msg = TEST_STRING; WOLFSSL_ERROR_MSG(msg); res = TEST_RES_CHECK(1); #endif return res; }/*End test_WOLFSSL_ERROR_MSG*/ /* * Testing wc_ERR_remove_state */ static int test_wc_ERR_remove_state(void) { int res = TEST_SKIPPED; #if defined(OPENSSL_EXTRA) || defined(DEBUG_WOLFSSL_VERBOSE) wc_ERR_remove_state(); res = TEST_RES_CHECK(1); #endif return res; }/*End test_wc_ERR_remove_state*/ /* * Testing wc_ERR_print_errors_fp */ static int test_wc_ERR_print_errors_fp(void) { int res = TEST_SKIPPED; #if (defined(OPENSSL_EXTRA) || defined(DEBUG_WOLFSSL_VERBOSE)) && \ (!defined(NO_FILESYSTEM) && !defined(NO_STDIO_FILESYSTEM)) long sz; XFILE fp; int ret = 0; WOLFSSL_ERROR(BAD_FUNC_ARG); fp = XFOPEN("./tests/test-log-dump-to-file.txt", "ar"); wc_ERR_print_errors_fp(fp); #if defined(DEBUG_WOLFSSL) AssertTrue(XFSEEK(fp, 0, XSEEK_END) == 0); sz = XFTELL(fp); #ifdef NO_ERROR_QUEUE /* File should be empty when NO_ERROR_QUEUE is defined */ if (sz != 0) { ret = BAD_FUNC_ARG; } #else if (sz == 0) { ret = BAD_FUNC_ARG; } #endif #endif XFCLOSE(fp); (void)sz; res = TEST_RES_CHECK(ret == 0); #endif return res; }/*End test_wc_ERR_print_errors_fp*/ #ifdef DEBUG_WOLFSSL static void Logging_cb(const int logLevel, const char *const logMessage) { (void)logLevel; (void)logMessage; } #endif /* * Testing wolfSSL_GetLoggingCb */ static int test_wolfSSL_GetLoggingCb(void) { int ret = 0; #ifdef DEBUG_WOLFSSL /* Testing without wolfSSL_SetLoggingCb() */ if (ret == 0) { if (wolfSSL_GetLoggingCb() == NULL) { /* Should be true */ ret = 0; } if (wolfSSL_GetLoggingCb() != NULL) { /* Should not be true */ ret = -1; } } /* Testing with wolfSSL_SetLoggingCb() */ if (ret == 0) { ret = wolfSSL_SetLoggingCb(Logging_cb); if (ret == 0) { if (wolfSSL_GetLoggingCb() == NULL) { /* Should not be true */ ret = -1; } if (ret == 0) { if (wolfSSL_GetLoggingCb() == Logging_cb) { /* Should be true */ ret = 0; } } /* reset logging callback */ wolfSSL_SetLoggingCb(NULL); } } #endif if (ret == 0) { if (wolfSSL_GetLoggingCb() != NULL) { ret = -1; } } return TEST_RES_CHECK(ret == 0); }/*End test_wolfSSL_GetLoggingCb*/ #endif /* !NO_BIO */ #if defined(OPENSSL_EXTRA) && (!defined(NO_SHA256) || \ defined(WOLFSSL_SHA224) || defined(WOLFSSL_SHA384) || \ defined(WOLFSSL_SHA512) || defined(WOLFSSL_SHA3)) static int test_openssl_hmac(const WOLFSSL_EVP_MD* md, int md_len) { static const unsigned char key[] = "simple test key"; HMAC_CTX* hmac; ENGINE* e = NULL; unsigned char hash[WC_MAX_DIGEST_SIZE]; unsigned int len; AssertNotNull(hmac = HMAC_CTX_new()); HMAC_CTX_init(hmac); AssertIntEQ(HMAC_Init_ex(hmac, (void*)key, (int)sizeof(key), md, e), SSL_SUCCESS); /* re-using test key as data to hash */ AssertIntEQ(HMAC_Update(hmac, key, (int)sizeof(key)), SSL_SUCCESS); AssertIntEQ(HMAC_Update(hmac, NULL, 0), SSL_SUCCESS); AssertIntEQ(HMAC_Final(hmac, hash, &len), SSL_SUCCESS); AssertIntEQ(len, md_len); AssertIntEQ(HMAC_size(hmac), md_len); AssertStrEQ(HMAC_CTX_get_md(hmac), md); HMAC_cleanup(hmac); HMAC_CTX_free(hmac); len = 0; AssertNotNull(HMAC(md, key, (int)sizeof(key), NULL, 0, hash, &len)); AssertIntEQ(len, md_len); return 0; } #endif static int test_wolfSSL_HMAC(void) { int res = TEST_SKIPPED; #if defined(OPENSSL_EXTRA) && (!defined(NO_SHA256) || \ defined(WOLFSSL_SHA224) || defined(WOLFSSL_SHA384) || \ defined(WOLFSSL_SHA512) || defined(WOLFSSL_SHA3)) #ifndef NO_SHA256 test_openssl_hmac(EVP_sha256(), (int)WC_SHA256_DIGEST_SIZE); #endif #ifdef WOLFSSL_SHA224 test_openssl_hmac(EVP_sha224(), (int)WC_SHA224_DIGEST_SIZE); #endif #ifdef WOLFSSL_SHA384 test_openssl_hmac(EVP_sha384(), (int)WC_SHA384_DIGEST_SIZE); #endif #ifdef WOLFSSL_SHA512 test_openssl_hmac(EVP_sha512(), (int)WC_SHA512_DIGEST_SIZE); #endif #ifdef WOLFSSL_SHA3 #ifndef WOLFSSL_NOSHA3_224 test_openssl_hmac(EVP_sha3_224(), (int)WC_SHA3_224_DIGEST_SIZE); #endif #ifndef WOLFSSL_NOSHA3_256 test_openssl_hmac(EVP_sha3_256(), (int)WC_SHA3_256_DIGEST_SIZE); #endif #ifndef WOLFSSL_NOSHA3_384 test_openssl_hmac(EVP_sha3_384(), (int)WC_SHA3_384_DIGEST_SIZE); #endif #ifndef WOLFSSL_NOSHA3_512 test_openssl_hmac(EVP_sha3_512(), (int)WC_SHA3_512_DIGEST_SIZE); #endif #endif #ifndef NO_SHA test_openssl_hmac(EVP_sha1(), (int)WC_SHA_DIGEST_SIZE); #endif res = TEST_RES_CHECK(1); #endif return res; } static int test_wolfSSL_CMAC(void) { int res = TEST_SKIPPED; #if defined(WOLFSSL_CMAC) && defined(OPENSSL_EXTRA) && \ defined(WOLFSSL_AES_DIRECT) int i; byte key[AES_128_KEY_SIZE]; CMAC_CTX* cmacCtx = NULL; byte out[AES_BLOCK_SIZE]; size_t outLen = AES_BLOCK_SIZE; for (i=0; i < AES_128_KEY_SIZE; ++i) { key[i] = i; } AssertNotNull(cmacCtx = CMAC_CTX_new()); /* Check CMAC_CTX_get0_cipher_ctx; return value not used. */ AssertNotNull(CMAC_CTX_get0_cipher_ctx(cmacCtx)); AssertIntEQ(CMAC_Init(cmacCtx, key, AES_128_KEY_SIZE, EVP_aes_128_cbc(), NULL), SSL_SUCCESS); /* re-using test key as data to hash */ AssertIntEQ(CMAC_Update(cmacCtx, key, AES_128_KEY_SIZE), SSL_SUCCESS); AssertIntEQ(CMAC_Update(cmacCtx, NULL, 0), SSL_SUCCESS); AssertIntEQ(CMAC_Final(cmacCtx, out, &outLen), SSL_SUCCESS); AssertIntEQ(outLen, AES_BLOCK_SIZE); CMAC_CTX_free(cmacCtx); /* give a key too small for the cipher, verify we get failure */ cmacCtx = NULL; AssertNotNull(cmacCtx = CMAC_CTX_new()); AssertNotNull(CMAC_CTX_get0_cipher_ctx(cmacCtx)); AssertIntEQ(CMAC_Init(cmacCtx, key, AES_128_KEY_SIZE, EVP_aes_192_cbc(), NULL), SSL_FAILURE); CMAC_CTX_free(cmacCtx); res = TEST_RES_CHECK(1); #endif /* WOLFSSL_CMAC && OPENSSL_EXTRA && WOLFSSL_AES_DIRECT */ return res; } static int test_wolfSSL_OBJ(void) { /* Password "wolfSSL test" is only 12 (96-bit) too short for testing in FIPS * mode */ int res = TEST_SKIPPED; #if defined(OPENSSL_EXTRA) && !defined(NO_SHA256) && !defined(NO_ASN) && \ !defined(HAVE_FIPS) && !defined(NO_SHA) && defined(WOLFSSL_CERT_EXT) && \ defined(WOLFSSL_CERT_GEN) && !defined(NO_BIO) ASN1_OBJECT *obj = NULL; ASN1_OBJECT *obj2 = NULL; char buf[50]; XFILE fp; X509 *x509 = NULL; X509_NAME *x509Name; X509_NAME_ENTRY *x509NameEntry; ASN1_OBJECT *asn1Name = NULL; int numNames; BIO *bio = NULL; int nid; int i, j; const char *f[] = { #ifndef NO_RSA "./certs/ca-cert.der", #endif #ifdef HAVE_ECC "./certs/ca-ecc-cert.der", "./certs/ca-ecc384-cert.der", #endif NULL}; ASN1_OBJECT *field_name_obj = NULL; int lastpos = -1; int tmp = -1; ASN1_STRING *asn1 = NULL; unsigned char *buf_dyn = NULL; AssertIntEQ(OBJ_obj2txt(buf, (int)sizeof(buf), obj, 1), SSL_FAILURE); AssertNotNull(obj = OBJ_nid2obj(NID_any_policy)); AssertIntEQ(OBJ_obj2nid(obj), NID_any_policy); AssertIntEQ(OBJ_obj2txt(buf, (int)sizeof(buf), obj, 1), 11); AssertIntGT(OBJ_obj2txt(buf, (int)sizeof(buf), obj, 0), 0); ASN1_OBJECT_free(obj); AssertNotNull(obj = OBJ_nid2obj(NID_sha256)); AssertIntEQ(OBJ_obj2nid(obj), NID_sha256); AssertIntEQ(OBJ_obj2txt(buf, (int)sizeof(buf), obj, 1), 22); #ifdef WOLFSSL_CERT_EXT AssertIntEQ(OBJ_txt2nid(buf), NID_sha256); #endif AssertIntGT(OBJ_obj2txt(buf, (int)sizeof(buf), obj, 0), 0); AssertNotNull(obj2 = OBJ_dup(obj)); AssertIntEQ(OBJ_cmp(obj, obj2), 0); ASN1_OBJECT_free(obj); ASN1_OBJECT_free(obj2); for (i = 0; f[i] != NULL; i++) { AssertTrue((fp = XFOPEN(f[i], "rb")) != XBADFILE); AssertNotNull(x509 = d2i_X509_fp(fp, NULL)); XFCLOSE(fp); AssertNotNull(x509Name = X509_get_issuer_name(x509)); AssertIntNE((numNames = X509_NAME_entry_count(x509Name)), 0); /* Get the Common Name by using OBJ_txt2obj */ AssertNotNull(field_name_obj = OBJ_txt2obj("CN", 0)); do { lastpos = tmp; tmp = X509_NAME_get_index_by_OBJ(x509Name, field_name_obj, lastpos); } while (tmp > -1); AssertIntNE(lastpos, -1); ASN1_OBJECT_free(field_name_obj); AssertNotNull(x509NameEntry = X509_NAME_get_entry(x509Name, lastpos)); AssertNotNull(asn1 = X509_NAME_ENTRY_get_data(x509NameEntry)); AssertIntGE(ASN1_STRING_to_UTF8(&buf_dyn, asn1), 0); /* * All Common Names should be www.wolfssl.com * This makes testing easier as we can test for the expected value. */ AssertStrEQ((char*)buf_dyn, "www.wolfssl.com"); OPENSSL_free(buf_dyn); bio = BIO_new(BIO_s_mem()); AssertTrue(bio != NULL); for (j = 0; j < numNames; j++) { AssertNotNull(x509NameEntry = X509_NAME_get_entry(x509Name, j)); AssertNotNull(asn1Name = X509_NAME_ENTRY_get_object(x509NameEntry)); AssertTrue((nid = OBJ_obj2nid(asn1Name)) > 0); } BIO_free(bio); X509_free(x509); } #ifdef HAVE_PKCS12 { PKCS12 *p12; int boolRet; EVP_PKEY *pkey = NULL; const char *p12_f[] = { #if !defined(NO_DES3) && !defined(NO_RSA) "./certs/test-servercert.p12", #endif NULL}; for (i = 0; p12_f[i] != NULL; i++) { AssertTrue((fp = XFOPEN(p12_f[i], "rb")) != XBADFILE); AssertNotNull(p12 = d2i_PKCS12_fp(fp, NULL)); XFCLOSE(fp); AssertTrue((boolRet = PKCS12_parse(p12, "wolfSSL test", &pkey, &x509, NULL)) > 0); wc_PKCS12_free(p12); EVP_PKEY_free(pkey); x509Name = X509_get_issuer_name(x509); AssertNotNull(x509Name); AssertIntNE((numNames = X509_NAME_entry_count(x509Name)), 0); AssertTrue((bio = BIO_new(BIO_s_mem())) != NULL); for (j = 0; j < numNames; j++) { AssertNotNull(x509NameEntry = X509_NAME_get_entry(x509Name, j)); AssertNotNull(asn1Name = X509_NAME_ENTRY_get_object(x509NameEntry)); AssertTrue((nid = OBJ_obj2nid(asn1Name)) > 0); } BIO_free(bio); X509_free(x509); } } #endif /* HAVE_PKCS12 */ res = TEST_RES_CHECK(1); #endif return res; } static int test_wolfSSL_OBJ_cmp(void) { int res = TEST_SKIPPED; #if defined(OPENSSL_EXTRA) && !defined(NO_SHA256) ASN1_OBJECT *obj = NULL; ASN1_OBJECT *obj2 = NULL; AssertNotNull(obj = OBJ_nid2obj(NID_any_policy)); AssertNotNull(obj2 = OBJ_nid2obj(NID_sha256)); AssertIntEQ(OBJ_cmp(NULL, NULL), WOLFSSL_FATAL_ERROR); AssertIntEQ(OBJ_cmp(obj, NULL), WOLFSSL_FATAL_ERROR); AssertIntEQ(OBJ_cmp(NULL, obj2), WOLFSSL_FATAL_ERROR); AssertIntEQ(OBJ_cmp(obj, obj2), WOLFSSL_FATAL_ERROR); AssertIntEQ(OBJ_cmp(obj, obj), 0); AssertIntEQ(OBJ_cmp(obj2, obj2), 0); ASN1_OBJECT_free(obj); ASN1_OBJECT_free(obj2); res = TEST_RES_CHECK(1); #endif return res; } static int test_wolfSSL_OBJ_txt2nid(void) { int res = TEST_SKIPPED; #if !defined(NO_WOLFSSL_STUB) && defined(WOLFSSL_APACHE_HTTPD) int i; static const struct { const char* sn; const char* ln; const char* oid; int nid; } testVals[] = { { "tlsfeature", "TLS Feature", "1.3.6.1.5.5.7.1.24", NID_tlsfeature }, { "id-on-dnsSRV", "SRVName", "1.3.6.1.5.5.7.8.7", NID_id_on_dnsSRV }, { "msUPN", "Microsoft User Principal Name", "1.3.6.1.4.1.311.20.2.3", NID_ms_upn }, { NULL, NULL, NULL, NID_undef } }; /* Invalid cases */ AssertIntEQ(OBJ_txt2nid(NULL), NID_undef); AssertIntEQ(OBJ_txt2nid("Bad name"), NID_undef); /* Valid cases */ for (i = 0; testVals[i].sn != NULL; i++) { AssertIntEQ(OBJ_txt2nid(testVals[i].sn), testVals[i].nid); AssertIntEQ(OBJ_txt2nid(testVals[i].ln), testVals[i].nid); AssertIntEQ(OBJ_txt2nid(testVals[i].oid), testVals[i].nid); } res = TEST_RES_CHECK(1); #endif return res; } static int test_wolfSSL_OBJ_txt2obj(void) { int res = TEST_SKIPPED; #if defined(WOLFSSL_APACHE_HTTPD) || (defined(OPENSSL_EXTRA) && \ defined(WOLFSSL_CERT_EXT) && defined(WOLFSSL_CERT_GEN)) int i; char buf[50]; ASN1_OBJECT* obj; static const struct { const char* oidStr; const char* sn; const char* ln; } objs_list[] = { #if defined(WOLFSSL_APACHE_HTTPD) { "1.3.6.1.5.5.7.1.24", "tlsfeature", "TLS Feature" }, { "1.3.6.1.5.5.7.8.7", "id-on-dnsSRV", "SRVName" }, #endif { "2.5.29.19", "basicConstraints", "X509v3 Basic Constraints"}, { NULL, NULL, NULL } }; static const struct { const char* numeric; const char* name; } objs_named[] = { /* In dictionary but not in normal list. */ { "1.3.6.1.5.5.7.3.8", "Time Stamping" }, /* Made up OID. */ { "1.3.5.7", "1.3.5.7" }, { NULL, NULL } }; AssertNull(obj = OBJ_txt2obj("Bad name", 0)); AssertNull(obj = OBJ_txt2obj(NULL, 0)); for (i = 0; objs_list[i].oidStr != NULL; i++) { /* Test numerical value of oid (oidStr) */ AssertNotNull(obj = OBJ_txt2obj(objs_list[i].oidStr, 1)); /* Convert object back to text to confirm oid is correct */ wolfSSL_OBJ_obj2txt(buf, (int)sizeof(buf), obj, 1); AssertIntEQ(XSTRNCMP(buf, objs_list[i].oidStr, (int)XSTRLEN(buf)), 0); ASN1_OBJECT_free(obj); XMEMSET(buf, 0, sizeof(buf)); /* Test short name (sn) */ AssertNull(obj = OBJ_txt2obj(objs_list[i].sn, 1)); AssertNotNull(obj = OBJ_txt2obj(objs_list[i].sn, 0)); /* Convert object back to text to confirm oid is correct */ wolfSSL_OBJ_obj2txt(buf, (int)sizeof(buf), obj, 1); AssertIntEQ(XSTRNCMP(buf, objs_list[i].oidStr, (int)XSTRLEN(buf)), 0); ASN1_OBJECT_free(obj); XMEMSET(buf, 0, sizeof(buf)); /* Test long name (ln) - should fail when no_name = 1 */ AssertNull(obj = OBJ_txt2obj(objs_list[i].ln, 1)); AssertNotNull(obj = OBJ_txt2obj(objs_list[i].ln, 0)); /* Convert object back to text to confirm oid is correct */ wolfSSL_OBJ_obj2txt(buf, (int)sizeof(buf), obj, 1); AssertIntEQ(XSTRNCMP(buf, objs_list[i].oidStr, (int)XSTRLEN(buf)), 0); ASN1_OBJECT_free(obj); XMEMSET(buf, 0, sizeof(buf)); } for (i = 0; objs_named[i].numeric != NULL; i++) { AssertNotNull(obj = OBJ_txt2obj(objs_named[i].numeric, 1)); wolfSSL_OBJ_obj2txt(buf, (int)sizeof(buf), obj, 0); AssertIntEQ(XSTRNCMP(buf, objs_named[i].name, (int)XSTRLEN(buf)), 0); wolfSSL_OBJ_obj2txt(buf, (int)sizeof(buf), obj, 1); AssertIntEQ(XSTRNCMP(buf, objs_named[i].numeric, (int)XSTRLEN(buf)), 0); ASN1_OBJECT_free(obj); } res = TEST_RES_CHECK(1); #endif return res; } static int test_wolfSSL_PEM_write_bio_X509(void) { int res = TEST_SKIPPED; #if defined(OPENSSL_EXTRA) && defined(OPENSSL_ALL) && \ defined(WOLFSSL_AKID_NAME) && defined(WOLFSSL_CERT_EXT) && \ defined(WOLFSSL_CERT_GEN) && !defined(NO_BIO) && !defined(NO_RSA) && \ !defined(NO_FILESYSTEM) /* This test contains the hard coded expected * lengths. Update if necessary */ FILE* fp = NULL; WOLFSSL_EVP_PKEY *priv = NULL; BIO* input = NULL; BIO* output = NULL; X509* x509a = NULL; X509* x509b = NULL; ASN1_TIME* notBeforeA = NULL; ASN1_TIME* notAfterA = NULL; #ifndef NO_ASN_TIME ASN1_TIME* notBeforeB = NULL; ASN1_TIME* notAfterB = NULL; #endif int expectedLen; fp = XFOPEN("certs/server-key.pem", "rb"); AssertNotNull(fp); priv = wolfSSL_PEM_read_PrivateKey(fp, NULL, NULL, NULL); XFCLOSE(fp); fp = NULL; AssertNotNull(priv); AssertNotNull(input = BIO_new_file( "certs/test/cert-ext-multiple.pem", "rb")); AssertIntEQ(wolfSSL_BIO_get_len(input), 2000); /* read PEM into X509 struct, get notBefore / notAfter to verify against */ AssertNotNull(PEM_read_bio_X509(input, &x509a, NULL, NULL)); AssertNotNull(notBeforeA = X509_get_notBefore(x509a)); AssertNotNull(notAfterA = X509_get_notAfter(x509a)); /* write X509 back to PEM BIO; no need to sign as nothing changed. */ AssertNotNull(output = BIO_new(wolfSSL_BIO_s_mem())); AssertIntEQ(PEM_write_bio_X509(output, x509a), WOLFSSL_SUCCESS); /* compare length against expected */ expectedLen = 2000; AssertIntEQ(wolfSSL_BIO_get_len(output), expectedLen); #ifndef NO_ASN_TIME /* read exported X509 PEM back into struct, sanity check on export, * make sure notBefore/notAfter are the same and certs are identical. */ AssertNotNull(PEM_read_bio_X509(output, &x509b, NULL, NULL)); AssertNotNull(notBeforeB = X509_get_notBefore(x509b)); AssertNotNull(notAfterB = X509_get_notAfter(x509b)); AssertIntEQ(ASN1_TIME_compare(notBeforeA, notBeforeB), 0); AssertIntEQ(ASN1_TIME_compare(notAfterA, notAfterB), 0); AssertIntEQ(0, wolfSSL_X509_cmp(x509a, x509b)); X509_free(x509b); #endif /* Reset output buffer */ BIO_free(output); AssertNotNull(output = BIO_new(wolfSSL_BIO_s_mem())); /* Test forcing the AKID to be generated just from KeyIdentifier */ if (x509a->authKeyIdSrc != NULL) { XMEMMOVE(x509a->authKeyIdSrc, x509a->authKeyId, x509a->authKeyIdSz); x509a->authKeyId = x509a->authKeyIdSrc; x509a->authKeyIdSrc = NULL; x509a->authKeyIdSrcSz = 0; } /* Resign to re-generate the der */ AssertIntGT(wolfSSL_X509_sign(x509a, priv, EVP_sha256()), 0); AssertIntEQ(PEM_write_bio_X509(output, x509a), WOLFSSL_SUCCESS); /* Check that we generate a smaller output since the AKID will * only contain the KeyIdentifier without any additional * information */ /* Here we copy the validity struct from the original */ expectedLen = 1688; AssertIntEQ(wolfSSL_BIO_get_len(output), expectedLen); /* Reset buffers and x509 */ BIO_free(input); BIO_free(output); X509_free(x509a); /* test CA and basicConstSet values are encoded when * the cert is a CA */ AssertNotNull(input = BIO_new_file( "certs/server-cert.pem", "rb")); /* read PEM into X509 struct */ AssertNotNull(PEM_read_bio_X509(input, &x509a, NULL, NULL)); /* write X509 back to PEM BIO; no need to sign as nothing changed */ AssertNotNull(output = BIO_new(wolfSSL_BIO_s_mem())); AssertIntEQ(PEM_write_bio_X509(output, x509a), WOLFSSL_SUCCESS); /* read exported X509 PEM back into struct, ensure isCa and basicConstSet * values are maintained and certs are identical.*/ AssertNotNull(PEM_read_bio_X509(output, &x509b, NULL, NULL)); AssertIntEQ(x509b->isCa, 1); AssertIntEQ(x509b->basicConstSet, 1); AssertIntEQ(0, wolfSSL_X509_cmp(x509a, x509b)); X509_free(x509a); X509_free(x509b); BIO_free(input); BIO_free(output); /* test CA and basicConstSet values are encoded when * the cert is not CA */ AssertNotNull(input = BIO_new_file( "certs/client-uri-cert.pem", "rb")); /* read PEM into X509 struct */ AssertNotNull(PEM_read_bio_X509(input, &x509a, NULL, NULL)); /* write X509 back to PEM BIO; no need to sign as nothing changed */ AssertNotNull(output = BIO_new(wolfSSL_BIO_s_mem())); AssertIntEQ(PEM_write_bio_X509(output, x509a), WOLFSSL_SUCCESS); /* read exported X509 PEM back into struct, ensure isCa and * basicConstSet values are maintained and certs are identical */ AssertNotNull(PEM_read_bio_X509(output, &x509b, NULL, NULL)); AssertIntEQ(x509b->isCa, 0); AssertIntEQ(x509b->basicConstSet, 1); AssertIntEQ(0, wolfSSL_X509_cmp(x509a, x509b)); wolfSSL_EVP_PKEY_free(priv); X509_free(x509a); X509_free(x509b); BIO_free(input); BIO_free(output); res = TEST_RES_CHECK(1); #endif return res; } static int test_wolfSSL_X509_NAME_ENTRY(void) { int res = TEST_SKIPPED; #if defined(OPENSSL_EXTRA) && !defined(NO_CERTS) && !defined(NO_FILESYSTEM) && \ !defined(NO_RSA) && defined(WOLFSSL_CERT_GEN) X509* x509; #ifndef NO_BIO BIO* bio; #endif X509_NAME* nm; X509_NAME_ENTRY* entry; unsigned char cn[] = "another name to add"; #ifdef OPENSSL_ALL int i, names_len; #endif AssertNotNull(x509 = wolfSSL_X509_load_certificate_file(cliCertFile, SSL_FILETYPE_PEM)); #ifndef NO_BIO AssertNotNull(bio = BIO_new(BIO_s_mem())); AssertIntEQ(PEM_write_bio_X509_AUX(bio, x509), SSL_SUCCESS); #endif #ifdef WOLFSSL_CERT_REQ { X509_REQ* req; #ifndef NO_BIO BIO* bReq; #endif AssertNotNull(req = wolfSSL_X509_load_certificate_file(cliCertFile, SSL_FILETYPE_PEM)); #ifndef NO_BIO AssertNotNull(bReq = BIO_new(BIO_s_mem())); AssertIntEQ(PEM_write_bio_X509_REQ(bReq, req), SSL_SUCCESS); BIO_free(bReq); #endif X509_free(req); } #endif AssertNotNull(nm = X509_get_subject_name(x509)); /* Test add entry */ AssertNotNull(entry = X509_NAME_ENTRY_create_by_NID(NULL, NID_commonName, 0x0c, cn, (int)sizeof(cn))); AssertIntEQ(X509_NAME_add_entry(nm, entry, -1, 0), SSL_SUCCESS); #ifdef WOLFSSL_CERT_EXT AssertIntEQ(X509_NAME_add_entry_by_txt(nm, "emailAddress", MBSTRING_UTF8, (byte*)"support@wolfssl.com", 19, -1, 1), WOLFSSL_SUCCESS); #endif X509_NAME_ENTRY_free(entry); #ifdef WOLFSSL_CERT_REQ { unsigned char srv_pkcs9p[] = "Server"; unsigned char fvrtDrnk[] = "tequila"; unsigned char* der = NULL; char* subject; AssertIntEQ(X509_NAME_add_entry_by_NID(nm, NID_pkcs9_contentType, MBSTRING_ASC, srv_pkcs9p, -1, -1, 0), SSL_SUCCESS); AssertIntEQ(X509_NAME_add_entry_by_NID(nm, NID_favouriteDrink, MBSTRING_ASC, fvrtDrnk, -1, -1, 0), SSL_SUCCESS); AssertIntGT(wolfSSL_i2d_X509_NAME(nm, &der), 0); AssertNotNull(der); subject = X509_NAME_oneline(nm, 0, 0); AssertNotNull(XSTRSTR(subject, "favouriteDrink=tequila")); #ifdef DEBUG_WOLFSSL fprintf(stderr, "\n\t%s\n", subject); #endif XFREE(subject, 0, DYNAMIC_TYPE_OPENSSL); XFREE(der, NULL, DYNAMIC_TYPE_OPENSSL); } #endif /* Test add entry by text */ AssertNotNull(entry = X509_NAME_ENTRY_create_by_txt(NULL, "commonName", 0x0c, cn, (int)sizeof(cn))); #if defined(OPENSSL_ALL) || defined(WOLFSSL_ASIO) \ || defined(WOLFSSL_HAPROXY) || defined(WOLFSSL_NGINX) AssertNull(X509_NAME_ENTRY_create_by_txt(&entry, "unknown", V_ASN1_UTF8STRING, cn, (int)sizeof(cn))); #endif AssertIntEQ(X509_NAME_add_entry(nm, entry, -1, 0), SSL_SUCCESS); X509_NAME_ENTRY_free(entry); /* Test add entry by NID */ AssertIntEQ(X509_NAME_add_entry_by_NID(nm, NID_commonName, MBSTRING_UTF8, cn, -1, -1, 0), SSL_SUCCESS); #ifdef OPENSSL_ALL /* stack of name entry */ AssertIntGT((names_len = sk_X509_NAME_ENTRY_num(nm->entries)), 0); for (i=0; ientries, i)); } #endif #ifndef NO_BIO BIO_free(bio); #endif X509_free(x509); /* free's nm */ res = TEST_RES_CHECK(1); #endif return res; } /* Note the lack of wolfSSL_ prefix...this is a compatability layer test. */ static int test_GENERAL_NAME_set0_othername(void) { int res = TEST_SKIPPED; #if defined(OPENSSL_EXTRA) && !defined(NO_CERTS) && \ defined(WOLFSSL_CERT_GEN) && defined(WOLFSSL_CERT_REQ) && \ defined(WOLFSSL_CUSTOM_OID) && defined(WOLFSSL_ALT_NAMES) && \ defined(WOLFSSL_CERT_EXT) && !defined(NO_FILESYSTEM) const char * cert_fname = "./certs/server-cert.der"; const char * key_fname = "./certs/server-key.der"; X509* x509 = NULL; GENERAL_NAME* gn = NULL; GENERAL_NAMES* gns = NULL; ASN1_OBJECT* upn_oid = NULL; ASN1_UTF8STRING *utf8str = NULL; ASN1_TYPE *value = NULL; X509_EXTENSION * ext = NULL; byte* pt = NULL; byte der[4096]; int derSz = 0; EVP_PKEY* priv = NULL; FILE* f = NULL; AssertNotNull(f = fopen(cert_fname, "rb")); AssertNotNull(x509 = d2i_X509_fp(f, NULL)); fclose(f); AssertNotNull(gn = GENERAL_NAME_new()); AssertNotNull(upn_oid = OBJ_txt2obj("1.3.6.1.4.1.311.20.2.3", 1)); AssertNotNull(utf8str = ASN1_UTF8STRING_new()); AssertIntEQ(ASN1_STRING_set(utf8str, "othername@wolfssl.com", -1), 1); AssertNotNull(value = ASN1_TYPE_new()); ASN1_TYPE_set(value, V_ASN1_UTF8STRING, utf8str); AssertIntEQ(GENERAL_NAME_set0_othername(gn, upn_oid, value), 1); AssertNotNull(gns = sk_GENERAL_NAME_new(NULL)); AssertIntEQ(sk_GENERAL_NAME_push(gns, gn), 1); AssertNotNull(ext = X509V3_EXT_i2d(NID_subject_alt_name, 0, gns)); AssertIntEQ(X509_add_ext(x509, ext, -1), 1); AssertNotNull(f = fopen(key_fname, "rb")); AssertIntGT(derSz = (int)fread(der, 1, sizeof(der), f), 0); fclose(f); pt = der; AssertNotNull(priv = d2i_PrivateKey(EVP_PKEY_RSA, NULL, (const unsigned char**)&pt, derSz)); AssertIntGT(X509_sign(x509, priv, EVP_sha256()), 0); sk_GENERAL_NAME_pop_free(gns, GENERAL_NAME_free); ASN1_OBJECT_free(upn_oid); X509_EXTENSION_free(ext); X509_free(x509); EVP_PKEY_free(priv); res = TEST_RES_CHECK(1); #endif return res; } /* Note the lack of wolfSSL_ prefix...this is a compatability layer test. */ static int test_othername_and_SID_ext(void) { int res = TEST_SKIPPED; #if defined(OPENSSL_EXTRA) && !defined(NO_CERTS) && \ defined(WOLFSSL_CERT_GEN) && defined(WOLFSSL_CERT_REQ) && \ defined(WOLFSSL_CUSTOM_OID) && defined(WOLFSSL_ALT_NAMES) && \ defined(WOLFSSL_CERT_EXT) && !defined(NO_FILESYSTEM) const char* csr_fname = "./certs/csr.signed.der"; const char* key_fname = "./certs/server-key.der"; byte der[4096]; int derSz = 0; X509_REQ* x509 = NULL; STACK_OF(X509_EXTENSION) *exts = NULL; X509_EXTENSION * san_ext = NULL; GENERAL_NAME* gn = NULL; GENERAL_NAMES* gns = NULL; ASN1_OBJECT* upn_oid = NULL; ASN1_UTF8STRING *utf8str = NULL; ASN1_TYPE *value = NULL; /* SID extension. SID data format explained here: * https://blog.qdsecurity.se/2022/05/27/manually-injecting-a-sid-in-a-certificate/ */ uint8_t SidExtension[] = { 48, 64, 160, 62, 6, 10, 43, 6, 1, 4, 1, 130, 55, 25, 2, 1, 160, 48, 4, 46, 83, 45, 49, 45, 53, 45, 50, 49, 45, 50, 56, 52, 51, 57, 48, 55, 52, 49, 56, 45, 51, 57, 50, 54, 50, 55, 55, 52, 50, 49, 45, 51, 56, 49, 53, 57, 57, 51, 57, 55, 50, 45, 52, 54, 48, 49}; X509_EXTENSION *sid_ext = NULL; ASN1_OBJECT* sid_oid = NULL; ASN1_OCTET_STRING *sid_data = NULL; EVP_PKEY* priv = NULL; FILE* f = NULL; byte* pt = NULL; AssertNotNull(f = fopen(csr_fname, "rb")); AssertNotNull(x509 = d2i_X509_REQ_fp(f, NULL)); fclose(f); AssertIntEQ(X509_REQ_set_version(x509, 2), 1); AssertNotNull(gn = GENERAL_NAME_new()); AssertNotNull(upn_oid = OBJ_txt2obj("1.3.6.1.4.1.311.20.2.3", 1)); AssertNotNull(utf8str = ASN1_UTF8STRING_new()); AssertIntEQ(ASN1_STRING_set(utf8str, "othername@wolfssl.com", -1), 1); AssertNotNull(value = ASN1_TYPE_new()); ASN1_TYPE_set(value, V_ASN1_UTF8STRING, utf8str); AssertIntEQ(GENERAL_NAME_set0_othername(gn, upn_oid, value), 1); AssertNotNull(gns = sk_GENERAL_NAME_new(NULL)); AssertIntEQ(sk_GENERAL_NAME_push(gns, gn), 1); AssertNotNull(san_ext = X509V3_EXT_i2d(NID_subject_alt_name, 0, gns)); AssertNotNull(sid_oid = OBJ_txt2obj("1.3.6.1.4.1.311.25.2", 1)); AssertNotNull(sid_data = ASN1_OCTET_STRING_new()); ASN1_OCTET_STRING_set(sid_data, SidExtension, sizeof(SidExtension)); AssertNotNull(sid_ext = X509_EXTENSION_create_by_OBJ(NULL, sid_oid, 0, sid_data)); AssertNotNull(exts = sk_X509_EXTENSION_new_null()); /* Ensure an empty stack doesn't raise an error. */ AssertIntEQ(X509_REQ_add_extensions(x509, exts), 1); AssertIntEQ(sk_X509_EXTENSION_push(exts, san_ext), 1); AssertIntEQ(sk_X509_EXTENSION_push(exts, sid_ext), 2); AssertIntEQ(X509_REQ_add_extensions(x509, exts), 1); AssertNotNull(f = fopen(key_fname, "rb")); AssertIntGT(derSz = (int)fread(der, 1, sizeof(der), f), 0); fclose(f); pt = der; AssertNotNull(priv = d2i_PrivateKey(EVP_PKEY_RSA, NULL, (const unsigned char**)&pt, derSz)); AssertIntGT(X509_REQ_sign(x509, priv, EVP_sha256()), 0); pt = der; AssertIntGT(derSz = i2d_X509_REQ(x509, &pt), 0); sk_GENERAL_NAME_pop_free(gns, GENERAL_NAME_free); sk_X509_EXTENSION_pop_free(exts, X509_EXTENSION_free); ASN1_OBJECT_free(upn_oid); ASN1_OBJECT_free(sid_oid); ASN1_OCTET_STRING_free(sid_data); X509_REQ_free(x509); EVP_PKEY_free(priv); res = TEST_RES_CHECK(1); #endif return res; } static int test_wolfSSL_X509_set_name(void) { int res = TEST_SKIPPED; #if defined(OPENSSL_EXTRA) && !defined(NO_CERTS) && \ defined(WOLFSSL_CERT_GEN) && defined(WOLFSSL_CERT_REQ) X509* x509; X509_NAME* name; AssertNotNull(name = X509_NAME_new()); AssertIntEQ(X509_NAME_add_entry_by_txt(name, "commonName", MBSTRING_UTF8, (byte*)"wolfssl.com", 11, 0, 1), WOLFSSL_SUCCESS); AssertIntEQ(X509_NAME_add_entry_by_txt(name, "emailAddress", MBSTRING_UTF8, (byte*)"support@wolfssl.com", 19, -1, 1), WOLFSSL_SUCCESS); AssertNotNull(x509 = X509_new()); AssertIntEQ(X509_set_subject_name(NULL, NULL), WOLFSSL_FAILURE); AssertIntEQ(X509_set_subject_name(x509, NULL), WOLFSSL_FAILURE); AssertIntEQ(X509_set_subject_name(NULL, name), WOLFSSL_FAILURE); AssertIntEQ(X509_set_subject_name(x509, name), WOLFSSL_SUCCESS); AssertIntEQ(X509_set_issuer_name(NULL, NULL), WOLFSSL_FAILURE); AssertIntEQ(X509_set_issuer_name(x509, NULL), WOLFSSL_FAILURE); AssertIntEQ(X509_set_issuer_name(NULL, name), WOLFSSL_FAILURE); AssertIntEQ(X509_set_issuer_name(x509, name), WOLFSSL_SUCCESS); X509_free(x509); X509_NAME_free(name); res = TEST_RES_CHECK(1); #endif /* OPENSSL_ALL && !NO_CERTS */ return res; } static int test_wolfSSL_X509_set_notAfter(void) { int res = TEST_SKIPPED; #if (defined(OPENSSL_ALL) || defined(WOLFSSL_APACHE_HTTPD)) \ && !defined(NO_ASN_TIME) && !defined(USER_TIME) && \ !defined(TIME_OVERRIDES) && !defined(NO_CERTS) && \ defined(WOLFSSL_CERT_GEN) && defined(WOLFSSL_CERT_REQ) &&\ !defined(TIME_T_NOT_64BIT) && !defined(NO_64BIT) && !defined(NO_BIO) /* Generalized time will overflow time_t if not long */ X509* x; BIO* bio; ASN1_TIME *asn_time, *time_check; const int year = 365*24*60*60; const int day = 24*60*60; const int hour = 60*60; const int mini = 60; int offset_day; unsigned char buf[25]; time_t t; /* * Setup asn_time. APACHE HTTPD uses time(NULL) */ t = (time_t)107 * year + 31 * day + 34 * hour + 30 * mini + 7 * day; offset_day = 7; /* * Free these. */ asn_time = wolfSSL_ASN1_TIME_adj(NULL, t, offset_day, 0); AssertNotNull(asn_time); AssertNotNull(x = X509_new()); AssertNotNull(bio = BIO_new(BIO_s_mem())); /* * Tests */ AssertTrue(wolfSSL_X509_set_notAfter(x, asn_time)); /* time_check is simply (ANS1_TIME*)x->notAfter */ AssertNotNull(time_check = X509_get_notAfter(x)); /* ANS1_TIME_check validates by checking if argument can be parsed */ AssertIntEQ(ASN1_TIME_check(time_check), WOLFSSL_SUCCESS); /* Convert to human readable format and compare to intended date */ AssertIntEQ(ASN1_TIME_print(bio, time_check), 1); AssertIntEQ(BIO_read(bio, buf, sizeof(buf)), 24); AssertIntEQ(XMEMCMP(buf, "Jan 20 10:30:00 2077 GMT", sizeof(buf) - 1), 0); /* * Cleanup */ XFREE(asn_time,NULL,DYNAMIC_TYPE_OPENSSL); X509_free(x); BIO_free(bio); res = TEST_RES_CHECK(1); #endif return res; } static int test_wolfSSL_X509_set_notBefore(void) { int res = TEST_SKIPPED; #if (defined(OPENSSL_ALL) || defined(WOLFSSL_APACHE_HTTPD)) \ && !defined(NO_ASN_TIME) && !defined(USER_TIME) && \ !defined(TIME_OVERRIDES) && !defined(NO_CERTS) && \ defined(WOLFSSL_CERT_GEN) && defined(WOLFSSL_CERT_REQ) && !defined(NO_BIO) X509* x; BIO* bio; ASN1_TIME *asn_time, *time_check; const int year = 365*24*60*60; const int day = 24*60*60; const int hour = 60*60; const int mini = 60; int offset_day; unsigned char buf[25]; time_t t; /* * Setup asn_time. APACHE HTTPD uses time(NULL) */ t = (time_t)49 * year + 125 * day + 20 * hour + 30 * mini + 7 * day; offset_day = 7; /* * Free these. */ asn_time = wolfSSL_ASN1_TIME_adj(NULL, t, offset_day, 0); AssertNotNull(asn_time); AssertNotNull(x = X509_new()); AssertNotNull(bio = BIO_new(BIO_s_mem())); AssertIntEQ(ASN1_TIME_check(asn_time), WOLFSSL_SUCCESS); /* * Main Tests */ AssertTrue(wolfSSL_X509_set_notBefore(x, asn_time)); /* time_check == (ANS1_TIME*)x->notBefore */ AssertNotNull(time_check = X509_get_notBefore(x)); /* ANS1_TIME_check validates by checking if argument can be parsed */ AssertIntEQ(ASN1_TIME_check(time_check), WOLFSSL_SUCCESS); /* Convert to human readable format and compare to intended date */ AssertIntEQ(ASN1_TIME_print(bio, time_check), 1); AssertIntEQ(BIO_read(bio, buf, sizeof(buf)), 24); AssertIntEQ(XMEMCMP(buf, "May 8 20:30:00 2019 GMT", sizeof(buf) - 1), 0); /* * Cleanup */ XFREE(asn_time,NULL,DYNAMIC_TYPE_OPENSSL); X509_free(x); BIO_free(bio); res = TEST_RES_CHECK(1); #endif return res; } static int test_wolfSSL_X509_set_version(void) { int res = TEST_SKIPPED; #if (defined(OPENSSL_ALL) || defined(WOLFSSL_APACHE_HTTPD)) && \ !defined(NO_CERTS) && defined(WOLFSSL_CERT_GEN) && defined(WOLFSSL_CERT_REQ) X509* x509; long v = 2L; long maxInt = INT_MAX; AssertNotNull(x509 = X509_new()); /* These should pass. */ AssertTrue(wolfSSL_X509_set_version(x509, v)); AssertIntEQ(v, wolfSSL_X509_get_version(x509)); /* Fail Case: When v(long) is greater than x509->version(int). */ v = maxInt+1; AssertFalse(wolfSSL_X509_set_version(x509, v)); /* Cleanup */ X509_free(x509); res = TEST_RES_CHECK(1); #endif return res; } #ifndef NO_BIO static int test_wolfSSL_BIO_gets(void) { int res = TEST_SKIPPED; #if defined(OPENSSL_EXTRA) BIO* bio; BIO* bio2; char msg[] = "\nhello wolfSSL\n security plus\t---...**adf\na...b.c"; char emp[] = ""; char bio_buffer[20]; int bufferSz = 20; /* try with bad args */ AssertNull(bio = BIO_new_mem_buf(NULL, sizeof(msg))); /* try with real msg */ AssertNotNull(bio = BIO_new_mem_buf((void*)msg, -1)); XMEMSET(bio_buffer, 0, bufferSz); AssertNotNull(BIO_push(bio, BIO_new(BIO_s_bio()))); AssertNull(bio2 = BIO_find_type(bio, BIO_TYPE_FILE)); AssertNotNull(bio2 = BIO_find_type(bio, BIO_TYPE_BIO)); AssertFalse(bio2 != BIO_next(bio)); /* make buffer filled with no terminating characters */ XMEMSET(bio_buffer, 1, bufferSz); /* BIO_gets reads a line of data */ AssertIntEQ(BIO_gets(bio, bio_buffer, -3), 0); AssertIntEQ(BIO_gets(bio, bio_buffer, bufferSz), 1); AssertIntEQ(BIO_gets(bio, bio_buffer, bufferSz), 14); AssertStrEQ(bio_buffer, "hello wolfSSL\n"); AssertIntEQ(BIO_gets(bio, bio_buffer, bufferSz), 19); AssertIntEQ(BIO_gets(bio, bio_buffer, bufferSz), 8); AssertIntEQ(BIO_gets(bio, bio_buffer, -1), 0); /* check not null terminated string */ BIO_free(bio); msg[0] = 0x33; msg[1] = 0x33; msg[2] = 0x33; AssertNotNull(bio = BIO_new_mem_buf((void*)msg, 3)); AssertIntEQ(BIO_gets(bio, bio_buffer, 3), 2); AssertIntEQ(bio_buffer[0], msg[0]); AssertIntEQ(bio_buffer[1], msg[1]); AssertIntNE(bio_buffer[2], msg[2]); BIO_free(bio); msg[3] = 0x33; bio_buffer[3] = 0x33; AssertNotNull(bio = BIO_new_mem_buf((void*)msg, 3)); AssertIntEQ(BIO_gets(bio, bio_buffer, bufferSz), 3); AssertIntEQ(bio_buffer[0], msg[0]); AssertIntEQ(bio_buffer[1], msg[1]); AssertIntEQ(bio_buffer[2], msg[2]); AssertIntNE(bio_buffer[3], 0x33); /* make sure null terminator was set */ /* check reading an empty string */ BIO_free(bio); AssertNotNull(bio = BIO_new_mem_buf((void*)emp, sizeof(emp))); AssertIntEQ(BIO_gets(bio, bio_buffer, bufferSz), 1); /* just terminator */ AssertStrEQ(emp, bio_buffer); AssertIntEQ(BIO_gets(bio, bio_buffer, bufferSz), 0); /* Nothing to read */ /* check error cases */ BIO_free(bio); AssertIntEQ(BIO_gets(NULL, NULL, 0), SSL_FAILURE); AssertNotNull(bio = BIO_new(BIO_s_mem())); AssertIntEQ(BIO_gets(bio, bio_buffer, 2), 0); /* nothing to read */ #if !defined(NO_FILESYSTEM) { BIO* f_bio; XFILE f; AssertNotNull(f_bio = BIO_new(BIO_s_file())); AssertIntLE(BIO_gets(f_bio, bio_buffer, bufferSz), 0); f = XFOPEN(svrCertFile, "rb"); AssertTrue((f != XBADFILE)); AssertIntEQ((int)BIO_set_fp(f_bio, f, BIO_CLOSE), SSL_SUCCESS); AssertIntGT(BIO_gets(f_bio, bio_buffer, bufferSz), 0); BIO_free(f_bio); } #endif /* NO_FILESYSTEM */ BIO_free(bio); BIO_free(bio2); /* try with type BIO */ XMEMCPY(msg, "\nhello wolfSSL\n security plus\t---...**adf\na...b.c", sizeof(msg)); AssertNotNull(bio = BIO_new(BIO_s_bio())); AssertIntEQ(BIO_gets(bio, bio_buffer, 2), 0); /* nothing to read */ AssertNotNull(bio2 = BIO_new(BIO_s_bio())); AssertIntEQ(BIO_set_write_buf_size(bio, 10), SSL_SUCCESS); AssertIntEQ(BIO_set_write_buf_size(bio2, sizeof(msg)), SSL_SUCCESS); AssertIntEQ(BIO_make_bio_pair(bio, bio2), SSL_SUCCESS); AssertIntEQ(BIO_write(bio2, msg, sizeof(msg)), sizeof(msg)); AssertIntEQ(BIO_gets(bio, bio_buffer, -3), 0); AssertIntEQ(BIO_gets(bio, bio_buffer, bufferSz), 1); AssertIntEQ(BIO_gets(bio, bio_buffer, bufferSz), 14); AssertStrEQ(bio_buffer, "hello wolfSSL\n"); AssertIntEQ(BIO_gets(bio, bio_buffer, bufferSz), 19); AssertIntEQ(BIO_gets(bio, bio_buffer, bufferSz), 8); AssertIntEQ(BIO_gets(bio, bio_buffer, -1), 0); BIO_free(bio); BIO_free(bio2); /* check reading an empty string */ AssertNotNull(bio = BIO_new(BIO_s_bio())); AssertIntEQ(BIO_set_write_buf_size(bio, sizeof(emp)), SSL_SUCCESS); AssertIntEQ(BIO_gets(bio, bio_buffer, bufferSz), 0); /* Nothing to read */ AssertStrEQ(emp, bio_buffer); BIO_free(bio); res = TEST_RES_CHECK(1); #endif return res; } static int test_wolfSSL_BIO_puts(void) { int res = TEST_SKIPPED; #if defined(OPENSSL_EXTRA) BIO* bio; char input[] = "hello\0world\n.....ok\n\0"; char output[128]; XMEMSET(output, 0, sizeof(output)); AssertNotNull(bio = BIO_new(BIO_s_mem())); AssertIntEQ(BIO_puts(bio, input), 5); AssertIntEQ(BIO_pending(bio), 5); AssertIntEQ(BIO_puts(bio, input + 6), 14); AssertIntEQ(BIO_pending(bio), 19); AssertIntEQ(BIO_gets(bio, output, sizeof(output)), 11); AssertStrEQ(output, "helloworld\n"); AssertIntEQ(BIO_pending(bio), 8); AssertIntEQ(BIO_gets(bio, output, sizeof(output)), 8); AssertStrEQ(output, ".....ok\n"); AssertIntEQ(BIO_pending(bio), 0); AssertIntEQ(BIO_puts(bio, ""), -1); BIO_free(bio); res = TEST_RES_CHECK(1); #endif return res; } static int test_wolfSSL_BIO_dump(void) { int res = TEST_SKIPPED; #if defined(OPENSSL_EXTRA) BIO* bio; static const unsigned char data[] = { 0x30, 0x59, 0x30, 0x13, 0x06, 0x07, 0x2A, 0x86, 0x48, 0xCE, 0x3D, 0x02, 0x01, 0x06, 0x08, 0x2A, 0x86, 0x48, 0xCE, 0x3D, 0x03, 0x01, 0x07, 0x03, 0x42, 0x00, 0x04, 0x55, 0xBF, 0xF4, 0x0F, 0x44, 0x50, 0x9A, 0x3D, 0xCE, 0x9B, 0xB7, 0xF0, 0xC5, 0x4D, 0xF5, 0x70, 0x7B, 0xD4, 0xEC, 0x24, 0x8E, 0x19, 0x80, 0xEC, 0x5A, 0x4C, 0xA2, 0x24, 0x03, 0x62, 0x2C, 0x9B, 0xDA, 0xEF, 0xA2, 0x35, 0x12, 0x43, 0x84, 0x76, 0x16, 0xC6, 0x56, 0x95, 0x06, 0xCC, 0x01, 0xA9, 0xBD, 0xF6, 0x75, 0x1A, 0x42, 0xF7, 0xBD, 0xA9, 0xB2, 0x36, 0x22, 0x5F, 0xC7, 0x5D, 0x7F, 0xB4 }; /* Generated with OpenSSL. */ static const char expected[] = "0000 - 30 59 30 13 06 07 2a 86-48 ce 3d 02 01 06 08 2a 0Y0...*.H.=....*\n" "0010 - 86 48 ce 3d 03 01 07 03-42 00 04 55 bf f4 0f 44 .H.=....B..U...D\n" "0020 - 50 9a 3d ce 9b b7 f0 c5-4d f5 70 7b d4 ec 24 8e P.=.....M.p{..$.\n" "0030 - 19 80 ec 5a 4c a2 24 03-62 2c 9b da ef a2 35 12 ...ZL.$.b,....5.\n" "0040 - 43 84 76 16 c6 56 95 06-cc 01 a9 bd f6 75 1a 42 C.v..V.......u.B\n" "0050 - f7 bd a9 b2 36 22 5f c7-5d 7f b4 ....6\"_.]..\n"; static const char expectedAll[] = "0000 - 00 01 02 03 04 05 06 07-08 09 0a 0b 0c 0d 0e 0f ................\n" "0010 - 10 11 12 13 14 15 16 17-18 19 1a 1b 1c 1d 1e 1f ................\n" "0020 - 20 21 22 23 24 25 26 27-28 29 2a 2b 2c 2d 2e 2f !\"#$%&'()*+,-./\n" "0030 - 30 31 32 33 34 35 36 37-38 39 3a 3b 3c 3d 3e 3f 0123456789:;<=>?\n" "0040 - 40 41 42 43 44 45 46 47-48 49 4a 4b 4c 4d 4e 4f @ABCDEFGHIJKLMNO\n" "0050 - 50 51 52 53 54 55 56 57-58 59 5a 5b 5c 5d 5e 5f PQRSTUVWXYZ[\\]^_\n" "0060 - 60 61 62 63 64 65 66 67-68 69 6a 6b 6c 6d 6e 6f `abcdefghijklmno\n" "0070 - 70 71 72 73 74 75 76 77-78 79 7a 7b 7c 7d 7e 7f pqrstuvwxyz{|}~.\n" "0080 - 80 81 82 83 84 85 86 87-88 89 8a 8b 8c 8d 8e 8f ................\n" "0090 - 90 91 92 93 94 95 96 97-98 99 9a 9b 9c 9d 9e 9f ................\n" "00a0 - a0 a1 a2 a3 a4 a5 a6 a7-a8 a9 aa ab ac ad ae af ................\n" "00b0 - b0 b1 b2 b3 b4 b5 b6 b7-b8 b9 ba bb bc bd be bf ................\n" "00c0 - c0 c1 c2 c3 c4 c5 c6 c7-c8 c9 ca cb cc cd ce cf ................\n" "00d0 - d0 d1 d2 d3 d4 d5 d6 d7-d8 d9 da db dc dd de df ................\n" "00e0 - e0 e1 e2 e3 e4 e5 e6 e7-e8 e9 ea eb ec ed ee ef ................\n" "00f0 - f0 f1 f2 f3 f4 f5 f6 f7-f8 f9 fa fb fc fd fe ff ................\n"; char output[16 * 80]; int i; AssertNotNull(bio = BIO_new(BIO_s_mem())); /* Example key dumped. */ AssertIntEQ(BIO_dump(bio, (const char*)data, (int)sizeof(data)), sizeof(expected) - 1); AssertIntEQ(BIO_read(bio, output, sizeof(output)), sizeof(expected) - 1); AssertIntEQ(XMEMCMP(output, expected, sizeof(expected) - 1), 0); /* Try every possible value for a character. */ for (i = 0; i < 256; i++) output[i] = i; AssertIntEQ(BIO_dump(bio, output, 256), sizeof(expectedAll) - 1); AssertIntEQ(BIO_read(bio, output, sizeof(output)), sizeof(expectedAll) - 1); AssertIntEQ(XMEMCMP(output, expectedAll, sizeof(expectedAll) - 1), 0); BIO_free(bio); res = TEST_RES_CHECK(1); #endif return res; } #if defined(OPENSSL_ALL) && !defined(NO_FILESYSTEM) && !defined(NO_CERTS) && \ !defined(NO_RSA) && defined(HAVE_EXT_CACHE) && \ defined(HAVE_IO_TESTS_DEPENDENCIES) && defined(USE_WOLFSSL_IO) static int forceWantRead(WOLFSSL *ssl, char *buf, int sz, void *ctx) { (void)ssl; (void)buf; (void)sz; (void)ctx; return WOLFSSL_CBIO_ERR_WANT_READ; } #endif static int test_wolfSSL_BIO_should_retry(void) { int res = TEST_SKIPPED; #if defined(OPENSSL_ALL) && !defined(NO_FILESYSTEM) && !defined(NO_CERTS) && \ !defined(NO_RSA) && defined(HAVE_EXT_CACHE) && \ defined(HAVE_IO_TESTS_DEPENDENCIES) && defined(USE_WOLFSSL_IO) tcp_ready ready; func_args server_args; THREAD_TYPE serverThread; SOCKET_T sockfd = 0; WOLFSSL_CTX* ctx; WOLFSSL* ssl; char msg[64] = "hello wolfssl!"; char reply[1024]; int msgSz = (int)XSTRLEN(msg); int ret; BIO* bio; XMEMSET(&server_args, 0, sizeof(func_args)); #ifdef WOLFSSL_TIRTOS fdOpenSession(Task_self()); #endif StartTCP(); InitTcpReady(&ready); #if defined(USE_WINDOWS_API) /* use RNG to get random port if using windows */ ready.port = GetRandomPort(); #endif server_args.signal = &ready; start_thread(test_server_nofail, &server_args, &serverThread); wait_tcp_ready(&server_args); AssertNotNull(ctx = wolfSSL_CTX_new(wolfSSLv23_client_method())); #ifdef OPENSSL_COMPATIBLE_DEFAULTS AssertIntEQ(wolfSSL_CTX_clear_mode(ctx, SSL_MODE_AUTO_RETRY), 0); #endif AssertIntEQ(WOLFSSL_SUCCESS, wolfSSL_CTX_load_verify_locations(ctx, caCertFile, 0)); AssertIntEQ(WOLFSSL_SUCCESS, wolfSSL_CTX_use_certificate_file(ctx, cliCertFile, SSL_FILETYPE_PEM)); AssertIntEQ(WOLFSSL_SUCCESS, wolfSSL_CTX_use_PrivateKey_file(ctx, cliKeyFile, SSL_FILETYPE_PEM)); tcp_connect(&sockfd, wolfSSLIP, server_args.signal->port, 0, 0, NULL); /* force retry */ ssl = wolfSSL_new(ctx); AssertNotNull(ssl); AssertIntEQ(wolfSSL_set_fd(ssl, sockfd), WOLFSSL_SUCCESS); wolfSSL_SSLSetIORecv(ssl, forceWantRead); AssertNotNull(bio = BIO_new(BIO_f_ssl())); BIO_set_ssl(bio, ssl, BIO_CLOSE); AssertIntLE(BIO_write(bio, msg, msgSz), 0); AssertIntNE(BIO_should_retry(bio), 0); /* now perform successful connection */ wolfSSL_SSLSetIORecv(ssl, EmbedReceive); AssertIntEQ(BIO_write(bio, msg, msgSz), msgSz); BIO_read(bio, reply, sizeof(reply)); ret = wolfSSL_get_error(ssl, -1); if (ret == WOLFSSL_ERROR_WANT_READ || ret == WOLFSSL_ERROR_WANT_WRITE) { AssertIntNE(BIO_should_retry(bio), 0); } else { AssertIntEQ(BIO_should_retry(bio), 0); } AssertIntEQ(XMEMCMP(reply, "I hear you fa shizzle!", XSTRLEN("I hear you fa shizzle!")), 0); BIO_free(bio); wolfSSL_CTX_free(ctx); join_thread(serverThread); FreeTcpReady(&ready); #ifdef WOLFSSL_TIRTOS fdOpenSession(Task_self()); #endif res = TEST_RES_CHECK(1); #endif return res; } static int test_wolfSSL_BIO_connect(void) { int res = TEST_SKIPPED; #if defined(OPENSSL_ALL) && defined(HAVE_IO_TESTS_DEPENDENCIES) && \ defined(HAVE_HTTP_CLIENT) && !defined(NO_WOLFSSL_CLIENT) tcp_ready ready; func_args server_args; THREAD_TYPE serverThread; BIO *tcpBio; BIO *sslBio; SSL_CTX* ctx; SSL *ssl; SSL *sslPtr; char msg[] = "hello wolfssl!"; char reply[30]; char buff[10] = {0}; AssertNotNull(ctx = wolfSSL_CTX_new(wolfSSLv23_client_method())); AssertIntEQ(WOLFSSL_SUCCESS, wolfSSL_CTX_load_verify_locations(ctx, caCertFile, 0)); AssertIntEQ(WOLFSSL_SUCCESS, wolfSSL_CTX_use_certificate_file(ctx, cliCertFile, SSL_FILETYPE_PEM)); AssertIntEQ(WOLFSSL_SUCCESS, wolfSSL_CTX_use_PrivateKey_file(ctx, cliKeyFile, SSL_FILETYPE_PEM)); /* Setup server */ XMEMSET(&server_args, 0, sizeof(func_args)); StartTCP(); InitTcpReady(&ready); #if defined(USE_WINDOWS_API) /* use RNG to get random port if using windows */ ready.port = GetRandomPort(); #endif server_args.signal = &ready; start_thread(test_server_nofail, &server_args, &serverThread); wait_tcp_ready(&server_args); AssertIntGT(XSPRINTF(buff, "%d", ready.port), 0); /* Start the test proper */ /* Setup the TCP BIO */ AssertNotNull(tcpBio = BIO_new_connect(wolfSSLIP)); AssertIntEQ(BIO_set_conn_port(tcpBio, buff), 1); /* Setup the SSL object */ AssertNotNull(ssl = SSL_new(ctx)); SSL_set_connect_state(ssl); /* Setup the SSL BIO */ AssertNotNull(sslBio = BIO_new(BIO_f_ssl())); AssertIntEQ(BIO_set_ssl(sslBio, ssl, BIO_CLOSE), 1); /* Verify that BIO_get_ssl works. */ AssertIntEQ(BIO_get_ssl(sslBio, &sslPtr), 1); AssertPtrEq(ssl, sslPtr); /* Link BIO's so that sslBio uses tcpBio for IO */ AssertPtrEq(BIO_push(sslBio, tcpBio), sslBio); /* Do TCP connect */ AssertIntEQ(BIO_do_connect(sslBio), 1); /* Do TLS handshake */ AssertIntEQ(BIO_do_handshake(sslBio), 1); /* Test writing */ AssertIntEQ(BIO_write(sslBio, msg, sizeof(msg)), sizeof(msg)); /* Expect length of default wolfSSL reply */ AssertIntEQ(BIO_read(sslBio, reply, sizeof(reply)), 23); /* Clean it all up */ BIO_free_all(sslBio); /* Server clean up */ join_thread(serverThread); FreeTcpReady(&ready); /* Run the same test, but use BIO_new_ssl_connect and set the IP and port * after. */ XMEMSET(&server_args, 0, sizeof(func_args)); StartTCP(); InitTcpReady(&ready); #if defined(USE_WINDOWS_API) /* use RNG to get random port if using windows */ ready.port = GetRandomPort(); #endif server_args.signal = &ready; start_thread(test_server_nofail, &server_args, &serverThread); wait_tcp_ready(&server_args); AssertIntGT(XSPRINTF(buff, "%d", ready.port), 0); AssertNotNull(sslBio = BIO_new_ssl_connect(ctx)); AssertIntEQ(BIO_set_conn_hostname(sslBio, (char*)wolfSSLIP), 1); AssertIntEQ(BIO_set_conn_port(sslBio, buff), 1); AssertIntEQ(BIO_do_connect(sslBio), 1); AssertIntEQ(BIO_do_handshake(sslBio), 1); AssertIntEQ(BIO_write(sslBio, msg, sizeof(msg)), sizeof(msg)); AssertIntEQ(BIO_read(sslBio, reply, sizeof(reply)), 23); /* Attempt to close the TLS connection gracefully. */ BIO_ssl_shutdown(sslBio); BIO_free_all(sslBio); join_thread(serverThread); FreeTcpReady(&ready); SSL_CTX_free(ctx); #if defined(HAVE_ECC) && defined(FP_ECC) && defined(HAVE_THREAD_LS) wc_ecc_fp_free(); /* free per thread cache */ #endif res = TEST_RES_CHECK(1); #endif return res; } static int test_wolfSSL_BIO_tls(void) { int res = TEST_SKIPPED; #if !defined(NO_BIO) && defined(OPENSSL_EXTRA) && !defined(NO_WOLFSSL_CLIENT) SSL_CTX* ctx; SSL *ssl; BIO *readBio; BIO *writeBio; int ret, err = 0; AssertNotNull(ctx = SSL_CTX_new(SSLv23_method())); AssertNotNull(ssl = SSL_new(ctx)); AssertNotNull(readBio = BIO_new(BIO_s_mem())); AssertNotNull(writeBio = BIO_new(BIO_s_mem())); /* Qt reads data from write-bio, * then writes the read data into plain packet. * Qt reads data from plain packet, * then writes the read data into read-bio. */ SSL_set_bio(ssl, readBio, writeBio); do { #ifdef WOLFSSL_ASYNC_CRYPT if (err == WC_PENDING_E) { ret = wolfSSL_AsyncPoll(ssl, WOLF_POLL_FLAG_CHECK_HW); if (ret < 0) { break; } else if (ret == 0) { continue; } } #endif ret = SSL_connect(ssl); err = SSL_get_error(ssl, 0); } while (err == WC_PENDING_E); AssertIntEQ(ret, WOLFSSL_FATAL_ERROR); /* in this use case, should return WANT READ * so that Qt will read the data from plain packet for next state. */ AssertIntEQ(err, SSL_ERROR_WANT_READ); SSL_free(ssl); SSL_CTX_free(ctx); res = TEST_RES_CHECK(1); #endif return res; } #if defined(OPENSSL_ALL) && defined(HAVE_IO_TESTS_DEPENDENCIES) && defined(HAVE_HTTP_CLIENT) static THREAD_RETURN WOLFSSL_THREAD test_wolfSSL_BIO_accept_client(void* args) { BIO* clientBio; SSL* sslClient; SSL_CTX* ctx; char connectAddr[20]; /* IP + port */; (void)args; AssertIntGT(snprintf(connectAddr, sizeof(connectAddr), "%s:%d", wolfSSLIP, wolfSSLPort), 0); AssertNotNull(clientBio = BIO_new_connect(connectAddr)); AssertIntEQ(BIO_do_connect(clientBio), 1); AssertNotNull(ctx = SSL_CTX_new(SSLv23_method())); AssertNotNull(sslClient = SSL_new(ctx)); AssertIntEQ(wolfSSL_CTX_load_verify_locations(ctx, caCertFile, 0), WOLFSSL_SUCCESS); SSL_set_bio(sslClient, clientBio, clientBio); AssertIntEQ(SSL_connect(sslClient), 1); SSL_free(sslClient); SSL_CTX_free(ctx); #if defined(HAVE_ECC) && defined(FP_ECC) && defined(HAVE_THREAD_LS) wc_ecc_fp_free(); /* free per thread cache */ #endif return 0; } #endif static int test_wolfSSL_BIO_accept(void) { int res = TEST_SKIPPED; #if defined(OPENSSL_ALL) && defined(HAVE_IO_TESTS_DEPENDENCIES) && defined(HAVE_HTTP_CLIENT) BIO* serverBindBio; BIO* serverAcceptBio; SSL* sslServer; SSL_CTX* ctx; func_args args; THREAD_TYPE thread; char port[10]; /* 10 bytes should be enough to store the string * representation of the port */ AssertIntGT(snprintf(port, sizeof(port), "%d", wolfSSLPort), 0); AssertNotNull(serverBindBio = BIO_new_accept(port)); /* First BIO_do_accept binds the port */ AssertIntEQ(BIO_do_accept(serverBindBio), 1); XMEMSET(&args, 0, sizeof(func_args)); start_thread(test_wolfSSL_BIO_accept_client, &args, &thread); AssertIntEQ(BIO_do_accept(serverBindBio), 1); /* Let's plug it into SSL to test */ AssertNotNull(ctx = SSL_CTX_new(SSLv23_method())); AssertIntEQ(wolfSSL_CTX_use_certificate_file(ctx, svrCertFile, SSL_FILETYPE_PEM), WOLFSSL_SUCCESS); AssertIntEQ(wolfSSL_CTX_use_PrivateKey_file(ctx, svrKeyFile, SSL_FILETYPE_PEM), WOLFSSL_SUCCESS); AssertNotNull(sslServer = SSL_new(ctx)); AssertNotNull(serverAcceptBio = BIO_pop(serverBindBio)); SSL_set_bio(sslServer, serverAcceptBio, serverAcceptBio); AssertIntEQ(SSL_accept(sslServer), 1); join_thread(thread); BIO_free(serverBindBio); SSL_free(sslServer); SSL_CTX_free(ctx); #if defined(HAVE_ECC) && defined(FP_ECC) && defined(HAVE_THREAD_LS) wc_ecc_fp_free(); /* free per thread cache */ #endif res = TEST_RES_CHECK(1); #endif return res; } static int test_wolfSSL_BIO_write(void) { int res = TEST_SKIPPED; #if defined(OPENSSL_EXTRA) && defined(WOLFSSL_BASE64_ENCODE) BIO* bio; BIO* bio64; BIO* ptr; int sz; char msg[] = "conversion test"; char out[40]; char expected[] = "Y29udmVyc2lvbiB0ZXN0AA==\n"; void* bufPtr = NULL; BUF_MEM* buf = NULL; AssertNotNull(bio64 = BIO_new(BIO_f_base64())); AssertNotNull(bio = BIO_push(bio64, BIO_new(BIO_s_mem()))); /* now should convert to base64 then write to memory */ AssertIntEQ(BIO_write(bio, msg, sizeof(msg)), sizeof(msg)); BIO_flush(bio); /* test BIO chain */ AssertIntEQ(SSL_SUCCESS, (int)BIO_get_mem_ptr(bio, &buf)); AssertNotNull(buf); AssertIntEQ(buf->length, 25); AssertIntEQ(BIO_get_mem_data(bio, &bufPtr), 25); AssertPtrEq(buf->data, bufPtr); AssertNotNull(ptr = BIO_find_type(bio, BIO_TYPE_MEM)); sz = sizeof(out); XMEMSET(out, 0, sz); AssertIntEQ((sz = BIO_read(ptr, out, sz)), 25); AssertIntEQ(XMEMCMP(out, expected, sz), 0); /* write then read should return the same message */ AssertIntEQ(BIO_write(bio, msg, sizeof(msg)), sizeof(msg)); sz = sizeof(out); XMEMSET(out, 0, sz); AssertIntEQ(BIO_read(bio, out, sz), 16); AssertIntEQ(XMEMCMP(out, msg, sizeof(msg)), 0); /* now try encoding with no line ending */ BIO_set_flags(bio64, BIO_FLAGS_BASE64_NO_NL); #ifdef HAVE_EX_DATA BIO_set_ex_data(bio64, 0, (void*) "data"); AssertIntEQ(strcmp((const char*)BIO_get_ex_data(bio64, 0), "data"), 0); #endif AssertIntEQ(BIO_write(bio, msg, sizeof(msg)), sizeof(msg)); BIO_flush(bio); sz = sizeof(out); XMEMSET(out, 0, sz); AssertIntEQ((sz = BIO_read(ptr, out, sz)), 24); AssertIntEQ(XMEMCMP(out, expected, sz), 0); BIO_free_all(bio); /* frees bio64 also */ /* test with more than one bio64 in list */ AssertNotNull(bio64 = BIO_new(BIO_f_base64())); AssertNotNull(bio = BIO_push(BIO_new(BIO_f_base64()), bio64)); AssertNotNull(BIO_push(bio64, BIO_new(BIO_s_mem()))); /* now should convert to base64 when stored and then decode with read */ AssertIntEQ(BIO_write(bio, msg, sizeof(msg)), 25); BIO_flush(bio); sz = sizeof(out); XMEMSET(out, 0, sz); AssertIntEQ((sz = BIO_read(bio, out, sz)), 16); AssertIntEQ(XMEMCMP(out, msg, sz), 0); BIO_clear_flags(bio64, ~0); BIO_set_retry_read(bio); BIO_free_all(bio); /* frees bio64s also */ AssertNotNull(bio = BIO_new_mem_buf(out, 0)); AssertIntEQ(BIO_write(bio, msg, sizeof(msg)), sizeof(msg)); BIO_free(bio); res = TEST_RES_CHECK(1); #endif return res; } static int test_wolfSSL_BIO_printf(void) { int res = TEST_SKIPPED; #if defined(OPENSSL_ALL) BIO* bio; int sz = 7; char msg[] = "TLS 1.3 for the world"; char out[60]; char expected[] = "TLS 1.3 for the world : sz = 7"; XMEMSET(out, 0, sizeof(out)); AssertNotNull(bio = BIO_new(BIO_s_mem())); AssertIntEQ(BIO_printf(bio, "%s : sz = %d", msg, sz), 30); AssertIntEQ(BIO_printf(NULL, ""), WOLFSSL_FATAL_ERROR); AssertIntEQ(BIO_read(bio, out, sizeof(out)), 30); AssertIntEQ(XSTRNCMP(out, expected, sizeof(expected)), 0); BIO_free(bio); res = TEST_RES_CHECK(1); #endif return res; } static int test_wolfSSL_BIO_f_md(void) { int res = TEST_SKIPPED; #if defined(OPENSSL_ALL) && !defined(NO_SHA256) BIO *bio, *mem; char msg[] = "message to hash"; char out[60]; EVP_MD_CTX* ctx; const unsigned char testKey[] = { 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b }; const char testData[] = "Hi There"; const unsigned char testResult[] = { 0xb0, 0x34, 0x4c, 0x61, 0xd8, 0xdb, 0x38, 0x53, 0x5c, 0xa8, 0xaf, 0xce, 0xaf, 0x0b, 0xf1, 0x2b, 0x88, 0x1d, 0xc2, 0x00, 0xc9, 0x83, 0x3d, 0xa7, 0x26, 0xe9, 0x37, 0x6c, 0x2e, 0x32, 0xcf, 0xf7 }; const unsigned char expectedHash[] = { 0x66, 0x49, 0x3C, 0xE8, 0x8A, 0x57, 0xB0, 0x60, 0xDC, 0x55, 0x7D, 0xFC, 0x1F, 0xA5, 0xE5, 0x07, 0x70, 0x5A, 0xF6, 0xD7, 0xC4, 0x1F, 0x1A, 0xE4, 0x2D, 0xA6, 0xFD, 0xD1, 0x29, 0x7D, 0x60, 0x0D }; const unsigned char emptyHash[] = { 0xE3, 0xB0, 0xC4, 0x42, 0x98, 0xFC, 0x1C, 0x14, 0x9A, 0xFB, 0xF4, 0xC8, 0x99, 0x6F, 0xB9, 0x24, 0x27, 0xAE, 0x41, 0xE4, 0x64, 0x9B, 0x93, 0x4C, 0xA4, 0x95, 0x99, 0x1B, 0x78, 0x52, 0xB8, 0x55 }; unsigned char check[sizeof(testResult) + 1]; size_t checkSz = -1; EVP_PKEY* key; XMEMSET(out, 0, sizeof(out)); AssertNotNull(bio = BIO_new(BIO_f_md())); AssertNotNull(mem = BIO_new(BIO_s_mem())); AssertIntEQ(BIO_get_md_ctx(bio, &ctx), 1); AssertIntEQ(EVP_DigestInit(ctx, EVP_sha256()), 1); /* should not be able to write/read yet since just digest wrapper and no * data is passing through the bio */ AssertIntEQ(BIO_write(bio, msg, 0), 0); AssertIntEQ(BIO_pending(bio), 0); AssertIntEQ(BIO_read(bio, out, sizeof(out)), 0); AssertIntEQ(BIO_gets(bio, out, 3), 0); AssertIntEQ(BIO_gets(bio, out, sizeof(out)), 32); AssertIntEQ(XMEMCMP(emptyHash, out, 32), 0); BIO_reset(bio); /* append BIO mem to bio in order to read/write */ AssertNotNull(bio = BIO_push(bio, mem)); XMEMSET(out, 0, sizeof(out)); AssertIntEQ(BIO_write(mem, msg, sizeof(msg)), 16); AssertIntEQ(BIO_pending(bio), 16); /* this just reads the message and does not hash it (gets calls final) */ AssertIntEQ(BIO_read(bio, out, sizeof(out)), 16); AssertIntEQ(XMEMCMP(out, msg, sizeof(msg)), 0); /* create a message digest using BIO */ XMEMSET(out, 0, sizeof(out)); AssertIntEQ(BIO_write(bio, msg, sizeof(msg)), 16); AssertIntEQ(BIO_pending(mem), 16); AssertIntEQ(BIO_pending(bio), 16); AssertIntEQ(BIO_gets(bio, out, sizeof(out)), 32); AssertIntEQ(XMEMCMP(expectedHash, out, 32), 0); BIO_free(bio); BIO_free(mem); /* test with HMAC */ XMEMSET(out, 0, sizeof(out)); AssertNotNull(bio = BIO_new(BIO_f_md())); AssertNotNull(mem = BIO_new(BIO_s_mem())); BIO_get_md_ctx(bio, &ctx); AssertNotNull(key = EVP_PKEY_new_mac_key(EVP_PKEY_HMAC, NULL, testKey, (int)sizeof(testKey))); EVP_DigestSignInit(ctx, NULL, EVP_sha256(), NULL, key); AssertNotNull(bio = BIO_push(bio, mem)); BIO_write(bio, testData, (int)strlen(testData)); EVP_DigestSignFinal(ctx, NULL, &checkSz); EVP_DigestSignFinal(ctx, check, &checkSz); AssertIntEQ(XMEMCMP(check, testResult, sizeof(testResult)), 0); EVP_PKEY_free(key); BIO_free(bio); BIO_free(mem); res = TEST_RES_CHECK(1); #endif return res; } static int test_wolfSSL_BIO_up_ref(void) { int res = TEST_SKIPPED; #if defined(OPENSSL_ALL) || defined(OPENSSL_EXTRA) BIO* bio; AssertNotNull(bio = BIO_new(BIO_f_md())); AssertIntEQ(BIO_up_ref(NULL), 0); AssertIntEQ(BIO_up_ref(bio), 1); BIO_free(bio); AssertIntEQ(BIO_up_ref(bio), 1); BIO_free(bio); BIO_free(bio); res = TEST_RES_CHECK(1); #endif return res; } static int test_wolfSSL_BIO_reset(void) { int res = TEST_SKIPPED; #if defined(OPENSSL_ALL) || defined(OPENSSL_EXTRA) BIO* bio; byte buf[16]; AssertNotNull(bio = BIO_new_mem_buf("secure your data", (word32)XSTRLEN("secure your data"))); AssertIntEQ(BIO_read(bio, buf, 6), 6); AssertIntEQ(XMEMCMP(buf, "secure", 6), 0); XMEMSET(buf, 0, 16); AssertIntEQ(BIO_read(bio, buf, 16), 10); AssertIntEQ(XMEMCMP(buf, " your data", 10), 0); /* You cannot write to MEM BIO with read-only mode. */ AssertIntEQ(BIO_write(bio, "WriteToReadonly", 15), 0); AssertIntEQ(BIO_read(bio, buf, 16), -1); XMEMSET(buf, 0, 16); AssertIntEQ(BIO_reset(bio), 0); AssertIntEQ(BIO_read(bio, buf, 16), 16); AssertIntEQ(XMEMCMP(buf, "secure your data", 16), 0); BIO_free(bio); res = TEST_RES_CHECK(1); #endif return res; } #endif /* !NO_BIO */ #if defined(OPENSSL_EXTRA) && defined(HAVE_IO_TESTS_DEPENDENCIES) /* test that the callback arg is correct */ static int certCbArg = 0; static int clientCertCb(WOLFSSL* ssl, void* arg) { if (ssl == NULL || arg != &certCbArg) return 0; if (wolfSSL_use_certificate_file(ssl, cliCertFile, WOLFSSL_FILETYPE_PEM) != WOLFSSL_SUCCESS) return 0; if (wolfSSL_use_PrivateKey_file(ssl, cliKeyFile, WOLFSSL_FILETYPE_PEM) != WOLFSSL_SUCCESS) return 0; return 1; } static void clientCertSetupCb(WOLFSSL_CTX* ctx) { SSL_CTX_set_cert_cb(ctx, clientCertCb, &certCbArg); } /** * This is only done because test_client_nofail has no way to stop * certificate and key loading */ static void clientCertClearCb(WOLFSSL* ssl) { /* Clear the loaded certs to force the callbacks to set them up */ SSL_certs_clear(ssl); } static int serverCertCb(WOLFSSL* ssl, void* arg) { if (ssl == NULL || arg != &certCbArg) return 0; if (wolfSSL_use_certificate_file(ssl, svrCertFile, WOLFSSL_FILETYPE_PEM) != WOLFSSL_SUCCESS) return 0; if (wolfSSL_use_PrivateKey_file(ssl, svrKeyFile, WOLFSSL_FILETYPE_PEM) != WOLFSSL_SUCCESS) return 0; return 1; } static void serverCertSetupCb(WOLFSSL_CTX* ctx) { SSL_CTX_set_cert_cb(ctx, serverCertCb, &certCbArg); } /** * This is only done because test_server_nofail has no way to stop * certificate and key loading */ static void serverCertClearCb(WOLFSSL* ssl) { /* Clear the loaded certs to force the callbacks to set them up */ SSL_certs_clear(ssl); } #endif static int test_wolfSSL_cert_cb(void) { int res = TEST_SKIPPED; #if defined(OPENSSL_EXTRA) && defined(HAVE_IO_TESTS_DEPENDENCIES) callback_functions func_cb_client; callback_functions func_cb_server; tcp_ready ready; func_args client_args; func_args server_args; THREAD_TYPE serverThread; XMEMSET(&client_args, 0, sizeof(func_args)); XMEMSET(&server_args, 0, sizeof(func_args)); XMEMSET(&func_cb_client, 0, sizeof(callback_functions)); XMEMSET(&func_cb_server, 0, sizeof(callback_functions)); #ifdef WOLFSSL_TIRTOS fdOpenSession(Task_self()); #endif StartTCP(); InitTcpReady(&ready); #if defined(USE_WINDOWS_API) /* use RNG to get random port if using windows */ ready.port = GetRandomPort(); #endif server_args.signal = &ready; client_args.signal = &ready; client_args.callbacks = &func_cb_client; server_args.callbacks = &func_cb_server; func_cb_client.ctx_ready = clientCertSetupCb; func_cb_client.ssl_ready = clientCertClearCb; func_cb_server.ctx_ready = serverCertSetupCb; func_cb_server.ssl_ready = serverCertClearCb; start_thread(test_server_nofail, &server_args, &serverThread); wait_tcp_ready(&server_args); test_client_nofail(&client_args, NULL); join_thread(serverThread); AssertTrue(client_args.return_code); AssertTrue(server_args.return_code); FreeTcpReady(&ready); #ifdef WOLFSSL_TIRTOS fdOpenSession(Task_self()); #endif res = TEST_RES_CHECK(1); #endif return res; } static int test_wolfSSL_SESSION(void) { int res = TEST_SKIPPED; #if !defined(NO_FILESYSTEM) && !defined(NO_CERTS) && \ !defined(NO_RSA) && defined(HAVE_IO_TESTS_DEPENDENCIES) && \ !defined(NO_SESSION_CACHE) WOLFSSL* ssl; WOLFSSL_CTX* ctx; WOLFSSL_SESSION* sess; WOLFSSL_SESSION* sess_copy; #ifdef OPENSSL_EXTRA #ifdef HAVE_EXT_CACHE unsigned char* sessDer = NULL; unsigned char* ptr = NULL; int sz; #endif const unsigned char context[] = "user app context"; unsigned int contextSz = (unsigned int)sizeof(context); #endif int ret, err; SOCKET_T sockfd; tcp_ready ready; func_args server_args; THREAD_TYPE serverThread; char msg[80]; const char* sendGET = "GET"; /* TLS v1.3 requires session tickets */ /* CHACHA and POLY1305 required for myTicketEncCb */ #if defined(WOLFSSL_TLS13) && (!defined(HAVE_SESSION_TICKET) && \ !defined(WOLFSSL_NO_TLS12) || !(defined(HAVE_CHACHA) && \ defined(HAVE_POLY1305) && !defined(HAVE_AESGCM))) AssertNotNull(ctx = wolfSSL_CTX_new(wolfTLSv1_2_client_method())); #else AssertNotNull(ctx = wolfSSL_CTX_new(wolfSSLv23_client_method())); #endif AssertTrue(wolfSSL_CTX_use_certificate_file(ctx, cliCertFile, WOLFSSL_FILETYPE_PEM)); AssertTrue(wolfSSL_CTX_use_PrivateKey_file(ctx, cliKeyFile, WOLFSSL_FILETYPE_PEM)); AssertIntEQ(wolfSSL_CTX_load_verify_locations(ctx, caCertFile, 0), WOLFSSL_SUCCESS); #ifdef WOLFSSL_ENCRYPTED_KEYS wolfSSL_CTX_set_default_passwd_cb(ctx, PasswordCallBack); #endif #ifdef HAVE_SESSION_TICKET /* Use session tickets, for ticket tests below */ AssertIntEQ(wolfSSL_CTX_UseSessionTicket(ctx), WOLFSSL_SUCCESS); #endif XMEMSET(&server_args, 0, sizeof(func_args)); #ifdef WOLFSSL_TIRTOS fdOpenSession(Task_self()); #endif StartTCP(); InitTcpReady(&ready); #if defined(USE_WINDOWS_API) /* use RNG to get random port if using windows */ ready.port = GetRandomPort(); #endif server_args.signal = &ready; start_thread(test_server_nofail, &server_args, &serverThread); wait_tcp_ready(&server_args); /* client connection */ ssl = wolfSSL_new(ctx); tcp_connect(&sockfd, wolfSSLIP, ready.port, 0, 0, ssl); AssertIntEQ(wolfSSL_set_fd(ssl, sockfd), WOLFSSL_SUCCESS); #ifdef WOLFSSL_ASYNC_CRYPT err = 0; /* Reset error */ #endif do { #ifdef WOLFSSL_ASYNC_CRYPT if (err == WC_PENDING_E) { ret = wolfSSL_AsyncPoll(ssl, WOLF_POLL_FLAG_CHECK_HW); if (ret < 0) { break; } else if (ret == 0) { continue; } } #endif ret = wolfSSL_connect(ssl); err = wolfSSL_get_error(ssl, 0); } while (err == WC_PENDING_E); AssertIntEQ(ret, WOLFSSL_SUCCESS); #ifdef WOLFSSL_ASYNC_CRYPT err = 0; /* Reset error */ #endif do { #ifdef WOLFSSL_ASYNC_CRYPT if (err == WC_PENDING_E) { ret = wolfSSL_AsyncPoll(ssl, WOLF_POLL_FLAG_CHECK_HW); if (ret < 0) { break; } else if (ret == 0) { continue; } } #endif ret = wolfSSL_write(ssl, sendGET, (int)XSTRLEN(sendGET)); err = wolfSSL_get_error(ssl, 0); } while (err == WC_PENDING_E); AssertIntEQ(ret, (int)XSTRLEN(sendGET)); #ifdef WOLFSSL_ASYNC_CRYPT err = 0; /* Reset error */ #endif do { #ifdef WOLFSSL_ASYNC_CRYPT if (err == WC_PENDING_E) { ret = wolfSSL_AsyncPoll(ssl, WOLF_POLL_FLAG_CHECK_HW); if (ret < 0) { break; } else if (ret == 0) { continue; } } #endif ret = wolfSSL_read(ssl, msg, sizeof(msg)); err = wolfSSL_get_error(ssl, 0); } while (err == WC_PENDING_E); AssertIntEQ(ret, 23); AssertPtrNE((sess = wolfSSL_get1_session(ssl)), NULL); /* ref count 1 */ AssertPtrNE((sess_copy = wolfSSL_get1_session(ssl)), NULL); /* ref count 2 */ #ifdef HAVE_EXT_CACHE AssertPtrEq(sess, sess_copy); /* they should be the same pointer but without * HAVE_EXT_CACHE we get new objects each time */ #endif wolfSSL_SESSION_free(sess_copy); sess_copy = NULL; wolfSSL_SESSION_free(sess); sess = NULL; /* free session ref */ sess = wolfSSL_get_session(ssl); #ifdef OPENSSL_EXTRA AssertIntEQ(SSL_SESSION_is_resumable(NULL), 0); AssertIntEQ(SSL_SESSION_is_resumable(sess), 1); AssertIntEQ(wolfSSL_SESSION_has_ticket(NULL), 0); AssertIntEQ(wolfSSL_SESSION_get_ticket_lifetime_hint(NULL), 0); #ifdef HAVE_SESSION_TICKET AssertIntEQ(wolfSSL_SESSION_has_ticket(sess), 1); AssertIntEQ(wolfSSL_SESSION_get_ticket_lifetime_hint(sess), SESSION_TICKET_HINT_DEFAULT); #else AssertIntEQ(wolfSSL_SESSION_has_ticket(sess), 0); #endif #else (void)sess; #endif /* OPENSSL_EXTRA */ /* Retain copy of the session for later testing */ AssertNotNull(sess = wolfSSL_get1_session(ssl)); wolfSSL_shutdown(ssl); wolfSSL_free(ssl); join_thread(serverThread); FreeTcpReady(&ready); #ifdef WOLFSSL_TIRTOS fdOpenSession(Task_self()); #endif #if defined(SESSION_CERTS) && defined(OPENSSL_EXTRA) { X509 *x509; char buf[30]; int bufSz; AssertNotNull(x509 = SSL_SESSION_get0_peer(sess)); AssertIntGT((bufSz = X509_NAME_get_text_by_NID( X509_get_subject_name(x509), NID_organizationalUnitName, buf, sizeof(buf))), 0); AssertIntNE((bufSz == 7 || bufSz == 16), 0); /* should be one of these*/ if (bufSz == 7) { AssertIntEQ(XMEMCMP(buf, "Support", bufSz), 0); } if (bufSz == 16) { AssertIntEQ(XMEMCMP(buf, "Programming-2048", bufSz), 0); } } #endif #ifdef HAVE_EXT_CACHE AssertNotNull(sess_copy = wolfSSL_SESSION_dup(sess)); wolfSSL_SESSION_free(sess_copy); sess_copy = NULL; #endif #if defined(OPENSSL_EXTRA) && defined(HAVE_EXT_CACHE) /* get session from DER and update the timeout */ AssertIntEQ(wolfSSL_i2d_SSL_SESSION(NULL, &sessDer), BAD_FUNC_ARG); AssertIntGT((sz = wolfSSL_i2d_SSL_SESSION(sess, &sessDer)), 0); wolfSSL_SESSION_free(sess); sess = NULL; ptr = sessDer; AssertNull(sess = wolfSSL_d2i_SSL_SESSION(NULL, NULL, sz)); AssertNotNull(sess = wolfSSL_d2i_SSL_SESSION(NULL, (const unsigned char**)&ptr, sz)); XFREE(sessDer, NULL, DYNAMIC_TYPE_OPENSSL); sessDer = NULL; AssertIntGT(wolfSSL_SESSION_get_time(sess), 0); AssertIntEQ(wolfSSL_SSL_SESSION_set_timeout(sess, 500), SSL_SUCCESS); #endif /* successful set session test */ AssertNotNull(ssl = wolfSSL_new(ctx)); AssertIntEQ(wolfSSL_set_session(ssl, sess), WOLFSSL_SUCCESS); #ifdef HAVE_SESSION_TICKET /* Test set/get session ticket */ { const char* ticket = "This is a session ticket"; char buf[64] = {0}; word32 bufSz = (word32)sizeof(buf); AssertIntEQ(SSL_SUCCESS, wolfSSL_set_SessionTicket(ssl, (byte *)ticket, (word32)XSTRLEN(ticket))); AssertIntEQ(SSL_SUCCESS, wolfSSL_get_SessionTicket(ssl, (byte *)buf, &bufSz)); AssertStrEQ(ticket, buf); } #endif #ifdef OPENSSL_EXTRA /* session timeout case */ /* make the session to be expired */ AssertIntEQ(SSL_SESSION_set_timeout(sess,1), SSL_SUCCESS); XSLEEP_MS(1200); /* SSL_set_session should reject specified session but return success * if WOLFSSL_ERROR_CODE_OPENSSL macro is defined for OpenSSL compatibility. */ #if defined(WOLFSSL_ERROR_CODE_OPENSSL) AssertIntEQ(wolfSSL_set_session(ssl,sess), SSL_SUCCESS); #else AssertIntEQ(wolfSSL_set_session(ssl,sess), SSL_FAILURE); #endif AssertIntEQ(wolfSSL_SSL_SESSION_set_timeout(sess, 500), SSL_SUCCESS); /* fail case with miss match session context IDs (use compatibility API) */ AssertIntEQ(SSL_set_session_id_context(ssl, context, contextSz), SSL_SUCCESS); AssertIntEQ(wolfSSL_set_session(ssl, sess), SSL_FAILURE); wolfSSL_free(ssl); AssertIntEQ(SSL_CTX_set_session_id_context(NULL, context, contextSz), SSL_FAILURE); AssertIntEQ(SSL_CTX_set_session_id_context(ctx, context, contextSz), SSL_SUCCESS); AssertNotNull(ssl = wolfSSL_new(ctx)); AssertIntEQ(wolfSSL_set_session(ssl, sess), SSL_FAILURE); #endif /* OPENSSL_EXTRA */ wolfSSL_free(ssl); wolfSSL_SESSION_free(sess); wolfSSL_CTX_free(ctx); res = TEST_RES_CHECK(1); #endif return res; } #if defined(OPENSSL_EXTRA) && defined(HAVE_IO_TESTS_DEPENDENCIES) && \ defined(HAVE_EX_DATA) && !defined(NO_SESSION_CACHE) static int clientSessRemCountMalloc = 0; static int serverSessRemCountMalloc = 0; static int clientSessRemCountFree = 0; static int serverSessRemCountFree = 0; static WOLFSSL_CTX* serverSessCtx = NULL; static WOLFSSL_SESSION* serverSess = NULL; #if (defined(WOLFSSL_TLS13) && defined(HAVE_SESSION_TICKET)) || \ !defined(NO_SESSION_CACHE_REF) static WOLFSSL_CTX* clientSessCtx = NULL; static WOLFSSL_SESSION* clientSess = NULL; #endif static int serverSessRemIdx = 3; static void SessRemCtxCb(WOLFSSL_CTX *ctx, WOLFSSL_SESSION *sess) { int* mallocedData = (int*)SSL_SESSION_get_ex_data(sess, serverSessRemIdx); (void)ctx; AssertNotNull(mallocedData); if (!*mallocedData) clientSessRemCountFree++; else serverSessRemCountFree++; XFREE(mallocedData, NULL, DYNAMIC_TYPE_SESSION); SSL_SESSION_set_ex_data(sess, serverSessRemIdx, NULL); } static void SessRemCtxSetupCb(WOLFSSL_CTX* ctx) { SSL_CTX_sess_set_remove_cb(ctx, SessRemCtxCb); #if defined(WOLFSSL_TLS13) && !defined(HAVE_SESSION_TICKET) && \ !defined(NO_SESSION_CACHE_REF) /* Allow downgrade, set min version, and disable TLS 1.3. * Do this because without NO_SESSION_CACHE_REF we will want to return a * reference to the session cache. But with WOLFSSL_TLS13 and without * HAVE_SESSION_TICKET we won't have a session ID to be able to place the * session in the cache. In this case we need to downgrade to previous * versions to just use the legacy session ID field. */ AssertIntEQ(SSL_CTX_set_min_proto_version(ctx, SSL3_VERSION), SSL_SUCCESS); AssertIntEQ(SSL_CTX_set_max_proto_version(ctx, TLS1_2_VERSION), SSL_SUCCESS); #endif } static void SessRemSslSetupCb(WOLFSSL* ssl) { int* mallocedData = (int*)XMALLOC(sizeof(int), NULL, DYNAMIC_TYPE_SESSION); AssertNotNull(mallocedData); *mallocedData = SSL_is_server(ssl); if (!*mallocedData) { clientSessRemCountMalloc++; #if (defined(WOLFSSL_TLS13) && defined(HAVE_SESSION_TICKET)) || \ !defined(NO_SESSION_CACHE_REF) AssertNotNull(clientSess = SSL_get1_session(ssl)); AssertIntEQ(SSL_CTX_up_ref(clientSessCtx = SSL_get_SSL_CTX(ssl)), SSL_SUCCESS); #endif } else { serverSessRemCountMalloc++; AssertNotNull(serverSess = SSL_get1_session(ssl)); AssertIntEQ(SSL_CTX_up_ref(serverSessCtx = SSL_get_SSL_CTX(ssl)), SSL_SUCCESS); } AssertIntEQ(SSL_SESSION_set_ex_data(SSL_get_session(ssl), serverSessRemIdx, mallocedData), SSL_SUCCESS); } #endif static int test_wolfSSL_CTX_sess_set_remove_cb(void) { int res = TEST_SKIPPED; #if defined(OPENSSL_EXTRA) && defined(HAVE_IO_TESTS_DEPENDENCIES) && \ defined(HAVE_EX_DATA) && !defined(NO_SESSION_CACHE) /* Check that the remove callback gets called for external data in a * session object */ callback_functions func_cb; tcp_ready ready; func_args client_args; func_args server_args; THREAD_TYPE serverThread; XMEMSET(&client_args, 0, sizeof(func_args)); XMEMSET(&server_args, 0, sizeof(func_args)); XMEMSET(&func_cb, 0, sizeof(callback_functions)); #ifdef WOLFSSL_TIRTOS fdOpenSession(Task_self()); #endif StartTCP(); InitTcpReady(&ready); #if defined(USE_WINDOWS_API) /* use RNG to get random port if using windows */ ready.port = GetRandomPort(); #endif server_args.signal = &ready; client_args.signal = &ready; client_args.callbacks = &func_cb; server_args.callbacks = &func_cb; func_cb.ctx_ready = SessRemCtxSetupCb; func_cb.on_result = SessRemSslSetupCb; start_thread(test_server_nofail, &server_args, &serverThread); wait_tcp_ready(&server_args); test_client_nofail(&client_args, NULL); join_thread(serverThread); AssertTrue(client_args.return_code); AssertTrue(server_args.return_code); FreeTcpReady(&ready); #ifdef WOLFSSL_TIRTOS fdOpenSession(Task_self()); #endif /* Both should have been allocated */ AssertIntEQ(clientSessRemCountMalloc, 1); AssertIntEQ(serverSessRemCountMalloc, 1); /* This should not be called yet. Session wasn't evicted from cache yet. */ AssertIntEQ(clientSessRemCountFree, 0); #if (defined(WOLFSSL_TLS13) && defined(HAVE_SESSION_TICKET)) || \ !defined(NO_SESSION_CACHE_REF) /* Force a cache lookup */ AssertNotNull(SSL_SESSION_get_ex_data(clientSess, serverSessRemIdx)); /* Force a cache update */ AssertNotNull(SSL_SESSION_set_ex_data(clientSess, serverSessRemIdx - 1, 0)); /* This should set the timeout to 0 and call the remove callback from within * the session cache. */ AssertIntEQ(SSL_CTX_remove_session(clientSessCtx, clientSess), 0); AssertNull(SSL_SESSION_get_ex_data(clientSess, serverSessRemIdx)); AssertIntEQ(clientSessRemCountFree, 1); #endif /* Server session is in the cache so ex_data isn't free'd with the SSL * object */ AssertIntEQ(serverSessRemCountFree, 0); /* Force a cache lookup */ AssertNotNull(SSL_SESSION_get_ex_data(serverSess, serverSessRemIdx)); /* Force a cache update */ AssertNotNull(SSL_SESSION_set_ex_data(serverSess, serverSessRemIdx - 1, 0)); /* This should set the timeout to 0 and call the remove callback from within * the session cache. */ AssertIntEQ(SSL_CTX_remove_session(serverSessCtx, serverSess), 0); AssertNull(SSL_SESSION_get_ex_data(serverSess, serverSessRemIdx)); AssertIntEQ(serverSessRemCountFree, 1); /* Need to free the references that we kept */ SSL_CTX_free(serverSessCtx); SSL_SESSION_free(serverSess); #if (defined(WOLFSSL_TLS13) && defined(HAVE_SESSION_TICKET)) || \ !defined(NO_SESSION_CACHE_REF) SSL_CTX_free(clientSessCtx); SSL_SESSION_free(clientSess); #endif res = TEST_RES_CHECK(1); #endif return res; } static int test_wolfSSL_ticket_keys(void) { int res = TEST_SKIPPED; #if defined(HAVE_SESSION_TICKET) && !defined(WOLFSSL_NO_DEF_TICKET_ENC_CB) && \ !defined(NO_WOLFSSL_SERVER) WOLFSSL_CTX* ctx; byte keys[WOLFSSL_TICKET_KEYS_SZ]; AssertNotNull(ctx = wolfSSL_CTX_new(wolfSSLv23_client_method())); AssertIntEQ(wolfSSL_CTX_get_tlsext_ticket_keys(NULL, NULL, 0), WOLFSSL_FAILURE); AssertIntEQ(wolfSSL_CTX_get_tlsext_ticket_keys(ctx, NULL, 0), WOLFSSL_FAILURE); AssertIntEQ(wolfSSL_CTX_get_tlsext_ticket_keys(ctx, keys, 0), WOLFSSL_FAILURE); AssertIntEQ(wolfSSL_CTX_get_tlsext_ticket_keys(NULL, keys, 0), WOLFSSL_FAILURE); AssertIntEQ(wolfSSL_CTX_get_tlsext_ticket_keys(NULL, NULL, sizeof(keys)), WOLFSSL_FAILURE); AssertIntEQ(wolfSSL_CTX_get_tlsext_ticket_keys(ctx, NULL, sizeof(keys)), WOLFSSL_FAILURE); AssertIntEQ(wolfSSL_CTX_get_tlsext_ticket_keys(NULL, keys, sizeof(keys)), WOLFSSL_FAILURE); AssertIntEQ(wolfSSL_CTX_set_tlsext_ticket_keys(NULL, NULL, 0), WOLFSSL_FAILURE); AssertIntEQ(wolfSSL_CTX_set_tlsext_ticket_keys(ctx, NULL, 0), WOLFSSL_FAILURE); AssertIntEQ(wolfSSL_CTX_set_tlsext_ticket_keys(ctx, keys, 0), WOLFSSL_FAILURE); AssertIntEQ(wolfSSL_CTX_set_tlsext_ticket_keys(NULL, keys, 0), WOLFSSL_FAILURE); AssertIntEQ(wolfSSL_CTX_set_tlsext_ticket_keys(NULL, NULL, sizeof(keys)), WOLFSSL_FAILURE); AssertIntEQ(wolfSSL_CTX_set_tlsext_ticket_keys(ctx, NULL, sizeof(keys)), WOLFSSL_FAILURE); AssertIntEQ(wolfSSL_CTX_set_tlsext_ticket_keys(NULL, keys, sizeof(keys)), WOLFSSL_FAILURE); AssertIntEQ(wolfSSL_CTX_get_tlsext_ticket_keys(ctx, keys, sizeof(keys)), WOLFSSL_SUCCESS); AssertIntEQ(wolfSSL_CTX_set_tlsext_ticket_keys(ctx, keys, sizeof(keys)), WOLFSSL_SUCCESS); wolfSSL_CTX_free(ctx); res = TEST_RES_CHECK(1); #endif return res; } #ifndef NO_BIO static int test_wolfSSL_d2i_PUBKEY(void) { int res = TEST_SKIPPED; #if defined(OPENSSL_EXTRA) BIO* bio; EVP_PKEY* pkey; AssertNotNull(bio = BIO_new(BIO_s_mem())); AssertNull(d2i_PUBKEY_bio(NULL, NULL)); #if defined(USE_CERT_BUFFERS_2048) && !defined(NO_RSA) /* RSA PUBKEY test */ AssertIntGT(BIO_write(bio, client_keypub_der_2048, sizeof_client_keypub_der_2048), 0); AssertNotNull(pkey = d2i_PUBKEY_bio(bio, NULL)); EVP_PKEY_free(pkey); #endif #if defined(USE_CERT_BUFFERS_256) && defined(HAVE_ECC) /* ECC PUBKEY test */ AssertIntGT(BIO_write(bio, ecc_clikeypub_der_256, sizeof_ecc_clikeypub_der_256), 0); AssertNotNull(pkey = d2i_PUBKEY_bio(bio, NULL)); EVP_PKEY_free(pkey); #endif #if defined(USE_CERT_BUFFERS_2048) && !defined(NO_DSA) /* DSA PUBKEY test */ AssertIntGT(BIO_write(bio, dsa_pub_key_der_2048, sizeof_dsa_pub_key_der_2048), 0); AssertNotNull(pkey = d2i_PUBKEY_bio(bio, NULL)); EVP_PKEY_free(pkey); #endif #if defined(USE_CERT_BUFFERS_2048) && !defined(NO_DH) && \ defined(OPENSSL_EXTRA) && defined(WOLFSSL_DH_EXTRA) #if !defined(HAVE_FIPS) || (defined(HAVE_FIPS_VERSION) && \ (HAVE_FIPS_VERSION > 2)) /* DH PUBKEY test */ AssertIntGT(BIO_write(bio, dh_pub_key_der_2048, sizeof_dh_pub_key_der_2048), 0); AssertNotNull(pkey = d2i_PUBKEY_bio(bio, NULL)); EVP_PKEY_free(pkey); #endif /* !HAVE_FIPS || HAVE_FIPS_VERSION > 2 */ #endif /* USE_CERT_BUFFERS_2048 && !NO_DH && && OPENSSL_EXTRA */ BIO_free(bio); (void)pkey; res = TEST_RES_CHECK(1); #endif return res; } #if (defined(OPENSSL_ALL) || defined(WOLFSSL_ASIO)) && !defined(NO_RSA) static int test_wolfSSL_d2i_PrivateKeys_bio(void) { BIO* bio = NULL; EVP_PKEY* pkey = NULL; #ifndef NO_RSA #endif WOLFSSL_CTX* ctx; #if defined(WOLFSSL_KEY_GEN) unsigned char buff[4096]; unsigned char* bufPtr = buff; #endif /* test creating new EVP_PKEY with bad arg */ AssertNull((pkey = d2i_PrivateKey_bio(NULL, NULL))); /* test loading RSA key using BIO */ #if !defined(NO_RSA) && !defined(NO_FILESYSTEM) { XFILE file; const char* fname = "./certs/server-key.der"; size_t sz; byte* buf; file = XFOPEN(fname, "rb"); AssertTrue((file != XBADFILE)); AssertTrue(XFSEEK(file, 0, XSEEK_END) == 0); sz = XFTELL(file); AssertTrue(XFSEEK(file, 0, XSEEK_SET) == 0); AssertNotNull(buf = (byte*)XMALLOC(sz, HEAP_HINT, DYNAMIC_TYPE_FILE)); AssertIntEQ(XFREAD(buf, 1, sz, file), sz); XFCLOSE(file); /* Test using BIO new mem and loading DER private key */ AssertNotNull(bio = BIO_new_mem_buf(buf, (int)sz)); AssertNotNull((pkey = d2i_PrivateKey_bio(bio, NULL))); XFREE(buf, HEAP_HINT, DYNAMIC_TYPE_FILE); BIO_free(bio); bio = NULL; EVP_PKEY_free(pkey); pkey = NULL; } #endif /* test loading ECC key using BIO */ #if defined(HAVE_ECC) && !defined(NO_FILESYSTEM) { XFILE file; const char* fname = "./certs/ecc-key.der"; size_t sz; byte* buf; file = XFOPEN(fname, "rb"); AssertTrue((file != XBADFILE)); AssertTrue(XFSEEK(file, 0, XSEEK_END) == 0); sz = XFTELL(file); AssertTrue(XFSEEK(file, 0, XSEEK_SET) == 0); AssertNotNull(buf = (byte*)XMALLOC(sz, HEAP_HINT, DYNAMIC_TYPE_FILE)); AssertIntEQ(XFREAD(buf, 1, sz, file), sz); XFCLOSE(file); /* Test using BIO new mem and loading DER private key */ AssertNotNull(bio = BIO_new_mem_buf(buf, (int)sz)); AssertNotNull((pkey = d2i_PrivateKey_bio(bio, NULL))); XFREE(buf, HEAP_HINT, DYNAMIC_TYPE_FILE); BIO_free(bio); bio = NULL; EVP_PKEY_free(pkey); pkey = NULL; } #endif AssertNotNull(bio = BIO_new(BIO_s_mem())); #ifndef NO_WOLFSSL_SERVER AssertNotNull(ctx = SSL_CTX_new(wolfSSLv23_server_method())); #else AssertNotNull(ctx = SSL_CTX_new(wolfSSLv23_client_method())); #endif #if !defined(HAVE_FAST_RSA) && defined(WOLFSSL_KEY_GEN) && \ !defined(NO_RSA) && !defined(HAVE_USER_RSA) { RSA* rsa = NULL; /* Tests bad parameters */ AssertNull(d2i_RSAPrivateKey_bio(NULL, NULL)); /* RSA not set yet, expecting to fail*/ AssertIntEQ(SSL_CTX_use_RSAPrivateKey(ctx, rsa), BAD_FUNC_ARG); #if defined(USE_CERT_BUFFERS_2048) && defined(WOLFSSL_KEY_GEN) /* set RSA using bio*/ AssertIntGT(BIO_write(bio, client_key_der_2048, sizeof_client_key_der_2048), 0); AssertNotNull(d2i_RSAPrivateKey_bio(bio, &rsa)); AssertNotNull(rsa); AssertIntEQ(SSL_CTX_use_RSAPrivateKey(ctx, rsa), WOLFSSL_SUCCESS); /*i2d RSAprivate key tests */ AssertIntEQ(wolfSSL_i2d_RSAPrivateKey(NULL, NULL), BAD_FUNC_ARG); AssertIntEQ(wolfSSL_i2d_RSAPrivateKey(rsa, NULL), 1192); AssertIntEQ(wolfSSL_i2d_RSAPrivateKey(rsa, &bufPtr), sizeof_client_key_der_2048); bufPtr -= sizeof_client_key_der_2048; AssertIntEQ(XMEMCMP(bufPtr, client_key_der_2048, sizeof_client_key_der_2048), 0); bufPtr = NULL; AssertIntEQ(wolfSSL_i2d_RSAPrivateKey(rsa, &bufPtr), sizeof_client_key_der_2048); AssertNotNull(bufPtr); AssertIntEQ(XMEMCMP(bufPtr, client_key_der_2048, sizeof_client_key_der_2048), 0); XFREE(bufPtr, NULL, DYNAMIC_TYPE_OPENSSL); RSA_free(rsa); rsa = RSA_new(); AssertIntEQ(wolfSSL_i2d_RSAPrivateKey(rsa, NULL), 0); #endif /* USE_CERT_BUFFERS_2048 WOLFSSL_KEY_GEN */ RSA_free(rsa); } #endif /* !HAVE_FAST_RSA && WOLFSSL_KEY_GEN && !NO_RSA && !HAVE_USER_RSA*/ SSL_CTX_free(ctx); ctx = NULL; BIO_free(bio); bio = NULL; return TEST_RES_CHECK(1); } #endif /* OPENSSL_ALL || WOLFSSL_ASIO */ #endif /* !NO_BIO */ static int test_wolfSSL_sk_GENERAL_NAME(void) { int res = TEST_SKIPPED; #if defined(OPENSSL_EXTRA) && !defined(NO_FILESYSTEM) && !defined(NO_CERTS) && \ !defined(NO_RSA) X509* x509; GENERAL_NAME* gn; unsigned char buf[4096]; const unsigned char* bufPt; int bytes, i; int j; XFILE f; STACK_OF(GENERAL_NAME)* sk; f = XFOPEN(cliCertDerFileExt, "rb"); AssertTrue((f != XBADFILE)); AssertIntGT((bytes = (int)XFREAD(buf, 1, sizeof(buf), f)), 0); XFCLOSE(f); for (j = 0; j < 2; ++j) { bufPt = buf; AssertNotNull(x509 = d2i_X509(NULL, &bufPt, bytes)); AssertNotNull(sk = (STACK_OF(ASN1_OBJECT)*)X509_get_ext_d2i(x509, NID_subject_alt_name, NULL, NULL)); AssertIntEQ(sk_GENERAL_NAME_num(sk), 1); for (i = 0; i < sk_GENERAL_NAME_num(sk); i++) { AssertNotNull(gn = sk_GENERAL_NAME_value(sk, i)); switch (gn->type) { case GEN_DNS: fprintf(stderr, "found type GEN_DNS\n"); break; case GEN_EMAIL: fprintf(stderr, "found type GEN_EMAIL\n"); break; case GEN_URI: fprintf(stderr, "found type GEN_URI\n"); break; } } X509_free(x509); if (j == 0) { sk_GENERAL_NAME_pop_free(sk, GENERAL_NAME_free); } else { /* * We had a bug where GENERAL_NAMES_free didn't free all the memory * it was supposed to. This is a regression test for that bug. */ GENERAL_NAMES_free(sk); } } res = TEST_RES_CHECK(1); #endif return res; } static int test_wolfSSL_GENERAL_NAME_print(void) { int res = TEST_SKIPPED; #if defined(OPENSSL_ALL) && !defined(NO_BIO) && !defined(NO_RSA) X509* x509; GENERAL_NAME* gn; unsigned char buf[4096]; const unsigned char* bufPt; int bytes; XFILE f; STACK_OF(GENERAL_NAME)* sk; BIO* out; unsigned char outbuf[128]; X509_EXTENSION* ext; AUTHORITY_INFO_ACCESS* aia; ACCESS_DESCRIPTION* ad; const unsigned char v4Addr[] = {192,168,53,1}; const unsigned char v6Addr[] = {0x20, 0x21, 0x0d, 0xb8, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0xff, 0x00, 0x00, 0x42, 0x77, 0x77}; const unsigned char email[] = {'i', 'n', 'f', 'o', '@', 'w', 'o', 'l', 'f', 's', 's', 'l', '.', 'c', 'o', 'm'}; const char* dnsStr = "DNS:example.com"; const char* uriStr = "URI:http://127.0.0.1:22220"; const char* v4addStr = "IP Address:192.168.53.1"; const char* v6addStr = "IP Address:2021:DB8:0:0:0:FF00:42:7777"; const char* emailStr = "email:info@wolfssl.com"; const char* othrStr = "othername:"; const char* x400Str = "X400Name:"; const char* ediStr = "EdiPartyName:"; /* BIO to output */ AssertNotNull(out = BIO_new(BIO_s_mem())); /* test for NULL param */ gn = NULL; AssertIntEQ(GENERAL_NAME_print(NULL, NULL), 0); AssertIntEQ(GENERAL_NAME_print(NULL, gn), 0); AssertIntEQ(GENERAL_NAME_print(out, NULL), 0); /* test for GEN_DNS */ f = XFOPEN(cliCertDerFileExt, "rb"); AssertTrue((f != XBADFILE)); AssertIntGT((bytes = (int)XFREAD(buf, 1, sizeof(buf), f)), 0); XFCLOSE(f); bufPt = buf; AssertNotNull(x509 = d2i_X509(NULL, &bufPt, bytes)); AssertNotNull(sk = (STACK_OF(ASN1_OBJECT)*)X509_get_ext_d2i(x509, NID_subject_alt_name, NULL, NULL)); AssertNotNull(gn = sk_GENERAL_NAME_value(sk, 0)); AssertIntEQ(GENERAL_NAME_print(out, gn), 1); XMEMSET(outbuf,0,sizeof(outbuf)); BIO_read(out, outbuf, sizeof(outbuf)); AssertIntEQ(XSTRNCMP((const char*)outbuf, dnsStr, XSTRLEN(dnsStr)), 0); sk_GENERAL_NAME_pop_free(sk, GENERAL_NAME_free); X509_free(x509); /* test for GEN_URI */ f = XFOPEN("./certs/ocsp/root-ca-cert.pem", "rb"); AssertTrue((f != XBADFILE)); AssertNotNull(x509 = wolfSSL_PEM_read_X509(f, NULL, NULL, NULL)); XFCLOSE(f); AssertNotNull(ext = wolfSSL_X509_get_ext(x509, 4)); aia = (WOLFSSL_AUTHORITY_INFO_ACCESS*)wolfSSL_X509V3_EXT_d2i(ext); AssertNotNull(aia); ad = (WOLFSSL_ACCESS_DESCRIPTION *)wolfSSL_sk_value(aia, 0); gn = ad->location; AssertIntEQ(GENERAL_NAME_print(out, gn), 1); XMEMSET(outbuf,0,sizeof(outbuf)); AssertIntGT(BIO_read(out, outbuf, sizeof(outbuf)), 0); AssertIntEQ(XSTRNCMP((const char*)outbuf, uriStr, XSTRLEN(uriStr)), 0); wolfSSL_sk_ACCESS_DESCRIPTION_pop_free(aia, NULL); aia = (AUTHORITY_INFO_ACCESS*)wolfSSL_X509V3_EXT_d2i(ext); AssertNotNull(aia); AUTHORITY_INFO_ACCESS_pop_free(aia, NULL); X509_free(x509); /* test for GEN_IPADD */ /* ip v4 address */ AssertNotNull(gn = wolfSSL_GENERAL_NAME_new()); gn->type = GEN_IPADD; gn->d.iPAddress->length = sizeof(v4Addr); AssertIntEQ(wolfSSL_ASN1_STRING_set(gn->d.iPAddress, v4Addr, sizeof(v4Addr)), 1); AssertIntEQ(GENERAL_NAME_print(out, gn), 1); XMEMSET(outbuf,0,sizeof(outbuf)); AssertIntGT(BIO_read(out, outbuf, sizeof(outbuf)), 0); AssertIntEQ(XSTRNCMP((const char*)outbuf, v4addStr, XSTRLEN(v4addStr)), 0); GENERAL_NAME_free(gn); /* ip v6 address */ AssertNotNull(gn = wolfSSL_GENERAL_NAME_new()); gn->type = GEN_IPADD; gn->d.iPAddress->length = sizeof(v6Addr); AssertIntEQ(wolfSSL_ASN1_STRING_set(gn->d.iPAddress, v6Addr, sizeof(v6Addr)), 1); AssertIntEQ(GENERAL_NAME_print(out, gn), 1); XMEMSET(outbuf,0,sizeof(outbuf)); AssertIntGT(BIO_read(out, outbuf, sizeof(outbuf)), 0); AssertIntEQ(XSTRNCMP((const char*)outbuf, v6addStr, XSTRLEN(v6addStr)), 0); GENERAL_NAME_free(gn); /* test for GEN_EMAIL */ AssertNotNull(gn = wolfSSL_GENERAL_NAME_new()); gn->type = GEN_EMAIL; gn->d.rfc822Name->length = sizeof(email); AssertIntEQ(wolfSSL_ASN1_STRING_set(gn->d.rfc822Name, email, sizeof(email)), 1); AssertIntEQ(GENERAL_NAME_print(out, gn), 1); XMEMSET(outbuf,0,sizeof(outbuf)); AssertIntGT(BIO_read(out, outbuf, sizeof(outbuf)), 0); AssertIntEQ(XSTRNCMP((const char*)outbuf, emailStr, XSTRLEN(emailStr)), 0); GENERAL_NAME_free(gn); /* test for GEN_OTHERNAME */ AssertNotNull(gn = wolfSSL_GENERAL_NAME_new()); gn->type = GEN_OTHERNAME; AssertIntEQ(GENERAL_NAME_print(out, gn), 1); XMEMSET(outbuf,0,sizeof(outbuf)); AssertIntGT(BIO_read(out, outbuf, sizeof(outbuf)), 0); AssertIntEQ(XSTRNCMP((const char*)outbuf, othrStr, XSTRLEN(othrStr)), 0); GENERAL_NAME_free(gn); /* test for GEN_X400 */ AssertNotNull(gn = wolfSSL_GENERAL_NAME_new()); gn->type = GEN_X400; AssertIntEQ(GENERAL_NAME_print(out, gn), 1); XMEMSET(outbuf,0,sizeof(outbuf)); AssertIntGT(BIO_read(out, outbuf, sizeof(outbuf)), 0); AssertIntEQ(XSTRNCMP((const char*)outbuf, x400Str, XSTRLEN(x400Str)), 0); /* Restore to GEN_IA5 (default) to avoid memory leak. */ gn->type = GEN_IA5; GENERAL_NAME_free(gn); /* test for GEN_EDIPARTY */ AssertNotNull(gn = wolfSSL_GENERAL_NAME_new()); gn->type = GEN_EDIPARTY; AssertIntEQ(GENERAL_NAME_print(out, gn), 1); XMEMSET(outbuf,0,sizeof(outbuf)); AssertIntGT(BIO_read(out, outbuf, sizeof(outbuf)), 0); AssertIntEQ(XSTRNCMP((const char*)outbuf, ediStr, XSTRLEN(ediStr)), 0); /* Restore to GEN_IA5 (default) to avoid memory leak. */ gn->type = GEN_IA5; GENERAL_NAME_free(gn); BIO_free(out); res = TEST_RES_CHECK(1); #endif /* OPENSSL_ALL */ return res; } static int test_wolfSSL_sk_DIST_POINT(void) { int res = TEST_SKIPPED; #if defined(OPENSSL_EXTRA) && !defined(NO_FILESYSTEM) && !defined(NO_CERTS) && \ !defined(NO_RSA) X509* x509; unsigned char buf[4096]; const unsigned char* bufPt; int bytes, i, j; XFILE f; DIST_POINT* dp; DIST_POINT_NAME* dpn; GENERAL_NAME* gn; ASN1_IA5STRING* uri; STACK_OF(DIST_POINT)* dps; STACK_OF(GENERAL_NAME)* gns; const char cliCertDerCrlDistPoint[] = "./certs/client-crl-dist.der"; f = XFOPEN(cliCertDerCrlDistPoint, "rb"); AssertTrue((f != XBADFILE)); AssertIntGT((bytes = (int)XFREAD(buf, 1, sizeof(buf), f)), 0); XFCLOSE(f); bufPt = buf; AssertNotNull(x509 = d2i_X509(NULL, &bufPt, bytes)); AssertNotNull(dps = (STACK_OF(DIST_POINT)*)X509_get_ext_d2i(x509, NID_crl_distribution_points, NULL, NULL)); AssertIntEQ(sk_DIST_POINT_num(dps), 1); for (i = 0; i < sk_DIST_POINT_num(dps); i++) { AssertNotNull(dp = sk_DIST_POINT_value(dps, i)); AssertNotNull(dpn = dp->distpoint); /* this should be type 0, fullname */ AssertIntEQ(dpn->type, 0); gns = dp->distpoint->name.fullname; AssertNotNull(gns); AssertIntEQ(sk_GENERAL_NAME_num(gns), 1); for (j = 0; j < sk_GENERAL_NAME_num(gns); j++) { gn = sk_GENERAL_NAME_value(gns, j); AssertIntEQ(gn->type, GEN_URI); AssertNotNull(uri = gn->d.uniformResourceIdentifier); AssertNotNull(uri->data); AssertIntGT(uri->length, 0); } } X509_free(x509); CRL_DIST_POINTS_free(dps); res = TEST_RES_CHECK(1); #endif return res; } static int test_wolfSSL_MD4(void) { int res = TEST_SKIPPED; #if defined(OPENSSL_EXTRA) && !defined(NO_MD4) MD4_CTX md4; unsigned char out[16]; /* MD4_DIGEST_SIZE */ const char* msg = "12345678901234567890123456789012345678901234567890123456" "789012345678901234567890"; const char* test = "\xe3\x3b\x4d\xdc\x9c\x38\xf2\x19\x9c\x3e\x7b\x16\x4f" "\xcc\x05\x36"; int msgSz = (int)XSTRLEN(msg); XMEMSET(out, 0, sizeof(out)); MD4_Init(&md4); MD4_Update(&md4, (const void*)msg, (unsigned long)msgSz); MD4_Final(out, &md4); AssertIntEQ(XMEMCMP(out, test, sizeof(out)), 0); res = TEST_RES_CHECK(1); #endif return res; } static int test_wolfSSL_verify_mode(void) { int res = TEST_SKIPPED; #if defined(OPENSSL_ALL) && !defined(NO_RSA) WOLFSSL* ssl; WOLFSSL_CTX* ctx; AssertNotNull(ctx = wolfSSL_CTX_new(wolfSSLv23_client_method())); AssertTrue(wolfSSL_CTX_use_certificate_file(ctx, cliCertFile, SSL_FILETYPE_PEM)); AssertTrue(wolfSSL_CTX_use_PrivateKey_file(ctx, cliKeyFile, SSL_FILETYPE_PEM)); AssertIntEQ(wolfSSL_CTX_load_verify_locations(ctx, caCertFile, 0), SSL_SUCCESS); AssertNotNull(ssl = SSL_new(ctx)); AssertIntEQ(SSL_get_verify_mode(ssl), SSL_CTX_get_verify_mode(ctx)); SSL_free(ssl); SSL_CTX_set_verify(ctx, SSL_VERIFY_PEER, 0); AssertNotNull(ssl = SSL_new(ctx)); AssertIntEQ(SSL_get_verify_mode(ssl), SSL_CTX_get_verify_mode(ctx)); AssertIntEQ(SSL_get_verify_mode(ssl), SSL_VERIFY_PEER); wolfSSL_set_verify(ssl, SSL_VERIFY_NONE, 0); AssertIntEQ(SSL_CTX_get_verify_mode(ctx), SSL_VERIFY_PEER); AssertIntEQ(SSL_get_verify_mode(ssl), SSL_VERIFY_NONE); SSL_free(ssl); wolfSSL_CTX_set_verify(ctx, WOLFSSL_VERIFY_PEER | WOLFSSL_VERIFY_FAIL_IF_NO_PEER_CERT, 0); AssertNotNull(ssl = SSL_new(ctx)); AssertIntEQ(SSL_get_verify_mode(ssl), SSL_CTX_get_verify_mode(ctx)); AssertIntEQ(SSL_get_verify_mode(ssl), WOLFSSL_VERIFY_PEER | WOLFSSL_VERIFY_FAIL_IF_NO_PEER_CERT); wolfSSL_set_verify(ssl, SSL_VERIFY_PEER, 0); AssertIntEQ(SSL_CTX_get_verify_mode(ctx), WOLFSSL_VERIFY_PEER | WOLFSSL_VERIFY_FAIL_IF_NO_PEER_CERT); AssertIntEQ(SSL_get_verify_mode(ssl), SSL_VERIFY_PEER); wolfSSL_set_verify(ssl, SSL_VERIFY_NONE, 0); AssertIntEQ(SSL_get_verify_mode(ssl), SSL_VERIFY_NONE); wolfSSL_set_verify(ssl, SSL_VERIFY_FAIL_IF_NO_PEER_CERT, 0); AssertIntEQ(SSL_get_verify_mode(ssl), SSL_VERIFY_FAIL_IF_NO_PEER_CERT); wolfSSL_set_verify(ssl, SSL_VERIFY_FAIL_EXCEPT_PSK, 0); AssertIntEQ(SSL_get_verify_mode(ssl), SSL_VERIFY_FAIL_EXCEPT_PSK); #if defined(WOLFSSL_TLS13) && defined(WOLFSSL_POST_HANDSHAKE_AUTH) wolfSSL_set_verify(ssl, SSL_VERIFY_POST_HANDSHAKE, 0); AssertIntEQ(SSL_get_verify_mode(ssl), SSL_VERIFY_POST_HANDSHAKE); #endif AssertIntEQ(SSL_CTX_get_verify_mode(ctx), WOLFSSL_VERIFY_PEER | WOLFSSL_VERIFY_FAIL_IF_NO_PEER_CERT); SSL_free(ssl); SSL_CTX_free(ctx); res = TEST_RES_CHECK(1); #endif return res; } static int test_wolfSSL_verify_depth(void) { int res = TEST_SKIPPED; #if defined(OPENSSL_EXTRA) && !defined(NO_RSA) && !defined(NO_WOLFSSL_CLIENT) WOLFSSL* ssl; WOLFSSL_CTX* ctx; long depth; AssertNotNull(ctx = wolfSSL_CTX_new(wolfSSLv23_client_method())); AssertTrue(wolfSSL_CTX_use_certificate_file(ctx, cliCertFile, SSL_FILETYPE_PEM)); AssertTrue(wolfSSL_CTX_use_PrivateKey_file(ctx, cliKeyFile, SSL_FILETYPE_PEM)); AssertIntEQ(wolfSSL_CTX_load_verify_locations(ctx, caCertFile, 0), SSL_SUCCESS); AssertIntGT((depth = SSL_CTX_get_verify_depth(ctx)), 0); AssertNotNull(ssl = SSL_new(ctx)); AssertIntEQ(SSL_get_verify_depth(ssl), SSL_CTX_get_verify_depth(ctx)); SSL_free(ssl); SSL_CTX_set_verify_depth(ctx, -1); AssertIntEQ(depth, SSL_CTX_get_verify_depth(ctx)); SSL_CTX_set_verify_depth(ctx, 2); AssertIntEQ(2, SSL_CTX_get_verify_depth(ctx)); AssertNotNull(ssl = SSL_new(ctx)); AssertIntEQ(2, SSL_get_verify_depth(ssl)); SSL_free(ssl); SSL_CTX_free(ctx); res = TEST_RES_CHECK(1); #endif return res; } #if defined(OPENSSL_EXTRA) && !defined(NO_HMAC) /* helper function for test_wolfSSL_HMAC_CTX, digest size is expected to be a * buffer of 64 bytes. * * returns the size of the digest buffer on success and a negative value on * failure. */ static int test_HMAC_CTX_helper(const EVP_MD* type, unsigned char* digest) { HMAC_CTX ctx1; HMAC_CTX ctx2; unsigned char key[] = "\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b" "\x0b\x0b\x0b\x0b\x0b\x0b\x0b"; unsigned char long_key[] = "0123456789012345678901234567890123456789" "0123456789012345678901234567890123456789" "0123456789012345678901234567890123456789" "0123456789012345678901234567890123456789"; unsigned char msg[] = "message to hash"; unsigned int digestSz = 64; int keySz = sizeof(key); int long_keySz = sizeof(long_key); int msgSz = sizeof(msg); unsigned char digest2[64]; unsigned int digestSz2 = 64; HMAC_CTX_init(&ctx1); AssertIntEQ(HMAC_Init(&ctx1, (const void*)key, keySz, type), SSL_SUCCESS); AssertIntEQ(HMAC_Update(&ctx1, msg, msgSz), SSL_SUCCESS); AssertIntEQ(HMAC_CTX_copy(&ctx2, &ctx1), SSL_SUCCESS); AssertIntEQ(HMAC_Update(&ctx1, msg, msgSz), SSL_SUCCESS); AssertIntEQ(HMAC_Final(&ctx1, digest, &digestSz), SSL_SUCCESS); HMAC_CTX_cleanup(&ctx1); AssertIntEQ(HMAC_Update(&ctx2, msg, msgSz), SSL_SUCCESS); AssertIntEQ(HMAC_Final(&ctx2, digest2, &digestSz2), SSL_SUCCESS); HMAC_CTX_cleanup(&ctx2); AssertIntEQ(digestSz, digestSz2); AssertIntEQ(XMEMCMP(digest, digest2, digestSz), 0); /* test HMAC_Init with NULL key */ /* init after copy */ HMAC_CTX_init(&ctx1); AssertIntEQ(HMAC_Init(&ctx1, (const void*)key, keySz, type), SSL_SUCCESS); AssertIntEQ(HMAC_Update(&ctx1, msg, msgSz), SSL_SUCCESS); AssertIntEQ(HMAC_CTX_copy(&ctx2, &ctx1), SSL_SUCCESS); AssertIntEQ(HMAC_Init(&ctx1, NULL, 0, NULL), SSL_SUCCESS); AssertIntEQ(HMAC_Update(&ctx1, msg, msgSz), SSL_SUCCESS); AssertIntEQ(HMAC_Update(&ctx1, msg, msgSz), SSL_SUCCESS); AssertIntEQ(HMAC_Final(&ctx1, digest, &digestSz), SSL_SUCCESS); HMAC_CTX_cleanup(&ctx1); AssertIntEQ(HMAC_Init(&ctx2, NULL, 0, NULL), SSL_SUCCESS); AssertIntEQ(HMAC_Update(&ctx2, msg, msgSz), SSL_SUCCESS); AssertIntEQ(HMAC_Update(&ctx2, msg, msgSz), SSL_SUCCESS); AssertIntEQ(HMAC_Final(&ctx2, digest2, &digestSz), SSL_SUCCESS); HMAC_CTX_cleanup(&ctx2); AssertIntEQ(digestSz, digestSz2); AssertIntEQ(XMEMCMP(digest, digest2, digestSz), 0); /* long key */ HMAC_CTX_init(&ctx1); AssertIntEQ(HMAC_Init(&ctx1, (const void*)long_key, long_keySz, type), SSL_SUCCESS); AssertIntEQ(HMAC_Update(&ctx1, msg, msgSz), SSL_SUCCESS); AssertIntEQ(HMAC_CTX_copy(&ctx2, &ctx1), SSL_SUCCESS); AssertIntEQ(HMAC_Init(&ctx1, NULL, 0, NULL), SSL_SUCCESS); AssertIntEQ(HMAC_Update(&ctx1, msg, msgSz), SSL_SUCCESS); AssertIntEQ(HMAC_Update(&ctx1, msg, msgSz), SSL_SUCCESS); AssertIntEQ(HMAC_Final(&ctx1, digest, &digestSz), SSL_SUCCESS); HMAC_CTX_cleanup(&ctx1); AssertIntEQ(HMAC_Init(&ctx2, NULL, 0, NULL), SSL_SUCCESS); AssertIntEQ(HMAC_Update(&ctx2, msg, msgSz), SSL_SUCCESS); AssertIntEQ(HMAC_Update(&ctx2, msg, msgSz), SSL_SUCCESS); AssertIntEQ(HMAC_Final(&ctx2, digest2, &digestSz), SSL_SUCCESS); HMAC_CTX_cleanup(&ctx2); AssertIntEQ(digestSz, digestSz2); AssertIntEQ(XMEMCMP(digest, digest2, digestSz), 0); /* init before copy */ HMAC_CTX_init(&ctx1); AssertIntEQ(HMAC_Init(&ctx1, (const void*)key, keySz, type), SSL_SUCCESS); AssertIntEQ(HMAC_Update(&ctx1, msg, msgSz), SSL_SUCCESS); AssertIntEQ(HMAC_Init(&ctx1, NULL, 0, NULL), SSL_SUCCESS); AssertIntEQ(HMAC_CTX_copy(&ctx2, &ctx1), SSL_SUCCESS); AssertIntEQ(HMAC_Update(&ctx1, msg, msgSz), SSL_SUCCESS); AssertIntEQ(HMAC_Update(&ctx1, msg, msgSz), SSL_SUCCESS); AssertIntEQ(HMAC_Final(&ctx1, digest, &digestSz), SSL_SUCCESS); HMAC_CTX_cleanup(&ctx1); AssertIntEQ(HMAC_Update(&ctx2, msg, msgSz), SSL_SUCCESS); AssertIntEQ(HMAC_Update(&ctx2, msg, msgSz), SSL_SUCCESS); AssertIntEQ(HMAC_Final(&ctx2, digest2, &digestSz), SSL_SUCCESS); HMAC_CTX_cleanup(&ctx2); AssertIntEQ(digestSz, digestSz2); AssertIntEQ(XMEMCMP(digest, digest2, digestSz), 0); return digestSz; } #endif /* defined(OPENSSL_EXTRA) && !defined(NO_HMAC) */ static int test_wolfSSL_HMAC_CTX(void) { int res = TEST_SKIPPED; #if defined(OPENSSL_EXTRA) && !defined(NO_HMAC) unsigned char digest[64]; int digestSz; #ifndef NO_SHA AssertIntEQ((digestSz = test_HMAC_CTX_helper(EVP_sha1(), digest)), 20); AssertIntEQ(XMEMCMP("\xD9\x68\x77\x23\x70\xFB\x53\x70\x53\xBA\x0E\xDC\xDA" "\xBF\x03\x98\x31\x19\xB2\xCC", digest, digestSz), 0); #endif /* !NO_SHA */ #ifdef WOLFSSL_SHA224 AssertIntEQ((digestSz = test_HMAC_CTX_helper(EVP_sha224(), digest)), 28); AssertIntEQ(XMEMCMP("\x57\xFD\xF4\xE1\x2D\xB0\x79\xD7\x4B\x25\x7E\xB1\x95" "\x9C\x11\xAC\x2D\x1E\x78\x94\x4F\x3A\x0F\xED\xF8\xAD" "\x02\x0E", digest, digestSz), 0); #endif /* WOLFSSL_SHA224 */ #ifndef NO_SHA256 AssertIntEQ((digestSz = test_HMAC_CTX_helper(EVP_sha256(), digest)), 32); AssertIntEQ(XMEMCMP("\x13\xAB\x76\x91\x0C\x37\x86\x8D\xB3\x7E\x30\x0C\xFC" "\xB0\x2E\x8E\x4A\xD7\xD4\x25\xCC\x3A\xA9\x0F\xA2\xF2" "\x47\x1E\x62\x6F\x5D\xF2", digest, digestSz), 0); #endif /* !NO_SHA256 */ #ifdef WOLFSSL_SHA384 AssertIntEQ((digestSz = test_HMAC_CTX_helper(EVP_sha384(), digest)), 48); AssertIntEQ(XMEMCMP("\x9E\xCB\x07\x0C\x11\x76\x3F\x23\xC3\x25\x0E\xC4\xB7" "\x28\x77\x95\x99\xD5\x9D\x7A\xBB\x1A\x9F\xB7\xFD\x25" "\xC9\x72\x47\x9F\x8F\x86\x76\xD6\x20\x57\x87\xB7\xE7" "\xCD\xFB\xC2\xCC\x9F\x2B\xC5\x41\xAB", digest, digestSz), 0); #endif /* WOLFSSL_SHA384 */ #ifdef WOLFSSL_SHA512 AssertIntEQ((digestSz = test_HMAC_CTX_helper(EVP_sha512(), digest)), 64); AssertIntEQ(XMEMCMP("\xD4\x21\x0C\x8B\x60\x6F\xF4\xBF\x07\x2F\x26\xCC\xAD" "\xBC\x06\x0B\x34\x78\x8B\x4F\xD6\xC0\x42\xF1\x33\x10" "\x6C\x4F\x1E\x55\x59\xDD\x2A\x9F\x15\x88\x62\xF8\x60" "\xA3\x99\x91\xE2\x08\x7B\xF7\x95\x3A\xB0\x92\x48\x60" "\x88\x8B\x5B\xB8\x5F\xE9\xB6\xB1\x96\xE3\xB5\xF0", digest, digestSz), 0); #endif /* WOLFSSL_SHA512 */ #if !defined(NO_MD5) && (!defined(HAVE_FIPS_VERSION) || HAVE_FIPS_VERSION <= 2) AssertIntEQ((digestSz = test_HMAC_CTX_helper(EVP_md5(), digest)), 16); AssertIntEQ(XMEMCMP("\xB7\x27\xC4\x41\xE5\x2E\x62\xBA\x54\xED\x72\x70\x9F" "\xE4\x98\xDD", digest, digestSz), 0); #endif /* !NO_MD5 */ res = TEST_RES_CHECK(1); #endif return res; } #if defined(OPENSSL_EXTRA) && !defined(NO_RSA) && !defined(NO_WOLFSSL_CLIENT) static void sslMsgCb(int w, int version, int type, const void* buf, size_t sz, SSL* ssl, void* arg) { int i; unsigned char* pt = (unsigned char*)buf; fprintf(stderr, "%s %d bytes of version %d , type %d : ", (w)?"Writing":"Reading", (int)sz, version, type); for (i = 0; i < (int)sz; i++) fprintf(stderr, "%02X", pt[i]); fprintf(stderr, "\n"); (void)ssl; (void)arg; } #endif /* OPENSSL_EXTRA */ static int test_wolfSSL_msg_callback(void) { int res = TEST_SKIPPED; #if defined(OPENSSL_EXTRA) && !defined(NO_RSA) && !defined(NO_WOLFSSL_CLIENT) WOLFSSL* ssl; WOLFSSL_CTX* ctx; AssertNotNull(ctx = wolfSSL_CTX_new(wolfSSLv23_client_method())); AssertTrue(wolfSSL_CTX_use_certificate_file(ctx, cliCertFile, SSL_FILETYPE_PEM)); AssertTrue(wolfSSL_CTX_use_PrivateKey_file(ctx, cliKeyFile, SSL_FILETYPE_PEM)); AssertIntEQ(wolfSSL_CTX_load_verify_locations(ctx, caCertFile, 0), SSL_SUCCESS); AssertNotNull(ssl = SSL_new(ctx)); AssertIntEQ(SSL_set_msg_callback(ssl, NULL), SSL_SUCCESS); AssertIntEQ(SSL_set_msg_callback(ssl, &sslMsgCb), SSL_SUCCESS); AssertIntEQ(SSL_set_msg_callback(NULL, &sslMsgCb), SSL_FAILURE); SSL_free(ssl); SSL_CTX_free(ctx); res = TEST_RES_CHECK(1); #endif return res; } static int test_wolfSSL_SHA(void) { int res = TEST_SKIPPED; #if defined(OPENSSL_EXTRA) && !defined(HAVE_SELFTEST) #if !defined(NO_SHA) && defined(NO_OLD_SHA_NAMES) && \ (!defined(HAVE_FIPS) || \ (defined(HAVE_FIPS_VERSION) && HAVE_FIPS_VERSION > 2)) { const unsigned char in[] = "abc"; unsigned char expected[] = "\xA9\x99\x3E\x36\x47\x06\x81\x6A\xBA\x3E" "\x25\x71\x78\x50\xC2\x6C\x9C\xD0\xD8\x9D"; unsigned char out[WC_SHA_DIGEST_SIZE]; XMEMSET(out, 0, WC_SHA_DIGEST_SIZE); AssertNotNull(SHA1(in, XSTRLEN((char*)in), out)); AssertIntEQ(XMEMCMP(out, expected, WC_SHA_DIGEST_SIZE), 0); /* SHA interface test */ XMEMSET(out, 0, WC_SHA_DIGEST_SIZE); AssertNull(SHA(NULL, XSTRLEN((char*)in), out)); AssertNotNull(SHA(in, 0, out)); AssertNotNull(SHA(in, XSTRLEN((char*)in), NULL)); AssertNotNull(SHA(NULL, 0, out)); AssertNotNull(SHA(NULL, 0, NULL)); AssertNotNull(SHA(in, XSTRLEN((char*)in), out)); AssertIntEQ(XMEMCMP(out, expected, WC_SHA_DIGEST_SIZE), 0); } #endif #if !defined(NO_SHA256) { const unsigned char in[] = "abc"; unsigned char expected[] = "\xBA\x78\x16\xBF\x8F\x01\xCF\xEA\x41\x41\x40\xDE\x5D\xAE\x22" "\x23\xB0\x03\x61\xA3\x96\x17\x7A\x9C\xB4\x10\xFF\x61\xF2\x00" "\x15\xAD"; unsigned char out[WC_SHA256_DIGEST_SIZE]; XMEMSET(out, 0, WC_SHA256_DIGEST_SIZE); #if !defined(NO_OLD_NAMES) && !defined(HAVE_FIPS) AssertNotNull(SHA256(in, XSTRLEN((char*)in), out)); #else AssertNotNull(wolfSSL_SHA256(in, XSTRLEN((char*)in), out)); #endif AssertIntEQ(XMEMCMP(out, expected, WC_SHA256_DIGEST_SIZE), 0); } #endif #if defined(WOLFSSL_SHA384) { const unsigned char in[] = "abc"; unsigned char expected[] = "\xcb\x00\x75\x3f\x45\xa3\x5e\x8b\xb5\xa0\x3d\x69\x9a\xc6\x50" "\x07\x27\x2c\x32\xab\x0e\xde\xd1\x63\x1a\x8b\x60\x5a\x43\xff" "\x5b\xed\x80\x86\x07\x2b\xa1\xe7\xcc\x23\x58\xba\xec\xa1\x34" "\xc8\x25\xa7"; unsigned char out[WC_SHA384_DIGEST_SIZE]; XMEMSET(out, 0, WC_SHA384_DIGEST_SIZE); #if !defined(NO_OLD_NAMES) && !defined(HAVE_FIPS) AssertNotNull(SHA384(in, XSTRLEN((char*)in), out)); #else AssertNotNull(wolfSSL_SHA384(in, XSTRLEN((char*)in), out)); #endif AssertIntEQ(XMEMCMP(out, expected, WC_SHA384_DIGEST_SIZE), 0); } #endif #if defined(WOLFSSL_SHA512) { const unsigned char in[] = "abc"; unsigned char expected[] = "\xdd\xaf\x35\xa1\x93\x61\x7a\xba\xcc\x41\x73\x49\xae\x20\x41" "\x31\x12\xe6\xfa\x4e\x89\xa9\x7e\xa2\x0a\x9e\xee\xe6\x4b\x55" "\xd3\x9a\x21\x92\x99\x2a\x27\x4f\xc1\xa8\x36\xba\x3c\x23\xa3" "\xfe\xeb\xbd\x45\x4d\x44\x23\x64\x3c\xe8\x0e\x2a\x9a\xc9\x4f" "\xa5\x4c\xa4\x9f"; unsigned char out[WC_SHA512_DIGEST_SIZE]; XMEMSET(out, 0, WC_SHA512_DIGEST_SIZE); #if !defined(NO_OLD_NAMES) && !defined(HAVE_FIPS) AssertNotNull(SHA512(in, XSTRLEN((char*)in), out)); #else AssertNotNull(wolfSSL_SHA512(in, XSTRLEN((char*)in), out)); #endif AssertIntEQ(XMEMCMP(out, expected, WC_SHA512_DIGEST_SIZE), 0); } #endif res = TEST_RES_CHECK(1); #endif return res; } /* test_EVP_Cipher_extra, Extra-test on EVP_CipherUpdate/Final. see also test.c */ #if (defined(OPENSSL_EXTRA) || defined(OPENSSL_ALL)) &&\ (!defined(NO_AES) && defined(HAVE_AES_CBC) && defined(WOLFSSL_AES_128)) static void binary_dump(void *ptr, int size) { #ifdef WOLFSSL_EVP_PRINT int i = 0; unsigned char *p = (unsigned char *) ptr; fprintf(stderr, "{"); while ((p != NULL) && (i < size)) { if ((i % 8) == 0) { fprintf(stderr, "\n"); fprintf(stderr, " "); } fprintf(stderr, "0x%02x, ", p[i]); i++; } fprintf(stderr, "\n};\n"); #else (void) ptr; (void) size; #endif } static int last_val = 0x0f; static int check_result(unsigned char *data, int len) { int i; for ( ; len; ) { last_val = (last_val + 1) % 16; for (i = 0; i < 16; len--, i++, data++) if (*data != last_val) { return -1; } } return 0; } static int r_offset; static int w_offset; static void init_offset(void) { r_offset = 0; w_offset = 0; } static void get_record(unsigned char *data, unsigned char *buf, int len) { XMEMCPY(buf, data+r_offset, len); r_offset += len; } static void set_record(unsigned char *data, unsigned char *buf, int len) { XMEMCPY(data+w_offset, buf, len); w_offset += len; } static void set_plain(unsigned char *plain, int rec) { int i, j; unsigned char *p = plain; #define BLOCKSZ 16 for (i=0; i<(rec/BLOCKSZ); i++) { for (j=0; j 0 && keylen != klen) { AssertIntNE(EVP_CIPHER_CTX_set_key_length(evp, keylen), 0); } ilen = EVP_CIPHER_CTX_iv_length(evp); if (ilen > 0 && ivlen != ilen) { AssertIntNE(EVP_CIPHER_CTX_set_iv_length(evp, ivlen), 0); } AssertIntNE((ret = EVP_CipherInit(evp, NULL, key, iv, 1)), 0); for (j = 0; j 0) set_record(cipher, outb, outl); } for (i = 0; test_drive[i]; i++) { last_val = 0x0f; AssertIntNE((ret = EVP_CipherInit(evp, NULL, key, iv, 0)), 0); init_offset(); for (j = 0; test_drive[i][j]; j++) { inl = test_drive[i][j]; get_record(cipher, inb, inl); AssertIntNE((ret = EVP_DecryptUpdate(evp, outb, &outl, inb, inl)), 0); binary_dump(outb, outl); AssertIntEQ((ret = check_result(outb, outl)), 0); AssertFalse(outl > ((inl/16+1)*16) && outl > 16); } ret = EVP_CipherFinal(evp, outb, &outl); binary_dump(outb, outl); ret = (((test_drive_len[i] % 16) != 0) && (ret == 0)) || (((test_drive_len[i] % 16) == 0) && (ret == 1)); AssertTrue(ret); } EVP_CIPHER_CTX_free(evp); /* Do an extra test to verify correct behavior with empty input. */ AssertNotNull(evp = EVP_CIPHER_CTX_new()); AssertIntNE((ret = EVP_CipherInit(evp, type, NULL, iv, 0)), 0); AssertIntEQ(EVP_CIPHER_CTX_nid(evp), NID_aes_128_cbc); klen = EVP_CIPHER_CTX_key_length(evp); if (klen > 0 && keylen != klen) { AssertIntNE(EVP_CIPHER_CTX_set_key_length(evp, keylen), 0); } ilen = EVP_CIPHER_CTX_iv_length(evp); if (ilen > 0 && ivlen != ilen) { AssertIntNE(EVP_CIPHER_CTX_set_iv_length(evp, ivlen), 0); } AssertIntNE((ret = EVP_CipherInit(evp, NULL, key, iv, 1)), 0); /* outl should be set to 0 after passing NULL, 0 for input args. */ outl = -1; AssertIntNE((ret = EVP_CipherUpdate(evp, outb, &outl, NULL, 0)), 0); AssertIntEQ(outl, 0); EVP_CIPHER_CTX_free(evp); res = TEST_RES_CHECK(1); #endif /* test_EVP_Cipher */ return res; } static int test_wolfSSL_PEM_read_DHparams(void) { int res = TEST_SKIPPED; #if defined(OPENSSL_ALL) && !defined(NO_DH) && defined(WOLFSSL_DH_EXTRA) && \ !defined(NO_FILESYSTEM) DH* dh; XFILE fp; unsigned char derOut[300]; unsigned char* derOutBuf = derOut; int derOutSz = 0; unsigned char derExpected[300]; int derExpectedSz = 0; XMEMSET(derOut, 0, sizeof(derOut)); XMEMSET(derExpected, 0, sizeof(derExpected)); /* open DH param file, read into DH struct */ AssertNotNull(fp = XFOPEN(dhParamFile, "rb")); /* bad args */ AssertNull(dh = PEM_read_DHparams(NULL, &dh, NULL, NULL)); AssertNull(dh = PEM_read_DHparams(NULL, NULL, NULL, NULL)); /* good args */ AssertNotNull(dh = PEM_read_DHparams(fp, &dh, NULL, NULL)); XFCLOSE(fp); /* read in certs/dh2048.der for comparison against exported params */ fp = XFOPEN("./certs/dh2048.der", "rb"); AssertTrue(fp != XBADFILE); derExpectedSz = (int)XFREAD(derExpected, 1, sizeof(derExpected), fp); XFCLOSE(fp); /* export DH back to DER and compare */ derOutSz = wolfSSL_i2d_DHparams(dh, &derOutBuf); AssertIntEQ(derOutSz, derExpectedSz); AssertIntEQ(XMEMCMP(derOut, derExpected, derOutSz), 0); DH_free(dh); dh = NULL; /* Test parsing with X9.42 header */ fp = XFOPEN("./certs/x942dh2048.pem", "rb"); AssertNotNull(dh = PEM_read_DHparams(fp, &dh, NULL, NULL)); XFCLOSE(fp); DH_free(dh); res = TEST_RES_CHECK(1); #endif return res; } static int test_wolfSSL_AES_ecb_encrypt(void) { int res = TEST_SKIPPED; #if defined(OPENSSL_EXTRA) && !defined(NO_AES) && defined(HAVE_AES_ECB) AES_KEY aes; const byte msg[] = { 0x6b,0xc1,0xbe,0xe2,0x2e,0x40,0x9f,0x96, 0xe9,0x3d,0x7e,0x11,0x73,0x93,0x17,0x2a }; const byte verify[] = { 0xf3,0xee,0xd1,0xbd,0xb5,0xd2,0xa0,0x3c, 0x06,0x4b,0x5a,0x7e,0x3d,0xb1,0x81,0xf8 }; const byte key[] = { 0x60,0x3d,0xeb,0x10,0x15,0xca,0x71,0xbe, 0x2b,0x73,0xae,0xf0,0x85,0x7d,0x77,0x81, 0x1f,0x35,0x2c,0x07,0x3b,0x61,0x08,0xd7, 0x2d,0x98,0x10,0xa3,0x09,0x14,0xdf,0xf4 }; byte out[AES_BLOCK_SIZE]; AssertIntEQ(AES_set_encrypt_key(key, sizeof(key)*8, &aes), 0); XMEMSET(out, 0, AES_BLOCK_SIZE); AES_ecb_encrypt(msg, out, &aes, AES_ENCRYPT); AssertIntEQ(XMEMCMP(out, verify, AES_BLOCK_SIZE), 0); #ifdef HAVE_AES_DECRYPT AssertIntEQ(AES_set_decrypt_key(key, sizeof(key)*8, &aes), 0); XMEMSET(out, 0, AES_BLOCK_SIZE); AES_ecb_encrypt(verify, out, &aes, AES_DECRYPT); AssertIntEQ(XMEMCMP(out, msg, AES_BLOCK_SIZE), 0); #endif /* test bad arguments */ AES_ecb_encrypt(NULL, out, &aes, AES_DECRYPT); AES_ecb_encrypt(verify, NULL, &aes, AES_DECRYPT); AES_ecb_encrypt(verify, out, NULL, AES_DECRYPT); res = TEST_RES_CHECK(1); #endif return res; } static int test_wolfSSL_MD5(void) { int res = TEST_SKIPPED; #if defined(OPENSSL_EXTRA) && !defined(NO_MD5) byte input1[] = ""; byte input2[] = "message digest"; byte hash[WC_MD5_DIGEST_SIZE]; unsigned char output1[] = "\xd4\x1d\x8c\xd9\x8f\x00\xb2\x04\xe9\x80\x09\x98\xec\xf8\x42\x7e"; unsigned char output2[] = "\xf9\x6b\x69\x7d\x7c\xb7\x93\x8d\x52\x5a\x2f\x31\xaa\xf1\x61\xd0"; WOLFSSL_MD5_CTX md5; XMEMSET(&md5, 0, sizeof(md5)); /* Test cases for illegal parameters */ AssertIntEQ(MD5_Init(NULL), 0); AssertIntEQ(MD5_Init(&md5), 1); AssertIntEQ(MD5_Update(NULL, input1, 0), 0); AssertIntEQ(MD5_Update(NULL, NULL, 0), 0); AssertIntEQ(MD5_Update(&md5, NULL, 1), 0); AssertIntEQ(MD5_Final(NULL, &md5), 0); AssertIntEQ(MD5_Final(hash, NULL), 0); AssertIntEQ(MD5_Final(NULL, NULL), 0); /* Init MD5 CTX */ AssertIntEQ(wolfSSL_MD5_Init(&md5), 1); AssertIntEQ(wolfSSL_MD5_Update(&md5, input1, XSTRLEN((const char*)&input1)), 1); AssertIntEQ(wolfSSL_MD5_Final(hash, &md5), 1); AssertIntEQ(XMEMCMP(&hash, output1, WC_MD5_DIGEST_SIZE), 0); /* Init MD5 CTX */ AssertIntEQ(wolfSSL_MD5_Init(&md5), 1); AssertIntEQ(wolfSSL_MD5_Update(&md5, input2, (int)XSTRLEN((const char*)input2)), 1); AssertIntEQ(wolfSSL_MD5_Final(hash, &md5), 1); AssertIntEQ(XMEMCMP(&hash, output2, WC_MD5_DIGEST_SIZE), 0); #if !defined(NO_OLD_NAMES) && \ (!defined(HAVE_FIPS) || (defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION>2))) AssertPtrNE(MD5(NULL, 1, (byte*)&hash), &hash); AssertPtrEq(MD5(input1, 0, (byte*)&hash), &hash); AssertPtrNE(MD5(input1, 1, NULL), NULL); AssertPtrNE(MD5(NULL, 0, NULL), NULL); AssertPtrEq(MD5(input1, (int)XSTRLEN((const char*)&input1), (byte*)&hash), &hash); AssertIntEQ(XMEMCMP(&hash, output1, WC_MD5_DIGEST_SIZE), 0); AssertPtrEq(MD5(input2, (int)XSTRLEN((const char*)&input2), (byte*)&hash), &hash); AssertIntEQ(XMEMCMP(&hash, output2, WC_MD5_DIGEST_SIZE), 0); { byte data[] = "Data to be hashed."; XMEMSET(hash, 0, WC_MD5_DIGEST_SIZE); AssertNotNull(MD5(data, sizeof(data), NULL)); AssertNotNull(MD5(data, sizeof(data), hash)); AssertNotNull(MD5(NULL, 0, hash)); AssertNull(MD5(NULL, sizeof(data), hash)); } #endif res = TEST_RES_CHECK(1); #endif return res; } static int test_wolfSSL_MD5_Transform(void) { int res = TEST_SKIPPED; #if defined(OPENSSL_EXTRA) && !defined(NO_MD5) byte input1[] = ""; byte input2[] = "abc"; byte local[WC_MD5_BLOCK_SIZE]; word32 sLen = 0; #ifdef BIG_ENDIAN_ORDER unsigned char output1[] = "\x03\x1f\x1d\xac\x6e\xa5\x8e\xd0\x1f\xab\x67\xb7\x74\x31\x77\x91"; unsigned char output2[] = "\xef\xd3\x79\x8d\x67\x17\x25\x90\xa4\x13\x79\xc7\xe3\xa7\x7b\xbc"; #else unsigned char output1[] = "\xac\x1d\x1f\x03\xd0\x8e\xa5\x6e\xb7\x67\xab\x1f\x91\x77\x31\x74"; unsigned char output2[] = "\x8d\x79\xd3\xef\x90\x25\x17\x67\xc7\x79\x13\xa4\xbc\x7b\xa7\xe3"; #endif union { wc_Md5 native; MD5_CTX compat; } md5; XMEMSET(&md5.compat, 0, sizeof(md5.compat)); XMEMSET(&local, 0, sizeof(local)); /* sanity check */ AssertIntEQ(MD5_Transform(NULL, NULL), 0); AssertIntEQ(MD5_Transform(NULL, (const byte*)&input1), 0); AssertIntEQ(MD5_Transform(&md5.compat, NULL), 0); AssertIntEQ(wc_Md5Transform(NULL, NULL), BAD_FUNC_ARG); AssertIntEQ(wc_Md5Transform(NULL, (const byte*)&input1), BAD_FUNC_ARG); AssertIntEQ(wc_Md5Transform(&md5.native, NULL), BAD_FUNC_ARG); /* Init MD5 CTX */ AssertIntEQ(wolfSSL_MD5_Init(&md5.compat), 1); /* Do Transform*/ sLen = (word32)XSTRLEN((char*)input1); XMEMCPY(local, input1, sLen); AssertIntEQ(MD5_Transform(&md5.compat, (const byte*)&local[0]), 1); AssertIntEQ(XMEMCMP(md5.native.digest, output1, WC_MD5_DIGEST_SIZE), 0); /* Init MD5 CTX */ AssertIntEQ(MD5_Init(&md5.compat), 1); sLen = (word32)XSTRLEN((char*)input2); XMEMSET(local, 0, WC_MD5_BLOCK_SIZE); XMEMCPY(local, input2, sLen); AssertIntEQ(MD5_Transform(&md5.compat, (const byte*)&local[0]), 1); AssertIntEQ(XMEMCMP(md5.native.digest, output2, WC_MD5_DIGEST_SIZE), 0); res = TEST_RES_CHECK(1); #endif return res; } static int test_wolfSSL_SHA224(void) { int res = TEST_SKIPPED; #if defined(OPENSSL_EXTRA) && defined(WOLFSSL_SHA224) && \ !defined(HAVE_SELFTEST) && (!defined(HAVE_FIPS) || \ (defined(HAVE_FIPS_VERSION) && HAVE_FIPS_VERSION > 2)) unsigned char input[] = "abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq"; unsigned char output[] = "\x75\x38\x8b\x16\x51\x27\x76\xcc\x5d\xba\x5d\xa1\xfd\x89\x01" "\x50\xb0\xc6\x45\x5c\xb4\xf5\x8b\x19\x52\x52\x25\x25"; size_t inLen; byte hash[WC_SHA224_DIGEST_SIZE]; inLen = XSTRLEN((char*)input); XMEMSET(hash, 0, WC_SHA224_DIGEST_SIZE); AssertNull(SHA224(NULL, inLen, hash)); AssertNotNull(SHA224(input, 0, hash)); AssertNotNull(SHA224(input, inLen, NULL)); AssertNotNull(SHA224(NULL, 0, hash)); AssertNotNull(SHA224(NULL, 0, NULL)); AssertNotNull(SHA224(input, inLen, hash)); AssertIntEQ(XMEMCMP(hash, output, WC_SHA224_DIGEST_SIZE), 0); res = TEST_RES_CHECK(1); #endif return res; } static int test_wolfSSL_SHA_Transform(void) { int res = TEST_SKIPPED; #if defined(OPENSSL_EXTRA) && !defined(NO_SHA) #if !defined(HAVE_SELFTEST) && (!defined(HAVE_FIPS) || \ (defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION > 2))) byte input1[] = ""; byte input2[] = "abc"; byte local[WC_SHA_BLOCK_SIZE]; word32 sLen = 0; #ifdef BIG_ENDIAN_ORDER unsigned char output1[] = "\x92\xb4\x04\xe5\x56\x58\x8c\xed\x6c\x1a\xcd\x4e\xbf\x05\x3f\x68" "\x09\xf7\x3a\x93"; unsigned char output2[] = "\x97\xb2\x74\x8b\x4f\x5b\xbc\xca\x5b\xc0\xe6\xea\x2d\x40\xb4\xa0" "\x7c\x6e\x08\xb8"; #else unsigned char output1[] = "\xe5\x04\xb4\x92\xed\x8c\x58\x56\x4e\xcd\x1a\x6c\x68\x3f\x05\xbf" "\x93\x3a\xf7\x09"; unsigned char output2[] = "\x8b\x74\xb2\x97\xca\xbc\x5b\x4f\xea\xe6\xc0\x5b\xa0\xb4\x40\x2d" "\xb8\x08\x6e\x7c"; #endif union { wc_Sha native; SHA_CTX compat; } sha; union { wc_Sha native; SHA_CTX compat; } sha1; XMEMSET(&sha.compat, 0, sizeof(sha.compat)); XMEMSET(&local, 0, sizeof(local)); /* sanity check */ AssertIntEQ(SHA_Transform(NULL, NULL), 0); AssertIntEQ(SHA_Transform(NULL, (const byte*)&input1), 0); AssertIntEQ(SHA_Transform(&sha.compat, NULL), 0); AssertIntEQ(SHA1_Transform(NULL, NULL), 0); AssertIntEQ(SHA1_Transform(NULL, (const byte*)&input1), 0); AssertIntEQ(SHA1_Transform(&sha.compat, NULL), 0); AssertIntEQ(wc_ShaTransform(NULL, NULL), BAD_FUNC_ARG); AssertIntEQ(wc_ShaTransform(NULL, (const byte*)&input1), BAD_FUNC_ARG); AssertIntEQ(wc_ShaTransform(&sha.native, NULL), BAD_FUNC_ARG); /* Init SHA CTX */ AssertIntEQ(SHA_Init(&sha.compat), 1); /* Do Transform*/ sLen = (word32)XSTRLEN((char*)input1); XMEMCPY(local, input1, sLen); AssertIntEQ(SHA_Transform(&sha.compat, (const byte*)&local[0]), 1); AssertIntEQ(XMEMCMP(sha.native.digest, output1, WC_SHA_DIGEST_SIZE), 0); AssertIntEQ(SHA_Final(local, &sha.compat), 1); /* frees resources */ /* Init SHA CTX */ AssertIntEQ(SHA_Init(&sha.compat), 1); sLen = (word32)XSTRLEN((char*)input2); XMEMSET(local, 0, WC_SHA_BLOCK_SIZE); XMEMCPY(local, input2, sLen); AssertIntEQ(SHA_Transform(&sha.compat, (const byte*)&local[0]), 1); AssertIntEQ(XMEMCMP(sha.native.digest, output2, WC_SHA_DIGEST_SIZE), 0); AssertIntEQ(SHA_Final(local, &sha.compat), 1); /* frees resources */ /* SHA1 */ XMEMSET(local, 0, WC_SHA_BLOCK_SIZE); /* Init SHA CTX */ AssertIntEQ(SHA1_Init(&sha1.compat), 1); /* Do Transform*/ sLen = (word32)XSTRLEN((char*)input1); XMEMCPY(local, input1, sLen); AssertIntEQ(SHA1_Transform(&sha1.compat, (const byte*)&local[0]), 1); AssertIntEQ(XMEMCMP(sha1.native.digest, output1, WC_SHA_DIGEST_SIZE), 0); AssertIntEQ(SHA_Final(local, &sha1.compat), 1); /* frees resources */ /* Init SHA CTX */ AssertIntEQ(SHA1_Init(&sha1.compat), 1); sLen = (word32)XSTRLEN((char*)input2); XMEMSET(local, 0, WC_SHA_BLOCK_SIZE); XMEMCPY(local, input2, sLen); AssertIntEQ(SHA1_Transform(&sha1.compat, (const byte*)&local[0]), 1); AssertIntEQ(XMEMCMP(sha1.native.digest, output2, WC_SHA_DIGEST_SIZE), 0); AssertIntEQ(SHA_Final(local, &sha1.compat), 1); /* frees resources */ res = TEST_RES_CHECK(1); #endif #endif return res; } static int test_wolfSSL_SHA256_Transform(void) { int res = TEST_SKIPPED; #if defined(OPENSSL_EXTRA) && !defined(NO_SHA256) #if !defined(HAVE_SELFTEST) && (!defined(HAVE_FIPS) || \ (defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION > 2))) && \ !defined(WOLFSSL_DEVCRYPTO_HASH) && !defined(WOLFSSL_AFALG_HASH) && \ !defined(WOLFSSL_KCAPI_HASH) byte input1[] = ""; byte input2[] = "abc"; byte local[WC_SHA256_BLOCK_SIZE]; word32 sLen = 0; #ifdef BIG_ENDIAN_ORDER unsigned char output1[] = "\xda\x56\x98\xbe\x17\xb9\xb4\x69\x62\x33\x57\x99\x77\x9f\xbe\xca" "\x8c\xe5\xd4\x91\xc0\xd2\x62\x43\xba\xfe\xf9\xea\x18\x37\xa9\xd8"; unsigned char output2[] = "\x1d\x4e\xd4\x67\x67\x7c\x61\x67\x44\x10\x76\x26\x78\x10\xff\xb8" "\x40\xc8\x9a\x39\x73\x16\x60\x8c\xa6\x61\xd6\x05\x91\xf2\x8c\x35"; #else unsigned char output1[] = "\xbe\x98\x56\xda\x69\xb4\xb9\x17\x99\x57\x33\x62\xca\xbe\x9f\x77" "\x91\xd4\xe5\x8c\x43\x62\xd2\xc0\xea\xf9\xfe\xba\xd8\xa9\x37\x18"; unsigned char output2[] = "\x67\xd4\x4e\x1d\x67\x61\x7c\x67\x26\x76\x10\x44\xb8\xff\x10\x78" "\x39\x9a\xc8\x40\x8c\x60\x16\x73\x05\xd6\x61\xa6\x35\x8c\xf2\x91"; #endif union { wc_Sha256 native; SHA256_CTX compat; } sha256; XMEMSET(&sha256.compat, 0, sizeof(sha256.compat)); XMEMSET(&local, 0, sizeof(local)); /* sanity check */ AssertIntEQ(SHA256_Transform(NULL, NULL), 0); AssertIntEQ(SHA256_Transform(NULL, (const byte*)&input1), 0); AssertIntEQ(SHA256_Transform(&sha256.compat, NULL), 0); AssertIntEQ(wc_Sha256Transform(NULL, NULL), BAD_FUNC_ARG); AssertIntEQ(wc_Sha256Transform(NULL, (const byte*)&input1), BAD_FUNC_ARG); AssertIntEQ(wc_Sha256Transform(&sha256.native, NULL), BAD_FUNC_ARG); /* Init SHA256 CTX */ AssertIntEQ(SHA256_Init(&sha256.compat), 1); /* Do Transform*/ sLen = (word32)XSTRLEN((char*)input1); XMEMCPY(local, input1, sLen); AssertIntEQ(SHA256_Transform(&sha256.compat, (const byte*)&local[0]), 1); AssertIntEQ(XMEMCMP(sha256.native.digest, output1, WC_SHA256_DIGEST_SIZE), 0); AssertIntEQ(SHA256_Final(local, &sha256.compat), 1); /* frees resources */ /* Init SHA256 CTX */ AssertIntEQ(SHA256_Init(&sha256.compat), 1); sLen = (word32)XSTRLEN((char*)input2); XMEMSET(local, 0, WC_SHA256_BLOCK_SIZE); XMEMCPY(local, input2, sLen); AssertIntEQ(SHA256_Transform(&sha256.compat, (const byte*)&local[0]), 1); AssertIntEQ(XMEMCMP(sha256.native.digest, output2, WC_SHA256_DIGEST_SIZE), 0); AssertIntEQ(SHA256_Final(local, &sha256.compat), 1); /* frees resources */ res = TEST_RES_CHECK(1); #endif #endif return res; } static int test_wolfSSL_SHA256(void) { int res = TEST_SKIPPED; #if defined(OPENSSL_EXTRA) && !defined(NO_SHA256) && \ defined(NO_OLD_SHA_NAMES) && !defined(HAVE_FIPS) && !defined(HAVE_SELFTEST) unsigned char input[] = "abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq"; unsigned char output[] = "\x24\x8D\x6A\x61\xD2\x06\x38\xB8\xE5\xC0\x26\x93\x0C\x3E\x60" "\x39\xA3\x3C\xE4\x59\x64\xFF\x21\x67\xF6\xEC\xED\xD4\x19\xDB" "\x06\xC1"; size_t inLen; byte hash[WC_SHA256_DIGEST_SIZE]; inLen = XSTRLEN((char*)input); XMEMSET(hash, 0, WC_SHA256_DIGEST_SIZE); AssertNotNull(SHA256(input, inLen, hash)); AssertIntEQ(XMEMCMP(hash, output, WC_SHA256_DIGEST_SIZE), 0); res = TEST_RES_CHECK(1); #endif return res; } static int test_wolfSSL_SHA512_Transform(void) { int res = TEST_SKIPPED; #if defined(OPENSSL_EXTRA) && defined(WOLFSSL_SHA512) #if !defined(HAVE_SELFTEST) && (!defined(HAVE_FIPS) || \ (defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION > 2))) && \ !defined(WOLFSSL_KCAPI_HASH) byte input1[] = ""; byte input2[] = "abc"; byte local[WC_SHA512_BLOCK_SIZE]; word32 sLen = 0; #ifdef BIG_ENDIAN_ORDER unsigned char output1[] = "\xcf\x78\x81\xd5\x77\x4a\xcb\xe8\x53\x33\x62\xe0\xfb\xc7\x80\x70" "\x02\x67\x63\x9d\x87\x46\x0e\xda\x30\x86\xcb\x40\xe8\x59\x31\xb0" "\x71\x7d\xc9\x52\x88\xa0\x23\xa3\x96\xba\xb2\xc1\x4c\xe0\xb5\xe0" "\x6f\xc4\xfe\x04\xea\xe3\x3e\x0b\x91\xf4\xd8\x0c\xbd\x66\x8b\xee"; unsigned char output2[] = "\x11\x10\x93\x4e\xeb\xa0\xcc\x0d\xfd\x33\x43\x9c\xfb\x04\xc8\x21" "\xa9\xb4\x26\x3d\xca\xab\x31\x41\xe2\xc6\xaa\xaf\xe1\x67\xd7\xab" "\x31\x8f\x2e\x54\x2c\xba\x4e\x83\xbe\x88\xec\x9d\x8f\x2b\x38\x98" "\x14\xd2\x4e\x9d\x53\x8b\x5e\x4d\xde\x68\x6c\x69\xaf\x20\x96\xf0"; #else unsigned char output1[] = "\xe8\xcb\x4a\x77\xd5\x81\x78\xcf\x70\x80\xc7\xfb\xe0\x62\x33\x53" "\xda\x0e\x46\x87\x9d\x63\x67\x02\xb0\x31\x59\xe8\x40\xcb\x86\x30" "\xa3\x23\xa0\x88\x52\xc9\x7d\x71\xe0\xb5\xe0\x4c\xc1\xb2\xba\x96" "\x0b\x3e\xe3\xea\x04\xfe\xc4\x6f\xee\x8b\x66\xbd\x0c\xd8\xf4\x91"; unsigned char output2[] = "\x0d\xcc\xa0\xeb\x4e\x93\x10\x11\x21\xc8\x04\xfb\x9c\x43\x33\xfd" "\x41\x31\xab\xca\x3d\x26\xb4\xa9\xab\xd7\x67\xe1\xaf\xaa\xc6\xe2" "\x83\x4e\xba\x2c\x54\x2e\x8f\x31\x98\x38\x2b\x8f\x9d\xec\x88\xbe" "\x4d\x5e\x8b\x53\x9d\x4e\xd2\x14\xf0\x96\x20\xaf\x69\x6c\x68\xde"; #endif union { wc_Sha512 native; SHA512_CTX compat; } sha512; XMEMSET(&sha512.compat, 0, sizeof(sha512.compat)); XMEMSET(&local, 0, sizeof(local)); /* sanity check */ AssertIntEQ(SHA512_Transform(NULL, NULL), 0); AssertIntEQ(SHA512_Transform(NULL, (const byte*)&input1), 0); AssertIntEQ(SHA512_Transform(&sha512.compat, NULL), 0); AssertIntEQ(wc_Sha512Transform(NULL, NULL), BAD_FUNC_ARG); AssertIntEQ(wc_Sha512Transform(NULL, (const byte*)&input1), BAD_FUNC_ARG); AssertIntEQ(wc_Sha512Transform(&sha512.native, NULL), BAD_FUNC_ARG); /* Init SHA512 CTX */ AssertIntEQ(wolfSSL_SHA512_Init(&sha512.compat), 1); /* Do Transform*/ sLen = (word32)XSTRLEN((char*)input1); XMEMCPY(local, input1, sLen); AssertIntEQ(SHA512_Transform(&sha512.compat, (const byte*)&local[0]), 1); AssertIntEQ(XMEMCMP(sha512.native.digest, output1, WC_SHA512_DIGEST_SIZE), 0); AssertIntEQ(SHA512_Final(local, &sha512.compat), 1); /* frees resources */ /* Init SHA512 CTX */ AssertIntEQ(SHA512_Init(&sha512.compat), 1); sLen = (word32)XSTRLEN((char*)input2); XMEMSET(local, 0, WC_SHA512_BLOCK_SIZE); XMEMCPY(local, input2, sLen); AssertIntEQ(SHA512_Transform(&sha512.compat, (const byte*)&local[0]), 1); AssertIntEQ(XMEMCMP(sha512.native.digest, output2, WC_SHA512_DIGEST_SIZE), 0); AssertIntEQ(SHA512_Final(local, &sha512.compat), 1); /* frees resources */ (void)input1; res = TEST_RES_CHECK(1); #endif #endif return res; } static int test_wolfSSL_X509_get_serialNumber(void) { int res = TEST_SKIPPED; #if defined(OPENSSL_EXTRA) && !defined(NO_CERTS) && !defined(NO_RSA) ASN1_INTEGER* a; BIGNUM* bn; X509* x509; char *serialHex; byte serial[3]; int serialSz; AssertNotNull(x509 = wolfSSL_X509_load_certificate_file(svrCertFile, SSL_FILETYPE_PEM)); AssertNotNull(a = X509_get_serialNumber(x509)); /* check on value of ASN1 Integer */ AssertNotNull(bn = ASN1_INTEGER_to_BN(a, NULL)); /* test setting serial number and then retrieving it */ AssertNotNull(a = ASN1_INTEGER_new()); ASN1_INTEGER_set(a, 3); AssertIntEQ(X509_set_serialNumber(x509, a), WOLFSSL_SUCCESS); serialSz = sizeof(serial); AssertIntEQ(wolfSSL_X509_get_serial_number(x509, serial, &serialSz), WOLFSSL_SUCCESS); AssertIntEQ(serialSz, 1); AssertIntEQ(serial[0], 3); ASN1_INTEGER_free(a); /* test setting serial number with 0's in it */ serial[0] = 0x01; serial[1] = 0x00; serial[2] = 0x02; AssertNotNull(a = wolfSSL_ASN1_INTEGER_new()); a->data[0] = ASN_INTEGER; a->data[1] = sizeof(serial); XMEMCPY(&a->data[2], serial, sizeof(serial)); a->length = sizeof(serial) + 2; AssertIntEQ(X509_set_serialNumber(x509, a), WOLFSSL_SUCCESS); XMEMSET(serial, 0, sizeof(serial)); serialSz = sizeof(serial); AssertIntEQ(wolfSSL_X509_get_serial_number(x509, serial, &serialSz), WOLFSSL_SUCCESS); AssertIntEQ(serialSz, 3); AssertIntEQ(serial[0], 0x01); AssertIntEQ(serial[1], 0x00); AssertIntEQ(serial[2], 0x02); ASN1_INTEGER_free(a); X509_free(x509); /* free's a */ AssertNotNull(serialHex = BN_bn2hex(bn)); #ifndef WC_DISABLE_RADIX_ZERO_PAD AssertStrEQ(serialHex, "01"); #else AssertStrEQ(serialHex, "1"); #endif OPENSSL_free(serialHex); AssertIntEQ(BN_get_word(bn), 1); BN_free(bn); /* hard test free'ing with dynamic buffer to make sure there is no leaks */ a = ASN1_INTEGER_new(); if (a) { AssertNotNull(a->data = (unsigned char*)XMALLOC(100, NULL, DYNAMIC_TYPE_OPENSSL)); a->isDynamic = 1; ASN1_INTEGER_free(a); } res = TEST_RES_CHECK(1); #endif return res; } static int test_wolfSSL_OpenSSL_add_all_algorithms(void) { int res = TEST_SKIPPED; #if defined(OPENSSL_EXTRA) AssertIntEQ(wolfSSL_add_all_algorithms(),WOLFSSL_SUCCESS); AssertIntEQ(wolfSSL_OpenSSL_add_all_algorithms_noconf(),WOLFSSL_SUCCESS); AssertIntEQ(wolfSSL_OpenSSL_add_all_algorithms_conf(),WOLFSSL_SUCCESS); res = TEST_RES_CHECK(1); #endif return res; } static int test_wolfSSL_OPENSSL_hexstr2buf(void) { int res = TEST_SKIPPED; #if defined(OPENSSL_EXTRA) #define MAX_HEXSTR_BUFSZ 9 #define NUM_CASES 5 struct Output { const unsigned char buffer[MAX_HEXSTR_BUFSZ]; long ret; }; int i; int j; const char* inputs[NUM_CASES] = { "aabcd1357e", "01:12:23:34:a5:b6:c7:d8:e9", ":01:02", "012", ":ab:ac:d" }; struct Output expectedOutputs[NUM_CASES] = { {{0xaa, 0xbc, 0xd1, 0x35, 0x7e}, 5}, {{0x01, 0x12, 0x23, 0x34, 0xa5, 0xb6, 0xc7, 0xd8, 0xe9}, 9}, {{0x01, 0x02}, 2}, {{0x00}, 0}, {{0x00}, 0} }; long len = 0; unsigned char* returnedBuf = NULL; for (i = 0; i < NUM_CASES; ++i) { returnedBuf = wolfSSL_OPENSSL_hexstr2buf(inputs[i], &len); if (returnedBuf == NULL) { AssertIntEQ(expectedOutputs[i].ret, 0); continue; } AssertIntEQ(expectedOutputs[i].ret, len); for (j = 0; j < len; ++j) { AssertIntEQ(expectedOutputs[i].buffer[j], returnedBuf[j]); } OPENSSL_free(returnedBuf); } res = TEST_RES_CHECK(1); #endif return res; } static int test_wolfSSL_X509_CA_num(void) { int res = TEST_SKIPPED; #if defined(OPENSSL_EXTRA) && !defined(NO_CERTS) && !defined(NO_FILESYSTEM) && \ defined(HAVE_ECC) && !defined(NO_RSA) WOLFSSL_X509_STORE *store; WOLFSSL_X509 *x509_1, *x509_2; int ca_num = 0; store = wolfSSL_X509_STORE_new(); x509_1 = wolfSSL_X509_load_certificate_file(svrCertFile, WOLFSSL_FILETYPE_PEM); wolfSSL_X509_STORE_add_cert(store, x509_1); ca_num = wolfSSL_X509_CA_num(store); AssertIntEQ(ca_num, 1); x509_2 = wolfSSL_X509_load_certificate_file(eccCertFile, WOLFSSL_FILETYPE_PEM); wolfSSL_X509_STORE_add_cert(store, x509_2); ca_num = wolfSSL_X509_CA_num(store); AssertIntEQ(ca_num, 2); wolfSSL_X509_free(x509_1); wolfSSL_X509_free(x509_2); wolfSSL_X509_STORE_free(store); res = TEST_RES_CHECK(1); #endif return res; } static int test_wolfSSL_X509_check_ca(void) { int res = TEST_SKIPPED; #if defined(OPENSSL_EXTRA) && !defined(NO_RSA) && !defined(NO_FILESYSTEM) WOLFSSL_X509 *x509; x509 = wolfSSL_X509_load_certificate_file(svrCertFile, WOLFSSL_FILETYPE_PEM); AssertIntEQ(wolfSSL_X509_check_ca(x509), 1); wolfSSL_X509_free(x509); res = TEST_RES_CHECK(1); #endif return res; } static int test_wolfSSL_X509_check_ip_asc(void) { int res = TEST_SKIPPED; #if defined(OPENSSL_EXTRA) && !defined(NO_RSA) && !defined(NO_FILESYSTEM) WOLFSSL_X509 *x509; x509 = wolfSSL_X509_load_certificate_file(cliCertFile, WOLFSSL_FILETYPE_PEM); #if 0 /* TODO: add cert gen for testing positive case */ AssertIntEQ(wolfSSL_X509_check_ip_asc(x509, "127.0.0.1", 0), 1); #endif AssertIntEQ(wolfSSL_X509_check_ip_asc(x509, "0.0.0.0", 0), 0); AssertIntEQ(wolfSSL_X509_check_ip_asc(x509, NULL, 0), 0); wolfSSL_X509_free(x509); res = TEST_RES_CHECK(1); #endif return res; } static int test_wolfSSL_make_cert(void) { int res = TEST_SKIPPED; #if !defined(NO_RSA) && !defined(NO_ASN_TIME) && defined(WOLFSSL_CERT_GEN) && \ defined(WOLFSSL_CERT_EXT) int ret; Cert cert; CertName name; RsaKey key; WC_RNG rng; byte der[FOURK_BUF]; word32 idx; const byte mySerial[8] = {1,2,3,4,5,6,7,8}; #ifdef OPENSSL_EXTRA const unsigned char* pt; int certSz; X509* x509; X509_NAME* x509name; X509_NAME_ENTRY* entry; ASN1_STRING* entryValue; #endif XMEMSET(&name, 0, sizeof(CertName)); /* set up cert name */ XMEMCPY(name.country, "US", sizeof("US")); name.countryEnc = CTC_PRINTABLE; XMEMCPY(name.state, "Oregon", sizeof("Oregon")); name.stateEnc = CTC_UTF8; XMEMCPY(name.locality, "Portland", sizeof("Portland")); name.localityEnc = CTC_UTF8; XMEMCPY(name.sur, "Test", sizeof("Test")); name.surEnc = CTC_UTF8; XMEMCPY(name.org, "wolfSSL", sizeof("wolfSSL")); name.orgEnc = CTC_UTF8; XMEMCPY(name.unit, "Development", sizeof("Development")); name.unitEnc = CTC_UTF8; XMEMCPY(name.commonName, "www.wolfssl.com", sizeof("www.wolfssl.com")); name.commonNameEnc = CTC_UTF8; XMEMCPY(name.serialDev, "wolfSSL12345", sizeof("wolfSSL12345")); name.serialDevEnc = CTC_PRINTABLE; XMEMCPY(name.userId, "TestUserID", sizeof("TestUserID")); name.userIdEnc = CTC_PRINTABLE; #ifdef WOLFSSL_MULTI_ATTRIB #if CTC_MAX_ATTRIB > 2 { NameAttrib* n; n = &name.name[0]; n->id = ASN_DOMAIN_COMPONENT; n->type = CTC_UTF8; n->sz = sizeof("com"); XMEMCPY(n->value, "com", sizeof("com")); n = &name.name[1]; n->id = ASN_DOMAIN_COMPONENT; n->type = CTC_UTF8; n->sz = sizeof("wolfssl"); XMEMCPY(n->value, "wolfssl", sizeof("wolfssl")); } #endif #endif /* WOLFSSL_MULTI_ATTRIB */ AssertIntEQ(wc_InitRsaKey(&key, HEAP_HINT), 0); #ifndef HAVE_FIPS AssertIntEQ(wc_InitRng_ex(&rng, HEAP_HINT, testDevId), 0); #else AssertIntEQ(wc_InitRng(&rng), 0); #endif /* load test RSA key */ idx = 0; #if defined(USE_CERT_BUFFERS_1024) AssertIntEQ(wc_RsaPrivateKeyDecode(server_key_der_1024, &idx, &key, sizeof_server_key_der_1024), 0); #elif defined(USE_CERT_BUFFERS_2048) AssertIntEQ(wc_RsaPrivateKeyDecode(server_key_der_2048, &idx, &key, sizeof_server_key_der_2048), 0); #else /* error case, no RSA key loaded, happens later */ (void)idx; #endif XMEMSET(&cert, 0 , sizeof(Cert)); AssertIntEQ(wc_InitCert(&cert), 0); XMEMCPY(&cert.subject, &name, sizeof(CertName)); XMEMCPY(cert.serial, mySerial, sizeof(mySerial)); cert.serialSz = (int)sizeof(mySerial); cert.isCA = 1; #ifndef NO_SHA256 cert.sigType = CTC_SHA256wRSA; #else cert.sigType = CTC_SHAwRSA; #endif /* add SKID from the Public Key */ AssertIntEQ(wc_SetSubjectKeyIdFromPublicKey(&cert, &key, NULL), 0); /* add AKID from the Public Key */ AssertIntEQ(wc_SetAuthKeyIdFromPublicKey(&cert, &key, NULL), 0); ret = 0; do { #if defined(WOLFSSL_ASYNC_CRYPT) ret = wc_AsyncWait(ret, &key.asyncDev, WC_ASYNC_FLAG_CALL_AGAIN); #endif if (ret >= 0) { ret = wc_MakeSelfCert(&cert, der, FOURK_BUF, &key, &rng); } } while (ret == WC_PENDING_E); AssertIntGT(ret, 0); #ifdef OPENSSL_EXTRA /* der holds a certificate with DC's now check X509 parsing of it */ certSz = ret; pt = der; AssertNotNull(x509 = d2i_X509(NULL, &pt, certSz)); AssertNotNull(x509name = X509_get_subject_name(x509)); #ifdef WOLFSSL_MULTI_ATTRIB AssertIntEQ((idx = X509_NAME_get_index_by_NID(x509name, NID_domainComponent, -1)), 5); AssertIntEQ((idx = X509_NAME_get_index_by_NID(x509name, NID_domainComponent, idx)), 6); AssertIntEQ((idx = X509_NAME_get_index_by_NID(x509name, NID_domainComponent, idx)), -1); #endif /* WOLFSSL_MULTI_ATTRIB */ /* compare DN at index 0 */ AssertNotNull(entry = X509_NAME_get_entry(x509name, 0)); AssertNotNull(entryValue = X509_NAME_ENTRY_get_data(entry)); AssertIntEQ(ASN1_STRING_length(entryValue), 2); AssertStrEQ((const char*)ASN1_STRING_data(entryValue), "US"); #ifndef WOLFSSL_MULTI_ATTRIB /* compare Serial Number */ AssertIntEQ((idx = X509_NAME_get_index_by_NID(x509name, NID_serialNumber, -1)), 7); AssertNotNull(entry = X509_NAME_get_entry(x509name, idx)); AssertNotNull(entryValue = X509_NAME_ENTRY_get_data(entry)); AssertIntEQ(ASN1_STRING_length(entryValue), XSTRLEN("wolfSSL12345")); AssertStrEQ((const char*)ASN1_STRING_data(entryValue), "wolfSSL12345"); #endif #ifdef WOLFSSL_MULTI_ATTRIB /* get first and second DC and compare result */ AssertIntEQ((idx = X509_NAME_get_index_by_NID(x509name, NID_domainComponent, -1)), 5); AssertNotNull(entry = X509_NAME_get_entry(x509name, idx)); AssertNotNull(entryValue = X509_NAME_ENTRY_get_data(entry)); AssertStrEQ((const char *)ASN1_STRING_data(entryValue), "com"); AssertIntEQ((idx = X509_NAME_get_index_by_NID(x509name, NID_domainComponent, idx)), 6); AssertNotNull(entry = X509_NAME_get_entry(x509name, idx)); AssertNotNull(entryValue = X509_NAME_ENTRY_get_data(entry)); AssertStrEQ((const char *)ASN1_STRING_data(entryValue), "wolfssl"); #endif /* WOLFSSL_MULTI_ATTRIB */ /* try invalid index locations for regression test and sanity check */ AssertNull(entry = X509_NAME_get_entry(x509name, 11)); AssertNull(entry = X509_NAME_get_entry(x509name, 20)); X509_free(x509); #endif /* OPENSSL_EXTRA */ wc_FreeRsaKey(&key); wc_FreeRng(&rng); res = TEST_RES_CHECK(1); #endif return res; } static int test_wolfSSL_X509_get_version(void) { int res = TEST_SKIPPED; #if defined(OPENSSL_EXTRA) && !defined(NO_FILESYSTEM) && !defined(NO_RSA) WOLFSSL_X509 *x509; x509 = wolfSSL_X509_load_certificate_file(svrCertFile, WOLFSSL_FILETYPE_PEM); AssertNotNull(x509); AssertIntEQ((int)wolfSSL_X509_get_version(x509), 2); wolfSSL_X509_free(x509); res = TEST_RES_CHECK(1); #endif return res; } static int test_wolfSSL_DES_ncbc(void) { int res = TEST_SKIPPED; #if defined(OPENSSL_EXTRA) && !defined(NO_DES3) const_DES_cblock myDes; DES_cblock iv = {1}; DES_key_schedule key = {0}; unsigned char msg[] = "hello wolfssl"; unsigned char out[DES_BLOCK_SIZE * 2] = {0}; unsigned char pln[DES_BLOCK_SIZE * 2] = {0}; unsigned char exp[] = {0x31, 0x98, 0x2F, 0x3A, 0x55, 0xBF, 0xD8, 0xC4}; unsigned char exp2[] = {0xC7, 0x45, 0x8B, 0x28, 0x10, 0x53, 0xE0, 0x58}; /* partial block test */ DES_set_key(&key, &myDes); DES_ncbc_encrypt(msg, out, 3, &myDes, &iv, DES_ENCRYPT); AssertIntEQ(XMEMCMP(exp, out, DES_BLOCK_SIZE), 0); AssertIntEQ(XMEMCMP(exp, iv, DES_BLOCK_SIZE), 0); DES_set_key(&key, &myDes); XMEMSET((byte*)&iv, 0, DES_BLOCK_SIZE); *((byte*)&iv) = 1; DES_ncbc_encrypt(out, pln, 3, &myDes, &iv, DES_DECRYPT); AssertIntEQ(XMEMCMP(msg, pln, 3), 0); AssertIntEQ(XMEMCMP(exp, iv, DES_BLOCK_SIZE), 0); /* full block test */ DES_set_key(&key, &myDes); XMEMSET(pln, 0, DES_BLOCK_SIZE); XMEMSET((byte*)&iv, 0, DES_BLOCK_SIZE); *((byte*)&iv) = 1; DES_ncbc_encrypt(msg, out, 8, &myDes, &iv, DES_ENCRYPT); AssertIntEQ(XMEMCMP(exp2, out, DES_BLOCK_SIZE), 0); AssertIntEQ(XMEMCMP(exp2, iv, DES_BLOCK_SIZE), 0); DES_set_key(&key, &myDes); XMEMSET((byte*)&iv, 0, DES_BLOCK_SIZE); *((byte*)&iv) = 1; DES_ncbc_encrypt(out, pln, 8, &myDes, &iv, DES_DECRYPT); AssertIntEQ(XMEMCMP(msg, pln, 8), 0); AssertIntEQ(XMEMCMP(exp2, iv, DES_BLOCK_SIZE), 0); res = TEST_RES_CHECK(1); #endif return res; } static int test_wolfSSL_AES_cbc_encrypt(void) { int res = TEST_SKIPPED; #if !defined(NO_AES) && defined(HAVE_AES_CBC) && defined(OPENSSL_EXTRA) AES_KEY aes; AES_KEY* aesN = NULL; size_t len = 0; size_t lenB = 0; int keySz0 = 0; int keySzN = -1; byte out[AES_BLOCK_SIZE] = {0}; byte* outN = NULL; /* Test vectors retrieved from: * * https://csrc.nist.gov/ * CSRC/media/Projects/Cryptographic-Algorithm-Validation-Program/ * documents/aes/KAT_AES.zip * */ const byte* pt128N = NULL; byte* key128N = NULL; byte* iv128N = NULL; byte iv128tmp[AES_BLOCK_SIZE] = {0}; const byte pt128[] = { 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00 }; const byte ct128[] = { 0x87,0x85,0xb1,0xa7,0x5b,0x0f,0x3b,0xd9, 0x58,0xdc,0xd0,0xe2,0x93,0x18,0xc5,0x21 }; const byte iv128[] = { 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00 }; byte key128[] = { 0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff, 0xff,0xff,0xf0,0x00,0x00,0x00,0x00,0x00 }; len = sizeof(pt128); #define STRESS_T(a, b, c, d, e, f, g, h, i) \ wolfSSL_AES_cbc_encrypt(a, b, c, d, e, f); \ AssertIntNE(XMEMCMP(b, g, h), i) #define RESET_IV(x, y) XMEMCPY(x, y, AES_BLOCK_SIZE) /* Stressing wolfSSL_AES_cbc_encrypt() */ STRESS_T(pt128N, out, len, &aes, iv128tmp, 1, ct128, AES_BLOCK_SIZE, 0); STRESS_T(pt128, out, len, &aes, iv128N, 1, ct128, AES_BLOCK_SIZE, 0); wolfSSL_AES_cbc_encrypt(pt128, outN, len, &aes, iv128tmp, AES_ENCRYPT); AssertIntNE(XMEMCMP(out, ct128, AES_BLOCK_SIZE), 0); wolfSSL_AES_cbc_encrypt(pt128, out, len, aesN, iv128tmp, AES_ENCRYPT); AssertIntNE(XMEMCMP(out, ct128, AES_BLOCK_SIZE), 0); STRESS_T(pt128, out, lenB, &aes, iv128tmp, 1, ct128, AES_BLOCK_SIZE, 0); /* Stressing wolfSSL_AES_set_encrypt_key */ AssertIntNE(wolfSSL_AES_set_encrypt_key(key128N, sizeof(key128)*8, &aes),0); AssertIntNE(wolfSSL_AES_set_encrypt_key(key128, sizeof(key128)*8, aesN),0); AssertIntNE(wolfSSL_AES_set_encrypt_key(key128, keySz0, &aes), 0); AssertIntNE(wolfSSL_AES_set_encrypt_key(key128, keySzN, &aes), 0); /* Stressing wolfSSL_AES_set_decrypt_key */ AssertIntNE(wolfSSL_AES_set_decrypt_key(key128N, sizeof(key128)*8, &aes),0); AssertIntNE(wolfSSL_AES_set_decrypt_key(key128N, sizeof(key128)*8, aesN),0); AssertIntNE(wolfSSL_AES_set_decrypt_key(key128, keySz0, &aes), 0); AssertIntNE(wolfSSL_AES_set_decrypt_key(key128, keySzN, &aes), 0); #ifdef WOLFSSL_AES_128 /* wolfSSL_AES_cbc_encrypt() 128-bit */ XMEMSET(out, 0, AES_BLOCK_SIZE); RESET_IV(iv128tmp, iv128); AssertIntEQ(wolfSSL_AES_set_encrypt_key(key128, sizeof(key128)*8, &aes), 0); wolfSSL_AES_cbc_encrypt(pt128, out, len, &aes, iv128tmp, AES_ENCRYPT); AssertIntEQ(XMEMCMP(out, ct128, AES_BLOCK_SIZE), 0); wc_AesFree((Aes*)&aes); #ifdef HAVE_AES_DECRYPT /* wolfSSL_AES_cbc_encrypt() 128-bit in decrypt mode */ XMEMSET(out, 0, AES_BLOCK_SIZE); RESET_IV(iv128tmp, iv128); len = sizeof(ct128); AssertIntEQ(wolfSSL_AES_set_decrypt_key(key128, sizeof(key128)*8, &aes), 0); wolfSSL_AES_cbc_encrypt(ct128, out, len, &aes, iv128tmp, AES_DECRYPT); AssertIntEQ(XMEMCMP(out, pt128, AES_BLOCK_SIZE), 0); wc_AesFree((Aes*)&aes); #endif #endif /* WOLFSSL_AES_128 */ #ifdef WOLFSSL_AES_192 { /* Test vectors from NIST Special Publication 800-38A, 2001 Edition * Appendix F.2.3 */ byte iv192tmp[AES_BLOCK_SIZE] = {0}; const byte pt192[] = { 0x6b,0xc1,0xbe,0xe2,0x2e,0x40,0x9f,0x96, 0xe9,0x3d,0x7e,0x11,0x73,0x93,0x17,0x2a }; const byte ct192[] = { 0x4f,0x02,0x1d,0xb2,0x43,0xbc,0x63,0x3d, 0x71,0x78,0x18,0x3a,0x9f,0xa0,0x71,0xe8 }; const byte iv192[] = { 0x00,0x01,0x02,0x03,0x04,0x05,0x06,0x07, 0x08,0x09,0x0A,0x0B,0x0C,0x0D,0x0E,0x0F }; byte key192[] = { 0x8e,0x73,0xb0,0xf7,0xda,0x0e,0x64,0x52, 0xc8,0x10,0xf3,0x2b,0x80,0x90,0x79,0xe5, 0x62,0xf8,0xea,0xd2,0x52,0x2c,0x6b,0x7b }; len = sizeof(pt192); /* wolfSSL_AES_cbc_encrypt() 192-bit */ XMEMSET(out, 0, AES_BLOCK_SIZE); RESET_IV(iv192tmp, iv192); AssertIntEQ(wolfSSL_AES_set_encrypt_key(key192, sizeof(key192)*8, &aes), 0); wolfSSL_AES_cbc_encrypt(pt192, out, len, &aes, iv192tmp, AES_ENCRYPT); AssertIntEQ(XMEMCMP(out, ct192, AES_BLOCK_SIZE), 0); wc_AesFree((Aes*)&aes); #ifdef HAVE_AES_DECRYPT /* wolfSSL_AES_cbc_encrypt() 192-bit in decrypt mode */ len = sizeof(ct192); RESET_IV(iv192tmp, iv192); XMEMSET(out, 0, AES_BLOCK_SIZE); AssertIntEQ(wolfSSL_AES_set_decrypt_key(key192, sizeof(key192)*8, &aes), 0); wolfSSL_AES_cbc_encrypt(ct192, out, len, &aes, iv192tmp, AES_DECRYPT); AssertIntEQ(XMEMCMP(out, pt192, AES_BLOCK_SIZE), 0); wc_AesFree((Aes*)&aes); #endif } #endif /* WOLFSSL_AES_192 */ #ifdef WOLFSSL_AES_256 { /* Test vectors from NIST Special Publication 800-38A, 2001 Edition, * Appendix F.2.5 */ byte iv256tmp[AES_BLOCK_SIZE] = {0}; const byte pt256[] = { 0x6b,0xc1,0xbe,0xe2,0x2e,0x40,0x9f,0x96, 0xe9,0x3d,0x7e,0x11,0x73,0x93,0x17,0x2a }; const byte ct256[] = { 0xf5,0x8c,0x4c,0x04,0xd6,0xe5,0xf1,0xba, 0x77,0x9e,0xab,0xfb,0x5f,0x7b,0xfb,0xd6 }; const byte iv256[] = { 0x00,0x01,0x02,0x03,0x04,0x05,0x06,0x07, 0x08,0x09,0x0A,0x0B,0x0C,0x0D,0x0E,0x0F }; byte key256[] = { 0x60,0x3d,0xeb,0x10,0x15,0xca,0x71,0xbe, 0x2b,0x73,0xae,0xf0,0x85,0x7d,0x77,0x81, 0x1f,0x35,0x2c,0x07,0x3b,0x61,0x08,0xd7, 0x2d,0x98,0x10,0xa3,0x09,0x14,0xdf,0xf4 }; len = sizeof(pt256); /* wolfSSL_AES_cbc_encrypt() 256-bit */ XMEMSET(out, 0, AES_BLOCK_SIZE); RESET_IV(iv256tmp, iv256); AssertIntEQ(wolfSSL_AES_set_encrypt_key(key256, sizeof(key256)*8, &aes), 0); wolfSSL_AES_cbc_encrypt(pt256, out, len, &aes, iv256tmp, AES_ENCRYPT); AssertIntEQ(XMEMCMP(out, ct256, AES_BLOCK_SIZE), 0); wc_AesFree((Aes*)&aes); #ifdef HAVE_AES_DECRYPT /* wolfSSL_AES_cbc_encrypt() 256-bit in decrypt mode */ len = sizeof(ct256); RESET_IV(iv256tmp, iv256); XMEMSET(out, 0, AES_BLOCK_SIZE); AssertIntEQ(wolfSSL_AES_set_decrypt_key(key256, sizeof(key256)*8, &aes), 0); wolfSSL_AES_cbc_encrypt(ct256, out, len, &aes, iv256tmp, AES_DECRYPT); AssertIntEQ(XMEMCMP(out, pt256, AES_BLOCK_SIZE), 0); wc_AesFree((Aes*)&aes); #endif #if defined(HAVE_AES_KEYWRAP) && !defined(HAVE_FIPS) && !defined(HAVE_SELFTEST) { byte wrapCipher[sizeof(key256) + KEYWRAP_BLOCK_SIZE] = { 0 }; byte wrapPlain[sizeof(key256)] = { 0 }; byte wrapIV[KEYWRAP_BLOCK_SIZE] = { 0 }; /* wolfSSL_AES_wrap_key() 256-bit NULL iv */ AssertIntEQ(wolfSSL_AES_set_encrypt_key(key256, sizeof(key256)*8, &aes), 0); AssertIntEQ(wolfSSL_AES_wrap_key(&aes, NULL, wrapCipher, key256, 15), WOLFSSL_FAILURE); AssertIntEQ(wolfSSL_AES_wrap_key(&aes, NULL, wrapCipher, key256, sizeof(key256)), sizeof(wrapCipher)); wc_AesFree((Aes*)&aes); /* wolfSSL_AES_unwrap_key() 256-bit NULL iv */ AssertIntEQ(wolfSSL_AES_set_decrypt_key(key256, sizeof(key256)*8, &aes), 0); AssertIntEQ(wolfSSL_AES_unwrap_key(&aes, NULL, wrapPlain, wrapCipher, 23), WOLFSSL_FAILURE); AssertIntEQ(wolfSSL_AES_unwrap_key(&aes, NULL, wrapPlain, wrapCipher, sizeof(wrapCipher)), sizeof(wrapPlain)); AssertIntEQ(XMEMCMP(wrapPlain, key256, sizeof(key256)), 0); XMEMSET(wrapCipher, 0, sizeof(wrapCipher)); XMEMSET(wrapPlain, 0, sizeof(wrapPlain)); wc_AesFree((Aes*)&aes); /* wolfSSL_AES_wrap_key() 256-bit custom iv */ AssertIntEQ(wolfSSL_AES_set_encrypt_key(key256, sizeof(key256)*8, &aes), 0); AssertIntEQ(wolfSSL_AES_wrap_key(&aes, wrapIV, wrapCipher, key256, sizeof(key256)), sizeof(wrapCipher)); wc_AesFree((Aes*)&aes); /* wolfSSL_AES_unwrap_key() 256-bit custom iv */ AssertIntEQ(wolfSSL_AES_set_decrypt_key(key256, sizeof(key256)*8, &aes), 0); AssertIntEQ(wolfSSL_AES_unwrap_key(&aes, wrapIV, wrapPlain, wrapCipher, sizeof(wrapCipher)), sizeof(wrapPlain)); AssertIntEQ(XMEMCMP(wrapPlain, key256, sizeof(key256)), 0); wc_AesFree((Aes*)&aes); } #endif /* HAVE_AES_KEYWRAP */ } #endif /* WOLFSSL_AES_256 */ res = TEST_RES_CHECK(1); #endif return res; } static int test_wolfSSL_CRYPTO_cts128(void) { int res = TEST_SKIPPED; #if !defined(NO_AES) && defined(HAVE_AES_CBC) && defined(OPENSSL_EXTRA) \ && defined(HAVE_CTS) byte tmp[64]; /* Largest vector size */ /* Test vectors taken form RFC3962 Appendix B */ const testVector vects[] = { { "\x49\x20\x77\x6f\x75\x6c\x64\x20\x6c\x69\x6b\x65\x20\x74\x68\x65" "\x20", "\xc6\x35\x35\x68\xf2\xbf\x8c\xb4\xd8\xa5\x80\x36\x2d\xa7\xff\x7f" "\x97", 17, 17 }, { "\x49\x20\x77\x6f\x75\x6c\x64\x20\x6c\x69\x6b\x65\x20\x74\x68\x65" "\x20\x47\x65\x6e\x65\x72\x61\x6c\x20\x47\x61\x75\x27\x73\x20", "\xfc\x00\x78\x3e\x0e\xfd\xb2\xc1\xd4\x45\xd4\xc8\xef\xf7\xed\x22" "\x97\x68\x72\x68\xd6\xec\xcc\xc0\xc0\x7b\x25\xe2\x5e\xcf\xe5", 31, 31 }, { "\x49\x20\x77\x6f\x75\x6c\x64\x20\x6c\x69\x6b\x65\x20\x74\x68\x65" "\x20\x47\x65\x6e\x65\x72\x61\x6c\x20\x47\x61\x75\x27\x73\x20\x43", "\x39\x31\x25\x23\xa7\x86\x62\xd5\xbe\x7f\xcb\xcc\x98\xeb\xf5\xa8" "\x97\x68\x72\x68\xd6\xec\xcc\xc0\xc0\x7b\x25\xe2\x5e\xcf\xe5\x84", 32, 32 }, { "\x49\x20\x77\x6f\x75\x6c\x64\x20\x6c\x69\x6b\x65\x20\x74\x68\x65" "\x20\x47\x65\x6e\x65\x72\x61\x6c\x20\x47\x61\x75\x27\x73\x20\x43" "\x68\x69\x63\x6b\x65\x6e\x2c\x20\x70\x6c\x65\x61\x73\x65\x2c", "\x97\x68\x72\x68\xd6\xec\xcc\xc0\xc0\x7b\x25\xe2\x5e\xcf\xe5\x84" "\xb3\xff\xfd\x94\x0c\x16\xa1\x8c\x1b\x55\x49\xd2\xf8\x38\x02\x9e" "\x39\x31\x25\x23\xa7\x86\x62\xd5\xbe\x7f\xcb\xcc\x98\xeb\xf5", 47, 47 }, { "\x49\x20\x77\x6f\x75\x6c\x64\x20\x6c\x69\x6b\x65\x20\x74\x68\x65" "\x20\x47\x65\x6e\x65\x72\x61\x6c\x20\x47\x61\x75\x27\x73\x20\x43" "\x68\x69\x63\x6b\x65\x6e\x2c\x20\x70\x6c\x65\x61\x73\x65\x2c\x20", "\x97\x68\x72\x68\xd6\xec\xcc\xc0\xc0\x7b\x25\xe2\x5e\xcf\xe5\x84" "\x9d\xad\x8b\xbb\x96\xc4\xcd\xc0\x3b\xc1\x03\xe1\xa1\x94\xbb\xd8" "\x39\x31\x25\x23\xa7\x86\x62\xd5\xbe\x7f\xcb\xcc\x98\xeb\xf5\xa8", 48, 48 }, { "\x49\x20\x77\x6f\x75\x6c\x64\x20\x6c\x69\x6b\x65\x20\x74\x68\x65" "\x20\x47\x65\x6e\x65\x72\x61\x6c\x20\x47\x61\x75\x27\x73\x20\x43" "\x68\x69\x63\x6b\x65\x6e\x2c\x20\x70\x6c\x65\x61\x73\x65\x2c\x20" "\x61\x6e\x64\x20\x77\x6f\x6e\x74\x6f\x6e\x20\x73\x6f\x75\x70\x2e", "\x97\x68\x72\x68\xd6\xec\xcc\xc0\xc0\x7b\x25\xe2\x5e\xcf\xe5\x84" "\x39\x31\x25\x23\xa7\x86\x62\xd5\xbe\x7f\xcb\xcc\x98\xeb\xf5\xa8" "\x48\x07\xef\xe8\x36\xee\x89\xa5\x26\x73\x0d\xbc\x2f\x7b\xc8\x40" "\x9d\xad\x8b\xbb\x96\xc4\xcd\xc0\x3b\xc1\x03\xe1\xa1\x94\xbb\xd8", 64, 64 } }; byte keyBytes[AES_128_KEY_SIZE] = { 0x63, 0x68, 0x69, 0x63, 0x6b, 0x65, 0x6e, 0x20, 0x74, 0x65, 0x72, 0x69, 0x79, 0x61, 0x6b, 0x69 }; size_t i; XMEMSET(tmp, 0, sizeof(tmp)); for (i = 0; i < sizeof(vects)/sizeof(vects[0]); i++) { AES_KEY encKey; AES_KEY decKey; byte iv[AES_IV_SIZE]; /* All-zero IV for all cases */ XMEMSET(iv, 0, sizeof(iv)); AssertIntEQ(AES_set_encrypt_key(keyBytes, AES_128_KEY_SIZE * 8, &encKey), 0); AssertIntEQ(AES_set_decrypt_key(keyBytes, AES_128_KEY_SIZE * 8, &decKey), 0); AssertIntEQ(CRYPTO_cts128_encrypt((const unsigned char*)vects[i].input, tmp, vects[i].inLen, &encKey, iv, (cbc128_f)AES_cbc_encrypt), vects[i].outLen); AssertIntEQ(XMEMCMP(tmp, vects[i].output, vects[i].outLen), 0); XMEMSET(iv, 0, sizeof(iv)); AssertIntEQ(CRYPTO_cts128_decrypt((const unsigned char*)vects[i].output, tmp, vects[i].outLen, &decKey, iv, (cbc128_f)AES_cbc_encrypt), vects[i].inLen); AssertIntEQ(XMEMCMP(tmp, vects[i].input, vects[i].inLen), 0); } res = TEST_RES_CHECK(1); #endif /* !NO_AES && HAVE_AES_CBC && OPENSSL_EXTRA && HAVE_CTS */ return res; } #if defined(OPENSSL_ALL) static int test_wolfSSL_sk_CIPHER_description(void) { int res = TEST_SKIPPED; #if !defined(NO_RSA) const long flags = SSL_OP_NO_SSLv2 | SSL_OP_NO_COMPRESSION; int i,j,k; int numCiphers = 0; const SSL_METHOD *method = NULL; const SSL_CIPHER *cipher = NULL; STACK_OF(SSL_CIPHER) *supportedCiphers = NULL; SSL_CTX *ctx = NULL; SSL *ssl = NULL; char buf[256]; char test_str[9] = "0000000"; const char badStr[] = "unknown"; const char certPath[] = "./certs/client-cert.pem"; XMEMSET(buf, 0, sizeof(buf)); AssertNotNull(method = TLSv1_2_client_method()); AssertNotNull(ctx = SSL_CTX_new(method)); SSL_CTX_set_verify(ctx, SSL_VERIFY_PEER, 0); SSL_CTX_set_verify_depth(ctx, 4); SSL_CTX_set_options(ctx, flags); AssertIntEQ(SSL_CTX_load_verify_locations(ctx, certPath, NULL), WOLFSSL_SUCCESS); AssertNotNull(ssl = SSL_new(ctx)); /* SSL_get_ciphers returns a stack of all configured ciphers * A flag, getCipherAtOffset, is set to later have SSL_CIPHER_description */ AssertNotNull(supportedCiphers = SSL_get_ciphers(ssl)); /* loop through the amount of supportedCiphers */ numCiphers = sk_num(supportedCiphers); for (i = 0; i < numCiphers; ++i) { /* sk_value increments "sk->data.cipher->cipherOffset". * wolfSSL_sk_CIPHER_description sets the description for * the cipher based on the provided offset. */ if ((cipher = (const WOLFSSL_CIPHER*)sk_value(supportedCiphers, i))) { SSL_CIPHER_description(cipher, buf, sizeof(buf)); } /* Search cipher description string for "unknown" descriptor */ for (j = 0; j < (int)XSTRLEN(buf); j++) { k = 0; while ((k < (int)XSTRLEN(badStr)) && (buf[j] == badStr[k])) { test_str[k] = badStr[k]; j++; k++; } } /* Fail if test_str == badStr == "unknown" */ AssertStrNE(test_str,badStr); } SSL_free(ssl); SSL_CTX_free(ctx); res = TEST_RES_CHECK(1); #endif return res; } static int test_wolfSSL_get_ciphers_compat(void) { int res = TEST_SKIPPED; #if !defined(NO_RSA) const SSL_METHOD *method = NULL; const char certPath[] = "./certs/client-cert.pem"; STACK_OF(SSL_CIPHER) *supportedCiphers = NULL; SSL_CTX *ctx = NULL; WOLFSSL *ssl = NULL; const long flags = SSL_OP_NO_SSLv2 | SSL_OP_NO_COMPRESSION; method = SSLv23_client_method(); AssertNotNull(method); ctx = SSL_CTX_new(method); AssertNotNull(ctx); SSL_CTX_set_verify(ctx, SSL_VERIFY_PEER, 0); SSL_CTX_set_verify_depth(ctx, 4); SSL_CTX_set_options(ctx, flags); AssertIntEQ(SSL_CTX_load_verify_locations(ctx, certPath, NULL), WOLFSSL_SUCCESS); AssertNotNull(ssl = SSL_new(ctx)); /* Test Bad NULL input */ AssertNull(supportedCiphers = SSL_get_ciphers(NULL)); /* Test for Good input */ AssertNotNull(supportedCiphers = SSL_get_ciphers(ssl)); /* Further usage of SSL_get_ciphers/wolfSSL_get_ciphers_compat is * tested in test_wolfSSL_sk_CIPHER_description according to Qt usage */ SSL_free(ssl); SSL_CTX_free(ctx); res = TEST_RES_CHECK(1); #endif return res; } static int test_wolfSSL_X509_PUBKEY_get(void) { WOLFSSL_X509_PUBKEY pubkey; WOLFSSL_X509_PUBKEY* key; WOLFSSL_EVP_PKEY evpkey ; WOLFSSL_EVP_PKEY* evpPkey; WOLFSSL_EVP_PKEY* retEvpPkey; XMEMSET(&pubkey, 0, sizeof(WOLFSSL_X509_PUBKEY)); XMEMSET(&evpkey, 0, sizeof(WOLFSSL_EVP_PKEY)); key = &pubkey; evpPkey = &evpkey; evpPkey->type = WOLFSSL_SUCCESS; key->pkey = evpPkey; AssertNotNull(retEvpPkey = wolfSSL_X509_PUBKEY_get(key)); AssertIntEQ(retEvpPkey->type, WOLFSSL_SUCCESS); AssertNull(retEvpPkey = wolfSSL_X509_PUBKEY_get(NULL)); key->pkey = NULL; AssertNull(retEvpPkey = wolfSSL_X509_PUBKEY_get(key)); return TEST_RES_CHECK(retEvpPkey == NULL); } static int test_wolfSSL_EVP_PKEY_set1_get1_DSA(void) { int res = TEST_SKIPPED; #if !defined (NO_DSA) && !defined(HAVE_SELFTEST) && defined(WOLFSSL_KEY_GEN) DSA *dsa = NULL; DSA *setDsa = NULL; EVP_PKEY *pkey = NULL; EVP_PKEY *set1Pkey = NULL; SHA_CTX sha; byte signature[DSA_SIG_SIZE]; byte hash[WC_SHA_DIGEST_SIZE]; word32 bytes; int answer; #ifdef USE_CERT_BUFFERS_1024 const unsigned char* dsaKeyDer = dsa_key_der_1024; int dsaKeySz = sizeof_dsa_key_der_1024; byte tmp[ONEK_BUF]; XMEMSET(tmp, 0, sizeof(tmp)); XMEMCPY(tmp, dsaKeyDer , dsaKeySz); bytes = dsaKeySz; #elif defined(USE_CERT_BUFFERS_2048) const unsigned char* dsaKeyDer = dsa_key_der_2048; int dsaKeySz = sizeof_dsa_key_der_2048; byte tmp[TWOK_BUF]; XMEMSET(tmp, 0, sizeof(tmp)); XMEMCPY(tmp, dsaKeyDer , dsaKeySz); bytes = dsaKeySz; #else byte tmp[TWOK_BUF]; const unsigned char* dsaKeyDer = (const unsigned char*)tmp; int dsaKeySz; XMEMSET(tmp, 0, sizeof(tmp)); XFILE fp = XFOPEN("./certs/dsa2048.der", "rb"); if (fp == XBADFILE) { return WOLFSSL_BAD_FILE; } dsaKeySz = bytes = (word32) XFREAD(tmp, 1, sizeof(tmp), fp); XFCLOSE(fp); #endif /* END USE_CERT_BUFFERS_1024 */ /* Create hash to later Sign and Verify */ AssertIntEQ(SHA1_Init(&sha), WOLFSSL_SUCCESS); AssertIntEQ(SHA1_Update(&sha, tmp, bytes), WOLFSSL_SUCCESS); AssertIntEQ(SHA1_Final(hash,&sha), WOLFSSL_SUCCESS); /* Initialize pkey with der format dsa key */ AssertNotNull(d2i_PrivateKey(EVP_PKEY_DSA, &pkey, &dsaKeyDer, (long)dsaKeySz)); /* Test wolfSSL_EVP_PKEY_get1_DSA */ /* Should Fail: NULL argument */ AssertNull(dsa = EVP_PKEY_get0_DSA(NULL)); AssertNull(dsa = EVP_PKEY_get1_DSA(NULL)); /* Should Pass: Initialized pkey argument */ AssertNotNull(dsa = EVP_PKEY_get0_DSA(pkey)); AssertNotNull(dsa = EVP_PKEY_get1_DSA(pkey)); #ifdef USE_CERT_BUFFERS_1024 AssertIntEQ(DSA_bits(dsa), 1024); #else AssertIntEQ(DSA_bits(dsa), 2048); #endif /* Sign */ AssertIntEQ(wolfSSL_DSA_do_sign(hash, signature, dsa), WOLFSSL_SUCCESS); /* Verify. */ AssertIntEQ(wolfSSL_DSA_do_verify(hash, signature, dsa, &answer), WOLFSSL_SUCCESS); /* Test wolfSSL_EVP_PKEY_set1_DSA */ /* Should Fail: set1Pkey not initialized */ AssertIntNE(EVP_PKEY_set1_DSA(set1Pkey, dsa), WOLFSSL_SUCCESS); /* Initialize set1Pkey */ set1Pkey = EVP_PKEY_new(); /* Should Fail Verify: setDsa not initialized from set1Pkey */ AssertIntNE(wolfSSL_DSA_do_verify(hash,signature,setDsa,&answer), WOLFSSL_SUCCESS); /* Should Pass: set dsa into set1Pkey */ AssertIntEQ(EVP_PKEY_set1_DSA(set1Pkey, dsa), WOLFSSL_SUCCESS); DSA_free(dsa); DSA_free(setDsa); EVP_PKEY_free(pkey); EVP_PKEY_free(set1Pkey); res = TEST_RES_CHECK(1); #endif /* !NO_DSA && !HAVE_SELFTEST && WOLFSSL_KEY_GEN */ return res; } /* END test_EVP_PKEY_set1_get1_DSA */ static int test_wolfSSL_DSA_SIG(void) { int res = TEST_SKIPPED; #if !defined(NO_DSA) && !defined(HAVE_SELFTEST) && defined(WOLFSSL_KEY_GEN) && \ !defined(HAVE_FIPS) DSA *dsa = NULL; DSA *dsa2 = NULL; DSA_SIG *sig = NULL; const BIGNUM *p = NULL; const BIGNUM *q = NULL; const BIGNUM *g = NULL; const BIGNUM *pub = NULL; const BIGNUM *priv = NULL; const byte digest[WC_SHA_DIGEST_SIZE] = {0}; AssertNotNull(dsa = DSA_generate_parameters(2048, NULL, 0, NULL, NULL, NULL, NULL)); DSA_free(dsa); AssertNotNull(dsa = DSA_new()); AssertIntEQ(DSA_generate_parameters_ex(dsa, 2048, NULL, 0, NULL, NULL, NULL), 1); AssertIntEQ(DSA_generate_key(dsa), 1); DSA_get0_pqg(dsa, &p, &q, &g); DSA_get0_key(dsa, &pub, &priv); AssertNotNull(p = BN_dup(p)); AssertNotNull(q = BN_dup(q)); AssertNotNull(g = BN_dup(g)); AssertNotNull(pub = BN_dup(pub)); AssertNotNull(priv = BN_dup(priv)); AssertNotNull(sig = DSA_do_sign(digest, sizeof(digest), dsa)); AssertNotNull(dsa2 = DSA_new()); AssertIntEQ(DSA_set0_pqg(dsa2, (BIGNUM*)p, (BIGNUM*)q, (BIGNUM*)g), 1); AssertIntEQ(DSA_set0_key(dsa2, (BIGNUM*)pub, (BIGNUM*)priv), 1); AssertIntEQ(DSA_do_verify(digest, sizeof(digest), sig, dsa2), 1); DSA_free(dsa); DSA_free(dsa2); DSA_SIG_free(sig); res = TEST_RES_CHECK(1); #endif return res; } static int test_wolfSSL_EVP_PKEY_set1_get1_EC_KEY (void) { int res = TEST_SKIPPED; #ifdef HAVE_ECC WOLFSSL_EC_KEY *ecKey = NULL; WOLFSSL_EC_KEY *ecGet1 = NULL; EVP_PKEY *pkey = NULL; AssertNotNull(ecKey = wolfSSL_EC_KEY_new()); AssertNotNull(pkey = wolfSSL_EVP_PKEY_new()); /* Test wolfSSL_EVP_PKEY_set1_EC_KEY */ AssertIntEQ(wolfSSL_EVP_PKEY_set1_EC_KEY(NULL, ecKey), WOLFSSL_FAILURE); AssertIntEQ(wolfSSL_EVP_PKEY_set1_EC_KEY(pkey, NULL), WOLFSSL_FAILURE); /* Should fail since ecKey is empty */ AssertIntEQ(wolfSSL_EVP_PKEY_set1_EC_KEY(pkey, ecKey), WOLFSSL_FAILURE); AssertIntEQ(wolfSSL_EC_KEY_generate_key(ecKey), 1); AssertIntEQ(wolfSSL_EVP_PKEY_set1_EC_KEY(pkey, ecKey), WOLFSSL_SUCCESS); /* Test wolfSSL_EVP_PKEY_get1_EC_KEY */ AssertNull(wolfSSL_EVP_PKEY_get1_EC_KEY(NULL)); AssertNotNull(ecGet1 = wolfSSL_EVP_PKEY_get1_EC_KEY(pkey)); wolfSSL_EC_KEY_free(ecKey); wolfSSL_EC_KEY_free(ecGet1); EVP_PKEY_free(pkey); res = TEST_RES_CHECK(1); #endif /* HAVE_ECC */ return res; } /* END test_EVP_PKEY_set1_get1_EC_KEY */ static int test_wolfSSL_EVP_PKEY_set1_get1_DH (void) { int res = TEST_SKIPPED; #if defined(OPENSSL_ALL) || defined(WOLFSSL_QT) || defined(WOLFSSL_OPENSSH) #if !defined(HAVE_FIPS) || (defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION>2)) #if !defined(NO_DH) && defined(WOLFSSL_DH_EXTRA) && !defined(NO_FILESYSTEM) DH *dh = NULL; DH *setDh = NULL; EVP_PKEY *pkey = NULL; FILE* f = NULL; unsigned char buf[4096]; const unsigned char* pt = buf; const char* dh2048 = "./certs/dh2048.der"; long len = 0; int code = -1; XMEMSET(buf, 0, sizeof(buf)); f = XFOPEN(dh2048, "rb"); AssertTrue(f != XBADFILE); len = (long)XFREAD(buf, 1, sizeof(buf), f); XFCLOSE(f); /* Load dh2048.der into DH with internal format */ AssertNotNull(setDh = wolfSSL_d2i_DHparams(NULL, &pt, len)); AssertIntEQ(wolfSSL_DH_check(setDh, &code), WOLFSSL_SUCCESS); AssertIntEQ(code, 0); code = -1; pkey = wolfSSL_EVP_PKEY_new(); /* Set DH into PKEY */ AssertIntEQ(wolfSSL_EVP_PKEY_set1_DH(pkey, setDh), WOLFSSL_SUCCESS); /* Get DH from PKEY */ AssertNotNull(dh = wolfSSL_EVP_PKEY_get1_DH(pkey)); AssertIntEQ(wolfSSL_DH_check(dh, &code), WOLFSSL_SUCCESS); AssertIntEQ(code, 0); EVP_PKEY_free(pkey); DH_free(setDh); DH_free(dh); res = TEST_RES_CHECK(1); #endif /* !NO_DH && WOLFSSL_DH_EXTRA && !NO_FILESYSTEM */ #endif /* !HAVE_FIPS || HAVE_FIPS_VERSION > 2 */ #endif /* OPENSSL_ALL || WOLFSSL_QT || WOLFSSL_OPENSSH */ return res; } /* END test_EVP_PKEY_set1_get1_DH */ static int test_wolfSSL_CTX_ctrl(void) { int res = TEST_SKIPPED; #if defined(OPENSSL_EXTRA) && !defined(NO_CERTS) && \ !defined(NO_FILESYSTEM) && !defined(NO_RSA) char caFile[] = "./certs/client-ca.pem"; char clientFile[] = "./certs/client-cert.pem"; SSL_CTX* ctx; X509* x509 = NULL; #if !defined(NO_DH) && !defined(NO_DSA) && !defined(NO_BIO) byte buf[6000]; char file[] = "./certs/dsaparams.pem"; XFILE f; int bytes; BIO* bio; DSA* dsa; DH* dh; #endif #ifdef HAVE_ECC WOLFSSL_EC_KEY* ecKey; #endif AssertNotNull(ctx = SSL_CTX_new(wolfSSLv23_server_method())); x509 = wolfSSL_X509_load_certificate_file(caFile, WOLFSSL_FILETYPE_PEM); AssertNotNull(x509); AssertIntEQ((int)SSL_CTX_add_extra_chain_cert(ctx, x509), WOLFSSL_SUCCESS); x509 = wolfSSL_X509_load_certificate_file(clientFile, WOLFSSL_FILETYPE_PEM); AssertNotNull(x509); #if !defined(NO_DH) && !defined(NO_DSA) && !defined(NO_BIO) /* Initialize DH */ f = XFOPEN(file, "rb"); AssertTrue((f != XBADFILE)); bytes = (int)XFREAD(buf, 1, sizeof(buf), f); XFCLOSE(f); bio = BIO_new_mem_buf((void*)buf, bytes); AssertNotNull(bio); dsa = wolfSSL_PEM_read_bio_DSAparams(bio, NULL, NULL, NULL); AssertNotNull(dsa); dh = wolfSSL_DSA_dup_DH(dsa); AssertNotNull(dh); #endif #ifdef HAVE_ECC /* Initialize WOLFSSL_EC_KEY */ AssertNotNull(ecKey = wolfSSL_EC_KEY_new()); AssertIntEQ(wolfSSL_EC_KEY_generate_key(ecKey),1); #endif #if !defined(HAVE_USER_RSA) && !defined(HAVE_FAST_RSA) /* additional test of getting EVP_PKEY key size from X509 * Do not run with user RSA because wolfSSL_RSA_size is not currently * allowed with user RSA */ { EVP_PKEY* pkey; #if defined(HAVE_ECC) X509* ecX509; #endif /* HAVE_ECC */ AssertNotNull(pkey = X509_get_pubkey(x509)); /* current RSA key is 2048 bit (256 bytes) */ AssertIntEQ(EVP_PKEY_size(pkey), 256); EVP_PKEY_free(pkey); #if defined(HAVE_ECC) #if defined(USE_CERT_BUFFERS_256) AssertNotNull(ecX509 = wolfSSL_X509_load_certificate_buffer( cliecc_cert_der_256, sizeof_cliecc_cert_der_256, SSL_FILETYPE_ASN1)); #else AssertNotNull(ecX509 = wolfSSL_X509_load_certificate_file( cliEccCertFile, SSL_FILETYPE_PEM)); #endif AssertNotNull(pkey = X509_get_pubkey(ecX509)); /* current ECC key is 256 bit (32 bytes) */ AssertIntEQ(EVP_PKEY_size(pkey), 32); X509_free(ecX509); EVP_PKEY_free(pkey); #endif /* HAVE_ECC */ } #endif /* !defined(HAVE_USER_RSA) && !defined(HAVE_FAST_RSA) */ /* Tests should fail with passed in NULL pointer */ AssertIntEQ((int)wolfSSL_CTX_ctrl(ctx,SSL_CTRL_EXTRA_CHAIN_CERT,0,NULL), SSL_FAILURE); #if !defined(NO_DH) && !defined(NO_DSA) AssertIntEQ((int)wolfSSL_CTX_ctrl(ctx,SSL_CTRL_SET_TMP_DH,0,NULL), SSL_FAILURE); #endif #ifdef HAVE_ECC AssertIntEQ((int)wolfSSL_CTX_ctrl(ctx,SSL_CTRL_SET_TMP_ECDH,0,NULL), SSL_FAILURE); #endif /* Test with SSL_CTRL_EXTRA_CHAIN_CERT * wolfSSL_CTX_ctrl should succesffuly call SSL_CTX_add_extra_chain_cert */ AssertIntEQ((int)wolfSSL_CTX_ctrl(ctx,SSL_CTRL_EXTRA_CHAIN_CERT,0,x509), SSL_SUCCESS); /* Test with SSL_CTRL_OPTIONS * wolfSSL_CTX_ctrl should succesffuly call SSL_CTX_set_options */ AssertTrue(wolfSSL_CTX_ctrl(ctx,SSL_CTRL_OPTIONS,SSL_OP_NO_TLSv1,NULL) == SSL_OP_NO_TLSv1); AssertTrue(SSL_CTX_get_options(ctx) == SSL_OP_NO_TLSv1); /* Test with SSL_CTRL_SET_TMP_DH * wolfSSL_CTX_ctrl should succesffuly call wolfSSL_SSL_CTX_set_tmp_dh */ #if !defined(NO_DH) && !defined(NO_DSA) && !defined(NO_BIO) AssertIntEQ((int)wolfSSL_CTX_ctrl(ctx,SSL_CTRL_SET_TMP_DH,0,dh), SSL_SUCCESS); #endif /* Test with SSL_CTRL_SET_TMP_ECDH * wolfSSL_CTX_ctrl should succesffuly call wolfSSL_SSL_CTX_set_tmp_ecdh */ #ifdef HAVE_ECC AssertIntEQ((int)wolfSSL_CTX_ctrl(ctx,SSL_CTRL_SET_TMP_ECDH,0,ecKey), SSL_SUCCESS); #endif #ifdef WOLFSSL_ENCRYPTED_KEYS AssertNull(SSL_CTX_get_default_passwd_cb(ctx)); AssertNull(SSL_CTX_get_default_passwd_cb_userdata(ctx)); #endif /* Test for min/max proto */ #ifndef WOLFSSL_NO_TLS12 AssertIntEQ((int)wolfSSL_CTX_ctrl(ctx, SSL_CTRL_SET_MIN_PROTO_VERSION, 0, NULL), SSL_SUCCESS); AssertIntEQ((int)wolfSSL_CTX_ctrl(ctx, SSL_CTRL_SET_MIN_PROTO_VERSION, TLS1_2_VERSION, NULL), SSL_SUCCESS); AssertIntEQ(wolfSSL_CTX_get_min_proto_version(ctx), TLS1_2_VERSION); #endif #ifdef WOLFSSL_TLS13 AssertIntEQ((int)wolfSSL_CTX_ctrl(ctx, SSL_CTRL_SET_MAX_PROTO_VERSION, 0, NULL), SSL_SUCCESS); AssertIntEQ((int)wolfSSL_CTX_ctrl(ctx, SSL_CTRL_SET_MAX_PROTO_VERSION, TLS1_3_VERSION, NULL), SSL_SUCCESS); AssertIntEQ(wolfSSL_CTX_get_max_proto_version(ctx), TLS1_3_VERSION); #ifndef WOLFSSL_NO_TLS12 AssertIntEQ((int)wolfSSL_CTX_ctrl(ctx, SSL_CTRL_SET_MAX_PROTO_VERSION, TLS1_2_VERSION, NULL), SSL_SUCCESS); AssertIntEQ(wolfSSL_CTX_get_max_proto_version(ctx), TLS1_2_VERSION); #endif #endif /* Cleanup and Pass */ #if !defined(NO_DH) && !defined(NO_DSA) #ifndef NO_BIO BIO_free(bio); DSA_free(dsa); DH_free(dh); #endif #endif #ifdef HAVE_ECC wolfSSL_EC_KEY_free(ecKey); #endif SSL_CTX_free(ctx); res = TEST_RES_CHECK(1); #endif /* defined(OPENSSL_EXTRA) && !defined(NO_CERTS) && \ !defined(NO_FILESYSTEM) && !defined(NO_RSA) */ return res; } static int test_wolfSSL_EVP_PKEY_assign(void) { int res = TEST_SKIPPED; int type; WOLFSSL_EVP_PKEY* pkey; #ifndef NO_RSA WOLFSSL_RSA* rsa; #endif #ifndef NO_DSA WOLFSSL_DSA* dsa; #endif #ifdef HAVE_ECC WOLFSSL_EC_KEY* ecKey; #endif (void)pkey; #ifndef NO_RSA if (res == TEST_SKIPPED || res == TEST_SUCCESS) { type = EVP_PKEY_RSA; AssertNotNull(pkey = wolfSSL_EVP_PKEY_new()); AssertNotNull(rsa = wolfSSL_RSA_new()); AssertIntEQ(wolfSSL_EVP_PKEY_assign(NULL,type,rsa), WOLFSSL_FAILURE); AssertIntEQ(wolfSSL_EVP_PKEY_assign(pkey,type,NULL), WOLFSSL_FAILURE); AssertIntEQ(wolfSSL_EVP_PKEY_assign(pkey,-1,rsa), WOLFSSL_FAILURE); AssertIntEQ(wolfSSL_EVP_PKEY_assign(pkey,type,rsa), WOLFSSL_SUCCESS); wolfSSL_EVP_PKEY_free(pkey); res = TEST_RES_CHECK(1); } #endif /* NO_RSA */ #ifndef NO_DSA if (res == TEST_SKIPPED || res == TEST_SUCCESS) { type = EVP_PKEY_DSA; AssertNotNull(pkey = wolfSSL_EVP_PKEY_new()); AssertNotNull(dsa = wolfSSL_DSA_new()); AssertIntEQ(wolfSSL_EVP_PKEY_assign(NULL,type,dsa), WOLFSSL_FAILURE); AssertIntEQ(wolfSSL_EVP_PKEY_assign(pkey,type,NULL), WOLFSSL_FAILURE); AssertIntEQ(wolfSSL_EVP_PKEY_assign(pkey,-1,dsa), WOLFSSL_FAILURE); AssertIntEQ(wolfSSL_EVP_PKEY_assign(pkey,type,dsa), WOLFSSL_SUCCESS); wolfSSL_EVP_PKEY_free(pkey); res = TEST_RES_CHECK(1); } #endif /* NO_DSA */ #ifdef HAVE_ECC if (res == TEST_SKIPPED || res == TEST_SUCCESS) { type = EVP_PKEY_EC; AssertNotNull(pkey = wolfSSL_EVP_PKEY_new()); AssertNotNull(ecKey = wolfSSL_EC_KEY_new()); AssertIntEQ(wolfSSL_EVP_PKEY_assign(NULL,type,ecKey), WOLFSSL_FAILURE); AssertIntEQ(wolfSSL_EVP_PKEY_assign(pkey,type,NULL), WOLFSSL_FAILURE); AssertIntEQ(wolfSSL_EVP_PKEY_assign(pkey,-1,ecKey), WOLFSSL_FAILURE); AssertIntEQ(wolfSSL_EVP_PKEY_assign(pkey,type,ecKey), WOLFSSL_FAILURE); AssertIntEQ(wolfSSL_EC_KEY_generate_key(ecKey), 1); AssertIntEQ(wolfSSL_EVP_PKEY_assign(pkey,type,ecKey), WOLFSSL_SUCCESS); wolfSSL_EVP_PKEY_free(pkey); res = TEST_RES_CHECK(1); } #endif /* HAVE_ECC */ (void)type; return res; } static int test_wolfSSL_EVP_PKEY_base_id(void) { WOLFSSL_EVP_PKEY* pkey; AssertNotNull(pkey = wolfSSL_EVP_PKEY_new()); AssertIntEQ(wolfSSL_EVP_PKEY_base_id(NULL), NID_undef); AssertIntEQ(wolfSSL_EVP_PKEY_base_id(pkey), EVP_PKEY_RSA); EVP_PKEY_free(pkey); return TEST_RES_CHECK(1); } static int test_wolfSSL_EVP_PKEY_id(void) { WOLFSSL_EVP_PKEY* pkey; AssertNotNull(pkey = wolfSSL_EVP_PKEY_new()); AssertIntEQ(wolfSSL_EVP_PKEY_id(NULL), 0); AssertIntEQ(wolfSSL_EVP_PKEY_id(pkey), EVP_PKEY_RSA); EVP_PKEY_free(pkey); return TEST_RES_CHECK(1); } static int test_wolfSSL_EVP_PKEY_paramgen(void) { int res = TEST_SKIPPED; #if defined(OPENSSL_ALL) && \ !defined(NO_ECC_SECP) && \ /* This last bit is taken from ecc.c. It is the condition that * defines ECC256 */ \ ((!defined(NO_ECC256) || defined(HAVE_ALL_CURVES)) && \ ECC_MIN_KEY_SZ <= 256) EVP_PKEY_CTX* ctx; EVP_PKEY* pkey = NULL; /* Test error conditions. */ AssertIntEQ(EVP_PKEY_paramgen(NULL, &pkey), WOLFSSL_FAILURE); AssertNotNull(ctx = EVP_PKEY_CTX_new_id(EVP_PKEY_EC, NULL)); AssertIntEQ(EVP_PKEY_paramgen(ctx, NULL), WOLFSSL_FAILURE); #ifndef NO_RSA EVP_PKEY_CTX_free(ctx); /* Parameter generation for RSA not supported yet. */ AssertNotNull(ctx = EVP_PKEY_CTX_new_id(EVP_PKEY_RSA, NULL)); AssertIntEQ(EVP_PKEY_paramgen(ctx, &pkey), WOLFSSL_FAILURE); #endif #ifdef HAVE_ECC EVP_PKEY_CTX_free(ctx); AssertNotNull(ctx = EVP_PKEY_CTX_new_id(EVP_PKEY_EC, NULL)); AssertIntEQ(EVP_PKEY_paramgen_init(ctx), WOLFSSL_SUCCESS); AssertIntEQ(EVP_PKEY_CTX_set_ec_paramgen_curve_nid(ctx, NID_X9_62_prime256v1), WOLFSSL_SUCCESS); AssertIntEQ(EVP_PKEY_paramgen(ctx, &pkey), WOLFSSL_SUCCESS); AssertIntEQ(EVP_PKEY_CTX_set_ec_param_enc(ctx, OPENSSL_EC_NAMED_CURVE), WOLFSSL_SUCCESS); AssertIntEQ(EVP_PKEY_keygen_init(ctx), WOLFSSL_SUCCESS); AssertIntEQ(EVP_PKEY_keygen(ctx, &pkey), WOLFSSL_SUCCESS); #endif EVP_PKEY_CTX_free(ctx); EVP_PKEY_free(pkey); res = TEST_RES_CHECK(1); #endif return res; } static int test_wolfSSL_EVP_PKEY_keygen(void) { WOLFSSL_EVP_PKEY* pkey = NULL; EVP_PKEY_CTX* ctx = NULL; #if !defined(NO_DH) && (!defined(HAVE_FIPS) || FIPS_VERSION_GT(2,0)) WOLFSSL_EVP_PKEY* params = NULL; DH* dh = NULL; const BIGNUM* pubkey = NULL; const BIGNUM* privkey = NULL; ASN1_INTEGER* asn1int = NULL; unsigned int length = 0; byte* derBuffer = NULL; #endif AssertNotNull(pkey = wolfSSL_EVP_PKEY_new()); AssertNotNull(ctx = EVP_PKEY_CTX_new(pkey, NULL)); /* Bad cases */ AssertIntEQ(wolfSSL_EVP_PKEY_keygen(NULL, &pkey), BAD_FUNC_ARG); AssertIntEQ(wolfSSL_EVP_PKEY_keygen(ctx, NULL), BAD_FUNC_ARG); AssertIntEQ(wolfSSL_EVP_PKEY_keygen(NULL, NULL), BAD_FUNC_ARG); /* Good case */ AssertIntEQ(wolfSSL_EVP_PKEY_keygen(ctx, &pkey), 0); EVP_PKEY_CTX_free(ctx); EVP_PKEY_free(pkey); pkey = NULL; #if !defined(NO_DH) && (!defined(HAVE_FIPS) || FIPS_VERSION_GT(2,0)) /* Test DH keygen */ { AssertNotNull(params = wolfSSL_EVP_PKEY_new()); AssertNotNull(dh = DH_get_2048_256()); AssertIntEQ(EVP_PKEY_set1_DH(params, dh), WOLFSSL_SUCCESS); AssertNotNull(ctx = EVP_PKEY_CTX_new(params, NULL)); AssertIntEQ(EVP_PKEY_keygen_init(ctx), WOLFSSL_SUCCESS); AssertIntEQ(EVP_PKEY_keygen(ctx, &pkey), WOLFSSL_SUCCESS); DH_free(dh); EVP_PKEY_CTX_free(ctx); EVP_PKEY_free(params); /* try exporting generated key to DER, to verify */ AssertNotNull(dh = EVP_PKEY_get1_DH(pkey)); DH_get0_key(dh, &pubkey, &privkey); AssertNotNull(pubkey); AssertNotNull(privkey); AssertNotNull(asn1int = BN_to_ASN1_INTEGER(pubkey, NULL)); AssertIntGT((length = i2d_ASN1_INTEGER(asn1int, &derBuffer)), 0); ASN1_INTEGER_free(asn1int); DH_free(dh); XFREE(derBuffer, NULL, DYNAMIC_TYPE_TMP_BUFFER); EVP_PKEY_free(pkey); } #endif return TEST_RES_CHECK(1); } static int test_wolfSSL_EVP_PKEY_keygen_init(void) { WOLFSSL_EVP_PKEY* pkey; EVP_PKEY_CTX *ctx; AssertNotNull(pkey = wolfSSL_EVP_PKEY_new()); AssertNotNull(ctx = EVP_PKEY_CTX_new(pkey, NULL)); AssertIntEQ(wolfSSL_EVP_PKEY_keygen_init(ctx), WOLFSSL_SUCCESS); EVP_PKEY_CTX_free(ctx); EVP_PKEY_free(pkey); return TEST_RES_CHECK(1); } static int test_wolfSSL_EVP_PKEY_missing_parameters(void) { int res = TEST_SKIPPED; #if defined(OPENSSL_ALL) && !defined(NO_WOLFSSL_STUB) WOLFSSL_EVP_PKEY* pkey; AssertNotNull(pkey = wolfSSL_EVP_PKEY_new()); AssertIntEQ(wolfSSL_EVP_PKEY_missing_parameters(pkey), 0); EVP_PKEY_free(pkey); res = TEST_RES_CHECK(1); #endif return res; } static int test_wolfSSL_EVP_PKEY_copy_parameters(void) { int res = TEST_SKIPPED; #if defined(OPENSSL_EXTRA) && !defined(NO_DH) && defined(WOLFSSL_KEY_GEN) && \ !defined(HAVE_SELFTEST) && (defined(OPENSSL_ALL) || defined(WOLFSSL_QT) || \ defined(WOLFSSL_OPENSSH)) && defined(WOLFSSL_DH_EXTRA) && \ !defined(NO_FILESYSTEM) WOLFSSL_EVP_PKEY* params = NULL; WOLFSSL_EVP_PKEY* copy = NULL; DH* dh = NULL; BIGNUM* p1; BIGNUM* g1; BIGNUM* q1; BIGNUM* p2; BIGNUM* g2; BIGNUM* q2; /* create DH with DH_get_2048_256 params */ AssertNotNull(params = wolfSSL_EVP_PKEY_new()); AssertNotNull(dh = DH_get_2048_256()); AssertIntEQ(EVP_PKEY_set1_DH(params, dh), WOLFSSL_SUCCESS); DH_get0_pqg(dh, (const BIGNUM**)&p1, (const BIGNUM**)&q1, (const BIGNUM**)&g1); DH_free(dh); /* create DH with random generated DH params */ AssertNotNull(copy = wolfSSL_EVP_PKEY_new()); AssertNotNull(dh = DH_generate_parameters(2048, 2, NULL, NULL)); AssertIntEQ(EVP_PKEY_set1_DH(copy, dh), WOLFSSL_SUCCESS); DH_free(dh); AssertIntEQ(EVP_PKEY_copy_parameters(copy, params), WOLFSSL_SUCCESS); AssertNotNull(dh = EVP_PKEY_get1_DH(copy)); AssertNotNull(dh->p); AssertNotNull(dh->g); AssertNotNull(dh->q); DH_get0_pqg(dh, (const BIGNUM**)&p2, (const BIGNUM**)&q2, (const BIGNUM**)&g2); AssertIntEQ(BN_cmp(p1, p2), 0); AssertIntEQ(BN_cmp(q1, q2), 0); AssertIntEQ(BN_cmp(g1, g2), 0); DH_free(dh); EVP_PKEY_free(copy); EVP_PKEY_free(params); res = TEST_RES_CHECK(1); #endif return res; } static int test_wolfSSL_EVP_PKEY_CTX_set_rsa_keygen_bits(void) { WOLFSSL_EVP_PKEY* pkey; EVP_PKEY_CTX *ctx; int bits = 2048; AssertNotNull(pkey = wolfSSL_EVP_PKEY_new()); AssertNotNull(ctx = EVP_PKEY_CTX_new(pkey, NULL)); AssertIntEQ(wolfSSL_EVP_PKEY_CTX_set_rsa_keygen_bits(ctx, bits), WOLFSSL_SUCCESS); EVP_PKEY_CTX_free(ctx); EVP_PKEY_free(pkey); return TEST_RES_CHECK(1); } static int test_wolfSSL_EVP_CIPHER_CTX_iv_length(void) { /* This is large enough to be used for all key sizes */ byte key[AES_256_KEY_SIZE] = {0}; byte iv[AES_BLOCK_SIZE] = {0}; int i, enumlen; EVP_CIPHER_CTX *ctx; const EVP_CIPHER *init; int enumArray[] = { #ifdef HAVE_AES_CBC NID_aes_128_cbc, #endif #if (!defined(HAVE_FIPS) && !defined(HAVE_SELFTEST)) || \ (defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION > 2)) #ifdef HAVE_AESGCM NID_aes_128_gcm, #endif #endif /* (HAVE_FIPS && !HAVE_SELFTEST) || HAVE_FIPS_VERSION > 2 */ #ifdef WOLFSSL_AES_COUNTER NID_aes_128_ctr, #endif #ifndef NO_DES3 NID_des_cbc, NID_des_ede3_cbc, #endif }; int iv_lengths[] = { #ifdef HAVE_AES_CBC AES_BLOCK_SIZE, #endif #if (!defined(HAVE_FIPS) && !defined(HAVE_SELFTEST)) || \ (defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION > 2)) #ifdef HAVE_AESGCM GCM_NONCE_MID_SZ, #endif #endif /* (HAVE_FIPS && !HAVE_SELFTEST) || HAVE_FIPS_VERSION > 2 */ #ifdef WOLFSSL_AES_COUNTER AES_BLOCK_SIZE, #endif #ifndef NO_DES3 DES_BLOCK_SIZE, DES_BLOCK_SIZE, #endif }; enumlen = (sizeof(enumArray)/sizeof(int)); for (i = 0; i < enumlen; i++) { ctx = EVP_CIPHER_CTX_new(); init = wolfSSL_EVP_get_cipherbynid(enumArray[i]); wolfSSL_EVP_CIPHER_CTX_init(ctx); AssertIntEQ(EVP_CipherInit(ctx, init, key, iv, 1), WOLFSSL_SUCCESS); AssertIntEQ(wolfSSL_EVP_CIPHER_CTX_iv_length(ctx), iv_lengths[i]); EVP_CIPHER_CTX_free(ctx); } return TEST_RES_CHECK(1); } static int test_wolfSSL_EVP_CIPHER_CTX_key_length(void) { int res = TEST_SKIPPED; #if !defined(NO_DES3) byte key[AES_256_KEY_SIZE] = {0}; byte iv[AES_BLOCK_SIZE] = {0}; EVP_CIPHER_CTX *ctx = EVP_CIPHER_CTX_new(); const EVP_CIPHER *init = EVP_des_ede3_cbc(); wolfSSL_EVP_CIPHER_CTX_init(ctx); AssertIntEQ(EVP_CipherInit(ctx, init, key, iv, 1), WOLFSSL_SUCCESS); AssertIntEQ(wolfSSL_EVP_CIPHER_CTX_key_length(ctx), 24); EVP_CIPHER_CTX_free(ctx); res = TEST_RES_CHECK(1); #endif return res; } static int test_wolfSSL_EVP_CIPHER_CTX_set_key_length(void) { int res = TEST_SKIPPED; #if !defined(NO_DES3) byte key[AES_256_KEY_SIZE] = {0}; byte iv[AES_BLOCK_SIZE] = {0}; int keylen; EVP_CIPHER_CTX *ctx = EVP_CIPHER_CTX_new(); const EVP_CIPHER *init = EVP_des_ede3_cbc(); wolfSSL_EVP_CIPHER_CTX_init(ctx); AssertIntEQ(EVP_CipherInit(ctx, init, key, iv, 1), WOLFSSL_SUCCESS); keylen = wolfSSL_EVP_CIPHER_CTX_key_length(ctx); AssertIntEQ(wolfSSL_EVP_CIPHER_CTX_set_key_length(ctx, keylen), WOLFSSL_SUCCESS); EVP_CIPHER_CTX_free(ctx); res = TEST_RES_CHECK(1); #endif return res; } static int test_wolfSSL_EVP_CIPHER_CTX_set_iv(void) { int res = TEST_SKIPPED; #if defined(HAVE_AESGCM) && !defined(NO_DES3) byte key[DES3_KEY_SIZE] = {0}; byte iv[DES_BLOCK_SIZE] = {0}; int ivLen, keyLen; EVP_CIPHER_CTX *ctx = EVP_CIPHER_CTX_new(); const EVP_CIPHER *init = EVP_des_ede3_cbc(); wolfSSL_EVP_CIPHER_CTX_init(ctx); AssertIntEQ(EVP_CipherInit(ctx, init, key, iv, 1), WOLFSSL_SUCCESS); ivLen = wolfSSL_EVP_CIPHER_CTX_iv_length(ctx); keyLen = wolfSSL_EVP_CIPHER_CTX_key_length(ctx); /* Bad cases */ AssertIntEQ(wolfSSL_EVP_CIPHER_CTX_set_iv(NULL, iv, ivLen), WOLFSSL_FAILURE); AssertIntEQ(wolfSSL_EVP_CIPHER_CTX_set_iv(ctx, NULL, ivLen), WOLFSSL_FAILURE); AssertIntEQ(wolfSSL_EVP_CIPHER_CTX_set_iv(ctx, iv, 0), WOLFSSL_FAILURE); AssertIntEQ(wolfSSL_EVP_CIPHER_CTX_set_iv(NULL, NULL, 0), WOLFSSL_FAILURE); AssertIntEQ(wolfSSL_EVP_CIPHER_CTX_set_iv(ctx, iv, keyLen), WOLFSSL_FAILURE); /* Good case */ AssertIntEQ(wolfSSL_EVP_CIPHER_CTX_set_iv(ctx, iv, ivLen), 1); EVP_CIPHER_CTX_free(ctx); res = TEST_RES_CHECK(1); #endif return res; } static int test_wolfSSL_EVP_PKEY_CTX_new_id(void) { WOLFSSL_ENGINE* e = NULL; int id = 0; EVP_PKEY_CTX *ctx; AssertNotNull(ctx = wolfSSL_EVP_PKEY_CTX_new_id(id, e)); EVP_PKEY_CTX_free(ctx); return TEST_RES_CHECK(1); } static int test_wolfSSL_EVP_rc4(void) { int res = TEST_SKIPPED; #if !defined(NO_RC4) res = TEST_RES_CHECK(wolfSSL_EVP_rc4() != NULL); #endif return res; } static int test_wolfSSL_EVP_enc_null(void) { return TEST_RES_CHECK(wolfSSL_EVP_enc_null() != NULL); } static int test_wolfSSL_EVP_rc2_cbc(void) { int res = TEST_SKIPPED; #if defined(WOLFSSL_QT) && !defined(NO_WOLFSSL_STUB) res = TEST_RES_CHECK(wolfSSL_EVP_rc2_cbc() == NULL); #endif return res; } static int test_wolfSSL_EVP_mdc2(void) { int res = TEST_SKIPPED; #if !defined(NO_WOLFSSL_STUB) res = TEST_RES_CHECK(wolfSSL_EVP_mdc2() == NULL); #endif return res; } static int test_wolfSSL_EVP_md4(void) { int res = TEST_SKIPPED; #if !defined(NO_MD4) res = TEST_RES_CHECK(wolfSSL_EVP_md4() != NULL); #endif return res; } static int test_wolfSSL_EVP_aes_256_gcm(void) { int res = TEST_SKIPPED; #ifdef HAVE_AESGCM res = TEST_RES_CHECK(wolfSSL_EVP_aes_256_gcm() != NULL); #endif return res; } static int test_wolfSSL_EVP_aes_192_gcm(void) { int res = TEST_SKIPPED; #ifdef HAVE_AESGCM res = TEST_RES_CHECK(wolfSSL_EVP_aes_192_gcm() != NULL); #endif return res; } static int test_wolfSSL_EVP_aes_256_ccm(void) { int res = TEST_SKIPPED; #ifdef HAVE_AESCCM res = TEST_RES_CHECK(wolfSSL_EVP_aes_256_ccm() != NULL); #endif return res; } static int test_wolfSSL_EVP_aes_192_ccm(void) { int res = TEST_SKIPPED; #ifdef HAVE_AESCCM res = TEST_RES_CHECK(wolfSSL_EVP_aes_192_ccm() != NULL); #endif return res; } static int test_wolfSSL_EVP_aes_128_ccm(void) { int res = TEST_SKIPPED; #ifdef HAVE_AESCCM res = TEST_RES_CHECK(wolfSSL_EVP_aes_128_ccm() != NULL); #endif return res; } static int test_wolfSSL_EVP_ripemd160(void) { int res = TEST_SKIPPED; #if !defined(NO_WOLFSSL_STUB) res = TEST_RES_CHECK(wolfSSL_EVP_ripemd160() == NULL); #endif return res; } static int test_wolfSSL_EVP_get_digestbynid(void) { #ifndef NO_MD5 AssertNotNull(wolfSSL_EVP_get_digestbynid(NID_md5)); #endif #ifndef NO_SHA AssertNotNull(wolfSSL_EVP_get_digestbynid(NID_sha1)); #endif #ifndef NO_SHA256 AssertNotNull(wolfSSL_EVP_get_digestbynid(NID_sha256)); #endif AssertNull(wolfSSL_EVP_get_digestbynid(0)); return TEST_RES_CHECK(1); } static int test_wolfSSL_EVP_MD_nid(void) { #ifndef NO_MD5 AssertIntEQ(EVP_MD_nid(EVP_md5()), NID_md5); #endif #ifndef NO_SHA AssertIntEQ(EVP_MD_nid(EVP_sha1()), NID_sha1); #endif #ifndef NO_SHA256 AssertIntEQ(EVP_MD_nid(EVP_sha256()), NID_sha256); #endif AssertIntEQ(EVP_MD_nid(NULL), NID_undef); return TEST_RES_CHECK(1); } static int test_wolfSSL_EVP_PKEY_get0_EC_KEY(void) { int res = TEST_SKIPPED; #if defined(HAVE_ECC) WOLFSSL_EVP_PKEY* pkey; AssertNotNull(pkey = EVP_PKEY_new()); AssertNull(EVP_PKEY_get0_EC_KEY(pkey)); EVP_PKEY_free(pkey); res = TEST_RES_CHECK(1); #endif return res; } static int test_wolfSSL_EVP_X_STATE(void) { int res = TEST_SKIPPED; #if !defined(NO_DES3) && !defined(NO_RC4) byte key[DES3_KEY_SIZE] = {0}; byte iv[DES_IV_SIZE] = {0}; EVP_CIPHER_CTX *ctx; const EVP_CIPHER *init; /* Bad test cases */ ctx = EVP_CIPHER_CTX_new(); init = EVP_des_ede3_cbc(); wolfSSL_EVP_CIPHER_CTX_init(ctx); AssertIntEQ(EVP_CipherInit(ctx, init, key, iv, 1), WOLFSSL_SUCCESS); AssertNull(wolfSSL_EVP_X_STATE(NULL)); AssertNull(wolfSSL_EVP_X_STATE(ctx)); EVP_CIPHER_CTX_free(ctx); /* Good test case */ ctx = EVP_CIPHER_CTX_new(); init = wolfSSL_EVP_rc4(); wolfSSL_EVP_CIPHER_CTX_init(ctx); AssertIntEQ(EVP_CipherInit(ctx, init, key, iv, 1), WOLFSSL_SUCCESS); AssertNotNull(wolfSSL_EVP_X_STATE(ctx)); EVP_CIPHER_CTX_free(ctx); res = TEST_RES_CHECK(1); #endif return res; } static int test_wolfSSL_EVP_X_STATE_LEN(void) { int res = TEST_SKIPPED; #if !defined(NO_DES3) && !defined(NO_RC4) byte key[DES3_KEY_SIZE] = {0}; byte iv[DES_IV_SIZE] = {0}; EVP_CIPHER_CTX *ctx; const EVP_CIPHER *init; /* Bad test cases */ ctx = EVP_CIPHER_CTX_new(); init = EVP_des_ede3_cbc(); wolfSSL_EVP_CIPHER_CTX_init(ctx); AssertIntEQ(EVP_CipherInit(ctx, init, key, iv, 1), WOLFSSL_SUCCESS); AssertIntEQ(wolfSSL_EVP_X_STATE_LEN(NULL), 0); AssertIntEQ(wolfSSL_EVP_X_STATE_LEN(ctx), 0); EVP_CIPHER_CTX_free(ctx); /* Good test case */ ctx = EVP_CIPHER_CTX_new(); init = wolfSSL_EVP_rc4(); wolfSSL_EVP_CIPHER_CTX_init(ctx); AssertIntEQ(EVP_CipherInit(ctx, init, key, iv, 1), WOLFSSL_SUCCESS); AssertIntEQ(wolfSSL_EVP_X_STATE_LEN(ctx), sizeof(Arc4)); EVP_CIPHER_CTX_free(ctx); res = TEST_RES_CHECK(1); #endif return res; } static int test_wolfSSL_EVP_CIPHER_block_size(void) { int res = TEST_SKIPPED; #ifdef HAVE_AES_CBC if (res == TEST_SKIPPED || res == TEST_SUCCESS) { #ifdef WOLFSSL_AES_128 AssertIntEQ(EVP_CIPHER_block_size(EVP_aes_128_cbc()), AES_BLOCK_SIZE); #endif #ifdef WOLFSSL_AES_192 AssertIntEQ(EVP_CIPHER_block_size(EVP_aes_192_cbc()), AES_BLOCK_SIZE); #endif #ifdef WOLFSSL_AES_256 AssertIntEQ(EVP_CIPHER_block_size(EVP_aes_256_cbc()), AES_BLOCK_SIZE); #endif res = TEST_RES_CHECK(1); } #endif #ifdef HAVE_AESGCM if (res == TEST_SKIPPED || res == TEST_SUCCESS) { #ifdef WOLFSSL_AES_128 AssertIntEQ(EVP_CIPHER_block_size(EVP_aes_128_gcm()), 1); #endif #ifdef WOLFSSL_AES_192 AssertIntEQ(EVP_CIPHER_block_size(EVP_aes_192_gcm()), 1); #endif #ifdef WOLFSSL_AES_256 AssertIntEQ(EVP_CIPHER_block_size(EVP_aes_256_gcm()), 1); #endif res = TEST_RES_CHECK(1); } #endif #ifdef HAVE_AESCCM if (res == TEST_SKIPPED || res == TEST_SUCCESS) { #ifdef WOLFSSL_AES_128 AssertIntEQ(EVP_CIPHER_block_size(EVP_aes_128_ccm()), 1); #endif #ifdef WOLFSSL_AES_192 AssertIntEQ(EVP_CIPHER_block_size(EVP_aes_192_ccm()), 1); #endif #ifdef WOLFSSL_AES_256 AssertIntEQ(EVP_CIPHER_block_size(EVP_aes_256_ccm()), 1); #endif res = TEST_RES_CHECK(1); } #endif #ifdef WOLFSSL_AES_COUNTER if (res == TEST_SKIPPED || res == TEST_SUCCESS) { #ifdef WOLFSSL_AES_128 AssertIntEQ(EVP_CIPHER_block_size(EVP_aes_128_ctr()), 1); #endif #ifdef WOLFSSL_AES_192 AssertIntEQ(EVP_CIPHER_block_size(EVP_aes_192_ctr()), 1); #endif #ifdef WOLFSSL_AES_256 AssertIntEQ(EVP_CIPHER_block_size(EVP_aes_256_ctr()), 1); #endif res = TEST_RES_CHECK(1); } #endif #ifdef HAVE_AES_ECB if (res == TEST_SKIPPED || res == TEST_SUCCESS) { #ifdef WOLFSSL_AES_128 AssertIntEQ(EVP_CIPHER_block_size(EVP_aes_128_ecb()), AES_BLOCK_SIZE); #endif #ifdef WOLFSSL_AES_192 AssertIntEQ(EVP_CIPHER_block_size(EVP_aes_192_ecb()), AES_BLOCK_SIZE); #endif #ifdef WOLFSSL_AES_256 AssertIntEQ(EVP_CIPHER_block_size(EVP_aes_256_ecb()), AES_BLOCK_SIZE); #endif res = TEST_RES_CHECK(1); } #endif #ifdef WOLFSSL_AES_OFB if (res == TEST_SKIPPED || res == TEST_SUCCESS) { #ifdef WOLFSSL_AES_128 AssertIntEQ(EVP_CIPHER_block_size(EVP_aes_128_ofb()), 1); #endif #ifdef WOLFSSL_AES_192 AssertIntEQ(EVP_CIPHER_block_size(EVP_aes_192_ofb()), 1); #endif #ifdef WOLFSSL_AES_256 AssertIntEQ(EVP_CIPHER_block_size(EVP_aes_256_ofb()), 1); #endif res = TEST_RES_CHECK(1); } #endif #ifndef NO_RC4 if (res == TEST_SKIPPED || res == TEST_SUCCESS) { AssertIntEQ(EVP_CIPHER_block_size(wolfSSL_EVP_rc4()), 1); res = TEST_RES_CHECK(1); } #endif #if defined(HAVE_CHACHA) && defined(HAVE_POLY1305) if (res == TEST_SKIPPED || res == TEST_SUCCESS) { AssertIntEQ(EVP_CIPHER_block_size(wolfSSL_EVP_chacha20_poly1305()), 1); res = TEST_RES_CHECK(1); } #endif return res; } static int test_wolfSSL_EVP_CIPHER_iv_length(void) { int i, enumlen; int enumArray[] = { #if defined(HAVE_AES_CBC) || defined(WOLFSSL_AES_DIRECT) #ifdef WOLFSSL_AES_128 NID_aes_128_cbc, #endif #ifdef WOLFSSL_AES_192 NID_aes_192_cbc, #endif #ifdef WOLFSSL_AES_256 NID_aes_256_cbc, #endif #endif /* HAVE_AES_CBC || WOLFSSL_AES_DIRECT */ #if (!defined(HAVE_FIPS) && !defined(HAVE_SELFTEST)) || \ (defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION > 2)) #ifdef HAVE_AESGCM #ifdef WOLFSSL_AES_128 NID_aes_128_gcm, #endif #ifdef WOLFSSL_AES_192 NID_aes_192_gcm, #endif #ifdef WOLFSSL_AES_256 NID_aes_256_gcm, #endif #endif /* HAVE_AESGCM */ #endif /* (HAVE_FIPS && !HAVE_SELFTEST) || HAVE_FIPS_VERSION > 2 */ #ifdef WOLFSSL_AES_COUNTER #ifdef WOLFSSL_AES_128 NID_aes_128_ctr, #endif #ifdef WOLFSSL_AES_192 NID_aes_192_ctr, #endif #ifdef WOLFSSL_AES_256 NID_aes_256_ctr, #endif #endif #ifndef NO_DES3 NID_des_cbc, NID_des_ede3_cbc, #endif #if defined(HAVE_CHACHA) && defined(HAVE_POLY1305) NID_chacha20_poly1305, #endif }; int iv_lengths[] = { #if defined(HAVE_AES_CBC) || defined(WOLFSSL_AES_DIRECT) #ifdef WOLFSSL_AES_128 AES_BLOCK_SIZE, #endif #ifdef WOLFSSL_AES_192 AES_BLOCK_SIZE, #endif #ifdef WOLFSSL_AES_256 AES_BLOCK_SIZE, #endif #endif /* HAVE_AES_CBC || WOLFSSL_AES_DIRECT */ #if (!defined(HAVE_FIPS) && !defined(HAVE_SELFTEST)) || \ (defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION > 2)) #ifdef HAVE_AESGCM #ifdef WOLFSSL_AES_128 GCM_NONCE_MID_SZ, #endif #ifdef WOLFSSL_AES_192 GCM_NONCE_MID_SZ, #endif #ifdef WOLFSSL_AES_256 GCM_NONCE_MID_SZ, #endif #endif /* HAVE_AESGCM */ #endif /* (HAVE_FIPS && !HAVE_SELFTEST) || HAVE_FIPS_VERSION > 2 */ #ifdef WOLFSSL_AES_COUNTER #ifdef WOLFSSL_AES_128 AES_BLOCK_SIZE, #endif #ifdef WOLFSSL_AES_192 AES_BLOCK_SIZE, #endif #ifdef WOLFSSL_AES_256 AES_BLOCK_SIZE, #endif #endif #ifndef NO_DES3 DES_BLOCK_SIZE, DES_BLOCK_SIZE, #endif #if defined(HAVE_CHACHA) && defined(HAVE_POLY1305) CHACHA20_POLY1305_AEAD_IV_SIZE, #endif }; enumlen = (sizeof(enumArray)/sizeof(int)); for (i = 0; i < enumlen; i++) { const EVP_CIPHER *c = EVP_get_cipherbynid(enumArray[i]); AssertIntEQ(EVP_CIPHER_iv_length(c), iv_lengths[i]); } return TEST_RES_CHECK(1); } static int test_wolfSSL_EVP_SignInit_ex(void) { WOLFSSL_EVP_MD_CTX mdCtx; WOLFSSL_ENGINE* e = 0; const EVP_MD* md; md = "SHA256"; wolfSSL_EVP_MD_CTX_init(&mdCtx); AssertIntEQ(wolfSSL_EVP_SignInit_ex(&mdCtx, md, e), WOLFSSL_SUCCESS); AssertIntEQ(wolfSSL_EVP_MD_CTX_cleanup(&mdCtx), 1); return TEST_RES_CHECK(1); } static int test_wolfSSL_EVP_DigestFinal_ex(void) { int res = TEST_SKIPPED; #if !defined(NO_SHA256) WOLFSSL_EVP_MD_CTX mdCtx; unsigned int s = 0; unsigned char md[WC_SHA256_DIGEST_SIZE]; unsigned char md2[WC_SHA256_DIGEST_SIZE]; /* Bad Case */ #if !defined(HAVE_FIPS) || (defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION > 2)) wolfSSL_EVP_MD_CTX_init(&mdCtx); AssertIntEQ(wolfSSL_EVP_DigestFinal_ex(&mdCtx, md, &s), 0); AssertIntEQ(wolfSSL_EVP_MD_CTX_cleanup(&mdCtx), 1); #else wolfSSL_EVP_MD_CTX_init(&mdCtx); AssertIntEQ(wolfSSL_EVP_DigestFinal_ex(&mdCtx, md, &s), WOLFSSL_SUCCESS); AssertIntEQ(wolfSSL_EVP_MD_CTX_cleanup(&mdCtx), WOLFSSL_SUCCESS); #endif /* Good Case */ wolfSSL_EVP_MD_CTX_init(&mdCtx); AssertIntEQ(wolfSSL_EVP_DigestInit(&mdCtx, "SHA256"), WOLFSSL_SUCCESS); AssertIntEQ(wolfSSL_EVP_DigestFinal_ex(&mdCtx, md2, &s), WOLFSSL_SUCCESS); AssertIntEQ(wolfSSL_EVP_MD_CTX_cleanup(&mdCtx), WOLFSSL_SUCCESS); res = TEST_RES_CHECK(1); #endif return res; } static int test_wolfSSL_EVP_PKEY_assign_DH(void) { int res = TEST_SKIPPED; #if !defined(NO_DH) && \ !defined(HAVE_FIPS) || (defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION > 2)) FILE* f = NULL; unsigned char buf[4096]; const unsigned char* pt = buf; const char* params1 = "./certs/dh2048.der"; long len = 0; WOLFSSL_DH* dh = NULL; WOLFSSL_EVP_PKEY* pkey; XMEMSET(buf, 0, sizeof(buf)); f = XFOPEN(params1, "rb"); AssertTrue(f != XBADFILE); len = (long)XFREAD(buf, 1, sizeof(buf), f); XFCLOSE(f); AssertNotNull(dh = wolfSSL_d2i_DHparams(NULL, &pt, len)); AssertIntEQ(DH_generate_key(dh), WOLFSSL_SUCCESS); AssertNotNull(pkey = wolfSSL_EVP_PKEY_new()); /* Bad cases */ AssertIntEQ(wolfSSL_EVP_PKEY_assign_DH(NULL, dh), WOLFSSL_FAILURE); AssertIntEQ(wolfSSL_EVP_PKEY_assign_DH(pkey, NULL), WOLFSSL_FAILURE); AssertIntEQ(wolfSSL_EVP_PKEY_assign_DH(NULL, NULL), WOLFSSL_FAILURE); /* Good case */ AssertIntEQ(wolfSSL_EVP_PKEY_assign_DH(pkey, dh), WOLFSSL_SUCCESS); EVP_PKEY_free(pkey); res = TEST_RES_CHECK(1); #endif return res; } static int test_wolfSSL_QT_EVP_PKEY_CTX_free(void) { int res = TEST_SKIPPED; #if defined(OPENSSL_EXTRA) EVP_PKEY* pkey; EVP_PKEY_CTX* ctx; AssertNotNull(pkey = wolfSSL_EVP_PKEY_new()); AssertNotNull(ctx = EVP_PKEY_CTX_new(pkey, NULL)); #if defined(OPENSSL_VERSION_NUMBER) && OPENSSL_VERSION_NUMBER >= 0x10100000L /* void */ EVP_PKEY_CTX_free(ctx); AssertTrue(1); #else /* int */ AssertIntEQ(EVP_PKEY_CTX_free(ctx), WOLFSSL_SUCCESS); #endif EVP_PKEY_free(pkey); res = TEST_RES_CHECK(1); #endif return res; } static int test_wolfSSL_EVP_PKEY_param_check(void) { int res = TEST_SKIPPED; #if defined(OPENSSL_ALL) || defined(WOLFSSL_QT) #if !defined(NO_DH) && defined(WOLFSSL_DH_EXTRA) && !defined(NO_FILESYSTEM) DH *dh = NULL; DH *setDh = NULL; EVP_PKEY *pkey = NULL; EVP_PKEY_CTX* ctx = NULL; FILE* f = NULL; unsigned char buf[512]; const unsigned char* pt = buf; const char* dh2048 = "./certs/dh2048.der"; long len = 0; int code = -1; XMEMSET(buf, 0, sizeof(buf)); f = XFOPEN(dh2048, "rb"); AssertTrue(f != XBADFILE); len = (long)XFREAD(buf, 1, sizeof(buf), f); XFCLOSE(f); /* Load dh2048.der into DH with internal format */ AssertNotNull(setDh = d2i_DHparams(NULL, &pt, len)); AssertIntEQ(DH_check(setDh, &code), WOLFSSL_SUCCESS); AssertIntEQ(code, 0); code = -1; pkey = wolfSSL_EVP_PKEY_new(); /* Set DH into PKEY */ AssertIntEQ(EVP_PKEY_set1_DH(pkey, setDh), WOLFSSL_SUCCESS); /* create ctx from pkey */ AssertNotNull(ctx = EVP_PKEY_CTX_new(pkey, NULL)); AssertIntEQ(EVP_PKEY_param_check(ctx), 1/* valid */); /* */ /* TO DO invlaid case */ /* */ EVP_PKEY_CTX_free(ctx); EVP_PKEY_free(pkey); DH_free(setDh); DH_free(dh); res = TEST_RES_CHECK(1); #endif #endif return res; } static int test_wolfSSL_EVP_BytesToKey(void) { int res = TEST_SKIPPED; #if !defined(NO_AES) && defined(HAVE_AES_CBC) byte key[AES_BLOCK_SIZE] = {0}; byte iv[AES_BLOCK_SIZE] = {0}; int sz = 5; int count = 0; const EVP_MD* md = "SHA256"; const EVP_CIPHER *type; const unsigned char *salt = (unsigned char *)"salt1234"; const byte data[] = { 0x48,0x65,0x6c,0x6c,0x6f,0x20,0x57,0x6f, 0x72,0x6c,0x64 }; type = wolfSSL_EVP_get_cipherbynid(NID_aes_128_cbc); /* Bad cases */ AssertIntEQ(EVP_BytesToKey(NULL, md, salt, data, sz, count, key, iv), 0); AssertIntEQ(EVP_BytesToKey(type, md, salt, NULL, sz, count, key, iv), 16); md = "2"; AssertIntEQ(EVP_BytesToKey(type, md, salt, data, sz, count, key, iv), WOLFSSL_FAILURE); /* Good case */ md = "SHA256"; AssertIntEQ(EVP_BytesToKey(type, md, salt, data, sz, count, key, iv), 16); res = TEST_RES_CHECK(1); #endif return res; } static int test_evp_cipher_aes_gcm(void) { int res = TEST_SKIPPED; #if defined(HAVE_AESGCM) && ((!defined(HAVE_FIPS) && \ !defined(HAVE_SELFTEST)) || (defined(HAVE_FIPS_VERSION) && \ (HAVE_FIPS_VERSION >= 2))) /* * This test checks data at various points in the encrypt/decrypt process * against known values produced using the same test with OpenSSL. This * interop testing is critical for verifying the correctness of our * EVP_Cipher implementation with AES-GCM. Specifically, this test exercises * a flow supported by OpenSSL that uses the control command * EVP_CTRL_GCM_IV_GEN to increment the IV between cipher operations without * the need to call EVP_CipherInit. OpenSSH uses this flow, for example. We * had a bug with OpenSSH where wolfSSL OpenSSH servers could only talk to * wolfSSL OpenSSH clients because there was a bug in this flow that * happened to "cancel out" if both sides of the connection had the bug. */ enum { NUM_ENCRYPTIONS = 3, AAD_SIZE = 4 }; byte plainText1[] = { 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f, 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17, 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f, 0x20, 0x21, 0x22, 0x23 }; byte plainText2[] = { 0x42, 0x49, 0x3b, 0x27, 0x03, 0x35, 0x59, 0x14, 0x41, 0x47, 0x37, 0x14, 0x0e, 0x34, 0x0d, 0x28, 0x63, 0x09, 0x0a, 0x5b, 0x22, 0x57, 0x42, 0x22, 0x0f, 0x5c, 0x1e, 0x53, 0x45, 0x15, 0x62, 0x08, 0x60, 0x43, 0x50, 0x2c }; byte plainText3[] = { 0x36, 0x0d, 0x2b, 0x09, 0x4a, 0x56, 0x3b, 0x4c, 0x21, 0x22, 0x58, 0x0e, 0x5b, 0x57, 0x10 }; byte* plainTexts[NUM_ENCRYPTIONS] = { plainText1, plainText2, plainText3 }; const int plainTextSzs[NUM_ENCRYPTIONS] = { sizeof(plainText1), sizeof(plainText2), sizeof(plainText3) }; byte aad1[AAD_SIZE] = { 0x00, 0x00, 0x00, 0x01 }; byte aad2[AAD_SIZE] = { 0x00, 0x00, 0x00, 0x10 }; byte aad3[AAD_SIZE] = { 0x00, 0x00, 0x01, 0x00 }; byte* aads[NUM_ENCRYPTIONS] = { aad1, aad2, aad3 }; const byte iv[GCM_NONCE_MID_SZ] = { 0xDE, 0xAD, 0xBE, 0xEF, 0xDE, 0xAD, 0xBE, 0xEF, 0xDE, 0xAD, 0xBE, 0xEF }; byte currentIv[GCM_NONCE_MID_SZ]; const byte key[] = { 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17, 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f, 0x20, 0x21, 0x22, 0x23, 0x24, 0x25, 0x26, 0x27, 0x28, 0x29, 0x2a, 0x2b, 0x2c, 0x2d, 0x2e, 0x2f }; const byte expIvs[NUM_ENCRYPTIONS][GCM_NONCE_MID_SZ] = { { 0xDE, 0xAD, 0xBE, 0xEF, 0xDE, 0xAD, 0xBE, 0xEF, 0xDE, 0xAD, 0xBE, 0xEF }, { 0xDE, 0xAD, 0xBE, 0xEF, 0xDE, 0xAD, 0xBE, 0xEF, 0xDE, 0xAD, 0xBE, 0xF0 }, { 0xDE, 0xAD, 0xBE, 0xEF, 0xDE, 0xAD, 0xBE, 0xEF, 0xDE, 0xAD, 0xBE, 0xF1 } }; const byte expTags[NUM_ENCRYPTIONS][AES_BLOCK_SIZE] = { { 0x65, 0x4F, 0xF7, 0xA0, 0xBB, 0x7B, 0x90, 0xB7, 0x9C, 0xC8, 0x14, 0x3D, 0x32, 0x18, 0x34, 0xA9 }, { 0x50, 0x3A, 0x13, 0x8D, 0x91, 0x1D, 0xEC, 0xBB, 0xBA, 0x5B, 0x57, 0xA2, 0xFD, 0x2D, 0x6B, 0x7F }, { 0x3B, 0xED, 0x18, 0x9C, 0xB3, 0xE3, 0x61, 0x1E, 0x11, 0xEB, 0x13, 0x5B, 0xEC, 0x52, 0x49, 0x32, } }; const byte expCipherText1[] = { 0xCB, 0x93, 0x4F, 0xC8, 0x22, 0xE2, 0xC0, 0x35, 0xAA, 0x6B, 0x41, 0x15, 0x17, 0x30, 0x2F, 0x97, 0x20, 0x74, 0x39, 0x28, 0xF8, 0xEB, 0xC5, 0x51, 0x7B, 0xD9, 0x8A, 0x36, 0xB8, 0xDA, 0x24, 0x80, 0xE7, 0x9E, 0x09, 0xDE }; const byte expCipherText2[] = { 0xF9, 0x32, 0xE1, 0x87, 0x37, 0x0F, 0x04, 0xC1, 0xB5, 0x59, 0xF0, 0x45, 0x3A, 0x0D, 0xA0, 0x26, 0xFF, 0xA6, 0x8D, 0x38, 0xFE, 0xB8, 0xE5, 0xC2, 0x2A, 0x98, 0x4A, 0x54, 0x8F, 0x1F, 0xD6, 0x13, 0x03, 0xB2, 0x1B, 0xC0 }; const byte expCipherText3[] = { 0xD0, 0x37, 0x59, 0x1C, 0x2F, 0x85, 0x39, 0x4D, 0xED, 0xC2, 0x32, 0x5B, 0x80, 0x5E, 0x6B, }; const byte* expCipherTexts[NUM_ENCRYPTIONS] = { expCipherText1, expCipherText2, expCipherText3 }; byte* cipherText; byte* calcPlainText; byte tag[AES_BLOCK_SIZE]; EVP_CIPHER_CTX* encCtx = NULL; EVP_CIPHER_CTX* decCtx = NULL; int i, j, outl; /****************************************************/ for (i = 0; i < 3; ++i) { AssertNotNull(encCtx = EVP_CIPHER_CTX_new()); AssertNotNull(decCtx = EVP_CIPHER_CTX_new()); /* First iteration, set key before IV. */ if (i == 0) { AssertIntEQ(EVP_CipherInit(encCtx, EVP_aes_256_gcm(), key, NULL, 1), SSL_SUCCESS); /* * The call to EVP_CipherInit below (with NULL key) should clear the * authIvGenEnable flag set by EVP_CTRL_GCM_SET_IV_FIXED. As such, a * subsequent EVP_CTRL_GCM_IV_GEN should fail. This matches OpenSSL * behavior. */ AssertIntEQ(EVP_CIPHER_CTX_ctrl(encCtx, EVP_CTRL_GCM_SET_IV_FIXED, -1, (void*)iv), SSL_SUCCESS); AssertIntEQ(EVP_CipherInit(encCtx, NULL, NULL, iv, 1), SSL_SUCCESS); AssertIntEQ(EVP_CIPHER_CTX_ctrl(encCtx, EVP_CTRL_GCM_IV_GEN, -1, currentIv), SSL_FAILURE); AssertIntEQ(EVP_CipherInit(decCtx, EVP_aes_256_gcm(), key, NULL, 0), SSL_SUCCESS); AssertIntEQ(EVP_CipherInit(decCtx, NULL, NULL, iv, 0), SSL_SUCCESS); } /* Second iteration, IV before key. */ else { AssertIntEQ(EVP_CipherInit(encCtx, EVP_aes_256_gcm(), NULL, iv, 1), SSL_SUCCESS); AssertIntEQ(EVP_CipherInit(encCtx, NULL, key, NULL, 1), SSL_SUCCESS); AssertIntEQ(EVP_CipherInit(decCtx, EVP_aes_256_gcm(), NULL, iv, 0), SSL_SUCCESS); AssertIntEQ(EVP_CipherInit(decCtx, NULL, key, NULL, 0), SSL_SUCCESS); } /* * EVP_CTRL_GCM_IV_GEN should fail if EVP_CTRL_GCM_SET_IV_FIXED hasn't * been issued first. */ AssertIntEQ(EVP_CIPHER_CTX_ctrl(encCtx, EVP_CTRL_GCM_IV_GEN, -1, currentIv), SSL_FAILURE); AssertIntEQ(EVP_CIPHER_CTX_ctrl(encCtx, EVP_CTRL_GCM_SET_IV_FIXED, -1, (void*)iv), SSL_SUCCESS); AssertIntEQ(EVP_CIPHER_CTX_ctrl(decCtx, EVP_CTRL_GCM_SET_IV_FIXED, -1, (void*)iv), SSL_SUCCESS); for (j = 0; j < NUM_ENCRYPTIONS; ++j) { /*************** Encrypt ***************/ AssertIntEQ(EVP_CIPHER_CTX_ctrl(encCtx, EVP_CTRL_GCM_IV_GEN, -1, currentIv), SSL_SUCCESS); /* Check current IV against expected. */ AssertIntEQ(XMEMCMP(currentIv, expIvs[j], GCM_NONCE_MID_SZ), 0); /* Add AAD. */ if (i == 2) { /* Test streaming API. */ AssertIntEQ(EVP_CipherUpdate(encCtx, NULL, &outl, aads[j], AAD_SIZE), SSL_SUCCESS); } else { AssertIntEQ(EVP_Cipher(encCtx, NULL, aads[j], AAD_SIZE), AAD_SIZE); } AssertNotNull(cipherText = (byte*)XMALLOC(plainTextSzs[j], NULL, DYNAMIC_TYPE_TMP_BUFFER)); /* Encrypt plaintext. */ if (i == 2) { AssertIntEQ(EVP_CipherUpdate(encCtx, cipherText, &outl, plainTexts[j], plainTextSzs[j]), SSL_SUCCESS); } else { AssertIntEQ(EVP_Cipher(encCtx, cipherText, plainTexts[j], plainTextSzs[j]), plainTextSzs[j]); } if (i == 2) { AssertIntEQ(EVP_CipherFinal(encCtx, cipherText, &outl), SSL_SUCCESS); } else { /* * Calling EVP_Cipher with NULL input and output for AES-GCM is * akin to calling EVP_CipherFinal. */ AssertIntGE(EVP_Cipher(encCtx, NULL, NULL, 0), 0); } /* Check ciphertext against expected. */ AssertIntEQ(XMEMCMP(cipherText, expCipherTexts[j], plainTextSzs[j]), 0); /* Get and check tag against expected. */ AssertIntEQ(EVP_CIPHER_CTX_ctrl(encCtx, EVP_CTRL_GCM_GET_TAG, sizeof(tag), tag), SSL_SUCCESS); AssertIntEQ(XMEMCMP(tag, expTags[j], sizeof(tag)), 0); /*************** Decrypt ***************/ AssertIntEQ(EVP_CIPHER_CTX_ctrl(decCtx, EVP_CTRL_GCM_IV_GEN, -1, currentIv), SSL_SUCCESS); /* Check current IV against expected. */ AssertIntEQ(XMEMCMP(currentIv, expIvs[j], GCM_NONCE_MID_SZ), 0); /* Add AAD. */ if (i == 2) { /* Test streaming API. */ AssertIntEQ(EVP_CipherUpdate(decCtx, NULL, &outl, aads[j], AAD_SIZE), SSL_SUCCESS); } else { AssertIntEQ(EVP_Cipher(decCtx, NULL, aads[j], AAD_SIZE), AAD_SIZE); } /* Set expected tag. */ AssertIntEQ(EVP_CIPHER_CTX_ctrl(decCtx, EVP_CTRL_GCM_SET_TAG, sizeof(tag), tag), SSL_SUCCESS); /* Decrypt ciphertext. */ AssertNotNull(calcPlainText = (byte*)XMALLOC(plainTextSzs[j], NULL, DYNAMIC_TYPE_TMP_BUFFER)); if (i == 2) { AssertIntEQ(EVP_CipherUpdate(decCtx, calcPlainText, &outl, cipherText, plainTextSzs[j]), SSL_SUCCESS); } else { /* This first EVP_Cipher call will check the tag, too. */ AssertIntEQ(EVP_Cipher(decCtx, calcPlainText, cipherText, plainTextSzs[j]), plainTextSzs[j]); } if (i == 2) { AssertIntEQ(EVP_CipherFinal(decCtx, calcPlainText, &outl), SSL_SUCCESS); } else { AssertIntGE(EVP_Cipher(decCtx, NULL, NULL, 0), 0); } /* Check plaintext against expected. */ AssertIntEQ(XMEMCMP(calcPlainText, plainTexts[j], plainTextSzs[j]), 0); XFREE(cipherText, NULL, DYNAMIC_TYPE_TMP_BUFFER); XFREE(calcPlainText, NULL, DYNAMIC_TYPE_TMP_BUFFER); } EVP_CIPHER_CTX_free(encCtx); EVP_CIPHER_CTX_free(decCtx); } res = TEST_RES_CHECK(1); #endif return res; } static int test_wolfSSL_OBJ_ln(void) { const int nid_set[] = { NID_commonName, NID_serialNumber, NID_countryName, NID_localityName, NID_stateOrProvinceName, NID_organizationName, NID_organizationalUnitName, NID_domainComponent, NID_businessCategory, NID_jurisdictionCountryName, NID_jurisdictionStateOrProvinceName, NID_emailAddress }; const char* ln_set[] = { "commonName", "serialNumber", "countryName", "localityName", "stateOrProvinceName", "organizationName", "organizationalUnitName", "domainComponent", "businessCategory", "jurisdictionCountryName", "jurisdictionStateOrProvinceName", "emailAddress", }; size_t i = 0, maxIdx = sizeof(ln_set)/sizeof(char*); AssertIntEQ(OBJ_ln2nid(NULL), NID_undef); #ifdef HAVE_ECC #if !defined(HAVE_FIPS) || (defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION>2)) { EC_builtin_curve r[27]; size_t nCurves = sizeof(r) / sizeof(r[0]); nCurves = EC_get_builtin_curves(r,nCurves); for (i = 0; i < nCurves; i++) { /* skip ECC_CURVE_INVALID */ if (r[i].nid != ECC_CURVE_INVALID) { AssertIntEQ(OBJ_ln2nid(r[i].comment), r[i].nid); AssertStrEQ(OBJ_nid2ln(r[i].nid), r[i].comment); } } } #endif #endif for (i = 0; i < maxIdx; i++) { AssertIntEQ(OBJ_ln2nid(ln_set[i]), nid_set[i]); AssertStrEQ(OBJ_nid2ln(nid_set[i]), ln_set[i]); } return TEST_RES_CHECK(1); } static int test_wolfSSL_OBJ_sn(void) { int i = 0, maxIdx = 7; const int nid_set[] = {NID_commonName,NID_countryName,NID_localityName, NID_stateOrProvinceName,NID_organizationName, NID_organizationalUnitName,NID_emailAddress}; const char* sn_open_set[] = {"CN","C","L","ST","O","OU","emailAddress"}; const char* sn_wolf_set[] = {WOLFSSL_COMMON_NAME,WOLFSSL_COUNTRY_NAME, WOLFSSL_LOCALITY_NAME, WOLFSSL_STATE_NAME, WOLFSSL_ORG_NAME, WOLFSSL_ORGUNIT_NAME, WOLFSSL_EMAIL_ADDR}; AssertIntEQ(wolfSSL_OBJ_sn2nid(NULL), NID_undef); for (i = 0; i < maxIdx; i++) { AssertIntEQ(wolfSSL_OBJ_sn2nid(sn_wolf_set[i]), nid_set[i]); AssertStrEQ(wolfSSL_OBJ_nid2sn(nid_set[i]), sn_open_set[i]); } return TEST_RES_CHECK(1); } #if !defined(NO_BIO) static unsigned long TXT_DB_hash(const WOLFSSL_STRING *s) { return lh_strhash(s[3]); } static int TXT_DB_cmp(const WOLFSSL_STRING *a, const WOLFSSL_STRING *b) { return XSTRCMP(a[3], b[3]); } #endif static int test_wolfSSL_TXT_DB(void) { int res = TEST_SKIPPED; #if !defined(NO_FILESYSTEM) && !defined(NO_BIO) BIO *bio; TXT_DB *db = NULL; const int columns = 6; const char *fields[6] = { "V", "320926161116Z", "", "12BD", "unknown", "/CN=rsa doe", }; char** fields_copy; /* Test read */ AssertNotNull(bio = BIO_new(BIO_s_file())); AssertIntGT(BIO_read_filename(bio, "./tests/TXT_DB.txt"), 0); AssertNotNull(db = TXT_DB_read(bio, columns)); AssertNotNull(fields_copy = (char**)XMALLOC(sizeof(fields), NULL, DYNAMIC_TYPE_OPENSSL)); XMEMCPY(fields_copy, fields, sizeof(fields)); AssertIntEQ(TXT_DB_insert(db, fields_copy), 1); BIO_free(bio); /* Test write */ AssertNotNull(bio = BIO_new(BIO_s_mem())); AssertIntEQ(TXT_DB_write(bio, db), 1484); BIO_free(bio); /* Test index */ AssertIntEQ(TXT_DB_create_index(db, 3, NULL, (wolf_sk_hash_cb)TXT_DB_hash, (wolf_lh_compare_cb)TXT_DB_cmp), 1); AssertNotNull(TXT_DB_get_by_index(db, 3, (WOLFSSL_STRING*)fields)); fields[3] = "12DA"; AssertNotNull(TXT_DB_get_by_index(db, 3, (WOLFSSL_STRING*)fields)); fields[3] = "FFFF"; AssertNull(TXT_DB_get_by_index(db, 3, (WOLFSSL_STRING*)fields)); fields[3] = ""; AssertNull(TXT_DB_get_by_index(db, 3, (WOLFSSL_STRING*)fields)); TXT_DB_free(db); res = TEST_RES_CHECK(1); #endif return res; } static int test_wolfSSL_NCONF(void) { int res = TEST_SKIPPED; #if !defined(NO_FILESYSTEM) && !defined(NO_BIO) const char* confFile = "./tests/NCONF_test.cnf"; CONF* conf = NULL; long eline = 0; long num = 0; AssertNotNull(conf = NCONF_new(NULL)); AssertIntEQ(NCONF_load(conf, confFile, &eline), 1); AssertIntEQ(NCONF_get_number(conf, NULL, "port", &num), 1); AssertIntEQ(num, 1234); AssertIntEQ(NCONF_get_number(conf, "section2", "port", &num), 1); AssertIntEQ(num, 4321); AssertStrEQ(NCONF_get_string(conf, NULL, "dir"), "./test-dir"); AssertStrEQ(NCONF_get_string(conf, "section1", "file1_copy"), "./test-dir/file1"); AssertStrEQ(NCONF_get_string(conf, "section2", "file_list"), "./test-dir/file1:./test-dir/file2:./section1:file2"); NCONF_free(conf); res = TEST_RES_CHECK(1); #endif return res; } #endif /* OPENSSL_ALL */ static int test_wolfSSL_X509V3_EXT_get(void) { int res = TEST_SKIPPED; #if !defined(NO_FILESYSTEM) && defined(OPENSSL_ALL) && !defined(NO_RSA) FILE* f; int numOfExt =0; int extNid = 0; int i = 0; WOLFSSL_X509* x509; WOLFSSL_X509_EXTENSION* ext; const WOLFSSL_v3_ext_method* method; AssertNotNull(f = fopen("./certs/server-cert.pem", "rb")); AssertNotNull(x509 = wolfSSL_PEM_read_X509(f, NULL, NULL, NULL)); fclose(f); /* wolfSSL_X509V3_EXT_get() return struct and nid test */ AssertIntEQ((numOfExt = wolfSSL_X509_get_ext_count(x509)), 5); for (i = 0; i < numOfExt; i++) { AssertNotNull(ext = wolfSSL_X509_get_ext(x509, i)); AssertIntNE((extNid = ext->obj->nid), NID_undef); AssertNotNull(method = wolfSSL_X509V3_EXT_get(ext)); AssertIntEQ(method->ext_nid, extNid); } /* wolfSSL_X509V3_EXT_get() NULL argument test */ AssertNull(method = wolfSSL_X509V3_EXT_get(NULL)); wolfSSL_X509_free(x509); res = TEST_RES_CHECK(1); #endif return res; } static int test_wolfSSL_X509V3_EXT_nconf(void) { int res = TEST_SKIPPED; #ifdef OPENSSL_ALL const char *ext_names[] = { "subjectKeyIdentifier", "authorityKeyIdentifier", "subjectAltName", "keyUsage", }; size_t ext_names_count = sizeof(ext_names)/sizeof(*ext_names); int ext_nids[] = { NID_subject_key_identifier, NID_authority_key_identifier, NID_subject_alt_name, NID_key_usage, }; size_t ext_nids_count = sizeof(ext_nids)/sizeof(*ext_nids); const char *ext_values[] = { "hash", "hash", "DNS:example.com, IP:127.0.0.1", "digitalSignature,keyEncipherment,dataEncipherment", }; size_t i; X509_EXTENSION* ext; X509* x509 = X509_new(); for (i = 0; i < ext_names_count; i++) { ext = X509V3_EXT_nconf(NULL, NULL, ext_names[i], ext_values[i]); AssertNotNull(ext); X509_EXTENSION_free(ext); } for (i = 0; i < ext_nids_count; i++) { ext = X509V3_EXT_nconf_nid(NULL, NULL, ext_nids[i], ext_values[i]); AssertNotNull(ext); X509_EXTENSION_free(ext); } /* Test adding extension to X509 */ for (i = 0; i < ext_nids_count; i++) { ext = X509V3_EXT_nconf(NULL, NULL, ext_names[i], ext_values[i]); AssertIntEQ(X509_add_ext(x509, ext, -1), WOLFSSL_SUCCESS); X509_EXTENSION_free(ext); } X509_free(x509); res = TEST_RES_CHECK(1); #endif return res; } static int test_wolfSSL_X509V3_EXT(void) { int res = TEST_SKIPPED; #if !defined(NO_FILESYSTEM) && defined(OPENSSL_ALL) && !defined(NO_RSA) FILE* f; int numOfExt = 0, nid = 0, i = 0, expected, actual; char* str; unsigned char* data; const WOLFSSL_v3_ext_method* method; WOLFSSL_X509* x509; WOLFSSL_X509_EXTENSION* ext; WOLFSSL_X509_EXTENSION* ext2; WOLFSSL_ASN1_OBJECT *obj, *adObj; WOLFSSL_ASN1_STRING* asn1str; WOLFSSL_AUTHORITY_KEYID* aKeyId; WOLFSSL_AUTHORITY_INFO_ACCESS* aia; WOLFSSL_BASIC_CONSTRAINTS* bc; WOLFSSL_ACCESS_DESCRIPTION* ad; WOLFSSL_GENERAL_NAME* gn; /* Check NULL argument */ AssertNull(wolfSSL_X509V3_EXT_d2i(NULL)); /* Using OCSP cert with X509V3 extensions */ AssertNotNull(f = fopen("./certs/ocsp/root-ca-cert.pem", "rb")); AssertNotNull(x509 = wolfSSL_PEM_read_X509(f, NULL, NULL, NULL)); fclose(f); AssertIntEQ((numOfExt = wolfSSL_X509_get_ext_count(x509)), 5); /* Basic Constraints */ AssertNotNull(ext = wolfSSL_X509_get_ext(x509, i)); AssertNotNull(obj = wolfSSL_X509_EXTENSION_get_object(ext)); AssertIntEQ((nid = wolfSSL_OBJ_obj2nid(obj)), NID_basic_constraints); AssertNotNull(bc = (WOLFSSL_BASIC_CONSTRAINTS*)wolfSSL_X509V3_EXT_d2i(ext)); AssertIntEQ(bc->ca, 1); AssertNull(bc->pathlen); wolfSSL_BASIC_CONSTRAINTS_free(bc); i++; /* Subject Key Identifier */ AssertNotNull(ext = wolfSSL_X509_get_ext(x509, i)); AssertNotNull(obj = wolfSSL_X509_EXTENSION_get_object(ext)); AssertIntEQ((nid = wolfSSL_OBJ_obj2nid(obj)), NID_subject_key_identifier); AssertNotNull(asn1str = (WOLFSSL_ASN1_STRING*)wolfSSL_X509V3_EXT_d2i(ext)); AssertNotNull(ext2 = wolfSSL_X509V3_EXT_i2d(NID_subject_key_identifier, 0, asn1str)); X509_EXTENSION_free(ext2); AssertNotNull(method = wolfSSL_X509V3_EXT_get(ext)); AssertNotNull(method->i2s); AssertNotNull(str = method->i2s((WOLFSSL_v3_ext_method*)method, asn1str)); wolfSSL_ASN1_STRING_free(asn1str); actual = strcmp(str, "73:B0:1C:A4:2F:82:CB:CF:47:A5:38:D7:B0:04:82:3A:7E:72:15:21"); AssertIntEQ(actual, 0); XFREE(str, NULL, DYNAMIC_TYPE_TMP_BUFFER); i++; /* Authority Key Identifier */ AssertNotNull(ext = wolfSSL_X509_get_ext(x509, i)); AssertNotNull(obj = wolfSSL_X509_EXTENSION_get_object(ext)); AssertIntEQ((nid = wolfSSL_OBJ_obj2nid(obj)), NID_authority_key_identifier); AssertNotNull(aKeyId = (WOLFSSL_AUTHORITY_KEYID*)wolfSSL_X509V3_EXT_d2i(ext)); AssertNotNull(method = wolfSSL_X509V3_EXT_get(ext)); AssertNotNull(asn1str = aKeyId->keyid); AssertNotNull(str = wolfSSL_i2s_ASN1_STRING((WOLFSSL_v3_ext_method*)method, asn1str)); actual = strcmp(str, "73:B0:1C:A4:2F:82:CB:CF:47:A5:38:D7:B0:04:82:3A:7E:72:15:21"); AssertIntEQ(actual, 0); XFREE(str, NULL, DYNAMIC_TYPE_TMP_BUFFER); wolfSSL_AUTHORITY_KEYID_free(aKeyId); i++; /* Key Usage */ AssertNotNull(ext = wolfSSL_X509_get_ext(x509, i)); AssertNotNull(obj = wolfSSL_X509_EXTENSION_get_object(ext)); AssertIntEQ((nid = wolfSSL_OBJ_obj2nid(obj)), NID_key_usage); AssertNotNull(asn1str = (WOLFSSL_ASN1_STRING*)wolfSSL_X509V3_EXT_d2i(ext)); #if defined(WOLFSSL_QT) AssertNotNull(data = (unsigned char*)ASN1_STRING_get0_data(asn1str)); #else AssertNotNull(data = wolfSSL_ASN1_STRING_data(asn1str)); #endif expected = KEYUSE_KEY_CERT_SIGN | KEYUSE_CRL_SIGN; #ifdef BIG_ENDIAN_ORDER actual = data[1]; #else actual = data[0]; #endif AssertIntEQ(actual, expected); wolfSSL_ASN1_STRING_free(asn1str); #if 1 i++; /* Authority Info Access */ AssertNotNull(ext = wolfSSL_X509_get_ext(x509, i)); AssertNotNull(obj = wolfSSL_X509_EXTENSION_get_object(ext)); AssertIntEQ((nid = wolfSSL_OBJ_obj2nid(obj)), NID_info_access); AssertNotNull(aia = (WOLFSSL_AUTHORITY_INFO_ACCESS*)wolfSSL_X509V3_EXT_d2i(ext)); #if defined(WOLFSSL_QT) AssertIntEQ(OPENSSL_sk_num(aia), 1); /* Only one URI entry for this cert */ #else AssertIntEQ(wolfSSL_sk_num(aia), 1); /* Only one URI entry for this cert */ #endif /* URI entry is an ACCESS_DESCRIPTION type */ #if defined(WOLFSSL_QT) AssertNotNull(ad = (WOLFSSL_ACCESS_DESCRIPTION*)wolfSSL_sk_value(aia, 0)); #else AssertNotNull(ad = (WOLFSSL_ACCESS_DESCRIPTION*)OPENSSL_sk_value(aia, 0)); #endif AssertNotNull(adObj = ad->method); /* Make sure nid is OCSP */ AssertIntEQ(wolfSSL_OBJ_obj2nid(adObj), NID_ad_OCSP); /* GENERAL_NAME stores URI as an ASN1_STRING */ AssertNotNull(gn = ad->location); AssertIntEQ(gn->type, GEN_URI); /* Type should always be GEN_URI */ AssertNotNull(asn1str = gn->d.uniformResourceIdentifier); AssertIntEQ(wolfSSL_ASN1_STRING_length(asn1str), 22); #if defined(WOLFSSL_QT) str = (char*)ASN1_STRING_get0_data(asn1str); #else str = (char*)wolfSSL_ASN1_STRING_data(asn1str); #endif actual = strcmp(str, "http://127.0.0.1:22220"); AssertIntEQ(actual, 0); wolfSSL_sk_ACCESS_DESCRIPTION_pop_free(aia, NULL); #else (void) aia; (void) ad; (void) adObj; (void) gn; #endif wolfSSL_X509_free(x509); res = TEST_RES_CHECK(1); #endif return res; } static int test_wolfSSL_X509_get_extension_flags(void) { int res = TEST_SKIPPED; #if defined(OPENSSL_ALL) && !defined(NO_RSA) XFILE f; X509* x509; unsigned int extFlags; unsigned int keyUsageFlags; unsigned int extKeyUsageFlags; /* client-int-cert.pem has the following extension flags. */ extFlags = EXFLAG_KUSAGE | EXFLAG_XKUSAGE; /* and the following key usage flags. */ keyUsageFlags = KU_DIGITAL_SIGNATURE | KU_NON_REPUDIATION | KU_KEY_ENCIPHERMENT; /* and the following extended key usage flags. */ extKeyUsageFlags = XKU_SSL_CLIENT | XKU_SMIME; f = XFOPEN("./certs/intermediate/client-int-cert.pem", "rb"); AssertTrue(f != XBADFILE); AssertNotNull(x509 = PEM_read_X509(f, NULL, NULL, NULL)); XFCLOSE(f); AssertIntEQ(X509_get_extension_flags(x509), extFlags); AssertIntEQ(X509_get_key_usage(x509), keyUsageFlags); AssertIntEQ(X509_get_extended_key_usage(x509), extKeyUsageFlags); X509_free(x509); /* client-cert-ext.pem has the following extension flags. */ extFlags = EXFLAG_KUSAGE; /* and the following key usage flags. */ keyUsageFlags = KU_DIGITAL_SIGNATURE | KU_KEY_CERT_SIGN | KU_CRL_SIGN; AssertNotNull(f = fopen("./certs/client-cert-ext.pem", "rb")); AssertNotNull(x509 = PEM_read_X509(f, NULL, NULL, NULL)); XFCLOSE(f); AssertIntEQ(X509_get_extension_flags(x509), extFlags); AssertIntEQ(X509_get_key_usage(x509), keyUsageFlags); X509_free(x509); res = TEST_RES_CHECK(1); #endif /* OPENSSL_ALL */ return res; } static int test_wolfSSL_X509_get_ext(void) { int res = TEST_SKIPPED; #if !defined(NO_FILESYSTEM) && defined(OPENSSL_ALL) && !defined(NO_RSA) int ret = 0; FILE* f; WOLFSSL_X509* x509; WOLFSSL_X509_EXTENSION* foundExtension; AssertNotNull(f = fopen("./certs/server-cert.pem", "rb")); AssertNotNull(x509 = wolfSSL_PEM_read_X509(f, NULL, NULL, NULL)); fclose(f); AssertIntEQ((ret = wolfSSL_X509_get_ext_count(x509)), 5); /* wolfSSL_X509_get_ext() valid input */ AssertNotNull(foundExtension = wolfSSL_X509_get_ext(x509, 0)); /* wolfSSL_X509_get_ext() valid x509, idx out of bounds */ AssertNull(foundExtension = wolfSSL_X509_get_ext(x509, -1)); AssertNull(foundExtension = wolfSSL_X509_get_ext(x509, 100)); /* wolfSSL_X509_get_ext() NULL x509, idx out of bounds */ AssertNull(foundExtension = wolfSSL_X509_get_ext(NULL, -1)); AssertNull(foundExtension = wolfSSL_X509_get_ext(NULL, 100)); /* wolfSSL_X509_get_ext() NULL x509, valid idx */ AssertNull(foundExtension = wolfSSL_X509_get_ext(NULL, 0)); wolfSSL_X509_free(x509); res = TEST_RES_CHECK(1); #endif return res; } static int test_wolfSSL_X509_get_ext_by_NID(void) { int res = TEST_SKIPPED; #if defined(OPENSSL_ALL) && !defined(NO_RSA) int rc; FILE* f; WOLFSSL_X509* x509; ASN1_OBJECT* obj = NULL; AssertNotNull(f = fopen("./certs/server-cert.pem", "rb")); AssertNotNull(x509 = wolfSSL_PEM_read_X509(f, NULL, NULL, NULL)); fclose(f); rc = wolfSSL_X509_get_ext_by_NID(x509, NID_basic_constraints, -1); AssertIntGE(rc, 0); /* Start search from last location (should fail) */ rc = wolfSSL_X509_get_ext_by_NID(x509, NID_basic_constraints, rc); AssertIntGE(rc, -1); rc = wolfSSL_X509_get_ext_by_NID(x509, NID_basic_constraints, -2); AssertIntGE(rc, -1); rc = wolfSSL_X509_get_ext_by_NID(NULL, NID_basic_constraints, -1); AssertIntEQ(rc, -1); rc = wolfSSL_X509_get_ext_by_NID(x509, NID_undef, -1); AssertIntEQ(rc, -1); /* NID_ext_key_usage, check also its nid and oid */ rc = wolfSSL_X509_get_ext_by_NID(x509, NID_ext_key_usage, -1); AssertIntGT(rc, -1); AssertNotNull(obj = wolfSSL_X509_EXTENSION_get_object(wolfSSL_X509_get_ext(x509, rc))); AssertIntEQ(obj->nid, NID_ext_key_usage); AssertIntEQ(obj->type, EXT_KEY_USAGE_OID); wolfSSL_X509_free(x509); res = TEST_RES_CHECK(1); #endif return res; } static int test_wolfSSL_X509_get_ext_subj_alt_name(void) { int res = TEST_SKIPPED; #if defined(OPENSSL_ALL) && !defined(NO_RSA) int rc; XFILE f; WOLFSSL_X509* x509; WOLFSSL_X509_EXTENSION* ext; WOLFSSL_ASN1_STRING* sanString; byte* sanDer; const byte expectedDer[] = { 0x30, 0x13, 0x82, 0x0b, 0x65, 0x78, 0x61, 0x6d, 0x70, 0x6c, 0x65, 0x2e, 0x63, 0x6f, 0x6d, 0x87, 0x04, 0x7f, 0x00, 0x00, 0x01}; f = XFOPEN("./certs/server-cert.pem", "rb"); AssertTrue(f != XBADFILE); AssertNotNull(x509 = PEM_read_X509(f, NULL, NULL, NULL)); fclose(f); rc = X509_get_ext_by_NID(x509, NID_subject_alt_name, -1); AssertIntNE(rc, -1); AssertNotNull(ext = X509_get_ext(x509, rc)); AssertNotNull(sanString = X509_EXTENSION_get_data(ext)); AssertIntEQ(ASN1_STRING_length(sanString), sizeof(expectedDer)); AssertNotNull(sanDer = ASN1_STRING_data(sanString)); AssertIntEQ(XMEMCMP(sanDer, expectedDer, sizeof(expectedDer)), 0); X509_free(x509); res = TEST_RES_CHECK(1); #endif return res; } static int test_wolfSSL_X509_EXTENSION_new(void) { int res = TEST_SKIPPED; #if defined (OPENSSL_ALL) WOLFSSL_X509_EXTENSION* ext; AssertNotNull(ext = wolfSSL_X509_EXTENSION_new()); AssertNotNull(ext->obj = wolfSSL_ASN1_OBJECT_new()); ext->obj->nid = WOLFSSL_SUCCESS; AssertIntEQ(WOLFSSL_SUCCESS, ext->obj->nid); wolfSSL_X509_EXTENSION_free(ext); res = TEST_RES_CHECK(1); #endif return res; } static int test_wolfSSL_X509_EXTENSION_get_object(void) { int res = TEST_SKIPPED; #if !defined(NO_FILESYSTEM) && defined(OPENSSL_ALL) && !defined(NO_RSA) WOLFSSL_X509* x509; WOLFSSL_X509_EXTENSION* ext; WOLFSSL_ASN1_OBJECT* o; FILE* file; AssertNotNull(file = fopen("./certs/server-cert.pem", "rb")); AssertNotNull(x509 = wolfSSL_PEM_read_X509(file, NULL, NULL, NULL)); fclose(file); /* wolfSSL_X509_EXTENSION_get_object() testing ext idx 0 */ AssertNotNull(ext = wolfSSL_X509_get_ext(x509, 0)); AssertNotNull(o = wolfSSL_X509_EXTENSION_get_object(ext)); AssertIntEQ(o->nid, 128); /* wolfSSL_X509_EXTENSION_get_object() NULL argument */ AssertNull(o = wolfSSL_X509_EXTENSION_get_object(NULL)); wolfSSL_X509_free(x509); res = TEST_RES_CHECK(1); #endif return res; } static int test_wolfSSL_X509_EXTENSION_get_data(void) { int res = TEST_SKIPPED; #if !defined(NO_FILESYSTEM) && defined(OPENSSL_ALL) && !defined(NO_RSA) WOLFSSL_X509* x509; WOLFSSL_X509_EXTENSION* ext; WOLFSSL_ASN1_STRING* str; FILE* file; AssertNotNull(file = fopen("./certs/server-cert.pem", "rb")); AssertNotNull(x509 = wolfSSL_PEM_read_X509(file, NULL, NULL, NULL)); fclose(file); AssertNotNull(ext = wolfSSL_X509_get_ext(x509, 0)); AssertNotNull(str = wolfSSL_X509_EXTENSION_get_data(ext)); wolfSSL_X509_free(x509); res = TEST_RES_CHECK(1); #endif return res; } static int test_wolfSSL_X509_EXTENSION_get_critical(void) { int res = TEST_SKIPPED; #if !defined(NO_FILESYSTEM) && defined(OPENSSL_ALL) && !defined(NO_RSA) WOLFSSL_X509* x509; WOLFSSL_X509_EXTENSION* ext; FILE* file; int crit; AssertNotNull(file = fopen("./certs/server-cert.pem", "rb")); AssertNotNull(x509 = wolfSSL_PEM_read_X509(file, NULL, NULL, NULL)); fclose(file); AssertNotNull(ext = wolfSSL_X509_get_ext(x509, 0)); crit = wolfSSL_X509_EXTENSION_get_critical(ext); AssertIntEQ(crit, 0); wolfSSL_X509_free(x509); res = TEST_RES_CHECK(1); #endif return res; } static int test_wolfSSL_X509V3_EXT_print(void) { int res = TEST_SKIPPED; #if !defined(NO_FILESYSTEM) && defined(OPENSSL_ALL) && !defined(NO_BIO) && \ !defined(NO_RSA) { FILE* f; WOLFSSL_X509* x509; X509_EXTENSION * ext = NULL; int loc; BIO *bio = NULL; AssertNotNull(f = fopen(svrCertFile, "rb")); AssertNotNull(x509 = wolfSSL_PEM_read_X509(f, NULL, NULL, NULL)); fclose(f); AssertNotNull(bio = wolfSSL_BIO_new(BIO_s_mem())); loc = wolfSSL_X509_get_ext_by_NID(x509, NID_basic_constraints, -1); AssertIntGT(loc, -1); AssertNotNull(ext = wolfSSL_X509_get_ext(x509, loc)); AssertIntEQ(wolfSSL_X509V3_EXT_print(bio, ext, 0, 0), WOLFSSL_SUCCESS); loc = wolfSSL_X509_get_ext_by_NID(x509, NID_subject_key_identifier, -1); AssertIntGT(loc, -1); AssertNotNull(ext = wolfSSL_X509_get_ext(x509, loc)); AssertIntEQ(wolfSSL_X509V3_EXT_print(bio, ext, 0, 0), WOLFSSL_SUCCESS); loc = wolfSSL_X509_get_ext_by_NID(x509, NID_authority_key_identifier, -1); AssertIntGT(loc, -1); AssertNotNull(ext = wolfSSL_X509_get_ext(x509, loc)); AssertIntEQ(wolfSSL_X509V3_EXT_print(bio, ext, 0, 0), WOLFSSL_SUCCESS); wolfSSL_BIO_free(bio); wolfSSL_X509_free(x509); } { X509 *x509; BIO *bio; X509_EXTENSION *ext; unsigned int i; unsigned int idx; /* Some NIDs to test with */ int nids[] = { /* NID_key_usage, currently X509_get_ext returns this as a bit * string, which messes up X509V3_EXT_print */ /* NID_ext_key_usage, */ NID_subject_alt_name, }; int* n; AssertNotNull(bio = BIO_new_fp(stderr, BIO_NOCLOSE)); AssertNotNull(x509 = wolfSSL_X509_load_certificate_file(cliCertFileExt, WOLFSSL_FILETYPE_PEM)); fprintf(stderr, "\nPrinting extension values:\n"); for (i = 0, n = nids; i<(sizeof(nids)/sizeof(int)); i++, n++) { /* X509_get_ext_by_NID should return 3 for now. If that changes then * update the index */ AssertIntEQ((idx = X509_get_ext_by_NID(x509, *n, -1)), 3); AssertNotNull(ext = X509_get_ext(x509, idx)); AssertIntEQ(X509V3_EXT_print(bio, ext, 0, 0), 1); fprintf(stderr, "\n"); } BIO_free(bio); X509_free(x509); } res = TEST_RES_CHECK(1); #endif return res; } static int test_wolfSSL_X509_cmp(void) { int res = TEST_SKIPPED; #if defined(OPENSSL_ALL) && !defined(NO_RSA) FILE* file1; FILE* file2; WOLFSSL_X509* cert1; WOLFSSL_X509* cert2; AssertNotNull(file1=fopen("./certs/server-cert.pem", "rb")); AssertNotNull(file2=fopen("./certs/3072/client-cert.pem", "rb")); AssertNotNull(cert1 = wolfSSL_PEM_read_X509(file1, NULL, NULL, NULL)); AssertNotNull(cert2 = wolfSSL_PEM_read_X509(file2, NULL, NULL, NULL)); fclose(file1); fclose(file2); /* wolfSSL_X509_cmp() testing matching certs */ AssertIntEQ(0, wolfSSL_X509_cmp(cert1, cert1)); /* wolfSSL_X509_cmp() testing mismatched certs */ AssertIntEQ(-1, wolfSSL_X509_cmp(cert1, cert2)); /* wolfSSL_X509_cmp() testing NULL, valid args */ AssertIntEQ(BAD_FUNC_ARG, wolfSSL_X509_cmp(NULL, cert2)); /* wolfSSL_X509_cmp() testing valid, NULL args */ AssertIntEQ(BAD_FUNC_ARG, wolfSSL_X509_cmp(cert1, NULL)); /* wolfSSL_X509_cmp() testing NULL, NULL args */ AssertIntEQ(BAD_FUNC_ARG, wolfSSL_X509_cmp(NULL, NULL)); wolfSSL_X509_free(cert1); wolfSSL_X509_free(cert2); res = TEST_RES_CHECK(1); #endif return res; } static int test_wolfSSL_PKEY_up_ref(void) { int res = TEST_SKIPPED; #if defined(OPENSSL_ALL) EVP_PKEY* pkey; pkey = EVP_PKEY_new(); AssertIntEQ(EVP_PKEY_up_ref(NULL), 0); AssertIntEQ(EVP_PKEY_up_ref(pkey), 1); EVP_PKEY_free(pkey); AssertIntEQ(EVP_PKEY_up_ref(pkey), 1); EVP_PKEY_free(pkey); EVP_PKEY_free(pkey); res = TEST_RES_CHECK(1); #endif return res; } static int test_wolfSSL_d2i_and_i2d_PublicKey(void) { int res = TEST_SKIPPED; #if defined(OPENSSL_EXTRA) && !defined(NO_RSA) EVP_PKEY* pkey; const unsigned char* p; unsigned char *der = NULL, *tmp = NULL; int derLen; p = client_keypub_der_2048; /* Check that key can be successfully decoded. */ AssertNotNull(pkey = wolfSSL_d2i_PublicKey(EVP_PKEY_RSA, NULL, &p, sizeof_client_keypub_der_2048)); /* Check that key can be successfully encoded. */ AssertIntGE((derLen = wolfSSL_i2d_PublicKey(pkey, &der)), 0); /* Ensure that the encoded version matches the original. */ AssertIntEQ(derLen, sizeof_client_keypub_der_2048); AssertIntEQ(XMEMCMP(der, client_keypub_der_2048, derLen), 0); /* Do same test except with pre-allocated buffer to ensure the der pointer * is advanced. */ tmp = der; AssertIntGE((derLen = wolfSSL_i2d_PublicKey(pkey, &tmp)), 0); AssertIntEQ(derLen, sizeof_client_keypub_der_2048); AssertIntEQ(XMEMCMP(der, client_keypub_der_2048, derLen), 0); AssertTrue(der + derLen == tmp); XFREE(der, HEAP_HINT, DYNAMIC_TYPE_OPENSSL); EVP_PKEY_free(pkey); res = TEST_RES_CHECK(1); #endif return res; } static int test_wolfSSL_d2i_and_i2d_PublicKey_ecc(void) { int res = TEST_SKIPPED; #if defined(OPENSSL_EXTRA) && defined(HAVE_ECC) && !defined(NO_CERTS) && \ !defined(NO_ASN) && !defined(NO_PWDBASED) EVP_PKEY* pkey; const unsigned char* p; unsigned char *der = NULL, *tmp = NULL; int derLen; unsigned char pub_buf[65]; const int pub_len = 65; BN_CTX * ctx; EC_GROUP * curve; EC_KEY * ephemeral_key; const EC_POINT * h; /* Generate an x963 key pair and get public part into pub_buf */ AssertNotNull(ctx = BN_CTX_new()); AssertNotNull(curve = EC_GROUP_new_by_curve_name(NID_X9_62_prime256v1)); AssertNotNull(ephemeral_key = EC_KEY_new_by_curve_name( NID_X9_62_prime256v1)); AssertIntEQ(EC_KEY_generate_key(ephemeral_key), 1); AssertNotNull(h = EC_KEY_get0_public_key(ephemeral_key)); AssertIntEQ(pub_len, EC_POINT_point2oct(curve, h, POINT_CONVERSION_UNCOMPRESSED, pub_buf, pub_len, ctx)); /* Prepare the EVP_PKEY */ AssertNotNull(pkey = EVP_PKEY_new()); p = pub_buf; /* Check that key can be successfully decoded. */ AssertNotNull(wolfSSL_d2i_PublicKey(EVP_PKEY_EC, &pkey, &p, pub_len)); /* Check that key can be successfully encoded. */ AssertIntGE((derLen = wolfSSL_i2d_PublicKey(pkey, &der)), 0); /* Ensure that the encoded version matches the original. */ AssertIntEQ(derLen, pub_len); AssertIntEQ(XMEMCMP(der, pub_buf, derLen), 0); /* Do same test except with pre-allocated buffer to ensure the der pointer * is advanced. */ tmp = der; AssertIntGE((derLen = wolfSSL_i2d_PublicKey(pkey, &tmp)), 0); AssertIntEQ(derLen, pub_len); AssertIntEQ(XMEMCMP(der, pub_buf, derLen), 0); AssertTrue(der + derLen == tmp); XFREE(der, HEAP_HINT, DYNAMIC_TYPE_OPENSSL); EVP_PKEY_free(pkey); EC_KEY_free(ephemeral_key); EC_GROUP_free(curve); res = TEST_RES_CHECK(1); #endif return res; } static int test_wolfSSL_d2i_and_i2d_DSAparams(void) { int res = TEST_SKIPPED; #if defined(OPENSSL_EXTRA) && !defined(NO_DSA) DSA* dsa; char file[] = "./certs/dsaparams.der"; XFILE f; int derInLen; byte* derIn; int derOutLen; byte* derOut = NULL; f = XFOPEN(file, "rb"); AssertTrue(f != XBADFILE); AssertTrue(XFSEEK(f, 0, XSEEK_END) == 0); derInLen = (int)XFTELL(f); AssertTrue(XFSEEK(f, 0, XSEEK_SET) == 0); AssertNotNull(derIn = (byte*)XMALLOC(derInLen, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER)); AssertIntEQ(XFREAD(derIn, 1, derInLen, f), derInLen); XFCLOSE(f); /* Check that params can be successfully decoded. */ AssertNotNull(dsa = d2i_DSAparams(NULL, (const byte**)&derIn, derInLen)); /* Check that params can be successfully encoded. */ AssertIntGE((derOutLen = i2d_DSAparams(dsa, &derOut)), 0); /* Ensure that the encoded version matches the original. */ AssertIntEQ(derInLen, derOutLen); AssertIntEQ(XMEMCMP(derIn, derOut, derInLen), 0); XFREE(derIn, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); XFREE(derOut, HEAP_HINT, DYNAMIC_TYPE_OPENSSL); DSA_free(dsa); res = TEST_RES_CHECK(1); #endif return res; } static int test_wolfSSL_i2d_PrivateKey(void) { int res = TEST_SKIPPED; #if (!defined(NO_RSA) || defined(HAVE_ECC)) && defined(OPENSSL_EXTRA) && !defined(NO_ASN) && !defined(NO_PWDBASED) #if !defined(NO_RSA) && defined(USE_CERT_BUFFERS_2048) { EVP_PKEY* pkey; const unsigned char* server_key = (const unsigned char*)server_key_der_2048; unsigned char buf[FOURK_BUF]; unsigned char* pt = NULL; int bufSz; AssertNotNull(pkey = d2i_PrivateKey(EVP_PKEY_RSA, NULL, &server_key, (long)sizeof_server_key_der_2048)); AssertIntEQ(i2d_PrivateKey(pkey, NULL), 1193); pt = buf; AssertIntEQ((bufSz = i2d_PrivateKey(pkey, &pt)), 1193); AssertIntNE((pt - buf), 0); AssertIntEQ(XMEMCMP(buf, server_key_der_2048, bufSz), 0); EVP_PKEY_free(pkey); } #endif #if defined(OPENSSL_EXTRA) && defined(HAVE_ECC) && defined(USE_CERT_BUFFERS_256) { EVP_PKEY* pkey; const unsigned char* client_key = (const unsigned char*)ecc_clikey_der_256; unsigned char buf[FOURK_BUF]; unsigned char* pt = NULL; int bufSz; AssertNotNull((pkey = d2i_PrivateKey(EVP_PKEY_EC, NULL, &client_key, sizeof_ecc_clikey_der_256))); AssertIntEQ(i2d_PrivateKey(pkey, NULL), 121); pt = buf; AssertIntEQ((bufSz = i2d_PrivateKey(pkey, &pt)), 121); AssertIntNE((pt - buf), 0); AssertIntEQ(XMEMCMP(buf, ecc_clikey_der_256, bufSz), 0); EVP_PKEY_free(pkey); } #endif res = TEST_RES_CHECK(1); #endif return res; } static int test_wolfSSL_OCSP_id_get0_info(void) { int res = TEST_SKIPPED; #if (defined(OPENSSL_ALL) || defined(WOLFSSL_HAPROXY)) && defined(HAVE_OCSP) && \ !defined(NO_FILESYSTEM) && !defined(NO_RSA) X509* cert; X509* issuer; OCSP_CERTID* id; OCSP_CERTID* id2; ASN1_STRING* name = NULL; ASN1_OBJECT* pmd = NULL; ASN1_STRING* keyHash = NULL; ASN1_INTEGER* serial = NULL; ASN1_INTEGER* x509Int; AssertNotNull(cert = wolfSSL_X509_load_certificate_file(svrCertFile, SSL_FILETYPE_PEM)); AssertNotNull(issuer = wolfSSL_X509_load_certificate_file(caCertFile, SSL_FILETYPE_PEM)); id = OCSP_cert_to_id(NULL, cert, issuer); AssertNotNull(id); id2 = OCSP_cert_to_id(NULL, cert, issuer); AssertNotNull(id2); AssertIntEQ(OCSP_id_get0_info(NULL, NULL, NULL, NULL, NULL), 0); AssertIntEQ(OCSP_id_get0_info(NULL, NULL, NULL, NULL, id), 1); /* name, pmd, keyHash not supported yet, expect failure if not NULL */ AssertIntEQ(OCSP_id_get0_info(&name, NULL, NULL, NULL, id), 0); AssertIntEQ(OCSP_id_get0_info(NULL, &pmd, NULL, NULL, id), 0); AssertIntEQ(OCSP_id_get0_info(NULL, NULL, &keyHash, NULL, id), 0); AssertIntEQ(OCSP_id_get0_info(NULL, NULL, NULL, &serial, id), 1); AssertNotNull(serial); /* compare serial number to one in cert, should be equal */ x509Int = X509_get_serialNumber(cert); AssertNotNull(x509Int); AssertIntEQ(x509Int->length, serial->length); AssertIntEQ(XMEMCMP(x509Int->data, serial->data, serial->length), 0); /* test OCSP_id_cmp */ AssertIntNE(OCSP_id_cmp(NULL, NULL), 0); AssertIntNE(OCSP_id_cmp(id, NULL), 0); AssertIntNE(OCSP_id_cmp(NULL, id2), 0); AssertIntEQ(OCSP_id_cmp(id, id2), 0); id->issuerHash[0] = ~id->issuerHash[0]; AssertIntNE(OCSP_id_cmp(id, id2), 0); OCSP_CERTID_free(id); OCSP_CERTID_free(id2); X509_free(cert); /* free's x509Int */ X509_free(issuer); res = TEST_RES_CHECK(1); #endif return res; } static int test_wolfSSL_i2d_OCSP_CERTID(void) { int res = TEST_SKIPPED; #if (defined(OPENSSL_ALL) || defined(WOLFSSL_HAPROXY)) && defined(HAVE_OCSP) WOLFSSL_OCSP_CERTID certId; byte* targetBuffer; byte* beginTargetBuffer; /* OCSP CertID bytes taken from PCAP */ byte rawCertId[] = { 0x30, 0x49, 0x30, 0x09, 0x06, 0x05, 0x2b, 0x0e, 0x03, 0x02, 0x1a, 0x05, 0x00, 0x04, 0x14, 0x80, 0x51, 0x06, 0x01, 0x32, 0xad, 0x9a, 0xc2, 0x7d, 0x51, 0x87, 0xa0, 0xe8, 0x87, 0xfb, 0x01, 0x62, 0x01, 0x55, 0xee, 0x04, 0x14, 0x03, 0xde, 0x50, 0x35, 0x56, 0xd1, 0x4c, 0xbb, 0x66, 0xf0, 0xa3, 0xe2, 0x1b, 0x1b, 0xc3, 0x97, 0xb2, 0x3d, 0xd1, 0x55, 0x02, 0x10, 0x01, 0xfd, 0xa3, 0xeb, 0x6e, 0xca, 0x75, 0xc8, 0x88, 0x43, 0x8b, 0x72, 0x4b, 0xcf, 0xbc, 0x91 }; int ret, i; XMEMSET(&certId, 0, sizeof(WOLFSSL_OCSP_CERTID)); certId.rawCertId = rawCertId; certId.rawCertIdSize = sizeof(rawCertId); targetBuffer = (byte*)XMALLOC(sizeof(rawCertId), NULL, DYNAMIC_TYPE_TMP_BUFFER); beginTargetBuffer = targetBuffer; ret = wolfSSL_i2d_OCSP_CERTID(&certId, &targetBuffer); /* If target buffer is not null, function increments targetBuffer to point just past the end of the encoded data. */ AssertPtrEq(targetBuffer, (beginTargetBuffer + sizeof(rawCertId))); /* Function returns the size of the encoded data. */ AssertIntEQ(ret, sizeof(rawCertId)); for (i = 0; i < ret; ++i) { AssertIntEQ(beginTargetBuffer[i], rawCertId[i]); } XFREE(beginTargetBuffer, NULL, DYNAMIC_TYPE_TMP_BUFFER); targetBuffer = NULL; ret = wolfSSL_i2d_OCSP_CERTID(&certId, &targetBuffer); /* If target buffer is null, function allocates memory for a buffer and copies the encoded data into it. targetBuffer then points to the start of this newly allocate buffer. */ AssertIntEQ(ret, sizeof(rawCertId)); for (i = 0; i < ret; ++i) { AssertIntEQ(targetBuffer[i], rawCertId[i]); } XFREE(targetBuffer, NULL, DYNAMIC_TYPE_OPENSSL); res = TEST_RES_CHECK(1); #endif return res; } static int test_wolfSSL_d2i_OCSP_CERTID(void) { int res = TEST_SKIPPED; #if (defined(OPENSSL_ALL) || defined(WOLFSSL_HAPROXY)) && defined(HAVE_OCSP) WOLFSSL_OCSP_CERTID* certId; WOLFSSL_OCSP_CERTID* certIdBad; const unsigned char* rawCertIdPtr; const unsigned char rawCertId[] = { 0x30, 0x49, 0x30, 0x09, 0x06, 0x05, 0x2b, 0x0e, 0x03, 0x02, 0x1a, 0x05, 0x00, 0x04, 0x14, 0x80, 0x51, 0x06, 0x01, 0x32, 0xad, 0x9a, 0xc2, 0x7d, 0x51, 0x87, 0xa0, 0xe8, 0x87, 0xfb, 0x01, 0x62, 0x01, 0x55, 0xee, 0x04, 0x14, 0x03, 0xde, 0x50, 0x35, 0x56, 0xd1, 0x4c, 0xbb, 0x66, 0xf0, 0xa3, 0xe2, 0x1b, 0x1b, 0xc3, 0x97, 0xb2, 0x3d, 0xd1, 0x55, 0x02, 0x10, 0x01, 0xfd, 0xa3, 0xeb, 0x6e, 0xca, 0x75, 0xc8, 0x88, 0x43, 0x8b, 0x72, 0x4b, 0xcf, 0xbc, 0x91 }; rawCertIdPtr = &rawCertId[0]; /* If the cert ID is NULL the function should allocate it and copy the * data to it. */ certId = NULL; certId = wolfSSL_d2i_OCSP_CERTID(&certId, &rawCertIdPtr, sizeof(rawCertId)); AssertNotNull(certId); AssertIntEQ(certId->rawCertIdSize, sizeof(rawCertId)); XFREE(certId->rawCertId, NULL, DYNAMIC_TYPE_OPENSSL); XFREE(certId, NULL, DYNAMIC_TYPE_OPENSSL); /* If the cert ID is not NULL the function will just copy the data to it. */ certId = (WOLFSSL_OCSP_CERTID*)XMALLOC(sizeof(*certId), NULL, DYNAMIC_TYPE_TMP_BUFFER); AssertNotNull(certId); XMEMSET(certId, 0, sizeof(*certId)); /* Reset rawCertIdPtr since it was push forward in the previous call. */ rawCertIdPtr = &rawCertId[0]; certId = wolfSSL_d2i_OCSP_CERTID(&certId, &rawCertIdPtr, sizeof(rawCertId)); AssertNotNull(certId); AssertIntEQ(certId->rawCertIdSize, sizeof(rawCertId)); XFREE(certId->rawCertId, NULL, DYNAMIC_TYPE_OPENSSL); XFREE(certId, NULL, DYNAMIC_TYPE_TMP_BUFFER); /* The below tests should fail when passed bad parameters. NULL should * always be returned. */ certIdBad = wolfSSL_d2i_OCSP_CERTID(NULL, &rawCertIdPtr, sizeof(rawCertId)); AssertNull(certIdBad); certIdBad = wolfSSL_d2i_OCSP_CERTID(&certId, NULL, sizeof(rawCertId)); AssertNull(certIdBad); certIdBad = wolfSSL_d2i_OCSP_CERTID(&certId, &rawCertIdPtr, 0); AssertNull(certIdBad); res = TEST_RES_CHECK(1); #endif return res; } static int test_wolfSSL_OCSP_id_cmp(void) { int res = TEST_SKIPPED; #if defined(OPENSSL_ALL) && defined(HAVE_OCSP) OCSP_CERTID id1; OCSP_CERTID id2; XMEMSET(&id1, 0, sizeof(id1)); XMEMSET(&id2, 0, sizeof(id2)); AssertIntEQ(OCSP_id_cmp(&id1, &id2), 0); res = TEST_RES_CHECK(1); #endif return res; } static int test_wolfSSL_OCSP_SINGLERESP_get0_id(void) { int res = TEST_SKIPPED; #if defined(OPENSSL_ALL) && defined(HAVE_OCSP) WOLFSSL_OCSP_SINGLERESP single; const WOLFSSL_OCSP_CERTID* certId; XMEMSET(&single, 0, sizeof(single)); certId = wolfSSL_OCSP_SINGLERESP_get0_id(&single); AssertPtrEq(&single, certId); res = TEST_RES_CHECK(1); #endif return res; } static int test_wolfSSL_OCSP_single_get0_status(void) { int res = TEST_SKIPPED; #if defined(OPENSSL_ALL) && defined(HAVE_OCSP) WOLFSSL_OCSP_SINGLERESP single; CertStatus certStatus; WOLFSSL_ASN1_TIME* thisDate; WOLFSSL_ASN1_TIME* nextDate; int ret, i; XMEMSET(&single, 0, sizeof(WOLFSSL_OCSP_SINGLERESP)); XMEMSET(&certStatus, 0, sizeof(CertStatus)); /* Fill the date fields with some dummy data. */ for (i = 0; i < CTC_DATE_SIZE; ++i) { certStatus.thisDateParsed.data[i] = i; certStatus.nextDateParsed.data[i] = i; } certStatus.status = CERT_GOOD; single.status = &certStatus; ret = wolfSSL_OCSP_single_get0_status(&single, NULL, NULL, &thisDate, &nextDate); AssertIntEQ(ret, CERT_GOOD); AssertPtrEq(thisDate, &certStatus.thisDateParsed); AssertPtrEq(nextDate, &certStatus.nextDateParsed); res = TEST_RES_CHECK(1); #endif return res; } static int test_wolfSSL_OCSP_resp_count(void) { int res = TEST_SKIPPED; #if defined(OPENSSL_ALL) && defined(HAVE_OCSP) WOLFSSL_OCSP_BASICRESP basicResp; WOLFSSL_OCSP_SINGLERESP singleRespOne; WOLFSSL_OCSP_SINGLERESP singleRespTwo; int count; XMEMSET(&basicResp, 0, sizeof(WOLFSSL_OCSP_BASICRESP)); XMEMSET(&singleRespOne, 0, sizeof(WOLFSSL_OCSP_SINGLERESP)); XMEMSET(&singleRespTwo, 0, sizeof(WOLFSSL_OCSP_SINGLERESP)); count = wolfSSL_OCSP_resp_count(&basicResp); AssertIntEQ(count, 0); basicResp.single = &singleRespOne; count = wolfSSL_OCSP_resp_count(&basicResp); AssertIntEQ(count, 1); singleRespOne.next = &singleRespTwo; count = wolfSSL_OCSP_resp_count(&basicResp); AssertIntEQ(count, 2); res = TEST_RES_CHECK(1); #endif return res; } static int test_wolfSSL_OCSP_resp_get0(void) { int res = TEST_SKIPPED; #if defined(OPENSSL_ALL) && defined(HAVE_OCSP) WOLFSSL_OCSP_BASICRESP basicResp; WOLFSSL_OCSP_SINGLERESP singleRespOne; WOLFSSL_OCSP_SINGLERESP singleRespTwo; WOLFSSL_OCSP_SINGLERESP* ret; XMEMSET(&basicResp, 0, sizeof(WOLFSSL_OCSP_BASICRESP)); XMEMSET(&singleRespOne, 0, sizeof(WOLFSSL_OCSP_SINGLERESP)); XMEMSET(&singleRespTwo, 0, sizeof(WOLFSSL_OCSP_SINGLERESP)); basicResp.single = &singleRespOne; singleRespOne.next = &singleRespTwo; ret = wolfSSL_OCSP_resp_get0(&basicResp, 0); AssertPtrEq(ret, &singleRespOne); ret = wolfSSL_OCSP_resp_get0(&basicResp, 1); AssertPtrEq(ret, &singleRespTwo); res = TEST_RES_CHECK(1); #endif return res; } static int test_wolfSSL_EVP_PKEY_derive(void) { int res = TEST_SKIPPED; #if defined(OPENSSL_ALL) || defined(WOLFSSL_QT) || defined(WOLFSSL_OPENSSH) #if (!defined(NO_DH) && defined(WOLFSSL_DH_EXTRA)) || defined(HAVE_ECC) EVP_PKEY_CTX *ctx; unsigned char *skey; size_t skeylen; EVP_PKEY *pkey, *peerkey; const unsigned char* key; #if !defined(NO_DH) && defined(WOLFSSL_DH_EXTRA) /* DH */ key = dh_key_der_2048; AssertNotNull((pkey = d2i_PrivateKey(EVP_PKEY_DH, NULL, &key, sizeof_dh_key_der_2048))); AssertIntEQ(DH_generate_key(EVP_PKEY_get0_DH(pkey)), 1); key = dh_key_der_2048; AssertNotNull((peerkey = d2i_PrivateKey(EVP_PKEY_DH, NULL, &key, sizeof_dh_key_der_2048))); AssertIntEQ(DH_generate_key(EVP_PKEY_get0_DH(peerkey)), 1); AssertNotNull(ctx = EVP_PKEY_CTX_new(pkey, NULL)); AssertIntEQ(EVP_PKEY_derive_init(ctx), 1); AssertIntEQ(EVP_PKEY_derive_set_peer(ctx, peerkey), 1); AssertIntEQ(EVP_PKEY_derive(ctx, NULL, &skeylen), 1); AssertNotNull(skey = (unsigned char*)XMALLOC(skeylen, NULL, DYNAMIC_TYPE_OPENSSL)); AssertIntEQ(EVP_PKEY_derive(ctx, skey, &skeylen), 1); EVP_PKEY_CTX_free(ctx); EVP_PKEY_free(peerkey); EVP_PKEY_free(pkey); XFREE(skey, NULL, DYNAMIC_TYPE_OPENSSL); #endif #ifdef HAVE_ECC /* ECDH */ key = ecc_clikey_der_256; AssertNotNull((pkey = d2i_PrivateKey(EVP_PKEY_EC, NULL, &key, sizeof_ecc_clikey_der_256))); key = ecc_clikeypub_der_256; AssertNotNull((peerkey = d2i_PUBKEY(NULL, &key, sizeof_ecc_clikeypub_der_256))); AssertNotNull(ctx = EVP_PKEY_CTX_new(pkey, NULL)); AssertIntEQ(EVP_PKEY_derive_init(ctx), 1); AssertIntEQ(EVP_PKEY_derive_set_peer(ctx, peerkey), 1); AssertIntEQ(EVP_PKEY_derive(ctx, NULL, &skeylen), 1); AssertNotNull(skey = (unsigned char*)XMALLOC(skeylen, NULL, DYNAMIC_TYPE_OPENSSL)); AssertIntEQ(EVP_PKEY_derive(ctx, skey, &skeylen), 1); EVP_PKEY_CTX_free(ctx); EVP_PKEY_free(peerkey); EVP_PKEY_free(pkey); XFREE(skey, NULL, DYNAMIC_TYPE_OPENSSL); #endif /* HAVE_ECC */ res = TEST_RES_CHECK(1); #endif /* (!NO_DH && WOLFSSL_DH_EXTRA) || HAVE_ECC */ #endif /* OPENSSL_ALL || WOLFSSL_QT || WOLFSSL_OPENSSH */ return res; } static int test_wolfSSL_EVP_PBE_scrypt(void) { int res = TEST_SKIPPED; #if defined(OPENSSL_EXTRA) && defined(HAVE_SCRYPT) && defined(HAVE_PBKDF2) && \ (!defined(HAVE_FIPS_VERSION) || (HAVE_FIPS_VERSION < 5)) #if !defined(NO_PWDBASED) && !defined(NO_SHA256) int ret; const char pwd[] = {'p','a','s','s','w','o','r','d'}; int pwdlen = sizeof(pwd); const byte salt[] = {'N','a','C','l'}; int saltlen = sizeof(salt); byte key[80]; word64 numOvr32 = (word64)INT32_MAX + 1; /* expected derived key for N:16, r:1, p:1 */ const byte expectedKey[] = { 0xAE, 0xC6, 0xB7, 0x48, 0x3E, 0xD2, 0x6E, 0x08, 0x80, 0x2B, 0x41, 0xF4, 0x03, 0x20, 0x86, 0xA0, 0xE8, 0x86, 0xBE, 0x7A, 0xC4, 0x8F, 0xCF, 0xD9, 0x2F, 0xF0, 0xCE, 0xF8, 0x10, 0x97, 0x52, 0xF4, 0xAC, 0x74, 0xB0, 0x77, 0x26, 0x32, 0x56, 0xA6, 0x5A, 0x99, 0x70, 0x1B, 0x7A, 0x30, 0x4D, 0x46, 0x61, 0x1C, 0x8A, 0xA3, 0x91, 0xE7, 0x99, 0xCE, 0x10, 0xA2, 0x77, 0x53, 0xE7, 0xE9, 0xC0, 0x9A}; /* N r p mx key keylen */ ret = EVP_PBE_scrypt(pwd, pwdlen, salt, saltlen, 0, 1, 1, 0, key, 64); AssertIntEQ(ret, 0); /* N must be greater than 1 */ ret = EVP_PBE_scrypt(pwd, pwdlen, salt, saltlen, 3, 1, 1, 0, key, 64); AssertIntEQ(ret, 0); /* N must be power of 2 */ ret = EVP_PBE_scrypt(pwd, pwdlen, salt, saltlen, 2, 0, 1, 0, key, 64); AssertIntEQ(ret, 0); /* r must be greater than 0 */ ret = EVP_PBE_scrypt(pwd, pwdlen, salt, saltlen, 2, 1, 0, 0, key, 64); AssertIntEQ(ret, 0); /* p must be greater than 0 */ ret = EVP_PBE_scrypt(pwd, pwdlen, salt, saltlen, 2, 1, 1, 0, key, 0); AssertIntEQ(ret, 0); /* keylen must be greater than 0 */ ret = EVP_PBE_scrypt(pwd, pwdlen, salt, saltlen, 2, 9, 1, 0, key, 64); AssertIntEQ(ret, 0); /* r must be smaller than 9 */ ret = EVP_PBE_scrypt(pwd, pwdlen, salt, saltlen, 2, 1, 1, 0, NULL, 64); AssertIntEQ(ret, 1); /* should succeed if key is NULL */ ret = EVP_PBE_scrypt(pwd, pwdlen, salt, saltlen, 2, 1, 1, 0, key, 64); AssertIntEQ(ret, 1); /* should succeed */ ret = EVP_PBE_scrypt(pwd, pwdlen, salt, saltlen, 2, numOvr32, 1, 0, key, 64); AssertIntEQ(ret, 0); /* should fail since r is greater than INT32_MAC */ ret = EVP_PBE_scrypt(pwd, pwdlen, salt, saltlen, 2, 1, numOvr32, 0, key, 64); AssertIntEQ(ret, 0); /* should fail since p is greater than INT32_MAC */ ret = EVP_PBE_scrypt(pwd, pwdlen, NULL, 0, 2, 1, 1, 0, key, 64); AssertIntEQ(ret, 1); /* should succeed even if salt is NULL */ ret = EVP_PBE_scrypt(pwd, pwdlen, NULL, 4, 2, 1, 1, 0, key, 64); AssertIntEQ(ret, 0); /* if salt is NULL, saltlen must be 0, otherwise fail*/ ret = EVP_PBE_scrypt(NULL, 0, salt, saltlen, 2, 1, 1, 0, key, 64); AssertIntEQ(ret, 1); /* should succeed if pwd is NULL and pwdlen is 0*/ ret = EVP_PBE_scrypt(NULL, 4, salt, saltlen, 2, 1, 1, 0, key, 64); AssertIntEQ(ret, 0); /* if pwd is NULL, pwdlen must be 0 */ ret = EVP_PBE_scrypt(NULL, 0, NULL, 0, 2, 1, 1, 0, key, 64); AssertIntEQ(ret, 1); /* should succeed even both pwd and salt are NULL */ ret = EVP_PBE_scrypt(pwd, pwdlen, salt, saltlen, 16, 1, 1, 0, key, 64); AssertIntEQ(ret, 1); ret = XMEMCMP(expectedKey, key, sizeof(expectedKey)); AssertIntEQ(ret, 0); /* derived key must be the same as expected-key */ res = TEST_RES_CHECK(1); #endif /* !NO_PWDBASED && !NO_SHA256 */ #endif /* OPENSSL_EXTRA && HAVE_SCRYPT && HAVE_PBKDF2 */ return res; } static int test_no_op_functions(void) { int res = TEST_SKIPPED; #if defined(OPENSSL_EXTRA) /* this makes sure wolfSSL can compile and run these no-op functions */ SSL_load_error_strings(); ENGINE_load_builtin_engines(); OpenSSL_add_all_ciphers(); AssertIntEQ(CRYPTO_malloc_init(), 0); res = TEST_RES_CHECK(1); #endif return res; } static int test_wolfSSL_CRYPTO_memcmp(void) { int res = TEST_SKIPPED; #ifdef OPENSSL_EXTRA char a[] = "wolfSSL (formerly CyaSSL) is a small, fast, portable " "implementation of TLS/SSL for embedded devices to the cloud."; char b[] = "wolfSSL (formerly CyaSSL) is a small, fast, portable " "implementation of TLS/SSL for embedded devices to the cloud."; char c[] = "wolfSSL (formerly CyaSSL) is a small, fast, portable " "implementation of TLS/SSL for embedded devices to the cloud!"; AssertIntEQ(CRYPTO_memcmp(a, b, sizeof(a)), 0); AssertIntNE(CRYPTO_memcmp(a, c, sizeof(a)), 0); res = TEST_RES_CHECK(1); #endif return res; } /*----------------------------------------------------------------------------* | wolfCrypt ASN *----------------------------------------------------------------------------*/ static int test_wc_CreateEncryptedPKCS8Key(void) { int res = TEST_SKIPPED; #if defined(HAVE_PKCS8) && !defined(NO_PWDBASED) && defined(WOLFSSL_AES_256) \ && !defined(NO_AES_CBC) && !defined(NO_RSA) && !defined(NO_SHA) WC_RNG rng; byte* encKey = NULL; word32 encKeySz = 0; word32 decKeySz = 0; const char password[] = "Lorem ipsum dolor sit amet"; word32 passwordSz = (word32)XSTRLEN(password); word32 tradIdx = 0; AssertIntEQ(wc_InitRng(&rng), 0); /* Call with NULL for out buffer to get necessary length. */ AssertIntEQ(wc_CreateEncryptedPKCS8Key((byte*)server_key_der_2048, sizeof_server_key_der_2048, NULL, &encKeySz, password, passwordSz, PKCS5, PBES2, AES256CBCb, NULL, 0, WC_PKCS12_ITT_DEFAULT, &rng, NULL), LENGTH_ONLY_E); AssertNotNull(encKey = (byte*)XMALLOC(encKeySz, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER)); /* Call with the allocated out buffer. */ AssertIntGT(wc_CreateEncryptedPKCS8Key((byte*)server_key_der_2048, sizeof_server_key_der_2048, encKey, &encKeySz, password, passwordSz, PKCS5, PBES2, AES256CBCb, NULL, 0, WC_PKCS12_ITT_DEFAULT, &rng, NULL), 0); /* Decrypt the encrypted PKCS8 key we just made. */ AssertIntGT((decKeySz = wc_DecryptPKCS8Key(encKey, encKeySz, password, passwordSz)), 0); /* encKey now holds the decrypted key (decrypted in place). */ AssertIntGT(wc_GetPkcs8TraditionalOffset(encKey, &tradIdx, decKeySz), 0); /* Check that the decrypted key matches the key prior to encryption. */ AssertIntEQ(XMEMCMP(encKey + tradIdx, server_key_der_2048, sizeof_server_key_der_2048), 0); if (encKey != NULL) XFREE(encKey, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); wc_FreeRng(&rng); res = TEST_RES_CHECK(1); #endif return res; } static int test_wc_GetPkcs8TraditionalOffset(void) { int res = TEST_SKIPPED; #if !defined(NO_ASN) && !defined(NO_FILESYSTEM) && defined(HAVE_PKCS8) int length, derSz; word32 inOutIdx; const char* path = "./certs/server-keyPkcs8.der"; XFILE file; byte der[2048]; file = XFOPEN(path, "rb"); AssertTrue(file != XBADFILE); derSz = (int)XFREAD(der, 1, sizeof(der), file); XFCLOSE(file); /* valid case */ inOutIdx = 0; length = wc_GetPkcs8TraditionalOffset(der, &inOutIdx, derSz); AssertIntGT(length, 0); /* inOutIdx > sz */ inOutIdx = 4000; length = wc_GetPkcs8TraditionalOffset(der, &inOutIdx, derSz); AssertIntEQ(length, BAD_FUNC_ARG); /* null input */ inOutIdx = 0; length = wc_GetPkcs8TraditionalOffset(NULL, &inOutIdx, 0); AssertIntEQ(length, BAD_FUNC_ARG); /* invalid input, fill buffer with 1's */ XMEMSET(der, 1, sizeof(der)); inOutIdx = 0; length = wc_GetPkcs8TraditionalOffset(der, &inOutIdx, derSz); AssertIntEQ(length, ASN_PARSE_E); res = TEST_RES_CHECK(1); #endif /* NO_ASN */ return res; } static int test_wc_SetSubjectRaw(void) { int res = TEST_SKIPPED; #if !defined(NO_ASN) && !defined(NO_FILESYSTEM) && defined(OPENSSL_EXTRA) && \ defined(WOLFSSL_CERT_GEN) && defined(WOLFSSL_CERT_EXT) && !defined(NO_RSA) const char* joiCertFile = "./certs/test/cert-ext-joi.der"; WOLFSSL_X509* x509; int peerCertSz; const byte* peerCertBuf; Cert forgedCert; AssertNotNull(x509 = wolfSSL_X509_load_certificate_file(joiCertFile, WOLFSSL_FILETYPE_ASN1)); AssertNotNull(peerCertBuf = wolfSSL_X509_get_der(x509, &peerCertSz)); AssertIntEQ(0, wc_InitCert(&forgedCert)); AssertIntEQ(0, wc_SetSubjectRaw(&forgedCert, peerCertBuf, peerCertSz)); wolfSSL_FreeX509(x509); res = TEST_RES_CHECK(1); #endif return res; } static int test_wc_GetSubjectRaw(void) { int res = TEST_SKIPPED; #if !defined(NO_ASN) && !defined(NO_FILESYSTEM) && defined(OPENSSL_EXTRA) && \ defined(WOLFSSL_CERT_GEN) && defined(WOLFSSL_CERT_EXT) Cert cert; byte *subjectRaw; AssertIntEQ(0, wc_InitCert(&cert)); AssertIntEQ(0, wc_GetSubjectRaw(&subjectRaw, &cert)); res = TEST_RES_CHECK(1); #endif return res; } static int test_wc_SetIssuerRaw(void) { int res = TEST_SKIPPED; #if !defined(NO_ASN) && !defined(NO_FILESYSTEM) && defined(OPENSSL_EXTRA) && \ defined(WOLFSSL_CERT_GEN) && defined(WOLFSSL_CERT_EXT) && !defined(NO_RSA) const char* joiCertFile = "./certs/test/cert-ext-joi.der"; WOLFSSL_X509* x509; int peerCertSz; const byte* peerCertBuf; Cert forgedCert; AssertNotNull(x509 = wolfSSL_X509_load_certificate_file(joiCertFile, WOLFSSL_FILETYPE_ASN1)); AssertNotNull(peerCertBuf = wolfSSL_X509_get_der(x509, &peerCertSz)); AssertIntEQ(0, wc_InitCert(&forgedCert)); AssertIntEQ(0, wc_SetIssuerRaw(&forgedCert, peerCertBuf, peerCertSz)); wolfSSL_FreeX509(x509); res = TEST_RES_CHECK(1); #endif return res; } static int test_wc_SetIssueBuffer(void) { int res = TEST_SKIPPED; #if !defined(NO_ASN) && !defined(NO_FILESYSTEM) && defined(OPENSSL_EXTRA) && \ defined(WOLFSSL_CERT_GEN) && defined(WOLFSSL_CERT_EXT) && !defined(NO_RSA) const char* joiCertFile = "./certs/test/cert-ext-joi.der"; WOLFSSL_X509* x509; int peerCertSz; const byte* peerCertBuf; Cert forgedCert; AssertNotNull(x509 = wolfSSL_X509_load_certificate_file(joiCertFile, WOLFSSL_FILETYPE_ASN1)); AssertNotNull(peerCertBuf = wolfSSL_X509_get_der(x509, &peerCertSz)); AssertIntEQ(0, wc_InitCert(&forgedCert)); AssertIntEQ(0, wc_SetIssuerBuffer(&forgedCert, peerCertBuf, peerCertSz)); wolfSSL_FreeX509(x509); res = TEST_RES_CHECK(1); #endif return res; } /* * Testing wc_SetSubjectKeyId */ static int test_wc_SetSubjectKeyId(void) { int res = TEST_SKIPPED; #if !defined(NO_ASN) && !defined(NO_FILESYSTEM) && defined(OPENSSL_EXTRA) && \ defined(WOLFSSL_CERT_GEN) && defined(WOLFSSL_CERT_EXT) && defined(HAVE_ECC) Cert cert; const char* file = "certs/ecc-client-keyPub.pem"; AssertIntEQ(0, wc_InitCert(&cert)); AssertIntEQ(0, wc_SetSubjectKeyId(&cert, file)); AssertIntEQ(BAD_FUNC_ARG, wc_SetSubjectKeyId(NULL, file)); AssertIntGT(0, wc_SetSubjectKeyId(&cert, "badfile.name")); res = TEST_RES_CHECK(1); #endif return res; } /* END test_wc_SetSubjectKeyId */ /* * Testing wc_SetSubject */ static int test_wc_SetSubject(void) { int res = TEST_SKIPPED; #if !defined(NO_ASN) && !defined(NO_FILESYSTEM) && defined(OPENSSL_EXTRA) && \ defined(WOLFSSL_CERT_GEN) && defined(WOLFSSL_CERT_EXT) && defined(HAVE_ECC) Cert cert; const char* file = "./certs/ca-ecc-cert.pem"; AssertIntEQ(0, wc_InitCert(&cert)); AssertIntEQ(0, wc_SetSubject(&cert, file)); AssertIntEQ(BAD_FUNC_ARG, wc_SetSubject(NULL, file)); AssertIntGT(0, wc_SetSubject(&cert, "badfile.name")); res = TEST_RES_CHECK(1); #endif return res; } /* END test_wc_SetSubject */ static int test_CheckCertSignature(void) { int res = TEST_SKIPPED; #if !defined(NO_CERTS) && defined(WOLFSSL_SMALL_CERT_VERIFY) WOLFSSL_CERT_MANAGER* cm = NULL; #if !defined(NO_FILESYSTEM) && (!defined(NO_RSA) || defined(HAVE_ECC)) FILE* fp; byte cert[4096]; int certSz; #endif AssertIntEQ(BAD_FUNC_ARG, CheckCertSignature(NULL, 0, NULL, NULL)); AssertNotNull(cm = wolfSSL_CertManagerNew_ex(NULL)); AssertIntEQ(BAD_FUNC_ARG, CheckCertSignature(NULL, 0, NULL, cm)); #ifndef NO_RSA #ifdef USE_CERT_BUFFERS_1024 AssertIntEQ(ASN_NO_SIGNER_E, CheckCertSignature(server_cert_der_1024, sizeof_server_cert_der_1024, NULL, cm)); AssertIntEQ(WOLFSSL_SUCCESS, wolfSSL_CertManagerLoadCABuffer(cm, ca_cert_der_1024, sizeof_ca_cert_der_1024, WOLFSSL_FILETYPE_ASN1)); AssertIntEQ(0, CheckCertSignature(server_cert_der_1024, sizeof_server_cert_der_1024, NULL, cm)); #elif defined(USE_CERT_BUFFERS_2048) AssertIntEQ(ASN_NO_SIGNER_E, CheckCertSignature(server_cert_der_2048, sizeof_server_cert_der_2048, NULL, cm)); AssertIntEQ(WOLFSSL_SUCCESS, wolfSSL_CertManagerLoadCABuffer(cm, ca_cert_der_2048, sizeof_ca_cert_der_2048, WOLFSSL_FILETYPE_ASN1)); AssertIntEQ(0, CheckCertSignature(server_cert_der_2048, sizeof_server_cert_der_2048, NULL, cm)); #endif #endif #if defined(HAVE_ECC) && defined(USE_CERT_BUFFERS_256) AssertIntEQ(ASN_NO_SIGNER_E, CheckCertSignature(serv_ecc_der_256, sizeof_serv_ecc_der_256, NULL, cm)); AssertIntEQ(WOLFSSL_SUCCESS, wolfSSL_CertManagerLoadCABuffer(cm, ca_ecc_cert_der_256, sizeof_ca_ecc_cert_der_256, WOLFSSL_FILETYPE_ASN1)); AssertIntEQ(0, CheckCertSignature(serv_ecc_der_256, sizeof_serv_ecc_der_256, NULL, cm)); #endif #if !defined(NO_FILESYSTEM) wolfSSL_CertManagerFree(cm); AssertNotNull(cm = wolfSSL_CertManagerNew_ex(NULL)); #ifndef NO_RSA AssertNotNull(fp = XFOPEN("./certs/server-cert.der", "rb")); AssertIntGT((certSz = (int)XFREAD(cert, 1, sizeof(cert), fp)), 0); XFCLOSE(fp); AssertIntEQ(ASN_NO_SIGNER_E, CheckCertSignature(cert, certSz, NULL, cm)); AssertIntEQ(WOLFSSL_SUCCESS, wolfSSL_CertManagerLoadCA(cm, "./certs/ca-cert.pem", NULL)); AssertIntEQ(0, CheckCertSignature(cert, certSz, NULL, cm)); #endif #ifdef HAVE_ECC AssertNotNull(fp = XFOPEN("./certs/server-ecc.der", "rb")); AssertIntGT((certSz = (int)XFREAD(cert, 1, sizeof(cert), fp)), 0); XFCLOSE(fp); AssertIntEQ(ASN_NO_SIGNER_E, CheckCertSignature(cert, certSz, NULL, cm)); AssertIntEQ(WOLFSSL_SUCCESS, wolfSSL_CertManagerLoadCA(cm, "./certs/ca-ecc-cert.pem", NULL)); AssertIntEQ(0, CheckCertSignature(cert, certSz, NULL, cm)); #endif #endif #if !defined(NO_FILESYSTEM) && (!defined(NO_RSA) || defined(HAVE_ECC)) (void)fp; (void)cert; (void)certSz; #endif wolfSSL_CertManagerFree(cm); res = TEST_RES_CHECK(1); #endif return res; } static int test_wc_ParseCert(void) { int res = TEST_SKIPPED; #if !defined(NO_CERTS) && !defined(NO_RSA) DecodedCert decodedCert; const byte* rawCert = client_cert_der_2048; const int rawCertSize = sizeof_client_cert_der_2048; wc_InitDecodedCert(&decodedCert, rawCert, rawCertSize, NULL); AssertIntEQ(wc_ParseCert(&decodedCert, CERT_TYPE, NO_VERIFY, NULL), 0); #ifndef IGNORE_NAME_CONSTRAINTS /* check that the subjects emailAddress was not put in the alt name list */ AssertNotNull(decodedCert.subjectEmail); AssertNull(decodedCert.altEmailNames); #endif wc_FreeDecodedCert(&decodedCert); res = TEST_RES_CHECK(1); #endif return res; } /* Test wc_ParseCert decoding of various encodings and scenarios ensuring that * the API safely errors out on badly-formed ASN input. * NOTE: Test not compatible with released FIPS implementations! */ static int test_wc_ParseCert_Error(void) { int res = TEST_SKIPPED; #if !defined(NO_CERTS) && !defined(NO_RSA) && !defined(HAVE_SELFTEST) && \ (!defined(HAVE_FIPS) || \ (defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION > 2))) DecodedCert decodedCert; int i; /* Certificate data */ const byte c0[] = { 0x30, 0x04, 0x30, 0x02, 0x02, 0x80, 0x00, 0x00}; const byte c1[] = { 0x30, 0x04, 0x30, 0x04, 0x02, 0x80, 0x00, 0x00}; const byte c2[] = { 0x30, 0x06, 0x30, 0x04, 0x02, 0x80, 0x00, 0x00}; const byte c3[] = { 0x30, 0x07, 0x30, 0x05, 0x02, 0x80, 0x10, 0x00, 0x00}; const byte c4[] = { 0x02, 0x80, 0x10, 0x00, 0x00}; /* Test data */ const struct testStruct { const byte* c; const int cSz; const int expRet; } t[] = { {c0, sizeof(c0), ASN_PARSE_E}, /* Invalid bit-string length */ {c1, sizeof(c1), ASN_PARSE_E}, /* Invalid bit-string length */ {c2, sizeof(c2), ASN_PARSE_E}, /* Invalid integer length (zero) */ {c3, sizeof(c3), ASN_PARSE_E}, /* Valid INTEGER, but buffer too short */ {c4, sizeof(c4), ASN_PARSE_E}, /* Valid INTEGER, but not in bit-string */ }; const int tSz = (int)(sizeof(t) / sizeof(struct testStruct)); for (i = 0; i < tSz; i++) { WOLFSSL_MSG_EX("i == %d", i); wc_InitDecodedCert(&decodedCert, t[i].c, t[i].cSz, NULL); AssertIntEQ(wc_ParseCert(&decodedCert, CERT_TYPE, NO_VERIFY, NULL), t[i].expRet); wc_FreeDecodedCert(&decodedCert); } res = TEST_RES_CHECK(1); #endif return res; } static int test_MakeCertWithPathLen(void) { int res = TEST_SKIPPED; #if defined(WOLFSSL_CERT_REQ) && !defined(NO_ASN_TIME) && \ defined(WOLFSSL_CERT_GEN) && defined(HAVE_ECC) const byte expectedPathLen = 7; Cert cert; DecodedCert decodedCert; byte der[FOURK_BUF]; int derSize = 0; WC_RNG rng; ecc_key key; AssertIntEQ(wc_InitRng(&rng), 0); AssertIntEQ(wc_ecc_init(&key), 0); AssertIntEQ(wc_ecc_make_key(&rng, 32, &key), 0); AssertIntEQ(wc_InitCert(&cert), 0); (void)XSTRNCPY(cert.subject.country, "US", CTC_NAME_SIZE); (void)XSTRNCPY(cert.subject.state, "state", CTC_NAME_SIZE); (void)XSTRNCPY(cert.subject.locality, "Bozeman", CTC_NAME_SIZE); (void)XSTRNCPY(cert.subject.org, "yourOrgNameHere", CTC_NAME_SIZE); (void)XSTRNCPY(cert.subject.unit, "yourUnitNameHere", CTC_NAME_SIZE); (void)XSTRNCPY(cert.subject.commonName, "www.yourDomain.com", CTC_NAME_SIZE); (void)XSTRNCPY(cert.subject.email, "yourEmail@yourDomain.com", CTC_NAME_SIZE); cert.selfSigned = 1; cert.isCA = 1; cert.pathLen = expectedPathLen; cert.pathLenSet = 1; cert.sigType = CTC_SHA256wECDSA; #ifdef WOLFSSL_CERT_EXT cert.keyUsage |= KEYUSE_KEY_CERT_SIGN; #endif AssertIntGE(wc_MakeCert(&cert, der, FOURK_BUF, NULL, &key, &rng), 0); derSize = wc_SignCert(cert.bodySz, cert.sigType, der, FOURK_BUF, NULL, &key, &rng); AssertIntGE(derSize, 0); wc_InitDecodedCert(&decodedCert, der, derSize, NULL); AssertIntEQ(wc_ParseCert(&decodedCert, CERT_TYPE, NO_VERIFY, NULL), 0); AssertIntEQ(decodedCert.pathLength, expectedPathLen); wc_FreeDecodedCert(&decodedCert); AssertIntEQ(wc_ecc_free(&key), 0); AssertIntEQ(wc_FreeRng(&rng), 0); res = TEST_RES_CHECK(1); #endif return res; } /*----------------------------------------------------------------------------* | wolfCrypt ECC *----------------------------------------------------------------------------*/ static int test_wc_ecc_get_curve_size_from_name(void) { int res = TEST_SKIPPED; #ifdef HAVE_ECC int ret; #if !defined(NO_ECC256) && !defined(NO_ECC_SECP) ret = wc_ecc_get_curve_size_from_name("SECP256R1"); AssertIntEQ(ret, 32); #endif /* invalid case */ ret = wc_ecc_get_curve_size_from_name("BADCURVE"); AssertIntEQ(ret, -1); /* NULL input */ ret = wc_ecc_get_curve_size_from_name(NULL); AssertIntEQ(ret, BAD_FUNC_ARG); res = TEST_RES_CHECK(1); #endif /* HAVE_ECC */ return res; } static int test_wc_ecc_get_curve_id_from_name(void) { int res = TEST_SKIPPED; #ifdef HAVE_ECC int id; #if !defined(NO_ECC256) && !defined(NO_ECC_SECP) id = wc_ecc_get_curve_id_from_name("SECP256R1"); AssertIntEQ(id, ECC_SECP256R1); #endif /* invalid case */ id = wc_ecc_get_curve_id_from_name("BADCURVE"); AssertIntEQ(id, -1); /* NULL input */ id = wc_ecc_get_curve_id_from_name(NULL); AssertIntEQ(id, BAD_FUNC_ARG); res = TEST_RES_CHECK(1); #endif /* HAVE_ECC */ return res; } #if defined(OPENSSL_EXTRA) && defined(HAVE_ECC) && \ !defined(HAVE_SELFTEST) && \ !(defined(HAVE_FIPS) || defined(HAVE_FIPS_VERSION)) static int test_wc_ecc_get_curve_id_from_dp_params(void) { int id; #if !defined(NO_ECC256) && !defined(NO_ECC_SECP) int curve_id; ecc_key* key; const ecc_set_type* params; int ret; #endif WOLFSSL_EC_KEY *ecKey = NULL; #if !defined(NO_ECC256) && !defined(NO_ECC_SECP) id = wc_ecc_get_curve_id_from_name("SECP256R1"); AssertIntEQ(id, ECC_SECP256R1); ecKey = EC_KEY_new_by_curve_name(NID_X9_62_prime256v1); AssertNotNull(ecKey); ret = EC_KEY_generate_key(ecKey); if (ret == 0) { /* normal test */ key = (ecc_key*)ecKey->internal; params = key->dp; curve_id = wc_ecc_get_curve_id_from_dp_params(params); AssertIntEQ(curve_id, id); } #endif /* invalid case, NULL input*/ id = wc_ecc_get_curve_id_from_dp_params(NULL); AssertIntEQ(id, BAD_FUNC_ARG); wolfSSL_EC_KEY_free(ecKey); return TEST_RES_CHECK(1); } #endif /* defined(OPENSSL_EXTRA) && defined(HAVE_ECC) */ static int test_wc_ecc_get_curve_id_from_params(void) { int res = TEST_SKIPPED; #ifdef HAVE_ECC int id; const byte prime[] = { 0xFF,0xFF,0xFF,0xFF,0x00,0x00,0x00,0x01, 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, 0x00,0x00,0x00,0x00,0xFF,0xFF,0xFF,0xFF, 0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF }; const byte primeInvalid[] = { 0xFF,0xFF,0xFF,0xFF,0x00,0x00,0x00,0x01, 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, 0x00,0x00,0x00,0x00,0xFF,0xFF,0xFF,0xFF, 0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0x01,0x01 }; const byte Af[] = { 0xFF,0xFF,0xFF,0xFF,0x00,0x00,0x00,0x01, 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, 0x00,0x00,0x00,0x00,0xFF,0xFF,0xFF,0xFF, 0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFC }; const byte Bf[] = { 0x5A,0xC6,0x35,0xD8,0xAA,0x3A,0x93,0xE7, 0xB3,0xEB,0xBD,0x55,0x76,0x98,0x86,0xBC, 0x65,0x1D,0x06,0xB0,0xCC,0x53,0xB0,0xF6, 0x3B,0xCE,0x3C,0x3E,0x27,0xD2,0x60,0x4B }; const byte order[] = { 0xFF,0xFF,0xFF,0xFF,0x00,0x00,0x00,0x00, 0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF, 0xBC,0xE6,0xFA,0xAD,0xA7,0x17,0x9E,0x84, 0xF3,0xB9,0xCA,0xC2,0xFC,0x63,0x25,0x51 }; const byte Gx[] = { 0x6B,0x17,0xD1,0xF2,0xE1,0x2C,0x42,0x47, 0xF8,0xBC,0xE6,0xE5,0x63,0xA4,0x40,0xF2, 0x77,0x03,0x7D,0x81,0x2D,0xEB,0x33,0xA0, 0xF4,0xA1,0x39,0x45,0xD8,0x98,0xC2,0x96 }; const byte Gy[] = { 0x4F,0xE3,0x42,0xE2,0xFE,0x1A,0x7F,0x9B, 0x8E,0xE7,0xEB,0x4A,0x7C,0x0F,0x9E,0x16, 0x2B,0xCE,0x33,0x57,0x6B,0x31,0x5E,0xCE, 0xCB,0xB6,0x40,0x68,0x37,0xBF,0x51,0xF5 }; int cofactor = 1; int fieldSize = 256; #if !defined(NO_ECC256) && !defined(NO_ECC_SECP) id = wc_ecc_get_curve_id_from_params(fieldSize, prime, sizeof(prime), Af, sizeof(Af), Bf, sizeof(Bf), order, sizeof(order), Gx, sizeof(Gx), Gy, sizeof(Gy), cofactor); AssertIntEQ(id, ECC_SECP256R1); #endif /* invalid case, fieldSize = 0 */ id = wc_ecc_get_curve_id_from_params(0, prime, sizeof(prime), Af, sizeof(Af), Bf, sizeof(Bf), order, sizeof(order), Gx, sizeof(Gx), Gy, sizeof(Gy), cofactor); AssertIntEQ(id, ECC_CURVE_INVALID); /* invalid case, NULL prime */ id = wc_ecc_get_curve_id_from_params(fieldSize, NULL, sizeof(prime), Af, sizeof(Af), Bf, sizeof(Bf), order, sizeof(order), Gx, sizeof(Gx), Gy, sizeof(Gy), cofactor); AssertIntEQ(id, BAD_FUNC_ARG); /* invalid case, invalid prime */ id = wc_ecc_get_curve_id_from_params(fieldSize, primeInvalid, sizeof(primeInvalid), Af, sizeof(Af), Bf, sizeof(Bf), order, sizeof(order), Gx, sizeof(Gx), Gy, sizeof(Gy), cofactor); AssertIntEQ(id, ECC_CURVE_INVALID); res = TEST_RES_CHECK(1); #endif return res; } static int test_wolfSSL_EVP_PKEY_encrypt(void) { int res = TEST_SKIPPED; #if defined(OPENSSL_EXTRA) && !defined(NO_RSA) && defined(WOLFSSL_KEY_GEN) && \ !defined(HAVE_FAST_RSA) WOLFSSL_RSA* rsa = NULL; WOLFSSL_EVP_PKEY* pkey = NULL; WOLFSSL_EVP_PKEY_CTX* ctx = NULL; const char* in = "What is easy to do is easy not to do."; size_t inlen = XSTRLEN(in); size_t outEncLen = 0; byte* outEnc = NULL; byte* outDec = NULL; size_t outDecLen = 0; size_t rsaKeySz = 2048/8; /* Bytes */ #if !defined(HAVE_FIPS) && defined(WC_RSA_NO_PADDING) byte* inTmp = NULL; byte* outEncTmp = NULL; byte* outDecTmp = NULL; #endif AssertNotNull(outEnc = (byte*)XMALLOC(rsaKeySz, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER)); XMEMSET(outEnc, 0, rsaKeySz); AssertNotNull(outDec = (byte*)XMALLOC(rsaKeySz, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER)); XMEMSET(outDec, 0, rsaKeySz); AssertNotNull(rsa = RSA_generate_key(2048, 3, NULL, NULL)); AssertNotNull(pkey = wolfSSL_EVP_PKEY_new()); AssertIntEQ(EVP_PKEY_assign_RSA(pkey, rsa), WOLFSSL_SUCCESS); AssertNotNull(ctx = EVP_PKEY_CTX_new(pkey, NULL)); AssertIntEQ(EVP_PKEY_encrypt_init(ctx), WOLFSSL_SUCCESS); AssertIntEQ(EVP_PKEY_CTX_set_rsa_padding(ctx, RSA_PKCS1_PADDING), WOLFSSL_SUCCESS); /* Test pkey references count is decremented. pkey shouldn't be destroyed since ctx uses it.*/ AssertIntEQ(pkey->ref.count, 2); EVP_PKEY_free(pkey); AssertIntEQ(pkey->ref.count, 1); /* Encrypt data */ /* Check that we can get the required output buffer length by passing in a * NULL output buffer. */ AssertIntEQ(EVP_PKEY_encrypt(ctx, NULL, &outEncLen, (const unsigned char*)in, inlen), WOLFSSL_SUCCESS); AssertIntEQ(rsaKeySz, outEncLen); /* Now do the actual encryption. */ AssertIntEQ(EVP_PKEY_encrypt(ctx, outEnc, &outEncLen, (const unsigned char*)in, inlen), WOLFSSL_SUCCESS); /* Decrypt data */ AssertIntEQ(EVP_PKEY_decrypt_init(ctx), WOLFSSL_SUCCESS); /* Check that we can get the required output buffer length by passing in a * NULL output buffer. */ AssertIntEQ(EVP_PKEY_decrypt(ctx, NULL, &outDecLen, outEnc, outEncLen), WOLFSSL_SUCCESS); AssertIntEQ(rsaKeySz, outDecLen); /* Now do the actual decryption. */ AssertIntEQ(EVP_PKEY_decrypt(ctx, outDec, &outDecLen, outEnc, outEncLen), WOLFSSL_SUCCESS); AssertIntEQ(XMEMCMP(in, outDec, outDecLen), 0); #if !defined(HAVE_FIPS) && defined(WC_RSA_NO_PADDING) /* The input length must be the same size as the RSA key.*/ AssertNotNull(inTmp = (byte*)XMALLOC(rsaKeySz, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER)); XMEMSET(inTmp, 9, rsaKeySz); AssertNotNull(outEncTmp = (byte*)XMALLOC(rsaKeySz, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER)); XMEMSET(outEncTmp, 0, rsaKeySz); AssertNotNull(outDecTmp = (byte*)XMALLOC(rsaKeySz, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER)); XMEMSET(outDecTmp, 0, rsaKeySz); AssertIntEQ(EVP_PKEY_encrypt_init(ctx), WOLFSSL_SUCCESS); AssertIntEQ(EVP_PKEY_CTX_set_rsa_padding(ctx, RSA_NO_PADDING), WOLFSSL_SUCCESS); AssertIntEQ(EVP_PKEY_encrypt(ctx, outEncTmp, &outEncLen, inTmp, rsaKeySz), WOLFSSL_SUCCESS); AssertIntEQ(EVP_PKEY_decrypt_init(ctx), WOLFSSL_SUCCESS); AssertIntEQ(EVP_PKEY_decrypt(ctx, outDecTmp, &outDecLen, outEncTmp, outEncLen), WOLFSSL_SUCCESS); AssertIntEQ(XMEMCMP(inTmp, outDecTmp, outDecLen), 0); #endif EVP_PKEY_CTX_free(ctx); XFREE(outEnc, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); XFREE(outDec, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); #if !defined(HAVE_FIPS) && defined(WC_RSA_NO_PADDING) XFREE(inTmp, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); XFREE(outEncTmp, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); XFREE(outDecTmp, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); #endif res = TEST_RES_CHECK(1); #endif return res; } static int test_wolfSSL_EVP_PKEY_sign_verify(void) { int res = TEST_SKIPPED; #if defined(OPENSSL_EXTRA) #if !defined (NO_DSA) && !defined(HAVE_SELFTEST) && defined(WOLFSSL_KEY_GEN) WOLFSSL_DSA* dsa = NULL; #endif /* !NO_DSA && !HAVE_SELFTEST && WOLFSSL_KEY_GEN */ WOLFSSL_EVP_PKEY* pkey = NULL; WOLFSSL_EVP_PKEY_CTX* ctx = NULL; WOLFSSL_EVP_PKEY_CTX* ctx_verify = NULL; const char* in = "What is easy to do is easy not to do."; size_t inlen = XSTRLEN(in); byte hash[SHA256_DIGEST_LENGTH] = {0}; byte zero[SHA256_DIGEST_LENGTH] = {0}; SHA256_CTX c; byte* sig = NULL; byte* sigVerify = NULL; size_t siglen; size_t siglenOnlyLen; size_t keySz = 2048/8; /* Bytes */ int i; int encs[3] = {0}; #if defined(OPENSSL_EXTRA) && !defined(NO_RSA) && defined(WOLFSSL_KEY_GEN) && \ !defined(HAVE_FAST_RSA) && !defined(HAVE_SELFTEST) #if !defined(HAVE_FIPS) || (defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION>2)) encs[0] = EVP_PKEY_RSA; #endif #endif #if !defined (NO_DSA) && !defined(HAVE_SELFTEST) && defined(WOLFSSL_KEY_GEN) encs[1] = EVP_PKEY_DSA; #endif /* !NO_DSA && !HAVE_SELFTEST && WOLFSSL_KEY_GEN */ #if defined(OPENSSL_EXTRA) && defined(HAVE_ECC) #if !defined(HAVE_FIPS) || (defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION>2)) encs[2] = EVP_PKEY_EC; #endif #endif AssertNotNull(sig = (byte*)XMALLOC(keySz, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER)); AssertNotNull(sigVerify = (byte*)XMALLOC(keySz, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER)); for (i = 0; i < 3; i++) { if (encs[i] == 0) continue; siglen = keySz; XMEMSET(sig, 0, keySz); XMEMSET(sigVerify, 0, keySz); /* Generate hash */ SHA256_Init(&c); SHA256_Update(&c, in, inlen); SHA256_Final(hash, &c); #ifdef WOLFSSL_SMALL_STACK_CACHE /* workaround for small stack cache case */ wc_Sha256Free((wc_Sha256*)&c); #endif /* Generate key */ AssertNotNull(pkey = EVP_PKEY_new()); switch (encs[i]) { case EVP_PKEY_RSA: #if defined(OPENSSL_EXTRA) && !defined(NO_RSA) && defined(WOLFSSL_KEY_GEN) && \ !defined(HAVE_FAST_RSA) && !defined(HAVE_SELFTEST) #if !defined(HAVE_FIPS) || (defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION>2)) { WOLFSSL_RSA* rsa = NULL; AssertNotNull(rsa = RSA_generate_key(2048, 3, NULL, NULL)); AssertIntEQ(EVP_PKEY_assign_RSA(pkey, rsa), WOLFSSL_SUCCESS); } #endif #endif break; case EVP_PKEY_DSA: #if !defined (NO_DSA) && !defined(HAVE_SELFTEST) && defined(WOLFSSL_KEY_GEN) AssertNotNull(dsa = DSA_new()); AssertIntEQ(DSA_generate_parameters_ex(dsa, 2048, NULL, 0, NULL, NULL, NULL), 1); AssertIntEQ(DSA_generate_key(dsa), 1); AssertIntEQ(EVP_PKEY_set1_DSA(pkey, dsa), WOLFSSL_SUCCESS); #endif /* !NO_DSA && !HAVE_SELFTEST && WOLFSSL_KEY_GEN */ break; case EVP_PKEY_EC: #if defined(OPENSSL_EXTRA) && defined(HAVE_ECC) #if !defined(HAVE_FIPS) || (defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION>2)) { WOLFSSL_EC_KEY* ecKey = NULL; AssertNotNull(ecKey = EC_KEY_new()); AssertIntEQ(EC_KEY_generate_key(ecKey), 1); AssertIntEQ( EVP_PKEY_assign_EC_KEY(pkey, ecKey), WOLFSSL_SUCCESS); } #endif #endif break; } AssertNotNull(ctx = EVP_PKEY_CTX_new(pkey, NULL)); AssertIntEQ(EVP_PKEY_sign_init(ctx), WOLFSSL_SUCCESS); #if defined(OPENSSL_EXTRA) && !defined(NO_RSA) && defined(WOLFSSL_KEY_GEN) && \ !defined(HAVE_FAST_RSA) && !defined(HAVE_SELFTEST) #if !defined(HAVE_FIPS) || (defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION>2)) if (encs[i] == EVP_PKEY_RSA) AssertIntEQ(EVP_PKEY_CTX_set_rsa_padding(ctx, RSA_PKCS1_PADDING), WOLFSSL_SUCCESS); #endif #endif /* Check returning only length */ AssertIntEQ(EVP_PKEY_sign(ctx, NULL, &siglenOnlyLen, hash, SHA256_DIGEST_LENGTH), WOLFSSL_SUCCESS); AssertIntGT(siglenOnlyLen, 0); /* Sign data */ AssertIntEQ(EVP_PKEY_sign(ctx, sig, &siglen, hash, SHA256_DIGEST_LENGTH), WOLFSSL_SUCCESS); AssertIntGE(siglenOnlyLen, siglen); /* Verify signature */ AssertNotNull(ctx_verify = EVP_PKEY_CTX_new(pkey, NULL)); AssertIntEQ(EVP_PKEY_verify_init(ctx_verify), WOLFSSL_SUCCESS); #if defined(OPENSSL_EXTRA) && !defined(NO_RSA) && defined(WOLFSSL_KEY_GEN) && \ !defined(HAVE_FAST_RSA) && !defined(HAVE_SELFTEST) #if !defined(HAVE_FIPS) || (defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION>2)) if (encs[i] == EVP_PKEY_RSA) AssertIntEQ( EVP_PKEY_CTX_set_rsa_padding(ctx_verify, RSA_PKCS1_PADDING), WOLFSSL_SUCCESS); #endif #endif AssertIntEQ(EVP_PKEY_verify( ctx_verify, sig, siglen, hash, SHA256_DIGEST_LENGTH), WOLFSSL_SUCCESS); AssertIntEQ(EVP_PKEY_verify( ctx_verify, sig, siglen, zero, SHA256_DIGEST_LENGTH), WOLFSSL_FAILURE); #if defined(OPENSSL_EXTRA) && !defined(NO_RSA) && defined(WOLFSSL_KEY_GEN) && \ !defined(HAVE_FAST_RSA) && !defined(HAVE_SELFTEST) #if !defined(HAVE_FIPS) || (defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION>2)) if (encs[i] == EVP_PKEY_RSA) { #if defined(WC_RSA_NO_PADDING) || defined(WC_RSA_DIRECT) /* Try RSA sign/verify with no padding. */ AssertIntEQ(EVP_PKEY_sign_init(ctx), WOLFSSL_SUCCESS); AssertIntEQ(EVP_PKEY_CTX_set_rsa_padding(ctx, RSA_NO_PADDING), WOLFSSL_SUCCESS); AssertIntEQ(EVP_PKEY_sign(ctx, sigVerify, &siglen, sig, siglen), WOLFSSL_SUCCESS); AssertIntGE(siglenOnlyLen, siglen); AssertIntEQ(EVP_PKEY_verify_init(ctx_verify), WOLFSSL_SUCCESS); AssertIntEQ(EVP_PKEY_CTX_set_rsa_padding(ctx_verify, RSA_NO_PADDING), WOLFSSL_SUCCESS); AssertIntEQ(EVP_PKEY_verify(ctx_verify, sigVerify, siglen, sig, siglen), WOLFSSL_SUCCESS); #endif /* Wrong padding schemes. */ AssertIntEQ(EVP_PKEY_sign_init(ctx), WOLFSSL_SUCCESS); AssertIntEQ(EVP_PKEY_CTX_set_rsa_padding(ctx, RSA_PKCS1_OAEP_PADDING), WOLFSSL_SUCCESS); AssertIntNE(EVP_PKEY_sign(ctx, sigVerify, &siglen, sig, siglen), WOLFSSL_SUCCESS); AssertIntEQ(EVP_PKEY_verify_init(ctx_verify), WOLFSSL_SUCCESS); AssertIntEQ(EVP_PKEY_CTX_set_rsa_padding(ctx_verify, RSA_PKCS1_OAEP_PADDING), WOLFSSL_SUCCESS); AssertIntNE(EVP_PKEY_verify(ctx_verify, sigVerify, siglen, sig, siglen), WOLFSSL_SUCCESS); AssertIntEQ(EVP_PKEY_CTX_set_rsa_padding(ctx, RSA_PKCS1_PADDING), WOLFSSL_SUCCESS); AssertIntEQ(EVP_PKEY_CTX_set_rsa_padding(ctx_verify, RSA_PKCS1_PADDING), WOLFSSL_SUCCESS); } #endif #endif /* error cases */ siglen = keySz; /* Reset because sig size may vary slightly */ AssertIntNE(EVP_PKEY_sign_init(NULL), WOLFSSL_SUCCESS); AssertIntEQ(EVP_PKEY_sign_init(ctx), WOLFSSL_SUCCESS); AssertIntNE(EVP_PKEY_sign(NULL, sig, &siglen, (byte*)in, inlen), WOLFSSL_SUCCESS); AssertIntEQ(EVP_PKEY_sign(ctx, sig, &siglen, (byte*)in, inlen), WOLFSSL_SUCCESS); EVP_PKEY_free(pkey); #if !defined (NO_DSA) && !defined(HAVE_SELFTEST) && defined(WOLFSSL_KEY_GEN) DSA_free(dsa); dsa = NULL; #endif /* !NO_DSA && !HAVE_SELFTEST && WOLFSSL_KEY_GEN */ EVP_PKEY_CTX_free(ctx_verify); EVP_PKEY_CTX_free(ctx); } XFREE(sig, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); XFREE(sigVerify, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); res = TEST_RES_CHECK(1); #endif /* OPENSSL_EXTRA */ return res; } static int test_EVP_PKEY_rsa(void) { int res = TEST_SKIPPED; #if defined(OPENSSL_EXTRA) && !defined(NO_RSA) WOLFSSL_RSA* rsa; WOLFSSL_EVP_PKEY* pkey; AssertNotNull(rsa = wolfSSL_RSA_new()); AssertNotNull(pkey = wolfSSL_EVP_PKEY_new()); AssertIntEQ(EVP_PKEY_assign_RSA(NULL, rsa), WOLFSSL_FAILURE); AssertIntEQ(EVP_PKEY_assign_RSA(pkey, NULL), WOLFSSL_FAILURE); AssertIntEQ(EVP_PKEY_assign_RSA(pkey, rsa), WOLFSSL_SUCCESS); AssertPtrEq(EVP_PKEY_get0_RSA(pkey), rsa); wolfSSL_EVP_PKEY_free(pkey); res = TEST_RES_CHECK(1); #endif return res; } static int test_EVP_PKEY_ec(void) { int res = TEST_SKIPPED; #if defined(OPENSSL_EXTRA) && defined(HAVE_ECC) #if !defined(HAVE_FIPS) || (defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION>2)) WOLFSSL_EC_KEY* ecKey; WOLFSSL_EVP_PKEY* pkey; AssertNotNull(ecKey = wolfSSL_EC_KEY_new()); AssertNotNull(pkey = wolfSSL_EVP_PKEY_new()); AssertIntEQ(EVP_PKEY_assign_EC_KEY(NULL, ecKey), WOLFSSL_FAILURE); AssertIntEQ(EVP_PKEY_assign_EC_KEY(pkey, NULL), WOLFSSL_FAILURE); /* Should fail since ecKey is empty */ AssertIntEQ(EVP_PKEY_assign_EC_KEY(pkey, ecKey), WOLFSSL_FAILURE); AssertIntEQ(wolfSSL_EC_KEY_generate_key(ecKey), 1); AssertIntEQ(EVP_PKEY_assign_EC_KEY(pkey, ecKey), WOLFSSL_SUCCESS); wolfSSL_EVP_PKEY_free(pkey); res = TEST_RES_CHECK(1); #endif #endif return res; } static int test_EVP_PKEY_cmp(void) { int res = TEST_SKIPPED; #if defined(OPENSSL_EXTRA) EVP_PKEY *a, *b; const unsigned char *in; #if !defined(NO_RSA) && defined(USE_CERT_BUFFERS_2048) in = client_key_der_2048; AssertNotNull(a = wolfSSL_d2i_PrivateKey(EVP_PKEY_RSA, NULL, &in, (long)sizeof_client_key_der_2048)); in = client_key_der_2048; AssertNotNull(b = wolfSSL_d2i_PrivateKey(EVP_PKEY_RSA, NULL, &in, (long)sizeof_client_key_der_2048)); /* Test success case RSA */ #if defined(WOLFSSL_ERROR_CODE_OPENSSL) AssertIntEQ(EVP_PKEY_cmp(a, b), 1); #else AssertIntEQ(EVP_PKEY_cmp(a, b), 0); #endif /* WOLFSSL_ERROR_CODE_OPENSSL */ EVP_PKEY_free(b); EVP_PKEY_free(a); #endif #if defined(HAVE_ECC) && defined(USE_CERT_BUFFERS_256) in = ecc_clikey_der_256; AssertNotNull(a = wolfSSL_d2i_PrivateKey(EVP_PKEY_EC, NULL, &in, (long)sizeof_ecc_clikey_der_256)); in = ecc_clikey_der_256; AssertNotNull(b = wolfSSL_d2i_PrivateKey(EVP_PKEY_EC, NULL, &in, (long)sizeof_ecc_clikey_der_256)); /* Test success case ECC */ #if defined(WOLFSSL_ERROR_CODE_OPENSSL) AssertIntEQ(EVP_PKEY_cmp(a, b), 1); #else AssertIntEQ(EVP_PKEY_cmp(a, b), 0); #endif /* WOLFSSL_ERROR_CODE_OPENSSL */ EVP_PKEY_free(b); EVP_PKEY_free(a); #endif /* Test failure cases */ #if !defined(NO_RSA) && defined(USE_CERT_BUFFERS_2048) && \ defined(HAVE_ECC) && defined(USE_CERT_BUFFERS_256) in = client_key_der_2048; AssertNotNull(a = wolfSSL_d2i_PrivateKey(EVP_PKEY_RSA, NULL, &in, (long)sizeof_client_key_der_2048)); in = ecc_clikey_der_256; AssertNotNull(b = wolfSSL_d2i_PrivateKey(EVP_PKEY_EC, NULL, &in, (long)sizeof_ecc_clikey_der_256)); #if defined(WOLFSSL_ERROR_CODE_OPENSSL) AssertIntEQ(EVP_PKEY_cmp(a, b), -1); #else AssertIntNE(EVP_PKEY_cmp(a, b), 0); #endif /* WOLFSSL_ERROR_CODE_OPENSSL */ EVP_PKEY_free(b); EVP_PKEY_free(a); #endif /* invalid or empty failure cases */ a = EVP_PKEY_new(); b = EVP_PKEY_new(); #if defined(WOLFSSL_ERROR_CODE_OPENSSL) AssertIntEQ(EVP_PKEY_cmp(NULL, NULL), 0); AssertIntEQ(EVP_PKEY_cmp(a, NULL), 0); AssertIntEQ(EVP_PKEY_cmp(NULL, b), 0); #ifdef NO_RSA /* Type check will fail since RSA is the default EVP key type */ AssertIntEQ(EVP_PKEY_cmp(a, b), -2); #else AssertIntEQ(EVP_PKEY_cmp(a, b), 0); #endif #else AssertIntNE(EVP_PKEY_cmp(NULL, NULL), 0); AssertIntNE(EVP_PKEY_cmp(a, NULL), 0); AssertIntNE(EVP_PKEY_cmp(NULL, b), 0); AssertIntNE(EVP_PKEY_cmp(a, b), 0); #endif EVP_PKEY_free(b); EVP_PKEY_free(a); (void)in; res = TEST_RES_CHECK(1); #endif return res; } static int test_ERR_load_crypto_strings(void) { int res = TEST_SKIPPED; #if defined(OPENSSL_ALL) ERR_load_crypto_strings(); res = TEST_RES_CHECK(1); #endif return res; } #if defined(OPENSSL_ALL) && !defined(NO_CERTS) static void free_x509(X509* x) { AssertIntEQ((x == (X509*)1 || x == (X509*)2), 1); } #endif static int test_sk_X509(void) { int res = TEST_SKIPPED; #if defined(OPENSSL_ALL) && !defined(NO_CERTS) { STACK_OF(X509)* s; AssertNotNull(s = sk_X509_new_null()); AssertIntEQ(sk_X509_num(s), 0); sk_X509_pop_free(s, NULL); AssertNotNull(s = sk_X509_new_null()); AssertIntEQ(sk_X509_num(s), 0); sk_X509_pop_free(s, NULL); AssertNotNull(s = sk_X509_new_null()); sk_X509_push(s, (X509*)1); AssertIntEQ(sk_X509_num(s), 1); AssertIntEQ((sk_X509_value(s, 0) == (X509*)1), 1); sk_X509_push(s, (X509*)2); AssertIntEQ(sk_X509_num(s), 2); AssertIntEQ((sk_X509_value(s, 0) == (X509*)2), 1); AssertIntEQ((sk_X509_value(s, 1) == (X509*)1), 1); sk_X509_push(s, (X509*)2); sk_X509_pop_free(s, free_x509); } { /* Push a list of 10 X509s onto stack, then verify that * value(), push(), shift(), and pop() behave as expected. */ STACK_OF(X509)* s; X509* xList[10]; int i = 0; const int len = (sizeof(xList) / sizeof(xList[0])); for (i = 0; i < len; ++i) AssertNotNull(xList[i] = X509_new()); /* test push, pop, and free */ AssertNotNull(s = sk_X509_new_null()); for (i = 0; i < len; ++i) { sk_X509_push(s, xList[i]); AssertIntEQ(sk_X509_num(s), i + 1); AssertIntEQ((sk_X509_value(s, 0) == xList[i]), 1); AssertIntEQ((sk_X509_value(s, i) == xList[0]), 1); } /* pop returns and removes last pushed on stack, which is index 0 * in sk_x509_value */ for (i = 0; i < len; ++i) { X509 * x = sk_X509_value(s, 0); X509 * y = sk_X509_pop(s); X509 * z = xList[len - 1 - i]; AssertIntEQ((x == y), 1); AssertIntEQ((x == z), 1); AssertIntEQ(sk_X509_num(s), len - 1 - i); } sk_free(s); /* test push, shift, and free */ AssertNotNull(s = sk_X509_new_null()); for (i = 0; i < len; ++i) { sk_X509_push(s, xList[i]); AssertIntEQ(sk_X509_num(s), i + 1); AssertIntEQ((sk_X509_value(s, 0) == xList[i]), 1); AssertIntEQ((sk_X509_value(s, i) == xList[0]), 1); } /* shift returns and removes first pushed on stack, which is index i * in sk_x509_value() */ for (i = 0; i < len; ++i) { X509 * x = sk_X509_value(s, len - 1 - i); X509 * y = sk_X509_shift(s); X509 * z = xList[i]; AssertIntEQ((x == y), 1); AssertIntEQ((x == z), 1); AssertIntEQ(sk_X509_num(s), len - 1 - i); } sk_free(s); for (i = 0; i < len; ++i) X509_free(xList[i]); } res = TEST_RES_CHECK(1); #endif return res; } static int test_sk_X509_CRL(void) { int res = TEST_SKIPPED; #if defined(OPENSSL_ALL) && !defined(NO_CERTS) && defined(HAVE_CRL) X509_CRL* crl; XFILE fp; STACK_OF(X509_CRL)* s; fp = XFOPEN("./certs/crl/crl.pem", "rb"); AssertTrue((fp != XBADFILE)); AssertNotNull(crl = (X509_CRL*)PEM_read_X509_CRL(fp, (X509_CRL **)NULL, NULL, NULL)); XFCLOSE(fp); AssertNotNull(s = sk_X509_CRL_new()); AssertIntEQ(sk_X509_CRL_num(s), 0); AssertIntEQ(sk_X509_CRL_push(s, crl), 1); AssertIntEQ(sk_X509_CRL_num(s), 1); AssertPtrEq(sk_X509_CRL_value(s, 0), crl); sk_X509_CRL_free(s); res = TEST_RES_CHECK(1); #endif return res; } static int test_X509_get_signature_nid(void) { int res = TEST_SKIPPED; #if defined(OPENSSL_EXTRA) && !defined(NO_FILESYSTEM) && !defined(NO_RSA) X509* x509; AssertIntEQ(X509_get_signature_nid(NULL), 0); AssertNotNull(x509 = wolfSSL_X509_load_certificate_file(svrCertFile, SSL_FILETYPE_PEM)); AssertIntEQ(X509_get_signature_nid(x509), NID_sha256WithRSAEncryption); X509_free(x509); res = TEST_RES_CHECK(1); #endif return res; } static int test_X509_REQ(void) { int res = TEST_SKIPPED; #if defined(OPENSSL_ALL) && !defined(NO_CERTS) && \ defined(WOLFSSL_CERT_GEN) && defined(WOLFSSL_CERT_REQ) && !defined(NO_BIO) X509_NAME* name; #ifndef NO_RSA X509_NAME* subject; #endif #if !defined(NO_RSA) || defined(HAVE_ECC) X509_REQ* req; EVP_PKEY* priv; EVP_PKEY* pub; unsigned char* der = NULL; int len; #endif #ifndef NO_RSA EVP_MD_CTX *mctx = NULL; EVP_PKEY_CTX *pkctx = NULL; #ifdef USE_CERT_BUFFERS_1024 const unsigned char* rsaPriv = (const unsigned char*)client_key_der_1024; const unsigned char* rsaPub = (unsigned char*)client_keypub_der_1024; #elif defined(USE_CERT_BUFFERS_2048) const unsigned char* rsaPriv = (const unsigned char*)client_key_der_2048; const unsigned char* rsaPub = (unsigned char*)client_keypub_der_2048; #endif #endif #ifdef HAVE_ECC const unsigned char* ecPriv = (const unsigned char*)ecc_clikey_der_256; const unsigned char* ecPub = (unsigned char*)ecc_clikeypub_der_256; #endif AssertNotNull(name = X509_NAME_new()); AssertIntEQ(X509_NAME_add_entry_by_txt(name, "commonName", MBSTRING_UTF8, (byte*)"wolfssl.com", 11, 0, 1), WOLFSSL_SUCCESS); AssertIntEQ(X509_NAME_add_entry_by_txt(name, "emailAddress", MBSTRING_UTF8, (byte*)"support@wolfssl.com", 19, -1, 1), WOLFSSL_SUCCESS); #ifndef NO_RSA AssertNotNull(priv = d2i_PrivateKey(EVP_PKEY_RSA, NULL, &rsaPriv, (long)sizeof_client_key_der_2048)); AssertNotNull(pub = d2i_PUBKEY(NULL, &rsaPub, (long)sizeof_client_keypub_der_2048)); AssertNotNull(req = X509_REQ_new()); AssertIntEQ(X509_REQ_set_subject_name(NULL, name), WOLFSSL_FAILURE); AssertIntEQ(X509_REQ_set_subject_name(req, NULL), WOLFSSL_FAILURE); AssertIntEQ(X509_REQ_set_subject_name(req, name), WOLFSSL_SUCCESS); AssertIntEQ(X509_REQ_set_pubkey(NULL, pub), WOLFSSL_FAILURE); AssertIntEQ(X509_REQ_set_pubkey(req, NULL), WOLFSSL_FAILURE); AssertIntEQ(X509_REQ_set_pubkey(req, pub), WOLFSSL_SUCCESS); AssertIntEQ(X509_REQ_sign(NULL, priv, EVP_sha256()), WOLFSSL_FAILURE); AssertIntEQ(X509_REQ_sign(req, NULL, EVP_sha256()), WOLFSSL_FAILURE); AssertIntEQ(X509_REQ_sign(req, priv, NULL), WOLFSSL_FAILURE); AssertIntEQ(X509_REQ_sign(req, priv, EVP_sha256()), WOLFSSL_SUCCESS); len = i2d_X509_REQ(req, &der); DEBUG_WRITE_DER(der, len, "req.der"); #ifdef USE_CERT_BUFFERS_1024 AssertIntEQ(len, 381); #else AssertIntEQ(len, 643); #endif XFREE(der, NULL, DYNAMIC_TYPE_OPENSSL); der = NULL; mctx = EVP_MD_CTX_new(); AssertIntEQ(EVP_DigestSignInit(mctx, &pkctx, EVP_sha256(), NULL, priv), WOLFSSL_SUCCESS); AssertIntEQ(X509_REQ_sign_ctx(req, mctx), WOLFSSL_SUCCESS); EVP_MD_CTX_free(mctx); X509_REQ_free(NULL); X509_REQ_free(req); /* Test getting the subject from a newly created X509_REQ */ AssertNotNull(req = X509_REQ_new()); AssertNotNull(subject = X509_REQ_get_subject_name(req)); AssertIntEQ(X509_NAME_add_entry_by_NID(subject, NID_commonName, MBSTRING_UTF8, (unsigned char*)"www.wolfssl.com", -1, -1, 0), 1); AssertIntEQ(X509_NAME_add_entry_by_NID(subject, NID_countryName, MBSTRING_UTF8, (unsigned char*)"US", -1, -1, 0), 1); AssertIntEQ(X509_NAME_add_entry_by_NID(subject, NID_localityName, MBSTRING_UTF8, (unsigned char*)"Bozeman", -1, -1, 0), 1); AssertIntEQ(X509_NAME_add_entry_by_NID(subject, NID_stateOrProvinceName, MBSTRING_UTF8, (unsigned char*)"Montana", -1, -1, 0), 1); AssertIntEQ(X509_NAME_add_entry_by_NID(subject, NID_organizationName, MBSTRING_UTF8, (unsigned char*)"wolfSSL", -1, -1, 0), 1); AssertIntEQ(X509_NAME_add_entry_by_NID(subject, NID_organizationalUnitName, MBSTRING_UTF8, (unsigned char*)"Testing", -1, -1, 0), 1); AssertIntEQ(X509_REQ_set_pubkey(req, pub), WOLFSSL_SUCCESS); AssertIntEQ(X509_REQ_sign(req, priv, EVP_sha256()), WOLFSSL_SUCCESS); len = i2d_X509_REQ(req, &der); DEBUG_WRITE_DER(der, len, "req2.der"); #ifdef USE_CERT_BUFFERS_1024 AssertIntEQ(len, 435); #else AssertIntEQ(len, 696); #endif XFREE(der, NULL, DYNAMIC_TYPE_OPENSSL); der = NULL; EVP_PKEY_free(pub); EVP_PKEY_free(priv); X509_REQ_free(req); #endif #ifdef HAVE_ECC AssertNotNull(priv = wolfSSL_d2i_PrivateKey(EVP_PKEY_EC, NULL, &ecPriv, sizeof_ecc_clikey_der_256)); AssertNotNull(pub = wolfSSL_d2i_PUBKEY(NULL, &ecPub, sizeof_ecc_clikeypub_der_256)); AssertNotNull(req = X509_REQ_new()); AssertIntEQ(X509_REQ_set_subject_name(req, name), WOLFSSL_SUCCESS); AssertIntEQ(X509_REQ_set_pubkey(req, pub), WOLFSSL_SUCCESS); AssertIntEQ(X509_REQ_sign(req, priv, EVP_sha256()), WOLFSSL_SUCCESS); /* Signature is random and may be shorter or longer. */ AssertIntGE((len = i2d_X509_REQ(req, &der)), 245); AssertIntLE(len, 253); XFREE(der, NULL, DYNAMIC_TYPE_OPENSSL); X509_REQ_free(req); EVP_PKEY_free(pub); EVP_PKEY_free(priv); #ifdef FP_ECC wc_ecc_fp_free(); #endif #endif /* HAVE_ECC */ X509_NAME_free(name); res = TEST_RES_CHECK(1); #endif return res; } static int test_wolfssl_PKCS7(void) { int res = TEST_SKIPPED; #if defined(OPENSSL_ALL) && defined(HAVE_PKCS7) && !defined(NO_BIO) && \ !defined(NO_RSA) PKCS7* pkcs7; byte data[FOURK_BUF]; word32 len = sizeof(data); const byte* p = data; byte content[] = "Test data to encode."; #if !defined(NO_RSA) & defined(USE_CERT_BUFFERS_2048) BIO* bio; byte key[sizeof(client_key_der_2048)]; word32 keySz = (word32)sizeof(key); byte* out = NULL; #endif AssertIntGT((len = CreatePKCS7SignedData(data, len, content, (word32)sizeof(content), 0, 0, 0, RSA_TYPE)), 0); AssertNull(pkcs7 = d2i_PKCS7(NULL, NULL, len)); AssertNull(pkcs7 = d2i_PKCS7(NULL, &p, 0)); AssertNotNull(pkcs7 = d2i_PKCS7(NULL, &p, len)); AssertIntEQ(wolfSSL_PKCS7_verify(NULL, NULL, NULL, NULL, NULL, PKCS7_NOVERIFY), WOLFSSL_FAILURE); PKCS7_free(pkcs7); /* fail case, without PKCS7_NOVERIFY */ p = data; AssertNotNull(pkcs7 = d2i_PKCS7(NULL, &p, len)); AssertIntEQ(wolfSSL_PKCS7_verify(pkcs7, NULL, NULL, NULL, NULL, 0), WOLFSSL_FAILURE); PKCS7_free(pkcs7); /* success case, with PKCS7_NOVERIFY */ p = data; AssertNotNull(pkcs7 = d2i_PKCS7(NULL, &p, len)); AssertIntEQ(wolfSSL_PKCS7_verify(pkcs7, NULL, NULL, NULL, NULL, PKCS7_NOVERIFY), WOLFSSL_SUCCESS); #if !defined(NO_RSA) & defined(USE_CERT_BUFFERS_2048) /* test i2d */ XMEMCPY(key, client_key_der_2048, keySz); pkcs7->privateKey = key; pkcs7->privateKeySz = (word32)sizeof(key); pkcs7->encryptOID = RSAk; #ifdef NO_SHA pkcs7->hashOID = SHA256h; #else pkcs7->hashOID = SHAh; #endif AssertNotNull(bio = BIO_new(BIO_s_mem())); AssertIntEQ(i2d_PKCS7_bio(bio, pkcs7), 1); #ifndef NO_ASN_TIME AssertIntEQ(i2d_PKCS7(pkcs7, &out), 655); #else AssertIntEQ(i2d_PKCS7(pkcs7, &out), 625); #endif XFREE(out, NULL, DYNAMIC_TYPE_TMP_BUFFER); BIO_free(bio); #endif PKCS7_free(NULL); PKCS7_free(pkcs7); res = TEST_RES_CHECK(1); #endif return res; } static int test_wolfSSL_PKCS7_sign(void) { int res = TEST_SKIPPED; #if defined(OPENSSL_ALL) && defined(HAVE_PKCS7) && !defined(NO_BIO) && \ !defined(NO_FILESYSTEM) && !defined(NO_RSA) PKCS7* p7 = NULL; PKCS7* p7Ver = NULL; byte* out = NULL; byte* tmpPtr = NULL; int outLen = 0; int flags = 0; byte data[] = "Test data to encode."; const char* cert = "./certs/server-cert.pem"; const char* key = "./certs/server-key.pem"; const char* ca = "./certs/ca-cert.pem"; WOLFSSL_BIO* certBio = NULL; WOLFSSL_BIO* keyBio = NULL; WOLFSSL_BIO* caBio = NULL; WOLFSSL_BIO* inBio = NULL; X509* signCert = NULL; EVP_PKEY* signKey = NULL; X509* caCert = NULL; X509_STORE* store = NULL; /* read signer cert/key into BIO */ AssertNotNull(certBio = BIO_new_file(cert, "r")); AssertNotNull(keyBio = BIO_new_file(key, "r")); AssertNotNull(signCert = PEM_read_bio_X509(certBio, NULL, 0, NULL)); AssertNotNull(signKey = PEM_read_bio_PrivateKey(keyBio, NULL, 0, NULL)); /* read CA cert into store (for verify) */ AssertNotNull(caBio = BIO_new_file(ca, "r")); AssertNotNull(caCert = PEM_read_bio_X509(caBio, NULL, 0, NULL)); AssertNotNull(store = X509_STORE_new()); AssertIntEQ(X509_STORE_add_cert(store, caCert), 1); /* data to be signed into BIO */ AssertNotNull(inBio = BIO_new(BIO_s_mem())); AssertIntGT(BIO_write(inBio, data, sizeof(data)), 0); /* PKCS7_sign, bad args: signer NULL */ AssertNull(p7 = PKCS7_sign(NULL, signKey, NULL, inBio, 0)); /* PKCS7_sign, bad args: signer key NULL */ AssertNull(p7 = PKCS7_sign(signCert, NULL, NULL, inBio, 0)); /* PKCS7_sign, bad args: in data NULL without PKCS7_STREAM */ AssertNull(p7 = PKCS7_sign(signCert, signKey, NULL, NULL, 0)); /* PKCS7_sign, bad args: PKCS7_NOCERTS flag not supported */ AssertNull(p7 = PKCS7_sign(signCert, signKey, NULL, inBio, PKCS7_NOCERTS)); /* PKCS7_sign, bad args: PKCS7_PARTIAL flag not supported */ AssertNull(p7 = PKCS7_sign(signCert, signKey, NULL, inBio, PKCS7_PARTIAL)); /* TEST SUCCESS: Not detached, not streaming, not MIME */ { flags = PKCS7_BINARY; AssertNotNull(p7 = PKCS7_sign(signCert, signKey, NULL, inBio, flags)); AssertIntGT((outLen = i2d_PKCS7(p7, &out)), 0); /* verify with d2i_PKCS7 */ tmpPtr = out; AssertNotNull(p7Ver = d2i_PKCS7(NULL, (const byte**)&tmpPtr, outLen)); AssertIntEQ(PKCS7_verify(p7Ver, NULL, store, NULL, NULL, flags), 1); PKCS7_free(p7Ver); /* verify with wc_PKCS7_VerifySignedData */ AssertNotNull(p7Ver = wc_PKCS7_New(HEAP_HINT, testDevId)); AssertIntEQ(wc_PKCS7_Init(p7Ver, HEAP_HINT, INVALID_DEVID), 0); AssertIntEQ(wc_PKCS7_VerifySignedData(p7Ver, out, outLen), 0); /* compare the signer found to expected signer */ AssertIntNE(p7Ver->verifyCertSz, 0); tmpPtr = NULL; AssertIntEQ(i2d_X509(signCert, &tmpPtr), p7Ver->verifyCertSz); AssertIntEQ(XMEMCMP(tmpPtr, p7Ver->verifyCert, p7Ver->verifyCertSz), 0); XFREE(tmpPtr, NULL, DYNAMIC_TYPE_OPENSSL); tmpPtr = NULL; wc_PKCS7_Free(p7Ver); AssertNotNull(out); XFREE(out, NULL, DYNAMIC_TYPE_TMP_BUFFER); out = NULL; PKCS7_free(p7); } /* TEST SUCCESS: Not detached, streaming, not MIME. Also bad arg * tests for PKCS7_final() while we have a PKCS7 pointer to use */ { /* re-populate input BIO, may have been consumed */ BIO_free(inBio); AssertNotNull(inBio = BIO_new(BIO_s_mem())); AssertIntGT(BIO_write(inBio, data, sizeof(data)), 0); flags = PKCS7_BINARY | PKCS7_STREAM; AssertNotNull(p7 = PKCS7_sign(signCert, signKey, NULL, inBio, flags)); AssertIntEQ(PKCS7_final(p7, inBio, flags), 1); AssertIntGT((outLen = i2d_PKCS7(p7, &out)), 0); /* PKCS7_final, bad args: PKCS7 null */ AssertIntEQ(PKCS7_final(NULL, inBio, 0), 0); /* PKCS7_final, bad args: PKCS7 null */ AssertIntEQ(PKCS7_final(p7, NULL, 0), 0); tmpPtr = out; AssertNotNull(p7Ver = d2i_PKCS7(NULL, (const byte**)&tmpPtr, outLen)); AssertIntEQ(PKCS7_verify(p7Ver, NULL, store, NULL, NULL, flags), 1); PKCS7_free(p7Ver); AssertNotNull(out); XFREE(out, NULL, DYNAMIC_TYPE_TMP_BUFFER); out = NULL; PKCS7_free(p7); } /* TEST SUCCESS: Detached, not streaming, not MIME */ { /* re-populate input BIO, may have been consumed */ BIO_free(inBio); AssertNotNull(inBio = BIO_new(BIO_s_mem())); AssertIntGT(BIO_write(inBio, data, sizeof(data)), 0); flags = PKCS7_BINARY | PKCS7_DETACHED; AssertNotNull(p7 = PKCS7_sign(signCert, signKey, NULL, inBio, flags)); AssertIntGT((outLen = i2d_PKCS7(p7, &out)), 0); /* verify with wolfCrypt, d2i_PKCS7 does not support detached content */ AssertNotNull(p7Ver = wc_PKCS7_New(HEAP_HINT, testDevId)); p7Ver->content = data; p7Ver->contentSz = sizeof(data); AssertIntEQ(wc_PKCS7_VerifySignedData(p7Ver, out, outLen), 0); wc_PKCS7_Free(p7Ver); /* verify expected failure (NULL return) from d2i_PKCS7, it does not * yet support detached content */ tmpPtr = out; AssertNull(p7Ver = d2i_PKCS7(NULL, (const byte**)&tmpPtr, outLen)); PKCS7_free(p7Ver); AssertNotNull(out); XFREE(out, NULL, DYNAMIC_TYPE_TMP_BUFFER); out = NULL; PKCS7_free(p7); } /* TEST SUCCESS: Detached, streaming, not MIME */ { /* re-populate input BIO, may have been consumed */ BIO_free(inBio); AssertNotNull(inBio = BIO_new(BIO_s_mem())); AssertIntGT(BIO_write(inBio, data, sizeof(data)), 0); flags = PKCS7_BINARY | PKCS7_DETACHED | PKCS7_STREAM; AssertNotNull(p7 = PKCS7_sign(signCert, signKey, NULL, inBio, flags)); AssertIntEQ(PKCS7_final(p7, inBio, flags), 1); AssertIntGT((outLen = i2d_PKCS7(p7, &out)), 0); /* verify with wolfCrypt, d2i_PKCS7 does not support detached content */ AssertNotNull(p7Ver = wc_PKCS7_New(HEAP_HINT, testDevId)); p7Ver->content = data; p7Ver->contentSz = sizeof(data); AssertIntEQ(wc_PKCS7_VerifySignedData(p7Ver, out, outLen), 0); wc_PKCS7_Free(p7Ver); AssertNotNull(out); XFREE(out, NULL, DYNAMIC_TYPE_TMP_BUFFER); PKCS7_free(p7); } X509_STORE_free(store); X509_free(caCert); X509_free(signCert); EVP_PKEY_free(signKey); BIO_free(inBio); BIO_free(keyBio); BIO_free(certBio); BIO_free(caBio); res = TEST_RES_CHECK(1); #endif return res; } static int test_wolfSSL_PKCS7_SIGNED_new(void) { int res = TEST_SKIPPED; #if defined(OPENSSL_ALL) && defined(HAVE_PKCS7) PKCS7_SIGNED* pkcs7; pkcs7 = PKCS7_SIGNED_new(); AssertNotNull(pkcs7); AssertIntEQ(pkcs7->contentOID, SIGNED_DATA); PKCS7_SIGNED_free(pkcs7); res = TEST_RES_CHECK(1); #endif return res; } #ifndef NO_BIO static int test_wolfSSL_PEM_write_bio_PKCS7(void) { int res = TEST_SKIPPED; #if defined(OPENSSL_ALL) && defined(HAVE_PKCS7) && !defined(NO_FILESYSTEM) PKCS7* pkcs7 = NULL; BIO* bio = NULL; const byte* cert_buf = NULL; int ret = 0; WC_RNG rng; const byte data[] = { /* Hello World */ 0x48,0x65,0x6c,0x6c,0x6f,0x20,0x57,0x6f, 0x72,0x6c,0x64 }; #ifndef NO_RSA #if defined(USE_CERT_BUFFERS_2048) byte key[sizeof(client_key_der_2048)]; byte cert[sizeof(client_cert_der_2048)]; word32 keySz = (word32)sizeof(key); word32 certSz = (word32)sizeof(cert); XMEMSET(key, 0, keySz); XMEMSET(cert, 0, certSz); XMEMCPY(key, client_key_der_2048, keySz); XMEMCPY(cert, client_cert_der_2048, certSz); #elif defined(USE_CERT_BUFFERS_1024) byte key[sizeof_client_key_der_1024]; byte cert[sizeof(sizeof_client_cert_der_1024)]; word32 keySz = (word32)sizeof(key); word32 certSz = (word32)sizeof(cert); XMEMSET(key, 0, keySz); XMEMSET(cert, 0, certSz); XMEMCPY(key, client_key_der_1024, keySz); XMEMCPY(cert, client_cert_der_1024, certSz); #else unsigned char cert[ONEK_BUF]; unsigned char key[ONEK_BUF]; XFILE fp; int certSz; int keySz; fp = XFOPEN("./certs/1024/client-cert.der", "rb"); AssertTrue((fp != XBADFILE)); certSz = (int)XFREAD(cert, 1, sizeof_client_cert_der_1024, fp); XFCLOSE(fp); fp = XFOPEN("./certs/1024/client-key.der", "rb"); AssertTrue(fp != XBADFILE); keySz = (int)XFREAD(key, 1, sizeof_client_key_der_1024, fp); XFCLOSE(fp); #endif #elif defined(HAVE_ECC) #if defined(USE_CERT_BUFFERS_256) unsigned char cert[sizeof(cliecc_cert_der_256)]; unsigned char key[sizeof(ecc_clikey_der_256)]; int certSz = (int)sizeof(cert); int keySz = (int)sizeof(key); XMEMSET(cert, 0, certSz); XMEMSET(key, 0, keySz); XMEMCPY(cert, cliecc_cert_der_256, sizeof_cliecc_cert_der_256); XMEMCPY(key, ecc_clikey_der_256, sizeof_ecc_clikey_der_256); #else unsigned char cert[ONEK_BUF]; unsigned char key[ONEK_BUF]; XFILE fp; int certSz, keySz; fp = XFOPEN("./certs/client-ecc-cert.der", "rb"); AssertTrue(fp != XBADFILE); certSz = (int)XFREAD(cert, 1, sizeof_cliecc_cert_der_256, fp); XFCLOSE(fp); fp = XFOPEN("./certs/client-ecc-key.der", "rb"); AssertTrue(fp != XBADFILE); keySz = (int)XFREAD(key, 1, sizeof_ecc_clikey_der_256, fp); XFCLOSE(fp); #endif #else #error PKCS7 requires ECC or RSA #endif AssertNotNull(pkcs7 = wc_PKCS7_New(HEAP_HINT, testDevId)); /* initialize with DER encoded cert */ AssertIntEQ(wc_PKCS7_InitWithCert(pkcs7, (byte*)cert, (word32)certSz), 0); /* init rng */ AssertIntEQ(wc_InitRng(&rng), 0); pkcs7->rng = &rng; pkcs7->content = (byte*)data; /* not used for ex */ pkcs7->contentSz = (word32)sizeof(data); pkcs7->contentOID = SIGNED_DATA; pkcs7->privateKey = key; pkcs7->privateKeySz = (word32)sizeof(key); pkcs7->encryptOID = RSAk; #ifdef NO_SHA pkcs7->hashOID = SHA256h; #else pkcs7->hashOID = SHAh; #endif pkcs7->signedAttribs = NULL; pkcs7->signedAttribsSz = 0; AssertNotNull(bio = BIO_new(BIO_s_mem())); /* Write PKCS#7 PEM to BIO, the function converts the DER to PEM cert*/ AssertIntEQ(PEM_write_bio_PKCS7(bio, pkcs7), WOLFSSL_SUCCESS); /* Read PKCS#7 PEM from BIO */ ret = wolfSSL_BIO_get_mem_data(bio, &cert_buf); AssertIntGE(ret, 0); BIO_free(bio); wc_PKCS7_Free(pkcs7); wc_FreeRng(&rng); res = TEST_RES_CHECK(1); #endif return res; } #ifdef HAVE_SMIME static int test_wolfSSL_SMIME_read_PKCS7(void) { int res = TEST_SKIPPED; #if defined(OPENSSL_ALL) && defined(HAVE_PKCS7) && !defined(NO_FILESYSTEM) && \ !defined(NO_RSA) PKCS7* pkcs7 = NULL; BIO* bio = NULL; BIO* bcont = NULL; BIO* out = NULL; const byte* outBuf = NULL; int outBufLen = 0; static const char contTypeText[] = "Content-Type: text/plain\r\n\r\n"; XFILE smimeTestFile = XFOPEN("./certs/test/smime-test.p7s", "r"); /* smime-test.p7s */ bio = wolfSSL_BIO_new(wolfSSL_BIO_s_file()); AssertNotNull(bio); AssertIntEQ(wolfSSL_BIO_set_fp(bio, smimeTestFile, BIO_CLOSE), SSL_SUCCESS); pkcs7 = wolfSSL_SMIME_read_PKCS7(bio, &bcont); AssertNotNull(pkcs7); AssertIntEQ(wolfSSL_PKCS7_verify(pkcs7, NULL, NULL, bcont, NULL, PKCS7_NOVERIFY), SSL_SUCCESS); XFCLOSE(smimeTestFile); if (bcont) BIO_free(bcont); wolfSSL_PKCS7_free(pkcs7); /* smime-test-multipart.p7s */ smimeTestFile = XFOPEN("./certs/test/smime-test-multipart.p7s", "r"); AssertIntEQ(wolfSSL_BIO_set_fp(bio, smimeTestFile, BIO_CLOSE), SSL_SUCCESS); pkcs7 = wolfSSL_SMIME_read_PKCS7(bio, &bcont); AssertNotNull(pkcs7); AssertIntEQ(wolfSSL_PKCS7_verify(pkcs7, NULL, NULL, bcont, NULL, PKCS7_NOVERIFY), SSL_SUCCESS); XFCLOSE(smimeTestFile); if (bcont) BIO_free(bcont); wolfSSL_PKCS7_free(pkcs7); /* smime-test-multipart-badsig.p7s */ smimeTestFile = XFOPEN("./certs/test/smime-test-multipart-badsig.p7s", "r"); AssertIntEQ(wolfSSL_BIO_set_fp(bio, smimeTestFile, BIO_CLOSE), SSL_SUCCESS); pkcs7 = wolfSSL_SMIME_read_PKCS7(bio, &bcont); AssertNull(pkcs7); AssertIntEQ(wolfSSL_PKCS7_verify(pkcs7, NULL, NULL, bcont, NULL, PKCS7_NOVERIFY), SSL_FAILURE); XFCLOSE(smimeTestFile); if (bcont) BIO_free(bcont); wolfSSL_PKCS7_free(pkcs7); /* smime-test-canon.p7s */ smimeTestFile = XFOPEN("./certs/test/smime-test-canon.p7s", "r"); AssertIntEQ(wolfSSL_BIO_set_fp(bio, smimeTestFile, BIO_CLOSE), SSL_SUCCESS); pkcs7 = wolfSSL_SMIME_read_PKCS7(bio, &bcont); AssertNotNull(pkcs7); AssertIntEQ(wolfSSL_PKCS7_verify(pkcs7, NULL, NULL, bcont, NULL, PKCS7_NOVERIFY), SSL_SUCCESS); XFCLOSE(smimeTestFile); if (bcont) BIO_free(bcont); wolfSSL_PKCS7_free(pkcs7); /* Test PKCS7_TEXT, PKCS7_verify() should remove Content-Type: text/plain */ smimeTestFile = XFOPEN("./certs/test/smime-test-canon.p7s", "r"); AssertIntEQ(wolfSSL_BIO_set_fp(bio, smimeTestFile, BIO_CLOSE), SSL_SUCCESS); pkcs7 = wolfSSL_SMIME_read_PKCS7(bio, &bcont); AssertNotNull(pkcs7); out = wolfSSL_BIO_new(BIO_s_mem()); AssertNotNull(out); AssertIntEQ(wolfSSL_PKCS7_verify(pkcs7, NULL, NULL, bcont, out, PKCS7_NOVERIFY | PKCS7_TEXT), SSL_SUCCESS); AssertIntGT((outBufLen = BIO_get_mem_data(out, &outBuf)), 0); /* Content-Type should not show up at beginning of output buffer */ AssertIntGT(outBufLen, XSTRLEN(contTypeText)); AssertIntGT(XMEMCMP(outBuf, contTypeText, XSTRLEN(contTypeText)), 0); BIO_free(out); BIO_free(bio); if (bcont) BIO_free(bcont); wolfSSL_PKCS7_free(pkcs7); res = TEST_RES_CHECK(1); #endif return res; } static int test_wolfSSL_SMIME_write_PKCS7(void) { int res = TEST_SKIPPED; #if defined(OPENSSL_ALL) && defined(HAVE_PKCS7) && !defined(NO_RSA) PKCS7* p7 = NULL; PKCS7* p7Ver = NULL; int flags = 0; byte data[] = "Test data to encode."; const char* cert = "./certs/server-cert.pem"; const char* key = "./certs/server-key.pem"; const char* ca = "./certs/ca-cert.pem"; WOLFSSL_BIO* certBio = NULL; WOLFSSL_BIO* keyBio = NULL; WOLFSSL_BIO* caBio = NULL; WOLFSSL_BIO* inBio = NULL; WOLFSSL_BIO* outBio = NULL; WOLFSSL_BIO* content = NULL; X509* signCert = NULL; EVP_PKEY* signKey = NULL; X509* caCert = NULL; X509_STORE* store = NULL; /* read signer cert/key into BIO */ AssertNotNull(certBio = BIO_new_file(cert, "r")); AssertNotNull(keyBio = BIO_new_file(key, "r")); AssertNotNull(signCert = PEM_read_bio_X509(certBio, NULL, 0, NULL)); AssertNotNull(signKey = PEM_read_bio_PrivateKey(keyBio, NULL, 0, NULL)); /* read CA cert into store (for verify) */ AssertNotNull(caBio = BIO_new_file(ca, "r")); AssertNotNull(caCert = PEM_read_bio_X509(caBio, NULL, 0, NULL)); AssertNotNull(store = X509_STORE_new()); AssertIntEQ(X509_STORE_add_cert(store, caCert), 1); /* generate and verify SMIME: not detached */ { AssertNotNull(inBio = BIO_new(BIO_s_mem())); AssertIntGT(BIO_write(inBio, data, sizeof(data)), 0); flags = PKCS7_STREAM; AssertNotNull(p7 = PKCS7_sign(signCert, signKey, NULL, inBio, flags)); AssertNotNull(outBio = BIO_new(BIO_s_mem())); AssertIntEQ(SMIME_write_PKCS7(outBio, p7, inBio, flags), 1); /* bad arg: out NULL */ AssertIntEQ(SMIME_write_PKCS7(NULL, p7, inBio, flags), 0); /* bad arg: pkcs7 NULL */ AssertIntEQ(SMIME_write_PKCS7(outBio, NULL, inBio, flags), 0); AssertNotNull(p7Ver = SMIME_read_PKCS7(outBio, &content)); AssertIntEQ(PKCS7_verify(p7Ver, NULL, store, NULL, NULL, flags), 1); BIO_free(content); BIO_free(inBio); BIO_free(outBio); PKCS7_free(p7Ver); PKCS7_free(p7); } /* generate and verify SMIME: not detached, add Content-Type */ { AssertNotNull(inBio = BIO_new(BIO_s_mem())); AssertIntGT(BIO_write(inBio, data, sizeof(data)), 0); flags = PKCS7_STREAM | PKCS7_TEXT; AssertNotNull(p7 = PKCS7_sign(signCert, signKey, NULL, inBio, flags)); AssertNotNull(outBio = BIO_new(BIO_s_mem())); AssertIntEQ(SMIME_write_PKCS7(outBio, p7, inBio, flags), 1); AssertNotNull(p7Ver = SMIME_read_PKCS7(outBio, &content)); AssertIntEQ(PKCS7_verify(p7Ver, NULL, store, NULL, NULL, flags), 1); BIO_free(content); BIO_free(inBio); BIO_free(outBio); PKCS7_free(p7Ver); PKCS7_free(p7); } /* generate and verify SMIME: detached */ { AssertNotNull(inBio = BIO_new(BIO_s_mem())); AssertIntGT(BIO_write(inBio, data, sizeof(data)), 0); flags = PKCS7_DETACHED | PKCS7_STREAM; AssertNotNull(p7 = PKCS7_sign(signCert, signKey, NULL, inBio, flags)); AssertNotNull(outBio = BIO_new(BIO_s_mem())); AssertIntEQ(SMIME_write_PKCS7(outBio, p7, inBio, flags), 1); AssertNotNull(p7Ver = SMIME_read_PKCS7(outBio, &content)); AssertIntEQ(PKCS7_verify(p7Ver, NULL, store, content, NULL, flags), 1); BIO_free(content); BIO_free(inBio); BIO_free(outBio); PKCS7_free(p7Ver); PKCS7_free(p7); } /* generate and verify SMIME: PKCS7_TEXT to add Content-Type header */ { AssertNotNull(inBio = BIO_new(BIO_s_mem())); AssertIntGT(BIO_write(inBio, data, sizeof(data)), 0); flags = PKCS7_STREAM | PKCS7_DETACHED | PKCS7_TEXT; AssertNotNull(p7 = PKCS7_sign(signCert, signKey, NULL, inBio, flags)); AssertNotNull(outBio = BIO_new(BIO_s_mem())); AssertIntEQ(SMIME_write_PKCS7(outBio, p7, inBio, flags), 1); AssertNotNull(p7Ver = SMIME_read_PKCS7(outBio, &content)); AssertIntEQ(PKCS7_verify(p7Ver, NULL, store, content, NULL, flags), 1); BIO_free(content); BIO_free(inBio); BIO_free(outBio); PKCS7_free(p7Ver); PKCS7_free(p7); } X509_STORE_free(store); X509_free(caCert); X509_free(signCert); EVP_PKEY_free(signKey); BIO_free(keyBio); BIO_free(certBio); BIO_free(caBio); res = TEST_RES_CHECK(1); #endif return res; } #endif /* HAVE_SMIME */ #endif /* !NO_BIO */ /* Test of X509 store use outside of SSL context w/ CRL lookup (ALWAYS * returns 0) */ static int test_X509_STORE_No_SSL_CTX(void) { int res = TEST_SKIPPED; #if defined(OPENSSL_ALL) && !defined(NO_FILESYSTEM) && \ !defined(NO_WOLFSSL_DIR) && defined(HAVE_CRL) && \ (defined(WOLFSSL_CERT_REQ) || defined(WOLFSSL_CERT_EXT)) && \ (defined(OPENSSL_EXTRA) || defined(WOLFSSL_WPAS_SMALL)) && \ !defined(NO_RSA) X509_STORE * store; X509_STORE_CTX * storeCtx; X509_CRL * crl; X509 * ca; X509 * cert; const char cliCrlPem[] = "./certs/crl/cliCrl.pem"; const char srvCert[] = "./certs/server-cert.pem"; const char caCert[] = "./certs/ca-cert.pem"; const char caDir[] = "./certs/crl/hash_pem"; XFILE fp; X509_LOOKUP * lookup; AssertNotNull(store = (X509_STORE *)X509_STORE_new()); /* Set up store with CA */ AssertNotNull((ca = wolfSSL_X509_load_certificate_file(caCert, SSL_FILETYPE_PEM))); AssertIntEQ(X509_STORE_add_cert(store, ca), SSL_SUCCESS); /* Add CRL lookup directory to store * NOTE: test uses ./certs/crl/hash_pem/0fdb2da4.r0, which is a copy * of crl.pem */ AssertNotNull((lookup = X509_STORE_add_lookup(store, X509_LOOKUP_hash_dir()))); AssertIntEQ(X509_LOOKUP_ctrl(lookup, X509_L_ADD_DIR, caDir, X509_FILETYPE_PEM, NULL), SSL_SUCCESS); AssertIntEQ(X509_STORE_set_flags(store, X509_V_FLAG_CRL_CHECK), SSL_SUCCESS); /* Add CRL to store NOT containing the verified certificate, which * forces use of the CRL lookup directory */ fp = XFOPEN(cliCrlPem, "rb"); AssertTrue((fp != XBADFILE)); AssertNotNull(crl = (X509_CRL *)PEM_read_X509_CRL(fp, (X509_CRL **)NULL, NULL, NULL)); XFCLOSE(fp); AssertIntEQ(X509_STORE_add_crl(store, crl), SSL_SUCCESS); /* Create verification context outside of an SSL session */ AssertNotNull((storeCtx = X509_STORE_CTX_new())); AssertNotNull((cert = wolfSSL_X509_load_certificate_file(srvCert, SSL_FILETYPE_PEM))); AssertIntEQ(X509_STORE_CTX_init(storeCtx, store, cert, NULL), SSL_SUCCESS); /* Perform verification, which should NOT indicate CRL missing due to the * store CM's X509 store pointer being NULL */ AssertIntNE(X509_verify_cert(storeCtx), CRL_MISSING); X509_CRL_free(crl); X509_STORE_free(store); X509_STORE_CTX_free(storeCtx); X509_free(cert); X509_free(ca); res = TEST_RES_CHECK(1); #endif return res; } /* Test of X509 store use outside of SSL context w/ CRL lookup, but * with X509_LOOKUP_add_dir and X509_FILETYPE_ASN1. */ static int test_X509_LOOKUP_add_dir(void) { int res = TEST_SKIPPED; #if defined(OPENSSL_ALL) && !defined(NO_FILESYSTEM) && \ !defined(NO_WOLFSSL_DIR) && defined(HAVE_CRL) && \ (defined(WOLFSSL_CERT_REQ) || defined(WOLFSSL_CERT_EXT)) && \ (defined(OPENSSL_EXTRA) || defined(WOLFSSL_WPAS_SMALL)) && \ !defined(NO_RSA) X509_STORE * store; X509_STORE_CTX * storeCtx; X509_CRL * crl; X509 * ca; X509 * cert; const char cliCrlPem[] = "./certs/crl/cliCrl.pem"; const char srvCert[] = "./certs/server-cert.pem"; const char caCert[] = "./certs/ca-cert.pem"; const char caDir[] = "./certs/crl/hash_der"; XFILE fp; X509_LOOKUP * lookup; AssertNotNull(store = (X509_STORE *)X509_STORE_new()); /* Set up store with CA */ AssertNotNull((ca = wolfSSL_X509_load_certificate_file(caCert, SSL_FILETYPE_PEM))); AssertIntEQ(X509_STORE_add_cert(store, ca), SSL_SUCCESS); /* Add CRL lookup directory to store. * Test uses ./certs/crl/hash_der/0fdb2da4.r0, which is a copy * of crl.der */ AssertNotNull((lookup = X509_STORE_add_lookup(store, X509_LOOKUP_hash_dir()))); AssertIntEQ(X509_LOOKUP_add_dir(lookup, caDir, X509_FILETYPE_ASN1), SSL_SUCCESS); AssertIntEQ(X509_STORE_set_flags(store, X509_V_FLAG_CRL_CHECK), SSL_SUCCESS); /* Add CRL to store NOT containing the verified certificate, which * forces use of the CRL lookup directory */ fp = XFOPEN(cliCrlPem, "rb"); AssertTrue((fp != XBADFILE)); AssertNotNull(crl = (X509_CRL *)PEM_read_X509_CRL(fp, (X509_CRL **)NULL, NULL, NULL)); XFCLOSE(fp); AssertIntEQ(X509_STORE_add_crl(store, crl), SSL_SUCCESS); /* Create verification context outside of an SSL session */ AssertNotNull((storeCtx = X509_STORE_CTX_new())); AssertNotNull((cert = wolfSSL_X509_load_certificate_file(srvCert, SSL_FILETYPE_PEM))); AssertIntEQ(X509_STORE_CTX_init(storeCtx, store, cert, NULL), SSL_SUCCESS); /* Perform verification, which should NOT return CRL missing */ AssertIntNE(X509_verify_cert(storeCtx), CRL_MISSING); X509_CRL_free(crl); X509_STORE_free(store); X509_STORE_CTX_free(storeCtx); X509_free(cert); X509_free(ca); /* Now repeat the same, but look for X509_FILETYPE_PEM. * We should get CRL_MISSING at the end, because the lookup * dir has only ASN1 CRLs. */ AssertNotNull(store = (X509_STORE *)X509_STORE_new()); AssertNotNull((ca = wolfSSL_X509_load_certificate_file(caCert, SSL_FILETYPE_PEM))); AssertIntEQ(X509_STORE_add_cert(store, ca), SSL_SUCCESS); AssertNotNull((lookup = X509_STORE_add_lookup(store, X509_LOOKUP_hash_dir()))); AssertIntEQ(X509_LOOKUP_add_dir(lookup, caDir, X509_FILETYPE_PEM), SSL_SUCCESS); AssertIntEQ(X509_STORE_set_flags(store, X509_V_FLAG_CRL_CHECK), SSL_SUCCESS); fp = XFOPEN(cliCrlPem, "rb"); AssertTrue((fp != XBADFILE)); AssertNotNull(crl = (X509_CRL *)PEM_read_X509_CRL(fp, (X509_CRL **)NULL, NULL, NULL)); XFCLOSE(fp); AssertIntEQ(X509_STORE_add_crl(store, crl), SSL_SUCCESS); AssertNotNull((storeCtx = X509_STORE_CTX_new())); AssertNotNull((cert = wolfSSL_X509_load_certificate_file(srvCert, SSL_FILETYPE_PEM))); AssertIntEQ(X509_STORE_CTX_init(storeCtx, store, cert, NULL), SSL_SUCCESS); /* Now we SHOULD get CRL_MISSING, because we looked for PEM * in dir containing only ASN1/DER. */ AssertIntEQ(X509_verify_cert(storeCtx), CRL_MISSING); X509_CRL_free(crl); X509_STORE_free(store); X509_STORE_CTX_free(storeCtx); X509_free(cert); X509_free(ca); res = TEST_RES_CHECK(1); #endif return res; } /*----------------------------------------------------------------------------* | Certificate Failure Checks *----------------------------------------------------------------------------*/ #if !defined(NO_CERTS) && (!defined(NO_WOLFSSL_CLIENT) || \ !defined(WOLFSSL_NO_CLIENT_AUTH)) && !defined(NO_FILESYSTEM) /* Use the Cert Manager(CM) API to generate the error ASN_SIG_CONFIRM_E */ static int verify_sig_cm(const char* ca, byte* cert_buf, size_t cert_sz, int type) { int ret; WOLFSSL_CERT_MANAGER* cm = NULL; switch (type) { case TESTING_RSA: #ifdef NO_RSA fprintf(stderr, "RSA disabled, skipping test\n"); return ASN_SIG_CONFIRM_E; #else break; #endif case TESTING_ECC: #ifndef HAVE_ECC fprintf(stderr, "ECC disabled, skipping test\n"); return ASN_SIG_CONFIRM_E; #else break; #endif default: fprintf(stderr, "Bad function argument\n"); return BAD_FUNC_ARG; } cm = wolfSSL_CertManagerNew(); if (cm == NULL) { fprintf(stderr, "wolfSSL_CertManagerNew failed\n"); return -1; } #ifndef NO_FILESYSTEM ret = wolfSSL_CertManagerLoadCA(cm, ca, 0); if (ret != WOLFSSL_SUCCESS) { fprintf(stderr, "wolfSSL_CertManagerLoadCA failed\n"); wolfSSL_CertManagerFree(cm); return ret; } #else (void)ca; #endif ret = wolfSSL_CertManagerVerifyBuffer(cm, cert_buf, cert_sz, WOLFSSL_FILETYPE_ASN1); /* Let AssertIntEQ handle return code */ wolfSSL_CertManagerFree(cm); return ret; } #if !defined(NO_FILESYSTEM) static int test_RsaSigFailure_cm(void) { int ret = 0; const char* ca_cert = "./certs/ca-cert.pem"; const char* server_cert = "./certs/server-cert.der"; byte* cert_buf = NULL; size_t cert_sz = 0; ret = load_file(server_cert, &cert_buf, &cert_sz); if (ret == 0) { /* corrupt DER - invert last byte, which is signature */ cert_buf[cert_sz-1] = ~cert_buf[cert_sz-1]; /* test bad cert */ ret = verify_sig_cm(ca_cert, cert_buf, cert_sz, TESTING_RSA); } if (cert_buf) free(cert_buf); #if defined(NO_WOLFSSL_CLIENT) && defined(NO_WOLFSSL_SERVER) if (ret == WOLFSSL_FATAL_ERROR) { ret = 0; } #else if (ret == ASN_SIG_CONFIRM_E) { ret = 0; } #endif /* NO_WOLFSSL_CLIENT && NO_WOLFSSL_SERVER */ return TEST_RES_CHECK(ret == 0); } static int test_EccSigFailure_cm(void) { int ret = 0; /* self-signed ECC cert, so use server cert as CA */ const char* ca_cert = "./certs/ca-ecc-cert.pem"; const char* server_cert = "./certs/server-ecc.der"; byte* cert_buf = NULL; size_t cert_sz = 0; ret = load_file(server_cert, &cert_buf, &cert_sz); if (ret == 0) { /* corrupt DER - invert last byte, which is signature */ cert_buf[cert_sz-1] = ~cert_buf[cert_sz-1]; /* test bad cert */ ret = verify_sig_cm(ca_cert, cert_buf, cert_sz, TESTING_ECC); } if (cert_buf) free(cert_buf); #ifdef FP_ECC wc_ecc_fp_free(); #endif #if defined(NO_WOLFSSL_CLIENT) && defined(NO_WOLFSSL_SERVER) if (ret == WOLFSSL_FATAL_ERROR) { ret = 0; } #else if (ret == ASN_SIG_CONFIRM_E) { ret = 0; } #endif /* NO_WOLFSSL_CLIENT && NO_WOLFSSL_SERVER */ return TEST_RES_CHECK(ret == 0); } #endif /* !NO_FILESYSTEM */ #endif /* NO_CERTS */ #ifdef WOLFSSL_TLS13 #if defined(WOLFSSL_SEND_HRR_COOKIE) && !defined(NO_WOLFSSL_SERVER) #ifdef WC_SHA384_DIGEST_SIZE static byte fixedKey[WC_SHA384_DIGEST_SIZE] = { 0, }; #else static byte fixedKey[WC_SHA256_DIGEST_SIZE] = { 0, }; #endif #endif #ifdef WOLFSSL_EARLY_DATA static const char earlyData[] = "Early Data"; static char earlyDataBuffer[1]; #endif static int test_tls13_apis(void) { int ret = 0; #ifndef WOLFSSL_NO_TLS12 #ifndef NO_WOLFSSL_CLIENT WOLFSSL_CTX* clientTls12Ctx; WOLFSSL* clientTls12Ssl; #endif #ifndef NO_WOLFSSL_SERVER WOLFSSL_CTX* serverTls12Ctx; WOLFSSL* serverTls12Ssl; #endif #endif #ifndef NO_WOLFSSL_CLIENT WOLFSSL_CTX* clientCtx; WOLFSSL* clientSsl; #endif #ifndef NO_WOLFSSL_SERVER WOLFSSL_CTX* serverCtx; WOLFSSL* serverSsl; #if !defined(NO_CERTS) && !defined(NO_FILESYSTEM) const char* ourCert = svrCertFile; const char* ourKey = svrKeyFile; #endif #endif int required; #ifdef WOLFSSL_EARLY_DATA int outSz; #endif #if defined(HAVE_ECC) && defined(HAVE_SUPPORTED_CURVES) int groups[2] = { WOLFSSL_ECC_SECP256R1, #ifdef HAVE_PQC WOLFSSL_KYBER_LEVEL1 #else WOLFSSL_ECC_SECP256R1 #endif }; #if !defined(NO_WOLFSSL_SERVER) || !defined(NO_WOLFSSL_CLIENT) int bad_groups[2] = { 0xDEAD, 0xBEEF }; #endif /* !NO_WOLFSSL_SERVER || !NO_WOLFSSL_CLIENT */ int numGroups = 2; #endif #if defined(OPENSSL_EXTRA) && defined(HAVE_ECC) char groupList[] = #ifndef NO_ECC_SECP #if (defined(HAVE_ECC521) || defined(HAVE_ALL_CURVES)) && ECC_MIN_KEY_SZ <= 521 "P-521:" #endif #if (defined(HAVE_ECC384) || defined(HAVE_ALL_CURVES)) && ECC_MIN_KEY_SZ <= 384 "P-384:" #endif #if (!defined(NO_ECC256) || defined(HAVE_ALL_CURVES)) && ECC_MIN_KEY_SZ <= 256 "P-256" #ifdef HAVE_PQC ":P256_KYBER_LEVEL1" #endif #endif #ifdef HAVE_PQC ":KYBER_LEVEL1" #endif ""; #endif /* !defined(NO_ECC_SECP) */ #endif /* defined(OPENSSL_EXTRA) && defined(HAVE_ECC) */ (void)ret; #ifndef WOLFSSL_NO_TLS12 #ifndef NO_WOLFSSL_CLIENT clientTls12Ctx = wolfSSL_CTX_new(wolfTLSv1_2_client_method()); clientTls12Ssl = wolfSSL_new(clientTls12Ctx); #endif #ifndef NO_WOLFSSL_SERVER serverTls12Ctx = wolfSSL_CTX_new(wolfTLSv1_2_server_method()); #if !defined(NO_CERTS) && !defined(NO_FILESYSTEM) wolfSSL_CTX_use_certificate_chain_file(serverTls12Ctx, ourCert); wolfSSL_CTX_use_PrivateKey_file(serverTls12Ctx, ourKey, WOLFSSL_FILETYPE_PEM); #endif serverTls12Ssl = wolfSSL_new(serverTls12Ctx); #endif #endif #ifndef NO_WOLFSSL_CLIENT clientCtx = wolfSSL_CTX_new(wolfTLSv1_3_client_method()); clientSsl = wolfSSL_new(clientCtx); #endif #ifndef NO_WOLFSSL_SERVER serverCtx = wolfSSL_CTX_new(wolfTLSv1_3_server_method()); #if !defined(NO_CERTS) && !defined(NO_FILESYSTEM) wolfSSL_CTX_use_certificate_chain_file(serverCtx, ourCert); wolfSSL_CTX_use_PrivateKey_file(serverCtx, ourKey, WOLFSSL_FILETYPE_PEM); #endif serverSsl = wolfSSL_new(serverCtx); AssertNotNull(serverSsl); #endif #ifdef WOLFSSL_SEND_HRR_COOKIE AssertIntEQ(wolfSSL_send_hrr_cookie(NULL, NULL, 0), BAD_FUNC_ARG); #ifndef NO_WOLFSSL_CLIENT AssertIntEQ(wolfSSL_send_hrr_cookie(clientSsl, NULL, 0), SIDE_ERROR); #endif #ifndef NO_WOLFSSL_SERVER #ifndef WOLFSSL_NO_TLS12 AssertIntEQ(wolfSSL_send_hrr_cookie(serverTls12Ssl, NULL, 0), BAD_FUNC_ARG); #endif AssertIntEQ(wolfSSL_send_hrr_cookie(serverSsl, NULL, 0), WOLFSSL_SUCCESS); AssertIntEQ(wolfSSL_send_hrr_cookie(serverSsl, fixedKey, sizeof(fixedKey)), WOLFSSL_SUCCESS); #endif #endif #ifdef HAVE_SUPPORTED_CURVES #ifdef HAVE_ECC AssertIntEQ(wolfSSL_UseKeyShare(NULL, WOLFSSL_ECC_SECP256R1), BAD_FUNC_ARG); #ifndef NO_WOLFSSL_SERVER do { ret = wolfSSL_UseKeyShare(serverSsl, WOLFSSL_ECC_SECP256R1); #ifdef WOLFSSL_ASYNC_CRYPT if (ret == WC_PENDING_E) wolfSSL_AsyncPoll(serverSsl, WOLF_POLL_FLAG_CHECK_HW); #endif } while (ret == WC_PENDING_E); AssertIntEQ(ret, WOLFSSL_SUCCESS); #endif #ifndef NO_WOLFSSL_CLIENT #ifndef WOLFSSL_NO_TLS12 do { ret = wolfSSL_UseKeyShare(clientTls12Ssl, WOLFSSL_ECC_SECP256R1); #ifdef WOLFSSL_ASYNC_CRYPT if (ret == WC_PENDING_E) wolfSSL_AsyncPoll(clientTls12Ssl, WOLF_POLL_FLAG_CHECK_HW); #endif } while (ret == WC_PENDING_E); AssertIntEQ(ret, WOLFSSL_SUCCESS); #endif do { ret = wolfSSL_UseKeyShare(clientSsl, WOLFSSL_ECC_SECP256R1); #ifdef WOLFSSL_ASYNC_CRYPT if (ret == WC_PENDING_E) wolfSSL_AsyncPoll(clientSsl, WOLF_POLL_FLAG_CHECK_HW); #endif } while (ret == WC_PENDING_E); AssertIntEQ(ret, WOLFSSL_SUCCESS); #endif #elif defined(HAVE_CURVE25519) AssertIntEQ(wolfSSL_UseKeyShare(NULL, WOLFSSL_ECC_X25519), BAD_FUNC_ARG); #ifndef NO_WOLFSSL_SERVER AssertIntEQ(wolfSSL_UseKeyShare(serverSsl, WOLFSSL_ECC_X25519), WOLFSSL_SUCCESS); #endif #ifndef NO_WOLFSSL_CLIENT #ifndef WOLFSSL_NO_TLS12 AssertIntEQ(wolfSSL_UseKeyShare(clientTls12Ssl, WOLFSSL_ECC_X25519), WOLFSSL_SUCCESS); #endif AssertIntEQ(wolfSSL_UseKeyShare(clientSsl, WOLFSSL_ECC_X25519), WOLFSSL_SUCCESS); #endif #elif defined(HAVE_CURVE448) AssertIntEQ(wolfSSL_UseKeyShare(NULL, WOLFSSL_ECC_X448), BAD_FUNC_ARG); #ifndef NO_WOLFSSL_SERVER AssertIntEQ(wolfSSL_UseKeyShare(serverSsl, WOLFSSL_ECC_X448), WOLFSSL_SUCCESS); #endif #ifndef NO_WOLFSSL_CLIENT #ifndef WOLFSSL_NO_TLS12 AssertIntEQ(wolfSSL_UseKeyShare(clientTls12Ssl, WOLFSSL_ECC_X448), WOLFSSL_SUCCESS); #endif AssertIntEQ(wolfSSL_UseKeyShare(clientSsl, WOLFSSL_ECC_X448), WOLFSSL_SUCCESS); #endif #else AssertIntEQ(wolfSSL_UseKeyShare(NULL, WOLFSSL_ECC_SECP256R1), BAD_FUNC_ARG); #ifndef NO_WOLFSSL_CLIENT #ifndef WOLFSSL_NO_TLS12 AssertIntEQ(wolfSSL_UseKeyShare(clientTls12Ssl, WOLFSSL_ECC_SECP256R1), NOT_COMPILED_IN); #endif AssertIntEQ(wolfSSL_UseKeyShare(clientSsl, WOLFSSL_ECC_SECP256R1), NOT_COMPILED_IN); #endif #endif #if defined(HAVE_PQC) AssertIntEQ(wolfSSL_UseKeyShare(NULL, WOLFSSL_KYBER_LEVEL3), BAD_FUNC_ARG); #ifndef NO_WOLFSSL_SERVER AssertIntEQ(wolfSSL_UseKeyShare(serverSsl, WOLFSSL_KYBER_LEVEL3), WOLFSSL_SUCCESS); #endif #ifndef NO_WOLFSSL_CLIENT #ifndef WOLFSSL_NO_TLS12 AssertIntEQ(wolfSSL_UseKeyShare(clientTls12Ssl, WOLFSSL_KYBER_LEVEL3), BAD_FUNC_ARG); #endif AssertIntEQ(wolfSSL_UseKeyShare(clientSsl, WOLFSSL_KYBER_LEVEL3), WOLFSSL_SUCCESS); #endif #endif AssertIntEQ(wolfSSL_NoKeyShares(NULL), BAD_FUNC_ARG); #ifndef NO_WOLFSSL_SERVER AssertIntEQ(wolfSSL_NoKeyShares(serverSsl), SIDE_ERROR); #endif #ifndef NO_WOLFSSL_CLIENT #ifndef WOLFSSL_NO_TLS12 AssertIntEQ(wolfSSL_NoKeyShares(clientTls12Ssl), WOLFSSL_SUCCESS); #endif AssertIntEQ(wolfSSL_NoKeyShares(clientSsl), WOLFSSL_SUCCESS); #endif #endif /* HAVE_SUPPORTED_CURVES */ AssertIntEQ(wolfSSL_CTX_no_ticket_TLSv13(NULL), BAD_FUNC_ARG); #ifndef NO_WOLFSSL_CLIENT AssertIntEQ(wolfSSL_CTX_no_ticket_TLSv13(clientCtx), SIDE_ERROR); #endif #ifndef NO_WOLFSSL_SERVER #ifndef WOLFSSL_NO_TLS12 AssertIntEQ(wolfSSL_CTX_no_ticket_TLSv13(serverTls12Ctx), BAD_FUNC_ARG); #endif AssertIntEQ(wolfSSL_CTX_no_ticket_TLSv13(serverCtx), 0); #endif AssertIntEQ(wolfSSL_no_ticket_TLSv13(NULL), BAD_FUNC_ARG); #ifndef NO_WOLFSSL_CLIENT AssertIntEQ(wolfSSL_no_ticket_TLSv13(clientSsl), SIDE_ERROR); #endif #ifndef NO_WOLFSSL_SERVER #ifndef WOLFSSL_NO_TLS12 AssertIntEQ(wolfSSL_no_ticket_TLSv13(serverTls12Ssl), BAD_FUNC_ARG); #endif AssertIntEQ(wolfSSL_no_ticket_TLSv13(serverSsl), 0); #endif AssertIntEQ(wolfSSL_CTX_no_dhe_psk(NULL), BAD_FUNC_ARG); #ifndef NO_WOLFSSL_CLIENT #ifndef WOLFSSL_NO_TLS12 AssertIntEQ(wolfSSL_CTX_no_dhe_psk(clientTls12Ctx), BAD_FUNC_ARG); #endif AssertIntEQ(wolfSSL_CTX_no_dhe_psk(clientCtx), 0); #endif #ifndef NO_WOLFSSL_SERVER AssertIntEQ(wolfSSL_CTX_no_dhe_psk(serverCtx), 0); #endif AssertIntEQ(wolfSSL_no_dhe_psk(NULL), BAD_FUNC_ARG); #ifndef NO_WOLFSSL_CLIENT #ifndef WOLFSSL_NO_TLS12 AssertIntEQ(wolfSSL_no_dhe_psk(clientTls12Ssl), BAD_FUNC_ARG); #endif AssertIntEQ(wolfSSL_no_dhe_psk(clientSsl), 0); #endif #ifndef NO_WOLFSSL_SERVER AssertIntEQ(wolfSSL_no_dhe_psk(serverSsl), 0); #endif AssertIntEQ(wolfSSL_update_keys(NULL), BAD_FUNC_ARG); #ifndef NO_WOLFSSL_CLIENT #ifndef WOLFSSL_NO_TLS12 AssertIntEQ(wolfSSL_update_keys(clientTls12Ssl), BAD_FUNC_ARG); #endif AssertIntEQ(wolfSSL_update_keys(clientSsl), BUILD_MSG_ERROR); #endif #ifndef NO_WOLFSSL_SERVER AssertIntEQ(wolfSSL_update_keys(serverSsl), BUILD_MSG_ERROR); #endif AssertIntEQ(wolfSSL_key_update_response(NULL, NULL), BAD_FUNC_ARG); AssertIntEQ(wolfSSL_key_update_response(NULL, &required), BAD_FUNC_ARG); #ifndef NO_WOLFSSL_CLIENT #ifndef WOLFSSL_NO_TLS12 AssertIntEQ(wolfSSL_key_update_response(clientTls12Ssl, &required), BAD_FUNC_ARG); #endif AssertIntEQ(wolfSSL_key_update_response(clientSsl, NULL), BAD_FUNC_ARG); #endif #ifndef NO_WOLFSSL_SERVER AssertIntEQ(wolfSSL_key_update_response(serverSsl, NULL), BAD_FUNC_ARG); #endif #if !defined(NO_CERTS) && defined(WOLFSSL_POST_HANDSHAKE_AUTH) AssertIntEQ(wolfSSL_CTX_allow_post_handshake_auth(NULL), BAD_FUNC_ARG); #ifndef NO_WOLFSSL_SERVER AssertIntEQ(wolfSSL_CTX_allow_post_handshake_auth(serverCtx), SIDE_ERROR); #endif #ifndef NO_WOLFSSL_CLIENT #ifndef WOLFSSL_NO_TLS12 AssertIntEQ(wolfSSL_CTX_allow_post_handshake_auth(clientTls12Ctx), BAD_FUNC_ARG); #endif AssertIntEQ(wolfSSL_CTX_allow_post_handshake_auth(clientCtx), 0); #endif AssertIntEQ(wolfSSL_allow_post_handshake_auth(NULL), BAD_FUNC_ARG); #ifndef NO_WOLFSSL_SERVER AssertIntEQ(wolfSSL_allow_post_handshake_auth(serverSsl), SIDE_ERROR); #endif #ifndef NO_WOLFSSL_CLIENT #ifndef WOLFSSL_NO_TLS12 AssertIntEQ(wolfSSL_allow_post_handshake_auth(clientTls12Ssl), BAD_FUNC_ARG); #endif AssertIntEQ(wolfSSL_allow_post_handshake_auth(clientSsl), 0); #endif AssertIntEQ(wolfSSL_request_certificate(NULL), BAD_FUNC_ARG); #ifndef NO_WOLFSSL_CLIENT AssertIntEQ(wolfSSL_request_certificate(clientSsl), SIDE_ERROR); #endif #ifndef NO_WOLFSSL_SERVER #ifndef WOLFSSL_NO_TLS12 AssertIntEQ(wolfSSL_request_certificate(serverTls12Ssl), BAD_FUNC_ARG); #endif AssertIntEQ(wolfSSL_request_certificate(serverSsl), NOT_READY_ERROR); #endif #endif #ifdef HAVE_ECC #ifndef WOLFSSL_NO_SERVER_GROUPS_EXT AssertIntEQ(wolfSSL_preferred_group(NULL), BAD_FUNC_ARG); #ifndef NO_WOLFSSL_SERVER AssertIntEQ(wolfSSL_preferred_group(serverSsl), SIDE_ERROR); #endif #ifndef NO_WOLFSSL_CLIENT #ifndef WOLFSSL_NO_TLS12 AssertIntEQ(wolfSSL_preferred_group(clientTls12Ssl), BAD_FUNC_ARG); #endif AssertIntEQ(wolfSSL_preferred_group(clientSsl), NOT_READY_ERROR); #endif #endif #ifdef HAVE_SUPPORTED_CURVES AssertIntEQ(wolfSSL_CTX_set_groups(NULL, NULL, 0), BAD_FUNC_ARG); #ifndef NO_WOLFSSL_CLIENT AssertIntEQ(wolfSSL_CTX_set_groups(clientCtx, NULL, 0), BAD_FUNC_ARG); #endif AssertIntEQ(wolfSSL_CTX_set_groups(NULL, groups, numGroups), BAD_FUNC_ARG); #ifndef NO_WOLFSSL_CLIENT #ifndef WOLFSSL_NO_TLS12 AssertIntEQ(wolfSSL_CTX_set_groups(clientTls12Ctx, groups, numGroups), BAD_FUNC_ARG); #endif AssertIntEQ(wolfSSL_CTX_set_groups(clientCtx, groups, WOLFSSL_MAX_GROUP_COUNT + 1), BAD_FUNC_ARG); AssertIntEQ(wolfSSL_CTX_set_groups(clientCtx, groups, numGroups), WOLFSSL_SUCCESS); AssertIntEQ(wolfSSL_CTX_set_groups(clientCtx, bad_groups, numGroups), BAD_FUNC_ARG); #endif #ifndef NO_WOLFSSL_SERVER AssertIntEQ(wolfSSL_CTX_set_groups(serverCtx, groups, numGroups), WOLFSSL_SUCCESS); AssertIntEQ(wolfSSL_CTX_set_groups(serverCtx, bad_groups, numGroups), BAD_FUNC_ARG); #endif AssertIntEQ(wolfSSL_set_groups(NULL, NULL, 0), BAD_FUNC_ARG); #ifndef NO_WOLFSSL_CLIENT AssertIntEQ(wolfSSL_set_groups(clientSsl, NULL, 0), BAD_FUNC_ARG); #endif AssertIntEQ(wolfSSL_set_groups(NULL, groups, numGroups), BAD_FUNC_ARG); #ifndef NO_WOLFSSL_CLIENT #ifndef WOLFSSL_NO_TLS12 AssertIntEQ(wolfSSL_set_groups(clientTls12Ssl, groups, numGroups), BAD_FUNC_ARG); #endif AssertIntEQ(wolfSSL_set_groups(clientSsl, groups, WOLFSSL_MAX_GROUP_COUNT + 1), BAD_FUNC_ARG); AssertIntEQ(wolfSSL_set_groups(clientSsl, groups, numGroups), WOLFSSL_SUCCESS); AssertIntEQ(wolfSSL_set_groups(clientSsl, bad_groups, numGroups), BAD_FUNC_ARG); #endif #ifndef NO_WOLFSSL_SERVER AssertIntEQ(wolfSSL_set_groups(serverSsl, groups, numGroups), WOLFSSL_SUCCESS); AssertIntEQ(wolfSSL_set_groups(serverSsl, bad_groups, numGroups), BAD_FUNC_ARG); #endif #ifdef OPENSSL_EXTRA AssertIntEQ(wolfSSL_CTX_set1_groups_list(NULL, NULL), WOLFSSL_FAILURE); #ifndef NO_WOLFSSL_CLIENT AssertIntEQ(wolfSSL_CTX_set1_groups_list(clientCtx, NULL), WOLFSSL_FAILURE); #endif AssertIntEQ(wolfSSL_CTX_set1_groups_list(NULL, groupList), WOLFSSL_FAILURE); #ifndef NO_WOLFSSL_CLIENT #ifndef WOLFSSL_NO_TLS12 AssertIntEQ(wolfSSL_CTX_set1_groups_list(clientTls12Ctx, groupList), WOLFSSL_FAILURE); #endif AssertIntEQ(wolfSSL_CTX_set1_groups_list(clientCtx, groupList), WOLFSSL_SUCCESS); #endif #ifndef NO_WOLFSSL_SERVER AssertIntEQ(wolfSSL_CTX_set1_groups_list(serverCtx, groupList), WOLFSSL_SUCCESS); #endif AssertIntEQ(wolfSSL_set1_groups_list(NULL, NULL), WOLFSSL_FAILURE); #ifndef NO_WOLFSSL_CLIENT AssertIntEQ(wolfSSL_set1_groups_list(clientSsl, NULL), WOLFSSL_FAILURE); #endif AssertIntEQ(wolfSSL_set1_groups_list(NULL, groupList), WOLFSSL_FAILURE); #ifndef NO_WOLFSSL_CLIENT #ifndef WOLFSSL_NO_TLS12 AssertIntEQ(wolfSSL_set1_groups_list(clientTls12Ssl, groupList), WOLFSSL_FAILURE); #endif AssertIntEQ(wolfSSL_set1_groups_list(clientSsl, groupList), WOLFSSL_SUCCESS); #endif #ifndef NO_WOLFSSL_SERVER AssertIntEQ(wolfSSL_set1_groups_list(serverSsl, groupList), WOLFSSL_SUCCESS); #endif #endif /* OPENSSL_EXTRA */ #endif /* HAVE_SUPPORTED_CURVES */ #endif /* HAVE_ECC */ #ifdef WOLFSSL_EARLY_DATA #ifndef OPENSSL_EXTRA AssertIntEQ(wolfSSL_CTX_set_max_early_data(NULL, 0), BAD_FUNC_ARG); AssertIntEQ(wolfSSL_CTX_get_max_early_data(NULL), BAD_FUNC_ARG); #else AssertIntEQ(SSL_CTX_set_max_early_data(NULL, 0), BAD_FUNC_ARG); AssertIntEQ(SSL_CTX_get_max_early_data(NULL), BAD_FUNC_ARG); #endif #ifndef NO_WOLFSSL_CLIENT #ifndef OPENSSL_EXTRA AssertIntEQ(wolfSSL_CTX_set_max_early_data(clientCtx, 0), SIDE_ERROR); AssertIntEQ(wolfSSL_CTX_get_max_early_data(clientCtx), SIDE_ERROR); #else AssertIntEQ(SSL_CTX_set_max_early_data(clientCtx, 0), SIDE_ERROR); AssertIntEQ(SSL_CTX_get_max_early_data(clientCtx), SIDE_ERROR); #endif #endif #ifndef NO_WOLFSSL_SERVER #ifndef WOLFSSL_NO_TLS12 #ifndef OPENSSL_EXTRA AssertIntEQ(wolfSSL_CTX_set_max_early_data(serverTls12Ctx, 0), BAD_FUNC_ARG); AssertIntEQ(wolfSSL_CTX_get_max_early_data(serverTls12Ctx), BAD_FUNC_ARG); #else AssertIntEQ(SSL_CTX_set_max_early_data(serverTls12Ctx, 0), BAD_FUNC_ARG); AssertIntEQ(SSL_CTX_get_max_early_data(serverTls12Ctx), BAD_FUNC_ARG); #endif #endif #ifndef OPENSSL_EXTRA #ifdef WOLFSSL_ERROR_CODE_OPENSSL AssertIntEQ(wolfSSL_CTX_set_max_early_data(serverCtx, 32), WOLFSSL_SUCCESS); #else AssertIntEQ(wolfSSL_CTX_set_max_early_data(serverCtx, 32), 0); #endif AssertIntEQ(wolfSSL_CTX_get_max_early_data(serverCtx), 32); #else AssertIntEQ(SSL_CTX_set_max_early_data(serverCtx, 32), 1); AssertIntEQ(SSL_CTX_get_max_early_data(serverCtx), 32); #endif #endif #ifndef OPENSSL_EXTRA AssertIntEQ(wolfSSL_set_max_early_data(NULL, 0), BAD_FUNC_ARG); AssertIntEQ(wolfSSL_get_max_early_data(NULL), BAD_FUNC_ARG); #else AssertIntEQ(SSL_set_max_early_data(NULL, 0), BAD_FUNC_ARG); AssertIntEQ(SSL_get_max_early_data(NULL), BAD_FUNC_ARG); #endif #ifndef NO_WOLFSSL_CLIENT #ifndef OPENSSL_EXTRA #ifdef WOLFSSL_ERROR_CODE_OPENSSL AssertIntEQ(wolfSSL_set_max_early_data(clientSsl, 17), WOLFSSL_SUCCESS); #else AssertIntEQ(wolfSSL_set_max_early_data(clientSsl, 17), 0); #endif AssertIntEQ(wolfSSL_get_max_early_data(clientSsl), 17); #else AssertIntEQ(SSL_set_max_early_data(clientSsl, 17), WOLFSSL_SUCCESS); AssertIntEQ(SSL_get_max_early_data(clientSsl), 17); #endif #endif #ifndef NO_WOLFSSL_SERVER #ifndef WOLFSSL_NO_TLS12 #ifndef OPENSSL_EXTRA AssertIntEQ(wolfSSL_set_max_early_data(serverTls12Ssl, 0), BAD_FUNC_ARG); AssertIntEQ(wolfSSL_get_max_early_data(serverTls12Ssl), BAD_FUNC_ARG); #else AssertIntEQ(SSL_set_max_early_data(serverTls12Ssl, 0), BAD_FUNC_ARG); AssertIntEQ(SSL_get_max_early_data(serverTls12Ssl), BAD_FUNC_ARG); #endif #endif #ifndef OPENSSL_EXTRA #ifdef WOLFSSL_ERROR_CODE_OPENSSL AssertIntEQ(wolfSSL_set_max_early_data(serverSsl, 16), WOLFSSL_SUCCESS); #else AssertIntEQ(wolfSSL_set_max_early_data(serverSsl, 16), 0); #endif AssertIntEQ(wolfSSL_get_max_early_data(serverSsl), 16); #else AssertIntEQ(SSL_set_max_early_data(serverSsl, 16), 1); AssertIntEQ(SSL_get_max_early_data(serverSsl), 16); #endif #endif AssertIntEQ(wolfSSL_write_early_data(NULL, earlyData, sizeof(earlyData), &outSz), BAD_FUNC_ARG); #ifndef NO_WOLFSSL_CLIENT AssertIntEQ(wolfSSL_write_early_data(clientSsl, NULL, sizeof(earlyData), &outSz), BAD_FUNC_ARG); AssertIntEQ(wolfSSL_write_early_data(clientSsl, earlyData, -1, &outSz), BAD_FUNC_ARG); AssertIntEQ(wolfSSL_write_early_data(clientSsl, earlyData, sizeof(earlyData), NULL), BAD_FUNC_ARG); #endif #ifndef NO_WOLFSSL_SERVER AssertIntEQ(wolfSSL_write_early_data(serverSsl, earlyData, sizeof(earlyData), &outSz), SIDE_ERROR); #endif #ifndef NO_WOLFSSL_CLIENT #ifndef WOLFSSL_NO_TLS12 AssertIntEQ(wolfSSL_write_early_data(clientTls12Ssl, earlyData, sizeof(earlyData), &outSz), BAD_FUNC_ARG); #endif AssertIntEQ(wolfSSL_write_early_data(clientSsl, earlyData, sizeof(earlyData), &outSz), WOLFSSL_FATAL_ERROR); #endif AssertIntEQ(wolfSSL_read_early_data(NULL, earlyDataBuffer, sizeof(earlyDataBuffer), &outSz), BAD_FUNC_ARG); #ifndef NO_WOLFSSL_SERVER AssertIntEQ(wolfSSL_read_early_data(serverSsl, NULL, sizeof(earlyDataBuffer), &outSz), BAD_FUNC_ARG); AssertIntEQ(wolfSSL_read_early_data(serverSsl, earlyDataBuffer, -1, &outSz), BAD_FUNC_ARG); AssertIntEQ(wolfSSL_read_early_data(serverSsl, earlyDataBuffer, sizeof(earlyDataBuffer), NULL), BAD_FUNC_ARG); #endif #ifndef NO_WOLFSSL_CLIENT AssertIntEQ(wolfSSL_read_early_data(clientSsl, earlyDataBuffer, sizeof(earlyDataBuffer), &outSz), SIDE_ERROR); #endif #ifndef NO_WOLFSSL_SERVER #ifndef WOLFSSL_NO_TLS12 AssertIntEQ(wolfSSL_read_early_data(serverTls12Ssl, earlyDataBuffer, sizeof(earlyDataBuffer), &outSz), BAD_FUNC_ARG); #endif AssertIntEQ(wolfSSL_read_early_data(serverSsl, earlyDataBuffer, sizeof(earlyDataBuffer), &outSz), WOLFSSL_FATAL_ERROR); #endif #endif #if defined(OPENSSL_EXTRA) && defined(WOLFSSL_EARLY_DATA) AssertIntLT(SSL_get_early_data_status(NULL), 0); #endif #ifndef NO_WOLFSSL_SERVER wolfSSL_free(serverSsl); wolfSSL_CTX_free(serverCtx); #endif #ifndef NO_WOLFSSL_CLIENT wolfSSL_free(clientSsl); wolfSSL_CTX_free(clientCtx); #endif #ifndef WOLFSSL_NO_TLS12 #ifndef NO_WOLFSSL_SERVER wolfSSL_free(serverTls12Ssl); wolfSSL_CTX_free(serverTls12Ctx); #endif #ifndef NO_WOLFSSL_CLIENT wolfSSL_free(clientTls12Ssl); wolfSSL_CTX_free(clientTls12Ctx); #endif #endif return TEST_RES_CHECK(1); } #if defined(HAVE_SESSION_TICKET) && !defined(NO_WOLFSSL_SERVER) && \ defined(HAVE_ECC) && defined(BUILD_TLS_AES_128_GCM_SHA256) && \ defined(BUILD_TLS_AES_256_GCM_SHA384) /* Called when writing. */ static int CsSend(WOLFSSL* ssl, char* buf, int sz, void* ctx) { (void)ssl; (void)buf; (void)sz; (void)ctx; /* Force error return from wolfSSL_accept_TLSv13(). */ return WANT_WRITE; } /* Called when reading. */ static int CsRecv(WOLFSSL* ssl, char* buf, int sz, void* ctx) { WOLFSSL_BUFFER_INFO* msg = (WOLFSSL_BUFFER_INFO*)ctx; int len = (int)msg->length; (void)ssl; (void)sz; /* Pass back as much of message as will fit in buffer. */ if (len > sz) len = sz; XMEMCPY(buf, msg->buffer, len); /* Move over returned data. */ msg->buffer += len; msg->length -= len; /* Amount actually copied. */ return len; } #endif static int test_tls13_cipher_suites(void) { int res = TEST_SKIPPED; #if defined(HAVE_SESSION_TICKET) && !defined(NO_WOLFSSL_SERVER) && \ defined(HAVE_ECC) && defined(BUILD_TLS_AES_128_GCM_SHA256) && \ defined(BUILD_TLS_AES_256_GCM_SHA384) WOLFSSL_CTX* ctx; WOLFSSL *ssl; int i; byte clientHello[] = { 0x16, 0x03, 0x03, 0x01, 0x9b, 0x01, 0x00, 0x01, 0x97, 0x03, 0x03, 0xf4, 0x65, 0xbd, 0x22, 0xfe, 0x6e, 0xab, 0x66, 0xdd, 0xcf, 0xe9, 0x65, 0x55, 0xe8, 0xdf, 0xc3, 0x8e, 0x4b, 0x00, 0xbc, 0xf8, 0x23, 0x57, 0x1b, 0xa0, 0xc8, 0xa9, 0xe2, 0x8c, 0x91, 0x6e, 0xf9, 0x20, 0xf7, 0x5c, 0xc5, 0x5b, 0x75, 0x8c, 0x47, 0x0a, 0x0e, 0xc4, 0x1a, 0xda, 0xef, 0x75, 0xe5, 0x21, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x04, /* Cipher suites: 0x13, 0x01 = TLS13-AES128-GCM-SHA256, twice. */ 0x13, 0x01, 0x13, 0x01, 0x01, 0x00, 0x01, 0x4a, 0x00, 0x2d, 0x00, 0x03, 0x02, 0x00, 0x01, 0x00, 0x33, 0x00, 0x47, 0x00, 0x45, 0x00, 0x17, 0x00, 0x41, 0x04, 0x90, 0xfc, 0xe2, 0x97, 0x05, 0x7c, 0xb5, 0x23, 0x5d, 0x5f, 0x5b, 0xcd, 0x0c, 0x1e, 0xe0, 0xe9, 0xab, 0x38, 0x6b, 0x1e, 0x20, 0x5c, 0x1c, 0x90, 0x2a, 0x9e, 0x68, 0x8e, 0x70, 0x05, 0x10, 0xa8, 0x02, 0x1b, 0xf9, 0x5c, 0xef, 0xc9, 0xaf, 0xca, 0x1a, 0x3b, 0x16, 0x8b, 0xe4, 0x1b, 0x3c, 0x15, 0xb8, 0x0d, 0xbd, 0xaf, 0x62, 0x8d, 0xa7, 0x13, 0xa0, 0x7c, 0xe0, 0x59, 0x0c, 0x4f, 0x8a, 0x6d, 0x00, 0x2b, 0x00, 0x03, 0x02, 0x03, 0x04, 0x00, 0x0d, 0x00, 0x20, 0x00, 0x1e, 0x06, 0x03, 0x05, 0x03, 0x04, 0x03, 0x02, 0x03, 0x08, 0x06, 0x08, 0x0b, 0x08, 0x05, 0x08, 0x0a, 0x08, 0x04, 0x08, 0x09, 0x06, 0x01, 0x05, 0x01, 0x04, 0x01, 0x03, 0x01, 0x02, 0x01, 0x00, 0x0a, 0x00, 0x04, 0x00, 0x02, 0x00, 0x17, 0x00, 0x16, 0x00, 0x00, 0x00, 0x23, 0x00, 0x00, 0x00, 0x29, 0x00, 0xb9, 0x00, 0x94, 0x00, 0x8e, 0x0f, 0x12, 0xfa, 0x84, 0x1f, 0x76, 0x94, 0xd7, 0x09, 0x5e, 0xad, 0x08, 0x51, 0xb6, 0x80, 0x28, 0x31, 0x8b, 0xfd, 0xc6, 0xbd, 0x9e, 0xf5, 0x3b, 0x4d, 0x02, 0xbe, 0x1d, 0x73, 0xea, 0x13, 0x68, 0x00, 0x4c, 0xfd, 0x3d, 0x48, 0x51, 0xf9, 0x06, 0xbb, 0x92, 0xed, 0x42, 0x9f, 0x7f, 0x2c, 0x73, 0x9f, 0xd9, 0xb4, 0xef, 0x05, 0x26, 0x5b, 0x60, 0x5c, 0x0a, 0xfc, 0xa3, 0xbd, 0x2d, 0x2d, 0x8b, 0xf9, 0xaa, 0x5c, 0x96, 0x3a, 0xf2, 0xec, 0xfa, 0xe5, 0x57, 0x2e, 0x87, 0xbe, 0x27, 0xc5, 0x3d, 0x4f, 0x5d, 0xdd, 0xde, 0x1c, 0x1b, 0xb3, 0xcc, 0x27, 0x27, 0x57, 0x5a, 0xd9, 0xea, 0x99, 0x27, 0x23, 0xa6, 0x0e, 0xea, 0x9c, 0x0d, 0x85, 0xcb, 0x72, 0xeb, 0xd7, 0x93, 0xe3, 0xfe, 0xf7, 0x5c, 0xc5, 0x5b, 0x75, 0x8c, 0x47, 0x0a, 0x0e, 0xc4, 0x1a, 0xda, 0xef, 0x75, 0xe5, 0x21, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0xfb, 0x92, 0xce, 0xaa, 0x00, 0x21, 0x20, 0xcb, 0x73, 0x25, 0x80, 0x46, 0x78, 0x4f, 0xe5, 0x34, 0xf6, 0x91, 0x13, 0x7f, 0xc8, 0x8d, 0xdc, 0x81, 0x04, 0xb7, 0x0d, 0x49, 0x85, 0x2e, 0x12, 0x7a, 0x07, 0x23, 0xe9, 0x13, 0xa4, 0x6d, 0x8c }; WOLFSSL_BUFFER_INFO msg; /* Offset into ClientHello message data of first cipher suite. */ const int csOff = 78; /* Server cipher list. */ const char* serverCs = "TLS13-AES256-GCM-SHA384:TLS13-AES128-GCM-SHA256"; /* Suite list with duplicates. */ const char* dupCs = "TLS13-AES128-GCM-SHA256:" "TLS13-AES128-GCM-SHA256:" "TLS13-AES256-GCM-SHA384:" "TLS13-AES256-GCM-SHA384:" "TLS13-AES128-GCM-SHA256"; #if defined(OPENSSL_EXTRA) || defined(WOLFSSL_SET_CIPHER_BYTES) const byte dupCsBytes[] = { TLS13_BYTE, TLS_AES_256_GCM_SHA384, TLS13_BYTE, TLS_AES_256_GCM_SHA384, TLS13_BYTE, TLS_AES_128_GCM_SHA256, TLS13_BYTE, TLS_AES_128_GCM_SHA256, TLS13_BYTE, TLS_AES_256_GCM_SHA384 }; #endif /* Set up wolfSSL context. */ AssertNotNull(ctx = wolfSSL_CTX_new(wolfTLSv1_3_server_method())); AssertTrue(wolfSSL_CTX_use_certificate_file(ctx, eccCertFile, WOLFSSL_FILETYPE_PEM)); AssertTrue(wolfSSL_CTX_use_PrivateKey_file(ctx, eccKeyFile, WOLFSSL_FILETYPE_PEM)); /* Read from 'msg'. */ wolfSSL_SetIORecv(ctx, CsRecv); /* No where to send to - dummy sender. */ wolfSSL_SetIOSend(ctx, CsSend); /* Test cipher suite list with many copies of a cipher suite. */ AssertNotNull(ssl = wolfSSL_new(ctx)); msg.buffer = clientHello; msg.length = (unsigned int)sizeof(clientHello); wolfSSL_SetIOReadCtx(ssl, &msg); /* Force server to have as many occurrences of same cipher suite as * possible. */ { Suites* suites = (Suites*)WOLFSSL_SUITES(ssl); suites->suiteSz = WOLFSSL_MAX_SUITE_SZ; for (i = 0; i < suites->suiteSz; i += 2) { suites->suites[i + 0] = TLS13_BYTE; suites->suites[i + 1] = TLS_AES_128_GCM_SHA256; } } /* Test multiple occurrences of same cipher suite. */ wolfSSL_accept_TLSv13(ssl); wolfSSL_free(ssl); /* Set client order opposite to server order: * TLS13-AES128-GCM-SHA256:TLS13-AES256-GCM-SHA384 */ clientHello[csOff + 0] = TLS13_BYTE; clientHello[csOff + 1] = TLS_AES_128_GCM_SHA256; clientHello[csOff + 2] = TLS13_BYTE; clientHello[csOff + 3] = TLS_AES_256_GCM_SHA384; /* Test server order negotiation. */ AssertNotNull(ssl = wolfSSL_new(ctx)); msg.buffer = clientHello; msg.length = (unsigned int)sizeof(clientHello); wolfSSL_SetIOReadCtx(ssl, &msg); /* Server order: TLS13-AES256-GCM-SHA384:TLS13-AES128-GCM-SHA256 */ AssertIntEQ(wolfSSL_set_cipher_list(ssl, serverCs), WOLFSSL_SUCCESS); /* Negotiate cipher suites in server order: TLS13-AES256-GCM-SHA384 */ wolfSSL_accept_TLSv13(ssl); /* Check refined order - server order. */ AssertIntEQ(ssl->suites->suiteSz, 4); AssertIntEQ(ssl->suites->suites[0], TLS13_BYTE); AssertIntEQ(ssl->suites->suites[1], TLS_AES_256_GCM_SHA384); AssertIntEQ(ssl->suites->suites[2], TLS13_BYTE); AssertIntEQ(ssl->suites->suites[3], TLS_AES_128_GCM_SHA256); wolfSSL_free(ssl); /* Test client order negotiation. */ AssertNotNull(ssl = wolfSSL_new(ctx)); msg.buffer = clientHello; msg.length = (unsigned int)sizeof(clientHello); wolfSSL_SetIOReadCtx(ssl, &msg); /* Server order: TLS13-AES256-GCM-SHA384:TLS13-AES128-GCM-SHA256 */ AssertIntEQ(wolfSSL_set_cipher_list(ssl, serverCs), WOLFSSL_SUCCESS); AssertIntEQ(wolfSSL_UseClientSuites(ssl), 0); /* Negotiate cipher suites in client order: TLS13-AES128-GCM-SHA256 */ wolfSSL_accept_TLSv13(ssl); /* Check refined order - client order. */ AssertIntEQ(ssl->suites->suiteSz, 4); AssertIntEQ(ssl->suites->suites[0], TLS13_BYTE); AssertIntEQ(ssl->suites->suites[1], TLS_AES_128_GCM_SHA256); AssertIntEQ(ssl->suites->suites[2], TLS13_BYTE); AssertIntEQ(ssl->suites->suites[3], TLS_AES_256_GCM_SHA384); wolfSSL_free(ssl); /* Check duplicate detection is working. */ AssertIntEQ(wolfSSL_CTX_set_cipher_list(ctx, dupCs), WOLFSSL_SUCCESS); AssertIntEQ(ctx->suites->suiteSz, 4); AssertIntEQ(ctx->suites->suites[0], TLS13_BYTE); AssertIntEQ(ctx->suites->suites[1], TLS_AES_128_GCM_SHA256); AssertIntEQ(ctx->suites->suites[2], TLS13_BYTE); AssertIntEQ(ctx->suites->suites[3], TLS_AES_256_GCM_SHA384); #if defined(OPENSSL_EXTRA) || defined(WOLFSSL_SET_CIPHER_BYTES) AssertIntEQ(wolfSSL_CTX_set_cipher_list_bytes(ctx, dupCsBytes, sizeof(dupCsBytes)), WOLFSSL_SUCCESS); AssertIntEQ(ctx->suites->suiteSz, 4); AssertIntEQ(ctx->suites->suites[0], TLS13_BYTE); AssertIntEQ(ctx->suites->suites[1], TLS_AES_256_GCM_SHA384); AssertIntEQ(ctx->suites->suites[2], TLS13_BYTE); AssertIntEQ(ctx->suites->suites[3], TLS_AES_128_GCM_SHA256); #endif wolfSSL_CTX_free(ctx); res = TEST_RES_CHECK(1); #endif return res; } #endif #if defined(HAVE_PK_CALLBACKS) && (!defined(WOLFSSL_NO_TLS12) || \ !defined(NO_OLD_TLS)) #if !defined(NO_FILESYSTEM) && !defined(NO_CERTS) && !defined(NO_RSA) && \ !defined(NO_WOLFSSL_CLIENT) && !defined(NO_DH) && \ !defined(NO_AES) && defined(HAVE_AES_CBC) && \ defined(HAVE_IO_TESTS_DEPENDENCIES) && !defined(SINGLE_THREADED) static int my_DhCallback(WOLFSSL* ssl, struct DhKey* key, const unsigned char* priv, unsigned int privSz, const unsigned char* pubKeyDer, unsigned int pubKeySz, unsigned char* out, unsigned int* outlen, void* ctx) { int result; /* Test fail when context associated with WOLFSSL is NULL */ if (ctx == NULL) { return -1; } (void)ssl; /* return 0 on success */ PRIVATE_KEY_UNLOCK(); result = wc_DhAgree(key, out, outlen, priv, privSz, pubKeyDer, pubKeySz); PRIVATE_KEY_LOCK(); return result; } static void test_dh_ctx_setup(WOLFSSL_CTX* ctx) { wolfSSL_CTX_SetDhAgreeCb(ctx, my_DhCallback); #if defined(HAVE_AES_CBC) && defined(WOLFSSL_AES_128) AssertIntEQ(wolfSSL_CTX_set_cipher_list(ctx, "DHE-RSA-AES128-SHA256"), WOLFSSL_SUCCESS); #endif #if defined(HAVE_AES_CBC) && defined(WOLFSSL_AES_256) AssertIntEQ(wolfSSL_CTX_set_cipher_list(ctx, "DHE-RSA-AES256-SHA256"), WOLFSSL_SUCCESS); #endif } static void test_dh_ssl_setup(WOLFSSL* ssl) { static int dh_test_ctx = 1; int ret; wolfSSL_SetDhAgreeCtx(ssl, &dh_test_ctx); AssertIntEQ(*((int*)wolfSSL_GetDhAgreeCtx(ssl)), dh_test_ctx); ret = wolfSSL_SetTmpDH_file(ssl, dhParamFile, WOLFSSL_FILETYPE_PEM); if (ret != WOLFSSL_SUCCESS && ret != SIDE_ERROR) { AssertIntEQ(ret, WOLFSSL_SUCCESS); } } static void test_dh_ssl_setup_fail(WOLFSSL* ssl) { int ret; wolfSSL_SetDhAgreeCtx(ssl, NULL); AssertNull(wolfSSL_GetDhAgreeCtx(ssl)); ret = wolfSSL_SetTmpDH_file(ssl, dhParamFile, WOLFSSL_FILETYPE_PEM); if (ret != WOLFSSL_SUCCESS && ret != SIDE_ERROR) { AssertIntEQ(ret, WOLFSSL_SUCCESS); } } #endif static int test_DhCallbacks(void) { int res = TEST_SKIPPED; #if !defined(NO_FILESYSTEM) && !defined(NO_CERTS) && !defined(NO_RSA) && \ !defined(NO_WOLFSSL_CLIENT) && !defined(NO_DH) && \ !defined(NO_AES) && defined(HAVE_AES_CBC) && \ defined(HAVE_IO_TESTS_DEPENDENCIES) && !defined(SINGLE_THREADED) WOLFSSL_CTX *ctx; WOLFSSL *ssl; tcp_ready ready; func_args server_args; func_args client_args; THREAD_TYPE serverThread; callback_functions func_cb_client; callback_functions func_cb_server; int test; #ifndef NO_WOLFSSL_CLIENT AssertNotNull(ctx = wolfSSL_CTX_new(wolfSSLv23_client_method())); #else AssertNotNull(ctx = wolfSSL_CTX_new(wolfSSLv23_server_method())); #endif AssertIntEQ(wolfSSL_CTX_set_cipher_list(NULL, "NONE"), WOLFSSL_FAILURE); wolfSSL_CTX_SetDhAgreeCb(ctx, &my_DhCallback); /* load client ca cert */ AssertIntEQ(wolfSSL_CTX_load_verify_locations(ctx, caCertFile, 0), WOLFSSL_SUCCESS); /* test with NULL arguments */ wolfSSL_SetDhAgreeCtx(NULL, &test); AssertNull(wolfSSL_GetDhAgreeCtx(NULL)); /* test success case */ test = 1; AssertNotNull(ssl = wolfSSL_new(ctx)); wolfSSL_SetDhAgreeCtx(ssl, &test); AssertIntEQ(*((int*)wolfSSL_GetDhAgreeCtx(ssl)), test); wolfSSL_free(ssl); wolfSSL_CTX_free(ctx); /* test a connection where callback is used */ #ifdef WOLFSSL_TIRTOS fdOpenSession(Task_self()); #endif XMEMSET(&server_args, 0, sizeof(func_args)); XMEMSET(&client_args, 0, sizeof(func_args)); XMEMSET(&func_cb_client, 0, sizeof(callback_functions)); XMEMSET(&func_cb_server, 0, sizeof(callback_functions)); StartTCP(); InitTcpReady(&ready); #if defined(USE_WINDOWS_API) /* use RNG to get random port if using windows */ ready.port = GetRandomPort(); #endif server_args.signal = &ready; client_args.signal = &ready; server_args.return_code = TEST_FAIL; client_args.return_code = TEST_FAIL; /* set callbacks to use DH functions */ func_cb_client.ctx_ready = &test_dh_ctx_setup; func_cb_client.ssl_ready = &test_dh_ssl_setup; #ifndef WOLFSSL_NO_TLS12 func_cb_client.method = wolfTLSv1_2_client_method; #else func_cb_client.method = wolfTLSv1_3_client_method; #endif client_args.callbacks = &func_cb_client; func_cb_server.ctx_ready = &test_dh_ctx_setup; func_cb_server.ssl_ready = &test_dh_ssl_setup; #ifndef WOLFSSL_NO_TLS12 func_cb_server.method = wolfTLSv1_2_server_method; #else func_cb_server.method = wolfTLSv1_3_server_method; #endif server_args.callbacks = &func_cb_server; start_thread(test_server_nofail, &server_args, &serverThread); wait_tcp_ready(&server_args); test_client_nofail(&client_args, NULL); join_thread(serverThread); AssertTrue(client_args.return_code); AssertTrue(server_args.return_code); FreeTcpReady(&ready); #ifdef WOLFSSL_TIRTOS fdOpenSession(Task_self()); #endif /* now set user ctx to not be 1 so that the callback returns fail case */ #ifdef WOLFSSL_TIRTOS fdOpenSession(Task_self()); #endif XMEMSET(&server_args, 0, sizeof(func_args)); XMEMSET(&client_args, 0, sizeof(func_args)); XMEMSET(&func_cb_client, 0, sizeof(callback_functions)); XMEMSET(&func_cb_server, 0, sizeof(callback_functions)); StartTCP(); InitTcpReady(&ready); #if defined(USE_WINDOWS_API) /* use RNG to get random port if using windows */ ready.port = GetRandomPort(); #endif server_args.signal = &ready; client_args.signal = &ready; server_args.return_code = TEST_FAIL; client_args.return_code = TEST_FAIL; /* set callbacks to use DH functions */ func_cb_client.ctx_ready = &test_dh_ctx_setup; func_cb_client.ssl_ready = &test_dh_ssl_setup_fail; #ifndef WOLFSSL_NO_TLS12 func_cb_client.method = wolfTLSv1_2_client_method; #else func_cb_client.method = wolfTLSv1_3_client_method; #endif client_args.callbacks = &func_cb_client; func_cb_server.ctx_ready = &test_dh_ctx_setup; func_cb_server.ssl_ready = &test_dh_ssl_setup_fail; #ifndef WOLFSSL_NO_TLS12 func_cb_server.method = wolfTLSv1_2_server_method; #else func_cb_server.method = wolfTLSv1_3_server_method; #endif server_args.callbacks = &func_cb_server; start_thread(test_server_nofail, &server_args, &serverThread); wait_tcp_ready(&server_args); test_client_nofail(&client_args, NULL); join_thread(serverThread); AssertIntEQ(client_args.return_code, TEST_FAIL); AssertIntEQ(server_args.return_code, TEST_FAIL); FreeTcpReady(&ready); #ifdef WOLFSSL_TIRTOS fdOpenSession(Task_self()); #endif res = TEST_RES_CHECK(1); #endif return res; } #endif /* HAVE_PK_CALLBACKS */ #ifdef HAVE_HASHDRBG #ifdef TEST_RESEED_INTERVAL static int test_wc_RNG_GenerateBlock_Reseed(void) { int i, ret; WC_RNG rng; byte key[32]; ret = wc_InitRng(&rng); if (ret == 0) { for (i = 0; i < WC_RESEED_INTERVAL + 10; i++) { ret = wc_RNG_GenerateBlock(&rng, key, sizeof(key)); if (ret != 0) { break; } } } wc_FreeRng(&rng); return TEST_RES_CHECK(ret == 0); } #endif /* TEST_RESEED_INTERVAL */ static int test_wc_RNG_GenerateBlock(void) { int i, ret; WC_RNG rng; byte key[32]; ret = wc_InitRng(&rng); if (ret == 0) { for (i = 0; i < 10; i++) { ret = wc_RNG_GenerateBlock(&rng, key, sizeof(key)); if (ret != 0) { break; } } } wc_FreeRng(&rng); (void)rng; /* for WC_NO_RNG case */ (void)key; return TEST_RES_CHECK(ret == 0); } #endif /* * Testing get_rand_digit */ static int test_get_rand_digit(void) { int res = TEST_SKIPPED; #if !defined(WC_NO_RNG) && defined(WOLFSSL_PUBLIC_MP) int ret = 0; WC_RNG rng; mp_digit d; ret = wc_InitRng(&rng); if (ret == 0) { ret = get_rand_digit(&rng, &d); } if (ret == 0) { ret = get_rand_digit(NULL, NULL); if (ret == BAD_FUNC_ARG) { ret = 0; } } if (ret == 0) { ret = get_rand_digit(NULL, &d); if (ret == BAD_FUNC_ARG) { ret = 0; } } if (ret == 0) { ret = get_rand_digit(&rng, NULL); if (ret == BAD_FUNC_ARG) { ret = 0; } } if (ret == 0) { ret = wc_FreeRng(&rng); } res = TEST_RES_CHECK(ret == 0); #endif return res; }/* End test_get_rand_digit*/ /* * Testing get_digit_count */ static int test_get_digit_count(void) { int res = TEST_SKIPPED; #if !defined(WOLFSSL_SP_MATH) && defined(WOLFSSL_PUBLIC_MP) int ret = 0; mp_int a; if (mp_init(&a) != MP_OKAY) { ret = -1; } if (ret == 0) { ret = get_digit_count(NULL); } if (ret == 0) { ret = get_digit_count(&a); } mp_clear(&a); res = TEST_RES_CHECK(ret == 0); #endif return res; }/* End test_get_digit_count*/ /* * Testing mp_cond_copy */ static int test_mp_cond_copy(void) { int res = TEST_SKIPPED; #if (defined(HAVE_ECC) || defined(WOLFSSL_MP_COND_COPY)) && \ defined(WOLFSSL_PUBLIC_MP) int ret = 0; mp_int a; mp_int b; int copy = 0; if (mp_init(&a) != MP_OKAY) { ret = -1; } if (ret == 0) { if (mp_init(&b) != MP_OKAY) { ret = -1; } } if (ret == 0) { ret = mp_cond_copy(NULL, copy, NULL); if (ret == BAD_FUNC_ARG) { ret = 0; } } if (ret == 0) { ret = mp_cond_copy(NULL, copy, &b); if (ret == BAD_FUNC_ARG) { ret = 0; } } if (ret == 0) { ret = mp_cond_copy(&a, copy, NULL); if (ret == BAD_FUNC_ARG) { ret = 0; } } if (ret == 0) { ret = mp_cond_copy(&a, copy, &b); } mp_clear(&a); mp_clear(&b); res = TEST_RES_CHECK(ret == 0); #endif return res; }/* End test_mp_cond_copy*/ /* * Testing mp_rand */ static int test_mp_rand(void) { int res = TEST_SKIPPED; #if defined(WC_RSA_BLINDING) && defined(WOLFSSL_PUBLIC_MP) int ret = 0; mp_int a; int digits = 1; WC_RNG rng; if (mp_init(&a) != MP_OKAY) { ret = -1; } if (ret == 0) { ret = wc_InitRng(&rng); } if (ret == 0) { ret = mp_rand(&a, digits, NULL); if (ret == MISSING_RNG_E) { ret = 0; } } if (ret == 0) { ret = mp_rand(NULL, digits, &rng); if (ret == BAD_FUNC_ARG) { ret = 0; } } if (ret == 0) { ret = mp_rand(&a, 0, &rng); if (ret == BAD_FUNC_ARG) { ret = 0; } } if (ret == 0) { ret = mp_rand(&a, digits, &rng); } mp_clear(&a); wc_FreeRng(&rng); res = TEST_RES_CHECK(ret == 0); #endif return res; }/* End test_mp_rand*/ /* * Testing get_digit */ static int test_get_digit(void) { int res = TEST_SKIPPED; #if defined(WOLFSSL_PUBLIC_MP) int ret = 0; mp_int a; int n = 0; if (mp_init(&a) != MP_OKAY) { ret = -1; } if (ret == 0) { if (get_digit(NULL, n) != 0) { /* Should not hit this */ ret = -1; } } if (ret == 0) { if (get_digit(NULL, n) == 0) { /* Should hit this */ ret = 0; } } if (ret == 0) { if (get_digit(&a, n) != 0) { /* Should not hit this */ ret = -1; } } if (ret == 0) { if (get_digit(&a, n) == 0) { /* Should hit this */ ret = 0; } } mp_clear(&a); res = TEST_RES_CHECK(ret == 0); #endif return res; }/* End test_get_digit*/ /* * Testing wc_export_int */ static int test_wc_export_int(void) { int res = TEST_SKIPPED; #if (defined(HAVE_ECC) || defined(WOLFSSL_EXPORT_INT)) && \ defined(WOLFSSL_PUBLIC_MP) int ret = 0; mp_int mp; byte buf[32]; word32 keySz = (word32)sizeof(buf); word32 len = (word32)sizeof(buf); if (mp_init(&mp) != MP_OKAY) { ret = -1; } if (ret == 0) { ret = mp_set(&mp, 1234); } if (ret == 0) { ret = wc_export_int(NULL, buf, &len, keySz, WC_TYPE_UNSIGNED_BIN); if (ret == BAD_FUNC_ARG) { ret = 0; } } if (ret == 0) { len = sizeof(buf)-1; ret = wc_export_int(&mp, buf, &len, keySz, WC_TYPE_UNSIGNED_BIN); if (ret == BUFFER_E) { ret = 0; } } if (ret == 0) { len = sizeof(buf); ret = wc_export_int(&mp, buf, &len, keySz, WC_TYPE_UNSIGNED_BIN); } if (ret == 0) { len = 4; /* test input too small */ ret = wc_export_int(&mp, buf, &len, 0, WC_TYPE_HEX_STR); if (ret == BUFFER_E) { ret = 0; } } if (ret == 0) { len = sizeof(buf); ret = wc_export_int(&mp, buf, &len, 0, WC_TYPE_HEX_STR); /* hex version of 1234 is 04D2 and should be 4 digits + 1 null */ if (ret == 0 && len != 5) { ret = BAD_FUNC_ARG; } } mp_clear(&mp); res = TEST_RES_CHECK(ret == 0); #endif return res; }/* End test_wc_export_int*/ static int test_wc_InitRngNonce(void) { int res = TEST_SKIPPED; #if !defined(WC_NO_RNG) && !defined(HAVE_SELFTEST) && \ (!defined(HAVE_FIPS) || (defined(HAVE_FIPS_VERSION) && HAVE_FIPS_VERSION >= 2)) int ret; WC_RNG rng; byte nonce[] = "\x0D\x74\xDB\x42\xA9\x10\x77\xDE" "\x45\xAC\x13\x7A\xE1\x48\xAF\x16"; word32 nonceSz = sizeof(nonce); ret = wc_InitRngNonce(&rng, nonce, nonceSz); wc_FreeRng(&rng); res = TEST_RES_CHECK(ret == 0); #endif return res; }/* End test_wc_InitRngNonce*/ /* * Testing wc_InitRngNonce_ex */ static int test_wc_InitRngNonce_ex(void) { int res = TEST_SKIPPED; #if !defined(WC_NO_RNG) && !defined(HAVE_SELFTEST) && \ (!defined(HAVE_FIPS) || (defined(HAVE_FIPS_VERSION) && HAVE_FIPS_VERSION >= 2)) int ret; WC_RNG rng; byte nonce[] = "\x0D\x74\xDB\x42\xA9\x10\x77\xDE" "\x45\xAC\x13\x7A\xE1\x48\xAF\x16"; word32 nonceSz = sizeof(nonce); ret = wc_InitRngNonce_ex(&rng, nonce, nonceSz, HEAP_HINT, testDevId); wc_FreeRng(&rng); res = TEST_RES_CHECK(ret == 0); #endif return res; }/*End test_wc_InitRngNonce_ex*/ static int test_wolfSSL_X509_CRL(void) { int res = TEST_SKIPPED; #if defined(OPENSSL_EXTRA) && defined(HAVE_CRL) X509_CRL *crl; char pem[][100] = { "./certs/crl/crl.pem", "./certs/crl/crl2.pem", "./certs/crl/caEccCrl.pem", "./certs/crl/eccCliCRL.pem", "./certs/crl/eccSrvCRL.pem", "" }; #ifndef NO_BIO BIO *bio; #endif #ifdef HAVE_TEST_d2i_X509_CRL_fp char der[][100] = { "./certs/crl/crl.der", "./certs/crl/crl2.der", ""}; #endif XFILE fp; int i; for (i = 0; pem[i][0] != '\0'; i++) { fp = XFOPEN(pem[i], "rb"); AssertTrue((fp != XBADFILE)); AssertNotNull(crl = (X509_CRL *)PEM_read_X509_CRL(fp, (X509_CRL **)NULL, NULL, NULL)); AssertNotNull(crl); X509_CRL_free(crl); XFCLOSE(fp); fp = XFOPEN(pem[i], "rb"); AssertTrue((fp != XBADFILE)); AssertNotNull((X509_CRL *)PEM_read_X509_CRL(fp, (X509_CRL **)&crl, NULL, NULL)); AssertNotNull(crl); X509_CRL_free(crl); XFCLOSE(fp); } #ifndef NO_BIO for (i = 0; pem[i][0] != '\0'; i++) { AssertNotNull(bio = BIO_new_file(pem[i], "rb")); AssertNotNull(crl = PEM_read_bio_X509_CRL(bio, NULL, NULL, NULL)); X509_CRL_free(crl); BIO_free(bio); } #endif #ifdef HAVE_TEST_d2i_X509_CRL_fp for (i = 0; der[i][0] != '\0'; i++) { fp = XFOPEN(der[i], "rb"); AssertTrue((fp != XBADFILE)); AssertNotNull(crl = (X509_CRL *)d2i_X509_CRL_fp((fp, X509_CRL **)NULL)); AssertNotNull(crl); X509_CRL_free(crl); XFCLOSE(fp); fp = XFOPEN(der[i], "rb"); AssertTrue((fp != XBADFILE)); AssertNotNull((X509_CRL *)d2i_X509_CRL_fp(fp, (X509_CRL **)&crl)); AssertNotNull(crl); X509_CRL_free(crl); XFCLOSE(fp); } #endif res = TEST_RES_CHECK(1); #endif return res; } static int test_wolfSSL_X509_load_crl_file(void) { int res = TEST_SKIPPED; #if defined(OPENSSL_EXTRA) && defined(HAVE_CRL) && !defined(NO_FILESYSTEM) && \ !defined(NO_RSA) && !defined(NO_BIO) int i; char pem[][100] = { "./certs/crl/crl.pem", "./certs/crl/crl2.pem", "./certs/crl/caEccCrl.pem", "./certs/crl/eccCliCRL.pem", "./certs/crl/eccSrvCRL.pem", "" }; char der[][100] = { "./certs/crl/crl.der", "./certs/crl/crl2.der", "" }; WOLFSSL_X509_STORE* store; WOLFSSL_X509_LOOKUP* lookup; AssertNotNull(store = wolfSSL_X509_STORE_new()); AssertNotNull(lookup = X509_STORE_add_lookup(store, X509_LOOKUP_file())); AssertIntEQ(X509_LOOKUP_load_file(lookup, "certs/ca-cert.pem", X509_FILETYPE_PEM), 1); AssertIntEQ(X509_LOOKUP_load_file(lookup, "certs/server-revoked-cert.pem", X509_FILETYPE_PEM), 1); if (store) { AssertIntEQ(wolfSSL_CertManagerVerify(store->cm, svrCertFile, WOLFSSL_FILETYPE_PEM), 1); /* since store hasn't yet known the revoked cert*/ AssertIntEQ(wolfSSL_CertManagerVerify(store->cm, "certs/server-revoked-cert.pem", WOLFSSL_FILETYPE_PEM), 1); } for (i = 0; pem[i][0] != '\0'; i++) { AssertIntEQ(X509_load_crl_file(lookup, pem[i], WOLFSSL_FILETYPE_PEM), 1); } if (store) { /* since store knows crl list */ AssertIntEQ(wolfSSL_CertManagerVerify(store->cm, "certs/server-revoked-cert.pem", WOLFSSL_FILETYPE_PEM ), CRL_CERT_REVOKED); } /* once feeing store */ X509_STORE_free(store); store = NULL; AssertNotNull(store = wolfSSL_X509_STORE_new()); AssertNotNull(lookup = X509_STORE_add_lookup(store, X509_LOOKUP_file())); AssertIntEQ(X509_LOOKUP_load_file(lookup, "certs/ca-cert.pem", X509_FILETYPE_PEM), 1); AssertIntEQ(X509_LOOKUP_load_file(lookup, "certs/server-revoked-cert.pem", X509_FILETYPE_PEM), 1); if (store) { AssertIntEQ(wolfSSL_CertManagerVerify(store->cm, svrCertFile, WOLFSSL_FILETYPE_PEM), 1); /* since store hasn't yet known the revoked cert*/ AssertIntEQ(wolfSSL_CertManagerVerify(store->cm, "certs/server-revoked-cert.pem", WOLFSSL_FILETYPE_PEM), 1); } for (i = 0; der[i][0] != '\0'; i++) { AssertIntEQ(X509_load_crl_file(lookup, der[i], WOLFSSL_FILETYPE_ASN1), 1); } if (store) { /* since store knows crl list */ AssertIntEQ(wolfSSL_CertManagerVerify(store->cm, "certs/server-revoked-cert.pem", WOLFSSL_FILETYPE_PEM ), CRL_CERT_REVOKED); } /* test for incorrect parameter */ AssertIntEQ(X509_load_crl_file(NULL, pem[0], 0), 0); AssertIntEQ(X509_load_crl_file(lookup, NULL, 0), 0); AssertIntEQ(X509_load_crl_file(NULL, NULL, 0), 0); X509_STORE_free(store); store = NULL; res = TEST_RES_CHECK(1); #endif return res; } static int test_wolfSSL_d2i_X509_REQ(void) { int res = TEST_SKIPPED; #if defined(WOLFSSL_CERT_REQ) && !defined(NO_RSA) && !defined(NO_BIO) && \ (defined(OPENSSL_ALL) || defined(OPENSSL_EXTRA)) && \ !defined(WOLFSSL_SP_MATH) /* ./certs/csr.signed.der, ./certs/csr.ext.der, and ./certs/csr.attr.der were * generated by libest * ./certs/csr.attr.der contains sample attributes * ./certs/csr.ext.der contains sample extensions */ const char* csrFile = "./certs/csr.signed.der"; const char* csrPopFile = "./certs/csr.attr.der"; const char* csrExtFile = "./certs/csr.ext.der"; /* ./certs/csr.dsa.pem is generated using * openssl req -newkey dsa:certs/dsaparams.pem \ * -keyout certs/csr.dsa.key.pem -keyform PEM -out certs/csr.dsa.pem \ * -outform PEM * with the passphrase "wolfSSL" */ #if !defined(NO_DSA) && !defined(HAVE_SELFTEST) const char* csrDsaFile = "./certs/csr.dsa.pem"; XFILE f; #endif BIO* bio = NULL; X509* req = NULL; EVP_PKEY *pub_key = NULL; { AssertNotNull(bio = BIO_new_file(csrFile, "rb")); AssertNotNull(d2i_X509_REQ_bio(bio, &req)); /* * Extract the public key from the CSR */ AssertNotNull(pub_key = X509_REQ_get_pubkey(req)); /* * Verify the signature in the CSR */ AssertIntEQ(X509_REQ_verify(req, pub_key), 1); X509_free(req); BIO_free(bio); EVP_PKEY_free(pub_key); } { #ifdef OPENSSL_ALL X509_ATTRIBUTE* attr; ASN1_TYPE *at; #endif AssertNotNull(bio = BIO_new_file(csrPopFile, "rb")); AssertNotNull(d2i_X509_REQ_bio(bio, &req)); /* * Extract the public key from the CSR */ AssertNotNull(pub_key = X509_REQ_get_pubkey(req)); /* * Verify the signature in the CSR */ AssertIntEQ(X509_REQ_verify(req, pub_key), 1); #ifdef OPENSSL_ALL /* * Obtain the challenge password from the CSR */ AssertIntEQ(X509_REQ_get_attr_by_NID(req, NID_pkcs9_challengePassword, -1), 1); AssertNotNull(attr = X509_REQ_get_attr(req, 1)); AssertNotNull(at = X509_ATTRIBUTE_get0_type(attr, 0)); AssertNotNull(at->value.asn1_string); AssertStrEQ((char*)ASN1_STRING_data(at->value.asn1_string), "2xIE+qqp/rhyTXP+"); AssertIntEQ(X509_get_ext_by_NID(req, NID_subject_alt_name, -1), -1); #endif X509_free(req); BIO_free(bio); EVP_PKEY_free(pub_key); } { #ifdef OPENSSL_ALL X509_ATTRIBUTE* attr; ASN1_TYPE *at; STACK_OF(X509_EXTENSION) *exts = NULL; #endif AssertNotNull(bio = BIO_new_file(csrExtFile, "rb")); /* This CSR contains an Extension Request attribute so * we test extension parsing in a CSR attribute here. */ AssertNotNull(d2i_X509_REQ_bio(bio, &req)); /* * Extract the public key from the CSR */ AssertNotNull(pub_key = X509_REQ_get_pubkey(req)); /* * Verify the signature in the CSR */ AssertIntEQ(X509_REQ_verify(req, pub_key), 1); #ifdef OPENSSL_ALL AssertNotNull(exts = (STACK_OF(X509_EXTENSION)*)X509_REQ_get_extensions(req)); AssertIntEQ(sk_X509_EXTENSION_num(exts), 2); sk_X509_EXTENSION_pop_free(exts, X509_EXTENSION_free); /* * Obtain the challenge password from the CSR */ AssertIntEQ(X509_REQ_get_attr_by_NID(req, NID_pkcs9_challengePassword, -1), 0); AssertNotNull(attr = X509_REQ_get_attr(req, 0)); AssertNotNull(at = X509_ATTRIBUTE_get0_type(attr, 0)); AssertNotNull(at->value.asn1_string); AssertStrEQ((char*)ASN1_STRING_data(at->value.asn1_string), "IGCu/xNL4/0/wOgo"); AssertIntGE(X509_get_ext_by_NID(req, NID_key_usage, -1), 0); AssertIntGE(X509_get_ext_by_NID(req, NID_subject_alt_name, -1), 0); #endif X509_free(req); BIO_free(bio); EVP_PKEY_free(pub_key); } #if !defined(NO_DSA) && !defined(HAVE_SELFTEST) { AssertNotNull(bio = BIO_new_file(csrDsaFile, "rb")); AssertNotNull(PEM_read_bio_X509_REQ(bio, &req, NULL, NULL)); /* * Extract the public key from the CSR */ AssertNotNull(pub_key = X509_REQ_get_pubkey(req)); /* * Verify the signature in the CSR */ AssertIntEQ(X509_REQ_verify(req, pub_key), 1); X509_free(req); BIO_free(bio); /* Run the same test, but with a file pointer instead of a BIO. * (PEM_read_X509_REQ)*/ AssertTrue((f = XFOPEN(csrDsaFile, "rb")) != XBADFILE); AssertNotNull(PEM_read_X509_REQ(f, &req, NULL, NULL)); AssertIntEQ(X509_REQ_verify(req, pub_key), 1); X509_free(req); EVP_PKEY_free(pub_key); } res = TEST_RES_CHECK(1); #endif /* !NO_DSA && !HAVE_SELFTEST */ #endif /* WOLFSSL_CERT_REQ && (OPENSSL_ALL || OPENSSL_EXTRA) */ return res; } static int test_wolfSSL_PEM_read_X509(void) { int res = TEST_SKIPPED; #if defined(OPENSSL_EXTRA) && defined(HAVE_CRL) && !defined(NO_FILESYSTEM) && \ !defined(NO_RSA) X509 *x509 = NULL; XFILE fp; fp = XFOPEN(svrCertFile, "rb"); AssertTrue((fp != XBADFILE)); AssertNotNull(x509 = (X509 *)PEM_read_X509(fp, (X509 **)NULL, NULL, NULL)); X509_free(x509); XFCLOSE(fp); res = TEST_RES_CHECK(1); #endif return res; } static int test_wolfSSL_PEM_read(void) { int res = TEST_SKIPPED; #if defined(OPENSSL_EXTRA) && !defined(NO_FILESYSTEM) && !defined(NO_BIO) const char* filename = "./certs/server-keyEnc.pem"; XFILE fp; char* name = NULL; char* header = NULL; byte* data = NULL; long len; EVP_CIPHER_INFO cipher; WOLFSSL_BIO* bio; byte* fileData; size_t fileDataSz; byte* out; fp = XFOPEN(filename, "rb"); AssertTrue((fp != XBADFILE)); /* Fail cases. */ AssertIntEQ(PEM_read(fp, NULL, &header, &data, &len), WOLFSSL_FAILURE); AssertIntEQ(PEM_read(fp, &name, NULL, &data, &len), WOLFSSL_FAILURE); AssertIntEQ(PEM_read(fp, &name, &header, NULL, &len), WOLFSSL_FAILURE); AssertIntEQ(PEM_read(fp, &name, &header, &data, NULL), WOLFSSL_FAILURE); AssertIntEQ(PEM_read(fp, &name, &header, &data, &len), WOLFSSL_SUCCESS); AssertIntEQ(XSTRNCMP(name, "RSA PRIVATE KEY", 15), 0); AssertIntGT(XSTRLEN(header), 0); AssertIntGT(len, 0); AssertIntEQ(XFSEEK(fp, 0, SEEK_END), 0); AssertIntGT((fileDataSz = XFTELL(fp)), 0); AssertIntEQ(XFSEEK(fp, 0, SEEK_SET), 0); AssertNotNull(fileData = (unsigned char*)XMALLOC(fileDataSz, NULL, DYNAMIC_TYPE_TMP_BUFFER)); AssertIntEQ(XFREAD(fileData, 1, fileDataSz, fp), fileDataSz); XFCLOSE(fp); AssertNotNull(bio = wolfSSL_BIO_new(wolfSSL_BIO_s_mem())); /* Fail cases. */ AssertIntEQ(PEM_write_bio(NULL, name, header, data, len), 0); AssertIntEQ(PEM_write_bio(bio, NULL, header, data, len), 0); AssertIntEQ(PEM_write_bio(bio, name, NULL, data, len), 0); AssertIntEQ(PEM_write_bio(bio, name, header, NULL, len), 0); AssertIntEQ(PEM_write_bio(bio, name, header, data, len), fileDataSz); AssertIntEQ(wolfSSL_BIO_get_mem_data(bio, &out), fileDataSz); AssertIntEQ(XMEMCMP(out, fileData, fileDataSz), 0); /* Fail cases. */ AssertIntEQ(PEM_get_EVP_CIPHER_INFO(NULL, &cipher), WOLFSSL_FAILURE); AssertIntEQ(PEM_get_EVP_CIPHER_INFO(header, NULL), WOLFSSL_FAILURE); AssertIntEQ(PEM_get_EVP_CIPHER_INFO((char*)"", &cipher), WOLFSSL_FAILURE); #ifndef NO_DES3 AssertIntEQ(PEM_get_EVP_CIPHER_INFO(header, &cipher), WOLFSSL_SUCCESS); #endif /* Fail cases. */ AssertIntEQ(PEM_do_header(&cipher, NULL, &len, PasswordCallBack, (void*)"yassl123"), WOLFSSL_FAILURE); AssertIntEQ(PEM_do_header(&cipher, data, NULL, PasswordCallBack, (void*)"yassl123"), WOLFSSL_FAILURE); AssertIntEQ(PEM_do_header(&cipher, data, &len, NULL, (void*)"yassl123"), WOLFSSL_FAILURE); #if !defined(NO_DES3) && !defined(NO_MD5) AssertIntEQ(PEM_do_header(&cipher, data, &len, PasswordCallBack, (void*)"yassl123"), WOLFSSL_SUCCESS); #endif BIO_free(bio); XFREE(fileData, NULL, DYNAMIC_TYPE_TMP_BUFFER); XFREE(name, NULL, DYNAMIC_TYPE_TMP_BUFFER); XFREE(header, NULL, DYNAMIC_TYPE_TMP_BUFFER); XFREE(data, NULL, DYNAMIC_TYPE_TMP_BUFFER); name = NULL; header = NULL; data = NULL; fp = XFOPEN(svrKeyFile, "rb"); AssertTrue((fp != XBADFILE)); AssertIntEQ(PEM_read(fp, &name, &header, &data, &len), WOLFSSL_SUCCESS); AssertIntEQ(XSTRNCMP(name, "RSA PRIVATE KEY", 15), 0); AssertIntEQ(XSTRLEN(header), 0); AssertIntGT(len, 0); AssertIntEQ(XFSEEK(fp, 0, SEEK_END), 0); AssertIntGT((fileDataSz = XFTELL(fp)), 0); AssertIntEQ(XFSEEK(fp, 0, SEEK_SET), 0); AssertNotNull(fileData = (unsigned char*)XMALLOC(fileDataSz, NULL, DYNAMIC_TYPE_TMP_BUFFER)); AssertIntEQ(XFREAD(fileData, 1, fileDataSz, fp), fileDataSz); XFCLOSE(fp); AssertNotNull(bio = wolfSSL_BIO_new(wolfSSL_BIO_s_mem())); AssertIntEQ(PEM_write_bio(bio, name, header, data, len), fileDataSz); AssertIntEQ(wolfSSL_BIO_get_mem_data(bio, &out), fileDataSz); AssertIntEQ(XMEMCMP(out, fileData, fileDataSz), 0); BIO_free(bio); XFREE(fileData, NULL, DYNAMIC_TYPE_TMP_BUFFER); XFREE(name, NULL, DYNAMIC_TYPE_TMP_BUFFER); XFREE(header, NULL, DYNAMIC_TYPE_TMP_BUFFER); XFREE(data, NULL, DYNAMIC_TYPE_TMP_BUFFER); res = TEST_RES_CHECK(1); #endif return res; } static int test_wolfssl_EVP_aes_gcm_AAD_2_parts(void) { int res = TEST_SKIPPED; #if defined(OPENSSL_EXTRA) && !defined(NO_AES) && defined(HAVE_AESGCM) && \ !defined(HAVE_SELFTEST) && !defined(HAVE_FIPS) const byte iv[12] = { 0 }; const byte key[16] = { 0 }; const byte cleartext[16] = { 0 }; const byte aad[] = { 0x01, 0x10, 0x00, 0x2a, 0x08, 0x00, 0x04, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x08, 0x00, 0x00, 0xdc, 0x4d, 0xad, 0x6b, 0x06, 0x93, 0x4f }; byte out1Part[16]; byte outTag1Part[16]; byte out2Part[16]; byte outTag2Part[16]; byte decryptBuf[16]; int len; int tlen; EVP_CIPHER_CTX* ctx = NULL; /* ENCRYPT */ /* Send AAD and data in 1 part */ AssertNotNull(ctx = EVP_CIPHER_CTX_new()); tlen = 0; AssertIntEQ(EVP_EncryptInit_ex(ctx, EVP_aes_128_gcm(), NULL, NULL, NULL), 1); AssertIntEQ(EVP_EncryptInit_ex(ctx, NULL, NULL, key, iv), 1); AssertIntEQ(EVP_EncryptUpdate(ctx, NULL, &len, aad, sizeof(aad)), 1); AssertIntEQ(EVP_EncryptUpdate(ctx, out1Part, &len, cleartext, sizeof(cleartext)), 1); tlen += len; AssertIntEQ(EVP_EncryptFinal_ex(ctx, out1Part, &len), 1); tlen += len; AssertIntEQ(tlen, sizeof(cleartext)); AssertIntEQ(EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_GET_TAG, 16, outTag1Part), 1); EVP_CIPHER_CTX_free(ctx); /* DECRYPT */ /* Send AAD and data in 1 part */ AssertNotNull(ctx = EVP_CIPHER_CTX_new()); tlen = 0; AssertIntEQ(EVP_DecryptInit_ex(ctx, EVP_aes_128_gcm(), NULL, NULL, NULL), 1); AssertIntEQ(EVP_DecryptInit_ex(ctx, NULL, NULL, key, iv), 1); AssertIntEQ(EVP_DecryptUpdate(ctx, NULL, &len, aad, sizeof(aad)), 1); AssertIntEQ(EVP_DecryptUpdate(ctx, decryptBuf, &len, out1Part, sizeof(cleartext)), 1); tlen += len; AssertIntEQ(EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_SET_TAG, 16, outTag1Part), 1); AssertIntEQ(EVP_DecryptFinal_ex(ctx, decryptBuf, &len), 1); tlen += len; AssertIntEQ(tlen, sizeof(cleartext)); EVP_CIPHER_CTX_free(ctx); AssertIntEQ(XMEMCMP(decryptBuf, cleartext, len), 0); /* ENCRYPT */ /* Send AAD and data in 2 parts */ AssertNotNull(ctx = EVP_CIPHER_CTX_new()); tlen = 0; AssertIntEQ(EVP_EncryptInit_ex(ctx, EVP_aes_128_gcm(), NULL, NULL, NULL), 1); AssertIntEQ(EVP_EncryptInit_ex(ctx, NULL, NULL, key, iv), 1); AssertIntEQ(EVP_EncryptUpdate(ctx, NULL, &len, aad, 1), 1); AssertIntEQ(EVP_EncryptUpdate(ctx, NULL, &len, aad + 1, sizeof(aad) - 1), 1); AssertIntEQ(EVP_EncryptUpdate(ctx, out2Part, &len, cleartext, 1), 1); tlen += len; AssertIntEQ(EVP_EncryptUpdate(ctx, out2Part + tlen, &len, cleartext + 1, sizeof(cleartext) - 1), 1); tlen += len; AssertIntEQ(EVP_EncryptFinal_ex(ctx, out2Part + tlen, &len), 1); tlen += len; AssertIntEQ(tlen, sizeof(cleartext)); AssertIntEQ(EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_GET_TAG, 16, outTag2Part), 1); AssertIntEQ(XMEMCMP(out1Part, out2Part, sizeof(out1Part)), 0); AssertIntEQ(XMEMCMP(outTag1Part, outTag2Part, sizeof(outTag1Part)), 0); EVP_CIPHER_CTX_free(ctx); /* DECRYPT */ /* Send AAD and data in 2 parts */ AssertNotNull(ctx = EVP_CIPHER_CTX_new()); tlen = 0; AssertIntEQ(EVP_DecryptInit_ex(ctx, EVP_aes_128_gcm(), NULL, NULL, NULL), 1); AssertIntEQ(EVP_DecryptInit_ex(ctx, NULL, NULL, key, iv), 1); AssertIntEQ(EVP_DecryptUpdate(ctx, NULL, &len, aad, 1), 1); AssertIntEQ(EVP_DecryptUpdate(ctx, NULL, &len, aad + 1, sizeof(aad) - 1), 1); AssertIntEQ(EVP_DecryptUpdate(ctx, decryptBuf, &len, out1Part, 1), 1); tlen += len; AssertIntEQ(EVP_DecryptUpdate(ctx, decryptBuf + tlen, &len, out1Part + 1, sizeof(cleartext) - 1), 1); tlen += len; AssertIntEQ(EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_SET_TAG, 16, outTag1Part), 1); AssertIntEQ(EVP_DecryptFinal_ex(ctx, decryptBuf + tlen, &len), 1); tlen += len; AssertIntEQ(tlen, sizeof(cleartext)); AssertIntEQ(XMEMCMP(decryptBuf, cleartext, len), 0); /* Test AAD re-use */ EVP_CIPHER_CTX_free(ctx); res = TEST_RES_CHECK(1); #endif return res; } static int test_wolfssl_EVP_aes_gcm_zeroLen(void) { int res = TEST_SKIPPED; #if defined(OPENSSL_EXTRA) && !defined(NO_AES) && defined(HAVE_AESGCM) && \ !defined(HAVE_SELFTEST) && !defined(HAVE_FIPS) /* Zero length plain text */ byte key[] = { 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00 }; /* align */ byte iv[] = { 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00 }; /* align */ byte plaintxt[1]; int ivSz = 12; int plaintxtSz = 0; unsigned char tag[16]; unsigned char tag_kat[] = {0x53,0x0f,0x8a,0xfb,0xc7,0x45,0x36,0xb9, 0xa9,0x63,0xb4,0xf1,0xc4,0xcb,0x73,0x8b}; byte ciphertxt[AES_BLOCK_SIZE * 4] = {0}; byte decryptedtxt[AES_BLOCK_SIZE * 4] = {0}; int ciphertxtSz = 0; int decryptedtxtSz = 0; int len = 0; EVP_CIPHER_CTX *en = EVP_CIPHER_CTX_new(); EVP_CIPHER_CTX *de = EVP_CIPHER_CTX_new(); AssertIntEQ(1, EVP_EncryptInit_ex(en, EVP_aes_256_gcm(), NULL, key, iv)); AssertIntEQ(1, EVP_CIPHER_CTX_ctrl(en, EVP_CTRL_GCM_SET_IVLEN, ivSz, NULL)); AssertIntEQ(1, EVP_EncryptUpdate(en, ciphertxt, &ciphertxtSz , plaintxt, plaintxtSz)); AssertIntEQ(1, EVP_EncryptFinal_ex(en, ciphertxt, &len)); ciphertxtSz += len; AssertIntEQ(1, EVP_CIPHER_CTX_ctrl(en, EVP_CTRL_GCM_GET_TAG, 16, tag)); AssertIntEQ(1, EVP_CIPHER_CTX_cleanup(en)); AssertIntEQ(0, ciphertxtSz); AssertIntEQ(0, XMEMCMP(tag, tag_kat, sizeof(tag))); EVP_CIPHER_CTX_init(de); AssertIntEQ(1, EVP_DecryptInit_ex(de, EVP_aes_256_gcm(), NULL, key, iv)); AssertIntEQ(1, EVP_CIPHER_CTX_ctrl(de, EVP_CTRL_GCM_SET_IVLEN, ivSz, NULL)); AssertIntEQ(1, EVP_DecryptUpdate(de, NULL, &len, ciphertxt, len)); decryptedtxtSz = len; AssertIntEQ(1, EVP_CIPHER_CTX_ctrl(de, EVP_CTRL_GCM_SET_TAG, 16, tag)); AssertIntEQ(1, EVP_DecryptFinal_ex(de, decryptedtxt, &len)); decryptedtxtSz += len; AssertIntEQ(0, decryptedtxtSz); EVP_CIPHER_CTX_free(en); EVP_CIPHER_CTX_free(de); res = TEST_RES_CHECK(1); #endif return res; } static int test_wolfssl_EVP_aes_gcm(void) { int res = TEST_SKIPPED; #if defined(OPENSSL_EXTRA) && !defined(NO_AES) && defined(HAVE_AESGCM) && \ !defined(HAVE_SELFTEST) && !defined(HAVE_FIPS) /* A 256 bit key, AES_128 will use the first 128 bit*/ byte *key = (byte*)"01234567890123456789012345678901"; /* A 128 bit IV */ byte *iv = (byte*)"0123456789012345"; int ivSz = AES_BLOCK_SIZE; /* Message to be encrypted */ byte *plaintxt = (byte*)"for things to change you have to change"; /* Additional non-confidential data */ byte *aad = (byte*)"Don't spend major time on minor things."; unsigned char tag[AES_BLOCK_SIZE] = {0}; int plaintxtSz = (int)XSTRLEN((char*)plaintxt); int aadSz = (int)XSTRLEN((char*)aad); byte ciphertxt[AES_BLOCK_SIZE * 4] = {0}; byte decryptedtxt[AES_BLOCK_SIZE * 4] = {0}; int ciphertxtSz = 0; int decryptedtxtSz = 0; int len = 0; int i = 0; EVP_CIPHER_CTX en[2]; EVP_CIPHER_CTX de[2]; for (i = 0; i < 2; i++) { EVP_CIPHER_CTX_init(&en[i]); if (i == 0) { /* Default uses 96-bits IV length */ #ifdef WOLFSSL_AES_128 AssertIntEQ(1, EVP_EncryptInit_ex(&en[i], EVP_aes_128_gcm(), NULL, key, iv)); #elif defined(WOLFSSL_AES_192) AssertIntEQ(1, EVP_EncryptInit_ex(&en[i], EVP_aes_192_gcm(), NULL, key, iv)); #elif defined(WOLFSSL_AES_256) AssertIntEQ(1, EVP_EncryptInit_ex(&en[i], EVP_aes_256_gcm(), NULL, key, iv)); #endif } else { #ifdef WOLFSSL_AES_128 AssertIntEQ(1, EVP_EncryptInit_ex(&en[i], EVP_aes_128_gcm(), NULL, NULL, NULL)); #elif defined(WOLFSSL_AES_192) AssertIntEQ(1, EVP_EncryptInit_ex(&en[i], EVP_aes_192_gcm(), NULL, NULL, NULL)); #elif defined(WOLFSSL_AES_256) AssertIntEQ(1, EVP_EncryptInit_ex(&en[i], EVP_aes_256_gcm(), NULL, NULL, NULL)); #endif /* non-default must to set the IV length first */ AssertIntEQ(1, EVP_CIPHER_CTX_ctrl(&en[i], EVP_CTRL_GCM_SET_IVLEN, ivSz, NULL)); AssertIntEQ(1, EVP_EncryptInit_ex(&en[i], NULL, NULL, key, iv)); } AssertIntEQ(1, EVP_EncryptUpdate(&en[i], NULL, &len, aad, aadSz)); AssertIntEQ(1, EVP_EncryptUpdate(&en[i], ciphertxt, &len, plaintxt, plaintxtSz)); ciphertxtSz = len; AssertIntEQ(1, EVP_EncryptFinal_ex(&en[i], ciphertxt, &len)); ciphertxtSz += len; AssertIntEQ(1, EVP_CIPHER_CTX_ctrl(&en[i], EVP_CTRL_GCM_GET_TAG, AES_BLOCK_SIZE, tag)); AssertIntEQ(wolfSSL_EVP_CIPHER_CTX_cleanup(&en[i]), 1); EVP_CIPHER_CTX_init(&de[i]); if (i == 0) { /* Default uses 96-bits IV length */ #ifdef WOLFSSL_AES_128 AssertIntEQ(1, EVP_DecryptInit_ex(&de[i], EVP_aes_128_gcm(), NULL, key, iv)); #elif defined(WOLFSSL_AES_192) AssertIntEQ(1, EVP_DecryptInit_ex(&de[i], EVP_aes_192_gcm(), NULL, key, iv)); #elif defined(WOLFSSL_AES_256) AssertIntEQ(1, EVP_DecryptInit_ex(&de[i], EVP_aes_256_gcm(), NULL, key, iv)); #endif } else { #ifdef WOLFSSL_AES_128 AssertIntEQ(1, EVP_DecryptInit_ex(&de[i], EVP_aes_128_gcm(), NULL, NULL, NULL)); #elif defined(WOLFSSL_AES_192) AssertIntEQ(1, EVP_DecryptInit_ex(&de[i], EVP_aes_192_gcm(), NULL, NULL, NULL)); #elif defined(WOLFSSL_AES_256) AssertIntEQ(1, EVP_DecryptInit_ex(&de[i], EVP_aes_256_gcm(), NULL, NULL, NULL)); #endif /* non-default must to set the IV length first */ AssertIntEQ(1, EVP_CIPHER_CTX_ctrl(&de[i], EVP_CTRL_GCM_SET_IVLEN, ivSz, NULL)); AssertIntEQ(1, EVP_DecryptInit_ex(&de[i], NULL, NULL, key, iv)); } AssertIntEQ(1, EVP_DecryptUpdate(&de[i], NULL, &len, aad, aadSz)); AssertIntEQ(1, EVP_DecryptUpdate(&de[i], decryptedtxt, &len, ciphertxt, ciphertxtSz)); decryptedtxtSz = len; AssertIntEQ(1, EVP_CIPHER_CTX_ctrl(&de[i], EVP_CTRL_GCM_SET_TAG, AES_BLOCK_SIZE, tag)); AssertIntEQ(1, EVP_DecryptFinal_ex(&de[i], decryptedtxt, &len)); decryptedtxtSz += len; AssertIntEQ(ciphertxtSz, decryptedtxtSz); AssertIntEQ(0, XMEMCMP(plaintxt, decryptedtxt, decryptedtxtSz)); /* modify tag*/ tag[AES_BLOCK_SIZE-1]+=0xBB; AssertIntEQ(1, EVP_DecryptUpdate(&de[i], NULL, &len, aad, aadSz)); AssertIntEQ(1, EVP_CIPHER_CTX_ctrl(&de[i], EVP_CTRL_GCM_SET_TAG, AES_BLOCK_SIZE, tag)); /* fail due to wrong tag */ AssertIntEQ(1, EVP_DecryptUpdate(&de[i], decryptedtxt, &len, ciphertxt, ciphertxtSz)); AssertIntEQ(0, EVP_DecryptFinal_ex(&de[i], decryptedtxt, &len)); AssertIntEQ(0, len); AssertIntEQ(wolfSSL_EVP_CIPHER_CTX_cleanup(&de[i]), 1); } res = TEST_RES_CHECK(1); #endif /* OPENSSL_EXTRA && !NO_AES && HAVE_AESGCM */ return res; } static int test_wolfssl_EVP_aes_ccm_zeroLen(void) { int res = TEST_SKIPPED; #if defined(OPENSSL_EXTRA) && !defined(NO_AES) && defined(HAVE_AESCCM) && \ !defined(HAVE_SELFTEST) && !defined(HAVE_FIPS) /* Zero length plain text */ byte key[] = { 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00 }; /* align */ byte iv[] = { 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00 }; /* align */ byte plaintxt[1]; int ivSz = 12; int plaintxtSz = 0; unsigned char tag[16]; byte ciphertxt[AES_BLOCK_SIZE * 4] = {0}; byte decryptedtxt[AES_BLOCK_SIZE * 4] = {0}; int ciphertxtSz = 0; int decryptedtxtSz = 0; int len = 0; EVP_CIPHER_CTX *en = EVP_CIPHER_CTX_new(); EVP_CIPHER_CTX *de = EVP_CIPHER_CTX_new(); AssertIntEQ(1, EVP_EncryptInit_ex(en, EVP_aes_256_ccm(), NULL, key, iv)); AssertIntEQ(1, EVP_CIPHER_CTX_ctrl(en, EVP_CTRL_CCM_SET_IVLEN, ivSz, NULL)); AssertIntEQ(1, EVP_EncryptUpdate(en, ciphertxt, &ciphertxtSz , plaintxt, plaintxtSz)); AssertIntEQ(1, EVP_EncryptFinal_ex(en, ciphertxt, &len)); ciphertxtSz += len; AssertIntEQ(1, EVP_CIPHER_CTX_ctrl(en, EVP_CTRL_CCM_GET_TAG, 16, tag)); AssertIntEQ(1, EVP_CIPHER_CTX_cleanup(en)); AssertIntEQ(0, ciphertxtSz); EVP_CIPHER_CTX_init(de); AssertIntEQ(1, EVP_DecryptInit_ex(de, EVP_aes_256_ccm(), NULL, key, iv)); AssertIntEQ(1, EVP_CIPHER_CTX_ctrl(de, EVP_CTRL_CCM_SET_IVLEN, ivSz, NULL)); AssertIntEQ(1, EVP_DecryptUpdate(de, NULL, &len, ciphertxt, len)); decryptedtxtSz = len; AssertIntEQ(1, EVP_CIPHER_CTX_ctrl(de, EVP_CTRL_CCM_SET_TAG, 16, tag)); AssertIntEQ(1, EVP_DecryptFinal_ex(de, decryptedtxt, &len)); decryptedtxtSz += len; AssertIntEQ(0, decryptedtxtSz); EVP_CIPHER_CTX_free(en); EVP_CIPHER_CTX_free(de); res = TEST_RES_CHECK(1); #endif return res; } static int test_wolfssl_EVP_aes_ccm(void) { int res = TEST_SKIPPED; #if defined(OPENSSL_EXTRA) && !defined(NO_AES) && defined(HAVE_AESCCM) && \ !defined(HAVE_SELFTEST) && !defined(HAVE_FIPS) /* A 256 bit key, AES_128 will use the first 128 bit*/ byte *key = (byte*)"01234567890123456789012345678901"; /* A 128 bit IV */ byte *iv = (byte*)"0123456789012"; int ivSz = (int)XSTRLEN((char*)iv); /* Message to be encrypted */ byte *plaintxt = (byte*)"for things to change you have to change"; /* Additional non-confidential data */ byte *aad = (byte*)"Don't spend major time on minor things."; unsigned char tag[AES_BLOCK_SIZE] = {0}; int plaintxtSz = (int)XSTRLEN((char*)plaintxt); int aadSz = (int)XSTRLEN((char*)aad); byte ciphertxt[AES_BLOCK_SIZE * 4] = {0}; byte decryptedtxt[AES_BLOCK_SIZE * 4] = {0}; int ciphertxtSz = 0; int decryptedtxtSz = 0; int len = 0; int i = 0; EVP_CIPHER_CTX en[2]; EVP_CIPHER_CTX de[2]; for (i = 0; i < 2; i++) { EVP_CIPHER_CTX_init(&en[i]); if (i == 0) { /* Default uses 96-bits IV length */ #ifdef WOLFSSL_AES_128 AssertIntEQ(1, EVP_EncryptInit_ex(&en[i], EVP_aes_128_ccm(), NULL, key, iv)); #elif defined(WOLFSSL_AES_192) AssertIntEQ(1, EVP_EncryptInit_ex(&en[i], EVP_aes_192_ccm(), NULL, key, iv)); #elif defined(WOLFSSL_AES_256) AssertIntEQ(1, EVP_EncryptInit_ex(&en[i], EVP_aes_256_ccm(), NULL, key, iv)); #endif } else { #ifdef WOLFSSL_AES_128 AssertIntEQ(1, EVP_EncryptInit_ex(&en[i], EVP_aes_128_ccm(), NULL, NULL, NULL)); #elif defined(WOLFSSL_AES_192) AssertIntEQ(1, EVP_EncryptInit_ex(&en[i], EVP_aes_192_ccm(), NULL, NULL, NULL)); #elif defined(WOLFSSL_AES_256) AssertIntEQ(1, EVP_EncryptInit_ex(&en[i], EVP_aes_256_ccm(), NULL, NULL, NULL)); #endif /* non-default must to set the IV length first */ AssertIntEQ(1, EVP_CIPHER_CTX_ctrl(&en[i], EVP_CTRL_CCM_SET_IVLEN, ivSz, NULL)); AssertIntEQ(1, EVP_EncryptInit_ex(&en[i], NULL, NULL, key, iv)); } AssertIntEQ(1, EVP_EncryptUpdate(&en[i], NULL, &len, aad, aadSz)); AssertIntEQ(1, EVP_EncryptUpdate(&en[i], ciphertxt, &len, plaintxt, plaintxtSz)); ciphertxtSz = len; AssertIntEQ(1, EVP_EncryptFinal_ex(&en[i], ciphertxt, &len)); ciphertxtSz += len; AssertIntEQ(1, EVP_CIPHER_CTX_ctrl(&en[i], EVP_CTRL_CCM_GET_TAG, AES_BLOCK_SIZE, tag)); AssertIntEQ(wolfSSL_EVP_CIPHER_CTX_cleanup(&en[i]), 1); EVP_CIPHER_CTX_init(&de[i]); if (i == 0) { /* Default uses 96-bits IV length */ #ifdef WOLFSSL_AES_128 AssertIntEQ(1, EVP_DecryptInit_ex(&de[i], EVP_aes_128_ccm(), NULL, key, iv)); #elif defined(WOLFSSL_AES_192) AssertIntEQ(1, EVP_DecryptInit_ex(&de[i], EVP_aes_192_ccm(), NULL, key, iv)); #elif defined(WOLFSSL_AES_256) AssertIntEQ(1, EVP_DecryptInit_ex(&de[i], EVP_aes_256_ccm(), NULL, key, iv)); #endif } else { #ifdef WOLFSSL_AES_128 AssertIntEQ(1, EVP_DecryptInit_ex(&de[i], EVP_aes_128_ccm(), NULL, NULL, NULL)); #elif defined(WOLFSSL_AES_192) AssertIntEQ(1, EVP_DecryptInit_ex(&de[i], EVP_aes_192_ccm(), NULL, NULL, NULL)); #elif defined(WOLFSSL_AES_256) AssertIntEQ(1, EVP_DecryptInit_ex(&de[i], EVP_aes_256_ccm(), NULL, NULL, NULL)); #endif /* non-default must to set the IV length first */ AssertIntEQ(1, EVP_CIPHER_CTX_ctrl(&de[i], EVP_CTRL_CCM_SET_IVLEN, ivSz, NULL)); AssertIntEQ(1, EVP_DecryptInit_ex(&de[i], NULL, NULL, key, iv)); } AssertIntEQ(1, EVP_DecryptUpdate(&de[i], NULL, &len, aad, aadSz)); AssertIntEQ(1, EVP_DecryptUpdate(&de[i], decryptedtxt, &len, ciphertxt, ciphertxtSz)); decryptedtxtSz = len; AssertIntEQ(1, EVP_CIPHER_CTX_ctrl(&de[i], EVP_CTRL_CCM_SET_TAG, AES_BLOCK_SIZE, tag)); AssertIntEQ(1, EVP_DecryptFinal_ex(&de[i], decryptedtxt, &len)); decryptedtxtSz += len; AssertIntEQ(ciphertxtSz, decryptedtxtSz); AssertIntEQ(0, XMEMCMP(plaintxt, decryptedtxt, decryptedtxtSz)); /* modify tag*/ tag[AES_BLOCK_SIZE-1]+=0xBB; AssertIntEQ(1, EVP_DecryptUpdate(&de[i], NULL, &len, aad, aadSz)); AssertIntEQ(1, EVP_CIPHER_CTX_ctrl(&de[i], EVP_CTRL_CCM_SET_TAG, AES_BLOCK_SIZE, tag)); /* fail due to wrong tag */ AssertIntEQ(1, EVP_DecryptUpdate(&de[i], decryptedtxt, &len, ciphertxt, ciphertxtSz)); AssertIntEQ(0, EVP_DecryptFinal_ex(&de[i], decryptedtxt, &len)); AssertIntEQ(0, len); AssertIntEQ(wolfSSL_EVP_CIPHER_CTX_cleanup(&de[i]), 1); } res = TEST_RES_CHECK(1); #endif /* OPENSSL_EXTRA && !NO_AES && HAVE_AESCCM */ return res; } static int test_wolfssl_EVP_chacha20_poly1305(void) { int res = TEST_SKIPPED; #if defined(OPENSSL_EXTRA) && defined(HAVE_CHACHA) && defined(HAVE_POLY1305) byte key[CHACHA20_POLY1305_AEAD_KEYSIZE]; byte iv [CHACHA20_POLY1305_AEAD_IV_SIZE]; byte plainText[] = {0xDE, 0xAD, 0xBE, 0xEF}; byte aad[] = {0xAA, 0XBB, 0xCC, 0xDD, 0xEE, 0xFF}; byte cipherText[sizeof(plainText)]; byte decryptedText[sizeof(plainText)]; byte tag[CHACHA20_POLY1305_AEAD_AUTHTAG_SIZE]; EVP_CIPHER_CTX* ctx; int outSz; /* Encrypt. */ AssertNotNull((ctx = EVP_CIPHER_CTX_new())); AssertIntEQ(EVP_EncryptInit_ex(ctx, EVP_chacha20_poly1305(), NULL, NULL, NULL), WOLFSSL_SUCCESS); /* Invalid IV length. */ AssertIntEQ(EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_SET_IVLEN, CHACHA20_POLY1305_AEAD_IV_SIZE-1, NULL), WOLFSSL_FAILURE); /* Valid IV length. */ AssertIntEQ(EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_SET_IVLEN, CHACHA20_POLY1305_AEAD_IV_SIZE, NULL), WOLFSSL_SUCCESS); /* Invalid tag length. */ AssertIntEQ(EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_SET_TAG, CHACHA20_POLY1305_AEAD_AUTHTAG_SIZE-1, NULL), WOLFSSL_FAILURE); /* Valid tag length. */ AssertIntEQ(EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_SET_TAG, CHACHA20_POLY1305_AEAD_AUTHTAG_SIZE, NULL), WOLFSSL_SUCCESS); AssertIntEQ(EVP_EncryptInit_ex(ctx, NULL, NULL, key, iv), WOLFSSL_SUCCESS); AssertIntEQ(EVP_EncryptUpdate(ctx, NULL, &outSz, aad, sizeof(aad)), WOLFSSL_SUCCESS); AssertIntEQ(outSz, sizeof(aad)); AssertIntEQ(EVP_EncryptUpdate(ctx, cipherText, &outSz, plainText, sizeof(plainText)), WOLFSSL_SUCCESS); AssertIntEQ(outSz, sizeof(plainText)); AssertIntEQ(EVP_EncryptFinal_ex(ctx, cipherText, &outSz), WOLFSSL_SUCCESS); AssertIntEQ(outSz, 0); /* Invalid tag length. */ AssertIntEQ(EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_GET_TAG, CHACHA20_POLY1305_AEAD_AUTHTAG_SIZE-1, tag), WOLFSSL_FAILURE); /* Valid tag length. */ AssertIntEQ(EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_GET_TAG, CHACHA20_POLY1305_AEAD_AUTHTAG_SIZE, tag), WOLFSSL_SUCCESS); EVP_CIPHER_CTX_free(ctx); /* Decrypt. */ AssertNotNull((ctx = EVP_CIPHER_CTX_new())); AssertIntEQ(EVP_DecryptInit_ex(ctx, EVP_chacha20_poly1305(), NULL, NULL, NULL), WOLFSSL_SUCCESS); AssertIntEQ(EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_SET_IVLEN, CHACHA20_POLY1305_AEAD_IV_SIZE, NULL), WOLFSSL_SUCCESS); AssertIntEQ(EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_SET_TAG, CHACHA20_POLY1305_AEAD_AUTHTAG_SIZE, tag), WOLFSSL_SUCCESS); AssertIntEQ(EVP_DecryptInit_ex(ctx, NULL, NULL, key, iv), WOLFSSL_SUCCESS); AssertIntEQ(EVP_DecryptUpdate(ctx, NULL, &outSz, aad, sizeof(aad)), WOLFSSL_SUCCESS); AssertIntEQ(outSz, sizeof(aad)); AssertIntEQ(EVP_DecryptUpdate(ctx, decryptedText, &outSz, cipherText, sizeof(cipherText)), WOLFSSL_SUCCESS); AssertIntEQ(outSz, sizeof(cipherText)); AssertIntEQ(EVP_DecryptFinal_ex(ctx, decryptedText, &outSz), WOLFSSL_SUCCESS); AssertIntEQ(outSz, 0); EVP_CIPHER_CTX_free(ctx); /* Test partial Inits. CipherInit() allow setting of key and iv * in separate calls. */ AssertNotNull((ctx = EVP_CIPHER_CTX_new())); AssertIntEQ(wolfSSL_EVP_CipherInit(ctx, EVP_chacha20_poly1305(), key, NULL, 1), WOLFSSL_SUCCESS); AssertIntEQ(wolfSSL_EVP_CipherInit(ctx, NULL, NULL, iv, 1), WOLFSSL_SUCCESS); AssertIntEQ(wolfSSL_EVP_CipherUpdate(ctx, NULL, &outSz, aad, sizeof(aad)), WOLFSSL_SUCCESS); AssertIntEQ(outSz, sizeof(aad)); AssertIntEQ(EVP_DecryptUpdate(ctx, decryptedText, &outSz, cipherText, sizeof(cipherText)), WOLFSSL_SUCCESS); AssertIntEQ(outSz, sizeof(cipherText)); AssertIntEQ(EVP_DecryptFinal_ex(ctx, decryptedText, &outSz), WOLFSSL_SUCCESS); AssertIntEQ(outSz, 0); EVP_CIPHER_CTX_free(ctx); res = TEST_RES_CHECK(1); #endif return res; } static int test_wolfssl_EVP_chacha20(void) { int res = TEST_SKIPPED; #if defined(OPENSSL_EXTRA) && defined(HAVE_CHACHA) byte key[CHACHA_MAX_KEY_SZ]; byte iv [WOLFSSL_EVP_CHACHA_IV_BYTES]; byte plainText[] = {0xDE, 0xAD, 0xBE, 0xEF}; byte cipherText[sizeof(plainText)]; byte decryptedText[sizeof(plainText)]; EVP_CIPHER_CTX* ctx; int outSz; /* Encrypt. */ AssertNotNull((ctx = EVP_CIPHER_CTX_new())); AssertIntEQ(EVP_EncryptInit_ex(ctx, EVP_chacha20(), NULL, NULL, NULL), WOLFSSL_SUCCESS); /* Any tag length must fail - not an AEAD cipher. */ AssertIntEQ(EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_SET_TAG, 16, NULL), WOLFSSL_FAILURE); AssertIntEQ(EVP_EncryptInit_ex(ctx, NULL, NULL, key, iv), WOLFSSL_SUCCESS); AssertIntEQ(EVP_EncryptUpdate(ctx, cipherText, &outSz, plainText, sizeof(plainText)), WOLFSSL_SUCCESS); AssertIntEQ(outSz, sizeof(plainText)); AssertIntEQ(EVP_EncryptFinal_ex(ctx, cipherText, &outSz), WOLFSSL_SUCCESS); AssertIntEQ(outSz, 0); EVP_CIPHER_CTX_free(ctx); /* Decrypt. */ AssertNotNull((ctx = EVP_CIPHER_CTX_new())); AssertIntEQ(EVP_DecryptInit_ex(ctx, EVP_chacha20(), NULL, NULL, NULL), WOLFSSL_SUCCESS); AssertIntEQ(EVP_DecryptInit_ex(ctx, NULL, NULL, key, iv), WOLFSSL_SUCCESS); AssertIntEQ(EVP_DecryptUpdate(ctx, decryptedText, &outSz, cipherText, sizeof(cipherText)), WOLFSSL_SUCCESS); AssertIntEQ(outSz, sizeof(cipherText)); AssertIntEQ(EVP_DecryptFinal_ex(ctx, decryptedText, &outSz), WOLFSSL_SUCCESS); AssertIntEQ(outSz, 0); EVP_CIPHER_CTX_free(ctx); /* Test partial Inits. CipherInit() allow setting of key and iv * in separate calls. */ AssertNotNull((ctx = EVP_CIPHER_CTX_new())); AssertIntEQ(wolfSSL_EVP_CipherInit(ctx, EVP_chacha20(), key, NULL, 1), WOLFSSL_SUCCESS); AssertIntEQ(wolfSSL_EVP_CipherInit(ctx, NULL, NULL, iv, 1), WOLFSSL_SUCCESS); AssertIntEQ(EVP_DecryptUpdate(ctx, decryptedText, &outSz, cipherText, sizeof(cipherText)), WOLFSSL_SUCCESS); AssertIntEQ(outSz, sizeof(cipherText)); AssertIntEQ(EVP_DecryptFinal_ex(ctx, decryptedText, &outSz), WOLFSSL_SUCCESS); AssertIntEQ(outSz, 0); EVP_CIPHER_CTX_free(ctx); res = TEST_RES_CHECK(1); #endif return res; } static int test_wolfSSL_EVP_PKEY_hkdf(void) { int res = TEST_SKIPPED; #if defined(OPENSSL_EXTRA) && defined(HAVE_HKDF) EVP_PKEY_CTX* ctx; byte salt[] = {0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0A, 0x0B, 0x0C, 0x0D, 0x0E, 0x0F}; byte key[] = {0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17, 0x18, 0x19, 0x1A, 0x1B, 0x1C, 0x1D, 0x1E, 0x1F}; byte info[] = {0X01, 0x02, 0x03, 0x04, 0x05}; byte info2[] = {0X06, 0x07, 0x08, 0x09, 0x0A}; byte outKey[34]; size_t outKeySz = sizeof(outKey); /* These expected outputs were gathered by running the same test below using * OpenSSL. */ const byte extractAndExpand[] = { 0x8B, 0xEB, 0x90, 0xA9, 0x04, 0xFF, 0x05, 0x10, 0xE4, 0xB5, 0xB1, 0x10, 0x31, 0x34, 0xFF, 0x07, 0x5B, 0xE3, 0xC6, 0x93, 0xD4, 0xF8, 0xC7, 0xEE, 0x96, 0xDA, 0x78, 0x7A, 0xE2, 0x9A, 0x2D, 0x05, 0x4B, 0xF6 }; const byte extractOnly[] = { 0xE7, 0x6B, 0x9E, 0x0F, 0xE4, 0x02, 0x1D, 0x62, 0xEA, 0x97, 0x74, 0x5E, 0xF4, 0x3C, 0x65, 0x4D, 0xC1, 0x46, 0x98, 0xAA, 0x79, 0x9A, 0xCB, 0x9C, 0xCC, 0x3E, 0x7F, 0x2A, 0x2B, 0x41, 0xA1, 0x9E }; const byte expandOnly[] = { 0xFF, 0x29, 0x29, 0x56, 0x9E, 0xA7, 0x66, 0x02, 0xDB, 0x4F, 0xDB, 0x53, 0x7D, 0x21, 0x67, 0x52, 0xC3, 0x0E, 0xF3, 0xFC, 0x71, 0xCE, 0x67, 0x2B, 0xEA, 0x3B, 0xE9, 0xFC, 0xDD, 0xC8, 0xCC, 0xB7, 0x42, 0x74 }; const byte extractAndExpandAddInfo[] = { 0x5A, 0x74, 0x79, 0x83, 0xA3, 0xA4, 0x2E, 0xB7, 0xD4, 0x08, 0xC2, 0x6A, 0x2F, 0xA5, 0xE3, 0x4E, 0xF1, 0xF4, 0x87, 0x3E, 0xA6, 0xC7, 0x88, 0x45, 0xD7, 0xE2, 0x15, 0xBC, 0xB8, 0x10, 0xEF, 0x6C, 0x4D, 0x7A }; AssertNotNull((ctx = EVP_PKEY_CTX_new_id(EVP_PKEY_HKDF, NULL))); AssertIntEQ(EVP_PKEY_derive_init(ctx), WOLFSSL_SUCCESS); /* NULL ctx. */ AssertIntEQ(EVP_PKEY_CTX_set_hkdf_md(NULL, EVP_sha256()), WOLFSSL_FAILURE); /* NULL md. */ AssertIntEQ(EVP_PKEY_CTX_set_hkdf_md(ctx, NULL), WOLFSSL_FAILURE); AssertIntEQ(EVP_PKEY_CTX_set_hkdf_md(ctx, EVP_sha256()), WOLFSSL_SUCCESS); /* NULL ctx. */ AssertIntEQ(EVP_PKEY_CTX_set1_hkdf_salt(NULL, salt, sizeof(salt)), WOLFSSL_FAILURE); /* NULL salt is ok. */ AssertIntEQ(EVP_PKEY_CTX_set1_hkdf_salt(ctx, NULL, sizeof(salt)), WOLFSSL_SUCCESS); /* Salt length <= 0. */ /* Length 0 salt is ok. */ AssertIntEQ(EVP_PKEY_CTX_set1_hkdf_salt(ctx, salt, 0), WOLFSSL_SUCCESS); AssertIntEQ(EVP_PKEY_CTX_set1_hkdf_salt(ctx, salt, -1), WOLFSSL_FAILURE); AssertIntEQ(EVP_PKEY_CTX_set1_hkdf_salt(ctx, salt, sizeof(salt)), WOLFSSL_SUCCESS); /* NULL ctx. */ AssertIntEQ(EVP_PKEY_CTX_set1_hkdf_key(NULL, key, sizeof(key)), WOLFSSL_FAILURE); /* NULL key. */ AssertIntEQ(EVP_PKEY_CTX_set1_hkdf_key(ctx, NULL, sizeof(key)), WOLFSSL_FAILURE); /* Key length <= 0 */ AssertIntEQ(EVP_PKEY_CTX_set1_hkdf_key(ctx, key, 0), WOLFSSL_FAILURE); AssertIntEQ(EVP_PKEY_CTX_set1_hkdf_key(ctx, key, -1), WOLFSSL_FAILURE); AssertIntEQ(EVP_PKEY_CTX_set1_hkdf_key(ctx, key, sizeof(key)), WOLFSSL_SUCCESS); /* NULL ctx. */ AssertIntEQ(EVP_PKEY_CTX_add1_hkdf_info(NULL, info, sizeof(info)), WOLFSSL_FAILURE); /* NULL info is ok. */ AssertIntEQ(EVP_PKEY_CTX_add1_hkdf_info(ctx, NULL, sizeof(info)), WOLFSSL_SUCCESS); /* Info length <= 0 */ /* Length 0 info is ok. */ AssertIntEQ(EVP_PKEY_CTX_add1_hkdf_info(ctx, info, 0), WOLFSSL_SUCCESS); AssertIntEQ(EVP_PKEY_CTX_add1_hkdf_info(ctx, info, -1), WOLFSSL_FAILURE); AssertIntEQ(EVP_PKEY_CTX_add1_hkdf_info(ctx, info, sizeof(info)), WOLFSSL_SUCCESS); /* NULL ctx. */ AssertIntEQ(EVP_PKEY_CTX_hkdf_mode(NULL, EVP_PKEY_HKDEF_MODE_EXTRACT_ONLY), WOLFSSL_FAILURE); /* Extract and expand (default). */ AssertIntEQ(EVP_PKEY_derive(ctx, outKey, &outKeySz), WOLFSSL_SUCCESS); AssertIntEQ(outKeySz, sizeof(extractAndExpand)); AssertIntEQ(XMEMCMP(outKey, extractAndExpand, outKeySz), 0); /* Extract only. */ AssertIntEQ(EVP_PKEY_CTX_hkdf_mode(ctx, EVP_PKEY_HKDEF_MODE_EXTRACT_ONLY), WOLFSSL_SUCCESS); AssertIntEQ(EVP_PKEY_derive(ctx, outKey, &outKeySz), WOLFSSL_SUCCESS); AssertIntEQ(outKeySz, sizeof(extractOnly)); AssertIntEQ(XMEMCMP(outKey, extractOnly, outKeySz), 0); outKeySz = sizeof(outKey); /* Expand only. */ AssertIntEQ(EVP_PKEY_CTX_hkdf_mode(ctx, EVP_PKEY_HKDEF_MODE_EXPAND_ONLY), WOLFSSL_SUCCESS); AssertIntEQ(EVP_PKEY_derive(ctx, outKey, &outKeySz), WOLFSSL_SUCCESS); AssertIntEQ(outKeySz, sizeof(expandOnly)); AssertIntEQ(XMEMCMP(outKey, expandOnly, outKeySz), 0); outKeySz = sizeof(outKey); /* Extract and expand with appended additional info. */ AssertIntEQ(EVP_PKEY_CTX_add1_hkdf_info(ctx, info2, sizeof(info2)), WOLFSSL_SUCCESS); AssertIntEQ(EVP_PKEY_CTX_hkdf_mode(ctx, EVP_PKEY_HKDEF_MODE_EXTRACT_AND_EXPAND), WOLFSSL_SUCCESS); AssertIntEQ(EVP_PKEY_derive(ctx, outKey, &outKeySz), WOLFSSL_SUCCESS); AssertIntEQ(outKeySz, sizeof(extractAndExpandAddInfo)); AssertIntEQ(XMEMCMP(outKey, extractAndExpandAddInfo, outKeySz), 0); EVP_PKEY_CTX_free(ctx); res = TEST_RES_CHECK(1); #endif /* OPENSSL_EXTRA && HAVE_HKDF */ return res; } #ifndef NO_BIO static int test_wolfSSL_PEM_X509_INFO_read_bio(void) { int res = TEST_SKIPPED; #if defined(OPENSSL_ALL) && !defined(NO_FILESYSTEM) && !defined(NO_RSA) BIO* bio; X509_INFO* info; STACK_OF(X509_INFO)* sk; char* subject; char exp1[] = "/C=US/ST=Montana/L=Bozeman/O=Sawtooth/OU=Consulting/CN=www.wolfssl.com/emailAddress=info@wolfssl.com"; char exp2[] = "/C=US/ST=Montana/L=Bozeman/O=wolfSSL/OU=Support/CN=www.wolfssl.com/emailAddress=info@wolfssl.com"; AssertNotNull(bio = BIO_new(BIO_s_file())); AssertIntGT(BIO_read_filename(bio, svrCertFile), 0); AssertNotNull(sk = PEM_X509_INFO_read_bio(bio, NULL, NULL, NULL)); AssertIntEQ(sk_X509_INFO_num(sk), 2); /* using dereference to maintain testing for Apache port*/ AssertNotNull(info = sk_X509_INFO_pop(sk)); AssertNotNull(subject = X509_NAME_oneline(X509_get_subject_name(info->x509), 0, 0)); AssertIntEQ(0, XSTRNCMP(subject, exp1, sizeof(exp1))); XFREE(subject, 0, DYNAMIC_TYPE_OPENSSL); X509_INFO_free(info); AssertNotNull(info = sk_X509_INFO_pop(sk)); AssertNotNull(subject = X509_NAME_oneline(X509_get_subject_name(info->x509), 0, 0)); AssertIntEQ(0, XSTRNCMP(subject, exp2, sizeof(exp2))); XFREE(subject, 0, DYNAMIC_TYPE_OPENSSL); X509_INFO_free(info); AssertNull(info = sk_X509_INFO_pop(sk)); sk_X509_INFO_pop_free(sk, X509_INFO_free); BIO_free(bio); res = TEST_RES_CHECK(1); #endif return res; } #endif /* !NO_BIO */ static int test_wolfSSL_X509_NAME_ENTRY_get_object(void) { int res = TEST_SKIPPED; #if defined(OPENSSL_EXTRA) && !defined(NO_FILESYSTEM) && !defined(NO_RSA) X509 *x509; X509_NAME* name; int idx = 0; X509_NAME_ENTRY *ne; ASN1_OBJECT *object = NULL; x509 = wolfSSL_X509_load_certificate_file(cliCertFile, WOLFSSL_FILETYPE_PEM); AssertNotNull(x509); name = X509_get_subject_name(x509); idx = X509_NAME_get_index_by_NID(name, NID_commonName, -1); AssertIntGE(idx, 0); ne = X509_NAME_get_entry(name, idx); AssertNotNull(ne); AssertNotNull(object = X509_NAME_ENTRY_get_object(ne)); X509_free(x509); res = TEST_RES_CHECK(1); #endif return res; } static int test_wolfSSL_X509_STORE_get1_certs(void) { int res = TEST_SKIPPED; #if defined(OPENSSL_EXTRA) && defined(WOLFSSL_SIGNER_DER_CERT) && \ !defined(NO_FILESYSTEM) && !defined(NO_RSA) X509_STORE_CTX *storeCtx; X509_STORE *store; X509 *caX509; X509 *svrX509; X509_NAME *subject; WOLF_STACK_OF(WOLFSSL_X509) *certs; AssertNotNull(caX509 = X509_load_certificate_file(caCertFile, SSL_FILETYPE_PEM)); AssertNotNull((svrX509 = wolfSSL_X509_load_certificate_file(svrCertFile, SSL_FILETYPE_PEM))); AssertNotNull(storeCtx = X509_STORE_CTX_new()); AssertNotNull(store = X509_STORE_new()); AssertNotNull(subject = X509_get_subject_name(caX509)); /* Errors */ AssertNull(X509_STORE_get1_certs(storeCtx, subject)); AssertNull(X509_STORE_get1_certs(NULL, subject)); AssertNull(X509_STORE_get1_certs(storeCtx, NULL)); AssertIntEQ(X509_STORE_add_cert(store, caX509), SSL_SUCCESS); AssertIntEQ(X509_STORE_CTX_init(storeCtx, store, caX509, NULL), SSL_SUCCESS); /* Should find the cert */ AssertNotNull(certs = X509_STORE_get1_certs(storeCtx, subject)); AssertIntEQ(1, wolfSSL_sk_X509_num(certs)); sk_X509_pop_free(certs, NULL); /* Should not find the cert */ AssertNotNull(subject = X509_get_subject_name(svrX509)); AssertNotNull(certs = X509_STORE_get1_certs(storeCtx, subject)); AssertIntEQ(0, wolfSSL_sk_X509_num(certs)); sk_X509_pop_free(certs, NULL); X509_STORE_free(store); X509_STORE_CTX_free(storeCtx); X509_free(svrX509); X509_free(caX509); res = TEST_RES_CHECK(1); #endif /* OPENSSL_EXTRA && WOLFSSL_SIGNER_DER_CERT && !NO_FILESYSTEM */ return res; } /* include misc.c here regardless of NO_INLINE, because misc.c implementations * have default (hidden) visibility, and in the absence of visibility, it's * benign to mask out the library implementation. */ #define WOLFSSL_MISC_INCLUDED #include static int test_ForceZero(void) { unsigned char data[32]; unsigned int i, j, len; /* Test case with 0 length */ ForceZero(data, 0); /* Test ForceZero */ for (i = 0; i < sizeof(data); i++) { for (len = 1; len < sizeof(data) - i; len++) { for (j = 0; j < sizeof(data); j++) data[j] = j + 1; ForceZero(data + i, len); for (j = 0; j < sizeof(data); j++) { if (j < i || j >= i + len) { if (data[j] == 0x00) return -10200; } else if (data[j] != 0x00) return -10201; } } } return TEST_RES_CHECK(1); } #ifndef NO_BIO static int test_wolfSSL_X509_print(void) { int res = TEST_SKIPPED; #if defined(OPENSSL_EXTRA) && !defined(NO_FILESYSTEM) && \ !defined(NO_RSA) && !defined(HAVE_FAST_RSA) && defined(XSNPRINTF) X509 *x509; BIO *bio; #if defined(OPENSSL_ALL) && !defined(NO_WOLFSSL_DIR) const X509_ALGOR *cert_sig_alg; #endif x509 = X509_load_certificate_file(svrCertFile, WOLFSSL_FILETYPE_PEM); AssertNotNull(x509); /* print to memory */ AssertNotNull(bio = BIO_new(BIO_s_mem())); AssertIntEQ(X509_print(bio, x509), SSL_SUCCESS); #if defined(OPENSSL_ALL) || defined(WOLFSSL_IP_ALT_NAME) #if defined(WC_DISABLE_RADIX_ZERO_PAD) /* Will print IP address subject alt name. */ AssertIntEQ(BIO_get_mem_data(bio, NULL), 3349); #elif defined(NO_ASN_TIME) /* Will print IP address subject alt name but not Validity. */ AssertIntEQ(BIO_get_mem_data(bio, NULL), 3235); #else /* Will print IP address subject alt name. */ AssertIntEQ(BIO_get_mem_data(bio, NULL), 3350); #endif #elif defined(NO_ASN_TIME) /* With NO_ASN_TIME defined, X509_print skips printing Validity. */ AssertIntEQ(BIO_get_mem_data(bio, NULL), 3213); #else AssertIntEQ(BIO_get_mem_data(bio, NULL), 3328); #endif BIO_free(bio); AssertNotNull(bio = BIO_new_fd(STDERR_FILENO, BIO_NOCLOSE)); #if defined(OPENSSL_ALL) && !defined(NO_WOLFSSL_DIR) /* Print signature */ AssertNotNull(cert_sig_alg = X509_get0_tbs_sigalg(x509)); AssertIntEQ(X509_signature_print(bio, cert_sig_alg, NULL), SSL_SUCCESS); #endif /* print to stderr */ #if !defined(NO_WOLFSSL_DIR) AssertIntEQ(X509_print(bio, x509), SSL_SUCCESS); #endif /* print again */ AssertIntEQ(X509_print_fp(stderr, x509), SSL_SUCCESS); X509_free(x509); BIO_free(bio); res = TEST_RES_CHECK(1); #endif return res; } static int test_wolfSSL_X509_CRL_print(void) { int res = TEST_SKIPPED; #if defined(OPENSSL_EXTRA) && !defined(NO_CERTS) && defined(HAVE_CRL)\ && !defined(NO_FILESYSTEM) && defined(XSNPRINTF) X509_CRL* crl; BIO *bio; XFILE fp; fp = XFOPEN("./certs/crl/crl.pem", "rb"); AssertTrue((fp != XBADFILE)); AssertNotNull(crl = (X509_CRL*)PEM_read_X509_CRL(fp, (X509_CRL **)NULL, NULL, NULL)); XFCLOSE(fp); AssertNotNull(bio = BIO_new(BIO_s_mem())); AssertIntEQ(X509_CRL_print(bio, crl), SSL_SUCCESS); X509_CRL_free(crl); BIO_free(bio); res = TEST_RES_CHECK(1); #endif return res; } static int test_wolfSSL_BIO_get_len(void) { int res = TEST_SKIPPED; #if defined(OPENSSL_EXTRA) && !defined(NO_BIO) BIO *bio = NULL; const char txt[] = "Some example text to push to the BIO."; AssertIntEQ(wolfSSL_BIO_get_len(bio), BAD_FUNC_ARG); AssertNotNull(bio = wolfSSL_BIO_new(wolfSSL_BIO_s_mem())); AssertIntEQ(wolfSSL_BIO_write(bio, txt, sizeof(txt)), sizeof(txt)); AssertIntEQ(wolfSSL_BIO_get_len(bio), sizeof(txt)); BIO_free(bio); AssertNotNull(bio = BIO_new_fd(STDERR_FILENO, BIO_NOCLOSE)); AssertIntEQ(wolfSSL_BIO_get_len(bio), WOLFSSL_BAD_FILE); BIO_free(bio); res = TEST_RES_CHECK(1); #endif return res; } #endif /* !NO_BIO */ static int test_wolfSSL_RSA(void) { int res = TEST_SKIPPED; #if defined(OPENSSL_EXTRA) && !defined(NO_RSA) && !defined(HAVE_USER_RSA) && \ defined(WOLFSSL_KEY_GEN) RSA* rsa; const BIGNUM *n; const BIGNUM *e; const BIGNUM *d; const BIGNUM *p; const BIGNUM *q; const BIGNUM *dmp1; const BIGNUM *dmq1; const BIGNUM *iqmp; AssertNotNull(rsa = RSA_new()); AssertIntEQ(RSA_size(NULL), 0); AssertIntEQ(RSA_size(rsa), 0); AssertIntEQ(RSA_set0_key(rsa, NULL, NULL, NULL), 0); AssertIntEQ(RSA_set0_crt_params(rsa, NULL, NULL, NULL), 0); AssertIntEQ(RSA_set0_factors(rsa, NULL, NULL), 0); #ifdef WOLFSSL_RSA_KEY_CHECK AssertIntEQ(RSA_check_key(rsa), 0); #endif RSA_free(rsa); AssertNotNull(rsa = RSA_generate_key(2048, 3, NULL, NULL)); AssertIntEQ(RSA_size(rsa), 256); #ifdef WOLFSSL_RSA_KEY_CHECK AssertIntEQ(RSA_check_key(NULL), 0); AssertIntEQ(RSA_check_key(rsa), 1); #endif /* sanity check */ AssertIntEQ(RSA_bits(NULL), 0); /* key */ AssertIntEQ(RSA_bits(rsa), 2048); RSA_get0_key(rsa, &n, &e, &d); AssertPtrEq(rsa->n, n); AssertPtrEq(rsa->e, e); AssertPtrEq(rsa->d, d); AssertNotNull(n = BN_new()); AssertNotNull(e = BN_new()); AssertNotNull(d = BN_new()); AssertIntEQ(RSA_set0_key(rsa, (BIGNUM*)n, (BIGNUM*)e, (BIGNUM*)d), 1); AssertPtrEq(rsa->n, n); AssertPtrEq(rsa->e, e); AssertPtrEq(rsa->d, d); AssertIntEQ(RSA_set0_key(rsa, NULL, NULL, NULL), 1); AssertIntEQ(RSA_set0_key(NULL, (BIGNUM*)n, (BIGNUM*)e, (BIGNUM*)d), 0); /* crt_params */ RSA_get0_crt_params(rsa, &dmp1, &dmq1, &iqmp); AssertPtrEq(rsa->dmp1, dmp1); AssertPtrEq(rsa->dmq1, dmq1); AssertPtrEq(rsa->iqmp, iqmp); AssertNotNull(dmp1 = BN_new()); AssertNotNull(dmq1 = BN_new()); AssertNotNull(iqmp = BN_new()); AssertIntEQ(RSA_set0_crt_params(rsa, (BIGNUM*)dmp1, (BIGNUM*)dmq1, (BIGNUM*)iqmp), 1); AssertPtrEq(rsa->dmp1, dmp1); AssertPtrEq(rsa->dmq1, dmq1); AssertPtrEq(rsa->iqmp, iqmp); AssertIntEQ(RSA_set0_crt_params(rsa, NULL, NULL, NULL), 1); AssertIntEQ(RSA_set0_crt_params(NULL, (BIGNUM*)dmp1, (BIGNUM*)dmq1, (BIGNUM*)iqmp), 0); RSA_get0_crt_params(NULL, NULL, NULL, NULL); RSA_get0_crt_params(rsa, NULL, NULL, NULL); RSA_get0_crt_params(NULL, &dmp1, &dmq1, &iqmp); AssertNull(dmp1); AssertNull(dmq1); AssertNull(iqmp); /* factors */ RSA_get0_factors(rsa, NULL, NULL); RSA_get0_factors(rsa, &p, &q); AssertPtrEq(rsa->p, p); AssertPtrEq(rsa->q, q); AssertNotNull(p = BN_new()); AssertNotNull(q = BN_new()); AssertIntEQ(RSA_set0_factors(rsa, (BIGNUM*)p, (BIGNUM*)q), 1); AssertPtrEq(rsa->p, p); AssertPtrEq(rsa->q, q); AssertIntEQ(RSA_set0_factors(rsa, NULL, NULL), 1); AssertIntEQ(RSA_set0_factors(NULL, (BIGNUM*)p, (BIGNUM*)q), 0); RSA_get0_factors(NULL, NULL, NULL); RSA_get0_factors(NULL, &p, &q); AssertNull(p); AssertNull(q); AssertIntEQ(BN_hex2bn(&rsa->n, "1FFFFF"), 1); AssertIntEQ(RSA_bits(rsa), 21); RSA_free(rsa); #if !defined(USE_FAST_MATH) || (FP_MAX_BITS >= (3072*2)) AssertNotNull(rsa = RSA_generate_key(3072, 17, NULL, NULL)); AssertIntEQ(RSA_size(rsa), 384); AssertIntEQ(RSA_bits(rsa), 3072); RSA_free(rsa); #endif /* remove for now with odd key size until adjusting rsa key size check with wc_MakeRsaKey() AssertNotNull(rsa = RSA_generate_key(2999, 65537, NULL, NULL)); RSA_free(rsa); */ AssertNull(RSA_generate_key(-1, 3, NULL, NULL)); AssertNull(RSA_generate_key(RSA_MIN_SIZE - 1, 3, NULL, NULL)); AssertNull(RSA_generate_key(RSA_MAX_SIZE + 1, 3, NULL, NULL)); AssertNull(RSA_generate_key(2048, 0, NULL, NULL)); #if !defined(NO_FILESYSTEM) && !defined(NO_ASN) { byte buff[FOURK_BUF]; byte der[FOURK_BUF]; const char PrivKeyPemFile[] = "certs/client-keyEnc.pem"; XFILE f; int bytes; /* test loading encrypted RSA private pem w/o password */ f = XFOPEN(PrivKeyPemFile, "rb"); AssertTrue((f != XBADFILE)); bytes = (int)XFREAD(buff, 1, sizeof(buff), f); XFCLOSE(f); XMEMSET(der, 0, sizeof(der)); /* test that error value is returned with no password */ AssertIntLT(wc_KeyPemToDer(buff, bytes, der, (word32)sizeof(der), ""), 0); } #endif res = TEST_RES_CHECK(1); #endif return res; } static int test_wolfSSL_RSA_DER(void) { int res = TEST_SKIPPED; #if !defined(HAVE_FAST_RSA) && defined(WOLFSSL_KEY_GEN) && \ !defined(NO_RSA) && !defined(HAVE_USER_RSA) && defined(OPENSSL_EXTRA) RSA *rsa; int i; const unsigned char *buff = NULL; unsigned char *newBuff = NULL; struct tbl_s { const unsigned char *der; int sz; } tbl[] = { #ifdef USE_CERT_BUFFERS_1024 {client_key_der_1024, sizeof_client_key_der_1024}, {server_key_der_1024, sizeof_server_key_der_1024}, #endif #ifdef USE_CERT_BUFFERS_2048 {client_key_der_2048, sizeof_client_key_der_2048}, {server_key_der_2048, sizeof_server_key_der_2048}, #endif {NULL, 0} }; /* Public Key DER */ struct tbl_s pub[] = { #ifdef USE_CERT_BUFFERS_1024 {client_keypub_der_1024, sizeof_client_keypub_der_1024}, #endif #ifdef USE_CERT_BUFFERS_2048 {client_keypub_der_2048, sizeof_client_keypub_der_2048}, #endif {NULL, 0} }; AssertNull(d2i_RSAPublicKey(&rsa, NULL, pub[0].sz)); buff = pub[0].der; AssertNull(d2i_RSAPublicKey(&rsa, &buff, 1)); AssertNull(d2i_RSAPrivateKey(&rsa, NULL, tbl[0].sz)); buff = tbl[0].der; AssertNull(d2i_RSAPrivateKey(&rsa, &buff, 1)); AssertIntEQ(i2d_RSAPublicKey(NULL, NULL), BAD_FUNC_ARG); rsa = RSA_new(); AssertIntEQ(i2d_RSAPublicKey(rsa, NULL), 0); RSA_free(rsa); for (i = 0; tbl[i].der != NULL; i++) { /* Passing in pointer results in pointer moving. */ buff = tbl[i].der; AssertNotNull(d2i_RSAPublicKey(&rsa, &buff, tbl[i].sz)); AssertNotNull(rsa); RSA_free(rsa); } for (i = 0; tbl[i].der != NULL; i++) { /* Passing in pointer results in pointer moving. */ buff = tbl[i].der; AssertNotNull(d2i_RSAPrivateKey(&rsa, &buff, tbl[i].sz)); AssertNotNull(rsa); RSA_free(rsa); } for (i = 0; pub[i].der != NULL; i++) { buff = pub[i].der; AssertNotNull(d2i_RSAPublicKey(&rsa, &buff, pub[i].sz)); AssertNotNull(rsa); AssertIntEQ(i2d_RSAPublicKey(rsa, NULL), pub[i].sz); newBuff = NULL; AssertIntEQ(i2d_RSAPublicKey(rsa, &newBuff), pub[i].sz); AssertNotNull(newBuff); AssertIntEQ(XMEMCMP((void *)newBuff, (void *)pub[i].der, pub[i].sz), 0); XFREE((void *)newBuff, NULL, DYNAMIC_TYPE_TMP_BUFFER); RSA_free(rsa); } res = TEST_RES_CHECK(1); #endif return res; } static int test_wolfSSL_RSA_print(void) { int res = TEST_SKIPPED; #if defined(OPENSSL_EXTRA) && !defined(NO_FILESYSTEM) && \ !defined(NO_RSA) && !defined(HAVE_FAST_RSA) && defined(WOLFSSL_KEY_GEN) && \ !defined(HAVE_FAST_RSA) && !defined(NO_BIO) && defined(XFPRINTF) BIO *bio; WOLFSSL_RSA* rsa = NULL; AssertNotNull(bio = BIO_new_fd(STDERR_FILENO, BIO_NOCLOSE)); AssertNotNull(rsa = RSA_new()); AssertIntEQ(RSA_print(NULL, rsa, 0), -1); AssertIntEQ(RSA_print_fp(XBADFILE, rsa, 0), 0); AssertIntEQ(RSA_print(bio, NULL, 0), -1); AssertIntEQ(RSA_print_fp(stderr, NULL, 0), 0); /* Some very large number of indent spaces. */ AssertIntEQ(RSA_print(bio, rsa, 128), -1); /* RSA is empty. */ AssertIntEQ(RSA_print(bio, rsa, 0), 0); AssertIntEQ(RSA_print_fp(stderr, rsa, 0), 0); RSA_free(rsa); AssertNotNull(rsa = RSA_generate_key(2048, 3, NULL, NULL)); AssertIntEQ(RSA_print(bio, rsa, 0), 1); AssertIntEQ(RSA_print(bio, rsa, 4), 1); AssertIntEQ(RSA_print(bio, rsa, -1), 1); AssertIntEQ(RSA_print_fp(stderr, rsa, 0), 1); AssertIntEQ(RSA_print_fp(stderr, rsa, 4), 1); AssertIntEQ(RSA_print_fp(stderr, rsa, -1), 1); BIO_free(bio); RSA_free(rsa); res = TEST_RES_CHECK(1); #endif return res; } #ifndef NO_RSA static int test_wolfSSL_RSA_padding_add_PKCS1_PSS(void) { int res = TEST_SKIPPED; #if defined(OPENSSL_ALL) && defined(WC_RSA_PSS) && !defined(WC_NO_RNG) #if !defined(HAVE_FIPS) || (defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION>2)) RSA *rsa; const unsigned char *derBuf = client_key_der_2048; unsigned char em[256] = {0}; /* len = 2048/8 */ /* Random data simulating a hash */ const unsigned char mHash[WC_SHA256_DIGEST_SIZE] = { 0x28, 0x6e, 0xfd, 0xf8, 0x76, 0xc7, 0x00, 0x3d, 0x91, 0x4e, 0x59, 0xe4, 0x8e, 0xb7, 0x40, 0x7b, 0xd1, 0x0c, 0x98, 0x4b, 0xe3, 0x3d, 0xb3, 0xeb, 0x6f, 0x8a, 0x3c, 0x42, 0xab, 0x21, 0xad, 0x28 }; AssertNotNull(d2i_RSAPrivateKey(&rsa, &derBuf, sizeof_client_key_der_2048)); AssertIntEQ(RSA_padding_add_PKCS1_PSS(NULL, em, mHash, EVP_sha256(), RSA_PSS_SALTLEN_DIGEST), 0); AssertIntEQ(RSA_padding_add_PKCS1_PSS(rsa, NULL, mHash, EVP_sha256(), RSA_PSS_SALTLEN_DIGEST), 0); AssertIntEQ(RSA_padding_add_PKCS1_PSS(rsa, em, NULL, EVP_sha256(), RSA_PSS_SALTLEN_DIGEST), 0); AssertIntEQ(RSA_padding_add_PKCS1_PSS(rsa, em, mHash, NULL, RSA_PSS_SALTLEN_DIGEST), 0); AssertIntEQ(RSA_padding_add_PKCS1_PSS(rsa, em, mHash, EVP_sha256(), -5), 0); AssertIntEQ(RSA_verify_PKCS1_PSS(NULL, mHash, EVP_sha256(), em, RSA_PSS_SALTLEN_MAX_SIGN), 0); AssertIntEQ(RSA_verify_PKCS1_PSS(rsa, NULL, EVP_sha256(), em, RSA_PSS_SALTLEN_MAX_SIGN), 0); AssertIntEQ(RSA_verify_PKCS1_PSS(rsa, mHash, NULL, em, RSA_PSS_SALTLEN_MAX_SIGN), 0); AssertIntEQ(RSA_verify_PKCS1_PSS(rsa, mHash, EVP_sha256(), NULL, RSA_PSS_SALTLEN_MAX_SIGN), 0); AssertIntEQ(RSA_verify_PKCS1_PSS(rsa, mHash, EVP_sha256(), em, RSA_PSS_SALTLEN_MAX_SIGN), 0); AssertIntEQ(RSA_verify_PKCS1_PSS(rsa, mHash, EVP_sha256(), em, -5), 0); AssertIntEQ(RSA_padding_add_PKCS1_PSS(rsa, em, mHash, EVP_sha256(), RSA_PSS_SALTLEN_DIGEST), 1); AssertIntEQ(RSA_verify_PKCS1_PSS(rsa, mHash, EVP_sha256(), em, RSA_PSS_SALTLEN_DIGEST), 1); AssertIntEQ(RSA_padding_add_PKCS1_PSS(rsa, em, mHash, EVP_sha256(), RSA_PSS_SALTLEN_MAX_SIGN), 1); AssertIntEQ(RSA_verify_PKCS1_PSS(rsa, mHash, EVP_sha256(), em, RSA_PSS_SALTLEN_MAX_SIGN), 1); AssertIntEQ(RSA_padding_add_PKCS1_PSS(rsa, em, mHash, EVP_sha256(), RSA_PSS_SALTLEN_MAX), 1); AssertIntEQ(RSA_verify_PKCS1_PSS(rsa, mHash, EVP_sha256(), em, RSA_PSS_SALTLEN_MAX), 1); AssertIntEQ(RSA_padding_add_PKCS1_PSS(rsa, em, mHash, EVP_sha256(), 10), 1); AssertIntEQ(RSA_verify_PKCS1_PSS(rsa, mHash, EVP_sha256(), em, 10), 1); RSA_free(rsa); res = TEST_RES_CHECK(1); #endif /* !HAVE_FIPS || HAVE_FIPS_VERSION > 2 */ #endif /* OPENSSL_ALL && WC_RSA_PSS && !WC_NO_RNG*/ return res; } #endif static int test_wolfSSL_RSA_sign_sha3(void) { int res = TEST_SKIPPED; #if !defined(NO_RSA) && defined(WOLFSSL_SHA3) && !defined(WOLFSSL_NOSHA3_256) #if defined(OPENSSL_ALL) && defined(WC_RSA_PSS) && !defined(WC_NO_RNG) RSA *rsa; const unsigned char *derBuf = client_key_der_2048; unsigned char sigRet[256] = {0}; unsigned int sigLen = sizeof(sigRet); /* Random data simulating a hash */ const unsigned char mHash[WC_SHA3_256_DIGEST_SIZE] = { 0x28, 0x6e, 0xfd, 0xf8, 0x76, 0xc7, 0x00, 0x3d, 0x91, 0x4e, 0x59, 0xe4, 0x8e, 0xb7, 0x40, 0x7b, 0xd1, 0x0c, 0x98, 0x4b, 0xe3, 0x3d, 0xb3, 0xeb, 0x6f, 0x8a, 0x3c, 0x42, 0xab, 0x21, 0xad, 0x28 }; AssertNotNull(d2i_RSAPrivateKey(&rsa, &derBuf, sizeof_client_key_der_2048)); AssertIntEQ(RSA_sign(NID_sha3_256, mHash, sizeof(mHash), sigRet, &sigLen, rsa), 1); RSA_free(rsa); res = TEST_RES_CHECK(1); #endif /* OPENSSL_ALL && WC_RSA_PSS && !WC_NO_RNG*/ #endif /* !NO_RSA && WOLFSSL_SHA3 && !WOLFSSL_NOSHA3_256*/ return res; } static int test_wolfSSL_RSA_get0_key(void) { int res = TEST_SKIPPED; #if defined(OPENSSL_EXTRA) && !defined(NO_RSA) && !defined(HAVE_USER_RSA) RSA *rsa = NULL; const BIGNUM* n = NULL; const BIGNUM* e = NULL; const BIGNUM* d = NULL; const unsigned char* der; int derSz; #ifdef USE_CERT_BUFFERS_1024 der = client_key_der_1024; derSz = sizeof_client_key_der_1024; #elif defined(USE_CERT_BUFFERS_2048) der = client_key_der_2048; derSz = sizeof_client_key_der_2048; #else der = NULL; derSz = 0; #endif if (der != NULL) { RSA_get0_key(NULL, NULL, NULL, NULL); RSA_get0_key(rsa, NULL, NULL, NULL); RSA_get0_key(NULL, &n, &e, &d); AssertNull(n); AssertNull(e); AssertNull(d); AssertNotNull(d2i_RSAPrivateKey(&rsa, &der, derSz)); AssertNotNull(rsa); RSA_get0_key(rsa, NULL, NULL, NULL); RSA_get0_key(rsa, &n, NULL, NULL); AssertNotNull(n); RSA_get0_key(rsa, NULL, &e, NULL); AssertNotNull(e); RSA_get0_key(rsa, NULL, NULL, &d); AssertNotNull(d); RSA_get0_key(rsa, &n, &e, &d); AssertNotNull(n); AssertNotNull(e); AssertNotNull(d); RSA_free(rsa); } res = TEST_RES_CHECK(1); #endif return res; } static int test_wolfSSL_RSA_meth(void) { int res = TEST_SKIPPED; #if defined(OPENSSL_EXTRA) && !defined(NO_RSA) && !defined(HAVE_FAST_RSA) RSA *rsa; RSA_METHOD *rsa_meth; #ifdef WOLFSSL_KEY_GEN AssertNotNull(rsa = RSA_generate_key(2048, 3, NULL, NULL)); RSA_free(rsa); #else AssertNull(rsa = RSA_generate_key(2048, 3, NULL, NULL)); #endif AssertNotNull(RSA_get_default_method()); wolfSSL_RSA_meth_free(NULL); AssertNull(wolfSSL_RSA_meth_new(NULL, 0)); AssertNotNull(rsa_meth = RSA_meth_new("placeholder RSA method", RSA_METHOD_FLAG_NO_CHECK)); #ifndef NO_WOLFSSL_STUB AssertIntEQ(RSA_meth_set_pub_enc(rsa_meth, NULL), 1); AssertIntEQ(RSA_meth_set_pub_dec(rsa_meth, NULL), 1); AssertIntEQ(RSA_meth_set_priv_enc(rsa_meth, NULL), 1); AssertIntEQ(RSA_meth_set_priv_dec(rsa_meth, NULL), 1); AssertIntEQ(RSA_meth_set_init(rsa_meth, NULL), 1); AssertIntEQ(RSA_meth_set_finish(rsa_meth, NULL), 1); AssertIntEQ(RSA_meth_set0_app_data(rsa_meth, NULL), 1); #endif AssertIntEQ(RSA_flags(NULL), 0); RSA_set_flags(NULL, RSA_FLAG_CACHE_PUBLIC); RSA_clear_flags(NULL, RSA_FLAG_CACHE_PUBLIC); AssertIntEQ(RSA_test_flags(NULL, RSA_FLAG_CACHE_PUBLIC), 0); AssertNotNull(rsa = RSA_new()); /* No method set. */ AssertIntEQ(RSA_flags(rsa), 0); RSA_set_flags(rsa, RSA_FLAG_CACHE_PUBLIC); RSA_clear_flags(rsa, RSA_FLAG_CACHE_PUBLIC); AssertIntEQ(RSA_test_flags(rsa, RSA_FLAG_CACHE_PUBLIC), 0); AssertIntEQ(RSA_set_method(NULL, rsa_meth), 1); AssertIntEQ(RSA_set_method(rsa, rsa_meth), 1); AssertNull(RSA_get_method(NULL)); AssertPtrEq(RSA_get_method(rsa), rsa_meth); AssertIntEQ(RSA_flags(rsa), RSA_METHOD_FLAG_NO_CHECK); RSA_set_flags(rsa, RSA_FLAG_CACHE_PUBLIC); AssertIntNE(RSA_test_flags(rsa, RSA_FLAG_CACHE_PUBLIC), 0); AssertIntEQ(RSA_flags(rsa), RSA_FLAG_CACHE_PUBLIC | RSA_METHOD_FLAG_NO_CHECK); RSA_clear_flags(rsa, RSA_FLAG_CACHE_PUBLIC); AssertIntEQ(RSA_test_flags(rsa, RSA_FLAG_CACHE_PUBLIC), 0); AssertIntNE(RSA_flags(rsa), RSA_FLAG_CACHE_PUBLIC); /* rsa_meth is freed here */ RSA_free(rsa); res = TEST_RES_CHECK(1); #endif return res; } static int test_wolfSSL_RSA_verify(void) { int res = TEST_SKIPPED; #if defined(OPENSSL_EXTRA) && !defined(NO_RSA) && !defined(HAVE_FAST_RSA) && \ !defined(NO_FILESYSTEM) #ifndef NO_BIO XFILE fp; RSA *pKey, *pubKey; X509 *cert; const char *text = "Hello wolfSSL !"; unsigned char hash[SHA256_DIGEST_LENGTH]; unsigned char signature[2048/8]; unsigned int signatureLength; byte *buf; BIO *bio; SHA256_CTX c; EVP_PKEY *evpPkey, *evpPubkey; size_t sz; /* generate hash */ SHA256_Init(&c); SHA256_Update(&c, text, strlen(text)); SHA256_Final(hash, &c); #ifdef WOLFSSL_SMALL_STACK_CACHE /* workaround for small stack cache case */ wc_Sha256Free((wc_Sha256*)&c); #endif /* read privete key file */ fp = XFOPEN(svrKeyFile, "rb"); AssertTrue((fp != XBADFILE)); AssertIntEQ(XFSEEK(fp, 0, XSEEK_END), 0); sz = XFTELL(fp); AssertIntEQ(XFSEEK(fp, 0, XSEEK_SET), 0); AssertNotNull(buf = (byte*)XMALLOC(sz, NULL, DYNAMIC_TYPE_FILE)); AssertIntEQ(XFREAD(buf, 1, sz, fp), sz); XFCLOSE(fp); /* read private key and sign hash data */ AssertNotNull(bio = BIO_new_mem_buf(buf, (int)sz)); AssertNotNull(evpPkey = PEM_read_bio_PrivateKey(bio, NULL, NULL, NULL)); AssertNotNull(pKey = EVP_PKEY_get1_RSA(evpPkey)); AssertIntEQ(RSA_sign(NID_sha256, hash, SHA256_DIGEST_LENGTH, signature, &signatureLength, pKey), SSL_SUCCESS); /* read public key and verify signed data */ fp = XFOPEN(svrCertFile,"rb"); AssertTrue((fp != XBADFILE)); cert = PEM_read_X509(fp, 0, 0, 0 ); XFCLOSE(fp); evpPubkey = X509_get_pubkey(cert); pubKey = EVP_PKEY_get1_RSA(evpPubkey); AssertIntEQ(RSA_verify(NID_sha256, hash, SHA256_DIGEST_LENGTH, signature, signatureLength, pubKey), SSL_SUCCESS); AssertIntEQ(RSA_verify(NID_sha256, NULL, SHA256_DIGEST_LENGTH, NULL, signatureLength, NULL), SSL_FAILURE); AssertIntEQ(RSA_verify(NID_sha256, NULL, SHA256_DIGEST_LENGTH, signature, signatureLength, pubKey), SSL_FAILURE); AssertIntEQ(RSA_verify(NID_sha256, hash, SHA256_DIGEST_LENGTH, NULL, signatureLength, pubKey), SSL_FAILURE); AssertIntEQ(RSA_verify(NID_sha256, hash, SHA256_DIGEST_LENGTH, signature, signatureLength, NULL), SSL_FAILURE); RSA_free(pKey); EVP_PKEY_free(evpPkey); RSA_free(pubKey); EVP_PKEY_free(evpPubkey); X509_free(cert); BIO_free(bio); XFREE(buf, NULL, DYNAMIC_TYPE_FILE); res = TEST_RES_CHECK(1); #endif #endif return res; } static int test_wolfSSL_RSA_sign(void) { int res = TEST_SKIPPED; #if defined(OPENSSL_EXTRA) && !defined(NO_RSA) && !defined(HAVE_FAST_RSA) RSA *rsa; unsigned char hash[SHA256_DIGEST_LENGTH]; #ifdef USE_CERT_BUFFERS_1024 const unsigned char* privDer = client_key_der_1024; size_t privDerSz = sizeof_client_key_der_1024; const unsigned char* pubDer = client_keypub_der_1024; size_t pubDerSz = sizeof_client_keypub_der_1024; unsigned char signature[1024/8]; #else const unsigned char* privDer = client_key_der_2048; size_t privDerSz = sizeof_client_key_der_2048; const unsigned char* pubDer = client_keypub_der_2048; size_t pubDerSz = sizeof_client_keypub_der_2048; unsigned char signature[2048/8]; #endif unsigned int signatureLen; const unsigned char* der; XMEMSET(hash, 0, sizeof(hash)); der = privDer; rsa = NULL; AssertNotNull(d2i_RSAPrivateKey(&rsa, &der, privDerSz)); AssertIntEQ(RSA_sign(NID_rsaEncryption, NULL, 0, NULL, NULL, NULL), 0); AssertIntEQ(RSA_sign(NID_rsaEncryption, hash, sizeof(hash), signature, &signatureLen, rsa), 0); AssertIntEQ(RSA_sign(NID_sha256, NULL, sizeof(hash), signature, &signatureLen, rsa), 0); AssertIntEQ(RSA_sign(NID_sha256, hash, sizeof(hash), NULL, &signatureLen, rsa), 0); AssertIntEQ(RSA_sign(NID_sha256, hash, sizeof(hash), signature, NULL, rsa), 0); AssertIntEQ(RSA_sign(NID_sha256, hash, sizeof(hash), signature, &signatureLen, NULL), 0); AssertIntEQ(RSA_sign(NID_sha256, hash, sizeof(hash), signature, &signatureLen, rsa), 1); RSA_free(rsa); der = pubDer; rsa = NULL; AssertNotNull(d2i_RSAPublicKey(&rsa, &der, pubDerSz)); AssertIntEQ(RSA_verify(NID_sha256, hash, sizeof(hash), signature, signatureLen, rsa), 1); RSA_free(rsa); res = TEST_RES_CHECK(1); #endif return res; } static int test_wolfSSL_RSA_sign_ex(void) { int res = TEST_SKIPPED; #if defined(OPENSSL_EXTRA) && !defined(NO_RSA) && !defined(HAVE_FAST_RSA) RSA *rsa; unsigned char hash[SHA256_DIGEST_LENGTH]; #ifdef USE_CERT_BUFFERS_1024 const unsigned char* privDer = client_key_der_1024; size_t privDerSz = sizeof_client_key_der_1024; const unsigned char* pubDer = client_keypub_der_1024; size_t pubDerSz = sizeof_client_keypub_der_1024; unsigned char signature[1024/8]; #else const unsigned char* privDer = client_key_der_2048; size_t privDerSz = sizeof_client_key_der_2048; const unsigned char* pubDer = client_keypub_der_2048; size_t pubDerSz = sizeof_client_keypub_der_2048; unsigned char signature[2048/8]; #endif unsigned int signatureLen; const unsigned char* der; unsigned char encodedHash[51]; unsigned int encodedHashLen; const unsigned char expEncHash[] = { 0x30, 0x31, 0x30, 0x0d, 0x06, 0x09, 0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x02, 0x01, 0x05, 0x00, 0x04, 0x20, /* Hash data */ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, }; XMEMSET(hash, 0, sizeof(hash)); AssertNotNull(rsa = wolfSSL_RSA_new()); AssertIntEQ(wolfSSL_RSA_sign_ex(NID_sha256, hash, sizeof(hash), signature, &signatureLen, rsa, 1), 0); wolfSSL_RSA_free(rsa); der = privDer; rsa = NULL; AssertNotNull(d2i_RSAPrivateKey(&rsa, &der, privDerSz)); AssertIntEQ(wolfSSL_RSA_sign_ex(NID_rsaEncryption,NULL, 0, NULL, NULL, NULL, -1), 0); AssertIntEQ(wolfSSL_RSA_sign_ex(NID_rsaEncryption, hash, sizeof(hash), signature, &signatureLen, rsa, 1), 0); AssertIntEQ(wolfSSL_RSA_sign_ex(NID_sha256, NULL, sizeof(hash), signature, &signatureLen, rsa, 1), 0); AssertIntEQ(wolfSSL_RSA_sign_ex(NID_sha256, hash, sizeof(hash), NULL, &signatureLen, rsa, 1), 0); AssertIntEQ(wolfSSL_RSA_sign_ex(NID_sha256, hash, sizeof(hash), signature, NULL, rsa, 1), 0); AssertIntEQ(wolfSSL_RSA_sign_ex(NID_sha256, hash, sizeof(hash), signature, &signatureLen, NULL, 1), 0); AssertIntEQ(wolfSSL_RSA_sign_ex(NID_sha256, hash, sizeof(hash), signature, &signatureLen, rsa, -1), 0); AssertIntEQ(wolfSSL_RSA_sign_ex(NID_sha256, NULL, sizeof(hash), signature, &signatureLen, rsa, 0), 0); AssertIntEQ(wolfSSL_RSA_sign_ex(NID_sha256, hash, sizeof(hash), NULL, &signatureLen, rsa, 0), 0); AssertIntEQ(wolfSSL_RSA_sign_ex(NID_sha256, hash, sizeof(hash), signature, NULL, rsa, 0), 0); AssertIntEQ(wolfSSL_RSA_sign_ex(NID_sha256, hash, sizeof(hash), signature, &signatureLen, rsa, 1), 1); /* Test returning encoded hash. */ AssertIntEQ(wolfSSL_RSA_sign_ex(NID_sha256, hash, sizeof(hash), encodedHash, &encodedHashLen, rsa, 0), 1); AssertIntEQ(encodedHashLen, sizeof(expEncHash)); AssertIntEQ(XMEMCMP(encodedHash, expEncHash, sizeof(expEncHash)), 0); RSA_free(rsa); der = pubDer; rsa = NULL; AssertNotNull(d2i_RSAPublicKey(&rsa, &der, pubDerSz)); AssertIntEQ(RSA_verify(NID_sha256, hash, sizeof(hash), signature, signatureLen, rsa), 1); RSA_free(rsa); res = TEST_RES_CHECK(1); #endif return res; } static int test_wolfSSL_RSA_public_decrypt(void) { int res = TEST_SKIPPED; #if defined(OPENSSL_EXTRA) && !defined(NO_RSA) && !defined(HAVE_FAST_RSA) RSA *rsa; unsigned char msg[SHA256_DIGEST_LENGTH]; #ifdef USE_CERT_BUFFERS_1024 const unsigned char* pubDer = client_keypub_der_1024; size_t pubDerSz = sizeof_client_keypub_der_1024; unsigned char decMsg[1024/8]; const unsigned char encMsg[] = { 0x45, 0x8e, 0x6e, 0x7a, 0x9c, 0xe1, 0x67, 0x36, 0x72, 0xfc, 0x9d, 0x05, 0xdf, 0xc2, 0xaf, 0x54, 0xc5, 0x2f, 0x94, 0xb8, 0xc7, 0x82, 0x40, 0xfa, 0xa7, 0x8c, 0xb1, 0x89, 0x40, 0xc3, 0x59, 0x5a, 0x77, 0x08, 0x54, 0x93, 0x43, 0x7f, 0xc4, 0xb7, 0xc4, 0x78, 0xf1, 0xf8, 0xab, 0xbf, 0xc2, 0x81, 0x5d, 0x97, 0xea, 0x7a, 0x60, 0x90, 0x51, 0xb7, 0x47, 0x78, 0x48, 0x1e, 0x88, 0x6b, 0x89, 0xde, 0xce, 0x41, 0x41, 0xae, 0x49, 0xf6, 0xfd, 0x2d, 0x2d, 0x9c, 0x70, 0x7d, 0xf9, 0xcf, 0x77, 0x5f, 0x06, 0xc7, 0x20, 0xe3, 0x57, 0xd4, 0xd8, 0x1a, 0x96, 0xa2, 0x39, 0xb0, 0x6e, 0x8e, 0x68, 0xf8, 0x57, 0x7b, 0x26, 0x88, 0x17, 0xc4, 0xb7, 0xf1, 0x59, 0xfa, 0xb6, 0x95, 0xdd, 0x1e, 0xe8, 0xd8, 0x4e, 0xbd, 0xcd, 0x41, 0xad, 0xc7, 0xe2, 0x39, 0xb8, 0x00, 0xca, 0xf5, 0x59, 0xdf, 0xf8, 0x43 }; #if !defined(HAVE_SELFTEST) && (!defined(HAVE_FIPS) || \ (defined(HAVE_FIPS_VERSION) && HAVE_FIPS_VERSION > 2)) && \ defined(WC_RSA_NO_PADDING) const unsigned char encMsgNoPad[] = { 0x0d, 0x41, 0x5a, 0xc7, 0x60, 0xd7, 0xbe, 0xb6, 0x42, 0xd1, 0x65, 0xb1, 0x7e, 0x59, 0x54, 0xcc, 0x76, 0x62, 0xd0, 0x2f, 0x4d, 0xe3, 0x23, 0x62, 0xc8, 0x14, 0xfe, 0x5e, 0xa1, 0xc7, 0x05, 0xee, 0x9e, 0x28, 0x2e, 0xf5, 0xfd, 0xa4, 0xc0, 0x43, 0x55, 0xa2, 0x6b, 0x6b, 0x16, 0xa7, 0x63, 0x06, 0xa7, 0x78, 0x4f, 0xda, 0xae, 0x10, 0x6d, 0xd1, 0x2e, 0x1d, 0xbb, 0xbc, 0xc4, 0x1d, 0x82, 0xe4, 0xc6, 0x76, 0x77, 0xa6, 0x0a, 0xef, 0xd2, 0x89, 0xff, 0x30, 0x85, 0x22, 0xa0, 0x68, 0x88, 0x54, 0xa3, 0xd1, 0x92, 0xd1, 0x3f, 0x57, 0xe4, 0xc7, 0x43, 0x5a, 0x8b, 0xb3, 0x86, 0xaf, 0xd5, 0x6d, 0x07, 0xe1, 0xa0, 0x5f, 0xe1, 0x9a, 0x06, 0xba, 0x56, 0xd2, 0xb0, 0x73, 0xf5, 0xb3, 0xd0, 0x5f, 0xc0, 0xbf, 0x22, 0x4c, 0x54, 0x4e, 0x11, 0xe2, 0xc5, 0xf8, 0x66, 0x39, 0x9d, 0x70, 0x90, 0x31 }; #endif #else const unsigned char* pubDer = client_keypub_der_2048; size_t pubDerSz = sizeof_client_keypub_der_2048; unsigned char decMsg[2048/8]; const unsigned char encMsg[] = { 0x16, 0x5d, 0xbb, 0x00, 0x38, 0x73, 0x01, 0x34, 0xca, 0x59, 0xc6, 0x8b, 0x64, 0x70, 0x89, 0xf5, 0x50, 0x2d, 0x1d, 0x69, 0x1f, 0x07, 0x1e, 0x31, 0xae, 0x9b, 0xa6, 0x6e, 0xee, 0x80, 0xd9, 0x9e, 0x59, 0x33, 0x70, 0x30, 0x28, 0x42, 0x7d, 0x24, 0x36, 0x95, 0x6b, 0xf9, 0x0a, 0x23, 0xcb, 0xce, 0x66, 0xa5, 0x07, 0x5e, 0x11, 0xa7, 0xdc, 0xfb, 0xd9, 0xc2, 0x51, 0xf0, 0x05, 0xc9, 0x39, 0xb3, 0xae, 0xff, 0xfb, 0xe9, 0xb1, 0x9a, 0x54, 0xac, 0x1d, 0xca, 0x42, 0x1a, 0xfd, 0x7c, 0x97, 0xa0, 0x60, 0x2b, 0xcd, 0xb6, 0x36, 0x33, 0xfc, 0x44, 0x69, 0xf7, 0x2e, 0x8c, 0x3b, 0x5f, 0xb4, 0x9f, 0xa7, 0x02, 0x8f, 0x6d, 0x6b, 0x79, 0x10, 0x32, 0x7d, 0xf4, 0x5d, 0xa1, 0x63, 0x22, 0x59, 0xc4, 0x44, 0x8e, 0x44, 0x24, 0x8b, 0x14, 0x9d, 0x2b, 0xb5, 0xd3, 0xad, 0x9a, 0x87, 0x0d, 0xe7, 0x70, 0x6d, 0xe9, 0xae, 0xaa, 0x52, 0xbf, 0x1a, 0x9b, 0xc8, 0x3d, 0x45, 0x7c, 0xd1, 0x90, 0xe3, 0xd9, 0x57, 0xcf, 0xc3, 0x29, 0x69, 0x05, 0x07, 0x96, 0x2e, 0x46, 0x74, 0x0a, 0xa7, 0x76, 0x8b, 0xc0, 0x1c, 0x04, 0x80, 0x08, 0xa0, 0x94, 0x7e, 0xbb, 0x2d, 0x99, 0xe9, 0xab, 0x18, 0x4d, 0x48, 0x2d, 0x94, 0x5e, 0x50, 0x21, 0x42, 0xdf, 0xf5, 0x61, 0x42, 0x7d, 0x86, 0x5d, 0x9e, 0x89, 0xc9, 0x5b, 0x24, 0xab, 0xa1, 0xd8, 0x20, 0x45, 0xcb, 0x81, 0xcf, 0xc5, 0x25, 0x7d, 0x11, 0x6e, 0xbd, 0x80, 0xac, 0xba, 0xdc, 0xef, 0xb9, 0x05, 0x9c, 0xd5, 0xc2, 0x26, 0x57, 0x69, 0x8b, 0x08, 0x27, 0xc7, 0xea, 0xbe, 0xaf, 0x52, 0x21, 0x95, 0x9f, 0xa0, 0x2f, 0x2f, 0x53, 0x7c, 0x2f, 0xa3, 0x0b, 0x79, 0x39, 0x01, 0xa3, 0x37, 0x46, 0xa8, 0xc4, 0x34, 0x41, 0x20, 0x7c, 0x3f, 0x70, 0x9a, 0x47, 0xe8 }; #if !defined(HAVE_SELFTEST) && (!defined(HAVE_FIPS) || \ (defined(HAVE_FIPS_VERSION) && HAVE_FIPS_VERSION > 2)) && \ defined(WC_RSA_NO_PADDING) const unsigned char encMsgNoPad[] = { 0x79, 0x69, 0xdc, 0x0d, 0xff, 0x09, 0xeb, 0x91, 0xbc, 0xda, 0xe4, 0xd3, 0xcd, 0xd5, 0xd3, 0x1c, 0xb9, 0x66, 0xa8, 0x02, 0xf3, 0x75, 0x40, 0xf1, 0x38, 0x4a, 0x37, 0x7b, 0x19, 0xc8, 0xcd, 0xea, 0x79, 0xa8, 0x51, 0x32, 0x00, 0x3f, 0x4c, 0xde, 0xaa, 0xe5, 0xe2, 0x7c, 0x10, 0xcd, 0x6e, 0x00, 0xc6, 0xc4, 0x63, 0x98, 0x58, 0x9b, 0x38, 0xca, 0xf0, 0x5d, 0xc8, 0xf0, 0x57, 0xf6, 0x21, 0x50, 0x3f, 0x63, 0x05, 0x9f, 0xbf, 0xb6, 0x3b, 0x50, 0x85, 0x06, 0x34, 0x08, 0x57, 0xb9, 0x44, 0xce, 0xe4, 0x66, 0xbf, 0x0c, 0xfe, 0x36, 0xa4, 0x5b, 0xed, 0x2d, 0x7d, 0xed, 0xf1, 0xbd, 0xda, 0x3e, 0x19, 0x1f, 0x99, 0xc8, 0xe4, 0xc2, 0xbb, 0xb5, 0x6c, 0x83, 0x22, 0xd1, 0xe7, 0x57, 0xcf, 0x1b, 0x91, 0x0c, 0xa5, 0x47, 0x06, 0x71, 0x8f, 0x93, 0xf3, 0xad, 0xdb, 0xe3, 0xf8, 0xa0, 0x0b, 0xcd, 0x89, 0x4e, 0xa5, 0xb5, 0x03, 0x68, 0x61, 0x89, 0x0b, 0xe2, 0x03, 0x8b, 0x1f, 0x54, 0xae, 0x0f, 0xfa, 0xf0, 0xb7, 0x0f, 0x8c, 0x84, 0x35, 0x13, 0x8d, 0x65, 0x1f, 0x2c, 0xd5, 0xce, 0xc4, 0x6c, 0x98, 0x67, 0xe4, 0x1a, 0x85, 0x67, 0x69, 0x17, 0x17, 0x5a, 0x5d, 0xfd, 0x23, 0xdd, 0x03, 0x3f, 0x6d, 0x7a, 0xb6, 0x8b, 0x99, 0xc0, 0xb6, 0x70, 0x86, 0xac, 0xf6, 0x02, 0xc2, 0x28, 0x42, 0xed, 0x06, 0xcf, 0xca, 0x3d, 0x07, 0x16, 0xf0, 0x0e, 0x04, 0x55, 0x1e, 0x59, 0x3f, 0x32, 0xc7, 0x12, 0xc5, 0x0d, 0x9d, 0x64, 0x7d, 0x2e, 0xd4, 0xbc, 0x8c, 0x24, 0x42, 0x94, 0x2b, 0xf6, 0x11, 0x7f, 0xb1, 0x1c, 0x09, 0x12, 0x6f, 0x5e, 0x2e, 0x7a, 0xc6, 0x01, 0xe0, 0x98, 0x31, 0xb7, 0x13, 0x03, 0xce, 0x29, 0xe1, 0xef, 0x9d, 0xdf, 0x9b, 0xa5, 0xba, 0x0b, 0xad, 0xf2, 0xeb, 0x2f, 0xf9, 0xd1 }; #endif #endif const unsigned char* der; #if !defined(HAVE_SELFTEST) && (!defined(HAVE_FIPS) || \ (defined(HAVE_FIPS_VERSION) && HAVE_FIPS_VERSION > 2)) && \ defined(WC_RSA_NO_PADDING) int i; #endif XMEMSET(msg, 0, sizeof(msg)); der = pubDer; rsa = NULL; AssertNotNull(d2i_RSAPublicKey(&rsa, &der, pubDerSz)); AssertIntEQ(RSA_public_decrypt(0, NULL, NULL, NULL, 0), -1); AssertIntEQ(RSA_public_decrypt(-1, encMsg, decMsg, rsa, RSA_PKCS1_PADDING), -1); AssertIntEQ(RSA_public_decrypt(sizeof(encMsg), NULL, decMsg, rsa, RSA_PKCS1_PADDING), -1); AssertIntEQ(RSA_public_decrypt(sizeof(encMsg), encMsg, NULL, rsa, RSA_PKCS1_PADDING), -1); AssertIntEQ(RSA_public_decrypt(sizeof(encMsg), encMsg, decMsg, NULL, RSA_PKCS1_PADDING), -1); AssertIntEQ(RSA_public_decrypt(sizeof(encMsg), encMsg, decMsg, rsa, RSA_PKCS1_PSS_PADDING), -1); AssertIntEQ(RSA_public_decrypt(sizeof(encMsg), encMsg, decMsg, rsa, RSA_PKCS1_PADDING), 32); AssertIntEQ(XMEMCMP(decMsg, msg, sizeof(msg)), 0); #if !defined(HAVE_SELFTEST) && (!defined(HAVE_FIPS) || \ (defined(HAVE_FIPS_VERSION) && HAVE_FIPS_VERSION > 2)) && \ defined(WC_RSA_NO_PADDING) AssertIntEQ(RSA_public_decrypt(sizeof(encMsgNoPad), encMsgNoPad, decMsg, rsa, RSA_NO_PADDING), sizeof(decMsg)); /* Zeros before actual data. */ for (i = 0; i < (int)(sizeof(decMsg) - sizeof(msg)); i += sizeof(msg)) { AssertIntEQ(XMEMCMP(decMsg + i, msg, sizeof(msg)), 0); } /* Check actual data. */ XMEMSET(msg, 0x01, sizeof(msg)); AssertIntEQ(XMEMCMP(decMsg + i, msg, sizeof(msg)), 0); #endif RSA_free(rsa); res = TEST_RES_CHECK(1); #endif return res; } static int test_wolfSSL_RSA_private_encrypt(void) { int res = TEST_SKIPPED; #if defined(OPENSSL_EXTRA) && !defined(NO_RSA) && !defined(HAVE_FAST_RSA) RSA *rsa; unsigned char msg[SHA256_DIGEST_LENGTH]; #ifdef USE_CERT_BUFFERS_1024 const unsigned char* privDer = client_key_der_1024; size_t privDerSz = sizeof_client_key_der_1024; unsigned char encMsg[1024/8]; const unsigned char expEncMsg[] = { 0x45, 0x8e, 0x6e, 0x7a, 0x9c, 0xe1, 0x67, 0x36, 0x72, 0xfc, 0x9d, 0x05, 0xdf, 0xc2, 0xaf, 0x54, 0xc5, 0x2f, 0x94, 0xb8, 0xc7, 0x82, 0x40, 0xfa, 0xa7, 0x8c, 0xb1, 0x89, 0x40, 0xc3, 0x59, 0x5a, 0x77, 0x08, 0x54, 0x93, 0x43, 0x7f, 0xc4, 0xb7, 0xc4, 0x78, 0xf1, 0xf8, 0xab, 0xbf, 0xc2, 0x81, 0x5d, 0x97, 0xea, 0x7a, 0x60, 0x90, 0x51, 0xb7, 0x47, 0x78, 0x48, 0x1e, 0x88, 0x6b, 0x89, 0xde, 0xce, 0x41, 0x41, 0xae, 0x49, 0xf6, 0xfd, 0x2d, 0x2d, 0x9c, 0x70, 0x7d, 0xf9, 0xcf, 0x77, 0x5f, 0x06, 0xc7, 0x20, 0xe3, 0x57, 0xd4, 0xd8, 0x1a, 0x96, 0xa2, 0x39, 0xb0, 0x6e, 0x8e, 0x68, 0xf8, 0x57, 0x7b, 0x26, 0x88, 0x17, 0xc4, 0xb7, 0xf1, 0x59, 0xfa, 0xb6, 0x95, 0xdd, 0x1e, 0xe8, 0xd8, 0x4e, 0xbd, 0xcd, 0x41, 0xad, 0xc7, 0xe2, 0x39, 0xb8, 0x00, 0xca, 0xf5, 0x59, 0xdf, 0xf8, 0x43 }; #ifdef WC_RSA_NO_PADDING const unsigned char expEncMsgNoPad[] = { 0x0d, 0x41, 0x5a, 0xc7, 0x60, 0xd7, 0xbe, 0xb6, 0x42, 0xd1, 0x65, 0xb1, 0x7e, 0x59, 0x54, 0xcc, 0x76, 0x62, 0xd0, 0x2f, 0x4d, 0xe3, 0x23, 0x62, 0xc8, 0x14, 0xfe, 0x5e, 0xa1, 0xc7, 0x05, 0xee, 0x9e, 0x28, 0x2e, 0xf5, 0xfd, 0xa4, 0xc0, 0x43, 0x55, 0xa2, 0x6b, 0x6b, 0x16, 0xa7, 0x63, 0x06, 0xa7, 0x78, 0x4f, 0xda, 0xae, 0x10, 0x6d, 0xd1, 0x2e, 0x1d, 0xbb, 0xbc, 0xc4, 0x1d, 0x82, 0xe4, 0xc6, 0x76, 0x77, 0xa6, 0x0a, 0xef, 0xd2, 0x89, 0xff, 0x30, 0x85, 0x22, 0xa0, 0x68, 0x88, 0x54, 0xa3, 0xd1, 0x92, 0xd1, 0x3f, 0x57, 0xe4, 0xc7, 0x43, 0x5a, 0x8b, 0xb3, 0x86, 0xaf, 0xd5, 0x6d, 0x07, 0xe1, 0xa0, 0x5f, 0xe1, 0x9a, 0x06, 0xba, 0x56, 0xd2, 0xb0, 0x73, 0xf5, 0xb3, 0xd0, 0x5f, 0xc0, 0xbf, 0x22, 0x4c, 0x54, 0x4e, 0x11, 0xe2, 0xc5, 0xf8, 0x66, 0x39, 0x9d, 0x70, 0x90, 0x31 }; #endif #else const unsigned char* privDer = client_key_der_2048; size_t privDerSz = sizeof_client_key_der_2048; unsigned char encMsg[2048/8]; const unsigned char expEncMsg[] = { 0x16, 0x5d, 0xbb, 0x00, 0x38, 0x73, 0x01, 0x34, 0xca, 0x59, 0xc6, 0x8b, 0x64, 0x70, 0x89, 0xf5, 0x50, 0x2d, 0x1d, 0x69, 0x1f, 0x07, 0x1e, 0x31, 0xae, 0x9b, 0xa6, 0x6e, 0xee, 0x80, 0xd9, 0x9e, 0x59, 0x33, 0x70, 0x30, 0x28, 0x42, 0x7d, 0x24, 0x36, 0x95, 0x6b, 0xf9, 0x0a, 0x23, 0xcb, 0xce, 0x66, 0xa5, 0x07, 0x5e, 0x11, 0xa7, 0xdc, 0xfb, 0xd9, 0xc2, 0x51, 0xf0, 0x05, 0xc9, 0x39, 0xb3, 0xae, 0xff, 0xfb, 0xe9, 0xb1, 0x9a, 0x54, 0xac, 0x1d, 0xca, 0x42, 0x1a, 0xfd, 0x7c, 0x97, 0xa0, 0x60, 0x2b, 0xcd, 0xb6, 0x36, 0x33, 0xfc, 0x44, 0x69, 0xf7, 0x2e, 0x8c, 0x3b, 0x5f, 0xb4, 0x9f, 0xa7, 0x02, 0x8f, 0x6d, 0x6b, 0x79, 0x10, 0x32, 0x7d, 0xf4, 0x5d, 0xa1, 0x63, 0x22, 0x59, 0xc4, 0x44, 0x8e, 0x44, 0x24, 0x8b, 0x14, 0x9d, 0x2b, 0xb5, 0xd3, 0xad, 0x9a, 0x87, 0x0d, 0xe7, 0x70, 0x6d, 0xe9, 0xae, 0xaa, 0x52, 0xbf, 0x1a, 0x9b, 0xc8, 0x3d, 0x45, 0x7c, 0xd1, 0x90, 0xe3, 0xd9, 0x57, 0xcf, 0xc3, 0x29, 0x69, 0x05, 0x07, 0x96, 0x2e, 0x46, 0x74, 0x0a, 0xa7, 0x76, 0x8b, 0xc0, 0x1c, 0x04, 0x80, 0x08, 0xa0, 0x94, 0x7e, 0xbb, 0x2d, 0x99, 0xe9, 0xab, 0x18, 0x4d, 0x48, 0x2d, 0x94, 0x5e, 0x50, 0x21, 0x42, 0xdf, 0xf5, 0x61, 0x42, 0x7d, 0x86, 0x5d, 0x9e, 0x89, 0xc9, 0x5b, 0x24, 0xab, 0xa1, 0xd8, 0x20, 0x45, 0xcb, 0x81, 0xcf, 0xc5, 0x25, 0x7d, 0x11, 0x6e, 0xbd, 0x80, 0xac, 0xba, 0xdc, 0xef, 0xb9, 0x05, 0x9c, 0xd5, 0xc2, 0x26, 0x57, 0x69, 0x8b, 0x08, 0x27, 0xc7, 0xea, 0xbe, 0xaf, 0x52, 0x21, 0x95, 0x9f, 0xa0, 0x2f, 0x2f, 0x53, 0x7c, 0x2f, 0xa3, 0x0b, 0x79, 0x39, 0x01, 0xa3, 0x37, 0x46, 0xa8, 0xc4, 0x34, 0x41, 0x20, 0x7c, 0x3f, 0x70, 0x9a, 0x47, 0xe8 }; #ifdef WC_RSA_NO_PADDING const unsigned char expEncMsgNoPad[] = { 0x79, 0x69, 0xdc, 0x0d, 0xff, 0x09, 0xeb, 0x91, 0xbc, 0xda, 0xe4, 0xd3, 0xcd, 0xd5, 0xd3, 0x1c, 0xb9, 0x66, 0xa8, 0x02, 0xf3, 0x75, 0x40, 0xf1, 0x38, 0x4a, 0x37, 0x7b, 0x19, 0xc8, 0xcd, 0xea, 0x79, 0xa8, 0x51, 0x32, 0x00, 0x3f, 0x4c, 0xde, 0xaa, 0xe5, 0xe2, 0x7c, 0x10, 0xcd, 0x6e, 0x00, 0xc6, 0xc4, 0x63, 0x98, 0x58, 0x9b, 0x38, 0xca, 0xf0, 0x5d, 0xc8, 0xf0, 0x57, 0xf6, 0x21, 0x50, 0x3f, 0x63, 0x05, 0x9f, 0xbf, 0xb6, 0x3b, 0x50, 0x85, 0x06, 0x34, 0x08, 0x57, 0xb9, 0x44, 0xce, 0xe4, 0x66, 0xbf, 0x0c, 0xfe, 0x36, 0xa4, 0x5b, 0xed, 0x2d, 0x7d, 0xed, 0xf1, 0xbd, 0xda, 0x3e, 0x19, 0x1f, 0x99, 0xc8, 0xe4, 0xc2, 0xbb, 0xb5, 0x6c, 0x83, 0x22, 0xd1, 0xe7, 0x57, 0xcf, 0x1b, 0x91, 0x0c, 0xa5, 0x47, 0x06, 0x71, 0x8f, 0x93, 0xf3, 0xad, 0xdb, 0xe3, 0xf8, 0xa0, 0x0b, 0xcd, 0x89, 0x4e, 0xa5, 0xb5, 0x03, 0x68, 0x61, 0x89, 0x0b, 0xe2, 0x03, 0x8b, 0x1f, 0x54, 0xae, 0x0f, 0xfa, 0xf0, 0xb7, 0x0f, 0x8c, 0x84, 0x35, 0x13, 0x8d, 0x65, 0x1f, 0x2c, 0xd5, 0xce, 0xc4, 0x6c, 0x98, 0x67, 0xe4, 0x1a, 0x85, 0x67, 0x69, 0x17, 0x17, 0x5a, 0x5d, 0xfd, 0x23, 0xdd, 0x03, 0x3f, 0x6d, 0x7a, 0xb6, 0x8b, 0x99, 0xc0, 0xb6, 0x70, 0x86, 0xac, 0xf6, 0x02, 0xc2, 0x28, 0x42, 0xed, 0x06, 0xcf, 0xca, 0x3d, 0x07, 0x16, 0xf0, 0x0e, 0x04, 0x55, 0x1e, 0x59, 0x3f, 0x32, 0xc7, 0x12, 0xc5, 0x0d, 0x9d, 0x64, 0x7d, 0x2e, 0xd4, 0xbc, 0x8c, 0x24, 0x42, 0x94, 0x2b, 0xf6, 0x11, 0x7f, 0xb1, 0x1c, 0x09, 0x12, 0x6f, 0x5e, 0x2e, 0x7a, 0xc6, 0x01, 0xe0, 0x98, 0x31, 0xb7, 0x13, 0x03, 0xce, 0x29, 0xe1, 0xef, 0x9d, 0xdf, 0x9b, 0xa5, 0xba, 0x0b, 0xad, 0xf2, 0xeb, 0x2f, 0xf9, 0xd1 }; #endif #endif const unsigned char* der; XMEMSET(msg, 0x00, sizeof(msg)); der = privDer; rsa = NULL; AssertNotNull(d2i_RSAPrivateKey(&rsa, &der, privDerSz)); AssertIntEQ(RSA_private_encrypt(0, NULL, NULL, NULL, 0), -1); AssertIntEQ(RSA_private_encrypt(0, msg, encMsg, rsa, RSA_PKCS1_PADDING), -1); AssertIntEQ(RSA_private_encrypt(sizeof(msg), NULL, encMsg, rsa, RSA_PKCS1_PADDING), -1); AssertIntEQ(RSA_private_encrypt(sizeof(msg), msg, NULL, rsa, RSA_PKCS1_PADDING), -1); AssertIntEQ(RSA_private_encrypt(sizeof(msg), msg, encMsg, NULL, RSA_PKCS1_PADDING), -1); AssertIntEQ(RSA_private_encrypt(sizeof(msg), msg, encMsg, rsa, RSA_PKCS1_PSS_PADDING), -1); AssertIntEQ(RSA_private_encrypt(sizeof(msg), msg, encMsg, rsa, RSA_PKCS1_PADDING), sizeof(encMsg)); AssertIntEQ(XMEMCMP(encMsg, expEncMsg, sizeof(expEncMsg)), 0); #ifdef WC_RSA_NO_PADDING /* Non-zero message. */ XMEMSET(msg, 0x01, sizeof(msg)); AssertIntEQ(RSA_private_encrypt(sizeof(msg), msg, encMsg, rsa, RSA_NO_PADDING), sizeof(encMsg)); AssertIntEQ(XMEMCMP(encMsg, expEncMsgNoPad, sizeof(expEncMsgNoPad)), 0); #endif RSA_free(rsa); res = TEST_RES_CHECK(1); #endif return res; } static int test_wolfSSL_RSA_public_encrypt(void) { int res = TEST_SKIPPED; #if defined(OPENSSL_EXTRA) && !defined(NO_RSA) && !defined(HAVE_FAST_RSA) RSA* rsa; const unsigned char msg[2048/8] = { 0 }; unsigned char encMsg[2048/8]; AssertNotNull(rsa = RSA_new()); AssertIntEQ(RSA_public_encrypt(-1, msg, encMsg, rsa, RSA_PKCS1_PADDING), -1); AssertIntEQ(RSA_public_encrypt(sizeof(msg), NULL, encMsg, rsa, RSA_PKCS1_PADDING), -1); AssertIntEQ(RSA_public_encrypt(sizeof(msg), msg, NULL, rsa, RSA_PKCS1_PADDING), -1); AssertIntEQ(RSA_public_encrypt(sizeof(msg), msg, encMsg, NULL, RSA_PKCS1_PADDING), -1); AssertIntEQ(RSA_public_encrypt(sizeof(msg), msg, encMsg, rsa, RSA_PKCS1_PSS_PADDING), -1); /* Empty RSA key. */ AssertIntEQ(RSA_public_encrypt(sizeof(msg), msg, encMsg, rsa, RSA_PKCS1_PADDING), -1); RSA_free(rsa); res = TEST_RES_CHECK(1); #endif return res; } static int test_wolfSSL_RSA_private_decrypt(void) { int res = TEST_SKIPPED; #if defined(OPENSSL_EXTRA) && !defined(NO_RSA) && !defined(HAVE_FAST_RSA) RSA* rsa; unsigned char msg[2048/8]; const unsigned char encMsg[2048/8] = { 0 }; AssertNotNull(rsa = RSA_new()); AssertIntEQ(RSA_private_decrypt(-1, encMsg, msg, rsa, RSA_PKCS1_PADDING), -1); AssertIntEQ(RSA_private_decrypt(sizeof(encMsg), NULL, msg, rsa, RSA_PKCS1_PADDING), -1); AssertIntEQ(RSA_private_decrypt(sizeof(encMsg), encMsg, NULL, rsa, RSA_PKCS1_PADDING), -1); AssertIntEQ(RSA_private_decrypt(sizeof(encMsg), encMsg, msg, NULL, RSA_PKCS1_PADDING), -1); AssertIntEQ(RSA_private_decrypt(sizeof(encMsg), encMsg, msg, rsa, RSA_PKCS1_PSS_PADDING), -1); /* Empty RSA key. */ AssertIntEQ(RSA_private_decrypt(sizeof(encMsg), encMsg, msg, rsa, RSA_PKCS1_PADDING), -1); RSA_free(rsa); res = TEST_RES_CHECK(1); #endif return res; } static int test_wolfSSL_RSA_GenAdd(void) { int res = TEST_SKIPPED; #if defined(OPENSSL_EXTRA) && !defined(NO_RSA) RSA *rsa; #ifdef USE_CERT_BUFFERS_1024 const unsigned char* privDer = client_key_der_1024; size_t privDerSz = sizeof_client_key_der_1024; const unsigned char* pubDer = client_keypub_der_1024; size_t pubDerSz = sizeof_client_keypub_der_1024; #else const unsigned char* privDer = client_key_der_2048; size_t privDerSz = sizeof_client_key_der_2048; const unsigned char* pubDer = client_keypub_der_2048; size_t pubDerSz = sizeof_client_keypub_der_2048; #endif const unsigned char* der; der = privDer; rsa = NULL; AssertNotNull(d2i_RSAPrivateKey(&rsa, &der, privDerSz)); AssertIntEQ(wolfSSL_RSA_GenAdd(NULL), -1); #ifndef RSA_LOW_MEM AssertIntEQ(wolfSSL_RSA_GenAdd(rsa), 1); #else /* dmp1 and dmq1 are not set (allocated) when RSA_LOW_MEM. */ AssertIntEQ(wolfSSL_RSA_GenAdd(rsa), -1); #endif RSA_free(rsa); der = pubDer; rsa = NULL; AssertNotNull(d2i_RSAPublicKey(&rsa, &der, pubDerSz)); /* Need private values. */ AssertIntEQ(wolfSSL_RSA_GenAdd(rsa), -1); RSA_free(rsa); res = TEST_RES_CHECK(1); #endif return res; } static int test_wolfSSL_RSA_blinding_on(void) { int res = TEST_SKIPPED; #if defined(OPENSSL_EXTRA) && !defined(NO_RSA) && !defined(NO_WOLFSSL_STUB) RSA *rsa; WOLFSSL_BN_CTX *bnCtx; #ifdef USE_CERT_BUFFERS_1024 const unsigned char* privDer = client_key_der_1024; size_t privDerSz = sizeof_client_key_der_1024; #else const unsigned char* privDer = client_key_der_2048; size_t privDerSz = sizeof_client_key_der_2048; #endif const unsigned char* der; der = privDer; rsa = NULL; AssertNotNull(d2i_RSAPrivateKey(&rsa, &der, privDerSz)); AssertNotNull(bnCtx = wolfSSL_BN_CTX_new()); /* Does nothing so all parameters are valid. */ AssertIntEQ(wolfSSL_RSA_blinding_on(NULL, NULL), 1); AssertIntEQ(wolfSSL_RSA_blinding_on(rsa, NULL), 1); AssertIntEQ(wolfSSL_RSA_blinding_on(NULL, bnCtx), 1); AssertIntEQ(wolfSSL_RSA_blinding_on(rsa, bnCtx), 1); wolfSSL_BN_CTX_free(bnCtx); RSA_free(rsa); res = TEST_RES_CHECK(1); #endif return res; } static int test_wolfSSL_RSA_ex_data(void) { int res = TEST_SKIPPED; #if !defined(NO_RSA) && defined(OPENSSL_EXTRA) RSA* rsa; unsigned char data[1]; rsa = RSA_new(); AssertNull(wolfSSL_RSA_get_ex_data(NULL, 0)); AssertNull(wolfSSL_RSA_get_ex_data(rsa, 0)); #ifdef MAX_EX_DATA AssertNull(wolfSSL_RSA_get_ex_data(rsa, MAX_EX_DATA)); AssertIntEQ(wolfSSL_RSA_set_ex_data(rsa, MAX_EX_DATA, data), 0); #endif AssertIntEQ(wolfSSL_RSA_set_ex_data(NULL, 0, NULL), 0); AssertIntEQ(wolfSSL_RSA_set_ex_data(NULL, 0, data), 0); #ifdef HAVE_EX_DATA AssertIntEQ(wolfSSL_RSA_set_ex_data(rsa, 0, NULL), 1); AssertIntEQ(wolfSSL_RSA_set_ex_data(rsa, 0, data), 1); AssertPtrEq(wolfSSL_RSA_get_ex_data(rsa, 0), data); #else AssertIntEQ(wolfSSL_RSA_set_ex_data(rsa, 0, NULL), 0); AssertIntEQ(wolfSSL_RSA_set_ex_data(rsa, 0, data), 0); AssertNull(wolfSSL_RSA_get_ex_data(rsa, 0)); #endif RSA_free(rsa); res = TEST_RES_CHECK(1); #endif /* !NO_RSA && OPENSSL_EXTRA */ return res; } static int test_wolfSSL_RSA_LoadDer(void) { int res = TEST_SKIPPED; #if !defined(NO_RSA) && (defined(OPENSSL_EXTRA) || \ defined(OPENSSL_EXTRA_X509_SMALL)) RSA *rsa; #ifdef USE_CERT_BUFFERS_1024 const unsigned char* privDer = client_key_der_1024; size_t privDerSz = sizeof_client_key_der_1024; #else const unsigned char* privDer = client_key_der_2048; size_t privDerSz = sizeof_client_key_der_2048; #endif AssertNotNull(rsa = RSA_new()); AssertIntEQ(wolfSSL_RSA_LoadDer(NULL, privDer, (int)privDerSz), -1); AssertIntEQ(wolfSSL_RSA_LoadDer(rsa, NULL, (int)privDerSz), -1); AssertIntEQ(wolfSSL_RSA_LoadDer(rsa, privDer, 0), -1); AssertIntEQ(wolfSSL_RSA_LoadDer(rsa, privDer, (int)privDerSz), 1); RSA_free(rsa); res = TEST_RES_CHECK(1); #endif /* !NO_RSA && OPENSSL_EXTRA */ return res; } /* Local API. */ static int test_wolfSSL_RSA_To_Der(void) { int res = TEST_SKIPPED; #ifdef WOLFSSL_TEST_STATIC_BUILD #if defined(WOLFSSL_KEY_GEN) && !defined(HAVE_USER_RSA) && \ defined(OPENSSL_EXTRA) && !defined(NO_RSA) RSA* rsa; #ifdef USE_CERT_BUFFERS_1024 const unsigned char* privDer = client_key_der_1024; size_t privDerSz = sizeof_client_key_der_1024; const unsigned char* pubDer = client_keypub_der_1024; size_t pubDerSz = sizeof_client_keypub_der_1024; unsigned char out[sizeof(client_key_der_1024)]; #else const unsigned char* privDer = client_key_der_2048; size_t privDerSz = sizeof_client_key_der_2048; const unsigned char* pubDer = client_keypub_der_2048; size_t pubDerSz = sizeof_client_keypub_der_2048; unsigned char out[sizeof(client_key_der_2048)]; #endif const unsigned char* der; unsigned char* outDer = NULL; der = privDer; rsa = NULL; AssertNotNull(wolfSSL_d2i_RSAPrivateKey(&rsa, &der, privDerSz)); AssertIntEQ(wolfSSL_RSA_To_Der(NULL, &outDer, 0, HEAP_HINT), BAD_FUNC_ARG); AssertIntEQ(wolfSSL_RSA_To_Der(rsa, &outDer, 2, HEAP_HINT), BAD_FUNC_ARG); AssertIntEQ(wolfSSL_RSA_To_Der(rsa, NULL, 0, HEAP_HINT), privDerSz); outDer = out; AssertIntEQ(wolfSSL_RSA_To_Der(rsa, &outDer, 0, HEAP_HINT), privDerSz); AssertIntEQ(XMEMCMP(out, privDer, privDerSz), 0); outDer = NULL; AssertIntEQ(wolfSSL_RSA_To_Der(rsa, &outDer, 0, HEAP_HINT), privDerSz); AssertNotNull(outDer); AssertIntEQ(XMEMCMP(outDer, privDer, privDerSz), 0); XFREE(outDer, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); AssertIntEQ(wolfSSL_RSA_To_Der(rsa, NULL, 1, HEAP_HINT), pubDerSz); outDer = out; AssertIntEQ(wolfSSL_RSA_To_Der(rsa, &outDer, 1, HEAP_HINT), pubDerSz); AssertIntEQ(XMEMCMP(out, pubDer, pubDerSz), 0); RSA_free(rsa); AssertNotNull(rsa = RSA_new()); AssertIntEQ(wolfSSL_RSA_To_Der(rsa, &outDer, 0, HEAP_HINT), BAD_FUNC_ARG); AssertIntEQ(wolfSSL_RSA_To_Der(rsa, &outDer, 1, HEAP_HINT), BAD_FUNC_ARG); RSA_free(rsa); der = pubDer; rsa = NULL; AssertNotNull(wolfSSL_d2i_RSAPublicKey(&rsa, &der, pubDerSz)); AssertIntEQ(wolfSSL_RSA_To_Der(rsa, &outDer, 0, HEAP_HINT), BAD_FUNC_ARG); RSA_free(rsa); res = TEST_RES_CHECK(1); #endif #endif return res; } /* wolfSSL_PEM_read_RSAPublicKey is a stub function. */ static int test_wolfSSL_PEM_read_RSAPublicKey(void) { int res = TEST_SKIPPED; #if !defined(NO_RSA) && defined(OPENSSL_EXTRA) && !defined(NO_FILESYSTEM) XFILE file; const char* fname = "./certs/server-keyPub.pem"; RSA *rsa; AssertNull(wolfSSL_PEM_read_RSAPublicKey(XBADFILE, NULL, NULL, NULL)); file = XFOPEN(fname, "rb"); AssertTrue((file != XBADFILE)); AssertNotNull((rsa = PEM_read_RSA_PUBKEY(file, NULL, NULL, NULL))); AssertIntEQ(RSA_size(rsa), 256); RSA_free(rsa); XFCLOSE(file); res = TEST_RES_CHECK(1); #endif return res; } /* wolfSSL_PEM_read_RSAPublicKey is a stub function. */ static int test_wolfSSL_PEM_write_RSA_PUBKEY(void) { int res = TEST_SKIPPED; #if !defined(NO_RSA) && defined(OPENSSL_EXTRA) && !defined(NO_FILESYSTEM) && \ defined(WOLFSSL_KEY_GEN) && !defined(HAVE_USER_RSA) RSA* rsa = NULL; AssertIntEQ(wolfSSL_PEM_write_RSA_PUBKEY(XBADFILE, NULL), 0); AssertIntEQ(wolfSSL_PEM_write_RSA_PUBKEY(stderr, NULL), 0); /* Valid but stub so returns 0. */ AssertIntEQ(wolfSSL_PEM_write_RSA_PUBKEY(stderr, rsa), 0); res = TEST_RES_CHECK(1); #endif return res; } static int test_wolfSSL_PEM_write_RSAPrivateKey(void) { int res = TEST_SKIPPED; #if !defined(NO_RSA) && defined(OPENSSL_EXTRA) && defined(WOLFSSL_KEY_GEN) && \ !defined(HAVE_USER_RSA) && (defined(WOLFSSL_PEM_TO_DER) || \ defined(WOLFSSL_DER_TO_PEM)) && !defined(NO_FILESYSTEM) RSA* rsa; #ifdef USE_CERT_BUFFERS_1024 const unsigned char* privDer = client_key_der_1024; size_t privDerSz = sizeof_client_key_der_1024; #else const unsigned char* privDer = client_key_der_2048; size_t privDerSz = sizeof_client_key_der_2048; #endif const unsigned char* der; #ifndef NO_AES unsigned char passwd[] = "password"; #endif AssertNotNull(rsa = RSA_new()); AssertIntEQ(wolfSSL_PEM_write_RSAPrivateKey(stderr, rsa, NULL, NULL, 0, NULL, NULL), 0); RSA_free(rsa); der = privDer; rsa = NULL; AssertNotNull(wolfSSL_d2i_RSAPrivateKey(&rsa, &der, privDerSz)); AssertIntEQ(wolfSSL_PEM_write_RSAPrivateKey(XBADFILE, rsa, NULL, NULL, 0, NULL, NULL), 0); AssertIntEQ(wolfSSL_PEM_write_RSAPrivateKey(stderr, NULL, NULL, NULL, 0, NULL, NULL), 0); AssertIntEQ(wolfSSL_PEM_write_RSAPrivateKey(stderr, rsa, NULL, NULL, 0, NULL, NULL), 1); #ifndef NO_AES AssertIntEQ(wolfSSL_PEM_write_RSAPrivateKey(stderr, rsa, EVP_aes_128_cbc(), NULL, 0, NULL, NULL), 1); AssertIntEQ(wolfSSL_PEM_write_RSAPrivateKey(stderr, rsa, EVP_aes_128_cbc(), passwd, sizeof(passwd) - 1, NULL, NULL), 1); #endif RSA_free(rsa); res = TEST_RES_CHECK(1); #endif return res; } static int test_wolfSSL_PEM_write_mem_RSAPrivateKey(void) { int res = TEST_SKIPPED; #if !defined(NO_RSA) && defined(OPENSSL_EXTRA) && defined(WOLFSSL_KEY_GEN) && \ !defined(HAVE_USER_RSA) && (defined(WOLFSSL_PEM_TO_DER) || \ defined(WOLFSSL_DER_TO_PEM)) RSA* rsa; #ifdef USE_CERT_BUFFERS_1024 const unsigned char* privDer = client_key_der_1024; size_t privDerSz = sizeof_client_key_der_1024; #else const unsigned char* privDer = client_key_der_2048; size_t privDerSz = sizeof_client_key_der_2048; #endif const unsigned char* der; #ifndef NO_AES unsigned char passwd[] = "password"; #endif unsigned char* pem; int plen; AssertNotNull(rsa = RSA_new()); AssertIntEQ(wolfSSL_PEM_write_mem_RSAPrivateKey(rsa, NULL, NULL, 0, &pem, &plen), 0); RSA_free(rsa); der = privDer; rsa = NULL; AssertNotNull(wolfSSL_d2i_RSAPrivateKey(&rsa, &der, privDerSz)); AssertIntEQ(wolfSSL_PEM_write_mem_RSAPrivateKey(NULL, NULL, NULL, 0, &pem, &plen), 0); AssertIntEQ(wolfSSL_PEM_write_mem_RSAPrivateKey(rsa, NULL, NULL, 0, NULL, &plen), 0); AssertIntEQ(wolfSSL_PEM_write_mem_RSAPrivateKey(rsa, NULL, NULL, 0, &pem, NULL), 0); AssertIntEQ(wolfSSL_PEM_write_mem_RSAPrivateKey(rsa, NULL, NULL, 0, &pem, &plen), 1); XFREE(pem, NULL, DYNAMIC_TYPE_KEY); #ifndef NO_AES AssertIntEQ(wolfSSL_PEM_write_mem_RSAPrivateKey(rsa, EVP_aes_128_cbc(), NULL, 0, &pem, &plen), 1); XFREE(pem, NULL, DYNAMIC_TYPE_KEY); AssertIntEQ(wolfSSL_PEM_write_mem_RSAPrivateKey(rsa, EVP_aes_128_cbc(), passwd, sizeof(passwd) - 1, &pem, &plen), 1); XFREE(pem, NULL, DYNAMIC_TYPE_KEY); #endif RSA_free(rsa); res = TEST_RES_CHECK(1); #endif return res; } static int test_wolfSSL_DH(void) { int res = TEST_SKIPPED; #if defined(OPENSSL_EXTRA) && !defined(NO_DH) DH *dh = NULL; BIGNUM* p; BIGNUM* q; BIGNUM* g; BIGNUM* pub; BIGNUM* priv; #if defined(OPENSSL_ALL) #if !defined(HAVE_FIPS) || \ (defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION > 2)) FILE* f = NULL; unsigned char buf[268]; const unsigned char* pt = buf; long len = 0; dh = NULL; XMEMSET(buf, 0, sizeof(buf)); /* Test 2048 bit parameters */ f = XFOPEN("./certs/dh2048.der", "rb"); AssertTrue(f != XBADFILE); len = (long)XFREAD(buf, 1, sizeof(buf), f); XFCLOSE(f); AssertNotNull(dh = d2i_DHparams(NULL, &pt, len)); AssertNotNull(dh->p); AssertNotNull(dh->g); AssertTrue(pt == buf); AssertIntEQ(DH_generate_key(dh), 1); AssertIntEQ(DH_generate_key(dh), 1); AssertIntEQ(DH_compute_key(NULL, NULL, NULL), -1); AssertNotNull(pub = BN_new()); AssertIntEQ(BN_set_word(pub, 1), 1); AssertIntEQ(DH_compute_key(buf, NULL, NULL), -1); AssertIntEQ(DH_compute_key(NULL, pub, NULL), -1); AssertIntEQ(DH_compute_key(NULL, NULL, dh), -1); AssertIntEQ(DH_compute_key(buf, pub, NULL), -1); AssertIntEQ(DH_compute_key(buf, NULL, dh), -1); AssertIntEQ(DH_compute_key(NULL, pub, dh), -1); AssertIntEQ(DH_compute_key(buf, pub, dh), -1); BN_free(pub); DH_get0_pqg(dh, (const BIGNUM**)&p, (const BIGNUM**)&q, (const BIGNUM**)&g); AssertPtrEq(p, dh->p); AssertPtrEq(q, dh->q); AssertPtrEq(g, dh->g); DH_get0_key(NULL, (const BIGNUM**)&pub, (const BIGNUM**)&priv); DH_get0_key(dh, (const BIGNUM**)&pub, (const BIGNUM**)&priv); AssertPtrEq(pub, dh->pub_key); AssertPtrEq(priv, dh->priv_key); DH_get0_key(dh, (const BIGNUM**)&pub, NULL); AssertPtrEq(pub, dh->pub_key); DH_get0_key(dh, NULL, (const BIGNUM**)&priv); AssertPtrEq(priv, dh->priv_key); AssertNotNull(pub = BN_new()); AssertNotNull(priv = BN_new()); AssertIntEQ(DH_set0_key(NULL, pub, priv), 0); AssertIntEQ(DH_set0_key(dh, pub, priv), 1); AssertNotNull(pub = BN_new()); AssertIntEQ(DH_set0_key(dh, pub, NULL), 1); AssertNotNull(priv = BN_new()); AssertIntEQ(DH_set0_key(dh, NULL, priv), 1); AssertPtrEq(pub, dh->pub_key); AssertPtrEq(priv, dh->priv_key); DH_free(dh); AssertNotNull(dh = DH_new()); AssertNotNull(p = BN_new()); AssertIntEQ(BN_set_word(p, 1), 1); AssertIntEQ(DH_compute_key(buf, p, dh), -1); AssertNotNull(pub = BN_new()); AssertNotNull(priv = BN_new()); AssertIntEQ(DH_set0_key(dh, pub, priv), 1); AssertIntEQ(DH_compute_key(buf, p, dh), -1); BN_free(p); DH_free(dh); #ifdef WOLFSSL_KEY_GEN AssertNotNull(dh = DH_generate_parameters(2048, 2, NULL, NULL)); AssertIntEQ(wolfSSL_DH_generate_parameters_ex(NULL, 2048, 2, NULL), 0); DH_free(dh); #endif #endif /* !HAVE_FIPS || (HAVE_FIPS_VERSION && HAVE_FIPS_VERSION > 2) */ #endif /* OPENSSL_ALL */ (void)dh; (void)p; (void)q; (void)g; (void)pub; (void)priv; dh = wolfSSL_DH_new(); AssertNotNull(dh); /* invalid parameters test */ DH_get0_pqg(NULL, (const BIGNUM**)&p, (const BIGNUM**)&q, (const BIGNUM**)&g); DH_get0_pqg(dh, NULL, (const BIGNUM**)&q, (const BIGNUM**)&g); DH_get0_pqg(dh, NULL, NULL, (const BIGNUM**)&g); DH_get0_pqg(dh, NULL, NULL, NULL); AssertTrue(1); DH_get0_pqg(dh, (const BIGNUM**)&p, (const BIGNUM**)&q, (const BIGNUM**)&g); AssertPtrEq(p, NULL); AssertPtrEq(q, NULL); AssertPtrEq(g, NULL); DH_free(dh); #if !defined(HAVE_FIPS) || (defined(HAVE_FIPS) && !defined(WOLFSSL_DH_EXTRA)) \ || (defined(HAVE_FIPS_VERSION) && FIPS_VERSION_GT(2,0)) #if defined(OPENSSL_ALL) || \ defined(OPENSSL_VERSION_NUMBER) && OPENSSL_VERSION_NUMBER >= 0x10100000L dh = wolfSSL_DH_new(); AssertNotNull(dh); p = wolfSSL_BN_new(); AssertNotNull(p); AssertIntEQ(BN_set_word(p, 11), 1); g = wolfSSL_BN_new(); AssertNotNull(g); AssertIntEQ(BN_set_word(g, 2), 1); q = wolfSSL_BN_new(); AssertNotNull(q); AssertIntEQ(BN_set_word(q, 5), 1); AssertIntEQ(wolfSSL_DH_set0_pqg(NULL, NULL, NULL, NULL), 0); AssertIntEQ(wolfSSL_DH_set0_pqg(dh, NULL, NULL, NULL), 0); AssertIntEQ(wolfSSL_DH_set0_pqg(NULL, p, NULL, NULL), 0); AssertIntEQ(wolfSSL_DH_set0_pqg(NULL, NULL, q, NULL), 0); AssertIntEQ(wolfSSL_DH_set0_pqg(NULL, NULL, NULL, g), 0); AssertIntEQ(wolfSSL_DH_set0_pqg(NULL, p, q, g), 0); AssertIntEQ(wolfSSL_DH_set0_pqg(dh, NULL, q, g), 0); AssertIntEQ(wolfSSL_DH_set0_pqg(dh, p, q, NULL), 0); /* Don't need q. */ AssertIntEQ(wolfSSL_DH_set0_pqg(dh, p, NULL, g), 1); /* Setting again will free the p and g. */ wolfSSL_BN_free(q); DH_free(dh); dh = wolfSSL_DH_new(); AssertNotNull(dh); p = wolfSSL_BN_new(); AssertNotNull(p); AssertIntEQ(BN_set_word(p, 11), 1); g = wolfSSL_BN_new(); AssertNotNull(g); AssertIntEQ(BN_set_word(g, 2), 1); q = wolfSSL_BN_new(); AssertNotNull(q); AssertIntEQ(BN_set_word(q, 5), 1); AssertIntEQ(wolfSSL_DH_set0_pqg(dh, p, q, g), 1); /* p, q and g are now owned by dh - don't free. */ p = wolfSSL_BN_new(); AssertNotNull(p); AssertIntEQ(BN_set_word(p, 11), 1); g = wolfSSL_BN_new(); AssertNotNull(g); AssertIntEQ(BN_set_word(g, 2), 1); q = wolfSSL_BN_new(); AssertNotNull(q); AssertIntEQ(wolfSSL_DH_set0_pqg(dh, p, NULL, NULL), 1); AssertIntEQ(wolfSSL_DH_set0_pqg(dh, NULL, q, NULL), 1); AssertIntEQ(wolfSSL_DH_set0_pqg(dh, NULL, NULL, g), 1); AssertIntEQ(wolfSSL_DH_set0_pqg(dh, NULL, NULL, NULL), 1); /* p, q and g are now owned by dh - don't free. */ DH_free(dh); AssertIntEQ(DH_generate_key(NULL), 0); AssertNotNull(dh = DH_new()); AssertIntEQ(DH_generate_key(dh), 0); p = wolfSSL_BN_new(); AssertNotNull(p); AssertIntEQ(BN_set_word(p, 0), 1); g = wolfSSL_BN_new(); AssertNotNull(g); AssertIntEQ(BN_set_word(g, 2), 1); AssertIntEQ(wolfSSL_DH_set0_pqg(dh, p, NULL, g), 1); AssertIntEQ(DH_generate_key(dh), 0); DH_free(dh); #endif #endif /* Test DH_up_ref() */ dh = wolfSSL_DH_new(); AssertNotNull(dh); AssertIntEQ(wolfSSL_DH_up_ref(NULL), WOLFSSL_FAILURE); AssertIntEQ(wolfSSL_DH_up_ref(dh), WOLFSSL_SUCCESS); DH_free(dh); /* decrease ref count */ DH_free(dh); /* free WOLFSSL_DH */ AssertNull((dh = DH_new_by_nid(NID_sha1))); #if (defined(HAVE_PUBLIC_FFDHE) || (defined(HAVE_FIPS) && \ FIPS_VERSION_EQ(2,0))) || (!defined(HAVE_PUBLIC_FFDHE) && \ (!defined(HAVE_FIPS) || FIPS_VERSION_GT(2,0))) #ifdef HAVE_FFDHE_2048 AssertNotNull((dh = DH_new_by_nid(NID_ffdhe2048))); DH_free(dh); #endif #ifdef HAVE_FFDHE_3072 AssertNotNull((dh = DH_new_by_nid(NID_ffdhe3072))); DH_free(dh); #endif #ifdef HAVE_FFDHE_4096 AssertNotNull((dh = DH_new_by_nid(NID_ffdhe4096))); DH_free(dh); #endif #else AssertNull((dh = DH_new_by_nid(NID_ffdhe2048))); #endif /* (HAVE_PUBLIC_FFDHE || (HAVE_FIPS && HAVE_FIPS_VERSION == 2)) || * (!HAVE_PUBLIC_FFDHE && (!HAVE_FIPS || HAVE_FIPS_VERSION > 2))*/ AssertIntEQ(wolfSSL_DH_size(NULL), -1); res = TEST_RES_CHECK(1); #endif /* OPENSSL_EXTRA && !NO_DH */ return res; } static int test_wolfSSL_DH_dup(void) { int res = TEST_SKIPPED; #if !defined(NO_DH) && defined(WOLFSSL_DH_EXTRA) #if defined(WOLFSSL_QT) || defined(OPENSSL_ALL) || defined(WOLFSSL_OPENSSH) || \ defined(OPENSSL_EXTRA) DH *dh; DH *dhDup; WOLFSSL_BIGNUM* p; WOLFSSL_BIGNUM* g; AssertNotNull(p = wolfSSL_BN_new()); AssertNotNull(g = wolfSSL_BN_new()); AssertIntEQ(wolfSSL_BN_set_word(p, 11), WOLFSSL_SUCCESS); AssertIntEQ(wolfSSL_BN_set_word(g, 2), WOLFSSL_SUCCESS); dhDup = wolfSSL_DH_dup(NULL); AssertNull(dhDup); dh = wolfSSL_DH_new(); AssertNotNull(dh); dhDup = wolfSSL_DH_dup(dh); AssertNull(dhDup); #if defined(OPENSSL_ALL) || \ defined(OPENSSL_VERSION_NUMBER) && OPENSSL_VERSION_NUMBER >= 0x10100000L AssertIntEQ(wolfSSL_DH_set0_pqg(dh, p, NULL, g), 1); dhDup = wolfSSL_DH_dup(dh); AssertNotNull(dhDup); wolfSSL_DH_free(dhDup); #else wolfSSL_BN_free(p); wolfSSL_BN_free(g); #endif wolfSSL_DH_free(dh); res = TEST_RES_CHECK(1); #endif #endif return res; } static int test_wolfSSL_DH_check(void) { int res = TEST_SKIPPED; #ifdef OPENSSL_ALL #ifndef NO_DH #ifndef NO_BIO #ifndef NO_DSA byte buf[6000]; char file[] = "./certs/dsaparams.pem"; XFILE f; int bytes; BIO* bio; DSA* dsa; #elif !defined(HAVE_FIPS) || FIPS_VERSION_GT(2,0) static const byte dh2048[] = { 0x30, 0x82, 0x01, 0x08, 0x02, 0x82, 0x01, 0x01, 0x00, 0xb0, 0xa1, 0x08, 0x06, 0x9c, 0x08, 0x13, 0xba, 0x59, 0x06, 0x3c, 0xbc, 0x30, 0xd5, 0xf5, 0x00, 0xc1, 0x4f, 0x44, 0xa7, 0xd6, 0xef, 0x4a, 0xc6, 0x25, 0x27, 0x1c, 0xe8, 0xd2, 0x96, 0x53, 0x0a, 0x5c, 0x91, 0xdd, 0xa2, 0xc2, 0x94, 0x84, 0xbf, 0x7d, 0xb2, 0x44, 0x9f, 0x9b, 0xd2, 0xc1, 0x8a, 0xc5, 0xbe, 0x72, 0x5c, 0xa7, 0xe7, 0x91, 0xe6, 0xd4, 0x9f, 0x73, 0x07, 0x85, 0x5b, 0x66, 0x48, 0xc7, 0x70, 0xfa, 0xb4, 0xee, 0x02, 0xc9, 0x3d, 0x9a, 0x4a, 0xda, 0x3d, 0xc1, 0x46, 0x3e, 0x19, 0x69, 0xd1, 0x17, 0x46, 0x07, 0xa3, 0x4d, 0x9f, 0x2b, 0x96, 0x17, 0x39, 0x6d, 0x30, 0x8d, 0x2a, 0xf3, 0x94, 0xd3, 0x75, 0xcf, 0xa0, 0x75, 0xe6, 0xf2, 0x92, 0x1f, 0x1a, 0x70, 0x05, 0xaa, 0x04, 0x83, 0x57, 0x30, 0xfb, 0xda, 0x76, 0x93, 0x38, 0x50, 0xe8, 0x27, 0xfd, 0x63, 0xee, 0x3c, 0xe5, 0xb7, 0xc8, 0x09, 0xae, 0x6f, 0x50, 0x35, 0x8e, 0x84, 0xce, 0x4a, 0x00, 0xe9, 0x12, 0x7e, 0x5a, 0x31, 0xd7, 0x33, 0xfc, 0x21, 0x13, 0x76, 0xcc, 0x16, 0x30, 0xdb, 0x0c, 0xfc, 0xc5, 0x62, 0xa7, 0x35, 0xb8, 0xef, 0xb7, 0xb0, 0xac, 0xc0, 0x36, 0xf6, 0xd9, 0xc9, 0x46, 0x48, 0xf9, 0x40, 0x90, 0x00, 0x2b, 0x1b, 0xaa, 0x6c, 0xe3, 0x1a, 0xc3, 0x0b, 0x03, 0x9e, 0x1b, 0xc2, 0x46, 0xe4, 0x48, 0x4e, 0x22, 0x73, 0x6f, 0xc3, 0x5f, 0xd4, 0x9a, 0xd6, 0x30, 0x07, 0x48, 0xd6, 0x8c, 0x90, 0xab, 0xd4, 0xf6, 0xf1, 0xe3, 0x48, 0xd3, 0x58, 0x4b, 0xa6, 0xb9, 0xcd, 0x29, 0xbf, 0x68, 0x1f, 0x08, 0x4b, 0x63, 0x86, 0x2f, 0x5c, 0x6b, 0xd6, 0xb6, 0x06, 0x65, 0xf7, 0xa6, 0xdc, 0x00, 0x67, 0x6b, 0xbb, 0xc3, 0xa9, 0x41, 0x83, 0xfb, 0xc7, 0xfa, 0xc8, 0xe2, 0x1e, 0x7e, 0xaf, 0x00, 0x3f, 0x93, 0x02, 0x01, 0x02 }; const byte* params; #endif DH* dh = NULL; WOLFSSL_BIGNUM* p; WOLFSSL_BIGNUM* g; WOLFSSL_BIGNUM* pTmp = NULL; WOLFSSL_BIGNUM* gTmp = NULL; int codes = -1; #ifndef NO_DSA /* Initialize DH */ f = XFOPEN(file, "rb"); AssertTrue((f != XBADFILE)); bytes = (int)XFREAD(buf, 1, sizeof(buf), f); XFCLOSE(f); bio = BIO_new_mem_buf((void*)buf, bytes); AssertNotNull(bio); dsa = wolfSSL_PEM_read_bio_DSAparams(bio, NULL, NULL, NULL); AssertNotNull(dsa); dh = wolfSSL_DSA_dup_DH(dsa); AssertNotNull(dh); BIO_free(bio); DSA_free(dsa); #elif !defined(HAVE_FIPS) || FIPS_VERSION_GT(2,0) params = dh2048; dh = wolfSSL_d2i_DHparams(NULL, ¶ms, (long)sizeof(dh2048)); AssertNotNull(dh); #else dh = wolfSSL_DH_new_by_nid(NID_ffdhe2048); AssertNotNull(dh); #endif /* Test assumed to be valid dh. * Should return WOLFSSL_SUCCESS * codes should be 0 * Invalid codes = {DH_NOT_SUITABLE_GENERATOR, DH_CHECK_P_NOT_PRIME} */ AssertIntEQ(wolfSSL_DH_check(dh, &codes), 1); AssertIntEQ(codes, 0); /* Test NULL dh: expected BAD_FUNC_ARG */ AssertIntEQ(wolfSSL_DH_check(NULL, &codes), 0); /* Break dh prime to test if codes = DH_CHECK_P_NOT_PRIME */ pTmp = dh->p; dh->p = NULL; AssertIntEQ(wolfSSL_DH_check(dh, &codes), 1); AssertIntEQ(wolfSSL_DH_check(dh, NULL), 0); AssertIntEQ(codes, DH_CHECK_P_NOT_PRIME); /* set dh->p back to normal so it wont fail on next tests */ dh->p = pTmp; pTmp = NULL; /* Break dh generator to test if codes = DH_NOT_SUITABLE_GENERATOR */ gTmp = dh->g; dh->g = NULL; AssertIntEQ(wolfSSL_DH_check(dh, &codes), 1); AssertIntEQ(wolfSSL_DH_check(dh, NULL), 0); AssertIntEQ(codes, DH_NOT_SUITABLE_GENERATOR); dh->g = gTmp; gTmp = NULL; /* Cleanup */ DH_free(dh); dh = DH_new(); AssertNotNull(dh); /* Check empty DH. */ AssertIntEQ(wolfSSL_DH_check(dh, &codes), 1); AssertIntEQ(wolfSSL_DH_check(dh, NULL), 0); AssertIntEQ(codes, DH_NOT_SUITABLE_GENERATOR | DH_CHECK_P_NOT_PRIME); /* Check non-prime valued p. */ AssertNotNull(p = BN_new()); AssertIntEQ(BN_set_word(p, 4), 1); AssertNotNull(g = BN_new()); AssertIntEQ(BN_set_word(g, 2), 1); AssertIntEQ(DH_set0_pqg(dh, p, NULL, g), 1); AssertIntEQ(wolfSSL_DH_check(dh, &codes), 1); AssertIntEQ(wolfSSL_DH_check(dh, NULL), 0); AssertIntEQ(codes, DH_CHECK_P_NOT_PRIME); DH_free(dh); res = TEST_RES_CHECK(1); #endif #endif /* !NO_DH && !NO_DSA */ #endif return res; } static int test_wolfSSL_DH_prime(void) { int res = TEST_SKIPPED; #if defined(OPENSSL_EXTRA) && !defined(NO_DH) WOLFSSL_BIGNUM* bn; #if WOLFSSL_MAX_BN_BITS >= 768 WOLFSSL_BIGNUM* bn2; #endif bn = wolfSSL_DH_768_prime(NULL); #if WOLFSSL_MAX_BN_BITS >= 768 AssertNotNull(bn); bn2 = wolfSSL_DH_768_prime(bn); AssertNotNull(bn2); AssertTrue(bn == bn2); wolfSSL_BN_free(bn); #else AssertNull(bn); #endif bn = wolfSSL_DH_1024_prime(NULL); #if WOLFSSL_MAX_BN_BITS >= 1024 AssertNotNull(bn); wolfSSL_BN_free(bn); #else AssertNull(bn); #endif bn = wolfSSL_DH_2048_prime(NULL); #if WOLFSSL_MAX_BN_BITS >= 2048 AssertNotNull(bn); wolfSSL_BN_free(bn); #else AssertNull(bn); #endif bn = wolfSSL_DH_3072_prime(NULL); #if WOLFSSL_MAX_BN_BITS >= 3072 AssertNotNull(bn); wolfSSL_BN_free(bn); #else AssertNull(bn); #endif bn = wolfSSL_DH_4096_prime(NULL); #if WOLFSSL_MAX_BN_BITS >= 4096 AssertNotNull(bn); wolfSSL_BN_free(bn); #else AssertNull(bn); #endif bn = wolfSSL_DH_6144_prime(NULL); #if WOLFSSL_MAX_BN_BITS >= 6144 AssertNotNull(bn); wolfSSL_BN_free(bn); #else AssertNull(bn); #endif bn = wolfSSL_DH_8192_prime(NULL); #if WOLFSSL_MAX_BN_BITS >= 8192 AssertNotNull(bn); wolfSSL_BN_free(bn); #else AssertNull(bn); #endif res = TEST_RES_CHECK(1); #endif return res; } static int test_wolfSSL_DH_1536_prime(void) { int res = TEST_SKIPPED; #if defined(OPENSSL_EXTRA) && !defined(NO_DH) BIGNUM* bn; unsigned char bits[200]; int sz = 192; /* known binary size */ const byte expected[] = { 0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF, 0xC9,0x0F,0xDA,0xA2,0x21,0x68,0xC2,0x34, 0xC4,0xC6,0x62,0x8B,0x80,0xDC,0x1C,0xD1, 0x29,0x02,0x4E,0x08,0x8A,0x67,0xCC,0x74, 0x02,0x0B,0xBE,0xA6,0x3B,0x13,0x9B,0x22, 0x51,0x4A,0x08,0x79,0x8E,0x34,0x04,0xDD, 0xEF,0x95,0x19,0xB3,0xCD,0x3A,0x43,0x1B, 0x30,0x2B,0x0A,0x6D,0xF2,0x5F,0x14,0x37, 0x4F,0xE1,0x35,0x6D,0x6D,0x51,0xC2,0x45, 0xE4,0x85,0xB5,0x76,0x62,0x5E,0x7E,0xC6, 0xF4,0x4C,0x42,0xE9,0xA6,0x37,0xED,0x6B, 0x0B,0xFF,0x5C,0xB6,0xF4,0x06,0xB7,0xED, 0xEE,0x38,0x6B,0xFB,0x5A,0x89,0x9F,0xA5, 0xAE,0x9F,0x24,0x11,0x7C,0x4B,0x1F,0xE6, 0x49,0x28,0x66,0x51,0xEC,0xE4,0x5B,0x3D, 0xC2,0x00,0x7C,0xB8,0xA1,0x63,0xBF,0x05, 0x98,0xDA,0x48,0x36,0x1C,0x55,0xD3,0x9A, 0x69,0x16,0x3F,0xA8,0xFD,0x24,0xCF,0x5F, 0x83,0x65,0x5D,0x23,0xDC,0xA3,0xAD,0x96, 0x1C,0x62,0xF3,0x56,0x20,0x85,0x52,0xBB, 0x9E,0xD5,0x29,0x07,0x70,0x96,0x96,0x6D, 0x67,0x0C,0x35,0x4E,0x4A,0xBC,0x98,0x04, 0xF1,0x74,0x6C,0x08,0xCA,0x23,0x73,0x27, 0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF, }; bn = get_rfc3526_prime_1536(NULL); AssertNotNull(bn); AssertIntEQ(sz, BN_bn2bin((const BIGNUM*)bn, bits)); AssertIntEQ(0, XMEMCMP(expected, bits, sz)); BN_free(bn); res = TEST_RES_CHECK(1); #endif return res; } static int test_wolfSSL_DH_get_2048_256(void) { int res = TEST_SKIPPED; #if defined(OPENSSL_EXTRA) && !defined(NO_DH) WOLFSSL_DH* dh; const WOLFSSL_BIGNUM* pBn; const WOLFSSL_BIGNUM* gBn; const WOLFSSL_BIGNUM* qBn; const byte pExpected[] = { 0x87, 0xA8, 0xE6, 0x1D, 0xB4, 0xB6, 0x66, 0x3C, 0xFF, 0xBB, 0xD1, 0x9C, 0x65, 0x19, 0x59, 0x99, 0x8C, 0xEE, 0xF6, 0x08, 0x66, 0x0D, 0xD0, 0xF2, 0x5D, 0x2C, 0xEE, 0xD4, 0x43, 0x5E, 0x3B, 0x00, 0xE0, 0x0D, 0xF8, 0xF1, 0xD6, 0x19, 0x57, 0xD4, 0xFA, 0xF7, 0xDF, 0x45, 0x61, 0xB2, 0xAA, 0x30, 0x16, 0xC3, 0xD9, 0x11, 0x34, 0x09, 0x6F, 0xAA, 0x3B, 0xF4, 0x29, 0x6D, 0x83, 0x0E, 0x9A, 0x7C, 0x20, 0x9E, 0x0C, 0x64, 0x97, 0x51, 0x7A, 0xBD, 0x5A, 0x8A, 0x9D, 0x30, 0x6B, 0xCF, 0x67, 0xED, 0x91, 0xF9, 0xE6, 0x72, 0x5B, 0x47, 0x58, 0xC0, 0x22, 0xE0, 0xB1, 0xEF, 0x42, 0x75, 0xBF, 0x7B, 0x6C, 0x5B, 0xFC, 0x11, 0xD4, 0x5F, 0x90, 0x88, 0xB9, 0x41, 0xF5, 0x4E, 0xB1, 0xE5, 0x9B, 0xB8, 0xBC, 0x39, 0xA0, 0xBF, 0x12, 0x30, 0x7F, 0x5C, 0x4F, 0xDB, 0x70, 0xC5, 0x81, 0xB2, 0x3F, 0x76, 0xB6, 0x3A, 0xCA, 0xE1, 0xCA, 0xA6, 0xB7, 0x90, 0x2D, 0x52, 0x52, 0x67, 0x35, 0x48, 0x8A, 0x0E, 0xF1, 0x3C, 0x6D, 0x9A, 0x51, 0xBF, 0xA4, 0xAB, 0x3A, 0xD8, 0x34, 0x77, 0x96, 0x52, 0x4D, 0x8E, 0xF6, 0xA1, 0x67, 0xB5, 0xA4, 0x18, 0x25, 0xD9, 0x67, 0xE1, 0x44, 0xE5, 0x14, 0x05, 0x64, 0x25, 0x1C, 0xCA, 0xCB, 0x83, 0xE6, 0xB4, 0x86, 0xF6, 0xB3, 0xCA, 0x3F, 0x79, 0x71, 0x50, 0x60, 0x26, 0xC0, 0xB8, 0x57, 0xF6, 0x89, 0x96, 0x28, 0x56, 0xDE, 0xD4, 0x01, 0x0A, 0xBD, 0x0B, 0xE6, 0x21, 0xC3, 0xA3, 0x96, 0x0A, 0x54, 0xE7, 0x10, 0xC3, 0x75, 0xF2, 0x63, 0x75, 0xD7, 0x01, 0x41, 0x03, 0xA4, 0xB5, 0x43, 0x30, 0xC1, 0x98, 0xAF, 0x12, 0x61, 0x16, 0xD2, 0x27, 0x6E, 0x11, 0x71, 0x5F, 0x69, 0x38, 0x77, 0xFA, 0xD7, 0xEF, 0x09, 0xCA, 0xDB, 0x09, 0x4A, 0xE9, 0x1E, 0x1A, 0x15, 0x97 }; const byte gExpected[] = { 0x3F, 0xB3, 0x2C, 0x9B, 0x73, 0x13, 0x4D, 0x0B, 0x2E, 0x77, 0x50, 0x66, 0x60, 0xED, 0xBD, 0x48, 0x4C, 0xA7, 0xB1, 0x8F, 0x21, 0xEF, 0x20, 0x54, 0x07, 0xF4, 0x79, 0x3A, 0x1A, 0x0B, 0xA1, 0x25, 0x10, 0xDB, 0xC1, 0x50, 0x77, 0xBE, 0x46, 0x3F, 0xFF, 0x4F, 0xED, 0x4A, 0xAC, 0x0B, 0xB5, 0x55, 0xBE, 0x3A, 0x6C, 0x1B, 0x0C, 0x6B, 0x47, 0xB1, 0xBC, 0x37, 0x73, 0xBF, 0x7E, 0x8C, 0x6F, 0x62, 0x90, 0x12, 0x28, 0xF8, 0xC2, 0x8C, 0xBB, 0x18, 0xA5, 0x5A, 0xE3, 0x13, 0x41, 0x00, 0x0A, 0x65, 0x01, 0x96, 0xF9, 0x31, 0xC7, 0x7A, 0x57, 0xF2, 0xDD, 0xF4, 0x63, 0xE5, 0xE9, 0xEC, 0x14, 0x4B, 0x77, 0x7D, 0xE6, 0x2A, 0xAA, 0xB8, 0xA8, 0x62, 0x8A, 0xC3, 0x76, 0xD2, 0x82, 0xD6, 0xED, 0x38, 0x64, 0xE6, 0x79, 0x82, 0x42, 0x8E, 0xBC, 0x83, 0x1D, 0x14, 0x34, 0x8F, 0x6F, 0x2F, 0x91, 0x93, 0xB5, 0x04, 0x5A, 0xF2, 0x76, 0x71, 0x64, 0xE1, 0xDF, 0xC9, 0x67, 0xC1, 0xFB, 0x3F, 0x2E, 0x55, 0xA4, 0xBD, 0x1B, 0xFF, 0xE8, 0x3B, 0x9C, 0x80, 0xD0, 0x52, 0xB9, 0x85, 0xD1, 0x82, 0xEA, 0x0A, 0xDB, 0x2A, 0x3B, 0x73, 0x13, 0xD3, 0xFE, 0x14, 0xC8, 0x48, 0x4B, 0x1E, 0x05, 0x25, 0x88, 0xB9, 0xB7, 0xD2, 0xBB, 0xD2, 0xDF, 0x01, 0x61, 0x99, 0xEC, 0xD0, 0x6E, 0x15, 0x57, 0xCD, 0x09, 0x15, 0xB3, 0x35, 0x3B, 0xBB, 0x64, 0xE0, 0xEC, 0x37, 0x7F, 0xD0, 0x28, 0x37, 0x0D, 0xF9, 0x2B, 0x52, 0xC7, 0x89, 0x14, 0x28, 0xCD, 0xC6, 0x7E, 0xB6, 0x18, 0x4B, 0x52, 0x3D, 0x1D, 0xB2, 0x46, 0xC3, 0x2F, 0x63, 0x07, 0x84, 0x90, 0xF0, 0x0E, 0xF8, 0xD6, 0x47, 0xD1, 0x48, 0xD4, 0x79, 0x54, 0x51, 0x5E, 0x23, 0x27, 0xCF, 0xEF, 0x98, 0xC5, 0x82, 0x66, 0x4B, 0x4C, 0x0F, 0x6C, 0xC4, 0x16, 0x59 }; const byte qExpected[] = { 0x8C, 0xF8, 0x36, 0x42, 0xA7, 0x09, 0xA0, 0x97, 0xB4, 0x47, 0x99, 0x76, 0x40, 0x12, 0x9D, 0xA2, 0x99, 0xB1, 0xA4, 0x7D, 0x1E, 0xB3, 0x75, 0x0B, 0xA3, 0x08, 0xB0, 0xFE, 0x64, 0xF5, 0xFB, 0xD3 }; int pSz; int qSz; int gSz; byte* pReturned; byte* qReturned; byte* gReturned; AssertNotNull((dh = wolfSSL_DH_get_2048_256())); wolfSSL_DH_get0_pqg(dh, &pBn, &qBn, &gBn); AssertIntGT((pSz = wolfSSL_BN_num_bytes(pBn)), 0); AssertNotNull(pReturned = (byte*)XMALLOC(pSz, NULL, DYNAMIC_TYPE_TMP_BUFFER)); AssertIntGT((pSz = wolfSSL_BN_bn2bin(pBn, pReturned)), 0); AssertIntEQ(pSz, sizeof(pExpected)); AssertIntEQ(XMEMCMP(pExpected, pReturned, pSz), 0); AssertIntGT((qSz = wolfSSL_BN_num_bytes(qBn)), 0); AssertNotNull(qReturned = (byte*)XMALLOC(qSz, NULL, DYNAMIC_TYPE_TMP_BUFFER)); AssertIntGT((qSz = wolfSSL_BN_bn2bin(qBn, qReturned)), 0); AssertIntEQ(qSz, sizeof(qExpected)); AssertIntEQ(XMEMCMP(qExpected, qReturned, qSz), 0); AssertIntGT((gSz = wolfSSL_BN_num_bytes(gBn)), 0); AssertNotNull(gReturned = (byte*)XMALLOC(gSz, NULL, DYNAMIC_TYPE_TMP_BUFFER)); AssertIntGT((gSz = wolfSSL_BN_bn2bin(gBn, gReturned)), 0); AssertIntEQ(gSz, sizeof(gExpected)); AssertIntEQ(XMEMCMP(gExpected, gReturned, gSz), 0); wolfSSL_DH_free(dh); XFREE(pReturned, NULL, DYNAMIC_TYPE_TMP_BUFFER); XFREE(gReturned, NULL, DYNAMIC_TYPE_TMP_BUFFER); XFREE(qReturned, NULL, DYNAMIC_TYPE_TMP_BUFFER); res = TEST_RES_CHECK(1); #endif return res; } static int test_wolfSSL_PEM_write_DHparams(void) { int res = TEST_SKIPPED; #if defined(OPENSSL_EXTRA) && !defined(NO_BIO) && \ !defined(NO_DH) && defined(WOLFSSL_DH_EXTRA) && !defined(NO_FILESYSTEM) DH* dh; BIO* bio; XFILE fp; byte pem[2048]; int pemSz; const char expected[] = "-----BEGIN DH PARAMETERS-----\n" "MIIBCAKCAQEAsKEIBpwIE7pZBjy8MNX1AMFPRKfW70rGJScc6NKWUwpckd2iwpSE\n" "v32yRJ+b0sGKxb5yXKfnkebUn3MHhVtmSMdw+rTuAsk9mkraPcFGPhlp0RdGB6NN\n" "nyuWFzltMI0q85TTdc+gdebykh8acAWqBINXMPvadpM4UOgn/WPuPOW3yAmub1A1\n" "joTOSgDpEn5aMdcz/CETdswWMNsM/MVipzW477ewrMA29tnJRkj5QJAAKxuqbOMa\n" "wwsDnhvCRuRITiJzb8Nf1JrWMAdI1oyQq9T28eNI01hLprnNKb9oHwhLY4YvXGvW\n" "tgZl96bcAGdru8OpQYP7x/rI4h5+rwA/kwIBAg==\n" "-----END DH PARAMETERS-----\n"; const char badPem[] = "-----BEGIN DH PARAMETERS-----\n" "-----END DH PARAMETERS-----\n"; const char emptySeqPem[] = "-----BEGIN DH PARAMETERS-----\n" "MAA=\n" "-----END DH PARAMETERS-----\n"; AssertNotNull(fp = XFOPEN(dhParamFile, "rb")); AssertIntGT((pemSz = (int)XFREAD(pem, 1, sizeof(pem), fp)), 0); XFCLOSE(fp); AssertNull(PEM_read_bio_DHparams(NULL, NULL, NULL, NULL)); AssertNotNull(bio = BIO_new(BIO_s_mem())); AssertNull(dh = PEM_read_bio_DHparams(bio, NULL, NULL, NULL)); AssertIntEQ(BIO_write(bio, badPem, (int)sizeof(badPem)), (int)sizeof(badPem)); AssertNull(dh = PEM_read_bio_DHparams(bio, NULL, NULL, NULL)); BIO_free(bio); AssertNotNull(bio = BIO_new(BIO_s_mem())); AssertNull(dh = PEM_read_bio_DHparams(bio, NULL, NULL, NULL)); AssertIntEQ(BIO_write(bio, emptySeqPem, (int)sizeof(emptySeqPem)), (int)sizeof(emptySeqPem)); AssertNull(dh = PEM_read_bio_DHparams(bio, NULL, NULL, NULL)); BIO_free(bio); AssertNotNull(bio = BIO_new(BIO_s_mem())); AssertIntEQ(BIO_write(bio, pem, pemSz), pemSz); AssertNotNull(dh = PEM_read_bio_DHparams(bio, NULL, NULL, NULL)); BIO_free(bio); AssertNotNull(fp = XFOPEN("./test-write-dhparams.pem", "wb")); AssertIntEQ(PEM_write_DHparams(fp, dh), WOLFSSL_SUCCESS); AssertIntEQ(PEM_write_DHparams(fp, NULL), WOLFSSL_FAILURE); DH_free(dh); dh = wolfSSL_DH_new(); AssertIntEQ(PEM_write_DHparams(fp, dh), WOLFSSL_FAILURE); XFCLOSE(fp); wolfSSL_DH_free(dh); /* check results */ XMEMSET(pem, 0, sizeof(pem)); AssertNotNull(fp = XFOPEN("./test-write-dhparams.pem", "rb")); AssertIntGT((pemSz = (int)XFREAD(pem, 1, sizeof(pem), fp)), 0); AssertIntEQ(XMEMCMP(pem, expected, pemSz), 0); XFCLOSE(fp); res = TEST_RES_CHECK(1); #endif return res; } static int test_wolfSSL_d2i_DHparams(void) { int res = TEST_SKIPPED; #ifdef OPENSSL_ALL #if !defined(NO_DH) && (defined(HAVE_FFDHE_2048) || defined(HAVE_FFDHE_3072)) #if !defined(HAVE_FIPS) || (defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION>2)) FILE* f = NULL; unsigned char buf[4096]; const unsigned char* pt = buf; #ifdef HAVE_FFDHE_2048 const char* params1 = "./certs/dh2048.der"; #endif #ifdef HAVE_FFDHE_3072 const char* params2 = "./certs/dh3072.der"; #endif long len = 0; WOLFSSL_DH* dh = NULL; XMEMSET(buf, 0, sizeof(buf)); /* Test 2048 bit parameters */ #ifdef HAVE_FFDHE_2048 if (res == TEST_SKIPPED || res == TEST_SUCCESS) { f = XFOPEN(params1, "rb"); AssertTrue(f != XBADFILE); len = (long)XFREAD(buf, 1, sizeof(buf), f); XFCLOSE(f); /* Valid case */ AssertNotNull(dh = wolfSSL_d2i_DHparams(NULL, &pt, len)); AssertNotNull(dh->p); AssertNotNull(dh->g); AssertTrue(pt == buf); AssertIntEQ(DH_set_length(NULL, BN_num_bits(dh->p)), 0); AssertIntEQ(DH_set_length(dh, BN_num_bits(dh->p)), 1); AssertIntEQ(DH_generate_key(dh), WOLFSSL_SUCCESS); /* Invalid cases */ AssertNull(wolfSSL_d2i_DHparams(NULL, NULL, len)); AssertNull(wolfSSL_d2i_DHparams(NULL, &pt, -1)); AssertNull(wolfSSL_d2i_DHparams(NULL, &pt, 10)); DH_free(dh); *buf = 0; pt = buf; res = TEST_RES_CHECK(1); } #endif /* HAVE_FFDHE_2048 */ /* Test 3072 bit parameters */ #ifdef HAVE_FFDHE_3072 if (res == TEST_SKIPPED || res == TEST_SUCCESS) { f = XFOPEN(params2, "rb"); AssertTrue(f != XBADFILE); len = (long)XFREAD(buf, 1, sizeof(buf), f); XFCLOSE(f); /* Valid case */ AssertNotNull(dh = wolfSSL_d2i_DHparams(&dh, &pt, len)); AssertNotNull(dh->p); AssertNotNull(dh->g); AssertTrue(pt != buf); AssertIntEQ(DH_generate_key(dh), 1); /* Invalid cases */ AssertNull(wolfSSL_d2i_DHparams(NULL, NULL, len)); AssertNull(wolfSSL_d2i_DHparams(NULL, &pt, -1)); DH_free(dh); res = TEST_RES_CHECK(1); } #endif /* HAVE_FFDHE_3072 */ #endif /* !HAVE_FIPS || HAVE_FIPS_VERSION > 2 */ #endif /* !NO_DH */ #endif return res; } static int test_wolfSSL_DH_LoadDer(void) { int res = TEST_SKIPPED; #if !defined(NO_DH) && (!defined(HAVE_FIPS) || FIPS_VERSION_GT(2,0)) && \ defined(OPENSSL_EXTRA) static const byte dh2048[] = { 0x30, 0x82, 0x01, 0x08, 0x02, 0x82, 0x01, 0x01, 0x00, 0xb0, 0xa1, 0x08, 0x06, 0x9c, 0x08, 0x13, 0xba, 0x59, 0x06, 0x3c, 0xbc, 0x30, 0xd5, 0xf5, 0x00, 0xc1, 0x4f, 0x44, 0xa7, 0xd6, 0xef, 0x4a, 0xc6, 0x25, 0x27, 0x1c, 0xe8, 0xd2, 0x96, 0x53, 0x0a, 0x5c, 0x91, 0xdd, 0xa2, 0xc2, 0x94, 0x84, 0xbf, 0x7d, 0xb2, 0x44, 0x9f, 0x9b, 0xd2, 0xc1, 0x8a, 0xc5, 0xbe, 0x72, 0x5c, 0xa7, 0xe7, 0x91, 0xe6, 0xd4, 0x9f, 0x73, 0x07, 0x85, 0x5b, 0x66, 0x48, 0xc7, 0x70, 0xfa, 0xb4, 0xee, 0x02, 0xc9, 0x3d, 0x9a, 0x4a, 0xda, 0x3d, 0xc1, 0x46, 0x3e, 0x19, 0x69, 0xd1, 0x17, 0x46, 0x07, 0xa3, 0x4d, 0x9f, 0x2b, 0x96, 0x17, 0x39, 0x6d, 0x30, 0x8d, 0x2a, 0xf3, 0x94, 0xd3, 0x75, 0xcf, 0xa0, 0x75, 0xe6, 0xf2, 0x92, 0x1f, 0x1a, 0x70, 0x05, 0xaa, 0x04, 0x83, 0x57, 0x30, 0xfb, 0xda, 0x76, 0x93, 0x38, 0x50, 0xe8, 0x27, 0xfd, 0x63, 0xee, 0x3c, 0xe5, 0xb7, 0xc8, 0x09, 0xae, 0x6f, 0x50, 0x35, 0x8e, 0x84, 0xce, 0x4a, 0x00, 0xe9, 0x12, 0x7e, 0x5a, 0x31, 0xd7, 0x33, 0xfc, 0x21, 0x13, 0x76, 0xcc, 0x16, 0x30, 0xdb, 0x0c, 0xfc, 0xc5, 0x62, 0xa7, 0x35, 0xb8, 0xef, 0xb7, 0xb0, 0xac, 0xc0, 0x36, 0xf6, 0xd9, 0xc9, 0x46, 0x48, 0xf9, 0x40, 0x90, 0x00, 0x2b, 0x1b, 0xaa, 0x6c, 0xe3, 0x1a, 0xc3, 0x0b, 0x03, 0x9e, 0x1b, 0xc2, 0x46, 0xe4, 0x48, 0x4e, 0x22, 0x73, 0x6f, 0xc3, 0x5f, 0xd4, 0x9a, 0xd6, 0x30, 0x07, 0x48, 0xd6, 0x8c, 0x90, 0xab, 0xd4, 0xf6, 0xf1, 0xe3, 0x48, 0xd3, 0x58, 0x4b, 0xa6, 0xb9, 0xcd, 0x29, 0xbf, 0x68, 0x1f, 0x08, 0x4b, 0x63, 0x86, 0x2f, 0x5c, 0x6b, 0xd6, 0xb6, 0x06, 0x65, 0xf7, 0xa6, 0xdc, 0x00, 0x67, 0x6b, 0xbb, 0xc3, 0xa9, 0x41, 0x83, 0xfb, 0xc7, 0xfa, 0xc8, 0xe2, 0x1e, 0x7e, 0xaf, 0x00, 0x3f, 0x93, 0x02, 0x01, 0x02 }; WOLFSSL_DH* dh; dh = wolfSSL_DH_new(); AssertNotNull(dh); AssertIntEQ(wolfSSL_DH_LoadDer(NULL, NULL, 0), -1); AssertIntEQ(wolfSSL_DH_LoadDer(dh, NULL, 0), -1); AssertIntEQ(wolfSSL_DH_LoadDer(NULL, dh2048, sizeof(dh2048)), -1); AssertIntEQ(wolfSSL_DH_LoadDer(dh, dh2048, sizeof(dh2048)), 1); wolfSSL_DH_free(dh); res = TEST_RES_CHECK(1); #endif return res; } static int test_wolfSSL_i2d_DHparams(void) { int res = TEST_SKIPPED; #ifdef OPENSSL_ALL #if !defined(NO_DH) && (defined(HAVE_FFDHE_2048) || defined(HAVE_FFDHE_3072)) #if !defined(HAVE_FIPS) || (defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION>2)) FILE* f; unsigned char buf[4096]; const unsigned char* pt; unsigned char* pt2; #ifdef HAVE_FFDHE_2048 const char* params1 = "./certs/dh2048.der"; #endif #ifdef HAVE_FFDHE_3072 const char* params2 = "./certs/dh3072.der"; #endif long len; WOLFSSL_DH* dh; /* Test 2048 bit parameters */ #ifdef HAVE_FFDHE_2048 pt = buf; pt2 = buf; f = XFOPEN(params1, "rb"); AssertTrue(f != XBADFILE); len = (long)XFREAD(buf, 1, sizeof(buf), f); XFCLOSE(f); /* Valid case */ AssertNotNull(dh = wolfSSL_d2i_DHparams(NULL, &pt, len)); AssertTrue(pt == buf); AssertIntEQ(DH_generate_key(dh), 1); AssertIntEQ(wolfSSL_i2d_DHparams(dh, &pt2), 268); /* Invalid case */ AssertIntEQ(wolfSSL_i2d_DHparams(NULL, &pt2), 0); /* Return length only */ AssertIntEQ(wolfSSL_i2d_DHparams(dh, NULL), 268); DH_free(dh); *buf = 0; #endif /* Test 3072 bit parameters */ #ifdef HAVE_FFDHE_3072 pt = buf; pt2 = buf; f = XFOPEN(params2, "rb"); AssertTrue(f != XBADFILE); len = (long)XFREAD(buf, 1, sizeof(buf), f); XFCLOSE(f); /* Valid case */ AssertNotNull(dh = wolfSSL_d2i_DHparams(NULL, &pt, len)); AssertTrue(pt == buf); AssertIntEQ(DH_generate_key(dh), 1); AssertIntEQ(wolfSSL_i2d_DHparams(dh, &pt2), 396); /* Invalid case */ AssertIntEQ(wolfSSL_i2d_DHparams(NULL, &pt2), 0); /* Return length only */ AssertIntEQ(wolfSSL_i2d_DHparams(dh, NULL), 396); DH_free(dh); #endif dh = DH_new(); AssertNotNull(dh); pt2 = buf; AssertIntEQ(wolfSSL_i2d_DHparams(dh, &pt2), 0); DH_free(dh); res = TEST_RES_CHECK(1); #endif /* !HAVE_FIPS || HAVE_FIPS_VERSION > 2 */ #endif /* !NO_DH && (HAVE_FFDHE_2048 || HAVE_FFDHE_3072) */ #endif return res; } #if defined(HAVE_ECC) && !defined(OPENSSL_NO_PK) /*----------------------------------------------------------------------------* | EC *----------------------------------------------------------------------------*/ static int test_wolfSSL_EC_GROUP(void) { int res = TEST_SKIPPED; #ifdef OPENSSL_EXTRA EC_GROUP *group; EC_GROUP *group2; EC_GROUP *group3; #ifndef HAVE_ECC_BRAINPOOL EC_GROUP *group4; #endif WOLFSSL_BIGNUM* order; int group_bits; int i; static const int knownEccNids[] = { NID_X9_62_prime192v1, NID_X9_62_prime192v2, NID_X9_62_prime192v3, NID_X9_62_prime239v1, NID_X9_62_prime239v2, NID_X9_62_prime239v3, NID_X9_62_prime256v1, NID_secp112r1, NID_secp112r2, NID_secp128r1, NID_secp128r2, NID_secp160r1, NID_secp160r2, NID_secp224r1, NID_secp384r1, NID_secp521r1, NID_secp160k1, NID_secp192k1, NID_secp224k1, NID_secp256k1, NID_brainpoolP160r1, NID_brainpoolP192r1, NID_brainpoolP224r1, NID_brainpoolP256r1, NID_brainpoolP320r1, NID_brainpoolP384r1, NID_brainpoolP512r1, }; int knowEccNidsLen = (int)(sizeof(knownEccNids) / sizeof(*knownEccNids)); static const int knownEccEnums[] = { ECC_SECP192R1, ECC_PRIME192V2, ECC_PRIME192V3, ECC_PRIME239V1, ECC_PRIME239V2, ECC_PRIME239V3, ECC_SECP256R1, ECC_SECP112R1, ECC_SECP112R2, ECC_SECP128R1, ECC_SECP128R2, ECC_SECP160R1, ECC_SECP160R2, ECC_SECP224R1, ECC_SECP384R1, ECC_SECP521R1, ECC_SECP160K1, ECC_SECP192K1, ECC_SECP224K1, ECC_SECP256K1, ECC_BRAINPOOLP160R1, ECC_BRAINPOOLP192R1, ECC_BRAINPOOLP224R1, ECC_BRAINPOOLP256R1, ECC_BRAINPOOLP320R1, ECC_BRAINPOOLP384R1, ECC_BRAINPOOLP512R1, }; int knowEccEnumsLen = (int)(sizeof(knownEccEnums) / sizeof(*knownEccEnums)); AssertNotNull(group = EC_GROUP_new_by_curve_name(NID_X9_62_prime256v1)); AssertNotNull(group2 = EC_GROUP_dup(group)); AssertNotNull(group3 = wolfSSL_EC_GROUP_new_by_curve_name(NID_secp384r1)); #ifndef HAVE_ECC_BRAINPOOL AssertNotNull(group4 = wolfSSL_EC_GROUP_new_by_curve_name( NID_brainpoolP256r1)); #endif AssertNull(EC_GROUP_dup(NULL)); AssertIntEQ(wolfSSL_EC_GROUP_get_curve_name(NULL), 0); AssertIntEQ(wolfSSL_EC_GROUP_get_curve_name(group), NID_X9_62_prime256v1); AssertIntEQ((group_bits = EC_GROUP_order_bits(NULL)), 0); AssertIntEQ((group_bits = EC_GROUP_order_bits(group)), 256); #ifndef HAVE_ECC_BRAINPOOL AssertIntEQ((group_bits = EC_GROUP_order_bits(group4)), 0); #endif AssertIntEQ(wolfSSL_EC_GROUP_get_degree(NULL), 0); AssertIntEQ(wolfSSL_EC_GROUP_get_degree(group), 256); AssertNotNull(order = BN_new()); AssertIntEQ(wolfSSL_EC_GROUP_get_order(NULL, NULL, NULL), 0); AssertIntEQ(wolfSSL_EC_GROUP_get_order(group, NULL, NULL), 0); AssertIntEQ(wolfSSL_EC_GROUP_get_order(NULL, order, NULL), 0); AssertIntEQ(wolfSSL_EC_GROUP_get_order(group, order, NULL), 1); wolfSSL_BN_free(order); AssertNotNull(EC_GROUP_method_of(group)); AssertIntEQ(EC_METHOD_get_field_type(NULL), 0); AssertIntEQ(EC_METHOD_get_field_type(EC_GROUP_method_of(group)), NID_X9_62_prime_field); AssertIntEQ(wolfSSL_EC_GROUP_cmp(NULL, NULL, NULL), -1); AssertIntEQ(wolfSSL_EC_GROUP_cmp(group, NULL, NULL), -1); AssertIntEQ(wolfSSL_EC_GROUP_cmp(NULL, group, NULL), -1); AssertIntEQ(wolfSSL_EC_GROUP_cmp(group, group3, NULL), 1); #ifndef NO_WOLFSSL_STUB wolfSSL_EC_GROUP_set_asn1_flag(group, OPENSSL_EC_NAMED_CURVE); #endif #ifndef HAVE_ECC_BRAINPOOL EC_GROUP_free(group4); #endif EC_GROUP_free(group3); EC_GROUP_free(group2); EC_GROUP_free(group); for (i = 0; i < knowEccNidsLen; i++) { AssertNotNull(group = EC_GROUP_new_by_curve_name(knownEccNids[i])); AssertIntGT(wolfSSL_EC_GROUP_get_degree(group), 0); EC_GROUP_free(group); } for (i = 0; i < knowEccEnumsLen; i++) { AssertNotNull(group = EC_GROUP_new_by_curve_name(knownEccEnums[i])); AssertIntEQ(wolfSSL_EC_GROUP_get_curve_name(group), knownEccNids[i]); EC_GROUP_free(group); } res = TEST_RES_CHECK(1); #endif return res; } static int test_wolfSSL_PEM_read_bio_ECPKParameters(void) { int res = TEST_SKIPPED; #if !defined(NO_FILESYSTEM) && defined(OPENSSL_EXTRA) && !defined(NO_BIO) EC_GROUP *group; BIO* bio; #if (defined(HAVE_ECC384) || defined(HAVE_ALL_CURVES)) && \ ECC_MIN_KEY_SZ <= 384 && !defined(NO_ECC_SECP) EC_GROUP *ret; static char ec_nc_p384[] = "-----BEGIN EC PARAMETERS-----\n" "BgUrgQQAIg==\n" "-----END EC PARAMETERS-----"; #endif static char ec_nc_bad_1[] = "-----BEGIN EC PARAMETERS-----\n" "MAA=\n" "-----END EC PARAMETERS-----"; static char ec_nc_bad_2[] = "-----BEGIN EC PARAMETERS-----\n" "BgA=\n" "-----END EC PARAMETERS-----"; static char ec_nc_bad_3[] = "-----BEGIN EC PARAMETERS-----\n" "BgE=\n" "-----END EC PARAMETERS-----"; static char ec_nc_bad_4[] = "-----BEGIN EC PARAMETERS-----\n" "BgE*\n" "-----END EC PARAMETERS-----"; /* Test that first parameter, bio, being NULL fails. */ AssertNull(PEM_read_bio_ECPKParameters(NULL, NULL, NULL, NULL)); /* Test that reading named parameters works. */ AssertNotNull(bio = BIO_new(BIO_s_file())); AssertIntEQ(BIO_read_filename(bio, eccKeyFile), WOLFSSL_SUCCESS); AssertNotNull(group = PEM_read_bio_ECPKParameters(bio, NULL, NULL, NULL)); AssertIntEQ(EC_GROUP_get_curve_name(group), NID_X9_62_prime256v1); BIO_free(bio); #if (defined(HAVE_ECC384) || defined(HAVE_ALL_CURVES)) && \ ECC_MIN_KEY_SZ <= 384 && !defined(NO_ECC_SECP) /* Test that reusing group works. */ AssertNotNull(bio = BIO_new_mem_buf((unsigned char*)ec_nc_p384, sizeof(ec_nc_p384))); AssertNotNull(group = PEM_read_bio_ECPKParameters(bio, &group, NULL, NULL)); AssertIntEQ(EC_GROUP_get_curve_name(group), NID_secp384r1); BIO_free(bio); EC_GROUP_free(group); group = NULL; /* Test that returning through group works. */ AssertNotNull(bio = BIO_new_mem_buf((unsigned char*)ec_nc_p384, sizeof(ec_nc_p384))); AssertNotNull(ret = PEM_read_bio_ECPKParameters(bio, &group, NULL, NULL)); AssertIntEQ(group == ret, 1); AssertIntEQ(EC_GROUP_get_curve_name(group), NID_secp384r1); BIO_free(bio); #endif EC_GROUP_free(group); /* Test 0x30, 0x00 (not and object id) fails. */ AssertNotNull(bio = BIO_new_mem_buf((unsigned char*)ec_nc_bad_1, sizeof(ec_nc_bad_1))); AssertNull(PEM_read_bio_ECPKParameters(bio, NULL, NULL, NULL)); BIO_free(bio); /* Test 0x06, 0x00 (empty object id) fails. */ AssertNotNull(bio = BIO_new_mem_buf((unsigned char*)ec_nc_bad_2, sizeof(ec_nc_bad_2))); AssertNull(PEM_read_bio_ECPKParameters(bio, NULL, NULL, NULL)); BIO_free(bio); /* Test 0x06, 0x01 (badly formed object id) fails. */ AssertNotNull(bio = BIO_new_mem_buf((unsigned char*)ec_nc_bad_3, sizeof(ec_nc_bad_3))); AssertNull(PEM_read_bio_ECPKParameters(bio, NULL, NULL, NULL)); BIO_free(bio); /* Test invalid PEM encoding - invalid character. */ AssertNotNull(bio = BIO_new_mem_buf((unsigned char*)ec_nc_bad_4, sizeof(ec_nc_bad_4))); AssertNull(PEM_read_bio_ECPKParameters(bio, NULL, NULL, NULL)); BIO_free(bio); res = TEST_RES_CHECK(1); #endif return res; } static int test_wolfSSL_EC_POINT(void) { int res = TEST_SKIPPED; #if !defined(WOLFSSL_SP_MATH) && \ (!defined(HAVE_FIPS) || (defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION>2))) #ifdef OPENSSL_EXTRA BN_CTX* ctx; EC_GROUP* group; #ifndef HAVE_ECC_BRAINPOOL EC_GROUP* group2; #endif EC_POINT* Gxy; EC_POINT* new_point; EC_POINT* set_point; EC_POINT* infinity; BIGNUM* k = NULL; BIGNUM* Gx = NULL; BIGNUM* Gy = NULL; BIGNUM* Gz = NULL; BIGNUM* X; BIGNUM* Y; BIGNUM* set_point_bn; char* hexStr; const char* kTest = "F4F8338AFCC562C5C3F3E1E46A7EFECD" "17AF381913FF7A96314EA47055EA0FD0"; /* NISTP256R1 Gx/Gy */ const char* kGx = "6B17D1F2E12C4247F8BCE6E563A440F2" "77037D812DEB33A0F4A13945D898C296"; const char* kGy = "4FE342E2FE1A7F9B8EE7EB4A7C0F9E16" "2BCE33576B315ECECBB6406837BF51F5"; #ifndef HAVE_SELFTEST EC_POINT *tmp; size_t bin_len; unsigned int blen; unsigned char* buf = NULL; unsigned char bufInf[1] = { 0x00 }; const char* uncompG = "046B17D1F2E12C4247F8BCE6E563A440F2" "77037D812DEB33A0F4A13945D898C296" "4FE342E2FE1A7F9B8EE7EB4A7C0F9E16" "2BCE33576B315ECECBB6406837BF51F5"; const unsigned char binUncompG[] = { 0x04, 0x6b, 0x17, 0xd1, 0xf2, 0xe1, 0x2c, 0x42, 0x47, 0xf8, 0xbc, 0xe6, 0xe5, 0x63, 0xa4, 0x40, 0xf2, 0x77, 0x03, 0x7d, 0x81, 0x2d, 0xeb, 0x33, 0xa0, 0xf4, 0xa1, 0x39, 0x45, 0xd8, 0x98, 0xc2, 0x96, 0x4f, 0xe3, 0x42, 0xe2, 0xfe, 0x1a, 0x7f, 0x9b, 0x8e, 0xe7, 0xeb, 0x4a, 0x7c, 0x0f, 0x9e, 0x16, 0x2b, 0xce, 0x33, 0x57, 0x6b, 0x31, 0x5e, 0xce, 0xcb, 0xb6, 0x40, 0x68, 0x37, 0xbf, 0x51, 0xf5, }; const unsigned char binUncompGBad[] = { 0x09, 0x6b, 0x17, 0xd1, 0xf2, 0xe1, 0x2c, 0x42, 0x47, 0xf8, 0xbc, 0xe6, 0xe5, 0x63, 0xa4, 0x40, 0xf2, 0x77, 0x03, 0x7d, 0x81, 0x2d, 0xeb, 0x33, 0xa0, 0xf4, 0xa1, 0x39, 0x45, 0xd8, 0x98, 0xc2, 0x96, 0x4f, 0xe3, 0x42, 0xe2, 0xfe, 0x1a, 0x7f, 0x9b, 0x8e, 0xe7, 0xeb, 0x4a, 0x7c, 0x0f, 0x9e, 0x16, 0x2b, 0xce, 0x33, 0x57, 0x6b, 0x31, 0x5e, 0xce, 0xcb, 0xb6, 0x40, 0x68, 0x37, 0xbf, 0x51, 0xf5, }; const char* compG = "036B17D1F2E12C4247F8BCE6E563A440F2" "77037D812DEB33A0F4A13945D898C296"; #ifdef HAVE_COMP_KEY const unsigned char binCompG[] = { 0x03, 0x6b, 0x17, 0xd1, 0xf2, 0xe1, 0x2c, 0x42, 0x47, 0xf8, 0xbc, 0xe6, 0xe5, 0x63, 0xa4, 0x40, 0xf2, 0x77, 0x03, 0x7d, 0x81, 0x2d, 0xeb, 0x33, 0xa0, 0xf4, 0xa1, 0x39, 0x45, 0xd8, 0x98, 0xc2, 0x96, }; #endif #endif AssertNotNull(ctx = BN_CTX_new()); AssertNotNull(group = EC_GROUP_new_by_curve_name(NID_X9_62_prime256v1)); #ifndef HAVE_ECC_BRAINPOOL /* Used to make groups curve_idx == -1. */ AssertNotNull(group2 = EC_GROUP_new_by_curve_name(NID_brainpoolP256r1)); #endif AssertNull(EC_POINT_new(NULL)); AssertNotNull(Gxy = EC_POINT_new(group)); AssertNotNull(new_point = EC_POINT_new(group)); AssertNotNull(set_point = EC_POINT_new(group)); AssertNotNull(X = BN_new()); AssertNotNull(Y = BN_new()); AssertNotNull(set_point_bn = BN_new()); AssertNotNull(infinity = EC_POINT_new(group)); /* load test values */ AssertIntEQ(BN_hex2bn(&k, kTest), WOLFSSL_SUCCESS); AssertIntEQ(BN_hex2bn(&Gx, kGx), WOLFSSL_SUCCESS); AssertIntEQ(BN_hex2bn(&Gy, kGy), WOLFSSL_SUCCESS); AssertIntEQ(BN_hex2bn(&Gz, "1"), WOLFSSL_SUCCESS); /* populate coordinates for input point */ Gxy->X = Gx; Gxy->Y = Gy; Gxy->Z = Gz; /* Test handling of NULL point. */ EC_POINT_clear_free(NULL); AssertIntEQ(wolfSSL_EC_POINT_get_affine_coordinates_GFp(NULL, NULL, NULL, NULL, ctx), 0); AssertIntEQ(wolfSSL_EC_POINT_get_affine_coordinates_GFp(group, NULL, NULL, NULL, ctx), 0); AssertIntEQ(wolfSSL_EC_POINT_get_affine_coordinates_GFp(NULL, Gxy, NULL, NULL, ctx), 0); AssertIntEQ(wolfSSL_EC_POINT_get_affine_coordinates_GFp(NULL, NULL, X, NULL, ctx), 0); AssertIntEQ(wolfSSL_EC_POINT_get_affine_coordinates_GFp(NULL, NULL, NULL, Y, ctx), 0); AssertIntEQ(wolfSSL_EC_POINT_get_affine_coordinates_GFp(NULL, Gxy, X, Y, ctx), 0); AssertIntEQ(wolfSSL_EC_POINT_get_affine_coordinates_GFp(group, NULL, X, Y, ctx), 0); AssertIntEQ(wolfSSL_EC_POINT_get_affine_coordinates_GFp(group, Gxy, NULL, Y, ctx), 0); AssertIntEQ(wolfSSL_EC_POINT_get_affine_coordinates_GFp(group, Gxy, X, NULL, ctx), 0); /* Getting point at infinity returns an error. */ AssertIntEQ(wolfSSL_EC_POINT_get_affine_coordinates_GFp(group, infinity, X, Y, ctx), 0); #if !defined(WOLFSSL_ATECC508A) && !defined(WOLFSSL_ATECC608A) && \ !defined(HAVE_SELFTEST) && !defined(WOLFSSL_SP_MATH) && \ !defined(WOLF_CRYPTO_CB_ONLY_ECC) AssertIntEQ(EC_POINT_add(NULL, NULL, NULL, NULL, ctx), 0); AssertIntEQ(EC_POINT_add(group, NULL, NULL, NULL, ctx), 0); AssertIntEQ(EC_POINT_add(NULL, new_point, NULL, NULL, ctx), 0); AssertIntEQ(EC_POINT_add(NULL, NULL, new_point, NULL, ctx), 0); AssertIntEQ(EC_POINT_add(NULL, NULL, NULL, Gxy, ctx), 0); AssertIntEQ(EC_POINT_add(NULL, new_point, new_point, Gxy, ctx), 0); AssertIntEQ(EC_POINT_add(group, NULL, new_point, Gxy, ctx), 0); AssertIntEQ(EC_POINT_add(group, new_point, NULL, Gxy, ctx), 0); AssertIntEQ(EC_POINT_add(group, new_point, new_point, NULL, ctx), 0); AssertIntEQ(EC_POINT_mul(NULL, NULL, Gx, Gxy, k, ctx), 0); AssertIntEQ(EC_POINT_mul(NULL, new_point, Gx, Gxy, k, ctx), 0); AssertIntEQ(EC_POINT_mul(group, NULL, Gx, Gxy, k, ctx), 0); AssertIntEQ(EC_POINT_add(group, new_point, new_point, Gxy, ctx), 1); /* perform point multiplication */ AssertIntEQ(EC_POINT_mul(group, new_point, Gx, Gxy, k, ctx), 1); AssertIntEQ(BN_is_zero(new_point->X), 0); AssertIntEQ(BN_is_zero(new_point->Y), 0); AssertIntEQ(BN_is_zero(new_point->Z), 0); AssertIntEQ(EC_POINT_mul(group, new_point, NULL, Gxy, k, ctx), 1); AssertIntEQ(BN_is_zero(new_point->X), 0); AssertIntEQ(BN_is_zero(new_point->Y), 0); AssertIntEQ(BN_is_zero(new_point->Z), 0); AssertIntEQ(EC_POINT_mul(group, new_point, Gx, NULL, NULL, ctx), 1); AssertIntEQ(BN_is_zero(new_point->X), 0); AssertIntEQ(BN_is_zero(new_point->Y), 0); AssertIntEQ(BN_is_zero(new_point->Z), 0); AssertIntEQ(EC_POINT_mul(group, new_point, NULL, NULL, NULL, ctx), 1); AssertIntEQ(BN_is_zero(new_point->X), 1); AssertIntEQ(BN_is_zero(new_point->Y), 1); AssertIntEQ(BN_is_zero(new_point->Z), 1); /* Set point to something. */ AssertIntEQ(EC_POINT_add(group, new_point, Gxy, Gxy, ctx), 1); #else AssertIntEQ(EC_POINT_set_affine_coordinates_GFp(group, new_point, Gx, Gy, ctx), 1); AssertIntEQ(BN_is_zero(new_point->X), 0); AssertIntEQ(BN_is_zero(new_point->Y), 0); AssertIntEQ(BN_is_zero(new_point->Z), 0); #endif /* check if point X coordinate is zero */ AssertIntEQ(BN_is_zero(new_point->X), 0); #if defined(USE_ECC_B_PARAM) && !defined(HAVE_SELFTEST) && \ (!defined(HAVE_FIPS) || FIPS_VERSION_GT(2,0)) AssertIntEQ(EC_POINT_is_on_curve(group, new_point, ctx), 1); #endif /* extract the coordinates from point */ AssertIntEQ(EC_POINT_get_affine_coordinates_GFp(group, new_point, X, Y, ctx), WOLFSSL_SUCCESS); /* check if point X coordinate is zero */ AssertIntEQ(BN_is_zero(X), WOLFSSL_FAILURE); /* set the same X and Y points in another object */ AssertIntEQ(EC_POINT_set_affine_coordinates_GFp(group, set_point, X, Y, ctx), WOLFSSL_SUCCESS); /* compare points as they should be the same */ AssertIntEQ(EC_POINT_cmp(NULL, NULL, NULL, ctx), -1); AssertIntEQ(EC_POINT_cmp(group, NULL, NULL, ctx), -1); AssertIntEQ(EC_POINT_cmp(NULL, new_point, NULL, ctx), -1); AssertIntEQ(EC_POINT_cmp(NULL, NULL, set_point, ctx), -1); AssertIntEQ(EC_POINT_cmp(NULL, new_point, set_point, ctx), -1); AssertIntEQ(EC_POINT_cmp(group, NULL, set_point, ctx), -1); AssertIntEQ(EC_POINT_cmp(group, new_point, NULL, ctx), -1); AssertIntEQ(EC_POINT_cmp(group, new_point, set_point, ctx), 0); /* Test copying */ AssertIntEQ(EC_POINT_copy(NULL, NULL), 0); AssertIntEQ(EC_POINT_copy(NULL, set_point), 0); AssertIntEQ(EC_POINT_copy(new_point, NULL), 0); AssertIntEQ(EC_POINT_copy(new_point, set_point), 1); /* Test inverting */ AssertIntEQ(EC_POINT_invert(NULL, NULL, ctx), 0); AssertIntEQ(EC_POINT_invert(NULL, new_point, ctx), 0); AssertIntEQ(EC_POINT_invert(group, NULL, ctx), 0); AssertIntEQ(EC_POINT_invert(group, new_point, ctx), 1); /* Test getting affine converts from projective. */ AssertIntEQ(EC_POINT_copy(set_point, new_point), 1); /* Force non-affine coordinates */ AssertIntEQ(BN_add(new_point->Z, (WOLFSSL_BIGNUM*)BN_value_one(), (WOLFSSL_BIGNUM*)BN_value_one()), 1); new_point->inSet = 0; /* extract the coordinates from point */ AssertIntEQ(EC_POINT_get_affine_coordinates_GFp(group, new_point, X, Y, ctx), WOLFSSL_SUCCESS); /* check if point ordinates have changed. */ AssertIntNE(BN_cmp(X, set_point->X), 0); AssertIntNE(BN_cmp(Y, set_point->Y), 0); /* Test check for infinity */ #ifndef WOLF_CRYPTO_CB_ONLY_ECC AssertIntEQ(EC_POINT_is_at_infinity(NULL, NULL), 0); AssertIntEQ(EC_POINT_is_at_infinity(NULL, infinity), 0); AssertIntEQ(EC_POINT_is_at_infinity(group, NULL), 0); AssertIntEQ(EC_POINT_is_at_infinity(group, infinity), 1); AssertIntEQ(EC_POINT_is_at_infinity(group, Gxy), 0); #else AssertIntEQ(EC_POINT_is_at_infinity(group, infinity), 0); #endif AssertPtrEq(EC_POINT_point2bn(group, set_point, POINT_CONVERSION_UNCOMPRESSED, set_point_bn, ctx), set_point_bn); /* check bn2hex */ hexStr = BN_bn2hex(k); AssertStrEQ(hexStr, kTest); #if !defined(NO_FILESYSTEM) && defined(XFPRINTF) BN_print_fp(stderr, k); fprintf(stderr, "\n"); #endif XFREE(hexStr, NULL, DYNAMIC_TYPE_ECC); hexStr = BN_bn2hex(Gx); AssertStrEQ(hexStr, kGx); #if !defined(NO_FILESYSTEM) && defined(XFPRINTF) BN_print_fp(stderr, Gx); fprintf(stderr, "\n"); #endif XFREE(hexStr, NULL, DYNAMIC_TYPE_ECC); hexStr = BN_bn2hex(Gy); AssertStrEQ(hexStr, kGy); #if !defined(NO_FILESYSTEM) && defined(XFPRINTF) BN_print_fp(stderr, Gy); fprintf(stderr, "\n"); #endif XFREE(hexStr, NULL, DYNAMIC_TYPE_ECC); #ifndef HAVE_SELFTEST /* Test point to hex */ AssertNull(EC_POINT_point2hex(NULL, NULL, POINT_CONVERSION_UNCOMPRESSED, ctx)); AssertNull(EC_POINT_point2hex(NULL, Gxy, POINT_CONVERSION_UNCOMPRESSED, ctx)); AssertNull(EC_POINT_point2hex(group, NULL, POINT_CONVERSION_UNCOMPRESSED, ctx)); #ifndef HAVE_ECC_BRAINPOOL /* Group not supported in wolfCrypt. */ AssertNull(EC_POINT_point2hex(group2, Gxy, POINT_CONVERSION_UNCOMPRESSED, ctx)); #endif hexStr = EC_POINT_point2hex(group, Gxy, POINT_CONVERSION_UNCOMPRESSED, ctx); AssertStrEQ(hexStr, uncompG); XFREE(hexStr, NULL, DYNAMIC_TYPE_ECC); hexStr = EC_POINT_point2hex(group, Gxy, POINT_CONVERSION_COMPRESSED, ctx); AssertStrEQ(hexStr, compG); XFREE(hexStr, NULL, DYNAMIC_TYPE_ECC); /* Test point to oct */ AssertIntEQ(EC_POINT_point2oct(NULL, NULL, POINT_CONVERSION_UNCOMPRESSED, NULL, 0, ctx), 0); AssertIntEQ(EC_POINT_point2oct(NULL, Gxy, POINT_CONVERSION_UNCOMPRESSED, NULL, 0, ctx), 0); AssertIntEQ(EC_POINT_point2oct(group, NULL, POINT_CONVERSION_UNCOMPRESSED, NULL, 0, ctx), 0); bin_len = EC_POINT_point2oct(group, Gxy, POINT_CONVERSION_UNCOMPRESSED, NULL, 0, ctx); AssertIntEQ(bin_len, sizeof(binUncompG)); AssertNotNull(buf = (unsigned char*)XMALLOC(bin_len, NULL, DYNAMIC_TYPE_ECC)); AssertIntEQ(EC_POINT_point2oct(group, Gxy, POINT_CONVERSION_UNCOMPRESSED, buf, bin_len, ctx), bin_len); AssertIntEQ(XMEMCMP(buf, binUncompG, sizeof(binUncompG)), 0); XFREE(buf, NULL, DYNAMIC_TYPE_ECC); /* Infinity (x=0, y=0) encodes as '0x00'. */ AssertIntEQ(EC_POINT_point2oct(group, infinity, POINT_CONVERSION_UNCOMPRESSED, NULL, 0, ctx), 1); AssertIntEQ(EC_POINT_point2oct(group, infinity, POINT_CONVERSION_UNCOMPRESSED, bufInf, 0, ctx), 0); AssertIntEQ(EC_POINT_point2oct(group, infinity, POINT_CONVERSION_UNCOMPRESSED, bufInf, 1, ctx), 1); AssertIntEQ(bufInf[0], 0); wolfSSL_EC_POINT_dump(NULL, NULL); /* Test point i2d */ AssertIntEQ(ECPoint_i2d(NULL, NULL, NULL, &blen), 0); AssertIntEQ(ECPoint_i2d(NULL, Gxy, NULL, &blen), 0); AssertIntEQ(ECPoint_i2d(group, NULL, NULL, &blen), 0); AssertIntEQ(ECPoint_i2d(group, Gxy, NULL, NULL), 0); AssertIntEQ(ECPoint_i2d(group, Gxy, NULL, &blen), 1); AssertIntEQ(blen, sizeof(binUncompG)); AssertNotNull(buf = (unsigned char*)XMALLOC(blen, NULL, DYNAMIC_TYPE_ECC)); blen -= 1; AssertIntEQ(ECPoint_i2d(group, Gxy, buf, &blen), 0); blen += 1; AssertIntEQ(ECPoint_i2d(group, Gxy, buf, &blen), 1); AssertIntEQ(XMEMCMP(buf, binUncompG, sizeof(binUncompG)), 0); XFREE(buf, NULL, DYNAMIC_TYPE_ECC); #ifdef HAVE_COMP_KEY /* Test point to oct compressed */ bin_len = EC_POINT_point2oct(group, Gxy, POINT_CONVERSION_COMPRESSED, NULL, 0, ctx); AssertIntEQ(bin_len, sizeof(binCompG)); AssertNotNull(buf = (unsigned char*)XMALLOC(bin_len, NULL, DYNAMIC_TYPE_ECC)); AssertIntEQ(EC_POINT_point2oct(group, Gxy, POINT_CONVERSION_COMPRESSED, buf, bin_len, ctx), bin_len); AssertIntEQ(XMEMCMP(buf, binCompG, sizeof(binCompG)), 0); XFREE(buf, NULL, DYNAMIC_TYPE_ECC); #endif /* Test point BN */ AssertNull(wolfSSL_EC_POINT_point2bn(NULL, NULL, POINT_CONVERSION_UNCOMPRESSED, NULL, ctx)); AssertNull(wolfSSL_EC_POINT_point2bn(NULL, Gxy, POINT_CONVERSION_UNCOMPRESSED, NULL, ctx)); AssertNull(wolfSSL_EC_POINT_point2bn(group, NULL, POINT_CONVERSION_UNCOMPRESSED, NULL, ctx)); AssertNull(wolfSSL_EC_POINT_point2bn(group, Gxy, 0, NULL, ctx)); /* Test oct to point */ AssertNotNull(tmp = EC_POINT_new(group)); AssertIntEQ(EC_POINT_oct2point(NULL, NULL, binUncompG, sizeof(binUncompG), ctx), 0); AssertIntEQ(EC_POINT_oct2point(NULL, tmp, binUncompG, sizeof(binUncompG), ctx), 0); AssertIntEQ(EC_POINT_oct2point(group, NULL, binUncompG, sizeof(binUncompG), ctx), 0); AssertIntEQ(EC_POINT_oct2point(group, tmp, binUncompGBad, sizeof(binUncompGBad), ctx), 0); AssertIntEQ(EC_POINT_oct2point(group, tmp, binUncompG, sizeof(binUncompG), ctx), 1); AssertIntEQ(EC_POINT_cmp(group, tmp, Gxy, ctx), 0); EC_POINT_free(tmp); /* Test setting BN ordinates. */ AssertNotNull(tmp = EC_POINT_new(group)); AssertIntEQ(wolfSSL_EC_POINT_set_affine_coordinates_GFp(NULL, NULL, NULL, NULL, ctx), 0); AssertIntEQ(wolfSSL_EC_POINT_set_affine_coordinates_GFp(group, NULL, NULL, NULL, ctx), 0); AssertIntEQ(wolfSSL_EC_POINT_set_affine_coordinates_GFp(NULL, tmp, NULL, NULL, ctx), 0); AssertIntEQ(wolfSSL_EC_POINT_set_affine_coordinates_GFp(NULL, NULL, Gx, NULL, ctx), 0); AssertIntEQ(wolfSSL_EC_POINT_set_affine_coordinates_GFp(NULL, NULL, NULL, Gy, ctx), 0); AssertIntEQ(wolfSSL_EC_POINT_set_affine_coordinates_GFp(NULL, tmp, Gx, Gy, ctx), 0); AssertIntEQ(wolfSSL_EC_POINT_set_affine_coordinates_GFp(group, NULL, Gx, Gy, ctx), 0); AssertIntEQ(wolfSSL_EC_POINT_set_affine_coordinates_GFp(group, tmp, NULL, Gy, ctx), 0); AssertIntEQ(wolfSSL_EC_POINT_set_affine_coordinates_GFp(group, tmp, Gx, NULL, ctx), 0); AssertIntEQ(wolfSSL_EC_POINT_set_affine_coordinates_GFp(group, tmp, Gx, Gy, ctx), 1); EC_POINT_free(tmp); /* Test point d2i */ AssertNotNull(tmp = EC_POINT_new(group)); AssertIntEQ(ECPoint_d2i(NULL, sizeof(binUncompG), NULL, NULL), 0); AssertIntEQ(ECPoint_d2i(binUncompG, sizeof(binUncompG), NULL, NULL), 0); AssertIntEQ(ECPoint_d2i(NULL, sizeof(binUncompG), group, NULL), 0); AssertIntEQ(ECPoint_d2i(NULL, sizeof(binUncompG), NULL, tmp), 0); AssertIntEQ(ECPoint_d2i(NULL, sizeof(binUncompG), group, tmp), 0); AssertIntEQ(ECPoint_d2i(binUncompG, sizeof(binUncompG), NULL, tmp), 0); AssertIntEQ(ECPoint_d2i(binUncompG, sizeof(binUncompG), group, NULL), 0); AssertIntEQ(ECPoint_d2i(binUncompGBad, sizeof(binUncompG), group, tmp), 0); AssertIntEQ(ECPoint_d2i(binUncompG, sizeof(binUncompG), group, tmp), 1); AssertIntEQ(EC_POINT_cmp(group, tmp, Gxy, ctx), 0); EC_POINT_free(tmp); #ifdef HAVE_COMP_KEY /* Test oct compressed to point */ AssertNotNull(tmp = EC_POINT_new(group)); AssertIntEQ(EC_POINT_oct2point(group, tmp, binCompG, sizeof(binCompG), ctx), 1); AssertIntEQ(EC_POINT_cmp(group, tmp, Gxy, ctx), 0); EC_POINT_free(tmp); /* Test point d2i - compressed */ AssertNotNull(tmp = EC_POINT_new(group)); AssertIntEQ(ECPoint_d2i(binCompG, sizeof(binCompG), group, tmp), 1); AssertIntEQ(EC_POINT_cmp(group, tmp, Gxy, ctx), 0); EC_POINT_free(tmp); #endif #endif /* test BN_mod_add */ AssertIntEQ(BN_mod_add(new_point->Z, (WOLFSSL_BIGNUM*)BN_value_one(), (WOLFSSL_BIGNUM*)BN_value_one(), (WOLFSSL_BIGNUM*)BN_value_one(), NULL), 1); AssertIntEQ(BN_is_zero(new_point->Z), 1); /* cleanup */ BN_free(X); BN_free(Y); BN_free(k); BN_free(set_point_bn); EC_POINT_free(infinity); EC_POINT_free(new_point); EC_POINT_free(set_point); EC_POINT_clear_free(Gxy); #ifndef HAVE_ECC_BRAINPOOL EC_GROUP_free(group2); #endif EC_GROUP_free(group); BN_CTX_free(ctx); res = TEST_RES_CHECK(1); #endif #endif /* !WOLFSSL_SP_MATH && ( !HAVE_FIPS || HAVE_FIPS_VERSION > 2) */ return res; } static int test_wolfSSL_EC_KEY_generate(void) { int res = TEST_SKIPPED; #ifdef OPENSSL_EXTRA WOLFSSL_EC_KEY* key; #ifndef HAVE_ECC_BRAINPOOL WOLFSSL_EC_GROUP* group; #endif AssertNotNull(key = EC_KEY_new_by_curve_name(NID_X9_62_prime256v1)); AssertIntEQ(wolfSSL_EC_KEY_generate_key(NULL), 0); AssertIntEQ(wolfSSL_EC_KEY_generate_key(key), 1); wolfSSL_EC_KEY_free(key); #ifndef HAVE_ECC_BRAINPOOL AssertNotNull(group = wolfSSL_EC_GROUP_new_by_curve_name( NID_brainpoolP256r1)); AssertNotNull(key = wolfSSL_EC_KEY_new()); AssertIntEQ(wolfSSL_EC_KEY_set_group(key, group), 1); AssertIntEQ(wolfSSL_EC_KEY_generate_key(key), 0); wolfSSL_EC_KEY_free(key); wolfSSL_EC_GROUP_free(group); #endif res = TEST_RES_CHECK(1); #endif return res; } static int test_EC_i2d(void) { int res = TEST_SKIPPED; #if defined(OPENSSL_EXTRA) && !defined(HAVE_FIPS) EC_KEY *key; EC_KEY *copy = NULL; int len; unsigned char *buf = NULL; unsigned char *p; const unsigned char *tmp = NULL; const unsigned char octBad[] = { 0x09, 0x6b, 0x17, 0xd1, 0xf2, 0xe1, 0x2c, 0x42, 0x47, 0xf8, 0xbc, 0xe6, 0xe5, 0x63, 0xa4, 0x40, 0xf2, 0x77, 0x03, 0x7d, 0x81, 0x2d, 0xeb, 0x33, 0xa0, 0xf4, 0xa1, 0x39, 0x45, 0xd8, 0x98, 0xc2, 0x96, 0x4f, 0xe3, 0x42, 0xe2, 0xfe, 0x1a, 0x7f, 0x9b, 0x8e, 0xe7, 0xeb, 0x4a, 0x7c, 0x0f, 0x9e, 0x16, 0x2b, 0xce, 0x33, 0x57, 0x6b, 0x31, 0x5e, 0xce, 0xcb, 0xb6, 0x40, 0x68, 0x37, 0xbf, 0x51, 0xf5, }; AssertNotNull(key = EC_KEY_new_by_curve_name(NID_X9_62_prime256v1)); AssertIntEQ(EC_KEY_generate_key(key), 1); AssertIntGT((len = i2d_EC_PUBKEY(key, NULL)), 0); AssertNotNull(buf = (unsigned char*)XMALLOC(len, NULL, DYNAMIC_TYPE_TMP_BUFFER)); p = buf; AssertIntEQ(i2d_EC_PUBKEY(key, &p), len); AssertNull(o2i_ECPublicKey(NULL, NULL, -1)); AssertNull(o2i_ECPublicKey(©, NULL, -1)); AssertNull(o2i_ECPublicKey(&key, NULL, -1)); AssertNull(o2i_ECPublicKey(NULL, &tmp, -1)); AssertNull(o2i_ECPublicKey(NULL, NULL, 0)); AssertNull(o2i_ECPublicKey(&key, NULL, 0)); AssertNull(o2i_ECPublicKey(&key, &tmp, 0)); tmp = buf; AssertNull(o2i_ECPublicKey(NULL, &tmp, 0)); AssertNull(o2i_ECPublicKey(©, &tmp, 0)); AssertNull(o2i_ECPublicKey(NULL, &tmp, -1)); AssertNull(o2i_ECPublicKey(&key, &tmp, -1)); AssertIntEQ(i2o_ECPublicKey(NULL, NULL), 0); AssertIntEQ(i2o_ECPublicKey(NULL, &buf), 0); tmp = buf; AssertNull(d2i_ECPrivateKey(NULL, &tmp, 0)); AssertNull(d2i_ECPrivateKey(NULL, &tmp, 1)); AssertNull(d2i_ECPrivateKey(©, &tmp, 0)); AssertNull(d2i_ECPrivateKey(©, &tmp, 1)); AssertNull(d2i_ECPrivateKey(&key, &tmp, 0)); AssertIntEQ(i2d_ECPrivateKey(NULL, &p), 0); AssertIntEQ(i2d_ECPrivateKey(NULL, NULL), 0); AssertIntEQ(wolfSSL_EC_KEY_LoadDer(NULL, NULL, -1), -1); AssertIntEQ(wolfSSL_EC_KEY_LoadDer_ex(NULL, NULL, -1, 0), -1); AssertIntEQ(wolfSSL_EC_KEY_LoadDer_ex(key, NULL, -1, 0), -1); AssertIntEQ(wolfSSL_EC_KEY_LoadDer_ex(NULL, buf, -1, 0), -1); AssertIntEQ(wolfSSL_EC_KEY_LoadDer_ex(NULL, NULL, 0, 0), -1); AssertIntEQ(wolfSSL_EC_KEY_LoadDer_ex(NULL, NULL, -1, WOLFSSL_EC_KEY_LOAD_PUBLIC), -1); AssertIntEQ(wolfSSL_EC_KEY_LoadDer_ex(NULL, buf, len, WOLFSSL_EC_KEY_LOAD_PUBLIC), -1); AssertIntEQ(wolfSSL_EC_KEY_LoadDer_ex(key, NULL, len, WOLFSSL_EC_KEY_LOAD_PUBLIC), -1); AssertIntEQ(wolfSSL_EC_KEY_LoadDer_ex(key, buf, -1, WOLFSSL_EC_KEY_LOAD_PUBLIC), -1); AssertIntEQ(wolfSSL_EC_KEY_LoadDer_ex(key, buf, len, 0), -1); AssertIntEQ(wolfSSL_EC_KEY_LoadDer_ex(key, buf, len, WOLFSSL_EC_KEY_LOAD_PRIVATE), -1); AssertIntEQ(wolfSSL_EC_KEY_LoadDer_ex(key, octBad, sizeof(octBad), WOLFSSL_EC_KEY_LOAD_PRIVATE), -1); AssertIntEQ(wolfSSL_EC_KEY_LoadDer_ex(key, octBad, sizeof(octBad), WOLFSSL_EC_KEY_LOAD_PUBLIC), -1); XFREE(buf, NULL, DYNAMIC_TYPE_TMP_BUFFER); buf = NULL; AssertIntGT((len = i2d_ECPrivateKey(key, NULL)), 0); AssertNotNull(buf = (unsigned char*)XMALLOC(len, NULL, DYNAMIC_TYPE_TMP_BUFFER)); p = buf; AssertIntEQ(i2d_ECPrivateKey(key, &p), len); p = NULL; AssertIntEQ(i2d_ECPrivateKey(key, &p), len); XFREE(p, NULL, DYNAMIC_TYPE_TMP_BUFFER); /* Bad point is also an invalid private key. */ tmp = octBad; AssertNull(d2i_ECPrivateKey(©, &tmp, sizeof(octBad))); tmp = buf; AssertNotNull(d2i_ECPrivateKey(©, &tmp, len)); XFREE(buf, NULL, DYNAMIC_TYPE_TMP_BUFFER); buf = NULL; AssertIntGT((len = i2o_ECPublicKey(key, NULL)), 0); AssertNotNull(buf = (unsigned char*)XMALLOC(len, NULL, DYNAMIC_TYPE_TMP_BUFFER)); p = buf; AssertIntGT((len = i2o_ECPublicKey(key, &p)), 0); p = NULL; AssertIntGT((len = i2o_ECPublicKey(key, &p)), 0); tmp = buf; AssertNotNull(o2i_ECPublicKey(©, &tmp, len)); tmp = octBad; AssertNull(o2i_ECPublicKey(&key, &tmp, sizeof(octBad))); AssertIntEQ(EC_KEY_check_key(NULL), 0); AssertIntEQ(EC_KEY_check_key(key), 1); XFREE(p, NULL, DYNAMIC_TYPE_OPENSSL); XFREE(buf, NULL, DYNAMIC_TYPE_OPENSSL); EC_KEY_free(key); EC_KEY_free(copy); res = TEST_RES_CHECK(1); #endif return res; } static int test_wolfSSL_EC_curve(void) { int res = TEST_SKIPPED; #if defined(OPENSSL_EXTRA) int nid = NID_secp160k1; const char* nid_name; AssertNull(EC_curve_nid2nist(NID_sha256)); AssertNotNull(nid_name = EC_curve_nid2nist(nid)); AssertIntEQ(XMEMCMP(nid_name, "K-160", XSTRLEN("K-160")), 0); AssertIntEQ(EC_curve_nist2nid("INVALID"), 0); AssertIntEQ(EC_curve_nist2nid(nid_name), nid); res = TEST_RES_CHECK(1); #endif return res; } static int test_wolfSSL_EC_KEY_dup(void) { int res = TEST_SKIPPED; #if defined(OPENSSL_ALL) && !defined(NO_CERTS) WOLFSSL_EC_KEY* ecKey; WOLFSSL_EC_KEY* dupKey; ecc_key* srcKey; ecc_key* destKey; AssertNotNull(ecKey = wolfSSL_EC_KEY_new()); AssertIntEQ(wolfSSL_EC_KEY_generate_key(ecKey), 1); /* Valid cases */ AssertNotNull(dupKey = wolfSSL_EC_KEY_dup(ecKey)); AssertIntEQ(EC_KEY_check_key(dupKey), 1); /* Compare pubkey */ srcKey = (ecc_key*)ecKey->internal; destKey = (ecc_key*)dupKey->internal; AssertIntEQ(wc_ecc_cmp_point(&srcKey->pubkey, &destKey->pubkey), 0); /* compare EC_GROUP */ AssertIntEQ(wolfSSL_EC_GROUP_cmp(ecKey->group, dupKey->group, NULL), MP_EQ); /* compare EC_POINT */ AssertIntEQ(wolfSSL_EC_POINT_cmp(ecKey->group, ecKey->pub_key, \ dupKey->pub_key, NULL), MP_EQ); /* compare BIGNUM */ AssertIntEQ(wolfSSL_BN_cmp(ecKey->priv_key, dupKey->priv_key), MP_EQ); wolfSSL_EC_KEY_free(dupKey); /* Invalid cases */ /* NULL key */ AssertNull(dupKey = wolfSSL_EC_KEY_dup(NULL)); /* NULL ecc_key */ wc_ecc_free((ecc_key*)ecKey->internal); XFREE(ecKey->internal, NULL, DYNAMIC_TYPE_ECC); ecKey->internal = NULL; /* Set ecc_key to NULL */ AssertNull(dupKey = wolfSSL_EC_KEY_dup(ecKey)); wolfSSL_EC_KEY_free(ecKey); wolfSSL_EC_KEY_free(dupKey); /* NULL Group */ AssertNotNull(ecKey = wolfSSL_EC_KEY_new()); AssertIntEQ(wolfSSL_EC_KEY_generate_key(ecKey), 1); wolfSSL_EC_GROUP_free(ecKey->group); ecKey->group = NULL; /* Set group to NULL */ AssertNull(dupKey = wolfSSL_EC_KEY_dup(ecKey)); wolfSSL_EC_KEY_free(ecKey); wolfSSL_EC_KEY_free(dupKey); /* NULL public key */ AssertNotNull(ecKey = wolfSSL_EC_KEY_new()); AssertIntEQ(wolfSSL_EC_KEY_generate_key(ecKey), 1); wc_ecc_del_point((ecc_point*)ecKey->pub_key->internal); ecKey->pub_key->internal = NULL; /* Set ecc_point to NULL */ AssertNull(dupKey = wolfSSL_EC_KEY_dup(ecKey)); wolfSSL_EC_POINT_free(ecKey->pub_key); ecKey->pub_key = NULL; /* Set pub_key to NULL */ AssertNull(dupKey = wolfSSL_EC_KEY_dup(ecKey)); wolfSSL_EC_KEY_free(ecKey); wolfSSL_EC_KEY_free(dupKey); /* NULL private key */ AssertNotNull(ecKey = wolfSSL_EC_KEY_new()); AssertIntEQ(wolfSSL_EC_KEY_generate_key(ecKey), 1); wolfSSL_BN_free(ecKey->priv_key); ecKey->priv_key = NULL; /* Set priv_key to NULL */ AssertNull(dupKey = wolfSSL_EC_KEY_dup(ecKey)); wolfSSL_EC_KEY_free(ecKey); wolfSSL_EC_KEY_free(dupKey); /* Test EC_KEY_up_ref */ AssertNotNull(ecKey = wolfSSL_EC_KEY_new()); AssertIntEQ(wolfSSL_EC_KEY_generate_key(ecKey), WOLFSSL_SUCCESS); AssertIntEQ(wolfSSL_EC_KEY_up_ref(NULL), WOLFSSL_FAILURE); AssertIntEQ(wolfSSL_EC_KEY_up_ref(ecKey), WOLFSSL_SUCCESS); /* reference count doesn't follow duplicate */ AssertNotNull(dupKey = wolfSSL_EC_KEY_dup(ecKey)); AssertIntEQ(wolfSSL_EC_KEY_up_ref(dupKey), WOLFSSL_SUCCESS); /* +1 */ AssertIntEQ(wolfSSL_EC_KEY_up_ref(dupKey), WOLFSSL_SUCCESS); /* +2 */ wolfSSL_EC_KEY_free(dupKey); /* 3 */ wolfSSL_EC_KEY_free(dupKey); /* 2 */ wolfSSL_EC_KEY_free(dupKey); /* 1, free */ wolfSSL_EC_KEY_free(ecKey); /* 2 */ wolfSSL_EC_KEY_free(ecKey); /* 1, free */ res = TEST_RES_CHECK(1); #endif return res; } static int test_wolfSSL_EC_KEY_set_group(void) { int res = TEST_SKIPPED; #if defined(HAVE_ECC) && !defined(NO_ECC256) && !defined(NO_ECC_SECP) && \ defined(OPENSSL_EXTRA) EC_KEY *key = NULL; EC_GROUP *group = NULL; const EC_GROUP *group2 = NULL; AssertNotNull(group = EC_GROUP_new_by_curve_name(NID_X9_62_prime256v1)); AssertNotNull(key = EC_KEY_new()); AssertNull(EC_KEY_get0_group(NULL)); AssertIntEQ(EC_KEY_set_group(NULL, NULL), 0); AssertIntEQ(EC_KEY_set_group(key, NULL), 0); AssertIntEQ(EC_KEY_set_group(NULL, group), 0); AssertIntEQ(EC_KEY_set_group(key, group), WOLFSSL_SUCCESS); AssertNotNull(group2 = EC_KEY_get0_group(key)); AssertIntEQ(EC_GROUP_cmp(group2, group, NULL), 0); EC_GROUP_free(group); EC_KEY_free(key); res = TEST_RES_CHECK(1); #endif return res; } static int test_wolfSSL_EC_KEY_set_conv_form(void) { int res = TEST_SKIPPED; #if defined(HAVE_ECC) && defined(OPENSSL_EXTRA) && !defined(NO_BIO) BIO* bio; EC_KEY* key; /* Error condition: NULL key. */ AssertIntLT(EC_KEY_get_conv_form(NULL), 0); AssertNotNull(bio = BIO_new_file("./certs/ecc-keyPub.pem", "rb")); AssertNotNull(key = PEM_read_bio_EC_PUBKEY(bio, NULL, NULL, NULL)); /* Conversion form defaults to uncompressed. */ AssertIntEQ(EC_KEY_get_conv_form(key), POINT_CONVERSION_UNCOMPRESSED); #ifdef HAVE_COMP_KEY /* Explicitly set to compressed. */ EC_KEY_set_conv_form(key, POINT_CONVERSION_COMPRESSED); AssertIntEQ(EC_KEY_get_conv_form(key), POINT_CONVERSION_COMPRESSED); #else /* Will still work just won't change anything. */ EC_KEY_set_conv_form(key, POINT_CONVERSION_COMPRESSED); AssertIntEQ(EC_KEY_get_conv_form(key), POINT_CONVERSION_UNCOMPRESSED); EC_KEY_set_conv_form(key, POINT_CONVERSION_UNCOMPRESSED); AssertIntEQ(EC_KEY_get_conv_form(key), POINT_CONVERSION_UNCOMPRESSED); #endif EC_KEY_set_conv_form(NULL, POINT_CONVERSION_UNCOMPRESSED); BIO_free(bio); EC_KEY_free(key); res = TEST_RES_CHECK(1); #endif return res; } static int test_wolfSSL_EC_KEY_private_key(void) { int res = TEST_SKIPPED; #if defined(OPENSSL_EXTRA) && !defined(NO_BIO) WOLFSSL_EC_KEY* key; WOLFSSL_BIGNUM* priv = NULL; WOLFSSL_BIGNUM* priv2 = NULL; WOLFSSL_BIGNUM* bn; AssertNotNull(key = EC_KEY_new_by_curve_name(NID_X9_62_prime256v1)); AssertNotNull(priv = wolfSSL_BN_new()); AssertNotNull(priv2 = wolfSSL_BN_new()); AssertIntNE(BN_set_word(priv, 2), 0); AssertIntNE(BN_set_word(priv2, 2), 0); AssertNull(wolfSSL_EC_KEY_get0_private_key(NULL)); /* No private key set. */ AssertNull(wolfSSL_EC_KEY_get0_private_key(key)); AssertIntEQ(wolfSSL_EC_KEY_set_private_key(NULL, NULL), 0); AssertIntEQ(wolfSSL_EC_KEY_set_private_key(key, NULL), 0); AssertIntEQ(wolfSSL_EC_KEY_set_private_key(NULL, priv), 0); AssertIntEQ(wolfSSL_EC_KEY_set_private_key(key, priv), 1); AssertNotNull(bn = wolfSSL_EC_KEY_get0_private_key(key)); AssertPtrNE(bn, priv); AssertIntEQ(wolfSSL_EC_KEY_set_private_key(key, priv2), 1); AssertNotNull(bn = wolfSSL_EC_KEY_get0_private_key(key)); AssertPtrNE(bn, priv2); wolfSSL_BN_free(priv2); wolfSSL_BN_free(priv); wolfSSL_EC_KEY_free(key); res = TEST_RES_CHECK(1); #endif return res; } static int test_wolfSSL_EC_KEY_public_key(void) { int res = TEST_SKIPPED; #if defined(OPENSSL_EXTRA) && !defined(NO_BIO) WOLFSSL_EC_KEY* key; WOLFSSL_EC_POINT* pub; WOLFSSL_EC_POINT* point; AssertNotNull(key = EC_KEY_new_by_curve_name(NID_X9_62_prime256v1)); AssertNull(wolfSSL_EC_KEY_get0_public_key(NULL)); AssertNotNull(wolfSSL_EC_KEY_get0_public_key(key)); AssertIntEQ(wolfSSL_EC_KEY_generate_key(key), 1); AssertNotNull(pub = wolfSSL_EC_KEY_get0_public_key(key)); AssertIntEQ(wolfSSL_EC_KEY_set_public_key(NULL, NULL), 0); AssertIntEQ(wolfSSL_EC_KEY_set_public_key(key, NULL), 0); AssertIntEQ(wolfSSL_EC_KEY_set_public_key(NULL, pub), 0); AssertIntEQ(wolfSSL_EC_KEY_set_public_key(key, pub), 1); AssertNotNull(point = wolfSSL_EC_KEY_get0_public_key(key)); AssertPtrEq(point, pub); wolfSSL_EC_KEY_free(key); res = TEST_RES_CHECK(1); #endif return res; } static int test_wolfSSL_EC_KEY_print_fp(void) { int res = TEST_SKIPPED; #if defined(HAVE_ECC) && ((defined(HAVE_ECC224) && defined(HAVE_ECC256)) || \ defined(HAVE_ALL_CURVES)) && ECC_MIN_KEY_SZ <= 224 && \ defined(OPENSSL_EXTRA) && defined(XFPRINTF) && !defined(NO_FILESYSTEM) && \ !defined(NO_STDIO_FILESYSTEM) EC_KEY* key = NULL; /* Bad file pointer. */ AssertIntEQ(wolfSSL_EC_KEY_print_fp(NULL, key, 0), WOLFSSL_FAILURE); /* NULL key. */ AssertIntEQ(wolfSSL_EC_KEY_print_fp(stderr, NULL, 0), WOLFSSL_FAILURE); AssertNotNull((key = wolfSSL_EC_KEY_new_by_curve_name(NID_secp224r1))); /* Negative indent. */ AssertIntEQ(wolfSSL_EC_KEY_print_fp(stderr, key, -1), WOLFSSL_FAILURE); AssertIntEQ(wolfSSL_EC_KEY_print_fp(stderr, key, 4), WOLFSSL_SUCCESS); AssertIntEQ(wolfSSL_EC_KEY_generate_key(key), WOLFSSL_SUCCESS); AssertIntEQ(wolfSSL_EC_KEY_print_fp(stderr, key, 4), WOLFSSL_SUCCESS); wolfSSL_EC_KEY_free(key); AssertNotNull((key = wolfSSL_EC_KEY_new_by_curve_name( NID_X9_62_prime256v1))); AssertIntEQ(wolfSSL_EC_KEY_generate_key(key), WOLFSSL_SUCCESS); AssertIntEQ(wolfSSL_EC_KEY_print_fp(stderr, key, 4), WOLFSSL_SUCCESS); wolfSSL_EC_KEY_free(key); res = TEST_RES_CHECK(1); #endif return res; } static int test_wolfSSL_EC_get_builtin_curves(void) { int res = TEST_SKIPPED; #if defined(OPENSSL_EXTRA) || defined(OPENSSL_ALL) #if !defined(HAVE_FIPS) || (defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION>2)) EC_builtin_curve* curves = NULL; size_t crv_len = 0; size_t i = 0; AssertIntGT((crv_len = EC_get_builtin_curves(NULL, 0)), 0); AssertNotNull(curves = (EC_builtin_curve*)XMALLOC( sizeof(EC_builtin_curve) * crv_len, NULL, DYNAMIC_TYPE_TMP_BUFFER)); AssertIntEQ((EC_get_builtin_curves(curves, 0)), crv_len); AssertIntEQ(EC_get_builtin_curves(curves, crv_len), crv_len); for (i = 0; i < crv_len; i++) { if (curves[i].comment != NULL) { AssertStrEQ(OBJ_nid2sn(curves[i].nid), curves[i].comment); } } if (crv_len > 1) { AssertIntEQ(EC_get_builtin_curves(curves, crv_len - 1), crv_len - 1); } XFREE(curves, NULL, DYNAMIC_TYPE_TMP_BUFFER); res = TEST_RES_CHECK(1); #endif /* !HAVE_FIPS || HAVE_FIPS_VERSION > 2 */ #endif /* OPENSSL_EXTRA || OPENSSL_ALL */ return res; } static int test_wolfSSL_ECDSA_SIG(void) { int res = TEST_SKIPPED; #ifdef OPENSSL_EXTRA WOLFSSL_ECDSA_SIG* sig = NULL; WOLFSSL_ECDSA_SIG* sig2 = NULL; WOLFSSL_BIGNUM* r; WOLFSSL_BIGNUM* s; const WOLFSSL_BIGNUM* r2; const WOLFSSL_BIGNUM* s2; const unsigned char* cp; unsigned char* p; unsigned char outSig[8]; unsigned char sigData[8] = { 0x30, 0x06, 0x02, 0x01, 0x01, 0x02, 0x01, 0x01 }; unsigned char sigDataBad[8] = { 0x30, 0x07, 0x02, 0x01, 0x01, 0x02, 0x01, 0x01 }; wolfSSL_ECDSA_SIG_free(NULL); AssertNotNull(sig = wolfSSL_ECDSA_SIG_new()); AssertNotNull(r = wolfSSL_BN_new()); AssertNotNull(s = wolfSSL_BN_new()); AssertIntEQ(wolfSSL_BN_set_word(r, 1), 1); AssertIntEQ(wolfSSL_BN_set_word(s, 1), 1); wolfSSL_ECDSA_SIG_get0(NULL, NULL, NULL); wolfSSL_ECDSA_SIG_get0(NULL, &r2, NULL); wolfSSL_ECDSA_SIG_get0(NULL, NULL, &s2); wolfSSL_ECDSA_SIG_get0(NULL, &r2, &s2); AssertIntEQ(wolfSSL_ECDSA_SIG_set0(NULL, NULL, NULL), 0); AssertIntEQ(wolfSSL_ECDSA_SIG_set0(sig, NULL, NULL), 0); AssertIntEQ(wolfSSL_ECDSA_SIG_set0(NULL, r, NULL), 0); AssertIntEQ(wolfSSL_ECDSA_SIG_set0(NULL, NULL, s), 0); AssertIntEQ(wolfSSL_ECDSA_SIG_set0(NULL, r, s), 0); AssertIntEQ(wolfSSL_ECDSA_SIG_set0(sig, NULL, s), 0); AssertIntEQ(wolfSSL_ECDSA_SIG_set0(sig, r, NULL), 0); r2 = NULL; s2 = NULL; wolfSSL_ECDSA_SIG_get0(NULL, &r2, &s2); AssertNull(r2); AssertNull(s2); AssertIntEQ(wolfSSL_ECDSA_SIG_set0(sig, r, s), 1); wolfSSL_ECDSA_SIG_get0(sig, &r2, &s2); AssertPtrEq(r2, r); AssertPtrEq(s2, s); r2 = NULL; wolfSSL_ECDSA_SIG_get0(sig, &r2, NULL); AssertPtrEq(r2, r); s2 = NULL; wolfSSL_ECDSA_SIG_get0(sig, NULL, &s2); AssertPtrEq(s2, s); /* r and s are freed when sig is freed. */ wolfSSL_ECDSA_SIG_free(sig); AssertNull(wolfSSL_d2i_ECDSA_SIG(NULL, NULL, sizeof(sigData))); cp = sigDataBad; AssertNull(wolfSSL_d2i_ECDSA_SIG(NULL, &cp, sizeof(sigDataBad))); cp = sigData; AssertNotNull((sig = wolfSSL_d2i_ECDSA_SIG(NULL, &cp, sizeof(sigData)))); AssertIntEQ((cp == sigData + 8), 1); cp = sigData; AssertNull(wolfSSL_d2i_ECDSA_SIG(&sig, NULL, sizeof(sigData))); AssertNotNull((sig2 = wolfSSL_d2i_ECDSA_SIG(&sig, &cp, sizeof(sigData)))); AssertIntEQ((sig == sig2), 1); cp = outSig; p = outSig; AssertIntEQ(wolfSSL_i2d_ECDSA_SIG(NULL, &p), 0); AssertIntEQ(wolfSSL_i2d_ECDSA_SIG(NULL, NULL), 0); AssertIntEQ(wolfSSL_i2d_ECDSA_SIG(sig, NULL), 8); AssertIntEQ(wolfSSL_i2d_ECDSA_SIG(sig, &p), sizeof(sigData)); AssertIntEQ((p == outSig + 8), 1); AssertIntEQ(XMEMCMP(sigData, outSig, 8), 0); wolfSSL_ECDSA_SIG_free(sig); res = TEST_RES_CHECK(1); #endif return res; } static int test_ECDSA_size_sign(void) { int res = TEST_SKIPPED; #if defined(OPENSSL_EXTRA) && !defined(NO_ECC256) && !defined(NO_ECC_SECP) EC_KEY* key; ECDSA_SIG* ecdsaSig; int id; byte hash[WC_MAX_DIGEST_SIZE]; byte hash2[WC_MAX_DIGEST_SIZE]; byte sig[ECC_MAX_SIG_SIZE]; unsigned int sigSz = sizeof(sig); XMEMSET(hash, 123, sizeof(hash)); XMEMSET(hash2, 234, sizeof(hash2)); id = wc_ecc_get_curve_id_from_name("SECP256R1"); AssertIntEQ(id, ECC_SECP256R1); AssertNotNull(key = EC_KEY_new_by_curve_name(NID_X9_62_prime256v1)); AssertIntEQ(EC_KEY_generate_key(key), 1); AssertIntGE(ECDSA_size(NULL), 0); AssertIntEQ(ECDSA_sign(0, hash, sizeof(hash), sig, &sigSz, NULL), 0); AssertIntEQ(ECDSA_sign(0, NULL, sizeof(hash), sig, &sigSz, key), 0); AssertIntEQ(ECDSA_sign(0, hash, sizeof(hash), NULL, &sigSz, key), 0); AssertIntEQ(ECDSA_verify(0, hash, sizeof(hash), sig, sigSz, NULL), 0); AssertIntEQ(ECDSA_verify(0, NULL, sizeof(hash), sig, sigSz, key), 0); AssertIntEQ(ECDSA_verify(0, hash, sizeof(hash), NULL, sigSz, key), 0); AssertIntEQ(ECDSA_sign(0, hash, sizeof(hash), sig, &sigSz, key), 1); AssertIntGE(ECDSA_size(key), sigSz); AssertIntEQ(ECDSA_verify(0, hash, sizeof(hash), sig, sigSz, key), 1); AssertIntEQ(ECDSA_verify(0, hash2, sizeof(hash2), sig, sigSz, key), 0); AssertNull(ECDSA_do_sign(NULL, sizeof(hash), NULL)); AssertNull(ECDSA_do_sign(NULL, sizeof(hash), key)); AssertNull(ECDSA_do_sign(hash, sizeof(hash), NULL)); AssertNotNull(ecdsaSig = ECDSA_do_sign(hash, sizeof(hash), key)); AssertIntEQ(ECDSA_do_verify(NULL, sizeof(hash), NULL, NULL), -1); AssertIntEQ(ECDSA_do_verify(hash, sizeof(hash), NULL, NULL), -1); AssertIntEQ(ECDSA_do_verify(NULL, sizeof(hash), ecdsaSig, NULL), -1); AssertIntEQ(ECDSA_do_verify(NULL, sizeof(hash), NULL, key), -1); AssertIntEQ(ECDSA_do_verify(NULL, sizeof(hash), ecdsaSig, key), -1); AssertIntEQ(ECDSA_do_verify(hash, sizeof(hash), NULL, key), -1); AssertIntEQ(ECDSA_do_verify(hash, sizeof(hash), ecdsaSig, NULL), -1); AssertIntEQ(ECDSA_do_verify(hash, sizeof(hash), ecdsaSig, key), 1); AssertIntEQ(ECDSA_do_verify(hash2, sizeof(hash2), ecdsaSig, key), 0); ECDSA_SIG_free(ecdsaSig); EC_KEY_free(key); res = TEST_RES_CHECK(1); #endif /* OPENSSL_EXTRA && !NO_ECC256 && !NO_ECC_SECP */ return res; } static int test_ECDH_compute_key(void) { int res = TEST_SKIPPED; #if defined(OPENSSL_EXTRA) && !defined(NO_ECC256) && !defined(NO_ECC_SECP) && \ !defined(WOLF_CRYPTO_CB_ONLY_ECC) EC_KEY* key1; EC_KEY* key2; EC_POINT* pub1; EC_POINT* pub2; byte secret1[32]; byte secret2[32]; int i; AssertNotNull(key1 = EC_KEY_new_by_curve_name(NID_X9_62_prime256v1)); AssertIntEQ(EC_KEY_generate_key(key1), 1); AssertNotNull(pub1 = wolfSSL_EC_KEY_get0_public_key(key1)); AssertNotNull(key2 = EC_KEY_new_by_curve_name(NID_X9_62_prime256v1)); AssertIntEQ(EC_KEY_generate_key(key2), 1); AssertNotNull(pub2 = wolfSSL_EC_KEY_get0_public_key(key2)); AssertIntEQ(ECDH_compute_key(NULL, sizeof(secret1), NULL, NULL, NULL), 0); AssertIntEQ(ECDH_compute_key(secret1, sizeof(secret1), NULL, NULL, NULL), 0); AssertIntEQ(ECDH_compute_key(NULL, sizeof(secret1), pub2, NULL, NULL), 0); AssertIntEQ(ECDH_compute_key(NULL, sizeof(secret1), NULL, key1, NULL), 0); AssertIntEQ(ECDH_compute_key(NULL, sizeof(secret1), pub2, key1, NULL), 0); AssertIntEQ(ECDH_compute_key(secret1, sizeof(secret1), NULL, key1, NULL), 0); AssertIntEQ(ECDH_compute_key(secret1, sizeof(secret1), pub2, NULL, NULL), 0); AssertIntEQ(ECDH_compute_key(secret1, sizeof(secret1) - 16, pub2, key1, NULL), 0); AssertIntEQ(ECDH_compute_key(secret1, sizeof(secret1), pub2, key1, NULL), sizeof(secret1)); AssertIntEQ(ECDH_compute_key(secret2, sizeof(secret2), pub1, key2, NULL), sizeof(secret2)); for (i = 0; i < (int)sizeof(secret1); i++) { AssertIntEQ(secret1[i], secret2[i]); } EC_KEY_free(key2); EC_KEY_free(key1); res = TEST_RES_CHECK(1); #endif /* OPENSSL_EXTRA && !NO_ECC256 && !NO_ECC_SECP && * !WOLF_CRYPTO_CB_ONLY_ECC */ return res; } #endif /* HAVE_ECC && !OPENSSL_NO_PK */ #if defined(OPENSSL_EXTRA) && !defined(NO_CERTS) && \ defined(WOLFSSL_CERT_GEN) && defined(WOLFSSL_CERT_REQ) && !defined(NO_ASN_TIME) static int test_openssl_make_self_signed_certificate(EVP_PKEY* pkey) { X509* x509 = NULL; BIGNUM* serial_number = NULL; X509_NAME* name = NULL; time_t epoch_off = 0; ASN1_INTEGER* asn1_serial_number; long not_before, not_after; AssertNotNull(x509 = X509_new()); AssertIntNE(X509_set_pubkey(x509, pkey), 0); AssertNotNull(serial_number = BN_new()); AssertIntNE(BN_pseudo_rand(serial_number, 64, 0, 0), 0); AssertNotNull(asn1_serial_number = X509_get_serialNumber(x509)); AssertNotNull(BN_to_ASN1_INTEGER(serial_number, asn1_serial_number)); /* version 3 */ AssertIntNE(X509_set_version(x509, 2L), 0); AssertNotNull(name = X509_NAME_new()); AssertIntNE(X509_NAME_add_entry_by_NID(name, NID_commonName, MBSTRING_UTF8, (unsigned char*)"www.wolfssl.com", -1, -1, 0), 0); AssertIntNE(X509_set_subject_name(x509, name), 0); AssertIntNE(X509_set_issuer_name(x509, name), 0); not_before = (long)wc_Time(NULL); not_after = not_before + (365 * 24 * 60 * 60); AssertNotNull(X509_time_adj(X509_get_notBefore(x509), not_before, &epoch_off)); AssertNotNull(X509_time_adj(X509_get_notAfter(x509), not_after, &epoch_off)); AssertIntNE(X509_sign(x509, pkey, EVP_sha256()), 0); BN_free(serial_number); X509_NAME_free(name); X509_free(x509); return 0; } #endif static int test_openssl_generate_key_and_cert(void) { int res = TEST_SKIPPED; #if defined(OPENSSL_EXTRA) #if !defined(NO_RSA) if (res == TEST_SKIPPED || res == TEST_SUCCESS) { EVP_PKEY* pkey = EVP_PKEY_new(); int key_length = 2048; BIGNUM* exponent = BN_new(); RSA* rsa = RSA_new(); AssertNotNull(pkey); AssertNotNull(exponent); AssertNotNull(rsa); AssertIntNE(BN_set_word(exponent, WC_RSA_EXPONENT), 0); #ifndef WOLFSSL_KEY_GEN AssertIntEQ(RSA_generate_key_ex(rsa, key_length, exponent, NULL), 0); #if defined(USE_CERT_BUFFERS_1024) AssertIntNE(wolfSSL_RSA_LoadDer_ex(rsa, server_key_der_1024, sizeof_server_key_der_1024, WOLFSSL_RSA_LOAD_PRIVATE), 0); key_length = 1024; #elif defined(USE_CERT_BUFFERS_2048) AssertIntNE(wolfSSL_RSA_LoadDer_ex(rsa, server_key_der_2048, sizeof_server_key_der_2048, WOLFSSL_RSA_LOAD_PRIVATE), 0); #else RSA_free(rsa); rsa = NULL; #endif #else AssertIntEQ(RSA_generate_key_ex(NULL, key_length, exponent, NULL), 0); AssertIntEQ(RSA_generate_key_ex(rsa, 0, exponent, NULL), 0); AssertIntEQ(RSA_generate_key_ex(rsa, key_length, NULL, NULL), 0); AssertIntNE(RSA_generate_key_ex(rsa, key_length, exponent, NULL), 0); #endif if (rsa) { AssertIntNE(EVP_PKEY_assign_RSA(pkey, rsa), 0); BN_free(exponent); #if !defined(NO_CERTS) && defined(WOLFSSL_CERT_GEN) && \ defined(WOLFSSL_CERT_REQ) && !defined(NO_ASN_TIME) test_openssl_make_self_signed_certificate(pkey); #endif } EVP_PKEY_free(pkey); res = TEST_RES_CHECK(1); } #endif /* !NO_RSA */ #ifdef HAVE_ECC if (res == TEST_SKIPPED || res == TEST_SUCCESS) { EVP_PKEY* pkey = EVP_PKEY_new(); EC_KEY* ec_key = EC_KEY_new_by_curve_name(NID_X9_62_prime256v1); AssertNotNull(pkey); AssertNotNull(ec_key); #ifndef NO_WOLFSSL_STUB EC_KEY_set_asn1_flag(ec_key, OPENSSL_EC_NAMED_CURVE); #endif AssertIntNE(EC_KEY_generate_key(ec_key), 0); AssertIntNE(EVP_PKEY_assign_EC_KEY(pkey, ec_key), 0); #if !defined(NO_CERTS) && defined(WOLFSSL_CERT_GEN) && \ defined(WOLFSSL_CERT_REQ) && !defined(NO_ASN_TIME) test_openssl_make_self_signed_certificate(pkey); #endif EVP_PKEY_free(pkey); res = TEST_RES_CHECK(1); } #endif /* HAVE_ECC */ #endif /* OPENSSL_EXTRA */ return res; } static int test_stubs_are_stubs(void) { int res = TEST_SKIPPED; #if defined(OPENSSL_EXTRA) && !defined(NO_WOLFSSL_STUB) WOLFSSL_CTX* ctx = NULL; WOLFSSL_CTX* ctxN = NULL; #ifndef NO_WOLFSSL_CLIENT ctx = wolfSSL_CTX_new(wolfSSLv23_client_method()); AssertNotNull(ctx); #elif !defined(NO_WOLFSSL_SERVER) ctx = wolfSSL_CTX_new(wolfSSLv23_server_method()); AssertNotNull(ctx); #else return res; #endif #define CHECKZERO_RET(x, y, z) AssertIntEQ((int) x(y), 0); \ AssertIntEQ((int) x(z), 0) /* test logic, all stubs return same result regardless of ctx being NULL * as there are no sanity checks, it's just a stub! If at some * point a stub is not a stub it should begin to return BAD_FUNC_ARG * if invalid inputs are supplied. Test calling both * with and without valid inputs, if a stub functionality remains unchanged. */ CHECKZERO_RET(wolfSSL_CTX_sess_accept, ctx, ctxN); CHECKZERO_RET(wolfSSL_CTX_sess_connect, ctx, ctxN); CHECKZERO_RET(wolfSSL_CTX_sess_accept_good, ctx, ctxN); CHECKZERO_RET(wolfSSL_CTX_sess_connect_good, ctx, ctxN); CHECKZERO_RET(wolfSSL_CTX_sess_accept_renegotiate, ctx, ctxN); CHECKZERO_RET(wolfSSL_CTX_sess_connect_renegotiate, ctx, ctxN); CHECKZERO_RET(wolfSSL_CTX_sess_hits, ctx, ctxN); CHECKZERO_RET(wolfSSL_CTX_sess_cb_hits, ctx, ctxN); CHECKZERO_RET(wolfSSL_CTX_sess_cache_full, ctx, ctxN); CHECKZERO_RET(wolfSSL_CTX_sess_misses, ctx, ctxN); CHECKZERO_RET(wolfSSL_CTX_sess_timeouts, ctx, ctxN); wolfSSL_CTX_free(ctx); ctx = NULL; res = TEST_RES_CHECK(1); #endif /* OPENSSL_EXTRA && !NO_WOLFSSL_STUB */ return res; } static int test_CONF_modules_xxx(void) { int res = TEST_SKIPPED; #if defined(OPENSSL_EXTRA) CONF_modules_free(); AssertTrue(1); /* to confirm previous call gives no harm */ CONF_modules_unload(0); AssertTrue(1); CONF_modules_unload(1); AssertTrue(1); CONF_modules_unload(-1); AssertTrue(1); res = TEST_RES_CHECK(1); #endif /* OPENSSL_EXTRA */ return res; } static int test_CRYPTO_set_dynlock_xxx(void) { int res = TEST_SKIPPED; #if defined(OPENSSL_EXTRA) CRYPTO_set_dynlock_create_callback( (struct CRYPTO_dynlock_value *(*)(const char*, int))NULL); CRYPTO_set_dynlock_create_callback( (struct CRYPTO_dynlock_value *(*)(const char*, int))1); CRYPTO_set_dynlock_destroy_callback( (void (*)(struct CRYPTO_dynlock_value*, const char*, int))NULL); CRYPTO_set_dynlock_destroy_callback( (void (*)(struct CRYPTO_dynlock_value*, const char*, int))1); CRYPTO_set_dynlock_lock_callback( (void (*)(int, struct CRYPTO_dynlock_value *, const char*, int))NULL); CRYPTO_set_dynlock_lock_callback( (void (*)(int, struct CRYPTO_dynlock_value *, const char*, int))1); AssertTrue(1); /* to confirm previous call gives no harm */ res = TEST_RES_CHECK(1); #endif /* OPENSSL_EXTRA */ return res; } static int test_CRYPTO_THREADID_xxx(void) { int res = TEST_SKIPPED; #if defined(OPENSSL_EXTRA) CRYPTO_THREADID_current((CRYPTO_THREADID*)NULL); CRYPTO_THREADID_current((CRYPTO_THREADID*)1); AssertIntEQ(CRYPTO_THREADID_hash((const CRYPTO_THREADID*)NULL), 0); res = TEST_RES_CHECK(1); #endif /* OPENSSL_EXTRA */ return res; } static int test_ENGINE_cleanup(void) { int res = TEST_SKIPPED; #if defined(OPENSSL_EXTRA) ENGINE_cleanup(); AssertTrue(1); /* to confirm previous call gives no harm */ res = TEST_RES_CHECK(1); #endif /* OPENSSL_EXTRA */ return res; } static int test_wolfSSL_CTX_LoadCRL(void) { int res = TEST_SKIPPED; #if defined(HAVE_CRL) && !defined(NO_RSA) && !defined(NO_FILESYSTEM) WOLFSSL_CTX* ctx = NULL; WOLFSSL* ssl = NULL; const char* badPath = "dummypath"; const char* validPath = "./certs/crl"; const char* validFilePath = "./certs/crl/cliCrl.pem"; const char* issuerCert = "./certs/client-cert.pem"; int derType = WOLFSSL_FILETYPE_ASN1; int pemType = WOLFSSL_FILETYPE_PEM; int monitor = WOLFSSL_CRL_MONITOR; WOLFSSL_CERT_MANAGER* cm = NULL; #define FAIL_T1(x, y, z, p, d) AssertIntEQ((int) x(y, z, p, d), \ BAD_FUNC_ARG) #define SUCC_T(x, y, z, p, d) AssertIntEQ((int) x(y, z, p, d), \ WOLFSSL_SUCCESS) FAIL_T1(wolfSSL_CTX_LoadCRL, ctx, validPath, pemType, monitor); #ifndef NO_WOLFSSL_CLIENT AssertNotNull(ctx = wolfSSL_CTX_new(wolfSSLv23_client_method())); #elif !defined(NO_WOLFSSL_SERVER) AssertNotNull(ctx = wolfSSL_CTX_new(wolfSSLv23_server_method())); #else return; #endif SUCC_T (wolfSSL_CTX_LoadCRL, ctx, validPath, pemType, monitor); SUCC_T (wolfSSL_CTX_LoadCRL, ctx, badPath, pemType, monitor); SUCC_T (wolfSSL_CTX_LoadCRL, ctx, badPath, derType, monitor); wolfSSL_CTX_free(ctx); #ifndef NO_WOLFSSL_CLIENT AssertNotNull(ctx = wolfSSL_CTX_new(wolfSSLv23_client_method())); #elif !defined(NO_WOLFSSL_SERVER) AssertNotNull(ctx = wolfSSL_CTX_new(wolfSSLv23_server_method())); #else return; #endif AssertIntEQ(wolfSSL_CTX_load_verify_locations(ctx, issuerCert, NULL), WOLFSSL_SUCCESS); AssertIntEQ(wolfSSL_CTX_LoadCRLFile(ctx, validFilePath, pemType), WOLFSSL_SUCCESS); wolfSSL_CTX_free(ctx); #ifndef NO_WOLFSSL_CLIENT AssertNotNull(ctx = wolfSSL_CTX_new(wolfSSLv23_client_method())); #elif !defined(NO_WOLFSSL_SERVER) AssertNotNull(ctx = wolfSSL_CTX_new(wolfSSLv23_server_method())); #else return; #endif AssertIntEQ(wolfSSL_CTX_load_verify_locations(ctx, issuerCert, NULL), WOLFSSL_SUCCESS); AssertNotNull(ssl = wolfSSL_new(ctx)); AssertIntEQ(wolfSSL_LoadCRLFile(ssl, validFilePath, pemType), WOLFSSL_SUCCESS); wolfSSL_free(ssl); wolfSSL_CTX_free(ctx); AssertNotNull(cm = wolfSSL_CertManagerNew()); AssertIntEQ(wolfSSL_CertManagerLoadCA(cm, issuerCert, NULL), WOLFSSL_SUCCESS); AssertIntEQ(wolfSSL_CertManagerLoadCRLFile(cm, validFilePath, pemType), WOLFSSL_SUCCESS); wolfSSL_CertManagerFree(cm); res = TEST_RES_CHECK(1); #endif return res; } static int test_SetTmpEC_DHE_Sz(void) { int res = TEST_SKIPPED; #if defined(HAVE_ECC) && !defined(NO_WOLFSSL_CLIENT) WOLFSSL_CTX *ctx; WOLFSSL *ssl; ctx = wolfSSL_CTX_new(wolfSSLv23_client_method()); AssertNotNull(ctx); AssertIntEQ(WOLFSSL_SUCCESS, wolfSSL_CTX_SetTmpEC_DHE_Sz(ctx, 32)); ssl = wolfSSL_new(ctx); AssertNotNull(ssl); AssertIntEQ(WOLFSSL_SUCCESS, wolfSSL_SetTmpEC_DHE_Sz(ssl, 32)); wolfSSL_free(ssl); wolfSSL_CTX_free(ctx); res = TEST_RES_CHECK(1); #endif return res; } static int test_wolfSSL_CTX_get0_privatekey(void) { int res = TEST_SKIPPED; #ifdef OPENSSL_ALL WOLFSSL_CTX* ctx = NULL; #ifndef NO_RSA AssertNotNull(ctx = wolfSSL_CTX_new(wolfSSLv23_method())); AssertNull(SSL_CTX_get0_privatekey(ctx)); AssertTrue(wolfSSL_CTX_use_certificate_file(ctx, svrCertFile, WOLFSSL_FILETYPE_PEM)); AssertNull(SSL_CTX_get0_privatekey(ctx)); AssertTrue(wolfSSL_CTX_use_PrivateKey_file(ctx, svrKeyFile, WOLFSSL_FILETYPE_PEM)); AssertNotNull(SSL_CTX_get0_privatekey(ctx)); wolfSSL_CTX_free(ctx); #endif #ifdef HAVE_ECC AssertNotNull(ctx = wolfSSL_CTX_new(wolfSSLv23_method())); AssertNull(SSL_CTX_get0_privatekey(ctx)); AssertTrue(wolfSSL_CTX_use_certificate_file(ctx, eccCertFile, WOLFSSL_FILETYPE_PEM)); AssertNull(SSL_CTX_get0_privatekey(ctx)); AssertTrue(wolfSSL_CTX_use_PrivateKey_file(ctx, eccKeyFile, WOLFSSL_FILETYPE_PEM)); AssertNotNull(SSL_CTX_get0_privatekey(ctx)); wolfSSL_CTX_free(ctx); #endif res = TEST_RES_CHECK(1); #endif return res; } static int test_wolfSSL_dtls_set_mtu(void) { int res = TEST_SKIPPED; #if (defined(WOLFSSL_DTLS_MTU) || defined(WOLFSSL_SCTP)) && \ !defined(NO_WOLFSSL_SERVER) && defined(WOLFSSL_DTLS) WOLFSSL_CTX* ctx = NULL; WOLFSSL* ssl = NULL; const char* testCertFile; const char* testKeyFile; AssertNotNull(ctx = wolfSSL_CTX_new(wolfDTLSv1_2_server_method())); #ifndef NO_RSA testCertFile = svrCertFile; testKeyFile = svrKeyFile; #elif defined(HAVE_ECC) testCertFile = eccCertFile; testKeyFile = eccKeyFile; #endif if (testCertFile != NULL && testKeyFile != NULL) { AssertTrue(wolfSSL_CTX_use_certificate_file(ctx, testCertFile, WOLFSSL_FILETYPE_PEM)); AssertTrue(wolfSSL_CTX_use_PrivateKey_file(ctx, testKeyFile, WOLFSSL_FILETYPE_PEM)); } AssertNotNull(ssl = wolfSSL_new(ctx)); AssertIntEQ(wolfSSL_CTX_dtls_set_mtu(NULL, 1488), BAD_FUNC_ARG); AssertIntEQ(wolfSSL_dtls_set_mtu(NULL, 1488), BAD_FUNC_ARG); AssertIntEQ(wolfSSL_CTX_dtls_set_mtu(ctx, 20000), BAD_FUNC_ARG); AssertIntEQ(wolfSSL_dtls_set_mtu(ssl, 20000), WOLFSSL_FAILURE); AssertIntEQ(wolfSSL_get_error(ssl, WOLFSSL_FAILURE), BAD_FUNC_ARG); AssertIntEQ(wolfSSL_CTX_dtls_set_mtu(ctx, 1488), WOLFSSL_SUCCESS); AssertIntEQ(wolfSSL_dtls_set_mtu(ssl, 1488), WOLFSSL_SUCCESS); wolfSSL_free(ssl); wolfSSL_CTX_free(ctx); res = TEST_RES_CHECK(1); #endif return res; } #if defined(HAVE_IO_TESTS_DEPENDENCIES) && !defined(SINGLE_THREADED) && \ defined(WOLFSSL_DTLS) static WC_INLINE void generateDTLSMsg(byte* out, int outSz, word32 seq, enum HandShakeType hsType, word16 length) { size_t idx = 0; byte* l; /* record layer */ /* handshake type */ out[idx++] = handshake; /* protocol version */ out[idx++] = 0xfe; out[idx++] = 0xfd; /* DTLS 1.2 */ /* epoch 0 */ XMEMSET(out + idx, 0, 2); idx += 2; /* sequence number */ XMEMSET(out + idx, 0, 6); c32toa(seq, out + idx + 2); idx += 6; /* length in BE */ if (length) c16toa(length, out + idx); else c16toa(outSz - idx - 2, out + idx); idx += 2; /* handshake layer */ /* handshake type */ out[idx++] = (byte)hsType; /* length */ l = out + idx; idx += 3; /* message seq */ c16toa(0, out + idx); idx += 2; /* frag offset */ c32to24(0, out + idx); idx += 3; /* frag length */ c32to24((word32)outSz - (word32)idx - 3, l); c32to24((word32)outSz - (word32)idx - 3, out + idx); idx += 3; XMEMSET(out + idx, 0, outSz - idx); } static void test_wolfSSL_dtls_plaintext_server(WOLFSSL* ssl) { byte msg[] = "This is a msg for the client"; byte reply[40]; AssertIntGT(wolfSSL_read(ssl, reply, sizeof(reply)),0); reply[sizeof(reply) - 1] = '\0'; fprintf(stderr, "Client message: %s\n", reply); AssertIntEQ(wolfSSL_write(ssl, msg, sizeof(msg)), sizeof(msg)); } static void test_wolfSSL_dtls_plaintext_client(WOLFSSL* ssl) { byte ch[50]; int fd = wolfSSL_get_fd(ssl); byte msg[] = "This is a msg for the server"; byte reply[40]; generateDTLSMsg(ch, sizeof(ch), 20, client_hello, 0); /* Server should ignore this datagram */ AssertIntEQ(send(fd, ch, sizeof(ch), 0), sizeof(ch)); generateDTLSMsg(ch, sizeof(ch), 20, client_hello, 10000); /* Server should ignore this datagram */ AssertIntEQ(send(fd, ch, sizeof(ch), 0), sizeof(ch)); AssertIntEQ(wolfSSL_write(ssl, msg, sizeof(msg)), sizeof(msg)); AssertIntGT(wolfSSL_read(ssl, reply, sizeof(reply)),0); reply[sizeof(reply) - 1] = '\0'; fprintf(stderr, "Server response: %s\n", reply); } static int test_wolfSSL_dtls_plaintext(void) { callback_functions func_cb_client; callback_functions func_cb_server; size_t i; struct test_params { method_provider client_meth; method_provider server_meth; ssl_callback on_result_server; ssl_callback on_result_client; } params[] = { {wolfDTLSv1_2_client_method, wolfDTLSv1_2_server_method, test_wolfSSL_dtls_plaintext_server, test_wolfSSL_dtls_plaintext_client}, }; for (i = 0; i < sizeof(params)/sizeof(*params); i++) { XMEMSET(&func_cb_client, 0, sizeof(callback_functions)); XMEMSET(&func_cb_server, 0, sizeof(callback_functions)); func_cb_client.doUdp = func_cb_server.doUdp = 1; func_cb_server.method = params[i].server_meth; func_cb_client.method = params[i].client_meth; func_cb_client.on_result = params[i].on_result_client; func_cb_server.on_result = params[i].on_result_server; test_wolfSSL_client_server_nofail(&func_cb_client, &func_cb_server); if (!func_cb_client.return_code) return TEST_FAIL; if (!func_cb_server.return_code) return TEST_FAIL; } return TEST_RES_CHECK(1); } #else static int test_wolfSSL_dtls_plaintext(void) { return TEST_SKIPPED; } #endif #if defined(HAVE_IO_TESTS_DEPENDENCIES) && !defined(SINGLE_THREADED) && \ defined(WOLFSSL_DTLS) static void test_wolfSSL_dtls12_fragments_spammer(WOLFSSL* ssl) { byte b[1100]; /* buffer for the messages to send */ size_t idx = 0; size_t seq_offset = 0; size_t msg_offset = 0; int i; int fd = wolfSSL_get_fd(ssl); int ret = wolfSSL_connect_cert(ssl); /* This gets us past the cookie */ word32 seq_number = 100; /* start high so server definitely reads this */ word16 msg_number = 50; /* start high so server has to buffer this */ AssertIntEQ(ret, 1); /* Now let's start spamming the peer with fragments it needs to store */ XMEMSET(b, -1, sizeof(b)); /* record layer */ /* handshake type */ b[idx++] = 22; /* protocol version */ b[idx++] = 0xfe; b[idx++] = 0xfd; /* DTLS 1.2 */ /* epoch 0 */ XMEMSET(b + idx, 0, 2); idx += 2; /* sequence number */ XMEMSET(b + idx, 0, 6); seq_offset = idx + 2; /* increment only the low 32 bits */ idx += 6; /* static length in BE */ c16toa(42, b + idx); idx += 2; /* handshake layer */ /* cert type */ b[idx++] = 11; /* length */ c32to24(1000, b + idx); idx += 3; /* message seq */ c16toa(0, b + idx); msg_offset = idx; idx += 2; /* frag offset */ c32to24(500, b + idx); idx += 3; /* frag length */ c32to24(30, b + idx); idx += 3; (void)idx; /* inhibit clang-analyzer-deadcode.DeadStores */ for (i = 0; i < DTLS_POOL_SZ * 2 && ret > 0; seq_number++, msg_number++, i++) { struct timespec delay; XMEMSET(&delay, 0, sizeof(delay)); delay.tv_nsec = 10000000; /* wait 0.01 seconds */ c32toa(seq_number, b + seq_offset); c16toa(msg_number, b + msg_offset); ret = (int)send(fd, b, 55, 0); nanosleep(&delay, NULL); } } #ifdef WOLFSSL_DTLS13 static void test_wolfSSL_dtls13_fragments_spammer(WOLFSSL* ssl) { const word16 sendCountMax = 100; byte b[150]; /* buffer for the messages to send */ size_t idx = 0; size_t msg_offset = 0; int fd = wolfSSL_get_fd(ssl); word16 msg_number = 10; /* start high so server has to buffer this */ int ret = wolfSSL_connect_cert(ssl); /* This gets us past the cookie */ AssertIntEQ(ret, 1); /* Now let's start spamming the peer with fragments it needs to store */ XMEMSET(b, -1, sizeof(b)); /* handshake type */ b[idx++] = 11; /* length */ c32to24(10000, b + idx); idx += 3; /* message_seq */ msg_offset = idx; idx += 2; /* fragment_offset */ c32to24(5000, b + idx); idx += 3; /* fragment_length */ c32to24(100, b + idx); idx += 3; /* fragment contents */ idx += 100; for (; ret > 0 && msg_number < sendCountMax; msg_number++) { byte sendBuf[150]; int sendSz = sizeof(sendBuf); struct timespec delay; XMEMSET(&delay, 0, sizeof(delay)); delay.tv_nsec = 10000000; /* wait 0.01 seconds */ c16toa(msg_number, b + msg_offset); sendSz = BuildTls13Message(ssl, sendBuf, sendSz, b, (int)idx, handshake, 0, 0, 0); ret = (int)send(fd, sendBuf, (size_t)sendSz, 0); nanosleep(&delay, NULL); } } #endif static int test_wolfSSL_dtls_fragments(void) { callback_functions func_cb_client; callback_functions func_cb_server; size_t i; struct test_params { method_provider client_meth; method_provider server_meth; ssl_callback spammer; } params[] = { {wolfDTLSv1_2_client_method, wolfDTLSv1_2_server_method, test_wolfSSL_dtls12_fragments_spammer}, #ifdef WOLFSSL_DTLS13 {wolfDTLSv1_3_client_method, wolfDTLSv1_3_server_method, test_wolfSSL_dtls13_fragments_spammer}, #endif }; for (i = 0; i < sizeof(params)/sizeof(*params); i++) { XMEMSET(&func_cb_client, 0, sizeof(callback_functions)); XMEMSET(&func_cb_server, 0, sizeof(callback_functions)); func_cb_client.doUdp = func_cb_server.doUdp = 1; func_cb_server.method = params[i].server_meth; func_cb_client.method = params[i].client_meth; func_cb_client.ssl_ready = params[i].spammer; test_wolfSSL_client_server_nofail(&func_cb_client, &func_cb_server); AssertFalse(func_cb_client.return_code); AssertFalse(func_cb_server.return_code); /* The socket should be closed by the server resulting in a * socket error, fatal error or reading a close notify alert */ if (func_cb_client.last_err != SOCKET_ERROR_E && func_cb_client.last_err != WOLFSSL_ERROR_ZERO_RETURN && func_cb_client.last_err != FATAL_ERROR) { AssertIntEQ(func_cb_client.last_err, SOCKET_ERROR_E); } /* Check the server returned an error indicating the msg buffer * was full */ AssertIntEQ(func_cb_server.last_err, DTLS_TOO_MANY_FRAGMENTS_E); } return TEST_RES_CHECK(1); } static void test_wolfSSL_dtls_send_alert(WOLFSSL* ssl) { int fd, ret; byte alert_msg[] = { 0x15, /* alert type */ 0xfe, 0xfd, /* version */ 0x00, 0x00, /* epoch */ 0x00, 0x00, 0x00, 0x00, 0x00, 0x01, /* seq number */ 0x00, 0x02, /* length */ 0x02, /* level: fatal */ 0x46 /* protocol version */ }; fd = wolfSSL_get_fd(ssl); ret = (int)send(fd, alert_msg, sizeof(alert_msg), 0); AssertIntGT(ret, 0); } static int _test_wolfSSL_ignore_alert_before_cookie(byte version12) { callback_functions client_cbs, server_cbs; XMEMSET(&client_cbs, 0, sizeof(client_cbs)); XMEMSET(&server_cbs, 0, sizeof(server_cbs)); client_cbs.doUdp = server_cbs.doUdp = 1; if (version12) { client_cbs.method = wolfDTLSv1_2_client_method; server_cbs.method = wolfDTLSv1_2_server_method; } else { #ifdef WOLFSSL_DTLS13 client_cbs.method = wolfDTLSv1_3_client_method; server_cbs.method = wolfDTLSv1_3_server_method; #else return TEST_SKIPPED; #endif /* WOLFSSL_DTLS13 */ } client_cbs.ssl_ready = test_wolfSSL_dtls_send_alert; test_wolfSSL_client_server_nofail(&client_cbs, &server_cbs); if (!client_cbs.return_code) return TEST_FAIL; if (!server_cbs.return_code) return TEST_FAIL; return TEST_SUCCESS; } static int test_wolfSSL_ignore_alert_before_cookie(void) { int ret; ret =_test_wolfSSL_ignore_alert_before_cookie(0); if (ret != 0) return ret; ret =_test_wolfSSL_ignore_alert_before_cookie(1); if (ret != 0) return ret; return 0; } static void test_wolfSSL_send_bad_record(WOLFSSL* ssl) { int ret; int fd; byte bad_msg[] = { 0x17, /* app data */ 0xaa, 0xfd, /* bad version */ 0x00, 0x01, /* epoch 1 */ 0x00, 0x00, 0x00, 0x00, 0x00, 0x55, /* not seen seq number */ 0x00, 0x26, /* length: 38 bytes */ 0xae, 0x30, 0x31, 0xb1, 0xf1, 0xb9, 0x6f, 0xda, 0x17, 0x19, 0xd9, 0x57, 0xa9, 0x9d, 0x5c, 0x51, 0x9b, 0x53, 0x63, 0xa5, 0x24, 0x70, 0xa1, 0xae, 0xdf, 0x1c, 0xb9, 0xfc, 0xe3, 0xd7, 0x77, 0x6d, 0xb6, 0x89, 0x0f, 0x03, 0x18, 0x72 }; fd = wolfSSL_get_fd(ssl); AssertIntGE(fd, 0); ret = (int)send(fd, bad_msg, sizeof(bad_msg), 0); AssertIntEQ(ret, sizeof(bad_msg)); ret = wolfSSL_write(ssl, "badrecordtest", sizeof("badrecordtest")); AssertIntEQ(ret, sizeof("badrecordtest")); } static void test_wolfSSL_read_string(WOLFSSL* ssl) { byte buf[100]; int ret; ret = wolfSSL_read(ssl, buf, sizeof(buf)); AssertIntGT(ret, 0); AssertIntEQ(strcmp((char*)buf, "badrecordtest"), 0); } static int _test_wolfSSL_dtls_bad_record( method_provider client_method, method_provider server_method) { callback_functions client_cbs, server_cbs; XMEMSET(&client_cbs, 0, sizeof(client_cbs)); XMEMSET(&server_cbs, 0, sizeof(server_cbs)); client_cbs.doUdp = server_cbs.doUdp = 1; client_cbs.method = client_method; server_cbs.method = server_method; client_cbs.on_result = test_wolfSSL_send_bad_record; server_cbs.on_result = test_wolfSSL_read_string; test_wolfSSL_client_server_nofail(&client_cbs, &server_cbs); if (!client_cbs.return_code) return TEST_FAIL; if (!server_cbs.return_code) return TEST_FAIL; return TEST_SUCCESS; } static int test_wolfSSL_dtls_bad_record(void) { int ret; ret = _test_wolfSSL_dtls_bad_record(wolfDTLSv1_2_client_method, wolfDTLSv1_2_server_method); #ifdef WOLFSSL_DTLS13 if (ret != TEST_SUCCESS) return ret; return _test_wolfSSL_dtls_bad_record(wolfDTLSv1_3_client_method, wolfDTLSv1_3_server_method); #else return ret; #endif /* WOLFSSL_DTLS13 */ } #else static int test_wolfSSL_dtls_fragments(void) { return TEST_SKIPPED; } static int test_wolfSSL_ignore_alert_before_cookie(void) { return TEST_SKIPPED; } static int test_wolfSSL_dtls_bad_record(void) { return TEST_SKIPPED; } #endif #if defined(WOLFSSL_DTLS13) && !defined(WOLFSSL_TLS13_IGNORE_AEAD_LIMITS) && \ !defined(NO_WOLFSSL_CLIENT) && !defined(NO_WOLFSSL_SERVER) && \ defined(HAVE_IO_TESTS_DEPENDENCIES) static byte test_AEAD_fail_decryption = 0; static byte test_AEAD_seq_num = 0; static byte test_AEAD_done = 0; static int test_AEAD_cbiorecv(WOLFSSL *ssl, char *buf, int sz, void *ctx) { int ret = (int)recv(wolfSSL_get_fd(ssl), buf, sz, 0); if (ret > 0) { if (test_AEAD_fail_decryption) { /* Modify the packet to trigger a decryption failure */ buf[ret/2] ^= 0xFF; if (test_AEAD_fail_decryption == 1) test_AEAD_fail_decryption = 0; } } (void)ctx; return ret; } static void test_AEAD_get_limits(WOLFSSL* ssl, w64wrapper* hardLimit, w64wrapper* keyUpdateLimit, w64wrapper* sendLimit) { if (sendLimit) w64Zero(sendLimit); switch (ssl->specs.bulk_cipher_algorithm) { case wolfssl_aes_gcm: if (sendLimit) *sendLimit = AEAD_AES_LIMIT; FALL_THROUGH; case wolfssl_chacha: if (hardLimit) *hardLimit = DTLS_AEAD_AES_GCM_CHACHA_FAIL_LIMIT; if (keyUpdateLimit) *keyUpdateLimit = DTLS_AEAD_AES_GCM_CHACHA_FAIL_KU_LIMIT; break; case wolfssl_aes_ccm: if (sendLimit) *sendLimit = DTLS_AEAD_AES_CCM_LIMIT; if (ssl->specs.aead_mac_size == AES_CCM_8_AUTH_SZ) { if (hardLimit) *hardLimit = DTLS_AEAD_AES_CCM_8_FAIL_LIMIT; if (keyUpdateLimit) *keyUpdateLimit = DTLS_AEAD_AES_CCM_8_FAIL_KU_LIMIT; } else { if (hardLimit) *hardLimit = DTLS_AEAD_AES_CCM_FAIL_LIMIT; if (keyUpdateLimit) *keyUpdateLimit = DTLS_AEAD_AES_CCM_FAIL_KU_LIMIT; } break; default: fprintf(stderr, "Unrecognized bulk cipher"); AssertFalse(1); break; } } static void test_AEAD_limit_client(WOLFSSL* ssl) { int ret; int i; int didReKey = 0; char msgBuf[20]; w64wrapper hardLimit; w64wrapper keyUpdateLimit; w64wrapper counter; w64wrapper sendLimit; test_AEAD_get_limits(ssl, &hardLimit, &keyUpdateLimit, &sendLimit); w64Zero(&counter); AssertTrue(w64Equal(Dtls13GetEpoch(ssl, ssl->dtls13Epoch)->dropCount, counter)); wolfSSL_SSLSetIORecv(ssl, test_AEAD_cbiorecv); for (i = 0; i < 10; i++) { /* Test some failed decryptions */ test_AEAD_fail_decryption = 1; w64Increment(&counter); ret = wolfSSL_read(ssl, msgBuf, sizeof(msgBuf)); /* Should succeed since decryption failures are dropped */ AssertIntGT(ret, 0); AssertTrue(w64Equal(Dtls13GetEpoch(ssl, ssl->dtls13PeerEpoch)->dropCount, counter)); } test_AEAD_fail_decryption = 1; Dtls13GetEpoch(ssl, ssl->dtls13PeerEpoch)->dropCount = keyUpdateLimit; w64Increment(&Dtls13GetEpoch(ssl, ssl->dtls13PeerEpoch)->dropCount); /* 100 read calls should be enough to complete the key update */ w64Zero(&counter); for (i = 0; i < 100; i++) { /* Key update should be sent and negotiated */ ret = wolfSSL_read(ssl, msgBuf, sizeof(msgBuf)); AssertIntGT(ret, 0); /* Epoch after one key update is 4 */ if (w64Equal(ssl->dtls13PeerEpoch, w64From32(0, 4)) && w64Equal(Dtls13GetEpoch(ssl, ssl->dtls13PeerEpoch)->dropCount, counter)) { didReKey = 1; break; } } AssertTrue(didReKey); if (!w64IsZero(sendLimit)) { /* Test the sending limit for AEAD ciphers */ Dtls13GetEpoch(ssl, ssl->dtls13Epoch)->nextSeqNumber = sendLimit; test_AEAD_seq_num = 1; ret = wolfSSL_write(ssl, msgBuf, sizeof(msgBuf)); AssertIntGT(ret, 0); didReKey = 0; w64Zero(&counter); /* 100 read calls should be enough to complete the key update */ for (i = 0; i < 100; i++) { /* Key update should be sent and negotiated */ ret = wolfSSL_read(ssl, msgBuf, sizeof(msgBuf)); AssertIntGT(ret, 0); /* Epoch after another key update is 5 */ if (w64Equal(ssl->dtls13Epoch, w64From32(0, 5)) && w64Equal(Dtls13GetEpoch(ssl, ssl->dtls13Epoch)->dropCount, counter)) { didReKey = 1; break; } } AssertTrue(didReKey); } test_AEAD_fail_decryption = 2; Dtls13GetEpoch(ssl, ssl->dtls13PeerEpoch)->dropCount = hardLimit; w64Decrement(&Dtls13GetEpoch(ssl, ssl->dtls13PeerEpoch)->dropCount); /* Connection should fail with a DECRYPT_ERROR */ ret = wolfSSL_read(ssl, msgBuf, sizeof(msgBuf)); AssertIntEQ(ret, WOLFSSL_FATAL_ERROR); AssertIntEQ(wolfSSL_get_error(ssl, ret), DECRYPT_ERROR); test_AEAD_done = 1; } int counter = 0; static void test_AEAD_limit_server(WOLFSSL* ssl) { char msgBuf[] = "Sending data"; int ret = WOLFSSL_SUCCESS; w64wrapper sendLimit; SOCKET_T fd = wolfSSL_get_fd(ssl); struct timespec delay; XMEMSET(&delay, 0, sizeof(delay)); delay.tv_nsec = 100000000; /* wait 0.1 seconds */ tcp_set_nonblocking(&fd); /* So that read doesn't block */ test_AEAD_get_limits(ssl, NULL, NULL, &sendLimit); while (!test_AEAD_done && ret > 0) { counter++; if (test_AEAD_seq_num) { /* We need to update the seq number so that we can understand the * peer. Otherwise we will incorrectly interpret the seq number. */ Dtls13Epoch* e = Dtls13GetEpoch(ssl, ssl->dtls13PeerEpoch); AssertNotNull(e); e->nextPeerSeqNumber = sendLimit; test_AEAD_seq_num = 0; } (void)wolfSSL_read(ssl, msgBuf, sizeof(msgBuf)); ret = wolfSSL_write(ssl, msgBuf, sizeof(msgBuf)); nanosleep(&delay, NULL); } } static int test_wolfSSL_dtls_AEAD_limit(void) { callback_functions func_cb_client; callback_functions func_cb_server; XMEMSET(&func_cb_client, 0, sizeof(callback_functions)); XMEMSET(&func_cb_server, 0, sizeof(callback_functions)); func_cb_client.doUdp = func_cb_server.doUdp = 1; func_cb_server.method = wolfDTLSv1_3_server_method; func_cb_client.method = wolfDTLSv1_3_client_method; func_cb_server.on_result = test_AEAD_limit_server; func_cb_client.on_result = test_AEAD_limit_client; test_wolfSSL_client_server_nofail(&func_cb_client, &func_cb_server); if (!func_cb_client.return_code) return TEST_FAIL; if (!func_cb_server.return_code) return TEST_FAIL; return TEST_SUCCESS; } #else static int test_wolfSSL_dtls_AEAD_limit(void) { return TEST_SKIPPED; } #endif #if defined(WOLFSSL_DTLS) && \ defined(HAVE_IO_TESTS_DEPENDENCIES) && !defined(SINGLE_THREADED) static void test_wolfSSL_dtls_send_ch(WOLFSSL* ssl) { int fd, ret; byte ch_msg[] = { 0x16, 0xfe, 0xfd, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01, 0xfa, 0x01, 0x00, 0x01, 0xee, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01, 0xee, 0xfe, 0xfd, 0xc0, 0xca, 0xb5, 0x6f, 0x3d, 0x23, 0xcc, 0x53, 0x9a, 0x67, 0x17, 0x70, 0xd3, 0xfb, 0x23, 0x16, 0x9e, 0x4e, 0xd6, 0x7e, 0x29, 0xab, 0xfa, 0x4c, 0xa5, 0x84, 0x95, 0xc3, 0xdb, 0x21, 0x9a, 0x52, 0x00, 0x00, 0x00, 0x36, 0x13, 0x01, 0x13, 0x02, 0x13, 0x03, 0xc0, 0x2c, 0xc0, 0x2b, 0xc0, 0x30, 0xc0, 0x2f, 0x00, 0x9f, 0x00, 0x9e, 0xcc, 0xa9, 0xcc, 0xa8, 0xcc, 0xaa, 0xc0, 0x27, 0xc0, 0x23, 0xc0, 0x28, 0xc0, 0x24, 0xc0, 0x0a, 0xc0, 0x09, 0xc0, 0x14, 0xc0, 0x13, 0x00, 0x6b, 0x00, 0x67, 0x00, 0x39, 0x00, 0x33, 0xcc, 0x14, 0xcc, 0x13, 0xcc, 0x15, 0x01, 0x00, 0x01, 0x8e, 0x00, 0x2b, 0x00, 0x03, 0x02, 0xfe, 0xfc, 0x00, 0x0d, 0x00, 0x20, 0x00, 0x1e, 0x06, 0x03, 0x05, 0x03, 0x04, 0x03, 0x02, 0x03, 0x08, 0x06, 0x08, 0x0b, 0x08, 0x05, 0x08, 0x0a, 0x08, 0x04, 0x08, 0x09, 0x06, 0x01, 0x05, 0x01, 0x04, 0x01, 0x03, 0x01, 0x02, 0x01, 0x00, 0x0a, 0x00, 0x0c, 0x00, 0x0a, 0x00, 0x19, 0x00, 0x18, 0x00, 0x17, 0x00, 0x15, 0x01, 0x00, 0x00, 0x16, 0x00, 0x00, 0x00, 0x33, 0x01, 0x4b, 0x01, 0x49, 0x00, 0x17, 0x00, 0x41, 0x04, 0x96, 0xcb, 0x2e, 0x4e, 0xd9, 0x88, 0x71, 0xc7, 0xf3, 0x1a, 0x16, 0xdd, 0x7a, 0x7c, 0xf7, 0x67, 0x8a, 0x5d, 0x9a, 0x55, 0xa6, 0x4a, 0x90, 0xd9, 0xfb, 0xc7, 0xfb, 0xbe, 0x09, 0xa9, 0x8a, 0xb5, 0x7a, 0xd1, 0xde, 0x83, 0x74, 0x27, 0x31, 0x1c, 0xaa, 0xae, 0xef, 0x58, 0x43, 0x13, 0x7d, 0x15, 0x4d, 0x7f, 0x68, 0xf6, 0x8a, 0x38, 0xef, 0x0e, 0xb3, 0xcf, 0xb8, 0x4a, 0xa9, 0xb4, 0xd7, 0xcb, 0x01, 0x00, 0x01, 0x00, 0x1d, 0x0a, 0x22, 0x8a, 0xd1, 0x78, 0x85, 0x1e, 0x5a, 0xe1, 0x1d, 0x1e, 0xb7, 0x2d, 0xbc, 0x5f, 0x52, 0xbc, 0x97, 0x5d, 0x8b, 0x6a, 0x8b, 0x9d, 0x1e, 0xb1, 0xfc, 0x8a, 0xb2, 0x56, 0xcd, 0xed, 0x4b, 0xfb, 0x66, 0x3f, 0x59, 0x3f, 0x15, 0x5d, 0x09, 0x9e, 0x2f, 0x60, 0x5b, 0x31, 0x81, 0x27, 0xf0, 0x1c, 0xda, 0xcd, 0x48, 0x66, 0xc6, 0xbb, 0x25, 0xf0, 0x5f, 0xda, 0x4c, 0xcf, 0x1d, 0x88, 0xc8, 0xda, 0x1b, 0x53, 0xea, 0xbd, 0xce, 0x6d, 0xf6, 0x4a, 0x76, 0xdb, 0x75, 0x99, 0xaf, 0xcf, 0x76, 0x4a, 0xfb, 0xe3, 0xef, 0xb2, 0xcb, 0xae, 0x4a, 0xc0, 0xe8, 0x63, 0x1f, 0xd6, 0xe8, 0xe6, 0x45, 0xf9, 0xea, 0x0d, 0x06, 0x19, 0xfc, 0xb1, 0xfd, 0x5d, 0x92, 0x89, 0x7b, 0xc7, 0x9f, 0x1a, 0xb3, 0x2b, 0xc7, 0xad, 0x0e, 0xfb, 0x13, 0x41, 0x83, 0x84, 0x58, 0x3a, 0x25, 0xb9, 0x49, 0x35, 0x1c, 0x23, 0xcb, 0xd6, 0xe7, 0xc2, 0x8c, 0x4b, 0x2a, 0x73, 0xa1, 0xdf, 0x4f, 0x73, 0x9b, 0xb3, 0xd2, 0xb2, 0x95, 0x00, 0x3c, 0x26, 0x09, 0x89, 0x71, 0x05, 0x39, 0xc8, 0x98, 0x8f, 0xed, 0x32, 0x15, 0x78, 0xcd, 0xd3, 0x7e, 0xfb, 0x5a, 0x78, 0x2a, 0xdc, 0xca, 0x20, 0x09, 0xb5, 0x14, 0xf9, 0xd4, 0x58, 0xf6, 0x69, 0xf8, 0x65, 0x9f, 0xb7, 0xe4, 0x93, 0xf1, 0xa3, 0x84, 0x7e, 0x1b, 0x23, 0x5d, 0xea, 0x59, 0x3e, 0x4d, 0xca, 0xfd, 0xa5, 0x55, 0xdd, 0x99, 0xb5, 0x02, 0xf8, 0x0d, 0xe5, 0xf4, 0x06, 0xb0, 0x43, 0x9e, 0x2e, 0xbf, 0x05, 0x33, 0x65, 0x7b, 0x13, 0x8c, 0xf9, 0x16, 0x4d, 0xc5, 0x15, 0x0b, 0x40, 0x2f, 0x66, 0x94, 0xf2, 0x43, 0x95, 0xe7, 0xa9, 0xb6, 0x39, 0x99, 0x73, 0xb3, 0xb0, 0x06, 0xfe, 0x52, 0x9e, 0x57, 0xba, 0x75, 0xfd, 0x76, 0x7b, 0x20, 0x31, 0x68, 0x4c }; fd = wolfSSL_get_fd(ssl); ret = (int)send(fd, ch_msg, sizeof(ch_msg), 0); AssertIntGT(ret, 0); /* consume the HRR otherwise handshake will fail */ ret = (int)recv(fd, ch_msg, sizeof(ch_msg), 0); AssertIntGT(ret, 0); } #if defined(WOLFSSL_DTLS13) && defined(WOLFSSL_SEND_HRR_COOKIE) static void test_wolfSSL_dtls_send_ch_with_invalid_cookie(WOLFSSL* ssl) { int fd, ret; byte ch_msh_invalid_cookie[] = { 0x16, 0xfe, 0xfd, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01, 0x02, 0x4e, 0x01, 0x00, 0x02, 0x42, 0x00, 0x01, 0x00, 0x00, 0x00, 0x00, 0x02, 0x42, 0xfe, 0xfd, 0x69, 0xca, 0x77, 0x60, 0x6f, 0xfc, 0xd1, 0x5b, 0x60, 0x5d, 0xf1, 0xa6, 0x5c, 0x44, 0x71, 0xae, 0xca, 0x62, 0x19, 0x0c, 0xb6, 0xf7, 0x2c, 0xa6, 0xd5, 0xd2, 0x99, 0x9d, 0x18, 0xae, 0xac, 0x11, 0x00, 0x00, 0x00, 0x36, 0x13, 0x01, 0x13, 0x02, 0x13, 0x03, 0xc0, 0x2c, 0xc0, 0x2b, 0xc0, 0x30, 0xc0, 0x2f, 0x00, 0x9f, 0x00, 0x9e, 0xcc, 0xa9, 0xcc, 0xa8, 0xcc, 0xaa, 0xc0, 0x27, 0xc0, 0x23, 0xc0, 0x28, 0xc0, 0x24, 0xc0, 0x0a, 0xc0, 0x09, 0xc0, 0x14, 0xc0, 0x13, 0x00, 0x6b, 0x00, 0x67, 0x00, 0x39, 0x00, 0x33, 0xcc, 0x14, 0xcc, 0x13, 0xcc, 0x15, 0x01, 0x00, 0x01, 0xe2, 0x00, 0x2b, 0x00, 0x03, 0x02, 0xfe, 0xfc, 0x00, 0x0d, 0x00, 0x20, 0x00, 0x1e, 0x06, 0x03, 0x05, 0x03, 0x04, 0x03, 0x02, 0x03, 0x08, 0x06, 0x08, 0x0b, 0x08, 0x05, 0x08, 0x0a, 0x08, 0x04, 0x08, 0x09, 0x06, 0x01, 0x05, 0x01, 0x04, 0x01, 0x03, 0x01, 0x02, 0x01, 0x00, 0x2c, 0x00, 0x45, 0x00, 0x43, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0x00, 0x2d, 0x00, 0x03, 0x02, 0x00, 0x01, 0x00, 0x0a, 0x00, 0x0c, 0x00, 0x0a, 0x00, 0x19, 0x00, 0x18, 0x00, 0x17, 0x00, 0x15, 0x01, 0x00, 0x00, 0x16, 0x00, 0x00, 0x00, 0x33, 0x01, 0x4b, 0x01, 0x49, 0x00, 0x17, 0x00, 0x41, 0x04, 0x7c, 0x5a, 0xc2, 0x5a, 0xfd, 0xcd, 0x2b, 0x08, 0xb2, 0xeb, 0x8e, 0xc0, 0x02, 0x03, 0x9d, 0xb1, 0xc1, 0x0d, 0x7b, 0x7f, 0x46, 0x43, 0xdf, 0xf3, 0xee, 0x2b, 0x78, 0x0e, 0x29, 0x8c, 0x42, 0x11, 0x2c, 0xde, 0xd7, 0x41, 0x0f, 0x28, 0x94, 0x80, 0x41, 0x70, 0xc4, 0x17, 0xfd, 0x6d, 0xfa, 0xee, 0x9a, 0xf2, 0xc4, 0x15, 0x4c, 0x5f, 0x54, 0xb6, 0x78, 0x6e, 0xf9, 0x63, 0x27, 0x33, 0xb8, 0x7b, 0x01, 0x00, 0x01, 0x00, 0xd4, 0x46, 0x62, 0x9c, 0xbf, 0x8f, 0x1b, 0x65, 0x9b, 0xf0, 0x29, 0x64, 0xd8, 0x50, 0x0e, 0x74, 0xf1, 0x58, 0x10, 0xc9, 0xd9, 0x82, 0x5b, 0xd9, 0xbe, 0x14, 0xdf, 0xde, 0x86, 0xb4, 0x2e, 0x15, 0xee, 0x4f, 0xf6, 0x74, 0x9e, 0x59, 0x11, 0x36, 0x2d, 0xb9, 0x67, 0xaa, 0x5a, 0x09, 0x9b, 0x45, 0xf1, 0x01, 0x4c, 0x4e, 0xf6, 0xda, 0x6a, 0xae, 0xa7, 0x73, 0x7b, 0x2e, 0xb6, 0x24, 0x89, 0x99, 0xb7, 0x52, 0x16, 0x62, 0x0a, 0xab, 0x58, 0xf8, 0x3f, 0x10, 0x5b, 0x83, 0xfd, 0x7b, 0x81, 0x77, 0x81, 0x8d, 0xef, 0x24, 0x56, 0x6d, 0xba, 0x49, 0xd4, 0x8b, 0xb5, 0xa0, 0xb1, 0xc9, 0x8c, 0x32, 0x95, 0x1c, 0x5e, 0x0a, 0x4b, 0xf6, 0x00, 0x50, 0x0a, 0x87, 0x99, 0x59, 0xcf, 0x6f, 0x9d, 0x02, 0xd0, 0x1b, 0xa1, 0x96, 0x45, 0x28, 0x76, 0x40, 0x33, 0x28, 0xc9, 0xa1, 0xfd, 0x46, 0xab, 0x2c, 0x9e, 0x5e, 0xc6, 0x74, 0x19, 0x9a, 0xf5, 0x9b, 0x51, 0x11, 0x4f, 0xc8, 0xb9, 0x99, 0x6b, 0x4e, 0x3e, 0x31, 0x64, 0xb4, 0x92, 0xf4, 0x0d, 0x41, 0x4b, 0x2c, 0x65, 0x23, 0xf7, 0x47, 0xe3, 0xa5, 0x2e, 0xe4, 0x9c, 0x2b, 0xc9, 0x41, 0x22, 0x83, 0x8a, 0x23, 0xef, 0x29, 0x7e, 0x4f, 0x3f, 0xa3, 0xbf, 0x73, 0x2b, 0xd7, 0xcc, 0xc8, 0xc6, 0xe9, 0xbc, 0x01, 0xb7, 0x32, 0x63, 0xd4, 0x7e, 0x7f, 0x9a, 0xaf, 0x5f, 0x05, 0x31, 0x53, 0xd6, 0x1f, 0xa2, 0xd0, 0xdf, 0x67, 0x56, 0xf1, 0x9c, 0x4a, 0x9d, 0x83, 0xb4, 0xef, 0xb3, 0xf2, 0xcc, 0xf1, 0x91, 0x6c, 0x47, 0xc3, 0x8b, 0xd0, 0x92, 0x79, 0x3d, 0xa0, 0xc0, 0x3a, 0x57, 0x26, 0x6d, 0x0a, 0xad, 0x5f, 0xad, 0xb4, 0x74, 0x48, 0x4a, 0x51, 0xe1, 0xb5, 0x82, 0x0a, 0x4c, 0x4f, 0x9d, 0xaf, 0xee, 0x5a, 0xa2, 0x4d, 0x4d, 0x5f, 0xe0, 0x17, 0x00, 0x23, 0x00, 0x00 }; byte alert_reply[50]; byte expected_alert_reply[] = { 0x15, 0xfe, 0xfd, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01, 0x00, 0x02, 0x02, 0x2f }; fd = wolfSSL_get_fd(ssl); ret = (int)send(fd, ch_msh_invalid_cookie, sizeof(ch_msh_invalid_cookie), 0); AssertIntGT(ret, 0); /* should reply with an illegal_parameter reply */ ret = (int)recv(fd, alert_reply, sizeof(alert_reply), 0); AssertIntEQ(ret, sizeof(expected_alert_reply)); AssertIntEQ(XMEMCMP(alert_reply, expected_alert_reply, sizeof(expected_alert_reply)), 0); } #endif static word32 test_wolfSSL_dtls_stateless_HashWOLFSSL(const WOLFSSL* ssl) { #ifndef NO_MD5 enum wc_HashType hashType = WC_HASH_TYPE_MD5; #elif !defined(NO_SHA) enum wc_HashType hashType = WC_HASH_TYPE_SHA; #elif !defined(NO_SHA256) enum wc_HashType hashType = WC_HASH_TYPE_SHA256; #else #error "We need a digest to hash the WOLFSSL object" #endif byte hashBuf[WC_MAX_DIGEST_SIZE]; wc_HashAlg hash; const TLSX* exts = ssl->extensions; WOLFSSL sslCopy; /* Use a copy to omit certain fields */ HS_Hashes* hsHashes = ssl->hsHashes; /* Is re-allocated in * InitHandshakeHashes */ XMEMCPY(&sslCopy, ssl, sizeof(*ssl)); XMEMSET(hashBuf, 0, sizeof(hashBuf)); /* Following fields are not important to compare */ XMEMSET(sslCopy.buffers.inputBuffer.staticBuffer, 0, STATIC_BUFFER_LEN); sslCopy.buffers.inputBuffer.buffer = NULL; sslCopy.buffers.inputBuffer.bufferSize = 0; sslCopy.buffers.inputBuffer.dynamicFlag = 0; sslCopy.buffers.inputBuffer.offset = 0; XMEMSET(sslCopy.buffers.outputBuffer.staticBuffer, 0, STATIC_BUFFER_LEN); sslCopy.buffers.outputBuffer.buffer = NULL; sslCopy.buffers.outputBuffer.bufferSize = 0; sslCopy.buffers.outputBuffer.dynamicFlag = 0; sslCopy.buffers.outputBuffer.offset = 0; sslCopy.error = 0; sslCopy.curSize = 0; sslCopy.keys.curSeq_lo = 0; XMEMSET(&sslCopy.curRL, 0, sizeof(sslCopy.curRL)); #ifdef WOLFSSL_DTLS13 XMEMSET(&sslCopy.keys.curSeq, 0, sizeof(sslCopy.keys.curSeq)); sslCopy.dtls13FastTimeout = 0; #endif sslCopy.keys.dtls_peer_handshake_number = 0; XMEMSET(&sslCopy.alert_history, 0, sizeof(sslCopy.alert_history)); sslCopy.hsHashes = NULL; #ifdef WOLFSSL_ASYNC_IO #ifdef WOLFSSL_ASYNC_CRYPT sslCopy.asyncDev = NULL; #endif sslCopy.async = NULL; #endif AssertIntEQ(wc_HashInit(&hash, hashType), 0); AssertIntEQ(wc_HashUpdate(&hash, hashType, (byte*)&sslCopy, sizeof(sslCopy)), 0); /* hash extension list */ while (exts != NULL) { AssertIntEQ(wc_HashUpdate(&hash, hashType, (byte*)exts, sizeof(*exts)), 0); exts = exts->next; } /* Hash suites */ if (sslCopy.suites != NULL) { AssertIntEQ(wc_HashUpdate(&hash, hashType, (byte*)sslCopy.suites, sizeof(struct Suites)), 0); } /* Hash hsHashes */ AssertIntEQ(wc_HashUpdate(&hash, hashType, (byte*)hsHashes, sizeof(*hsHashes)), 0); AssertIntEQ(wc_HashFinal(&hash, hashType, hashBuf), 0); AssertIntEQ(wc_HashFree(&hash, hashType), 0); return MakeWordFromHash(hashBuf); } static CallbackIORecv test_wolfSSL_dtls_compare_stateless_cb; static int test_wolfSSL_dtls_compare_stateless_cb_call_once; static int test_wolfSSL_dtls_compare_stateless_read_cb_once(WOLFSSL *ssl, char *buf, int sz, void *ctx) { if (test_wolfSSL_dtls_compare_stateless_cb_call_once) { test_wolfSSL_dtls_compare_stateless_cb_call_once = 0; return test_wolfSSL_dtls_compare_stateless_cb(ssl, buf, sz, ctx); } else { return WOLFSSL_CBIO_ERR_WANT_READ; } } static void test_wolfSSL_dtls_compare_stateless(WOLFSSL* ssl) { /* Compare the ssl object before and after one ClientHello msg */ SOCKET_T fd = wolfSSL_get_fd(ssl); int res; int err; word32 initHash; test_wolfSSL_dtls_compare_stateless_cb = ssl->CBIORecv; test_wolfSSL_dtls_compare_stateless_cb_call_once = 1; wolfSSL_dtls_set_using_nonblock(ssl, 1); ssl->CBIORecv = test_wolfSSL_dtls_compare_stateless_read_cb_once; initHash = test_wolfSSL_dtls_stateless_HashWOLFSSL(ssl); (void)initHash; res = tcp_select(fd, 5); /* We are expecting a msg. A timeout indicates failure. */ AssertIntEQ(res, TEST_RECV_READY); res = wolfSSL_accept(ssl); err = wolfSSL_get_error(ssl, res); AssertIntEQ(res, WOLFSSL_FATAL_ERROR); AssertIntEQ(err, WOLFSSL_ERROR_WANT_READ); AssertIntEQ(initHash, test_wolfSSL_dtls_stateless_HashWOLFSSL(ssl)); wolfSSL_dtls_set_using_nonblock(ssl, 0); ssl->CBIORecv = test_wolfSSL_dtls_compare_stateless_cb; } #if defined(WOLFSSL_DTLS13) && defined(WOLFSSL_SEND_HRR_COOKIE) static void test_wolfSSL_dtls_enable_hrrcookie(WOLFSSL* ssl) { int ret; ret = wolfSSL_send_hrr_cookie(ssl, NULL, 0); AssertIntEQ(ret, WOLFSSL_SUCCESS); test_wolfSSL_dtls_compare_stateless(ssl); } #endif static int test_wolfSSL_dtls_stateless(void) { callback_functions client_cbs, server_cbs; size_t i; struct { method_provider client_meth; method_provider server_meth; ssl_callback client_ssl_ready; ssl_callback server_ssl_ready; } test_params[] = { {wolfDTLSv1_2_client_method, wolfDTLSv1_2_server_method, test_wolfSSL_dtls_send_ch, test_wolfSSL_dtls_compare_stateless}, #if defined(WOLFSSL_DTLS13) && defined(WOLFSSL_SEND_HRR_COOKIE) {wolfDTLSv1_3_client_method, wolfDTLSv1_3_server_method, test_wolfSSL_dtls_send_ch, test_wolfSSL_dtls_enable_hrrcookie}, {wolfDTLSv1_3_client_method, wolfDTLSv1_3_server_method, test_wolfSSL_dtls_send_ch_with_invalid_cookie, test_wolfSSL_dtls_enable_hrrcookie}, #endif }; for (i = 0; i < sizeof(test_params)/sizeof(*test_params); i++) { XMEMSET(&client_cbs, 0, sizeof(client_cbs)); XMEMSET(&server_cbs, 0, sizeof(server_cbs)); client_cbs.doUdp = server_cbs.doUdp = 1; client_cbs.method = test_params[i].client_meth; server_cbs.method = test_params[i].server_meth; client_cbs.ssl_ready = test_params[i].client_ssl_ready; server_cbs.ssl_ready = test_params[i].server_ssl_ready; test_wolfSSL_client_server_nofail(&client_cbs, &server_cbs); if (!client_cbs.return_code) return TEST_FAIL; if (!server_cbs.return_code) return TEST_FAIL; } return TEST_SUCCESS; } #else static int test_wolfSSL_dtls_stateless(void) { return TEST_SKIPPED; } #endif /* WOLFSSL_DTLS13 && WOLFSSL_SEND_HRR_COOKIE && * HAVE_IO_TESTS_DEPENDENCIES && !SINGLE_THREADED */ #if !defined(NO_RSA) && !defined(NO_SHA) && !defined(NO_FILESYSTEM) && \ !defined(NO_CERTS) && (!defined(NO_WOLFSSL_CLIENT) || \ !defined(WOLFSSL_NO_CLIENT_AUTH)) static int load_ca_into_cm(WOLFSSL_CERT_MANAGER* cm, char* certA) { int ret; if ((ret = wolfSSL_CertManagerLoadCA(cm, certA, 0)) != WOLFSSL_SUCCESS) { fprintf(stderr, "loading cert %s failed\n", certA); fprintf(stderr, "Error: (%d): %s\n", ret, wolfSSL_ERR_reason_error_string(ret)); return -1; } return 0; } static int verify_cert_with_cm(WOLFSSL_CERT_MANAGER* cm, char* certA) { int ret; if ((ret = wolfSSL_CertManagerVerify(cm, certA, WOLFSSL_FILETYPE_PEM)) != WOLFSSL_SUCCESS) { fprintf(stderr, "could not verify the cert: %s\n", certA); fprintf(stderr, "Error: (%d): %s\n", ret, wolfSSL_ERR_reason_error_string(ret)); return -1; } else { fprintf(stderr, "successfully verified: %s\n", certA); } return 0; } #define LOAD_ONE_CA(a, b, c, d) \ do { \ (a) = load_ca_into_cm(c, d); \ if ((a) != 0) \ return (b); \ else \ (b)--; \ } while(0) #define VERIFY_ONE_CERT(a, b, c, d) \ do { \ (a) = verify_cert_with_cm(c, d); \ if ((a) != 0) \ return (b); \ else \ (b)--; \ } while(0) static int test_chainG(WOLFSSL_CERT_MANAGER* cm) { int ret; int i = -1; /* Chain G is a valid chain per RFC 5280 section 4.2.1.9 */ char chainGArr[9][50] = {"certs/ca-cert.pem", "certs/test-pathlen/chainG-ICA7-pathlen100.pem", "certs/test-pathlen/chainG-ICA6-pathlen10.pem", "certs/test-pathlen/chainG-ICA5-pathlen20.pem", "certs/test-pathlen/chainG-ICA4-pathlen5.pem", "certs/test-pathlen/chainG-ICA3-pathlen99.pem", "certs/test-pathlen/chainG-ICA2-pathlen1.pem", "certs/test-pathlen/chainG-ICA1-pathlen0.pem", "certs/test-pathlen/chainG-entity.pem"}; LOAD_ONE_CA(ret, i, cm, chainGArr[0]); /* if failure, i = -1 here */ LOAD_ONE_CA(ret, i, cm, chainGArr[1]); /* if failure, i = -2 here */ LOAD_ONE_CA(ret, i, cm, chainGArr[2]); /* if failure, i = -3 here */ LOAD_ONE_CA(ret, i, cm, chainGArr[3]); /* if failure, i = -4 here */ LOAD_ONE_CA(ret, i, cm, chainGArr[4]); /* if failure, i = -5 here */ LOAD_ONE_CA(ret, i, cm, chainGArr[5]); /* if failure, i = -6 here */ LOAD_ONE_CA(ret, i, cm, chainGArr[6]); /* if failure, i = -7 here */ LOAD_ONE_CA(ret, i, cm, chainGArr[7]); /* if failure, i = -8 here */ VERIFY_ONE_CERT(ret, i, cm, chainGArr[1]); /* if failure, i = -9 here */ VERIFY_ONE_CERT(ret, i, cm, chainGArr[2]); /* if failure, i = -10 here */ VERIFY_ONE_CERT(ret, i, cm, chainGArr[3]); /* if failure, i = -11 here */ VERIFY_ONE_CERT(ret, i, cm, chainGArr[4]); /* if failure, i = -12 here */ VERIFY_ONE_CERT(ret, i, cm, chainGArr[5]); /* if failure, i = -13 here */ VERIFY_ONE_CERT(ret, i, cm, chainGArr[6]); /* if failure, i = -14 here */ VERIFY_ONE_CERT(ret, i, cm, chainGArr[7]); /* if failure, i = -15 here */ VERIFY_ONE_CERT(ret, i, cm, chainGArr[8]); /* if failure, i = -16 here */ /* test validating the entity twice, should have no effect on pathLen since * entity/leaf cert */ VERIFY_ONE_CERT(ret, i, cm, chainGArr[8]); /* if failure, i = -17 here */ return ret; } static int test_chainH(WOLFSSL_CERT_MANAGER* cm) { int ret; int i = -1; /* Chain H is NOT a valid chain per RFC5280 section 4.2.1.9: * ICA4-pathlen of 2 signing ICA3-pathlen of 2 (reduce max path len to 2) * ICA3-pathlen of 2 signing ICA2-pathlen of 2 (reduce max path len to 1) * ICA2-pathlen of 2 signing ICA1-pathlen of 0 (reduce max path len to 0) * ICA1-pathlen of 0 signing entity (pathlen is already 0, ERROR) * Test should successfully verify ICA4, ICA3, ICA2 and then fail on ICA1 */ char chainHArr[6][50] = {"certs/ca-cert.pem", "certs/test-pathlen/chainH-ICA4-pathlen2.pem", "certs/test-pathlen/chainH-ICA3-pathlen2.pem", "certs/test-pathlen/chainH-ICA2-pathlen2.pem", "certs/test-pathlen/chainH-ICA1-pathlen0.pem", "certs/test-pathlen/chainH-entity.pem"}; LOAD_ONE_CA(ret, i, cm, chainHArr[0]); /* if failure, i = -1 here */ LOAD_ONE_CA(ret, i, cm, chainHArr[1]); /* if failure, i = -2 here */ LOAD_ONE_CA(ret, i, cm, chainHArr[2]); /* if failure, i = -3 here */ LOAD_ONE_CA(ret, i, cm, chainHArr[3]); /* if failure, i = -4 here */ LOAD_ONE_CA(ret, i, cm, chainHArr[4]); /* if failure, i = -5 here */ VERIFY_ONE_CERT(ret, i, cm, chainHArr[1]); /* if failure, i = -6 here */ VERIFY_ONE_CERT(ret, i, cm, chainHArr[2]); /* if failure, i = -7 here */ VERIFY_ONE_CERT(ret, i, cm, chainHArr[3]); /* if failure, i = -8 here */ VERIFY_ONE_CERT(ret, i, cm, chainHArr[4]); /* if failure, i = -9 here */ VERIFY_ONE_CERT(ret, i, cm, chainHArr[5]); /* if failure, i = -10 here */ return ret; } static int test_chainI(WOLFSSL_CERT_MANAGER* cm) { int ret; int i = -1; /* Chain I is a valid chain per RFC5280 section 4.2.1.9: * ICA3-pathlen of 2 signing ICA2 without a pathlen (reduce maxPathLen to 2) * ICA2-no_pathlen signing ICA1-no_pathlen (reduce maxPathLen to 1) * ICA1-no_pathlen signing entity (reduce maxPathLen to 0) * Test should successfully verify ICA4, ICA3, ICA2 and then fail on ICA1 */ char chainIArr[5][50] = {"certs/ca-cert.pem", "certs/test-pathlen/chainI-ICA3-pathlen2.pem", "certs/test-pathlen/chainI-ICA2-no_pathlen.pem", "certs/test-pathlen/chainI-ICA1-no_pathlen.pem", "certs/test-pathlen/chainI-entity.pem"}; LOAD_ONE_CA(ret, i, cm, chainIArr[0]); /* if failure, i = -1 here */ LOAD_ONE_CA(ret, i, cm, chainIArr[1]); /* if failure, i = -2 here */ LOAD_ONE_CA(ret, i, cm, chainIArr[2]); /* if failure, i = -3 here */ LOAD_ONE_CA(ret, i, cm, chainIArr[3]); /* if failure, i = -4 here */ VERIFY_ONE_CERT(ret, i, cm, chainIArr[1]); /* if failure, i = -5 here */ VERIFY_ONE_CERT(ret, i, cm, chainIArr[2]); /* if failure, i = -6 here */ VERIFY_ONE_CERT(ret, i, cm, chainIArr[3]); /* if failure, i = -7 here */ VERIFY_ONE_CERT(ret, i, cm, chainIArr[4]); /* if failure, i = -8 here */ return ret; } static int test_chainJ(WOLFSSL_CERT_MANAGER* cm) { int ret; int i = -1; /* Chain J is NOT a valid chain per RFC5280 section 4.2.1.9: * ICA4-pathlen of 2 signing ICA3 without a pathlen (reduce maxPathLen to 2) * ICA3-pathlen of 2 signing ICA2 without a pathlen (reduce maxPathLen to 1) * ICA2-no_pathlen signing ICA1-no_pathlen (reduce maxPathLen to 0) * ICA1-no_pathlen signing entity (ERROR, pathlen zero and non-leaf cert) */ char chainJArr[6][50] = {"certs/ca-cert.pem", "certs/test-pathlen/chainJ-ICA4-pathlen2.pem", "certs/test-pathlen/chainJ-ICA3-no_pathlen.pem", "certs/test-pathlen/chainJ-ICA2-no_pathlen.pem", "certs/test-pathlen/chainJ-ICA1-no_pathlen.pem", "certs/test-pathlen/chainJ-entity.pem"}; LOAD_ONE_CA(ret, i, cm, chainJArr[0]); /* if failure, i = -1 here */ LOAD_ONE_CA(ret, i, cm, chainJArr[1]); /* if failure, i = -2 here */ LOAD_ONE_CA(ret, i, cm, chainJArr[2]); /* if failure, i = -3 here */ LOAD_ONE_CA(ret, i, cm, chainJArr[3]); /* if failure, i = -4 here */ LOAD_ONE_CA(ret, i, cm, chainJArr[4]); /* if failure, i = -5 here */ VERIFY_ONE_CERT(ret, i, cm, chainJArr[1]); /* if failure, i = -6 here */ VERIFY_ONE_CERT(ret, i, cm, chainJArr[2]); /* if failure, i = -7 here */ VERIFY_ONE_CERT(ret, i, cm, chainJArr[3]); /* if failure, i = -8 here */ VERIFY_ONE_CERT(ret, i, cm, chainJArr[4]); /* if failure, i = -9 here */ VERIFY_ONE_CERT(ret, i, cm, chainJArr[5]); /* if failure, i = -10 here */ return ret; } static int test_various_pathlen_chains(void) { int ret; WOLFSSL_CERT_MANAGER* cm; /* Test chain G (large chain with varying pathLens) */ if ((cm = wolfSSL_CertManagerNew()) == NULL) { fprintf(stderr, "cert manager new failed\n"); return -1; } #if defined(NO_WOLFSSL_CLIENT) && defined(NO_WOLFSSL_SERVER) AssertIntEQ(test_chainG(cm), -1); #else AssertIntEQ(test_chainG(cm), 0); #endif /* NO_WOLFSSL_CLIENT && NO_WOLFSSL_SERVER */ ret = wolfSSL_CertManagerUnloadCAs(cm); if (ret != WOLFSSL_SUCCESS) return -1; wolfSSL_CertManagerFree(cm); /* end test chain G */ /* Test chain H (5 chain with same pathLens) */ if ((cm = wolfSSL_CertManagerNew()) == NULL) { fprintf(stderr, "cert manager new failed\n"); return -1; } AssertIntLT(test_chainH(cm), 0); wolfSSL_CertManagerUnloadCAs(cm); wolfSSL_CertManagerFree(cm); if ((cm = wolfSSL_CertManagerNew()) == NULL) { fprintf(stderr, "cert manager new failed\n"); return -1; } ret = wolfSSL_CertManagerUnloadCAs(cm); if (ret != WOLFSSL_SUCCESS) return -1; wolfSSL_CertManagerFree(cm); /* end test chain H */ /* Test chain I (only first ICA has pathLen set and it's set to 2, * followed by 2 ICA's, should pass) */ if ((cm = wolfSSL_CertManagerNew()) == NULL) { fprintf(stderr, "cert manager new failed\n"); return -1; } #if defined(NO_WOLFSSL_CLIENT) && defined(NO_WOLFSSL_SERVER) AssertIntEQ(test_chainI(cm), -1); #else AssertIntEQ(test_chainI(cm), 0); #endif /* NO_WOLFSSL_CLIENT && NO_WOLFSSL_SERVER */ wolfSSL_CertManagerUnloadCAs(cm); wolfSSL_CertManagerFree(cm); if ((cm = wolfSSL_CertManagerNew()) == NULL) { fprintf(stderr, "cert manager new failed\n"); return -1; } ret = wolfSSL_CertManagerUnloadCAs(cm); if (ret != WOLFSSL_SUCCESS) return -1; wolfSSL_CertManagerFree(cm); /* Test chain J (Again only first ICA has pathLen set and it's set to 2, * this time followed by 3 ICA's, should fail */ if ((cm = wolfSSL_CertManagerNew()) == NULL) { fprintf(stderr, "cert manager new failed\n"); return -1; } AssertIntLT(test_chainJ(cm), 0); wolfSSL_CertManagerUnloadCAs(cm); wolfSSL_CertManagerFree(cm); if ((cm = wolfSSL_CertManagerNew()) == NULL) { fprintf(stderr, "cert manager new failed\n"); return -1; } ret = wolfSSL_CertManagerUnloadCAs(cm); wolfSSL_CertManagerFree(cm); return TEST_RES_CHECK(ret == WOLFSSL_SUCCESS); } #endif /* !NO_RSA && !NO_SHA && !NO_FILESYSTEM && !NO_CERTS */ #if defined(HAVE_KEYING_MATERIAL) && defined(HAVE_IO_TESTS_DEPENDENCIES) static int test_export_keying_material_cb(WOLFSSL_CTX *ctx, WOLFSSL *ssl) { byte ekm[100] = {0}; (void)ctx; /* Succes Cases */ AssertIntEQ(wolfSSL_export_keying_material(ssl, ekm, sizeof(ekm), "Test label", XSTR_SIZEOF("Test label"), NULL, 0, 0), 1); AssertIntEQ(wolfSSL_export_keying_material(ssl, ekm, sizeof(ekm), "Test label", XSTR_SIZEOF("Test label"), NULL, 0, 1), 1); /* Use some random context */ AssertIntEQ(wolfSSL_export_keying_material(ssl, ekm, sizeof(ekm), "Test label", XSTR_SIZEOF("Test label"), ekm, 10, 1), 1); /* Failure cases */ AssertIntEQ(wolfSSL_export_keying_material(ssl, ekm, sizeof(ekm), "client finished", XSTR_SIZEOF("client finished"), NULL, 0, 0), 0); AssertIntEQ(wolfSSL_export_keying_material(ssl, ekm, sizeof(ekm), "server finished", XSTR_SIZEOF("server finished"), NULL, 0, 0), 0); AssertIntEQ(wolfSSL_export_keying_material(ssl, ekm, sizeof(ekm), "master secret", XSTR_SIZEOF("master secret"), NULL, 0, 0), 0); AssertIntEQ(wolfSSL_export_keying_material(ssl, ekm, sizeof(ekm), "extended master secret", XSTR_SIZEOF("extended master secret"), NULL, 0, 0), 0); AssertIntEQ(wolfSSL_export_keying_material(ssl, ekm, sizeof(ekm), "key expansion", XSTR_SIZEOF("key expansion"), NULL, 0, 0), 0); return TEST_RES_CHECK(1); } static void test_export_keying_material_ssl_cb(WOLFSSL* ssl) { wolfSSL_KeepArrays(ssl); } static int test_export_keying_material(void) { int res = TEST_SKIPPED; #ifndef SINGLE_THREADED tcp_ready ready; callback_functions clientCb; func_args client_args; func_args server_args; THREAD_TYPE serverThread; XMEMSET(&client_args, 0, sizeof(func_args)); XMEMSET(&server_args, 0, sizeof(func_args)); XMEMSET(&clientCb, 0, sizeof(callback_functions)); #ifdef WOLFSSL_TIRTOS fdOpenSession(Task_self()); #endif StartTCP(); InitTcpReady(&ready); #if defined(USE_WINDOWS_API) /* use RNG to get random port if using windows */ ready.port = GetRandomPort(); #endif server_args.signal = &ready; client_args.signal = &ready; clientCb.ssl_ready = test_export_keying_material_ssl_cb; client_args.callbacks = &clientCb; start_thread(test_server_nofail, &server_args, &serverThread); wait_tcp_ready(&server_args); test_client_nofail(&client_args, test_export_keying_material_cb); join_thread(serverThread); AssertTrue(client_args.return_code); AssertTrue(server_args.return_code); FreeTcpReady(&ready); #ifdef WOLFSSL_TIRTOS fdOpenSession(Task_self()); #endif res = TEST_RES_CHECK(1); #endif /* !SINGLE_THREADED */ return res; } #endif /* HAVE_KEYING_MATERIAL */ static int test_wolfSSL_THREADID_hash(void) { int result = TEST_SKIPPED; #if defined(OPENSSL_EXTRA) unsigned long res; CRYPTO_THREADID id; CRYPTO_THREADID_current(NULL); AssertTrue(1); res = CRYPTO_THREADID_hash(NULL); AssertTrue( res == 0UL); XMEMSET(&id, 0, sizeof(id)); res = CRYPTO_THREADID_hash(&id); AssertTrue( res == 0UL); result = TEST_RES_CHECK(1); #endif /* OPENSSL_EXTRA */ return result; } static int test_wolfSSL_CTX_set_ecdh_auto(void) { int res = TEST_SKIPPED; #if defined(OPENSSL_EXTRA) WOLFSSL_CTX* ctx = NULL; AssertIntEQ( SSL_CTX_set_ecdh_auto(NULL,0),1); AssertIntEQ( SSL_CTX_set_ecdh_auto(NULL,1),1); AssertIntEQ( SSL_CTX_set_ecdh_auto(ctx,0),1); AssertIntEQ( SSL_CTX_set_ecdh_auto(ctx,1),1); res = TEST_RES_CHECK(1); #endif /* OPENSSL_EXTRA */ return res; } #if defined(OPENSSL_EXTRA) && defined(WOLFSSL_ERROR_CODE_OPENSSL) && \ defined(HAVE_IO_TESTS_DEPENDENCIES) && !defined(WOLFSSL_NO_TLS12) static THREAD_RETURN WOLFSSL_THREAD SSL_read_test_server_thread(void* args) { callback_functions* callbacks = NULL; WOLFSSL_CTX* ctx = NULL; WOLFSSL* ssl = NULL; SOCKET_T sfd = 0; SOCKET_T cfd = 0; word16 port; char msg[] = "I hear you fa shizzle!"; int len = (int) XSTRLEN(msg); char input[1024]; int ret, err; if (!args) return 0; ((func_args*)args)->return_code = TEST_FAIL; callbacks = ((func_args*)args)->callbacks; ctx = wolfSSL_CTX_new(callbacks->method()); #if defined(USE_WINDOWS_API) port = ((func_args*)args)->signal->port; #else /* Let tcp_listen assign port */ port = 0; #endif #ifdef WOLFSSL_TIRTOS fdOpenSession(Task_self()); #endif AssertIntEQ(WOLFSSL_SUCCESS, wolfSSL_CTX_load_verify_locations(ctx, caCertFile, 0)); AssertIntEQ(WOLFSSL_SUCCESS, wolfSSL_CTX_use_certificate_file(ctx, svrCertFile, WOLFSSL_FILETYPE_PEM)); AssertIntEQ(WOLFSSL_SUCCESS, wolfSSL_CTX_use_PrivateKey_file(ctx, svrKeyFile, WOLFSSL_FILETYPE_PEM)); #if !defined(NO_FILESYSTEM) && !defined(NO_DH) AssertIntEQ(wolfSSL_CTX_SetTmpDH_file(ctx, dhParamFile, WOLFSSL_FILETYPE_PEM), WOLFSSL_SUCCESS); #elif !defined(NO_DH) SetDHCtx(ctx); /* will repick suites with DHE, higher priority than PSK */ #endif if (callbacks->ctx_ready) callbacks->ctx_ready(ctx); ssl = wolfSSL_new(ctx); AssertNotNull(ssl); /* listen and accept */ tcp_accept(&sfd, &cfd, (func_args*)args, port, 0, 0, 0, 0, 1, 0, 0); CloseSocket(sfd); AssertIntEQ(WOLFSSL_SUCCESS, wolfSSL_set_fd(ssl, cfd)); if (callbacks->ssl_ready) callbacks->ssl_ready(ssl); do { err = 0; /* Reset error */ ret = wolfSSL_accept(ssl); if (ret != WOLFSSL_SUCCESS) { err = wolfSSL_get_error(ssl, 0); } } while (ret != WOLFSSL_SUCCESS && err == WC_PENDING_E); if (ret != WOLFSSL_SUCCESS) { wolfSSL_free(ssl); wolfSSL_CTX_free(ctx); CloseSocket(cfd); ((func_args*)args)->return_code = TEST_FAIL; return 0; } /* read and write data */ XMEMSET( input, 0, sizeof(input)); while (1) { ret = wolfSSL_read(ssl, input, sizeof(input)); if (ret > 0) { break; } else { err = wolfSSL_get_error(ssl,ret); if (err == WOLFSSL_ERROR_WANT_READ) { continue; } break; } } if (err == WOLFSSL_ERROR_ZERO_RETURN) { do { ret = wolfSSL_write(ssl, msg, len); if (ret > 0) { break; } } while (ret < 0); } /* bidirectional shutdown */ while (wolfSSL_shutdown(ssl) != WOLFSSL_SUCCESS) { continue; } /* wait for the peer to disconnect the tcp connection */ do { ret = wolfSSL_read(ssl, input, sizeof(input)); err = wolfSSL_get_error(ssl, ret); } while (ret > 0 || err != WOLFSSL_ERROR_ZERO_RETURN); /* detect TCP disconnect */ AssertIntLE(ret,WOLFSSL_FAILURE); AssertIntEQ(wolfSSL_get_error(ssl, ret), WOLFSSL_ERROR_ZERO_RETURN); ((func_args*)args)->return_code = TEST_SUCCESS; wolfSSL_free(ssl); wolfSSL_CTX_free(ctx); CloseSocket(cfd); #if defined(HAVE_ECC) && defined(FP_ECC) && defined(HAVE_THREAD_LS) wc_ecc_fp_free(); /* free per thread cache */ #endif return 0; } static THREAD_RETURN WOLFSSL_THREAD SSL_read_test_client_thread(void* args) { callback_functions* callbacks = NULL; WOLFSSL_CTX* ctx = NULL; WOLFSSL* ssl = NULL; SOCKET_T sfd = 0; char msg[] = "hello wolfssl server!"; int len = (int) XSTRLEN(msg); char input[1024]; int idx; int ret, err; if (!args) return 0; ((func_args*)args)->return_code = TEST_FAIL; callbacks = ((func_args*)args)->callbacks; ctx = wolfSSL_CTX_new(callbacks->method()); #ifdef WOLFSSL_TIRTOS fdOpenSession(Task_self()); #endif AssertIntEQ(WOLFSSL_SUCCESS, wolfSSL_CTX_load_verify_locations(ctx, caCertFile, 0)); AssertIntEQ(WOLFSSL_SUCCESS, wolfSSL_CTX_use_certificate_file(ctx, cliCertFile, WOLFSSL_FILETYPE_PEM)); AssertIntEQ(WOLFSSL_SUCCESS, wolfSSL_CTX_use_PrivateKey_file(ctx, cliKeyFile, WOLFSSL_FILETYPE_PEM)); AssertNotNull((ssl = wolfSSL_new(ctx))); tcp_connect(&sfd, wolfSSLIP, ((func_args*)args)->signal->port, 0, 0, ssl); AssertIntEQ(WOLFSSL_SUCCESS, wolfSSL_set_fd(ssl, sfd)); do { err = 0; /* Reset error */ ret = wolfSSL_connect(ssl); if (ret != WOLFSSL_SUCCESS) { err = wolfSSL_get_error(ssl, 0); } } while (ret != WOLFSSL_SUCCESS && err == WC_PENDING_E); AssertIntGE(wolfSSL_write(ssl, msg, len), 0); if (0 < (idx = wolfSSL_read(ssl, input, sizeof(input)-1))) { input[idx] = 0; } ret = wolfSSL_shutdown(ssl); if ( ret == WOLFSSL_SHUTDOWN_NOT_DONE) { ret = wolfSSL_shutdown(ssl); } AssertIntEQ(ret, WOLFSSL_SUCCESS); ((func_args*)args)->return_code = TEST_SUCCESS; wolfSSL_free(ssl); wolfSSL_CTX_free(ctx); CloseSocket(sfd); #if defined(HAVE_ECC) && defined(FP_ECC) && defined(HAVE_THREAD_LS) wc_ecc_fp_free(); /* free per thread cache */ #endif return 0; } #endif /* OPENSSL_EXTRA && WOLFSSL_ERROR_CODE_OPENSSL && HAVE_IO_TESTS_DEPENDENCIES && !WOLFSSL_NO_TLS12 */ /* This test is to check wolfSSL_read behaves as same as * openSSL when it is called after SSL_shutdown completes. */ static int test_wolfSSL_read_detect_TCP_disconnect(void) { int res = TEST_SKIPPED; #if defined(OPENSSL_EXTRA) && defined(WOLFSSL_ERROR_CODE_OPENSSL) && \ defined(HAVE_IO_TESTS_DEPENDENCIES) && !defined(WOLFSSL_NO_TLS12) tcp_ready ready; func_args client_args; func_args server_args; THREAD_TYPE serverThread; THREAD_TYPE clientThread; callback_functions server_cbf; callback_functions client_cbf; #ifdef WOLFSSL_TIRTOS fdOpenSession(Task_self()); #endif StartTCP(); InitTcpReady(&ready); #if defined(USE_WINDOWS_API) /* use RNG to get random port if using windows */ ready.port = GetRandomPort(); #endif XMEMSET(&client_args, 0, sizeof(func_args)); XMEMSET(&server_args, 0, sizeof(func_args)); XMEMSET(&server_cbf, 0, sizeof(callback_functions)); XMEMSET(&client_cbf, 0, sizeof(callback_functions)); server_cbf.method = wolfTLSv1_2_server_method; client_cbf.method = wolfTLSv1_2_client_method; server_args.callbacks = &server_cbf; client_args.callbacks = &client_cbf; server_args.signal = &ready; client_args.signal = &ready; start_thread(SSL_read_test_server_thread, &server_args, &serverThread); wait_tcp_ready(&server_args); start_thread(SSL_read_test_client_thread, &client_args, &clientThread); join_thread(clientThread); join_thread(serverThread); AssertTrue(client_args.return_code); AssertTrue(server_args.return_code); FreeTcpReady(&ready); res = TEST_RES_CHECK(1); #endif return res; } static int test_wolfSSL_CTX_get_min_proto_version(void) { int res = TEST_SKIPPED; #if defined(OPENSSL_EXTRA) || defined(OPENSSL_ALL) WOLFSSL_CTX *ctx; (void)ctx; AssertNotNull(ctx = wolfSSL_CTX_new(wolfSSLv23_method())); AssertIntEQ(wolfSSL_CTX_set_min_proto_version(ctx, SSL3_VERSION), WOLFSSL_SUCCESS); #ifdef WOLFSSL_ALLOW_SSLV3 AssertIntEQ(wolfSSL_CTX_get_min_proto_version(ctx), SSL3_VERSION); #else AssertIntGT(wolfSSL_CTX_get_min_proto_version(ctx), SSL3_VERSION); #endif wolfSSL_CTX_free(ctx); #ifdef WOLFSSL_ALLOW_TLSV10 AssertNotNull(ctx = wolfSSL_CTX_new(wolfTLSv1_method())); #else AssertNotNull(ctx = wolfSSL_CTX_new(wolfSSLv23_method())); #endif AssertIntEQ(wolfSSL_CTX_set_min_proto_version(ctx, TLS1_VERSION), WOLFSSL_SUCCESS); #ifdef WOLFSSL_ALLOW_TLSV10 AssertIntEQ(wolfSSL_CTX_get_min_proto_version(ctx), TLS1_VERSION); #else AssertIntGT(wolfSSL_CTX_get_min_proto_version(ctx), TLS1_VERSION); #endif wolfSSL_CTX_free(ctx); AssertNotNull(ctx = wolfSSL_CTX_new(wolfSSLv23_method())); AssertIntEQ(wolfSSL_CTX_set_min_proto_version(ctx, TLS1_1_VERSION), WOLFSSL_SUCCESS); #ifndef NO_OLD_TLS AssertIntEQ(wolfSSL_CTX_get_min_proto_version(ctx), TLS1_1_VERSION); #else AssertIntGT(wolfSSL_CTX_get_min_proto_version(ctx), TLS1_1_VERSION); #endif wolfSSL_CTX_free(ctx); #ifndef WOLFSSL_NO_TLS12 AssertNotNull(ctx = wolfSSL_CTX_new(wolfTLSv1_2_method())); AssertIntEQ(wolfSSL_CTX_set_min_proto_version(ctx, TLS1_2_VERSION), WOLFSSL_SUCCESS); AssertIntEQ(wolfSSL_CTX_get_min_proto_version(ctx), TLS1_2_VERSION); wolfSSL_CTX_free(ctx); #endif #ifdef WOLFSSL_TLS13 AssertNotNull(ctx = wolfSSL_CTX_new(wolfTLSv1_3_method())); AssertIntEQ(wolfSSL_CTX_set_min_proto_version(ctx, TLS1_3_VERSION), WOLFSSL_SUCCESS); AssertIntEQ(wolfSSL_CTX_get_min_proto_version(ctx), TLS1_3_VERSION); wolfSSL_CTX_free(ctx); #endif res = TEST_RES_CHECK(1); #endif /* defined(OPENSSL_EXTRA) || defined(OPENSSL_ALL) */ return res; } #if defined(OPENSSL_ALL) || (defined(OPENSSL_EXTRA) && \ (defined(HAVE_STUNNEL) || defined(WOLFSSL_NGINX) || \ defined(HAVE_LIGHTY) || defined(WOLFSSL_HAPROXY) || \ defined(WOLFSSL_OPENSSH) || defined(HAVE_SBLIM_SFCB))) static int test_wolfSSL_set_SSL_CTX(void) { int res = TEST_SKIPPED; #if (defined(OPENSSL_EXTRA) || defined(OPENSSL_ALL)) \ && !defined(WOLFSSL_NO_TLS12) && defined(WOLFSSL_TLS13) && \ !defined(NO_RSA) WOLFSSL_CTX *ctx1, *ctx2; WOLFSSL *ssl; const byte *session_id1 = (const byte *)"CTX1"; const byte *session_id2 = (const byte *)"CTX2"; AssertNotNull(ctx1 = wolfSSL_CTX_new(wolfTLS_server_method())); AssertTrue(wolfSSL_CTX_use_certificate_file(ctx1, svrCertFile, WOLFSSL_FILETYPE_PEM)); AssertTrue(wolfSSL_CTX_use_PrivateKey_file(ctx1, svrKeyFile, WOLFSSL_FILETYPE_PEM)); AssertIntEQ(wolfSSL_CTX_set_min_proto_version(ctx1, TLS1_2_VERSION), WOLFSSL_SUCCESS); AssertIntEQ(wolfSSL_CTX_get_min_proto_version(ctx1), TLS1_2_VERSION); AssertIntEQ(wolfSSL_CTX_get_max_proto_version(ctx1), TLS1_3_VERSION); AssertIntEQ(wolfSSL_CTX_set_session_id_context(ctx1, session_id1, 4), WOLFSSL_SUCCESS); AssertNotNull(ctx2 = wolfSSL_CTX_new(wolfTLS_server_method())); AssertTrue(wolfSSL_CTX_use_certificate_file(ctx2, svrCertFile, WOLFSSL_FILETYPE_PEM)); AssertTrue(wolfSSL_CTX_use_PrivateKey_file(ctx2, svrKeyFile, WOLFSSL_FILETYPE_PEM)); AssertIntEQ(wolfSSL_CTX_set_min_proto_version(ctx2, TLS1_2_VERSION), WOLFSSL_SUCCESS); AssertIntEQ(wolfSSL_CTX_set_max_proto_version(ctx2, TLS1_2_VERSION), WOLFSSL_SUCCESS); AssertIntEQ(wolfSSL_CTX_get_min_proto_version(ctx2), TLS1_2_VERSION); AssertIntEQ(wolfSSL_CTX_get_max_proto_version(ctx2), TLS1_2_VERSION); AssertIntEQ(wolfSSL_CTX_set_session_id_context(ctx2, session_id2, 4), WOLFSSL_SUCCESS); #ifdef HAVE_SESSION_TICKET AssertIntEQ((wolfSSL_CTX_get_options(ctx1) & SSL_OP_NO_TICKET), 0); wolfSSL_CTX_set_options(ctx2, SSL_OP_NO_TICKET); AssertIntNE((wolfSSL_CTX_get_options(ctx2) & SSL_OP_NO_TICKET), 0); #endif AssertNotNull(ssl = wolfSSL_new(ctx2)); AssertIntNE((wolfSSL_get_options(ssl) & WOLFSSL_OP_NO_TLSv1_3), 0); #ifdef WOLFSSL_INT_H AssertIntEQ(XMEMCMP(ssl->sessionCtx, session_id2, 4), 0); AssertTrue(ssl->buffers.certificate == ctx2->certificate); AssertTrue(ssl->buffers.certChain == ctx2->certChain); #endif #ifdef HAVE_SESSION_TICKET AssertIntNE((wolfSSL_get_options(ssl) & SSL_OP_NO_TICKET), 0); #endif /* Set the ctx1 that has TLSv1.3 as max proto version */ AssertNotNull(wolfSSL_set_SSL_CTX(ssl, ctx1)); /* MUST not change proto versions of ssl */ AssertIntNE((wolfSSL_get_options(ssl) & WOLFSSL_OP_NO_TLSv1_3), 0); #ifdef HAVE_SESSION_TICKET /* MUST not change */ AssertIntNE((wolfSSL_get_options(ssl) & SSL_OP_NO_TICKET), 0); #endif /* MUST change */ #ifdef WOLFSSL_INT_H AssertTrue(ssl->buffers.certificate == ctx1->certificate); AssertTrue(ssl->buffers.certChain == ctx1->certChain); AssertIntEQ(XMEMCMP(ssl->sessionCtx, session_id1, 4), 0); #endif wolfSSL_free(ssl); wolfSSL_CTX_free(ctx1); wolfSSL_CTX_free(ctx2); res = TEST_RES_CHECK(1); #endif /* defined(OPENSSL_EXTRA) || defined(OPENSSL_ALL) */ return res; } #endif /* defined(OPENSSL_ALL) || (defined(OPENSSL_EXTRA) && \ (defined(HAVE_STUNNEL) || defined(WOLFSSL_NGINX) || \ defined(HAVE_LIGHTY) || defined(WOLFSSL_HAPROXY) || \ defined(WOLFSSL_OPENSSH) || defined(HAVE_SBLIM_SFCB))) */ static int test_wolfSSL_security_level(void) { int res = TEST_SKIPPED; #if defined(OPENSSL_EXTRA) SSL_CTX *ctx; #ifdef WOLFSSL_TLS13 #ifdef NO_WOLFSSL_SERVER AssertNotNull(ctx = wolfSSL_CTX_new(wolfTLSv1_3_client_method())); #else AssertNotNull(ctx = wolfSSL_CTX_new(wolfTLSv1_3_server_method())); #endif SSL_CTX_set_security_level(ctx, 1); AssertTrue(1); AssertIntEQ(SSL_CTX_get_security_level(ctx), 0); SSL_CTX_free(ctx); #else (void)ctx; #endif res = TEST_RES_CHECK(1); #endif return res; } static int test_wolfSSL_SSL_in_init(void) { int res = TEST_SKIPPED; #if defined(OPENSSL_ALL) && !defined(NO_BIO) SSL_CTX* ctx; SSL* ssl; const char* testCertFile; const char* testKeyFile; #ifdef WOLFSSL_TLS13 #ifdef NO_WOLFSSL_SERVER AssertNotNull(ctx = wolfSSL_CTX_new(wolfTLSv1_3_client_method())); #else AssertNotNull(ctx = wolfSSL_CTX_new(wolfTLSv1_3_server_method())); #endif #ifndef NO_RSA testCertFile = svrCertFile; testKeyFile = svrKeyFile; #elif defined(HAVE_ECC) testCertFile = eccCertFile; testKeyFile = eccKeyFile; #else testCertFile = NULL; testKeyFile = NULL; #endif if (testCertFile != NULL && testKeyFile != NULL) { AssertTrue(SSL_CTX_use_certificate_file(ctx, testCertFile, SSL_FILETYPE_PEM)); AssertTrue(SSL_CTX_use_PrivateKey_file(ctx, testKeyFile, SSL_FILETYPE_PEM)); } ssl = SSL_new(ctx); AssertNotNull(ssl); AssertIntEQ(SSL_in_init(ssl), 1); SSL_CTX_free(ctx); SSL_free(ssl); #else (void)ctx; (void)ssl; (void)testCertFile; (void)testKeyFile; #endif res = TEST_RES_CHECK(1); #endif return res; } static int test_wolfSSL_CTX_set_timeout(void) { int res = TEST_SKIPPED; #if !defined(NO_WOLFSSL_SERVER) && !defined(NO_SESSION_CACHE) int timeout; WOLFSSL_CTX* ctx = wolfSSL_CTX_new(wolfSSLv23_server_method()); (void)timeout; AssertNotNull(ctx); #if defined(WOLFSSL_ERROR_CODE_OPENSSL) /* in WOLFSSL_ERROR_CODE_OPENSSL macro guard, * wolfSSL_CTX_set_timeout returns previous timeout value on success. */ AssertIntEQ(wolfSSL_CTX_set_timeout(NULL, 0), BAD_FUNC_ARG); /* giving 0 as timeout value sets default timeout */ timeout = wolfSSL_CTX_set_timeout(ctx, 0); AssertIntEQ(wolfSSL_CTX_set_timeout(ctx, 20), timeout); AssertIntEQ(wolfSSL_CTX_set_timeout(ctx, 30), 20); #else AssertIntEQ(wolfSSL_CTX_set_timeout(NULL, 0), BAD_FUNC_ARG); AssertIntEQ(wolfSSL_CTX_set_timeout(ctx, 100), 1); AssertIntEQ(wolfSSL_CTX_set_timeout(ctx, 0), 1); #endif wolfSSL_CTX_free(ctx); res = TEST_RES_CHECK(1); #endif /* !NO_WOLFSSL_SERVER && !NO_SESSION_CACHE*/ return res; } static int test_wolfSSL_OpenSSL_version(void) { int res = TEST_SKIPPED; #if defined(OPENSSL_EXTRA) const char* ver; #if defined(OPENSSL_VERSION_NUMBER) && OPENSSL_VERSION_NUMBER >= 0x10100000L AssertNotNull(ver = OpenSSL_version(0)); #else AssertNotNull(ver = OpenSSL_version()); #endif AssertIntEQ(XMEMCMP(ver, "wolfSSL " LIBWOLFSSL_VERSION_STRING, XSTRLEN("wolfSSL " LIBWOLFSSL_VERSION_STRING)), 0); res = TEST_RES_CHECK(1); #endif return res; } static int test_CONF_CTX_CMDLINE(void) { int res = TEST_SKIPPED; #if defined(OPENSSL_ALL) SSL_CTX* ctx = NULL; SSL_CONF_CTX* cctx = NULL; AssertNotNull(cctx = SSL_CONF_CTX_new()); AssertNotNull(ctx = wolfSSL_CTX_new(wolfSSLv23_server_method())); SSL_CONF_CTX_set_ssl_ctx(cctx, ctx); AssertTrue(1); /* set flags */ AssertIntEQ(SSL_CONF_CTX_set_flags(cctx, WOLFSSL_CONF_FLAG_CMDLINE), WOLFSSL_CONF_FLAG_CMDLINE); AssertIntEQ(SSL_CONF_CTX_set_flags(cctx, WOLFSSL_CONF_FLAG_CERTIFICATE), WOLFSSL_CONF_FLAG_CMDLINE | WOLFSSL_CONF_FLAG_CERTIFICATE); /* cmd invalid command */ AssertIntEQ(SSL_CONF_cmd(cctx, "foo", "foobar"), -2); AssertIntEQ(SSL_CONF_cmd(cctx, "foo", NULL), -2); AssertIntEQ(SSL_CONF_cmd(cctx, NULL, NULL), WOLFSSL_FAILURE); AssertIntEQ(SSL_CONF_cmd(cctx, NULL, "foobar"), WOLFSSL_FAILURE); AssertIntEQ(SSL_CONF_cmd(NULL, "-curves", "foobar"), WOLFSSL_FAILURE); /* cmd Certificate and Private Key*/ { #if !defined(NO_CERTS) && !defined(NO_RSA) const char* ourCert = svrCertFile; const char* ourKey = svrKeyFile; AssertIntEQ(SSL_CONF_cmd(cctx, "-cert", NULL), -3); AssertIntEQ(SSL_CONF_cmd(cctx, "-cert", ourCert), WOLFSSL_SUCCESS); AssertIntEQ(SSL_CONF_cmd(cctx, "-key", NULL), -3); AssertIntEQ(SSL_CONF_cmd(cctx, "-key", ourKey), WOLFSSL_SUCCESS); AssertIntEQ(SSL_CONF_CTX_finish(cctx), WOLFSSL_SUCCESS); #endif } /* cmd curves */ { #if defined(HAVE_ECC) const char* curve = "secp256r1"; AssertIntEQ(SSL_CONF_cmd(cctx, "-curves", NULL), -3); AssertIntEQ(SSL_CONF_cmd(cctx, "-curves", curve), WOLFSSL_SUCCESS); AssertIntEQ(SSL_CONF_CTX_finish(cctx), WOLFSSL_SUCCESS); #endif } /* cmd CipherString */ { char* cipher = wolfSSL_get_cipher_list(0/*top priority*/); AssertIntEQ(SSL_CONF_cmd(cctx, "-cipher", NULL), -3); AssertIntEQ(SSL_CONF_cmd(cctx, "-cipher", cipher), WOLFSSL_SUCCESS); AssertIntEQ(SSL_CONF_CTX_finish(cctx), WOLFSSL_SUCCESS); } /* cmd DH parameter */ { #if !defined(NO_DH) && !defined(NO_BIO) const char* ourdhcert = "./certs/dh2048.pem"; AssertIntEQ(SSL_CONF_cmd(cctx, "-dhparam", NULL), -3); AssertIntEQ(SSL_CONF_cmd(cctx, "-dhparam", ourdhcert), WOLFSSL_SUCCESS); AssertIntEQ(SSL_CONF_CTX_finish(cctx), WOLFSSL_SUCCESS); #endif } SSL_CTX_free(ctx); SSL_CONF_CTX_free(cctx); res = TEST_RES_CHECK(1); #endif /* OPENSSL_EXTRA */ return res; } static int test_CONF_CTX_FILE(void) { int res = TEST_SKIPPED; #if defined(OPENSSL_ALL) SSL_CTX* ctx = NULL; SSL_CONF_CTX* cctx = NULL; AssertNotNull(cctx = SSL_CONF_CTX_new()); AssertNotNull(ctx = wolfSSL_CTX_new(wolfSSLv23_server_method())); SSL_CONF_CTX_set_ssl_ctx(cctx, ctx); AssertTrue(1); /* set flags */ AssertIntEQ(SSL_CONF_CTX_set_flags(cctx, WOLFSSL_CONF_FLAG_FILE), WOLFSSL_CONF_FLAG_FILE); AssertIntEQ(SSL_CONF_CTX_set_flags(cctx, WOLFSSL_CONF_FLAG_CERTIFICATE), WOLFSSL_CONF_FLAG_FILE | WOLFSSL_CONF_FLAG_CERTIFICATE); /* sanity check */ AssertIntEQ(SSL_CONF_cmd(cctx, "foo", "foobar"), -2); AssertIntEQ(SSL_CONF_cmd(cctx, "foo", NULL), -2); AssertIntEQ(SSL_CONF_cmd(cctx, NULL, NULL), WOLFSSL_FAILURE); AssertIntEQ(SSL_CONF_cmd(cctx, NULL, "foobar"), WOLFSSL_FAILURE); AssertIntEQ(SSL_CONF_cmd(NULL, "-curves", "foobar"), WOLFSSL_FAILURE); /* cmd Certificate and Private Key*/ { #if !defined(NO_CERTS) && !defined(NO_RSA) const char* ourCert = svrCertFile; const char* ourKey = svrKeyFile; AssertIntEQ(SSL_CONF_cmd(cctx, "Certificate", NULL), -3); AssertIntEQ(SSL_CONF_cmd(cctx, "PrivateKey", NULL), -3); AssertIntEQ(SSL_CONF_cmd(cctx, "Certificate", ourCert), WOLFSSL_SUCCESS); AssertIntEQ(SSL_CONF_cmd(cctx, "PrivateKey", ourKey), WOLFSSL_SUCCESS); AssertIntEQ(SSL_CONF_CTX_finish(cctx), WOLFSSL_SUCCESS); #endif } /* cmd curves */ { #if defined(HAVE_ECC) const char* curve = "secp256r1"; AssertIntEQ(SSL_CONF_cmd(cctx, "Curves", NULL), -3); AssertIntEQ(SSL_CONF_cmd(cctx, "Curves", curve), WOLFSSL_SUCCESS); AssertIntEQ(SSL_CONF_CTX_finish(cctx), WOLFSSL_SUCCESS); #endif } /* cmd CipherString */ { char* cipher = wolfSSL_get_cipher_list(0/*top priority*/); AssertIntEQ(SSL_CONF_cmd(cctx, "CipherString", NULL), -3); AssertIntEQ(SSL_CONF_cmd(cctx, "CipherString", cipher), WOLFSSL_SUCCESS); AssertIntEQ(SSL_CONF_CTX_finish(cctx), WOLFSSL_SUCCESS); } /* cmd DH parameter */ { #if !defined(NO_DH) && !defined(NO_BIO) && defined(HAVE_FFDHE_3072) const char* ourdhcert = "./certs/dh3072.pem"; AssertIntEQ(SSL_CONF_cmd(cctx, "DHParameters", NULL), -3); AssertIntEQ(SSL_CONF_cmd(cctx, "DHParameters", ourdhcert), WOLFSSL_SUCCESS); AssertIntEQ(SSL_CONF_CTX_finish(cctx), WOLFSSL_SUCCESS); #endif } SSL_CTX_free(ctx); SSL_CONF_CTX_free(cctx); res = TEST_RES_CHECK(1); #endif /* OPENSSL_EXTRA */ return res; } static int test_wolfSSL_CRYPTO_get_ex_new_index(void) { int res = TEST_SKIPPED; #ifdef HAVE_EX_DATA int idx1, idx2; /* test for unsupported class index */ AssertIntEQ(wolfSSL_CRYPTO_get_ex_new_index(WOLF_CRYPTO_EX_INDEX_X509_STORE, 0,NULL, NULL, NULL, NULL ), -1); AssertIntEQ(wolfSSL_CRYPTO_get_ex_new_index(WOLF_CRYPTO_EX_INDEX_X509_STORE_CTX, 0,NULL, NULL, NULL, NULL ), -1); AssertIntEQ(wolfSSL_CRYPTO_get_ex_new_index(WOLF_CRYPTO_EX_INDEX_DH, 0,NULL, NULL, NULL, NULL ), -1); AssertIntEQ(wolfSSL_CRYPTO_get_ex_new_index(WOLF_CRYPTO_EX_INDEX_DSA, 0,NULL, NULL, NULL, NULL ), -1); AssertIntEQ(wolfSSL_CRYPTO_get_ex_new_index(WOLF_CRYPTO_EX_INDEX_EC_KEY, 0,NULL, NULL, NULL, NULL ), -1); AssertIntEQ(wolfSSL_CRYPTO_get_ex_new_index(WOLF_CRYPTO_EX_INDEX_RSA, 0,NULL, NULL, NULL, NULL ), -1); AssertIntEQ(wolfSSL_CRYPTO_get_ex_new_index(WOLF_CRYPTO_EX_INDEX_ENGINE, 0,NULL, NULL, NULL, NULL ), -1); AssertIntEQ(wolfSSL_CRYPTO_get_ex_new_index(WOLF_CRYPTO_EX_INDEX_UI, 0,NULL, NULL, NULL, NULL ), -1); AssertIntEQ(wolfSSL_CRYPTO_get_ex_new_index(WOLF_CRYPTO_EX_INDEX_BIO, 0,NULL, NULL, NULL, NULL ), -1); AssertIntEQ(wolfSSL_CRYPTO_get_ex_new_index(WOLF_CRYPTO_EX_INDEX_APP, 0,NULL, NULL, NULL, NULL ), -1); AssertIntEQ(wolfSSL_CRYPTO_get_ex_new_index(WOLF_CRYPTO_EX_INDEX_UI_METHOD, 0,NULL, NULL, NULL, NULL ), -1); AssertIntEQ(wolfSSL_CRYPTO_get_ex_new_index(WOLF_CRYPTO_EX_INDEX_DRBG, 0,NULL, NULL, NULL, NULL ), -1); AssertIntEQ(wolfSSL_CRYPTO_get_ex_new_index(20, 0,NULL, NULL, NULL, NULL ), -1); /* test for supported class index */ idx1 = wolfSSL_CRYPTO_get_ex_new_index(WOLF_CRYPTO_EX_INDEX_SSL, 0,NULL, NULL, NULL, NULL ); idx2 = wolfSSL_CRYPTO_get_ex_new_index(WOLF_CRYPTO_EX_INDEX_SSL, 0,NULL, NULL, NULL, NULL ); AssertIntNE(idx1, -1); AssertIntNE(idx2, -1); AssertIntNE(idx1, idx2); idx1 = wolfSSL_CRYPTO_get_ex_new_index(WOLF_CRYPTO_EX_INDEX_SSL_CTX, 0,NULL, NULL, NULL, NULL ); idx2 = wolfSSL_CRYPTO_get_ex_new_index(WOLF_CRYPTO_EX_INDEX_SSL_CTX, 0,NULL, NULL, NULL, NULL ); AssertIntNE(idx1, -1); AssertIntNE(idx2, -1); AssertIntNE(idx1, idx2); idx1 = wolfSSL_CRYPTO_get_ex_new_index(WOLF_CRYPTO_EX_INDEX_X509, 0,NULL, NULL, NULL, NULL ); idx2 = wolfSSL_CRYPTO_get_ex_new_index(WOLF_CRYPTO_EX_INDEX_X509, 0,NULL, NULL, NULL, NULL ); AssertIntNE(idx1, -1); AssertIntNE(idx2, -1); AssertIntNE(idx1, idx2); idx1 = wolfSSL_CRYPTO_get_ex_new_index(WOLF_CRYPTO_EX_INDEX_SSL_SESSION, 0,NULL, NULL, NULL, NULL ); idx2 = wolfSSL_CRYPTO_get_ex_new_index(WOLF_CRYPTO_EX_INDEX_SSL_SESSION, 0,NULL, NULL, NULL, NULL ); AssertIntNE(idx1, -1); AssertIntNE(idx2, -1); AssertIntNE(idx1, idx2); res = TEST_RES_CHECK(1); #endif /* HAVE_EX_DATA */ return res; } #if defined(HAVE_EX_DATA) && \ (defined(OPENSSL_ALL) || (defined(OPENSSL_EXTRA) && \ (defined(HAVE_STUNNEL) || defined(WOLFSSL_NGINX) || \ defined(HAVE_LIGHTY) || defined(WOLFSSL_HAPROXY) || \ defined(WOLFSSL_OPENSSH) || defined(HAVE_SBLIM_SFCB)))) #define SESSION_NEW_IDX_LONG 0xDEADBEEF #define SESSION_NEW_IDX_VAL ((void*)0xAEADAEAD) #define SESSION_DUP_IDX_VAL ((void*)0xDEDEDEDE) #define SESSION_NEW_IDX_PTR "Testing" static void test_wolfSSL_SESSION_get_ex_new_index_new_cb(void* p, void* ptr, CRYPTO_EX_DATA* a, int idx, long argValue, void* arg) { AssertNotNull(p); AssertNull(ptr); AssertIntEQ(CRYPTO_set_ex_data(a, idx, SESSION_NEW_IDX_VAL), SSL_SUCCESS); AssertIntEQ(argValue, SESSION_NEW_IDX_LONG); AssertStrEQ(arg, SESSION_NEW_IDX_PTR); } static int test_wolfSSL_SESSION_get_ex_new_index_dup_cb(CRYPTO_EX_DATA* out, const CRYPTO_EX_DATA* in, void* inPtr, int idx, long argV, void* arg) { AssertNotNull(out); AssertNotNull(in); AssertPtrEq(*(void**)inPtr, SESSION_NEW_IDX_VAL); AssertPtrEq(CRYPTO_get_ex_data(in, idx), SESSION_NEW_IDX_VAL); AssertPtrEq(CRYPTO_get_ex_data(out, idx), SESSION_NEW_IDX_VAL); AssertIntEQ(argV, SESSION_NEW_IDX_LONG); AssertStrEQ(arg, SESSION_NEW_IDX_PTR); *(void**)inPtr = SESSION_DUP_IDX_VAL; return SSL_SUCCESS; } static int test_wolfSSL_SESSION_get_ex_new_index_free_cb_called = 0; static void test_wolfSSL_SESSION_get_ex_new_index_free_cb(void* p, void* ptr, CRYPTO_EX_DATA* a, int idx, long argValue, void* arg) { AssertNotNull(p); AssertNull(ptr); AssertPtrNE(CRYPTO_get_ex_data(a, idx), 0); AssertIntEQ(argValue, SESSION_NEW_IDX_LONG); AssertStrEQ(arg, SESSION_NEW_IDX_PTR); test_wolfSSL_SESSION_get_ex_new_index_free_cb_called++; } static int test_wolfSSL_SESSION_get_ex_new_index(void) { int idx = SSL_SESSION_get_ex_new_index(SESSION_NEW_IDX_LONG, (void*)SESSION_NEW_IDX_PTR, test_wolfSSL_SESSION_get_ex_new_index_new_cb, test_wolfSSL_SESSION_get_ex_new_index_dup_cb, test_wolfSSL_SESSION_get_ex_new_index_free_cb); SSL_SESSION* s = SSL_SESSION_new(); SSL_SESSION* d = NULL; AssertNotNull(s); AssertPtrEq(SSL_SESSION_get_ex_data(s, idx), SESSION_NEW_IDX_VAL); AssertNotNull(d = SSL_SESSION_dup(s)); AssertPtrEq(SSL_SESSION_get_ex_data(d, idx), SESSION_DUP_IDX_VAL); SSL_SESSION_free(s); AssertIntEQ(test_wolfSSL_SESSION_get_ex_new_index_free_cb_called, 1); SSL_SESSION_free(d); AssertIntEQ(test_wolfSSL_SESSION_get_ex_new_index_free_cb_called, 2); crypto_ex_cb_free(crypto_ex_cb_ctx_session); crypto_ex_cb_ctx_session = NULL; return TEST_RES_CHECK(1); } #else static int test_wolfSSL_SESSION_get_ex_new_index(void) { return TEST_SKIPPED; } #endif static int test_wolfSSL_set_psk_use_session_callback(void) { int res = TEST_SKIPPED; #if defined(OPENSSL_EXTRA) && !defined(NO_PSK) SSL_CTX* ctx; SSL* ssl; const char* testCertFile; const char* testKeyFile; #ifdef WOLFSSL_TLS13 #ifdef NO_WOLFSSL_SERVER AssertNotNull(ctx = wolfSSL_CTX_new(wolfTLSv1_3_client_method())); #else AssertNotNull(ctx = wolfSSL_CTX_new(wolfTLSv1_3_server_method())); #endif #ifndef NO_RSA testCertFile = svrCertFile; testKeyFile = svrKeyFile; #elif defined(HAVE_ECC) testCertFile = eccCertFile; testKeyFile = eccKeyFile; #else testCertFile = NULL; testKeyFile = NULL; #endif if (testCertFile != NULL && testKeyFile != NULL) { AssertTrue(SSL_CTX_use_certificate_file(ctx, testCertFile, SSL_FILETYPE_PEM)); AssertTrue(SSL_CTX_use_PrivateKey_file(ctx, testKeyFile, SSL_FILETYPE_PEM)); } ssl = SSL_new(ctx); AssertNotNull(ssl); SSL_set_psk_use_session_callback(ssl, my_psk_use_session_cb); AssertTrue(1); SSL_CTX_free(ctx); SSL_free(ssl); #else (void)ctx; (void)ssl; (void)testCertFile; (void)testKeyFile; #endif res = TEST_RES_CHECK(1); #endif return res; } static int test_wolfSSL_ERR_strings(void) { int res = TEST_SKIPPED; #if !defined(NO_ERROR_STRINGS) const char* err1 = "unsupported cipher suite"; const char* err2 = "wolfSSL PEM routines"; const char* err = NULL; (void)err; (void)err1; (void)err2; #if defined(OPENSSL_EXTRA) err = ERR_reason_error_string(UNSUPPORTED_SUITE); AssertTrue(err != NULL); AssertIntEQ(XSTRNCMP(err, err1, XSTRLEN(err1)), 0); err = ERR_func_error_string(UNSUPPORTED_SUITE); AssertTrue(err != NULL); AssertIntEQ((*err == '\0'), 1); err = ERR_lib_error_string(PEM_R_PROBLEMS_GETTING_PASSWORD); AssertTrue(err != NULL); AssertIntEQ(XSTRNCMP(err, err2, XSTRLEN(err2)), 0); #else err = wolfSSL_ERR_reason_error_string(UNSUPPORTED_SUITE); AssertTrue(err != NULL); AssertIntEQ(XSTRNCMP(err, err1, XSTRLEN(err1)), 0); err = wolfSSL_ERR_func_error_string(UNSUPPORTED_SUITE); AssertTrue(err != NULL); AssertIntEQ((*err == '\0'), 1); /* The value -MIN_CODE_E+2 is PEM_R_PROBLEMS_GETTING_PASSWORD. */ err = wolfSSL_ERR_lib_error_string(-MIN_CODE_E+2); AssertTrue(err != NULL); AssertIntEQ((*err == '\0'), 1); #endif res = TEST_RES_CHECK(1); #endif return res; } static int test_wolfSSL_EVP_shake128(void) { int res = TEST_SKIPPED; #if defined(OPENSSL_EXTRA) && defined(WOLFSSL_SHA3) && \ defined(WOLFSSL_SHAKE128) const EVP_MD* md = NULL; md = EVP_shake128(); AssertTrue(md != NULL); AssertIntEQ(XSTRNCMP(md, "SHAKE128", XSTRLEN("SHAKE128")), 0); res = TEST_RES_CHECK(1); #endif return res; } static int test_wolfSSL_EVP_shake256(void) { int res = TEST_SKIPPED; #if defined(OPENSSL_EXTRA) && defined(WOLFSSL_SHA3) && \ defined(WOLFSSL_SHAKE256) const EVP_MD* md = NULL; md = EVP_shake256(); AssertTrue(md != NULL); AssertIntEQ(XSTRNCMP(md, "SHAKE256", XSTRLEN("SHAKE256")), 0); res = TEST_RES_CHECK(1); #endif return res; } static int test_EVP_blake2(void) { int res = TEST_SKIPPED; #if defined(OPENSSL_EXTRA) && (defined(HAVE_BLAKE2) || defined(HAVE_BLAKE2S)) const EVP_MD* md = NULL; (void)md; #if defined(HAVE_BLAKE2) md = EVP_blake2b512(); AssertTrue(md != NULL); AssertIntEQ(XSTRNCMP(md, "BLAKE2B512", XSTRLEN("BLAKE2B512")), 0); #endif #if defined(HAVE_BLAKE2S) md = EVP_blake2s256(); AssertTrue(md != NULL); AssertIntEQ(XSTRNCMP(md, "BLAKE2S256", XSTRLEN("BLAKE2S256")), 0); #endif res = TEST_RES_CHECK(1); #endif return res; } #if defined(OPENSSL_EXTRA) static void list_md_fn(const EVP_MD* m, const char* from, const char* to, void* arg) { const char* mn; BIO *bio; (void) from; (void) to; (void) arg; (void) mn; (void) bio; if (!m) { /* alias */ AssertNull(m); AssertNotNull(to); } else { AssertNotNull(m); AssertNull(to); } AssertNotNull(from); #if !defined(NO_FILESYSTEM) && defined(DEBUG_WOLFSSL_VERBOSE) mn = EVP_get_digestbyname(from); /* print to stderr */ AssertNotNull(arg); bio = BIO_new(BIO_s_file()); BIO_set_fp(bio, arg, BIO_NOCLOSE); BIO_printf(bio, "Use %s message digest algorithm\n", mn); BIO_free(bio); #endif } #endif static int test_EVP_MD_do_all(void) { int res = TEST_SKIPPED; #if defined(OPENSSL_EXTRA) EVP_MD_do_all(NULL, stderr); /* to confirm previous call gives no harm */ AssertTrue(1); EVP_MD_do_all(list_md_fn, stderr); /* to confirm previous call gives no harm */ AssertTrue(1); res = TEST_RES_CHECK(1); #endif return res; } #if defined(OPENSSL_EXTRA) static void obj_name_t(const OBJ_NAME* nm, void* arg) { (void)arg; (void)nm; AssertIntGT(nm->type, OBJ_NAME_TYPE_UNDEF); #if !defined(NO_FILESYSTEM) && defined(DEBUG_WOLFSSL_VERBOSE) /* print to stderr */ AssertNotNull(arg); bio = BIO_new(BIO_s_file()); BIO_set_fp(bio, arg, BIO_NOCLOSE); BIO_printf(bio, "%s\n", mn); BIO_free(bio); #endif } #endif static int test_OBJ_NAME_do_all(void) { int res = TEST_SKIPPED; #if defined(OPENSSL_EXTRA) OBJ_NAME_do_all(OBJ_NAME_TYPE_MD_METH, NULL, NULL); /* to confirm previous call gives no harm */ AssertTrue(1); OBJ_NAME_do_all(OBJ_NAME_TYPE_CIPHER_METH, NULL, stderr); /* to confirm previous call gives no harm */ AssertTrue(1); OBJ_NAME_do_all(OBJ_NAME_TYPE_MD_METH, obj_name_t, stderr); AssertTrue(1); OBJ_NAME_do_all(OBJ_NAME_TYPE_PKEY_METH, obj_name_t, stderr); AssertTrue(1); OBJ_NAME_do_all(OBJ_NAME_TYPE_COMP_METH, obj_name_t, stderr); AssertTrue(1); OBJ_NAME_do_all(OBJ_NAME_TYPE_NUM, obj_name_t, stderr); AssertTrue(1); OBJ_NAME_do_all(OBJ_NAME_TYPE_UNDEF, obj_name_t, stderr); AssertTrue(1); OBJ_NAME_do_all(OBJ_NAME_TYPE_CIPHER_METH, obj_name_t, stderr); AssertTrue(1); OBJ_NAME_do_all(-1, obj_name_t, stderr); AssertTrue(1); res = TEST_RES_CHECK(1); #endif return res; } static int test_SSL_CIPHER_get_xxx(void) { int res = TEST_SKIPPED; #if defined(OPENSSL_ALL) && !defined(NO_CERTS) && \ !defined(NO_FILESYSTEM) const SSL_CIPHER* cipher = NULL; STACK_OF(SSL_CIPHER) *supportedCiphers = NULL; int i, numCiphers = 0; SSL_CTX* ctx = NULL; SSL* ssl = NULL; const char* testCertFile; const char* testKeyFile; char buf[256] = {0}; const char* cipher_id = NULL; int expect_nid1 = NID_undef; int expect_nid2 = NID_undef; int expect_nid3 = NID_undef; int expect_nid4 = NID_undef; int expect_nid5 = 0; const char* cipher_id2 = NULL; int expect_nid21 = NID_undef; int expect_nid22 = NID_undef; int expect_nid23 = NID_undef; int expect_nid24 = NID_undef; int expect_nid25 = 0; (void)cipher; (void)supportedCiphers; (void)i; (void)numCiphers; (void)ctx; (void)ssl; (void)testCertFile; (void)testKeyFile; #if defined(WOLFSSL_TLS13) cipher_id = "TLS13-AES128-GCM-SHA256"; expect_nid1 = NID_auth_rsa; expect_nid2 = NID_aes_128_gcm; expect_nid3 = NID_sha256; expect_nid4 = NID_kx_any; expect_nid5 = 1; #if !defined(WOLFSSL_NO_TLS12) cipher_id2 = "ECDHE-RSA-AES256-GCM-SHA384"; expect_nid21 = NID_auth_rsa; expect_nid22 = NID_aes_256_gcm; expect_nid23 = NID_sha384; expect_nid24 = NID_kx_ecdhe; expect_nid25 = 1; #endif #endif #ifdef NO_WOLFSSL_SERVER AssertNotNull(ctx = wolfSSL_CTX_new(wolfSSLv23_client_method())); #else AssertNotNull(ctx = wolfSSL_CTX_new(wolfSSLv23_server_method())); #endif if (cipher_id) { #ifndef NO_RSA testCertFile = svrCertFile; testKeyFile = svrKeyFile; #elif defined(HAVE_ECC) testCertFile = eccCertFile; testKeyFile = eccKeyFile; #else testCertFile = NULL; testKeyFile = NULL; #endif if (testCertFile != NULL && testKeyFile != NULL) { AssertTrue(SSL_CTX_use_certificate_file(ctx, testCertFile, SSL_FILETYPE_PEM)); AssertTrue(SSL_CTX_use_PrivateKey_file(ctx, testKeyFile, SSL_FILETYPE_PEM)); } ssl = SSL_new(ctx); AssertNotNull(ssl); AssertIntEQ(SSL_in_init(ssl), 1); supportedCiphers = SSL_get_ciphers(ssl); numCiphers = sk_num(supportedCiphers); for (i = 0; i < numCiphers; ++i) { if ((cipher = (const WOLFSSL_CIPHER*)sk_value(supportedCiphers, i))) { SSL_CIPHER_description(cipher, buf, sizeof(buf)); } if (XMEMCMP(cipher_id, buf, XSTRLEN(cipher_id)) == 0) { break; } } /* test case for */ if (i != numCiphers) { AssertIntEQ(wolfSSL_CIPHER_get_auth_nid(cipher), expect_nid1); AssertIntEQ(wolfSSL_CIPHER_get_cipher_nid(cipher), expect_nid2); AssertIntEQ(wolfSSL_CIPHER_get_digest_nid(cipher), expect_nid3); AssertIntEQ(wolfSSL_CIPHER_get_kx_nid(cipher), expect_nid4); AssertIntEQ(wolfSSL_CIPHER_is_aead(cipher), expect_nid5); } if (cipher_id2) { for (i = 0; i < numCiphers; ++i) { if ((cipher = (const WOLFSSL_CIPHER*)sk_value(supportedCiphers, i))) { SSL_CIPHER_description(cipher, buf, sizeof(buf)); } if (XMEMCMP(cipher_id2, buf, XSTRLEN(cipher_id2)) == 0) { break; } } /* test case for */ if (i != numCiphers) { AssertIntEQ(wolfSSL_CIPHER_get_auth_nid(cipher), expect_nid21); AssertIntEQ(wolfSSL_CIPHER_get_cipher_nid(cipher), expect_nid22); AssertIntEQ(wolfSSL_CIPHER_get_digest_nid(cipher), expect_nid23); AssertIntEQ(wolfSSL_CIPHER_get_kx_nid(cipher), expect_nid24); AssertIntEQ(wolfSSL_CIPHER_is_aead(cipher), expect_nid25); } } } if (ctx) SSL_CTX_free(ctx); if (ssl) SSL_free(ssl); res = TEST_RES_CHECK(1); #endif return res; } #if defined(WOLF_CRYPTO_CB) && defined(HAVE_IO_TESTS_DEPENDENCIES) static int load_pem_key_file_as_der(const char* privKeyFile, DerBuffer** pDer, int* keyFormat) { int ret; byte* key_buf = NULL; size_t key_sz = 0; EncryptedInfo encInfo; XMEMSET(&encInfo, 0, sizeof(encInfo)); ret = load_file(privKeyFile, &key_buf, &key_sz); if (ret == 0) { ret = wc_PemToDer(key_buf, key_sz, PRIVATEKEY_TYPE, pDer, NULL, &encInfo, keyFormat); } if (key_buf != NULL) { free(key_buf); key_buf = NULL; } (void)encInfo; /* not used in this test */ #ifdef DEBUG_WOLFSSL fprintf(stderr, "%s (%d): Loading PEM %s (len %d) to DER (len %d)\n", (ret == 0) ? "Success" : "Failure", ret, privKeyFile, (int)key_sz, (*pDer)->length); #endif return ret; } static int test_CryptoCb_Func(int thisDevId, wc_CryptoInfo* info, void* ctx) { int ret = CRYPTOCB_UNAVAILABLE; const char* privKeyFile = (const char*)ctx; DerBuffer* pDer = NULL; int keyFormat = 0; if (info->algo_type == WC_ALGO_TYPE_PK) { #ifdef DEBUG_WOLFSSL fprintf(stderr, "test_CryptoCb_Func: Pk Type %d\n", info->pk.type); #endif #ifndef NO_RSA if (info->pk.type == WC_PK_TYPE_RSA) { switch (info->pk.rsa.type) { case RSA_PUBLIC_ENCRYPT: case RSA_PUBLIC_DECRYPT: /* perform software based RSA public op */ ret = CRYPTOCB_UNAVAILABLE; /* fallback to software */ break; case RSA_PRIVATE_ENCRYPT: case RSA_PRIVATE_DECRYPT: { RsaKey key; /* perform software based RSA private op */ #ifdef DEBUG_WOLFSSL fprintf(stderr, "test_CryptoCb_Func: RSA Priv\n"); #endif ret = load_pem_key_file_as_der(privKeyFile, &pDer, &keyFormat); if (ret != 0) { return ret; } ret = wc_InitRsaKey(&key, HEAP_HINT); if (ret == 0) { word32 keyIdx = 0; /* load RSA private key and perform private transform */ ret = wc_RsaPrivateKeyDecode(pDer->buffer, &keyIdx, &key, pDer->length); if (ret == 0) { ret = wc_RsaFunction( info->pk.rsa.in, info->pk.rsa.inLen, info->pk.rsa.out, info->pk.rsa.outLen, info->pk.rsa.type, &key, info->pk.rsa.rng); } else { /* if decode fails, then fall-back to software based crypto */ fprintf(stderr, "test_CryptoCb_Func: RSA private " "key decode failed %d, falling back to " "software\n", ret); ret = CRYPTOCB_UNAVAILABLE; } wc_FreeRsaKey(&key); } wc_FreeDer(&pDer); pDer = NULL; break; } } #ifdef DEBUG_WOLFSSL fprintf(stderr, "test_CryptoCb_Func: RSA Type %d, Ret %d, Out %d\n", info->pk.rsa.type, ret, *info->pk.rsa.outLen); #endif } #endif /* !NO_RSA */ #ifdef HAVE_ECC if (info->pk.type == WC_PK_TYPE_EC_KEYGEN) { /* mark this key as ephemeral */ if (info->pk.eckg.key != NULL) { XSTRNCPY(info->pk.eckg.key->label, "ephemeral", sizeof(info->pk.eckg.key->label)); info->pk.eckg.key->labelLen = (int)XSTRLEN(info->pk.eckg.key->label); } } else if (info->pk.type == WC_PK_TYPE_ECDSA_SIGN) { ecc_key key; /* perform software based ECC sign */ #ifdef DEBUG_WOLFSSL fprintf(stderr, "test_CryptoCb_Func: ECC Sign\n"); #endif if (info->pk.eccsign.key != NULL && XSTRCMP(info->pk.eccsign.key->label, "ephemeral") == 0) { /* this is an empheral key */ #ifdef DEBUG_WOLFSSL fprintf(stderr, "test_CryptoCb_Func: skipping signing op on " "ephemeral key\n"); #endif return CRYPTOCB_UNAVAILABLE; } ret = load_pem_key_file_as_der(privKeyFile, &pDer, &keyFormat); if (ret != 0) { return ret; } ret = wc_ecc_init(&key); if (ret == 0) { word32 keyIdx = 0; /* load ECC private key and perform private transform */ ret = wc_EccPrivateKeyDecode(pDer->buffer, &keyIdx, &key, pDer->length); if (ret == 0) { ret = wc_ecc_sign_hash( info->pk.eccsign.in, info->pk.eccsign.inlen, info->pk.eccsign.out, info->pk.eccsign.outlen, info->pk.eccsign.rng, &key); } else { /* if decode fails, then fall-back to software based crypto */ fprintf(stderr, "test_CryptoCb_Func: ECC private key " "decode failed %d, falling back to software\n", ret); ret = CRYPTOCB_UNAVAILABLE; } wc_ecc_free(&key); } wc_FreeDer(&pDer); pDer = NULL; #ifdef DEBUG_WOLFSSL fprintf(stderr, "test_CryptoCb_Func: ECC Ret %d, Out %d\n", ret, *info->pk.eccsign.outlen); #endif } #endif /* HAVE_ECC */ #ifdef HAVE_ED25519 if (info->pk.type == WC_PK_TYPE_ED25519_SIGN) { ed25519_key key; /* perform software based ED25519 sign */ #ifdef DEBUG_WOLFSSL fprintf(stderr, "test_CryptoCb_Func: ED25519 Sign\n"); #endif ret = load_pem_key_file_as_der(privKeyFile, &pDer, &keyFormat); if (ret != 0) { return ret; } ret = wc_ed25519_init(&key); if (ret == 0) { word32 keyIdx = 0; /* load ED25519 private key and perform private transform */ ret = wc_Ed25519PrivateKeyDecode(pDer->buffer, &keyIdx, &key, pDer->length); if (ret == 0) { /* calculate public key */ ret = wc_ed25519_make_public(&key, key.p, ED25519_PUB_KEY_SIZE); if (ret == 0) { key.pubKeySet = 1; ret = wc_ed25519_sign_msg_ex( info->pk.ed25519sign.in, info->pk.ed25519sign.inLen, info->pk.ed25519sign.out, info->pk.ed25519sign.outLen, &key, info->pk.ed25519sign.type, info->pk.ed25519sign.context, info->pk.ed25519sign.contextLen); } } else { /* if decode fails, then fall-back to software based crypto */ fprintf(stderr, "test_CryptoCb_Func: ED25519 private key " "decode failed %d, falling back to software\n", ret); ret = CRYPTOCB_UNAVAILABLE; } wc_ed25519_free(&key); } wc_FreeDer(&pDer); pDer = NULL; #ifdef DEBUG_WOLFSSL fprintf(stderr, "test_CryptoCb_Func: ED25519 Ret %d, Out %d\n", ret, *info->pk.ed25519sign.outLen); #endif } #endif /* HAVE_ED25519 */ } (void)thisDevId; (void)keyFormat; return ret; } /* tlsVer: WOLFSSL_TLSV1_2 or WOLFSSL_TLSV1_3 */ static void test_wc_CryptoCb_TLS(int tlsVer, const char* cliCaPemFile, const char* cliCertPemFile, const char* cliPrivKeyPemFile, const char* cliPubKeyPemFile, const char* svrCaPemFile, const char* svrCertPemFile, const char* svrPrivKeyPemFile, const char* svrPubKeyPemFile) { callback_functions client_cbf; callback_functions server_cbf; XMEMSET(&client_cbf, 0, sizeof(client_cbf)); XMEMSET(&server_cbf, 0, sizeof(server_cbf)); if (tlsVer == WOLFSSL_TLSV1_3) { #ifdef WOLFSSL_TLS13 server_cbf.method = wolfTLSv1_3_server_method; client_cbf.method = wolfTLSv1_3_client_method; #endif } else if (tlsVer == WOLFSSL_TLSV1_2) { #ifndef WOLFSSL_NO_TLS12 server_cbf.method = wolfTLSv1_2_server_method; client_cbf.method = wolfTLSv1_2_client_method; #endif } else if (tlsVer == WOLFSSL_TLSV1_1) { #ifndef NO_OLD_TLS server_cbf.method = wolfTLSv1_1_server_method; client_cbf.method = wolfTLSv1_1_client_method; #endif } else if (tlsVer == WOLFSSL_TLSV1) { #if !defined(NO_OLD_TLS) && defined(WOLFSSL_ALLOW_TLSV10) server_cbf.method = wolfTLSv1_server_method; client_cbf.method = wolfTLSv1_client_method; #endif } else if (tlsVer == WOLFSSL_SSLV3) { #if !defined(NO_OLD_TLS) && defined(WOLFSSL_ALLOW_SSLV3) && \ defined(WOLFSSL_STATIC_RSA) server_cbf.method = wolfSSLv3_server_method; client_cbf.method = wolfSSLv3_client_method; #endif } else if (tlsVer == WOLFSSL_DTLSV1_2) { #if defined(WOLFSSL_DTLS) && !defined(WOLFSSL_NO_TLS12) server_cbf.method = wolfDTLSv1_2_server_method; client_cbf.method = wolfDTLSv1_2_client_method; #endif } else if (tlsVer == WOLFSSL_DTLSV1) { #if defined(WOLFSSL_DTLS) && !defined(NO_OLD_TLS) server_cbf.method = wolfDTLSv1_server_method; client_cbf.method = wolfDTLSv1_client_method; #endif } if (server_cbf.method == NULL) { /* not enabled */ return; } /* Setup the keys for the TLS test */ client_cbf.certPemFile = cliCertPemFile; client_cbf.keyPemFile = cliPubKeyPemFile; client_cbf.caPemFile = cliCaPemFile; server_cbf.certPemFile = svrCertPemFile; server_cbf.keyPemFile = svrPubKeyPemFile; server_cbf.caPemFile = svrCaPemFile; /* Setup a crypto callback with pointer to private key file for testing */ client_cbf.devId = 1; wc_CryptoCb_RegisterDevice(client_cbf.devId, test_CryptoCb_Func, (void*)cliPrivKeyPemFile); server_cbf.devId = 2; wc_CryptoCb_RegisterDevice(server_cbf.devId, test_CryptoCb_Func, (void*)svrPrivKeyPemFile); /* Perform TLS server and client test */ /* First test is at WOLFSSL_CTX level */ test_wolfSSL_client_server(&client_cbf, &server_cbf); /* Check for success */ AssertIntEQ(server_cbf.return_code, TEST_SUCCESS); AssertIntEQ(client_cbf.return_code, TEST_SUCCESS); /* Second test is a WOLFSSL object level */ client_cbf.loadToSSL = 1; server_cbf.loadToSSL = 1; test_wolfSSL_client_server(&client_cbf, &server_cbf); /* Check for success */ AssertIntEQ(server_cbf.return_code, TEST_SUCCESS); AssertIntEQ(client_cbf.return_code, TEST_SUCCESS); /* Un register the devId's */ wc_CryptoCb_UnRegisterDevice(client_cbf.devId); client_cbf.devId = INVALID_DEVID; wc_CryptoCb_UnRegisterDevice(server_cbf.devId); server_cbf.devId = INVALID_DEVID; } #endif /* WOLF_CRYPTO_CB && HAVE_IO_TESTS_DEPENDENCIES */ static int test_wc_CryptoCb(void) { int res = TEST_SKIPPED; #ifdef WOLF_CRYPTO_CB /* TODO: Add crypto callback API tests */ #ifdef HAVE_IO_TESTS_DEPENDENCIES #if !defined(NO_RSA) || defined(HAVE_ECC) || defined(HAVE_ED25519) int tlsVer; #endif #ifndef NO_RSA for (tlsVer = WOLFSSL_SSLV3; tlsVer <= WOLFSSL_DTLSV1; tlsVer++) { test_wc_CryptoCb_TLS(tlsVer, svrCertFile, cliCertFile, cliKeyFile, cliKeyPubFile, cliCertFile, svrCertFile, svrKeyFile, svrKeyPubFile); } #endif #ifdef HAVE_ECC for (tlsVer = WOLFSSL_TLSV1; tlsVer <= WOLFSSL_DTLSV1; tlsVer++) { test_wc_CryptoCb_TLS(tlsVer, caEccCertFile, cliEccCertFile, cliEccKeyFile, cliEccKeyPubFile, cliEccCertFile, eccCertFile, eccKeyFile, eccKeyPubFile); } #endif #ifdef HAVE_ED25519 for (tlsVer = WOLFSSL_TLSV1_2; tlsVer <= WOLFSSL_DTLSV1_2; tlsVer++) { if (tlsVer == WOLFSSL_DTLSV1) continue; test_wc_CryptoCb_TLS(tlsVer, caEdCertFile, cliEdCertFile, cliEdKeyFile, cliEdKeyPubFile, cliEdCertFile, edCertFile, edKeyFile, edKeyPubFile); } #endif #endif /* HAVE_IO_TESTS_DEPENDENCIES */ res = TEST_RES_CHECK(1); #endif /* WOLF_CRYPTO_CB */ return res; } #if defined(WOLFSSL_STATIC_MEMORY) && defined(HAVE_IO_TESTS_DEPENDENCIES) /* tlsVer: Example: WOLFSSL_TLSV1_2 or WOLFSSL_TLSV1_3 */ static void test_wolfSSL_CTX_StaticMemory_TLS(int tlsVer, const char* cliCaPemFile, const char* cliCertPemFile, const char* cliPrivKeyPemFile, const char* svrCaPemFile, const char* svrCertPemFile, const char* svrPrivKeyPemFile, byte* cliMem, word32 cliMemSz, byte* svrMem, word32 svrMemSz) { callback_functions client_cbf; callback_functions server_cbf; XMEMSET(&client_cbf, 0, sizeof(client_cbf)); XMEMSET(&server_cbf, 0, sizeof(server_cbf)); if (tlsVer == WOLFSSL_TLSV1_3) { #ifdef WOLFSSL_TLS13 server_cbf.method_ex = wolfTLSv1_3_server_method_ex; client_cbf.method_ex = wolfTLSv1_3_client_method_ex; #endif } else if (tlsVer == WOLFSSL_TLSV1_2) { #ifndef WOLFSSL_NO_TLS12 server_cbf.method_ex = wolfTLSv1_2_server_method_ex; client_cbf.method_ex = wolfTLSv1_2_client_method_ex; #endif } else if (tlsVer == WOLFSSL_TLSV1_1) { #ifndef NO_OLD_TLS server_cbf.method_ex = wolfTLSv1_1_server_method_ex; client_cbf.method_ex = wolfTLSv1_1_client_method_ex; #endif } else if (tlsVer == WOLFSSL_TLSV1) { #if !defined(NO_OLD_TLS) && defined(WOLFSSL_ALLOW_TLSV10) server_cbf.method_ex = wolfTLSv1_server_method_ex; client_cbf.method_ex = wolfTLSv1_client_method_ex; #endif } else if (tlsVer == WOLFSSL_SSLV3) { #if !defined(NO_OLD_TLS) && defined(WOLFSSL_ALLOW_SSLV3) && \ defined(WOLFSSL_STATIC_RSA) server_cbf.method_ex = wolfSSLv3_server_method_ex; client_cbf.method_ex = wolfSSLv3_client_method_ex; #endif } else if (tlsVer == WOLFSSL_DTLSV1_2) { #if defined(WOLFSSL_DTLS) && !defined(WOLFSSL_NO_TLS12) server_cbf.method_ex = wolfDTLSv1_2_server_method_ex; client_cbf.method_ex = wolfDTLSv1_2_client_method_ex; #endif } else if (tlsVer == WOLFSSL_DTLSV1) { #if defined(WOLFSSL_DTLS) && !defined(NO_OLD_TLS) server_cbf.method_ex = wolfDTLSv1_server_method_ex; client_cbf.method_ex = wolfDTLSv1_client_method_ex; #endif } if (server_cbf.method_ex == NULL) { /* not enabled */ return; } /* Setup the keys for the TLS test */ client_cbf.certPemFile = cliCertPemFile; client_cbf.keyPemFile = cliPrivKeyPemFile; client_cbf.caPemFile = cliCaPemFile; server_cbf.certPemFile = svrCertPemFile; server_cbf.keyPemFile = svrPrivKeyPemFile; server_cbf.caPemFile = svrCaPemFile; client_cbf.mem = cliMem; client_cbf.memSz = cliMemSz; server_cbf.mem = svrMem; server_cbf.memSz = svrMemSz; client_cbf.devId = INVALID_DEVID; server_cbf.devId = INVALID_DEVID; /* Perform TLS server and client test */ /* First test is at WOLFSSL_CTX level */ test_wolfSSL_client_server(&client_cbf, &server_cbf); /* Check for success */ AssertIntEQ(server_cbf.return_code, TEST_SUCCESS); AssertIntEQ(client_cbf.return_code, TEST_SUCCESS); /* Second test is a WOLFSSL object level */ client_cbf.loadToSSL = 1; server_cbf.loadToSSL = 1; test_wolfSSL_client_server(&client_cbf, &server_cbf); /* Check for success */ AssertIntEQ(server_cbf.return_code, TEST_SUCCESS); AssertIntEQ(client_cbf.return_code, TEST_SUCCESS); } #endif /* WOLFSSL_STATIC_MEMORY && HAVE_IO_TESTS_DEPENDENCIES */ #if defined(WOLFSSL_STATIC_MEMORY) && !defined(WOLFCRYPT_ONLY) #if (defined(HAVE_ECC) && !defined(ALT_ECC_SIZE)) || \ defined(SESSION_CERTS) #ifdef OPENSSL_EXTRA #define TEST_TLS_STATIC_MEMSZ (400000) #else #define TEST_TLS_STATIC_MEMSZ (320000) #endif #else #define TEST_TLS_STATIC_MEMSZ (80000) #endif static int test_wolfSSL_CTX_StaticMemory_SSL(WOLFSSL_CTX* ctx) { WOLFSSL *ssl1 = NULL, *ssl2 = NULL, *ssl3 = NULL; WOLFSSL_MEM_STATS mem_stats; WOLFSSL_MEM_CONN_STATS ssl_stats; #if !defined(NO_FILESYSTEM) && !defined(NO_CERTS) && !defined(NO_RSA) AssertIntEQ(wolfSSL_CTX_use_certificate_file(ctx, svrCertFile, WOLFSSL_FILETYPE_PEM), WOLFSSL_SUCCESS); AssertIntEQ(wolfSSL_CTX_use_PrivateKey_file(ctx, svrKeyFile, WOLFSSL_FILETYPE_PEM), WOLFSSL_SUCCESS); #endif AssertNotNull((ssl1 = wolfSSL_new(ctx))); AssertNotNull((ssl2 = wolfSSL_new(ctx))); /* this should fail because kMaxCtxClients == 2 */ AssertNull((ssl3 = wolfSSL_new(ctx))); if (wolfSSL_is_static_memory(ssl1, &ssl_stats) == 1) { #ifdef DEBUG_WOLFSSL wolfSSL_PrintStatsConn(&ssl_stats); #endif (void)ssl_stats; } /* display collected statistics */ if (wolfSSL_CTX_is_static_memory(ctx, &mem_stats) == 1) { #ifdef DEBUG_WOLFSSL wolfSSL_PrintStats(&mem_stats); #endif (void)mem_stats; } wolfSSL_free(ssl1); wolfSSL_free(ssl2); return TEST_RES_CHECK(1); } #endif /* WOLFSSL_STATIC_MEMORY && !WOLFCRYPT_ONLY */ static int test_wolfSSL_CTX_StaticMemory(void) { int res = TEST_SKIPPED; #if defined(WOLFSSL_STATIC_MEMORY) && !defined(WOLFCRYPT_ONLY) wolfSSL_method_func method_func; WOLFSSL_CTX* ctx; const int kMaxCtxClients = 2; #ifdef HAVE_IO_TESTS_DEPENDENCIES #if !defined(NO_RSA) || defined(HAVE_ECC) || defined(HAVE_ED25519) int tlsVer; byte cliMem[TEST_TLS_STATIC_MEMSZ]; #endif #endif byte svrMem[TEST_TLS_STATIC_MEMSZ]; #ifndef NO_WOLFSSL_SERVER #ifndef WOLFSSL_NO_TLS12 method_func = wolfTLSv1_2_server_method_ex; #else method_func = wolfTLSv1_3_server_method_ex; #endif #else #ifndef WOLFSSL_NO_TLS12 method_func = wolfTLSv1_2_client_method_ex; #else method_func = wolfTLSv1_3_client_method_ex; #endif #endif /* Test creating CTX directly from static memory pool */ ctx = NULL; AssertIntEQ(wolfSSL_CTX_load_static_memory( &ctx, method_func, svrMem, sizeof(svrMem), 0, kMaxCtxClients), WOLFSSL_SUCCESS); test_wolfSSL_CTX_StaticMemory_SSL(ctx); wolfSSL_CTX_free(ctx); ctx = NULL; /* Test for heap allocated CTX, then assigning static pool to it */ AssertNotNull(ctx = wolfSSL_CTX_new(method_func(NULL))); AssertIntEQ(wolfSSL_CTX_load_static_memory(&ctx, NULL, svrMem, sizeof(svrMem), 0, kMaxCtxClients), WOLFSSL_SUCCESS); test_wolfSSL_CTX_StaticMemory_SSL(ctx); wolfSSL_CTX_free(ctx); /* TLS Level Tests using static memory */ #ifdef HAVE_IO_TESTS_DEPENDENCIES #ifndef NO_RSA for (tlsVer = WOLFSSL_SSLV3; tlsVer <= WOLFSSL_DTLSV1; tlsVer++) { test_wolfSSL_CTX_StaticMemory_TLS(tlsVer, svrCertFile, cliCertFile, cliKeyFile, cliCertFile, svrCertFile, svrKeyFile, cliMem, (word32)sizeof(cliMem), svrMem, (word32)sizeof(svrMem)); } #endif #ifdef HAVE_ECC for (tlsVer = WOLFSSL_TLSV1; tlsVer <= WOLFSSL_DTLSV1; tlsVer++) { test_wolfSSL_CTX_StaticMemory_TLS(tlsVer, caEccCertFile, cliEccCertFile, cliEccKeyFile, cliEccCertFile, eccCertFile, eccKeyFile, cliMem, (word32)sizeof(cliMem), svrMem, (word32)sizeof(svrMem)); } #endif #ifdef HAVE_ED25519 for (tlsVer = WOLFSSL_TLSV1_2; tlsVer <= WOLFSSL_DTLSV1_2; tlsVer++) { if (tlsVer == WOLFSSL_DTLSV1) continue; test_wolfSSL_CTX_StaticMemory_TLS(tlsVer, caEdCertFile, cliEdCertFile, cliEdKeyFile, cliEdCertFile, edCertFile, edKeyFile, cliMem, (word32)sizeof(cliMem), svrMem, (word32)sizeof(svrMem)); } #endif #endif /* HAVE_IO_TESTS_DEPENDENCIES */ res = TEST_RES_CHECK(1); #endif /* WOLFSSL_STATIC_MEMORY && !WOLFCRYPT_ONLY */ return res; } static int test_openssl_FIPS_drbg(void) { int res = TEST_SKIPPED; #if defined(OPENSSL_EXTRA) && !defined(WC_NO_RNG) && defined(HAVE_HASHDRBG) DRBG_CTX* dctx; byte data1[32], data2[32], zeroData[32]; byte testSeed[16]; size_t dlen = sizeof(data1); int i; XMEMSET(data1, 0, dlen); XMEMSET(data2, 0, dlen); XMEMSET(zeroData, 0, sizeof(zeroData)); for (i=0; i<(int)sizeof(testSeed); i++) { testSeed[i] = (byte)i; } AssertNotNull(dctx = FIPS_get_default_drbg()); AssertIntEQ(FIPS_drbg_init(dctx, 0, 0), WOLFSSL_SUCCESS); AssertIntEQ(FIPS_drbg_set_callbacks(dctx, NULL, NULL, 20, NULL, NULL), WOLFSSL_SUCCESS); AssertIntEQ(FIPS_drbg_instantiate(dctx, NULL, 0), WOLFSSL_SUCCESS); AssertIntEQ(FIPS_drbg_generate(dctx, data1, dlen, 0, NULL, 0), WOLFSSL_SUCCESS); AssertIntNE(XMEMCMP(data1, zeroData, dlen), 0); AssertIntEQ(FIPS_drbg_reseed(dctx, testSeed, sizeof(testSeed)), WOLFSSL_SUCCESS); AssertIntEQ(FIPS_drbg_generate(dctx, data2, dlen, 0, NULL, 0), WOLFSSL_SUCCESS); AssertIntNE(XMEMCMP(data1, zeroData, dlen), 0); AssertIntNE(XMEMCMP(data1, data2, dlen), 0); AssertIntEQ(FIPS_drbg_uninstantiate(dctx), WOLFSSL_SUCCESS); #ifndef HAVE_GLOBAL_RNG /* gets freed by wolfSSL_Cleanup() when HAVE_GLOBAL_RNG defined */ wolfSSL_FIPS_drbg_free(dctx); #endif res = TEST_RES_CHECK(1); #endif return res; } static int test_wolfSSL_FIPS_mode(void) { int res = TEST_SKIPPED; #if defined(OPENSSL_ALL) #ifdef HAVE_FIPS AssertIntEQ(wolfSSL_FIPS_mode(), 1); AssertIntEQ(wolfSSL_FIPS_mode_set(0), WOLFSSL_FAILURE); AssertIntEQ(wolfSSL_FIPS_mode_set(1), WOLFSSL_SUCCESS); #else AssertIntEQ(wolfSSL_FIPS_mode(), 0); AssertIntEQ(wolfSSL_FIPS_mode_set(0), WOLFSSL_SUCCESS); AssertIntEQ(wolfSSL_FIPS_mode_set(1), WOLFSSL_FAILURE); #endif res = TEST_RES_CHECK(1); #endif return res; } #ifdef WOLFSSL_DTLS /* Prints out the current window */ static void DUW_TEST_print_window_binary(word32 h, word32 l, word32* w) { #ifdef WOLFSSL_DEBUG_DTLS_WINDOW int i; for (i = WOLFSSL_DTLS_WINDOW_WORDS - 1; i >= 0; i--) { word32 b = w[i]; int j; /* Prints out a 32 bit binary number in big endian order */ for (j = 0; j < 32; j++, b <<= 1) { if (b & (((word32)1) << 31)) fprintf(stderr, "1"); else fprintf(stderr, "0"); } fprintf(stderr, " "); } fprintf(stderr, "cur_hi %u cur_lo %u\n", h, l); #else (void)h; (void)l; (void)w; #endif } /* a - cur_hi * b - cur_lo * c - next_hi * d - next_lo * e - window * f - expected next_hi * g - expected next_lo * h - expected window[1] * i - expected window[0] */ #define DUW_TEST(a,b,c,d,e,f,g,h,i) do { \ wolfSSL_DtlsUpdateWindow((a), (b), &(c), &(d), (e)); \ DUW_TEST_print_window_binary((a), (b), (e)); \ AssertIntEQ((c), (f)); \ AssertIntEQ((d), (g)); \ AssertIntEQ((e)[1], (h)); \ AssertIntEQ((e)[0], (i)); \ } while (0) static int test_wolfSSL_DtlsUpdateWindow(void) { word32 window[WOLFSSL_DTLS_WINDOW_WORDS]; word32 next_lo = 0; word16 next_hi = 0; #ifdef WOLFSSL_DEBUG_DTLS_WINDOW fprintf(stderr, "\n"); #endif XMEMSET(window, 0, sizeof window); DUW_TEST(0, 0, next_hi, next_lo, window, 0, 1, 0, 0x01); DUW_TEST(0, 1, next_hi, next_lo, window, 0, 2, 0, 0x03); DUW_TEST(0, 5, next_hi, next_lo, window, 0, 6, 0, 0x31); DUW_TEST(0, 4, next_hi, next_lo, window, 0, 6, 0, 0x33); DUW_TEST(0, 100, next_hi, next_lo, window, 0, 101, 0, 0x01); DUW_TEST(0, 101, next_hi, next_lo, window, 0, 102, 0, 0x03); DUW_TEST(0, 133, next_hi, next_lo, window, 0, 134, 0x03, 0x01); DUW_TEST(0, 200, next_hi, next_lo, window, 0, 201, 0, 0x01); DUW_TEST(0, 264, next_hi, next_lo, window, 0, 265, 0, 0x01); DUW_TEST(0, 0xFFFFFFFF, next_hi, next_lo, window, 1, 0, 0, 0x01); DUW_TEST(0, 0xFFFFFFFD, next_hi, next_lo, window, 1, 0, 0, 0x05); DUW_TEST(0, 0xFFFFFFFE, next_hi, next_lo, window, 1, 0, 0, 0x07); DUW_TEST(1, 3, next_hi, next_lo, window, 1, 4, 0, 0x71); DUW_TEST(1, 0, next_hi, next_lo, window, 1, 4, 0, 0x79); DUW_TEST(1, 0xFFFFFFFF, next_hi, next_lo, window, 2, 0, 0, 0x01); DUW_TEST(2, 3, next_hi, next_lo, window, 2, 4, 0, 0x11); DUW_TEST(2, 0, next_hi, next_lo, window, 2, 4, 0, 0x19); DUW_TEST(2, 25, next_hi, next_lo, window, 2, 26, 0, 0x6400001); DUW_TEST(2, 27, next_hi, next_lo, window, 2, 28, 0, 0x19000005); DUW_TEST(2, 29, next_hi, next_lo, window, 2, 30, 0, 0x64000015); DUW_TEST(2, 33, next_hi, next_lo, window, 2, 34, 6, 0x40000151); DUW_TEST(2, 60, next_hi, next_lo, window, 2, 61, 0x3200000A, 0x88000001); DUW_TEST(1, 0xFFFFFFF0, next_hi, next_lo, window, 2, 61, 0x3200000A, 0x88000001); DUW_TEST(2, 0xFFFFFFFD, next_hi, next_lo, window, 2, 0xFFFFFFFE, 0, 0x01); DUW_TEST(3, 1, next_hi, next_lo, window, 3, 2, 0, 0x11); DUW_TEST(99, 66, next_hi, next_lo, window, 99, 67, 0, 0x01); DUW_TEST(50, 66, next_hi, next_lo, window, 99, 67, 0, 0x01); DUW_TEST(100, 68, next_hi, next_lo, window, 100, 69, 0, 0x01); DUW_TEST(99, 50, next_hi, next_lo, window, 100, 69, 0, 0x01); DUW_TEST(99, 0xFFFFFFFF, next_hi, next_lo, window, 100, 69, 0, 0x01); DUW_TEST(150, 0xFFFFFFFF, next_hi, next_lo, window, 151, 0, 0, 0x01); DUW_TEST(152, 0xFFFFFFFF, next_hi, next_lo, window, 153, 0, 0, 0x01); return TEST_RES_CHECK(1); } #endif /* WOLFSSL_DTLS */ #ifdef WOLFSSL_DTLS static int DFB_TEST(WOLFSSL* ssl, word32 seq, word32 len, word32 f_offset, word32 f_len, word32 f_count, byte ready, word32 bytesReceived) { DtlsMsg* cur; static byte msg[100]; static byte msgInit = 0; if (!msgInit) { int i; for (i = 0; i < 100; i++) msg[i] = i + 1; msgInit = 1; } /* Sanitize test parameters */ if (len > sizeof(msg)) return -1; if (f_offset + f_len > sizeof(msg)) return -1; DtlsMsgStore(ssl, 0, seq, msg + f_offset, len, certificate, f_offset, f_len, NULL); if (ssl->dtls_rx_msg_list == NULL) return -100; if ((cur = DtlsMsgFind(ssl->dtls_rx_msg_list, 0, seq)) == NULL) return -200; if (cur->fragBucketListCount != f_count) return -300; if (cur->ready != ready) return -400; if (cur->bytesReceived != bytesReceived) return -500; if (ready) { if (cur->fragBucketList != NULL) return -600; if (XMEMCMP(cur->fullMsg, msg, cur->sz) != 0) return -700; } else { DtlsFragBucket* fb; if (cur->fragBucketList == NULL) return -800; for (fb = cur->fragBucketList; fb != NULL; fb = fb->m.m.next) { if (XMEMCMP(fb->buf, msg + fb->m.m.offset, fb->m.m.sz) != 0) return -900; } } return 0; } static void DFB_TEST_RESET(WOLFSSL* ssl) { DtlsMsgListDelete(ssl->dtls_rx_msg_list, ssl->heap); ssl->dtls_rx_msg_list = NULL; ssl->dtls_rx_msg_list_sz = 0; } static int test_wolfSSL_DTLS_fragment_buckets(void) { WOLFSSL ssl[1]; XMEMSET(ssl, 0, sizeof(*ssl)); AssertIntEQ(DFB_TEST(ssl, 0, 100, 0, 100, 0, 1, 100), 0); /* 0-100 */ AssertIntEQ(DFB_TEST(ssl, 1, 100, 0, 20, 1, 0, 20), 0); /* 0-20 */ AssertIntEQ(DFB_TEST(ssl, 1, 100, 20, 20, 1, 0, 40), 0); /* 20-40 */ AssertIntEQ(DFB_TEST(ssl, 1, 100, 40, 20, 1, 0, 60), 0); /* 40-60 */ AssertIntEQ(DFB_TEST(ssl, 1, 100, 60, 20, 1, 0, 80), 0); /* 60-80 */ AssertIntEQ(DFB_TEST(ssl, 1, 100, 80, 20, 0, 1, 100), 0); /* 80-100 */ /* Test all permutations of 3 regions */ /* 1 2 3 */ AssertIntEQ(DFB_TEST(ssl, 2, 100, 0, 30, 1, 0, 30), 0); /* 0-30 */ AssertIntEQ(DFB_TEST(ssl, 2, 100, 30, 30, 1, 0, 60), 0); /* 30-60 */ AssertIntEQ(DFB_TEST(ssl, 2, 100, 60, 40, 0, 1, 100), 0); /* 60-100 */ /* 1 3 2 */ AssertIntEQ(DFB_TEST(ssl, 3, 100, 0, 30, 1, 0, 30), 0); /* 0-30 */ AssertIntEQ(DFB_TEST(ssl, 3, 100, 60, 40, 2, 0, 70), 0); /* 60-100 */ AssertIntEQ(DFB_TEST(ssl, 3, 100, 30, 30, 0, 1, 100), 0); /* 30-60 */ /* 2 1 3 */ AssertIntEQ(DFB_TEST(ssl, 4, 100, 30, 30, 1, 0, 30), 0); /* 30-60 */ AssertIntEQ(DFB_TEST(ssl, 4, 100, 0, 30, 1, 0, 60), 0); /* 0-30 */ AssertIntEQ(DFB_TEST(ssl, 4, 100, 60, 40, 0, 1, 100), 0); /* 60-100 */ /* 2 3 1 */ AssertIntEQ(DFB_TEST(ssl, 5, 100, 30, 30, 1, 0, 30), 0); /* 30-60 */ AssertIntEQ(DFB_TEST(ssl, 5, 100, 60, 40, 1, 0, 70), 0); /* 60-100 */ AssertIntEQ(DFB_TEST(ssl, 5, 100, 0, 30, 0, 1, 100), 0); /* 0-30 */ /* 3 1 2 */ AssertIntEQ(DFB_TEST(ssl, 6, 100, 60, 40, 1, 0, 40), 0); /* 60-100 */ AssertIntEQ(DFB_TEST(ssl, 6, 100, 0, 30, 2, 0, 70), 0); /* 0-30 */ AssertIntEQ(DFB_TEST(ssl, 6, 100, 30, 30, 0, 1, 100), 0); /* 30-60 */ /* 3 2 1 */ AssertIntEQ(DFB_TEST(ssl, 7, 100, 60, 40, 1, 0, 40), 0); /* 60-100 */ AssertIntEQ(DFB_TEST(ssl, 7, 100, 30, 30, 1, 0, 70), 0); /* 30-60 */ AssertIntEQ(DFB_TEST(ssl, 7, 100, 0, 30, 0, 1, 100), 0); /* 0-30 */ /* Test overlapping regions */ AssertIntEQ(DFB_TEST(ssl, 8, 100, 0, 30, 1, 0, 30), 0); /* 0-30 */ AssertIntEQ(DFB_TEST(ssl, 8, 100, 20, 10, 1, 0, 30), 0); /* 20-30 */ AssertIntEQ(DFB_TEST(ssl, 8, 100, 70, 10, 2, 0, 40), 0); /* 70-80 */ AssertIntEQ(DFB_TEST(ssl, 8, 100, 20, 30, 2, 0, 60), 0); /* 20-50 */ AssertIntEQ(DFB_TEST(ssl, 8, 100, 40, 60, 0, 1, 100), 0); /* 40-100 */ /* Test overlapping multiple regions */ AssertIntEQ(DFB_TEST(ssl, 9, 100, 0, 20, 1, 0, 20), 0); /* 0-20 */ AssertIntEQ(DFB_TEST(ssl, 9, 100, 30, 5, 2, 0, 25), 0); /* 30-35 */ AssertIntEQ(DFB_TEST(ssl, 9, 100, 40, 5, 3, 0, 30), 0); /* 40-45 */ AssertIntEQ(DFB_TEST(ssl, 9, 100, 50, 5, 4, 0, 35), 0); /* 50-55 */ AssertIntEQ(DFB_TEST(ssl, 9, 100, 60, 5, 5, 0, 40), 0); /* 60-65 */ AssertIntEQ(DFB_TEST(ssl, 9, 100, 70, 5, 6, 0, 45), 0); /* 70-75 */ AssertIntEQ(DFB_TEST(ssl, 9, 100, 30, 25, 4, 0, 55), 0); /* 30-55 */ AssertIntEQ(DFB_TEST(ssl, 9, 100, 55, 15, 2, 0, 65), 0); /* 55-70 */ AssertIntEQ(DFB_TEST(ssl, 9, 100, 75, 25, 2, 0, 90), 0); /* 75-100 */ AssertIntEQ(DFB_TEST(ssl, 9, 100, 10, 25, 0, 1, 100), 0); /* 10-35 */ AssertIntEQ(DFB_TEST(ssl, 10, 100, 0, 20, 1, 0, 20), 0); /* 0-20 */ AssertIntEQ(DFB_TEST(ssl, 10, 100, 30, 20, 2, 0, 40), 0); /* 30-50 */ AssertIntEQ(DFB_TEST(ssl, 10, 100, 0, 40, 1, 0, 50), 0); /* 0-40 */ AssertIntEQ(DFB_TEST(ssl, 10, 100, 50, 50, 0, 1, 100), 0); /* 10-35 */ DFB_TEST_RESET(ssl); return TEST_RES_CHECK(1); } #endif #if !defined(NO_FILESYSTEM) && \ defined(WOLFSSL_DTLS) && !defined(WOLFSSL_NO_TLS12) && \ !defined(NO_WOLFSSL_CLIENT) && !defined(NO_WOLFSSL_SERVER) static int test_wolfSSL_dtls_stateless2(void) { WOLFSSL *ssl_c = NULL, *ssl_c2 = NULL, *ssl_s = NULL; struct test_memio_ctx test_ctx; WOLFSSL_CTX *ctx_c = NULL, *ctx_s = NULL; int ret; XMEMSET(&test_ctx, 0, sizeof(test_ctx)); ret = test_memio_setup(&test_ctx, &ctx_c, &ctx_s, &ssl_c, &ssl_s, wolfDTLSv1_2_client_method, wolfDTLSv1_2_server_method); if (ret != 0) return -1; ssl_c2 = wolfSSL_new(ctx_c); if (ssl_c2 == NULL) return -2; wolfSSL_SetIOWriteCtx(ssl_c2, &test_ctx); wolfSSL_SetIOReadCtx(ssl_c2, &test_ctx); /* send CH */ ret = wolfSSL_connect(ssl_c2); if (ret == 0 || ssl_c2->error != WANT_READ) return -3; ret = wolfSSL_accept(ssl_s); if (ret == 0 || ssl_s->error != WANT_READ) return -4; if (test_ctx.c_len == 0) return -5; /* consume HRR */ test_ctx.c_len = 0; ret = test_memio_do_handshake(ssl_c, ssl_s, 10, NULL); if (ret != 0) return -6; wolfSSL_free(ssl_c2); wolfSSL_free(ssl_c); wolfSSL_free(ssl_s); wolfSSL_CTX_free(ctx_c); wolfSSL_CTX_free(ctx_s); return TEST_SUCCESS; } #ifdef HAVE_MAX_FRAGMENT static int test_wolfSSL_dtls_stateless_maxfrag(void) { WOLFSSL *ssl_c = NULL, *ssl_c2 = NULL, *ssl_s = NULL; struct test_memio_ctx test_ctx; WOLFSSL_CTX *ctx_c = NULL, *ctx_s = NULL; word16 max_fragment; int ret; XMEMSET(&test_ctx, 0, sizeof(test_ctx)); ret = test_memio_setup(&test_ctx, &ctx_c, &ctx_s, &ssl_c, &ssl_s, wolfDTLSv1_2_client_method, wolfDTLSv1_2_server_method); if (ret != 0) return -1; ssl_c2 = wolfSSL_new(ctx_c); if (ssl_c2 == NULL) return -2; ret = wolfSSL_UseMaxFragment(ssl_c2, WOLFSSL_MFL_2_8); if (ret != WOLFSSL_SUCCESS) return -3; wolfSSL_SetIOWriteCtx(ssl_c2, &test_ctx); wolfSSL_SetIOReadCtx(ssl_c2, &test_ctx); max_fragment = ssl_s->max_fragment; /* send CH */ ret = wolfSSL_connect(ssl_c2); if (ret == 0 || ssl_c2->error != WANT_READ) return -4; ret = wolfSSL_accept(ssl_s); if (ret == 0 || ssl_s->error != WANT_READ) return -5; /* CH without cookie shouldn't change state */ if (ssl_s->max_fragment != max_fragment) return -6; if (test_ctx.c_len == 0) return -7; /* consume HRR from buffer */ test_ctx.c_len = 0; ret = test_memio_do_handshake(ssl_c, ssl_s, 10, NULL); if (ret != 0) return -8; wolfSSL_free(ssl_c2); wolfSSL_free(ssl_c); wolfSSL_free(ssl_s); wolfSSL_CTX_free(ctx_c); wolfSSL_CTX_free(ctx_s); return TEST_SUCCESS; } #endif /* HAVE_MAX_FRAGMENT */ #if defined(WOLFSSL_DTLS_NO_HVR_ON_RESUME) #define ROUNDS_WITH_HVR 4 #define ROUNDS_WITHOUT_HVR 2 #define HANDSHAKE_TYPE_OFFSET DTLS_RECORD_HEADER_SZ static int buf_is_hvr(const byte *data, int len) { if (len < DTLS_RECORD_HEADER_SZ + DTLS_HANDSHAKE_HEADER_SZ) return 0; return data[HANDSHAKE_TYPE_OFFSET] == hello_verify_request; } static int _test_wolfSSL_dtls_stateless_resume(byte useticket, byte bad) { struct test_memio_ctx test_ctx; WOLFSSL_CTX *ctx_c = NULL, *ctx_s = NULL; WOLFSSL *ssl_c = NULL, *ssl_s = NULL; WOLFSSL_SESSION *sess; int ret, round_trips; XMEMSET(&test_ctx, 0, sizeof(test_ctx)); ret = test_memio_setup(&test_ctx, &ctx_c, &ctx_s, &ssl_c, &ssl_s, wolfDTLSv1_2_client_method, wolfDTLSv1_2_server_method); if (ret != 0) return -1; #ifdef HAVE_SESSION_TICKET if (useticket) { ret = wolfSSL_UseSessionTicket(ssl_c); if (ret != WOLFSSL_SUCCESS) return -2; } #endif round_trips = ROUNDS_WITH_HVR; ret = test_memio_do_handshake(ssl_c, ssl_s, round_trips, &round_trips); if (ret != 0) return -3; if (round_trips != ROUNDS_WITH_HVR) return -4; sess = wolfSSL_get1_session(ssl_c); if (sess == NULL) return -5; wolfSSL_shutdown(ssl_c); wolfSSL_shutdown(ssl_s); wolfSSL_free(ssl_c); wolfSSL_free(ssl_s); test_ctx.c_len = test_ctx.s_len = 0; /* make resumption invalid */ if (bad) { if (useticket) { #ifdef HAVE_SESSION_TICKET sess->ticket[0] = !sess->ticket[0]; #endif /* HAVE_SESSION_TICKET */ } else { sess->sessionID[0] = !sess->sessionID[0]; } } ssl_c = wolfSSL_new(ctx_c); ssl_s = wolfSSL_new(ctx_s); wolfSSL_SetIOWriteCtx(ssl_c, &test_ctx); wolfSSL_SetIOReadCtx(ssl_c, &test_ctx); wolfSSL_SetIOWriteCtx(ssl_s, &test_ctx); wolfSSL_SetIOReadCtx(ssl_s, &test_ctx); ret = wolfSSL_set_session(ssl_c, sess); if (ret != WOLFSSL_SUCCESS) return -6; ret = wolfSSL_connect(ssl_c); if (ret == WOLFSSL_SUCCESS || ssl_c->error != WANT_READ) return -7; ret = wolfSSL_accept(ssl_s); if (ret == WOLFSSL_SUCCESS || ssl_s->error != WANT_READ) return -8; if (bad && !buf_is_hvr(test_ctx.c_buff, test_ctx.c_len)) return -9; if (!bad && buf_is_hvr(test_ctx.c_buff, test_ctx.c_len)) return -10; if (!useticket) { ret = test_memio_do_handshake(ssl_c, ssl_s, 10, &round_trips); if (ret != 0) return -11; if (bad && round_trips != ROUNDS_WITH_HVR - 1) return -12; if (!bad && round_trips != ROUNDS_WITHOUT_HVR - 1) return -13; } wolfSSL_SESSION_free(sess); wolfSSL_free(ssl_c); wolfSSL_free(ssl_s); wolfSSL_CTX_free(ctx_c); wolfSSL_CTX_free(ctx_s); return 0; } static int test_wolfSSL_dtls_stateless_resume(void) { int ret; #ifdef HAVE_SESSION_TICKET ret = _test_wolfSSL_dtls_stateless_resume(1, 0); if (ret != 0) return TEST_RES_CHECK(ret); ret = _test_wolfSSL_dtls_stateless_resume(1, 1); if (ret != 0) return TEST_RES_CHECK(ret - 100); #endif /* HAVE_SESION_TICKET */ ret = _test_wolfSSL_dtls_stateless_resume(0, 0); if (ret != 0) return TEST_RES_CHECK(ret - 200); ret = _test_wolfSSL_dtls_stateless_resume(0, 1); if (ret != 0) return TEST_RES_CHECK(ret - 300); return TEST_RES_CHECK(TEST_SUCCESS); } #endif /* WOLFSSL_DTLS_NO_HVR_ON_RESUME */ #if !defined(NO_OLD_TLS) static int test_wolfSSL_dtls_stateless_downgrade(void) { WOLFSSL_CTX *ctx_c = NULL, *ctx_c2 = NULL, *ctx_s = NULL; WOLFSSL *ssl_c = NULL, *ssl_c2 = NULL, *ssl_s = NULL; struct test_memio_ctx test_ctx; int ret; XMEMSET(&test_ctx, 0, sizeof(test_ctx)); ret = test_memio_setup(&test_ctx, &ctx_c, &ctx_s, &ssl_c, &ssl_s, wolfDTLSv1_2_client_method, wolfDTLSv1_2_server_method); if (ret != 0) return -1; ret = wolfSSL_CTX_SetMinVersion(ctx_s, WOLFSSL_DTLSV1); if (ret != WOLFSSL_SUCCESS) return -2; ctx_c2 = wolfSSL_CTX_new(wolfDTLSv1_client_method()); if (ctx_c2 == NULL) return -3; wolfSSL_SetIORecv(ctx_c2, test_memio_read_cb); wolfSSL_SetIOSend(ctx_c2, test_memio_write_cb); ssl_c2 = wolfSSL_new(ctx_c2); if (ssl_c2 == NULL) return -4; wolfSSL_SetIOWriteCtx(ssl_c2, &test_ctx); wolfSSL_SetIOReadCtx(ssl_c2, &test_ctx); /* send CH */ ret = wolfSSL_connect(ssl_c2); if (ret == 0 || ssl_c2->error != WANT_READ) return -5; ret = wolfSSL_accept(ssl_s); if (ret == 0 || ssl_s->error != WANT_READ) return -6; if (test_ctx.c_len == 0) return -7; /* consume HRR */ test_ctx.c_len = 0; ret = test_memio_do_handshake(ssl_c, ssl_s, 10, NULL); if (ret != 0) return -8; wolfSSL_free(ssl_c2); wolfSSL_free(ssl_c); wolfSSL_free(ssl_s); wolfSSL_CTX_free(ctx_c); wolfSSL_CTX_free(ctx_c2); wolfSSL_CTX_free(ctx_s); return TEST_SUCCESS; } #endif /* !defined(NO_OLD_TLS) */ #endif /* defined(WOLFSSL_DTLS) && !defined(WOLFSSL_NO_TLS12) && \ !defined(NO_WOLFSSL_CLIENT) && !defined(NO_WOLFSSL_SERVER)*/ #if defined(WOLFSSL_DTLS) && !defined(WOLFSSL_NO_TLS12) && \ !defined(NO_WOLFSSL_CLIENT) && !defined(NO_WOLFSSL_SERVER) && \ !defined(NO_OLD_TLS) static int test_WOLFSSL_dtls_version_alert(void) { struct test_memio_ctx test_ctx; WOLFSSL_CTX *ctx_c = NULL, *ctx_s = NULL; WOLFSSL *ssl_c = NULL, *ssl_s = NULL; int ret; XMEMSET(&test_ctx, 0, sizeof(test_ctx)); ret = test_memio_setup(&test_ctx, &ctx_c, &ctx_s, &ssl_c, &ssl_s, wolfDTLSv1_2_client_method, wolfDTLSv1_server_method); if (ret != 0) return -1; /* client hello */ ret = wolfSSL_connect(ssl_c); if (ret == 0 || ssl_c->error != WANT_READ ) return -2; /* hrr */ ret = wolfSSL_accept(ssl_s); if (ret == 0 || ssl_s->error != WANT_READ ) return -3; /* client hello 1 */ ret = wolfSSL_connect(ssl_c); if (ret == 0 || ssl_c->error != WANT_READ ) return -4; /* server hello */ ret = wolfSSL_accept(ssl_s); if (ret == 0 || ssl_s->error != WANT_READ ) return -5; /* should fail */ ret = wolfSSL_connect(ssl_c); if (ret == 0 || ssl_c->error != VERSION_ERROR) return -6; /* shuould fail */ ret = wolfSSL_accept(ssl_s); if (ret == 0 || (ssl_s->error != VERSION_ERROR && ssl_s->error != FATAL_ERROR)) return -7; wolfSSL_free(ssl_c); wolfSSL_free(ssl_s); wolfSSL_CTX_free(ctx_c); wolfSSL_CTX_free(ctx_s); return TEST_RES_CHECK(1); } #else static int test_WOLFSSL_dtls_version_alert(void) { return TEST_SKIPPED; } #endif /* defined(WOLFSSL_DTLS) && !defined(WOLFSSL_NO_TLS12) && * !defined(NO_WOLFSSL_CLIENT) && !defined(NO_WOLFSSL_SERVER) && * !defined(NO_OLD_TLS) */ #if defined(WOLFSSL_TICKET_NONCE_MALLOC) && defined(HAVE_SESSION_TICKET) \ && defined(WOLFSSL_TLS13) && \ (!defined(HAVE_FIPS) || (defined(FIPS_VERSION_GE) && FIPS_VERSION_GE(5,3))) static int send_new_session_ticket(WOLFSSL *ssl, byte nonceLength, byte filler) { struct test_memio_ctx *test_ctx; byte buf[2048]; int idx, sz; word32 tmp; int ret; idx = 5; /* space for record header */ buf[idx] = session_ticket; /* type */ idx++; tmp = OPAQUE32_LEN + OPAQUE32_LEN + OPAQUE8_LEN + nonceLength + OPAQUE16_LEN + OPAQUE8_LEN + OPAQUE16_LEN; c32to24(tmp, buf + idx); idx += OPAQUE24_LEN; c32toa((word32)12345, buf+idx); /* lifetime */ idx += OPAQUE32_LEN; c32toa((word32)12345, buf+idx); /* add */ idx += OPAQUE32_LEN; buf[idx] = nonceLength; /* nonce length */ idx++; XMEMSET(&buf[idx], filler, nonceLength); /* nonce */ idx += nonceLength; tmp = 1; /* ticket len */ c16toa((word16)tmp, buf+idx); idx += 2; buf[idx] = 0xFF; /* ticket */ idx++; tmp = 0; /* ext len */ c16toa((word16)tmp, buf+idx); idx += 2; sz = BuildTls13Message(ssl, buf, 2048, buf+5, idx - 5, handshake, 0, 0, 0); test_ctx = (struct test_memio_ctx*)wolfSSL_GetIOWriteCtx(ssl); ret = test_memio_write_cb(ssl, (char*)buf, sz, test_ctx); return !(ret == sz); } static int test_ticket_nonce_check(WOLFSSL_SESSION *sess, byte len) { int i; if (sess == NULL) return -1; if (sess->ticketNonce.len != len) return -1; for (i = 0; i < len; i++) if (sess->ticketNonce.data[i] != len) return -1; return 0; } static int test_ticket_nonce_malloc_do(WOLFSSL *ssl_s, WOLFSSL *ssl_c, byte len) { char *buf[1024]; int ret; ret = send_new_session_ticket(ssl_s, len, len); if (ret != 0) return -1; ret = wolfSSL_recv(ssl_c, buf, 1024, 0); if (ret != WOLFSSL_SUCCESS && ssl_c->error != WANT_READ) return -1; return test_ticket_nonce_check(ssl_c->session, len); } static int test_ticket_nonce_cache(WOLFSSL *ssl_s, WOLFSSL *ssl_c, byte len) { WOLFSSL_SESSION *sess, *cached; WOLFSSL_CTX *ctx; int ret; ctx = ssl_c->ctx; ret = test_ticket_nonce_malloc_do(ssl_s, ssl_c, len); if (ret != 0) return -1; sess = wolfSSL_get1_session(ssl_c); if (sess == NULL) return -1; ret = AddSessionToCache(ctx, sess, sess->sessionID, sess->sessionIDSz, NULL, ssl_c->options.side, 1,NULL); if (ret != 0) return -1; cached = wolfSSL_SESSION_new(); if (cached == NULL) return -1; ret = wolfSSL_GetSessionFromCache(ssl_c, cached); if (ret != WOLFSSL_SUCCESS) return -1; ret = test_ticket_nonce_check(cached, len); if (ret != 0) return -1; wolfSSL_SESSION_free(cached); wolfSSL_SESSION_free(sess); return 0; } static int test_ticket_nonce_malloc(void) { struct test_memio_ctx test_ctx; WOLFSSL_CTX *ctx_c = NULL, *ctx_s = NULL; WOLFSSL *ssl_c = NULL, *ssl_s = NULL; byte small, medium, big; int ret; XMEMSET(&test_ctx, 0, sizeof(test_ctx)); ret = test_memio_setup(&test_ctx, &ctx_c, &ctx_s, &ssl_c, &ssl_s, wolfTLSv1_3_client_method, wolfTLSv1_3_server_method); if (ret != 0) return -1; /* will send ticket manually */ wolfSSL_no_ticket_TLSv13(ssl_s); wolfSSL_set_verify(ssl_s, WOLFSSL_VERIFY_NONE, 0); wolfSSL_set_verify(ssl_c, WOLFSSL_VERIFY_NONE, 0); while (!ssl_c->options.handShakeDone && !ssl_s->options.handShakeDone) { ret = wolfSSL_connect(ssl_c); if (ret != WOLFSSL_SUCCESS && ssl_c->error != WANT_READ) return -2; ret = wolfSSL_accept(ssl_s); if (ret != WOLFSSL_SUCCESS && ssl_s->error != WANT_READ) return -3; } small = TLS13_TICKET_NONCE_STATIC_SZ; medium = small + 20 <= 255 ? small + 20 : 255; big = medium + 20 <= 255 ? small + 20 : 255; if (test_ticket_nonce_malloc_do(ssl_s, ssl_c, small)) return -1; if (ssl_c->session->ticketNonce.data != ssl_c->session->ticketNonce.dataStatic) return -1; if (test_ticket_nonce_malloc_do(ssl_s, ssl_c, medium)) return -1; if (test_ticket_nonce_malloc_do(ssl_s, ssl_c, big)) return -1; if (test_ticket_nonce_malloc_do(ssl_s, ssl_c, medium)) return -5; if (test_ticket_nonce_malloc_do(ssl_s, ssl_c, small)) return -6; if (test_ticket_nonce_cache(ssl_s, ssl_c, small)) return -1; if (test_ticket_nonce_cache(ssl_s, ssl_c, medium)) return -1; if (test_ticket_nonce_cache(ssl_s, ssl_c, big)) return -1; if (test_ticket_nonce_cache(ssl_s, ssl_c, medium)) return -1; if (test_ticket_nonce_cache(ssl_s, ssl_c, small)) return -1; wolfSSL_free(ssl_c); wolfSSL_free(ssl_s); wolfSSL_CTX_free(ctx_c); wolfSSL_CTX_free(ctx_s); return 0; } #endif /* WOLFSSL_TICKET_NONCE_MALLOC */ #if defined(HAVE_SESSION_TICKET) && !defined(WOLFSSL_NO_TLS12) && \ !defined(WOLFSSL_TICKET_DECRYPT_NO_CREATE) && \ !defined(NO_WOLFSSL_CLIENT) && !defined(NO_WOLFSSL_SERVER) && \ !defined(WOLFSSL_NO_DEF_TICKET_ENC_CB) && !defined(NO_RSA) && \ defined(HAVE_ECC) static int test_ticket_ret_create(void) { WOLFSSL_CTX *ctx_c = NULL, *ctx_s = NULL; WOLFSSL *ssl_c = NULL, *ssl_s = NULL; byte ticket[SESSION_TICKET_LEN]; struct test_memio_ctx test_ctx; WOLFSSL_SESSION *sess = NULL; word16 ticketLen; int ret; XMEMSET(&test_ctx, 0, sizeof(test_ctx)); ret = test_memio_setup(&test_ctx, &ctx_c, &ctx_s, &ssl_c, &ssl_s, wolfTLSv1_2_client_method, wolfTLSv1_2_server_method); if (ret != 0) return TEST_FAIL; wolfSSL_set_verify(ssl_s, WOLFSSL_VERIFY_NONE, 0); wolfSSL_set_verify(ssl_c, WOLFSSL_VERIFY_NONE, 0); wolfSSL_CTX_UseSessionTicket(ctx_c); ret = test_memio_do_handshake(ssl_c, ssl_s, 10, NULL); if (ret != 0) return TEST_FAIL; sess = wolfSSL_get1_session(ssl_c); if (sess->ticketLen > SESSION_TICKET_LEN) return TEST_FAIL; ticketLen = sess->ticketLen; XMEMCPY(ticket, sess->ticket, sess->ticketLen); wolfSSL_free(ssl_c); wolfSSL_free(ssl_s); ssl_s = wolfSSL_new(ctx_s); if (ssl_s == NULL) return TEST_FAIL; wolfSSL_SetIOWriteCtx(ssl_s, &test_ctx); wolfSSL_SetIOReadCtx(ssl_s, &test_ctx); ssl_c = wolfSSL_new(ctx_c); if (ssl_c == NULL) return TEST_FAIL; wolfSSL_SetIOWriteCtx(ssl_c, &test_ctx); wolfSSL_SetIOReadCtx(ssl_c, &test_ctx); wolfSSL_set_session(ssl_c, sess); ret = test_memio_do_handshake(ssl_c, ssl_s, 10, NULL); if (ret != 0) return TEST_FAIL; if (ssl_c->session->ticketLen > SESSION_TICKET_LEN) return TEST_FAIL; if (ssl_c->session->ticketLen != ticketLen) return TEST_FAIL; if (XMEMCMP(ssl_c->session->ticket, ticket, ticketLen) == 0) return TEST_FAIL; wolfSSL_SESSION_free(sess); wolfSSL_free(ssl_c); wolfSSL_free(ssl_s); wolfSSL_CTX_free(ctx_c); wolfSSL_CTX_free(ctx_s); return TEST_SUCCESS; } #else static int test_ticket_ret_create(void) { return TEST_SKIPPED; } #endif #if defined(WOLFSSL_TLS13) && !defined(NO_PSK) && defined(HAVE_SESSION_TICKET) \ && defined(OPENSSL_EXTRA) && defined(HAVE_IO_TESTS_DEPENDENCIES) && \ defined(HAVE_AESGCM) && !defined(NO_SHA256) && defined(WOLFSSL_AES_128) && \ defined(WOLFSSL_SHA384) && defined(WOLFSSL_AES_256) static void test_ticket_and_psk_mixing_on_result(WOLFSSL* ssl) { int ret; WOLFSSL_SESSION* session = NULL; AssertIntEQ(wolfSSL_get_current_cipher_suite(ssl), 0x1301); if (!wolfSSL_is_server(ssl)) { session = wolfSSL_SESSION_dup(wolfSSL_get_session(ssl)); AssertNotNull(session); } do { ret = wolfSSL_shutdown(ssl); } while (ret == WOLFSSL_SHUTDOWN_NOT_DONE); AssertIntEQ(wolfSSL_clear(ssl), WOLFSSL_SUCCESS); wolfSSL_set_psk_callback_ctx(ssl, (void*)"TLS13-AES256-GCM-SHA384"); #ifndef OPENSSL_COMPATIBLE_DEFAULTS /* OpenSSL considers PSK to be verified. We error out with NO_PEER_CERT. */ wolfSSL_set_verify(ssl, WOLFSSL_VERIFY_NONE, NULL); #endif if (!wolfSSL_is_server(ssl)) { /* client */ AssertIntEQ(wolfSSL_set_cipher_list(ssl, "TLS13-AES256-GCM-SHA384:" "TLS13-AES128-GCM-SHA256"), WOLFSSL_SUCCESS); wolfSSL_set_session(ssl, session); wolfSSL_SESSION_free(session); wolfSSL_set_psk_client_tls13_callback(ssl, my_psk_client_tls13_cb); AssertIntEQ(wolfSSL_connect(ssl), WOLFSSL_SUCCESS); } else { /* server */ /* Different ciphersuite so that the ticket will be invalidated based on * the ciphersuite */ AssertIntEQ(wolfSSL_set_cipher_list(ssl, "TLS13-AES256-GCM-SHA384"), WOLFSSL_SUCCESS); wolfSSL_set_psk_server_tls13_callback(ssl, my_psk_server_tls13_cb); AssertIntEQ(wolfSSL_accept(ssl), WOLFSSL_SUCCESS); } } static void test_ticket_and_psk_mixing_ssl_ready(WOLFSSL* ssl) { AssertIntEQ(wolfSSL_UseSessionTicket(ssl), WOLFSSL_SUCCESS); AssertIntEQ(wolfSSL_set_cipher_list(ssl, "TLS13-AES128-GCM-SHA256"), WOLFSSL_SUCCESS); } static int test_ticket_and_psk_mixing(void) { /* Test mixing tickets and regular PSK */ callback_functions client_cbs, server_cbs; XMEMSET(&client_cbs, 0, sizeof(client_cbs)); XMEMSET(&server_cbs, 0, sizeof(server_cbs)); client_cbs.method = wolfTLSv1_3_client_method; server_cbs.method = wolfTLSv1_3_server_method; client_cbs.ssl_ready = test_ticket_and_psk_mixing_ssl_ready; client_cbs.on_result = test_ticket_and_psk_mixing_on_result; server_cbs.on_result = test_ticket_and_psk_mixing_on_result; test_wolfSSL_client_server_nofail(&client_cbs, &server_cbs); AssertIntEQ(client_cbs.return_code, TEST_SUCCESS); AssertIntEQ(server_cbs.return_code, TEST_SUCCESS); return TEST_RES_CHECK(1); } #else static int test_ticket_and_psk_mixing(void) { return TEST_SKIPPED; } #endif #if defined(WOLFSSL_TLS13) && !defined(NO_PSK) && defined(HAVE_SESSION_TICKET) \ && defined(OPENSSL_EXTRA) && defined(HAVE_IO_TESTS_DEPENDENCIES) && \ defined(HAVE_AESGCM) && !defined(NO_SHA256) && defined(WOLFSSL_AES_128) && \ defined(WOLFSSL_SHA384) && defined(WOLFSSL_AES_256) static int test_prioritize_psk_cb_called = FALSE; static unsigned int test_prioritize_psk_cb(WOLFSSL* ssl, const char* identity, unsigned char* key, unsigned int key_max_len, const char** ciphersuite) { test_prioritize_psk_cb_called = TRUE; return my_psk_server_tls13_cb(ssl, identity, key, key_max_len, ciphersuite); } static void test_prioritize_psk_on_result(WOLFSSL* ssl) { int ret; WOLFSSL_SESSION* session = NULL; AssertIntEQ(wolfSSL_get_current_cipher_suite(ssl), 0x1301); if (!wolfSSL_is_server(ssl)) { session = wolfSSL_SESSION_dup(wolfSSL_get_session(ssl)); AssertNotNull(session); } do { ret = wolfSSL_shutdown(ssl); } while (ret == WOLFSSL_SHUTDOWN_NOT_DONE); AssertIntEQ(wolfSSL_clear(ssl), WOLFSSL_SUCCESS); wolfSSL_set_psk_callback_ctx(ssl, (void*)"TLS13-AES256-GCM-SHA384"); /* Previous connection was made with TLS13-AES128-GCM-SHA256. Order is * important. */ AssertIntEQ(wolfSSL_set_cipher_list(ssl, "TLS13-AES256-GCM-SHA384:" "TLS13-AES128-GCM-SHA256"), WOLFSSL_SUCCESS); #ifndef OPENSSL_COMPATIBLE_DEFAULTS /* OpenSSL considers PSK to be verified. We error out with NO_PEER_CERT. */ wolfSSL_set_verify(ssl, WOLFSSL_VERIFY_NONE, NULL); #endif if (!wolfSSL_is_server(ssl)) { /* client */ wolfSSL_set_psk_client_tls13_callback(ssl, my_psk_client_tls13_cb); wolfSSL_set_session(ssl, session); wolfSSL_SESSION_free(session); AssertIntEQ(wolfSSL_connect(ssl), WOLFSSL_SUCCESS); } else { /* server */ wolfSSL_set_psk_server_tls13_callback(ssl, test_prioritize_psk_cb); AssertIntEQ(wolfSSL_accept(ssl), WOLFSSL_SUCCESS); #ifdef WOLFSSL_PRIORITIZE_PSK /* The ticket should be first tried with all ciphersuites and chosen */ AssertFalse(test_prioritize_psk_cb_called); #else /* Ciphersuites should be tried with each PSK. This triggers the PSK * callback that sets this var. */ AssertTrue(test_prioritize_psk_cb_called); #endif } } static void test_prioritize_psk_ssl_ready(WOLFSSL* ssl) { if (!wolfSSL_is_server(ssl)) AssertIntEQ(wolfSSL_set_cipher_list(ssl, "TLS13-AES128-GCM-SHA256"), WOLFSSL_SUCCESS); else AssertIntEQ(wolfSSL_set_cipher_list(ssl, "TLS13-AES256-GCM-SHA384:" "TLS13-AES128-GCM-SHA256"), WOLFSSL_SUCCESS); } static int test_prioritize_psk(void) { /* We always send the ticket first. With WOLFSSL_PRIORITIZE_PSK the order * of the PSK's will be followed instead of the ciphersuite. */ callback_functions client_cbs, server_cbs; XMEMSET(&client_cbs, 0, sizeof(client_cbs)); XMEMSET(&server_cbs, 0, sizeof(server_cbs)); client_cbs.method = wolfTLSv1_3_client_method; server_cbs.method = wolfTLSv1_3_server_method; client_cbs.ssl_ready = test_prioritize_psk_ssl_ready; server_cbs.ssl_ready = test_prioritize_psk_ssl_ready; client_cbs.on_result = test_prioritize_psk_on_result; server_cbs.on_result = test_prioritize_psk_on_result; test_wolfSSL_client_server_nofail(&client_cbs, &server_cbs); AssertIntEQ(client_cbs.return_code, TEST_SUCCESS); AssertIntEQ(server_cbs.return_code, TEST_SUCCESS); return TEST_RES_CHECK(1); } #else static int test_prioritize_psk(void) { return TEST_SKIPPED; } #endif #if defined(WOLFSSL_TLS13) && defined(OPENSSL_EXTRA) && \ defined(HAVE_IO_TESTS_DEPENDENCIES) && defined(HAVE_AESGCM) && \ !defined(NO_SHA256) && defined(WOLFSSL_AES_128) && \ !defined(WOLFSSL_NO_TLS12) static void test_wolfSSL_CTX_set_ciphersuites_ctx_ready_server(WOLFSSL_CTX* ctx) { AssertTrue(SSL_CTX_set_cipher_list(ctx, "DEFAULT")); /* Set TLS 1.3 specific suite */ AssertTrue(SSL_CTX_set_ciphersuites(ctx, "TLS13-AES128-GCM-SHA256")); } static int test_wolfSSL_CTX_set_ciphersuites(void) { /* Test using SSL_CTX_set_cipher_list and SSL_CTX_set_ciphersuites and then * do a 1.2 connection. */ callback_functions client_cbs, server_cbs; XMEMSET(&client_cbs, 0, sizeof(client_cbs)); XMEMSET(&server_cbs, 0, sizeof(server_cbs)); client_cbs.method = wolfTLSv1_2_client_method; server_cbs.method = wolfTLS_server_method; /* Allow downgrade */ server_cbs.ctx_ready = test_wolfSSL_CTX_set_ciphersuites_ctx_ready_server; test_wolfSSL_client_server_nofail(&client_cbs, &server_cbs); AssertIntEQ(client_cbs.return_code, TEST_SUCCESS); AssertIntEQ(server_cbs.return_code, TEST_SUCCESS); return TEST_RES_CHECK(1); } #else static int test_wolfSSL_CTX_set_ciphersuites(void) { return TEST_SKIPPED; } #endif #if defined(HAVE_CRL) && defined(WOLFSSL_CHECK_ALERT_ON_ERR) && \ defined(HAVE_IO_TESTS_DEPENDENCIES) static void test_wolfSSL_CRL_CERT_REVOKED_alert_ctx_ready(WOLFSSL_CTX* ctx) { wolfSSL_CTX_set_verify(ctx, WOLFSSL_VERIFY_PEER, NULL); } static void test_wolfSSL_CRL_CERT_REVOKED_alert_on_cleanup(WOLFSSL* ssl) { WOLFSSL_ALERT_HISTORY h; AssertIntEQ(wolfSSL_get_alert_history(ssl, &h), WOLFSSL_SUCCESS); AssertIntEQ(h.last_rx.level, alert_fatal); AssertIntEQ(h.last_rx.code, certificate_revoked); } static int test_wolfSSL_CRL_CERT_REVOKED_alert(void) { callback_functions client_cbs, server_cbs; XMEMSET(&client_cbs, 0, sizeof(client_cbs)); XMEMSET(&server_cbs, 0, sizeof(server_cbs)); server_cbs.certPemFile = "./certs/server-revoked-cert.pem"; server_cbs.keyPemFile = "./certs/server-revoked-key.pem"; client_cbs.crlPemFile = "./certs/crl/crl.revoked"; client_cbs.ctx_ready = test_wolfSSL_CRL_CERT_REVOKED_alert_ctx_ready; server_cbs.on_cleanup = test_wolfSSL_CRL_CERT_REVOKED_alert_on_cleanup; test_wolfSSL_client_server_nofail(&client_cbs, &server_cbs); AssertIntEQ(client_cbs.return_code, TEST_FAIL); AssertIntEQ(server_cbs.return_code, TEST_FAIL); return TEST_RES_CHECK(1); } #else static int test_wolfSSL_CRL_CERT_REVOKED_alert(void) { return TEST_SKIPPED; } #endif #if defined(WOLFSSL_TLS13) && defined(HAVE_SESSION_TICKET) \ && defined(HAVE_IO_TESTS_DEPENDENCIES) && defined(HAVE_AESGCM) && \ !defined(NO_SHA256) && defined(WOLFSSL_AES_128) && \ defined(WOLFSSL_SHA384) && defined(WOLFSSL_AES_256) && \ !defined(WOLFSSL_NO_DEF_TICKET_ENC_CB) static WOLFSSL_CTX* test_TLS_13_ticket_different_ciphers_ctx = NULL; static WOLFSSL_SESSION* test_TLS_13_ticket_different_ciphers_session = NULL; static int test_TLS_13_ticket_different_ciphers_run = 0; static void test_TLS_13_ticket_different_ciphers_ssl_ready(WOLFSSL* ssl) { switch (test_TLS_13_ticket_different_ciphers_run) { case 0: /* First run */ AssertIntEQ(wolfSSL_set_cipher_list(ssl, "TLS13-AES128-GCM-SHA256"), WOLFSSL_SUCCESS); if (wolfSSL_is_server(ssl)) { AssertNotNull(test_TLS_13_ticket_different_ciphers_ctx = wolfSSL_get_SSL_CTX(ssl)); AssertIntEQ(WOLFSSL_SUCCESS, wolfSSL_CTX_up_ref(test_TLS_13_ticket_different_ciphers_ctx)); } break; case 1: /* Second run */ AssertIntEQ(wolfSSL_set_cipher_list(ssl, "TLS13-AES256-GCM-SHA384:" "TLS13-AES128-GCM-SHA256"), WOLFSSL_SUCCESS); if (!wolfSSL_is_server(ssl)) { AssertIntEQ(wolfSSL_set_session(ssl, test_TLS_13_ticket_different_ciphers_session), WOLFSSL_SUCCESS); } break; default: /* Bad state? */ Fail(("Should not enter here"), ("Should not enter here")); } } static void test_TLS_13_ticket_different_ciphers_on_result(WOLFSSL* ssl) { switch (test_TLS_13_ticket_different_ciphers_run) { case 0: /* First run */ AssertNotNull(test_TLS_13_ticket_different_ciphers_session = wolfSSL_get1_session(ssl)); break; case 1: /* Second run */ AssertTrue(wolfSSL_session_reused(ssl)); break; default: /* Bad state? */ Fail(("Should not enter here"), ("Should not enter here")); } } static int test_TLS_13_ticket_different_ciphers(void) { /* Check that we handle the connection when the ticket doesn't match * the first ciphersuite. */ callback_functions client_cbs, server_cbs; struct test_params { method_provider client_meth; method_provider server_meth; int doUdp; } params[] = { #ifdef WOLFSSL_DTLS13 /* Test that the stateless code handles sessions correctly */ {wolfDTLSv1_3_client_method, wolfDTLSv1_3_server_method, 1}, #endif {wolfTLSv1_3_client_method, wolfTLSv1_3_server_method, 0}, }; size_t i; for (i = 0; i < sizeof(params)/sizeof(*params); i++) { XMEMSET(&client_cbs, 0, sizeof(client_cbs)); XMEMSET(&server_cbs, 0, sizeof(server_cbs)); test_TLS_13_ticket_different_ciphers_run = 0; client_cbs.doUdp = server_cbs.doUdp = params[i].doUdp; client_cbs.method = params[i].client_meth; server_cbs.method = params[i].server_meth; client_cbs.ssl_ready = test_TLS_13_ticket_different_ciphers_ssl_ready; server_cbs.ssl_ready = test_TLS_13_ticket_different_ciphers_ssl_ready; client_cbs.on_result = test_TLS_13_ticket_different_ciphers_on_result; server_cbs.ticNoInit = 1; test_wolfSSL_client_server_nofail(&client_cbs, &server_cbs); AssertTrue(client_cbs.return_code); AssertTrue(server_cbs.return_code); test_TLS_13_ticket_different_ciphers_run++; server_cbs.ctx = test_TLS_13_ticket_different_ciphers_ctx; test_wolfSSL_client_server_nofail(&client_cbs, &server_cbs); AssertTrue(client_cbs.return_code); AssertTrue(server_cbs.return_code); wolfSSL_SESSION_free(test_TLS_13_ticket_different_ciphers_session); test_TLS_13_ticket_different_ciphers_session = NULL; wolfSSL_CTX_free(test_TLS_13_ticket_different_ciphers_ctx); test_TLS_13_ticket_different_ciphers_ctx = NULL; } return TEST_RES_CHECK(1); } #else static int test_TLS_13_ticket_different_ciphers(void) { return TEST_SKIPPED; } #endif #if defined(WOLFSSL_EXTRA_ALERTS) && !defined(WOLFSSL_NO_TLS12) && \ defined(HAVE_IO_TESTS_DEPENDENCIES) #define TEST_WRONG_CS_CLIENT "TLS_DHE_RSA_WITH_AES_128_CBC_SHA" byte test_extra_alerts_wrong_cs_sh[] = { 0x16, 0x03, 0x03, 0x00, 0x56, 0x02, 0x00, 0x00, 0x52, 0x03, 0x03, 0xef, 0x0c, 0x30, 0x98, 0xa2, 0xac, 0xfa, 0x68, 0xe9, 0x3e, 0xaa, 0x5c, 0xcf, 0xa7, 0x42, 0x72, 0xaf, 0xa0, 0xe8, 0x39, 0x2b, 0x3e, 0x81, 0xa7, 0x7a, 0xa5, 0x62, 0x8a, 0x0e, 0x41, 0xba, 0xda, 0x20, 0x18, 0x9f, 0xe1, 0x8c, 0x1d, 0xc0, 0x37, 0x9c, 0xf4, 0x90, 0x5d, 0x8d, 0xa0, 0x79, 0xa7, 0x4b, 0xa8, 0x79, 0xdf, 0xcd, 0x8d, 0xf5, 0xb5, 0x50, 0x5f, 0xf1, 0xdb, 0x4d, 0xbb, 0x07, 0x54, 0x1c, 0x00, 0x02, /* TLS_RSA_WITH_NULL_SHA */ 0x00, 0x00, 0x0a, 0x00, 0x0b, 0x00, 0x02, 0x01, 0x00, 0x00, 0x17, 0x00, 0x00 }; static int test_extra_alerts_wrong_cs(void) { struct test_memio_ctx test_ctx; WOLFSSL_CTX *ctx_c = NULL; WOLFSSL_ALERT_HISTORY h; WOLFSSL *ssl_c = NULL; int ret, err; XMEMSET(&test_ctx, 0, sizeof(test_ctx)); ret = test_memio_setup(&test_ctx, &ctx_c, NULL, &ssl_c, NULL, wolfTLSv1_2_client_method, NULL); if (ret != 0) return TEST_FAIL; ret = wolfSSL_set_cipher_list(ssl_c, TEST_WRONG_CS_CLIENT); if (ret != WOLFSSL_SUCCESS) { wolfSSL_free(ssl_c); wolfSSL_CTX_free(ctx_c); return TEST_SKIPPED; } /* CH */ ret = wolfSSL_connect(ssl_c); err = wolfSSL_get_error(ssl_c, ret); if (ret == WOLFSSL_SUCCESS || err != WOLFSSL_ERROR_WANT_READ) return TEST_FAIL; /* consume CH */ test_ctx.s_len = 0; /* inject SH */ XMEMCPY(test_ctx.c_buff, test_extra_alerts_wrong_cs_sh, sizeof(test_extra_alerts_wrong_cs_sh)); test_ctx.c_len = sizeof(test_extra_alerts_wrong_cs_sh); ret = wolfSSL_connect(ssl_c); err = wolfSSL_get_error(ssl_c, ret); if (ret == WOLFSSL_SUCCESS || err == WOLFSSL_ERROR_WANT_READ) return TEST_FAIL; ret = wolfSSL_get_alert_history(ssl_c, &h); if (ret != WOLFSSL_SUCCESS) return TEST_FAIL; if (h.last_tx.code != illegal_parameter) return TEST_FAIL; if (h.last_tx.level != alert_fatal) return TEST_FAIL; wolfSSL_free(ssl_c); wolfSSL_CTX_free(ctx_c); return TEST_SUCCESS; } #else static int test_extra_alerts_wrong_cs(void) { return TEST_SKIPPED; } #endif #if !defined(WOLFSSL_NO_TLS12) && defined(WOLFSSL_EXTRA_ALERTS) && \ defined(HAVE_IO_TESTS_DEPENDENCIES) && !defined(WOLFSSL_SP_MATH) static void test_remove_msg(byte *msg, int tail_len, int *len, int msg_length) { tail_len -= msg_length; XMEMMOVE(msg, msg + msg_length, tail_len); *len = *len - msg_length; } static int test_remove_hs_msg_from_buffer(byte *buf, int *len, byte type, byte *found) { const unsigned int _HANDSHAKE_HEADER_SZ = 4; const unsigned int _RECORD_HEADER_SZ = 5; const int _change_cipher_hs = 55; const int _change_cipher = 20; const int _handshake = 22; unsigned int tail_len; byte *idx, *curr; word8 currType; word16 rLength; word32 hLength; idx = buf; tail_len = *len; *found = 0; while (tail_len > _RECORD_HEADER_SZ) { curr = idx; currType = *idx; ato16(idx + 3, &rLength); idx += _RECORD_HEADER_SZ; tail_len -= _RECORD_HEADER_SZ; if (tail_len < rLength) return -1; if (type == _change_cipher_hs && currType == _change_cipher) { if (rLength != 1) return -1; /* match */ test_remove_msg(curr, *len - (int)(curr - buf), len, _RECORD_HEADER_SZ + 1); *found = 1; return 0; } if (currType != _handshake) { idx += rLength; tail_len -= rLength; continue; } if (rLength < _HANDSHAKE_HEADER_SZ) return -1; currType = *idx; ato24(idx+1, &hLength); hLength += _HANDSHAKE_HEADER_SZ; if (tail_len < hLength) return -1; if (currType != type) { idx += hLength; tail_len -= hLength; continue; } /* match */ test_remove_msg(curr, *len - (int)(curr - buf), len, hLength + _RECORD_HEADER_SZ); *found = 1; return 0; } /* not found */ return 0; } static int test_remove_hs_message(byte hs_message_type, int extra_round, byte alert_type) { WOLFSSL_CTX *ctx_c = NULL, *ctx_s = NULL; WOLFSSL *ssl_c = NULL, *ssl_s = NULL; struct test_memio_ctx test_ctx; WOLFSSL_ALERT_HISTORY h; int ret, err; byte found; XMEMSET(&test_ctx, 0, sizeof(test_ctx)); ret = test_memio_setup(&test_ctx, &ctx_c, &ctx_s, &ssl_c, &ssl_s, wolfTLSv1_2_client_method, wolfTLSv1_2_server_method); AssertIntEQ(ret, 0); ret = wolfSSL_connect(ssl_c); err = wolfSSL_get_error(ssl_c, ret); AssertIntNE(ret, WOLFSSL_SUCCESS); AssertIntEQ(err, WOLFSSL_ERROR_WANT_READ); ret = wolfSSL_accept(ssl_s); err = wolfSSL_get_error(ssl_s, ret); AssertIntNE(ret, WOLFSSL_SUCCESS); AssertIntEQ(err, WOLFSSL_ERROR_WANT_READ); if (extra_round) { ret = wolfSSL_connect(ssl_c); err = wolfSSL_get_error(ssl_c, ret); AssertIntNE(ret, WOLFSSL_SUCCESS); AssertIntEQ(err, WOLFSSL_ERROR_WANT_READ); /* this will complete handshake from server side */ ret = wolfSSL_accept(ssl_s); AssertIntEQ(ret, WOLFSSL_SUCCESS); } ret = test_remove_hs_msg_from_buffer(test_ctx.c_buff, &test_ctx.c_len, hs_message_type, &found); AssertIntEQ(ret, 0); if (!found) { wolfSSL_free(ssl_c); wolfSSL_CTX_free(ctx_c); wolfSSL_free(ssl_s); wolfSSL_CTX_free(ctx_s); return TEST_SKIPPED; } ret = wolfSSL_connect(ssl_c); err = wolfSSL_get_error(ssl_c, ret); AssertIntNE(ret, WOLFSSL_SUCCESS); AssertIntNE(err, WOLFSSL_ERROR_WANT_READ); ret = wolfSSL_get_alert_history(ssl_c, &h); AssertIntEQ(ret, WOLFSSL_SUCCESS); if (alert_type != 0xff && h.last_tx.code != alert_type) return TEST_FAIL; if (h.last_tx.level != alert_fatal) return TEST_FAIL; wolfSSL_free(ssl_c); wolfSSL_CTX_free(ctx_c); wolfSSL_free(ssl_s); wolfSSL_CTX_free(ctx_s); return TEST_SUCCESS; } static int test_extra_alerts_skip_hs(void) { const byte _server_key_exchange = 12; const byte _server_hello = 2; const byte _certificate = 11; int ret; /* server_hello */ ret = test_remove_hs_message(_server_hello, 0, unexpected_message); AssertIntNE(ret, TEST_FAIL); ret = test_remove_hs_message(_certificate, 0, 0xff); AssertIntNE(ret, TEST_FAIL); ret = test_remove_hs_message(_server_key_exchange, 0, unexpected_message); AssertIntNE(ret, TEST_FAIL); return TEST_SUCCESS; } #else static int test_extra_alerts_skip_hs(void) { return TEST_SKIPPED; } #endif #if !defined(WOLFSSL_NO_TLS12) && defined(HAVE_IO_TESTS_DEPENDENCIES) && \ defined(WOLFSSL_EXTRA_ALERTS) && !defined(NO_PSK) && !defined(NO_DH) static unsigned int test_server_psk_cb(WOLFSSL* ssl, const char* id, unsigned char* key, unsigned int key_max_len) { (void)ssl; (void)id; (void)key_max_len; /* zero means error */ key[0] = 0x10; return 1; } static int test_extra_alerts_bad_psk(void) { WOLFSSL_CTX *ctx_c = NULL, *ctx_s = NULL; WOLFSSL *ssl_c = NULL, *ssl_s = NULL; struct test_memio_ctx test_ctx; WOLFSSL_ALERT_HISTORY h; int ret, err; XMEMSET(&test_ctx, 0, sizeof(test_ctx)); ret = test_memio_setup(&test_ctx, &ctx_c, &ctx_s, &ssl_c, &ssl_s, wolfTLSv1_2_client_method, wolfTLSv1_2_server_method); if (ret != 0) return TEST_FAIL; ret = wolfSSL_set_cipher_list(ssl_c, "DHE-PSK-AES128-GCM-SHA256"); if (ret != WOLFSSL_SUCCESS) return TEST_FAIL; ret = wolfSSL_set_cipher_list(ssl_s, "DHE-PSK-AES128-GCM-SHA256"); if (ret != WOLFSSL_SUCCESS) return TEST_FAIL; wolfSSL_set_psk_server_callback(ssl_s, test_server_psk_cb); ret = wolfSSL_connect(ssl_c); err = wolfSSL_get_error(ssl_c, ret); if (ret == WOLFSSL_SUCCESS || err != WOLFSSL_ERROR_WANT_READ) return TEST_FAIL; ret = wolfSSL_accept(ssl_s); err = wolfSSL_get_error(ssl_s, ret); if (ret == WOLFSSL_SUCCESS || err != WOLFSSL_ERROR_WANT_READ) return TEST_FAIL; ret = wolfSSL_connect(ssl_c); err = wolfSSL_get_error(ssl_c, ret); if (ret == WOLFSSL_SUCCESS || err == WOLFSSL_ERROR_WANT_READ) return TEST_FAIL; ret = wolfSSL_get_alert_history(ssl_c, &h); if (ret != WOLFSSL_SUCCESS) return TEST_FAIL; if (h.last_tx.code != handshake_failure) return TEST_FAIL; if (h.last_tx.level != alert_fatal) return TEST_FAIL; wolfSSL_free(ssl_c); wolfSSL_CTX_free(ctx_c); wolfSSL_free(ssl_s); wolfSSL_CTX_free(ctx_s); return TEST_SUCCESS; } #else static int test_extra_alerts_bad_psk(void) { return TEST_SKIPPED; } #endif #if defined(WOLFSSL_HARDEN_TLS) && !defined(WOLFSSL_NO_TLS12) && \ defined(HAVE_IO_TESTS_DEPENDENCIES) static int test_harden_no_secure_renegotiation_io_cb(WOLFSSL *ssl, char *buf, int sz, void *ctx) { static int sentServerHello = FALSE; if (!sentServerHello) { byte renegExt[] = { 0xFF, 0x01, 0x00, 0x01, 0x00 }; size_t i; if (sz < (int)sizeof(renegExt)) return WOLFSSL_CBIO_ERR_GENERAL; /* Remove SCR from ServerHello */ for (i = 0; i < sz - sizeof(renegExt); i++) { if (XMEMCMP(buf + i, renegExt, sizeof(renegExt)) == 0) { /* Found the extension. Change it to something unrecognized. */ buf[i+1] = 0x11; break; } } sentServerHello = TRUE; } return EmbedSend(ssl, buf, sz, ctx); } static void test_harden_no_secure_renegotiation_ssl_ready(WOLFSSL* ssl) { wolfSSL_SSLSetIOSend(ssl, test_harden_no_secure_renegotiation_io_cb); } static void test_harden_no_secure_renegotiation_on_cleanup(WOLFSSL* ssl) { WOLFSSL_ALERT_HISTORY h; AssertIntEQ(wolfSSL_get_alert_history(ssl, &h), WOLFSSL_SUCCESS); AssertIntEQ(h.last_rx.code, handshake_failure); AssertIntEQ(h.last_rx.level, alert_fatal); } static int test_harden_no_secure_renegotiation(void) { callback_functions client_cbs, server_cbs; XMEMSET(&client_cbs, 0, sizeof(client_cbs)); XMEMSET(&server_cbs, 0, sizeof(server_cbs)); client_cbs.method = wolfTLSv1_2_client_method; server_cbs.method = wolfTLSv1_2_server_method; server_cbs.ssl_ready = test_harden_no_secure_renegotiation_ssl_ready; server_cbs.on_cleanup = test_harden_no_secure_renegotiation_on_cleanup; test_wolfSSL_client_server_nofail(&client_cbs, &server_cbs); AssertIntEQ(client_cbs.return_code, TEST_FAIL); AssertIntEQ(client_cbs.last_err, SECURE_RENEGOTIATION_E); AssertIntEQ(server_cbs.return_code, TEST_FAIL); AssertIntEQ(server_cbs.last_err, SOCKET_ERROR_E); return TEST_RES_CHECK(1); } #else static int test_harden_no_secure_renegotiation(void) { return TEST_SKIPPED; } #endif #if defined(HAVE_OCSP) && defined(HAVE_IO_TESTS_DEPENDENCIES) static int test_override_alt_cert_chain_cert_cb(int preverify, WOLFSSL_X509_STORE_CTX* store) { printf("preverify: %d\n", preverify); printf("store->error: %d\n", store->error); printf("error reason: %s\n", wolfSSL_ERR_reason_error_string(store->error)); if (store->error == OCSP_INVALID_STATUS) { printf("Overriding OCSP error\n"); return 1; } #ifndef WOLFSSL_ALT_CERT_CHAINS else if ((store->error == ASN_NO_SIGNER_E || store->error == ASN_SELF_SIGNED_E #if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL) || \ defined(HAVE_WEBSERVER) || store->error == WOLFSSL_X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY #endif ) && store->error_depth == store->totalCerts - 1) { printf("Overriding no signer error only for root cert\n"); return 1; } #endif else return preverify; } static int test_override_alt_cert_chain_ocsp_cb(void* ioCtx, const char* url, int urlSz, unsigned char* request, int requestSz, unsigned char** response) { (void)ioCtx; (void)url; (void)urlSz; (void)request; (void)requestSz; (void)response; return -1; } static void test_override_alt_cert_chain_client_ctx_ready(WOLFSSL_CTX* ctx) { wolfSSL_CTX_set_verify(ctx, WOLFSSL_VERIFY_PEER, test_override_alt_cert_chain_cert_cb); AssertIntEQ(wolfSSL_CTX_EnableOCSP(ctx, WOLFSSL_OCSP_CHECKALL | WOLFSSL_OCSP_URL_OVERRIDE), WOLFSSL_SUCCESS); AssertIntEQ(wolfSSL_CTX_SetOCSP_Cb(ctx, test_override_alt_cert_chain_ocsp_cb, NULL, NULL), WOLFSSL_SUCCESS); AssertIntEQ(wolfSSL_CTX_SetOCSP_OverrideURL(ctx, "not a url"), WOLFSSL_SUCCESS); } static void test_override_alt_cert_chain_client_ctx_ready2(WOLFSSL_CTX* ctx) { wolfSSL_CTX_set_verify(ctx, WOLFSSL_VERIFY_PEER, NULL); AssertIntEQ(wolfSSL_CTX_EnableOCSP(ctx, WOLFSSL_OCSP_CHECKALL | WOLFSSL_OCSP_URL_OVERRIDE), WOLFSSL_SUCCESS); AssertIntEQ(wolfSSL_CTX_SetOCSP_Cb(ctx, test_override_alt_cert_chain_ocsp_cb, NULL, NULL), WOLFSSL_SUCCESS); AssertIntEQ(wolfSSL_CTX_SetOCSP_OverrideURL(ctx, "not a url"), WOLFSSL_SUCCESS); } static void test_override_alt_cert_chain_server_ctx_ready(WOLFSSL_CTX* ctx) { AssertIntEQ(wolfSSL_CTX_use_certificate_chain_file(ctx, "./certs/intermediate/server-chain-alt.pem"), WOLFSSL_SUCCESS); } static int test_override_alt_cert_chain(void) { size_t i; struct test_params { ctx_callback client_ctx_cb; ctx_callback server_ctx_cb; int result; } params[] = { {test_override_alt_cert_chain_client_ctx_ready, test_override_alt_cert_chain_server_ctx_ready, TEST_SUCCESS}, {test_override_alt_cert_chain_client_ctx_ready2, test_override_alt_cert_chain_server_ctx_ready, TEST_FAIL}, }; for (i = 0; i < sizeof(params)/sizeof(*params); i++) { callback_functions client_cbs, server_cbs; XMEMSET(&client_cbs, 0, sizeof(client_cbs)); XMEMSET(&server_cbs, 0, sizeof(server_cbs)); printf("test config: %d\n", (int)i); client_cbs.ctx_ready = params[i].client_ctx_cb; server_cbs.ctx_ready = params[i].server_ctx_cb; test_wolfSSL_client_server_nofail(&client_cbs, &server_cbs); AssertIntEQ(client_cbs.return_code, params[i].result); AssertIntEQ(server_cbs.return_code, params[i].result); } return TEST_RES_CHECK(1); } #else static int test_override_alt_cert_chain(void) { return TEST_SKIPPED; } #endif /*----------------------------------------------------------------------------* | Main *----------------------------------------------------------------------------*/ typedef int (*TEST_FUNC)(void); typedef struct { const char *name; TEST_FUNC func; byte run:1; } TEST_CASE; #define TEST_DECL(func) { #func, func, 0 } int testAll = 1; TEST_CASE testCases[] = { TEST_DECL(test_fileAccess), TEST_DECL(test_wolfSSL_Init), TEST_DECL(test_wolfSSL_Method_Allocators), #ifndef NO_WOLFSSL_SERVER TEST_DECL(test_wolfSSL_CTX_new), #endif #if (!defined(NO_WOLFSSL_CLIENT) || !defined(NO_WOLFSSL_SERVER)) && \ (!defined(NO_RSA) || defined(HAVE_ECC)) && !defined(NO_FILESYSTEM) TEST_DECL(test_for_double_Free), #endif #ifdef HAVE_IO_TESTS_DEPENDENCIES TEST_DECL(test_wolfSSL_get_finished), TEST_DECL(test_wolfSSL_CTX_add_session), TEST_DECL(test_wolfSSL_CTX_add_session_ext), #endif TEST_DECL(test_SSL_CIPHER_get_xxx), TEST_DECL(test_wolfSSL_ERR_strings), TEST_DECL(test_wolfSSL_EVP_shake128), TEST_DECL(test_wolfSSL_EVP_shake256), TEST_DECL(test_EVP_blake2), TEST_DECL(test_EVP_MD_do_all), TEST_DECL(test_OBJ_NAME_do_all), TEST_DECL(test_wolfSSL_CTX_set_cipher_list_bytes), TEST_DECL(test_wolfSSL_CTX_use_certificate_file), TEST_DECL(test_wolfSSL_CTX_use_certificate_buffer), TEST_DECL(test_wolfSSL_CTX_use_PrivateKey_file), TEST_DECL(test_wolfSSL_CTX_load_verify_locations), TEST_DECL(test_wolfSSL_CTX_load_system_CA_certs), TEST_DECL(test_wolfSSL_CertManagerCheckOCSPResponse), TEST_DECL(test_wolfSSL_CheckOCSPResponse), TEST_DECL(test_wolfSSL_CertManagerLoadCABuffer), TEST_DECL(test_wolfSSL_CertManagerLoadCABuffer_ex), TEST_DECL(test_wolfSSL_CertManagerGetCerts), TEST_DECL(test_wolfSSL_CertManagerSetVerify), TEST_DECL(test_wolfSSL_CertManagerNameConstraint), TEST_DECL(test_wolfSSL_CertManagerNameConstraint2), TEST_DECL(test_wolfSSL_CertManagerNameConstraint3), TEST_DECL(test_wolfSSL_CertManagerNameConstraint4), TEST_DECL(test_wolfSSL_CertManagerNameConstraint5), TEST_DECL(test_wolfSSL_FPKI), TEST_DECL(test_wolfSSL_OtherName), TEST_DECL(test_wolfSSL_CertRsaPss), TEST_DECL(test_wolfSSL_CertManagerCRL), TEST_DECL(test_wolfSSL_CTX_load_verify_locations_ex), TEST_DECL(test_wolfSSL_CTX_load_verify_buffer_ex), TEST_DECL(test_wolfSSL_CTX_load_verify_chain_buffer_format), TEST_DECL(test_wolfSSL_CTX_add1_chain_cert), TEST_DECL(test_wolfSSL_CTX_use_certificate_chain_file_format), TEST_DECL(test_wolfSSL_CTX_trust_peer_cert), TEST_DECL(test_wolfSSL_CTX_SetTmpDH_file), TEST_DECL(test_wolfSSL_CTX_SetTmpDH_buffer), TEST_DECL(test_wolfSSL_CTX_SetMinMaxDhKey_Sz), TEST_DECL(test_wolfSSL_CTX_der_load_verify_locations), TEST_DECL(test_wolfSSL_CTX_enable_disable), TEST_DECL(test_wolfSSL_CTX_ticket_API), TEST_DECL(test_server_wolfSSL_new), TEST_DECL(test_client_wolfSSL_new), TEST_DECL(test_wolfSSL_SetTmpDH_file), TEST_DECL(test_wolfSSL_SetTmpDH_buffer), TEST_DECL(test_wolfSSL_SetMinMaxDhKey_Sz), TEST_DECL(test_SetTmpEC_DHE_Sz), TEST_DECL(test_wolfSSL_CTX_get0_privatekey), TEST_DECL(test_wolfSSL_dtls_set_mtu), TEST_DECL(test_wolfSSL_dtls_plaintext), #if !defined(NO_WOLFSSL_CLIENT) && !defined(NO_WOLFSSL_SERVER) && \ defined(HAVE_IO_TESTS_DEPENDENCIES) TEST_DECL(test_wolfSSL_read_write), TEST_DECL(test_wolfSSL_reuse_WOLFSSLobj), TEST_DECL(test_wolfSSL_CTX_verifyDepth_ServerClient), TEST_DECL(test_wolfSSL_CTX_set_cipher_list), TEST_DECL(test_wolfSSL_dtls_export), TEST_DECL(test_wolfSSL_tls_export), #endif TEST_DECL(test_wolfSSL_SetMinVersion), TEST_DECL(test_wolfSSL_CTX_SetMinVersion), /* TLS extensions tests */ #ifdef HAVE_IO_TESTS_DEPENDENCIES #ifdef HAVE_SNI TEST_DECL(test_wolfSSL_UseSNI_params), TEST_DECL(test_wolfSSL_UseSNI_connection), TEST_DECL(test_wolfSSL_SNI_GetFromBuffer), #endif /* HAVE_SNI */ #endif TEST_DECL(test_wolfSSL_UseTrustedCA), TEST_DECL(test_wolfSSL_UseMaxFragment), TEST_DECL(test_wolfSSL_UseTruncatedHMAC), TEST_DECL(test_wolfSSL_UseSupportedCurve), #if defined(HAVE_ALPN) && defined(HAVE_IO_TESTS_DEPENDENCIES) TEST_DECL(test_wolfSSL_UseALPN_connection), TEST_DECL(test_wolfSSL_UseALPN_params), #endif #ifdef HAVE_ALPN_PROTOS_SUPPORT TEST_DECL(test_wolfSSL_set_alpn_protos), #endif TEST_DECL(test_wolfSSL_DisableExtendedMasterSecret), TEST_DECL(test_wolfSSL_wolfSSL_UseSecureRenegotiation), TEST_DECL(test_wolfSSL_SCR_Reconnect), TEST_DECL(test_tls_ext_duplicate), #if defined(WOLFSSL_TLS13) && defined(HAVE_ECH) TEST_DECL(test_wolfSSL_Tls13_ECH_params), TEST_DECL(test_wolfSSL_Tls13_ECH), #endif /* X509 tests */ TEST_DECL(test_wolfSSL_X509_NAME_get_entry), TEST_DECL(test_wolfSSL_PKCS12), TEST_DECL(test_wolfSSL_no_password_cb), TEST_DECL(test_wolfSSL_PKCS8), TEST_DECL(test_wolfSSL_PKCS8_ED25519), TEST_DECL(test_wolfSSL_PKCS8_ED448), TEST_DECL(test_wolfSSL_PKCS5), TEST_DECL(test_wolfSSL_URI), TEST_DECL(test_wolfSSL_TBS), TEST_DECL(test_wolfSSL_X509_verify), TEST_DECL(test_wolfSSL_X509_TLS_version), TEST_DECL(test_wc_PemToDer), TEST_DECL(test_wc_AllocDer), TEST_DECL(test_wc_CertPemToDer), TEST_DECL(test_wc_KeyPemToDer), TEST_DECL(test_wc_PubKeyPemToDer), TEST_DECL(test_wc_PemPubKeyToDer), TEST_DECL(test_wc_GetPubKeyDerFromCert), TEST_DECL(test_wc_CheckCertSigPubKey), /* OCSP Stapling */ TEST_DECL(test_wolfSSL_UseOCSPStapling), TEST_DECL(test_wolfSSL_UseOCSPStaplingV2), /* Multicast */ TEST_DECL(test_wolfSSL_mcast), /* ASN.1 compatibility API tests */ TEST_DECL(test_wolfSSL_ASN1_BIT_STRING), TEST_DECL(test_wolfSSL_ASN1_INTEGER), TEST_DECL(test_wolfSSL_ASN1_INTEGER_cmp), TEST_DECL(test_wolfSSL_ASN1_INTEGER_BN), TEST_DECL(test_wolfSSL_ASN1_INTEGER_get_set), TEST_DECL(test_wolfSSL_d2i_ASN1_INTEGER), TEST_DECL(test_wolfSSL_a2i_ASN1_INTEGER), TEST_DECL(test_wolfSSL_i2c_ASN1_INTEGER), TEST_DECL(test_wolfSSL_ASN1_OBJECT), TEST_DECL(test_wolfSSL_ASN1_get_object), TEST_DECL(test_wolfSSL_i2a_ASN1_OBJECT), TEST_DECL(test_wolfSSL_i2t_ASN1_OBJECT), TEST_DECL(test_wolfSSL_sk_ASN1_OBJECT), TEST_DECL(test_wolfSSL_ASN1_STRING), TEST_DECL(test_wolfSSL_ASN1_STRING_to_UTF8), TEST_DECL(test_wolfSSL_i2s_ASN1_STRING), TEST_DECL(test_wolfSSL_ASN1_STRING_canon), TEST_DECL(test_wolfSSL_ASN1_STRING_print), TEST_DECL(test_wolfSSL_ASN1_STRING_print_ex), TEST_DECL(test_wolfSSL_ASN1_UNIVERSALSTRING_to_string), TEST_DECL(test_wolfSSL_ASN1_GENERALIZEDTIME_free), TEST_DECL(test_wolfSSL_ASN1_GENERALIZEDTIME_print), TEST_DECL(test_wolfSSL_ASN1_TIME), TEST_DECL(test_wolfSSL_ASN1_TIME_to_string), TEST_DECL(test_wolfSSL_ASN1_TIME_diff_compare), TEST_DECL(test_wolfSSL_ASN1_TIME_adj), TEST_DECL(test_wolfSSL_ASN1_TIME_to_tm), TEST_DECL(test_wolfSSL_ASN1_TIME_to_generalizedtime), TEST_DECL(test_wolfSSL_ASN1_TIME_print), TEST_DECL(test_wolfSSL_ASN1_UTCTIME_print), TEST_DECL(test_wolfSSL_ASN1_TYPE), TEST_DECL(test_wolfSSL_IMPLEMENT_ASN1_FUNCTIONS), /* compatibility tests */ TEST_DECL(test_wolfSSL_lhash), TEST_DECL(test_wolfSSL_X509_NAME), TEST_DECL(test_wolfSSL_X509_NAME_hash), TEST_DECL(test_wolfSSL_X509_NAME_print_ex), #ifndef NO_BIO TEST_DECL(test_wolfSSL_X509_INFO_multiple_info), TEST_DECL(test_wolfSSL_X509_INFO), #endif TEST_DECL(test_wolfSSL_X509_subject_name_hash), TEST_DECL(test_wolfSSL_X509_issuer_name_hash), TEST_DECL(test_wolfSSL_X509_check_host), TEST_DECL(test_wolfSSL_X509_check_email), TEST_DECL(test_wolfSSL_DES), TEST_DECL(test_wolfSSL_certs), TEST_DECL(test_wolfSSL_X509_check_private_key), TEST_DECL(test_wolfSSL_private_keys), TEST_DECL(test_wolfSSL_PEM_read_PrivateKey), #ifndef NO_BIO TEST_DECL(test_wolfSSL_PEM_read_RSA_PUBKEY), #endif TEST_DECL(test_wolfSSL_PEM_read_PUBKEY), TEST_DECL(test_wolfSSL_PEM_PrivateKey), TEST_DECL(test_wolfSSL_PEM_file_RSAKey), TEST_DECL(test_wolfSSL_PEM_file_RSAPrivateKey), #ifndef NO_BIO TEST_DECL(test_wolfSSL_PEM_bio_RSAKey), TEST_DECL(test_wolfSSL_PEM_bio_DSAKey), TEST_DECL(test_wolfSSL_PEM_bio_ECKey), TEST_DECL(test_wolfSSL_PEM_bio_RSAPrivateKey), TEST_DECL(test_wolfSSL_PEM_PUBKEY), #endif TEST_DECL(test_DSA_do_sign_verify), TEST_DECL(test_wolfSSL_tmp_dh), TEST_DECL(test_wolfSSL_ctrl), TEST_DECL(test_wolfSSL_EVP_MD_size), TEST_DECL(test_wolfSSL_EVP_MD_pkey_type), TEST_DECL(test_wolfSSL_EVP_Digest), TEST_DECL(test_wolfSSL_EVP_Digest_all), TEST_DECL(test_wolfSSL_EVP_PKEY_new_mac_key), TEST_DECL(test_wolfSSL_EVP_PKEY_new_CMAC_key), TEST_DECL(test_wolfSSL_EVP_MD_hmac_signing), TEST_DECL(test_wolfSSL_EVP_MD_rsa_signing), TEST_DECL(test_wolfSSL_EVP_MD_ecc_signing), TEST_DECL(test_wolfSSL_EVP_PKEY_print_public), TEST_DECL(test_wolfSSL_EVP_ENCODE_CTX_new), TEST_DECL(test_wolfSSL_EVP_ENCODE_CTX_free), TEST_DECL(test_wolfSSL_EVP_EncodeInit), TEST_DECL(test_wolfSSL_EVP_EncodeUpdate), TEST_DECL(test_wolfSSL_EVP_EncodeFinal), TEST_DECL(test_wolfSSL_EVP_DecodeInit), TEST_DECL(test_wolfSSL_EVP_DecodeUpdate), TEST_DECL(test_wolfSSL_EVP_DecodeFinal), TEST_DECL(test_wolfSSL_CTX_add_extra_chain_cert), #if !defined(NO_WOLFSSL_CLIENT) && !defined(NO_WOLFSSL_SERVER) TEST_DECL(test_wolfSSL_ERR_peek_last_error_line), #endif #ifndef NO_BIO TEST_DECL(test_wolfSSL_ERR_print_errors_cb), TEST_DECL(test_wolfSSL_GetLoggingCb), TEST_DECL(test_WOLFSSL_ERROR_MSG), TEST_DECL(test_wc_ERR_remove_state), TEST_DECL(test_wc_ERR_print_errors_fp), #endif TEST_DECL(test_wolfSSL_set_options), TEST_DECL(test_wolfSSL_sk_SSL_CIPHER), TEST_DECL(test_wolfSSL_set1_curves_list), TEST_DECL(test_wolfSSL_set1_sigalgs_list), TEST_DECL(test_wolfSSL_PKCS7_certs), TEST_DECL(test_wolfSSL_X509_STORE_CTX), TEST_DECL(test_wolfSSL_X509_STORE_CTX_trusted_stack_cleanup), TEST_DECL(test_wolfSSL_X509_STORE_CTX_get0_current_issuer), TEST_DECL(test_wolfSSL_msgCb), TEST_DECL(test_wolfSSL_either_side), TEST_DECL(test_wolfSSL_DTLS_either_side), TEST_DECL(test_wolfSSL_dtls_fragments), TEST_DECL(test_wolfSSL_dtls_AEAD_limit), TEST_DECL(test_wolfSSL_ignore_alert_before_cookie), TEST_DECL(test_wolfSSL_dtls_bad_record), TEST_DECL(test_wolfSSL_dtls_stateless), TEST_DECL(test_generate_cookie), TEST_DECL(test_wolfSSL_X509_STORE_set_flags), TEST_DECL(test_wolfSSL_X509_LOOKUP_load_file), TEST_DECL(test_wolfSSL_X509_Name_canon), TEST_DECL(test_wolfSSL_X509_LOOKUP_ctrl_file), TEST_DECL(test_wolfSSL_X509_LOOKUP_ctrl_hash_dir), TEST_DECL(test_wolfSSL_X509_NID), TEST_DECL(test_wolfSSL_X509_STORE_CTX_set_time), TEST_DECL(test_wolfSSL_get0_param), TEST_DECL(test_wolfSSL_X509_VERIFY_PARAM_set1_host), TEST_DECL(test_wolfSSL_set1_host), TEST_DECL(test_wolfSSL_X509_VERIFY_PARAM_set1_ip), TEST_DECL(test_wolfSSL_X509_STORE_CTX_get0_store), TEST_DECL(test_wolfSSL_X509_STORE), TEST_DECL(test_wolfSSL_X509_STORE_load_locations), TEST_DECL(test_X509_STORE_get0_objects), TEST_DECL(test_wolfSSL_X509_load_crl_file), /* RAND compatability API */ TEST_DECL(test_wolfSSL_RAND_set_rand_method), TEST_DECL(test_wolfSSL_RAND_bytes), /* BN compatability API */ TEST_DECL(test_wolfSSL_BN_CTX), TEST_DECL(test_wolfSSL_BN), TEST_DECL(test_wolfSSL_BN_init), TEST_DECL(test_wolfSSL_BN_enc_dec), TEST_DECL(test_wolfSSL_BN_word), TEST_DECL(test_wolfSSL_BN_bits), TEST_DECL(test_wolfSSL_BN_shift), TEST_DECL(test_wolfSSL_BN_math), TEST_DECL(test_wolfSSL_BN_math_mod), TEST_DECL(test_wolfSSL_BN_math_other), TEST_DECL(test_wolfSSL_BN_rand), TEST_DECL(test_wolfSSL_BN_prime), TEST_DECL(test_wolfSSL_CTX_get0_set1_param), #ifndef NO_BIO TEST_DECL(test_wolfSSL_PEM_read_bio), TEST_DECL(test_wolfSSL_BIO), #endif TEST_DECL(test_wolfSSL_a2i_IPADDRESS), TEST_DECL(test_wolfSSL_X509), TEST_DECL(test_wolfSSL_X509_VERIFY_PARAM), TEST_DECL(test_wolfSSL_X509_sign), TEST_DECL(test_wolfSSL_X509_sign2), TEST_DECL(test_wolfSSL_X509_get0_tbs_sigalg), TEST_DECL(test_wolfSSL_X509_ALGOR_get0), #if defined(OPENSSL_EXTRA) && defined(HAVE_IO_TESTS_DEPENDENCIES) TEST_DECL(test_wolfSSL_check_domain), #endif TEST_DECL(test_wolfSSL_X509_get_X509_PUBKEY), TEST_DECL(test_wolfSSL_X509_PUBKEY_RSA), TEST_DECL(test_wolfSSL_X509_PUBKEY_EC), TEST_DECL(test_wolfSSL_X509_PUBKEY_DSA), TEST_DECL(test_wolfSSL_RAND), TEST_DECL(test_wolfSSL_BUF), TEST_DECL(test_wolfSSL_set_tlsext_status_type), TEST_DECL(test_wolfSSL_X509_cmp_time), TEST_DECL(test_wolfSSL_X509_time_adj), TEST_DECL(test_wolfSSL_CTX_set_client_CA_list), TEST_DECL(test_wolfSSL_CTX_add_client_CA), TEST_DECL(test_wolfSSL_CTX_set_srp_username), TEST_DECL(test_wolfSSL_CTX_set_srp_password), TEST_DECL(test_wolfSSL_CTX_set_keylog_callback), TEST_DECL(test_wolfSSL_CTX_get_keylog_callback), TEST_DECL(test_wolfSSL_Tls12_Key_Logging_test), TEST_DECL(test_wolfSSL_Tls13_Key_Logging_test), TEST_DECL(test_wolfSSL_Tls13_postauth), TEST_DECL(test_wolfSSL_CTX_set_ecdh_auto), TEST_DECL(test_wolfSSL_set_minmax_proto_version), TEST_DECL(test_wolfSSL_CTX_set_max_proto_version), TEST_DECL(test_wolfSSL_THREADID_hash), TEST_DECL(test_wolfSSL_PKCS8_Compat), TEST_DECL(test_wolfSSL_PKCS8_d2i), TEST_DECL(test_error_queue_per_thread), TEST_DECL(test_wolfSSL_ERR_put_error), TEST_DECL(test_wolfSSL_ERR_get_error_order), #ifndef NO_BIO TEST_DECL(test_wolfSSL_ERR_print_errors), #endif TEST_DECL(test_wolfSSL_HMAC), TEST_DECL(test_wolfSSL_CMAC), TEST_DECL(test_wolfSSL_OBJ), TEST_DECL(test_wolfSSL_OBJ_cmp), TEST_DECL(test_wolfSSL_OBJ_txt2nid), TEST_DECL(test_wolfSSL_OBJ_txt2obj), TEST_DECL(test_wolfSSL_PEM_write_bio_X509), TEST_DECL(test_wolfSSL_X509_NAME_ENTRY), TEST_DECL(test_GENERAL_NAME_set0_othername), TEST_DECL(test_othername_and_SID_ext), TEST_DECL(test_wolfSSL_X509_set_name), TEST_DECL(test_wolfSSL_X509_set_notAfter), TEST_DECL(test_wolfSSL_X509_set_notBefore), TEST_DECL(test_wolfSSL_X509_set_version), #ifndef NO_BIO TEST_DECL(test_wolfSSL_BIO_gets), TEST_DECL(test_wolfSSL_BIO_puts), TEST_DECL(test_wolfSSL_BIO_dump), TEST_DECL(test_wolfSSL_BIO_should_retry), TEST_DECL(test_wolfSSL_d2i_PUBKEY), TEST_DECL(test_wolfSSL_BIO_write), TEST_DECL(test_wolfSSL_BIO_connect), TEST_DECL(test_wolfSSL_BIO_accept), TEST_DECL(test_wolfSSL_BIO_printf), TEST_DECL(test_wolfSSL_BIO_f_md), TEST_DECL(test_wolfSSL_BIO_up_ref), TEST_DECL(test_wolfSSL_BIO_tls), TEST_DECL(test_wolfSSL_BIO_reset), #endif TEST_DECL(test_wolfSSL_cert_cb), TEST_DECL(test_wolfSSL_SESSION), TEST_DECL(test_wolfSSL_CTX_sess_set_remove_cb), TEST_DECL(test_wolfSSL_ticket_keys), TEST_DECL(test_wolfSSL_DES_ecb_encrypt), TEST_DECL(test_wolfSSL_sk_GENERAL_NAME), TEST_DECL(test_wolfSSL_GENERAL_NAME_print), TEST_DECL(test_wolfSSL_sk_DIST_POINT), TEST_DECL(test_wolfSSL_MD4), TEST_DECL(test_wolfSSL_verify_mode), TEST_DECL(test_wolfSSL_verify_depth), TEST_DECL(test_wolfSSL_HMAC_CTX), TEST_DECL(test_wolfSSL_msg_callback), TEST_DECL(test_wolfSSL_SHA), TEST_DECL(test_wolfSSL_AES_ecb_encrypt), TEST_DECL(test_wolfSSL_MD5), TEST_DECL(test_wolfSSL_MD5_Transform), TEST_DECL(test_wolfSSL_SHA_Transform), TEST_DECL(test_wolfSSL_SHA256), TEST_DECL(test_wolfSSL_SHA256_Transform), TEST_DECL(test_wolfSSL_SHA224), TEST_DECL(test_wolfSSL_SHA512_Transform), TEST_DECL(test_wolfSSL_X509_get_serialNumber), TEST_DECL(test_wolfSSL_X509_CRL), TEST_DECL(test_wolfSSL_d2i_X509_REQ), TEST_DECL(test_wolfSSL_PEM_read_X509), TEST_DECL(test_wolfSSL_PEM_read), #ifndef NO_BIO TEST_DECL(test_wolfSSL_PEM_X509_INFO_read_bio), #endif TEST_DECL(test_wolfSSL_X509_STORE_get1_certs), TEST_DECL(test_wolfSSL_X509_NAME_ENTRY_get_object), TEST_DECL(test_wolfSSL_OpenSSL_add_all_algorithms), TEST_DECL(test_wolfSSL_OPENSSL_hexstr2buf), TEST_DECL(test_wolfSSL_X509_check_ca), TEST_DECL(test_wolfSSL_X509_check_ip_asc), TEST_DECL(test_wolfSSL_make_cert), TEST_DECL(test_wolfSSL_DES_ncbc), TEST_DECL(test_wolfSSL_AES_cbc_encrypt), TEST_DECL(test_wolfSSL_CRYPTO_cts128), TEST_DECL(test_wolfssl_EVP_aes_gcm_AAD_2_parts), TEST_DECL(test_wolfssl_EVP_aes_gcm), TEST_DECL(test_wolfssl_EVP_aes_gcm_zeroLen), TEST_DECL(test_wolfssl_EVP_aes_ccm), TEST_DECL(test_wolfssl_EVP_aes_ccm_zeroLen), TEST_DECL(test_wolfssl_EVP_chacha20_poly1305), TEST_DECL(test_wolfssl_EVP_chacha20), TEST_DECL(test_wolfSSL_EVP_PKEY_hkdf), TEST_DECL(test_wolfSSL_PKEY_up_ref), TEST_DECL(test_wolfSSL_EVP_Cipher_extra), TEST_DECL(test_wolfSSL_d2i_and_i2d_PublicKey), TEST_DECL(test_wolfSSL_d2i_and_i2d_PublicKey_ecc), TEST_DECL(test_wolfSSL_d2i_and_i2d_DSAparams), TEST_DECL(test_wolfSSL_i2d_PrivateKey), TEST_DECL(test_wolfSSL_OCSP_id_get0_info), TEST_DECL(test_wolfSSL_i2d_OCSP_CERTID), TEST_DECL(test_wolfSSL_d2i_OCSP_CERTID), TEST_DECL(test_wolfSSL_OCSP_id_cmp), TEST_DECL(test_wolfSSL_OCSP_SINGLERESP_get0_id), TEST_DECL(test_wolfSSL_OCSP_single_get0_status), TEST_DECL(test_wolfSSL_OCSP_resp_count), TEST_DECL(test_wolfSSL_OCSP_resp_get0), TEST_DECL(test_wolfSSL_EVP_PKEY_derive), TEST_DECL(test_wolfSSL_EVP_PBE_scrypt), TEST_DECL(test_CONF_modules_xxx), TEST_DECL(test_CRYPTO_set_dynlock_xxx), TEST_DECL(test_CRYPTO_THREADID_xxx), TEST_DECL(test_ENGINE_cleanup), #ifdef OPENSSL_ALL TEST_DECL(test_wolfSSL_X509_PUBKEY_get), TEST_DECL(test_wolfSSL_sk_CIPHER_description), TEST_DECL(test_wolfSSL_get_ciphers_compat), TEST_DECL(test_wolfSSL_EVP_PKEY_set1_get1_DSA), TEST_DECL(test_wolfSSL_DSA_SIG), TEST_DECL(test_wolfSSL_EVP_PKEY_set1_get1_EC_KEY), TEST_DECL(test_wolfSSL_EVP_PKEY_set1_get1_DH), TEST_DECL(test_wolfSSL_CTX_ctrl), TEST_DECL(test_wolfSSL_EVP_PKEY_assign), TEST_DECL(test_wolfSSL_EVP_PKEY_base_id), TEST_DECL(test_wolfSSL_EVP_PKEY_id), TEST_DECL(test_wolfSSL_EVP_PKEY_paramgen), TEST_DECL(test_wolfSSL_EVP_PKEY_keygen), TEST_DECL(test_wolfSSL_EVP_PKEY_keygen_init), TEST_DECL(test_wolfSSL_EVP_PKEY_missing_parameters), TEST_DECL(test_wolfSSL_EVP_PKEY_copy_parameters), TEST_DECL(test_wolfSSL_EVP_PKEY_CTX_set_rsa_keygen_bits), TEST_DECL(test_wolfSSL_EVP_CIPHER_CTX_iv_length), TEST_DECL(test_wolfSSL_EVP_CIPHER_CTX_key_length), TEST_DECL(test_wolfSSL_EVP_CIPHER_CTX_set_key_length), TEST_DECL(test_wolfSSL_EVP_CIPHER_CTX_set_iv), TEST_DECL(test_wolfSSL_EVP_PKEY_CTX_new_id), TEST_DECL(test_wolfSSL_EVP_rc4), TEST_DECL(test_wolfSSL_EVP_enc_null), TEST_DECL(test_wolfSSL_EVP_rc2_cbc), TEST_DECL(test_wolfSSL_EVP_mdc2), TEST_DECL(test_wolfSSL_EVP_md4), TEST_DECL(test_wolfSSL_EVP_aes_256_gcm), TEST_DECL(test_wolfSSL_EVP_aes_192_gcm), TEST_DECL(test_wolfSSL_EVP_aes_256_ccm), TEST_DECL(test_wolfSSL_EVP_aes_192_ccm), TEST_DECL(test_wolfSSL_EVP_aes_128_ccm), TEST_DECL(test_wolfSSL_EVP_ripemd160), TEST_DECL(test_wolfSSL_EVP_get_digestbynid), TEST_DECL(test_wolfSSL_EVP_MD_nid), TEST_DECL(test_wolfSSL_EVP_PKEY_get0_EC_KEY), TEST_DECL(test_wolfSSL_EVP_X_STATE), TEST_DECL(test_wolfSSL_EVP_X_STATE_LEN), TEST_DECL(test_wolfSSL_EVP_CIPHER_block_size), TEST_DECL(test_wolfSSL_EVP_CIPHER_iv_length), TEST_DECL(test_wolfSSL_EVP_SignInit_ex), TEST_DECL(test_wolfSSL_EVP_DigestFinal_ex), TEST_DECL(test_wolfSSL_EVP_PKEY_assign_DH), TEST_DECL(test_wolfSSL_EVP_BytesToKey), TEST_DECL(test_wolfSSL_EVP_PKEY_param_check), TEST_DECL(test_wolfSSL_QT_EVP_PKEY_CTX_free), TEST_DECL(test_evp_cipher_aes_gcm), TEST_DECL(test_wolfSSL_OBJ_ln), TEST_DECL(test_wolfSSL_OBJ_sn), TEST_DECL(test_wolfSSL_TXT_DB), TEST_DECL(test_wolfSSL_NCONF), #endif /* OPENSSL_ALL */ #if (defined(OPENSSL_ALL) || defined(WOLFSSL_ASIO)) && !defined(NO_RSA) TEST_DECL(test_wolfSSL_CTX_use_certificate_ASN1), #ifndef NO_BIO TEST_DECL(test_wolfSSL_d2i_PrivateKeys_bio), #endif /* !NO_BIO */ #endif /* (OPENSSL_ALL || WOLFSSL_ASIO) && !NO_RSA */ TEST_DECL(test_wolfSSL_X509_CA_num), TEST_DECL(test_wolfSSL_X509_get_version), #ifndef NO_BIO TEST_DECL(test_wolfSSL_X509_print), TEST_DECL(test_wolfSSL_X509_CRL_print), TEST_DECL(test_wolfSSL_BIO_get_len), #endif TEST_DECL(test_wolfSSL_RSA), TEST_DECL(test_wolfSSL_RSA_DER), TEST_DECL(test_wolfSSL_RSA_print), #ifndef NO_RSA TEST_DECL(test_wolfSSL_RSA_padding_add_PKCS1_PSS), #endif TEST_DECL(test_wolfSSL_RSA_sign_sha3), TEST_DECL(test_wolfSSL_RSA_get0_key), TEST_DECL(test_wolfSSL_RSA_meth), TEST_DECL(test_wolfSSL_RSA_verify), TEST_DECL(test_wolfSSL_RSA_sign), TEST_DECL(test_wolfSSL_RSA_sign_ex), TEST_DECL(test_wolfSSL_RSA_public_decrypt), TEST_DECL(test_wolfSSL_RSA_private_encrypt), TEST_DECL(test_wolfSSL_RSA_public_encrypt), TEST_DECL(test_wolfSSL_RSA_private_decrypt), TEST_DECL(test_wolfSSL_RSA_GenAdd), TEST_DECL(test_wolfSSL_RSA_blinding_on), TEST_DECL(test_wolfSSL_RSA_ex_data), TEST_DECL(test_wolfSSL_RSA_LoadDer), TEST_DECL(test_wolfSSL_RSA_To_Der), TEST_DECL(test_wolfSSL_PEM_read_RSAPublicKey), TEST_DECL(test_wolfSSL_PEM_write_RSA_PUBKEY), TEST_DECL(test_wolfSSL_PEM_write_RSAPrivateKey), TEST_DECL(test_wolfSSL_PEM_write_mem_RSAPrivateKey), TEST_DECL(test_wolfSSL_DH), TEST_DECL(test_wolfSSL_DH_dup), TEST_DECL(test_wolfSSL_DH_check), TEST_DECL(test_wolfSSL_DH_prime), TEST_DECL(test_wolfSSL_DH_1536_prime), TEST_DECL(test_wolfSSL_DH_get_2048_256), TEST_DECL(test_wolfSSL_PEM_write_DHparams), TEST_DECL(test_wolfSSL_PEM_read_DHparams), TEST_DECL(test_wolfSSL_d2i_DHparams), TEST_DECL(test_wolfSSL_DH_LoadDer), TEST_DECL(test_wolfSSL_i2d_DHparams), #if defined(HAVE_ECC) && !defined(OPENSSL_NO_PK) TEST_DECL(test_wolfSSL_EC_GROUP), TEST_DECL(test_wolfSSL_PEM_read_bio_ECPKParameters), TEST_DECL(test_wolfSSL_EC_POINT), TEST_DECL(test_wolfSSL_EC_KEY_generate), TEST_DECL(test_EC_i2d), TEST_DECL(test_wolfSSL_EC_curve), TEST_DECL(test_wolfSSL_EC_KEY_dup), TEST_DECL(test_wolfSSL_EC_KEY_set_group), TEST_DECL(test_wolfSSL_EC_KEY_set_conv_form), TEST_DECL(test_wolfSSL_EC_KEY_private_key), TEST_DECL(test_wolfSSL_EC_KEY_public_key), TEST_DECL(test_wolfSSL_EC_KEY_print_fp), TEST_DECL(test_wolfSSL_EC_get_builtin_curves), TEST_DECL(test_wolfSSL_ECDSA_SIG), TEST_DECL(test_ECDSA_size_sign), TEST_DECL(test_ECDH_compute_key), #endif TEST_DECL(test_wolfSSL_X509V3_EXT_get), TEST_DECL(test_wolfSSL_X509V3_EXT_nconf), TEST_DECL(test_wolfSSL_X509V3_EXT), TEST_DECL(test_wolfSSL_X509_get_extension_flags), TEST_DECL(test_wolfSSL_X509_get_ext), TEST_DECL(test_wolfSSL_X509_get_ext_by_NID), TEST_DECL(test_wolfSSL_X509_get_ext_subj_alt_name), TEST_DECL(test_wolfSSL_X509_get_ext_count), TEST_DECL(test_wolfSSL_X509_EXTENSION_new), TEST_DECL(test_wolfSSL_X509_EXTENSION_get_object), TEST_DECL(test_wolfSSL_X509_EXTENSION_get_data), TEST_DECL(test_wolfSSL_X509_EXTENSION_get_critical), TEST_DECL(test_wolfSSL_X509V3_EXT_print), TEST_DECL(test_wolfSSL_X509_cmp), TEST_DECL(test_openssl_generate_key_and_cert), TEST_DECL(test_wolfSSL_CRYPTO_memcmp), TEST_DECL(test_wolfSSL_read_detect_TCP_disconnect), /* test the no op functions for compatibility */ TEST_DECL(test_no_op_functions), /* OpenSSL EVP_PKEY API tests */ TEST_DECL(test_EVP_PKEY_rsa), TEST_DECL(test_wolfSSL_EVP_PKEY_encrypt), TEST_DECL(test_wolfSSL_EVP_PKEY_sign_verify), TEST_DECL(test_EVP_PKEY_ec), TEST_DECL(test_EVP_PKEY_cmp), /* OpenSSL error API tests */ TEST_DECL(test_ERR_load_crypto_strings), /* OpenSSL sk_X509 API test */ TEST_DECL(test_sk_X509), /* OpenSSL sk_X509_CRL API test */ TEST_DECL(test_sk_X509_CRL), /* OpenSSL X509 API test */ TEST_DECL(test_X509_get_signature_nid), /* OpenSSL X509 REQ API test */ TEST_DECL(test_X509_REQ), /* OpenSSL PKCS7 API test */ TEST_DECL(test_wolfssl_PKCS7), TEST_DECL(test_wolfSSL_PKCS7_sign), TEST_DECL(test_wolfSSL_PKCS7_SIGNED_new), #ifndef NO_BIO TEST_DECL(test_wolfSSL_PEM_write_bio_PKCS7), #ifdef HAVE_SMIME TEST_DECL(test_wolfSSL_SMIME_read_PKCS7), TEST_DECL(test_wolfSSL_SMIME_write_PKCS7), #endif /* HAVE_SMIME */ #endif /* !NO_BIO */ /* OpenSSL compatibility outside SSL context w/ CRL lookup directory */ TEST_DECL(test_X509_STORE_No_SSL_CTX), TEST_DECL(test_X509_LOOKUP_add_dir), /* wolfCrypt ASN tests */ TEST_DECL(test_wc_CreateEncryptedPKCS8Key), TEST_DECL(test_wc_GetPkcs8TraditionalOffset), TEST_DECL(test_wc_SetSubjectRaw), TEST_DECL(test_wc_GetSubjectRaw), TEST_DECL(test_wc_SetIssuerRaw), TEST_DECL(test_wc_SetIssueBuffer), TEST_DECL(test_wc_SetSubjectKeyId), TEST_DECL(test_wc_SetSubject), TEST_DECL(test_CheckCertSignature), TEST_DECL(test_wc_ParseCert), TEST_DECL(test_wc_ParseCert_Error), TEST_DECL(test_MakeCertWithPathLen), /* wolfCrypt ECC tests */ TEST_DECL(test_wc_ecc_get_curve_size_from_name), TEST_DECL(test_wc_ecc_get_curve_id_from_name), TEST_DECL(test_wc_ecc_get_curve_id_from_params), #ifdef WOLFSSL_TLS13 /* TLS v1.3 API tests */ TEST_DECL(test_tls13_apis), TEST_DECL(test_tls13_cipher_suites), #endif #if !defined(NO_CERTS) && (!defined(NO_WOLFSSL_CLIENT) || \ !defined(WOLFSSL_NO_CLIENT_AUTH)) && !defined(NO_FILESYSTEM) /* Use the Cert Manager(CM) API to generate the error ASN_SIG_CONFIRM_E */ /* Bad certificate signature tests */ TEST_DECL(test_EccSigFailure_cm), TEST_DECL(test_RsaSigFailure_cm), #endif /* NO_CERTS */ #if defined(HAVE_PK_CALLBACKS) && (!defined(WOLFSSL_NO_TLS12) || \ !defined(NO_OLD_TLS)) TEST_DECL(test_DhCallbacks), #endif #if defined(HAVE_KEYING_MATERIAL) && defined(HAVE_IO_TESTS_DEPENDENCIES) TEST_DECL(test_export_keying_material), #endif TEST_DECL(test_wolfSSL_CTX_get_min_proto_version), #if defined(OPENSSL_ALL) || (defined(OPENSSL_EXTRA) && \ (defined(HAVE_STUNNEL) || defined(WOLFSSL_NGINX) || \ defined(HAVE_LIGHTY) || defined(WOLFSSL_HAPROXY) || \ defined(WOLFSSL_OPENSSH) || defined(HAVE_SBLIM_SFCB))) TEST_DECL(test_wolfSSL_set_SSL_CTX), #endif TEST_DECL(test_wolfSSL_security_level), TEST_DECL(test_wolfSSL_SSL_in_init), TEST_DECL(test_wolfSSL_CTX_set_timeout), TEST_DECL(test_wolfSSL_OpenSSL_version), TEST_DECL(test_wolfSSL_set_psk_use_session_callback), TEST_DECL(test_ticket_and_psk_mixing), TEST_DECL(test_prioritize_psk), TEST_DECL(test_CONF_CTX_FILE), TEST_DECL(test_CONF_CTX_CMDLINE), TEST_DECL(test_wolfSSL_CRYPTO_get_ex_new_index), TEST_DECL(test_wolfSSL_SESSION_get_ex_new_index), /* wolfcrypt */ TEST_DECL(test_wolfCrypt_Init), TEST_DECL(test_wc_InitMd5), TEST_DECL(test_wc_Md5Update), TEST_DECL(test_wc_Md5Final), TEST_DECL(test_wc_InitSha), TEST_DECL(test_wc_ShaUpdate), TEST_DECL(test_wc_ShaFinal), TEST_DECL(test_wc_InitSha256), TEST_DECL(test_wc_Sha256Update), TEST_DECL(test_wc_Sha256Final), TEST_DECL(test_wc_Sha256FinalRaw), TEST_DECL(test_wc_Sha256GetFlags), TEST_DECL(test_wc_Sha256Free), TEST_DECL(test_wc_Sha256GetHash), TEST_DECL(test_wc_Sha256Copy), TEST_DECL(test_wc_InitSha512), TEST_DECL(test_wc_Sha512Update), TEST_DECL(test_wc_Sha512Final), TEST_DECL(test_wc_Sha512GetFlags), TEST_DECL(test_wc_Sha512FinalRaw), TEST_DECL(test_wc_Sha512Free), TEST_DECL(test_wc_Sha512GetHash), TEST_DECL(test_wc_Sha512Copy), TEST_DECL(test_wc_InitSha512_224), TEST_DECL(test_wc_Sha512_224Update), TEST_DECL(test_wc_Sha512_224Final), TEST_DECL(test_wc_Sha512_224GetFlags), TEST_DECL(test_wc_Sha512_224FinalRaw), TEST_DECL(test_wc_Sha512_224Free), TEST_DECL(test_wc_Sha512_224GetHash), TEST_DECL(test_wc_Sha512_224Copy), TEST_DECL(test_wc_InitSha512_256), TEST_DECL(test_wc_Sha512_256Update), TEST_DECL(test_wc_Sha512_256Final), TEST_DECL(test_wc_Sha512_256GetFlags), TEST_DECL(test_wc_Sha512_256FinalRaw), TEST_DECL(test_wc_Sha512_256Free), TEST_DECL(test_wc_Sha512_256GetHash), TEST_DECL(test_wc_Sha512_256Copy), TEST_DECL(test_wc_InitSha384), TEST_DECL(test_wc_Sha384Update), TEST_DECL(test_wc_Sha384Final), TEST_DECL(test_wc_Sha384GetFlags), TEST_DECL(test_wc_Sha384FinalRaw), TEST_DECL(test_wc_Sha384Free), TEST_DECL(test_wc_Sha384GetHash), TEST_DECL(test_wc_Sha384Copy), TEST_DECL(test_wc_InitSha224), TEST_DECL(test_wc_Sha224Update), TEST_DECL(test_wc_Sha224Final), TEST_DECL(test_wc_Sha224SetFlags), TEST_DECL(test_wc_Sha224GetFlags), TEST_DECL(test_wc_Sha224Free), TEST_DECL(test_wc_Sha224GetHash), TEST_DECL(test_wc_Sha224Copy), TEST_DECL(test_wc_InitBlake2b), TEST_DECL(test_wc_InitBlake2b_WithKey), TEST_DECL(test_wc_InitBlake2s_WithKey), TEST_DECL(test_wc_InitRipeMd), TEST_DECL(test_wc_RipeMdUpdate), TEST_DECL(test_wc_RipeMdFinal), TEST_DECL(test_wc_InitSha3), TEST_DECL(testing_wc_Sha3_Update), TEST_DECL(test_wc_Sha3_224_Final), TEST_DECL(test_wc_Sha3_256_Final), TEST_DECL(test_wc_Sha3_384_Final), TEST_DECL(test_wc_Sha3_512_Final), TEST_DECL(test_wc_Sha3_224_Copy), TEST_DECL(test_wc_Sha3_256_Copy), TEST_DECL(test_wc_Sha3_384_Copy), TEST_DECL(test_wc_Sha3_512_Copy), TEST_DECL(test_wc_Sha3_GetFlags), TEST_DECL(test_wc_InitShake256), TEST_DECL(testing_wc_Shake256_Update), TEST_DECL(test_wc_Shake256_Final), TEST_DECL(test_wc_Shake256_Copy), TEST_DECL(test_wc_Shake256Hash), TEST_DECL(test_wc_Md5HmacSetKey), TEST_DECL(test_wc_Md5HmacUpdate), TEST_DECL(test_wc_Md5HmacFinal), TEST_DECL(test_wc_ShaHmacSetKey), TEST_DECL(test_wc_ShaHmacUpdate), TEST_DECL(test_wc_ShaHmacFinal), TEST_DECL(test_wc_Sha224HmacSetKey), TEST_DECL(test_wc_Sha224HmacUpdate), TEST_DECL(test_wc_Sha224HmacFinal), TEST_DECL(test_wc_Sha256HmacSetKey), TEST_DECL(test_wc_Sha256HmacUpdate), TEST_DECL(test_wc_Sha256HmacFinal), TEST_DECL(test_wc_Sha384HmacSetKey), TEST_DECL(test_wc_Sha384HmacUpdate), TEST_DECL(test_wc_Sha384HmacFinal), TEST_DECL(test_wc_HashInit), TEST_DECL(test_wc_HashSetFlags), TEST_DECL(test_wc_HashGetFlags), TEST_DECL(test_wc_InitCmac), TEST_DECL(test_wc_CmacUpdate), TEST_DECL(test_wc_CmacFinal), TEST_DECL(test_wc_AesCmacGenerate), TEST_DECL(test_wc_AesGcmStream), TEST_DECL(test_wc_Des3_SetIV), TEST_DECL(test_wc_Des3_SetKey), TEST_DECL(test_wc_Des3_CbcEncryptDecrypt), TEST_DECL(test_wc_Des3_CbcEncryptDecryptWithKey), TEST_DECL(test_wc_Des3_EcbEncrypt), TEST_DECL(test_wc_Chacha_SetKey), TEST_DECL(test_wc_Chacha_Process), TEST_DECL(test_wc_ChaCha20Poly1305_aead), TEST_DECL(test_wc_Poly1305SetKey), TEST_DECL(test_wc_CamelliaSetKey), TEST_DECL(test_wc_CamelliaSetIV), TEST_DECL(test_wc_CamelliaEncryptDecryptDirect), TEST_DECL(test_wc_CamelliaCbcEncryptDecrypt), TEST_DECL(test_wc_Arc4SetKey), TEST_DECL(test_wc_Arc4Process), TEST_DECL(test_wc_Rc2SetKey), TEST_DECL(test_wc_Rc2SetIV), TEST_DECL(test_wc_Rc2EcbEncryptDecrypt), TEST_DECL(test_wc_Rc2CbcEncryptDecrypt), TEST_DECL(test_wc_AesSetKey), TEST_DECL(test_wc_AesSetIV), TEST_DECL(test_wc_AesCbcEncryptDecrypt), TEST_DECL(test_wc_AesCtrEncryptDecrypt), TEST_DECL(test_wc_AesGcmSetKey), TEST_DECL(test_wc_AesGcmEncryptDecrypt), TEST_DECL(test_wc_AesGcmMixedEncDecLongIV), TEST_DECL(test_wc_GmacSetKey), TEST_DECL(test_wc_GmacUpdate), TEST_DECL(test_wc_InitRsaKey), TEST_DECL(test_wc_RsaPrivateKeyDecode), TEST_DECL(test_wc_RsaPublicKeyDecode), TEST_DECL(test_wc_RsaPublicKeyDecodeRaw), TEST_DECL(test_wc_MakeRsaKey), TEST_DECL(test_wc_SetKeyUsage), TEST_DECL(test_wc_CheckProbablePrime), TEST_DECL(test_wc_RsaPSS_Verify), TEST_DECL(test_wc_RsaPSS_VerifyCheck), TEST_DECL(test_wc_RsaPSS_VerifyCheckInline), TEST_DECL(test_wc_SetMutexCb), TEST_DECL(test_wc_LockMutex_ex), TEST_DECL(test_wc_RsaKeyToDer), TEST_DECL(test_wc_RsaKeyToPublicDer), TEST_DECL(test_wc_RsaPublicEncryptDecrypt), TEST_DECL(test_wc_RsaPublicEncryptDecrypt_ex), TEST_DECL(test_wc_RsaEncryptSize), TEST_DECL(test_wc_RsaSSL_SignVerify), TEST_DECL(test_wc_RsaFlattenPublicKey), TEST_DECL(test_RsaDecryptBoundsCheck), TEST_DECL(test_wc_AesCcmSetKey), TEST_DECL(test_wc_AesCcmEncryptDecrypt), TEST_DECL(test_wc_InitDsaKey), TEST_DECL(test_wc_DsaSignVerify), TEST_DECL(test_wc_DsaPublicPrivateKeyDecode), TEST_DECL(test_wc_MakeDsaKey), TEST_DECL(test_wc_DsaKeyToDer), TEST_DECL(test_wc_DsaKeyToPublicDer), TEST_DECL(test_wc_DsaImportParamsRaw), TEST_DECL(test_wc_DsaImportParamsRawCheck), TEST_DECL(test_wc_DsaExportParamsRaw), TEST_DECL(test_wc_DsaExportKeyRaw), TEST_DECL(test_wc_SignatureGetSize_ecc), TEST_DECL(test_wc_SignatureGetSize_rsa), /* * test_wolfCrypt_Cleanup needs to come after the above wolfCrypt tests to * avoid memory leaks. */ TEST_DECL(test_wolfCrypt_Cleanup), #ifdef OPENSSL_EXTRA TEST_DECL(test_wolfSSL_EVP_get_cipherbynid), TEST_DECL(test_wolfSSL_EVP_CIPHER_CTX), TEST_DECL(test_ED25519), TEST_DECL(test_ED448), #endif #if defined(OPENSSL_EXTRA) && defined(HAVE_ECC) && \ !defined(HAVE_SELFTEST) && \ !(defined(HAVE_FIPS) || defined(HAVE_FIPS_VERSION)) TEST_DECL(test_wc_ecc_get_curve_id_from_dp_params), #endif #ifdef HAVE_HASHDRBG #ifdef TEST_RESEED_INTERVAL TEST_DECL(test_wc_RNG_GenerateBlock_Reseed), #endif TEST_DECL(test_wc_RNG_GenerateBlock), #endif TEST_DECL(test_get_rand_digit), TEST_DECL(test_get_digit_count), TEST_DECL(test_mp_cond_copy), TEST_DECL(test_mp_rand), TEST_DECL(test_get_digit), TEST_DECL(test_wc_export_int), TEST_DECL(test_wc_InitRngNonce), TEST_DECL(test_wc_InitRngNonce_ex), TEST_DECL(test_wc_ed25519_make_key), TEST_DECL(test_wc_ed25519_init), TEST_DECL(test_wc_ed25519_sign_msg), TEST_DECL(test_wc_ed25519_import_public), TEST_DECL(test_wc_ed25519_import_private_key), TEST_DECL(test_wc_ed25519_export), TEST_DECL(test_wc_ed25519_size), TEST_DECL(test_wc_ed25519_exportKey), TEST_DECL(test_wc_Ed25519PublicKeyToDer), TEST_DECL(test_wc_curve25519_init), TEST_DECL(test_wc_curve25519_size), TEST_DECL(test_wc_curve25519_export_key_raw), TEST_DECL(test_wc_curve25519_export_key_raw_ex), TEST_DECL(test_wc_curve25519_make_key), TEST_DECL(test_wc_curve25519_shared_secret_ex), TEST_DECL(test_wc_curve25519_make_pub), TEST_DECL(test_wc_curve25519_export_public_ex), TEST_DECL(test_wc_curve25519_export_private_raw_ex), TEST_DECL(test_wc_curve25519_import_private_raw_ex), TEST_DECL(test_wc_curve25519_import_private), TEST_DECL(test_wc_ed448_make_key), TEST_DECL(test_wc_ed448_init), TEST_DECL(test_wc_ed448_sign_msg), TEST_DECL(test_wc_ed448_import_public), TEST_DECL(test_wc_ed448_import_private_key), TEST_DECL(test_wc_ed448_export), TEST_DECL(test_wc_ed448_size), TEST_DECL(test_wc_ed448_exportKey), TEST_DECL(test_wc_Ed448PublicKeyToDer), TEST_DECL(test_wc_curve448_make_key), TEST_DECL(test_wc_curve448_shared_secret_ex), TEST_DECL(test_wc_curve448_export_public_ex), TEST_DECL(test_wc_curve448_export_private_raw_ex), TEST_DECL(test_wc_curve448_export_key_raw), TEST_DECL(test_wc_curve448_import_private_raw_ex), TEST_DECL(test_wc_curve448_import_private), TEST_DECL(test_wc_curve448_init), TEST_DECL(test_wc_curve448_size), TEST_DECL(test_wc_ecc_make_key), TEST_DECL(test_wc_ecc_init), TEST_DECL(test_wc_ecc_check_key), TEST_DECL(test_wc_ecc_get_generator), TEST_DECL(test_wc_ecc_size), TEST_DECL(test_wc_ecc_params), TEST_DECL(test_wc_ecc_signVerify_hash), TEST_DECL(test_wc_ecc_shared_secret), TEST_DECL(test_wc_ecc_export_x963), TEST_DECL(test_wc_ecc_export_x963_ex), TEST_DECL(test_wc_ecc_import_x963), TEST_DECL(ecc_import_private_key), TEST_DECL(test_wc_ecc_export_private_only), TEST_DECL(test_wc_ecc_rs_to_sig), TEST_DECL(test_wc_ecc_import_raw), TEST_DECL(test_wc_ecc_import_unsigned), TEST_DECL(test_wc_ecc_sig_size), TEST_DECL(test_wc_ecc_ctx_new), TEST_DECL(test_wc_ecc_ctx_reset), TEST_DECL(test_wc_ecc_ctx_set_peer_salt), TEST_DECL(test_wc_ecc_ctx_set_info), TEST_DECL(test_wc_ecc_encryptDecrypt), TEST_DECL(test_wc_ecc_del_point), TEST_DECL(test_wc_ecc_pointFns), TEST_DECL(test_wc_ecc_shared_secret_ssh), TEST_DECL(test_wc_ecc_verify_hash_ex), TEST_DECL(test_wc_ecc_mulmod), TEST_DECL(test_wc_ecc_is_valid_idx), TEST_DECL(test_wc_ecc_get_curve_id_from_oid), TEST_DECL(test_wc_ecc_sig_size_calc), TEST_DECL(test_ToTraditional), TEST_DECL(test_wc_EccPrivateKeyToDer), TEST_DECL(test_wc_DhPublicKeyDecode), TEST_DECL(test_wc_Ed25519KeyToDer), TEST_DECL(test_wc_Ed25519PrivateKeyToDer), TEST_DECL(test_wc_Ed448KeyToDer), TEST_DECL(test_wc_Ed448PrivateKeyToDer), TEST_DECL(test_wc_SetAuthKeyIdFromPublicKey_ex), TEST_DECL(test_wc_SetSubjectBuffer), TEST_DECL(test_wc_SetSubjectKeyIdFromPublicKey_ex), TEST_DECL(test_wc_PKCS7_New), TEST_DECL(test_wc_PKCS7_Init), TEST_DECL(test_wc_PKCS7_InitWithCert), TEST_DECL(test_wc_PKCS7_EncodeData), TEST_DECL(test_wc_PKCS7_EncodeSignedData), TEST_DECL(test_wc_PKCS7_EncodeSignedData_ex), TEST_DECL(test_wc_PKCS7_VerifySignedData), TEST_DECL(test_wc_PKCS7_EncodeDecodeEnvelopedData), TEST_DECL(test_wc_PKCS7_EncodeEncryptedData), TEST_DECL(test_wc_PKCS7_Degenerate), TEST_DECL(test_wc_PKCS7_BER), TEST_DECL(test_PKCS7_signed_enveloped), TEST_DECL(test_wc_PKCS7_NoDefaultSignedAttribs), TEST_DECL(test_wc_PKCS7_SetOriEncryptCtx), TEST_DECL(test_wc_PKCS7_SetOriDecryptCtx), TEST_DECL(test_wc_PKCS7_DecodeCompressedData), TEST_DECL(test_wc_i2d_PKCS12), TEST_DECL(test_wolfSSL_CTX_LoadCRL), TEST_DECL(test_openssl_FIPS_drbg), TEST_DECL(test_wc_CryptoCb), TEST_DECL(test_wolfSSL_CTX_StaticMemory), TEST_DECL(test_wolfSSL_FIPS_mode), #ifdef WOLFSSL_DTLS TEST_DECL(test_wolfSSL_DtlsUpdateWindow), TEST_DECL(test_wolfSSL_DTLS_fragment_buckets), #endif #if !defined(NO_FILESYSTEM) && \ defined(WOLFSSL_DTLS) && !defined(WOLFSSL_NO_TLS12) && \ !defined(NO_WOLFSSL_CLIENT) && !defined(NO_WOLFSSL_SERVER) #ifdef WOLFSSL_DTLS_NO_HVR_ON_RESUME TEST_DECL(test_wolfSSL_dtls_stateless_resume), #endif /* WOLFSSL_DTLS_NO_HVR_ON_RESUME */ #ifdef HAVE_MAX_FRAGMENT TEST_DECL(test_wolfSSL_dtls_stateless_maxfrag), #endif /* HAVE_MAX_FRAGMENT */ TEST_DECL(test_wolfSSL_dtls_stateless2), #if !defined(NO_OLD_TLS) TEST_DECL(test_wolfSSL_dtls_stateless_downgrade), #endif /* !defined(NO_OLD_TLS) */ #endif /* defined(WOLFSSL_DTLS) && !defined(WOLFSSL_NO_TLS12) && \ * !defined(NO_WOLFSSL_CLIENT) && !defined(NO_WOLFSSL_SERVER) */ TEST_DECL(test_wolfSSL_CTX_set_ciphersuites), TEST_DECL(test_wolfSSL_CRL_CERT_REVOKED_alert), TEST_DECL(test_TLS_13_ticket_different_ciphers), TEST_DECL(test_WOLFSSL_dtls_version_alert), TEST_DECL(test_ForceZero), TEST_DECL(test_wolfSSL_Cleanup), #if defined(WOLFSSL_TICKET_NONCE_MALLOC) && defined(HAVE_SESSION_TICKET) \ && defined(WOLFSSL_TLS13) && \ (!defined(HAVE_FIPS) || (defined(FIPS_VERSION_GE) && FIPS_VERSION_GE(5,3))) TEST_DECL(test_ticket_nonce_malloc), #endif #if !defined(NO_RSA) && !defined(NO_SHA) && !defined(NO_FILESYSTEM) && \ !defined(NO_CERTS) && (!defined(NO_WOLFSSL_CLIENT) || \ !defined(WOLFSSL_NO_CLIENT_AUTH)) TEST_DECL(test_various_pathlen_chains), #endif TEST_DECL(test_ticket_ret_create), TEST_DECL(test_extra_alerts_wrong_cs), TEST_DECL(test_extra_alerts_skip_hs), TEST_DECL(test_extra_alerts_bad_psk), TEST_DECL(test_harden_no_secure_renegotiation), TEST_DECL(test_override_alt_cert_chain), /* If at some point a stub get implemented this test should fail indicating * a need to implement a new test case */ TEST_DECL(test_stubs_are_stubs) }; #define TEST_CASE_CNT (int)(sizeof(testCases) / sizeof(*testCases)) static void TestSetup(void) { /* Stub, for now. Add common test setup code here. */ } static void TestCleanup(void) { #if defined(OPENSSL_EXTRA) || defined(DEBUG_WOLFSSL_VERBOSE) /* Clear any errors added to the error queue during the test run. */ wolfSSL_ERR_clear_error(); #endif /* OPENSSL_EXTRA || DEBUG_WOLFSSL_VERBOSE */ } /* Print out all API test cases with numeric identifier. */ void ApiTest_PrintTestCases(void) { int i; printf("All Test Cases:\n"); for (i = 0; i < TEST_CASE_CNT; i++) { printf("%3d: %s\n", i + 1, testCases[i].name); } } /* Add test case with index to the list to run. * * @param [in] idx Index of test case to run starting at 1. * @return 0 on success. * @return BAD_FUNC_ARG when index is out of range of test case identifiers. */ int ApiTest_RunIdx(int idx) { if (idx < 1 || idx > TEST_CASE_CNT) { printf("Index out of range (1 - %d): %d\n", TEST_CASE_CNT, idx); return BAD_FUNC_ARG; } testAll = 0; testCases[idx-1].run = 1; return 0; } /* Add test case with name to the list to run. * * @param [in] name Name of test case to run. * @return 0 on success. * @return BAD_FUNC_ARG when name is not a known test case name. */ int ApiTest_RunName(char* name) { int i; for (i = 0; i < TEST_CASE_CNT; i++) { if (XSTRCMP(testCases[i].name, name) == 0) { testAll = 0; testCases[i].run = 1; return 0; } } printf("Test case name not found: %s\n", name); printf("Use --list to see all test case names.\n"); return BAD_FUNC_ARG; } /* Converts the result code to a string. * * @param [in] res Test result code. * @return String describing test result. */ static const char* apitest_res_string(int res) { const char* str = "invalid result"; switch (res) { case TEST_SUCCESS: str = "passed"; break; case TEST_FAIL: str = "failed"; break; case TEST_SKIPPED: str = "skipped"; break; } return str; } #ifndef WOLFSSL_UNIT_TEST_NO_TIMING static double gettime_secs(void) { struct timeval tv; LIBCALL_CHECK_RET(gettimeofday(&tv, 0)); return (double)tv.tv_sec + (double)tv.tv_usec / 1000000; } #endif void ApiTest(void) { int i; int ret; #ifndef WOLFSSL_UNIT_TEST_NO_TIMING double timeDiff; #endif printf(" Begin API Tests\n"); fflush(stdout); /* we must perform init and cleanup if not all tests are running */ if (!testAll) { #ifdef WOLFCRYPT_ONLY wolfCrypt_Init(); #else wolfSSL_Init(); #endif } for (i = 0; i < TEST_CASE_CNT; ++i) { /* When not testing all cases then skip if not marked for running. */ if (!testAll && !testCases[i].run) { continue; } TestSetup(); printf(" %3d: %-52s:", i + 1, testCases[i].name); fflush(stdout); #ifndef WOLFSSL_UNIT_TEST_NO_TIMING timeDiff = gettime_secs(); #endif ret = testCases[i].func(); #ifndef WOLFSSL_UNIT_TEST_NO_TIMING timeDiff = gettime_secs() - timeDiff; #endif #ifndef WOLFSSL_UNIT_TEST_NO_TIMING if (ret != TEST_SKIPPED) { printf(" %s (%9.5lf)\n", apitest_res_string(ret), timeDiff); } else #endif { printf(" %s\n", apitest_res_string(ret)); } fflush(stdout); /* if return code is < 0 and not skipped then assert error */ Assert((ret > 0 || ret == TEST_SKIPPED), ("Test failed\n"), ("ret %d", ret)); TestCleanup(); } #if defined(HAVE_ECC) && defined(FP_ECC) && defined(HAVE_THREAD_LS) \ && (defined(NO_MAIN_DRIVER) || defined(HAVE_STACK_SIZE)) wc_ecc_fp_free(); /* free per thread cache */ #endif if (!testAll) { #ifdef WOLFCRYPT_ONLY wolfCrypt_Cleanup(); #else wolfSSL_Cleanup(); #endif } (void)testDevId; printf(" End API Tests\n"); fflush(stdout); }