test.c 1.7 MB

1234567891011121314151617181920212223242526272829303132333435363738394041424344454647484950515253545556575859606162636465666768697071727374757677787980818283848586878889909192939495969798991001011021031041051061071081091101111121131141151161171181191201211221231241251261271281291301311321331341351361371381391401411421431441451461471481491501511521531541551561571581591601611621631641651661671681691701711721731741751761771781791801811821831841851861871881891901911921931941951961971981992002012022032042052062072082092102112122132142152162172182192202212222232242252262272282292302312322332342352362372382392402412422432442452462472482492502512522532542552562572582592602612622632642652662672682692702712722732742752762772782792802812822832842852862872882892902912922932942952962972982993003013023033043053063073083093103113123133143153163173183193203213223233243253263273283293303313323333343353363373383393403413423433443453463473483493503513523533543553563573583593603613623633643653663673683693703713723733743753763773783793803813823833843853863873883893903913923933943953963973983994004014024034044054064074084094104114124134144154164174184194204214224234244254264274284294304314324334344354364374384394404414424434444454464474484494504514524534544554564574584594604614624634644654664674684694704714724734744754764774784794804814824834844854864874884894904914924934944954964974984995005015025035045055065075085095105115125135145155165175185195205215225235245255265275285295305315325335345355365375385395405415425435445455465475485495505515525535545555565575585595605615625635645655665675685695705715725735745755765775785795805815825835845855865875885895905915925935945955965975985996006016026036046056066076086096106116126136146156166176186196206216226236246256266276286296306316326336346356366376386396406416426436446456466476486496506516526536546556566576586596606616626636646656666676686696706716726736746756766776786796806816826836846856866876886896906916926936946956966976986997007017027037047057067077087097107117127137147157167177187197207217227237247257267277287297307317327337347357367377387397407417427437447457467477487497507517527537547557567577587597607617627637647657667677687697707717727737747757767777787797807817827837847857867877887897907917927937947957967977987998008018028038048058068078088098108118128138148158168178188198208218228238248258268278288298308318328338348358368378388398408418428438448458468478488498508518528538548558568578588598608618628638648658668678688698708718728738748758768778788798808818828838848858868878888898908918928938948958968978988999009019029039049059069079089099109119129139149159169179189199209219229239249259269279289299309319329339349359369379389399409419429439449459469479489499509519529539549559569579589599609619629639649659669679689699709719729739749759769779789799809819829839849859869879889899909919929939949959969979989991000100110021003100410051006100710081009101010111012101310141015101610171018101910201021102210231024102510261027102810291030103110321033103410351036103710381039104010411042104310441045104610471048104910501051105210531054105510561057105810591060106110621063106410651066106710681069107010711072107310741075107610771078107910801081108210831084108510861087108810891090109110921093109410951096109710981099110011011102110311041105110611071108110911101111111211131114111511161117111811191120112111221123112411251126112711281129113011311132113311341135113611371138113911401141114211431144114511461147114811491150115111521153115411551156115711581159116011611162116311641165116611671168116911701171117211731174117511761177117811791180118111821183118411851186118711881189119011911192119311941195119611971198119912001201120212031204120512061207120812091210121112121213121412151216121712181219122012211222122312241225122612271228122912301231123212331234123512361237123812391240124112421243124412451246124712481249125012511252125312541255125612571258125912601261126212631264126512661267126812691270127112721273127412751276127712781279128012811282128312841285128612871288128912901291129212931294129512961297129812991300130113021303130413051306130713081309131013111312131313141315131613171318131913201321132213231324132513261327132813291330133113321333133413351336133713381339134013411342134313441345134613471348134913501351135213531354135513561357135813591360136113621363136413651366136713681369137013711372137313741375137613771378137913801381138213831384138513861387138813891390139113921393139413951396139713981399140014011402140314041405140614071408140914101411141214131414141514161417141814191420142114221423142414251426142714281429143014311432143314341435143614371438143914401441144214431444144514461447144814491450145114521453145414551456145714581459146014611462146314641465146614671468146914701471147214731474147514761477147814791480148114821483148414851486148714881489149014911492149314941495149614971498149915001501150215031504150515061507150815091510151115121513151415151516151715181519152015211522152315241525152615271528152915301531153215331534153515361537153815391540154115421543154415451546154715481549155015511552155315541555155615571558155915601561156215631564156515661567156815691570157115721573157415751576157715781579158015811582158315841585158615871588158915901591159215931594159515961597159815991600160116021603160416051606160716081609161016111612161316141615161616171618161916201621162216231624162516261627162816291630163116321633163416351636163716381639164016411642164316441645164616471648164916501651165216531654165516561657165816591660166116621663166416651666166716681669167016711672167316741675167616771678167916801681168216831684168516861687168816891690169116921693169416951696169716981699170017011702170317041705170617071708170917101711171217131714171517161717171817191720172117221723172417251726172717281729173017311732173317341735173617371738173917401741174217431744174517461747174817491750175117521753175417551756175717581759176017611762176317641765176617671768176917701771177217731774177517761777177817791780178117821783178417851786178717881789179017911792179317941795179617971798179918001801180218031804180518061807180818091810181118121813181418151816181718181819182018211822182318241825182618271828182918301831183218331834183518361837183818391840184118421843184418451846184718481849185018511852185318541855185618571858185918601861186218631864186518661867186818691870187118721873187418751876187718781879188018811882188318841885188618871888188918901891189218931894189518961897189818991900190119021903190419051906190719081909191019111912191319141915191619171918191919201921192219231924192519261927192819291930193119321933193419351936193719381939194019411942194319441945194619471948194919501951195219531954195519561957195819591960196119621963196419651966196719681969197019711972197319741975197619771978197919801981198219831984198519861987198819891990199119921993199419951996199719981999200020012002200320042005200620072008200920102011201220132014201520162017201820192020202120222023202420252026202720282029203020312032203320342035203620372038203920402041204220432044204520462047204820492050205120522053205420552056205720582059206020612062206320642065206620672068206920702071207220732074207520762077207820792080208120822083208420852086208720882089209020912092209320942095209620972098209921002101210221032104210521062107210821092110211121122113211421152116211721182119212021212122212321242125212621272128212921302131213221332134213521362137213821392140214121422143214421452146214721482149215021512152215321542155215621572158215921602161216221632164216521662167216821692170217121722173217421752176217721782179218021812182218321842185218621872188218921902191219221932194219521962197219821992200220122022203220422052206220722082209221022112212221322142215221622172218221922202221222222232224222522262227222822292230223122322233223422352236223722382239224022412242224322442245224622472248224922502251225222532254225522562257225822592260226122622263226422652266226722682269227022712272227322742275227622772278227922802281228222832284228522862287228822892290229122922293229422952296229722982299230023012302230323042305230623072308230923102311231223132314231523162317231823192320232123222323232423252326232723282329233023312332233323342335233623372338233923402341234223432344234523462347234823492350235123522353235423552356235723582359236023612362236323642365236623672368236923702371237223732374237523762377237823792380238123822383238423852386238723882389239023912392239323942395239623972398239924002401240224032404240524062407240824092410241124122413241424152416241724182419242024212422242324242425242624272428242924302431243224332434243524362437243824392440244124422443244424452446244724482449245024512452245324542455245624572458245924602461246224632464246524662467246824692470247124722473247424752476247724782479248024812482248324842485248624872488248924902491249224932494249524962497249824992500250125022503250425052506250725082509251025112512251325142515251625172518251925202521252225232524252525262527252825292530253125322533253425352536253725382539254025412542254325442545254625472548254925502551255225532554255525562557255825592560256125622563256425652566256725682569257025712572257325742575257625772578257925802581258225832584258525862587258825892590259125922593259425952596259725982599260026012602260326042605260626072608260926102611261226132614261526162617261826192620262126222623262426252626262726282629263026312632263326342635263626372638263926402641264226432644264526462647264826492650265126522653265426552656265726582659266026612662266326642665266626672668266926702671267226732674267526762677267826792680268126822683268426852686268726882689269026912692269326942695269626972698269927002701270227032704270527062707270827092710271127122713271427152716271727182719272027212722272327242725272627272728272927302731273227332734273527362737273827392740274127422743274427452746274727482749275027512752275327542755275627572758275927602761276227632764276527662767276827692770277127722773277427752776277727782779278027812782278327842785278627872788278927902791279227932794279527962797279827992800280128022803280428052806280728082809281028112812281328142815281628172818281928202821282228232824282528262827282828292830283128322833283428352836283728382839284028412842284328442845284628472848284928502851285228532854285528562857285828592860286128622863286428652866286728682869287028712872287328742875287628772878287928802881288228832884288528862887288828892890289128922893289428952896289728982899290029012902290329042905290629072908290929102911291229132914291529162917291829192920292129222923292429252926292729282929293029312932293329342935293629372938293929402941294229432944294529462947294829492950295129522953295429552956295729582959296029612962296329642965296629672968296929702971297229732974297529762977297829792980298129822983298429852986298729882989299029912992299329942995299629972998299930003001300230033004300530063007300830093010301130123013301430153016301730183019302030213022302330243025302630273028302930303031303230333034303530363037303830393040304130423043304430453046304730483049305030513052305330543055305630573058305930603061306230633064306530663067306830693070307130723073307430753076307730783079308030813082308330843085308630873088308930903091309230933094309530963097309830993100310131023103310431053106310731083109311031113112311331143115311631173118311931203121312231233124312531263127312831293130313131323133313431353136313731383139314031413142314331443145314631473148314931503151315231533154315531563157315831593160316131623163316431653166316731683169317031713172317331743175317631773178317931803181318231833184318531863187318831893190319131923193319431953196319731983199320032013202320332043205320632073208320932103211321232133214321532163217321832193220322132223223322432253226322732283229323032313232323332343235323632373238323932403241324232433244324532463247324832493250325132523253325432553256325732583259326032613262326332643265326632673268326932703271327232733274327532763277327832793280328132823283328432853286328732883289329032913292329332943295329632973298329933003301330233033304330533063307330833093310331133123313331433153316331733183319332033213322332333243325332633273328332933303331333233333334333533363337333833393340334133423343334433453346334733483349335033513352335333543355335633573358335933603361336233633364336533663367336833693370337133723373337433753376337733783379338033813382338333843385338633873388338933903391339233933394339533963397339833993400340134023403340434053406340734083409341034113412341334143415341634173418341934203421342234233424342534263427342834293430343134323433343434353436343734383439344034413442344334443445344634473448344934503451345234533454345534563457345834593460346134623463346434653466346734683469347034713472347334743475347634773478347934803481348234833484348534863487348834893490349134923493349434953496349734983499350035013502350335043505350635073508350935103511351235133514351535163517351835193520352135223523352435253526352735283529353035313532353335343535353635373538353935403541354235433544354535463547354835493550355135523553355435553556355735583559356035613562356335643565356635673568356935703571357235733574357535763577357835793580358135823583358435853586358735883589359035913592359335943595359635973598359936003601360236033604360536063607360836093610361136123613361436153616361736183619362036213622362336243625362636273628362936303631363236333634363536363637363836393640364136423643364436453646364736483649365036513652365336543655365636573658365936603661366236633664366536663667366836693670367136723673367436753676367736783679368036813682368336843685368636873688368936903691369236933694369536963697369836993700370137023703370437053706370737083709371037113712371337143715371637173718371937203721372237233724372537263727372837293730373137323733373437353736373737383739374037413742374337443745374637473748374937503751375237533754375537563757375837593760376137623763376437653766376737683769377037713772377337743775377637773778377937803781378237833784378537863787378837893790379137923793379437953796379737983799380038013802380338043805380638073808380938103811381238133814381538163817381838193820382138223823382438253826382738283829383038313832383338343835383638373838383938403841384238433844384538463847384838493850385138523853385438553856385738583859386038613862386338643865386638673868386938703871387238733874387538763877387838793880388138823883388438853886388738883889389038913892389338943895389638973898389939003901390239033904390539063907390839093910391139123913391439153916391739183919392039213922392339243925392639273928392939303931393239333934393539363937393839393940394139423943394439453946394739483949395039513952395339543955395639573958395939603961396239633964396539663967396839693970397139723973397439753976397739783979398039813982398339843985398639873988398939903991399239933994399539963997399839994000400140024003400440054006400740084009401040114012401340144015401640174018401940204021402240234024402540264027402840294030403140324033403440354036403740384039404040414042404340444045404640474048404940504051405240534054405540564057405840594060406140624063406440654066406740684069407040714072407340744075407640774078407940804081408240834084408540864087408840894090409140924093409440954096409740984099410041014102410341044105410641074108410941104111411241134114411541164117411841194120412141224123412441254126412741284129413041314132413341344135413641374138413941404141414241434144414541464147414841494150415141524153415441554156415741584159416041614162416341644165416641674168416941704171417241734174417541764177417841794180418141824183418441854186418741884189419041914192419341944195419641974198419942004201420242034204420542064207420842094210421142124213421442154216421742184219422042214222422342244225422642274228422942304231423242334234423542364237423842394240424142424243424442454246424742484249425042514252425342544255425642574258425942604261426242634264426542664267426842694270427142724273427442754276427742784279428042814282428342844285428642874288428942904291429242934294429542964297429842994300430143024303430443054306430743084309431043114312431343144315431643174318431943204321432243234324432543264327432843294330433143324333433443354336433743384339434043414342434343444345434643474348434943504351435243534354435543564357435843594360436143624363436443654366436743684369437043714372437343744375437643774378437943804381438243834384438543864387438843894390439143924393439443954396439743984399440044014402440344044405440644074408440944104411441244134414441544164417441844194420442144224423442444254426442744284429443044314432443344344435443644374438443944404441444244434444444544464447444844494450445144524453445444554456445744584459446044614462446344644465446644674468446944704471447244734474447544764477447844794480448144824483448444854486448744884489449044914492449344944495449644974498449945004501450245034504450545064507450845094510451145124513451445154516451745184519452045214522452345244525452645274528452945304531453245334534453545364537453845394540454145424543454445454546454745484549455045514552455345544555455645574558455945604561456245634564456545664567456845694570457145724573457445754576457745784579458045814582458345844585458645874588458945904591459245934594459545964597459845994600460146024603460446054606460746084609461046114612461346144615461646174618461946204621462246234624462546264627462846294630463146324633463446354636463746384639464046414642464346444645464646474648464946504651465246534654465546564657465846594660466146624663466446654666466746684669467046714672467346744675467646774678467946804681468246834684468546864687468846894690469146924693469446954696469746984699470047014702470347044705470647074708470947104711471247134714471547164717471847194720472147224723472447254726472747284729473047314732473347344735473647374738473947404741474247434744474547464747474847494750475147524753475447554756475747584759476047614762476347644765476647674768476947704771477247734774477547764777477847794780478147824783478447854786478747884789479047914792479347944795479647974798479948004801480248034804480548064807480848094810481148124813481448154816481748184819482048214822482348244825482648274828482948304831483248334834483548364837483848394840484148424843484448454846484748484849485048514852485348544855485648574858485948604861486248634864486548664867486848694870487148724873487448754876487748784879488048814882488348844885488648874888488948904891489248934894489548964897489848994900490149024903490449054906490749084909491049114912491349144915491649174918491949204921492249234924492549264927492849294930493149324933493449354936493749384939494049414942494349444945494649474948494949504951495249534954495549564957495849594960496149624963496449654966496749684969497049714972497349744975497649774978497949804981498249834984498549864987498849894990499149924993499449954996499749984999500050015002500350045005500650075008500950105011501250135014501550165017501850195020502150225023502450255026502750285029503050315032503350345035503650375038503950405041504250435044504550465047504850495050505150525053505450555056505750585059506050615062506350645065506650675068506950705071507250735074507550765077507850795080508150825083508450855086508750885089509050915092509350945095509650975098509951005101510251035104510551065107510851095110511151125113511451155116511751185119512051215122512351245125512651275128512951305131513251335134513551365137513851395140514151425143514451455146514751485149515051515152515351545155515651575158515951605161516251635164516551665167516851695170517151725173517451755176517751785179518051815182518351845185518651875188518951905191519251935194519551965197519851995200520152025203520452055206520752085209521052115212521352145215521652175218521952205221522252235224522552265227522852295230523152325233523452355236523752385239524052415242524352445245524652475248524952505251525252535254525552565257525852595260526152625263526452655266526752685269527052715272527352745275527652775278527952805281528252835284528552865287528852895290529152925293529452955296529752985299530053015302530353045305530653075308530953105311531253135314531553165317531853195320532153225323532453255326532753285329533053315332533353345335533653375338533953405341534253435344534553465347534853495350535153525353535453555356535753585359536053615362536353645365536653675368536953705371537253735374537553765377537853795380538153825383538453855386538753885389539053915392539353945395539653975398539954005401540254035404540554065407540854095410541154125413541454155416541754185419542054215422542354245425542654275428542954305431543254335434543554365437543854395440544154425443544454455446544754485449545054515452545354545455545654575458545954605461546254635464546554665467546854695470547154725473547454755476547754785479548054815482548354845485548654875488548954905491549254935494549554965497549854995500550155025503550455055506550755085509551055115512551355145515551655175518551955205521552255235524552555265527552855295530553155325533553455355536553755385539554055415542554355445545554655475548554955505551555255535554555555565557555855595560556155625563556455655566556755685569557055715572557355745575557655775578557955805581558255835584558555865587558855895590559155925593559455955596559755985599560056015602560356045605560656075608560956105611561256135614561556165617561856195620562156225623562456255626562756285629563056315632563356345635563656375638563956405641564256435644564556465647564856495650565156525653565456555656565756585659566056615662566356645665566656675668566956705671567256735674567556765677567856795680568156825683568456855686568756885689569056915692569356945695569656975698569957005701570257035704570557065707570857095710571157125713571457155716571757185719572057215722572357245725572657275728572957305731573257335734573557365737573857395740574157425743574457455746574757485749575057515752575357545755575657575758575957605761576257635764576557665767576857695770577157725773577457755776577757785779578057815782578357845785578657875788578957905791579257935794579557965797579857995800580158025803580458055806580758085809581058115812581358145815581658175818581958205821582258235824582558265827582858295830583158325833583458355836583758385839584058415842584358445845584658475848584958505851585258535854585558565857585858595860586158625863586458655866586758685869587058715872587358745875587658775878587958805881588258835884588558865887588858895890589158925893589458955896589758985899590059015902590359045905590659075908590959105911591259135914591559165917591859195920592159225923592459255926592759285929593059315932593359345935593659375938593959405941594259435944594559465947594859495950595159525953595459555956595759585959596059615962596359645965596659675968596959705971597259735974597559765977597859795980598159825983598459855986598759885989599059915992599359945995599659975998599960006001600260036004600560066007600860096010601160126013601460156016601760186019602060216022602360246025602660276028602960306031603260336034603560366037603860396040604160426043604460456046604760486049605060516052605360546055605660576058605960606061606260636064606560666067606860696070607160726073607460756076607760786079608060816082608360846085608660876088608960906091609260936094609560966097609860996100610161026103610461056106610761086109611061116112611361146115611661176118611961206121612261236124612561266127612861296130613161326133613461356136613761386139614061416142614361446145614661476148614961506151615261536154615561566157615861596160616161626163616461656166616761686169617061716172617361746175617661776178617961806181618261836184618561866187618861896190619161926193619461956196619761986199620062016202620362046205620662076208620962106211621262136214621562166217621862196220622162226223622462256226622762286229623062316232623362346235623662376238623962406241624262436244624562466247624862496250625162526253625462556256625762586259626062616262626362646265626662676268626962706271627262736274627562766277627862796280628162826283628462856286628762886289629062916292629362946295629662976298629963006301630263036304630563066307630863096310631163126313631463156316631763186319632063216322632363246325632663276328632963306331633263336334633563366337633863396340634163426343634463456346634763486349635063516352635363546355635663576358635963606361636263636364636563666367636863696370637163726373637463756376637763786379638063816382638363846385638663876388638963906391639263936394639563966397639863996400640164026403640464056406640764086409641064116412641364146415641664176418641964206421642264236424642564266427642864296430643164326433643464356436643764386439644064416442644364446445644664476448644964506451645264536454645564566457645864596460646164626463646464656466646764686469647064716472647364746475647664776478647964806481648264836484648564866487648864896490649164926493649464956496649764986499650065016502650365046505650665076508650965106511651265136514651565166517651865196520652165226523652465256526652765286529653065316532653365346535653665376538653965406541654265436544654565466547654865496550655165526553655465556556655765586559656065616562656365646565656665676568656965706571657265736574657565766577657865796580658165826583658465856586658765886589659065916592659365946595659665976598659966006601660266036604660566066607660866096610661166126613661466156616661766186619662066216622662366246625662666276628662966306631663266336634663566366637663866396640664166426643664466456646664766486649665066516652665366546655665666576658665966606661666266636664666566666667666866696670667166726673667466756676667766786679668066816682668366846685668666876688668966906691669266936694669566966697669866996700670167026703670467056706670767086709671067116712671367146715671667176718671967206721672267236724672567266727672867296730673167326733673467356736673767386739674067416742674367446745674667476748674967506751675267536754675567566757675867596760676167626763676467656766676767686769677067716772677367746775677667776778677967806781678267836784678567866787678867896790679167926793679467956796679767986799680068016802680368046805680668076808680968106811681268136814681568166817681868196820682168226823682468256826682768286829683068316832683368346835683668376838683968406841684268436844684568466847684868496850685168526853685468556856685768586859686068616862686368646865686668676868686968706871687268736874687568766877687868796880688168826883688468856886688768886889689068916892689368946895689668976898689969006901690269036904690569066907690869096910691169126913691469156916691769186919692069216922692369246925692669276928692969306931693269336934693569366937693869396940694169426943694469456946694769486949695069516952695369546955695669576958695969606961696269636964696569666967696869696970697169726973697469756976697769786979698069816982698369846985698669876988698969906991699269936994699569966997699869997000700170027003700470057006700770087009701070117012701370147015701670177018701970207021702270237024702570267027702870297030703170327033703470357036703770387039704070417042704370447045704670477048704970507051705270537054705570567057705870597060706170627063706470657066706770687069707070717072707370747075707670777078707970807081708270837084708570867087708870897090709170927093709470957096709770987099710071017102710371047105710671077108710971107111711271137114711571167117711871197120712171227123712471257126712771287129713071317132713371347135713671377138713971407141714271437144714571467147714871497150715171527153715471557156715771587159716071617162716371647165716671677168716971707171717271737174717571767177717871797180718171827183718471857186718771887189719071917192719371947195719671977198719972007201720272037204720572067207720872097210721172127213721472157216721772187219722072217222722372247225722672277228722972307231723272337234723572367237723872397240724172427243724472457246724772487249725072517252725372547255725672577258725972607261726272637264726572667267726872697270727172727273727472757276727772787279728072817282728372847285728672877288728972907291729272937294729572967297729872997300730173027303730473057306730773087309731073117312731373147315731673177318731973207321732273237324732573267327732873297330733173327333733473357336733773387339734073417342734373447345734673477348734973507351735273537354735573567357735873597360736173627363736473657366736773687369737073717372737373747375737673777378737973807381738273837384738573867387738873897390739173927393739473957396739773987399740074017402740374047405740674077408740974107411741274137414741574167417741874197420742174227423742474257426742774287429743074317432743374347435743674377438743974407441744274437444744574467447744874497450745174527453745474557456745774587459746074617462746374647465746674677468746974707471747274737474747574767477747874797480748174827483748474857486748774887489749074917492749374947495749674977498749975007501750275037504750575067507750875097510751175127513751475157516751775187519752075217522752375247525752675277528752975307531753275337534753575367537753875397540754175427543754475457546754775487549755075517552755375547555755675577558755975607561756275637564756575667567756875697570757175727573757475757576757775787579758075817582758375847585758675877588758975907591759275937594759575967597759875997600760176027603760476057606760776087609761076117612761376147615761676177618761976207621762276237624762576267627762876297630763176327633763476357636763776387639764076417642764376447645764676477648764976507651765276537654765576567657765876597660766176627663766476657666766776687669767076717672767376747675767676777678767976807681768276837684768576867687768876897690769176927693769476957696769776987699770077017702770377047705770677077708770977107711771277137714771577167717771877197720772177227723772477257726772777287729773077317732773377347735773677377738773977407741774277437744774577467747774877497750775177527753775477557756775777587759776077617762776377647765776677677768776977707771777277737774777577767777777877797780778177827783778477857786778777887789779077917792779377947795779677977798779978007801780278037804780578067807780878097810781178127813781478157816781778187819782078217822782378247825782678277828782978307831783278337834783578367837783878397840784178427843784478457846784778487849785078517852785378547855785678577858785978607861786278637864786578667867786878697870787178727873787478757876787778787879788078817882788378847885788678877888788978907891789278937894789578967897789878997900790179027903790479057906790779087909791079117912791379147915791679177918791979207921792279237924792579267927792879297930793179327933793479357936793779387939794079417942794379447945794679477948794979507951795279537954795579567957795879597960796179627963796479657966796779687969797079717972797379747975797679777978797979807981798279837984798579867987798879897990799179927993799479957996799779987999800080018002800380048005800680078008800980108011801280138014801580168017801880198020802180228023802480258026802780288029803080318032803380348035803680378038803980408041804280438044804580468047804880498050805180528053805480558056805780588059806080618062806380648065806680678068806980708071807280738074807580768077807880798080808180828083808480858086808780888089809080918092809380948095809680978098809981008101810281038104810581068107810881098110811181128113811481158116811781188119812081218122812381248125812681278128812981308131813281338134813581368137813881398140814181428143814481458146814781488149815081518152815381548155815681578158815981608161816281638164816581668167816881698170817181728173817481758176817781788179818081818182818381848185818681878188818981908191819281938194819581968197819881998200820182028203820482058206820782088209821082118212821382148215821682178218821982208221822282238224822582268227822882298230823182328233823482358236823782388239824082418242824382448245824682478248824982508251825282538254825582568257825882598260826182628263826482658266826782688269827082718272827382748275827682778278827982808281828282838284828582868287828882898290829182928293829482958296829782988299830083018302830383048305830683078308830983108311831283138314831583168317831883198320832183228323832483258326832783288329833083318332833383348335833683378338833983408341834283438344834583468347834883498350835183528353835483558356835783588359836083618362836383648365836683678368836983708371837283738374837583768377837883798380838183828383838483858386838783888389839083918392839383948395839683978398839984008401840284038404840584068407840884098410841184128413841484158416841784188419842084218422842384248425842684278428842984308431843284338434843584368437843884398440844184428443844484458446844784488449845084518452845384548455845684578458845984608461846284638464846584668467846884698470847184728473847484758476847784788479848084818482848384848485848684878488848984908491849284938494849584968497849884998500850185028503850485058506850785088509851085118512851385148515851685178518851985208521852285238524852585268527852885298530853185328533853485358536853785388539854085418542854385448545854685478548854985508551855285538554855585568557855885598560856185628563856485658566856785688569857085718572857385748575857685778578857985808581858285838584858585868587858885898590859185928593859485958596859785988599860086018602860386048605860686078608860986108611861286138614861586168617861886198620862186228623862486258626862786288629863086318632863386348635863686378638863986408641864286438644864586468647864886498650865186528653865486558656865786588659866086618662866386648665866686678668866986708671867286738674867586768677867886798680868186828683868486858686868786888689869086918692869386948695869686978698869987008701870287038704870587068707870887098710871187128713871487158716871787188719872087218722872387248725872687278728872987308731873287338734873587368737873887398740874187428743874487458746874787488749875087518752875387548755875687578758875987608761876287638764876587668767876887698770877187728773877487758776877787788779878087818782878387848785878687878788878987908791879287938794879587968797879887998800880188028803880488058806880788088809881088118812881388148815881688178818881988208821882288238824882588268827882888298830883188328833883488358836883788388839884088418842884388448845884688478848884988508851885288538854885588568857885888598860886188628863886488658866886788688869887088718872887388748875887688778878887988808881888288838884888588868887888888898890889188928893889488958896889788988899890089018902890389048905890689078908890989108911891289138914891589168917891889198920892189228923892489258926892789288929893089318932893389348935893689378938893989408941894289438944894589468947894889498950895189528953895489558956895789588959896089618962896389648965896689678968896989708971897289738974897589768977897889798980898189828983898489858986898789888989899089918992899389948995899689978998899990009001900290039004900590069007900890099010901190129013901490159016901790189019902090219022902390249025902690279028902990309031903290339034903590369037903890399040904190429043904490459046904790489049905090519052905390549055905690579058905990609061906290639064906590669067906890699070907190729073907490759076907790789079908090819082908390849085908690879088908990909091909290939094909590969097909890999100910191029103910491059106910791089109911091119112911391149115911691179118911991209121912291239124912591269127912891299130913191329133913491359136913791389139914091419142914391449145914691479148914991509151915291539154915591569157915891599160916191629163916491659166916791689169917091719172917391749175917691779178917991809181918291839184918591869187918891899190919191929193919491959196919791989199920092019202920392049205920692079208920992109211921292139214921592169217921892199220922192229223922492259226922792289229923092319232923392349235923692379238923992409241924292439244924592469247924892499250925192529253925492559256925792589259926092619262926392649265926692679268926992709271927292739274927592769277927892799280928192829283928492859286928792889289929092919292929392949295929692979298929993009301930293039304930593069307930893099310931193129313931493159316931793189319932093219322932393249325932693279328932993309331933293339334933593369337933893399340934193429343934493459346934793489349935093519352935393549355935693579358935993609361936293639364936593669367936893699370937193729373937493759376937793789379938093819382938393849385938693879388938993909391939293939394939593969397939893999400940194029403940494059406940794089409941094119412941394149415941694179418941994209421942294239424942594269427942894299430943194329433943494359436943794389439944094419442944394449445944694479448944994509451945294539454945594569457945894599460946194629463946494659466946794689469947094719472947394749475947694779478947994809481948294839484948594869487948894899490949194929493949494959496949794989499950095019502950395049505950695079508950995109511951295139514951595169517951895199520952195229523952495259526952795289529953095319532953395349535953695379538953995409541954295439544954595469547954895499550955195529553955495559556955795589559956095619562956395649565956695679568956995709571957295739574957595769577957895799580958195829583958495859586958795889589959095919592959395949595959695979598959996009601960296039604960596069607960896099610961196129613961496159616961796189619962096219622962396249625962696279628962996309631963296339634963596369637963896399640964196429643964496459646964796489649965096519652965396549655965696579658965996609661966296639664966596669667966896699670967196729673967496759676967796789679968096819682968396849685968696879688968996909691969296939694969596969697969896999700970197029703970497059706970797089709971097119712971397149715971697179718971997209721972297239724972597269727972897299730973197329733973497359736973797389739974097419742974397449745974697479748974997509751975297539754975597569757975897599760976197629763976497659766976797689769977097719772977397749775977697779778977997809781978297839784978597869787978897899790979197929793979497959796979797989799980098019802980398049805980698079808980998109811981298139814981598169817981898199820982198229823982498259826982798289829983098319832983398349835983698379838983998409841984298439844984598469847984898499850985198529853985498559856985798589859986098619862986398649865986698679868986998709871987298739874987598769877987898799880988198829883988498859886988798889889989098919892989398949895989698979898989999009901990299039904990599069907990899099910991199129913991499159916991799189919992099219922992399249925992699279928992999309931993299339934993599369937993899399940994199429943994499459946994799489949995099519952995399549955995699579958995999609961996299639964996599669967996899699970997199729973997499759976997799789979998099819982998399849985998699879988998999909991999299939994999599969997999899991000010001100021000310004100051000610007100081000910010100111001210013100141001510016100171001810019100201002110022100231002410025100261002710028100291003010031100321003310034100351003610037100381003910040100411004210043100441004510046100471004810049100501005110052100531005410055100561005710058100591006010061100621006310064100651006610067100681006910070100711007210073100741007510076100771007810079100801008110082100831008410085100861008710088100891009010091100921009310094100951009610097100981009910100101011010210103101041010510106101071010810109101101011110112101131011410115101161011710118101191012010121101221012310124101251012610127101281012910130101311013210133101341013510136101371013810139101401014110142101431014410145101461014710148101491015010151101521015310154101551015610157101581015910160101611016210163101641016510166101671016810169101701017110172101731017410175101761017710178101791018010181101821018310184101851018610187101881018910190101911019210193101941019510196101971019810199102001020110202102031020410205102061020710208102091021010211102121021310214102151021610217102181021910220102211022210223102241022510226102271022810229102301023110232102331023410235102361023710238102391024010241102421024310244102451024610247102481024910250102511025210253102541025510256102571025810259102601026110262102631026410265102661026710268102691027010271102721027310274102751027610277102781027910280102811028210283102841028510286102871028810289102901029110292102931029410295102961029710298102991030010301103021030310304103051030610307103081030910310103111031210313103141031510316103171031810319103201032110322103231032410325103261032710328103291033010331103321033310334103351033610337103381033910340103411034210343103441034510346103471034810349103501035110352103531035410355103561035710358103591036010361103621036310364103651036610367103681036910370103711037210373103741037510376103771037810379103801038110382103831038410385103861038710388103891039010391103921039310394103951039610397103981039910400104011040210403104041040510406104071040810409104101041110412104131041410415104161041710418104191042010421104221042310424104251042610427104281042910430104311043210433104341043510436104371043810439104401044110442104431044410445104461044710448104491045010451104521045310454104551045610457104581045910460104611046210463104641046510466104671046810469104701047110472104731047410475104761047710478104791048010481104821048310484104851048610487104881048910490104911049210493104941049510496104971049810499105001050110502105031050410505105061050710508105091051010511105121051310514105151051610517105181051910520105211052210523105241052510526105271052810529105301053110532105331053410535105361053710538105391054010541105421054310544105451054610547105481054910550105511055210553105541055510556105571055810559105601056110562105631056410565105661056710568105691057010571105721057310574105751057610577105781057910580105811058210583105841058510586105871058810589105901059110592105931059410595105961059710598105991060010601106021060310604106051060610607106081060910610106111061210613106141061510616106171061810619106201062110622106231062410625106261062710628106291063010631106321063310634106351063610637106381063910640106411064210643106441064510646106471064810649106501065110652106531065410655106561065710658106591066010661106621066310664106651066610667106681066910670106711067210673106741067510676106771067810679106801068110682106831068410685106861068710688106891069010691106921069310694106951069610697106981069910700107011070210703107041070510706107071070810709107101071110712107131071410715107161071710718107191072010721107221072310724107251072610727107281072910730107311073210733107341073510736107371073810739107401074110742107431074410745107461074710748107491075010751107521075310754107551075610757107581075910760107611076210763107641076510766107671076810769107701077110772107731077410775107761077710778107791078010781107821078310784107851078610787107881078910790107911079210793107941079510796107971079810799108001080110802108031080410805108061080710808108091081010811108121081310814108151081610817108181081910820108211082210823108241082510826108271082810829108301083110832108331083410835108361083710838108391084010841108421084310844108451084610847108481084910850108511085210853108541085510856108571085810859108601086110862108631086410865108661086710868108691087010871108721087310874108751087610877108781087910880108811088210883108841088510886108871088810889108901089110892108931089410895108961089710898108991090010901109021090310904109051090610907109081090910910109111091210913109141091510916109171091810919109201092110922109231092410925109261092710928109291093010931109321093310934109351093610937109381093910940109411094210943109441094510946109471094810949109501095110952109531095410955109561095710958109591096010961109621096310964109651096610967109681096910970109711097210973109741097510976109771097810979109801098110982109831098410985109861098710988109891099010991109921099310994109951099610997109981099911000110011100211003110041100511006110071100811009110101101111012110131101411015110161101711018110191102011021110221102311024110251102611027110281102911030110311103211033110341103511036110371103811039110401104111042110431104411045110461104711048110491105011051110521105311054110551105611057110581105911060110611106211063110641106511066110671106811069110701107111072110731107411075110761107711078110791108011081110821108311084110851108611087110881108911090110911109211093110941109511096110971109811099111001110111102111031110411105111061110711108111091111011111111121111311114111151111611117111181111911120111211112211123111241112511126111271112811129111301113111132111331113411135111361113711138111391114011141111421114311144111451114611147111481114911150111511115211153111541115511156111571115811159111601116111162111631116411165111661116711168111691117011171111721117311174111751117611177111781117911180111811118211183111841118511186111871118811189111901119111192111931119411195111961119711198111991120011201112021120311204112051120611207112081120911210112111121211213112141121511216112171121811219112201122111222112231122411225112261122711228112291123011231112321123311234112351123611237112381123911240112411124211243112441124511246112471124811249112501125111252112531125411255112561125711258112591126011261112621126311264112651126611267112681126911270112711127211273112741127511276112771127811279112801128111282112831128411285112861128711288112891129011291112921129311294112951129611297112981129911300113011130211303113041130511306113071130811309113101131111312113131131411315113161131711318113191132011321113221132311324113251132611327113281132911330113311133211333113341133511336113371133811339113401134111342113431134411345113461134711348113491135011351113521135311354113551135611357113581135911360113611136211363113641136511366113671136811369113701137111372113731137411375113761137711378113791138011381113821138311384113851138611387113881138911390113911139211393113941139511396113971139811399114001140111402114031140411405114061140711408114091141011411114121141311414114151141611417114181141911420114211142211423114241142511426114271142811429114301143111432114331143411435114361143711438114391144011441114421144311444114451144611447114481144911450114511145211453114541145511456114571145811459114601146111462114631146411465114661146711468114691147011471114721147311474114751147611477114781147911480114811148211483114841148511486114871148811489114901149111492114931149411495114961149711498114991150011501115021150311504115051150611507115081150911510115111151211513115141151511516115171151811519115201152111522115231152411525115261152711528115291153011531115321153311534115351153611537115381153911540115411154211543115441154511546115471154811549115501155111552115531155411555115561155711558115591156011561115621156311564115651156611567115681156911570115711157211573115741157511576115771157811579115801158111582115831158411585115861158711588115891159011591115921159311594115951159611597115981159911600116011160211603116041160511606116071160811609116101161111612116131161411615116161161711618116191162011621116221162311624116251162611627116281162911630116311163211633116341163511636116371163811639116401164111642116431164411645116461164711648116491165011651116521165311654116551165611657116581165911660116611166211663116641166511666116671166811669116701167111672116731167411675116761167711678116791168011681116821168311684116851168611687116881168911690116911169211693116941169511696116971169811699117001170111702117031170411705117061170711708117091171011711117121171311714117151171611717117181171911720117211172211723117241172511726117271172811729117301173111732117331173411735117361173711738117391174011741117421174311744117451174611747117481174911750117511175211753117541175511756117571175811759117601176111762117631176411765117661176711768117691177011771117721177311774117751177611777117781177911780117811178211783117841178511786117871178811789117901179111792117931179411795117961179711798117991180011801118021180311804118051180611807118081180911810118111181211813118141181511816118171181811819118201182111822118231182411825118261182711828118291183011831118321183311834118351183611837118381183911840118411184211843118441184511846118471184811849118501185111852118531185411855118561185711858118591186011861118621186311864118651186611867118681186911870118711187211873118741187511876118771187811879118801188111882118831188411885118861188711888118891189011891118921189311894118951189611897118981189911900119011190211903119041190511906119071190811909119101191111912119131191411915119161191711918119191192011921119221192311924119251192611927119281192911930119311193211933119341193511936119371193811939119401194111942119431194411945119461194711948119491195011951119521195311954119551195611957119581195911960119611196211963119641196511966119671196811969119701197111972119731197411975119761197711978119791198011981119821198311984119851198611987119881198911990119911199211993119941199511996119971199811999120001200112002120031200412005120061200712008120091201012011120121201312014120151201612017120181201912020120211202212023120241202512026120271202812029120301203112032120331203412035120361203712038120391204012041120421204312044120451204612047120481204912050120511205212053120541205512056120571205812059120601206112062120631206412065120661206712068120691207012071120721207312074120751207612077120781207912080120811208212083120841208512086120871208812089120901209112092120931209412095120961209712098120991210012101121021210312104121051210612107121081210912110121111211212113121141211512116121171211812119121201212112122121231212412125121261212712128121291213012131121321213312134121351213612137121381213912140121411214212143121441214512146121471214812149121501215112152121531215412155121561215712158121591216012161121621216312164121651216612167121681216912170121711217212173121741217512176121771217812179121801218112182121831218412185121861218712188121891219012191121921219312194121951219612197121981219912200122011220212203122041220512206122071220812209122101221112212122131221412215122161221712218122191222012221122221222312224122251222612227122281222912230122311223212233122341223512236122371223812239122401224112242122431224412245122461224712248122491225012251122521225312254122551225612257122581225912260122611226212263122641226512266122671226812269122701227112272122731227412275122761227712278122791228012281122821228312284122851228612287122881228912290122911229212293122941229512296122971229812299123001230112302123031230412305123061230712308123091231012311123121231312314123151231612317123181231912320123211232212323123241232512326123271232812329123301233112332123331233412335123361233712338123391234012341123421234312344123451234612347123481234912350123511235212353123541235512356123571235812359123601236112362123631236412365123661236712368123691237012371123721237312374123751237612377123781237912380123811238212383123841238512386123871238812389123901239112392123931239412395123961239712398123991240012401124021240312404124051240612407124081240912410124111241212413124141241512416124171241812419124201242112422124231242412425124261242712428124291243012431124321243312434124351243612437124381243912440124411244212443124441244512446124471244812449124501245112452124531245412455124561245712458124591246012461124621246312464124651246612467124681246912470124711247212473124741247512476124771247812479124801248112482124831248412485124861248712488124891249012491124921249312494124951249612497124981249912500125011250212503125041250512506125071250812509125101251112512125131251412515125161251712518125191252012521125221252312524125251252612527125281252912530125311253212533125341253512536125371253812539125401254112542125431254412545125461254712548125491255012551125521255312554125551255612557125581255912560125611256212563125641256512566125671256812569125701257112572125731257412575125761257712578125791258012581125821258312584125851258612587125881258912590125911259212593125941259512596125971259812599126001260112602126031260412605126061260712608126091261012611126121261312614126151261612617126181261912620126211262212623126241262512626126271262812629126301263112632126331263412635126361263712638126391264012641126421264312644126451264612647126481264912650126511265212653126541265512656126571265812659126601266112662126631266412665126661266712668126691267012671126721267312674126751267612677126781267912680126811268212683126841268512686126871268812689126901269112692126931269412695126961269712698126991270012701127021270312704127051270612707127081270912710127111271212713127141271512716127171271812719127201272112722127231272412725127261272712728127291273012731127321273312734127351273612737127381273912740127411274212743127441274512746127471274812749127501275112752127531275412755127561275712758127591276012761127621276312764127651276612767127681276912770127711277212773127741277512776127771277812779127801278112782127831278412785127861278712788127891279012791127921279312794127951279612797127981279912800128011280212803128041280512806128071280812809128101281112812128131281412815128161281712818128191282012821128221282312824128251282612827128281282912830128311283212833128341283512836128371283812839128401284112842128431284412845128461284712848128491285012851128521285312854128551285612857128581285912860128611286212863128641286512866128671286812869128701287112872128731287412875128761287712878128791288012881128821288312884128851288612887128881288912890128911289212893128941289512896128971289812899129001290112902129031290412905129061290712908129091291012911129121291312914129151291612917129181291912920129211292212923129241292512926129271292812929129301293112932129331293412935129361293712938129391294012941129421294312944129451294612947129481294912950129511295212953129541295512956129571295812959129601296112962129631296412965129661296712968129691297012971129721297312974129751297612977129781297912980129811298212983129841298512986129871298812989129901299112992129931299412995129961299712998129991300013001130021300313004130051300613007130081300913010130111301213013130141301513016130171301813019130201302113022130231302413025130261302713028130291303013031130321303313034130351303613037130381303913040130411304213043130441304513046130471304813049130501305113052130531305413055130561305713058130591306013061130621306313064130651306613067130681306913070130711307213073130741307513076130771307813079130801308113082130831308413085130861308713088130891309013091130921309313094130951309613097130981309913100131011310213103131041310513106131071310813109131101311113112131131311413115131161311713118131191312013121131221312313124131251312613127131281312913130131311313213133131341313513136131371313813139131401314113142131431314413145131461314713148131491315013151131521315313154131551315613157131581315913160131611316213163131641316513166131671316813169131701317113172131731317413175131761317713178131791318013181131821318313184131851318613187131881318913190131911319213193131941319513196131971319813199132001320113202132031320413205132061320713208132091321013211132121321313214132151321613217132181321913220132211322213223132241322513226132271322813229132301323113232132331323413235132361323713238132391324013241132421324313244132451324613247132481324913250132511325213253132541325513256132571325813259132601326113262132631326413265132661326713268132691327013271132721327313274132751327613277132781327913280132811328213283132841328513286132871328813289132901329113292132931329413295132961329713298132991330013301133021330313304133051330613307133081330913310133111331213313133141331513316133171331813319133201332113322133231332413325133261332713328133291333013331133321333313334133351333613337133381333913340133411334213343133441334513346133471334813349133501335113352133531335413355133561335713358133591336013361133621336313364133651336613367133681336913370133711337213373133741337513376133771337813379133801338113382133831338413385133861338713388133891339013391133921339313394133951339613397133981339913400134011340213403134041340513406134071340813409134101341113412134131341413415134161341713418134191342013421134221342313424134251342613427134281342913430134311343213433134341343513436134371343813439134401344113442134431344413445134461344713448134491345013451134521345313454134551345613457134581345913460134611346213463134641346513466134671346813469134701347113472134731347413475134761347713478134791348013481134821348313484134851348613487134881348913490134911349213493134941349513496134971349813499135001350113502135031350413505135061350713508135091351013511135121351313514135151351613517135181351913520135211352213523135241352513526135271352813529135301353113532135331353413535135361353713538135391354013541135421354313544135451354613547135481354913550135511355213553135541355513556135571355813559135601356113562135631356413565135661356713568135691357013571135721357313574135751357613577135781357913580135811358213583135841358513586135871358813589135901359113592135931359413595135961359713598135991360013601136021360313604136051360613607136081360913610136111361213613136141361513616136171361813619136201362113622136231362413625136261362713628136291363013631136321363313634136351363613637136381363913640136411364213643136441364513646136471364813649136501365113652136531365413655136561365713658136591366013661136621366313664136651366613667136681366913670136711367213673136741367513676136771367813679136801368113682136831368413685136861368713688136891369013691136921369313694136951369613697136981369913700137011370213703137041370513706137071370813709137101371113712137131371413715137161371713718137191372013721137221372313724137251372613727137281372913730137311373213733137341373513736137371373813739137401374113742137431374413745137461374713748137491375013751137521375313754137551375613757137581375913760137611376213763137641376513766137671376813769137701377113772137731377413775137761377713778137791378013781137821378313784137851378613787137881378913790137911379213793137941379513796137971379813799138001380113802138031380413805138061380713808138091381013811138121381313814138151381613817138181381913820138211382213823138241382513826138271382813829138301383113832138331383413835138361383713838138391384013841138421384313844138451384613847138481384913850138511385213853138541385513856138571385813859138601386113862138631386413865138661386713868138691387013871138721387313874138751387613877138781387913880138811388213883138841388513886138871388813889138901389113892138931389413895138961389713898138991390013901139021390313904139051390613907139081390913910139111391213913139141391513916139171391813919139201392113922139231392413925139261392713928139291393013931139321393313934139351393613937139381393913940139411394213943139441394513946139471394813949139501395113952139531395413955139561395713958139591396013961139621396313964139651396613967139681396913970139711397213973139741397513976139771397813979139801398113982139831398413985139861398713988139891399013991139921399313994139951399613997139981399914000140011400214003140041400514006140071400814009140101401114012140131401414015140161401714018140191402014021140221402314024140251402614027140281402914030140311403214033140341403514036140371403814039140401404114042140431404414045140461404714048140491405014051140521405314054140551405614057140581405914060140611406214063140641406514066140671406814069140701407114072140731407414075140761407714078140791408014081140821408314084140851408614087140881408914090140911409214093140941409514096140971409814099141001410114102141031410414105141061410714108141091411014111141121411314114141151411614117141181411914120141211412214123141241412514126141271412814129141301413114132141331413414135141361413714138141391414014141141421414314144141451414614147141481414914150141511415214153141541415514156141571415814159141601416114162141631416414165141661416714168141691417014171141721417314174141751417614177141781417914180141811418214183141841418514186141871418814189141901419114192141931419414195141961419714198141991420014201142021420314204142051420614207142081420914210142111421214213142141421514216142171421814219142201422114222142231422414225142261422714228142291423014231142321423314234142351423614237142381423914240142411424214243142441424514246142471424814249142501425114252142531425414255142561425714258142591426014261142621426314264142651426614267142681426914270142711427214273142741427514276142771427814279142801428114282142831428414285142861428714288142891429014291142921429314294142951429614297142981429914300143011430214303143041430514306143071430814309143101431114312143131431414315143161431714318143191432014321143221432314324143251432614327143281432914330143311433214333143341433514336143371433814339143401434114342143431434414345143461434714348143491435014351143521435314354143551435614357143581435914360143611436214363143641436514366143671436814369143701437114372143731437414375143761437714378143791438014381143821438314384143851438614387143881438914390143911439214393143941439514396143971439814399144001440114402144031440414405144061440714408144091441014411144121441314414144151441614417144181441914420144211442214423144241442514426144271442814429144301443114432144331443414435144361443714438144391444014441144421444314444144451444614447144481444914450144511445214453144541445514456144571445814459144601446114462144631446414465144661446714468144691447014471144721447314474144751447614477144781447914480144811448214483144841448514486144871448814489144901449114492144931449414495144961449714498144991450014501145021450314504145051450614507145081450914510145111451214513145141451514516145171451814519145201452114522145231452414525145261452714528145291453014531145321453314534145351453614537145381453914540145411454214543145441454514546145471454814549145501455114552145531455414555145561455714558145591456014561145621456314564145651456614567145681456914570145711457214573145741457514576145771457814579145801458114582145831458414585145861458714588145891459014591145921459314594145951459614597145981459914600146011460214603146041460514606146071460814609146101461114612146131461414615146161461714618146191462014621146221462314624146251462614627146281462914630146311463214633146341463514636146371463814639146401464114642146431464414645146461464714648146491465014651146521465314654146551465614657146581465914660146611466214663146641466514666146671466814669146701467114672146731467414675146761467714678146791468014681146821468314684146851468614687146881468914690146911469214693146941469514696146971469814699147001470114702147031470414705147061470714708147091471014711147121471314714147151471614717147181471914720147211472214723147241472514726147271472814729147301473114732147331473414735147361473714738147391474014741147421474314744147451474614747147481474914750147511475214753147541475514756147571475814759147601476114762147631476414765147661476714768147691477014771147721477314774147751477614777147781477914780147811478214783147841478514786147871478814789147901479114792147931479414795147961479714798147991480014801148021480314804148051480614807148081480914810148111481214813148141481514816148171481814819148201482114822148231482414825148261482714828148291483014831148321483314834148351483614837148381483914840148411484214843148441484514846148471484814849148501485114852148531485414855148561485714858148591486014861148621486314864148651486614867148681486914870148711487214873148741487514876148771487814879148801488114882148831488414885148861488714888148891489014891148921489314894148951489614897148981489914900149011490214903149041490514906149071490814909149101491114912149131491414915149161491714918149191492014921149221492314924149251492614927149281492914930149311493214933149341493514936149371493814939149401494114942149431494414945149461494714948149491495014951149521495314954149551495614957149581495914960149611496214963149641496514966149671496814969149701497114972149731497414975149761497714978149791498014981149821498314984149851498614987149881498914990149911499214993149941499514996149971499814999150001500115002150031500415005150061500715008150091501015011150121501315014150151501615017150181501915020150211502215023150241502515026150271502815029150301503115032150331503415035150361503715038150391504015041150421504315044150451504615047150481504915050150511505215053150541505515056150571505815059150601506115062150631506415065150661506715068150691507015071150721507315074150751507615077150781507915080150811508215083150841508515086150871508815089150901509115092150931509415095150961509715098150991510015101151021510315104151051510615107151081510915110151111511215113151141511515116151171511815119151201512115122151231512415125151261512715128151291513015131151321513315134151351513615137151381513915140151411514215143151441514515146151471514815149151501515115152151531515415155151561515715158151591516015161151621516315164151651516615167151681516915170151711517215173151741517515176151771517815179151801518115182151831518415185151861518715188151891519015191151921519315194151951519615197151981519915200152011520215203152041520515206152071520815209152101521115212152131521415215152161521715218152191522015221152221522315224152251522615227152281522915230152311523215233152341523515236152371523815239152401524115242152431524415245152461524715248152491525015251152521525315254152551525615257152581525915260152611526215263152641526515266152671526815269152701527115272152731527415275152761527715278152791528015281152821528315284152851528615287152881528915290152911529215293152941529515296152971529815299153001530115302153031530415305153061530715308153091531015311153121531315314153151531615317153181531915320153211532215323153241532515326153271532815329153301533115332153331533415335153361533715338153391534015341153421534315344153451534615347153481534915350153511535215353153541535515356153571535815359153601536115362153631536415365153661536715368153691537015371153721537315374153751537615377153781537915380153811538215383153841538515386153871538815389153901539115392153931539415395153961539715398153991540015401154021540315404154051540615407154081540915410154111541215413154141541515416154171541815419154201542115422154231542415425154261542715428154291543015431154321543315434154351543615437154381543915440154411544215443154441544515446154471544815449154501545115452154531545415455154561545715458154591546015461154621546315464154651546615467154681546915470154711547215473154741547515476154771547815479154801548115482154831548415485154861548715488154891549015491154921549315494154951549615497154981549915500155011550215503155041550515506155071550815509155101551115512155131551415515155161551715518155191552015521155221552315524155251552615527155281552915530155311553215533155341553515536155371553815539155401554115542155431554415545155461554715548155491555015551155521555315554155551555615557155581555915560155611556215563155641556515566155671556815569155701557115572155731557415575155761557715578155791558015581155821558315584155851558615587155881558915590155911559215593155941559515596155971559815599156001560115602156031560415605156061560715608156091561015611156121561315614156151561615617156181561915620156211562215623156241562515626156271562815629156301563115632156331563415635156361563715638156391564015641156421564315644156451564615647156481564915650156511565215653156541565515656156571565815659156601566115662156631566415665156661566715668156691567015671156721567315674156751567615677156781567915680156811568215683156841568515686156871568815689156901569115692156931569415695156961569715698156991570015701157021570315704157051570615707157081570915710157111571215713157141571515716157171571815719157201572115722157231572415725157261572715728157291573015731157321573315734157351573615737157381573915740157411574215743157441574515746157471574815749157501575115752157531575415755157561575715758157591576015761157621576315764157651576615767157681576915770157711577215773157741577515776157771577815779157801578115782157831578415785157861578715788157891579015791157921579315794157951579615797157981579915800158011580215803158041580515806158071580815809158101581115812158131581415815158161581715818158191582015821158221582315824158251582615827158281582915830158311583215833158341583515836158371583815839158401584115842158431584415845158461584715848158491585015851158521585315854158551585615857158581585915860158611586215863158641586515866158671586815869158701587115872158731587415875158761587715878158791588015881158821588315884158851588615887158881588915890158911589215893158941589515896158971589815899159001590115902159031590415905159061590715908159091591015911159121591315914159151591615917159181591915920159211592215923159241592515926159271592815929159301593115932159331593415935159361593715938159391594015941159421594315944159451594615947159481594915950159511595215953159541595515956159571595815959159601596115962159631596415965159661596715968159691597015971159721597315974159751597615977159781597915980159811598215983159841598515986159871598815989159901599115992159931599415995159961599715998159991600016001160021600316004160051600616007160081600916010160111601216013160141601516016160171601816019160201602116022160231602416025160261602716028160291603016031160321603316034160351603616037160381603916040160411604216043160441604516046160471604816049160501605116052160531605416055160561605716058160591606016061160621606316064160651606616067160681606916070160711607216073160741607516076160771607816079160801608116082160831608416085160861608716088160891609016091160921609316094160951609616097160981609916100161011610216103161041610516106161071610816109161101611116112161131611416115161161611716118161191612016121161221612316124161251612616127161281612916130161311613216133161341613516136161371613816139161401614116142161431614416145161461614716148161491615016151161521615316154161551615616157161581615916160161611616216163161641616516166161671616816169161701617116172161731617416175161761617716178161791618016181161821618316184161851618616187161881618916190161911619216193161941619516196161971619816199162001620116202162031620416205162061620716208162091621016211162121621316214162151621616217162181621916220162211622216223162241622516226162271622816229162301623116232162331623416235162361623716238162391624016241162421624316244162451624616247162481624916250162511625216253162541625516256162571625816259162601626116262162631626416265162661626716268162691627016271162721627316274162751627616277162781627916280162811628216283162841628516286162871628816289162901629116292162931629416295162961629716298162991630016301163021630316304163051630616307163081630916310163111631216313163141631516316163171631816319163201632116322163231632416325163261632716328163291633016331163321633316334163351633616337163381633916340163411634216343163441634516346163471634816349163501635116352163531635416355163561635716358163591636016361163621636316364163651636616367163681636916370163711637216373163741637516376163771637816379163801638116382163831638416385163861638716388163891639016391163921639316394163951639616397163981639916400164011640216403164041640516406164071640816409164101641116412164131641416415164161641716418164191642016421164221642316424164251642616427164281642916430164311643216433164341643516436164371643816439164401644116442164431644416445164461644716448164491645016451164521645316454164551645616457164581645916460164611646216463164641646516466164671646816469164701647116472164731647416475164761647716478164791648016481164821648316484164851648616487164881648916490164911649216493164941649516496164971649816499165001650116502165031650416505165061650716508165091651016511165121651316514165151651616517165181651916520165211652216523165241652516526165271652816529165301653116532165331653416535165361653716538165391654016541165421654316544165451654616547165481654916550165511655216553165541655516556165571655816559165601656116562165631656416565165661656716568165691657016571165721657316574165751657616577165781657916580165811658216583165841658516586165871658816589165901659116592165931659416595165961659716598165991660016601166021660316604166051660616607166081660916610166111661216613166141661516616166171661816619166201662116622166231662416625166261662716628166291663016631166321663316634166351663616637166381663916640166411664216643166441664516646166471664816649166501665116652166531665416655166561665716658166591666016661166621666316664166651666616667166681666916670166711667216673166741667516676166771667816679166801668116682166831668416685166861668716688166891669016691166921669316694166951669616697166981669916700167011670216703167041670516706167071670816709167101671116712167131671416715167161671716718167191672016721167221672316724167251672616727167281672916730167311673216733167341673516736167371673816739167401674116742167431674416745167461674716748167491675016751167521675316754167551675616757167581675916760167611676216763167641676516766167671676816769167701677116772167731677416775167761677716778167791678016781167821678316784167851678616787167881678916790167911679216793167941679516796167971679816799168001680116802168031680416805168061680716808168091681016811168121681316814168151681616817168181681916820168211682216823168241682516826168271682816829168301683116832168331683416835168361683716838168391684016841168421684316844168451684616847168481684916850168511685216853168541685516856168571685816859168601686116862168631686416865168661686716868168691687016871168721687316874168751687616877168781687916880168811688216883168841688516886168871688816889168901689116892168931689416895168961689716898168991690016901169021690316904169051690616907169081690916910169111691216913169141691516916169171691816919169201692116922169231692416925169261692716928169291693016931169321693316934169351693616937169381693916940169411694216943169441694516946169471694816949169501695116952169531695416955169561695716958169591696016961169621696316964169651696616967169681696916970169711697216973169741697516976169771697816979169801698116982169831698416985169861698716988169891699016991169921699316994169951699616997169981699917000170011700217003170041700517006170071700817009170101701117012170131701417015170161701717018170191702017021170221702317024170251702617027170281702917030170311703217033170341703517036170371703817039170401704117042170431704417045170461704717048170491705017051170521705317054170551705617057170581705917060170611706217063170641706517066170671706817069170701707117072170731707417075170761707717078170791708017081170821708317084170851708617087170881708917090170911709217093170941709517096170971709817099171001710117102171031710417105171061710717108171091711017111171121711317114171151711617117171181711917120171211712217123171241712517126171271712817129171301713117132171331713417135171361713717138171391714017141171421714317144171451714617147171481714917150171511715217153171541715517156171571715817159171601716117162171631716417165171661716717168171691717017171171721717317174171751717617177171781717917180171811718217183171841718517186171871718817189171901719117192171931719417195171961719717198171991720017201172021720317204172051720617207172081720917210172111721217213172141721517216172171721817219172201722117222172231722417225172261722717228172291723017231172321723317234172351723617237172381723917240172411724217243172441724517246172471724817249172501725117252172531725417255172561725717258172591726017261172621726317264172651726617267172681726917270172711727217273172741727517276172771727817279172801728117282172831728417285172861728717288172891729017291172921729317294172951729617297172981729917300173011730217303173041730517306173071730817309173101731117312173131731417315173161731717318173191732017321173221732317324173251732617327173281732917330173311733217333173341733517336173371733817339173401734117342173431734417345173461734717348173491735017351173521735317354173551735617357173581735917360173611736217363173641736517366173671736817369173701737117372173731737417375173761737717378173791738017381173821738317384173851738617387173881738917390173911739217393173941739517396173971739817399174001740117402174031740417405174061740717408174091741017411174121741317414174151741617417174181741917420174211742217423174241742517426174271742817429174301743117432174331743417435174361743717438174391744017441174421744317444174451744617447174481744917450174511745217453174541745517456174571745817459174601746117462174631746417465174661746717468174691747017471174721747317474174751747617477174781747917480174811748217483174841748517486174871748817489174901749117492174931749417495174961749717498174991750017501175021750317504175051750617507175081750917510175111751217513175141751517516175171751817519175201752117522175231752417525175261752717528175291753017531175321753317534175351753617537175381753917540175411754217543175441754517546175471754817549175501755117552175531755417555175561755717558175591756017561175621756317564175651756617567175681756917570175711757217573175741757517576175771757817579175801758117582175831758417585175861758717588175891759017591175921759317594175951759617597175981759917600176011760217603176041760517606176071760817609176101761117612176131761417615176161761717618176191762017621176221762317624176251762617627176281762917630176311763217633176341763517636176371763817639176401764117642176431764417645176461764717648176491765017651176521765317654176551765617657176581765917660176611766217663176641766517666176671766817669176701767117672176731767417675176761767717678176791768017681176821768317684176851768617687176881768917690176911769217693176941769517696176971769817699177001770117702177031770417705177061770717708177091771017711177121771317714177151771617717177181771917720177211772217723177241772517726177271772817729177301773117732177331773417735177361773717738177391774017741177421774317744177451774617747177481774917750177511775217753177541775517756177571775817759177601776117762177631776417765177661776717768177691777017771177721777317774177751777617777177781777917780177811778217783177841778517786177871778817789177901779117792177931779417795177961779717798177991780017801178021780317804178051780617807178081780917810178111781217813178141781517816178171781817819178201782117822178231782417825178261782717828178291783017831178321783317834178351783617837178381783917840178411784217843178441784517846178471784817849178501785117852178531785417855178561785717858178591786017861178621786317864178651786617867178681786917870178711787217873178741787517876178771787817879178801788117882178831788417885178861788717888178891789017891178921789317894178951789617897178981789917900179011790217903179041790517906179071790817909179101791117912179131791417915179161791717918179191792017921179221792317924179251792617927179281792917930179311793217933179341793517936179371793817939179401794117942179431794417945179461794717948179491795017951179521795317954179551795617957179581795917960179611796217963179641796517966179671796817969179701797117972179731797417975179761797717978179791798017981179821798317984179851798617987179881798917990179911799217993179941799517996179971799817999180001800118002180031800418005180061800718008180091801018011180121801318014180151801618017180181801918020180211802218023180241802518026180271802818029180301803118032180331803418035180361803718038180391804018041180421804318044180451804618047180481804918050180511805218053180541805518056180571805818059180601806118062180631806418065180661806718068180691807018071180721807318074180751807618077180781807918080180811808218083180841808518086180871808818089180901809118092180931809418095180961809718098180991810018101181021810318104181051810618107181081810918110181111811218113181141811518116181171811818119181201812118122181231812418125181261812718128181291813018131181321813318134181351813618137181381813918140181411814218143181441814518146181471814818149181501815118152181531815418155181561815718158181591816018161181621816318164181651816618167181681816918170181711817218173181741817518176181771817818179181801818118182181831818418185181861818718188181891819018191181921819318194181951819618197181981819918200182011820218203182041820518206182071820818209182101821118212182131821418215182161821718218182191822018221182221822318224182251822618227182281822918230182311823218233182341823518236182371823818239182401824118242182431824418245182461824718248182491825018251182521825318254182551825618257182581825918260182611826218263182641826518266182671826818269182701827118272182731827418275182761827718278182791828018281182821828318284182851828618287182881828918290182911829218293182941829518296182971829818299183001830118302183031830418305183061830718308183091831018311183121831318314183151831618317183181831918320183211832218323183241832518326183271832818329183301833118332183331833418335183361833718338183391834018341183421834318344183451834618347183481834918350183511835218353183541835518356183571835818359183601836118362183631836418365183661836718368183691837018371183721837318374183751837618377183781837918380183811838218383183841838518386183871838818389183901839118392183931839418395183961839718398183991840018401184021840318404184051840618407184081840918410184111841218413184141841518416184171841818419184201842118422184231842418425184261842718428184291843018431184321843318434184351843618437184381843918440184411844218443184441844518446184471844818449184501845118452184531845418455184561845718458184591846018461184621846318464184651846618467184681846918470184711847218473184741847518476184771847818479184801848118482184831848418485184861848718488184891849018491184921849318494184951849618497184981849918500185011850218503185041850518506185071850818509185101851118512185131851418515185161851718518185191852018521185221852318524185251852618527185281852918530185311853218533185341853518536185371853818539185401854118542185431854418545185461854718548185491855018551185521855318554185551855618557185581855918560185611856218563185641856518566185671856818569185701857118572185731857418575185761857718578185791858018581185821858318584185851858618587185881858918590185911859218593185941859518596185971859818599186001860118602186031860418605186061860718608186091861018611186121861318614186151861618617186181861918620186211862218623186241862518626186271862818629186301863118632186331863418635186361863718638186391864018641186421864318644186451864618647186481864918650186511865218653186541865518656186571865818659186601866118662186631866418665186661866718668186691867018671186721867318674186751867618677186781867918680186811868218683186841868518686186871868818689186901869118692186931869418695186961869718698186991870018701187021870318704187051870618707187081870918710187111871218713187141871518716187171871818719187201872118722187231872418725187261872718728187291873018731187321873318734187351873618737187381873918740187411874218743187441874518746187471874818749187501875118752187531875418755187561875718758187591876018761187621876318764187651876618767187681876918770187711877218773187741877518776187771877818779187801878118782187831878418785187861878718788187891879018791187921879318794187951879618797187981879918800188011880218803188041880518806188071880818809188101881118812188131881418815188161881718818188191882018821188221882318824188251882618827188281882918830188311883218833188341883518836188371883818839188401884118842188431884418845188461884718848188491885018851188521885318854188551885618857188581885918860188611886218863188641886518866188671886818869188701887118872188731887418875188761887718878188791888018881188821888318884188851888618887188881888918890188911889218893188941889518896188971889818899189001890118902189031890418905189061890718908189091891018911189121891318914189151891618917189181891918920189211892218923189241892518926189271892818929189301893118932189331893418935189361893718938189391894018941189421894318944189451894618947189481894918950189511895218953189541895518956189571895818959189601896118962189631896418965189661896718968189691897018971189721897318974189751897618977189781897918980189811898218983189841898518986189871898818989189901899118992189931899418995189961899718998189991900019001190021900319004190051900619007190081900919010190111901219013190141901519016190171901819019190201902119022190231902419025190261902719028190291903019031190321903319034190351903619037190381903919040190411904219043190441904519046190471904819049190501905119052190531905419055190561905719058190591906019061190621906319064190651906619067190681906919070190711907219073190741907519076190771907819079190801908119082190831908419085190861908719088190891909019091190921909319094190951909619097190981909919100191011910219103191041910519106191071910819109191101911119112191131911419115191161911719118191191912019121191221912319124191251912619127191281912919130191311913219133191341913519136191371913819139191401914119142191431914419145191461914719148191491915019151191521915319154191551915619157191581915919160191611916219163191641916519166191671916819169191701917119172191731917419175191761917719178191791918019181191821918319184191851918619187191881918919190191911919219193191941919519196191971919819199192001920119202192031920419205192061920719208192091921019211192121921319214192151921619217192181921919220192211922219223192241922519226192271922819229192301923119232192331923419235192361923719238192391924019241192421924319244192451924619247192481924919250192511925219253192541925519256192571925819259192601926119262192631926419265192661926719268192691927019271192721927319274192751927619277192781927919280192811928219283192841928519286192871928819289192901929119292192931929419295192961929719298192991930019301193021930319304193051930619307193081930919310193111931219313193141931519316193171931819319193201932119322193231932419325193261932719328193291933019331193321933319334193351933619337193381933919340193411934219343193441934519346193471934819349193501935119352193531935419355193561935719358193591936019361193621936319364193651936619367193681936919370193711937219373193741937519376193771937819379193801938119382193831938419385193861938719388193891939019391193921939319394193951939619397193981939919400194011940219403194041940519406194071940819409194101941119412194131941419415194161941719418194191942019421194221942319424194251942619427194281942919430194311943219433194341943519436194371943819439194401944119442194431944419445194461944719448194491945019451194521945319454194551945619457194581945919460194611946219463194641946519466194671946819469194701947119472194731947419475194761947719478194791948019481194821948319484194851948619487194881948919490194911949219493194941949519496194971949819499195001950119502195031950419505195061950719508195091951019511195121951319514195151951619517195181951919520195211952219523195241952519526195271952819529195301953119532195331953419535195361953719538195391954019541195421954319544195451954619547195481954919550195511955219553195541955519556195571955819559195601956119562195631956419565195661956719568195691957019571195721957319574195751957619577195781957919580195811958219583195841958519586195871958819589195901959119592195931959419595195961959719598195991960019601196021960319604196051960619607196081960919610196111961219613196141961519616196171961819619196201962119622196231962419625196261962719628196291963019631196321963319634196351963619637196381963919640196411964219643196441964519646196471964819649196501965119652196531965419655196561965719658196591966019661196621966319664196651966619667196681966919670196711967219673196741967519676196771967819679196801968119682196831968419685196861968719688196891969019691196921969319694196951969619697196981969919700197011970219703197041970519706197071970819709197101971119712197131971419715197161971719718197191972019721197221972319724197251972619727197281972919730197311973219733197341973519736197371973819739197401974119742197431974419745197461974719748197491975019751197521975319754197551975619757197581975919760197611976219763197641976519766197671976819769197701977119772197731977419775197761977719778197791978019781197821978319784197851978619787197881978919790197911979219793197941979519796197971979819799198001980119802198031980419805198061980719808198091981019811198121981319814198151981619817198181981919820198211982219823198241982519826198271982819829198301983119832198331983419835198361983719838198391984019841198421984319844198451984619847198481984919850198511985219853198541985519856198571985819859198601986119862198631986419865198661986719868198691987019871198721987319874198751987619877198781987919880198811988219883198841988519886198871988819889198901989119892198931989419895198961989719898198991990019901199021990319904199051990619907199081990919910199111991219913199141991519916199171991819919199201992119922199231992419925199261992719928199291993019931199321993319934199351993619937199381993919940199411994219943199441994519946199471994819949199501995119952199531995419955199561995719958199591996019961199621996319964199651996619967199681996919970199711997219973199741997519976199771997819979199801998119982199831998419985199861998719988199891999019991199921999319994199951999619997199981999920000200012000220003200042000520006200072000820009200102001120012200132001420015200162001720018200192002020021200222002320024200252002620027200282002920030200312003220033200342003520036200372003820039200402004120042200432004420045200462004720048200492005020051200522005320054200552005620057200582005920060200612006220063200642006520066200672006820069200702007120072200732007420075200762007720078200792008020081200822008320084200852008620087200882008920090200912009220093200942009520096200972009820099201002010120102201032010420105201062010720108201092011020111201122011320114201152011620117201182011920120201212012220123201242012520126201272012820129201302013120132201332013420135201362013720138201392014020141201422014320144201452014620147201482014920150201512015220153201542015520156201572015820159201602016120162201632016420165201662016720168201692017020171201722017320174201752017620177201782017920180201812018220183201842018520186201872018820189201902019120192201932019420195201962019720198201992020020201202022020320204202052020620207202082020920210202112021220213202142021520216202172021820219202202022120222202232022420225202262022720228202292023020231202322023320234202352023620237202382023920240202412024220243202442024520246202472024820249202502025120252202532025420255202562025720258202592026020261202622026320264202652026620267202682026920270202712027220273202742027520276202772027820279202802028120282202832028420285202862028720288202892029020291202922029320294202952029620297202982029920300203012030220303203042030520306203072030820309203102031120312203132031420315203162031720318203192032020321203222032320324203252032620327203282032920330203312033220333203342033520336203372033820339203402034120342203432034420345203462034720348203492035020351203522035320354203552035620357203582035920360203612036220363203642036520366203672036820369203702037120372203732037420375203762037720378203792038020381203822038320384203852038620387203882038920390203912039220393203942039520396203972039820399204002040120402204032040420405204062040720408204092041020411204122041320414204152041620417204182041920420204212042220423204242042520426204272042820429204302043120432204332043420435204362043720438204392044020441204422044320444204452044620447204482044920450204512045220453204542045520456204572045820459204602046120462204632046420465204662046720468204692047020471204722047320474204752047620477204782047920480204812048220483204842048520486204872048820489204902049120492204932049420495204962049720498204992050020501205022050320504205052050620507205082050920510205112051220513205142051520516205172051820519205202052120522205232052420525205262052720528205292053020531205322053320534205352053620537205382053920540205412054220543205442054520546205472054820549205502055120552205532055420555205562055720558205592056020561205622056320564205652056620567205682056920570205712057220573205742057520576205772057820579205802058120582205832058420585205862058720588205892059020591205922059320594205952059620597205982059920600206012060220603206042060520606206072060820609206102061120612206132061420615206162061720618206192062020621206222062320624206252062620627206282062920630206312063220633206342063520636206372063820639206402064120642206432064420645206462064720648206492065020651206522065320654206552065620657206582065920660206612066220663206642066520666206672066820669206702067120672206732067420675206762067720678206792068020681206822068320684206852068620687206882068920690206912069220693206942069520696206972069820699207002070120702207032070420705207062070720708207092071020711207122071320714207152071620717207182071920720207212072220723207242072520726207272072820729207302073120732207332073420735207362073720738207392074020741207422074320744207452074620747207482074920750207512075220753207542075520756207572075820759207602076120762207632076420765207662076720768207692077020771207722077320774207752077620777207782077920780207812078220783207842078520786207872078820789207902079120792207932079420795207962079720798207992080020801208022080320804208052080620807208082080920810208112081220813208142081520816208172081820819208202082120822208232082420825208262082720828208292083020831208322083320834208352083620837208382083920840208412084220843208442084520846208472084820849208502085120852208532085420855208562085720858208592086020861208622086320864208652086620867208682086920870208712087220873208742087520876208772087820879208802088120882208832088420885208862088720888208892089020891208922089320894208952089620897208982089920900209012090220903209042090520906209072090820909209102091120912209132091420915209162091720918209192092020921209222092320924209252092620927209282092920930209312093220933209342093520936209372093820939209402094120942209432094420945209462094720948209492095020951209522095320954209552095620957209582095920960209612096220963209642096520966209672096820969209702097120972209732097420975209762097720978209792098020981209822098320984209852098620987209882098920990209912099220993209942099520996209972099820999210002100121002210032100421005210062100721008210092101021011210122101321014210152101621017210182101921020210212102221023210242102521026210272102821029210302103121032210332103421035210362103721038210392104021041210422104321044210452104621047210482104921050210512105221053210542105521056210572105821059210602106121062210632106421065210662106721068210692107021071210722107321074210752107621077210782107921080210812108221083210842108521086210872108821089210902109121092210932109421095210962109721098210992110021101211022110321104211052110621107211082110921110211112111221113211142111521116211172111821119211202112121122211232112421125211262112721128211292113021131211322113321134211352113621137211382113921140211412114221143211442114521146211472114821149211502115121152211532115421155211562115721158211592116021161211622116321164211652116621167211682116921170211712117221173211742117521176211772117821179211802118121182211832118421185211862118721188211892119021191211922119321194211952119621197211982119921200212012120221203212042120521206212072120821209212102121121212212132121421215212162121721218212192122021221212222122321224212252122621227212282122921230212312123221233212342123521236212372123821239212402124121242212432124421245212462124721248212492125021251212522125321254212552125621257212582125921260212612126221263212642126521266212672126821269212702127121272212732127421275212762127721278212792128021281212822128321284212852128621287212882128921290212912129221293212942129521296212972129821299213002130121302213032130421305213062130721308213092131021311213122131321314213152131621317213182131921320213212132221323213242132521326213272132821329213302133121332213332133421335213362133721338213392134021341213422134321344213452134621347213482134921350213512135221353213542135521356213572135821359213602136121362213632136421365213662136721368213692137021371213722137321374213752137621377213782137921380213812138221383213842138521386213872138821389213902139121392213932139421395213962139721398213992140021401214022140321404214052140621407214082140921410214112141221413214142141521416214172141821419214202142121422214232142421425214262142721428214292143021431214322143321434214352143621437214382143921440214412144221443214442144521446214472144821449214502145121452214532145421455214562145721458214592146021461214622146321464214652146621467214682146921470214712147221473214742147521476214772147821479214802148121482214832148421485214862148721488214892149021491214922149321494214952149621497214982149921500215012150221503215042150521506215072150821509215102151121512215132151421515215162151721518215192152021521215222152321524215252152621527215282152921530215312153221533215342153521536215372153821539215402154121542215432154421545215462154721548215492155021551215522155321554215552155621557215582155921560215612156221563215642156521566215672156821569215702157121572215732157421575215762157721578215792158021581215822158321584215852158621587215882158921590215912159221593215942159521596215972159821599216002160121602216032160421605216062160721608216092161021611216122161321614216152161621617216182161921620216212162221623216242162521626216272162821629216302163121632216332163421635216362163721638216392164021641216422164321644216452164621647216482164921650216512165221653216542165521656216572165821659216602166121662216632166421665216662166721668216692167021671216722167321674216752167621677216782167921680216812168221683216842168521686216872168821689216902169121692216932169421695216962169721698216992170021701217022170321704217052170621707217082170921710217112171221713217142171521716217172171821719217202172121722217232172421725217262172721728217292173021731217322173321734217352173621737217382173921740217412174221743217442174521746217472174821749217502175121752217532175421755217562175721758217592176021761217622176321764217652176621767217682176921770217712177221773217742177521776217772177821779217802178121782217832178421785217862178721788217892179021791217922179321794217952179621797217982179921800218012180221803218042180521806218072180821809218102181121812218132181421815218162181721818218192182021821218222182321824218252182621827218282182921830218312183221833218342183521836218372183821839218402184121842218432184421845218462184721848218492185021851218522185321854218552185621857218582185921860218612186221863218642186521866218672186821869218702187121872218732187421875218762187721878218792188021881218822188321884218852188621887218882188921890218912189221893218942189521896218972189821899219002190121902219032190421905219062190721908219092191021911219122191321914219152191621917219182191921920219212192221923219242192521926219272192821929219302193121932219332193421935219362193721938219392194021941219422194321944219452194621947219482194921950219512195221953219542195521956219572195821959219602196121962219632196421965219662196721968219692197021971219722197321974219752197621977219782197921980219812198221983219842198521986219872198821989219902199121992219932199421995219962199721998219992200022001220022200322004220052200622007220082200922010220112201222013220142201522016220172201822019220202202122022220232202422025220262202722028220292203022031220322203322034220352203622037220382203922040220412204222043220442204522046220472204822049220502205122052220532205422055220562205722058220592206022061220622206322064220652206622067220682206922070220712207222073220742207522076220772207822079220802208122082220832208422085220862208722088220892209022091220922209322094220952209622097220982209922100221012210222103221042210522106221072210822109221102211122112221132211422115221162211722118221192212022121221222212322124221252212622127221282212922130221312213222133221342213522136221372213822139221402214122142221432214422145221462214722148221492215022151221522215322154221552215622157221582215922160221612216222163221642216522166221672216822169221702217122172221732217422175221762217722178221792218022181221822218322184221852218622187221882218922190221912219222193221942219522196221972219822199222002220122202222032220422205222062220722208222092221022211222122221322214222152221622217222182221922220222212222222223222242222522226222272222822229222302223122232222332223422235222362223722238222392224022241222422224322244222452224622247222482224922250222512225222253222542225522256222572225822259222602226122262222632226422265222662226722268222692227022271222722227322274222752227622277222782227922280222812228222283222842228522286222872228822289222902229122292222932229422295222962229722298222992230022301223022230322304223052230622307223082230922310223112231222313223142231522316223172231822319223202232122322223232232422325223262232722328223292233022331223322233322334223352233622337223382233922340223412234222343223442234522346223472234822349223502235122352223532235422355223562235722358223592236022361223622236322364223652236622367223682236922370223712237222373223742237522376223772237822379223802238122382223832238422385223862238722388223892239022391223922239322394223952239622397223982239922400224012240222403224042240522406224072240822409224102241122412224132241422415224162241722418224192242022421224222242322424224252242622427224282242922430224312243222433224342243522436224372243822439224402244122442224432244422445224462244722448224492245022451224522245322454224552245622457224582245922460224612246222463224642246522466224672246822469224702247122472224732247422475224762247722478224792248022481224822248322484224852248622487224882248922490224912249222493224942249522496224972249822499225002250122502225032250422505225062250722508225092251022511225122251322514225152251622517225182251922520225212252222523225242252522526225272252822529225302253122532225332253422535225362253722538225392254022541225422254322544225452254622547225482254922550225512255222553225542255522556225572255822559225602256122562225632256422565225662256722568225692257022571225722257322574225752257622577225782257922580225812258222583225842258522586225872258822589225902259122592225932259422595225962259722598225992260022601226022260322604226052260622607226082260922610226112261222613226142261522616226172261822619226202262122622226232262422625226262262722628226292263022631226322263322634226352263622637226382263922640226412264222643226442264522646226472264822649226502265122652226532265422655226562265722658226592266022661226622266322664226652266622667226682266922670226712267222673226742267522676226772267822679226802268122682226832268422685226862268722688226892269022691226922269322694226952269622697226982269922700227012270222703227042270522706227072270822709227102271122712227132271422715227162271722718227192272022721227222272322724227252272622727227282272922730227312273222733227342273522736227372273822739227402274122742227432274422745227462274722748227492275022751227522275322754227552275622757227582275922760227612276222763227642276522766227672276822769227702277122772227732277422775227762277722778227792278022781227822278322784227852278622787227882278922790227912279222793227942279522796227972279822799228002280122802228032280422805228062280722808228092281022811228122281322814228152281622817228182281922820228212282222823228242282522826228272282822829228302283122832228332283422835228362283722838228392284022841228422284322844228452284622847228482284922850228512285222853228542285522856228572285822859228602286122862228632286422865228662286722868228692287022871228722287322874228752287622877228782287922880228812288222883228842288522886228872288822889228902289122892228932289422895228962289722898228992290022901229022290322904229052290622907229082290922910229112291222913229142291522916229172291822919229202292122922229232292422925229262292722928229292293022931229322293322934229352293622937229382293922940229412294222943229442294522946229472294822949229502295122952229532295422955229562295722958229592296022961229622296322964229652296622967229682296922970229712297222973229742297522976229772297822979229802298122982229832298422985229862298722988229892299022991229922299322994229952299622997229982299923000230012300223003230042300523006230072300823009230102301123012230132301423015230162301723018230192302023021230222302323024230252302623027230282302923030230312303223033230342303523036230372303823039230402304123042230432304423045230462304723048230492305023051230522305323054230552305623057230582305923060230612306223063230642306523066230672306823069230702307123072230732307423075230762307723078230792308023081230822308323084230852308623087230882308923090230912309223093230942309523096230972309823099231002310123102231032310423105231062310723108231092311023111231122311323114231152311623117231182311923120231212312223123231242312523126231272312823129231302313123132231332313423135231362313723138231392314023141231422314323144231452314623147231482314923150231512315223153231542315523156231572315823159231602316123162231632316423165231662316723168231692317023171231722317323174231752317623177231782317923180231812318223183231842318523186231872318823189231902319123192231932319423195231962319723198231992320023201232022320323204232052320623207232082320923210232112321223213232142321523216232172321823219232202322123222232232322423225232262322723228232292323023231232322323323234232352323623237232382323923240232412324223243232442324523246232472324823249232502325123252232532325423255232562325723258232592326023261232622326323264232652326623267232682326923270232712327223273232742327523276232772327823279232802328123282232832328423285232862328723288232892329023291232922329323294232952329623297232982329923300233012330223303233042330523306233072330823309233102331123312233132331423315233162331723318233192332023321233222332323324233252332623327233282332923330233312333223333233342333523336233372333823339233402334123342233432334423345233462334723348233492335023351233522335323354233552335623357233582335923360233612336223363233642336523366233672336823369233702337123372233732337423375233762337723378233792338023381233822338323384233852338623387233882338923390233912339223393233942339523396233972339823399234002340123402234032340423405234062340723408234092341023411234122341323414234152341623417234182341923420234212342223423234242342523426234272342823429234302343123432234332343423435234362343723438234392344023441234422344323444234452344623447234482344923450234512345223453234542345523456234572345823459234602346123462234632346423465234662346723468234692347023471234722347323474234752347623477234782347923480234812348223483234842348523486234872348823489234902349123492234932349423495234962349723498234992350023501235022350323504235052350623507235082350923510235112351223513235142351523516235172351823519235202352123522235232352423525235262352723528235292353023531235322353323534235352353623537235382353923540235412354223543235442354523546235472354823549235502355123552235532355423555235562355723558235592356023561235622356323564235652356623567235682356923570235712357223573235742357523576235772357823579235802358123582235832358423585235862358723588235892359023591235922359323594235952359623597235982359923600236012360223603236042360523606236072360823609236102361123612236132361423615236162361723618236192362023621236222362323624236252362623627236282362923630236312363223633236342363523636236372363823639236402364123642236432364423645236462364723648236492365023651236522365323654236552365623657236582365923660236612366223663236642366523666236672366823669236702367123672236732367423675236762367723678236792368023681236822368323684236852368623687236882368923690236912369223693236942369523696236972369823699237002370123702237032370423705237062370723708237092371023711237122371323714237152371623717237182371923720237212372223723237242372523726237272372823729237302373123732237332373423735237362373723738237392374023741237422374323744237452374623747237482374923750237512375223753237542375523756237572375823759237602376123762237632376423765237662376723768237692377023771237722377323774237752377623777237782377923780237812378223783237842378523786237872378823789237902379123792237932379423795237962379723798237992380023801238022380323804238052380623807238082380923810238112381223813238142381523816238172381823819238202382123822238232382423825238262382723828238292383023831238322383323834238352383623837238382383923840238412384223843238442384523846238472384823849238502385123852238532385423855238562385723858238592386023861238622386323864238652386623867238682386923870238712387223873238742387523876238772387823879238802388123882238832388423885238862388723888238892389023891238922389323894238952389623897238982389923900239012390223903239042390523906239072390823909239102391123912239132391423915239162391723918239192392023921239222392323924239252392623927239282392923930239312393223933239342393523936239372393823939239402394123942239432394423945239462394723948239492395023951239522395323954239552395623957239582395923960239612396223963239642396523966239672396823969239702397123972239732397423975239762397723978239792398023981239822398323984239852398623987239882398923990239912399223993239942399523996239972399823999240002400124002240032400424005240062400724008240092401024011240122401324014240152401624017240182401924020240212402224023240242402524026240272402824029240302403124032240332403424035240362403724038240392404024041240422404324044240452404624047240482404924050240512405224053240542405524056240572405824059240602406124062240632406424065240662406724068240692407024071240722407324074240752407624077240782407924080240812408224083240842408524086240872408824089240902409124092240932409424095240962409724098240992410024101241022410324104241052410624107241082410924110241112411224113241142411524116241172411824119241202412124122241232412424125241262412724128241292413024131241322413324134241352413624137241382413924140241412414224143241442414524146241472414824149241502415124152241532415424155241562415724158241592416024161241622416324164241652416624167241682416924170241712417224173241742417524176241772417824179241802418124182241832418424185241862418724188241892419024191241922419324194241952419624197241982419924200242012420224203242042420524206242072420824209242102421124212242132421424215242162421724218242192422024221242222422324224242252422624227242282422924230242312423224233242342423524236242372423824239242402424124242242432424424245242462424724248242492425024251242522425324254242552425624257242582425924260242612426224263242642426524266242672426824269242702427124272242732427424275242762427724278242792428024281242822428324284242852428624287242882428924290242912429224293242942429524296242972429824299243002430124302243032430424305243062430724308243092431024311243122431324314243152431624317243182431924320243212432224323243242432524326243272432824329243302433124332243332433424335243362433724338243392434024341243422434324344243452434624347243482434924350243512435224353243542435524356243572435824359243602436124362243632436424365243662436724368243692437024371243722437324374243752437624377243782437924380243812438224383243842438524386243872438824389243902439124392243932439424395243962439724398243992440024401244022440324404244052440624407244082440924410244112441224413244142441524416244172441824419244202442124422244232442424425244262442724428244292443024431244322443324434244352443624437244382443924440244412444224443244442444524446244472444824449244502445124452244532445424455244562445724458244592446024461244622446324464244652446624467244682446924470244712447224473244742447524476244772447824479244802448124482244832448424485244862448724488244892449024491244922449324494244952449624497244982449924500245012450224503245042450524506245072450824509245102451124512245132451424515245162451724518245192452024521245222452324524245252452624527245282452924530245312453224533245342453524536245372453824539245402454124542245432454424545245462454724548245492455024551245522455324554245552455624557245582455924560245612456224563245642456524566245672456824569245702457124572245732457424575245762457724578245792458024581245822458324584245852458624587245882458924590245912459224593245942459524596245972459824599246002460124602246032460424605246062460724608246092461024611246122461324614246152461624617246182461924620246212462224623246242462524626246272462824629246302463124632246332463424635246362463724638246392464024641246422464324644246452464624647246482464924650246512465224653246542465524656246572465824659246602466124662246632466424665246662466724668246692467024671246722467324674246752467624677246782467924680246812468224683246842468524686246872468824689246902469124692246932469424695246962469724698246992470024701247022470324704247052470624707247082470924710247112471224713247142471524716247172471824719247202472124722247232472424725247262472724728247292473024731247322473324734247352473624737247382473924740247412474224743247442474524746247472474824749247502475124752247532475424755247562475724758247592476024761247622476324764247652476624767247682476924770247712477224773247742477524776247772477824779247802478124782247832478424785247862478724788247892479024791247922479324794247952479624797247982479924800248012480224803248042480524806248072480824809248102481124812248132481424815248162481724818248192482024821248222482324824248252482624827248282482924830248312483224833248342483524836248372483824839248402484124842248432484424845248462484724848248492485024851248522485324854248552485624857248582485924860248612486224863248642486524866248672486824869248702487124872248732487424875248762487724878248792488024881248822488324884248852488624887248882488924890248912489224893248942489524896248972489824899249002490124902249032490424905249062490724908249092491024911249122491324914249152491624917249182491924920249212492224923249242492524926249272492824929249302493124932249332493424935249362493724938249392494024941249422494324944249452494624947249482494924950249512495224953249542495524956249572495824959249602496124962249632496424965249662496724968249692497024971249722497324974249752497624977249782497924980249812498224983249842498524986249872498824989249902499124992249932499424995249962499724998249992500025001250022500325004250052500625007250082500925010250112501225013250142501525016250172501825019250202502125022250232502425025250262502725028250292503025031250322503325034250352503625037250382503925040250412504225043250442504525046250472504825049250502505125052250532505425055250562505725058250592506025061250622506325064250652506625067250682506925070250712507225073250742507525076250772507825079250802508125082250832508425085250862508725088250892509025091250922509325094250952509625097250982509925100251012510225103251042510525106251072510825109251102511125112251132511425115251162511725118251192512025121251222512325124251252512625127251282512925130251312513225133251342513525136251372513825139251402514125142251432514425145251462514725148251492515025151251522515325154251552515625157251582515925160251612516225163251642516525166251672516825169251702517125172251732517425175251762517725178251792518025181251822518325184251852518625187251882518925190251912519225193251942519525196251972519825199252002520125202252032520425205252062520725208252092521025211252122521325214252152521625217252182521925220252212522225223252242522525226252272522825229252302523125232252332523425235252362523725238252392524025241252422524325244252452524625247252482524925250252512525225253252542525525256252572525825259252602526125262252632526425265252662526725268252692527025271252722527325274252752527625277252782527925280252812528225283252842528525286252872528825289252902529125292252932529425295252962529725298252992530025301253022530325304253052530625307253082530925310253112531225313253142531525316253172531825319253202532125322253232532425325253262532725328253292533025331253322533325334253352533625337253382533925340253412534225343253442534525346253472534825349253502535125352253532535425355253562535725358253592536025361253622536325364253652536625367253682536925370253712537225373253742537525376253772537825379253802538125382253832538425385253862538725388253892539025391253922539325394253952539625397253982539925400254012540225403254042540525406254072540825409254102541125412254132541425415254162541725418254192542025421254222542325424254252542625427254282542925430254312543225433254342543525436254372543825439254402544125442254432544425445254462544725448254492545025451254522545325454254552545625457254582545925460254612546225463254642546525466254672546825469254702547125472254732547425475254762547725478254792548025481254822548325484254852548625487254882548925490254912549225493254942549525496254972549825499255002550125502255032550425505255062550725508255092551025511255122551325514255152551625517255182551925520255212552225523255242552525526255272552825529255302553125532255332553425535255362553725538255392554025541255422554325544255452554625547255482554925550255512555225553255542555525556255572555825559255602556125562255632556425565255662556725568255692557025571255722557325574255752557625577255782557925580255812558225583255842558525586255872558825589255902559125592255932559425595255962559725598255992560025601256022560325604256052560625607256082560925610256112561225613256142561525616256172561825619256202562125622256232562425625256262562725628256292563025631256322563325634256352563625637256382563925640256412564225643256442564525646256472564825649256502565125652256532565425655256562565725658256592566025661256622566325664256652566625667256682566925670256712567225673256742567525676256772567825679256802568125682256832568425685256862568725688256892569025691256922569325694256952569625697256982569925700257012570225703257042570525706257072570825709257102571125712257132571425715257162571725718257192572025721257222572325724257252572625727257282572925730257312573225733257342573525736257372573825739257402574125742257432574425745257462574725748257492575025751257522575325754257552575625757257582575925760257612576225763257642576525766257672576825769257702577125772257732577425775257762577725778257792578025781257822578325784257852578625787257882578925790257912579225793257942579525796257972579825799258002580125802258032580425805258062580725808258092581025811258122581325814258152581625817258182581925820258212582225823258242582525826258272582825829258302583125832258332583425835258362583725838258392584025841258422584325844258452584625847258482584925850258512585225853258542585525856258572585825859258602586125862258632586425865258662586725868258692587025871258722587325874258752587625877258782587925880258812588225883258842588525886258872588825889258902589125892258932589425895258962589725898258992590025901259022590325904259052590625907259082590925910259112591225913259142591525916259172591825919259202592125922259232592425925259262592725928259292593025931259322593325934259352593625937259382593925940259412594225943259442594525946259472594825949259502595125952259532595425955259562595725958259592596025961259622596325964259652596625967259682596925970259712597225973259742597525976259772597825979259802598125982259832598425985259862598725988259892599025991259922599325994259952599625997259982599926000260012600226003260042600526006260072600826009260102601126012260132601426015260162601726018260192602026021260222602326024260252602626027260282602926030260312603226033260342603526036260372603826039260402604126042260432604426045260462604726048260492605026051260522605326054260552605626057260582605926060260612606226063260642606526066260672606826069260702607126072260732607426075260762607726078260792608026081260822608326084260852608626087260882608926090260912609226093260942609526096260972609826099261002610126102261032610426105261062610726108261092611026111261122611326114261152611626117261182611926120261212612226123261242612526126261272612826129261302613126132261332613426135261362613726138261392614026141261422614326144261452614626147261482614926150261512615226153261542615526156261572615826159261602616126162261632616426165261662616726168261692617026171261722617326174261752617626177261782617926180261812618226183261842618526186261872618826189261902619126192261932619426195261962619726198261992620026201262022620326204262052620626207262082620926210262112621226213262142621526216262172621826219262202622126222262232622426225262262622726228262292623026231262322623326234262352623626237262382623926240262412624226243262442624526246262472624826249262502625126252262532625426255262562625726258262592626026261262622626326264262652626626267262682626926270262712627226273262742627526276262772627826279262802628126282262832628426285262862628726288262892629026291262922629326294262952629626297262982629926300263012630226303263042630526306263072630826309263102631126312263132631426315263162631726318263192632026321263222632326324263252632626327263282632926330263312633226333263342633526336263372633826339263402634126342263432634426345263462634726348263492635026351263522635326354263552635626357263582635926360263612636226363263642636526366263672636826369263702637126372263732637426375263762637726378263792638026381263822638326384263852638626387263882638926390263912639226393263942639526396263972639826399264002640126402264032640426405264062640726408264092641026411264122641326414264152641626417264182641926420264212642226423264242642526426264272642826429264302643126432264332643426435264362643726438264392644026441264422644326444264452644626447264482644926450264512645226453264542645526456264572645826459264602646126462264632646426465264662646726468264692647026471264722647326474264752647626477264782647926480264812648226483264842648526486264872648826489264902649126492264932649426495264962649726498264992650026501265022650326504265052650626507265082650926510265112651226513265142651526516265172651826519265202652126522265232652426525265262652726528265292653026531265322653326534265352653626537265382653926540265412654226543265442654526546265472654826549265502655126552265532655426555265562655726558265592656026561265622656326564265652656626567265682656926570265712657226573265742657526576265772657826579265802658126582265832658426585265862658726588265892659026591265922659326594265952659626597265982659926600266012660226603266042660526606266072660826609266102661126612266132661426615266162661726618266192662026621266222662326624266252662626627266282662926630266312663226633266342663526636266372663826639266402664126642266432664426645266462664726648266492665026651266522665326654266552665626657266582665926660266612666226663266642666526666266672666826669266702667126672266732667426675266762667726678266792668026681266822668326684266852668626687266882668926690266912669226693266942669526696266972669826699267002670126702267032670426705267062670726708267092671026711267122671326714267152671626717267182671926720267212672226723267242672526726267272672826729267302673126732267332673426735267362673726738267392674026741267422674326744267452674626747267482674926750267512675226753267542675526756267572675826759267602676126762267632676426765267662676726768267692677026771267722677326774267752677626777267782677926780267812678226783267842678526786267872678826789267902679126792267932679426795267962679726798267992680026801268022680326804268052680626807268082680926810268112681226813268142681526816268172681826819268202682126822268232682426825268262682726828268292683026831268322683326834268352683626837268382683926840268412684226843268442684526846268472684826849268502685126852268532685426855268562685726858268592686026861268622686326864268652686626867268682686926870268712687226873268742687526876268772687826879268802688126882268832688426885268862688726888268892689026891268922689326894268952689626897268982689926900269012690226903269042690526906269072690826909269102691126912269132691426915269162691726918269192692026921269222692326924269252692626927269282692926930269312693226933269342693526936269372693826939269402694126942269432694426945269462694726948269492695026951269522695326954269552695626957269582695926960269612696226963269642696526966269672696826969269702697126972269732697426975269762697726978269792698026981269822698326984269852698626987269882698926990269912699226993269942699526996269972699826999270002700127002270032700427005270062700727008270092701027011270122701327014270152701627017270182701927020270212702227023270242702527026270272702827029270302703127032270332703427035270362703727038270392704027041270422704327044270452704627047270482704927050270512705227053270542705527056270572705827059270602706127062270632706427065270662706727068270692707027071270722707327074270752707627077270782707927080270812708227083270842708527086270872708827089270902709127092270932709427095270962709727098270992710027101271022710327104271052710627107271082710927110271112711227113271142711527116271172711827119271202712127122271232712427125271262712727128271292713027131271322713327134271352713627137271382713927140271412714227143271442714527146271472714827149271502715127152271532715427155271562715727158271592716027161271622716327164271652716627167271682716927170271712717227173271742717527176271772717827179271802718127182271832718427185271862718727188271892719027191271922719327194271952719627197271982719927200272012720227203272042720527206272072720827209272102721127212272132721427215272162721727218272192722027221272222722327224272252722627227272282722927230272312723227233272342723527236272372723827239272402724127242272432724427245272462724727248272492725027251272522725327254272552725627257272582725927260272612726227263272642726527266272672726827269272702727127272272732727427275272762727727278272792728027281272822728327284272852728627287272882728927290272912729227293272942729527296272972729827299273002730127302273032730427305273062730727308273092731027311273122731327314273152731627317273182731927320273212732227323273242732527326273272732827329273302733127332273332733427335273362733727338273392734027341273422734327344273452734627347273482734927350273512735227353273542735527356273572735827359273602736127362273632736427365273662736727368273692737027371273722737327374273752737627377273782737927380273812738227383273842738527386273872738827389273902739127392273932739427395273962739727398273992740027401274022740327404274052740627407274082740927410274112741227413274142741527416274172741827419274202742127422274232742427425274262742727428274292743027431274322743327434274352743627437274382743927440274412744227443274442744527446274472744827449274502745127452274532745427455274562745727458274592746027461274622746327464274652746627467274682746927470274712747227473274742747527476274772747827479274802748127482274832748427485274862748727488274892749027491274922749327494274952749627497274982749927500275012750227503275042750527506275072750827509275102751127512275132751427515275162751727518275192752027521275222752327524275252752627527275282752927530275312753227533275342753527536275372753827539275402754127542275432754427545275462754727548275492755027551275522755327554275552755627557275582755927560275612756227563275642756527566275672756827569275702757127572275732757427575275762757727578275792758027581275822758327584275852758627587275882758927590275912759227593275942759527596275972759827599276002760127602276032760427605276062760727608276092761027611276122761327614276152761627617276182761927620276212762227623276242762527626276272762827629276302763127632276332763427635276362763727638276392764027641276422764327644276452764627647276482764927650276512765227653276542765527656276572765827659276602766127662276632766427665276662766727668276692767027671276722767327674276752767627677276782767927680276812768227683276842768527686276872768827689276902769127692276932769427695276962769727698276992770027701277022770327704277052770627707277082770927710277112771227713277142771527716277172771827719277202772127722277232772427725277262772727728277292773027731277322773327734277352773627737277382773927740277412774227743277442774527746277472774827749277502775127752277532775427755277562775727758277592776027761277622776327764277652776627767277682776927770277712777227773277742777527776277772777827779277802778127782277832778427785277862778727788277892779027791277922779327794277952779627797277982779927800278012780227803278042780527806278072780827809278102781127812278132781427815278162781727818278192782027821278222782327824278252782627827278282782927830278312783227833278342783527836278372783827839278402784127842278432784427845278462784727848278492785027851278522785327854278552785627857278582785927860278612786227863278642786527866278672786827869278702787127872278732787427875278762787727878278792788027881278822788327884278852788627887278882788927890278912789227893278942789527896278972789827899279002790127902279032790427905279062790727908279092791027911279122791327914279152791627917279182791927920279212792227923279242792527926279272792827929279302793127932279332793427935279362793727938279392794027941279422794327944279452794627947279482794927950279512795227953279542795527956279572795827959279602796127962279632796427965279662796727968279692797027971279722797327974279752797627977279782797927980279812798227983279842798527986279872798827989279902799127992279932799427995279962799727998279992800028001280022800328004280052800628007280082800928010280112801228013280142801528016280172801828019280202802128022280232802428025280262802728028280292803028031280322803328034280352803628037280382803928040280412804228043280442804528046280472804828049280502805128052280532805428055280562805728058280592806028061280622806328064280652806628067280682806928070280712807228073280742807528076280772807828079280802808128082280832808428085280862808728088280892809028091280922809328094280952809628097280982809928100281012810228103281042810528106281072810828109281102811128112281132811428115281162811728118281192812028121281222812328124281252812628127281282812928130281312813228133281342813528136281372813828139281402814128142281432814428145281462814728148281492815028151281522815328154281552815628157281582815928160281612816228163281642816528166281672816828169281702817128172281732817428175281762817728178281792818028181281822818328184281852818628187281882818928190281912819228193281942819528196281972819828199282002820128202282032820428205282062820728208282092821028211282122821328214282152821628217282182821928220282212822228223282242822528226282272822828229282302823128232282332823428235282362823728238282392824028241282422824328244282452824628247282482824928250282512825228253282542825528256282572825828259282602826128262282632826428265282662826728268282692827028271282722827328274282752827628277282782827928280282812828228283282842828528286282872828828289282902829128292282932829428295282962829728298282992830028301283022830328304283052830628307283082830928310283112831228313283142831528316283172831828319283202832128322283232832428325283262832728328283292833028331283322833328334283352833628337283382833928340283412834228343283442834528346283472834828349283502835128352283532835428355283562835728358283592836028361283622836328364283652836628367283682836928370283712837228373283742837528376283772837828379283802838128382283832838428385283862838728388283892839028391283922839328394283952839628397283982839928400284012840228403284042840528406284072840828409284102841128412284132841428415284162841728418284192842028421284222842328424284252842628427284282842928430284312843228433284342843528436284372843828439284402844128442284432844428445284462844728448284492845028451284522845328454284552845628457284582845928460284612846228463284642846528466284672846828469284702847128472284732847428475284762847728478284792848028481284822848328484284852848628487284882848928490284912849228493284942849528496284972849828499285002850128502285032850428505285062850728508285092851028511285122851328514285152851628517285182851928520285212852228523285242852528526285272852828529285302853128532285332853428535285362853728538285392854028541285422854328544285452854628547285482854928550285512855228553285542855528556285572855828559285602856128562285632856428565285662856728568285692857028571285722857328574285752857628577285782857928580285812858228583285842858528586285872858828589285902859128592285932859428595285962859728598285992860028601286022860328604286052860628607286082860928610286112861228613286142861528616286172861828619286202862128622286232862428625286262862728628286292863028631286322863328634286352863628637286382863928640286412864228643286442864528646286472864828649286502865128652286532865428655286562865728658286592866028661286622866328664286652866628667286682866928670286712867228673286742867528676286772867828679286802868128682286832868428685286862868728688286892869028691286922869328694286952869628697286982869928700287012870228703287042870528706287072870828709287102871128712287132871428715287162871728718287192872028721287222872328724287252872628727287282872928730287312873228733287342873528736287372873828739287402874128742287432874428745287462874728748287492875028751287522875328754287552875628757287582875928760287612876228763287642876528766287672876828769287702877128772287732877428775287762877728778287792878028781287822878328784287852878628787287882878928790287912879228793287942879528796287972879828799288002880128802288032880428805288062880728808288092881028811288122881328814288152881628817288182881928820288212882228823288242882528826288272882828829288302883128832288332883428835288362883728838288392884028841288422884328844288452884628847288482884928850288512885228853288542885528856288572885828859288602886128862288632886428865288662886728868288692887028871288722887328874288752887628877288782887928880288812888228883288842888528886288872888828889288902889128892288932889428895288962889728898288992890028901289022890328904289052890628907289082890928910289112891228913289142891528916289172891828919289202892128922289232892428925289262892728928289292893028931289322893328934289352893628937289382893928940289412894228943289442894528946289472894828949289502895128952289532895428955289562895728958289592896028961289622896328964289652896628967289682896928970289712897228973289742897528976289772897828979289802898128982289832898428985289862898728988289892899028991289922899328994289952899628997289982899929000290012900229003290042900529006290072900829009290102901129012290132901429015290162901729018290192902029021290222902329024290252902629027290282902929030290312903229033290342903529036290372903829039290402904129042290432904429045290462904729048290492905029051290522905329054290552905629057290582905929060290612906229063290642906529066290672906829069290702907129072290732907429075290762907729078290792908029081290822908329084290852908629087290882908929090290912909229093290942909529096290972909829099291002910129102291032910429105291062910729108291092911029111291122911329114291152911629117291182911929120291212912229123291242912529126291272912829129291302913129132291332913429135291362913729138291392914029141291422914329144291452914629147291482914929150291512915229153291542915529156291572915829159291602916129162291632916429165291662916729168291692917029171291722917329174291752917629177291782917929180291812918229183291842918529186291872918829189291902919129192291932919429195291962919729198291992920029201292022920329204292052920629207292082920929210292112921229213292142921529216292172921829219292202922129222292232922429225292262922729228292292923029231292322923329234292352923629237292382923929240292412924229243292442924529246292472924829249292502925129252292532925429255292562925729258292592926029261292622926329264292652926629267292682926929270292712927229273292742927529276292772927829279292802928129282292832928429285292862928729288292892929029291292922929329294292952929629297292982929929300293012930229303293042930529306293072930829309293102931129312293132931429315293162931729318293192932029321293222932329324293252932629327293282932929330293312933229333293342933529336293372933829339293402934129342293432934429345293462934729348293492935029351293522935329354293552935629357293582935929360293612936229363293642936529366293672936829369293702937129372293732937429375293762937729378293792938029381293822938329384293852938629387293882938929390293912939229393293942939529396293972939829399294002940129402294032940429405294062940729408294092941029411294122941329414294152941629417294182941929420294212942229423294242942529426294272942829429294302943129432294332943429435294362943729438294392944029441294422944329444294452944629447294482944929450294512945229453294542945529456294572945829459294602946129462294632946429465294662946729468294692947029471294722947329474294752947629477294782947929480294812948229483294842948529486294872948829489294902949129492294932949429495294962949729498294992950029501295022950329504295052950629507295082950929510295112951229513295142951529516295172951829519295202952129522295232952429525295262952729528295292953029531295322953329534295352953629537295382953929540295412954229543295442954529546295472954829549295502955129552295532955429555295562955729558295592956029561295622956329564295652956629567295682956929570295712957229573295742957529576295772957829579295802958129582295832958429585295862958729588295892959029591295922959329594295952959629597295982959929600296012960229603296042960529606296072960829609296102961129612296132961429615296162961729618296192962029621296222962329624296252962629627296282962929630296312963229633296342963529636296372963829639296402964129642296432964429645296462964729648296492965029651296522965329654296552965629657296582965929660296612966229663296642966529666296672966829669296702967129672296732967429675296762967729678296792968029681296822968329684296852968629687296882968929690296912969229693296942969529696296972969829699297002970129702297032970429705297062970729708297092971029711297122971329714297152971629717297182971929720297212972229723297242972529726297272972829729297302973129732297332973429735297362973729738297392974029741297422974329744297452974629747297482974929750297512975229753297542975529756297572975829759297602976129762297632976429765297662976729768297692977029771297722977329774297752977629777297782977929780297812978229783297842978529786297872978829789297902979129792297932979429795297962979729798297992980029801298022980329804298052980629807298082980929810298112981229813298142981529816298172981829819298202982129822298232982429825298262982729828298292983029831298322983329834298352983629837298382983929840298412984229843298442984529846298472984829849298502985129852298532985429855298562985729858298592986029861298622986329864298652986629867298682986929870298712987229873298742987529876298772987829879298802988129882298832988429885298862988729888298892989029891298922989329894298952989629897298982989929900299012990229903299042990529906299072990829909299102991129912299132991429915299162991729918299192992029921299222992329924299252992629927299282992929930299312993229933299342993529936299372993829939299402994129942299432994429945299462994729948299492995029951299522995329954299552995629957299582995929960299612996229963299642996529966299672996829969299702997129972299732997429975299762997729978299792998029981299822998329984299852998629987299882998929990299912999229993299942999529996299972999829999300003000130002300033000430005300063000730008300093001030011300123001330014300153001630017300183001930020300213002230023300243002530026300273002830029300303003130032300333003430035300363003730038300393004030041300423004330044300453004630047300483004930050300513005230053300543005530056300573005830059300603006130062300633006430065300663006730068300693007030071300723007330074300753007630077300783007930080300813008230083300843008530086300873008830089300903009130092300933009430095300963009730098300993010030101301023010330104301053010630107301083010930110301113011230113301143011530116301173011830119301203012130122301233012430125301263012730128301293013030131301323013330134301353013630137301383013930140301413014230143301443014530146301473014830149301503015130152301533015430155301563015730158301593016030161301623016330164301653016630167301683016930170301713017230173301743017530176301773017830179301803018130182301833018430185301863018730188301893019030191301923019330194301953019630197301983019930200302013020230203302043020530206302073020830209302103021130212302133021430215302163021730218302193022030221302223022330224302253022630227302283022930230302313023230233302343023530236302373023830239302403024130242302433024430245302463024730248302493025030251302523025330254302553025630257302583025930260302613026230263302643026530266302673026830269302703027130272302733027430275302763027730278302793028030281302823028330284302853028630287302883028930290302913029230293302943029530296302973029830299303003030130302303033030430305303063030730308303093031030311303123031330314303153031630317303183031930320303213032230323303243032530326303273032830329303303033130332303333033430335303363033730338303393034030341303423034330344303453034630347303483034930350303513035230353303543035530356303573035830359303603036130362303633036430365303663036730368303693037030371303723037330374303753037630377303783037930380303813038230383303843038530386303873038830389303903039130392303933039430395303963039730398303993040030401304023040330404304053040630407304083040930410304113041230413304143041530416304173041830419304203042130422304233042430425304263042730428304293043030431304323043330434304353043630437304383043930440304413044230443304443044530446304473044830449304503045130452304533045430455304563045730458304593046030461304623046330464304653046630467304683046930470304713047230473304743047530476304773047830479304803048130482304833048430485304863048730488304893049030491304923049330494304953049630497304983049930500305013050230503305043050530506305073050830509305103051130512305133051430515305163051730518305193052030521305223052330524305253052630527305283052930530305313053230533305343053530536305373053830539305403054130542305433054430545305463054730548305493055030551305523055330554305553055630557305583055930560305613056230563305643056530566305673056830569305703057130572305733057430575305763057730578305793058030581305823058330584305853058630587305883058930590305913059230593305943059530596305973059830599306003060130602306033060430605306063060730608306093061030611306123061330614306153061630617306183061930620306213062230623306243062530626306273062830629306303063130632306333063430635306363063730638306393064030641306423064330644306453064630647306483064930650306513065230653306543065530656306573065830659306603066130662306633066430665306663066730668306693067030671306723067330674306753067630677306783067930680306813068230683306843068530686306873068830689306903069130692306933069430695306963069730698306993070030701307023070330704307053070630707307083070930710307113071230713307143071530716307173071830719307203072130722307233072430725307263072730728307293073030731307323073330734307353073630737307383073930740307413074230743307443074530746307473074830749307503075130752307533075430755307563075730758307593076030761307623076330764307653076630767307683076930770307713077230773307743077530776307773077830779307803078130782307833078430785307863078730788307893079030791307923079330794307953079630797307983079930800308013080230803308043080530806308073080830809308103081130812308133081430815308163081730818308193082030821308223082330824308253082630827308283082930830308313083230833308343083530836308373083830839308403084130842308433084430845308463084730848308493085030851308523085330854308553085630857308583085930860308613086230863308643086530866308673086830869308703087130872308733087430875308763087730878308793088030881308823088330884308853088630887308883088930890308913089230893308943089530896308973089830899309003090130902309033090430905309063090730908309093091030911309123091330914309153091630917309183091930920309213092230923309243092530926309273092830929309303093130932309333093430935309363093730938309393094030941309423094330944309453094630947309483094930950309513095230953309543095530956309573095830959309603096130962309633096430965309663096730968309693097030971309723097330974309753097630977309783097930980309813098230983309843098530986309873098830989309903099130992309933099430995309963099730998309993100031001310023100331004310053100631007310083100931010310113101231013310143101531016310173101831019310203102131022310233102431025310263102731028310293103031031310323103331034310353103631037310383103931040310413104231043310443104531046310473104831049310503105131052310533105431055310563105731058310593106031061310623106331064310653106631067310683106931070310713107231073310743107531076310773107831079310803108131082310833108431085310863108731088310893109031091310923109331094310953109631097310983109931100311013110231103311043110531106311073110831109311103111131112311133111431115311163111731118311193112031121311223112331124311253112631127311283112931130311313113231133311343113531136311373113831139311403114131142311433114431145311463114731148311493115031151311523115331154311553115631157311583115931160311613116231163311643116531166311673116831169311703117131172311733117431175311763117731178311793118031181311823118331184311853118631187311883118931190311913119231193311943119531196311973119831199312003120131202312033120431205312063120731208312093121031211312123121331214312153121631217312183121931220312213122231223312243122531226312273122831229312303123131232312333123431235312363123731238312393124031241312423124331244312453124631247312483124931250312513125231253312543125531256312573125831259312603126131262312633126431265312663126731268312693127031271312723127331274312753127631277312783127931280312813128231283312843128531286312873128831289312903129131292312933129431295312963129731298312993130031301313023130331304313053130631307313083130931310313113131231313313143131531316313173131831319313203132131322313233132431325313263132731328313293133031331313323133331334313353133631337313383133931340313413134231343313443134531346313473134831349313503135131352313533135431355313563135731358313593136031361313623136331364313653136631367313683136931370313713137231373313743137531376313773137831379313803138131382313833138431385313863138731388313893139031391313923139331394313953139631397313983139931400314013140231403314043140531406314073140831409314103141131412314133141431415314163141731418314193142031421314223142331424314253142631427314283142931430314313143231433314343143531436314373143831439314403144131442314433144431445314463144731448314493145031451314523145331454314553145631457314583145931460314613146231463314643146531466314673146831469314703147131472314733147431475314763147731478314793148031481314823148331484314853148631487314883148931490314913149231493314943149531496314973149831499315003150131502315033150431505315063150731508315093151031511315123151331514315153151631517315183151931520315213152231523315243152531526315273152831529315303153131532315333153431535315363153731538315393154031541315423154331544315453154631547315483154931550315513155231553315543155531556315573155831559315603156131562315633156431565315663156731568315693157031571315723157331574315753157631577315783157931580315813158231583315843158531586315873158831589315903159131592315933159431595315963159731598315993160031601316023160331604316053160631607316083160931610316113161231613316143161531616316173161831619316203162131622316233162431625316263162731628316293163031631316323163331634316353163631637316383163931640316413164231643316443164531646316473164831649316503165131652316533165431655316563165731658316593166031661316623166331664316653166631667316683166931670316713167231673316743167531676316773167831679316803168131682316833168431685316863168731688316893169031691316923169331694316953169631697316983169931700317013170231703317043170531706317073170831709317103171131712317133171431715317163171731718317193172031721317223172331724317253172631727317283172931730317313173231733317343173531736317373173831739317403174131742317433174431745317463174731748317493175031751317523175331754317553175631757317583175931760317613176231763317643176531766317673176831769317703177131772317733177431775317763177731778317793178031781317823178331784317853178631787317883178931790317913179231793317943179531796317973179831799318003180131802318033180431805318063180731808318093181031811318123181331814318153181631817318183181931820318213182231823318243182531826318273182831829318303183131832318333183431835318363183731838318393184031841318423184331844318453184631847318483184931850318513185231853318543185531856318573185831859318603186131862318633186431865318663186731868318693187031871318723187331874318753187631877318783187931880318813188231883318843188531886318873188831889318903189131892318933189431895318963189731898318993190031901319023190331904319053190631907319083190931910319113191231913319143191531916319173191831919319203192131922319233192431925319263192731928319293193031931319323193331934319353193631937319383193931940319413194231943319443194531946319473194831949319503195131952319533195431955319563195731958319593196031961319623196331964319653196631967319683196931970319713197231973319743197531976319773197831979319803198131982319833198431985319863198731988319893199031991319923199331994319953199631997319983199932000320013200232003320043200532006320073200832009320103201132012320133201432015320163201732018320193202032021320223202332024320253202632027320283202932030320313203232033320343203532036320373203832039320403204132042320433204432045320463204732048320493205032051320523205332054320553205632057320583205932060320613206232063320643206532066320673206832069320703207132072320733207432075320763207732078320793208032081320823208332084320853208632087320883208932090320913209232093320943209532096320973209832099321003210132102321033210432105321063210732108321093211032111321123211332114321153211632117321183211932120321213212232123321243212532126321273212832129321303213132132321333213432135321363213732138321393214032141321423214332144321453214632147321483214932150321513215232153321543215532156321573215832159321603216132162321633216432165321663216732168321693217032171321723217332174321753217632177321783217932180321813218232183321843218532186321873218832189321903219132192321933219432195321963219732198321993220032201322023220332204322053220632207322083220932210322113221232213322143221532216322173221832219322203222132222322233222432225322263222732228322293223032231322323223332234322353223632237322383223932240322413224232243322443224532246322473224832249322503225132252322533225432255322563225732258322593226032261322623226332264322653226632267322683226932270322713227232273322743227532276322773227832279322803228132282322833228432285322863228732288322893229032291322923229332294322953229632297322983229932300323013230232303323043230532306323073230832309323103231132312323133231432315323163231732318323193232032321323223232332324323253232632327323283232932330323313233232333323343233532336323373233832339323403234132342323433234432345323463234732348323493235032351323523235332354323553235632357323583235932360323613236232363323643236532366323673236832369323703237132372323733237432375323763237732378323793238032381323823238332384323853238632387323883238932390323913239232393323943239532396323973239832399324003240132402324033240432405324063240732408324093241032411324123241332414324153241632417324183241932420324213242232423324243242532426324273242832429324303243132432324333243432435324363243732438324393244032441324423244332444324453244632447324483244932450324513245232453324543245532456324573245832459324603246132462324633246432465324663246732468324693247032471324723247332474324753247632477324783247932480324813248232483324843248532486324873248832489324903249132492324933249432495324963249732498324993250032501325023250332504325053250632507325083250932510325113251232513325143251532516325173251832519325203252132522325233252432525325263252732528325293253032531325323253332534325353253632537325383253932540325413254232543325443254532546325473254832549325503255132552325533255432555325563255732558325593256032561325623256332564325653256632567325683256932570325713257232573325743257532576325773257832579325803258132582325833258432585325863258732588325893259032591325923259332594325953259632597325983259932600326013260232603326043260532606326073260832609326103261132612326133261432615326163261732618326193262032621326223262332624326253262632627326283262932630326313263232633326343263532636326373263832639326403264132642326433264432645326463264732648326493265032651326523265332654326553265632657326583265932660326613266232663326643266532666326673266832669326703267132672326733267432675326763267732678326793268032681326823268332684326853268632687326883268932690326913269232693326943269532696326973269832699327003270132702327033270432705327063270732708327093271032711327123271332714327153271632717327183271932720327213272232723327243272532726327273272832729327303273132732327333273432735327363273732738327393274032741327423274332744327453274632747327483274932750327513275232753327543275532756327573275832759327603276132762327633276432765327663276732768327693277032771327723277332774327753277632777327783277932780327813278232783327843278532786327873278832789327903279132792327933279432795327963279732798327993280032801328023280332804328053280632807328083280932810328113281232813328143281532816328173281832819328203282132822328233282432825328263282732828328293283032831328323283332834328353283632837328383283932840328413284232843328443284532846328473284832849328503285132852328533285432855328563285732858328593286032861328623286332864328653286632867328683286932870328713287232873328743287532876328773287832879328803288132882328833288432885328863288732888328893289032891328923289332894328953289632897328983289932900329013290232903329043290532906329073290832909329103291132912329133291432915329163291732918329193292032921329223292332924329253292632927329283292932930329313293232933329343293532936329373293832939329403294132942329433294432945329463294732948329493295032951329523295332954329553295632957329583295932960329613296232963329643296532966329673296832969329703297132972329733297432975329763297732978329793298032981329823298332984329853298632987329883298932990329913299232993329943299532996329973299832999330003300133002330033300433005330063300733008330093301033011330123301333014330153301633017330183301933020330213302233023330243302533026330273302833029330303303133032330333303433035330363303733038330393304033041330423304333044330453304633047330483304933050330513305233053330543305533056330573305833059330603306133062330633306433065330663306733068330693307033071330723307333074330753307633077330783307933080330813308233083330843308533086330873308833089330903309133092330933309433095330963309733098330993310033101331023310333104331053310633107331083310933110331113311233113331143311533116331173311833119331203312133122331233312433125331263312733128331293313033131331323313333134331353313633137331383313933140331413314233143331443314533146331473314833149331503315133152331533315433155331563315733158331593316033161331623316333164331653316633167331683316933170331713317233173331743317533176331773317833179331803318133182331833318433185331863318733188331893319033191331923319333194331953319633197331983319933200332013320233203332043320533206332073320833209332103321133212332133321433215332163321733218332193322033221332223322333224332253322633227332283322933230332313323233233332343323533236332373323833239332403324133242332433324433245332463324733248332493325033251332523325333254332553325633257332583325933260332613326233263332643326533266332673326833269332703327133272332733327433275332763327733278332793328033281332823328333284332853328633287332883328933290332913329233293332943329533296332973329833299333003330133302333033330433305333063330733308333093331033311333123331333314333153331633317333183331933320333213332233323333243332533326333273332833329333303333133332333333333433335333363333733338333393334033341333423334333344333453334633347333483334933350333513335233353333543335533356333573335833359333603336133362333633336433365333663336733368333693337033371333723337333374333753337633377333783337933380333813338233383333843338533386333873338833389333903339133392333933339433395333963339733398333993340033401334023340333404334053340633407334083340933410334113341233413334143341533416334173341833419334203342133422334233342433425334263342733428334293343033431334323343333434334353343633437334383343933440334413344233443334443344533446334473344833449334503345133452334533345433455334563345733458334593346033461334623346333464334653346633467334683346933470334713347233473334743347533476334773347833479334803348133482334833348433485334863348733488334893349033491334923349333494334953349633497334983349933500335013350233503335043350533506335073350833509335103351133512335133351433515335163351733518335193352033521335223352333524335253352633527335283352933530335313353233533335343353533536335373353833539335403354133542335433354433545335463354733548335493355033551335523355333554335553355633557335583355933560335613356233563335643356533566335673356833569335703357133572335733357433575335763357733578335793358033581335823358333584335853358633587335883358933590335913359233593335943359533596335973359833599336003360133602336033360433605336063360733608336093361033611336123361333614336153361633617336183361933620336213362233623336243362533626336273362833629336303363133632336333363433635336363363733638336393364033641336423364333644336453364633647336483364933650336513365233653336543365533656336573365833659336603366133662336633366433665336663366733668336693367033671336723367333674336753367633677336783367933680336813368233683336843368533686336873368833689336903369133692336933369433695336963369733698336993370033701337023370333704337053370633707337083370933710337113371233713337143371533716337173371833719337203372133722337233372433725337263372733728337293373033731337323373333734337353373633737337383373933740337413374233743337443374533746337473374833749337503375133752337533375433755337563375733758337593376033761337623376333764337653376633767337683376933770337713377233773337743377533776337773377833779337803378133782337833378433785337863378733788337893379033791337923379333794337953379633797337983379933800338013380233803338043380533806338073380833809338103381133812338133381433815338163381733818338193382033821338223382333824338253382633827338283382933830338313383233833338343383533836338373383833839338403384133842338433384433845338463384733848338493385033851338523385333854338553385633857338583385933860338613386233863338643386533866338673386833869338703387133872338733387433875338763387733878338793388033881338823388333884338853388633887338883388933890338913389233893338943389533896338973389833899339003390133902339033390433905339063390733908339093391033911339123391333914339153391633917339183391933920339213392233923339243392533926339273392833929339303393133932339333393433935339363393733938339393394033941339423394333944339453394633947339483394933950339513395233953339543395533956339573395833959339603396133962339633396433965339663396733968339693397033971339723397333974339753397633977339783397933980339813398233983339843398533986339873398833989339903399133992339933399433995339963399733998339993400034001340023400334004340053400634007340083400934010340113401234013340143401534016340173401834019340203402134022340233402434025340263402734028340293403034031340323403334034340353403634037340383403934040340413404234043340443404534046340473404834049340503405134052340533405434055340563405734058340593406034061340623406334064340653406634067340683406934070340713407234073340743407534076340773407834079340803408134082340833408434085340863408734088340893409034091340923409334094340953409634097340983409934100341013410234103341043410534106341073410834109341103411134112341133411434115341163411734118341193412034121341223412334124341253412634127341283412934130341313413234133341343413534136341373413834139341403414134142341433414434145341463414734148341493415034151341523415334154341553415634157341583415934160341613416234163341643416534166341673416834169341703417134172341733417434175341763417734178341793418034181341823418334184341853418634187341883418934190341913419234193341943419534196341973419834199342003420134202342033420434205342063420734208342093421034211342123421334214342153421634217342183421934220342213422234223342243422534226342273422834229342303423134232342333423434235342363423734238342393424034241342423424334244342453424634247342483424934250342513425234253342543425534256342573425834259342603426134262342633426434265342663426734268342693427034271342723427334274342753427634277342783427934280342813428234283342843428534286342873428834289342903429134292342933429434295342963429734298342993430034301343023430334304343053430634307343083430934310343113431234313343143431534316343173431834319343203432134322343233432434325343263432734328343293433034331343323433334334343353433634337343383433934340343413434234343343443434534346343473434834349343503435134352343533435434355343563435734358343593436034361343623436334364343653436634367343683436934370343713437234373343743437534376343773437834379343803438134382343833438434385343863438734388343893439034391343923439334394343953439634397343983439934400344013440234403344043440534406344073440834409344103441134412344133441434415344163441734418344193442034421344223442334424344253442634427344283442934430344313443234433344343443534436344373443834439344403444134442344433444434445344463444734448344493445034451344523445334454344553445634457344583445934460344613446234463344643446534466344673446834469344703447134472344733447434475344763447734478344793448034481344823448334484344853448634487344883448934490344913449234493344943449534496344973449834499345003450134502345033450434505345063450734508345093451034511345123451334514345153451634517345183451934520345213452234523345243452534526345273452834529345303453134532345333453434535345363453734538345393454034541345423454334544345453454634547345483454934550345513455234553345543455534556345573455834559345603456134562345633456434565345663456734568345693457034571345723457334574345753457634577345783457934580345813458234583345843458534586345873458834589345903459134592345933459434595345963459734598345993460034601346023460334604346053460634607346083460934610346113461234613346143461534616346173461834619346203462134622346233462434625346263462734628346293463034631346323463334634346353463634637346383463934640346413464234643346443464534646346473464834649346503465134652346533465434655346563465734658346593466034661346623466334664346653466634667346683466934670346713467234673346743467534676346773467834679346803468134682346833468434685346863468734688346893469034691346923469334694346953469634697346983469934700347013470234703347043470534706347073470834709347103471134712347133471434715347163471734718347193472034721347223472334724347253472634727347283472934730347313473234733347343473534736347373473834739347403474134742347433474434745347463474734748347493475034751347523475334754347553475634757347583475934760347613476234763347643476534766347673476834769347703477134772347733477434775347763477734778347793478034781347823478334784347853478634787347883478934790347913479234793347943479534796347973479834799348003480134802348033480434805348063480734808348093481034811348123481334814348153481634817348183481934820348213482234823348243482534826348273482834829348303483134832348333483434835348363483734838348393484034841348423484334844348453484634847348483484934850348513485234853348543485534856348573485834859348603486134862348633486434865348663486734868348693487034871348723487334874348753487634877348783487934880348813488234883348843488534886348873488834889348903489134892348933489434895348963489734898348993490034901349023490334904349053490634907349083490934910349113491234913349143491534916349173491834919349203492134922349233492434925349263492734928349293493034931349323493334934349353493634937349383493934940349413494234943349443494534946349473494834949349503495134952349533495434955349563495734958349593496034961349623496334964349653496634967349683496934970349713497234973349743497534976349773497834979349803498134982349833498434985349863498734988349893499034991349923499334994349953499634997349983499935000350013500235003350043500535006350073500835009350103501135012350133501435015350163501735018350193502035021350223502335024350253502635027350283502935030350313503235033350343503535036350373503835039350403504135042350433504435045350463504735048350493505035051350523505335054350553505635057350583505935060350613506235063350643506535066350673506835069350703507135072350733507435075350763507735078350793508035081350823508335084350853508635087350883508935090350913509235093350943509535096350973509835099351003510135102351033510435105351063510735108351093511035111351123511335114351153511635117351183511935120351213512235123351243512535126351273512835129351303513135132351333513435135351363513735138351393514035141351423514335144351453514635147351483514935150351513515235153351543515535156351573515835159351603516135162351633516435165351663516735168351693517035171351723517335174351753517635177351783517935180351813518235183351843518535186351873518835189351903519135192351933519435195351963519735198351993520035201352023520335204352053520635207352083520935210352113521235213352143521535216352173521835219352203522135222352233522435225352263522735228352293523035231352323523335234352353523635237352383523935240352413524235243352443524535246352473524835249352503525135252352533525435255352563525735258352593526035261352623526335264352653526635267352683526935270352713527235273352743527535276352773527835279352803528135282352833528435285352863528735288352893529035291352923529335294352953529635297352983529935300353013530235303353043530535306353073530835309353103531135312353133531435315353163531735318353193532035321353223532335324353253532635327353283532935330353313533235333353343533535336353373533835339353403534135342353433534435345353463534735348353493535035351353523535335354353553535635357353583535935360353613536235363353643536535366353673536835369353703537135372353733537435375353763537735378353793538035381353823538335384353853538635387353883538935390353913539235393353943539535396353973539835399354003540135402354033540435405354063540735408354093541035411354123541335414354153541635417354183541935420354213542235423354243542535426354273542835429354303543135432354333543435435354363543735438354393544035441354423544335444354453544635447354483544935450354513545235453354543545535456354573545835459354603546135462354633546435465354663546735468354693547035471354723547335474354753547635477354783547935480354813548235483354843548535486354873548835489354903549135492354933549435495354963549735498354993550035501355023550335504355053550635507355083550935510355113551235513355143551535516355173551835519355203552135522355233552435525355263552735528355293553035531355323553335534355353553635537355383553935540355413554235543355443554535546355473554835549355503555135552355533555435555355563555735558355593556035561355623556335564355653556635567355683556935570355713557235573355743557535576355773557835579355803558135582355833558435585355863558735588355893559035591355923559335594355953559635597355983559935600356013560235603356043560535606356073560835609356103561135612356133561435615356163561735618356193562035621356223562335624356253562635627356283562935630356313563235633356343563535636356373563835639356403564135642356433564435645356463564735648356493565035651356523565335654356553565635657356583565935660356613566235663356643566535666356673566835669356703567135672356733567435675356763567735678356793568035681356823568335684356853568635687356883568935690356913569235693356943569535696356973569835699357003570135702357033570435705357063570735708357093571035711357123571335714357153571635717357183571935720357213572235723357243572535726357273572835729357303573135732357333573435735357363573735738357393574035741357423574335744357453574635747357483574935750357513575235753357543575535756357573575835759357603576135762357633576435765357663576735768357693577035771357723577335774357753577635777357783577935780357813578235783357843578535786357873578835789357903579135792357933579435795357963579735798357993580035801358023580335804358053580635807358083580935810358113581235813358143581535816358173581835819358203582135822358233582435825358263582735828358293583035831358323583335834358353583635837358383583935840358413584235843358443584535846358473584835849358503585135852358533585435855358563585735858358593586035861358623586335864358653586635867358683586935870358713587235873358743587535876358773587835879358803588135882358833588435885358863588735888358893589035891358923589335894358953589635897358983589935900359013590235903359043590535906359073590835909359103591135912359133591435915359163591735918359193592035921359223592335924359253592635927359283592935930359313593235933359343593535936359373593835939359403594135942359433594435945359463594735948359493595035951359523595335954359553595635957359583595935960359613596235963359643596535966359673596835969359703597135972359733597435975359763597735978359793598035981359823598335984359853598635987359883598935990359913599235993359943599535996359973599835999360003600136002360033600436005360063600736008360093601036011360123601336014360153601636017360183601936020360213602236023360243602536026360273602836029360303603136032360333603436035360363603736038360393604036041360423604336044360453604636047360483604936050360513605236053360543605536056360573605836059360603606136062360633606436065360663606736068360693607036071360723607336074360753607636077360783607936080360813608236083360843608536086360873608836089360903609136092360933609436095360963609736098360993610036101361023610336104361053610636107361083610936110361113611236113361143611536116361173611836119361203612136122361233612436125361263612736128361293613036131361323613336134361353613636137361383613936140361413614236143361443614536146361473614836149361503615136152361533615436155361563615736158361593616036161361623616336164361653616636167361683616936170361713617236173361743617536176361773617836179361803618136182361833618436185361863618736188361893619036191361923619336194361953619636197361983619936200362013620236203362043620536206362073620836209362103621136212362133621436215362163621736218362193622036221362223622336224362253622636227362283622936230362313623236233362343623536236362373623836239362403624136242362433624436245362463624736248362493625036251362523625336254362553625636257362583625936260362613626236263362643626536266362673626836269362703627136272362733627436275362763627736278362793628036281362823628336284362853628636287362883628936290362913629236293362943629536296362973629836299363003630136302363033630436305363063630736308363093631036311363123631336314363153631636317363183631936320363213632236323363243632536326363273632836329363303633136332363333633436335363363633736338363393634036341363423634336344363453634636347363483634936350363513635236353363543635536356363573635836359363603636136362363633636436365363663636736368363693637036371363723637336374363753637636377363783637936380363813638236383363843638536386363873638836389363903639136392363933639436395363963639736398363993640036401364023640336404364053640636407364083640936410364113641236413364143641536416364173641836419364203642136422364233642436425364263642736428364293643036431364323643336434364353643636437364383643936440364413644236443364443644536446364473644836449364503645136452364533645436455364563645736458364593646036461364623646336464364653646636467364683646936470364713647236473364743647536476364773647836479364803648136482364833648436485364863648736488364893649036491364923649336494364953649636497364983649936500365013650236503365043650536506365073650836509365103651136512365133651436515365163651736518365193652036521365223652336524365253652636527365283652936530365313653236533365343653536536365373653836539365403654136542365433654436545365463654736548365493655036551365523655336554365553655636557365583655936560365613656236563365643656536566365673656836569365703657136572365733657436575365763657736578365793658036581365823658336584365853658636587365883658936590365913659236593365943659536596365973659836599366003660136602366033660436605366063660736608366093661036611366123661336614366153661636617366183661936620366213662236623366243662536626366273662836629366303663136632366333663436635366363663736638366393664036641366423664336644366453664636647366483664936650366513665236653366543665536656366573665836659366603666136662366633666436665366663666736668366693667036671366723667336674366753667636677366783667936680366813668236683366843668536686366873668836689366903669136692366933669436695366963669736698366993670036701367023670336704367053670636707367083670936710367113671236713367143671536716367173671836719367203672136722367233672436725367263672736728367293673036731367323673336734367353673636737367383673936740367413674236743367443674536746367473674836749367503675136752367533675436755367563675736758367593676036761367623676336764367653676636767367683676936770367713677236773367743677536776367773677836779367803678136782367833678436785367863678736788367893679036791367923679336794367953679636797367983679936800368013680236803368043680536806368073680836809368103681136812368133681436815368163681736818368193682036821368223682336824368253682636827368283682936830368313683236833368343683536836368373683836839368403684136842368433684436845368463684736848368493685036851368523685336854368553685636857368583685936860368613686236863368643686536866368673686836869368703687136872368733687436875368763687736878368793688036881368823688336884368853688636887368883688936890368913689236893368943689536896368973689836899369003690136902369033690436905369063690736908369093691036911369123691336914369153691636917369183691936920369213692236923369243692536926369273692836929369303693136932369333693436935369363693736938369393694036941369423694336944369453694636947369483694936950369513695236953369543695536956369573695836959369603696136962369633696436965369663696736968369693697036971369723697336974369753697636977369783697936980369813698236983369843698536986369873698836989369903699136992369933699436995369963699736998369993700037001370023700337004370053700637007370083700937010370113701237013370143701537016370173701837019370203702137022370233702437025370263702737028370293703037031370323703337034370353703637037370383703937040370413704237043370443704537046370473704837049370503705137052370533705437055370563705737058370593706037061370623706337064370653706637067370683706937070370713707237073370743707537076370773707837079370803708137082370833708437085370863708737088370893709037091370923709337094370953709637097370983709937100371013710237103371043710537106371073710837109371103711137112371133711437115371163711737118371193712037121371223712337124371253712637127371283712937130371313713237133371343713537136371373713837139371403714137142371433714437145371463714737148371493715037151371523715337154371553715637157371583715937160371613716237163371643716537166371673716837169371703717137172371733717437175371763717737178371793718037181371823718337184371853718637187371883718937190371913719237193371943719537196371973719837199372003720137202372033720437205372063720737208372093721037211372123721337214372153721637217372183721937220372213722237223372243722537226372273722837229372303723137232372333723437235372363723737238372393724037241372423724337244372453724637247372483724937250372513725237253372543725537256372573725837259372603726137262372633726437265372663726737268372693727037271372723727337274372753727637277372783727937280372813728237283372843728537286372873728837289372903729137292372933729437295372963729737298372993730037301373023730337304373053730637307373083730937310373113731237313373143731537316373173731837319373203732137322373233732437325373263732737328373293733037331373323733337334373353733637337373383733937340373413734237343373443734537346373473734837349373503735137352373533735437355373563735737358373593736037361373623736337364373653736637367373683736937370373713737237373373743737537376373773737837379373803738137382373833738437385373863738737388373893739037391373923739337394373953739637397373983739937400374013740237403374043740537406374073740837409374103741137412374133741437415374163741737418374193742037421374223742337424374253742637427374283742937430374313743237433374343743537436374373743837439374403744137442374433744437445374463744737448374493745037451374523745337454374553745637457374583745937460374613746237463374643746537466374673746837469374703747137472374733747437475374763747737478374793748037481374823748337484374853748637487374883748937490374913749237493374943749537496374973749837499375003750137502375033750437505375063750737508375093751037511375123751337514375153751637517375183751937520375213752237523375243752537526375273752837529375303753137532375333753437535375363753737538375393754037541375423754337544375453754637547375483754937550375513755237553375543755537556375573755837559375603756137562375633756437565375663756737568375693757037571375723757337574375753757637577375783757937580375813758237583375843758537586375873758837589375903759137592375933759437595375963759737598375993760037601376023760337604376053760637607376083760937610376113761237613376143761537616376173761837619376203762137622376233762437625376263762737628376293763037631376323763337634376353763637637376383763937640376413764237643376443764537646376473764837649376503765137652376533765437655376563765737658376593766037661376623766337664376653766637667376683766937670376713767237673376743767537676376773767837679376803768137682376833768437685376863768737688376893769037691376923769337694376953769637697376983769937700377013770237703377043770537706377073770837709377103771137712377133771437715377163771737718377193772037721377223772337724377253772637727377283772937730377313773237733377343773537736377373773837739377403774137742377433774437745377463774737748377493775037751377523775337754377553775637757377583775937760377613776237763377643776537766377673776837769377703777137772377733777437775377763777737778377793778037781377823778337784377853778637787377883778937790377913779237793377943779537796377973779837799378003780137802378033780437805378063780737808378093781037811378123781337814378153781637817378183781937820378213782237823378243782537826378273782837829378303783137832378333783437835378363783737838378393784037841378423784337844378453784637847378483784937850378513785237853378543785537856378573785837859378603786137862378633786437865378663786737868378693787037871378723787337874378753787637877378783787937880378813788237883378843788537886378873788837889378903789137892378933789437895378963789737898378993790037901379023790337904379053790637907379083790937910379113791237913379143791537916379173791837919379203792137922379233792437925379263792737928379293793037931379323793337934379353793637937379383793937940379413794237943379443794537946379473794837949379503795137952379533795437955379563795737958379593796037961379623796337964379653796637967379683796937970379713797237973379743797537976379773797837979379803798137982379833798437985379863798737988379893799037991379923799337994379953799637997379983799938000380013800238003380043800538006380073800838009380103801138012380133801438015380163801738018380193802038021380223802338024380253802638027380283802938030380313803238033380343803538036380373803838039380403804138042380433804438045380463804738048380493805038051380523805338054380553805638057380583805938060380613806238063380643806538066380673806838069380703807138072380733807438075380763807738078380793808038081380823808338084380853808638087380883808938090380913809238093380943809538096380973809838099381003810138102381033810438105381063810738108381093811038111381123811338114381153811638117381183811938120381213812238123381243812538126381273812838129381303813138132381333813438135381363813738138381393814038141381423814338144381453814638147381483814938150381513815238153381543815538156381573815838159381603816138162381633816438165381663816738168381693817038171381723817338174381753817638177381783817938180381813818238183381843818538186381873818838189381903819138192381933819438195381963819738198381993820038201382023820338204382053820638207382083820938210382113821238213382143821538216382173821838219382203822138222382233822438225382263822738228382293823038231382323823338234382353823638237382383823938240382413824238243382443824538246382473824838249382503825138252382533825438255382563825738258382593826038261382623826338264382653826638267382683826938270382713827238273382743827538276382773827838279382803828138282382833828438285382863828738288382893829038291382923829338294382953829638297382983829938300383013830238303383043830538306383073830838309383103831138312383133831438315383163831738318383193832038321383223832338324383253832638327383283832938330383313833238333383343833538336383373833838339383403834138342383433834438345383463834738348383493835038351383523835338354383553835638357383583835938360383613836238363383643836538366383673836838369383703837138372383733837438375383763837738378383793838038381383823838338384383853838638387383883838938390383913839238393383943839538396383973839838399384003840138402384033840438405384063840738408384093841038411384123841338414384153841638417384183841938420384213842238423384243842538426384273842838429384303843138432384333843438435384363843738438384393844038441384423844338444384453844638447384483844938450384513845238453384543845538456384573845838459384603846138462384633846438465384663846738468384693847038471384723847338474384753847638477384783847938480384813848238483384843848538486384873848838489384903849138492384933849438495384963849738498384993850038501385023850338504385053850638507385083850938510385113851238513385143851538516385173851838519385203852138522385233852438525385263852738528385293853038531385323853338534385353853638537385383853938540385413854238543385443854538546385473854838549385503855138552385533855438555385563855738558385593856038561385623856338564385653856638567385683856938570385713857238573385743857538576385773857838579385803858138582385833858438585385863858738588385893859038591385923859338594385953859638597385983859938600386013860238603386043860538606386073860838609386103861138612386133861438615386163861738618386193862038621386223862338624386253862638627386283862938630386313863238633386343863538636386373863838639386403864138642386433864438645386463864738648386493865038651386523865338654386553865638657386583865938660386613866238663386643866538666386673866838669386703867138672386733867438675386763867738678386793868038681386823868338684386853868638687386883868938690386913869238693386943869538696386973869838699387003870138702387033870438705387063870738708387093871038711387123871338714387153871638717387183871938720387213872238723387243872538726387273872838729387303873138732387333873438735387363873738738387393874038741387423874338744387453874638747387483874938750387513875238753387543875538756387573875838759387603876138762387633876438765387663876738768387693877038771387723877338774387753877638777387783877938780387813878238783387843878538786387873878838789387903879138792387933879438795387963879738798387993880038801388023880338804388053880638807388083880938810388113881238813388143881538816388173881838819388203882138822388233882438825388263882738828388293883038831388323883338834388353883638837388383883938840388413884238843388443884538846388473884838849388503885138852388533885438855388563885738858388593886038861388623886338864388653886638867388683886938870388713887238873388743887538876388773887838879388803888138882388833888438885388863888738888388893889038891388923889338894388953889638897388983889938900389013890238903389043890538906389073890838909389103891138912389133891438915389163891738918389193892038921389223892338924389253892638927389283892938930389313893238933389343893538936389373893838939389403894138942389433894438945389463894738948389493895038951389523895338954389553895638957389583895938960389613896238963389643896538966389673896838969389703897138972389733897438975389763897738978389793898038981389823898338984389853898638987389883898938990389913899238993389943899538996389973899838999390003900139002390033900439005390063900739008390093901039011390123901339014390153901639017390183901939020390213902239023390243902539026390273902839029390303903139032390333903439035390363903739038390393904039041390423904339044390453904639047390483904939050390513905239053390543905539056390573905839059390603906139062390633906439065390663906739068390693907039071390723907339074390753907639077390783907939080390813908239083390843908539086390873908839089390903909139092390933909439095390963909739098390993910039101391023910339104391053910639107391083910939110391113911239113391143911539116391173911839119391203912139122391233912439125391263912739128391293913039131391323913339134391353913639137391383913939140391413914239143391443914539146391473914839149391503915139152391533915439155391563915739158391593916039161391623916339164391653916639167391683916939170391713917239173391743917539176391773917839179391803918139182391833918439185391863918739188391893919039191391923919339194391953919639197391983919939200392013920239203392043920539206392073920839209392103921139212392133921439215392163921739218392193922039221392223922339224392253922639227392283922939230392313923239233392343923539236392373923839239392403924139242392433924439245392463924739248392493925039251392523925339254392553925639257392583925939260392613926239263392643926539266392673926839269392703927139272392733927439275392763927739278392793928039281392823928339284392853928639287392883928939290392913929239293392943929539296392973929839299393003930139302393033930439305393063930739308393093931039311393123931339314393153931639317393183931939320393213932239323393243932539326393273932839329393303933139332393333933439335393363933739338393393934039341393423934339344393453934639347393483934939350393513935239353393543935539356393573935839359393603936139362393633936439365393663936739368393693937039371393723937339374393753937639377393783937939380393813938239383393843938539386393873938839389393903939139392393933939439395393963939739398393993940039401394023940339404394053940639407394083940939410394113941239413394143941539416394173941839419394203942139422394233942439425394263942739428394293943039431394323943339434394353943639437394383943939440394413944239443394443944539446394473944839449394503945139452394533945439455394563945739458394593946039461394623946339464394653946639467394683946939470394713947239473394743947539476394773947839479394803948139482394833948439485394863948739488394893949039491394923949339494394953949639497394983949939500395013950239503395043950539506395073950839509395103951139512395133951439515395163951739518395193952039521395223952339524395253952639527395283952939530395313953239533395343953539536395373953839539395403954139542395433954439545395463954739548395493955039551395523955339554395553955639557395583955939560395613956239563395643956539566395673956839569395703957139572395733957439575395763957739578395793958039581395823958339584395853958639587395883958939590395913959239593395943959539596395973959839599396003960139602396033960439605396063960739608396093961039611396123961339614396153961639617396183961939620396213962239623396243962539626396273962839629396303963139632396333963439635396363963739638396393964039641396423964339644396453964639647396483964939650396513965239653396543965539656396573965839659396603966139662396633966439665396663966739668396693967039671396723967339674396753967639677396783967939680396813968239683396843968539686396873968839689396903969139692396933969439695396963969739698396993970039701397023970339704397053970639707397083970939710397113971239713397143971539716397173971839719397203972139722397233972439725397263972739728397293973039731397323973339734397353973639737397383973939740397413974239743397443974539746397473974839749397503975139752397533975439755397563975739758397593976039761397623976339764397653976639767397683976939770397713977239773397743977539776397773977839779397803978139782397833978439785397863978739788397893979039791397923979339794397953979639797397983979939800398013980239803398043980539806398073980839809398103981139812398133981439815398163981739818398193982039821398223982339824398253982639827398283982939830398313983239833398343983539836398373983839839398403984139842398433984439845398463984739848398493985039851398523985339854398553985639857398583985939860398613986239863398643986539866398673986839869398703987139872398733987439875398763987739878398793988039881398823988339884398853988639887398883988939890398913989239893398943989539896398973989839899399003990139902399033990439905399063990739908399093991039911399123991339914399153991639917399183991939920399213992239923399243992539926399273992839929399303993139932399333993439935399363993739938399393994039941399423994339944399453994639947399483994939950399513995239953399543995539956399573995839959399603996139962399633996439965399663996739968399693997039971399723997339974399753997639977399783997939980399813998239983399843998539986399873998839989399903999139992399933999439995399963999739998399994000040001400024000340004400054000640007400084000940010400114001240013400144001540016400174001840019400204002140022400234002440025400264002740028400294003040031400324003340034400354003640037400384003940040400414004240043400444004540046400474004840049400504005140052400534005440055400564005740058400594006040061400624006340064400654006640067400684006940070400714007240073400744007540076400774007840079400804008140082400834008440085400864008740088400894009040091400924009340094400954009640097400984009940100401014010240103401044010540106401074010840109401104011140112401134011440115401164011740118401194012040121401224012340124401254012640127401284012940130401314013240133401344013540136401374013840139401404014140142401434014440145401464014740148401494015040151401524015340154401554015640157401584015940160401614016240163401644016540166401674016840169401704017140172401734017440175401764017740178401794018040181401824018340184401854018640187401884018940190401914019240193401944019540196401974019840199402004020140202402034020440205402064020740208402094021040211402124021340214402154021640217402184021940220402214022240223402244022540226402274022840229402304023140232402334023440235402364023740238402394024040241402424024340244402454024640247402484024940250402514025240253402544025540256402574025840259402604026140262402634026440265402664026740268402694027040271402724027340274402754027640277402784027940280402814028240283402844028540286402874028840289402904029140292402934029440295402964029740298402994030040301403024030340304403054030640307403084030940310403114031240313403144031540316403174031840319403204032140322403234032440325403264032740328403294033040331403324033340334403354033640337403384033940340403414034240343403444034540346403474034840349403504035140352403534035440355403564035740358403594036040361403624036340364403654036640367403684036940370403714037240373403744037540376403774037840379403804038140382403834038440385403864038740388403894039040391403924039340394403954039640397403984039940400404014040240403404044040540406404074040840409404104041140412404134041440415404164041740418404194042040421404224042340424404254042640427404284042940430404314043240433404344043540436404374043840439404404044140442404434044440445404464044740448404494045040451404524045340454404554045640457404584045940460404614046240463404644046540466404674046840469404704047140472404734047440475404764047740478404794048040481404824048340484404854048640487404884048940490404914049240493404944049540496404974049840499405004050140502405034050440505405064050740508405094051040511405124051340514405154051640517405184051940520405214052240523405244052540526405274052840529405304053140532405334053440535405364053740538405394054040541405424054340544405454054640547405484054940550405514055240553405544055540556405574055840559405604056140562405634056440565405664056740568405694057040571405724057340574405754057640577405784057940580405814058240583405844058540586405874058840589405904059140592405934059440595405964059740598405994060040601406024060340604406054060640607406084060940610406114061240613406144061540616406174061840619406204062140622406234062440625406264062740628406294063040631406324063340634406354063640637406384063940640406414064240643406444064540646406474064840649406504065140652406534065440655406564065740658406594066040661406624066340664406654066640667406684066940670406714067240673406744067540676406774067840679406804068140682406834068440685406864068740688406894069040691406924069340694406954069640697406984069940700407014070240703407044070540706407074070840709407104071140712407134071440715407164071740718407194072040721407224072340724407254072640727407284072940730407314073240733407344073540736407374073840739407404074140742407434074440745407464074740748407494075040751407524075340754407554075640757407584075940760407614076240763407644076540766407674076840769407704077140772407734077440775407764077740778407794078040781407824078340784407854078640787407884078940790407914079240793407944079540796407974079840799408004080140802408034080440805408064080740808408094081040811408124081340814408154081640817408184081940820408214082240823408244082540826408274082840829408304083140832408334083440835408364083740838408394084040841408424084340844408454084640847408484084940850408514085240853408544085540856408574085840859408604086140862408634086440865408664086740868408694087040871408724087340874408754087640877408784087940880408814088240883408844088540886408874088840889408904089140892408934089440895408964089740898408994090040901409024090340904409054090640907409084090940910409114091240913409144091540916409174091840919409204092140922409234092440925409264092740928409294093040931409324093340934409354093640937409384093940940409414094240943409444094540946409474094840949409504095140952409534095440955409564095740958409594096040961409624096340964409654096640967409684096940970409714097240973409744097540976409774097840979409804098140982409834098440985409864098740988409894099040991409924099340994409954099640997409984099941000410014100241003410044100541006410074100841009410104101141012410134101441015410164101741018410194102041021410224102341024410254102641027410284102941030410314103241033410344103541036410374103841039410404104141042410434104441045410464104741048410494105041051410524105341054410554105641057410584105941060410614106241063410644106541066410674106841069410704107141072410734107441075410764107741078410794108041081410824108341084410854108641087410884108941090410914109241093410944109541096410974109841099411004110141102411034110441105411064110741108411094111041111411124111341114411154111641117411184111941120411214112241123411244112541126411274112841129411304113141132411334113441135411364113741138411394114041141411424114341144411454114641147411484114941150411514115241153411544115541156411574115841159411604116141162411634116441165411664116741168411694117041171411724117341174411754117641177411784117941180411814118241183411844118541186411874118841189411904119141192411934119441195411964119741198411994120041201412024120341204412054120641207412084120941210412114121241213412144121541216412174121841219412204122141222412234122441225412264122741228412294123041231412324123341234412354123641237412384123941240412414124241243412444124541246412474124841249412504125141252412534125441255412564125741258412594126041261412624126341264412654126641267412684126941270412714127241273412744127541276412774127841279412804128141282412834128441285412864128741288412894129041291412924129341294412954129641297412984129941300413014130241303413044130541306413074130841309413104131141312413134131441315413164131741318413194132041321413224132341324413254132641327413284132941330413314133241333413344133541336413374133841339413404134141342413434134441345413464134741348413494135041351413524135341354413554135641357413584135941360413614136241363413644136541366413674136841369413704137141372413734137441375413764137741378413794138041381413824138341384413854138641387413884138941390413914139241393413944139541396413974139841399414004140141402414034140441405414064140741408414094141041411414124141341414414154141641417414184141941420414214142241423414244142541426414274142841429414304143141432414334143441435414364143741438414394144041441414424144341444414454144641447414484144941450414514145241453414544145541456414574145841459414604146141462414634146441465414664146741468414694147041471414724147341474414754147641477414784147941480414814148241483414844148541486414874148841489414904149141492414934149441495414964149741498414994150041501415024150341504415054150641507415084150941510415114151241513415144151541516415174151841519415204152141522415234152441525415264152741528415294153041531415324153341534415354153641537415384153941540415414154241543415444154541546415474154841549415504155141552415534155441555415564155741558415594156041561415624156341564415654156641567415684156941570415714157241573415744157541576415774157841579415804158141582415834158441585415864158741588415894159041591415924159341594415954159641597415984159941600416014160241603416044160541606416074160841609416104161141612416134161441615416164161741618416194162041621416224162341624416254162641627416284162941630416314163241633416344163541636416374163841639416404164141642416434164441645416464164741648416494165041651416524165341654416554165641657416584165941660416614166241663416644166541666416674166841669416704167141672416734167441675416764167741678416794168041681416824168341684416854168641687416884168941690416914169241693416944169541696416974169841699417004170141702417034170441705417064170741708417094171041711417124171341714417154171641717417184171941720417214172241723417244172541726417274172841729417304173141732417334173441735417364173741738417394174041741417424174341744417454174641747417484174941750417514175241753417544175541756417574175841759417604176141762417634176441765417664176741768417694177041771417724177341774417754177641777417784177941780417814178241783417844178541786417874178841789417904179141792417934179441795417964179741798417994180041801418024180341804418054180641807418084180941810418114181241813418144181541816418174181841819418204182141822418234182441825418264182741828418294183041831418324183341834418354183641837418384183941840418414184241843418444184541846418474184841849418504185141852418534185441855418564185741858418594186041861418624186341864418654186641867418684186941870418714187241873418744187541876418774187841879418804188141882418834188441885418864188741888418894189041891418924189341894418954189641897418984189941900419014190241903419044190541906419074190841909419104191141912419134191441915419164191741918419194192041921419224192341924419254192641927419284192941930419314193241933419344193541936419374193841939419404194141942419434194441945419464194741948419494195041951419524195341954419554195641957419584195941960419614196241963419644196541966419674196841969419704197141972419734197441975419764197741978419794198041981419824198341984419854198641987419884198941990419914199241993419944199541996419974199841999420004200142002420034200442005420064200742008420094201042011420124201342014420154201642017420184201942020420214202242023420244202542026420274202842029420304203142032420334203442035420364203742038420394204042041420424204342044420454204642047420484204942050420514205242053420544205542056420574205842059420604206142062420634206442065420664206742068420694207042071420724207342074420754207642077420784207942080420814208242083420844208542086420874208842089420904209142092420934209442095420964209742098420994210042101421024210342104421054210642107421084210942110421114211242113421144211542116421174211842119421204212142122421234212442125421264212742128421294213042131421324213342134421354213642137421384213942140421414214242143421444214542146421474214842149421504215142152421534215442155421564215742158421594216042161421624216342164421654216642167421684216942170421714217242173421744217542176421774217842179421804218142182421834218442185421864218742188421894219042191421924219342194421954219642197421984219942200422014220242203422044220542206422074220842209422104221142212422134221442215422164221742218422194222042221422224222342224422254222642227422284222942230422314223242233422344223542236422374223842239422404224142242422434224442245422464224742248422494225042251422524225342254422554225642257422584225942260422614226242263422644226542266422674226842269422704227142272422734227442275422764227742278422794228042281422824228342284422854228642287422884228942290422914229242293422944229542296422974229842299423004230142302423034230442305423064230742308423094231042311423124231342314423154231642317423184231942320423214232242323423244232542326423274232842329423304233142332423334233442335423364233742338423394234042341423424234342344423454234642347423484234942350423514235242353423544235542356423574235842359423604236142362423634236442365423664236742368423694237042371423724237342374423754237642377423784237942380423814238242383423844238542386423874238842389423904239142392423934239442395423964239742398423994240042401424024240342404424054240642407424084240942410424114241242413424144241542416424174241842419424204242142422424234242442425424264242742428424294243042431424324243342434424354243642437424384243942440424414244242443424444244542446424474244842449424504245142452424534245442455424564245742458424594246042461424624246342464424654246642467424684246942470424714247242473424744247542476424774247842479424804248142482424834248442485424864248742488424894249042491424924249342494424954249642497424984249942500425014250242503425044250542506425074250842509425104251142512425134251442515425164251742518425194252042521425224252342524425254252642527425284252942530425314253242533425344253542536425374253842539425404254142542425434254442545425464254742548425494255042551425524255342554425554255642557425584255942560425614256242563425644256542566425674256842569425704257142572425734257442575425764257742578425794258042581425824258342584425854258642587425884258942590425914259242593425944259542596425974259842599426004260142602426034260442605426064260742608426094261042611426124261342614426154261642617426184261942620426214262242623426244262542626426274262842629426304263142632426334263442635426364263742638426394264042641426424264342644426454264642647426484264942650426514265242653426544265542656426574265842659426604266142662426634266442665426664266742668426694267042671426724267342674426754267642677426784267942680426814268242683426844268542686426874268842689426904269142692426934269442695426964269742698426994270042701427024270342704427054270642707427084270942710427114271242713427144271542716427174271842719427204272142722427234272442725427264272742728427294273042731427324273342734427354273642737427384273942740427414274242743427444274542746427474274842749427504275142752427534275442755427564275742758427594276042761427624276342764427654276642767427684276942770427714277242773427744277542776427774277842779427804278142782427834278442785427864278742788427894279042791427924279342794427954279642797427984279942800428014280242803428044280542806428074280842809428104281142812428134281442815428164281742818428194282042821428224282342824428254282642827428284282942830428314283242833428344283542836428374283842839428404284142842428434284442845428464284742848428494285042851428524285342854428554285642857428584285942860428614286242863428644286542866428674286842869428704287142872428734287442875428764287742878428794288042881428824288342884428854288642887428884288942890428914289242893428944289542896428974289842899429004290142902429034290442905429064290742908429094291042911429124291342914429154291642917429184291942920429214292242923429244292542926429274292842929429304293142932429334293442935429364293742938429394294042941429424294342944429454294642947429484294942950429514295242953429544295542956429574295842959429604296142962429634296442965429664296742968429694297042971429724297342974429754297642977429784297942980429814298242983429844298542986429874298842989429904299142992429934299442995429964299742998429994300043001430024300343004430054300643007430084300943010430114301243013430144301543016430174301843019430204302143022430234302443025430264302743028430294303043031430324303343034430354303643037430384303943040430414304243043430444304543046430474304843049430504305143052430534305443055430564305743058430594306043061430624306343064430654306643067430684306943070430714307243073430744307543076430774307843079430804308143082430834308443085430864308743088430894309043091430924309343094430954309643097430984309943100431014310243103431044310543106431074310843109431104311143112431134311443115431164311743118431194312043121431224312343124431254312643127431284312943130431314313243133431344313543136431374313843139431404314143142431434314443145431464314743148431494315043151431524315343154431554315643157431584315943160431614316243163431644316543166431674316843169431704317143172431734317443175431764317743178431794318043181431824318343184431854318643187431884318943190431914319243193431944319543196431974319843199432004320143202432034320443205432064320743208432094321043211432124321343214432154321643217432184321943220432214322243223432244322543226432274322843229432304323143232432334323443235432364323743238432394324043241432424324343244432454324643247432484324943250432514325243253432544325543256432574325843259432604326143262432634326443265432664326743268432694327043271432724327343274432754327643277432784327943280432814328243283432844328543286432874328843289432904329143292432934329443295432964329743298432994330043301433024330343304433054330643307433084330943310433114331243313433144331543316433174331843319433204332143322433234332443325433264332743328433294333043331433324333343334433354333643337433384333943340433414334243343433444334543346433474334843349433504335143352433534335443355433564335743358433594336043361433624336343364433654336643367433684336943370433714337243373433744337543376433774337843379433804338143382433834338443385433864338743388433894339043391433924339343394433954339643397433984339943400434014340243403434044340543406434074340843409434104341143412434134341443415434164341743418434194342043421434224342343424434254342643427434284342943430434314343243433434344343543436434374343843439434404344143442434434344443445434464344743448434494345043451434524345343454434554345643457434584345943460434614346243463434644346543466434674346843469434704347143472434734347443475434764347743478434794348043481434824348343484434854348643487434884348943490434914349243493434944349543496434974349843499435004350143502435034350443505435064350743508435094351043511435124351343514435154351643517435184351943520435214352243523435244352543526435274352843529435304353143532435334353443535435364353743538435394354043541435424354343544435454354643547435484354943550435514355243553435544355543556435574355843559435604356143562435634356443565435664356743568435694357043571435724357343574435754357643577435784357943580435814358243583435844358543586435874358843589435904359143592435934359443595435964359743598435994360043601436024360343604436054360643607436084360943610436114361243613436144361543616436174361843619436204362143622436234362443625436264362743628436294363043631436324363343634436354363643637436384363943640436414364243643436444364543646436474364843649436504365143652436534365443655436564365743658436594366043661436624366343664436654366643667436684366943670436714367243673436744367543676436774367843679436804368143682436834368443685436864368743688436894369043691436924369343694436954369643697436984369943700437014370243703437044370543706437074370843709437104371143712437134371443715437164371743718437194372043721437224372343724437254372643727437284372943730437314373243733437344373543736437374373843739437404374143742437434374443745437464374743748437494375043751437524375343754437554375643757437584375943760437614376243763437644376543766437674376843769437704377143772437734377443775437764377743778437794378043781437824378343784437854378643787437884378943790437914379243793437944379543796437974379843799438004380143802438034380443805438064380743808438094381043811438124381343814438154381643817438184381943820438214382243823438244382543826438274382843829438304383143832438334383443835438364383743838438394384043841438424384343844438454384643847438484384943850438514385243853438544385543856438574385843859438604386143862438634386443865438664386743868438694387043871438724387343874438754387643877438784387943880438814388243883438844388543886438874388843889438904389143892438934389443895438964389743898438994390043901439024390343904439054390643907439084390943910439114391243913439144391543916439174391843919439204392143922439234392443925439264392743928439294393043931439324393343934439354393643937439384393943940439414394243943439444394543946439474394843949439504395143952439534395443955439564395743958439594396043961439624396343964439654396643967439684396943970439714397243973439744397543976439774397843979439804398143982439834398443985439864398743988439894399043991439924399343994439954399643997439984399944000440014400244003440044400544006440074400844009440104401144012440134401444015440164401744018440194402044021440224402344024440254402644027440284402944030440314403244033440344403544036440374403844039440404404144042440434404444045440464404744048440494405044051440524405344054440554405644057440584405944060440614406244063440644406544066440674406844069440704407144072440734407444075440764407744078440794408044081440824408344084440854408644087440884408944090440914409244093440944409544096440974409844099441004410144102441034410444105441064410744108441094411044111441124411344114441154411644117441184411944120441214412244123441244412544126441274412844129441304413144132441334413444135441364413744138441394414044141441424414344144441454414644147441484414944150441514415244153441544415544156441574415844159441604416144162441634416444165441664416744168441694417044171441724417344174441754417644177441784417944180441814418244183441844418544186441874418844189441904419144192441934419444195441964419744198441994420044201442024420344204442054420644207442084420944210442114421244213442144421544216442174421844219442204422144222442234422444225442264422744228442294423044231442324423344234442354423644237442384423944240442414424244243442444424544246442474424844249442504425144252442534425444255442564425744258442594426044261442624426344264442654426644267442684426944270442714427244273442744427544276442774427844279442804428144282442834428444285442864428744288442894429044291442924429344294442954429644297442984429944300443014430244303443044430544306443074430844309443104431144312443134431444315443164431744318443194432044321443224432344324443254432644327443284432944330443314433244333443344433544336443374433844339443404434144342443434434444345443464434744348443494435044351443524435344354443554435644357443584435944360443614436244363443644436544366443674436844369443704437144372443734437444375443764437744378443794438044381443824438344384443854438644387443884438944390443914439244393443944439544396443974439844399444004440144402444034440444405444064440744408444094441044411444124441344414444154441644417444184441944420444214442244423444244442544426444274442844429444304443144432444334443444435444364443744438444394444044441444424444344444444454444644447444484444944450444514445244453444544445544456444574445844459444604446144462444634446444465444664446744468444694447044471444724447344474444754447644477444784447944480444814448244483444844448544486444874448844489444904449144492444934449444495444964449744498444994450044501445024450344504445054450644507445084450944510445114451244513445144451544516445174451844519445204452144522445234452444525445264452744528445294453044531445324453344534445354453644537445384453944540445414454244543445444454544546445474454844549445504455144552445534455444555445564455744558445594456044561445624456344564445654456644567445684456944570445714457244573445744457544576445774457844579445804458144582445834458444585445864458744588445894459044591445924459344594445954459644597445984459944600446014460244603446044460544606446074460844609446104461144612446134461444615446164461744618446194462044621446224462344624446254462644627446284462944630446314463244633446344463544636446374463844639446404464144642446434464444645446464464744648446494465044651446524465344654446554465644657446584465944660446614466244663446644466544666446674466844669446704467144672446734467444675446764467744678446794468044681446824468344684446854468644687446884468944690446914469244693446944469544696446974469844699447004470144702447034470444705447064470744708447094471044711447124471344714447154471644717447184471944720447214472244723447244472544726447274472844729447304473144732447334473444735447364473744738447394474044741447424474344744447454474644747447484474944750447514475244753447544475544756447574475844759447604476144762447634476444765447664476744768447694477044771447724477344774447754477644777447784477944780447814478244783447844478544786447874478844789447904479144792447934479444795447964479744798447994480044801448024480344804448054480644807448084480944810448114481244813448144481544816448174481844819448204482144822448234482444825448264482744828448294483044831448324483344834448354483644837448384483944840448414484244843448444484544846448474484844849448504485144852448534485444855448564485744858448594486044861448624486344864448654486644867448684486944870448714487244873448744487544876448774487844879448804488144882448834488444885448864488744888448894489044891448924489344894448954489644897448984489944900449014490244903449044490544906449074490844909449104491144912449134491444915449164491744918449194492044921449224492344924449254492644927449284492944930449314493244933449344493544936449374493844939449404494144942449434494444945449464494744948449494495044951449524495344954449554495644957449584495944960449614496244963449644496544966449674496844969449704497144972449734497444975449764497744978449794498044981449824498344984449854498644987449884498944990449914499244993449944499544996449974499844999450004500145002450034500445005450064500745008450094501045011450124501345014450154501645017450184501945020450214502245023450244502545026450274502845029450304503145032450334503445035450364503745038450394504045041450424504345044450454504645047450484504945050450514505245053450544505545056450574505845059450604506145062450634506445065450664506745068450694507045071450724507345074450754507645077450784507945080450814508245083450844508545086450874508845089450904509145092450934509445095450964509745098450994510045101451024510345104451054510645107451084510945110451114511245113451144511545116451174511845119451204512145122451234512445125451264512745128451294513045131451324513345134451354513645137451384513945140451414514245143451444514545146451474514845149451504515145152451534515445155451564515745158451594516045161451624516345164451654516645167451684516945170451714517245173451744517545176451774517845179451804518145182451834518445185451864518745188451894519045191451924519345194451954519645197451984519945200452014520245203452044520545206452074520845209452104521145212452134521445215452164521745218452194522045221452224522345224452254522645227452284522945230452314523245233452344523545236452374523845239452404524145242452434524445245452464524745248452494525045251452524525345254452554525645257452584525945260452614526245263452644526545266452674526845269452704527145272452734527445275452764527745278452794528045281452824528345284452854528645287452884528945290452914529245293452944529545296452974529845299453004530145302453034530445305453064530745308453094531045311453124531345314453154531645317453184531945320453214532245323453244532545326453274532845329453304533145332453334533445335453364533745338453394534045341453424534345344453454534645347453484534945350453514535245353453544535545356453574535845359453604536145362453634536445365453664536745368453694537045371453724537345374453754537645377453784537945380453814538245383453844538545386453874538845389453904539145392453934539445395453964539745398453994540045401454024540345404454054540645407454084540945410454114541245413454144541545416454174541845419454204542145422454234542445425454264542745428454294543045431454324543345434454354543645437454384543945440454414544245443454444544545446454474544845449454504545145452454534545445455454564545745458454594546045461454624546345464454654546645467454684546945470454714547245473454744547545476454774547845479454804548145482454834548445485454864548745488454894549045491454924549345494454954549645497454984549945500455014550245503455044550545506455074550845509455104551145512455134551445515455164551745518455194552045521455224552345524455254552645527455284552945530455314553245533455344553545536455374553845539455404554145542455434554445545455464554745548455494555045551455524555345554455554555645557455584555945560455614556245563455644556545566455674556845569455704557145572455734557445575455764557745578455794558045581455824558345584455854558645587455884558945590455914559245593455944559545596455974559845599456004560145602456034560445605456064560745608456094561045611456124561345614456154561645617456184561945620456214562245623456244562545626456274562845629456304563145632456334563445635456364563745638456394564045641456424564345644456454564645647456484564945650456514565245653456544565545656456574565845659456604566145662456634566445665456664566745668456694567045671456724567345674456754567645677456784567945680456814568245683456844568545686456874568845689456904569145692456934569445695456964569745698456994570045701457024570345704457054570645707457084570945710457114571245713457144571545716457174571845719457204572145722457234572445725457264572745728457294573045731457324573345734457354573645737457384573945740457414574245743457444574545746457474574845749457504575145752457534575445755457564575745758457594576045761457624576345764457654576645767457684576945770457714577245773457744577545776457774577845779457804578145782457834578445785457864578745788457894579045791457924579345794457954579645797457984579945800458014580245803458044580545806458074580845809458104581145812458134581445815458164581745818458194582045821458224582345824458254582645827458284582945830458314583245833458344583545836458374583845839458404584145842458434584445845458464584745848458494585045851458524585345854458554585645857458584585945860458614586245863458644586545866458674586845869458704587145872458734587445875458764587745878458794588045881458824588345884458854588645887458884588945890458914589245893458944589545896458974589845899459004590145902459034590445905459064590745908459094591045911459124591345914459154591645917459184591945920459214592245923459244592545926459274592845929459304593145932459334593445935459364593745938459394594045941459424594345944459454594645947459484594945950459514595245953459544595545956459574595845959459604596145962459634596445965459664596745968459694597045971459724597345974459754597645977459784597945980459814598245983459844598545986459874598845989459904599145992459934599445995459964599745998459994600046001460024600346004460054600646007460084600946010460114601246013460144601546016460174601846019460204602146022460234602446025460264602746028460294603046031460324603346034460354603646037460384603946040460414604246043460444604546046460474604846049460504605146052460534605446055460564605746058460594606046061460624606346064460654606646067460684606946070460714607246073460744607546076460774607846079460804608146082460834608446085460864608746088460894609046091460924609346094460954609646097460984609946100461014610246103461044610546106461074610846109461104611146112461134611446115461164611746118461194612046121461224612346124461254612646127461284612946130461314613246133461344613546136461374613846139461404614146142461434614446145461464614746148461494615046151461524615346154461554615646157461584615946160461614616246163461644616546166461674616846169461704617146172461734617446175461764617746178461794618046181461824618346184461854618646187461884618946190461914619246193461944619546196461974619846199462004620146202462034620446205462064620746208462094621046211462124621346214462154621646217462184621946220462214622246223462244622546226462274622846229462304623146232462334623446235462364623746238462394624046241462424624346244462454624646247462484624946250462514625246253462544625546256462574625846259462604626146262462634626446265462664626746268462694627046271462724627346274462754627646277462784627946280462814628246283462844628546286462874628846289462904629146292462934629446295462964629746298462994630046301463024630346304463054630646307463084630946310463114631246313463144631546316463174631846319463204632146322463234632446325463264632746328463294633046331463324633346334463354633646337463384633946340463414634246343463444634546346463474634846349463504635146352463534635446355463564635746358463594636046361463624636346364463654636646367463684636946370463714637246373463744637546376463774637846379463804638146382463834638446385463864638746388463894639046391463924639346394463954639646397463984639946400464014640246403464044640546406464074640846409464104641146412464134641446415464164641746418464194642046421464224642346424464254642646427464284642946430464314643246433464344643546436464374643846439464404644146442464434644446445464464644746448464494645046451464524645346454464554645646457464584645946460464614646246463464644646546466464674646846469464704647146472464734647446475464764647746478464794648046481464824648346484464854648646487464884648946490464914649246493464944649546496464974649846499465004650146502465034650446505465064650746508465094651046511465124651346514465154651646517465184651946520465214652246523465244652546526465274652846529465304653146532465334653446535465364653746538465394654046541465424654346544465454654646547465484654946550465514655246553465544655546556465574655846559465604656146562465634656446565465664656746568465694657046571465724657346574465754657646577465784657946580465814658246583465844658546586465874658846589465904659146592465934659446595465964659746598465994660046601466024660346604466054660646607466084660946610466114661246613466144661546616466174661846619466204662146622466234662446625466264662746628466294663046631466324663346634466354663646637466384663946640466414664246643466444664546646466474664846649466504665146652466534665446655466564665746658466594666046661466624666346664466654666646667466684666946670466714667246673466744667546676466774667846679466804668146682466834668446685466864668746688466894669046691466924669346694466954669646697466984669946700467014670246703467044670546706467074670846709467104671146712467134671446715467164671746718467194672046721467224672346724467254672646727467284672946730467314673246733467344673546736467374673846739467404674146742467434674446745467464674746748467494675046751467524675346754467554675646757467584675946760467614676246763467644676546766467674676846769467704677146772467734677446775467764677746778467794678046781467824678346784467854678646787467884678946790467914679246793467944679546796467974679846799468004680146802468034680446805468064680746808468094681046811468124681346814468154681646817468184681946820468214682246823468244682546826468274682846829468304683146832468334683446835468364683746838468394684046841468424684346844468454684646847468484684946850468514685246853468544685546856468574685846859468604686146862468634686446865468664686746868468694687046871468724687346874468754687646877468784687946880468814688246883468844688546886468874688846889468904689146892468934689446895468964689746898468994690046901469024690346904469054690646907469084690946910469114691246913469144691546916469174691846919469204692146922469234692446925469264692746928469294693046931469324693346934469354693646937469384693946940469414694246943469444694546946469474694846949469504695146952469534695446955469564695746958469594696046961469624696346964469654696646967469684696946970469714697246973469744697546976469774697846979469804698146982469834698446985469864698746988469894699046991469924699346994469954699646997469984699947000470014700247003470044700547006470074700847009470104701147012470134701447015470164701747018470194702047021470224702347024470254702647027470284702947030470314703247033470344703547036470374703847039470404704147042470434704447045470464704747048470494705047051470524705347054470554705647057470584705947060470614706247063470644706547066470674706847069470704707147072470734707447075470764707747078470794708047081470824708347084470854708647087470884708947090470914709247093470944709547096470974709847099471004710147102471034710447105471064710747108471094711047111471124711347114471154711647117471184711947120471214712247123471244712547126471274712847129471304713147132471334713447135471364713747138471394714047141471424714347144471454714647147471484714947150471514715247153471544715547156471574715847159471604716147162471634716447165471664716747168471694717047171471724717347174471754717647177471784717947180471814718247183471844718547186471874718847189471904719147192471934719447195471964719747198471994720047201472024720347204472054720647207472084720947210472114721247213472144721547216472174721847219472204722147222472234722447225472264722747228472294723047231472324723347234472354723647237472384723947240472414724247243472444724547246472474724847249472504725147252472534725447255472564725747258472594726047261472624726347264472654726647267472684726947270472714727247273472744727547276472774727847279472804728147282472834728447285472864728747288472894729047291472924729347294472954729647297472984729947300473014730247303473044730547306473074730847309473104731147312473134731447315473164731747318473194732047321473224732347324473254732647327473284732947330473314733247333473344733547336473374733847339473404734147342473434734447345473464734747348473494735047351473524735347354473554735647357473584735947360473614736247363473644736547366473674736847369473704737147372473734737447375473764737747378473794738047381473824738347384473854738647387473884738947390473914739247393473944739547396473974739847399474004740147402474034740447405474064740747408474094741047411474124741347414474154741647417474184741947420474214742247423474244742547426474274742847429474304743147432474334743447435474364743747438474394744047441474424744347444474454744647447474484744947450474514745247453474544745547456474574745847459474604746147462474634746447465474664746747468474694747047471474724747347474474754747647477474784747947480474814748247483474844748547486474874748847489474904749147492474934749447495474964749747498474994750047501475024750347504475054750647507475084750947510475114751247513475144751547516475174751847519475204752147522475234752447525475264752747528475294753047531475324753347534475354753647537475384753947540475414754247543475444754547546475474754847549475504755147552475534755447555475564755747558475594756047561475624756347564475654756647567475684756947570475714757247573475744757547576475774757847579475804758147582475834758447585475864758747588475894759047591475924759347594475954759647597475984759947600476014760247603476044760547606476074760847609476104761147612476134761447615476164761747618476194762047621476224762347624476254762647627476284762947630476314763247633476344763547636476374763847639476404764147642476434764447645476464764747648476494765047651476524765347654476554765647657476584765947660476614766247663476644766547666476674766847669476704767147672476734767447675476764767747678476794768047681476824768347684476854768647687476884768947690476914769247693476944769547696476974769847699477004770147702477034770447705477064770747708477094771047711477124771347714477154771647717477184771947720477214772247723477244772547726477274772847729477304773147732477334773447735477364773747738477394774047741477424774347744477454774647747477484774947750477514775247753477544775547756477574775847759477604776147762477634776447765477664776747768477694777047771477724777347774477754777647777477784777947780477814778247783477844778547786477874778847789477904779147792477934779447795477964779747798477994780047801478024780347804478054780647807478084780947810478114781247813478144781547816478174781847819478204782147822478234782447825478264782747828478294783047831478324783347834478354783647837478384783947840478414784247843478444784547846478474784847849478504785147852478534785447855478564785747858478594786047861478624786347864478654786647867478684786947870478714787247873478744787547876478774787847879478804788147882478834788447885478864788747888478894789047891478924789347894478954789647897478984789947900479014790247903479044790547906479074790847909479104791147912479134791447915479164791747918479194792047921479224792347924479254792647927479284792947930479314793247933479344793547936479374793847939479404794147942479434794447945479464794747948479494795047951479524795347954479554795647957479584795947960479614796247963479644796547966479674796847969479704797147972479734797447975479764797747978479794798047981479824798347984479854798647987479884798947990479914799247993479944799547996479974799847999480004800148002480034800448005480064800748008480094801048011480124801348014480154801648017480184801948020480214802248023480244802548026480274802848029480304803148032480334803448035480364803748038480394804048041480424804348044480454804648047480484804948050480514805248053480544805548056480574805848059480604806148062480634806448065480664806748068480694807048071480724807348074480754807648077480784807948080480814808248083480844808548086480874808848089480904809148092480934809448095480964809748098480994810048101481024810348104481054810648107481084810948110481114811248113481144811548116481174811848119481204812148122481234812448125481264812748128481294813048131481324813348134481354813648137481384813948140481414814248143481444814548146481474814848149481504815148152481534815448155481564815748158481594816048161481624816348164481654816648167481684816948170481714817248173481744817548176481774817848179481804818148182481834818448185481864818748188481894819048191481924819348194481954819648197481984819948200482014820248203482044820548206482074820848209482104821148212482134821448215482164821748218482194822048221482224822348224482254822648227482284822948230482314823248233482344823548236482374823848239482404824148242482434824448245482464824748248482494825048251482524825348254482554825648257482584825948260482614826248263482644826548266482674826848269482704827148272482734827448275482764827748278482794828048281482824828348284482854828648287482884828948290482914829248293482944829548296482974829848299483004830148302483034830448305483064830748308483094831048311483124831348314483154831648317483184831948320483214832248323483244832548326483274832848329483304833148332483334833448335483364833748338483394834048341483424834348344483454834648347483484834948350483514835248353483544835548356483574835848359483604836148362483634836448365483664836748368483694837048371483724837348374483754837648377483784837948380483814838248383483844838548386483874838848389483904839148392483934839448395483964839748398483994840048401484024840348404484054840648407484084840948410484114841248413484144841548416484174841848419484204842148422484234842448425484264842748428484294843048431484324843348434484354843648437484384843948440484414844248443484444844548446484474844848449484504845148452484534845448455484564845748458484594846048461484624846348464484654846648467484684846948470484714847248473484744847548476484774847848479484804848148482484834848448485484864848748488484894849048491484924849348494484954849648497484984849948500485014850248503485044850548506485074850848509485104851148512485134851448515485164851748518485194852048521485224852348524485254852648527485284852948530485314853248533485344853548536485374853848539485404854148542485434854448545485464854748548485494855048551485524855348554485554855648557485584855948560485614856248563485644856548566485674856848569485704857148572485734857448575485764857748578485794858048581485824858348584485854858648587485884858948590485914859248593485944859548596485974859848599486004860148602486034860448605486064860748608486094861048611486124861348614486154861648617486184861948620486214862248623486244862548626486274862848629486304863148632486334863448635486364863748638486394864048641486424864348644486454864648647486484864948650486514865248653486544865548656486574865848659486604866148662486634866448665486664866748668486694867048671486724867348674486754867648677486784867948680486814868248683486844868548686486874868848689486904869148692486934869448695486964869748698486994870048701487024870348704487054870648707487084870948710487114871248713487144871548716487174871848719487204872148722487234872448725487264872748728487294873048731487324873348734487354873648737487384873948740487414874248743487444874548746487474874848749487504875148752487534875448755487564875748758487594876048761487624876348764487654876648767487684876948770487714877248773487744877548776487774877848779487804878148782487834878448785487864878748788487894879048791487924879348794487954879648797487984879948800488014880248803488044880548806488074880848809488104881148812488134881448815488164881748818488194882048821488224882348824488254882648827488284882948830488314883248833488344883548836488374883848839488404884148842488434884448845488464884748848488494885048851488524885348854488554885648857488584885948860488614886248863488644886548866488674886848869488704887148872488734887448875488764887748878488794888048881488824888348884488854888648887488884888948890488914889248893488944889548896488974889848899489004890148902489034890448905489064890748908489094891048911489124891348914489154891648917489184891948920489214892248923489244892548926489274892848929489304893148932489334893448935489364893748938489394894048941489424894348944489454894648947489484894948950489514895248953489544895548956489574895848959489604896148962489634896448965489664896748968489694897048971489724897348974489754897648977489784897948980489814898248983489844898548986489874898848989489904899148992489934899448995489964899748998489994900049001490024900349004490054900649007490084900949010490114901249013490144901549016490174901849019490204902149022490234902449025490264902749028490294903049031490324903349034490354903649037490384903949040490414904249043490444904549046490474904849049490504905149052490534905449055490564905749058490594906049061490624906349064490654906649067490684906949070490714907249073490744907549076490774907849079490804908149082490834908449085490864908749088490894909049091490924909349094490954909649097490984909949100491014910249103491044910549106491074910849109491104911149112491134911449115491164911749118491194912049121491224912349124491254912649127491284912949130491314913249133491344913549136491374913849139491404914149142491434914449145491464914749148491494915049151491524915349154491554915649157491584915949160491614916249163491644916549166491674916849169491704917149172491734917449175491764917749178491794918049181491824918349184491854918649187491884918949190491914919249193491944919549196491974919849199492004920149202492034920449205492064920749208492094921049211492124921349214492154921649217492184921949220492214922249223492244922549226492274922849229492304923149232492334923449235492364923749238492394924049241492424924349244492454924649247492484924949250492514925249253492544925549256492574925849259492604926149262492634926449265492664926749268492694927049271492724927349274492754927649277492784927949280492814928249283492844928549286492874928849289492904929149292492934929449295492964929749298492994930049301493024930349304493054930649307493084930949310493114931249313493144931549316493174931849319493204932149322493234932449325493264932749328493294933049331493324933349334493354933649337493384933949340493414934249343493444934549346493474934849349493504935149352493534935449355493564935749358493594936049361493624936349364493654936649367493684936949370493714937249373493744937549376493774937849379493804938149382493834938449385493864938749388493894939049391493924939349394493954939649397493984939949400494014940249403494044940549406494074940849409494104941149412494134941449415494164941749418494194942049421494224942349424494254942649427494284942949430494314943249433494344943549436494374943849439494404944149442494434944449445494464944749448494494945049451494524945349454494554945649457494584945949460494614946249463494644946549466494674946849469494704947149472494734947449475494764947749478494794948049481494824948349484494854948649487494884948949490494914949249493494944949549496494974949849499495004950149502495034950449505495064950749508495094951049511495124951349514495154951649517495184951949520495214952249523495244952549526495274952849529495304953149532495334953449535495364953749538495394954049541495424954349544495454954649547495484954949550495514955249553495544955549556495574955849559495604956149562495634956449565495664956749568495694957049571495724957349574495754957649577495784957949580495814958249583495844958549586495874958849589495904959149592495934959449595495964959749598495994960049601496024960349604496054960649607496084960949610496114961249613496144961549616496174961849619496204962149622496234962449625496264962749628496294963049631496324963349634496354963649637496384963949640496414964249643496444964549646496474964849649496504965149652496534965449655496564965749658496594966049661496624966349664496654966649667496684966949670496714967249673496744967549676496774967849679496804968149682496834968449685496864968749688496894969049691496924969349694496954969649697496984969949700497014970249703497044970549706497074970849709497104971149712497134971449715497164971749718497194972049721497224972349724497254972649727497284972949730497314973249733497344973549736497374973849739497404974149742497434974449745497464974749748497494975049751497524975349754497554975649757497584975949760497614976249763497644976549766497674976849769497704977149772497734977449775497764977749778497794978049781497824978349784497854978649787497884978949790497914979249793497944979549796497974979849799498004980149802498034980449805498064980749808498094981049811498124981349814498154981649817498184981949820498214982249823498244982549826498274982849829498304983149832498334983449835498364983749838498394984049841498424984349844498454984649847498484984949850498514985249853498544985549856498574985849859498604986149862498634986449865498664986749868498694987049871498724987349874498754987649877498784987949880498814988249883498844988549886498874988849889498904989149892498934989449895498964989749898498994990049901499024990349904499054990649907499084990949910499114991249913499144991549916499174991849919499204992149922499234992449925499264992749928499294993049931499324993349934499354993649937499384993949940499414994249943499444994549946499474994849949499504995149952499534995449955499564995749958499594996049961499624996349964499654996649967499684996949970499714997249973499744997549976499774997849979499804998149982499834998449985499864998749988499894999049991499924999349994499954999649997499984999950000500015000250003500045000550006500075000850009500105001150012500135001450015500165001750018500195002050021500225002350024500255002650027500285002950030500315003250033500345003550036500375003850039500405004150042500435004450045500465004750048500495005050051500525005350054500555005650057500585005950060500615006250063500645006550066500675006850069500705007150072500735007450075500765007750078500795008050081500825008350084500855008650087500885008950090500915009250093500945009550096500975009850099501005010150102501035010450105501065010750108501095011050111501125011350114501155011650117501185011950120501215012250123501245012550126
  1. /* test.c
  2. *
  3. * Copyright (C) 2006-2023 wolfSSL Inc.
  4. *
  5. * This file is part of wolfSSL.
  6. *
  7. * wolfSSL is free software; you can redistribute it and/or modify
  8. * it under the terms of the GNU General Public License as published by
  9. * the Free Software Foundation; either version 2 of the License, or
  10. * (at your option) any later version.
  11. *
  12. * wolfSSL is distributed in the hope that it will be useful,
  13. * but WITHOUT ANY WARRANTY; without even the implied warranty of
  14. * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
  15. * GNU General Public License for more details.
  16. *
  17. * You should have received a copy of the GNU General Public License
  18. * along with this program; if not, write to the Free Software
  19. * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
  20. */
  21. /*
  22. * Some common, optional build settings:
  23. * these can also be set in wolfssl/options.h or user_settings.h
  24. * -------------------------------------------------------------
  25. *
  26. * set the default devId for cryptocb to the value instead of INVALID_DEVID
  27. * WC_USE_DEVID=0x1234
  28. */
  29. #ifdef HAVE_CONFIG_H
  30. #include <config.h>
  31. #endif
  32. #ifndef WOLFSSL_USER_SETTINGS
  33. #include <wolfssl/options.h>
  34. #endif
  35. #include <wolfssl/wolfcrypt/settings.h>
  36. #ifndef NO_CRYPT_TEST
  37. #include <wolfssl/version.h>
  38. #include <wolfssl/wolfcrypt/types.h>
  39. #include <wolfssl/wolfcrypt/wc_port.h>
  40. #include <wolfssl/wolfcrypt/mem_track.h>
  41. #if defined(HAVE_WOLFCRYPT_TEST_OPTIONS)
  42. #include <wolfssl/ssl.h>
  43. #define err_sys err_sys_remap /* remap err_sys */
  44. #include <wolfssl/test.h>
  45. #undef err_sys
  46. #endif
  47. #if defined(WC_ECC_NONBLOCK) && defined(WOLFSSL_PUBLIC_MP) && \
  48. defined(HAVE_ECC_SIGN) && defined(HAVE_ECC_VERIFY)
  49. #include <stdint.h>
  50. #endif
  51. #ifdef HAVE_STACK_SIZE_VERBOSE
  52. #ifdef WOLFSSL_TEST_MAX_RELATIVE_STACK_BYTES
  53. static WC_MAYBE_UNUSED ssize_t max_relative_stack =
  54. WOLFSSL_TEST_MAX_RELATIVE_STACK_BYTES;
  55. #else
  56. static WC_MAYBE_UNUSED ssize_t max_relative_stack = -1;
  57. #endif
  58. #endif
  59. const byte const_byte_array[] = "A+Gd\0\0\0";
  60. #define CBPTR_EXPECTED 'A'
  61. #if defined(WOLFSSL_TRACK_MEMORY_VERBOSE) && !defined(WOLFSSL_STATIC_MEMORY)
  62. #ifdef WOLFSSL_TEST_MAX_RELATIVE_HEAP_ALLOCS
  63. static ssize_t max_relative_heap_allocs = WOLFSSL_TEST_MAX_RELATIVE_HEAP_ALLOCS;
  64. #else
  65. static ssize_t max_relative_heap_allocs = -1;
  66. #endif
  67. #ifdef WOLFSSL_TEST_MAX_RELATIVE_HEAP_BYTES
  68. static ssize_t max_relative_heap_bytes = WOLFSSL_TEST_MAX_RELATIVE_HEAP_BYTES;
  69. #else
  70. static ssize_t max_relative_heap_bytes = -1;
  71. #endif
  72. #define PRINT_HEAP_CHECKPOINT() { \
  73. const ssize_t _rha = wolfCrypt_heap_peakAllocs_checkpoint() - heap_baselineAllocs; \
  74. const ssize_t _rhb = wolfCrypt_heap_peakBytes_checkpoint() - heap_baselineBytes; \
  75. printf(" relative heap peak usage: %ld alloc%s, %ld bytes\n", \
  76. (long int)_rha, \
  77. _rha == 1 ? "" : "s", \
  78. (long int)_rhb); \
  79. if ((max_relative_heap_allocs > 0) && (_rha > max_relative_heap_allocs)) \
  80. return err_sys("heap allocs exceed designated max.", \
  81. WC_TEST_RET_ENC_NC); \
  82. if ((max_relative_heap_bytes > 0) && (_rhb > max_relative_heap_bytes)) \
  83. return err_sys("heap bytes exceed designated max.", \
  84. WC_TEST_RET_ENC_NC); \
  85. heap_baselineAllocs = wolfCrypt_heap_peakAllocs_checkpoint(); \
  86. heap_baselineBytes = wolfCrypt_heap_peakBytes_checkpoint(); \
  87. }
  88. #else
  89. #define PRINT_HEAP_CHECKPOINT() WC_DO_NOTHING
  90. #endif /* WOLFSSL_TRACK_MEMORY_VERBOSE && !WOLFSSL_STATIC_MEMORY */
  91. #ifdef USE_FLAT_TEST_H
  92. #ifdef HAVE_CONFIG_H
  93. #include "test_paths.h"
  94. #endif
  95. #include "test.h"
  96. #else
  97. #ifdef HAVE_CONFIG_H
  98. #include "wolfcrypt/test/test_paths.h"
  99. #endif
  100. #include "wolfcrypt/test/test.h"
  101. #endif
  102. /* printf mappings */
  103. #ifndef WOLFSSL_LOG_PRINTF
  104. #if defined(FREESCALE_MQX) || defined(FREESCALE_KSDK_MQX)
  105. #include <mqx.h>
  106. #include <stdlib.h>
  107. /* see wc_port.h for fio.h and nio.h includes */
  108. #elif defined(FREESCALE_KSDK_BM)
  109. #include "fsl_debug_console.h"
  110. #undef printf
  111. #define printf PRINTF
  112. #elif defined(WOLFSSL_APACHE_MYNEWT)
  113. #include <assert.h>
  114. #include <string.h>
  115. #include "sysinit/sysinit.h"
  116. #include "os/os.h"
  117. #ifdef ARCH_sim
  118. #include "mcu/mcu_sim.h"
  119. #endif
  120. #include "os/os_time.h"
  121. #elif defined(WOLFSSL_ESPIDF)
  122. #include <time.h>
  123. #include <sys/time.h>
  124. #include <esp_log.h>
  125. #include <wolfcrypt/port/Espressif/esp32-crypt.h> /* */
  126. #elif defined(WOLFSSL_ZEPHYR)
  127. #include <stdio.h>
  128. #define printf printk
  129. #elif defined(MICRIUM)
  130. #include <os.h>
  131. #if (OS_VERSION < 50000)
  132. #include <bsp_ser.h>
  133. void BSP_Ser_Printf (CPU_CHAR* format, ...);
  134. #undef printf
  135. #define printf BSP_Ser_Printf
  136. #else
  137. #include <stdio.h>
  138. #endif
  139. #elif defined(WOLFSSL_PB)
  140. #include <stdarg.h>
  141. int wolfssl_pb_print(const char*, ...);
  142. #undef printf
  143. #define printf wolfssl_pb_print
  144. #elif defined(WOLFSSL_TELIT_M2MB)
  145. #include "wolfssl/wolfcrypt/wc_port.h" /* for m2mb headers */
  146. #include "m2m_log.h" /* for M2M_LOG_INFO - not standard API */
  147. /* remap printf */
  148. #undef printf
  149. #define printf M2M_LOG_INFO
  150. /* OS requires occasional sleep() */
  151. #ifndef TEST_SLEEP_MS
  152. #define TEST_SLEEP_MS 50
  153. #endif
  154. #define TEST_SLEEP() m2mb_os_taskSleep(M2MB_OS_MS2TICKS(TEST_SLEEP_MS))
  155. /* don't use file system for these tests, since ./certs dir isn't loaded */
  156. #undef NO_FILESYSTEM
  157. #define NO_FILESYSTEM
  158. #elif defined(THREADX) && !defined(WOLFSSL_WICED) && \
  159. !defined(THREADX_NO_DC_PRINTF)
  160. #ifndef NETOS
  161. /* since just testing, use THREADX log printf instead (NETOS prototypes
  162. * this elsewhere) */
  163. int dc_log_printf(char*, ...);
  164. #endif
  165. #undef printf
  166. #define printf dc_log_printf
  167. #elif defined(ANDROID)
  168. #ifdef XMALLOC_USER
  169. #include <stdlib.h> /* we're using malloc / free direct here */
  170. #endif
  171. #ifndef STRING_USER
  172. #include <stdio.h>
  173. #endif
  174. #include <android/log.h>
  175. #ifdef ANDROID_V454 /* See fips/android/wolfCrypt_v454_android */
  176. #ifndef NO_FILESYSTEM
  177. #define NO_FILESYSTEM /* Turn off tests that want to call SaveDerAndPem() */
  178. #endif
  179. #else
  180. #define printf(...) \
  181. __android_log_print(ANDROID_LOG_DEBUG, "[WOLFCRYPT]", __VA_ARGS__)
  182. #define fprintf(fp, ...) \
  183. __android_log_print(ANDROID_LOG_DEBUG, "[WOLFCRYPT]", __VA_ARGS__)
  184. #endif
  185. #elif defined(WOLFSSL_DEOS)
  186. #include <printx.h>
  187. #undef printf
  188. #define printf printx
  189. #elif defined(WOLFSSL_RENESAS_RSIP)
  190. #ifndef TEST_SLEEP
  191. #define TEST_SLEEP() vTaskDelay(50)
  192. #endif
  193. #undef vprintf
  194. #define vprintf rsip_vprintf
  195. #include <stdarg.h> /* for var args */
  196. int rsip_vprintf(const char* restrict format, va_list args)
  197. {
  198. int ret;
  199. char tmpBuf[80];
  200. ret = XVSNPRINTF(tmpBuf, sizeof(tmpBuf), format, args);
  201. printf(tmpBuf);
  202. return ret;
  203. }
  204. #else
  205. #ifdef XMALLOC_USER
  206. #include <stdlib.h> /* we're using malloc / free direct here */
  207. #endif
  208. #if !defined(STRING_USER) && !defined(WOLFSSL_LINUXKM)
  209. #include <stdio.h>
  210. #endif
  211. #if defined(WOLFSSL_LINUXKM) && !defined(WOLFSSL_LINUXKM_VERBOSE_DEBUG)
  212. #undef printf
  213. #define printf(...) ({})
  214. #endif
  215. /* enable way for customer to override test/bench printf */
  216. #ifdef XPRINTF
  217. #undef printf
  218. #define printf XPRINTF
  219. #elif !defined(printf)
  220. /* arrange for printf() to flush after every message -- this assures
  221. * redirected output (to a log file) records progress right up to the
  222. * moment of a crash/abort(); otherwise anything queued in stdout would
  223. * be lost.
  224. */
  225. #define printf(...) ( printf(__VA_ARGS__), fflush(stdout) )
  226. #endif
  227. #endif
  228. #endif /* !WOLFSSL_LOG_PRINTF */
  229. #include <wolfssl/wolfcrypt/memory.h>
  230. #include <wolfssl/wolfcrypt/wc_port.h>
  231. #include <wolfssl/wolfcrypt/logging.h>
  232. #include <wolfssl/wolfcrypt/types.h>
  233. #include <wolfssl/wolfcrypt/asn.h>
  234. #include <wolfssl/wolfcrypt/md2.h>
  235. #include <wolfssl/wolfcrypt/md5.h>
  236. #include <wolfssl/wolfcrypt/md4.h>
  237. #include <wolfssl/wolfcrypt/sha.h>
  238. #include <wolfssl/wolfcrypt/sha256.h>
  239. #include <wolfssl/wolfcrypt/sha512.h>
  240. #include <wolfssl/wolfcrypt/rc2.h>
  241. #include <wolfssl/wolfcrypt/arc4.h>
  242. #if !defined(WC_NO_RNG)
  243. #include <wolfssl/wolfcrypt/random.h>
  244. #endif
  245. #include <wolfssl/wolfcrypt/wolfmath.h>
  246. #include <wolfssl/wolfcrypt/coding.h>
  247. #include <wolfssl/wolfcrypt/signature.h>
  248. #include <wolfssl/wolfcrypt/rsa.h>
  249. #include <wolfssl/wolfcrypt/des3.h>
  250. #include <wolfssl/wolfcrypt/aes.h>
  251. #include <wolfssl/wolfcrypt/wc_encrypt.h>
  252. #include <wolfssl/wolfcrypt/cmac.h>
  253. #include <wolfssl/wolfcrypt/siphash.h>
  254. #include <wolfssl/wolfcrypt/poly1305.h>
  255. #include <wolfssl/wolfcrypt/camellia.h>
  256. #include <wolfssl/wolfcrypt/hmac.h>
  257. #include <wolfssl/wolfcrypt/kdf.h>
  258. #include <wolfssl/wolfcrypt/dh.h>
  259. #include <wolfssl/wolfcrypt/dsa.h>
  260. #include <wolfssl/wolfcrypt/srp.h>
  261. #include <wolfssl/wolfcrypt/chacha.h>
  262. #include <wolfssl/wolfcrypt/chacha20_poly1305.h>
  263. #include <wolfssl/wolfcrypt/pwdbased.h>
  264. #include <wolfssl/wolfcrypt/ripemd.h>
  265. #include <wolfssl/wolfcrypt/error-crypt.h>
  266. #ifdef HAVE_ECC
  267. #include <wolfssl/wolfcrypt/ecc.h>
  268. #endif
  269. #ifdef WOLFSSL_SM2
  270. #include <wolfssl/wolfcrypt/sm2.h>
  271. #endif
  272. #ifdef HAVE_HPKE
  273. #include <wolfssl/wolfcrypt/hpke.h>
  274. #endif
  275. #ifdef HAVE_CURVE25519
  276. #include <wolfssl/wolfcrypt/curve25519.h>
  277. #endif
  278. #ifdef HAVE_ED25519
  279. #include <wolfssl/wolfcrypt/ed25519.h>
  280. #endif
  281. #ifdef HAVE_CURVE448
  282. #include <wolfssl/wolfcrypt/curve448.h>
  283. #endif
  284. #ifdef HAVE_ED448
  285. #include <wolfssl/wolfcrypt/ed448.h>
  286. #endif
  287. #ifdef WOLFSSL_HAVE_KYBER
  288. #include <wolfssl/wolfcrypt/kyber.h>
  289. #ifdef WOLFSSL_WC_KYBER
  290. #include <wolfssl/wolfcrypt/wc_kyber.h>
  291. #endif
  292. #if defined(HAVE_LIBOQS) || defined(HAVE_PQM4)
  293. #include <wolfssl/wolfcrypt/ext_kyber.h>
  294. #endif
  295. #endif
  296. #if defined(WOLFSSL_HAVE_XMSS)
  297. #include <wolfssl/wolfcrypt/xmss.h>
  298. #ifdef HAVE_LIBXMSS
  299. #include <wolfssl/wolfcrypt/ext_xmss.h>
  300. #else
  301. #include <wolfssl/wolfcrypt/wc_xmss.h>
  302. #endif
  303. #endif
  304. #if defined(WOLFSSL_HAVE_LMS)
  305. #include <wolfssl/wolfcrypt/lms.h>
  306. #ifdef HAVE_LIBLMS
  307. #include <wolfssl/wolfcrypt/ext_lms.h>
  308. #endif
  309. #endif
  310. #ifdef WOLFCRYPT_HAVE_ECCSI
  311. #include <wolfssl/wolfcrypt/eccsi.h>
  312. #endif
  313. #ifdef WOLFCRYPT_HAVE_SAKKE
  314. #include <wolfssl/wolfcrypt/sakke.h>
  315. #endif
  316. #if defined(HAVE_BLAKE2) || defined(HAVE_BLAKE2S)
  317. #include <wolfssl/wolfcrypt/blake2.h>
  318. #endif
  319. #ifdef WOLFSSL_SHA3
  320. #include <wolfssl/wolfcrypt/sha3.h>
  321. #endif
  322. #ifdef WOLFSSL_SM3
  323. #include <wolfssl/wolfcrypt/sm3.h>
  324. #endif
  325. #ifdef WOLFSSL_SM4
  326. #include <wolfssl/wolfcrypt/sm4.h>
  327. #endif
  328. #ifdef HAVE_LIBZ
  329. #include <wolfssl/wolfcrypt/compress.h>
  330. #endif
  331. #ifdef HAVE_PKCS7
  332. #include <wolfssl/wolfcrypt/pkcs7.h>
  333. #endif
  334. #ifdef HAVE_FIPS
  335. #include <wolfssl/wolfcrypt/fips_test.h>
  336. #endif
  337. #ifdef HAVE_SELFTEST
  338. #include <wolfssl/wolfcrypt/selftest.h>
  339. #endif
  340. #ifdef WOLFSSL_ASYNC_CRYPT
  341. #include <wolfssl/wolfcrypt/async.h>
  342. #endif
  343. #if defined(OPENSSL_EXTRA) || defined(DEBUG_WOLFSSL_VERBOSE)
  344. #include <wolfssl/wolfcrypt/logging.h>
  345. #endif
  346. #ifdef WOLFSSL_CAAM
  347. #include <wolfssl/wolfcrypt/port/caam/wolfcaam.h>
  348. #endif
  349. #ifdef WOLF_CRYPTO_CB
  350. #include <wolfssl/wolfcrypt/cryptocb.h>
  351. #ifdef HAVE_INTEL_QA_SYNC
  352. #include <wolfssl/wolfcrypt/port/intel/quickassist_sync.h>
  353. #endif
  354. #ifdef HAVE_CAVIUM_OCTEON_SYNC
  355. #include <wolfssl/wolfcrypt/port/cavium/cavium_octeon_sync.h>
  356. #endif
  357. #ifdef HAVE_RENESAS_SYNC
  358. #include <wolfssl/wolfcrypt/port/renesas/renesas_sync.h>
  359. #endif
  360. #endif
  361. #ifdef _MSC_VER
  362. /* 4996 warning to use MS extensions e.g., strcpy_s instead of strncpy */
  363. #pragma warning(disable: 4996)
  364. #endif
  365. #ifdef OPENSSL_EXTRA
  366. #ifndef WOLFCRYPT_ONLY
  367. #include <wolfssl/openssl/evp.h>
  368. #include <wolfssl/openssl/hmac.h>
  369. #endif
  370. #include <wolfssl/openssl/rand.h>
  371. #include <wolfssl/openssl/aes.h>
  372. #include <wolfssl/openssl/des.h>
  373. #endif
  374. #if defined(NO_FILESYSTEM) || defined(WC_NO_RNG)
  375. #if !defined(USE_CERT_BUFFERS_1024) && !defined(USE_CERT_BUFFERS_2048) && \
  376. !defined(USE_CERT_BUFFERS_3072) && !defined(USE_CERT_BUFFERS_4096)
  377. #define USE_CERT_BUFFERS_2048
  378. #endif
  379. #if !defined(USE_CERT_BUFFERS_256)
  380. #define USE_CERT_BUFFERS_256
  381. #endif
  382. #endif
  383. #if defined(WOLFSSL_CERT_GEN) && (defined(HAVE_ECC384) || defined(HAVE_ALL_CURVES))
  384. #define ENABLE_ECC384_CERT_GEN_TEST
  385. #endif
  386. #include <wolfssl/certs_test.h>
  387. #ifdef DEVKITPRO
  388. #include <wiiuse/wpad.h>
  389. #endif
  390. #ifndef WOLFSSL_HAVE_ECC_KEY_GET_PRIV
  391. /* FIPS build has replaced ecc.h. */
  392. #define wc_ecc_key_get_priv(key) (&((key)->k))
  393. #define WOLFSSL_HAVE_ECC_KEY_GET_PRIV
  394. #endif
  395. #ifdef WOLFSSL_STATIC_MEMORY
  396. static WOLFSSL_HEAP_HINT* HEAP_HINT;
  397. #else
  398. #define HEAP_HINT NULL
  399. #endif /* WOLFSSL_STATIC_MEMORY */
  400. /* these cases do not have intermediate hashing support */
  401. #if (defined(WOLFSSL_AFALG_XILINX_SHA3) && !defined(WOLFSSL_AFALG_HASH_KEEP)) \
  402. && !defined(WOLFSSL_XILINX_CRYPT) || defined(WOLFSSL_XILINX_CRYPT_VERSAL)
  403. #define NO_INTM_HASH_TEST
  404. #endif
  405. #if defined(WOLFSSL_RENESAS_TSIP) || defined(WOLFSSL_RENESAS_SCEPROTECT) || \
  406. defined(WOLFSSL_RENESAS_SCEPROTECT_CRYPTONLY) || \
  407. defined(WOLFSSL_SECO_CAAM)
  408. #define HASH_SIZE_LIMIT
  409. #endif
  410. #if defined(WOLFSSL_CERT_GEN) && (!defined(NO_RSA) || defined(HAVE_ECC)) || \
  411. (defined(WOLFSSL_TEST_CERT) && (defined(HAVE_ED25519) || defined(HAVE_ED448)))
  412. static void initDefaultName(void);
  413. #endif
  414. /* for async devices */
  415. #ifdef WOLFSSL_CAAM_DEVID
  416. static int devId = WOLFSSL_CAAM_DEVID;
  417. #else
  418. #ifdef WC_USE_DEVID
  419. static int devId = WC_USE_DEVID;
  420. #else
  421. static int devId = INVALID_DEVID;
  422. #endif
  423. #endif
  424. #ifdef HAVE_WNR
  425. const char* wnrConfigFile = "wnr-example.conf";
  426. #endif
  427. #define TEST_STRING "Everyone gets Friday off."
  428. #define TEST_STRING_SZ 25
  429. typedef struct testVector {
  430. const char* input;
  431. const char* output;
  432. size_t inLen;
  433. size_t outLen;
  434. } testVector;
  435. #ifndef WOLFSSL_TEST_SUBROUTINE
  436. #define WOLFSSL_TEST_SUBROUTINE
  437. #endif
  438. PRAGMA_GCC("GCC diagnostic ignored \"-Wunused-function\"")
  439. PRAGMA_CLANG("clang diagnostic ignored \"-Wunused-function\"")
  440. WOLFSSL_TEST_SUBROUTINE wc_test_ret_t error_test(void);
  441. WOLFSSL_TEST_SUBROUTINE wc_test_ret_t base64_test(void);
  442. WOLFSSL_TEST_SUBROUTINE wc_test_ret_t base16_test(void);
  443. WOLFSSL_TEST_SUBROUTINE wc_test_ret_t asn_test(void);
  444. WOLFSSL_TEST_SUBROUTINE wc_test_ret_t md2_test(void);
  445. WOLFSSL_TEST_SUBROUTINE wc_test_ret_t md5_test(void);
  446. WOLFSSL_TEST_SUBROUTINE wc_test_ret_t md4_test(void);
  447. WOLFSSL_TEST_SUBROUTINE wc_test_ret_t sha_test(void);
  448. WOLFSSL_TEST_SUBROUTINE wc_test_ret_t sha224_test(void);
  449. WOLFSSL_TEST_SUBROUTINE wc_test_ret_t sha256_test(void);
  450. WOLFSSL_TEST_SUBROUTINE wc_test_ret_t sha512_test(void);
  451. #if !defined(WOLFSSL_NOSHA512_224) && \
  452. (!defined(HAVE_FIPS) || FIPS_VERSION_GE(5, 3)) && !defined(HAVE_SELFTEST)
  453. WOLFSSL_TEST_SUBROUTINE wc_test_ret_t sha512_224_test(void);
  454. #endif
  455. #if !defined(WOLFSSL_NOSHA512_256) && \
  456. (!defined(HAVE_FIPS) || FIPS_VERSION_GE(5, 3)) && !defined(HAVE_SELFTEST)
  457. WOLFSSL_TEST_SUBROUTINE wc_test_ret_t sha512_256_test(void);
  458. #endif
  459. WOLFSSL_TEST_SUBROUTINE wc_test_ret_t sha384_test(void);
  460. WOLFSSL_TEST_SUBROUTINE wc_test_ret_t sha3_test(void);
  461. WOLFSSL_TEST_SUBROUTINE wc_test_ret_t shake128_test(void);
  462. WOLFSSL_TEST_SUBROUTINE wc_test_ret_t shake256_test(void);
  463. WOLFSSL_TEST_SUBROUTINE wc_test_ret_t sm3_test(void);
  464. WOLFSSL_TEST_SUBROUTINE wc_test_ret_t hash_test(void);
  465. WOLFSSL_TEST_SUBROUTINE wc_test_ret_t hmac_md5_test(void);
  466. WOLFSSL_TEST_SUBROUTINE wc_test_ret_t hmac_sha_test(void);
  467. WOLFSSL_TEST_SUBROUTINE wc_test_ret_t hmac_sha224_test(void);
  468. WOLFSSL_TEST_SUBROUTINE wc_test_ret_t hmac_sha256_test(void);
  469. WOLFSSL_TEST_SUBROUTINE wc_test_ret_t hmac_sha384_test(void);
  470. WOLFSSL_TEST_SUBROUTINE wc_test_ret_t hmac_sha512_test(void);
  471. WOLFSSL_TEST_SUBROUTINE wc_test_ret_t hmac_sha3_test(void);
  472. #if defined(HAVE_HKDF) && !defined(NO_HMAC)
  473. #if defined(WOLFSSL_AFALG_XILINX) || defined(WOLFSSL_AFALG_XILINX_AES) || \
  474. defined(WOLFSSL_AFALG_XILINX_SHA3) || defined(WOLFSSL_AFALG_HASH_KEEP) || \
  475. defined(WOLFSSL_AFALG_XILINX_RSA)
  476. /* hkdf_test has issue with WOLFSSL_TEST_SUBROUTINE set on Xilinx with afalg */
  477. static wc_test_ret_t hkdf_test(void);
  478. #else
  479. WOLFSSL_TEST_SUBROUTINE wc_test_ret_t hkdf_test(void);
  480. #endif
  481. #endif
  482. WOLFSSL_TEST_SUBROUTINE wc_test_ret_t sshkdf_test(void);
  483. #ifdef WOLFSSL_TLS13
  484. WOLFSSL_TEST_SUBROUTINE wc_test_ret_t tls13_kdf_test(void);
  485. #endif
  486. WOLFSSL_TEST_SUBROUTINE wc_test_ret_t x963kdf_test(void);
  487. WOLFSSL_TEST_SUBROUTINE wc_test_ret_t hpke_test(void);
  488. #ifdef WC_SRTP_KDF
  489. WOLFSSL_TEST_SUBROUTINE wc_test_ret_t srtpkdf_test(void);
  490. #endif
  491. WOLFSSL_TEST_SUBROUTINE wc_test_ret_t arc4_test(void);
  492. #ifdef WC_RC2
  493. WOLFSSL_TEST_SUBROUTINE wc_test_ret_t rc2_test(void);
  494. #endif
  495. WOLFSSL_TEST_SUBROUTINE wc_test_ret_t chacha_test(void);
  496. WOLFSSL_TEST_SUBROUTINE wc_test_ret_t XChaCha_test(void);
  497. WOLFSSL_TEST_SUBROUTINE wc_test_ret_t chacha20_poly1305_aead_test(void);
  498. WOLFSSL_TEST_SUBROUTINE wc_test_ret_t XChaCha20Poly1305_test(void);
  499. WOLFSSL_TEST_SUBROUTINE wc_test_ret_t des_test(void);
  500. WOLFSSL_TEST_SUBROUTINE wc_test_ret_t des3_test(void);
  501. WOLFSSL_TEST_SUBROUTINE wc_test_ret_t aes_test(void);
  502. #if defined(WOLFSSL_AES_CFB)
  503. WOLFSSL_TEST_SUBROUTINE wc_test_ret_t aes_cfb_test(void);
  504. #endif
  505. #ifdef WOLFSSL_AES_XTS
  506. WOLFSSL_TEST_SUBROUTINE wc_test_ret_t aes_xts_test(void);
  507. #endif
  508. WOLFSSL_TEST_SUBROUTINE wc_test_ret_t aes192_test(void);
  509. WOLFSSL_TEST_SUBROUTINE wc_test_ret_t aes256_test(void);
  510. WOLFSSL_TEST_SUBROUTINE wc_test_ret_t aesofb_test(void);
  511. WOLFSSL_TEST_SUBROUTINE wc_test_ret_t cmac_test(void);
  512. #if defined(WOLFSSL_SIPHASH)
  513. WOLFSSL_TEST_SUBROUTINE wc_test_ret_t siphash_test(void);
  514. #endif
  515. WOLFSSL_TEST_SUBROUTINE wc_test_ret_t poly1305_test(void);
  516. WOLFSSL_TEST_SUBROUTINE wc_test_ret_t aesgcm_test(void);
  517. WOLFSSL_TEST_SUBROUTINE wc_test_ret_t aesgcm_default_test(void);
  518. WOLFSSL_TEST_SUBROUTINE wc_test_ret_t gmac_test(void);
  519. WOLFSSL_TEST_SUBROUTINE wc_test_ret_t aesccm_test(void);
  520. WOLFSSL_TEST_SUBROUTINE wc_test_ret_t aeskeywrap_test(void);
  521. WOLFSSL_TEST_SUBROUTINE wc_test_ret_t camellia_test(void);
  522. #ifdef WOLFSSL_SM4
  523. WOLFSSL_TEST_SUBROUTINE wc_test_ret_t sm4_test(void);
  524. #endif
  525. #ifdef WC_RSA_NO_PADDING
  526. WOLFSSL_TEST_SUBROUTINE wc_test_ret_t rsa_no_pad_test(void);
  527. #endif
  528. WOLFSSL_TEST_SUBROUTINE wc_test_ret_t rsa_test(void);
  529. WOLFSSL_TEST_SUBROUTINE wc_test_ret_t dh_test(void);
  530. WOLFSSL_TEST_SUBROUTINE wc_test_ret_t dsa_test(void);
  531. WOLFSSL_TEST_SUBROUTINE wc_test_ret_t srp_test(void);
  532. #ifndef WC_NO_RNG
  533. WOLFSSL_TEST_SUBROUTINE wc_test_ret_t random_test(void);
  534. #endif /* WC_NO_RNG */
  535. WOLFSSL_TEST_SUBROUTINE wc_test_ret_t pwdbased_test(void);
  536. WOLFSSL_TEST_SUBROUTINE wc_test_ret_t ripemd_test(void);
  537. #if defined(OPENSSL_EXTRA) && !defined(WOLFCRYPT_ONLY)
  538. WOLFSSL_TEST_SUBROUTINE wc_test_ret_t openssl_test(void); /* test mini api */
  539. WOLFSSL_TEST_SUBROUTINE wc_test_ret_t openssl_pkey0_test(void);
  540. WOLFSSL_TEST_SUBROUTINE wc_test_ret_t openssl_pkey1_test(void);
  541. WOLFSSL_TEST_SUBROUTINE wc_test_ret_t openSSL_evpMD_test(void);
  542. WOLFSSL_TEST_SUBROUTINE wc_test_ret_t openssl_evpSig_test(void);
  543. #endif
  544. WOLFSSL_TEST_SUBROUTINE wc_test_ret_t pbkdf1_test(void);
  545. WOLFSSL_TEST_SUBROUTINE wc_test_ret_t pkcs12_test(void);
  546. #if defined(HAVE_PBKDF2) && !defined(NO_SHA256) && !defined(NO_HMAC)
  547. WOLFSSL_TEST_SUBROUTINE wc_test_ret_t pbkdf2_test(void);
  548. #endif
  549. WOLFSSL_TEST_SUBROUTINE wc_test_ret_t scrypt_test(void);
  550. #ifdef HAVE_ECC
  551. WOLFSSL_TEST_SUBROUTINE wc_test_ret_t ecc_test(void);
  552. #if defined(HAVE_ECC_ENCRYPT) && defined(HAVE_AES_CBC) && \
  553. (defined(WOLFSSL_AES_128) || defined(WOLFSSL_AES_256))
  554. WOLFSSL_TEST_SUBROUTINE wc_test_ret_t ecc_encrypt_test(void);
  555. #endif
  556. #if defined(USE_CERT_BUFFERS_256) && !defined(WOLFSSL_ATECC508A) && \
  557. !defined(WOLFSSL_ATECC608A) && !defined(NO_ECC256) && \
  558. defined(HAVE_ECC_VERIFY) && defined(HAVE_ECC_SIGN) && \
  559. !defined(WOLF_CRYPTO_CB_ONLY_ECC) && !defined(NO_ECC_SECP)
  560. /* skip for ATECC508/608A, cannot import private key buffers */
  561. WOLFSSL_TEST_SUBROUTINE wc_test_ret_t ecc_test_buffers(void);
  562. #endif
  563. #endif
  564. #ifdef HAVE_CURVE25519
  565. WOLFSSL_TEST_SUBROUTINE wc_test_ret_t curve25519_test(void);
  566. #endif
  567. #ifdef HAVE_ED25519
  568. WOLFSSL_TEST_SUBROUTINE wc_test_ret_t ed25519_test(void);
  569. #endif
  570. #ifdef HAVE_CURVE448
  571. WOLFSSL_TEST_SUBROUTINE wc_test_ret_t curve448_test(void);
  572. #endif
  573. #ifdef HAVE_ED448
  574. WOLFSSL_TEST_SUBROUTINE wc_test_ret_t ed448_test(void);
  575. #endif
  576. #ifdef WOLFSSL_HAVE_KYBER
  577. WOLFSSL_TEST_SUBROUTINE wc_test_ret_t kyber_test(void);
  578. #endif
  579. #if defined(WOLFSSL_HAVE_XMSS)
  580. #if !defined(WOLFSSL_SMALL_STACK) && WOLFSSL_XMSS_MIN_HEIGHT <= 10
  581. WOLFSSL_TEST_SUBROUTINE wc_test_ret_t xmss_test_verify_only(void);
  582. #endif
  583. #if !defined(WOLFSSL_XMSS_VERIFY_ONLY)
  584. WOLFSSL_TEST_SUBROUTINE wc_test_ret_t xmss_test(void);
  585. #endif
  586. #endif
  587. #if defined(WOLFSSL_HAVE_LMS)
  588. #if !defined(WOLFSSL_LMS_VERIFY_ONLY)
  589. WOLFSSL_TEST_SUBROUTINE wc_test_ret_t lms_test(void);
  590. #endif
  591. #if defined(WOLFSSL_LMS_VERIFY_ONLY) && !defined(WOLFSSL_SMALL_STACK)
  592. WOLFSSL_TEST_SUBROUTINE wc_test_ret_t lms_test_verify_only(void);
  593. #endif
  594. #endif
  595. #ifdef WOLFCRYPT_HAVE_ECCSI
  596. WOLFSSL_TEST_SUBROUTINE wc_test_ret_t eccsi_test(void);
  597. #endif
  598. #ifdef WOLFCRYPT_HAVE_SAKKE
  599. WOLFSSL_TEST_SUBROUTINE wc_test_ret_t sakke_test(void);
  600. #endif
  601. #ifdef HAVE_BLAKE2
  602. WOLFSSL_TEST_SUBROUTINE wc_test_ret_t blake2b_test(void);
  603. #endif
  604. #ifdef HAVE_BLAKE2S
  605. WOLFSSL_TEST_SUBROUTINE wc_test_ret_t blake2s_test(void);
  606. #endif
  607. #ifdef HAVE_LIBZ
  608. WOLFSSL_TEST_SUBROUTINE wc_test_ret_t compress_test(void);
  609. #endif
  610. #ifdef HAVE_PKCS7
  611. #ifndef NO_PKCS7_ENCRYPTED_DATA
  612. WOLFSSL_TEST_SUBROUTINE wc_test_ret_t pkcs7encrypted_test(void);
  613. #endif
  614. #if defined(HAVE_LIBZ) && !defined(NO_PKCS7_COMPRESSED_DATA)
  615. WOLFSSL_TEST_SUBROUTINE wc_test_ret_t pkcs7compressed_test(void);
  616. #endif
  617. WOLFSSL_TEST_SUBROUTINE wc_test_ret_t pkcs7signed_test(void);
  618. WOLFSSL_TEST_SUBROUTINE wc_test_ret_t pkcs7enveloped_test(void);
  619. #if defined(HAVE_AESGCM) || defined(HAVE_AESCCM)
  620. WOLFSSL_TEST_SUBROUTINE wc_test_ret_t pkcs7authenveloped_test(void);
  621. #endif
  622. #if !defined(NO_AES) && defined(HAVE_AES_CBC)
  623. WOLFSSL_TEST_SUBROUTINE wc_test_ret_t pkcs7callback_test(byte* cert, word32 certSz, byte* key,
  624. word32 keySz);
  625. #endif
  626. #endif
  627. #if !defined(NO_ASN_TIME) && !defined(NO_RSA) && defined(WOLFSSL_TEST_CERT) && \
  628. !defined(NO_FILESYSTEM)
  629. WOLFSSL_TEST_SUBROUTINE wc_test_ret_t cert_test(void);
  630. #endif
  631. #if defined(WOLFSSL_CERT_EXT) && defined(WOLFSSL_TEST_CERT) && \
  632. !defined(NO_FILESYSTEM) && defined(WOLFSSL_CERT_GEN)
  633. WOLFSSL_TEST_SUBROUTINE wc_test_ret_t certext_test(void);
  634. #endif
  635. #if defined(WOLFSSL_CERT_GEN_CACHE) && defined(WOLFSSL_TEST_CERT) && \
  636. defined(WOLFSSL_CERT_EXT) && defined(WOLFSSL_CERT_GEN)
  637. WOLFSSL_TEST_SUBROUTINE wc_test_ret_t decodedCertCache_test(void);
  638. #endif
  639. WOLFSSL_TEST_SUBROUTINE wc_test_ret_t memory_test(void);
  640. #if defined(WOLFSSL_PUBLIC_MP) && \
  641. ((defined(WOLFSSL_SP_MATH_ALL) && !defined(WOLFSSL_RSA_VERIFY_ONLY)) || \
  642. defined(USE_FAST_MATH))
  643. WOLFSSL_TEST_SUBROUTINE wc_test_ret_t mp_test(void);
  644. #endif
  645. #if defined(WOLFSSL_PUBLIC_MP) && defined(WOLFSSL_KEY_GEN)
  646. WOLFSSL_TEST_SUBROUTINE wc_test_ret_t prime_test(void);
  647. #endif
  648. #if defined(ASN_BER_TO_DER) && \
  649. (defined(WOLFSSL_TEST_CERT) || defined(OPENSSL_EXTRA) || \
  650. defined(OPENSSL_EXTRA_X509_SMALL))
  651. WOLFSSL_TEST_SUBROUTINE wc_test_ret_t berder_test(void);
  652. #endif
  653. WOLFSSL_TEST_SUBROUTINE wc_test_ret_t logging_test(void);
  654. #if !defined(NO_ASN) && !defined(NO_ASN_TIME)
  655. WOLFSSL_TEST_SUBROUTINE wc_test_ret_t time_test(void);
  656. #endif
  657. #if defined(__INCLUDE_NUTTX_CONFIG_H)
  658. WOLFSSL_TEST_SUBROUTINE wc_test_ret_t wolfcrypt_mutex_test(void);
  659. #else
  660. WOLFSSL_TEST_SUBROUTINE wc_test_ret_t mutex_test(void);
  661. #endif
  662. #if defined(USE_WOLFSSL_MEMORY) && !defined(FREERTOS)
  663. WOLFSSL_TEST_SUBROUTINE wc_test_ret_t memcb_test(void);
  664. #endif
  665. #ifdef WOLFSSL_CAAM_BLOB
  666. WOLFSSL_TEST_SUBROUTINE wc_test_ret_t blob_test(void);
  667. #endif
  668. #ifdef HAVE_ARIA
  669. #include "wolfssl/wolfcrypt/port/aria/aria-crypt.h"
  670. void printOutput(const char *strName, unsigned char *data, unsigned int dataSz);
  671. WOLFSSL_TEST_SUBROUTINE int ariagcm_test(MC_ALGID);
  672. #endif
  673. #ifdef WOLF_CRYPTO_CB
  674. WOLFSSL_TEST_SUBROUTINE wc_test_ret_t cryptocb_test(void);
  675. #endif
  676. #ifdef WOLFSSL_CERT_PIV
  677. WOLFSSL_TEST_SUBROUTINE wc_test_ret_t certpiv_test(void);
  678. #endif
  679. #ifdef WOLFSSL_AES_SIV
  680. WOLFSSL_TEST_SUBROUTINE wc_test_ret_t aes_siv_test(void);
  681. #endif
  682. #if defined(WOLFSSL_AES_EAX) && \
  683. (!defined(HAVE_FIPS) || FIPS_VERSION_GE(5, 3)) && !defined(HAVE_SELFTEST)
  684. WOLFSSL_TEST_SUBROUTINE wc_test_ret_t aes_eax_test(void);
  685. #endif /* WOLFSSL_AES_EAX */
  686. /* General big buffer size for many tests. */
  687. #define FOURK_BUF 4096
  688. #if defined(WOLFSSL_ESPIDF_ERROR_PAUSE)
  689. /* When defined, pause at error condition rather than exit with error. */
  690. #define ERROR_OUT(err, eLabel) \
  691. do { \
  692. ret = (err); \
  693. esp_ShowExtendedSystemInfo(); \
  694. ESP_LOGE("wolfcrypt_test", "ESP Error! ret = %d ", err); \
  695. while (1) { \
  696. vTaskDelay(60000); \
  697. } \
  698. /* Just to appease compiler, don't actually go to eLabel */ \
  699. goto eLabel; \
  700. } while (0)
  701. #else
  702. #define ERROR_OUT(err, eLabel) do { ret = (err); goto eLabel; } while (0)
  703. #endif
  704. /* Not all unexpected conditions are actually errors .*/
  705. #define WARNING_OUT(err, eLabel) do { ret = (err); goto eLabel; } while (0)
  706. static void render_error_message(const char* msg, wc_test_ret_t es)
  707. {
  708. (void)msg;
  709. (void)es;
  710. #ifdef WOLFSSL_LINUXKM
  711. #define err_sys_printf lkm_printf
  712. #else
  713. #define err_sys_printf printf
  714. #endif
  715. switch (WC_TEST_RET_DEC_TAG(es)) {
  716. case WC_TEST_RET_TAG_NC:
  717. err_sys_printf("%s error L=%d\n", msg, WC_TEST_RET_DEC_LN(es));
  718. break;
  719. case WC_TEST_RET_TAG_EC:
  720. #ifdef NO_ERROR_STRINGS
  721. err_sys_printf("%s error L=%d code=%d\n", msg,
  722. WC_TEST_RET_DEC_LN(es), -WC_TEST_RET_DEC_I(es));
  723. #else
  724. err_sys_printf("%s error L=%d code=%d (%s)\n", msg,
  725. WC_TEST_RET_DEC_LN(es), -WC_TEST_RET_DEC_I(es),
  726. wc_GetErrorString(-WC_TEST_RET_DEC_I(es)));
  727. #endif
  728. break;
  729. case WC_TEST_RET_TAG_ERRNO:
  730. {
  731. /* strerror_r() comes in two mutually incompatible flavors, a native glibc
  732. * flavor that always returns a non-null char pointer that must be used
  733. * directly, and a POSIX flavor that returns an error int, and iff success,
  734. * stores an error string in the supplied buffer. this is all most
  735. * infelicitous...
  736. */
  737. #if !defined(STRING_USER) && !defined(NO_ERROR_STRINGS) && \
  738. (defined(__STDC_VERSION__) && (__STDC_VERSION__ > 199901L)) && \
  739. ((defined(__GLIBC__) && (__GLIBC__ >= 2)) || \
  740. (defined(__USE_XOPEN2K) && \
  741. defined(_POSIX_C_SOURCE) && \
  742. (_POSIX_C_SOURCE >= 200112L)))
  743. char errno_buf[64], *errno_string;
  744. /* precisely mirror the gate used in glibc string.h */
  745. #if defined __USE_XOPEN2K && !defined __USE_GNU
  746. if (strerror_r(WC_TEST_RET_DEC_I(es),
  747. errno_buf, sizeof(errno_buf)) != 0)
  748. XSTRLCPY(errno_buf, "?", sizeof(errno_buf));
  749. errno_string = errno_buf;
  750. #else
  751. errno_string = strerror_r(WC_TEST_RET_DEC_I(es),
  752. errno_buf, sizeof(errno_buf));
  753. #endif
  754. err_sys_printf("%s error L=%d errno=%d (%s)\n", msg,
  755. WC_TEST_RET_DEC_LN(es), WC_TEST_RET_DEC_I(es),
  756. errno_string);
  757. #else /* can't figure out how to strerror_r(), or don't want error strings */
  758. err_sys_printf("%s error L=%d errno=%d\n", msg,
  759. WC_TEST_RET_DEC_LN(es), WC_TEST_RET_DEC_I(es));
  760. #endif
  761. break;
  762. }
  763. case WC_TEST_RET_TAG_I:
  764. err_sys_printf("%s error L=%d i=%d\n", msg,
  765. WC_TEST_RET_DEC_LN(es), WC_TEST_RET_DEC_I(es));
  766. break;
  767. }
  768. #undef err_sys_printf
  769. }
  770. static void print_fiducials(void);
  771. #ifdef HAVE_STACK_SIZE
  772. static THREAD_RETURN err_sys(const char* msg, int es)
  773. #else
  774. static wc_test_ret_t err_sys(const char* msg, wc_test_ret_t es)
  775. #endif
  776. {
  777. render_error_message(msg, es);
  778. print_fiducials();
  779. #ifdef WOLFSSL_LINUXKM
  780. EXIT_TEST(es);
  781. #else
  782. EXIT_TEST(-1);
  783. #endif
  784. }
  785. #ifndef HAVE_WOLFCRYPT_TEST_OPTIONS
  786. /* func_args from test.h, so don't have to pull in other stuff */
  787. typedef struct func_args {
  788. int argc;
  789. char** argv;
  790. wc_test_ret_t return_code;
  791. } func_args;
  792. #endif /* !HAVE_WOLFCRYPT_TEST_OPTIONS */
  793. #if defined(HAVE_FIPS) && !defined(WOLFSSL_LINUXKM)
  794. static void myFipsCb(int ok, int err, const char* hash)
  795. {
  796. printf("in my Fips callback, ok = %d, err = %d\n", ok, err);
  797. printf("message = %s\n", wc_GetErrorString(err));
  798. printf("hash = %s\n", hash);
  799. if (err == IN_CORE_FIPS_E) {
  800. printf("In core integrity hash check failure, copy above hash\n");
  801. printf("into verifyCore[] in fips_test.c and rebuild\n");
  802. }
  803. }
  804. #endif /* HAVE_FIPS && !WOLFSSL_LINUXKM */
  805. #ifdef WOLFSSL_STATIC_MEMORY
  806. #if defined(WOLFSSL_STATIC_MEMORY_TEST_SZ)
  807. static byte gTestMemory[WOLFSSL_STATIC_MEMORY_TEST_SZ];
  808. #elif defined(BENCH_EMBEDDED)
  809. static byte gTestMemory[14000];
  810. #elif defined(WOLFSSL_CERT_EXT)
  811. static byte gTestMemory[140000];
  812. #elif (defined(WOLFSSL_SP_MATH_ALL) || defined(USE_FAST_MATH)) && \
  813. !defined(ALT_ECC_SIZE)
  814. static byte gTestMemory[160000];
  815. #else
  816. static byte gTestMemory[80000];
  817. #endif
  818. #endif
  819. #ifdef WOLFSSL_PB
  820. static int wolfssl_pb_print(const char* msg, ...)
  821. {
  822. int ret;
  823. va_list args;
  824. char tmpBuf[80];
  825. va_start(args, msg);
  826. ret = vsprint(tmpBuf, msg, args);
  827. va_end(args);
  828. fnDumpStringToSystemLog(tmpBuf);
  829. return ret;
  830. }
  831. #endif /* WOLFSSL_PB */
  832. #if defined(WOLF_CRYPTO_CB) && !defined(HAVE_HASHDRBG) && \
  833. !defined(WC_NO_RNG) && !defined(CUSTOM_RAND_GENERATE_BLOCK)
  834. /* Enable support for RNG with crypto callback */
  835. static int rng_crypto_cb(int thisDevId, wc_CryptoInfo* info, void* ctx)
  836. {
  837. int rc = CRYPTOCB_UNAVAILABLE;
  838. if (info->algo_type == WC_ALGO_TYPE_RNG) {
  839. rc = wc_GenerateSeed(&info->rng.rng->seed, info->rng.out, info->rng.sz);
  840. }
  841. (void)ctx;
  842. (void)thisDevId;
  843. return rc;
  844. }
  845. #endif
  846. /* optional macro to add sleep between tests */
  847. #ifndef TEST_SLEEP
  848. #define TEST_SLEEP() WC_DO_NOTHING
  849. #else
  850. #define TEST_PASS test_pass
  851. #include <stdarg.h> /* for var args */
  852. static WC_INLINE void test_pass(const char* fmt, ...)
  853. {
  854. va_list args;
  855. va_start(args, fmt);
  856. STACK_SIZE_CHECKPOINT_WITH_MAX_CHECK(max_relative_stack, vprintf(fmt, args));
  857. va_end(args);
  858. PRINT_HEAP_CHECKPOINT();
  859. TEST_SLEEP();
  860. ASSERT_RESTORED_VECTOR_REGISTERS(exit(1););
  861. }
  862. #endif
  863. /* set test pass output to printf if not overridden */
  864. #ifndef TEST_PASS
  865. /* redirect to printf */
  866. #define TEST_PASS(...) { \
  867. if (STACK_SIZE_CHECKPOINT_WITH_MAX_CHECK \
  868. (max_relative_stack, printf(__VA_ARGS__)) < 0) { \
  869. return err_sys("post-test check failed", WC_TEST_RET_ENC_NC);\
  870. } \
  871. PRINT_HEAP_CHECKPOINT(); \
  872. ASSERT_RESTORED_VECTOR_REGISTERS(exit(1);); \
  873. }
  874. #endif
  875. #ifdef TEST_ALWAYS_RUN_TO_END
  876. #define TEST_FAIL(msg, retval) do { last_failed_test_ret = (retval); render_error_message(msg, retval); } while (0)
  877. #elif !defined(TEST_FAIL)
  878. #define TEST_FAIL(msg, retval) return err_sys(msg, retval)
  879. #endif
  880. #ifdef HAVE_STACK_SIZE
  881. THREAD_RETURN WOLFSSL_THREAD wolfcrypt_test(void* args)
  882. #else
  883. wc_test_ret_t wolfcrypt_test(void* args)
  884. #endif
  885. {
  886. wc_test_ret_t ret;
  887. #if defined(WOLFSSL_TRACK_MEMORY_VERBOSE) && !defined(WOLFSSL_STATIC_MEMORY)
  888. long heap_baselineAllocs, heap_baselineBytes;
  889. #endif
  890. #ifdef TEST_ALWAYS_RUN_TO_END
  891. int last_failed_test_ret = 0;
  892. #endif
  893. STACK_SIZE_INIT();
  894. #if defined(WOLFSSL_TRACK_MEMORY_VERBOSE) && !defined(WOLFSSL_STATIC_MEMORY)
  895. (void)wolfCrypt_heap_peakAllocs_checkpoint();
  896. heap_baselineAllocs = wolfCrypt_heap_peakAllocs_checkpoint();
  897. (void)wolfCrypt_heap_peakBytes_checkpoint();
  898. heap_baselineBytes = wolfCrypt_heap_peakBytes_checkpoint();
  899. #endif
  900. printf("------------------------------------------------------------------------------\n");
  901. printf(" wolfSSL version %s\n", LIBWOLFSSL_VERSION_STRING);
  902. #ifdef WOLF_CRYPTO_CB
  903. if (devId != INVALID_DEVID)
  904. printf(" CryptoCB with DevID:%X\n", devId);
  905. #endif
  906. printf("------------------------------------------------------------------------------\n");
  907. if (args) {
  908. #ifdef HAVE_WOLFCRYPT_TEST_OPTIONS
  909. int ch;
  910. #endif
  911. ((func_args*)args)->return_code = -1; /* error state */
  912. #ifdef HAVE_WOLFCRYPT_TEST_OPTIONS
  913. while ((ch = mygetopt(((func_args*)args)->argc, ((func_args*)args)->argv, "s:m:a:h")) != -1) {
  914. switch(ch) {
  915. case 's':
  916. #ifdef HAVE_STACK_SIZE_VERBOSE
  917. max_relative_stack = (ssize_t)atoi(myoptarg);
  918. break;
  919. #else
  920. return err_sys("-s (max relative stack bytes) requires HAVE_STACK_SIZE_VERBOSE (--enable-stacksize=verbose).", WC_TEST_RET_ENC_NC);
  921. #endif
  922. case 'm':
  923. #ifdef WOLFSSL_TRACK_MEMORY_VERBOSE
  924. max_relative_heap_bytes = (ssize_t)atoi(myoptarg);
  925. break;
  926. #else
  927. return err_sys("-m (max relative heap memory bytes) requires WOLFSSL_TRACK_MEMORY_VERBOSE (--enable-trackmemory=verbose).", WC_TEST_RET_ENC_NC);
  928. #endif
  929. case 'a':
  930. #ifdef WOLFSSL_TRACK_MEMORY_VERBOSE
  931. max_relative_heap_allocs = (ssize_t)atoi(myoptarg);
  932. break;
  933. #else
  934. return err_sys("-a (max relative heap allocs) requires WOLFSSL_TRACK_MEMORY_VERBOSE (--enable-trackmemory=verbose).", WC_TEST_RET_ENC_NC);
  935. #endif
  936. case 'h':
  937. return err_sys("\
  938. options: [-s max_relative_stack_bytes] [-m max_relative_heap_memory_bytes]\n\
  939. [-a max_relative_heap_allocs] [-h]\n", 0);
  940. default:
  941. return err_sys("unknown test option. try -h.", WC_TEST_RET_ENC_NC);
  942. }
  943. }
  944. #endif
  945. }
  946. #ifdef WOLFSSL_STATIC_MEMORY
  947. if (wc_LoadStaticMemory(&HEAP_HINT, gTestMemory, sizeof(gTestMemory),
  948. WOLFMEM_GENERAL, 1) != 0) {
  949. printf("unable to load static memory.\n");
  950. return(EXIT_FAILURE);
  951. }
  952. #endif
  953. #if defined(DEBUG_WOLFSSL) && !defined(HAVE_VALGRIND)
  954. wolfSSL_Debugging_ON();
  955. #endif
  956. #if defined(OPENSSL_EXTRA) || defined(DEBUG_WOLFSSL_VERBOSE)
  957. wc_SetLoggingHeap(HEAP_HINT);
  958. #endif
  959. #if defined(HAVE_FIPS) && !defined(WOLFSSL_LINUXKM)
  960. wolfCrypt_SetCb_fips(myFipsCb);
  961. #endif
  962. #if !defined(NO_BIG_INT)
  963. if (CheckCtcSettings() != 1) {
  964. printf("Sizeof mismatch (build) %x != (run) %lx\n",
  965. CTC_SETTINGS, (unsigned long)CheckRunTimeSettings());
  966. return err_sys("Build vs runtime math mismatch\n", WC_TEST_RET_ENC_NC);
  967. }
  968. #if defined(USE_FAST_MATH) && \
  969. (!defined(NO_RSA) || !defined(NO_DH) || defined(HAVE_ECC))
  970. if (CheckFastMathSettings() != 1)
  971. return err_sys("Build vs runtime fastmath FP_MAX_BITS mismatch\n",
  972. WC_TEST_RET_ENC_NC);
  973. #endif /* USE_FAST_MATH */
  974. #endif /* !NO_BIG_INT */
  975. #if defined(WOLFSSL_CERT_GEN) && (!defined(NO_RSA) || defined(HAVE_ECC)) || \
  976. (defined(WOLFSSL_TEST_CERT) && (defined(HAVE_ED25519) || defined(HAVE_ED448)))
  977. initDefaultName();
  978. #endif
  979. #ifdef WOLFSSL_ASYNC_CRYPT
  980. ret = wolfAsync_DevOpen(&devId);
  981. if (ret < 0) {
  982. printf("Async device open failed\nRunning without async\n");
  983. }
  984. #else
  985. (void)devId;
  986. #endif /* WOLFSSL_ASYNC_CRYPT */
  987. #ifdef WOLF_CRYPTO_CB
  988. #ifdef HAVE_INTEL_QA_SYNC
  989. devId = wc_CryptoCb_InitIntelQa();
  990. if (INVALID_DEVID == devId) {
  991. printf("Couldn't init the Intel QA\n");
  992. }
  993. #endif
  994. #ifdef HAVE_CAVIUM_OCTEON_SYNC
  995. devId = wc_CryptoCb_InitOcteon();
  996. if (INVALID_DEVID == devId) {
  997. printf("Couldn't init the Cavium Octeon\n");
  998. }
  999. #endif
  1000. #ifdef HAVE_RENESAS_SYNC
  1001. devId = wc_CryptoCb_CryptInitRenesasCmn(NULL, &guser_PKCbInfo);
  1002. if (devId == INVALID_DEVID) {
  1003. printf("Couldn't get the Renesas device ID\n");
  1004. }
  1005. #endif
  1006. #endif
  1007. #if defined(WOLF_CRYPTO_CB) && !defined(HAVE_HASHDRBG) && \
  1008. !defined(WC_NO_RNG) && !defined(CUSTOM_RAND_GENERATE_BLOCK)
  1009. if (devId == INVALID_DEVID) {
  1010. /* for testing RNG with crypto callback register function */
  1011. devId = 100; /* any value beside -2 (INVALID_DEVID) */
  1012. wc_CryptoCb_RegisterDevice(devId, rng_crypto_cb, NULL);
  1013. }
  1014. #endif
  1015. #ifdef HAVE_SELFTEST
  1016. if ( (ret = wolfCrypt_SelfTest()) != 0)
  1017. TEST_FAIL("CAVP selftest failed!\n", ret);
  1018. else
  1019. TEST_PASS("CAVP selftest passed!\n");
  1020. #endif
  1021. if ( (ret = error_test()) != 0)
  1022. TEST_FAIL("error test failed!\n", ret);
  1023. else
  1024. TEST_PASS("error test passed!\n");
  1025. if ( (ret = memory_test()) != 0)
  1026. TEST_FAIL("MEMORY test failed!\n", ret);
  1027. else
  1028. TEST_PASS("MEMORY test passed!\n");
  1029. #ifndef NO_CODING
  1030. if ( (ret = base64_test()) != 0)
  1031. TEST_FAIL("base64 test failed!\n", ret);
  1032. else
  1033. TEST_PASS("base64 test passed!\n");
  1034. #ifdef WOLFSSL_BASE16
  1035. if ( (ret = base16_test()) != 0)
  1036. TEST_FAIL("base16 test failed!\n", ret);
  1037. else
  1038. TEST_PASS("base16 test passed!\n");
  1039. #endif
  1040. #endif /* !NO_CODING */
  1041. #ifndef NO_ASN
  1042. if ( (ret = asn_test()) != 0)
  1043. TEST_FAIL("asn test failed!\n", ret);
  1044. else
  1045. TEST_PASS("asn test passed!\n");
  1046. #endif
  1047. #ifndef WC_NO_RNG
  1048. if ( (ret = random_test()) != 0)
  1049. TEST_FAIL("RANDOM test failed!\n", ret);
  1050. else
  1051. TEST_PASS("RANDOM test passed!\n");
  1052. #endif /* WC_NO_RNG */
  1053. #ifndef NO_MD5
  1054. if ( (ret = md5_test()) != 0)
  1055. TEST_FAIL("MD5 test failed!\n", ret);
  1056. else
  1057. TEST_PASS("MD5 test passed!\n");
  1058. #endif
  1059. #ifdef WOLFSSL_MD2
  1060. if ( (ret = md2_test()) != 0)
  1061. TEST_FAIL("MD2 test failed!\n", ret);
  1062. else
  1063. TEST_PASS("MD2 test passed!\n");
  1064. #endif
  1065. #ifndef NO_MD4
  1066. if ( (ret = md4_test()) != 0)
  1067. TEST_FAIL("MD4 test failed!\n", ret);
  1068. else
  1069. TEST_PASS("MD4 test passed!\n");
  1070. #endif
  1071. #ifndef NO_SHA
  1072. if ( (ret = sha_test()) != 0)
  1073. TEST_FAIL("SHA test failed!\n", ret);
  1074. else
  1075. TEST_PASS("SHA test passed!\n");
  1076. #endif
  1077. #ifdef WOLFSSL_SHA224
  1078. if ( (ret = sha224_test()) != 0)
  1079. TEST_FAIL("SHA-224 test failed!\n", ret);
  1080. else
  1081. TEST_PASS("SHA-224 test passed!\n");
  1082. #endif
  1083. #ifndef NO_SHA256
  1084. if ( (ret = sha256_test()) != 0)
  1085. TEST_FAIL("SHA-256 test failed!\n", ret);
  1086. else
  1087. TEST_PASS("SHA-256 test passed!\n");
  1088. #endif
  1089. #ifdef WOLFSSL_SHA384
  1090. if ( (ret = sha384_test()) != 0)
  1091. TEST_FAIL("SHA-384 test failed!\n", ret);
  1092. else
  1093. TEST_PASS("SHA-384 test passed!\n");
  1094. #endif
  1095. #ifdef WOLFSSL_SHA512
  1096. if ((ret = sha512_test()) != 0) {
  1097. TEST_FAIL("SHA-512 test failed!\n", ret);
  1098. }
  1099. else {
  1100. TEST_PASS("SHA-512 test passed!\n");
  1101. }
  1102. #if !defined(WOLFSSL_NOSHA512_224) && \
  1103. (!defined(HAVE_FIPS) || FIPS_VERSION_GE(5, 3)) && !defined(HAVE_SELFTEST)
  1104. if ((ret = sha512_224_test()) != 0) {
  1105. TEST_FAIL("SHA-512/224 test failed!\n", ret);
  1106. }
  1107. else
  1108. TEST_PASS("SHA-512/224 test passed!\n");
  1109. #endif /* !defined(WOLFSSL_NOSHA512_224) && !FIPS ... */
  1110. #if !defined(WOLFSSL_NOSHA512_256) && \
  1111. (!defined(HAVE_FIPS) || FIPS_VERSION_GE(5, 3)) && !defined(HAVE_SELFTEST)
  1112. if ((ret = sha512_256_test()) != 0) {
  1113. TEST_FAIL("SHA-512/256 test failed!\n", ret);
  1114. }
  1115. else
  1116. TEST_PASS("SHA-512/256 test passed!\n");
  1117. #endif /* !defined(WOLFSSL_NOSHA512_256) & !FIPS ... */
  1118. #endif /* WOLFSSL_SHA512 */
  1119. #ifdef WOLFSSL_SHA3
  1120. if ( (ret = sha3_test()) != 0)
  1121. TEST_FAIL("SHA-3 test failed!\n", ret);
  1122. else
  1123. TEST_PASS("SHA-3 test passed!\n");
  1124. #endif
  1125. #ifdef WOLFSSL_SHAKE128
  1126. if ( (ret = shake128_test()) != 0)
  1127. TEST_FAIL("SHAKE128 test failed!\n", ret);
  1128. else
  1129. TEST_PASS("SHAKE128 test passed!\n");
  1130. #endif
  1131. #ifdef WOLFSSL_SHAKE256
  1132. if ( (ret = shake256_test()) != 0)
  1133. TEST_FAIL("SHAKE256 test failed!\n", ret);
  1134. else
  1135. TEST_PASS("SHAKE256 test passed!\n");
  1136. #endif
  1137. #ifdef WOLFSSL_SM3
  1138. if ( (ret = sm3_test()) != 0)
  1139. return err_sys("SM-3 test failed!\n", ret);
  1140. else
  1141. TEST_PASS("SM-3 test passed!\n");
  1142. #endif
  1143. #ifndef NO_HASH_WRAPPER
  1144. if ( (ret = hash_test()) != 0)
  1145. TEST_FAIL("Hash test failed!\n", ret);
  1146. else
  1147. TEST_PASS("Hash test passed!\n");
  1148. #endif
  1149. #ifdef WOLFSSL_RIPEMD
  1150. if ( (ret = ripemd_test()) != 0)
  1151. TEST_FAIL("RIPEMD test failed!\n", ret);
  1152. else
  1153. TEST_PASS("RIPEMD test passed!\n");
  1154. #endif
  1155. #ifdef HAVE_BLAKE2
  1156. if ( (ret = blake2b_test()) != 0)
  1157. TEST_FAIL("BLAKE2b test failed!\n", ret);
  1158. else
  1159. TEST_PASS("BLAKE2b test passed!\n");
  1160. #endif
  1161. #ifdef HAVE_BLAKE2S
  1162. if ( (ret = blake2s_test()) != 0)
  1163. TEST_FAIL("BLAKE2s test failed!\n", ret);
  1164. else
  1165. TEST_PASS("BLAKE2s test passed!\n");
  1166. #endif
  1167. #ifndef NO_HMAC
  1168. #if !defined(NO_MD5) && !(defined(HAVE_FIPS) && defined(HAVE_FIPS_VERSION) \
  1169. && (HAVE_FIPS_VERSION >= 5))
  1170. if ( (ret = hmac_md5_test()) != 0)
  1171. TEST_FAIL("HMAC-MD5 test failed!\n", ret);
  1172. else
  1173. TEST_PASS("HMAC-MD5 test passed!\n");
  1174. #endif
  1175. #ifndef NO_SHA
  1176. if ( (ret = hmac_sha_test()) != 0)
  1177. TEST_FAIL("HMAC-SHA test failed!\n", ret);
  1178. else
  1179. TEST_PASS("HMAC-SHA test passed!\n");
  1180. #endif
  1181. #ifdef WOLFSSL_SHA224
  1182. if ( (ret = hmac_sha224_test()) != 0)
  1183. TEST_FAIL("HMAC-SHA224 test failed!\n", ret);
  1184. else
  1185. TEST_PASS("HMAC-SHA224 test passed!\n");
  1186. #endif
  1187. #ifndef NO_SHA256
  1188. if ( (ret = hmac_sha256_test()) != 0)
  1189. TEST_FAIL("HMAC-SHA256 test failed!\n", ret);
  1190. else
  1191. TEST_PASS("HMAC-SHA256 test passed!\n");
  1192. #endif
  1193. #ifdef WOLFSSL_SHA384
  1194. if ( (ret = hmac_sha384_test()) != 0)
  1195. TEST_FAIL("HMAC-SHA384 test failed!\n", ret);
  1196. else
  1197. TEST_PASS("HMAC-SHA384 test passed!\n");
  1198. #endif
  1199. #ifdef WOLFSSL_SHA512
  1200. if ( (ret = hmac_sha512_test()) != 0)
  1201. TEST_FAIL("HMAC-SHA512 test failed!\n", ret);
  1202. else
  1203. TEST_PASS("HMAC-SHA512 test passed!\n");
  1204. #endif
  1205. #if !defined(NO_HMAC) && defined(WOLFSSL_SHA3) && \
  1206. !defined(WOLFSSL_NOSHA3_224) && !defined(WOLFSSL_NOSHA3_256) && \
  1207. !defined(WOLFSSL_NOSHA3_384) && !defined(WOLFSSL_NOSHA3_512)
  1208. if ( (ret = hmac_sha3_test()) != 0)
  1209. TEST_FAIL("HMAC-SHA3 test failed!\n", ret);
  1210. else
  1211. TEST_PASS("HMAC-SHA3 test passed!\n");
  1212. #endif
  1213. #if defined(HAVE_HKDF) && !defined(NO_HMAC)
  1214. PRIVATE_KEY_UNLOCK();
  1215. if ( (ret = hkdf_test()) != 0)
  1216. TEST_FAIL("HMAC-KDF test failed!\n", ret);
  1217. else
  1218. TEST_PASS("HMAC-KDF test passed!\n");
  1219. PRIVATE_KEY_LOCK();
  1220. #endif
  1221. #endif /* !NO_HMAC */
  1222. #ifdef WOLFSSL_WOLFSSH
  1223. PRIVATE_KEY_UNLOCK();
  1224. if ( (ret = sshkdf_test()) != 0)
  1225. TEST_FAIL("SSH-KDF test failed!\n", ret);
  1226. else
  1227. TEST_PASS("SSH-KDF test passed!\n");
  1228. PRIVATE_KEY_LOCK();
  1229. #endif /* WOLFSSL_WOLFSSH */
  1230. #ifdef WOLFSSL_TLS13
  1231. PRIVATE_KEY_UNLOCK();
  1232. if ( (ret = tls13_kdf_test()) != 0)
  1233. TEST_FAIL("TLSv1.3 KDF test failed!\n", ret);
  1234. else
  1235. TEST_PASS("TLSv1.3 KDF test passed!\n");
  1236. PRIVATE_KEY_LOCK();
  1237. #endif /* WOLFSSL_TLS13 */
  1238. #if defined(HAVE_X963_KDF) && defined(HAVE_ECC)
  1239. if ( (ret = x963kdf_test()) != 0)
  1240. TEST_FAIL("X963-KDF test failed!\n", ret);
  1241. else
  1242. TEST_PASS("X963-KDF test passed!\n");
  1243. #endif
  1244. #if defined(HAVE_HPKE) && defined(HAVE_ECC) && defined(HAVE_AESGCM)
  1245. if ( (ret = hpke_test()) != 0)
  1246. TEST_FAIL("HPKE test failed!\n", ret);
  1247. else
  1248. TEST_PASS("HPKE test passed!\n");
  1249. #endif
  1250. #if defined(WC_SRTP_KDF)
  1251. if ( (ret = srtpkdf_test()) != 0)
  1252. TEST_FAIL("SRTP KDF test failed!\n", ret);
  1253. else
  1254. TEST_PASS("SRTP KDF test passed!\n");
  1255. #endif
  1256. #if defined(HAVE_AESGCM) && defined(WOLFSSL_AES_128) && \
  1257. !defined(WOLFSSL_AFALG_XILINX_AES) && !defined(WOLFSSL_XILINX_CRYPT) && \
  1258. !defined(WOLFSSL_RENESAS_FSPSM_CRYPTONLY)
  1259. if ( (ret = gmac_test()) != 0)
  1260. TEST_FAIL("GMAC test failed!\n", ret);
  1261. else
  1262. TEST_PASS("GMAC test passed!\n");
  1263. #endif
  1264. #ifdef WC_RC2
  1265. if ( (ret = rc2_test()) != 0)
  1266. TEST_FAIL("RC2 test failed!\n", ret);
  1267. else
  1268. TEST_PASS("RC2 test passed!\n");
  1269. #endif
  1270. #ifndef NO_RC4
  1271. if ( (ret = arc4_test()) != 0)
  1272. TEST_FAIL("ARC4 test failed!\n", ret);
  1273. else
  1274. TEST_PASS("ARC4 test passed!\n");
  1275. #endif
  1276. #ifdef HAVE_CHACHA
  1277. if ( (ret = chacha_test()) != 0)
  1278. TEST_FAIL("Chacha test failed!\n", ret);
  1279. else
  1280. TEST_PASS("Chacha test passed!\n");
  1281. #endif
  1282. #ifdef HAVE_XCHACHA
  1283. if ( (ret = XChaCha_test()) != 0)
  1284. TEST_FAIL("XChacha test failed!\n", ret);
  1285. else
  1286. TEST_PASS("XChacha test passed!\n");
  1287. #endif
  1288. #ifdef HAVE_POLY1305
  1289. if ( (ret = poly1305_test()) != 0)
  1290. TEST_FAIL("POLY1305 test failed!\n", ret);
  1291. else
  1292. TEST_PASS("POLY1305 test passed!\n");
  1293. #endif
  1294. #if defined(HAVE_CHACHA) && defined(HAVE_POLY1305)
  1295. if ( (ret = chacha20_poly1305_aead_test()) != 0)
  1296. TEST_FAIL("ChaCha20-Poly1305 AEAD test failed!\n", ret);
  1297. else
  1298. TEST_PASS("ChaCha20-Poly1305 AEAD test passed!\n");
  1299. #endif
  1300. #if defined(HAVE_XCHACHA) && defined(HAVE_POLY1305)
  1301. if ( (ret = XChaCha20Poly1305_test()) != 0)
  1302. TEST_FAIL("XChaCha20-Poly1305 AEAD test failed!\n", ret);
  1303. else
  1304. TEST_PASS("XChaCha20-Poly1305 AEAD test passed!\n");
  1305. #endif
  1306. #ifndef NO_DES3
  1307. if ( (ret = des_test()) != 0)
  1308. TEST_FAIL("DES test failed!\n", ret);
  1309. else
  1310. TEST_PASS("DES test passed!\n");
  1311. #endif
  1312. #ifndef NO_DES3
  1313. if ( (ret = des3_test()) != 0)
  1314. TEST_FAIL("DES3 test failed!\n", ret);
  1315. else
  1316. TEST_PASS("DES3 test passed!\n");
  1317. #endif
  1318. #ifndef NO_AES
  1319. if ( (ret = aes_test()) != 0)
  1320. TEST_FAIL("AES test failed!\n", ret);
  1321. else
  1322. TEST_PASS("AES test passed!\n");
  1323. #if defined(WOLFSSL_AES_192) && \
  1324. !defined(WOLFSSL_RENESAS_FSPSM_CRYPTONLY)
  1325. if ( (ret = aes192_test()) != 0)
  1326. TEST_FAIL("AES192 test failed!\n", ret);
  1327. else
  1328. TEST_PASS("AES192 test passed!\n");
  1329. #endif
  1330. #if defined(WOLFSSL_AES_256)
  1331. if ( (ret = aes256_test()) != 0)
  1332. TEST_FAIL("AES256 test failed!\n", ret);
  1333. else
  1334. TEST_PASS("AES256 test passed!\n");
  1335. #endif
  1336. #ifdef WOLFSSL_AES_OFB
  1337. if ( (ret = aesofb_test()) != 0)
  1338. TEST_FAIL("AES-OFB test failed!\n", ret);
  1339. else
  1340. TEST_PASS("AES-OFB test passed!\n");
  1341. #endif
  1342. #ifdef HAVE_AESGCM
  1343. #if !defined(WOLFSSL_AFALG) && !defined(WOLFSSL_DEVCRYPTO)
  1344. if ( (ret = aesgcm_test()) != 0)
  1345. TEST_FAIL("AES-GCM test failed!\n", ret);
  1346. #endif
  1347. #if !defined(WOLFSSL_AFALG_XILINX_AES) && !defined(WOLFSSL_XILINX_CRYPT) && \
  1348. !defined(WOLFSSL_RENESAS_FSPSM_CRYPTONLY) && \
  1349. !defined(WOLFSSL_KCAPI_AES) && !(defined(WOLF_CRYPTO_CB) && \
  1350. (defined(HAVE_INTEL_QA_SYNC) || defined(HAVE_CAVIUM_OCTEON_SYNC)))
  1351. if ((ret = aesgcm_default_test()) != 0) {
  1352. TEST_FAIL("AES-GCM test failed!\n", ret);
  1353. }
  1354. #endif
  1355. if (ret == 0) {
  1356. TEST_PASS("AES-GCM test passed!\n");
  1357. }
  1358. #endif
  1359. #if defined(HAVE_AESCCM) && defined(WOLFSSL_AES_128)
  1360. if ( (ret = aesccm_test()) != 0)
  1361. TEST_FAIL("AES-CCM test failed!\n", ret);
  1362. else
  1363. TEST_PASS("AES-CCM test passed!\n");
  1364. #endif
  1365. #ifdef WOLFSSL_AES_CFB
  1366. if ( (ret = aes_cfb_test()) != 0)
  1367. TEST_FAIL("AES-CFB test failed!\n", ret);
  1368. else
  1369. TEST_PASS("AES-CFB test passed!\n");
  1370. #endif
  1371. #ifdef WOLFSSL_AES_XTS
  1372. if ( (ret = aes_xts_test()) != 0)
  1373. TEST_FAIL("AES-XTS test failed!\n", ret);
  1374. else
  1375. TEST_PASS("AES-XTS test passed!\n");
  1376. #endif
  1377. #ifdef HAVE_AES_KEYWRAP
  1378. if ( (ret = aeskeywrap_test()) != 0)
  1379. TEST_FAIL("AES Key Wrap test failed!\n", ret);
  1380. else
  1381. TEST_PASS("AES Key Wrap test passed!\n");
  1382. #endif
  1383. #ifdef WOLFSSL_AES_SIV
  1384. if ( (ret = aes_siv_test()) != 0)
  1385. TEST_FAIL("AES-SIV test failed!\n", ret);
  1386. else
  1387. TEST_PASS("AES-SIV test passed!\n");
  1388. #endif
  1389. #endif
  1390. #if defined(WOLFSSL_AES_EAX) && \
  1391. (!defined(HAVE_FIPS) || FIPS_VERSION_GE(5, 3)) && !defined(HAVE_SELFTEST)
  1392. if ( (ret = aes_eax_test()) != 0)
  1393. TEST_FAIL("AES-EAX test failed!\n", ret);
  1394. else
  1395. TEST_PASS("AES-EAX test passed!\n");
  1396. #endif /* WOLFSSL_AES_EAX */
  1397. #ifdef HAVE_ARIA
  1398. if ( (ret = ariagcm_test(MC_ALGID_ARIA_128BITKEY)) != 0)
  1399. TEST_FAIL("ARIA128 test failed!\n", ret);
  1400. else
  1401. TEST_PASS("ARIA128 test passed!\n");
  1402. if ( (ret = ariagcm_test(MC_ALGID_ARIA_192BITKEY)) != 0)
  1403. TEST_FAIL("ARIA192 test failed!\n", ret);
  1404. else
  1405. TEST_PASS("ARIA192 test passed!\n");
  1406. if ( (ret = ariagcm_test(MC_ALGID_ARIA_256BITKEY)) != 0)
  1407. TEST_FAIL("ARIA256 test failed!\n", ret);
  1408. else
  1409. TEST_PASS("ARIA256 test passed!\n");
  1410. #endif
  1411. #ifdef HAVE_CAMELLIA
  1412. if ( (ret = camellia_test()) != 0)
  1413. TEST_FAIL("CAMELLIA test failed!\n", ret);
  1414. else
  1415. TEST_PASS("CAMELLIA test passed!\n");
  1416. #endif
  1417. #ifdef WOLFSSL_SM4
  1418. if ( (ret = sm4_test()) != 0)
  1419. return err_sys("SM-4 test failed!\n", ret);
  1420. else
  1421. TEST_PASS("SM-4 test passed!\n");
  1422. #endif
  1423. #if !defined(NO_RSA) && !defined(HAVE_RENESAS_SYNC)
  1424. #ifdef WC_RSA_NO_PADDING
  1425. if ( (ret = rsa_no_pad_test()) != 0)
  1426. TEST_FAIL("RSA NOPAD test failed!\n", ret);
  1427. else
  1428. TEST_PASS("RSA NOPAD test passed!\n");
  1429. #endif
  1430. if ( (ret = rsa_test()) != 0)
  1431. TEST_FAIL("RSA test failed!\n", ret);
  1432. else
  1433. TEST_PASS("RSA test passed!\n");
  1434. #endif
  1435. #ifndef NO_DH
  1436. PRIVATE_KEY_UNLOCK();
  1437. if ( (ret = dh_test()) != 0)
  1438. TEST_FAIL("DH test failed!\n", ret);
  1439. else
  1440. TEST_PASS("DH test passed!\n");
  1441. PRIVATE_KEY_LOCK();
  1442. #endif
  1443. #ifndef NO_DSA
  1444. if ( (ret = dsa_test()) != 0)
  1445. TEST_FAIL("DSA test failed!\n", ret);
  1446. else
  1447. TEST_PASS("DSA test passed!\n");
  1448. #endif
  1449. #ifdef WOLFCRYPT_HAVE_SRP
  1450. if ( (ret = srp_test()) != 0)
  1451. TEST_FAIL("SRP test failed!\n", ret);
  1452. else
  1453. TEST_PASS("SRP test passed!\n");
  1454. #endif
  1455. #ifndef NO_PWDBASED
  1456. if ( (ret = pwdbased_test()) != 0)
  1457. TEST_FAIL("PWDBASED test failed!\n", ret);
  1458. else
  1459. TEST_PASS("PWDBASED test passed!\n");
  1460. #endif
  1461. #if defined(OPENSSL_EXTRA) && !defined(WOLFCRYPT_ONLY)
  1462. if ( (ret = openssl_test()) != 0)
  1463. TEST_FAIL("OPENSSL test failed!\n", ret);
  1464. else
  1465. TEST_PASS("OPENSSL test passed!\n");
  1466. if ( (ret = openSSL_evpMD_test()) != 0)
  1467. TEST_FAIL("OPENSSL (EVP MD) test failed!\n", ret);
  1468. else
  1469. TEST_PASS("OPENSSL (EVP MD) passed!\n");
  1470. if ( (ret = openssl_pkey0_test()) != 0)
  1471. TEST_FAIL("OPENSSL (PKEY0) test failed!\n", ret);
  1472. else
  1473. TEST_PASS("OPENSSL (PKEY0) passed!\n");
  1474. if ( (ret = openssl_pkey1_test()) != 0)
  1475. TEST_FAIL("OPENSSL (PKEY1) test failed!\n", ret);
  1476. else
  1477. TEST_PASS("OPENSSL (PKEY1) passed!\n");
  1478. #if !defined(WOLF_CRYPTO_CB_ONLY_RSA) && !defined(WOLF_CRYPTO_CB_ONLY_ECC)
  1479. if ( (ret = openssl_evpSig_test()) != 0)
  1480. TEST_FAIL("OPENSSL (EVP Sign/Verify) test failed!\n", ret);
  1481. else
  1482. TEST_PASS("OPENSSL (EVP Sign/Verify) passed!\n");
  1483. #endif
  1484. #endif
  1485. #if defined(HAVE_ECC)
  1486. PRIVATE_KEY_UNLOCK();
  1487. if ( (ret = ecc_test()) != 0)
  1488. TEST_FAIL("ECC test failed!\n", ret);
  1489. else
  1490. TEST_PASS("ECC test passed!\n");
  1491. PRIVATE_KEY_LOCK();
  1492. #if defined(HAVE_ECC_ENCRYPT) && defined(HAVE_AES_CBC) && \
  1493. (defined(WOLFSSL_AES_128) || defined(WOLFSSL_AES_256))
  1494. if ( (ret = ecc_encrypt_test()) != 0)
  1495. TEST_FAIL("ECC Enc test failed!\n", ret);
  1496. else
  1497. TEST_PASS("ECC Enc test passed!\n");
  1498. #endif
  1499. #if defined(USE_CERT_BUFFERS_256) && !defined(WOLFSSL_ATECC508A) && \
  1500. !defined(WOLFSSL_ATECC608A) && !defined(NO_ECC256) && \
  1501. defined(HAVE_ECC_VERIFY) && defined(HAVE_ECC_SIGN) && \
  1502. !defined(WOLF_CRYPTO_CB_ONLY_ECC) && !defined(NO_ECC_SECP)
  1503. /* skip for ATECC508/608A, cannot import private key buffers */
  1504. if ( (ret = ecc_test_buffers()) != 0)
  1505. TEST_FAIL("ECC buffer test failed!\n", ret);
  1506. else
  1507. TEST_PASS("ECC buffer test passed!\n");
  1508. #endif
  1509. #endif
  1510. #if !defined(NO_ASN_TIME) && !defined(NO_RSA) && defined(WOLFSSL_TEST_CERT) && \
  1511. !defined(NO_FILESYSTEM)
  1512. if ( (ret = cert_test()) != 0)
  1513. TEST_FAIL("CERT test failed!\n", ret);
  1514. else
  1515. TEST_PASS("CERT test passed!\n");
  1516. #endif
  1517. #if defined(WOLFSSL_CERT_EXT) && defined(WOLFSSL_TEST_CERT) && \
  1518. !defined(NO_FILESYSTEM) && !defined(NO_RSA) && defined(WOLFSSL_GEN_CERT)
  1519. if ( (ret = certext_test()) != 0)
  1520. TEST_FAIL("CERT EXT test failed!\n", ret);
  1521. else
  1522. TEST_PASS("CERT EXT test passed!\n");
  1523. #endif
  1524. #if defined(WOLFSSL_CERT_GEN_CACHE) && defined(WOLFSSL_TEST_CERT) && \
  1525. defined(WOLFSSL_CERT_EXT) && defined(WOLFSSL_CERT_GEN)
  1526. if ( (ret = decodedCertCache_test()) != 0)
  1527. TEST_FAIL("DECODED CERT CACHE test failed!\n", ret);
  1528. else
  1529. TEST_PASS("DECODED CERT CACHE test passed!\n");
  1530. #endif
  1531. #ifdef HAVE_CURVE25519
  1532. if ( (ret = curve25519_test()) != 0)
  1533. TEST_FAIL("CURVE25519 test failed!\n", ret);
  1534. else
  1535. TEST_PASS("CURVE25519 test passed!\n");
  1536. #endif
  1537. #ifdef HAVE_ED25519
  1538. if ( (ret = ed25519_test()) != 0)
  1539. TEST_FAIL("ED25519 test failed!\n", ret);
  1540. else
  1541. TEST_PASS("ED25519 test passed!\n");
  1542. #endif
  1543. #ifdef HAVE_CURVE448
  1544. if ( (ret = curve448_test()) != 0)
  1545. TEST_FAIL("CURVE448 test failed!\n", ret);
  1546. else
  1547. TEST_PASS("CURVE448 test passed!\n");
  1548. #endif
  1549. #ifdef HAVE_ED448
  1550. if ( (ret = ed448_test()) != 0)
  1551. TEST_FAIL("ED448 test failed!\n", ret);
  1552. else
  1553. TEST_PASS("ED448 test passed!\n");
  1554. #endif
  1555. #ifdef WOLFSSL_HAVE_KYBER
  1556. if ( (ret = kyber_test()) != 0)
  1557. TEST_FAIL("KYBER test failed!\n", ret);
  1558. else
  1559. TEST_PASS("KYBER test passed!\n");
  1560. #endif
  1561. #if defined(WOLFSSL_HAVE_XMSS)
  1562. #if !defined(WOLFSSL_SMALL_STACK) && WOLFSSL_XMSS_MIN_HEIGHT <= 10
  1563. if ( (ret = xmss_test_verify_only()) != 0)
  1564. TEST_FAIL("XMSS Vfy test failed!\n", ret);
  1565. else
  1566. TEST_PASS("XMSS Vfy test passed!\n");
  1567. #endif
  1568. #if !defined(WOLFSSL_XMSS_VERIFY_ONLY)
  1569. if ( (ret = xmss_test()) != 0)
  1570. TEST_FAIL("XMSS test failed!\n", ret);
  1571. else
  1572. TEST_PASS("XMSS test passed!\n");
  1573. #endif
  1574. #endif /* if defined(WOLFSSL_HAVE_XMSS) */
  1575. #if defined(WOLFSSL_HAVE_LMS)
  1576. #if !defined(WOLFSSL_LMS_VERIFY_ONLY)
  1577. if ( (ret = lms_test()) != 0)
  1578. TEST_FAIL("LMS test failed!\n", ret);
  1579. else
  1580. TEST_PASS("LMS test passed!\n");
  1581. #endif
  1582. #if defined(WOLFSSL_LMS_VERIFY_ONLY) && !defined(WOLFSSL_SMALL_STACK)
  1583. if ( (ret = lms_test_verify_only()) != 0)
  1584. TEST_FAIL("LMS test failed!\n", ret);
  1585. else
  1586. TEST_PASS("LMS test passed!\n");
  1587. #endif
  1588. #endif /* if defined(WOLFSSL_HAVE_LMS) */
  1589. #ifdef WOLFCRYPT_HAVE_ECCSI
  1590. if ( (ret = eccsi_test()) != 0)
  1591. TEST_FAIL("ECCSI test failed!\n", ret);
  1592. else
  1593. TEST_PASS("ECCSI test passed!\n");
  1594. #endif
  1595. #ifdef WOLFCRYPT_HAVE_SAKKE
  1596. if ( (ret = sakke_test()) != 0)
  1597. TEST_FAIL("SAKKE test failed!\n", ret);
  1598. else
  1599. TEST_PASS("SAKKE test passed!\n");
  1600. #endif
  1601. #if defined(WOLFSSL_CMAC) && !defined(NO_AES)
  1602. if ( (ret = cmac_test()) != 0)
  1603. TEST_FAIL("CMAC test failed!\n", ret);
  1604. else
  1605. TEST_PASS("CMAC test passed!\n");
  1606. #endif
  1607. #if defined(WOLFSSL_SIPHASH)
  1608. if ( (ret = siphash_test()) != 0)
  1609. TEST_FAIL("SipHash test failed!\n", ret);
  1610. else
  1611. TEST_PASS("SipHash test passed!\n");
  1612. #endif
  1613. #ifdef HAVE_LIBZ
  1614. if ( (ret = compress_test()) != 0)
  1615. TEST_FAIL("COMPRESS test failed!\n", ret);
  1616. else
  1617. TEST_PASS("COMPRESS test passed!\n");
  1618. #endif
  1619. #ifdef HAVE_PKCS7
  1620. #ifndef NO_PKCS7_ENCRYPTED_DATA
  1621. if ( (ret = pkcs7encrypted_test()) != 0)
  1622. TEST_FAIL("PKCS7encrypted test failed!\n", ret);
  1623. else
  1624. TEST_PASS("PKCS7encrypted test passed!\n");
  1625. #endif
  1626. #if defined(HAVE_LIBZ) && !defined(NO_PKCS7_COMPRESSED_DATA)
  1627. if ( (ret = pkcs7compressed_test()) != 0)
  1628. TEST_FAIL("PKCS7compressed test failed!\n", ret);
  1629. else
  1630. TEST_PASS("PKCS7compressed test passed!\n");
  1631. #endif
  1632. if ( (ret = pkcs7signed_test()) != 0)
  1633. TEST_FAIL("PKCS7signed test failed!\n", ret);
  1634. else
  1635. TEST_PASS("PKCS7signed test passed!\n");
  1636. if ( (ret = pkcs7enveloped_test()) != 0)
  1637. TEST_FAIL("PKCS7enveloped test failed!\n", ret);
  1638. else
  1639. TEST_PASS("PKCS7enveloped test passed!\n");
  1640. #if defined(HAVE_AESGCM) || defined(HAVE_AESCCM)
  1641. if ( (ret = pkcs7authenveloped_test()) != 0)
  1642. TEST_FAIL("PKCS7authenveloped test failed!\n", ret);
  1643. else
  1644. TEST_PASS("PKCS7authenveloped test passed!\n");
  1645. #endif
  1646. #endif
  1647. #if defined(WOLFSSL_PUBLIC_MP) && \
  1648. ((defined(WOLFSSL_SP_MATH_ALL) && !defined(WOLFSSL_RSA_VERIFY_ONLY)) || \
  1649. defined(USE_FAST_MATH))
  1650. if ( (ret = mp_test()) != 0)
  1651. TEST_FAIL("mp test failed!\n", ret);
  1652. else
  1653. TEST_PASS("mp test passed!\n");
  1654. #endif
  1655. #if defined(WOLFSSL_PUBLIC_MP) && defined(WOLFSSL_KEY_GEN)
  1656. if ( (ret = prime_test()) != 0)
  1657. TEST_FAIL("prime test failed!\n", ret);
  1658. else
  1659. TEST_PASS("prime test passed!\n");
  1660. #endif
  1661. #if defined(ASN_BER_TO_DER) && \
  1662. (defined(WOLFSSL_TEST_CERT) || defined(OPENSSL_EXTRA) || \
  1663. defined(OPENSSL_EXTRA_X509_SMALL))
  1664. if ( (ret = berder_test()) != 0)
  1665. TEST_FAIL("ber-der test failed!\n", ret);
  1666. else
  1667. TEST_PASS("ber-der test passed!\n");
  1668. #endif
  1669. if ( (ret = logging_test()) != 0)
  1670. TEST_FAIL("logging test failed!\n", ret);
  1671. else
  1672. TEST_PASS("logging test passed!\n");
  1673. #if !defined(NO_ASN) && !defined(NO_ASN_TIME)
  1674. if ( (ret = time_test()) != 0)
  1675. TEST_FAIL("time test failed!\n", ret);
  1676. else
  1677. TEST_PASS("time test passed!\n");
  1678. #endif
  1679. #if defined(__INCLUDE_NUTTX_CONFIG_H)
  1680. if ((ret = wolfcrypt_mutex_test()) != 0)
  1681. #else
  1682. if ((ret = mutex_test()) != 0)
  1683. #endif
  1684. TEST_FAIL("mutex test failed!\n", ret);
  1685. else
  1686. TEST_PASS("mutex test passed!\n");
  1687. #if defined(USE_WOLFSSL_MEMORY) && !defined(FREERTOS)
  1688. if ( (ret = memcb_test()) != 0)
  1689. TEST_FAIL("memcb test failed!\n", ret);
  1690. else
  1691. TEST_PASS("memcb test passed!\n");
  1692. #endif
  1693. #ifdef WOLFSSL_CAAM_BLOB
  1694. if ( (ret = blob_test()) != 0)
  1695. TEST_FAIL("blob test failed!\n", ret);
  1696. else
  1697. TEST_PASS("blob test passed!\n");
  1698. #endif
  1699. #if defined(WOLF_CRYPTO_CB) && \
  1700. !(defined(HAVE_INTEL_QAT_SYNC) || defined(HAVE_CAVIUM_OCTEON_SYNC) || \
  1701. defined(WOLFSSL_QNX_CAAM) || defined(HAVE_RENESAS_SYNC))
  1702. if ( (ret = cryptocb_test()) != 0)
  1703. TEST_FAIL("crypto callback test failed!\n", ret);
  1704. else
  1705. TEST_PASS("crypto callback test passed!\n");
  1706. #endif
  1707. #ifdef WOLFSSL_CERT_PIV
  1708. if ( (ret = certpiv_test()) != 0)
  1709. TEST_FAIL("cert piv test failed!\n", ret);
  1710. else
  1711. TEST_PASS("cert piv test passed!\n");
  1712. #endif
  1713. #ifdef WOLF_CRYPTO_CB
  1714. #ifdef HAVE_INTEL_QA_SYNC
  1715. wc_CryptoCb_CleanupIntelQa(&devId);
  1716. #endif
  1717. #ifdef HAVE_CAVIUM_OCTEON_SYNC
  1718. wc_CryptoCb_CleanupOcteon(&devId);
  1719. #endif
  1720. #endif
  1721. #ifdef WOLFSSL_ASYNC_CRYPT
  1722. wolfAsync_DevClose(&devId);
  1723. #endif
  1724. /* cleanup the thread if fixed point cache is enabled and have thread local */
  1725. #if defined(HAVE_THREAD_LS) && defined(HAVE_ECC) && defined(FP_ECC)
  1726. wc_ecc_fp_free();
  1727. #endif
  1728. #ifdef TEST_ALWAYS_RUN_TO_END
  1729. if (last_failed_test_ret != 0)
  1730. ret = last_failed_test_ret;
  1731. #endif
  1732. if (args)
  1733. ((func_args*)args)->return_code = ret;
  1734. TEST_PASS("Test complete\n");
  1735. EXIT_TEST(ret);
  1736. }
  1737. #ifndef NO_MAIN_DRIVER
  1738. #ifdef HAVE_WOLFCRYPT_TEST_OPTIONS
  1739. int myoptind = 0;
  1740. char* myoptarg = NULL;
  1741. #endif
  1742. /* so overall tests can pull in test function */
  1743. #if defined(WOLFSSL_ESPIDF) || defined(_WIN32_WCE)
  1744. wc_test_ret_t wolf_test_task(void)
  1745. #else
  1746. #ifndef NO_MAIN_FUNCTION
  1747. int main(int argc, char** argv)
  1748. {
  1749. return (int)wolfcrypt_test_main(argc, argv);
  1750. }
  1751. #endif
  1752. wc_test_ret_t wolfcrypt_test_main(int argc, char** argv)
  1753. #endif
  1754. {
  1755. wc_test_ret_t ret;
  1756. func_args args = { 0, 0, 0 };
  1757. #if defined(WOLFSSL_ESPIDF) || defined(WOLFSSL_SE050)
  1758. /* set dummy wallclock time. */
  1759. struct timeval utctime;
  1760. struct timezone tz;
  1761. utctime.tv_sec = 1521725159; /* dummy time: 2018-03-22T13:25:59+00:00 */
  1762. utctime.tv_usec = 0;
  1763. tz.tz_minuteswest = 0;
  1764. tz.tz_dsttime = 0;
  1765. settimeofday(&utctime, &tz);
  1766. #endif
  1767. #ifdef WOLFSSL_APACHE_MYNEWT
  1768. #ifdef ARCH_sim
  1769. mcu_sim_parse_args(argc, argv);
  1770. #endif
  1771. sysinit();
  1772. /* set dummy wallclock time. */
  1773. struct os_timeval utctime;
  1774. struct os_timezone tz;
  1775. utctime.tv_sec = 1521725159; /* dummy time: 2018-03-22T13:25:59+00:00 */
  1776. utctime.tv_usec = 0;
  1777. tz.tz_minuteswest = 0;
  1778. tz.tz_dsttime = 0;
  1779. os_settimeofday(&utctime, &tz);
  1780. #endif
  1781. #ifdef WOLFSSL_ZEPHYR
  1782. /* set dummy wallclock time. */
  1783. struct timespec utctime;
  1784. utctime.tv_sec = 1521725159; /* dummy time: 2018-03-22T13:25:59+00:00 */
  1785. utctime.tv_nsec = 0;
  1786. clock_settime(CLOCK_REALTIME, &utctime);
  1787. #endif
  1788. #ifdef DEVKITPRO
  1789. void *framebuffer;
  1790. GXRModeObj *rmode = NULL;
  1791. VIDEO_Init();
  1792. WPAD_Init();
  1793. rmode = VIDEO_GetPreferredMode(NULL);
  1794. #pragma GCC diagnostic ignored "-Wbad-function-cast"
  1795. framebuffer = MEM_K0_TO_K1(SYS_AllocateFramebuffer(rmode));
  1796. #pragma GCC diagnostic pop
  1797. console_init(framebuffer,20,20,rmode->fbWidth,rmode->xfbHeight,rmode->fbWidth*VI_DISPLAY_PIX_SZ);
  1798. VIDEO_Configure(rmode);
  1799. VIDEO_SetNextFramebuffer(framebuffer);
  1800. VIDEO_SetBlack(FALSE);
  1801. VIDEO_Flush();
  1802. VIDEO_WaitVSync();
  1803. if(rmode->viTVMode&VI_NON_INTERLACE) VIDEO_WaitVSync();
  1804. #endif
  1805. #ifdef HAVE_WNR
  1806. if ((ret = wc_InitNetRandom(wnrConfigFile, NULL, 5000)) != 0) {
  1807. err_sys("Whitewood netRandom global config failed",
  1808. WC_TEST_RET_ENC_EC(ret));
  1809. return WC_TEST_RET_ENC_EC(ret);
  1810. }
  1811. #endif
  1812. #ifndef WOLFSSL_ESPIDF
  1813. args.argc = argc;
  1814. args.argv = argv;
  1815. #endif
  1816. if ((ret = wolfCrypt_Init()) != 0) {
  1817. printf("wolfCrypt_Init failed %d\n", (int)ret);
  1818. err_sys("Error with wolfCrypt_Init!\n", WC_TEST_RET_ENC_EC(ret));
  1819. }
  1820. #ifdef HAVE_WC_INTROSPECTION
  1821. printf("Math: %s\n", wc_GetMathInfo());
  1822. #endif
  1823. #ifdef WC_RNG_SEED_CB
  1824. wc_SetSeed_Cb(wc_GenerateSeed);
  1825. #endif
  1826. #ifdef HAVE_STACK_SIZE
  1827. StackSizeCheck(&args, wolfcrypt_test);
  1828. #else
  1829. wolfcrypt_test(&args);
  1830. #endif
  1831. if ((ret = wolfCrypt_Cleanup()) != 0) {
  1832. printf("wolfCrypt_Cleanup failed %d\n", (int)ret);
  1833. err_sys("Error with wolfCrypt_Cleanup!\n", WC_TEST_RET_ENC_EC(ret));
  1834. }
  1835. #ifdef HAVE_WNR
  1836. if ((ret = wc_FreeNetRandom()) < 0)
  1837. err_sys("Failed to free netRandom context",
  1838. WC_TEST_RET_ENC_EC(ret));
  1839. #endif /* HAVE_WNR */
  1840. #ifdef DOLPHIN_EMULATOR
  1841. /* Returning from main panics the emulator. Just hang
  1842. * and let the user force quit the emulator window. */
  1843. printf("args.return_code: %d\n", args.return_code);
  1844. printf("Testing complete. You may close the window now\n");
  1845. while (1);
  1846. #endif
  1847. printf("Exiting main with return code: %ld\n", (long int)args.return_code);
  1848. return args.return_code;
  1849. } /* wolfcrypt_test_main or wolf_test_task */
  1850. #endif /* NO_MAIN_DRIVER */
  1851. /* helper to save DER, convert to PEM and save PEM */
  1852. #if !defined(NO_ASN) && (defined(HAVE_ECC) || !defined(NO_DSA) || \
  1853. (!defined(NO_RSA) && (defined(WOLFSSL_KEY_GEN) || defined(WOLFSSL_CERT_GEN)))) \
  1854. && !defined(WOLF_CRYPTO_CB_ONLY_ECC)
  1855. #if !defined(NO_FILESYSTEM) && !defined(NO_WRITE_TEMP_FILES)
  1856. #define SaveDerAndPem(d, dSz, fD, fP, pT) _SaveDerAndPem(d, dSz, fD, fP, pT, WC_TEST_RET_LN)
  1857. #else
  1858. #define SaveDerAndPem(d, dSz, fD, fP, pT) _SaveDerAndPem(d, dSz, NULL, NULL, pT, WC_TEST_RET_LN)
  1859. #endif
  1860. static wc_test_ret_t _SaveDerAndPem(const byte* der, int derSz,
  1861. const char* fileDer, const char* filePem, int pemType, int calling_line)
  1862. {
  1863. #if !defined(NO_FILESYSTEM) && !defined(NO_WRITE_TEMP_FILES)
  1864. wc_test_ret_t ret;
  1865. XFILE derFile;
  1866. derFile = XFOPEN(fileDer, "wb");
  1867. if (!derFile) {
  1868. return WC_TEST_RET_ENC(calling_line, 0, WC_TEST_RET_TAG_I);
  1869. }
  1870. ret = (int)XFWRITE(der, 1, derSz, derFile);
  1871. XFCLOSE(derFile);
  1872. if (ret != derSz) {
  1873. return WC_TEST_RET_ENC(calling_line, 1, WC_TEST_RET_TAG_I);
  1874. }
  1875. #endif
  1876. #ifdef WOLFSSL_DER_TO_PEM
  1877. if (filePem) {
  1878. #if !defined(NO_FILESYSTEM) && !defined(NO_WRITE_TEMP_FILES)
  1879. XFILE pemFile;
  1880. #endif
  1881. byte* pem;
  1882. int pemSz;
  1883. /* calculate PEM size */
  1884. pemSz = wc_DerToPem(der, derSz, NULL, 0, pemType);
  1885. if (pemSz < 0) {
  1886. return WC_TEST_RET_ENC(calling_line, 2, WC_TEST_RET_TAG_I);
  1887. }
  1888. pem = (byte*)XMALLOC(pemSz, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  1889. if (pem == NULL) {
  1890. return WC_TEST_RET_ENC(calling_line, 3, WC_TEST_RET_TAG_I);
  1891. }
  1892. /* Convert to PEM */
  1893. pemSz = wc_DerToPem(der, derSz, pem, pemSz, pemType);
  1894. if (pemSz < 0) {
  1895. XFREE(pem, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  1896. return WC_TEST_RET_ENC(calling_line, 4, WC_TEST_RET_TAG_I);
  1897. }
  1898. #if !defined(NO_FILESYSTEM) && !defined(NO_WRITE_TEMP_FILES)
  1899. pemFile = XFOPEN(filePem, "wb");
  1900. if (!pemFile) {
  1901. XFREE(pem, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  1902. return WC_TEST_RET_ENC(calling_line, 5, WC_TEST_RET_TAG_I);
  1903. }
  1904. ret = (int)XFWRITE(pem, 1, pemSz, pemFile);
  1905. XFCLOSE(pemFile);
  1906. if (ret != pemSz) {
  1907. XFREE(pem, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  1908. return WC_TEST_RET_ENC(calling_line, 6, WC_TEST_RET_TAG_I);
  1909. }
  1910. #endif
  1911. XFREE(pem, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  1912. }
  1913. #endif /* WOLFSSL_DER_TO_PEM */
  1914. /* suppress unused variable warnings */
  1915. (void)der;
  1916. (void)derSz;
  1917. (void)filePem;
  1918. (void)fileDer;
  1919. (void)pemType;
  1920. (void)calling_line;
  1921. return 0;
  1922. }
  1923. #endif /* WOLFSSL_KEY_GEN || WOLFSSL_CERT_GEN */
  1924. WOLFSSL_TEST_SUBROUTINE wc_test_ret_t error_test(void)
  1925. {
  1926. const char* errStr;
  1927. char out[WOLFSSL_MAX_ERROR_SZ];
  1928. const char* unknownStr = wc_GetErrorString(0);
  1929. #ifdef NO_ERROR_STRINGS
  1930. /* Ensure a valid error code's string matches an invalid code's.
  1931. * The string is that error strings are not available.
  1932. */
  1933. errStr = wc_GetErrorString(OPEN_RAN_E);
  1934. wc_ErrorString(OPEN_RAN_E, out);
  1935. if (XSTRCMP(errStr, unknownStr) != 0)
  1936. return WC_TEST_RET_ENC_NC;
  1937. if (XSTRCMP(out, unknownStr) != 0)
  1938. return WC_TEST_RET_ENC_NC;
  1939. #else
  1940. int i;
  1941. int j = 0;
  1942. /* Values that are not or no longer error codes. */
  1943. int missing[] = { -124, -128, -129, -159, -163, -164,
  1944. -165, -166, -167, -168, -169, -233, 0 };
  1945. /* Check that all errors have a string and it's the same through the two
  1946. * APIs. Check that the values that are not errors map to the unknown
  1947. * string.
  1948. */
  1949. for (i = MAX_CODE_E-1; i >= WC_LAST_E; i--) {
  1950. errStr = wc_GetErrorString(i);
  1951. wc_ErrorString(i, out);
  1952. if (i != missing[j]) {
  1953. if (XSTRCMP(errStr, unknownStr) == 0)
  1954. return WC_TEST_RET_ENC_NC;
  1955. if (XSTRCMP(out, unknownStr) == 0)
  1956. return WC_TEST_RET_ENC_NC;
  1957. if (XSTRCMP(errStr, out) != 0)
  1958. return WC_TEST_RET_ENC_NC;
  1959. if (XSTRLEN(errStr) >= WOLFSSL_MAX_ERROR_SZ)
  1960. return WC_TEST_RET_ENC_NC;
  1961. }
  1962. else {
  1963. j++;
  1964. if (XSTRCMP(errStr, unknownStr) != 0)
  1965. return WC_TEST_RET_ENC_NC;
  1966. if (XSTRCMP(out, unknownStr) != 0)
  1967. return WC_TEST_RET_ENC_NC;
  1968. }
  1969. }
  1970. /* Check if the next possible value has been given a string. */
  1971. errStr = wc_GetErrorString(i);
  1972. wc_ErrorString(i, out);
  1973. if (XSTRCMP(errStr, unknownStr) != 0)
  1974. return WC_TEST_RET_ENC_NC;
  1975. if (XSTRCMP(out, unknownStr) != 0)
  1976. return WC_TEST_RET_ENC_NC;
  1977. #endif
  1978. return 0;
  1979. }
  1980. #ifndef NO_CODING
  1981. WOLFSSL_TEST_SUBROUTINE wc_test_ret_t base64_test(void)
  1982. {
  1983. wc_test_ret_t ret;
  1984. WOLFSSL_SMALL_STACK_STATIC const byte good[] = "A+Gd\0\0\0";
  1985. WOLFSSL_SMALL_STACK_STATIC const byte goodEnd[] = "A+Gd \r\n";
  1986. WOLFSSL_SMALL_STACK_STATIC const byte good_spaces[] = " A + G d \0";
  1987. byte out[128];
  1988. word32 outLen;
  1989. #ifdef WOLFSSL_BASE64_ENCODE
  1990. byte data[3];
  1991. word32 dataLen;
  1992. byte longData[79] = { 0 };
  1993. WOLFSSL_SMALL_STACK_STATIC const byte symbols[] = "+/A=";
  1994. #endif
  1995. WOLFSSL_SMALL_STACK_STATIC const byte badSmall[] = "AAA!Gdj=";
  1996. WOLFSSL_SMALL_STACK_STATIC const byte badLarge[] = "AAA~Gdj=";
  1997. WOLFSSL_SMALL_STACK_STATIC const byte badEOL[] = "A+Gd!AA";
  1998. WOLFSSL_SMALL_STACK_STATIC const byte badPadding[] = "AA=A";
  1999. WOLFSSL_SMALL_STACK_STATIC const byte badChar[] = ",-.:;<=>?@[\\]^_`";
  2000. byte goodChar[] =
  2001. "ABCDEFGHIJKLMNOPQRSTUVWXYZ"
  2002. "abcdefghijklmnopqrstuvwxyz"
  2003. "0123456789+/;";
  2004. byte charTest[] = "A+Gd\0\0\0";
  2005. int i;
  2006. /* Good Base64 encodings. */
  2007. outLen = sizeof(out);
  2008. ret = Base64_Decode(good, sizeof(good), out, &outLen);
  2009. if (ret != 0)
  2010. return WC_TEST_RET_ENC_EC(ret);
  2011. outLen = sizeof(out);
  2012. ret = Base64_Decode(goodEnd, sizeof(goodEnd), out, &outLen);
  2013. if (ret != 0)
  2014. return WC_TEST_RET_ENC_EC(ret);
  2015. outLen = sizeof(goodChar);
  2016. ret = Base64_Decode(goodChar, sizeof(goodChar), goodChar, &outLen);
  2017. if (ret != 0)
  2018. return WC_TEST_RET_ENC_EC(ret);
  2019. if (outLen != 64 / 4 * 3)
  2020. return WC_TEST_RET_ENC_NC;
  2021. outLen = sizeof(out);
  2022. ret = Base64_Decode(good_spaces, sizeof(good_spaces), out, &outLen);
  2023. if (ret != 0)
  2024. return WC_TEST_RET_ENC_EC(ret);
  2025. /* Bad parameters. */
  2026. outLen = 1;
  2027. ret = Base64_Decode(good, sizeof(good), out, &outLen);
  2028. if (ret != BAD_FUNC_ARG)
  2029. return WC_TEST_RET_ENC_EC(ret);
  2030. outLen = sizeof(out);
  2031. ret = Base64_Decode(badEOL, sizeof(badEOL), out, &outLen);
  2032. if (ret != ASN_INPUT_E)
  2033. return WC_TEST_RET_ENC_EC(ret);
  2034. outLen = sizeof(out);
  2035. ret = Base64_Decode(badPadding, sizeof(badPadding), out, &outLen);
  2036. if (ret != ASN_INPUT_E)
  2037. return WC_TEST_RET_ENC_EC(ret);
  2038. /* Bad character at each offset 0-3. */
  2039. for (i = 0; i < 4; i++) {
  2040. outLen = sizeof(out);
  2041. ret = Base64_Decode(badSmall + i, 4, out, &outLen);
  2042. if (ret != ASN_INPUT_E)
  2043. return WC_TEST_RET_ENC_I(i);
  2044. ret = Base64_Decode(badLarge + i, 4, out, &outLen);
  2045. if (ret != ASN_INPUT_E)
  2046. return WC_TEST_RET_ENC_I(i);
  2047. }
  2048. /* Invalid character less than 0x2b */
  2049. for (i = 1; i < 0x2b; i++) {
  2050. outLen = sizeof(out);
  2051. charTest[0] = (byte)i;
  2052. ret = Base64_Decode(charTest, sizeof(charTest), out, &outLen);
  2053. if (ret != ASN_INPUT_E)
  2054. return WC_TEST_RET_ENC_I(i);
  2055. }
  2056. /* Bad characters in range 0x2b - 0x7a. */
  2057. for (i = 0; i < (int)sizeof(badChar) - 1; i++) {
  2058. outLen = sizeof(out);
  2059. charTest[0] = badChar[i];
  2060. ret = Base64_Decode(charTest, sizeof(charTest), out, &outLen);
  2061. if (ret != ASN_INPUT_E)
  2062. return WC_TEST_RET_ENC_I(i);
  2063. }
  2064. /* Invalid character greater than 0x7a */
  2065. for (i = 0x7b; i < 0x100; i++) {
  2066. outLen = sizeof(out);
  2067. charTest[0] = (byte)i;
  2068. ret = Base64_Decode(charTest, sizeof(charTest), out, &outLen);
  2069. if (ret != ASN_INPUT_E)
  2070. return WC_TEST_RET_ENC_I(i);
  2071. }
  2072. #ifdef WOLFSSL_BASE64_ENCODE
  2073. /* Decode and encode all symbols - non-alphanumeric. */
  2074. dataLen = sizeof(data);
  2075. ret = Base64_Decode(symbols, sizeof(symbols), data, &dataLen);
  2076. if (ret != 0)
  2077. return WC_TEST_RET_ENC_EC(ret);
  2078. outLen = sizeof(out);
  2079. ret = Base64_Encode(data, dataLen, NULL, &outLen);
  2080. if (ret != LENGTH_ONLY_E)
  2081. return WC_TEST_RET_ENC_EC(ret);
  2082. outLen = sizeof(out);
  2083. ret = Base64_Encode(data, dataLen, out, &outLen);
  2084. if (ret != 0)
  2085. return WC_TEST_RET_ENC_EC(ret);
  2086. outLen = 7;
  2087. ret = Base64_EncodeEsc(data, dataLen, out, &outLen);
  2088. if (ret != BUFFER_E)
  2089. return WC_TEST_RET_ENC_EC(ret);
  2090. outLen = sizeof(out);
  2091. ret = Base64_EncodeEsc(data, dataLen, NULL, &outLen);
  2092. if (ret != LENGTH_ONLY_E)
  2093. return WC_TEST_RET_ENC_EC(ret);
  2094. outLen = sizeof(out);
  2095. ret = Base64_EncodeEsc(data, dataLen, out, &outLen);
  2096. if (ret != 0)
  2097. return WC_TEST_RET_ENC_EC(ret);
  2098. outLen = sizeof(out);
  2099. ret = Base64_Encode_NoNl(data, dataLen, out, &outLen);
  2100. if (ret != 0)
  2101. return WC_TEST_RET_ENC_EC(ret);
  2102. /* Data that results in an encoding longer than one line. */
  2103. outLen = sizeof(out);
  2104. dataLen = sizeof(longData);
  2105. ret = Base64_Encode(longData, dataLen, out, &outLen);
  2106. if (ret != 0)
  2107. return WC_TEST_RET_ENC_EC(ret);
  2108. outLen = sizeof(out);
  2109. ret = Base64_EncodeEsc(longData, dataLen, out, &outLen);
  2110. if (ret != 0)
  2111. return WC_TEST_RET_ENC_EC(ret);
  2112. outLen = sizeof(out);
  2113. ret = Base64_Encode_NoNl(longData, dataLen, out, &outLen);
  2114. if (ret != 0)
  2115. return WC_TEST_RET_ENC_EC(ret);
  2116. #endif
  2117. return 0;
  2118. }
  2119. #ifdef WOLFSSL_BASE16
  2120. WOLFSSL_TEST_SUBROUTINE wc_test_ret_t base16_test(void)
  2121. {
  2122. wc_test_ret_t ret;
  2123. WOLFSSL_SMALL_STACK_STATIC const byte testData[] = "SomeDataToEncode\n";
  2124. WOLFSSL_SMALL_STACK_STATIC const byte encodedTestData[] = "536F6D6544617461546F456E636F64650A00";
  2125. byte encoded[40];
  2126. word32 encodedLen;
  2127. byte plain[40];
  2128. word32 len;
  2129. /* length returned includes null termination */
  2130. encodedLen = sizeof(encoded);
  2131. ret = Base16_Encode(testData, sizeof(testData), encoded, &encodedLen);
  2132. if (ret != 0)
  2133. return WC_TEST_RET_ENC_EC(ret);
  2134. len = (word32)XSTRLEN((char*)encoded);
  2135. if (len != encodedLen - 1)
  2136. return WC_TEST_RET_ENC_NC;
  2137. len = sizeof(plain);
  2138. ret = Base16_Decode(encoded, encodedLen - 1, plain, &len);
  2139. if (ret != 0)
  2140. return WC_TEST_RET_ENC_EC(ret);
  2141. if (len != sizeof(testData) || XMEMCMP(testData, plain, len) != 0)
  2142. return WC_TEST_RET_ENC_NC;
  2143. if (encodedLen != sizeof(encodedTestData) ||
  2144. XMEMCMP(encoded, encodedTestData, encodedLen) != 0) {
  2145. return WC_TEST_RET_ENC_NC;
  2146. }
  2147. return 0;
  2148. }
  2149. #endif /* WOLFSSL_BASE16 */
  2150. #endif /* !NO_CODING */
  2151. #ifndef NO_ASN
  2152. WOLFSSL_TEST_SUBROUTINE wc_test_ret_t asn_test(void)
  2153. {
  2154. wc_test_ret_t ret;
  2155. /* ASN1 encoded date buffer */
  2156. WOLFSSL_SMALL_STACK_STATIC const byte dateBuf[] = {0x17, 0x0d, 0x31, 0x36, 0x30, 0x38, 0x31, 0x31,
  2157. 0x32, 0x30, 0x30, 0x37, 0x33, 0x37, 0x5a};
  2158. byte format;
  2159. int length;
  2160. const byte* datePart;
  2161. #ifndef NO_ASN_TIME
  2162. struct tm timearg;
  2163. time_t now;
  2164. #endif
  2165. ret = wc_GetDateInfo(dateBuf, (int)sizeof(dateBuf), &datePart, &format,
  2166. &length);
  2167. if (ret != 0)
  2168. return WC_TEST_RET_ENC_EC(ret);
  2169. #ifndef NO_ASN_TIME
  2170. /* Parameter Validation tests. */
  2171. if ((ret = wc_GetTime(NULL, sizeof(now))) != BAD_FUNC_ARG)
  2172. return WC_TEST_RET_ENC_EC(ret);
  2173. if ((ret = wc_GetTime(&now, 0)) != BUFFER_E)
  2174. return WC_TEST_RET_ENC_EC(ret);
  2175. now = 0;
  2176. if ((ret = wc_GetTime(&now, sizeof(now))) != 0) {
  2177. return WC_TEST_RET_ENC_EC(ret);
  2178. }
  2179. if (now == 0) {
  2180. printf("RTC/Time not set!\n");
  2181. return WC_TEST_RET_ENC_NC;
  2182. }
  2183. ret = wc_GetDateAsCalendarTime(datePart, length, format, &timearg);
  2184. if (ret != 0)
  2185. return WC_TEST_RET_ENC_EC(ret);
  2186. #endif /* !NO_ASN_TIME */
  2187. return 0;
  2188. }
  2189. #endif /* !NO_ASN */
  2190. #ifdef WOLFSSL_MD2
  2191. WOLFSSL_TEST_SUBROUTINE wc_test_ret_t md2_test(void)
  2192. {
  2193. wc_test_ret_t ret = 0;
  2194. Md2 md2;
  2195. byte hash[MD2_DIGEST_SIZE];
  2196. testVector a, b, c, d, e, f, g;
  2197. testVector test_md2[7];
  2198. int times = sizeof(test_md2) / sizeof(testVector), i;
  2199. a.input = "";
  2200. a.output = "\x83\x50\xe5\xa3\xe2\x4c\x15\x3d\xf2\x27\x5c\x9f\x80\x69"
  2201. "\x27\x73";
  2202. a.inLen = XSTRLEN(a.input);
  2203. a.outLen = MD2_DIGEST_SIZE;
  2204. b.input = "a";
  2205. b.output = "\x32\xec\x01\xec\x4a\x6d\xac\x72\xc0\xab\x96\xfb\x34\xc0"
  2206. "\xb5\xd1";
  2207. b.inLen = XSTRLEN(b.input);
  2208. b.outLen = MD2_DIGEST_SIZE;
  2209. c.input = "abc";
  2210. c.output = "\xda\x85\x3b\x0d\x3f\x88\xd9\x9b\x30\x28\x3a\x69\xe6\xde"
  2211. "\xd6\xbb";
  2212. c.inLen = XSTRLEN(c.input);
  2213. c.outLen = MD2_DIGEST_SIZE;
  2214. d.input = "message digest";
  2215. d.output = "\xab\x4f\x49\x6b\xfb\x2a\x53\x0b\x21\x9f\xf3\x30\x31\xfe"
  2216. "\x06\xb0";
  2217. d.inLen = XSTRLEN(d.input);
  2218. d.outLen = MD2_DIGEST_SIZE;
  2219. e.input = "abcdefghijklmnopqrstuvwxyz";
  2220. e.output = "\x4e\x8d\xdf\xf3\x65\x02\x92\xab\x5a\x41\x08\xc3\xaa\x47"
  2221. "\x94\x0b";
  2222. e.inLen = XSTRLEN(e.input);
  2223. e.outLen = MD2_DIGEST_SIZE;
  2224. f.input = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz012345"
  2225. "6789";
  2226. f.output = "\xda\x33\xde\xf2\xa4\x2d\xf1\x39\x75\x35\x28\x46\xc3\x03"
  2227. "\x38\xcd";
  2228. f.inLen = XSTRLEN(f.input);
  2229. f.outLen = MD2_DIGEST_SIZE;
  2230. g.input = "1234567890123456789012345678901234567890123456789012345678"
  2231. "9012345678901234567890";
  2232. g.output = "\xd5\x97\x6f\x79\xd8\x3d\x3a\x0d\xc9\x80\x6c\x3c\x66\xf3"
  2233. "\xef\xd8";
  2234. g.inLen = XSTRLEN(g.input);
  2235. g.outLen = MD2_DIGEST_SIZE;
  2236. test_md2[0] = a;
  2237. test_md2[1] = b;
  2238. test_md2[2] = c;
  2239. test_md2[3] = d;
  2240. test_md2[4] = e;
  2241. test_md2[5] = f;
  2242. test_md2[6] = g;
  2243. wc_InitMd2(&md2);
  2244. for (i = 0; i < times; ++i) {
  2245. wc_Md2Update(&md2, (byte*)test_md2[i].input, (word32)test_md2[i].inLen);
  2246. wc_Md2Final(&md2, hash);
  2247. if (XMEMCMP(hash, test_md2[i].output, MD2_DIGEST_SIZE) != 0)
  2248. return WC_TEST_RET_ENC_I(i);
  2249. }
  2250. for (i = 0; i < times; ++i) {
  2251. ret = wc_Md2Hash((byte*)test_md2[i].input, (word32)test_md2[i].inLen, hash);
  2252. if (ret != 0) {
  2253. return WC_TEST_RET_ENC_I(i);
  2254. }
  2255. if (XMEMCMP(hash, test_md2[i].output, MD2_DIGEST_SIZE) != 0) {
  2256. return WC_TEST_RET_ENC_I(i);
  2257. }
  2258. }
  2259. return 0;
  2260. }
  2261. #endif
  2262. #ifndef NO_MD5
  2263. WOLFSSL_TEST_SUBROUTINE wc_test_ret_t md5_test(void)
  2264. {
  2265. wc_test_ret_t ret = 0;
  2266. wc_Md5 md5, md5Copy;
  2267. byte hash[WC_MD5_DIGEST_SIZE];
  2268. byte hashcopy[WC_MD5_DIGEST_SIZE];
  2269. testVector a, b, c, d, e, f;
  2270. testVector test_md5[6];
  2271. int times = sizeof(test_md5) / sizeof(testVector), i;
  2272. a.input = "";
  2273. a.output = "\xd4\x1d\x8c\xd9\x8f\x00\xb2\x04\xe9\x80\x09\x98\xec\xf8\x42"
  2274. "\x7e";
  2275. a.inLen = XSTRLEN(a.input);
  2276. a.outLen = WC_MD5_DIGEST_SIZE;
  2277. b.input = "abc";
  2278. b.output = "\x90\x01\x50\x98\x3c\xd2\x4f\xb0\xd6\x96\x3f\x7d\x28\xe1\x7f"
  2279. "\x72";
  2280. b.inLen = XSTRLEN(b.input);
  2281. b.outLen = WC_MD5_DIGEST_SIZE;
  2282. c.input = "message digest";
  2283. c.output = "\xf9\x6b\x69\x7d\x7c\xb7\x93\x8d\x52\x5a\x2f\x31\xaa\xf1\x61"
  2284. "\xd0";
  2285. c.inLen = XSTRLEN(c.input);
  2286. c.outLen = WC_MD5_DIGEST_SIZE;
  2287. d.input = "abcdefghijklmnopqrstuvwxyz";
  2288. d.output = "\xc3\xfc\xd3\xd7\x61\x92\xe4\x00\x7d\xfb\x49\x6c\xca\x67\xe1"
  2289. "\x3b";
  2290. d.inLen = XSTRLEN(d.input);
  2291. d.outLen = WC_MD5_DIGEST_SIZE;
  2292. e.input = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz012345"
  2293. "6789";
  2294. e.output = "\xd1\x74\xab\x98\xd2\x77\xd9\xf5\xa5\x61\x1c\x2c\x9f\x41\x9d"
  2295. "\x9f";
  2296. e.inLen = XSTRLEN(e.input);
  2297. e.outLen = WC_MD5_DIGEST_SIZE;
  2298. f.input = "1234567890123456789012345678901234567890123456789012345678"
  2299. "9012345678901234567890";
  2300. f.output = "\x57\xed\xf4\xa2\x2b\xe3\xc9\x55\xac\x49\xda\x2e\x21\x07\xb6"
  2301. "\x7a";
  2302. f.inLen = XSTRLEN(f.input);
  2303. f.outLen = WC_MD5_DIGEST_SIZE;
  2304. test_md5[0] = a;
  2305. test_md5[1] = b;
  2306. test_md5[2] = c;
  2307. test_md5[3] = d;
  2308. test_md5[4] = e;
  2309. test_md5[5] = f;
  2310. ret = wc_InitMd5_ex(&md5, HEAP_HINT, devId);
  2311. if (ret != 0)
  2312. return WC_TEST_RET_ENC_EC(ret);
  2313. ret = wc_InitMd5_ex(&md5Copy, HEAP_HINT, devId);
  2314. if (ret != 0) {
  2315. wc_Md5Free(&md5);
  2316. return WC_TEST_RET_ENC_EC(ret);
  2317. }
  2318. for (i = 0; i < times; ++i) {
  2319. ret = wc_Md5Update(&md5, (byte*)test_md5[i].input,
  2320. (word32)test_md5[i].inLen);
  2321. if (ret != 0)
  2322. ERROR_OUT(WC_TEST_RET_ENC_I(i), exit);
  2323. ret = wc_Md5GetHash(&md5, hashcopy);
  2324. if (ret != 0)
  2325. ERROR_OUT(WC_TEST_RET_ENC_I(i), exit);
  2326. ret = wc_Md5Copy(&md5, &md5Copy);
  2327. if (ret != 0)
  2328. ERROR_OUT(WC_TEST_RET_ENC_I(i), exit);
  2329. ret = wc_Md5Final(&md5, hash);
  2330. if (ret != 0)
  2331. ERROR_OUT(WC_TEST_RET_ENC_I(i), exit);
  2332. wc_Md5Free(&md5Copy);
  2333. if (XMEMCMP(hash, test_md5[i].output, WC_MD5_DIGEST_SIZE) != 0)
  2334. ERROR_OUT(WC_TEST_RET_ENC_I(i), exit);
  2335. if (XMEMCMP(hash, hashcopy, WC_MD5_DIGEST_SIZE) != 0)
  2336. ERROR_OUT(WC_TEST_RET_ENC_I(i), exit);
  2337. }
  2338. #ifndef NO_LARGE_HASH_TEST
  2339. /* BEGIN LARGE HASH TEST */ {
  2340. byte large_input[1024];
  2341. const char* large_digest =
  2342. "\x44\xd0\x88\xce\xf1\x36\xd1\x78\xe9\xc8\xba\x84\xc3\xfd\xf6\xca";
  2343. for (i = 0; i < (int)sizeof(large_input); i++) {
  2344. large_input[i] = (byte)(i & 0xFF);
  2345. }
  2346. times = 100;
  2347. #ifdef WOLFSSL_PIC32MZ_HASH
  2348. wc_Md5SizeSet(&md5, times * sizeof(large_input));
  2349. #endif
  2350. for (i = 0; i < times; ++i) {
  2351. ret = wc_Md5Update(&md5, (byte*)large_input,
  2352. (word32)sizeof(large_input));
  2353. if (ret != 0)
  2354. ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit);
  2355. }
  2356. ret = wc_Md5Final(&md5, hash);
  2357. if (ret != 0)
  2358. ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit);
  2359. if (XMEMCMP(hash, large_digest, WC_MD5_DIGEST_SIZE) != 0)
  2360. ERROR_OUT(WC_TEST_RET_ENC_NC, exit);
  2361. } /* END LARGE HASH TEST */
  2362. #endif /* NO_LARGE_HASH_TEST */
  2363. exit:
  2364. wc_Md5Free(&md5);
  2365. wc_Md5Free(&md5Copy);
  2366. return ret;
  2367. }
  2368. #endif /* NO_MD5 */
  2369. #ifndef NO_MD4
  2370. WOLFSSL_TEST_SUBROUTINE wc_test_ret_t md4_test(void)
  2371. {
  2372. Md4 md4;
  2373. byte hash[MD4_DIGEST_SIZE];
  2374. testVector a, b, c, d, e, f, g;
  2375. testVector test_md4[7];
  2376. int times = sizeof(test_md4) / sizeof(testVector), i;
  2377. a.input = "";
  2378. a.output = "\x31\xd6\xcf\xe0\xd1\x6a\xe9\x31\xb7\x3c\x59\xd7\xe0\xc0\x89"
  2379. "\xc0";
  2380. a.inLen = XSTRLEN(a.input);
  2381. a.outLen = MD4_DIGEST_SIZE;
  2382. b.input = "a";
  2383. b.output = "\xbd\xe5\x2c\xb3\x1d\xe3\x3e\x46\x24\x5e\x05\xfb\xdb\xd6\xfb"
  2384. "\x24";
  2385. b.inLen = XSTRLEN(b.input);
  2386. b.outLen = MD4_DIGEST_SIZE;
  2387. c.input = "abc";
  2388. c.output = "\xa4\x48\x01\x7a\xaf\x21\xd8\x52\x5f\xc1\x0a\xe8\x7a\xa6\x72"
  2389. "\x9d";
  2390. c.inLen = XSTRLEN(c.input);
  2391. c.outLen = MD4_DIGEST_SIZE;
  2392. d.input = "message digest";
  2393. d.output = "\xd9\x13\x0a\x81\x64\x54\x9f\xe8\x18\x87\x48\x06\xe1\xc7\x01"
  2394. "\x4b";
  2395. d.inLen = XSTRLEN(d.input);
  2396. d.outLen = MD4_DIGEST_SIZE;
  2397. e.input = "abcdefghijklmnopqrstuvwxyz";
  2398. e.output = "\xd7\x9e\x1c\x30\x8a\xa5\xbb\xcd\xee\xa8\xed\x63\xdf\x41\x2d"
  2399. "\xa9";
  2400. e.inLen = XSTRLEN(e.input);
  2401. e.outLen = MD4_DIGEST_SIZE;
  2402. f.input = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz012345"
  2403. "6789";
  2404. f.output = "\x04\x3f\x85\x82\xf2\x41\xdb\x35\x1c\xe6\x27\xe1\x53\xe7\xf0"
  2405. "\xe4";
  2406. f.inLen = XSTRLEN(f.input);
  2407. f.outLen = MD4_DIGEST_SIZE;
  2408. g.input = "1234567890123456789012345678901234567890123456789012345678"
  2409. "9012345678901234567890";
  2410. g.output = "\xe3\x3b\x4d\xdc\x9c\x38\xf2\x19\x9c\x3e\x7b\x16\x4f\xcc\x05"
  2411. "\x36";
  2412. g.inLen = XSTRLEN(g.input);
  2413. g.outLen = MD4_DIGEST_SIZE;
  2414. test_md4[0] = a;
  2415. test_md4[1] = b;
  2416. test_md4[2] = c;
  2417. test_md4[3] = d;
  2418. test_md4[4] = e;
  2419. test_md4[5] = f;
  2420. test_md4[6] = g;
  2421. wc_InitMd4(&md4);
  2422. for (i = 0; i < times; ++i) {
  2423. wc_Md4Update(&md4, (byte*)test_md4[i].input, (word32)test_md4[i].inLen);
  2424. wc_Md4Final(&md4, hash);
  2425. if (XMEMCMP(hash, test_md4[i].output, MD4_DIGEST_SIZE) != 0)
  2426. return WC_TEST_RET_ENC_I(i);
  2427. }
  2428. return 0;
  2429. }
  2430. #endif /* NO_MD4 */
  2431. #ifndef NO_SHA
  2432. WOLFSSL_TEST_SUBROUTINE wc_test_ret_t sha_test(void)
  2433. {
  2434. wc_test_ret_t ret = 0;
  2435. wc_Sha sha, shaCopy;
  2436. byte hash[WC_SHA_DIGEST_SIZE];
  2437. byte hashcopy[WC_SHA_DIGEST_SIZE];
  2438. testVector a, b, c, d, e;
  2439. testVector test_sha[5];
  2440. int times = sizeof(test_sha) / sizeof(struct testVector), i;
  2441. a.input = "";
  2442. a.output = "\xda\x39\xa3\xee\x5e\x6b\x4b\x0d\x32\x55\xbf\xef\x95\x60\x18"
  2443. "\x90\xaf\xd8\x07\x09";
  2444. a.inLen = XSTRLEN(a.input);
  2445. a.outLen = WC_SHA_DIGEST_SIZE;
  2446. b.input = "abc";
  2447. b.output = "\xA9\x99\x3E\x36\x47\x06\x81\x6A\xBA\x3E\x25\x71\x78\x50\xC2"
  2448. "\x6C\x9C\xD0\xD8\x9D";
  2449. b.inLen = XSTRLEN(b.input);
  2450. b.outLen = WC_SHA_DIGEST_SIZE;
  2451. c.input = "abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq";
  2452. c.output = "\x84\x98\x3E\x44\x1C\x3B\xD2\x6E\xBA\xAE\x4A\xA1\xF9\x51\x29"
  2453. "\xE5\xE5\x46\x70\xF1";
  2454. c.inLen = XSTRLEN(c.input);
  2455. c.outLen = WC_SHA_DIGEST_SIZE;
  2456. d.input = "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
  2457. "aaaaaa";
  2458. d.output = "\x00\x98\xBA\x82\x4B\x5C\x16\x42\x7B\xD7\xA1\x12\x2A\x5A\x44"
  2459. "\x2A\x25\xEC\x64\x4D";
  2460. d.inLen = XSTRLEN(d.input);
  2461. d.outLen = WC_SHA_DIGEST_SIZE;
  2462. e.input = "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
  2463. "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
  2464. "aaaaaaaaaa";
  2465. e.output = "\xAD\x5B\x3F\xDB\xCB\x52\x67\x78\xC2\x83\x9D\x2F\x15\x1E\xA7"
  2466. "\x53\x99\x5E\x26\xA0";
  2467. e.inLen = XSTRLEN(e.input);
  2468. e.outLen = WC_SHA_DIGEST_SIZE;
  2469. test_sha[0] = a;
  2470. test_sha[1] = b;
  2471. test_sha[2] = c;
  2472. test_sha[3] = d;
  2473. test_sha[4] = e;
  2474. ret = wc_InitSha_ex(&sha, HEAP_HINT, devId);
  2475. if (ret != 0)
  2476. return WC_TEST_RET_ENC_EC(ret);
  2477. ret = wc_InitSha_ex(&shaCopy, HEAP_HINT, devId);
  2478. if (ret != 0) {
  2479. wc_ShaFree(&sha);
  2480. return WC_TEST_RET_ENC_EC(ret);
  2481. }
  2482. for (i = 0; i < times; ++i) {
  2483. ret = wc_ShaUpdate(&sha, (byte*)test_sha[i].input,
  2484. (word32)test_sha[i].inLen);
  2485. if (ret != 0)
  2486. ERROR_OUT(WC_TEST_RET_ENC_I(i), exit);
  2487. ret = wc_ShaGetHash(&sha, hashcopy);
  2488. if (ret != 0)
  2489. ERROR_OUT(WC_TEST_RET_ENC_I(i), exit);
  2490. ret = wc_ShaCopy(&sha, &shaCopy);
  2491. if (ret != 0)
  2492. ERROR_OUT(WC_TEST_RET_ENC_I(i), exit);
  2493. ret = wc_ShaFinal(&sha, hash);
  2494. if (ret != 0)
  2495. ERROR_OUT(WC_TEST_RET_ENC_I(i), exit);
  2496. wc_ShaFree(&shaCopy);
  2497. if (XMEMCMP(hash, test_sha[i].output, WC_SHA_DIGEST_SIZE) != 0)
  2498. ERROR_OUT(WC_TEST_RET_ENC_I(i), exit);
  2499. if (XMEMCMP(hash, hashcopy, WC_SHA_DIGEST_SIZE) != 0)
  2500. ERROR_OUT(WC_TEST_RET_ENC_I(i), exit);
  2501. }
  2502. #ifndef NO_LARGE_HASH_TEST
  2503. /* BEGIN LARGE HASH TEST */ {
  2504. byte large_input[1024];
  2505. #if defined(WOLFSSL_RENESAS_TSIP) || defined(WOLFSSL_RENESAS_SCEPROTECT) || \
  2506. defined(HASH_SIZE_LIMIT)
  2507. const char* large_digest =
  2508. "\x1d\x6a\x5a\xf6\xe5\x7c\x86\xce\x7f\x7c\xaf\xd5\xdb\x08\xcd\x59"
  2509. "\x15\x8c\x6d\xb6";
  2510. #else
  2511. const char* large_digest =
  2512. "\x8b\x77\x02\x48\x39\xe8\xdb\xd3\x9a\xf4\x05\x24\x66\x12\x2d\x9e"
  2513. "\xc5\xd9\x0a\xac";
  2514. #endif
  2515. for (i = 0; i < (int)sizeof(large_input); i++) {
  2516. large_input[i] = (byte)(i & 0xFF);
  2517. }
  2518. #if defined(WOLFSSL_RENESAS_TSIP) || defined(WOLFSSL_RENESAS_SCEPROTECT) || \
  2519. defined(HASH_SIZE_LIMIT)
  2520. times = 20;
  2521. #else
  2522. times = 100;
  2523. #endif
  2524. #ifdef WOLFSSL_PIC32MZ_HASH
  2525. wc_ShaSizeSet(&sha, times * sizeof(large_input));
  2526. #endif
  2527. for (i = 0; i < times; ++i) {
  2528. ret = wc_ShaUpdate(&sha, (byte*)large_input,
  2529. (word32)sizeof(large_input));
  2530. if (ret != 0)
  2531. ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit);
  2532. }
  2533. ret = wc_ShaFinal(&sha, hash);
  2534. if (ret != 0)
  2535. ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit);
  2536. if (XMEMCMP(hash, large_digest, WC_SHA_DIGEST_SIZE) != 0)
  2537. ERROR_OUT(WC_TEST_RET_ENC_NC, exit);
  2538. } /* END LARGE HASH TEST */
  2539. #endif /* NO_LARGE_HASH_TEST */
  2540. exit:
  2541. wc_ShaFree(&sha);
  2542. wc_ShaFree(&shaCopy);
  2543. return ret;
  2544. }
  2545. #endif /* NO_SHA */
  2546. #ifdef WOLFSSL_RIPEMD
  2547. WOLFSSL_TEST_SUBROUTINE wc_test_ret_t ripemd_test(void)
  2548. {
  2549. RipeMd ripemd;
  2550. wc_test_ret_t ret;
  2551. byte hash[RIPEMD_DIGEST_SIZE];
  2552. testVector a, b, c, d;
  2553. testVector test_ripemd[4];
  2554. int times = sizeof(test_ripemd) / sizeof(struct testVector), i;
  2555. a.input = "abc";
  2556. a.output = "\x8e\xb2\x08\xf7\xe0\x5d\x98\x7a\x9b\x04\x4a\x8e\x98\xc6"
  2557. "\xb0\x87\xf1\x5a\x0b\xfc";
  2558. a.inLen = XSTRLEN(a.input);
  2559. a.outLen = RIPEMD_DIGEST_SIZE;
  2560. b.input = "message digest";
  2561. b.output = "\x5d\x06\x89\xef\x49\xd2\xfa\xe5\x72\xb8\x81\xb1\x23\xa8"
  2562. "\x5f\xfa\x21\x59\x5f\x36";
  2563. b.inLen = XSTRLEN(b.input);
  2564. b.outLen = RIPEMD_DIGEST_SIZE;
  2565. c.input = "abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq";
  2566. c.output = "\x12\xa0\x53\x38\x4a\x9c\x0c\x88\xe4\x05\xa0\x6c\x27\xdc"
  2567. "\xf4\x9a\xda\x62\xeb\x2b";
  2568. c.inLen = XSTRLEN(c.input);
  2569. c.outLen = RIPEMD_DIGEST_SIZE;
  2570. d.input = "12345678901234567890123456789012345678901234567890123456"
  2571. "789012345678901234567890";
  2572. d.output = "\x9b\x75\x2e\x45\x57\x3d\x4b\x39\xf4\xdb\xd3\x32\x3c\xab"
  2573. "\x82\xbf\x63\x32\x6b\xfb";
  2574. d.inLen = XSTRLEN(d.input);
  2575. d.outLen = RIPEMD_DIGEST_SIZE;
  2576. test_ripemd[0] = a;
  2577. test_ripemd[1] = b;
  2578. test_ripemd[2] = c;
  2579. test_ripemd[3] = d;
  2580. ret = wc_InitRipeMd(&ripemd);
  2581. if (ret != 0) {
  2582. return WC_TEST_RET_ENC_EC(ret);
  2583. }
  2584. for (i = 0; i < times; ++i) {
  2585. ret = wc_RipeMdUpdate(&ripemd, (byte*)test_ripemd[i].input,
  2586. (word32)test_ripemd[i].inLen);
  2587. if (ret != 0) {
  2588. return WC_TEST_RET_ENC_I(i);
  2589. }
  2590. ret = wc_RipeMdFinal(&ripemd, hash);
  2591. if (ret != 0) {
  2592. return WC_TEST_RET_ENC_I(i);
  2593. }
  2594. if (XMEMCMP(hash, test_ripemd[i].output, RIPEMD_DIGEST_SIZE) != 0)
  2595. return WC_TEST_RET_ENC_I(i);
  2596. }
  2597. return 0;
  2598. }
  2599. #endif /* WOLFSSL_RIPEMD */
  2600. #ifdef HAVE_BLAKE2
  2601. #define BLAKE2B_TESTS 3
  2602. static const byte blake2b_vec[BLAKE2B_TESTS][BLAKE2B_OUTBYTES] =
  2603. {
  2604. {
  2605. 0x78, 0x6A, 0x02, 0xF7, 0x42, 0x01, 0x59, 0x03,
  2606. 0xC6, 0xC6, 0xFD, 0x85, 0x25, 0x52, 0xD2, 0x72,
  2607. 0x91, 0x2F, 0x47, 0x40, 0xE1, 0x58, 0x47, 0x61,
  2608. 0x8A, 0x86, 0xE2, 0x17, 0xF7, 0x1F, 0x54, 0x19,
  2609. 0xD2, 0x5E, 0x10, 0x31, 0xAF, 0xEE, 0x58, 0x53,
  2610. 0x13, 0x89, 0x64, 0x44, 0x93, 0x4E, 0xB0, 0x4B,
  2611. 0x90, 0x3A, 0x68, 0x5B, 0x14, 0x48, 0xB7, 0x55,
  2612. 0xD5, 0x6F, 0x70, 0x1A, 0xFE, 0x9B, 0xE2, 0xCE
  2613. },
  2614. {
  2615. 0x2F, 0xA3, 0xF6, 0x86, 0xDF, 0x87, 0x69, 0x95,
  2616. 0x16, 0x7E, 0x7C, 0x2E, 0x5D, 0x74, 0xC4, 0xC7,
  2617. 0xB6, 0xE4, 0x8F, 0x80, 0x68, 0xFE, 0x0E, 0x44,
  2618. 0x20, 0x83, 0x44, 0xD4, 0x80, 0xF7, 0x90, 0x4C,
  2619. 0x36, 0x96, 0x3E, 0x44, 0x11, 0x5F, 0xE3, 0xEB,
  2620. 0x2A, 0x3A, 0xC8, 0x69, 0x4C, 0x28, 0xBC, 0xB4,
  2621. 0xF5, 0xA0, 0xF3, 0x27, 0x6F, 0x2E, 0x79, 0x48,
  2622. 0x7D, 0x82, 0x19, 0x05, 0x7A, 0x50, 0x6E, 0x4B
  2623. },
  2624. {
  2625. 0x1C, 0x08, 0x79, 0x8D, 0xC6, 0x41, 0xAB, 0xA9,
  2626. 0xDE, 0xE4, 0x35, 0xE2, 0x25, 0x19, 0xA4, 0x72,
  2627. 0x9A, 0x09, 0xB2, 0xBF, 0xE0, 0xFF, 0x00, 0xEF,
  2628. 0x2D, 0xCD, 0x8E, 0xD6, 0xF8, 0xA0, 0x7D, 0x15,
  2629. 0xEA, 0xF4, 0xAE, 0xE5, 0x2B, 0xBF, 0x18, 0xAB,
  2630. 0x56, 0x08, 0xA6, 0x19, 0x0F, 0x70, 0xB9, 0x04,
  2631. 0x86, 0xC8, 0xA7, 0xD4, 0x87, 0x37, 0x10, 0xB1,
  2632. 0x11, 0x5D, 0x3D, 0xEB, 0xBB, 0x43, 0x27, 0xB5
  2633. }
  2634. };
  2635. WOLFSSL_TEST_SUBROUTINE wc_test_ret_t blake2b_test(void)
  2636. {
  2637. Blake2b b2b;
  2638. byte digest[64];
  2639. byte input[64];
  2640. int i, ret;
  2641. for (i = 0; i < (int)sizeof(input); i++)
  2642. input[i] = (byte)i;
  2643. for (i = 0; i < BLAKE2B_TESTS; i++) {
  2644. ret = wc_InitBlake2b(&b2b, 64);
  2645. if (ret != 0)
  2646. return WC_TEST_RET_ENC_I(i);
  2647. ret = wc_Blake2bUpdate(&b2b, input, i);
  2648. if (ret != 0)
  2649. return WC_TEST_RET_ENC_I(i);
  2650. ret = wc_Blake2bFinal(&b2b, digest, 64);
  2651. if (ret != 0)
  2652. return WC_TEST_RET_ENC_I(i);
  2653. if (XMEMCMP(digest, blake2b_vec[i], 64) != 0) {
  2654. return WC_TEST_RET_ENC_I(i);
  2655. }
  2656. }
  2657. return 0;
  2658. }
  2659. #endif /* HAVE_BLAKE2 */
  2660. #ifdef HAVE_BLAKE2S
  2661. #define BLAKE2S_TESTS 3
  2662. static const byte blake2s_vec[BLAKE2S_TESTS][BLAKE2S_OUTBYTES] =
  2663. {
  2664. {
  2665. 0x69, 0x21, 0x7a, 0x30, 0x79, 0x90, 0x80, 0x94,
  2666. 0xe1, 0x11, 0x21, 0xd0, 0x42, 0x35, 0x4a, 0x7c,
  2667. 0x1f, 0x55, 0xb6, 0x48, 0x2c, 0xa1, 0xa5, 0x1e,
  2668. 0x1b, 0x25, 0x0d, 0xfd, 0x1e, 0xd0, 0xee, 0xf9,
  2669. },
  2670. {
  2671. 0xe3, 0x4d, 0x74, 0xdb, 0xaf, 0x4f, 0xf4, 0xc6,
  2672. 0xab, 0xd8, 0x71, 0xcc, 0x22, 0x04, 0x51, 0xd2,
  2673. 0xea, 0x26, 0x48, 0x84, 0x6c, 0x77, 0x57, 0xfb,
  2674. 0xaa, 0xc8, 0x2f, 0xe5, 0x1a, 0xd6, 0x4b, 0xea,
  2675. },
  2676. {
  2677. 0xdd, 0xad, 0x9a, 0xb1, 0x5d, 0xac, 0x45, 0x49,
  2678. 0xba, 0x42, 0xf4, 0x9d, 0x26, 0x24, 0x96, 0xbe,
  2679. 0xf6, 0xc0, 0xba, 0xe1, 0xdd, 0x34, 0x2a, 0x88,
  2680. 0x08, 0xf8, 0xea, 0x26, 0x7c, 0x6e, 0x21, 0x0c,
  2681. }
  2682. };
  2683. WOLFSSL_TEST_SUBROUTINE wc_test_ret_t blake2s_test(void)
  2684. {
  2685. Blake2s b2s;
  2686. byte digest[32];
  2687. byte input[64];
  2688. int i, ret;
  2689. for (i = 0; i < (int)sizeof(input); i++)
  2690. input[i] = (byte)i;
  2691. for (i = 0; i < BLAKE2S_TESTS; i++) {
  2692. ret = wc_InitBlake2s(&b2s, 32);
  2693. if (ret != 0)
  2694. return WC_TEST_RET_ENC_I(i);
  2695. ret = wc_Blake2sUpdate(&b2s, input, i);
  2696. if (ret != 0)
  2697. return WC_TEST_RET_ENC_I(i);
  2698. ret = wc_Blake2sFinal(&b2s, digest, 32);
  2699. if (ret != 0)
  2700. return WC_TEST_RET_ENC_I(i);
  2701. if (XMEMCMP(digest, blake2s_vec[i], 32) != 0) {
  2702. return WC_TEST_RET_ENC_I(i);
  2703. }
  2704. }
  2705. return 0;
  2706. }
  2707. #endif /* HAVE_BLAKE2S */
  2708. #ifdef WOLFSSL_SHA224
  2709. WOLFSSL_TEST_SUBROUTINE wc_test_ret_t sha224_test(void)
  2710. {
  2711. wc_Sha224 sha, shaCopy;
  2712. byte hash[WC_SHA224_DIGEST_SIZE];
  2713. byte hashcopy[WC_SHA224_DIGEST_SIZE];
  2714. wc_test_ret_t ret = 0;
  2715. testVector a, b, c;
  2716. testVector test_sha[3];
  2717. int times = sizeof(test_sha) / sizeof(struct testVector), i;
  2718. a.input = "";
  2719. a.output = "\xd1\x4a\x02\x8c\x2a\x3a\x2b\xc9\x47\x61\x02\xbb\x28\x82\x34"
  2720. "\xc4\x15\xa2\xb0\x1f\x82\x8e\xa6\x2a\xc5\xb3\xe4\x2f";
  2721. a.inLen = XSTRLEN(a.input);
  2722. a.outLen = WC_SHA224_DIGEST_SIZE;
  2723. b.input = "abc";
  2724. b.output = "\x23\x09\x7d\x22\x34\x05\xd8\x22\x86\x42\xa4\x77\xbd\xa2\x55"
  2725. "\xb3\x2a\xad\xbc\xe4\xbd\xa0\xb3\xf7\xe3\x6c\x9d\xa7";
  2726. b.inLen = XSTRLEN(b.input);
  2727. b.outLen = WC_SHA224_DIGEST_SIZE;
  2728. c.input = "abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq";
  2729. c.output = "\x75\x38\x8b\x16\x51\x27\x76\xcc\x5d\xba\x5d\xa1\xfd\x89\x01"
  2730. "\x50\xb0\xc6\x45\x5c\xb4\xf5\x8b\x19\x52\x52\x25\x25";
  2731. c.inLen = XSTRLEN(c.input);
  2732. c.outLen = WC_SHA224_DIGEST_SIZE;
  2733. test_sha[0] = a;
  2734. test_sha[1] = b;
  2735. test_sha[2] = c;
  2736. ret = wc_InitSha224_ex(&sha, HEAP_HINT, devId);
  2737. if (ret != 0)
  2738. return WC_TEST_RET_ENC_EC(ret);
  2739. ret = wc_InitSha224_ex(&shaCopy, HEAP_HINT, devId);
  2740. if (ret != 0) {
  2741. wc_Sha224Free(&sha);
  2742. return WC_TEST_RET_ENC_EC(ret);
  2743. }
  2744. for (i = 0; i < times; ++i) {
  2745. ret = wc_Sha224Update(&sha, (byte*)test_sha[i].input,
  2746. (word32)test_sha[i].inLen);
  2747. if (ret != 0)
  2748. ERROR_OUT(WC_TEST_RET_ENC_I(i), exit);
  2749. ret = wc_Sha224GetHash(&sha, hashcopy);
  2750. if (ret != 0)
  2751. ERROR_OUT(WC_TEST_RET_ENC_I(i), exit);
  2752. ret = wc_Sha224Copy(&sha, &shaCopy);
  2753. if (ret != 0)
  2754. ERROR_OUT(WC_TEST_RET_ENC_I(i), exit);
  2755. ret = wc_Sha224Final(&sha, hash);
  2756. if (ret != 0)
  2757. ERROR_OUT(WC_TEST_RET_ENC_I(i), exit);
  2758. wc_Sha224Free(&shaCopy);
  2759. if (XMEMCMP(hash, test_sha[i].output, WC_SHA224_DIGEST_SIZE) != 0)
  2760. ERROR_OUT(WC_TEST_RET_ENC_I(i), exit);
  2761. if (XMEMCMP(hash, hashcopy, WC_SHA224_DIGEST_SIZE) != 0)
  2762. ERROR_OUT(WC_TEST_RET_ENC_I(i), exit);
  2763. }
  2764. exit:
  2765. wc_Sha224Free(&sha);
  2766. wc_Sha224Free(&shaCopy);
  2767. return ret;
  2768. }
  2769. #endif
  2770. #ifndef NO_SHA256
  2771. WOLFSSL_TEST_SUBROUTINE wc_test_ret_t sha256_test(void)
  2772. {
  2773. wc_Sha256 sha, shaCopy;
  2774. byte hash[WC_SHA256_DIGEST_SIZE];
  2775. byte hashcopy[WC_SHA256_DIGEST_SIZE];
  2776. wc_test_ret_t ret = 0;
  2777. testVector a, b, c;
  2778. testVector test_sha[3];
  2779. int times = sizeof(test_sha) / sizeof(struct testVector), i;
  2780. a.input = "";
  2781. a.output = "\xe3\xb0\xc4\x42\x98\xfc\x1c\x14\x9a\xfb\xf4\xc8\x99\x6f\xb9"
  2782. "\x24\x27\xae\x41\xe4\x64\x9b\x93\x4c\xa4\x95\x99\x1b\x78\x52"
  2783. "\xb8\x55";
  2784. a.inLen = XSTRLEN(a.input);
  2785. a.outLen = WC_SHA256_DIGEST_SIZE;
  2786. b.input = "abc";
  2787. b.output = "\xBA\x78\x16\xBF\x8F\x01\xCF\xEA\x41\x41\x40\xDE\x5D\xAE\x22"
  2788. "\x23\xB0\x03\x61\xA3\x96\x17\x7A\x9C\xB4\x10\xFF\x61\xF2\x00"
  2789. "\x15\xAD";
  2790. b.inLen = XSTRLEN(b.input);
  2791. b.outLen = WC_SHA256_DIGEST_SIZE;
  2792. c.input = "abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq";
  2793. c.output = "\x24\x8D\x6A\x61\xD2\x06\x38\xB8\xE5\xC0\x26\x93\x0C\x3E\x60"
  2794. "\x39\xA3\x3C\xE4\x59\x64\xFF\x21\x67\xF6\xEC\xED\xD4\x19\xDB"
  2795. "\x06\xC1";
  2796. c.inLen = XSTRLEN(c.input);
  2797. c.outLen = WC_SHA256_DIGEST_SIZE;
  2798. test_sha[0] = a;
  2799. test_sha[1] = b;
  2800. test_sha[2] = c;
  2801. ret = wc_InitSha256_ex(&sha, HEAP_HINT, devId);
  2802. if (ret != 0)
  2803. return WC_TEST_RET_ENC_EC(ret);
  2804. ret = wc_InitSha256_ex(&shaCopy, HEAP_HINT, devId);
  2805. if (ret != 0) {
  2806. wc_Sha256Free(&sha);
  2807. return WC_TEST_RET_ENC_EC(ret);
  2808. }
  2809. for (i = 0; i < times; ++i) {
  2810. ret = wc_Sha256Update(&sha, (byte*)test_sha[i].input,
  2811. (word32)test_sha[i].inLen);
  2812. if (ret != 0) {
  2813. ERROR_OUT(WC_TEST_RET_ENC_I(i), exit);
  2814. }
  2815. ret = wc_Sha256GetHash(&sha, hashcopy);
  2816. if (ret != 0)
  2817. ERROR_OUT(WC_TEST_RET_ENC_I(i), exit);
  2818. ret = wc_Sha256Copy(&sha, &shaCopy);
  2819. if (ret != 0)
  2820. ERROR_OUT(WC_TEST_RET_ENC_I(i), exit);
  2821. ret = wc_Sha256Final(&sha, hash);
  2822. if (ret != 0)
  2823. ERROR_OUT(WC_TEST_RET_ENC_I(i), exit);
  2824. wc_Sha256Free(&shaCopy);
  2825. if (XMEMCMP(hash, test_sha[i].output, WC_SHA256_DIGEST_SIZE) != 0)
  2826. ERROR_OUT(WC_TEST_RET_ENC_I(i), exit);
  2827. if (XMEMCMP(hash, hashcopy, WC_SHA256_DIGEST_SIZE) != 0)
  2828. ERROR_OUT(WC_TEST_RET_ENC_I(i), exit);
  2829. }
  2830. #ifndef NO_LARGE_HASH_TEST
  2831. /* BEGIN LARGE HASH TEST */ {
  2832. byte large_input[1024];
  2833. #ifdef HASH_SIZE_LIMIT
  2834. const char* large_digest =
  2835. "\xa4\x75\x9e\x7a\xa2\x03\x38\x32\x88\x66\xa2\xea\x17\xea\xf8\xc7"
  2836. "\xfe\x4e\xc6\xbb\xe3\xbb\x71\xce\xe7\xdf\x7c\x04\x61\xb3\xc2\x2f";
  2837. #else
  2838. const char* large_digest =
  2839. "\x27\x78\x3e\x87\x96\x3a\x4e\xfb\x68\x29\xb5\x31\xc9\xba\x57\xb4"
  2840. "\x4f\x45\x79\x7f\x67\x70\xbd\x63\x7f\xbf\x0d\x80\x7c\xbd\xba\xe0";
  2841. #endif
  2842. for (i = 0; i < (int)sizeof(large_input); i++) {
  2843. large_input[i] = (byte)(i & 0xFF);
  2844. }
  2845. #ifdef HASH_SIZE_LIMIT
  2846. times = 20;
  2847. #else
  2848. times = 100;
  2849. #endif
  2850. #ifdef WOLFSSL_PIC32MZ_HASH
  2851. wc_Sha256SizeSet(&sha, times * sizeof(large_input));
  2852. #endif
  2853. for (i = 0; i < times; ++i) {
  2854. ret = wc_Sha256Update(&sha, (byte*)large_input,
  2855. (word32)sizeof(large_input));
  2856. if (ret != 0)
  2857. ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit);
  2858. }
  2859. ret = wc_Sha256Final(&sha, hash);
  2860. if (ret != 0)
  2861. ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit);
  2862. if (XMEMCMP(hash, large_digest, WC_SHA256_DIGEST_SIZE) != 0)
  2863. ERROR_OUT(WC_TEST_RET_ENC_NC, exit);
  2864. } /* END LARGE HASH TEST */
  2865. #endif /* NO_LARGE_HASH_TEST */
  2866. exit:
  2867. wc_Sha256Free(&sha);
  2868. wc_Sha256Free(&shaCopy);
  2869. return ret;
  2870. }
  2871. #endif
  2872. #ifdef WOLFSSL_SHA512
  2873. WOLFSSL_TEST_SUBROUTINE wc_test_ret_t sha512_test(void)
  2874. {
  2875. /*
  2876. ** See https://csrc.nist.gov/CSRC/media/Projects/Cryptographic-Standards-and-Guidelines/documents/examples/SHA512.pdf
  2877. */
  2878. wc_Sha512 sha, shaCopy;
  2879. byte hash[WC_SHA512_DIGEST_SIZE];
  2880. byte hashcopy[WC_SHA512_DIGEST_SIZE];
  2881. wc_test_ret_t ret = 0;
  2882. testVector a, b, c;
  2883. testVector test_sha[3];
  2884. int times = sizeof(test_sha) / sizeof(struct testVector), i;
  2885. a.input = "";
  2886. a.output = "\xcf\x83\xe1\x35\x7e\xef\xb8\xbd\xf1\x54\x28\x50\xd6\x6d\x80"
  2887. "\x07\xd6\x20\xe4\x05\x0b\x57\x15\xdc\x83\xf4\xa9\x21\xd3\x6c"
  2888. "\xe9\xce\x47\xd0\xd1\x3c\x5d\x85\xf2\xb0\xff\x83\x18\xd2\x87"
  2889. "\x7e\xec\x2f\x63\xb9\x31\xbd\x47\x41\x7a\x81\xa5\x38\x32\x7a"
  2890. "\xf9\x27\xda\x3e";
  2891. a.inLen = XSTRLEN(a.input);
  2892. a.outLen = WC_SHA512_DIGEST_SIZE;
  2893. b.input = "abc";
  2894. b.output = "\xdd\xaf\x35\xa1\x93\x61\x7a\xba\xcc\x41\x73\x49\xae\x20\x41"
  2895. "\x31\x12\xe6\xfa\x4e\x89\xa9\x7e\xa2\x0a\x9e\xee\xe6\x4b\x55"
  2896. "\xd3\x9a\x21\x92\x99\x2a\x27\x4f\xc1\xa8\x36\xba\x3c\x23\xa3"
  2897. "\xfe\xeb\xbd\x45\x4d\x44\x23\x64\x3c\xe8\x0e\x2a\x9a\xc9\x4f"
  2898. "\xa5\x4c\xa4\x9f";
  2899. b.inLen = XSTRLEN(b.input);
  2900. b.outLen = WC_SHA512_DIGEST_SIZE;
  2901. c.input = "abcdefghbcdefghicdefghijdefghijkefghijklfghijklmghijklmnhi"
  2902. "jklmnoijklmnopjklmnopqklmnopqrlmnopqrsmnopqrstnopqrstu";
  2903. c.output = "\x8e\x95\x9b\x75\xda\xe3\x13\xda\x8c\xf4\xf7\x28\x14\xfc\x14"
  2904. "\x3f\x8f\x77\x79\xc6\xeb\x9f\x7f\xa1\x72\x99\xae\xad\xb6\x88"
  2905. "\x90\x18\x50\x1d\x28\x9e\x49\x00\xf7\xe4\x33\x1b\x99\xde\xc4"
  2906. "\xb5\x43\x3a\xc7\xd3\x29\xee\xb6\xdd\x26\x54\x5e\x96\xe5\x5b"
  2907. "\x87\x4b\xe9\x09";
  2908. c.inLen = XSTRLEN(c.input);
  2909. c.outLen = WC_SHA512_DIGEST_SIZE;
  2910. test_sha[0] = a;
  2911. test_sha[1] = b;
  2912. test_sha[2] = c;
  2913. ret = wc_InitSha512_ex(&sha, HEAP_HINT, devId);
  2914. if (ret != 0)
  2915. return WC_TEST_RET_ENC_EC(ret);
  2916. ret = wc_InitSha512_ex(&shaCopy, HEAP_HINT, devId);
  2917. if (ret != 0) {
  2918. wc_Sha512Free(&sha);
  2919. return WC_TEST_RET_ENC_EC(ret);
  2920. }
  2921. for (i = 0; i < times; ++i) {
  2922. ret = wc_Sha512Update(&sha, (byte*)test_sha[i].input,
  2923. (word32)test_sha[i].inLen);
  2924. if (ret != 0)
  2925. ERROR_OUT(WC_TEST_RET_ENC_I(i), exit);
  2926. ret = wc_Sha512GetHash(&sha, hashcopy);
  2927. if (ret != 0)
  2928. ERROR_OUT(WC_TEST_RET_ENC_I(i), exit);
  2929. ret = wc_Sha512Copy(&sha, &shaCopy);
  2930. if (ret != 0)
  2931. ERROR_OUT(WC_TEST_RET_ENC_I(i), exit);
  2932. ret = wc_Sha512Final(&sha, hash);
  2933. if (ret != 0)
  2934. ERROR_OUT(WC_TEST_RET_ENC_I(i), exit);
  2935. wc_Sha512Free(&shaCopy);
  2936. if (XMEMCMP(hash, test_sha[i].output, WC_SHA512_DIGEST_SIZE) != 0)
  2937. ERROR_OUT(WC_TEST_RET_ENC_I(i), exit);
  2938. if (XMEMCMP(hash, hashcopy, WC_SHA512_DIGEST_SIZE) != 0)
  2939. ERROR_OUT(WC_TEST_RET_ENC_I(i), exit);
  2940. }
  2941. #ifndef NO_LARGE_HASH_TEST
  2942. /* BEGIN LARGE HASH TEST */ {
  2943. byte large_input[1024];
  2944. #ifdef HASH_SIZE_LIMIT
  2945. const char* large_digest =
  2946. "\x30\x9B\x96\xA6\xE9\x43\x78\x30\xA3\x71\x51\x61\xC1\xEB\xE1\xBE"
  2947. "\xC8\xA5\xF9\x13\x5A\xD6\x6D\x9E\x46\x31\x31\x67\x8D\xE2\xC0\x0B"
  2948. "\x2A\x1A\x03\xE1\xF3\x48\xA7\x33\xBD\x49\xF8\xFF\xF1\xC2\xC2\x95"
  2949. "\xCB\xF0\xAF\x87\x61\x85\x58\x63\x6A\xCA\x70\x9C\x8B\x83\x3F\x5D";
  2950. #else
  2951. const char* large_digest =
  2952. "\x5a\x1f\x73\x90\xbd\x8c\xe4\x63\x54\xce\xa0\x9b\xef\x32\x78\x2d"
  2953. "\x2e\xe7\x0d\x5e\x2f\x9d\x15\x1b\xdd\x2d\xde\x65\x0c\x7b\xfa\x83"
  2954. "\x5e\x80\x02\x13\x84\xb8\x3f\xff\x71\x62\xb5\x09\x89\x63\xe1\xdc"
  2955. "\xa5\xdc\xfc\xfa\x9d\x1a\x4d\xc0\xfa\x3a\x14\xf6\x01\x51\x90\xa4";
  2956. #endif
  2957. for (i = 0; i < (int)sizeof(large_input); i++) {
  2958. large_input[i] = (byte)(i & 0xFF);
  2959. }
  2960. #ifdef HASH_SIZE_LIMIT
  2961. times = 20;
  2962. #else
  2963. times = 100;
  2964. #endif
  2965. for (i = 0; i < times; ++i) {
  2966. ret = wc_Sha512Update(&sha, (byte*)large_input,
  2967. (word32)sizeof(large_input));
  2968. if (ret != 0)
  2969. ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit);
  2970. }
  2971. ret = wc_Sha512Final(&sha, hash);
  2972. if (ret != 0)
  2973. ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit);
  2974. if (XMEMCMP(hash, large_digest, WC_SHA512_DIGEST_SIZE) != 0)
  2975. ERROR_OUT(WC_TEST_RET_ENC_NC, exit);
  2976. #ifndef NO_UNALIGNED_MEMORY_TEST
  2977. /* Unaligned memory access test */
  2978. for (i = 1; i < 16; i++) {
  2979. ret = wc_Sha512Update(&sha, (byte*)large_input + i,
  2980. (word32)sizeof(large_input) - i);
  2981. if (ret != 0)
  2982. ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit);
  2983. ret = wc_Sha512Final(&sha, hash);
  2984. }
  2985. #endif
  2986. } /* END LARGE HASH TEST */
  2987. #endif /* NO_LARGE_HASH_TEST */
  2988. exit:
  2989. wc_Sha512Free(&sha);
  2990. wc_Sha512Free(&shaCopy);
  2991. return ret;
  2992. }
  2993. #if !defined(WOLFSSL_NOSHA512_224) && \
  2994. (!defined(HAVE_FIPS) || FIPS_VERSION_GE(5, 3)) && !defined(HAVE_SELFTEST)
  2995. WOLFSSL_TEST_SUBROUTINE wc_test_ret_t sha512_224_test(void)
  2996. {
  2997. /*
  2998. ** See https://csrc.nist.gov/Projects/cryptographic-standards-and-guidelines/example-values
  2999. **
  3000. ** NIST SHA512/224 Document Example:
  3001. ** https://csrc.nist.gov/CSRC/media/Projects/Cryptographic-Standards-and-Guidelines/documents/examples/SHA512_224.pdf
  3002. */
  3003. wc_Sha512 sha, shaCopy;
  3004. byte hash[WC_SHA512_224_DIGEST_SIZE];
  3005. byte hashcopy[WC_SHA512_224_DIGEST_SIZE];
  3006. wc_test_ret_t ret = 0;
  3007. testVector a, b, c;
  3008. testVector test_sha[3];
  3009. int times = sizeof(test_sha) / sizeof(struct testVector), i;
  3010. a.input = "";
  3011. a.output = "\x6e\xd0\xdd\x02"
  3012. "\x80\x6f\xa8\x9e" "\x25\xde\x06\x0c"
  3013. "\x19\xd3\xac\x86" "\xca\xbb\x87\xd6"
  3014. "\xa0\xdd\xd0\x5c" "\x33\x3b\x84\xf4";
  3015. a.inLen = XSTRLEN(a.input);
  3016. a.outLen = WC_SHA512_224_DIGEST_SIZE;
  3017. /*
  3018. ** See page 1 in above document for the SHA512/224 "abc" test:
  3019. */
  3020. b.input = "abc";
  3021. /*
  3022. ** See page 1 in above document for the SHA512/224 "abc" test digest:
  3023. */
  3024. b.output = "\x46\x34\x27\x0f"
  3025. "\x70\x7b\x6a\x54" "\xda\xae\x75\x30"
  3026. "\x46\x08\x42\xe2" "\x0e\x37\xed\x26"
  3027. "\x5c\xee\xe9\xa4" "\x3e\x89\x24\xaa";
  3028. b.inLen = XSTRLEN(b.input);
  3029. b.outLen = WC_SHA512_224_DIGEST_SIZE;
  3030. /*
  3031. ** See page 4 in above for the 2-block test:
  3032. */
  3033. c.input = "abcdefghbcdefghicdefghijdefghijkefghijklfghijklmghijklmnhi"
  3034. "jklmnoijklmnopjklmnopqklmnopqrlmnopqrsmnopqrstnopqrstu";
  3035. /*
  3036. ** see page 9 in above document for the 2-block test message digest:
  3037. */
  3038. c.output = "\x23\xfe\xc5\xbb"
  3039. "\x94\xd6\x0b\x23" "\x30\x81\x92\x64"
  3040. "\x0b\x0c\x45\x33" "\x35\xd6\x64\x73"
  3041. "\x4f\xe4\x0e\x72" "\x68\x67\x4a\xf9";
  3042. c.inLen = XSTRLEN(c.input);
  3043. c.outLen = WC_SHA512_224_DIGEST_SIZE;
  3044. test_sha[0] = a;
  3045. test_sha[1] = b;
  3046. test_sha[2] = c;
  3047. ret = wc_InitSha512_224_ex(&sha, HEAP_HINT, devId);
  3048. if (ret != 0)
  3049. return WC_TEST_RET_ENC_EC(ret);
  3050. ret = wc_InitSha512_224_ex(&shaCopy, HEAP_HINT, devId);
  3051. if (ret != 0) {
  3052. wc_Sha512_224Free(&sha);
  3053. return WC_TEST_RET_ENC_EC(ret);
  3054. }
  3055. for (i = 0; i < times; ++i) {
  3056. ret = wc_Sha512_224Update(&sha, (byte*)test_sha[i].input,
  3057. (word32)test_sha[i].inLen);
  3058. if (ret != 0)
  3059. ERROR_OUT(WC_TEST_RET_ENC_I(i), exit);
  3060. ret = wc_Sha512_224GetHash(&sha, hashcopy);
  3061. if (ret != 0)
  3062. ERROR_OUT(WC_TEST_RET_ENC_I(i), exit);
  3063. ret = wc_Sha512_224Copy(&sha, &shaCopy);
  3064. if (ret != 0)
  3065. ERROR_OUT(WC_TEST_RET_ENC_I(i), exit);
  3066. ret = wc_Sha512_224Final(&sha, hash);
  3067. if (ret != 0)
  3068. ERROR_OUT(WC_TEST_RET_ENC_I(i), exit);
  3069. wc_Sha512_224Free(&shaCopy);
  3070. if (XMEMCMP(hash, test_sha[i].output, WC_SHA512_224_DIGEST_SIZE) != 0)
  3071. ERROR_OUT(WC_TEST_RET_ENC_I(i), exit);
  3072. if (XMEMCMP(hash, hashcopy, WC_SHA512_224_DIGEST_SIZE) != 0)
  3073. ERROR_OUT(WC_TEST_RET_ENC_I(i), exit);
  3074. }
  3075. #ifndef NO_LARGE_HASH_TEST
  3076. /* BEGIN LARGE HASH TEST */ {
  3077. byte large_input[1024];
  3078. #ifdef HASH_SIZE_LIMIT
  3079. const char* large_digest =
  3080. "\x98\x68\xc3\xd9\xb9\xef\x17\x53"
  3081. "\x43\x66\x0e\x60\xdf\x29\xf8\xef"
  3082. "\x96\xe3\x93\x34\x8c\x6f\xc0\xeb"
  3083. "\x14\x6c\xcf\x6a";
  3084. #else
  3085. const char* large_digest =
  3086. "\x26\x5f\x98\xd1\x76\x49\x71\x4e"
  3087. "\x82\xb7\x9d\x52\x32\x67\x9d\x56"
  3088. "\x91\xf5\x88\xc3\x05\xbb\x3f\x90"
  3089. "\xe2\x4e\x85\x05";
  3090. #endif
  3091. for (i = 0; i < (int)sizeof(large_input); i++) {
  3092. large_input[i] = (byte)(i & 0xFF);
  3093. }
  3094. #ifdef HASH_SIZE_LIMIT
  3095. times = 20;
  3096. #else
  3097. times = 100;
  3098. #endif
  3099. for (i = 0; i < times; ++i) {
  3100. ret = wc_Sha512_224Update(&sha, (byte*)large_input,
  3101. (word32)sizeof(large_input));
  3102. if (ret != 0)
  3103. ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit);
  3104. }
  3105. ret = wc_Sha512_224Final(&sha, hash);
  3106. if (ret != 0)
  3107. ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit);
  3108. if (XMEMCMP(hash, large_digest, WC_SHA512_224_DIGEST_SIZE) != 0)
  3109. ERROR_OUT(WC_TEST_RET_ENC_NC, exit);
  3110. #ifndef NO_UNALIGNED_MEMORY_TEST
  3111. /* Unaligned memory access test */
  3112. for (i = 1; i < 16; i++) {
  3113. ret = wc_Sha512_224Update(&sha, (byte*)large_input + i,
  3114. (word32)sizeof(large_input) - i);
  3115. if (ret != 0)
  3116. ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit);
  3117. ret = wc_Sha512_224Final(&sha, hash);
  3118. }
  3119. #endif
  3120. } /* END LARGE HASH TEST */
  3121. #endif /* NO_LARGE_HASH_TEST */
  3122. exit:
  3123. wc_Sha512_224Free(&sha);
  3124. wc_Sha512_224Free(&shaCopy);
  3125. return ret;
  3126. } /* sha512_224_test */
  3127. #endif /* !defined(WOLFSSL_NOSHA512_224) && !FIPS ... */
  3128. #if !defined(WOLFSSL_NOSHA512_256) && \
  3129. (!defined(HAVE_FIPS) || FIPS_VERSION_GE(5, 3)) && !defined(HAVE_SELFTEST)
  3130. WOLFSSL_TEST_SUBROUTINE wc_test_ret_t sha512_256_test(void)
  3131. {
  3132. /*
  3133. ** See https://csrc.nist.gov/Projects/cryptographic-standards-and-guidelines/example-values
  3134. ** NIST SHA512/256 Document Example:
  3135. ** https://csrc.nist.gov/CSRC/media/Projects/Cryptographic-Standards-and-Guidelines/documents/examples/SHA512_256.pdf
  3136. */
  3137. wc_Sha512 sha, shaCopy;
  3138. byte hash[WC_SHA512_256_DIGEST_SIZE];
  3139. byte hashcopy[WC_SHA512_256_DIGEST_SIZE];
  3140. wc_test_ret_t ret = 0;
  3141. testVector a, b, c;
  3142. testVector test_sha[3];
  3143. int times = sizeof(test_sha) / sizeof(struct testVector), i;
  3144. a.input = "";
  3145. a.output = "\xc6\x72\xb8\xd1" "\xef\x56\xed\x28"
  3146. "\xab\x87\xc3\x62" "\x2c\x51\x14\x06"
  3147. "\x9b\xdd\x3a\xd7" "\xb8\xf9\x73\x74"
  3148. "\x98\xd0\xc0\x1e" "\xce\xf0\x96\x7a";
  3149. a.inLen = XSTRLEN(a.input);
  3150. a.outLen = WC_SHA512_256_DIGEST_SIZE;
  3151. /*
  3152. ** See page 1 of above document for "abc" example:
  3153. */
  3154. b.input = "abc";
  3155. /*
  3156. ** See page 4 of above document for "abc" example digest:
  3157. */
  3158. b.output = "\x53\x04\x8e\x26" "\x81\x94\x1e\xf9"
  3159. "\x9b\x2e\x29\xb7" "\x6b\x4c\x7d\xab"
  3160. "\xe4\xc2\xd0\xc6" "\x34\xfc\x6d\x46"
  3161. "\xe0\xe2\xf1\x31" "\x07\xe7\xaf\x23";
  3162. b.inLen = XSTRLEN(b.input);
  3163. b.outLen = WC_SHA512_256_DIGEST_SIZE;
  3164. /*
  3165. ** See page 4 of above document for Two Block Message Sample:
  3166. */
  3167. c.input = "abcdefghbcdefghicdefghijdefghijkefghijklfghijklmghijklmnhi"
  3168. "jklmnoijklmnopjklmnopqklmnopqrlmnopqrsmnopqrstnopqrstu";
  3169. /*
  3170. ** See page 10 of above document for Two Block Message Sample digest:
  3171. */
  3172. c.output = "\x39\x28\xe1\x84" "\xfb\x86\x90\xf8"
  3173. "\x40\xda\x39\x88" "\x12\x1d\x31\xbe"
  3174. "\x65\xcb\x9d\x3e" "\xf8\x3e\xe6\x14"
  3175. "\x6f\xea\xc8\x61" "\xe1\x9b\x56\x3a";
  3176. c.inLen = XSTRLEN(c.input);
  3177. c.outLen = WC_SHA512_256_DIGEST_SIZE;
  3178. test_sha[0] = a;
  3179. test_sha[1] = b;
  3180. test_sha[2] = c;
  3181. ret = wc_InitSha512_256_ex(&sha, HEAP_HINT, devId);
  3182. if (ret != 0)
  3183. return WC_TEST_RET_ENC_EC(ret);
  3184. ret = wc_InitSha512_256_ex(&shaCopy, HEAP_HINT, devId);
  3185. if (ret != 0) {
  3186. wc_Sha512_256Free(&sha);
  3187. return WC_TEST_RET_ENC_EC(ret);
  3188. }
  3189. for (i = 0; i < times; ++i) {
  3190. ret = wc_Sha512_256Update(&sha, (byte*)test_sha[i].input,
  3191. (word32)test_sha[i].inLen);
  3192. if (ret != 0)
  3193. ERROR_OUT(WC_TEST_RET_ENC_I(i), exit);
  3194. ret = wc_Sha512_256GetHash(&sha, hashcopy);
  3195. if (ret != 0)
  3196. ERROR_OUT(WC_TEST_RET_ENC_I(i), exit);
  3197. ret = wc_Sha512_256Copy(&sha, &shaCopy);
  3198. if (ret != 0)
  3199. ERROR_OUT(WC_TEST_RET_ENC_I(i), exit);
  3200. ret = wc_Sha512_256Final(&sha, hash);
  3201. if (ret != 0)
  3202. ERROR_OUT(WC_TEST_RET_ENC_I(i), exit);
  3203. wc_Sha512_256Free(&shaCopy);
  3204. if (XMEMCMP(hash, test_sha[i].output, WC_SHA512_256_DIGEST_SIZE) != 0)
  3205. ERROR_OUT(WC_TEST_RET_ENC_I(i), exit);
  3206. if (XMEMCMP(hash, hashcopy, WC_SHA512_256_DIGEST_SIZE) != 0)
  3207. ERROR_OUT(WC_TEST_RET_ENC_I(i), exit);
  3208. }
  3209. #ifndef NO_LARGE_HASH_TEST
  3210. /* BEGIN LARGE HASH TEST */ {
  3211. byte large_input[1024];
  3212. #ifdef HASH_SIZE_LIMIT
  3213. const char* large_digest =
  3214. "\x49\xcc\xbc\x7a\x93\x0b\x02\xb8"
  3215. "\xad\x9a\x46\x51\x00\x1f\x13\x80"
  3216. "\x35\x84\x36\xf1\xf2\x3c\xeb\xd8"
  3217. "\x41\xd4\x06\x8b\x1d\x19\xad\x72";
  3218. #else
  3219. const char* large_digest =
  3220. "\x7a\xe3\x84\x05\xcb\x06\x22\x08"
  3221. "\x7e\x2c\x65\x89\x1f\x26\x45\xfd"
  3222. "\xad\xbc\x2e\x29\x83\x12\x84\x4b"
  3223. "\xf2\xa0\xde\xbe\x06\x11\xd7\x44";
  3224. #endif
  3225. for (i = 0; i < (int)sizeof(large_input); i++) {
  3226. large_input[i] = (byte)(i & 0xFF);
  3227. }
  3228. #ifdef HASH_SIZE_LIMIT
  3229. times = 20;
  3230. #else
  3231. times = 100;
  3232. #endif
  3233. for (i = 0; i < times; ++i) {
  3234. ret = wc_Sha512_256Update(&sha, (byte*)large_input,
  3235. (word32)sizeof(large_input));
  3236. if (ret != 0)
  3237. ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit);
  3238. }
  3239. ret = wc_Sha512_256Final(&sha, hash);
  3240. if (ret != 0)
  3241. ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit);
  3242. if (XMEMCMP(hash, large_digest, WC_SHA512_256_DIGEST_SIZE) != 0)
  3243. ERROR_OUT(WC_TEST_RET_ENC_NC, exit);
  3244. #ifndef NO_UNALIGNED_MEMORY_TEST
  3245. /* Unaligned memory access test */
  3246. for (i = 1; i < 16; i++) {
  3247. ret = wc_Sha512_256Update(&sha, (byte*)large_input + i,
  3248. (word32)sizeof(large_input) - i);
  3249. if (ret != 0)
  3250. ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit);
  3251. ret = wc_Sha512_256Final(&sha, hash);
  3252. }
  3253. #endif
  3254. } /* END LARGE HASH TEST */
  3255. #endif /* NO_LARGE_HASH_TEST */
  3256. exit:
  3257. wc_Sha512_256Free(&sha);
  3258. wc_Sha512_256Free(&shaCopy);
  3259. return ret;
  3260. } /* sha512_256_test */
  3261. #endif /* !defined(WOLFSSL_NOSHA512_256) && !FIPS ... */
  3262. #endif /* WOLFSSL_SHA512 */
  3263. #ifdef WOLFSSL_SHA384
  3264. WOLFSSL_TEST_SUBROUTINE wc_test_ret_t sha384_test(void)
  3265. {
  3266. wc_Sha384 sha, shaCopy;
  3267. byte hash[WC_SHA384_DIGEST_SIZE];
  3268. byte hashcopy[WC_SHA384_DIGEST_SIZE];
  3269. wc_test_ret_t ret = 0;
  3270. testVector a, b, c;
  3271. testVector test_sha[3];
  3272. int times = sizeof(test_sha) / sizeof(struct testVector), i;
  3273. a.input = "";
  3274. a.output = "\x38\xb0\x60\xa7\x51\xac\x96\x38\x4c\xd9\x32\x7e\xb1\xb1\xe3"
  3275. "\x6a\x21\xfd\xb7\x11\x14\xbe\x07\x43\x4c\x0c\xc7\xbf\x63\xf6"
  3276. "\xe1\xda\x27\x4e\xde\xbf\xe7\x6f\x65\xfb\xd5\x1a\xd2\xf1\x48"
  3277. "\x98\xb9\x5b";
  3278. a.inLen = XSTRLEN(a.input);
  3279. a.outLen = WC_SHA384_DIGEST_SIZE;
  3280. b.input = "abc";
  3281. b.output = "\xcb\x00\x75\x3f\x45\xa3\x5e\x8b\xb5\xa0\x3d\x69\x9a\xc6\x50"
  3282. "\x07\x27\x2c\x32\xab\x0e\xde\xd1\x63\x1a\x8b\x60\x5a\x43\xff"
  3283. "\x5b\xed\x80\x86\x07\x2b\xa1\xe7\xcc\x23\x58\xba\xec\xa1\x34"
  3284. "\xc8\x25\xa7";
  3285. b.inLen = XSTRLEN(b.input);
  3286. b.outLen = WC_SHA384_DIGEST_SIZE;
  3287. c.input = "abcdefghbcdefghicdefghijdefghijkefghijklfghijklmghijklmnhi"
  3288. "jklmnoijklmnopjklmnopqklmnopqrlmnopqrsmnopqrstnopqrstu";
  3289. c.output = "\x09\x33\x0c\x33\xf7\x11\x47\xe8\x3d\x19\x2f\xc7\x82\xcd\x1b"
  3290. "\x47\x53\x11\x1b\x17\x3b\x3b\x05\xd2\x2f\xa0\x80\x86\xe3\xb0"
  3291. "\xf7\x12\xfc\xc7\xc7\x1a\x55\x7e\x2d\xb9\x66\xc3\xe9\xfa\x91"
  3292. "\x74\x60\x39";
  3293. c.inLen = XSTRLEN(c.input);
  3294. c.outLen = WC_SHA384_DIGEST_SIZE;
  3295. test_sha[0] = a;
  3296. test_sha[1] = b;
  3297. test_sha[2] = c;
  3298. ret = wc_InitSha384_ex(&sha, HEAP_HINT, devId);
  3299. if (ret != 0)
  3300. return WC_TEST_RET_ENC_EC(ret);
  3301. ret = wc_InitSha384_ex(&shaCopy, HEAP_HINT, devId);
  3302. if (ret != 0) {
  3303. wc_Sha384Free(&sha);
  3304. return WC_TEST_RET_ENC_EC(ret);
  3305. }
  3306. for (i = 0; i < times; ++i) {
  3307. ret = wc_Sha384Update(&sha, (byte*)test_sha[i].input,
  3308. (word32)test_sha[i].inLen);
  3309. if (ret != 0)
  3310. ERROR_OUT(WC_TEST_RET_ENC_I(i), exit);
  3311. ret = wc_Sha384GetHash(&sha, hashcopy);
  3312. if (ret != 0)
  3313. ERROR_OUT(WC_TEST_RET_ENC_I(i), exit);
  3314. ret = wc_Sha384Copy(&sha, &shaCopy);
  3315. if (ret != 0)
  3316. ERROR_OUT(WC_TEST_RET_ENC_I(i), exit);
  3317. ret = wc_Sha384Final(&sha, hash);
  3318. if (ret != 0)
  3319. ERROR_OUT(WC_TEST_RET_ENC_I(i), exit);
  3320. wc_Sha384Free(&shaCopy);
  3321. if (XMEMCMP(hash, test_sha[i].output, WC_SHA384_DIGEST_SIZE) != 0)
  3322. ERROR_OUT(WC_TEST_RET_ENC_I(i), exit);
  3323. if (XMEMCMP(hash, hashcopy, WC_SHA384_DIGEST_SIZE) != 0)
  3324. ERROR_OUT(WC_TEST_RET_ENC_I(i), exit);
  3325. }
  3326. #ifndef NO_LARGE_HASH_TEST
  3327. /* BEGIN LARGE HASH TEST */ {
  3328. byte large_input[1024];
  3329. #ifdef HASH_SIZE_LIMIT
  3330. const char* large_digest =
  3331. "\xB5\xAD\x66\x6F\xD9\x58\x5E\x68\xDD\x5E\x30\xD3\x95\x72\x33\xA4"
  3332. "\xE9\x4B\x99\x3A\xEF\xF8\xE1\xBF\x1F\x05\x32\xAA\x16\x00\x82\xEC"
  3333. "\x15\xDA\xF2\x75\xEE\xE9\x06\xAF\x52\x8A\x5C\xEF\x72\x81\x80\xD6";
  3334. #else
  3335. const char* large_digest =
  3336. "\x37\x01\xdb\xff\x1e\x40\x4f\xe1\xe2\xea\x0b\x40\xbb\x3b\x39\x9a"
  3337. "\xcc\xe8\x44\x8e\x7e\xe5\x64\xb5\x6b\x7f\x56\x64\xa7\x2b\x84\xe3"
  3338. "\xc5\xd7\x79\x03\x25\x90\xf7\xa4\x58\xcb\x97\xa8\x8b\xb1\xa4\x81";
  3339. #endif
  3340. for (i = 0; i < (int)sizeof(large_input); i++) {
  3341. large_input[i] = (byte)(i & 0xFF);
  3342. }
  3343. #ifdef HASH_SIZE_LIMIT
  3344. times = 20;
  3345. #else
  3346. times = 100;
  3347. #endif
  3348. for (i = 0; i < times; ++i) {
  3349. ret = wc_Sha384Update(&sha, (byte*)large_input,
  3350. (word32)sizeof(large_input));
  3351. if (ret != 0)
  3352. ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit);
  3353. }
  3354. ret = wc_Sha384Final(&sha, hash);
  3355. if (ret != 0)
  3356. ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit);
  3357. if (XMEMCMP(hash, large_digest, WC_SHA384_DIGEST_SIZE) != 0)
  3358. ERROR_OUT(WC_TEST_RET_ENC_NC, exit);
  3359. } /* END LARGE HASH TEST */
  3360. #endif /* NO_LARGE_HASH_TEST */
  3361. exit:
  3362. wc_Sha384Free(&sha);
  3363. wc_Sha384Free(&shaCopy);
  3364. return ret;
  3365. }
  3366. #endif /* WOLFSSL_SHA384 */
  3367. #ifdef WOLFSSL_SHA3
  3368. #ifndef WOLFSSL_NOSHA3_224
  3369. static wc_test_ret_t sha3_224_test(void)
  3370. {
  3371. wc_Sha3 sha;
  3372. byte hash[WC_SHA3_224_DIGEST_SIZE];
  3373. byte hashcopy[WC_SHA3_224_DIGEST_SIZE];
  3374. testVector a, b, c;
  3375. testVector test_sha[3];
  3376. wc_test_ret_t ret = 0;
  3377. int times = sizeof(test_sha) / sizeof(struct testVector), i;
  3378. a.input = "";
  3379. a.output = "\x6b\x4e\x03\x42\x36\x67\xdb\xb7\x3b\x6e\x15\x45\x4f\x0e\xb1"
  3380. "\xab\xd4\x59\x7f\x9a\x1b\x07\x8e\x3f\x5b\x5a\x6b\xc7";
  3381. a.inLen = XSTRLEN(a.input);
  3382. a.outLen = WC_SHA3_224_DIGEST_SIZE;
  3383. b.input = "abc";
  3384. b.output = "\xe6\x42\x82\x4c\x3f\x8c\xf2\x4a\xd0\x92\x34\xee\x7d\x3c\x76"
  3385. "\x6f\xc9\xa3\xa5\x16\x8d\x0c\x94\xad\x73\xb4\x6f\xdf";
  3386. b.inLen = XSTRLEN(b.input);
  3387. b.outLen = WC_SHA3_224_DIGEST_SIZE;
  3388. c.input = "abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq";
  3389. c.output = "\x8a\x24\x10\x8b\x15\x4a\xda\x21\xc9\xfd\x55\x74\x49\x44\x79"
  3390. "\xba\x5c\x7e\x7a\xb7\x6e\xf2\x64\xea\xd0\xfc\xce\x33";
  3391. c.inLen = XSTRLEN(c.input);
  3392. c.outLen = WC_SHA3_224_DIGEST_SIZE;
  3393. test_sha[0] = a;
  3394. test_sha[1] = b;
  3395. test_sha[2] = c;
  3396. ret = wc_InitSha3_224(&sha, HEAP_HINT, devId);
  3397. if (ret != 0)
  3398. return WC_TEST_RET_ENC_EC(ret);
  3399. for (i = 0; i < times; ++i) {
  3400. ret = wc_Sha3_224_Update(&sha, (byte*)test_sha[i].input,
  3401. (word32)test_sha[i].inLen);
  3402. if (ret != 0)
  3403. ERROR_OUT(WC_TEST_RET_ENC_I(i), exit);
  3404. ret = wc_Sha3_224_GetHash(&sha, hashcopy);
  3405. if (ret != 0)
  3406. ERROR_OUT(WC_TEST_RET_ENC_I(i), exit);
  3407. ret = wc_Sha3_224_Final(&sha, hash);
  3408. if (ret != 0)
  3409. ERROR_OUT(WC_TEST_RET_ENC_I(i), exit);
  3410. if (XMEMCMP(hash, test_sha[i].output, WC_SHA3_224_DIGEST_SIZE) != 0)
  3411. ERROR_OUT(WC_TEST_RET_ENC_I(i), exit);
  3412. if (XMEMCMP(hash, hashcopy, WC_SHA3_224_DIGEST_SIZE) != 0)
  3413. ERROR_OUT(WC_TEST_RET_ENC_I(i), exit);
  3414. }
  3415. #ifndef NO_LARGE_HASH_TEST
  3416. /* BEGIN LARGE HASH TEST */ {
  3417. byte large_input[1024];
  3418. const char* large_digest =
  3419. "\x13\xe5\xd3\x98\x7b\x94\xda\x41\x12\xc7\x1e\x92\x3a\x19"
  3420. "\x21\x20\x86\x6f\x24\xbf\x0a\x31\xbc\xfd\xd6\x70\x36\xf3";
  3421. for (i = 0; i < (int)sizeof(large_input); i++) {
  3422. large_input[i] = (byte)(i & 0xFF);
  3423. }
  3424. times = 100;
  3425. for (i = 0; i < times; ++i) {
  3426. ret = wc_Sha3_224_Update(&sha, (byte*)large_input,
  3427. (word32)sizeof(large_input));
  3428. if (ret != 0)
  3429. ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit);
  3430. }
  3431. ret = wc_Sha3_224_Final(&sha, hash);
  3432. if (ret != 0)
  3433. ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit);
  3434. if (XMEMCMP(hash, large_digest, WC_SHA3_224_DIGEST_SIZE) != 0)
  3435. ERROR_OUT(WC_TEST_RET_ENC_NC, exit);
  3436. } /* END LARGE HASH TEST */
  3437. #endif /* NO_LARGE_HASH_TEST */
  3438. exit:
  3439. wc_Sha3_224_Free(&sha);
  3440. return ret;
  3441. }
  3442. #endif /* WOLFSSL_NOSHA3_224 */
  3443. #ifndef WOLFSSL_NOSHA3_256
  3444. static wc_test_ret_t sha3_256_test(void)
  3445. {
  3446. wc_Sha3 sha;
  3447. byte hash[WC_SHA3_256_DIGEST_SIZE];
  3448. byte hashcopy[WC_SHA3_256_DIGEST_SIZE];
  3449. testVector a, b, c;
  3450. testVector test_sha[3];
  3451. wc_test_ret_t ret = 0;
  3452. int times = sizeof(test_sha) / sizeof(struct testVector), i;
  3453. byte large_input[1024];
  3454. const char* large_digest =
  3455. "\xdc\x90\xc0\xb1\x25\xdb\x2c\x34\x81\xa3\xff\xbc\x1e\x2e\x87\xeb"
  3456. "\x6d\x70\x85\x61\xe0\xe9\x63\x61\xff\xe5\x84\x4b\x1f\x68\x05\x15";
  3457. #if defined(WOLFSSL_HASH_FLAGS) && !defined(WOLFSSL_ASYNC_CRYPT)
  3458. /* test vector with hash of empty string */
  3459. const char* Keccak256EmptyOut =
  3460. "\xc5\xd2\x46\x01\x86\xf7\x23\x3c\x92\x7e\x7d\xb2\xdc\xc7\x03\xc0"
  3461. "\xe5\x00\xb6\x53\xca\x82\x27\x3b\x7b\xfa\xd8\x04\x5d\x85\xa4\x70";
  3462. #endif
  3463. /*
  3464. ** https://csrc.nist.gov/CSRC/media/Projects/Cryptographic-Standards-and-Guidelines/documents/examples/SHA3-256_Msg0.pdf
  3465. */
  3466. a.input = "";
  3467. a.output = "\xa7\xff\xc6\xf8\xbf\x1e\xd7\x66\x51\xc1\x47\x56\xa0\x61\xd6"
  3468. "\x62\xf5\x80\xff\x4d\xe4\x3b\x49\xfa\x82\xd8\x0a\x4b\x80\xf8"
  3469. "\x43\x4a";
  3470. a.inLen = XSTRLEN(a.input);
  3471. a.outLen = WC_SHA3_256_DIGEST_SIZE;
  3472. b.input = "abc";
  3473. b.output = "\x3a\x98\x5d\xa7\x4f\xe2\x25\xb2\x04\x5c\x17\x2d\x6b\xd3\x90"
  3474. "\xbd\x85\x5f\x08\x6e\x3e\x9d\x52\x5b\x46\xbf\xe2\x45\x11\x43"
  3475. "\x15\x32";
  3476. b.inLen = XSTRLEN(b.input);
  3477. b.outLen = WC_SHA3_256_DIGEST_SIZE;
  3478. c.input = "abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq";
  3479. c.output = "\x41\xc0\xdb\xa2\xa9\xd6\x24\x08\x49\x10\x03\x76\xa8\x23\x5e"
  3480. "\x2c\x82\xe1\xb9\x99\x8a\x99\x9e\x21\xdb\x32\xdd\x97\x49\x6d"
  3481. "\x33\x76";
  3482. c.inLen = XSTRLEN(c.input);
  3483. c.outLen = WC_SHA3_256_DIGEST_SIZE;
  3484. test_sha[0] = a;
  3485. test_sha[1] = b;
  3486. test_sha[2] = c;
  3487. ret = wc_InitSha3_256(&sha, HEAP_HINT, devId);
  3488. if (ret != 0)
  3489. return WC_TEST_RET_ENC_EC(ret);
  3490. for (i = 0; i < times; ++i) {
  3491. ret = wc_Sha3_256_Update(&sha, (byte*)test_sha[i].input,
  3492. (word32)test_sha[i].inLen);
  3493. if (ret != 0)
  3494. ERROR_OUT(WC_TEST_RET_ENC_I(i), exit);
  3495. ret = wc_Sha3_256_GetHash(&sha, hashcopy);
  3496. if (ret != 0)
  3497. ERROR_OUT(WC_TEST_RET_ENC_I(i), exit);
  3498. ret = wc_Sha3_256_Final(&sha, hash);
  3499. if (ret != 0)
  3500. ERROR_OUT(WC_TEST_RET_ENC_I(i), exit);
  3501. if (XMEMCMP(hash, test_sha[i].output, WC_SHA3_256_DIGEST_SIZE) != 0)
  3502. ERROR_OUT(WC_TEST_RET_ENC_I(i), exit);
  3503. if (XMEMCMP(hash, hashcopy, WC_SHA3_256_DIGEST_SIZE) != 0)
  3504. ERROR_OUT(WC_TEST_RET_ENC_I(i), exit);
  3505. }
  3506. #ifndef NO_LARGE_HASH_TEST
  3507. /* BEGIN LARGE HASH TEST */ {
  3508. for (i = 0; i < (int)sizeof(large_input); i++) {
  3509. large_input[i] = (byte)(i & 0xFF);
  3510. }
  3511. times = 100;
  3512. for (i = 0; i < times; ++i) {
  3513. ret = wc_Sha3_256_Update(&sha, (byte*)large_input,
  3514. (word32)sizeof(large_input));
  3515. if (ret != 0)
  3516. ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit);
  3517. }
  3518. ret = wc_Sha3_256_Final(&sha, hash);
  3519. if (ret != 0)
  3520. ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit);
  3521. if (XMEMCMP(hash, large_digest, WC_SHA3_256_DIGEST_SIZE) != 0)
  3522. ERROR_OUT(WC_TEST_RET_ENC_NC, exit);
  3523. } /* END LARGE HASH TEST */
  3524. #endif /* NO_LARGE_HASH_TEST */
  3525. /* this is a software only variant of SHA3 not supported by external hardware devices */
  3526. #if defined(WOLFSSL_HASH_FLAGS) && !defined(WOLFSSL_ASYNC_CRYPT)
  3527. /* Test for Keccak256 */
  3528. ret = wc_Sha3_SetFlags(&sha, WC_HASH_SHA3_KECCAK256);
  3529. if (ret != 0) {
  3530. ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit);
  3531. }
  3532. ret = wc_Sha3_256_Update(&sha, (byte*)"", 0);
  3533. if (ret != 0) {
  3534. ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit);
  3535. }
  3536. ret = wc_Sha3_256_Final(&sha, hash);
  3537. if (ret != 0) {
  3538. ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit);
  3539. }
  3540. if (XMEMCMP(hash, Keccak256EmptyOut, WC_SHA3_256_DIGEST_SIZE) != 0) {
  3541. ERROR_OUT(WC_TEST_RET_ENC_NC, exit);
  3542. }
  3543. #endif /* WOLFSSL_HASH_FLAGS && !WOLFSSL_ASYNC_CRYPT */
  3544. exit:
  3545. wc_Sha3_256_Free(&sha);
  3546. return ret;
  3547. }
  3548. #endif /* WOLFSSL_NOSHA3_256 */
  3549. #ifndef WOLFSSL_NOSHA3_384
  3550. static wc_test_ret_t sha3_384_test(void)
  3551. {
  3552. wc_Sha3 sha;
  3553. byte hash[WC_SHA3_384_DIGEST_SIZE];
  3554. byte buf[64];
  3555. #ifndef NO_INTM_HASH_TEST
  3556. byte hashcopy[WC_SHA3_384_DIGEST_SIZE];
  3557. #endif
  3558. testVector a, b, c;
  3559. testVector test_sha[3];
  3560. wc_test_ret_t ret;
  3561. int times = sizeof(test_sha) / sizeof(struct testVector), i;
  3562. /*
  3563. ** https://csrc.nist.gov/CSRC/media/Projects/Cryptographic-Standards-and-Guidelines/documents/examples/SHA3-384_Msg0.pdf
  3564. */
  3565. a.input = "";
  3566. a.output = "\x0c\x63\xa7\x5b\x84\x5e\x4f\x7d\x01\x10\x7d\x85\x2e\x4c\x24"
  3567. "\x85\xc5\x1a\x50\xaa\xaa\x94\xfc\x61\x99\x5e\x71\xbb\xee\x98"
  3568. "\x3a\x2a\xc3\x71\x38\x31\x26\x4a\xdb\x47\xfb\x6b\xd1\xe0\x58"
  3569. "\xd5\xf0\x04";
  3570. a.inLen = XSTRLEN(a.input);
  3571. a.outLen = WC_SHA3_384_DIGEST_SIZE;
  3572. #if defined(WOLFSSL_AFALG_XILINX_SHA3) || defined(WOLFSSL_XILINX_CRYPT) && !defined(WOLFSSL_XILINX_CRYPT_VERSAL)
  3573. /* NIST test vector with a length that is a multiple of 4 */
  3574. b.input = "\x7d\x80\xb1\x60\xc4\xb5\x36\xa3\xbe\xb7\x99\x80\x59\x93\x44"
  3575. "\x04\x7c\x5f\x82\xa1\xdf\xc3\xee\xd4";
  3576. b.output = "\x04\x1c\xc5\x86\x1b\xa3\x34\x56\x3c\x61\xd4\xef\x97\x10\xd4"
  3577. "\x89\x6c\x31\x1c\x92\xed\xbe\x0d\x7c\xd5\x3e\x80\x3b\xf2\xf4"
  3578. "\xeb\x60\x57\x23\x55\x70\x77\x0c\xe8\x7c\x55\x20\xd7\xec\x14"
  3579. "\x19\x87\x22";
  3580. b.inLen = XSTRLEN(b.input);
  3581. b.outLen = WC_SHA3_384_DIGEST_SIZE;
  3582. #else
  3583. b.input = "abc";
  3584. b.output = "\xec\x01\x49\x82\x88\x51\x6f\xc9\x26\x45\x9f\x58\xe2\xc6\xad"
  3585. "\x8d\xf9\xb4\x73\xcb\x0f\xc0\x8c\x25\x96\xda\x7c\xf0\xe4\x9b"
  3586. "\xe4\xb2\x98\xd8\x8c\xea\x92\x7a\xc7\xf5\x39\xf1\xed\xf2\x28"
  3587. "\x37\x6d\x25";
  3588. b.inLen = XSTRLEN(b.input);
  3589. b.outLen = WC_SHA3_384_DIGEST_SIZE;
  3590. #endif
  3591. c.input = "abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq";
  3592. c.output = "\x99\x1c\x66\x57\x55\xeb\x3a\x4b\x6b\xbd\xfb\x75\xc7\x8a\x49"
  3593. "\x2e\x8c\x56\xa2\x2c\x5c\x4d\x7e\x42\x9b\xfd\xbc\x32\xb9\xd4"
  3594. "\xad\x5a\xa0\x4a\x1f\x07\x6e\x62\xfe\xa1\x9e\xef\x51\xac\xd0"
  3595. "\x65\x7c\x22";
  3596. c.inLen = XSTRLEN(c.input);
  3597. c.outLen = WC_SHA3_384_DIGEST_SIZE;
  3598. #if defined(WOLFSSL_XILINX_CRYPT) && !defined(WOLFSSL_XILINX_CRYPT_VERSAL)
  3599. test_sha[0] = b; /* hardware acc. pre-Versal can not handle "" string */
  3600. #else
  3601. test_sha[0] = a;
  3602. #endif
  3603. test_sha[1] = b;
  3604. test_sha[2] = c;
  3605. ret = wc_InitSha3_384(&sha, HEAP_HINT, devId);
  3606. if (ret != 0)
  3607. return WC_TEST_RET_ENC_EC(ret);
  3608. for (i = 0; i < times; ++i) {
  3609. XMEMCPY(buf, test_sha[i].input, test_sha[i].inLen);
  3610. ret = wc_Sha3_384_Update(&sha, buf,
  3611. (word32)test_sha[i].inLen);
  3612. if (ret != 0)
  3613. ERROR_OUT(WC_TEST_RET_ENC_I(i), exit);
  3614. #ifndef NO_INTM_HASH_TEST
  3615. ret = wc_Sha3_384_GetHash(&sha, hashcopy);
  3616. if (ret != 0)
  3617. ERROR_OUT(WC_TEST_RET_ENC_I(i), exit);
  3618. #endif
  3619. ret = wc_Sha3_384_Final(&sha, hash);
  3620. if (ret != 0)
  3621. ERROR_OUT(WC_TEST_RET_ENC_I(i), exit);
  3622. if (XMEMCMP(hash, test_sha[i].output, WC_SHA3_384_DIGEST_SIZE) != 0)
  3623. ERROR_OUT(WC_TEST_RET_ENC_I(i), exit);
  3624. #ifndef NO_INTM_HASH_TEST
  3625. if (XMEMCMP(hash, hashcopy, WC_SHA3_384_DIGEST_SIZE) != 0)
  3626. ERROR_OUT(WC_TEST_RET_ENC_I(i), exit);
  3627. #endif
  3628. }
  3629. #ifndef NO_LARGE_HASH_TEST
  3630. /* BEGIN LARGE HASH TEST */ {
  3631. byte large_input[1024];
  3632. const char* large_digest =
  3633. "\x30\x44\xec\x17\xef\x47\x9f\x55\x36\x11\xd6\x3f\x8a\x31\x5a\x71"
  3634. "\x8a\x71\xa7\x1d\x8e\x84\xe8\x6c\x24\x02\x2f\x7a\x08\x4e\xea\xd7"
  3635. "\x42\x36\x5d\xa8\xc2\xb7\x42\xad\xec\x19\xfb\xca\xc6\x64\xb3\xa4";
  3636. for (i = 0; i < (int)sizeof(large_input); i++) {
  3637. large_input[i] = (byte)(i & 0xFF);
  3638. }
  3639. times = 100;
  3640. for (i = 0; i < times; ++i) {
  3641. ret = wc_Sha3_384_Update(&sha, (byte*)large_input,
  3642. (word32)sizeof(large_input));
  3643. if (ret != 0)
  3644. ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit);
  3645. }
  3646. ret = wc_Sha3_384_Final(&sha, hash);
  3647. if (ret != 0)
  3648. ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit);
  3649. if (XMEMCMP(hash, large_digest, WC_SHA3_384_DIGEST_SIZE) != 0)
  3650. ERROR_OUT(WC_TEST_RET_ENC_NC, exit);
  3651. } /* END LARGE HASH TEST */
  3652. #endif /* NO_LARGE_HASH_TEST */
  3653. exit:
  3654. wc_Sha3_384_Free(&sha);
  3655. return ret;
  3656. }
  3657. #endif /* WOLFSSL_NOSHA3_384 */
  3658. #ifndef WOLFSSL_NOSHA3_512
  3659. static wc_test_ret_t sha3_512_test(void)
  3660. {
  3661. wc_Sha3 sha;
  3662. byte hash[WC_SHA3_512_DIGEST_SIZE];
  3663. byte hashcopy[WC_SHA3_512_DIGEST_SIZE];
  3664. testVector a, b, c;
  3665. testVector test_sha[3];
  3666. wc_test_ret_t ret;
  3667. int times = sizeof(test_sha) / sizeof(struct testVector), i;
  3668. /*
  3669. ** https://csrc.nist.gov/CSRC/media/Projects/Cryptographic-Standards-and-Guidelines/documents/examples/SHA3-512_Msg0.pdf
  3670. */
  3671. a.input = "";
  3672. a.output = "\xa6\x9f\x73\xcc\xa2\x3a\x9a\xc5\xc8\xb5\x67\xdc\x18\x5a\x75"
  3673. "\x6e\x97\xc9\x82\x16\x4f\xe2\x58\x59\xe0\xd1\xdc\xc1\x47\x5c"
  3674. "\x80\xa6\x15\xb2\x12\x3a\xf1\xf5\xf9\x4c\x11\xe3\xe9\x40\x2c"
  3675. "\x3a\xc5\x58\xf5\x00\x19\x9d\x95\xb6\xd3\xe3\x01\x75\x85\x86"
  3676. "\x28\x1d\xcd\x26";
  3677. a.inLen = XSTRLEN(a.input);
  3678. a.outLen = WC_SHA3_512_DIGEST_SIZE;
  3679. b.input = "abc";
  3680. b.output = "\xb7\x51\x85\x0b\x1a\x57\x16\x8a\x56\x93\xcd\x92\x4b\x6b\x09"
  3681. "\x6e\x08\xf6\x21\x82\x74\x44\xf7\x0d\x88\x4f\x5d\x02\x40\xd2"
  3682. "\x71\x2e\x10\xe1\x16\xe9\x19\x2a\xf3\xc9\x1a\x7e\xc5\x76\x47"
  3683. "\xe3\x93\x40\x57\x34\x0b\x4c\xf4\x08\xd5\xa5\x65\x92\xf8\x27"
  3684. "\x4e\xec\x53\xf0";
  3685. b.inLen = XSTRLEN(b.input);
  3686. b.outLen = WC_SHA3_512_DIGEST_SIZE;
  3687. c.input = "abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq";
  3688. c.output = "\x04\xa3\x71\xe8\x4e\xcf\xb5\xb8\xb7\x7c\xb4\x86\x10\xfc\xa8"
  3689. "\x18\x2d\xd4\x57\xce\x6f\x32\x6a\x0f\xd3\xd7\xec\x2f\x1e\x91"
  3690. "\x63\x6d\xee\x69\x1f\xbe\x0c\x98\x53\x02\xba\x1b\x0d\x8d\xc7"
  3691. "\x8c\x08\x63\x46\xb5\x33\xb4\x9c\x03\x0d\x99\xa2\x7d\xaf\x11"
  3692. "\x39\xd6\xe7\x5e";
  3693. c.inLen = XSTRLEN(c.input);
  3694. c.outLen = WC_SHA3_512_DIGEST_SIZE;
  3695. test_sha[0] = a;
  3696. test_sha[1] = b;
  3697. test_sha[2] = c;
  3698. ret = wc_InitSha3_512(&sha, HEAP_HINT, devId);
  3699. if (ret != 0)
  3700. return WC_TEST_RET_ENC_EC(ret);
  3701. for (i = 0; i < times; ++i) {
  3702. ret = wc_Sha3_512_Update(&sha, (byte*)test_sha[i].input,
  3703. (word32)test_sha[i].inLen);
  3704. if (ret != 0)
  3705. ERROR_OUT(WC_TEST_RET_ENC_I(i), exit);
  3706. ret = wc_Sha3_512_GetHash(&sha, hashcopy);
  3707. if (ret != 0)
  3708. ERROR_OUT(WC_TEST_RET_ENC_I(i), exit);
  3709. ret = wc_Sha3_512_Final(&sha, hash);
  3710. if (ret != 0)
  3711. ERROR_OUT(WC_TEST_RET_ENC_I(i), exit);
  3712. if (XMEMCMP(hash, test_sha[i].output, WC_SHA3_512_DIGEST_SIZE) != 0)
  3713. ERROR_OUT(WC_TEST_RET_ENC_I(i), exit);
  3714. if (XMEMCMP(hash, hashcopy, WC_SHA3_512_DIGEST_SIZE) != 0)
  3715. ERROR_OUT(WC_TEST_RET_ENC_I(i), exit);
  3716. }
  3717. #ifndef NO_LARGE_HASH_TEST
  3718. /* BEGIN LARGE HASH TEST */ {
  3719. byte large_input[1024];
  3720. const char* large_digest =
  3721. "\x9c\x13\x26\xb6\x26\xb2\x94\x31\xbc\xf4\x34\xe9\x6f\xf2\xd6\x29"
  3722. "\x9a\xd0\x9b\x32\x63\x2f\x18\xa7\x5f\x23\xc9\x60\xc2\x32\x0c\xbc"
  3723. "\x57\x77\x33\xf1\x83\x81\x8a\xd3\x15\x7c\x93\xdc\x80\x9f\xed\x61"
  3724. "\x41\xa7\x5b\xfd\x32\x0e\x38\x15\xb0\x46\x3b\x7a\x4f\xfd\x44\x88";
  3725. for (i = 0; i < (int)sizeof(large_input); i++) {
  3726. large_input[i] = (byte)(i & 0xFF);
  3727. }
  3728. times = 100;
  3729. for (i = 0; i < times; ++i) {
  3730. ret = wc_Sha3_512_Update(&sha, (byte*)large_input,
  3731. (word32)sizeof(large_input));
  3732. if (ret != 0)
  3733. ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit);
  3734. }
  3735. ret = wc_Sha3_512_Final(&sha, hash);
  3736. if (ret != 0)
  3737. ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit);
  3738. if (XMEMCMP(hash, large_digest, WC_SHA3_512_DIGEST_SIZE) != 0)
  3739. ERROR_OUT(WC_TEST_RET_ENC_NC, exit);
  3740. } /* END LARGE HASH TEST */
  3741. #endif /* NO_LARGE_HASH_TEST */
  3742. exit:
  3743. wc_Sha3_512_Free(&sha);
  3744. return ret;
  3745. }
  3746. #endif /* WOLFSSL_NOSHA3_512 */
  3747. WOLFSSL_TEST_SUBROUTINE wc_test_ret_t sha3_test(void)
  3748. {
  3749. wc_test_ret_t ret;
  3750. (void)ret;
  3751. #ifndef WOLFSSL_NOSHA3_224
  3752. if ((ret = sha3_224_test()) != 0)
  3753. return ret;
  3754. #endif
  3755. #ifndef WOLFSSL_NOSHA3_256
  3756. if ((ret = sha3_256_test()) != 0)
  3757. return ret;
  3758. #endif
  3759. #ifndef WOLFSSL_NOSHA3_384
  3760. if ((ret = sha3_384_test()) != 0)
  3761. return ret;
  3762. #endif
  3763. #ifndef WOLFSSL_NOSHA3_512
  3764. if ((ret = sha3_512_test()) != 0)
  3765. return ret;
  3766. #endif
  3767. return 0;
  3768. }
  3769. #endif /* WOLFSSL_SHA3 */
  3770. #ifdef WOLFSSL_SHAKE128
  3771. static wc_test_ret_t shake128_absorb_test(wc_Shake* sha, byte *large_input_buf,
  3772. size_t large_input_buf_size)
  3773. {
  3774. testVector a, b, c, d, e;
  3775. testVector test_sha[5];
  3776. wc_test_ret_t ret = 0;
  3777. int times = sizeof(test_sha) / sizeof(struct testVector), i;
  3778. static const char large_digest[] =
  3779. "\x2b\xd1\x69\x9f\xb3\x75\x40\x74\xb8\xb2\xd2\x0b\x92\x47\x9b\xfe"
  3780. "\xc9\x91\x48\xbe\xda\xa4\x09\xd7\x61\x35\x18\x05\x07\x71\xa5\x61"
  3781. "\x4d\xc4\x94\xad\xbe\x04\x7d\xad\x95\x2f\xeb\x2c\xc0\x10\x67\x43"
  3782. "\x40\xf1\x4a\x58\x1c\x54\xfa\x24\x1c\x1a\x4e\x8d\x9b\xbc\xea\xa7"
  3783. "\x32\xf2\x4c\xc7\x86\x05\x36\xdc\xb4\x42\xd8\x35\xd1\xb4\xa2\x79"
  3784. "\xa2\xe6\xee\x67\x4f\xbf\x2a\x93\x41\x88\x25\x56\x29\x90\x1a\x06"
  3785. "\xba\xfe\x9f\xa6\x1a\x74\xe8\x7e\x85\x4a\xc8\x58\x60\xb1\x7b\x18"
  3786. "\xdf\x77\x59\x46\x04\xc1\xff\x4b\x9b\xcb\xad\xfe\x91\x28\xf0\x01"
  3787. "\xc1\x33\xd0\x99\x99\x2e\x0c\x86\x84\x67\x4d\x37\xa4\x42\x45\x10"
  3788. "\xdc\x8f\xdb\x6f\xa6\x9b\xee\x8a\x60\xa5\x1f\x95\x3f\x8f\xf5\x31"
  3789. "\x4b\x1d\x48\x1e\x45\xff\x79\x5c\xbe\x72\xfc\x56\xed\x6d\x1a\x99"
  3790. "\x7f\x23\x7c\xd1\xa5\x50\x9e\xb0\x4d\x61\x37\xa5\xcb\x24\x71\x3b"
  3791. "\xa3\x60\x51\x2e\x80\x83\x8b\xe0\x55\x50\xa7\x1e\xcc\x9f\xac\x41"
  3792. "\x77\x2c\x79\x22\x30\x09\x1b\x1a\x83\x5b\x2c\x48\xdc\x09\x7d\x59"
  3793. "\x0d\xf0\x54\x17\xfb\x5e\x38\x68\xde\xdb\xc5\x93\xab\x17\x5f\x4b"
  3794. "\x4d\x6d\xf2\xc7\x4e\x15\x1e\x10\x76\xc4\xcb\x87\xd8\xb7\x9d\xa8"
  3795. "\xbf\xc5\x2e\x5e\xfc\xd3\x6c\x45\xd4\x5d\x72\x0f\x66\xeb\x67\x86"
  3796. "\xfa\x6c\xd6\x80\xa4\x23\xcb\x5d\xed\x3c\xde\xdc\x5b\x3d\xca\x95"
  3797. "\x43\x4b\xdc\xe8\x49\xd3\xe1\x01\xd4\xf1\xe4\x47\xcf\x56\xba\x71"
  3798. "\xb4\x69\xed\xe7\xdb\x0f\x89\xd6\xbb\xcd\x1a\xff\xb4\xbe\x72\x26"
  3799. "\xdc\x76\x79\xb3\x1a\x4b\xe6\x8d\x9b\x8e\xd9\xe9\xe6\xf9\xff\xa5";
  3800. byte hash[sizeof(large_digest) - 1];
  3801. /*
  3802. ** https://csrc.nist.gov/CSRC/media/Projects/Cryptographic-Standards-and-Guidelines/documents/examples/SHAKE128_Msg0.pdf
  3803. */
  3804. a.input = "";
  3805. a.output = "\x7f\x9c\x2b\xa4\xe8\x8f\x82\x7d\x61\x60\x45\x50\x76\x05\x85"
  3806. "\x3e\xd7\x3b\x80\x93\xf6\xef\xbc\x88\xeb\x1a\x6e\xac\xfa\x66"
  3807. "\xef\x26\x3c\xb1\xee\xa9\x88\x00\x4b\x93\x10\x3c\xfb\x0a\xee"
  3808. "\xfd\x2a\x68\x6e\x01\xfa\x4a\x58\xe8\xa3\x63\x9c\xa8\xa1\xe3"
  3809. "\xf9\xae\x57\xe2\x35\xb8\xcc\x87\x3c\x23\xdc\x62\xb8\xd2\x60"
  3810. "\x16\x9a\xfa\x2f\x75\xab\x91\x6a\x58\xd9\x74\x91\x88\x35\xd2"
  3811. "\x5e\x6a\x43\x50\x85\xb2\xba\xdf\xd6\xdf\xaa\xc3\x59\xa5\xef"
  3812. "\xbb\x7b\xcc\x4b\x59\xd5\x38\xdf\x9a\x04\x30\x2e\x10\xc8\xbc"
  3813. "\x1c\xbf\x1a\x0b\x3a\x51\x20\xea\x17\xcd\xa7\xcf\xad\x76\x5f"
  3814. "\x56\x23\x47\x4d\x36\x8c\xcc\xa8\xaf\x00\x07\xcd\x9f\x5e\x4c"
  3815. "\x84\x9f\x16\x7a\x58\x0b\x14\xaa\xbd\xef\xae\xe7\xee\xf4\x7c"
  3816. "\xb0\xfc\xa9";
  3817. a.inLen = XSTRLEN(a.input);
  3818. a.outLen = WC_SHA3_128_BLOCK_SIZE;
  3819. b.input = "abc";
  3820. b.output = "\x58\x81\x09\x2d\xd8\x18\xbf\x5c\xf8\xa3\xdd\xb7\x93\xfb\xcb"
  3821. "\xa7\x40\x97\xd5\xc5\x26\xa6\xd3\x5f\x97\xb8\x33\x51\x94\x0f"
  3822. "\x2c\xc8\x44\xc5\x0a\xf3\x2a\xcd\x3f\x2c\xdd\x06\x65\x68\x70"
  3823. "\x6f\x50\x9b\xc1\xbd\xde\x58\x29\x5d\xae\x3f\x89\x1a\x9a\x0f"
  3824. "\xca\x57\x83\x78\x9a\x41\xf8\x61\x12\x14\xce\x61\x23\x94\xdf"
  3825. "\x28\x6a\x62\xd1\xa2\x25\x2a\xa9\x4d\xb9\xc5\x38\x95\x6c\x71"
  3826. "\x7d\xc2\xbe\xd4\xf2\x32\xa0\x29\x4c\x85\x7c\x73\x0a\xa1\x60"
  3827. "\x67\xac\x10\x62\xf1\x20\x1f\xb0\xd3\x77\xcf\xb9\xcd\xe4\xc6"
  3828. "\x35\x99\xb2\x7f\x34\x62\xbb\xa4\xa0\xed\x29\x6c\x80\x1f\x9f"
  3829. "\xf7\xf5\x73\x02\xbb\x30\x76\xee\x14\x5f\x97\xa3\x2a\xe6\x8e"
  3830. "\x76\xab\x66\xc4\x8d\x51\x67\x5b\xd4\x9a\xcc\x29\x08\x2f\x56"
  3831. "\x47\x58\x4e";
  3832. b.inLen = XSTRLEN(b.input);
  3833. b.outLen = WC_SHA3_128_BLOCK_SIZE;
  3834. c.input = "abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq";
  3835. c.output = "\x1a\x96\x18\x2b\x50\xfb\x8c\x7e\x74\xe0\xa7\x07\x78\x8f\x55"
  3836. "\xe9\x82\x09\xb8\xd9\x1f\xad\xe8\xf3\x2f\x8d\xd5\xcf\xf7\xbf"
  3837. "\x21\xf5\x4e\xe5\xf1\x95\x50\x82\x5a\x6e\x07\x00\x30\x51\x9e"
  3838. "\x94\x42\x63\xac\x1c\x67\x65\x28\x70\x65\x62\x1f\x9f\xcb\x32"
  3839. "\x01\x72\x3e\x32\x23\xb6\x3a\x46\xc2\x93\x8a\xa9\x53\xba\x84"
  3840. "\x01\xd0\xea\x77\xb8\xd2\x64\x90\x77\x55\x66\x40\x7b\x95\x67"
  3841. "\x3c\x0f\x4c\xc1\xce\x9f\xd9\x66\x14\x8d\x7e\xfd\xff\x26\xbb"
  3842. "\xf9\xf4\x8a\x21\xc6\xda\x35\xbf\xaa\x54\x56\x54\xf7\x0a\xe5"
  3843. "\x86\xff\x10\x13\x14\x20\x77\x14\x83\xec\x92\xed\xab\x40\x8c"
  3844. "\x76\x7b\xf4\xc5\xb4\xff\xfa\xa8\x0c\x8c\xa2\x14\xd8\x4c\x4d"
  3845. "\xc7\x00\xd0\xc5\x06\x30\xb2\xff\xc3\x79\x3e\xa4\xd8\x72\x58"
  3846. "\xb4\xc9\x54";
  3847. c.inLen = XSTRLEN(c.input);
  3848. c.outLen = WC_SHA3_128_BLOCK_SIZE;
  3849. /* Taken from NIST CAVP test vectors - full rate output. */
  3850. d.input = "\xdc\x88\x6d\xf3\xf6\x9c\x49\x51\x3d\xe3\x62\x7e\x94\x81\xdb"
  3851. "\x58\x71\xe8\xee\x88\xeb\x9f\x99\x61\x15\x41\x93\x0a\x8b\xc8"
  3852. "\x85\xe0";
  3853. d.output = "\x93\x68\xf0\x15\x10\x92\x44\xeb\x02\x47\xfa\x3a\x0e\x57\xf5"
  3854. "\x2e\xa7\xd9\xeb\xa2\x3d\xae\x7a\x19\x7f\x0a\x29\xe9\x22\x55"
  3855. "\x06\x05\x98\x16\xb7\x84\x48\xb6\x49\x7a\x76\xeb\x96\x2d\xb3"
  3856. "\xf8\x4d\x37\x60\xf1\xfe\xb4\xbd\xc1\xfd\x4a\xc9\x4e\x91\x7a"
  3857. "\xc2\xea\x5e\x4f\x38\x37\x4a\xa5\x6e\x4f\x47\x67\xb8\xd7\x83"
  3858. "\x1b\x2d\x51\x49\x5a\xb8\xea\xb7\xc9\x82\x20\xaf\x13\x41\x5a"
  3859. "\x59\xbb\x7c\x17\x7a\xcd\x62\x8e\xf0\xff\xe3\x6c\xeb\x18\x59"
  3860. "\x5d\x14\x4c\xbf\x25\xef\xc0\x6c\xd9\x56\xa5\x78\x20\x6e\xa8"
  3861. "\xf9\x14\x5e\xf9\xce\x19\x50\x6a\x9d\x04\x4e\xc7\x00\x79\x9f"
  3862. "\xa1\x41\x9b\xaf\x60\x52\xc0\xc1\xb4\x45\xf8\x35\x17\x57\xb0"
  3863. "\xd0\x22\x87\x21\x89\xe2\xc0\x27\x3f\x82\xd9\x69\x69\x66\x3e"
  3864. "\x55\x4d\x09";
  3865. d.inLen = 32;
  3866. d.outLen = WC_SHA3_128_BLOCK_SIZE;
  3867. /* Taken from NIST CAVP test vectors - more than one output block. */
  3868. e.input = "\x8d\x80\x01\xe2\xc0\x96\xf1\xb8\x8e\x7c\x92\x24\xa0\x86\xef"
  3869. "\xd4\x79\x7f\xbf\x74\xa8\x03\x3a\x2d\x42\x2a\x2b\x6b\x8f\x67"
  3870. "\x47\xe4";
  3871. e.output = "\xe1\x7e\xab\x0d\xa4\x04\xf9\xb6\xac\xc0\x84\x97\x2f\xc5\x79"
  3872. "\xe8\x6d\xaa\x76\x10\xa5\xe1\x7c\x23\x2f\x79\x19\x83\x96\xfd"
  3873. "\x01\xc2\x4c\x34\xbb\x54\xf4\xb0\x1e\xf7\x40\xb4\x25\x33\x4a"
  3874. "\x55\xdd\x24\x81\x3d\xc8\xea\x86\xf5\x6e\xf7\x27\x67\x26\x2b"
  3875. "\xf2\x25\x74\x8c\xcc\x3d\x9f\x48\x6f\xfb\x72\x8f\x4e\xad\x29"
  3876. "\x60\xc9\x6c\x3e\x44\x63\x86\xea\xce\x21\x9c\x84\x28\x16\x11"
  3877. "\x63\x58\xb0\xf4\x2d\x7d\xff\xf7\xdd\x24\x11\xfa\x2a\x56\x79"
  3878. "\xfd\x7a\x94\x77\x45\x75\xba\xf9\xfc\xad\x68\xa1\x9e\x30\xd1"
  3879. "\x49\xb0\x59\xb5\x9c\x44\x6c\x4e\xdc\xa5\x9b\xc5\xa4\x79\x9d"
  3880. "\xc4\x65\xaa\x9e\x78\x2c\xed\x9f\x21\xc5\x5d\xe2\x42\xdd\x25"
  3881. "\xd0\xd9\xde\x60\xd0\x9f\xf8\x6a\xba\xf3\xa0\x3a\x76\x71\xb3"
  3882. "\x05\x42\xdf\xbe\x72\xfc\x56\xed\x6d\x1a\x99\x7f\x23\x7c\xd1"
  3883. "\xa5\x50\x9e\xb0\x4d\x61\x37\xa5\xcb\x24\x71\x3b\xa3\x60\x51"
  3884. "\x2e\x80\x83\x8b\xe0\x55\x50\xa7\x1e\xcc\x9f\xac\x41\x77\x2c"
  3885. "\x79\x22\x30\x09\x1b\x1a\x83\x5b\x2c\x48\xdc\x09\x7d\x59\x0d"
  3886. "\xf0\x54\x17\xfb\x5e\x38\x68\xde\xdb\xc5\x93\xab\x17\x5f\x4b"
  3887. "\x4d\x6d\xf2\xc7\x4e\x15\x1e\x10\x76\xc4\xcb\x87\xd8\xb7\x9d"
  3888. "\xa8\xbf\xc5\x2e\x5e\xfc\xd3\x6c\x45\xd4\x5d\x72\x0f\x66\xeb"
  3889. "\x67\x86\xfa\x6c\xd6\x80\xa4\x23\xcb\x5d\xed\x3c\xde\xdc\x5b"
  3890. "\x3d\xca\x95\x43\x4b\xdc\xe8\x49\xd3\xe1\x01\xd4\xf1\xe4\x47"
  3891. "\xcf\x56\xba\x71\xb4\x69\xed\xe7\xdb\x0f\x89\xd6\xbb\xcd\x1a"
  3892. "\xff\xb4\xbe\x72\x26\xdc\x76\x79\xb3\x1a\x4b\xe6\x8d\x9b\x8e"
  3893. "\xd9\xe9\xe6\xf9\xff\xa5";
  3894. e.inLen = 32;
  3895. e.outLen = 2 * WC_SHA3_128_BLOCK_SIZE;
  3896. test_sha[0] = a;
  3897. test_sha[1] = b;
  3898. test_sha[2] = c;
  3899. test_sha[3] = d;
  3900. test_sha[4] = e;
  3901. for (i = 0; i < times; ++i) {
  3902. ret = wc_InitShake128(sha, HEAP_HINT, devId);
  3903. if (ret != 0)
  3904. ERROR_OUT(WC_TEST_RET_ENC_I(i), exit);
  3905. ret = wc_Shake128_Absorb(sha, (byte*)test_sha[i].input,
  3906. (word32)test_sha[i].inLen);
  3907. if (ret != 0)
  3908. ERROR_OUT(WC_TEST_RET_ENC_I(i), exit);
  3909. ret = wc_Shake128_SqueezeBlocks(sha, hash,
  3910. (word32)test_sha[i].outLen / WC_SHA3_128_BLOCK_SIZE);
  3911. if (ret != 0)
  3912. ERROR_OUT(WC_TEST_RET_ENC_I(i), exit);
  3913. if (XMEMCMP(hash, test_sha[i].output, (word32)test_sha[i].outLen) != 0)
  3914. ERROR_OUT(WC_TEST_RET_ENC_I(i), exit);
  3915. }
  3916. #ifndef NO_LARGE_HASH_TEST
  3917. /* BEGIN LARGE HASH TEST */ {
  3918. for (i = 0; i < (int)large_input_buf_size; i++) {
  3919. large_input_buf[i] = (byte)(i & 0xFF);
  3920. }
  3921. ret = wc_InitShake128(sha, HEAP_HINT, devId);
  3922. if (ret != 0)
  3923. ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit);
  3924. /* Absorb is non-incremental. */
  3925. ret = wc_Shake128_Absorb(sha, (byte*)large_input_buf,
  3926. (word32)large_input_buf_size);
  3927. if (ret != 0)
  3928. ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit);
  3929. /* Able to squeeze out blocks incrementally. */
  3930. ret = wc_Shake128_SqueezeBlocks(sha, hash, 1);
  3931. if (ret != 0)
  3932. ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit);
  3933. ret = wc_Shake128_SqueezeBlocks(sha, hash,
  3934. ((word32)sizeof(hash) / WC_SHA3_128_BLOCK_SIZE) - 1);
  3935. if (ret != 0)
  3936. ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit);
  3937. if (XMEMCMP(hash, large_digest, sizeof(hash)) != 0)
  3938. ERROR_OUT(WC_TEST_RET_ENC_NC, exit);
  3939. } /* END LARGE HASH TEST */
  3940. #endif /* NO_LARGE_HASH_TEST */
  3941. exit:
  3942. return ret;
  3943. }
  3944. WOLFSSL_TEST_SUBROUTINE wc_test_ret_t shake128_test(void)
  3945. {
  3946. wc_Shake sha;
  3947. byte hash[250];
  3948. testVector a, b, c, d, e;
  3949. testVector test_sha[5];
  3950. wc_test_ret_t ret = 0;
  3951. int times = sizeof(test_sha) / sizeof(struct testVector), i;
  3952. #define SHAKE128_LARGE_INPUT_BUFSIZ 1024
  3953. #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
  3954. byte *large_input = NULL;
  3955. #else
  3956. byte large_input[SHAKE128_LARGE_INPUT_BUFSIZ];
  3957. #endif
  3958. static const char large_digest[] =
  3959. "\x88\xd7\x0e\x86\x46\x72\x6b\x3d\x7d\x22\xe1\xa9\x2d\x02\xdb\x35"
  3960. "\x92\x4f\x1b\x03\x90\xee\xa3\xce\xd1\x3a\x08\x3a\xd7\x4e\x10\xdf"
  3961. "\x09\x67\x33\x35\x4f\xdd\x38\x50\x5b\xcb\x75\xc7\xba\x65\xe5\xe8"
  3962. "\xb8\x76\xde\xc5\xee\xd7\xf1\x65\x93\x4e\x5e\xc4\xb1\xd7\x6b\xee"
  3963. "\x4b\x57\x48\xf5\x38\x49\x9e\x45\xa0\xf7\x32\xe9\x05\x26\x6a\x10"
  3964. "\x70\xd4\x7c\x19\x01\x1f\x6d\x37\xba\x7b\x74\xc2\xbc\xb6\xbc\x74"
  3965. "\xa3\x66\x6c\x9b\x11\x84\x9d\x4a\x36\xbc\x8a\x0d\x4c\xe3\x39\xfa"
  3966. "\xfa\x1b";
  3967. /*
  3968. ** https://csrc.nist.gov/CSRC/media/Projects/Cryptographic-Standards-and-Guidelines/documents/examples/SHAKE128_Msg0.pdf
  3969. */
  3970. a.input = "";
  3971. a.output = "\x7f\x9c\x2b\xa4\xe8\x8f\x82\x7d\x61\x60\x45\x50\x76\x05\x85"
  3972. "\x3e\xd7\x3b\x80\x93\xf6\xef\xbc\x88\xeb\x1a\x6e\xac\xfa\x66"
  3973. "\xef\x26\x3c\xb1\xee\xa9\x88\x00\x4b\x93\x10\x3c\xfb\x0a\xee"
  3974. "\xfd\x2a\x68\x6e\x01\xfa\x4a\x58\xe8\xa3\x63\x9c\xa8\xa1\xe3"
  3975. "\xf9\xae\x57\xe2\x35\xb8\xcc\x87\x3c\x23\xdc\x62\xb8\xd2\x60"
  3976. "\x16\x9a\xfa\x2f\x75\xab\x91\x6a\x58\xd9\x74\x91\x88\x35\xd2"
  3977. "\x5e\x6a\x43\x50\x85\xb2\xba\xdf\xd6\xdf\xaa\xc3\x59\xa5\xef"
  3978. "\xbb\x7b\xcc\x4b\x59\xd5\x38\xdf\x9a";
  3979. a.inLen = XSTRLEN(a.input);
  3980. a.outLen = 114;
  3981. b.input = "abc";
  3982. b.output = "\x58\x81\x09\x2d\xd8\x18\xbf\x5c\xf8\xa3\xdd\xb7\x93\xfb\xcb"
  3983. "\xa7\x40\x97\xd5\xc5\x26\xa6\xd3\x5f\x97\xb8\x33\x51\x94\x0f"
  3984. "\x2c\xc8\x44\xc5\x0a\xf3\x2a\xcd\x3f\x2c\xdd\x06\x65\x68\x70"
  3985. "\x6f\x50\x9b\xc1\xbd\xde\x58\x29\x5d\xae\x3f\x89\x1a\x9a\x0f"
  3986. "\xca\x57\x83\x78\x9a\x41\xf8\x61\x12\x14\xce\x61\x23\x94\xdf"
  3987. "\x28\x6a\x62\xd1\xa2\x25\x2a\xa9\x4d\xb9\xc5\x38\x95\x6c\x71"
  3988. "\x7d\xc2\xbe\xd4\xf2\x32\xa0\x29\x4c\x85\x7c\x73\x0a\xa1\x60"
  3989. "\x67\xac\x10\x62\xf1\x20\x1f\xb0\xd3";
  3990. b.inLen = XSTRLEN(b.input);
  3991. b.outLen = 114;
  3992. c.input = "abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq";
  3993. c.output = "\x1a\x96\x18\x2b\x50\xfb\x8c\x7e\x74\xe0\xa7\x07\x78\x8f\x55"
  3994. "\xe9\x82\x09\xb8\xd9\x1f\xad\xe8\xf3\x2f\x8d\xd5\xcf\xf7\xbf"
  3995. "\x21\xf5\x4e\xe5\xf1\x95\x50\x82\x5a\x6e\x07\x00\x30\x51\x9e"
  3996. "\x94\x42\x63\xac\x1c\x67\x65\x28\x70\x65\x62\x1f\x9f\xcb\x32"
  3997. "\x01\x72\x3e\x32\x23\xb6\x3a\x46\xc2\x93\x8a\xa9\x53\xba\x84"
  3998. "\x01\xd0\xea\x77\xb8\xd2\x64\x90\x77\x55\x66\x40\x7b\x95\x67"
  3999. "\x3c\x0f\x4c\xc1\xce\x9f\xd9\x66\x14\x8d\x7e\xfd\xff\x26\xbb"
  4000. "\xf9\xf4\x8a\x21\xc6\xda\x35\xbf\xaa";
  4001. c.inLen = XSTRLEN(c.input);
  4002. c.outLen = 114;
  4003. /* Taken from NIST CAVP test vectors - full rate output. */
  4004. d.input = "\xdc\x88\x6d\xf3\xf6\x9c\x49\x51\x3d\xe3\x62\x7e\x94\x81\xdb"
  4005. "\x58\x71\xe8\xee\x88\xeb\x9f\x99\x61\x15\x41\x93\x0a\x8b\xc8"
  4006. "\x85\xe0";
  4007. d.output = "\x93\x68\xf0\x15\x10\x92\x44\xeb\x02\x47\xfa\x3a\x0e\x57\xf5"
  4008. "\x2e\xa7\xd9\xeb\xa2\x3d\xae\x7a\x19\x7f\x0a\x29\xe9\x22\x55"
  4009. "\x06\x05\x98\x16\xb7\x84\x48\xb6\x49\x7a\x76\xeb\x96\x2d\xb3"
  4010. "\xf8\x4d\x37\x60\xf1\xfe\xb4\xbd\xc1\xfd\x4a\xc9\x4e\x91\x7a"
  4011. "\xc2\xea\x5e\x4f\x38\x37\x4a\xa5\x6e\x4f\x47\x67\xb8\xd7\x83"
  4012. "\x1b\x2d\x51\x49\x5a\xb8\xea\xb7\xc9\x82\x20\xaf\x13\x41\x5a"
  4013. "\x59\xbb\x7c\x17\x7a\xcd\x62\x8e\xf0\xff\xe3\x6c\xeb\x18\x59"
  4014. "\x5d\x14\x4c\xbf\x25\xef\xc0\x6c\xd9\x56\xa5\x78\x20\x6e\xa8"
  4015. "\xf9\x14\x5e\xf9\xce\x19\x50\x6a\x9d\x04\x4e\xc7\x00\x79\x9f"
  4016. "\xa1";
  4017. d.inLen = 32;
  4018. d.outLen = 136;
  4019. /* Taken from NIST CAVP test vectors - more than one output block. */
  4020. e.input = "\x8d\x80\x01\xe2\xc0\x96\xf1\xb8\x8e\x7c\x92\x24\xa0\x86\xef"
  4021. "\xd4\x79\x7f\xbf\x74\xa8\x03\x3a\x2d\x42\x2a\x2b\x6b\x8f\x67"
  4022. "\x47\xe4";
  4023. e.output = "\xe1\x7e\xab\x0d\xa4\x04\xf9\xb6\xac\xc0\x84\x97\x2f\xc5\x79"
  4024. "\xe8\x6d\xaa\x76\x10\xa5\xe1\x7c\x23\x2f\x79\x19\x83\x96\xfd"
  4025. "\x01\xc2\x4c\x34\xbb\x54\xf4\xb0\x1e\xf7\x40\xb4\x25\x33\x4a"
  4026. "\x55\xdd\x24\x81\x3d\xc8\xea\x86\xf5\x6e\xf7\x27\x67\x26\x2b"
  4027. "\xf2\x25\x74\x8c\xcc\x3d\x9f\x48\x6f\xfb\x72\x8f\x4e\xad\x29"
  4028. "\x60\xc9\x6c\x3e\x44\x63\x86\xea\xce\x21\x9c\x84\x28\x16\x11"
  4029. "\x63\x58\xb0\xf4\x2d\x7d\xff\xf7\xdd\x24\x11\xfa\x2a\x56\x79"
  4030. "\xfd\x7a\x94\x77\x45\x75\xba\xf9\xfc\xad\x68\xa1\x9e\x30\xd1"
  4031. "\x49\xb0\x59\xb5\x9c\x44\x6c\x4e\xdc\xa5\x9b\xc5\xa4\x79\x9d"
  4032. "\xc4\x65\xaa\x9e\x78\x2c\xed\x9f\x21\xc5\x5d\xe2\x42\xdd\x25"
  4033. "\xd0\xd9\xde\x60\xd0\x9f\xf8\x6a\xba\xf3\xa0\x3a\x76\x71\xb3"
  4034. "\x05\x42\xdf\xbe\x72\xfc\x56\xed\x6d\x1a\x99\x7f\x23\x7c\xd1"
  4035. "\xa5\x50\x9e\xb0\x4d\x61\x37\xa5\xcb\x24\x71\x3b\xa3\x60\x51"
  4036. "\x2e\x80\x83\x8b\xe0\x55\x50\xa7\x1e\xcc\x9f\xac\x41\x77\x2c"
  4037. "\x79\x22\x30\x09\x1b\x1a\x83\x5b\x2c\x48\xdc\x09\x7d\x59\x0d"
  4038. "\xf0\x54\x17\xfb\x5e\x38\x68\xde\xdb\xc5\x93\xab\x17\x5f\x4b"
  4039. "\x4d\x6d\xf2\xc7\x4e\x15\x1e\x10\x76\xc4";
  4040. e.inLen = 32;
  4041. e.outLen = 250;
  4042. test_sha[0] = a;
  4043. test_sha[1] = b;
  4044. test_sha[2] = c;
  4045. test_sha[3] = d;
  4046. test_sha[4] = e;
  4047. ret = wc_InitShake128(&sha, HEAP_HINT, devId);
  4048. if (ret != 0)
  4049. return WC_TEST_RET_ENC_EC(ret);
  4050. for (i = 0; i < times; ++i) {
  4051. ret = wc_Shake128_Update(&sha, (byte*)test_sha[i].input,
  4052. (word32)test_sha[i].inLen);
  4053. if (ret != 0)
  4054. ERROR_OUT(WC_TEST_RET_ENC_I(i), exit);
  4055. ret = wc_Shake128_Final(&sha, hash, (word32)test_sha[i].outLen);
  4056. if (ret != 0)
  4057. ERROR_OUT(WC_TEST_RET_ENC_I(i), exit);
  4058. if (XMEMCMP(hash, test_sha[i].output, test_sha[i].outLen) != 0)
  4059. ERROR_OUT(WC_TEST_RET_ENC_I(i), exit);
  4060. }
  4061. #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
  4062. large_input = (byte *)XMALLOC(SHAKE128_LARGE_INPUT_BUFSIZ, NULL,
  4063. DYNAMIC_TYPE_TMP_BUFFER);
  4064. if (large_input == NULL)
  4065. ERROR_OUT(WC_TEST_RET_ENC_ERRNO, exit);
  4066. #endif
  4067. #ifndef NO_LARGE_HASH_TEST
  4068. /* BEGIN LARGE HASH TEST */ {
  4069. for (i = 0; i < SHAKE128_LARGE_INPUT_BUFSIZ; i++) {
  4070. large_input[i] = (byte)(i & 0xFF);
  4071. }
  4072. times = 100;
  4073. for (i = 0; i < times; ++i) {
  4074. ret = wc_Shake128_Update(&sha, (byte*)large_input,
  4075. SHAKE128_LARGE_INPUT_BUFSIZ);
  4076. if (ret != 0)
  4077. ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit);
  4078. }
  4079. ret = wc_Shake128_Final(&sha, hash, (word32)sizeof(hash));
  4080. if (ret != 0)
  4081. ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit);
  4082. if (XMEMCMP(hash, large_digest, sizeof(large_digest) - 1) != 0)
  4083. ERROR_OUT(WC_TEST_RET_ENC_NC, exit);
  4084. } /* END LARGE HASH TEST */
  4085. #endif /* NO_LARGE_HASH_TEST */
  4086. ret = shake128_absorb_test(&sha, large_input, SHAKE128_LARGE_INPUT_BUFSIZ);
  4087. exit:
  4088. wc_Shake128_Free(&sha);
  4089. #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
  4090. if (large_input != NULL)
  4091. XFREE(large_input, NULL, DYNAMIC_TYPE_TMP_BUFFER);
  4092. #endif
  4093. return ret;
  4094. }
  4095. #endif
  4096. #ifdef WOLFSSL_SHAKE256
  4097. static wc_test_ret_t shake256_absorb_test(wc_Shake* sha, byte *large_input_buf,
  4098. size_t large_input_buf_size)
  4099. {
  4100. testVector a, b, c, d, e;
  4101. testVector test_sha[5];
  4102. wc_test_ret_t ret = 0;
  4103. int times = sizeof(test_sha) / sizeof(struct testVector), i;
  4104. static const char large_digest[] =
  4105. "\x21\x25\x8e\xae\x6e\x4f\xa7\xe1\xb9\x6d\xa7\xc9\x7d\x46\x03\x69"
  4106. "\x29\x0d\x81\x49\xba\x5d\xaf\x37\xfd\xeb\x25\x52\x1d\xd9\xbd\x65"
  4107. "\xfa\x99\xb9\xd1\x70\x6b\xeb\xd4\xc1\x2c\xea\x24\x20\x27\xa7\xcd"
  4108. "\xfa\xe1\x81\xd9\xd5\xc1\x1c\xc7\xe9\x70\xc3\xc7\x21\x6f\x32\x22"
  4109. "\xe3\x27\xdb\x58\x5e\xea\x18\x2d\x63\x4d\x14\x6c\x94\xcf\x2b\x7e"
  4110. "\x6e\x2a\x74\xf3\xe0\xac\xb3\xb2\xcc\xef\x38\xe9\xe7\x35\xb3\xc5"
  4111. "\x77\x9d\xff\xe3\x08\x8e\xf8\x2c\x89\xbb\x45\x22\x16\x99\x91\xc0"
  4112. "\xe7\x71\x57\x75\xc5\xb1\xc6\xaf\x27\xcb\x64\x8c\xc4\xee\x3d\x5f"
  4113. "\x4c\x35\xfb\x1c\xf3\xf8\x0e\xfd\x5e\xfc\x07\xd8\x4d\x55\x32\x49"
  4114. "\x45\x0d\xab\x4a\x49\xc4\x83\xde\xd2\x50\xc9\x33\x8f\x85\xcd\x93"
  4115. "\x7a\xe6\x6b\xb4\x36\xf3\xb4\x02\x6e\x85\x9f\xda\x1c\xa5\x71\x43"
  4116. "\x2f\x3b\xfc\x09\xe7\xc0\x3c\xa4\xd1\x83\xb7\x41\x11\x1c\xa0\x48"
  4117. "\x3d\x0e\xda\xbc\x03\xfe\xb2\x3b\x17\xee\x48\xe8\x44\xba\x24\x08"
  4118. "\xd9\xdc\xfd\x01\x39\xd2\xe8\xc7\x31\x01\x25\xae\xe8\x01\xc6\x1a"
  4119. "\xb7\x90\x0d\x1e\xfc\x47\xc0\x78\x28\x17\x66\xf3\x61\xc5\xe6\x11"
  4120. "\x13\x46\x23\x5e\x1d\xc3\x83\x25\x66\x6c\x68\x1b\x30\xdd\xc4\xe6"
  4121. "\x83\x8b\x0f\x23\x58\x7e\x06\x5f\x4a\x2b\xed\xc9\x6c\x97\x68\x44";
  4122. byte hash[sizeof(large_digest) - 1];
  4123. /*
  4124. ** https://csrc.nist.gov/CSRC/media/Projects/Cryptographic-Standards-and-Guidelines/documents/examples/SHAKE256_Msg0.pdf
  4125. */
  4126. a.input = "";
  4127. a.output = "\x46\xb9\xdd\x2b\x0b\xa8\x8d\x13\x23\x3b\x3f\xeb\x74\x3e\xeb"
  4128. "\x24\x3f\xcd\x52\xea\x62\xb8\x1b\x82\xb5\x0c\x27\x64\x6e\xd5"
  4129. "\x76\x2f\xd7\x5d\xc4\xdd\xd8\xc0\xf2\x00\xcb\x05\x01\x9d\x67"
  4130. "\xb5\x92\xf6\xfc\x82\x1c\x49\x47\x9a\xb4\x86\x40\x29\x2e\xac"
  4131. "\xb3\xb7\xc4\xbe\x14\x1e\x96\x61\x6f\xb1\x39\x57\x69\x2c\xc7"
  4132. "\xed\xd0\xb4\x5a\xe3\xdc\x07\x22\x3c\x8e\x92\x93\x7b\xef\x84"
  4133. "\xbc\x0e\xab\x86\x28\x53\x34\x9e\xc7\x55\x46\xf5\x8f\xb7\xc2"
  4134. "\x77\x5c\x38\x46\x2c\x50\x10\xd8\x46\xc1\x85\xc1\x51\x11\xe5"
  4135. "\x95\x52\x2a\x6b\xcd\x16\xcf\x86\xf3\xd1\x22\x10\x9e\x3b\x1f"
  4136. "\xdd";
  4137. a.inLen = XSTRLEN(a.input);
  4138. a.outLen = WC_SHA3_256_BLOCK_SIZE;
  4139. b.input = "abc";
  4140. b.output = "\x48\x33\x66\x60\x13\x60\xa8\x77\x1c\x68\x63\x08\x0c\xc4\x11"
  4141. "\x4d\x8d\xb4\x45\x30\xf8\xf1\xe1\xee\x4f\x94\xea\x37\xe7\x8b"
  4142. "\x57\x39\xd5\xa1\x5b\xef\x18\x6a\x53\x86\xc7\x57\x44\xc0\x52"
  4143. "\x7e\x1f\xaa\x9f\x87\x26\xe4\x62\xa1\x2a\x4f\xeb\x06\xbd\x88"
  4144. "\x01\xe7\x51\xe4\x13\x85\x14\x12\x04\xf3\x29\x97\x9f\xd3\x04"
  4145. "\x7a\x13\xc5\x65\x77\x24\xad\xa6\x4d\x24\x70\x15\x7b\x3c\xdc"
  4146. "\x28\x86\x20\x94\x4d\x78\xdb\xcd\xdb\xd9\x12\x99\x3f\x09\x13"
  4147. "\xf1\x64\xfb\x2c\xe9\x51\x31\xa2\xd0\x9a\x3e\x6d\x51\xcb\xfc"
  4148. "\x62\x27\x20\xd7\xa7\x5c\x63\x34\xe8\xa2\xd7\xec\x71\xa7\xcc"
  4149. "\x29";
  4150. b.inLen = XSTRLEN(b.input);
  4151. b.outLen = WC_SHA3_256_BLOCK_SIZE;
  4152. c.input = "abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq";
  4153. c.output = "\x4d\x8c\x2d\xd2\x43\x5a\x01\x28\xee\xfb\xb8\xc3\x6f\x6f\x87"
  4154. "\x13\x3a\x79\x11\xe1\x8d\x97\x9e\xe1\xae\x6b\xe5\xd4\xfd\x2e"
  4155. "\x33\x29\x40\xd8\x68\x8a\x4e\x6a\x59\xaa\x80\x60\xf1\xf9\xbc"
  4156. "\x99\x6c\x05\xac\xa3\xc6\x96\xa8\xb6\x62\x79\xdc\x67\x2c\x74"
  4157. "\x0b\xb2\x24\xec\x37\xa9\x2b\x65\xdb\x05\x39\xc0\x20\x34\x55"
  4158. "\xf5\x1d\x97\xcc\xe4\xcf\xc4\x91\x27\xd7\x26\x0a\xfc\x67\x3a"
  4159. "\xf2\x08\xba\xf1\x9b\xe2\x12\x33\xf3\xde\xbe\x78\xd0\x67\x60"
  4160. "\xcf\xa5\x51\xee\x1e\x07\x91\x41\xd4\x9d\xd3\xef\x7e\x18\x2b"
  4161. "\x15\x24\xdf\x82\xea\x1c\xef\xe1\xc6\xc3\x96\x61\x75\xf0\x22"
  4162. "\x8d";
  4163. c.inLen = XSTRLEN(c.input);
  4164. c.outLen = WC_SHA3_256_BLOCK_SIZE;
  4165. /* Taken from NIST CAVP test vectors - full rate output. */
  4166. d.input = "\xdc\x88\x6d\xf3\xf6\x9c\x49\x51\x3d\xe3\x62\x7e\x94\x81\xdb"
  4167. "\x58\x71\xe8\xee\x88\xeb\x9f\x99\x61\x15\x41\x93\x0a\x8b\xc8"
  4168. "\x85\xe0";
  4169. d.output = "\x00\x64\x8a\xfb\xc5\xe6\x51\x64\x9d\xb1\xfd\x82\x93\x6b\x00"
  4170. "\xdb\xbc\x12\x2f\xb4\xc8\x77\x86\x0d\x38\x5c\x49\x50\xd5\x6d"
  4171. "\xe7\xe0\x96\xd6\x13\xd7\xa3\xf2\x7e\xd8\xf2\x63\x34\xb0\xcc"
  4172. "\xc1\x40\x7b\x41\xdc\xcb\x23\xdf\xaa\x52\x98\x18\xd1\x12\x5c"
  4173. "\xd5\x34\x80\x92\x52\x43\x66\xb8\x5f\xab\xb9\x7c\x6c\xd1\xe6"
  4174. "\x06\x6f\x45\x9b\xcc\x56\x6d\xa8\x7e\xc9\xb7\xba\x36\x79\x2d"
  4175. "\x11\x8a\xc3\x9a\x4c\xce\xf6\x19\x2b\xbf\x3a\x54\xaf\x18\xe5"
  4176. "\x7b\x0c\x14\x61\x01\xf6\xae\xaa\x82\x2b\xc4\xb4\xc9\x70\x8b"
  4177. "\x09\xf0\xb3\xba\xb4\x1b\xcc\xe9\x64\xd9\x99\xd1\x10\x7b\xd7"
  4178. "\xc2";
  4179. d.inLen = 32;
  4180. d.outLen = WC_SHA3_256_BLOCK_SIZE;
  4181. /* Taken from NIST CAVP test vectors - more than one output block. */
  4182. e.input = "\x8d\x80\x01\xe2\xc0\x96\xf1\xb8\x8e\x7c\x92\x24\xa0\x86\xef"
  4183. "\xd4\x79\x7f\xbf\x74\xa8\x03\x3a\x2d\x42\x2a\x2b\x6b\x8f\x67"
  4184. "\x47\xe4";
  4185. e.output = "\x2e\x97\x5f\x6a\x8a\x14\xf0\x70\x4d\x51\xb1\x36\x67\xd8\x19"
  4186. "\x5c\x21\x9f\x71\xe6\x34\x56\x96\xc4\x9f\xa4\xb9\xd0\x8e\x92"
  4187. "\x25\xd3\xd3\x93\x93\x42\x51\x52\xc9\x7e\x71\xdd\x24\x60\x1c"
  4188. "\x11\xab\xcf\xa0\xf1\x2f\x53\xc6\x80\xbd\x3a\xe7\x57\xb8\x13"
  4189. "\x4a\x9c\x10\xd4\x29\x61\x58\x69\x21\x7f\xdd\x58\x85\xc4\xdb"
  4190. "\x17\x49\x85\x70\x3a\x6d\x6d\xe9\x4a\x66\x7e\xac\x30\x23\x44"
  4191. "\x3a\x83\x37\xae\x1b\xc6\x01\xb7\x6d\x7d\x38\xec\x3c\x34\x46"
  4192. "\x31\x05\xf0\xd3\x94\x9d\x78\xe5\x62\xa0\x39\xe4\x46\x95\x48"
  4193. "\xb6\x09\x39\x5d\xe5\xa4\xfd\x43\xc4\x6c\xa9\xfd\x6e\xe2\x9a"
  4194. "\xda\x5e\xfc\x07\xd8\x4d\x55\x32\x49\x45\x0d\xab\x4a\x49\xc4"
  4195. "\x83\xde\xd2\x50\xc9\x33\x8f\x85\xcd\x93\x7a\xe6\x6b\xb4\x36"
  4196. "\xf3\xb4\x02\x6e\x85\x9f\xda\x1c\xa5\x71\x43\x2f\x3b\xfc\x09"
  4197. "\xe7\xc0\x3c\xa4\xd1\x83\xb7\x41\x11\x1c\xa0\x48\x3d\x0e\xda"
  4198. "\xbc\x03\xfe\xb2\x3b\x17\xee\x48\xe8\x44\xba\x24\x08\xd9\xdc"
  4199. "\xfd\x01\x39\xd2\xe8\xc7\x31\x01\x25\xae\xe8\x01\xc6\x1a\xb7"
  4200. "\x90\x0d\x1e\xfc\x47\xc0\x78\x28\x17\x66\xf3\x61\xc5\xe6\x11"
  4201. "\x13\x46\x23\x5e\x1d\xc3\x83\x25\x66\x6c\x68\x1b\x30\xdd\xc4"
  4202. "\xe6\x83\x8b\x0f\x23\x58\x7e\x06\x5f\x4a\x2b\xed\xc9\x6c\x97"
  4203. "\x68\x44";
  4204. e.inLen = 32;
  4205. e.outLen = 2 * WC_SHA3_256_BLOCK_SIZE;
  4206. test_sha[0] = a;
  4207. test_sha[1] = b;
  4208. test_sha[2] = c;
  4209. test_sha[3] = d;
  4210. test_sha[4] = e;
  4211. for (i = 0; i < times; ++i) {
  4212. ret = wc_InitShake256(sha, HEAP_HINT, devId);
  4213. if (ret != 0)
  4214. ERROR_OUT(WC_TEST_RET_ENC_I(i), exit);
  4215. ret = wc_Shake256_Absorb(sha, (byte*)test_sha[i].input,
  4216. (word32)test_sha[i].inLen);
  4217. if (ret != 0)
  4218. ERROR_OUT(WC_TEST_RET_ENC_I(i), exit);
  4219. ret = wc_Shake256_SqueezeBlocks(sha, hash,
  4220. (word32)test_sha[i].outLen / WC_SHA3_256_BLOCK_SIZE);
  4221. if (ret != 0)
  4222. ERROR_OUT(WC_TEST_RET_ENC_I(i), exit);
  4223. if (XMEMCMP(hash, test_sha[i].output, (word32)test_sha[i].outLen) != 0)
  4224. ERROR_OUT(WC_TEST_RET_ENC_I(i), exit);
  4225. }
  4226. #ifndef NO_LARGE_HASH_TEST
  4227. /* BEGIN LARGE HASH TEST */ {
  4228. for (i = 0; i < (int)large_input_buf_size; i++) {
  4229. large_input_buf[i] = (byte)(i & 0xFF);
  4230. }
  4231. ret = wc_InitShake256(sha, HEAP_HINT, devId);
  4232. if (ret != 0)
  4233. ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit);
  4234. /* Absorb is non-incremental. */
  4235. ret = wc_Shake256_Absorb(sha, large_input_buf,
  4236. (word32)large_input_buf_size);
  4237. if (ret != 0)
  4238. ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit);
  4239. /* Able to squeeze out blocks incrementally. */
  4240. ret = wc_Shake256_SqueezeBlocks(sha, hash, 1);
  4241. if (ret != 0)
  4242. ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit);
  4243. ret = wc_Shake256_SqueezeBlocks(sha, hash,
  4244. ((word32)sizeof(hash) / WC_SHA3_256_BLOCK_SIZE) - 1);
  4245. if (ret != 0)
  4246. ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit);
  4247. if (XMEMCMP(hash, large_digest, sizeof(hash)) != 0)
  4248. ERROR_OUT(WC_TEST_RET_ENC_NC, exit);
  4249. } /* END LARGE HASH TEST */
  4250. #endif /* NO_LARGE_HASH_TEST */
  4251. exit:
  4252. return ret;
  4253. }
  4254. WOLFSSL_TEST_SUBROUTINE wc_test_ret_t shake256_test(void)
  4255. {
  4256. wc_Shake sha;
  4257. byte hash[250];
  4258. testVector a, b, c, d, e;
  4259. testVector test_sha[5];
  4260. wc_test_ret_t ret = 0;
  4261. int times = sizeof(test_sha) / sizeof(struct testVector), i;
  4262. #define SHAKE256_LARGE_INPUT_BUFSIZ 1024
  4263. #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
  4264. byte *large_input = NULL;
  4265. #else
  4266. byte large_input[SHAKE256_LARGE_INPUT_BUFSIZ];
  4267. #endif
  4268. const char* large_digest =
  4269. "\x90\x32\x4a\xcc\xd1\xdf\xb8\x0b\x79\x1f\xb8\xc8\x5b\x54\xc8\xe7"
  4270. "\x45\xf5\x60\x6b\x38\x26\xb2\x0a\xee\x38\x01\xf3\xd9\xfa\x96\x9f"
  4271. "\x6a\xd7\x15\xdf\xb6\xc2\xf4\x20\x33\x44\x55\xe8\x2a\x09\x2b\x68"
  4272. "\x2e\x18\x65\x5e\x65\x93\x28\xbc\xb1\x9e\xe2\xb1\x92\xea\x98\xac"
  4273. "\x21\xef\x4c\xe1\xb4\xb7\xbe\x81\x5c\x1d\xd3\xb7\x17\xe5\xbb\xc5"
  4274. "\x8c\x68\xb7\xfb\xac\x55\x8a\x9b\x4d\x91\xe4\x9f\x72\xbb\x6e\x38"
  4275. "\xaf\x21\x7d\x21\xaa\x98\x4e\x75\xc4\xb4\x1c\x7c\x50\x45\x54\xf9"
  4276. "\xea\x26";
  4277. /*
  4278. ** https://csrc.nist.gov/CSRC/media/Projects/Cryptographic-Standards-and-Guidelines/documents/examples/SHAKE256_Msg0.pdf
  4279. */
  4280. a.input = "";
  4281. a.output = "\x46\xb9\xdd\x2b\x0b\xa8\x8d\x13\x23\x3b\x3f\xeb\x74\x3e\xeb"
  4282. "\x24\x3f\xcd\x52\xea\x62\xb8\x1b\x82\xb5\x0c\x27\x64\x6e\xd5"
  4283. "\x76\x2f\xd7\x5d\xc4\xdd\xd8\xc0\xf2\x00\xcb\x05\x01\x9d\x67"
  4284. "\xb5\x92\xf6\xfc\x82\x1c\x49\x47\x9a\xb4\x86\x40\x29\x2e\xac"
  4285. "\xb3\xb7\xc4\xbe\x14\x1e\x96\x61\x6f\xb1\x39\x57\x69\x2c\xc7"
  4286. "\xed\xd0\xb4\x5a\xe3\xdc\x07\x22\x3c\x8e\x92\x93\x7b\xef\x84"
  4287. "\xbc\x0e\xab\x86\x28\x53\x34\x9e\xc7\x55\x46\xf5\x8f\xb7\xc2"
  4288. "\x77\x5c\x38\x46\x2c\x50\x10\xd8\x46";
  4289. a.inLen = XSTRLEN(a.input);
  4290. a.outLen = 114;
  4291. b.input = "abc";
  4292. b.output = "\x48\x33\x66\x60\x13\x60\xa8\x77\x1c\x68\x63\x08\x0c\xc4\x11"
  4293. "\x4d\x8d\xb4\x45\x30\xf8\xf1\xe1\xee\x4f\x94\xea\x37\xe7\x8b"
  4294. "\x57\x39\xd5\xa1\x5b\xef\x18\x6a\x53\x86\xc7\x57\x44\xc0\x52"
  4295. "\x7e\x1f\xaa\x9f\x87\x26\xe4\x62\xa1\x2a\x4f\xeb\x06\xbd\x88"
  4296. "\x01\xe7\x51\xe4\x13\x85\x14\x12\x04\xf3\x29\x97\x9f\xd3\x04"
  4297. "\x7a\x13\xc5\x65\x77\x24\xad\xa6\x4d\x24\x70\x15\x7b\x3c\xdc"
  4298. "\x28\x86\x20\x94\x4d\x78\xdb\xcd\xdb\xd9\x12\x99\x3f\x09\x13"
  4299. "\xf1\x64\xfb\x2c\xe9\x51\x31\xa2\xd0";
  4300. b.inLen = XSTRLEN(b.input);
  4301. b.outLen = 114;
  4302. c.input = "abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq";
  4303. c.output = "\x4d\x8c\x2d\xd2\x43\x5a\x01\x28\xee\xfb\xb8\xc3\x6f\x6f\x87"
  4304. "\x13\x3a\x79\x11\xe1\x8d\x97\x9e\xe1\xae\x6b\xe5\xd4\xfd\x2e"
  4305. "\x33\x29\x40\xd8\x68\x8a\x4e\x6a\x59\xaa\x80\x60\xf1\xf9\xbc"
  4306. "\x99\x6c\x05\xac\xa3\xc6\x96\xa8\xb6\x62\x79\xdc\x67\x2c\x74"
  4307. "\x0b\xb2\x24\xec\x37\xa9\x2b\x65\xdb\x05\x39\xc0\x20\x34\x55"
  4308. "\xf5\x1d\x97\xcc\xe4\xcf\xc4\x91\x27\xd7\x26\x0a\xfc\x67\x3a"
  4309. "\xf2\x08\xba\xf1\x9b\xe2\x12\x33\xf3\xde\xbe\x78\xd0\x67\x60"
  4310. "\xcf\xa5\x51\xee\x1e\x07\x91\x41\xd4";
  4311. c.inLen = XSTRLEN(c.input);
  4312. c.outLen = 114;
  4313. /* Taken from NIST CAVP test vectors - full rate output. */
  4314. d.input = "\xdc\x88\x6d\xf3\xf6\x9c\x49\x51\x3d\xe3\x62\x7e\x94\x81\xdb"
  4315. "\x58\x71\xe8\xee\x88\xeb\x9f\x99\x61\x15\x41\x93\x0a\x8b\xc8"
  4316. "\x85\xe0";
  4317. d.output = "\x00\x64\x8a\xfb\xc5\xe6\x51\x64\x9d\xb1\xfd\x82\x93\x6b\x00"
  4318. "\xdb\xbc\x12\x2f\xb4\xc8\x77\x86\x0d\x38\x5c\x49\x50\xd5\x6d"
  4319. "\xe7\xe0\x96\xd6\x13\xd7\xa3\xf2\x7e\xd8\xf2\x63\x34\xb0\xcc"
  4320. "\xc1\x40\x7b\x41\xdc\xcb\x23\xdf\xaa\x52\x98\x18\xd1\x12\x5c"
  4321. "\xd5\x34\x80\x92\x52\x43\x66\xb8\x5f\xab\xb9\x7c\x6c\xd1\xe6"
  4322. "\x06\x6f\x45\x9b\xcc\x56\x6d\xa8\x7e\xc9\xb7\xba\x36\x79\x2d"
  4323. "\x11\x8a\xc3\x9a\x4c\xce\xf6\x19\x2b\xbf\x3a\x54\xaf\x18\xe5"
  4324. "\x7b\x0c\x14\x61\x01\xf6\xae\xaa\x82\x2b\xc4\xb4\xc9\x70\x8b"
  4325. "\x09\xf0\xb3\xba\xb4\x1b\xcc\xe9\x64\xd9\x99\xd1\x10\x7b\xd7"
  4326. "\xc2";
  4327. d.inLen = 32;
  4328. d.outLen = 136;
  4329. /* Taken from NIST CAVP test vectors - more than one output block. */
  4330. e.input = "\x8d\x80\x01\xe2\xc0\x96\xf1\xb8\x8e\x7c\x92\x24\xa0\x86\xef"
  4331. "\xd4\x79\x7f\xbf\x74\xa8\x03\x3a\x2d\x42\x2a\x2b\x6b\x8f\x67"
  4332. "\x47\xe4";
  4333. e.output = "\x2e\x97\x5f\x6a\x8a\x14\xf0\x70\x4d\x51\xb1\x36\x67\xd8\x19"
  4334. "\x5c\x21\x9f\x71\xe6\x34\x56\x96\xc4\x9f\xa4\xb9\xd0\x8e\x92"
  4335. "\x25\xd3\xd3\x93\x93\x42\x51\x52\xc9\x7e\x71\xdd\x24\x60\x1c"
  4336. "\x11\xab\xcf\xa0\xf1\x2f\x53\xc6\x80\xbd\x3a\xe7\x57\xb8\x13"
  4337. "\x4a\x9c\x10\xd4\x29\x61\x58\x69\x21\x7f\xdd\x58\x85\xc4\xdb"
  4338. "\x17\x49\x85\x70\x3a\x6d\x6d\xe9\x4a\x66\x7e\xac\x30\x23\x44"
  4339. "\x3a\x83\x37\xae\x1b\xc6\x01\xb7\x6d\x7d\x38\xec\x3c\x34\x46"
  4340. "\x31\x05\xf0\xd3\x94\x9d\x78\xe5\x62\xa0\x39\xe4\x46\x95\x48"
  4341. "\xb6\x09\x39\x5d\xe5\xa4\xfd\x43\xc4\x6c\xa9\xfd\x6e\xe2\x9a"
  4342. "\xda\x5e\xfc\x07\xd8\x4d\x55\x32\x49\x45\x0d\xab\x4a\x49\xc4"
  4343. "\x83\xde\xd2\x50\xc9\x33\x8f\x85\xcd\x93\x7a\xe6\x6b\xb4\x36"
  4344. "\xf3\xb4\x02\x6e\x85\x9f\xda\x1c\xa5\x71\x43\x2f\x3b\xfc\x09"
  4345. "\xe7\xc0\x3c\xa4\xd1\x83\xb7\x41\x11\x1c\xa0\x48\x3d\x0e\xda"
  4346. "\xbc\x03\xfe\xb2\x3b\x17\xee\x48\xe8\x44\xba\x24\x08\xd9\xdc"
  4347. "\xfd\x01\x39\xd2\xe8\xc7\x31\x01\x25\xae\xe8\x01\xc6\x1a\xb7"
  4348. "\x90\x0d\x1e\xfc\x47\xc0\x78\x28\x17\x66\xf3\x61\xc5\xe6\x11"
  4349. "\x13\x46\x23\x5e\x1d\xc3\x83\x25\x66\x6c";
  4350. e.inLen = 32;
  4351. e.outLen = 250;
  4352. test_sha[0] = a;
  4353. test_sha[1] = b;
  4354. test_sha[2] = c;
  4355. test_sha[3] = d;
  4356. test_sha[4] = e;
  4357. ret = wc_InitShake256(&sha, HEAP_HINT, devId);
  4358. if (ret != 0)
  4359. return WC_TEST_RET_ENC_EC(ret);
  4360. for (i = 0; i < times; ++i) {
  4361. ret = wc_Shake256_Update(&sha, (byte*)test_sha[i].input,
  4362. (word32)test_sha[i].inLen);
  4363. if (ret != 0)
  4364. ERROR_OUT(WC_TEST_RET_ENC_I(i), exit);
  4365. ret = wc_Shake256_Final(&sha, hash, (word32)test_sha[i].outLen);
  4366. if (ret != 0)
  4367. ERROR_OUT(WC_TEST_RET_ENC_I(i), exit);
  4368. if (XMEMCMP(hash, test_sha[i].output, test_sha[i].outLen) != 0)
  4369. ERROR_OUT(WC_TEST_RET_ENC_I(i), exit);
  4370. }
  4371. #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
  4372. large_input = (byte *)XMALLOC(SHAKE256_LARGE_INPUT_BUFSIZ, NULL,
  4373. DYNAMIC_TYPE_TMP_BUFFER);
  4374. if (large_input == NULL)
  4375. ERROR_OUT(WC_TEST_RET_ENC_ERRNO, exit);
  4376. #endif
  4377. #ifndef NO_LARGE_HASH_TEST
  4378. /* BEGIN LARGE HASH TEST */ {
  4379. for (i = 0; i < SHAKE256_LARGE_INPUT_BUFSIZ; i++) {
  4380. large_input[i] = (byte)(i & 0xFF);
  4381. }
  4382. times = 100;
  4383. for (i = 0; i < times; ++i) {
  4384. ret = wc_Shake256_Update(&sha, (byte*)large_input,
  4385. SHAKE256_LARGE_INPUT_BUFSIZ);
  4386. if (ret != 0)
  4387. ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit);
  4388. }
  4389. ret = wc_Shake256_Final(&sha, hash, (word32)sizeof(hash));
  4390. if (ret != 0)
  4391. ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit);
  4392. if (XMEMCMP(hash, large_digest, 114) != 0)
  4393. ERROR_OUT(WC_TEST_RET_ENC_NC, exit);
  4394. } /* END LARGE HASH TEST */
  4395. #endif /* NO_LARGE_HASH_TEST */
  4396. ret = shake256_absorb_test(&sha, large_input, SHAKE256_LARGE_INPUT_BUFSIZ);
  4397. exit:
  4398. wc_Shake256_Free(&sha);
  4399. #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
  4400. if (large_input != NULL)
  4401. XFREE(large_input, NULL, DYNAMIC_TYPE_TMP_BUFFER);
  4402. #endif
  4403. return ret;
  4404. }
  4405. #endif
  4406. #ifdef WOLFSSL_SM3
  4407. WOLFSSL_TEST_SUBROUTINE wc_test_ret_t sm3_test(void)
  4408. {
  4409. wc_Sm3 sm3, sm3Copy;
  4410. byte hash[WC_SM3_DIGEST_SIZE];
  4411. byte hashGet[WC_SM3_DIGEST_SIZE];
  4412. byte hashCopy[WC_SM3_DIGEST_SIZE];
  4413. wc_test_ret_t ret = 0;
  4414. testVector a, b, c;
  4415. testVector test_sm3[3];
  4416. int times = sizeof(test_sm3) / sizeof(struct testVector), i;
  4417. a.input = "";
  4418. a.output = "\x1a\xb2\x1d\x83\x55\xcf\xa1\x7f\x8e\x61\x19\x48\x31\xe8\x1a"
  4419. "\x8f\x22\xbe\xc8\xc7\x28\xfe\xfb\x74\x7e\xd0\x35\xeb\x50\x82"
  4420. "\xaa\x2b";
  4421. a.inLen = XSTRLEN(a.input);
  4422. a.outLen = WC_SM3_DIGEST_SIZE;
  4423. b.input = "abc";
  4424. b.output = "\x66\xc7\xf0\xf4\x62\xee\xed\xd9\xd1\xf2\xd4\x6b\xdc\x10\xe4"
  4425. "\xe2\x41\x67\xc4\x87\x5c\xf2\xf7\xa2\x29\x7d\xa0\x2b\x8f\x4b"
  4426. "\xa8\xe0";
  4427. b.inLen = XSTRLEN(b.input);
  4428. b.outLen = WC_SM3_DIGEST_SIZE;
  4429. c.input = "abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq";
  4430. c.output = "\x63\x9b\x6c\xc5\xe6\x4d\x9e\x37\xa3\x90\xb1\x92\xdf\x4f\xa1"
  4431. "\xea\x07\x20\xab\x74\x7f\xf6\x92\xb9\xf3\x8c\x4e\x66\xad\x7b"
  4432. "\x8c\x05";
  4433. c.inLen = XSTRLEN(c.input);
  4434. c.outLen = WC_SM3_DIGEST_SIZE;
  4435. test_sm3[0] = a;
  4436. test_sm3[1] = b;
  4437. test_sm3[2] = c;
  4438. ret = wc_InitSm3(&sm3, HEAP_HINT, devId);
  4439. if (ret != 0)
  4440. return WC_TEST_RET_ENC_EC(ret);
  4441. ret = wc_InitSm3(&sm3Copy, HEAP_HINT, devId);
  4442. if (ret != 0) {
  4443. wc_Sm3Free(&sm3);
  4444. return WC_TEST_RET_ENC_EC(ret);
  4445. }
  4446. /* Test all the KATs. */
  4447. for (i = 0; i < times; ++i) {
  4448. ret = wc_Sm3Update(&sm3, (byte*)test_sm3[i].input,
  4449. (word32)test_sm3[i].inLen);
  4450. if (ret != 0) {
  4451. ERROR_OUT(WC_TEST_RET_ENC_I(i), exit);
  4452. }
  4453. /* Get the final hash but leave ready for more updates. */
  4454. ret = wc_Sm3GetHash(&sm3, hashGet);
  4455. if (ret != 0)
  4456. ERROR_OUT(WC_TEST_RET_ENC_I(i), exit);
  4457. /* Make a copy of the hash. */
  4458. ret = wc_Sm3Copy(&sm3, &sm3Copy);
  4459. if (ret != 0)
  4460. ERROR_OUT(WC_TEST_RET_ENC_I(i), exit);
  4461. /* Get the final hash with original. */
  4462. ret = wc_Sm3Final(&sm3, hash);
  4463. if (ret != 0)
  4464. ERROR_OUT(WC_TEST_RET_ENC_I(i), exit);
  4465. /* Get the final hash with copy. */
  4466. ret = wc_Sm3Final(&sm3Copy, hashCopy);
  4467. if (ret != 0)
  4468. ERROR_OUT(WC_TEST_RET_ENC_I(i), exit);
  4469. /* Dispose of copy. */
  4470. wc_Sm3Free(&sm3Copy);
  4471. /* Check hashes match expected. */
  4472. if (XMEMCMP(hash, test_sm3[i].output, WC_SM3_DIGEST_SIZE) != 0)
  4473. ERROR_OUT(WC_TEST_RET_ENC_I(i), exit);
  4474. if (XMEMCMP(hash, hashGet, WC_SM3_DIGEST_SIZE) != 0)
  4475. ERROR_OUT(WC_TEST_RET_ENC_I(i), exit);
  4476. if (XMEMCMP(hash, hashCopy, WC_SM3_DIGEST_SIZE) != 0)
  4477. ERROR_OUT(WC_TEST_RET_ENC_I(i), exit);
  4478. }
  4479. #ifndef NO_LARGE_HASH_TEST
  4480. {
  4481. word32 sz;
  4482. byte large_input[1024];
  4483. #ifdef HASH_SIZE_LIMIT
  4484. const char* large_digest =
  4485. "\x6c\x42\x57\x64\x8e\x45\xf3\xb6\xc0\x83\xd3\x41\x83\x66\x51\xb4"
  4486. "\x50\xfe\x06\xb5\xb7\x1e\xd5\x0d\x41\xfc\x1e\xe5\xc6\x57\x95\x0f";
  4487. times = 20;
  4488. #else
  4489. const char* large_digest =
  4490. "\x34\x51\x3c\xde\x7c\x30\xb7\xc5\xaa\x97\x3b\xed\xb3\x16\xb9\x76"
  4491. "\x35\x46\x14\x80\x2a\x57\xca\xd9\x48\xf9\x93\xcc\x1f\xdd\xab\x79";
  4492. times = 100;
  4493. #endif
  4494. /* Set large input to something. */
  4495. for (i = 0; i < (int)sizeof(large_input); i++) {
  4496. large_input[i] = (byte)(i & 0xFF);
  4497. }
  4498. /* Hash a large number of times. */
  4499. for (i = 0; i < times; ++i) {
  4500. ret = wc_Sm3Update(&sm3, (byte*)large_input,
  4501. (word32)sizeof(large_input));
  4502. if (ret != 0)
  4503. ERROR_OUT(WC_TEST_RET_ENC_I(i), exit);
  4504. }
  4505. /* Calculate hash and compare to expected. */
  4506. ret = wc_Sm3Final(&sm3, hash);
  4507. if (ret != 0)
  4508. ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit);
  4509. if (XMEMCMP(hash, large_digest, WC_SM3_DIGEST_SIZE) != 0)
  4510. ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit);
  4511. /* Check updating with various sizes works. */
  4512. for (sz = 1; sz <= 64; sz++) {
  4513. /* Hash a large number of times. */
  4514. for (i = 0; i < times; ++i) {
  4515. word32 o;
  4516. /* Update sz bytes at a time from large input buffer. */
  4517. for (o = 0; o + sz <= (word32)sizeof(large_input); o += sz) {
  4518. ret = wc_Sm3Update(&sm3, (byte*)(large_input + o), sz);
  4519. if (ret != 0)
  4520. ERROR_OUT(WC_TEST_RET_ENC_I(o), exit);
  4521. }
  4522. /* Check for left-overs. */
  4523. if (o < (word32)sizeof(large_input)) {
  4524. ret = wc_Sm3Update(&sm3, (byte*)(large_input + o),
  4525. (word32)sizeof(large_input) - o);
  4526. if (ret != 0)
  4527. ERROR_OUT(WC_TEST_RET_ENC_I(i), exit);
  4528. }
  4529. }
  4530. /* Calculate hash and compare to expected. */
  4531. ret = wc_Sm3Final(&sm3, hash);
  4532. if (ret != 0)
  4533. ERROR_OUT(WC_TEST_RET_ENC_I(sz), exit);
  4534. if (XMEMCMP(hash, large_digest, WC_SM3_DIGEST_SIZE) != 0)
  4535. ERROR_OUT(WC_TEST_RET_ENC_I(sz), exit);
  4536. }
  4537. }
  4538. #endif /* NO_LARGE_HASH_TEST */
  4539. exit:
  4540. wc_Sm3Free(&sm3);
  4541. wc_Sm3Free(&sm3Copy);
  4542. return ret;
  4543. }
  4544. #endif
  4545. #ifndef NO_HASH_WRAPPER
  4546. WOLFSSL_TEST_SUBROUTINE wc_test_ret_t hash_test(void)
  4547. {
  4548. wc_HashAlg hash;
  4549. int ret, exp_ret;
  4550. int i, j;
  4551. int digestSz;
  4552. byte data[] = "0123456789abcdef0123456789abcdef0123456";
  4553. byte out[WC_MAX_DIGEST_SIZE];
  4554. byte hashOut[WC_MAX_DIGEST_SIZE];
  4555. #if !defined(NO_ASN) || !defined(NO_DH) || defined(HAVE_ECC)
  4556. enum wc_HashType hashType;
  4557. #endif
  4558. enum wc_HashType typesGood[] = { WC_HASH_TYPE_MD5, WC_HASH_TYPE_SHA,
  4559. WC_HASH_TYPE_SHA224, WC_HASH_TYPE_SHA256,
  4560. WC_HASH_TYPE_SHA384, WC_HASH_TYPE_SHA512,
  4561. WC_HASH_TYPE_SHA3_224,
  4562. WC_HASH_TYPE_SHA3_256,
  4563. WC_HASH_TYPE_SHA3_384,
  4564. WC_HASH_TYPE_SHA3_512 };
  4565. enum wc_HashType typesNoImpl[] = {
  4566. #ifdef NO_MD5
  4567. WC_HASH_TYPE_MD5,
  4568. #endif
  4569. #ifdef NO_SHA
  4570. WC_HASH_TYPE_SHA,
  4571. #endif
  4572. #ifndef WOLFSSL_SHA224
  4573. WC_HASH_TYPE_SHA224,
  4574. #endif
  4575. #ifdef NO_SHA256
  4576. WC_HASH_TYPE_SHA256,
  4577. #endif
  4578. #ifndef WOLFSSL_SHA384
  4579. WC_HASH_TYPE_SHA384,
  4580. #endif
  4581. #ifndef WOLFSSL_SHA512
  4582. WC_HASH_TYPE_SHA512,
  4583. #endif
  4584. #if !defined(WOLFSSL_SHA3) || defined(WOLFSSL_NOSHA3_224)
  4585. WC_HASH_TYPE_SHA3_224,
  4586. #endif
  4587. #if !defined(WOLFSSL_SHA3) || defined(WOLFSSL_NOSHA3_256)
  4588. WC_HASH_TYPE_SHA3_256,
  4589. #endif
  4590. #if !defined(WOLFSSL_SHA3) || defined(WOLFSSL_NOSHA3_384)
  4591. WC_HASH_TYPE_SHA3_384,
  4592. #endif
  4593. #if !defined(WOLFSSL_SHA3) || defined(WOLFSSL_NOSHA3_512)
  4594. WC_HASH_TYPE_SHA3_512,
  4595. #endif
  4596. WC_HASH_TYPE_NONE
  4597. };
  4598. enum wc_HashType typesBad[] = { WC_HASH_TYPE_NONE, WC_HASH_TYPE_MD5_SHA,
  4599. WC_HASH_TYPE_MD2, WC_HASH_TYPE_MD4 };
  4600. enum wc_HashType typesHashBad[] = { WC_HASH_TYPE_MD2, WC_HASH_TYPE_MD4,
  4601. WC_HASH_TYPE_BLAKE2B,
  4602. WC_HASH_TYPE_NONE };
  4603. /* Parameter Validation testing. */
  4604. ret = wc_HashInit(NULL, WC_HASH_TYPE_SHA256);
  4605. if (ret != BAD_FUNC_ARG)
  4606. return WC_TEST_RET_ENC_EC(ret);
  4607. ret = wc_HashUpdate(NULL, WC_HASH_TYPE_SHA256, NULL, sizeof(data));
  4608. if (ret != BAD_FUNC_ARG)
  4609. return WC_TEST_RET_ENC_EC(ret);
  4610. ret = wc_HashUpdate(&hash, WC_HASH_TYPE_SHA256, NULL, sizeof(data));
  4611. if (ret != BAD_FUNC_ARG)
  4612. return WC_TEST_RET_ENC_EC(ret);
  4613. ret = wc_HashUpdate(NULL, WC_HASH_TYPE_SHA256, data, sizeof(data));
  4614. if (ret != BAD_FUNC_ARG)
  4615. return WC_TEST_RET_ENC_EC(ret);
  4616. ret = wc_HashFinal(NULL, WC_HASH_TYPE_SHA256, NULL);
  4617. if (ret != BAD_FUNC_ARG)
  4618. return WC_TEST_RET_ENC_EC(ret);
  4619. ret = wc_HashFinal(&hash, WC_HASH_TYPE_SHA256, NULL);
  4620. if (ret != BAD_FUNC_ARG)
  4621. return WC_TEST_RET_ENC_EC(ret);
  4622. ret = wc_HashFinal(NULL, WC_HASH_TYPE_SHA256, out);
  4623. if (ret != BAD_FUNC_ARG)
  4624. return WC_TEST_RET_ENC_EC(ret);
  4625. /* Try invalid hash algorithms. */
  4626. for (i = 0; i < (int)(sizeof(typesBad)/sizeof(*typesBad)); i++) {
  4627. ret = wc_HashInit(&hash, typesBad[i]);
  4628. if (ret != BAD_FUNC_ARG)
  4629. return WC_TEST_RET_ENC_I(i);
  4630. ret = wc_HashUpdate(&hash, typesBad[i], data, sizeof(data));
  4631. if (ret != BAD_FUNC_ARG)
  4632. return WC_TEST_RET_ENC_I(i);
  4633. ret = wc_HashFinal(&hash, typesBad[i], out);
  4634. if (ret != BAD_FUNC_ARG)
  4635. return WC_TEST_RET_ENC_I(i);
  4636. wc_HashFree(&hash, typesBad[i]);
  4637. }
  4638. /* Try valid hash algorithms. */
  4639. for (i = 0, j = 0; i < (int)(sizeof(typesGood)/sizeof(*typesGood)); i++) {
  4640. exp_ret = 0;
  4641. if (typesGood[i] == typesNoImpl[j]) {
  4642. /* Recognized but no implementation compiled in. */
  4643. exp_ret = HASH_TYPE_E;
  4644. j++;
  4645. }
  4646. ret = wc_HashInit(&hash, typesGood[i]);
  4647. if (ret != exp_ret)
  4648. return WC_TEST_RET_ENC_I(i);
  4649. ret = wc_HashUpdate(&hash, typesGood[i], data, sizeof(data));
  4650. if (ret != exp_ret)
  4651. return WC_TEST_RET_ENC_I(i);
  4652. ret = wc_HashFinal(&hash, typesGood[i], out);
  4653. if (ret != exp_ret)
  4654. return WC_TEST_RET_ENC_I(i);
  4655. wc_HashFree(&hash, typesGood[i]);
  4656. digestSz = wc_HashGetDigestSize(typesGood[i]);
  4657. if (exp_ret < 0 && digestSz != exp_ret)
  4658. return WC_TEST_RET_ENC_I(i);
  4659. if (exp_ret == 0 && digestSz < 0)
  4660. return WC_TEST_RET_ENC_I(i);
  4661. if (exp_ret == 0) {
  4662. ret = wc_Hash(typesGood[i], data, sizeof(data), hashOut,
  4663. digestSz - 1);
  4664. if (ret != BUFFER_E)
  4665. return WC_TEST_RET_ENC_I(i);
  4666. }
  4667. ret = wc_Hash(typesGood[i], data, sizeof(data), hashOut, digestSz);
  4668. if (ret != exp_ret)
  4669. return WC_TEST_RET_ENC_I(i);
  4670. if (exp_ret == 0 && XMEMCMP(out, hashOut, digestSz) != 0)
  4671. return WC_TEST_RET_ENC_I(i);
  4672. ret = wc_HashGetBlockSize(typesGood[i]);
  4673. if (exp_ret < 0 && ret != exp_ret)
  4674. return WC_TEST_RET_ENC_I(i);
  4675. if (exp_ret == 0 && ret < 0)
  4676. return WC_TEST_RET_ENC_I(i);
  4677. #if !defined(NO_ASN) || !defined(NO_DH) || defined(HAVE_ECC)
  4678. ret = wc_HashGetOID(typesGood[i]);
  4679. if (ret == BAD_FUNC_ARG ||
  4680. (exp_ret == 0 && ret == HASH_TYPE_E) ||
  4681. (exp_ret != 0 && ret != HASH_TYPE_E)) {
  4682. return WC_TEST_RET_ENC_I(i);
  4683. }
  4684. hashType = wc_OidGetHash(ret);
  4685. if (exp_ret == 0 && hashType != typesGood[i])
  4686. return WC_TEST_RET_ENC_I(i);
  4687. #endif /* !defined(NO_ASN) || !defined(NO_DH) || defined(HAVE_ECC) */
  4688. }
  4689. for (i = 0; i < (int)(sizeof(typesHashBad)/sizeof(*typesHashBad)); i++) {
  4690. ret = wc_Hash(typesHashBad[i], data, sizeof(data), out, sizeof(out));
  4691. if ((ret != BAD_FUNC_ARG) && (ret != BUFFER_E) && (ret != HASH_TYPE_E))
  4692. return WC_TEST_RET_ENC_I(i);
  4693. }
  4694. #if !defined(NO_ASN) || !defined(NO_DH) || defined(HAVE_ECC)
  4695. ret = wc_HashGetOID(WC_HASH_TYPE_MD2);
  4696. #ifdef WOLFSSL_MD2
  4697. if (ret == HASH_TYPE_E || ret == BAD_FUNC_ARG)
  4698. return WC_TEST_RET_ENC_EC(ret);
  4699. #else
  4700. if (ret != HASH_TYPE_E)
  4701. return WC_TEST_RET_ENC_EC(ret);
  4702. #endif
  4703. hashType = wc_OidGetHash(646); /* Md2h */
  4704. #ifdef WOLFSSL_MD2
  4705. if (hashType != WC_HASH_TYPE_MD2)
  4706. return WC_TEST_RET_ENC_NC;
  4707. #else
  4708. if (hashType != WC_HASH_TYPE_NONE)
  4709. return WC_TEST_RET_ENC_NC;
  4710. #endif
  4711. ret = wc_HashGetOID(WC_HASH_TYPE_MD5_SHA);
  4712. #ifndef NO_MD5
  4713. if (ret == HASH_TYPE_E || ret == BAD_FUNC_ARG)
  4714. return WC_TEST_RET_ENC_EC(ret);
  4715. #else
  4716. if (ret != HASH_TYPE_E)
  4717. return WC_TEST_RET_ENC_EC(ret);
  4718. #endif
  4719. ret = wc_HashGetOID(WC_HASH_TYPE_MD4);
  4720. if (ret != BAD_FUNC_ARG)
  4721. return WC_TEST_RET_ENC_EC(ret);
  4722. ret = wc_HashGetOID(WC_HASH_TYPE_NONE);
  4723. if (ret != BAD_FUNC_ARG)
  4724. return WC_TEST_RET_ENC_EC(ret);
  4725. hashType = wc_OidGetHash(0);
  4726. if (hashType != WC_HASH_TYPE_NONE)
  4727. return WC_TEST_RET_ENC_NC;
  4728. #endif /* !defined(NO_ASN) || !defined(NO_DH) || defined(HAVE_ECC) */
  4729. ret = wc_HashGetBlockSize(WC_HASH_TYPE_MD2);
  4730. #ifdef WOLFSSL_MD2
  4731. if (ret == HASH_TYPE_E || ret == BAD_FUNC_ARG)
  4732. return WC_TEST_RET_ENC_EC(ret);
  4733. #else
  4734. if (ret != HASH_TYPE_E)
  4735. return WC_TEST_RET_ENC_EC(ret);
  4736. #endif
  4737. ret = wc_HashGetDigestSize(WC_HASH_TYPE_MD2);
  4738. #ifdef WOLFSSL_MD2
  4739. if (ret == HASH_TYPE_E || ret == BAD_FUNC_ARG)
  4740. return WC_TEST_RET_ENC_EC(ret);
  4741. #else
  4742. if (ret != HASH_TYPE_E)
  4743. return WC_TEST_RET_ENC_EC(ret);
  4744. #endif
  4745. ret = wc_HashGetBlockSize(WC_HASH_TYPE_MD4);
  4746. #ifndef NO_MD4
  4747. if (ret == HASH_TYPE_E || ret == BAD_FUNC_ARG)
  4748. return WC_TEST_RET_ENC_EC(ret);
  4749. #else
  4750. if (ret != HASH_TYPE_E)
  4751. return WC_TEST_RET_ENC_EC(ret);
  4752. #endif
  4753. ret = wc_HashGetDigestSize(WC_HASH_TYPE_MD4);
  4754. #ifndef NO_MD4
  4755. if (ret == HASH_TYPE_E || ret == BAD_FUNC_ARG)
  4756. return WC_TEST_RET_ENC_EC(ret);
  4757. #else
  4758. if (ret != HASH_TYPE_E)
  4759. return WC_TEST_RET_ENC_EC(ret);
  4760. #endif
  4761. ret = wc_HashGetBlockSize(WC_HASH_TYPE_MD5_SHA);
  4762. #if !defined(NO_MD5) && !defined(NO_SHA)
  4763. if (ret == HASH_TYPE_E || ret == BAD_FUNC_ARG)
  4764. return WC_TEST_RET_ENC_EC(ret);
  4765. #else
  4766. if (ret != HASH_TYPE_E)
  4767. return WC_TEST_RET_ENC_EC(ret);
  4768. #endif
  4769. ret = wc_HashGetBlockSize(WC_HASH_TYPE_BLAKE2B);
  4770. #if defined(HAVE_BLAKE2) || defined(HAVE_BLAKE2S)
  4771. if (ret == HASH_TYPE_E || ret == BAD_FUNC_ARG)
  4772. return WC_TEST_RET_ENC_EC(ret);
  4773. #else
  4774. if (ret != HASH_TYPE_E)
  4775. return WC_TEST_RET_ENC_EC(ret);
  4776. #endif
  4777. ret = wc_HashGetDigestSize(WC_HASH_TYPE_BLAKE2B);
  4778. #if defined(HAVE_BLAKE2) || defined(HAVE_BLAKE2S)
  4779. if (ret == HASH_TYPE_E || ret == BAD_FUNC_ARG)
  4780. return WC_TEST_RET_ENC_EC(ret);
  4781. #else
  4782. if (ret != HASH_TYPE_E)
  4783. return WC_TEST_RET_ENC_EC(ret);
  4784. #endif
  4785. ret = wc_HashGetBlockSize(WC_HASH_TYPE_NONE);
  4786. if (ret != BAD_FUNC_ARG)
  4787. return WC_TEST_RET_ENC_EC(ret);
  4788. ret = wc_HashGetDigestSize(WC_HASH_TYPE_NONE);
  4789. if (ret != BAD_FUNC_ARG)
  4790. return WC_TEST_RET_ENC_EC(ret);
  4791. #if !defined(NO_CERTS) && !defined(NO_ASN)
  4792. #if defined(WOLFSSL_MD2) && !defined(HAVE_SELFTEST) && !defined(HAVE_FIPS)
  4793. ret = wc_GetCTC_HashOID(MD2);
  4794. if (ret == 0)
  4795. return WC_TEST_RET_ENC_EC(ret);
  4796. #endif
  4797. #ifndef NO_MD5
  4798. ret = wc_GetCTC_HashOID(WC_MD5);
  4799. if (ret == 0)
  4800. return WC_TEST_RET_ENC_EC(ret);
  4801. #endif
  4802. #ifndef NO_SHA
  4803. ret = wc_GetCTC_HashOID(WC_SHA);
  4804. if (ret == 0)
  4805. return WC_TEST_RET_ENC_EC(ret);
  4806. #endif
  4807. #ifdef WOLFSSL_SHA224
  4808. ret = wc_GetCTC_HashOID(WC_SHA224);
  4809. if (ret == 0)
  4810. return WC_TEST_RET_ENC_EC(ret);
  4811. #endif
  4812. #ifndef NO_SHA256
  4813. ret = wc_GetCTC_HashOID(WC_SHA256);
  4814. if (ret == 0)
  4815. return WC_TEST_RET_ENC_EC(ret);
  4816. #endif
  4817. #ifdef WOLFSSL_SHA384
  4818. ret = wc_GetCTC_HashOID(WC_SHA384);
  4819. if (ret == 0)
  4820. return WC_TEST_RET_ENC_EC(ret);
  4821. #endif
  4822. #ifdef WOLFSSL_SHA512
  4823. ret = wc_GetCTC_HashOID(WC_SHA512);
  4824. if (ret == 0)
  4825. return WC_TEST_RET_ENC_EC(ret);
  4826. #endif
  4827. ret = wc_GetCTC_HashOID(-1);
  4828. if (ret != 0)
  4829. return WC_TEST_RET_ENC_EC(ret);
  4830. #endif
  4831. return 0;
  4832. }
  4833. #endif /* !NO_HASH_WRAPPER */
  4834. #if !defined(NO_HMAC) && !defined(NO_MD5) && !(defined(HAVE_FIPS) && \
  4835. defined(HAVE_FIPS_VERSION) && \
  4836. (HAVE_FIPS_VERSION >= 5))
  4837. WOLFSSL_TEST_SUBROUTINE wc_test_ret_t hmac_md5_test(void)
  4838. {
  4839. Hmac hmac;
  4840. byte hash[WC_MD5_DIGEST_SIZE];
  4841. const char* keys[]=
  4842. {
  4843. "\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b",
  4844. "Jefe",
  4845. "\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA"
  4846. };
  4847. testVector a, b, c;
  4848. testVector test_hmac[3];
  4849. wc_test_ret_t ret;
  4850. int times = sizeof(test_hmac) / sizeof(testVector), i;
  4851. a.input = "Hi There";
  4852. a.output = "\x92\x94\x72\x7a\x36\x38\xbb\x1c\x13\xf4\x8e\xf8\x15\x8b\xfc"
  4853. "\x9d";
  4854. a.inLen = XSTRLEN(a.input);
  4855. a.outLen = WC_MD5_DIGEST_SIZE;
  4856. b.input = "what do ya want for nothing?";
  4857. b.output = "\x75\x0c\x78\x3e\x6a\xb0\xb5\x03\xea\xa8\x6e\x31\x0a\x5d\xb7"
  4858. "\x38";
  4859. b.inLen = XSTRLEN(b.input);
  4860. b.outLen = WC_MD5_DIGEST_SIZE;
  4861. c.input = "\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD"
  4862. "\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD"
  4863. "\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD"
  4864. "\xDD\xDD\xDD\xDD\xDD\xDD";
  4865. c.output = "\x56\xbe\x34\x52\x1d\x14\x4c\x88\xdb\xb8\xc7\x33\xf0\xe8\xb3"
  4866. "\xf6";
  4867. c.inLen = XSTRLEN(c.input);
  4868. c.outLen = WC_MD5_DIGEST_SIZE;
  4869. test_hmac[0] = a;
  4870. test_hmac[1] = b;
  4871. test_hmac[2] = c;
  4872. for (i = 0; i < times; ++i) {
  4873. #if defined(HAVE_FIPS) || defined(HAVE_CAVIUM)
  4874. if (i == 1) {
  4875. continue; /* cavium can't handle short keys, fips not allowed */
  4876. }
  4877. #endif
  4878. ret = wc_HmacInit(&hmac, HEAP_HINT, devId);
  4879. if (ret != 0)
  4880. return WC_TEST_RET_ENC_EC(ret);
  4881. ret = wc_HmacSetKey(&hmac, WC_MD5, (byte*)keys[i],
  4882. (word32)XSTRLEN(keys[i]));
  4883. if (ret != 0)
  4884. return WC_TEST_RET_ENC_EC(ret);
  4885. ret = wc_HmacUpdate(&hmac, (byte*)test_hmac[i].input,
  4886. (word32)test_hmac[i].inLen);
  4887. if (ret != 0)
  4888. return WC_TEST_RET_ENC_EC(ret);
  4889. ret = wc_HmacFinal(&hmac, hash);
  4890. if (ret != 0)
  4891. return WC_TEST_RET_ENC_EC(ret);
  4892. if (XMEMCMP(hash, test_hmac[i].output, WC_MD5_DIGEST_SIZE) != 0)
  4893. return WC_TEST_RET_ENC_I(i);
  4894. wc_HmacFree(&hmac);
  4895. }
  4896. #ifndef HAVE_FIPS
  4897. if ((ret = wc_HmacSizeByType(WC_MD5)) != WC_MD5_DIGEST_SIZE)
  4898. return WC_TEST_RET_ENC_EC(ret);
  4899. #endif
  4900. return 0;
  4901. }
  4902. #endif /* !NO_HMAC && !NO_MD5 && (!HAVE_FIPS || (HAVE_FIPS_VERSION < 5)) */
  4903. #if !defined(NO_HMAC) && !defined(NO_SHA)
  4904. WOLFSSL_TEST_SUBROUTINE wc_test_ret_t hmac_sha_test(void)
  4905. {
  4906. Hmac hmac;
  4907. byte hash[WC_SHA_DIGEST_SIZE];
  4908. const char* keys[]=
  4909. {
  4910. "\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b"
  4911. "\x0b\x0b\x0b",
  4912. "Jefe",
  4913. "\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA"
  4914. "\xAA\xAA\xAA"
  4915. };
  4916. testVector a, b, c;
  4917. testVector test_hmac[3];
  4918. wc_test_ret_t ret;
  4919. int times = sizeof(test_hmac) / sizeof(testVector), i;
  4920. a.input = "Hi There";
  4921. a.output = "\xb6\x17\x31\x86\x55\x05\x72\x64\xe2\x8b\xc0\xb6\xfb\x37\x8c"
  4922. "\x8e\xf1\x46\xbe\x00";
  4923. a.inLen = XSTRLEN(a.input);
  4924. a.outLen = WC_SHA_DIGEST_SIZE;
  4925. b.input = "what do ya want for nothing?";
  4926. b.output = "\xef\xfc\xdf\x6a\xe5\xeb\x2f\xa2\xd2\x74\x16\xd5\xf1\x84\xdf"
  4927. "\x9c\x25\x9a\x7c\x79";
  4928. b.inLen = XSTRLEN(b.input);
  4929. b.outLen = WC_SHA_DIGEST_SIZE;
  4930. c.input = "\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD"
  4931. "\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD"
  4932. "\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD"
  4933. "\xDD\xDD\xDD\xDD\xDD\xDD";
  4934. c.output = "\x12\x5d\x73\x42\xb9\xac\x11\xcd\x91\xa3\x9a\xf4\x8a\xa1\x7b"
  4935. "\x4f\x63\xf1\x75\xd3";
  4936. c.inLen = XSTRLEN(c.input);
  4937. c.outLen = WC_SHA_DIGEST_SIZE;
  4938. test_hmac[0] = a;
  4939. test_hmac[1] = b;
  4940. test_hmac[2] = c;
  4941. for (i = 0; i < times; ++i) {
  4942. #if defined(HAVE_FIPS) || defined(HAVE_CAVIUM)
  4943. if (i == 1)
  4944. continue; /* cavium can't handle short keys, fips not allowed */
  4945. #endif
  4946. if ((ret = wc_HmacInit(&hmac, HEAP_HINT, devId)) != 0)
  4947. return WC_TEST_RET_ENC_EC(ret);
  4948. ret = wc_HmacSetKey(&hmac, WC_SHA, (byte*)keys[i],
  4949. (word32)XSTRLEN(keys[i]));
  4950. if (ret != 0)
  4951. return WC_TEST_RET_ENC_EC(ret);
  4952. ret = wc_HmacUpdate(&hmac, (byte*)test_hmac[i].input,
  4953. (word32)test_hmac[i].inLen);
  4954. if (ret != 0)
  4955. return WC_TEST_RET_ENC_EC(ret);
  4956. ret = wc_HmacFinal(&hmac, hash);
  4957. if (ret != 0)
  4958. return WC_TEST_RET_ENC_EC(ret);
  4959. if (XMEMCMP(hash, test_hmac[i].output, WC_SHA_DIGEST_SIZE) != 0)
  4960. return WC_TEST_RET_ENC_I(i);
  4961. wc_HmacFree(&hmac);
  4962. }
  4963. #ifndef HAVE_FIPS
  4964. if ((ret = wc_HmacSizeByType(WC_SHA)) != WC_SHA_DIGEST_SIZE)
  4965. return WC_TEST_RET_ENC_EC(ret);
  4966. #endif
  4967. return 0;
  4968. }
  4969. #endif
  4970. #if !defined(NO_HMAC) && defined(WOLFSSL_SHA224)
  4971. WOLFSSL_TEST_SUBROUTINE wc_test_ret_t hmac_sha224_test(void)
  4972. {
  4973. Hmac hmac;
  4974. byte hash[WC_SHA224_DIGEST_SIZE];
  4975. const char* keys[]=
  4976. {
  4977. "\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b"
  4978. "\x0b\x0b\x0b",
  4979. "Jefe",
  4980. "\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA"
  4981. "\xAA\xAA\xAA",
  4982. "\x01\x02\x03\x04\x05\x06\x07\x08\x01\x02\x03\x04\x05\x06\x07\x08"
  4983. "\x01\x02\x03\x04\x05\x06\x07\x08\x01\x02\x03\x04\x05\x06\x07\x08"
  4984. "\x01\x02\x03\x04\x05\x06\x07\x08\x01\x02\x03\x04\x05\x06\x07\x08"
  4985. "\x01\x02\x03\x04\x05\x06\x07\x08\x01\x02\x03\x04\x05\x06\x07\x08"
  4986. "\x01\x02\x03\x04\x05\x06\x07\x08\x01\x02\x03\x04\x05\x06\x07\x08"
  4987. };
  4988. testVector a, b, c, d;
  4989. testVector test_hmac[4];
  4990. wc_test_ret_t ret;
  4991. int times = sizeof(test_hmac) / sizeof(testVector), i;
  4992. a.input = "Hi There";
  4993. a.output = "\x89\x6f\xb1\x12\x8a\xbb\xdf\x19\x68\x32\x10\x7c\xd4\x9d\xf3"
  4994. "\x3f\x47\xb4\xb1\x16\x99\x12\xba\x4f\x53\x68\x4b\x22";
  4995. a.inLen = XSTRLEN(a.input);
  4996. a.outLen = WC_SHA224_DIGEST_SIZE;
  4997. b.input = "what do ya want for nothing?";
  4998. b.output = "\xa3\x0e\x01\x09\x8b\xc6\xdb\xbf\x45\x69\x0f\x3a\x7e\x9e\x6d"
  4999. "\x0f\x8b\xbe\xa2\xa3\x9e\x61\x48\x00\x8f\xd0\x5e\x44";
  5000. b.inLen = XSTRLEN(b.input);
  5001. b.outLen = WC_SHA224_DIGEST_SIZE;
  5002. c.input = "\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD"
  5003. "\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD"
  5004. "\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD"
  5005. "\xDD\xDD\xDD\xDD\xDD\xDD";
  5006. c.output = "\x7f\xb3\xcb\x35\x88\xc6\xc1\xf6\xff\xa9\x69\x4d\x7d\x6a\xd2"
  5007. "\x64\x93\x65\xb0\xc1\xf6\x5d\x69\xd1\xec\x83\x33\xea";
  5008. c.inLen = XSTRLEN(c.input);
  5009. c.outLen = WC_SHA224_DIGEST_SIZE;
  5010. d.input = "Big Key Input";
  5011. d.output = "\xe7\x4e\x2b\x8a\xa9\xf0\x37\x2f\xed\xae\x70\x0c\x49\x47\xf1"
  5012. "\x46\x54\xa7\x32\x6b\x55\x01\x87\xd2\xc8\x02\x0e\x3a";
  5013. d.inLen = XSTRLEN(d.input);
  5014. d.outLen = WC_SHA224_DIGEST_SIZE;
  5015. test_hmac[0] = a;
  5016. test_hmac[1] = b;
  5017. test_hmac[2] = c;
  5018. test_hmac[3] = d;
  5019. for (i = 0; i < times; ++i) {
  5020. #if defined(HAVE_FIPS) || defined(HAVE_CAVIUM)
  5021. if (i == 1)
  5022. continue; /* cavium can't handle short keys, fips not allowed */
  5023. #endif
  5024. if ((ret = wc_HmacInit(&hmac, HEAP_HINT, devId)) != 0)
  5025. return WC_TEST_RET_ENC_EC(ret);
  5026. ret = wc_HmacSetKey(&hmac, WC_SHA224, (byte*)keys[i],
  5027. (word32)XSTRLEN(keys[i]));
  5028. if (ret != 0)
  5029. return WC_TEST_RET_ENC_EC(ret);
  5030. ret = wc_HmacUpdate(&hmac, (byte*)test_hmac[i].input,
  5031. (word32)test_hmac[i].inLen);
  5032. if (ret != 0)
  5033. return WC_TEST_RET_ENC_EC(ret);
  5034. ret = wc_HmacFinal(&hmac, hash);
  5035. if (ret != 0)
  5036. return WC_TEST_RET_ENC_EC(ret);
  5037. if (XMEMCMP(hash, test_hmac[i].output, WC_SHA224_DIGEST_SIZE) != 0)
  5038. return WC_TEST_RET_ENC_I(i);
  5039. wc_HmacFree(&hmac);
  5040. }
  5041. #ifndef HAVE_FIPS
  5042. if ((ret = wc_HmacSizeByType(WC_SHA224)) != WC_SHA224_DIGEST_SIZE)
  5043. return WC_TEST_RET_ENC_EC(ret);
  5044. #endif
  5045. return 0;
  5046. }
  5047. #endif
  5048. #if !defined(NO_HMAC) && !defined(NO_SHA256)
  5049. WOLFSSL_TEST_SUBROUTINE wc_test_ret_t hmac_sha256_test(void)
  5050. {
  5051. Hmac hmac;
  5052. byte hash[WC_SHA256_DIGEST_SIZE];
  5053. const char* keys[]=
  5054. {
  5055. "\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b"
  5056. "\x0b\x0b\x0b",
  5057. "Jefe",
  5058. "\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA"
  5059. "\xAA\xAA\xAA",
  5060. "\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA"
  5061. "\xAA\xAA\xAA",
  5062. };
  5063. testVector a, b, c, d;
  5064. testVector test_hmac[4];
  5065. wc_test_ret_t ret;
  5066. int times = sizeof(test_hmac) / sizeof(testVector), i;
  5067. a.input = "Hi There";
  5068. a.output = "\xb0\x34\x4c\x61\xd8\xdb\x38\x53\x5c\xa8\xaf\xce\xaf\x0b\xf1"
  5069. "\x2b\x88\x1d\xc2\x00\xc9\x83\x3d\xa7\x26\xe9\x37\x6c\x2e\x32"
  5070. "\xcf\xf7";
  5071. a.inLen = XSTRLEN(a.input);
  5072. a.outLen = WC_SHA256_DIGEST_SIZE;
  5073. b.input = "what do ya want for nothing?";
  5074. b.output = "\x5b\xdc\xc1\x46\xbf\x60\x75\x4e\x6a\x04\x24\x26\x08\x95\x75"
  5075. "\xc7\x5a\x00\x3f\x08\x9d\x27\x39\x83\x9d\xec\x58\xb9\x64\xec"
  5076. "\x38\x43";
  5077. b.inLen = XSTRLEN(b.input);
  5078. b.outLen = WC_SHA256_DIGEST_SIZE;
  5079. c.input = "\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD"
  5080. "\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD"
  5081. "\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD"
  5082. "\xDD\xDD\xDD\xDD\xDD\xDD";
  5083. c.output = "\x77\x3e\xa9\x1e\x36\x80\x0e\x46\x85\x4d\xb8\xeb\xd0\x91\x81"
  5084. "\xa7\x29\x59\x09\x8b\x3e\xf8\xc1\x22\xd9\x63\x55\x14\xce\xd5"
  5085. "\x65\xfe";
  5086. c.inLen = XSTRLEN(c.input);
  5087. c.outLen = WC_SHA256_DIGEST_SIZE;
  5088. d.input = 0;
  5089. d.output = "\x86\xe5\x4f\xd4\x48\x72\x5d\x7e\x5d\xcf\xe2\x23\x53\xc8\x28"
  5090. "\xaf\x48\x78\x1e\xb4\x8c\xae\x81\x06\xa7\xe1\xd4\x98\x94\x9f"
  5091. "\x3e\x46";
  5092. d.inLen = 0;
  5093. d.outLen = WC_SHA256_DIGEST_SIZE;
  5094. test_hmac[0] = a;
  5095. test_hmac[1] = b;
  5096. test_hmac[2] = c;
  5097. test_hmac[3] = d;
  5098. for (i = 0; i < times; ++i) {
  5099. #if defined(HAVE_FIPS) || defined(HAVE_CAVIUM)
  5100. if (i == 1)
  5101. continue; /* cavium can't handle short keys, fips not allowed */
  5102. #endif
  5103. #if defined(HAVE_INTEL_QA) || defined(HAVE_CAVIUM)
  5104. if (i == 3)
  5105. continue; /* QuickAssist can't handle empty HMAC */
  5106. #endif
  5107. if (wc_HmacInit(&hmac, HEAP_HINT, devId) != 0)
  5108. return WC_TEST_RET_ENC_I(i);
  5109. ret = wc_HmacSetKey(&hmac, WC_SHA256, (byte*)keys[i],
  5110. (word32)XSTRLEN(keys[i]));
  5111. if (ret != 0)
  5112. return WC_TEST_RET_ENC_I(i);
  5113. if (test_hmac[i].input != NULL) {
  5114. ret = wc_HmacUpdate(&hmac, (byte*)test_hmac[i].input,
  5115. (word32)test_hmac[i].inLen);
  5116. if (ret != 0)
  5117. return WC_TEST_RET_ENC_I(i);
  5118. }
  5119. ret = wc_HmacFinal(&hmac, hash);
  5120. if (ret != 0)
  5121. return WC_TEST_RET_ENC_I(i);
  5122. if (XMEMCMP(hash, test_hmac[i].output, WC_SHA256_DIGEST_SIZE) != 0)
  5123. return WC_TEST_RET_ENC_I(i);
  5124. wc_HmacFree(&hmac);
  5125. }
  5126. #ifndef HAVE_FIPS
  5127. if ((ret = wc_HmacSizeByType(WC_SHA256)) != WC_SHA256_DIGEST_SIZE)
  5128. return WC_TEST_RET_ENC_EC(ret);
  5129. if ((ret = wc_HmacSizeByType(21)) != BAD_FUNC_ARG)
  5130. return WC_TEST_RET_ENC_EC(ret);
  5131. #endif
  5132. if ((ret = wolfSSL_GetHmacMaxSize()) != WC_MAX_DIGEST_SIZE)
  5133. return WC_TEST_RET_ENC_EC(ret);
  5134. return 0;
  5135. }
  5136. #endif
  5137. #if !defined(NO_HMAC) && defined(WOLFSSL_SHA384)
  5138. WOLFSSL_TEST_SUBROUTINE wc_test_ret_t hmac_sha384_test(void)
  5139. {
  5140. Hmac hmac;
  5141. byte hash[WC_SHA384_DIGEST_SIZE];
  5142. const char* keys[]=
  5143. {
  5144. "\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b"
  5145. "\x0b\x0b\x0b",
  5146. "Jefe",
  5147. "\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA"
  5148. "\xAA\xAA\xAA",
  5149. "\x01\x02\x03\x04\x05\x06\x07\x08\x01\x02\x03\x04\x05\x06\x07\x08"
  5150. "\x01\x02\x03\x04\x05\x06\x07\x08\x01\x02\x03\x04\x05\x06\x07\x08"
  5151. "\x01\x02\x03\x04\x05\x06\x07\x08\x01\x02\x03\x04\x05\x06\x07\x08"
  5152. "\x01\x02\x03\x04\x05\x06\x07\x08\x01\x02\x03\x04\x05\x06\x07\x08"
  5153. "\x01\x02\x03\x04\x05\x06\x07\x08\x01\x02\x03\x04\x05\x06\x07\x08"
  5154. "\x01\x02\x03\x04\x05\x06\x07\x08\x01\x02\x03\x04\x05\x06\x07\x08"
  5155. "\x01\x02\x03\x04\x05\x06\x07\x08\x01\x02\x03\x04\x05\x06\x07\x08"
  5156. "\x01\x02\x03\x04\x05\x06\x07\x08\x01\x02\x03\x04\x05\x06\x07\x08"
  5157. "\x01\x02\x03\x04\x05\x06\x07\x08\x01\x02\x03\x04\x05\x06\x07\x08"
  5158. };
  5159. testVector a, b, c, d;
  5160. testVector test_hmac[4];
  5161. wc_test_ret_t ret;
  5162. int times = sizeof(test_hmac) / sizeof(testVector), i;
  5163. a.input = "Hi There";
  5164. a.output = "\xaf\xd0\x39\x44\xd8\x48\x95\x62\x6b\x08\x25\xf4\xab\x46\x90"
  5165. "\x7f\x15\xf9\xda\xdb\xe4\x10\x1e\xc6\x82\xaa\x03\x4c\x7c\xeb"
  5166. "\xc5\x9c\xfa\xea\x9e\xa9\x07\x6e\xde\x7f\x4a\xf1\x52\xe8\xb2"
  5167. "\xfa\x9c\xb6";
  5168. a.inLen = XSTRLEN(a.input);
  5169. a.outLen = WC_SHA384_DIGEST_SIZE;
  5170. b.input = "what do ya want for nothing?";
  5171. b.output = "\xaf\x45\xd2\xe3\x76\x48\x40\x31\x61\x7f\x78\xd2\xb5\x8a\x6b"
  5172. "\x1b\x9c\x7e\xf4\x64\xf5\xa0\x1b\x47\xe4\x2e\xc3\x73\x63\x22"
  5173. "\x44\x5e\x8e\x22\x40\xca\x5e\x69\xe2\xc7\x8b\x32\x39\xec\xfa"
  5174. "\xb2\x16\x49";
  5175. b.inLen = XSTRLEN(b.input);
  5176. b.outLen = WC_SHA384_DIGEST_SIZE;
  5177. c.input = "\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD"
  5178. "\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD"
  5179. "\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD"
  5180. "\xDD\xDD\xDD\xDD\xDD\xDD";
  5181. c.output = "\x88\x06\x26\x08\xd3\xe6\xad\x8a\x0a\xa2\xac\xe0\x14\xc8\xa8"
  5182. "\x6f\x0a\xa6\x35\xd9\x47\xac\x9f\xeb\xe8\x3e\xf4\xe5\x59\x66"
  5183. "\x14\x4b\x2a\x5a\xb3\x9d\xc1\x38\x14\xb9\x4e\x3a\xb6\xe1\x01"
  5184. "\xa3\x4f\x27";
  5185. c.inLen = XSTRLEN(c.input);
  5186. c.outLen = WC_SHA384_DIGEST_SIZE;
  5187. d.input = "Big Key Input";
  5188. d.output = "\xd2\x3d\x29\x6e\xf5\x1e\x23\x23\x49\x18\xb3\xbf\x4c\x38\x7b"
  5189. "\x31\x21\x17\xbb\x09\x73\x27\xf8\x12\x9d\xe9\xc6\x5d\xf9\x54"
  5190. "\xd6\x38\x5a\x68\x53\x14\xee\xe0\xa6\x4f\x36\x7e\xb2\xf3\x1a"
  5191. "\x57\x41\x69";
  5192. d.inLen = XSTRLEN(d.input);
  5193. d.outLen = WC_SHA384_DIGEST_SIZE;
  5194. test_hmac[0] = a;
  5195. test_hmac[1] = b;
  5196. test_hmac[2] = c;
  5197. test_hmac[3] = d;
  5198. for (i = 0; i < times; ++i) {
  5199. #if defined(HAVE_FIPS)
  5200. if (i == 1)
  5201. continue; /* fips not allowed */
  5202. #endif
  5203. if ((ret = wc_HmacInit(&hmac, HEAP_HINT, devId)) != 0)
  5204. return WC_TEST_RET_ENC_EC(ret);
  5205. ret = wc_HmacSetKey(&hmac, WC_SHA384, (byte*)keys[i],
  5206. (word32)XSTRLEN(keys[i]));
  5207. if (ret != 0)
  5208. return WC_TEST_RET_ENC_EC(ret);
  5209. ret = wc_HmacUpdate(&hmac, (byte*)test_hmac[i].input,
  5210. (word32)test_hmac[i].inLen);
  5211. if (ret != 0)
  5212. return WC_TEST_RET_ENC_EC(ret);
  5213. ret = wc_HmacFinal(&hmac, hash);
  5214. if (ret != 0)
  5215. return WC_TEST_RET_ENC_EC(ret);
  5216. if (XMEMCMP(hash, test_hmac[i].output, WC_SHA384_DIGEST_SIZE) != 0)
  5217. return WC_TEST_RET_ENC_I(i);
  5218. wc_HmacFree(&hmac);
  5219. }
  5220. #ifndef HAVE_FIPS
  5221. if ((ret = wc_HmacSizeByType(WC_SHA384)) != WC_SHA384_DIGEST_SIZE)
  5222. return WC_TEST_RET_ENC_EC(ret);
  5223. #endif
  5224. return 0;
  5225. }
  5226. #endif
  5227. #if !defined(NO_HMAC) && defined(WOLFSSL_SHA512)
  5228. WOLFSSL_TEST_SUBROUTINE wc_test_ret_t hmac_sha512_test(void)
  5229. {
  5230. Hmac hmac;
  5231. byte hash[WC_SHA512_DIGEST_SIZE];
  5232. const char* keys[]=
  5233. {
  5234. "\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b"
  5235. "\x0b\x0b\x0b",
  5236. "Jefe",
  5237. "\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA"
  5238. "\xAA\xAA\xAA",
  5239. "\x01\x02\x03\x04\x05\x06\x07\x08\x01\x02\x03\x04\x05\x06\x07\x08"
  5240. "\x01\x02\x03\x04\x05\x06\x07\x08\x01\x02\x03\x04\x05\x06\x07\x08"
  5241. "\x01\x02\x03\x04\x05\x06\x07\x08\x01\x02\x03\x04\x05\x06\x07\x08"
  5242. "\x01\x02\x03\x04\x05\x06\x07\x08\x01\x02\x03\x04\x05\x06\x07\x08"
  5243. "\x01\x02\x03\x04\x05\x06\x07\x08\x01\x02\x03\x04\x05\x06\x07\x08"
  5244. "\x01\x02\x03\x04\x05\x06\x07\x08\x01\x02\x03\x04\x05\x06\x07\x08"
  5245. "\x01\x02\x03\x04\x05\x06\x07\x08\x01\x02\x03\x04\x05\x06\x07\x08"
  5246. "\x01\x02\x03\x04\x05\x06\x07\x08\x01\x02\x03\x04\x05\x06\x07\x08"
  5247. "\x01\x02\x03\x04\x05\x06\x07\x08\x01\x02\x03\x04\x05\x06\x07\x08"
  5248. };
  5249. testVector a, b, c, d;
  5250. testVector test_hmac[4];
  5251. wc_test_ret_t ret;
  5252. int times = sizeof(test_hmac) / sizeof(testVector), i;
  5253. a.input = "Hi There";
  5254. a.output = "\x87\xaa\x7c\xde\xa5\xef\x61\x9d\x4f\xf0\xb4\x24\x1a\x1d\x6c"
  5255. "\xb0\x23\x79\xf4\xe2\xce\x4e\xc2\x78\x7a\xd0\xb3\x05\x45\xe1"
  5256. "\x7c\xde\xda\xa8\x33\xb7\xd6\xb8\xa7\x02\x03\x8b\x27\x4e\xae"
  5257. "\xa3\xf4\xe4\xbe\x9d\x91\x4e\xeb\x61\xf1\x70\x2e\x69\x6c\x20"
  5258. "\x3a\x12\x68\x54";
  5259. a.inLen = XSTRLEN(a.input);
  5260. a.outLen = WC_SHA512_DIGEST_SIZE;
  5261. b.input = "what do ya want for nothing?";
  5262. b.output = "\x16\x4b\x7a\x7b\xfc\xf8\x19\xe2\xe3\x95\xfb\xe7\x3b\x56\xe0"
  5263. "\xa3\x87\xbd\x64\x22\x2e\x83\x1f\xd6\x10\x27\x0c\xd7\xea\x25"
  5264. "\x05\x54\x97\x58\xbf\x75\xc0\x5a\x99\x4a\x6d\x03\x4f\x65\xf8"
  5265. "\xf0\xe6\xfd\xca\xea\xb1\xa3\x4d\x4a\x6b\x4b\x63\x6e\x07\x0a"
  5266. "\x38\xbc\xe7\x37";
  5267. b.inLen = XSTRLEN(b.input);
  5268. b.outLen = WC_SHA512_DIGEST_SIZE;
  5269. c.input = "\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD"
  5270. "\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD"
  5271. "\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD"
  5272. "\xDD\xDD\xDD\xDD\xDD\xDD";
  5273. c.output = "\xfa\x73\xb0\x08\x9d\x56\xa2\x84\xef\xb0\xf0\x75\x6c\x89\x0b"
  5274. "\xe9\xb1\xb5\xdb\xdd\x8e\xe8\x1a\x36\x55\xf8\x3e\x33\xb2\x27"
  5275. "\x9d\x39\xbf\x3e\x84\x82\x79\xa7\x22\xc8\x06\xb4\x85\xa4\x7e"
  5276. "\x67\xc8\x07\xb9\x46\xa3\x37\xbe\xe8\x94\x26\x74\x27\x88\x59"
  5277. "\xe1\x32\x92\xfb";
  5278. c.inLen = XSTRLEN(c.input);
  5279. c.outLen = WC_SHA512_DIGEST_SIZE;
  5280. d.input = "Big Key Input";
  5281. d.output = "\x3f\xa9\xc9\xe1\xbd\xbb\x04\x55\x1f\xef\xcc\x92\x33\x08\xeb"
  5282. "\xcf\xc1\x9a\x5b\x5b\xc0\x7c\x86\x84\xae\x8c\x40\xaf\xb1\x27"
  5283. "\x87\x38\x92\x04\xa8\xed\xd7\xd7\x07\xa9\x85\xa0\xc2\xcd\x30"
  5284. "\xc0\x56\x14\x49\xbc\x2f\x69\x15\x6a\x97\xd8\x79\x2f\xb3\x3b"
  5285. "\x1e\x18\xfe\xfa";
  5286. d.inLen = XSTRLEN(d.input);
  5287. d.outLen = WC_SHA512_DIGEST_SIZE;
  5288. test_hmac[0] = a;
  5289. test_hmac[1] = b;
  5290. test_hmac[2] = c;
  5291. test_hmac[3] = d;
  5292. for (i = 0; i < times; ++i) {
  5293. #if defined(HAVE_FIPS)
  5294. if (i == 1)
  5295. continue; /* fips not allowed */
  5296. #endif
  5297. if ((ret = wc_HmacInit(&hmac, HEAP_HINT, devId)) != 0)
  5298. return WC_TEST_RET_ENC_EC(ret);
  5299. ret = wc_HmacSetKey(&hmac, WC_SHA512, (byte*)keys[i],
  5300. (word32)XSTRLEN(keys[i]));
  5301. if (ret != 0)
  5302. return WC_TEST_RET_ENC_EC(ret);
  5303. ret = wc_HmacUpdate(&hmac, (byte*)test_hmac[i].input,
  5304. (word32)test_hmac[i].inLen);
  5305. if (ret != 0)
  5306. return WC_TEST_RET_ENC_EC(ret);
  5307. ret = wc_HmacFinal(&hmac, hash);
  5308. if (ret != 0)
  5309. return WC_TEST_RET_ENC_EC(ret);
  5310. if (XMEMCMP(hash, test_hmac[i].output, WC_SHA512_DIGEST_SIZE) != 0)
  5311. return WC_TEST_RET_ENC_I(i);
  5312. wc_HmacFree(&hmac);
  5313. }
  5314. #ifndef HAVE_FIPS
  5315. if ((ret = wc_HmacSizeByType(WC_SHA512)) != WC_SHA512_DIGEST_SIZE)
  5316. return WC_TEST_RET_ENC_EC(ret);
  5317. #endif
  5318. return 0;
  5319. }
  5320. #endif
  5321. #if !defined(NO_HMAC) && defined(WOLFSSL_SHA3) && \
  5322. !defined(WOLFSSL_NOSHA3_224) && !defined(WOLFSSL_NOSHA3_256) && \
  5323. !defined(WOLFSSL_NOSHA3_384) && !defined(WOLFSSL_NOSHA3_512)
  5324. WOLFSSL_TEST_SUBROUTINE wc_test_ret_t hmac_sha3_test(void)
  5325. {
  5326. Hmac hmac;
  5327. byte hash[WC_SHA3_512_DIGEST_SIZE];
  5328. const char* key[4] =
  5329. {
  5330. "Jefe",
  5331. "\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b"
  5332. "\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b",
  5333. "\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa"
  5334. "\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa",
  5335. "\x01\x02\x03\x04\x05\x06\x07\x08\x01\x02\x03\x04\x05\x06\x07\x08"
  5336. "\x01\x02\x03\x04\x05\x06\x07\x08\x01\x02\x03\x04\x05\x06\x07\x08"
  5337. "\x01\x02\x03\x04\x05\x06\x07\x08\x01\x02\x03\x04\x05\x06\x07\x08"
  5338. "\x01\x02\x03\x04\x05\x06\x07\x08\x01\x02\x03\x04\x05\x06\x07\x08"
  5339. "\x01\x02\x03\x04\x05\x06\x07\x08\x01\x02\x03\x04\x05\x06\x07\x08"
  5340. "\x01\x02\x03\x04\x05\x06\x07\x08\x01\x02\x03\x04\x05\x06\x07\x08"
  5341. "\x01\x02\x03\x04\x05\x06\x07\x08\x01\x02\x03\x04\x05\x06\x07\x08"
  5342. "\x01\x02\x03\x04\x05\x06\x07\x08\x01\x02\x03\x04\x05\x06\x07\x08"
  5343. "\x01\x02\x03\x04\x05\x06\x07\x08\x01\x02\x03\x04\x05\x06\x07\x08"
  5344. "\x01\x02\x03\x04\x05\x06\x07\x08\x01\x02\x03\x04\x05\x06\x07\x08"
  5345. };
  5346. const char* input[4] =
  5347. {
  5348. "what do ya want for nothing?",
  5349. "Hi There",
  5350. "\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd"
  5351. "\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd"
  5352. "\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd"
  5353. "\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd"
  5354. "\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd",
  5355. "Big Key Input"
  5356. };
  5357. const int hashType[4] =
  5358. {
  5359. WC_SHA3_224, WC_SHA3_256, WC_SHA3_384, WC_SHA3_512
  5360. };
  5361. const int hashSz[4] =
  5362. {
  5363. WC_SHA3_224_DIGEST_SIZE, WC_SHA3_256_DIGEST_SIZE,
  5364. WC_SHA3_384_DIGEST_SIZE, WC_SHA3_512_DIGEST_SIZE
  5365. };
  5366. const char* output[16] =
  5367. {
  5368. /* key = jefe, input = what do ya want for nothing? */
  5369. /* HMAC-SHA3-224 */
  5370. "\x7f\xdb\x8d\xd8\x8b\xd2\xf6\x0d\x1b\x79\x86\x34\xad\x38\x68\x11"
  5371. "\xc2\xcf\xc8\x5b\xfa\xf5\xd5\x2b\xba\xce\x5e\x66",
  5372. /* HMAC-SHA3-256 */
  5373. "\xc7\xd4\x07\x2e\x78\x88\x77\xae\x35\x96\xbb\xb0\xda\x73\xb8\x87"
  5374. "\xc9\x17\x1f\x93\x09\x5b\x29\x4a\xe8\x57\xfb\xe2\x64\x5e\x1b\xa5",
  5375. /* HMAC-SHA3-384 */
  5376. "\xf1\x10\x1f\x8c\xbf\x97\x66\xfd\x67\x64\xd2\xed\x61\x90\x3f\x21"
  5377. "\xca\x9b\x18\xf5\x7c\xf3\xe1\xa2\x3c\xa1\x35\x08\xa9\x32\x43\xce"
  5378. "\x48\xc0\x45\xdc\x00\x7f\x26\xa2\x1b\x3f\x5e\x0e\x9d\xf4\xc2\x0a",
  5379. /* HMAC-SHA3-512 */
  5380. "\x5a\x4b\xfe\xab\x61\x66\x42\x7c\x7a\x36\x47\xb7\x47\x29\x2b\x83"
  5381. "\x84\x53\x7c\xdb\x89\xaf\xb3\xbf\x56\x65\xe4\xc5\xe7\x09\x35\x0b"
  5382. "\x28\x7b\xae\xc9\x21\xfd\x7c\xa0\xee\x7a\x0c\x31\xd0\x22\xa9\x5e"
  5383. "\x1f\xc9\x2b\xa9\xd7\x7d\xf8\x83\x96\x02\x75\xbe\xb4\xe6\x20\x24",
  5384. /* key = 0b..., input = Hi There */
  5385. /* HMAC-SHA3-224 */
  5386. "\x3b\x16\x54\x6b\xbc\x7b\xe2\x70\x6a\x03\x1d\xca\xfd\x56\x37\x3d"
  5387. "\x98\x84\x36\x76\x41\xd8\xc5\x9a\xf3\xc8\x60\xf7",
  5388. /* HMAC-SHA3-256 */
  5389. "\xba\x85\x19\x23\x10\xdf\xfa\x96\xe2\xa3\xa4\x0e\x69\x77\x43\x51"
  5390. "\x14\x0b\xb7\x18\x5e\x12\x02\xcd\xcc\x91\x75\x89\xf9\x5e\x16\xbb",
  5391. /* HMAC-SHA3-384 */
  5392. "\x68\xd2\xdc\xf7\xfd\x4d\xdd\x0a\x22\x40\xc8\xa4\x37\x30\x5f\x61"
  5393. "\xfb\x73\x34\xcf\xb5\xd0\x22\x6e\x1b\xc2\x7d\xc1\x0a\x2e\x72\x3a"
  5394. "\x20\xd3\x70\xb4\x77\x43\x13\x0e\x26\xac\x7e\x3d\x53\x28\x86\xbd",
  5395. /* HMAC-SHA3-512 */
  5396. "\xeb\x3f\xbd\x4b\x2e\xaa\xb8\xf5\xc5\x04\xbd\x3a\x41\x46\x5a\xac"
  5397. "\xec\x15\x77\x0a\x7c\xab\xac\x53\x1e\x48\x2f\x86\x0b\x5e\xc7\xba"
  5398. "\x47\xcc\xb2\xc6\xf2\xaf\xce\x8f\x88\xd2\x2b\x6d\xc6\x13\x80\xf2"
  5399. "\x3a\x66\x8f\xd3\x88\x8b\xb8\x05\x37\xc0\xa0\xb8\x64\x07\x68\x9e",
  5400. /* key = aa..., output = dd... */
  5401. /* HMAC-SHA3-224 */
  5402. "\x67\x6c\xfc\x7d\x16\x15\x36\x38\x78\x03\x90\x69\x2b\xe1\x42\xd2"
  5403. "\xdf\x7c\xe9\x24\xb9\x09\xc0\xc0\x8d\xbf\xdc\x1a",
  5404. /* HMAC-SHA3-256 */
  5405. "\x84\xec\x79\x12\x4a\x27\x10\x78\x65\xce\xdd\x8b\xd8\x2d\xa9\x96"
  5406. "\x5e\x5e\xd8\xc3\x7b\x0a\xc9\x80\x05\xa7\xf3\x9e\xd5\x8a\x42\x07",
  5407. /* HMAC-SHA3-384 */
  5408. "\x27\x5c\xd0\xe6\x61\xbb\x8b\x15\x1c\x64\xd2\x88\xf1\xf7\x82\xfb"
  5409. "\x91\xa8\xab\xd5\x68\x58\xd7\x2b\xab\xb2\xd4\x76\xf0\x45\x83\x73"
  5410. "\xb4\x1b\x6a\xb5\xbf\x17\x4b\xec\x42\x2e\x53\xfc\x31\x35\xac\x6e",
  5411. /* HMAC-SHA3-512 */
  5412. "\x30\x9e\x99\xf9\xec\x07\x5e\xc6\xc6\xd4\x75\xed\xa1\x18\x06\x87"
  5413. "\xfc\xf1\x53\x11\x95\x80\x2a\x99\xb5\x67\x74\x49\xa8\x62\x51\x82"
  5414. "\x85\x1c\xb3\x32\xaf\xb6\xa8\x9c\x41\x13\x25\xfb\xcb\xcd\x42\xaf"
  5415. "\xcb\x7b\x6e\x5a\xab\x7e\xa4\x2c\x66\x0f\x97\xfd\x85\x84\xbf\x03",
  5416. /* key = big key, input = Big Key Input */
  5417. /* HMAC-SHA3-224 */
  5418. "\x29\xe0\x5e\x46\xc4\xa4\x5e\x46\x74\xbf\xd7\x2d\x1a\xd8\x66\xdb"
  5419. "\x2d\x0d\x10\x4e\x2b\xfa\xad\x53\x7d\x15\x69\x8b",
  5420. /* HMAC-SHA3-256 */
  5421. "\xb5\x5b\x8d\x64\xb6\x9c\x21\xd0\xbf\x20\x5c\xa2\xf7\xb9\xb1\x4e"
  5422. "\x88\x21\x61\x2c\x66\xc3\x91\xae\x6c\x95\x16\x85\x83\xe6\xf4\x9b",
  5423. /* HMAC-SHA3-384 */
  5424. "\xaa\x91\xb3\xa6\x2f\x56\xa1\xbe\x8c\x3e\x74\x38\xdb\x58\xd9\xd3"
  5425. "\x34\xde\xa0\x60\x6d\x8d\x46\xe0\xec\xa9\xf6\x06\x35\x14\xe6\xed"
  5426. "\x83\xe6\x7c\x77\x24\x6c\x11\xb5\x90\x82\xb5\x75\xda\x7b\x83\x2d",
  5427. /* HMAC-SHA3-512 */
  5428. "\x1c\xc3\xa9\x24\x4a\x4a\x3f\xbd\xc7\x20\x00\x16\x9b\x79\x47\x03"
  5429. "\x78\x75\x2c\xb5\xf1\x2e\x62\x7c\xbe\xef\x4e\x8f\x0b\x11\x2b\x32"
  5430. "\xa0\xee\xc9\xd0\x4d\x64\x64\x0b\x37\xf4\xdd\x66\xf7\x8b\xb3\xad"
  5431. "\x52\x52\x6b\x65\x12\xde\x0d\x7c\xc0\x8b\x60\x01\x6c\x37\xd7\xa8"
  5432. };
  5433. int i = 0, iMax = sizeof(input) / sizeof(input[0]),
  5434. j, jMax = sizeof(hashType) / sizeof(hashType[0]),
  5435. ret;
  5436. #ifdef HAVE_FIPS
  5437. /* FIPS requires a minimum length for HMAC keys, and "Jefe" is too
  5438. * short. Skip it in FIPS builds. */
  5439. i = 1;
  5440. #endif
  5441. for (; i < iMax; i++) {
  5442. for (j = 0; j < jMax; j++) {
  5443. if ((ret = wc_HmacInit(&hmac, HEAP_HINT, devId)) != 0)
  5444. return WC_TEST_RET_ENC_EC(ret);
  5445. ret = wc_HmacSetKey(&hmac, hashType[j], (byte*)key[i],
  5446. (word32)XSTRLEN(key[i]));
  5447. if (ret != 0)
  5448. return WC_TEST_RET_ENC_EC(ret);
  5449. ret = wc_HmacUpdate(&hmac, (byte*)input[i],
  5450. (word32)XSTRLEN(input[i]));
  5451. if (ret != 0)
  5452. return WC_TEST_RET_ENC_EC(ret);
  5453. ret = wc_HmacFinal(&hmac, hash);
  5454. if (ret != 0)
  5455. return WC_TEST_RET_ENC_EC(ret);
  5456. if (XMEMCMP(hash, output[(i*jMax) + j], hashSz[j]) != 0)
  5457. return WC_TEST_RET_ENC_NC;
  5458. wc_HmacFree(&hmac);
  5459. if (i > 0)
  5460. continue;
  5461. #ifndef HAVE_FIPS
  5462. ret = wc_HmacSizeByType(hashType[j]);
  5463. if (ret != hashSz[j])
  5464. return WC_TEST_RET_ENC_EC(ret);
  5465. #endif
  5466. }
  5467. }
  5468. return 0;
  5469. }
  5470. #endif
  5471. #ifdef WC_RC2
  5472. typedef struct rc2TestVector {
  5473. const char* input;
  5474. const char* output;
  5475. const char* key; /* Key, variable up to 128 bytes */
  5476. const char* iv; /* IV, 8-bytes */
  5477. int inLen;
  5478. int outLen;
  5479. int keyLen;
  5480. int effectiveKeyBits; /* Up to 1024 bits supported */
  5481. } rc2TestVector;
  5482. static wc_test_ret_t rc2_ecb_test(void)
  5483. {
  5484. wc_test_ret_t ret = 0;
  5485. byte cipher[RC2_BLOCK_SIZE];
  5486. byte plain[RC2_BLOCK_SIZE];
  5487. rc2TestVector a, b, c, d, e, f, g, h;
  5488. rc2TestVector test_rc2[8];
  5489. int times = sizeof(test_rc2) / sizeof(rc2TestVector), i;
  5490. a.input = "\x00\x00\x00\x00\x00\x00\x00\x00";
  5491. a.output = "\xeb\xb7\x73\xf9\x93\x27\x8e\xff";
  5492. a.key = "\x00\x00\x00\x00\x00\x00\x00\x00";
  5493. a.inLen = RC2_BLOCK_SIZE;
  5494. a.outLen = RC2_BLOCK_SIZE;
  5495. a.keyLen = 8;
  5496. a.effectiveKeyBits = 63;
  5497. b.input = "\xff\xff\xff\xff\xff\xff\xff\xff";
  5498. b.output = "\x27\x8b\x27\xe4\x2e\x2f\x0d\x49";
  5499. b.key = "\xff\xff\xff\xff\xff\xff\xff\xff";
  5500. b.inLen = RC2_BLOCK_SIZE;
  5501. b.outLen = RC2_BLOCK_SIZE;
  5502. b.keyLen = 8;
  5503. b.effectiveKeyBits = 64;
  5504. c.input = "\x10\x00\x00\x00\x00\x00\x00\x01";
  5505. c.output = "\x30\x64\x9e\xdf\x9b\xe7\xd2\xc2";
  5506. c.key = "\x30\x00\x00\x00\x00\x00\x00\x00";
  5507. c.inLen = RC2_BLOCK_SIZE;
  5508. c.outLen = RC2_BLOCK_SIZE;
  5509. c.keyLen = 8;
  5510. c.effectiveKeyBits = 64;
  5511. d.input = "\x00\x00\x00\x00\x00\x00\x00\x00";
  5512. d.output = "\x61\xa8\xa2\x44\xad\xac\xcc\xf0";
  5513. d.key = "\x88";
  5514. d.inLen = RC2_BLOCK_SIZE;
  5515. d.outLen = RC2_BLOCK_SIZE;
  5516. d.keyLen = 1;
  5517. d.effectiveKeyBits = 64;
  5518. e.input = "\x00\x00\x00\x00\x00\x00\x00\x00";
  5519. e.output = "\x6c\xcf\x43\x08\x97\x4c\x26\x7f";
  5520. e.key = "\x88\xbc\xa9\x0e\x90\x87\x5a";
  5521. e.inLen = RC2_BLOCK_SIZE;
  5522. e.outLen = RC2_BLOCK_SIZE;
  5523. e.keyLen = 7;
  5524. e.effectiveKeyBits = 64;
  5525. f.input = "\x00\x00\x00\x00\x00\x00\x00\x00";
  5526. f.output = "\x1a\x80\x7d\x27\x2b\xbe\x5d\xb1";
  5527. f.key = "\x88\xbc\xa9\x0e\x90\x87\x5a\x7f"
  5528. "\x0f\x79\xc3\x84\x62\x7b\xaf\xb2";
  5529. f.inLen = RC2_BLOCK_SIZE;
  5530. f.outLen = RC2_BLOCK_SIZE;
  5531. f.keyLen = 16;
  5532. f.effectiveKeyBits = 64;
  5533. g.input = "\x00\x00\x00\x00\x00\x00\x00\x00";
  5534. g.output = "\x22\x69\x55\x2a\xb0\xf8\x5c\xa6";
  5535. g.key = "\x88\xbc\xa9\x0e\x90\x87\x5a\x7f"
  5536. "\x0f\x79\xc3\x84\x62\x7b\xaf\xb2";
  5537. g.inLen = RC2_BLOCK_SIZE;
  5538. g.outLen = RC2_BLOCK_SIZE;
  5539. g.keyLen = 16;
  5540. g.effectiveKeyBits = 128;
  5541. h.input = "\x00\x00\x00\x00\x00\x00\x00\x00";
  5542. h.output = "\x5b\x78\xd3\xa4\x3d\xff\xf1\xf1";
  5543. h.key = "\x88\xbc\xa9\x0e\x90\x87\x5a\x7f"
  5544. "\x0f\x79\xc3\x84\x62\x7b\xaf\xb2"
  5545. "\x16\xf8\x0a\x6f\x85\x92\x05\x84"
  5546. "\xc4\x2f\xce\xb0\xbe\x25\x5d\xaf"
  5547. "\x1e";
  5548. h.inLen = RC2_BLOCK_SIZE;
  5549. h.outLen = RC2_BLOCK_SIZE;
  5550. h.keyLen = 33;
  5551. h.effectiveKeyBits = 129;
  5552. a.iv = b.iv = c.iv = d.iv = e.iv = f.iv = g.iv = h.iv = NULL;
  5553. test_rc2[0] = a;
  5554. test_rc2[1] = b;
  5555. test_rc2[2] = c;
  5556. test_rc2[3] = d;
  5557. test_rc2[4] = e;
  5558. test_rc2[5] = f;
  5559. test_rc2[6] = g;
  5560. test_rc2[7] = h;
  5561. for (i = 0; i < times; ++i) {
  5562. Rc2 enc;
  5563. XMEMSET(cipher, 0, RC2_BLOCK_SIZE);
  5564. XMEMSET(plain, 0, RC2_BLOCK_SIZE);
  5565. ret = wc_Rc2SetKey(&enc, (byte*)test_rc2[i].key, test_rc2[i].keyLen,
  5566. NULL, test_rc2[i].effectiveKeyBits);
  5567. if (ret != 0) {
  5568. return WC_TEST_RET_ENC_EC(ret);
  5569. }
  5570. /* ECB encrypt */
  5571. ret = wc_Rc2EcbEncrypt(&enc, cipher, (byte*)test_rc2[i].input,
  5572. (word32)test_rc2[i].outLen);
  5573. if (ret != 0) {
  5574. return WC_TEST_RET_ENC_EC(ret);
  5575. }
  5576. if (XMEMCMP(cipher, test_rc2[i].output, test_rc2[i].outLen)) {
  5577. return WC_TEST_RET_ENC_NC;
  5578. }
  5579. /* ECB decrypt */
  5580. ret = wc_Rc2EcbDecrypt(&enc, plain, cipher, RC2_BLOCK_SIZE);
  5581. if (ret != 0) {
  5582. return WC_TEST_RET_ENC_EC(ret);
  5583. }
  5584. if (XMEMCMP(plain, test_rc2[i].input, RC2_BLOCK_SIZE)) {
  5585. return WC_TEST_RET_ENC_NC;
  5586. }
  5587. }
  5588. return 0;
  5589. }
  5590. static wc_test_ret_t rc2_cbc_test(void)
  5591. {
  5592. wc_test_ret_t ret = 0;
  5593. byte cipher[128];
  5594. byte plain[128];
  5595. rc2TestVector a, b, c, d, e, f, g, h, i;
  5596. rc2TestVector test_rc2[9];
  5597. int times = sizeof(test_rc2) / sizeof(rc2TestVector), j;
  5598. /* key length = 7, effective key bits = 63 */
  5599. a.input = "\x00\x00\x00\x00\x00\x00\x00\x00"
  5600. "\x00\x00\x00\x00\x00\x00\x00\x00";
  5601. a.output = "\xEB\xB7\x73\xF9\x93\x27\x8E\xFF"
  5602. "\xF0\x51\x77\x8B\x65\xDB\x13\x57";
  5603. a.key = "\x00\x00\x00\x00\x00\x00\x00\x00";
  5604. a.iv = "\x00\x00\x00\x00\x00\x00\x00\x00";
  5605. a.inLen = RC2_BLOCK_SIZE*2;
  5606. a.outLen = RC2_BLOCK_SIZE*2;
  5607. a.keyLen = 8;
  5608. a.effectiveKeyBits = 63;
  5609. /* key length = 8, effective key bits = 64, all 0xFF */
  5610. b.input = "\xff\xff\xff\xff\xff\xff\xff\xff"
  5611. "\xff\xff\xff\xff\xff\xff\xff\xff";
  5612. b.output = "\xA3\xA1\x12\x65\x4F\x81\xC5\xCD"
  5613. "\xB6\x94\x3E\xEA\x3E\x8B\x9D\x1F";
  5614. b.key = "\xff\xff\xff\xff\xff\xff\xff\xff";
  5615. b.iv = "\xff\xff\xff\xff\xff\xff\xff\xff";
  5616. b.inLen = RC2_BLOCK_SIZE*2;
  5617. b.outLen = RC2_BLOCK_SIZE*2;
  5618. b.keyLen = 8;
  5619. b.effectiveKeyBits = 64;
  5620. /* key length = 8, effective key bits = 64 */
  5621. c.input = "\x10\x00\x00\x00\x00\x00\x00\x01"
  5622. "\x10\x00\x00\x00\x00\x00\x00\x01";
  5623. c.output = "\xB5\x70\x14\xA2\x5F\x40\xE3\x6D"
  5624. "\x81\x99\x8D\xE0\xB5\xD5\x3A\x05";
  5625. c.key = "\x30\x00\x00\x00\x00\x00\x00\x00";
  5626. c.iv = "\x30\x00\x00\x00\x00\x00\x00\x00";
  5627. c.inLen = RC2_BLOCK_SIZE*2;
  5628. c.outLen = RC2_BLOCK_SIZE*2;
  5629. c.keyLen = 8;
  5630. c.effectiveKeyBits = 64;
  5631. /* key length = 1, effective key bits = 64 */
  5632. d.input = "\x00\x00\x00\x00\x00\x00\x00\x00"
  5633. "\x00\x00\x00\x00\x00\x00\x00\x00";
  5634. d.output = "\x61\xA8\xA2\x44\xAD\xAC\xCC\xF0"
  5635. "\x6D\x19\xE8\xF1\xFC\xE7\x38\x87";
  5636. d.key = "\x88";
  5637. d.iv = "\x00\x00\x00\x00\x00\x00\x00\x00";
  5638. d.inLen = RC2_BLOCK_SIZE*2;
  5639. d.outLen = RC2_BLOCK_SIZE*2;
  5640. d.keyLen = 1;
  5641. d.effectiveKeyBits = 64;
  5642. /* key length = 7, effective key bits = 64 */
  5643. e.input = "\x00\x00\x00\x00\x00\x00\x00\x00"
  5644. "\x00\x00\x00\x00\x00\x00\x00\x00";
  5645. e.output = "\x6C\xCF\x43\x08\x97\x4C\x26\x7F"
  5646. "\xCC\x3C\x53\x57\x7C\xA1\xA4\x4B";
  5647. e.key = "\x88\xbc\xa9\x0e\x90\x87\x5a";
  5648. e.iv = "\x00\x00\x00\x00\x00\x00\x00\x00";
  5649. e.inLen = RC2_BLOCK_SIZE*2;
  5650. e.outLen = RC2_BLOCK_SIZE*2;
  5651. e.keyLen = 7;
  5652. e.effectiveKeyBits = 64;
  5653. /* key length = 16, effective key bits = 64 */
  5654. f.input = "\x00\x00\x00\x00\x00\x00\x00\x00"
  5655. "\x00\x00\x00\x00\x00\x00\x00\x00";
  5656. f.output = "\x1A\x80\x7D\x27\x2B\xBE\x5D\xB1"
  5657. "\x64\xEF\xE1\xC3\xB8\xAD\xFB\xBA";
  5658. f.key = "\x88\xbc\xa9\x0e\x90\x87\x5a\x7f"
  5659. "\x0f\x79\xc3\x84\x62\x7b\xaf\xb2";
  5660. f.iv = "\x00\x00\x00\x00\x00\x00\x00\x00";
  5661. f.inLen = RC2_BLOCK_SIZE*2;
  5662. f.outLen = RC2_BLOCK_SIZE*2;
  5663. f.keyLen = 16;
  5664. f.effectiveKeyBits = 64;
  5665. /* key length = 16, effective bits = 128 */
  5666. g.input = "\x00\x00\x00\x00\x00\x00\x00\x00"
  5667. "\x00\x00\x00\x00\x00\x00\x00\x00";
  5668. g.output = "\x22\x69\x55\x2A\xB0\xF8\x5C\xA6"
  5669. "\x53\x6E\xFD\x2D\x89\xE1\x2A\x73";
  5670. g.key = "\x88\xbc\xa9\x0e\x90\x87\x5a\x7f"
  5671. "\x0f\x79\xc3\x84\x62\x7b\xaf\xb2";
  5672. g.iv = "\x00\x00\x00\x00\x00\x00\x00\x00";
  5673. g.inLen = RC2_BLOCK_SIZE*2;
  5674. g.outLen = RC2_BLOCK_SIZE*2;
  5675. g.keyLen = 16;
  5676. g.effectiveKeyBits = 128;
  5677. /* key length = 33, effective bits = 129 */
  5678. h.input = "\x00\x00\x00\x00\x00\x00\x00\x00"
  5679. "\x00\x00\x00\x00\x00\x00\x00\x00";
  5680. h.output = "\x5B\x78\xD3\xA4\x3D\xFF\xF1\xF1"
  5681. "\x45\x30\xA8\xD5\xC7\x7C\x46\x19";
  5682. h.key = "\x88\xbc\xa9\x0e\x90\x87\x5a\x7f"
  5683. "\x0f\x79\xc3\x84\x62\x7b\xaf\xb2"
  5684. "\x16\xf8\x0a\x6f\x85\x92\x05\x84"
  5685. "\xc4\x2f\xce\xb0\xbe\x25\x5d\xaf"
  5686. "\x1e";
  5687. h.iv = "\x00\x00\x00\x00\x00\x00\x00\x00";
  5688. h.inLen = RC2_BLOCK_SIZE*2;
  5689. h.outLen = RC2_BLOCK_SIZE*2;
  5690. h.keyLen = 33;
  5691. h.effectiveKeyBits = 129;
  5692. /* key length = 10, effective bits = 40 */
  5693. i.input = "\x11\x22\x33\x44\x55\x66\x77\x88"
  5694. "\x99\xAA\xBB\xCC\xDD\xEE\xFF\x00"
  5695. "\x11\x22\x33\x44\x55\x66\x77\x88"
  5696. "\x99\xAA\xBB\xCC\xDD\xEE\xFF\x00";
  5697. i.output = "\x71\x2D\x11\x99\xC9\xA0\x78\x4F"
  5698. "\xCD\xF1\x1E\x3D\xFD\x21\x7E\xDB"
  5699. "\xB2\x6E\x0D\xA4\x72\xBC\x31\x51"
  5700. "\x48\xEF\x4E\x68\x3B\xDC\xCD\x7D";
  5701. i.key = "\x26\x1E\x57\x8E\xC9\x62\xBF\xB8"
  5702. "\x3E\x96";
  5703. i.iv = "\x01\x02\x03\x04\x05\x06\x07\x08";
  5704. i.inLen = RC2_BLOCK_SIZE*4;
  5705. i.outLen = RC2_BLOCK_SIZE*4;
  5706. i.keyLen = 10;
  5707. i.effectiveKeyBits = 40;
  5708. test_rc2[0] = a;
  5709. test_rc2[1] = b;
  5710. test_rc2[2] = c;
  5711. test_rc2[3] = d;
  5712. test_rc2[4] = e;
  5713. test_rc2[5] = f;
  5714. test_rc2[6] = g;
  5715. test_rc2[7] = h;
  5716. test_rc2[8] = i;
  5717. for (j = 0; j < times; ++j) {
  5718. Rc2 rc2;
  5719. XMEMSET(cipher, 0, sizeof(cipher));
  5720. XMEMSET(plain, 0, sizeof(plain));
  5721. ret = wc_Rc2SetKey(&rc2, (byte*)test_rc2[j].key, test_rc2[j].keyLen,
  5722. (byte*)test_rc2[j].iv, test_rc2[j].effectiveKeyBits);
  5723. if (ret != 0) {
  5724. return WC_TEST_RET_ENC_EC(ret);
  5725. }
  5726. ret = wc_Rc2CbcEncrypt(&rc2, cipher, (byte*)test_rc2[j].input,
  5727. test_rc2[j].inLen);
  5728. if (ret != 0) {
  5729. return WC_TEST_RET_ENC_EC(ret);
  5730. }
  5731. if (XMEMCMP(cipher, (byte*)test_rc2[j].output, test_rc2[j].outLen)) {
  5732. return WC_TEST_RET_ENC_NC;
  5733. }
  5734. /* reset IV for decrypt, since overridden by encrypt operation */
  5735. ret = wc_Rc2SetIV(&rc2, (byte*)test_rc2[j].iv);
  5736. if (ret != 0) {
  5737. return WC_TEST_RET_ENC_EC(ret);
  5738. }
  5739. ret = wc_Rc2CbcDecrypt(&rc2, plain, cipher, test_rc2[j].outLen);
  5740. if (ret != 0) {
  5741. return WC_TEST_RET_ENC_EC(ret);
  5742. }
  5743. if (XMEMCMP(plain, (byte*)test_rc2[j].input, test_rc2[j].inLen)) {
  5744. return WC_TEST_RET_ENC_NC;
  5745. }
  5746. }
  5747. return 0;
  5748. }
  5749. WOLFSSL_TEST_SUBROUTINE wc_test_ret_t rc2_test(void)
  5750. {
  5751. wc_test_ret_t ret = 0;
  5752. ret = rc2_ecb_test();
  5753. if (ret != 0) {
  5754. return ret;
  5755. }
  5756. return rc2_cbc_test();
  5757. }
  5758. #endif
  5759. #ifndef NO_RC4
  5760. WOLFSSL_TEST_SUBROUTINE wc_test_ret_t arc4_test(void)
  5761. {
  5762. byte cipher[16];
  5763. byte plain[16];
  5764. wc_test_ret_t ret;
  5765. const char* keys[] =
  5766. {
  5767. "\x01\x23\x45\x67\x89\xab\xcd\xef",
  5768. "\x01\x23\x45\x67\x89\xab\xcd\xef",
  5769. "\x00\x00\x00\x00\x00\x00\x00\x00",
  5770. "\xef\x01\x23\x45"
  5771. };
  5772. testVector a, b, c, d;
  5773. testVector test_arc4[4];
  5774. int times = sizeof(test_arc4) / sizeof(testVector), i;
  5775. a.input = "\x01\x23\x45\x67\x89\xab\xcd\xef";
  5776. a.output = "\x75\xb7\x87\x80\x99\xe0\xc5\x96";
  5777. a.inLen = 8;
  5778. a.outLen = 8;
  5779. b.input = "\x00\x00\x00\x00\x00\x00\x00\x00";
  5780. b.output = "\x74\x94\xc2\xe7\x10\x4b\x08\x79";
  5781. b.inLen = 8;
  5782. b.outLen = 8;
  5783. c.input = "\x00\x00\x00\x00\x00\x00\x00\x00";
  5784. c.output = "\xde\x18\x89\x41\xa3\x37\x5d\x3a";
  5785. c.inLen = 8;
  5786. c.outLen = 8;
  5787. d.input = "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00";
  5788. d.output = "\xd6\xa1\x41\xa7\xec\x3c\x38\xdf\xbd\x61";
  5789. d.inLen = 10;
  5790. d.outLen = 10;
  5791. test_arc4[0] = a;
  5792. test_arc4[1] = b;
  5793. test_arc4[2] = c;
  5794. test_arc4[3] = d;
  5795. for (i = 0; i < times; ++i) {
  5796. Arc4 enc;
  5797. Arc4 dec;
  5798. int keylen = 8; /* XSTRLEN with key 0x00 not good */
  5799. if (i == 3)
  5800. keylen = 4;
  5801. ret = wc_Arc4Init(&enc, HEAP_HINT, devId);
  5802. if (ret != 0)
  5803. return WC_TEST_RET_ENC_EC(ret);
  5804. ret = wc_Arc4Init(&dec, HEAP_HINT, devId);
  5805. if (ret != 0)
  5806. return WC_TEST_RET_ENC_EC(ret);
  5807. ret = wc_Arc4SetKey(&enc, (byte*)keys[i], keylen);
  5808. if (ret != 0)
  5809. return WC_TEST_RET_ENC_EC(ret);
  5810. ret = wc_Arc4SetKey(&dec, (byte*)keys[i], keylen);
  5811. if (ret != 0)
  5812. return WC_TEST_RET_ENC_EC(ret);
  5813. ret = wc_Arc4Process(&enc, cipher, (byte*)test_arc4[i].input,
  5814. (word32)test_arc4[i].outLen);
  5815. if (ret != 0)
  5816. return WC_TEST_RET_ENC_EC(ret);
  5817. ret = wc_Arc4Process(&dec, plain, cipher, (word32)test_arc4[i].outLen);
  5818. if (ret != 0)
  5819. return WC_TEST_RET_ENC_EC(ret);
  5820. if (XMEMCMP(plain, test_arc4[i].input, test_arc4[i].outLen))
  5821. return WC_TEST_RET_ENC_I(i);
  5822. if (XMEMCMP(cipher, test_arc4[i].output, test_arc4[i].outLen))
  5823. return WC_TEST_RET_ENC_I(i);
  5824. wc_Arc4Free(&enc);
  5825. wc_Arc4Free(&dec);
  5826. }
  5827. return 0;
  5828. }
  5829. #endif
  5830. #ifdef HAVE_CHACHA
  5831. WOLFSSL_TEST_SUBROUTINE wc_test_ret_t chacha_test(void)
  5832. {
  5833. ChaCha enc;
  5834. ChaCha dec;
  5835. byte cipher[128];
  5836. byte plain[128];
  5837. byte sliver[64];
  5838. byte input[] = {0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0};
  5839. word32 keySz = 32;
  5840. wc_test_ret_t ret = 0;
  5841. int i;
  5842. int times = 4;
  5843. WOLFSSL_SMALL_STACK_STATIC const byte key1[] =
  5844. {
  5845. 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
  5846. 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
  5847. 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
  5848. 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00
  5849. };
  5850. WOLFSSL_SMALL_STACK_STATIC const byte key2[] =
  5851. {
  5852. 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
  5853. 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
  5854. 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
  5855. 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x01
  5856. };
  5857. WOLFSSL_SMALL_STACK_STATIC const byte key3[] =
  5858. {
  5859. 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
  5860. 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
  5861. 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
  5862. 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00
  5863. };
  5864. /* 128 bit key */
  5865. WOLFSSL_SMALL_STACK_STATIC const byte key4[] =
  5866. {
  5867. 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
  5868. 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00
  5869. };
  5870. const byte* keys[] = {key1, key2, key3, key4};
  5871. WOLFSSL_SMALL_STACK_STATIC const byte ivs1[] = {0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00};
  5872. WOLFSSL_SMALL_STACK_STATIC const byte ivs2[] = {0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00};
  5873. WOLFSSL_SMALL_STACK_STATIC const byte ivs3[] = {0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x01,0x00,0x00,0x00,0x00};
  5874. WOLFSSL_SMALL_STACK_STATIC const byte ivs4[] = {0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00};
  5875. const byte* ivs[] = {ivs1, ivs2, ivs3, ivs4};
  5876. #ifndef BENCH_EMBEDDED
  5877. WOLFSSL_SMALL_STACK_STATIC const byte cipher_big_result[] = {
  5878. 0x06, 0xa6, 0x5d, 0x31, 0x21, 0x6c, 0xdb, 0x37, 0x48, 0x7c, 0x01, 0x9d,
  5879. 0x72, 0xdf, 0x0a, 0x5b, 0x64, 0x74, 0x20, 0xba, 0x9e, 0xe0, 0x26, 0x7a,
  5880. 0xbf, 0xdf, 0x83, 0x34, 0x3b, 0x4f, 0x94, 0x3f, 0x37, 0x89, 0xaf, 0x00,
  5881. 0xdf, 0x0f, 0x2e, 0x75, 0x16, 0x41, 0xf6, 0x7a, 0x86, 0x94, 0x9d, 0x32,
  5882. 0x56, 0xf0, 0x79, 0x71, 0x68, 0x6f, 0xa6, 0x6b, 0xc6, 0x59, 0x49, 0xf6,
  5883. 0x10, 0x34, 0x03, 0x03, 0x16, 0x53, 0x9a, 0x98, 0x2a, 0x46, 0xde, 0x17,
  5884. 0x06, 0x65, 0x70, 0xca, 0x0a, 0x1f, 0xab, 0x80, 0x26, 0x96, 0x3f, 0x3e,
  5885. 0x7a, 0x3c, 0xa8, 0x87, 0xbb, 0x65, 0xdd, 0x5e, 0x07, 0x7b, 0x34, 0xe0,
  5886. 0x56, 0xda, 0x32, 0x13, 0x30, 0xc9, 0x0c, 0xd7, 0xba, 0xe4, 0x1f, 0xa6,
  5887. 0x91, 0x4f, 0x72, 0x9f, 0xd9, 0x5c, 0x62, 0x7d, 0xa6, 0xc2, 0xbc, 0x87,
  5888. 0xae, 0x64, 0x11, 0x94, 0x3b, 0xbc, 0x6c, 0x23, 0xbd, 0x7d, 0x00, 0xb4,
  5889. 0x99, 0xf2, 0x68, 0xb5, 0x59, 0x70, 0x93, 0xad, 0x69, 0xd0, 0xb1, 0x28,
  5890. 0x70, 0x92, 0xeb, 0xec, 0x39, 0x80, 0x82, 0xde, 0x44, 0xe2, 0x8a, 0x26,
  5891. 0xb3, 0xe9, 0x45, 0xcf, 0x83, 0x76, 0x9f, 0x6a, 0xa0, 0x46, 0x4a, 0x3d,
  5892. 0x26, 0x56, 0xaf, 0x49, 0x41, 0x26, 0x1b, 0x6a, 0x41, 0x37, 0x65, 0x91,
  5893. 0x72, 0xc4, 0xe7, 0x3c, 0x17, 0x31, 0xae, 0x2e, 0x2b, 0x31, 0x45, 0xe4,
  5894. 0x93, 0xd3, 0x10, 0xaa, 0xc5, 0x62, 0xd5, 0x11, 0x4b, 0x57, 0x1d, 0xad,
  5895. 0x48, 0x06, 0xd0, 0x0d, 0x98, 0xa5, 0xc6, 0x5b, 0xd0, 0x9e, 0x22, 0xc0,
  5896. 0x00, 0x32, 0x5a, 0xf5, 0x1c, 0x89, 0x6d, 0x54, 0x97, 0x55, 0x6b, 0x46,
  5897. 0xc5, 0xc7, 0xc4, 0x48, 0x9c, 0xbf, 0x47, 0xdc, 0x03, 0xc4, 0x1b, 0xcb,
  5898. 0x65, 0xa6, 0x91, 0x9d, 0x6d, 0xf1, 0xb0, 0x7a, 0x4d, 0x3b, 0x03, 0x95,
  5899. 0xf4, 0x8b, 0x0b, 0xae, 0x39, 0xff, 0x3f, 0xf6, 0xc0, 0x14, 0x18, 0x8a,
  5900. 0xe5, 0x19, 0xbd, 0xc1, 0xb4, 0x05, 0x4e, 0x29, 0x2f, 0x0b, 0x33, 0x76,
  5901. 0x28, 0x16, 0xa4, 0xa6, 0x93, 0x04, 0xb5, 0x55, 0x6b, 0x89, 0x3d, 0xa5,
  5902. 0x0f, 0xd3, 0xad, 0xfa, 0xd9, 0xfd, 0x05, 0x5d, 0x48, 0x94, 0x25, 0x5a,
  5903. 0x2c, 0x9a, 0x94, 0x80, 0xb0, 0xe7, 0xcb, 0x4d, 0x77, 0xbf, 0xca, 0xd8,
  5904. 0x55, 0x48, 0xbd, 0x66, 0xb1, 0x85, 0x81, 0xb1, 0x37, 0x79, 0xab, 0x52,
  5905. 0x08, 0x14, 0x12, 0xac, 0xcd, 0x45, 0x4d, 0x53, 0x6b, 0xca, 0x96, 0xc7,
  5906. 0x3b, 0x2f, 0x73, 0xb1, 0x5a, 0x23, 0xbd, 0x65, 0xd5, 0xea, 0x17, 0xb3,
  5907. 0xdc, 0xa1, 0x17, 0x1b, 0x2d, 0xb3, 0x9c, 0xd0, 0xdb, 0x41, 0x77, 0xef,
  5908. 0x93, 0x20, 0x52, 0x3e, 0x9d, 0xf5, 0xbf, 0x33, 0xf7, 0x52, 0xc1, 0x90,
  5909. 0xa0, 0x15, 0x17, 0xce, 0xf7, 0xf7, 0xd0, 0x3a, 0x3b, 0xd1, 0x72, 0x56,
  5910. 0x31, 0x81, 0xae, 0x60, 0xab, 0x40, 0xc1, 0xd1, 0x28, 0x77, 0x53, 0xac,
  5911. 0x9f, 0x11, 0x0a, 0x88, 0x36, 0x4b, 0xda, 0x57, 0xa7, 0x28, 0x5c, 0x85,
  5912. 0xd3, 0x85, 0x9b, 0x79, 0xad, 0x05, 0x1c, 0x37, 0x14, 0x5e, 0x0d, 0xd0,
  5913. 0x23, 0x03, 0x42, 0x1d, 0x48, 0x5d, 0xc5, 0x3c, 0x5a, 0x08, 0xa9, 0x0d,
  5914. 0x6e, 0x82, 0x7c, 0x2e, 0x3c, 0x41, 0xcc, 0x96, 0x8e, 0xad, 0xee, 0x2a,
  5915. 0x61, 0x0b, 0x16, 0x0f, 0xa9, 0x24, 0x40, 0x85, 0xbc, 0x9f, 0x28, 0x8d,
  5916. 0xe6, 0x68, 0x4d, 0x8f, 0x30, 0x48, 0xd9, 0x73, 0x73, 0x6c, 0x9a, 0x7f,
  5917. 0x67, 0xf7, 0xde, 0x4c, 0x0a, 0x8b, 0xe4, 0xb3, 0x08, 0x2a, 0x52, 0xda,
  5918. 0x54, 0xee, 0xcd, 0xb5, 0x62, 0x4a, 0x26, 0x20, 0xfb, 0x40, 0xbb, 0x39,
  5919. 0x3a, 0x0f, 0x09, 0xe8, 0x00, 0xd1, 0x24, 0x97, 0x60, 0xe9, 0x83, 0x83,
  5920. 0xfe, 0x9f, 0x9c, 0x15, 0xcf, 0x69, 0x03, 0x9f, 0x03, 0xe1, 0xe8, 0x6e,
  5921. 0xbd, 0x87, 0x58, 0x68, 0xee, 0xec, 0xd8, 0x29, 0x46, 0x23, 0x49, 0x92,
  5922. 0x72, 0x95, 0x5b, 0x49, 0xca, 0xe0, 0x45, 0x59, 0xb2, 0xca, 0xf4, 0xfc,
  5923. 0xb7, 0x59, 0x37, 0x49, 0x28, 0xbc, 0xf3, 0xd7, 0x61, 0xbc, 0x4b, 0xf3,
  5924. 0xa9, 0x4b, 0x2f, 0x05, 0xa8, 0x01, 0xa5, 0xdc, 0x00, 0x6e, 0x01, 0xb6,
  5925. 0x45, 0x3c, 0xd5, 0x49, 0x7d, 0x5c, 0x25, 0xe8, 0x31, 0x87, 0xb2, 0xb9,
  5926. 0xbf, 0xb3, 0x01, 0x62, 0x0c, 0xd0, 0x48, 0x77, 0xa2, 0x34, 0x0f, 0x16,
  5927. 0x22, 0x28, 0xee, 0x54, 0x08, 0x93, 0x3b, 0xe4, 0xde, 0x7e, 0x63, 0xf7,
  5928. 0x97, 0x16, 0x5d, 0x71, 0x58, 0xc2, 0x2e, 0xf2, 0x36, 0xa6, 0x12, 0x65,
  5929. 0x94, 0x17, 0xac, 0x66, 0x23, 0x7e, 0xc6, 0x72, 0x79, 0x24, 0xce, 0x8f,
  5930. 0x55, 0x19, 0x97, 0x44, 0xfc, 0x55, 0xec, 0x85, 0x26, 0x27, 0xdb, 0x38,
  5931. 0xb1, 0x42, 0x0a, 0xdd, 0x05, 0x99, 0x28, 0xeb, 0x03, 0x6c, 0x9a, 0xe9,
  5932. 0x17, 0xf6, 0x2c, 0xb0, 0xfe, 0xe7, 0xa4, 0xa7, 0x31, 0xda, 0x4d, 0xb0,
  5933. 0x29, 0xdb, 0xdd, 0x8d, 0x12, 0x13, 0x9c, 0xb4, 0xcc, 0x83, 0x97, 0xfb,
  5934. 0x1a, 0xdc, 0x08, 0xd6, 0x30, 0x62, 0xe8, 0xeb, 0x8b, 0x61, 0xcb, 0x1d,
  5935. 0x06, 0xe3, 0xa5, 0x4d, 0x35, 0xdb, 0x59, 0xa8, 0x2d, 0x87, 0x27, 0x44,
  5936. 0x6f, 0xc0, 0x38, 0x97, 0xe4, 0x85, 0x00, 0x02, 0x09, 0xf6, 0x69, 0x3a,
  5937. 0xcf, 0x08, 0x1b, 0x21, 0xbb, 0x79, 0xb1, 0xa1, 0x34, 0x09, 0xe0, 0x80,
  5938. 0xca, 0xb0, 0x78, 0x8a, 0x11, 0x97, 0xd4, 0x07, 0xbe, 0x1b, 0x6a, 0x5d,
  5939. 0xdb, 0xd6, 0x1f, 0x76, 0x6b, 0x16, 0xf0, 0x58, 0x84, 0x5f, 0x59, 0xce,
  5940. 0x62, 0x34, 0xc3, 0xdf, 0x94, 0xb8, 0x2f, 0x84, 0x68, 0xf0, 0xb8, 0x51,
  5941. 0xd9, 0x6d, 0x8e, 0x4a, 0x1d, 0xe6, 0x5c, 0xd8, 0x86, 0x25, 0xe3, 0x24,
  5942. 0xfd, 0x21, 0x61, 0x13, 0x48, 0x3e, 0xf6, 0x7d, 0xa6, 0x71, 0x9b, 0xd2,
  5943. 0x6e, 0xe6, 0xd2, 0x08, 0x94, 0x62, 0x6c, 0x98, 0xfe, 0x2f, 0x9c, 0x88,
  5944. 0x7e, 0x78, 0x15, 0x02, 0x00, 0xf0, 0xba, 0x24, 0x91, 0xf2, 0xdc, 0x47,
  5945. 0x51, 0x4d, 0x15, 0x5e, 0x91, 0x5f, 0x57, 0x5b, 0x1d, 0x35, 0x24, 0x45,
  5946. 0x75, 0x9b, 0x88, 0x75, 0xf1, 0x2f, 0x85, 0xe7, 0x89, 0xd1, 0x01, 0xb4,
  5947. 0xc8, 0x18, 0xb7, 0x97, 0xef, 0x4b, 0x90, 0xf4, 0xbf, 0x10, 0x27, 0x3c,
  5948. 0x60, 0xff, 0xc4, 0x94, 0x20, 0x2f, 0x93, 0x4b, 0x4d, 0xe3, 0x80, 0xf7,
  5949. 0x2c, 0x71, 0xd9, 0xe3, 0x68, 0xb4, 0x77, 0x2b, 0xc7, 0x0d, 0x39, 0x92,
  5950. 0xef, 0x91, 0x0d, 0xb2, 0x11, 0x50, 0x0e, 0xe8, 0xad, 0x3b, 0xf6, 0xb5,
  5951. 0xc6, 0x14, 0x4d, 0x33, 0x53, 0xa7, 0x60, 0x15, 0xc7, 0x27, 0x51, 0xdc,
  5952. 0x54, 0x29, 0xa7, 0x0d, 0x6a, 0x7b, 0x72, 0x13, 0xad, 0x7d, 0x41, 0x19,
  5953. 0x4e, 0x42, 0x49, 0xcc, 0x42, 0xe4, 0xbd, 0x99, 0x13, 0xd9, 0x7f, 0xf3,
  5954. 0x38, 0xa4, 0xb6, 0x33, 0xed, 0x07, 0x48, 0x7e, 0x8e, 0x82, 0xfe, 0x3a,
  5955. 0x9d, 0x75, 0x93, 0xba, 0x25, 0x4e, 0x37, 0x3c, 0x0c, 0xd5, 0x69, 0xa9,
  5956. 0x2d, 0x9e, 0xfd, 0xe8, 0xbb, 0xf5, 0x0c, 0xe2, 0x86, 0xb9, 0x5e, 0x6f,
  5957. 0x28, 0xe4, 0x19, 0xb3, 0x0b, 0xa4, 0x86, 0xd7, 0x24, 0xd0, 0xb8, 0x89,
  5958. 0x7b, 0x76, 0xec, 0x05, 0x10, 0x5b, 0x68, 0xe9, 0x58, 0x66, 0xa3, 0xc5,
  5959. 0xb6, 0x63, 0x20, 0x0e, 0x0e, 0xea, 0x3d, 0x61, 0x5e, 0xda, 0x3d, 0x3c,
  5960. 0xf9, 0xfd, 0xed, 0xa9, 0xdb, 0x52, 0x94, 0x8a, 0x00, 0xca, 0x3c, 0x8d,
  5961. 0x66, 0x8f, 0xb0, 0xf0, 0x5a, 0xca, 0x3f, 0x63, 0x71, 0xbf, 0xca, 0x99,
  5962. 0x37, 0x9b, 0x75, 0x97, 0x89, 0x10, 0x6e, 0xcf, 0xf2, 0xf5, 0xe3, 0xd5,
  5963. 0x45, 0x9b, 0xad, 0x10, 0x71, 0x6c, 0x5f, 0x6f, 0x7f, 0x22, 0x77, 0x18,
  5964. 0x2f, 0xf9, 0x99, 0xc5, 0x69, 0x58, 0x03, 0x12, 0x86, 0x82, 0x3e, 0xbf,
  5965. 0xc2, 0x12, 0x35, 0x43, 0xa3, 0xd9, 0x18, 0x4f, 0x41, 0x11, 0x6b, 0xf3,
  5966. 0x67, 0xaf, 0x3d, 0x78, 0xe4, 0x22, 0x2d, 0xb3, 0x48, 0x43, 0x31, 0x1d,
  5967. 0xef, 0xa8, 0xba, 0x49, 0x8e, 0xa9, 0xa7, 0xb6, 0x18, 0x77, 0x84, 0xca,
  5968. 0xbd, 0xa2, 0x02, 0x1b, 0x6a, 0xf8, 0x5f, 0xda, 0xff, 0xcf, 0x01, 0x6a,
  5969. 0x86, 0x69, 0xa9, 0xe9, 0xcb, 0x60, 0x1e, 0x15, 0xdc, 0x8f, 0x5d, 0x39,
  5970. 0xb5, 0xce, 0x55, 0x5f, 0x47, 0x97, 0xb1, 0x19, 0x6e, 0x21, 0xd6, 0x13,
  5971. 0x39, 0xb2, 0x24, 0xe0, 0x62, 0x82, 0x9f, 0xed, 0x12, 0x81, 0xed, 0xee,
  5972. 0xab, 0xd0, 0x2f, 0x19, 0x89, 0x3f, 0x57, 0x2e, 0xc2, 0xe2, 0x67, 0xe8,
  5973. 0xae, 0x03, 0x56, 0xba, 0xd4, 0xd0, 0xa4, 0x89, 0x03, 0x06, 0x5b, 0xcc,
  5974. 0xf2, 0x22, 0xb8, 0x0e, 0x76, 0x79, 0x4a, 0x42, 0x1d, 0x37, 0x51, 0x5a,
  5975. 0xaa, 0x46, 0x6c, 0x2a, 0xdd, 0x66, 0xfe, 0xc6, 0x68, 0xc3, 0x38, 0xa2,
  5976. 0xae, 0x5b, 0x98, 0x24, 0x5d, 0x43, 0x05, 0x82, 0x38, 0x12, 0xd3, 0xd1,
  5977. 0x75, 0x2d, 0x4f, 0x61, 0xbd, 0xb9, 0x10, 0x87, 0x44, 0x2a, 0x78, 0x07,
  5978. 0xff, 0xf4, 0x0f, 0xa1, 0xf3, 0x68, 0x9f, 0xbe, 0xae, 0xa2, 0x91, 0xf0,
  5979. 0xc7, 0x55, 0x7a, 0x52, 0xd5, 0xa3, 0x8d, 0x6f, 0xe4, 0x90, 0x5c, 0xf3,
  5980. 0x5f, 0xce, 0x3d, 0x23, 0xf9, 0x8e, 0xae, 0x14, 0xfb, 0x82, 0x9a, 0xa3,
  5981. 0x04, 0x5f, 0xbf, 0xad, 0x3e, 0xf2, 0x97, 0x0a, 0x60, 0x40, 0x70, 0x19,
  5982. 0x72, 0xad, 0x66, 0xfb, 0x78, 0x1b, 0x84, 0x6c, 0x98, 0xbc, 0x8c, 0xf8,
  5983. 0x4f, 0xcb, 0xb5, 0xf6, 0xaf, 0x7a, 0xb7, 0x93, 0xef, 0x67, 0x48, 0x02,
  5984. 0x2c, 0xcb, 0xe6, 0x77, 0x0f, 0x7b, 0xc1, 0xee, 0xc5, 0xb6, 0x2d, 0x7e,
  5985. 0x62, 0xa0, 0xc0, 0xa7, 0xa5, 0x80, 0x31, 0x92, 0x50, 0xa1, 0x28, 0x22,
  5986. 0x95, 0x03, 0x17, 0xd1, 0x0f, 0xf6, 0x08, 0xe5, 0xec
  5987. };
  5988. #define CHACHA_BIG_TEST_SIZE 1305
  5989. #if !defined(WOLFSSL_SMALL_STACK) || defined(WOLFSSL_NO_MALLOC)
  5990. byte cipher_big[CHACHA_BIG_TEST_SIZE] = {0};
  5991. byte plain_big[CHACHA_BIG_TEST_SIZE] = {0};
  5992. byte input_big[CHACHA_BIG_TEST_SIZE] = {0};
  5993. #else
  5994. byte* cipher_big;
  5995. byte* plain_big;
  5996. byte* input_big;
  5997. #endif /* WOLFSSL_SMALL_STACK && !WOLFSSL_NO_MALLOC */
  5998. int block_size;
  5999. #endif /* BENCH_EMBEDDED */
  6000. byte a[] = {0x76,0xb8,0xe0,0xad,0xa0,0xf1,0x3d,0x90};
  6001. byte b[] = {0x45,0x40,0xf0,0x5a,0x9f,0x1f,0xb2,0x96};
  6002. byte c[] = {0xde,0x9c,0xba,0x7b,0xf3,0xd6,0x9e,0xf5};
  6003. byte d[] = {0x89,0x67,0x09,0x52,0x60,0x83,0x64,0xfd};
  6004. byte* test_chacha[4];
  6005. test_chacha[0] = a;
  6006. test_chacha[1] = b;
  6007. test_chacha[2] = c;
  6008. test_chacha[3] = d;
  6009. #ifndef BENCH_EMBEDDED
  6010. #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
  6011. cipher_big = (byte*)XMALLOC(CHACHA_BIG_TEST_SIZE, HEAP_HINT,
  6012. DYNAMIC_TYPE_TMP_BUFFER);
  6013. if (cipher_big == NULL) {
  6014. return MEMORY_E;
  6015. }
  6016. plain_big = (byte*)XMALLOC(CHACHA_BIG_TEST_SIZE, HEAP_HINT,
  6017. DYNAMIC_TYPE_TMP_BUFFER);
  6018. if (plain_big == NULL) {
  6019. return MEMORY_E;
  6020. }
  6021. input_big = (byte*)XMALLOC(CHACHA_BIG_TEST_SIZE, HEAP_HINT,
  6022. DYNAMIC_TYPE_TMP_BUFFER);
  6023. if (input_big == NULL) {
  6024. return MEMORY_E;
  6025. }
  6026. XMEMSET(cipher_big, 0, CHACHA_BIG_TEST_SIZE);
  6027. XMEMSET(plain_big, 0, CHACHA_BIG_TEST_SIZE);
  6028. XMEMSET(input_big, 0, CHACHA_BIG_TEST_SIZE);
  6029. #endif /* WOLFSSL_SMALL_STACK && !WOLFSSL_NO_MALLOC */
  6030. #endif /* BENCH_EMBEDDED */
  6031. for (i = 0; i < times; ++i) {
  6032. if (i < 3) {
  6033. keySz = 32;
  6034. }
  6035. else {
  6036. keySz = 16;
  6037. }
  6038. XMEMCPY(plain, keys[i], keySz);
  6039. XMEMSET(cipher, 0, 32);
  6040. XMEMCPY(cipher + 4, ivs[i], 8);
  6041. ret |= wc_Chacha_SetKey(&enc, keys[i], keySz);
  6042. ret |= wc_Chacha_SetKey(&dec, keys[i], keySz);
  6043. if (ret != 0)
  6044. return ret;
  6045. ret |= wc_Chacha_SetIV(&enc, cipher, 0);
  6046. ret |= wc_Chacha_SetIV(&dec, cipher, 0);
  6047. if (ret != 0)
  6048. return ret;
  6049. XMEMCPY(plain, input, 8);
  6050. ret |= wc_Chacha_Process(&enc, cipher, plain, (word32)8);
  6051. ret |= wc_Chacha_Process(&dec, plain, cipher, (word32)8);
  6052. if (ret != 0)
  6053. return ret;
  6054. if (XMEMCMP(test_chacha[i], cipher, 8))
  6055. return WC_TEST_RET_ENC_I(i);
  6056. if (XMEMCMP(plain, input, 8))
  6057. return WC_TEST_RET_ENC_I(i);
  6058. }
  6059. /* test of starting at a different counter
  6060. encrypts all of the information and decrypts starting at 2nd chunk */
  6061. XMEMSET(plain, 0, sizeof(plain));
  6062. XMEMSET(sliver, 1, sizeof(sliver)); /* set as 1's to not match plain */
  6063. XMEMSET(cipher, 0, sizeof(cipher));
  6064. XMEMCPY(cipher + 4, ivs[0], 8);
  6065. ret |= wc_Chacha_SetKey(&enc, keys[0], keySz);
  6066. ret |= wc_Chacha_SetKey(&dec, keys[0], keySz);
  6067. if (ret != 0)
  6068. return ret;
  6069. ret |= wc_Chacha_SetIV(&enc, cipher, 0);
  6070. ret |= wc_Chacha_SetIV(&dec, cipher, 1);
  6071. if (ret != 0)
  6072. return ret;
  6073. ret |= wc_Chacha_Process(&enc, cipher, plain, sizeof(plain));
  6074. ret |= wc_Chacha_Process(&dec, sliver, cipher + 64, sizeof(sliver));
  6075. if (ret != 0)
  6076. return ret;
  6077. if (XMEMCMP(plain + 64, sliver, 64))
  6078. return WC_TEST_RET_ENC_NC;
  6079. #ifndef BENCH_EMBEDDED
  6080. /* test of encrypting more data */
  6081. keySz = 32;
  6082. ret |= wc_Chacha_SetKey(&enc, keys[0], keySz);
  6083. ret |= wc_Chacha_SetKey(&dec, keys[0], keySz);
  6084. if (ret != 0)
  6085. return ret;
  6086. ret |= wc_Chacha_SetIV(&enc, ivs[2], 0);
  6087. ret |= wc_Chacha_SetIV(&dec, ivs[2], 0);
  6088. if (ret != 0)
  6089. return ret;
  6090. ret |= wc_Chacha_Process(&enc, cipher_big, plain_big, CHACHA_BIG_TEST_SIZE);
  6091. ret |= wc_Chacha_Process(&dec, plain_big, cipher_big,
  6092. CHACHA_BIG_TEST_SIZE);
  6093. if (ret != 0)
  6094. return ret;
  6095. if (XMEMCMP(plain_big, input_big, CHACHA_BIG_TEST_SIZE))
  6096. return WC_TEST_RET_ENC_NC;
  6097. if (XMEMCMP(cipher_big, cipher_big_result, CHACHA_BIG_TEST_SIZE))
  6098. return WC_TEST_RET_ENC_NC;
  6099. for (i = 0; i < 18; ++i) {
  6100. /* this will test all paths
  6101. * block sizes: 1 3 7 15 31 63 127 255 511 (i = 0- 8)
  6102. * 2 4 8 16 32 64 128 256 512 (i = 9-17)
  6103. */
  6104. block_size = (2 << (i%9)) - (i<9?1:0);
  6105. keySz = 32;
  6106. ret |= wc_Chacha_SetKey(&enc, keys[0], keySz);
  6107. ret |= wc_Chacha_SetKey(&dec, keys[0], keySz);
  6108. if (ret != 0)
  6109. return ret;
  6110. ret |= wc_Chacha_SetIV(&enc, ivs[2], 0);
  6111. ret |= wc_Chacha_SetIV(&dec, ivs[2], 0);
  6112. if (ret != 0)
  6113. return ret;
  6114. ret |= wc_Chacha_Process(&enc, cipher_big, plain_big , block_size);
  6115. ret |= wc_Chacha_Process(&dec, plain_big , cipher_big, block_size);
  6116. if (ret != 0)
  6117. return ret;
  6118. if (XMEMCMP(plain_big, input_big, block_size))
  6119. return WC_TEST_RET_ENC_I(i);
  6120. if (XMEMCMP(cipher_big, cipher_big_result, block_size))
  6121. return WC_TEST_RET_ENC_I(i);
  6122. }
  6123. /* Streaming test */
  6124. for (i = 1; i <= (int)CHACHA_CHUNK_BYTES + 1; i++) {
  6125. int j, rem;
  6126. ret = wc_Chacha_SetKey(&enc, keys[0], keySz);
  6127. if (ret != 0)
  6128. return WC_TEST_RET_ENC_EC(ret);
  6129. ret = wc_Chacha_SetKey(&dec, keys[0], keySz);
  6130. if (ret != 0)
  6131. return WC_TEST_RET_ENC_EC(ret);
  6132. ret = wc_Chacha_SetIV(&enc, ivs[2], 0);
  6133. if (ret != 0)
  6134. return WC_TEST_RET_ENC_EC(ret);
  6135. ret = wc_Chacha_SetIV(&dec, ivs[2], 0);
  6136. if (ret != 0)
  6137. return WC_TEST_RET_ENC_EC(ret);
  6138. for (j = 0; j < CHACHA_BIG_TEST_SIZE - i; j+= i) {
  6139. ret = wc_Chacha_Process(&enc, cipher_big + j, plain_big + j, i);
  6140. if (ret != 0)
  6141. return WC_TEST_RET_ENC_EC(ret);
  6142. ret = wc_Chacha_Process(&dec, plain_big + j, cipher_big + j, i);
  6143. if (ret != 0)
  6144. return WC_TEST_RET_ENC_EC(ret);
  6145. }
  6146. rem = CHACHA_BIG_TEST_SIZE - j;
  6147. ret = wc_Chacha_Process(&enc, cipher_big + j, plain_big + j, rem);
  6148. if (ret != 0)
  6149. return WC_TEST_RET_ENC_EC(ret);
  6150. ret = wc_Chacha_Process(&dec, plain_big + j, cipher_big + j, rem);
  6151. if (ret != 0)
  6152. return WC_TEST_RET_ENC_EC(ret);
  6153. if (XMEMCMP(plain_big, input_big, CHACHA_BIG_TEST_SIZE))
  6154. return WC_TEST_RET_ENC_NC;
  6155. if (XMEMCMP(cipher_big, cipher_big_result, CHACHA_BIG_TEST_SIZE))
  6156. return WC_TEST_RET_ENC_NC;
  6157. }
  6158. #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
  6159. XFREE(cipher_big, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  6160. XFREE(plain_big, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  6161. XFREE(input_big, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  6162. #endif /* WOLFSSL_SMALL_STACK && !WOLFSSL_NO_MALLOC */
  6163. #endif /* BENCH_EMBEDDED */
  6164. return 0;
  6165. }
  6166. #endif /* HAVE_CHACHA */
  6167. #ifdef HAVE_POLY1305
  6168. WOLFSSL_TEST_SUBROUTINE wc_test_ret_t poly1305_test(void)
  6169. {
  6170. wc_test_ret_t ret = 0;
  6171. int i;
  6172. byte tag[16];
  6173. Poly1305 enc;
  6174. WOLFSSL_SMALL_STACK_STATIC const byte msg1[] =
  6175. {
  6176. 0x43,0x72,0x79,0x70,0x74,0x6f,0x67,0x72,
  6177. 0x61,0x70,0x68,0x69,0x63,0x20,0x46,0x6f,
  6178. 0x72,0x75,0x6d,0x20,0x52,0x65,0x73,0x65,
  6179. 0x61,0x72,0x63,0x68,0x20,0x47,0x72,0x6f,
  6180. 0x75,0x70
  6181. };
  6182. WOLFSSL_SMALL_STACK_STATIC const byte msg2[] =
  6183. {
  6184. 0x48,0x65,0x6c,0x6c,0x6f,0x20,0x77,0x6f,0x72,
  6185. 0x6c,0x64,0x21
  6186. };
  6187. WOLFSSL_SMALL_STACK_STATIC const byte msg3[] =
  6188. {
  6189. 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
  6190. 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
  6191. 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
  6192. 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00
  6193. };
  6194. WOLFSSL_SMALL_STACK_STATIC const byte msg4[] =
  6195. {
  6196. 0xd3,0x1a,0x8d,0x34,0x64,0x8e,0x60,0xdb,
  6197. 0x7b,0x86,0xaf,0xbc,0x53,0xef,0x7e,0xc2,
  6198. 0xa4,0xad,0xed,0x51,0x29,0x6e,0x08,0xfe,
  6199. 0xa9,0xe2,0xb5,0xa7,0x36,0xee,0x62,0xd6,
  6200. 0x3d,0xbe,0xa4,0x5e,0x8c,0xa9,0x67,0x12,
  6201. 0x82,0xfa,0xfb,0x69,0xda,0x92,0x72,0x8b,
  6202. 0x1a,0x71,0xde,0x0a,0x9e,0x06,0x0b,0x29,
  6203. 0x05,0xd6,0xa5,0xb6,0x7e,0xcd,0x3b,0x36,
  6204. 0x92,0xdd,0xbd,0x7f,0x2d,0x77,0x8b,0x8c,
  6205. 0x98,0x03,0xae,0xe3,0x28,0x09,0x1b,0x58,
  6206. 0xfa,0xb3,0x24,0xe4,0xfa,0xd6,0x75,0x94,
  6207. 0x55,0x85,0x80,0x8b,0x48,0x31,0xd7,0xbc,
  6208. 0x3f,0xf4,0xde,0xf0,0x8e,0x4b,0x7a,0x9d,
  6209. 0xe5,0x76,0xd2,0x65,0x86,0xce,0xc6,0x4b,
  6210. 0x61,0x16
  6211. };
  6212. WOLFSSL_SMALL_STACK_STATIC const byte msg5[] =
  6213. {
  6214. 0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,
  6215. 0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,
  6216. };
  6217. WOLFSSL_SMALL_STACK_STATIC const byte msg6[] =
  6218. {
  6219. 0xd3,0x1a,0x8d,0x34,0x64,0x8e,0x60,0xdb,
  6220. 0x7b,0x86,0xaf,0xbc,0x53,0xef,0x7e,0xc2,
  6221. 0xa4,0xad,0xed,0x51,0x29,0x6e,0x08,0xfe,
  6222. 0xa9,0xe2,0xb5,0xa7,0x36,0xee,0x62,0xd6,
  6223. 0x3d,0xbe,0xa4,0x5e,0x8c,0xa9,0x67,0x12,
  6224. 0x82,0xfa,0xfb,0x69,0xda,0x92,0x72,0x8b,
  6225. 0xfa,0xb3,0x24,0xe4,0xfa,0xd6,0x75,0x94,
  6226. 0x1a,0x71,0xde,0x0a,0x9e,0x06,0x0b,0x29,
  6227. 0xa9,0xe2,0xb5,0xa7,0x36,0xee,0x62,0xd6,
  6228. 0x3d,0xbe,0xa4,0x5e,0x8c,0xa9,0x67,0x12,
  6229. 0xfa,0xb3,0x24,0xe4,0xfa,0xd6,0x75,0x94,
  6230. 0x05,0xd6,0xa5,0xb6,0x7e,0xcd,0x3b,0x36,
  6231. 0x92,0xdd,0xbd,0x7f,0x2d,0x77,0x8b,0x8c,
  6232. 0x7b,0x86,0xaf,0xbc,0x53,0xef,0x7e,0xc2,
  6233. 0x98,0x03,0xae,0xe3,0x28,0x09,0x1b,0x58,
  6234. 0xfa,0xb3,0x24,0xe4,0xfa,0xd6,0x75,0x94,
  6235. 0x55,0x85,0x80,0x8b,0x48,0x31,0xd7,0xbc,
  6236. 0x3f,0xf4,0xde,0xf0,0x8e,0x4b,0x7a,0x9d,
  6237. 0xe5,0x76,0xd2,0x65,0x86,0xce,0xc6,0x4b,
  6238. 0x61,0x16
  6239. };
  6240. byte additional[] =
  6241. {
  6242. 0x50,0x51,0x52,0x53,0xc0,0xc1,0xc2,0xc3,
  6243. 0xc4,0xc5,0xc6,0xc7
  6244. };
  6245. WOLFSSL_SMALL_STACK_STATIC const byte correct0[] =
  6246. {
  6247. 0x01,0x03,0x80,0x8a,0xfb,0x0d,0xb2,0xfd,
  6248. 0x4a,0xbf,0xf6,0xaf,0x41,0x49,0xf5,0x1b
  6249. };
  6250. WOLFSSL_SMALL_STACK_STATIC const byte correct1[] =
  6251. {
  6252. 0xa8,0x06,0x1d,0xc1,0x30,0x51,0x36,0xc6,
  6253. 0xc2,0x2b,0x8b,0xaf,0x0c,0x01,0x27,0xa9
  6254. };
  6255. WOLFSSL_SMALL_STACK_STATIC const byte correct2[] =
  6256. {
  6257. 0xa6,0xf7,0x45,0x00,0x8f,0x81,0xc9,0x16,
  6258. 0xa2,0x0d,0xcc,0x74,0xee,0xf2,0xb2,0xf0
  6259. };
  6260. WOLFSSL_SMALL_STACK_STATIC const byte correct3[] =
  6261. {
  6262. 0x49,0xec,0x78,0x09,0x0e,0x48,0x1e,0xc6,
  6263. 0xc2,0x6b,0x33,0xb9,0x1c,0xcc,0x03,0x07
  6264. };
  6265. WOLFSSL_SMALL_STACK_STATIC const byte correct4[] =
  6266. {
  6267. 0x1a,0xe1,0x0b,0x59,0x4f,0x09,0xe2,0x6a,
  6268. 0x7e,0x90,0x2e,0xcb,0xd0,0x60,0x06,0x91
  6269. };
  6270. WOLFSSL_SMALL_STACK_STATIC const byte correct5[] =
  6271. {
  6272. 0x03,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
  6273. 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
  6274. };
  6275. WOLFSSL_SMALL_STACK_STATIC const byte correct6[] =
  6276. {
  6277. 0xea,0x11,0x5c,0x4f,0xd0,0xc0,0x10,0xae,
  6278. 0xf7,0xdf,0xda,0x77,0xa2,0xe9,0xaf,0xca
  6279. };
  6280. WOLFSSL_SMALL_STACK_STATIC const byte key[] = {
  6281. 0x85,0xd6,0xbe,0x78,0x57,0x55,0x6d,0x33,
  6282. 0x7f,0x44,0x52,0xfe,0x42,0xd5,0x06,0xa8,
  6283. 0x01,0x03,0x80,0x8a,0xfb,0x0d,0xb2,0xfd,
  6284. 0x4a,0xbf,0xf6,0xaf,0x41,0x49,0xf5,0x1b
  6285. };
  6286. WOLFSSL_SMALL_STACK_STATIC const byte key2[] = {
  6287. 0x74,0x68,0x69,0x73,0x20,0x69,0x73,0x20,
  6288. 0x33,0x32,0x2d,0x62,0x79,0x74,0x65,0x20,
  6289. 0x6b,0x65,0x79,0x20,0x66,0x6f,0x72,0x20,
  6290. 0x50,0x6f,0x6c,0x79,0x31,0x33,0x30,0x35
  6291. };
  6292. WOLFSSL_SMALL_STACK_STATIC const byte key4[] = {
  6293. 0x7b,0xac,0x2b,0x25,0x2d,0xb4,0x47,0xaf,
  6294. 0x09,0xb6,0x7a,0x55,0xa4,0xe9,0x55,0x84,
  6295. 0x0a,0xe1,0xd6,0x73,0x10,0x75,0xd9,0xeb,
  6296. 0x2a,0x93,0x75,0x78,0x3e,0xd5,0x53,0xff
  6297. };
  6298. WOLFSSL_SMALL_STACK_STATIC const byte key5[] = {
  6299. 0x02,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
  6300. 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
  6301. 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
  6302. 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00
  6303. };
  6304. const byte* msgs[] = {NULL, msg1, msg2, msg3, msg5, msg6};
  6305. word32 szm[] = {0, sizeof(msg1), sizeof(msg2),
  6306. sizeof(msg3), sizeof(msg5), sizeof(msg6)};
  6307. const byte* keys[] = {key, key, key2, key2, key5, key};
  6308. const byte* tests[] = {correct0, correct1, correct2, correct3, correct5,
  6309. correct6};
  6310. for (i = 0; i < 6; i++) {
  6311. ret = wc_Poly1305SetKey(&enc, keys[i], 32);
  6312. if (ret != 0)
  6313. return WC_TEST_RET_ENC_I(i);
  6314. ret = wc_Poly1305Update(&enc, msgs[i], szm[i]);
  6315. if (ret != 0)
  6316. return WC_TEST_RET_ENC_I(i);
  6317. ret = wc_Poly1305Final(&enc, tag);
  6318. if (ret != 0)
  6319. return WC_TEST_RET_ENC_I(i);
  6320. if (XMEMCMP(tag, tests[i], sizeof(tag)))
  6321. return WC_TEST_RET_ENC_I(i);
  6322. }
  6323. /* Check TLS MAC function from 2.8.2 https://tools.ietf.org/html/rfc7539 */
  6324. XMEMSET(tag, 0, sizeof(tag));
  6325. ret = wc_Poly1305SetKey(&enc, key4, sizeof(key4));
  6326. if (ret != 0)
  6327. return WC_TEST_RET_ENC_EC(ret);
  6328. ret = wc_Poly1305_MAC(&enc, additional, sizeof(additional),
  6329. (byte*)msg4, sizeof(msg4), tag, sizeof(tag));
  6330. if (ret != 0)
  6331. return WC_TEST_RET_ENC_EC(ret);
  6332. if (XMEMCMP(tag, correct4, sizeof(tag)))
  6333. return WC_TEST_RET_ENC_NC;
  6334. /* Check fail of TLS MAC function if altering additional data */
  6335. XMEMSET(tag, 0, sizeof(tag));
  6336. additional[0]++;
  6337. ret = wc_Poly1305_MAC(&enc, additional, sizeof(additional),
  6338. (byte*)msg4, sizeof(msg4), tag, sizeof(tag));
  6339. if (ret != 0)
  6340. return WC_TEST_RET_ENC_EC(ret);
  6341. if (XMEMCMP(tag, correct4, sizeof(tag)) == 0)
  6342. return WC_TEST_RET_ENC_NC;
  6343. return 0;
  6344. }
  6345. #endif /* HAVE_POLY1305 */
  6346. #if defined(HAVE_CHACHA) && defined(HAVE_POLY1305)
  6347. WOLFSSL_TEST_SUBROUTINE wc_test_ret_t chacha20_poly1305_aead_test(void)
  6348. {
  6349. /* Test #1 from Section 2.8.2 of draft-irtf-cfrg-chacha20-poly1305-10 */
  6350. /* https://tools.ietf.org/html/draft-irtf-cfrg-chacha20-poly1305-10 */
  6351. WOLFSSL_SMALL_STACK_STATIC const byte key1[] = {
  6352. 0x80, 0x81, 0x82, 0x83, 0x84, 0x85, 0x86, 0x87,
  6353. 0x88, 0x89, 0x8a, 0x8b, 0x8c, 0x8d, 0x8e, 0x8f,
  6354. 0x90, 0x91, 0x92, 0x93, 0x94, 0x95, 0x96, 0x97,
  6355. 0x98, 0x99, 0x9a, 0x9b, 0x9c, 0x9d, 0x9e, 0x9f
  6356. };
  6357. WOLFSSL_SMALL_STACK_STATIC const byte plaintext1[] = {
  6358. 0x4c, 0x61, 0x64, 0x69, 0x65, 0x73, 0x20, 0x61,
  6359. 0x6e, 0x64, 0x20, 0x47, 0x65, 0x6e, 0x74, 0x6c,
  6360. 0x65, 0x6d, 0x65, 0x6e, 0x20, 0x6f, 0x66, 0x20,
  6361. 0x74, 0x68, 0x65, 0x20, 0x63, 0x6c, 0x61, 0x73,
  6362. 0x73, 0x20, 0x6f, 0x66, 0x20, 0x27, 0x39, 0x39,
  6363. 0x3a, 0x20, 0x49, 0x66, 0x20, 0x49, 0x20, 0x63,
  6364. 0x6f, 0x75, 0x6c, 0x64, 0x20, 0x6f, 0x66, 0x66,
  6365. 0x65, 0x72, 0x20, 0x79, 0x6f, 0x75, 0x20, 0x6f,
  6366. 0x6e, 0x6c, 0x79, 0x20, 0x6f, 0x6e, 0x65, 0x20,
  6367. 0x74, 0x69, 0x70, 0x20, 0x66, 0x6f, 0x72, 0x20,
  6368. 0x74, 0x68, 0x65, 0x20, 0x66, 0x75, 0x74, 0x75,
  6369. 0x72, 0x65, 0x2c, 0x20, 0x73, 0x75, 0x6e, 0x73,
  6370. 0x63, 0x72, 0x65, 0x65, 0x6e, 0x20, 0x77, 0x6f,
  6371. 0x75, 0x6c, 0x64, 0x20, 0x62, 0x65, 0x20, 0x69,
  6372. 0x74, 0x2e
  6373. };
  6374. WOLFSSL_SMALL_STACK_STATIC const byte iv1[] = {
  6375. 0x07, 0x00, 0x00, 0x00, 0x40, 0x41, 0x42, 0x43,
  6376. 0x44, 0x45, 0x46, 0x47
  6377. };
  6378. WOLFSSL_SMALL_STACK_STATIC const byte aad1[] = { /* additional data */
  6379. 0x50, 0x51, 0x52, 0x53, 0xc0, 0xc1, 0xc2, 0xc3,
  6380. 0xc4, 0xc5, 0xc6, 0xc7
  6381. };
  6382. WOLFSSL_SMALL_STACK_STATIC const byte cipher1[] = { /* expected output from operation */
  6383. 0xd3, 0x1a, 0x8d, 0x34, 0x64, 0x8e, 0x60, 0xdb,
  6384. 0x7b, 0x86, 0xaf, 0xbc, 0x53, 0xef, 0x7e, 0xc2,
  6385. 0xa4, 0xad, 0xed, 0x51, 0x29, 0x6e, 0x08, 0xfe,
  6386. 0xa9, 0xe2, 0xb5, 0xa7, 0x36, 0xee, 0x62, 0xd6,
  6387. 0x3d, 0xbe, 0xa4, 0x5e, 0x8c, 0xa9, 0x67, 0x12,
  6388. 0x82, 0xfa, 0xfb, 0x69, 0xda, 0x92, 0x72, 0x8b,
  6389. 0x1a, 0x71, 0xde, 0x0a, 0x9e, 0x06, 0x0b, 0x29,
  6390. 0x05, 0xd6, 0xa5, 0xb6, 0x7e, 0xcd, 0x3b, 0x36,
  6391. 0x92, 0xdd, 0xbd, 0x7f, 0x2d, 0x77, 0x8b, 0x8c,
  6392. 0x98, 0x03, 0xae, 0xe3, 0x28, 0x09, 0x1b, 0x58,
  6393. 0xfa, 0xb3, 0x24, 0xe4, 0xfa, 0xd6, 0x75, 0x94,
  6394. 0x55, 0x85, 0x80, 0x8b, 0x48, 0x31, 0xd7, 0xbc,
  6395. 0x3f, 0xf4, 0xde, 0xf0, 0x8e, 0x4b, 0x7a, 0x9d,
  6396. 0xe5, 0x76, 0xd2, 0x65, 0x86, 0xce, 0xc6, 0x4b,
  6397. 0x61, 0x16
  6398. };
  6399. WOLFSSL_SMALL_STACK_STATIC const byte authTag1[] = { /* expected output from operation */
  6400. 0x1a, 0xe1, 0x0b, 0x59, 0x4f, 0x09, 0xe2, 0x6a,
  6401. 0x7e, 0x90, 0x2e, 0xcb, 0xd0, 0x60, 0x06, 0x91
  6402. };
  6403. /* Test #2 from Appendix A.2 in draft-irtf-cfrg-chacha20-poly1305-10 */
  6404. /* https://tools.ietf.org/html/draft-irtf-cfrg-chacha20-poly1305-10 */
  6405. WOLFSSL_SMALL_STACK_STATIC const byte key2[] = {
  6406. 0x1c, 0x92, 0x40, 0xa5, 0xeb, 0x55, 0xd3, 0x8a,
  6407. 0xf3, 0x33, 0x88, 0x86, 0x04, 0xf6, 0xb5, 0xf0,
  6408. 0x47, 0x39, 0x17, 0xc1, 0x40, 0x2b, 0x80, 0x09,
  6409. 0x9d, 0xca, 0x5c, 0xbc, 0x20, 0x70, 0x75, 0xc0
  6410. };
  6411. WOLFSSL_SMALL_STACK_STATIC const byte plaintext2[] = {
  6412. 0x49, 0x6e, 0x74, 0x65, 0x72, 0x6e, 0x65, 0x74,
  6413. 0x2d, 0x44, 0x72, 0x61, 0x66, 0x74, 0x73, 0x20,
  6414. 0x61, 0x72, 0x65, 0x20, 0x64, 0x72, 0x61, 0x66,
  6415. 0x74, 0x20, 0x64, 0x6f, 0x63, 0x75, 0x6d, 0x65,
  6416. 0x6e, 0x74, 0x73, 0x20, 0x76, 0x61, 0x6c, 0x69,
  6417. 0x64, 0x20, 0x66, 0x6f, 0x72, 0x20, 0x61, 0x20,
  6418. 0x6d, 0x61, 0x78, 0x69, 0x6d, 0x75, 0x6d, 0x20,
  6419. 0x6f, 0x66, 0x20, 0x73, 0x69, 0x78, 0x20, 0x6d,
  6420. 0x6f, 0x6e, 0x74, 0x68, 0x73, 0x20, 0x61, 0x6e,
  6421. 0x64, 0x20, 0x6d, 0x61, 0x79, 0x20, 0x62, 0x65,
  6422. 0x20, 0x75, 0x70, 0x64, 0x61, 0x74, 0x65, 0x64,
  6423. 0x2c, 0x20, 0x72, 0x65, 0x70, 0x6c, 0x61, 0x63,
  6424. 0x65, 0x64, 0x2c, 0x20, 0x6f, 0x72, 0x20, 0x6f,
  6425. 0x62, 0x73, 0x6f, 0x6c, 0x65, 0x74, 0x65, 0x64,
  6426. 0x20, 0x62, 0x79, 0x20, 0x6f, 0x74, 0x68, 0x65,
  6427. 0x72, 0x20, 0x64, 0x6f, 0x63, 0x75, 0x6d, 0x65,
  6428. 0x6e, 0x74, 0x73, 0x20, 0x61, 0x74, 0x20, 0x61,
  6429. 0x6e, 0x79, 0x20, 0x74, 0x69, 0x6d, 0x65, 0x2e,
  6430. 0x20, 0x49, 0x74, 0x20, 0x69, 0x73, 0x20, 0x69,
  6431. 0x6e, 0x61, 0x70, 0x70, 0x72, 0x6f, 0x70, 0x72,
  6432. 0x69, 0x61, 0x74, 0x65, 0x20, 0x74, 0x6f, 0x20,
  6433. 0x75, 0x73, 0x65, 0x20, 0x49, 0x6e, 0x74, 0x65,
  6434. 0x72, 0x6e, 0x65, 0x74, 0x2d, 0x44, 0x72, 0x61,
  6435. 0x66, 0x74, 0x73, 0x20, 0x61, 0x73, 0x20, 0x72,
  6436. 0x65, 0x66, 0x65, 0x72, 0x65, 0x6e, 0x63, 0x65,
  6437. 0x20, 0x6d, 0x61, 0x74, 0x65, 0x72, 0x69, 0x61,
  6438. 0x6c, 0x20, 0x6f, 0x72, 0x20, 0x74, 0x6f, 0x20,
  6439. 0x63, 0x69, 0x74, 0x65, 0x20, 0x74, 0x68, 0x65,
  6440. 0x6d, 0x20, 0x6f, 0x74, 0x68, 0x65, 0x72, 0x20,
  6441. 0x74, 0x68, 0x61, 0x6e, 0x20, 0x61, 0x73, 0x20,
  6442. 0x2f, 0xe2, 0x80, 0x9c, 0x77, 0x6f, 0x72, 0x6b,
  6443. 0x20, 0x69, 0x6e, 0x20, 0x70, 0x72, 0x6f, 0x67,
  6444. 0x72, 0x65, 0x73, 0x73, 0x2e, 0x2f, 0xe2, 0x80,
  6445. 0x9d
  6446. };
  6447. WOLFSSL_SMALL_STACK_STATIC const byte iv2[] = {
  6448. 0x00, 0x00, 0x00, 0x00, 0x01, 0x02, 0x03, 0x04,
  6449. 0x05, 0x06, 0x07, 0x08
  6450. };
  6451. WOLFSSL_SMALL_STACK_STATIC const byte aad2[] = { /* additional data */
  6452. 0xf3, 0x33, 0x88, 0x86, 0x00, 0x00, 0x00, 0x00,
  6453. 0x00, 0x00, 0x4e, 0x91
  6454. };
  6455. WOLFSSL_SMALL_STACK_STATIC const byte cipher2[] = { /* expected output from operation */
  6456. 0x64, 0xa0, 0x86, 0x15, 0x75, 0x86, 0x1a, 0xf4,
  6457. 0x60, 0xf0, 0x62, 0xc7, 0x9b, 0xe6, 0x43, 0xbd,
  6458. 0x5e, 0x80, 0x5c, 0xfd, 0x34, 0x5c, 0xf3, 0x89,
  6459. 0xf1, 0x08, 0x67, 0x0a, 0xc7, 0x6c, 0x8c, 0xb2,
  6460. 0x4c, 0x6c, 0xfc, 0x18, 0x75, 0x5d, 0x43, 0xee,
  6461. 0xa0, 0x9e, 0xe9, 0x4e, 0x38, 0x2d, 0x26, 0xb0,
  6462. 0xbd, 0xb7, 0xb7, 0x3c, 0x32, 0x1b, 0x01, 0x00,
  6463. 0xd4, 0xf0, 0x3b, 0x7f, 0x35, 0x58, 0x94, 0xcf,
  6464. 0x33, 0x2f, 0x83, 0x0e, 0x71, 0x0b, 0x97, 0xce,
  6465. 0x98, 0xc8, 0xa8, 0x4a, 0xbd, 0x0b, 0x94, 0x81,
  6466. 0x14, 0xad, 0x17, 0x6e, 0x00, 0x8d, 0x33, 0xbd,
  6467. 0x60, 0xf9, 0x82, 0xb1, 0xff, 0x37, 0xc8, 0x55,
  6468. 0x97, 0x97, 0xa0, 0x6e, 0xf4, 0xf0, 0xef, 0x61,
  6469. 0xc1, 0x86, 0x32, 0x4e, 0x2b, 0x35, 0x06, 0x38,
  6470. 0x36, 0x06, 0x90, 0x7b, 0x6a, 0x7c, 0x02, 0xb0,
  6471. 0xf9, 0xf6, 0x15, 0x7b, 0x53, 0xc8, 0x67, 0xe4,
  6472. 0xb9, 0x16, 0x6c, 0x76, 0x7b, 0x80, 0x4d, 0x46,
  6473. 0xa5, 0x9b, 0x52, 0x16, 0xcd, 0xe7, 0xa4, 0xe9,
  6474. 0x90, 0x40, 0xc5, 0xa4, 0x04, 0x33, 0x22, 0x5e,
  6475. 0xe2, 0x82, 0xa1, 0xb0, 0xa0, 0x6c, 0x52, 0x3e,
  6476. 0xaf, 0x45, 0x34, 0xd7, 0xf8, 0x3f, 0xa1, 0x15,
  6477. 0x5b, 0x00, 0x47, 0x71, 0x8c, 0xbc, 0x54, 0x6a,
  6478. 0x0d, 0x07, 0x2b, 0x04, 0xb3, 0x56, 0x4e, 0xea,
  6479. 0x1b, 0x42, 0x22, 0x73, 0xf5, 0x48, 0x27, 0x1a,
  6480. 0x0b, 0xb2, 0x31, 0x60, 0x53, 0xfa, 0x76, 0x99,
  6481. 0x19, 0x55, 0xeb, 0xd6, 0x31, 0x59, 0x43, 0x4e,
  6482. 0xce, 0xbb, 0x4e, 0x46, 0x6d, 0xae, 0x5a, 0x10,
  6483. 0x73, 0xa6, 0x72, 0x76, 0x27, 0x09, 0x7a, 0x10,
  6484. 0x49, 0xe6, 0x17, 0xd9, 0x1d, 0x36, 0x10, 0x94,
  6485. 0xfa, 0x68, 0xf0, 0xff, 0x77, 0x98, 0x71, 0x30,
  6486. 0x30, 0x5b, 0xea, 0xba, 0x2e, 0xda, 0x04, 0xdf,
  6487. 0x99, 0x7b, 0x71, 0x4d, 0x6c, 0x6f, 0x2c, 0x29,
  6488. 0xa6, 0xad, 0x5c, 0xb4, 0x02, 0x2b, 0x02, 0x70,
  6489. 0x9b
  6490. };
  6491. WOLFSSL_SMALL_STACK_STATIC const byte authTag2[] = { /* expected output from operation */
  6492. 0xee, 0xad, 0x9d, 0x67, 0x89, 0x0c, 0xbb, 0x22,
  6493. 0x39, 0x23, 0x36, 0xfe, 0xa1, 0x85, 0x1f, 0x38
  6494. };
  6495. byte generatedCiphertext[265]; /* max plaintext2/cipher2 */
  6496. byte generatedPlaintext[265]; /* max plaintext2/cipher2 */
  6497. byte generatedAuthTag[CHACHA20_POLY1305_AEAD_AUTHTAG_SIZE];
  6498. wc_test_ret_t err;
  6499. ChaChaPoly_Aead aead;
  6500. #if !defined(USE_INTEL_CHACHA_SPEEDUP) && !defined(WOLFSSL_ARMASM)
  6501. #define TEST_SMALL_CHACHA_CHUNKS 32
  6502. #else
  6503. #define TEST_SMALL_CHACHA_CHUNKS 64
  6504. #endif
  6505. #ifdef TEST_SMALL_CHACHA_CHUNKS
  6506. word32 testLen;
  6507. #endif
  6508. XMEMSET(generatedCiphertext, 0, sizeof(generatedCiphertext));
  6509. XMEMSET(generatedAuthTag, 0, sizeof(generatedAuthTag));
  6510. XMEMSET(generatedPlaintext, 0, sizeof(generatedPlaintext));
  6511. /* Parameter Validation testing */
  6512. /* Encrypt */
  6513. err = wc_ChaCha20Poly1305_Encrypt(NULL, iv1, aad1, sizeof(aad1), plaintext1,
  6514. sizeof(plaintext1), generatedCiphertext, generatedAuthTag);
  6515. if (err != BAD_FUNC_ARG)
  6516. return WC_TEST_RET_ENC_EC(err);
  6517. err = wc_ChaCha20Poly1305_Encrypt(key1, NULL, aad1, sizeof(aad1),
  6518. plaintext1, sizeof(plaintext1), generatedCiphertext,
  6519. generatedAuthTag);
  6520. if (err != BAD_FUNC_ARG)
  6521. return WC_TEST_RET_ENC_EC(err);
  6522. err = wc_ChaCha20Poly1305_Encrypt(key1, iv1, aad1, sizeof(aad1), NULL,
  6523. sizeof(plaintext1), generatedCiphertext, generatedAuthTag);
  6524. if (err != BAD_FUNC_ARG)
  6525. return WC_TEST_RET_ENC_EC(err);
  6526. err = wc_ChaCha20Poly1305_Encrypt(key1, iv1, aad1, sizeof(aad1), plaintext1,
  6527. sizeof(plaintext1), NULL, generatedAuthTag);
  6528. if (err != BAD_FUNC_ARG)
  6529. return WC_TEST_RET_ENC_EC(err);
  6530. err = wc_ChaCha20Poly1305_Encrypt(key1, iv1, aad1, sizeof(aad1), plaintext1,
  6531. sizeof(plaintext1), generatedCiphertext, NULL);
  6532. if (err != BAD_FUNC_ARG)
  6533. return WC_TEST_RET_ENC_EC(err);
  6534. err = wc_ChaCha20Poly1305_Encrypt(key1, iv1, aad1, sizeof(aad1), NULL,
  6535. sizeof(plaintext1), generatedCiphertext, generatedAuthTag);
  6536. if (err != BAD_FUNC_ARG)
  6537. return WC_TEST_RET_ENC_EC(err);
  6538. /* Decrypt */
  6539. err = wc_ChaCha20Poly1305_Decrypt(NULL, iv2, aad2, sizeof(aad2), cipher2,
  6540. sizeof(cipher2), authTag2, generatedPlaintext);
  6541. if (err != BAD_FUNC_ARG)
  6542. return WC_TEST_RET_ENC_EC(err);
  6543. err = wc_ChaCha20Poly1305_Decrypt(key2, NULL, aad2, sizeof(aad2), cipher2,
  6544. sizeof(cipher2), authTag2, generatedPlaintext);
  6545. if (err != BAD_FUNC_ARG)
  6546. return WC_TEST_RET_ENC_EC(err);
  6547. err = wc_ChaCha20Poly1305_Decrypt(key2, iv2, aad2, sizeof(aad2), NULL,
  6548. sizeof(cipher2), authTag2, generatedPlaintext);
  6549. if (err != BAD_FUNC_ARG)
  6550. return WC_TEST_RET_ENC_EC(err);
  6551. err = wc_ChaCha20Poly1305_Decrypt(key2, iv2, aad2, sizeof(aad2), cipher2,
  6552. sizeof(cipher2), NULL, generatedPlaintext);
  6553. if (err != BAD_FUNC_ARG)
  6554. return WC_TEST_RET_ENC_EC(err);
  6555. err = wc_ChaCha20Poly1305_Decrypt(key2, iv2, aad2, sizeof(aad2), cipher2,
  6556. sizeof(cipher2), authTag2, NULL);
  6557. if (err != BAD_FUNC_ARG)
  6558. return WC_TEST_RET_ENC_EC(err);
  6559. err = wc_ChaCha20Poly1305_Decrypt(key2, iv2, aad2, sizeof(aad2), NULL,
  6560. sizeof(cipher2), authTag2, generatedPlaintext);
  6561. if (err != BAD_FUNC_ARG)
  6562. return WC_TEST_RET_ENC_EC(err);
  6563. /* Test #1 */
  6564. err = wc_ChaCha20Poly1305_Encrypt(key1, iv1,
  6565. aad1, sizeof(aad1),
  6566. plaintext1, sizeof(plaintext1),
  6567. generatedCiphertext, generatedAuthTag);
  6568. if (err) {
  6569. return WC_TEST_RET_ENC_EC(err);
  6570. }
  6571. /* -- Check the ciphertext and authtag */
  6572. if (XMEMCMP(generatedCiphertext, cipher1, sizeof(cipher1))) {
  6573. return WC_TEST_RET_ENC_NC;
  6574. }
  6575. if (XMEMCMP(generatedAuthTag, authTag1, sizeof(authTag1))) {
  6576. return WC_TEST_RET_ENC_NC;
  6577. }
  6578. /* -- Verify decryption works */
  6579. err = wc_ChaCha20Poly1305_Decrypt(key1, iv1,
  6580. aad1, sizeof(aad1),
  6581. cipher1, sizeof(cipher1),
  6582. authTag1, generatedPlaintext);
  6583. if (err) {
  6584. return err;
  6585. }
  6586. if (XMEMCMP(generatedPlaintext, plaintext1, sizeof(plaintext1))) {
  6587. return WC_TEST_RET_ENC_NC;
  6588. }
  6589. XMEMSET(generatedCiphertext, 0, sizeof(generatedCiphertext));
  6590. XMEMSET(generatedAuthTag, 0, sizeof(generatedAuthTag));
  6591. XMEMSET(generatedPlaintext, 0, sizeof(generatedPlaintext));
  6592. /* Test #2 */
  6593. err = wc_ChaCha20Poly1305_Encrypt(key2, iv2,
  6594. aad2, sizeof(aad2),
  6595. plaintext2, sizeof(plaintext2),
  6596. generatedCiphertext, generatedAuthTag);
  6597. if (err) {
  6598. return err;
  6599. }
  6600. /* -- Check the ciphertext and authtag */
  6601. if (XMEMCMP(generatedCiphertext, cipher2, sizeof(cipher2))) {
  6602. return WC_TEST_RET_ENC_NC;
  6603. }
  6604. if (XMEMCMP(generatedAuthTag, authTag2, sizeof(authTag2))) {
  6605. return WC_TEST_RET_ENC_NC;
  6606. }
  6607. /* -- Verify decryption works */
  6608. err = wc_ChaCha20Poly1305_Decrypt(key2, iv2,
  6609. aad2, sizeof(aad2),
  6610. cipher2, sizeof(cipher2),
  6611. authTag2, generatedPlaintext);
  6612. if (err) {
  6613. return err;
  6614. }
  6615. if (XMEMCMP(generatedPlaintext, plaintext2, sizeof(plaintext2))) {
  6616. return WC_TEST_RET_ENC_NC;
  6617. }
  6618. /* AEAD init/update/final - bad argument tests */
  6619. err = wc_ChaCha20Poly1305_Init(NULL, key1, iv1,
  6620. CHACHA20_POLY1305_AEAD_DECRYPT);
  6621. if (err != BAD_FUNC_ARG)
  6622. return WC_TEST_RET_ENC_EC(err);
  6623. err = wc_ChaCha20Poly1305_Init(&aead, NULL, iv1,
  6624. CHACHA20_POLY1305_AEAD_DECRYPT);
  6625. if (err != BAD_FUNC_ARG)
  6626. return WC_TEST_RET_ENC_EC(err);
  6627. err = wc_ChaCha20Poly1305_Init(&aead, key1, NULL,
  6628. CHACHA20_POLY1305_AEAD_DECRYPT);
  6629. if (err != BAD_FUNC_ARG)
  6630. return WC_TEST_RET_ENC_EC(err);
  6631. err = wc_ChaCha20Poly1305_UpdateAad(NULL, aad1, sizeof(aad1));
  6632. if (err != BAD_FUNC_ARG)
  6633. return WC_TEST_RET_ENC_EC(err);
  6634. err = wc_ChaCha20Poly1305_UpdateAad(&aead, NULL, sizeof(aad1));
  6635. if (err != BAD_FUNC_ARG)
  6636. return WC_TEST_RET_ENC_EC(err);
  6637. err = wc_ChaCha20Poly1305_UpdateData(NULL, generatedPlaintext,
  6638. generatedPlaintext, sizeof(plaintext1));
  6639. if (err != BAD_FUNC_ARG)
  6640. return WC_TEST_RET_ENC_EC(err);
  6641. err = wc_ChaCha20Poly1305_UpdateData(&aead, generatedPlaintext, NULL,
  6642. sizeof(plaintext1));
  6643. if (err != BAD_FUNC_ARG)
  6644. return WC_TEST_RET_ENC_EC(err);
  6645. err = wc_ChaCha20Poly1305_UpdateData(&aead, NULL, generatedPlaintext,
  6646. sizeof(plaintext1));
  6647. if (err != BAD_FUNC_ARG)
  6648. return WC_TEST_RET_ENC_EC(err);
  6649. err = wc_ChaCha20Poly1305_Final(NULL, generatedAuthTag);
  6650. if (err != BAD_FUNC_ARG)
  6651. return WC_TEST_RET_ENC_EC(err);
  6652. err = wc_ChaCha20Poly1305_Final(&aead, NULL);
  6653. if (err != BAD_FUNC_ARG)
  6654. return WC_TEST_RET_ENC_EC(err);
  6655. /* AEAD init/update/final - bad state tests */
  6656. /* clear struct - make valgrind happy to resolve
  6657. "Conditional jump or move depends on uninitialised value(s)".
  6658. The enum is "int" size and aead.state is "byte" */
  6659. /* The wc_ChaCha20Poly1305_Init function does this normally */
  6660. XMEMSET(&aead, 0, sizeof(aead));
  6661. aead.state = CHACHA20_POLY1305_STATE_INIT;
  6662. err = wc_ChaCha20Poly1305_UpdateAad(&aead, aad1, sizeof(aad1));
  6663. if (err != BAD_STATE_E)
  6664. return WC_TEST_RET_ENC_EC(err);
  6665. aead.state = CHACHA20_POLY1305_STATE_DATA;
  6666. err = wc_ChaCha20Poly1305_UpdateAad(&aead, aad1, sizeof(aad1));
  6667. if (err != BAD_STATE_E)
  6668. return WC_TEST_RET_ENC_EC(err);
  6669. aead.state = CHACHA20_POLY1305_STATE_INIT;
  6670. err = wc_ChaCha20Poly1305_UpdateData(&aead, generatedPlaintext,
  6671. generatedPlaintext, sizeof(plaintext1));
  6672. if (err != BAD_STATE_E)
  6673. return WC_TEST_RET_ENC_EC(err);
  6674. aead.state = CHACHA20_POLY1305_STATE_INIT;
  6675. err = wc_ChaCha20Poly1305_Final(&aead, generatedAuthTag);
  6676. if (err != BAD_STATE_E)
  6677. return WC_TEST_RET_ENC_EC(err);
  6678. aead.state = CHACHA20_POLY1305_STATE_READY;
  6679. err = wc_ChaCha20Poly1305_Final(&aead, generatedAuthTag);
  6680. if (err != BAD_STATE_E)
  6681. return WC_TEST_RET_ENC_EC(err);
  6682. XMEMSET(generatedCiphertext, 0, sizeof(generatedCiphertext));
  6683. XMEMSET(generatedAuthTag, 0, sizeof(generatedAuthTag));
  6684. XMEMSET(generatedPlaintext, 0, sizeof(generatedPlaintext));
  6685. /* Test 1 - Encrypt */
  6686. err = wc_ChaCha20Poly1305_Init(&aead, key1, iv1,
  6687. CHACHA20_POLY1305_AEAD_ENCRYPT);
  6688. if (err != 0)
  6689. return WC_TEST_RET_ENC_EC(err);
  6690. err = wc_ChaCha20Poly1305_UpdateAad(&aead, aad1, sizeof(aad1));
  6691. if (err != 0)
  6692. return WC_TEST_RET_ENC_EC(err);
  6693. #ifdef TEST_SMALL_CHACHA_CHUNKS
  6694. /* test doing data in smaller chunks */
  6695. for (testLen=0; testLen<sizeof(plaintext1); ) {
  6696. word32 dataLen = sizeof(plaintext1) - testLen;
  6697. if (dataLen > TEST_SMALL_CHACHA_CHUNKS)
  6698. dataLen = TEST_SMALL_CHACHA_CHUNKS;
  6699. err = wc_ChaCha20Poly1305_UpdateData(&aead, &plaintext1[testLen],
  6700. &generatedCiphertext[testLen], dataLen);
  6701. if (err != 0)
  6702. return WC_TEST_RET_ENC_EC(err);
  6703. testLen += dataLen;
  6704. }
  6705. #else
  6706. err = wc_ChaCha20Poly1305_UpdateData(&aead, plaintext1,
  6707. generatedCiphertext, sizeof(plaintext1));
  6708. #endif
  6709. err = wc_ChaCha20Poly1305_Final(&aead, generatedAuthTag);
  6710. if (err != 0)
  6711. return WC_TEST_RET_ENC_EC(err);
  6712. err = wc_ChaCha20Poly1305_CheckTag(generatedAuthTag, authTag1);
  6713. if (err != 0)
  6714. return WC_TEST_RET_ENC_EC(err);
  6715. if (XMEMCMP(generatedCiphertext, cipher1, sizeof(cipher1))) {
  6716. return WC_TEST_RET_ENC_NC;
  6717. }
  6718. /* Test 1 - Decrypt */
  6719. err = wc_ChaCha20Poly1305_Init(&aead, key1, iv1,
  6720. CHACHA20_POLY1305_AEAD_DECRYPT);
  6721. if (err != 0)
  6722. return WC_TEST_RET_ENC_EC(err);
  6723. err = wc_ChaCha20Poly1305_UpdateAad(&aead, aad1, sizeof(aad1));
  6724. if (err != 0)
  6725. return WC_TEST_RET_ENC_EC(err);
  6726. #ifdef TEST_SMALL_CHACHA_CHUNKS
  6727. /* test doing data in smaller chunks */
  6728. for (testLen=0; testLen<sizeof(plaintext1); ) {
  6729. word32 dataLen = sizeof(plaintext1) - testLen;
  6730. if (dataLen > TEST_SMALL_CHACHA_CHUNKS)
  6731. dataLen = TEST_SMALL_CHACHA_CHUNKS;
  6732. err = wc_ChaCha20Poly1305_UpdateData(&aead,
  6733. &generatedCiphertext[testLen], &generatedPlaintext[testLen],
  6734. dataLen);
  6735. if (err != 0)
  6736. return WC_TEST_RET_ENC_EC(err);
  6737. testLen += dataLen;
  6738. }
  6739. #else
  6740. err = wc_ChaCha20Poly1305_UpdateData(&aead, generatedCiphertext,
  6741. generatedPlaintext, sizeof(cipher1));
  6742. #endif
  6743. err = wc_ChaCha20Poly1305_Final(&aead, generatedAuthTag);
  6744. if (err != 0)
  6745. return WC_TEST_RET_ENC_EC(err);
  6746. err = wc_ChaCha20Poly1305_CheckTag(generatedAuthTag, authTag1);
  6747. if (err != 0)
  6748. return WC_TEST_RET_ENC_EC(err);
  6749. if (XMEMCMP(generatedPlaintext, plaintext1, sizeof(plaintext1))) {
  6750. return WC_TEST_RET_ENC_NC;
  6751. }
  6752. XMEMSET(generatedCiphertext, 0, sizeof(generatedCiphertext));
  6753. XMEMSET(generatedAuthTag, 0, sizeof(generatedAuthTag));
  6754. XMEMSET(generatedPlaintext, 0, sizeof(generatedPlaintext));
  6755. /* Test 2 - Encrypt */
  6756. err = wc_ChaCha20Poly1305_Init(&aead, key2, iv2,
  6757. CHACHA20_POLY1305_AEAD_ENCRYPT);
  6758. if (err != 0)
  6759. return WC_TEST_RET_ENC_EC(err);
  6760. err = wc_ChaCha20Poly1305_UpdateAad(&aead, aad2, sizeof(aad2));
  6761. if (err != 0)
  6762. return WC_TEST_RET_ENC_EC(err);
  6763. #ifdef TEST_SMALL_CHACHA_CHUNKS
  6764. /* test doing data in smaller chunks */
  6765. for (testLen=0; testLen<sizeof(plaintext2); ) {
  6766. word32 dataLen = sizeof(plaintext2) - testLen;
  6767. if (dataLen > TEST_SMALL_CHACHA_CHUNKS)
  6768. dataLen = TEST_SMALL_CHACHA_CHUNKS;
  6769. err = wc_ChaCha20Poly1305_UpdateData(&aead, &plaintext2[testLen],
  6770. &generatedCiphertext[testLen], dataLen);
  6771. if (err != 0)
  6772. return WC_TEST_RET_ENC_EC(err);
  6773. testLen += dataLen;
  6774. }
  6775. #else
  6776. err = wc_ChaCha20Poly1305_UpdateData(&aead, plaintext2, generatedCiphertext,
  6777. sizeof(plaintext2));
  6778. #endif
  6779. err = wc_ChaCha20Poly1305_Final(&aead, generatedAuthTag);
  6780. if (err != 0)
  6781. return WC_TEST_RET_ENC_EC(err);
  6782. err = wc_ChaCha20Poly1305_CheckTag(generatedAuthTag, authTag2);
  6783. if (err != 0)
  6784. return WC_TEST_RET_ENC_EC(err);
  6785. if (XMEMCMP(generatedCiphertext, cipher2, sizeof(cipher2))) {
  6786. return WC_TEST_RET_ENC_NC;
  6787. }
  6788. /* Test 2 - Decrypt */
  6789. err = wc_ChaCha20Poly1305_Init(&aead, key2, iv2,
  6790. CHACHA20_POLY1305_AEAD_DECRYPT);
  6791. if (err != 0)
  6792. return WC_TEST_RET_ENC_EC(err);
  6793. err = wc_ChaCha20Poly1305_UpdateAad(&aead, aad2, sizeof(aad2));
  6794. if (err != 0)
  6795. return WC_TEST_RET_ENC_EC(err);
  6796. #ifdef TEST_SMALL_CHACHA_CHUNKS
  6797. /* test doing data in smaller chunks */
  6798. for (testLen=0; testLen<sizeof(plaintext2); ) {
  6799. word32 dataLen = sizeof(plaintext2) - testLen;
  6800. if (dataLen > TEST_SMALL_CHACHA_CHUNKS)
  6801. dataLen = TEST_SMALL_CHACHA_CHUNKS;
  6802. err = wc_ChaCha20Poly1305_UpdateData(&aead,
  6803. &generatedCiphertext[testLen], &generatedPlaintext[testLen],
  6804. dataLen);
  6805. if (err != 0)
  6806. return WC_TEST_RET_ENC_EC(err);
  6807. testLen += dataLen;
  6808. }
  6809. #else
  6810. err = wc_ChaCha20Poly1305_UpdateData(&aead, generatedCiphertext,
  6811. generatedPlaintext, sizeof(cipher2));
  6812. #endif
  6813. err = wc_ChaCha20Poly1305_Final(&aead, generatedAuthTag);
  6814. if (err != 0)
  6815. return WC_TEST_RET_ENC_EC(err);
  6816. err = wc_ChaCha20Poly1305_CheckTag(generatedAuthTag, authTag2);
  6817. if (err != 0)
  6818. return WC_TEST_RET_ENC_EC(err);
  6819. if (XMEMCMP(generatedPlaintext, plaintext2, sizeof(plaintext2))) {
  6820. return WC_TEST_RET_ENC_NC;
  6821. }
  6822. return err;
  6823. }
  6824. #endif /* HAVE_CHACHA && HAVE_POLY1305 */
  6825. #ifndef NO_DES3
  6826. WOLFSSL_TEST_SUBROUTINE wc_test_ret_t des_test(void)
  6827. {
  6828. WOLFSSL_SMALL_STACK_STATIC const byte vector[] = { /* "now is the time for all " w/o trailing 0 */
  6829. 0x6e,0x6f,0x77,0x20,0x69,0x73,0x20,0x74,
  6830. 0x68,0x65,0x20,0x74,0x69,0x6d,0x65,0x20,
  6831. 0x66,0x6f,0x72,0x20,0x61,0x6c,0x6c,0x20
  6832. };
  6833. byte plain[24];
  6834. byte cipher[24];
  6835. Des enc;
  6836. Des dec;
  6837. WOLFSSL_SMALL_STACK_STATIC const byte key[] =
  6838. {
  6839. 0x01,0x23,0x45,0x67,0x89,0xab,0xcd,0xef
  6840. };
  6841. WOLFSSL_SMALL_STACK_STATIC const byte iv[] =
  6842. {
  6843. 0x12,0x34,0x56,0x78,0x90,0xab,0xcd,0xef
  6844. };
  6845. WOLFSSL_SMALL_STACK_STATIC const byte verify[] =
  6846. {
  6847. 0x8b,0x7c,0x52,0xb0,0x01,0x2b,0x6c,0xb8,
  6848. 0x4f,0x0f,0xeb,0xf3,0xfb,0x5f,0x86,0x73,
  6849. 0x15,0x85,0xb3,0x22,0x4b,0x86,0x2b,0x4b
  6850. };
  6851. wc_test_ret_t ret;
  6852. ret = wc_Des_SetKey(&enc, key, iv, DES_ENCRYPTION);
  6853. if (ret != 0)
  6854. return WC_TEST_RET_ENC_EC(ret);
  6855. ret = wc_Des_CbcEncrypt(&enc, cipher, vector, sizeof(vector));
  6856. if (ret != 0)
  6857. return WC_TEST_RET_ENC_EC(ret);
  6858. ret = wc_Des_SetKey(&dec, key, iv, DES_DECRYPTION);
  6859. if (ret != 0)
  6860. return WC_TEST_RET_ENC_EC(ret);
  6861. ret = wc_Des_CbcDecrypt(&dec, plain, cipher, sizeof(cipher));
  6862. if (ret != 0)
  6863. return WC_TEST_RET_ENC_EC(ret);
  6864. if (XMEMCMP(plain, vector, sizeof(plain)))
  6865. return WC_TEST_RET_ENC_NC;
  6866. if (XMEMCMP(cipher, verify, sizeof(cipher)))
  6867. return WC_TEST_RET_ENC_NC;
  6868. ret = wc_Des_CbcEncryptWithKey(cipher, vector, sizeof(vector), key, iv);
  6869. if (ret != 0)
  6870. return WC_TEST_RET_ENC_EC(ret);
  6871. #if defined(WOLFSSL_ENCRYPTED_KEYS) && !defined(NO_SHA)
  6872. {
  6873. EncryptedInfo info;
  6874. XMEMSET(&info, 0, sizeof(EncryptedInfo));
  6875. XMEMCPY(info.iv, iv, sizeof(iv));
  6876. info.ivSz = sizeof(iv);
  6877. info.keySz = sizeof(key);
  6878. info.cipherType = WC_CIPHER_DES;
  6879. ret = wc_BufferKeyEncrypt(&info, cipher, sizeof(cipher), key,
  6880. sizeof(key), WC_HASH_TYPE_SHA);
  6881. if (ret != 0)
  6882. return WC_TEST_RET_ENC_EC(ret);
  6883. /* Test invalid info ptr */
  6884. ret = wc_BufferKeyEncrypt(NULL, cipher, sizeof(cipher), key,
  6885. sizeof(key), WC_HASH_TYPE_SHA);
  6886. if (ret != BAD_FUNC_ARG)
  6887. return WC_TEST_RET_ENC_EC(ret);
  6888. #ifndef NO_PWDBASED
  6889. /* Test invalid hash type - only applies to wc_PBKDF1 call */
  6890. ret = wc_BufferKeyEncrypt(&info, cipher, sizeof(cipher), key,
  6891. sizeof(key), WC_HASH_TYPE_NONE);
  6892. if (ret == 0)
  6893. return WC_TEST_RET_ENC_EC(ret);
  6894. #endif /* !NO_PWDBASED */
  6895. }
  6896. #endif
  6897. return 0;
  6898. }
  6899. #endif /* !NO_DES3 */
  6900. #ifndef NO_DES3
  6901. WOLFSSL_TEST_SUBROUTINE wc_test_ret_t des3_test(void)
  6902. {
  6903. WOLFSSL_SMALL_STACK_STATIC const byte vector[] = { /* "Now is the time for all " w/o trailing 0 */
  6904. 0x4e,0x6f,0x77,0x20,0x69,0x73,0x20,0x74,
  6905. 0x68,0x65,0x20,0x74,0x69,0x6d,0x65,0x20,
  6906. 0x66,0x6f,0x72,0x20,0x61,0x6c,0x6c,0x20
  6907. };
  6908. byte plain[24];
  6909. byte cipher[24];
  6910. Des3 enc;
  6911. Des3 dec;
  6912. WOLFSSL_SMALL_STACK_STATIC const byte key3[] =
  6913. {
  6914. 0x01,0x23,0x45,0x67,0x89,0xab,0xcd,0xef,
  6915. 0xfe,0xde,0xba,0x98,0x76,0x54,0x32,0x10,
  6916. 0x89,0xab,0xcd,0xef,0x01,0x23,0x45,0x67
  6917. };
  6918. WOLFSSL_SMALL_STACK_STATIC const byte iv3[] =
  6919. {
  6920. 0x12,0x34,0x56,0x78,0x90,0xab,0xcd,0xef,
  6921. 0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01,
  6922. 0x11,0x21,0x31,0x41,0x51,0x61,0x71,0x81
  6923. };
  6924. WOLFSSL_SMALL_STACK_STATIC const byte verify3[] =
  6925. {
  6926. 0x43,0xa0,0x29,0x7e,0xd1,0x84,0xf8,0x0e,
  6927. 0x89,0x64,0x84,0x32,0x12,0xd5,0x08,0x98,
  6928. 0x18,0x94,0x15,0x74,0x87,0x12,0x7d,0xb0
  6929. };
  6930. wc_test_ret_t ret;
  6931. #if defined(OPENSSL_EXTRA) && !defined(WOLFCRYPT_ONLY)
  6932. size_t i;
  6933. #endif
  6934. ret = wc_Des3Init(&enc, HEAP_HINT, devId);
  6935. if (ret != 0)
  6936. return WC_TEST_RET_ENC_EC(ret);
  6937. ret = wc_Des3Init(&dec, HEAP_HINT, devId);
  6938. if (ret != 0)
  6939. return WC_TEST_RET_ENC_EC(ret);
  6940. ret = wc_Des3_SetKey(&enc, key3, iv3, DES_ENCRYPTION);
  6941. if (ret != 0)
  6942. return WC_TEST_RET_ENC_EC(ret);
  6943. ret = wc_Des3_SetKey(&dec, key3, iv3, DES_DECRYPTION);
  6944. if (ret != 0)
  6945. return WC_TEST_RET_ENC_EC(ret);
  6946. ret = wc_Des3_CbcEncrypt(&enc, cipher, vector, sizeof(vector));
  6947. #if defined(WOLFSSL_ASYNC_CRYPT)
  6948. ret = wc_AsyncWait(ret, &enc.asyncDev, WC_ASYNC_FLAG_NONE);
  6949. #endif
  6950. if (ret != 0)
  6951. return WC_TEST_RET_ENC_EC(ret);
  6952. ret = wc_Des3_CbcDecrypt(&dec, plain, cipher, sizeof(cipher));
  6953. #if defined(WOLFSSL_ASYNC_CRYPT)
  6954. ret = wc_AsyncWait(ret, &dec.asyncDev, WC_ASYNC_FLAG_NONE);
  6955. #endif
  6956. if (ret != 0)
  6957. return WC_TEST_RET_ENC_EC(ret);
  6958. if (XMEMCMP(plain, vector, sizeof(plain)))
  6959. return WC_TEST_RET_ENC_NC;
  6960. if (XMEMCMP(cipher, verify3, sizeof(cipher)))
  6961. return WC_TEST_RET_ENC_NC;
  6962. #if defined(OPENSSL_EXTRA) && !defined(WOLFCRYPT_ONLY)
  6963. /* test the same vectors with using compatibility layer */
  6964. for (i = 0; i < sizeof(vector); i += DES_BLOCK_SIZE){
  6965. DES_key_schedule ks1;
  6966. DES_key_schedule ks2;
  6967. DES_key_schedule ks3;
  6968. DES_cblock iv4;
  6969. byte tmp[sizeof(vector)];
  6970. XMEMCPY(ks1, key3, sizeof(DES_key_schedule));
  6971. XMEMCPY(ks2, key3 + 8, sizeof(DES_key_schedule));
  6972. XMEMCPY(ks3, key3 + 16, sizeof(DES_key_schedule));
  6973. XMEMSET(plain, 0, sizeof(plain));
  6974. XMEMSET(cipher, 0, sizeof(cipher));
  6975. /* Test in-place encrypt/decrypt */
  6976. XMEMCPY(tmp, vector, sizeof(vector));
  6977. /* Use i as the splitter */
  6978. XMEMCPY(iv4, iv3, sizeof(DES_cblock));
  6979. DES_ede3_cbc_encrypt(tmp, tmp, (long)i, &ks1, &ks2, &ks3,
  6980. &iv4, DES_ENCRYPT);
  6981. DES_ede3_cbc_encrypt(tmp + i, tmp + i, (long)(sizeof(vector) - i),
  6982. &ks1, &ks2, &ks3, &iv4, DES_ENCRYPT);
  6983. XMEMCPY(cipher, tmp, sizeof(cipher));
  6984. XMEMCPY(iv4, iv3, sizeof(DES_cblock));
  6985. DES_ede3_cbc_encrypt(tmp, tmp, (long)i, &ks1, &ks2, &ks3,
  6986. &iv4, DES_DECRYPT);
  6987. DES_ede3_cbc_encrypt(tmp + i, tmp + i, (long)(sizeof(cipher) - i),
  6988. &ks1, &ks2, &ks3, &iv4, DES_DECRYPT);
  6989. XMEMCPY(plain, tmp, sizeof(plain));
  6990. if (XMEMCMP(plain, vector, sizeof(plain)))
  6991. return WC_TEST_RET_ENC_NC;
  6992. if (XMEMCMP(cipher, verify3, sizeof(cipher)))
  6993. return WC_TEST_RET_ENC_NC;
  6994. }
  6995. #endif /* OPENSSL_EXTRA */
  6996. wc_Des3Free(&enc);
  6997. wc_Des3Free(&dec);
  6998. #if defined(WOLFSSL_ENCRYPTED_KEYS) && !defined(NO_SHA)
  6999. {
  7000. EncryptedInfo info;
  7001. XMEMSET(&info, 0, sizeof(EncryptedInfo));
  7002. XMEMCPY(info.iv, iv3, sizeof(iv3));
  7003. info.ivSz = sizeof(iv3);
  7004. info.keySz = sizeof(key3);
  7005. info.cipherType = WC_CIPHER_DES3;
  7006. ret = wc_BufferKeyEncrypt(&info, cipher, sizeof(cipher), key3,
  7007. sizeof(key3), WC_HASH_TYPE_SHA);
  7008. if (ret != 0)
  7009. return WC_TEST_RET_ENC_EC(ret);
  7010. }
  7011. #endif
  7012. return 0;
  7013. }
  7014. #endif /* NO_DES3 */
  7015. static const int fiducial1 = WC_TEST_RET_LN; /* source code reference point --
  7016. * see print_fiducials() below.
  7017. */
  7018. #ifndef NO_AES
  7019. #if defined(WOLFSSL_AES_OFB) || defined(WOLFSSL_AES_CFB) || \
  7020. defined(WOLFSSL_AES_XTS)
  7021. #if defined(OPENSSL_EXTRA) && !defined(WOLFCRYPT_ONLY) \
  7022. && !defined(HAVE_SELFTEST) && !defined(HAVE_FIPS)
  7023. /* pass in the function, key, iv, plain text and expected and this function
  7024. * tests that the encryption and decryption is successful */
  7025. static wc_test_ret_t EVP_test(const WOLFSSL_EVP_CIPHER* type, const byte* key,
  7026. const byte* iv, const byte* plain, int plainSz,
  7027. const byte* expected, int expectedSz)
  7028. {
  7029. #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
  7030. EVP_CIPHER_CTX *ctx = NULL;
  7031. #else
  7032. EVP_CIPHER_CTX ctx[1];
  7033. #endif
  7034. int ctx_inited = 0;
  7035. int idx, cipherSz;
  7036. wc_test_ret_t ret = 0;
  7037. byte* cipher;
  7038. #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
  7039. if ((ctx = wolfSSL_EVP_CIPHER_CTX_new()) == NULL)
  7040. return MEMORY_E;
  7041. #endif
  7042. cipher = (byte*)XMALLOC(plainSz, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  7043. if (cipher == NULL) {
  7044. ret = WC_TEST_RET_ENC_ERRNO;
  7045. goto EVP_TEST_END;
  7046. }
  7047. /* test encrypt */
  7048. EVP_CIPHER_CTX_init(ctx);
  7049. ctx_inited = 1;
  7050. if (EVP_CipherInit(ctx, type, key, iv, 1) == 0) {
  7051. ret = WC_TEST_RET_ENC_NC;
  7052. goto EVP_TEST_END;
  7053. }
  7054. if (EVP_CipherUpdate(ctx, cipher, &idx, plain, expectedSz) == 0) {
  7055. ret = WC_TEST_RET_ENC_NC;
  7056. goto EVP_TEST_END;
  7057. }
  7058. cipherSz = idx;
  7059. if (EVP_CipherFinal(ctx, cipher + cipherSz, &idx) == 0) {
  7060. ret = WC_TEST_RET_ENC_NC;
  7061. goto EVP_TEST_END;
  7062. }
  7063. cipherSz += idx;
  7064. if (XMEMCMP(cipher, expected, plainSz)) {
  7065. ret = WC_TEST_RET_ENC_NC;
  7066. goto EVP_TEST_END;
  7067. }
  7068. ret = wolfSSL_EVP_CIPHER_CTX_cleanup(ctx);
  7069. ctx_inited = 0;
  7070. if (ret == WOLFSSL_SUCCESS)
  7071. ret = 0;
  7072. else {
  7073. ret = WC_TEST_RET_ENC_NC;
  7074. goto EVP_TEST_END;
  7075. }
  7076. /* test decrypt */
  7077. EVP_CIPHER_CTX_init(ctx);
  7078. ctx_inited = 1;
  7079. if (EVP_CipherInit(ctx, type, key, iv, 0) == 0) {
  7080. ret = WC_TEST_RET_ENC_NC;
  7081. goto EVP_TEST_END;
  7082. }
  7083. if (EVP_CipherUpdate(ctx, cipher, &idx, cipher, expectedSz) == 0) {
  7084. ret = WC_TEST_RET_ENC_NC;
  7085. goto EVP_TEST_END;
  7086. }
  7087. cipherSz = idx;
  7088. if (EVP_CipherFinal(ctx, cipher + cipherSz, &idx) == 0) {
  7089. ret = WC_TEST_RET_ENC_NC;
  7090. goto EVP_TEST_END;
  7091. }
  7092. cipherSz += idx;
  7093. if ((expectedSz != cipherSz) || XMEMCMP(plain, cipher, plainSz)) {
  7094. ret = WC_TEST_RET_ENC_NC;
  7095. goto EVP_TEST_END;
  7096. }
  7097. EVP_TEST_END:
  7098. if (cipher)
  7099. XFREE(cipher, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  7100. (void)cipherSz;
  7101. if (ctx_inited) {
  7102. int cleanup_ret = wolfSSL_EVP_CIPHER_CTX_cleanup(ctx);
  7103. if (cleanup_ret != WOLFSSL_SUCCESS)
  7104. ret = WC_TEST_RET_ENC_NC;
  7105. }
  7106. #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
  7107. wolfSSL_EVP_CIPHER_CTX_free(ctx);
  7108. #endif
  7109. return ret;
  7110. }
  7111. #endif /* OPENSSL_EXTRA */
  7112. #endif /* WOLFSSL_AES_OFB || WOLFSSL_AES_CFB */
  7113. #ifdef WOLFSSL_AES_OFB
  7114. /* test vector from https://csrc.nist.gov/Projects/cryptographic-algorithm-validation-program/Block-Ciphers */
  7115. WOLFSSL_TEST_SUBROUTINE wc_test_ret_t aesofb_test(void)
  7116. {
  7117. #ifdef WOLFSSL_AES_256
  7118. WOLFSSL_SMALL_STACK_STATIC const byte key1[] =
  7119. {
  7120. 0xc4,0xc7,0xfa,0xd6,0x53,0x5c,0xb8,0x71,
  7121. 0x4a,0x5c,0x40,0x77,0x9a,0x8b,0xa1,0xd2,
  7122. 0x53,0x3e,0x23,0xb4,0xb2,0x58,0x73,0x2a,
  7123. 0x5b,0x78,0x01,0xf4,0xe3,0x71,0xa7,0x94
  7124. };
  7125. WOLFSSL_SMALL_STACK_STATIC const byte iv1[] =
  7126. {
  7127. 0x5e,0xb9,0x33,0x13,0xb8,0x71,0xff,0x16,
  7128. 0xb9,0x8a,0x9b,0xcb,0x43,0x33,0x0d,0x6f
  7129. };
  7130. WOLFSSL_SMALL_STACK_STATIC const byte plain1[] =
  7131. {
  7132. 0x6d,0x0b,0xb0,0x79,0x63,0x84,0x71,0xe9,
  7133. 0x39,0xd4,0x53,0x14,0x86,0xc1,0x4c,0x25,
  7134. 0x9a,0xee,0xc6,0xf3,0xc0,0x0d,0xfd,0xd6,
  7135. 0xc0,0x50,0xa8,0xba,0xa8,0x20,0xdb,0x71,
  7136. 0xcc,0x12,0x2c,0x4e,0x0c,0x17,0x15,0xef,
  7137. 0x55,0xf3,0x99,0x5a,0x6b,0xf0,0x2a,0x4c
  7138. };
  7139. WOLFSSL_SMALL_STACK_STATIC const byte cipher1[] =
  7140. {
  7141. 0x0f,0x54,0x61,0x71,0x59,0xd0,0x3f,0xfc,
  7142. 0x1b,0xfa,0xfb,0x60,0x29,0x30,0xd7,0x00,
  7143. 0xf4,0xa4,0xa8,0xe6,0xdd,0x93,0x94,0x46,
  7144. 0x64,0xd2,0x19,0xc4,0xc5,0x4d,0xde,0x1b,
  7145. 0x04,0x53,0xe1,0x73,0xf5,0x18,0x74,0xae,
  7146. 0xfd,0x64,0xa2,0xe1,0xe2,0x76,0x13,0xb0
  7147. };
  7148. #endif /* WOLFSSL_AES_256 */
  7149. #ifdef WOLFSSL_AES_128
  7150. WOLFSSL_SMALL_STACK_STATIC const byte key2[] =
  7151. {
  7152. 0x10,0xa5,0x88,0x69,0xd7,0x4b,0xe5,0xa3,
  7153. 0x74,0xcf,0x86,0x7c,0xfb,0x47,0x38,0x59
  7154. };
  7155. WOLFSSL_SMALL_STACK_STATIC const byte iv2[] =
  7156. {
  7157. 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
  7158. 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00
  7159. };
  7160. WOLFSSL_SMALL_STACK_STATIC const byte plain2[] =
  7161. {
  7162. 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
  7163. 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00
  7164. };
  7165. WOLFSSL_SMALL_STACK_STATIC const byte cipher2[] =
  7166. {
  7167. 0x6d,0x25,0x1e,0x69,0x44,0xb0,0x51,0xe0,
  7168. 0x4e,0xaa,0x6f,0xb4,0xdb,0xf7,0x84,0x65
  7169. };
  7170. #endif /* WOLFSSL_AES_128 */
  7171. #ifdef WOLFSSL_AES_192
  7172. WOLFSSL_SMALL_STACK_STATIC const byte key3[] = {
  7173. 0xd0,0x77,0xa0,0x3b,0xd8,0xa3,0x89,0x73,
  7174. 0x92,0x8c,0xca,0xfe,0x4a,0x9d,0x2f,0x45,
  7175. 0x51,0x30,0xbd,0x0a,0xf5,0xae,0x46,0xa9
  7176. };
  7177. WOLFSSL_SMALL_STACK_STATIC const byte iv3[] =
  7178. {
  7179. 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
  7180. 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00
  7181. };
  7182. WOLFSSL_SMALL_STACK_STATIC const byte cipher3[] =
  7183. {
  7184. 0xab,0xc7,0x86,0xfb,0x1e,0xdb,0x50,0x45,
  7185. 0x80,0xc4,0xd8,0x82,0xef,0x29,0xa0,0xc7
  7186. };
  7187. WOLFSSL_SMALL_STACK_STATIC const byte plain3[] =
  7188. {
  7189. 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
  7190. 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00
  7191. };
  7192. #endif /* WOLFSSL_AES_192 */
  7193. #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
  7194. Aes *enc = NULL;
  7195. #else
  7196. Aes enc[1];
  7197. #endif
  7198. byte cipher[AES_BLOCK_SIZE * 4];
  7199. #ifdef HAVE_AES_DECRYPT
  7200. #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
  7201. Aes *dec = NULL;
  7202. #else
  7203. Aes dec[1];
  7204. #endif
  7205. byte plain [AES_BLOCK_SIZE * 4];
  7206. #endif
  7207. wc_test_ret_t ret = 0;
  7208. #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
  7209. if ((enc = (Aes *)XMALLOC(sizeof *enc, HEAP_HINT, DYNAMIC_TYPE_AES)) == NULL)
  7210. ERROR_OUT(-1, out);
  7211. #ifdef HAVE_AES_DECRYPT
  7212. if ((dec = (Aes *)XMALLOC(sizeof *dec, HEAP_HINT, DYNAMIC_TYPE_AES)) == NULL)
  7213. ERROR_OUT(-1, out);
  7214. #endif
  7215. #endif
  7216. XMEMSET(enc, 0, sizeof *enc);
  7217. #ifdef HAVE_AES_DECRYPT
  7218. XMEMSET(dec, 0, sizeof *dec);
  7219. #endif
  7220. #ifdef WOLFSSL_AES_128
  7221. /* 128 key size test */
  7222. #if defined(OPENSSL_EXTRA) && !defined(WOLFCRYPT_ONLY) \
  7223. && !defined(HAVE_SELFTEST) && !defined(HAVE_FIPS)
  7224. ret = EVP_test(EVP_aes_128_ofb(), key2, iv2, plain2, sizeof(plain2),
  7225. cipher2, sizeof(cipher2));
  7226. if (ret != 0) {
  7227. goto out;
  7228. }
  7229. #endif
  7230. ret = wc_AesInit(enc, HEAP_HINT, INVALID_DEVID);
  7231. if (ret != 0)
  7232. ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
  7233. ret = wc_AesInit(dec, HEAP_HINT, INVALID_DEVID);
  7234. if (ret != 0)
  7235. ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
  7236. ret = wc_AesSetKey(enc, key2, sizeof(key2), iv2, AES_ENCRYPTION);
  7237. if (ret != 0)
  7238. ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
  7239. #ifdef HAVE_AES_DECRYPT
  7240. /* decrypt uses AES_ENCRYPTION */
  7241. ret = wc_AesSetKey(dec, key2, sizeof(key2), iv2, AES_ENCRYPTION);
  7242. if (ret != 0)
  7243. ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
  7244. #endif
  7245. XMEMSET(cipher, 0, sizeof(cipher));
  7246. ret = wc_AesOfbEncrypt(enc, cipher, plain2, AES_BLOCK_SIZE);
  7247. if (ret != 0)
  7248. ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
  7249. if (XMEMCMP(cipher, cipher2, AES_BLOCK_SIZE))
  7250. ERROR_OUT(WC_TEST_RET_ENC_NC, out);
  7251. #ifdef HAVE_AES_DECRYPT
  7252. ret = wc_AesOfbDecrypt(dec, plain, cipher2, AES_BLOCK_SIZE);
  7253. if (ret != 0)
  7254. ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
  7255. if (XMEMCMP(plain, plain2, AES_BLOCK_SIZE))
  7256. ERROR_OUT(WC_TEST_RET_ENC_NC, out);
  7257. #endif /* HAVE_AES_DECRYPT */
  7258. #endif /* WOLFSSL_AES_128 */
  7259. #ifdef WOLFSSL_AES_192
  7260. /* 192 key size test */
  7261. #if defined(OPENSSL_EXTRA) && !defined(WOLFCRYPT_ONLY) \
  7262. && !defined(HAVE_SELFTEST) && !defined(HAVE_FIPS)
  7263. ret = EVP_test(EVP_aes_192_ofb(), key3, iv3, plain3, sizeof(plain3),
  7264. cipher3, sizeof(cipher3));
  7265. if (ret != 0) {
  7266. goto out;
  7267. }
  7268. #endif
  7269. ret = wc_AesSetKey(enc, key3, sizeof(key3), iv3, AES_ENCRYPTION);
  7270. if (ret != 0)
  7271. ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
  7272. #ifdef HAVE_AES_DECRYPT
  7273. /* decrypt uses AES_ENCRYPTION */
  7274. ret = wc_AesSetKey(dec, key3, sizeof(key3), iv3, AES_ENCRYPTION);
  7275. if (ret != 0)
  7276. ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
  7277. #endif
  7278. XMEMSET(cipher, 0, sizeof(cipher));
  7279. ret = wc_AesOfbEncrypt(enc, cipher, plain3, AES_BLOCK_SIZE);
  7280. if (ret != 0)
  7281. ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
  7282. if (XMEMCMP(cipher, cipher3, AES_BLOCK_SIZE))
  7283. ERROR_OUT(WC_TEST_RET_ENC_NC, out);
  7284. #ifdef HAVE_AES_DECRYPT
  7285. ret = wc_AesOfbDecrypt(dec, plain, cipher3, AES_BLOCK_SIZE);
  7286. if (ret != 0)
  7287. ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
  7288. if (XMEMCMP(plain, plain3, AES_BLOCK_SIZE))
  7289. ERROR_OUT(WC_TEST_RET_ENC_NC, out);
  7290. #endif /* HAVE_AES_DECRYPT */
  7291. #endif /* WOLFSSL_AES_192 */
  7292. #ifdef WOLFSSL_AES_256
  7293. /* 256 key size test */
  7294. #if defined(OPENSSL_EXTRA) && !defined(WOLFCRYPT_ONLY) \
  7295. && !defined(HAVE_SELFTEST) && !defined(HAVE_FIPS)
  7296. ret = EVP_test(EVP_aes_256_ofb(), key1, iv1, plain1, sizeof(plain1),
  7297. cipher1, sizeof(cipher1));
  7298. if (ret != 0) {
  7299. goto out;
  7300. }
  7301. #endif
  7302. ret = wc_AesSetKey(enc, key1, sizeof(key1), iv1, AES_ENCRYPTION);
  7303. if (ret != 0)
  7304. ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
  7305. #ifdef HAVE_AES_DECRYPT
  7306. /* decrypt uses AES_ENCRYPTION */
  7307. ret = wc_AesSetKey(dec, key1, sizeof(key1), iv1, AES_ENCRYPTION);
  7308. if (ret != 0)
  7309. ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
  7310. #endif
  7311. XMEMSET(cipher, 0, sizeof(cipher));
  7312. ret = wc_AesOfbEncrypt(enc, cipher, plain1, AES_BLOCK_SIZE);
  7313. if (ret != 0)
  7314. ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
  7315. if (XMEMCMP(cipher, cipher1, AES_BLOCK_SIZE))
  7316. ERROR_OUT(WC_TEST_RET_ENC_NC, out);
  7317. ret = wc_AesOfbEncrypt(enc, cipher + AES_BLOCK_SIZE,
  7318. plain1 + AES_BLOCK_SIZE, AES_BLOCK_SIZE);
  7319. if (ret != 0)
  7320. ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
  7321. if (XMEMCMP(cipher + AES_BLOCK_SIZE, cipher1 + AES_BLOCK_SIZE,
  7322. AES_BLOCK_SIZE))
  7323. ERROR_OUT(WC_TEST_RET_ENC_NC, out);
  7324. #ifdef HAVE_AES_DECRYPT
  7325. ret = wc_AesOfbDecrypt(dec, plain, cipher1, AES_BLOCK_SIZE);
  7326. if (ret != 0)
  7327. ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
  7328. if (XMEMCMP(plain, plain1, AES_BLOCK_SIZE))
  7329. ERROR_OUT(WC_TEST_RET_ENC_NC, out);
  7330. ret = wc_AesOfbDecrypt(dec, plain + AES_BLOCK_SIZE,
  7331. cipher1 + AES_BLOCK_SIZE, AES_BLOCK_SIZE);
  7332. if (ret != 0)
  7333. ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
  7334. if (XMEMCMP(plain + AES_BLOCK_SIZE, plain1 + AES_BLOCK_SIZE,
  7335. AES_BLOCK_SIZE))
  7336. ERROR_OUT(WC_TEST_RET_ENC_NC, out);
  7337. #endif /* HAVE_AES_DECRYPT */
  7338. /* multiple blocks at once */
  7339. ret = wc_AesSetKey(enc, key1, sizeof(key1), iv1, AES_ENCRYPTION);
  7340. if (ret != 0)
  7341. ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
  7342. #ifdef HAVE_AES_DECRYPT
  7343. /* decrypt uses AES_ENCRYPTION */
  7344. ret = wc_AesSetKey(dec, key1, sizeof(key1), iv1, AES_ENCRYPTION);
  7345. if (ret != 0)
  7346. ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
  7347. #endif
  7348. XMEMSET(cipher, 0, sizeof(cipher));
  7349. ret = wc_AesOfbEncrypt(enc, cipher, plain1, AES_BLOCK_SIZE * 3);
  7350. if (ret != 0)
  7351. ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
  7352. if (XMEMCMP(cipher, cipher1, AES_BLOCK_SIZE * 3))
  7353. ERROR_OUT(WC_TEST_RET_ENC_NC, out);
  7354. #ifdef HAVE_AES_DECRYPT
  7355. ret = wc_AesOfbDecrypt(dec, plain, cipher1, AES_BLOCK_SIZE * 3);
  7356. if (ret != 0)
  7357. ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
  7358. if (XMEMCMP(plain, plain1, AES_BLOCK_SIZE * 3))
  7359. ERROR_OUT(WC_TEST_RET_ENC_NC, out);
  7360. #endif /* HAVE_AES_DECRYPT */
  7361. /* inline decrypt/encrypt*/
  7362. ret = wc_AesSetKey(enc, key1, sizeof(key1), iv1, AES_ENCRYPTION);
  7363. if (ret != 0)
  7364. ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
  7365. #ifdef HAVE_AES_DECRYPT
  7366. /* decrypt uses AES_ENCRYPTION */
  7367. ret = wc_AesSetKey(dec, key1, sizeof(key1), iv1, AES_ENCRYPTION);
  7368. if (ret != 0)
  7369. ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
  7370. #endif
  7371. XMEMCPY(cipher, plain1, AES_BLOCK_SIZE * 2);
  7372. ret = wc_AesOfbEncrypt(enc, cipher, cipher, AES_BLOCK_SIZE * 2);
  7373. if (ret != 0)
  7374. ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
  7375. if (XMEMCMP(cipher, cipher1, AES_BLOCK_SIZE * 2))
  7376. ERROR_OUT(WC_TEST_RET_ENC_NC, out);
  7377. #ifdef HAVE_AES_DECRYPT
  7378. ret = wc_AesOfbDecrypt(dec, cipher, cipher, AES_BLOCK_SIZE * 2);
  7379. if (ret != 0)
  7380. ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
  7381. if (XMEMCMP(cipher, plain1, AES_BLOCK_SIZE * 2))
  7382. ERROR_OUT(WC_TEST_RET_ENC_NC, out);
  7383. #endif /* HAVE_AES_DECRYPT */
  7384. /* 256 key size test leftover support */
  7385. ret = wc_AesSetKey(enc, key1, sizeof(key1), iv1, AES_ENCRYPTION);
  7386. if (ret != 0)
  7387. ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
  7388. #ifdef HAVE_AES_DECRYPT
  7389. /* decrypt uses AES_ENCRYPTION */
  7390. ret = wc_AesSetKey(dec, key1, sizeof(key1), iv1, AES_ENCRYPTION);
  7391. if (ret != 0)
  7392. ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
  7393. #endif
  7394. XMEMSET(cipher, 0, sizeof(cipher));
  7395. ret = wc_AesOfbEncrypt(enc, cipher, plain1, 3);
  7396. if (ret != 0)
  7397. ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
  7398. if (XMEMCMP(cipher, cipher1, 3))
  7399. ERROR_OUT(WC_TEST_RET_ENC_NC, out);
  7400. ret = wc_AesOfbEncrypt(enc, cipher + 3, plain1 + 3, AES_BLOCK_SIZE);
  7401. if (ret != 0)
  7402. ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
  7403. if (XMEMCMP(cipher + 3, cipher1 + 3, AES_BLOCK_SIZE))
  7404. ERROR_OUT(WC_TEST_RET_ENC_NC, out);
  7405. #ifdef HAVE_AES_DECRYPT
  7406. ret = wc_AesOfbDecrypt(dec, plain, cipher1, 6);
  7407. if (ret != 0)
  7408. ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
  7409. if (XMEMCMP(plain, plain1, 6))
  7410. ERROR_OUT(WC_TEST_RET_ENC_NC, out);
  7411. ret = wc_AesOfbDecrypt(dec, plain + 6, cipher1 + 6, AES_BLOCK_SIZE);
  7412. if (ret != 0)
  7413. ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
  7414. if (XMEMCMP(plain + 6, plain1 + 6, AES_BLOCK_SIZE))
  7415. ERROR_OUT(WC_TEST_RET_ENC_NC, out);
  7416. #endif /* HAVE_AES_DECRYPT */
  7417. out:
  7418. wc_AesFree(enc);
  7419. wc_AesFree(dec);
  7420. #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
  7421. if (enc)
  7422. XFREE(enc, HEAP_HINT, DYNAMIC_TYPE_AES);
  7423. #ifdef HAVE_AES_DECRYPT
  7424. if (dec)
  7425. XFREE(dec, HEAP_HINT, DYNAMIC_TYPE_AES);
  7426. #endif
  7427. #endif
  7428. #endif /* WOLFSSL_AES_256 */
  7429. return ret;
  7430. }
  7431. #endif /* WOLFSSL_AES_OFB */
  7432. #if defined(WOLFSSL_AES_CFB)
  7433. /* Test cases from NIST SP 800-38A, Recommendation for Block Cipher Modes of
  7434. * Operation Methods and Techniques
  7435. */
  7436. static wc_test_ret_t aescfb_test_0(void)
  7437. {
  7438. #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
  7439. Aes *enc = NULL;
  7440. #else
  7441. Aes enc[1];
  7442. #endif
  7443. int enc_inited = 0;
  7444. byte cipher[AES_BLOCK_SIZE * 4];
  7445. #ifdef HAVE_AES_DECRYPT
  7446. #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
  7447. Aes *dec = NULL;
  7448. #else
  7449. Aes dec[1];
  7450. #endif
  7451. int dec_inited = 0;
  7452. byte plain [AES_BLOCK_SIZE * 4];
  7453. #endif
  7454. wc_test_ret_t ret = 0;
  7455. WOLFSSL_SMALL_STACK_STATIC const byte iv[] = {
  7456. 0x00,0x01,0x02,0x03,0x04,0x05,0x06,0x07,
  7457. 0x08,0x09,0x0a,0x0b,0x0c,0x0d,0x0e,0x0f
  7458. };
  7459. #ifdef WOLFSSL_AES_128
  7460. WOLFSSL_SMALL_STACK_STATIC const byte key1[] =
  7461. {
  7462. 0x2b,0x7e,0x15,0x16,0x28,0xae,0xd2,0xa6,
  7463. 0xab,0xf7,0x15,0x88,0x09,0xcf,0x4f,0x3c
  7464. };
  7465. WOLFSSL_SMALL_STACK_STATIC const byte cipher1[] =
  7466. {
  7467. 0x3b,0x3f,0xd9,0x2e,0xb7,0x2d,0xad,0x20,
  7468. 0x33,0x34,0x49,0xf8,0xe8,0x3c,0xfb,0x4a,
  7469. 0xc8,0xa6,0x45,0x37,0xa0,0xb3,0xa9,0x3f,
  7470. 0xcd,0xe3,0xcd,0xad,0x9f,0x1c,0xe5,0x8b,
  7471. 0x26,0x75,0x1f,0x67,0xa3,0xcb,0xb1,0x40,
  7472. 0xb1,0x80,0x8c,0xf1,0x87,0xa4,0xf4,0xdf
  7473. };
  7474. WOLFSSL_SMALL_STACK_STATIC const byte msg1[] =
  7475. {
  7476. 0x6b,0xc1,0xbe,0xe2,0x2e,0x40,0x9f,0x96,
  7477. 0xe9,0x3d,0x7e,0x11,0x73,0x93,0x17,0x2a,
  7478. 0xae,0x2d,0x8a,0x57,0x1e,0x03,0xac,0x9c,
  7479. 0x9e,0xb7,0x6f,0xac,0x45,0xaf,0x8e,0x51,
  7480. 0x30,0xc8,0x1c,0x46,0xa3,0x5c,0xe4,0x11,
  7481. 0xe5,0xfb,0xc1,0x19,0x1a,0x0a,0x52,0xef
  7482. };
  7483. #endif /* WOLFSSL_AES_128 */
  7484. #ifdef WOLFSSL_AES_192
  7485. /* 192 size key test */
  7486. WOLFSSL_SMALL_STACK_STATIC const byte key2[] =
  7487. {
  7488. 0x8e,0x73,0xb0,0xf7,0xda,0x0e,0x64,0x52,
  7489. 0xc8,0x10,0xf3,0x2b,0x80,0x90,0x79,0xe5,
  7490. 0x62,0xf8,0xea,0xd2,0x52,0x2c,0x6b,0x7b
  7491. };
  7492. WOLFSSL_SMALL_STACK_STATIC const byte cipher2[] =
  7493. {
  7494. 0xcd,0xc8,0x0d,0x6f,0xdd,0xf1,0x8c,0xab,
  7495. 0x34,0xc2,0x59,0x09,0xc9,0x9a,0x41,0x74,
  7496. 0x67,0xce,0x7f,0x7f,0x81,0x17,0x36,0x21,
  7497. 0x96,0x1a,0x2b,0x70,0x17,0x1d,0x3d,0x7a,
  7498. 0x2e,0x1e,0x8a,0x1d,0xd5,0x9b,0x88,0xb1,
  7499. 0xc8,0xe6,0x0f,0xed,0x1e,0xfa,0xc4,0xc9,
  7500. 0xc0,0x5f,0x9f,0x9c,0xa9,0x83,0x4f,0xa0,
  7501. 0x42,0xae,0x8f,0xba,0x58,0x4b,0x09,0xff
  7502. };
  7503. WOLFSSL_SMALL_STACK_STATIC const byte msg2[] =
  7504. {
  7505. 0x6b,0xc1,0xbe,0xe2,0x2e,0x40,0x9f,0x96,
  7506. 0xe9,0x3d,0x7e,0x11,0x73,0x93,0x17,0x2a,
  7507. 0xae,0x2d,0x8a,0x57,0x1e,0x03,0xac,0x9c,
  7508. 0x9e,0xb7,0x6f,0xac,0x45,0xaf,0x8e,0x51,
  7509. 0x30,0xc8,0x1c,0x46,0xa3,0x5c,0xe4,0x11,
  7510. 0xe5,0xfb,0xc1,0x19,0x1a,0x0a,0x52,0xef,
  7511. 0xf6,0x9f,0x24,0x45,0xdf,0x4f,0x9b,0x17,
  7512. 0xad,0x2b,0x41,0x7b,0xe6,0x6c,0x37,0x10
  7513. };
  7514. #endif /* WOLFSSL_AES_192 */
  7515. #ifdef WOLFSSL_AES_256
  7516. /* 256 size key simple test */
  7517. WOLFSSL_SMALL_STACK_STATIC const byte key3[] =
  7518. {
  7519. 0x60,0x3d,0xeb,0x10,0x15,0xca,0x71,0xbe,
  7520. 0x2b,0x73,0xae,0xf0,0x85,0x7d,0x77,0x81,
  7521. 0x1f,0x35,0x2c,0x07,0x3b,0x61,0x08,0xd7,
  7522. 0x2d,0x98,0x10,0xa3,0x09,0x14,0xdf,0xf4
  7523. };
  7524. WOLFSSL_SMALL_STACK_STATIC const byte cipher3[] =
  7525. {
  7526. 0xdc,0x7e,0x84,0xbf,0xda,0x79,0x16,0x4b,
  7527. 0x7e,0xcd,0x84,0x86,0x98,0x5d,0x38,0x60,
  7528. 0x39,0xff,0xed,0x14,0x3b,0x28,0xb1,0xc8,
  7529. 0x32,0x11,0x3c,0x63,0x31,0xe5,0x40,0x7b,
  7530. 0xdf,0x10,0x13,0x24,0x15,0xe5,0x4b,0x92,
  7531. 0xa1,0x3e,0xd0,0xa8,0x26,0x7a,0xe2,0xf9,
  7532. 0x75,0xa3,0x85,0x74,0x1a,0xb9,0xce,0xf8,
  7533. 0x20,0x31,0x62,0x3d,0x55,0xb1,0xe4,0x71
  7534. };
  7535. WOLFSSL_SMALL_STACK_STATIC const byte msg3[] =
  7536. {
  7537. 0x6b,0xc1,0xbe,0xe2,0x2e,0x40,0x9f,0x96,
  7538. 0xe9,0x3d,0x7e,0x11,0x73,0x93,0x17,0x2a,
  7539. 0xae,0x2d,0x8a,0x57,0x1e,0x03,0xac,0x9c,
  7540. 0x9e,0xb7,0x6f,0xac,0x45,0xaf,0x8e,0x51,
  7541. 0x30,0xc8,0x1c,0x46,0xa3,0x5c,0xe4,0x11,
  7542. 0xe5,0xfb,0xc1,0x19,0x1a,0x0a,0x52,0xef,
  7543. 0xf6,0x9f,0x24,0x45,0xdf,0x4f,0x9b,0x17,
  7544. 0xad,0x2b,0x41,0x7b,0xe6,0x6c,0x37,0x10
  7545. };
  7546. #endif /* WOLFSSL_AES_256 */
  7547. #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
  7548. if ((enc = (Aes *)XMALLOC(sizeof *enc, HEAP_HINT, DYNAMIC_TYPE_AES)) == NULL)
  7549. ERROR_OUT(WC_TEST_RET_ENC_ERRNO, out);
  7550. #ifdef HAVE_AES_DECRYPT
  7551. if ((dec = (Aes *)XMALLOC(sizeof *dec, HEAP_HINT, DYNAMIC_TYPE_AES)) == NULL)
  7552. ERROR_OUT(WC_TEST_RET_ENC_ERRNO, out);
  7553. #endif
  7554. #endif
  7555. ret = wc_AesInit(enc, HEAP_HINT, devId);
  7556. if (ret != 0)
  7557. ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
  7558. else
  7559. enc_inited = 1;
  7560. #ifdef HAVE_AES_DECRYPT
  7561. ret = wc_AesInit(dec, HEAP_HINT, devId);
  7562. if (ret != 0)
  7563. ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
  7564. else
  7565. dec_inited = 1;
  7566. #endif
  7567. #ifdef WOLFSSL_AES_128
  7568. /* 128 key tests */
  7569. #if defined(OPENSSL_EXTRA) && !defined(WOLFCRYPT_ONLY) \
  7570. && !defined(HAVE_SELFTEST) && !defined(HAVE_FIPS)
  7571. ret = EVP_test(EVP_aes_128_cfb128(), key1, iv, msg1, sizeof(msg1),
  7572. cipher1, sizeof(cipher1));
  7573. if (ret != 0) {
  7574. return ret;
  7575. }
  7576. #endif
  7577. ret = wc_AesSetKey(enc, key1, AES_BLOCK_SIZE, iv, AES_ENCRYPTION);
  7578. if (ret != 0)
  7579. ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
  7580. #ifdef HAVE_AES_DECRYPT
  7581. /* decrypt uses AES_ENCRYPTION */
  7582. ret = wc_AesSetKey(dec, key1, AES_BLOCK_SIZE, iv, AES_ENCRYPTION);
  7583. if (ret != 0)
  7584. ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
  7585. #endif
  7586. XMEMSET(cipher, 0, sizeof(cipher));
  7587. ret = wc_AesCfbEncrypt(enc, cipher, msg1, AES_BLOCK_SIZE * 2);
  7588. if (ret != 0)
  7589. ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
  7590. if (XMEMCMP(cipher, cipher1, AES_BLOCK_SIZE * 2))
  7591. ERROR_OUT(WC_TEST_RET_ENC_NC, out);
  7592. /* test restarting encryption process */
  7593. ret = wc_AesCfbEncrypt(enc, cipher + (AES_BLOCK_SIZE * 2),
  7594. msg1 + (AES_BLOCK_SIZE * 2), AES_BLOCK_SIZE);
  7595. if (ret != 0)
  7596. ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
  7597. if (XMEMCMP(cipher + (AES_BLOCK_SIZE * 2),
  7598. cipher1 + (AES_BLOCK_SIZE * 2), AES_BLOCK_SIZE))
  7599. ERROR_OUT(WC_TEST_RET_ENC_NC, out);
  7600. #ifdef HAVE_AES_DECRYPT
  7601. ret = wc_AesCfbDecrypt(dec, plain, cipher, AES_BLOCK_SIZE * 3);
  7602. if (ret != 0)
  7603. ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
  7604. if (XMEMCMP(plain, msg1, AES_BLOCK_SIZE * 3))
  7605. ERROR_OUT(WC_TEST_RET_ENC_NC, out);
  7606. #endif /* HAVE_AES_DECRYPT */
  7607. #endif /* WOLFSSL_AES_128 */
  7608. #ifdef WOLFSSL_AES_192
  7609. /* 192 key size test */
  7610. #if defined(OPENSSL_EXTRA) && !defined(WOLFCRYPT_ONLY) \
  7611. && !defined(HAVE_SELFTEST) && !defined(HAVE_FIPS)
  7612. ret = EVP_test(EVP_aes_192_cfb128(), key2, iv, msg2, sizeof(msg2),
  7613. cipher2, sizeof(cipher2));
  7614. if (ret != 0) {
  7615. return ret;
  7616. }
  7617. #endif
  7618. ret = wc_AesSetKey(enc, key2, sizeof(key2), iv, AES_ENCRYPTION);
  7619. if (ret != 0)
  7620. ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
  7621. #ifdef HAVE_AES_DECRYPT
  7622. /* decrypt uses AES_ENCRYPTION */
  7623. ret = wc_AesSetKey(dec, key2, sizeof(key2), iv, AES_ENCRYPTION);
  7624. if (ret != 0)
  7625. ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
  7626. #endif
  7627. XMEMSET(cipher, 0, sizeof(cipher));
  7628. ret = wc_AesCfbEncrypt(enc, cipher, msg2, AES_BLOCK_SIZE * 4);
  7629. if (ret != 0)
  7630. ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
  7631. if (XMEMCMP(cipher, cipher2, AES_BLOCK_SIZE * 4))
  7632. ERROR_OUT(WC_TEST_RET_ENC_NC, out);
  7633. #ifdef HAVE_AES_DECRYPT
  7634. ret = wc_AesCfbDecrypt(dec, plain, cipher, AES_BLOCK_SIZE * 4);
  7635. if (ret != 0)
  7636. ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
  7637. if (XMEMCMP(plain, msg2, AES_BLOCK_SIZE * 4))
  7638. ERROR_OUT(WC_TEST_RET_ENC_NC, out);
  7639. #endif /* HAVE_AES_DECRYPT */
  7640. #endif /* WOLFSSL_AES_192 */
  7641. #ifdef WOLFSSL_AES_256
  7642. /* 256 key size test */
  7643. #if defined(OPENSSL_EXTRA) && !defined(WOLFCRYPT_ONLY) \
  7644. && !defined(HAVE_SELFTEST) && !defined(HAVE_FIPS)
  7645. ret = EVP_test(EVP_aes_256_cfb128(), key3, iv, msg3, sizeof(msg3),
  7646. cipher3, sizeof(cipher3));
  7647. if (ret != 0) {
  7648. return ret;
  7649. }
  7650. #endif
  7651. ret = wc_AesSetKey(enc, key3, sizeof(key3), iv, AES_ENCRYPTION);
  7652. if (ret != 0)
  7653. ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
  7654. #ifdef HAVE_AES_DECRYPT
  7655. /* decrypt uses AES_ENCRYPTION */
  7656. ret = wc_AesSetKey(dec, key3, sizeof(key3), iv, AES_ENCRYPTION);
  7657. if (ret != 0)
  7658. ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
  7659. #endif
  7660. /* test with data left overs, magic lengths are checking near edges */
  7661. XMEMSET(cipher, 0, sizeof(cipher));
  7662. ret = wc_AesCfbEncrypt(enc, cipher, msg3, 4);
  7663. if (ret != 0)
  7664. ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
  7665. if (XMEMCMP(cipher, cipher3, 4))
  7666. ERROR_OUT(WC_TEST_RET_ENC_NC, out);
  7667. ret = wc_AesCfbEncrypt(enc, cipher + 4, msg3 + 4, 27);
  7668. if (ret != 0)
  7669. ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
  7670. if (XMEMCMP(cipher + 4, cipher3 + 4, 27))
  7671. ERROR_OUT(WC_TEST_RET_ENC_NC, out);
  7672. ret = wc_AesCfbEncrypt(enc, cipher + 31, msg3 + 31,
  7673. (AES_BLOCK_SIZE * 4) - 31);
  7674. if (ret != 0)
  7675. ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
  7676. if (XMEMCMP(cipher, cipher3, AES_BLOCK_SIZE * 4))
  7677. ERROR_OUT(WC_TEST_RET_ENC_NC, out);
  7678. #ifdef HAVE_AES_DECRYPT
  7679. ret = wc_AesCfbDecrypt(dec, plain, cipher, 4);
  7680. if (ret != 0)
  7681. ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
  7682. if (XMEMCMP(plain, msg3, 4))
  7683. ERROR_OUT(WC_TEST_RET_ENC_NC, out);
  7684. ret = wc_AesCfbDecrypt(dec, plain + 4, cipher + 4, 4);
  7685. if (ret != 0)
  7686. ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
  7687. ret = wc_AesCfbDecrypt(dec, plain + 8, cipher + 8, 23);
  7688. if (ret != 0)
  7689. ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
  7690. if (XMEMCMP(plain + 4, msg3 + 4, 27))
  7691. ERROR_OUT(WC_TEST_RET_ENC_NC, out);
  7692. ret = wc_AesCfbDecrypt(dec, plain + 31, cipher + 31,
  7693. (AES_BLOCK_SIZE * 4) - 31);
  7694. if (ret != 0)
  7695. ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
  7696. if (XMEMCMP(plain, msg3, AES_BLOCK_SIZE * 4))
  7697. ERROR_OUT(WC_TEST_RET_ENC_NC, out);
  7698. #endif /* HAVE_AES_DECRYPT */
  7699. #endif /* WOLFSSL_AES_256 */
  7700. out:
  7701. if (enc_inited)
  7702. wc_AesFree(enc);
  7703. if (dec_inited)
  7704. wc_AesFree(dec);
  7705. #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
  7706. if (enc)
  7707. XFREE(enc, HEAP_HINT, DYNAMIC_TYPE_AES);
  7708. #ifdef HAVE_AES_DECRYPT
  7709. if (dec)
  7710. XFREE(dec, HEAP_HINT, DYNAMIC_TYPE_AES);
  7711. #endif
  7712. #endif
  7713. return ret;
  7714. }
  7715. #if !defined(HAVE_SELFTEST) && !defined(HAVE_FIPS)
  7716. static wc_test_ret_t aescfb1_test(void)
  7717. {
  7718. #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
  7719. Aes *enc = NULL;
  7720. #else
  7721. Aes enc[1];
  7722. #endif
  7723. int enc_inited = 0;
  7724. byte cipher[AES_BLOCK_SIZE];
  7725. #ifdef HAVE_AES_DECRYPT
  7726. #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
  7727. Aes *dec = NULL;
  7728. #else
  7729. Aes dec[1];
  7730. #endif
  7731. int dec_inited = 0;
  7732. byte plain [AES_BLOCK_SIZE];
  7733. #endif
  7734. wc_test_ret_t ret = 0;
  7735. #ifdef WOLFSSL_AES_128
  7736. WOLFSSL_SMALL_STACK_STATIC const byte iv[] = {
  7737. 0x4d,0xbb,0xdc,0xaa,0x59,0xf3,0x63,0xc9,
  7738. 0x2a,0x3b,0x98,0x43,0xad,0x20,0xe2,0xb7
  7739. };
  7740. WOLFSSL_SMALL_STACK_STATIC const byte key1[] =
  7741. {
  7742. 0xcd,0xef,0x9d,0x06,0x61,0xba,0xe4,0x73,
  7743. 0x8d,0x1a,0x58,0xa2,0xa6,0x22,0x8b,0x66
  7744. };
  7745. WOLFSSL_SMALL_STACK_STATIC const byte cipher1[] =
  7746. {
  7747. 0x00
  7748. };
  7749. WOLFSSL_SMALL_STACK_STATIC const byte msg1[] =
  7750. {
  7751. 0xC0
  7752. };
  7753. #endif /* WOLFSSL_AES_128 */
  7754. #ifdef WOLFSSL_AES_192
  7755. WOLFSSL_SMALL_STACK_STATIC const byte iv2[] = {
  7756. 0x57,0xc6,0x89,0x7c,0x99,0x52,0x28,0x13,
  7757. 0xbf,0x67,0x9c,0xe1,0x13,0x70,0xaf,0x5e
  7758. };
  7759. WOLFSSL_SMALL_STACK_STATIC const byte key2[] =
  7760. {
  7761. 0xba,0xa1,0x58,0xa1,0x6b,0x50,0x4a,0x10,
  7762. 0x8e,0xd4,0x33,0x2e,0xe7,0xf2,0x9b,0xf6,
  7763. 0xd1,0xac,0x46,0xa8,0xde,0x5a,0xfe,0x7a
  7764. };
  7765. WOLFSSL_SMALL_STACK_STATIC const byte cipher2[] =
  7766. {
  7767. 0x30
  7768. };
  7769. WOLFSSL_SMALL_STACK_STATIC const byte msg2[] =
  7770. {
  7771. 0x80
  7772. };
  7773. #endif /* WOLFSSL_AES_192 */
  7774. #ifdef WOLFSSL_AES_256
  7775. WOLFSSL_SMALL_STACK_STATIC const byte iv3[] = {
  7776. 0x63,0x2e,0x9f,0x83,0x1f,0xa3,0x80,0x5e,
  7777. 0x52,0x02,0xbc,0xe0,0x6d,0x04,0xf9,0xa0
  7778. };
  7779. WOLFSSL_SMALL_STACK_STATIC const byte key3[] =
  7780. {
  7781. 0xf6,0xfa,0xe4,0xf1,0x5d,0x91,0xfc,0x50,
  7782. 0x88,0x78,0x4f,0x84,0xa5,0x37,0x12,0x7e,
  7783. 0x32,0x63,0x55,0x9c,0x62,0x73,0x88,0x20,
  7784. 0xc2,0xcf,0x3d,0xe1,0x1c,0x2a,0x30,0x40
  7785. };
  7786. WOLFSSL_SMALL_STACK_STATIC const byte cipher3[] =
  7787. {
  7788. 0xF7, 0x00
  7789. };
  7790. WOLFSSL_SMALL_STACK_STATIC const byte msg3[] =
  7791. {
  7792. 0x41, 0xC0
  7793. };
  7794. #endif /* WOLFSSL_AES_256 */
  7795. #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
  7796. if ((enc = (Aes *)XMALLOC(sizeof *enc, HEAP_HINT, DYNAMIC_TYPE_AES)) == NULL)
  7797. ERROR_OUT(WC_TEST_RET_ENC_ERRNO, out);
  7798. #ifdef HAVE_AES_DECRYPT
  7799. if ((dec = (Aes *)XMALLOC(sizeof *dec, HEAP_HINT, DYNAMIC_TYPE_AES)) == NULL)
  7800. ERROR_OUT(WC_TEST_RET_ENC_ERRNO, out);
  7801. #endif
  7802. #endif
  7803. ret = wc_AesInit(enc, HEAP_HINT, devId);
  7804. if (ret != 0)
  7805. ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
  7806. else
  7807. enc_inited = 1;
  7808. #ifdef HAVE_AES_DECRYPT
  7809. ret = wc_AesInit(dec, HEAP_HINT, devId);
  7810. if (ret != 0)
  7811. ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
  7812. else
  7813. dec_inited = 1;
  7814. #endif
  7815. #ifdef WOLFSSL_AES_128
  7816. /* 128 key tests */
  7817. ret = wc_AesSetKey(enc, key1, AES_BLOCK_SIZE, iv, AES_ENCRYPTION);
  7818. if (ret != 0)
  7819. ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
  7820. #ifdef HAVE_AES_DECRYPT
  7821. /* decrypt uses AES_ENCRYPTION */
  7822. ret = wc_AesSetKey(dec, key1, AES_BLOCK_SIZE, iv, AES_ENCRYPTION);
  7823. if (ret != 0)
  7824. ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
  7825. #endif
  7826. XMEMSET(cipher, 0, sizeof(cipher));
  7827. ret = wc_AesCfb1Encrypt(enc, cipher, msg1, 2);
  7828. if (ret != 0)
  7829. ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
  7830. if (cipher[0] != cipher1[0])
  7831. ERROR_OUT(WC_TEST_RET_ENC_NC, out);
  7832. #ifdef HAVE_AES_DECRYPT
  7833. ret = wc_AesCfb1Decrypt(dec, plain, cipher, 2);
  7834. if (ret != 0)
  7835. ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
  7836. if (plain[0] != msg1[0])
  7837. ERROR_OUT(WC_TEST_RET_ENC_NC, out);
  7838. #endif /* HAVE_AES_DECRYPT */
  7839. #ifdef OPENSSL_EXTRA
  7840. ret = wc_AesSetKey(enc, key1, AES_BLOCK_SIZE, iv, AES_ENCRYPTION);
  7841. if (ret != 0)
  7842. ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
  7843. XMEMSET(cipher, 0, sizeof(cipher));
  7844. ret = wc_AesCfb1Encrypt(enc, cipher, msg1,
  7845. sizeof(msg1) * WOLFSSL_BIT_SIZE);
  7846. if (ret != 0)
  7847. ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
  7848. #ifndef WOLFCRYPT_ONLY
  7849. ret = EVP_test(EVP_aes_128_cfb1(), key1, iv, msg1, sizeof(msg1),
  7850. cipher, sizeof(msg1));
  7851. if (ret != 0) {
  7852. goto out;
  7853. }
  7854. #endif
  7855. #endif
  7856. #endif /* WOLFSSL_AES_128 */
  7857. #ifdef WOLFSSL_AES_192
  7858. /* 192 key tests */
  7859. ret = wc_AesSetKey(enc, key2, sizeof(key2), iv2, AES_ENCRYPTION);
  7860. if (ret != 0)
  7861. ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
  7862. XMEMSET(cipher, 0, sizeof(cipher));
  7863. ret = wc_AesCfb1Encrypt(enc, cipher, msg2, 4);
  7864. if (ret != 0)
  7865. ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
  7866. if (XMEMCMP(cipher, cipher2, sizeof(cipher2)) != 0)
  7867. ERROR_OUT(WC_TEST_RET_ENC_NC, out);
  7868. #ifdef OPENSSL_EXTRA
  7869. ret = wc_AesSetKey(enc, key2, sizeof(key2), iv2, AES_ENCRYPTION);
  7870. if (ret != 0)
  7871. ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
  7872. XMEMSET(cipher, 0, sizeof(cipher));
  7873. ret = wc_AesCfb1Encrypt(enc, cipher, msg2,
  7874. sizeof(msg2) * WOLFSSL_BIT_SIZE);
  7875. if (ret != 0)
  7876. ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
  7877. #ifndef WOLFCRYPT_ONLY
  7878. ret = EVP_test(EVP_aes_192_cfb1(), key2, iv2, msg2, sizeof(msg2),
  7879. cipher, sizeof(msg2));
  7880. if (ret != 0) {
  7881. goto out;
  7882. }
  7883. #endif
  7884. #endif
  7885. #endif /* WOLFSSL_AES_192 */
  7886. #ifdef WOLFSSL_AES_256
  7887. /* 256 key tests */
  7888. ret = wc_AesSetKey(enc, key3, sizeof(key3), iv3, AES_ENCRYPTION);
  7889. if (ret != 0)
  7890. ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
  7891. XMEMSET(cipher, 0, sizeof(cipher));
  7892. ret = wc_AesCfb1Encrypt(enc, cipher, msg3, 10);
  7893. if (ret != 0)
  7894. ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
  7895. if (XMEMCMP(cipher, cipher3, sizeof(cipher3)) != 0)
  7896. ERROR_OUT(WC_TEST_RET_ENC_NC, out);
  7897. #ifdef OPENSSL_EXTRA
  7898. ret = wc_AesSetKey(enc, key3, sizeof(key3), iv3, AES_ENCRYPTION);
  7899. if (ret != 0)
  7900. ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
  7901. XMEMSET(cipher, 0, sizeof(cipher));
  7902. ret = wc_AesCfb1Encrypt(enc, cipher, msg3,
  7903. sizeof(msg3) * WOLFSSL_BIT_SIZE);
  7904. if (ret != 0)
  7905. ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
  7906. #ifndef WOLFCRYPT_ONLY
  7907. ret = EVP_test(EVP_aes_256_cfb1(), key3, iv3, msg3, sizeof(msg3),
  7908. cipher, sizeof(msg3));
  7909. if (ret != 0) {
  7910. goto out;
  7911. }
  7912. #endif
  7913. #endif
  7914. #endif /* WOLFSSL_AES_256 */
  7915. out:
  7916. if (enc_inited)
  7917. wc_AesFree(enc);
  7918. #ifdef HAVE_AES_DECRYPT
  7919. if (dec_inited)
  7920. wc_AesFree(dec);
  7921. #endif
  7922. #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
  7923. if (enc)
  7924. XFREE(enc, HEAP_HINT, DYNAMIC_TYPE_AES);
  7925. #ifdef HAVE_AES_DECRYPT
  7926. if (dec)
  7927. XFREE(dec, HEAP_HINT, DYNAMIC_TYPE_AES);
  7928. #endif
  7929. #endif
  7930. return ret;
  7931. }
  7932. static wc_test_ret_t aescfb8_test(void)
  7933. {
  7934. #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
  7935. Aes *enc = NULL;
  7936. #else
  7937. Aes enc[1];
  7938. #endif
  7939. int enc_inited = 0;
  7940. byte cipher[AES_BLOCK_SIZE];
  7941. #ifdef HAVE_AES_DECRYPT
  7942. #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
  7943. Aes *dec = NULL;
  7944. #else
  7945. Aes dec[1];
  7946. #endif
  7947. int dec_inited = 0;
  7948. byte plain [AES_BLOCK_SIZE];
  7949. #endif
  7950. wc_test_ret_t ret = 0;
  7951. #ifdef WOLFSSL_AES_128
  7952. WOLFSSL_SMALL_STACK_STATIC const byte iv[] = {
  7953. 0xf4,0x75,0xc6,0x49,0x91,0xb2,0x0e,0xae,
  7954. 0xe1,0x83,0xa2,0x26,0x29,0xe2,0x1e,0x22
  7955. };
  7956. WOLFSSL_SMALL_STACK_STATIC const byte key1[] =
  7957. {
  7958. 0xc8,0xfe,0x9b,0xf7,0x7b,0x93,0x0f,0x46,
  7959. 0xd2,0x07,0x8b,0x8c,0x0e,0x65,0x7c,0xd4
  7960. };
  7961. WOLFSSL_SMALL_STACK_STATIC const byte cipher1[] =
  7962. {
  7963. 0xd2,0x76,0x91
  7964. };
  7965. WOLFSSL_SMALL_STACK_STATIC const byte msg1[] =
  7966. {
  7967. 0xc9,0x06,0x35
  7968. };
  7969. #endif /* WOLFSSL_AES_128 */
  7970. #ifdef WOLFSSL_AES_192
  7971. WOLFSSL_SMALL_STACK_STATIC const byte iv2[] = {
  7972. 0x0a,0x02,0x84,0x6b,0x62,0xab,0xb6,0x93,
  7973. 0xef,0x31,0xd7,0x54,0x84,0x2e,0xed,0x29
  7974. };
  7975. WOLFSSL_SMALL_STACK_STATIC const byte key2[] =
  7976. {
  7977. 0xba,0xf0,0x8b,0x76,0x31,0x7a,0x65,0xc5,
  7978. 0xf0,0x7a,0xe6,0xf5,0x7e,0xb0,0xe6,0x54,
  7979. 0x88,0x65,0x93,0x24,0xd2,0x97,0x09,0xe3
  7980. };
  7981. WOLFSSL_SMALL_STACK_STATIC const byte cipher2[] =
  7982. {
  7983. 0x72,0x9c,0x0b,0x6d,0xeb,0x75,0xfa,0x6e,
  7984. 0xb5,0xe8
  7985. };
  7986. WOLFSSL_SMALL_STACK_STATIC const byte msg2[] =
  7987. {
  7988. 0x98,0x95,0x93,0x24,0x02,0x39,0x3d,0xc3,
  7989. 0x3a,0x60
  7990. };
  7991. #endif
  7992. #ifdef WOLFSSL_AES_256
  7993. WOLFSSL_SMALL_STACK_STATIC const byte iv3[] = {
  7994. 0x33,0x8c,0x55,0x2f,0xf1,0xec,0xa1,0x44,
  7995. 0x08,0xe0,0x5d,0x8c,0xf9,0xf3,0xb3,0x1b
  7996. };
  7997. WOLFSSL_SMALL_STACK_STATIC const byte key3[] =
  7998. {
  7999. 0x06,0x48,0x74,0x09,0x2f,0x7a,0x13,0xcc,
  8000. 0x44,0x62,0x24,0x7a,0xd4,0x23,0xd0,0xe9,
  8001. 0x6e,0xdf,0x42,0xe8,0xb6,0x7a,0x5a,0x23,
  8002. 0xb7,0xa0,0xa6,0x47,0x7b,0x09,0x8e,0x66
  8003. };
  8004. WOLFSSL_SMALL_STACK_STATIC const byte cipher3[] =
  8005. {
  8006. 0x1c,0xff,0x95
  8007. };
  8008. WOLFSSL_SMALL_STACK_STATIC const byte msg3[] =
  8009. {
  8010. 0xb9,0x74,0xfa
  8011. };
  8012. #endif
  8013. #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
  8014. if ((enc = (Aes *)XMALLOC(sizeof *enc, HEAP_HINT, DYNAMIC_TYPE_AES)) == NULL)
  8015. ERROR_OUT(WC_TEST_RET_ENC_ERRNO, out);
  8016. #ifdef HAVE_AES_DECRYPT
  8017. if ((dec = (Aes *)XMALLOC(sizeof *dec, HEAP_HINT, DYNAMIC_TYPE_AES)) == NULL)
  8018. ERROR_OUT(WC_TEST_RET_ENC_ERRNO, out);
  8019. #endif
  8020. #endif
  8021. ret = wc_AesInit(enc, HEAP_HINT, devId);
  8022. if (ret != 0)
  8023. ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
  8024. else
  8025. enc_inited = 1;
  8026. #ifdef HAVE_AES_DECRYPT
  8027. ret = wc_AesInit(dec, HEAP_HINT, devId);
  8028. if (ret != 0)
  8029. ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
  8030. else
  8031. dec_inited = 1;
  8032. #endif
  8033. #ifdef WOLFSSL_AES_128
  8034. /* 128 key tests */
  8035. #if defined(OPENSSL_EXTRA) && !defined(WOLFCRYPT_ONLY)
  8036. ret = EVP_test(EVP_aes_128_cfb8(), key1, iv, msg1, sizeof(msg1),
  8037. cipher1, sizeof(cipher1));
  8038. if (ret != 0) {
  8039. return ret;
  8040. }
  8041. #endif
  8042. ret = wc_AesSetKey(enc, key1, AES_BLOCK_SIZE, iv, AES_ENCRYPTION);
  8043. if (ret != 0)
  8044. ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
  8045. #ifdef HAVE_AES_DECRYPT
  8046. /* decrypt uses AES_ENCRYPTION */
  8047. ret = wc_AesSetKey(dec, key1, AES_BLOCK_SIZE, iv, AES_ENCRYPTION);
  8048. if (ret != 0)
  8049. ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
  8050. #endif
  8051. XMEMSET(cipher, 0, sizeof(cipher));
  8052. ret = wc_AesCfb8Encrypt(enc, cipher, msg1, sizeof(msg1));
  8053. if (ret != 0)
  8054. ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
  8055. if (XMEMCMP(cipher, cipher1, sizeof(cipher1)) != 0)
  8056. ERROR_OUT(WC_TEST_RET_ENC_NC, out);
  8057. #ifdef HAVE_AES_DECRYPT
  8058. ret = wc_AesCfb8Decrypt(dec, plain, cipher, sizeof(msg1));
  8059. if (ret != 0)
  8060. ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
  8061. if (XMEMCMP(plain, msg1, sizeof(msg1)) != 0)
  8062. ERROR_OUT(WC_TEST_RET_ENC_NC, out);
  8063. #endif /* HAVE_AES_DECRYPT */
  8064. #endif /* WOLFSSL_AES_128 */
  8065. #ifdef WOLFSSL_AES_192
  8066. /* 192 key tests */
  8067. ret = wc_AesSetKey(enc, key2, sizeof(key2), iv2, AES_ENCRYPTION);
  8068. if (ret != 0)
  8069. ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
  8070. XMEMSET(cipher, 0, sizeof(cipher));
  8071. ret = wc_AesCfb8Encrypt(enc, cipher, msg2, sizeof(msg2));
  8072. if (ret != 0)
  8073. ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
  8074. if (XMEMCMP(cipher, cipher2, sizeof(msg2)) != 0)
  8075. ERROR_OUT(WC_TEST_RET_ENC_NC, out);
  8076. #if defined(OPENSSL_EXTRA) && !defined(WOLFCRYPT_ONLY)
  8077. ret = EVP_test(EVP_aes_192_cfb8(), key2, iv2, msg2, sizeof(msg2),
  8078. cipher2, sizeof(msg2));
  8079. if (ret != 0) {
  8080. return ret;
  8081. }
  8082. #endif
  8083. #endif /* WOLFSSL_AES_192 */
  8084. #ifdef WOLFSSL_AES_256
  8085. /* 256 key tests */
  8086. ret = wc_AesSetKey(enc, key3, sizeof(key3), iv3, AES_ENCRYPTION);
  8087. if (ret != 0)
  8088. ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
  8089. XMEMSET(cipher, 0, sizeof(cipher));
  8090. ret = wc_AesCfb8Encrypt(enc, cipher, msg3, sizeof(msg3));
  8091. if (ret != 0)
  8092. ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
  8093. if (XMEMCMP(cipher, cipher3, sizeof(cipher3)) != 0)
  8094. ERROR_OUT(WC_TEST_RET_ENC_NC, out);
  8095. #if defined(OPENSSL_EXTRA) && !defined(WOLFCRYPT_ONLY)
  8096. ret = EVP_test(EVP_aes_256_cfb8(), key3, iv3, msg3, sizeof(msg3),
  8097. cipher3, sizeof(msg3));
  8098. if (ret != 0) {
  8099. goto out;
  8100. }
  8101. #endif
  8102. #endif /* WOLFSSL_AES_256 */
  8103. out:
  8104. if (enc_inited)
  8105. wc_AesFree(enc);
  8106. #ifdef HAVE_AES_DECRYPT
  8107. if (dec_inited)
  8108. wc_AesFree(dec);
  8109. #endif
  8110. #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
  8111. if (enc)
  8112. XFREE(enc, HEAP_HINT, DYNAMIC_TYPE_AES);
  8113. #ifdef HAVE_AES_DECRYPT
  8114. if (dec)
  8115. XFREE(dec, HEAP_HINT, DYNAMIC_TYPE_AES);
  8116. #endif
  8117. #endif
  8118. return ret;
  8119. }
  8120. #endif /* !HAVE_SELFTEST && !HAVE_FIPS */
  8121. #endif /* WOLFSSL_AES_CFB */
  8122. static wc_test_ret_t aes_key_size_test(void)
  8123. {
  8124. wc_test_ret_t ret;
  8125. #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
  8126. Aes *aes;
  8127. #else
  8128. Aes aes[1];
  8129. #endif
  8130. byte key16[] = { 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37,
  8131. 0x38, 0x39, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66 };
  8132. #ifndef WOLFSSL_CRYPTOCELL
  8133. byte key24[] = { 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37,
  8134. 0x38, 0x39, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66,
  8135. 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37 };
  8136. #endif
  8137. byte key32[] = { 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37,
  8138. 0x38, 0x39, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66,
  8139. 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37,
  8140. 0x38, 0x39, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66 };
  8141. byte iv[] = "1234567890abcdef";
  8142. #ifndef HAVE_FIPS
  8143. word32 keySize;
  8144. #endif
  8145. #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
  8146. if ((aes = (Aes *)XMALLOC(sizeof *aes, HEAP_HINT, DYNAMIC_TYPE_AES)) == NULL)
  8147. return WC_TEST_RET_ENC_ERRNO;
  8148. #endif
  8149. #if !defined(HAVE_FIPS) || \
  8150. defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION >= 2)
  8151. /* w/ FIPS v1 (cert 2425) wc_AesInit just returns 0 always as it's not
  8152. * supported with that FIPS version */
  8153. ret = wc_AesInit(NULL, HEAP_HINT, devId);
  8154. if (ret != BAD_FUNC_ARG)
  8155. ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
  8156. #endif
  8157. ret = wc_AesInit(aes, HEAP_HINT, devId);
  8158. /* 0 check OK for FIPSv1 */
  8159. if (ret != 0)
  8160. ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
  8161. #ifndef HAVE_FIPS
  8162. /* Parameter Validation testing. */
  8163. ret = wc_AesGetKeySize(NULL, NULL);
  8164. if (ret != BAD_FUNC_ARG)
  8165. ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
  8166. ret = wc_AesGetKeySize(aes, NULL);
  8167. if (ret != BAD_FUNC_ARG)
  8168. ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
  8169. ret = wc_AesGetKeySize(NULL, &keySize);
  8170. if (ret != BAD_FUNC_ARG)
  8171. ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
  8172. /* Crashes in FIPS */
  8173. ret = wc_AesSetKey(NULL, key16, sizeof(key16), iv, AES_ENCRYPTION);
  8174. if (ret != BAD_FUNC_ARG)
  8175. ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
  8176. #endif
  8177. /* NULL IV indicates to use all zeros IV. */
  8178. ret = wc_AesSetKey(aes, key16, sizeof(key16), NULL, AES_ENCRYPTION);
  8179. #ifdef WOLFSSL_AES_128
  8180. if (ret != 0)
  8181. #else
  8182. if (ret != BAD_FUNC_ARG)
  8183. #endif
  8184. ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
  8185. ret = wc_AesSetKey(aes, key32, sizeof(key32) - 1, iv, AES_ENCRYPTION);
  8186. if (ret != BAD_FUNC_ARG)
  8187. ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
  8188. /* CryptoCell handles rounds internally */
  8189. #if !defined(HAVE_FIPS) && !defined(WOLFSSL_CRYPTOCELL)
  8190. /* PSA don't use aes->rounds */
  8191. #if !defined(WOLFSSL_HAVE_PSA) || defined(WOLFSSL_PSA_NO_AES)
  8192. /* Force invalid rounds */
  8193. aes->rounds = 16;
  8194. ret = wc_AesGetKeySize(aes, &keySize);
  8195. if (ret != BAD_FUNC_ARG)
  8196. ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
  8197. #endif
  8198. #endif
  8199. ret = wc_AesSetKey(aes, key16, sizeof(key16), iv, AES_ENCRYPTION);
  8200. #ifdef WOLFSSL_AES_128
  8201. if (ret != 0)
  8202. #else
  8203. if (ret != BAD_FUNC_ARG)
  8204. #endif
  8205. ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
  8206. #if !defined(HAVE_FIPS) && defined(WOLFSSL_AES_128)
  8207. ret = wc_AesGetKeySize(aes, &keySize);
  8208. if (ret != 0 || keySize != sizeof(key16))
  8209. ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
  8210. #endif
  8211. #ifndef WOLFSSL_CRYPTOCELL
  8212. /* Cryptocell only supports AES-128 key size */
  8213. ret = wc_AesSetKey(aes, key24, sizeof(key24), iv, AES_ENCRYPTION);
  8214. #ifdef WOLFSSL_AES_192
  8215. if (ret != 0)
  8216. #else
  8217. if (ret != BAD_FUNC_ARG)
  8218. #endif
  8219. ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
  8220. #if !defined(HAVE_FIPS) && defined(WOLFSSL_AES_192)
  8221. ret = wc_AesGetKeySize(aes, &keySize);
  8222. if (ret != 0 || keySize != sizeof(key24))
  8223. ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
  8224. #endif
  8225. ret = wc_AesSetKey(aes, key32, sizeof(key32), iv, AES_ENCRYPTION);
  8226. #ifdef WOLFSSL_AES_256
  8227. if (ret != 0)
  8228. #else
  8229. if (ret != BAD_FUNC_ARG)
  8230. #endif
  8231. ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
  8232. #if !defined(HAVE_FIPS) && defined(WOLFSSL_AES_256)
  8233. ret = wc_AesGetKeySize(aes, &keySize);
  8234. if (ret != 0 || keySize != sizeof(key32))
  8235. ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
  8236. #endif
  8237. #endif /* !WOLFSSL_CRYPTOCELL */
  8238. ret = 0; /* success */
  8239. out:
  8240. wc_AesFree(aes);
  8241. #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
  8242. XFREE(aes, HEAP_HINT, DYNAMIC_TYPE_AES);
  8243. #endif
  8244. return ret;
  8245. }
  8246. #if defined(WOLFSSL_AES_XTS)
  8247. /* test vectors from http://csrc.nist.gov/groups/STM/cavp/block-cipher-modes.html */
  8248. #ifdef WOLFSSL_AES_128
  8249. static wc_test_ret_t aes_xts_128_test(void)
  8250. {
  8251. #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
  8252. XtsAes *aes = NULL;
  8253. #else
  8254. XtsAes aes[1];
  8255. #endif
  8256. int aes_inited = 0;
  8257. wc_test_ret_t ret = 0;
  8258. unsigned char buf[AES_BLOCK_SIZE * 2 + 8];
  8259. unsigned char cipher[AES_BLOCK_SIZE * 2 + 8];
  8260. /* 128 key tests */
  8261. WOLFSSL_SMALL_STACK_STATIC unsigned char k1[] = {
  8262. 0xa1, 0xb9, 0x0c, 0xba, 0x3f, 0x06, 0xac, 0x35,
  8263. 0x3b, 0x2c, 0x34, 0x38, 0x76, 0x08, 0x17, 0x62,
  8264. 0x09, 0x09, 0x23, 0x02, 0x6e, 0x91, 0x77, 0x18,
  8265. 0x15, 0xf2, 0x9d, 0xab, 0x01, 0x93, 0x2f, 0x2f
  8266. };
  8267. WOLFSSL_SMALL_STACK_STATIC unsigned char i1[] = {
  8268. 0x4f, 0xae, 0xf7, 0x11, 0x7c, 0xda, 0x59, 0xc6,
  8269. 0x6e, 0x4b, 0x92, 0x01, 0x3e, 0x76, 0x8a, 0xd5
  8270. };
  8271. WOLFSSL_SMALL_STACK_STATIC unsigned char p1[] = {
  8272. 0xeb, 0xab, 0xce, 0x95, 0xb1, 0x4d, 0x3c, 0x8d,
  8273. 0x6f, 0xb3, 0x50, 0x39, 0x07, 0x90, 0x31, 0x1c
  8274. };
  8275. /* plain text test of partial block is not from NIST test vector list */
  8276. WOLFSSL_SMALL_STACK_STATIC unsigned char pp[] = {
  8277. 0xeb, 0xab, 0xce, 0x95, 0xb1, 0x4d, 0x3c, 0x8d,
  8278. 0x6f, 0xb3, 0x50, 0x39, 0x07, 0x90, 0x31, 0x1c,
  8279. 0x6e, 0x4b, 0x92, 0x01, 0x3e, 0x76, 0x8a, 0xd5
  8280. };
  8281. WOLFSSL_SMALL_STACK_STATIC unsigned char c1[] = {
  8282. 0x77, 0x8a, 0xe8, 0xb4, 0x3c, 0xb9, 0x8d, 0x5a,
  8283. 0x82, 0x50, 0x81, 0xd5, 0xbe, 0x47, 0x1c, 0x63
  8284. };
  8285. WOLFSSL_SMALL_STACK_STATIC unsigned char k2[] = {
  8286. 0x39, 0x25, 0x79, 0x05, 0xdf, 0xcc, 0x77, 0x76,
  8287. 0x6c, 0x87, 0x0a, 0x80, 0x6a, 0x60, 0xe3, 0xc0,
  8288. 0x93, 0xd1, 0x2a, 0xcf, 0xcb, 0x51, 0x42, 0xfa,
  8289. 0x09, 0x69, 0x89, 0x62, 0x5b, 0x60, 0xdb, 0x16
  8290. };
  8291. WOLFSSL_SMALL_STACK_STATIC unsigned char i2[] = {
  8292. 0x5c, 0xf7, 0x9d, 0xb6, 0xc5, 0xcd, 0x99, 0x1a,
  8293. 0x1c, 0x78, 0x81, 0x42, 0x24, 0x95, 0x1e, 0x84
  8294. };
  8295. WOLFSSL_SMALL_STACK_STATIC unsigned char p2[] = {
  8296. 0xbd, 0xc5, 0x46, 0x8f, 0xbc, 0x8d, 0x50, 0xa1,
  8297. 0x0d, 0x1c, 0x85, 0x7f, 0x79, 0x1c, 0x5c, 0xba,
  8298. 0xb3, 0x81, 0x0d, 0x0d, 0x73, 0xcf, 0x8f, 0x20,
  8299. 0x46, 0xb1, 0xd1, 0x9e, 0x7d, 0x5d, 0x8a, 0x56
  8300. };
  8301. WOLFSSL_SMALL_STACK_STATIC unsigned char c2[] = {
  8302. 0xd6, 0xbe, 0x04, 0x6d, 0x41, 0xf2, 0x3b, 0x5e,
  8303. 0xd7, 0x0b, 0x6b, 0x3d, 0x5c, 0x8e, 0x66, 0x23,
  8304. 0x2b, 0xe6, 0xb8, 0x07, 0xd4, 0xdc, 0xc6, 0x0e,
  8305. 0xff, 0x8d, 0xbc, 0x1d, 0x9f, 0x7f, 0xc8, 0x22
  8306. };
  8307. WOLFSSL_SMALL_STACK_STATIC unsigned char cp2[] = {
  8308. 0x2b, 0xf7, 0x2c, 0xf3, 0xeb, 0x85, 0xef, 0x7b,
  8309. 0x0b, 0x76, 0xa0, 0xaa, 0xf3, 0x3f, 0x25, 0x8b,
  8310. 0x77, 0x8a, 0xe8, 0xb4, 0x3c, 0xb9, 0x8d, 0x5a
  8311. };
  8312. #ifndef HAVE_FIPS /* FIPS requires different keys for main and tweak. */
  8313. WOLFSSL_SMALL_STACK_STATIC unsigned char k3[] = {
  8314. 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20,
  8315. 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20,
  8316. 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20,
  8317. 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20,
  8318. };
  8319. WOLFSSL_SMALL_STACK_STATIC unsigned char i3[] = {
  8320. 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20,
  8321. 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20,
  8322. };
  8323. WOLFSSL_SMALL_STACK_STATIC unsigned char p3[] = {
  8324. 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20,
  8325. 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20,
  8326. 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20,
  8327. 0x20, 0xff, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20,
  8328. 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20
  8329. };
  8330. WOLFSSL_SMALL_STACK_STATIC unsigned char c3[] = {
  8331. 0xA2, 0x07, 0x47, 0x76, 0x3F, 0xEC, 0x0C, 0x23,
  8332. 0x1B, 0xD0, 0xBD, 0x46, 0x9A, 0x27, 0x38, 0x12,
  8333. 0x95, 0x02, 0x3D, 0x5D, 0xC6, 0x94, 0x51, 0x36,
  8334. 0xA0, 0x85, 0xD2, 0x69, 0x6E, 0x87, 0x0A, 0xBF,
  8335. 0xB5, 0x5A, 0xDD, 0xCB, 0x80, 0xE0, 0xFC, 0xCD
  8336. };
  8337. #endif /* HAVE_FIPS */
  8338. #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
  8339. if ((aes = (XtsAes *)XMALLOC(sizeof *aes, HEAP_HINT, DYNAMIC_TYPE_AES)) == NULL)
  8340. ERROR_OUT(WC_TEST_RET_ENC_ERRNO, out);
  8341. #endif
  8342. #if defined(OPENSSL_EXTRA) && !defined(WOLFCRYPT_ONLY) \
  8343. && !defined(HAVE_SELFTEST) && !defined(HAVE_FIPS)
  8344. ret = EVP_test(EVP_aes_128_xts(), k2, i2, p2, sizeof(p2), c2, sizeof(c2));
  8345. if (ret != 0) {
  8346. printf("EVP_aes_128_xts failed!\n");
  8347. goto out;
  8348. }
  8349. #endif
  8350. XMEMSET(buf, 0, sizeof(buf));
  8351. ret = wc_AesXtsInit(aes, HEAP_HINT, devId);
  8352. if (ret != 0)
  8353. ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
  8354. else
  8355. aes_inited = 1;
  8356. ret = wc_AesXtsSetKeyNoInit(aes, k2, sizeof(k2), AES_ENCRYPTION);
  8357. if (ret != 0)
  8358. ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
  8359. ret = wc_AesXtsEncrypt(aes, buf, p2, sizeof(p2), i2, sizeof(i2));
  8360. #if defined(WOLFSSL_ASYNC_CRYPT)
  8361. ret = wc_AsyncWait(ret, &aes->aes.asyncDev, WC_ASYNC_FLAG_NONE);
  8362. #endif
  8363. if (ret != 0)
  8364. ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
  8365. if (XMEMCMP(c2, buf, sizeof(c2)))
  8366. ERROR_OUT(WC_TEST_RET_ENC_NC, out);
  8367. #if defined(DEBUG_VECTOR_REGISTER_ACCESS) && defined(WC_AES_C_DYNAMIC_FALLBACK)
  8368. WC_DEBUG_SET_VECTOR_REGISTERS_RETVAL(SYSLIB_FAILED_E);
  8369. ret = wc_AesXtsEncrypt(aes, buf, p2, sizeof(p2), i2, sizeof(i2));
  8370. #if defined(WOLFSSL_ASYNC_CRYPT)
  8371. ret = wc_AsyncWait(ret, &aes->aes.asyncDev, WC_ASYNC_FLAG_NONE);
  8372. #endif
  8373. WC_DEBUG_SET_VECTOR_REGISTERS_RETVAL(0);
  8374. if (ret != 0)
  8375. ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
  8376. if (XMEMCMP(c2, buf, sizeof(c2)))
  8377. ERROR_OUT(WC_TEST_RET_ENC_NC, out);
  8378. #endif
  8379. XMEMSET(buf, 0, sizeof(buf));
  8380. ret = wc_AesXtsSetKeyNoInit(aes, k1, sizeof(k1), AES_ENCRYPTION);
  8381. if (ret != 0)
  8382. ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
  8383. ret = wc_AesXtsEncrypt(aes, buf, p1, sizeof(p1), i1, sizeof(i1));
  8384. #if defined(WOLFSSL_ASYNC_CRYPT)
  8385. ret = wc_AsyncWait(ret, &aes->aes.asyncDev, WC_ASYNC_FLAG_NONE);
  8386. #endif
  8387. if (ret != 0)
  8388. ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
  8389. if (XMEMCMP(c1, buf, AES_BLOCK_SIZE))
  8390. ERROR_OUT(WC_TEST_RET_ENC_NC, out);
  8391. #if defined(DEBUG_VECTOR_REGISTER_ACCESS) && defined(WC_AES_C_DYNAMIC_FALLBACK)
  8392. WC_DEBUG_SET_VECTOR_REGISTERS_RETVAL(SYSLIB_FAILED_E);
  8393. ret = wc_AesXtsEncrypt(aes, buf, p1, sizeof(p1), i1, sizeof(i1));
  8394. #if defined(WOLFSSL_ASYNC_CRYPT)
  8395. ret = wc_AsyncWait(ret, &aes->aes.asyncDev, WC_ASYNC_FLAG_NONE);
  8396. #endif
  8397. WC_DEBUG_SET_VECTOR_REGISTERS_RETVAL(0);
  8398. if (ret != 0)
  8399. ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
  8400. if (XMEMCMP(c1, buf, AES_BLOCK_SIZE))
  8401. ERROR_OUT(WC_TEST_RET_ENC_NC, out);
  8402. #endif
  8403. /* partial block encryption test */
  8404. XMEMSET(cipher, 0, sizeof(cipher));
  8405. ret = wc_AesXtsEncrypt(aes, cipher, pp, sizeof(pp), i1, sizeof(i1));
  8406. #if defined(WOLFSSL_ASYNC_CRYPT)
  8407. ret = wc_AsyncWait(ret, &aes->aes.asyncDev, WC_ASYNC_FLAG_NONE);
  8408. #endif
  8409. if (ret != 0)
  8410. ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
  8411. if (XMEMCMP(cp2, cipher, sizeof(cp2)))
  8412. ERROR_OUT(WC_TEST_RET_ENC_NC, out);
  8413. #if defined(DEBUG_VECTOR_REGISTER_ACCESS) && defined(WC_AES_C_DYNAMIC_FALLBACK)
  8414. WC_DEBUG_SET_VECTOR_REGISTERS_RETVAL(SYSLIB_FAILED_E);
  8415. XMEMSET(cipher, 0, sizeof(cipher));
  8416. ret = wc_AesXtsEncrypt(aes, cipher, pp, sizeof(pp), i1, sizeof(i1));
  8417. #if defined(WOLFSSL_ASYNC_CRYPT)
  8418. ret = wc_AsyncWait(ret, &aes->aes.asyncDev, WC_ASYNC_FLAG_NONE);
  8419. #endif
  8420. WC_DEBUG_SET_VECTOR_REGISTERS_RETVAL(0);
  8421. if (ret != 0)
  8422. ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
  8423. if (XMEMCMP(cp2, cipher, sizeof(cp2)))
  8424. ERROR_OUT(WC_TEST_RET_ENC_NC, out);
  8425. #endif
  8426. /* partial block decrypt test */
  8427. XMEMSET(buf, 0, sizeof(buf));
  8428. ret = wc_AesXtsSetKeyNoInit(aes, k1, sizeof(k1), AES_DECRYPTION);
  8429. if (ret != 0)
  8430. ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
  8431. ret = wc_AesXtsDecrypt(aes, buf, cipher, sizeof(pp), i1, sizeof(i1));
  8432. #if defined(WOLFSSL_ASYNC_CRYPT)
  8433. #ifdef WC_AES_XTS_SUPPORT_SIMULTANEOUS_ENC_AND_DEC_KEYS
  8434. ret = wc_AsyncWait(ret, &aes->aes_decrypt.asyncDev, WC_ASYNC_FLAG_NONE);
  8435. #else
  8436. ret = wc_AsyncWait(ret, &aes->aes.asyncDev, WC_ASYNC_FLAG_NONE);
  8437. #endif
  8438. #endif
  8439. if (ret != 0)
  8440. ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
  8441. if (XMEMCMP(pp, buf, sizeof(pp)))
  8442. ERROR_OUT(WC_TEST_RET_ENC_NC, out);
  8443. #if defined(DEBUG_VECTOR_REGISTER_ACCESS) && defined(WC_AES_C_DYNAMIC_FALLBACK)
  8444. WC_DEBUG_SET_VECTOR_REGISTERS_RETVAL(SYSLIB_FAILED_E);
  8445. XMEMSET(buf, 0, sizeof(buf));
  8446. ret = wc_AesXtsDecrypt(aes, buf, cipher, sizeof(pp), i1, sizeof(i1));
  8447. #if defined(WOLFSSL_ASYNC_CRYPT)
  8448. #ifdef WC_AES_XTS_SUPPORT_SIMULTANEOUS_ENC_AND_DEC_KEYS
  8449. ret = wc_AsyncWait(ret, &aes->aes_decrypt.asyncDev, WC_ASYNC_FLAG_NONE);
  8450. #else
  8451. ret = wc_AsyncWait(ret, &aes->aes.asyncDev, WC_ASYNC_FLAG_NONE);
  8452. #endif
  8453. #endif
  8454. WC_DEBUG_SET_VECTOR_REGISTERS_RETVAL(0);
  8455. if (ret != 0)
  8456. ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
  8457. if (XMEMCMP(pp, buf, sizeof(pp)))
  8458. ERROR_OUT(WC_TEST_RET_ENC_NC, out);
  8459. #endif
  8460. /* NIST decrypt test vector */
  8461. XMEMSET(buf, 0, sizeof(buf));
  8462. ret = wc_AesXtsDecrypt(aes, buf, c1, sizeof(c1), i1, sizeof(i1));
  8463. #if defined(WOLFSSL_ASYNC_CRYPT)
  8464. #ifdef WC_AES_XTS_SUPPORT_SIMULTANEOUS_ENC_AND_DEC_KEYS
  8465. ret = wc_AsyncWait(ret, &aes->aes_decrypt.asyncDev, WC_ASYNC_FLAG_NONE);
  8466. #else
  8467. ret = wc_AsyncWait(ret, &aes->aes.asyncDev, WC_ASYNC_FLAG_NONE);
  8468. #endif
  8469. #endif
  8470. if (ret != 0)
  8471. ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
  8472. if (XMEMCMP(p1, buf, AES_BLOCK_SIZE))
  8473. ERROR_OUT(WC_TEST_RET_ENC_NC, out);
  8474. #if defined(DEBUG_VECTOR_REGISTER_ACCESS) && defined(WC_AES_C_DYNAMIC_FALLBACK)
  8475. WC_DEBUG_SET_VECTOR_REGISTERS_RETVAL(SYSLIB_FAILED_E);
  8476. XMEMSET(buf, 0, sizeof(buf));
  8477. ret = wc_AesXtsDecrypt(aes, buf, c1, sizeof(c1), i1, sizeof(i1));
  8478. #if defined(WOLFSSL_ASYNC_CRYPT)
  8479. #ifdef WC_AES_XTS_SUPPORT_SIMULTANEOUS_ENC_AND_DEC_KEYS
  8480. ret = wc_AsyncWait(ret, &aes->aes_decrypt.asyncDev, WC_ASYNC_FLAG_NONE);
  8481. #else
  8482. ret = wc_AsyncWait(ret, &aes->aes.asyncDev, WC_ASYNC_FLAG_NONE);
  8483. #endif
  8484. #endif
  8485. WC_DEBUG_SET_VECTOR_REGISTERS_RETVAL(0);
  8486. if (ret != 0)
  8487. ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
  8488. if (XMEMCMP(p1, buf, AES_BLOCK_SIZE))
  8489. ERROR_OUT(WC_TEST_RET_ENC_NC, out);
  8490. #endif
  8491. /* fail case with decrypting using wrong key */
  8492. XMEMSET(buf, 0, sizeof(buf));
  8493. ret = wc_AesXtsDecrypt(aes, buf, c2, sizeof(c2), i2, sizeof(i2));
  8494. #if defined(WOLFSSL_ASYNC_CRYPT)
  8495. #ifdef WC_AES_XTS_SUPPORT_SIMULTANEOUS_ENC_AND_DEC_KEYS
  8496. ret = wc_AsyncWait(ret, &aes->aes_decrypt.asyncDev, WC_ASYNC_FLAG_NONE);
  8497. #else
  8498. ret = wc_AsyncWait(ret, &aes->aes.asyncDev, WC_ASYNC_FLAG_NONE);
  8499. #endif
  8500. #endif
  8501. if (ret != 0)
  8502. ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
  8503. if (XMEMCMP(p2, buf, sizeof(p2)) == 0) /* fail case with wrong key */
  8504. ERROR_OUT(WC_TEST_RET_ENC_NC, out);
  8505. /* set correct key and retest */
  8506. XMEMSET(buf, 0, sizeof(buf));
  8507. ret = wc_AesXtsSetKeyNoInit(aes, k2, sizeof(k2), AES_DECRYPTION);
  8508. if (ret != 0)
  8509. ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
  8510. ret = wc_AesXtsDecrypt(aes, buf, c2, sizeof(c2), i2, sizeof(i2));
  8511. #if defined(WOLFSSL_ASYNC_CRYPT)
  8512. #ifdef WC_AES_XTS_SUPPORT_SIMULTANEOUS_ENC_AND_DEC_KEYS
  8513. ret = wc_AsyncWait(ret, &aes->aes_decrypt.asyncDev, WC_ASYNC_FLAG_NONE);
  8514. #else
  8515. ret = wc_AsyncWait(ret, &aes->aes.asyncDev, WC_ASYNC_FLAG_NONE);
  8516. #endif
  8517. #endif
  8518. if (ret != 0)
  8519. ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
  8520. if (XMEMCMP(p2, buf, sizeof(p2)))
  8521. ERROR_OUT(WC_TEST_RET_ENC_NC, out);
  8522. #ifndef HAVE_FIPS
  8523. /* Test ciphertext stealing in-place. */
  8524. XMEMCPY(buf, p3, sizeof(p3));
  8525. ret = wc_AesXtsSetKeyNoInit(aes, k3, sizeof(k3), AES_ENCRYPTION);
  8526. if (ret != 0)
  8527. ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
  8528. ret = wc_AesXtsEncrypt(aes, buf, buf, sizeof(p3), i3, sizeof(i3));
  8529. #if defined(WOLFSSL_ASYNC_CRYPT)
  8530. ret = wc_AsyncWait(ret, &aes->aes.asyncDev, WC_ASYNC_FLAG_NONE);
  8531. #endif
  8532. if (ret != 0)
  8533. ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
  8534. if (XMEMCMP(c3, buf, sizeof(c3)))
  8535. ERROR_OUT(WC_TEST_RET_ENC_NC, out);
  8536. ret = wc_AesXtsSetKeyNoInit(aes, k3, sizeof(k3), AES_DECRYPTION);
  8537. if (ret != 0)
  8538. ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
  8539. ret = wc_AesXtsDecrypt(aes, buf, buf, sizeof(c3), i3, sizeof(i3));
  8540. #if defined(WOLFSSL_ASYNC_CRYPT)
  8541. #ifdef WC_AES_XTS_SUPPORT_SIMULTANEOUS_ENC_AND_DEC_KEYS
  8542. ret = wc_AsyncWait(ret, &aes->aes_decrypt.asyncDev, WC_ASYNC_FLAG_NONE);
  8543. #else
  8544. ret = wc_AsyncWait(ret, &aes->aes.asyncDev, WC_ASYNC_FLAG_NONE);
  8545. #endif
  8546. #endif
  8547. if (ret != 0)
  8548. ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
  8549. if (XMEMCMP(p3, buf, sizeof(p3)))
  8550. ERROR_OUT(WC_TEST_RET_ENC_NC, out);
  8551. #endif /* !HAVE_FIPS */
  8552. #if !defined(BENCH_EMBEDDED) && !defined(HAVE_CAVIUM) && \
  8553. !defined(WOLFSSL_AFALG)
  8554. {
  8555. #define LARGE_XTS_SZ 1024
  8556. #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
  8557. byte* large_input = (byte *)XMALLOC(LARGE_XTS_SZ, HEAP_HINT,
  8558. DYNAMIC_TYPE_TMP_BUFFER);
  8559. #else
  8560. byte large_input[LARGE_XTS_SZ];
  8561. #endif
  8562. int i;
  8563. int j;
  8564. #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
  8565. if (large_input == NULL)
  8566. ERROR_OUT(WC_TEST_RET_ENC_EC(MEMORY_E), out);
  8567. #endif
  8568. for (i = 0; i < (int)LARGE_XTS_SZ; i++)
  8569. large_input[i] = (byte)i;
  8570. for (j = 16; j < (int)LARGE_XTS_SZ; j++) {
  8571. ret = wc_AesXtsSetKeyNoInit(aes, k1, sizeof(k1), AES_ENCRYPTION);
  8572. if (ret != 0)
  8573. ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
  8574. ret = wc_AesXtsEncrypt(aes, large_input, large_input, j, i1,
  8575. sizeof(i1));
  8576. #if defined(WOLFSSL_ASYNC_CRYPT)
  8577. ret = wc_AsyncWait(ret, &aes->aes.asyncDev, WC_ASYNC_FLAG_NONE);
  8578. #endif
  8579. if (ret != 0)
  8580. ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
  8581. ret = wc_AesXtsSetKeyNoInit(aes, k1, sizeof(k1), AES_DECRYPTION);
  8582. if (ret != 0)
  8583. ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
  8584. ret = wc_AesXtsDecrypt(aes, large_input, large_input, j, i1,
  8585. sizeof(i1));
  8586. #if defined(WOLFSSL_ASYNC_CRYPT)
  8587. #ifdef WC_AES_XTS_SUPPORT_SIMULTANEOUS_ENC_AND_DEC_KEYS
  8588. ret = wc_AsyncWait(ret, &aes->aes_decrypt.asyncDev,
  8589. WC_ASYNC_FLAG_NONE);
  8590. #else
  8591. ret = wc_AsyncWait(ret, &aes->aes.asyncDev, WC_ASYNC_FLAG_NONE);
  8592. #endif
  8593. #endif
  8594. if (ret != 0)
  8595. ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
  8596. for (i = 0; i < j; i++) {
  8597. if (large_input[i] != (byte)i) {
  8598. ERROR_OUT(WC_TEST_RET_ENC_NC, out);
  8599. }
  8600. }
  8601. }
  8602. #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
  8603. XFREE(large_input, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  8604. #endif
  8605. }
  8606. #endif /* !BENCH_EMBEDDED && !HAVE_CAVIUM &&
  8607. * !WOLFSSL_AFALG
  8608. */
  8609. out:
  8610. if (aes_inited)
  8611. wc_AesXtsFree(aes);
  8612. #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
  8613. if (aes)
  8614. XFREE(aes, HEAP_HINT, DYNAMIC_TYPE_AES);
  8615. #endif
  8616. return ret;
  8617. }
  8618. #endif /* WOLFSSL_AES_128 */
  8619. #ifdef WOLFSSL_AES_256
  8620. static wc_test_ret_t aes_xts_256_test(void)
  8621. {
  8622. #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
  8623. XtsAes *aes = NULL;
  8624. #else
  8625. XtsAes aes[1];
  8626. #endif
  8627. int aes_inited = 0;
  8628. wc_test_ret_t ret = 0;
  8629. unsigned char buf[AES_BLOCK_SIZE * 3];
  8630. unsigned char cipher[AES_BLOCK_SIZE * 3];
  8631. /* 256 key tests */
  8632. WOLFSSL_SMALL_STACK_STATIC unsigned char k1[] = {
  8633. 0x1e, 0xa6, 0x61, 0xc5, 0x8d, 0x94, 0x3a, 0x0e,
  8634. 0x48, 0x01, 0xe4, 0x2f, 0x4b, 0x09, 0x47, 0x14,
  8635. 0x9e, 0x7f, 0x9f, 0x8e, 0x3e, 0x68, 0xd0, 0xc7,
  8636. 0x50, 0x52, 0x10, 0xbd, 0x31, 0x1a, 0x0e, 0x7c,
  8637. 0xd6, 0xe1, 0x3f, 0xfd, 0xf2, 0x41, 0x8d, 0x8d,
  8638. 0x19, 0x11, 0xc0, 0x04, 0xcd, 0xa5, 0x8d, 0xa3,
  8639. 0xd6, 0x19, 0xb7, 0xe2, 0xb9, 0x14, 0x1e, 0x58,
  8640. 0x31, 0x8e, 0xea, 0x39, 0x2c, 0xf4, 0x1b, 0x08
  8641. };
  8642. WOLFSSL_SMALL_STACK_STATIC unsigned char i1[] = {
  8643. 0xad, 0xf8, 0xd9, 0x26, 0x27, 0x46, 0x4a, 0xd2,
  8644. 0xf0, 0x42, 0x8e, 0x84, 0xa9, 0xf8, 0x75, 0x64
  8645. };
  8646. WOLFSSL_SMALL_STACK_STATIC unsigned char p1[] = {
  8647. 0x2e, 0xed, 0xea, 0x52, 0xcd, 0x82, 0x15, 0xe1,
  8648. 0xac, 0xc6, 0x47, 0xe8, 0x10, 0xbb, 0xc3, 0x64,
  8649. 0x2e, 0x87, 0x28, 0x7f, 0x8d, 0x2e, 0x57, 0xe3,
  8650. 0x6c, 0x0a, 0x24, 0xfb, 0xc1, 0x2a, 0x20, 0x2e
  8651. };
  8652. /* plain text test of partial block is not from NIST test vector list */
  8653. WOLFSSL_SMALL_STACK_STATIC unsigned char pp[] = {
  8654. 0xeb, 0xab, 0xce, 0x95, 0xb1, 0x4d, 0x3c, 0x8d,
  8655. 0x6f, 0xb3, 0x50, 0x39, 0x07, 0x90, 0x31, 0x1c,
  8656. 0x6e, 0x4b, 0x92, 0x01, 0x3e, 0x76, 0x8a, 0xd5
  8657. };
  8658. WOLFSSL_SMALL_STACK_STATIC unsigned char c1[] = {
  8659. 0xcb, 0xaa, 0xd0, 0xe2, 0xf6, 0xce, 0xa3, 0xf5,
  8660. 0x0b, 0x37, 0xf9, 0x34, 0xd4, 0x6a, 0x9b, 0x13,
  8661. 0x0b, 0x9d, 0x54, 0xf0, 0x7e, 0x34, 0xf3, 0x6a,
  8662. 0xf7, 0x93, 0xe8, 0x6f, 0x73, 0xc6, 0xd7, 0xdb
  8663. };
  8664. WOLFSSL_SMALL_STACK_STATIC unsigned char k2[] = {
  8665. 0xad, 0x50, 0x4b, 0x85, 0xd7, 0x51, 0xbf, 0xba,
  8666. 0x69, 0x13, 0xb4, 0xcc, 0x79, 0xb6, 0x5a, 0x62,
  8667. 0xf7, 0xf3, 0x9d, 0x36, 0x0f, 0x35, 0xb5, 0xec,
  8668. 0x4a, 0x7e, 0x95, 0xbd, 0x9b, 0xa5, 0xf2, 0xec,
  8669. 0xc1, 0xd7, 0x7e, 0xa3, 0xc3, 0x74, 0xbd, 0x4b,
  8670. 0x13, 0x1b, 0x07, 0x83, 0x87, 0xdd, 0x55, 0x5a,
  8671. 0xb5, 0xb0, 0xc7, 0xe5, 0x2d, 0xb5, 0x06, 0x12,
  8672. 0xd2, 0xb5, 0x3a, 0xcb, 0x47, 0x8a, 0x53, 0xb4
  8673. };
  8674. WOLFSSL_SMALL_STACK_STATIC unsigned char i2[] = {
  8675. 0xe6, 0x42, 0x19, 0xed, 0xe0, 0xe1, 0xc2, 0xa0,
  8676. 0x0e, 0xf5, 0x58, 0x6a, 0xc4, 0x9b, 0xeb, 0x6f
  8677. };
  8678. WOLFSSL_SMALL_STACK_STATIC unsigned char p2[] = {
  8679. 0x24, 0xcb, 0x76, 0x22, 0x55, 0xb5, 0xa8, 0x00,
  8680. 0xf4, 0x6e, 0x80, 0x60, 0x56, 0x9e, 0x05, 0x53,
  8681. 0xbc, 0xfe, 0x86, 0x55, 0x3b, 0xca, 0xd5, 0x89,
  8682. 0xc7, 0x54, 0x1a, 0x73, 0xac, 0xc3, 0x9a, 0xbd,
  8683. 0x53, 0xc4, 0x07, 0x76, 0xd8, 0xe8, 0x22, 0x61,
  8684. 0x9e, 0xa9, 0xad, 0x77, 0xa0, 0x13, 0x4c, 0xfc
  8685. };
  8686. WOLFSSL_SMALL_STACK_STATIC unsigned char c2[] = {
  8687. 0xa3, 0xc6, 0xf3, 0xf3, 0x82, 0x79, 0x5b, 0x10,
  8688. 0x87, 0xd7, 0x02, 0x50, 0xdb, 0x2c, 0xd3, 0xb1,
  8689. 0xa1, 0x62, 0xa8, 0xb6, 0xdc, 0x12, 0x60, 0x61,
  8690. 0xc1, 0x0a, 0x84, 0xa5, 0x85, 0x3f, 0x3a, 0x89,
  8691. 0xe6, 0x6c, 0xdb, 0xb7, 0x9a, 0xb4, 0x28, 0x9b,
  8692. 0xc3, 0xea, 0xd8, 0x10, 0xe9, 0xc0, 0xaf, 0x92
  8693. };
  8694. #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
  8695. if ((aes = (XtsAes *)XMALLOC(sizeof *aes, HEAP_HINT, DYNAMIC_TYPE_AES)) == NULL)
  8696. ERROR_OUT(WC_TEST_RET_ENC_ERRNO, out);
  8697. #endif
  8698. #if defined(OPENSSL_EXTRA) && !defined(WOLFCRYPT_ONLY) \
  8699. && !defined(HAVE_SELFTEST) && !defined(HAVE_FIPS)
  8700. ret = EVP_test(EVP_aes_256_xts(), k2, i2, p2, sizeof(p2), c2, sizeof(c2));
  8701. if (ret != 0) {
  8702. printf("EVP_aes_256_xts failed\n");
  8703. goto out;
  8704. }
  8705. #endif
  8706. ret = wc_AesXtsInit(aes, HEAP_HINT, devId);
  8707. if (ret != 0)
  8708. ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
  8709. else
  8710. aes_inited = 1;
  8711. XMEMSET(buf, 0, sizeof(buf));
  8712. ret = wc_AesXtsSetKeyNoInit(aes, k2, sizeof(k2), AES_ENCRYPTION);
  8713. if (ret != 0)
  8714. ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
  8715. ret = wc_AesXtsEncrypt(aes, buf, p2, sizeof(p2), i2, sizeof(i2));
  8716. #if defined(WOLFSSL_ASYNC_CRYPT)
  8717. ret = wc_AsyncWait(ret, &aes->aes.asyncDev, WC_ASYNC_FLAG_NONE);
  8718. #endif
  8719. if (ret != 0)
  8720. ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
  8721. if (XMEMCMP(c2, buf, sizeof(c2)))
  8722. ERROR_OUT(WC_TEST_RET_ENC_NC, out);
  8723. XMEMSET(buf, 0, sizeof(buf));
  8724. ret = wc_AesXtsSetKeyNoInit(aes, k1, sizeof(k1), AES_ENCRYPTION);
  8725. if (ret != 0)
  8726. ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
  8727. ret = wc_AesXtsEncrypt(aes, buf, p1, sizeof(p1), i1, sizeof(i1));
  8728. #if defined(WOLFSSL_ASYNC_CRYPT)
  8729. ret = wc_AsyncWait(ret, &aes->aes.asyncDev, WC_ASYNC_FLAG_NONE);
  8730. #endif
  8731. if (ret != 0)
  8732. ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
  8733. if (XMEMCMP(c1, buf, AES_BLOCK_SIZE))
  8734. ERROR_OUT(WC_TEST_RET_ENC_NC, out);
  8735. /* partial block encryption test */
  8736. XMEMSET(cipher, 0, sizeof(cipher));
  8737. ret = wc_AesXtsEncrypt(aes, cipher, pp, sizeof(pp), i1, sizeof(i1));
  8738. #if defined(WOLFSSL_ASYNC_CRYPT)
  8739. ret = wc_AsyncWait(ret, &aes->aes.asyncDev, WC_ASYNC_FLAG_NONE);
  8740. #endif
  8741. if (ret != 0)
  8742. ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
  8743. /* partial block decrypt test */
  8744. XMEMSET(buf, 0, sizeof(buf));
  8745. ret = wc_AesXtsSetKeyNoInit(aes, k1, sizeof(k1), AES_DECRYPTION);
  8746. if (ret != 0)
  8747. ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
  8748. ret = wc_AesXtsDecrypt(aes, buf, cipher, sizeof(pp), i1, sizeof(i1));
  8749. #if defined(WOLFSSL_ASYNC_CRYPT)
  8750. #ifdef WC_AES_XTS_SUPPORT_SIMULTANEOUS_ENC_AND_DEC_KEYS
  8751. ret = wc_AsyncWait(ret, &aes->aes_decrypt.asyncDev, WC_ASYNC_FLAG_NONE);
  8752. #else
  8753. ret = wc_AsyncWait(ret, &aes->aes.asyncDev, WC_ASYNC_FLAG_NONE);
  8754. #endif
  8755. #endif
  8756. if (ret != 0)
  8757. ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
  8758. if (XMEMCMP(pp, buf, sizeof(pp)))
  8759. ERROR_OUT(WC_TEST_RET_ENC_NC, out);
  8760. /* NIST decrypt test vector */
  8761. XMEMSET(buf, 0, sizeof(buf));
  8762. ret = wc_AesXtsDecrypt(aes, buf, c1, sizeof(c1), i1, sizeof(i1));
  8763. #if defined(WOLFSSL_ASYNC_CRYPT)
  8764. #ifdef WC_AES_XTS_SUPPORT_SIMULTANEOUS_ENC_AND_DEC_KEYS
  8765. ret = wc_AsyncWait(ret, &aes->aes_decrypt.asyncDev, WC_ASYNC_FLAG_NONE);
  8766. #else
  8767. ret = wc_AsyncWait(ret, &aes->aes.asyncDev, WC_ASYNC_FLAG_NONE);
  8768. #endif
  8769. #endif
  8770. if (ret != 0)
  8771. ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
  8772. if (XMEMCMP(p1, buf, AES_BLOCK_SIZE))
  8773. ERROR_OUT(WC_TEST_RET_ENC_NC, out);
  8774. XMEMSET(buf, 0, sizeof(buf));
  8775. ret = wc_AesXtsSetKeyNoInit(aes, k2, sizeof(k2), AES_DECRYPTION);
  8776. if (ret != 0)
  8777. ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
  8778. ret = wc_AesXtsDecrypt(aes, buf, c2, sizeof(c2), i2, sizeof(i2));
  8779. #if defined(WOLFSSL_ASYNC_CRYPT)
  8780. #ifdef WC_AES_XTS_SUPPORT_SIMULTANEOUS_ENC_AND_DEC_KEYS
  8781. ret = wc_AsyncWait(ret, &aes->aes_decrypt.asyncDev, WC_ASYNC_FLAG_NONE);
  8782. #else
  8783. ret = wc_AsyncWait(ret, &aes->aes.asyncDev, WC_ASYNC_FLAG_NONE);
  8784. #endif
  8785. #endif
  8786. if (ret != 0)
  8787. ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
  8788. if (XMEMCMP(p2, buf, sizeof(p2)))
  8789. ERROR_OUT(WC_TEST_RET_ENC_NC, out);
  8790. out:
  8791. if (aes_inited)
  8792. wc_AesXtsFree(aes);
  8793. #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
  8794. if (aes)
  8795. XFREE(aes, HEAP_HINT, DYNAMIC_TYPE_AES);
  8796. #endif
  8797. return ret;
  8798. }
  8799. #endif /* WOLFSSL_AES_256 */
  8800. #if defined(WOLFSSL_AES_128) && defined(WOLFSSL_AES_256)
  8801. /* both 128 and 256 bit key test */
  8802. static wc_test_ret_t aes_xts_sector_test(void)
  8803. {
  8804. #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
  8805. XtsAes *aes = NULL;
  8806. #else
  8807. XtsAes aes[1];
  8808. #endif
  8809. int aes_inited = 0;
  8810. wc_test_ret_t ret = 0;
  8811. unsigned char buf[AES_BLOCK_SIZE * 2];
  8812. /* 128 key tests */
  8813. WOLFSSL_SMALL_STACK_STATIC unsigned char k1[] = {
  8814. 0xa3, 0xe4, 0x0d, 0x5b, 0xd4, 0xb6, 0xbb, 0xed,
  8815. 0xb2, 0xd1, 0x8c, 0x70, 0x0a, 0xd2, 0xdb, 0x22,
  8816. 0x10, 0xc8, 0x11, 0x90, 0x64, 0x6d, 0x67, 0x3c,
  8817. 0xbc, 0xa5, 0x3f, 0x13, 0x3e, 0xab, 0x37, 0x3c
  8818. };
  8819. WOLFSSL_SMALL_STACK_STATIC unsigned char p1[] = {
  8820. 0x20, 0xe0, 0x71, 0x94, 0x05, 0x99, 0x3f, 0x09,
  8821. 0xa6, 0x6a, 0xe5, 0xbb, 0x50, 0x0e, 0x56, 0x2c
  8822. };
  8823. WOLFSSL_SMALL_STACK_STATIC unsigned char c1[] = {
  8824. 0x74, 0x62, 0x35, 0x51, 0x21, 0x02, 0x16, 0xac,
  8825. 0x92, 0x6b, 0x96, 0x50, 0xb6, 0xd3, 0xfa, 0x52
  8826. };
  8827. word64 s1 = 141;
  8828. /* 256 key tests */
  8829. WOLFSSL_SMALL_STACK_STATIC unsigned char k2[] = {
  8830. 0xef, 0x01, 0x0c, 0xa1, 0xa3, 0x66, 0x3e, 0x32,
  8831. 0x53, 0x43, 0x49, 0xbc, 0x0b, 0xae, 0x62, 0x23,
  8832. 0x2a, 0x15, 0x73, 0x34, 0x85, 0x68, 0xfb, 0x9e,
  8833. 0xf4, 0x17, 0x68, 0xa7, 0x67, 0x4f, 0x50, 0x7a,
  8834. 0x72, 0x7f, 0x98, 0x75, 0x53, 0x97, 0xd0, 0xe0,
  8835. 0xaa, 0x32, 0xf8, 0x30, 0x33, 0x8c, 0xc7, 0xa9,
  8836. 0x26, 0xc7, 0x73, 0xf0, 0x9e, 0x57, 0xb3, 0x57,
  8837. 0xcd, 0x15, 0x6a, 0xfb, 0xca, 0x46, 0xe1, 0xa0
  8838. };
  8839. WOLFSSL_SMALL_STACK_STATIC unsigned char p2[] = {
  8840. 0xed, 0x98, 0xe0, 0x17, 0x70, 0xa8, 0x53, 0xb4,
  8841. 0x9d, 0xb9, 0xe6, 0xaa, 0xf8, 0x8f, 0x0a, 0x41,
  8842. 0xb9, 0xb5, 0x6e, 0x91, 0xa5, 0xa2, 0xb1, 0x1d,
  8843. 0x40, 0x52, 0x92, 0x54, 0xf5, 0x52, 0x3e, 0x75
  8844. };
  8845. WOLFSSL_SMALL_STACK_STATIC unsigned char c2[] = {
  8846. 0xca, 0x20, 0xc5, 0x5e, 0x8d, 0xc1, 0x49, 0x68,
  8847. 0x7d, 0x25, 0x41, 0xde, 0x39, 0xc3, 0xdf, 0x63,
  8848. 0x00, 0xbb, 0x5a, 0x16, 0x3c, 0x10, 0xce, 0xd3,
  8849. 0x66, 0x6b, 0x13, 0x57, 0xdb, 0x8b, 0xd3, 0x9d
  8850. };
  8851. word64 s2 = 187;
  8852. #if !defined(BENCH_EMBEDDED) && \
  8853. (!defined(HAVE_FIPS) || FIPS_VERSION_GE(5, 3)) && !defined(HAVE_SELFTEST)
  8854. /* Sector size for encrypt/decrypt consecutive sectors testcase */
  8855. word32 sectorSz = 512;
  8856. unsigned char data[550];
  8857. WOLFSSL_SMALL_STACK_STATIC unsigned char k3[] = {
  8858. 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11,
  8859. 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11,
  8860. 0x22, 0x22, 0x22, 0x22, 0x22, 0x22, 0x22, 0x22,
  8861. 0x22, 0x22, 0x22, 0x22, 0x22, 0x22, 0x22, 0x22
  8862. };
  8863. WOLFSSL_SMALL_STACK_STATIC unsigned char p3[] = {
  8864. 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b,
  8865. 0x0c, 0x0d, 0x0e, 0x0f, 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17,
  8866. 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f, 0x20, 0x21, 0x22, 0x23,
  8867. 0x24, 0x25, 0x26, 0x27, 0x28, 0x29, 0x2a, 0x2b, 0x2c, 0x2d, 0x2e, 0x2f,
  8868. 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37, 0x38, 0x39, 0x3a, 0x3b,
  8869. 0x3c, 0x3d, 0x3e, 0x3f, 0x40, 0x41, 0x42, 0x43, 0x44, 0x45, 0x46, 0x47,
  8870. 0x48, 0x49, 0x4a, 0x4b, 0x4c, 0x4d, 0x4e, 0x4f, 0x50, 0x51, 0x52, 0x53,
  8871. 0x54, 0x55, 0x56, 0x57, 0x58, 0x59, 0x5a, 0x5b, 0x5c, 0x5d, 0x5e, 0x5f,
  8872. 0x60, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66, 0x67, 0x68, 0x69, 0x6a, 0x6b,
  8873. 0x6c, 0x6d, 0x6e, 0x6f, 0x70, 0x71, 0x72, 0x73, 0x74, 0x75, 0x76, 0x77,
  8874. 0x78, 0x79, 0x7a, 0x7b, 0x7c, 0x7d, 0x7e, 0x7f, 0x80, 0x81, 0x82, 0x83,
  8875. 0x84, 0x85, 0x86, 0x87, 0x88, 0x89, 0x8a, 0x8b, 0x8c, 0x8d, 0x8e, 0x8f,
  8876. 0x90, 0x91, 0x92, 0x93, 0x94, 0x95, 0x96, 0x97, 0x98, 0x99, 0x9a, 0x9b,
  8877. 0x9c, 0x9d, 0x9e, 0x9f, 0xa0, 0xa1, 0xa2, 0xa3, 0xa4, 0xa5, 0xa6, 0xa7,
  8878. 0xa8, 0xa9, 0xaa, 0xab, 0xac, 0xad, 0xae, 0xaf, 0xb0, 0xb1, 0xb2, 0xb3,
  8879. 0xb4, 0xb5, 0xb6, 0xb7, 0xb8, 0xb9, 0xba, 0xbb, 0xbc, 0xbd, 0xbe, 0xbf,
  8880. 0xc0, 0xc1, 0xc2, 0xc3, 0xc4, 0xc5, 0xc6, 0xc7, 0xc8, 0xc9, 0xca, 0xcb,
  8881. 0xcc, 0xcd, 0xce, 0xcf, 0xd0, 0xd1, 0xd2, 0xd3, 0xd4, 0xd5, 0xd6, 0xd7,
  8882. 0xd8, 0xd9, 0xda, 0xdb, 0xdc, 0xdd, 0xde, 0xdf, 0xe0, 0xe1, 0xe2, 0xe3,
  8883. 0xe4, 0xe5, 0xe6, 0xe7, 0xe8, 0xe9, 0xea, 0xeb, 0xec, 0xed, 0xee, 0xef,
  8884. 0xf0, 0xf1, 0xf2, 0xf3, 0xf4, 0xf5, 0xf6, 0xf7, 0xf8, 0xf9, 0xfa, 0xfb,
  8885. 0xfc, 0xfd, 0xfe, 0xff,
  8886. 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b,
  8887. 0x0c, 0x0d, 0x0e, 0x0f, 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17,
  8888. 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f, 0x20, 0x21, 0x22, 0x23,
  8889. 0x24, 0x25, 0x26, 0x27, 0x28, 0x29, 0x2a, 0x2b, 0x2c, 0x2d, 0x2e, 0x2f,
  8890. 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37, 0x38, 0x39, 0x3a, 0x3b,
  8891. 0x3c, 0x3d, 0x3e, 0x3f, 0x40, 0x41, 0x42, 0x43, 0x44, 0x45, 0x46, 0x47,
  8892. 0x48, 0x49, 0x4a, 0x4b, 0x4c, 0x4d, 0x4e, 0x4f, 0x50, 0x51, 0x52, 0x53,
  8893. 0x54, 0x55, 0x56, 0x57, 0x58, 0x59, 0x5a, 0x5b, 0x5c, 0x5d, 0x5e, 0x5f,
  8894. 0x60, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66, 0x67, 0x68, 0x69, 0x6a, 0x6b,
  8895. 0x6c, 0x6d, 0x6e, 0x6f, 0x70, 0x71, 0x72, 0x73, 0x74, 0x75, 0x76, 0x77,
  8896. 0x78, 0x79, 0x7a, 0x7b, 0x7c, 0x7d, 0x7e, 0x7f, 0x80, 0x81, 0x82, 0x83,
  8897. 0x84, 0x85, 0x86, 0x87, 0x88, 0x89, 0x8a, 0x8b, 0x8c, 0x8d, 0x8e, 0x8f,
  8898. 0x90, 0x91, 0x92, 0x93, 0x94, 0x95, 0x96, 0x97, 0x98, 0x99, 0x9a, 0x9b,
  8899. 0x9c, 0x9d, 0x9e, 0x9f, 0xa0, 0xa1, 0xa2, 0xa3, 0xa4, 0xa5, 0xa6, 0xa7,
  8900. 0xa8, 0xa9, 0xaa, 0xab, 0xac, 0xad, 0xae, 0xaf, 0xb0, 0xb1, 0xb2, 0xb3,
  8901. 0xb4, 0xb5, 0xb6, 0xb7, 0xb8, 0xb9, 0xba, 0xbb, 0xbc, 0xbd, 0xbe, 0xbf,
  8902. 0xc0, 0xc1, 0xc2, 0xc3, 0xc4, 0xc5, 0xc6, 0xc7, 0xc8, 0xc9, 0xca, 0xcb,
  8903. 0xcc, 0xcd, 0xce, 0xcf, 0xd0, 0xd1, 0xd2, 0xd3, 0xd4, 0xd5, 0xd6, 0xd7,
  8904. 0xd8, 0xd9, 0xda, 0xdb, 0xdc, 0xdd, 0xde, 0xdf, 0xe0, 0xe1, 0xe2, 0xe3,
  8905. 0xe4, 0xe5, 0xe6, 0xe7, 0xe8, 0xe9, 0xea, 0xeb, 0xec, 0xed, 0xee, 0xef,
  8906. 0xf0, 0xf1, 0xf2, 0xf3, 0xf4, 0xf5, 0xf6, 0xf7, 0xf8, 0xf9, 0xfa, 0xfb,
  8907. 0xfc, 0xfd, 0xfe, 0xff,
  8908. 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b,
  8909. 0x0c, 0x0d, 0x0e, 0x0f, 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17,
  8910. 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f
  8911. };
  8912. WOLFSSL_SMALL_STACK_STATIC unsigned char c3[] = {
  8913. 0xb9, 0x6b, 0x2b, 0xfd, 0x61, 0x87, 0x84, 0xd5, 0x26, 0xd2, 0x8c, 0x62,
  8914. 0x63, 0x01, 0xca, 0x46, 0xb1, 0x82, 0xfa, 0xdc, 0xbc, 0x32, 0x18, 0xe9,
  8915. 0xda, 0xe6, 0xda, 0xd1, 0x1a, 0x52, 0x77, 0xca, 0xdb, 0x0e, 0xbe, 0x37,
  8916. 0x88, 0x36, 0x1c, 0x87, 0x16, 0x60, 0xfe, 0xa8, 0x9e, 0xf6, 0x48, 0x64,
  8917. 0x94, 0x34, 0x64, 0xed, 0xf6, 0x9a, 0xc5, 0x28, 0xc9, 0xed, 0x64, 0x80,
  8918. 0x85, 0xd8, 0x93, 0xa7, 0x50, 0xb1, 0x9d, 0x2f, 0x1e, 0x34, 0xcc, 0xb4,
  8919. 0x03, 0xfb, 0x6b, 0x43, 0x21, 0xa8, 0x5b, 0xc6, 0x59, 0x13, 0xd2, 0xb5,
  8920. 0xf5, 0x7b, 0xf6, 0xb2, 0xa4, 0x7a, 0xd2, 0x50, 0x26, 0xcb, 0xa4, 0x83,
  8921. 0xc3, 0x56, 0xb0, 0xb1, 0x14, 0x34, 0x12, 0x1b, 0xea, 0x26, 0x97, 0x24,
  8922. 0x54, 0xcc, 0x32, 0x4c, 0xa4, 0xc2, 0xa3, 0x07, 0xfa, 0x30, 0xa9, 0xf0,
  8923. 0x91, 0x17, 0x60, 0x68, 0x88, 0x7f, 0x34, 0x7e, 0xbd, 0x20, 0x33, 0x95,
  8924. 0x6e, 0xc0, 0xb6, 0x2b, 0xff, 0x7e, 0x61, 0x35, 0x9a, 0x88, 0xff, 0xd9,
  8925. 0x69, 0x21, 0xe7, 0x8f, 0x45, 0x02, 0xf9, 0xd7, 0xeb, 0xa6, 0x53, 0xf1,
  8926. 0x73, 0x04, 0xf1, 0x0b, 0x85, 0xc6, 0x1f, 0x4a, 0x51, 0x2f, 0x95, 0x87,
  8927. 0x5a, 0x67, 0x37, 0xb2, 0x87, 0xf7, 0xbe, 0x2a, 0x17, 0x57, 0xca, 0xfc,
  8928. 0xdd, 0x5f, 0x37, 0x48, 0x78, 0xbd, 0xfa, 0x75, 0xc9, 0xfa, 0x86, 0x7e,
  8929. 0xc4, 0x0f, 0x60, 0x85, 0xce, 0x12, 0x44, 0x7c, 0xd9, 0xb2, 0x50, 0xd9,
  8930. 0x57, 0x85, 0xa5, 0xd7, 0x68, 0x59, 0x03, 0x09, 0x97, 0x2e, 0x8e, 0xa5,
  8931. 0xe3, 0x98, 0xac, 0x16, 0xfb, 0x6d, 0x54, 0xc5, 0x5d, 0x7a, 0x33, 0x44,
  8932. 0x0a, 0x39, 0x91, 0xcc, 0x9f, 0x67, 0xf9, 0x89, 0xbb, 0x62, 0x02, 0xc4,
  8933. 0x22, 0xec, 0xcf, 0x97, 0x69, 0x81, 0x3d, 0x00, 0xfd, 0xeb, 0x55, 0x08,
  8934. 0xa2, 0xff, 0x97, 0xaa, 0x79, 0xde, 0x3c, 0x8a, 0x78, 0x71, 0x73, 0xa2,
  8935. 0x98, 0x2f, 0xd8, 0x5c, 0x62, 0x1c, 0x5c, 0x23, 0x0a, 0xd1, 0xf1, 0x81,
  8936. 0x8a, 0x12, 0xe7, 0x4d, 0xdd, 0x4f, 0xd4, 0xf1, 0xe8, 0x0f, 0x25, 0x79,
  8937. 0x45, 0x4a, 0x49, 0x49, 0x7e, 0x56, 0x91, 0x4e, 0xaa, 0xba, 0x18, 0xe1,
  8938. 0xe4, 0xbe, 0x21, 0xdc, 0x58, 0x60, 0x6f, 0x6a, 0x7f, 0xdc, 0x5e, 0x74,
  8939. 0x47, 0xbf, 0xeb, 0x84, 0xc4, 0x1e, 0x5a, 0x61, 0x64, 0xc8, 0x63, 0x68,
  8940. 0xfa, 0x17, 0x9c, 0xac, 0x60, 0x1c, 0xa5, 0x6e, 0x00, 0x21, 0x93, 0x3c,
  8941. 0xd7, 0xbb, 0x73, 0x45, 0xf7, 0x34, 0x81, 0x6c, 0xfa, 0xf2, 0x33, 0xfd,
  8942. 0xb1, 0x40, 0x30, 0x6b, 0x30, 0xd1, 0x83, 0x5e, 0x2e, 0x7a, 0xce, 0xa6,
  8943. 0x12, 0x2a, 0x15, 0x03, 0x78, 0x29, 0xb9, 0x07, 0xae, 0xe7, 0xc2, 0x78,
  8944. 0x74, 0x72, 0xa5, 0x0e, 0x6b, 0x1f, 0x78, 0xf2, 0x5a, 0x69, 0xb6, 0x2b,
  8945. 0x99, 0x94, 0x1f, 0x89, 0xd1, 0x21, 0x14, 0x4a, 0x54, 0xab, 0x5a, 0x9f,
  8946. 0xaa, 0xa7, 0x96, 0x0a, 0x21, 0xce, 0x30, 0xb6, 0x70, 0x81, 0xe9, 0xd3,
  8947. 0x71, 0xc0, 0xf1, 0x15, 0xe2, 0xf6, 0xd3, 0xcc, 0x41, 0x15, 0x9d, 0xd5,
  8948. 0xa3, 0xa4, 0xe0, 0xf8, 0x62, 0xc4, 0x76, 0x65, 0x63, 0x89, 0xa7, 0xe2,
  8949. 0xfb, 0xf5, 0xc9, 0x80, 0x15, 0x5b, 0xc1, 0x59, 0xb2, 0xd0, 0x01, 0x3a,
  8950. 0xf9, 0xab, 0x5b, 0x79, 0x54, 0xed, 0x6b, 0xf9, 0x1d, 0x9d, 0x87, 0x63,
  8951. 0x80, 0x4f, 0xec, 0x9c, 0x4f, 0xad, 0x97, 0x04, 0xff, 0x62, 0x4a, 0x17,
  8952. 0xc0, 0x09, 0x2a, 0x2c, 0x23, 0x4b, 0xc3, 0xb6, 0x6d, 0xed, 0xdb, 0x1a,
  8953. 0x6f, 0x56, 0x2b, 0x78, 0x92, 0x3a, 0x5c, 0x7f, 0xb2, 0x63, 0xd3, 0xd5,
  8954. 0x1a, 0xbe, 0xc2, 0x34, 0xc8, 0xad, 0x36, 0xb7, 0x12, 0xb8, 0xe1, 0xb7,
  8955. 0x52, 0x7f, 0x16, 0x84, 0x2c, 0x47, 0x7e, 0xf2, 0xa5, 0x36, 0x2e, 0xad,
  8956. 0xe7, 0xbb, 0xc0, 0x6f, 0x27, 0x8e, 0x41, 0x08, 0x75, 0xe5, 0xff, 0xde,
  8957. 0x08, 0x9f, 0x8c, 0x91, 0xba, 0xc9, 0x9d, 0x9f, 0x27, 0x90, 0x50, 0x44,
  8958. 0x24, 0xe7, 0x3d, 0x6f
  8959. };
  8960. word64 s3 = 0x000000ffffffffff;
  8961. #endif
  8962. #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
  8963. if ((aes = (XtsAes *)XMALLOC(sizeof *aes, HEAP_HINT, DYNAMIC_TYPE_AES)) == NULL)
  8964. ERROR_OUT(WC_TEST_RET_ENC_ERRNO, out);
  8965. #endif
  8966. ret = wc_AesXtsInit(aes, HEAP_HINT, devId);
  8967. if (ret != 0)
  8968. ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
  8969. else
  8970. aes_inited = 1;
  8971. XMEMSET(buf, 0, sizeof(buf));
  8972. ret = wc_AesXtsSetKeyNoInit(aes, k1, sizeof(k1), AES_ENCRYPTION);
  8973. if (ret != 0)
  8974. ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
  8975. ret = wc_AesXtsEncryptSector(aes, buf, p1, sizeof(p1), s1);
  8976. #if defined(WOLFSSL_ASYNC_CRYPT)
  8977. ret = wc_AsyncWait(ret, &aes->aes.asyncDev, WC_ASYNC_FLAG_NONE);
  8978. #endif
  8979. if (ret != 0)
  8980. ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
  8981. if (XMEMCMP(c1, buf, AES_BLOCK_SIZE))
  8982. ERROR_OUT(WC_TEST_RET_ENC_NC, out);
  8983. /* decrypt test */
  8984. XMEMSET(buf, 0, sizeof(buf));
  8985. ret = wc_AesXtsSetKeyNoInit(aes, k1, sizeof(k1), AES_DECRYPTION);
  8986. if (ret != 0)
  8987. ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
  8988. ret = wc_AesXtsDecryptSector(aes, buf, c1, sizeof(c1), s1);
  8989. #if defined(WOLFSSL_ASYNC_CRYPT)
  8990. #ifdef WC_AES_XTS_SUPPORT_SIMULTANEOUS_ENC_AND_DEC_KEYS
  8991. ret = wc_AsyncWait(ret, &aes->aes_decrypt.asyncDev, WC_ASYNC_FLAG_NONE);
  8992. #else
  8993. ret = wc_AsyncWait(ret, &aes->aes.asyncDev, WC_ASYNC_FLAG_NONE);
  8994. #endif
  8995. #endif
  8996. if (ret != 0)
  8997. ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
  8998. if (XMEMCMP(p1, buf, AES_BLOCK_SIZE))
  8999. ERROR_OUT(WC_TEST_RET_ENC_NC, out);
  9000. /* 256 bit key tests */
  9001. XMEMSET(buf, 0, sizeof(buf));
  9002. ret = wc_AesXtsSetKeyNoInit(aes, k2, sizeof(k2), AES_ENCRYPTION);
  9003. if (ret != 0)
  9004. ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
  9005. ret = wc_AesXtsEncryptSector(aes, buf, p2, sizeof(p2), s2);
  9006. #if defined(WOLFSSL_ASYNC_CRYPT)
  9007. ret = wc_AsyncWait(ret, &aes->aes.asyncDev, WC_ASYNC_FLAG_NONE);
  9008. #endif
  9009. if (ret != 0)
  9010. ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
  9011. if (XMEMCMP(c2, buf, sizeof(c2)))
  9012. ERROR_OUT(WC_TEST_RET_ENC_NC, out);
  9013. /* decrypt test */
  9014. XMEMSET(buf, 0, sizeof(buf));
  9015. ret = wc_AesXtsSetKeyNoInit(aes, k2, sizeof(k2), AES_DECRYPTION);
  9016. if (ret != 0)
  9017. ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
  9018. ret = wc_AesXtsDecryptSector(aes, buf, c2, sizeof(c2), s2);
  9019. #if defined(WOLFSSL_ASYNC_CRYPT)
  9020. #ifdef WC_AES_XTS_SUPPORT_SIMULTANEOUS_ENC_AND_DEC_KEYS
  9021. ret = wc_AsyncWait(ret, &aes->aes_decrypt.asyncDev, WC_ASYNC_FLAG_NONE);
  9022. #else
  9023. ret = wc_AsyncWait(ret, &aes->aes.asyncDev, WC_ASYNC_FLAG_NONE);
  9024. #endif
  9025. #endif
  9026. if (ret != 0)
  9027. ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
  9028. if (XMEMCMP(p2, buf, sizeof(p2)))
  9029. ERROR_OUT(WC_TEST_RET_ENC_NC, out);
  9030. #if !defined(BENCH_EMBEDDED) && \
  9031. (!defined(HAVE_FIPS) || FIPS_VERSION_GE(5, 3)) && !defined(HAVE_SELFTEST)
  9032. /* encrypt consecutive sectors test */
  9033. XMEMSET(data, 0, sizeof(buf));
  9034. ret = wc_AesXtsSetKeyNoInit(aes, k3, sizeof(k3), AES_ENCRYPTION);
  9035. if (ret != 0)
  9036. ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
  9037. ret = wc_AesXtsEncryptConsecutiveSectors(aes, data, p3,
  9038. sizeof(p3), s3, sectorSz);
  9039. #if defined(WOLFSSL_ASYNC_CRYPT)
  9040. ret = wc_AsyncWait(ret, &aes->aes.asyncDev, WC_ASYNC_FLAG_NONE);
  9041. #endif
  9042. if (ret != 0)
  9043. ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
  9044. if (XMEMCMP(c3, data, sizeof(c3)))
  9045. ERROR_OUT(WC_TEST_RET_ENC_NC, out);
  9046. /* decrypt consecutive sectors test */
  9047. XMEMSET(data, 0, sizeof(buf));
  9048. ret = wc_AesXtsSetKeyNoInit(aes, k3, sizeof(k3), AES_DECRYPTION);
  9049. if (ret != 0)
  9050. ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
  9051. ret = wc_AesXtsDecryptConsecutiveSectors(aes, data, c3,
  9052. sizeof(c3), s3, sectorSz);
  9053. #if defined(WOLFSSL_ASYNC_CRYPT)
  9054. #ifdef WC_AES_XTS_SUPPORT_SIMULTANEOUS_ENC_AND_DEC_KEYS
  9055. ret = wc_AsyncWait(ret, &aes->aes_decrypt.asyncDev, WC_ASYNC_FLAG_NONE);
  9056. #else
  9057. ret = wc_AsyncWait(ret, &aes->aes.asyncDev, WC_ASYNC_FLAG_NONE);
  9058. #endif
  9059. #endif
  9060. if (ret != 0)
  9061. ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
  9062. if (XMEMCMP(p3, data, sizeof(p3)))
  9063. ERROR_OUT(WC_TEST_RET_ENC_NC, out);
  9064. #endif /* !BENCH_EMBEDDED && (!HAVE_FIPS || FIPS_VERSION_GE(5, 3)) */
  9065. out:
  9066. if (aes_inited)
  9067. wc_AesXtsFree(aes);
  9068. #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
  9069. if (aes)
  9070. XFREE(aes, HEAP_HINT, DYNAMIC_TYPE_AES);
  9071. #endif
  9072. return ret;
  9073. }
  9074. #endif /* WOLFSSL_AES_128 && WOLFSSL_AES_256 */
  9075. #ifdef WOLFSSL_AES_128
  9076. /* testing of bad arguments */
  9077. static wc_test_ret_t aes_xts_args_test(void)
  9078. {
  9079. #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
  9080. XtsAes *aes = NULL;
  9081. #else
  9082. XtsAes aes[1];
  9083. #endif
  9084. int aes_inited = 0;
  9085. wc_test_ret_t ret;
  9086. unsigned char buf[AES_BLOCK_SIZE * 2];
  9087. /* 128 key tests */
  9088. WOLFSSL_SMALL_STACK_STATIC unsigned char k1[] = {
  9089. 0xa3, 0xe4, 0x0d, 0x5b, 0xd4, 0xb6, 0xbb, 0xed,
  9090. 0xb2, 0xd1, 0x8c, 0x70, 0x0a, 0xd2, 0xdb, 0x22,
  9091. 0x10, 0xc8, 0x11, 0x90, 0x64, 0x6d, 0x67, 0x3c,
  9092. 0xbc, 0xa5, 0x3f, 0x13, 0x3e, 0xab, 0x37, 0x3c
  9093. };
  9094. WOLFSSL_SMALL_STACK_STATIC unsigned char p1[] = {
  9095. 0x20, 0xe0, 0x71, 0x94, 0x05, 0x99, 0x3f, 0x09,
  9096. 0xa6, 0x6a, 0xe5, 0xbb, 0x50, 0x0e, 0x56, 0x2c
  9097. };
  9098. WOLFSSL_SMALL_STACK_STATIC unsigned char c1[] = {
  9099. 0x74, 0x62, 0x35, 0x51, 0x21, 0x02, 0x16, 0xac,
  9100. 0x92, 0x6b, 0x96, 0x50, 0xb6, 0xd3, 0xfa, 0x52
  9101. };
  9102. word64 s1 = 141;
  9103. #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
  9104. if ((aes = (XtsAes *)XMALLOC(sizeof *aes, HEAP_HINT, DYNAMIC_TYPE_AES)) == NULL)
  9105. ERROR_OUT(WC_TEST_RET_ENC_ERRNO, out);
  9106. #endif
  9107. ret = wc_AesXtsInit(aes, HEAP_HINT, devId);
  9108. if (ret != 0)
  9109. ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
  9110. else
  9111. aes_inited = 1;
  9112. if (wc_AesXtsSetKeyNoInit(NULL, k1, sizeof(k1), AES_ENCRYPTION) == 0)
  9113. ERROR_OUT(WC_TEST_RET_ENC_NC, out);
  9114. if (wc_AesXtsSetKeyNoInit(aes, NULL, sizeof(k1), AES_ENCRYPTION) == 0)
  9115. ERROR_OUT(WC_TEST_RET_ENC_NC, out);
  9116. /* encryption operations */
  9117. ret = wc_AesXtsSetKeyNoInit(aes, k1, sizeof(k1), AES_ENCRYPTION);
  9118. if (ret != 0)
  9119. ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
  9120. ret = wc_AesXtsEncryptSector(NULL, buf, p1, sizeof(p1), s1);
  9121. #if defined(WOLFSSL_ASYNC_CRYPT)
  9122. ret = wc_AsyncWait(ret, &aes->aes.asyncDev, WC_ASYNC_FLAG_NONE);
  9123. #endif
  9124. if (ret == 0)
  9125. ERROR_OUT(WC_TEST_RET_ENC_NC, out);
  9126. ret = wc_AesXtsEncryptSector(aes, NULL, p1, sizeof(p1), s1);
  9127. #if defined(WOLFSSL_ASYNC_CRYPT)
  9128. ret = wc_AsyncWait(ret, &aes->aes.asyncDev, WC_ASYNC_FLAG_NONE);
  9129. #endif
  9130. if (ret == 0)
  9131. ERROR_OUT(WC_TEST_RET_ENC_NC, out);
  9132. /* decryption operations */
  9133. ret = wc_AesXtsSetKeyNoInit(aes, k1, sizeof(k1), AES_DECRYPTION);
  9134. if (ret != 0)
  9135. ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
  9136. ret = wc_AesXtsDecryptSector(NULL, buf, c1, sizeof(c1), s1);
  9137. #if defined(WOLFSSL_ASYNC_CRYPT)
  9138. #ifdef WC_AES_XTS_SUPPORT_SIMULTANEOUS_ENC_AND_DEC_KEYS
  9139. ret = wc_AsyncWait(ret, &aes->aes_decrypt.asyncDev, WC_ASYNC_FLAG_NONE);
  9140. #else
  9141. ret = wc_AsyncWait(ret, &aes->aes.asyncDev, WC_ASYNC_FLAG_NONE);
  9142. #endif
  9143. #endif
  9144. if (ret == 0)
  9145. ERROR_OUT(WC_TEST_RET_ENC_NC, out);
  9146. ret = wc_AesXtsDecryptSector(aes, NULL, c1, sizeof(c1), s1);
  9147. #if defined(WOLFSSL_ASYNC_CRYPT)
  9148. #ifdef WC_AES_XTS_SUPPORT_SIMULTANEOUS_ENC_AND_DEC_KEYS
  9149. ret = wc_AsyncWait(ret, &aes->aes_decrypt.asyncDev, WC_ASYNC_FLAG_NONE);
  9150. #else
  9151. ret = wc_AsyncWait(ret, &aes->aes.asyncDev, WC_ASYNC_FLAG_NONE);
  9152. #endif
  9153. #endif
  9154. if (ret == 0)
  9155. ERROR_OUT(WC_TEST_RET_ENC_NC, out);
  9156. ret = 0;
  9157. out:
  9158. if (aes_inited)
  9159. wc_AesXtsFree(aes);
  9160. #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
  9161. if (aes)
  9162. XFREE(aes, HEAP_HINT, DYNAMIC_TYPE_AES);
  9163. #endif
  9164. return ret;
  9165. }
  9166. #endif /* WOLFSSL_AES_128 */
  9167. #endif /* WOLFSSL_AES_XTS && (!HAVE_FIPS || FIPS_VERSION_GE(5,3)) */
  9168. #if defined(HAVE_AES_CBC) && defined(WOLFSSL_AES_128)
  9169. static wc_test_ret_t aes_cbc_test(void)
  9170. {
  9171. byte cipher[AES_BLOCK_SIZE];
  9172. byte plain[AES_BLOCK_SIZE];
  9173. wc_test_ret_t ret;
  9174. WOLFSSL_SMALL_STACK_STATIC const byte msg[] = { /* "Now is the time for all " w/o trailing 0 */
  9175. 0x6e,0x6f,0x77,0x20,0x69,0x73,0x20,0x74,
  9176. 0x68,0x65,0x20,0x74,0x69,0x6d,0x65,0x20,
  9177. 0x66,0x6f,0x72,0x20,0x61,0x6c,0x6c,0x20
  9178. };
  9179. byte key[] = "0123456789abcdef "; /* align */
  9180. byte iv[] = "1234567890abcdef "; /* align */
  9181. XMEMSET(cipher, 0, AES_BLOCK_SIZE);
  9182. XMEMSET(plain, 0, AES_BLOCK_SIZE);
  9183. /* Parameter Validation testing. */
  9184. ret = wc_AesCbcEncryptWithKey(cipher, msg, AES_BLOCK_SIZE, key, 17, NULL);
  9185. if (ret != BAD_FUNC_ARG)
  9186. return WC_TEST_RET_ENC_EC(ret);
  9187. #ifdef HAVE_AES_DECRYPT
  9188. ret = wc_AesCbcDecryptWithKey(plain, cipher, AES_BLOCK_SIZE, key, 17, NULL);
  9189. if (ret != BAD_FUNC_ARG)
  9190. return WC_TEST_RET_ENC_EC(ret);
  9191. #endif
  9192. ret = wc_AesCbcEncryptWithKey(cipher, msg, AES_BLOCK_SIZE, key,
  9193. AES_BLOCK_SIZE, iv);
  9194. if (ret != 0)
  9195. return WC_TEST_RET_ENC_EC(ret);
  9196. #ifdef HAVE_AES_DECRYPT
  9197. ret = wc_AesCbcDecryptWithKey(plain, cipher, AES_BLOCK_SIZE, key,
  9198. AES_BLOCK_SIZE, iv);
  9199. if (ret != 0)
  9200. return WC_TEST_RET_ENC_EC(ret);
  9201. if (XMEMCMP(plain, msg, AES_BLOCK_SIZE) != 0)
  9202. return WC_TEST_RET_ENC_NC;
  9203. #endif /* HAVE_AES_DECRYPT */
  9204. (void)plain;
  9205. return 0;
  9206. }
  9207. #endif
  9208. #if defined(HAVE_AES_ECB) && !defined(HAVE_FIPS) && !defined(HAVE_SELFTEST)
  9209. static wc_test_ret_t aesecb_test(void)
  9210. {
  9211. #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
  9212. Aes *enc = (Aes *)XMALLOC(sizeof *enc, HEAP_HINT, DYNAMIC_TYPE_AES);
  9213. #else
  9214. Aes enc[1];
  9215. #endif
  9216. int enc_inited = 0;
  9217. byte cipher[AES_BLOCK_SIZE * 4];
  9218. #ifdef HAVE_AES_DECRYPT
  9219. #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
  9220. Aes *dec = (Aes *)XMALLOC(sizeof *dec, HEAP_HINT, DYNAMIC_TYPE_AES);
  9221. #else
  9222. Aes dec[1];
  9223. #endif
  9224. int dec_inited = 0;
  9225. byte plain [AES_BLOCK_SIZE * 4];
  9226. #endif /* HAVE_AES_DECRYPT */
  9227. wc_test_ret_t ret = 0;
  9228. #if defined(WOLFSSL_AES_256)
  9229. {
  9230. WOLFSSL_SMALL_STACK_STATIC const byte niPlain[] =
  9231. {
  9232. 0x6b,0xc1,0xbe,0xe2,0x2e,0x40,0x9f,0x96,
  9233. 0xe9,0x3d,0x7e,0x11,0x73,0x93,0x17,0x2a
  9234. };
  9235. WOLFSSL_SMALL_STACK_STATIC const byte niCipher[] =
  9236. {
  9237. 0xf3,0xee,0xd1,0xbd,0xb5,0xd2,0xa0,0x3c,
  9238. 0x06,0x4b,0x5a,0x7e,0x3d,0xb1,0x81,0xf8
  9239. };
  9240. WOLFSSL_SMALL_STACK_STATIC const byte niKey[] =
  9241. {
  9242. 0x60,0x3d,0xeb,0x10,0x15,0xca,0x71,0xbe,
  9243. 0x2b,0x73,0xae,0xf0,0x85,0x7d,0x77,0x81,
  9244. 0x1f,0x35,0x2c,0x07,0x3b,0x61,0x08,0xd7,
  9245. 0x2d,0x98,0x10,0xa3,0x09,0x14,0xdf,0xf4
  9246. };
  9247. ret = wc_AesInit(enc, HEAP_HINT, devId);
  9248. if (ret != 0)
  9249. ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
  9250. enc_inited = 1;
  9251. #if defined(HAVE_AES_DECRYPT)
  9252. ret = wc_AesInit(dec, HEAP_HINT, devId);
  9253. if (ret != 0)
  9254. ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
  9255. dec_inited = 1;
  9256. #endif
  9257. XMEMSET(cipher, 0, AES_BLOCK_SIZE);
  9258. ret = wc_AesSetKey(enc, niKey, sizeof(niKey), cipher, AES_ENCRYPTION);
  9259. if (ret != 0)
  9260. ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
  9261. if (wc_AesEcbEncrypt(enc, cipher, niPlain, AES_BLOCK_SIZE) != 0)
  9262. ERROR_OUT(WC_TEST_RET_ENC_NC, out);
  9263. if (XMEMCMP(cipher, niCipher, AES_BLOCK_SIZE) != 0)
  9264. ERROR_OUT(WC_TEST_RET_ENC_NC, out);
  9265. #if defined(DEBUG_VECTOR_REGISTER_ACCESS) && defined(WC_AES_C_DYNAMIC_FALLBACK)
  9266. XMEMSET(cipher, 0, AES_BLOCK_SIZE);
  9267. WC_DEBUG_SET_VECTOR_REGISTERS_RETVAL(SYSLIB_FAILED_E);
  9268. ret = wc_AesSetKey(enc, niKey, sizeof(niKey), cipher, AES_ENCRYPTION);
  9269. WC_DEBUG_SET_VECTOR_REGISTERS_RETVAL(0);
  9270. if (ret != 0)
  9271. ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
  9272. WC_DEBUG_SET_VECTOR_REGISTERS_RETVAL(SYSLIB_FAILED_E);
  9273. ret = wc_AesEcbEncrypt(enc, cipher, niPlain, AES_BLOCK_SIZE);
  9274. WC_DEBUG_SET_VECTOR_REGISTERS_RETVAL(0);
  9275. if (ret != 0)
  9276. ERROR_OUT(WC_TEST_RET_ENC_NC, out);
  9277. if (XMEMCMP(cipher, niCipher, AES_BLOCK_SIZE) != 0)
  9278. ERROR_OUT(WC_TEST_RET_ENC_NC, out);
  9279. XMEMSET(cipher, 0, AES_BLOCK_SIZE);
  9280. ret = wc_AesEcbEncrypt(enc, cipher, niPlain, AES_BLOCK_SIZE);
  9281. if (ret != 0)
  9282. ERROR_OUT(WC_TEST_RET_ENC_NC, out);
  9283. if (XMEMCMP(cipher, niCipher, AES_BLOCK_SIZE) != 0)
  9284. ERROR_OUT(WC_TEST_RET_ENC_NC, out);
  9285. XMEMSET(cipher, 0, AES_BLOCK_SIZE);
  9286. ret = wc_AesSetKey(enc, niKey, sizeof(niKey), cipher, AES_ENCRYPTION);
  9287. WC_DEBUG_SET_VECTOR_REGISTERS_RETVAL(SYSLIB_FAILED_E);
  9288. ret = wc_AesEcbEncrypt(enc, cipher, niPlain, AES_BLOCK_SIZE);
  9289. WC_DEBUG_SET_VECTOR_REGISTERS_RETVAL(0);
  9290. if (ret != 0)
  9291. ERROR_OUT(WC_TEST_RET_ENC_NC, out);
  9292. if (XMEMCMP(cipher, niCipher, AES_BLOCK_SIZE) != 0)
  9293. ERROR_OUT(WC_TEST_RET_ENC_NC, out);
  9294. #endif
  9295. XMEMSET(plain, 0, AES_BLOCK_SIZE);
  9296. ret = wc_AesSetKey(dec, niKey, sizeof(niKey), plain, AES_DECRYPTION);
  9297. if (ret != 0)
  9298. ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
  9299. if (wc_AesEcbDecrypt(dec, plain, niCipher, AES_BLOCK_SIZE) != 0)
  9300. ERROR_OUT(WC_TEST_RET_ENC_NC, out);
  9301. if (XMEMCMP(plain, niPlain, AES_BLOCK_SIZE) != 0)
  9302. ERROR_OUT(WC_TEST_RET_ENC_NC, out);
  9303. #if defined(DEBUG_VECTOR_REGISTER_ACCESS) && defined(WC_AES_C_DYNAMIC_FALLBACK)
  9304. XMEMSET(plain, 0, AES_BLOCK_SIZE);
  9305. WC_DEBUG_SET_VECTOR_REGISTERS_RETVAL(SYSLIB_FAILED_E);
  9306. ret = wc_AesSetKey(dec, niKey, sizeof(niKey), plain, AES_DECRYPTION);
  9307. WC_DEBUG_SET_VECTOR_REGISTERS_RETVAL(0);
  9308. if (ret != 0)
  9309. ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
  9310. WC_DEBUG_SET_VECTOR_REGISTERS_RETVAL(SYSLIB_FAILED_E);
  9311. ret = wc_AesEcbDecrypt(dec, plain, niCipher, AES_BLOCK_SIZE);
  9312. WC_DEBUG_SET_VECTOR_REGISTERS_RETVAL(0);
  9313. if (ret != 0)
  9314. ERROR_OUT(WC_TEST_RET_ENC_NC, out);
  9315. if (XMEMCMP(plain, niPlain, AES_BLOCK_SIZE) != 0)
  9316. ERROR_OUT(WC_TEST_RET_ENC_NC, out);
  9317. XMEMSET(plain, 0, AES_BLOCK_SIZE);
  9318. ret = wc_AesEcbDecrypt(dec, plain, niCipher, AES_BLOCK_SIZE);
  9319. if (ret != 0)
  9320. ERROR_OUT(WC_TEST_RET_ENC_NC, out);
  9321. if (XMEMCMP(plain, niPlain, AES_BLOCK_SIZE) != 0)
  9322. ERROR_OUT(WC_TEST_RET_ENC_NC, out);
  9323. XMEMSET(plain, 0, AES_BLOCK_SIZE);
  9324. ret = wc_AesSetKey(dec, niKey, sizeof(niKey), plain, AES_DECRYPTION);
  9325. if (ret != 0)
  9326. ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
  9327. WC_DEBUG_SET_VECTOR_REGISTERS_RETVAL(SYSLIB_FAILED_E);
  9328. ret = wc_AesEcbDecrypt(dec, plain, niCipher, AES_BLOCK_SIZE);
  9329. WC_DEBUG_SET_VECTOR_REGISTERS_RETVAL(0);
  9330. if (ret != 0)
  9331. ERROR_OUT(WC_TEST_RET_ENC_NC, out);
  9332. if (XMEMCMP(plain, niPlain, AES_BLOCK_SIZE) != 0)
  9333. ERROR_OUT(WC_TEST_RET_ENC_NC, out);
  9334. #endif
  9335. }
  9336. out:
  9337. #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
  9338. if (enc) {
  9339. if (enc_inited)
  9340. wc_AesFree(enc);
  9341. XFREE(enc, HEAP_HINT, DYNAMIC_TYPE_AES);
  9342. }
  9343. #ifdef HAVE_AES_DECRYPT
  9344. if (dec) {
  9345. if (dec_inited)
  9346. wc_AesFree(dec);
  9347. XFREE(dec, HEAP_HINT, DYNAMIC_TYPE_AES);
  9348. }
  9349. #endif
  9350. #else
  9351. if (enc_inited)
  9352. wc_AesFree(enc);
  9353. #ifdef HAVE_AES_DECRYPT
  9354. if (dec_inited)
  9355. wc_AesFree(dec);
  9356. #endif
  9357. #endif
  9358. #endif /* WOLFSSL_AES_256 */
  9359. return ret;
  9360. }
  9361. #endif /* HAVE_AES_ECB */
  9362. #ifdef WOLFSSL_AES_COUNTER
  9363. static wc_test_ret_t aesctr_test(Aes* enc, Aes* dec, byte* cipher, byte* plain)
  9364. {
  9365. wc_test_ret_t ret = 0;
  9366. /* test vectors from "Recommendation for Block Cipher Modes of
  9367. * Operation" NIST Special Publication 800-38A */
  9368. WOLFSSL_SMALL_STACK_STATIC const byte ctrIv[] =
  9369. {
  9370. 0xf0,0xf1,0xf2,0xf3,0xf4,0xf5,0xf6,0xf7,
  9371. 0xf8,0xf9,0xfa,0xfb,0xfc,0xfd,0xfe,0xff
  9372. };
  9373. WOLFSSL_SMALL_STACK_STATIC const byte ctrPlain[] =
  9374. {
  9375. 0x6b,0xc1,0xbe,0xe2,0x2e,0x40,0x9f,0x96,
  9376. 0xe9,0x3d,0x7e,0x11,0x73,0x93,0x17,0x2a,
  9377. 0xae,0x2d,0x8a,0x57,0x1e,0x03,0xac,0x9c,
  9378. 0x9e,0xb7,0x6f,0xac,0x45,0xaf,0x8e,0x51,
  9379. 0x30,0xc8,0x1c,0x46,0xa3,0x5c,0xe4,0x11,
  9380. 0xe5,0xfb,0xc1,0x19,0x1a,0x0a,0x52,0xef,
  9381. 0xf6,0x9f,0x24,0x45,0xdf,0x4f,0x9b,0x17,
  9382. 0xad,0x2b,0x41,0x7b,0xe6,0x6c,0x37,0x10
  9383. };
  9384. #ifdef WOLFSSL_ARMASM
  9385. WOLFSSL_SMALL_STACK_STATIC const byte ctrIvWrap32[] =
  9386. {
  9387. 0xff,0xff,0xff,0xff,0x0f,0xff,0xff,0xff,
  9388. 0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff
  9389. };
  9390. WOLFSSL_SMALL_STACK_STATIC const byte ctrIvWrap32_2[] =
  9391. {
  9392. 0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,
  9393. 0xff,0xff,0xff,0xff,0x0f,0xff,0xff,0xfe
  9394. };
  9395. WOLFSSL_SMALL_STACK_STATIC const byte ctrIvWrap64[] =
  9396. {
  9397. 0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,
  9398. 0x0f,0xff,0xff,0xff,0xff,0xff,0xff,0xff
  9399. };
  9400. WOLFSSL_SMALL_STACK_STATIC const byte ctrIvWrap64_2[] =
  9401. {
  9402. 0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xf0,
  9403. 0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xfe
  9404. };
  9405. WOLFSSL_SMALL_STACK_STATIC const byte ctrIvWrap96[] =
  9406. {
  9407. 0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,
  9408. 0xff,0xff,0xff,0xff,0x0f,0xff,0xff,0xff
  9409. };
  9410. WOLFSSL_SMALL_STACK_STATIC const byte ctrIvWrap96_2[] =
  9411. {
  9412. 0xff,0xff,0xff,0xf0,0xff,0xff,0xff,0xff,
  9413. 0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xfe
  9414. };
  9415. #endif
  9416. WOLFSSL_SMALL_STACK_STATIC const byte ctrIvWrap128[] =
  9417. {
  9418. 0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,
  9419. 0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff
  9420. };
  9421. #ifdef WOLFSSL_ARMASM
  9422. WOLFSSL_SMALL_STACK_STATIC const byte ctrIvWrap128_2[] =
  9423. {
  9424. 0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,
  9425. 0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xfe
  9426. };
  9427. #endif
  9428. #ifdef WOLFSSL_AES_128
  9429. WOLFSSL_SMALL_STACK_STATIC const byte oddCipher[] =
  9430. {
  9431. 0xb9,0xd7,0xcb,0x08,0xb0,0xe1,0x7b,0xa0,
  9432. 0xc2
  9433. };
  9434. WOLFSSL_SMALL_STACK_STATIC const byte ctr128Key[] =
  9435. {
  9436. 0x2b,0x7e,0x15,0x16,0x28,0xae,0xd2,0xa6,
  9437. 0xab,0xf7,0x15,0x88,0x09,0xcf,0x4f,0x3c
  9438. };
  9439. WOLFSSL_SMALL_STACK_STATIC const byte ctr128Cipher[] =
  9440. {
  9441. 0x87,0x4d,0x61,0x91,0xb6,0x20,0xe3,0x26,
  9442. 0x1b,0xef,0x68,0x64,0x99,0x0d,0xb6,0xce,
  9443. 0x98,0x06,0xf6,0x6b,0x79,0x70,0xfd,0xff,
  9444. 0x86,0x17,0x18,0x7b,0xb9,0xff,0xfd,0xff,
  9445. 0x5a,0xe4,0xdf,0x3e,0xdb,0xd5,0xd3,0x5e,
  9446. 0x5b,0x4f,0x09,0x02,0x0d,0xb0,0x3e,0xab,
  9447. 0x1e,0x03,0x1d,0xda,0x2f,0xbe,0x03,0xd1,
  9448. 0x79,0x21,0x70,0xa0,0xf3,0x00,0x9c,0xee
  9449. };
  9450. #ifdef WOLFSSL_ARMASM
  9451. WOLFSSL_SMALL_STACK_STATIC const byte ctr128Wrap32Cipher[] =
  9452. {
  9453. 0xb3,0x8b,0x58,0xbc,0xce,0xf4,0x71,0x78,
  9454. 0xf6,0x7c,0xdb,0xb4,0x27,0x2b,0x0a,0xbf,
  9455. 0x7e,0xad,0xea,0x5c,0xd1
  9456. };
  9457. WOLFSSL_SMALL_STACK_STATIC const byte ctr128Wrap32CipherLong[] =
  9458. {
  9459. 0xb3,0x8b,0x58,0xbc,0xce,0xf4,0x71,0x78,
  9460. 0xf6,0x7c,0xdb,0xb4,0x27,0x2b,0x0a,0xbf,
  9461. 0x7e,0xad,0xea,0x5c,0xd1,0xb7,0x98,0xf0,
  9462. 0x22,0x20,0xfe,0x67,0xb0,0x02,0x23,0x50
  9463. };
  9464. WOLFSSL_SMALL_STACK_STATIC const byte ctr128Wrap32_2CipherLong[] =
  9465. {
  9466. 0x6e,0xa1,0x27,0x4d,0xea,0x20,0x5f,0x39,
  9467. 0x68,0xc8,0xb6,0x78,0xde,0xfc,0x53,0x5c,
  9468. 0x90,0xc8,0xf6,0xc6,0xfa,0xe0,0x7b,0x09,
  9469. 0x7c,0xf8,0x9c,0x6a,0x5a,0xa5,0x17,0x7f,
  9470. 0x03,0x92,0x5f,0x4e,0x85,0xea,0x26,0xc9,
  9471. 0x5a,0xc2,0x74,0xe2,0xbf,0xe4,0x1b,0xd4
  9472. };
  9473. WOLFSSL_SMALL_STACK_STATIC const byte ctr128Wrap64Cipher[] =
  9474. {
  9475. 0xdd,0x17,0x10,0x7c,0x45,0x04,0xac,0x43,
  9476. 0xef,0xa8,0xcc,0x32,0x34,0x87,0x88,0xd7,
  9477. 0xae,0x74,0x94,0x72,0x8e
  9478. };
  9479. WOLFSSL_SMALL_STACK_STATIC const byte ctr128Wrap64CipherLong[] =
  9480. {
  9481. 0xdd,0x17,0x10,0x7c,0x45,0x04,0xac,0x43,
  9482. 0xef,0xa8,0xcc,0x32,0x34,0x87,0x88,0xd7,
  9483. 0xae,0x74,0x94,0x72,0x8e,0xd0,0x71,0xc0,
  9484. 0x89,0x8a,0xa1,0xb0,0x29,0xa0,0x10,0x9e
  9485. };
  9486. WOLFSSL_SMALL_STACK_STATIC const byte ctr128Wrap64_2CipherLong[] =
  9487. {
  9488. 0x3f,0xe7,0xd5,0xf3,0xfa,0x09,0xfe,0x40,
  9489. 0xa6,0xa1,0x32,0x8b,0x57,0x12,0xb9,0xfa,
  9490. 0xf2,0x2d,0xe4,0x3c,0x66,0x1d,0x0a,0x8e,
  9491. 0x46,0xf8,0x2e,0x33,0xce,0x8d,0x4e,0x3b,
  9492. 0x17,0x67,0x9e,0x9f,0x76,0x9e,0xc2,0x99,
  9493. 0xd5,0xd4,0x71,0xed,0xb4,0x33,0xb2,0xcd
  9494. };
  9495. WOLFSSL_SMALL_STACK_STATIC const byte ctr128Wrap96Cipher[] =
  9496. {
  9497. 0x55,0x24,0xc2,0x73,0xca,0xa3,0x48,0x03,
  9498. 0x0b,0x72,0x8d,0xd7,0x6c,0x99,0x8e,0x04,
  9499. 0x9d,0x77,0xc9,0x5f,0x38
  9500. };
  9501. WOLFSSL_SMALL_STACK_STATIC const byte ctr128Wrap96CipherLong[] =
  9502. {
  9503. 0x55,0x24,0xc2,0x73,0xca,0xa3,0x48,0x03,
  9504. 0x0b,0x72,0x8d,0xd7,0x6c,0x99,0x8e,0x04,
  9505. 0x9d,0x77,0xc9,0x5f,0x38,0xb5,0x6e,0x44,
  9506. 0x21,0x8e,0xda,0x57,0xe0,0x41,0xc7,0x6a
  9507. };
  9508. WOLFSSL_SMALL_STACK_STATIC const byte ctr128Wrap96_2CipherLong[] =
  9509. {
  9510. 0xc8,0x81,0x1a,0xbe,0xc7,0x5b,0x93,0x6f,
  9511. 0xe6,0x52,0xe4,0xb1,0x2d,0x1c,0x39,0xbc,
  9512. 0xeb,0x82,0x27,0x0a,0x7e,0xa5,0x0e,0x2d,
  9513. 0x32,0xda,0xbe,0x10,0x7a,0x10,0xcc,0xd3,
  9514. 0x6f,0xc6,0x83,0x28,0x05,0x57,0x8a,0x24,
  9515. 0x44,0x76,0x17,0x81,0xb9,0x5c,0x94,0x81
  9516. };
  9517. #endif
  9518. WOLFSSL_SMALL_STACK_STATIC const byte ctr128Wrap128Cipher[] =
  9519. {
  9520. 0xe1,0x33,0x38,0xe3,0x6c,0xb7,0x19,0x62,
  9521. 0xe0,0x0d,0x02,0x0b,0x4c,0xed,0xbd,0x86,
  9522. 0xd3,0xda,0xe1,0x5b,0x04
  9523. };
  9524. WOLFSSL_SMALL_STACK_STATIC const byte ctr128Wrap128CipherLong[] =
  9525. {
  9526. 0xe1,0x33,0x38,0xe3,0x6c,0xb7,0x19,0x62,
  9527. 0xe0,0x0d,0x02,0x0b,0x4c,0xed,0xbd,0x86,
  9528. 0xd3,0xda,0xe1,0x5b,0x04,0xbb,0x35,0x2f,
  9529. 0xa0,0xf5,0x9f,0xeb,0xfc,0xb4,0xda,0x3e
  9530. };
  9531. #ifdef WOLFSSL_ARMASM
  9532. WOLFSSL_SMALL_STACK_STATIC const byte ctr128Wrap128_2CipherLong[] =
  9533. {
  9534. 0xba,0x76,0xaa,0x54,0xd5,0xb5,0x60,0x67,
  9535. 0xc1,0xa7,0x90,0x3b,0x3f,0xdd,0xfa,0x89,
  9536. 0x24,0xdf,0x0c,0x56,0x5c,0xf4,0x2a,0x68,
  9537. 0x97,0x87,0x13,0xb6,0x7a,0xd1,0x24,0xfd,
  9538. 0x4d,0x3f,0x77,0x4a,0xb9,0xe4,0x7d,0xa2,
  9539. 0xdb,0xb9,0x31,0x5e,0xa3,0x11,0x06,0x80
  9540. };
  9541. #endif
  9542. #endif /* WOLFSSL_AES_128 */
  9543. #ifdef WOLFSSL_AES_192
  9544. WOLFSSL_SMALL_STACK_STATIC const byte ctr192Key[] =
  9545. {
  9546. 0x8e,0x73,0xb0,0xf7,0xda,0x0e,0x64,0x52,
  9547. 0xc8,0x10,0xf3,0x2b,0x80,0x90,0x79,0xe5,
  9548. 0x62,0xf8,0xea,0xd2,0x52,0x2c,0x6b,0x7b
  9549. };
  9550. WOLFSSL_SMALL_STACK_STATIC const byte ctr192Cipher[] =
  9551. {
  9552. 0x1a,0xbc,0x93,0x24,0x17,0x52,0x1c,0xa2,
  9553. 0x4f,0x2b,0x04,0x59,0xfe,0x7e,0x6e,0x0b,
  9554. 0x09,0x03,0x39,0xec,0x0a,0xa6,0xfa,0xef,
  9555. 0xd5,0xcc,0xc2,0xc6,0xf4,0xce,0x8e,0x94,
  9556. 0x1e,0x36,0xb2,0x6b,0xd1,0xeb,0xc6,0x70,
  9557. 0xd1,0xbd,0x1d,0x66,0x56,0x20,0xab,0xf7,
  9558. 0x4f,0x78,0xa7,0xf6,0xd2,0x98,0x09,0x58,
  9559. 0x5a,0x97,0xda,0xec,0x58,0xc6,0xb0,0x50
  9560. };
  9561. #ifdef WOLFSSL_ARMASM
  9562. WOLFSSL_SMALL_STACK_STATIC const byte ctr192Wrap32Cipher[] =
  9563. {
  9564. 0x28,0xaa,0xfa,0x90,0x72,0x74,0x86,0xaf,
  9565. 0x72,0x73,0x35,0x17,0x70,0x4e,0x7d,0xca,
  9566. 0x0c,0x33,0x97,0x06,0xc0
  9567. };
  9568. WOLFSSL_SMALL_STACK_STATIC const byte ctr192Wrap32CipherLong[] =
  9569. {
  9570. 0x28,0xaa,0xfa,0x90,0x72,0x74,0x86,0xaf,
  9571. 0x72,0x73,0x35,0x17,0x70,0x4e,0x7d,0xca,
  9572. 0x0c,0x33,0x97,0x06,0xc0,0xbe,0x83,0x87,
  9573. 0xdd,0xd3,0xff,0xd8,0xe4,0x6a,0x5b,0x84
  9574. };
  9575. WOLFSSL_SMALL_STACK_STATIC const byte ctr192Wrap32_2CipherLong[] =
  9576. {
  9577. 0xf5,0x00,0xa2,0x91,0x54,0xa3,0x76,0xa2,
  9578. 0xdd,0xad,0x16,0x89,0xe5,0xf0,0x1d,0x40,
  9579. 0x84,0xcd,0x74,0x84,0xcb,0x8b,0x9e,0x29,
  9580. 0xa9,0x8a,0x12,0x65,0xa0,0x79,0x5e,0xce,
  9581. 0xd9,0x50,0x65,0x21,0x86,0xb0,0x85,0x0d,
  9582. 0x98,0x2d,0x9a,0x5a,0x11,0xbe,0xa5,0x7f
  9583. };
  9584. WOLFSSL_SMALL_STACK_STATIC const byte ctr192Wrap64Cipher[] =
  9585. {
  9586. 0xfe,0x39,0x27,0x97,0xac,0xe5,0xb8,0x74,
  9587. 0xb9,0x8c,0xbf,0x58,0x71,0xa4,0x80,0x33,
  9588. 0x3d,0xf7,0xb4,0xfd,0x8c
  9589. };
  9590. WOLFSSL_SMALL_STACK_STATIC const byte ctr192Wrap64CipherLong[] =
  9591. {
  9592. 0xfe,0x39,0x27,0x97,0xac,0xe5,0xb8,0x74,
  9593. 0xb9,0x8c,0xbf,0x58,0x71,0xa4,0x80,0x33,
  9594. 0x3d,0xf7,0xb4,0xfd,0x8c,0x55,0x47,0x10,
  9595. 0xd5,0x91,0x35,0xbe,0xd8,0x0d,0xa5,0x9e
  9596. };
  9597. WOLFSSL_SMALL_STACK_STATIC const byte ctr192Wrap64_2CipherLong[] =
  9598. {
  9599. 0x59,0xf1,0xed,0x70,0x62,0x42,0xa8,0x06,
  9600. 0x07,0x36,0xe1,0xc5,0x04,0x79,0xc3,0x9b,
  9601. 0xd1,0x14,0x5c,0xcc,0x6f,0x81,0x5f,0x2f,
  9602. 0xa0,0xde,0xcf,0x61,0x55,0x18,0x7a,0xac,
  9603. 0xb0,0x59,0x37,0x90,0x53,0xb3,0x00,0x88,
  9604. 0xb4,0x49,0x90,0x7b,0x96,0xcd,0xcc,0xc3
  9605. };
  9606. WOLFSSL_SMALL_STACK_STATIC const byte ctr192Wrap96Cipher[] =
  9607. {
  9608. 0x41,0x21,0x40,0x31,0xfb,0xc8,0xad,0x23,
  9609. 0xde,0x00,0x03,0xd8,0x96,0x45,0xc7,0xb5,
  9610. 0x47,0xb5,0xf3,0x30,0x3b
  9611. };
  9612. WOLFSSL_SMALL_STACK_STATIC const byte ctr192Wrap96CipherLong[] =
  9613. {
  9614. 0x41,0x21,0x40,0x31,0xfb,0xc8,0xad,0x23,
  9615. 0xde,0x00,0x03,0xd8,0x96,0x45,0xc7,0xb5,
  9616. 0x47,0xb5,0xf3,0x30,0x3b,0xef,0xcd,0x80,
  9617. 0xe3,0x61,0x34,0xef,0x4e,0x1b,0x79,0xc1
  9618. };
  9619. WOLFSSL_SMALL_STACK_STATIC const byte ctr192Wrap96_2CipherLong[] =
  9620. {
  9621. 0x3c,0xb2,0xff,0xc0,0x24,0xe1,0xf5,0xc4,
  9622. 0x0f,0xd1,0x0a,0x1b,0xbe,0x1f,0x23,0xa1,
  9623. 0x8e,0xbf,0x2b,0x96,0xb6,0x37,0xc8,0x25,
  9624. 0x06,0x90,0xe2,0xca,0x71,0x24,0x52,0x95,
  9625. 0xaa,0x8c,0x80,0xdf,0xb7,0xd7,0x30,0xb0,
  9626. 0xcc,0x06,0x4f,0x28,0xa2,0x74,0x27,0xf8
  9627. };
  9628. #endif
  9629. WOLFSSL_SMALL_STACK_STATIC const byte ctr192Wrap128Cipher[] =
  9630. {
  9631. 0x5c,0xc3,0x8f,0xab,0x30,0xb6,0xac,0x67,
  9632. 0xdc,0xc2,0x1e,0x7b,0x01,0x2e,0xcf,0x98,
  9633. 0x8c,0x68,0xa7,0xd9,0x57
  9634. };
  9635. WOLFSSL_SMALL_STACK_STATIC const byte ctr192Wrap128CipherLong[] =
  9636. {
  9637. 0x5c,0xc3,0x8f,0xab,0x30,0xb6,0xac,0x67,
  9638. 0xdc,0xc2,0x1e,0x7b,0x01,0x2e,0xcf,0x98,
  9639. 0x8c,0x68,0xa7,0xd9,0x57,0xab,0x09,0x0f,
  9640. 0x01,0xc4,0x4e,0x62,0xaf,0xc2,0xdf,0x1a
  9641. };
  9642. #ifdef WOLFSSL_ARMASM
  9643. WOLFSSL_SMALL_STACK_STATIC const byte ctr192Wrap128_2CipherLong[] =
  9644. {
  9645. 0x88,0x0a,0x26,0x4e,0xa8,0x26,0x21,0xe0,
  9646. 0xfc,0xbc,0x63,0xdc,0xd9,0x60,0x52,0xb2,
  9647. 0x99,0x2f,0xbb,0x1e,0x00,0xf5,0x9f,0x6d,
  9648. 0xab,0x48,0x0f,0xc6,0x37,0x12,0x56,0xe3,
  9649. 0x12,0x8d,0x31,0xc8,0xea,0xf4,0x41,0x82,
  9650. 0x7a,0x88,0xe0,0xd7,0xf0,0x67,0x03,0xa4
  9651. };
  9652. #endif
  9653. #endif
  9654. #ifdef WOLFSSL_AES_256
  9655. WOLFSSL_SMALL_STACK_STATIC const byte ctr256Key[] =
  9656. {
  9657. 0x60,0x3d,0xeb,0x10,0x15,0xca,0x71,0xbe,
  9658. 0x2b,0x73,0xae,0xf0,0x85,0x7d,0x77,0x81,
  9659. 0x1f,0x35,0x2c,0x07,0x3b,0x61,0x08,0xd7,
  9660. 0x2d,0x98,0x10,0xa3,0x09,0x14,0xdf,0xf4
  9661. };
  9662. WOLFSSL_SMALL_STACK_STATIC const byte ctr256Cipher[] =
  9663. {
  9664. 0x60,0x1e,0xc3,0x13,0x77,0x57,0x89,0xa5,
  9665. 0xb7,0xa7,0xf5,0x04,0xbb,0xf3,0xd2,0x28,
  9666. 0xf4,0x43,0xe3,0xca,0x4d,0x62,0xb5,0x9a,
  9667. 0xca,0x84,0xe9,0x90,0xca,0xca,0xf5,0xc5,
  9668. 0x2b,0x09,0x30,0xda,0xa2,0x3d,0xe9,0x4c,
  9669. 0xe8,0x70,0x17,0xba,0x2d,0x84,0x98,0x8d,
  9670. 0xdf,0xc9,0xc5,0x8d,0xb6,0x7a,0xad,0xa6,
  9671. 0x13,0xc2,0xdd,0x08,0x45,0x79,0x41,0xa6
  9672. };
  9673. #ifdef WOLFSSL_ARMASM
  9674. WOLFSSL_SMALL_STACK_STATIC const byte ctr256Wrap32Cipher[] =
  9675. {
  9676. 0xb0,0xa8,0xc0,0x65,0x85,0x20,0x0d,0x5c,
  9677. 0x25,0xcf,0xe7,0x58,0x63,0xc8,0xd4,0xea,
  9678. 0xa2,0x13,0x47,0x74,0xda
  9679. };
  9680. WOLFSSL_SMALL_STACK_STATIC const byte ctr256Wrap32CipherLong[] =
  9681. {
  9682. 0xb0,0xa8,0xc0,0x65,0x85,0x20,0x0d,0x5c,
  9683. 0x25,0xcf,0xe7,0x58,0x63,0xc8,0xd4,0xea,
  9684. 0xa2,0x13,0x47,0x74,0xda,0x89,0x77,0x40,
  9685. 0x28,0x9c,0xe8,0x19,0x26,0x32,0xd8,0x1f
  9686. };
  9687. WOLFSSL_SMALL_STACK_STATIC const byte ctr256Wrap32_2CipherLong[] =
  9688. {
  9689. 0xf6,0xd9,0x22,0xc6,0x80,0x29,0xaf,0x14,
  9690. 0x54,0x6c,0x0a,0xce,0x42,0xea,0x3c,0xa1,
  9691. 0x7c,0xeb,0x36,0x0d,0x8e,0xd7,0x8c,0x59,
  9692. 0xa8,0x09,0x9f,0x9e,0xba,0x5b,0x95,0xfa,
  9693. 0x26,0x8c,0x37,0x59,0xf8,0xae,0x8e,0xaa,
  9694. 0x4d,0xe4,0x1c,0xfe,0x51,0xc7,0xb7,0xcc
  9695. };
  9696. WOLFSSL_SMALL_STACK_STATIC const byte ctr256Wrap64Cipher[] =
  9697. {
  9698. 0x74,0x1a,0x52,0x41,0x76,0xb4,0x11,0x8f,
  9699. 0xfd,0x57,0x31,0xfd,0x3d,0x76,0x8f,0x07,
  9700. 0xd4,0x94,0x4c,0xcd,0x4d
  9701. };
  9702. WOLFSSL_SMALL_STACK_STATIC const byte ctr256Wrap64CipherLong[] =
  9703. {
  9704. 0x74,0x1a,0x52,0x41,0x76,0xb4,0x11,0x8f,
  9705. 0xfd,0x57,0x31,0xfd,0x3d,0x76,0x8f,0x07,
  9706. 0xd4,0x94,0x4c,0xcd,0x4d,0x47,0x5a,0x92,
  9707. 0x26,0x49,0x81,0x7a,0xda,0x36,0x27,0x01
  9708. };
  9709. WOLFSSL_SMALL_STACK_STATIC const byte ctr256Wrap64_2CipherLong[] =
  9710. {
  9711. 0xf7,0x9c,0xbf,0xf6,0xa2,0xaa,0x8a,0x0a,
  9712. 0x63,0x8a,0x20,0x2f,0x12,0xf1,0x8e,0x49,
  9713. 0x30,0xc0,0x8d,0x5c,0x5f,0x8b,0xbc,0x16,
  9714. 0xdd,0x71,0xee,0x13,0x14,0x7b,0xe1,0x25,
  9715. 0xcb,0x87,0x8a,0xc6,0xdc,0x1d,0x54,0x7a,
  9716. 0xe1,0xe4,0x6f,0x0d,0x95,0x1b,0xd1,0x8b
  9717. };
  9718. WOLFSSL_SMALL_STACK_STATIC const byte ctr256Wrap96Cipher[] =
  9719. {
  9720. 0xb9,0x07,0x02,0xb8,0xbe,0x94,0xbf,0x53,
  9721. 0xdf,0x83,0x8e,0x23,0x8c,0x67,0x0c,0x81,
  9722. 0xb8,0x69,0xa1,0x48,0x45
  9723. };
  9724. WOLFSSL_SMALL_STACK_STATIC const byte ctr256Wrap96CipherLong[] =
  9725. {
  9726. 0xb9,0x07,0x02,0xb8,0xbe,0x94,0xbf,0x53,
  9727. 0xdf,0x83,0x8e,0x23,0x8c,0x67,0x0c,0x81,
  9728. 0xb8,0x69,0xa1,0x48,0x45,0xf1,0xc6,0x27,
  9729. 0x36,0xa8,0xb2,0x4b,0x0e,0x62,0x6b,0x72
  9730. };
  9731. WOLFSSL_SMALL_STACK_STATIC const byte ctr256Wrap96_2CipherLong[] =
  9732. {
  9733. 0xd5,0x56,0x73,0xaa,0xb8,0xe4,0x06,0xf6,
  9734. 0x83,0x45,0x3a,0xb4,0xb9,0x63,0xec,0xad,
  9735. 0x73,0xc5,0xab,0x78,0xb1,0x21,0xab,0xef,
  9736. 0x69,0x15,0xb7,0x0c,0xe9,0xb4,0x3a,0xe7,
  9737. 0xbc,0xc4,0x22,0xbd,0x93,0xba,0x52,0xe0,
  9738. 0x91,0x2f,0x5e,0x8d,0x6d,0x59,0xf7,0xc2
  9739. };
  9740. #endif
  9741. WOLFSSL_SMALL_STACK_STATIC const byte ctr256Wrap128Cipher[] =
  9742. {
  9743. 0x50,0xfd,0x97,0xc3,0xe6,0x1a,0xbb,0x48,
  9744. 0x73,0xfb,0x78,0xdf,0x1e,0x8e,0x77,0xe6,
  9745. 0x4b,0x45,0x7c,0xd6,0x8a
  9746. };
  9747. WOLFSSL_SMALL_STACK_STATIC const byte ctr256Wrap128CipherLong[] =
  9748. {
  9749. 0x50,0xfd,0x97,0xc3,0xe6,0x1a,0xbb,0x48,
  9750. 0x73,0xfb,0x78,0xdf,0x1e,0x8e,0x77,0xe6,
  9751. 0x4b,0x45,0x7c,0xd6,0x8a,0xcc,0xda,0x4a,
  9752. 0x89,0xfa,0x23,0x6c,0x06,0xbf,0x26,0x05
  9753. };
  9754. #ifdef WOLFSSL_ARMASM
  9755. WOLFSSL_SMALL_STACK_STATIC const byte ctr256Wrap128_2CipherLong[] =
  9756. {
  9757. 0x24,0x5c,0x09,0xa0,0x3b,0x1a,0x5a,0x94,
  9758. 0x2b,0x93,0x56,0x13,0x48,0xa0,0x21,0xce,
  9759. 0x95,0x11,0xa3,0x76,0xd6,0x59,0x88,0x42,
  9760. 0x04,0x71,0x69,0x62,0x28,0xb2,0xee,0x9d,
  9761. 0xd5,0xa0,0xea,0xc7,0x37,0x93,0x92,0xc7,
  9762. 0xf2,0xb6,0x8d,0xd9,0x59,0x1a,0xfa,0xbb
  9763. };
  9764. #endif
  9765. #endif
  9766. int i;
  9767. struct {
  9768. const byte* key;
  9769. int keySz;
  9770. const byte* iv;
  9771. const byte* plain;
  9772. int len;
  9773. const byte* cipher;
  9774. } testVec[] = {
  9775. #ifdef WOLFSSL_AES_128
  9776. { ctr128Key, (int)sizeof(ctr128Key), ctrIv,
  9777. ctrPlain, (int)sizeof(ctrPlain), ctr128Cipher },
  9778. /* let's try with just 9 bytes, non block size test */
  9779. { ctr128Key, (int)sizeof(ctr128Key), ctrIv,
  9780. ctrPlain, (int)sizeof(oddCipher), ctr128Cipher },
  9781. /* and an additional 9 bytes to reuse tmp left buffer */
  9782. { NULL, 0, NULL, ctrPlain, (int)sizeof(oddCipher), oddCipher },
  9783. /* Counter wrapping */
  9784. { ctr128Key, (int)sizeof(ctr128Key), ctrIvWrap128,
  9785. ctrPlain, (int)sizeof(ctr128Wrap128Cipher), ctr128Wrap128Cipher },
  9786. { ctr128Key, (int)sizeof(ctr128Key), ctrIvWrap128,
  9787. ctrPlain, (int)sizeof(ctr128Wrap128CipherLong),
  9788. ctr128Wrap128CipherLong },
  9789. #ifdef WOLFSSL_ARMASM
  9790. { ctr128Key, (int)sizeof(ctr128Key), ctrIvWrap128_2,
  9791. ctrPlain, (int)sizeof(ctr128Wrap128_2CipherLong),
  9792. ctr128Wrap128_2CipherLong },
  9793. { ctr128Key, (int)sizeof(ctr128Key), ctrIvWrap96,
  9794. ctrPlain, (int)sizeof(ctr128Wrap96Cipher), ctr128Wrap96Cipher },
  9795. { ctr128Key, (int)sizeof(ctr128Key), ctrIvWrap96,
  9796. ctrPlain, (int)sizeof(ctr128Wrap96CipherLong),
  9797. ctr128Wrap96CipherLong },
  9798. { ctr128Key, (int)sizeof(ctr128Key), ctrIvWrap96_2,
  9799. ctrPlain, (int)sizeof(ctr128Wrap96_2CipherLong),
  9800. ctr128Wrap96_2CipherLong },
  9801. { ctr128Key, (int)sizeof(ctr128Key), ctrIvWrap64,
  9802. ctrPlain, (int)sizeof(ctr128Wrap64Cipher), ctr128Wrap64Cipher },
  9803. { ctr128Key, (int)sizeof(ctr128Key), ctrIvWrap64,
  9804. ctrPlain, (int)sizeof(ctr128Wrap64CipherLong),
  9805. ctr128Wrap64CipherLong },
  9806. { ctr128Key, (int)sizeof(ctr128Key), ctrIvWrap64_2,
  9807. ctrPlain, (int)sizeof(ctr128Wrap64_2CipherLong),
  9808. ctr128Wrap64_2CipherLong },
  9809. { ctr128Key, (int)sizeof(ctr128Key), ctrIvWrap32,
  9810. ctrPlain, (int)sizeof(ctr128Wrap32Cipher), ctr128Wrap32Cipher },
  9811. { ctr128Key, (int)sizeof(ctr128Key), ctrIvWrap32,
  9812. ctrPlain, (int)sizeof(ctr128Wrap32CipherLong),
  9813. ctr128Wrap32CipherLong },
  9814. { ctr128Key, (int)sizeof(ctr128Key), ctrIvWrap32_2,
  9815. ctrPlain, (int)sizeof(ctr128Wrap32_2CipherLong),
  9816. ctr128Wrap32_2CipherLong },
  9817. #endif
  9818. #endif
  9819. #ifdef WOLFSSL_AES_192
  9820. { ctr192Key, (int)sizeof(ctr192Key), ctrIv,
  9821. ctrPlain, (int)sizeof(ctrPlain), ctr192Cipher },
  9822. /* let's try with just 9 bytes, non block size test */
  9823. { ctr192Key, (int)sizeof(ctr192Key), ctrIv,
  9824. ctrPlain, (int)sizeof(oddCipher), ctr192Cipher },
  9825. /* Counter wrapping */
  9826. { ctr192Key, (int)sizeof(ctr192Key), ctrIvWrap128,
  9827. ctrPlain, (int)sizeof(ctr192Wrap128Cipher), ctr192Wrap128Cipher },
  9828. { ctr192Key, (int)sizeof(ctr192Key), ctrIvWrap128,
  9829. ctrPlain, (int)sizeof(ctr192Wrap128CipherLong),
  9830. ctr192Wrap128CipherLong },
  9831. #ifdef WOLFSSL_ARMASM
  9832. { ctr192Key, (int)sizeof(ctr192Key), ctrIvWrap128_2,
  9833. ctrPlain, (int)sizeof(ctr192Wrap128_2CipherLong),
  9834. ctr192Wrap128_2CipherLong },
  9835. { ctr192Key, (int)sizeof(ctr192Key), ctrIvWrap96,
  9836. ctrPlain, (int)sizeof(ctr192Wrap96Cipher), ctr192Wrap96Cipher },
  9837. { ctr192Key, (int)sizeof(ctr192Key), ctrIvWrap96,
  9838. ctrPlain, (int)sizeof(ctr192Wrap96CipherLong),
  9839. ctr192Wrap96CipherLong },
  9840. { ctr192Key, (int)sizeof(ctr192Key), ctrIvWrap96_2,
  9841. ctrPlain, (int)sizeof(ctr192Wrap96_2CipherLong),
  9842. ctr192Wrap96_2CipherLong },
  9843. { ctr192Key, (int)sizeof(ctr192Key), ctrIvWrap64,
  9844. ctrPlain, (int)sizeof(ctr192Wrap64Cipher), ctr192Wrap64Cipher },
  9845. { ctr192Key, (int)sizeof(ctr192Key), ctrIvWrap64,
  9846. ctrPlain, (int)sizeof(ctr192Wrap64CipherLong),
  9847. ctr192Wrap64CipherLong },
  9848. { ctr192Key, (int)sizeof(ctr192Key), ctrIvWrap64_2,
  9849. ctrPlain, (int)sizeof(ctr192Wrap64_2CipherLong),
  9850. ctr192Wrap64_2CipherLong },
  9851. { ctr192Key, (int)sizeof(ctr192Key), ctrIvWrap32,
  9852. ctrPlain, (int)sizeof(ctr192Wrap32Cipher), ctr192Wrap32Cipher },
  9853. { ctr192Key, (int)sizeof(ctr192Key), ctrIvWrap32,
  9854. ctrPlain, (int)sizeof(ctr192Wrap32CipherLong),
  9855. ctr192Wrap32CipherLong },
  9856. { ctr192Key, (int)sizeof(ctr192Key), ctrIvWrap32_2,
  9857. ctrPlain, (int)sizeof(ctr192Wrap32_2CipherLong),
  9858. ctr192Wrap32_2CipherLong },
  9859. #endif
  9860. #endif
  9861. #ifdef WOLFSSL_AES_256
  9862. { ctr256Key, (int)sizeof(ctr256Key), ctrIv,
  9863. ctrPlain, (int)sizeof(ctrPlain), ctr256Cipher },
  9864. /* let's try with just 9 bytes, non block size test */
  9865. { ctr256Key, (int)sizeof(ctr256Key), ctrIv,
  9866. ctrPlain, (int)sizeof(oddCipher), ctr256Cipher },
  9867. /* Counter wrapping */
  9868. { ctr256Key, (int)sizeof(ctr256Key), ctrIvWrap128,
  9869. ctrPlain, (int)sizeof(ctr256Wrap128Cipher), ctr256Wrap128Cipher },
  9870. { ctr256Key, (int)sizeof(ctr256Key), ctrIvWrap128,
  9871. ctrPlain, (int)sizeof(ctr256Wrap128CipherLong),
  9872. ctr256Wrap128CipherLong },
  9873. #ifdef WOLFSSL_ARMASM
  9874. { ctr256Key, (int)sizeof(ctr256Key), ctrIvWrap128_2,
  9875. ctrPlain, (int)sizeof(ctr256Wrap128_2CipherLong),
  9876. ctr256Wrap128_2CipherLong },
  9877. { ctr256Key, (int)sizeof(ctr256Key), ctrIvWrap96,
  9878. ctrPlain, (int)sizeof(ctr256Wrap96Cipher), ctr256Wrap96Cipher },
  9879. { ctr256Key, (int)sizeof(ctr256Key), ctrIvWrap96,
  9880. ctrPlain, (int)sizeof(ctr256Wrap96CipherLong),
  9881. ctr256Wrap96CipherLong },
  9882. { ctr256Key, (int)sizeof(ctr256Key), ctrIvWrap96_2,
  9883. ctrPlain, (int)sizeof(ctr256Wrap96_2CipherLong),
  9884. ctr256Wrap96_2CipherLong },
  9885. { ctr256Key, (int)sizeof(ctr256Key), ctrIvWrap64,
  9886. ctrPlain, (int)sizeof(ctr256Wrap64Cipher), ctr256Wrap64Cipher },
  9887. { ctr256Key, (int)sizeof(ctr256Key), ctrIvWrap64,
  9888. ctrPlain, (int)sizeof(ctr256Wrap64CipherLong),
  9889. ctr256Wrap64CipherLong },
  9890. { ctr256Key, (int)sizeof(ctr256Key), ctrIvWrap64_2,
  9891. ctrPlain, (int)sizeof(ctr256Wrap64_2CipherLong),
  9892. ctr256Wrap64_2CipherLong },
  9893. { ctr256Key, (int)sizeof(ctr256Key), ctrIvWrap32,
  9894. ctrPlain, (int)sizeof(ctr256Wrap32Cipher), ctr256Wrap32Cipher },
  9895. { ctr256Key, (int)sizeof(ctr256Key), ctrIvWrap32,
  9896. ctrPlain, (int)sizeof(ctr256Wrap32CipherLong),
  9897. ctr256Wrap32CipherLong },
  9898. { ctr256Key, (int)sizeof(ctr256Key), ctrIvWrap32_2,
  9899. ctrPlain, (int)sizeof(ctr256Wrap32_2CipherLong),
  9900. ctr256Wrap32_2CipherLong },
  9901. #endif
  9902. #endif
  9903. };
  9904. #define AES_CTR_TEST_LEN (int)(sizeof(testVec) / sizeof(*testVec))
  9905. for (i = 0; i < AES_CTR_TEST_LEN; i++) {
  9906. if (testVec[i].key != NULL) {
  9907. ret = wc_AesSetKeyDirect(enc, testVec[i].key, testVec[i].keySz,
  9908. testVec[i].iv, AES_ENCRYPTION);
  9909. if (ret != 0) {
  9910. ERROR_OUT(WC_TEST_RET_ENC_I(i), out);
  9911. }
  9912. /* Ctr only uses encrypt, even on key setup */
  9913. ret = wc_AesSetKeyDirect(dec, testVec[i].key, testVec[i].keySz,
  9914. testVec[i].iv, AES_ENCRYPTION);
  9915. if (ret != 0) {
  9916. ERROR_OUT(WC_TEST_RET_ENC_I(i), out);
  9917. }
  9918. }
  9919. ret = wc_AesCtrEncrypt(enc, cipher, testVec[i].plain, testVec[i].len);
  9920. if (ret != 0) {
  9921. ERROR_OUT(WC_TEST_RET_ENC_I(i), out);
  9922. }
  9923. ret = wc_AesCtrEncrypt(dec, plain, cipher, testVec[i].len);
  9924. if (ret != 0) {
  9925. ERROR_OUT(WC_TEST_RET_ENC_I(i), out);
  9926. }
  9927. if (XMEMCMP(plain, ctrPlain, testVec[i].len)) {
  9928. ERROR_OUT(WC_TEST_RET_ENC_I(i), out);
  9929. }
  9930. #if !(FIPS_VERSION_EQ(2,0) && defined(WOLFSSL_ARMASM))
  9931. if (XMEMCMP(cipher, testVec[i].cipher, testVec[i].len)) {
  9932. ERROR_OUT(WC_TEST_RET_ENC_I(i), out);
  9933. }
  9934. #endif
  9935. }
  9936. #if defined(DEBUG_VECTOR_REGISTER_ACCESS) && defined(WC_AES_C_DYNAMIC_FALLBACK)
  9937. for (i = 0; i < AES_CTR_TEST_LEN; i++) {
  9938. if (testVec[i].key != NULL) {
  9939. ret = wc_AesSetKeyDirect(enc, testVec[i].key, testVec[i].keySz,
  9940. testVec[i].iv, AES_ENCRYPTION);
  9941. if (ret != 0) {
  9942. ERROR_OUT(WC_TEST_RET_ENC_I(i), out);
  9943. }
  9944. /* Ctr only uses encrypt, even on key setup */
  9945. ret = wc_AesSetKeyDirect(dec, testVec[i].key, testVec[i].keySz,
  9946. testVec[i].iv, AES_ENCRYPTION);
  9947. if (ret != 0) {
  9948. ERROR_OUT(WC_TEST_RET_ENC_I(i), out);
  9949. }
  9950. }
  9951. WC_DEBUG_SET_VECTOR_REGISTERS_RETVAL(SYSLIB_FAILED_E);
  9952. ret = wc_AesCtrEncrypt(enc, cipher, testVec[i].plain, testVec[i].len);
  9953. WC_DEBUG_SET_VECTOR_REGISTERS_RETVAL(0);
  9954. if (ret != 0) {
  9955. ERROR_OUT(WC_TEST_RET_ENC_I(i), out);
  9956. }
  9957. WC_DEBUG_SET_VECTOR_REGISTERS_RETVAL(SYSLIB_FAILED_E);
  9958. ret = wc_AesCtrEncrypt(dec, plain, cipher, testVec[i].len);
  9959. WC_DEBUG_SET_VECTOR_REGISTERS_RETVAL(0);
  9960. if (ret != 0) {
  9961. ERROR_OUT(WC_TEST_RET_ENC_I(i), out);
  9962. }
  9963. if (XMEMCMP(plain, ctrPlain, testVec[i].len)) {
  9964. ERROR_OUT(WC_TEST_RET_ENC_I(i), out);
  9965. }
  9966. #if !(FIPS_VERSION_EQ(2,0) && defined(WOLFSSL_ARMASM))
  9967. if (XMEMCMP(cipher, testVec[i].cipher, testVec[i].len)) {
  9968. ERROR_OUT(WC_TEST_RET_ENC_I(i), out);
  9969. }
  9970. #endif
  9971. }
  9972. for (i = 0; i < AES_CTR_TEST_LEN; i++) {
  9973. if (testVec[i].key != NULL) {
  9974. WC_DEBUG_SET_VECTOR_REGISTERS_RETVAL(SYSLIB_FAILED_E);
  9975. ret = wc_AesSetKeyDirect(enc, testVec[i].key, testVec[i].keySz,
  9976. testVec[i].iv, AES_ENCRYPTION);
  9977. WC_DEBUG_SET_VECTOR_REGISTERS_RETVAL(0);
  9978. if (ret != 0) {
  9979. ERROR_OUT(WC_TEST_RET_ENC_I(i), out);
  9980. }
  9981. /* Ctr only uses encrypt, even on key setup */
  9982. WC_DEBUG_SET_VECTOR_REGISTERS_RETVAL(SYSLIB_FAILED_E);
  9983. ret = wc_AesSetKeyDirect(dec, testVec[i].key, testVec[i].keySz,
  9984. testVec[i].iv, AES_ENCRYPTION);
  9985. WC_DEBUG_SET_VECTOR_REGISTERS_RETVAL(0);
  9986. if (ret != 0) {
  9987. ERROR_OUT(WC_TEST_RET_ENC_I(i), out);
  9988. }
  9989. }
  9990. ret = wc_AesCtrEncrypt(enc, cipher, testVec[i].plain, testVec[i].len);
  9991. if (ret != 0) {
  9992. ERROR_OUT(WC_TEST_RET_ENC_I(i), out);
  9993. }
  9994. ret = wc_AesCtrEncrypt(dec, plain, cipher, testVec[i].len);
  9995. if (ret != 0) {
  9996. ERROR_OUT(WC_TEST_RET_ENC_I(i), out);
  9997. }
  9998. if (XMEMCMP(plain, ctrPlain, testVec[i].len)) {
  9999. ERROR_OUT(WC_TEST_RET_ENC_I(i), out);
  10000. }
  10001. #if !(FIPS_VERSION_EQ(2,0) && defined(WOLFSSL_ARMASM))
  10002. if (XMEMCMP(cipher, testVec[i].cipher, testVec[i].len)) {
  10003. ERROR_OUT(WC_TEST_RET_ENC_I(i), out);
  10004. }
  10005. #endif
  10006. }
  10007. #endif /* DEBUG_VECTOR_REGISTER_ACCESS && WC_AES_C_DYNAMIC_FALLBACK */
  10008. out:
  10009. return ret;
  10010. }
  10011. #endif /* WOLFSSL_AES_COUNTER */
  10012. WOLFSSL_TEST_SUBROUTINE wc_test_ret_t aes_test(void)
  10013. {
  10014. #if defined(HAVE_AES_CBC) || defined(WOLFSSL_AES_COUNTER) || defined(WOLFSSL_AES_DIRECT)
  10015. #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
  10016. Aes *enc = (Aes *)XMALLOC(sizeof *enc, HEAP_HINT, DYNAMIC_TYPE_AES);
  10017. #else
  10018. Aes enc[1];
  10019. #endif
  10020. int enc_inited = 0;
  10021. byte cipher[AES_BLOCK_SIZE * 4];
  10022. #ifdef HAVE_AES_DECRYPT
  10023. #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
  10024. Aes *dec = (Aes *)XMALLOC(sizeof *dec, HEAP_HINT, DYNAMIC_TYPE_AES);
  10025. #else
  10026. Aes dec[1];
  10027. #endif
  10028. int dec_inited = 0;
  10029. byte plain [AES_BLOCK_SIZE * 4];
  10030. #endif /* HAVE_AES_DECRYPT */
  10031. #endif /* HAVE_AES_CBC || WOLFSSL_AES_COUNTER || WOLFSSL_AES_DIRECT */
  10032. wc_test_ret_t ret = 0;
  10033. #ifdef HAVE_AES_CBC
  10034. #ifdef WOLFSSL_AES_128
  10035. WOLFSSL_SMALL_STACK_STATIC const byte msg[] = { /* "Now is the time for all " w/o trailing 0 */
  10036. 0x6e,0x6f,0x77,0x20,0x69,0x73,0x20,0x74,
  10037. 0x68,0x65,0x20,0x74,0x69,0x6d,0x65,0x20,
  10038. 0x66,0x6f,0x72,0x20,0x61,0x6c,0x6c,0x20
  10039. };
  10040. WOLFSSL_SMALL_STACK_STATIC const byte verify[] =
  10041. {
  10042. 0x95,0x94,0x92,0x57,0x5f,0x42,0x81,0x53,
  10043. 0x2c,0xcc,0x9d,0x46,0x77,0xa2,0x33,0xcb
  10044. };
  10045. #ifdef HAVE_RENESAS_SYNC
  10046. const byte *key =
  10047. (byte*)guser_PKCbInfo.wrapped_key_aes128;
  10048. #else
  10049. WOLFSSL_SMALL_STACK_STATIC const
  10050. byte key[] = "0123456789abcdef "; /* align */
  10051. #endif
  10052. WOLFSSL_SMALL_STACK_STATIC const byte iv[] = "1234567890abcdef "; /* align */
  10053. #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
  10054. #if defined(HAVE_AES_CBC) || defined(WOLFSSL_AES_COUNTER) || defined(WOLFSSL_AES_DIRECT)
  10055. if (enc == NULL)
  10056. ERROR_OUT(WC_TEST_RET_ENC_ERRNO, out);
  10057. #endif
  10058. #if defined(HAVE_AES_DECRYPT) || defined(WOLFSSL_AES_COUNTER) || defined(WOLFSSL_AES_DIRECT)
  10059. if (dec == NULL)
  10060. ERROR_OUT(WC_TEST_RET_ENC_ERRNO, out);
  10061. #endif
  10062. #endif
  10063. ret = wc_AesInit(enc, HEAP_HINT, devId);
  10064. if (ret != 0)
  10065. ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
  10066. enc_inited = 1;
  10067. #if defined(HAVE_AES_DECRYPT) || defined(WOLFSSL_AES_COUNTER)
  10068. ret = wc_AesInit(dec, HEAP_HINT, devId);
  10069. if (ret != 0)
  10070. ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
  10071. dec_inited = 1;
  10072. #endif
  10073. ret = wc_AesSetKey(enc, key, AES_BLOCK_SIZE, iv, AES_ENCRYPTION);
  10074. if (ret != 0)
  10075. ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
  10076. #if defined(HAVE_AES_DECRYPT) || defined(WOLFSSL_AES_COUNTER)
  10077. ret = wc_AesSetKey(dec, key, AES_BLOCK_SIZE, iv, AES_DECRYPTION);
  10078. if (ret != 0)
  10079. ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
  10080. #endif
  10081. #ifdef HAVE_AES_ECB
  10082. {
  10083. WOLFSSL_SMALL_STACK_STATIC const byte verify_ecb[AES_BLOCK_SIZE] = {
  10084. 0xd0, 0xc9, 0xd9, 0xc9, 0x40, 0xe8, 0x97, 0xb6,
  10085. 0xc8, 0x8c, 0x33, 0x3b, 0xb5, 0x8f, 0x85, 0xd1
  10086. };
  10087. XMEMSET(cipher, 0, AES_BLOCK_SIZE * 4);
  10088. ret = wc_AesEcbEncrypt(enc, cipher, msg, AES_BLOCK_SIZE);
  10089. #if defined(WOLFSSL_ASYNC_CRYPT)
  10090. ret = wc_AsyncWait(ret, &enc->asyncDev, WC_ASYNC_FLAG_NONE);
  10091. #endif
  10092. if (ret != 0)
  10093. ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
  10094. if (XMEMCMP(cipher, verify_ecb, AES_BLOCK_SIZE))
  10095. ERROR_OUT(WC_TEST_RET_ENC_NC, out);
  10096. #ifdef HAVE_AES_DECRYPT
  10097. XMEMSET(plain, 0, AES_BLOCK_SIZE * 4);
  10098. ret = wc_AesEcbDecrypt(dec, plain, cipher, AES_BLOCK_SIZE);
  10099. #if defined(WOLFSSL_ASYNC_CRYPT)
  10100. ret = wc_AsyncWait(ret, &dec->asyncDev, WC_ASYNC_FLAG_NONE);
  10101. #endif
  10102. if (ret != 0)
  10103. ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
  10104. if (XMEMCMP(plain, msg, AES_BLOCK_SIZE))
  10105. ERROR_OUT(WC_TEST_RET_ENC_NC, out);
  10106. #endif /* HAVE_AES_DECRYPT */
  10107. }
  10108. #endif
  10109. XMEMSET(cipher, 0, AES_BLOCK_SIZE * 4);
  10110. ret = wc_AesCbcEncrypt(enc, cipher, msg, AES_BLOCK_SIZE);
  10111. #if defined(WOLFSSL_ASYNC_CRYPT)
  10112. ret = wc_AsyncWait(ret, &enc->asyncDev, WC_ASYNC_FLAG_NONE);
  10113. #endif
  10114. if (ret != 0)
  10115. ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
  10116. #ifdef HAVE_AES_DECRYPT
  10117. XMEMSET(plain, 0, AES_BLOCK_SIZE * 4);
  10118. ret = wc_AesCbcDecrypt(dec, plain, cipher, AES_BLOCK_SIZE);
  10119. #if defined(WOLFSSL_ASYNC_CRYPT)
  10120. ret = wc_AsyncWait(ret, &dec->asyncDev, WC_ASYNC_FLAG_NONE);
  10121. #endif
  10122. if (ret != 0)
  10123. ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
  10124. if (XMEMCMP(plain, msg, AES_BLOCK_SIZE))
  10125. ERROR_OUT(WC_TEST_RET_ENC_NC, out);
  10126. #endif /* HAVE_AES_DECRYPT */
  10127. /* skipped because wrapped key use in case of renesas sm */
  10128. #ifndef HAVE_RENESAS_SYNC
  10129. if (XMEMCMP(cipher, verify, AES_BLOCK_SIZE))
  10130. ERROR_OUT(WC_TEST_RET_ENC_NC, out);
  10131. #endif
  10132. #endif /* WOLFSSL_AES_128 */
  10133. #if defined(WOLFSSL_AESNI) && defined(HAVE_AES_DECRYPT)
  10134. {
  10135. WOLFSSL_SMALL_STACK_STATIC const byte bigMsg[] = {
  10136. /* "All work and no play makes Jack a dull boy. " */
  10137. 0x41,0x6c,0x6c,0x20,0x77,0x6f,0x72,0x6b,
  10138. 0x20,0x61,0x6e,0x64,0x20,0x6e,0x6f,0x20,
  10139. 0x70,0x6c,0x61,0x79,0x20,0x6d,0x61,0x6b,
  10140. 0x65,0x73,0x20,0x4a,0x61,0x63,0x6b,0x20,
  10141. 0x61,0x20,0x64,0x75,0x6c,0x6c,0x20,0x62,
  10142. 0x6f,0x79,0x2e,0x20,0x41,0x6c,0x6c,0x20,
  10143. 0x77,0x6f,0x72,0x6b,0x20,0x61,0x6e,0x64,
  10144. 0x20,0x6e,0x6f,0x20,0x70,0x6c,0x61,0x79,
  10145. 0x20,0x6d,0x61,0x6b,0x65,0x73,0x20,0x4a,
  10146. 0x61,0x63,0x6b,0x20,0x61,0x20,0x64,0x75,
  10147. 0x6c,0x6c,0x20,0x62,0x6f,0x79,0x2e,0x20,
  10148. 0x41,0x6c,0x6c,0x20,0x77,0x6f,0x72,0x6b,
  10149. 0x20,0x61,0x6e,0x64,0x20,0x6e,0x6f,0x20,
  10150. 0x70,0x6c,0x61,0x79,0x20,0x6d,0x61,0x6b,
  10151. 0x65,0x73,0x20,0x4a,0x61,0x63,0x6b,0x20,
  10152. 0x61,0x20,0x64,0x75,0x6c,0x6c,0x20,0x62,
  10153. 0x6f,0x79,0x2e,0x20,0x41,0x6c,0x6c,0x20,
  10154. 0x77,0x6f,0x72,0x6b,0x20,0x61,0x6e,0x64,
  10155. 0x20,0x6e,0x6f,0x20,0x70,0x6c,0x61,0x79,
  10156. 0x20,0x6d,0x61,0x6b,0x65,0x73,0x20,0x4a,
  10157. 0x61,0x63,0x6b,0x20,0x61,0x20,0x64,0x75,
  10158. 0x6c,0x6c,0x20,0x62,0x6f,0x79,0x2e,0x20,
  10159. 0x41,0x6c,0x6c,0x20,0x77,0x6f,0x72,0x6b,
  10160. 0x20,0x61,0x6e,0x64,0x20,0x6e,0x6f,0x20,
  10161. 0x70,0x6c,0x61,0x79,0x20,0x6d,0x61,0x6b,
  10162. 0x65,0x73,0x20,0x4a,0x61,0x63,0x6b,0x20,
  10163. 0x61,0x20,0x64,0x75,0x6c,0x6c,0x20,0x62,
  10164. 0x6f,0x79,0x2e,0x20,0x41,0x6c,0x6c,0x20,
  10165. 0x77,0x6f,0x72,0x6b,0x20,0x61,0x6e,0x64,
  10166. 0x20,0x6e,0x6f,0x20,0x70,0x6c,0x61,0x79,
  10167. 0x20,0x6d,0x61,0x6b,0x65,0x73,0x20,0x4a,
  10168. 0x61,0x63,0x6b,0x20,0x61,0x20,0x64,0x75,
  10169. 0x6c,0x6c,0x20,0x62,0x6f,0x79,0x2e,0x20,
  10170. 0x41,0x6c,0x6c,0x20,0x77,0x6f,0x72,0x6b,
  10171. 0x20,0x61,0x6e,0x64,0x20,0x6e,0x6f,0x20,
  10172. 0x70,0x6c,0x61,0x79,0x20,0x6d,0x61,0x6b,
  10173. 0x65,0x73,0x20,0x4a,0x61,0x63,0x6b,0x20,
  10174. 0x61,0x20,0x64,0x75,0x6c,0x6c,0x20,0x62,
  10175. 0x6f,0x79,0x2e,0x20,0x41,0x6c,0x6c,0x20,
  10176. 0x77,0x6f,0x72,0x6b,0x20,0x61,0x6e,0x64,
  10177. 0x20,0x6e,0x6f,0x20,0x70,0x6c,0x61,0x79,
  10178. 0x20,0x6d,0x61,0x6b,0x65,0x73,0x20,0x4a,
  10179. 0x61,0x63,0x6b,0x20,0x61,0x20,0x64,0x75,
  10180. 0x6c,0x6c,0x20,0x62,0x6f,0x79,0x2e,0x20,
  10181. 0x41,0x6c,0x6c,0x20,0x77,0x6f,0x72,0x6b,
  10182. 0x20,0x61,0x6e,0x64,0x20,0x6e,0x6f,0x20,
  10183. 0x70,0x6c,0x61,0x79,0x20,0x6d,0x61,0x6b,
  10184. 0x65,0x73,0x20,0x4a,0x61,0x63,0x6b,0x20
  10185. };
  10186. WOLFSSL_SMALL_STACK_STATIC const byte bigKey[] = "0123456789abcdeffedcba9876543210";
  10187. word32 keySz, msgSz;
  10188. #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
  10189. byte *bigCipher = (byte *)XMALLOC(sizeof(bigMsg), HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  10190. byte *bigPlain = (byte *)XMALLOC(sizeof(bigMsg), HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  10191. if ((bigCipher == NULL) ||
  10192. (bigPlain == NULL)) {
  10193. if (bigCipher != NULL)
  10194. XFREE(bigCipher, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  10195. ERROR_OUT(WC_TEST_RET_ENC_NC, out);
  10196. }
  10197. #else
  10198. byte bigCipher[sizeof(bigMsg)];
  10199. byte bigPlain[sizeof(bigMsg)];
  10200. #endif
  10201. /* Iterate from one AES_BLOCK_SIZE of bigMsg through the whole
  10202. * message by AES_BLOCK_SIZE for each size of AES key. */
  10203. for (keySz = 16; keySz <= 32; keySz += 8) {
  10204. for (msgSz = AES_BLOCK_SIZE;
  10205. msgSz <= sizeof(bigMsg);
  10206. msgSz += AES_BLOCK_SIZE) {
  10207. XMEMSET(bigCipher, 0, sizeof(bigMsg));
  10208. XMEMSET(bigPlain, 0, sizeof(bigMsg));
  10209. ret = wc_AesSetKey(enc, bigKey, keySz, iv, AES_ENCRYPTION);
  10210. if (ret != 0) {
  10211. ret = WC_TEST_RET_ENC_EC(ret);
  10212. break;
  10213. }
  10214. ret = wc_AesSetKey(dec, bigKey, keySz, iv, AES_DECRYPTION);
  10215. if (ret != 0) {
  10216. ret = WC_TEST_RET_ENC_EC(ret);
  10217. break;
  10218. }
  10219. ret = wc_AesCbcEncrypt(enc, bigCipher, bigMsg, msgSz);
  10220. #if defined(WOLFSSL_ASYNC_CRYPT)
  10221. ret = wc_AsyncWait(ret, &enc->asyncDev, WC_ASYNC_FLAG_NONE);
  10222. #endif
  10223. if (ret != 0) {
  10224. ret = WC_TEST_RET_ENC_EC(ret);
  10225. break;
  10226. }
  10227. ret = wc_AesCbcDecrypt(dec, bigPlain, bigCipher, msgSz);
  10228. #if defined(WOLFSSL_ASYNC_CRYPT)
  10229. ret = wc_AsyncWait(ret, &dec->asyncDev, WC_ASYNC_FLAG_NONE);
  10230. #endif
  10231. if (ret != 0) {
  10232. ret = WC_TEST_RET_ENC_EC(ret);
  10233. break;
  10234. }
  10235. if (XMEMCMP(bigPlain, bigMsg, msgSz)) {
  10236. ret = WC_TEST_RET_ENC_NC;
  10237. break;
  10238. }
  10239. }
  10240. if (ret != 0)
  10241. break;
  10242. }
  10243. #if defined(DEBUG_VECTOR_REGISTER_ACCESS) && defined(WC_AES_C_DYNAMIC_FALLBACK)
  10244. /* Iterate from one AES_BLOCK_SIZE of bigMsg through the whole
  10245. * message by AES_BLOCK_SIZE for each size of AES key. */
  10246. WC_DEBUG_SET_VECTOR_REGISTERS_RETVAL(SYSLIB_FAILED_E);
  10247. for (keySz = 16; keySz <= 32; keySz += 8) {
  10248. for (msgSz = AES_BLOCK_SIZE;
  10249. msgSz <= sizeof(bigMsg);
  10250. msgSz += AES_BLOCK_SIZE) {
  10251. XMEMSET(bigCipher, 0, sizeof(bigMsg));
  10252. XMEMSET(bigPlain, 0, sizeof(bigMsg));
  10253. ret = wc_AesSetKey(enc, bigKey, keySz, iv, AES_ENCRYPTION);
  10254. if (ret != 0) {
  10255. ret = WC_TEST_RET_ENC_EC(ret);
  10256. break;
  10257. }
  10258. ret = wc_AesSetKey(dec, bigKey, keySz, iv, AES_DECRYPTION);
  10259. if (ret != 0) {
  10260. ret = WC_TEST_RET_ENC_EC(ret);
  10261. break;
  10262. }
  10263. ret = wc_AesCbcEncrypt(enc, bigCipher, bigMsg, msgSz);
  10264. #if defined(WOLFSSL_ASYNC_CRYPT)
  10265. ret = wc_AsyncWait(ret, &enc->asyncDev, WC_ASYNC_FLAG_NONE);
  10266. #endif
  10267. if (ret != 0) {
  10268. ret = WC_TEST_RET_ENC_EC(ret);
  10269. break;
  10270. }
  10271. ret = wc_AesCbcDecrypt(dec, bigPlain, bigCipher, msgSz);
  10272. #if defined(WOLFSSL_ASYNC_CRYPT)
  10273. ret = wc_AsyncWait(ret, &dec->asyncDev, WC_ASYNC_FLAG_NONE);
  10274. #endif
  10275. if (ret != 0) {
  10276. ret = WC_TEST_RET_ENC_EC(ret);
  10277. break;
  10278. }
  10279. if (XMEMCMP(bigPlain, bigMsg, msgSz)) {
  10280. ret = WC_TEST_RET_ENC_NC;
  10281. break;
  10282. }
  10283. }
  10284. if (ret != 0)
  10285. break;
  10286. }
  10287. WC_DEBUG_SET_VECTOR_REGISTERS_RETVAL(0);
  10288. #endif /* DEBUG_VECTOR_REGISTER_ACCESS && WC_AES_C_DYNAMIC_FALLBACK */
  10289. #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
  10290. XFREE(bigCipher, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  10291. XFREE(bigPlain, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  10292. #endif
  10293. if (ret != 0)
  10294. goto out;
  10295. }
  10296. #endif /* WOLFSSL_AESNI && HAVE_AES_DECRYPT */
  10297. /* Test of AES IV state with encrypt/decrypt */
  10298. #if defined(WOLFSSL_AES_128) && !defined(HAVE_RENESAS_SYNC)
  10299. {
  10300. /* Test Vector from "NIST Special Publication 800-38A, 2001 Edition"
  10301. * https://nvlpubs.nist.gov/nistpubs/legacy/sp/nistspecialpublication800-38a.pdf
  10302. */
  10303. WOLFSSL_SMALL_STACK_STATIC const byte msg2[] =
  10304. {
  10305. 0x6b, 0xc1, 0xbe, 0xe2, 0x2e, 0x40, 0x9f, 0x96,
  10306. 0xe9, 0x3d, 0x7e, 0x11, 0x73, 0x93, 0x17, 0x2a,
  10307. 0xae, 0x2d, 0x8a, 0x57, 0x1e, 0x03, 0xac, 0x9c,
  10308. 0x9e, 0xb7, 0x6f, 0xac, 0x45, 0xaf, 0x8e, 0x51
  10309. };
  10310. WOLFSSL_SMALL_STACK_STATIC const byte verify2[] =
  10311. {
  10312. 0x76, 0x49, 0xab, 0xac, 0x81, 0x19, 0xb2, 0x46,
  10313. 0xce, 0xe9, 0x8e, 0x9b, 0x12, 0xe9, 0x19, 0x7d,
  10314. 0x50, 0x86, 0xcb, 0x9b, 0x50, 0x72, 0x19, 0xee,
  10315. 0x95, 0xdb, 0x11, 0x3a, 0x91, 0x76, 0x78, 0xb2
  10316. };
  10317. WOLFSSL_SMALL_STACK_STATIC const byte key2[] = {
  10318. 0x2b, 0x7e, 0x15, 0x16, 0x28, 0xae, 0xd2, 0xa6,
  10319. 0xab, 0xf7, 0x15, 0x88, 0x09, 0xcf, 0x4f, 0x3c
  10320. };
  10321. WOLFSSL_SMALL_STACK_STATIC const byte iv2[] = {
  10322. 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
  10323. 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f
  10324. };
  10325. ret = wc_AesSetKey(enc, key2, sizeof(key2), iv2, AES_ENCRYPTION);
  10326. if (ret != 0)
  10327. ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
  10328. XMEMSET(cipher, 0, AES_BLOCK_SIZE * 2);
  10329. ret = wc_AesCbcEncrypt(enc, cipher, msg2, AES_BLOCK_SIZE);
  10330. #if defined(WOLFSSL_ASYNC_CRYPT)
  10331. ret = wc_AsyncWait(ret, &enc->asyncDev, WC_ASYNC_FLAG_NONE);
  10332. #endif
  10333. if (ret != 0)
  10334. ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
  10335. #ifndef HAVE_RENESAS_SYNC
  10336. if (XMEMCMP(cipher, verify2, AES_BLOCK_SIZE))
  10337. ERROR_OUT(WC_TEST_RET_ENC_NC, out);
  10338. #endif
  10339. ret = wc_AesCbcEncrypt(enc, cipher + AES_BLOCK_SIZE,
  10340. msg2 + AES_BLOCK_SIZE, AES_BLOCK_SIZE);
  10341. #if defined(WOLFSSL_ASYNC_CRYPT)
  10342. ret = wc_AsyncWait(ret, &enc->asyncDev, WC_ASYNC_FLAG_NONE);
  10343. #endif
  10344. if (ret != 0)
  10345. ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
  10346. if (XMEMCMP(cipher + AES_BLOCK_SIZE, verify2 + AES_BLOCK_SIZE,
  10347. AES_BLOCK_SIZE))
  10348. ERROR_OUT(WC_TEST_RET_ENC_NC, out);
  10349. #if defined(HAVE_AES_DECRYPT)
  10350. ret = wc_AesSetKey(dec, key2, sizeof(key2), iv2, AES_DECRYPTION);
  10351. if (ret != 0)
  10352. ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
  10353. XMEMSET(plain, 0, AES_BLOCK_SIZE * 2);
  10354. ret = wc_AesCbcDecrypt(dec, plain, verify2, AES_BLOCK_SIZE);
  10355. #if defined(WOLFSSL_ASYNC_CRYPT)
  10356. ret = wc_AsyncWait(ret, &dec->asyncDev, WC_ASYNC_FLAG_NONE);
  10357. #endif
  10358. if (ret != 0)
  10359. ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
  10360. if (XMEMCMP(plain, msg2, AES_BLOCK_SIZE))
  10361. ERROR_OUT(WC_TEST_RET_ENC_NC, out);
  10362. ret = wc_AesCbcDecrypt(dec, plain + AES_BLOCK_SIZE,
  10363. verify2 + AES_BLOCK_SIZE, AES_BLOCK_SIZE);
  10364. #if defined(WOLFSSL_ASYNC_CRYPT)
  10365. ret = wc_AsyncWait(ret, &dec->asyncDev, WC_ASYNC_FLAG_NONE);
  10366. #endif
  10367. if (ret != 0)
  10368. ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
  10369. if (XMEMCMP(plain + AES_BLOCK_SIZE, msg2 + AES_BLOCK_SIZE,
  10370. AES_BLOCK_SIZE))
  10371. ERROR_OUT(WC_TEST_RET_ENC_NC, out);
  10372. #endif /* HAVE_AES_DECRYPT */
  10373. }
  10374. #endif /* WOLFSSL_AES_128 && !HAVE_RENESAS_SYNC */
  10375. #endif /* HAVE_AES_CBC */
  10376. #ifdef WOLFSSL_AES_COUNTER
  10377. ret = aesctr_test(enc, dec, cipher, plain);
  10378. if (ret != 0)
  10379. return ret;
  10380. #endif
  10381. #if defined(WOLFSSL_AES_DIRECT) && defined(WOLFSSL_AES_256)
  10382. {
  10383. WOLFSSL_SMALL_STACK_STATIC const byte niPlain[] =
  10384. {
  10385. 0x6b,0xc1,0xbe,0xe2,0x2e,0x40,0x9f,0x96,
  10386. 0xe9,0x3d,0x7e,0x11,0x73,0x93,0x17,0x2a
  10387. };
  10388. WOLFSSL_SMALL_STACK_STATIC const byte niCipher[] =
  10389. {
  10390. 0xf3,0xee,0xd1,0xbd,0xb5,0xd2,0xa0,0x3c,
  10391. 0x06,0x4b,0x5a,0x7e,0x3d,0xb1,0x81,0xf8
  10392. };
  10393. WOLFSSL_SMALL_STACK_STATIC const byte niKey[] =
  10394. {
  10395. 0x60,0x3d,0xeb,0x10,0x15,0xca,0x71,0xbe,
  10396. 0x2b,0x73,0xae,0xf0,0x85,0x7d,0x77,0x81,
  10397. 0x1f,0x35,0x2c,0x07,0x3b,0x61,0x08,0xd7,
  10398. 0x2d,0x98,0x10,0xa3,0x09,0x14,0xdf,0xf4
  10399. };
  10400. XMEMSET(cipher, 0, AES_BLOCK_SIZE);
  10401. ret = wc_AesSetKey(enc, niKey, sizeof(niKey), cipher, AES_ENCRYPTION);
  10402. if (ret != 0)
  10403. ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
  10404. #if !defined(HAVE_SELFTEST) && \
  10405. (defined(WOLFSSL_LINUXKM) || \
  10406. !defined(HAVE_FIPS) || \
  10407. (defined(FIPS_VERSION_GE) && FIPS_VERSION_GE(5,3)))
  10408. ret = wc_AesEncryptDirect(enc, cipher, niPlain);
  10409. if (ret != 0)
  10410. ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
  10411. #else
  10412. wc_AesEncryptDirect(enc, cipher, niPlain);
  10413. #endif
  10414. if (XMEMCMP(cipher, niCipher, AES_BLOCK_SIZE) != 0)
  10415. ERROR_OUT(WC_TEST_RET_ENC_NC, out);
  10416. XMEMSET(plain, 0, AES_BLOCK_SIZE);
  10417. ret = wc_AesSetKey(dec, niKey, sizeof(niKey), plain, AES_DECRYPTION);
  10418. if (ret != 0)
  10419. ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
  10420. #if !defined(HAVE_SELFTEST) && \
  10421. (defined(WOLFSSL_LINUXKM) || \
  10422. !defined(HAVE_FIPS) || \
  10423. (defined(FIPS_VERSION_GE) && FIPS_VERSION_GE(5,3)))
  10424. ret = wc_AesDecryptDirect(dec, plain, niCipher);
  10425. if (ret != 0)
  10426. ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
  10427. #else
  10428. wc_AesDecryptDirect(dec, plain, niCipher);
  10429. #endif
  10430. if (XMEMCMP(plain, niPlain, AES_BLOCK_SIZE) != 0)
  10431. ERROR_OUT(WC_TEST_RET_ENC_NC, out);
  10432. }
  10433. #endif /* WOLFSSL_AES_DIRECT && WOLFSSL_AES_256 */
  10434. #ifndef HAVE_RENESAS_SYNC
  10435. ret = aes_key_size_test();
  10436. if (ret != 0)
  10437. goto out;
  10438. #endif
  10439. #if defined(HAVE_AES_CBC) && defined(WOLFSSL_AES_128) && \
  10440. !defined(HAVE_RENESAS_SYNC)
  10441. ret = aes_cbc_test();
  10442. if (ret != 0)
  10443. goto out;
  10444. #endif
  10445. #if defined(HAVE_AES_ECB) && !defined(HAVE_FIPS) && !defined(HAVE_SELFTEST)
  10446. ret = aesecb_test();
  10447. if (ret != 0)
  10448. goto out;
  10449. #endif
  10450. out:
  10451. #if defined(HAVE_AES_CBC) || defined(WOLFSSL_AES_COUNTER) || defined(WOLFSSL_AES_DIRECT)
  10452. #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
  10453. if (enc) {
  10454. if (enc_inited)
  10455. wc_AesFree(enc);
  10456. XFREE(enc, HEAP_HINT, DYNAMIC_TYPE_AES);
  10457. }
  10458. #else
  10459. if (enc_inited)
  10460. wc_AesFree(enc);
  10461. #endif
  10462. (void)cipher;
  10463. #ifdef HAVE_AES_DECRYPT
  10464. #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
  10465. if (dec) {
  10466. if (dec_inited)
  10467. wc_AesFree(dec);
  10468. XFREE(dec, HEAP_HINT, DYNAMIC_TYPE_AES);
  10469. }
  10470. #else
  10471. if (dec_inited)
  10472. wc_AesFree(dec);
  10473. #endif
  10474. (void)plain;
  10475. #endif /* HAVE_AES_DECRYPT */
  10476. #endif /* HAVE_AES_CBC || WOLFSSL_AES_COUNTER || WOLFSSL_AES_DIRECT */
  10477. return ret;
  10478. }
  10479. #if defined(WOLFSSL_AES_CFB)
  10480. WOLFSSL_TEST_SUBROUTINE wc_test_ret_t aes_cfb_test(void)
  10481. {
  10482. int ret;
  10483. ret = aescfb_test_0();
  10484. if (ret != 0)
  10485. return ret;
  10486. #if !defined(HAVE_SELFTEST) && !defined(HAVE_FIPS)
  10487. ret = aescfb1_test();
  10488. if (ret != 0)
  10489. return ret;
  10490. ret = aescfb8_test();
  10491. if (ret != 0)
  10492. return ret;
  10493. #endif
  10494. return 0;
  10495. }
  10496. #endif
  10497. #if defined(WOLFSSL_AES_XTS)
  10498. WOLFSSL_TEST_SUBROUTINE wc_test_ret_t aes_xts_test(void)
  10499. {
  10500. int ret = 0;
  10501. #ifdef WOLFSSL_AES_128
  10502. ret = aes_xts_128_test();
  10503. if (ret != 0)
  10504. return ret;
  10505. #endif
  10506. #ifdef WOLFSSL_AES_256
  10507. ret = aes_xts_256_test();
  10508. if (ret != 0)
  10509. return ret;
  10510. #endif
  10511. #if defined(WOLFSSL_AES_128) && defined(WOLFSSL_AES_256)
  10512. ret = aes_xts_sector_test();
  10513. if (ret != 0)
  10514. return ret;
  10515. #endif
  10516. #ifdef WOLFSSL_AES_128
  10517. ret = aes_xts_args_test();
  10518. if (ret != 0)
  10519. return ret;
  10520. #endif
  10521. return 0;
  10522. }
  10523. #endif
  10524. #ifdef WOLFSSL_AES_192
  10525. WOLFSSL_TEST_SUBROUTINE wc_test_ret_t aes192_test(void)
  10526. {
  10527. #ifdef HAVE_AES_CBC
  10528. #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
  10529. Aes *enc = NULL;
  10530. #else
  10531. Aes enc[1];
  10532. #endif
  10533. int enc_inited = 0;
  10534. byte cipher[AES_BLOCK_SIZE];
  10535. #ifdef HAVE_AES_DECRYPT
  10536. #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
  10537. Aes *dec = NULL;
  10538. #else
  10539. Aes dec[1];
  10540. #endif
  10541. int dec_inited = 0;
  10542. byte plain[AES_BLOCK_SIZE];
  10543. #endif
  10544. #endif /* HAVE_AES_CBC */
  10545. wc_test_ret_t ret = 0;
  10546. #ifdef HAVE_AES_CBC
  10547. /* Test vectors from NIST Special Publication 800-38A, 2001 Edition
  10548. * Appendix F.2.3 */
  10549. WOLFSSL_SMALL_STACK_STATIC const byte msg[] = {
  10550. 0x6b,0xc1,0xbe,0xe2,0x2e,0x40,0x9f,0x96,
  10551. 0xe9,0x3d,0x7e,0x11,0x73,0x93,0x17,0x2a
  10552. };
  10553. WOLFSSL_SMALL_STACK_STATIC const byte verify[] =
  10554. {
  10555. 0x4f,0x02,0x1d,0xb2,0x43,0xbc,0x63,0x3d,
  10556. 0x71,0x78,0x18,0x3a,0x9f,0xa0,0x71,0xe8
  10557. };
  10558. WOLFSSL_SMALL_STACK_STATIC const byte key[] = {
  10559. 0x8e,0x73,0xb0,0xf7,0xda,0x0e,0x64,0x52,
  10560. 0xc8,0x10,0xf3,0x2b,0x80,0x90,0x79,0xe5,
  10561. 0x62,0xf8,0xea,0xd2,0x52,0x2c,0x6b,0x7b
  10562. };
  10563. WOLFSSL_SMALL_STACK_STATIC const byte iv[] = {
  10564. 0x00,0x01,0x02,0x03,0x04,0x05,0x06,0x07,
  10565. 0x08,0x09,0x0A,0x0B,0x0C,0x0D,0x0E,0x0F
  10566. };
  10567. #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
  10568. if ((enc = (Aes *)XMALLOC(sizeof *enc, HEAP_HINT, DYNAMIC_TYPE_AES)) == NULL)
  10569. ERROR_OUT(WC_TEST_RET_ENC_ERRNO, out);
  10570. #ifdef HAVE_AES_DECRYPT
  10571. if ((dec = (Aes *)XMALLOC(sizeof *dec, HEAP_HINT, DYNAMIC_TYPE_AES)) == NULL)
  10572. ERROR_OUT(WC_TEST_RET_ENC_ERRNO, out);
  10573. #endif
  10574. #endif
  10575. ret = wc_AesInit(enc, HEAP_HINT, devId);
  10576. if (ret != 0)
  10577. ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
  10578. enc_inited = 1;
  10579. #ifdef HAVE_AES_DECRYPT
  10580. ret = wc_AesInit(dec, HEAP_HINT, devId);
  10581. if (ret != 0)
  10582. ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
  10583. #endif
  10584. dec_inited = 1;
  10585. ret = wc_AesSetKey(enc, key, (int) sizeof(key), iv, AES_ENCRYPTION);
  10586. if (ret != 0)
  10587. ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
  10588. #ifdef HAVE_AES_DECRYPT
  10589. ret = wc_AesSetKey(dec, key, (int) sizeof(key), iv, AES_DECRYPTION);
  10590. if (ret != 0)
  10591. ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
  10592. #endif
  10593. XMEMSET(cipher, 0, AES_BLOCK_SIZE);
  10594. ret = wc_AesCbcEncrypt(enc, cipher, msg, (int) sizeof(msg));
  10595. #if defined(WOLFSSL_ASYNC_CRYPT)
  10596. ret = wc_AsyncWait(ret, &enc->asyncDev, WC_ASYNC_FLAG_NONE);
  10597. #endif
  10598. if (ret != 0)
  10599. ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
  10600. if (XMEMCMP(cipher, verify, (int) sizeof(cipher)))
  10601. ERROR_OUT(WC_TEST_RET_ENC_NC, out);
  10602. #ifdef HAVE_AES_DECRYPT
  10603. XMEMSET(plain, 0, AES_BLOCK_SIZE);
  10604. ret = wc_AesCbcDecrypt(dec, plain, cipher, (int) sizeof(cipher));
  10605. #if defined(WOLFSSL_ASYNC_CRYPT)
  10606. ret = wc_AsyncWait(ret, &dec->asyncDev, WC_ASYNC_FLAG_NONE);
  10607. #endif
  10608. if (ret != 0)
  10609. ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
  10610. if (XMEMCMP(plain, msg, (int) sizeof(plain))) {
  10611. ERROR_OUT(WC_TEST_RET_ENC_NC, out);
  10612. }
  10613. #endif
  10614. out:
  10615. #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
  10616. if (enc) {
  10617. if (enc_inited)
  10618. wc_AesFree(enc);
  10619. XFREE(enc, HEAP_HINT, DYNAMIC_TYPE_AES);
  10620. }
  10621. #ifdef HAVE_AES_DECRYPT
  10622. if (dec) {
  10623. if (dec_inited)
  10624. wc_AesFree(dec);
  10625. XFREE(dec, HEAP_HINT, DYNAMIC_TYPE_AES);
  10626. }
  10627. #endif
  10628. #else /* !WOLFSSL_SMALL_STACK || WOLFSSL_NO_MALLOC */
  10629. if (enc_inited)
  10630. wc_AesFree(enc);
  10631. if (dec_inited)
  10632. wc_AesFree(dec);
  10633. #endif
  10634. #endif /* HAVE_AES_CBC */
  10635. return ret;
  10636. }
  10637. #endif /* WOLFSSL_AES_192 */
  10638. #ifdef WOLFSSL_AES_256
  10639. WOLFSSL_TEST_SUBROUTINE wc_test_ret_t aes256_test(void)
  10640. {
  10641. #ifdef HAVE_AES_CBC
  10642. #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
  10643. Aes *enc = NULL;
  10644. #else
  10645. Aes enc[1];
  10646. #endif
  10647. int enc_inited = 0;
  10648. byte cipher[AES_BLOCK_SIZE];
  10649. #ifdef HAVE_AES_DECRYPT
  10650. #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
  10651. Aes *dec = NULL;
  10652. #else
  10653. Aes dec[1];
  10654. #endif
  10655. int dec_inited = 0;
  10656. byte plain[AES_BLOCK_SIZE];
  10657. #endif
  10658. #endif /* HAVE_AES_CBC */
  10659. wc_test_ret_t ret = 0;
  10660. #ifdef HAVE_AES_CBC
  10661. /* Test vectors from NIST Special Publication 800-38A, 2001 Edition,
  10662. * Appendix F.2.5 */
  10663. WOLFSSL_SMALL_STACK_STATIC const byte msg[] = {
  10664. 0x6b,0xc1,0xbe,0xe2,0x2e,0x40,0x9f,0x96,
  10665. 0xe9,0x3d,0x7e,0x11,0x73,0x93,0x17,0x2a
  10666. };
  10667. WOLFSSL_SMALL_STACK_STATIC const byte verify[] =
  10668. {
  10669. 0xf5,0x8c,0x4c,0x04,0xd6,0xe5,0xf1,0xba,
  10670. 0x77,0x9e,0xab,0xfb,0x5f,0x7b,0xfb,0xd6
  10671. };
  10672. #ifdef HAVE_RENESAS_SYNC
  10673. byte *key =
  10674. (byte*)guser_PKCbInfo.wrapped_key_aes256;
  10675. int keySz = (256/8);
  10676. #else
  10677. WOLFSSL_SMALL_STACK_STATIC const byte key[] = {
  10678. 0x60,0x3d,0xeb,0x10,0x15,0xca,0x71,0xbe,
  10679. 0x2b,0x73,0xae,0xf0,0x85,0x7d,0x77,0x81,
  10680. 0x1f,0x35,0x2c,0x07,0x3b,0x61,0x08,0xd7,
  10681. 0x2d,0x98,0x10,0xa3,0x09,0x14,0xdf,0xf4
  10682. };
  10683. int keySz = (int)sizeof(key);
  10684. #endif
  10685. WOLFSSL_SMALL_STACK_STATIC const byte iv[] = {
  10686. 0x00,0x01,0x02,0x03,0x04,0x05,0x06,0x07,
  10687. 0x08,0x09,0x0A,0x0B,0x0C,0x0D,0x0E,0x0F
  10688. };
  10689. #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
  10690. if ((enc = (Aes *)XMALLOC(sizeof *enc, HEAP_HINT, DYNAMIC_TYPE_AES)) == NULL)
  10691. ERROR_OUT(WC_TEST_RET_ENC_ERRNO, out);
  10692. #ifdef HAVE_AES_DECRYPT
  10693. if ((dec = (Aes *)XMALLOC(sizeof *dec, HEAP_HINT, DYNAMIC_TYPE_AES)) == NULL)
  10694. ERROR_OUT(WC_TEST_RET_ENC_ERRNO, out);
  10695. #endif
  10696. #endif
  10697. ret = wc_AesInit(enc, HEAP_HINT, devId);
  10698. if (ret != 0)
  10699. ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
  10700. enc_inited = 1;
  10701. #ifdef HAVE_AES_DECRYPT
  10702. ret = wc_AesInit(dec, HEAP_HINT, devId);
  10703. if (ret != 0)
  10704. ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
  10705. #endif
  10706. dec_inited = 1;
  10707. ret = wc_AesSetKey(enc, key, keySz, iv, AES_ENCRYPTION);
  10708. if (ret != 0)
  10709. ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
  10710. #ifdef HAVE_AES_DECRYPT
  10711. ret = wc_AesSetKey(dec, key, keySz, iv, AES_DECRYPTION);
  10712. if (ret != 0)
  10713. ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
  10714. #endif
  10715. XMEMSET(cipher, 0, AES_BLOCK_SIZE);
  10716. ret = wc_AesCbcEncrypt(enc, cipher, msg, (int) sizeof(msg));
  10717. #if defined(WOLFSSL_ASYNC_CRYPT)
  10718. ret = wc_AsyncWait(ret, &enc->asyncDev, WC_ASYNC_FLAG_NONE);
  10719. #endif
  10720. if (ret != 0)
  10721. ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
  10722. #ifdef HAVE_AES_DECRYPT
  10723. XMEMSET(plain, 0, AES_BLOCK_SIZE);
  10724. ret = wc_AesCbcDecrypt(dec, plain, cipher, (int) sizeof(cipher));
  10725. #if defined(WOLFSSL_ASYNC_CRYPT)
  10726. ret = wc_AsyncWait(ret, &dec->asyncDev, WC_ASYNC_FLAG_NONE);
  10727. #endif
  10728. if (ret != 0)
  10729. ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
  10730. if (XMEMCMP(plain, msg, (int) sizeof(plain))) {
  10731. ERROR_OUT(WC_TEST_RET_ENC_NC, out);
  10732. }
  10733. #endif
  10734. #ifndef HAVE_RENESAS_SYNC
  10735. if (XMEMCMP(cipher, verify, (int) sizeof(cipher)))
  10736. ERROR_OUT(WC_TEST_RET_ENC_NC, out);
  10737. #endif
  10738. #if defined(DEBUG_VECTOR_REGISTER_ACCESS) && defined(WC_AES_C_DYNAMIC_FALLBACK)
  10739. ret = wc_AesSetKey(enc, key, keySz, iv, AES_ENCRYPTION);
  10740. if (ret != 0)
  10741. ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
  10742. #ifdef HAVE_AES_DECRYPT
  10743. ret = wc_AesSetKey(dec, key, keySz, iv, AES_DECRYPTION);
  10744. if (ret != 0)
  10745. ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
  10746. #endif
  10747. XMEMSET(cipher, 0, AES_BLOCK_SIZE);
  10748. WC_DEBUG_SET_VECTOR_REGISTERS_RETVAL(SYSLIB_FAILED_E);
  10749. ret = wc_AesCbcEncrypt(enc, cipher, msg, (int) sizeof(msg));
  10750. #if defined(WOLFSSL_ASYNC_CRYPT)
  10751. ret = wc_AsyncWait(ret, &enc->asyncDev, WC_ASYNC_FLAG_NONE);
  10752. #endif
  10753. WC_DEBUG_SET_VECTOR_REGISTERS_RETVAL(0);
  10754. if (ret != 0)
  10755. ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
  10756. #ifdef HAVE_AES_DECRYPT
  10757. XMEMSET(plain, 0, AES_BLOCK_SIZE);
  10758. WC_DEBUG_SET_VECTOR_REGISTERS_RETVAL(SYSLIB_FAILED_E);
  10759. ret = wc_AesCbcDecrypt(dec, plain, cipher, (int) sizeof(cipher));
  10760. #if defined(WOLFSSL_ASYNC_CRYPT)
  10761. ret = wc_AsyncWait(ret, &dec->asyncDev, WC_ASYNC_FLAG_NONE);
  10762. #endif
  10763. WC_DEBUG_SET_VECTOR_REGISTERS_RETVAL(0);
  10764. if (ret != 0)
  10765. ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
  10766. if (XMEMCMP(plain, msg, (int) sizeof(plain))) {
  10767. ERROR_OUT(WC_TEST_RET_ENC_NC, out);
  10768. }
  10769. #endif
  10770. #ifndef HAVE_RENESAS_SYNC
  10771. if (XMEMCMP(cipher, verify, (int) sizeof(cipher)))
  10772. ERROR_OUT(WC_TEST_RET_ENC_NC, out);
  10773. #endif
  10774. WC_DEBUG_SET_VECTOR_REGISTERS_RETVAL(SYSLIB_FAILED_E);
  10775. ret = wc_AesSetKey(enc, key, keySz, iv, AES_ENCRYPTION);
  10776. WC_DEBUG_SET_VECTOR_REGISTERS_RETVAL(0);
  10777. if (ret != 0)
  10778. ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
  10779. #ifdef HAVE_AES_DECRYPT
  10780. WC_DEBUG_SET_VECTOR_REGISTERS_RETVAL(SYSLIB_FAILED_E);
  10781. ret = wc_AesSetKey(dec, key, keySz, iv, AES_DECRYPTION);
  10782. WC_DEBUG_SET_VECTOR_REGISTERS_RETVAL(0);
  10783. if (ret != 0)
  10784. ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
  10785. #endif
  10786. XMEMSET(cipher, 0, AES_BLOCK_SIZE);
  10787. ret = wc_AesCbcEncrypt(enc, cipher, msg, (int) sizeof(msg));
  10788. #if defined(WOLFSSL_ASYNC_CRYPT)
  10789. ret = wc_AsyncWait(ret, &enc->asyncDev, WC_ASYNC_FLAG_NONE);
  10790. #endif
  10791. if (ret != 0)
  10792. ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
  10793. #ifdef HAVE_AES_DECRYPT
  10794. XMEMSET(plain, 0, AES_BLOCK_SIZE);
  10795. ret = wc_AesCbcDecrypt(dec, plain, cipher, (int) sizeof(cipher));
  10796. #if defined(WOLFSSL_ASYNC_CRYPT)
  10797. ret = wc_AsyncWait(ret, &dec->asyncDev, WC_ASYNC_FLAG_NONE);
  10798. #endif
  10799. if (ret != 0)
  10800. ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
  10801. if (XMEMCMP(plain, msg, (int) sizeof(plain))) {
  10802. ERROR_OUT(WC_TEST_RET_ENC_NC, out);
  10803. }
  10804. #endif
  10805. #ifndef HAVE_RENESAS_SYNC
  10806. if (XMEMCMP(cipher, verify, (int) sizeof(cipher)))
  10807. ERROR_OUT(WC_TEST_RET_ENC_NC, out);
  10808. #endif
  10809. #endif /* DEBUG_VECTOR_REGISTER_ACCESS && WC_AES_C_DYNAMIC_FALLBACK */
  10810. out:
  10811. #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
  10812. if (enc) {
  10813. if (enc_inited)
  10814. wc_AesFree(enc);
  10815. XFREE(enc, HEAP_HINT, DYNAMIC_TYPE_AES);
  10816. }
  10817. #ifdef HAVE_AES_DECRYPT
  10818. if (dec) {
  10819. if (dec_inited)
  10820. wc_AesFree(dec);
  10821. XFREE(dec, HEAP_HINT, DYNAMIC_TYPE_AES);
  10822. }
  10823. #endif
  10824. #else /* !WOLFSSL_SMALL_STACK || WOLFSSL_NO_MALLOC */
  10825. if (enc_inited)
  10826. wc_AesFree(enc);
  10827. if (dec_inited)
  10828. wc_AesFree(dec);
  10829. #endif
  10830. #endif /* HAVE_AES_CBC */
  10831. return ret;
  10832. }
  10833. #endif /* WOLFSSL_AES_256 */
  10834. #ifdef HAVE_AESGCM
  10835. #ifdef WOLFSSL_AES_128
  10836. static wc_test_ret_t aesgcm_default_test_helper(byte* key, int keySz, byte* iv, int ivSz,
  10837. byte* plain, int plainSz, byte* cipher, int cipherSz,
  10838. byte* aad, int aadSz, byte* tag, int tagSz)
  10839. {
  10840. wc_test_ret_t ret;
  10841. int enc_inited = 0, dec_inited = 0;
  10842. #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
  10843. Aes *enc = NULL;
  10844. Aes *dec = NULL;
  10845. #else
  10846. Aes enc[1];
  10847. Aes dec[1];
  10848. #endif
  10849. byte resultT[AES_BLOCK_SIZE];
  10850. byte resultP[AES_BLOCK_SIZE * 3];
  10851. byte resultC[AES_BLOCK_SIZE * 3];
  10852. #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
  10853. if ((enc = (Aes *)XMALLOC(sizeof *enc, HEAP_HINT, DYNAMIC_TYPE_AES)) == NULL)
  10854. ERROR_OUT(WC_TEST_RET_ENC_ERRNO, out);
  10855. if ((dec = (Aes *)XMALLOC(sizeof *dec, HEAP_HINT, DYNAMIC_TYPE_AES)) == NULL)
  10856. ERROR_OUT(WC_TEST_RET_ENC_ERRNO, out);
  10857. #endif
  10858. XMEMSET(resultT, 0, sizeof(resultT));
  10859. XMEMSET(resultC, 0, sizeof(resultC));
  10860. XMEMSET(resultP, 0, sizeof(resultP));
  10861. ret = wc_AesInit(enc, HEAP_HINT, devId);
  10862. if (ret != 0)
  10863. ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
  10864. else
  10865. enc_inited = 1;
  10866. ret = wc_AesInit(dec, HEAP_HINT, devId);
  10867. if (ret != 0)
  10868. ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
  10869. else
  10870. dec_inited = 1;
  10871. ret = wc_AesGcmSetKey(enc, key, keySz);
  10872. if (ret != 0)
  10873. ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
  10874. /* AES-GCM encrypt and decrypt both use AES encrypt internally */
  10875. ret = wc_AesGcmEncrypt(enc, resultC, plain, plainSz, iv, ivSz,
  10876. resultT, tagSz, aad, aadSz);
  10877. #if defined(WOLFSSL_ASYNC_CRYPT)
  10878. ret = wc_AsyncWait(ret, &enc->asyncDev, WC_ASYNC_FLAG_NONE);
  10879. #endif
  10880. if (ret != 0)
  10881. ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
  10882. if (cipher != NULL) {
  10883. if (XMEMCMP(cipher, resultC, cipherSz))
  10884. ERROR_OUT(WC_TEST_RET_ENC_NC, out);
  10885. }
  10886. if (XMEMCMP(tag, resultT, tagSz))
  10887. ERROR_OUT(WC_TEST_RET_ENC_NC, out);
  10888. #if defined(DEBUG_VECTOR_REGISTER_ACCESS) && defined(WC_AES_C_DYNAMIC_FALLBACK)
  10889. WC_DEBUG_SET_VECTOR_REGISTERS_RETVAL(SYSLIB_FAILED_E);
  10890. ret = wc_AesGcmEncrypt(enc, resultC, plain, plainSz, iv, ivSz,
  10891. resultT, tagSz, aad, aadSz);
  10892. #if defined(WOLFSSL_ASYNC_CRYPT)
  10893. ret = wc_AsyncWait(ret, &enc->asyncDev, WC_ASYNC_FLAG_NONE);
  10894. #endif
  10895. WC_DEBUG_SET_VECTOR_REGISTERS_RETVAL(0);
  10896. if (ret != 0)
  10897. ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
  10898. if (cipher != NULL) {
  10899. if (XMEMCMP(cipher, resultC, cipherSz))
  10900. ERROR_OUT(WC_TEST_RET_ENC_NC, out);
  10901. }
  10902. if (XMEMCMP(tag, resultT, tagSz))
  10903. ERROR_OUT(WC_TEST_RET_ENC_NC, out);
  10904. #endif
  10905. #ifdef HAVE_AES_DECRYPT
  10906. ret = wc_AesGcmSetKey(dec, key, keySz);
  10907. if (ret != 0)
  10908. ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
  10909. ret = wc_AesGcmDecrypt(dec, resultP, resultC, cipherSz,
  10910. iv, ivSz, resultT, tagSz, aad, aadSz);
  10911. #if defined(WOLFSSL_ASYNC_CRYPT)
  10912. ret = wc_AsyncWait(ret, &dec->asyncDev, WC_ASYNC_FLAG_NONE);
  10913. #endif
  10914. if (ret != 0)
  10915. ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
  10916. if (plain != NULL) {
  10917. if (XMEMCMP(plain, resultP, plainSz))
  10918. ERROR_OUT(WC_TEST_RET_ENC_NC, out);
  10919. }
  10920. #if defined(DEBUG_VECTOR_REGISTER_ACCESS) && defined(WC_AES_C_DYNAMIC_FALLBACK)
  10921. WC_DEBUG_SET_VECTOR_REGISTERS_RETVAL(SYSLIB_FAILED_E);
  10922. ret = wc_AesGcmDecrypt(dec, resultP, resultC, cipherSz,
  10923. iv, ivSz, resultT, tagSz, aad, aadSz);
  10924. #if defined(WOLFSSL_ASYNC_CRYPT)
  10925. ret = wc_AsyncWait(ret, &dec->asyncDev, WC_ASYNC_FLAG_NONE);
  10926. #endif
  10927. WC_DEBUG_SET_VECTOR_REGISTERS_RETVAL(0);
  10928. if (ret != 0)
  10929. ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
  10930. if (plain != NULL) {
  10931. if (XMEMCMP(plain, resultP, plainSz))
  10932. ERROR_OUT(WC_TEST_RET_ENC_NC, out);
  10933. }
  10934. #endif
  10935. #endif /* HAVE_AES_DECRYPT */
  10936. ret = 0;
  10937. out:
  10938. #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
  10939. if (enc) {
  10940. if (enc_inited)
  10941. wc_AesFree(enc);
  10942. XFREE(enc, HEAP_HINT, DYNAMIC_TYPE_AES);
  10943. }
  10944. if (dec) {
  10945. if (dec_inited)
  10946. wc_AesFree(dec);
  10947. XFREE(dec, HEAP_HINT, DYNAMIC_TYPE_AES);
  10948. }
  10949. #else /* !WOLFSSL_SMALL_STACK || WOLFSSL_NO_MALLOC */
  10950. if (enc_inited)
  10951. wc_AesFree(enc);
  10952. if (dec_inited)
  10953. wc_AesFree(dec);
  10954. #endif
  10955. return ret;
  10956. }
  10957. #endif
  10958. /* tests that only use 12 byte IV and 16 or less byte AAD
  10959. * test vectors are from NIST SP 800-38D
  10960. * https://csrc.nist.gov/Projects/Cryptographic-Algorithm-Validation-Program/CAVP-TESTING-BLOCK-CIPHER-MODES*/
  10961. WOLFSSL_TEST_SUBROUTINE wc_test_ret_t aesgcm_default_test(void)
  10962. {
  10963. #ifdef WOLFSSL_AES_128
  10964. byte key1[] = {
  10965. 0x29, 0x8e, 0xfa, 0x1c, 0xcf, 0x29, 0xcf, 0x62,
  10966. 0xae, 0x68, 0x24, 0xbf, 0xc1, 0x95, 0x57, 0xfc
  10967. };
  10968. byte iv1[] = {
  10969. 0x6f, 0x58, 0xa9, 0x3f, 0xe1, 0xd2, 0x07, 0xfa,
  10970. 0xe4, 0xed, 0x2f, 0x6d
  10971. };
  10972. ALIGN64 byte plain1[] = {
  10973. 0xcc, 0x38, 0xbc, 0xcd, 0x6b, 0xc5, 0x36, 0xad,
  10974. 0x91, 0x9b, 0x13, 0x95, 0xf5, 0xd6, 0x38, 0x01,
  10975. 0xf9, 0x9f, 0x80, 0x68, 0xd6, 0x5c, 0xa5, 0xac,
  10976. 0x63, 0x87, 0x2d, 0xaf, 0x16, 0xb9, 0x39, 0x01
  10977. };
  10978. byte aad1[] = {
  10979. 0x02, 0x1f, 0xaf, 0xd2, 0x38, 0x46, 0x39, 0x73,
  10980. 0xff, 0xe8, 0x02, 0x56, 0xe5, 0xb1, 0xc6, 0xb1
  10981. };
  10982. ALIGN64 byte cipher1[] = {
  10983. 0xdf, 0xce, 0x4e, 0x9c, 0xd2, 0x91, 0x10, 0x3d,
  10984. 0x7f, 0xe4, 0xe6, 0x33, 0x51, 0xd9, 0xe7, 0x9d,
  10985. 0x3d, 0xfd, 0x39, 0x1e, 0x32, 0x67, 0x10, 0x46,
  10986. 0x58, 0x21, 0x2d, 0xa9, 0x65, 0x21, 0xb7, 0xdb
  10987. };
  10988. byte tag1[] = {
  10989. 0x54, 0x24, 0x65, 0xef, 0x59, 0x93, 0x16, 0xf7,
  10990. 0x3a, 0x7a, 0x56, 0x05, 0x09, 0xa2, 0xd9, 0xf2
  10991. };
  10992. byte key2[] = {
  10993. 0x01, 0x6d, 0xbb, 0x38, 0xda, 0xa7, 0x6d, 0xfe,
  10994. 0x7d, 0xa3, 0x84, 0xeb, 0xf1, 0x24, 0x03, 0x64
  10995. };
  10996. byte iv2[] = {
  10997. 0x07, 0x93, 0xef, 0x3a, 0xda, 0x78, 0x2f, 0x78,
  10998. 0xc9, 0x8a, 0xff, 0xe3
  10999. };
  11000. ALIGN64 byte plain2[] = {
  11001. 0x4b, 0x34, 0xa9, 0xec, 0x57, 0x63, 0x52, 0x4b,
  11002. 0x19, 0x1d, 0x56, 0x16, 0xc5, 0x47, 0xf6, 0xb7
  11003. };
  11004. ALIGN64 byte cipher2[] = {
  11005. 0x60, 0x9a, 0xa3, 0xf4, 0x54, 0x1b, 0xc0, 0xfe,
  11006. 0x99, 0x31, 0xda, 0xad, 0x2e, 0xe1, 0x5d, 0x0c
  11007. };
  11008. byte tag2[] = {
  11009. 0x33, 0xaf, 0xec, 0x59, 0xc4, 0x5b, 0xaf, 0x68,
  11010. 0x9a, 0x5e, 0x1b, 0x13, 0xae, 0x42, 0x36, 0x19
  11011. };
  11012. byte key3[] = {
  11013. 0xb0, 0x1e, 0x45, 0xcc, 0x30, 0x88, 0xaa, 0xba,
  11014. 0x9f, 0xa4, 0x3d, 0x81, 0xd4, 0x81, 0x82, 0x3f
  11015. };
  11016. byte iv3[] = {
  11017. 0x5a, 0x2c, 0x4a, 0x66, 0x46, 0x87, 0x13, 0x45,
  11018. 0x6a, 0x4b, 0xd5, 0xe1
  11019. };
  11020. byte tag3[] = {
  11021. 0x01, 0x42, 0x80, 0xf9, 0x44, 0xf5, 0x3c, 0x68,
  11022. 0x11, 0x64, 0xb2, 0xff
  11023. };
  11024. wc_test_ret_t ret;
  11025. ret = aesgcm_default_test_helper(key1, sizeof(key1), iv1, sizeof(iv1),
  11026. plain1, sizeof(plain1), cipher1, sizeof(cipher1),
  11027. aad1, sizeof(aad1), tag1, sizeof(tag1));
  11028. if (ret != 0) {
  11029. return ret;
  11030. }
  11031. ret = aesgcm_default_test_helper(key2, sizeof(key2), iv2, sizeof(iv2),
  11032. plain2, sizeof(plain2), cipher2, sizeof(cipher2),
  11033. NULL, 0, tag2, sizeof(tag2));
  11034. if (ret != 0) {
  11035. return ret;
  11036. }
  11037. ret = aesgcm_default_test_helper(key3, sizeof(key3), iv3, sizeof(iv3),
  11038. NULL, 0, NULL, 0,
  11039. NULL, 0, tag3, sizeof(tag3));
  11040. if (ret != 0) {
  11041. return ret;
  11042. }
  11043. #endif
  11044. return 0;
  11045. }
  11046. WOLFSSL_TEST_SUBROUTINE wc_test_ret_t aesgcm_test(void)
  11047. {
  11048. #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
  11049. Aes *enc = NULL;
  11050. Aes *dec = NULL;
  11051. #else
  11052. Aes enc[1];
  11053. Aes dec[1];
  11054. #endif
  11055. /*
  11056. * This is Test Case 16 from the document Galois/
  11057. * Counter Mode of Operation (GCM) by McGrew and
  11058. * Viega.
  11059. */
  11060. WOLFSSL_SMALL_STACK_STATIC const byte p[] =
  11061. {
  11062. 0xd9, 0x31, 0x32, 0x25, 0xf8, 0x84, 0x06, 0xe5,
  11063. 0xa5, 0x59, 0x09, 0xc5, 0xaf, 0xf5, 0x26, 0x9a,
  11064. 0x86, 0xa7, 0xa9, 0x53, 0x15, 0x34, 0xf7, 0xda,
  11065. 0x2e, 0x4c, 0x30, 0x3d, 0x8a, 0x31, 0x8a, 0x72,
  11066. 0x1c, 0x3c, 0x0c, 0x95, 0x95, 0x68, 0x09, 0x53,
  11067. 0x2f, 0xcf, 0x0e, 0x24, 0x49, 0xa6, 0xb5, 0x25,
  11068. 0xb1, 0x6a, 0xed, 0xf5, 0xaa, 0x0d, 0xe6, 0x57,
  11069. 0xba, 0x63, 0x7b, 0x39
  11070. };
  11071. #if defined(WOLFSSL_AES_256) || defined(WOLFSSL_AES_192)
  11072. WOLFSSL_SMALL_STACK_STATIC const byte a[] =
  11073. {
  11074. 0xfe, 0xed, 0xfa, 0xce, 0xde, 0xad, 0xbe, 0xef,
  11075. 0xfe, 0xed, 0xfa, 0xce, 0xde, 0xad, 0xbe, 0xef,
  11076. 0xab, 0xad, 0xda, 0xd2
  11077. };
  11078. #endif
  11079. #ifdef WOLFSSL_AES_256
  11080. #ifdef HAVE_RENESAS_SYNC
  11081. const byte *k1 = (byte*)guser_PKCbInfo.wrapped_key_aes256;
  11082. int k1Sz = (int)(256/8);
  11083. #else
  11084. WOLFSSL_SMALL_STACK_STATIC const byte k1[] =
  11085. {
  11086. 0xfe, 0xff, 0xe9, 0x92, 0x86, 0x65, 0x73, 0x1c,
  11087. 0x6d, 0x6a, 0x8f, 0x94, 0x67, 0x30, 0x83, 0x08,
  11088. 0xfe, 0xff, 0xe9, 0x92, 0x86, 0x65, 0x73, 0x1c,
  11089. 0x6d, 0x6a, 0x8f, 0x94, 0x67, 0x30, 0x83, 0x08
  11090. };
  11091. int k1Sz = (int)sizeof(k1);
  11092. #endif
  11093. WOLFSSL_SMALL_STACK_STATIC const byte iv1[] =
  11094. {
  11095. 0xca, 0xfe, 0xba, 0xbe, 0xfa, 0xce, 0xdb, 0xad,
  11096. 0xde, 0xca, 0xf8, 0x88
  11097. };
  11098. #endif /* WOLFSSL_AES_256 */
  11099. #if defined(WOLFSSL_AES_256) || defined(WOLFSSL_AES_192)
  11100. WOLFSSL_SMALL_STACK_STATIC const byte c1[] =
  11101. {
  11102. 0x52, 0x2d, 0xc1, 0xf0, 0x99, 0x56, 0x7d, 0x07,
  11103. 0xf4, 0x7f, 0x37, 0xa3, 0x2a, 0x84, 0x42, 0x7d,
  11104. 0x64, 0x3a, 0x8c, 0xdc, 0xbf, 0xe5, 0xc0, 0xc9,
  11105. 0x75, 0x98, 0xa2, 0xbd, 0x25, 0x55, 0xd1, 0xaa,
  11106. 0x8c, 0xb0, 0x8e, 0x48, 0x59, 0x0d, 0xbb, 0x3d,
  11107. 0xa7, 0xb0, 0x8b, 0x10, 0x56, 0x82, 0x88, 0x38,
  11108. 0xc5, 0xf6, 0x1e, 0x63, 0x93, 0xba, 0x7a, 0x0a,
  11109. 0xbc, 0xc9, 0xf6, 0x62
  11110. };
  11111. #endif /* WOLFSSL_AES_256 || WOLFSSL_AES_192 */
  11112. WOLFSSL_SMALL_STACK_STATIC const byte t1[] =
  11113. {
  11114. 0x76, 0xfc, 0x6e, 0xce, 0x0f, 0x4e, 0x17, 0x68,
  11115. 0xcd, 0xdf, 0x88, 0x53, 0xbb, 0x2d, 0x55, 0x1b
  11116. };
  11117. /* FIPS, QAT and PIC32MZ HW Crypto only support 12-byte IV */
  11118. #if !defined(HAVE_FIPS) && \
  11119. !defined(WOLFSSL_PIC32MZ_CRYPT) && \
  11120. !defined(FREESCALE_LTC) && !defined(FREESCALE_MMCAU) && \
  11121. !defined(WOLFSSL_XILINX_CRYPT) && !defined(WOLFSSL_AFALG_XILINX_AES) && \
  11122. !defined(WOLFSSL_SILABS_SE_ACCEL) && !defined(WOLFSSL_KCAPI_AES) && \
  11123. !(defined(WOLF_CRYPTO_CB) && \
  11124. (defined(HAVE_INTEL_QA_SYNC) || defined(HAVE_CAVIUM_OCTEON_SYNC)))
  11125. #define ENABLE_NON_12BYTE_IV_TEST
  11126. #ifdef WOLFSSL_AES_192
  11127. /* Test Case 12, uses same plaintext and AAD data. */
  11128. WOLFSSL_SMALL_STACK_STATIC const byte k2[] =
  11129. {
  11130. 0xfe, 0xff, 0xe9, 0x92, 0x86, 0x65, 0x73, 0x1c,
  11131. 0x6d, 0x6a, 0x8f, 0x94, 0x67, 0x30, 0x83, 0x08,
  11132. 0xfe, 0xff, 0xe9, 0x92, 0x86, 0x65, 0x73, 0x1c
  11133. };
  11134. WOLFSSL_SMALL_STACK_STATIC const byte iv2[] =
  11135. {
  11136. 0x93, 0x13, 0x22, 0x5d, 0xf8, 0x84, 0x06, 0xe5,
  11137. 0x55, 0x90, 0x9c, 0x5a, 0xff, 0x52, 0x69, 0xaa,
  11138. 0x6a, 0x7a, 0x95, 0x38, 0x53, 0x4f, 0x7d, 0xa1,
  11139. 0xe4, 0xc3, 0x03, 0xd2, 0xa3, 0x18, 0xa7, 0x28,
  11140. 0xc3, 0xc0, 0xc9, 0x51, 0x56, 0x80, 0x95, 0x39,
  11141. 0xfc, 0xf0, 0xe2, 0x42, 0x9a, 0x6b, 0x52, 0x54,
  11142. 0x16, 0xae, 0xdb, 0xf5, 0xa0, 0xde, 0x6a, 0x57,
  11143. 0xa6, 0x37, 0xb3, 0x9b
  11144. };
  11145. WOLFSSL_SMALL_STACK_STATIC const byte c2[] =
  11146. {
  11147. 0xd2, 0x7e, 0x88, 0x68, 0x1c, 0xe3, 0x24, 0x3c,
  11148. 0x48, 0x30, 0x16, 0x5a, 0x8f, 0xdc, 0xf9, 0xff,
  11149. 0x1d, 0xe9, 0xa1, 0xd8, 0xe6, 0xb4, 0x47, 0xef,
  11150. 0x6e, 0xf7, 0xb7, 0x98, 0x28, 0x66, 0x6e, 0x45,
  11151. 0x81, 0xe7, 0x90, 0x12, 0xaf, 0x34, 0xdd, 0xd9,
  11152. 0xe2, 0xf0, 0x37, 0x58, 0x9b, 0x29, 0x2d, 0xb3,
  11153. 0xe6, 0x7c, 0x03, 0x67, 0x45, 0xfa, 0x22, 0xe7,
  11154. 0xe9, 0xb7, 0x37, 0x3b
  11155. };
  11156. WOLFSSL_SMALL_STACK_STATIC const byte t2[] =
  11157. {
  11158. 0xdc, 0xf5, 0x66, 0xff, 0x29, 0x1c, 0x25, 0xbb,
  11159. 0xb8, 0x56, 0x8f, 0xc3, 0xd3, 0x76, 0xa6, 0xd9
  11160. };
  11161. #endif /* WOLFSSL_AES_192 */
  11162. #ifdef WOLFSSL_AES_128
  11163. /* The following is an interesting test case from the example
  11164. * FIPS test vectors for AES-GCM. IVlen = 1 byte */
  11165. WOLFSSL_SMALL_STACK_STATIC const byte p3[] =
  11166. {
  11167. 0x57, 0xce, 0x45, 0x1f, 0xa5, 0xe2, 0x35, 0xa5,
  11168. 0x8e, 0x1a, 0xa2, 0x3b, 0x77, 0xcb, 0xaf, 0xe2
  11169. };
  11170. #ifdef HAVE_RENESAS_SYNC
  11171. const byte *k3 =
  11172. (byte*)guser_PKCbInfo.wrapped_key_aes128;
  11173. int k3Sz = (int)(128/8);
  11174. #else
  11175. WOLFSSL_SMALL_STACK_STATIC const byte k3[] =
  11176. {
  11177. 0xbb, 0x01, 0xd7, 0x03, 0x81, 0x1c, 0x10, 0x1a,
  11178. 0x35, 0xe0, 0xff, 0xd2, 0x91, 0xba, 0xf2, 0x4b
  11179. };
  11180. int k3Sz = (int)sizeof(k3);
  11181. #endif
  11182. WOLFSSL_SMALL_STACK_STATIC const byte iv3[] =
  11183. {
  11184. 0xca
  11185. };
  11186. WOLFSSL_SMALL_STACK_STATIC const byte c3[] =
  11187. {
  11188. 0x6b, 0x5f, 0xb3, 0x9d, 0xc1, 0xc5, 0x7a, 0x4f,
  11189. 0xf3, 0x51, 0x4d, 0xc2, 0xd5, 0xf0, 0xd0, 0x07
  11190. };
  11191. WOLFSSL_SMALL_STACK_STATIC const byte a3[] =
  11192. {
  11193. 0x40, 0xfc, 0xdc, 0xd7, 0x4a, 0xd7, 0x8b, 0xf1,
  11194. 0x3e, 0x7c, 0x60, 0x55, 0x50, 0x51, 0xdd, 0x54
  11195. };
  11196. WOLFSSL_SMALL_STACK_STATIC const byte t3[] =
  11197. {
  11198. 0x06, 0x90, 0xed, 0x01, 0x34, 0xdd, 0xc6, 0x95,
  11199. 0x31, 0x2e, 0x2a, 0xf9, 0x57, 0x7a, 0x1e, 0xa6
  11200. };
  11201. #endif /* WOLFSSL_AES_128 */
  11202. #ifdef WOLFSSL_AES_256
  11203. int ivlen;
  11204. #endif
  11205. #endif
  11206. byte resultT[sizeof(t1) + AES_BLOCK_SIZE];
  11207. byte resultP[sizeof(p) + AES_BLOCK_SIZE];
  11208. byte resultC[sizeof(p) + AES_BLOCK_SIZE];
  11209. wc_test_ret_t ret = 0;
  11210. #ifdef WOLFSSL_AES_256
  11211. #if !(defined(WOLF_CRYPTO_CB) && defined(HAVE_INTEL_QA_SYNC))
  11212. int alen;
  11213. #endif
  11214. #if !defined(WOLFSSL_AFALG_XILINX_AES) && !defined(WOLFSSL_XILINX_CRYPT)
  11215. int plen;
  11216. #endif
  11217. #endif
  11218. #if defined(WOLFSSL_XILINX_CRYPT_VERSAL)
  11219. byte buf[sizeof(p) + AES_BLOCK_SIZE];
  11220. byte bufA[sizeof(a) + 1];
  11221. byte *large_aad = (byte*)XMALLOC((size_t)1024 + 16, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  11222. #endif
  11223. #if !defined(BENCH_EMBEDDED) && !defined(HAVE_CAVIUM)
  11224. #if !defined(BENCH_AESGCM_LARGE)
  11225. #define BENCH_AESGCM_LARGE 1024
  11226. #endif
  11227. #ifndef WOLFSSL_NO_MALLOC
  11228. byte *large_input = (byte *)XMALLOC(BENCH_AESGCM_LARGE, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  11229. byte *large_output = (byte *)XMALLOC(BENCH_AESGCM_LARGE + AES_BLOCK_SIZE, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  11230. byte *large_outdec = (byte *)XMALLOC(BENCH_AESGCM_LARGE, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  11231. if ((! large_input) || (! large_output) || (! large_outdec))
  11232. ERROR_OUT(MEMORY_E, out);
  11233. #else
  11234. byte large_input[BENCH_AESGCM_LARGE];
  11235. byte large_output[BENCH_AESGCM_LARGE + AES_BLOCK_SIZE];
  11236. byte large_outdec[BENCH_AESGCM_LARGE];
  11237. #endif
  11238. XMEMSET(large_input, 0, BENCH_AESGCM_LARGE);
  11239. XMEMSET(large_output, 0, BENCH_AESGCM_LARGE + AES_BLOCK_SIZE);
  11240. XMEMSET(large_outdec, 0, BENCH_AESGCM_LARGE);
  11241. #endif
  11242. #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
  11243. if ((enc = (Aes *)XMALLOC(sizeof *enc, HEAP_HINT, DYNAMIC_TYPE_AES)) == NULL)
  11244. ERROR_OUT(WC_TEST_RET_ENC_ERRNO, out);
  11245. if ((dec = (Aes *)XMALLOC(sizeof *dec, HEAP_HINT, DYNAMIC_TYPE_AES)) == NULL)
  11246. ERROR_OUT(WC_TEST_RET_ENC_ERRNO, out);
  11247. #endif
  11248. XMEMSET(resultT, 0, sizeof(resultT));
  11249. XMEMSET(resultC, 0, sizeof(resultC));
  11250. XMEMSET(resultP, 0, sizeof(resultP));
  11251. ret = wc_AesInit(enc, HEAP_HINT, devId);
  11252. if (ret != 0)
  11253. ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
  11254. ret = wc_AesInit(dec, HEAP_HINT, devId);
  11255. if (ret != 0)
  11256. ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
  11257. #ifdef WOLFSSL_AES_256
  11258. ret = wc_AesGcmSetKey(enc, k1, k1Sz);
  11259. if (ret != 0)
  11260. ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
  11261. /* AES-GCM encrypt and decrypt both use AES encrypt internally */
  11262. ret = wc_AesGcmEncrypt(enc, resultC, p, sizeof(p), iv1, sizeof(iv1),
  11263. resultT, sizeof(t1), a, sizeof(a));
  11264. #if defined(WOLFSSL_ASYNC_CRYPT)
  11265. ret = wc_AsyncWait(ret, &enc->asyncDev, WC_ASYNC_FLAG_NONE);
  11266. #endif
  11267. if (ret != 0)
  11268. ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
  11269. #ifndef HAVE_RENESAS_SYNC
  11270. if (XMEMCMP(c1, resultC, sizeof(c1)))
  11271. ERROR_OUT(WC_TEST_RET_ENC_NC, out);
  11272. if (XMEMCMP(t1, resultT, sizeof(t1)))
  11273. ERROR_OUT(WC_TEST_RET_ENC_NC, out);
  11274. #endif
  11275. #ifdef HAVE_AES_DECRYPT
  11276. ret = wc_AesGcmSetKey(dec, k1, k1Sz);
  11277. if (ret != 0)
  11278. ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
  11279. ret = wc_AesGcmDecrypt(dec, resultP, resultC, sizeof(c1),
  11280. iv1, sizeof(iv1), resultT, sizeof(t1), a, sizeof(a));
  11281. #if defined(WOLFSSL_ASYNC_CRYPT)
  11282. ret = wc_AsyncWait(ret, &dec->asyncDev, WC_ASYNC_FLAG_NONE);
  11283. #endif
  11284. if (ret != 0)
  11285. ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
  11286. if (XMEMCMP(p, resultP, sizeof(p)))
  11287. ERROR_OUT(WC_TEST_RET_ENC_NC, out);
  11288. #endif /* HAVE_AES_DECRYPT */
  11289. /* Large buffer test */
  11290. #ifdef BENCH_AESGCM_LARGE
  11291. /* setup test buffer */
  11292. for (alen=0; alen<BENCH_AESGCM_LARGE; alen++)
  11293. large_input[alen] = (byte)alen;
  11294. /* AES-GCM encrypt and decrypt both use AES encrypt internally */
  11295. ret = wc_AesGcmEncrypt(enc, large_output, large_input,
  11296. BENCH_AESGCM_LARGE, iv1, sizeof(iv1),
  11297. resultT, sizeof(t1), a, sizeof(a));
  11298. #if defined(WOLFSSL_ASYNC_CRYPT)
  11299. ret = wc_AsyncWait(ret, &enc->asyncDev, WC_ASYNC_FLAG_NONE);
  11300. #endif
  11301. if (ret != 0)
  11302. ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
  11303. #ifdef HAVE_AES_DECRYPT
  11304. ret = wc_AesGcmDecrypt(dec, large_outdec, large_output,
  11305. BENCH_AESGCM_LARGE, iv1, sizeof(iv1), resultT,
  11306. sizeof(t1), a, sizeof(a));
  11307. #if defined(WOLFSSL_ASYNC_CRYPT)
  11308. ret = wc_AsyncWait(ret, &dec->asyncDev, WC_ASYNC_FLAG_NONE);
  11309. #endif
  11310. if (XMEMCMP(large_input, large_outdec, BENCH_AESGCM_LARGE))
  11311. ERROR_OUT(WC_TEST_RET_ENC_NC, out);
  11312. if (ret != 0)
  11313. ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
  11314. #endif /* HAVE_AES_DECRYPT */
  11315. #endif /* BENCH_AESGCM_LARGE */
  11316. #if defined(ENABLE_NON_12BYTE_IV_TEST) && defined(WOLFSSL_AES_256)
  11317. /* Variable IV length test */
  11318. for (ivlen=1; ivlen<k1Sz; ivlen++) {
  11319. /* AES-GCM encrypt and decrypt both use AES encrypt internally */
  11320. ret = wc_AesGcmEncrypt(enc, resultC, p, sizeof(p), k1,
  11321. (word32)ivlen, resultT, sizeof(t1), a, sizeof(a));
  11322. #if defined(WOLFSSL_ASYNC_CRYPT)
  11323. ret = wc_AsyncWait(ret, &enc->asyncDev, WC_ASYNC_FLAG_NONE);
  11324. #endif
  11325. if (ret != 0)
  11326. ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
  11327. #ifdef HAVE_AES_DECRYPT
  11328. ret = wc_AesGcmDecrypt(dec, resultP, resultC, sizeof(c1), k1,
  11329. (word32)ivlen, resultT, sizeof(t1), a, sizeof(a));
  11330. #if defined(WOLFSSL_ASYNC_CRYPT)
  11331. ret = wc_AsyncWait(ret, &dec->asyncDev, WC_ASYNC_FLAG_NONE);
  11332. #endif
  11333. if (ret != 0)
  11334. ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
  11335. #endif /* HAVE_AES_DECRYPT */
  11336. }
  11337. #endif
  11338. #if !(defined(WOLF_CRYPTO_CB) && defined(HAVE_INTEL_QA_SYNC))
  11339. /* Variable authenticated data length test */
  11340. for (alen=0; alen<(int)sizeof(p); alen++) {
  11341. /* AES-GCM encrypt and decrypt both use AES encrypt internally */
  11342. ret = wc_AesGcmEncrypt(enc, resultC, p, sizeof(p), iv1,
  11343. sizeof(iv1), resultT, sizeof(t1), p, (word32)alen);
  11344. #if defined(WOLFSSL_ASYNC_CRYPT)
  11345. ret = wc_AsyncWait(ret, &enc->asyncDev, WC_ASYNC_FLAG_NONE);
  11346. #endif
  11347. if (ret != 0)
  11348. ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
  11349. #ifdef HAVE_AES_DECRYPT
  11350. ret = wc_AesGcmDecrypt(dec, resultP, resultC, sizeof(c1), iv1,
  11351. sizeof(iv1), resultT, sizeof(t1), p, (word32)alen);
  11352. #if defined(WOLFSSL_ASYNC_CRYPT)
  11353. ret = wc_AsyncWait(ret, &dec->asyncDev, WC_ASYNC_FLAG_NONE);
  11354. #endif
  11355. if (ret != 0)
  11356. ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
  11357. #endif /* HAVE_AES_DECRYPT */
  11358. }
  11359. #if defined(WOLFSSL_XILINX_CRYPT_VERSAL)
  11360. if (! large_aad)
  11361. ERROR_OUT(MEMORY_E, out);
  11362. XMEMSET(large_aad, 0, 1024+16);
  11363. /* Variable authenticated data length test */
  11364. for (alen=0; alen<=1024; alen+=16) {
  11365. /* AES-GCM encrypt and decrypt both use AES encrypt internally */
  11366. ret = wc_AesGcmEncrypt(enc, resultC, p, sizeof(p), iv1,
  11367. sizeof(iv1), resultT, sizeof(t1), large_aad, (word32)alen);
  11368. if (ret != 0)
  11369. ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
  11370. #ifdef HAVE_AES_DECRYPT
  11371. ret = wc_AesGcmDecrypt(dec, resultP, resultC, sizeof(c1), iv1,
  11372. sizeof(iv1), resultT, sizeof(t1), large_aad, (word32)alen);
  11373. if (ret != 0)
  11374. ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
  11375. #endif /* HAVE_AES_DECRYPT */
  11376. }
  11377. /* Test unaligned memory of all potential arguments */
  11378. ret = wc_AesGcmSetKey(enc, k1, k1Sz);
  11379. if (ret != 0)
  11380. ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
  11381. /* AES-GCM encrypt and decrypt both use AES encrypt internally */
  11382. XMEMCPY(&buf[1], p, sizeof(p));
  11383. XMEMCPY(&bufA[1], a, sizeof(a));
  11384. ret = wc_AesGcmEncrypt(enc, &resultC[1], &buf[1], sizeof(p), iv1, sizeof(iv1),
  11385. &resultT[1], sizeof(t1), &bufA[1], sizeof(a));
  11386. if (ret != 0)
  11387. ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
  11388. if (XMEMCMP(c1, &resultC[1], sizeof(c1)))
  11389. ERROR_OUT(WC_TEST_RET_ENC_NC, out);
  11390. if (XMEMCMP(t1, &resultT[1], sizeof(t1)))
  11391. ERROR_OUT(WC_TEST_RET_ENC_NC, out);
  11392. #ifdef HAVE_AES_DECRYPT
  11393. ret = wc_AesGcmSetKey(dec, k1, k1Sz);
  11394. if (ret != 0)
  11395. ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
  11396. ret = wc_AesGcmDecrypt(dec, &resultP[1], &resultC[1], sizeof(c1),
  11397. iv1, sizeof(iv1), &resultT[1], sizeof(t1), &bufA[1], sizeof(a));
  11398. if (ret != 0)
  11399. ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
  11400. if (XMEMCMP(p, &resultP[1], sizeof(p)))
  11401. ERROR_OUT(WC_TEST_RET_ENC_NC, out);
  11402. #endif /* HAVE_AES_DECRYPT */
  11403. #endif /* Xilinx Versal */
  11404. #endif
  11405. #if !defined(WOLFSSL_AFALG_XILINX_AES) && !defined(WOLFSSL_XILINX_CRYPT)
  11406. #ifdef BENCH_AESGCM_LARGE
  11407. /* Variable plain text length test */
  11408. for (plen=1; plen<BENCH_AESGCM_LARGE; plen++) {
  11409. /* AES-GCM encrypt and decrypt both use AES encrypt internally */
  11410. ret = wc_AesGcmEncrypt(enc, large_output, large_input,
  11411. plen, iv1, sizeof(iv1), resultT,
  11412. sizeof(t1), a, sizeof(a));
  11413. #if defined(WOLFSSL_ASYNC_CRYPT)
  11414. ret = wc_AsyncWait(ret, &enc->asyncDev, WC_ASYNC_FLAG_NONE);
  11415. #endif
  11416. if (ret != 0)
  11417. ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
  11418. #ifdef HAVE_AES_DECRYPT
  11419. ret = wc_AesGcmDecrypt(dec, large_outdec, large_output,
  11420. plen, iv1, sizeof(iv1), resultT,
  11421. sizeof(t1), a, sizeof(a));
  11422. #if defined(WOLFSSL_ASYNC_CRYPT)
  11423. ret = wc_AsyncWait(ret, &dec->asyncDev, WC_ASYNC_FLAG_NONE);
  11424. #endif
  11425. if (ret != 0)
  11426. ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
  11427. #endif /* HAVE_AES_DECRYPT */
  11428. }
  11429. #else /* BENCH_AESGCM_LARGE */
  11430. /* Variable plain text length test */
  11431. for (plen=1; plen<(int)sizeof(p); plen++) {
  11432. /* AES-GCM encrypt and decrypt both use AES encrypt internally */
  11433. ret = wc_AesGcmEncrypt(enc, resultC, p, (word32)plen, iv1,
  11434. sizeof(iv1), resultT, sizeof(t1), a, sizeof(a));
  11435. #if defined(WOLFSSL_ASYNC_CRYPT)
  11436. ret = wc_AsyncWait(ret, &enc->asyncDev, WC_ASYNC_FLAG_NONE);
  11437. #endif
  11438. if (ret != 0)
  11439. ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
  11440. #ifdef HAVE_AES_DECRYPT
  11441. ret = wc_AesGcmDecrypt(dec, resultP, resultC, (word32)plen, iv1,
  11442. sizeof(iv1), resultT, sizeof(t1), a, sizeof(a));
  11443. #if defined(WOLFSSL_ASYNC_CRYPT)
  11444. ret = wc_AsyncWait(ret, &dec->asyncDev, WC_ASYNC_FLAG_NONE);
  11445. #endif
  11446. if (ret != 0)
  11447. ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
  11448. #endif /* HAVE_AES_DECRYPT */
  11449. }
  11450. #endif /* BENCH_AESGCM_LARGE */
  11451. #endif
  11452. #endif /* WOLFSSL_AES_256 */
  11453. /* test with IV != 12 bytes */
  11454. #ifdef ENABLE_NON_12BYTE_IV_TEST
  11455. XMEMSET(resultT, 0, sizeof(resultT));
  11456. XMEMSET(resultC, 0, sizeof(resultC));
  11457. XMEMSET(resultP, 0, sizeof(resultP));
  11458. #ifdef WOLFSSL_AES_192
  11459. wc_AesGcmSetKey(enc, k2, sizeof(k2));
  11460. /* AES-GCM encrypt and decrypt both use AES encrypt internally */
  11461. ret = wc_AesGcmEncrypt(enc, resultC, p, sizeof(p), iv2, sizeof(iv2),
  11462. resultT, sizeof(t1), a, sizeof(a));
  11463. #if defined(WOLFSSL_ASYNC_CRYPT)
  11464. ret = wc_AsyncWait(ret, &enc->asyncDev, WC_ASYNC_FLAG_NONE);
  11465. #endif
  11466. if (ret != 0)
  11467. ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
  11468. if (XMEMCMP(c2, resultC, sizeof(c2)))
  11469. ERROR_OUT(WC_TEST_RET_ENC_NC, out);
  11470. if (XMEMCMP(t2, resultT, sizeof(t1)))
  11471. ERROR_OUT(WC_TEST_RET_ENC_NC, out);
  11472. #ifdef HAVE_AES_DECRYPT
  11473. ret = wc_AesGcmDecrypt(enc, resultP, resultC, sizeof(c1),
  11474. iv2, sizeof(iv2), resultT, sizeof(t1), a, sizeof(a));
  11475. #if defined(WOLFSSL_ASYNC_CRYPT)
  11476. ret = wc_AsyncWait(ret, &enc->asyncDev, WC_ASYNC_FLAG_NONE);
  11477. #endif
  11478. if (ret != 0)
  11479. ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
  11480. if (XMEMCMP(p, resultP, sizeof(p)))
  11481. ERROR_OUT(WC_TEST_RET_ENC_NC, out);
  11482. #endif /* HAVE_AES_DECRYPT */
  11483. /* Large buffer test */
  11484. #ifdef BENCH_AESGCM_LARGE
  11485. wc_AesGcmSetKey(enc, k2, k3Sz);
  11486. wc_AesGcmSetKey(dec, k2, k3Sz);
  11487. /* setup test buffer */
  11488. for (alen=0; alen<BENCH_AESGCM_LARGE; alen++)
  11489. large_input[alen] = (byte)alen;
  11490. /* AES-GCM encrypt and decrypt both use AES encrypt internally */
  11491. ret = wc_AesGcmEncrypt(enc, large_output, large_input,
  11492. BENCH_AESGCM_LARGE, iv1, sizeof(iv1),
  11493. resultT, sizeof(t1), a, sizeof(a));
  11494. #if defined(WOLFSSL_ASYNC_CRYPT)
  11495. ret = wc_AsyncWait(ret, &enc->asyncDev, WC_ASYNC_FLAG_NONE);
  11496. #endif
  11497. if (ret != 0)
  11498. ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
  11499. #ifdef HAVE_AES_DECRYPT
  11500. ret = wc_AesGcmDecrypt(dec, large_outdec, large_output,
  11501. BENCH_AESGCM_LARGE, iv1, sizeof(iv1), resultT,
  11502. sizeof(t1), a, sizeof(a));
  11503. #if defined(WOLFSSL_ASYNC_CRYPT)
  11504. ret = wc_AsyncWait(ret, &dec->asyncDev, WC_ASYNC_FLAG_NONE);
  11505. #endif
  11506. if (ret != 0)
  11507. ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
  11508. if (XMEMCMP(large_input, large_outdec, BENCH_AESGCM_LARGE))
  11509. ERROR_OUT(WC_TEST_RET_ENC_NC, out);
  11510. #endif /* HAVE_AES_DECRYPT */
  11511. #endif /* BENCH_AESGCM_LARGE */
  11512. XMEMSET(resultT, 0, sizeof(resultT));
  11513. XMEMSET(resultC, 0, sizeof(resultC));
  11514. XMEMSET(resultP, 0, sizeof(resultP));
  11515. #endif /* WOLFSSL_AES_192 */
  11516. #ifdef WOLFSSL_AES_128
  11517. wc_AesGcmSetKey(enc, k3, k3Sz);
  11518. /* AES-GCM encrypt and decrypt both use AES encrypt internally */
  11519. ret = wc_AesGcmEncrypt(enc, resultC, p3, sizeof(p3), iv3, sizeof(iv3),
  11520. resultT, sizeof(t3), a3, sizeof(a3));
  11521. #if defined(WOLFSSL_ASYNC_CRYPT)
  11522. ret = wc_AsyncWait(ret, &enc->asyncDev, WC_ASYNC_FLAG_NONE);
  11523. #endif
  11524. if (ret != 0)
  11525. ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
  11526. #ifndef HAVE_RENESAS_SYNC
  11527. if (XMEMCMP(c3, resultC, sizeof(c3)))
  11528. ERROR_OUT(WC_TEST_RET_ENC_NC, out);
  11529. if (XMEMCMP(t3, resultT, sizeof(t3)))
  11530. ERROR_OUT(WC_TEST_RET_ENC_NC, out);
  11531. #endif
  11532. #ifdef HAVE_AES_DECRYPT
  11533. ret = wc_AesGcmDecrypt(enc, resultP, resultC, sizeof(c3),
  11534. iv3, sizeof(iv3), resultT, sizeof(t3), a3, sizeof(a3));
  11535. #if defined(WOLFSSL_ASYNC_CRYPT)
  11536. ret = wc_AsyncWait(ret, &enc->asyncDev, WC_ASYNC_FLAG_NONE);
  11537. #endif
  11538. if (ret != 0)
  11539. ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
  11540. if (XMEMCMP(p3, resultP, sizeof(p3)))
  11541. ERROR_OUT(WC_TEST_RET_ENC_NC, out);
  11542. #endif /* HAVE_AES_DECRYPT */
  11543. /* Large buffer test */
  11544. #ifdef BENCH_AESGCM_LARGE
  11545. wc_AesGcmSetKey(enc, k3, k3Sz);
  11546. wc_AesGcmSetKey(dec, k3, k3Sz);
  11547. /* setup test buffer */
  11548. for (alen=0; alen<BENCH_AESGCM_LARGE; alen++)
  11549. large_input[alen] = (byte)alen;
  11550. /* AES-GCM encrypt and decrypt both use AES encrypt internally */
  11551. ret = wc_AesGcmEncrypt(enc, large_output, large_input,
  11552. BENCH_AESGCM_LARGE, iv1, sizeof(iv1),
  11553. resultT, sizeof(t1), a, sizeof(a));
  11554. #if defined(WOLFSSL_ASYNC_CRYPT)
  11555. ret = wc_AsyncWait(ret, &enc->asyncDev, WC_ASYNC_FLAG_NONE);
  11556. #endif
  11557. if (ret != 0)
  11558. ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
  11559. #ifdef HAVE_AES_DECRYPT
  11560. ret = wc_AesGcmDecrypt(dec, large_outdec, large_output,
  11561. BENCH_AESGCM_LARGE, iv1, sizeof(iv1), resultT,
  11562. sizeof(t1), a, sizeof(a));
  11563. #if defined(WOLFSSL_ASYNC_CRYPT)
  11564. ret = wc_AsyncWait(ret, &dec->asyncDev, WC_ASYNC_FLAG_NONE);
  11565. #endif
  11566. if (ret != 0)
  11567. ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
  11568. if (XMEMCMP(large_input, large_outdec, BENCH_AESGCM_LARGE))
  11569. ERROR_OUT(WC_TEST_RET_ENC_NC, out);
  11570. #endif /* HAVE_AES_DECRYPT */
  11571. #endif /* BENCH_AESGCM_LARGE */
  11572. #endif /* WOLFSSL_AES_128 */
  11573. #endif /* ENABLE_NON_12BYTE_IV_TEST */
  11574. #if defined(WOLFSSL_AES_256) && !defined(WOLFSSL_AFALG_XILINX_AES) && \
  11575. !defined(WOLFSSL_XILINX_CRYPT) && \
  11576. !(defined(WOLF_CRYPTO_CB) && \
  11577. defined(HAVE_INTEL_QA_SYNC) || defined(HAVE_CAVIUM_OCTEON_SYNC))
  11578. XMEMSET(resultT, 0, sizeof(resultT));
  11579. XMEMSET(resultC, 0, sizeof(resultC));
  11580. XMEMSET(resultP, 0, sizeof(resultP));
  11581. wc_AesGcmSetKey(enc, k1, k1Sz);
  11582. /* AES-GCM encrypt and decrypt both use AES encrypt internally */
  11583. ret = wc_AesGcmEncrypt(enc, resultC, p, sizeof(p), iv1, sizeof(iv1),
  11584. resultT + 1, sizeof(t1) - 1, a, sizeof(a));
  11585. #if defined(WOLFSSL_ASYNC_CRYPT)
  11586. ret = wc_AsyncWait(ret, &enc->asyncDev, WC_ASYNC_FLAG_NONE);
  11587. #endif
  11588. if (ret != 0)
  11589. ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
  11590. #ifndef HAVE_RENESAS_SYNC
  11591. if (XMEMCMP(c1, resultC, sizeof(c1)))
  11592. ERROR_OUT(WC_TEST_RET_ENC_NC, out);
  11593. if (XMEMCMP(t1, resultT + 1, sizeof(t1) - 1))
  11594. ERROR_OUT(WC_TEST_RET_ENC_NC, out);
  11595. #endif
  11596. #ifdef HAVE_AES_DECRYPT
  11597. ret = wc_AesGcmDecrypt(enc, resultP, resultC, sizeof(p),
  11598. iv1, sizeof(iv1), resultT + 1, sizeof(t1) - 1, a, sizeof(a));
  11599. #if defined(WOLFSSL_ASYNC_CRYPT)
  11600. ret = wc_AsyncWait(ret, &enc->asyncDev, WC_ASYNC_FLAG_NONE);
  11601. #endif
  11602. if (ret != 0)
  11603. ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
  11604. if (XMEMCMP(p, resultP, sizeof(p)))
  11605. ERROR_OUT(WC_TEST_RET_ENC_NC, out);
  11606. #endif /* HAVE_AES_DECRYPT */
  11607. #endif /* WOLFSSL_AES_256 */
  11608. #if !defined(HAVE_FIPS) || \
  11609. (defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION >= 2))
  11610. /* Test encrypt with internally generated IV */
  11611. #if defined(WOLFSSL_AES_256) && !(defined(WC_NO_RNG) || defined(HAVE_SELFTEST)) \
  11612. && !(defined(WOLF_CRYPTO_CB) && defined(HAVE_CAVIUM_OCTEON_SYNC))
  11613. {
  11614. WC_RNG rng;
  11615. byte randIV[12];
  11616. ret = wc_InitRng_ex(&rng, HEAP_HINT, devId);
  11617. if (ret != 0)
  11618. ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
  11619. XMEMSET(randIV, 0, sizeof(randIV));
  11620. XMEMSET(resultT, 0, sizeof(resultT));
  11621. XMEMSET(resultC, 0, sizeof(resultC));
  11622. XMEMSET(resultP, 0, sizeof(resultP));
  11623. wc_AesGcmSetKey(enc, k1, k1Sz);
  11624. ret = wc_AesGcmSetIV(enc, sizeof(randIV), NULL, 0, &rng);
  11625. if (ret != 0)
  11626. ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
  11627. ret = wc_AesGcmEncrypt_ex(enc,
  11628. resultC, p, sizeof(p),
  11629. randIV, sizeof(randIV),
  11630. resultT, sizeof(t1),
  11631. a, sizeof(a));
  11632. #if defined(WOLFSSL_ASYNC_CRYPT)
  11633. ret = wc_AsyncWait(ret, &enc->asyncDev, WC_ASYNC_FLAG_NONE);
  11634. #endif
  11635. if (ret != 0)
  11636. ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
  11637. /* Check the IV has been set. */
  11638. {
  11639. word32 i, ivSum = 0;
  11640. for (i = 0; i < sizeof(randIV); i++)
  11641. ivSum += randIV[i];
  11642. if (ivSum == 0)
  11643. ERROR_OUT(WC_TEST_RET_ENC_NC, out);
  11644. }
  11645. #ifdef HAVE_AES_DECRYPT
  11646. wc_AesGcmSetKey(dec, k1, k1Sz);
  11647. ret = wc_AesGcmSetIV(dec, sizeof(randIV), NULL, 0, &rng);
  11648. if (ret != 0)
  11649. ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
  11650. ret = wc_AesGcmDecrypt(dec,
  11651. resultP, resultC, sizeof(c1),
  11652. randIV, sizeof(randIV),
  11653. resultT, sizeof(t1),
  11654. a, sizeof(a));
  11655. #if defined(WOLFSSL_ASYNC_CRYPT)
  11656. ret = wc_AsyncWait(ret, &dec->asyncDev, WC_ASYNC_FLAG_NONE);
  11657. #endif
  11658. if (ret != 0)
  11659. ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
  11660. if (XMEMCMP(p, resultP, sizeof(p)))
  11661. ERROR_OUT(WC_TEST_RET_ENC_NC, out);
  11662. #endif /* HAVE_AES_DECRYPT */
  11663. wc_FreeRng(&rng);
  11664. }
  11665. #endif /* WOLFSSL_AES_256 && !(WC_NO_RNG || HAVE_SELFTEST) */
  11666. #endif /* HAVE_FIPS_VERSION >= 2 */
  11667. #if !defined(WOLFSSL_AFALG_XILINX_AES) && !defined(WOLFSSL_XILINX_CRYPT)
  11668. #ifdef WOLFSSL_AES_256
  11669. #ifdef WOLFSSL_AESGCM_STREAM
  11670. ret = wc_AesGcmEncryptInit(enc, k1, sizeof(k1), iv1, sizeof(iv1));
  11671. if (ret != 0)
  11672. ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
  11673. ret = wc_AesGcmEncryptUpdate(enc, resultC, p, sizeof(p), a, sizeof(a));
  11674. if (ret != 0)
  11675. ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
  11676. ret = wc_AesGcmEncryptFinal(enc, resultT, sizeof(t1));
  11677. if (ret != 0)
  11678. ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
  11679. if (XMEMCMP(resultC, c1, sizeof(c1)) != 0)
  11680. ERROR_OUT(WC_TEST_RET_ENC_NC, out);
  11681. if (XMEMCMP(resultT, t1, sizeof(t1)) != 0)
  11682. ERROR_OUT(WC_TEST_RET_ENC_NC, out);
  11683. #ifdef HAVE_AES_DECRYPT
  11684. ret = wc_AesGcmDecryptInit(enc, k1, sizeof(k1), iv1, sizeof(iv1));
  11685. if (ret != 0)
  11686. ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
  11687. ret = wc_AesGcmDecryptUpdate(enc, resultP, c1, sizeof(c1), a, sizeof(a));
  11688. if (ret != 0)
  11689. ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
  11690. ret = wc_AesGcmDecryptFinal(enc, t1, sizeof(t1));
  11691. if (ret != 0)
  11692. ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
  11693. if (XMEMCMP(resultP, p, sizeof(p)) != 0)
  11694. ERROR_OUT(WC_TEST_RET_ENC_NC, out);
  11695. #endif
  11696. /* alen is the size to pass in with each update. */
  11697. for (alen = 1; alen < AES_BLOCK_SIZE + 1; alen++) {
  11698. ret = wc_AesGcmEncryptInit(enc, k1, sizeof(k1), iv1, sizeof(iv1));
  11699. if (ret != 0)
  11700. ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
  11701. /* plen is the offset into AAD to update with. */
  11702. for (plen = 0; plen < (int)sizeof(a); plen += alen) {
  11703. int len = sizeof(a) - plen;
  11704. if (len > alen) len = alen;
  11705. ret = wc_AesGcmEncryptUpdate(enc, NULL, NULL, 0, a + plen, len);
  11706. if (ret != 0)
  11707. ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
  11708. }
  11709. /* plen is the offset into plaintext to update with. */
  11710. for (plen = 0; plen < (int)sizeof(p); plen += alen) {
  11711. int len = sizeof(p) - plen;
  11712. if (len > alen) len = alen;
  11713. ret = wc_AesGcmEncryptUpdate(enc, resultC + plen, p + plen, len,
  11714. NULL, 0);
  11715. if (ret != 0)
  11716. ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
  11717. }
  11718. ret = wc_AesGcmEncryptFinal(enc, resultT, sizeof(t1));
  11719. if (ret != 0)
  11720. ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
  11721. if (XMEMCMP(resultC, c1, sizeof(c1)) != 0)
  11722. ERROR_OUT(WC_TEST_RET_ENC_NC, out);
  11723. if (XMEMCMP(resultT, t1, sizeof(t1)) != 0)
  11724. ERROR_OUT(WC_TEST_RET_ENC_NC, out);
  11725. }
  11726. #ifdef HAVE_AES_DECRYPT
  11727. for (alen = 1; alen < AES_BLOCK_SIZE + 1; alen++) {
  11728. ret = wc_AesGcmDecryptInit(enc, k1, sizeof(k1), iv1, sizeof(iv1));
  11729. if (ret != 0)
  11730. ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
  11731. /* plen is the offset into AAD to update with. */
  11732. for (plen = 0; plen < (int)sizeof(a); plen += alen) {
  11733. int len = sizeof(a) - plen;
  11734. if (len > alen) len = alen;
  11735. ret = wc_AesGcmDecryptUpdate(enc, NULL, NULL, 0, a + plen, len);
  11736. if (ret != 0)
  11737. ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
  11738. }
  11739. /* plen is the offset into cipher text to update with. */
  11740. for (plen = 0; plen < (int)sizeof(c1); plen += alen) {
  11741. int len = sizeof(c1) - plen;
  11742. if (len > alen) len = alen;
  11743. ret = wc_AesGcmDecryptUpdate(enc, resultP + plen, c1 + plen, len,
  11744. NULL, 0);
  11745. if (ret != 0)
  11746. ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
  11747. }
  11748. ret = wc_AesGcmDecryptFinal(enc, t1, sizeof(t1));
  11749. if (ret != 0)
  11750. ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
  11751. if (XMEMCMP(resultP, p, sizeof(p)) != 0)
  11752. ERROR_OUT(WC_TEST_RET_ENC_NC, out);
  11753. }
  11754. #endif /* HAVE_AES_DECRYPT */
  11755. #ifdef BENCH_AESGCM_LARGE
  11756. /* setup test buffer */
  11757. ret = wc_AesGcmEncryptInit(enc, k1, sizeof(k1), iv1, sizeof(iv1));
  11758. if (ret != 0)
  11759. ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
  11760. ret = wc_AesGcmEncryptUpdate(enc, large_output, large_input,
  11761. BENCH_AESGCM_LARGE, a, sizeof(a));
  11762. if (ret != 0)
  11763. ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
  11764. ret = wc_AesGcmEncryptFinal(enc, resultT, sizeof(t1));
  11765. if (ret != 0)
  11766. ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
  11767. #ifdef HAVE_AES_DECRYPT
  11768. ret = wc_AesGcmDecryptInit(enc, k1, sizeof(k1), iv1, sizeof(iv1));
  11769. if (ret != 0)
  11770. ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
  11771. ret = wc_AesGcmDecryptUpdate(enc, large_outdec, large_output,
  11772. BENCH_AESGCM_LARGE, a, sizeof(a));
  11773. if (ret != 0)
  11774. ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
  11775. ret = wc_AesGcmDecryptFinal(enc, resultT, sizeof(t1));
  11776. if (ret != 0)
  11777. ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
  11778. if (XMEMCMP(large_input, large_outdec, BENCH_AESGCM_LARGE))
  11779. ERROR_OUT(WC_TEST_RET_ENC_NC, out);
  11780. #endif /* HAVE_AES_DECRYPT */
  11781. #endif /* BENCH_AESGCM_LARGE */
  11782. #endif /* WOLFSSL_AESGCM_STREAM */
  11783. #endif /* WOLFSSL_AES_256 */
  11784. #endif /* !WOLFSSL_AFALG_XILINX_AES && !WOLFSSL_XILINX_CRYPT */
  11785. wc_AesFree(enc);
  11786. wc_AesFree(dec);
  11787. ret = 0;
  11788. out:
  11789. #if !defined(BENCH_EMBEDDED) && !defined(HAVE_CAVIUM) && \
  11790. !defined(WOLFSSL_NO_MALLOC)
  11791. if (large_input)
  11792. XFREE(large_input, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  11793. if (large_output)
  11794. XFREE(large_output, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  11795. if (large_outdec)
  11796. XFREE(large_outdec, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  11797. #endif
  11798. #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
  11799. if (enc)
  11800. XFREE(enc, HEAP_HINT, DYNAMIC_TYPE_AES);
  11801. if (dec)
  11802. XFREE(dec, HEAP_HINT, DYNAMIC_TYPE_AES);
  11803. #endif
  11804. return ret;
  11805. }
  11806. #ifdef WOLFSSL_AES_128
  11807. WOLFSSL_TEST_SUBROUTINE wc_test_ret_t gmac_test(void)
  11808. {
  11809. wc_test_ret_t ret;
  11810. #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
  11811. Gmac *gmac;
  11812. #else
  11813. Gmac gmac[1];
  11814. #endif
  11815. WOLFSSL_SMALL_STACK_STATIC const byte k1[] =
  11816. {
  11817. 0x89, 0xc9, 0x49, 0xe9, 0xc8, 0x04, 0xaf, 0x01,
  11818. 0x4d, 0x56, 0x04, 0xb3, 0x94, 0x59, 0xf2, 0xc8
  11819. };
  11820. WOLFSSL_SMALL_STACK_STATIC const byte iv1[] =
  11821. {
  11822. 0xd1, 0xb1, 0x04, 0xc8, 0x15, 0xbf, 0x1e, 0x94,
  11823. 0xe2, 0x8c, 0x8f, 0x16
  11824. };
  11825. WOLFSSL_SMALL_STACK_STATIC const byte a1[] =
  11826. {
  11827. 0x82, 0xad, 0xcd, 0x63, 0x8d, 0x3f, 0xa9, 0xd9,
  11828. 0xf3, 0xe8, 0x41, 0x00, 0xd6, 0x1e, 0x07, 0x77
  11829. };
  11830. WOLFSSL_SMALL_STACK_STATIC const byte t1[] =
  11831. {
  11832. 0x88, 0xdb, 0x9d, 0x62, 0x17, 0x2e, 0xd0, 0x43,
  11833. 0xaa, 0x10, 0xf1, 0x6d, 0x22, 0x7d, 0xc4, 0x1b
  11834. };
  11835. #if (!defined(HAVE_FIPS) || \
  11836. (defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION >= 2)))
  11837. /* FIPS builds only allow 16-byte auth tags. */
  11838. /* This sample uses a 15-byte auth tag. */
  11839. WOLFSSL_SMALL_STACK_STATIC const byte k2[] =
  11840. {
  11841. 0x40, 0xf7, 0xec, 0xb2, 0x52, 0x6d, 0xaa, 0xd4,
  11842. 0x74, 0x25, 0x1d, 0xf4, 0x88, 0x9e, 0xf6, 0x5b
  11843. };
  11844. WOLFSSL_SMALL_STACK_STATIC const byte iv2[] =
  11845. {
  11846. 0xee, 0x9c, 0x6e, 0x06, 0x15, 0x45, 0x45, 0x03,
  11847. 0x1a, 0x60, 0x24, 0xa7
  11848. };
  11849. WOLFSSL_SMALL_STACK_STATIC const byte a2[] =
  11850. {
  11851. 0x94, 0x81, 0x2c, 0x87, 0x07, 0x4e, 0x15, 0x18,
  11852. 0x34, 0xb8, 0x35, 0xaf, 0x1c, 0xa5, 0x7e, 0x56
  11853. };
  11854. WOLFSSL_SMALL_STACK_STATIC const byte t2[] =
  11855. {
  11856. 0xc6, 0x81, 0x79, 0x8e, 0x3d, 0xda, 0xb0, 0x9f,
  11857. 0x8d, 0x83, 0xb0, 0xbb, 0x14, 0xb6, 0x91
  11858. };
  11859. #endif
  11860. byte tag[16];
  11861. #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
  11862. if ((gmac = (Gmac *)XMALLOC(sizeof *gmac, HEAP_HINT, DYNAMIC_TYPE_AES)) == NULL)
  11863. return WC_TEST_RET_ENC_ERRNO;
  11864. #endif
  11865. XMEMSET(gmac, 0, sizeof *gmac); /* clear context */
  11866. (void)wc_AesInit(&gmac->aes, HEAP_HINT, INVALID_DEVID); /* Make sure devId updated */
  11867. XMEMSET(tag, 0, sizeof(tag));
  11868. wc_GmacSetKey(gmac, k1, sizeof(k1));
  11869. wc_GmacUpdate(gmac, iv1, sizeof(iv1), a1, sizeof(a1), tag, sizeof(t1));
  11870. if (XMEMCMP(t1, tag, sizeof(t1)) != 0)
  11871. ERROR_OUT(WC_TEST_RET_ENC_NC, out);
  11872. #if (!defined(HAVE_FIPS) || \
  11873. (defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION >= 2)) )
  11874. XMEMSET(tag, 0, sizeof(tag));
  11875. wc_GmacSetKey(gmac, k2, sizeof(k2));
  11876. wc_GmacUpdate(gmac, iv2, sizeof(iv2), a2, sizeof(a2), tag, sizeof(t2));
  11877. if (XMEMCMP(t2, tag, sizeof(t2)) != 0)
  11878. ERROR_OUT(WC_TEST_RET_ENC_NC, out);
  11879. #if !defined(WC_NO_RNG) && !defined(HAVE_SELFTEST) && !defined(NO_AES_DECRYPT)
  11880. {
  11881. WOLFSSL_SMALL_STACK_STATIC const byte badT[] =
  11882. {
  11883. 0xde, 0xad, 0xbe, 0xef, 0x17, 0x2e, 0xd0, 0x43,
  11884. 0xaa, 0x10, 0xf1, 0x6d, 0x22, 0x7d, 0xc4, 0x1b
  11885. };
  11886. WC_RNG rng;
  11887. byte iv[12];
  11888. #ifndef HAVE_FIPS
  11889. ret = wc_InitRng_ex(&rng, HEAP_HINT, devId);
  11890. if (ret != 0)
  11891. ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
  11892. #else
  11893. ret = wc_InitRng(&rng);
  11894. if (ret != 0)
  11895. ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
  11896. #endif
  11897. ret = wc_GmacVerify(k1, sizeof(k1), iv1, sizeof(iv1), a1, sizeof(a1),
  11898. t1, sizeof(t1));
  11899. if (ret != 0)
  11900. ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
  11901. ret = wc_GmacVerify(k1, sizeof(k1), iv1, sizeof(iv1), a1, sizeof(a1),
  11902. badT, sizeof(badT));
  11903. if (ret != AES_GCM_AUTH_E)
  11904. ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
  11905. ret = wc_GmacVerify(k2, sizeof(k2), iv2, sizeof(iv2), a2, sizeof(a2),
  11906. t2, sizeof(t2));
  11907. if (ret != 0)
  11908. ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
  11909. XMEMSET(tag, 0, sizeof(tag));
  11910. XMEMSET(iv, 0, sizeof(iv));
  11911. ret = wc_Gmac(k1, sizeof(k1), iv, sizeof(iv), a1, sizeof(a1),
  11912. tag, sizeof(tag), &rng);
  11913. if (ret != 0)
  11914. ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
  11915. ret = wc_GmacVerify(k1, sizeof(k1), iv, sizeof(iv), a1, sizeof(a1),
  11916. tag, sizeof(tag));
  11917. if (ret != 0)
  11918. ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
  11919. wc_FreeRng(&rng);
  11920. }
  11921. #endif /* !WC_NO_RNG && !HAVE_SELFTEST && !NO_AES_DECRYPT */
  11922. #endif /* HAVE_FIPS */
  11923. ret = 0;
  11924. out:
  11925. wc_AesFree(&gmac->aes);
  11926. #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
  11927. XFREE(gmac, HEAP_HINT, DYNAMIC_TYPE_AES);
  11928. #endif
  11929. return ret;
  11930. }
  11931. #endif /* WOLFSSL_AES_128 */
  11932. #endif /* HAVE_AESGCM */
  11933. #if defined(HAVE_AESCCM)
  11934. #if defined(WOLFSSL_AES_256)
  11935. static wc_test_ret_t aesccm_256_test(void)
  11936. {
  11937. wc_test_ret_t ret;
  11938. /* Test vectors from NIST AES CCM 256-bit CAST Example #1 */
  11939. WOLFSSL_SMALL_STACK_STATIC const byte in_key[32] = {
  11940. 0x40, 0x41, 0x42, 0x43, 0x44, 0x45, 0x46, 0x47,
  11941. 0x48, 0x49, 0x4A, 0x4B, 0x4C, 0x4D, 0x4E, 0x4F,
  11942. 0x50, 0x51, 0x52, 0x53, 0x54, 0x55, 0x56, 0x57,
  11943. 0x58, 0x59, 0x5A, 0x5B, 0x5C, 0x5D, 0x5E, 0x5F
  11944. };
  11945. WOLFSSL_SMALL_STACK_STATIC const byte in_nonce[7] = {
  11946. 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16};
  11947. WOLFSSL_SMALL_STACK_STATIC const byte in_auth[8] = {
  11948. 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07};
  11949. WOLFSSL_SMALL_STACK_STATIC const byte in_plaintext[4] = {
  11950. 0x20, 0x21, 0x22, 0x23};
  11951. WOLFSSL_SMALL_STACK_STATIC const byte exp_ciphertext[4] = {
  11952. 0x8A, 0xB1, 0xA8, 0x74};
  11953. WOLFSSL_SMALL_STACK_STATIC const byte exp_tag[4] = {
  11954. 0x95, 0xFC, 0x08, 0x20};
  11955. byte output[sizeof(in_plaintext)];
  11956. byte atag[sizeof(exp_tag)];
  11957. #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
  11958. Aes* aes = (Aes*)XMALLOC(sizeof(Aes), HEAP_HINT, DYNAMIC_TYPE_AES);
  11959. if (aes == NULL) {
  11960. return MEMORY_E;
  11961. }
  11962. #else
  11963. Aes aes[1];
  11964. #endif
  11965. ret = wc_AesInit(aes, HEAP_HINT, devId);
  11966. if (ret == 0) {
  11967. ret = wc_AesCcmSetKey(aes, in_key, sizeof(in_key));
  11968. }
  11969. if (ret == 0) {
  11970. ret = wc_AesCcmEncrypt(aes, output, in_plaintext, sizeof(in_plaintext),
  11971. in_nonce, sizeof(in_nonce),
  11972. atag, sizeof(atag),
  11973. in_auth, sizeof(in_auth));
  11974. }
  11975. /* Verify we produce the proper ciphertext and tag */
  11976. if (ret == 0 &&
  11977. (XMEMCMP(output, exp_ciphertext, sizeof(output)) ||
  11978. XMEMCMP(atag, exp_tag, sizeof(atag)))) {
  11979. ret = WC_TEST_RET_ENC_NC;
  11980. }
  11981. if (ret == 0) {
  11982. /* decrypt inline */
  11983. ret = wc_AesCcmDecrypt(aes, output, output, sizeof(output),
  11984. in_nonce, sizeof(in_nonce),
  11985. atag, sizeof(atag),
  11986. in_auth, sizeof(in_auth));
  11987. }
  11988. /* Verify decryption was successful */
  11989. if (ret == 0 &&
  11990. XMEMCMP(output, in_plaintext, sizeof(output))) {
  11991. ret = WC_TEST_RET_ENC_NC;
  11992. }
  11993. wc_AesFree(aes);
  11994. #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
  11995. XFREE(aes, HEAP_HINT, DYNAMIC_TYPE_AES);
  11996. #endif
  11997. return ret;
  11998. }
  11999. #endif /* WOLFSSL_AES_256 */
  12000. #if defined(WOLFSSL_AES_128)
  12001. static wc_test_ret_t aesccm_128_test(void)
  12002. {
  12003. wc_test_ret_t ret;
  12004. #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
  12005. Aes *enc;
  12006. #else
  12007. Aes enc[1];
  12008. #endif
  12009. /* key */
  12010. WOLFSSL_SMALL_STACK_STATIC const byte k[] =
  12011. {
  12012. 0xc0, 0xc1, 0xc2, 0xc3, 0xc4, 0xc5, 0xc6, 0xc7,
  12013. 0xc8, 0xc9, 0xca, 0xcb, 0xcc, 0xcd, 0xce, 0xcf
  12014. };
  12015. /* nonce */
  12016. WOLFSSL_SMALL_STACK_STATIC const byte iv[] =
  12017. {
  12018. 0x00, 0x00, 0x00, 0x03, 0x02, 0x01, 0x00, 0xa0,
  12019. 0xa1, 0xa2, 0xa3, 0xa4, 0xa5
  12020. };
  12021. /* plaintext */
  12022. WOLFSSL_SMALL_STACK_STATIC const byte p[] =
  12023. {
  12024. 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f,
  12025. 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17,
  12026. 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e
  12027. };
  12028. /* plaintext - long */
  12029. WOLFSSL_SMALL_STACK_STATIC const byte pl[] =
  12030. {
  12031. 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f,
  12032. 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17,
  12033. 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f,
  12034. 0x20, 0x21, 0x22, 0x23, 0x24, 0x25, 0x26, 0x27,
  12035. 0x28, 0x29, 0x2a, 0x2b, 0x2c, 0x2d, 0x2e, 0x2f,
  12036. 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37,
  12037. 0x38, 0x39, 0x3a, 0x3b, 0x3c, 0x3d, 0x3e, 0x3f,
  12038. 0x40, 0x41, 0x42, 0x43, 0x44, 0x45, 0x46, 0x47,
  12039. 0x48, 0x49, 0x4a, 0x4b, 0x4c, 0x4d, 0x4e, 0x4f,
  12040. 0x50
  12041. };
  12042. WOLFSSL_SMALL_STACK_STATIC const byte a[] =
  12043. {
  12044. 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07
  12045. };
  12046. /* ciphertext */
  12047. WOLFSSL_SMALL_STACK_STATIC const byte c[] =
  12048. {
  12049. 0x58, 0x8c, 0x97, 0x9a, 0x61, 0xc6, 0x63, 0xd2,
  12050. 0xf0, 0x66, 0xd0, 0xc2, 0xc0, 0xf9, 0x89, 0x80,
  12051. 0x6d, 0x5f, 0x6b, 0x61, 0xda, 0xc3, 0x84
  12052. };
  12053. /* tag - authentication */
  12054. WOLFSSL_SMALL_STACK_STATIC const byte t[] =
  12055. {
  12056. 0x17, 0xe8, 0xd1, 0x2c, 0xfd, 0xf9, 0x26, 0xe0
  12057. };
  12058. /* ciphertext - long */
  12059. WOLFSSL_SMALL_STACK_STATIC const byte cl[] =
  12060. {
  12061. 0x58, 0x8c, 0x97, 0x9a, 0x61, 0xc6, 0x63, 0xd2,
  12062. 0xf0, 0x66, 0xd0, 0xc2, 0xc0, 0xf9, 0x89, 0x80,
  12063. 0x6d, 0x5f, 0x6b, 0x61, 0xda, 0xc3, 0x84, 0xe0,
  12064. 0x44, 0x2d, 0xbe, 0x25, 0xfa, 0x48, 0x2b, 0xa8,
  12065. 0x36, 0x0b, 0xbf, 0x01, 0xc0, 0x12, 0x45, 0xa4,
  12066. 0x82, 0x9f, 0x20, 0x6c, 0xc3, 0xd6, 0xae, 0x5b,
  12067. 0x54, 0x8d, 0xd0, 0xb1, 0x69, 0x2c, 0xec, 0x5e,
  12068. 0x95, 0xa5, 0x6b, 0x48, 0xc3, 0xc6, 0xc8, 0x9e,
  12069. 0xc7, 0x92, 0x98, 0x9d, 0x26, 0x7d, 0x2a, 0x10,
  12070. 0x0b
  12071. };
  12072. /* tag - authentication - long */
  12073. WOLFSSL_SMALL_STACK_STATIC const byte tl[] =
  12074. {
  12075. 0x89, 0xd8, 0xd2, 0x02, 0xc5, 0xcf, 0xae, 0xf4
  12076. };
  12077. /* tag - authentication - empty plaintext */
  12078. WOLFSSL_SMALL_STACK_STATIC const byte t_empty[] =
  12079. {
  12080. 0xe4, 0x28, 0x8a, 0xc3, 0x78, 0x00, 0x0f, 0xf5
  12081. };
  12082. byte t2[sizeof(t)];
  12083. byte p2[sizeof(p)];
  12084. byte c2[sizeof(c)];
  12085. byte iv2[sizeof(iv)];
  12086. byte pl2[sizeof(pl)];
  12087. byte cl2[sizeof(cl)];
  12088. byte tl2[sizeof(tl)];
  12089. byte t_empty2[sizeof(t_empty)];
  12090. #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
  12091. if ((enc = (Aes *)XMALLOC(sizeof *enc, HEAP_HINT, DYNAMIC_TYPE_AES)) == NULL)
  12092. return WC_TEST_RET_ENC_ERRNO;
  12093. #endif
  12094. XMEMSET(enc, 0, sizeof *enc); /* clear context */
  12095. XMEMSET(t2, 0, sizeof(t2));
  12096. XMEMSET(c2, 0, sizeof(c2));
  12097. XMEMSET(p2, 0, sizeof(p2));
  12098. ret = wc_AesInit(enc, HEAP_HINT, devId);
  12099. if (ret != 0)
  12100. ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
  12101. ret = wc_AesCcmSetKey(enc, k, sizeof(k));
  12102. if (ret != 0)
  12103. ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
  12104. /* AES-CCM encrypt and decrypt both use AES encrypt internally */
  12105. ret = wc_AesCcmEncrypt(enc, c2, p, sizeof(c2), iv, sizeof(iv),
  12106. t2, sizeof(t2), a, sizeof(a));
  12107. if (ret != 0)
  12108. ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
  12109. if (XMEMCMP(c, c2, sizeof(c2)))
  12110. ERROR_OUT(WC_TEST_RET_ENC_NC, out);
  12111. if (XMEMCMP(t, t2, sizeof(t2)))
  12112. ERROR_OUT(WC_TEST_RET_ENC_NC, out);
  12113. ret = wc_AesCcmDecrypt(enc, p2, c2, sizeof(p2), iv, sizeof(iv),
  12114. t2, sizeof(t2), a, sizeof(a));
  12115. if (ret != 0)
  12116. ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
  12117. if (XMEMCMP(p, p2, sizeof(p2)))
  12118. ERROR_OUT(WC_TEST_RET_ENC_NC, out);
  12119. /* Test the authentication failure */
  12120. t2[0]++; /* Corrupt the authentication tag. */
  12121. ret = wc_AesCcmDecrypt(enc, p2, c, sizeof(p2), iv, sizeof(iv),
  12122. t2, sizeof(t2), a, sizeof(a));
  12123. if (ret == 0)
  12124. ERROR_OUT(WC_TEST_RET_ENC_NC, out);
  12125. /* Clear c2 to compare against p2. p2 should be set to zero in case of
  12126. * authentication fail. */
  12127. XMEMSET(c2, 0, sizeof(c2));
  12128. if (XMEMCMP(p2, c2, sizeof(p2)))
  12129. ERROR_OUT(WC_TEST_RET_ENC_NC, out);
  12130. wc_AesFree(enc);
  12131. XMEMSET(enc, 0, sizeof(Aes)); /* clear context */
  12132. XMEMSET(t2, 0, sizeof(t2));
  12133. XMEMSET(c2, 0, sizeof(c2));
  12134. XMEMSET(p2, 0, sizeof(p2));
  12135. XMEMSET(iv2, 0, sizeof(iv2));
  12136. ret = wc_AesInit(enc, HEAP_HINT, devId);
  12137. if (ret != 0)
  12138. ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
  12139. #ifndef HAVE_SELFTEST
  12140. /* selftest build does not have wc_AesCcmSetNonce() or
  12141. * wc_AesCcmEncrypt_ex() */
  12142. ret = wc_AesCcmSetKey(enc, k, sizeof(k));
  12143. if (ret != 0)
  12144. ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
  12145. ret = wc_AesCcmSetNonce(enc, iv, sizeof(iv));
  12146. if (ret != 0)
  12147. ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
  12148. ret = wc_AesCcmEncrypt_ex(enc, c2, p, sizeof(c2), iv2, sizeof(iv2),
  12149. t2, sizeof(t2), a, sizeof(a));
  12150. if (ret != 0)
  12151. ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
  12152. if (XMEMCMP(iv, iv2, sizeof(iv2)))
  12153. ERROR_OUT(WC_TEST_RET_ENC_NC, out);
  12154. if (XMEMCMP(c, c2, sizeof(c2)))
  12155. ERROR_OUT(WC_TEST_RET_ENC_NC, out);
  12156. if (XMEMCMP(t, t2, sizeof(t2)))
  12157. ERROR_OUT(WC_TEST_RET_ENC_NC, out);
  12158. #endif
  12159. #if !defined(HAVE_FIPS) && !defined(HAVE_SELFTEST)
  12160. /* test fail on invalid IV sizes */
  12161. ret = wc_AesCcmSetKey(enc, k, sizeof(k));
  12162. if (ret != 0)
  12163. ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
  12164. /* AES-CCM encrypt and decrypt both use AES encrypt internally */
  12165. ret = wc_AesCcmEncrypt(enc, c2, p, sizeof(c2), iv, sizeof(iv),
  12166. t2, 1, a, sizeof(a));
  12167. if (ret == 0) {
  12168. ERROR_OUT(WC_TEST_RET_ENC_NC, out);
  12169. }
  12170. #endif
  12171. /* AES-CCM encrypt and decrypt both use AES encrypt internally */
  12172. ret = wc_AesCcmEncrypt(enc, cl2, pl, sizeof(cl2), iv, sizeof(iv),
  12173. tl2, sizeof(tl2), a, sizeof(a));
  12174. if (ret != 0)
  12175. ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
  12176. if (XMEMCMP(cl, cl2, sizeof(cl2)))
  12177. ERROR_OUT(WC_TEST_RET_ENC_NC, out);
  12178. if (XMEMCMP(tl, tl2, sizeof(tl2)))
  12179. ERROR_OUT(WC_TEST_RET_ENC_NC, out);
  12180. ret = wc_AesCcmDecrypt(enc, pl2, cl2, sizeof(pl2), iv, sizeof(iv),
  12181. tl2, sizeof(tl2), a, sizeof(a));
  12182. if (ret != 0)
  12183. ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
  12184. if (XMEMCMP(pl, pl2, sizeof(pl2)))
  12185. ERROR_OUT(WC_TEST_RET_ENC_NC, out);
  12186. /* test empty message as null input or output with nonzero inSz. */
  12187. ret = wc_AesCcmEncrypt(enc, pl2 /* out */, NULL /* in */, 1 /* inSz */,
  12188. iv, sizeof(iv), t_empty2, sizeof(t_empty2),
  12189. a, sizeof(a));
  12190. if (ret != BAD_FUNC_ARG)
  12191. ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
  12192. ret = wc_AesCcmEncrypt(enc, NULL /* out */, (const byte *)"" /* in */, 1 /* inSz */,
  12193. iv, sizeof(iv), t_empty2, sizeof(t_empty2),
  12194. a, sizeof(a));
  12195. if (ret != BAD_FUNC_ARG)
  12196. ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
  12197. ret = wc_AesCcmDecrypt(enc, pl2, NULL /* in */, 1 /* inSz */,
  12198. iv, sizeof(iv), t_empty2, sizeof(t_empty2), a,
  12199. sizeof(a));
  12200. if (ret != BAD_FUNC_ARG)
  12201. ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
  12202. ret = wc_AesCcmDecrypt(enc, NULL /* out */, (const byte *)"" /* in */, 1 /* inSz */,
  12203. iv, sizeof(iv), t_empty2, sizeof(t_empty2), a,
  12204. sizeof(a));
  12205. if (ret != BAD_FUNC_ARG)
  12206. ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
  12207. /* test empty message as null input and output with zero inSz --
  12208. * must either succeed, or fail early with BAD_FUNC_ARG.
  12209. */
  12210. ret = wc_AesCcmEncrypt(enc, NULL /* out */, NULL /* in */, 0 /* inSz */,
  12211. iv, sizeof(iv), t_empty2, sizeof(t_empty2),
  12212. a, sizeof(a));
  12213. if (ret != BAD_FUNC_ARG) {
  12214. if (ret != 0)
  12215. ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
  12216. if (XMEMCMP(t_empty, t_empty2, sizeof(t_empty2)))
  12217. ERROR_OUT(WC_TEST_RET_ENC_NC, out);
  12218. ret = wc_AesCcmDecrypt(enc, NULL /* out */, NULL /* in */,
  12219. 0 /* inSz */, iv, sizeof(iv), t_empty2,
  12220. sizeof(t_empty2), a, sizeof(a));
  12221. if (ret != 0)
  12222. ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
  12223. }
  12224. /* test empty message as zero-length string -- must work. */
  12225. ret = wc_AesCcmEncrypt(enc, pl2, (const byte *)"", 0 /* inSz */, iv,
  12226. sizeof(iv), t_empty2, sizeof(t_empty2), a,
  12227. sizeof(a));
  12228. if (ret != 0)
  12229. ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
  12230. if (XMEMCMP(t_empty, t_empty2, sizeof(t_empty2)))
  12231. ERROR_OUT(WC_TEST_RET_ENC_NC, out);
  12232. ret = wc_AesCcmDecrypt(enc, pl2, (const byte *)"", 0 /* inSz */,
  12233. iv, sizeof(iv), t_empty2, sizeof(t_empty2), a,
  12234. sizeof(a));
  12235. if (ret != 0)
  12236. ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
  12237. wc_AesFree(enc);
  12238. ret = 0;
  12239. out:
  12240. #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
  12241. XFREE(enc, HEAP_HINT, DYNAMIC_TYPE_AES);
  12242. #endif
  12243. return ret;
  12244. }
  12245. #endif /* WOLFSSL_AES_128 */
  12246. WOLFSSL_TEST_SUBROUTINE wc_test_ret_t aesccm_test(void)
  12247. {
  12248. wc_test_ret_t ret = 0;
  12249. #ifdef WOLFSSL_AES_128
  12250. if (ret == 0)
  12251. ret = aesccm_128_test();
  12252. #endif
  12253. #ifdef WOLFSSL_AES_256
  12254. if (ret == 0)
  12255. ret = aesccm_256_test();
  12256. #endif
  12257. return ret;
  12258. }
  12259. #endif /* HAVE_AESCCM */
  12260. #if defined(WOLFSSL_AES_EAX) && \
  12261. (!defined(HAVE_FIPS) || FIPS_VERSION_GE(5, 3)) && !defined(HAVE_SELFTEST)
  12262. WOLFSSL_TEST_SUBROUTINE wc_test_ret_t aes_eax_test(void)
  12263. {
  12264. typedef struct {
  12265. byte key[AES_256_KEY_SIZE];
  12266. int key_length;
  12267. byte iv[AES_BLOCK_SIZE];
  12268. int iv_length;
  12269. byte aad[AES_BLOCK_SIZE * 2];
  12270. int aad_length;
  12271. byte msg[AES_BLOCK_SIZE * 2];
  12272. int msg_length;
  12273. byte ct[AES_BLOCK_SIZE * 2];
  12274. int ct_length;
  12275. byte tag[AES_BLOCK_SIZE];
  12276. int tag_length;
  12277. int valid;
  12278. } AadVector;
  12279. /* A small selection of Google wycheproof vectors that use vectors
  12280. * from the original paper: eprint.iacr.org/2003/069
  12281. * https://github.com/google/wycheproof/blob/master/testvectors/aes_eax_test.json
  12282. */
  12283. WOLFSSL_SMALL_STACK_STATIC const AadVector vectors[] = {
  12284. /* Vector from paper - empty message with auth data */
  12285. {
  12286. /* key, key length */
  12287. {0x23, 0x39, 0x52, 0xde, 0xe4, 0xd5, 0xed, 0x5f,
  12288. 0x9b, 0x9c, 0x6d, 0x6f, 0xf8, 0x0f, 0xf4, 0x78}, 16,
  12289. /* iv, iv length */
  12290. {0x62, 0xec, 0x67, 0xf9, 0xc3, 0xa4, 0xa4, 0x07,
  12291. 0xfc, 0xb2, 0xa8, 0xc4, 0x90, 0x31, 0xa8, 0xb3}, 16,
  12292. /* aad, aad length */
  12293. {0x6b, 0xfb, 0x91, 0x4f, 0xd0, 0x7e, 0xae, 0x6b}, 8,
  12294. /* msg, msg length */
  12295. {0}, 0,
  12296. /* ct, ct length */
  12297. {0}, 0,
  12298. /* tag, tag length */
  12299. {0xe0, 0x37, 0x83, 0x0e, 0x83, 0x89, 0xf2,
  12300. 0x7b, 0x02, 0x5a, 0x2d, 0x65, 0x27, 0xe7, 0x9d, 0x01}, 16,
  12301. /* valid */
  12302. 1,
  12303. },
  12304. /* Vector from paper - no auth data, valid auth tag */
  12305. {
  12306. /* key, key length */
  12307. {0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
  12308. 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f}, 16,
  12309. /* iv , iv length */
  12310. {0x3c, 0x8c, 0xc2, 0x97, 0x0a, 0x00, 0x8f, 0x75,
  12311. 0xcc, 0x5b, 0xea, 0xe2, 0x84, 0x72, 0x58, 0xc2}, 16,
  12312. /* aad, aad length */
  12313. {0}, 0,
  12314. /* msg, msg length */
  12315. {0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
  12316. 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
  12317. 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11,
  12318. 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11}, 32,
  12319. /* ct, ct length */
  12320. {0x3c, 0x44, 0x1f, 0x32, 0xce, 0x07, 0x82, 0x23,
  12321. 0x64, 0xd7, 0xa2, 0x99, 0x0e, 0x50, 0xbb, 0x13,
  12322. 0xd7, 0xb0, 0x2a, 0x26, 0x96, 0x9e, 0x4a, 0x93,
  12323. 0x7e, 0x5e, 0x90, 0x73, 0xb0, 0xd9, 0xc9, 0x68}, 32,
  12324. /* tag, tag length */
  12325. {0xdb, 0x90, 0xbd, 0xb3, 0xda, 0x3d, 0x00, 0xaf,
  12326. 0xd0, 0xfc, 0x6a, 0x83, 0x55, 0x1d, 0xa9, 0x5e}, 16,
  12327. /* valid */
  12328. 1,
  12329. },
  12330. /* Vector from paper - no auth data with invalid auth tag */
  12331. {
  12332. /* key, key length */
  12333. {0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
  12334. 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f}, 16,
  12335. /* iv, iv length */
  12336. {0x50, 0x51, 0x52, 0x53, 0x54, 0x55, 0x56, 0x57,
  12337. 0x58, 0x59, 0x5a, 0x5b, 0x5c, 0x5d, 0x5e, 0x5f}, 16,
  12338. /* aad, aad length */
  12339. {0}, 0,
  12340. /* msg, msg length */
  12341. {0x20, 0x21, 0x22, 0x23, 0x24, 0x25, 0x26, 0x27,
  12342. 0x28, 0x29, 0x2a, 0x2b, 0x2c, 0x2d, 0x2e, 0x2f}, 16,
  12343. /* ct , ct length */
  12344. {0x29, 0xa0, 0x91, 0x4f, 0xec, 0x4b, 0xef, 0x54,
  12345. 0xba, 0xbf, 0x66, 0x13, 0xa9, 0xf9, 0xcd, 0x70}, 16,
  12346. /* tag, tag length */
  12347. {0xe7, 0x0e, 0x7c, 0x50, 0x13, 0xa6, 0xdb, 0xf2,
  12348. 0x52, 0x98, 0xb1, 0x92, 0x9b, 0xc3, 0x56, 0xa7}, 16,
  12349. /* valid */
  12350. 0,
  12351. },
  12352. };
  12353. WOLFSSL_SMALL_STACK_STATIC byte ciphertext[sizeof(vectors[0].ct)];
  12354. WOLFSSL_SMALL_STACK_STATIC byte authtag[sizeof(vectors[0].tag)];
  12355. wc_test_ret_t ret;
  12356. int i;
  12357. int len;
  12358. for (i = 0; i < (int)(sizeof(vectors)/sizeof(vectors[0])); i++) {
  12359. XMEMSET(ciphertext, 0, sizeof(ciphertext));
  12360. len = sizeof(authtag);
  12361. ret = wc_AesEaxEncryptAuth(vectors[i].key, vectors[i].key_length,
  12362. ciphertext,
  12363. vectors[i].msg, vectors[i].msg_length,
  12364. vectors[i].iv, vectors[i].iv_length,
  12365. authtag, len,
  12366. vectors[i].aad, vectors[i].aad_length);
  12367. if (ret != 0) {
  12368. return WC_TEST_RET_ENC_EC(ret);
  12369. }
  12370. /* check ciphertext matches vector */
  12371. if (XMEMCMP(ciphertext, vectors[i].ct, vectors[i].ct_length)) {
  12372. return WC_TEST_RET_ENC_NC;
  12373. }
  12374. /* check that tag matches vector only for vectors marked as valid */
  12375. ret = XMEMCMP(authtag, vectors[i].tag, len);
  12376. if (vectors[i].valid == 1 && ret != 0 ) {
  12377. return WC_TEST_RET_ENC_NC;
  12378. }
  12379. else if (vectors[i].valid == 0 && ret == 0) {
  12380. return WC_TEST_RET_ENC_NC;
  12381. }
  12382. XMEMSET(ciphertext, 0, sizeof(ciphertext));
  12383. ret = wc_AesEaxDecryptAuth(vectors[i].key, vectors[i].key_length,
  12384. ciphertext,
  12385. vectors[i].ct, vectors[i].ct_length,
  12386. vectors[i].iv, vectors[i].iv_length,
  12387. authtag, len,
  12388. vectors[i].aad, vectors[i].aad_length);
  12389. if (ret != 0) {
  12390. return WC_TEST_RET_ENC_EC(ret);
  12391. }
  12392. /* check decrypted ciphertext matches vector plaintext */
  12393. if (XMEMCMP(ciphertext, vectors[i].msg, vectors[i].msg_length)) {
  12394. return WC_TEST_RET_ENC_NC;
  12395. }
  12396. }
  12397. return 0;
  12398. }
  12399. #endif /* WOLFSSL_AES_EAX */
  12400. #ifdef HAVE_AES_KEYWRAP
  12401. #define MAX_KEYWRAP_TEST_OUTLEN 40
  12402. #define MAX_KEYWRAP_TEST_PLAINLEN 32
  12403. typedef struct keywrapVector {
  12404. const byte* kek;
  12405. const byte* data;
  12406. const byte* verify;
  12407. word32 kekLen;
  12408. word32 dataLen;
  12409. word32 verifyLen;
  12410. } keywrapVector;
  12411. WOLFSSL_TEST_SUBROUTINE wc_test_ret_t aeskeywrap_test(void)
  12412. {
  12413. int wrapSz, plainSz, testSz, i;
  12414. /* test vectors from RFC 3394 (kek, data, verify) */
  12415. #ifdef WOLFSSL_AES_128
  12416. /* Wrap 128 bits of Key Data with a 128-bit KEK */
  12417. WOLFSSL_SMALL_STACK_STATIC const byte k1[] = {
  12418. 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
  12419. 0x08, 0x09, 0x0A, 0x0B, 0x0C, 0x0D, 0x0E, 0x0F
  12420. };
  12421. WOLFSSL_SMALL_STACK_STATIC const byte d1[] = {
  12422. 0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77,
  12423. 0x88, 0x99, 0xAA, 0xBB, 0xCC, 0xDD, 0xEE, 0xFF
  12424. };
  12425. WOLFSSL_SMALL_STACK_STATIC const byte v1[] = {
  12426. 0x1F, 0xA6, 0x8B, 0x0A, 0x81, 0x12, 0xB4, 0x47,
  12427. 0xAE, 0xF3, 0x4B, 0xD8, 0xFB, 0x5A, 0x7B, 0x82,
  12428. 0x9D, 0x3E, 0x86, 0x23, 0x71, 0xD2, 0xCF, 0xE5
  12429. };
  12430. #endif /* WOLFSSL_AES_128 */
  12431. #ifdef WOLFSSL_AES_192
  12432. /* Wrap 128 bits of Key Data with a 192-bit KEK */
  12433. WOLFSSL_SMALL_STACK_STATIC const byte k2[] = {
  12434. 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
  12435. 0x08, 0x09, 0x0A, 0x0B, 0x0C, 0x0D, 0x0E, 0x0F,
  12436. 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17
  12437. };
  12438. WOLFSSL_SMALL_STACK_STATIC const byte d2[] = {
  12439. 0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77,
  12440. 0x88, 0x99, 0xAA, 0xBB, 0xCC, 0xDD, 0xEE, 0xFF
  12441. };
  12442. WOLFSSL_SMALL_STACK_STATIC const byte v2[] = {
  12443. 0x96, 0x77, 0x8B, 0x25, 0xAE, 0x6C, 0xA4, 0x35,
  12444. 0xF9, 0x2B, 0x5B, 0x97, 0xC0, 0x50, 0xAE, 0xD2,
  12445. 0x46, 0x8A, 0xB8, 0xA1, 0x7A, 0xD8, 0x4E, 0x5D
  12446. };
  12447. #endif
  12448. #ifdef WOLFSSL_AES_256
  12449. /* Wrap 128 bits of Key Data with a 256-bit KEK */
  12450. WOLFSSL_SMALL_STACK_STATIC const byte k3[] = {
  12451. 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
  12452. 0x08, 0x09, 0x0A, 0x0B, 0x0C, 0x0D, 0x0E, 0x0F,
  12453. 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17,
  12454. 0x18, 0x19, 0x1A, 0x1B, 0x1C, 0x1D, 0x1E, 0x1F
  12455. };
  12456. WOLFSSL_SMALL_STACK_STATIC const byte d3[] = {
  12457. 0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77,
  12458. 0x88, 0x99, 0xAA, 0xBB, 0xCC, 0xDD, 0xEE, 0xFF
  12459. };
  12460. WOLFSSL_SMALL_STACK_STATIC const byte v3[] = {
  12461. 0x64, 0xE8, 0xC3, 0xF9, 0xCE, 0x0F, 0x5B, 0xA2,
  12462. 0x63, 0xE9, 0x77, 0x79, 0x05, 0x81, 0x8A, 0x2A,
  12463. 0x93, 0xC8, 0x19, 0x1E, 0x7D, 0x6E, 0x8A, 0xE7
  12464. };
  12465. #endif
  12466. #ifdef WOLFSSL_AES_192
  12467. /* Wrap 192 bits of Key Data with a 192-bit KEK */
  12468. WOLFSSL_SMALL_STACK_STATIC const byte k4[] = {
  12469. 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
  12470. 0x08, 0x09, 0x0A, 0x0B, 0x0C, 0x0D, 0x0E, 0x0F,
  12471. 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17
  12472. };
  12473. WOLFSSL_SMALL_STACK_STATIC const byte d4[] = {
  12474. 0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77,
  12475. 0x88, 0x99, 0xAA, 0xBB, 0xCC, 0xDD, 0xEE, 0xFF,
  12476. 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07
  12477. };
  12478. WOLFSSL_SMALL_STACK_STATIC const byte v4[] = {
  12479. 0x03, 0x1D, 0x33, 0x26, 0x4E, 0x15, 0xD3, 0x32,
  12480. 0x68, 0xF2, 0x4E, 0xC2, 0x60, 0x74, 0x3E, 0xDC,
  12481. 0xE1, 0xC6, 0xC7, 0xDD, 0xEE, 0x72, 0x5A, 0x93,
  12482. 0x6B, 0xA8, 0x14, 0x91, 0x5C, 0x67, 0x62, 0xD2
  12483. };
  12484. #endif
  12485. #ifdef WOLFSSL_AES_256
  12486. /* Wrap 192 bits of Key Data with a 256-bit KEK */
  12487. WOLFSSL_SMALL_STACK_STATIC const byte k5[] = {
  12488. 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
  12489. 0x08, 0x09, 0x0A, 0x0B, 0x0C, 0x0D, 0x0E, 0x0F,
  12490. 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17,
  12491. 0x18, 0x19, 0x1A, 0x1B, 0x1C, 0x1D, 0x1E, 0x1F
  12492. };
  12493. WOLFSSL_SMALL_STACK_STATIC const byte d5[] = {
  12494. 0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77,
  12495. 0x88, 0x99, 0xAA, 0xBB, 0xCC, 0xDD, 0xEE, 0xFF,
  12496. 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07
  12497. };
  12498. WOLFSSL_SMALL_STACK_STATIC const byte v5[] = {
  12499. 0xA8, 0xF9, 0xBC, 0x16, 0x12, 0xC6, 0x8B, 0x3F,
  12500. 0xF6, 0xE6, 0xF4, 0xFB, 0xE3, 0x0E, 0x71, 0xE4,
  12501. 0x76, 0x9C, 0x8B, 0x80, 0xA3, 0x2C, 0xB8, 0x95,
  12502. 0x8C, 0xD5, 0xD1, 0x7D, 0x6B, 0x25, 0x4D, 0xA1
  12503. };
  12504. /* Wrap 256 bits of Key Data with a 256-bit KEK */
  12505. WOLFSSL_SMALL_STACK_STATIC const byte k6[] = {
  12506. 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
  12507. 0x08, 0x09, 0x0A, 0x0B, 0x0C, 0x0D, 0x0E, 0x0F,
  12508. 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17,
  12509. 0x18, 0x19, 0x1A, 0x1B, 0x1C, 0x1D, 0x1E, 0x1F
  12510. };
  12511. WOLFSSL_SMALL_STACK_STATIC const byte d6[] = {
  12512. 0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77,
  12513. 0x88, 0x99, 0xAA, 0xBB, 0xCC, 0xDD, 0xEE, 0xFF,
  12514. 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
  12515. 0x08, 0x09, 0x0A, 0x0B, 0x0C, 0x0D, 0x0E, 0x0F
  12516. };
  12517. WOLFSSL_SMALL_STACK_STATIC const byte v6[] = {
  12518. 0x28, 0xC9, 0xF4, 0x04, 0xC4, 0xB8, 0x10, 0xF4,
  12519. 0xCB, 0xCC, 0xB3, 0x5C, 0xFB, 0x87, 0xF8, 0x26,
  12520. 0x3F, 0x57, 0x86, 0xE2, 0xD8, 0x0E, 0xD3, 0x26,
  12521. 0xCB, 0xC7, 0xF0, 0xE7, 0x1A, 0x99, 0xF4, 0x3B,
  12522. 0xFB, 0x98, 0x8B, 0x9B, 0x7A, 0x02, 0xDD, 0x21
  12523. };
  12524. #endif /* WOLFSSL_AES_256 */
  12525. byte output[MAX_KEYWRAP_TEST_OUTLEN];
  12526. byte plain [MAX_KEYWRAP_TEST_PLAINLEN];
  12527. const keywrapVector test_wrap[] =
  12528. {
  12529. #ifdef WOLFSSL_AES_128
  12530. {k1, d1, v1, sizeof(k1), sizeof(d1), sizeof(v1)},
  12531. #endif
  12532. #ifdef WOLFSSL_AES_192
  12533. {k2, d2, v2, sizeof(k2), sizeof(d2), sizeof(v2)},
  12534. #endif
  12535. #ifdef WOLFSSL_AES_256
  12536. {k3, d3, v3, sizeof(k3), sizeof(d3), sizeof(v3)},
  12537. #endif
  12538. #ifdef WOLFSSL_AES_192
  12539. {k4, d4, v4, sizeof(k4), sizeof(d4), sizeof(v4)},
  12540. #endif
  12541. #ifdef WOLFSSL_AES_256
  12542. {k5, d5, v5, sizeof(k5), sizeof(d5), sizeof(v5)},
  12543. {k6, d6, v6, sizeof(k6), sizeof(d6), sizeof(v6)}
  12544. #endif
  12545. };
  12546. testSz = sizeof(test_wrap) / sizeof(keywrapVector);
  12547. XMEMSET(output, 0, sizeof(output));
  12548. XMEMSET(plain, 0, sizeof(plain));
  12549. for (i = 0; i < testSz; i++) {
  12550. wrapSz = wc_AesKeyWrap(test_wrap[i].kek, test_wrap[i].kekLen,
  12551. test_wrap[i].data, test_wrap[i].dataLen,
  12552. output, sizeof(output), NULL);
  12553. if ( (wrapSz < 0) || (wrapSz != (int)test_wrap[i].verifyLen) )
  12554. return WC_TEST_RET_ENC_NC;
  12555. if (XMEMCMP(output, test_wrap[i].verify, test_wrap[i].verifyLen) != 0)
  12556. return WC_TEST_RET_ENC_NC;
  12557. plainSz = wc_AesKeyUnWrap((byte*)test_wrap[i].kek, test_wrap[i].kekLen,
  12558. output, wrapSz,
  12559. plain, sizeof(plain), NULL);
  12560. if ( (plainSz < 0) || (plainSz != (int)test_wrap[i].dataLen) )
  12561. return WC_TEST_RET_ENC_NC;
  12562. if (XMEMCMP(plain, test_wrap[i].data, test_wrap[i].dataLen) != 0)
  12563. return WC_TEST_RET_ENC_I(i);
  12564. }
  12565. return 0;
  12566. }
  12567. #endif /* HAVE_AES_KEYWRAP */
  12568. #endif /* NO_AES */
  12569. #ifdef HAVE_ARIA
  12570. void printOutput(const char *strName, unsigned char *data, unsigned int dataSz)
  12571. {
  12572. #ifndef DEBUG_WOLFSSL
  12573. (void)strName;
  12574. (void)data;
  12575. (void)dataSz;
  12576. #else
  12577. WOLFSSL_MSG_EX("%s (%d):", strName,dataSz);
  12578. WOLFSSL_BUFFER(data,dataSz);
  12579. #endif
  12580. }
  12581. WOLFSSL_TEST_SUBROUTINE int ariagcm_test(MC_ALGID algo)
  12582. {
  12583. int ret = 0;
  12584. byte data[] = TEST_STRING;
  12585. word32 dataSz = TEST_STRING_SZ;
  12586. /* Arbitrarily random long key that we will truncate to the right size */
  12587. byte key[] = { 0x1E, 0xCC, 0x95, 0xCB, 0xD3, 0x74, 0x58, 0x4F,
  12588. 0x6F, 0x8A, 0x70, 0x26, 0xF7, 0x3C, 0x8D, 0xB6,
  12589. 0xDC, 0x32, 0x76, 0x20, 0xCF, 0x05, 0x4A, 0xCF,
  12590. 0x11, 0x86, 0xCD, 0x23, 0x5E, 0xC1, 0x6E, 0x2B };
  12591. byte cipher[2*TEST_STRING_SZ], plain[TEST_STRING_SZ], ad[256], authTag[AES_BLOCK_SIZE];
  12592. word32 keySz, adSz = 256, authTagSz = sizeof(authTag);
  12593. wc_Aria aria;
  12594. XMEMSET((void *)&aria, 0, sizeof(aria));
  12595. ret = wc_AriaInitCrypt(&aria, algo);
  12596. if (ret != 0) { ERROR_OUT(WC_TEST_RET_ENC_EC(ret),out); }
  12597. ret = wc_AriaSetKey(&aria, key);
  12598. if (ret != 0) { ERROR_OUT(WC_TEST_RET_ENC_EC(ret),out); }
  12599. MC_GetObjectValue(aria.hSession, aria.hKey, key, &keySz);
  12600. printOutput("Key", key, keySz);
  12601. WC_RNG rng;
  12602. ret = wc_InitRng_ex(&rng, HEAP_HINT, devId);
  12603. if (ret != 0)
  12604. ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
  12605. ret = wc_AriaGcmSetIV(&aria, GCM_NONCE_MID_SZ, NULL, 0, &rng);
  12606. if (ret != 0)
  12607. ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
  12608. wc_FreeRng(&rng);
  12609. printOutput("Plaintext", data, sizeof(data));
  12610. XMEMSET(cipher, 0, sizeof(cipher));
  12611. ret = wc_AriaEncrypt(&aria, cipher, data, dataSz,
  12612. (byte *)aria.nonce, aria.nonceSz, ad, adSz,
  12613. authTag, authTagSz);
  12614. if (ret != 0) { ERROR_OUT(WC_TEST_RET_ENC_EC(ret),out); }
  12615. printOutput("Ciphertext", cipher, sizeof(cipher));
  12616. printOutput("AuthTag", authTag, sizeof(authTag));
  12617. XMEMSET(plain, 0, sizeof(plain));
  12618. ret = wc_AriaDecrypt(&aria, plain, cipher, dataSz,
  12619. (byte *)aria.nonce, aria.nonceSz, ad, adSz,
  12620. authTag, authTagSz);
  12621. if (ret != 0) { ERROR_OUT(WC_TEST_RET_ENC_EC(ret),out); }
  12622. printOutput("Plaintext", plain, sizeof(plain));
  12623. if (XMEMCMP(plain, data, dataSz) != 0)
  12624. ERROR_OUT(WC_TEST_RET_ENC_NC,out);
  12625. out:
  12626. if (ret != 0) { wc_AriaFreeCrypt(&aria); }
  12627. else { ret = wc_AriaFreeCrypt(&aria); }
  12628. return ret;
  12629. }
  12630. #endif /* HAVE_ARIA */
  12631. #ifdef HAVE_CAMELLIA
  12632. enum {
  12633. CAM_ECB_ENC, CAM_ECB_DEC, CAM_CBC_ENC, CAM_CBC_DEC
  12634. };
  12635. typedef struct {
  12636. int type;
  12637. const byte* plaintext;
  12638. const byte* iv;
  12639. const byte* ciphertext;
  12640. const byte* key;
  12641. word32 keySz;
  12642. int errorCode;
  12643. } test_vector_t;
  12644. WOLFSSL_TEST_SUBROUTINE wc_test_ret_t camellia_test(void)
  12645. {
  12646. /* Camellia ECB Test Plaintext */
  12647. WOLFSSL_SMALL_STACK_STATIC const byte pte[] =
  12648. {
  12649. 0x01, 0x23, 0x45, 0x67, 0x89, 0xab, 0xcd, 0xef,
  12650. 0xfe, 0xdc, 0xba, 0x98, 0x76, 0x54, 0x32, 0x10
  12651. };
  12652. /* Camellia ECB Test Initialization Vector */
  12653. WOLFSSL_SMALL_STACK_STATIC const byte ive[] = {0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0};
  12654. /* Test 1: Camellia ECB 128-bit key */
  12655. WOLFSSL_SMALL_STACK_STATIC const byte k1[] =
  12656. {
  12657. 0x01, 0x23, 0x45, 0x67, 0x89, 0xab, 0xcd, 0xef,
  12658. 0xfe, 0xdc, 0xba, 0x98, 0x76, 0x54, 0x32, 0x10
  12659. };
  12660. WOLFSSL_SMALL_STACK_STATIC const byte c1[] =
  12661. {
  12662. 0x67, 0x67, 0x31, 0x38, 0x54, 0x96, 0x69, 0x73,
  12663. 0x08, 0x57, 0x06, 0x56, 0x48, 0xea, 0xbe, 0x43
  12664. };
  12665. /* Test 2: Camellia ECB 192-bit key */
  12666. WOLFSSL_SMALL_STACK_STATIC const byte k2[] =
  12667. {
  12668. 0x01, 0x23, 0x45, 0x67, 0x89, 0xab, 0xcd, 0xef,
  12669. 0xfe, 0xdc, 0xba, 0x98, 0x76, 0x54, 0x32, 0x10,
  12670. 0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77
  12671. };
  12672. WOLFSSL_SMALL_STACK_STATIC const byte c2[] =
  12673. {
  12674. 0xb4, 0x99, 0x34, 0x01, 0xb3, 0xe9, 0x96, 0xf8,
  12675. 0x4e, 0xe5, 0xce, 0xe7, 0xd7, 0x9b, 0x09, 0xb9
  12676. };
  12677. /* Test 3: Camellia ECB 256-bit key */
  12678. WOLFSSL_SMALL_STACK_STATIC const byte k3[] =
  12679. {
  12680. 0x01, 0x23, 0x45, 0x67, 0x89, 0xab, 0xcd, 0xef,
  12681. 0xfe, 0xdc, 0xba, 0x98, 0x76, 0x54, 0x32, 0x10,
  12682. 0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77,
  12683. 0x88, 0x99, 0xaa, 0xbb, 0xcc, 0xdd, 0xee, 0xff
  12684. };
  12685. WOLFSSL_SMALL_STACK_STATIC const byte c3[] =
  12686. {
  12687. 0x9a, 0xcc, 0x23, 0x7d, 0xff, 0x16, 0xd7, 0x6c,
  12688. 0x20, 0xef, 0x7c, 0x91, 0x9e, 0x3a, 0x75, 0x09
  12689. };
  12690. /* Camellia CBC Test Plaintext */
  12691. WOLFSSL_SMALL_STACK_STATIC const byte ptc[] =
  12692. {
  12693. 0x6B, 0xC1, 0xBE, 0xE2, 0x2E, 0x40, 0x9F, 0x96,
  12694. 0xE9, 0x3D, 0x7E, 0x11, 0x73, 0x93, 0x17, 0x2A
  12695. };
  12696. /* Camellia CBC Test Initialization Vector */
  12697. WOLFSSL_SMALL_STACK_STATIC const byte ivc[] =
  12698. {
  12699. 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
  12700. 0x08, 0x09, 0x0A, 0x0B, 0x0C, 0x0D, 0x0E, 0x0F
  12701. };
  12702. /* Test 4: Camellia-CBC 128-bit key */
  12703. WOLFSSL_SMALL_STACK_STATIC const byte k4[] =
  12704. {
  12705. 0x2B, 0x7E, 0x15, 0x16, 0x28, 0xAE, 0xD2, 0xA6,
  12706. 0xAB, 0xF7, 0x15, 0x88, 0x09, 0xCF, 0x4F, 0x3C
  12707. };
  12708. WOLFSSL_SMALL_STACK_STATIC const byte c4[] =
  12709. {
  12710. 0x16, 0x07, 0xCF, 0x49, 0x4B, 0x36, 0xBB, 0xF0,
  12711. 0x0D, 0xAE, 0xB0, 0xB5, 0x03, 0xC8, 0x31, 0xAB
  12712. };
  12713. /* Test 5: Camellia-CBC 192-bit key */
  12714. WOLFSSL_SMALL_STACK_STATIC const byte k5[] =
  12715. {
  12716. 0x8E, 0x73, 0xB0, 0xF7, 0xDA, 0x0E, 0x64, 0x52,
  12717. 0xC8, 0x10, 0xF3, 0x2B, 0x80, 0x90, 0x79, 0xE5,
  12718. 0x62, 0xF8, 0xEA, 0xD2, 0x52, 0x2C, 0x6B, 0x7B
  12719. };
  12720. WOLFSSL_SMALL_STACK_STATIC const byte c5[] =
  12721. {
  12722. 0x2A, 0x48, 0x30, 0xAB, 0x5A, 0xC4, 0xA1, 0xA2,
  12723. 0x40, 0x59, 0x55, 0xFD, 0x21, 0x95, 0xCF, 0x93
  12724. };
  12725. /* Test 6: CBC 256-bit key */
  12726. WOLFSSL_SMALL_STACK_STATIC const byte k6[] =
  12727. {
  12728. 0x60, 0x3D, 0xEB, 0x10, 0x15, 0xCA, 0x71, 0xBE,
  12729. 0x2B, 0x73, 0xAE, 0xF0, 0x85, 0x7D, 0x77, 0x81,
  12730. 0x1F, 0x35, 0x2C, 0x07, 0x3B, 0x61, 0x08, 0xD7,
  12731. 0x2D, 0x98, 0x10, 0xA3, 0x09, 0x14, 0xDF, 0xF4
  12732. };
  12733. WOLFSSL_SMALL_STACK_STATIC const byte c6[] =
  12734. {
  12735. 0xE6, 0xCF, 0xA3, 0x5F, 0xC0, 0x2B, 0x13, 0x4A,
  12736. 0x4D, 0x2C, 0x0B, 0x67, 0x37, 0xAC, 0x3E, 0xDA
  12737. };
  12738. byte out[CAMELLIA_BLOCK_SIZE];
  12739. Camellia cam;
  12740. int i, testsSz, ret;
  12741. WOLFSSL_SMALL_STACK_STATIC const test_vector_t testVectors[] =
  12742. {
  12743. {CAM_ECB_ENC, pte, ive, c1, k1, sizeof(k1), -114},
  12744. {CAM_ECB_ENC, pte, ive, c2, k2, sizeof(k2), -115},
  12745. {CAM_ECB_ENC, pte, ive, c3, k3, sizeof(k3), -116},
  12746. {CAM_ECB_DEC, pte, ive, c1, k1, sizeof(k1), -117},
  12747. {CAM_ECB_DEC, pte, ive, c2, k2, sizeof(k2), -118},
  12748. {CAM_ECB_DEC, pte, ive, c3, k3, sizeof(k3), -119},
  12749. {CAM_CBC_ENC, ptc, ivc, c4, k4, sizeof(k4), -120},
  12750. {CAM_CBC_ENC, ptc, ivc, c5, k5, sizeof(k5), -121},
  12751. {CAM_CBC_ENC, ptc, ivc, c6, k6, sizeof(k6), -122},
  12752. {CAM_CBC_DEC, ptc, ivc, c4, k4, sizeof(k4), -123},
  12753. {CAM_CBC_DEC, ptc, ivc, c5, k5, sizeof(k5), -124},
  12754. {CAM_CBC_DEC, ptc, ivc, c6, k6, sizeof(k6), -125}
  12755. };
  12756. testsSz = sizeof(testVectors)/sizeof(test_vector_t);
  12757. for (i = 0; i < testsSz; i++) {
  12758. if (wc_CamelliaSetKey(&cam, testVectors[i].key, testVectors[i].keySz,
  12759. testVectors[i].iv) != 0)
  12760. return testVectors[i].errorCode;
  12761. switch (testVectors[i].type) {
  12762. case CAM_ECB_ENC:
  12763. ret = wc_CamelliaEncryptDirect(&cam, out,
  12764. testVectors[i].plaintext);
  12765. if (ret != 0 || XMEMCMP(out, testVectors[i].ciphertext,
  12766. CAMELLIA_BLOCK_SIZE))
  12767. return testVectors[i].errorCode;
  12768. break;
  12769. case CAM_ECB_DEC:
  12770. ret = wc_CamelliaDecryptDirect(&cam, out,
  12771. testVectors[i].ciphertext);
  12772. if (ret != 0 || XMEMCMP(out, testVectors[i].plaintext,
  12773. CAMELLIA_BLOCK_SIZE))
  12774. return testVectors[i].errorCode;
  12775. break;
  12776. case CAM_CBC_ENC:
  12777. ret = wc_CamelliaCbcEncrypt(&cam, out, testVectors[i].plaintext,
  12778. CAMELLIA_BLOCK_SIZE);
  12779. if (ret != 0 || XMEMCMP(out, testVectors[i].ciphertext,
  12780. CAMELLIA_BLOCK_SIZE))
  12781. return testVectors[i].errorCode;
  12782. break;
  12783. case CAM_CBC_DEC:
  12784. ret = wc_CamelliaCbcDecrypt(&cam, out,
  12785. testVectors[i].ciphertext, CAMELLIA_BLOCK_SIZE);
  12786. if (ret != 0 || XMEMCMP(out, testVectors[i].plaintext,
  12787. CAMELLIA_BLOCK_SIZE))
  12788. return testVectors[i].errorCode;
  12789. break;
  12790. default:
  12791. break;
  12792. }
  12793. }
  12794. /* Setting the IV and checking it was actually set. */
  12795. ret = wc_CamelliaSetIV(&cam, ivc);
  12796. if (ret != 0)
  12797. return WC_TEST_RET_ENC_EC(ret);
  12798. if (XMEMCMP(cam.reg, ivc, CAMELLIA_BLOCK_SIZE) != 0)
  12799. return WC_TEST_RET_ENC_NC;
  12800. /* Setting the IV to NULL should be same as all zeros IV */
  12801. ret = wc_CamelliaSetIV(&cam, NULL);
  12802. if (ret != 0)
  12803. return WC_TEST_RET_ENC_EC(ret);
  12804. if (XMEMCMP(cam.reg, ive, CAMELLIA_BLOCK_SIZE) != 0)
  12805. return WC_TEST_RET_ENC_NC;
  12806. /* First parameter should never be null */
  12807. if (wc_CamelliaSetIV(NULL, NULL) == 0)
  12808. return WC_TEST_RET_ENC_NC;
  12809. /* First parameter should never be null, check it fails */
  12810. if (wc_CamelliaSetKey(NULL, k1, sizeof(k1), NULL) == 0)
  12811. return WC_TEST_RET_ENC_NC;
  12812. /* Key should have a size of 16, 24, or 32 */
  12813. if (wc_CamelliaSetKey(&cam, k1, 0, NULL) == 0)
  12814. return WC_TEST_RET_ENC_NC;
  12815. return 0;
  12816. }
  12817. #endif /* HAVE_CAMELLIA */
  12818. #ifdef WOLFSSL_SM4
  12819. #ifdef WOLFSSL_SM4_ECB
  12820. static int sm4_ecb_test(void)
  12821. {
  12822. /* draft-ribose-cfrg-sm4-10 A.2.1.1 */
  12823. WOLFSSL_SMALL_STACK_STATIC const byte k1[] = {
  12824. 0x01, 0x23, 0x45, 0x67, 0x89, 0xAB, 0xCD, 0xEF,
  12825. 0xFE, 0xDC, 0xBA, 0x98, 0x76, 0x54, 0x32, 0x10
  12826. };
  12827. WOLFSSL_SMALL_STACK_STATIC const byte p1[] = {
  12828. 0xAA, 0xAA, 0xAA, 0xAA, 0xBB, 0xBB, 0xBB, 0xBB,
  12829. 0xCC, 0xCC, 0xCC, 0xCC, 0xDD, 0xDD, 0xDD, 0xDD,
  12830. 0xEE, 0xEE, 0xEE, 0xEE, 0xFF, 0xFF, 0xFF, 0xFF,
  12831. 0xAA, 0xAA, 0xAA, 0xAA, 0xBB, 0xBB, 0xBB, 0xBB
  12832. };
  12833. WOLFSSL_SMALL_STACK_STATIC const byte c1_ecb[] = {
  12834. 0x5E, 0xC8, 0x14, 0x3D, 0xE5, 0x09, 0xCF, 0xF7,
  12835. 0xB5, 0x17, 0x9F, 0x8F, 0x47, 0x4B, 0x86, 0x19,
  12836. 0x2F, 0x1D, 0x30, 0x5A, 0x7F, 0xB1, 0x7D, 0xF9,
  12837. 0x85, 0xF8, 0x1C, 0x84, 0x82, 0x19, 0x23, 0x04
  12838. };
  12839. wc_Sm4 sm4;
  12840. byte enc[SM4_BLOCK_SIZE * 4];
  12841. byte dec[SM4_BLOCK_SIZE * 4];
  12842. int ret;
  12843. ret = wc_Sm4Init(&sm4, NULL, INVALID_DEVID);
  12844. if (ret != 0)
  12845. return WC_TEST_RET_ENC_EC(ret);
  12846. /* Encrypt and decrypt with ECB. */
  12847. ret = wc_Sm4SetKey(&sm4, k1, sizeof(k1));
  12848. if (ret != 0)
  12849. return WC_TEST_RET_ENC_EC(ret);
  12850. ret = wc_Sm4EcbEncrypt(&sm4, enc, p1, sizeof(p1));
  12851. if (ret != 0)
  12852. return WC_TEST_RET_ENC_EC(ret);
  12853. if (XMEMCMP(enc, c1_ecb, sizeof(c1_ecb)) != 0)
  12854. return WC_TEST_RET_ENC_NC;
  12855. ret = wc_Sm4EcbDecrypt(&sm4, dec, enc, sizeof(c1_ecb));
  12856. if (ret != 0)
  12857. return WC_TEST_RET_ENC_EC(ret);
  12858. if (XMEMCMP(dec, p1, sizeof(p1)) != 0)
  12859. return WC_TEST_RET_ENC_NC;
  12860. wc_Sm4Free(&sm4);
  12861. return 0;
  12862. }
  12863. #endif
  12864. #ifdef WOLFSSL_SM4_CBC
  12865. static int sm4_cbc_test(void)
  12866. {
  12867. /* draft-ribose-cfrg-sm4-10 A.2.2.1 */
  12868. WOLFSSL_SMALL_STACK_STATIC const byte k1[] = {
  12869. 0x01, 0x23, 0x45, 0x67, 0x89, 0xAB, 0xCD, 0xEF,
  12870. 0xFE, 0xDC, 0xBA, 0x98, 0x76, 0x54, 0x32, 0x10
  12871. };
  12872. WOLFSSL_SMALL_STACK_STATIC const byte p1[] = {
  12873. 0xAA, 0xAA, 0xAA, 0xAA, 0xBB, 0xBB, 0xBB, 0xBB,
  12874. 0xCC, 0xCC, 0xCC, 0xCC, 0xDD, 0xDD, 0xDD, 0xDD,
  12875. 0xEE, 0xEE, 0xEE, 0xEE, 0xFF, 0xFF, 0xFF, 0xFF,
  12876. 0xAA, 0xAA, 0xAA, 0xAA, 0xBB, 0xBB, 0xBB, 0xBB
  12877. };
  12878. WOLFSSL_SMALL_STACK_STATIC const byte i1[] = {
  12879. 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
  12880. 0x08, 0x09, 0x0A, 0x0B, 0x0C, 0x0D, 0x0E, 0x0F
  12881. };
  12882. WOLFSSL_SMALL_STACK_STATIC const byte c1_cbc[] = {
  12883. 0x78, 0xEB, 0xB1, 0x1C, 0xC4, 0x0B, 0x0A, 0x48,
  12884. 0x31, 0x2A, 0xAE, 0xB2, 0x04, 0x02, 0x44, 0xCB,
  12885. 0x4C, 0xB7, 0x01, 0x69, 0x51, 0x90, 0x92, 0x26,
  12886. 0x97, 0x9B, 0x0D, 0x15, 0xDC, 0x6A, 0x8F, 0x6D
  12887. };
  12888. wc_Sm4 sm4;
  12889. byte enc[SM4_BLOCK_SIZE * 4];
  12890. byte dec[SM4_BLOCK_SIZE * 4];
  12891. int ret;
  12892. ret = wc_Sm4Init(&sm4, NULL, INVALID_DEVID);
  12893. if (ret != 0)
  12894. return WC_TEST_RET_ENC_EC(ret);
  12895. /* Encrypt and decrypt with CBC. */
  12896. ret = wc_Sm4SetKey(&sm4, k1, sizeof(k1));
  12897. if (ret != 0)
  12898. return WC_TEST_RET_ENC_EC(ret);
  12899. ret = wc_Sm4SetIV(&sm4, i1);
  12900. if (ret != 0)
  12901. return WC_TEST_RET_ENC_EC(ret);
  12902. ret = wc_Sm4CbcEncrypt(&sm4, enc, p1, sizeof(p1));
  12903. if (ret != 0)
  12904. return WC_TEST_RET_ENC_EC(ret);
  12905. if (XMEMCMP(enc, c1_cbc, sizeof(c1_cbc)) != 0)
  12906. return WC_TEST_RET_ENC_NC;
  12907. ret = wc_Sm4SetIV(&sm4, i1);
  12908. if (ret != 0)
  12909. return WC_TEST_RET_ENC_EC(ret);
  12910. ret = wc_Sm4CbcDecrypt(&sm4, dec, enc, sizeof(c1_cbc));
  12911. if (ret != 0)
  12912. return WC_TEST_RET_ENC_EC(ret);
  12913. if (XMEMCMP(dec, p1, sizeof(p1)) != 0)
  12914. return WC_TEST_RET_ENC_NC;
  12915. /* Encrypt and decrypt in-place with CBC. */
  12916. ret = wc_Sm4SetKey(&sm4, k1, sizeof(k1));
  12917. if (ret != 0)
  12918. return WC_TEST_RET_ENC_EC(ret);
  12919. ret = wc_Sm4SetIV(&sm4, i1);
  12920. if (ret != 0)
  12921. return WC_TEST_RET_ENC_EC(ret);
  12922. XMEMCPY(enc, p1, sizeof(p1));
  12923. ret = wc_Sm4CbcEncrypt(&sm4, enc, enc, sizeof(p1));
  12924. if (ret != 0)
  12925. return WC_TEST_RET_ENC_EC(ret);
  12926. if (XMEMCMP(enc, c1_cbc, sizeof(c1_cbc)) != 0)
  12927. return WC_TEST_RET_ENC_NC;
  12928. ret = wc_Sm4SetIV(&sm4, i1);
  12929. if (ret != 0)
  12930. return WC_TEST_RET_ENC_EC(ret);
  12931. ret = wc_Sm4CbcDecrypt(&sm4, enc, enc, sizeof(c1_cbc));
  12932. if (ret != 0)
  12933. return WC_TEST_RET_ENC_EC(ret);
  12934. if (XMEMCMP(enc, p1, sizeof(p1)) != 0)
  12935. return WC_TEST_RET_ENC_NC;
  12936. wc_Sm4Free(&sm4);
  12937. return 0;
  12938. }
  12939. #endif
  12940. #ifdef WOLFSSL_SM4_CTR
  12941. static int sm4_ctr_test(void)
  12942. {
  12943. /* draft-ribose-cfrg-sm4-10 A.2.5.1 */
  12944. WOLFSSL_SMALL_STACK_STATIC const byte k1[] = {
  12945. 0x01, 0x23, 0x45, 0x67, 0x89, 0xAB, 0xCD, 0xEF,
  12946. 0xFE, 0xDC, 0xBA, 0x98, 0x76, 0x54, 0x32, 0x10
  12947. };
  12948. WOLFSSL_SMALL_STACK_STATIC const byte i1[] = {
  12949. 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
  12950. 0x08, 0x09, 0x0A, 0x0B, 0x0C, 0x0D, 0x0E, 0x0F
  12951. };
  12952. WOLFSSL_SMALL_STACK_STATIC const byte p2[] = {
  12953. 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA,
  12954. 0xBB, 0xBB, 0xBB, 0xBB, 0xBB, 0xBB, 0xBB, 0xBB,
  12955. 0xCC, 0xCC, 0xCC, 0xCC, 0xCC, 0xCC, 0xCC, 0xCC,
  12956. 0xDD, 0xDD, 0xDD, 0xDD, 0xDD, 0xDD, 0xDD, 0xDD,
  12957. 0xEE, 0xEE, 0xEE, 0xEE, 0xEE, 0xEE, 0xEE, 0xEE,
  12958. 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
  12959. 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA,
  12960. 0xBB, 0xBB, 0xBB, 0xBB, 0xBB, 0xBB, 0xBB, 0xBB
  12961. };
  12962. WOLFSSL_SMALL_STACK_STATIC const byte c2_ctr[] = {
  12963. 0xAC, 0x32, 0x36, 0xCB, 0x97, 0x0C, 0xC2, 0x07,
  12964. 0x91, 0x36, 0x4C, 0x39, 0x5A, 0x13, 0x42, 0xD1,
  12965. 0xA3, 0xCB, 0xC1, 0x87, 0x8C, 0x6F, 0x30, 0xCD,
  12966. 0x07, 0x4C, 0xCE, 0x38, 0x5C, 0xDD, 0x70, 0xC7,
  12967. 0xF2, 0x34, 0xBC, 0x0E, 0x24, 0xC1, 0x19, 0x80,
  12968. 0xFD, 0x12, 0x86, 0x31, 0x0C, 0xE3, 0x7B, 0x92,
  12969. 0x6E, 0x02, 0xFC, 0xD0, 0xFA, 0xA0, 0xBA, 0xF3,
  12970. 0x8B, 0x29, 0x33, 0x85, 0x1D, 0x82, 0x45, 0x14
  12971. };
  12972. wc_Sm4 sm4;
  12973. byte enc[SM4_BLOCK_SIZE * 4];
  12974. byte dec[SM4_BLOCK_SIZE * 4];
  12975. int chunk;
  12976. int i;
  12977. int ret;
  12978. ret = wc_Sm4Init(&sm4, NULL, INVALID_DEVID);
  12979. if (ret != 0)
  12980. return WC_TEST_RET_ENC_EC(ret);
  12981. /* Encrypt and decrypt using encrypt with CTR. */
  12982. ret = wc_Sm4SetKey(&sm4, k1, sizeof(k1));
  12983. if (ret != 0)
  12984. return WC_TEST_RET_ENC_EC(ret);
  12985. ret = wc_Sm4SetIV(&sm4, i1);
  12986. if (ret != 0)
  12987. return WC_TEST_RET_ENC_EC(ret);
  12988. ret = wc_Sm4CtrEncrypt(&sm4, enc, p2, sizeof(p2));
  12989. if (ret != 0)
  12990. return WC_TEST_RET_ENC_EC(ret);
  12991. if (XMEMCMP(enc, c2_ctr, sizeof(c2_ctr)) != 0)
  12992. return WC_TEST_RET_ENC_NC;
  12993. ret = wc_Sm4SetIV(&sm4, i1);
  12994. if (ret != 0)
  12995. return WC_TEST_RET_ENC_EC(ret);
  12996. ret = wc_Sm4CtrEncrypt(&sm4, dec, enc, sizeof(c2_ctr));
  12997. if (ret != 0)
  12998. return WC_TEST_RET_ENC_EC(ret);
  12999. if (XMEMCMP(dec, p2, sizeof(p2)) != 0)
  13000. return WC_TEST_RET_ENC_NC;
  13001. for (chunk = 1; chunk <= SM4_BLOCK_SIZE + 1; chunk++) {
  13002. ret = wc_Sm4SetIV(&sm4, i1);
  13003. if (ret != 0)
  13004. return WC_TEST_RET_ENC_I(chunk);
  13005. XMEMSET(enc, 0, sizeof(enc));
  13006. for (i = 0; i + chunk <= (int)sizeof(p2); i += chunk) {
  13007. ret = wc_Sm4CtrEncrypt(&sm4, enc + i, p2 + i, chunk);
  13008. if (ret != 0)
  13009. return WC_TEST_RET_ENC_I(i);
  13010. }
  13011. if (i < (int)sizeof(p2)) {
  13012. ret = wc_Sm4CtrEncrypt(&sm4, enc + i, p2 + i, sizeof(p2) - i);
  13013. if (ret != 0)
  13014. return WC_TEST_RET_ENC_I(chunk);
  13015. }
  13016. if (XMEMCMP(enc, c2_ctr, sizeof(c2_ctr)) != 0)
  13017. return WC_TEST_RET_ENC_I(chunk);
  13018. }
  13019. wc_Sm4Free(&sm4);
  13020. return 0;
  13021. }
  13022. #endif
  13023. #ifdef WOLFSSL_SM4_GCM
  13024. static int sm4_gcm_test(void)
  13025. {
  13026. WOLFSSL_SMALL_STACK_STATIC const byte k1[] = {
  13027. 0x01, 0x23, 0x45, 0x67, 0x89, 0xAB, 0xCD, 0xEF,
  13028. 0xFE, 0xDC, 0xBA, 0x98, 0x76, 0x54, 0x32, 0x10
  13029. };
  13030. WOLFSSL_SMALL_STACK_STATIC const byte p1[] = {
  13031. 0xAA, 0xAA, 0xAA, 0xAA, 0xBB, 0xBB, 0xBB, 0xBB,
  13032. 0xCC, 0xCC, 0xCC, 0xCC, 0xDD, 0xDD, 0xDD, 0xDD,
  13033. 0xEE, 0xEE, 0xEE, 0xEE, 0xFF, 0xFF, 0xFF, 0xFF,
  13034. 0xAA, 0xAA, 0xAA, 0xAA, 0xBB, 0xBB, 0xBB, 0xBB
  13035. };
  13036. WOLFSSL_SMALL_STACK_STATIC const byte i1[] = {
  13037. 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
  13038. 0x08, 0x09, 0x0A, 0x0B
  13039. };
  13040. WOLFSSL_SMALL_STACK_STATIC const byte a1[] = {
  13041. 0xFF, 0xEE, 0xDD
  13042. };
  13043. WOLFSSL_SMALL_STACK_STATIC const byte tag1[] = {
  13044. 0x83, 0xb2, 0x91, 0xcf, 0x22, 0xc9, 0x5f, 0x89,
  13045. 0xde, 0x3d, 0x52, 0x8d, 0xd7, 0x13, 0x50, 0x89
  13046. };
  13047. WOLFSSL_SMALL_STACK_STATIC const byte c1[] = {
  13048. 0xff, 0x8b, 0xb2, 0x3b, 0x0a, 0x0a, 0x12, 0xa4,
  13049. 0xa8, 0x4c, 0x4f, 0x67, 0x06, 0x81, 0xbb, 0x88,
  13050. 0x66, 0x17, 0xc7, 0x43, 0xbf, 0xae, 0x41, 0x40,
  13051. 0xec, 0x1e, 0x03, 0x85, 0x2b, 0x56, 0xa8, 0xc0
  13052. };
  13053. /* RFC8998 A.1. */
  13054. WOLFSSL_SMALL_STACK_STATIC const byte i2[] = {
  13055. 0x00, 0x00, 0x12, 0x34, 0x56, 0x78, 0x00, 0x00,
  13056. 0x00, 0x00, 0xAB, 0xCD
  13057. };
  13058. WOLFSSL_SMALL_STACK_STATIC const byte k2[] = {
  13059. 0x01, 0x23, 0x45, 0x67, 0x89, 0xAB, 0xCD, 0xEF,
  13060. 0xFE, 0xDC, 0xBA, 0x98, 0x76, 0x54, 0x32, 0x10
  13061. };
  13062. WOLFSSL_SMALL_STACK_STATIC const byte p2[] = {
  13063. 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA,
  13064. 0xBB, 0xBB, 0xBB, 0xBB, 0xBB, 0xBB, 0xBB, 0xBB,
  13065. 0xCC, 0xCC, 0xCC, 0xCC, 0xCC, 0xCC, 0xCC, 0xCC,
  13066. 0xDD, 0xDD, 0xDD, 0xDD, 0xDD, 0xDD, 0xDD, 0xDD,
  13067. 0xEE, 0xEE, 0xEE, 0xEE, 0xEE, 0xEE, 0xEE, 0xEE,
  13068. 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
  13069. 0xEE, 0xEE, 0xEE, 0xEE, 0xEE, 0xEE, 0xEE, 0xEE,
  13070. 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA
  13071. };
  13072. WOLFSSL_SMALL_STACK_STATIC const byte a2[] = {
  13073. 0xFE, 0xED, 0xFA, 0xCE, 0xDE, 0xAD, 0xBE, 0xEF,
  13074. 0xFE, 0xED, 0xFA, 0xCE, 0xDE, 0xAD, 0xBE, 0xEF,
  13075. 0xAB, 0xAD, 0xDA, 0xD2
  13076. };
  13077. WOLFSSL_SMALL_STACK_STATIC const byte c2[] = {
  13078. 0x17, 0xF3, 0x99, 0xF0, 0x8C, 0x67, 0xD5, 0xEE,
  13079. 0x19, 0xD0, 0xDC, 0x99, 0x69, 0xC4, 0xBB, 0x7D,
  13080. 0x5F, 0xD4, 0x6F, 0xD3, 0x75, 0x64, 0x89, 0x06,
  13081. 0x91, 0x57, 0xB2, 0x82, 0xBB, 0x20, 0x07, 0x35,
  13082. 0xD8, 0x27, 0x10, 0xCA, 0x5C, 0x22, 0xF0, 0xCC,
  13083. 0xFA, 0x7C, 0xBF, 0x93, 0xD4, 0x96, 0xAC, 0x15,
  13084. 0xA5, 0x68, 0x34, 0xCB, 0xCF, 0x98, 0xC3, 0x97,
  13085. 0xB4, 0x02, 0x4A, 0x26, 0x91, 0x23, 0x3B, 0x8D
  13086. };
  13087. WOLFSSL_SMALL_STACK_STATIC const byte tag2[] = {
  13088. 0x83, 0xDE, 0x35, 0x41, 0xE4, 0xC2, 0xB5, 0x81,
  13089. 0x77, 0xE0, 0x65, 0xA9, 0xBF, 0x7B, 0x62, 0xEC
  13090. };
  13091. wc_Sm4 sm4;
  13092. byte enc[SM4_BLOCK_SIZE * 4];
  13093. byte dec[SM4_BLOCK_SIZE * 4];
  13094. byte tag[SM4_BLOCK_SIZE];
  13095. int ret;
  13096. ret = wc_Sm4Init(&sm4, NULL, INVALID_DEVID);
  13097. if (ret != 0)
  13098. return WC_TEST_RET_ENC_EC(ret);
  13099. /* Encrypt and decrypt using encrypt with GCM. */
  13100. ret = wc_Sm4GcmSetKey(&sm4, k1, sizeof(k1));
  13101. if (ret != 0)
  13102. return WC_TEST_RET_ENC_EC(ret);
  13103. ret = wc_Sm4GcmEncrypt(&sm4, enc, p1, sizeof(p1), i1, sizeof(i1), tag,
  13104. sizeof(tag), a1, sizeof(a1));
  13105. if (ret != 0)
  13106. return WC_TEST_RET_ENC_EC(ret);
  13107. if (XMEMCMP(enc, c1, sizeof(c1)) != 0)
  13108. return WC_TEST_RET_ENC_NC;
  13109. if (XMEMCMP(tag, tag1, sizeof(tag1)) != 0)
  13110. return WC_TEST_RET_ENC_NC;
  13111. ret = wc_Sm4GcmDecrypt(&sm4, dec, enc, sizeof(c1), i1, sizeof(i1), tag,
  13112. sizeof(tag), a1, sizeof(a1));
  13113. if (ret != 0)
  13114. return WC_TEST_RET_ENC_EC(ret);
  13115. if (XMEMCMP(dec, p1, sizeof(p1)) != 0)
  13116. return WC_TEST_RET_ENC_NC;
  13117. /* RFC8998 test vector. */
  13118. ret = wc_Sm4GcmSetKey(&sm4, k2, sizeof(k2));
  13119. if (ret != 0)
  13120. return WC_TEST_RET_ENC_EC(ret);
  13121. ret = wc_Sm4GcmEncrypt(&sm4, enc, p2, sizeof(p2), i2, sizeof(i2), tag,
  13122. sizeof(tag), a2, sizeof(a2));
  13123. if (ret != 0)
  13124. return WC_TEST_RET_ENC_EC(ret);
  13125. if (XMEMCMP(enc, c2, sizeof(c2)) != 0)
  13126. return WC_TEST_RET_ENC_NC;
  13127. if (XMEMCMP(tag, tag2, sizeof(tag2)) != 0)
  13128. return WC_TEST_RET_ENC_NC;
  13129. ret = wc_Sm4GcmDecrypt(&sm4, dec, enc, sizeof(c2), i2, sizeof(i2), tag,
  13130. sizeof(tag), a2, sizeof(a2));
  13131. if (ret != 0)
  13132. return WC_TEST_RET_ENC_EC(ret);
  13133. if (XMEMCMP(dec, p2, sizeof(p2)) != 0)
  13134. return WC_TEST_RET_ENC_NC;
  13135. wc_Sm4Free(&sm4);
  13136. return 0;
  13137. }
  13138. #endif
  13139. #ifdef WOLFSSL_SM4_CCM
  13140. static int sm4_ccm_test(void)
  13141. {
  13142. WOLFSSL_SMALL_STACK_STATIC const byte k1[] = {
  13143. 0x01, 0x23, 0x45, 0x67, 0x89, 0xAB, 0xCD, 0xEF,
  13144. 0xFE, 0xDC, 0xBA, 0x98, 0x76, 0x54, 0x32, 0x10
  13145. };
  13146. WOLFSSL_SMALL_STACK_STATIC const byte p1[] = {
  13147. 0xAA, 0xAA, 0xAA, 0xAA, 0xBB, 0xBB, 0xBB, 0xBB,
  13148. 0xCC, 0xCC, 0xCC, 0xCC, 0xDD, 0xDD, 0xDD, 0xDD,
  13149. 0xEE, 0xEE, 0xEE, 0xEE, 0xFF, 0xFF, 0xFF, 0xFF,
  13150. 0xAA, 0xAA, 0xAA, 0xAA, 0xBB, 0xBB, 0xBB, 0xBB
  13151. };
  13152. WOLFSSL_SMALL_STACK_STATIC const byte i1[] = {
  13153. 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
  13154. 0x08, 0x09, 0x0A, 0x0B
  13155. };
  13156. WOLFSSL_SMALL_STACK_STATIC const byte a1[] = {
  13157. 0xFF, 0xEE, 0xDD
  13158. };
  13159. WOLFSSL_SMALL_STACK_STATIC const byte tag1[] = {
  13160. 0x9a, 0x98, 0x04, 0xb6, 0x0f, 0x19, 0x4a, 0x46,
  13161. 0xba, 0xed, 0xe6, 0x89, 0x69, 0x34, 0xad, 0x61
  13162. };
  13163. WOLFSSL_SMALL_STACK_STATIC const byte c1[] = {
  13164. 0xbd, 0xc0, 0x72, 0x60, 0xda, 0x2d, 0x11, 0xdc,
  13165. 0x66, 0x33, 0xcc, 0xec, 0xb2, 0xf4, 0x53, 0x59,
  13166. 0x9e, 0xb1, 0xb3, 0x6b, 0x1f, 0x1c, 0xfb, 0x29,
  13167. 0xf5, 0x37, 0xfc, 0x00, 0xf2, 0x4e, 0x70, 0x6f
  13168. };
  13169. /* RFC8998 A.1. */
  13170. WOLFSSL_SMALL_STACK_STATIC const byte i2[] = {
  13171. 0x00, 0x00, 0x12, 0x34, 0x56, 0x78, 0x00, 0x00,
  13172. 0x00, 0x00, 0xAB, 0xCD
  13173. };
  13174. WOLFSSL_SMALL_STACK_STATIC const byte k2[] = {
  13175. 0x01, 0x23, 0x45, 0x67, 0x89, 0xAB, 0xCD, 0xEF,
  13176. 0xFE, 0xDC, 0xBA, 0x98, 0x76, 0x54, 0x32, 0x10
  13177. };
  13178. WOLFSSL_SMALL_STACK_STATIC const byte p2[] = {
  13179. 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA,
  13180. 0xBB, 0xBB, 0xBB, 0xBB, 0xBB, 0xBB, 0xBB, 0xBB,
  13181. 0xCC, 0xCC, 0xCC, 0xCC, 0xCC, 0xCC, 0xCC, 0xCC,
  13182. 0xDD, 0xDD, 0xDD, 0xDD, 0xDD, 0xDD, 0xDD, 0xDD,
  13183. 0xEE, 0xEE, 0xEE, 0xEE, 0xEE, 0xEE, 0xEE, 0xEE,
  13184. 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
  13185. 0xEE, 0xEE, 0xEE, 0xEE, 0xEE, 0xEE, 0xEE, 0xEE,
  13186. 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA
  13187. };
  13188. WOLFSSL_SMALL_STACK_STATIC const byte a2[] = {
  13189. 0xFE, 0xED, 0xFA, 0xCE, 0xDE, 0xAD, 0xBE, 0xEF,
  13190. 0xFE, 0xED, 0xFA, 0xCE, 0xDE, 0xAD, 0xBE, 0xEF,
  13191. 0xAB, 0xAD, 0xDA, 0xD2
  13192. };
  13193. WOLFSSL_SMALL_STACK_STATIC const byte c2[] = {
  13194. 0x48, 0xAF, 0x93, 0x50, 0x1F, 0xA6, 0x2A, 0xDB,
  13195. 0xCD, 0x41, 0x4C, 0xCE, 0x60, 0x34, 0xD8, 0x95,
  13196. 0xDD, 0xA1, 0xBF, 0x8F, 0x13, 0x2F, 0x04, 0x20,
  13197. 0x98, 0x66, 0x15, 0x72, 0xE7, 0x48, 0x30, 0x94,
  13198. 0xFD, 0x12, 0xE5, 0x18, 0xCE, 0x06, 0x2C, 0x98,
  13199. 0xAC, 0xEE, 0x28, 0xD9, 0x5D, 0xF4, 0x41, 0x6B,
  13200. 0xED, 0x31, 0xA2, 0xF0, 0x44, 0x76, 0xC1, 0x8B,
  13201. 0xB4, 0x0C, 0x84, 0xA7, 0x4B, 0x97, 0xDC, 0x5B
  13202. };
  13203. WOLFSSL_SMALL_STACK_STATIC const byte tag2[] = {
  13204. 0x16, 0x84, 0x2D, 0x4F, 0xA1, 0x86, 0xF5, 0x6A,
  13205. 0xB3, 0x32, 0x56, 0x97, 0x1F, 0xA1, 0x10, 0xF4
  13206. };
  13207. wc_Sm4 sm4;
  13208. byte enc[SM4_BLOCK_SIZE * 4];
  13209. byte dec[SM4_BLOCK_SIZE * 4];
  13210. byte tag[SM4_BLOCK_SIZE];
  13211. int ret;
  13212. ret = wc_Sm4Init(&sm4, NULL, INVALID_DEVID);
  13213. if (ret != 0)
  13214. return -6720;
  13215. /* Encrypt and decrypt using encrypt with CCM. */
  13216. ret = wc_Sm4SetKey(&sm4, k1, sizeof(k1));
  13217. if (ret != 0)
  13218. return WC_TEST_RET_ENC_EC(ret);
  13219. ret = wc_Sm4CcmEncrypt(&sm4, enc, p1, sizeof(p1), i1, sizeof(i1), tag,
  13220. sizeof(tag), a1, sizeof(a1));
  13221. if (ret != 0)
  13222. return WC_TEST_RET_ENC_EC(ret);
  13223. if (XMEMCMP(enc, c1, sizeof(c1)) != 0)
  13224. return WC_TEST_RET_ENC_NC;
  13225. if (XMEMCMP(tag, tag1, sizeof(tag1)) != 0)
  13226. return WC_TEST_RET_ENC_NC;
  13227. ret = wc_Sm4CcmDecrypt(&sm4, dec, enc, sizeof(c1), i1, sizeof(i1), tag,
  13228. sizeof(tag), a1, sizeof(a1));
  13229. if (ret != 0)
  13230. return WC_TEST_RET_ENC_EC(ret);
  13231. if (XMEMCMP(dec, p1, sizeof(p1)) != 0)
  13232. return WC_TEST_RET_ENC_NC;
  13233. /* RFC8998 test vector. */
  13234. ret = wc_Sm4SetKey(&sm4, k2, sizeof(k2));
  13235. if (ret != 0)
  13236. return WC_TEST_RET_ENC_EC(ret);
  13237. ret = wc_Sm4CcmEncrypt(&sm4, enc, p2, sizeof(p2), i2, sizeof(i2), tag,
  13238. sizeof(tag), a2, sizeof(a2));
  13239. if (ret != 0)
  13240. return WC_TEST_RET_ENC_EC(ret);
  13241. if (XMEMCMP(enc, c2, sizeof(c2)) != 0)
  13242. return WC_TEST_RET_ENC_NC;
  13243. if (XMEMCMP(tag, tag2, sizeof(tag2)) != 0)
  13244. return WC_TEST_RET_ENC_NC;
  13245. ret = wc_Sm4CcmDecrypt(&sm4, dec, enc, sizeof(c2), i2, sizeof(i2), tag,
  13246. sizeof(tag), a2, sizeof(a2));
  13247. if (ret != 0)
  13248. return WC_TEST_RET_ENC_EC(ret);
  13249. if (XMEMCMP(dec, p2, sizeof(p2)) != 0)
  13250. return WC_TEST_RET_ENC_NC;
  13251. wc_Sm4Free(&sm4);
  13252. return 0;
  13253. }
  13254. #endif
  13255. WOLFSSL_TEST_SUBROUTINE wc_test_ret_t sm4_test(void)
  13256. {
  13257. wc_test_ret_t ret;
  13258. #ifdef WOLFSSL_SM4_ECB
  13259. ret = sm4_ecb_test();
  13260. if (ret != 0)
  13261. return ret;
  13262. #endif
  13263. #ifdef WOLFSSL_SM4_CBC
  13264. ret = sm4_cbc_test();
  13265. if (ret != 0)
  13266. return ret;
  13267. #endif
  13268. #ifdef WOLFSSL_SM4_CTR
  13269. ret = sm4_ctr_test();
  13270. if (ret != 0)
  13271. return ret;
  13272. #endif
  13273. #ifdef WOLFSSL_SM4_GCM
  13274. ret = sm4_gcm_test();
  13275. if (ret != 0)
  13276. return ret;
  13277. #endif
  13278. #ifdef WOLFSSL_SM4_CCM
  13279. ret = sm4_ccm_test();
  13280. if (ret != 0)
  13281. return ret;
  13282. #endif
  13283. return 0;
  13284. }
  13285. #endif
  13286. #ifdef HAVE_XCHACHA
  13287. WOLFSSL_TEST_SUBROUTINE wc_test_ret_t XChaCha_test(void) {
  13288. wc_test_ret_t ret;
  13289. WOLFSSL_SMALL_STACK_STATIC const byte Plaintext[] = {
  13290. 0x54, 0x68, 0x65, 0x20, 0x64, 0x68, 0x6f, 0x6c, 0x65, 0x20, 0x28, 0x70, 0x72, 0x6f, 0x6e, 0x6f, /* The dhole (prono */
  13291. 0x75, 0x6e, 0x63, 0x65, 0x64, 0x20, 0x22, 0x64, 0x6f, 0x6c, 0x65, 0x22, 0x29, 0x20, 0x69, 0x73, /* unced "dole") is */
  13292. 0x20, 0x61, 0x6c, 0x73, 0x6f, 0x20, 0x6b, 0x6e, 0x6f, 0x77, 0x6e, 0x20, 0x61, 0x73, 0x20, 0x74, /* also known as t */
  13293. 0x68, 0x65, 0x20, 0x41, 0x73, 0x69, 0x61, 0x74, 0x69, 0x63, 0x20, 0x77, 0x69, 0x6c, 0x64, 0x20, /* he Asiatic wild */
  13294. 0x64, 0x6f, 0x67, 0x2c, 0x20, 0x72, 0x65, 0x64, 0x20, 0x64, 0x6f, 0x67, 0x2c, 0x20, 0x61, 0x6e, /* dog, red dog, an */
  13295. 0x64, 0x20, 0x77, 0x68, 0x69, 0x73, 0x74, 0x6c, 0x69, 0x6e, 0x67, 0x20, 0x64, 0x6f, 0x67, 0x2e, /* d whistling dog. */
  13296. 0x20, 0x49, 0x74, 0x20, 0x69, 0x73, 0x20, 0x61, 0x62, 0x6f, 0x75, 0x74, 0x20, 0x74, 0x68, 0x65, /* It is about the */
  13297. 0x20, 0x73, 0x69, 0x7a, 0x65, 0x20, 0x6f, 0x66, 0x20, 0x61, 0x20, 0x47, 0x65, 0x72, 0x6d, 0x61, /* size of a Germa */
  13298. 0x6e, 0x20, 0x73, 0x68, 0x65, 0x70, 0x68, 0x65, 0x72, 0x64, 0x20, 0x62, 0x75, 0x74, 0x20, 0x6c, /* n shepherd but l */
  13299. 0x6f, 0x6f, 0x6b, 0x73, 0x20, 0x6d, 0x6f, 0x72, 0x65, 0x20, 0x6c, 0x69, 0x6b, 0x65, 0x20, 0x61, /* ooks more like a */
  13300. 0x20, 0x6c, 0x6f, 0x6e, 0x67, 0x2d, 0x6c, 0x65, 0x67, 0x67, 0x65, 0x64, 0x20, 0x66, 0x6f, 0x78, /* long-legged fox */
  13301. 0x2e, 0x20, 0x54, 0x68, 0x69, 0x73, 0x20, 0x68, 0x69, 0x67, 0x68, 0x6c, 0x79, 0x20, 0x65, 0x6c, /* . This highly el */
  13302. 0x75, 0x73, 0x69, 0x76, 0x65, 0x20, 0x61, 0x6e, 0x64, 0x20, 0x73, 0x6b, 0x69, 0x6c, 0x6c, 0x65, /* usive and skille */
  13303. 0x64, 0x20, 0x6a, 0x75, 0x6d, 0x70, 0x65, 0x72, 0x20, 0x69, 0x73, 0x20, 0x63, 0x6c, 0x61, 0x73, /* d jumper is clas */
  13304. 0x73, 0x69, 0x66, 0x69, 0x65, 0x64, 0x20, 0x77, 0x69, 0x74, 0x68, 0x20, 0x77, 0x6f, 0x6c, 0x76, /* sified with wolv */
  13305. 0x65, 0x73, 0x2c, 0x20, 0x63, 0x6f, 0x79, 0x6f, 0x74, 0x65, 0x73, 0x2c, 0x20, 0x6a, 0x61, 0x63, /* es, coyotes, jac */
  13306. 0x6b, 0x61, 0x6c, 0x73, 0x2c, 0x20, 0x61, 0x6e, 0x64, 0x20, 0x66, 0x6f, 0x78, 0x65, 0x73, 0x20, /* kals, and foxes */
  13307. 0x69, 0x6e, 0x20, 0x74, 0x68, 0x65, 0x20, 0x74, 0x61, 0x78, 0x6f, 0x6e, 0x6f, 0x6d, 0x69, 0x63, /* in the taxonomic */
  13308. 0x20, 0x66, 0x61, 0x6d, 0x69, 0x6c, 0x79, 0x20, 0x43, 0x61, 0x6e, 0x69, 0x64, 0x61, 0x65, 0x2e /* family Canidae. */
  13309. };
  13310. WOLFSSL_SMALL_STACK_STATIC const byte Key[] = {
  13311. 0x80, 0x81, 0x82, 0x83, 0x84, 0x85, 0x86, 0x87, 0x88, 0x89, 0x8a, 0x8b, 0x8c, 0x8d, 0x8e, 0x8f,
  13312. 0x90, 0x91, 0x92, 0x93, 0x94, 0x95, 0x96, 0x97, 0x98, 0x99, 0x9a, 0x9b, 0x9c, 0x9d, 0x9e, 0x9f
  13313. };
  13314. WOLFSSL_SMALL_STACK_STATIC const byte IV[] = {
  13315. 0x40, 0x41, 0x42, 0x43, 0x44, 0x45, 0x46, 0x47, 0x48, 0x49, 0x4a, 0x4b, 0x4c, 0x4d, 0x4e, 0x4f, /* @ABCDEFGHIJKLMNO */
  13316. 0x50, 0x51, 0x52, 0x53, 0x54, 0x55, 0x56, 0x58 }; /* PQRSTUVW */
  13317. WOLFSSL_SMALL_STACK_STATIC const byte Ciphertext[] = {
  13318. 0x45, 0x59, 0xab, 0xba, 0x4e, 0x48, 0xc1, 0x61, 0x02, 0xe8, 0xbb, 0x2c, 0x05, 0xe6, 0x94, 0x7f,
  13319. 0x50, 0xa7, 0x86, 0xde, 0x16, 0x2f, 0x9b, 0x0b, 0x7e, 0x59, 0x2a, 0x9b, 0x53, 0xd0, 0xd4, 0xe9,
  13320. 0x8d, 0x8d, 0x64, 0x10, 0xd5, 0x40, 0xa1, 0xa6, 0x37, 0x5b, 0x26, 0xd8, 0x0d, 0xac, 0xe4, 0xfa,
  13321. 0xb5, 0x23, 0x84, 0xc7, 0x31, 0xac, 0xbf, 0x16, 0xa5, 0x92, 0x3c, 0x0c, 0x48, 0xd3, 0x57, 0x5d,
  13322. 0x4d, 0x0d, 0x2c, 0x67, 0x3b, 0x66, 0x6f, 0xaa, 0x73, 0x10, 0x61, 0x27, 0x77, 0x01, 0x09, 0x3a,
  13323. 0x6b, 0xf7, 0xa1, 0x58, 0xa8, 0x86, 0x42, 0x92, 0xa4, 0x1c, 0x48, 0xe3, 0xa9, 0xb4, 0xc0, 0xda,
  13324. 0xec, 0xe0, 0xf8, 0xd9, 0x8d, 0x0d, 0x7e, 0x05, 0xb3, 0x7a, 0x30, 0x7b, 0xbb, 0x66, 0x33, 0x31,
  13325. 0x64, 0xec, 0x9e, 0x1b, 0x24, 0xea, 0x0d, 0x6c, 0x3f, 0xfd, 0xdc, 0xec, 0x4f, 0x68, 0xe7, 0x44,
  13326. 0x30, 0x56, 0x19, 0x3a, 0x03, 0xc8, 0x10, 0xe1, 0x13, 0x44, 0xca, 0x06, 0xd8, 0xed, 0x8a, 0x2b,
  13327. 0xfb, 0x1e, 0x8d, 0x48, 0xcf, 0xa6, 0xbc, 0x0e, 0xb4, 0xe2, 0x46, 0x4b, 0x74, 0x81, 0x42, 0x40,
  13328. 0x7c, 0x9f, 0x43, 0x1a, 0xee, 0x76, 0x99, 0x60, 0xe1, 0x5b, 0xa8, 0xb9, 0x68, 0x90, 0x46, 0x6e,
  13329. 0xf2, 0x45, 0x75, 0x99, 0x85, 0x23, 0x85, 0xc6, 0x61, 0xf7, 0x52, 0xce, 0x20, 0xf9, 0xda, 0x0c,
  13330. 0x09, 0xab, 0x6b, 0x19, 0xdf, 0x74, 0xe7, 0x6a, 0x95, 0x96, 0x74, 0x46, 0xf8, 0xd0, 0xfd, 0x41,
  13331. 0x5e, 0x7b, 0xee, 0x2a, 0x12, 0xa1, 0x14, 0xc2, 0x0e, 0xb5, 0x29, 0x2a, 0xe7, 0xa3, 0x49, 0xae,
  13332. 0x57, 0x78, 0x20, 0xd5, 0x52, 0x0a, 0x1f, 0x3f, 0xb6, 0x2a, 0x17, 0xce, 0x6a, 0x7e, 0x68, 0xfa,
  13333. 0x7c, 0x79, 0x11, 0x1d, 0x88, 0x60, 0x92, 0x0b, 0xc0, 0x48, 0xef, 0x43, 0xfe, 0x84, 0x48, 0x6c,
  13334. 0xcb, 0x87, 0xc2, 0x5f, 0x0a, 0xe0, 0x45, 0xf0, 0xcc, 0xe1, 0xe7, 0x98, 0x9a, 0x9a, 0xa2, 0x20,
  13335. 0xa2, 0x8b, 0xdd, 0x48, 0x27, 0xe7, 0x51, 0xa2, 0x4a, 0x6d, 0x5c, 0x62, 0xd7, 0x90, 0xa6, 0x63,
  13336. 0x93, 0xb9, 0x31, 0x11, 0xc1, 0xa5, 0x5d, 0xd7, 0x42, 0x1a, 0x10, 0x18, 0x49, 0x74, 0xc7, 0xc5
  13337. };
  13338. #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
  13339. struct ChaCha *chacha = (struct ChaCha *)XMALLOC(sizeof *chacha, HEAP_HINT, DYNAMIC_TYPE_CIPHER);
  13340. byte *buf1 = (byte *)XMALLOC(sizeof Plaintext, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  13341. byte *buf2 = (byte *)XMALLOC(sizeof Plaintext, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  13342. if ((chacha == NULL) || (buf1 == NULL) || (buf2 == NULL))
  13343. ERROR_OUT(WC_TEST_RET_ENC_NC, out);
  13344. #else
  13345. struct ChaCha chacha[1];
  13346. byte buf1[sizeof Plaintext];
  13347. byte buf2[sizeof Plaintext];
  13348. #endif
  13349. ret = wc_XChacha_SetKey(chacha, Key, sizeof Key, IV, sizeof IV, 0);
  13350. if (ret < 0)
  13351. ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
  13352. ret = wc_Chacha_Process(chacha, buf1, Plaintext, sizeof Plaintext);
  13353. if (ret < 0)
  13354. ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
  13355. if (XMEMCMP(buf1, Ciphertext, sizeof Plaintext))
  13356. ERROR_OUT(WC_TEST_RET_ENC_NC, out);
  13357. ret = wc_XChacha_SetKey(chacha, Key, sizeof Key, IV, sizeof IV, 0);
  13358. if (ret < 0)
  13359. ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
  13360. ret = wc_Chacha_Process(chacha, buf2, buf1, sizeof Plaintext);
  13361. if (ret < 0)
  13362. ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
  13363. if (XMEMCMP(buf2, Plaintext, sizeof Plaintext))
  13364. ERROR_OUT(WC_TEST_RET_ENC_NC, out);
  13365. out:
  13366. #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
  13367. if (chacha)
  13368. XFREE(chacha, HEAP_HINT, DYNAMIC_TYPE_CIPHER);
  13369. if (buf1)
  13370. XFREE(buf1, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  13371. if (buf2)
  13372. XFREE(buf2, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  13373. #endif
  13374. return ret;
  13375. }
  13376. #endif /* HAVE_XCHACHA */
  13377. #if defined(HAVE_XCHACHA) && defined(HAVE_POLY1305)
  13378. WOLFSSL_TEST_SUBROUTINE wc_test_ret_t XChaCha20Poly1305_test(void) {
  13379. wc_test_ret_t ret;
  13380. WOLFSSL_SMALL_STACK_STATIC const byte Plaintext[] = {
  13381. 0x4c, 0x61, 0x64, 0x69, 0x65, 0x73, 0x20, 0x61, 0x6e, 0x64, 0x20, 0x47, 0x65, 0x6e, 0x74, 0x6c, /* Ladies and Gentl */
  13382. 0x65, 0x6d, 0x65, 0x6e, 0x20, 0x6f, 0x66, 0x20, 0x74, 0x68, 0x65, 0x20, 0x63, 0x6c, 0x61, 0x73, /* emen of the clas */
  13383. 0x73, 0x20, 0x6f, 0x66, 0x20, 0x27, 0x39, 0x39, 0x3a, 0x20, 0x49, 0x66, 0x20, 0x49, 0x20, 0x63, /* s of '99: If I c */
  13384. 0x6f, 0x75, 0x6c, 0x64, 0x20, 0x6f, 0x66, 0x66, 0x65, 0x72, 0x20, 0x79, 0x6f, 0x75, 0x20, 0x6f, /* ould offer you o */
  13385. 0x6e, 0x6c, 0x79, 0x20, 0x6f, 0x6e, 0x65, 0x20, 0x74, 0x69, 0x70, 0x20, 0x66, 0x6f, 0x72, 0x20, /* nly one tip for */
  13386. 0x74, 0x68, 0x65, 0x20, 0x66, 0x75, 0x74, 0x75, 0x72, 0x65, 0x2c, 0x20, 0x73, 0x75, 0x6e, 0x73, /* the future, suns */
  13387. 0x63, 0x72, 0x65, 0x65, 0x6e, 0x20, 0x77, 0x6f, 0x75, 0x6c, 0x64, 0x20, 0x62, 0x65, 0x20, 0x69, /* creen would be i */
  13388. 0x74, 0x2e }; /* t. */
  13389. WOLFSSL_SMALL_STACK_STATIC const byte AAD[] = { 0x50, 0x51, 0x52, 0x53, 0xc0, 0xc1, 0xc2, 0xc3, 0xc4, 0xc5, 0xc6, 0xc7 }; /* PQRS........ */
  13390. WOLFSSL_SMALL_STACK_STATIC const byte Key[] = {
  13391. 0x80, 0x81, 0x82, 0x83, 0x84, 0x85, 0x86, 0x87, 0x88, 0x89, 0x8a, 0x8b, 0x8c, 0x8d, 0x8e, 0x8f,
  13392. 0x90, 0x91, 0x92, 0x93, 0x94, 0x95, 0x96, 0x97, 0x98, 0x99, 0x9a, 0x9b, 0x9c, 0x9d, 0x9e, 0x9f
  13393. };
  13394. WOLFSSL_SMALL_STACK_STATIC const byte IV[] = {
  13395. 0x40, 0x41, 0x42, 0x43, 0x44, 0x45, 0x46, 0x47, 0x48, 0x49, 0x4a, 0x4b, 0x4c, 0x4d, 0x4e, 0x4f, /* @ABCDEFGHIJKLMNO */
  13396. 0x50, 0x51, 0x52, 0x53, 0x54, 0x55, 0x56, 0x57 }; /* PQRSTUVW */
  13397. WOLFSSL_SMALL_STACK_STATIC const byte Ciphertext[] = {
  13398. 0xbd, 0x6d, 0x17, 0x9d, 0x3e, 0x83, 0xd4, 0x3b, 0x95, 0x76, 0x57, 0x94, 0x93, 0xc0, 0xe9, 0x39,
  13399. 0x57, 0x2a, 0x17, 0x00, 0x25, 0x2b, 0xfa, 0xcc, 0xbe, 0xd2, 0x90, 0x2c, 0x21, 0x39, 0x6c, 0xbb,
  13400. 0x73, 0x1c, 0x7f, 0x1b, 0x0b, 0x4a, 0xa6, 0x44, 0x0b, 0xf3, 0xa8, 0x2f, 0x4e, 0xda, 0x7e, 0x39,
  13401. 0xae, 0x64, 0xc6, 0x70, 0x8c, 0x54, 0xc2, 0x16, 0xcb, 0x96, 0xb7, 0x2e, 0x12, 0x13, 0xb4, 0x52,
  13402. 0x2f, 0x8c, 0x9b, 0xa4, 0x0d, 0xb5, 0xd9, 0x45, 0xb1, 0x1b, 0x69, 0xb9, 0x82, 0xc1, 0xbb, 0x9e,
  13403. 0x3f, 0x3f, 0xac, 0x2b, 0xc3, 0x69, 0x48, 0x8f, 0x76, 0xb2, 0x38, 0x35, 0x65, 0xd3, 0xff, 0xf9,
  13404. 0x21, 0xf9, 0x66, 0x4c, 0x97, 0x63, 0x7d, 0xa9, 0x76, 0x88, 0x12, 0xf6, 0x15, 0xc6, 0x8b, 0x13,
  13405. 0xb5, 0x2e };
  13406. WOLFSSL_SMALL_STACK_STATIC const byte Tag[] = {
  13407. 0xc0, 0x87, 0x59, 0x24, 0xc1, 0xc7, 0x98, 0x79, 0x47, 0xde, 0xaf, 0xd8, 0x78, 0x0a, 0xcf, 0x49
  13408. };
  13409. #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
  13410. byte *buf1 = (byte *)XMALLOC(sizeof Ciphertext + sizeof Tag, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  13411. byte *buf2 = (byte *)XMALLOC(sizeof Plaintext, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  13412. if ((buf1 == NULL) || (buf2 == NULL))
  13413. ERROR_OUT(WC_TEST_RET_ENC_NC, out);
  13414. #else
  13415. byte buf1[sizeof Ciphertext + sizeof Tag];
  13416. byte buf2[sizeof Plaintext];
  13417. #endif
  13418. ret = wc_XChaCha20Poly1305_Encrypt(buf1, sizeof Ciphertext + sizeof Tag,
  13419. Plaintext, sizeof Plaintext,
  13420. AAD, sizeof AAD,
  13421. IV, sizeof IV,
  13422. Key, sizeof Key);
  13423. if (ret < 0)
  13424. ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
  13425. if (XMEMCMP(buf1, Ciphertext, sizeof Ciphertext))
  13426. ERROR_OUT(WC_TEST_RET_ENC_NC, out);
  13427. if (XMEMCMP(buf1 + sizeof Ciphertext, Tag, CHACHA20_POLY1305_AEAD_AUTHTAG_SIZE))
  13428. ERROR_OUT(WC_TEST_RET_ENC_NC, out);
  13429. ret = wc_XChaCha20Poly1305_Decrypt(buf2, sizeof Plaintext,
  13430. buf1, sizeof Ciphertext + sizeof Tag,
  13431. AAD, sizeof AAD,
  13432. IV, sizeof IV,
  13433. Key, sizeof Key);
  13434. if (ret < 0)
  13435. ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
  13436. if (XMEMCMP(buf2, Plaintext, sizeof Plaintext))
  13437. ERROR_OUT(WC_TEST_RET_ENC_NC, out);
  13438. out:
  13439. #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
  13440. if (buf1 != NULL)
  13441. XFREE(buf1, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  13442. if (buf2 != NULL)
  13443. XFREE(buf2, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  13444. #endif
  13445. return ret;
  13446. }
  13447. #endif /* defined(HAVE_XCHACHA) && defined(HAVE_POLY1305) */
  13448. #ifndef WC_NO_RNG
  13449. static wc_test_ret_t _rng_test(WC_RNG* rng, int errorOffset)
  13450. {
  13451. byte block[32];
  13452. wc_test_ret_t ret;
  13453. int i;
  13454. XMEMSET(block, 0, sizeof(block));
  13455. ret = wc_RNG_GenerateBlock(rng, block, sizeof(block));
  13456. if (ret != 0) {
  13457. ret = 1;
  13458. goto exit;
  13459. }
  13460. /* Check for 0's */
  13461. for (i=0; i<(int)sizeof(block); i++) {
  13462. if (block[i] == 0) {
  13463. ret++;
  13464. }
  13465. }
  13466. /* All zeros count check */
  13467. if (ret >= (int)sizeof(block)) {
  13468. ret = 2;
  13469. goto exit;
  13470. }
  13471. ret = wc_RNG_GenerateByte(rng, block);
  13472. if (ret != 0) {
  13473. ret = 3;
  13474. goto exit;
  13475. }
  13476. /* Parameter validation testing. */
  13477. ret = wc_RNG_GenerateBlock(NULL, block, sizeof(block));
  13478. if (ret != BAD_FUNC_ARG) {
  13479. ret = 4;
  13480. goto exit;
  13481. }
  13482. ret = wc_RNG_GenerateBlock(rng, NULL, sizeof(block));
  13483. if (ret != BAD_FUNC_ARG) {
  13484. ret = 5;
  13485. goto exit;
  13486. }
  13487. ret = wc_RNG_GenerateByte(NULL, block);
  13488. if (ret != BAD_FUNC_ARG) {
  13489. ret = 6;
  13490. goto exit;
  13491. }
  13492. ret = wc_RNG_GenerateByte(rng, NULL);
  13493. if (ret != BAD_FUNC_ARG) {
  13494. ret = 7;
  13495. goto exit;
  13496. }
  13497. ret = 0;
  13498. exit:
  13499. if (ret != 0)
  13500. ret = errorOffset - (ret * 1000000);
  13501. return ret;
  13502. }
  13503. static wc_test_ret_t random_rng_test(void)
  13504. {
  13505. WC_RNG localRng;
  13506. WC_RNG* rng;
  13507. wc_test_ret_t ret;
  13508. rng = &localRng;
  13509. /* Test stack based RNG. */
  13510. #ifndef HAVE_FIPS
  13511. ret = wc_InitRng_ex(rng, HEAP_HINT, devId);
  13512. #else
  13513. ret = wc_InitRng(rng);
  13514. #endif
  13515. if (ret != 0)
  13516. return WC_TEST_RET_ENC_EC(ret);
  13517. ret = _rng_test(rng, WC_TEST_RET_ENC_NC);
  13518. /* Make sure and free RNG */
  13519. wc_FreeRng(rng);
  13520. if (ret != 0)
  13521. return ret;
  13522. #if !defined(HAVE_FIPS) && !defined(HAVE_SELFTEST) && !defined(WOLFSSL_NO_MALLOC)
  13523. {
  13524. byte nonce[8] = { 0 };
  13525. /* Test dynamic RNG */
  13526. rng = wc_rng_new(nonce, (word32)sizeof(nonce), HEAP_HINT);
  13527. if (rng == NULL)
  13528. return WC_TEST_RET_ENC_ERRNO;
  13529. ret = _rng_test(rng, WC_TEST_RET_ENC_NC);
  13530. wc_rng_free(rng);
  13531. rng = NULL;
  13532. if (ret != 0)
  13533. return ret;
  13534. /* Test dynamic RNG using extended API */
  13535. ret = wc_rng_new_ex(&rng, nonce, (word32)sizeof(nonce),
  13536. HEAP_HINT, devId);
  13537. if (ret != 0)
  13538. return WC_TEST_RET_ENC_EC(ret);
  13539. ret = _rng_test(rng, WC_TEST_RET_ENC_NC);
  13540. wc_rng_free(rng);
  13541. if (ret != 0)
  13542. return ret;
  13543. }
  13544. #endif
  13545. return ret;
  13546. }
  13547. #if defined(HAVE_HASHDRBG) && !defined(CUSTOM_RAND_GENERATE_BLOCK)
  13548. #ifdef WC_RNG_SEED_CB
  13549. static int seed_cb(OS_Seed* os, byte* output, word32 sz)
  13550. {
  13551. word32 i;
  13552. (void)os;
  13553. /* Known answer test. Set the seed to the same value every time. */
  13554. for (i = 0; i < sz; i++)
  13555. output[i] = (byte)i;
  13556. return 0;
  13557. }
  13558. static wc_test_ret_t rng_seed_test(void)
  13559. {
  13560. #ifndef HAVE_FIPS
  13561. WOLFSSL_SMALL_STACK_STATIC const byte check[] =
  13562. {
  13563. 0x83, 0x46, 0x65, 0x2f, 0x5c, 0x44, 0x16, 0x5f,
  13564. 0xb3, 0x89, 0x26, 0xde, 0x0b, 0x6b, 0xa2, 0x06,
  13565. 0x7e, 0xa7, 0x9a, 0x55, 0x22, 0x01, 0xb0, 0x22,
  13566. 0xf4, 0x7e, 0xa2, 0x66, 0xc4, 0x08, 0x6f, 0xba
  13567. };
  13568. #else
  13569. /* FIPS uses a longer seed, so different check value. */
  13570. WOLFSSL_SMALL_STACK_STATIC const byte check[] =
  13571. {
  13572. 0xaf, 0x31, 0xcc, 0xef, 0xa9, 0x29, 0x4c, 0x24,
  13573. 0xbd, 0xa5, 0xa3, 0x52, 0x69, 0xf3, 0xb9, 0xb2,
  13574. 0x1e, 0xd4, 0x52, 0x3b, 0x9a, 0x96, 0x06, 0x20,
  13575. 0xc0, 0x5f, 0x44, 0x06, 0x1f, 0x80, 0xdf, 0xe0
  13576. };
  13577. #endif
  13578. byte output[WC_SHA256_DIGEST_SIZE];
  13579. WC_RNG rng;
  13580. wc_test_ret_t ret;
  13581. ret = wc_SetSeed_Cb(seed_cb);
  13582. if (ret != 0) {
  13583. ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
  13584. }
  13585. ret = wc_InitRng(&rng);
  13586. if (ret != 0) {
  13587. ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
  13588. }
  13589. ret = wc_RNG_GenerateBlock(&rng, output, sizeof(output));
  13590. if (ret != 0) {
  13591. ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
  13592. }
  13593. ret = XMEMCMP(output, check, sizeof(output));
  13594. if (ret != 0) {
  13595. ERROR_OUT(WC_TEST_RET_ENC_NC, out);
  13596. }
  13597. ret = wc_FreeRng(&rng);
  13598. if (ret != 0) {
  13599. ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
  13600. }
  13601. ret = wc_SetSeed_Cb(wc_GenerateSeed);
  13602. if (ret != 0) {
  13603. ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
  13604. }
  13605. out:
  13606. return ret;
  13607. }
  13608. #endif
  13609. WOLFSSL_TEST_SUBROUTINE wc_test_ret_t random_test(void)
  13610. {
  13611. WOLFSSL_SMALL_STACK_STATIC const byte test1Entropy[] =
  13612. {
  13613. 0xa6, 0x5a, 0xd0, 0xf3, 0x45, 0xdb, 0x4e, 0x0e, 0xff, 0xe8, 0x75, 0xc3,
  13614. 0xa2, 0xe7, 0x1f, 0x42, 0xc7, 0x12, 0x9d, 0x62, 0x0f, 0xf5, 0xc1, 0x19,
  13615. 0xa9, 0xef, 0x55, 0xf0, 0x51, 0x85, 0xe0, 0xfb, 0x85, 0x81, 0xf9, 0x31,
  13616. 0x75, 0x17, 0x27, 0x6e, 0x06, 0xe9, 0x60, 0x7d, 0xdb, 0xcb, 0xcc, 0x2e
  13617. };
  13618. WOLFSSL_SMALL_STACK_STATIC const byte test1Output[] =
  13619. {
  13620. 0xd3, 0xe1, 0x60, 0xc3, 0x5b, 0x99, 0xf3, 0x40, 0xb2, 0x62, 0x82, 0x64,
  13621. 0xd1, 0x75, 0x10, 0x60, 0xe0, 0x04, 0x5d, 0xa3, 0x83, 0xff, 0x57, 0xa5,
  13622. 0x7d, 0x73, 0xa6, 0x73, 0xd2, 0xb8, 0xd8, 0x0d, 0xaa, 0xf6, 0xa6, 0xc3,
  13623. 0x5a, 0x91, 0xbb, 0x45, 0x79, 0xd7, 0x3f, 0xd0, 0xc8, 0xfe, 0xd1, 0x11,
  13624. 0xb0, 0x39, 0x13, 0x06, 0x82, 0x8a, 0xdf, 0xed, 0x52, 0x8f, 0x01, 0x81,
  13625. 0x21, 0xb3, 0xfe, 0xbd, 0xc3, 0x43, 0xe7, 0x97, 0xb8, 0x7d, 0xbb, 0x63,
  13626. 0xdb, 0x13, 0x33, 0xde, 0xd9, 0xd1, 0xec, 0xe1, 0x77, 0xcf, 0xa6, 0xb7,
  13627. 0x1f, 0xe8, 0xab, 0x1d, 0xa4, 0x66, 0x24, 0xed, 0x64, 0x15, 0xe5, 0x1c,
  13628. 0xcd, 0xe2, 0xc7, 0xca, 0x86, 0xe2, 0x83, 0x99, 0x0e, 0xea, 0xeb, 0x91,
  13629. 0x12, 0x04, 0x15, 0x52, 0x8b, 0x22, 0x95, 0x91, 0x02, 0x81, 0xb0, 0x2d,
  13630. 0xd4, 0x31, 0xf4, 0xc9, 0xf7, 0x04, 0x27, 0xdf
  13631. };
  13632. WOLFSSL_SMALL_STACK_STATIC const byte test2EntropyA[] =
  13633. {
  13634. 0x63, 0x36, 0x33, 0x77, 0xe4, 0x1e, 0x86, 0x46, 0x8d, 0xeb, 0x0a, 0xb4,
  13635. 0xa8, 0xed, 0x68, 0x3f, 0x6a, 0x13, 0x4e, 0x47, 0xe0, 0x14, 0xc7, 0x00,
  13636. 0x45, 0x4e, 0x81, 0xe9, 0x53, 0x58, 0xa5, 0x69, 0x80, 0x8a, 0xa3, 0x8f,
  13637. 0x2a, 0x72, 0xa6, 0x23, 0x59, 0x91, 0x5a, 0x9f, 0x8a, 0x04, 0xca, 0x68
  13638. };
  13639. WOLFSSL_SMALL_STACK_STATIC const byte test2EntropyB[] =
  13640. {
  13641. 0xe6, 0x2b, 0x8a, 0x8e, 0xe8, 0xf1, 0x41, 0xb6, 0x98, 0x05, 0x66, 0xe3,
  13642. 0xbf, 0xe3, 0xc0, 0x49, 0x03, 0xda, 0xd4, 0xac, 0x2c, 0xdf, 0x9f, 0x22,
  13643. 0x80, 0x01, 0x0a, 0x67, 0x39, 0xbc, 0x83, 0xd3
  13644. };
  13645. WOLFSSL_SMALL_STACK_STATIC const byte test2Output[] =
  13646. {
  13647. 0x04, 0xee, 0xc6, 0x3b, 0xb2, 0x31, 0xdf, 0x2c, 0x63, 0x0a, 0x1a, 0xfb,
  13648. 0xe7, 0x24, 0x94, 0x9d, 0x00, 0x5a, 0x58, 0x78, 0x51, 0xe1, 0xaa, 0x79,
  13649. 0x5e, 0x47, 0x73, 0x47, 0xc8, 0xb0, 0x56, 0x62, 0x1c, 0x18, 0xbd, 0xdc,
  13650. 0xdd, 0x8d, 0x99, 0xfc, 0x5f, 0xc2, 0xb9, 0x20, 0x53, 0xd8, 0xcf, 0xac,
  13651. 0xfb, 0x0b, 0xb8, 0x83, 0x12, 0x05, 0xfa, 0xd1, 0xdd, 0xd6, 0xc0, 0x71,
  13652. 0x31, 0x8a, 0x60, 0x18, 0xf0, 0x3b, 0x73, 0xf5, 0xed, 0xe4, 0xd4, 0xd0,
  13653. 0x71, 0xf9, 0xde, 0x03, 0xfd, 0x7a, 0xea, 0x10, 0x5d, 0x92, 0x99, 0xb8,
  13654. 0xaf, 0x99, 0xaa, 0x07, 0x5b, 0xdb, 0x4d, 0xb9, 0xaa, 0x28, 0xc1, 0x8d,
  13655. 0x17, 0x4b, 0x56, 0xee, 0x2a, 0x01, 0x4d, 0x09, 0x88, 0x96, 0xff, 0x22,
  13656. 0x82, 0xc9, 0x55, 0xa8, 0x19, 0x69, 0xe0, 0x69, 0xfa, 0x8c, 0xe0, 0x07,
  13657. 0xa1, 0x80, 0x18, 0x3a, 0x07, 0xdf, 0xae, 0x17
  13658. };
  13659. byte output[WC_SHA256_DIGEST_SIZE * 4];
  13660. wc_test_ret_t ret;
  13661. ret = wc_RNG_HealthTest(0, test1Entropy, sizeof(test1Entropy), NULL, 0,
  13662. output, sizeof(output));
  13663. if (ret != 0)
  13664. return WC_TEST_RET_ENC_EC(ret);
  13665. if (XMEMCMP(test1Output, output, sizeof(output)) != 0)
  13666. return WC_TEST_RET_ENC_NC;
  13667. ret = wc_RNG_HealthTest(1, test2EntropyA, sizeof(test2EntropyA),
  13668. test2EntropyB, sizeof(test2EntropyB),
  13669. output, sizeof(output));
  13670. if (ret != 0)
  13671. return WC_TEST_RET_ENC_EC(ret);
  13672. if (XMEMCMP(test2Output, output, sizeof(output)) != 0)
  13673. return WC_TEST_RET_ENC_NC;
  13674. /* Basic RNG generate block test */
  13675. if ((ret = random_rng_test()) != 0)
  13676. return ret;
  13677. /* Test the seed check function. */
  13678. #if !(defined(HAVE_FIPS) || defined(HAVE_SELFTEST)) || \
  13679. (defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION >= 2))
  13680. {
  13681. word32 i, outputSz;
  13682. /* Repeat the same byte over and over. Should fail. */
  13683. outputSz = sizeof(output);
  13684. XMEMSET(output, 1, outputSz);
  13685. ret = wc_RNG_TestSeed(output, outputSz);
  13686. if (ret == 0)
  13687. return WC_TEST_RET_ENC_NC;
  13688. /* Every byte of the entropy scratch is different,
  13689. * entropy is a single byte that shouldn't match. */
  13690. outputSz = (sizeof(output) / 2) + 1;
  13691. for (i = 0; i < outputSz; i++)
  13692. output[i] = (byte)i;
  13693. ret = wc_RNG_TestSeed(output, outputSz);
  13694. if (ret != 0)
  13695. return WC_TEST_RET_ENC_EC(ret);
  13696. outputSz = sizeof(output);
  13697. for (i = 0; i < outputSz; i++)
  13698. output[i] = (byte)i;
  13699. ret = wc_RNG_TestSeed(output, outputSz);
  13700. if (ret != 0)
  13701. return WC_TEST_RET_ENC_EC(ret);
  13702. }
  13703. #endif
  13704. /* Test the seed callback. */
  13705. #ifdef WC_RNG_SEED_CB
  13706. if ((ret = rng_seed_test()) != 0)
  13707. return ret;
  13708. #endif
  13709. return 0;
  13710. }
  13711. #else
  13712. WOLFSSL_TEST_SUBROUTINE wc_test_ret_t random_test(void)
  13713. {
  13714. /* Basic RNG generate block test */
  13715. return random_rng_test();
  13716. }
  13717. #endif /* HAVE_HASHDRBG && !CUSTOM_RAND_GENERATE_BLOCK */
  13718. #endif /* WC_NO_RNG */
  13719. #ifndef MEM_TEST_SZ
  13720. #define MEM_TEST_SZ 1024
  13721. #endif
  13722. #if defined(WOLFSSL_STATIC_MEMORY) || !defined(WOLFSSL_NO_MALLOC)
  13723. static int simple_mem_test(int sz)
  13724. {
  13725. int ret = 0;
  13726. byte* b;
  13727. int i;
  13728. b = (byte*)XMALLOC(sz, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  13729. if (b == NULL) {
  13730. return WC_TEST_RET_ENC_NC;
  13731. }
  13732. /* utilize memory */
  13733. for (i = 0; i < sz; i++) {
  13734. b[i] = (byte)i;
  13735. }
  13736. /* read back and verify */
  13737. for (i = 0; i < sz; i++) {
  13738. if (b[i] != (byte)i) {
  13739. ret = WC_TEST_RET_ENC_NC;
  13740. break;
  13741. }
  13742. }
  13743. XFREE(b, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  13744. return ret;
  13745. }
  13746. #endif
  13747. /* If successful, returns the first letter of the byte array `in`.
  13748. **
  13749. ** This is a deceptively simple test of a read-only embedded Linux file system.
  13750. ** (e.g CFLAGS `-mfdpic` and `-mforce-l32`) for Xtensa Linux ESP32. When the
  13751. ** `-mforce-l32` is missing, access to `in` will fail with Illegal Instruction.
  13752. ** Const is on read-only memory-mapped file system, *not* loaded in app memory.
  13753. **
  13754. ** Edit with caution. See PR #6523. */
  13755. static wc_test_ret_t const_byte_ptr_test(const byte* in, word32 *outJ)
  13756. {
  13757. wc_test_ret_t ret = 0;
  13758. volatile word32 j = (word32)-1; /* must be volatile to properly detect error */
  13759. ret = (wc_test_ret_t)*in; /* accessed *in value. */
  13760. (void)ret;
  13761. j = *outJ; /* Found index to use in const array. */
  13762. if (j == 0) {
  13763. #ifdef WOLFSSL_DEBUG
  13764. printf("Testing const byte ptr reference...\n");
  13765. #endif
  13766. /* although j is zero, in[0] does not detect the Illegal instruction */
  13767. ret = in[j]; /* The big test: can we actually access the `in` data? */
  13768. }
  13769. else {
  13770. ret = -1;
  13771. }
  13772. return ret;
  13773. }
  13774. WOLFSSL_TEST_SUBROUTINE wc_test_ret_t memory_test(void)
  13775. {
  13776. wc_test_ret_t ret = 0;
  13777. word32 j = 0; /* used in embedded const pointer test */
  13778. #if defined(COMPLEX_MEM_TEST) || defined(WOLFSSL_STATIC_MEMORY)
  13779. int i;
  13780. #endif
  13781. #ifdef WOLFSSL_STATIC_MEMORY
  13782. word32 size[] = { WOLFMEM_BUCKETS };
  13783. word32 dist[] = { WOLFMEM_DIST };
  13784. byte buffer[30000]; /* make large enough to involve many bucket sizes */
  13785. int pad = -(int)((wc_ptr_t)buffer) & (WOLFSSL_STATIC_ALIGN - 1);
  13786. /* pad to account for if head of buffer is not at set memory
  13787. * alignment when tests are ran */
  13788. #endif
  13789. #ifdef WOLFSSL_STATIC_MEMORY
  13790. /* check macro settings */
  13791. if (sizeof(size)/sizeof(word32) != WOLFMEM_MAX_BUCKETS) {
  13792. return WC_TEST_RET_ENC_NC;
  13793. }
  13794. if (sizeof(dist)/sizeof(word32) != WOLFMEM_MAX_BUCKETS) {
  13795. return WC_TEST_RET_ENC_NC;
  13796. }
  13797. for (i = 0; i < WOLFMEM_MAX_BUCKETS; i++) {
  13798. if ((size[i] % WOLFSSL_STATIC_ALIGN) != 0) {
  13799. /* each element in array should be divisible by alignment size */
  13800. return WC_TEST_RET_ENC_NC;
  13801. }
  13802. }
  13803. for (i = 1; i < WOLFMEM_MAX_BUCKETS; i++) {
  13804. if (size[i - 1] >= size[i]) {
  13805. return WC_TEST_RET_ENC_NC; /* sizes should be in increasing order */
  13806. }
  13807. }
  13808. /* check that padding size returned is possible */
  13809. if (wolfSSL_MemoryPaddingSz() < WOLFSSL_STATIC_ALIGN) {
  13810. return WC_TEST_RET_ENC_NC; /* no room for wc_Memory struct */
  13811. }
  13812. ret = wolfSSL_MemoryPaddingSz();
  13813. if (ret < 0) {
  13814. return WC_TEST_RET_ENC_EC(ret);
  13815. }
  13816. if (wolfSSL_MemoryPaddingSz() % WOLFSSL_STATIC_ALIGN != 0) {
  13817. return WC_TEST_RET_ENC_NC; /* not aligned! */
  13818. }
  13819. /* check function to return optimum buffer size (rounded down) */
  13820. ret = wolfSSL_StaticBufferSz(buffer, sizeof(buffer), WOLFMEM_GENERAL);
  13821. if (ret < 0) {
  13822. return WC_TEST_RET_ENC_EC(ret);
  13823. }
  13824. if ((ret - pad) % WOLFSSL_STATIC_ALIGN != 0) {
  13825. return WC_TEST_RET_ENC_NC; /* not aligned! */
  13826. }
  13827. if ((unsigned int)ret > sizeof(buffer)) {
  13828. return WC_TEST_RET_ENC_NC; /* did not round down as expected */
  13829. }
  13830. if (ret != wolfSSL_StaticBufferSz(buffer, ret, WOLFMEM_GENERAL)) {
  13831. return WC_TEST_RET_ENC_NC; /* return value changed when using suggested
  13832. * value
  13833. */
  13834. }
  13835. ret = wolfSSL_MemoryPaddingSz();
  13836. ret += pad; /* add space that is going to be needed if buffer not aligned */
  13837. if (wolfSSL_StaticBufferSz(buffer, size[0] + ret + 1, WOLFMEM_GENERAL) !=
  13838. (ret + (int)size[0])) {
  13839. return WC_TEST_RET_ENC_NC; /* did not round down to nearest bucket
  13840. * value
  13841. */
  13842. }
  13843. ret = wolfSSL_StaticBufferSz(buffer, sizeof(buffer), WOLFMEM_IO_POOL);
  13844. if ((ret - pad) < 0) {
  13845. return WC_TEST_RET_ENC_NC;
  13846. }
  13847. if (((ret - pad) % (WOLFMEM_IO_SZ + wolfSSL_MemoryPaddingSz())) != 0) {
  13848. return WC_TEST_RET_ENC_NC; /* not even chunks of memory for IO size */
  13849. }
  13850. if (((ret - pad) % WOLFSSL_STATIC_ALIGN) != 0) {
  13851. return WC_TEST_RET_ENC_NC; /* memory not aligned */
  13852. }
  13853. /* check for passing bad or unknown arguments to functions */
  13854. if (wolfSSL_StaticBufferSz(NULL, 1, WOLFMEM_GENERAL) > 0) {
  13855. return WC_TEST_RET_ENC_NC;
  13856. }
  13857. if (wolfSSL_StaticBufferSz(buffer, 1, WOLFMEM_GENERAL) != 0) {
  13858. return WC_TEST_RET_ENC_NC; /* should round to 0
  13859. since struct + bucket will not fit */
  13860. }
  13861. (void)dist; /* avoid static analysis warning of variable not used */
  13862. #endif
  13863. #if defined(WOLFSSL_STATIC_MEMORY) || !defined(WOLFSSL_NO_MALLOC)
  13864. /* simple test */
  13865. ret = simple_mem_test(MEM_TEST_SZ);
  13866. if (ret != 0)
  13867. return ret;
  13868. #endif
  13869. #ifdef COMPLEX_MEM_TEST
  13870. /* test various size blocks */
  13871. for (i = 1; i < MEM_TEST_SZ; i*=2) {
  13872. ret = simple_mem_test(i);
  13873. if (ret != 0)
  13874. return ret;
  13875. }
  13876. #endif
  13877. #if !defined(USE_FAST_MATH) && !defined(WOLFSSL_NO_MALLOC) && defined(XREALLOC)
  13878. /* realloc test */
  13879. {
  13880. byte *b = (byte*)XMALLOC(MEM_TEST_SZ, HEAP_HINT,
  13881. DYNAMIC_TYPE_TMP_BUFFER);
  13882. #ifndef WOLFSSL_NO_REALLOC
  13883. byte *c = NULL;
  13884. if (b) {
  13885. c = (byte*)XREALLOC(b, MEM_TEST_SZ+sizeof(word32), HEAP_HINT,
  13886. DYNAMIC_TYPE_TMP_BUFFER);
  13887. if (c)
  13888. b = c;
  13889. }
  13890. #endif
  13891. if (b)
  13892. XFREE(b, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  13893. if ((b == NULL)
  13894. #ifndef WOLFSSL_NO_REALLOC
  13895. || (c == NULL)
  13896. #endif
  13897. ) {
  13898. return WC_TEST_RET_ENC_ERRNO;
  13899. }
  13900. }
  13901. #endif
  13902. if (ret == 0) {
  13903. /* This test is only interesting on embedded R/O Flash systems */
  13904. if (const_byte_ptr_test(const_byte_array, &j) != CBPTR_EXPECTED) {
  13905. ret = 1;
  13906. }
  13907. }
  13908. return ret;
  13909. }
  13910. #ifndef NO_FILESYSTEM
  13911. /* Cert Paths */
  13912. #ifdef FREESCALE_MQX
  13913. #define CERT_PREFIX "a:\\"
  13914. #define CERT_PATH_SEP "\\"
  13915. #elif defined(WOLFSSL_uTKERNEL2)
  13916. #define CERT_PREFIX "/uda/"
  13917. #define CERT_PATH_SEP "/"
  13918. #elif defined(_WIN32_WCE)
  13919. #define CERT_PREFIX "\\windows\\"
  13920. #define CERT_PATH_SEP "\\"
  13921. #endif
  13922. #ifndef CERT_PREFIX
  13923. #define CERT_PREFIX "./"
  13924. #endif
  13925. #ifndef CERT_PATH_SEP
  13926. #define CERT_PATH_SEP "/"
  13927. #endif
  13928. #ifndef CERT_WRITE_TEMP_DIR
  13929. #define CERT_WRITE_TEMP_DIR CERT_PREFIX
  13930. #endif
  13931. #define CERT_ROOT CERT_PREFIX "certs" CERT_PATH_SEP
  13932. /* Generated Test Certs */
  13933. #if !defined(USE_CERT_BUFFERS_1024) && !defined(USE_CERT_BUFFERS_2048) && \
  13934. !defined(USE_CERT_BUFFERS_3072) && !defined(USE_CERT_BUFFERS_4096)
  13935. #if !defined(NO_RSA) && !defined(NO_ASN)
  13936. static const char* clientKey = CERT_ROOT "client-key.der";
  13937. static const char* clientCert = CERT_ROOT "client-cert.der";
  13938. #ifdef WOLFSSL_CERT_EXT
  13939. static const char* clientKeyPub = CERT_ROOT "client-keyPub.der";
  13940. #endif
  13941. #endif /* !NO_RSA && !NO_ASN */
  13942. #endif
  13943. #if !defined(USE_CERT_BUFFERS_1024) && !defined(USE_CERT_BUFFERS_2048)
  13944. #if !defined(NO_RSA) && !defined(NO_ASN)
  13945. #if defined(WOLFSSL_CERT_GEN) || defined(HAVE_PKCS7)
  13946. static const char* rsaCaKeyFile = CERT_ROOT "ca-key.der";
  13947. #ifdef WOLFSSL_CERT_GEN
  13948. static const char* rsaCaCertFile = CERT_ROOT "ca-cert.pem";
  13949. #endif
  13950. #if (defined(WOLFSSL_ALT_NAMES) || defined(HAVE_PKCS7)) \
  13951. && !defined(NO_ASN_TIME)
  13952. static const char* rsaCaCertDerFile = CERT_ROOT "ca-cert.der";
  13953. #endif
  13954. #ifdef HAVE_PKCS7
  13955. static const char* rsaServerCertDerFile =
  13956. CERT_ROOT "server-cert.der";
  13957. static const char* rsaServerKeyDerFile =
  13958. CERT_ROOT "server-key.der";
  13959. #endif
  13960. #endif
  13961. #endif /* !NO_RSA && !NO_ASN */
  13962. #endif /* !USE_CERT_BUFFER_* */
  13963. #if !defined(USE_CERT_BUFFERS_1024) && !defined(USE_CERT_BUFFERS_2048) && \
  13964. !defined(USE_CERT_BUFFERS_3072) && !defined(USE_CERT_BUFFERS_4096)
  13965. #if !defined(NO_ASN) && !defined(NO_DH)
  13966. static const char* dhParamsFile = CERT_ROOT "dh2048.der";
  13967. #endif
  13968. #endif
  13969. #if !defined(NO_ASN) && !defined(NO_DH)
  13970. #if defined(WOLFSSL_DH_EXTRA) && (!defined(HAVE_FIPS) || \
  13971. (defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION > 2)))
  13972. #if !defined(USE_CERT_BUFFERS_2048)
  13973. static const char* dhKeyFile = CERT_ROOT "statickeys/dh-ffdhe2048.der";
  13974. static const char* dhKeyPubFile = CERT_ROOT "statickeys/dh-ffdhe2048-pub.der";
  13975. #endif
  13976. #endif
  13977. #endif
  13978. #if !defined(USE_CERT_BUFFERS_1024) && !defined(USE_CERT_BUFFERS_2048)
  13979. #ifndef NO_DSA
  13980. static const char* dsaKey = CERT_ROOT "dsa2048.der";
  13981. #endif
  13982. #endif /* !USE_CERT_BUFFER_* */
  13983. #if !defined(USE_CERT_BUFFERS_256) && !defined(NO_ECC256)
  13984. #ifdef HAVE_ECC
  13985. /* cert files to be used in rsa cert gen test, check if RSA enabled */
  13986. #ifdef HAVE_ECC_KEY_IMPORT
  13987. static const char* eccKeyDerFile = CERT_ROOT "ecc-key.der";
  13988. #endif
  13989. #endif
  13990. #if !defined(USE_CERT_BUFFERS_256) && !defined(NO_ASN)
  13991. #if defined(HAVE_ECC) && defined(WOLFSSL_CERT_GEN) && \
  13992. !defined(NO_ECC_SECP)
  13993. #ifndef NO_RSA
  13994. static const char* eccKeyPubFileDer = CERT_ROOT "ecc-keyPub.der";
  13995. #endif
  13996. #ifndef NO_ASN_TIME
  13997. static const char* eccCaKeyFile = CERT_ROOT "ca-ecc-key.der";
  13998. static const char* eccCaCertFile = CERT_ROOT "ca-ecc-cert.pem";
  13999. #ifdef ENABLE_ECC384_CERT_GEN_TEST
  14000. static const char* eccCaKey384File =
  14001. CERT_ROOT "ca-ecc384-key.der";
  14002. static const char* eccCaCert384File =
  14003. CERT_ROOT "ca-ecc384-cert.pem";
  14004. #endif
  14005. #endif
  14006. #endif
  14007. #if defined(HAVE_PKCS7) && defined(HAVE_ECC)
  14008. static const char* eccClientKey = CERT_ROOT "ecc-client-key.der";
  14009. static const char* eccClientCert = CERT_ROOT "client-ecc-cert.der";
  14010. #endif
  14011. #endif /* HAVE_ECC */
  14012. #ifdef HAVE_ED25519
  14013. #ifdef WOLFSSL_TEST_CERT
  14014. static const char* serverEd25519Cert =
  14015. CERT_ROOT "ed25519/server-ed25519.der";
  14016. static const char* caEd25519Cert =
  14017. CERT_ROOT "ed25519/ca-ed25519.der";
  14018. #endif
  14019. #endif
  14020. #ifdef HAVE_ED448
  14021. #ifdef WOLFSSL_TEST_CERT
  14022. static const char* serverEd448Cert =
  14023. CERT_ROOT "ed448/server-ed448.der";
  14024. static const char* caEd448Cert = CERT_ROOT "ed448/ca-ed448.der";
  14025. #endif
  14026. #endif
  14027. #endif /* !USE_CERT_BUFFER_* */
  14028. #if !defined(NO_ASN_TIME) && !defined(NO_RSA) && defined(WOLFSSL_TEST_CERT) && \
  14029. !defined(NO_FILESYSTEM)
  14030. static const char* certExtNc =
  14031. CERT_ROOT "test" CERT_PATH_SEP "cert-ext-nc.der";
  14032. static const char* certExtIa =
  14033. CERT_ROOT "test" CERT_PATH_SEP "cert-ext-ia.der";
  14034. static const char* certExtNct =
  14035. CERT_ROOT "test" CERT_PATH_SEP "cert-ext-nct.der";
  14036. #endif
  14037. #ifndef NO_WRITE_TEMP_FILES
  14038. #ifdef HAVE_ECC
  14039. #ifndef NO_ECC_SECP
  14040. #if defined(WOLFSSL_CERT_GEN) && !defined(NO_ASN_TIME)
  14041. static const char* certEccPemFile = CERT_WRITE_TEMP_DIR "certecc.pem";
  14042. static const char* certEccDerFile = CERT_WRITE_TEMP_DIR "certecc.der";
  14043. #endif
  14044. #if defined(WOLFSSL_CERT_GEN) && !defined(NO_RSA)
  14045. static const char* certEccRsaPemFile = CERT_WRITE_TEMP_DIR "certeccrsa.pem";
  14046. static const char* certEccRsaDerFile = CERT_WRITE_TEMP_DIR "certeccrsa.der";
  14047. #endif
  14048. #endif
  14049. #if defined(HAVE_ECC_KEY_EXPORT) && !defined(WC_NO_RNG) && \
  14050. !defined(WOLF_CRYPTO_CB_ONLY_ECC) && !defined(NO_ASN_CRYPT)
  14051. static const char* eccCaKeyPemFile = CERT_WRITE_TEMP_DIR "ecc-key.pem";
  14052. static const char* eccPubKeyDerFile = CERT_WRITE_TEMP_DIR "ecc-public-key.der";
  14053. static const char* eccCaKeyTempFile = CERT_WRITE_TEMP_DIR "ecc-key.der";
  14054. #if defined(HAVE_PKCS8) && !defined(WC_NO_RNG) && \
  14055. !defined(WOLF_CRYPTO_CB_ONLY_ECC)
  14056. static const char* eccPkcs8KeyDerFile = CERT_WRITE_TEMP_DIR "ecc-key-pkcs8.der";
  14057. #endif
  14058. #endif /* HAVE_ECC_KEY_EXPORT */
  14059. #endif /* HAVE_ECC */
  14060. #ifndef NO_RSA
  14061. #if defined(WOLFSSL_CERT_GEN) && !defined(NO_ASN_TIME)
  14062. static const char* otherCertDerFile = CERT_WRITE_TEMP_DIR "othercert.der";
  14063. static const char* certDerFile = CERT_WRITE_TEMP_DIR "cert.der";
  14064. static const char* otherCertPemFile = CERT_WRITE_TEMP_DIR "othercert.pem";
  14065. static const char* certPemFile = CERT_WRITE_TEMP_DIR "cert.pem";
  14066. #if defined(WOLFSSL_CERT_REQ) && !defined(WOLFSSL_NO_MALLOC)
  14067. static const char* certReqDerFile = CERT_WRITE_TEMP_DIR "certreq.der";
  14068. static const char* certReqPemFile = CERT_WRITE_TEMP_DIR "certreq.pem";
  14069. #endif
  14070. #endif
  14071. #endif /* !NO_RSA */
  14072. #if !defined(NO_RSA) || !defined(NO_DSA)
  14073. #ifdef WOLFSSL_KEY_GEN
  14074. static const char* keyDerFile = CERT_WRITE_TEMP_DIR "key.der";
  14075. static const char* keyPemFile = CERT_WRITE_TEMP_DIR "key.pem";
  14076. #endif
  14077. #endif
  14078. #endif /* !NO_WRITE_TEMP_FILES */
  14079. #endif /* !NO_FILESYSTEM */
  14080. #if defined(WOLFSSL_CERT_GEN) && (!defined(NO_RSA) || defined(HAVE_ECC)) || \
  14081. (defined(WOLFSSL_TEST_CERT) && (defined(HAVE_ED25519) || defined(HAVE_ED448)))
  14082. static CertName certDefaultName;
  14083. static void initDefaultName(void)
  14084. {
  14085. #if defined(WOLFSSL_MULTI_ATTRIB) && defined(WOLFSSL_TEST_CERT)
  14086. NameAttrib* n;
  14087. #endif
  14088. XMEMCPY(certDefaultName.country, "US", sizeof("US"));
  14089. certDefaultName.countryEnc = CTC_PRINTABLE;
  14090. XMEMCPY(certDefaultName.state, "Oregon", sizeof("Oregon"));
  14091. certDefaultName.stateEnc = CTC_UTF8;
  14092. XMEMCPY(certDefaultName.street, "Main St", sizeof("Main St"));
  14093. certDefaultName.streetEnc = CTC_UTF8;
  14094. XMEMCPY(certDefaultName.locality, "Portland", sizeof("Portland"));
  14095. certDefaultName.localityEnc = CTC_UTF8;
  14096. XMEMCPY(certDefaultName.sur, "Test", sizeof("Test"));
  14097. certDefaultName.surEnc = CTC_UTF8;
  14098. XMEMCPY(certDefaultName.org, "wolfSSL", sizeof("wolfSSL"));
  14099. certDefaultName.orgEnc = CTC_UTF8;
  14100. XMEMCPY(certDefaultName.unit, "Development", sizeof("Development"));
  14101. certDefaultName.unitEnc = CTC_UTF8;
  14102. XMEMCPY(certDefaultName.commonName, "www.wolfssl.com", sizeof("www.wolfssl.com"));
  14103. certDefaultName.commonNameEnc = CTC_UTF8;
  14104. XMEMCPY(certDefaultName.serialDev, "wolfSSL12345", sizeof("wolfSSL12345"));
  14105. certDefaultName.serialDevEnc = CTC_PRINTABLE;
  14106. XMEMCPY(certDefaultName.postalCode, "12-456", sizeof("12-456"));
  14107. certDefaultName.postalCodeEnc = CTC_PRINTABLE;
  14108. #ifdef WOLFSSL_CERT_EXT
  14109. XMEMCPY(certDefaultName.busCat, "Private Organization", sizeof("Private Organization"));
  14110. certDefaultName.busCatEnc = CTC_UTF8;
  14111. XMEMCPY(certDefaultName.joiSt, "US", sizeof("US"));
  14112. certDefaultName.joiStEnc = CTC_PRINTABLE;
  14113. XMEMCPY(certDefaultName.joiC, "Oregon", sizeof("Oregon"));
  14114. certDefaultName.joiCEnc = CTC_PRINTABLE;
  14115. #endif
  14116. XMEMCPY(certDefaultName.email, "info@wolfssl.com", sizeof("info@wolfssl.com"));
  14117. XMEMCPY(certDefaultName.userId, "TestUserID", sizeof("TestUserID"));
  14118. certDefaultName.userIdEnc = CTC_PRINTABLE;
  14119. #if defined(WOLFSSL_MULTI_ATTRIB) && defined(WOLFSSL_TEST_CERT)
  14120. /* test having additional OUs and setting DC */
  14121. n = &certDefaultName.name[0];
  14122. n->id = ASN_ORGUNIT_NAME;
  14123. n->type = CTC_UTF8;
  14124. n->sz = XSTRLEN("Development-2");
  14125. XMEMCPY(n->value, "Development-2", sizeof("Development-2"));
  14126. #if CTC_MAX_ATTRIB > 3
  14127. n = &certDefaultName.name[1];
  14128. n->id = ASN_DOMAIN_COMPONENT;
  14129. n->type = CTC_UTF8;
  14130. n->sz = XSTRLEN("com");
  14131. XMEMCPY(n->value, "com", sizeof("com"));
  14132. n = &certDefaultName.name[2];
  14133. n->id = ASN_DOMAIN_COMPONENT;
  14134. n->type = CTC_UTF8;
  14135. n->sz = XSTRLEN("wolfssl");
  14136. XMEMCPY(n->value, "wolfssl", sizeof("wolfssl"));
  14137. #endif
  14138. #endif /* WOLFSSL_MULTI_ATTRIB && WOLFSSL_TEST_CERT */
  14139. #ifdef WOLFSSL_CUSTOM_OID
  14140. /* TODO: Add test case for custom OID's */
  14141. #endif
  14142. }
  14143. #ifdef WOLFSSL_CERT_EXT
  14144. #if ((defined(HAVE_ED25519) || defined(HAVE_ED448)) && \
  14145. defined(WOLFSSL_TEST_CERT)) || defined(HAVE_ECC)
  14146. WOLFSSL_SMALL_STACK_STATIC const char certKeyUsage[] =
  14147. "digitalSignature,nonRepudiation";
  14148. #endif
  14149. #if defined(WOLFSSL_CERT_REQ) && !defined(NO_RSA) && !defined(NO_ASN_TIME)
  14150. WOLFSSL_SMALL_STACK_STATIC const char certKeyUsage2[] =
  14151. "digitalSignature,nonRepudiation,keyEncipherment,keyAgreement";
  14152. #endif
  14153. #endif /* WOLFSSL_CERT_EXT */
  14154. #endif /* WOLFSSL_CERT_GEN */
  14155. #ifndef NO_RSA
  14156. #if !defined(NO_ASN_TIME) && !defined(NO_RSA) && defined(WOLFSSL_TEST_CERT) && \
  14157. !defined(NO_FILESYSTEM)
  14158. static const byte minSerial[] = { 0x02, 0x01, 0x01 };
  14159. static const byte minName[] = { 0x30, 0x00 };
  14160. static const byte nameBad[] = {
  14161. 0x30, 0x08,
  14162. 0x31, 0x06,
  14163. 0x30, 0x04,
  14164. 0x06, 0x02,
  14165. 0x55, 0x04,
  14166. };
  14167. static const byte minDates[] = {
  14168. 0x30, 0x1e,
  14169. 0x17, 0x0d,
  14170. 0x31, 0x38, 0x30, 0x34, 0x31, 0x33, 0x31, 0x35,
  14171. 0x32, 0x33, 0x31, 0x30, 0x5a,
  14172. 0x17, 0x0d,
  14173. 0x32, 0x31, 0x30, 0x31, 0x30, 0x37, 0x31, 0x35,
  14174. 0x32, 0x33, 0x31, 0x30, 0x5a
  14175. };
  14176. static const byte minPubKey[] = {
  14177. 0x30, 0x1c,
  14178. 0x30, 0x0d,
  14179. 0x06, 0x09,
  14180. 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01,
  14181. 0x01,
  14182. 0x05, 0x00,
  14183. 0x03, 0x0b,
  14184. 0x00, 0x30, 0x08,
  14185. 0x02, 0x01,
  14186. 0x03,
  14187. 0x02, 0x03,
  14188. 0x01, 0x00, 0x01
  14189. };
  14190. static const byte minSigAlg[] = {
  14191. 0x30, 0x0d,
  14192. 0x06, 0x09,
  14193. 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01,
  14194. 0x0b,
  14195. 0x05, 0x00
  14196. };
  14197. static const byte minSig[] = {
  14198. 0x03, 0x01,
  14199. 0x00
  14200. };
  14201. static int add_seq(byte* certData, int offset, byte* data, byte length)
  14202. {
  14203. XMEMMOVE(certData + offset + 2, data, length);
  14204. certData[offset++] = 0x30;
  14205. certData[offset++] = length;
  14206. return offset + length;
  14207. }
  14208. static int add_data(byte* certData, int offset, const byte* data, byte length)
  14209. {
  14210. XMEMCPY(certData + offset, data, length);
  14211. return offset + length;
  14212. }
  14213. static wc_test_ret_t cert_asn1_test(void)
  14214. {
  14215. wc_test_ret_t ret;
  14216. int len[3];
  14217. DecodedCert cert;
  14218. byte certData[114];
  14219. byte* badCert = NULL;
  14220. len[2] = add_data(certData, 0, minSerial, (byte)sizeof(minSerial));
  14221. len[2] = add_data(certData, len[2], minSigAlg, (byte)sizeof(minSigAlg));
  14222. len[2] = add_data(certData, len[2], minName, (byte)sizeof(minName));
  14223. len[2] = add_data(certData, len[2], minDates, (byte)sizeof(minDates));
  14224. len[2] = add_data(certData, len[2], minName, (byte)sizeof(minName));
  14225. len[2] = add_data(certData, len[2], minPubKey, (byte)sizeof(minPubKey));
  14226. len[1] = add_seq(certData, 0, certData, len[2]);
  14227. len[1] = add_data(certData, len[1], minSigAlg, (byte)sizeof(minSigAlg));
  14228. len[1] = add_data(certData, len[1], minSig, (byte)sizeof(minSig));
  14229. len[0] = add_seq(certData, 0, certData, len[1]);
  14230. /* Minimal good certificate */
  14231. InitDecodedCert(&cert, certData, len[0], 0);
  14232. ret = ParseCert(&cert, CERT_TYPE, NO_VERIFY, NULL);
  14233. FreeDecodedCert(&cert);
  14234. if (ret != 0)
  14235. ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done);
  14236. /* Bad issuer name */
  14237. len[2] = add_data(certData, 0, minSerial, (byte)sizeof(minSerial));
  14238. len[2] = add_data(certData, len[2], minSigAlg, (byte)sizeof(minSigAlg));
  14239. len[2] = add_data(certData, len[2], nameBad, (byte)sizeof(nameBad));
  14240. len[2] = add_data(certData, len[2], minDates, (byte)sizeof(minDates));
  14241. len[2] = add_data(certData, len[2], minName, (byte)sizeof(minName));
  14242. len[2] = add_data(certData, len[2], minPubKey, (byte)sizeof(minPubKey));
  14243. len[1] = add_seq(certData, 0, certData, len[2]);
  14244. len[1] = add_data(certData, len[1], minSigAlg, (byte)sizeof(minSigAlg));
  14245. len[1] = add_data(certData, len[1], minSig, (byte)sizeof(minSig));
  14246. len[0] = add_seq(certData, 0, certData, len[1]);
  14247. /* Put data into allocated buffer to allow access error checking. */
  14248. badCert = (byte*)XMALLOC(len[0], HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  14249. XMEMCPY(badCert, certData, len[0]);
  14250. InitDecodedCert(&cert, badCert, len[0], 0);
  14251. ret = ParseCert(&cert, CERT_TYPE, NO_VERIFY, NULL);
  14252. FreeDecodedCert(&cert);
  14253. if (ret != ASN_PARSE_E) {
  14254. ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done);
  14255. }
  14256. XFREE(badCert, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  14257. badCert = NULL;
  14258. ret = 0;
  14259. done:
  14260. if (badCert != NULL)
  14261. XFREE(badCert, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  14262. return ret;
  14263. }
  14264. WOLFSSL_TEST_SUBROUTINE wc_test_ret_t cert_test(void)
  14265. {
  14266. #if !defined(NO_FILESYSTEM)
  14267. DecodedCert cert;
  14268. byte* tmp;
  14269. size_t bytes;
  14270. XFILE file;
  14271. wc_test_ret_t ret;
  14272. tmp = (byte*)XMALLOC(FOURK_BUF, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  14273. if (tmp == NULL)
  14274. return WC_TEST_RET_ENC_ERRNO;
  14275. /* Certificate with Name Constraints extension. */
  14276. file = XFOPEN(certExtNc, "rb");
  14277. if (!file) {
  14278. ERROR_OUT(WC_TEST_RET_ENC_ERRNO, done);
  14279. }
  14280. bytes = XFREAD(tmp, 1, FOURK_BUF, file);
  14281. XFCLOSE(file);
  14282. if (bytes == 0)
  14283. ERROR_OUT(WC_TEST_RET_ENC_ERRNO, done);
  14284. InitDecodedCert(&cert, tmp, (word32)bytes, 0);
  14285. ret = ParseCert(&cert, CERT_TYPE, NO_VERIFY, NULL);
  14286. if (ret != 0)
  14287. ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done);
  14288. FreeDecodedCert(&cert);
  14289. /* Certificate with Inhibit Any Policy extension. */
  14290. file = XFOPEN(certExtIa, "rb");
  14291. if (!file) {
  14292. ERROR_OUT(WC_TEST_RET_ENC_ERRNO, done);
  14293. }
  14294. bytes = XFREAD(tmp, 1, FOURK_BUF, file);
  14295. XFCLOSE(file);
  14296. if (bytes == 0)
  14297. ERROR_OUT(WC_TEST_RET_ENC_ERRNO, done);
  14298. InitDecodedCert(&cert, tmp, (word32)bytes, 0);
  14299. ret = ParseCert(&cert, CERT_TYPE, NO_VERIFY, NULL);
  14300. if (ret != 0)
  14301. ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done);
  14302. FreeDecodedCert(&cert);
  14303. /* Certificate with Netscape Certificate Type extension. */
  14304. file = XFOPEN(certExtNct, "rb");
  14305. if (!file) {
  14306. ERROR_OUT(WC_TEST_RET_ENC_ERRNO, done);
  14307. }
  14308. bytes = XFREAD(tmp, 1, FOURK_BUF, file);
  14309. XFCLOSE(file);
  14310. if (bytes == 0)
  14311. ERROR_OUT(WC_TEST_RET_ENC_ERRNO, done);
  14312. InitDecodedCert(&cert, tmp, (word32)bytes, 0);
  14313. ret = ParseCert(&cert, CERT_TYPE, NO_VERIFY, NULL);
  14314. #ifndef IGNORE_NETSCAPE_CERT_TYPE
  14315. if (ret != 0)
  14316. ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done);
  14317. #else
  14318. if (ret != ASN_CRIT_EXT_E) {
  14319. ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done);
  14320. }
  14321. ret = 0;
  14322. #endif
  14323. done:
  14324. FreeDecodedCert(&cert);
  14325. XFREE(tmp, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  14326. #endif /* !NO_FILESYSTEM */
  14327. if (ret == 0)
  14328. ret = cert_asn1_test();
  14329. return ret;
  14330. }
  14331. #endif /* WOLFSSL_TEST_CERT */
  14332. #if defined(WOLFSSL_CERT_EXT) && defined(WOLFSSL_TEST_CERT) && \
  14333. !defined(NO_FILESYSTEM) && defined(WOLFSSL_CERT_GEN)
  14334. WOLFSSL_TEST_SUBROUTINE wc_test_ret_t certext_test(void)
  14335. {
  14336. DecodedCert cert;
  14337. byte* tmp;
  14338. size_t bytes;
  14339. XFILE file;
  14340. wc_test_ret_t ret;
  14341. /* created from rsa_test : othercert.der */
  14342. byte skid_rsa[] = "\x33\xD8\x45\x66\xD7\x68\x87\x18\x7E\x54"
  14343. "\x0D\x70\x27\x91\xC7\x26\xD7\x85\x65\xC0";
  14344. /* created from rsa_test : othercert.der */
  14345. byte akid_rsa[] = "\x27\x8E\x67\x11\x74\xC3\x26\x1D\x3F\xED"
  14346. "\x33\x63\xB3\xA4\xD8\x1D\x30\xE5\xE8\xD5";
  14347. #ifdef HAVE_ECC
  14348. /* created from ecc_test_cert_gen : certecc.der */
  14349. #ifdef ENABLE_ECC384_CERT_GEN_TEST
  14350. /* Authority key id from ./certs/ca-ecc384-cert.pem */
  14351. byte akid_ecc[] = "\xAB\xE0\xC3\x26\x4C\x18\xD4\x72\xBB\xD2"
  14352. "\x84\x8C\x9C\x0A\x05\x92\x80\x12\x53\x52";
  14353. #else
  14354. /* Authority key id from ./certs/ca-ecc-cert.pem */
  14355. byte akid_ecc[] = "\x56\x8E\x9A\xC3\xF0\x42\xDE\x18\xB9\x45"
  14356. "\x55\x6E\xF9\x93\xCF\xEA\xC3\xF3\xA5\x21";
  14357. #endif
  14358. #endif /* HAVE_ECC */
  14359. /* created from rsa_test : cert.der */
  14360. byte kid_ca[] = "\x33\xD8\x45\x66\xD7\x68\x87\x18\x7E\x54"
  14361. "\x0D\x70\x27\x91\xC7\x26\xD7\x85\x65\xC0";
  14362. tmp = (byte*)XMALLOC(FOURK_BUF, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  14363. if (tmp == NULL)
  14364. return WC_TEST_RET_ENC_ERRNO;
  14365. /* load othercert.der (Cert signed by an authority) */
  14366. file = XFOPEN(otherCertDerFile, "rb");
  14367. if (!file) {
  14368. XFREE(tmp, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  14369. return WC_TEST_RET_ENC_ERRNO;
  14370. }
  14371. bytes = XFREAD(tmp, 1, FOURK_BUF, file);
  14372. XFCLOSE(file);
  14373. if (bytes == 0)
  14374. return WC_TEST_RET_ENC_ERRNO;
  14375. InitDecodedCert(&cert, tmp, (word32)bytes, 0);
  14376. ret = ParseCert(&cert, CERT_TYPE, NO_VERIFY, 0);
  14377. if (ret != 0)
  14378. return WC_TEST_RET_ENC_EC(ret);
  14379. /* check the SKID from a RSA certificate */
  14380. if (XMEMCMP(skid_rsa, cert.extSubjKeyId, sizeof(cert.extSubjKeyId)))
  14381. return WC_TEST_RET_ENC_NC;
  14382. /* check the AKID from an RSA certificate */
  14383. if (XMEMCMP(akid_rsa, cert.extAuthKeyId, sizeof(cert.extAuthKeyId)))
  14384. return WC_TEST_RET_ENC_NC;
  14385. /* check the Key Usage from an RSA certificate */
  14386. if (!cert.extKeyUsageSet)
  14387. return WC_TEST_RET_ENC_NC;
  14388. if (cert.extKeyUsage != (KEYUSE_KEY_ENCIPHER|KEYUSE_KEY_AGREE))
  14389. return WC_TEST_RET_ENC_NC;
  14390. /* check the CA Basic Constraints from an RSA certificate */
  14391. if (cert.isCA)
  14392. return WC_TEST_RET_ENC_NC;
  14393. #ifndef WOLFSSL_SEP /* test only if not using SEP policies */
  14394. /* check the Certificate Policies Id */
  14395. if (cert.extCertPoliciesNb != 1)
  14396. return WC_TEST_RET_ENC_NC;
  14397. if (strncmp(cert.extCertPolicies[0], "2.16.840.1.101.3.4.1.42", 23))
  14398. return WC_TEST_RET_ENC_NC;
  14399. #endif
  14400. FreeDecodedCert(&cert);
  14401. #ifdef HAVE_ECC
  14402. /* load certecc.der (Cert signed by our ECC CA test in ecc_test_cert_gen) */
  14403. file = XFOPEN(certEccDerFile, "rb");
  14404. if (!file) {
  14405. XFREE(tmp, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  14406. return WC_TEST_RET_ENC_ERRNO;
  14407. }
  14408. bytes = XFREAD(tmp, 1, FOURK_BUF, file);
  14409. XFCLOSE(file);
  14410. if (bytes == 0)
  14411. return WC_TEST_RET_ENC_ERRNO;
  14412. InitDecodedCert(&cert, tmp, (word32)bytes, 0);
  14413. ret = ParseCert(&cert, CERT_TYPE, NO_VERIFY, 0);
  14414. if (ret != 0)
  14415. return WC_TEST_RET_ENC_EC(ret);
  14416. /* check the SKID from a ECC certificate - generated dynamically */
  14417. /* check the AKID from an ECC certificate */
  14418. if (XMEMCMP(akid_ecc, cert.extAuthKeyId, sizeof(cert.extAuthKeyId)))
  14419. return WC_TEST_RET_ENC_NC;
  14420. /* check the Key Usage from an ECC certificate */
  14421. if (!cert.extKeyUsageSet)
  14422. return WC_TEST_RET_ENC_NC;
  14423. if (cert.extKeyUsage != (KEYUSE_DIGITAL_SIG|KEYUSE_CONTENT_COMMIT))
  14424. return WC_TEST_RET_ENC_NC;
  14425. /* check the CA Basic Constraints from an ECC certificate */
  14426. if (cert.isCA)
  14427. return WC_TEST_RET_ENC_NC;
  14428. #ifndef WOLFSSL_SEP /* test only if not using SEP policies */
  14429. /* check the Certificate Policies Id */
  14430. if (cert.extCertPoliciesNb != 2)
  14431. return WC_TEST_RET_ENC_NC;
  14432. if (strncmp(cert.extCertPolicies[0], "2.4.589440.587.101.2.1.9632587.1", 32))
  14433. return WC_TEST_RET_ENC_NC;
  14434. if (strncmp(cert.extCertPolicies[1], "1.2.13025.489.1.113549", 22))
  14435. return WC_TEST_RET_ENC_NC;
  14436. #endif
  14437. FreeDecodedCert(&cert);
  14438. #endif /* HAVE_ECC */
  14439. /* load cert.der (self signed certificate) */
  14440. file = XFOPEN(certDerFile, "rb");
  14441. if (!file) {
  14442. XFREE(tmp, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  14443. return WC_TEST_RET_ENC_ERRNO;
  14444. }
  14445. bytes = XFREAD(tmp, 1, FOURK_BUF, file);
  14446. XFCLOSE(file);
  14447. if (bytes == 0)
  14448. return WC_TEST_RET_ENC_ERRNO;
  14449. InitDecodedCert(&cert, tmp, (word32)bytes, 0);
  14450. ret = ParseCert(&cert, CERT_TYPE, NO_VERIFY, 0);
  14451. if (ret != 0)
  14452. return WC_TEST_RET_ENC_EC(ret);
  14453. /* check the SKID from a CA certificate */
  14454. if (XMEMCMP(kid_ca, cert.extSubjKeyId, sizeof(cert.extSubjKeyId)))
  14455. return WC_TEST_RET_ENC_NC;
  14456. /* check the AKID from an CA certificate */
  14457. if (XMEMCMP(kid_ca, cert.extAuthKeyId, sizeof(cert.extAuthKeyId)))
  14458. return WC_TEST_RET_ENC_NC;
  14459. /* check the Key Usage from CA certificate */
  14460. if (!cert.extKeyUsageSet)
  14461. return WC_TEST_RET_ENC_NC;
  14462. if (cert.extKeyUsage != (KEYUSE_KEY_CERT_SIGN|KEYUSE_CRL_SIGN))
  14463. return WC_TEST_RET_ENC_NC;
  14464. /* check the CA Basic Constraints CA certificate */
  14465. if (!cert.isCA)
  14466. return WC_TEST_RET_ENC_NC;
  14467. #ifndef WOLFSSL_SEP /* test only if not using SEP policies */
  14468. /* check the Certificate Policies Id */
  14469. if (cert.extCertPoliciesNb != 2)
  14470. return WC_TEST_RET_ENC_NC;
  14471. if (strncmp(cert.extCertPolicies[0], "2.16.840.1.101.3.4.1.42", 23))
  14472. return WC_TEST_RET_ENC_NC;
  14473. if (strncmp(cert.extCertPolicies[1], "1.2.840.113549.1.9.16.6.5", 25))
  14474. return WC_TEST_RET_ENC_NC;
  14475. #endif
  14476. FreeDecodedCert(&cert);
  14477. XFREE(tmp, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  14478. return 0;
  14479. }
  14480. #endif /* WOLFSSL_CERT_EXT && WOLFSSL_TEST_CERT &&
  14481. !NO_FILESYSTEM && WOLFSSL_CERT_GEN */
  14482. #if defined(WOLFSSL_CERT_GEN_CACHE) && defined(WOLFSSL_TEST_CERT) && \
  14483. defined(WOLFSSL_CERT_EXT) && defined(WOLFSSL_CERT_GEN)
  14484. WOLFSSL_TEST_SUBROUTINE wc_test_ret_t decodedCertCache_test(void)
  14485. {
  14486. wc_test_ret_t ret = 0;
  14487. Cert cert;
  14488. FILE* file;
  14489. byte* der;
  14490. word32 derSz;
  14491. derSz = FOURK_BUF;
  14492. der = (byte *)XMALLOC(FOURK_BUF, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  14493. if (der == NULL)
  14494. ret = WC_TEST_RET_ENC_NC;
  14495. if (ret == 0) {
  14496. /* load cert.der */
  14497. file = XFOPEN(certDerFile, "rb");
  14498. if (file != NULL) {
  14499. derSz = (word32)XFREAD(der, 1, FOURK_BUF, file);
  14500. XFCLOSE(file);
  14501. if (derSz == 0)
  14502. ret = WC_TEST_RET_ENC_ERRNO;
  14503. }
  14504. else
  14505. ret = WC_TEST_RET_ENC_ERRNO;
  14506. }
  14507. if (ret == 0) {
  14508. ret = wc_InitCert_ex(&cert, HEAP_HINT, devId);
  14509. if (ret != 0)
  14510. ret = WC_TEST_RET_ENC_EC(ret);
  14511. }
  14512. if (ret == 0) {
  14513. ret = wc_SetSubjectBuffer(&cert, der, derSz);
  14514. if (ret != 0)
  14515. ret = WC_TEST_RET_ENC_EC(ret);
  14516. }
  14517. if (ret == 0) {
  14518. ret = wc_SetSubjectBuffer(NULL, der, derSz);
  14519. if (ret == BAD_FUNC_ARG)
  14520. ret = 0;
  14521. else
  14522. ret = WC_TEST_RET_ENC_EC(ret);
  14523. }
  14524. if (ret == 0) {
  14525. ret = wc_SetSubjectRaw(&cert, der, derSz);
  14526. if (ret != 0)
  14527. ret = WC_TEST_RET_ENC_EC(ret);
  14528. }
  14529. if (ret == 0) {
  14530. ret = wc_SetSubjectRaw(NULL, der, derSz);
  14531. if (ret == BAD_FUNC_ARG)
  14532. ret = 0;
  14533. else
  14534. ret = WC_TEST_RET_ENC_EC(ret);
  14535. }
  14536. if (ret == 0) {
  14537. ret = wc_SetIssuerBuffer(&cert, der, derSz);
  14538. if (ret != 0)
  14539. ret = WC_TEST_RET_ENC_EC(ret);
  14540. }
  14541. if (ret == 0) {
  14542. ret = wc_SetIssuerBuffer(NULL, der, derSz);
  14543. if (ret == BAD_FUNC_ARG)
  14544. ret = 0;
  14545. else
  14546. ret = WC_TEST_RET_ENC_EC(ret);
  14547. }
  14548. if (ret == 0) {
  14549. ret = wc_SetIssuerRaw(&cert, der, derSz);
  14550. if (ret != 0)
  14551. ret = WC_TEST_RET_ENC_EC(ret);
  14552. }
  14553. if (ret == 0) {
  14554. ret = wc_SetIssuerRaw(NULL, der, derSz);
  14555. if (ret == BAD_FUNC_ARG)
  14556. ret = 0;
  14557. else
  14558. ret = WC_TEST_RET_ENC_EC(ret);
  14559. }
  14560. #ifdef WOLFSSL_ALT_NAMES
  14561. if (ret == 0) {
  14562. ret = wc_SetAltNamesBuffer(&cert, der, derSz);
  14563. if (ret != 0)
  14564. ret = WC_TEST_RET_ENC_EC(ret);
  14565. }
  14566. if (ret == 0) {
  14567. ret = wc_SetAltNamesBuffer(NULL, der, derSz);
  14568. if (ret == BAD_FUNC_ARG)
  14569. ret = 0;
  14570. else
  14571. ret = WC_TEST_RET_ENC_EC(ret);
  14572. }
  14573. if (ret == 0) {
  14574. ret = wc_SetDatesBuffer(&cert, der, derSz);
  14575. if (ret != 0)
  14576. ret = WC_TEST_RET_ENC_EC(ret);
  14577. }
  14578. if (ret == 0) {
  14579. ret = wc_SetDatesBuffer(NULL, der, derSz);
  14580. if (ret == BAD_FUNC_ARG)
  14581. ret = 0;
  14582. else
  14583. ret = WC_TEST_RET_ENC_EC(ret);
  14584. }
  14585. #endif
  14586. if (ret == 0) {
  14587. ret = wc_SetAuthKeyIdFromCert(&cert, der, derSz);
  14588. if (ret != 0)
  14589. ret = WC_TEST_RET_ENC_EC(ret);
  14590. }
  14591. if (ret == 0) {
  14592. ret = wc_SetAuthKeyIdFromCert(NULL, der, derSz);
  14593. if (ret == BAD_FUNC_ARG)
  14594. ret = 0;
  14595. else
  14596. ret = WC_TEST_RET_ENC_NC;
  14597. }
  14598. wc_SetCert_Free(&cert);
  14599. if (ret == 0) {
  14600. if(cert.decodedCert != NULL)
  14601. ret = WC_TEST_RET_ENC_NC;
  14602. }
  14603. XFREE(der, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  14604. return ret;
  14605. }
  14606. #endif /* defined(WOLFSSL_CERT_GEN_CACHE) && defined(WOLFSSL_TEST_CERT) &&
  14607. defined(WOLFSSL_CERT_EXT) && defined(WOLFSSL_CERT_GEN) */
  14608. #define RSA_TEST_BYTES 512 /* up to 4096-bit key */
  14609. #if !defined(NO_ASN) && !defined(WOLFSSL_RSA_PUBLIC_ONLY) && \
  14610. !defined(WOLFSSL_RSA_VERIFY_ONLY)
  14611. static wc_test_ret_t rsa_flatten_test(RsaKey* key)
  14612. {
  14613. wc_test_ret_t ret;
  14614. byte e[RSA_TEST_BYTES];
  14615. byte n[RSA_TEST_BYTES];
  14616. word32 eSz = sizeof(e);
  14617. word32 nSz = sizeof(n);
  14618. /* Parameter Validation testing. */
  14619. ret = wc_RsaFlattenPublicKey(NULL, e, &eSz, n, &nSz);
  14620. if (ret != BAD_FUNC_ARG)
  14621. return WC_TEST_RET_ENC_EC(ret);
  14622. ret = wc_RsaFlattenPublicKey(key, NULL, &eSz, n, &nSz);
  14623. if (ret != BAD_FUNC_ARG)
  14624. return WC_TEST_RET_ENC_EC(ret);
  14625. ret = wc_RsaFlattenPublicKey(key, e, NULL, n, &nSz);
  14626. if (ret != BAD_FUNC_ARG)
  14627. return WC_TEST_RET_ENC_EC(ret);
  14628. ret = wc_RsaFlattenPublicKey(key, e, &eSz, NULL, &nSz);
  14629. if (ret != BAD_FUNC_ARG)
  14630. return WC_TEST_RET_ENC_EC(ret);
  14631. ret = wc_RsaFlattenPublicKey(key, e, &eSz, n, NULL);
  14632. if (ret != BAD_FUNC_ARG)
  14633. return WC_TEST_RET_ENC_EC(ret);
  14634. ret = wc_RsaFlattenPublicKey(key, e, &eSz, n, &nSz);
  14635. if (ret != 0)
  14636. return WC_TEST_RET_ENC_EC(ret);
  14637. eSz = 0;
  14638. ret = wc_RsaFlattenPublicKey(key, e, &eSz, n, &nSz);
  14639. if (ret != RSA_BUFFER_E)
  14640. return WC_TEST_RET_ENC_EC(ret);
  14641. eSz = sizeof(e);
  14642. nSz = 0;
  14643. ret = wc_RsaFlattenPublicKey(key, e, &eSz, n, &nSz);
  14644. if (ret != RSA_BUFFER_E)
  14645. return WC_TEST_RET_ENC_EC(ret);
  14646. return 0;
  14647. }
  14648. #endif /* NO_ASN */
  14649. #if !defined(HAVE_FIPS) && !defined(NO_ASN) \
  14650. && !defined(WOLFSSL_RSA_VERIFY_ONLY)
  14651. static wc_test_ret_t rsa_export_key_test(RsaKey* key)
  14652. {
  14653. wc_test_ret_t ret;
  14654. byte e[3];
  14655. word32 eSz = sizeof(e);
  14656. byte n[RSA_TEST_BYTES];
  14657. word32 nSz = sizeof(n);
  14658. byte d[RSA_TEST_BYTES];
  14659. word32 dSz = sizeof(d);
  14660. byte p[RSA_TEST_BYTES/2];
  14661. word32 pSz = sizeof(p);
  14662. byte q[RSA_TEST_BYTES/2];
  14663. word32 qSz = sizeof(q);
  14664. word32 zero = 0;
  14665. ret = wc_RsaExportKey(NULL, e, &eSz, n, &nSz, d, &dSz, p, &pSz, q, &qSz);
  14666. if (ret != BAD_FUNC_ARG)
  14667. return WC_TEST_RET_ENC_EC(ret);
  14668. ret = wc_RsaExportKey(key, NULL, &eSz, n, &nSz, d, &dSz, p, &pSz, q, &qSz);
  14669. if (ret != BAD_FUNC_ARG)
  14670. return WC_TEST_RET_ENC_EC(ret);
  14671. ret = wc_RsaExportKey(key, e, NULL, n, &nSz, d, &dSz, p, &pSz, q, &qSz);
  14672. if (ret != BAD_FUNC_ARG)
  14673. return WC_TEST_RET_ENC_EC(ret);
  14674. ret = wc_RsaExportKey(key, e, &eSz, NULL, &nSz, d, &dSz, p, &pSz, q, &qSz);
  14675. if (ret != BAD_FUNC_ARG)
  14676. return WC_TEST_RET_ENC_EC(ret);
  14677. ret = wc_RsaExportKey(key, e, &eSz, n, NULL, d, &dSz, p, &pSz, q, &qSz);
  14678. if (ret != BAD_FUNC_ARG)
  14679. return WC_TEST_RET_ENC_EC(ret);
  14680. ret = wc_RsaExportKey(key, e, &eSz, n, &nSz, NULL, &dSz, p, &pSz, q, &qSz);
  14681. if (ret != BAD_FUNC_ARG)
  14682. return WC_TEST_RET_ENC_EC(ret);
  14683. ret = wc_RsaExportKey(key, e, &eSz, n, &nSz, d, NULL, p, &pSz, q, &qSz);
  14684. if (ret != BAD_FUNC_ARG)
  14685. return WC_TEST_RET_ENC_EC(ret);
  14686. ret = wc_RsaExportKey(key, e, &eSz, n, &nSz, d, &dSz, NULL, &pSz, q, &qSz);
  14687. if (ret != BAD_FUNC_ARG)
  14688. return WC_TEST_RET_ENC_EC(ret);
  14689. ret = wc_RsaExportKey(key, e, &eSz, n, &nSz, d, &dSz, p, NULL, q, &qSz);
  14690. if (ret != BAD_FUNC_ARG)
  14691. return WC_TEST_RET_ENC_EC(ret);
  14692. ret = wc_RsaExportKey(key, e, &eSz, n, &nSz, d, &dSz, p, &pSz, NULL, &qSz);
  14693. if (ret != BAD_FUNC_ARG)
  14694. return WC_TEST_RET_ENC_EC(ret);
  14695. ret = wc_RsaExportKey(key, e, &eSz, n, &nSz, d, &dSz, p, &pSz, q, NULL);
  14696. if (ret != BAD_FUNC_ARG)
  14697. return WC_TEST_RET_ENC_EC(ret);
  14698. ret = wc_RsaExportKey(key, e, &zero, n, &nSz, d, &dSz, p, &pSz, q, &qSz);
  14699. if (ret != RSA_BUFFER_E)
  14700. return WC_TEST_RET_ENC_EC(ret);
  14701. ret = wc_RsaExportKey(key, e, &eSz, n, &zero, d, &dSz, p, &pSz, q, &qSz);
  14702. if (ret != RSA_BUFFER_E)
  14703. return WC_TEST_RET_ENC_EC(ret);
  14704. #ifndef WOLFSSL_RSA_PUBLIC_ONLY
  14705. ret = wc_RsaExportKey(key, e, &eSz, n, &nSz, d, &zero, p, &pSz, q, &qSz);
  14706. if (ret != RSA_BUFFER_E)
  14707. return WC_TEST_RET_ENC_EC(ret);
  14708. ret = wc_RsaExportKey(key, e, &eSz, n, &nSz, d, &dSz, p, &zero, q, &qSz);
  14709. if (ret != RSA_BUFFER_E)
  14710. return WC_TEST_RET_ENC_EC(ret);
  14711. ret = wc_RsaExportKey(key, e, &eSz, n, &nSz, d, &dSz, p, &pSz, q, &zero);
  14712. if (ret != RSA_BUFFER_E)
  14713. return WC_TEST_RET_ENC_EC(ret);
  14714. #endif /* WOLFSSL_RSA_PUBLIC_ONLY */
  14715. ret = wc_RsaExportKey(key, e, &eSz, n, &nSz, d, &dSz, p, &pSz, q, &qSz);
  14716. if (ret != 0)
  14717. return WC_TEST_RET_ENC_EC(ret);
  14718. return 0;
  14719. }
  14720. #endif /* !HAVE_FIPS && !NO_ASN && !WOLFSSL_RSA_VERIFY_ONLY */
  14721. #ifndef NO_SIG_WRAPPER
  14722. static wc_test_ret_t rsa_sig_test(RsaKey* key, word32 keyLen, int modLen, WC_RNG* rng)
  14723. {
  14724. wc_test_ret_t ret;
  14725. word32 sigSz;
  14726. WOLFSSL_SMALL_STACK_STATIC const byte in[] = TEST_STRING;
  14727. WOLFSSL_SMALL_STACK_STATIC const byte hash[] = {
  14728. 0xf2, 0x02, 0x95, 0x65, 0xcb, 0xf6, 0x2a, 0x59,
  14729. 0x39, 0x2c, 0x05, 0xff, 0x0e, 0x29, 0xaf, 0xfe,
  14730. 0x47, 0x33, 0x8c, 0x99, 0x8d, 0x58, 0x64, 0x83,
  14731. 0xa6, 0x58, 0x0a, 0x33, 0x0b, 0x84, 0x5f, 0x5f
  14732. };
  14733. WOLFSSL_SMALL_STACK_STATIC const byte hashEnc[] = {
  14734. 0x30, 0x31, 0x30, 0x0d, 0x06, 0x09, 0x60, 0x86,
  14735. 0x48, 0x01, 0x65, 0x03, 0x04, 0x02, 0x01, 0x05,
  14736. 0x00, 0x04, 0x20,
  14737. 0xf2, 0x02, 0x95, 0x65, 0xcb, 0xf6, 0x2a, 0x59,
  14738. 0x39, 0x2c, 0x05, 0xff, 0x0e, 0x29, 0xaf, 0xfe,
  14739. 0x47, 0x33, 0x8c, 0x99, 0x8d, 0x58, 0x64, 0x83,
  14740. 0xa6, 0x58, 0x0a, 0x33, 0x0b, 0x84, 0x5f, 0x5f
  14741. };
  14742. word32 inLen = (word32)XSTRLEN((char*)in);
  14743. byte out[RSA_TEST_BYTES];
  14744. /* Parameter Validation testing. */
  14745. ret = wc_SignatureGetSize(WC_SIGNATURE_TYPE_NONE, key, keyLen);
  14746. if (ret != BAD_FUNC_ARG)
  14747. return WC_TEST_RET_ENC_EC(ret);
  14748. ret = wc_SignatureGetSize(WC_SIGNATURE_TYPE_RSA, key, 0);
  14749. if (ret != BAD_FUNC_ARG)
  14750. return WC_TEST_RET_ENC_EC(ret);
  14751. sigSz = (word32)modLen;
  14752. ret = wc_SignatureGenerate(WC_HASH_TYPE_SHA256, WC_SIGNATURE_TYPE_RSA, NULL,
  14753. inLen, out, &sigSz, key, keyLen, rng);
  14754. if (ret != BAD_FUNC_ARG)
  14755. return WC_TEST_RET_ENC_EC(ret);
  14756. ret = wc_SignatureGenerate(WC_HASH_TYPE_SHA256, WC_SIGNATURE_TYPE_RSA, in,
  14757. 0, out, &sigSz, key, keyLen, rng);
  14758. if (ret != BAD_FUNC_ARG)
  14759. return WC_TEST_RET_ENC_EC(ret);
  14760. ret = wc_SignatureGenerate(WC_HASH_TYPE_SHA256, WC_SIGNATURE_TYPE_RSA, in,
  14761. inLen, NULL, &sigSz, key, keyLen, rng);
  14762. if (ret != BAD_FUNC_ARG)
  14763. return WC_TEST_RET_ENC_EC(ret);
  14764. ret = wc_SignatureGenerate(WC_HASH_TYPE_SHA256, WC_SIGNATURE_TYPE_RSA, in,
  14765. inLen, out, NULL, key, keyLen, rng);
  14766. if (ret != BAD_FUNC_ARG)
  14767. return WC_TEST_RET_ENC_EC(ret);
  14768. ret = wc_SignatureGenerate(WC_HASH_TYPE_SHA256, WC_SIGNATURE_TYPE_RSA, in,
  14769. inLen, out, &sigSz, NULL, keyLen, rng);
  14770. if (ret != BAD_FUNC_ARG)
  14771. return WC_TEST_RET_ENC_EC(ret);
  14772. ret = wc_SignatureGenerate(WC_HASH_TYPE_SHA256, WC_SIGNATURE_TYPE_RSA, in,
  14773. inLen, out, &sigSz, key, 0, rng);
  14774. if (ret != BAD_FUNC_ARG)
  14775. return WC_TEST_RET_ENC_EC(ret);
  14776. ret = wc_SignatureGenerate(WC_HASH_TYPE_SHA256, WC_SIGNATURE_TYPE_RSA, in,
  14777. inLen, out, &sigSz, key, keyLen, NULL);
  14778. #if defined(WOLFSSL_AFALG_XILINX_RSA) || defined(WOLFSSL_XILINX_CRYPT)
  14779. /* blinding / rng handled with hardware acceleration */
  14780. if (ret != 0)
  14781. #elif defined(WOLFSSL_ASYNC_CRYPT) || defined(WOLF_CRYPTO_CB)
  14782. /* async may not require RNG */
  14783. #if defined(WOLF_CRYPTO_CB_ONLY_RSA)
  14784. if (ret != NO_VALID_DEVID)
  14785. #else
  14786. if (ret != 0 && ret != MISSING_RNG_E)
  14787. #endif
  14788. #elif defined(HAVE_FIPS) || !defined(WC_RSA_BLINDING)
  14789. /* FIPS140 implementation does not do blinding */
  14790. if (ret != 0)
  14791. #elif defined(WOLFSSL_RSA_PUBLIC_ONLY) || defined(WOLFSSL_RSA_VERIFY_ONLY)
  14792. if (ret != SIG_TYPE_E)
  14793. #elif defined(WOLFSSL_CRYPTOCELL) || defined(WOLFSSL_SE050)
  14794. /* RNG is handled by hardware */
  14795. if (ret != 0)
  14796. #else
  14797. if (ret != MISSING_RNG_E)
  14798. #endif
  14799. return WC_TEST_RET_ENC_EC(ret);
  14800. sigSz = 0;
  14801. ret = wc_SignatureGenerate(WC_HASH_TYPE_SHA256, WC_SIGNATURE_TYPE_RSA, in,
  14802. inLen, out, &sigSz, key, keyLen, rng);
  14803. if (ret != BAD_FUNC_ARG)
  14804. return WC_TEST_RET_ENC_EC(ret);
  14805. ret = wc_SignatureVerify(WC_HASH_TYPE_SHA256, WC_SIGNATURE_TYPE_RSA, NULL,
  14806. inLen, out, (word32)modLen, key, keyLen);
  14807. if (ret != BAD_FUNC_ARG)
  14808. return WC_TEST_RET_ENC_EC(ret);
  14809. ret = wc_SignatureVerify(WC_HASH_TYPE_SHA256, WC_SIGNATURE_TYPE_RSA, in,
  14810. 0, out, (word32)modLen, key, keyLen);
  14811. if (ret != BAD_FUNC_ARG)
  14812. return WC_TEST_RET_ENC_EC(ret);
  14813. ret = wc_SignatureVerify(WC_HASH_TYPE_SHA256, WC_SIGNATURE_TYPE_RSA, in,
  14814. inLen, NULL, (word32)modLen, key, keyLen);
  14815. if (ret != BAD_FUNC_ARG)
  14816. return WC_TEST_RET_ENC_EC(ret);
  14817. ret = wc_SignatureVerify(WC_HASH_TYPE_SHA256, WC_SIGNATURE_TYPE_RSA, in,
  14818. inLen, out, 0, key, keyLen);
  14819. if (ret != BAD_FUNC_ARG)
  14820. return WC_TEST_RET_ENC_EC(ret);
  14821. ret = wc_SignatureVerify(WC_HASH_TYPE_SHA256, WC_SIGNATURE_TYPE_RSA, in,
  14822. inLen, out, (word32)modLen, NULL, keyLen);
  14823. if (ret != BAD_FUNC_ARG)
  14824. return WC_TEST_RET_ENC_EC(ret);
  14825. ret = wc_SignatureVerify(WC_HASH_TYPE_SHA256, WC_SIGNATURE_TYPE_RSA, in,
  14826. inLen, out, (word32)modLen, key, 0);
  14827. if (ret != BAD_FUNC_ARG)
  14828. return WC_TEST_RET_ENC_EC(ret);
  14829. #ifndef HAVE_ECC
  14830. ret = wc_SignatureGetSize(WC_SIGNATURE_TYPE_ECC, key, keyLen);
  14831. if (ret != SIG_TYPE_E)
  14832. return WC_TEST_RET_ENC_EC(ret);
  14833. #endif
  14834. #if defined(WOLF_CRYPTO_CB_ONLY_RSA)
  14835. return 0;
  14836. #endif
  14837. /* Use APIs. */
  14838. ret = wc_SignatureGetSize(WC_SIGNATURE_TYPE_RSA, key, keyLen);
  14839. if (ret != modLen)
  14840. return WC_TEST_RET_ENC_EC(ret);
  14841. ret = wc_SignatureGetSize(WC_SIGNATURE_TYPE_RSA_W_ENC, key, keyLen);
  14842. if (ret != modLen)
  14843. return WC_TEST_RET_ENC_EC(ret);
  14844. sigSz = (word32)ret;
  14845. #if !defined(WOLFSSL_RSA_PUBLIC_ONLY) && !defined(WOLFSSL_RSA_VERIFY_ONLY)
  14846. XMEMSET(out, 0, sizeof(out));
  14847. ret = wc_SignatureGenerate(WC_HASH_TYPE_SHA256, WC_SIGNATURE_TYPE_RSA, in,
  14848. inLen, out, &sigSz, key, keyLen, rng);
  14849. if (ret != 0)
  14850. return WC_TEST_RET_ENC_EC(ret);
  14851. ret = wc_SignatureVerify(WC_HASH_TYPE_SHA256, WC_SIGNATURE_TYPE_RSA, in,
  14852. inLen, out, (word32)modLen, key, keyLen);
  14853. if (ret != 0)
  14854. return WC_TEST_RET_ENC_EC(ret);
  14855. sigSz = (word32)sizeof(out);
  14856. ret = wc_SignatureGenerate(WC_HASH_TYPE_SHA256, WC_SIGNATURE_TYPE_RSA_W_ENC,
  14857. in, inLen, out, &sigSz, key, keyLen, rng);
  14858. if (ret != 0)
  14859. return WC_TEST_RET_ENC_EC(ret);
  14860. ret = wc_SignatureVerify(WC_HASH_TYPE_SHA256, WC_SIGNATURE_TYPE_RSA_W_ENC,
  14861. in, inLen, out, (word32)modLen, key, keyLen);
  14862. if (ret != 0)
  14863. return WC_TEST_RET_ENC_EC(ret);
  14864. /* Wrong signature type. */
  14865. ret = wc_SignatureVerify(WC_HASH_TYPE_SHA256, WC_SIGNATURE_TYPE_RSA, in,
  14866. inLen, out, (word32)modLen, key, keyLen);
  14867. if (ret == 0)
  14868. return WC_TEST_RET_ENC_EC(ret);
  14869. /* check hash functions */
  14870. sigSz = (word32)sizeof(out);
  14871. ret = wc_SignatureGenerateHash(WC_HASH_TYPE_SHA256, WC_SIGNATURE_TYPE_RSA,
  14872. hash, (int)sizeof(hash), out, &sigSz, key, keyLen, rng);
  14873. if (ret != 0)
  14874. return WC_TEST_RET_ENC_EC(ret);
  14875. ret = wc_SignatureVerifyHash(WC_HASH_TYPE_SHA256, WC_SIGNATURE_TYPE_RSA,
  14876. hash, (int)sizeof(hash), out, (word32)modLen, key, keyLen);
  14877. if (ret != 0)
  14878. return WC_TEST_RET_ENC_EC(ret);
  14879. sigSz = (word32)sizeof(out);
  14880. ret = wc_SignatureGenerateHash(WC_HASH_TYPE_SHA256, WC_SIGNATURE_TYPE_RSA_W_ENC,
  14881. hashEnc, (int)sizeof(hashEnc), out, &sigSz, key, keyLen, rng);
  14882. if (ret != 0)
  14883. return WC_TEST_RET_ENC_EC(ret);
  14884. ret = wc_SignatureVerifyHash(WC_HASH_TYPE_SHA256, WC_SIGNATURE_TYPE_RSA_W_ENC,
  14885. hashEnc, (int)sizeof(hashEnc), out, (word32)modLen, key, keyLen);
  14886. if (ret != 0)
  14887. return WC_TEST_RET_ENC_EC(ret);
  14888. #else
  14889. (void)hash;
  14890. (void)hashEnc;
  14891. #endif /* !WOLFSSL_RSA_PUBLIC_ONLY && !WOLFSSL_RSA_VERIFY_ONLY */
  14892. return 0;
  14893. }
  14894. #endif /* !NO_SIG_WRAPPER */
  14895. #ifdef WC_RSA_NONBLOCK
  14896. static wc_test_ret_t rsa_nb_test(RsaKey* key, const byte* in, word32 inLen, byte* out,
  14897. word32 outSz, byte* plain, word32 plainSz, WC_RNG* rng)
  14898. {
  14899. wc_test_ret_t ret = 0;
  14900. int count;
  14901. int signSz = 0;
  14902. RsaNb nb;
  14903. byte* inlinePlain = NULL;
  14904. /* Enable non-blocking RSA mode - provide context */
  14905. ret = wc_RsaSetNonBlock(key, &nb);
  14906. if (ret != 0)
  14907. return ret;
  14908. #ifdef WC_RSA_NONBLOCK_TIME
  14909. /* Enable time based RSA blocking. 8 microseconds max (3.1GHz) */
  14910. ret = wc_RsaSetNonBlockTime(key, 8, 3100);
  14911. if (ret != 0)
  14912. return ret;
  14913. #endif
  14914. count = 0;
  14915. do {
  14916. ret = wc_RsaSSL_Sign(in, inLen, out, outSz, key, rng);
  14917. count++; /* track number of would blocks */
  14918. if (ret == FP_WOULDBLOCK) {
  14919. /* do "other" work here */
  14920. }
  14921. } while (ret == FP_WOULDBLOCK);
  14922. if (ret < 0) {
  14923. return ret;
  14924. }
  14925. #if defined(DEBUG_WOLFSSL) || defined(WOLFSSL_DEBUG_NONBLOCK)
  14926. printf("RSA non-block sign: %d times\n", count);
  14927. #endif
  14928. signSz = ret;
  14929. /* Test non-blocking verify */
  14930. XMEMSET(plain, 0, plainSz);
  14931. count = 0;
  14932. do {
  14933. ret = wc_RsaSSL_Verify(out, (word32)signSz, plain, plainSz, key);
  14934. count++; /* track number of would blocks */
  14935. if (ret == FP_WOULDBLOCK) {
  14936. /* do "other" work here */
  14937. }
  14938. } while (ret == FP_WOULDBLOCK);
  14939. if (ret < 0) {
  14940. return ret;
  14941. }
  14942. #if defined(DEBUG_WOLFSSL) || defined(WOLFSSL_DEBUG_NONBLOCK)
  14943. printf("RSA non-block verify: %d times\n", count);
  14944. #endif
  14945. if (signSz == ret && XMEMCMP(plain, in, (size_t)ret)) {
  14946. return SIG_VERIFY_E;
  14947. }
  14948. /* Test inline non-blocking verify */
  14949. count = 0;
  14950. do {
  14951. ret = wc_RsaSSL_VerifyInline(out, (word32)signSz, &inlinePlain, key);
  14952. count++; /* track number of would blocks */
  14953. if (ret == FP_WOULDBLOCK) {
  14954. /* do "other" work here */
  14955. }
  14956. } while (ret == FP_WOULDBLOCK);
  14957. if (ret < 0) {
  14958. return ret;
  14959. }
  14960. #if defined(DEBUG_WOLFSSL) || defined(WOLFSSL_DEBUG_NONBLOCK)
  14961. printf("RSA non-block inline verify: %d times\n", count);
  14962. #endif
  14963. if (signSz == ret && XMEMCMP(inlinePlain, in, (size_t)ret)) {
  14964. return SIG_VERIFY_E;
  14965. }
  14966. /* Disabling non-block RSA mode */
  14967. ret = wc_RsaSetNonBlock(key, NULL);
  14968. (void)count;
  14969. return 0;
  14970. }
  14971. #endif
  14972. #if !defined(NO_ASN)
  14973. static wc_test_ret_t rsa_decode_test(RsaKey* keyPub)
  14974. {
  14975. wc_test_ret_t ret;
  14976. word32 inSz;
  14977. word32 inOutIdx;
  14978. WOLFSSL_SMALL_STACK_STATIC const byte n[2] = { 0x00, 0x23 };
  14979. WOLFSSL_SMALL_STACK_STATIC const byte e[2] = { 0x00, 0x03 };
  14980. WOLFSSL_SMALL_STACK_STATIC const byte good[] = { 0x30, 0x06, 0x02, 0x01, 0x23, 0x02, 0x1,
  14981. 0x03 };
  14982. WOLFSSL_SMALL_STACK_STATIC const byte goodAlgId[] = {
  14983. 0x30, 0x18, 0x30, 0x16,
  14984. 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x01,
  14985. 0x03, 0x09, 0x00, 0x30, 0x06, 0x02, 0x01, 0x23, 0x02, 0x1, 0x03 };
  14986. WOLFSSL_SMALL_STACK_STATIC const byte goodAlgIdNull[] = {
  14987. 0x30, 0x1a, 0x30, 0x18,
  14988. 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x01,
  14989. 0x05, 0x00, 0x03, 0x09, 0x00, 0x30, 0x06, 0x02, 0x01, 0x23,
  14990. 0x02, 0x1, 0x03 };
  14991. WOLFSSL_SMALL_STACK_STATIC const byte badAlgIdNull[] = {
  14992. 0x30, 0x1b, 0x30, 0x19,
  14993. 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x01,
  14994. 0x05, 0x01, 0x00, 0x03, 0x09, 0x00, 0x30, 0x06, 0x02, 0x01, 0x23,
  14995. 0x02, 0x1, 0x03 };
  14996. WOLFSSL_SMALL_STACK_STATIC const byte badNotBitString[] = {
  14997. 0x30, 0x18, 0x30, 0x16,
  14998. 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x01,
  14999. 0x04, 0x09, 0x00, 0x30, 0x06, 0x02, 0x01, 0x23, 0x02, 0x1, 0x03 };
  15000. WOLFSSL_SMALL_STACK_STATIC const byte badBitStringLen[] = {
  15001. 0x30, 0x18, 0x30, 0x16,
  15002. 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x01,
  15003. 0x03, 0x0a, 0x00, 0x30, 0x06, 0x02, 0x01, 0x23, 0x02, 0x1, 0x03 };
  15004. WOLFSSL_SMALL_STACK_STATIC const byte badNoSeq[] = {
  15005. 0x30, 0x16, 0x30, 0x14,
  15006. 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x01,
  15007. 0x07, 0x00, 0x02, 0x01, 0x23, 0x02, 0x1, 0x03 };
  15008. WOLFSSL_SMALL_STACK_STATIC const byte badNoObj[] = {
  15009. 0x30, 0x0f, 0x30, 0x0d, 0x05, 0x00, 0x03, 0x09, 0x00, 0x30, 0x06,
  15010. 0x02, 0x01, 0x23, 0x02, 0x1, 0x03 };
  15011. WOLFSSL_SMALL_STACK_STATIC const byte badIntN[] = {
  15012. 0x30, 0x06, 0x02, 0x05, 0x23, 0x02, 0x1, 0x03 };
  15013. WOLFSSL_SMALL_STACK_STATIC const byte badNotIntE[] = {
  15014. 0x30, 0x06, 0x02, 0x01, 0x23, 0x04, 0x1, 0x03 };
  15015. WOLFSSL_SMALL_STACK_STATIC const byte badLength[] = {
  15016. 0x30, 0x04, 0x02, 0x01, 0x23, 0x02, 0x1, 0x03 };
  15017. WOLFSSL_SMALL_STACK_STATIC const byte badBitStrNoZero[] = {
  15018. 0x30, 0x17, 0x30, 0x15,
  15019. 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x01,
  15020. 0x03, 0x08, 0x30, 0x06, 0x02, 0x01, 0x23, 0x02, 0x1, 0x03 };
  15021. ret = wc_InitRsaKey(keyPub, NULL);
  15022. if (ret != 0)
  15023. return WC_TEST_RET_ENC_EC(ret);
  15024. /* Parameter Validation testing. */
  15025. ret = wc_RsaPublicKeyDecodeRaw(NULL, sizeof(n), e, sizeof(e), keyPub);
  15026. if (ret != BAD_FUNC_ARG) {
  15027. ret = WC_TEST_RET_ENC_EC(ret);
  15028. goto done;
  15029. }
  15030. ret = wc_RsaPublicKeyDecodeRaw(n, sizeof(n), NULL, sizeof(e), keyPub);
  15031. if (ret != BAD_FUNC_ARG) {
  15032. ret = WC_TEST_RET_ENC_EC(ret);
  15033. goto done;
  15034. }
  15035. ret = wc_RsaPublicKeyDecodeRaw(n, sizeof(n), e, sizeof(e), NULL);
  15036. if (ret != BAD_FUNC_ARG) {
  15037. ret = WC_TEST_RET_ENC_EC(ret);
  15038. goto done;
  15039. }
  15040. ret = wc_RsaPublicKeyDecodeRaw(n, (word32)-1, e, sizeof(e), keyPub);
  15041. #if defined(USE_INTEGER_HEAP_MATH)
  15042. if (ret != 0)
  15043. #else
  15044. if (ret != ASN_GETINT_E)
  15045. #endif
  15046. {
  15047. ret = WC_TEST_RET_ENC_EC(ret);
  15048. goto done;
  15049. }
  15050. wc_FreeRsaKey(keyPub);
  15051. ret = wc_InitRsaKey(keyPub, NULL);
  15052. if (ret != 0)
  15053. return WC_TEST_RET_ENC_EC(ret);
  15054. ret = wc_RsaPublicKeyDecodeRaw(n, sizeof(n), e, (word32)-1, keyPub);
  15055. #if defined(USE_INTEGER_HEAP_MATH)
  15056. if (ret != 0)
  15057. #else
  15058. if (ret != ASN_GETINT_E)
  15059. #endif
  15060. {
  15061. ret = WC_TEST_RET_ENC_EC(ret);
  15062. goto done;
  15063. }
  15064. wc_FreeRsaKey(keyPub);
  15065. ret = wc_InitRsaKey(keyPub, NULL);
  15066. if (ret != 0)
  15067. return WC_TEST_RET_ENC_EC(ret);
  15068. /* Use API. */
  15069. ret = wc_RsaPublicKeyDecodeRaw(n, sizeof(n), e, sizeof(e), keyPub);
  15070. if (ret != 0) {
  15071. ret = WC_TEST_RET_ENC_EC(ret);
  15072. goto done;
  15073. }
  15074. wc_FreeRsaKey(keyPub);
  15075. ret = wc_InitRsaKey(keyPub, NULL);
  15076. if (ret != 0)
  15077. return WC_TEST_RET_ENC_EC(ret);
  15078. /* Parameter Validation testing. */
  15079. inSz = sizeof(good);
  15080. ret = wc_RsaPublicKeyDecode(NULL, &inOutIdx, keyPub, inSz);
  15081. if (ret != BAD_FUNC_ARG) {
  15082. ret = WC_TEST_RET_ENC_EC(ret);
  15083. goto done;
  15084. }
  15085. ret = wc_RsaPublicKeyDecode(good, NULL, keyPub, inSz);
  15086. if (ret != BAD_FUNC_ARG) {
  15087. ret = WC_TEST_RET_ENC_EC(ret);
  15088. goto done;
  15089. }
  15090. ret = wc_RsaPublicKeyDecode(good, &inOutIdx, NULL, inSz);
  15091. if (ret != BAD_FUNC_ARG) {
  15092. ret = WC_TEST_RET_ENC_EC(ret);
  15093. goto done;
  15094. }
  15095. /* Use good data and offset to bad data. */
  15096. inOutIdx = 2;
  15097. inSz = sizeof(good) - inOutIdx;
  15098. ret = wc_RsaPublicKeyDecode(good, &inOutIdx, keyPub, inSz);
  15099. if (ret != ASN_PARSE_E) {
  15100. ret = WC_TEST_RET_ENC_EC(ret);
  15101. goto done;
  15102. }
  15103. inOutIdx = 2;
  15104. inSz = sizeof(goodAlgId) - inOutIdx;
  15105. ret = wc_RsaPublicKeyDecode(goodAlgId, &inOutIdx, keyPub, inSz);
  15106. if (ret != ASN_PARSE_E) {
  15107. ret = WC_TEST_RET_ENC_EC(ret);
  15108. goto done;
  15109. }
  15110. inOutIdx = 2;
  15111. inSz = sizeof(goodAlgId);
  15112. ret = wc_RsaPublicKeyDecode(goodAlgId, &inOutIdx, keyPub, inSz);
  15113. #ifndef WOLFSSL_NO_DECODE_EXTRA
  15114. if (ret != ASN_PARSE_E)
  15115. #else
  15116. if (ret != ASN_RSA_KEY_E)
  15117. #endif
  15118. {
  15119. ret = WC_TEST_RET_ENC_EC(ret);
  15120. goto done;
  15121. }
  15122. /* Try different bad data. */
  15123. inSz = sizeof(badAlgIdNull);
  15124. inOutIdx = 0;
  15125. ret = wc_RsaPublicKeyDecode(badAlgIdNull, &inOutIdx, keyPub, inSz);
  15126. if (ret != ASN_EXPECT_0_E) {
  15127. ret = WC_TEST_RET_ENC_EC(ret);
  15128. goto done;
  15129. }
  15130. inSz = sizeof(badNotBitString);
  15131. inOutIdx = 0;
  15132. ret = wc_RsaPublicKeyDecode(badNotBitString, &inOutIdx, keyPub, inSz);
  15133. if (ret != ASN_BITSTR_E) {
  15134. ret = WC_TEST_RET_ENC_EC(ret);
  15135. goto done;
  15136. }
  15137. inSz = sizeof(badBitStringLen);
  15138. inOutIdx = 0;
  15139. ret = wc_RsaPublicKeyDecode(badBitStringLen, &inOutIdx, keyPub, inSz);
  15140. if (ret != ASN_PARSE_E) {
  15141. ret = WC_TEST_RET_ENC_EC(ret);
  15142. goto done;
  15143. }
  15144. inSz = sizeof(badNoSeq);
  15145. inOutIdx = 0;
  15146. ret = wc_RsaPublicKeyDecode(badNoSeq, &inOutIdx, keyPub, inSz);
  15147. if (ret != ASN_PARSE_E) {
  15148. ret = WC_TEST_RET_ENC_EC(ret);
  15149. goto done;
  15150. }
  15151. inSz = sizeof(badNoObj);
  15152. inOutIdx = 0;
  15153. ret = wc_RsaPublicKeyDecode(badNoObj, &inOutIdx, keyPub, inSz);
  15154. if (ret != ASN_PARSE_E && ret != ASN_OBJECT_ID_E) {
  15155. ret = WC_TEST_RET_ENC_EC(ret);
  15156. goto done;
  15157. }
  15158. inSz = sizeof(badIntN);
  15159. inOutIdx = 0;
  15160. ret = wc_RsaPublicKeyDecode(badIntN, &inOutIdx, keyPub, inSz);
  15161. if (ret != ASN_RSA_KEY_E && ret != ASN_PARSE_E) {
  15162. ret = WC_TEST_RET_ENC_EC(ret);
  15163. goto done;
  15164. }
  15165. inSz = sizeof(badNotIntE);
  15166. inOutIdx = 0;
  15167. ret = wc_RsaPublicKeyDecode(badNotIntE, &inOutIdx, keyPub, inSz);
  15168. if (ret != ASN_RSA_KEY_E && ret != ASN_PARSE_E) {
  15169. ret = WC_TEST_RET_ENC_EC(ret);
  15170. goto done;
  15171. }
  15172. /* TODO: Shouldn't pass as the sequence length is too small. */
  15173. inSz = sizeof(badLength);
  15174. inOutIdx = 0;
  15175. ret = wc_RsaPublicKeyDecode(badLength, &inOutIdx, keyPub, inSz);
  15176. #ifndef WOLFSSL_ASN_TEMPLATE
  15177. if (ret != 0)
  15178. #else
  15179. if (ret != ASN_PARSE_E)
  15180. #endif
  15181. {
  15182. ret = WC_TEST_RET_ENC_EC(ret);
  15183. goto done;
  15184. }
  15185. /* TODO: Shouldn't ignore object id's data. */
  15186. wc_FreeRsaKey(keyPub);
  15187. ret = wc_InitRsaKey(keyPub, NULL);
  15188. if (ret != 0)
  15189. return WC_TEST_RET_ENC_EC(ret);
  15190. inSz = sizeof(badBitStrNoZero);
  15191. inOutIdx = 0;
  15192. ret = wc_RsaPublicKeyDecode(badBitStrNoZero, &inOutIdx, keyPub, inSz);
  15193. if (ret != ASN_EXPECT_0_E && ret != ASN_PARSE_E) {
  15194. ret = WC_TEST_RET_ENC_EC(ret);
  15195. goto done;
  15196. }
  15197. wc_FreeRsaKey(keyPub);
  15198. ret = wc_InitRsaKey(keyPub, NULL);
  15199. if (ret != 0)
  15200. return WC_TEST_RET_ENC_EC(ret);
  15201. /* Valid data cases. */
  15202. inSz = sizeof(good);
  15203. inOutIdx = 0;
  15204. ret = wc_RsaPublicKeyDecode(good, &inOutIdx, keyPub, inSz);
  15205. if (ret != 0) {
  15206. ret = WC_TEST_RET_ENC_EC(ret);
  15207. goto done;
  15208. }
  15209. if (inOutIdx != inSz) {
  15210. ret = WC_TEST_RET_ENC_NC;
  15211. goto done;
  15212. }
  15213. wc_FreeRsaKey(keyPub);
  15214. ret = wc_InitRsaKey(keyPub, NULL);
  15215. if (ret != 0)
  15216. return WC_TEST_RET_ENC_EC(ret);
  15217. inSz = sizeof(goodAlgId);
  15218. inOutIdx = 0;
  15219. ret = wc_RsaPublicKeyDecode(goodAlgId, &inOutIdx, keyPub, inSz);
  15220. if (ret != 0) {
  15221. ret = WC_TEST_RET_ENC_EC(ret);
  15222. goto done;
  15223. }
  15224. if (inOutIdx != inSz) {
  15225. ret = WC_TEST_RET_ENC_NC;
  15226. goto done;
  15227. }
  15228. wc_FreeRsaKey(keyPub);
  15229. ret = wc_InitRsaKey(keyPub, NULL);
  15230. if (ret != 0)
  15231. return WC_TEST_RET_ENC_EC(ret);
  15232. inSz = sizeof(goodAlgIdNull);
  15233. inOutIdx = 0;
  15234. ret = wc_RsaPublicKeyDecode(goodAlgIdNull, &inOutIdx, keyPub, inSz);
  15235. if (ret != 0) {
  15236. ret = WC_TEST_RET_ENC_EC(ret);
  15237. goto done;
  15238. }
  15239. if (inOutIdx != inSz) {
  15240. ret = WC_TEST_RET_ENC_NC;
  15241. goto done;
  15242. }
  15243. done:
  15244. wc_FreeRsaKey(keyPub);
  15245. return ret;
  15246. }
  15247. #endif
  15248. #if defined(WC_RSA_PSS) && !defined(HAVE_FIPS_VERSION) /* not supported with FIPSv1 */
  15249. /* Need to create known good signatures to test with this. */
  15250. #if !defined(WOLFSSL_RSA_VERIFY_ONLY) && !defined(WOLFSSL_RSA_PUBLIC_ONLY) && \
  15251. !defined(WOLF_CRYPTO_CB_ONLY_RSA)
  15252. static wc_test_ret_t rsa_pss_test(WC_RNG* rng, RsaKey* key)
  15253. {
  15254. byte digest[WC_MAX_DIGEST_SIZE];
  15255. wc_test_ret_t ret = 0;
  15256. const char inStr[] = TEST_STRING;
  15257. word32 inLen = (word32)TEST_STRING_SZ;
  15258. word32 outSz;
  15259. word32 plainSz;
  15260. word32 digestSz;
  15261. int i, j;
  15262. #ifdef RSA_PSS_TEST_WRONG_PARAMS
  15263. int k, l;
  15264. #endif
  15265. #ifndef WOLFSSL_SE050
  15266. int len;
  15267. #endif
  15268. byte* plain;
  15269. int mgf[] = {
  15270. #ifndef NO_SHA
  15271. WC_MGF1SHA1,
  15272. #endif
  15273. #ifdef WOLFSSL_SHA224
  15274. WC_MGF1SHA224,
  15275. #endif
  15276. WC_MGF1SHA256,
  15277. #ifdef WOLFSSL_SHA384
  15278. WC_MGF1SHA384,
  15279. #endif
  15280. #ifdef WOLFSSL_SHA512
  15281. WC_MGF1SHA512
  15282. #endif
  15283. };
  15284. enum wc_HashType hash[] = {
  15285. #ifndef NO_SHA
  15286. WC_HASH_TYPE_SHA,
  15287. #endif
  15288. #ifdef WOLFSSL_SHA224
  15289. WC_HASH_TYPE_SHA224,
  15290. #endif
  15291. WC_HASH_TYPE_SHA256,
  15292. #ifdef WOLFSSL_SHA384
  15293. WC_HASH_TYPE_SHA384,
  15294. #endif
  15295. #ifdef WOLFSSL_SHA512
  15296. WC_HASH_TYPE_SHA512,
  15297. #endif
  15298. };
  15299. WC_DECLARE_VAR(in, byte, RSA_TEST_BYTES, HEAP_HINT);
  15300. WC_DECLARE_VAR(out, byte, RSA_TEST_BYTES, HEAP_HINT);
  15301. WC_DECLARE_VAR(sig, byte, RSA_TEST_BYTES, HEAP_HINT);
  15302. WC_ALLOC_VAR(in, byte, RSA_TEST_BYTES, HEAP_HINT);
  15303. WC_ALLOC_VAR(out, byte, RSA_TEST_BYTES, HEAP_HINT);
  15304. WC_ALLOC_VAR(sig, byte, RSA_TEST_BYTES, HEAP_HINT);
  15305. #ifdef WC_DECLARE_VAR_IS_HEAP_ALLOC
  15306. if (in == NULL || out == NULL || sig == NULL)
  15307. ERROR_OUT(MEMORY_E, exit_rsa_pss);
  15308. #endif
  15309. XMEMCPY(in, inStr, inLen);
  15310. /* Test all combinations of hash and MGF. */
  15311. for (j = 0; j < (int)(sizeof(hash)/sizeof(*hash)); j++) {
  15312. /* Calculate hash of message. */
  15313. ret = wc_Hash(hash[j], in, inLen, digest, sizeof(digest));
  15314. if (ret != 0)
  15315. ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_rsa_pss);
  15316. digestSz = wc_HashGetDigestSize(hash[j]);
  15317. #ifdef WOLFSSL_SE050
  15318. /* SE050 only supports MGF matched to same hash type */
  15319. i = j;
  15320. #else
  15321. for (i = 0; i < (int)(sizeof(mgf)/sizeof(*mgf)); i++) {
  15322. #endif
  15323. outSz = RSA_TEST_BYTES;
  15324. do {
  15325. #if defined(WOLFSSL_ASYNC_CRYPT)
  15326. ret = wc_AsyncWait(ret, &key->asyncDev,
  15327. WC_ASYNC_FLAG_CALL_AGAIN);
  15328. #endif
  15329. if (ret >= 0) {
  15330. ret = wc_RsaPSS_Sign_ex(digest, digestSz, out, outSz,
  15331. hash[j], mgf[i], -1, key, rng);
  15332. }
  15333. } while (ret == WC_PENDING_E);
  15334. if (ret <= 0)
  15335. ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_rsa_pss);
  15336. outSz = (word32)ret;
  15337. XMEMCPY(sig, out, outSz);
  15338. plain = NULL;
  15339. TEST_SLEEP();
  15340. do {
  15341. #if defined(WOLFSSL_ASYNC_CRYPT)
  15342. ret = wc_AsyncWait(ret, &key->asyncDev,
  15343. WC_ASYNC_FLAG_CALL_AGAIN);
  15344. #endif
  15345. if (ret >= 0) {
  15346. ret = wc_RsaPSS_VerifyInline_ex(sig, outSz, &plain, hash[j],
  15347. mgf[i], -1, key);
  15348. }
  15349. } while (ret == WC_PENDING_E);
  15350. if (ret <= 0)
  15351. ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_rsa_pss);
  15352. plainSz = (word32)ret;
  15353. TEST_SLEEP();
  15354. #if defined(HAVE_SELFTEST) && \
  15355. (!defined(HAVE_SELFTEST_VERSION) || (HAVE_SELFTEST_VERSION < 2))
  15356. ret = wc_RsaPSS_CheckPadding_ex(digest, digestSz, plain, plainSz,
  15357. hash[j], -1);
  15358. #elif defined(HAVE_SELFTEST) && (HAVE_SELFTEST_VERSION == 2)
  15359. ret = wc_RsaPSS_CheckPadding_ex(digest, digestSz, plain, plainSz,
  15360. hash[j], -1, 0);
  15361. #else
  15362. ret = wc_RsaPSS_CheckPadding_ex2(digest, digestSz, plain, plainSz,
  15363. hash[j], -1, wc_RsaEncryptSize(key)*8, HEAP_HINT);
  15364. #endif
  15365. if (ret != 0)
  15366. ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_rsa_pss);
  15367. #ifdef RSA_PSS_TEST_WRONG_PARAMS
  15368. for (k = 0; k < (int)(sizeof(mgf)/sizeof(*mgf)); k++) {
  15369. for (l = 0; l < (int)(sizeof(hash)/sizeof(*hash)); l++) {
  15370. if (i == k && j == l)
  15371. continue;
  15372. XMEMCPY(sig, out, outSz);
  15373. do {
  15374. #if defined(WOLFSSL_ASYNC_CRYPT)
  15375. ret = wc_AsyncWait(ret, &key->asyncDev,
  15376. WC_ASYNC_FLAG_CALL_AGAIN);
  15377. #endif
  15378. if (ret >= 0) {
  15379. ret = wc_RsaPSS_VerifyInline_ex(sig, outSz,
  15380. (byte**)&plain, hash[l], mgf[k], -1, key);
  15381. }
  15382. } while (ret == WC_PENDING_E);
  15383. if (ret >= 0)
  15384. ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_rsa_pss);
  15385. }
  15386. }
  15387. #endif
  15388. #ifndef WOLFSSL_SE050
  15389. } /* end mgf for loop */
  15390. #endif
  15391. }
  15392. /* SE050 generates salts internally only of hash length */
  15393. #ifndef WOLFSSL_SE050
  15394. /* Test that a salt length of zero works. */
  15395. digestSz = wc_HashGetDigestSize(hash[0]);
  15396. outSz = RSA_TEST_BYTES;
  15397. do {
  15398. #if defined(WOLFSSL_ASYNC_CRYPT)
  15399. ret = wc_AsyncWait(ret, &key->asyncDev,
  15400. WC_ASYNC_FLAG_CALL_AGAIN);
  15401. #endif
  15402. if (ret >= 0) {
  15403. ret = wc_RsaPSS_Sign_ex(digest, digestSz, out, outSz, hash[0],
  15404. mgf[0], 0, key, rng);
  15405. }
  15406. } while (ret == WC_PENDING_E);
  15407. if (ret <= 0)
  15408. ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_rsa_pss);
  15409. outSz = (word32)ret;
  15410. TEST_SLEEP();
  15411. do {
  15412. #if defined(WOLFSSL_ASYNC_CRYPT)
  15413. ret = wc_AsyncWait(ret, &key->asyncDev,
  15414. WC_ASYNC_FLAG_CALL_AGAIN);
  15415. #endif
  15416. if (ret >= 0) {
  15417. ret = wc_RsaPSS_Verify_ex(out, outSz, sig, outSz, hash[0], mgf[0],
  15418. 0, key);
  15419. }
  15420. } while (ret == WC_PENDING_E);
  15421. if (ret <= 0)
  15422. ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_rsa_pss);
  15423. plainSz = (word32)ret;
  15424. TEST_SLEEP();
  15425. do {
  15426. #if defined(WOLFSSL_ASYNC_CRYPT)
  15427. ret = wc_AsyncWait(ret, &key->asyncDev,
  15428. WC_ASYNC_FLAG_CALL_AGAIN);
  15429. #endif
  15430. if (ret >= 0) {
  15431. #if defined(HAVE_SELFTEST) && \
  15432. (!defined(HAVE_SELFTEST_VERSION) || (HAVE_SELFTEST_VERSION < 2))
  15433. ret = wc_RsaPSS_CheckPadding_ex(digest, digestSz, sig, plainSz,
  15434. hash[0], 0);
  15435. #elif defined(HAVE_SELFTEST) && (HAVE_SELFTEST_VERSION == 2)
  15436. ret = wc_RsaPSS_CheckPadding_ex(digest, digestSz, sig, plainSz,
  15437. hash[0], 0, 0);
  15438. #else
  15439. ret = wc_RsaPSS_CheckPadding_ex2(digest, digestSz, sig, plainSz,
  15440. hash[0], 0, 0, HEAP_HINT);
  15441. #endif
  15442. }
  15443. } while (ret == WC_PENDING_E);
  15444. if (ret != 0)
  15445. ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_rsa_pss);
  15446. XMEMCPY(sig, out, outSz);
  15447. plain = NULL;
  15448. do {
  15449. #if defined(WOLFSSL_ASYNC_CRYPT)
  15450. ret = wc_AsyncWait(ret, &key->asyncDev,
  15451. WC_ASYNC_FLAG_CALL_AGAIN);
  15452. #endif
  15453. if (ret >= 0) {
  15454. ret = wc_RsaPSS_VerifyInline_ex(sig, outSz, &plain, hash[0], mgf[0],
  15455. 0, key);
  15456. }
  15457. } while (ret == WC_PENDING_E);
  15458. if (ret <= 0)
  15459. ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_rsa_pss);
  15460. plainSz = (word32)ret;
  15461. TEST_SLEEP();
  15462. #if defined(HAVE_SELFTEST) && \
  15463. (!defined(HAVE_SELFTEST_VERSION) || (HAVE_SELFTEST_VERSION < 2))
  15464. ret = wc_RsaPSS_CheckPadding_ex(digest, digestSz, plain, plainSz,
  15465. hash[0], 0);
  15466. #elif defined(HAVE_SELFTEST) && (HAVE_SELFTEST_VERSION == 2)
  15467. ret = wc_RsaPSS_CheckPadding_ex(digest, digestSz, plain, plainSz,
  15468. hash[0], 0, 0);
  15469. #else
  15470. ret = wc_RsaPSS_CheckPadding_ex2(digest, digestSz, plain, plainSz, hash[0],
  15471. 0, 0, HEAP_HINT);
  15472. #endif
  15473. if (ret != 0)
  15474. ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_rsa_pss);
  15475. /* Test bad salt lengths in various APIs. */
  15476. digestSz = wc_HashGetDigestSize(hash[0]);
  15477. outSz = RSA_TEST_BYTES;
  15478. #ifndef WOLFSSL_PSS_SALT_LEN_DISCOVER
  15479. len = -2;
  15480. #else
  15481. len = -3;
  15482. #endif
  15483. do {
  15484. #if defined(WOLFSSL_ASYNC_CRYPT)
  15485. ret = wc_AsyncWait(ret, &key->asyncDev,
  15486. WC_ASYNC_FLAG_CALL_AGAIN);
  15487. #endif
  15488. if (ret >= 0) {
  15489. ret = wc_RsaPSS_Sign_ex(digest, digestSz, out, outSz, hash[0],
  15490. mgf[0], len, key, rng);
  15491. }
  15492. } while (ret == WC_PENDING_E);
  15493. if (ret != PSS_SALTLEN_E)
  15494. ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_rsa_pss);
  15495. do {
  15496. #if defined(WOLFSSL_ASYNC_CRYPT)
  15497. ret = wc_AsyncWait(ret, &key->asyncDev,
  15498. WC_ASYNC_FLAG_CALL_AGAIN);
  15499. #endif
  15500. if (ret >= 0) {
  15501. ret = wc_RsaPSS_Sign_ex(digest, digestSz, out, outSz, hash[0],
  15502. mgf[0], digestSz + 1, key, rng);
  15503. }
  15504. } while (ret == WC_PENDING_E);
  15505. if (ret != PSS_SALTLEN_E)
  15506. ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_rsa_pss);
  15507. TEST_SLEEP();
  15508. do {
  15509. #if defined(WOLFSSL_ASYNC_CRYPT)
  15510. ret = wc_AsyncWait(ret, &key->asyncDev,
  15511. WC_ASYNC_FLAG_CALL_AGAIN);
  15512. #endif
  15513. if (ret >= 0) {
  15514. ret = wc_RsaPSS_VerifyInline_ex(sig, outSz, &plain, hash[0],
  15515. mgf[0], -2, key);
  15516. }
  15517. } while (ret == WC_PENDING_E);
  15518. if (ret != PSS_SALTLEN_E)
  15519. ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_rsa_pss);
  15520. TEST_SLEEP();
  15521. do {
  15522. #if defined(WOLFSSL_ASYNC_CRYPT)
  15523. ret = wc_AsyncWait(ret, &key->asyncDev,
  15524. WC_ASYNC_FLAG_CALL_AGAIN);
  15525. #endif
  15526. if (ret >= 0) {
  15527. ret = wc_RsaPSS_VerifyInline_ex(sig, outSz, &plain, hash[0], mgf[0],
  15528. digestSz + 1, key);
  15529. }
  15530. } while (ret == WC_PENDING_E);
  15531. if (ret != PSS_SALTLEN_E)
  15532. ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_rsa_pss);
  15533. TEST_SLEEP();
  15534. #ifndef WOLFSSL_PSS_SALT_LEN_DISCOVER
  15535. len = -2;
  15536. #else
  15537. len = -3;
  15538. #endif
  15539. #if defined(HAVE_SELFTEST) && \
  15540. (!defined(HAVE_SELFTEST_VERSION) || (HAVE_SELFTEST_VERSION < 2))
  15541. ret = wc_RsaPSS_CheckPadding_ex(digest, digestSz, plain, plainSz,
  15542. hash[0], len);
  15543. #elif defined(HAVE_SELFTEST) && (HAVE_SELFTEST_VERSION == 2)
  15544. ret = wc_RsaPSS_CheckPadding_ex(digest, digestSz, plain, plainSz,
  15545. hash[0], len, 0);
  15546. #else
  15547. ret = wc_RsaPSS_CheckPadding_ex2(digest, digestSz, plain, plainSz, hash[0],
  15548. len, 0, HEAP_HINT);
  15549. #endif
  15550. if (ret != PSS_SALTLEN_E)
  15551. ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_rsa_pss);
  15552. #ifndef WOLFSSL_PSS_LONG_SALT
  15553. len = digestSz + 1;
  15554. #else
  15555. len = plainSz - digestSz - 1;
  15556. #endif
  15557. #if defined(HAVE_SELFTEST) && \
  15558. (!defined(HAVE_SELFTEST_VERSION) || (HAVE_SELFTEST_VERSION < 2))
  15559. ret = wc_RsaPSS_CheckPadding_ex(digest, digestSz, plain, plainSz,
  15560. hash[0], len);
  15561. if (ret != PSS_SALTLEN_E)
  15562. ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_rsa_pss);
  15563. #elif defined(HAVE_SELFTEST) && (HAVE_SELFTEST_VERSION == 2)
  15564. ret = wc_RsaPSS_CheckPadding_ex(digest, digestSz, plain, plainSz,
  15565. hash[0], len, 0);
  15566. if (ret != BAD_PADDING_E)
  15567. ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_rsa_pss);
  15568. #else
  15569. ret = wc_RsaPSS_CheckPadding_ex2(digest, digestSz, plain, plainSz, hash[0],
  15570. len, 0, HEAP_HINT);
  15571. if (ret != PSS_SALTLEN_E)
  15572. ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_rsa_pss);
  15573. #endif
  15574. ret = 0;
  15575. #endif /* WOLFSSL_SE050 */
  15576. exit_rsa_pss:
  15577. WC_FREE_VAR(sig, HEAP_HINT);
  15578. WC_FREE_VAR(in, HEAP_HINT);
  15579. WC_FREE_VAR(out, HEAP_HINT);
  15580. return ret;
  15581. }
  15582. #endif /* !WOLFSSL_RSA_VERIFY_ONLY && !WOLFSSL_RSA_PUBLIC_ONLY */
  15583. #endif
  15584. #ifdef WC_RSA_NO_PADDING
  15585. WOLFSSL_TEST_SUBROUTINE wc_test_ret_t rsa_no_pad_test(void)
  15586. {
  15587. WC_RNG rng;
  15588. byte* tmp = NULL;
  15589. size_t bytes;
  15590. wc_test_ret_t ret;
  15591. word32 inLen = 0;
  15592. word32 idx = 0;
  15593. word32 outSz = RSA_TEST_BYTES;
  15594. word32 plainSz = RSA_TEST_BYTES;
  15595. #if !defined(USE_CERT_BUFFERS_1024) && !defined(USE_CERT_BUFFERS_2048) && \
  15596. !defined(USE_CERT_BUFFERS_3072) && !defined(USE_CERT_BUFFERS_4096) && \
  15597. !defined(NO_FILESYSTEM)
  15598. XFILE file;
  15599. #endif
  15600. WC_DECLARE_VAR(key, RsaKey, 1, HEAP_HINT);
  15601. WC_DECLARE_VAR(out, byte, RSA_TEST_BYTES, HEAP_HINT);
  15602. WC_DECLARE_VAR(plain, byte, RSA_TEST_BYTES, HEAP_HINT);
  15603. WC_ALLOC_VAR(key, RsaKey, 1, HEAP_HINT);
  15604. WC_ALLOC_VAR(out, byte, RSA_TEST_BYTES, HEAP_HINT);
  15605. WC_ALLOC_VAR(plain, byte, RSA_TEST_BYTES, HEAP_HINT);
  15606. #ifdef WC_DECLARE_VAR_IS_HEAP_ALLOC
  15607. if (key == NULL || out == NULL || plain == NULL)
  15608. ERROR_OUT(MEMORY_E, exit_rsa_nopadding);
  15609. #endif
  15610. /* initialize stack structures */
  15611. XMEMSET(&rng, 0, sizeof(rng));
  15612. XMEMSET(key, 0, sizeof(RsaKey));
  15613. #ifdef USE_CERT_BUFFERS_1024
  15614. bytes = (size_t)sizeof_client_key_der_1024;
  15615. if (bytes < (size_t)sizeof_client_cert_der_1024)
  15616. bytes = (size_t)sizeof_client_cert_der_1024;
  15617. #elif defined(USE_CERT_BUFFERS_2048)
  15618. bytes = (size_t)sizeof_client_key_der_2048;
  15619. if (bytes < (size_t)sizeof_client_cert_der_2048)
  15620. bytes = (size_t)sizeof_client_cert_der_2048;
  15621. #else
  15622. bytes = FOURK_BUF;
  15623. #endif
  15624. tmp = (byte*)XMALLOC(bytes, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  15625. if (tmp == NULL
  15626. #ifdef WOLFSSL_ASYNC_CRYPT
  15627. || out == NULL || plain == NULL
  15628. #endif
  15629. ) {
  15630. ERROR_OUT(WC_TEST_RET_ENC_NC, exit_rsa_nopadding);
  15631. }
  15632. #ifdef USE_CERT_BUFFERS_1024
  15633. XMEMCPY(tmp, client_key_der_1024, (size_t)sizeof_client_key_der_1024);
  15634. #elif defined(USE_CERT_BUFFERS_2048)
  15635. XMEMCPY(tmp, client_key_der_2048, (size_t)sizeof_client_key_der_2048);
  15636. #elif defined(USE_CERT_BUFFERS_3072)
  15637. XMEMCPY(tmp, client_key_der_3072, (size_t)sizeof_client_key_der_3072);
  15638. #elif defined(USE_CERT_BUFFERS_4096)
  15639. XMEMCPY(tmp, client_key_der_4096, (size_t)sizeof_client_key_der_4096);
  15640. #elif !defined(NO_FILESYSTEM)
  15641. file = XFOPEN(clientKey, "rb");
  15642. if (!file) {
  15643. err_sys("can't open clientKey, Please run from wolfSSL home dir",
  15644. WC_TEST_RET_ENC_ERRNO);
  15645. ERROR_OUT(WC_TEST_RET_ENC_ERRNO, exit_rsa_nopadding);
  15646. }
  15647. bytes = XFREAD(tmp, 1, FOURK_BUF, file);
  15648. XFCLOSE(file);
  15649. if (bytes == 0)
  15650. ERROR_OUT(WC_TEST_RET_ENC_ERRNO, exit_rsa_nopadding);
  15651. #else
  15652. /* No key to use. */
  15653. ERROR_OUT(WC_TEST_RET_ENC_NC, exit_rsa_nopadding);
  15654. #endif /* USE_CERT_BUFFERS */
  15655. ret = wc_InitRsaKey_ex(key, HEAP_HINT, devId);
  15656. if (ret != 0) {
  15657. ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_rsa_nopadding);
  15658. }
  15659. ret = wc_RsaPrivateKeyDecode(tmp, &idx, key, (word32)bytes);
  15660. if (ret != 0) {
  15661. ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_rsa_nopadding);
  15662. }
  15663. /* after loading in key use tmp as the test buffer */
  15664. #ifndef HAVE_FIPS
  15665. ret = wc_InitRng_ex(&rng, HEAP_HINT, devId);
  15666. #else
  15667. ret = wc_InitRng(&rng);
  15668. #endif
  15669. if (ret != 0) {
  15670. ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_rsa_nopadding);
  15671. }
  15672. #ifndef WOLFSSL_RSA_VERIFY_ONLY
  15673. inLen = wc_RsaEncryptSize(key);
  15674. outSz = inLen;
  15675. plainSz = inLen;
  15676. XMEMSET(tmp, 7, inLen);
  15677. do {
  15678. #if defined(WOLFSSL_ASYNC_CRYPT)
  15679. ret = wc_AsyncWait(ret, &key->asyncDev, WC_ASYNC_FLAG_CALL_AGAIN);
  15680. #endif
  15681. if (ret >= 0) {
  15682. ret = wc_RsaDirect(tmp, inLen, out, &outSz, key,
  15683. RSA_PRIVATE_ENCRYPT, &rng);
  15684. }
  15685. } while (ret == WC_PENDING_E);
  15686. if (ret <= 0) {
  15687. ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_rsa_nopadding);
  15688. }
  15689. /* encrypted result should not be the same as input */
  15690. if (XMEMCMP(out, tmp, inLen) == 0) {
  15691. ERROR_OUT(WC_TEST_RET_ENC_NC, exit_rsa_nopadding);
  15692. }
  15693. TEST_SLEEP();
  15694. /* decrypt with public key and compare result */
  15695. do {
  15696. #if defined(WOLFSSL_ASYNC_CRYPT)
  15697. ret = wc_AsyncWait(ret, &key->asyncDev, WC_ASYNC_FLAG_CALL_AGAIN);
  15698. #endif
  15699. if (ret >= 0) {
  15700. ret = wc_RsaDirect(out, outSz, plain, &plainSz, key,
  15701. RSA_PUBLIC_DECRYPT, &rng);
  15702. }
  15703. } while (ret == WC_PENDING_E);
  15704. if (ret <= 0) {
  15705. ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_rsa_nopadding);
  15706. }
  15707. if (XMEMCMP(plain, tmp, inLen) != 0) {
  15708. ERROR_OUT(WC_TEST_RET_ENC_NC, exit_rsa_nopadding);
  15709. }
  15710. TEST_SLEEP();
  15711. #endif
  15712. #ifdef WC_RSA_BLINDING
  15713. ret = wc_RsaSetRNG(NULL, &rng);
  15714. if (ret != BAD_FUNC_ARG) {
  15715. ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_rsa_nopadding);
  15716. }
  15717. ret = wc_RsaSetRNG(key, &rng);
  15718. if (ret < 0) {
  15719. ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_rsa_nopadding);
  15720. }
  15721. #endif
  15722. /* test encrypt and decrypt using WC_RSA_NO_PAD */
  15723. #ifndef WOLFSSL_RSA_VERIFY_ONLY
  15724. do {
  15725. #if defined(WOLFSSL_ASYNC_CRYPT)
  15726. ret = wc_AsyncWait(ret, &key->asyncDev, WC_ASYNC_FLAG_CALL_AGAIN);
  15727. #endif
  15728. if (ret >= 0) {
  15729. ret = wc_RsaPublicEncrypt_ex(tmp, inLen, out, (int)outSz, key, &rng,
  15730. WC_RSA_NO_PAD, WC_HASH_TYPE_NONE, WC_MGF1NONE, NULL, 0);
  15731. }
  15732. } while (ret == WC_PENDING_E);
  15733. if (ret < 0) {
  15734. ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_rsa_nopadding);
  15735. }
  15736. TEST_SLEEP();
  15737. #endif /* WOLFSSL_RSA_VERIFY_ONLY */
  15738. #ifndef WOLFSSL_RSA_PUBLIC_ONLY
  15739. do {
  15740. #if defined(WOLFSSL_ASYNC_CRYPT)
  15741. ret = wc_AsyncWait(ret, &key->asyncDev, WC_ASYNC_FLAG_CALL_AGAIN);
  15742. #endif
  15743. if (ret >= 0) {
  15744. ret = wc_RsaPrivateDecrypt_ex(out, outSz, plain, (int)plainSz, key,
  15745. WC_RSA_NO_PAD, WC_HASH_TYPE_NONE, WC_MGF1NONE, NULL, 0);
  15746. }
  15747. } while (ret == WC_PENDING_E);
  15748. if (ret < 0) {
  15749. ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_rsa_nopadding);
  15750. }
  15751. if (XMEMCMP(plain, tmp, inLen) != 0) {
  15752. ERROR_OUT(WC_TEST_RET_ENC_NC, exit_rsa_nopadding);
  15753. }
  15754. TEST_SLEEP();
  15755. #endif /* WOLFSSL_RSA_PUBLIC_ONLY */
  15756. /* test some bad arguments */
  15757. ret = wc_RsaDirect(out, outSz, plain, &plainSz, key, -1,
  15758. &rng);
  15759. if (ret != BAD_FUNC_ARG) {
  15760. ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_rsa_nopadding);
  15761. }
  15762. ret = wc_RsaDirect(out, outSz, plain, &plainSz, NULL, RSA_PUBLIC_DECRYPT,
  15763. &rng);
  15764. if (ret != BAD_FUNC_ARG) {
  15765. ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_rsa_nopadding);
  15766. }
  15767. ret = wc_RsaDirect(out, outSz, NULL, &plainSz, key, RSA_PUBLIC_DECRYPT,
  15768. &rng);
  15769. if (ret != LENGTH_ONLY_E || plainSz != inLen) {
  15770. ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_rsa_nopadding);
  15771. }
  15772. ret = wc_RsaDirect(out, outSz - 10, plain, &plainSz, key,
  15773. RSA_PUBLIC_DECRYPT, &rng);
  15774. if (ret != BAD_FUNC_ARG) {
  15775. ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_rsa_nopadding);
  15776. }
  15777. /* if making it to this point of code without hitting an ERROR_OUT then
  15778. * all tests have passed */
  15779. ret = 0;
  15780. exit_rsa_nopadding:
  15781. wc_FreeRsaKey(key);
  15782. XFREE(tmp, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  15783. WC_FREE_VAR(key, HEAP_HINT);
  15784. WC_FREE_VAR(out, HEAP_HINT);
  15785. WC_FREE_VAR(plain, HEAP_HINT);
  15786. wc_FreeRng(&rng);
  15787. return ret;
  15788. }
  15789. #endif /* WC_RSA_NO_PADDING */
  15790. #if defined(WOLFSSL_HAVE_SP_RSA) && defined(USE_FAST_MATH)
  15791. static wc_test_ret_t rsa_even_mod_test(WC_RNG* rng, RsaKey* key)
  15792. {
  15793. byte* tmp = NULL;
  15794. size_t bytes;
  15795. wc_test_ret_t ret;
  15796. word32 inLen = 0;
  15797. #ifndef NO_ASN
  15798. word32 idx = 0;
  15799. #endif
  15800. word32 outSz = RSA_TEST_BYTES;
  15801. #ifndef WOLFSSL_RSA_PUBLIC_ONLY
  15802. word32 plainSz = RSA_TEST_BYTES;
  15803. #endif
  15804. #if !defined(USE_CERT_BUFFERS_2048) && !defined(USE_CERT_BUFFERS_3072) && \
  15805. !defined(USE_CERT_BUFFERS_4096) && !defined(NO_FILESYSTEM)
  15806. XFILE file;
  15807. #endif
  15808. WC_DECLARE_VAR(out, byte, RSA_TEST_BYTES, HEAP_HINT);
  15809. #ifndef WOLFSSL_RSA_PUBLIC_ONLY
  15810. WC_DECLARE_VAR(plain, byte, RSA_TEST_BYTES, HEAP_HINT);
  15811. #endif
  15812. WC_ALLOC_VAR(out, byte, RSA_TEST_BYTES, HEAP_HINT);
  15813. #ifndef WOLFSSL_RSA_PUBLIC_ONLY
  15814. WC_ALLOC_VAR(plain, byte, RSA_TEST_BYTES, HEAP_HINT);
  15815. #endif
  15816. #ifdef WC_DECLARE_VAR_IS_HEAP_ALLOC
  15817. if (out == NULL
  15818. #ifndef WOLFSSL_RSA_PUBLIC_ONLY
  15819. || plain == NULL
  15820. #endif
  15821. ) {
  15822. ERROR_OUT(MEMORY_E, exit_rsa_even_mod);
  15823. }
  15824. #endif
  15825. #if defined(USE_CERT_BUFFERS_2048)
  15826. bytes = (size_t)sizeof_client_key_der_2048;
  15827. if (bytes < (size_t)sizeof_client_cert_der_2048)
  15828. bytes = (size_t)sizeof_client_cert_der_2048;
  15829. #else
  15830. bytes = FOURK_BUF;
  15831. #endif
  15832. tmp = (byte*)XMALLOC(bytes, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  15833. if (tmp == NULL
  15834. #ifdef WOLFSSL_ASYNC_CRYPT
  15835. || out == NULL || plain == NULL
  15836. #endif
  15837. ) {
  15838. ERROR_OUT(WC_TEST_RET_ENC_NC, exit_rsa_even_mod);
  15839. }
  15840. #if defined(USE_CERT_BUFFERS_2048)
  15841. XMEMCPY(tmp, client_key_der_2048, (size_t)sizeof_client_key_der_2048);
  15842. #elif defined(USE_CERT_BUFFERS_3072)
  15843. XMEMCPY(tmp, client_key_der_3072, (size_t)sizeof_client_key_der_3072);
  15844. #elif defined(USE_CERT_BUFFERS_4096)
  15845. XMEMCPY(tmp, client_key_der_4096, (size_t)sizeof_client_key_der_4096);
  15846. #elif !defined(NO_FILESYSTEM)
  15847. file = XFOPEN(clientKey, "rb");
  15848. if (!file) {
  15849. err_sys("can't open ./certs/client-key.der, "
  15850. "Please run from wolfSSL home dir", WC_TEST_RET_ENC_ERRNO);
  15851. ERROR_OUT(WC_TEST_RET_ENC_ERRNO, exit_rsa_even_mod);
  15852. }
  15853. bytes = XFREAD(tmp, 1, FOURK_BUF, file);
  15854. XFCLOSE(file);
  15855. if (bytes == 0)
  15856. ERROR_OUT(WC_TEST_RET_ENC_ERRNO, exit_rsa_even_mod);
  15857. #else
  15858. /* No key to use. */
  15859. ERROR_OUT(WC_TEST_RET_ENC_NC, exit_rsa_even_mod);
  15860. #endif /* USE_CERT_BUFFERS */
  15861. #ifndef NO_ASN
  15862. ret = wc_RsaPrivateKeyDecode(tmp, &idx, key, (word32)bytes);
  15863. if (ret != 0) {
  15864. ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_rsa_even_mod);
  15865. }
  15866. #else
  15867. #ifdef USE_CERT_BUFFERS_2048
  15868. ret = mp_read_unsigned_bin(&key->n, &tmp[12], 256);
  15869. if (ret != 0) {
  15870. ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_rsa_even_mod);
  15871. }
  15872. ret = mp_set_int(&key->e, WC_RSA_EXPONENT);
  15873. if (ret != 0) {
  15874. ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_rsa_even_mod);
  15875. }
  15876. #ifndef NO_SIG_WRAPPER
  15877. modLen = 2048;
  15878. #endif
  15879. #else
  15880. #error Not supported yet!
  15881. #endif
  15882. #endif
  15883. key->n.dp[0] &= (mp_digit)-2;
  15884. if (ret != 0) {
  15885. ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_rsa_even_mod);
  15886. }
  15887. /* after loading in key use tmp as the test buffer */
  15888. #if !(defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION == 2) && \
  15889. (defined(WOLFSSL_SP_ARM64_ASM) || defined(WOLFSSL_SP_ARM32_ASM))) && \
  15890. !defined(WOLFSSL_XILINX_CRYPT)
  15891. /* The ARM64_ASM code that was FIPS validated did not return these expected
  15892. * failure codes. These tests cases were added after the assembly was
  15893. * in-lined in the module and validated, these tests will be available in
  15894. * the 140-3 module */
  15895. #if !defined(WOLFSSL_RSA_VERIFY_ONLY) && !defined(WOLFSSL_RSA_PUBLIC_ONLY)
  15896. inLen = 32;
  15897. outSz = wc_RsaEncryptSize(key);
  15898. XMEMSET(tmp, 7, plainSz);
  15899. ret = wc_RsaSSL_Sign(tmp, inLen, out, outSz, key, rng);
  15900. if (ret != MP_VAL && ret != MP_EXPTMOD_E && ret != MP_INVMOD_E) {
  15901. ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_rsa_even_mod);
  15902. }
  15903. ret = wc_RsaSSL_Verify(out, outSz, tmp, inLen, key);
  15904. if (ret != MP_VAL && ret != MP_EXPTMOD_E) {
  15905. ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_rsa_even_mod);
  15906. }
  15907. #endif
  15908. #ifdef WC_RSA_BLINDING
  15909. ret = wc_RsaSetRNG(key, rng);
  15910. if (ret < 0) {
  15911. ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_rsa_even_mod);
  15912. }
  15913. #endif
  15914. /* test encrypt and decrypt using WC_RSA_NO_PAD */
  15915. #if !defined(WOLFSSL_RSA_VERIFY_ONLY) && !defined(WOLFSSL_RSA_PUBLIC_ONLY)
  15916. ret = wc_RsaPublicEncrypt(tmp, inLen, out, (int)outSz, key, rng);
  15917. if (ret != MP_VAL && ret != MP_EXPTMOD_E) {
  15918. ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_rsa_even_mod);
  15919. }
  15920. #endif /* WOLFSSL_RSA_VERIFY_ONLY */
  15921. #ifndef WOLFSSL_RSA_PUBLIC_ONLY
  15922. ret = wc_RsaPrivateDecrypt(out, outSz, plain, (int)plainSz, key);
  15923. if (ret != MP_VAL && ret != MP_EXPTMOD_E && ret != MP_INVMOD_E) {
  15924. ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_rsa_even_mod);
  15925. }
  15926. #endif /* WOLFSSL_RSA_PUBLIC_ONLY */
  15927. #endif /* !(HAVE_FIPS_VERSION == 2 && WOLFSSL_SP_ARMxx_ASM) */
  15928. /* if making it to this point of code without hitting an ERROR_OUT then
  15929. * all tests have passed */
  15930. ret = 0;
  15931. exit_rsa_even_mod:
  15932. XFREE(tmp, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  15933. WC_FREE_VAR(out, HEAP_HINT);
  15934. #ifndef WOLFSSL_RSA_PUBLIC_ONLY
  15935. WC_FREE_VAR(plain, HEAP_HINT);
  15936. #endif
  15937. (void)out;
  15938. (void)outSz;
  15939. #ifndef WOLFSSL_RSA_PUBLIC_ONLY
  15940. (void)plain;
  15941. (void)plainSz;
  15942. #endif
  15943. (void)inLen;
  15944. (void)rng;
  15945. return ret;
  15946. }
  15947. #endif /* WOLFSSL_HAVE_SP_RSA */
  15948. #if defined(WOLFSSL_CERT_GEN) && !defined(NO_ASN_TIME)
  15949. static wc_test_ret_t rsa_certgen_test(RsaKey* key, RsaKey* keypub, WC_RNG* rng, byte* tmp)
  15950. {
  15951. #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
  15952. RsaKey *caKey = (RsaKey *)XMALLOC(sizeof *caKey, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  15953. #ifdef WOLFSSL_TEST_CERT
  15954. DecodedCert *decode = (DecodedCert *)XMALLOC(sizeof *decode, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  15955. #endif
  15956. #else
  15957. RsaKey caKey[1];
  15958. #ifdef WOLFSSL_TEST_CERT
  15959. DecodedCert decode[1];
  15960. #endif
  15961. #endif
  15962. byte* der = NULL;
  15963. wc_test_ret_t ret;
  15964. Cert* myCert = NULL;
  15965. int certSz;
  15966. size_t bytes3;
  15967. word32 idx3 = 0;
  15968. #if !defined(USE_CERT_BUFFERS_1024) && !defined(USE_CERT_BUFFERS_2048)
  15969. XFILE file3;
  15970. #endif
  15971. #if defined(WOLFSSL_ALT_NAMES) && !defined(NO_ASN_TIME)
  15972. struct tm beforeTime;
  15973. struct tm afterTime;
  15974. #endif
  15975. const byte mySerial[8] = {1,2,3,4,5,6,7,8};
  15976. (void)keypub;
  15977. #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
  15978. if (caKey == NULL)
  15979. ERROR_OUT(MEMORY_E, exit_rsa);
  15980. #ifdef WOLFSSL_TEST_CERT
  15981. if (decode == NULL)
  15982. ERROR_OUT(MEMORY_E, exit_rsa);
  15983. #endif
  15984. #endif
  15985. XMEMSET(caKey, 0, sizeof *caKey);
  15986. der = (byte*)XMALLOC(FOURK_BUF, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  15987. if (der == NULL) {
  15988. ERROR_OUT(WC_TEST_RET_ENC_ERRNO, exit_rsa);
  15989. }
  15990. myCert = (Cert*)XMALLOC(sizeof(Cert), HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  15991. if (myCert == NULL) {
  15992. ERROR_OUT(WC_TEST_RET_ENC_ERRNO, exit_rsa);
  15993. }
  15994. /* self signed */
  15995. ret = wc_InitCert_ex(myCert, HEAP_HINT, devId);
  15996. if (ret != 0) {
  15997. ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_rsa);
  15998. }
  15999. XMEMCPY(&myCert->subject, &certDefaultName, sizeof(CertName));
  16000. XMEMCPY(myCert->serial, mySerial, sizeof(mySerial));
  16001. myCert->serialSz = (int)sizeof(mySerial);
  16002. myCert->isCA = 1;
  16003. #ifndef NO_SHA256
  16004. myCert->sigType = CTC_SHA256wRSA;
  16005. #else
  16006. myCert->sigType = CTC_SHAwRSA;
  16007. #endif
  16008. #ifdef WOLFSSL_CERT_EXT
  16009. /* add Policies */
  16010. XSTRNCPY(myCert->certPolicies[0], "2.16.840.1.101.3.4.1.42",
  16011. CTC_MAX_CERTPOL_SZ);
  16012. XSTRNCPY(myCert->certPolicies[1], "1.2.840.113549.1.9.16.6.5",
  16013. CTC_MAX_CERTPOL_SZ);
  16014. myCert->certPoliciesNb = 2;
  16015. /* add SKID from the Public Key */
  16016. ret = wc_SetSubjectKeyIdFromPublicKey(myCert, keypub, NULL);
  16017. if (ret != 0) {
  16018. ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_rsa);
  16019. }
  16020. /* add AKID from the Public Key */
  16021. ret = wc_SetAuthKeyIdFromPublicKey(myCert, keypub, NULL);
  16022. if (ret != 0) {
  16023. ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_rsa);
  16024. }
  16025. /* add Key Usage */
  16026. ret = wc_SetKeyUsage(myCert,"cRLSign,keyCertSign");
  16027. if (ret != 0) {
  16028. ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_rsa);
  16029. }
  16030. #ifdef WOLFSSL_EKU_OID
  16031. {
  16032. const char unique[] = "2.16.840.1.111111.100.1.10.1";
  16033. ret = wc_SetExtKeyUsageOID(myCert, unique, sizeof(unique), 0,
  16034. HEAP_HINT);
  16035. if (ret != 0) {
  16036. ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_rsa);
  16037. }
  16038. }
  16039. #endif /* WOLFSSL_EKU_OID */
  16040. #endif /* WOLFSSL_CERT_EXT */
  16041. do {
  16042. #if defined(WOLFSSL_ASYNC_CRYPT)
  16043. ret = wc_AsyncWait(ret, &key->asyncDev, WC_ASYNC_FLAG_CALL_AGAIN);
  16044. #endif
  16045. if (ret >= 0) {
  16046. ret = wc_MakeSelfCert(myCert, der, FOURK_BUF, key, rng);
  16047. }
  16048. } while (ret == WC_PENDING_E);
  16049. if (ret < 0) {
  16050. ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_rsa);
  16051. }
  16052. certSz = (word32)ret;
  16053. #ifdef WOLFSSL_TEST_CERT
  16054. InitDecodedCert(decode, der, certSz, HEAP_HINT);
  16055. ret = ParseCert(decode, CERT_TYPE, NO_VERIFY, 0);
  16056. if (ret != 0) {
  16057. FreeDecodedCert(decode);
  16058. ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_rsa);
  16059. }
  16060. FreeDecodedCert(decode);
  16061. #endif
  16062. ret = SaveDerAndPem(der, certSz, certDerFile, certPemFile,
  16063. CERT_TYPE);
  16064. if (ret != 0) {
  16065. goto exit_rsa;
  16066. }
  16067. /* Setup Certificate */
  16068. ret = wc_InitCert_ex(myCert, HEAP_HINT, devId);
  16069. if (ret < 0) {
  16070. ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_rsa);
  16071. }
  16072. #if defined(WOLFSSL_ALT_NAMES) || defined(HAVE_PKCS7)
  16073. /* Get CA Cert for testing */
  16074. #ifdef USE_CERT_BUFFERS_1024
  16075. XMEMCPY(tmp, ca_cert_der_1024, sizeof_ca_cert_der_1024);
  16076. bytes3 = sizeof_ca_cert_der_1024;
  16077. #elif defined(USE_CERT_BUFFERS_2048)
  16078. XMEMCPY(tmp, ca_cert_der_2048, sizeof_ca_cert_der_2048);
  16079. bytes3 = sizeof_ca_cert_der_2048;
  16080. #else
  16081. file3 = XFOPEN(rsaCaCertDerFile, "rb");
  16082. if (!file3) {
  16083. ERROR_OUT(WC_TEST_RET_ENC_ERRNO, exit_rsa);
  16084. }
  16085. bytes3 = XFREAD(tmp, 1, FOURK_BUF, file3);
  16086. XFCLOSE(file3);
  16087. if (bytes3 == 0)
  16088. ERROR_OUT(WC_TEST_RET_ENC_ERRNO, exit_rsa);
  16089. #endif /* USE_CERT_BUFFERS */
  16090. #if defined(WOLFSSL_ALT_NAMES)
  16091. #if !defined(NO_FILESYSTEM) && !defined(USE_CERT_BUFFERS_1024) && \
  16092. !defined(USE_CERT_BUFFERS_2048) && !defined(NO_ASN)
  16093. ret = wc_SetAltNames(myCert, rsaCaCertFile);
  16094. if (ret != 0)
  16095. ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_rsa);
  16096. #endif
  16097. /* get alt names from der */
  16098. ret = wc_SetAltNamesBuffer(myCert, tmp, (int)bytes3);
  16099. if (ret != 0)
  16100. ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_rsa);
  16101. /* get dates from der */
  16102. ret = wc_SetDatesBuffer(myCert, tmp, (int)bytes3);
  16103. if (ret != 0)
  16104. ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_rsa);
  16105. #ifndef NO_ASN_TIME
  16106. ret = wc_GetCertDates(myCert, &beforeTime, &afterTime);
  16107. if (ret < 0)
  16108. ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_rsa);
  16109. #endif
  16110. #endif /* WOLFSSL_ALT_NAMES */
  16111. #endif /* WOLFSSL_ALT_NAMES || HAVE_PKCS7 */
  16112. /* Get CA Key */
  16113. #ifdef USE_CERT_BUFFERS_1024
  16114. XMEMCPY(tmp, ca_key_der_1024, sizeof_ca_key_der_1024);
  16115. bytes3 = sizeof_ca_key_der_1024;
  16116. #elif defined(USE_CERT_BUFFERS_2048)
  16117. XMEMCPY(tmp, ca_key_der_2048, sizeof_ca_key_der_2048);
  16118. bytes3 = sizeof_ca_key_der_2048;
  16119. #else
  16120. file3 = XFOPEN(rsaCaKeyFile, "rb");
  16121. if (!file3) {
  16122. ERROR_OUT(WC_TEST_RET_ENC_ERRNO, exit_rsa);
  16123. }
  16124. bytes3 = XFREAD(tmp, 1, FOURK_BUF, file3);
  16125. XFCLOSE(file3);
  16126. if (bytes3 == 0)
  16127. ERROR_OUT(WC_TEST_RET_ENC_ERRNO, exit_rsa);
  16128. #endif /* USE_CERT_BUFFERS */
  16129. ret = wc_InitRsaKey(caKey, HEAP_HINT);
  16130. if (ret != 0)
  16131. ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_rsa);
  16132. ret = wc_RsaPrivateKeyDecode(tmp, &idx3, caKey, (word32)bytes3);
  16133. if (ret != 0)
  16134. ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_rsa);
  16135. #ifndef NO_SHA256
  16136. myCert->sigType = CTC_SHA256wRSA;
  16137. #else
  16138. myCert->sigType = CTC_SHAwRSA;
  16139. #endif
  16140. XMEMCPY(&myCert->subject, &certDefaultName, sizeof(CertName));
  16141. #ifdef WOLFSSL_CERT_EXT
  16142. /* add Policies */
  16143. XSTRNCPY(myCert->certPolicies[0], "2.16.840.1.101.3.4.1.42",
  16144. CTC_MAX_CERTPOL_SZ);
  16145. myCert->certPoliciesNb =1;
  16146. /* add SKID from the Public Key */
  16147. ret = wc_SetSubjectKeyIdFromPublicKey(myCert, key, NULL);
  16148. if (ret != 0)
  16149. ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_rsa);
  16150. /* add AKID from the CA certificate */
  16151. #if defined(USE_CERT_BUFFERS_2048)
  16152. ret = wc_SetAuthKeyIdFromCert(myCert, ca_cert_der_2048,
  16153. sizeof_ca_cert_der_2048);
  16154. #elif defined(USE_CERT_BUFFERS_1024)
  16155. ret = wc_SetAuthKeyIdFromCert(myCert, ca_cert_der_1024,
  16156. sizeof_ca_cert_der_1024);
  16157. #else
  16158. ret = wc_SetAuthKeyId(myCert, rsaCaCertFile);
  16159. #endif
  16160. if (ret != 0)
  16161. ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_rsa);
  16162. /* add Key Usage */
  16163. ret = wc_SetKeyUsage(myCert,"keyEncipherment,keyAgreement");
  16164. if (ret != 0)
  16165. ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_rsa);
  16166. #endif /* WOLFSSL_CERT_EXT */
  16167. #if defined(USE_CERT_BUFFERS_2048)
  16168. ret = wc_SetIssuerBuffer(myCert, ca_cert_der_2048,
  16169. sizeof_ca_cert_der_2048);
  16170. #elif defined(USE_CERT_BUFFERS_1024)
  16171. ret = wc_SetIssuerBuffer(myCert, ca_cert_der_1024,
  16172. sizeof_ca_cert_der_1024);
  16173. #else
  16174. ret = wc_SetIssuer(myCert, rsaCaCertFile);
  16175. #endif
  16176. if (ret < 0)
  16177. ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_rsa);
  16178. certSz = wc_MakeCert(myCert, der, FOURK_BUF, key, NULL, rng);
  16179. if (certSz < 0) {
  16180. ERROR_OUT(WC_TEST_RET_ENC_EC(certSz), exit_rsa);
  16181. }
  16182. ret = 0;
  16183. do {
  16184. #if defined(WOLFSSL_ASYNC_CRYPT)
  16185. ret = wc_AsyncWait(ret, &caKey->asyncDev, WC_ASYNC_FLAG_CALL_AGAIN);
  16186. #endif
  16187. if (ret >= 0) {
  16188. ret = wc_SignCert(myCert->bodySz, myCert->sigType, der, FOURK_BUF,
  16189. caKey, NULL, rng);
  16190. }
  16191. } while (ret == WC_PENDING_E);
  16192. if (ret < 0)
  16193. ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_rsa);
  16194. certSz = (word32)ret;
  16195. #ifdef WOLFSSL_TEST_CERT
  16196. InitDecodedCert(decode, der, certSz, HEAP_HINT);
  16197. ret = ParseCert(decode, CERT_TYPE, NO_VERIFY, 0);
  16198. if (ret != 0) {
  16199. FreeDecodedCert(decode);
  16200. ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_rsa);
  16201. }
  16202. FreeDecodedCert(decode);
  16203. #endif
  16204. ret = SaveDerAndPem(der, certSz, otherCertDerFile, otherCertPemFile,
  16205. CERT_TYPE);
  16206. if (ret != 0) {
  16207. goto exit_rsa;
  16208. }
  16209. exit_rsa:
  16210. #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
  16211. if (caKey != NULL) {
  16212. wc_FreeRsaKey(caKey);
  16213. XFREE(caKey, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  16214. }
  16215. #ifdef WOLFSSL_TEST_CERT
  16216. if (decode != NULL)
  16217. XFREE(decode, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  16218. #endif
  16219. #else
  16220. wc_FreeRsaKey(caKey);
  16221. #endif
  16222. XFREE(myCert, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  16223. XFREE(der, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  16224. return ret;
  16225. }
  16226. #endif
  16227. #if !defined(NO_RSA) && defined(HAVE_ECC) && !defined(NO_ECC_SECP) && \
  16228. defined(WOLFSSL_CERT_GEN)
  16229. /* Make Cert / Sign example for ECC cert and RSA CA */
  16230. static wc_test_ret_t rsa_ecc_certgen_test(WC_RNG* rng, byte* tmp)
  16231. {
  16232. #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
  16233. RsaKey *caKey = (RsaKey *)XMALLOC(sizeof *caKey, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  16234. ecc_key *caEccKey = (ecc_key *)XMALLOC(sizeof *caEccKey, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  16235. ecc_key *caEccKeyPub = (ecc_key *)XMALLOC(sizeof *caEccKeyPub, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  16236. #ifdef WOLFSSL_TEST_CERT
  16237. DecodedCert *decode = (DecodedCert *)XMALLOC(sizeof *decode, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  16238. #endif
  16239. #else
  16240. RsaKey caKey[1];
  16241. ecc_key caEccKey[1];
  16242. ecc_key caEccKeyPub[1];
  16243. #ifdef WOLFSSL_TEST_CERT
  16244. DecodedCert decode[1];
  16245. #endif
  16246. #endif
  16247. byte* der = NULL;
  16248. Cert* myCert = NULL;
  16249. int certSz;
  16250. size_t bytes3;
  16251. word32 idx3 = 0;
  16252. #if (!defined(USE_CERT_BUFFERS_1024) && !defined(USE_CERT_BUFFERS_2048)) \
  16253. || !defined(USE_CERT_BUFFERS_256)
  16254. XFILE file3;
  16255. #endif
  16256. wc_test_ret_t ret;
  16257. #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
  16258. if ((caKey == NULL) || (caEccKey == NULL) || (caEccKeyPub == NULL)
  16259. #ifdef WOLFSSL_TEST_CERT
  16260. || (decode == NULL)
  16261. #endif
  16262. )
  16263. ERROR_OUT(MEMORY_E, exit_rsa);
  16264. #endif
  16265. XMEMSET(caKey, 0, sizeof *caKey);
  16266. XMEMSET(caEccKey, 0, sizeof *caEccKey);
  16267. XMEMSET(caEccKeyPub, 0, sizeof *caEccKeyPub);
  16268. der = (byte*)XMALLOC(FOURK_BUF, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  16269. if (der == NULL) {
  16270. ERROR_OUT(WC_TEST_RET_ENC_ERRNO, exit_rsa);
  16271. }
  16272. myCert = (Cert*)XMALLOC(sizeof(Cert), HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  16273. if (myCert == NULL) {
  16274. ERROR_OUT(WC_TEST_RET_ENC_ERRNO, exit_rsa);
  16275. }
  16276. /* Get CA Key */
  16277. #ifdef USE_CERT_BUFFERS_1024
  16278. XMEMCPY(tmp, ca_key_der_1024, sizeof_ca_key_der_1024);
  16279. bytes3 = sizeof_ca_key_der_1024;
  16280. #elif defined(USE_CERT_BUFFERS_2048)
  16281. XMEMCPY(tmp, ca_key_der_2048, sizeof_ca_key_der_2048);
  16282. bytes3 = sizeof_ca_key_der_2048;
  16283. #else
  16284. file3 = XFOPEN(rsaCaKeyFile, "rb");
  16285. if (!file3) {
  16286. ERROR_OUT(WC_TEST_RET_ENC_ERRNO, exit_rsa);
  16287. }
  16288. bytes3 = XFREAD(tmp, 1, FOURK_BUF, file3);
  16289. XFCLOSE(file3);
  16290. if (bytes3 == 0)
  16291. ERROR_OUT(WC_TEST_RET_ENC_ERRNO, exit_rsa);
  16292. #endif /* USE_CERT_BUFFERS */
  16293. ret = wc_InitRsaKey(caKey, HEAP_HINT);
  16294. if (ret != 0)
  16295. ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_rsa);
  16296. ret = wc_RsaPrivateKeyDecode(tmp, &idx3, caKey, (word32)bytes3);
  16297. if (ret != 0)
  16298. ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_rsa);
  16299. /* Get Cert Key */
  16300. #ifdef USE_CERT_BUFFERS_256
  16301. XMEMCPY(tmp, ecc_key_pub_der_256, sizeof_ecc_key_pub_der_256);
  16302. bytes3 = sizeof_ecc_key_pub_der_256;
  16303. #else
  16304. file3 = XFOPEN(eccKeyPubFileDer, "rb");
  16305. if (!file3) {
  16306. ERROR_OUT(WC_TEST_RET_ENC_ERRNO, exit_rsa);
  16307. }
  16308. bytes3 = XFREAD(tmp, 1, FOURK_BUF, file3);
  16309. XFCLOSE(file3);
  16310. if (bytes3 == 0)
  16311. ERROR_OUT(WC_TEST_RET_ENC_ERRNO, exit_rsa);
  16312. #endif
  16313. ret = wc_ecc_init_ex(caEccKeyPub, HEAP_HINT, devId);
  16314. if (ret != 0)
  16315. ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_rsa);
  16316. idx3 = 0;
  16317. ret = wc_EccPublicKeyDecode(tmp, &idx3, caEccKeyPub, (word32)bytes3);
  16318. if (ret != 0)
  16319. ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_rsa);
  16320. /* Setup Certificate */
  16321. ret = wc_InitCert_ex(myCert, HEAP_HINT, devId);
  16322. if (ret != 0)
  16323. ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_rsa);
  16324. #ifndef NO_SHA256
  16325. myCert->sigType = CTC_SHA256wRSA;
  16326. #else
  16327. myCert->sigType = CTC_SHAwRSA;
  16328. #endif
  16329. XMEMCPY(&myCert->subject, &certDefaultName, sizeof(CertName));
  16330. #ifdef WOLFSSL_CERT_EXT
  16331. /* add Policies */
  16332. XSTRNCPY(myCert->certPolicies[0], "2.4.589440.587.101.2.1.9632587.1",
  16333. CTC_MAX_CERTPOL_SZ);
  16334. XSTRNCPY(myCert->certPolicies[1], "1.2.13025.489.1.113549",
  16335. CTC_MAX_CERTPOL_SZ);
  16336. myCert->certPoliciesNb = 2;
  16337. /* add SKID from the Public Key */
  16338. ret = wc_SetSubjectKeyIdFromPublicKey(myCert, NULL, caEccKeyPub);
  16339. if (ret != 0)
  16340. ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_rsa);
  16341. /* add AKID from the CA certificate */
  16342. #if defined(USE_CERT_BUFFERS_2048)
  16343. ret = wc_SetAuthKeyIdFromCert(myCert, ca_cert_der_2048,
  16344. sizeof_ca_cert_der_2048);
  16345. #elif defined(USE_CERT_BUFFERS_1024)
  16346. ret = wc_SetAuthKeyIdFromCert(myCert, ca_cert_der_1024,
  16347. sizeof_ca_cert_der_1024);
  16348. #else
  16349. ret = wc_SetAuthKeyId(myCert, rsaCaCertFile);
  16350. #endif
  16351. if (ret != 0)
  16352. ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_rsa);
  16353. /* add Key Usage */
  16354. ret = wc_SetKeyUsage(myCert, certKeyUsage);
  16355. if (ret != 0)
  16356. ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_rsa);
  16357. #endif /* WOLFSSL_CERT_EXT */
  16358. #if defined(USE_CERT_BUFFERS_2048)
  16359. ret = wc_SetIssuerBuffer(myCert, ca_cert_der_2048,
  16360. sizeof_ca_cert_der_2048);
  16361. #elif defined(USE_CERT_BUFFERS_1024)
  16362. ret = wc_SetIssuerBuffer(myCert, ca_cert_der_1024,
  16363. sizeof_ca_cert_der_1024);
  16364. #else
  16365. ret = wc_SetIssuer(myCert, rsaCaCertFile);
  16366. #endif
  16367. if (ret < 0)
  16368. ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_rsa);
  16369. certSz = wc_MakeCert(myCert, der, FOURK_BUF, NULL, caEccKeyPub, rng);
  16370. if (certSz < 0) {
  16371. ERROR_OUT(WC_TEST_RET_ENC_EC(certSz), exit_rsa);
  16372. }
  16373. ret = 0;
  16374. do {
  16375. #if defined(WOLFSSL_ASYNC_CRYPT)
  16376. ret = wc_AsyncWait(ret, &caEccKey->asyncDev, WC_ASYNC_FLAG_CALL_AGAIN);
  16377. #endif
  16378. if (ret >= 0) {
  16379. ret = wc_SignCert(myCert->bodySz, myCert->sigType, der,
  16380. FOURK_BUF, caKey, NULL, rng);
  16381. }
  16382. } while (ret == WC_PENDING_E);
  16383. if (ret < 0)
  16384. ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_rsa);
  16385. certSz = (word32)ret;
  16386. #ifdef WOLFSSL_TEST_CERT
  16387. InitDecodedCert(decode, der, certSz, 0);
  16388. ret = ParseCert(decode, CERT_TYPE, NO_VERIFY, 0);
  16389. if (ret != 0) {
  16390. FreeDecodedCert(decode);
  16391. ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_rsa);
  16392. }
  16393. FreeDecodedCert(decode);
  16394. #endif
  16395. ret = SaveDerAndPem(der, certSz, certEccRsaDerFile, certEccRsaPemFile,
  16396. CERT_TYPE);
  16397. if (ret != 0) {
  16398. goto exit_rsa;
  16399. }
  16400. exit_rsa:
  16401. #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
  16402. if (caKey != NULL) {
  16403. wc_FreeRsaKey(caKey);
  16404. XFREE(caKey, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  16405. }
  16406. if (caEccKey != NULL) {
  16407. wc_ecc_free(caEccKey);
  16408. XFREE(caEccKey, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  16409. }
  16410. if (caEccKeyPub != NULL) {
  16411. wc_ecc_free(caEccKeyPub);
  16412. XFREE(caEccKeyPub, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  16413. }
  16414. #ifdef WOLFSSL_TEST_CERT
  16415. if (decode != NULL)
  16416. XFREE(decode, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  16417. #endif
  16418. #else
  16419. wc_FreeRsaKey(caKey);
  16420. wc_ecc_free(caEccKey);
  16421. wc_ecc_free(caEccKeyPub);
  16422. #endif
  16423. XFREE(myCert, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  16424. myCert = NULL;
  16425. XFREE(der, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  16426. der = NULL;
  16427. if (ret >= 0)
  16428. ret = 0;
  16429. return ret;
  16430. }
  16431. #endif /* !NO_RSA && HAVE_ECC && WOLFSSL_CERT_GEN */
  16432. #ifdef WOLFSSL_KEY_GEN
  16433. static wc_test_ret_t rsa_keygen_test(WC_RNG* rng)
  16434. {
  16435. #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
  16436. RsaKey *genKey = (RsaKey *)XMALLOC(sizeof *genKey, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  16437. #else
  16438. RsaKey genKey[1];
  16439. #endif
  16440. wc_test_ret_t ret;
  16441. byte* der = NULL;
  16442. #ifndef WOLFSSL_CRYPTOCELL
  16443. word32 idx = 0;
  16444. #endif
  16445. int derSz = 0;
  16446. #if !defined(WOLFSSL_SP_MATH) && !defined(HAVE_FIPS)
  16447. int keySz = 1024;
  16448. #else
  16449. int keySz = 2048;
  16450. #endif
  16451. #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
  16452. if (! genKey)
  16453. ERROR_OUT(MEMORY_E, exit_rsa);
  16454. #endif
  16455. XMEMSET(genKey, 0, sizeof *genKey);
  16456. ret = wc_InitRsaKey_ex(genKey, HEAP_HINT, devId);
  16457. if (ret != 0)
  16458. ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_rsa);
  16459. #ifdef HAVE_FIPS
  16460. for (;;) {
  16461. #endif
  16462. ret = wc_MakeRsaKey(genKey, keySz, WC_RSA_EXPONENT, rng);
  16463. #if defined(WOLFSSL_ASYNC_CRYPT)
  16464. ret = wc_AsyncWait(ret, &genKey->asyncDev, WC_ASYNC_FLAG_NONE);
  16465. #endif
  16466. #ifdef HAVE_FIPS
  16467. if (ret == PRIME_GEN_E)
  16468. continue;
  16469. break;
  16470. }
  16471. #endif
  16472. if (ret != 0)
  16473. ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_rsa);
  16474. TEST_SLEEP();
  16475. #ifdef WOLFSSL_RSA_KEY_CHECK
  16476. ret = wc_CheckRsaKey(genKey);
  16477. if (ret != 0)
  16478. ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_rsa);
  16479. #endif
  16480. der = (byte*)XMALLOC(FOURK_BUF, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  16481. if (der == NULL) {
  16482. ERROR_OUT(WC_TEST_RET_ENC_ERRNO, exit_rsa);
  16483. }
  16484. derSz = wc_RsaKeyToDer(genKey, der, FOURK_BUF);
  16485. if (derSz < 0) {
  16486. ERROR_OUT(WC_TEST_RET_ENC_EC(derSz), exit_rsa);
  16487. }
  16488. ret = SaveDerAndPem(der, derSz, keyDerFile, keyPemFile,
  16489. PRIVATEKEY_TYPE);
  16490. if (ret != 0) {
  16491. goto exit_rsa;
  16492. }
  16493. wc_FreeRsaKey(genKey);
  16494. ret = wc_InitRsaKey(genKey, HEAP_HINT);
  16495. if (ret != 0)
  16496. ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_rsa);
  16497. #ifndef WOLFSSL_CRYPTOCELL
  16498. idx = 0;
  16499. /* The private key part of the key gen pairs from cryptocell can't be exported */
  16500. ret = wc_RsaPrivateKeyDecode(der, &idx, genKey, derSz);
  16501. if (ret != 0)
  16502. ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_rsa);
  16503. #endif /* WOLFSSL_CRYPTOCELL */
  16504. exit_rsa:
  16505. #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
  16506. if (genKey) {
  16507. wc_FreeRsaKey(genKey);
  16508. XFREE(genKey, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  16509. }
  16510. #else
  16511. wc_FreeRsaKey(genKey);
  16512. #endif
  16513. if (der != NULL) {
  16514. XFREE(der, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  16515. der = NULL;
  16516. }
  16517. return ret;
  16518. }
  16519. #endif
  16520. #ifndef WOLFSSL_RSA_VERIFY_ONLY
  16521. #if !defined(WC_NO_RSA_OAEP) && !defined(WC_NO_RNG) && \
  16522. (!defined(HAVE_FIPS) || \
  16523. (defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION >= 2))) \
  16524. && !defined(WOLF_CRYPTO_CB_ONLY_RSA)
  16525. static wc_test_ret_t rsa_oaep_padding_test(RsaKey* key, WC_RNG* rng)
  16526. {
  16527. wc_test_ret_t ret = 0;
  16528. word32 idx = 0;
  16529. const char inStr[] = TEST_STRING;
  16530. const word32 inLen = (word32)TEST_STRING_SZ;
  16531. const word32 outSz = RSA_TEST_BYTES;
  16532. const word32 plainSz = RSA_TEST_BYTES;
  16533. byte* res = NULL;
  16534. WC_DECLARE_VAR(in, byte, TEST_STRING_SZ, HEAP_HINT);
  16535. WC_DECLARE_VAR(out, byte, RSA_TEST_BYTES, HEAP_HINT);
  16536. WC_DECLARE_VAR(plain, byte, RSA_TEST_BYTES, HEAP_HINT);
  16537. WC_ALLOC_VAR(in, byte, TEST_STRING_SZ, HEAP_HINT);
  16538. WC_ALLOC_VAR(out, byte, RSA_TEST_BYTES, HEAP_HINT);
  16539. WC_ALLOC_VAR(plain, byte, RSA_TEST_BYTES, HEAP_HINT);
  16540. #ifdef WC_DECLARE_VAR_IS_HEAP_ALLOC
  16541. if (in == NULL || out == NULL || plain == NULL)
  16542. ERROR_OUT(MEMORY_E, exit_rsa);
  16543. #endif
  16544. XMEMCPY(in, inStr, inLen);
  16545. #ifndef NO_SHA
  16546. do {
  16547. #if defined(WOLFSSL_ASYNC_CRYPT)
  16548. ret = wc_AsyncWait(ret, &key->asyncDev, WC_ASYNC_FLAG_CALL_AGAIN);
  16549. #endif
  16550. if (ret >= 0) {
  16551. ret = wc_RsaPublicEncrypt_ex(in, inLen, out, outSz, key, rng,
  16552. WC_RSA_OAEP_PAD, WC_HASH_TYPE_SHA, WC_MGF1SHA1, NULL, 0);
  16553. }
  16554. } while (ret == WC_PENDING_E);
  16555. if (ret < 0)
  16556. ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_rsa);
  16557. TEST_SLEEP();
  16558. #ifndef WOLFSSL_RSA_PUBLIC_ONLY
  16559. idx = (word32)ret;
  16560. do {
  16561. #if defined(WOLFSSL_ASYNC_CRYPT)
  16562. ret = wc_AsyncWait(ret, &key->asyncDev, WC_ASYNC_FLAG_CALL_AGAIN);
  16563. #endif
  16564. if (ret >= 0) {
  16565. ret = wc_RsaPrivateDecrypt_ex(out, idx, plain, plainSz, key,
  16566. WC_RSA_OAEP_PAD, WC_HASH_TYPE_SHA, WC_MGF1SHA1, NULL, 0);
  16567. }
  16568. } while (ret == WC_PENDING_E);
  16569. if (ret < 0)
  16570. ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_rsa);
  16571. if (XMEMCMP(plain, in, inLen)) {
  16572. ERROR_OUT(WC_TEST_RET_ENC_NC, exit_rsa);
  16573. }
  16574. TEST_SLEEP();
  16575. #endif /* NO_SHA */
  16576. #endif
  16577. #ifndef NO_SHA256
  16578. XMEMSET(plain, 0, plainSz);
  16579. do {
  16580. #if defined(WOLFSSL_ASYNC_CRYPT)
  16581. ret = wc_AsyncWait(ret, &key->asyncDev, WC_ASYNC_FLAG_CALL_AGAIN);
  16582. #endif
  16583. if (ret >= 0) {
  16584. ret = wc_RsaPublicEncrypt_ex(in, inLen, out, outSz, key, rng,
  16585. WC_RSA_OAEP_PAD, WC_HASH_TYPE_SHA256, WC_MGF1SHA256, NULL, 0);
  16586. }
  16587. } while (ret == WC_PENDING_E);
  16588. if (ret < 0)
  16589. ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_rsa);
  16590. TEST_SLEEP();
  16591. idx = (word32)ret;
  16592. #ifndef WOLFSSL_RSA_PUBLIC_ONLY
  16593. do {
  16594. #if defined(WOLFSSL_ASYNC_CRYPT)
  16595. ret = wc_AsyncWait(ret, &key->asyncDev, WC_ASYNC_FLAG_CALL_AGAIN);
  16596. #endif
  16597. if (ret >= 0) {
  16598. ret = wc_RsaPrivateDecrypt_ex(out, idx, plain, plainSz, key,
  16599. WC_RSA_OAEP_PAD, WC_HASH_TYPE_SHA256, WC_MGF1SHA256, NULL, 0);
  16600. }
  16601. } while (ret == WC_PENDING_E);
  16602. if (ret < 0)
  16603. ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_rsa);
  16604. if (XMEMCMP(plain, in, inLen)) {
  16605. ERROR_OUT(WC_TEST_RET_ENC_NC, exit_rsa);
  16606. }
  16607. TEST_SLEEP();
  16608. #endif /* WOLFSSL_RSA_PUBLIC_ONLY */
  16609. #ifndef WOLFSSL_RSA_PUBLIC_ONLY
  16610. do {
  16611. #if defined(WOLFSSL_ASYNC_CRYPT)
  16612. ret = wc_AsyncWait(ret, &key->asyncDev, WC_ASYNC_FLAG_CALL_AGAIN);
  16613. #endif
  16614. if (ret >= 0) {
  16615. ret = wc_RsaPrivateDecryptInline_ex(out, idx, &res, key,
  16616. WC_RSA_OAEP_PAD, WC_HASH_TYPE_SHA256, WC_MGF1SHA256, NULL, 0);
  16617. }
  16618. } while (ret == WC_PENDING_E);
  16619. if (ret < 0)
  16620. ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_rsa);
  16621. if (ret != (int)inLen) {
  16622. ERROR_OUT(WC_TEST_RET_ENC_NC, exit_rsa);
  16623. }
  16624. if (XMEMCMP(res, in, inLen)) {
  16625. ERROR_OUT(WC_TEST_RET_ENC_NC, exit_rsa);
  16626. }
  16627. TEST_SLEEP();
  16628. #endif /* WOLFSSL_RSA_PUBLIC_ONLY */
  16629. /* check fails if not using the same optional label */
  16630. XMEMSET(plain, 0, plainSz);
  16631. do {
  16632. #if defined(WOLFSSL_ASYNC_CRYPT)
  16633. ret = wc_AsyncWait(ret, &key->asyncDev, WC_ASYNC_FLAG_CALL_AGAIN);
  16634. #endif
  16635. if (ret >= 0) {
  16636. ret = wc_RsaPublicEncrypt_ex(in, inLen, out, outSz, key, rng,
  16637. WC_RSA_OAEP_PAD, WC_HASH_TYPE_SHA256, WC_MGF1SHA256, NULL, 0);
  16638. }
  16639. } while (ret == WC_PENDING_E);
  16640. if (ret < 0)
  16641. ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_rsa);
  16642. TEST_SLEEP();
  16643. /* TODO: investigate why Cavium Nitrox doesn't detect decrypt error here */
  16644. #if !defined(HAVE_CAVIUM) && !defined(WOLFSSL_RSA_PUBLIC_ONLY) && \
  16645. !defined(WOLFSSL_CRYPTOCELL) && !defined(WOLFSSL_SE050)
  16646. /* label is unused in cryptocell and SE050 so it won't detect decrypt error
  16647. * due to label */
  16648. idx = (word32)ret;
  16649. do {
  16650. #if defined(WOLFSSL_ASYNC_CRYPT)
  16651. ret = wc_AsyncWait(ret, &key->asyncDev, WC_ASYNC_FLAG_CALL_AGAIN);
  16652. #endif
  16653. if (ret >= 0) {
  16654. ret = wc_RsaPrivateDecrypt_ex(out, idx, plain, plainSz, key,
  16655. WC_RSA_OAEP_PAD, WC_HASH_TYPE_SHA256, WC_MGF1SHA256, in, inLen);
  16656. }
  16657. } while (ret == WC_PENDING_E);
  16658. if (ret > 0) { /* in this case decrypt should fail */
  16659. ERROR_OUT(WC_TEST_RET_ENC_NC, exit_rsa);
  16660. }
  16661. ret = 0;
  16662. TEST_SLEEP();
  16663. #endif /* !HAVE_CAVIUM */
  16664. /* check using optional label with encrypt/decrypt */
  16665. XMEMSET(plain, 0, plainSz);
  16666. do {
  16667. #if defined(WOLFSSL_ASYNC_CRYPT)
  16668. ret = wc_AsyncWait(ret, &key->asyncDev, WC_ASYNC_FLAG_CALL_AGAIN);
  16669. #endif
  16670. if (ret >= 0) {
  16671. ret = wc_RsaPublicEncrypt_ex(in, inLen, out, outSz, key, rng,
  16672. WC_RSA_OAEP_PAD, WC_HASH_TYPE_SHA256, WC_MGF1SHA256, in, inLen);
  16673. }
  16674. } while (ret == WC_PENDING_E);
  16675. if (ret < 0)
  16676. ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_rsa);
  16677. TEST_SLEEP();
  16678. idx = (word32)ret;
  16679. #ifndef WOLFSSL_RSA_PUBLIC_ONLY
  16680. do {
  16681. #if defined(WOLFSSL_ASYNC_CRYPT)
  16682. ret = wc_AsyncWait(ret, &key->asyncDev, WC_ASYNC_FLAG_CALL_AGAIN);
  16683. #endif
  16684. if (ret >= 0) {
  16685. ret = wc_RsaPrivateDecrypt_ex(out, idx, plain, plainSz, key,
  16686. WC_RSA_OAEP_PAD, WC_HASH_TYPE_SHA256, WC_MGF1SHA256, in, inLen);
  16687. }
  16688. } while (ret == WC_PENDING_E);
  16689. if (ret < 0)
  16690. ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_rsa);
  16691. if (XMEMCMP(plain, in, inLen)) {
  16692. ERROR_OUT(WC_TEST_RET_ENC_NC, exit_rsa);
  16693. }
  16694. TEST_SLEEP();
  16695. #endif /* WOLFSSL_RSA_PUBLIC_ONLY */
  16696. #ifndef NO_SHA
  16697. /* check fail using mismatch hash algorithms */
  16698. XMEMSET(plain, 0, plainSz);
  16699. do {
  16700. #if defined(WOLFSSL_ASYNC_CRYPT)
  16701. ret = wc_AsyncWait(ret, &key->asyncDev, WC_ASYNC_FLAG_CALL_AGAIN);
  16702. #endif
  16703. if (ret >= 0) {
  16704. ret = wc_RsaPublicEncrypt_ex(in, inLen, out, outSz, key, rng,
  16705. WC_RSA_OAEP_PAD, WC_HASH_TYPE_SHA, WC_MGF1SHA1, in, inLen);
  16706. }
  16707. } while (ret == WC_PENDING_E);
  16708. if (ret < 0)
  16709. ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_rsa);
  16710. TEST_SLEEP();
  16711. /* TODO: investigate why Cavium Nitrox doesn't detect decrypt error here */
  16712. #if !defined(HAVE_CAVIUM) && !defined(WOLFSSL_RSA_PUBLIC_ONLY) && \
  16713. !defined(WOLFSSL_CRYPTOCELL) && !defined(WOLFSSL_SE050)
  16714. idx = (word32)ret;
  16715. do {
  16716. #if defined(WOLFSSL_ASYNC_CRYPT)
  16717. ret = wc_AsyncWait(ret, &key->asyncDev, WC_ASYNC_FLAG_CALL_AGAIN);
  16718. #endif
  16719. if (ret >= 0) {
  16720. ret = wc_RsaPrivateDecrypt_ex(out, idx, plain, plainSz, key,
  16721. WC_RSA_OAEP_PAD, WC_HASH_TYPE_SHA256, WC_MGF1SHA256,
  16722. in, inLen);
  16723. }
  16724. } while (ret == WC_PENDING_E);
  16725. if (ret > 0) { /* should fail */
  16726. ERROR_OUT(WC_TEST_RET_ENC_NC, exit_rsa);
  16727. }
  16728. ret = 0;
  16729. TEST_SLEEP();
  16730. #endif /* !HAVE_CAVIUM */
  16731. #endif /* NO_SHA */
  16732. #endif /* NO_SHA256 */
  16733. #ifdef WOLFSSL_SHA512
  16734. /* Check valid RSA key size is used while using hash length of SHA512
  16735. If key size is less than (hash length * 2) + 2 then is invalid use
  16736. and test, since OAEP padding requires this.
  16737. BAD_FUNC_ARG is returned when this case is not met */
  16738. if (wc_RsaEncryptSize(key) > ((int)WC_SHA512_DIGEST_SIZE * 2) + 2) {
  16739. XMEMSET(plain, 0, plainSz);
  16740. do {
  16741. #if defined(WOLFSSL_ASYNC_CRYPT)
  16742. ret = wc_AsyncWait(ret, &key->asyncDev, WC_ASYNC_FLAG_CALL_AGAIN);
  16743. #endif
  16744. if (ret >= 0) {
  16745. ret = wc_RsaPublicEncrypt_ex(in, inLen, out, outSz, key, rng,
  16746. WC_RSA_OAEP_PAD, WC_HASH_TYPE_SHA512, WC_MGF1SHA512, NULL, 0);
  16747. }
  16748. } while (ret == WC_PENDING_E);
  16749. if (ret < 0)
  16750. ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_rsa);
  16751. TEST_SLEEP();
  16752. idx = (word32)ret;
  16753. #ifndef WOLFSSL_RSA_PUBLIC_ONLY
  16754. do {
  16755. #if defined(WOLFSSL_ASYNC_CRYPT)
  16756. ret = wc_AsyncWait(ret, &key->asyncDev, WC_ASYNC_FLAG_CALL_AGAIN);
  16757. #endif
  16758. if (ret >= 0) {
  16759. ret = wc_RsaPrivateDecrypt_ex(out, idx, plain, plainSz, key,
  16760. WC_RSA_OAEP_PAD, WC_HASH_TYPE_SHA512, WC_MGF1SHA512, NULL, 0);
  16761. }
  16762. } while (ret == WC_PENDING_E);
  16763. if (ret < 0)
  16764. ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_rsa);
  16765. if (XMEMCMP(plain, in, inLen)) {
  16766. ERROR_OUT(WC_TEST_RET_ENC_NC, exit_rsa);
  16767. }
  16768. TEST_SLEEP();
  16769. #endif /* WOLFSSL_RSA_PUBLIC_ONLY */
  16770. }
  16771. #endif /* WOLFSSL_SHA512 */
  16772. /* check using pkcsv15 padding with _ex API */
  16773. XMEMSET(plain, 0, plainSz);
  16774. do {
  16775. #if defined(WOLFSSL_ASYNC_CRYPT)
  16776. ret = wc_AsyncWait(ret, &key->asyncDev, WC_ASYNC_FLAG_CALL_AGAIN);
  16777. #endif
  16778. if (ret >= 0) {
  16779. ret = wc_RsaPublicEncrypt_ex(in, inLen, out, outSz, key, rng,
  16780. WC_RSA_PKCSV15_PAD, WC_HASH_TYPE_NONE, 0, NULL, 0);
  16781. }
  16782. } while (ret == WC_PENDING_E);
  16783. if (ret < 0)
  16784. ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_rsa);
  16785. TEST_SLEEP();
  16786. idx = (word32)ret;
  16787. #ifndef WOLFSSL_RSA_PUBLIC_ONLY
  16788. do {
  16789. #if defined(WOLFSSL_ASYNC_CRYPT)
  16790. ret = wc_AsyncWait(ret, &key->asyncDev, WC_ASYNC_FLAG_CALL_AGAIN);
  16791. #endif
  16792. if (ret >= 0) {
  16793. ret = wc_RsaPrivateDecrypt_ex(out, idx, plain, plainSz, key,
  16794. WC_RSA_PKCSV15_PAD, WC_HASH_TYPE_NONE, 0, NULL, 0);
  16795. }
  16796. } while (ret == WC_PENDING_E);
  16797. if (ret < 0)
  16798. ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_rsa);
  16799. if (XMEMCMP(plain, in, inLen)) {
  16800. ERROR_OUT(WC_TEST_RET_ENC_NC, exit_rsa);
  16801. }
  16802. TEST_SLEEP();
  16803. #endif /* WOLFSSL_RSA_PUBLIC_ONLY */
  16804. exit_rsa:
  16805. WC_FREE_VAR(in, HEAP_HINT);
  16806. WC_FREE_VAR(out, HEAP_HINT);
  16807. WC_FREE_VAR(plain, HEAP_HINT);
  16808. (void)idx;
  16809. (void)inStr;
  16810. (void)res;
  16811. if (ret >= 0)
  16812. ret = 0;
  16813. return ret;
  16814. }
  16815. #endif
  16816. #endif
  16817. WOLFSSL_TEST_SUBROUTINE wc_test_ret_t rsa_test(void)
  16818. {
  16819. wc_test_ret_t ret;
  16820. size_t bytes;
  16821. WC_RNG rng;
  16822. #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
  16823. byte* tmp = NULL;
  16824. byte* der = NULL;
  16825. RsaKey *key = (RsaKey *)XMALLOC(sizeof *key, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  16826. #else
  16827. RsaKey key[1];
  16828. byte tmp[FOURK_BUF];
  16829. #endif
  16830. #if defined(WOLFSSL_CERT_EXT) || defined(WOLFSSL_CERT_GEN)
  16831. #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
  16832. RsaKey *keypub = (RsaKey *)XMALLOC(sizeof *keypub, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  16833. #else
  16834. RsaKey keypub[1];
  16835. #endif
  16836. #endif
  16837. word32 idx = 0;
  16838. const char inStr[] = TEST_STRING;
  16839. const word32 inLen = (word32)TEST_STRING_SZ;
  16840. const word32 outSz = RSA_TEST_BYTES;
  16841. const word32 plainSz = RSA_TEST_BYTES;
  16842. byte* res = NULL;
  16843. #ifndef NO_SIG_WRAPPER
  16844. int modLen;
  16845. #endif
  16846. #if !defined(USE_CERT_BUFFERS_1024) && !defined(USE_CERT_BUFFERS_2048) && \
  16847. !defined(USE_CERT_BUFFERS_3072) && !defined(USE_CERT_BUFFERS_4096) && \
  16848. !defined(NO_FILESYSTEM)
  16849. XFILE file;
  16850. #ifdef WOLFSSL_TEST_CERT
  16851. XFILE file2;
  16852. #endif
  16853. #endif
  16854. #ifdef WOLFSSL_TEST_CERT
  16855. #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
  16856. DecodedCert *cert = (DecodedCert *)XMALLOC(sizeof *cert, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  16857. #else
  16858. DecodedCert cert[1];
  16859. #endif
  16860. #ifndef NO_ASN_TIME
  16861. struct tm timearg;
  16862. const byte* date;
  16863. byte dateFormat;
  16864. int dateLength;
  16865. #endif
  16866. #endif
  16867. WC_DECLARE_VAR(in, byte, TEST_STRING_SZ, HEAP_HINT);
  16868. WC_DECLARE_VAR(out, byte, RSA_TEST_BYTES, HEAP_HINT);
  16869. WC_DECLARE_VAR(plain, byte, RSA_TEST_BYTES, HEAP_HINT);
  16870. WC_ALLOC_VAR(in, byte, TEST_STRING_SZ, HEAP_HINT);
  16871. WC_ALLOC_VAR(out, byte, RSA_TEST_BYTES, HEAP_HINT);
  16872. WC_ALLOC_VAR(plain, byte, RSA_TEST_BYTES, HEAP_HINT);
  16873. #ifdef WC_DECLARE_VAR_IS_HEAP_ALLOC
  16874. if (in == NULL || out == NULL || plain == NULL)
  16875. ERROR_OUT(MEMORY_E, exit_rsa);
  16876. #endif
  16877. XMEMCPY(in, inStr, inLen);
  16878. #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
  16879. if (key == NULL)
  16880. ERROR_OUT(MEMORY_E, exit_rsa);
  16881. #if defined(WOLFSSL_CERT_EXT) || defined(WOLFSSL_CERT_GEN)
  16882. if (keypub == NULL)
  16883. ERROR_OUT(MEMORY_E, exit_rsa);
  16884. #endif
  16885. #ifdef WOLFSSL_TEST_CERT
  16886. if (cert == NULL)
  16887. ERROR_OUT(MEMORY_E, exit_rsa);
  16888. #endif
  16889. #endif /* WOLFSSL_SMALL_STACK && !WOLFSSL_NO_MALLOC */
  16890. /* initialize stack structures */
  16891. XMEMSET(&rng, 0, sizeof(rng));
  16892. XMEMSET(key, 0, sizeof *key);
  16893. #if defined(WOLFSSL_CERT_EXT) || defined(WOLFSSL_CERT_GEN)
  16894. XMEMSET(keypub, 0, sizeof *keypub);
  16895. #endif
  16896. #if !defined(NO_ASN)
  16897. ret = rsa_decode_test(key);
  16898. if (ret != 0)
  16899. ERROR_OUT(ret, exit_rsa);
  16900. #endif
  16901. #ifdef USE_CERT_BUFFERS_1024
  16902. bytes = (size_t)sizeof_client_key_der_1024;
  16903. if (bytes < (size_t)sizeof_client_cert_der_1024)
  16904. bytes = (size_t)sizeof_client_cert_der_1024;
  16905. #elif defined(USE_CERT_BUFFERS_2048)
  16906. bytes = (size_t)sizeof_client_key_der_2048;
  16907. if (bytes < (size_t)sizeof_client_cert_der_2048)
  16908. bytes = (size_t)sizeof_client_cert_der_2048;
  16909. #elif defined(USE_CERT_BUFFERS_3072)
  16910. bytes = (size_t)sizeof_client_key_der_3072;
  16911. if (bytes < (size_t)sizeof_client_cert_der_3072)
  16912. bytes = (size_t)sizeof_client_cert_der_3072;
  16913. #elif defined(USE_CERT_BUFFERS_4096)
  16914. bytes = (size_t)sizeof_client_key_der_4096;
  16915. if (bytes < (size_t)sizeof_client_cert_der_4096)
  16916. bytes = (size_t)sizeof_client_cert_der_4096;
  16917. #else
  16918. bytes = FOURK_BUF;
  16919. #endif
  16920. #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
  16921. tmp = (byte*)XMALLOC(bytes, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  16922. if (tmp == NULL)
  16923. ERROR_OUT(WC_TEST_RET_ENC_ERRNO, exit_rsa);
  16924. #endif
  16925. #ifdef USE_CERT_BUFFERS_1024
  16926. XMEMCPY(tmp, client_key_der_1024, (size_t)sizeof_client_key_der_1024);
  16927. #elif defined(USE_CERT_BUFFERS_2048)
  16928. XMEMCPY(tmp, client_key_der_2048, (size_t)sizeof_client_key_der_2048);
  16929. #elif defined(USE_CERT_BUFFERS_3072)
  16930. XMEMCPY(tmp, client_key_der_3072, (size_t)sizeof_client_key_der_3072);
  16931. #elif defined(USE_CERT_BUFFERS_4096)
  16932. XMEMCPY(tmp, client_key_der_4096, (size_t)sizeof_client_key_der_4096);
  16933. #elif !defined(NO_FILESYSTEM)
  16934. file = XFOPEN(clientKey, "rb");
  16935. if (!file) {
  16936. err_sys("can't open ./certs/client-key.der, "
  16937. "Please run from wolfSSL home dir", WC_TEST_RET_ENC_ERRNO);
  16938. ERROR_OUT(WC_TEST_RET_ENC_ERRNO, exit_rsa);
  16939. }
  16940. bytes = XFREAD(tmp, 1, FOURK_BUF, file);
  16941. XFCLOSE(file);
  16942. if (bytes == 0)
  16943. ERROR_OUT(WC_TEST_RET_ENC_ERRNO, exit_rsa);
  16944. #else
  16945. /* No key to use. */
  16946. ERROR_OUT(WC_TEST_RET_ENC_NC, exit_rsa);
  16947. #endif /* USE_CERT_BUFFERS */
  16948. ret = wc_InitRsaKey_ex(key, HEAP_HINT, devId);
  16949. if (ret != 0)
  16950. ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_rsa);
  16951. #ifndef NO_ASN
  16952. ret = wc_RsaPrivateKeyDecode(tmp, &idx, key, (word32)bytes);
  16953. if (ret != 0)
  16954. ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_rsa);
  16955. #ifndef NO_SIG_WRAPPER
  16956. modLen = wc_RsaEncryptSize(key);
  16957. #endif
  16958. #else
  16959. #ifdef USE_CERT_BUFFERS_2048
  16960. ret = mp_read_unsigned_bin(&key->n, &tmp[12], 256);
  16961. if (ret != 0)
  16962. ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_rsa);
  16963. ret = mp_set_int(&key->e, WC_RSA_EXPONENT);
  16964. if (ret != 0)
  16965. ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_rsa);
  16966. #ifndef NO_SIG_WRAPPER
  16967. modLen = 2048;
  16968. #endif
  16969. #else
  16970. #error Not supported yet!
  16971. #endif
  16972. #endif
  16973. #ifndef WC_NO_RNG
  16974. #ifndef HAVE_FIPS
  16975. ret = wc_InitRng_ex(&rng, HEAP_HINT, devId);
  16976. #else
  16977. ret = wc_InitRng(&rng);
  16978. #endif
  16979. if (ret != 0)
  16980. ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_rsa);
  16981. #endif
  16982. #ifndef NO_SIG_WRAPPER
  16983. ret = rsa_sig_test(key, sizeof *key, modLen, &rng);
  16984. if (ret != 0)
  16985. goto exit_rsa;
  16986. #endif
  16987. #ifdef WC_RSA_NONBLOCK
  16988. ret = rsa_nb_test(key, in, inLen, out, outSz, plain, plainSz, &rng);
  16989. if (ret != 0)
  16990. goto exit_rsa;
  16991. #endif
  16992. #if !defined(WOLFSSL_RSA_VERIFY_ONLY) && !defined(WOLFSSL_RSA_PUBLIC_ONLY) && \
  16993. !defined(WC_NO_RNG) && !defined(WOLF_CRYPTO_CB_ONLY_RSA)
  16994. do {
  16995. #if defined(WOLFSSL_ASYNC_CRYPT)
  16996. ret = wc_AsyncWait(ret, &key->asyncDev, WC_ASYNC_FLAG_CALL_AGAIN);
  16997. #endif
  16998. if (ret >= 0) {
  16999. ret = wc_RsaPublicEncrypt(in, inLen, out, outSz, key, &rng);
  17000. }
  17001. } while (ret == WC_PENDING_E);
  17002. if (ret < 0)
  17003. ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_rsa);
  17004. TEST_SLEEP();
  17005. #ifdef WC_RSA_BLINDING
  17006. {
  17007. wc_test_ret_t tmpret = ret;
  17008. ret = wc_RsaSetRNG(key, &rng);
  17009. if (ret < 0)
  17010. ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_rsa);
  17011. ret = tmpret;
  17012. }
  17013. #endif
  17014. idx = (word32)ret; /* save off encrypted length */
  17015. do {
  17016. #if defined(WOLFSSL_ASYNC_CRYPT)
  17017. ret = wc_AsyncWait(ret, &key->asyncDev, WC_ASYNC_FLAG_CALL_AGAIN);
  17018. #endif
  17019. if (ret >= 0) {
  17020. ret = wc_RsaPrivateDecrypt(out, idx, plain, plainSz, key);
  17021. }
  17022. } while (ret == WC_PENDING_E);
  17023. if (ret < 0)
  17024. ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_rsa);
  17025. if (XMEMCMP(plain, in, inLen)) {
  17026. ERROR_OUT(WC_TEST_RET_ENC_NC, exit_rsa);
  17027. }
  17028. TEST_SLEEP();
  17029. do {
  17030. #if defined(WOLFSSL_ASYNC_CRYPT)
  17031. ret = wc_AsyncWait(ret, &key->asyncDev, WC_ASYNC_FLAG_CALL_AGAIN);
  17032. #endif
  17033. if (ret >= 0) {
  17034. ret = wc_RsaPrivateDecryptInline(out, idx, &res, key);
  17035. }
  17036. } while (ret == WC_PENDING_E);
  17037. if (ret < 0)
  17038. ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_rsa);
  17039. if (ret != (int)inLen) {
  17040. ERROR_OUT(WC_TEST_RET_ENC_NC, exit_rsa);
  17041. }
  17042. if (XMEMCMP(res, in, inLen)) {
  17043. ERROR_OUT(WC_TEST_RET_ENC_NC, exit_rsa);
  17044. }
  17045. TEST_SLEEP();
  17046. do {
  17047. #if defined(WOLFSSL_ASYNC_CRYPT)
  17048. ret = wc_AsyncWait(ret, &key->asyncDev, WC_ASYNC_FLAG_CALL_AGAIN);
  17049. #endif
  17050. if (ret >= 0) {
  17051. ret = wc_RsaSSL_Sign(in, inLen, out, outSz, key, &rng);
  17052. }
  17053. } while (ret == WC_PENDING_E);
  17054. if (ret < 0)
  17055. ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_rsa);
  17056. TEST_SLEEP();
  17057. #elif defined(WOLFSSL_PUBLIC_MP)
  17058. {
  17059. static const byte signature_2048[] = {
  17060. 0x07, 0x6f, 0xc9, 0x85, 0x73, 0x9e, 0x21, 0x79,
  17061. 0x47, 0xf1, 0xa3, 0xd7, 0xf4, 0x27, 0x29, 0xbe,
  17062. 0x99, 0x5d, 0xac, 0xb2, 0x10, 0x3f, 0x95, 0xda,
  17063. 0x89, 0x23, 0xb8, 0x96, 0x13, 0x57, 0x72, 0x30,
  17064. 0xa1, 0xfe, 0x5a, 0x68, 0x9c, 0x99, 0x9d, 0x1e,
  17065. 0x05, 0xa4, 0x80, 0xb0, 0xbb, 0xd9, 0xd9, 0xa1,
  17066. 0x69, 0x97, 0x74, 0xb3, 0x41, 0x21, 0x3b, 0x47,
  17067. 0xf5, 0x51, 0xb1, 0xfb, 0xc7, 0xaa, 0xcc, 0xdc,
  17068. 0xcd, 0x76, 0xa0, 0x28, 0x4d, 0x27, 0x14, 0xa4,
  17069. 0xb9, 0x41, 0x68, 0x7c, 0xb3, 0x66, 0xe6, 0x6f,
  17070. 0x40, 0x76, 0xe4, 0x12, 0xfd, 0xae, 0x29, 0xb5,
  17071. 0x63, 0x60, 0x87, 0xce, 0x49, 0x6b, 0xf3, 0x05,
  17072. 0x9a, 0x14, 0xb5, 0xcc, 0xcd, 0xf7, 0x30, 0x95,
  17073. 0xd2, 0x72, 0x52, 0x1d, 0x5b, 0x7e, 0xef, 0x4a,
  17074. 0x02, 0x96, 0x21, 0x6c, 0x55, 0xa5, 0x15, 0xb1,
  17075. 0x57, 0x63, 0x2c, 0xa3, 0x8e, 0x9d, 0x3d, 0x45,
  17076. 0xcc, 0xb8, 0xe6, 0xa1, 0xc8, 0x59, 0xcd, 0xf5,
  17077. 0xdc, 0x0a, 0x51, 0xb6, 0x9d, 0xfb, 0xf4, 0x6b,
  17078. 0xfd, 0x32, 0x71, 0x6e, 0xcf, 0xcb, 0xb3, 0xd9,
  17079. 0xe0, 0x4a, 0x77, 0x34, 0xd6, 0x61, 0xf5, 0x7c,
  17080. 0xf9, 0xa9, 0xa4, 0xb0, 0x8e, 0x3b, 0xd6, 0x04,
  17081. 0xe0, 0xde, 0x2b, 0x5b, 0x5a, 0xbf, 0xd9, 0xef,
  17082. 0x8d, 0xa3, 0xf5, 0xb1, 0x67, 0xf3, 0xb9, 0x72,
  17083. 0x0a, 0x37, 0x12, 0x35, 0x6c, 0x8e, 0x10, 0x8b,
  17084. 0x38, 0x06, 0x16, 0x4b, 0x20, 0x20, 0x13, 0x00,
  17085. 0x2e, 0x6d, 0xc2, 0x59, 0x23, 0x67, 0x4a, 0x6d,
  17086. 0xa1, 0x46, 0x8b, 0xee, 0xcf, 0x44, 0xb4, 0x3e,
  17087. 0x56, 0x75, 0x00, 0x68, 0xb5, 0x7d, 0x0f, 0x20,
  17088. 0x79, 0x5d, 0x7f, 0x12, 0x15, 0x32, 0x89, 0x61,
  17089. 0x6b, 0x29, 0xb7, 0x52, 0xf5, 0x25, 0xd8, 0x98,
  17090. 0xe8, 0x6f, 0xf9, 0x22, 0xb4, 0xbb, 0xe5, 0xff,
  17091. 0xd0, 0x92, 0x86, 0x9a, 0x88, 0xa2, 0xaf, 0x6b
  17092. };
  17093. ret = sizeof(signature_2048);
  17094. XMEMCPY(out, signature_2048, ret);
  17095. }
  17096. #endif
  17097. #if !defined(WC_NO_RNG) && !defined(WC_NO_RSA_OAEP) && \
  17098. ((!defined(WOLFSSL_RSA_VERIFY_ONLY) && !defined(WOLFSSL_RSA_PUBLIC_ONLY)) || \
  17099. defined(WOLFSSL_PUBLIC_MP)) && !defined(WOLF_CRYPTO_CB_ONLY_RSA)
  17100. idx = (word32)ret;
  17101. XMEMSET(plain, 0, plainSz);
  17102. do {
  17103. #if defined(WOLFSSL_ASYNC_CRYPT)
  17104. ret = wc_AsyncWait(ret, &key->asyncDev, WC_ASYNC_FLAG_CALL_AGAIN);
  17105. #endif
  17106. if (ret >= 0) {
  17107. #ifndef WOLFSSL_RSA_VERIFY_INLINE
  17108. #if defined(WOLFSSL_CRYPTOCELL)
  17109. /*
  17110. Cryptocell requires the input data and signature byte array to verify.
  17111. first argument must be the input data
  17112. second argument must be the length of input data
  17113. third argument must be the signature byte array or the output from
  17114. wc_RsaSSL_Sign()
  17115. fourth argument must be the length of the signature byte array
  17116. */
  17117. ret = wc_RsaSSL_Verify(in, inLen, out, outSz, key);
  17118. #else
  17119. ret = wc_RsaSSL_Verify(out, idx, plain, plainSz, key);
  17120. #endif /* WOLFSSL_CRYPTOCELL */
  17121. #else
  17122. byte* dec = NULL;
  17123. ret = wc_RsaSSL_VerifyInline(out, idx, &dec, key);
  17124. if (ret > 0) {
  17125. XMEMCPY(plain, dec, ret);
  17126. }
  17127. #endif
  17128. }
  17129. } while (ret == WC_PENDING_E);
  17130. if (ret < 0)
  17131. ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_rsa);
  17132. if (XMEMCMP(plain, in, (size_t)ret)) {
  17133. ERROR_OUT(WC_TEST_RET_ENC_NC, exit_rsa);
  17134. }
  17135. TEST_SLEEP();
  17136. #endif
  17137. #ifndef WOLFSSL_RSA_VERIFY_ONLY
  17138. #if !defined(WC_NO_RSA_OAEP) && !defined(WC_NO_RNG)
  17139. #if (!defined(HAVE_FIPS) || \
  17140. (defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION >= 2))) \
  17141. && !defined(WOLF_CRYPTO_CB_ONLY_RSA)
  17142. ret = rsa_oaep_padding_test(key, &rng);
  17143. if (ret != 0)
  17144. return ret;
  17145. #endif /* !HAVE_FIPS */
  17146. #endif /* WC_NO_RSA_OAEP && !WC_NO_RNG */
  17147. #endif /* WOLFSSL_RSA_VERIFY_ONLY */
  17148. #if !defined(HAVE_FIPS) && !defined(NO_ASN) \
  17149. && !defined(WOLFSSL_RSA_VERIFY_ONLY)
  17150. ret = rsa_export_key_test(key);
  17151. if (ret != 0)
  17152. return ret;
  17153. #endif
  17154. #if !defined(NO_ASN) && !defined(WOLFSSL_RSA_PUBLIC_ONLY) && \
  17155. !defined(WOLFSSL_RSA_VERIFY_ONLY)
  17156. ret = rsa_flatten_test(key);
  17157. if (ret != 0)
  17158. return ret;
  17159. #endif
  17160. #if !defined(NO_FILESYSTEM) && !defined(NO_RSA) && !defined(NO_ASN) && \
  17161. !defined(USE_CERT_BUFFERS_1024) && !defined(USE_CERT_BUFFERS_2048) && \
  17162. !defined(USE_CERT_BUFFERS_3072) && !defined(USE_CERT_BUFFERS_4096)
  17163. (void)clientCert;
  17164. #endif
  17165. #ifdef WOLFSSL_TEST_CERT
  17166. #if defined(WOLFSSL_MDK_ARM)
  17167. #define sizeof(s) XSTRLEN((char *)(s))
  17168. #endif
  17169. #ifdef USE_CERT_BUFFERS_1024
  17170. XMEMCPY(tmp, client_cert_der_1024, (size_t)sizeof_client_cert_der_1024);
  17171. bytes = (size_t)sizeof_client_cert_der_1024;
  17172. #elif defined(USE_CERT_BUFFERS_2048)
  17173. XMEMCPY(tmp, client_cert_der_2048, (size_t)sizeof_client_cert_der_2048);
  17174. bytes = (size_t)sizeof_client_cert_der_2048;
  17175. #elif defined(USE_CERT_BUFFERS_3072)
  17176. XMEMCPY(tmp, client_cert_der_3072, (size_t)sizeof_client_cert_der_3072);
  17177. bytes = (size_t)sizeof_client_cert_der_3072;
  17178. #elif defined(USE_CERT_BUFFERS_4096)
  17179. XMEMCPY(tmp, client_cert_der_4096, (size_t)sizeof_client_cert_der_4096);
  17180. bytes = (size_t)sizeof_client_cert_der_4096;
  17181. #elif !defined(NO_FILESYSTEM)
  17182. file2 = XFOPEN(clientCert, "rb");
  17183. if (!file2) {
  17184. ERROR_OUT(WC_TEST_RET_ENC_ERRNO, exit_rsa);
  17185. }
  17186. bytes = XFREAD(tmp, 1, FOURK_BUF, file2);
  17187. XFCLOSE(file2);
  17188. if (bytes == 0)
  17189. ERROR_OUT(WC_TEST_RET_ENC_ERRNO, exit_rsa);
  17190. #else
  17191. /* No certificate to use. */
  17192. ERROR_OUT(WC_TEST_RET_ENC_NC, exit_rsa);
  17193. #endif
  17194. #ifdef sizeof
  17195. #undef sizeof
  17196. #endif
  17197. InitDecodedCert(cert, tmp, (word32)bytes, NULL);
  17198. ret = ParseCert(cert, CERT_TYPE, NO_VERIFY, NULL);
  17199. if (ret != 0) {
  17200. FreeDecodedCert(cert);
  17201. ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_rsa);
  17202. }
  17203. #ifndef NO_ASN_TIME
  17204. ret = wc_GetDateInfo(cert->afterDate, cert->afterDateLen, &date,
  17205. &dateFormat, &dateLength);
  17206. if (ret != 0) {
  17207. FreeDecodedCert(cert);
  17208. ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_rsa);
  17209. }
  17210. ret = wc_GetDateAsCalendarTime(date, dateLength, dateFormat, &timearg);
  17211. if (ret != 0) {
  17212. FreeDecodedCert(cert);
  17213. ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_rsa);
  17214. }
  17215. #endif
  17216. FreeDecodedCert(cert);
  17217. #endif /* WOLFSSL_TEST_CERT */
  17218. #ifdef WOLFSSL_CERT_EXT
  17219. #ifdef USE_CERT_BUFFERS_1024
  17220. XMEMCPY(tmp, client_keypub_der_1024, sizeof_client_keypub_der_1024);
  17221. bytes = sizeof_client_keypub_der_1024;
  17222. #elif defined(USE_CERT_BUFFERS_2048)
  17223. XMEMCPY(tmp, client_keypub_der_2048, sizeof_client_keypub_der_2048);
  17224. bytes = sizeof_client_keypub_der_2048;
  17225. #elif defined(USE_CERT_BUFFERS_3072)
  17226. XMEMCPY(tmp, client_keypub_der_3072, sizeof_client_keypub_der_3072);
  17227. bytes = sizeof_client_keypub_der_3072;
  17228. #elif defined(USE_CERT_BUFFERS_4096)
  17229. XMEMCPY(tmp, client_keypub_der_4096, sizeof_client_keypub_der_4096);
  17230. bytes = sizeof_client_keypub_der_4096;
  17231. #else
  17232. file = XFOPEN(clientKeyPub, "rb");
  17233. if (!file) {
  17234. err_sys("can't open ./certs/client-keyPub.der, "
  17235. "Please run from wolfSSL home dir", WC_TEST_RET_ENC_ERRNO);
  17236. ERROR_OUT(WC_TEST_RET_ENC_ERRNO, exit_rsa);
  17237. }
  17238. bytes = XFREAD(tmp, 1, FOURK_BUF, file);
  17239. XFCLOSE(file);
  17240. if (bytes == 0)
  17241. ERROR_OUT(WC_TEST_RET_ENC_ERRNO, exit_rsa);
  17242. #endif /* USE_CERT_BUFFERS */
  17243. ret = wc_InitRsaKey(keypub, HEAP_HINT);
  17244. if (ret != 0)
  17245. ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_rsa);
  17246. idx = 0;
  17247. ret = wc_RsaPublicKeyDecode(tmp, &idx, keypub, (word32)bytes);
  17248. if (ret != 0)
  17249. ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_rsa);
  17250. #endif /* WOLFSSL_CERT_EXT */
  17251. #ifdef WOLFSSL_KEY_GEN
  17252. ret = rsa_keygen_test(&rng);
  17253. if (ret != 0)
  17254. goto exit_rsa;
  17255. #endif
  17256. #if defined(WOLFSSL_CERT_GEN) && !defined(NO_ASN_TIME)
  17257. /* Make Cert / Sign example for RSA cert and RSA CA */
  17258. ret = rsa_certgen_test(key, keypub, &rng, tmp);
  17259. if (ret != 0)
  17260. goto exit_rsa;
  17261. #if !defined(NO_RSA) && defined(HAVE_ECC) && !defined(NO_ECC_SECP)
  17262. ret = rsa_ecc_certgen_test(&rng, tmp);
  17263. if (ret != 0)
  17264. goto exit_rsa;
  17265. #endif
  17266. #if defined(WOLFSSL_CERT_REQ) && !defined(WOLFSSL_NO_MALLOC)
  17267. {
  17268. Cert *req;
  17269. int derSz;
  17270. #ifndef WOLFSSL_SMALL_STACK
  17271. byte* der = NULL;
  17272. #endif
  17273. req = (Cert *)XMALLOC(sizeof *req, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  17274. if (! req)
  17275. ERROR_OUT(MEMORY_E, exit_rsa);
  17276. der = (byte*)XMALLOC(FOURK_BUF, HEAP_HINT,DYNAMIC_TYPE_TMP_BUFFER);
  17277. if (der == NULL) {
  17278. ERROR_OUT(WC_TEST_RET_ENC_ERRNO, exit_rsa);
  17279. }
  17280. ret = wc_InitCert_ex(req, HEAP_HINT, devId);
  17281. if (ret != 0)
  17282. ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_rsa);
  17283. req->version = 0;
  17284. req->isCA = 1;
  17285. XSTRNCPY(req->challengePw, "wolf123", CTC_NAME_SIZE);
  17286. XMEMCPY(&req->subject, &certDefaultName, sizeof(CertName));
  17287. #ifndef NO_SHA256
  17288. req->sigType = CTC_SHA256wRSA;
  17289. #else
  17290. req->sigType = CTC_SHAwRSA;
  17291. #endif
  17292. #ifdef WOLFSSL_CERT_EXT
  17293. /* add SKID from the Public Key */
  17294. ret = wc_SetSubjectKeyIdFromPublicKey(req, keypub, NULL);
  17295. if (ret != 0)
  17296. ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_rsa);
  17297. /* add Key Usage */
  17298. ret = wc_SetKeyUsage(req, certKeyUsage2);
  17299. if (ret != 0)
  17300. ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_rsa);
  17301. /* add Extended Key Usage */
  17302. ret = wc_SetExtKeyUsage(req,
  17303. "serverAuth,clientAuth,codeSigning,"
  17304. "emailProtection,timeStamping,OCSPSigning");
  17305. if (ret != 0)
  17306. ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_rsa);
  17307. #ifdef WOLFSSL_EKU_OID
  17308. {
  17309. WOLFSSL_SMALL_STACK_STATIC const char unique[] =
  17310. "2.16.840.1.111111.100.1.10.1";
  17311. ret = wc_SetExtKeyUsageOID(req, unique, sizeof(unique), 0,
  17312. HEAP_HINT);
  17313. if (ret != 0)
  17314. ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_rsa);
  17315. }
  17316. #endif /* WOLFSSL_EKU_OID */
  17317. #endif /* WOLFSSL_CERT_EXT */
  17318. derSz = wc_MakeCertReq(req, der, FOURK_BUF, key, NULL);
  17319. if (derSz < 0) {
  17320. ERROR_OUT(WC_TEST_RET_ENC_EC(derSz), exit_rsa);
  17321. }
  17322. #ifdef WOLFSSL_CERT_EXT
  17323. /* Try again with "any" flag set, will override all others */
  17324. ret = wc_SetExtKeyUsage(req, "any");
  17325. if (ret != 0)
  17326. ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_rsa);
  17327. derSz = wc_MakeCertReq(req, der, FOURK_BUF, key, NULL);
  17328. if (derSz < 0) {
  17329. ERROR_OUT(WC_TEST_RET_ENC_EC(derSz), exit_rsa);
  17330. }
  17331. #endif /* WOLFSSL_CERT_EXT */
  17332. ret = 0;
  17333. do {
  17334. #if defined(WOLFSSL_ASYNC_CRYPT)
  17335. ret = wc_AsyncWait(ret, &key->asyncDev, WC_ASYNC_FLAG_CALL_AGAIN);
  17336. #endif
  17337. if (ret >= 0) {
  17338. ret = wc_SignCert(req->bodySz, req->sigType, der, FOURK_BUF,
  17339. key, NULL, &rng);
  17340. }
  17341. } while (ret == WC_PENDING_E);
  17342. if (ret < 0)
  17343. ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_rsa);
  17344. derSz = (word32)ret;
  17345. ret = SaveDerAndPem(der, derSz, certReqDerFile, certReqPemFile,
  17346. CERTREQ_TYPE);
  17347. if (ret != 0) {
  17348. goto exit_rsa;
  17349. }
  17350. derSz = wc_MakeCertReq_ex(req, der, FOURK_BUF, RSA_TYPE, key);
  17351. if (derSz < 0) {
  17352. ERROR_OUT(WC_TEST_RET_ENC_EC(derSz), exit_rsa);
  17353. }
  17354. /* Test getting the size of the buffer without providing the buffer.
  17355. * derSz is set to the "largest buffer" we are willing to allocate. */
  17356. derSz = wc_MakeCertReq(req, NULL, 10000, key, NULL);
  17357. if (derSz < 0) {
  17358. ERROR_OUT(WC_TEST_RET_ENC_EC(derSz), exit_rsa);
  17359. }
  17360. XFREE(der, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  17361. XFREE(req, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  17362. der = NULL;
  17363. }
  17364. #endif /* WOLFSSL_CERT_REQ */
  17365. #endif /* WOLFSSL_CERT_GEN */
  17366. #if defined(WC_RSA_PSS) && !defined(HAVE_FIPS_VERSION) /* not supported with FIPSv1 */
  17367. /* Need to create known good signatures to test with this. */
  17368. #if !defined(WOLFSSL_RSA_VERIFY_ONLY) && !defined(WOLFSSL_RSA_PUBLIC_ONLY) && \
  17369. !defined(WOLF_CRYPTO_CB_ONLY_RSA)
  17370. ret = rsa_pss_test(&rng, key);
  17371. if (ret != 0)
  17372. goto exit_rsa;
  17373. #endif
  17374. #endif
  17375. #if defined(WOLFSSL_HAVE_SP_RSA) && defined(USE_FAST_MATH)
  17376. #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
  17377. /* New key to be loaded in rsa_even_mod_test(). */
  17378. if (key != NULL)
  17379. #endif
  17380. wc_FreeRsaKey(key);
  17381. /* New key to be loaded in rsa_even_mod_test(). */
  17382. ret = rsa_even_mod_test(&rng, key);
  17383. #endif
  17384. exit_rsa:
  17385. #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
  17386. if (key != NULL) {
  17387. wc_FreeRsaKey(key);
  17388. XFREE(key, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  17389. }
  17390. #if defined(WOLFSSL_CERT_EXT) || defined(WOLFSSL_CERT_GEN)
  17391. if (keypub != NULL) {
  17392. wc_FreeRsaKey(keypub);
  17393. XFREE(keypub, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  17394. }
  17395. #endif
  17396. #ifdef WOLFSSL_TEST_CERT
  17397. if (cert != NULL)
  17398. XFREE(cert, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  17399. #endif
  17400. XFREE(der, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  17401. XFREE(tmp, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  17402. #else
  17403. wc_FreeRsaKey(key);
  17404. #if defined(WOLFSSL_CERT_EXT) || defined(WOLFSSL_CERT_GEN)
  17405. wc_FreeRsaKey(keypub);
  17406. #endif
  17407. #endif /* WOLFSSL_SMALL_STACK && !WOLFSSL_NO_MALLOC */
  17408. wc_FreeRng(&rng);
  17409. WC_FREE_VAR(in, HEAP_HINT);
  17410. WC_FREE_VAR(out, HEAP_HINT);
  17411. WC_FREE_VAR(plain, HEAP_HINT);
  17412. (void)res;
  17413. (void)bytes;
  17414. (void)idx;
  17415. (void)in;
  17416. (void)out;
  17417. (void)plain;
  17418. (void)idx;
  17419. (void)inStr;
  17420. (void)inLen;
  17421. (void)outSz;
  17422. (void)plainSz;
  17423. /* ret can be greater then 0 with certgen but all negative values should
  17424. * be returned and treated as an error */
  17425. if (ret >= 0) {
  17426. return 0;
  17427. }
  17428. else {
  17429. return ret;
  17430. }
  17431. }
  17432. #endif /* !NO_RSA */
  17433. #ifndef NO_DH
  17434. static wc_test_ret_t dh_fips_generate_test(WC_RNG *rng)
  17435. {
  17436. wc_test_ret_t ret = 0;
  17437. #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
  17438. DhKey *key = (DhKey *)XMALLOC(sizeof *key, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  17439. #else
  17440. DhKey key[1];
  17441. #endif
  17442. WOLFSSL_SMALL_STACK_STATIC const byte p[] = {
  17443. 0xc5, 0x7c, 0xa2, 0x4f, 0x4b, 0xd6, 0x8c, 0x3c,
  17444. 0xda, 0xc7, 0xba, 0xaa, 0xea, 0x2e, 0x5c, 0x1e,
  17445. 0x18, 0xb2, 0x7b, 0x8c, 0x55, 0x65, 0x9f, 0xea,
  17446. 0xe0, 0xa1, 0x36, 0x53, 0x2b, 0x36, 0xe0, 0x4e,
  17447. 0x3e, 0x64, 0xa9, 0xe4, 0xfc, 0x8f, 0x32, 0x62,
  17448. 0x97, 0xe4, 0xbe, 0xf7, 0xc1, 0xde, 0x07, 0x5a,
  17449. 0x89, 0x28, 0xf3, 0xfe, 0x4f, 0xfe, 0x68, 0xbc,
  17450. 0xfb, 0x0a, 0x7c, 0xa4, 0xb3, 0x14, 0x48, 0x89,
  17451. 0x9f, 0xaf, 0xb8, 0x43, 0xe2, 0xa0, 0x62, 0x5c,
  17452. 0xb4, 0x88, 0x3f, 0x06, 0x50, 0x11, 0xfe, 0x65,
  17453. 0x8d, 0x49, 0xd2, 0xf5, 0x4b, 0x74, 0x79, 0xdb,
  17454. 0x06, 0x62, 0x92, 0x89, 0xed, 0xda, 0xcb, 0x87,
  17455. 0x37, 0x16, 0xd2, 0xa1, 0x7a, 0xe8, 0xde, 0x92,
  17456. 0xee, 0x3e, 0x41, 0x4a, 0x91, 0x5e, 0xed, 0xf3,
  17457. 0x6c, 0x6b, 0x7e, 0xfd, 0x15, 0x92, 0x18, 0xfc,
  17458. 0xa7, 0xac, 0x42, 0x85, 0x57, 0xe9, 0xdc, 0xda,
  17459. 0x55, 0xc9, 0x8b, 0x28, 0x9e, 0xc1, 0xc4, 0x46,
  17460. 0x4d, 0x88, 0xed, 0x62, 0x8e, 0xdb, 0x3f, 0xb9,
  17461. 0xd7, 0xc8, 0xe3, 0xcf, 0xb8, 0x34, 0x2c, 0xd2,
  17462. 0x6f, 0x28, 0x06, 0x41, 0xe3, 0x66, 0x8c, 0xfc,
  17463. 0x72, 0xff, 0x26, 0x3b, 0x6b, 0x6c, 0x6f, 0x73,
  17464. 0xde, 0xf2, 0x90, 0x29, 0xe0, 0x61, 0x32, 0xc4,
  17465. 0x12, 0x74, 0x09, 0x52, 0xec, 0xf3, 0x1b, 0xa6,
  17466. 0x45, 0x98, 0xac, 0xf9, 0x1c, 0x65, 0x8e, 0x3a,
  17467. 0x91, 0x84, 0x4b, 0x23, 0x8a, 0xb2, 0x3c, 0xc9,
  17468. 0xfa, 0xea, 0xf1, 0x38, 0xce, 0xd8, 0x05, 0xe0,
  17469. 0xfa, 0x44, 0x68, 0x1f, 0xeb, 0xd9, 0x57, 0xb8,
  17470. 0x4a, 0x97, 0x5b, 0x88, 0xc5, 0xf1, 0xbb, 0xb0,
  17471. 0x49, 0xc3, 0x91, 0x7c, 0xd3, 0x13, 0xb9, 0x47,
  17472. 0xbb, 0x91, 0x8f, 0xe5, 0x26, 0x07, 0xab, 0xa9,
  17473. 0xc5, 0xd0, 0x3d, 0x95, 0x41, 0x26, 0x92, 0x9d,
  17474. 0x13, 0x67, 0xf2, 0x7e, 0x11, 0x88, 0xdc, 0x2d
  17475. };
  17476. WOLFSSL_SMALL_STACK_STATIC const byte g[] = {
  17477. 0x4a, 0x1a, 0xf3, 0xa4, 0x92, 0xe9, 0xee, 0x74,
  17478. 0x6e, 0x57, 0xd5, 0x8c, 0x2c, 0x5b, 0x41, 0x41,
  17479. 0x5e, 0xd4, 0x55, 0x19, 0xdc, 0xd9, 0x32, 0x91,
  17480. 0xf7, 0xfd, 0xc2, 0x57, 0xff, 0x03, 0x14, 0xdb,
  17481. 0xf1, 0xb7, 0x60, 0x0c, 0x43, 0x59, 0x3f, 0xff,
  17482. 0xac, 0xf1, 0x80, 0x9a, 0x15, 0x6f, 0xd8, 0x6e,
  17483. 0xb7, 0x85, 0x18, 0xc8, 0xec, 0x4e, 0x59, 0x4a,
  17484. 0xe2, 0x91, 0x43, 0x4c, 0xeb, 0x95, 0xb6, 0x2e,
  17485. 0x9a, 0xea, 0x53, 0x68, 0x80, 0x64, 0x69, 0x40,
  17486. 0xf9, 0xec, 0xbd, 0x85, 0x89, 0x26, 0x97, 0x67,
  17487. 0xaf, 0xb0, 0xad, 0x00, 0x1b, 0xd4, 0xfd, 0x94,
  17488. 0xd3, 0xe9, 0x92, 0xb1, 0xb4, 0xbc, 0x5a, 0xaa,
  17489. 0x92, 0x80, 0x89, 0x3b, 0x39, 0x05, 0x6c, 0x22,
  17490. 0x26, 0xfe, 0x5a, 0x28, 0x6c, 0x37, 0x50, 0x5a,
  17491. 0x38, 0x99, 0xcf, 0xf3, 0xc1, 0x96, 0x45, 0xdc,
  17492. 0x01, 0xcb, 0x20, 0x87, 0xa5, 0x00, 0x8c, 0xf5,
  17493. 0x4d, 0xc2, 0xef, 0xb8, 0x9b, 0xd1, 0x87, 0xbe,
  17494. 0xed, 0xd5, 0x0a, 0x29, 0x15, 0x34, 0x59, 0x4c,
  17495. 0x3a, 0x05, 0x22, 0x05, 0x44, 0x4f, 0x9f, 0xc8,
  17496. 0x47, 0x12, 0x24, 0x8e, 0xa8, 0x79, 0xe4, 0x67,
  17497. 0xba, 0x4d, 0x5b, 0x75, 0x56, 0x95, 0xeb, 0xe8,
  17498. 0x8a, 0xfa, 0x8e, 0x01, 0x8c, 0x1b, 0x74, 0x63,
  17499. 0xd9, 0x2f, 0xf7, 0xd3, 0x44, 0x8f, 0xa8, 0xf5,
  17500. 0xaf, 0x6c, 0x4f, 0xdb, 0xe7, 0xc9, 0x6c, 0x71,
  17501. 0x22, 0xa3, 0x1d, 0xf1, 0x40, 0xb2, 0xe0, 0x9a,
  17502. 0xb6, 0x72, 0xc9, 0xc0, 0x13, 0x16, 0xa2, 0x4a,
  17503. 0xe1, 0x92, 0xc7, 0x54, 0x23, 0xab, 0x9d, 0xa1,
  17504. 0xa1, 0xe5, 0x0b, 0xed, 0xba, 0xe8, 0x84, 0x37,
  17505. 0xb2, 0xe7, 0xfe, 0x32, 0x8d, 0xfa, 0x1c, 0x53,
  17506. 0x77, 0x97, 0xc7, 0xf3, 0x48, 0xc9, 0xdb, 0x2d,
  17507. 0x75, 0x52, 0x9d, 0x42, 0x51, 0x78, 0x62, 0x68,
  17508. 0x05, 0x45, 0x15, 0xf8, 0xa2, 0x4e, 0xf3, 0x0b
  17509. };
  17510. WOLFSSL_SMALL_STACK_STATIC const byte q[] = {
  17511. 0xe0, 0x35, 0x37, 0xaf, 0xb2, 0x50, 0x91, 0x8e,
  17512. 0xf2, 0x62, 0x2b, 0xd9, 0x9f, 0x6c, 0x11, 0x75,
  17513. 0xec, 0x24, 0x5d, 0x78, 0x59, 0xe7, 0x8d, 0xb5,
  17514. 0x40, 0x52, 0xed, 0x41
  17515. };
  17516. WOLFSSL_SMALL_STACK_STATIC const byte q0[] = {
  17517. 0x00,
  17518. 0xe0, 0x35, 0x37, 0xaf, 0xb2, 0x50, 0x91, 0x8e,
  17519. 0xf2, 0x62, 0x2b, 0xd9, 0x9f, 0x6c, 0x11, 0x75,
  17520. 0xec, 0x24, 0x5d, 0x78, 0x59, 0xe7, 0x8d, 0xb5,
  17521. 0x40, 0x52, 0xed, 0x41
  17522. };
  17523. byte priv[256];
  17524. byte pub[256];
  17525. word32 privSz = sizeof(priv);
  17526. word32 pubSz = sizeof(pub);
  17527. #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
  17528. if (key == NULL)
  17529. ERROR_OUT(MEMORY_E, exit_gen_test);
  17530. #endif
  17531. /* Parameter Validation testing. */
  17532. ret = wc_DhGenerateKeyPair(NULL, rng, priv, &privSz, pub, &pubSz);
  17533. if (ret != BAD_FUNC_ARG)
  17534. ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_gen_test);
  17535. ret = wc_DhGenerateKeyPair(key, NULL, priv, &privSz, pub, &pubSz);
  17536. if (ret != BAD_FUNC_ARG)
  17537. ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_gen_test);
  17538. ret = wc_DhGenerateKeyPair(key, rng, NULL, &privSz, pub, &pubSz);
  17539. if (ret != BAD_FUNC_ARG)
  17540. ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_gen_test);
  17541. ret = wc_DhGenerateKeyPair(key, rng, priv, NULL, pub, &pubSz);
  17542. if (ret != BAD_FUNC_ARG)
  17543. ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_gen_test);
  17544. ret = wc_DhGenerateKeyPair(key, rng, priv, &privSz, NULL, &pubSz);
  17545. if (ret != BAD_FUNC_ARG)
  17546. ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_gen_test);
  17547. ret = wc_DhGenerateKeyPair(key, rng, priv, &privSz, pub, NULL);
  17548. if (ret != BAD_FUNC_ARG)
  17549. ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_gen_test);
  17550. ret = wc_InitDhKey_ex(key, HEAP_HINT, devId);
  17551. if (ret != 0)
  17552. ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_gen_test);
  17553. ret = wc_DhSetKey_ex(key, p, sizeof(p), g, sizeof(g), q0, sizeof(q0));
  17554. if (ret != 0)
  17555. ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_gen_test);
  17556. wc_FreeDhKey(key);
  17557. ret = wc_InitDhKey_ex(key, HEAP_HINT, devId);
  17558. if (ret != 0)
  17559. ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_gen_test);
  17560. ret = wc_DhSetKey_ex(key, p, sizeof(p), g, sizeof(g), q, sizeof(q));
  17561. if (ret != 0)
  17562. ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_gen_test);
  17563. /* Use API. */
  17564. ret = wc_DhGenerateKeyPair(key, rng, priv, &privSz, pub, &pubSz);
  17565. #if defined(WOLFSSL_ASYNC_CRYPT)
  17566. ret = wc_AsyncWait(ret, &key->asyncDev, WC_ASYNC_FLAG_NONE);
  17567. #endif
  17568. if (ret != 0)
  17569. ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_gen_test);
  17570. ret = wc_DhCheckPubKey_ex(key, pub, pubSz, q0, sizeof(q0));
  17571. if (ret != 0)
  17572. ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_gen_test);
  17573. wc_FreeDhKey(key);
  17574. ret = wc_InitDhKey_ex(key, HEAP_HINT, devId);
  17575. if (ret != 0)
  17576. ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_gen_test);
  17577. ret = wc_DhSetKey(key, p, sizeof(p), g, sizeof(g));
  17578. if (ret != 0)
  17579. ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_gen_test);
  17580. ret = wc_DhCheckPubKey_ex(key, pub, pubSz, q, sizeof(q));
  17581. if (ret != 0)
  17582. ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_gen_test);
  17583. #ifndef HAVE_SELFTEST
  17584. ret = wc_DhCheckKeyPair(key, pub, pubSz, priv, privSz);
  17585. if (ret != 0)
  17586. ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_gen_test);
  17587. /* Taint the public key so the check fails. */
  17588. pub[0]++;
  17589. ret = wc_DhCheckKeyPair(key, pub, pubSz, priv, privSz);
  17590. if (ret != MP_CMP_E) {
  17591. ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_gen_test);
  17592. }
  17593. #ifdef WOLFSSL_KEY_GEN
  17594. wc_FreeDhKey(key);
  17595. ret = wc_InitDhKey_ex(key, HEAP_HINT, devId);
  17596. if (ret != 0)
  17597. ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_gen_test);
  17598. ret = wc_DhGenerateParams(rng, 2048, key);
  17599. if (ret != 0)
  17600. ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_gen_test);
  17601. privSz = sizeof(priv);
  17602. pubSz = sizeof(pub);
  17603. ret = wc_DhGenerateKeyPair(key, rng, priv, &privSz, pub, &pubSz);
  17604. #if defined(WOLFSSL_ASYNC_CRYPT)
  17605. ret = wc_AsyncWait(ret, &key->asyncDev, WC_ASYNC_FLAG_NONE);
  17606. #endif
  17607. if (ret != 0)
  17608. ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_gen_test);
  17609. #endif /* WOLFSSL_KEY_GEN */
  17610. #endif /* HAVE_SELFTEST */
  17611. ret = 0;
  17612. exit_gen_test:
  17613. #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
  17614. if (key) {
  17615. wc_FreeDhKey(key);
  17616. XFREE(key, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  17617. }
  17618. #else
  17619. wc_FreeDhKey(key);
  17620. #endif
  17621. return ret;
  17622. }
  17623. static wc_test_ret_t dh_generate_test(WC_RNG *rng)
  17624. {
  17625. wc_test_ret_t ret = 0;
  17626. #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
  17627. DhKey *smallKey = NULL;
  17628. #else
  17629. DhKey smallKey[1];
  17630. #endif
  17631. byte p[2] = { 1, 7 }; /* 263 in decimal */
  17632. byte g[2] = { 0, 2 };
  17633. #if !defined(WOLFSSL_SP_MATH) && !defined(HAVE_FFDHE)
  17634. #ifdef WOLFSSL_DH_CONST
  17635. /* the table for constant DH lookup will round to the lowest byte size 21 */
  17636. byte priv[21];
  17637. byte pub[21];
  17638. #else
  17639. byte priv[2];
  17640. byte pub[2];
  17641. #endif
  17642. word32 privSz = sizeof(priv);
  17643. word32 pubSz = sizeof(pub);
  17644. #endif
  17645. int smallKey_inited = 0;
  17646. #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
  17647. if ((smallKey = (DhKey *)XMALLOC(sizeof(*smallKey), HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER)) == NULL)
  17648. return WC_TEST_RET_ENC_ERRNO;
  17649. #endif
  17650. ret = wc_InitDhKey_ex(smallKey, HEAP_HINT, devId);
  17651. if (ret != 0)
  17652. ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_gen_test);
  17653. smallKey_inited = 1;
  17654. /* Parameter Validation testing. */
  17655. ret = wc_InitDhKey_ex(NULL, HEAP_HINT, devId);
  17656. if (ret != BAD_FUNC_ARG)
  17657. return WC_TEST_RET_ENC_EC(ret);
  17658. wc_FreeDhKey(NULL);
  17659. ret = wc_DhSetKey(NULL, p, sizeof(p), g, sizeof(g));
  17660. if (ret != BAD_FUNC_ARG) {
  17661. ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_gen_test);
  17662. }
  17663. ret = wc_DhSetKey(smallKey, NULL, sizeof(p), g, sizeof(g));
  17664. if (ret != BAD_FUNC_ARG) {
  17665. ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_gen_test);
  17666. }
  17667. ret = wc_DhSetKey(smallKey, p, 0, g, sizeof(g));
  17668. if (ret != BAD_FUNC_ARG) {
  17669. ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_gen_test);
  17670. }
  17671. ret = wc_DhSetKey(smallKey, p, sizeof(p), NULL, sizeof(g));
  17672. if (ret != BAD_FUNC_ARG) {
  17673. ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_gen_test);
  17674. }
  17675. ret = wc_DhSetKey(smallKey, p, sizeof(p), g, 0);
  17676. if (ret != BAD_FUNC_ARG) {
  17677. ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_gen_test);
  17678. }
  17679. ret = wc_DhSetKey(smallKey, p, sizeof(p), g, sizeof(g));
  17680. if (ret != 0)
  17681. ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_gen_test);
  17682. #if !defined(WOLFSSL_SP_MATH) && !defined(HAVE_FFDHE)
  17683. /* Use API. */
  17684. ret = wc_DhGenerateKeyPair(smallKey, rng, priv, &privSz, pub, &pubSz);
  17685. #if defined(WOLFSSL_ASYNC_CRYPT)
  17686. ret = wc_AsyncWait(ret, &smallKey->asyncDev, WC_ASYNC_FLAG_NONE);
  17687. #endif
  17688. if (ret != 0) {
  17689. ret = WC_TEST_RET_ENC_EC(ret);
  17690. }
  17691. #else
  17692. (void)rng;
  17693. #if defined(HAVE_FIPS) || !defined(WOLFSSL_NO_DH186)
  17694. ret = 0;
  17695. #endif
  17696. #endif
  17697. #if !defined(HAVE_FIPS) && defined(WOLFSSL_NO_DH186)
  17698. {
  17699. byte priv[260];
  17700. byte pub[260];
  17701. word32 privSz = sizeof(priv);
  17702. word32 pubSz = sizeof(pub);
  17703. /* test odd ball param generation with DH */
  17704. wc_FreeDhKey(smallKey);
  17705. ret = wc_InitDhKey_ex(smallKey, HEAP_HINT, devId);
  17706. if (ret != 0)
  17707. ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_gen_test);
  17708. ret = wc_DhGenerateParams(rng, 2056, smallKey);
  17709. if (ret != 0)
  17710. ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_gen_test);
  17711. privSz = sizeof(priv);
  17712. pubSz = sizeof(pub);
  17713. ret = wc_DhGenerateKeyPair(smallKey, rng, priv, &privSz, pub, &pubSz);
  17714. #if defined(WOLFSSL_ASYNC_CRYPT)
  17715. ret = wc_AsyncWait(ret, &smallKey->asyncDev, WC_ASYNC_FLAG_NONE);
  17716. #endif
  17717. if (ret != 0)
  17718. ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_gen_test);
  17719. }
  17720. #endif /* !HAVE_FIPS and WOLFSSL_NO_DH186 */
  17721. exit_gen_test:
  17722. if (smallKey_inited)
  17723. wc_FreeDhKey(smallKey);
  17724. #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
  17725. if (smallKey != NULL)
  17726. XFREE(smallKey, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  17727. #endif
  17728. return ret;
  17729. }
  17730. #if !defined(HAVE_FIPS) && !defined(HAVE_SELFTEST)
  17731. typedef struct dh_pubvalue_test {
  17732. const byte* data;
  17733. word32 len;
  17734. } dh_pubvalue_test;
  17735. static wc_test_ret_t dh_test_check_pubvalue(void)
  17736. {
  17737. wc_test_ret_t ret;
  17738. word32 i;
  17739. WOLFSSL_SMALL_STACK_STATIC const byte prime[] = {0x01, 0x00, 0x01};
  17740. WOLFSSL_SMALL_STACK_STATIC const byte pubValZero[] = { 0x00 };
  17741. WOLFSSL_SMALL_STACK_STATIC const byte pubValZeroLong[] = { 0x00, 0x00, 0x00 };
  17742. WOLFSSL_SMALL_STACK_STATIC const byte pubValOne[] = { 0x01 };
  17743. WOLFSSL_SMALL_STACK_STATIC const byte pubValOneLong[] = { 0x00, 0x00, 0x01 };
  17744. WOLFSSL_SMALL_STACK_STATIC const byte pubValPrimeMinusOne[] = { 0x01, 0x00, 0x00 };
  17745. WOLFSSL_SMALL_STACK_STATIC const byte pubValPrimeLong[] = {0x00, 0x01, 0x00, 0x01};
  17746. WOLFSSL_SMALL_STACK_STATIC const byte pubValPrimePlusOne[] = { 0x01, 0x00, 0x02 };
  17747. WOLFSSL_SMALL_STACK_STATIC const byte pubValTooBig0[] = { 0x02, 0x00, 0x01 };
  17748. WOLFSSL_SMALL_STACK_STATIC const byte pubValTooBig1[] = { 0x01, 0x01, 0x01 };
  17749. WOLFSSL_SMALL_STACK_STATIC const byte pubValTooLong[] = { 0x01, 0x00, 0x00, 0x01 };
  17750. const dh_pubvalue_test dh_pubval_fail[] = {
  17751. { prime, sizeof(prime) },
  17752. { pubValZero, sizeof(pubValZero) },
  17753. { pubValZeroLong, sizeof(pubValZeroLong) },
  17754. { pubValOne, sizeof(pubValOne) },
  17755. { pubValOneLong, sizeof(pubValOneLong) },
  17756. { pubValPrimeMinusOne, sizeof(pubValPrimeMinusOne) },
  17757. { pubValPrimeLong, sizeof(pubValPrimeLong) },
  17758. { pubValPrimePlusOne, sizeof(pubValPrimePlusOne) },
  17759. { pubValTooBig0, sizeof(pubValTooBig0) },
  17760. { pubValTooBig1, sizeof(pubValTooBig1) },
  17761. { pubValTooLong, sizeof(pubValTooLong) },
  17762. };
  17763. WOLFSSL_SMALL_STACK_STATIC const byte pubValTwo[] = { 0x02 };
  17764. WOLFSSL_SMALL_STACK_STATIC const byte pubValTwoLong[] = { 0x00, 0x00, 0x02 };
  17765. WOLFSSL_SMALL_STACK_STATIC const byte pubValGood[] = { 0x12, 0x34 };
  17766. WOLFSSL_SMALL_STACK_STATIC const byte pubValGoodLen[] = { 0x00, 0x12, 0x34 };
  17767. WOLFSSL_SMALL_STACK_STATIC const byte pubValGoodLong[] = { 0x00, 0x00, 0x12, 0x34 };
  17768. const dh_pubvalue_test dh_pubval_pass[] = {
  17769. { pubValTwo, sizeof(pubValTwo) },
  17770. { pubValTwoLong, sizeof(pubValTwoLong) },
  17771. { pubValGood, sizeof(pubValGood) },
  17772. { pubValGoodLen, sizeof(pubValGoodLen) },
  17773. { pubValGoodLong, sizeof(pubValGoodLong) },
  17774. };
  17775. for (i = 0; i < sizeof(dh_pubval_fail) / sizeof(*dh_pubval_fail); i++) {
  17776. ret = wc_DhCheckPubValue(prime, sizeof(prime), dh_pubval_fail[i].data,
  17777. dh_pubval_fail[i].len);
  17778. if (ret != MP_VAL)
  17779. return WC_TEST_RET_ENC_I(i);
  17780. }
  17781. for (i = 0; i < sizeof(dh_pubval_pass) / sizeof(*dh_pubval_pass); i++) {
  17782. ret = wc_DhCheckPubValue(prime, sizeof(prime), dh_pubval_pass[i].data,
  17783. dh_pubval_pass[i].len);
  17784. if (ret != 0)
  17785. return WC_TEST_RET_ENC_I(i);
  17786. }
  17787. return 0;
  17788. }
  17789. #endif
  17790. #if defined(HAVE_FFDHE)
  17791. #if defined(HAVE_FFDHE_4096)
  17792. #define MAX_DH_PRIV_SZ 39
  17793. #define MAX_DH_KEY_SZ 512
  17794. #elif defined(HAVE_FFDHE_3072)
  17795. #define MAX_DH_PRIV_SZ 34
  17796. #define MAX_DH_KEY_SZ 384
  17797. #else
  17798. #define MAX_DH_PRIV_SZ 29
  17799. #define MAX_DH_KEY_SZ 256
  17800. #endif
  17801. #ifndef WC_NO_RNG
  17802. #if !(defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION == 2) && \
  17803. (defined(WOLFSSL_SP_ARM64_ASM) || defined(WOLFSSL_SP_ARM32_ASM)))
  17804. #ifdef HAVE_PUBLIC_FFDHE
  17805. static wc_test_ret_t dh_ffdhe_test(WC_RNG *rng, const DhParams* params)
  17806. #else
  17807. static wc_test_ret_t dh_ffdhe_test(WC_RNG *rng, int name)
  17808. #endif
  17809. {
  17810. wc_test_ret_t ret;
  17811. word32 privSz, pubSz, privSz2, pubSz2;
  17812. #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
  17813. byte *priv = (byte*)XMALLOC(MAX_DH_PRIV_SZ, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  17814. byte *pub = (byte*)XMALLOC(MAX_DH_KEY_SZ, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  17815. byte *priv2 = (byte*)XMALLOC(MAX_DH_PRIV_SZ, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  17816. byte *pub2 = (byte*)XMALLOC(MAX_DH_KEY_SZ, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  17817. byte *agree = (byte*)XMALLOC(MAX_DH_KEY_SZ, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  17818. byte *agree2 = (byte*)XMALLOC(MAX_DH_KEY_SZ, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  17819. DhKey *key = (DhKey*)XMALLOC(sizeof(*key), HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  17820. DhKey *key2 = (DhKey*)XMALLOC(sizeof(*key2), HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  17821. #else
  17822. byte priv[MAX_DH_PRIV_SZ];
  17823. byte pub[MAX_DH_KEY_SZ];
  17824. byte priv2[MAX_DH_PRIV_SZ];
  17825. byte pub2[MAX_DH_KEY_SZ];
  17826. byte agree[MAX_DH_KEY_SZ];
  17827. byte agree2[MAX_DH_KEY_SZ];
  17828. DhKey key[1];
  17829. DhKey key2[1];
  17830. #endif
  17831. word32 agreeSz = MAX_DH_KEY_SZ;
  17832. word32 agreeSz2 = MAX_DH_KEY_SZ;
  17833. #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
  17834. if ((priv == NULL) ||
  17835. (pub == NULL) ||
  17836. (priv2 == NULL) ||
  17837. (pub2 == NULL) ||
  17838. (agree == NULL) ||
  17839. (agree2 == NULL) ||
  17840. (key == NULL) ||
  17841. (key2 == NULL))
  17842. ERROR_OUT(WC_TEST_RET_ENC_NC, done);
  17843. #endif
  17844. pubSz = MAX_DH_KEY_SZ;
  17845. pubSz2 = MAX_DH_KEY_SZ;
  17846. #ifdef HAVE_PUBLIC_FFDHE
  17847. privSz = MAX_DH_PRIV_SZ;
  17848. privSz2 = MAX_DH_PRIV_SZ;
  17849. #else
  17850. privSz = wc_DhGetNamedKeyMinSize(name);
  17851. privSz2 = privSz;
  17852. #endif
  17853. XMEMSET(key, 0, sizeof(*key));
  17854. XMEMSET(key2, 0, sizeof(*key2));
  17855. ret = wc_InitDhKey_ex(key, HEAP_HINT, devId);
  17856. if (ret != 0)
  17857. ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done);
  17858. ret = wc_InitDhKey_ex(key2, HEAP_HINT, devId);
  17859. if (ret != 0)
  17860. ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done);
  17861. #ifdef HAVE_PUBLIC_FFDHE
  17862. ret = wc_DhSetKey(key, params->p, params->p_len, params->g, params->g_len);
  17863. #else
  17864. ret = wc_DhSetNamedKey(key, name);
  17865. #endif
  17866. if (ret != 0)
  17867. ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done);
  17868. #ifdef HAVE_PUBLIC_FFDHE
  17869. ret = wc_DhSetKey(key2, params->p, params->p_len, params->g,
  17870. params->g_len);
  17871. #else
  17872. ret = wc_DhSetNamedKey(key2, name);
  17873. #endif
  17874. if (ret != 0)
  17875. ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done);
  17876. ret = wc_DhGenerateKeyPair(key, rng, priv, &privSz, pub, &pubSz);
  17877. #if defined(WOLFSSL_ASYNC_CRYPT)
  17878. ret = wc_AsyncWait(ret, &key->asyncDev, WC_ASYNC_FLAG_NONE);
  17879. #endif
  17880. if (ret != 0)
  17881. ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done);
  17882. ret = wc_DhGenerateKeyPair(key2, rng, priv2, &privSz2, pub2, &pubSz2);
  17883. #if defined(WOLFSSL_ASYNC_CRYPT)
  17884. ret = wc_AsyncWait(ret, &key2->asyncDev, WC_ASYNC_FLAG_NONE);
  17885. #endif
  17886. if (ret != 0)
  17887. ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done);
  17888. ret = wc_DhAgree(key, agree, &agreeSz, priv, privSz, pub2, pubSz2);
  17889. #if defined(WOLFSSL_ASYNC_CRYPT)
  17890. ret = wc_AsyncWait(ret, &key->asyncDev, WC_ASYNC_FLAG_NONE);
  17891. #endif
  17892. if (ret != 0)
  17893. ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done);
  17894. ret = wc_DhAgree(key2, agree2, &agreeSz2, priv2, privSz2, pub, pubSz);
  17895. #if defined(WOLFSSL_ASYNC_CRYPT)
  17896. ret = wc_AsyncWait(ret, &key2->asyncDev, WC_ASYNC_FLAG_NONE);
  17897. #endif
  17898. if (ret != 0)
  17899. ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done);
  17900. if (agreeSz != agreeSz2 || XMEMCMP(agree, agree2, agreeSz)) {
  17901. ERROR_OUT(WC_TEST_RET_ENC_NC, done);
  17902. }
  17903. #if (defined(WOLFSSL_HAVE_SP_DH) || defined(USE_FAST_MATH)) && \
  17904. !defined(HAVE_INTEL_QA)
  17905. /* Make p even */
  17906. key->p.dp[0] &= (mp_digit)-2;
  17907. if (ret != 0)
  17908. ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done);
  17909. ret = wc_DhGenerateKeyPair(key, rng, priv, &privSz, pub, &pubSz);
  17910. #if defined(WOLFSSL_ASYNC_CRYPT)
  17911. ret = wc_AsyncWait(ret, &key->asyncDev, WC_ASYNC_FLAG_NONE);
  17912. #endif
  17913. if (ret != MP_VAL && ret != MP_EXPTMOD_E) {
  17914. ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done);
  17915. }
  17916. ret = wc_DhAgree(key, agree, &agreeSz, priv, privSz, pub2, pubSz2);
  17917. #if defined(WOLFSSL_ASYNC_CRYPT)
  17918. ret = wc_AsyncWait(ret, &key->asyncDev, WC_ASYNC_FLAG_NONE);
  17919. #endif
  17920. if (ret != MP_VAL && ret != MP_EXPTMOD_E && ret != ASYNC_OP_E) {
  17921. ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done);
  17922. }
  17923. #ifndef HAVE_SELFTEST
  17924. ret = wc_DhCheckKeyPair(key, pub, pubSz, priv, privSz);
  17925. if (ret != MP_VAL && ret != MP_EXPTMOD_E && ret != MP_CMP_E &&
  17926. ret != ASYNC_OP_E) {
  17927. ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done);
  17928. }
  17929. #endif
  17930. /* Getting here means success - set ret to 0. */
  17931. ret = 0;
  17932. #endif /* (SP DH or Fast Math) and not Intel QuickAssist */
  17933. done:
  17934. #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC) && \
  17935. !defined(WC_NO_RNG)
  17936. if (priv)
  17937. XFREE(priv, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  17938. if (pub)
  17939. XFREE(pub, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  17940. if (priv2)
  17941. XFREE(priv2, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  17942. if (pub2)
  17943. XFREE(pub2, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  17944. if (agree)
  17945. XFREE(agree, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  17946. if (agree2)
  17947. XFREE(agree2, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  17948. if (key) {
  17949. wc_FreeDhKey(key);
  17950. XFREE(key, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  17951. }
  17952. if (key2) {
  17953. wc_FreeDhKey(key2);
  17954. XFREE(key2, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  17955. }
  17956. #else
  17957. wc_FreeDhKey(key);
  17958. wc_FreeDhKey(key2);
  17959. #endif
  17960. return ret;
  17961. }
  17962. #endif /* !(HAVE_FIPS_VERSION == 2 && WOLFSSL_SP_ARMxx_ASM) */
  17963. #endif /* !WC_NO_RNG */
  17964. #endif /* HAVE_FFDHE */
  17965. WOLFSSL_TEST_SUBROUTINE wc_test_ret_t dh_test(void)
  17966. {
  17967. wc_test_ret_t ret;
  17968. word32 bytes;
  17969. word32 idx = 0, privSz, pubSz, privSz2, pubSz2;
  17970. #ifndef WC_NO_RNG
  17971. WC_RNG rng;
  17972. int rngInit = 0;
  17973. #endif
  17974. int keyInit = 0, key2Init = 0;
  17975. #define DH_TEST_TMP_SIZE 1024
  17976. #if !defined(USE_CERT_BUFFERS_3072) && !defined(USE_CERT_BUFFERS_4096)
  17977. #define DH_TEST_BUF_SIZE 256
  17978. #else
  17979. #define DH_TEST_BUF_SIZE 512
  17980. #endif
  17981. #ifndef WC_NO_RNG
  17982. word32 agreeSz = DH_TEST_BUF_SIZE;
  17983. word32 agreeSz2 = DH_TEST_BUF_SIZE;
  17984. #endif
  17985. #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
  17986. DhKey *key = (DhKey *)XMALLOC(sizeof *key, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  17987. DhKey *key2 = (DhKey *)XMALLOC(sizeof *key2, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  17988. byte *tmp = (byte *)XMALLOC(DH_TEST_TMP_SIZE, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  17989. #else
  17990. DhKey key[1];
  17991. DhKey key2[1];
  17992. byte tmp[DH_TEST_TMP_SIZE];
  17993. #endif
  17994. #ifndef WC_NO_RNG
  17995. #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
  17996. byte *priv = (byte *)XMALLOC(DH_TEST_BUF_SIZE, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  17997. byte *pub = (byte *)XMALLOC(DH_TEST_BUF_SIZE, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  17998. byte *priv2 = (byte *)XMALLOC(DH_TEST_BUF_SIZE, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  17999. byte *pub2 = (byte *)XMALLOC(DH_TEST_BUF_SIZE, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  18000. byte *agree = (byte *)XMALLOC(DH_TEST_BUF_SIZE, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  18001. byte *agree2 = (byte *)XMALLOC(DH_TEST_BUF_SIZE, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  18002. if (priv == NULL || pub == NULL || priv2 == NULL || pub2 == NULL ||
  18003. agree == NULL || agree2 == NULL) {
  18004. ERROR_OUT(WC_TEST_RET_ENC_ERRNO, done);
  18005. }
  18006. #else
  18007. byte priv[DH_TEST_BUF_SIZE];
  18008. byte pub[DH_TEST_BUF_SIZE];
  18009. byte priv2[DH_TEST_BUF_SIZE];
  18010. byte pub2[DH_TEST_BUF_SIZE];
  18011. byte agree[DH_TEST_BUF_SIZE];
  18012. byte agree2[DH_TEST_BUF_SIZE];
  18013. #endif
  18014. #endif /* !WC_NO_RNG */
  18015. #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
  18016. if (key == NULL || key2 == NULL || tmp == NULL) {
  18017. ERROR_OUT(WC_TEST_RET_ENC_ERRNO, done);
  18018. }
  18019. #endif
  18020. #ifdef USE_CERT_BUFFERS_1024
  18021. XMEMCPY(tmp, dh_key_der_1024, (size_t)sizeof_dh_key_der_1024);
  18022. bytes = (size_t)sizeof_dh_key_der_1024;
  18023. #elif defined(USE_CERT_BUFFERS_2048)
  18024. XMEMCPY(tmp, dh_key_der_2048, (size_t)sizeof_dh_key_der_2048);
  18025. bytes = (size_t)sizeof_dh_key_der_2048;
  18026. #elif defined(USE_CERT_BUFFERS_3072)
  18027. XMEMCPY(tmp, dh_key_der_3072, (size_t)sizeof_dh_key_der_3072);
  18028. bytes = (size_t)sizeof_dh_key_der_3072;
  18029. #elif defined(USE_CERT_BUFFERS_4096)
  18030. XMEMCPY(tmp, dh_key_der_4096, (size_t)sizeof_dh_key_der_4096);
  18031. bytes = (size_t)sizeof_dh_key_der_4096;
  18032. #elif defined(NO_ASN)
  18033. /* don't use file, no DER parsing */
  18034. #elif !defined(NO_FILESYSTEM)
  18035. {
  18036. XFILE file = XFOPEN(dhParamsFile, "rb");
  18037. if (! file)
  18038. ERROR_OUT(WC_TEST_RET_ENC_ERRNO, done);
  18039. bytes = (word32) XFREAD(tmp, 1, DH_TEST_TMP_SIZE, file);
  18040. XFCLOSE(file);
  18041. if (bytes == 0)
  18042. ERROR_OUT(WC_TEST_RET_ENC_ERRNO, done);
  18043. }
  18044. #else
  18045. /* No DH key to use. */
  18046. ERROR_OUT(WC_TEST_RET_ENC_NC, done);
  18047. #endif /* USE_CERT_BUFFERS */
  18048. (void)idx;
  18049. (void)tmp;
  18050. (void)bytes;
  18051. pubSz = DH_TEST_BUF_SIZE;
  18052. pubSz2 = DH_TEST_BUF_SIZE;
  18053. privSz = DH_TEST_BUF_SIZE;
  18054. privSz2 = DH_TEST_BUF_SIZE;
  18055. #ifndef WC_NO_RNG
  18056. XMEMSET(&rng, 0, sizeof(rng));
  18057. #endif
  18058. /* Use API for coverage. */
  18059. ret = wc_InitDhKey(key);
  18060. if (ret != 0)
  18061. ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done);
  18062. wc_FreeDhKey(key);
  18063. ret = wc_InitDhKey_ex(key, HEAP_HINT, devId);
  18064. if (ret != 0)
  18065. ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done);
  18066. keyInit = 1;
  18067. ret = wc_InitDhKey_ex(key2, HEAP_HINT, devId);
  18068. if (ret != 0)
  18069. ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done);
  18070. key2Init = 1;
  18071. #ifdef NO_ASN
  18072. #ifndef WOLFSSL_SP_MATH
  18073. ret = wc_DhSetKey(key, dh_p, sizeof(dh_p), dh_g, sizeof(dh_g));
  18074. if (ret != 0)
  18075. ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done);
  18076. ret = wc_DhSetKey(key2, dh_p, sizeof(dh_p), dh_g, sizeof(dh_g));
  18077. if (ret != 0)
  18078. ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done);
  18079. #else
  18080. ret = wc_DhSetKey(key, dh2048_p, sizeof(dh2048_p), dh2048_g,
  18081. sizeof(dh2048_g));
  18082. if (ret != 0)
  18083. ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done);
  18084. ret = wc_DhSetKey(key2, dh2048_p, sizeof(dh2048_p), dh2048_g,
  18085. sizeof(dh2048_g));
  18086. if (ret != 0)
  18087. ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done);
  18088. #endif
  18089. #else
  18090. ret = wc_DhKeyDecode(tmp, &idx, key, bytes);
  18091. if (ret != 0)
  18092. ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done);
  18093. idx = 0;
  18094. ret = wc_DhKeyDecode(tmp, &idx, key2, bytes);
  18095. if (ret != 0)
  18096. ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done);
  18097. #endif
  18098. #ifndef WC_NO_RNG
  18099. #ifndef HAVE_FIPS
  18100. ret = wc_InitRng_ex(&rng, HEAP_HINT, devId);
  18101. #else
  18102. ret = wc_InitRng(&rng);
  18103. #endif
  18104. if (ret != 0)
  18105. ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done);
  18106. rngInit = 1;
  18107. ret = wc_DhGenerateKeyPair(key, &rng, priv, &privSz, pub, &pubSz);
  18108. #if defined(WOLFSSL_ASYNC_CRYPT)
  18109. ret = wc_AsyncWait(ret, &key->asyncDev, WC_ASYNC_FLAG_NONE);
  18110. #endif
  18111. if (ret != 0)
  18112. ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done);
  18113. ret = wc_DhGenerateKeyPair(key2, &rng, priv2, &privSz2, pub2, &pubSz2);
  18114. #if defined(WOLFSSL_ASYNC_CRYPT)
  18115. ret = wc_AsyncWait(ret, &key2->asyncDev, WC_ASYNC_FLAG_NONE);
  18116. #endif
  18117. if (ret != 0)
  18118. ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done);
  18119. ret = wc_DhAgree(key, agree, &agreeSz, priv, privSz, pub2, pubSz2);
  18120. #if defined(WOLFSSL_ASYNC_CRYPT)
  18121. ret = wc_AsyncWait(ret, &key->asyncDev, WC_ASYNC_FLAG_NONE);
  18122. #endif
  18123. if (ret != 0)
  18124. ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done);
  18125. ret = wc_DhAgree(key2, agree2, &agreeSz2, priv2, privSz2, pub, pubSz);
  18126. #if defined(WOLFSSL_ASYNC_CRYPT)
  18127. ret = wc_AsyncWait(ret, &key2->asyncDev, WC_ASYNC_FLAG_NONE);
  18128. #endif
  18129. if (ret != 0)
  18130. ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done);
  18131. if (agreeSz != agreeSz2 || XMEMCMP(agree, agree2, agreeSz)) {
  18132. ERROR_OUT(WC_TEST_RET_ENC_NC, done);
  18133. }
  18134. #endif /* !WC_NO_RNG */
  18135. #if defined(WOLFSSL_KEY_GEN) && !defined(HAVE_FIPS) && !defined(HAVE_SELFTEST)
  18136. ret = wc_DhCheckPrivKey(NULL, NULL, 0);
  18137. if (ret != BAD_FUNC_ARG)
  18138. ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done);
  18139. ret = wc_DhCheckPrivKey(key, priv, privSz);
  18140. if (ret != 0)
  18141. ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done);
  18142. ret = wc_DhExportParamsRaw(NULL, NULL, NULL, NULL, NULL, NULL, NULL);
  18143. if (ret != BAD_FUNC_ARG)
  18144. ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done);
  18145. {
  18146. word32 pSz, qSz, gSz;
  18147. ret = wc_DhExportParamsRaw(key, NULL, &pSz, NULL, &qSz, NULL, &gSz);
  18148. if (ret != LENGTH_ONLY_E)
  18149. ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done);
  18150. }
  18151. #endif
  18152. /* Test DH key import / export */
  18153. #if defined(WOLFSSL_DH_EXTRA) && !defined(NO_FILESYSTEM) && \
  18154. (!defined(HAVE_FIPS) || \
  18155. (defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION > 2)))
  18156. wc_FreeDhKey(key);
  18157. ret = wc_InitDhKey_ex(key, HEAP_HINT, devId);
  18158. if (ret != 0)
  18159. ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done);
  18160. #ifndef NO_ASN
  18161. {
  18162. /* DH Private - Key Export / Import */
  18163. #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
  18164. byte *tmp2;
  18165. #else
  18166. byte tmp2[DH_TEST_TMP_SIZE];
  18167. #endif
  18168. #if defined(USE_CERT_BUFFERS_2048)
  18169. XMEMCPY(tmp, dh_ffdhe_statickey_der_2048, sizeof_dh_ffdhe_statickey_der_2048);
  18170. bytes = sizeof_dh_ffdhe_statickey_der_2048;
  18171. #else
  18172. XFILE file = XFOPEN(dhKeyFile, "rb");
  18173. if (!file)
  18174. ERROR_OUT(WC_TEST_RET_ENC_ERRNO, done);
  18175. bytes = (word32)XFREAD(tmp, 1, DH_TEST_TMP_SIZE, file);
  18176. XFCLOSE(file);
  18177. if (bytes == 0)
  18178. ERROR_OUT(WC_TEST_RET_ENC_ERRNO, done);
  18179. #endif
  18180. #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
  18181. tmp2 = (byte*)XMALLOC(DH_TEST_TMP_SIZE, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  18182. if (tmp2 == NULL)
  18183. ERROR_OUT(WC_TEST_RET_ENC_ERRNO, done);
  18184. #endif
  18185. idx = 0;
  18186. XMEMSET(tmp2, 0, DH_TEST_TMP_SIZE);
  18187. /* Import DH Private key as DER */
  18188. ret = wc_DhKeyDecode(tmp, &idx, key, bytes);
  18189. if (ret == 0) {
  18190. /* Export as DER */
  18191. idx = DH_TEST_TMP_SIZE;
  18192. ret = wc_DhPrivKeyToDer(key, tmp2, &idx);
  18193. }
  18194. /* Verify export matches original */
  18195. if (ret <= 0 || bytes != idx || XMEMCMP(tmp, tmp2, bytes) != 0) {
  18196. ERROR_OUT(WC_TEST_RET_ENC_NC, done);
  18197. }
  18198. /* DH Public Key - Export / Import */
  18199. #if defined(USE_CERT_BUFFERS_2048)
  18200. XMEMCPY(tmp, dh_ffdhe_pub_statickey_der_2048, sizeof_dh_ffdhe_pub_statickey_der_2048);
  18201. bytes = sizeof_dh_ffdhe_pub_statickey_der_2048;
  18202. #else
  18203. file = XFOPEN(dhKeyPubFile, "rb");
  18204. if (!file)
  18205. ERROR_OUT(WC_TEST_RET_ENC_ERRNO, done);
  18206. bytes = (word32)XFREAD(tmp, 1, DH_TEST_TMP_SIZE, file);
  18207. XFCLOSE(file);
  18208. if (bytes == 0)
  18209. ERROR_OUT(WC_TEST_RET_ENC_ERRNO, done);
  18210. #endif
  18211. /* for HAVE_WOLF_BIGINT prevent leak */
  18212. wc_FreeDhKey(key);
  18213. (void)wc_InitDhKey_ex(key, HEAP_HINT, devId);
  18214. idx = 0;
  18215. XMEMSET(tmp2, 0, DH_TEST_TMP_SIZE);
  18216. /* Import DH Public key as DER */
  18217. ret = wc_DhKeyDecode(tmp, &idx, key, bytes);
  18218. if (ret == 0) {
  18219. /* Export as DER */
  18220. idx = DH_TEST_TMP_SIZE;
  18221. ret = wc_DhPubKeyToDer(key, tmp2, &idx);
  18222. }
  18223. /* Verify export matches original */
  18224. if (ret <= 0 || bytes != idx || XMEMCMP(tmp, tmp2, bytes) != 0) {
  18225. ERROR_OUT(WC_TEST_RET_ENC_NC, done);
  18226. }
  18227. #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
  18228. XFREE(tmp2, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  18229. #endif
  18230. }
  18231. #else
  18232. ret = wc_DhSetKey(key, dh_p, sizeof(dh_p), dh_g, sizeof(dh_g));
  18233. if (ret != 0)
  18234. ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done);
  18235. #endif /* !NO_ASN */
  18236. privSz = DH_TEST_BUF_SIZE;
  18237. pubSz = DH_TEST_BUF_SIZE;
  18238. ret = wc_DhExportKeyPair(key, priv, &privSz, pub, &pubSz);
  18239. if (ret != 0)
  18240. ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done);
  18241. ret = wc_DhImportKeyPair(key2, priv, privSz, pub, pubSz);
  18242. if (ret != 0)
  18243. ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done);
  18244. #endif /* WOLFSSL_DH_EXTRA && !NO_FILESYSTEM && !FIPS <= 2 */
  18245. #ifndef WC_NO_RNG
  18246. ret = dh_generate_test(&rng);
  18247. if (ret != 0)
  18248. ERROR_OUT(ret, done);
  18249. ret = dh_fips_generate_test(&rng);
  18250. if (ret != 0)
  18251. ERROR_OUT(ret, done);
  18252. #endif /* !WC_NO_RNG */
  18253. #if !defined(HAVE_FIPS) && !defined(HAVE_SELFTEST)
  18254. ret = dh_test_check_pubvalue();
  18255. if (ret != 0)
  18256. ERROR_OUT(ret, done);
  18257. #endif
  18258. #if !(defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION == 2) && \
  18259. (defined(WOLFSSL_SP_ARM64_ASM) || defined(WOLFSSL_SP_ARM32_ASM)))
  18260. /* RNG with DH and SP_ASM code not supported in the in-lined FIPS ASM code,
  18261. * this will be available for testing in the 140-3 module */
  18262. #ifndef WC_NO_RNG
  18263. /* Specialized code for key gen when using FFDHE-2048, FFDHE-3072 and FFDHE-4096 */
  18264. #ifdef HAVE_FFDHE_2048
  18265. #ifdef HAVE_PUBLIC_FFDHE
  18266. ret = dh_ffdhe_test(&rng, wc_Dh_ffdhe2048_Get());
  18267. #else
  18268. ret = dh_ffdhe_test(&rng, WC_FFDHE_2048);
  18269. #endif
  18270. if (ret != 0)
  18271. ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done);
  18272. #endif
  18273. #ifdef HAVE_FFDHE_3072
  18274. #ifdef HAVE_PUBLIC_FFDHE
  18275. ret = dh_ffdhe_test(&rng, wc_Dh_ffdhe3072_Get());
  18276. #else
  18277. ret = dh_ffdhe_test(&rng, WC_FFDHE_3072);
  18278. #endif
  18279. if (ret != 0)
  18280. ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done);
  18281. #endif
  18282. #ifdef HAVE_FFDHE_4096
  18283. #ifdef HAVE_PUBLIC_FFDHE
  18284. ret = dh_ffdhe_test(&rng, wc_Dh_ffdhe4096_Get());
  18285. #else
  18286. ret = dh_ffdhe_test(&rng, WC_FFDHE_4096);
  18287. #endif
  18288. if (ret != 0)
  18289. ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done);
  18290. #endif
  18291. #endif /* !WC_NO_RNG */
  18292. #endif /* HAVE_FIPS_VERSION == 2 && !WOLFSSL_SP_ARM64_ASM */
  18293. wc_FreeDhKey(key);
  18294. keyInit = 0;
  18295. #if !defined(HAVE_FIPS) && !defined(HAVE_SELFTEST) && \
  18296. !defined(WOLFSSL_OLD_PRIME_CHECK) && !defined(WC_NO_RNG)
  18297. /* Test Check Key */
  18298. ret = wc_DhSetCheckKey(key, dh_p, sizeof(dh_p), dh_g, sizeof(dh_g),
  18299. NULL, 0, 0, &rng);
  18300. if (ret != 0)
  18301. ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done);
  18302. keyInit = 1; /* DhSetCheckKey also initializes the key, free it */
  18303. #endif
  18304. done:
  18305. #ifndef WC_NO_RNG
  18306. if (rngInit)
  18307. wc_FreeRng(&rng);
  18308. #endif
  18309. #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
  18310. if (key) {
  18311. if (keyInit)
  18312. wc_FreeDhKey(key);
  18313. XFREE(key, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  18314. }
  18315. if (key2) {
  18316. if (key2Init)
  18317. wc_FreeDhKey(key2);
  18318. XFREE(key2, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  18319. }
  18320. if (tmp)
  18321. XFREE(tmp, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  18322. if (priv)
  18323. XFREE(priv, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  18324. if (pub)
  18325. XFREE(pub, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  18326. if (priv2)
  18327. XFREE(priv2, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  18328. if (pub2)
  18329. XFREE(pub2, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  18330. if (agree)
  18331. XFREE(agree, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  18332. if (agree2)
  18333. XFREE(agree2, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  18334. #else
  18335. if (keyInit)
  18336. wc_FreeDhKey(key);
  18337. if (key2Init)
  18338. wc_FreeDhKey(key2);
  18339. #endif
  18340. (void)privSz;
  18341. (void)pubSz;
  18342. (void)pubSz2;
  18343. (void)privSz2;
  18344. return ret;
  18345. #undef DH_TEST_BUF_SIZE
  18346. #undef DH_TEST_TMP_SIZE
  18347. }
  18348. #endif /* NO_DH */
  18349. #ifndef NO_DSA
  18350. WOLFSSL_TEST_SUBROUTINE wc_test_ret_t dsa_test(void)
  18351. {
  18352. wc_test_ret_t ret = 0;
  18353. int answer;
  18354. word32 bytes;
  18355. word32 idx = 0;
  18356. WC_RNG rng;
  18357. int rng_inited = 0;
  18358. wc_Sha sha;
  18359. byte hash[WC_SHA_DIGEST_SIZE];
  18360. byte signature[40];
  18361. int key_inited = 0;
  18362. #ifdef WOLFSSL_KEY_GEN
  18363. byte* der = 0;
  18364. int derIn_inited = 0;
  18365. int genKey_inited = 0;
  18366. #endif
  18367. #define DSA_TEST_TMP_SIZE 1024
  18368. #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
  18369. byte *tmp = (byte *)XMALLOC(DSA_TEST_TMP_SIZE, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  18370. DsaKey *key = (DsaKey *)XMALLOC(sizeof *key, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  18371. #ifdef WOLFSSL_KEY_GEN
  18372. DsaKey *derIn = (DsaKey *)XMALLOC(sizeof *derIn, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  18373. DsaKey *genKey = (DsaKey *)XMALLOC(sizeof *genKey, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  18374. #endif
  18375. if ((tmp == NULL) ||
  18376. (key == NULL)
  18377. #ifdef WOLFSSL_KEY_GEN
  18378. || (derIn == NULL)
  18379. || (genKey == NULL)
  18380. #endif
  18381. ) {
  18382. ret = WC_TEST_RET_ENC_NC;
  18383. goto out;
  18384. }
  18385. #else
  18386. byte tmp[1024];
  18387. DsaKey key[1];
  18388. #ifdef WOLFSSL_KEY_GEN
  18389. DsaKey derIn[1];
  18390. DsaKey genKey[1];
  18391. #endif
  18392. #endif
  18393. #ifdef USE_CERT_BUFFERS_1024
  18394. XMEMCPY(tmp, dsa_key_der_1024, sizeof_dsa_key_der_1024);
  18395. bytes = sizeof_dsa_key_der_1024;
  18396. #elif defined(USE_CERT_BUFFERS_2048)
  18397. XMEMCPY(tmp, dsa_key_der_2048, sizeof_dsa_key_der_2048);
  18398. bytes = sizeof_dsa_key_der_2048;
  18399. #else
  18400. {
  18401. XFILE file = XFOPEN(dsaKey, "rb");
  18402. if (!file)
  18403. ERROR_OUT(WC_TEST_RET_ENC_ERRNO, out);
  18404. bytes = (word32) XFREAD(tmp, 1, DSA_TEST_TMP_SIZE, file);
  18405. XFCLOSE(file);
  18406. if (bytes == 0)
  18407. ERROR_OUT(WC_TEST_RET_ENC_ERRNO, out);
  18408. }
  18409. #endif /* USE_CERT_BUFFERS */
  18410. ret = wc_InitSha_ex(&sha, HEAP_HINT, devId);
  18411. if (ret != 0)
  18412. ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
  18413. wc_ShaUpdate(&sha, tmp, bytes);
  18414. wc_ShaFinal(&sha, hash);
  18415. wc_ShaFree(&sha);
  18416. ret = wc_InitDsaKey(key);
  18417. if (ret != 0)
  18418. ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
  18419. key_inited = 1;
  18420. ret = wc_DsaPrivateKeyDecode(tmp, &idx, key, bytes);
  18421. if (ret != 0)
  18422. ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
  18423. #ifndef HAVE_FIPS
  18424. ret = wc_InitRng_ex(&rng, HEAP_HINT, devId);
  18425. #else
  18426. ret = wc_InitRng(&rng);
  18427. #endif
  18428. if (ret != 0)
  18429. ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
  18430. rng_inited = 1;
  18431. ret = wc_DsaSign(hash, signature, key, &rng);
  18432. if (ret != 0)
  18433. ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
  18434. ret = wc_DsaVerify(hash, signature, key, &answer);
  18435. if (ret != 0)
  18436. ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
  18437. if (answer != 1)
  18438. ERROR_OUT(WC_TEST_RET_ENC_NC, out);
  18439. wc_FreeDsaKey(key);
  18440. key_inited = 0;
  18441. ret = wc_InitDsaKey_h(key, NULL);
  18442. if (ret != 0)
  18443. ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
  18444. key_inited = 1;
  18445. #ifdef WOLFSSL_KEY_GEN
  18446. {
  18447. int derSz = 0;
  18448. ret = wc_InitDsaKey(genKey);
  18449. if (ret != 0)
  18450. ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
  18451. genKey_inited = 1;
  18452. ret = wc_MakeDsaParameters(&rng, 1024, genKey);
  18453. if (ret != 0)
  18454. ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
  18455. ret = wc_MakeDsaKey(&rng, genKey);
  18456. if (ret != 0)
  18457. ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
  18458. der = (byte*)XMALLOC(FOURK_BUF, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  18459. if (der == NULL)
  18460. ERROR_OUT(WC_TEST_RET_ENC_NC, out);
  18461. derSz = wc_DsaKeyToDer(genKey, der, FOURK_BUF);
  18462. if (derSz < 0)
  18463. ERROR_OUT(WC_TEST_RET_ENC_EC(derSz), out);
  18464. ret = SaveDerAndPem(der, derSz, keyDerFile, keyPemFile,
  18465. DSA_PRIVATEKEY_TYPE);
  18466. if (ret != 0)
  18467. goto out;
  18468. ret = wc_InitDsaKey(derIn);
  18469. if (ret != 0)
  18470. ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
  18471. derIn_inited = 1;
  18472. idx = 0;
  18473. ret = wc_DsaPrivateKeyDecode(der, &idx, derIn, derSz);
  18474. if (ret != 0)
  18475. ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
  18476. }
  18477. #endif /* WOLFSSL_KEY_GEN */
  18478. out:
  18479. #ifdef WOLFSSL_KEY_GEN
  18480. if (der)
  18481. XFREE(der, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  18482. #endif
  18483. #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
  18484. if (tmp)
  18485. XFREE(tmp, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  18486. if (key) {
  18487. if (key_inited)
  18488. wc_FreeDsaKey(key);
  18489. XFREE(key, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  18490. }
  18491. #ifdef WOLFSSL_KEY_GEN
  18492. if (derIn) {
  18493. if (derIn_inited)
  18494. wc_FreeDsaKey(derIn);
  18495. XFREE(derIn, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  18496. }
  18497. if (genKey) {
  18498. if (genKey_inited)
  18499. wc_FreeDsaKey(genKey);
  18500. XFREE(genKey, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  18501. }
  18502. #endif
  18503. #else /* !WOLFSSL_SMALL_STACK || WOLFSSL_NO_MALLOC */
  18504. if (key_inited)
  18505. wc_FreeDsaKey(key);
  18506. #ifdef WOLFSSL_KEY_GEN
  18507. if (derIn_inited)
  18508. wc_FreeDsaKey(derIn);
  18509. if (genKey_inited)
  18510. wc_FreeDsaKey(genKey);
  18511. #endif
  18512. #endif
  18513. if (rng_inited)
  18514. wc_FreeRng(&rng);
  18515. return ret;
  18516. }
  18517. #endif /* NO_DSA */
  18518. #ifdef WOLFCRYPT_HAVE_SRP
  18519. static wc_test_ret_t generate_random_salt(byte *buf, word32 size)
  18520. {
  18521. wc_test_ret_t ret = WC_TEST_RET_ENC_NC;
  18522. WC_RNG rng;
  18523. if(NULL == buf || !size)
  18524. return WC_TEST_RET_ENC_NC;
  18525. if (buf && size && wc_InitRng_ex(&rng, HEAP_HINT, devId) == 0) {
  18526. ret = wc_RNG_GenerateBlock(&rng, (byte *)buf, size);
  18527. wc_FreeRng(&rng);
  18528. }
  18529. return ret;
  18530. }
  18531. static wc_test_ret_t srp_test_digest(SrpType dgstType)
  18532. {
  18533. wc_test_ret_t r;
  18534. byte clientPubKey[192]; /* A */
  18535. byte serverPubKey[192]; /* B */
  18536. word32 clientPubKeySz = 192;
  18537. word32 serverPubKeySz = 192;
  18538. byte username[] = "user";
  18539. word32 usernameSz = 4;
  18540. byte password[] = "password";
  18541. word32 passwordSz = 8;
  18542. WOLFSSL_SMALL_STACK_STATIC const byte N[] = {
  18543. 0xfc, 0x58, 0x7a, 0x8a, 0x70, 0xfb, 0x5a, 0x9a,
  18544. 0x5d, 0x39, 0x48, 0xbf, 0x1c, 0x46, 0xd8, 0x3b,
  18545. 0x7a, 0xe9, 0x1f, 0x85, 0x36, 0x18, 0xc4, 0x35,
  18546. 0x3f, 0xf8, 0x8a, 0x8f, 0x8c, 0x10, 0x2e, 0x01,
  18547. 0x58, 0x1d, 0x41, 0xcb, 0xc4, 0x47, 0xa8, 0xaf,
  18548. 0x9a, 0x6f, 0x58, 0x14, 0xa4, 0x68, 0xf0, 0x9c,
  18549. 0xa6, 0xe7, 0xbf, 0x0d, 0xe9, 0x62, 0x0b, 0xd7,
  18550. 0x26, 0x46, 0x5b, 0x27, 0xcb, 0x4c, 0xf9, 0x7e,
  18551. 0x1e, 0x8b, 0xe6, 0xdd, 0x29, 0xb7, 0xb7, 0x15,
  18552. 0x2e, 0xcf, 0x23, 0xa6, 0x4b, 0x97, 0x9f, 0x89,
  18553. 0xd4, 0x86, 0xc4, 0x90, 0x63, 0x92, 0xf4, 0x30,
  18554. 0x26, 0x69, 0x48, 0x9d, 0x7a, 0x4f, 0xad, 0xb5,
  18555. 0x6a, 0x51, 0xad, 0xeb, 0xf9, 0x90, 0x31, 0x77,
  18556. 0x53, 0x30, 0x2a, 0x85, 0xf7, 0x11, 0x21, 0x0c,
  18557. 0xb8, 0x4b, 0x56, 0x03, 0x5e, 0xbb, 0x25, 0x33,
  18558. 0x7c, 0xd9, 0x5a, 0xd1, 0x5c, 0xb2, 0xd4, 0x53,
  18559. 0xc5, 0x16, 0x68, 0xf0, 0xdf, 0x48, 0x55, 0x3e,
  18560. 0xd4, 0x59, 0x87, 0x64, 0x59, 0xaa, 0x39, 0x01,
  18561. 0x45, 0x89, 0x9c, 0x72, 0xff, 0xdd, 0x8f, 0x6d,
  18562. 0xa0, 0x42, 0xbc, 0x6f, 0x6e, 0x62, 0x18, 0x2d,
  18563. 0x50, 0xe8, 0x18, 0x97, 0x87, 0xfc, 0xef, 0x1f,
  18564. 0xf5, 0x53, 0x68, 0xe8, 0x49, 0xd1, 0xa2, 0xe8,
  18565. 0xb9, 0x26, 0x03, 0xba, 0xb5, 0x58, 0x6f, 0x6c,
  18566. 0x8b, 0x08, 0xa1, 0x7b, 0x6f, 0x42, 0xc9, 0x53
  18567. };
  18568. WOLFSSL_SMALL_STACK_STATIC const byte g[] = {
  18569. 0x02
  18570. };
  18571. byte salt[10];
  18572. byte verifier[192];
  18573. word32 v_size = sizeof(verifier);
  18574. word32 clientProofSz = SRP_MAX_DIGEST_SIZE;
  18575. word32 serverProofSz = SRP_MAX_DIGEST_SIZE;
  18576. #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
  18577. Srp *cli = (Srp *)XMALLOC(sizeof *cli, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  18578. Srp *srv = (Srp *)XMALLOC(sizeof *srv, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  18579. byte *clientProof = (byte *)XMALLOC(SRP_MAX_DIGEST_SIZE, HEAP_HINT,
  18580. DYNAMIC_TYPE_TMP_BUFFER); /* M1 */
  18581. byte *serverProof = (byte *)XMALLOC(SRP_MAX_DIGEST_SIZE, HEAP_HINT,
  18582. DYNAMIC_TYPE_TMP_BUFFER); /* M2 */
  18583. if ((cli == NULL) ||
  18584. (srv == NULL) ||
  18585. (clientProof == NULL) ||
  18586. (serverProof == NULL)) {
  18587. r = WC_TEST_RET_ENC_NC;
  18588. goto out;
  18589. }
  18590. #else
  18591. Srp cli[1], srv[1];
  18592. byte clientProof[SRP_MAX_DIGEST_SIZE]; /* M1 */
  18593. byte serverProof[SRP_MAX_DIGEST_SIZE]; /* M2 */
  18594. #endif
  18595. /* set as 0's so if second init on srv not called SrpTerm is not on
  18596. * garbage values */
  18597. XMEMSET(srv, 0, sizeof *srv);
  18598. XMEMSET(cli, 0, sizeof *cli);
  18599. /* generating random salt */
  18600. r = generate_random_salt(salt, sizeof(salt));
  18601. /* client knows username and password. */
  18602. /* server knows N, g, salt and verifier. */
  18603. if (!r) r = wc_SrpInit_ex(cli, dgstType, SRP_CLIENT_SIDE, HEAP_HINT, devId);
  18604. if (!r) r = wc_SrpSetUsername(cli, username, usernameSz);
  18605. /* loading N, g and salt in advance to generate the verifier. */
  18606. if (!r) r = wc_SrpSetParams(cli, N, sizeof(N),
  18607. g, sizeof(g),
  18608. salt, sizeof(salt));
  18609. if (!r) r = wc_SrpSetPassword(cli, password, passwordSz);
  18610. if (!r) r = wc_SrpGetVerifier(cli, verifier, &v_size);
  18611. /* client sends username to server */
  18612. if (!r) r = wc_SrpInit_ex(srv, dgstType, SRP_SERVER_SIDE, HEAP_HINT, devId);
  18613. if (!r) r = wc_SrpSetUsername(srv, username, usernameSz);
  18614. if (!r) r = wc_SrpSetParams(srv, N, sizeof(N),
  18615. g, sizeof(g),
  18616. salt, sizeof(salt));
  18617. if (!r) r = wc_SrpSetVerifier(srv, verifier, v_size);
  18618. if (!r) r = wc_SrpGetPublic(srv, serverPubKey, &serverPubKeySz);
  18619. /* server sends N, g, salt and B to client */
  18620. if (!r) r = wc_SrpGetPublic(cli, clientPubKey, &clientPubKeySz);
  18621. if (!r) r = wc_SrpComputeKey(cli, clientPubKey, clientPubKeySz,
  18622. serverPubKey, serverPubKeySz);
  18623. if (!r) r = wc_SrpGetProof(cli, clientProof, &clientProofSz);
  18624. /* client sends A and M1 to server */
  18625. if (!r) r = wc_SrpComputeKey(srv, clientPubKey, clientPubKeySz,
  18626. serverPubKey, serverPubKeySz);
  18627. if (!r) r = wc_SrpVerifyPeersProof(srv, clientProof, clientProofSz);
  18628. if (!r) r = wc_SrpGetProof(srv, serverProof, &serverProofSz);
  18629. /* server sends M2 to client */
  18630. if (!r) r = wc_SrpVerifyPeersProof(cli, serverProof, serverProofSz);
  18631. wc_SrpTerm(cli);
  18632. wc_SrpTerm(srv);
  18633. #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
  18634. out:
  18635. if (cli)
  18636. XFREE(cli, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  18637. if (srv)
  18638. XFREE(srv, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  18639. if (clientProof)
  18640. XFREE(clientProof, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  18641. if (serverProof)
  18642. XFREE(serverProof, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  18643. #endif
  18644. return r;
  18645. }
  18646. WOLFSSL_TEST_SUBROUTINE wc_test_ret_t srp_test(void)
  18647. {
  18648. wc_test_ret_t ret;
  18649. #ifndef NO_SHA
  18650. ret = srp_test_digest(SRP_TYPE_SHA);
  18651. if (ret != 0)
  18652. return ret;
  18653. #endif
  18654. #ifndef NO_SHA256
  18655. ret = srp_test_digest(SRP_TYPE_SHA256);
  18656. if (ret != 0)
  18657. return ret;
  18658. #endif
  18659. #ifdef WOLFSSL_SHA384
  18660. ret = srp_test_digest(SRP_TYPE_SHA384);
  18661. if (ret != 0)
  18662. return ret;
  18663. #endif
  18664. #ifdef WOLFSSL_SHA512
  18665. ret = srp_test_digest(SRP_TYPE_SHA512);
  18666. if (ret != 0)
  18667. return ret;
  18668. #endif
  18669. return ret;
  18670. }
  18671. #endif /* WOLFCRYPT_HAVE_SRP */
  18672. #if defined(OPENSSL_EXTRA) && !defined(WOLFCRYPT_ONLY)
  18673. #if !defined(NO_AES) && !defined(WOLFCRYPT_ONLY)
  18674. static wc_test_ret_t openssl_aes_test(void)
  18675. {
  18676. #ifdef HAVE_AES_CBC
  18677. #ifdef WOLFSSL_AES_128
  18678. {
  18679. /* EVP_CipherUpdate test */
  18680. WOLFSSL_SMALL_STACK_STATIC const byte cbcPlain[] =
  18681. {
  18682. 0x6b,0xc1,0xbe,0xe2,0x2e,0x40,0x9f,0x96,
  18683. 0xe9,0x3d,0x7e,0x11,0x73,0x93,0x17,0x2a,
  18684. 0xae,0x2d,0x8a,0x57,0x1e,0x03,0xac,0x9c,
  18685. 0x9e,0xb7,0x6f,0xac,0x45,0xaf,0x8e,0x51,
  18686. 0x30,0xc8,0x1c,0x46,0xa3,0x5c,0xe4,0x11,
  18687. 0xe5,0xfb,0xc1,0x19,0x1a,0x0a,0x52,0xef,
  18688. 0xf6,0x9f,0x24,0x45,0xdf,0x4f,0x9b,0x17,
  18689. 0xad,0x2b,0x41,0x7b,0xe6,0x6c,0x37,0x10
  18690. };
  18691. WOLFSSL_SMALL_STACK_STATIC const byte key[] =
  18692. "0123456789abcdef "; /* align */
  18693. WOLFSSL_SMALL_STACK_STATIC const byte iv[] =
  18694. "1234567890abcdef "; /* align */
  18695. byte cipher[AES_BLOCK_SIZE * 4];
  18696. byte plain [AES_BLOCK_SIZE * 4];
  18697. #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
  18698. EVP_CIPHER_CTX *en = wolfSSL_EVP_CIPHER_CTX_new();
  18699. EVP_CIPHER_CTX *de = wolfSSL_EVP_CIPHER_CTX_new();
  18700. #else
  18701. EVP_CIPHER_CTX en[1];
  18702. EVP_CIPHER_CTX de[1];
  18703. #endif
  18704. int outlen ;
  18705. int total = 0;
  18706. int i;
  18707. #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
  18708. if ((en == NULL) || (de == NULL))
  18709. return MEMORY_E;
  18710. #endif
  18711. EVP_CIPHER_CTX_init(en);
  18712. if (EVP_CipherInit(en, EVP_aes_128_cbc(),
  18713. (unsigned char*)key, (unsigned char*)iv, 1) == 0)
  18714. return WC_TEST_RET_ENC_NC;
  18715. if (EVP_CipherUpdate(en, (byte*)cipher, &outlen,
  18716. (byte*)cbcPlain, 9) == 0)
  18717. return WC_TEST_RET_ENC_NC;
  18718. if (outlen != 0)
  18719. return WC_TEST_RET_ENC_NC;
  18720. total += outlen;
  18721. if (EVP_CipherUpdate(en, (byte*)&cipher[total], &outlen,
  18722. (byte*)&cbcPlain[9] , 9) == 0)
  18723. return WC_TEST_RET_ENC_NC;
  18724. if (outlen != 16)
  18725. return WC_TEST_RET_ENC_NC;
  18726. total += outlen;
  18727. if (EVP_CipherFinal(en, (byte*)&cipher[total], &outlen) == 0)
  18728. return WC_TEST_RET_ENC_NC;
  18729. if (outlen != 16)
  18730. return WC_TEST_RET_ENC_NC;
  18731. total += outlen;
  18732. if (total != 32)
  18733. return 3408;
  18734. EVP_CIPHER_CTX_cleanup(en);
  18735. total = 0;
  18736. EVP_CIPHER_CTX_init(de);
  18737. if (EVP_CipherInit(de, EVP_aes_128_cbc(),
  18738. (unsigned char*)key, (unsigned char*)iv, 0) == 0)
  18739. return WC_TEST_RET_ENC_NC;
  18740. if (EVP_CipherUpdate(de, (byte*)plain, &outlen, (byte*)cipher, 6) == 0)
  18741. return WC_TEST_RET_ENC_NC;
  18742. if (outlen != 0)
  18743. return WC_TEST_RET_ENC_NC;
  18744. total += outlen;
  18745. if (EVP_CipherUpdate(de, (byte*)&plain[total], &outlen,
  18746. (byte*)&cipher[6], 12) == 0)
  18747. return WC_TEST_RET_ENC_NC;
  18748. if (outlen != 0)
  18749. total += outlen;
  18750. if (EVP_CipherUpdate(de, (byte*)&plain[total], &outlen,
  18751. (byte*)&cipher[6+12], 14) == 0)
  18752. return WC_TEST_RET_ENC_NC;
  18753. if (outlen != 16)
  18754. return WC_TEST_RET_ENC_NC;
  18755. total += outlen;
  18756. if (EVP_CipherFinal(de, (byte*)&plain[total], &outlen) == 0)
  18757. return WC_TEST_RET_ENC_NC;
  18758. if (outlen != 2)
  18759. return WC_TEST_RET_ENC_NC;
  18760. total += outlen;
  18761. if (total != 18)
  18762. return 3427;
  18763. if (XMEMCMP(plain, cbcPlain, 18))
  18764. return WC_TEST_RET_ENC_NC;
  18765. EVP_CIPHER_CTX_cleanup(de);
  18766. /* test with encrypting/decrypting more than 16 bytes at once */
  18767. total = 0;
  18768. EVP_CIPHER_CTX_init(en);
  18769. if (EVP_CipherInit(en, EVP_aes_128_cbc(),
  18770. (unsigned char*)key, (unsigned char*)iv, 1) == 0)
  18771. return WC_TEST_RET_ENC_NC;
  18772. if (EVP_CipherUpdate(en, (byte*)cipher, &outlen,
  18773. (byte*)cbcPlain, 17) == 0)
  18774. return WC_TEST_RET_ENC_NC;
  18775. if (outlen != 16)
  18776. return WC_TEST_RET_ENC_NC;
  18777. total += outlen;
  18778. if (EVP_CipherUpdate(en, (byte*)&cipher[total], &outlen,
  18779. (byte*)&cbcPlain[17] , 1) == 0)
  18780. return WC_TEST_RET_ENC_NC;
  18781. if (outlen != 0)
  18782. return WC_TEST_RET_ENC_NC;
  18783. total += outlen;
  18784. if (EVP_CipherFinal(en, (byte*)&cipher[total], &outlen) == 0)
  18785. return WC_TEST_RET_ENC_NC;
  18786. if (outlen != 16)
  18787. return WC_TEST_RET_ENC_NC;
  18788. total += outlen;
  18789. if (total != 32)
  18790. return WC_TEST_RET_ENC_NC;
  18791. EVP_CIPHER_CTX_cleanup(en);
  18792. total = 0;
  18793. EVP_CIPHER_CTX_init(de);
  18794. if (EVP_CipherInit(de, EVP_aes_128_cbc(),
  18795. (unsigned char*)key, (unsigned char*)iv, 0) == 0)
  18796. return WC_TEST_RET_ENC_NC;
  18797. if (EVP_CipherUpdate(de, (byte*)plain, &outlen, (byte*)cipher, 17) == 0)
  18798. return WC_TEST_RET_ENC_NC;
  18799. if (outlen != 16)
  18800. return WC_TEST_RET_ENC_NC;
  18801. total += outlen;
  18802. /* final call on non block size should fail */
  18803. if (EVP_CipherFinal(de, (byte*)&plain[total], &outlen) != 0)
  18804. return WC_TEST_RET_ENC_NC;
  18805. if (EVP_CipherUpdate(de, (byte*)&plain[total], &outlen,
  18806. (byte*)&cipher[17], 1) == 0)
  18807. return WC_TEST_RET_ENC_NC;
  18808. if (outlen != 0)
  18809. total += outlen;
  18810. if (EVP_CipherUpdate(de, (byte*)&plain[total], &outlen,
  18811. (byte*)&cipher[17+1], 14) == 0)
  18812. return WC_TEST_RET_ENC_NC;
  18813. if (outlen != 0)
  18814. return WC_TEST_RET_ENC_NC;
  18815. total += outlen;
  18816. if (EVP_CipherFinal(de, (byte*)&plain[total], &outlen) == 0)
  18817. return WC_TEST_RET_ENC_NC;
  18818. if (outlen != 2)
  18819. return WC_TEST_RET_ENC_NC;
  18820. total += outlen;
  18821. if (total != 18)
  18822. return WC_TEST_RET_ENC_NC;
  18823. if (XMEMCMP(plain, cbcPlain, 18))
  18824. return WC_TEST_RET_ENC_NC;
  18825. /* test byte by byte decrypt */
  18826. for (i = 0; i < AES_BLOCK_SIZE * 3; i++) {
  18827. plain[i] = i;
  18828. }
  18829. EVP_CIPHER_CTX_cleanup(de);
  18830. total = 0;
  18831. EVP_CIPHER_CTX_init(en);
  18832. if (EVP_CipherInit(en, EVP_aes_128_cbc(),
  18833. (unsigned char*)key, (unsigned char*)iv, 1) == 0)
  18834. return WC_TEST_RET_ENC_NC;
  18835. if (EVP_CipherUpdate(en, (byte*)cipher, &outlen,
  18836. (byte*)plain, AES_BLOCK_SIZE * 3) == 0)
  18837. return WC_TEST_RET_ENC_NC;
  18838. if (outlen != AES_BLOCK_SIZE * 3)
  18839. return WC_TEST_RET_ENC_NC;
  18840. total += outlen;
  18841. if (EVP_CipherFinal(en, (byte*)&cipher[total], &outlen) == 0)
  18842. return WC_TEST_RET_ENC_NC;
  18843. if (outlen != AES_BLOCK_SIZE)
  18844. return WC_TEST_RET_ENC_NC;
  18845. total += outlen;
  18846. if (total != sizeof(plain))
  18847. return WC_TEST_RET_ENC_NC;
  18848. EVP_CIPHER_CTX_cleanup(en);
  18849. total = 0;
  18850. EVP_CIPHER_CTX_init(de);
  18851. if (EVP_CipherInit(de, EVP_aes_128_cbc(),
  18852. (unsigned char*)key, (unsigned char*)iv, 0) == 0)
  18853. return WC_TEST_RET_ENC_NC;
  18854. for (i = 0; i < AES_BLOCK_SIZE * 4; i++) {
  18855. if (EVP_CipherUpdate(de, (byte*)plain + total, &outlen,
  18856. (byte*)cipher + i, 1) == 0)
  18857. return WC_TEST_RET_ENC_NC;
  18858. if (outlen > 0) {
  18859. int j;
  18860. total += outlen;
  18861. for (j = 0; j < total; j++) {
  18862. if (plain[j] != j) {
  18863. return WC_TEST_RET_ENC_NC;
  18864. }
  18865. }
  18866. }
  18867. }
  18868. if (EVP_CipherFinal(de, (byte*)&plain[total], &outlen) == 0)
  18869. return WC_TEST_RET_ENC_NC;
  18870. total += outlen;
  18871. if (total != AES_BLOCK_SIZE * 3) {
  18872. return WC_TEST_RET_ENC_NC;
  18873. }
  18874. for (i = 0; i < AES_BLOCK_SIZE * 3; i++) {
  18875. if (plain[i] != i) {
  18876. return WC_TEST_RET_ENC_NC;
  18877. }
  18878. }
  18879. EVP_CIPHER_CTX_cleanup(de);
  18880. #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
  18881. wolfSSL_EVP_CIPHER_CTX_free(en);
  18882. wolfSSL_EVP_CIPHER_CTX_free(de);
  18883. #endif
  18884. }
  18885. /* set buffers to be exact size to catch potential over read/write */
  18886. {
  18887. /* EVP_CipherUpdate test */
  18888. WOLFSSL_SMALL_STACK_STATIC const byte cbcPlain[] =
  18889. {
  18890. 0x6b,0xc1,0xbe,0xe2,0x2e,0x40,0x9f,0x96,
  18891. 0xe9,0x3d,0x7e,0x11,0x73,0x93,0x17,0x2a,
  18892. 0xae,0x2d,0x8a,0x57,0x1e,0x03,0xac,0x9c,
  18893. 0x9e,0xb7,0x6f,0xac,0x45,0xaf,0x8e,0x51,
  18894. 0x30,0xc8,0x1c,0x46,0xa3,0x5c,0xe4,0x11,
  18895. 0xe5,0xfb,0xc1,0x19,0x1a,0x0a,0x52,0xef,
  18896. 0xf6,0x9f,0x24,0x45,0xdf,0x4f,0x9b,0x17,
  18897. 0xad,0x2b,0x41,0x7b,0xe6,0x6c,0x37,0x10
  18898. };
  18899. WOLFSSL_SMALL_STACK_STATIC const byte key[] =
  18900. "0123456789abcdef "; /* align */
  18901. WOLFSSL_SMALL_STACK_STATIC const byte iv[] =
  18902. "1234567890abcdef "; /* align */
  18903. #define EVP_TEST_BUF_SZ 18
  18904. #define EVP_TEST_BUF_PAD 32
  18905. byte cipher[EVP_TEST_BUF_SZ];
  18906. byte plain [EVP_TEST_BUF_SZ];
  18907. byte padded[EVP_TEST_BUF_PAD];
  18908. #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
  18909. EVP_CIPHER_CTX *en = wolfSSL_EVP_CIPHER_CTX_new();
  18910. EVP_CIPHER_CTX *de = wolfSSL_EVP_CIPHER_CTX_new();
  18911. #else
  18912. EVP_CIPHER_CTX en[1];
  18913. EVP_CIPHER_CTX de[1];
  18914. #endif
  18915. int outlen ;
  18916. int total = 0;
  18917. #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
  18918. if ((en == NULL) || (de == NULL))
  18919. return MEMORY_E;
  18920. #endif
  18921. EVP_CIPHER_CTX_init(en);
  18922. if (EVP_CipherInit(en, EVP_aes_128_cbc(),
  18923. (unsigned char*)key, (unsigned char*)iv, 1) == 0)
  18924. return WC_TEST_RET_ENC_NC;
  18925. if (EVP_CIPHER_CTX_set_padding(en, 0) != 1)
  18926. return WC_TEST_RET_ENC_NC;
  18927. if (EVP_CipherUpdate(en, (byte*)cipher, &outlen,
  18928. (byte*)cbcPlain, EVP_TEST_BUF_SZ) == 0)
  18929. return WC_TEST_RET_ENC_NC;
  18930. if (outlen != 16)
  18931. return WC_TEST_RET_ENC_NC;
  18932. total += outlen;
  18933. /* should fail here */
  18934. if (EVP_CipherFinal(en, (byte*)&cipher[total], &outlen) != 0)
  18935. return WC_TEST_RET_ENC_NC;
  18936. EVP_CIPHER_CTX_cleanup(en);
  18937. /* turn padding back on and do successful encrypt */
  18938. total = 0;
  18939. EVP_CIPHER_CTX_init(en);
  18940. if (EVP_CipherInit(en, EVP_aes_128_cbc(),
  18941. (unsigned char*)key, (unsigned char*)iv, 1) == 0)
  18942. return WC_TEST_RET_ENC_NC;
  18943. if (EVP_CIPHER_CTX_set_padding(en, 1) != 1)
  18944. return WC_TEST_RET_ENC_NC;
  18945. if (EVP_CipherUpdate(en, (byte*)padded, &outlen,
  18946. (byte*)cbcPlain, EVP_TEST_BUF_SZ) == 0)
  18947. return WC_TEST_RET_ENC_NC;
  18948. if (outlen != 16)
  18949. return WC_TEST_RET_ENC_NC;
  18950. total += outlen;
  18951. if (EVP_CipherFinal(en, (byte*)&padded[total], &outlen) == 0)
  18952. return WC_TEST_RET_ENC_NC;
  18953. total += outlen;
  18954. if (total != 32)
  18955. return WC_TEST_RET_ENC_NC;
  18956. XMEMCPY(cipher, padded, EVP_TEST_BUF_SZ);
  18957. EVP_CIPHER_CTX_cleanup(en);
  18958. /* test out of bounds read on buffers w/o padding during decryption */
  18959. total = 0;
  18960. EVP_CIPHER_CTX_init(de);
  18961. if (EVP_CipherInit(de, EVP_aes_128_cbc(),
  18962. (unsigned char*)key, (unsigned char*)iv, 0) == 0)
  18963. return WC_TEST_RET_ENC_NC;
  18964. if (EVP_CIPHER_CTX_set_padding(de, 0) != 1)
  18965. return WC_TEST_RET_ENC_NC;
  18966. if (EVP_CipherUpdate(de, (byte*)plain, &outlen, (byte*)cipher,
  18967. EVP_TEST_BUF_SZ) == 0)
  18968. return WC_TEST_RET_ENC_NC;
  18969. if (outlen != 16)
  18970. return WC_TEST_RET_ENC_NC;
  18971. total += outlen;
  18972. /* should fail since not using padding */
  18973. if (EVP_CipherFinal(de, (byte*)&plain[total], &outlen) != 0)
  18974. return WC_TEST_RET_ENC_NC;
  18975. EVP_CIPHER_CTX_cleanup(de);
  18976. total = 0;
  18977. EVP_CIPHER_CTX_init(de);
  18978. if (EVP_CipherInit(de, EVP_aes_128_cbc(),
  18979. (unsigned char*)key, (unsigned char*)iv, 0) == 0)
  18980. return WC_TEST_RET_ENC_NC;
  18981. if (EVP_CIPHER_CTX_set_padding(de, 1) != 1)
  18982. return WC_TEST_RET_ENC_NC;
  18983. if (EVP_CipherUpdate(de, (byte*)padded, &outlen, (byte*)padded,
  18984. EVP_TEST_BUF_PAD) == 0)
  18985. return WC_TEST_RET_ENC_NC;
  18986. if (outlen != 16)
  18987. return WC_TEST_RET_ENC_NC;
  18988. total += outlen;
  18989. if (EVP_CipherFinal(de, (byte*)&padded[total], &outlen) == 0)
  18990. return WC_TEST_RET_ENC_NC;
  18991. if (XMEMCMP(padded, cbcPlain, EVP_TEST_BUF_SZ))
  18992. return WC_TEST_RET_ENC_NC;
  18993. EVP_CIPHER_CTX_cleanup(de);
  18994. #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
  18995. wolfSSL_EVP_CIPHER_CTX_free(en);
  18996. wolfSSL_EVP_CIPHER_CTX_free(de);
  18997. #endif
  18998. }
  18999. { /* evp_cipher test: EVP_aes_128_cbc */
  19000. #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
  19001. EVP_CIPHER_CTX *ctx = wolfSSL_EVP_CIPHER_CTX_new();
  19002. #else
  19003. EVP_CIPHER_CTX ctx[1];
  19004. #endif
  19005. WOLFSSL_SMALL_STACK_STATIC const byte msg[] = { /* "Now is the time for all " w/o trailing 0 */
  19006. 0x6e,0x6f,0x77,0x20,0x69,0x73,0x20,0x74,
  19007. 0x68,0x65,0x20,0x74,0x69,0x6d,0x65,0x20,
  19008. 0x66,0x6f,0x72,0x20,0x61,0x6c,0x6c,0x20
  19009. };
  19010. WOLFSSL_SMALL_STACK_STATIC const byte verify[] =
  19011. {
  19012. 0x95,0x94,0x92,0x57,0x5f,0x42,0x81,0x53,
  19013. 0x2c,0xcc,0x9d,0x46,0x77,0xa2,0x33,0xcb
  19014. };
  19015. WOLFSSL_SMALL_STACK_STATIC const byte key[] =
  19016. "0123456789abcdef "; /* align */
  19017. WOLFSSL_SMALL_STACK_STATIC const byte iv[] =
  19018. "1234567890abcdef "; /* align */
  19019. byte cipher[AES_BLOCK_SIZE * 4];
  19020. byte plain [AES_BLOCK_SIZE * 4];
  19021. #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
  19022. if (ctx == NULL)
  19023. return MEMORY_E;
  19024. #endif
  19025. EVP_CIPHER_CTX_init(ctx);
  19026. if (EVP_CipherInit(ctx, EVP_aes_128_cbc(), key, iv, 1) == 0)
  19027. return WC_TEST_RET_ENC_NC;
  19028. if (EVP_Cipher(ctx, cipher, (byte*)msg, 16) != 16)
  19029. return WC_TEST_RET_ENC_NC;
  19030. if (XMEMCMP(cipher, verify, AES_BLOCK_SIZE))
  19031. return WC_TEST_RET_ENC_NC;
  19032. EVP_CIPHER_CTX_cleanup(ctx);
  19033. EVP_CIPHER_CTX_init(ctx);
  19034. if (EVP_CipherInit(ctx, EVP_aes_128_cbc(), key, iv, 0) == 0)
  19035. return WC_TEST_RET_ENC_NC;
  19036. if (EVP_Cipher(ctx, plain, cipher, 16) != 16)
  19037. return WC_TEST_RET_ENC_NC;
  19038. if (XMEMCMP(plain, msg, AES_BLOCK_SIZE))
  19039. return WC_TEST_RET_ENC_NC;
  19040. EVP_CIPHER_CTX_cleanup(ctx);
  19041. #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
  19042. wolfSSL_EVP_CIPHER_CTX_free(ctx);
  19043. #endif
  19044. } /* end evp_cipher test: EVP_aes_128_cbc*/
  19045. #endif /* WOLFSSL_AES_128 */
  19046. #endif /* HAVE_AES_CBC */
  19047. #ifndef WOLFSSL_NO_OPENSSL_AES_LOW_LEVEL_API
  19048. #if defined(HAVE_AES_ECB) && defined(WOLFSSL_AES_256)
  19049. { /* evp_cipher test: EVP_aes_256_ecb*/
  19050. #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
  19051. EVP_CIPHER_CTX *ctx = wolfSSL_EVP_CIPHER_CTX_new();
  19052. #else
  19053. EVP_CIPHER_CTX ctx[1];
  19054. #endif
  19055. WOLFSSL_SMALL_STACK_STATIC const byte msg[] =
  19056. {
  19057. 0x6b,0xc1,0xbe,0xe2,0x2e,0x40,0x9f,0x96,
  19058. 0xe9,0x3d,0x7e,0x11,0x73,0x93,0x17,0x2a
  19059. };
  19060. WOLFSSL_SMALL_STACK_STATIC const byte verify[] =
  19061. {
  19062. 0xf3,0xee,0xd1,0xbd,0xb5,0xd2,0xa0,0x3c,
  19063. 0x06,0x4b,0x5a,0x7e,0x3d,0xb1,0x81,0xf8
  19064. };
  19065. WOLFSSL_SMALL_STACK_STATIC const byte key[] =
  19066. {
  19067. 0x60,0x3d,0xeb,0x10,0x15,0xca,0x71,0xbe,
  19068. 0x2b,0x73,0xae,0xf0,0x85,0x7d,0x77,0x81,
  19069. 0x1f,0x35,0x2c,0x07,0x3b,0x61,0x08,0xd7,
  19070. 0x2d,0x98,0x10,0xa3,0x09,0x14,0xdf,0xf4
  19071. };
  19072. byte cipher[AES_BLOCK_SIZE * 4];
  19073. byte plain [AES_BLOCK_SIZE * 4];
  19074. #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
  19075. if (ctx == NULL)
  19076. return MEMORY_E;
  19077. #endif
  19078. EVP_CIPHER_CTX_init(ctx);
  19079. if (EVP_CipherInit(ctx, EVP_aes_256_ecb(), (unsigned char*)key, NULL, 1) == 0)
  19080. return WC_TEST_RET_ENC_NC;
  19081. if (EVP_Cipher(ctx, cipher, (byte*)msg, 16) != 16)
  19082. return WC_TEST_RET_ENC_NC;
  19083. if (XMEMCMP(cipher, verify, AES_BLOCK_SIZE))
  19084. return WC_TEST_RET_ENC_NC;
  19085. EVP_CIPHER_CTX_init(ctx);
  19086. if (EVP_CipherInit(ctx, EVP_aes_256_ecb(), (unsigned char*)key, NULL, 0) == 0)
  19087. return WC_TEST_RET_ENC_NC;
  19088. if (EVP_Cipher(ctx, plain, cipher, 16) != 16)
  19089. return WC_TEST_RET_ENC_NC;
  19090. if (XMEMCMP(plain, msg, AES_BLOCK_SIZE))
  19091. return WC_TEST_RET_ENC_NC;
  19092. #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
  19093. wolfSSL_EVP_CIPHER_CTX_free(ctx);
  19094. #endif
  19095. } /* end evp_cipher test */
  19096. #endif /* HAVE_AES_ECB && WOLFSSL_AES_256 */
  19097. #if defined(WOLFSSL_AES_DIRECT) && defined(WOLFSSL_AES_256)
  19098. /* enable HAVE_AES_DECRYPT for AES_encrypt/decrypt */
  19099. {
  19100. /* Test: AES_encrypt/decrypt/set Key */
  19101. #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
  19102. AES_KEY *enc = (AES_KEY *)XMALLOC(sizeof *enc, HEAP_HINT, DYNAMIC_TYPE_AES);
  19103. #ifdef HAVE_AES_DECRYPT
  19104. AES_KEY *dec = (AES_KEY *)XMALLOC(sizeof *dec, HEAP_HINT, DYNAMIC_TYPE_AES);
  19105. #endif
  19106. #else
  19107. AES_KEY enc[1];
  19108. #ifdef HAVE_AES_DECRYPT
  19109. AES_KEY dec[1];
  19110. #endif
  19111. #endif
  19112. WOLFSSL_SMALL_STACK_STATIC const byte msg[] =
  19113. {
  19114. 0x6b,0xc1,0xbe,0xe2,0x2e,0x40,0x9f,0x96,
  19115. 0xe9,0x3d,0x7e,0x11,0x73,0x93,0x17,0x2a
  19116. };
  19117. WOLFSSL_SMALL_STACK_STATIC const byte verify[] =
  19118. {
  19119. 0xf3,0xee,0xd1,0xbd,0xb5,0xd2,0xa0,0x3c,
  19120. 0x06,0x4b,0x5a,0x7e,0x3d,0xb1,0x81,0xf8
  19121. };
  19122. WOLFSSL_SMALL_STACK_STATIC const byte key[] =
  19123. {
  19124. 0x60,0x3d,0xeb,0x10,0x15,0xca,0x71,0xbe,
  19125. 0x2b,0x73,0xae,0xf0,0x85,0x7d,0x77,0x81,
  19126. 0x1f,0x35,0x2c,0x07,0x3b,0x61,0x08,0xd7,
  19127. 0x2d,0x98,0x10,0xa3,0x09,0x14,0xdf,0xf4
  19128. };
  19129. byte plain[sizeof(msg)];
  19130. byte cipher[sizeof(msg)];
  19131. #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
  19132. if (enc == NULL)
  19133. return MEMORY_E;
  19134. #ifdef HAVE_AES_DECRYPT
  19135. if (dec == NULL)
  19136. return MEMORY_E;
  19137. #endif
  19138. #endif
  19139. AES_set_encrypt_key(key, sizeof(key)*8, enc);
  19140. AES_set_decrypt_key(key, sizeof(key)*8, dec);
  19141. AES_encrypt(msg, cipher, enc);
  19142. #ifdef HAVE_AES_DECRYPT
  19143. AES_decrypt(cipher, plain, dec);
  19144. if (XMEMCMP(plain, msg, AES_BLOCK_SIZE))
  19145. return WC_TEST_RET_ENC_NC;
  19146. #endif /* HAVE_AES_DECRYPT */
  19147. if (XMEMCMP(cipher, verify, AES_BLOCK_SIZE))
  19148. return WC_TEST_RET_ENC_NC;
  19149. #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
  19150. XFREE(enc, HEAP_HINT, DYNAMIC_TYPE_AES);
  19151. #ifdef HAVE_AES_DECRYPT
  19152. XFREE(dec, HEAP_HINT, DYNAMIC_TYPE_AES);
  19153. #endif
  19154. #endif
  19155. }
  19156. #endif /* WOLFSSL_AES_DIRECT && WOLFSSL_AES_256 */
  19157. #endif /* !WOLFSSL_NO_OPENSSL_AES_LOW_LEVEL_API */
  19158. /* EVP_Cipher with EVP_aes_xxx_ctr() */
  19159. #ifdef WOLFSSL_AES_COUNTER
  19160. {
  19161. byte plainBuff [64];
  19162. byte cipherBuff[64];
  19163. #ifdef WOLFSSL_AES_128
  19164. WOLFSSL_SMALL_STACK_STATIC const byte ctrKey[] =
  19165. {
  19166. 0x2b,0x7e,0x15,0x16,0x28,0xae,0xd2,0xa6,
  19167. 0xab,0xf7,0x15,0x88,0x09,0xcf,0x4f,0x3c
  19168. };
  19169. WOLFSSL_SMALL_STACK_STATIC const byte ctrIv[] =
  19170. {
  19171. 0xf0,0xf1,0xf2,0xf3,0xf4,0xf5,0xf6,0xf7,
  19172. 0xf8,0xf9,0xfa,0xfb,0xfc,0xfd,0xfe,0xff
  19173. };
  19174. WOLFSSL_SMALL_STACK_STATIC const byte ctrPlain[] =
  19175. {
  19176. 0x6b,0xc1,0xbe,0xe2,0x2e,0x40,0x9f,0x96,
  19177. 0xe9,0x3d,0x7e,0x11,0x73,0x93,0x17,0x2a,
  19178. 0xae,0x2d,0x8a,0x57,0x1e,0x03,0xac,0x9c,
  19179. 0x9e,0xb7,0x6f,0xac,0x45,0xaf,0x8e,0x51,
  19180. 0x30,0xc8,0x1c,0x46,0xa3,0x5c,0xe4,0x11,
  19181. 0xe5,0xfb,0xc1,0x19,0x1a,0x0a,0x52,0xef,
  19182. 0xf6,0x9f,0x24,0x45,0xdf,0x4f,0x9b,0x17,
  19183. 0xad,0x2b,0x41,0x7b,0xe6,0x6c,0x37,0x10
  19184. };
  19185. WOLFSSL_SMALL_STACK_STATIC const byte ctrCipher[] =
  19186. {
  19187. 0x87,0x4d,0x61,0x91,0xb6,0x20,0xe3,0x26,
  19188. 0x1b,0xef,0x68,0x64,0x99,0x0d,0xb6,0xce,
  19189. 0x98,0x06,0xf6,0x6b,0x79,0x70,0xfd,0xff,
  19190. 0x86,0x17,0x18,0x7b,0xb9,0xff,0xfd,0xff,
  19191. 0x5a,0xe4,0xdf,0x3e,0xdb,0xd5,0xd3,0x5e,
  19192. 0x5b,0x4f,0x09,0x02,0x0d,0xb0,0x3e,0xab,
  19193. 0x1e,0x03,0x1d,0xda,0x2f,0xbe,0x03,0xd1,
  19194. 0x79,0x21,0x70,0xa0,0xf3,0x00,0x9c,0xee
  19195. };
  19196. WOLFSSL_SMALL_STACK_STATIC const byte oddCipher[] =
  19197. {
  19198. 0xb9,0xd7,0xcb,0x08,0xb0,0xe1,0x7b,0xa0,
  19199. 0xc2
  19200. };
  19201. #endif
  19202. /* test vector from "Recommendation for Block Cipher Modes of Operation"
  19203. * NIST Special Publication 800-38A */
  19204. #ifdef WOLFSSL_AES_192
  19205. WOLFSSL_SMALL_STACK_STATIC const byte ctr192Key[] =
  19206. {
  19207. 0x8e,0x73,0xb0,0xf7,0xda,0x0e,0x64,0x52,
  19208. 0xc8,0x10,0xf3,0x2b,0x80,0x90,0x79,0xe5,
  19209. 0x62,0xf8,0xea,0xd2,0x52,0x2c,0x6b,0x7b
  19210. };
  19211. WOLFSSL_SMALL_STACK_STATIC const byte ctr192Iv[] =
  19212. {
  19213. 0xf0,0xf1,0xf2,0xf3,0xf4,0xf5,0xf6,0xf7,
  19214. 0xf8,0xf9,0xfa,0xfb,0xfc,0xfd,0xfe,0xff
  19215. };
  19216. WOLFSSL_SMALL_STACK_STATIC const byte ctr192Plain[] =
  19217. {
  19218. 0x6b,0xc1,0xbe,0xe2,0x2e,0x40,0x9f,0x96,
  19219. 0xe9,0x3d,0x7e,0x11,0x73,0x93,0x17,0x2a
  19220. };
  19221. WOLFSSL_SMALL_STACK_STATIC const byte ctr192Cipher[] =
  19222. {
  19223. 0x1a,0xbc,0x93,0x24,0x17,0x52,0x1c,0xa2,
  19224. 0x4f,0x2b,0x04,0x59,0xfe,0x7e,0x6e,0x0b
  19225. };
  19226. #endif /* WOLFSSL_AES_192 */
  19227. #ifdef WOLFSSL_AES_256
  19228. /* test vector from "Recommendation for Block Cipher Modes of Operation"
  19229. * NIST Special Publication 800-38A */
  19230. WOLFSSL_SMALL_STACK_STATIC const byte ctr256Key[] =
  19231. {
  19232. 0x60,0x3d,0xeb,0x10,0x15,0xca,0x71,0xbe,
  19233. 0x2b,0x73,0xae,0xf0,0x85,0x7d,0x77,0x81,
  19234. 0x1f,0x35,0x2c,0x07,0x3b,0x61,0x08,0xd7,
  19235. 0x2d,0x98,0x10,0xa3,0x09,0x14,0xdf,0xf4
  19236. };
  19237. WOLFSSL_SMALL_STACK_STATIC const byte ctr256Iv[] =
  19238. {
  19239. 0xf0,0xf1,0xf2,0xf3,0xf4,0xf5,0xf6,0xf7,
  19240. 0xf8,0xf9,0xfa,0xfb,0xfc,0xfd,0xfe,0xff
  19241. };
  19242. WOLFSSL_SMALL_STACK_STATIC const byte ctr256Plain[] =
  19243. {
  19244. 0x6b,0xc1,0xbe,0xe2,0x2e,0x40,0x9f,0x96,
  19245. 0xe9,0x3d,0x7e,0x11,0x73,0x93,0x17,0x2a
  19246. };
  19247. WOLFSSL_SMALL_STACK_STATIC const byte ctr256Cipher[] =
  19248. {
  19249. 0x60,0x1e,0xc3,0x13,0x77,0x57,0x89,0xa5,
  19250. 0xb7,0xa7,0xf5,0x04,0xbb,0xf3,0xd2,0x28
  19251. };
  19252. #endif /* WOLFSSL_AES_256 */
  19253. #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
  19254. EVP_CIPHER_CTX *en = wolfSSL_EVP_CIPHER_CTX_new();
  19255. EVP_CIPHER_CTX *de = wolfSSL_EVP_CIPHER_CTX_new();
  19256. #else
  19257. EVP_CIPHER_CTX en[1];
  19258. EVP_CIPHER_CTX de[1];
  19259. #endif
  19260. #ifdef WOLFSSL_AES_128
  19261. #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
  19262. EVP_CIPHER_CTX *p_en;
  19263. EVP_CIPHER_CTX *p_de;
  19264. #endif
  19265. #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
  19266. if ((en == NULL) || (de == NULL))
  19267. return MEMORY_E;
  19268. #endif
  19269. EVP_CIPHER_CTX_init(en);
  19270. if (EVP_CipherInit(en, EVP_aes_128_ctr(),
  19271. (unsigned char*)ctrKey, (unsigned char*)ctrIv, 0) == 0)
  19272. return WC_TEST_RET_ENC_NC;
  19273. if (EVP_Cipher(en, (byte*)cipherBuff, (byte*)ctrPlain,
  19274. AES_BLOCK_SIZE*4) != AES_BLOCK_SIZE*4)
  19275. return WC_TEST_RET_ENC_NC;
  19276. EVP_CIPHER_CTX_init(de);
  19277. if (EVP_CipherInit(de, EVP_aes_128_ctr(),
  19278. (unsigned char*)ctrKey, (unsigned char*)ctrIv, 0) == 0)
  19279. return WC_TEST_RET_ENC_NC;
  19280. if (EVP_Cipher(de, (byte*)plainBuff, (byte*)cipherBuff,
  19281. AES_BLOCK_SIZE*4) != AES_BLOCK_SIZE*4)
  19282. return WC_TEST_RET_ENC_NC;
  19283. if (wolfSSL_EVP_CIPHER_CTX_cleanup(en) != WOLFSSL_SUCCESS)
  19284. return WC_TEST_RET_ENC_NC;
  19285. if (wolfSSL_EVP_CIPHER_CTX_cleanup(de) != WOLFSSL_SUCCESS)
  19286. return WC_TEST_RET_ENC_NC;
  19287. if (XMEMCMP(cipherBuff, ctrCipher, AES_BLOCK_SIZE*4))
  19288. return WC_TEST_RET_ENC_NC;
  19289. if (XMEMCMP(plainBuff, ctrPlain, AES_BLOCK_SIZE*4))
  19290. return WC_TEST_RET_ENC_NC;
  19291. #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
  19292. p_en = wolfSSL_EVP_CIPHER_CTX_new();
  19293. if (p_en == NULL)
  19294. return WC_TEST_RET_ENC_ERRNO;
  19295. p_de = wolfSSL_EVP_CIPHER_CTX_new();
  19296. if (p_de == NULL)
  19297. return WC_TEST_RET_ENC_ERRNO;
  19298. if (EVP_CipherInit(p_en, EVP_aes_128_ctr(),
  19299. (unsigned char*)ctrKey, (unsigned char*)ctrIv, 0) == 0)
  19300. return WC_TEST_RET_ENC_NC;
  19301. if (EVP_Cipher(p_en, (byte*)cipherBuff, (byte*)ctrPlain,
  19302. AES_BLOCK_SIZE*4) != AES_BLOCK_SIZE*4)
  19303. return WC_TEST_RET_ENC_NC;
  19304. if (EVP_CipherInit(p_de, EVP_aes_128_ctr(),
  19305. (unsigned char*)ctrKey, (unsigned char*)ctrIv, 0) == 0)
  19306. return WC_TEST_RET_ENC_NC;
  19307. if (EVP_Cipher(p_de, (byte*)plainBuff, (byte*)cipherBuff,
  19308. AES_BLOCK_SIZE*4) != AES_BLOCK_SIZE*4)
  19309. return WC_TEST_RET_ENC_NC;
  19310. if (wolfSSL_EVP_CIPHER_CTX_cleanup(en) != WOLFSSL_SUCCESS)
  19311. return WC_TEST_RET_ENC_NC;
  19312. if (wolfSSL_EVP_CIPHER_CTX_cleanup(de) != WOLFSSL_SUCCESS)
  19313. return WC_TEST_RET_ENC_NC;
  19314. wolfSSL_EVP_CIPHER_CTX_free(p_en);
  19315. wolfSSL_EVP_CIPHER_CTX_free(p_de);
  19316. #endif /* WOLFSSL_SMALL_STACK && !WOLFSSL_NO_MALLOC */
  19317. if (XMEMCMP(cipherBuff, ctrCipher, AES_BLOCK_SIZE*4))
  19318. return WC_TEST_RET_ENC_NC;
  19319. if (XMEMCMP(plainBuff, ctrPlain, AES_BLOCK_SIZE*4))
  19320. return WC_TEST_RET_ENC_NC;
  19321. EVP_CIPHER_CTX_init(en);
  19322. if (EVP_CipherInit(en, EVP_aes_128_ctr(),
  19323. (unsigned char*)ctrKey, (unsigned char*)ctrIv, 0) == 0)
  19324. return WC_TEST_RET_ENC_NC;
  19325. if (EVP_Cipher(en, (byte*)cipherBuff, (byte*)ctrPlain, 9) != 9)
  19326. return WC_TEST_RET_ENC_NC;
  19327. EVP_CIPHER_CTX_init(de);
  19328. if (EVP_CipherInit(de, EVP_aes_128_ctr(),
  19329. (unsigned char*)ctrKey, (unsigned char*)ctrIv, 0) == 0)
  19330. return WC_TEST_RET_ENC_NC;
  19331. if (EVP_Cipher(de, (byte*)plainBuff, (byte*)cipherBuff, 9) != 9)
  19332. return WC_TEST_RET_ENC_NC;
  19333. if (XMEMCMP(plainBuff, ctrPlain, 9))
  19334. return WC_TEST_RET_ENC_NC;
  19335. if (XMEMCMP(cipherBuff, ctrCipher, 9))
  19336. return WC_TEST_RET_ENC_NC;
  19337. if (EVP_Cipher(en, (byte*)cipherBuff, (byte*)ctrPlain, 9) != 9)
  19338. return WC_TEST_RET_ENC_NC;
  19339. if (EVP_Cipher(de, (byte*)plainBuff, (byte*)cipherBuff, 9) != 9)
  19340. return WC_TEST_RET_ENC_NC;
  19341. if (XMEMCMP(plainBuff, ctrPlain, 9))
  19342. return WC_TEST_RET_ENC_NC;
  19343. if (XMEMCMP(cipherBuff, oddCipher, 9))
  19344. return WC_TEST_RET_ENC_NC;
  19345. if (wolfSSL_EVP_CIPHER_CTX_cleanup(en) != WOLFSSL_SUCCESS)
  19346. return WC_TEST_RET_ENC_NC;
  19347. if (wolfSSL_EVP_CIPHER_CTX_cleanup(de) != WOLFSSL_SUCCESS)
  19348. return WC_TEST_RET_ENC_NC;
  19349. #endif /* WOLFSSL_AES_128 */
  19350. #ifdef WOLFSSL_AES_192
  19351. EVP_CIPHER_CTX_init(en);
  19352. if (EVP_CipherInit(en, EVP_aes_192_ctr(),
  19353. (unsigned char*)ctr192Key, (unsigned char*)ctr192Iv, 0) == 0)
  19354. return WC_TEST_RET_ENC_NC;
  19355. if (EVP_Cipher(en, (byte*)cipherBuff, (byte*)ctr192Plain,
  19356. AES_BLOCK_SIZE) != AES_BLOCK_SIZE)
  19357. return WC_TEST_RET_ENC_NC;
  19358. EVP_CIPHER_CTX_init(de);
  19359. if (EVP_CipherInit(de, EVP_aes_192_ctr(),
  19360. (unsigned char*)ctr192Key, (unsigned char*)ctr192Iv, 0) == 0)
  19361. return WC_TEST_RET_ENC_NC;
  19362. XMEMSET(plainBuff, 0, sizeof(plainBuff));
  19363. if (EVP_Cipher(de, (byte*)plainBuff, (byte*)cipherBuff,
  19364. AES_BLOCK_SIZE) != AES_BLOCK_SIZE)
  19365. return WC_TEST_RET_ENC_NC;
  19366. if (XMEMCMP(plainBuff, ctr192Plain, sizeof(ctr192Plain)))
  19367. return WC_TEST_RET_ENC_NC;
  19368. if (XMEMCMP(ctr192Cipher, cipherBuff, sizeof(ctr192Cipher)))
  19369. return WC_TEST_RET_ENC_NC;
  19370. if (wolfSSL_EVP_CIPHER_CTX_cleanup(en) != WOLFSSL_SUCCESS)
  19371. return WC_TEST_RET_ENC_NC;
  19372. if (wolfSSL_EVP_CIPHER_CTX_cleanup(de) != WOLFSSL_SUCCESS)
  19373. return WC_TEST_RET_ENC_NC;
  19374. #endif /* WOLFSSL_AES_192 */
  19375. #ifdef WOLFSSL_AES_256
  19376. EVP_CIPHER_CTX_init(en);
  19377. if (EVP_CipherInit(en, EVP_aes_256_ctr(),
  19378. (unsigned char*)ctr256Key, (unsigned char*)ctr256Iv, 0) == 0)
  19379. return WC_TEST_RET_ENC_NC;
  19380. if (EVP_Cipher(en, (byte*)cipherBuff, (byte*)ctr256Plain,
  19381. AES_BLOCK_SIZE) != AES_BLOCK_SIZE)
  19382. return WC_TEST_RET_ENC_NC;
  19383. EVP_CIPHER_CTX_init(de);
  19384. if (EVP_CipherInit(de, EVP_aes_256_ctr(),
  19385. (unsigned char*)ctr256Key, (unsigned char*)ctr256Iv, 0) == 0)
  19386. return WC_TEST_RET_ENC_NC;
  19387. XMEMSET(plainBuff, 0, sizeof(plainBuff));
  19388. if (EVP_Cipher(de, (byte*)plainBuff, (byte*)cipherBuff,
  19389. AES_BLOCK_SIZE) != AES_BLOCK_SIZE)
  19390. return WC_TEST_RET_ENC_NC;
  19391. if (XMEMCMP(plainBuff, ctr256Plain, sizeof(ctr256Plain)))
  19392. return WC_TEST_RET_ENC_NC;
  19393. if (XMEMCMP(ctr256Cipher, cipherBuff, sizeof(ctr256Cipher)))
  19394. return WC_TEST_RET_ENC_NC;
  19395. if (wolfSSL_EVP_CIPHER_CTX_cleanup(en) != WOLFSSL_SUCCESS)
  19396. return WC_TEST_RET_ENC_NC;
  19397. if (wolfSSL_EVP_CIPHER_CTX_cleanup(de) != WOLFSSL_SUCCESS)
  19398. return WC_TEST_RET_ENC_NC;
  19399. #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
  19400. wolfSSL_EVP_CIPHER_CTX_free(en);
  19401. wolfSSL_EVP_CIPHER_CTX_free(de);
  19402. #endif
  19403. #endif /* WOLFSSL_AES_256 */
  19404. }
  19405. #endif /* HAVE_AES_COUNTER */
  19406. #ifndef WOLFSSL_NO_OPENSSL_AES_LOW_LEVEL_API
  19407. #if defined(WOLFSSL_AES_CFB) && defined(WOLFSSL_AES_128)
  19408. {
  19409. #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
  19410. AES_KEY *enc = (AES_KEY *)XMALLOC(sizeof *enc, HEAP_HINT, DYNAMIC_TYPE_AES);
  19411. AES_KEY *dec = (AES_KEY *)XMALLOC(sizeof *dec, HEAP_HINT, DYNAMIC_TYPE_AES);
  19412. #else
  19413. AES_KEY enc[1];
  19414. AES_KEY dec[1];
  19415. #endif
  19416. WOLFSSL_SMALL_STACK_STATIC const byte setIv[] = {
  19417. 0x00,0x01,0x02,0x03,0x04,0x05,0x06,0x07,
  19418. 0x08,0x09,0x0a,0x0b,0x0c,0x0d,0x0e,0x0f
  19419. };
  19420. WOLFSSL_SMALL_STACK_STATIC const byte key[] =
  19421. {
  19422. 0x2b,0x7e,0x15,0x16,0x28,0xae,0xd2,0xa6,
  19423. 0xab,0xf7,0x15,0x88,0x09,0xcf,0x4f,0x3c
  19424. };
  19425. WOLFSSL_SMALL_STACK_STATIC const byte cipher1[] =
  19426. {
  19427. 0x3b,0x3f,0xd9,0x2e,0xb7,0x2d,0xad,0x20,
  19428. 0x33,0x34,0x49,0xf8,0xe8,0x3c,0xfb,0x4a,
  19429. 0xc8,0xa6,0x45,0x37,0xa0,0xb3,0xa9,0x3f,
  19430. 0xcd,0xe3,0xcd,0xad,0x9f,0x1c,0xe5,0x8b
  19431. };
  19432. WOLFSSL_SMALL_STACK_STATIC const byte msg[] =
  19433. {
  19434. 0x6b,0xc1,0xbe,0xe2,0x2e,0x40,0x9f,0x96,
  19435. 0xe9,0x3d,0x7e,0x11,0x73,0x93,0x17,0x2a,
  19436. 0xae,0x2d,0x8a,0x57,0x1e,0x03,0xac,0x9c,
  19437. 0x9e,0xb7,0x6f,0xac,0x45,0xaf,0x8e,0x51
  19438. };
  19439. byte cipher[AES_BLOCK_SIZE * 2];
  19440. byte iv[AES_BLOCK_SIZE]; /* iv buffer is updeated by API */
  19441. int num = 0;
  19442. #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
  19443. if ((enc == NULL) || (dec == NULL))
  19444. return MEMORY_E;
  19445. #endif
  19446. XMEMCPY(iv, setIv, sizeof(setIv));
  19447. wolfSSL_AES_set_encrypt_key(key, sizeof(key) * 8, enc);
  19448. wolfSSL_AES_set_encrypt_key(key, sizeof(key) * 8, dec);
  19449. wolfSSL_AES_cfb128_encrypt(msg, cipher, AES_BLOCK_SIZE - 1, enc, iv,
  19450. &num, AES_ENCRYPT);
  19451. if (XMEMCMP(cipher, cipher1, AES_BLOCK_SIZE - 1))
  19452. return WC_TEST_RET_ENC_NC;
  19453. if (num != 15) /* should have used 15 of the 16 bytes */
  19454. return WC_TEST_RET_ENC_NC;
  19455. wolfSSL_AES_cfb128_encrypt(msg + AES_BLOCK_SIZE - 1,
  19456. cipher + AES_BLOCK_SIZE - 1, AES_BLOCK_SIZE + 1, enc, iv,
  19457. &num, AES_ENCRYPT);
  19458. if (XMEMCMP(cipher, cipher1, AES_BLOCK_SIZE * 2))
  19459. return WC_TEST_RET_ENC_NC;
  19460. if (num != 0)
  19461. return WC_TEST_RET_ENC_NC;
  19462. #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
  19463. XFREE(enc, HEAP_HINT, DYNAMIC_TYPE_AES);
  19464. XFREE(dec, HEAP_HINT, DYNAMIC_TYPE_AES);
  19465. #endif
  19466. }
  19467. #endif /* WOLFSSL_AES_CFB && WOLFSSL_AES_128 */
  19468. #endif /* !WOLFSSL_NO_OPENSSL_AES_LOW_LEVEL_API */
  19469. return 0;
  19470. }
  19471. #endif /* !defined(NO_AES) && !defined(WOLFCRYPT_ONLY) */
  19472. WOLFSSL_TEST_SUBROUTINE wc_test_ret_t openssl_test(void)
  19473. {
  19474. wc_test_ret_t ret;
  19475. EVP_MD_CTX md_ctx;
  19476. testVector a, b, c, d, e, f;
  19477. byte hash[WC_SHA256_DIGEST_SIZE*2]; /* max size */
  19478. a.inLen = 0;
  19479. b.inLen = c.inLen = d.inLen = e.inLen = f.inLen = a.inLen;
  19480. (void)a;
  19481. (void)b;
  19482. (void)c;
  19483. (void)d;
  19484. (void)e;
  19485. (void)f;
  19486. /* test malloc / free , 10 is an arbitrary amount of memory chosen */
  19487. {
  19488. byte* p;
  19489. p = (byte*)CRYPTO_malloc(10, "", 0);
  19490. if (p == NULL) {
  19491. return WC_TEST_RET_ENC_NC;
  19492. }
  19493. XMEMSET(p, 0, 10);
  19494. CRYPTO_free(p, "", 0);
  19495. }
  19496. #ifndef NO_MD5
  19497. a.input = "1234567890123456789012345678901234567890123456789012345678"
  19498. "9012345678901234567890";
  19499. a.output = "\x57\xed\xf4\xa2\x2b\xe3\xc9\x55\xac\x49\xda\x2e\x21\x07\xb6"
  19500. "\x7a";
  19501. a.inLen = XSTRLEN(a.input);
  19502. a.outLen = WC_MD5_DIGEST_SIZE;
  19503. EVP_MD_CTX_init(&md_ctx);
  19504. ret = EVP_DigestInit(&md_ctx, EVP_md5());
  19505. if (ret == WOLFSSL_SUCCESS) {
  19506. ret = EVP_DigestUpdate(&md_ctx, a.input, (unsigned long)a.inLen);
  19507. }
  19508. if (ret == WOLFSSL_SUCCESS) {
  19509. ret = EVP_DigestFinal(&md_ctx, hash, 0);
  19510. }
  19511. EVP_MD_CTX_cleanup(&md_ctx);
  19512. if (ret != WOLFSSL_SUCCESS)
  19513. return WC_TEST_RET_ENC_NC;
  19514. if (XMEMCMP(hash, a.output, WC_MD5_DIGEST_SIZE) != 0)
  19515. return WC_TEST_RET_ENC_NC;
  19516. #endif /* NO_MD5 */
  19517. #ifndef NO_SHA
  19518. b.input = "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
  19519. "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
  19520. "aaaaaaaaaa";
  19521. b.output = "\xAD\x5B\x3F\xDB\xCB\x52\x67\x78\xC2\x83\x9D\x2F\x15\x1E\xA7"
  19522. "\x53\x99\x5E\x26\xA0";
  19523. b.inLen = XSTRLEN(b.input);
  19524. b.outLen = WC_SHA_DIGEST_SIZE;
  19525. EVP_MD_CTX_init(&md_ctx);
  19526. ret = EVP_DigestInit(&md_ctx, EVP_sha1());
  19527. if (ret == WOLFSSL_SUCCESS) {
  19528. ret = EVP_DigestUpdate(&md_ctx, b.input, (unsigned long)b.inLen);
  19529. if (ret == WOLFSSL_SUCCESS)
  19530. ret = EVP_DigestFinal(&md_ctx, hash, 0);
  19531. }
  19532. EVP_MD_CTX_cleanup(&md_ctx);
  19533. if (ret != WOLFSSL_SUCCESS)
  19534. return WC_TEST_RET_ENC_NC;
  19535. if (XMEMCMP(hash, b.output, b.outLen) != 0)
  19536. return WC_TEST_RET_ENC_NC;
  19537. #endif /* NO_SHA */
  19538. #ifdef WOLFSSL_SHA224
  19539. e.input = "abcdefghbcdefghicdefghijdefghijkefghijklfghijklmghijklmnhi"
  19540. "jklmnoijklmnopjklmnopqklmnopqrlmnopqrsmnopqrstnopqrstu";
  19541. e.output = "\xc9\x7c\xa9\xa5\x59\x85\x0c\xe9\x7a\x04\xa9\x6d\xef\x6d\x99"
  19542. "\xa9\xe0\xe0\xe2\xab\x14\xe6\xb8\xdf\x26\x5f\xc0\xb3";
  19543. e.inLen = XSTRLEN(e.input);
  19544. e.outLen = WC_SHA224_DIGEST_SIZE;
  19545. EVP_MD_CTX_init(&md_ctx);
  19546. ret = EVP_DigestInit(&md_ctx, EVP_sha224());
  19547. if (ret == WOLFSSL_SUCCESS) {
  19548. ret = EVP_DigestUpdate(&md_ctx, e.input, (unsigned long)e.inLen);
  19549. if (ret == WOLFSSL_SUCCESS)
  19550. ret = EVP_DigestFinal(&md_ctx, hash, 0);
  19551. }
  19552. EVP_MD_CTX_cleanup(&md_ctx);
  19553. if (ret != WOLFSSL_SUCCESS || XMEMCMP(hash, e.output, e.outLen) != 0) {
  19554. return WC_TEST_RET_ENC_NC;
  19555. }
  19556. #endif /* WOLFSSL_SHA224 */
  19557. #ifndef NO_SHA256
  19558. d.input = "abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq";
  19559. d.output = "\x24\x8D\x6A\x61\xD2\x06\x38\xB8\xE5\xC0\x26\x93\x0C\x3E\x60"
  19560. "\x39\xA3\x3C\xE4\x59\x64\xFF\x21\x67\xF6\xEC\xED\xD4\x19\xDB"
  19561. "\x06\xC1";
  19562. d.inLen = XSTRLEN(d.input);
  19563. d.outLen = WC_SHA256_DIGEST_SIZE;
  19564. EVP_MD_CTX_init(&md_ctx);
  19565. ret = EVP_DigestInit(&md_ctx, EVP_sha256());
  19566. if (ret == WOLFSSL_SUCCESS) {
  19567. ret = EVP_DigestUpdate(&md_ctx, d.input, (unsigned long)d.inLen);
  19568. if (ret == WOLFSSL_SUCCESS)
  19569. ret = EVP_DigestFinal(&md_ctx, hash, 0);
  19570. }
  19571. EVP_MD_CTX_cleanup(&md_ctx);
  19572. if (ret != WOLFSSL_SUCCESS || XMEMCMP(hash, d.output, d.outLen) != 0) {
  19573. return WC_TEST_RET_ENC_NC;
  19574. }
  19575. #endif /* !NO_SHA256 */
  19576. #ifdef WOLFSSL_SHA384
  19577. e.input = "abcdefghbcdefghicdefghijdefghijkefghijklfghijklmghijklmnhi"
  19578. "jklmnoijklmnopjklmnopqklmnopqrlmnopqrsmnopqrstnopqrstu";
  19579. e.output = "\x09\x33\x0c\x33\xf7\x11\x47\xe8\x3d\x19\x2f\xc7\x82\xcd\x1b"
  19580. "\x47\x53\x11\x1b\x17\x3b\x3b\x05\xd2\x2f\xa0\x80\x86\xe3\xb0"
  19581. "\xf7\x12\xfc\xc7\xc7\x1a\x55\x7e\x2d\xb9\x66\xc3\xe9\xfa\x91"
  19582. "\x74\x60\x39";
  19583. e.inLen = XSTRLEN(e.input);
  19584. e.outLen = WC_SHA384_DIGEST_SIZE;
  19585. EVP_MD_CTX_init(&md_ctx);
  19586. ret = EVP_DigestInit(&md_ctx, EVP_sha384());
  19587. if (ret == WOLFSSL_SUCCESS) {
  19588. ret = EVP_DigestUpdate(&md_ctx, e.input, (unsigned long)e.inLen);
  19589. if (ret == WOLFSSL_SUCCESS)
  19590. ret = EVP_DigestFinal(&md_ctx, hash, 0);
  19591. }
  19592. EVP_MD_CTX_cleanup(&md_ctx);
  19593. if (ret != WOLFSSL_SUCCESS || XMEMCMP(hash, e.output, e.outLen) != 0) {
  19594. return WC_TEST_RET_ENC_NC;
  19595. }
  19596. #endif /* WOLFSSL_SHA384 */
  19597. #ifdef WOLFSSL_SHA512
  19598. f.input = "abcdefghbcdefghicdefghijdefghijkefghijklfghijklmghijklmnhi"
  19599. "jklmnoijklmnopjklmnopqklmnopqrlmnopqrsmnopqrstnopqrstu";
  19600. f.output = "\x8e\x95\x9b\x75\xda\xe3\x13\xda\x8c\xf4\xf7\x28\x14\xfc\x14"
  19601. "\x3f\x8f\x77\x79\xc6\xeb\x9f\x7f\xa1\x72\x99\xae\xad\xb6\x88"
  19602. "\x90\x18\x50\x1d\x28\x9e\x49\x00\xf7\xe4\x33\x1b\x99\xde\xc4"
  19603. "\xb5\x43\x3a\xc7\xd3\x29\xee\xb6\xdd\x26\x54\x5e\x96\xe5\x5b"
  19604. "\x87\x4b\xe9\x09";
  19605. f.inLen = XSTRLEN(f.input);
  19606. f.outLen = WC_SHA512_DIGEST_SIZE;
  19607. EVP_MD_CTX_init(&md_ctx);
  19608. ret = EVP_DigestInit(&md_ctx, EVP_sha512());
  19609. if (ret == WOLFSSL_SUCCESS) {
  19610. ret = EVP_DigestUpdate(&md_ctx, f.input, (unsigned long)f.inLen);
  19611. if (ret == WOLFSSL_SUCCESS)
  19612. ret = EVP_DigestFinal(&md_ctx, hash, 0);
  19613. }
  19614. EVP_MD_CTX_cleanup(&md_ctx);
  19615. if (ret != WOLFSSL_SUCCESS || XMEMCMP(hash, f.output, f.outLen) != 0) {
  19616. return WC_TEST_RET_ENC_NC;
  19617. }
  19618. #if !defined(WOLFSSL_NOSHA512_224) && \
  19619. (!defined(HAVE_FIPS) || FIPS_VERSION_GE(5, 3)) && !defined(HAVE_SELFTEST)
  19620. f.input = "abcdefghbcdefghicdefghijdefghijkefghijklfghijklmghijklmnhi"
  19621. "jklmnoijklmnopjklmnopqklmnopqrlmnopqrsmnopqrstnopqrstu";
  19622. f.output = "\x23\xfe\xc5\xbb\x94\xd6\x0b\x23\x30\x81\x92\x64\x0b\x0c\x45"
  19623. "\x33\x35\xd6\x64\x73\x4f\xe4\x0e\x72\x68\x67\x4a\xf9";
  19624. f.inLen = XSTRLEN(f.input);
  19625. f.outLen = WC_SHA512_224_DIGEST_SIZE;
  19626. EVP_MD_CTX_init(&md_ctx);
  19627. ret = EVP_DigestInit(&md_ctx, EVP_sha512_224());
  19628. if (ret == WOLFSSL_SUCCESS) {
  19629. ret = EVP_DigestUpdate(&md_ctx, f.input, (unsigned long)f.inLen);
  19630. if (ret == WOLFSSL_SUCCESS)
  19631. ret = EVP_DigestFinal(&md_ctx, hash, 0);
  19632. }
  19633. EVP_MD_CTX_cleanup(&md_ctx);
  19634. if (ret != WOLFSSL_SUCCESS || XMEMCMP(hash, f.output, f.outLen) != 0) {
  19635. return WC_TEST_RET_ENC_NC;
  19636. }
  19637. #endif /* !WOLFSSL_NOSHA512_224 && !FIPS ... */
  19638. #if !defined(WOLFSSL_NOSHA512_256) && \
  19639. (!defined(HAVE_FIPS) || FIPS_VERSION_GE(5, 3)) && !defined(HAVE_SELFTEST)
  19640. f.input = "abcdefghbcdefghicdefghijdefghijkefghijklfghijklmghijklmnhi"
  19641. "jklmnoijklmnopjklmnopqklmnopqrlmnopqrsmnopqrstnopqrstu";
  19642. f.output = "\x39\x28\xe1\x84\xfb\x86\x90\xf8\x40\xda\x39\x88\x12\x1d\x31"
  19643. "\xbe\x65\xcb\x9d\x3e\xf8\x3e\xe6\x14\x6f\xea\xc8\x61\xe1\x9b"
  19644. "\x56\x3a";
  19645. f.inLen = XSTRLEN(f.input);
  19646. f.outLen = WC_SHA512_256_DIGEST_SIZE;
  19647. EVP_MD_CTX_init(&md_ctx);
  19648. ret = EVP_DigestInit(&md_ctx, EVP_sha512_256());
  19649. if (ret == WOLFSSL_SUCCESS) {
  19650. ret = EVP_DigestUpdate(&md_ctx, f.input, (unsigned long)f.inLen);
  19651. if (ret == WOLFSSL_SUCCESS)
  19652. ret = EVP_DigestFinal(&md_ctx, hash, 0);
  19653. }
  19654. EVP_MD_CTX_cleanup(&md_ctx);
  19655. if (ret != WOLFSSL_SUCCESS || XMEMCMP(hash, f.output, f.outLen) != 0) {
  19656. return WC_TEST_RET_ENC_NC;
  19657. }
  19658. #endif /* !WOLFSSL_NOSHA512_224 && !FIPS ... */
  19659. #endif /* WOLFSSL_SHA512 */
  19660. #ifdef WOLFSSL_SHA3
  19661. #ifndef WOLFSSL_NOSHA3_224
  19662. e.input = "abcdefghbcdefghicdefghijdefghijkefghijklfghijklmghijklmnhi"
  19663. "jklmnoijklmnopjklmnopqklmnopqrlmnopqrsmnopqrstnopqrstu";
  19664. e.output = "\x54\x3e\x68\x68\xe1\x66\x6c\x1a\x64\x36\x30\xdf\x77\x36\x7a"
  19665. "\xe5\xa6\x2a\x85\x07\x0a\x51\xc1\x4c\xbf\x66\x5c\xbc";
  19666. e.inLen = XSTRLEN(e.input);
  19667. e.outLen = WC_SHA3_224_DIGEST_SIZE;
  19668. EVP_MD_CTX_init(&md_ctx);
  19669. ret = EVP_DigestInit(&md_ctx, EVP_sha3_224());
  19670. if (ret == WOLFSSL_SUCCESS) {
  19671. ret = EVP_DigestUpdate(&md_ctx, e.input, (unsigned long)e.inLen);
  19672. if (ret == WOLFSSL_SUCCESS)
  19673. ret = EVP_DigestFinal(&md_ctx, hash, 0);
  19674. }
  19675. EVP_MD_CTX_cleanup(&md_ctx);
  19676. if (ret != WOLFSSL_SUCCESS || XMEMCMP(hash, e.output, e.outLen) != 0) {
  19677. return WC_TEST_RET_ENC_NC;
  19678. }
  19679. #endif /* WOLFSSL_NOSHA3_224 */
  19680. #ifndef WOLFSSL_NOSHA3_256
  19681. d.input = "abcdefghbcdefghicdefghijdefghijkefghijklfghijklmghijklmnhi"
  19682. "jklmnoijklmnopjklmnopqklmnopqrlmnopqrsmnopqrstnopqrstu";
  19683. d.output = "\x91\x6f\x60\x61\xfe\x87\x97\x41\xca\x64\x69\xb4\x39\x71\xdf"
  19684. "\xdb\x28\xb1\xa3\x2d\xc3\x6c\xb3\x25\x4e\x81\x2b\xe2\x7a\xad"
  19685. "\x1d\x18";
  19686. d.inLen = XSTRLEN(d.input);
  19687. d.outLen = WC_SHA3_256_DIGEST_SIZE;
  19688. EVP_MD_CTX_init(&md_ctx);
  19689. ret = EVP_DigestInit(&md_ctx, EVP_sha3_256());
  19690. if (ret == WOLFSSL_SUCCESS) {
  19691. ret = EVP_DigestUpdate(&md_ctx, d.input, (unsigned long)d.inLen);
  19692. if (ret == WOLFSSL_SUCCESS)
  19693. ret = EVP_DigestFinal(&md_ctx, hash, 0);
  19694. }
  19695. EVP_MD_CTX_cleanup(&md_ctx);
  19696. if (ret != WOLFSSL_SUCCESS || XMEMCMP(hash, d.output, d.outLen) != 0) {
  19697. return WC_TEST_RET_ENC_NC;
  19698. }
  19699. #endif /* WOLFSSL_NOSHA3_256 */
  19700. e.input = "abcdefghbcdefghicdefghijdefghijkefghijklfghijklmghijklmnhi"
  19701. "jklmnoijklmnopjklmnopqklmnopqrlmnopqrsmnopqrstnopqrstu";
  19702. e.output = "\x79\x40\x7d\x3b\x59\x16\xb5\x9c\x3e\x30\xb0\x98\x22\x97\x47"
  19703. "\x91\xc3\x13\xfb\x9e\xcc\x84\x9e\x40\x6f\x23\x59\x2d\x04\xf6"
  19704. "\x25\xdc\x8c\x70\x9b\x98\xb4\x3b\x38\x52\xb3\x37\x21\x61\x79"
  19705. "\xaa\x7f\xc7";
  19706. e.inLen = XSTRLEN(e.input);
  19707. e.outLen = WC_SHA3_384_DIGEST_SIZE;
  19708. EVP_MD_CTX_init(&md_ctx);
  19709. ret = EVP_DigestInit(&md_ctx, EVP_sha3_384());
  19710. if (ret == WOLFSSL_SUCCESS) {
  19711. ret = EVP_DigestUpdate(&md_ctx, e.input, (unsigned long)e.inLen);
  19712. if (ret == WOLFSSL_SUCCESS)
  19713. ret = EVP_DigestFinal(&md_ctx, hash, 0);
  19714. }
  19715. EVP_MD_CTX_cleanup(&md_ctx);
  19716. if (ret != WOLFSSL_SUCCESS || XMEMCMP(hash, e.output, e.outLen) != 0) {
  19717. return WC_TEST_RET_ENC_NC;
  19718. }
  19719. #ifndef WOLFSSL_NOSHA3_512
  19720. f.input = "abcdefghbcdefghicdefghijdefghijkefghijklfghijklmghijklmnhi"
  19721. "jklmnoijklmnopjklmnopqklmnopqrlmnopqrsmnopqrstnopqrstu";
  19722. f.output = "\xaf\xeb\xb2\xef\x54\x2e\x65\x79\xc5\x0c\xad\x06\xd2\xe5\x78"
  19723. "\xf9\xf8\xdd\x68\x81\xd7\xdc\x82\x4d\x26\x36\x0f\xee\xbf\x18"
  19724. "\xa4\xfa\x73\xe3\x26\x11\x22\x94\x8e\xfc\xfd\x49\x2e\x74\xe8"
  19725. "\x2e\x21\x89\xed\x0f\xb4\x40\xd1\x87\xf3\x82\x27\x0c\xb4\x55"
  19726. "\xf2\x1d\xd1\x85";
  19727. f.inLen = XSTRLEN(f.input);
  19728. f.outLen = WC_SHA3_512_DIGEST_SIZE;
  19729. EVP_MD_CTX_init(&md_ctx);
  19730. ret = EVP_DigestInit(&md_ctx, EVP_sha3_512());
  19731. if (ret == WOLFSSL_SUCCESS) {
  19732. ret = EVP_DigestUpdate(&md_ctx, f.input, (unsigned long)f.inLen);
  19733. if (ret == WOLFSSL_SUCCESS)
  19734. ret = EVP_DigestFinal(&md_ctx, hash, 0);
  19735. }
  19736. EVP_MD_CTX_cleanup(&md_ctx);
  19737. if (ret != WOLFSSL_SUCCESS ||
  19738. XMEMCMP(hash, f.output, f.outLen) != 0) {
  19739. return WC_TEST_RET_ENC_NC;
  19740. }
  19741. #endif /* WOLFSSL_NOSHA3_512 */
  19742. #endif /* WOLFSSL_SHA3 */
  19743. #ifndef WC_NO_RNG
  19744. if (RAND_bytes(hash, sizeof(hash)) != WOLFSSL_SUCCESS)
  19745. return WC_TEST_RET_ENC_NC;
  19746. #endif
  19747. #ifndef NO_MD5
  19748. c.input = "what do ya want for nothing?";
  19749. c.output = "\x55\x78\xe8\x48\x4b\xcc\x93\x80\x93\xec\x53\xaf\x22\xd6\x14"
  19750. "\x76";
  19751. c.inLen = XSTRLEN(c.input);
  19752. c.outLen = WC_MD5_DIGEST_SIZE;
  19753. #if defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION > 2)
  19754. /* Expect failure with MD5 + HMAC when using FIPS 140-3. */
  19755. if (HMAC(EVP_md5(), "JefeJefeJefeJefe", 16, (byte*)c.input, (int)c.inLen,
  19756. hash, 0) != NULL)
  19757. #else
  19758. if (HMAC(EVP_md5(), "JefeJefeJefeJefe", 16, (byte*)c.input, (int)c.inLen,
  19759. hash, 0) == NULL ||
  19760. XMEMCMP(hash, c.output, c.outLen) != 0)
  19761. #endif
  19762. {
  19763. return WC_TEST_RET_ENC_NC;
  19764. }
  19765. #endif /* NO_MD5 */
  19766. #ifndef NO_DES3
  19767. { /* des test */
  19768. WOLFSSL_SMALL_STACK_STATIC const byte vector[] = { /* "now is the time for all " w/o trailing 0 */
  19769. 0x6e,0x6f,0x77,0x20,0x69,0x73,0x20,0x74,
  19770. 0x68,0x65,0x20,0x74,0x69,0x6d,0x65,0x20,
  19771. 0x66,0x6f,0x72,0x20,0x61,0x6c,0x6c,0x20
  19772. };
  19773. byte plain[24];
  19774. byte cipher[24];
  19775. const_DES_cblock key = {
  19776. 0x01,0x23,0x45,0x67,0x89,0xab,0xcd,0xef
  19777. };
  19778. DES_cblock iv = {
  19779. 0x12,0x34,0x56,0x78,0x90,0xab,0xcd,0xef
  19780. };
  19781. DES_key_schedule sched;
  19782. WOLFSSL_SMALL_STACK_STATIC const byte verify[] = {
  19783. 0x8b,0x7c,0x52,0xb0,0x01,0x2b,0x6c,0xb8,
  19784. 0x4f,0x0f,0xeb,0xf3,0xfb,0x5f,0x86,0x73,
  19785. 0x15,0x85,0xb3,0x22,0x4b,0x86,0x2b,0x4b
  19786. };
  19787. DES_key_sched(&key, &sched);
  19788. DES_cbc_encrypt(vector, cipher, sizeof(vector), &sched, &iv, DES_ENCRYPT);
  19789. DES_cbc_encrypt(cipher, plain, sizeof(vector), &sched, &iv, DES_DECRYPT);
  19790. if (XMEMCMP(plain, vector, sizeof(vector)) != 0)
  19791. return WC_TEST_RET_ENC_NC;
  19792. if (XMEMCMP(cipher, verify, sizeof(verify)) != 0)
  19793. return WC_TEST_RET_ENC_NC;
  19794. /* test changing iv */
  19795. DES_ncbc_encrypt(vector, cipher, 8, &sched, &iv, DES_ENCRYPT);
  19796. DES_ncbc_encrypt(vector + 8, cipher + 8, 16, &sched, &iv, DES_ENCRYPT);
  19797. if (XMEMCMP(cipher, verify, sizeof(verify)) != 0)
  19798. return WC_TEST_RET_ENC_NC;
  19799. } /* end des test */
  19800. #endif /* NO_DES3 */
  19801. #if !defined(NO_AES) && !defined(WOLFCRYPT_ONLY)
  19802. if ((ret = openssl_aes_test()) != 0) {
  19803. return ret;
  19804. }
  19805. #if defined(WOLFSSL_AES_128) && defined(HAVE_AES_CBC)
  19806. { /* evp_cipher test: EVP_aes_128_cbc */
  19807. #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
  19808. EVP_CIPHER_CTX *ctx = wolfSSL_EVP_CIPHER_CTX_new();
  19809. #else
  19810. EVP_CIPHER_CTX ctx[1];
  19811. #endif
  19812. int idx, cipherSz, plainSz;
  19813. WOLFSSL_SMALL_STACK_STATIC const byte msg[] = { /* "Now is the time for all " w/o trailing 0 */
  19814. 0x6e,0x6f,0x77,0x20,0x69,0x73,0x20,0x74,
  19815. 0x68,0x65,0x20,0x74,0x69,0x6d,0x65,0x20,
  19816. 0x66,0x6f,0x72,0x20,0x61,0x6c,0x6c,0x20
  19817. };
  19818. WOLFSSL_SMALL_STACK_STATIC const byte verify[] = {
  19819. 0x95,0x94,0x92,0x57,0x5f,0x42,0x81,0x53,
  19820. 0x2c,0xcc,0x9d,0x46,0x77,0xa2,0x33,0xcb,
  19821. 0x3b,0x5d,0x41,0x97,0x94,0x25,0xa4,0xb4,
  19822. 0xae,0x7b,0x34,0xd0,0x3f,0x0c,0xbc,0x06
  19823. };
  19824. WOLFSSL_SMALL_STACK_STATIC const byte verify2[] = {
  19825. 0x95,0x94,0x92,0x57,0x5f,0x42,0x81,0x53,
  19826. 0x2c,0xcc,0x9d,0x46,0x77,0xa2,0x33,0xcb,
  19827. 0x7d,0x37,0x7b,0x0b,0x44,0xaa,0xb5,0xf0,
  19828. 0x5f,0x34,0xb4,0xde,0xb5,0xbd,0x2a,0xbb
  19829. };
  19830. WOLFSSL_SMALL_STACK_STATIC const byte key[] =
  19831. "0123456789abcdef "; /* align */
  19832. WOLFSSL_SMALL_STACK_STATIC const byte iv[] =
  19833. "1234567890abcdef "; /* align */
  19834. byte cipher[AES_BLOCK_SIZE * 4];
  19835. byte plain [AES_BLOCK_SIZE * 4];
  19836. #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
  19837. if (ctx == NULL)
  19838. return MEMORY_E;
  19839. #endif
  19840. cipherSz = 0;
  19841. EVP_CIPHER_CTX_init(ctx);
  19842. ret = EVP_CipherInit(ctx, EVP_aes_128_cbc(), key, iv, 1);
  19843. if (ret == WOLFSSL_SUCCESS) {
  19844. ret = EVP_CipherUpdate(ctx, cipher, &idx, (byte*)msg, sizeof(msg));
  19845. if (ret == WOLFSSL_SUCCESS)
  19846. cipherSz += idx;
  19847. }
  19848. if (ret == WOLFSSL_SUCCESS) {
  19849. ret = EVP_CipherFinal(ctx, cipher + cipherSz, &idx);
  19850. if (ret == WOLFSSL_SUCCESS)
  19851. cipherSz += idx;
  19852. }
  19853. EVP_CIPHER_CTX_cleanup(ctx);
  19854. if (ret != WOLFSSL_SUCCESS)
  19855. return WC_TEST_RET_ENC_NC;
  19856. if (cipherSz != (int)sizeof(verify) || XMEMCMP(cipher, verify, cipherSz))
  19857. return WC_TEST_RET_ENC_NC;
  19858. /* check partial decrypt (not enough padding for full block) */
  19859. plainSz = 0;
  19860. EVP_CIPHER_CTX_init(ctx);
  19861. ret = EVP_CipherInit(ctx, EVP_aes_128_cbc(), key, iv, 0);
  19862. if (ret == WOLFSSL_SUCCESS) {
  19863. ret = EVP_CipherUpdate(ctx, plain, &idx, cipher, 1);
  19864. if (ret == WOLFSSL_SUCCESS)
  19865. plainSz += idx;
  19866. }
  19867. if (ret == WOLFSSL_SUCCESS) {
  19868. /* this test should fail... not enough padding for full block */
  19869. ret = EVP_CipherFinal(ctx, plain + plainSz, &idx);
  19870. if (plainSz == 0 && ret != WOLFSSL_SUCCESS)
  19871. ret = WOLFSSL_SUCCESS;
  19872. else
  19873. ret = WC_TEST_RET_ENC_NC;
  19874. }
  19875. else
  19876. ret = WC_TEST_RET_ENC_NC;
  19877. EVP_CIPHER_CTX_cleanup(ctx);
  19878. if (ret != WOLFSSL_SUCCESS)
  19879. return ret;
  19880. plainSz = 0;
  19881. EVP_CIPHER_CTX_init(ctx);
  19882. ret = EVP_CipherInit(ctx, EVP_aes_128_cbc(), key, iv, 0);
  19883. if (ret == WOLFSSL_SUCCESS) {
  19884. ret = EVP_CipherUpdate(ctx, plain, &idx, cipher, cipherSz);
  19885. if (ret == WOLFSSL_SUCCESS)
  19886. plainSz += idx;
  19887. }
  19888. if (ret == WOLFSSL_SUCCESS) {
  19889. ret = EVP_CipherFinal(ctx, plain + plainSz, &idx);
  19890. if (ret == WOLFSSL_SUCCESS)
  19891. plainSz += idx;
  19892. }
  19893. EVP_CIPHER_CTX_cleanup(ctx);
  19894. if (ret != WOLFSSL_SUCCESS)
  19895. return WC_TEST_RET_ENC_NC;
  19896. if (plainSz != (int)sizeof(msg) || XMEMCMP(plain, msg, sizeof(msg)))
  19897. return WC_TEST_RET_ENC_NC;
  19898. cipherSz = 0;
  19899. EVP_CIPHER_CTX_init(ctx);
  19900. ret = EVP_CipherInit(ctx, EVP_aes_128_cbc(), key, iv, 1);
  19901. if (ret == WOLFSSL_SUCCESS) {
  19902. ret = EVP_CipherUpdate(ctx, cipher, &idx, msg, AES_BLOCK_SIZE);
  19903. if (ret == WOLFSSL_SUCCESS)
  19904. cipherSz += idx;
  19905. }
  19906. if (ret == WOLFSSL_SUCCESS) {
  19907. ret = EVP_CipherFinal(ctx, cipher + cipherSz, &idx);
  19908. if (ret == WOLFSSL_SUCCESS)
  19909. cipherSz += idx;
  19910. }
  19911. EVP_CIPHER_CTX_cleanup(ctx);
  19912. if (ret != WOLFSSL_SUCCESS)
  19913. return WC_TEST_RET_ENC_NC;
  19914. if (cipherSz != (int)sizeof(verify2) || XMEMCMP(cipher, verify2, cipherSz))
  19915. return WC_TEST_RET_ENC_NC;
  19916. #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
  19917. wolfSSL_EVP_CIPHER_CTX_free(ctx);
  19918. #endif
  19919. } /* end evp_cipher test: EVP_aes_128_cbc*/
  19920. #endif /* WOLFSSL_AES_128 && HAVE_AES_CBC */
  19921. #if defined(HAVE_AES_ECB) && defined(WOLFSSL_AES_256)
  19922. { /* evp_cipher test: EVP_aes_256_ecb*/
  19923. #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
  19924. EVP_CIPHER_CTX *ctx = wolfSSL_EVP_CIPHER_CTX_new();
  19925. #else
  19926. EVP_CIPHER_CTX ctx[1];
  19927. #endif
  19928. WOLFSSL_SMALL_STACK_STATIC const byte msg[] = {
  19929. 0x6b,0xc1,0xbe,0xe2,0x2e,0x40,0x9f,0x96,
  19930. 0xe9,0x3d,0x7e,0x11,0x73,0x93,0x17,0x2a
  19931. };
  19932. WOLFSSL_SMALL_STACK_STATIC const byte verify[] = {
  19933. 0xf3,0xee,0xd1,0xbd,0xb5,0xd2,0xa0,0x3c,
  19934. 0x06,0x4b,0x5a,0x7e,0x3d,0xb1,0x81,0xf8
  19935. };
  19936. WOLFSSL_SMALL_STACK_STATIC const byte key[] = {
  19937. 0x60,0x3d,0xeb,0x10,0x15,0xca,0x71,0xbe,
  19938. 0x2b,0x73,0xae,0xf0,0x85,0x7d,0x77,0x81,
  19939. 0x1f,0x35,0x2c,0x07,0x3b,0x61,0x08,0xd7,
  19940. 0x2d,0x98,0x10,0xa3,0x09,0x14,0xdf,0xf4
  19941. };
  19942. byte cipher[AES_BLOCK_SIZE * 4];
  19943. byte plain [AES_BLOCK_SIZE * 4];
  19944. #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
  19945. if (ctx == NULL)
  19946. return MEMORY_E;
  19947. #endif
  19948. EVP_CIPHER_CTX_init(ctx);
  19949. ret = EVP_CipherInit(ctx, EVP_aes_256_ecb(), (unsigned char*)key, NULL, 1);
  19950. if (ret == WOLFSSL_SUCCESS)
  19951. ret = EVP_Cipher(ctx, cipher, (byte*)msg, 16);
  19952. EVP_CIPHER_CTX_cleanup(ctx);
  19953. if (ret != 16)
  19954. return WC_TEST_RET_ENC_NC;
  19955. if (XMEMCMP(cipher, verify, AES_BLOCK_SIZE))
  19956. return WC_TEST_RET_ENC_NC;
  19957. EVP_CIPHER_CTX_init(ctx);
  19958. ret = EVP_CipherInit(ctx, EVP_aes_256_ecb(), (unsigned char*)key, NULL, 0);
  19959. if (ret == WOLFSSL_SUCCESS)
  19960. ret = EVP_Cipher(ctx, plain, cipher, 16);
  19961. EVP_CIPHER_CTX_cleanup(ctx);
  19962. if (ret != 16)
  19963. return WC_TEST_RET_ENC_NC;
  19964. if (XMEMCMP(plain, msg, AES_BLOCK_SIZE))
  19965. return WC_TEST_RET_ENC_NC;
  19966. #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
  19967. wolfSSL_EVP_CIPHER_CTX_free(ctx);
  19968. #endif
  19969. } /* end evp_cipher test */
  19970. #endif /* HAVE_AES_ECB && WOLFSSL_AES_128 */
  19971. #ifndef WOLFSSL_NO_OPENSSL_AES_LOW_LEVEL_API
  19972. #if defined(WOLFSSL_AES_DIRECT) && defined(WOLFSSL_AES_256)
  19973. /* enable HAVE_AES_DECRYPT for AES_encrypt/decrypt */
  19974. {
  19975. /* Test: AES_encrypt/decrypt/set Key */
  19976. #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
  19977. AES_KEY *enc = (AES_KEY *)XMALLOC(sizeof *enc, HEAP_HINT, DYNAMIC_TYPE_AES);
  19978. #ifdef HAVE_AES_DECRYPT
  19979. AES_KEY *dec = (AES_KEY *)XMALLOC(sizeof *dec, HEAP_HINT, DYNAMIC_TYPE_AES);
  19980. #endif
  19981. #else
  19982. AES_KEY enc[1];
  19983. #ifdef HAVE_AES_DECRYPT
  19984. AES_KEY dec[1];
  19985. #endif
  19986. #endif
  19987. WOLFSSL_SMALL_STACK_STATIC const byte msg[] =
  19988. {
  19989. 0x6b,0xc1,0xbe,0xe2,0x2e,0x40,0x9f,0x96,
  19990. 0xe9,0x3d,0x7e,0x11,0x73,0x93,0x17,0x2a
  19991. };
  19992. WOLFSSL_SMALL_STACK_STATIC const byte verify[] =
  19993. {
  19994. 0xf3,0xee,0xd1,0xbd,0xb5,0xd2,0xa0,0x3c,
  19995. 0x06,0x4b,0x5a,0x7e,0x3d,0xb1,0x81,0xf8
  19996. };
  19997. WOLFSSL_SMALL_STACK_STATIC const byte key[] =
  19998. {
  19999. 0x60,0x3d,0xeb,0x10,0x15,0xca,0x71,0xbe,
  20000. 0x2b,0x73,0xae,0xf0,0x85,0x7d,0x77,0x81,
  20001. 0x1f,0x35,0x2c,0x07,0x3b,0x61,0x08,0xd7,
  20002. 0x2d,0x98,0x10,0xa3,0x09,0x14,0xdf,0xf4
  20003. };
  20004. byte plain[sizeof(msg)];
  20005. byte cipher[sizeof(msg)];
  20006. printf("openSSL extra test\n") ;
  20007. #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
  20008. if (enc == NULL)
  20009. return MEMORY_E;
  20010. #ifdef HAVE_AES_DECRYPT
  20011. if (dec == NULL)
  20012. return MEMORY_E;
  20013. #endif
  20014. #endif
  20015. AES_set_encrypt_key(key, sizeof(key)*8, enc);
  20016. AES_set_decrypt_key(key, sizeof(key)*8, dec);
  20017. AES_encrypt(msg, cipher, enc);
  20018. #ifdef HAVE_AES_DECRYPT
  20019. AES_decrypt(cipher, plain, dec);
  20020. if (XMEMCMP(plain, msg, AES_BLOCK_SIZE))
  20021. return WC_TEST_RET_ENC_NC;
  20022. #endif /* HAVE_AES_DECRYPT */
  20023. if (XMEMCMP(cipher, verify, AES_BLOCK_SIZE))
  20024. return WC_TEST_RET_ENC_NC;
  20025. #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
  20026. XFREE(enc, HEAP_HINT, DYNAMIC_TYPE_AES);
  20027. #ifdef HAVE_AES_DECRYPT
  20028. XFREE(dec, HEAP_HINT, DYNAMIC_TYPE_AES);
  20029. #endif
  20030. #endif
  20031. }
  20032. #endif /* WOLFSSL_AES_DIRECT && WOLFSSL_AES_256 */
  20033. #endif /* !WOLFSSL_NO_OPENSSL_AES_LOW_LEVEL_API */
  20034. /* EVP_Cipher with EVP_aes_xxx_ctr() */
  20035. #ifdef WOLFSSL_AES_COUNTER
  20036. {
  20037. byte plainBuff [64];
  20038. byte cipherBuff[64];
  20039. #ifdef WOLFSSL_AES_128
  20040. WOLFSSL_SMALL_STACK_STATIC const byte ctrKey[] =
  20041. {
  20042. 0x2b,0x7e,0x15,0x16,0x28,0xae,0xd2,0xa6,
  20043. 0xab,0xf7,0x15,0x88,0x09,0xcf,0x4f,0x3c
  20044. };
  20045. WOLFSSL_SMALL_STACK_STATIC const byte ctrIv[] =
  20046. {
  20047. 0xf0,0xf1,0xf2,0xf3,0xf4,0xf5,0xf6,0xf7,
  20048. 0xf8,0xf9,0xfa,0xfb,0xfc,0xfd,0xfe,0xff
  20049. };
  20050. WOLFSSL_SMALL_STACK_STATIC const byte ctrPlain[] =
  20051. {
  20052. 0x6b,0xc1,0xbe,0xe2,0x2e,0x40,0x9f,0x96,
  20053. 0xe9,0x3d,0x7e,0x11,0x73,0x93,0x17,0x2a,
  20054. 0xae,0x2d,0x8a,0x57,0x1e,0x03,0xac,0x9c,
  20055. 0x9e,0xb7,0x6f,0xac,0x45,0xaf,0x8e,0x51,
  20056. 0x30,0xc8,0x1c,0x46,0xa3,0x5c,0xe4,0x11,
  20057. 0xe5,0xfb,0xc1,0x19,0x1a,0x0a,0x52,0xef,
  20058. 0xf6,0x9f,0x24,0x45,0xdf,0x4f,0x9b,0x17,
  20059. 0xad,0x2b,0x41,0x7b,0xe6,0x6c,0x37,0x10
  20060. };
  20061. WOLFSSL_SMALL_STACK_STATIC const byte ctrCipher[] =
  20062. {
  20063. 0x87,0x4d,0x61,0x91,0xb6,0x20,0xe3,0x26,
  20064. 0x1b,0xef,0x68,0x64,0x99,0x0d,0xb6,0xce,
  20065. 0x98,0x06,0xf6,0x6b,0x79,0x70,0xfd,0xff,
  20066. 0x86,0x17,0x18,0x7b,0xb9,0xff,0xfd,0xff,
  20067. 0x5a,0xe4,0xdf,0x3e,0xdb,0xd5,0xd3,0x5e,
  20068. 0x5b,0x4f,0x09,0x02,0x0d,0xb0,0x3e,0xab,
  20069. 0x1e,0x03,0x1d,0xda,0x2f,0xbe,0x03,0xd1,
  20070. 0x79,0x21,0x70,0xa0,0xf3,0x00,0x9c,0xee
  20071. };
  20072. WOLFSSL_SMALL_STACK_STATIC const byte oddCipher[] =
  20073. {
  20074. 0xb9,0xd7,0xcb,0x08,0xb0,0xe1,0x7b,0xa0,
  20075. 0xc2
  20076. };
  20077. #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
  20078. EVP_CIPHER_CTX *p_en;
  20079. EVP_CIPHER_CTX *p_de;
  20080. #endif
  20081. #endif /* WOLFSSL_AES_128 */
  20082. #ifdef WOLFSSL_AES_192
  20083. /* test vector from "Recommendation for Block Cipher Modes of Operation"
  20084. * NIST Special Publication 800-38A */
  20085. WOLFSSL_SMALL_STACK_STATIC const byte ctr192Key[] =
  20086. {
  20087. 0x8e,0x73,0xb0,0xf7,0xda,0x0e,0x64,0x52,
  20088. 0xc8,0x10,0xf3,0x2b,0x80,0x90,0x79,0xe5,
  20089. 0x62,0xf8,0xea,0xd2,0x52,0x2c,0x6b,0x7b
  20090. };
  20091. WOLFSSL_SMALL_STACK_STATIC const byte ctr192Iv[] =
  20092. {
  20093. 0xf0,0xf1,0xf2,0xf3,0xf4,0xf5,0xf6,0xf7,
  20094. 0xf8,0xf9,0xfa,0xfb,0xfc,0xfd,0xfe,0xff
  20095. };
  20096. WOLFSSL_SMALL_STACK_STATIC const byte ctr192Plain[] =
  20097. {
  20098. 0x6b,0xc1,0xbe,0xe2,0x2e,0x40,0x9f,0x96,
  20099. 0xe9,0x3d,0x7e,0x11,0x73,0x93,0x17,0x2a
  20100. };
  20101. WOLFSSL_SMALL_STACK_STATIC const byte ctr192Cipher[] =
  20102. {
  20103. 0x1a,0xbc,0x93,0x24,0x17,0x52,0x1c,0xa2,
  20104. 0x4f,0x2b,0x04,0x59,0xfe,0x7e,0x6e,0x0b
  20105. };
  20106. #endif /* WOLFSSL_AES_192 */
  20107. #ifdef WOLFSSL_AES_256
  20108. /* test vector from "Recommendation for Block Cipher Modes of Operation"
  20109. * NIST Special Publication 800-38A */
  20110. WOLFSSL_SMALL_STACK_STATIC const byte ctr256Key[] =
  20111. {
  20112. 0x60,0x3d,0xeb,0x10,0x15,0xca,0x71,0xbe,
  20113. 0x2b,0x73,0xae,0xf0,0x85,0x7d,0x77,0x81,
  20114. 0x1f,0x35,0x2c,0x07,0x3b,0x61,0x08,0xd7,
  20115. 0x2d,0x98,0x10,0xa3,0x09,0x14,0xdf,0xf4
  20116. };
  20117. WOLFSSL_SMALL_STACK_STATIC const byte ctr256Iv[] =
  20118. {
  20119. 0xf0,0xf1,0xf2,0xf3,0xf4,0xf5,0xf6,0xf7,
  20120. 0xf8,0xf9,0xfa,0xfb,0xfc,0xfd,0xfe,0xff
  20121. };
  20122. WOLFSSL_SMALL_STACK_STATIC const byte ctr256Plain[] =
  20123. {
  20124. 0x6b,0xc1,0xbe,0xe2,0x2e,0x40,0x9f,0x96,
  20125. 0xe9,0x3d,0x7e,0x11,0x73,0x93,0x17,0x2a
  20126. };
  20127. WOLFSSL_SMALL_STACK_STATIC const byte ctr256Cipher[] =
  20128. {
  20129. 0x60,0x1e,0xc3,0x13,0x77,0x57,0x89,0xa5,
  20130. 0xb7,0xa7,0xf5,0x04,0xbb,0xf3,0xd2,0x28
  20131. };
  20132. #endif /* WOLFSSL_AES_256 */
  20133. #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
  20134. EVP_CIPHER_CTX *en = wolfSSL_EVP_CIPHER_CTX_new();
  20135. EVP_CIPHER_CTX *de = wolfSSL_EVP_CIPHER_CTX_new();
  20136. if ((en == NULL) || (de == NULL))
  20137. return MEMORY_E;
  20138. #else
  20139. EVP_CIPHER_CTX en[1];
  20140. EVP_CIPHER_CTX de[1];
  20141. #endif
  20142. #ifdef WOLFSSL_AES_128
  20143. EVP_CIPHER_CTX_init(en);
  20144. if (EVP_CipherInit(en, EVP_aes_128_ctr(),
  20145. (unsigned char*)ctrKey, (unsigned char*)ctrIv, 0) == 0)
  20146. return WC_TEST_RET_ENC_NC;
  20147. if (EVP_Cipher(en, (byte*)cipherBuff, (byte*)ctrPlain,
  20148. AES_BLOCK_SIZE*4) != AES_BLOCK_SIZE*4)
  20149. return WC_TEST_RET_ENC_NC;
  20150. EVP_CIPHER_CTX_init(de);
  20151. if (EVP_CipherInit(de, EVP_aes_128_ctr(),
  20152. (unsigned char*)ctrKey, (unsigned char*)ctrIv, 0) == 0)
  20153. return WC_TEST_RET_ENC_NC;
  20154. if (EVP_Cipher(de, (byte*)plainBuff, (byte*)cipherBuff,
  20155. AES_BLOCK_SIZE*4) != AES_BLOCK_SIZE*4)
  20156. return WC_TEST_RET_ENC_NC;
  20157. if (XMEMCMP(cipherBuff, ctrCipher, AES_BLOCK_SIZE*4))
  20158. return WC_TEST_RET_ENC_NC;
  20159. if (XMEMCMP(plainBuff, ctrPlain, AES_BLOCK_SIZE*4))
  20160. return WC_TEST_RET_ENC_NC;
  20161. EVP_CIPHER_CTX_cleanup(en);
  20162. EVP_CIPHER_CTX_cleanup(de);
  20163. #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
  20164. p_en = wolfSSL_EVP_CIPHER_CTX_new();
  20165. if (p_en == NULL)
  20166. return WC_TEST_RET_ENC_ERRNO;
  20167. p_de = wolfSSL_EVP_CIPHER_CTX_new();
  20168. if (p_de == NULL)
  20169. return WC_TEST_RET_ENC_ERRNO;
  20170. if (EVP_CipherInit(p_en, EVP_aes_128_ctr(),
  20171. (unsigned char*)ctrKey, (unsigned char*)ctrIv, 0) == 0)
  20172. return WC_TEST_RET_ENC_NC;
  20173. if (EVP_Cipher(p_en, (byte*)cipherBuff, (byte*)ctrPlain,
  20174. AES_BLOCK_SIZE*4) != AES_BLOCK_SIZE*4)
  20175. return WC_TEST_RET_ENC_NC;
  20176. if (EVP_CipherInit(p_de, EVP_aes_128_ctr(),
  20177. (unsigned char*)ctrKey, (unsigned char*)ctrIv, 0) == 0)
  20178. return WC_TEST_RET_ENC_NC;
  20179. if (EVP_Cipher(p_de, (byte*)plainBuff, (byte*)cipherBuff,
  20180. AES_BLOCK_SIZE*4) != AES_BLOCK_SIZE*4)
  20181. return WC_TEST_RET_ENC_NC;
  20182. EVP_CIPHER_CTX_cleanup(p_en);
  20183. EVP_CIPHER_CTX_cleanup(p_de);
  20184. wolfSSL_EVP_CIPHER_CTX_free(p_en);
  20185. wolfSSL_EVP_CIPHER_CTX_free(p_de);
  20186. #endif /* WOLFSSL_SMALL_STACK && !WOLFSSL_NO_MALLOC */
  20187. if (XMEMCMP(cipherBuff, ctrCipher, AES_BLOCK_SIZE*4))
  20188. return WC_TEST_RET_ENC_NC;
  20189. if (XMEMCMP(plainBuff, ctrPlain, AES_BLOCK_SIZE*4))
  20190. return WC_TEST_RET_ENC_NC;
  20191. EVP_CIPHER_CTX_init(en);
  20192. if (EVP_CipherInit(en, EVP_aes_128_ctr(),
  20193. (unsigned char*)ctrKey, (unsigned char*)ctrIv, 0) == 0)
  20194. return WC_TEST_RET_ENC_NC;
  20195. if (EVP_Cipher(en, (byte*)cipherBuff, (byte*)ctrPlain, 9) != 9)
  20196. return WC_TEST_RET_ENC_NC;
  20197. EVP_CIPHER_CTX_init(de);
  20198. if (EVP_CipherInit(de, EVP_aes_128_ctr(),
  20199. (unsigned char*)ctrKey, (unsigned char*)ctrIv, 0) == 0)
  20200. return WC_TEST_RET_ENC_NC;
  20201. if (EVP_Cipher(de, (byte*)plainBuff, (byte*)cipherBuff, 9) != 9)
  20202. return WC_TEST_RET_ENC_NC;
  20203. if (XMEMCMP(plainBuff, ctrPlain, 9))
  20204. return WC_TEST_RET_ENC_NC;
  20205. if (XMEMCMP(cipherBuff, ctrCipher, 9))
  20206. return WC_TEST_RET_ENC_NC;
  20207. if (EVP_Cipher(en, (byte*)cipherBuff, (byte*)ctrPlain, 9) != 9)
  20208. return WC_TEST_RET_ENC_NC;
  20209. if (EVP_Cipher(de, (byte*)plainBuff, (byte*)cipherBuff, 9) != 9)
  20210. return WC_TEST_RET_ENC_NC;
  20211. if (XMEMCMP(plainBuff, ctrPlain, 9))
  20212. return WC_TEST_RET_ENC_NC;
  20213. if (XMEMCMP(cipherBuff, oddCipher, 9))
  20214. return WC_TEST_RET_ENC_NC;
  20215. EVP_CIPHER_CTX_cleanup(en);
  20216. EVP_CIPHER_CTX_cleanup(de);
  20217. #endif /* WOLFSSL_AES_128 */
  20218. #ifdef WOLFSSL_AES_192
  20219. EVP_CIPHER_CTX_init(en);
  20220. if (EVP_CipherInit(en, EVP_aes_192_ctr(),
  20221. (unsigned char*)ctr192Key, (unsigned char*)ctr192Iv, 0) == 0)
  20222. return WC_TEST_RET_ENC_NC;
  20223. if (EVP_Cipher(en, (byte*)cipherBuff, (byte*)ctr192Plain,
  20224. AES_BLOCK_SIZE) != AES_BLOCK_SIZE)
  20225. return WC_TEST_RET_ENC_NC;
  20226. EVP_CIPHER_CTX_init(de);
  20227. if (EVP_CipherInit(de, EVP_aes_192_ctr(),
  20228. (unsigned char*)ctr192Key, (unsigned char*)ctr192Iv, 0) == 0)
  20229. return WC_TEST_RET_ENC_NC;
  20230. XMEMSET(plainBuff, 0, sizeof(plainBuff));
  20231. if (EVP_Cipher(de, (byte*)plainBuff, (byte*)cipherBuff,
  20232. AES_BLOCK_SIZE) != AES_BLOCK_SIZE)
  20233. return WC_TEST_RET_ENC_NC;
  20234. if (XMEMCMP(plainBuff, ctr192Plain, sizeof(ctr192Plain)))
  20235. return WC_TEST_RET_ENC_NC;
  20236. if (XMEMCMP(ctr192Cipher, cipherBuff, sizeof(ctr192Cipher)))
  20237. return WC_TEST_RET_ENC_NC;
  20238. EVP_CIPHER_CTX_cleanup(en);
  20239. EVP_CIPHER_CTX_cleanup(de);
  20240. #endif /* WOLFSSL_AES_192 */
  20241. #ifdef WOLFSSL_AES_256
  20242. EVP_CIPHER_CTX_init(en);
  20243. if (EVP_CipherInit(en, EVP_aes_256_ctr(),
  20244. (unsigned char*)ctr256Key, (unsigned char*)ctr256Iv, 0) == 0)
  20245. return WC_TEST_RET_ENC_NC;
  20246. if (EVP_Cipher(en, (byte*)cipherBuff, (byte*)ctr256Plain,
  20247. AES_BLOCK_SIZE) != AES_BLOCK_SIZE)
  20248. return WC_TEST_RET_ENC_NC;
  20249. EVP_CIPHER_CTX_init(de);
  20250. if (EVP_CipherInit(de, EVP_aes_256_ctr(),
  20251. (unsigned char*)ctr256Key, (unsigned char*)ctr256Iv, 0) == 0)
  20252. return WC_TEST_RET_ENC_NC;
  20253. XMEMSET(plainBuff, 0, sizeof(plainBuff));
  20254. if (EVP_Cipher(de, (byte*)plainBuff, (byte*)cipherBuff,
  20255. AES_BLOCK_SIZE) != AES_BLOCK_SIZE)
  20256. return WC_TEST_RET_ENC_NC;
  20257. if (XMEMCMP(plainBuff, ctr256Plain, sizeof(ctr256Plain)))
  20258. return WC_TEST_RET_ENC_NC;
  20259. if (XMEMCMP(ctr256Cipher, cipherBuff, sizeof(ctr256Cipher)))
  20260. return WC_TEST_RET_ENC_NC;
  20261. EVP_CIPHER_CTX_cleanup(en);
  20262. EVP_CIPHER_CTX_cleanup(de);
  20263. #endif /* WOLFSSL_AES_256 */
  20264. #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
  20265. wolfSSL_EVP_CIPHER_CTX_free(en);
  20266. wolfSSL_EVP_CIPHER_CTX_free(de);
  20267. #endif
  20268. }
  20269. #endif /* HAVE_AES_COUNTER */
  20270. #if defined(HAVE_AES_CBC) && defined(WOLFSSL_AES_128)
  20271. {
  20272. /* EVP_CipherUpdate test */
  20273. WOLFSSL_SMALL_STACK_STATIC const byte cbcPlain[] =
  20274. {
  20275. 0x6b,0xc1,0xbe,0xe2,0x2e,0x40,0x9f,0x96,
  20276. 0xe9,0x3d,0x7e,0x11,0x73,0x93,0x17,0x2a,
  20277. 0xae,0x2d,0x8a,0x57,0x1e,0x03,0xac,0x9c,
  20278. 0x9e,0xb7,0x6f,0xac,0x45,0xaf,0x8e,0x51,
  20279. 0x30,0xc8,0x1c,0x46,0xa3,0x5c,0xe4,0x11,
  20280. 0xe5,0xfb,0xc1,0x19,0x1a,0x0a,0x52,0xef,
  20281. 0xf6,0x9f,0x24,0x45,0xdf,0x4f,0x9b,0x17,
  20282. 0xad,0x2b,0x41,0x7b,0xe6,0x6c,0x37,0x10
  20283. };
  20284. byte key[] = "0123456789abcdef "; /* align */
  20285. byte iv[] = "1234567890abcdef "; /* align */
  20286. byte cipher[AES_BLOCK_SIZE * 4];
  20287. byte plain [AES_BLOCK_SIZE * 4];
  20288. #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
  20289. EVP_CIPHER_CTX *en = wolfSSL_EVP_CIPHER_CTX_new();
  20290. EVP_CIPHER_CTX *de = wolfSSL_EVP_CIPHER_CTX_new();
  20291. #else
  20292. EVP_CIPHER_CTX en[1];
  20293. EVP_CIPHER_CTX de[1];
  20294. #endif
  20295. int outlen ;
  20296. int total = 0;
  20297. #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
  20298. if ((en == NULL) || (de == NULL))
  20299. return MEMORY_E;
  20300. #endif
  20301. EVP_CIPHER_CTX_init(en);
  20302. if (EVP_CipherInit(en, EVP_aes_128_cbc(),
  20303. (unsigned char*)key, (unsigned char*)iv, 1) == 0)
  20304. return WC_TEST_RET_ENC_NC;
  20305. /* openSSL compatibility, if(inlen == 0)return 1; */
  20306. if (EVP_CipherUpdate(en, (byte*)cipher, &outlen,
  20307. (byte*)cbcPlain, 0) != 1)
  20308. return WC_TEST_RET_ENC_NC;
  20309. if (wolfSSL_EVP_CIPHER_CTX_cleanup(en) != WOLFSSL_SUCCESS)
  20310. return WC_TEST_RET_ENC_NC;
  20311. EVP_CIPHER_CTX_init(en);
  20312. if (EVP_CipherInit(en, EVP_aes_128_cbc(),
  20313. (unsigned char*)key, (unsigned char*)iv, 1) == 0)
  20314. return WC_TEST_RET_ENC_NC;
  20315. if (EVP_CipherUpdate(en, (byte*)cipher, &outlen,
  20316. (byte*)cbcPlain, 9) == 0)
  20317. return WC_TEST_RET_ENC_NC;
  20318. if(outlen != 0)
  20319. return WC_TEST_RET_ENC_NC;
  20320. total += outlen;
  20321. if (EVP_CipherUpdate(en, (byte*)&cipher[total], &outlen,
  20322. (byte*)&cbcPlain[9] , 9) == 0)
  20323. return WC_TEST_RET_ENC_NC;
  20324. if(outlen != 16)
  20325. return WC_TEST_RET_ENC_NC;
  20326. total += outlen;
  20327. if (EVP_CipherFinal(en, (byte*)&cipher[total], &outlen) == 0)
  20328. return WC_TEST_RET_ENC_NC;
  20329. if(outlen != 16)
  20330. return WC_TEST_RET_ENC_NC;
  20331. total += outlen;
  20332. if(total != 32)
  20333. return WC_TEST_RET_ENC_NC;
  20334. total = 0;
  20335. EVP_CIPHER_CTX_init(de);
  20336. if (EVP_CipherInit(de, EVP_aes_128_cbc(),
  20337. (unsigned char*)key, (unsigned char*)iv, 0) == 0)
  20338. return WC_TEST_RET_ENC_NC;
  20339. if (EVP_CipherUpdate(de, (byte*)plain, &outlen, (byte*)cipher, 6) == 0)
  20340. return WC_TEST_RET_ENC_NC;
  20341. if(outlen != 0)
  20342. return WC_TEST_RET_ENC_NC;
  20343. total += outlen;
  20344. if (EVP_CipherUpdate(de, (byte*)&plain[total], &outlen,
  20345. (byte*)&cipher[6], 12) == 0)
  20346. return WC_TEST_RET_ENC_NC;
  20347. if(outlen != 0)
  20348. total += outlen;
  20349. if (EVP_CipherUpdate(de, (byte*)&plain[total], &outlen,
  20350. (byte*)&cipher[6+12], 14) == 0)
  20351. return WC_TEST_RET_ENC_NC;
  20352. if(outlen != 16)
  20353. return WC_TEST_RET_ENC_NC;
  20354. total += outlen;
  20355. if (EVP_CipherFinal(de, (byte*)&plain[total], &outlen) == 0)
  20356. return WC_TEST_RET_ENC_NC;
  20357. if(outlen != 2)
  20358. return WC_TEST_RET_ENC_NC;
  20359. total += outlen;
  20360. if(total != 18)
  20361. return WC_TEST_RET_ENC_NC;
  20362. if (XMEMCMP(plain, cbcPlain, 18))
  20363. return WC_TEST_RET_ENC_NC;
  20364. total = 0;
  20365. if (wolfSSL_EVP_CIPHER_CTX_cleanup(en) != WOLFSSL_SUCCESS)
  20366. return WC_TEST_RET_ENC_NC;
  20367. EVP_CIPHER_CTX_init(en);
  20368. if (EVP_EncryptInit(en, EVP_aes_128_cbc(),
  20369. (unsigned char*)key, (unsigned char*)iv) == 0)
  20370. return WC_TEST_RET_ENC_NC;
  20371. if (EVP_CipherUpdate(en, (byte*)cipher, &outlen, (byte*)cbcPlain, 9) == 0)
  20372. return WC_TEST_RET_ENC_NC;
  20373. if(outlen != 0)
  20374. return WC_TEST_RET_ENC_NC;
  20375. total += outlen;
  20376. if (EVP_CipherUpdate(en, (byte*)&cipher[total], &outlen, (byte*)&cbcPlain[9] , 9) == 0)
  20377. return WC_TEST_RET_ENC_NC;
  20378. if(outlen != 16)
  20379. return WC_TEST_RET_ENC_NC;
  20380. total += outlen;
  20381. if (EVP_EncryptFinal(en, (byte*)&cipher[total], &outlen) == 0)
  20382. return WC_TEST_RET_ENC_NC;
  20383. if(outlen != 16)
  20384. return WC_TEST_RET_ENC_NC;
  20385. total += outlen;
  20386. if(total != 32)
  20387. return 3438;
  20388. total = 0;
  20389. if (wolfSSL_EVP_CIPHER_CTX_cleanup(de) != WOLFSSL_SUCCESS)
  20390. return WC_TEST_RET_ENC_NC;
  20391. EVP_CIPHER_CTX_init(de);
  20392. if (EVP_DecryptInit(de, EVP_aes_128_cbc(),
  20393. (unsigned char*)key, (unsigned char*)iv) == 0)
  20394. return WC_TEST_RET_ENC_NC;
  20395. if (EVP_CipherUpdate(de, (byte*)plain, &outlen, (byte*)cipher, 6) == 0)
  20396. return WC_TEST_RET_ENC_NC;
  20397. if(outlen != 0)
  20398. return WC_TEST_RET_ENC_NC;
  20399. total += outlen;
  20400. if (EVP_CipherUpdate(de, (byte*)&plain[total], &outlen, (byte*)&cipher[6], 12) == 0)
  20401. return WC_TEST_RET_ENC_NC;
  20402. if(outlen != 0)
  20403. total += outlen;
  20404. if (EVP_CipherUpdate(de, (byte*)&plain[total], &outlen, (byte*)&cipher[6+12], 14) == 0)
  20405. return WC_TEST_RET_ENC_NC;
  20406. if(outlen != 16)
  20407. return WC_TEST_RET_ENC_NC;
  20408. total += outlen;
  20409. if (EVP_DecryptFinal(de, (byte*)&plain[total], &outlen) == 0)
  20410. return WC_TEST_RET_ENC_NC;
  20411. if(outlen != 2)
  20412. return WC_TEST_RET_ENC_NC;
  20413. total += outlen;
  20414. if(total != 18)
  20415. return 3447;
  20416. if (XMEMCMP(plain, cbcPlain, 18))
  20417. return WC_TEST_RET_ENC_NC;
  20418. if (EVP_CIPHER_key_length(NULL) != 0)
  20419. return WC_TEST_RET_ENC_NC;
  20420. if (EVP_CIPHER_key_length(EVP_aes_128_cbc()) != 16)
  20421. return WC_TEST_RET_ENC_NC;
  20422. if (EVP_CIPHER_CTX_mode(NULL) != 0)
  20423. return WC_TEST_RET_ENC_NC;
  20424. if (EVP_CIPHER_CTX_mode(en) != (en->flags & WOLFSSL_EVP_CIPH_MODE))
  20425. return WC_TEST_RET_ENC_NC;
  20426. if (wolfSSL_EVP_CIPHER_CTX_cleanup(en) != WOLFSSL_SUCCESS)
  20427. return WC_TEST_RET_ENC_NC;
  20428. EVP_CIPHER_CTX_init(en);
  20429. if (EVP_CipherInit_ex(en, EVP_aes_128_cbc(), NULL,
  20430. (unsigned char*)key, (unsigned char*)iv, 0) == 0)
  20431. return WC_TEST_RET_ENC_NC;
  20432. if (wolfSSL_EVP_CIPHER_CTX_cleanup(en) != WOLFSSL_SUCCESS)
  20433. return WC_TEST_RET_ENC_NC;
  20434. EVP_CIPHER_CTX_init(en);
  20435. if (EVP_EncryptInit_ex(en, EVP_aes_128_cbc(), NULL,
  20436. (unsigned char*)key, (unsigned char*)iv) == 0)
  20437. return WC_TEST_RET_ENC_NC;
  20438. if (wolfSSL_EVP_EncryptFinal_ex(NULL, NULL, NULL) != WOLFSSL_FAILURE)
  20439. return WC_TEST_RET_ENC_NC;
  20440. if (wolfSSL_EVP_EncryptFinal(NULL, NULL, NULL) != WOLFSSL_FAILURE)
  20441. return WC_TEST_RET_ENC_NC;
  20442. if (wolfSSL_EVP_CIPHER_CTX_cleanup(de) != WOLFSSL_SUCCESS)
  20443. return WC_TEST_RET_ENC_NC;
  20444. if (wolfSSL_EVP_CIPHER_CTX_cleanup(de) != WOLFSSL_SUCCESS)
  20445. return WC_TEST_RET_ENC_NC;
  20446. EVP_CIPHER_CTX_init(de);
  20447. if (EVP_DecryptInit_ex(de, EVP_aes_128_cbc(), NULL,
  20448. (unsigned char*)key, (unsigned char*)iv) == 0)
  20449. return WC_TEST_RET_ENC_NC;
  20450. if (wolfSSL_EVP_DecryptFinal(NULL, NULL, NULL) != WOLFSSL_FAILURE)
  20451. return WC_TEST_RET_ENC_NC;
  20452. if (wolfSSL_EVP_DecryptFinal_ex(NULL, NULL, NULL) != WOLFSSL_FAILURE)
  20453. return WC_TEST_RET_ENC_NC;
  20454. if (EVP_CIPHER_CTX_block_size(NULL) != BAD_FUNC_ARG)
  20455. return WC_TEST_RET_ENC_NC;
  20456. if (wolfSSL_EVP_CIPHER_CTX_cleanup(en) != WOLFSSL_SUCCESS)
  20457. return WC_TEST_RET_ENC_NC;
  20458. EVP_CIPHER_CTX_init(en);
  20459. EVP_EncryptInit_ex(en, EVP_aes_128_cbc(), NULL,
  20460. (unsigned char*)key, (unsigned char*)iv);
  20461. if (EVP_CIPHER_CTX_block_size(en) != en->block_size)
  20462. return WC_TEST_RET_ENC_NC;
  20463. if (EVP_CIPHER_block_size(NULL) != BAD_FUNC_ARG)
  20464. return WC_TEST_RET_ENC_NC;
  20465. if (EVP_CIPHER_block_size(EVP_aes_128_cbc()) != AES_BLOCK_SIZE)
  20466. return WC_TEST_RET_ENC_NC;
  20467. if (WOLFSSL_EVP_CIPHER_mode(NULL) != 0)
  20468. return WC_TEST_RET_ENC_NC;
  20469. if (EVP_CIPHER_flags(EVP_aes_128_cbc()) != WOLFSSL_EVP_CIPH_CBC_MODE)
  20470. return WC_TEST_RET_ENC_NC;
  20471. EVP_CIPHER_CTX_clear_flags(en, 0xFFFFFFFF);
  20472. EVP_CIPHER_CTX_set_flags(en, 42);
  20473. if (en->flags != 42)
  20474. return WC_TEST_RET_ENC_NC;
  20475. if (EVP_CIPHER_CTX_set_padding(NULL, 0) != BAD_FUNC_ARG)
  20476. return WC_TEST_RET_ENC_NC;
  20477. if (EVP_CIPHER_CTX_set_padding(en, 0) != WOLFSSL_SUCCESS)
  20478. return WC_TEST_RET_ENC_NC;
  20479. if (EVP_CIPHER_CTX_set_padding(en, 1) != WOLFSSL_SUCCESS)
  20480. return WC_TEST_RET_ENC_NC;
  20481. if (wolfSSL_EVP_CIPHER_CTX_cleanup(en) != WOLFSSL_SUCCESS)
  20482. return WC_TEST_RET_ENC_NC;
  20483. if (wolfSSL_EVP_CIPHER_CTX_cleanup(de) != WOLFSSL_SUCCESS)
  20484. return WC_TEST_RET_ENC_NC;
  20485. #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
  20486. wolfSSL_EVP_CIPHER_CTX_free(en);
  20487. wolfSSL_EVP_CIPHER_CTX_free(de);
  20488. #endif
  20489. }
  20490. #endif /* WOLFSSL_AES_128 && HAVE_AES_CBC */
  20491. #endif /* ifndef NO_AES */
  20492. return 0;
  20493. }
  20494. WOLFSSL_TEST_SUBROUTINE wc_test_ret_t openSSL_evpMD_test(void)
  20495. {
  20496. wc_test_ret_t ret = 0;
  20497. #if !defined(NO_SHA256) && !defined(NO_SHA)
  20498. WOLFSSL_EVP_MD_CTX* ctx;
  20499. WOLFSSL_EVP_MD_CTX* ctx2;
  20500. ctx = EVP_MD_CTX_create();
  20501. ctx2 = EVP_MD_CTX_create();
  20502. ret = EVP_DigestInit(ctx, EVP_sha256());
  20503. if (ret != SSL_SUCCESS) {
  20504. ret = WC_TEST_RET_ENC_NC;
  20505. goto openSSL_evpMD_test_done;
  20506. }
  20507. ret = EVP_MD_CTX_copy(ctx2, ctx);
  20508. if (ret != SSL_SUCCESS) {
  20509. ret = WC_TEST_RET_ENC_NC;
  20510. goto openSSL_evpMD_test_done;
  20511. }
  20512. if (EVP_MD_type(EVP_sha256()) != EVP_MD_CTX_type(ctx2)) {
  20513. ret = WC_TEST_RET_ENC_NC;
  20514. goto openSSL_evpMD_test_done;
  20515. }
  20516. ret = EVP_DigestInit(ctx, EVP_sha1());
  20517. if (ret != SSL_SUCCESS) {
  20518. ret = WC_TEST_RET_ENC_NC;
  20519. goto openSSL_evpMD_test_done;
  20520. }
  20521. if (EVP_MD_type(EVP_sha256()) != EVP_MD_CTX_type(ctx2)) {
  20522. ret = WC_TEST_RET_ENC_NC;
  20523. goto openSSL_evpMD_test_done;
  20524. }
  20525. ret = EVP_MD_CTX_copy_ex(ctx2, ctx);
  20526. if (ret != SSL_SUCCESS) {
  20527. ret = WC_TEST_RET_ENC_NC;
  20528. goto openSSL_evpMD_test_done;
  20529. }
  20530. if (EVP_MD_type(EVP_sha256()) == EVP_MD_CTX_type(ctx2)) {
  20531. ret = WC_TEST_RET_ENC_NC;
  20532. goto openSSL_evpMD_test_done;
  20533. }
  20534. if (EVP_MD_type(EVP_sha1()) != EVP_MD_CTX_type(ctx2)) {
  20535. ret = WC_TEST_RET_ENC_NC;
  20536. goto openSSL_evpMD_test_done;
  20537. }
  20538. if (EVP_DigestInit_ex(ctx, EVP_sha1(), NULL) != SSL_SUCCESS) {
  20539. ret = WC_TEST_RET_ENC_NC;
  20540. goto openSSL_evpMD_test_done;
  20541. }
  20542. if (EVP_add_digest(NULL) != 0) {
  20543. ret = WC_TEST_RET_ENC_NC;
  20544. goto openSSL_evpMD_test_done;
  20545. }
  20546. if (wolfSSL_EVP_add_cipher(NULL) != 0) {
  20547. ret = WC_TEST_RET_ENC_NC;
  20548. goto openSSL_evpMD_test_done;
  20549. }
  20550. ret = 0; /* got to success state without jumping to end with a fail */
  20551. openSSL_evpMD_test_done:
  20552. EVP_MD_CTX_destroy(ctx);
  20553. EVP_MD_CTX_destroy(ctx2);
  20554. #endif /* NO_SHA256 */
  20555. return ret;
  20556. }
  20557. #ifdef DEBUG_SIGN
  20558. static void show(const char *title, const char *p, unsigned int s) {
  20559. char* i;
  20560. printf("%s: ", title);
  20561. for (i = p;
  20562. i < p + s;
  20563. printf("%c", *i), i++);
  20564. printf("\n");
  20565. }
  20566. #else
  20567. #define show(a,b,c) WC_DO_NOTHING
  20568. #endif
  20569. #define FOURK_BUFF 4096
  20570. WOLFSSL_TEST_SUBROUTINE wc_test_ret_t openssl_pkey0_test(void)
  20571. {
  20572. wc_test_ret_t ret = 0;
  20573. #if !defined(NO_RSA) && !defined(NO_SHA)
  20574. byte* prvTmp;
  20575. byte* pubTmp;
  20576. int prvBytes;
  20577. int pubBytes;
  20578. RSA *prvRsa = NULL;
  20579. RSA *pubRsa = NULL;
  20580. EVP_PKEY *prvPkey = NULL;
  20581. EVP_PKEY *pubPkey = NULL;
  20582. EVP_PKEY_CTX *enc = NULL;
  20583. EVP_PKEY_CTX *dec = NULL;
  20584. byte in[] = TEST_STRING;
  20585. byte out[256];
  20586. size_t outlen;
  20587. size_t keySz;
  20588. byte plain[256];
  20589. #if !defined(USE_CERT_BUFFERS_1024) && !defined(USE_CERT_BUFFERS_2048)
  20590. XFILE keyFile;
  20591. XFILE keypubFile;
  20592. char cliKey[] = "./certs/client-key.der";
  20593. char cliKeypub[] = "./certs/client-keyPub.der";
  20594. #endif
  20595. prvTmp = (byte*)XMALLOC(FOURK_BUFF, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  20596. if (prvTmp == NULL)
  20597. return WC_TEST_RET_ENC_ERRNO;
  20598. pubTmp = (byte*)XMALLOC(FOURK_BUFF, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  20599. if (pubTmp == NULL) {
  20600. XFREE(prvTmp, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  20601. return WC_TEST_RET_ENC_NC;
  20602. }
  20603. #ifdef USE_CERT_BUFFERS_1024
  20604. XMEMCPY(prvTmp, client_key_der_1024, sizeof_client_key_der_1024);
  20605. prvBytes = sizeof_client_key_der_1024;
  20606. XMEMCPY(pubTmp, client_keypub_der_1024, sizeof_client_keypub_der_1024);
  20607. pubBytes = sizeof_client_keypub_der_1024;
  20608. #elif defined(USE_CERT_BUFFERS_2048)
  20609. XMEMCPY(prvTmp, client_key_der_2048, sizeof_client_key_der_2048);
  20610. prvBytes = sizeof_client_key_der_2048;
  20611. XMEMCPY(pubTmp, client_keypub_der_2048, sizeof_client_keypub_der_2048);
  20612. pubBytes = sizeof_client_keypub_der_2048;
  20613. #else
  20614. keyFile = XFOPEN(cliKey, "rb");
  20615. if (!keyFile) {
  20616. XFREE(prvTmp, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  20617. XFREE(pubTmp, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  20618. err_sys("can't open ./certs/client-key.der, "
  20619. "Please run from wolfSSL home dir", WC_TEST_RET_ENC_ERRNO);
  20620. return WC_TEST_RET_ENC_ERRNO;
  20621. }
  20622. prvBytes = (int)XFREAD(prvTmp, 1, (int)FOURK_BUFF, keyFile);
  20623. XFCLOSE(keyFile);
  20624. if (prvBytes == 0) {
  20625. XFREE(prvTmp, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  20626. XFREE(pubTmp, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  20627. return WC_TEST_RET_ENC_ERRNO;
  20628. }
  20629. keypubFile = XFOPEN(cliKeypub, "rb");
  20630. if (!keypubFile) {
  20631. XFREE(prvTmp, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  20632. XFREE(pubTmp, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  20633. err_sys("can't open ./certs/client-cert.der, "
  20634. "Please run from wolfSSL home dir", WC_TEST_RET_ENC_ERRNO);
  20635. return WC_TEST_RET_ENC_ERRNO;
  20636. }
  20637. pubBytes = (int)XFREAD(pubTmp, 1, (int)FOURK_BUFF, keypubFile);
  20638. XFCLOSE(keypubFile);
  20639. if (pubBytes == 0) {
  20640. XFREE(prvTmp, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  20641. XFREE(pubTmp, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  20642. return WC_TEST_RET_ENC_ERRNO;
  20643. }
  20644. #endif /* USE_CERT_BUFFERS */
  20645. prvRsa = wolfSSL_RSA_new();
  20646. pubRsa = wolfSSL_RSA_new();
  20647. if((prvRsa == NULL) || (pubRsa == NULL)){
  20648. printf("error with RSA_new\n");
  20649. ret = WC_TEST_RET_ENC_ERRNO;
  20650. goto openssl_pkey0_test_done;
  20651. }
  20652. ret = wolfSSL_RSA_LoadDer_ex(prvRsa, prvTmp, prvBytes, WOLFSSL_RSA_LOAD_PRIVATE);
  20653. if(ret != SSL_SUCCESS){
  20654. printf("error with RSA_LoadDer_ex\n");
  20655. ret = WC_TEST_RET_ENC_EC(ret);
  20656. goto openssl_pkey0_test_done;
  20657. }
  20658. ret = wolfSSL_RSA_LoadDer_ex(pubRsa, pubTmp, pubBytes, WOLFSSL_RSA_LOAD_PUBLIC);
  20659. if(ret != SSL_SUCCESS){
  20660. printf("error with RSA_LoadDer_ex\n");
  20661. ret = WC_TEST_RET_ENC_EC(ret);
  20662. goto openssl_pkey0_test_done;
  20663. }
  20664. keySz = (size_t)RSA_size(pubRsa);
  20665. prvPkey = wolfSSL_EVP_PKEY_new();
  20666. pubPkey = wolfSSL_EVP_PKEY_new();
  20667. if((prvPkey == NULL) || (pubPkey == NULL)){
  20668. printf("error with PKEY_new\n");
  20669. ret = WC_TEST_RET_ENC_NC;
  20670. goto openssl_pkey0_test_done;
  20671. }
  20672. ret = wolfSSL_EVP_PKEY_set1_RSA(prvPkey, prvRsa);
  20673. ret += wolfSSL_EVP_PKEY_set1_RSA(pubPkey, pubRsa);
  20674. if(ret != 2){
  20675. printf("error with PKEY_set1_RSA\n");
  20676. ret = WC_TEST_RET_ENC_I(ret);
  20677. goto openssl_pkey0_test_done;
  20678. }
  20679. dec = EVP_PKEY_CTX_new(prvPkey, NULL);
  20680. enc = EVP_PKEY_CTX_new(pubPkey, NULL);
  20681. if((dec == NULL)||(enc==NULL)){
  20682. printf("error with EVP_PKEY_CTX_new\n");
  20683. ret = WC_TEST_RET_ENC_NC;
  20684. goto openssl_pkey0_test_done;
  20685. }
  20686. ret = EVP_PKEY_decrypt_init(dec);
  20687. if (ret != 1) {
  20688. printf("error with decrypt init\n");
  20689. ret = WC_TEST_RET_ENC_NC;
  20690. goto openssl_pkey0_test_done;
  20691. }
  20692. ret = EVP_PKEY_encrypt_init(enc);
  20693. if (ret != 1) {
  20694. printf("error with encrypt init\n");
  20695. ret = WC_TEST_RET_ENC_NC;
  20696. goto openssl_pkey0_test_done;
  20697. }
  20698. XMEMSET(out, 0, sizeof(out));
  20699. ret = EVP_PKEY_encrypt(enc, out, &outlen, in, sizeof(in));
  20700. if (ret != 1) {
  20701. printf("error encrypting msg\n");
  20702. ret = WC_TEST_RET_ENC_NC;
  20703. goto openssl_pkey0_test_done;
  20704. }
  20705. show("encrypted msg", out, outlen);
  20706. XMEMSET(plain, 0, sizeof(plain));
  20707. ret = EVP_PKEY_decrypt(dec, plain, &outlen, out, keySz);
  20708. if (ret != 1) {
  20709. printf("error decrypting msg\n");
  20710. ret = WC_TEST_RET_ENC_NC;
  20711. goto openssl_pkey0_test_done;
  20712. }
  20713. show("decrypted msg", plain, outlen);
  20714. /* RSA_PKCS1_OAEP_PADDING test */
  20715. ret = EVP_PKEY_decrypt_init(dec);
  20716. if (ret != 1) {
  20717. printf("error with decrypt init\n");
  20718. ret = WC_TEST_RET_ENC_NC;
  20719. goto openssl_pkey0_test_done;
  20720. }
  20721. ret = EVP_PKEY_encrypt_init(enc);
  20722. if (ret != 1) {
  20723. printf("error with encrypt init\n");
  20724. ret = WC_TEST_RET_ENC_NC;
  20725. goto openssl_pkey0_test_done;
  20726. }
  20727. if (EVP_PKEY_CTX_set_rsa_padding(dec, RSA_PKCS1_PADDING) <= 0) {
  20728. printf("first set rsa padding error\n");
  20729. ret = WC_TEST_RET_ENC_EC(ret);
  20730. goto openssl_pkey0_test_done;
  20731. }
  20732. #ifndef HAVE_FIPS
  20733. if (EVP_PKEY_CTX_set_rsa_padding(dec, RSA_PKCS1_OAEP_PADDING) <= 0){
  20734. printf("second set rsa padding error\n");
  20735. ret = WC_TEST_RET_ENC_EC(ret);
  20736. goto openssl_pkey0_test_done;
  20737. }
  20738. if (EVP_PKEY_CTX_set_rsa_padding(enc, RSA_PKCS1_OAEP_PADDING) <= 0) {
  20739. printf("third set rsa padding error\n");
  20740. ret = WC_TEST_RET_ENC_EC(ret);
  20741. goto openssl_pkey0_test_done;
  20742. }
  20743. #endif
  20744. XMEMSET(out, 0, sizeof(out));
  20745. ret = EVP_PKEY_encrypt(enc, out, &outlen, in, sizeof(in));
  20746. if (ret != 1) {
  20747. printf("error encrypting msg\n");
  20748. ret = WC_TEST_RET_ENC_NC;
  20749. goto openssl_pkey0_test_done;
  20750. }
  20751. show("encrypted msg", out, outlen);
  20752. XMEMSET(plain, 0, sizeof(plain));
  20753. ret = EVP_PKEY_decrypt(dec, plain, &outlen, out, keySz);
  20754. if (ret != 1) {
  20755. printf("error decrypting msg\n");
  20756. ret = WC_TEST_RET_ENC_NC;
  20757. goto openssl_pkey0_test_done;
  20758. }
  20759. show("decrypted msg", plain, outlen);
  20760. ret = 0; /* made it to this point without error then set success */
  20761. openssl_pkey0_test_done:
  20762. wolfSSL_RSA_free(prvRsa);
  20763. wolfSSL_RSA_free(pubRsa);
  20764. EVP_PKEY_free(pubPkey);
  20765. EVP_PKEY_free(prvPkey);
  20766. EVP_PKEY_CTX_free(dec);
  20767. EVP_PKEY_CTX_free(enc);
  20768. XFREE(prvTmp, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  20769. XFREE(pubTmp, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  20770. #endif /* NO_RSA */
  20771. return ret;
  20772. }
  20773. WOLFSSL_TEST_SUBROUTINE wc_test_ret_t openssl_pkey1_test(void)
  20774. {
  20775. wc_test_ret_t ret = 0;
  20776. #if !defined(NO_FILESYSTEM) && !defined(NO_RSA) && !defined(NO_SHA)
  20777. EVP_PKEY_CTX* dec = NULL;
  20778. EVP_PKEY_CTX* enc = NULL;
  20779. EVP_PKEY* pubKey = NULL;
  20780. EVP_PKEY* prvKey = NULL;
  20781. X509* x509 = NULL;
  20782. WOLFSSL_SMALL_STACK_STATIC const unsigned char msg[] = "sugar slapped";
  20783. const unsigned char* clikey;
  20784. long cliKeySz;
  20785. size_t outlen;
  20786. int keyLenBits = 2048;
  20787. #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
  20788. unsigned char *tmp = (unsigned char *)XMALLOC(FOURK_BUF, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  20789. unsigned char *cipher = (unsigned char *)XMALLOC(RSA_TEST_BYTES, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  20790. unsigned char *plain = (unsigned char *)XMALLOC(RSA_TEST_BYTES, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  20791. if ((tmp == NULL) ||
  20792. (cipher == NULL) ||
  20793. (plain == NULL)) {
  20794. ret = WC_TEST_RET_ENC_NC;
  20795. goto openssl_pkey1_test_done;
  20796. }
  20797. #else
  20798. unsigned char tmp[FOURK_BUF];
  20799. unsigned char cipher[RSA_TEST_BYTES];
  20800. unsigned char plain[RSA_TEST_BYTES];
  20801. #endif
  20802. #if defined(USE_CERT_BUFFERS_1024)
  20803. XMEMCPY(tmp, client_key_der_1024, sizeof_client_key_der_1024);
  20804. cliKeySz = (long)sizeof_client_key_der_1024;
  20805. x509 = wolfSSL_X509_load_certificate_buffer(client_cert_der_1024,
  20806. sizeof_client_cert_der_1024, SSL_FILETYPE_ASN1);
  20807. keyLenBits = 1024;
  20808. #elif defined(USE_CERT_BUFFERS_2048)
  20809. XMEMCPY(tmp, client_key_der_2048, sizeof_client_key_der_2048);
  20810. cliKeySz = (long)sizeof_client_key_der_2048;
  20811. x509 = wolfSSL_X509_load_certificate_buffer(client_cert_der_2048,
  20812. sizeof_client_cert_der_2048, SSL_FILETYPE_ASN1);
  20813. #elif defined(USE_CERT_BUFFERS_3072)
  20814. XMEMCPY(tmp, client_key_der_3072, sizeof_client_key_der_3072);
  20815. cliKeySz = (long)sizeof_client_key_der_3072;
  20816. x509 = wolfSSL_X509_load_certificate_buffer(client_cert_der_3072,
  20817. sizeof_client_cert_der_3072, SSL_FILETYPE_ASN1);
  20818. keyLenBits = 3072;
  20819. #elif defined(USE_CERT_BUFFERS_4096)
  20820. XMEMCPY(tmp, client_key_der_4096, sizeof_client_key_der_4096);
  20821. cliKeySz = (long)sizeof_client_key_der_4096;
  20822. x509 = wolfSSL_X509_load_certificate_buffer(client_cert_der_4096,
  20823. sizeof_client_cert_der_4096, SSL_FILETYPE_ASN1);
  20824. keyLenBits = 4096;
  20825. #else
  20826. {
  20827. XFILE f;
  20828. f = XFOPEN(clientKey, "rb");
  20829. if (!f) {
  20830. err_sys("can't open ./certs/client-key.der, "
  20831. "Please run from wolfSSL home dir", WC_TEST_RET_ENC_ERRNO);
  20832. ret = WC_TEST_RET_ENC_ERRNO;
  20833. goto openssl_pkey1_test_done;
  20834. }
  20835. cliKeySz = (long)XFREAD(tmp, 1, FOURK_BUF, f);
  20836. XFCLOSE(f);
  20837. if (cliKeySz == 0)
  20838. ERROR_OUT(WC_TEST_RET_ENC_ERRNO, openssl_pkey1_test_done);
  20839. }
  20840. /* using existing wolfSSL api to get public and private key */
  20841. x509 = wolfSSL_X509_load_certificate_file(clientCert, SSL_FILETYPE_ASN1);
  20842. #endif /* USE_CERT_BUFFERS */
  20843. clikey = tmp;
  20844. if ((prvKey = EVP_PKEY_new()) == NULL) {
  20845. ret = WC_TEST_RET_ENC_ERRNO;
  20846. goto openssl_pkey1_test_done;
  20847. }
  20848. EVP_PKEY_free(prvKey);
  20849. prvKey = NULL;
  20850. if (x509 == NULL) {
  20851. ret = WC_TEST_RET_ENC_NC;
  20852. goto openssl_pkey1_test_done;
  20853. }
  20854. pubKey = X509_get_pubkey(x509);
  20855. if (pubKey == NULL) {
  20856. ret = WC_TEST_RET_ENC_NC;
  20857. goto openssl_pkey1_test_done;
  20858. }
  20859. prvKey = d2i_PrivateKey(EVP_PKEY_RSA, NULL, &clikey, cliKeySz);
  20860. if (prvKey == NULL) {
  20861. ret = WC_TEST_RET_ENC_NC;
  20862. goto openssl_pkey1_test_done;
  20863. }
  20864. /* phase 2 API to create EVP_PKEY_CTX and encrypt/decrypt */
  20865. if (EVP_PKEY_bits(prvKey) != keyLenBits) {
  20866. ret = WC_TEST_RET_ENC_NC;
  20867. goto openssl_pkey1_test_done;
  20868. }
  20869. if (EVP_PKEY_size(prvKey) != keyLenBits/8) {
  20870. ret = WC_TEST_RET_ENC_NC;
  20871. goto openssl_pkey1_test_done;
  20872. }
  20873. dec = EVP_PKEY_CTX_new(prvKey, NULL);
  20874. enc = EVP_PKEY_CTX_new(pubKey, NULL);
  20875. if (dec == NULL || enc == NULL) {
  20876. ret = WC_TEST_RET_ENC_ERRNO;
  20877. goto openssl_pkey1_test_done;
  20878. }
  20879. if (EVP_PKEY_decrypt_init(dec) != 1) {
  20880. ret = WC_TEST_RET_ENC_NC;
  20881. goto openssl_pkey1_test_done;
  20882. }
  20883. if (EVP_PKEY_encrypt_init(enc) != 1) {
  20884. ret = WC_TEST_RET_ENC_NC;
  20885. goto openssl_pkey1_test_done;
  20886. }
  20887. if (EVP_PKEY_CTX_set_rsa_padding(dec, RSA_PKCS1_PADDING) <= 0) {
  20888. ret = WC_TEST_RET_ENC_NC;
  20889. goto openssl_pkey1_test_done;
  20890. }
  20891. #ifndef HAVE_FIPS
  20892. if (EVP_PKEY_CTX_set_rsa_padding(dec, RSA_PKCS1_OAEP_PADDING) <= 0){
  20893. ret = WC_TEST_RET_ENC_EC(ret);
  20894. goto openssl_pkey1_test_done;
  20895. }
  20896. if (EVP_PKEY_CTX_set_rsa_padding(enc, RSA_PKCS1_OAEP_PADDING) <= 0) {
  20897. ret = WC_TEST_RET_ENC_EC(ret);
  20898. goto openssl_pkey1_test_done;
  20899. }
  20900. #endif
  20901. XMEMSET(cipher, 0, RSA_TEST_BYTES);
  20902. outlen = keyLenBits/8;
  20903. if (EVP_PKEY_encrypt(enc, cipher, &outlen, msg, sizeof(msg)) < 0) {
  20904. ret = WC_TEST_RET_ENC_EC(ret);
  20905. goto openssl_pkey1_test_done;
  20906. }
  20907. XMEMSET(plain, 0, RSA_TEST_BYTES);
  20908. if (EVP_PKEY_decrypt(dec, plain, &outlen, cipher, outlen) != 1) {
  20909. ret = WC_TEST_RET_ENC_NC;
  20910. goto openssl_pkey1_test_done;
  20911. }
  20912. openssl_pkey1_test_done:
  20913. if (pubKey != NULL) {
  20914. EVP_PKEY_free(pubKey);
  20915. }
  20916. if (prvKey != NULL) {
  20917. EVP_PKEY_free(prvKey);
  20918. }
  20919. if (dec != NULL) {
  20920. EVP_PKEY_CTX_free(dec);
  20921. }
  20922. if (enc != NULL) {
  20923. EVP_PKEY_CTX_free(enc);
  20924. }
  20925. if (x509 != NULL) {
  20926. X509_free(x509);
  20927. }
  20928. #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
  20929. if (tmp != NULL)
  20930. XFREE(tmp, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  20931. if (cipher != NULL)
  20932. XFREE(cipher, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  20933. if (plain != NULL)
  20934. XFREE(plain, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  20935. #endif
  20936. #endif
  20937. return ret;
  20938. }
  20939. WOLFSSL_TEST_SUBROUTINE wc_test_ret_t openssl_evpSig_test(void)
  20940. {
  20941. #if !defined(NO_RSA) && !defined(NO_SHA)
  20942. byte* prvTmp;
  20943. byte* pubTmp;
  20944. int prvBytes;
  20945. int pubBytes;
  20946. RSA *prvRsa;
  20947. RSA *pubRsa;
  20948. EVP_PKEY *prvPkey;
  20949. EVP_PKEY *pubPkey;
  20950. EVP_MD_CTX* sign;
  20951. EVP_MD_CTX* verf;
  20952. char msg[] = "see spot run";
  20953. unsigned char sig[256];
  20954. unsigned int sigSz;
  20955. const void* pt;
  20956. unsigned int count;
  20957. wc_test_ret_t ret, ret1, ret2;
  20958. #if !defined(USE_CERT_BUFFERS_1024) && !defined(USE_CERT_BUFFERS_2048)
  20959. XFILE keyFile;
  20960. XFILE keypubFile;
  20961. char cliKey[] = "./certs/client-key.der";
  20962. char cliKeypub[] = "./certs/client-keyPub.der";
  20963. #endif
  20964. prvTmp = (byte*)XMALLOC(FOURK_BUFF, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  20965. if (prvTmp == NULL)
  20966. return WC_TEST_RET_ENC_ERRNO;
  20967. pubTmp = (byte*)XMALLOC(FOURK_BUFF, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  20968. if (pubTmp == NULL) {
  20969. XFREE(prvTmp, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  20970. return WC_TEST_RET_ENC_NC;
  20971. }
  20972. #ifdef USE_CERT_BUFFERS_1024
  20973. XMEMCPY(prvTmp, client_key_der_1024, sizeof_client_key_der_1024);
  20974. prvBytes = sizeof_client_key_der_1024;
  20975. XMEMCPY(pubTmp, client_keypub_der_1024, sizeof_client_keypub_der_1024);
  20976. pubBytes = sizeof_client_keypub_der_1024;
  20977. #elif defined(USE_CERT_BUFFERS_2048)
  20978. XMEMCPY(prvTmp, client_key_der_2048, sizeof_client_key_der_2048);
  20979. prvBytes = sizeof_client_key_der_2048;
  20980. XMEMCPY(pubTmp, client_keypub_der_2048, sizeof_client_keypub_der_2048);
  20981. pubBytes = sizeof_client_keypub_der_2048;
  20982. #else
  20983. keyFile = XFOPEN(cliKey, "rb");
  20984. if (!keyFile) {
  20985. XFREE(pubTmp, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  20986. XFREE(prvTmp, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  20987. err_sys("can't open ./certs/client-key.der, "
  20988. "Please run from wolfSSL home dir", WC_TEST_RET_ENC_ERRNO);
  20989. return WC_TEST_RET_ENC_ERRNO;
  20990. }
  20991. prvBytes = (int)XFREAD(prvTmp, 1, (int)FOURK_BUFF, keyFile);
  20992. XFCLOSE(keyFile);
  20993. if (prvBytes == 0) {
  20994. XFREE(prvTmp, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  20995. XFREE(pubTmp, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  20996. return WC_TEST_RET_ENC_ERRNO;
  20997. }
  20998. keypubFile = XFOPEN(cliKeypub, "rb");
  20999. if (!keypubFile) {
  21000. XFREE(pubTmp, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  21001. XFREE(prvTmp, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  21002. err_sys("can't open ./certs/client-cert.der, "
  21003. "Please run from wolfSSL home dir", WC_TEST_RET_ENC_ERRNO);
  21004. return WC_TEST_RET_ENC_ERRNO;
  21005. }
  21006. pubBytes = (int)XFREAD(pubTmp, 1, (int)FOURK_BUFF, keypubFile);
  21007. XFCLOSE(keypubFile);
  21008. if (pubBytes == 0) {
  21009. XFREE(prvTmp, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  21010. XFREE(pubTmp, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  21011. return WC_TEST_RET_ENC_ERRNO;
  21012. }
  21013. #endif /* USE_CERT_BUFFERS */
  21014. prvRsa = wolfSSL_RSA_new();
  21015. pubRsa = wolfSSL_RSA_new();
  21016. if((prvRsa == NULL) || (pubRsa == NULL)){
  21017. XFREE(pubTmp, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  21018. XFREE(prvTmp, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  21019. err_sys("ERROR with RSA_new", WC_TEST_RET_ENC_NC);
  21020. return WC_TEST_RET_ENC_NC;
  21021. }
  21022. ret1 = wolfSSL_RSA_LoadDer_ex(prvRsa, prvTmp, prvBytes, WOLFSSL_RSA_LOAD_PRIVATE);
  21023. ret2 = wolfSSL_RSA_LoadDer_ex(pubRsa, pubTmp, pubBytes, WOLFSSL_RSA_LOAD_PUBLIC);
  21024. if((ret1 != SSL_SUCCESS) || (ret2 != SSL_SUCCESS)){
  21025. printf("error with RSA_LoadDer_ex\n");
  21026. return WC_TEST_RET_ENC_NC;
  21027. }
  21028. prvPkey = wolfSSL_EVP_PKEY_new();
  21029. pubPkey = wolfSSL_EVP_PKEY_new();
  21030. if((prvPkey == NULL) || (pubPkey == NULL)){
  21031. XFREE(pubTmp, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  21032. XFREE(prvTmp, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  21033. printf("error with KEY_new\n");
  21034. return WC_TEST_RET_ENC_NC;
  21035. }
  21036. ret1 = wolfSSL_EVP_PKEY_set1_RSA(prvPkey, prvRsa);
  21037. ret2 = wolfSSL_EVP_PKEY_set1_RSA(pubPkey, pubRsa);
  21038. if((ret1 != 1) || (ret2 != 1)){
  21039. XFREE(pubTmp, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  21040. XFREE(prvTmp, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  21041. printf("error with EVP_PKEY_set1_RSA\n");
  21042. return WC_TEST_RET_ENC_NC;
  21043. }
  21044. /****************** sign and verify *******************/
  21045. sign = EVP_MD_CTX_create();
  21046. verf = EVP_MD_CTX_create();
  21047. if((sign == NULL)||(verf == NULL)){
  21048. printf("error with EVP_MD_CTX_create\n");
  21049. EVP_MD_CTX_destroy(sign);
  21050. EVP_MD_CTX_destroy(verf);
  21051. return WC_TEST_RET_ENC_NC;
  21052. }
  21053. ret = EVP_SignInit(sign, EVP_sha1());
  21054. if (ret != SSL_SUCCESS){
  21055. printf("error with EVP_SignInit\n");
  21056. EVP_MD_CTX_destroy(sign);
  21057. EVP_MD_CTX_destroy(verf);
  21058. return WC_TEST_RET_ENC_NC;
  21059. }
  21060. count = sizeof(msg);
  21061. show("message = ", (char *)msg, count);
  21062. /* sign */
  21063. XMEMSET(sig, 0, sizeof(sig));
  21064. pt = (const void*)msg;
  21065. ret1 = EVP_SignUpdate(sign, pt, count);
  21066. ret2 = EVP_SignFinal(sign, sig, &sigSz, prvPkey);
  21067. if((ret1 != SSL_SUCCESS) || (ret2 != SSL_SUCCESS)){
  21068. XFREE(pubTmp, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  21069. XFREE(prvTmp, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  21070. EVP_MD_CTX_destroy(sign);
  21071. EVP_MD_CTX_destroy(verf);
  21072. printf("error with EVP_MD_CTX_create\n");
  21073. return WC_TEST_RET_ENC_NC;
  21074. }
  21075. show("signature = ", (char *)sig, sigSz);
  21076. /* verify */
  21077. pt = (const void*)msg;
  21078. ret1 = EVP_VerifyInit(verf, EVP_sha1());
  21079. ret2 = EVP_VerifyUpdate(verf, pt, count);
  21080. if((ret1 != SSL_SUCCESS) || (ret2 != SSL_SUCCESS)){
  21081. XFREE(pubTmp, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  21082. XFREE(prvTmp, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  21083. EVP_MD_CTX_destroy(sign);
  21084. EVP_MD_CTX_destroy(verf);
  21085. printf("error with EVP_Verify\n");
  21086. return WC_TEST_RET_ENC_NC;
  21087. }
  21088. if (EVP_VerifyFinal(verf, sig, sigSz, pubPkey) != 1) {
  21089. XFREE(pubTmp, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  21090. XFREE(prvTmp, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  21091. EVP_MD_CTX_destroy(sign);
  21092. EVP_MD_CTX_destroy(verf);
  21093. printf("error with EVP_VerifyFinal\n");
  21094. return WC_TEST_RET_ENC_NC;
  21095. }
  21096. /* expect fail without update */
  21097. EVP_VerifyInit(verf, EVP_sha1());
  21098. if (EVP_VerifyFinal(verf, sig, sigSz, pubPkey) == 1) {
  21099. XFREE(pubTmp, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  21100. XFREE(prvTmp, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  21101. EVP_MD_CTX_destroy(sign);
  21102. EVP_MD_CTX_destroy(verf);
  21103. printf("EVP_VerifyInit without update not detected\n");
  21104. return WC_TEST_RET_ENC_NC;
  21105. }
  21106. XFREE(pubTmp, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  21107. XFREE(prvTmp, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  21108. EVP_MD_CTX_destroy(sign);
  21109. EVP_MD_CTX_destroy(verf);
  21110. wolfSSL_RSA_free(prvRsa);
  21111. wolfSSL_RSA_free(pubRsa);
  21112. EVP_PKEY_free(pubPkey);
  21113. EVP_PKEY_free(prvPkey);
  21114. #endif /* NO_RSA */
  21115. return 0;
  21116. }
  21117. #endif /* OPENSSL_EXTRA */
  21118. #ifndef NO_PWDBASED
  21119. #ifdef HAVE_SCRYPT
  21120. /* Test vectors taken from RFC 7914: scrypt PBKDF - Section 12. */
  21121. WOLFSSL_TEST_SUBROUTINE wc_test_ret_t scrypt_test(void)
  21122. {
  21123. #ifdef HAVE_FIPS
  21124. /* RFC 7914 test vector keys are too short for FIPS. */
  21125. #else
  21126. wc_test_ret_t ret;
  21127. byte derived[64];
  21128. WOLFSSL_SMALL_STACK_STATIC const byte verify1[] = {
  21129. 0x77, 0xd6, 0x57, 0x62, 0x38, 0x65, 0x7b, 0x20,
  21130. 0x3b, 0x19, 0xca, 0x42, 0xc1, 0x8a, 0x04, 0x97,
  21131. 0xf1, 0x6b, 0x48, 0x44, 0xe3, 0x07, 0x4a, 0xe8,
  21132. 0xdf, 0xdf, 0xfa, 0x3f, 0xed, 0xe2, 0x14, 0x42,
  21133. 0xfc, 0xd0, 0x06, 0x9d, 0xed, 0x09, 0x48, 0xf8,
  21134. 0x32, 0x6a, 0x75, 0x3a, 0x0f, 0xc8, 0x1f, 0x17,
  21135. 0xe8, 0xd3, 0xe0, 0xfb, 0x2e, 0x0d, 0x36, 0x28,
  21136. 0xcf, 0x35, 0xe2, 0x0c, 0x38, 0xd1, 0x89, 0x06
  21137. };
  21138. #if !defined(BENCH_EMBEDDED)
  21139. WOLFSSL_SMALL_STACK_STATIC const byte verify2[] = {
  21140. 0xfd, 0xba, 0xbe, 0x1c, 0x9d, 0x34, 0x72, 0x00,
  21141. 0x78, 0x56, 0xe7, 0x19, 0x0d, 0x01, 0xe9, 0xfe,
  21142. 0x7c, 0x6a, 0xd7, 0xcb, 0xc8, 0x23, 0x78, 0x30,
  21143. 0xe7, 0x73, 0x76, 0x63, 0x4b, 0x37, 0x31, 0x62,
  21144. 0x2e, 0xaf, 0x30, 0xd9, 0x2e, 0x22, 0xa3, 0x88,
  21145. 0x6f, 0xf1, 0x09, 0x27, 0x9d, 0x98, 0x30, 0xda,
  21146. 0xc7, 0x27, 0xaf, 0xb9, 0x4a, 0x83, 0xee, 0x6d,
  21147. 0x83, 0x60, 0xcb, 0xdf, 0xa2, 0xcc, 0x06, 0x40
  21148. };
  21149. #endif
  21150. #if !defined(BENCH_EMBEDDED) && !defined(WOLFSSL_LINUXKM) && !defined(HAVE_INTEL_QA)
  21151. WOLFSSL_SMALL_STACK_STATIC const byte verify3[] = {
  21152. 0x70, 0x23, 0xbd, 0xcb, 0x3a, 0xfd, 0x73, 0x48,
  21153. 0x46, 0x1c, 0x06, 0xcd, 0x81, 0xfd, 0x38, 0xeb,
  21154. 0xfd, 0xa8, 0xfb, 0xba, 0x90, 0x4f, 0x8e, 0x3e,
  21155. 0xa9, 0xb5, 0x43, 0xf6, 0x54, 0x5d, 0xa1, 0xf2,
  21156. 0xd5, 0x43, 0x29, 0x55, 0x61, 0x3f, 0x0f, 0xcf,
  21157. 0x62, 0xd4, 0x97, 0x05, 0x24, 0x2a, 0x9a, 0xf9,
  21158. 0xe6, 0x1e, 0x85, 0xdc, 0x0d, 0x65, 0x1e, 0x40,
  21159. 0xdf, 0xcf, 0x01, 0x7b, 0x45, 0x57, 0x58, 0x87
  21160. };
  21161. #endif
  21162. #ifdef SCRYPT_TEST_ALL
  21163. /* Test case is very slow.
  21164. * Use for confirmation after code change or new platform.
  21165. */
  21166. WOLFSSL_SMALL_STACK_STATIC const byte verify4[] = {
  21167. 0x21, 0x01, 0xcb, 0x9b, 0x6a, 0x51, 0x1a, 0xae,
  21168. 0xad, 0xdb, 0xbe, 0x09, 0xcf, 0x70, 0xf8, 0x81,
  21169. 0xec, 0x56, 0x8d, 0x57, 0x4a, 0x2f, 0xfd, 0x4d,
  21170. 0xab, 0xe5, 0xee, 0x98, 0x20, 0xad, 0xaa, 0x47,
  21171. 0x8e, 0x56, 0xfd, 0x8f, 0x4b, 0xa5, 0xd0, 0x9f,
  21172. 0xfa, 0x1c, 0x6d, 0x92, 0x7c, 0x40, 0xf4, 0xc3,
  21173. 0x37, 0x30, 0x40, 0x49, 0xe8, 0xa9, 0x52, 0xfb,
  21174. 0xcb, 0xf4, 0x5c, 0x6f, 0xa7, 0x7a, 0x41, 0xa4
  21175. };
  21176. #endif
  21177. ret = wc_scrypt(derived, NULL, 0, NULL, 0, 4, 1, 1, sizeof(verify1));
  21178. if (ret != 0)
  21179. return WC_TEST_RET_ENC_EC(ret);
  21180. if (XMEMCMP(derived, verify1, sizeof(verify1)) != 0)
  21181. return WC_TEST_RET_ENC_NC;
  21182. #if !defined(BENCH_EMBEDDED)
  21183. ret = wc_scrypt(derived, (byte*)"password", 8, (byte*)"NaCl", 4, 10, 8, 16,
  21184. sizeof(verify2));
  21185. if (ret != 0)
  21186. return WC_TEST_RET_ENC_EC(ret);
  21187. if (XMEMCMP(derived, verify2, sizeof(verify2)) != 0)
  21188. return WC_TEST_RET_ENC_NC;
  21189. #endif
  21190. /* Test case with parallel overflowing */
  21191. ret = wc_scrypt(derived, (byte*)"password", 16, (byte*)"NaCl", 16, 2, 4, 8388608,
  21192. sizeof(verify1));
  21193. if (ret != BAD_FUNC_ARG)
  21194. return WC_TEST_RET_ENC_EC(ret);
  21195. /* Don't run these test on embedded, since they use large mallocs */
  21196. #if !defined(BENCH_EMBEDDED) && !defined(WOLFSSL_LINUXKM) && !defined(HAVE_INTEL_QA)
  21197. ret = wc_scrypt(derived, (byte*)"pleaseletmein", 13,
  21198. (byte*)"SodiumChloride", 14, 14, 8, 1, sizeof(verify3));
  21199. if (ret != 0)
  21200. return WC_TEST_RET_ENC_EC(ret);
  21201. if (XMEMCMP(derived, verify3, sizeof(verify3)) != 0)
  21202. return WC_TEST_RET_ENC_NC;
  21203. #ifdef SCRYPT_TEST_ALL
  21204. ret = wc_scrypt(derived, (byte*)"pleaseletmein", 13,
  21205. (byte*)"SodiumChloride", 14, 20, 8, 1, sizeof(verify4));
  21206. if (ret != 0)
  21207. return WC_TEST_RET_ENC_EC(ret);
  21208. if (XMEMCMP(derived, verify4, sizeof(verify4)) != 0)
  21209. return WC_TEST_RET_ENC_NC;
  21210. #endif
  21211. #endif /* !BENCH_EMBEDDED && !defined(WOLFSSL_LINUXKM) && !HAVE_INTEL_QA */
  21212. #if !defined(BENCH_EMBEDDED)
  21213. ret = wc_scrypt_ex(derived, (byte*)"password", 8, (byte*)"NaCl", 4, 1<<10,
  21214. 8, 16, sizeof(verify2));
  21215. if (ret != 0)
  21216. return WC_TEST_RET_ENC_EC(ret);
  21217. if (XMEMCMP(derived, verify2, sizeof(verify2)) != 0)
  21218. return WC_TEST_RET_ENC_NC;
  21219. #endif
  21220. #endif /* !HAVE_FIPS */
  21221. return 0;
  21222. }
  21223. #endif
  21224. #ifdef HAVE_PKCS12
  21225. WOLFSSL_TEST_SUBROUTINE wc_test_ret_t pkcs12_test(void)
  21226. {
  21227. WOLFSSL_SMALL_STACK_STATIC const byte passwd[] = { 0x00, 0x73, 0x00, 0x6d, 0x00, 0x65, 0x00, 0x67,
  21228. 0x00, 0x00 };
  21229. WOLFSSL_SMALL_STACK_STATIC const byte salt[] = { 0x0a, 0x58, 0xCF, 0x64, 0x53, 0x0d, 0x82, 0x3f };
  21230. WOLFSSL_SMALL_STACK_STATIC const byte passwd2[] = { 0x00, 0x71, 0x00, 0x75, 0x00, 0x65, 0x00, 0x65,
  21231. 0x00, 0x67, 0x00, 0x00 };
  21232. WOLFSSL_SMALL_STACK_STATIC const byte salt2[] = { 0x16, 0x82, 0xC0, 0xfC, 0x5b, 0x3f, 0x7e, 0xc5 };
  21233. byte derived[64];
  21234. WOLFSSL_SMALL_STACK_STATIC const byte verify[] = {
  21235. 0x27, 0xE9, 0x0D, 0x7E, 0xD5, 0xA1, 0xC4, 0x11,
  21236. 0xBA, 0x87, 0x8B, 0xC0, 0x90, 0xF5, 0xCE, 0xBE,
  21237. 0x5E, 0x9D, 0x5F, 0xE3, 0xD6, 0x2B, 0x73, 0xAA
  21238. };
  21239. WOLFSSL_SMALL_STACK_STATIC const byte verify2[] = {
  21240. 0x90, 0x1B, 0x49, 0x70, 0xF0, 0x94, 0xF0, 0xF8,
  21241. 0x45, 0xC0, 0xF3, 0xF3, 0x13, 0x59, 0x18, 0x6A,
  21242. 0x35, 0xE3, 0x67, 0xFE, 0xD3, 0x21, 0xFD, 0x7C
  21243. };
  21244. int id = 1;
  21245. int kLen = 24;
  21246. int iterations = 1;
  21247. wc_test_ret_t ret = wc_PKCS12_PBKDF(derived, passwd, sizeof(passwd), salt, 8,
  21248. iterations, kLen, WC_SHA256, id);
  21249. if (ret < 0)
  21250. return WC_TEST_RET_ENC_EC(ret);
  21251. if (XMEMCMP(derived, verify, kLen) != 0)
  21252. return WC_TEST_RET_ENC_NC;
  21253. iterations = 1000;
  21254. ret = wc_PKCS12_PBKDF(derived, passwd2, sizeof(passwd2), salt2, 8,
  21255. iterations, kLen, WC_SHA256, id);
  21256. if (ret < 0)
  21257. return WC_TEST_RET_ENC_EC(ret);
  21258. ret = wc_PKCS12_PBKDF_ex(derived, passwd2, sizeof(passwd2), salt2, 8,
  21259. iterations, kLen, WC_SHA256, id, HEAP_HINT);
  21260. if (ret < 0)
  21261. return WC_TEST_RET_ENC_EC(ret);
  21262. if (XMEMCMP(derived, verify2, 24) != 0)
  21263. return WC_TEST_RET_ENC_NC;
  21264. return 0;
  21265. }
  21266. #endif /* HAVE_PKCS12 */
  21267. #if defined(HAVE_PBKDF2) && !defined(NO_SHA256) && !defined(NO_HMAC)
  21268. WOLFSSL_TEST_SUBROUTINE wc_test_ret_t pbkdf2_test(void)
  21269. {
  21270. char passwd[] = "passwordpassword";
  21271. WOLFSSL_SMALL_STACK_STATIC const byte salt[] = { 0x78, 0x57, 0x8E, 0x5a, 0x5d, 0x63, 0xcb, 0x06 };
  21272. int iterations = 2048;
  21273. int kLen = 24;
  21274. byte derived[64];
  21275. WOLFSSL_SMALL_STACK_STATIC const byte verify[] = {
  21276. 0x43, 0x6d, 0xb5, 0xe8, 0xd0, 0xfb, 0x3f, 0x35, 0x42, 0x48, 0x39, 0xbc,
  21277. 0x2d, 0xd4, 0xf9, 0x37, 0xd4, 0x95, 0x16, 0xa7, 0x2a, 0x9a, 0x21, 0xd1
  21278. };
  21279. wc_test_ret_t ret = wc_PBKDF2_ex(derived, (byte*)passwd, (int)XSTRLEN(passwd), salt,
  21280. (int)sizeof(salt), iterations, kLen, WC_SHA256, HEAP_HINT, devId);
  21281. if (ret != 0)
  21282. return ret;
  21283. if (XMEMCMP(derived, verify, sizeof(verify)) != 0)
  21284. return WC_TEST_RET_ENC_NC;
  21285. return 0;
  21286. }
  21287. #endif /* HAVE_PBKDF2 && !NO_SHA256 && !NO_HMAC */
  21288. #if defined(HAVE_PBKDF1) && !defined(NO_SHA)
  21289. WOLFSSL_TEST_SUBROUTINE wc_test_ret_t pbkdf1_test(void)
  21290. {
  21291. char passwd[] = "password";
  21292. WOLFSSL_SMALL_STACK_STATIC const byte salt[] = { 0x78, 0x57, 0x8E, 0x5a, 0x5d, 0x63, 0xcb, 0x06 };
  21293. int iterations = 1000;
  21294. int kLen = 16;
  21295. byte derived[16];
  21296. WOLFSSL_SMALL_STACK_STATIC const byte verify[] = {
  21297. 0xDC, 0x19, 0x84, 0x7E, 0x05, 0xC6, 0x4D, 0x2F,
  21298. 0xAF, 0x10, 0xEB, 0xFB, 0x4A, 0x3D, 0x2A, 0x20
  21299. };
  21300. wc_test_ret_t ret = wc_PBKDF1_ex(derived, kLen, NULL, 0, (byte*)passwd,
  21301. (int)XSTRLEN(passwd), salt, (int)sizeof(salt), iterations, WC_SHA,
  21302. HEAP_HINT);
  21303. if (ret != 0)
  21304. return ret;
  21305. if (XMEMCMP(derived, verify, sizeof(verify)) != 0)
  21306. return WC_TEST_RET_ENC_NC;
  21307. return 0;
  21308. }
  21309. #endif /* HAVE_PBKDF2 && !NO_SHA */
  21310. WOLFSSL_TEST_SUBROUTINE wc_test_ret_t pwdbased_test(void)
  21311. {
  21312. wc_test_ret_t ret = 0;
  21313. #if defined(HAVE_PBKDF1) && !defined(NO_SHA)
  21314. ret = pbkdf1_test();
  21315. if (ret != 0)
  21316. return ret;
  21317. #endif
  21318. #if defined(HAVE_PBKDF2) && !defined(NO_SHA256) && !defined(NO_HMAC)
  21319. ret = pbkdf2_test();
  21320. if (ret != 0)
  21321. return ret;
  21322. #endif
  21323. #ifdef HAVE_PKCS12
  21324. ret = pkcs12_test();
  21325. if (ret != 0)
  21326. return ret;
  21327. #endif
  21328. #ifdef HAVE_SCRYPT
  21329. ret = scrypt_test();
  21330. if (ret != 0)
  21331. return ret;
  21332. #endif
  21333. return ret;
  21334. }
  21335. #endif /* NO_PWDBASED */
  21336. #if defined(HAVE_HKDF) && !defined(NO_HMAC)
  21337. #if defined(WOLFSSL_AFALG_XILINX) || defined(WOLFSSL_AFALG_XILINX_AES) || \
  21338. defined(WOLFSSL_AFALG_XILINX_SHA3) || defined(WOLFSSL_AFALG_HASH_KEEP) || \
  21339. defined(WOLFSSL_AFALG_XILINX_RSA)
  21340. /* hkdf_test has issue with WOLFSSL_TEST_SUBROUTINE set on Xilinx with afalg */
  21341. static wc_test_ret_t hkdf_test(void)
  21342. #else
  21343. WOLFSSL_TEST_SUBROUTINE wc_test_ret_t hkdf_test(void)
  21344. #endif
  21345. {
  21346. wc_test_ret_t ret = 0;
  21347. #if !defined(NO_SHA) || !defined(NO_SHA256)
  21348. int L;
  21349. byte okm1[42];
  21350. byte ikm1[22] = { 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b,
  21351. 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b,
  21352. 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b };
  21353. #ifndef HAVE_FIPS
  21354. byte salt1[13] ={ 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
  21355. 0x08, 0x09, 0x0a, 0x0b, 0x0c };
  21356. byte info1[10] ={ 0xf0, 0xf1, 0xf2, 0xf3, 0xf4, 0xf5, 0xf6, 0xf7,
  21357. 0xf8, 0xf9 };
  21358. #endif
  21359. #ifndef NO_SHA
  21360. byte res1[42] = { 0x0a, 0xc1, 0xaf, 0x70, 0x02, 0xb3, 0xd7, 0x61,
  21361. 0xd1, 0xe5, 0x52, 0x98, 0xda, 0x9d, 0x05, 0x06,
  21362. 0xb9, 0xae, 0x52, 0x05, 0x72, 0x20, 0xa3, 0x06,
  21363. 0xe0, 0x7b, 0x6b, 0x87, 0xe8, 0xdf, 0x21, 0xd0,
  21364. 0xea, 0x00, 0x03, 0x3d, 0xe0, 0x39, 0x84, 0xd3,
  21365. 0x49, 0x18 };
  21366. #ifndef HAVE_FIPS
  21367. byte res2[42] = { 0x08, 0x5a, 0x01, 0xea, 0x1b, 0x10, 0xf3, 0x69,
  21368. 0x33, 0x06, 0x8b, 0x56, 0xef, 0xa5, 0xad, 0x81,
  21369. 0xa4, 0xf1, 0x4b, 0x82, 0x2f, 0x5b, 0x09, 0x15,
  21370. 0x68, 0xa9, 0xcd, 0xd4, 0xf1, 0x55, 0xfd, 0xa2,
  21371. 0xc2, 0x2e, 0x42, 0x24, 0x78, 0xd3, 0x05, 0xf3,
  21372. 0xf8, 0x96 };
  21373. #endif
  21374. #endif /* !NO_SHA */
  21375. #ifndef NO_SHA256
  21376. byte res3[42] = { 0x8d, 0xa4, 0xe7, 0x75, 0xa5, 0x63, 0xc1, 0x8f,
  21377. 0x71, 0x5f, 0x80, 0x2a, 0x06, 0x3c, 0x5a, 0x31,
  21378. 0xb8, 0xa1, 0x1f, 0x5c, 0x5e, 0xe1, 0x87, 0x9e,
  21379. 0xc3, 0x45, 0x4e, 0x5f, 0x3c, 0x73, 0x8d, 0x2d,
  21380. 0x9d, 0x20, 0x13, 0x95, 0xfa, 0xa4, 0xb6, 0x1a,
  21381. 0x96, 0xc8 };
  21382. #ifndef HAVE_FIPS
  21383. byte res4[42] = { 0x3c, 0xb2, 0x5f, 0x25, 0xfa, 0xac, 0xd5, 0x7a,
  21384. 0x90, 0x43, 0x4f, 0x64, 0xd0, 0x36, 0x2f, 0x2a,
  21385. 0x2d, 0x2d, 0x0a, 0x90, 0xcf, 0x1a, 0x5a, 0x4c,
  21386. 0x5d, 0xb0, 0x2d, 0x56, 0xec, 0xc4, 0xc5, 0xbf,
  21387. 0x34, 0x00, 0x72, 0x08, 0xd5, 0xb8, 0x87, 0x18,
  21388. 0x58, 0x65 };
  21389. #endif
  21390. #endif /* !NO_SHA256 */
  21391. XMEMSET(okm1, 0, sizeof(okm1));
  21392. L = (int)sizeof(okm1);
  21393. #ifndef NO_SHA
  21394. ret = wc_HKDF(WC_SHA, ikm1, (word32)sizeof(ikm1), NULL, 0, NULL, 0,
  21395. okm1, L);
  21396. if (ret != 0)
  21397. return WC_TEST_RET_ENC_EC(ret);
  21398. if (XMEMCMP(okm1, res1, L) != 0)
  21399. return WC_TEST_RET_ENC_NC;
  21400. #ifndef HAVE_FIPS
  21401. /* fips can't have key size under 14 bytes, salt is key too */
  21402. L = (int)sizeof(okm1);
  21403. ret = wc_HKDF(WC_SHA, ikm1, 11, salt1, (word32)sizeof(salt1),
  21404. info1, (word32)sizeof(info1), okm1, L);
  21405. if (ret != 0)
  21406. return WC_TEST_RET_ENC_EC(ret);
  21407. if (XMEMCMP(okm1, res2, L) != 0)
  21408. return WC_TEST_RET_ENC_NC;
  21409. #endif /* HAVE_FIPS */
  21410. #endif /* !NO_SHA */
  21411. #ifndef NO_SHA256
  21412. ret = wc_HKDF(WC_SHA256, ikm1, (word32)sizeof(ikm1), NULL, 0, NULL, 0,
  21413. okm1, L);
  21414. if (ret != 0)
  21415. return WC_TEST_RET_ENC_EC(ret);
  21416. if (XMEMCMP(okm1, res3, L) != 0)
  21417. return WC_TEST_RET_ENC_NC;
  21418. #ifndef HAVE_FIPS
  21419. /* fips can't have key size under 14 bytes, salt is key too */
  21420. ret = wc_HKDF(WC_SHA256, ikm1, (word32)sizeof(ikm1),
  21421. salt1, (word32)sizeof(salt1), info1, (word32)sizeof(info1), okm1, L);
  21422. if (ret != 0)
  21423. return WC_TEST_RET_ENC_EC(ret);
  21424. if (XMEMCMP(okm1, res4, L) != 0)
  21425. return WC_TEST_RET_ENC_NC;
  21426. #endif /* HAVE_FIPS */
  21427. #endif /* !NO_SHA256 */
  21428. #endif /* !NO_SHA || !NO_SHA256 */
  21429. return ret;
  21430. }
  21431. #endif /* HAVE_HKDF */
  21432. #ifdef WOLFSSL_WOLFSSH
  21433. typedef struct {
  21434. byte hashId;
  21435. byte keyId;
  21436. const byte* k;
  21437. word32 kSz;
  21438. const byte* h;
  21439. word32 hSz;
  21440. const byte* sessionId;
  21441. word32 sessionIdSz;
  21442. const byte* expectedKey;
  21443. word32 expectedKeySz;
  21444. } SshKdfTestVector;
  21445. /** Test Vector Set #3: SHA-256 **/
  21446. static const byte sshKdfTvSet3k[] = {
  21447. 0x6A, 0xC3, 0x82, 0xEA, 0xAC, 0xA0, 0x93, 0xE1,
  21448. 0x25, 0xE2, 0x5C, 0x24, 0xBE, 0xBC, 0x84, 0x64,
  21449. 0x0C, 0x11, 0x98, 0x75, 0x07, 0x34, 0x4B, 0x5C,
  21450. 0x73, 0x9C, 0xEB, 0x84, 0xA9, 0xE0, 0xB2, 0x22,
  21451. 0xB9, 0xA8, 0xB5, 0x1C, 0x83, 0x9E, 0x5E, 0xBE,
  21452. 0x49, 0xCF, 0xAD, 0xBF, 0xB3, 0x95, 0x99, 0x76,
  21453. 0x4E, 0xD5, 0x22, 0x09, 0x9D, 0xC9, 0x12, 0x75,
  21454. 0x19, 0x50, 0xDC, 0x7D, 0xC9, 0x7F, 0xBD, 0xC0,
  21455. 0x63, 0x28, 0xB6, 0x8F, 0x22, 0x78, 0x1F, 0xD3,
  21456. 0x15, 0xAF, 0x56, 0x80, 0x09, 0xA5, 0x50, 0x9E,
  21457. 0x5B, 0x87, 0xA1, 0x1B, 0xF5, 0x27, 0xC0, 0x56,
  21458. 0xDA, 0xFF, 0xD8, 0x2A, 0xB6, 0xCB, 0xC2, 0x5C,
  21459. 0xCA, 0x37, 0x14, 0x34, 0x59, 0xE7, 0xBC, 0x63,
  21460. 0xBC, 0xDE, 0x52, 0x75, 0x7A, 0xDE, 0xB7, 0xDF,
  21461. 0x01, 0xCF, 0x12, 0x17, 0x3F, 0x1F, 0xEF, 0x81,
  21462. 0x02, 0xEC, 0x5A, 0xB1, 0x42, 0xC2, 0x13, 0xDD,
  21463. 0x9D, 0x30, 0x69, 0x62, 0x78, 0xA8, 0xD8, 0xBC,
  21464. 0x32, 0xDD, 0xE9, 0x59, 0x2D, 0x28, 0xC0, 0x78,
  21465. 0xC6, 0xD9, 0x2B, 0x94, 0x7D, 0x82, 0x5A, 0xCA,
  21466. 0xAB, 0x64, 0x94, 0x84, 0x6A, 0x49, 0xDE, 0x24,
  21467. 0xB9, 0x62, 0x3F, 0x48, 0x89, 0xE8, 0xAD, 0xC3,
  21468. 0x8E, 0x8C, 0x66, 0x9E, 0xFF, 0xEF, 0x17, 0x60,
  21469. 0x40, 0xAD, 0x94, 0x5E, 0x90, 0xA7, 0xD3, 0xEE,
  21470. 0xC1, 0x5E, 0xFE, 0xEE, 0x78, 0xAE, 0x71, 0x04,
  21471. 0x3C, 0x96, 0x51, 0x11, 0x03, 0xA1, 0x6B, 0xA7,
  21472. 0xCA, 0xF0, 0xAC, 0xD0, 0x64, 0x2E, 0xFD, 0xBE,
  21473. 0x80, 0x99, 0x34, 0xFA, 0xA1, 0xA5, 0xF1, 0xBD,
  21474. 0x11, 0x04, 0x36, 0x49, 0xB2, 0x5C, 0xCD, 0x1F,
  21475. 0xEE, 0x2E, 0x38, 0x81, 0x5D, 0x4D, 0x5F, 0x5F,
  21476. 0xC6, 0xB4, 0x10, 0x29, 0x69, 0xF2, 0x1C, 0x22,
  21477. 0xAE, 0x1B, 0x0E, 0x7D, 0x36, 0x03, 0xA5, 0x56,
  21478. 0xA1, 0x32, 0x62, 0xFF, 0x62, 0x8D, 0xE2, 0x22
  21479. };
  21480. static const byte sshKdfTvSet3h[] = {
  21481. 0x7B, 0x70, 0x01, 0x18, 0x5E, 0x25, 0x6D, 0x44,
  21482. 0x93, 0x44, 0x5F, 0x39, 0xA5, 0x5F, 0xB9, 0x05,
  21483. 0xE6, 0x32, 0x1F, 0x4B, 0x5D, 0xD8, 0xBB, 0xF3,
  21484. 0x10, 0x0D, 0x51, 0xBA, 0x0B, 0xDA, 0x3D, 0x2D
  21485. };
  21486. static const byte sshKdfTvSet3sid[] = {
  21487. 0x7B, 0x70, 0x01, 0x18, 0x5E, 0x25, 0x6D, 0x44,
  21488. 0x93, 0x44, 0x5F, 0x39, 0xA5, 0x5F, 0xB9, 0x05,
  21489. 0xE6, 0x32, 0x1F, 0x4B, 0x5D, 0xD8, 0xBB, 0xF3,
  21490. 0x10, 0x0D, 0x51, 0xBA, 0x0B, 0xDA, 0x3D, 0x2D
  21491. };
  21492. static const byte sshKdfTvSet3a[] = {
  21493. 0x81, 0xF0, 0x33, 0x0E, 0xF6, 0xF0, 0x53, 0x61,
  21494. 0xB3, 0x82, 0x3B, 0xFD, 0xED, 0x6E, 0x1D, 0xE9
  21495. };
  21496. static const byte sshKdfTvSet3b[] = {
  21497. 0x3F, 0x6F, 0xD2, 0x06, 0x5E, 0xEB, 0x2B, 0x0B,
  21498. 0x1D, 0x93, 0x19, 0x5A, 0x1F, 0xED, 0x48, 0xA5
  21499. };
  21500. static const byte sshKdfTvSet3c[] = {
  21501. 0xC3, 0x54, 0x71, 0x03, 0x4E, 0x6F, 0xD6, 0x54,
  21502. 0x76, 0x13, 0x17, 0x8E, 0x23, 0x43, 0x5F, 0x21
  21503. };
  21504. static const byte sshKdfTvSet3d[] = {
  21505. 0x7E, 0x9D, 0x79, 0x03, 0x20, 0x90, 0xD9, 0x9F,
  21506. 0x98, 0xB0, 0x15, 0x63, 0x4D, 0xD9, 0xF4, 0x62
  21507. };
  21508. static const byte sshKdfTvSet3e[] = {
  21509. 0x24, 0xEE, 0x55, 0x9A, 0xD7, 0xCE, 0x71, 0x2B,
  21510. 0x68, 0x5D, 0x0B, 0x22, 0x71, 0xE4, 0x43, 0xC1,
  21511. 0x7A, 0xB1, 0xD1, 0xDC, 0xEB, 0x5A, 0x36, 0x05,
  21512. 0x69, 0xD2, 0x5D, 0x5D, 0xC2, 0x43, 0x00, 0x2F
  21513. };
  21514. static const byte sshKdfTvSet3f[] = {
  21515. 0xC3, 0x41, 0x9C, 0x2B, 0x96, 0x62, 0x35, 0x86,
  21516. 0x9D, 0x71, 0x4B, 0xA5, 0xAC, 0x48, 0xDD, 0xB7,
  21517. 0xD9, 0xE3, 0x5C, 0x8C, 0x19, 0xAA, 0xC7, 0x34,
  21518. 0x22, 0x33, 0x7A, 0x37, 0x34, 0x53, 0x60, 0x7E
  21519. };
  21520. static const SshKdfTestVector sshKdfTestVectors[] = {
  21521. {WC_HASH_TYPE_SHA256, 'A',
  21522. sshKdfTvSet3k, sizeof(sshKdfTvSet3k),
  21523. sshKdfTvSet3h, sizeof(sshKdfTvSet3h),
  21524. sshKdfTvSet3sid, sizeof(sshKdfTvSet3sid),
  21525. sshKdfTvSet3a, sizeof(sshKdfTvSet3a)},
  21526. {WC_HASH_TYPE_SHA256, 'B',
  21527. sshKdfTvSet3k, sizeof(sshKdfTvSet3k),
  21528. sshKdfTvSet3h, sizeof(sshKdfTvSet3h),
  21529. sshKdfTvSet3sid, sizeof(sshKdfTvSet3sid),
  21530. sshKdfTvSet3b, sizeof(sshKdfTvSet3b)},
  21531. {WC_HASH_TYPE_SHA256, 'C',
  21532. sshKdfTvSet3k, sizeof(sshKdfTvSet3k),
  21533. sshKdfTvSet3h, sizeof(sshKdfTvSet3h),
  21534. sshKdfTvSet3sid, sizeof(sshKdfTvSet3sid),
  21535. sshKdfTvSet3c, sizeof(sshKdfTvSet3c)},
  21536. {WC_HASH_TYPE_SHA256, 'D',
  21537. sshKdfTvSet3k, sizeof(sshKdfTvSet3k),
  21538. sshKdfTvSet3h, sizeof(sshKdfTvSet3h),
  21539. sshKdfTvSet3sid, sizeof(sshKdfTvSet3sid),
  21540. sshKdfTvSet3d, sizeof(sshKdfTvSet3d)},
  21541. {WC_HASH_TYPE_SHA256, 'E',
  21542. sshKdfTvSet3k, sizeof(sshKdfTvSet3k),
  21543. sshKdfTvSet3h, sizeof(sshKdfTvSet3h),
  21544. sshKdfTvSet3sid, sizeof(sshKdfTvSet3sid),
  21545. sshKdfTvSet3e, sizeof(sshKdfTvSet3e)},
  21546. {WC_HASH_TYPE_SHA256, 'F',
  21547. sshKdfTvSet3k, sizeof(sshKdfTvSet3k),
  21548. sshKdfTvSet3h, sizeof(sshKdfTvSet3h),
  21549. sshKdfTvSet3sid, sizeof(sshKdfTvSet3sid),
  21550. sshKdfTvSet3f, sizeof(sshKdfTvSet3f)},
  21551. };
  21552. WOLFSSL_TEST_SUBROUTINE wc_test_ret_t sshkdf_test(void)
  21553. {
  21554. wc_test_ret_t result = 0;
  21555. word32 i;
  21556. word32 tc = sizeof(sshKdfTestVectors)/sizeof(SshKdfTestVector);
  21557. const SshKdfTestVector* tv = NULL;
  21558. byte cKey[32]; /* Greater of SHA256_DIGEST_SIZE and AES_BLOCK_SIZE */
  21559. /* sId - Session ID, eKey - Expected Key, cKey - Calculated Key */
  21560. for (i = 0, tv = sshKdfTestVectors; i < tc; i++, tv++) {
  21561. result = wc_SSH_KDF(tv->hashId, tv->keyId,
  21562. cKey, tv->expectedKeySz,
  21563. tv->k, tv->kSz, tv->h, tv->hSz,
  21564. tv->sessionId, tv->sessionIdSz);
  21565. if (result != 0) {
  21566. printf("KDF: Could not derive key.\n");
  21567. result = WC_TEST_RET_ENC_EC(result);
  21568. }
  21569. else {
  21570. if (XMEMCMP(cKey, tv->expectedKey, tv->expectedKeySz) != 0) {
  21571. printf("KDF: Calculated Key does not match Expected Key.\n");
  21572. result = WC_TEST_RET_ENC_EC(result);
  21573. }
  21574. }
  21575. if (result != 0) break;
  21576. }
  21577. return result;
  21578. }
  21579. #endif /* WOLFSSL_WOLFSSH */
  21580. #ifdef WOLFSSL_TLS13
  21581. #define TLSV13_PSK_DHE_SZ 40
  21582. typedef struct {
  21583. enum wc_HashType hashAlg;
  21584. word32 pskSz;
  21585. word32 dheSz;
  21586. byte psk[TLSV13_PSK_DHE_SZ];
  21587. byte dhe[TLSV13_PSK_DHE_SZ];
  21588. byte hashHello1[WC_MAX_DIGEST_SIZE];
  21589. byte hashHello2[WC_MAX_DIGEST_SIZE];
  21590. byte hashFinished1[WC_MAX_DIGEST_SIZE];
  21591. byte hashFinished2[WC_MAX_DIGEST_SIZE];
  21592. /* Expected */
  21593. byte clientEarlyTrafficSecret[WC_MAX_DIGEST_SIZE];
  21594. byte earlyExporterMasterSecret[WC_MAX_DIGEST_SIZE];
  21595. byte clientHandshakeTrafficSecret[WC_MAX_DIGEST_SIZE];
  21596. byte serverHandshakeTrafficSecret[WC_MAX_DIGEST_SIZE];
  21597. byte clientApplicationTrafficSecret[WC_MAX_DIGEST_SIZE];
  21598. byte serverApplicationTrafficSecret[WC_MAX_DIGEST_SIZE];
  21599. byte exporterMasterSecret[WC_MAX_DIGEST_SIZE];
  21600. byte resumptionMasterSecret[WC_MAX_DIGEST_SIZE];
  21601. } Tls13KdfTestVector;
  21602. /* The following tests come from the CAVP test vectors we used for
  21603. * our FIPS validation. The hash values used are the components from
  21604. * the test hashed together. hashHello1 is the hash of the
  21605. * clientHelloRandom value of the test vector. hashHello2 is the hash
  21606. * of the clientHelloRandom and serverHelloRandom values from the test
  21607. * vector. hashFinished1 is clientHelloRandom, serverHelloRandom, and
  21608. * serverFinishedRandom. hashFinished2 is clientHelloRandom,
  21609. * serverHelloRandom, serverFinishedRandom, and clietnFinishedRandom
  21610. * hashed together. */
  21611. static const Tls13KdfTestVector tls13KdfTestVectors[] = {
  21612. { /* 1 */
  21613. WC_HASH_TYPE_SHA256, 35, 35,
  21614. { /* PSK */
  21615. 0x7b, 0xf1, 0x05, 0x31, 0x36, 0xfa, 0x03, 0xdc,
  21616. 0x31, 0x97, 0x88, 0x04, 0x9c, 0xbc, 0xee, 0xf7,
  21617. 0x8d, 0x84, 0x95, 0x26, 0xaf, 0x1d, 0x68, 0xb0,
  21618. 0x60, 0x7a, 0xcc, 0x4f, 0xc1, 0xd3, 0xa1, 0x68,
  21619. 0x7f, 0x6d, 0xbe
  21620. },
  21621. { /* DHE */
  21622. 0x6e, 0xa1, 0x77, 0xab, 0x2f, 0x43, 0xd2, 0x4b,
  21623. 0xe5, 0xa1, 0x09, 0xe0, 0x7a, 0xd0, 0x01, 0x35,
  21624. 0x8d, 0xf8, 0xf2, 0x5c, 0x91, 0x02, 0xb0, 0x6c,
  21625. 0x3f, 0xeb, 0xee, 0xa4, 0x42, 0x19, 0xce, 0xdc,
  21626. 0x81, 0x26, 0x40
  21627. },
  21628. { /* Hello 1 */
  21629. 0xd9, 0x4b, 0xe4, 0x17, 0xef, 0x58, 0x73, 0x7d,
  21630. 0x28, 0x3d, 0xf0, 0xcc, 0x05, 0x03, 0xaf, 0xac,
  21631. 0x3d, 0x92, 0x79, 0x48, 0xe8, 0x8c, 0xdb, 0xce,
  21632. 0x95, 0x82, 0x21, 0x31, 0x7b, 0x61, 0xd7, 0xc6
  21633. },
  21634. { /* Hello 2 */
  21635. 0xb7, 0x7f, 0x29, 0x91, 0xa4, 0x8b, 0x34, 0xdb,
  21636. 0xbd, 0xc7, 0x54, 0x1c, 0x3b, 0x86, 0xa3, 0x69,
  21637. 0xfe, 0x26, 0xe4, 0x7b, 0xac, 0x57, 0x71, 0xb3,
  21638. 0x32, 0x97, 0xed, 0xd2, 0x0e, 0x95, 0xb8, 0x63
  21639. },
  21640. { /* Finished 1 */
  21641. 0x65, 0xdb, 0x6d, 0x71, 0x71, 0xd0, 0xd8, 0x49,
  21642. 0xd0, 0x3c, 0x8e, 0x2b, 0x24, 0xdf, 0xc2, 0xe9,
  21643. 0xd6, 0xfd, 0xea, 0x04, 0x95, 0x7c, 0xf0, 0x7e,
  21644. 0x57, 0x74, 0x7c, 0xdd, 0xa3, 0x0b, 0x2b, 0x36
  21645. },
  21646. { /* Finished 2 */
  21647. 0x28, 0xf2, 0xf2, 0x79, 0xcf, 0x20, 0x52, 0x90,
  21648. 0x1d, 0x91, 0x05, 0xad, 0x44, 0x26, 0x23, 0x96,
  21649. 0x32, 0xce, 0xec, 0x61, 0xd1, 0xbf, 0x00, 0x48,
  21650. 0x4a, 0xa5, 0x60, 0xcc, 0x28, 0xb5, 0x8d, 0x98
  21651. },
  21652. { /* Client Early Traffic Secret */
  21653. 0x07, 0x14, 0x6a, 0x26, 0x5b, 0x6c, 0x7f, 0x4d, 0x6b, 0x47, 0x3f, 0xd5,
  21654. 0x03, 0x1d, 0xd2, 0x23, 0x3d, 0x89, 0x3e, 0xc6, 0x51, 0xd1, 0xac, 0xf8,
  21655. 0x28, 0xae, 0x4b, 0x76, 0xc8, 0x10, 0x7e, 0xdd
  21656. },
  21657. { /* Early Exporter Master Secret */
  21658. 0xb8, 0xd3, 0x25, 0x7e, 0x2d, 0x41, 0x7b, 0xcb, 0x5e, 0x82, 0x49, 0xf5,
  21659. 0x51, 0x3d, 0xb7, 0x59, 0x32, 0xb3, 0xdf, 0x99, 0x4e, 0x04, 0x69, 0xc6,
  21660. 0x96, 0x8e, 0xe6, 0x3d, 0x91, 0xe4, 0x81, 0x11
  21661. },
  21662. { /* Client Handshake Traffic Secret */
  21663. 0xd9, 0x3b, 0x54, 0xe2, 0xb0, 0xd1, 0x85, 0xf0, 0xfd, 0xf3, 0x48, 0x4a,
  21664. 0xf8, 0x0b, 0xa5, 0xdc, 0x4c, 0x37, 0xcb, 0xd4, 0x20, 0xaf, 0x60, 0xc7,
  21665. 0xd5, 0x50, 0x5d, 0x0c, 0x77, 0x3b, 0x6f, 0xd2
  21666. },
  21667. { /* Server Handshake Traffic Secret */
  21668. 0x4d, 0x40, 0x2b, 0xd2, 0x8c, 0x33, 0x90, 0x39, 0x67, 0x67, 0x05, 0xf7,
  21669. 0x5d, 0x37, 0x1e, 0xdc, 0x4a, 0x70, 0x6b, 0x9e, 0xf8, 0x06, 0x61, 0x89,
  21670. 0x70, 0xe1, 0x3d, 0x36, 0xad, 0x88, 0x7e, 0x5b
  21671. },
  21672. { /* Client Application Traffic Secret */
  21673. 0x74, 0x6e, 0xa0, 0x13, 0x18, 0x34, 0x48, 0x4d, 0x23, 0x31, 0xf1, 0xf9,
  21674. 0xee, 0x44, 0x6d, 0xad, 0xc1, 0xad, 0x92, 0x73, 0xca, 0x27, 0x16, 0x91,
  21675. 0xa2, 0x50, 0x9a, 0xfc, 0xec, 0xf0, 0x6b, 0x24
  21676. },
  21677. { /* Server Application Traffic Secret */
  21678. 0x89, 0x18, 0x7e, 0x34, 0x8d, 0xfc, 0x14, 0xb1, 0x4f, 0x21, 0xd8, 0x29,
  21679. 0xdb, 0x9b, 0xfb, 0x55, 0xcf, 0xa1, 0x4f, 0x95, 0xf8, 0xe0, 0xb0, 0x83,
  21680. 0xd5, 0x34, 0x9e, 0x0b, 0x83, 0x37, 0x42, 0x93
  21681. },
  21682. { /* Exporter Master Secret */
  21683. 0x7d, 0xc8, 0x88, 0x46, 0xd5, 0x57, 0x15, 0xb6, 0x24, 0x25, 0x92, 0x61,
  21684. 0xb1, 0x18, 0x86, 0x2a, 0x6d, 0xa5, 0x84, 0xeb, 0x59, 0xdf, 0x13, 0xbd,
  21685. 0x73, 0xaa, 0x5d, 0x65, 0xab, 0xd9, 0xb4, 0x56
  21686. },
  21687. { /* Resumption Master Secret */
  21688. 0x20, 0xb7, 0xd0, 0xe3, 0x82, 0x01, 0xa1, 0x04, 0xb8, 0x13, 0x29, 0xed,
  21689. 0x35, 0xe4, 0x2f, 0xbf, 0x58, 0x23, 0x7f, 0x21, 0xdb, 0x9f, 0xf8, 0xe0,
  21690. 0xe8, 0xe4, 0xab, 0xc4, 0xa1, 0x61, 0xb9, 0xbb
  21691. }
  21692. },
  21693. { /* 6 */
  21694. WC_HASH_TYPE_SHA256, 0, 33,
  21695. { 0 }, /* PSK */
  21696. { /* DHE */
  21697. 0x7a, 0x46, 0x8c, 0x5a, 0xd1, 0x8e, 0x95, 0xba,
  21698. 0x61, 0xe6, 0x6f, 0xe6, 0x76, 0x0c, 0x20, 0x43,
  21699. 0x16, 0x82, 0x15, 0xfe, 0x54, 0xa3, 0xc7, 0xfd,
  21700. 0x3b, 0x2c, 0x88, 0xb4, 0xd3, 0x42, 0x70, 0x12,
  21701. 0x18
  21702. },
  21703. { /* Hello 1 */
  21704. 0x63, 0x83, 0x58, 0xab, 0x36, 0xcd, 0x0c, 0xf3,
  21705. 0x26, 0x07, 0xb5, 0x5f, 0x0b, 0x8b, 0x45, 0xd6,
  21706. 0x7d, 0x5b, 0x42, 0xdc, 0xa8, 0xaa, 0x06, 0xfb,
  21707. 0x20, 0xa5, 0xbb, 0x85, 0xdb, 0x54, 0xd8, 0x8b
  21708. },
  21709. { /* Hello 2 */
  21710. 0xea, 0xfe, 0x9e, 0x8e, 0xff, 0x1f, 0x6f, 0x43,
  21711. 0xf9, 0x5d, 0xfd, 0xbf, 0xe2, 0x5f, 0x02, 0x2f,
  21712. 0x6d, 0x47, 0x60, 0x9a, 0x48, 0x9a, 0x75, 0xfb,
  21713. 0xb5, 0x4a, 0xbf, 0x9c, 0x4e, 0xff, 0xbf, 0x0b
  21714. },
  21715. { /* Finished 1 */
  21716. 0xca, 0x25, 0xb3, 0x53, 0x8e, 0x6d, 0xc3, 0x36,
  21717. 0x17, 0x30, 0x07, 0xdf, 0x0d, 0xd7, 0x79, 0xb0,
  21718. 0x7f, 0xcb, 0xbe, 0x7a, 0xbc, 0x2d, 0x9f, 0x2d,
  21719. 0x94, 0x44, 0x94, 0xe6, 0xa4, 0xf3, 0xe8, 0x53
  21720. },
  21721. { /* Finished 2 */
  21722. 0x2e, 0xa6, 0x5a, 0xaf, 0xb5, 0xba, 0x9f, 0x2f,
  21723. 0x74, 0x83, 0x5d, 0xbf, 0x86, 0xa4, 0xa6, 0xf6,
  21724. 0xb9, 0x89, 0xdf, 0x17, 0xe1, 0xa8, 0x14, 0xc0,
  21725. 0xe1, 0x50, 0xfa, 0xec, 0xfa, 0xae, 0x8b, 0x7b
  21726. },
  21727. {
  21728. 0x20, 0x18, 0x72, 0x7c, 0xde, 0x3a, 0x85, 0x17, 0x72, 0xdc, 0xd7, 0x72,
  21729. 0xb0, 0xfc, 0x45, 0xd0, 0x62, 0xb9, 0xbb, 0x38, 0x69, 0x05, 0x7b, 0xb4,
  21730. 0x5e, 0x58, 0x5d, 0xed, 0xcd, 0x0b, 0x96, 0xd3
  21731. },
  21732. {
  21733. 0x68, 0x10, 0x20, 0xd1, 0x5e, 0xfc, 0x0c, 0x53, 0x85, 0xbb, 0xdb, 0x18,
  21734. 0xa8, 0x78, 0xf1, 0x2b, 0x13, 0xba, 0x64, 0x1d, 0xe7, 0x09, 0xbe, 0x13,
  21735. 0x49, 0x26, 0xf9, 0x98, 0x56, 0xf1, 0x43, 0xfb
  21736. },
  21737. {
  21738. 0x24, 0x35, 0x3e, 0x10, 0x6f, 0x39, 0x50, 0xd6, 0xa2, 0x12, 0x99, 0xf2,
  21739. 0xd5, 0xf5, 0x19, 0xf5, 0x84, 0xed, 0xee, 0x78, 0x2a, 0xa6, 0xfa, 0x3d,
  21740. 0x06, 0xa8, 0xa7, 0x5d, 0x97, 0x78, 0xd6, 0x58
  21741. },
  21742. {
  21743. 0xf4, 0x57, 0xac, 0x24, 0x7a, 0xfb, 0x7c, 0x3b, 0xb6, 0x39, 0x17, 0x14,
  21744. 0xd9, 0xd4, 0x58, 0x4d, 0x46, 0xd5, 0x1b, 0xde, 0xf7, 0x9d, 0x06, 0xee,
  21745. 0x8d, 0x1a, 0x2c, 0x25, 0x6d, 0x64, 0xde, 0x89
  21746. },
  21747. {
  21748. 0xb6, 0x00, 0xce, 0x63, 0xed, 0x65, 0x8b, 0x66, 0x66, 0x42, 0xc6, 0xbd,
  21749. 0x89, 0xc4, 0x71, 0x6f, 0xce, 0x28, 0xb2, 0xac, 0x97, 0x07, 0x5b, 0xea,
  21750. 0xb8, 0x1d, 0x4c, 0xeb, 0x9e, 0x71, 0x07, 0x8f
  21751. },
  21752. {
  21753. 0xf8, 0x92, 0xc8, 0xba, 0xe7, 0x83, 0xfe, 0x68, 0xe4, 0xd6, 0x5e, 0xcb,
  21754. 0xb3, 0xef, 0x49, 0xd0, 0xe7, 0xb1, 0xac, 0xcb, 0x39, 0x19, 0xfd, 0xa7,
  21755. 0xf7, 0xca, 0xab, 0x1e, 0x42, 0x14, 0xd8, 0xe7
  21756. },
  21757. {
  21758. 0x32, 0x4a, 0x1a, 0xad, 0xe2, 0xbb, 0x55, 0x8a, 0xdd, 0xe9, 0xa5, 0x2a,
  21759. 0x46, 0x5e, 0x6c, 0x83, 0x66, 0x27, 0x27, 0x94, 0xdd, 0x68, 0x59, 0xa0,
  21760. 0xbb, 0xe8, 0x31, 0x7c, 0x39, 0xd7, 0xfd, 0x6d
  21761. },
  21762. {
  21763. 0x58, 0xbc, 0x6c, 0x5b, 0x24, 0xad, 0x82, 0xb3, 0xcc, 0xc7, 0xd1, 0xa1,
  21764. 0xaa, 0x2b, 0x98, 0x9f, 0x2f, 0x7e, 0xa9, 0x63, 0xc2, 0x8e, 0xb6, 0x06,
  21765. 0xc2, 0x2b, 0x74, 0x4b, 0x79, 0x19, 0x7e, 0x2e
  21766. }
  21767. },
  21768. { /* 11 */
  21769. WC_HASH_TYPE_SHA256, 33, 0,
  21770. { /* PSK */
  21771. 0x3d, 0x39, 0x49, 0x36, 0x98, 0xc5, 0xfd, 0xcd,
  21772. 0xa0, 0x17, 0xbd, 0x65, 0x0a, 0xdb, 0xd4, 0x07,
  21773. 0x56, 0xa2, 0x7b, 0xb8, 0x2a, 0x7e, 0xfb, 0x26,
  21774. 0x74, 0xe1, 0xbc, 0x08, 0x4b, 0xf0, 0x30, 0x14,
  21775. 0x12
  21776. },
  21777. { 0 }, /* DHE */
  21778. { /* Hello 1 */
  21779. 0xb7, 0x44, 0x74, 0x6c, 0x57, 0x1f, 0xf3, 0x84,
  21780. 0x8f, 0x63, 0xfb, 0x8c, 0x94, 0x6c, 0x16, 0x68,
  21781. 0x4b, 0xe1, 0xb5, 0xb5, 0x2a, 0x4e, 0x5f, 0xdf,
  21782. 0x4b, 0x53, 0xb2, 0x35, 0xfc, 0x30, 0xf1, 0x36
  21783. },
  21784. { /* Hello 2 */
  21785. 0xe6, 0x4f, 0x3a, 0x4f, 0xd7, 0xe0, 0x64, 0xd4,
  21786. 0x69, 0x50, 0xe4, 0x8b, 0xba, 0xbc, 0x47, 0x74,
  21787. 0xa7, 0x9b, 0x40, 0x91, 0x8f, 0xa8, 0x72, 0x22,
  21788. 0x97, 0xad, 0x43, 0xa7, 0x11, 0x86, 0xb5, 0x72
  21789. },
  21790. { /* Finished 1 */
  21791. 0x5f, 0xa6, 0x10, 0xe2, 0xa3, 0x99, 0x0b, 0x5e,
  21792. 0x57, 0xee, 0xc3, 0x3a, 0x8e, 0x04, 0xf3, 0x0e,
  21793. 0x58, 0x02, 0x09, 0xb2, 0x7e, 0x2d, 0xc6, 0xd2,
  21794. 0x08, 0xae, 0x68, 0x0a, 0x55, 0xa5, 0xda, 0x51
  21795. },
  21796. { /* Finished 2 */
  21797. 0xfc, 0x5b, 0xc0, 0x7e, 0x1b, 0xaa, 0xc0, 0xb4,
  21798. 0x34, 0x85, 0x49, 0x8e, 0x16, 0x31, 0x98, 0xdf,
  21799. 0x10, 0x54, 0x22, 0xda, 0x1e, 0x6b, 0x51, 0xf6,
  21800. 0x97, 0x57, 0xa0, 0x7a, 0x92, 0xe7, 0x47, 0x52
  21801. },
  21802. {
  21803. 0x80, 0xfa, 0x36, 0x30, 0xb8, 0x65, 0xb3, 0x2a, 0x1d, 0x68, 0x91, 0x06,
  21804. 0x98, 0xa0, 0x17, 0x8f, 0xee, 0xb7, 0x9e, 0x3d, 0xd8, 0x84, 0x99, 0x30,
  21805. 0xb9, 0xd6, 0x09, 0x25, 0x5e, 0xfb, 0x8f, 0xd3 },
  21806. {
  21807. 0xa9, 0x89, 0x29, 0x70, 0xe4, 0x55, 0xec, 0x97, 0xfb, 0x24, 0x5b, 0xf9,
  21808. 0xf1, 0xa3, 0x19, 0x3d, 0xf1, 0x31, 0x14, 0xcd, 0x2a, 0xed, 0x21, 0xc8,
  21809. 0xb1, 0x53, 0xad, 0x11, 0x0b, 0x9e, 0x5a, 0xee },
  21810. {
  21811. 0x72, 0xad, 0x8d, 0x7f, 0xfc, 0xb7, 0x68, 0xda, 0x27, 0x60, 0x37, 0xa3,
  21812. 0x4a, 0x63, 0xe8, 0xa5, 0xc8, 0xcd, 0x36, 0x6a, 0x77, 0x99, 0x0d, 0xa9,
  21813. 0xb1, 0x5b, 0x2f, 0x47, 0x2e, 0x22, 0xa7, 0x5e },
  21814. {
  21815. 0x95, 0x6e, 0x85, 0x09, 0xe5, 0x04, 0x88, 0x14, 0x28, 0x8d, 0xdf, 0xe6,
  21816. 0x0d, 0x0f, 0x0d, 0x6b, 0x4e, 0x66, 0x1c, 0x03, 0xb9, 0xaa, 0x2d, 0x45,
  21817. 0x56, 0x67, 0x5c, 0x55, 0x29, 0xd6, 0x89, 0xd0 },
  21818. {
  21819. 0xe8, 0xf2, 0x14, 0xf9, 0x9b, 0x2b, 0x9f, 0x24, 0x2b, 0x37, 0xbe, 0x86,
  21820. 0xdb, 0x23, 0x4b, 0xbe, 0x39, 0x57, 0xe8, 0xa9, 0xa5, 0xee, 0x08, 0xf2,
  21821. 0x75, 0x58, 0xdb, 0xd9, 0x51, 0xc1, 0x46, 0x02 },
  21822. {
  21823. 0x3d, 0x19, 0xaf, 0xa3, 0x0b, 0x21, 0xf7, 0x3d, 0xe7, 0x37, 0x6e, 0x32,
  21824. 0x13, 0x48, 0x9d, 0xea, 0xe0, 0x90, 0xbf, 0x64, 0x48, 0xf7, 0x1e, 0xcc,
  21825. 0xf0, 0xbc, 0x92, 0xd7, 0x8a, 0x4a, 0xa8, 0xc1 },
  21826. {
  21827. 0x16, 0x35, 0xb1, 0x66, 0x28, 0xa3, 0x3e, 0x19, 0xf5, 0x2d, 0x92, 0x22,
  21828. 0x95, 0x48, 0xe8, 0x34, 0x7b, 0x30, 0x50, 0xa2, 0xa0, 0xd9, 0xc2, 0x59,
  21829. 0x39, 0xf9, 0x8c, 0x69, 0xf2, 0x2a, 0xb9, 0xff },
  21830. {
  21831. 0x32, 0x71, 0xa6, 0x87, 0x0c, 0x97, 0x42, 0x07, 0xdd, 0x5f, 0xc9, 0x44,
  21832. 0xa5, 0x7c, 0x50, 0x14, 0xfd, 0xe7, 0x5f, 0x8b, 0xd3, 0x2f, 0xdc, 0x9b,
  21833. 0xa9, 0x93, 0x22, 0x19, 0xe6, 0xf2, 0x0c, 0xd8 }
  21834. },
  21835. #ifdef WOLFSSL_SHA384
  21836. { /* 26 */
  21837. WC_HASH_TYPE_SHA384, 35, 35,
  21838. { /* PSK */
  21839. 0x62, 0x83, 0x25, 0xc7, 0xcc, 0x08, 0x5e, 0x63,
  21840. 0x64, 0x56, 0xf0, 0xc6, 0x88, 0x27, 0x5a, 0x5b,
  21841. 0x68, 0x59, 0x0b, 0x14, 0x55, 0x13, 0x2e, 0xfd,
  21842. 0x8f, 0x28, 0x5b, 0x3d, 0xe3, 0xad, 0x67, 0xe4,
  21843. 0x68, 0xba, 0xf9
  21844. },
  21845. { /* DHE */
  21846. 0xa8, 0xb1, 0xab, 0xd8, 0xc8, 0x5b, 0x52, 0xdf,
  21847. 0x7f, 0x49, 0x10, 0xf4, 0xa1, 0x31, 0xd1, 0x91,
  21848. 0x36, 0xc1, 0x87, 0x5d, 0x42, 0x2a, 0xe7, 0x1d,
  21849. 0x2c, 0x29, 0x3d, 0x40, 0x64, 0x61, 0x63, 0x76,
  21850. 0xd8, 0x66, 0xac
  21851. },
  21852. { /* Hello 1 */
  21853. 0x6f, 0xc6, 0x4c, 0xe1, 0xc6, 0x68, 0x34, 0x8c,
  21854. 0x0a, 0xe1, 0xf8, 0xb8, 0x3e, 0xd4, 0xf8, 0x0b,
  21855. 0x54, 0x50, 0xe4, 0xc5, 0x4a, 0x33, 0x7d, 0xbd,
  21856. 0x90, 0xd2, 0xa2, 0xb9, 0xb7, 0x92, 0xed, 0xab,
  21857. 0x14, 0xf1, 0xe4, 0x86, 0x22, 0x67, 0xd7, 0x44,
  21858. 0x03, 0x21, 0xdc, 0x51, 0x52, 0x7f, 0x35, 0x80
  21859. },
  21860. { /* Hello 2 */
  21861. 0x3e, 0xcf, 0x2f, 0xc3, 0x87, 0xba, 0xc5, 0xbd,
  21862. 0x7c, 0xe8, 0x35, 0x5b, 0x95, 0x51, 0x30, 0x3b,
  21863. 0x08, 0xcc, 0x2a, 0x7d, 0xb5, 0x74, 0x7c, 0x16,
  21864. 0xb3, 0x0b, 0xe7, 0x61, 0xa3, 0x7c, 0x6c, 0xbd,
  21865. 0x39, 0x74, 0xfd, 0x1e, 0x4c, 0xff, 0xc8, 0xcc,
  21866. 0xa0, 0xef, 0x29, 0x4d, 0x94, 0xaa, 0x55, 0x6f,
  21867. },
  21868. { /* Finished 1 */
  21869. 0x06, 0xc1, 0x47, 0x78, 0x66, 0x53, 0x6f, 0x24,
  21870. 0x94, 0x61, 0x69, 0xec, 0xd8, 0x60, 0x31, 0x2f,
  21871. 0xbf, 0xd6, 0x8a, 0x29, 0x17, 0xff, 0xa3, 0x88,
  21872. 0x13, 0x09, 0x8c, 0x9d, 0x6c, 0x64, 0x84, 0x48,
  21873. 0x44, 0xdd, 0x2d, 0x29, 0x4d, 0xe6, 0x98, 0x2b,
  21874. 0x45, 0x3b, 0x84, 0x33, 0x79, 0xb2, 0x75, 0x68
  21875. },
  21876. { /* Finished 2 */
  21877. 0x28, 0x1e, 0x18, 0xf7, 0x9c, 0x32, 0xa9, 0xbf,
  21878. 0x0c, 0x24, 0x58, 0x21, 0xce, 0xbc, 0xf2, 0x44,
  21879. 0xb1, 0x18, 0xaf, 0x9d, 0xd9, 0x20, 0xf9, 0xf4,
  21880. 0xed, 0xcc, 0x53, 0x82, 0x66, 0x5c, 0x46, 0x94,
  21881. 0x8c, 0x36, 0x5e, 0xca, 0x9f, 0xd8, 0x9a, 0xd3,
  21882. 0xf0, 0xe1, 0x53, 0x71, 0xdd, 0x19, 0x1e, 0x59
  21883. },
  21884. {
  21885. 0xd0, 0xef, 0xa8, 0xcb, 0x5b, 0x14, 0x0f, 0x0a, 0x62, 0xba, 0x5a, 0xb1,
  21886. 0xc5, 0xb5, 0x3f, 0x11, 0xda, 0xa1, 0x0c, 0x9c, 0xb4, 0x32, 0x48, 0x4e,
  21887. 0xfa, 0x84, 0x4f, 0xe4, 0xe7, 0x91, 0x8f, 0x42, 0x3f, 0xc7, 0x4e, 0xd3,
  21888. 0x83, 0x3d, 0x7f, 0x70, 0x12, 0xee, 0x9a, 0x37, 0x01, 0xbb, 0x14, 0xd3
  21889. },
  21890. {
  21891. 0x48, 0x6f, 0x77, 0x1d, 0x39, 0x1b, 0xa5, 0x9a, 0x76, 0xd9, 0x1d, 0x7d,
  21892. 0xb3, 0xd9, 0xb9, 0x78, 0x35, 0x0f, 0xd0, 0xe1, 0x07, 0x1f, 0x8d, 0xe5,
  21893. 0x75, 0x00, 0xda, 0xc0, 0x19, 0x01, 0xfb, 0x08, 0x35, 0xe7, 0x18, 0x8f,
  21894. 0xf0, 0x19, 0xfb, 0x46, 0xf6, 0xa5, 0x77, 0x0e, 0x90, 0x38, 0x8b, 0x15
  21895. },
  21896. {
  21897. 0x80, 0x8c, 0xa7, 0x24, 0x97, 0xf9, 0xd3, 0x52, 0xb0, 0x69, 0x9d, 0x4b,
  21898. 0xa4, 0x19, 0x4a, 0xb1, 0x46, 0x53, 0x3a, 0xc8, 0xe4, 0x02, 0x69, 0xf2,
  21899. 0xe7, 0xb6, 0x1d, 0x33, 0x51, 0xcc, 0x14, 0x40, 0x4a, 0xb0, 0xe7, 0x58,
  21900. 0x84, 0xba, 0xc2, 0x14, 0x58, 0x6b, 0xb9, 0xdc, 0x50, 0x98, 0x67, 0x01
  21901. },
  21902. {
  21903. 0xb1, 0xa8, 0xc0, 0x06, 0xb3, 0x2e, 0xa7, 0x8a, 0x6a, 0x12, 0x88, 0x00,
  21904. 0x65, 0x88, 0x9c, 0x5d, 0x35, 0xee, 0xe5, 0x51, 0x0b, 0x62, 0xf8, 0x67,
  21905. 0xe5, 0xef, 0x15, 0x1f, 0x23, 0x02, 0x74, 0x08, 0x9c, 0xc8, 0xba, 0x27,
  21906. 0x5d, 0x32, 0x19, 0x6f, 0x6d, 0x5d, 0x72, 0x5e, 0x15, 0xde, 0x30, 0xc3
  21907. },
  21908. {
  21909. 0xfd, 0xce, 0xf5, 0x65, 0x45, 0x84, 0xfb, 0x8c, 0x79, 0xa4, 0x6c, 0x1b,
  21910. 0x0e, 0x1b, 0xfd, 0x26, 0xa2, 0x53, 0xf4, 0x4e, 0x00, 0x4d, 0x4b, 0x0b,
  21911. 0x24, 0x6d, 0x35, 0x35, 0xd9, 0x97, 0x70, 0xc5, 0xf4, 0xee, 0xe3, 0xba,
  21912. 0x31, 0x1e, 0x2a, 0x42, 0xcb, 0xdf, 0x40, 0xb1, 0x14, 0xb8, 0x53, 0xce
  21913. },
  21914. {
  21915. 0xbb, 0xb3, 0x26, 0x7c, 0x22, 0x21, 0x9b, 0x72, 0x32, 0xa1, 0x97, 0xfb,
  21916. 0x78, 0x8c, 0xbe, 0x3d, 0x71, 0x45, 0xb8, 0xf5, 0x24, 0x8f, 0x0f, 0xac,
  21917. 0x42, 0x5b, 0x81, 0xe8, 0xd0, 0x71, 0x4a, 0xcb, 0x32, 0x3f, 0x03, 0xfb,
  21918. 0xec, 0x6a, 0x1f, 0x76, 0x80, 0x65, 0x01, 0x7a, 0x3d, 0xce, 0xc4, 0xdf
  21919. },
  21920. {
  21921. 0x3f, 0xcf, 0x2f, 0x63, 0x94, 0x94, 0x99, 0xfd, 0x04, 0x3a, 0x89, 0x83,
  21922. 0xcf, 0x06, 0x05, 0xec, 0x20, 0x3e, 0x5f, 0x51, 0x9d, 0x6e, 0x4a, 0xc6,
  21923. 0xf1, 0x2b, 0x37, 0x17, 0x34, 0x72, 0x6e, 0x1d, 0x2a, 0xfd, 0xc7, 0x73,
  21924. 0xb5, 0x07, 0x22, 0x81, 0x32, 0x2e, 0x21, 0x85, 0xaf, 0x10, 0xb2, 0x73
  21925. },
  21926. {
  21927. 0x52, 0x0c, 0x3d, 0x2e, 0x2d, 0x4a, 0x11, 0xae, 0x96, 0x78, 0xe9, 0x5b,
  21928. 0xd8, 0x0f, 0x6c, 0xf4, 0xbd, 0x96, 0x13, 0x55, 0x88, 0xdd, 0xa3, 0x67,
  21929. 0x36, 0x86, 0x1e, 0x0b, 0x36, 0x41, 0xec, 0xf6, 0x04, 0xb2, 0xc4, 0x16,
  21930. 0xbc, 0x2c, 0xdb, 0x30, 0x02, 0x94, 0xd4, 0x42, 0xbf, 0x38, 0xee, 0x9d
  21931. }
  21932. },
  21933. { /* 36 */
  21934. WC_HASH_TYPE_SHA384, 0, 33,
  21935. { 0 }, /* PSK */
  21936. { /* DHE */
  21937. 0xd3, 0x00, 0x72, 0x9a, 0xa8, 0xc5, 0xf3, 0xc4,
  21938. 0xf1, 0xa0, 0x26, 0x89, 0x65, 0x70, 0xc7, 0x0b,
  21939. 0x77, 0xbb, 0xe1, 0x4b, 0x2b, 0xa8, 0x4f, 0xa6,
  21940. 0x09, 0x4b, 0xba, 0x45, 0x36, 0x15, 0xee, 0x68,
  21941. 0xfd
  21942. },
  21943. { /* Hello 1 */
  21944. 0x10, 0x9d, 0x8b, 0xa2, 0x93, 0xe7, 0xd3, 0xb9,
  21945. 0xb4, 0x0f, 0xeb, 0x6a, 0xb9, 0x69, 0xcb, 0x39,
  21946. 0x16, 0x29, 0xcc, 0xd3, 0xcc, 0x1a, 0x4c, 0x1b,
  21947. 0x53, 0x7c, 0x33, 0x88, 0x06, 0xbc, 0x0a, 0x02,
  21948. 0xa0, 0xbe, 0x62, 0xc0, 0xe6, 0x5e, 0x97, 0x5b,
  21949. 0x6a, 0xa1, 0x98, 0xf3, 0xd2, 0x1e, 0xcd, 0xc5
  21950. },
  21951. { /* Hello 2 */
  21952. 0x74, 0xc0, 0x07, 0x2c, 0xc1, 0x63, 0xcc, 0x11,
  21953. 0xad, 0x1a, 0x55, 0x63, 0xbc, 0x20, 0x77, 0x96,
  21954. 0x30, 0x1c, 0x68, 0x45, 0x1e, 0x9b, 0xa7, 0xb4,
  21955. 0xf3, 0x04, 0x45, 0x16, 0x76, 0x55, 0xf9, 0xdf,
  21956. 0x4b, 0x2f, 0x1a, 0xdf, 0x5a, 0xb0, 0x93, 0xc9,
  21957. 0xab, 0xf5, 0x32, 0x47, 0x79, 0x9c, 0x01, 0xeb
  21958. },
  21959. { /* Finished 1 */
  21960. 0x27, 0x08, 0x8e, 0xa5, 0xf1, 0x30, 0xe1, 0xd6,
  21961. 0x4f, 0xa2, 0x9e, 0x3b, 0x03, 0x2d, 0x2e, 0xa3,
  21962. 0x84, 0x75, 0x51, 0x3a, 0xc3, 0xf6, 0xee, 0x2e,
  21963. 0x37, 0x0c, 0xe3, 0x28, 0x46, 0xa5, 0x2d, 0xc7,
  21964. 0xf0, 0x64, 0x78, 0x53, 0x66, 0x43, 0x02, 0xa4,
  21965. 0x7a, 0x43, 0x66, 0x4b, 0xa7, 0xcb, 0x97, 0x16
  21966. },
  21967. { /* Finished 2 */
  21968. 0x1d, 0x0d, 0xf8, 0xe1, 0x81, 0xa5, 0xbd, 0xa8,
  21969. 0x6f, 0x9d, 0x01, 0xa4, 0x9a, 0x92, 0xe2, 0xef,
  21970. 0x08, 0xab, 0xef, 0x3e, 0x2d, 0xd4, 0x82, 0xac,
  21971. 0x68, 0x9d, 0xe0, 0x54, 0x17, 0xde, 0x1a, 0xed,
  21972. 0x57, 0xcb, 0xd9, 0x2d, 0xc8, 0xbc, 0x93, 0xe6,
  21973. 0xa3, 0xec, 0xde, 0xee, 0xa1, 0x1c, 0x41, 0x85
  21974. },
  21975. {
  21976. 0x7f, 0x1f, 0xe6, 0x7b, 0xd8, 0xf5, 0x2b, 0x37, 0xbe, 0xb7, 0xd0, 0x37,
  21977. 0xce, 0x46, 0xad, 0x04, 0x2f, 0xc7, 0xdb, 0xc9, 0x9a, 0xb6, 0x00, 0x3f,
  21978. 0xc1, 0x97, 0xe9, 0x5c, 0x5e, 0x14, 0xd1, 0x38, 0x4d, 0x55, 0xe1, 0x07,
  21979. 0xb5, 0x85, 0x6d, 0xfa, 0xa7, 0x66, 0xad, 0xfa, 0xb6, 0xad, 0x29, 0x44
  21980. },
  21981. {
  21982. 0x4e, 0x6b, 0x20, 0x99, 0x55, 0x1b, 0x21, 0x89, 0xb6, 0x70, 0xdb, 0xe8,
  21983. 0xa7, 0x16, 0x55, 0xf2, 0x93, 0x13, 0x90, 0x7d, 0xfa, 0x62, 0x65, 0x53,
  21984. 0xa0, 0x97, 0xe9, 0xb4, 0xc0, 0xf1, 0xc9, 0x1a, 0x67, 0xdd, 0xca, 0x57,
  21985. 0xbc, 0xca, 0x39, 0xe6, 0x39, 0x6b, 0x63, 0x47, 0x25, 0x08, 0x3a, 0xd7
  21986. },
  21987. {
  21988. 0x35, 0x0d, 0xac, 0xd8, 0x10, 0x6a, 0x46, 0x50, 0x66, 0xae, 0x02, 0xc9,
  21989. 0xde, 0x13, 0x48, 0xce, 0x53, 0xd4, 0x92, 0x62, 0xc5, 0x65, 0x10, 0x08,
  21990. 0xc2, 0xc2, 0x82, 0xed, 0x9d, 0xc9, 0x6f, 0xa8, 0xc3, 0xc1, 0x0b, 0x7c,
  21991. 0xe1, 0x97, 0x85, 0xd6, 0x46, 0x29, 0x0e, 0x42, 0x51, 0xc1, 0x35, 0xcf
  21992. },
  21993. {
  21994. 0x3d, 0x5d, 0x84, 0xbd, 0x16, 0x46, 0x34, 0xb3, 0xf6, 0x31, 0x49, 0x3e,
  21995. 0x8d, 0xdc, 0xcb, 0x8c, 0x6a, 0x42, 0xf4, 0x88, 0xfc, 0x19, 0xfa, 0xa2,
  21996. 0x25, 0xc7, 0xa0, 0xa4, 0xca, 0xf0, 0xea, 0x2d, 0xe8, 0xc4, 0x02, 0x14,
  21997. 0x63, 0xfb, 0xd3, 0x7b, 0x51, 0x1c, 0xce, 0xca, 0xa3, 0xc3, 0xe4, 0xa5
  21998. },
  21999. {
  22000. 0x7c, 0x3a, 0x55, 0x92, 0x2e, 0xdd, 0x75, 0xdd, 0x76, 0x54, 0x4a, 0x9f,
  22001. 0xd0, 0xa2, 0x88, 0x83, 0xe9, 0x27, 0xda, 0x30, 0xe9, 0x96, 0x58, 0xc5,
  22002. 0xb7, 0x56, 0xfc, 0x4b, 0xb8, 0x5d, 0xee, 0x46, 0x70, 0x4e, 0x1b, 0x06,
  22003. 0x86, 0xaf, 0x48, 0x5c, 0x17, 0x35, 0xfa, 0x69, 0xc2, 0x4d, 0xfb, 0x09
  22004. },
  22005. {
  22006. 0x00, 0x0e, 0x28, 0x51, 0xc1, 0x7f, 0x41, 0x89, 0x6f, 0x9a, 0xca, 0x15,
  22007. 0xee, 0xed, 0x43, 0xca, 0x6d, 0x65, 0x6f, 0x51, 0x18, 0x6c, 0x08, 0x4b,
  22008. 0x77, 0xca, 0x75, 0xc4, 0xc3, 0xde, 0x29, 0x41, 0x8b, 0xaf, 0xa7, 0x1c,
  22009. 0x28, 0x37, 0xa0, 0xa0, 0x74, 0x8e, 0x09, 0x42, 0x7a, 0x1b, 0x68, 0xdb
  22010. },
  22011. {
  22012. 0x14, 0x8f, 0xab, 0x28, 0x64, 0xea, 0x45, 0x88, 0xdb, 0xc1, 0xc6, 0xa0,
  22013. 0x48, 0xdf, 0x15, 0xd0, 0x28, 0x07, 0x2d, 0x6c, 0xb8, 0x42, 0xbb, 0x60,
  22014. 0x02, 0x08, 0x9e, 0x29, 0x9b, 0x8d, 0xd6, 0x1c, 0xaf, 0xf2, 0x1a, 0xdc,
  22015. 0xf0, 0x78, 0x0b, 0x4d, 0x90, 0xa1, 0x0c, 0xb3, 0x13, 0xde, 0xca, 0x5a
  22016. },
  22017. {
  22018. 0x4d, 0x80, 0x7d, 0x0b, 0xb9, 0x00, 0x6f, 0x65, 0x51, 0x65, 0x23, 0xde,
  22019. 0x72, 0xdc, 0x4f, 0x04, 0xa5, 0xa2, 0x90, 0x45, 0x51, 0x9e, 0xd0, 0x3a,
  22020. 0xe4, 0xd7, 0x78, 0xa3, 0x0f, 0x2d, 0x65, 0x12, 0xad, 0xc8, 0x92, 0x30,
  22021. 0x79, 0x9d, 0x9d, 0x08, 0x7a, 0x9c, 0x9f, 0x83, 0xb1, 0xca, 0x59, 0x56
  22022. }
  22023. },
  22024. { /* 41 */
  22025. WC_HASH_TYPE_SHA384, 33, 0,
  22026. { /* PSK */
  22027. 0xa4, 0x8b, 0x1b, 0x5f, 0xd0, 0xea, 0x75, 0x62,
  22028. 0x06, 0x4d, 0x68, 0x40, 0x85, 0x20, 0x45, 0x95,
  22029. 0x4a, 0x00, 0xca, 0x05, 0xeb, 0xd4, 0x1d, 0x48,
  22030. 0x81, 0x89, 0xe8, 0x86, 0x43, 0xfa, 0x28, 0x17,
  22031. 0x12
  22032. },
  22033. { 0 }, /* DHE */
  22034. { /* Hello 1 */
  22035. 0x03, 0x7c, 0x33, 0x75, 0xdc, 0xc5, 0x46, 0x3a,
  22036. 0x0d, 0x56, 0xc6, 0xfb, 0xab, 0x1e, 0x1d, 0xda,
  22037. 0x59, 0xc2, 0xb2, 0xb1, 0x7c, 0x48, 0x9b, 0x06,
  22038. 0x0a, 0x5a, 0xbb, 0xf8, 0x98, 0x53, 0x78, 0x2d,
  22039. 0xd2, 0xcc, 0x87, 0x68, 0x25, 0xdd, 0x88, 0x22,
  22040. 0xcd, 0xb7, 0x74, 0x55, 0x21, 0xf9, 0x34, 0x98
  22041. },
  22042. { /* Hello 2 */
  22043. 0x03, 0xb4, 0xfb, 0xcc, 0x28, 0x2c, 0xc1, 0x70,
  22044. 0x42, 0x73, 0x57, 0xac, 0xdb, 0x47, 0x71, 0xf6,
  22045. 0x2e, 0x11, 0x8a, 0x5b, 0x47, 0x2f, 0x02, 0x54,
  22046. 0x95, 0x34, 0xed, 0x5f, 0x19, 0xc1, 0x75, 0xe0,
  22047. 0x76, 0xad, 0xb0, 0x90, 0x57, 0xcd, 0xfd, 0xd7,
  22048. 0x58, 0x1f, 0x0d, 0x6b, 0x9e, 0x51, 0x3c, 0x08
  22049. },
  22050. { /* Finished 1 */
  22051. 0x2b, 0x50, 0xd9, 0xa7, 0x43, 0x24, 0xda, 0x2c,
  22052. 0x7a, 0xaa, 0x0e, 0x37, 0xd7, 0x6b, 0x2c, 0xab,
  22053. 0x8e, 0xb2, 0xfe, 0x31, 0x1b, 0xa8, 0x12, 0x59,
  22054. 0x5b, 0x7b, 0xdc, 0x3e, 0xa7, 0x86, 0xa5, 0x48,
  22055. 0xe4, 0x46, 0x2b, 0x4c, 0xc1, 0x66, 0x4b, 0xf3,
  22056. 0x2a, 0x99, 0x93, 0x08, 0xbc, 0x3d, 0x08, 0x76
  22057. },
  22058. { /* Finished 2 */
  22059. 0x7c, 0x34, 0xc8, 0x56, 0x17, 0xf1, 0x62, 0x1c,
  22060. 0x9f, 0x0b, 0xeb, 0xfd, 0x69, 0x72, 0x51, 0xc5,
  22061. 0xfa, 0x74, 0x87, 0xc9, 0xbd, 0x50, 0xe9, 0x48,
  22062. 0xa7, 0x3c, 0x94, 0x3e, 0x06, 0x7d, 0xe8, 0x8e,
  22063. 0xc1, 0xd1, 0x08, 0x1f, 0x5d, 0x48, 0x8a, 0x25,
  22064. 0xfc, 0xea, 0xe7, 0xd9, 0xd4, 0xd0, 0xf9, 0xad
  22065. },
  22066. {
  22067. 0x4b, 0x0b, 0xed, 0xb9, 0xc8, 0xb8, 0xa8, 0x1e, 0xb0, 0x81, 0x76, 0xd5,
  22068. 0x33, 0x22, 0x71, 0x33, 0x3a, 0x85, 0x19, 0x67, 0x7e, 0x91, 0x37, 0xf2,
  22069. 0xa6, 0x11, 0x22, 0xdf, 0x41, 0x04, 0x3d, 0xa9, 0x13, 0xb9, 0xb2, 0xb1,
  22070. 0xbb, 0xd8, 0xef, 0x23, 0x7c, 0xc2, 0xab, 0x70, 0x1b, 0x51, 0x9f, 0xc9
  22071. },
  22072. {
  22073. 0xeb, 0x96, 0x10, 0x8c, 0x7d, 0x92, 0xea, 0x80, 0x86, 0xb2, 0xf8, 0x27,
  22074. 0xf2, 0x9a, 0x09, 0xc1, 0x7c, 0x09, 0x43, 0xbc, 0xfe, 0xc8, 0x75, 0xe0,
  22075. 0x97, 0xe7, 0x6d, 0xd5, 0xb2, 0x3c, 0xed, 0x12, 0xb7, 0x74, 0x0e, 0xe3,
  22076. 0xb6, 0xe0, 0xba, 0xe1, 0x8d, 0x89, 0xcf, 0x4f, 0x57, 0xf6, 0x6d, 0x90
  22077. },
  22078. {
  22079. 0x22, 0xb0, 0x39, 0x34, 0xb6, 0x6c, 0x2d, 0x7a, 0x97, 0x1c, 0x5d, 0xcc,
  22080. 0x78, 0x84, 0x71, 0xbb, 0xc6, 0x7b, 0xb6, 0xbc, 0xcc, 0x0b, 0xf8, 0xac,
  22081. 0x8e, 0xd7, 0x20, 0xbd, 0xbe, 0x32, 0xf0, 0xd6, 0xe9, 0x69, 0x13, 0xf2,
  22082. 0x9a, 0xce, 0xfe, 0x86, 0xd3, 0xee, 0xba, 0x69, 0x51, 0xb6, 0x77, 0x56
  22083. },
  22084. {
  22085. 0x16, 0xfd, 0xda, 0xf3, 0x5e, 0xb9, 0xa6, 0x17, 0x24, 0xb2, 0x16, 0x9f,
  22086. 0xb6, 0x59, 0x13, 0x0f, 0x25, 0x5a, 0xf1, 0x5b, 0x5f, 0xe4, 0x54, 0x2a,
  22087. 0xa7, 0xbf, 0x29, 0xaf, 0x5a, 0x77, 0xf4, 0x4f, 0x25, 0xba, 0x94, 0xad,
  22088. 0x6b, 0x91, 0x3b, 0xe7, 0xd5, 0x73, 0x0d, 0xff, 0xaa, 0xe3, 0x72, 0x2c
  22089. },
  22090. {
  22091. 0x22, 0xb4, 0x94, 0xc0, 0x53, 0xd7, 0x82, 0x06, 0x38, 0x9d, 0x4a, 0xa0,
  22092. 0x3f, 0xf1, 0x5f, 0x6e, 0x23, 0x8d, 0x09, 0x62, 0xbf, 0x6f, 0x7c, 0x84,
  22093. 0xc6, 0x3e, 0x15, 0xad, 0x18, 0x37, 0x76, 0x29, 0xc7, 0xd6, 0x68, 0x0c,
  22094. 0x1e, 0xc6, 0x93, 0x31, 0xef, 0x85, 0x69, 0x30, 0x68, 0xf0, 0x1e, 0x37
  22095. },
  22096. {
  22097. 0x6d, 0x4d, 0x20, 0xaf, 0x47, 0xe8, 0x1b, 0xfa, 0xd0, 0xb6, 0xc8, 0x97,
  22098. 0xd1, 0x03, 0xfc, 0x9d, 0x59, 0xa0, 0x68, 0x9d, 0xe9, 0x17, 0x8b, 0xce,
  22099. 0x48, 0x2c, 0x77, 0x8a, 0x22, 0x4b, 0x5c, 0x54, 0x22, 0xa1, 0x15, 0x12,
  22100. 0xe1, 0x07, 0x8e, 0x15, 0xd8, 0x7b, 0x16, 0x65, 0x99, 0x6b, 0xcb, 0x71
  22101. },
  22102. {
  22103. 0x79, 0x64, 0x79, 0xdd, 0x75, 0x5c, 0x6f, 0x98, 0xac, 0x03, 0xe0, 0xcd,
  22104. 0x92, 0xba, 0x0e, 0x2d, 0xb4, 0xd1, 0x8b, 0x97, 0xd0, 0x85, 0xbb, 0x2e,
  22105. 0x4f, 0x26, 0x93, 0xf5, 0x1d, 0xf3, 0xd2, 0x43, 0x4f, 0xd2, 0x47, 0xaa,
  22106. 0x91, 0x1e, 0xf3, 0x67, 0x10, 0x18, 0x2c, 0xb9, 0x01, 0xba, 0x10, 0x9f
  22107. },
  22108. {
  22109. 0x79, 0xb6, 0x9c, 0xbe, 0xf1, 0x6a, 0xb0, 0x92, 0xa0, 0x29, 0x52, 0x61,
  22110. 0xf1, 0xcd, 0x3a, 0x67, 0xe1, 0x6b, 0xb8, 0x9d, 0x0d, 0x95, 0xb6, 0x03,
  22111. 0x80, 0x1f, 0xd5, 0x75, 0xb6, 0x1d, 0x79, 0x02, 0x93, 0x43, 0x77, 0xa7,
  22112. 0x9d, 0x2f, 0xc3, 0x84, 0xc6, 0x83, 0x76, 0x16, 0x06, 0x98, 0x7b, 0x79
  22113. }
  22114. },
  22115. #endif /* WOLFSSL_SHA384 */
  22116. };
  22117. static const char protocolLabel[] = "tls13 ";
  22118. static const char ceTrafficLabel[] = "c e traffic";
  22119. static const char eExpMasterLabel[] = "e exp master";
  22120. static const char cHsTrafficLabel[] = "c hs traffic";
  22121. static const char sHsTrafficLabel[] = "s hs traffic";
  22122. static const char cAppTrafficLabel[] = "c ap traffic";
  22123. static const char sAppTrafficLabel[] = "s ap traffic";
  22124. static const char expMasterLabel[] = "exp master";
  22125. static const char resMasterLabel[] = "res master";
  22126. static const char derivedLabel[] = "derived";
  22127. WOLFSSL_TEST_SUBROUTINE wc_test_ret_t tls13_kdf_test(void)
  22128. {
  22129. wc_test_ret_t ret = 0;
  22130. word32 i;
  22131. word32 tc = sizeof(tls13KdfTestVectors)/sizeof(Tls13KdfTestVector);
  22132. const Tls13KdfTestVector* tv = NULL;
  22133. for (i = 0, tv = tls13KdfTestVectors; i < tc; i++, tv++) {
  22134. byte output[WC_MAX_DIGEST_SIZE];
  22135. byte secret[WC_MAX_DIGEST_SIZE];
  22136. byte salt[WC_MAX_DIGEST_SIZE];
  22137. byte zeroes[WC_MAX_DIGEST_SIZE];
  22138. byte hashZero[WC_MAX_DIGEST_SIZE];
  22139. int hashAlgSz;
  22140. XMEMSET(zeroes, 0, sizeof zeroes);
  22141. hashAlgSz = wc_HashGetDigestSize(tv->hashAlg);
  22142. if (hashAlgSz == BAD_FUNC_ARG) break;
  22143. ret = wc_Hash(tv->hashAlg, NULL, 0, hashZero, hashAlgSz);
  22144. if (ret != 0) break;
  22145. ret = wc_Tls13_HKDF_Extract(secret, NULL, 0,
  22146. (tv->pskSz == 0) ? zeroes : (byte*)tv->psk,
  22147. tv->pskSz, tv->hashAlg);
  22148. if (ret != 0) break;
  22149. ret = wc_Tls13_HKDF_Expand_Label(output, hashAlgSz,
  22150. secret, hashAlgSz,
  22151. (byte*)protocolLabel, (word32)XSTRLEN(protocolLabel),
  22152. (byte*)ceTrafficLabel, (word32)XSTRLEN(ceTrafficLabel),
  22153. tv->hashHello1, hashAlgSz, tv->hashAlg);
  22154. if (ret != 0) break;
  22155. ret = XMEMCMP(tv->clientEarlyTrafficSecret, output, hashAlgSz);
  22156. if (ret != 0) break;
  22157. ret = wc_Tls13_HKDF_Expand_Label(output, hashAlgSz,
  22158. secret, hashAlgSz,
  22159. (byte*)protocolLabel, (word32)XSTRLEN(protocolLabel),
  22160. (byte*)eExpMasterLabel, (word32)XSTRLEN(eExpMasterLabel),
  22161. tv->hashHello1, hashAlgSz, tv->hashAlg);
  22162. if (ret != 0) break;
  22163. ret = XMEMCMP(tv->earlyExporterMasterSecret, output, hashAlgSz);
  22164. if (ret != 0) break;
  22165. ret = wc_Tls13_HKDF_Expand_Label(salt, hashAlgSz,
  22166. secret, hashAlgSz,
  22167. (byte*)protocolLabel, (word32)XSTRLEN(protocolLabel),
  22168. (byte*)derivedLabel, (word32)XSTRLEN(derivedLabel),
  22169. hashZero, hashAlgSz, tv->hashAlg);
  22170. if (ret != 0) break;
  22171. ret = wc_Tls13_HKDF_Extract(secret, salt, hashAlgSz,
  22172. (tv->dheSz == 0) ? zeroes : (byte*)tv->dhe,
  22173. tv->dheSz, tv->hashAlg);
  22174. if (ret != 0) break;
  22175. ret = wc_Tls13_HKDF_Expand_Label(output, hashAlgSz,
  22176. secret, hashAlgSz,
  22177. (byte*)protocolLabel, (word32)XSTRLEN(protocolLabel),
  22178. (byte*)cHsTrafficLabel, (word32)XSTRLEN(cHsTrafficLabel),
  22179. tv->hashHello2, hashAlgSz, tv->hashAlg);
  22180. if (ret != 0) break;
  22181. ret = XMEMCMP(tv->clientHandshakeTrafficSecret,
  22182. output, hashAlgSz);
  22183. if (ret != 0) break;
  22184. ret = wc_Tls13_HKDF_Expand_Label(output, hashAlgSz,
  22185. secret, hashAlgSz,
  22186. (byte*)protocolLabel, (word32)XSTRLEN(protocolLabel),
  22187. (byte*)sHsTrafficLabel, (word32)XSTRLEN(sHsTrafficLabel),
  22188. tv->hashHello2, hashAlgSz, tv->hashAlg);
  22189. if (ret != 0) break;
  22190. ret = XMEMCMP(tv->serverHandshakeTrafficSecret, output, hashAlgSz);
  22191. if (ret != 0) break;
  22192. ret = wc_Tls13_HKDF_Expand_Label(salt, hashAlgSz,
  22193. secret, hashAlgSz,
  22194. (byte*)protocolLabel, (word32)XSTRLEN(protocolLabel),
  22195. (byte*)derivedLabel, (word32)XSTRLEN(derivedLabel),
  22196. hashZero, hashAlgSz, tv->hashAlg);
  22197. if (ret != 0) break;
  22198. ret = wc_Tls13_HKDF_Extract(secret, salt, hashAlgSz,
  22199. zeroes, hashAlgSz, tv->hashAlg);
  22200. if (ret != 0) break;
  22201. ret = wc_Tls13_HKDF_Expand_Label(output, hashAlgSz,
  22202. secret, hashAlgSz,
  22203. (byte*)protocolLabel, (word32)XSTRLEN(protocolLabel),
  22204. (byte*)cAppTrafficLabel, (word32)XSTRLEN(cAppTrafficLabel),
  22205. tv->hashFinished1, hashAlgSz, tv->hashAlg);
  22206. if (ret != 0) break;
  22207. ret = XMEMCMP(tv->clientApplicationTrafficSecret, output, hashAlgSz);
  22208. if (ret != 0) break;
  22209. ret = wc_Tls13_HKDF_Expand_Label(output, hashAlgSz,
  22210. secret, hashAlgSz,
  22211. (byte*)protocolLabel, (word32)XSTRLEN(protocolLabel),
  22212. (byte*)sAppTrafficLabel, (word32)XSTRLEN(sAppTrafficLabel),
  22213. tv->hashFinished1, hashAlgSz, tv->hashAlg);
  22214. if (ret != 0) break;
  22215. ret = XMEMCMP(tv->serverApplicationTrafficSecret, output, hashAlgSz);
  22216. if (ret != 0) break;
  22217. ret = wc_Tls13_HKDF_Expand_Label(output, hashAlgSz,
  22218. secret, hashAlgSz,
  22219. (byte*)protocolLabel, (word32)XSTRLEN(protocolLabel),
  22220. (byte*)expMasterLabel, (word32)XSTRLEN(expMasterLabel),
  22221. tv->hashFinished1, hashAlgSz, tv->hashAlg);
  22222. if (ret != 0) break;
  22223. ret = XMEMCMP(tv->exporterMasterSecret, output, hashAlgSz);
  22224. if (ret != 0) break;
  22225. ret = wc_Tls13_HKDF_Expand_Label(output, hashAlgSz,
  22226. secret, hashAlgSz,
  22227. (byte*)protocolLabel, (word32)XSTRLEN(protocolLabel),
  22228. (byte*)resMasterLabel, (word32)XSTRLEN(resMasterLabel),
  22229. tv->hashFinished2, hashAlgSz, tv->hashAlg);
  22230. if (ret != 0) break;
  22231. ret = XMEMCMP(tv->resumptionMasterSecret, output, hashAlgSz);
  22232. if (ret != 0) break;
  22233. }
  22234. return ret;
  22235. }
  22236. #endif /* WOLFSSL_TLS13 */
  22237. static const int fiducial2 = WC_TEST_RET_LN; /* source code reference point --
  22238. * see print_fiducials() below.
  22239. */
  22240. #if defined(HAVE_ECC) && defined(HAVE_X963_KDF)
  22241. WOLFSSL_TEST_SUBROUTINE wc_test_ret_t x963kdf_test(void)
  22242. {
  22243. wc_test_ret_t ret;
  22244. byte kek[128];
  22245. #ifndef NO_SHA
  22246. /* SHA-1, COUNT = 0
  22247. * shared secret length: 192
  22248. * SharedInfo length: 0
  22249. * key data length: 128
  22250. */
  22251. WOLFSSL_SMALL_STACK_STATIC const byte Z[] = {
  22252. 0x1c, 0x7d, 0x7b, 0x5f, 0x05, 0x97, 0xb0, 0x3d,
  22253. 0x06, 0xa0, 0x18, 0x46, 0x6e, 0xd1, 0xa9, 0x3e,
  22254. 0x30, 0xed, 0x4b, 0x04, 0xdc, 0x64, 0xcc, 0xdd
  22255. };
  22256. WOLFSSL_SMALL_STACK_STATIC const byte verify[] = {
  22257. 0xbf, 0x71, 0xdf, 0xfd, 0x8f, 0x4d, 0x99, 0x22,
  22258. 0x39, 0x36, 0xbe, 0xb4, 0x6f, 0xee, 0x8c, 0xcc
  22259. };
  22260. #endif
  22261. #ifndef NO_SHA256
  22262. /* SHA-256, COUNT = 3
  22263. * shared secret length: 192
  22264. * SharedInfo length: 0
  22265. * key data length: 128
  22266. */
  22267. WOLFSSL_SMALL_STACK_STATIC const byte Z2[] = {
  22268. 0xd3, 0x8b, 0xdb, 0xe5, 0xc4, 0xfc, 0x16, 0x4c,
  22269. 0xdd, 0x96, 0x7f, 0x63, 0xc0, 0x4f, 0xe0, 0x7b,
  22270. 0x60, 0xcd, 0xe8, 0x81, 0xc2, 0x46, 0x43, 0x8c
  22271. };
  22272. WOLFSSL_SMALL_STACK_STATIC const byte verify2[] = {
  22273. 0x5e, 0x67, 0x4d, 0xb9, 0x71, 0xba, 0xc2, 0x0a,
  22274. 0x80, 0xba, 0xd0, 0xd4, 0x51, 0x4d, 0xc4, 0x84
  22275. };
  22276. #endif
  22277. #ifdef WOLFSSL_SHA512
  22278. /* SHA-512, COUNT = 0
  22279. * shared secret length: 192
  22280. * SharedInfo length: 0
  22281. * key data length: 128
  22282. */
  22283. WOLFSSL_SMALL_STACK_STATIC const byte Z3[] = {
  22284. 0x87, 0xfc, 0x0d, 0x8c, 0x44, 0x77, 0x48, 0x5b,
  22285. 0xb5, 0x74, 0xf5, 0xfc, 0xea, 0x26, 0x4b, 0x30,
  22286. 0x88, 0x5d, 0xc8, 0xd9, 0x0a, 0xd8, 0x27, 0x82
  22287. };
  22288. WOLFSSL_SMALL_STACK_STATIC const byte verify3[] = {
  22289. 0x94, 0x76, 0x65, 0xfb, 0xb9, 0x15, 0x21, 0x53,
  22290. 0xef, 0x46, 0x02, 0x38, 0x50, 0x6a, 0x02, 0x45
  22291. };
  22292. /* SHA-512, COUNT = 0
  22293. * shared secret length: 521
  22294. * SharedInfo length: 128
  22295. * key data length: 1024
  22296. */
  22297. WOLFSSL_SMALL_STACK_STATIC const byte Z4[] = {
  22298. 0x00, 0xaa, 0x5b, 0xb7, 0x9b, 0x33, 0xe3, 0x89,
  22299. 0xfa, 0x58, 0xce, 0xad, 0xc0, 0x47, 0x19, 0x7f,
  22300. 0x14, 0xe7, 0x37, 0x12, 0xf4, 0x52, 0xca, 0xa9,
  22301. 0xfc, 0x4c, 0x9a, 0xdb, 0x36, 0x93, 0x48, 0xb8,
  22302. 0x15, 0x07, 0x39, 0x2f, 0x1a, 0x86, 0xdd, 0xfd,
  22303. 0xb7, 0xc4, 0xff, 0x82, 0x31, 0xc4, 0xbd, 0x0f,
  22304. 0x44, 0xe4, 0x4a, 0x1b, 0x55, 0xb1, 0x40, 0x47,
  22305. 0x47, 0xa9, 0xe2, 0xe7, 0x53, 0xf5, 0x5e, 0xf0,
  22306. 0x5a, 0x2d
  22307. };
  22308. WOLFSSL_SMALL_STACK_STATIC const byte info4[] = {
  22309. 0xe3, 0xb5, 0xb4, 0xc1, 0xb0, 0xd5, 0xcf, 0x1d,
  22310. 0x2b, 0x3a, 0x2f, 0x99, 0x37, 0x89, 0x5d, 0x31
  22311. };
  22312. WOLFSSL_SMALL_STACK_STATIC const byte verify4[] = {
  22313. 0x44, 0x63, 0xf8, 0x69, 0xf3, 0xcc, 0x18, 0x76,
  22314. 0x9b, 0x52, 0x26, 0x4b, 0x01, 0x12, 0xb5, 0x85,
  22315. 0x8f, 0x7a, 0xd3, 0x2a, 0x5a, 0x2d, 0x96, 0xd8,
  22316. 0xcf, 0xfa, 0xbf, 0x7f, 0xa7, 0x33, 0x63, 0x3d,
  22317. 0x6e, 0x4d, 0xd2, 0xa5, 0x99, 0xac, 0xce, 0xb3,
  22318. 0xea, 0x54, 0xa6, 0x21, 0x7c, 0xe0, 0xb5, 0x0e,
  22319. 0xef, 0x4f, 0x6b, 0x40, 0xa5, 0xc3, 0x02, 0x50,
  22320. 0xa5, 0xa8, 0xee, 0xee, 0x20, 0x80, 0x02, 0x26,
  22321. 0x70, 0x89, 0xdb, 0xf3, 0x51, 0xf3, 0xf5, 0x02,
  22322. 0x2a, 0xa9, 0x63, 0x8b, 0xf1, 0xee, 0x41, 0x9d,
  22323. 0xea, 0x9c, 0x4f, 0xf7, 0x45, 0xa2, 0x5a, 0xc2,
  22324. 0x7b, 0xda, 0x33, 0xca, 0x08, 0xbd, 0x56, 0xdd,
  22325. 0x1a, 0x59, 0xb4, 0x10, 0x6c, 0xf2, 0xdb, 0xbc,
  22326. 0x0a, 0xb2, 0xaa, 0x8e, 0x2e, 0xfa, 0x7b, 0x17,
  22327. 0x90, 0x2d, 0x34, 0x27, 0x69, 0x51, 0xce, 0xcc,
  22328. 0xab, 0x87, 0xf9, 0x66, 0x1c, 0x3e, 0x88, 0x16
  22329. };
  22330. #endif
  22331. #ifndef NO_SHA
  22332. ret = wc_X963_KDF(WC_HASH_TYPE_SHA, Z, sizeof(Z), NULL, 0,
  22333. kek, sizeof(verify));
  22334. if (ret != 0)
  22335. return WC_TEST_RET_ENC_EC(ret);
  22336. if (XMEMCMP(verify, kek, sizeof(verify)) != 0)
  22337. return WC_TEST_RET_ENC_NC;
  22338. #endif
  22339. #ifndef NO_SHA256
  22340. ret = wc_X963_KDF(WC_HASH_TYPE_SHA256, Z2, sizeof(Z2), NULL, 0,
  22341. kek, sizeof(verify2));
  22342. if (ret != 0)
  22343. return WC_TEST_RET_ENC_EC(ret);
  22344. if (XMEMCMP(verify2, kek, sizeof(verify2)) != 0)
  22345. return WC_TEST_RET_ENC_NC;
  22346. #endif
  22347. #ifdef WOLFSSL_SHA512
  22348. ret = wc_X963_KDF(WC_HASH_TYPE_SHA512, Z3, sizeof(Z3), NULL, 0,
  22349. kek, sizeof(verify3));
  22350. if (ret != 0)
  22351. return WC_TEST_RET_ENC_EC(ret);
  22352. if (XMEMCMP(verify3, kek, sizeof(verify3)) != 0)
  22353. return WC_TEST_RET_ENC_NC;
  22354. ret = wc_X963_KDF(WC_HASH_TYPE_SHA512, Z4, sizeof(Z4), info4,
  22355. sizeof(info4), kek, sizeof(verify4));
  22356. if (ret != 0)
  22357. return WC_TEST_RET_ENC_EC(ret);
  22358. if (XMEMCMP(verify4, kek, sizeof(verify4)) != 0)
  22359. return WC_TEST_RET_ENC_NC;
  22360. #endif
  22361. return 0;
  22362. }
  22363. #endif /* HAVE_X963_KDF */
  22364. #if defined(HAVE_HPKE) && (defined(HAVE_ECC) || defined(HAVE_CURVE25519)) && \
  22365. defined(HAVE_AESGCM)
  22366. static wc_test_ret_t hpke_test_single(Hpke* hpke)
  22367. {
  22368. wc_test_ret_t ret = 0;
  22369. int rngRet = 0;
  22370. WC_RNG rng[1];
  22371. const char* start_text = "this is a test";
  22372. const char* info_text = "info";
  22373. const char* aad_text = "aad";
  22374. byte ciphertext[MAX_HPKE_LABEL_SZ];
  22375. byte plaintext[MAX_HPKE_LABEL_SZ];
  22376. void* receiverKey = NULL;
  22377. void* ephemeralKey = NULL;
  22378. #ifdef WOLFSSL_SMALL_STACK
  22379. byte *pubKey = NULL; /* public key */
  22380. word16 pubKeySz = (word16)HPKE_Npk_MAX;
  22381. #else
  22382. byte pubKey[HPKE_Npk_MAX]; /* public key */
  22383. word16 pubKeySz = (word16)sizeof(pubKey);
  22384. #endif
  22385. rngRet = ret = wc_InitRng(rng);
  22386. if (ret != 0)
  22387. return WC_TEST_RET_ENC_EC(ret);
  22388. #ifdef WOLFSSL_SMALL_STACK
  22389. if (ret == 0) {
  22390. pubKey = (byte *)XMALLOC(pubKeySz, HEAP_HINT,
  22391. DYNAMIC_TYPE_TMP_BUFFER);
  22392. if (pubKey == NULL)
  22393. ret = WC_TEST_RET_ENC_EC(MEMORY_E);
  22394. }
  22395. #endif
  22396. /* generate the keys */
  22397. if (ret == 0) {
  22398. ret = wc_HpkeGenerateKeyPair(hpke, &ephemeralKey, rng);
  22399. if (ret != 0)
  22400. ret = WC_TEST_RET_ENC_EC(ret);
  22401. }
  22402. if (ret == 0) {
  22403. ret = wc_HpkeGenerateKeyPair(hpke, &receiverKey, rng);
  22404. if (ret != 0)
  22405. ret = WC_TEST_RET_ENC_EC(ret);
  22406. }
  22407. /* seal */
  22408. if (ret == 0) {
  22409. ret = wc_HpkeSealBase(hpke, ephemeralKey, receiverKey,
  22410. (byte*)info_text, (word32)XSTRLEN(info_text),
  22411. (byte*)aad_text, (word32)XSTRLEN(aad_text),
  22412. (byte*)start_text, (word32)XSTRLEN(start_text),
  22413. ciphertext);
  22414. if (ret != 0)
  22415. ret = WC_TEST_RET_ENC_EC(ret);
  22416. }
  22417. /* export ephemeral key */
  22418. if (ret == 0) {
  22419. ret = wc_HpkeSerializePublicKey(hpke, ephemeralKey, pubKey, &pubKeySz);
  22420. if (ret != 0)
  22421. ret = WC_TEST_RET_ENC_EC(ret);
  22422. }
  22423. /* open with exported ephemeral key */
  22424. if (ret == 0) {
  22425. ret = wc_HpkeOpenBase(hpke, receiverKey, pubKey, pubKeySz,
  22426. (byte*)info_text, (word32)XSTRLEN(info_text),
  22427. (byte*)aad_text, (word32)XSTRLEN(aad_text),
  22428. ciphertext, (word32)XSTRLEN(start_text),
  22429. plaintext);
  22430. if (ret != 0)
  22431. ret = WC_TEST_RET_ENC_EC(ret);
  22432. }
  22433. if (ret == 0) {
  22434. ret = XMEMCMP(plaintext, start_text, XSTRLEN(start_text));
  22435. if (ret != 0)
  22436. ret = WC_TEST_RET_ENC_NC;
  22437. }
  22438. if (ephemeralKey != NULL)
  22439. wc_HpkeFreeKey(hpke, hpke->kem, ephemeralKey, hpke->heap);
  22440. if (receiverKey != NULL)
  22441. wc_HpkeFreeKey(hpke, hpke->kem, receiverKey, hpke->heap);
  22442. #ifdef WOLFSSL_SMALL_STACK
  22443. if (pubKey != NULL)
  22444. XFREE(pubKey, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  22445. #endif
  22446. if (rngRet == 0)
  22447. wc_FreeRng(rng);
  22448. return ret;
  22449. }
  22450. WOLFSSL_TEST_SUBROUTINE wc_test_ret_t hpke_test(void)
  22451. {
  22452. wc_test_ret_t ret = 0;
  22453. Hpke hpke[1];
  22454. #if defined(HAVE_ECC)
  22455. #if defined(WOLFSSL_SHA224) || !defined(NO_SHA256)
  22456. /* p256 */
  22457. ret = wc_HpkeInit(hpke, DHKEM_P256_HKDF_SHA256, HKDF_SHA256,
  22458. HPKE_AES_128_GCM, NULL);
  22459. if (ret != 0)
  22460. return WC_TEST_RET_ENC_EC(ret);
  22461. ret = hpke_test_single(hpke);
  22462. if (ret != 0)
  22463. return ret;
  22464. #endif
  22465. #if defined(WOLFSSL_SHA384) && \
  22466. (defined(HAVE_ECC384) || defined(HAVE_ALL_CURVES))
  22467. /* p384 */
  22468. ret = wc_HpkeInit(hpke, DHKEM_P384_HKDF_SHA384, HKDF_SHA384,
  22469. HPKE_AES_128_GCM, NULL);
  22470. if (ret != 0)
  22471. return WC_TEST_RET_ENC_EC(ret);
  22472. ret = hpke_test_single(hpke);
  22473. if (ret != 0)
  22474. return ret;
  22475. #endif
  22476. #if (defined(WOLFSSL_SHA384) || defined(WOLFSSL_SHA512)) && \
  22477. (defined(HAVE_ECC521) || defined(HAVE_ALL_CURVES))
  22478. /* p521 */
  22479. ret = wc_HpkeInit(hpke, DHKEM_P521_HKDF_SHA512, HKDF_SHA512,
  22480. HPKE_AES_128_GCM, NULL);
  22481. if (ret != 0)
  22482. return WC_TEST_RET_ENC_EC(ret);
  22483. ret = hpke_test_single(hpke);
  22484. if (ret != 0)
  22485. return ret;
  22486. #endif
  22487. #endif
  22488. #if defined(HAVE_CURVE25519)
  22489. /* test with curve25519 and aes256 */
  22490. ret = wc_HpkeInit(hpke, DHKEM_X25519_HKDF_SHA256, HKDF_SHA256,
  22491. HPKE_AES_256_GCM, NULL);
  22492. if (ret != 0)
  22493. return WC_TEST_RET_ENC_EC(ret);
  22494. ret = hpke_test_single(hpke);
  22495. if (ret != 0)
  22496. return ret;
  22497. #endif
  22498. return ret;
  22499. /* x448 and chacha20 are unimplemented */
  22500. }
  22501. #endif /* HAVE_HPKE && HAVE_ECC && HAVE_AESGCM */
  22502. #if defined(WC_SRTP_KDF)
  22503. typedef struct Srtp_Kdf_Tv {
  22504. const unsigned char* key;
  22505. word32 keySz;
  22506. const unsigned char* salt;
  22507. word32 saltSz;
  22508. int kdfIdx;
  22509. const unsigned char* index;
  22510. const unsigned char* ke;
  22511. const unsigned char* ka;
  22512. const unsigned char* ks;
  22513. const unsigned char* index_c;
  22514. const unsigned char* ke_c;
  22515. const unsigned char* ka_c;
  22516. const unsigned char* ks_c;
  22517. word32 keSz;
  22518. word32 kaSz;
  22519. word32 ksSz;
  22520. } Srtp_Kdf_Tv;
  22521. WOLFSSL_TEST_SUBROUTINE wc_test_ret_t srtpkdf_test(void)
  22522. {
  22523. wc_test_ret_t ret = 0;
  22524. /* 128-bit key, kdrIdx = -1 */
  22525. WOLFSSL_SMALL_STACK_STATIC const byte key_0[] = {
  22526. 0xc4, 0x80, 0x9f, 0x6d, 0x36, 0x98, 0x88, 0x72,
  22527. 0x8e, 0x26, 0xad, 0xb5, 0x32, 0x12, 0x98, 0x90
  22528. };
  22529. WOLFSSL_SMALL_STACK_STATIC const byte salt_0[] = {
  22530. 0x0e, 0x23, 0x00, 0x6c, 0x6c, 0x04, 0x4f, 0x56,
  22531. 0x62, 0x40, 0x0e, 0x9d, 0x1b, 0xd6
  22532. };
  22533. WOLFSSL_SMALL_STACK_STATIC const byte index_0[] = {
  22534. 0x48, 0x71, 0x65, 0x64, 0x9c, 0xca
  22535. };
  22536. WOLFSSL_SMALL_STACK_STATIC const byte ke_0[] = {
  22537. 0xdc, 0x38, 0x21, 0x92, 0xab, 0x65, 0x10, 0x8a,
  22538. 0x86, 0xb2, 0x59, 0xb6, 0x1b, 0x3a, 0xf4, 0x6f
  22539. };
  22540. WOLFSSL_SMALL_STACK_STATIC const byte ka_0[] = {
  22541. 0xb8, 0x39, 0x37, 0xfb, 0x32, 0x17, 0x92, 0xee,
  22542. 0x87, 0xb7, 0x88, 0x19, 0x3b, 0xe5, 0xa4, 0xe3,
  22543. 0xbd, 0x32, 0x6e, 0xe4
  22544. };
  22545. WOLFSSL_SMALL_STACK_STATIC const byte ks_0[] = {
  22546. 0xf1, 0xc0, 0x35, 0xc0, 0x0b, 0x5a, 0x54, 0xa6,
  22547. 0x16, 0x92, 0xc0, 0x16, 0x27, 0x6c
  22548. };
  22549. WOLFSSL_SMALL_STACK_STATIC const byte index_c_0[] = {
  22550. 0x56, 0xf3, 0xf1, 0x97
  22551. };
  22552. WOLFSSL_SMALL_STACK_STATIC const byte ke_c_0[] = {
  22553. 0xab, 0x5b, 0xe0, 0xb4, 0x56, 0x23, 0x5d, 0xcf,
  22554. 0x77, 0xd5, 0x08, 0x69, 0x29, 0xba, 0xfb, 0x38
  22555. };
  22556. WOLFSSL_SMALL_STACK_STATIC const byte ka_c_0[] = {
  22557. 0xc5, 0x2f, 0xde, 0x0b, 0x80, 0xb0, 0xf0, 0xba,
  22558. 0xd8, 0xd1, 0x56, 0x45, 0xcb, 0x86, 0xe7, 0xc7,
  22559. 0xc3, 0xd8, 0x77, 0x0e
  22560. };
  22561. WOLFSSL_SMALL_STACK_STATIC const byte ks_c_0[] = {
  22562. 0xde, 0xb5, 0xf8, 0x5f, 0x81, 0x33, 0x6a, 0x96,
  22563. 0x5e, 0xd3, 0x2b, 0xb7, 0xed, 0xe8
  22564. };
  22565. /* 192-bit key, kdrIdx = 0 */
  22566. WOLFSSL_SMALL_STACK_STATIC const byte key_1[] = {
  22567. 0xbb, 0x04, 0x5b, 0x1f, 0x53, 0xc6, 0x93, 0x2c,
  22568. 0x2b, 0xa6, 0x88, 0xf5, 0xe3, 0xf2, 0x24, 0x70,
  22569. 0xe1, 0x7d, 0x7d, 0xec, 0x8a, 0x93, 0x4d, 0xf2
  22570. };
  22571. WOLFSSL_SMALL_STACK_STATIC const byte salt_1[] = {
  22572. 0xe7, 0x22, 0xab, 0x92, 0xfc, 0x7c, 0x89, 0xb6,
  22573. 0x53, 0x8a, 0xf9, 0x3c, 0xb9, 0x52
  22574. };
  22575. WOLFSSL_SMALL_STACK_STATIC const byte index_1[] = {
  22576. 0xd7, 0x87, 0x8f, 0x33, 0xb1, 0x76
  22577. };
  22578. WOLFSSL_SMALL_STACK_STATIC const byte ke_1[] = {
  22579. 0x2c, 0xc8, 0x3e, 0x54, 0xb2, 0x33, 0x89, 0xb3,
  22580. 0x71, 0x65, 0x0f, 0x51, 0x61, 0x65, 0xe4, 0x93,
  22581. 0x07, 0x4e, 0xb3, 0x47, 0xba, 0x2d, 0x60, 0x60
  22582. };
  22583. WOLFSSL_SMALL_STACK_STATIC const byte ka_1[] = {
  22584. 0x2e, 0x80, 0xe4, 0x82, 0x55, 0xa2, 0xbe, 0x6d,
  22585. 0xe0, 0x46, 0xcc, 0xc1, 0x75, 0x78, 0x6e, 0x78,
  22586. 0xd1, 0xd1, 0x47, 0x08
  22587. };
  22588. WOLFSSL_SMALL_STACK_STATIC const byte ks_1[] = {
  22589. 0xe0, 0xc1, 0xe6, 0xaf, 0x1e, 0x8d, 0x8c, 0xfe,
  22590. 0xe5, 0x60, 0x70, 0xb5, 0xe6, 0xea
  22591. };
  22592. WOLFSSL_SMALL_STACK_STATIC const byte index_c_1[] = {
  22593. 0x40, 0xbf, 0xd4, 0xa9
  22594. };
  22595. WOLFSSL_SMALL_STACK_STATIC const byte ke_c_1[] = {
  22596. 0x94, 0x0f, 0x55, 0xce, 0x58, 0xd8, 0x16, 0x65,
  22597. 0xf0, 0xfa, 0x46, 0x40, 0x0c, 0xda, 0xb1, 0x11,
  22598. 0x9e, 0x69, 0xa0, 0x93, 0x4e, 0xd7, 0xf2, 0x84
  22599. };
  22600. WOLFSSL_SMALL_STACK_STATIC const byte ka_c_1[] = {
  22601. 0xf5, 0x41, 0x6f, 0xc2, 0x65, 0xc5, 0xb3, 0xef,
  22602. 0xbb, 0x22, 0xc8, 0xfc, 0x6b, 0x00, 0x14, 0xb2,
  22603. 0xf3, 0x3b, 0x8e, 0x29
  22604. };
  22605. WOLFSSL_SMALL_STACK_STATIC const byte ks_c_1[] = {
  22606. 0x35, 0xb7, 0x42, 0x43, 0xf0, 0x01, 0x01, 0xb4,
  22607. 0x68, 0xa1, 0x28, 0x80, 0x37, 0xf0
  22608. };
  22609. /* 256-bit key, kdrIdx = 1 */
  22610. WOLFSSL_SMALL_STACK_STATIC const byte key_2[] = {
  22611. 0x10, 0x38, 0x0a, 0xcd, 0xd6, 0x47, 0xab, 0xee,
  22612. 0xc0, 0xd4, 0x44, 0xf4, 0x7e, 0x51, 0x36, 0x02,
  22613. 0x79, 0xa8, 0x94, 0x80, 0x35, 0x40, 0xed, 0x50,
  22614. 0xf4, 0x45, 0x30, 0x3d, 0xb5, 0xf0, 0x2b, 0xbb
  22615. };
  22616. WOLFSSL_SMALL_STACK_STATIC const byte salt_2[] = {
  22617. 0xc7, 0x31, 0xf2, 0xc8, 0x40, 0x43, 0xb8, 0x74,
  22618. 0x8a, 0x61, 0x84, 0x7a, 0x25, 0x8a
  22619. };
  22620. WOLFSSL_SMALL_STACK_STATIC const byte index_2[] = {
  22621. 0x82, 0xf1, 0x84, 0x8c, 0xac, 0x42
  22622. };
  22623. WOLFSSL_SMALL_STACK_STATIC const byte ke_2[] = {
  22624. 0xb2, 0x26, 0x60, 0xaf, 0x08, 0x23, 0x14, 0x98,
  22625. 0x91, 0xde, 0x5d, 0x87, 0x95, 0x61, 0xca, 0x8f,
  22626. 0x0e, 0xce, 0xfb, 0x68, 0x4d, 0xd6, 0x28, 0xcb,
  22627. 0x28, 0xe2, 0x27, 0x20, 0x2d, 0xff, 0x64, 0xbb
  22628. };
  22629. WOLFSSL_SMALL_STACK_STATIC const byte ka_2[] = {
  22630. 0x12, 0x6f, 0x52, 0xe8, 0x07, 0x7f, 0x07, 0x84,
  22631. 0xa0, 0x61, 0x96, 0xf8, 0xee, 0x4d, 0x05, 0x57,
  22632. 0x65, 0xc7, 0x50, 0xc1
  22633. };
  22634. WOLFSSL_SMALL_STACK_STATIC const byte ks_2[] = {
  22635. 0x18, 0x5a, 0x59, 0xe5, 0x91, 0x4d, 0xc9, 0x6c,
  22636. 0xfa, 0x5b, 0x36, 0x06, 0x8c, 0x9a
  22637. };
  22638. WOLFSSL_SMALL_STACK_STATIC const byte index_c_2[] = {
  22639. 0x31, 0x2d, 0x58, 0x15
  22640. };
  22641. WOLFSSL_SMALL_STACK_STATIC const byte ke_c_2[] = {
  22642. 0x14, 0xf2, 0xc8, 0x25, 0x02, 0x79, 0x22, 0xa1,
  22643. 0x96, 0xb6, 0xf7, 0x07, 0x76, 0xa6, 0xa3, 0xc4,
  22644. 0x37, 0xdf, 0xa0, 0xf8, 0x78, 0x93, 0x2c, 0xfa,
  22645. 0xea, 0x35, 0xf0, 0xf3, 0x3f, 0x32, 0x6e, 0xfd
  22646. };
  22647. WOLFSSL_SMALL_STACK_STATIC const byte ka_c_2[] = {
  22648. 0x6e, 0x3d, 0x4a, 0x99, 0xea, 0x2f, 0x9d, 0x13,
  22649. 0x4a, 0x1e, 0x71, 0x2e, 0x15, 0xc0, 0xca, 0xb6,
  22650. 0x35, 0x78, 0xdf, 0xa4
  22651. };
  22652. WOLFSSL_SMALL_STACK_STATIC const byte ks_c_2[] = {
  22653. 0xae, 0xe4, 0xec, 0x18, 0x31, 0x70, 0x5d, 0x3f,
  22654. 0xdc, 0x97, 0x89, 0x88, 0xfd, 0xff
  22655. };
  22656. /* 128-bit key, kdrIdx = 8 */
  22657. WOLFSSL_SMALL_STACK_STATIC const byte key_3[] = {
  22658. 0x36, 0xb4, 0xde, 0xcb, 0x2e, 0x51, 0x23, 0x76,
  22659. 0xe0, 0x27, 0x7e, 0x3e, 0xc8, 0xf6, 0x54, 0x04
  22660. };
  22661. WOLFSSL_SMALL_STACK_STATIC const byte salt_3[] = {
  22662. 0x73, 0x26, 0xf4, 0x3f, 0xc0, 0xd9, 0xc6, 0xe3,
  22663. 0x2f, 0x92, 0x7d, 0x46, 0x12, 0x76
  22664. };
  22665. WOLFSSL_SMALL_STACK_STATIC const byte index_3[] = {
  22666. 0x44, 0x73, 0xb2, 0x2d, 0xb2, 0x60
  22667. };
  22668. WOLFSSL_SMALL_STACK_STATIC const byte ke_3[] = {
  22669. 0x79, 0x91, 0x3d, 0x7b, 0x20, 0x5d, 0xea, 0xe2,
  22670. 0xeb, 0x46, 0x89, 0x68, 0x5a, 0x06, 0x73, 0x74
  22671. };
  22672. WOLFSSL_SMALL_STACK_STATIC const byte ka_3[] = {
  22673. 0x2d, 0x2e, 0x97, 0x4e, 0x76, 0x8c, 0x62, 0xa6,
  22674. 0x57, 0x80, 0x13, 0x42, 0x0b, 0x51, 0xa7, 0x66,
  22675. 0xea, 0x31, 0x24, 0xe6
  22676. };
  22677. WOLFSSL_SMALL_STACK_STATIC const byte ks_3[] = {
  22678. 0xcc, 0xd7, 0x31, 0xf6, 0x3b, 0xf3, 0x89, 0x8a,
  22679. 0x5b, 0x7b, 0xb5, 0x8b, 0x4c, 0x3f
  22680. };
  22681. WOLFSSL_SMALL_STACK_STATIC const byte index_c_3[] = {
  22682. 0x4a, 0x7d, 0xaa, 0x85
  22683. };
  22684. WOLFSSL_SMALL_STACK_STATIC const byte ke_c_3[] = {
  22685. 0x34, 0x99, 0x71, 0xfe, 0x12, 0x93, 0xae, 0x8c,
  22686. 0x4a, 0xe9, 0x84, 0xe4, 0x93, 0x53, 0x63, 0x88
  22687. };
  22688. WOLFSSL_SMALL_STACK_STATIC const byte ka_c_3[] = {
  22689. 0xa4, 0x53, 0x5e, 0x0a, 0x9c, 0xf2, 0xce, 0x13,
  22690. 0xef, 0x7a, 0x13, 0xee, 0x0a, 0xef, 0xba, 0x17,
  22691. 0x05, 0x18, 0xe3, 0xed
  22692. };
  22693. WOLFSSL_SMALL_STACK_STATIC const byte ks_c_3[] = {
  22694. 0xe1, 0x29, 0x4f, 0x61, 0x30, 0x3c, 0x4d, 0x46,
  22695. 0x5f, 0x5c, 0x81, 0x3c, 0x38, 0xb6
  22696. };
  22697. #define SRTP_TV_CNT 4
  22698. Srtp_Kdf_Tv tv[SRTP_TV_CNT] = {
  22699. { key_0, (word32)sizeof(key_0), salt_0, (word32)sizeof(salt_0), -1,
  22700. index_0, ke_0, ka_0, ks_0, index_c_0, ke_c_0, ka_c_0, ks_c_0,
  22701. 16, 20, 14 },
  22702. { key_1, (word32)sizeof(key_1), salt_1, (word32)sizeof(salt_1), 0,
  22703. index_1, ke_1, ka_1, ks_1, index_c_1, ke_c_1, ka_c_1, ks_c_1,
  22704. 24, 20, 14 },
  22705. { key_2, (word32)sizeof(key_2), salt_2, (word32)sizeof(salt_2), 1,
  22706. index_2, ke_2, ka_2, ks_2, index_c_2, ke_c_2, ka_c_2, ks_c_2,
  22707. 32, 20, 14 },
  22708. { key_3, (word32)sizeof(key_3), salt_3, (word32)sizeof(salt_3), 8,
  22709. index_3, ke_3, ka_3, ks_3, index_c_3, ke_c_3, ka_c_3, ks_c_3,
  22710. 16, 20, 14 },
  22711. };
  22712. int i;
  22713. int idx;
  22714. unsigned char keyE[32];
  22715. unsigned char keyA[20];
  22716. unsigned char keyS[14];
  22717. for (i = 0; (ret == 0) && (i < SRTP_TV_CNT); i++) {
  22718. #ifndef WOLFSSL_AES_128
  22719. if (tv[i].keySz == AES_128_KEY_SIZE) {
  22720. continue;
  22721. }
  22722. #endif
  22723. #ifndef WOLFSSL_AES_192
  22724. if (tv[i].keySz == AES_192_KEY_SIZE) {
  22725. continue;
  22726. }
  22727. #endif
  22728. #ifndef WOLFSSL_AES_256
  22729. if (tv[i].keySz == AES_256_KEY_SIZE) {
  22730. continue;
  22731. }
  22732. #endif
  22733. ret = wc_SRTP_KDF(tv[i].key, tv[i].keySz, tv[i].salt, tv[i].saltSz,
  22734. tv[i].kdfIdx, tv[i].index, keyE, tv[i].keSz, keyA, tv[i].kaSz,
  22735. keyS, tv[i].ksSz);
  22736. if (ret != 0)
  22737. return WC_TEST_RET_ENC_EC(ret);
  22738. if (XMEMCMP(keyE, tv[i].ke, tv[i].keSz) != 0)
  22739. return WC_TEST_RET_ENC_NC;
  22740. if (XMEMCMP(keyA, tv[i].ka, tv[i].kaSz) != 0)
  22741. return WC_TEST_RET_ENC_NC;
  22742. if (XMEMCMP(keyS, tv[i].ks, tv[i].ksSz) != 0)
  22743. return WC_TEST_RET_ENC_NC;
  22744. ret = wc_SRTP_KDF_label(tv[i].key, tv[i].keySz, tv[i].salt,
  22745. tv[i].saltSz, tv[i].kdfIdx, tv[i].index, WC_SRTP_LABEL_ENCRYPTION,
  22746. keyE, tv[i].keSz);
  22747. if (ret != 0)
  22748. return WC_TEST_RET_ENC_EC(ret);
  22749. if (XMEMCMP(keyE, tv[i].ke, tv[i].keSz) != 0)
  22750. return WC_TEST_RET_ENC_NC;
  22751. ret = wc_SRTP_KDF_label(tv[i].key, tv[i].keySz, tv[i].salt,
  22752. tv[i].saltSz, tv[i].kdfIdx, tv[i].index, WC_SRTP_LABEL_MSG_AUTH,
  22753. keyA, tv[i].kaSz);
  22754. if (ret != 0)
  22755. return WC_TEST_RET_ENC_EC(ret);
  22756. if (XMEMCMP(keyA, tv[i].ka, tv[i].kaSz) != 0)
  22757. return WC_TEST_RET_ENC_NC;
  22758. ret = wc_SRTP_KDF_label(tv[i].key, tv[i].keySz, tv[i].salt,
  22759. tv[i].saltSz, tv[i].kdfIdx, tv[i].index, WC_SRTP_LABEL_SALT, keyS,
  22760. tv[i].ksSz);
  22761. if (ret != 0)
  22762. return WC_TEST_RET_ENC_EC(ret);
  22763. if (XMEMCMP(keyS, tv[i].ks, tv[i].ksSz) != 0)
  22764. return WC_TEST_RET_ENC_NC;
  22765. ret = wc_SRTCP_KDF(tv[i].key, tv[i].keySz, tv[i].salt, tv[i].saltSz,
  22766. tv[i].kdfIdx, tv[i].index_c, keyE, tv[i].keSz, keyA, tv[i].kaSz,
  22767. keyS, tv[i].ksSz);
  22768. if (ret != 0)
  22769. return WC_TEST_RET_ENC_EC(ret);
  22770. if (XMEMCMP(keyE, tv[i].ke_c, tv[i].keSz) != 0)
  22771. return WC_TEST_RET_ENC_NC;
  22772. if (XMEMCMP(keyA, tv[i].ka_c, tv[i].kaSz) != 0)
  22773. return WC_TEST_RET_ENC_NC;
  22774. if (XMEMCMP(keyS, tv[i].ks_c, tv[i].ksSz) != 0)
  22775. return WC_TEST_RET_ENC_NC;
  22776. ret = wc_SRTCP_KDF_label(tv[i].key, tv[i].keySz, tv[i].salt,
  22777. tv[i].saltSz, tv[i].kdfIdx, tv[i].index_c,
  22778. WC_SRTCP_LABEL_ENCRYPTION, keyE, tv[i].keSz);
  22779. if (ret != 0)
  22780. return WC_TEST_RET_ENC_EC(ret);
  22781. if (XMEMCMP(keyE, tv[i].ke_c, tv[i].keSz) != 0)
  22782. return WC_TEST_RET_ENC_NC;
  22783. ret = wc_SRTCP_KDF_label(tv[i].key, tv[i].keySz, tv[i].salt,
  22784. tv[i].saltSz, tv[i].kdfIdx, tv[i].index_c, WC_SRTCP_LABEL_MSG_AUTH,
  22785. keyA, tv[i].kaSz);
  22786. if (ret != 0)
  22787. return WC_TEST_RET_ENC_EC(ret);
  22788. if (XMEMCMP(keyA, tv[i].ka_c, tv[i].kaSz) != 0)
  22789. return WC_TEST_RET_ENC_NC;
  22790. ret = wc_SRTCP_KDF_label(tv[i].key, tv[i].keySz, tv[i].salt,
  22791. tv[i].saltSz, tv[i].kdfIdx, tv[i].index_c, WC_SRTCP_LABEL_SALT,
  22792. keyS, tv[i].ksSz);
  22793. if (ret != 0)
  22794. return WC_TEST_RET_ENC_EC(ret);
  22795. if (XMEMCMP(keyS, tv[i].ks_c, tv[i].ksSz) != 0)
  22796. return WC_TEST_RET_ENC_NC;
  22797. }
  22798. #ifdef WOLFSSL_AES_128
  22799. i = 0;
  22800. #elif defined(WOLFSSL_AES_192)
  22801. i = 1;
  22802. #else
  22803. i = 2;
  22804. #endif
  22805. ret = wc_SRTP_KDF(tv[i].key, 33, tv[i].salt, tv[i].saltSz,
  22806. tv[i].kdfIdx, tv[i].index, keyE, tv[i].keSz, keyA, tv[i].kaSz,
  22807. keyS, tv[i].ksSz);
  22808. if (ret != BAD_FUNC_ARG)
  22809. return WC_TEST_RET_ENC_EC(ret);
  22810. ret = wc_SRTCP_KDF(tv[i].key, 33, tv[i].salt, tv[i].saltSz,
  22811. tv[i].kdfIdx, tv[i].index_c, keyE, tv[i].keSz, keyA, tv[i].kaSz,
  22812. keyS, tv[i].ksSz);
  22813. if (ret != BAD_FUNC_ARG)
  22814. return WC_TEST_RET_ENC_EC(ret);
  22815. ret = wc_SRTP_KDF(tv[i].key, 15, tv[i].salt, tv[i].saltSz,
  22816. tv[i].kdfIdx, tv[i].index, keyE, tv[i].keSz, keyA, tv[i].kaSz,
  22817. keyS, tv[i].ksSz);
  22818. if (ret != BAD_FUNC_ARG)
  22819. return WC_TEST_RET_ENC_EC(ret);
  22820. ret = wc_SRTCP_KDF(tv[i].key, 15, tv[i].salt, tv[i].saltSz,
  22821. tv[i].kdfIdx, tv[i].index_c, keyE, tv[i].keSz, keyA, tv[i].kaSz,
  22822. keyS, tv[i].ksSz);
  22823. if (ret != BAD_FUNC_ARG)
  22824. return WC_TEST_RET_ENC_EC(ret);
  22825. ret = wc_SRTP_KDF(tv[i].key, tv[i].keySz, tv[i].salt, 15,
  22826. tv[i].kdfIdx, tv[i].index, keyE, tv[i].keSz, keyA, tv[i].kaSz,
  22827. keyS, tv[i].ksSz);
  22828. if (ret != BAD_FUNC_ARG)
  22829. return WC_TEST_RET_ENC_EC(ret);
  22830. ret = wc_SRTCP_KDF(tv[i].key, tv[i].keySz, tv[i].salt, 15,
  22831. tv[i].kdfIdx, tv[i].index_c, keyE, tv[i].keSz, keyA, tv[i].kaSz,
  22832. keyS, tv[i].ksSz);
  22833. if (ret != BAD_FUNC_ARG)
  22834. return WC_TEST_RET_ENC_EC(ret);
  22835. ret = wc_SRTP_KDF(NULL, tv[i].keySz, tv[i].salt, tv[i].saltSz,
  22836. tv[i].kdfIdx, tv[i].index, keyE, tv[i].keSz, keyA, tv[i].kaSz,
  22837. keyS, tv[i].ksSz);
  22838. if (ret != BAD_FUNC_ARG)
  22839. return WC_TEST_RET_ENC_EC(ret);
  22840. ret = wc_SRTCP_KDF(NULL, tv[i].keySz, tv[i].salt, tv[i].saltSz,
  22841. tv[i].kdfIdx, tv[i].index_c, keyE, tv[i].keSz, keyA, tv[i].kaSz,
  22842. keyS, tv[i].ksSz);
  22843. if (ret != BAD_FUNC_ARG)
  22844. return WC_TEST_RET_ENC_EC(ret);
  22845. ret = wc_SRTP_KDF(tv[i].key, tv[i].keySz, NULL, tv[i].saltSz,
  22846. tv[i].kdfIdx, tv[i].index, keyE, tv[i].keSz, keyA, tv[i].kaSz,
  22847. keyS, tv[i].ksSz);
  22848. if (ret != BAD_FUNC_ARG)
  22849. return WC_TEST_RET_ENC_EC(ret);
  22850. ret = wc_SRTCP_KDF(tv[i].key, tv[i].keySz, NULL, tv[i].saltSz,
  22851. tv[i].kdfIdx, tv[i].index_c, keyE, tv[i].keSz, keyA, tv[i].kaSz,
  22852. keyS, tv[i].ksSz);
  22853. if (ret != BAD_FUNC_ARG)
  22854. return WC_TEST_RET_ENC_EC(ret);
  22855. ret = wc_SRTP_KDF(tv[i].key, tv[i].keySz, tv[i].salt, tv[i].saltSz,
  22856. 25, tv[i].index, keyE, tv[i].keSz, keyA, tv[i].kaSz,
  22857. keyS, tv[i].ksSz);
  22858. if (ret != BAD_FUNC_ARG)
  22859. return WC_TEST_RET_ENC_EC(ret);
  22860. ret = wc_SRTCP_KDF(tv[i].key, tv[i].keySz, tv[i].salt, tv[i].saltSz,
  22861. 25, tv[i].index_c, keyE, tv[i].keSz, keyA, tv[i].kaSz,
  22862. keyS, tv[i].ksSz);
  22863. if (ret != BAD_FUNC_ARG)
  22864. return WC_TEST_RET_ENC_EC(ret);
  22865. ret = wc_SRTP_KDF(tv[i].key, tv[i].keySz, tv[i].salt, tv[i].saltSz,
  22866. -2, tv[i].index, keyE, tv[i].keSz, keyA, tv[i].kaSz,
  22867. keyS, tv[i].ksSz);
  22868. if (ret != BAD_FUNC_ARG)
  22869. return WC_TEST_RET_ENC_EC(ret);
  22870. ret = wc_SRTCP_KDF(tv[i].key, tv[i].keySz, tv[i].salt, tv[i].saltSz,
  22871. -2, tv[i].index_c, keyE, tv[i].keSz, keyA, tv[i].kaSz,
  22872. keyS, tv[i].ksSz);
  22873. if (ret != BAD_FUNC_ARG)
  22874. return WC_TEST_RET_ENC_EC(ret);
  22875. ret = wc_SRTP_KDF(tv[i].key, tv[i].keySz, tv[i].salt, tv[i].saltSz,
  22876. tv[i].kdfIdx, tv[i].index, NULL, tv[i].keSz, keyA, tv[i].kaSz,
  22877. keyS, tv[i].ksSz);
  22878. if (ret != 0)
  22879. return WC_TEST_RET_ENC_EC(ret);
  22880. ret = wc_SRTCP_KDF(tv[i].key, tv[i].keySz, tv[i].salt, tv[i].saltSz,
  22881. tv[i].kdfIdx, tv[i].index_c, NULL, tv[i].keSz, keyA, tv[i].kaSz,
  22882. keyS, tv[i].ksSz);
  22883. if (ret != 0)
  22884. return WC_TEST_RET_ENC_EC(ret);
  22885. ret = wc_SRTP_KDF(tv[i].key, tv[i].keySz, tv[i].salt, tv[i].saltSz,
  22886. tv[i].kdfIdx, tv[i].index, keyE, tv[i].keSz, NULL, tv[i].kaSz,
  22887. keyS, tv[i].ksSz);
  22888. if (ret != 0)
  22889. return WC_TEST_RET_ENC_EC(ret);
  22890. ret = wc_SRTCP_KDF(tv[i].key, tv[i].keySz, tv[i].salt, tv[i].saltSz,
  22891. tv[i].kdfIdx, tv[i].index_c, keyE, tv[i].keSz, NULL, tv[i].kaSz,
  22892. keyS, tv[i].ksSz);
  22893. if (ret != 0)
  22894. return WC_TEST_RET_ENC_EC(ret);
  22895. ret = wc_SRTP_KDF(tv[i].key, tv[i].keySz, tv[i].salt, tv[i].saltSz,
  22896. tv[i].kdfIdx, tv[i].index, keyE, tv[i].keSz, keyA, tv[i].kaSz,
  22897. NULL, tv[i].ksSz);
  22898. if (ret != 0)
  22899. return WC_TEST_RET_ENC_EC(ret);
  22900. ret = wc_SRTCP_KDF(tv[i].key, tv[i].keySz, tv[i].salt, tv[i].saltSz,
  22901. tv[i].kdfIdx, tv[i].index_c, keyE, tv[i].keSz, keyA, tv[i].kaSz,
  22902. NULL, tv[i].ksSz);
  22903. if (ret != 0)
  22904. return WC_TEST_RET_ENC_EC(ret);
  22905. idx = wc_SRTP_KDF_kdr_to_idx(0);
  22906. if (idx != -1)
  22907. return WC_TEST_RET_ENC_NC;
  22908. for (i = 0; i < 32; i++) {
  22909. word32 kdr = 1U << i;
  22910. idx = wc_SRTP_KDF_kdr_to_idx(kdr);
  22911. if (idx != i)
  22912. return WC_TEST_RET_ENC_NC;
  22913. }
  22914. return 0;
  22915. }
  22916. #endif
  22917. #ifdef HAVE_ECC
  22918. /* size to use for ECC key gen tests */
  22919. #ifndef ECC_KEYGEN_SIZE
  22920. #if !defined(NO_ECC256) || defined(WOLFSSL_SM2)
  22921. #define ECC_KEYGEN_SIZE 32
  22922. #elif defined(HAVE_ECC384)
  22923. #define ECC_KEYGEN_SIZE 48
  22924. #elif defined(HAVE_ECC224)
  22925. #define ECC_KEYGEN_SIZE 28
  22926. #elif defined(HAVE_ECC521)
  22927. #define ECC_KEYGEN_SIZE 66
  22928. #else
  22929. #error No ECC keygen size defined for test
  22930. #endif
  22931. #endif
  22932. #ifdef BENCH_EMBEDDED
  22933. #define ECC_SHARED_SIZE 128
  22934. #else
  22935. #define ECC_SHARED_SIZE MAX_ECC_BYTES
  22936. #endif
  22937. #if defined(WOLFSSL_ECDSA_DETERMINISTIC_K) || defined(WOLFSSL_ECDSA_DETERMINISTIC_K_VARIANT)
  22938. #define HAVE_ECC_DETERMINISTIC_K
  22939. #define ECC_DIGEST_SIZE WC_SHA256_DIGEST_SIZE
  22940. #else
  22941. #define ECC_DIGEST_SIZE MAX_ECC_BYTES
  22942. #endif
  22943. #define ECC_SIG_SIZE ECC_MAX_SIG_SIZE
  22944. #ifdef NO_ECC_SECP
  22945. #define NO_ECC_VECTOR_TEST
  22946. #endif
  22947. #ifndef NO_ECC_VECTOR_TEST
  22948. #if (defined(HAVE_ECC192) || defined(HAVE_ECC224) ||\
  22949. !defined(NO_ECC256) || defined(HAVE_ECC384) ||\
  22950. defined(HAVE_ECC521) || defined(HAVE_ALL_CURVES))
  22951. #define HAVE_ECC_VECTOR_TEST
  22952. #endif
  22953. #endif
  22954. #ifdef HAVE_ECC_VECTOR_TEST
  22955. typedef struct eccVector {
  22956. const char* msg; /* SHA-1 Encoded Message */
  22957. const char* Qx;
  22958. const char* Qy;
  22959. const char* d; /* Private Key */
  22960. const char* R;
  22961. const char* S;
  22962. const char* curveName;
  22963. word32 msgLen;
  22964. word32 keySize;
  22965. #ifndef NO_ASN
  22966. const byte* r;
  22967. word32 rSz;
  22968. const byte* s;
  22969. word32 sSz;
  22970. #endif
  22971. } eccVector;
  22972. #if !defined(WOLF_CRYPTO_CB_ONLY_ECC)
  22973. static wc_test_ret_t ecc_test_vector_item(const eccVector* vector)
  22974. {
  22975. wc_test_ret_t ret = 0;
  22976. int verify = 0;
  22977. word32 sigSz;
  22978. #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
  22979. ecc_key *userA = (ecc_key *)XMALLOC(sizeof *userA, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  22980. #else
  22981. ecc_key userA[1];
  22982. #endif
  22983. WC_DECLARE_VAR(sig, byte, ECC_SIG_SIZE, HEAP_HINT);
  22984. #if !defined(NO_ASN) && !defined(HAVE_SELFTEST)
  22985. word32 sigRawSz, rSz = MAX_ECC_BYTES, sSz = MAX_ECC_BYTES;
  22986. WC_DECLARE_VAR(sigRaw, byte, ECC_SIG_SIZE, HEAP_HINT);
  22987. WC_DECLARE_VAR(r, byte, MAX_ECC_BYTES, HEAP_HINT);
  22988. WC_DECLARE_VAR(s, byte, MAX_ECC_BYTES, HEAP_HINT);
  22989. #endif
  22990. WC_ALLOC_VAR(sig, byte, ECC_SIG_SIZE, HEAP_HINT);
  22991. #if !defined(NO_ASN) && !defined(HAVE_SELFTEST)
  22992. WC_ALLOC_VAR(sigRaw, byte, ECC_SIG_SIZE, HEAP_HINT);
  22993. WC_ALLOC_VAR(r, byte, MAX_ECC_BYTES, HEAP_HINT);
  22994. WC_ALLOC_VAR(s, byte, MAX_ECC_BYTES, HEAP_HINT);
  22995. #endif
  22996. #ifdef WC_DECLARE_VAR_IS_HEAP_ALLOC
  22997. if (sig == NULL)
  22998. ERROR_OUT(MEMORY_E, done);
  22999. #if !defined(NO_ASN) && !defined(HAVE_SELFTEST)
  23000. if (sigRaw == NULL || r == NULL || s == NULL)
  23001. ERROR_OUT(MEMORY_E, done);
  23002. #endif
  23003. #endif
  23004. #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
  23005. if (userA == NULL)
  23006. ERROR_OUT(MEMORY_E, done);
  23007. #endif
  23008. ret = wc_ecc_init_ex(userA, HEAP_HINT, devId);
  23009. if (ret != 0)
  23010. goto done;
  23011. ret = wc_ecc_import_raw(userA, vector->Qx, vector->Qy,
  23012. vector->d, vector->curveName);
  23013. if (ret != 0)
  23014. goto done;
  23015. XMEMSET(sig, 0, ECC_SIG_SIZE);
  23016. sigSz = ECC_SIG_SIZE;
  23017. ret = wc_ecc_rs_to_sig(vector->R, vector->S, sig, &sigSz);
  23018. if (ret != 0)
  23019. goto done;
  23020. #if !defined(NO_ASN) && !defined(HAVE_SELFTEST)
  23021. XMEMSET(sigRaw, 0, ECC_SIG_SIZE);
  23022. sigRawSz = ECC_SIG_SIZE;
  23023. ret = wc_ecc_rs_raw_to_sig(vector->r, vector->rSz, vector->s, vector->sSz,
  23024. sigRaw, &sigRawSz);
  23025. if (ret != 0)
  23026. goto done;
  23027. if (sigSz != sigRawSz || XMEMCMP(sig, sigRaw, sigSz) != 0) {
  23028. ret = WC_TEST_RET_ENC_NC;
  23029. goto done;
  23030. }
  23031. ret = wc_ecc_sig_to_rs(sig, sigSz, r, &rSz, s, &sSz);
  23032. if (ret != 0)
  23033. goto done;
  23034. if (rSz != vector->rSz || XMEMCMP(r, vector->r, rSz) != 0 ||
  23035. sSz != vector->sSz || XMEMCMP(s, vector->s, sSz) != 0) {
  23036. ret = WC_TEST_RET_ENC_NC;
  23037. goto done;
  23038. }
  23039. #endif
  23040. #ifdef HAVE_ECC_VERIFY
  23041. do {
  23042. #if defined(WOLFSSL_ASYNC_CRYPT)
  23043. ret = wc_AsyncWait(ret, &userA->asyncDev, WC_ASYNC_FLAG_CALL_AGAIN);
  23044. #endif
  23045. if (ret == 0)
  23046. ret = wc_ecc_verify_hash(sig, sigSz, (byte*)vector->msg,
  23047. vector->msgLen, &verify, userA);
  23048. } while (ret == WC_PENDING_E);
  23049. if (ret != 0)
  23050. goto done;
  23051. TEST_SLEEP();
  23052. if (verify != 1)
  23053. ret = WC_TEST_RET_ENC_NC;
  23054. #endif
  23055. done:
  23056. #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
  23057. if (userA != NULL) {
  23058. wc_ecc_free(userA);
  23059. XFREE(userA, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  23060. }
  23061. #else
  23062. wc_ecc_free(userA);
  23063. #endif
  23064. #if !defined(NO_ASN) && !defined(HAVE_SELFTEST)
  23065. WC_FREE_VAR(sigRaw, HEAP_HINT);
  23066. WC_FREE_VAR(r, HEAP_HINT);
  23067. WC_FREE_VAR(s, HEAP_HINT);
  23068. #endif
  23069. WC_FREE_VAR(sig, HEAP_HINT);
  23070. return ret;
  23071. }
  23072. static wc_test_ret_t ecc_test_vector(int keySize)
  23073. {
  23074. wc_test_ret_t ret;
  23075. eccVector vec;
  23076. XMEMSET(&vec, 0, sizeof(vec));
  23077. vec.keySize = (word32)keySize;
  23078. switch(keySize) {
  23079. #if defined(HAVE_ECC112) || defined(HAVE_ALL_CURVES)
  23080. case 14:
  23081. return 0;
  23082. #endif /* HAVE_ECC112 */
  23083. #if defined(HAVE_ECC128) || defined(HAVE_ALL_CURVES)
  23084. case 16:
  23085. return 0;
  23086. #endif /* HAVE_ECC128 */
  23087. #if defined(HAVE_ECC160) || defined(HAVE_ALL_CURVES)
  23088. case 20:
  23089. return 0;
  23090. #endif /* HAVE_ECC160 */
  23091. #if defined(HAVE_ECC192) || defined(HAVE_ALL_CURVES)
  23092. case 24:
  23093. /* first [P-192,SHA-1] vector from FIPS 186-3 NIST vectors */
  23094. #if 1
  23095. vec.msg = "\x60\x80\x79\x42\x3f\x12\x42\x1d\xe6\x16\xb7\x49\x3e\xbe\x55\x1c\xf4\xd6\x5b\x92";
  23096. vec.msgLen = 20;
  23097. #else
  23098. /* This is the raw message prior to SHA-1 */
  23099. vec.msg =
  23100. "\xeb\xf7\x48\xd7\x48\xeb\xbc\xa7\xd2\x9f\xb4\x73\x69\x8a\x6e\x6b"
  23101. "\x4f\xb1\x0c\x86\x5d\x4a\xf0\x24\xcc\x39\xae\x3d\xf3\x46\x4b\xa4"
  23102. "\xf1\xd6\xd4\x0f\x32\xbf\x96\x18\xa9\x1b\xb5\x98\x6f\xa1\xa2\xaf"
  23103. "\x04\x8a\x0e\x14\xdc\x51\xe5\x26\x7e\xb0\x5e\x12\x7d\x68\x9d\x0a"
  23104. "\xc6\xf1\xa7\xf1\x56\xce\x06\x63\x16\xb9\x71\xcc\x7a\x11\xd0\xfd"
  23105. "\x7a\x20\x93\xe2\x7c\xf2\xd0\x87\x27\xa4\xe6\x74\x8c\xc3\x2f\xd5"
  23106. "\x9c\x78\x10\xc5\xb9\x01\x9d\xf2\x1c\xdc\xc0\xbc\xa4\x32\xc0\xa3"
  23107. "\xee\xd0\x78\x53\x87\x50\x88\x77\x11\x43\x59\xce\xe4\xa0\x71\xcf";
  23108. vec.msgLen = 128;
  23109. #endif
  23110. vec.Qx = "07008ea40b08dbe76432096e80a2494c94982d2d5bcf98e6";
  23111. vec.Qy = "76fab681d00b414ea636ba215de26d98c41bd7f2e4d65477";
  23112. vec.d = "e14f37b3d1374ff8b03f41b9b3fdd2f0ebccf275d660d7f3";
  23113. vec.R = "6994d962bdd0d793ffddf855ec5bf2f91a9698b46258a63e";
  23114. vec.S = "02ba6465a234903744ab02bc8521405b73cf5fc00e1a9f41";
  23115. vec.curveName = "SECP192R1";
  23116. #ifndef NO_ASN
  23117. vec.r = (byte*)"\x69\x94\xd9\x62\xbd\xd0\xd7\x93\xff\xdd\xf8\x55"
  23118. "\xec\x5b\xf2\xf9\x1a\x96\x98\xb4\x62\x58\xa6\x3e";
  23119. vec.rSz = 24;
  23120. vec.s = (byte*)"\x02\xba\x64\x65\xa2\x34\x90\x37\x44\xab\x02\xbc"
  23121. "\x85\x21\x40\x5b\x73\xcf\x5f\xc0\x0e\x1a\x9f\x41";
  23122. vec.sSz = 24;
  23123. #endif
  23124. break;
  23125. #endif /* HAVE_ECC192 */
  23126. #if defined(HAVE_ECC224) || defined(HAVE_ALL_CURVES)
  23127. case 28:
  23128. /* first [P-224,SHA-1] vector from FIPS 186-3 NIST vectors */
  23129. #if 1
  23130. vec.msg = "\xb9\xa3\xb8\x6d\xb0\xba\x99\xfd\xc6\xd2\x94\x6b\xfe\xbe\x9c\xe8\x3f\x10\x74\xfc";
  23131. vec.msgLen = 20;
  23132. #else
  23133. /* This is the raw message prior to SHA-1 */
  23134. vec.msg =
  23135. "\x36\xc8\xb2\x29\x86\x48\x7f\x67\x7c\x18\xd0\x97\x2a\x9e\x20\x47"
  23136. "\xb3\xaf\xa5\x9e\xc1\x62\x76\x4e\xc3\x0b\x5b\x69\xe0\x63\x0f\x99"
  23137. "\x0d\x4e\x05\xc2\x73\xb0\xe5\xa9\xd4\x28\x27\xb6\x95\xfc\x2d\x64"
  23138. "\xd9\x13\x8b\x1c\xf4\xc1\x21\x55\x89\x4c\x42\x13\x21\xa7\xbb\x97"
  23139. "\x0b\xdc\xe0\xfb\xf0\xd2\xae\x85\x61\xaa\xd8\x71\x7f\x2e\x46\xdf"
  23140. "\xe3\xff\x8d\xea\xb4\xd7\x93\x23\x56\x03\x2c\x15\x13\x0d\x59\x9e"
  23141. "\x26\xc1\x0f\x2f\xec\x96\x30\x31\xac\x69\x38\xa1\x8d\x66\x45\x38"
  23142. "\xb9\x4d\xac\x55\x34\xef\x7b\x59\x94\x24\xd6\x9b\xe1\xf7\x1c\x20";
  23143. vec.msgLen = 128;
  23144. #endif
  23145. vec.Qx = "8a4dca35136c4b70e588e23554637ae251077d1365a6ba5db9585de7";
  23146. vec.Qy = "ad3dee06de0be8279d4af435d7245f14f3b4f82eb578e519ee0057b1";
  23147. vec.d = "97c4b796e1639dd1035b708fc00dc7ba1682cec44a1002a1a820619f";
  23148. vec.R = "147b33758321e722a0360a4719738af848449e2c1d08defebc1671a7";
  23149. vec.S = "24fc7ed7f1352ca3872aa0916191289e2e04d454935d50fe6af3ad5b";
  23150. vec.curveName = "SECP224R1";
  23151. #ifndef NO_ASN
  23152. vec.r = (byte*)"\x14\x7b\x33\x75\x83\x21\xe7\x22\xa0\x36\x0a\x47"
  23153. "\x19\x73\x8a\xf8\x48\x44\x9e\x2c\x1d\x08\xde\xfe"
  23154. "\xbc\x16\x71\xa7";
  23155. vec.rSz = 28;
  23156. vec.s = (byte*)"\x24\xfc\x7e\xd7\xf1\x35\x2c\xa3\x87\x2a\xa0\x91"
  23157. "\x61\x91\x28\x9e\x2e\x04\xd4\x54\x93\x5d\x50\xfe"
  23158. "\x6a\xf3\xad\x5b";
  23159. vec.sSz = 28;
  23160. #endif
  23161. break;
  23162. #endif /* HAVE_ECC224 */
  23163. #if defined(HAVE_ECC239) || defined(HAVE_ALL_CURVES)
  23164. case 30:
  23165. return 0;
  23166. #endif /* HAVE_ECC239 */
  23167. #if !defined(NO_ECC256) || defined(HAVE_ALL_CURVES)
  23168. case 32:
  23169. /* first [P-256,SHA-1] vector from FIPS 186-3 NIST vectors */
  23170. #if 1
  23171. vec.msg = "\xa3\xf9\x1a\xe2\x1b\xa6\xb3\x03\x98\x64\x47\x2f\x18\x41\x44\xc6\xaf\x62\xcd\x0e";
  23172. vec.msgLen = 20;
  23173. #else
  23174. /* This is the raw message prior to SHA-1 */
  23175. vec.msg =
  23176. "\xa2\x4b\x21\x76\x2e\x6e\xdb\x15\x3c\xc1\x14\x38\xdb\x0e\x92\xcd"
  23177. "\xf5\x2b\x86\xb0\x6c\xa9\x70\x16\x06\x27\x59\xc7\x0d\x36\xd1\x56"
  23178. "\x2c\xc9\x63\x0d\x7f\xc7\xc7\x74\xb2\x8b\x54\xe3\x1e\xf5\x58\x72"
  23179. "\xb2\xa6\x5d\xf1\xd7\xec\x26\xde\xbb\x33\xe7\xd9\x27\xef\xcc\xf4"
  23180. "\x6b\x63\xde\x52\xa4\xf4\x31\xea\xca\x59\xb0\x5d\x2e\xde\xc4\x84"
  23181. "\x5f\xff\xc0\xee\x15\x03\x94\xd6\x1f\x3d\xfe\xcb\xcd\xbf\x6f\x5a"
  23182. "\x73\x38\xd0\xbe\x3f\x2a\x77\x34\x51\x98\x3e\xba\xeb\x48\xf6\x73"
  23183. "\x8f\xc8\x95\xdf\x35\x7e\x1a\x48\xa6\x53\xbb\x35\x5a\x31\xa1\xb4"
  23184. vec.msgLen = 128;
  23185. #endif
  23186. vec.Qx = "fa2737fb93488d19caef11ae7faf6b7f4bcd67b286e3fc54e8a65c2b74aeccb0";
  23187. vec.Qy = "d4ccd6dae698208aa8c3a6f39e45510d03be09b2f124bfc067856c324f9b4d09";
  23188. vec.d = "be34baa8d040a3b991f9075b56ba292f755b90e4b6dc10dad36715c33cfdac25";
  23189. vec.R = "2b826f5d44e2d0b6de531ad96b51e8f0c56fdfead3c236892e4d84eacfc3b75c";
  23190. vec.S = "a2248b62c03db35a7cd63e8a120a3521a89d3d2f61ff99035a2148ae32e3a248";
  23191. #ifndef NO_ASN
  23192. vec.r = (byte*)"\x2b\x82\x6f\x5d\x44\xe2\xd0\xb6\xde\x53\x1a\xd9"
  23193. "\x6b\x51\xe8\xf0\xc5\x6f\xdf\xea\xd3\xc2\x36\x89"
  23194. "\x2e\x4d\x84\xea\xcf\xc3\xb7\x5c";
  23195. vec.rSz = 32;
  23196. vec.s = (byte*)"\xa2\x24\x8b\x62\xc0\x3d\xb3\x5a\x7c\xd6\x3e\x8a"
  23197. "\x12\x0a\x35\x21\xa8\x9d\x3d\x2f\x61\xff\x99\x03"
  23198. "\x5a\x21\x48\xae\x32\xe3\xa2\x48";
  23199. vec.sSz = 32;
  23200. #endif
  23201. vec.curveName = "SECP256R1";
  23202. break;
  23203. #endif /* !NO_ECC256 */
  23204. #if defined(HAVE_ECC320) || defined(HAVE_ALL_CURVES)
  23205. case 40:
  23206. return 0;
  23207. #endif /* HAVE_ECC320 */
  23208. #if defined(HAVE_ECC384) || defined(HAVE_ALL_CURVES)
  23209. case 48:
  23210. /* first [P-384,SHA-1] vector from FIPS 186-3 NIST vectors */
  23211. #if 1
  23212. vec.msg = "\x9b\x9f\x8c\x95\x35\xa5\xca\x26\x60\x5d\xb7\xf2\xfa\x57\x3b\xdf\xc3\x2e\xab\x8b";
  23213. vec.msgLen = 20;
  23214. #else
  23215. /* This is the raw message prior to SHA-1 */
  23216. vec.msg =
  23217. "\xab\xe1\x0a\xce\x13\xe7\xe1\xd9\x18\x6c\x48\xf7\x88\x9d\x51\x47"
  23218. "\x3d\x3a\x09\x61\x98\x4b\xc8\x72\xdf\x70\x8e\xcc\x3e\xd3\xb8\x16"
  23219. "\x9d\x01\xe3\xd9\x6f\xc4\xf1\xd5\xea\x00\xa0\x36\x92\xbc\xc5\xcf"
  23220. "\xfd\x53\x78\x7c\x88\xb9\x34\xaf\x40\x4c\x03\x9d\x32\x89\xb5\xba"
  23221. "\xc5\xae\x7d\xb1\x49\x68\x75\xb5\xdc\x73\xc3\x09\xf9\x25\xc1\x3d"
  23222. "\x1c\x01\xab\xda\xaf\xeb\xcd\xac\x2c\xee\x43\x39\x39\xce\x8d\x4a"
  23223. "\x0a\x5d\x57\xbb\x70\x5f\x3b\xf6\xec\x08\x47\x95\x11\xd4\xb4\xa3"
  23224. "\x21\x1f\x61\x64\x9a\xd6\x27\x43\x14\xbf\x0d\x43\x8a\x81\xe0\x60"
  23225. vec.msgLen = 128;
  23226. #endif
  23227. vec.Qx = "e55fee6c49d8d523f5ce7bf9c0425ce4ff650708b7de5cfb095901523979a7f042602db30854735369813b5c3f5ef868";
  23228. vec.Qy = "28f59cc5dc509892a988d38a8e2519de3d0c4fd0fbdb0993e38f18506c17606c5e24249246f1ce94983a5361c5be983e";
  23229. vec.d = "a492ce8fa90084c227e1a32f7974d39e9ff67a7e8705ec3419b35fb607582bebd461e0b1520ac76ec2dd4e9b63ebae71";
  23230. vec.R = "6820b8585204648aed63bdff47f6d9acebdea62944774a7d14f0e14aa0b9a5b99545b2daee6b3c74ebf606667a3f39b7";
  23231. vec.S = "491af1d0cccd56ddd520b233775d0bc6b40a6255cc55207d8e9356741f23c96c14714221078dbd5c17f4fdd89b32a907";
  23232. vec.curveName = "SECP384R1";
  23233. #ifndef NO_ASN
  23234. vec.r = (byte*)"\x68\x20\xb8\x58\x52\x04\x64\x8a\xed\x63\xbd\xff"
  23235. "\x47\xf6\xd9\xac\xeb\xde\xa6\x29\x44\x77\x4a\x7d"
  23236. "\x14\xf0\xe1\x4a\xa0\xb9\xa5\xb9\x95\x45\xb2\xda"
  23237. "\xee\x6b\x3c\x74\xeb\xf6\x06\x66\x7a\x3f\x39\xb7";
  23238. vec.rSz = 48;
  23239. vec.s = (byte*)"\x49\x1a\xf1\xd0\xcc\xcd\x56\xdd\xd5\x20\xb2\x33"
  23240. "\x77\x5d\x0b\xc6\xb4\x0a\x62\x55\xcc\x55\x20\x7d"
  23241. "\x8e\x93\x56\x74\x1f\x23\xc9\x6c\x14\x71\x42\x21"
  23242. "\x07\x8d\xbd\x5c\x17\xf4\xfd\xd8\x9b\x32\xa9\x07";
  23243. vec.sSz = 48;
  23244. #endif
  23245. break;
  23246. #endif /* HAVE_ECC384 */
  23247. #if defined(HAVE_ECC512) || defined(HAVE_ALL_CURVES)
  23248. case 64:
  23249. return 0;
  23250. #endif /* HAVE_ECC512 */
  23251. #if defined(HAVE_ECC521) || defined(HAVE_ALL_CURVES)
  23252. case 66:
  23253. /* first [P-521,SHA-1] vector from FIPS 186-3 NIST vectors */
  23254. #if 1
  23255. vec.msg = "\x1b\xf7\x03\x9c\xca\x23\x94\x27\x3f\x11\xa1\xd4\x8d\xcc\xb4\x46\x6f\x31\x61\xdf";
  23256. vec.msgLen = 20;
  23257. #else
  23258. /* This is the raw message prior to SHA-1 */
  23259. vec.msg =
  23260. "\x50\x3f\x79\x39\x34\x0a\xc7\x23\xcd\x4a\x2f\x4e\x6c\xcc\x27\x33"
  23261. "\x38\x3a\xca\x2f\xba\x90\x02\x19\x9d\x9e\x1f\x94\x8b\xe0\x41\x21"
  23262. "\x07\xa3\xfd\xd5\x14\xd9\x0c\xd4\xf3\x7c\xc3\xac\x62\xef\x00\x3a"
  23263. "\x2d\xb1\xd9\x65\x7a\xb7\x7f\xe7\x55\xbf\x71\xfa\x59\xe4\xd9\x6e"
  23264. "\xa7\x2a\xe7\xbf\x9d\xe8\x7d\x79\x34\x3b\xc1\xa4\xbb\x14\x4d\x16"
  23265. "\x28\xd1\xe9\xe9\xc8\xed\x80\x8b\x96\x2c\x54\xe5\xf9\x6d\x53\xda"
  23266. "\x14\x7a\x96\x38\xf9\x4a\x91\x75\xd8\xed\x61\x05\x5f\x0b\xa5\x73"
  23267. "\xa8\x2b\xb7\xe0\x18\xee\xda\xc4\xea\x7b\x36\x2e\xc8\x9c\x38\x2b"
  23268. vec.msgLen = 128;
  23269. #endif
  23270. vec.Qx = "12fbcaeffa6a51f3ee4d3d2b51c5dec6d7c726ca353fc014ea2bf7cfbb9b910d32cbfa6a00fe39b6cdb8946f22775398b2e233c0cf144d78c8a7742b5c7a3bb5d23";
  23271. vec.Qy = "09cdef823dd7bf9a79e8cceacd2e4527c231d0ae5967af0958e931d7ddccf2805a3e618dc3039fec9febbd33052fe4c0fee98f033106064982d88f4e03549d4a64d";
  23272. vec.d = "1bd56bd106118eda246155bd43b42b8e13f0a6e25dd3bb376026fab4dc92b6157bc6dfec2d15dd3d0cf2a39aa68494042af48ba9601118da82c6f2108a3a203ad74";
  23273. vec.R = "0bd117b4807710898f9dd7778056485777668f0e78e6ddf5b000356121eb7a220e9493c7f9a57c077947f89ac45d5acb6661bbcd17abb3faea149ba0aa3bb1521be";
  23274. vec.S = "019cd2c5c3f9870ecdeb9b323abdf3a98cd5e231d85c6ddc5b71ab190739f7f226e6b134ba1d5889ddeb2751dabd97911dff90c34684cdbe7bb669b6c3d22f2480c";
  23275. vec.curveName = "SECP521R1";
  23276. #ifndef NO_ASN
  23277. vec.r = (byte*)"\xbd\x11\x7b\x48\x07\x71\x08\x98\xf9\xdd\x77\x78"
  23278. "\x05\x64\x85\x77\x76\x68\xf0\xe7\x8e\x6d\xdf\x5b"
  23279. "\x00\x03\x56\x12\x1e\xb7\xa2\x20\xe9\x49\x3c\x7f"
  23280. "\x9a\x57\xc0\x77\x94\x7f\x89\xac\x45\xd5\xac\xb6"
  23281. "\x66\x1b\xbc\xd1\x7a\xbb\x3f\xae\xa1\x49\xba\x0a"
  23282. "\xa3\xbb\x15\x21\xbe";
  23283. vec.rSz = 65;
  23284. vec.s = (byte*)"\x19\xcd\x2c\x5c\x3f\x98\x70\xec\xde\xb9\xb3\x23"
  23285. "\xab\xdf\x3a\x98\xcd\x5e\x23\x1d\x85\xc6\xdd\xc5"
  23286. "\xb7\x1a\xb1\x90\x73\x9f\x7f\x22\x6e\x6b\x13\x4b"
  23287. "\xa1\xd5\x88\x9d\xde\xb2\x75\x1d\xab\xd9\x79\x11"
  23288. "\xdf\xf9\x0c\x34\x68\x4c\xdb\xe7\xbb\x66\x9b\x6c"
  23289. "\x3d\x22\xf2\x48\x0c";
  23290. vec.sSz = 65;
  23291. #endif
  23292. break;
  23293. #endif /* HAVE_ECC521 */
  23294. default:
  23295. return NOT_COMPILED_IN; /* Invalid key size / Not supported */
  23296. }; /* Switch */
  23297. ret = ecc_test_vector_item(&vec);
  23298. if (ret < 0) {
  23299. return ret;
  23300. }
  23301. return 0;
  23302. }
  23303. #endif /* WOLF_CRYPTO_CB_ONLY_ECC */
  23304. #if defined(HAVE_ECC_SIGN) && (defined(WOLFSSL_ECDSA_DETERMINISTIC_K) || \
  23305. defined(WOLFSSL_ECDSA_DETERMINISTIC_K_VARIANT)) \
  23306. && (!defined(FIPS_VERSION_GE) || FIPS_VERSION_GE(5,3))
  23307. #if defined(HAVE_ECC256)
  23308. static wc_test_ret_t ecc_test_deterministic_k(WC_RNG* rng)
  23309. {
  23310. wc_test_ret_t ret;
  23311. #ifdef WOLFSSL_SMALL_STACK
  23312. ecc_key *key = NULL;
  23313. #else
  23314. ecc_key key[1];
  23315. #endif
  23316. int key_inited = 0;
  23317. byte sig[72];
  23318. word32 sigSz;
  23319. WOLFSSL_SMALL_STACK_STATIC const unsigned char msg[] = "sample";
  23320. unsigned char hash[32];
  23321. WOLFSSL_SMALL_STACK_STATIC const char* dIUT =
  23322. "C9AFA9D845BA75166B5C215767B1D6934E50C3DB36E89B127B8A622B120F6721";
  23323. WOLFSSL_SMALL_STACK_STATIC const char* QIUTx =
  23324. "60FED4BA255A9D31C961EB74C6356D68C049B8923B61FA6CE669622E60F29FB6";
  23325. WOLFSSL_SMALL_STACK_STATIC const char* QIUTy =
  23326. "7903FE1008B8BC99A41AE9E95628BC64F2F1B20C2D7E9F5177A3C294D4462299";
  23327. WOLFSSL_SMALL_STACK_STATIC const byte expSig[] = {
  23328. 0x30, 0x46, 0x02, 0x21, 0x00, 0xEF, 0xD4, 0x8B,
  23329. 0x2A, 0xAC, 0xB6, 0xA8, 0xFD, 0x11, 0x40, 0xDD,
  23330. 0x9C, 0xD4, 0x5E, 0x81, 0xD6, 0x9D, 0x2C, 0x87,
  23331. 0x7B, 0x56, 0xAA, 0xF9, 0x91, 0xC3, 0x4D, 0x0E,
  23332. 0xA8, 0x4E, 0xAF, 0x37, 0x16, 0x02, 0x21, 0x00,
  23333. 0xF7, 0xCB, 0x1C, 0x94, 0x2D, 0x65, 0x7C, 0x41,
  23334. 0xD4, 0x36, 0xC7, 0xA1, 0xB6, 0xE2, 0x9F, 0x65,
  23335. 0xF3, 0xE9, 0x00, 0xDB, 0xB9, 0xAF, 0xF4, 0x06,
  23336. 0x4D, 0xC4, 0xAB, 0x2F, 0x84, 0x3A, 0xCD, 0xA8
  23337. };
  23338. #ifdef WOLFSSL_SMALL_STACK
  23339. key = (ecc_key *)XMALLOC(sizeof(*key), HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  23340. if (key == NULL)
  23341. return MEMORY_E;
  23342. #endif
  23343. ret = wc_ecc_init_ex(key, HEAP_HINT, devId);
  23344. if (ret != 0) {
  23345. goto done;
  23346. }
  23347. key_inited = 1;
  23348. ret = wc_ecc_import_raw(key, QIUTx, QIUTy, dIUT, "SECP256R1");
  23349. if (ret != 0) {
  23350. goto done;
  23351. }
  23352. ret = wc_Hash(WC_HASH_TYPE_SHA256, msg,
  23353. (word32)XSTRLEN((const char*)msg), hash, sizeof(hash));
  23354. if (ret != 0) {
  23355. goto done;
  23356. }
  23357. ret = wc_ecc_set_deterministic(key, 1);
  23358. if (ret != 0) {
  23359. goto done;
  23360. }
  23361. sigSz = sizeof(sig);
  23362. do {
  23363. #if defined(WOLFSSL_ASYNC_CRYPT)
  23364. ret = wc_AsyncWait(ret, key.asyncDev, WC_ASYNC_FLAG_CALL_AGAIN);
  23365. #endif
  23366. if (ret == 0)
  23367. ret = wc_ecc_sign_hash(hash, sizeof(hash), sig, &sigSz, rng, key);
  23368. } while (ret == WC_PENDING_E);
  23369. if (ret != 0) {
  23370. goto done;
  23371. }
  23372. TEST_SLEEP();
  23373. if (sigSz != sizeof(expSig)) {
  23374. ret = WC_TEST_RET_ENC_NC;
  23375. goto done;
  23376. }
  23377. if (XMEMCMP(sig, expSig, sigSz) != 0) {
  23378. ret = WC_TEST_RET_ENC_NC;
  23379. goto done;
  23380. }
  23381. sigSz = sizeof(sig);
  23382. do {
  23383. #if defined(WOLFSSL_ASYNC_CRYPT)
  23384. ret = wc_AsyncWait(ret, key.asyncDev, WC_ASYNC_FLAG_CALL_AGAIN);
  23385. #endif
  23386. if (ret == 0)
  23387. ret = wc_ecc_sign_hash(hash, sizeof(hash), sig, &sigSz, rng, key);
  23388. } while (ret == WC_PENDING_E);
  23389. if (ret != 0) {
  23390. goto done;
  23391. }
  23392. TEST_SLEEP();
  23393. done:
  23394. if (key_inited)
  23395. wc_ecc_free(key);
  23396. #ifdef WOLFSSL_SMALL_STACK
  23397. XFREE(key, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  23398. #endif
  23399. return ret;
  23400. }
  23401. #endif
  23402. #ifdef WOLFSSL_PUBLIC_MP
  23403. #if defined(HAVE_ECC384)
  23404. /* KAT from RFC6979 */
  23405. static wc_test_ret_t ecc384_test_deterministic_k(WC_RNG* rng)
  23406. {
  23407. wc_test_ret_t ret;
  23408. #ifdef WOLFSSL_SMALL_STACK
  23409. ecc_key *key;
  23410. mp_int *r, *s, *expR, *expS;
  23411. #else
  23412. ecc_key key[1];
  23413. mp_int r[1], s[1], expR[1], expS[1];
  23414. #endif
  23415. int key_inited = 0;
  23416. WOLFSSL_SMALL_STACK_STATIC const unsigned char msg[] = "sample";
  23417. unsigned char hash[32];
  23418. WOLFSSL_SMALL_STACK_STATIC const char* dIUT =
  23419. "6B9D3DAD2E1B8C1C05B19875B6659F4DE23C3B667BF297BA9AA47740787137D8"
  23420. "96D5724E4C70A825F872C9EA60D2EDF5";
  23421. WOLFSSL_SMALL_STACK_STATIC const char* QIUTx =
  23422. "EC3A4E415B4E19A4568618029F427FA5DA9A8BC4AE92E02E06AAE5286B300C64"
  23423. "DEF8F0EA9055866064A254515480BC13";
  23424. WOLFSSL_SMALL_STACK_STATIC const char* QIUTy =
  23425. "8015D9B72D7D57244EA8EF9AC0C621896708A59367F9DFB9F54CA84B3F1C9DB1"
  23426. "288B231C3AE0D4FE7344FD2533264720";
  23427. WOLFSSL_SMALL_STACK_STATIC const char* expRstr =
  23428. "21B13D1E013C7FA1392D03C5F99AF8B30C570C6F98D4EA8E354B63A21D3DAA33"
  23429. "BDE1E888E63355D92FA2B3C36D8FB2CD";
  23430. WOLFSSL_SMALL_STACK_STATIC const char* expSstr =
  23431. "F3AA443FB107745BF4BD77CB3891674632068A10CA67E3D45DB2266FA7D1FEEB"
  23432. "EFDC63ECCD1AC42EC0CB8668A4FA0AB0";
  23433. #ifdef WOLFSSL_SMALL_STACK
  23434. key = (ecc_key *)XMALLOC(sizeof(*key), HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  23435. r = (mp_int *)XMALLOC(sizeof(*r), HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  23436. s = (mp_int *)XMALLOC(sizeof(*s), HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  23437. expR = (mp_int *)XMALLOC(sizeof(*expR), HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  23438. expS = (mp_int *)XMALLOC(sizeof(*expS), HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  23439. if ((key == NULL) ||
  23440. (r == NULL) ||
  23441. (s == NULL) ||
  23442. (expR == NULL) ||
  23443. (expS == NULL))
  23444. {
  23445. ret = MEMORY_E;
  23446. goto done;
  23447. }
  23448. #endif
  23449. ret = mp_init_multi(r, s, expR, expS, NULL, NULL);
  23450. if (ret != MP_OKAY) {
  23451. goto done;
  23452. }
  23453. ret = wc_ecc_init_ex(key, HEAP_HINT, devId);
  23454. if (ret != 0) {
  23455. goto done;
  23456. }
  23457. key_inited = 1;
  23458. ret = wc_ecc_import_raw(key, QIUTx, QIUTy, dIUT, "SECP384R1");
  23459. if (ret != 0) {
  23460. goto done;
  23461. }
  23462. ret = wc_Hash(WC_HASH_TYPE_SHA256, msg,
  23463. (word32)XSTRLEN((const char*)msg), hash, sizeof(hash));
  23464. if (ret != 0) {
  23465. goto done;
  23466. }
  23467. ret = wc_ecc_set_deterministic(key, 1);
  23468. if (ret != 0) {
  23469. goto done;
  23470. }
  23471. do {
  23472. #if defined(WOLFSSL_ASYNC_CRYPT)
  23473. ret = wc_AsyncWait(ret, key.asyncDev, WC_ASYNC_FLAG_CALL_AGAIN);
  23474. #endif
  23475. if (ret == 0)
  23476. ret = wc_ecc_sign_hash_ex(hash, sizeof(hash), rng, key, r, s);
  23477. } while (ret == WC_PENDING_E);
  23478. if (ret != 0) {
  23479. goto done;
  23480. }
  23481. TEST_SLEEP();
  23482. mp_read_radix(expR, expRstr, MP_RADIX_HEX);
  23483. mp_read_radix(expS, expSstr, MP_RADIX_HEX);
  23484. if (mp_cmp(r, expR) != MP_EQ) {
  23485. ret = WC_TEST_RET_ENC_NC;
  23486. }
  23487. done:
  23488. if (key_inited)
  23489. wc_ecc_free(key);
  23490. #ifdef WOLFSSL_SMALL_STACK
  23491. if (key != NULL)
  23492. XFREE(key, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  23493. if (r != NULL)
  23494. XFREE(r, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  23495. if (s != NULL)
  23496. XFREE(s, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  23497. if (expR != NULL)
  23498. XFREE(expR, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  23499. if (expS != NULL)
  23500. XFREE(expS, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  23501. #endif
  23502. return ret;
  23503. }
  23504. #endif /* HAVE_ECC384 */
  23505. #if defined(HAVE_ECC521)
  23506. /* KAT from RFC6979 */
  23507. static wc_test_ret_t ecc521_test_deterministic_k(WC_RNG* rng)
  23508. {
  23509. wc_test_ret_t ret;
  23510. #ifdef WOLFSSL_SMALL_STACK
  23511. ecc_key *key;
  23512. mp_int *r, *s, *expR, *expS;
  23513. #else
  23514. ecc_key key[1];
  23515. mp_int r[1], s[1], expR[1], expS[1];
  23516. #endif
  23517. int key_inited = 0;
  23518. WOLFSSL_SMALL_STACK_STATIC const unsigned char msg[] = "sample";
  23519. unsigned char hash[32];
  23520. WOLFSSL_SMALL_STACK_STATIC const char* dIUT =
  23521. "0FAD06DAA62BA3B25D2FB40133DA757205DE67F5BB0018FEE8C86E1B68C7E75C"
  23522. "AA896EB32F1F47C70855836A6D16FCC1466F6D8FBEC67DB89EC0C08B0E996B83"
  23523. "538";
  23524. WOLFSSL_SMALL_STACK_STATIC const char* QIUTx =
  23525. "1894550D0785932E00EAA23B694F213F8C3121F86DC97A04E5A7167DB4E5BCD3"
  23526. "71123D46E45DB6B5D5370A7F20FB633155D38FFA16D2BD761DCAC474B9A2F502"
  23527. "3A4";
  23528. WOLFSSL_SMALL_STACK_STATIC const char* QIUTy =
  23529. "0493101C962CD4D2FDDF782285E64584139C2F91B47F87FF82354D6630F746A2"
  23530. "8A0DB25741B5B34A828008B22ACC23F924FAAFBD4D33F81EA66956DFEAA2BFDF"
  23531. "CF5";
  23532. WOLFSSL_SMALL_STACK_STATIC const char* expRstr =
  23533. "1511BB4D675114FE266FC4372B87682BAECC01D3CC62CF2303C92B3526012659"
  23534. "D16876E25C7C1E57648F23B73564D67F61C6F14D527D54972810421E7D87589E"
  23535. "1A7";
  23536. WOLFSSL_SMALL_STACK_STATIC const char* expSstr =
  23537. "04A171143A83163D6DF460AAF61522695F207A58B95C0644D87E52AA1A347916"
  23538. "E4F7A72930B1BC06DBE22CE3F58264AFD23704CBB63B29B931F7DE6C9D949A7E"
  23539. "CFC";
  23540. #ifdef WOLFSSL_SMALL_STACK
  23541. key = (ecc_key *)XMALLOC(sizeof(*key), HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  23542. r = (mp_int *)XMALLOC(sizeof(*r), HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  23543. s = (mp_int *)XMALLOC(sizeof(*s), HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  23544. expR = (mp_int *)XMALLOC(sizeof(*expR), HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  23545. expS = (mp_int *)XMALLOC(sizeof(*expS), HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  23546. if ((key == NULL) ||
  23547. (r == NULL) ||
  23548. (s == NULL) ||
  23549. (expR == NULL) ||
  23550. (expS == NULL))
  23551. {
  23552. ret = MEMORY_E;
  23553. goto done;
  23554. }
  23555. #endif
  23556. ret = mp_init_multi(r, s, expR, expS, NULL, NULL);
  23557. if (ret != MP_OKAY) {
  23558. goto done;
  23559. }
  23560. ret = wc_ecc_init_ex(key, HEAP_HINT, devId);
  23561. if (ret != 0) {
  23562. return WC_TEST_RET_ENC_EC(ret);
  23563. }
  23564. key_inited = 1;
  23565. ret = wc_ecc_import_raw(key, QIUTx, QIUTy, dIUT, "SECP521R1");
  23566. if (ret != 0) {
  23567. goto done;
  23568. }
  23569. ret = wc_Hash(WC_HASH_TYPE_SHA256, msg,
  23570. (word32)XSTRLEN((const char*)msg), hash, sizeof(hash));
  23571. if (ret != 0) {
  23572. goto done;
  23573. }
  23574. ret = wc_ecc_set_deterministic(key, 1);
  23575. if (ret != 0) {
  23576. goto done;
  23577. }
  23578. do {
  23579. #if defined(WOLFSSL_ASYNC_CRYPT)
  23580. ret = wc_AsyncWait(ret, key.asyncDev, WC_ASYNC_FLAG_CALL_AGAIN);
  23581. #endif
  23582. if (ret == 0)
  23583. ret = wc_ecc_sign_hash_ex(hash, sizeof(hash), rng, key, r, s);
  23584. } while (ret == WC_PENDING_E);
  23585. if (ret != 0) {
  23586. goto done;
  23587. }
  23588. TEST_SLEEP();
  23589. mp_read_radix(expR, expRstr, MP_RADIX_HEX);
  23590. mp_read_radix(expS, expSstr, MP_RADIX_HEX);
  23591. if (mp_cmp(r, expR) != MP_EQ) {
  23592. ret = WC_TEST_RET_ENC_NC;
  23593. }
  23594. done:
  23595. if (key_inited)
  23596. wc_ecc_free(key);
  23597. #ifdef WOLFSSL_SMALL_STACK
  23598. if (key != NULL)
  23599. XFREE(key, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  23600. if (r != NULL)
  23601. XFREE(r, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  23602. if (s != NULL)
  23603. XFREE(s, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  23604. if (expR != NULL)
  23605. XFREE(expR, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  23606. if (expS != NULL)
  23607. XFREE(expS, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  23608. #endif
  23609. return ret;
  23610. }
  23611. #endif /* HAVE_ECC521 */
  23612. #endif /* WOLFSSL_PUBLIC_MP */
  23613. #endif /* HAVE_ECC_SIGN && (WOLFSSL_ECDSA_DETERMINISTIC_K ||
  23614. WOLFSSL_ECDSA_DETERMINISTIC_K_VARIANT)
  23615. && (!FIPS_VERSION_GE || FIPS_VERSION_GE(5,3)) */
  23616. #if defined(HAVE_ECC_SIGN) && defined(WOLFSSL_ECDSA_SET_K) && \
  23617. !defined(WOLFSSL_KCAPI_ECC)
  23618. static wc_test_ret_t ecc_test_sign_vectors(WC_RNG* rng)
  23619. {
  23620. wc_test_ret_t ret;
  23621. #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
  23622. ecc_key *key = NULL;
  23623. #else
  23624. ecc_key key[1];
  23625. #endif
  23626. int key_inited = 0;
  23627. byte sig[72];
  23628. word32 sigSz;
  23629. WOLFSSL_SMALL_STACK_STATIC const unsigned char hash[32] = "test wolfSSL deterministic sign";
  23630. WOLFSSL_SMALL_STACK_STATIC const char* dIUT = "7d7dc5f71eb29ddaf80d6214632eeae03d9058af1fb6d22ed80badb62bc1a534";
  23631. WOLFSSL_SMALL_STACK_STATIC const char* QIUTx = "ead218590119e8876b29146ff89ca61770c4edbbf97d38ce385ed281d8a6b230";
  23632. WOLFSSL_SMALL_STACK_STATIC const char* QIUTy = "28af61281fd35e2fa7002523acc85a429cb06ee6648325389f59edfce1405141";
  23633. WOLFSSL_SMALL_STACK_STATIC const byte k[1] = { 0x02 };
  23634. WOLFSSL_SMALL_STACK_STATIC const byte expSig[71] = {
  23635. 0x30, 0x45, 0x02, 0x20, 0x7c, 0xf2, 0x7b, 0x18,
  23636. 0x8d, 0x03, 0x4f, 0x7e, 0x8a, 0x52, 0x38, 0x03,
  23637. 0x04, 0xb5, 0x1a, 0xc3, 0xc0, 0x89, 0x69, 0xe2,
  23638. 0x77, 0xf2, 0x1b, 0x35, 0xa6, 0x0b, 0x48, 0xfc,
  23639. 0x47, 0x66, 0x99, 0x78, 0x02, 0x21, 0x00, 0xa8,
  23640. 0x43, 0xa0, 0xce, 0x6c, 0x5e, 0x17, 0x8a, 0x53,
  23641. 0x4d, 0xaf, 0xd2, 0x95, 0x78, 0x9f, 0x84, 0x4f,
  23642. 0x94, 0xb8, 0x75, 0xa3, 0x19, 0xa5, 0xd4, 0xdf,
  23643. 0xe1, 0xd4, 0x5e, 0x9d, 0x97, 0xfe, 0x81
  23644. };
  23645. #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
  23646. if ((key = (ecc_key *)XMALLOC(sizeof(*key), HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER)) == NULL)
  23647. return MEMORY_E;
  23648. #endif
  23649. ret = wc_ecc_init_ex(key, HEAP_HINT, devId);
  23650. if (ret != 0) {
  23651. goto done;
  23652. }
  23653. key_inited = 1;
  23654. ret = wc_ecc_import_raw(key, QIUTx, QIUTy, dIUT, "SECP256R1");
  23655. if (ret != 0) {
  23656. goto done;
  23657. }
  23658. #if (!defined(HAVE_FIPS) || (defined(HAVE_FIPS_VERSION) \
  23659. && (HAVE_FIPS_VERSION > 2)))
  23660. wc_ecc_set_flags(key, WC_ECC_FLAG_DEC_SIGN);
  23661. #endif
  23662. ret = wc_ecc_sign_set_k(k, sizeof(k), key);
  23663. if (ret != 0) {
  23664. goto done;
  23665. }
  23666. sigSz = sizeof(sig);
  23667. do {
  23668. #if defined(WOLFSSL_ASYNC_CRYPT)
  23669. ret = wc_AsyncWait(ret, &key->asyncDev, WC_ASYNC_FLAG_CALL_AGAIN);
  23670. #endif
  23671. if (ret == 0)
  23672. ret = wc_ecc_sign_hash(hash, sizeof(hash), sig, &sigSz, rng, key);
  23673. } while (ret == WC_PENDING_E);
  23674. if (ret != 0) {
  23675. goto done;
  23676. }
  23677. TEST_SLEEP();
  23678. if (sigSz != sizeof(expSig)) {
  23679. ret = WC_TEST_RET_ENC_NC;
  23680. goto done;
  23681. }
  23682. if (XMEMCMP(sig, expSig, sigSz) != 0) {
  23683. ret = WC_TEST_RET_ENC_NC;
  23684. goto done;
  23685. }
  23686. sigSz = sizeof(sig);
  23687. do {
  23688. #if defined(WOLFSSL_ASYNC_CRYPT)
  23689. ret = wc_AsyncWait(ret, &key->asyncDev, WC_ASYNC_FLAG_CALL_AGAIN);
  23690. #endif
  23691. if (ret == 0)
  23692. ret = wc_ecc_sign_hash(hash, sizeof(hash), sig, &sigSz, rng, key);
  23693. } while (ret == WC_PENDING_E);
  23694. if (ret != 0) {
  23695. goto done;
  23696. }
  23697. TEST_SLEEP();
  23698. done:
  23699. if (key_inited)
  23700. wc_ecc_free(key);
  23701. #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
  23702. XFREE(key, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  23703. #endif
  23704. return ret;
  23705. }
  23706. #endif
  23707. #if defined(HAVE_ECC_CDH) && defined(HAVE_ECC_DHE)
  23708. static wc_test_ret_t ecc_test_cdh_vectors(WC_RNG* rng)
  23709. {
  23710. wc_test_ret_t ret;
  23711. #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
  23712. ecc_key *pub_key = (ecc_key *)XMALLOC(sizeof *pub_key, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  23713. ecc_key *priv_key = (ecc_key *)XMALLOC(sizeof *priv_key, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  23714. #else
  23715. ecc_key pub_key[1], priv_key[1];
  23716. #endif
  23717. byte sharedA[32] = {0}, sharedB[32] = {0};
  23718. word32 x, z;
  23719. WOLFSSL_SMALL_STACK_STATIC const char* QCAVSx = "700c48f77f56584c5cc632ca65640db91b6bacce3a4df6b42ce7cc838833d287";
  23720. WOLFSSL_SMALL_STACK_STATIC const char* QCAVSy = "db71e509e3fd9b060ddb20ba5c51dcc5948d46fbf640dfe0441782cab85fa4ac";
  23721. WOLFSSL_SMALL_STACK_STATIC const char* dIUT = "7d7dc5f71eb29ddaf80d6214632eeae03d9058af1fb6d22ed80badb62bc1a534";
  23722. WOLFSSL_SMALL_STACK_STATIC const char* QIUTx = "ead218590119e8876b29146ff89ca61770c4edbbf97d38ce385ed281d8a6b230";
  23723. WOLFSSL_SMALL_STACK_STATIC const char* QIUTy = "28af61281fd35e2fa7002523acc85a429cb06ee6648325389f59edfce1405141";
  23724. WOLFSSL_SMALL_STACK_STATIC const char* ZIUT = "46fc62106420ff012e54a434fbdd2d25ccc5852060561e68040dd7778997bd7b";
  23725. #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
  23726. if ((pub_key == NULL) ||
  23727. (priv_key == NULL)) {
  23728. ret = MEMORY_E;
  23729. goto done;
  23730. }
  23731. #endif
  23732. XMEMSET(pub_key, 0, sizeof *pub_key);
  23733. XMEMSET(priv_key, 0, sizeof *priv_key);
  23734. /* setup private and public keys */
  23735. ret = wc_ecc_init_ex(pub_key, HEAP_HINT, devId);
  23736. if (ret != 0)
  23737. goto done;
  23738. ret = wc_ecc_init_ex(priv_key, HEAP_HINT, devId);
  23739. if (ret != 0)
  23740. goto done;
  23741. wc_ecc_set_flags(pub_key, WC_ECC_FLAG_COFACTOR);
  23742. wc_ecc_set_flags(priv_key, WC_ECC_FLAG_COFACTOR);
  23743. ret = wc_ecc_import_raw(pub_key, QCAVSx, QCAVSy, NULL, "SECP256R1");
  23744. if (ret != 0)
  23745. goto done;
  23746. ret = wc_ecc_import_raw(priv_key, QIUTx, QIUTy, dIUT, "SECP256R1");
  23747. if (ret != 0)
  23748. goto done;
  23749. #if defined(ECC_TIMING_RESISTANT) && (!defined(HAVE_FIPS) || \
  23750. (!defined(HAVE_FIPS_VERSION) || (HAVE_FIPS_VERSION != 2))) && \
  23751. !defined(HAVE_SELFTEST)
  23752. ret = wc_ecc_set_rng(priv_key, rng);
  23753. if (ret != 0)
  23754. goto done;
  23755. #else
  23756. (void)rng;
  23757. #endif
  23758. /* compute ECC Cofactor shared secret */
  23759. x = sizeof(sharedA);
  23760. do {
  23761. #if defined(WOLFSSL_ASYNC_CRYPT)
  23762. ret = wc_AsyncWait(ret, &priv_key->asyncDev, WC_ASYNC_FLAG_CALL_AGAIN);
  23763. #endif
  23764. if (ret == 0)
  23765. ret = wc_ecc_shared_secret(priv_key, pub_key, sharedA, &x);
  23766. } while (ret == WC_PENDING_E);
  23767. if (ret != 0) {
  23768. goto done;
  23769. }
  23770. TEST_SLEEP();
  23771. /* read in expected Z */
  23772. z = sizeof(sharedB);
  23773. ret = Base16_Decode((const byte*)ZIUT, (word32)XSTRLEN(ZIUT), sharedB, &z);
  23774. if (ret != 0)
  23775. goto done;
  23776. /* compare results */
  23777. if (x != z || XMEMCMP(sharedA, sharedB, x)) {
  23778. ERROR_OUT(WC_TEST_RET_ENC_NC, done);
  23779. }
  23780. done:
  23781. #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
  23782. if (priv_key) {
  23783. wc_ecc_free(priv_key);
  23784. XFREE(priv_key, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  23785. }
  23786. if (pub_key) {
  23787. wc_ecc_free(pub_key);
  23788. XFREE(pub_key, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  23789. }
  23790. #else
  23791. wc_ecc_free(priv_key);
  23792. wc_ecc_free(pub_key);
  23793. #endif
  23794. return ret;
  23795. }
  23796. #endif /* HAVE_ECC_CDH && HAVE_ECC_DHE */
  23797. #endif /* HAVE_ECC_VECTOR_TEST */
  23798. #ifdef HAVE_ECC_KEY_IMPORT
  23799. /* returns 0 on success */
  23800. static wc_test_ret_t ecc_test_make_pub(WC_RNG* rng)
  23801. {
  23802. #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
  23803. ecc_key *key = (ecc_key *)XMALLOC(sizeof *key, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  23804. #if defined(HAVE_ECC_DHE) && defined(HAVE_ECC_KEY_EXPORT)
  23805. ecc_key *pub = (ecc_key *)XMALLOC(sizeof *pub, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  23806. #endif
  23807. byte *exportBuf = (byte *)XMALLOC(ECC_BUFSIZE, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  23808. byte *tmp = (byte *)XMALLOC(ECC_BUFSIZE, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  23809. #else
  23810. ecc_key key[1];
  23811. #if defined(HAVE_ECC_DHE) && defined(HAVE_ECC_KEY_EXPORT) && !defined(WC_NO_RNG) && \
  23812. !defined(WOLF_CRYPTO_CB_ONLY_ECC)
  23813. ecc_key pub[1];
  23814. #endif
  23815. byte exportBuf[ECC_BUFSIZE];
  23816. byte tmp[ECC_BUFSIZE];
  23817. #endif
  23818. const byte* msg = (const byte*)"test wolfSSL ECC public gen";
  23819. word32 x;
  23820. word32 tmpSz;
  23821. wc_test_ret_t ret = 0;
  23822. ecc_point* pubPoint = NULL;
  23823. #ifdef HAVE_ECC_VERIFY
  23824. int verify = 0;
  23825. #endif
  23826. #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
  23827. if ((key == NULL) ||
  23828. #if defined(HAVE_ECC_DHE) && defined(HAVE_ECC_KEY_EXPORT)
  23829. (pub == NULL) ||
  23830. #endif
  23831. (exportBuf == NULL) ||
  23832. (tmp == NULL))
  23833. ERROR_OUT(MEMORY_E, done);
  23834. #endif
  23835. (void)msg;
  23836. (void)verify;
  23837. (void)exportBuf;
  23838. (void)rng;
  23839. wc_ecc_init_ex(key, HEAP_HINT, devId);
  23840. #ifndef NO_ECC256
  23841. #ifdef USE_CERT_BUFFERS_256
  23842. XMEMCPY(tmp, ecc_key_der_256, (size_t)sizeof_ecc_key_der_256);
  23843. tmpSz = (size_t)sizeof_ecc_key_der_256;
  23844. #else
  23845. {
  23846. XFILE file = XFOPEN(eccKeyDerFile, "rb");
  23847. if (!file) {
  23848. ERROR_OUT(WC_TEST_RET_ENC_ERRNO, done);
  23849. }
  23850. tmpSz = (word32)XFREAD(tmp, 1, ECC_BUFSIZE, file);
  23851. XFCLOSE(file);
  23852. if (tmpSz == 0)
  23853. ERROR_OUT(WC_TEST_RET_ENC_ERRNO, done);
  23854. }
  23855. #endif /* USE_CERT_BUFFERS_256 */
  23856. /* import private only then test with */
  23857. ret = wc_ecc_import_private_key(tmp, tmpSz, NULL, 0, NULL);
  23858. if (ret == 0) {
  23859. ERROR_OUT(WC_TEST_RET_ENC_NC, done);
  23860. }
  23861. ret = wc_ecc_import_private_key(NULL, tmpSz, NULL, 0, key);
  23862. if (ret == 0) {
  23863. ERROR_OUT(WC_TEST_RET_ENC_NC, done);
  23864. }
  23865. x = 0;
  23866. ret = wc_EccPrivateKeyDecode(tmp, &x, key, tmpSz);
  23867. if (ret != 0)
  23868. ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done);
  23869. #ifdef HAVE_ECC_KEY_EXPORT
  23870. x = ECC_BUFSIZE;
  23871. ret = wc_ecc_export_private_only(key, exportBuf, &x);
  23872. if (ret != 0)
  23873. ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done);
  23874. /* make private only key */
  23875. wc_ecc_free(key);
  23876. wc_ecc_init_ex(key, HEAP_HINT, devId);
  23877. ret = wc_ecc_import_private_key(exportBuf, x, NULL, 0, key);
  23878. if (ret != 0)
  23879. ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done);
  23880. x = ECC_BUFSIZE;
  23881. ret = wc_ecc_export_x963_ex(key, exportBuf, &x, 0);
  23882. if (ret == 0) {
  23883. ERROR_OUT(WC_TEST_RET_ENC_NC, done);
  23884. }
  23885. #endif /* HAVE_ECC_KEY_EXPORT */
  23886. ret = wc_ecc_make_pub(NULL, NULL);
  23887. if (ret == 0) {
  23888. ERROR_OUT(WC_TEST_RET_ENC_NC, done);
  23889. }
  23890. TEST_SLEEP();
  23891. #ifndef WOLFSSL_NO_MALLOC
  23892. pubPoint = wc_ecc_new_point_h(HEAP_HINT);
  23893. if (pubPoint == NULL) {
  23894. ERROR_OUT(WC_TEST_RET_ENC_ERRNO, done);
  23895. }
  23896. #if !defined(WOLFSSL_CRYPTOCELL)
  23897. ret = wc_ecc_make_pub(key, pubPoint);
  23898. #if defined(WOLFSSL_ASYNC_CRYPT)
  23899. ret = wc_AsyncWait(ret, &key->asyncDev, WC_ASYNC_FLAG_NONE);
  23900. #endif
  23901. if (ret != 0)
  23902. ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done);
  23903. #endif
  23904. TEST_SLEEP();
  23905. #ifdef HAVE_ECC_KEY_EXPORT
  23906. /* export should still fail, is private only key */
  23907. x = ECC_BUFSIZE;
  23908. ret = wc_ecc_export_x963_ex(key, exportBuf, &x, 0);
  23909. if (ret == 0) {
  23910. ERROR_OUT(WC_TEST_RET_ENC_NC, done);
  23911. }
  23912. #endif /* HAVE_ECC_KEY_EXPORT */
  23913. #endif /* !WOLFSSL_NO_MALLOC */
  23914. #endif /* !NO_ECC256 */
  23915. /* create a new key since above test for loading key is not supported */
  23916. #if defined(WOLFSSL_CRYPTOCELL) || defined(NO_ECC256) || \
  23917. defined(WOLFSSL_QNX_CAAM) || defined(WOLFSSL_SE050) || \
  23918. defined(WOLFSSL_SECO_CAAM) || defined(WOLFSSL_IMXRT1170_CAAM)
  23919. ret = wc_ecc_make_key(rng, ECC_KEYGEN_SIZE, key);
  23920. if (ret != 0)
  23921. ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done);
  23922. #endif
  23923. #if defined(HAVE_ECC_SIGN) && (!defined(ECC_TIMING_RESISTANT) || \
  23924. (defined(ECC_TIMING_RESISTANT) && !defined(WC_NO_RNG))) && \
  23925. !defined(WOLF_CRYPTO_CB_ONLY_ECC) && !defined(HAVE_ECC_DETERMINISTIC_K)
  23926. tmpSz = ECC_BUFSIZE;
  23927. ret = 0;
  23928. do {
  23929. #if defined(WOLFSSL_ASYNC_CRYPT)
  23930. ret = wc_AsyncWait(ret, &key->asyncDev, WC_ASYNC_FLAG_CALL_AGAIN);
  23931. #endif
  23932. if (ret == 0) {
  23933. ret = wc_ecc_sign_hash(msg, (word32)XSTRLEN((const char* )msg), tmp,
  23934. &tmpSz, rng, key);
  23935. }
  23936. } while (ret == WC_PENDING_E);
  23937. if (ret != 0)
  23938. ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done);
  23939. TEST_SLEEP();
  23940. #ifdef HAVE_ECC_VERIFY
  23941. /* try verify with private only key */
  23942. ret = 0;
  23943. do {
  23944. #if defined(WOLFSSL_ASYNC_CRYPT)
  23945. ret = wc_AsyncWait(ret, &key->asyncDev, WC_ASYNC_FLAG_CALL_AGAIN);
  23946. #endif
  23947. if (ret == 0) {
  23948. ret = wc_ecc_verify_hash(tmp, tmpSz, msg,
  23949. (word32)XSTRLEN((const char*)msg), &verify, key);
  23950. }
  23951. } while (ret == WC_PENDING_E);
  23952. if (ret != 0)
  23953. ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done);
  23954. if (verify != 1) {
  23955. ERROR_OUT(WC_TEST_RET_ENC_NC, done);
  23956. }
  23957. TEST_SLEEP();
  23958. #ifdef HAVE_ECC_KEY_EXPORT
  23959. /* exporting the public part should now work */
  23960. x = ECC_BUFSIZE;
  23961. ret = wc_ecc_export_x963_ex(key, exportBuf, &x, 0);
  23962. if (ret != 0)
  23963. ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done);
  23964. #endif /* HAVE_ECC_KEY_EXPORT */
  23965. #endif /* HAVE_ECC_VERIFY */
  23966. #endif /* HAVE_ECC_SIGN */
  23967. #if defined(HAVE_ECC_DHE) && defined(HAVE_ECC_KEY_EXPORT) && !defined(WC_NO_RNG)
  23968. /* now test private only key with creating a shared secret */
  23969. x = ECC_BUFSIZE;
  23970. ret = wc_ecc_export_private_only(key, exportBuf, &x);
  23971. if (ret != 0)
  23972. ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done);
  23973. #if !defined(WOLFSSL_QNX_CAAM) && !defined(WOLFSSL_SE050)
  23974. /* make private only key */
  23975. wc_ecc_free(key);
  23976. wc_ecc_init_ex(key, HEAP_HINT, devId);
  23977. ret = wc_ecc_import_private_key(exportBuf, x, NULL, 0, key);
  23978. if (ret != 0)
  23979. ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done);
  23980. /* check that public export fails with private only key */
  23981. x = ECC_BUFSIZE;
  23982. ret = wc_ecc_export_x963_ex(key, exportBuf, &x, 0);
  23983. if (ret == 0) {
  23984. ERROR_OUT(WC_TEST_RET_ENC_NC, done);
  23985. }
  23986. #endif /* WOLFSSL_QNX_CAAM */
  23987. #ifndef WOLF_CRYPTO_CB_ONLY_ECC
  23988. /* make public key for shared secret */
  23989. wc_ecc_init_ex(pub, HEAP_HINT, devId);
  23990. ret = wc_ecc_make_key(rng, ECC_KEYGEN_SIZE, pub);
  23991. #ifdef HAVE_ECC_CDH
  23992. wc_ecc_set_flags(key, WC_ECC_FLAG_COFACTOR);
  23993. #endif
  23994. #if defined(WOLFSSL_ASYNC_CRYPT)
  23995. ret = wc_AsyncWait(ret, &pub->asyncDev, WC_ASYNC_FLAG_NONE);
  23996. #endif
  23997. if (ret != 0)
  23998. ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done);
  23999. TEST_SLEEP();
  24000. #if defined(ECC_TIMING_RESISTANT) && (!defined(HAVE_FIPS) || \
  24001. (!defined(HAVE_FIPS_VERSION) || (HAVE_FIPS_VERSION != 2))) && \
  24002. !defined(HAVE_SELFTEST)
  24003. ret = wc_ecc_set_rng(key, rng);
  24004. if (ret != 0)
  24005. goto done;
  24006. #endif
  24007. x = ECC_BUFSIZE;
  24008. do {
  24009. #if defined(WOLFSSL_ASYNC_CRYPT)
  24010. ret = wc_AsyncWait(ret, &key->asyncDev, WC_ASYNC_FLAG_CALL_AGAIN);
  24011. #endif
  24012. if (ret == 0) {
  24013. ret = wc_ecc_shared_secret(key, pub, exportBuf, &x);
  24014. }
  24015. } while (ret == WC_PENDING_E);
  24016. wc_ecc_free(pub);
  24017. if (ret != 0)
  24018. ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done);
  24019. TEST_SLEEP();
  24020. #endif /* HAVE_ECC_DHE && HAVE_ECC_KEY_EXPORT && !WC_NO_RNG */
  24021. #endif /* WOLF_CRYPTO_CB_ONLY_ECC */
  24022. ret = 0;
  24023. done:
  24024. wc_ecc_del_point_h(pubPoint, HEAP_HINT);
  24025. #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
  24026. if (key != NULL) {
  24027. wc_ecc_free(key);
  24028. XFREE(key, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  24029. }
  24030. #if defined(HAVE_ECC_DHE) && defined(HAVE_ECC_KEY_EXPORT)
  24031. if (pub != NULL)
  24032. XFREE(pub, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  24033. #endif
  24034. if (exportBuf != NULL)
  24035. XFREE(exportBuf, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  24036. if (tmp != NULL)
  24037. XFREE(tmp, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  24038. #else
  24039. wc_ecc_free(key);
  24040. #endif
  24041. return ret;
  24042. }
  24043. #if defined(HAVE_ECC_KEY_EXPORT) && !defined(NO_ASN_CRYPT) && \
  24044. !defined(WC_NO_RNG) && !defined(WOLF_CRYPTO_CB_ONLY_ECC)
  24045. static wc_test_ret_t ecc_test_key_decode(WC_RNG* rng, int keySize)
  24046. {
  24047. wc_test_ret_t ret;
  24048. #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
  24049. ecc_key *eccKey = (ecc_key *)XMALLOC(sizeof *eccKey, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  24050. byte *tmpBuf = (byte *)XMALLOC(ECC_BUFSIZE, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  24051. #else
  24052. ecc_key eccKey[1];
  24053. byte tmpBuf[ECC_BUFSIZE];
  24054. #endif
  24055. word32 tmpSz;
  24056. word32 idx;
  24057. #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
  24058. if ((eccKey == NULL) || (tmpBuf == NULL))
  24059. ERROR_OUT(MEMORY_E, done);
  24060. #endif
  24061. ret = wc_ecc_init(eccKey);
  24062. if (ret != 0) {
  24063. goto done;
  24064. }
  24065. ret = wc_ecc_make_key(rng, keySize, eccKey);
  24066. #if defined(WOLFSSL_ASYNC_CRYPT)
  24067. ret = wc_AsyncWait(ret, &eccKey->asyncDev, WC_ASYNC_FLAG_NONE);
  24068. #endif
  24069. if (ret != 0) {
  24070. goto done;
  24071. }
  24072. tmpSz = ECC_BUFSIZE;
  24073. ret = wc_EccKeyToDer(eccKey, tmpBuf, tmpSz);
  24074. wc_ecc_free(eccKey);
  24075. if (ret < 0) {
  24076. goto done;
  24077. }
  24078. tmpSz = (word32)ret;
  24079. ret = wc_ecc_init(eccKey);
  24080. if (ret != 0) {
  24081. goto done;
  24082. }
  24083. idx = 0;
  24084. ret = wc_EccPrivateKeyDecode(tmpBuf, &idx, eccKey, tmpSz);
  24085. if (ret != 0) {
  24086. goto done;
  24087. }
  24088. wc_ecc_free(eccKey);
  24089. ret = wc_ecc_init(eccKey);
  24090. if (ret != 0) {
  24091. goto done;
  24092. }
  24093. idx = 0;
  24094. ret = wc_EccPublicKeyDecode(tmpBuf, &idx, eccKey, tmpSz);
  24095. if (ret != 0) {
  24096. goto done;
  24097. }
  24098. ret = 0;
  24099. done:
  24100. #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
  24101. if (eccKey != NULL) {
  24102. wc_ecc_free(eccKey);
  24103. XFREE(eccKey, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  24104. }
  24105. if (tmpBuf != NULL)
  24106. XFREE(tmpBuf, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  24107. #else
  24108. wc_ecc_free(eccKey);
  24109. #endif
  24110. return ret;
  24111. }
  24112. #endif /* HAVE_ECC_KEY_EXPORT && !NO_ASN_CRYPT */
  24113. #endif /* HAVE_ECC_KEY_IMPORT */
  24114. #if defined(HAVE_ECC_KEY_EXPORT) && !defined(NO_ASN_CRYPT) && \
  24115. !defined(WC_NO_RNG) && !defined(WOLF_CRYPTO_CB_ONLY_ECC)
  24116. static wc_test_ret_t ecc_test_key_gen(WC_RNG* rng, int keySize)
  24117. {
  24118. wc_test_ret_t ret = 0;
  24119. int derSz;
  24120. #ifdef HAVE_PKCS8
  24121. word32 pkcs8Sz;
  24122. #endif
  24123. #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
  24124. byte *der = (byte *)XMALLOC(ECC_BUFSIZE, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  24125. ecc_key *userA = (ecc_key *)XMALLOC(sizeof *userA, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  24126. #else
  24127. byte der[ECC_BUFSIZE];
  24128. ecc_key userA[1];
  24129. #endif
  24130. #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
  24131. if ((der == NULL) || (userA == NULL))
  24132. ERROR_OUT(WC_TEST_RET_ENC_EC(MEMORY_E), done);
  24133. #endif
  24134. ret = wc_ecc_init_ex(userA, HEAP_HINT, devId);
  24135. if (ret != 0)
  24136. ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done);
  24137. ret = wc_ecc_make_key(rng, keySize, userA);
  24138. #if defined(WOLFSSL_ASYNC_CRYPT)
  24139. ret = wc_AsyncWait(ret, &userA->asyncDev, WC_ASYNC_FLAG_NONE);
  24140. #endif
  24141. if (ret != 0)
  24142. ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done);
  24143. TEST_SLEEP();
  24144. ret = wc_ecc_check_key(userA);
  24145. if (ret != 0)
  24146. ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done);
  24147. TEST_SLEEP();
  24148. derSz = wc_EccKeyToDer(userA, der, ECC_BUFSIZE);
  24149. if (derSz < 0) {
  24150. ERROR_OUT(WC_TEST_RET_ENC_I(derSz), done);
  24151. }
  24152. ret = SaveDerAndPem(der, derSz, eccCaKeyTempFile, eccCaKeyPemFile,
  24153. ECC_PRIVATEKEY_TYPE);
  24154. if (ret != 0)
  24155. ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done);
  24156. /* test export of public key */
  24157. derSz = wc_EccPublicKeyToDer(userA, der, ECC_BUFSIZE, 1);
  24158. if (derSz < 0) {
  24159. ERROR_OUT(WC_TEST_RET_ENC_I(derSz), done);
  24160. }
  24161. if (derSz == 0) {
  24162. ERROR_OUT(WC_TEST_RET_ENC_NC, done);
  24163. }
  24164. #ifdef HAVE_COMP_KEY
  24165. /* test export of compressed public key */
  24166. derSz = wc_EccPublicKeyToDer_ex(userA, der, ECC_BUFSIZE, 1, 1);
  24167. if (derSz < 0) {
  24168. ERROR_OUT(WC_TEST_RET_ENC_I(derSz), done);
  24169. }
  24170. if (derSz == 0) {
  24171. ERROR_OUT(WC_TEST_RET_ENC_NC, done);
  24172. }
  24173. #endif
  24174. ret = SaveDerAndPem(der, derSz, eccPubKeyDerFile, NULL, 0);
  24175. if (ret != 0)
  24176. ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done);
  24177. #ifdef HAVE_PKCS8
  24178. /* test export of PKCS#8 unencrypted private key */
  24179. pkcs8Sz = FOURK_BUF;
  24180. derSz = wc_EccPrivateKeyToPKCS8(userA, der, &pkcs8Sz);
  24181. if (derSz < 0) {
  24182. ERROR_OUT(WC_TEST_RET_ENC_I(derSz), done);
  24183. }
  24184. if (derSz == 0) {
  24185. ERROR_OUT(WC_TEST_RET_ENC_NC, done);
  24186. }
  24187. ret = SaveDerAndPem(der, derSz, eccPkcs8KeyDerFile, NULL, 0);
  24188. if (ret != 0) {
  24189. goto done;
  24190. }
  24191. #endif /* HAVE_PKCS8 */
  24192. done:
  24193. #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
  24194. if (der != NULL)
  24195. XFREE(der, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  24196. if (userA != NULL) {
  24197. wc_ecc_free(userA);
  24198. XFREE(userA, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  24199. }
  24200. #else
  24201. wc_ecc_free(userA);
  24202. #endif
  24203. return ret;
  24204. }
  24205. #endif /* HAVE_ECC_KEY_EXPORT && !NO_ASN_CRYPT */
  24206. static wc_test_ret_t ecc_test_curve_size(WC_RNG* rng, int keySize, int testVerifyCount,
  24207. int curve_id, const ecc_set_type* dp)
  24208. {
  24209. #if defined(HAVE_ECC_DHE) && !defined(WC_NO_RNG) && \
  24210. !defined(WOLFSSL_ATECC508A) && !defined(WOLFSSL_ATECC608A)
  24211. WC_DECLARE_VAR(sharedA, byte, ECC_SHARED_SIZE, HEAP_HINT);
  24212. WC_DECLARE_VAR(sharedB, byte, ECC_SHARED_SIZE, HEAP_HINT);
  24213. word32 y;
  24214. #endif
  24215. #ifdef HAVE_ECC_KEY_EXPORT
  24216. #define ECC_KEY_EXPORT_BUF_SIZE (MAX_ECC_BYTES * 2 + 32)
  24217. WC_DECLARE_VAR(exportBuf, byte, ECC_KEY_EXPORT_BUF_SIZE, HEAP_HINT);
  24218. #endif
  24219. word32 x = 0;
  24220. #if !defined(ECC_TIMING_RESISTANT) || (defined(ECC_TIMING_RESISTANT) && \
  24221. !defined(WC_NO_RNG) && !defined(WOLFSSL_KCAPI_ECC)) && \
  24222. defined(HAVE_ECC_SIGN)
  24223. WC_DECLARE_VAR(sig, byte, ECC_SIG_SIZE, HEAP_HINT);
  24224. WC_DECLARE_VAR(digest, byte, ECC_DIGEST_SIZE, HEAP_HINT);
  24225. int i;
  24226. #ifdef HAVE_ECC_VERIFY
  24227. int verify;
  24228. #endif /* HAVE_ECC_VERIFY */
  24229. #endif /* HAVE_ECC_SIGN */
  24230. wc_test_ret_t ret;
  24231. #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
  24232. ecc_key *userA = (ecc_key *)XMALLOC(sizeof *userA, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  24233. ecc_key *userB = (ecc_key *)XMALLOC(sizeof *userB, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  24234. ecc_key *pubKey = (ecc_key *)XMALLOC(sizeof *pubKey, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  24235. #else
  24236. ecc_key userA[1];
  24237. ecc_key userB[1];
  24238. ecc_key pubKey[1];
  24239. #endif
  24240. #ifndef WC_NO_RNG
  24241. int curveSize;
  24242. #endif
  24243. #if defined(HAVE_ECC_DHE) && !defined(WC_NO_RNG) && \
  24244. !defined(WOLFSSL_ATECC508A) && !defined(WOLFSSL_ATECC608A)
  24245. WC_ALLOC_VAR(sharedA, byte, ECC_SHARED_SIZE, HEAP_HINT);
  24246. WC_ALLOC_VAR(sharedB, byte, ECC_SHARED_SIZE, HEAP_HINT);
  24247. #endif
  24248. #ifdef HAVE_ECC_KEY_EXPORT
  24249. WC_ALLOC_VAR(exportBuf, byte, ECC_KEY_EXPORT_BUF_SIZE, HEAP_HINT);
  24250. #endif
  24251. #if !defined(ECC_TIMING_RESISTANT) || (defined(ECC_TIMING_RESISTANT) && \
  24252. !defined(WC_NO_RNG) && !defined(WOLFSSL_KCAPI_ECC)) && \
  24253. defined(HAVE_ECC_SIGN)
  24254. WC_ALLOC_VAR(sig, byte, ECC_SIG_SIZE, HEAP_HINT);
  24255. WC_ALLOC_VAR(digest, byte, ECC_DIGEST_SIZE, HEAP_HINT);
  24256. #endif
  24257. #ifdef WC_DECLARE_VAR_IS_HEAP_ALLOC
  24258. #if (defined(HAVE_ECC_DHE) || defined(HAVE_ECC_CDH)) && !defined(WC_NO_RNG) && \
  24259. !defined(WOLFSSL_ATECC508A) && !defined(WOLFSSL_ATECC608A)
  24260. if (sharedA == NULL || sharedB == NULL)
  24261. ERROR_OUT(WC_TEST_RET_ENC_ERRNO, done);
  24262. #endif
  24263. #ifdef HAVE_ECC_KEY_EXPORT
  24264. if (exportBuf == NULL)
  24265. ERROR_OUT(WC_TEST_RET_ENC_ERRNO, done);
  24266. #endif
  24267. #if !defined(ECC_TIMING_RESISTANT) || (defined(ECC_TIMING_RESISTANT) && \
  24268. !defined(WC_NO_RNG) && !defined(WOLFSSL_KCAPI_ECC)) && \
  24269. defined(HAVE_ECC_SIGN)
  24270. if (sig == NULL || digest == NULL)
  24271. ERROR_OUT(WC_TEST_RET_ENC_ERRNO, done);
  24272. #endif
  24273. #endif /* WOLFSSL_SMALL_STACK && !WOLFSSL_NO_MALLOC */
  24274. (void)testVerifyCount;
  24275. (void)dp;
  24276. (void)x;
  24277. #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
  24278. if ((userA == NULL) ||
  24279. (userB == NULL) ||
  24280. (pubKey == NULL))
  24281. ERROR_OUT(WC_TEST_RET_ENC_NC, done);
  24282. #endif
  24283. XMEMSET(userA, 0, sizeof *userA);
  24284. XMEMSET(userB, 0, sizeof *userB);
  24285. XMEMSET(pubKey, 0, sizeof *pubKey);
  24286. ret = wc_ecc_init_ex(userA, HEAP_HINT, devId);
  24287. if (ret != 0)
  24288. ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done);
  24289. ret = wc_ecc_init_ex(userB, HEAP_HINT, devId);
  24290. if (ret != 0)
  24291. ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done);
  24292. ret = wc_ecc_init_ex(pubKey, HEAP_HINT, devId);
  24293. if (ret != 0)
  24294. ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done);
  24295. #ifdef WOLFSSL_CUSTOM_CURVES
  24296. if (dp != NULL) {
  24297. ret = wc_ecc_set_custom_curve(userA, dp);
  24298. if (ret != 0)
  24299. ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done);
  24300. ret = wc_ecc_set_custom_curve(userB, dp);
  24301. if (ret != 0)
  24302. ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done);
  24303. }
  24304. #endif
  24305. #ifndef WC_NO_RNG
  24306. ret = wc_ecc_make_key_ex(rng, keySize, userA, curve_id);
  24307. #if defined(WOLFSSL_ASYNC_CRYPT)
  24308. ret = wc_AsyncWait(ret, &userA->asyncDev, WC_ASYNC_FLAG_NONE);
  24309. #endif
  24310. #ifdef WOLF_CRYPTO_CB_ONLY_ECC
  24311. if (ret == NO_VALID_DEVID) {
  24312. ret = 0;
  24313. goto done; /* no software case */
  24314. }
  24315. #endif
  24316. if (ret == ECC_CURVE_OID_E)
  24317. goto done; /* catch case, where curve is not supported */
  24318. if (ret != 0)
  24319. ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done);
  24320. TEST_SLEEP();
  24321. if (wc_ecc_get_curve_idx(curve_id) != -1) {
  24322. curveSize = wc_ecc_get_curve_size_from_id(userA->dp->id);
  24323. if (curveSize != userA->dp->size)
  24324. ERROR_OUT(WC_TEST_RET_ENC_NC, done);
  24325. }
  24326. ret = wc_ecc_check_key(userA);
  24327. if (ret != 0)
  24328. ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done);
  24329. TEST_SLEEP();
  24330. /* ATECC508/608 configuration may not support more than one ECDH key */
  24331. #if !defined(WOLFSSL_ATECC508A) && !defined(WOLFSSL_ATECC608A)
  24332. ret = wc_ecc_make_key_ex(rng, keySize, userB, curve_id);
  24333. #if defined(WOLFSSL_ASYNC_CRYPT)
  24334. ret = wc_AsyncWait(ret, &userB->asyncDev, WC_ASYNC_FLAG_NONE);
  24335. #endif
  24336. if (ret != 0)
  24337. ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done);
  24338. TEST_SLEEP();
  24339. /* only perform the below tests if the key size matches */
  24340. if (dp == NULL && keySize > 0 && wc_ecc_size(userA) != keySize)
  24341. /* Not an error, just not a key size match */
  24342. WARNING_OUT(ECC_CURVE_OID_E, done);
  24343. #ifdef HAVE_ECC_DHE
  24344. #if defined(ECC_TIMING_RESISTANT) && (!defined(HAVE_FIPS) || \
  24345. (!defined(HAVE_FIPS_VERSION) || (HAVE_FIPS_VERSION != 2))) && \
  24346. !defined(HAVE_SELFTEST)
  24347. ret = wc_ecc_set_rng(userA, rng);
  24348. if (ret != 0)
  24349. ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done);
  24350. ret = wc_ecc_set_rng(userB, rng);
  24351. if (ret != 0)
  24352. ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done);
  24353. #endif
  24354. x = ECC_SHARED_SIZE;
  24355. do {
  24356. #if defined(WOLFSSL_ASYNC_CRYPT)
  24357. ret = wc_AsyncWait(ret, &userA->asyncDev, WC_ASYNC_FLAG_CALL_AGAIN);
  24358. #endif
  24359. if (ret == 0)
  24360. ret = wc_ecc_shared_secret(userA, userB, sharedA, &x);
  24361. } while (ret == WC_PENDING_E);
  24362. if (ret != 0)
  24363. ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done);
  24364. TEST_SLEEP();
  24365. y = ECC_SHARED_SIZE;
  24366. do {
  24367. #if defined(WOLFSSL_ASYNC_CRYPT)
  24368. ret = wc_AsyncWait(ret, &userB->asyncDev, WC_ASYNC_FLAG_CALL_AGAIN);
  24369. #endif
  24370. if (ret == 0)
  24371. ret = wc_ecc_shared_secret(userB, userA, sharedB, &y);
  24372. } while (ret == WC_PENDING_E);
  24373. if (ret != 0)
  24374. ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done);
  24375. if (y != x)
  24376. ERROR_OUT(WC_TEST_RET_ENC_NC, done);
  24377. if (XMEMCMP(sharedA, sharedB, x))
  24378. ERROR_OUT(WC_TEST_RET_ENC_NC, done);
  24379. TEST_SLEEP();
  24380. #ifdef HAVE_ECC_CDH
  24381. /* add cofactor flag */
  24382. wc_ecc_set_flags(userA, WC_ECC_FLAG_COFACTOR);
  24383. wc_ecc_set_flags(userB, WC_ECC_FLAG_COFACTOR);
  24384. x = ECC_SHARED_SIZE;
  24385. do {
  24386. #if defined(WOLFSSL_ASYNC_CRYPT)
  24387. ret = wc_AsyncWait(ret, &userA->asyncDev, WC_ASYNC_FLAG_CALL_AGAIN);
  24388. #endif
  24389. if (ret == 0)
  24390. ret = wc_ecc_shared_secret(userA, userB, sharedA, &x);
  24391. } while (ret == WC_PENDING_E);
  24392. if (ret != 0)
  24393. ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done);
  24394. TEST_SLEEP();
  24395. y = ECC_SHARED_SIZE;
  24396. do {
  24397. #if defined(WOLFSSL_ASYNC_CRYPT)
  24398. ret = wc_AsyncWait(ret, &userB->asyncDev, WC_ASYNC_FLAG_CALL_AGAIN);
  24399. #endif
  24400. if (ret == 0)
  24401. ret = wc_ecc_shared_secret(userB, userA, sharedB, &y);
  24402. } while (ret == WC_PENDING_E);
  24403. if (ret != 0)
  24404. ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done);
  24405. if (y != x)
  24406. ERROR_OUT(WC_TEST_RET_ENC_NC, done);
  24407. if (XMEMCMP(sharedA, sharedB, x))
  24408. ERROR_OUT(WC_TEST_RET_ENC_NC, done);
  24409. TEST_SLEEP();
  24410. /* remove cofactor flag */
  24411. wc_ecc_set_flags(userA, 0);
  24412. wc_ecc_set_flags(userB, 0);
  24413. #endif /* HAVE_ECC_CDH */
  24414. #endif /* HAVE_ECC_DHE */
  24415. #endif /* !WOLFSSL_ATECC508A && WOLFSSL_ATECC608A */
  24416. #ifdef HAVE_ECC_KEY_EXPORT
  24417. x = ECC_KEY_EXPORT_BUF_SIZE;
  24418. ret = wc_ecc_export_x963_ex(userA, exportBuf, &x, 0);
  24419. if (ret != 0)
  24420. ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done);
  24421. #ifdef HAVE_ECC_KEY_IMPORT
  24422. #ifdef WOLFSSL_CUSTOM_CURVES
  24423. if (dp != NULL) {
  24424. ret = wc_ecc_set_custom_curve(pubKey, dp);
  24425. if (ret != 0)
  24426. ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done);
  24427. }
  24428. #endif
  24429. ret = wc_ecc_import_x963_ex(exportBuf, x, pubKey, curve_id);
  24430. if (ret != 0)
  24431. ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done);
  24432. #if !defined(WOLFSSL_ATECC508A) && !defined(WOLFSSL_ATECC608A)
  24433. #ifdef HAVE_ECC_DHE
  24434. y = ECC_SHARED_SIZE;
  24435. do {
  24436. #if defined(WOLFSSL_ASYNC_CRYPT)
  24437. ret = wc_AsyncWait(ret, &userB->asyncDev, WC_ASYNC_FLAG_CALL_AGAIN);
  24438. #endif
  24439. if (ret == 0)
  24440. ret = wc_ecc_shared_secret(userB, pubKey, sharedB, &y);
  24441. } while (ret == WC_PENDING_E);
  24442. if (ret != 0)
  24443. ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done);
  24444. if (XMEMCMP(sharedA, sharedB, y))
  24445. ERROR_OUT(WC_TEST_RET_ENC_NC, done);
  24446. TEST_SLEEP();
  24447. #endif /* HAVE_ECC_DHE */
  24448. #ifdef HAVE_COMP_KEY
  24449. /* try compressed export / import too */
  24450. x = ECC_KEY_EXPORT_BUF_SIZE;
  24451. ret = wc_ecc_export_x963_ex(userA, exportBuf, &x, 1);
  24452. if (ret != 0)
  24453. ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done);
  24454. wc_ecc_free(pubKey);
  24455. ret = wc_ecc_init_ex(pubKey, HEAP_HINT, devId);
  24456. if (ret != 0)
  24457. ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done);
  24458. #ifdef WOLFSSL_CUSTOM_CURVES
  24459. if (dp != NULL) {
  24460. ret = wc_ecc_set_custom_curve(pubKey, dp);
  24461. if (ret != 0)
  24462. ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done);
  24463. }
  24464. #endif
  24465. ret = wc_ecc_import_x963_ex(exportBuf, x, pubKey, curve_id);
  24466. if (ret != 0)
  24467. ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done);
  24468. #ifdef HAVE_ECC_DHE
  24469. y = ECC_SHARED_SIZE;
  24470. do {
  24471. #if defined(WOLFSSL_ASYNC_CRYPT)
  24472. ret = wc_AsyncWait(ret, &userB->asyncDev, WC_ASYNC_FLAG_CALL_AGAIN);
  24473. #endif
  24474. if (ret == 0)
  24475. ret = wc_ecc_shared_secret(userB, pubKey, sharedB, &y);
  24476. } while (ret == WC_PENDING_E);
  24477. if (ret != 0)
  24478. ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done);
  24479. if (XMEMCMP(sharedA, sharedB, y))
  24480. ERROR_OUT(WC_TEST_RET_ENC_NC, done);
  24481. TEST_SLEEP();
  24482. #endif /* HAVE_ECC_DHE */
  24483. #endif /* HAVE_COMP_KEY */
  24484. #endif /* !WOLFSSL_ATECC508A && !WOLFSSL_ATECC608A */
  24485. #endif /* !WC_NO_RNG */
  24486. #endif /* HAVE_ECC_KEY_IMPORT */
  24487. #endif /* HAVE_ECC_KEY_EXPORT */
  24488. /* For KCAPI cannot sign using generated ECDH key */
  24489. #if !defined(ECC_TIMING_RESISTANT) || (defined(ECC_TIMING_RESISTANT) && \
  24490. !defined(WC_NO_RNG) && !defined(WOLFSSL_KCAPI_ECC))
  24491. #ifdef HAVE_ECC_SIGN
  24492. /* ECC w/out Shamir has issue with all 0 digest */
  24493. /* WC_BIGINT doesn't have 0 len well on hardware */
  24494. /* Cryptocell has issues with all 0 digest */
  24495. #if defined(ECC_SHAMIR) && !defined(WOLFSSL_ASYNC_CRYPT) && \
  24496. !defined(WOLFSSL_CRYPTOCELL)
  24497. /* test DSA sign hash with zeros */
  24498. for (i = 0; i < (int)ECC_DIGEST_SIZE; i++) {
  24499. digest[i] = 0;
  24500. }
  24501. x = ECC_SIG_SIZE;
  24502. do {
  24503. #if defined(WOLFSSL_ASYNC_CRYPT)
  24504. ret = wc_AsyncWait(ret, &userA->asyncDev, WC_ASYNC_FLAG_CALL_AGAIN);
  24505. #endif
  24506. if (ret == 0)
  24507. ret = wc_ecc_sign_hash(digest, ECC_DIGEST_SIZE, sig, &x, rng,
  24508. userA);
  24509. } while (ret == WC_PENDING_E);
  24510. if (ret != 0)
  24511. ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done);
  24512. TEST_SLEEP();
  24513. #ifdef HAVE_ECC_VERIFY
  24514. for (i=0; i<testVerifyCount; i++) {
  24515. verify = 0;
  24516. do {
  24517. #if defined(WOLFSSL_ASYNC_CRYPT)
  24518. ret = wc_AsyncWait(ret, &userA->asyncDev, WC_ASYNC_FLAG_CALL_AGAIN);
  24519. #endif
  24520. if (ret == 0)
  24521. ret = wc_ecc_verify_hash(sig, x, digest, ECC_DIGEST_SIZE,
  24522. &verify, userA);
  24523. } while (ret == WC_PENDING_E);
  24524. if (ret != 0)
  24525. ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done);
  24526. if (verify != 1)
  24527. ERROR_OUT(WC_TEST_RET_ENC_NC, done);
  24528. TEST_SLEEP();
  24529. }
  24530. #endif /* HAVE_ECC_VERIFY */
  24531. #endif /* ECC_SHAMIR && !WOLFSSL_ASYNC_CRYPT && !WOLFSSL_CRYPTOCELL */
  24532. /* test DSA sign hash with sequence (0,1,2,3,4,...) */
  24533. for (i = 0; i < (int)ECC_DIGEST_SIZE; i++) {
  24534. digest[i] = (byte)i;
  24535. }
  24536. x = ECC_SIG_SIZE;
  24537. do {
  24538. #if defined(WOLFSSL_ASYNC_CRYPT)
  24539. ret = wc_AsyncWait(ret, &userA->asyncDev, WC_ASYNC_FLAG_CALL_AGAIN);
  24540. #endif
  24541. if (ret == 0)
  24542. ret = wc_ecc_sign_hash(digest, ECC_DIGEST_SIZE, sig, &x, rng, userA);
  24543. } while (ret == WC_PENDING_E);
  24544. if (ret != 0)
  24545. ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done);
  24546. TEST_SLEEP();
  24547. #ifdef HAVE_ECC_VERIFY
  24548. for (i=0; i<testVerifyCount; i++) {
  24549. verify = 0;
  24550. do {
  24551. #if defined(WOLFSSL_ASYNC_CRYPT)
  24552. ret = wc_AsyncWait(ret, &userA->asyncDev, WC_ASYNC_FLAG_CALL_AGAIN);
  24553. #endif
  24554. if (ret == 0)
  24555. ret = wc_ecc_verify_hash(sig, x, digest, ECC_DIGEST_SIZE, &verify, userA);
  24556. } while (ret == WC_PENDING_E);
  24557. if (ret != 0)
  24558. ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done);
  24559. if (verify != 1)
  24560. ERROR_OUT(WC_TEST_RET_ENC_NC, done);
  24561. TEST_SLEEP();
  24562. }
  24563. #endif /* HAVE_ECC_VERIFY */
  24564. #endif /* HAVE_ECC_SIGN */
  24565. #endif /* !ECC_TIMING_RESISTANT || (ECC_TIMING_RESISTANT &&
  24566. * !WC_NO_RNG && !WOLFSSL_KCAPI_ECC) */
  24567. #if defined(HAVE_ECC_KEY_EXPORT) && !defined(WC_NO_RNG) && \
  24568. !defined(WOLFSSL_ATECC508) && !defined(WOLFSSL_ATECC608A) && \
  24569. !defined(WOLFSSL_KCAPI_ECC)
  24570. x = ECC_KEY_EXPORT_BUF_SIZE;
  24571. ret = wc_ecc_export_private_only(userA, exportBuf, &x);
  24572. if (ret != 0)
  24573. ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done);
  24574. #elif defined(HAVE_ECC_KEY_EXPORT)
  24575. (void)exportBuf;
  24576. #endif /* HAVE_ECC_KEY_EXPORT */
  24577. done:
  24578. #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
  24579. if (userA != NULL) {
  24580. wc_ecc_free(userA);
  24581. XFREE(userA, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  24582. }
  24583. if (userB != NULL) {
  24584. wc_ecc_free(userB);
  24585. XFREE(userB, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  24586. }
  24587. if (pubKey != NULL) {
  24588. wc_ecc_free(pubKey);
  24589. XFREE(pubKey, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  24590. }
  24591. #else
  24592. wc_ecc_free(pubKey);
  24593. wc_ecc_free(userB);
  24594. wc_ecc_free(userA);
  24595. #endif
  24596. #if defined(HAVE_ECC_DHE) || defined(HAVE_ECC_CDH)
  24597. WC_FREE_VAR(sharedA, HEAP_HINT);
  24598. WC_FREE_VAR(sharedB, HEAP_HINT);
  24599. #endif
  24600. #ifdef HAVE_ECC_KEY_EXPORT
  24601. WC_FREE_VAR(exportBuf, HEAP_HINT);
  24602. #endif
  24603. #ifdef HAVE_ECC_SIGN
  24604. WC_FREE_VAR(sig, HEAP_HINT);
  24605. WC_FREE_VAR(digest, HEAP_HINT);
  24606. #endif
  24607. (void)keySize;
  24608. (void)curve_id;
  24609. (void)rng;
  24610. return ret;
  24611. }
  24612. #undef ECC_TEST_VERIFY_COUNT
  24613. #define ECC_TEST_VERIFY_COUNT 2
  24614. static wc_test_ret_t ecc_test_curve(WC_RNG* rng, int keySize, int curve_id)
  24615. {
  24616. wc_test_ret_t ret;
  24617. ret = ecc_test_curve_size(rng, keySize, ECC_TEST_VERIFY_COUNT, curve_id,
  24618. NULL);
  24619. if (ret < 0) {
  24620. if (ret == ECC_CURVE_OID_E) {
  24621. /* ignore error for curves not found */
  24622. /* some curve sizes are only available with:
  24623. HAVE_ECC_SECPR2, HAVE_ECC_SECPR3, HAVE_ECC_BRAINPOOL
  24624. and HAVE_ECC_KOBLITZ */
  24625. }
  24626. else {
  24627. printf("ecc_test_curve_size %d failed!\n", keySize);
  24628. return ret;
  24629. }
  24630. }
  24631. #ifndef WOLF_CRYPTO_CB_ONLY_ECC
  24632. #ifdef HAVE_ECC_VECTOR_TEST
  24633. ret = ecc_test_vector(keySize);
  24634. if (ret < 0) {
  24635. printf("ecc_test_vector %d failed!\n", keySize);
  24636. return ret;
  24637. }
  24638. #endif
  24639. #if defined(HAVE_ECC_KEY_IMPORT) && defined(HAVE_ECC_KEY_EXPORT) && \
  24640. !defined(NO_ASN_CRYPT) && !defined(WC_NO_RNG)
  24641. ret = ecc_test_key_decode(rng, keySize);
  24642. if (ret < 0) {
  24643. if (ret == ECC_CURVE_OID_E) {
  24644. /* ignore error for curves not found */
  24645. }
  24646. else {
  24647. printf("ecc_test_key_decode %d failed!\n", keySize);
  24648. return ret;
  24649. }
  24650. }
  24651. #endif
  24652. #if defined(HAVE_ECC_KEY_EXPORT) && !defined(NO_ASN_CRYPT) && !defined(WC_NO_RNG)
  24653. ret = ecc_test_key_gen(rng, keySize);
  24654. if (ret < 0) {
  24655. if (ret == ECC_CURVE_OID_E) {
  24656. /* ignore error for curves not found */
  24657. }
  24658. else {
  24659. printf("ecc_test_key_gen %d failed!\n", keySize);
  24660. return ret;
  24661. }
  24662. }
  24663. #endif
  24664. #endif /* WOLF_CRYPTO_CB_ONLY_ECC */
  24665. return 0;
  24666. }
  24667. #if (!defined(NO_ECC256) || defined(HAVE_ALL_CURVES)) && ECC_MIN_KEY_SZ <= 256
  24668. #if !defined(WOLFSSL_ATECC508A) && !defined(WOLFSSL_ATECC608A) && \
  24669. defined(HAVE_ECC_KEY_IMPORT) && defined(HAVE_ECC_KEY_EXPORT) && \
  24670. !defined(WOLFSSL_NO_MALLOC) && !defined(WOLF_CRYPTO_CB_ONLY_ECC)
  24671. static wc_test_ret_t ecc_point_test(void)
  24672. {
  24673. wc_test_ret_t ret;
  24674. ecc_point* point;
  24675. ecc_point* point2;
  24676. #ifdef HAVE_COMP_KEY
  24677. ecc_point* point3;
  24678. ecc_point* point4;
  24679. #endif
  24680. word32 outLen;
  24681. byte out[65];
  24682. byte der[] = { 0x04, /* = Uncompressed */
  24683. 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08,
  24684. 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08,
  24685. 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08,
  24686. 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08,
  24687. 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08,
  24688. 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08,
  24689. 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08,
  24690. 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08 };
  24691. #if defined(HAVE_COMP_KEY) && (!defined(HAVE_FIPS) && !defined(HAVE_SELFTEST) || \
  24692. (defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION > 2)))
  24693. byte derComp0[] = { 0x02, /* = Compressed, y even */
  24694. 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08,
  24695. 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08,
  24696. 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08,
  24697. 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08 };
  24698. byte derComp1[] = { 0x03, /* = Compressed, y odd */
  24699. 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08,
  24700. 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08,
  24701. 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08,
  24702. 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08 };
  24703. #endif
  24704. byte altDer[] = { 0x04, /* = Uncompressed */
  24705. 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
  24706. 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
  24707. 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
  24708. 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
  24709. 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
  24710. 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
  24711. 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
  24712. 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07 };
  24713. int curve_idx = wc_ecc_get_curve_idx(ECC_SECP256R1);
  24714. /* if curve P256 is not enabled then test should not fail */
  24715. if (curve_idx == ECC_CURVE_INVALID)
  24716. return 0;
  24717. outLen = sizeof(out);
  24718. point = wc_ecc_new_point();
  24719. if (point == NULL)
  24720. return WC_TEST_RET_ENC_ERRNO;
  24721. point2 = wc_ecc_new_point();
  24722. if (point2 == NULL) {
  24723. wc_ecc_del_point(point);
  24724. return WC_TEST_RET_ENC_NC;
  24725. }
  24726. #ifdef HAVE_COMP_KEY
  24727. point3 = wc_ecc_new_point();
  24728. if (point3 == NULL) {
  24729. wc_ecc_del_point(point2);
  24730. wc_ecc_del_point(point);
  24731. return WC_TEST_RET_ENC_NC;
  24732. }
  24733. point4 = wc_ecc_new_point();
  24734. if (point4 == NULL) {
  24735. wc_ecc_del_point(point3);
  24736. wc_ecc_del_point(point2);
  24737. wc_ecc_del_point(point);
  24738. return WC_TEST_RET_ENC_NC;
  24739. }
  24740. #endif
  24741. /* Parameter Validation testing. */
  24742. wc_ecc_del_point(NULL);
  24743. ret = wc_ecc_import_point_der(NULL, sizeof(der), curve_idx, point);
  24744. if (ret != ECC_BAD_ARG_E) {
  24745. ret = WC_TEST_RET_ENC_EC(ret);
  24746. goto done;
  24747. }
  24748. ret = wc_ecc_import_point_der(der, sizeof(der), ECC_CURVE_INVALID, point);
  24749. if (ret != ECC_BAD_ARG_E) {
  24750. ret = WC_TEST_RET_ENC_EC(ret);
  24751. goto done;
  24752. }
  24753. ret = wc_ecc_import_point_der(der, sizeof(der), curve_idx, NULL);
  24754. if (ret != ECC_BAD_ARG_E) {
  24755. ret = WC_TEST_RET_ENC_EC(ret);
  24756. goto done;
  24757. }
  24758. ret = wc_ecc_export_point_der(-1, point, out, &outLen);
  24759. if (ret != ECC_BAD_ARG_E) {
  24760. ret = WC_TEST_RET_ENC_EC(ret);
  24761. goto done;
  24762. }
  24763. ret = wc_ecc_export_point_der(curve_idx, NULL, out, &outLen);
  24764. if (ret != ECC_BAD_ARG_E) {
  24765. ret = WC_TEST_RET_ENC_EC(ret);
  24766. goto done;
  24767. }
  24768. ret = wc_ecc_export_point_der(curve_idx, point, NULL, &outLen);
  24769. if (ret != LENGTH_ONLY_E || outLen != sizeof(out)) {
  24770. ret = WC_TEST_RET_ENC_EC(ret);
  24771. goto done;
  24772. }
  24773. ret = wc_ecc_export_point_der(curve_idx, point, out, NULL);
  24774. if (ret != ECC_BAD_ARG_E) {
  24775. ret = WC_TEST_RET_ENC_EC(ret);
  24776. goto done;
  24777. }
  24778. outLen = 0;
  24779. ret = wc_ecc_export_point_der(curve_idx, point, out, &outLen);
  24780. if (ret != BUFFER_E) {
  24781. ret = WC_TEST_RET_ENC_EC(ret);
  24782. goto done;
  24783. }
  24784. ret = wc_ecc_copy_point(NULL, NULL);
  24785. if (ret != ECC_BAD_ARG_E) {
  24786. ret = WC_TEST_RET_ENC_EC(ret);
  24787. goto done;
  24788. }
  24789. ret = wc_ecc_copy_point(NULL, point2);
  24790. if (ret != ECC_BAD_ARG_E) {
  24791. ret = WC_TEST_RET_ENC_EC(ret);
  24792. goto done;
  24793. }
  24794. ret = wc_ecc_copy_point(point, NULL);
  24795. if (ret != ECC_BAD_ARG_E) {
  24796. ret = WC_TEST_RET_ENC_EC(ret);
  24797. goto done;
  24798. }
  24799. ret = wc_ecc_cmp_point(NULL, NULL);
  24800. if (ret != BAD_FUNC_ARG) {
  24801. ret = WC_TEST_RET_ENC_EC(ret);
  24802. goto done;
  24803. }
  24804. ret = wc_ecc_cmp_point(NULL, point2);
  24805. if (ret != BAD_FUNC_ARG) {
  24806. ret = WC_TEST_RET_ENC_EC(ret);
  24807. goto done;
  24808. }
  24809. ret = wc_ecc_cmp_point(point, NULL);
  24810. if (ret != BAD_FUNC_ARG) {
  24811. ret = WC_TEST_RET_ENC_EC(ret);
  24812. goto done;
  24813. }
  24814. /* Use API. */
  24815. ret = wc_ecc_import_point_der(der, sizeof(der), curve_idx, point);
  24816. if (ret != 0) {
  24817. ret = WC_TEST_RET_ENC_EC(ret);
  24818. goto done;
  24819. }
  24820. outLen = sizeof(out);
  24821. ret = wc_ecc_export_point_der(curve_idx, point, out, &outLen);
  24822. if (ret != 0) {
  24823. ret = WC_TEST_RET_ENC_EC(ret);
  24824. goto done;
  24825. }
  24826. if (outLen != sizeof(der)) {
  24827. ret = WC_TEST_RET_ENC_NC;
  24828. goto done;
  24829. }
  24830. if (XMEMCMP(out, der, outLen) != 0) {
  24831. ret = WC_TEST_RET_ENC_NC;
  24832. goto done;
  24833. }
  24834. ret = wc_ecc_copy_point(point2, point);
  24835. if (ret != MP_OKAY) {
  24836. ret = WC_TEST_RET_ENC_EC(ret);
  24837. goto done;
  24838. }
  24839. ret = wc_ecc_cmp_point(point2, point);
  24840. if (ret != MP_EQ) {
  24841. ret = WC_TEST_RET_ENC_EC(ret);
  24842. goto done;
  24843. }
  24844. ret = wc_ecc_import_point_der(altDer, sizeof(altDer), curve_idx, point2);
  24845. if (ret != 0) {
  24846. ret = WC_TEST_RET_ENC_EC(ret);
  24847. goto done;
  24848. }
  24849. ret = wc_ecc_cmp_point(point2, point);
  24850. if (ret != MP_GT) {
  24851. ret = WC_TEST_RET_ENC_EC(ret);
  24852. goto done;
  24853. }
  24854. #if defined(HAVE_COMP_KEY) && (!defined(HAVE_FIPS) && !defined(HAVE_SELFTEST) || \
  24855. (defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION > 2)))
  24856. ret = wc_ecc_import_point_der(derComp0, sizeof(derComp0)*2-1, curve_idx, point3);
  24857. if (ret != 0) {
  24858. ret = WC_TEST_RET_ENC_EC(ret);
  24859. goto done;
  24860. }
  24861. ret = wc_ecc_import_point_der_ex(derComp0, sizeof(derComp0), curve_idx, point4, 0);
  24862. if (ret != 0) {
  24863. ret = WC_TEST_RET_ENC_EC(ret);
  24864. goto done;
  24865. }
  24866. ret = wc_ecc_cmp_point(point3, point4);
  24867. if (ret != MP_EQ) {
  24868. ret = WC_TEST_RET_ENC_EC(ret);
  24869. goto done;
  24870. }
  24871. ret = wc_ecc_import_point_der(derComp1, sizeof(derComp1)*2-1, curve_idx, point3);
  24872. if (ret != 0) {
  24873. ret = WC_TEST_RET_ENC_EC(ret);
  24874. goto done;
  24875. }
  24876. ret = wc_ecc_import_point_der_ex(derComp1, sizeof(derComp1), curve_idx, point4, 0);
  24877. if (ret != 0) {
  24878. ret = WC_TEST_RET_ENC_EC(ret);
  24879. goto done;
  24880. }
  24881. ret = wc_ecc_cmp_point(point3, point4);
  24882. if (ret != MP_EQ) {
  24883. ret = WC_TEST_RET_ENC_EC(ret);
  24884. goto done;
  24885. }
  24886. #endif
  24887. done:
  24888. #ifdef HAVE_COMP_KEY
  24889. wc_ecc_del_point(point4);
  24890. wc_ecc_del_point(point3);
  24891. #endif
  24892. wc_ecc_del_point(point2);
  24893. wc_ecc_del_point(point);
  24894. return ret;
  24895. }
  24896. #endif /* !WOLFSSL_ATECC508A && HAVE_ECC_KEY_IMPORT && HAVE_ECC_KEY_EXPORT */
  24897. #if !defined(NO_SIG_WRAPPER) && !defined(WOLF_CRYPTO_CB_ONLY_ECC)
  24898. static wc_test_ret_t ecc_sig_test(WC_RNG* rng, ecc_key* key)
  24899. {
  24900. wc_test_ret_t ret;
  24901. word32 sigSz;
  24902. int size;
  24903. byte out[ECC_MAX_SIG_SIZE];
  24904. byte in[] = TEST_STRING;
  24905. WOLFSSL_SMALL_STACK_STATIC const byte hash[] = {
  24906. 0xf2, 0x02, 0x95, 0x65, 0xcb, 0xf6, 0x2a, 0x59,
  24907. 0x39, 0x2c, 0x05, 0xff, 0x0e, 0x29, 0xaf, 0xfe,
  24908. 0x47, 0x33, 0x8c, 0x99, 0x8d, 0x58, 0x64, 0x83,
  24909. 0xa6, 0x58, 0x0a, 0x33, 0x0b, 0x84, 0x5f, 0x5f
  24910. };
  24911. word32 inLen = (word32)XSTRLEN((char*)in);
  24912. size = wc_ecc_sig_size(key);
  24913. ret = wc_SignatureGetSize(WC_SIGNATURE_TYPE_ECC, key, sizeof(*key));
  24914. if (ret != size)
  24915. return WC_TEST_RET_ENC_NC;
  24916. sigSz = (word32)ret;
  24917. ret = wc_SignatureGenerate(WC_HASH_TYPE_SHA256, WC_SIGNATURE_TYPE_ECC, in,
  24918. inLen, out, &sigSz, key, sizeof(*key), rng);
  24919. if (ret != 0)
  24920. return WC_TEST_RET_ENC_EC(ret);
  24921. TEST_SLEEP();
  24922. ret = wc_SignatureVerify(WC_HASH_TYPE_SHA256, WC_SIGNATURE_TYPE_ECC, in,
  24923. inLen, out, sigSz, key, sizeof(*key));
  24924. if (ret != 0)
  24925. return WC_TEST_RET_ENC_EC(ret);
  24926. TEST_SLEEP();
  24927. sigSz = (word32)sizeof(out);
  24928. ret = wc_SignatureGenerateHash(WC_HASH_TYPE_SHA256, WC_SIGNATURE_TYPE_ECC,
  24929. hash, (int)sizeof(hash), out, &sigSz, key, sizeof(*key), rng);
  24930. if (ret != 0)
  24931. return WC_TEST_RET_ENC_EC(ret);
  24932. TEST_SLEEP();
  24933. ret = wc_SignatureVerifyHash(WC_HASH_TYPE_SHA256, WC_SIGNATURE_TYPE_ECC,
  24934. hash, (int)sizeof(hash), out, sigSz, key, sizeof(*key));
  24935. if (ret != 0)
  24936. return WC_TEST_RET_ENC_EC(ret);
  24937. TEST_SLEEP();
  24938. return 0;
  24939. }
  24940. #endif
  24941. #if defined(HAVE_ECC_KEY_IMPORT) && defined(HAVE_ECC_KEY_EXPORT) && \
  24942. !defined(WOLF_CRYPTO_CB_ONLY_ECC)
  24943. static wc_test_ret_t ecc_exp_imp_test(ecc_key* key)
  24944. {
  24945. wc_test_ret_t ret;
  24946. int curve_id;
  24947. #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
  24948. ecc_key *keyImp = (ecc_key *)XMALLOC(sizeof *keyImp, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  24949. #else
  24950. ecc_key keyImp[1];
  24951. #endif
  24952. byte priv[32];
  24953. word32 privLen;
  24954. byte pub[65*2];
  24955. word32 pubLen, pubLenX, pubLenY;
  24956. const char qx[] = "7a4e287890a1a47ad3457e52f2f76a83"
  24957. "ce46cbc947616d0cbaa82323818a793d";
  24958. const char qy[] = "eec4084f5b29ebf29c44cce3b3059610"
  24959. "922f8b30ea6e8811742ac7238fe87308";
  24960. const char d[] = "8c14b793cb19137e323a6d2e2a870bca"
  24961. "2e7a493ec1153b3a95feb8a4873f8d08";
  24962. #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
  24963. if (keyImp == NULL)
  24964. ERROR_OUT(WC_TEST_RET_ENC_ERRNO, done);
  24965. #endif
  24966. wc_ecc_init_ex(keyImp, HEAP_HINT, devId);
  24967. privLen = sizeof(priv);
  24968. ret = wc_ecc_export_private_only(key, priv, &privLen);
  24969. if (ret != 0) {
  24970. ret = WC_TEST_RET_ENC_EC(ret);
  24971. goto done;
  24972. }
  24973. pubLen = sizeof(pub);
  24974. ret = wc_ecc_export_point_der(key->idx, &key->pubkey, pub, &pubLen);
  24975. if (ret != 0) {
  24976. ret = WC_TEST_RET_ENC_EC(ret);
  24977. goto done;
  24978. }
  24979. ret = wc_ecc_import_private_key(priv, privLen, pub, pubLen, keyImp);
  24980. if (ret != 0) {
  24981. ret = WC_TEST_RET_ENC_EC(ret);
  24982. goto done;
  24983. }
  24984. wc_ecc_free(keyImp);
  24985. wc_ecc_init_ex(keyImp, HEAP_HINT, devId);
  24986. ret = wc_ecc_import_raw_ex(keyImp, qx, qy, d, ECC_SECP256R1);
  24987. if (ret != 0) {
  24988. ret = WC_TEST_RET_ENC_EC(ret);
  24989. goto done;
  24990. }
  24991. wc_ecc_free(keyImp);
  24992. wc_ecc_init_ex(keyImp, HEAP_HINT, devId);
  24993. curve_id = wc_ecc_get_curve_id(key->idx);
  24994. if (curve_id < 0) {
  24995. ret = WC_TEST_RET_ENC_EC(curve_id);
  24996. goto done;
  24997. }
  24998. /* test import private only */
  24999. ret = wc_ecc_import_private_key_ex(priv, privLen, NULL, 0, keyImp,
  25000. curve_id);
  25001. if (ret != 0) {
  25002. ret = WC_TEST_RET_ENC_EC(ret);
  25003. goto done;
  25004. }
  25005. wc_ecc_free(keyImp);
  25006. wc_ecc_init_ex(keyImp, HEAP_HINT, devId);
  25007. /* test export public raw */
  25008. pubLenX = pubLenY = 32;
  25009. ret = wc_ecc_export_public_raw(key, pub, &pubLenX, &pub[32], &pubLenY);
  25010. if (ret != 0) {
  25011. ret = WC_TEST_RET_ENC_EC(ret);
  25012. goto done;
  25013. }
  25014. #ifndef HAVE_SELFTEST
  25015. /* test import of public */
  25016. ret = wc_ecc_import_unsigned(keyImp, pub, &pub[32], NULL, ECC_SECP256R1);
  25017. if (ret != 0) {
  25018. ret = WC_TEST_RET_ENC_EC(ret);
  25019. goto done;
  25020. }
  25021. #endif
  25022. wc_ecc_free(keyImp);
  25023. wc_ecc_init_ex(keyImp, HEAP_HINT, devId);
  25024. /* test export private and public raw */
  25025. pubLenX = pubLenY = privLen = 32;
  25026. ret = wc_ecc_export_private_raw(key, pub, &pubLenX, &pub[32], &pubLenY,
  25027. priv, &privLen);
  25028. if (ret != 0) {
  25029. ret = WC_TEST_RET_ENC_EC(ret);
  25030. goto done;
  25031. }
  25032. #ifndef HAVE_SELFTEST
  25033. /* test import of private and public */
  25034. ret = wc_ecc_import_unsigned(keyImp, pub, &pub[32], priv, ECC_SECP256R1);
  25035. if (ret != 0) {
  25036. ret = WC_TEST_RET_ENC_EC(ret);
  25037. goto done;
  25038. }
  25039. #endif
  25040. done:
  25041. #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
  25042. if (keyImp != NULL) {
  25043. wc_ecc_free(keyImp);
  25044. XFREE(keyImp, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  25045. }
  25046. #else
  25047. wc_ecc_free(keyImp);
  25048. #endif
  25049. return ret;
  25050. }
  25051. #endif /* HAVE_ECC_KEY_IMPORT && HAVE_ECC_KEY_EXPORT */
  25052. #if defined(HAVE_ECC_KEY_IMPORT) && !defined(WOLFSSL_VALIDATE_ECC_IMPORT) && \
  25053. !defined(WOLFSSL_CRYPTOCELL) && !defined(WOLF_CRYPTO_CB_ONLY_ECC)
  25054. static wc_test_ret_t ecc_mulmod_test(ecc_key* key1)
  25055. {
  25056. wc_test_ret_t ret;
  25057. #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
  25058. ecc_key *key2 = (ecc_key *)XMALLOC(sizeof *key2, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  25059. ecc_key *key3 = (ecc_key *)XMALLOC(sizeof *key3, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  25060. #else
  25061. ecc_key key2[1];
  25062. ecc_key key3[1];
  25063. #endif
  25064. #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
  25065. if ((key2 == NULL) || (key3 == NULL))
  25066. ERROR_OUT(MEMORY_E, done);
  25067. #endif
  25068. wc_ecc_init_ex(key2, HEAP_HINT, devId);
  25069. wc_ecc_init_ex(key3, HEAP_HINT, devId);
  25070. /* TODO: Use test data, test with WOLFSSL_VALIDATE_ECC_IMPORT. */
  25071. /* Need base point (Gx,Gy) and parameter A - load them as the public and
  25072. * private key in key2.
  25073. */
  25074. ret = wc_ecc_import_raw_ex(key2, key1->dp->Gx, key1->dp->Gy, key1->dp->Af,
  25075. ECC_SECP256R1);
  25076. if (ret != 0)
  25077. goto done;
  25078. /* Need a point (Gx,Gy) and prime - load them as the public and private key
  25079. * in key3.
  25080. */
  25081. ret = wc_ecc_import_raw_ex(key3, key1->dp->Gx, key1->dp->Gy,
  25082. key1->dp->prime, ECC_SECP256R1);
  25083. if (ret != 0)
  25084. goto done;
  25085. ret = wc_ecc_mulmod(wc_ecc_key_get_priv(key1), &key2->pubkey, &key3->pubkey,
  25086. wc_ecc_key_get_priv(key2), wc_ecc_key_get_priv(key3),
  25087. 1);
  25088. if (ret != 0) {
  25089. ret = WC_TEST_RET_ENC_EC(ret);
  25090. goto done;
  25091. }
  25092. done:
  25093. #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
  25094. if (key2 != NULL) {
  25095. wc_ecc_free(key2);
  25096. XFREE(key2, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  25097. }
  25098. if (key3 != NULL) {
  25099. wc_ecc_free(key3);
  25100. XFREE(key3, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  25101. }
  25102. #else
  25103. wc_ecc_free(key3);
  25104. wc_ecc_free(key2);
  25105. #endif
  25106. return ret;
  25107. }
  25108. #endif
  25109. #if defined(HAVE_ECC_DHE) && !defined(WC_NO_RNG) && \
  25110. !defined(WOLF_CRYPTO_CB_ONLY_ECC) && !defined(WOLFSSL_ATECC508A) && \
  25111. !defined(WOLFSSL_ATECC608A) && !defined(PLUTON_CRYPTO_ECC) && \
  25112. !defined(WOLFSSL_CRYPTOCELL)
  25113. static wc_test_ret_t ecc_ssh_test(ecc_key* key, WC_RNG* rng)
  25114. {
  25115. wc_test_ret_t ret;
  25116. byte out[128];
  25117. word32 outLen = sizeof(out);
  25118. /* Parameter Validation testing. */
  25119. ret = wc_ecc_shared_secret_ssh(NULL, &key->pubkey, out, &outLen);
  25120. if (ret != BAD_FUNC_ARG)
  25121. return WC_TEST_RET_ENC_EC(ret);
  25122. ret = wc_ecc_shared_secret_ssh(key, NULL, out, &outLen);
  25123. if (ret != BAD_FUNC_ARG)
  25124. return WC_TEST_RET_ENC_EC(ret);
  25125. ret = wc_ecc_shared_secret_ssh(key, &key->pubkey, NULL, &outLen);
  25126. if (ret != BAD_FUNC_ARG)
  25127. return WC_TEST_RET_ENC_EC(ret);
  25128. ret = wc_ecc_shared_secret_ssh(key, &key->pubkey, out, NULL);
  25129. if (ret != BAD_FUNC_ARG)
  25130. return WC_TEST_RET_ENC_EC(ret);
  25131. #if defined(ECC_TIMING_RESISTANT) && (!defined(HAVE_FIPS) || \
  25132. (!defined(HAVE_FIPS_VERSION) || (HAVE_FIPS_VERSION != 2))) && \
  25133. !defined(HAVE_SELFTEST)
  25134. ret = wc_ecc_set_rng(key, rng);
  25135. if (ret != 0)
  25136. return WC_TEST_RET_ENC_EC(ret);
  25137. #else
  25138. (void)rng;
  25139. #endif
  25140. /* Use API. */
  25141. ret = 0;
  25142. do {
  25143. #if defined(WOLFSSL_ASYNC_CRYPT)
  25144. ret = wc_AsyncWait(ret, &key->asyncDev, WC_ASYNC_FLAG_CALL_AGAIN);
  25145. #endif
  25146. if (ret == 0)
  25147. ret = wc_ecc_shared_secret_ssh(key, &key->pubkey, out, &outLen);
  25148. } while (ret == WC_PENDING_E);
  25149. if (ret != 0)
  25150. return WC_TEST_RET_ENC_EC(ret);
  25151. TEST_SLEEP();
  25152. return 0;
  25153. }
  25154. #endif /* HAVE_ECC_DHE && !WC_NO_RNG */
  25155. static wc_test_ret_t ecc_def_curve_test(WC_RNG *rng)
  25156. {
  25157. wc_test_ret_t ret;
  25158. #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
  25159. ecc_key *key = (ecc_key *)XMALLOC(sizeof *key, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  25160. #else
  25161. ecc_key key[1];
  25162. #endif
  25163. #if !defined(NO_ECC_SECP) && \
  25164. ((defined(HAVE_ECC_KEY_IMPORT) && defined(HAVE_ECC_KEY_EXPORT)) || \
  25165. (defined(HAVE_ECC_KEY_IMPORT) && !defined(WOLFSSL_VALIDATE_ECC_IMPORT)))
  25166. word32 idx = 0;
  25167. #endif
  25168. #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
  25169. if (key == NULL)
  25170. ERROR_OUT(MEMORY_E, done);
  25171. #endif
  25172. wc_ecc_init_ex(key, HEAP_HINT, devId);
  25173. /* Use API */
  25174. ret = wc_ecc_set_flags(NULL, 0);
  25175. if (ret != BAD_FUNC_ARG) {
  25176. ret = WC_TEST_RET_ENC_EC(ret);
  25177. goto done;
  25178. }
  25179. ret = wc_ecc_set_flags(key, 0);
  25180. if (ret != 0) {
  25181. ret = WC_TEST_RET_ENC_EC(ret);
  25182. goto done;
  25183. }
  25184. #ifndef WOLF_CRYPTO_CB_ONLY_ECC
  25185. #ifndef WC_NO_RNG
  25186. ret = wc_ecc_make_key(rng, ECC_KEYGEN_SIZE, key);
  25187. #if defined(WOLFSSL_ASYNC_CRYPT)
  25188. ret = wc_AsyncWait(ret, &key->asyncDev, WC_ASYNC_FLAG_NONE);
  25189. #endif
  25190. if (ret != 0) {
  25191. goto done;
  25192. }
  25193. #ifndef NO_SIG_WRAPPER
  25194. ret = ecc_sig_test(rng, key);
  25195. if (ret < 0)
  25196. goto done;
  25197. #endif
  25198. TEST_SLEEP();
  25199. #if defined(HAVE_ECC_DHE) && !defined(WOLFSSL_CRYPTOCELL) && \
  25200. !defined(WOLF_CRYPTO_CB_ONLY_ECC)
  25201. ret = ecc_ssh_test(key, rng);
  25202. if (ret < 0)
  25203. goto done;
  25204. #endif
  25205. wc_ecc_free(key);
  25206. #else
  25207. (void)rng;
  25208. #endif /* !WC_NO_RNG */
  25209. #if !defined(NO_ECC_SECP) && \
  25210. ((defined(HAVE_ECC_KEY_IMPORT) && defined(HAVE_ECC_KEY_EXPORT)) || \
  25211. (defined(HAVE_ECC_KEY_IMPORT) && !defined(WOLFSSL_VALIDATE_ECC_IMPORT)))
  25212. /* Use test ECC key - ensure real private "d" exists */
  25213. #ifdef USE_CERT_BUFFERS_256
  25214. ret = wc_EccPrivateKeyDecode(ecc_key_der_256, &idx, key,
  25215. sizeof_ecc_key_der_256);
  25216. #else
  25217. {
  25218. XFILE file = XFOPEN(eccKeyDerFile, "rb");
  25219. byte der[128];
  25220. word32 derSz;
  25221. if (!file) {
  25222. ERROR_OUT(WC_TEST_RET_ENC_ERRNO, done);
  25223. }
  25224. derSz = (word32)XFREAD(der, 1, sizeof(der), file);
  25225. XFCLOSE(file);
  25226. if (derSz == 0)
  25227. ERROR_OUT(WC_TEST_RET_ENC_ERRNO, done);
  25228. ret = wc_EccPrivateKeyDecode(der, &idx, key, derSz);
  25229. }
  25230. #endif
  25231. if (ret != 0) {
  25232. goto done;
  25233. }
  25234. #if defined(HAVE_ECC_KEY_IMPORT) && defined(HAVE_ECC_KEY_EXPORT)
  25235. ret = ecc_exp_imp_test(key);
  25236. if (ret < 0)
  25237. goto done;
  25238. #endif
  25239. #if defined(HAVE_ECC_KEY_IMPORT) && !defined(WOLFSSL_VALIDATE_ECC_IMPORT) && \
  25240. !defined(WOLFSSL_CRYPTOCELL)
  25241. ret = ecc_mulmod_test(key);
  25242. if (ret < 0)
  25243. goto done;
  25244. #endif
  25245. #endif
  25246. #else
  25247. (void)rng;
  25248. (void)idx;
  25249. #endif /* WOLF_CRYPTO_CB_ONLY_ECC */
  25250. done:
  25251. wc_ecc_free(key);
  25252. #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
  25253. if (key != NULL) {
  25254. XFREE(key, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  25255. }
  25256. #endif
  25257. return ret;
  25258. }
  25259. #endif /* !NO_ECC256 || HAVE_ALL_CURVES */
  25260. #if defined(WOLFSSL_CERT_EXT) && \
  25261. (!defined(NO_ECC256) || defined(HAVE_ALL_CURVES)) && ECC_MIN_KEY_SZ <= 256
  25262. static wc_test_ret_t ecc_decode_test(void)
  25263. {
  25264. wc_test_ret_t ret;
  25265. word32 inSz;
  25266. word32 inOutIdx;
  25267. #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
  25268. ecc_key *key = (ecc_key *)XMALLOC(sizeof *key, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  25269. #else
  25270. ecc_key key[1];
  25271. #endif
  25272. /* SECP256R1 OID: 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x03, 0x01, 0x07 */
  25273. /* This is ecc_clikeypub_der_256. */
  25274. WOLFSSL_SMALL_STACK_STATIC const byte good[] = {
  25275. 0x30, 0x59, 0x30, 0x13, 0x06, 0x07, 0x2a, 0x86, 0x48, 0xce,
  25276. 0x3d, 0x02, 0x01, 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d,
  25277. 0x03, 0x01, 0x07, 0x03, 0x42, 0x00, 0x04, 0x55, 0xbf, 0xf4,
  25278. 0x0f, 0x44, 0x50, 0x9a, 0x3d, 0xce, 0x9b, 0xb7, 0xf0, 0xc5,
  25279. 0x4d, 0xf5, 0x70, 0x7b, 0xd4, 0xec, 0x24, 0x8e, 0x19, 0x80,
  25280. 0xec, 0x5a, 0x4c, 0xa2, 0x24, 0x03, 0x62, 0x2c, 0x9b, 0xda,
  25281. 0xef, 0xa2, 0x35, 0x12, 0x43, 0x84, 0x76, 0x16, 0xc6, 0x56,
  25282. 0x95, 0x06, 0xcc, 0x01, 0xa9, 0xbd, 0xf6, 0x75, 0x1a, 0x42,
  25283. 0xf7, 0xbd, 0xa9, 0xb2, 0x36, 0x22, 0x5f, 0xc7, 0x5d, 0x7f,
  25284. 0xb4 };
  25285. WOLFSSL_SMALL_STACK_STATIC const byte badNoObjId[] = { 0x30, 0x08, 0x30, 0x06, 0x03, 0x04,
  25286. 0x00, 0x04, 0x01, 0x01 };
  25287. WOLFSSL_SMALL_STACK_STATIC const byte badOneObjId[] = { 0x30, 0x0a, 0x30, 0x08, 0x06, 0x00,
  25288. 0x03, 0x04, 0x00, 0x04, 0x01, 0x01 };
  25289. WOLFSSL_SMALL_STACK_STATIC const byte badObjId1Len[] = { 0x30, 0x0c, 0x30, 0x0a, 0x06, 0x09,
  25290. 0x06, 0x00, 0x03, 0x04, 0x00, 0x04, 0x01, 0x01 };
  25291. WOLFSSL_SMALL_STACK_STATIC const byte badObj2d1Len[] = { 0x30, 0x0c, 0x30, 0x0a, 0x06, 0x00,
  25292. 0x06, 0x07, 0x03, 0x04, 0x00, 0x04, 0x01, 0x01 };
  25293. WOLFSSL_SMALL_STACK_STATIC const byte badNotBitStr[] = { 0x30, 0x14, 0x30, 0x0b, 0x06, 0x00,
  25294. 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x03, 0x01, 0x07,
  25295. 0x04, 0x04, 0x00, 0x04, 0x01, 0x01 };
  25296. WOLFSSL_SMALL_STACK_STATIC const byte badBitStrLen[] = { 0x30, 0x14, 0x30, 0x0b, 0x06, 0x00,
  25297. 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x03, 0x01, 0x07,
  25298. 0x03, 0x05, 0x00, 0x04, 0x01, 0x01 };
  25299. WOLFSSL_SMALL_STACK_STATIC const byte badNoBitStrZero[] = { 0x30, 0x13, 0x30, 0x0a, 0x06, 0x00,
  25300. 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x03, 0x01, 0x07,
  25301. 0x03, 0x03, 0x04, 0x01, 0x01 };
  25302. WOLFSSL_SMALL_STACK_STATIC const byte badPoint[] = { 0x30, 0x12, 0x30, 0x09, 0x06, 0x00,
  25303. 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x03, 0x01, 0x07,
  25304. 0x03, 0x03, 0x00, 0x04, 0x01 };
  25305. #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
  25306. if (key == NULL)
  25307. ERROR_OUT(MEMORY_E, done);
  25308. #endif
  25309. XMEMSET(key, 0, sizeof *key);
  25310. wc_ecc_init_ex(key, HEAP_HINT, devId);
  25311. inSz = sizeof(good);
  25312. ret = wc_EccPublicKeyDecode(NULL, &inOutIdx, key, inSz);
  25313. if (ret != BAD_FUNC_ARG) {
  25314. ret = WC_TEST_RET_ENC_EC(ret);
  25315. goto done;
  25316. }
  25317. ret = wc_EccPublicKeyDecode(good, NULL, key, inSz);
  25318. if (ret != BAD_FUNC_ARG) {
  25319. ret = WC_TEST_RET_ENC_EC(ret);
  25320. goto done;
  25321. }
  25322. ret = wc_EccPublicKeyDecode(good, &inOutIdx, NULL, inSz);
  25323. if (ret != BAD_FUNC_ARG) {
  25324. ret = WC_TEST_RET_ENC_EC(ret);
  25325. goto done;
  25326. }
  25327. ret = wc_EccPublicKeyDecode(good, &inOutIdx, key, 0);
  25328. if (ret != BAD_FUNC_ARG) {
  25329. ret = WC_TEST_RET_ENC_EC(ret);
  25330. goto done;
  25331. }
  25332. /* Change offset to produce bad input data. */
  25333. inOutIdx = 2;
  25334. inSz = sizeof(good) - inOutIdx;
  25335. ret = wc_EccPublicKeyDecode(good, &inOutIdx, key, inSz);
  25336. if (ret != ASN_PARSE_E) {
  25337. ret = WC_TEST_RET_ENC_EC(ret);
  25338. goto done;
  25339. }
  25340. inOutIdx = 4;
  25341. inSz = sizeof(good) - inOutIdx;
  25342. ret = wc_EccPublicKeyDecode(good, &inOutIdx, key, inSz);
  25343. if (ret != ASN_PARSE_E) {
  25344. ret = WC_TEST_RET_ENC_EC(ret);
  25345. goto done;
  25346. }
  25347. /* Bad data. */
  25348. inSz = sizeof(badNoObjId);
  25349. inOutIdx = 0;
  25350. ret = wc_EccPublicKeyDecode(badNoObjId, &inOutIdx, key, inSz);
  25351. if (ret != ASN_OBJECT_ID_E && ret != ASN_PARSE_E) {
  25352. ret = WC_TEST_RET_ENC_EC(ret);
  25353. goto done;
  25354. }
  25355. inSz = sizeof(badOneObjId);
  25356. inOutIdx = 0;
  25357. ret = wc_EccPublicKeyDecode(badOneObjId, &inOutIdx, key, inSz);
  25358. if (ret != ASN_OBJECT_ID_E && ret != ASN_PARSE_E) {
  25359. ret = WC_TEST_RET_ENC_EC(ret);
  25360. goto done;
  25361. }
  25362. inSz = sizeof(badObjId1Len);
  25363. inOutIdx = 0;
  25364. ret = wc_EccPublicKeyDecode(badObjId1Len, &inOutIdx, key, inSz);
  25365. if (ret != ASN_PARSE_E) {
  25366. ret = WC_TEST_RET_ENC_EC(ret);
  25367. goto done;
  25368. }
  25369. inSz = sizeof(badObj2d1Len);
  25370. inOutIdx = 0;
  25371. ret = wc_EccPublicKeyDecode(badObj2d1Len, &inOutIdx, key, inSz);
  25372. if (ret != ASN_PARSE_E) {
  25373. ret = WC_TEST_RET_ENC_EC(ret);
  25374. goto done;
  25375. }
  25376. inSz = sizeof(badNotBitStr);
  25377. inOutIdx = 0;
  25378. ret = wc_EccPublicKeyDecode(badNotBitStr, &inOutIdx, key, inSz);
  25379. if (ret != ASN_BITSTR_E && ret != ASN_PARSE_E) {
  25380. ret = WC_TEST_RET_ENC_EC(ret);
  25381. goto done;
  25382. }
  25383. inSz = sizeof(badBitStrLen);
  25384. inOutIdx = 0;
  25385. ret = wc_EccPublicKeyDecode(badBitStrLen, &inOutIdx, key, inSz);
  25386. if (ret != ASN_PARSE_E) {
  25387. ret = WC_TEST_RET_ENC_EC(ret);
  25388. goto done;
  25389. }
  25390. inSz = sizeof(badNoBitStrZero);
  25391. inOutIdx = 0;
  25392. ret = wc_EccPublicKeyDecode(badNoBitStrZero, &inOutIdx, key, inSz);
  25393. if (ret != ASN_EXPECT_0_E && ret != ASN_PARSE_E) {
  25394. ret = WC_TEST_RET_ENC_EC(ret);
  25395. goto done;
  25396. }
  25397. inSz = sizeof(badPoint);
  25398. inOutIdx = 0;
  25399. ret = wc_EccPublicKeyDecode(badPoint, &inOutIdx, key, inSz);
  25400. if (ret != ASN_ECC_KEY_E && ret != ASN_PARSE_E) {
  25401. ret = WC_TEST_RET_ENC_EC(ret);
  25402. goto done;
  25403. }
  25404. inSz = sizeof(good);
  25405. inOutIdx = 0;
  25406. ret = wc_EccPublicKeyDecode(good, &inOutIdx, key, inSz);
  25407. if (ret != 0) {
  25408. ret = WC_TEST_RET_ENC_EC(ret);
  25409. goto done;
  25410. }
  25411. done:
  25412. #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
  25413. if (key != NULL) {
  25414. wc_ecc_free(key);
  25415. XFREE(key, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  25416. }
  25417. #else
  25418. wc_ecc_free(key);
  25419. #endif
  25420. return ret;
  25421. }
  25422. #endif /* WOLFSSL_CERT_EXT */
  25423. #ifdef WOLFSSL_CUSTOM_CURVES
  25424. static const byte eccKeyExplicitCurve[] = {
  25425. 0x30, 0x81, 0xf5, 0x30, 0x81, 0xae, 0x06, 0x07,
  25426. 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x02, 0x01, 0x30,
  25427. 0x81, 0xa2, 0x02, 0x01, 0x01, 0x30, 0x2c, 0x06,
  25428. 0x07, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x01, 0x01,
  25429. 0x02, 0x21, 0x00, 0xff, 0xff, 0xff, 0xff, 0xff,
  25430. 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
  25431. 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
  25432. 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xfe, 0xff,
  25433. 0xff, 0xfc, 0x2f, 0x30, 0x06, 0x04, 0x01, 0x00,
  25434. 0x04, 0x01, 0x07, 0x04, 0x41, 0x04, 0x79, 0xbe,
  25435. 0x66, 0x7e, 0xf9, 0xdc, 0xbb, 0xac, 0x55, 0xa0,
  25436. 0x62, 0x95, 0xce, 0x87, 0x0b, 0x07, 0x02, 0x9b,
  25437. 0xfc, 0xdb, 0x2d, 0xce, 0x28, 0xd9, 0x59, 0xf2,
  25438. 0x81, 0x5b, 0x16, 0xf8, 0x17, 0x98, 0x48, 0x3a,
  25439. 0xda, 0x77, 0x26, 0xa3, 0xc4, 0x65, 0x5d, 0xa4,
  25440. 0xfb, 0xfc, 0x0e, 0x11, 0x08, 0xa8, 0xfd, 0x17,
  25441. 0xb4, 0x48, 0xa6, 0x85, 0x54, 0x19, 0x9c, 0x47,
  25442. 0xd0, 0x8f, 0xfb, 0x10, 0xd4, 0xb8, 0x02, 0x21,
  25443. 0x00, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
  25444. 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
  25445. 0xfe, 0xba, 0xae, 0xdc, 0xe6, 0xaf, 0x48, 0xa0,
  25446. 0x3b, 0xbf, 0xd2, 0x5e, 0x8c, 0xd0, 0x36, 0x41,
  25447. 0x41, 0x02, 0x01, 0x01, 0x03, 0x42, 0x00, 0x04,
  25448. 0x3c, 0x4c, 0xc9, 0x5e, 0x2e, 0xa2, 0x3d, 0x49,
  25449. 0xcc, 0x5b, 0xff, 0x4f, 0xc9, 0x2e, 0x1d, 0x4a,
  25450. 0xc6, 0x21, 0xf6, 0xf3, 0xe6, 0x0b, 0x4f, 0xa9,
  25451. 0x9d, 0x74, 0x99, 0xdd, 0x97, 0xc7, 0x6e, 0xbe,
  25452. 0x14, 0x2b, 0x39, 0x9d, 0x63, 0xc7, 0x97, 0x0d,
  25453. 0x45, 0x25, 0x40, 0x30, 0x77, 0x05, 0x76, 0x88,
  25454. 0x38, 0x96, 0x29, 0x7d, 0x9c, 0xe1, 0x50, 0xbe,
  25455. 0xac, 0xf0, 0x1d, 0x86, 0xf4, 0x2f, 0x65, 0x0b
  25456. };
  25457. static wc_test_ret_t ecc_test_custom_curves(WC_RNG* rng)
  25458. {
  25459. wc_test_ret_t ret;
  25460. word32 inOutIdx;
  25461. #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
  25462. ecc_key *key = (ecc_key *)XMALLOC(sizeof *key, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  25463. #else
  25464. ecc_key key[1];
  25465. #endif
  25466. /* test use of custom curve - using BRAINPOOLP256R1 for test */
  25467. #if defined(HAVE_ECC_BRAINPOOL) && !defined(HAVE_INTEL_QA)
  25468. #ifndef WOLFSSL_ECC_CURVE_STATIC
  25469. WOLFSSL_SMALL_STACK_STATIC const ecc_oid_t ecc_oid_brainpoolp256r1[] = {
  25470. 0x2B,0x24,0x03,0x03,0x02,0x08,0x01,0x01,0x07
  25471. };
  25472. #define ecc_oid_brainpoolp256r1_sz \
  25473. (sizeof(ecc_oid_brainpoolp256r1) / sizeof(ecc_oid_t))
  25474. #else
  25475. #define ecc_oid_brainpoolp256r1 { \
  25476. 0x2B,0x24,0x03,0x03,0x02,0x08,0x01,0x01,0x07 \
  25477. }
  25478. #define ecc_oid_brainpoolp256r1_sz 9
  25479. #endif
  25480. #define ecc_oid_brainpoolp256r1_sum 104
  25481. WOLFSSL_SMALL_STACK_STATIC const ecc_set_type ecc_dp_brainpool256r1 = {
  25482. 32, /* size/bytes */
  25483. ECC_CURVE_CUSTOM, /* ID */
  25484. "BRAINPOOLP256R1", /* curve name */
  25485. "A9FB57DBA1EEA9BC3E660A909D838D726E3BF623D52620282013481D1F6E5377", /* prime */
  25486. "7D5A0975FC2C3057EEF67530417AFFE7FB8055C126DC5C6CE94A4B44F330B5D9", /* A */
  25487. "26DC5C6CE94A4B44F330B5D9BBD77CBF958416295CF7E1CE6BCCDC18FF8C07B6", /* B */
  25488. "A9FB57DBA1EEA9BC3E660A909D838D718C397AA3B561A6F7901E0E82974856A7", /* order */
  25489. "8BD2AEB9CB7E57CB2C4B482FFC81B7AFB9DE27E1E3BD23C23A4453BD9ACE3262", /* Gx */
  25490. "547EF835C3DAC4FD97F8461A14611DC9C27745132DED8E545C1D54C72F046997", /* Gy */
  25491. ecc_oid_brainpoolp256r1, /* oid/oidSz */
  25492. ecc_oid_brainpoolp256r1_sz,
  25493. ecc_oid_brainpoolp256r1_sum, /* oid sum */
  25494. 1, /* cofactor */
  25495. };
  25496. #endif /* HAVE_ECC_BRAINPOOL */
  25497. #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
  25498. if (! key) {
  25499. ret = MEMORY_E;
  25500. goto done;
  25501. }
  25502. #endif
  25503. XMEMSET(key, 0, sizeof *key);
  25504. #if defined(HAVE_ECC_BRAINPOOL) && !defined(HAVE_INTEL_QA)
  25505. ret = ecc_test_curve_size(rng, 0, ECC_TEST_VERIFY_COUNT, ECC_CURVE_DEF,
  25506. &ecc_dp_brainpool256r1);
  25507. if (ret != 0) {
  25508. printf("ECC test for custom curve failed!\n");
  25509. goto done;
  25510. }
  25511. #endif
  25512. #if defined(HAVE_ECC_BRAINPOOL) || defined(HAVE_ECC_KOBLITZ)
  25513. {
  25514. int curve_id;
  25515. #ifdef HAVE_ECC_BRAINPOOL
  25516. curve_id = ECC_BRAINPOOLP256R1;
  25517. #else
  25518. curve_id = ECC_SECP256K1;
  25519. #endif
  25520. /* Test and demonstrate use of non-SECP curve */
  25521. ret = ecc_test_curve_size(rng, 0, ECC_TEST_VERIFY_COUNT, curve_id, NULL);
  25522. if (ret < 0) {
  25523. printf("ECC test for curve_id %d failed!\n", curve_id);
  25524. goto done;
  25525. }
  25526. }
  25527. #endif
  25528. ret = wc_ecc_init_ex(key, HEAP_HINT, devId);
  25529. if (ret != 0) {
  25530. ret = WC_TEST_RET_ENC_EC(ret);
  25531. goto done;
  25532. }
  25533. inOutIdx = 0;
  25534. ret = wc_EccPublicKeyDecode(eccKeyExplicitCurve, &inOutIdx, key,
  25535. sizeof(eccKeyExplicitCurve));
  25536. if (ret != 0)
  25537. ret = WC_TEST_RET_ENC_EC(ret);
  25538. done:
  25539. #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
  25540. if (key) {
  25541. wc_ecc_free(key);
  25542. XFREE(key, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  25543. }
  25544. #else
  25545. wc_ecc_free(key);
  25546. #endif
  25547. (void)rng;
  25548. return ret;
  25549. }
  25550. #endif /* WOLFSSL_CUSTOM_CURVES */
  25551. #ifdef WOLFSSL_SM2
  25552. #ifdef HAVE_ECC_VERIFY
  25553. #if defined(WOLFSSL_PUBLIC_MP) && defined(WOLFSSL_CUSTOM_CURVES)
  25554. #ifdef WOLFSSL_SM2
  25555. #ifdef HAVE_OID_ENCODING
  25556. #define CODED_SM2P256V1 {1,2,156,10197,1,301}
  25557. #define CODED_SM2P256V1_SZ 6
  25558. #else
  25559. #define CODED_SM2P256V1 {0x06,0x08,0x2A,0x81,0x1C,0xCF,0x55,0x01,0x82,0x2D}
  25560. #define CODED_SM2P256V1_SZ 10
  25561. #endif
  25562. #ifndef WOLFSSL_ECC_CURVE_STATIC
  25563. static const ecc_oid_t ecc_oid_sm2p256v1[] = CODED_SM2P256V1;
  25564. #else
  25565. #define ecc_oid_sm2p256v1 CODED_SM2P256V1
  25566. #endif
  25567. #define ecc_oid_sm2p256v1_sz CODED_SM2P256V1_SZ
  25568. #endif /* WOLFSSL_SM2 */
  25569. #define ECC_SM2P256V1_TEST 102
  25570. static int test_sm2_verify_caseA2(void)
  25571. {
  25572. ecc_key key;
  25573. int ret, res;
  25574. mp_int r,s;
  25575. /* test key values */
  25576. const char qx[] = "0AE4C7798AA0F119471BEE11825BE46202BB79E2A5844495E97C04FF4DF2548A";
  25577. const char qy[] = "7C0240F88F1CD4E16352A73C17B7F16F07353E53A176D684A9FE0C6BB798E857";
  25578. const char d[] = "128B2FA8BD433C6C068C8D803DFF79792A519A55171B1B650C23661D15897263";
  25579. const ecc_set_type ecc_sm2_A2 = {
  25580. 32, /* size/bytes */
  25581. ECC_SM2P256V1_TEST, /* ID */
  25582. "SM2P256V1_TEST", /* curve name */
  25583. /* from test case A.2 in draft-shen-sm2-ecdsa-02 */
  25584. "8542D69E4C044F18E8B92435BF6FF7DE457283915C45517D722EDB8B08F1DFC3", /* prime */
  25585. "787968B4FA32C3FD2417842E73BBFEFF2F3C848B6831D7E0EC65228B3937E498", /* A */
  25586. "63E4C6D3B23B0C849CF84241484BFE48F61D59A5B16BA06E6E12D1DA27C5249A", /* B */
  25587. "8542D69E4C044F18E8B92435BF6FF7DD297720630485628D5AE74EE7C32E79B7", /* order n */
  25588. "421DEBD61B62EAB6746434EBC3CC315E32220B3BADD50BDC4C4E6C147FEDD43D", /* Gx */
  25589. "0680512BCBB42C07D47349D2153B70C4E5D7FDFCBFA36EA1A85841B9E46E09A2", /* Gy */
  25590. ecc_oid_sm2p256v1, /* oid/oidSz */
  25591. ecc_oid_sm2p256v1_sz,
  25592. ECC_SM2P256V1_OID, /* oid sum */
  25593. 1, /* cofactor */
  25594. };
  25595. /* use canned hash value hash = H(ZA||M) */
  25596. const byte hash[] = {
  25597. 0xB5,0x24,0xF5,0x52,0xCD,0x82,0xB8,0xB0,
  25598. 0x28,0x47,0x6E,0x00,0x5C,0x37,0x7F,0xB1,
  25599. 0x9A,0x87,0xE6,0xFC,0x68,0x2D,0x48,0xBB,
  25600. 0x5D,0x42,0xE3,0xD9,0xB9,0xEF,0xFE,0x76
  25601. };
  25602. /* canned r and s */
  25603. const byte rCan[] = {
  25604. 0x40,0xF1,0xEC,0x59,0xF7,0x93,0xD9,0xF4,
  25605. 0x9E,0x09,0xDC,0xEF,0x49,0x13,0x0D,0x41,
  25606. 0x94,0xF7,0x9F,0xB1,0xEE,0xD2,0xCA,0xA5,
  25607. 0x5B,0xAC,0xDB,0x49,0xC4,0xE7,0x55,0xD1
  25608. };
  25609. const byte sCan[] = {
  25610. 0x6F,0xC6,0xDA,0xC3,0x2C,0x5D,0x5C,0xF1,
  25611. 0x0C,0x77,0xDF,0xB2,0x0F,0x7C,0x2E,0xB6,
  25612. 0x67,0xA4,0x57,0x87,0x2F,0xB0,0x9E,0xC5,
  25613. 0x63,0x27,0xA6,0x7E,0xC7,0xDE,0xEB,0xE7
  25614. };
  25615. mp_init(&r);
  25616. mp_init(&s);
  25617. ret = wc_ecc_init_ex(&key, HEAP_HINT, devId);
  25618. if (ret != 0)
  25619. ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done);
  25620. ret = wc_ecc_set_custom_curve(&key, &ecc_sm2_A2);
  25621. if (ret != 0)
  25622. ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done);
  25623. ret = wc_ecc_import_raw_ex(&key, qx, qy, d, ECC_SM2P256V1_TEST);
  25624. if (ret != 0)
  25625. ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done);
  25626. mp_read_unsigned_bin(&r, rCan, sizeof(rCan));
  25627. mp_read_unsigned_bin(&s, sCan, sizeof(sCan));
  25628. ret = wc_ecc_sm2_verify_hash_ex(&r, &s, hash, sizeof(hash), &res, &key);
  25629. if (ret != 0)
  25630. ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done);
  25631. if (res != 1)
  25632. ERROR_OUT(WC_TEST_RET_ENC_NC, done);
  25633. done:
  25634. mp_free(&r);
  25635. mp_free(&s);
  25636. wc_ecc_free(&key);
  25637. return ret;
  25638. }
  25639. #endif /* WOLFSSL_PUBLIC_MP && WOLFSSL_CUSTOM_CURVES */
  25640. static int test_sm2_verify_case(void)
  25641. {
  25642. ecc_key key;
  25643. int ret, res;
  25644. /* test key values */
  25645. const char qx[] = "637F1B135036C933DC3F7A8EBB1B7B2FD1DFBD268D4F894B5AD47DBDBECD558F";
  25646. const char qy[] = "E88101D08048E36CCBF61CA38DDF7ABA542B4486E99E49F3A7470A857A096433";
  25647. /* use canned hash value hash = H(ZA||M) */
  25648. const byte hash[] = {
  25649. 0x3B,0xFA,0x5F,0xFB,0xC4,0x27,0x8C,0x9D,
  25650. 0x02,0x3A,0x19,0xCB,0x1E,0xAA,0xD2,0xF1,
  25651. 0x50,0x69,0x5B,0x20
  25652. };
  25653. const byte sig[] = {
  25654. 0x30,0x45,0x02,0x21,0x00,0xD2,0xFC,0xA3,
  25655. 0x88,0xE3,0xDF,0xA3,0x00,0x73,0x9B,0x3C,
  25656. 0x2A,0x0D,0xAD,0x44,0xA2,0xFC,0x62,0xD5,
  25657. 0x6B,0x84,0x54,0xD8,0x40,0x22,0x62,0x3D,
  25658. 0x5C,0xA6,0x61,0x9B,0xE7,0x02,0x20,0x1D,
  25659. 0xB5,0xB5,0xD9,0xD8,0xF1,0x20,0xDD,0x97,
  25660. 0x92,0xBF,0x7E,0x9B,0x3F,0xE6,0x3C,0x4B,
  25661. 0x03,0xD8,0x80,0xBD,0xB7,0x27,0x7E,0x6A,
  25662. 0x84,0x23,0xDE,0x61,0x7C,0x8D,0xDC
  25663. };
  25664. const byte badSig[] = {
  25665. 0x30,0x45,0x02,0x21,0x00,0xD2,0xFC,0xA3,
  25666. 0x88,0xE3,0xDF,0xA3,0x00,0x73,0x9B,0x3C,
  25667. 0x2A,0x0D,0xAD,0x44,0xA2,0xFC,0x62,0xD5,
  25668. 0x6B,0x84,0x54,0xD8,0x40,0x22,0x62,0x3D,
  25669. 0x5C,0xA6,0x61,0x9B,0xE7,0x02,0x20,0x1D,
  25670. 0xB5,0xB5,0xE9,0xD8,0xF1,0x20,0xDD,0x97,
  25671. 0x92,0xBF,0x7E,0x9B,0x3F,0xE6,0x3C,0x4B,
  25672. 0x03,0xD8,0x80,0xBD,0xB7,0x27,0x7E,0x6A,
  25673. 0x84,0x23,0xDE,0x61,0x7C,0x8D,0xDC
  25674. };
  25675. ret = wc_ecc_init_ex(&key, HEAP_HINT, devId);
  25676. if (ret != 0)
  25677. ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done);
  25678. ret = wc_ecc_import_raw(&key, qx, qy, NULL, "SM2P256V1");
  25679. if (ret != 0)
  25680. ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done);
  25681. ret = wc_ecc_sm2_verify_hash(sig, sizeof(sig), hash, sizeof(hash), &res,
  25682. &key);
  25683. if (ret != 0)
  25684. ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done);
  25685. if (res != 1)
  25686. ERROR_OUT(WC_TEST_RET_ENC_NC, done);
  25687. /* now test a case that should fail */
  25688. ret = wc_ecc_sm2_verify_hash(badSig, sizeof(badSig), hash, sizeof(hash),
  25689. &res, &key);
  25690. if (ret != 0)
  25691. ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done);
  25692. if (res == 1)
  25693. ERROR_OUT(WC_TEST_RET_ENC_NC, done);
  25694. done:
  25695. wc_ecc_free(&key);
  25696. return ret;
  25697. }
  25698. static int ecc_sm2_test_curve(WC_RNG* rng, int testVerifyCount)
  25699. {
  25700. const ecc_set_type* dp = wc_ecc_get_curve_params(
  25701. wc_ecc_get_curve_idx(ECC_SM2P256V1));
  25702. int keySize = 32;
  25703. int curve_id = ECC_SM2P256V1;
  25704. #if (defined(HAVE_ECC_DHE) || defined(HAVE_ECC_CDH)) && !defined(WC_NO_RNG)
  25705. WC_DECLARE_VAR(sharedA, byte, ECC_SHARED_SIZE, HEAP_HINT);
  25706. WC_DECLARE_VAR(sharedB, byte, ECC_SHARED_SIZE, HEAP_HINT);
  25707. #endif
  25708. #ifdef HAVE_ECC_KEY_EXPORT
  25709. #define ECC_KEY_EXPORT_BUF_SIZE (MAX_ECC_BYTES * 2 + 32)
  25710. WC_DECLARE_VAR(exportBuf, byte, ECC_KEY_EXPORT_BUF_SIZE, HEAP_HINT);
  25711. #endif
  25712. word32 x = 0;
  25713. #if (defined(HAVE_ECC_DHE) || defined(HAVE_ECC_CDH)) && !defined(WC_NO_RNG)
  25714. word32 y;
  25715. #endif
  25716. #ifdef HAVE_ECC_SIGN
  25717. WC_DECLARE_VAR(sig, byte, ECC_SIG_SIZE, HEAP_HINT);
  25718. WC_DECLARE_VAR(digest, byte, ECC_DIGEST_SIZE, HEAP_HINT);
  25719. int i;
  25720. #ifdef HAVE_ECC_VERIFY
  25721. int verify;
  25722. #endif /* HAVE_ECC_VERIFY */
  25723. #endif /* HAVE_ECC_SIGN */
  25724. int ret;
  25725. #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
  25726. ecc_key *userA = (ecc_key *)XMALLOC(sizeof *userA, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  25727. ecc_key *userB = (ecc_key *)XMALLOC(sizeof *userB, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  25728. ecc_key *pubKey = (ecc_key *)XMALLOC(sizeof *pubKey, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  25729. #else
  25730. ecc_key userA[1];
  25731. ecc_key userB[1];
  25732. ecc_key pubKey[1];
  25733. #endif
  25734. #ifndef WC_NO_RNG
  25735. int curveSize;
  25736. #endif
  25737. #if (defined(HAVE_ECC_DHE) || defined(HAVE_ECC_CDH)) && !defined(WC_NO_RNG)
  25738. WC_ALLOC_VAR(sharedA, byte, ECC_SHARED_SIZE, HEAP_HINT);
  25739. WC_ALLOC_VAR(sharedB, byte, ECC_SHARED_SIZE, HEAP_HINT);
  25740. #endif
  25741. #ifdef HAVE_ECC_KEY_EXPORT
  25742. WC_ALLOC_VAR(exportBuf, byte, ECC_KEY_EXPORT_BUF_SIZE, HEAP_HINT);
  25743. #endif
  25744. #ifdef HAVE_ECC_SIGN
  25745. WC_ALLOC_VAR(sig, byte, ECC_SIG_SIZE, HEAP_HINT);
  25746. WC_ALLOC_VAR(digest, byte, ECC_DIGEST_SIZE, HEAP_HINT);
  25747. #endif
  25748. #ifdef WC_DECLARE_VAR_IS_HEAP_ALLOC
  25749. #if (defined(HAVE_ECC_DHE) || defined(HAVE_ECC_CDH)) && !defined(WC_NO_RNG)
  25750. if (sharedA == NULL || sharedB == NULL)
  25751. ERROR_OUT(WC_TEST_RET_ENC_NC, done);
  25752. #endif
  25753. #ifdef HAVE_ECC_KEY_EXPORT
  25754. if (exportBuf == NULL)
  25755. ERROR_OUT(WC_TEST_RET_ENC_NC, done);
  25756. #endif
  25757. #ifdef HAVE_ECC_SIGN
  25758. if (sig == NULL || digest == NULL)
  25759. ERROR_OUT(WC_TEST_RET_ENC_NC, done);
  25760. #endif
  25761. #endif /* WOLFSSL_SMALL_STACK && !WOLFSSL_NO_MALLOC */
  25762. (void)testVerifyCount;
  25763. (void)dp;
  25764. (void)x;
  25765. #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
  25766. if ((userA == NULL) ||
  25767. (userB == NULL) ||
  25768. (pubKey == NULL))
  25769. ERROR_OUT(WC_TEST_RET_ENC_NC, done);
  25770. #endif
  25771. XMEMSET(userA, 0, sizeof *userA);
  25772. XMEMSET(userB, 0, sizeof *userB);
  25773. XMEMSET(pubKey, 0, sizeof *pubKey);
  25774. ret = wc_ecc_init_ex(userA, HEAP_HINT, devId);
  25775. if (ret != 0)
  25776. ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done);
  25777. ret = wc_ecc_init_ex(userB, HEAP_HINT, devId);
  25778. if (ret != 0)
  25779. ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done);
  25780. ret = wc_ecc_init_ex(pubKey, HEAP_HINT, devId);
  25781. if (ret != 0)
  25782. ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done);
  25783. #ifndef WC_NO_RNG
  25784. ret = wc_ecc_sm2_make_key(rng, userA, WC_ECC_FLAG_NONE);
  25785. if (ret == ECC_CURVE_OID_E)
  25786. goto done; /* catch case, where curve is not supported */
  25787. if (ret != 0)
  25788. ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done);
  25789. TEST_SLEEP();
  25790. if (wc_ecc_get_curve_idx(curve_id) != -1) {
  25791. curveSize = wc_ecc_get_curve_size_from_id(userA->dp->id);
  25792. if (curveSize != userA->dp->size) {
  25793. ERROR_OUT(WC_TEST_RET_ENC_NC, done);
  25794. }
  25795. }
  25796. ret = wc_ecc_check_key(userA);
  25797. if (ret != 0)
  25798. ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done);
  25799. TEST_SLEEP();
  25800. ret = wc_ecc_sm2_make_key(rng, userB, WC_ECC_FLAG_NONE);
  25801. if (ret != 0)
  25802. ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done);
  25803. /* only perform the below tests if the key size matches */
  25804. if (dp == NULL && keySize > 0 && wc_ecc_size(userA) != keySize)
  25805. if (ret != 0) {
  25806. ret = ECC_CURVE_OID_E;
  25807. ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done);
  25808. }
  25809. #ifdef HAVE_ECC_DHE
  25810. #if defined(ECC_TIMING_RESISTANT)
  25811. ret = wc_ecc_set_rng(userA, rng);
  25812. if (ret != 0)
  25813. ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done);
  25814. ret = wc_ecc_set_rng(userB, rng);
  25815. if (ret != 0)
  25816. ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done);
  25817. #endif
  25818. x = ECC_SHARED_SIZE;
  25819. ret = wc_ecc_sm2_shared_secret(userA, userB, sharedA, &x);
  25820. if (ret != 0)
  25821. ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done);
  25822. y = ECC_SHARED_SIZE;
  25823. ret = wc_ecc_sm2_shared_secret(userB, userA, sharedB, &y);
  25824. if (ret != 0)
  25825. ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done);
  25826. if (y != x)
  25827. ERROR_OUT(WC_TEST_RET_ENC_NC, done);
  25828. if (XMEMCMP(sharedA, sharedB, x))
  25829. ERROR_OUT(WC_TEST_RET_ENC_NC, done);
  25830. #endif /* HAVE_ECC_DHE */
  25831. #ifdef HAVE_ECC_KEY_EXPORT
  25832. x = ECC_KEY_EXPORT_BUF_SIZE;
  25833. ret = wc_ecc_export_x963_ex(userA, exportBuf, &x, 0);
  25834. if (ret != 0)
  25835. ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done);
  25836. #ifdef HAVE_ECC_KEY_IMPORT
  25837. ret = wc_ecc_import_x963_ex(exportBuf, x, pubKey, curve_id);
  25838. if (ret != 0)
  25839. ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done);
  25840. #ifdef HAVE_ECC_DHE
  25841. y = ECC_SHARED_SIZE;
  25842. ret = wc_ecc_sm2_shared_secret(userB, pubKey, sharedB, &y);
  25843. if (ret != 0)
  25844. ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done);
  25845. if (XMEMCMP(sharedA, sharedB, y))
  25846. ERROR_OUT(WC_TEST_RET_ENC_NC, done);
  25847. #endif /* HAVE_ECC_DHE */
  25848. #ifdef HAVE_COMP_KEY
  25849. /* try compressed export / import too */
  25850. x = ECC_KEY_EXPORT_BUF_SIZE;
  25851. ret = wc_ecc_export_x963_ex(userA, exportBuf, &x, 1);
  25852. if (ret != 0)
  25853. ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done);
  25854. wc_ecc_free(pubKey);
  25855. ret = wc_ecc_init_ex(pubKey, HEAP_HINT, devId);
  25856. if (ret != 0)
  25857. ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done);
  25858. #endif
  25859. ret = wc_ecc_import_x963_ex(exportBuf, x, pubKey, curve_id);
  25860. if (ret != 0)
  25861. ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done);
  25862. #ifdef HAVE_ECC_DHE
  25863. y = ECC_SHARED_SIZE;
  25864. ret = wc_ecc_sm2_shared_secret(userB, pubKey, sharedB, &y);
  25865. if (ret != 0)
  25866. ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done);
  25867. if (XMEMCMP(sharedA, sharedB, y))
  25868. ERROR_OUT(WC_TEST_RET_ENC_NC, done);
  25869. #endif /* HAVE_ECC_DHE */
  25870. #endif /* HAVE_ECC_KEY_IMPORT */
  25871. #endif /* HAVE_ECC_KEY_EXPORT */
  25872. #endif /* !WC_NO_RNG */
  25873. #if !defined(ECC_TIMING_RESISTANT) || (defined(ECC_TIMING_RESISTANT) && \
  25874. !defined(WC_NO_RNG))
  25875. #ifdef HAVE_ECC_SIGN
  25876. /* ECC w/out Shamir has issue with all 0 digest */
  25877. /* WC_BIGINT doesn't have 0 len well on hardware */
  25878. /* Cryptocell has issues with all 0 digest */
  25879. #if defined(ECC_SHAMIR)
  25880. /* test DSA sign hash with zeros */
  25881. for (i = 0; i < (int)ECC_DIGEST_SIZE; i++) {
  25882. digest[i] = 0;
  25883. }
  25884. x = ECC_SIG_SIZE;
  25885. ret = wc_ecc_sm2_sign_hash(digest, ECC_DIGEST_SIZE, sig, &x, rng, userA);
  25886. if (ret != 0)
  25887. ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done);
  25888. #ifdef HAVE_ECC_VERIFY
  25889. for (i = 0; i < testVerifyCount; i++) {
  25890. verify = 0;
  25891. ret = wc_ecc_sm2_verify_hash(sig, x, digest, ECC_DIGEST_SIZE, &verify,
  25892. userA);
  25893. if (ret != 0)
  25894. ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done);
  25895. if (verify != 1)
  25896. ERROR_OUT(WC_TEST_RET_ENC_NC, done);
  25897. }
  25898. #endif /* HAVE_ECC_VERIFY */
  25899. #endif /* ECC_SHAMIR */
  25900. /* test DSA sign hash with sequence (0,1,2,3,4,...) */
  25901. for (i = 0; i < (int)ECC_DIGEST_SIZE; i++) {
  25902. digest[i] = (byte)i;
  25903. }
  25904. x = ECC_SIG_SIZE;
  25905. ret = wc_ecc_sm2_sign_hash(digest, ECC_DIGEST_SIZE, sig, &x, rng, userA);
  25906. if (ret != 0)
  25907. ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done);
  25908. #ifdef HAVE_ECC_VERIFY
  25909. for (i = 0; i < testVerifyCount; i++) {
  25910. verify = 0;
  25911. ret = wc_ecc_sm2_verify_hash(sig, x, digest, ECC_DIGEST_SIZE, &verify,
  25912. userA);
  25913. if (ret != 0)
  25914. ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done);
  25915. if (verify != 1)
  25916. ERROR_OUT(WC_TEST_RET_ENC_NC, done);
  25917. }
  25918. #endif /* HAVE_ECC_VERIFY */
  25919. #endif /* HAVE_ECC_SIGN */
  25920. #endif /* !ECC_TIMING_RESISTANT || (ECC_TIMING_RESISTANT && !WC_NO_RNG) */
  25921. #if defined(HAVE_ECC_KEY_EXPORT) && !defined(WC_NO_RNG)
  25922. x = ECC_KEY_EXPORT_BUF_SIZE;
  25923. ret = wc_ecc_export_private_only(userA, exportBuf, &x);
  25924. if (ret != 0)
  25925. ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done);
  25926. #elif defined(HAVE_ECC_KEY_EXPORT)
  25927. (void)exportBuf;
  25928. #endif /* HAVE_ECC_KEY_EXPORT */
  25929. done:
  25930. #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
  25931. if (userA != NULL) {
  25932. wc_ecc_free(userA);
  25933. XFREE(userA, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  25934. }
  25935. if (userB != NULL) {
  25936. wc_ecc_free(userB);
  25937. XFREE(userB, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  25938. }
  25939. if (pubKey != NULL) {
  25940. wc_ecc_free(pubKey);
  25941. XFREE(pubKey, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  25942. }
  25943. #else
  25944. wc_ecc_free(pubKey);
  25945. wc_ecc_free(userB);
  25946. wc_ecc_free(userA);
  25947. #endif
  25948. #if defined(HAVE_ECC_DHE) || defined(HAVE_ECC_CDH)
  25949. WC_FREE_VAR(sharedA, HEAP_HINT);
  25950. WC_FREE_VAR(sharedB, HEAP_HINT);
  25951. #endif
  25952. #ifdef HAVE_ECC_KEY_EXPORT
  25953. WC_FREE_VAR(exportBuf, HEAP_HINT);
  25954. #endif
  25955. #ifdef HAVE_ECC_SIGN
  25956. WC_FREE_VAR(sig, HEAP_HINT);
  25957. WC_FREE_VAR(digest, HEAP_HINT);
  25958. #endif
  25959. (void)keySize;
  25960. (void)curve_id;
  25961. (void)rng;
  25962. return ret;
  25963. }
  25964. #endif /* HAVE_ECC_VERIFY */
  25965. static int test_sm2_create_digest(void)
  25966. {
  25967. const byte msg[] = "message to sign";
  25968. const byte id[] = "0123456789";
  25969. const byte badId[] = "0123556789";
  25970. byte expected[] = {
  25971. 0xdd, 0x4d, 0x65, 0x49, 0xa3, 0x64, 0x76, 0xc0,
  25972. 0x73, 0x05, 0xdc, 0x05, 0x16, 0xb5, 0xee, 0x9f,
  25973. 0x82, 0xf9, 0xe9, 0x7d, 0x01, 0x1a, 0xdc, 0x88,
  25974. 0x5a, 0x59, 0x9c, 0x44, 0xcc, 0x47, 0xa4, 0x78
  25975. };
  25976. ecc_key key;
  25977. int ret;
  25978. /* test key values */
  25979. const char qx[] =
  25980. "af178b7b8740cc9d5b493fbd22049c12621bc27dcc5802e75ff4d045a4158baf";
  25981. const char qy[] =
  25982. "89933faf7a4798f48c5b9b4cd3a7693d54c9e05449946eb489c0dd50a5294805";
  25983. const char d[] =
  25984. "b3e66c2dbfb50c6ff6830c1fac4b51293a2562f9e667052b03df2d4b43c1f34a";
  25985. byte digest[WC_SHA256_DIGEST_SIZE];
  25986. ret = wc_ecc_init_ex(&key, HEAP_HINT, devId);
  25987. if (ret != 0)
  25988. ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done);
  25989. ret = wc_ecc_import_raw(&key, qx, qy, d, "SM2P256V1");
  25990. if (ret != 0)
  25991. ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done);
  25992. ret = wc_ecc_sm2_create_digest(id, (int)XSTRLEN((const char*)id),
  25993. msg, (int)XSTRLEN((const char*)msg), WC_HASH_TYPE_SHA256, digest,
  25994. WC_SHA256_DIGEST_SIZE, &key);
  25995. if (ret != 0)
  25996. ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done);
  25997. if (XMEMCMP(digest, expected, WC_SHA256_DIGEST_SIZE) != 0)
  25998. ERROR_OUT(WC_TEST_RET_ENC_NC, done);
  25999. ret = wc_ecc_sm2_create_digest(badId, (int)XSTRLEN((const char*)badId),
  26000. msg, (int)XSTRLEN((const char*)msg), WC_HASH_TYPE_SHA256, digest,
  26001. WC_SHA256_DIGEST_SIZE, &key);
  26002. if (ret != 0)
  26003. goto done;
  26004. /* should be different than the previous ID used */
  26005. if (XMEMCMP(digest, expected, WC_SHA256_DIGEST_SIZE) == 0)
  26006. ERROR_OUT(WC_TEST_RET_ENC_NC, done);
  26007. done:
  26008. wc_ecc_free(&key);
  26009. return ret;
  26010. }
  26011. static int test_sm2_verify(void)
  26012. {
  26013. int ret = 0;
  26014. #ifdef HAVE_ECC_VERIFY
  26015. #if defined(WOLFSSL_PUBLIC_MP) && defined(WOLFSSL_CUSTOM_CURVES)
  26016. ret = test_sm2_verify_caseA2();
  26017. if (ret != 0)
  26018. return ret;
  26019. #endif
  26020. ret = test_sm2_verify_case();
  26021. if (ret != 0)
  26022. return ret;
  26023. #endif /* HAVE_ECC_VERIFY */
  26024. ret = test_sm2_create_digest();
  26025. return ret;
  26026. }
  26027. #endif /* WOLFSSL_SM2 */
  26028. #if defined(WOLFSSL_CERT_GEN) && !defined(NO_ECC_SECP) && !defined(NO_ASN_TIME)
  26029. /* Make Cert / Sign example for ECC cert and ECC CA */
  26030. static wc_test_ret_t ecc_test_cert_gen(WC_RNG* rng)
  26031. {
  26032. wc_test_ret_t ret;
  26033. #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
  26034. Cert *myCert = (Cert *)XMALLOC(sizeof *myCert, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  26035. #ifdef WOLFSSL_TEST_CERT
  26036. DecodedCert *decode = (DecodedCert *)XMALLOC(sizeof *decode, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  26037. #endif
  26038. ecc_key *caEccKey = (ecc_key *)XMALLOC(sizeof *caEccKey, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  26039. ecc_key *certPubKey = (ecc_key *)XMALLOC(sizeof *certPubKey, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  26040. #else
  26041. Cert myCert[1];
  26042. #ifdef WOLFSSL_TEST_CERT
  26043. DecodedCert decode[1];
  26044. #endif
  26045. ecc_key caEccKey[1];
  26046. ecc_key certPubKey[1];
  26047. #endif
  26048. int certSz;
  26049. size_t bytes;
  26050. word32 idx = 0;
  26051. #ifndef USE_CERT_BUFFERS_256
  26052. XFILE file;
  26053. #endif
  26054. #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
  26055. byte* der = NULL;
  26056. #else
  26057. byte der[FOURK_BUF];
  26058. #endif
  26059. #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
  26060. if ((myCert == NULL)
  26061. #ifdef WOLFSSL_TEST_CERT
  26062. || (decode == NULL)
  26063. #endif
  26064. || (caEccKey == NULL) || (certPubKey == NULL))
  26065. ERROR_OUT(MEMORY_E, exit);
  26066. #endif
  26067. XMEMSET(caEccKey, 0, sizeof *caEccKey);
  26068. XMEMSET(certPubKey, 0, sizeof *certPubKey);
  26069. #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
  26070. der = (byte*)XMALLOC(FOURK_BUF, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  26071. if (der == NULL) {
  26072. ERROR_OUT(WC_TEST_RET_ENC_ERRNO, exit);
  26073. }
  26074. #endif
  26075. /* Get cert private key */
  26076. #ifdef ENABLE_ECC384_CERT_GEN_TEST
  26077. /* Get Cert Key 384 */
  26078. #ifdef USE_CERT_BUFFERS_256
  26079. XMEMCPY(der, ca_ecc_key_der_384, sizeof_ca_ecc_key_der_384);
  26080. bytes = sizeof_ca_ecc_key_der_384;
  26081. #else
  26082. file = XFOPEN(eccCaKey384File, "rb");
  26083. if (!file) {
  26084. ERROR_OUT(WC_TEST_RET_ENC_ERRNO, exit);
  26085. }
  26086. bytes = XFREAD(der, 1, FOURK_BUF, file);
  26087. XFCLOSE(file);
  26088. if (bytes == 0)
  26089. ERROR_OUT(WC_TEST_RET_ENC_ERRNO, exit);
  26090. (void)eccCaKeyFile;
  26091. #endif /* USE_CERT_BUFFERS_256 */
  26092. #else
  26093. #ifdef USE_CERT_BUFFERS_256
  26094. XMEMCPY(der, ca_ecc_key_der_256, sizeof_ca_ecc_key_der_256);
  26095. bytes = sizeof_ca_ecc_key_der_256;
  26096. #else
  26097. file = XFOPEN(eccCaKeyFile, "rb");
  26098. if (!file) {
  26099. ERROR_OUT(WC_TEST_RET_ENC_ERRNO, exit);
  26100. }
  26101. bytes = XFREAD(der, 1, FOURK_BUF, file);
  26102. XFCLOSE(file);
  26103. if (bytes == 0)
  26104. ERROR_OUT(WC_TEST_RET_ENC_ERRNO, exit);
  26105. #ifdef ENABLE_ECC384_CERT_GEN_TEST
  26106. (void)eccCaKey384File;
  26107. #endif
  26108. #endif /* USE_CERT_BUFFERS_256 */
  26109. #endif /* ENABLE_ECC384_CERT_GEN_TEST */
  26110. /* Get CA Key */
  26111. ret = wc_ecc_init_ex(caEccKey, HEAP_HINT, devId);
  26112. if (ret != 0)
  26113. ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit);
  26114. ret = wc_EccPrivateKeyDecode(der, &idx, caEccKey, (word32)bytes);
  26115. if (ret != 0)
  26116. ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit);
  26117. /* Make a public key */
  26118. ret = wc_ecc_init_ex(certPubKey, HEAP_HINT, devId);
  26119. if (ret != 0)
  26120. ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit);
  26121. ret = wc_ecc_make_key(rng, ECC_KEYGEN_SIZE, certPubKey);
  26122. #if defined(WOLFSSL_ASYNC_CRYPT)
  26123. ret = wc_AsyncWait(ret, &certPubKey->asyncDev, WC_ASYNC_FLAG_NONE);
  26124. #endif
  26125. if (ret != 0)
  26126. ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit);
  26127. TEST_SLEEP();
  26128. /* Setup Certificate */
  26129. ret = wc_InitCert_ex(myCert, HEAP_HINT, devId);
  26130. if (ret != 0)
  26131. ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit);
  26132. #ifndef NO_SHA256
  26133. myCert->sigType = CTC_SHA256wECDSA;
  26134. #else
  26135. myCert->sigType = CTC_SHAwECDSA;
  26136. #endif
  26137. XMEMCPY(&myCert->subject, &certDefaultName, sizeof(CertName));
  26138. #ifdef WOLFSSL_CERT_EXT
  26139. /* add Policies */
  26140. XSTRNCPY(myCert->certPolicies[0], "2.4.589440.587.101.2.1.9632587.1",
  26141. CTC_MAX_CERTPOL_SZ);
  26142. XSTRNCPY(myCert->certPolicies[1], "1.2.13025.489.1.113549",
  26143. CTC_MAX_CERTPOL_SZ);
  26144. myCert->certPoliciesNb = 2;
  26145. /* add SKID from the Public Key */
  26146. ret = wc_SetSubjectKeyIdFromPublicKey(myCert, NULL, certPubKey);
  26147. if (ret != 0)
  26148. ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit);
  26149. /* add AKID from the Public Key */
  26150. ret = wc_SetAuthKeyIdFromPublicKey(myCert, NULL, caEccKey);
  26151. if (ret != 0)
  26152. ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit);
  26153. /* add Key Usage */
  26154. ret = wc_SetKeyUsage(myCert, certKeyUsage);
  26155. if (ret != 0)
  26156. ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit);
  26157. #endif /* WOLFSSL_CERT_EXT */
  26158. #ifdef ENABLE_ECC384_CERT_GEN_TEST
  26159. #if defined(USE_CERT_BUFFERS_256)
  26160. ret = wc_SetIssuerBuffer(myCert, ca_ecc_cert_der_384,
  26161. sizeof_ca_ecc_cert_der_384);
  26162. #else
  26163. ret = wc_SetIssuer(myCert, eccCaCert384File);
  26164. (void)eccCaCertFile;
  26165. #endif
  26166. #else
  26167. #if defined(USE_CERT_BUFFERS_256)
  26168. ret = wc_SetIssuerBuffer(myCert, ca_ecc_cert_der_256,
  26169. sizeof_ca_ecc_cert_der_256);
  26170. #else
  26171. ret = wc_SetIssuer(myCert, eccCaCertFile);
  26172. #ifdef ENABLE_ECC384_CERT_GEN_TEST
  26173. (void)eccCaCert384File;
  26174. #endif
  26175. #endif
  26176. #endif /* ENABLE_ECC384_CERT_GEN_TEST */
  26177. if (ret < 0)
  26178. ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit);
  26179. certSz = wc_MakeCert(myCert, der, FOURK_BUF, NULL, certPubKey, rng);
  26180. if (certSz < 0) {
  26181. ERROR_OUT(WC_TEST_RET_ENC_EC(certSz), exit);
  26182. }
  26183. ret = 0;
  26184. do {
  26185. #if defined(WOLFSSL_ASYNC_CRYPT)
  26186. ret = wc_AsyncWait(ret, &caEccKey->asyncDev, WC_ASYNC_FLAG_CALL_AGAIN);
  26187. #endif
  26188. if (ret >= 0) {
  26189. ret = wc_SignCert(myCert->bodySz, myCert->sigType, der,
  26190. FOURK_BUF, NULL, caEccKey, rng);
  26191. }
  26192. } while (ret == WC_PENDING_E);
  26193. if (ret < 0)
  26194. ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit);
  26195. certSz = (word32)ret;
  26196. TEST_SLEEP();
  26197. #ifdef WOLFSSL_TEST_CERT
  26198. InitDecodedCert(decode, der, certSz, HEAP_HINT);
  26199. ret = ParseCert(decode, CERT_TYPE, NO_VERIFY, 0);
  26200. if (ret != 0) {
  26201. FreeDecodedCert(decode);
  26202. ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit);
  26203. }
  26204. FreeDecodedCert(decode);
  26205. #endif
  26206. ret = SaveDerAndPem(der, certSz, certEccDerFile, certEccPemFile,
  26207. CERT_TYPE);
  26208. if (ret != 0) {
  26209. goto exit;
  26210. }
  26211. exit:
  26212. #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
  26213. XFREE(der, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  26214. #endif
  26215. #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
  26216. if (myCert != NULL)
  26217. XFREE(myCert, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  26218. #ifdef WOLFSSL_TEST_CERT
  26219. if (decode != NULL)
  26220. XFREE(decode, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  26221. #endif
  26222. if (caEccKey != NULL) {
  26223. wc_ecc_free(caEccKey);
  26224. XFREE(caEccKey, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  26225. }
  26226. if (certPubKey != NULL) {
  26227. wc_ecc_free(certPubKey);
  26228. XFREE(certPubKey, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  26229. }
  26230. #else
  26231. wc_ecc_free(certPubKey);
  26232. wc_ecc_free(caEccKey);
  26233. #endif
  26234. return ret;
  26235. }
  26236. #endif /* WOLFSSL_CERT_GEN */
  26237. #if !defined(HAVE_FIPS) && !defined(HAVE_SELFTEST) && \
  26238. !defined(WOLFSSL_NO_MALLOC) && !defined(WOLF_CRYPTO_CB_ONLY_ECC) && \
  26239. (!defined(NO_ECC_SECP) || defined(WOLFSSL_CUSTOM_CURVES))
  26240. /* Test for the wc_ecc_key_new() and wc_ecc_key_free() functions. */
  26241. static wc_test_ret_t ecc_test_allocator(WC_RNG* rng)
  26242. {
  26243. wc_test_ret_t ret = 0;
  26244. ecc_key* key;
  26245. #ifdef WC_NO_RNG
  26246. word32 idx = 0;
  26247. #endif
  26248. key = wc_ecc_key_new(HEAP_HINT);
  26249. if (key == NULL) {
  26250. ERROR_OUT(WC_TEST_RET_ENC_ERRNO, exit);
  26251. }
  26252. #ifndef WC_NO_RNG
  26253. ret = wc_ecc_make_key(rng, ECC_KEYGEN_SIZE, key);
  26254. #if defined(WOLFSSL_ASYNC_CRYPT)
  26255. ret = wc_AsyncWait(ret, &key->asyncDev, WC_ASYNC_FLAG_NONE);
  26256. #endif
  26257. if (ret != 0)
  26258. ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit);
  26259. #else
  26260. /* use test ECC key */
  26261. ret = wc_EccPrivateKeyDecode(ecc_key_der_256, &idx, key,
  26262. (word32)sizeof_ecc_key_der_256);
  26263. (void)rng;
  26264. #endif
  26265. exit:
  26266. wc_ecc_key_free(key);
  26267. return ret;
  26268. }
  26269. #endif
  26270. /* ECC Non-blocking tests for Sign and Verify */
  26271. /* Requires SP math and supports P384 or P256 */
  26272. /* ./configure --enable-ecc=nonblock --enable-sp=yes,nonblock CFLAGS="-DWOLFSSL_PUBLIC_MP" */
  26273. #if defined(WC_ECC_NONBLOCK) && defined(WOLFSSL_HAVE_SP_ECC) && \
  26274. defined(WOLFSSL_PUBLIC_MP)
  26275. /* ECC Private Key "d" */
  26276. static const byte p256PrivKey[] = {
  26277. /* SECP256R1 */
  26278. /* d */
  26279. 0x1e, 0xe7, 0x70, 0x07, 0xd3, 0x30, 0x94, 0x39,
  26280. 0x28, 0x90, 0xdf, 0x23, 0x88, 0x2c, 0x4a, 0x34,
  26281. 0x15, 0xdb, 0x4c, 0x43, 0xcd, 0xfa, 0xe5, 0x1f,
  26282. 0x3d, 0x4c, 0x37, 0xfe, 0x59, 0x3b, 0x96, 0xd8
  26283. };
  26284. #ifdef HAVE_ECC384
  26285. static const byte p384PrivKey[] = {
  26286. /* SECP384R1 */
  26287. /* d */
  26288. 0xa4, 0xe5, 0x06, 0xe8, 0x06, 0x16, 0x3e, 0xab,
  26289. 0x89, 0xf8, 0x60, 0x43, 0xc0, 0x60, 0x25, 0xdb,
  26290. 0xba, 0x7b, 0xfe, 0x19, 0x35, 0x08, 0x55, 0x65,
  26291. 0x76, 0xe2, 0xdc, 0xe0, 0x01, 0x8b, 0x6b, 0x68,
  26292. 0xdf, 0xcf, 0x6f, 0x80, 0x12, 0xce, 0x79, 0x37,
  26293. 0xeb, 0x2b, 0x9c, 0x7b, 0xc4, 0x68, 0x1c, 0x74
  26294. };
  26295. #endif /* HAVE_ECC384 */
  26296. #ifdef HAVE_ECC521
  26297. static const byte p521PrivKey[] = {
  26298. /* SECP521R1 */
  26299. /* d */
  26300. 0x01, 0x68, 0x91, 0x33, 0x53, 0xe2, 0x90, 0x68,
  26301. 0x11, 0x8f, 0xaa, 0xa8, 0x76, 0x0c, 0xf7, 0x2a,
  26302. 0x07, 0x1b, 0x92, 0x2a, 0xa7, 0x82, 0x3d, 0xfa,
  26303. 0x83, 0xce, 0x70, 0xc8, 0xc2, 0x60, 0x82, 0xfe,
  26304. 0x18, 0x88, 0x68, 0xda, 0x6a, 0x83, 0x46, 0x78,
  26305. 0xe4, 0xe9, 0xe9, 0xcc, 0x51, 0x7f, 0xed, 0x81,
  26306. 0x02, 0x32, 0xee, 0x26, 0x87, 0xcc, 0xed, 0x63,
  26307. 0x3f, 0x39, 0x27, 0xf0, 0xd7, 0x17, 0x77, 0xa1,
  26308. 0xa4, 0x36
  26309. };
  26310. #endif /* HAVE_ECC521 */
  26311. /* ECC public key Qx/Qy */
  26312. static const byte p256PubKey[] = {
  26313. /* SECP256R1 */
  26314. /* Qx */
  26315. 0x96, 0x93, 0x1c, 0x53, 0x0b, 0x43, 0x6c, 0x42,
  26316. 0x0c, 0x52, 0x90, 0xe4, 0xa7, 0xec, 0x98, 0xb1,
  26317. 0xaf, 0xd4, 0x14, 0x49, 0xd8, 0xc1, 0x42, 0x82,
  26318. 0x04, 0x78, 0xd1, 0x90, 0xae, 0xa0, 0x6c, 0x07,
  26319. /* Qy */
  26320. 0xf2, 0x3a, 0xb5, 0x10, 0x32, 0x8d, 0xce, 0x9e,
  26321. 0x76, 0xa0, 0xd2, 0x8c, 0xf3, 0xfc, 0xa9, 0x94,
  26322. 0x43, 0x24, 0xe6, 0x82, 0x00, 0x40, 0xc6, 0xdb,
  26323. 0x1c, 0x2f, 0xcd, 0x38, 0x4b, 0x60, 0xdd, 0x61
  26324. };
  26325. #ifdef HAVE_ECC384
  26326. static const byte p384PubKey[] = {
  26327. /* SECP384R1 */
  26328. /* Qx */
  26329. 0xea, 0xcf, 0x93, 0x4f, 0x2c, 0x09, 0xbb, 0x39,
  26330. 0x14, 0x0f, 0x56, 0x64, 0xc3, 0x40, 0xb4, 0xdf,
  26331. 0x0e, 0x63, 0xae, 0xe5, 0x71, 0x4b, 0x00, 0xcc,
  26332. 0x04, 0x97, 0xff, 0xe1, 0xe9, 0x38, 0x96, 0xbb,
  26333. 0x5f, 0x91, 0xb2, 0x6a, 0xcc, 0xb5, 0x39, 0x5f,
  26334. 0x8f, 0x70, 0x59, 0xf1, 0x01, 0xf6, 0x5a, 0x2b,
  26335. /* Qy */
  26336. 0x01, 0x6c, 0x68, 0x0b, 0xcf, 0x55, 0x25, 0xaf,
  26337. 0x6d, 0x98, 0x48, 0x0a, 0xa8, 0x74, 0xc9, 0xa9,
  26338. 0x17, 0xa0, 0x0c, 0xc3, 0xfb, 0xd3, 0x23, 0x68,
  26339. 0xfe, 0x04, 0x3c, 0x63, 0x50, 0x88, 0x3b, 0xb9,
  26340. 0x4f, 0x7c, 0x67, 0x34, 0xf7, 0x3b, 0xa9, 0x73,
  26341. 0xe7, 0x1b, 0xc3, 0x51, 0x5e, 0x22, 0x18, 0xec
  26342. };
  26343. #endif
  26344. #ifdef HAVE_ECC521
  26345. static const byte p521PubKey[] = {
  26346. /* SECP521R1 */
  26347. /* Qx */
  26348. 0x01, 0x62, 0x6e, 0xf1, 0x00, 0xec, 0xd8, 0x99,
  26349. 0x58, 0x9b, 0x80, 0x6b, 0xfe, 0x2c, 0xf1, 0xb2,
  26350. 0xf0, 0xc8, 0x48, 0xdf, 0xac, 0xd2, 0x3b, 0x71,
  26351. 0x29, 0xab, 0xf0, 0x66, 0x63, 0xd8, 0x8e, 0xb5,
  26352. 0xc8, 0xc2, 0xfc, 0x99, 0x44, 0xe2, 0x45, 0xb1,
  26353. 0x5a, 0x7b, 0xb9, 0x73, 0x01, 0xda, 0x79, 0xec,
  26354. 0x9c, 0x26, 0x27, 0x34, 0x45, 0x26, 0xd5, 0x89,
  26355. 0x4b, 0x44, 0xfe, 0x69, 0x4e, 0x72, 0x14, 0xe3,
  26356. 0x8b, 0xbc,
  26357. /* Qy */
  26358. 0x00, 0x0f, 0x09, 0xa2, 0x03, 0xc3, 0x5a, 0xdc,
  26359. 0x95, 0x82, 0xf6, 0xf9, 0xf6, 0x9c, 0xff, 0xb5,
  26360. 0x6b, 0x75, 0x95, 0x4b, 0xa4, 0x28, 0x5d, 0x9e,
  26361. 0x90, 0x04, 0xd1, 0xc0, 0x1e, 0xd5, 0xfd, 0x43,
  26362. 0x9e, 0x1e, 0x83, 0xc0, 0x11, 0x2b, 0x2b, 0x07,
  26363. 0x6d, 0xa9, 0x7a, 0x10, 0xd7, 0x67, 0xe7, 0x51,
  26364. 0x37, 0x24, 0xd8, 0xbf, 0x03, 0x0d, 0x8b, 0xb5,
  26365. 0x40, 0x5c, 0x4f, 0xd6, 0x13, 0x73, 0x42, 0xbc,
  26366. 0x91, 0xd9
  26367. };
  26368. /* perform verify of signature and hash using public key */
  26369. /* key is public Qx + public Qy */
  26370. /* sig is r + s */
  26371. static wc_test_ret_t crypto_ecc_verify(const byte *key, uint32_t keySz,
  26372. const byte *hash, uint32_t hashSz, const byte *sig, uint32_t sigSz,
  26373. uint32_t curveSz, int curveId)
  26374. {
  26375. wc_test_ret_t ret;
  26376. int verify_res = 0, count = 0;
  26377. mp_int r, s;
  26378. ecc_key ecc;
  26379. ecc_nb_ctx_t nb_ctx;
  26380. /* validate arguments */
  26381. if (key == NULL || hash == NULL || sig == NULL || curveSz == 0 ||
  26382. hashSz == 0 || keySz < (curveSz*2) || sigSz < (curveSz*2))
  26383. {
  26384. return WC_TEST_RET_ENC_NC;
  26385. }
  26386. /* Setup the ECC key */
  26387. ret = wc_ecc_init(&ecc);
  26388. if (ret < 0) {
  26389. return WC_TEST_RET_ENC_EC(ret);
  26390. }
  26391. ret = wc_ecc_set_nonblock(&ecc, &nb_ctx);
  26392. if (ret != MP_OKAY) {
  26393. wc_ecc_free(&ecc);
  26394. return WC_TEST_RET_ENC_EC(ret);
  26395. }
  26396. /* Setup the signature r/s variables */
  26397. ret = mp_init(&r);
  26398. if (ret != MP_OKAY) {
  26399. wc_ecc_free(&ecc);
  26400. return WC_TEST_RET_ENC_EC(ret);
  26401. }
  26402. ret = mp_init(&s);
  26403. if (ret != MP_OKAY) {
  26404. mp_clear(&r);
  26405. wc_ecc_free(&ecc);
  26406. return WC_TEST_RET_ENC_EC(ret);
  26407. }
  26408. /* Import public key x/y */
  26409. ret = wc_ecc_import_unsigned(
  26410. &ecc,
  26411. (byte*)key, /* Public "x" Coordinate */
  26412. (byte*)(key + curveSz), /* Public "y" Coordinate */
  26413. NULL, /* Private "d" (optional) */
  26414. curveId /* ECC Curve Id */
  26415. );
  26416. /* Make sure it was a public key imported */
  26417. if (ret == 0 && ecc.type != ECC_PUBLICKEY) {
  26418. ret = WC_TEST_RET_ENC_NC; /* ECC_BAD_ARG_E */
  26419. }
  26420. /* Import signature r/s */
  26421. if (ret == 0) {
  26422. ret = mp_read_unsigned_bin(&r, sig, curveSz);
  26423. if (ret < 0)
  26424. ret = WC_TEST_RET_ENC_EC(ret);
  26425. }
  26426. if (ret == 0) {
  26427. ret = mp_read_unsigned_bin(&s, sig + curveSz, curveSz);
  26428. if (ret < 0)
  26429. ret = WC_TEST_RET_ENC_EC(ret);
  26430. }
  26431. /* Verify ECC Signature */
  26432. if (ret == 0) {
  26433. do {
  26434. ret = wc_ecc_verify_hash_ex(
  26435. &r, &s, /* r/s as mp_int */
  26436. hash, hashSz, /* computed hash digest */
  26437. &verify_res, /* verification result 1=success */
  26438. &ecc
  26439. );
  26440. count++;
  26441. /* This is where real-time work could be called */
  26442. } while (ret == FP_WOULDBLOCK);
  26443. #if defined(DEBUG_WOLFSSL) || defined(WOLFSSL_DEBUG_NONBLOCK)
  26444. printf("ECC non-block verify: %d times\n", count);
  26445. #endif
  26446. if (ret < 0)
  26447. ret = WC_TEST_RET_ENC_EC(ret);
  26448. }
  26449. /* check verify result */
  26450. if (ret == 0 && verify_res == 0) {
  26451. ret = WC_TEST_RET_ENC_NC /* SIG_VERIFY_E */;
  26452. }
  26453. mp_clear(&r);
  26454. mp_clear(&s);
  26455. wc_ecc_free(&ecc);
  26456. (void)count;
  26457. return ret;
  26458. }
  26459. /* perform signature operation against hash using private key */
  26460. static wc_test_ret_t crypto_ecc_sign(const byte *key, uint32_t keySz,
  26461. const byte *hash, uint32_t hashSz, byte *sig, uint32_t* sigSz,
  26462. uint32_t curveSz, int curveId, WC_RNG* rng)
  26463. {
  26464. wc_test_ret_t ret;
  26465. int count = 0;
  26466. mp_int r, s;
  26467. ecc_key ecc;
  26468. ecc_nb_ctx_t nb_ctx;
  26469. /* validate arguments */
  26470. if (key == NULL || hash == NULL || sig == NULL || sigSz == NULL ||
  26471. curveSz == 0 || hashSz == 0 || keySz < curveSz || *sigSz < (curveSz*2))
  26472. {
  26473. return WC_TEST_RET_ENC_NC /* BAD_FUNC_ARG */;
  26474. }
  26475. /* Initialize signature result */
  26476. memset(sig, 0, curveSz*2);
  26477. /* Setup the ECC key */
  26478. ret = wc_ecc_init(&ecc);
  26479. if (ret < 0) {
  26480. return WC_TEST_RET_ENC_EC(ret);
  26481. }
  26482. ret = wc_ecc_set_nonblock(&ecc, &nb_ctx);
  26483. if (ret != MP_OKAY) {
  26484. wc_ecc_free(&ecc);
  26485. return WC_TEST_RET_ENC_EC(ret);
  26486. }
  26487. /* Setup the signature r/s variables */
  26488. ret = mp_init(&r);
  26489. if (ret != MP_OKAY) {
  26490. wc_ecc_free(&ecc);
  26491. return WC_TEST_RET_ENC_EC(ret);
  26492. }
  26493. ret = mp_init(&s);
  26494. if (ret != MP_OKAY) {
  26495. mp_clear(&r);
  26496. wc_ecc_free(&ecc);
  26497. return WC_TEST_RET_ENC_EC(ret);
  26498. }
  26499. /* Import private key "k" */
  26500. ret = wc_ecc_import_private_key_ex(
  26501. key, keySz, /* private key "d" */
  26502. NULL, 0, /* public (optional) */
  26503. &ecc,
  26504. curveId /* ECC Curve Id */
  26505. );
  26506. if (ret < 0)
  26507. ret = WC_TEST_RET_ENC_EC(ret);
  26508. if (ret == 0) {
  26509. do {
  26510. /* Verify ECC Signature */
  26511. ret = wc_ecc_sign_hash_ex(
  26512. hash, hashSz, /* computed hash digest */
  26513. rng, &ecc, /* random and key context */
  26514. &r, &s /* r/s as mp_int */
  26515. );
  26516. count++;
  26517. /* This is where real-time work could be called */
  26518. } while (ret == FP_WOULDBLOCK);
  26519. #if defined(DEBUG_WOLFSSL) || defined(WOLFSSL_DEBUG_NONBLOCK)
  26520. printf("ECC non-block sign: %d times\n", count);
  26521. #endif
  26522. if (ret < 0)
  26523. ret = WC_TEST_RET_ENC_EC(ret);
  26524. }
  26525. if (ret == 0) {
  26526. /* export r/s */
  26527. mp_to_unsigned_bin_len(&r, sig, curveSz);
  26528. mp_to_unsigned_bin_len(&s, sig + curveSz, curveSz);
  26529. }
  26530. mp_clear(&r);
  26531. mp_clear(&s);
  26532. wc_ecc_free(&ecc);
  26533. (void)count;
  26534. return ret;
  26535. }
  26536. #endif /* HAVE_ECC_SIGN && HAVE_ECC_VERIFY */
  26537. /*
  26538. * This test doesn't work with WOLFSSL_VALIDATE_ECC_KEYGEN defined because we
  26539. * don't have non-blocking versions of the key checking functions, yet.
  26540. */
  26541. #if defined(HAVE_ECC_DHE) && !defined(WOLFSSL_VALIDATE_ECC_KEYGEN)
  26542. static wc_test_ret_t ecc_test_nonblock_dhe(int curveId, word32 curveSz,
  26543. const byte* privKey, const byte* pubKey, WC_RNG* rng)
  26544. {
  26545. wc_test_ret_t ret;
  26546. ecc_key keyA;
  26547. ecc_key keyB;
  26548. ecc_nb_ctx_t nbCtxA;
  26549. ecc_nb_ctx_t nbCtxB;
  26550. byte secretA[ECC_SHARED_SIZE];
  26551. byte secretB[ECC_SHARED_SIZE];
  26552. word32 secretSzA = ECC_SHARED_SIZE;
  26553. word32 secretSzB = ECC_SHARED_SIZE;
  26554. int count = 0;
  26555. ret = wc_ecc_init(&keyA);
  26556. if (ret == 0) {
  26557. ret = wc_ecc_init(&keyB);
  26558. if (ret < 0)
  26559. ret = WC_TEST_RET_ENC_EC(ret);
  26560. }
  26561. if (ret == 0) {
  26562. ret = wc_ecc_set_nonblock(&keyA, &nbCtxA);
  26563. if (ret < 0)
  26564. ret = WC_TEST_RET_ENC_EC(ret);
  26565. }
  26566. if (ret == 0) {
  26567. ret = wc_ecc_set_nonblock(&keyB, &nbCtxB);
  26568. if (ret < 0)
  26569. ret = WC_TEST_RET_ENC_EC(ret);
  26570. }
  26571. if (ret == 0) {
  26572. do {
  26573. ret = wc_ecc_make_key_ex(rng, curveSz, &keyA, curveId);
  26574. count++;
  26575. } while (ret == FP_WOULDBLOCK);
  26576. if (ret < 0)
  26577. ret = WC_TEST_RET_ENC_EC(ret);
  26578. }
  26579. #if defined(DEBUG_WOLFSSL) || defined(WOLFSSL_DEBUG_NONBLOCK)
  26580. fprintf(stderr, "ECC non-block key gen: %d times\n", count);
  26581. #endif
  26582. if (ret == 0) {
  26583. ret = wc_ecc_check_key(&keyA);
  26584. if (ret < 0)
  26585. ret = WC_TEST_RET_ENC_EC(ret);
  26586. }
  26587. if (ret == 0) {
  26588. ret = wc_ecc_import_unsigned(&keyB, pubKey, pubKey + curveSz,
  26589. privKey, curveId);
  26590. if (ret < 0)
  26591. ret = WC_TEST_RET_ENC_EC(ret);
  26592. }
  26593. count = 0;
  26594. if (ret == 0) {
  26595. do {
  26596. ret = wc_ecc_shared_secret(&keyA, &keyB, secretA, &secretSzA);
  26597. count++;
  26598. } while (ret == FP_WOULDBLOCK);
  26599. if (ret < 0)
  26600. ret = WC_TEST_RET_ENC_EC(ret);
  26601. }
  26602. #if defined(DEBUG_WOLFSSL) || defined(WOLFSSL_DEBUG_NONBLOCK)
  26603. fprintf(stderr, "ECC non-block shared secret: %d times\n", count);
  26604. #endif
  26605. if (ret == 0) {
  26606. do {
  26607. ret = wc_ecc_shared_secret(&keyB, &keyA, secretB, &secretSzB);
  26608. } while (ret == FP_WOULDBLOCK);
  26609. if (ret < 0)
  26610. ret = WC_TEST_RET_ENC_EC(ret);
  26611. }
  26612. if (ret == 0) {
  26613. if (secretSzA != secretSzB ||
  26614. XMEMCMP(secretA, secretB, secretSzA) != 0) {
  26615. ret = WC_TEST_RET_ENC_NC;
  26616. }
  26617. }
  26618. wc_ecc_free(&keyA);
  26619. wc_ecc_free(&keyB);
  26620. return ret;
  26621. }
  26622. #endif /* HAVE_ECC_DHE && !WOLFSSL_VALIDATE_ECC_KEYGEN */
  26623. #if defined(HAVE_ECC_SIGN) && defined(HAVE_ECC_VERIFY)
  26624. static wc_test_ret_t ecc_test_nonblock_ecdsa(int curveId, word32 curveSz,
  26625. const byte* privKey, word32 privKeySz, const byte* pubKey, word32 pubKeySz,
  26626. WC_RNG* rng)
  26627. {
  26628. wc_test_ret_t ret = 0;
  26629. byte* sig = NULL;
  26630. word32 sigSz = curveSz * 2;
  26631. static const byte hash[] = {
  26632. 0x8d, 0x28, 0xa3, 0x8b, 0x0b, 0xa9, 0xfe, 0xd4, 0x0e, 0x54, 0xc4, 0x17,
  26633. 0x3d, 0x54, 0x66, 0x34, 0xbf, 0x5d, 0x6f, 0x46, 0xc2, 0x20, 0xcb, 0xc3,
  26634. 0x22, 0xe9, 0xb0, 0xdf, 0xe7, 0x64, 0x3f, 0xd9
  26635. };
  26636. sig = (byte*)XMALLOC(sigSz, HEAP_HINT, DYNAMIC_TYPE_SIGNATURE);
  26637. if (sig == NULL) {
  26638. ret = WC_TEST_RET_ENC_ERRNO;
  26639. }
  26640. if (ret == 0) {
  26641. /* Sign hash using private key */
  26642. /* Note: result of an ECC sign varies for each call even with same
  26643. private key and hash. This is because a new random public key is
  26644. used for each operation. */
  26645. ret = crypto_ecc_sign(privKey, privKeySz, hash, sizeof(hash), sig,
  26646. &sigSz, curveSz, curveId, rng);
  26647. }
  26648. if (ret == 0) {
  26649. /* Verify generated signature is valid */
  26650. ret = crypto_ecc_verify(pubKey, pubKeySz, hash, sizeof(hash), sig,
  26651. sigSz, curveSz, curveId);
  26652. }
  26653. if (sig != NULL) {
  26654. XFREE(sig, HEAP_HINT, DYNAMIC_TYPE_SIGNATURE);
  26655. }
  26656. return ret;
  26657. }
  26658. #endif /* HAVE_ECC_SIGN && HAVE_ECC_VERIFY */
  26659. static wc_test_ret_t ecc_test_nonblock(WC_RNG* rng)
  26660. {
  26661. wc_test_ret_t ret = 0;
  26662. word32 i;
  26663. int curveIds[3] = {0, 0, 0};
  26664. word32 curveSzs[3] = {0, 0, 0};
  26665. const byte* privKeys[3] = {NULL, NULL, NULL};
  26666. word32 privKeySzs[3] = {0, 0, 0};
  26667. const byte* pubKeys[3] = {NULL, NULL, NULL};
  26668. word32 pubKeySzs[3] = {0, 0, 0};
  26669. curveIds[0] = ECC_SECP256R1;
  26670. curveSzs[0] = 32;
  26671. privKeys[0] = p256PrivKey;
  26672. privKeySzs[0] = sizeof(p256PrivKey);
  26673. pubKeys[0] = p256PubKey;
  26674. pubKeySzs[0] = sizeof(p256PubKey);
  26675. #ifdef HAVE_ECC384
  26676. curveIds[1] = ECC_SECP384R1;
  26677. curveSzs[1] = 48;
  26678. privKeys[1] = p384PrivKey;
  26679. privKeySzs[1] = sizeof(p384PrivKey);
  26680. pubKeys[1] = p384PubKey;
  26681. pubKeySzs[1] = sizeof(p384PubKey);
  26682. #endif
  26683. #ifdef HAVE_ECC521
  26684. curveIds[2] = ECC_SECP521R1;
  26685. curveSzs[2] = 66;
  26686. privKeys[2] = p521PrivKey;
  26687. privKeySzs[2] = sizeof(p521PrivKey);
  26688. pubKeys[2] = p521PubKey;
  26689. pubKeySzs[2] = sizeof(p521PubKey);
  26690. #endif
  26691. for (i = 0; ret == 0 && i < sizeof(curveIds) / sizeof(curveIds[0]); ++i) {
  26692. if (curveIds[i] == 0) {
  26693. continue;
  26694. }
  26695. #if defined(HAVE_ECC_SIGN) && defined(HAVE_ECC_VERIFY)
  26696. ret = ecc_test_nonblock_ecdsa(curveIds[i], curveSzs[i], privKeys[i],
  26697. privKeySzs[i], pubKeys[i], pubKeySzs[i], rng);
  26698. #endif /* HAVE_ECC_SIGN && HAVE_ECC_VERIFY */
  26699. #if defined(HAVE_ECC_DHE) && !defined(WOLFSSL_VALIDATE_ECC_KEYGEN)
  26700. if (ret == 0) {
  26701. ret = ecc_test_nonblock_dhe(curveIds[i], curveSzs[i], privKeys[i],
  26702. pubKeys[i], rng);
  26703. }
  26704. #endif /* HAVE_ECC_DHE && !WOLFSSL_VALIDATE_ECC_KEYGEN */
  26705. }
  26706. return ret;
  26707. }
  26708. #endif /* WC_ECC_NONBLOCK && WOLFSSL_HAVE_SP_ECC && WOLFSSL_PUBLIC_MP */
  26709. #if !defined(NO_ASN) && !defined(HAVE_SELFTEST) && \
  26710. (!defined(HAVE_FIPS) || (defined(HAVE_FIPS_VERSION) && \
  26711. (HAVE_FIPS_VERSION > 2)))
  26712. static int ecc_test_raw_enc_dec(void)
  26713. {
  26714. int ret;
  26715. unsigned char r[1];
  26716. word32 rSz;
  26717. unsigned char s[1];
  26718. word32 sSz;
  26719. unsigned char rZero[] = { 0, 0, 0, 0 };
  26720. unsigned char sOne[] = { 0, 0, 1 };
  26721. unsigned char sigRaw[32];
  26722. word32 sigRawSz;
  26723. unsigned char expSig[] = { 0x30, 0x06, 0x02, 0x01, 0x00, 0x02, 0x01, 0x01 };
  26724. sigRawSz = sizeof(sigRaw);
  26725. ret = wc_ecc_rs_raw_to_sig(rZero, sizeof(rZero), sOne, sizeof(sOne),
  26726. sigRaw, &sigRawSz);
  26727. if (ret != 0) {
  26728. return WC_TEST_RET_ENC_EC(ret);
  26729. }
  26730. if (sigRawSz != sizeof(expSig)) {
  26731. return WC_TEST_RET_ENC_EC((int)sigRawSz);
  26732. }
  26733. if (XMEMCMP(sigRaw, expSig, sizeof(expSig)) != 0) {
  26734. return WC_TEST_RET_ENC_NC;
  26735. }
  26736. rSz = sizeof(r);
  26737. sSz = sizeof(s);
  26738. ret = wc_ecc_sig_to_rs(sigRaw, sigRawSz, r, &rSz, s, &sSz);
  26739. if (ret != 0) {
  26740. return WC_TEST_RET_ENC_EC(ret);
  26741. }
  26742. if (rSz != 1) {
  26743. return WC_TEST_RET_ENC_EC((int)rSz);
  26744. }
  26745. if (sSz != 1) {
  26746. return WC_TEST_RET_ENC_EC((int)sSz);
  26747. }
  26748. if (r[0] != 0) {
  26749. return WC_TEST_RET_ENC_EC(r[0]);
  26750. }
  26751. if (s[0] != 1) {
  26752. return WC_TEST_RET_ENC_EC(s[0]);
  26753. }
  26754. return ret;
  26755. }
  26756. #endif
  26757. WOLFSSL_TEST_SUBROUTINE wc_test_ret_t ecc_test(void)
  26758. {
  26759. wc_test_ret_t ret;
  26760. WC_RNG rng;
  26761. #if defined(WOLFSSL_CERT_EXT) && \
  26762. (!defined(NO_ECC256) || defined(HAVE_ALL_CURVES)) && ECC_MIN_KEY_SZ <= 256
  26763. ret = ecc_decode_test();
  26764. if (ret < 0)
  26765. return ret;
  26766. #endif
  26767. #ifndef HAVE_FIPS
  26768. ret = wc_InitRng_ex(&rng, HEAP_HINT, devId);
  26769. #else
  26770. ret = wc_InitRng(&rng);
  26771. #endif
  26772. #ifndef WC_NO_RNG
  26773. if (ret != 0)
  26774. return WC_TEST_RET_ENC_EC(ret);
  26775. #else
  26776. (void)ret;
  26777. #endif
  26778. #if (defined(HAVE_ECC112) || defined(HAVE_ALL_CURVES)) && ECC_MIN_KEY_SZ <= 112
  26779. ret = ecc_test_curve(&rng, 14, ECC_CURVE_DEF);
  26780. if (ret < 0) {
  26781. printf("keySize=14, Default\n");
  26782. goto done;
  26783. }
  26784. #endif /* HAVE_ECC112 */
  26785. #if (defined(HAVE_ECC128) || defined(HAVE_ALL_CURVES)) && ECC_MIN_KEY_SZ <= 128
  26786. ret = ecc_test_curve(&rng, 16, ECC_CURVE_DEF);
  26787. if (ret < 0) {
  26788. printf("keySize=16, Default\n");
  26789. goto done;
  26790. }
  26791. #endif /* HAVE_ECC128 */
  26792. #if (defined(HAVE_ECC160) || defined(HAVE_ALL_CURVES)) && ECC_MIN_KEY_SZ <= 160
  26793. ret = ecc_test_curve(&rng, 20, ECC_CURVE_DEF);
  26794. if (ret < 0) {
  26795. printf("keySize=20, Default\n");
  26796. goto done;
  26797. }
  26798. #endif /* HAVE_ECC160 */
  26799. #if (defined(HAVE_ECC192) || defined(HAVE_ALL_CURVES)) && ECC_MIN_KEY_SZ <= 192
  26800. ret = ecc_test_curve(&rng, 24, ECC_CURVE_DEF);
  26801. if (ret < 0) {
  26802. printf("keySize=24, Default\n");
  26803. goto done;
  26804. }
  26805. #endif /* HAVE_ECC192 */
  26806. #if (defined(HAVE_ECC224) || defined(HAVE_ALL_CURVES)) && ECC_MIN_KEY_SZ <= 224
  26807. ret = ecc_test_curve(&rng, 28, ECC_CURVE_DEF);
  26808. if (ret < 0) {
  26809. printf("keySize=28, Default\n");
  26810. goto done;
  26811. }
  26812. #endif /* HAVE_ECC224 */
  26813. #if (defined(HAVE_ECC239) || defined(HAVE_ALL_CURVES)) && ECC_MIN_KEY_SZ <= 239
  26814. ret = ecc_test_curve(&rng, 30, ECC_CURVE_DEF);
  26815. if (ret < 0) {
  26816. printf("keySize=30, Default\n");
  26817. goto done;
  26818. }
  26819. #endif /* HAVE_ECC239 */
  26820. #if (!defined(NO_ECC256) || defined(HAVE_ALL_CURVES)) && ECC_MIN_KEY_SZ <= 256
  26821. ret = ecc_test_curve(&rng, 32, ECC_CURVE_DEF);
  26822. if (ret < 0) {
  26823. printf("keySize=32, Default\n");
  26824. goto done;
  26825. }
  26826. #if !defined(WOLFSSL_ATECC508A) && !defined(WOLFSSL_ATECC608A) && \
  26827. defined(HAVE_ECC_KEY_IMPORT) && defined(HAVE_ECC_KEY_EXPORT) && \
  26828. !defined(WOLFSSL_NO_MALLOC) && !defined(WOLF_CRYPTO_CB_ONLY_ECC)
  26829. ret = ecc_point_test();
  26830. if (ret < 0) {
  26831. goto done;
  26832. }
  26833. #endif
  26834. #if !defined(NO_ECC_SECP) || defined(WOLFSSL_CUSTOM_CURVES)
  26835. ret = ecc_def_curve_test(&rng);
  26836. if (ret < 0) {
  26837. printf("Default\n");
  26838. goto done;
  26839. }
  26840. #endif
  26841. #endif /* !NO_ECC256 */
  26842. #if (defined(HAVE_ECC320) || defined(HAVE_ALL_CURVES)) && ECC_MIN_KEY_SZ <= 320
  26843. ret = ecc_test_curve(&rng, 40, ECC_CURVE_DEF);
  26844. if (ret < 0) {
  26845. printf("keySize=40, Default\n");
  26846. goto done;
  26847. }
  26848. #endif /* HAVE_ECC320 */
  26849. #if (defined(HAVE_ECC384) || defined(HAVE_ALL_CURVES)) && ECC_MIN_KEY_SZ <= 384
  26850. ret = ecc_test_curve(&rng, 48, ECC_CURVE_DEF);
  26851. if (ret < 0) {
  26852. printf("keySize=48, Default\n");
  26853. goto done;
  26854. }
  26855. #endif /* HAVE_ECC384 */
  26856. #if (defined(HAVE_ECC512) || defined(HAVE_ALL_CURVES)) && ECC_MIN_KEY_SZ <= 512
  26857. ret = ecc_test_curve(&rng, 64, ECC_CURVE_DEF);
  26858. if (ret < 0) {
  26859. printf("keySize=64, Default\n");
  26860. goto done;
  26861. }
  26862. #endif /* HAVE_ECC512 */
  26863. #if (defined(HAVE_ECC521) || defined(HAVE_ALL_CURVES)) && ECC_MIN_KEY_SZ <= 521
  26864. ret = ecc_test_curve(&rng, 66, ECC_CURVE_DEF);
  26865. if (ret < 0) {
  26866. printf("keySize=66, Default\n");
  26867. goto done;
  26868. }
  26869. #endif /* HAVE_ECC521 */
  26870. #ifdef WOLFSSL_SM2
  26871. ret = ecc_test_curve(&rng, 32, ECC_SM2P256V1);
  26872. if (ret < 0) {
  26873. printf("SM2\n");
  26874. goto done;
  26875. }
  26876. #endif
  26877. #if !defined(NO_ASN) && !defined(HAVE_SELFTEST) && \
  26878. (!defined(HAVE_FIPS) || (defined(HAVE_FIPS_VERSION) && \
  26879. (HAVE_FIPS_VERSION > 2)))
  26880. ret = ecc_test_raw_enc_dec();
  26881. if (ret != 0) {
  26882. printf("raw sig encode/decode\n");
  26883. goto done;
  26884. }
  26885. #endif
  26886. #if defined(WOLFSSL_CUSTOM_CURVES)
  26887. ret = ecc_test_custom_curves(&rng);
  26888. if (ret != 0) {
  26889. printf("Custom\n");
  26890. goto done;
  26891. }
  26892. #endif
  26893. #if defined(WOLFSSL_SM2)
  26894. ret = test_sm2_verify();
  26895. if (ret != 0) {
  26896. printf("SM2 Verify\n");
  26897. goto done;
  26898. }
  26899. ret = ecc_sm2_test_curve(&rng, ECC_TEST_VERIFY_COUNT);
  26900. if (ret != 0) {
  26901. printf("SM2 test\n");
  26902. goto done;
  26903. }
  26904. #endif
  26905. #if defined(HAVE_ECC_SIGN) && (defined(WOLFSSL_ECDSA_DETERMINISTIC_K) || \
  26906. defined(WOLFSSL_ECDSA_DETERMINISTIC_K_VARIANT)) \
  26907. && (!defined(FIPS_VERSION_GE) || FIPS_VERSION_GE(5,3))
  26908. #ifdef HAVE_ECC256
  26909. ret = ecc_test_deterministic_k(&rng);
  26910. if (ret != 0) {
  26911. printf("ecc_test_deterministic_k failed!\n");
  26912. goto done;
  26913. }
  26914. #endif
  26915. #ifdef WOLFSSL_PUBLIC_MP
  26916. #if defined(HAVE_ECC384)
  26917. ret = ecc384_test_deterministic_k(&rng);
  26918. if (ret != 0) {
  26919. printf("ecc384_test_deterministic_k failed!\n");
  26920. goto done;
  26921. }
  26922. #endif
  26923. #if defined(HAVE_ECC521)
  26924. ret = ecc521_test_deterministic_k(&rng);
  26925. if (ret != 0) {
  26926. printf("ecc512_test_deterministic_k failed!\n");
  26927. goto done;
  26928. }
  26929. #endif
  26930. #endif
  26931. #endif
  26932. #if defined(HAVE_ECC_SIGN) && defined(WOLFSSL_ECDSA_SET_K) && \
  26933. !defined(WOLFSSL_KCAPI_ECC)
  26934. ret = ecc_test_sign_vectors(&rng);
  26935. if (ret != 0) {
  26936. printf("ecc_test_sign_vectors failed!\n");
  26937. goto done;
  26938. }
  26939. #endif
  26940. #if defined(HAVE_ECC_VECTOR_TEST) && defined(HAVE_ECC_CDH) && \
  26941. defined(HAVE_ECC_DHE)
  26942. ret = ecc_test_cdh_vectors(&rng);
  26943. if (ret != 0) {
  26944. printf("ecc_test_cdh_vectors failed!\n");
  26945. goto done;
  26946. }
  26947. #endif
  26948. #if !defined(WOLFSSL_ATECC508A) && !defined(WOLFSSL_ATECC608A) && \
  26949. !defined(WOLFSSL_STM32_PKA) && !defined(WOLFSSL_SILABS_SE_ACCEL) && \
  26950. !defined(WOLF_CRYPTO_CB_ONLY_ECC) && !defined(NO_ECC_SECP)
  26951. ret = ecc_test_make_pub(&rng);
  26952. if (ret != 0) {
  26953. printf("ecc_test_make_pub failed!\n");
  26954. goto done;
  26955. }
  26956. #elif defined(HAVE_ECC_KEY_IMPORT)
  26957. (void)ecc_test_make_pub; /* for compiler warning */
  26958. #endif
  26959. #if defined(WOLFSSL_CERT_GEN) && !defined(NO_ECC_SECP) && !defined(NO_ASN_TIME)
  26960. ret = ecc_test_cert_gen(&rng);
  26961. if (ret != 0) {
  26962. printf("ecc_test_cert_gen failed!\n");
  26963. goto done;
  26964. }
  26965. #endif
  26966. #if !defined(HAVE_FIPS) && !defined(HAVE_SELFTEST) && !defined(WOLFSSL_NO_MALLOC) && \
  26967. !defined(WOLF_CRYPTO_CB_ONLY_ECC) && (!defined(NO_ECC_SECP) || \
  26968. defined(WOLFSSL_CUSTOM_CURVES))
  26969. ret = ecc_test_allocator(&rng);
  26970. if (ret != 0) {
  26971. printf("ecc_test_allocator failed!\n");
  26972. goto done;
  26973. }
  26974. #endif
  26975. #if defined(WC_ECC_NONBLOCK) && defined(WOLFSSL_PUBLIC_MP) && \
  26976. defined(HAVE_ECC_SIGN) && defined(HAVE_ECC_VERIFY)
  26977. ret = ecc_test_nonblock(&rng);
  26978. if (ret != 0) {
  26979. printf("ecc_test_nonblock failed!\n");
  26980. goto done;
  26981. }
  26982. #endif
  26983. done:
  26984. wc_FreeRng(&rng);
  26985. return ret;
  26986. }
  26987. #if defined(HAVE_ECC_ENCRYPT) && defined(HAVE_AES_CBC) && \
  26988. (defined(WOLFSSL_AES_128) || defined(WOLFSSL_AES_256))
  26989. #if ((! defined(HAVE_FIPS)) || FIPS_VERSION_GE(5,3))
  26990. static wc_test_ret_t ecc_ctx_kdf_salt_test(WC_RNG* rng, ecc_key* a, ecc_key* b)
  26991. {
  26992. #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
  26993. byte* plaintext;
  26994. byte* encrypted;
  26995. byte* decrypted;
  26996. #else
  26997. byte plaintext[128];
  26998. byte encrypted[128];
  26999. byte decrypted[128];
  27000. #endif
  27001. ecEncCtx* aCtx = NULL;
  27002. ecEncCtx* bCtx = NULL;
  27003. static const byte salt[16] = {0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13,
  27004. 14, 15};
  27005. wc_test_ret_t ret = 0;
  27006. static const char message[] = "Hello wolfSSL!";
  27007. word32 plaintextLen;
  27008. word32 encryptLen = 128;
  27009. word32 decryptLen = 128;
  27010. #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
  27011. plaintext = XMALLOC(128, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  27012. encrypted = XMALLOC(128, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  27013. decrypted = XMALLOC(128, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  27014. #endif
  27015. wc_ecc_free(a);
  27016. wc_ecc_free(b);
  27017. ret = wc_ecc_init(a);
  27018. if (ret != 0)
  27019. ret = WC_TEST_RET_ENC_EC(ret);
  27020. if (ret == 0) {
  27021. ret = wc_ecc_init(b);
  27022. if (ret != 0)
  27023. ret = WC_TEST_RET_ENC_EC(ret);
  27024. }
  27025. if (ret == 0)
  27026. ret = wc_ecc_make_key(rng, 32, a);
  27027. if (ret == 0)
  27028. ret = wc_ecc_make_key(rng, 32, b);
  27029. /* create context */
  27030. if (ret == 0) {
  27031. aCtx = wc_ecc_ctx_new(REQ_RESP_CLIENT, rng);
  27032. if (aCtx == NULL)
  27033. ret = WC_TEST_RET_ENC_NC;
  27034. }
  27035. if (ret == 0) {
  27036. bCtx = wc_ecc_ctx_new(REQ_RESP_SERVER, rng);
  27037. if (bCtx == NULL)
  27038. ret = WC_TEST_RET_ENC_NC;
  27039. }
  27040. /* set salt */
  27041. if (ret == 0) {
  27042. ret = wc_ecc_ctx_set_kdf_salt(aCtx, salt, sizeof(salt));
  27043. if (ret != 0)
  27044. ret = 10472;
  27045. }
  27046. if (ret == 0) {
  27047. ret = wc_ecc_ctx_set_kdf_salt(bCtx, salt, sizeof(salt));
  27048. if (ret != 0)
  27049. ret = 10473;
  27050. }
  27051. XMEMSET(plaintext, 0, 128);
  27052. XSTRLCPY((char *)plaintext, message, sizeof plaintext);
  27053. plaintextLen = (((word32)XSTRLEN(message) + AES_BLOCK_SIZE - 1) /
  27054. AES_BLOCK_SIZE) * AES_BLOCK_SIZE;
  27055. /* encrypt */
  27056. if (ret == 0) {
  27057. ret = wc_ecc_encrypt(a, b, plaintext, plaintextLen, encrypted,
  27058. &encryptLen, aCtx);
  27059. if (ret != 0)
  27060. ret = WC_TEST_RET_ENC_EC(ret);
  27061. }
  27062. /* decrypt */
  27063. if (ret == 0) {
  27064. ret = wc_ecc_decrypt(b, a, encrypted, encryptLen, decrypted,
  27065. &decryptLen, bCtx);
  27066. if (ret != 0)
  27067. ret = WC_TEST_RET_ENC_EC(ret);
  27068. }
  27069. /* compare */
  27070. if (ret == 0 && XMEMCMP(decrypted, plaintext, plaintextLen) != 0)
  27071. ret = WC_TEST_RET_ENC_NC;
  27072. wc_ecc_free(a);
  27073. wc_ecc_free(b);
  27074. wc_ecc_ctx_free(aCtx);
  27075. wc_ecc_ctx_free(bCtx);
  27076. #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
  27077. XFREE(plaintext, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  27078. XFREE(encrypted, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  27079. XFREE(decrypted, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  27080. #endif
  27081. return ret;
  27082. }
  27083. #endif /* !HAVE_FIPS || FIPS_VERSION_GE(5,3) */
  27084. /* ecc_encrypt_e2e_test() uses wc_ecc_ctx_set_algo(), which was added in
  27085. * wolfFIPS 5.3.
  27086. * ecc_encrypt_kat() is used only by ecc_encrypt_e2e_test().
  27087. */
  27088. #if !defined(HAVE_FIPS) || (defined(FIPS_VERSION_GE) && FIPS_VERSION_GE(5,3))
  27089. #if (!defined(NO_ECC256) || defined(HAVE_ALL_CURVES)) && \
  27090. ECC_MIN_KEY_SZ <= 256 && defined(WOLFSSL_AES_128)
  27091. static wc_test_ret_t ecc_encrypt_kat(WC_RNG *rng)
  27092. {
  27093. wc_test_ret_t ret = 0;
  27094. #ifdef WOLFSSL_ECIES_OLD
  27095. #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
  27096. ecc_key* userA = NULL;
  27097. #else
  27098. ecc_key userA[1];
  27099. #endif
  27100. int userAInit = 0;
  27101. #endif
  27102. #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
  27103. ecc_key* userB = NULL;
  27104. #else
  27105. ecc_key userB[1];
  27106. #endif
  27107. int userBInit = 0;
  27108. ecc_key* tmpKey;
  27109. byte plain[48];
  27110. word32 plainSz = sizeof(plain);
  27111. WOLFSSL_SMALL_STACK_STATIC const byte privKey[] = {
  27112. 0x04, 0x80, 0xef, 0x1d, 0xbe, 0x02, 0x0c, 0x20,
  27113. 0x5b, 0xab, 0x80, 0x35, 0x5b, 0x2a, 0x0f, 0x6d,
  27114. 0xd3, 0xb0, 0x7f, 0x7e, 0x7f, 0x86, 0x8a, 0x49,
  27115. 0xee, 0xb4, 0xaa, 0x09, 0x2d, 0x1e, 0x1d, 0x02
  27116. };
  27117. #if defined(WOLFSSL_ECIES_OLD) || defined(WOLFSSL_QNX_CAAM)
  27118. WOLFSSL_SMALL_STACK_STATIC const byte pubKey[] = {
  27119. 0x04,
  27120. /* X */
  27121. 0x50, 0xf2, 0x93, 0xa2, 0x48, 0xa9, 0xc0, 0x5a,
  27122. 0x9a, 0xa7, 0x70, 0x34, 0xb7, 0x7f, 0x4c, 0x3a,
  27123. 0xad, 0xfc, 0xd8, 0xb6, 0x76, 0x0a, 0xe3, 0xc1,
  27124. 0x87, 0x17, 0x07, 0x2d, 0x8d, 0xa3, 0x63, 0xa0,
  27125. /* X */
  27126. 0xc1, 0x27, 0xb2, 0x97, 0x9b, 0x84, 0xe7, 0xcd,
  27127. 0x20, 0x65, 0x8d, 0x2b, 0x6a, 0x93, 0x75, 0xaa,
  27128. 0x8b, 0xe1, 0x3a, 0x7b, 0x24, 0x1a, 0xbe, 0xe8,
  27129. 0x36, 0xd2, 0xe6, 0x34, 0x8a, 0x7a, 0xb3, 0x28
  27130. };
  27131. #endif
  27132. WOLFSSL_SMALL_STACK_STATIC const byte enc_msg[] = {
  27133. #ifdef WOLFSSL_ECIES_OLD
  27134. 0x42, 0x70, 0xbf, 0xf9, 0xf4, 0x7e, 0x4b, 0x9b,
  27135. 0xb5, 0x4c, 0xcc, 0xc5, 0x94, 0xa7, 0xef, 0xaa,
  27136. 0xc3, 0x7c, 0x85, 0xa6, 0x51, 0x6e, 0xd3, 0xfa,
  27137. 0x56, 0xc9, 0x10, 0x4d, 0x14, 0x32, 0x61, 0xb8,
  27138. 0xbb, 0x66, 0x7a, 0xb5, 0xbc, 0x95, 0xf8, 0xca,
  27139. 0xd1, 0x2a, 0x19, 0x51, 0x44, 0xd8, 0x0e, 0x57,
  27140. 0x34, 0xed, 0x45, 0x89, 0x2e, 0x57, 0xbe, 0xd5,
  27141. 0x06, 0x22, 0xd7, 0x13, 0x0a, 0x0e, 0x40, 0x36,
  27142. 0x0d, 0x05, 0x0d, 0xb6, 0xae, 0x61, 0x37, 0x18,
  27143. 0x83, 0x90, 0x0a, 0x27, 0x95, 0x41, 0x8c, 0x45
  27144. #elif defined(WOLFSSL_ECIES_ISO18033)
  27145. 0x04, 0x50, 0xf2, 0x93, 0xa2, 0x48, 0xa9, 0xc0,
  27146. 0x5a, 0x9a, 0xa7, 0x70, 0x34, 0xb7, 0x7f, 0x4c,
  27147. 0x3a, 0xad, 0xfc, 0xd8, 0xb6, 0x76, 0x0a, 0xe3,
  27148. 0xc1, 0x87, 0x17, 0x07, 0x2d, 0x8d, 0xa3, 0x63,
  27149. 0xa0, 0xc1, 0x27, 0xb2, 0x97, 0x9b, 0x84, 0xe7,
  27150. 0xcd, 0x20, 0x65, 0x8d, 0x2b, 0x6a, 0x93, 0x75,
  27151. 0xaa, 0x8b, 0xe1, 0x3a, 0x7b, 0x24, 0x1a, 0xbe,
  27152. 0xe8, 0x36, 0xd2, 0xe6, 0x34, 0x8a, 0x7a, 0xb3,
  27153. 0x28, 0xbb, 0x9f, 0xa8, 0x2d, 0xe1, 0xf1, 0x67,
  27154. 0x45, 0x02, 0x19, 0xdc, 0xc8, 0x24, 0x8b, 0x20,
  27155. 0x02, 0xa0, 0x8f, 0x95, 0x12, 0x55, 0x51, 0xf8,
  27156. 0x03, 0xc4, 0x54, 0x13, 0x98, 0x2d, 0xf0, 0x31,
  27157. 0x51, 0x80, 0x45, 0x24, 0xcb, 0x8b, 0x48, 0xa6,
  27158. 0x8b, 0x8e, 0x97, 0x9c, 0x56, 0x4d, 0x70, 0x00,
  27159. 0x53, 0xd3, 0x47, 0x00, 0x5a, 0x23, 0x8c, 0xf9,
  27160. 0xfd, 0xd2, 0x33, 0x2c, 0x43, 0x6e, 0x9e, 0xb2,
  27161. 0xf4, 0x95, 0xd4, 0xcf, 0x30, 0xd6, 0xa2, 0xc5,
  27162. 0x35, 0x96, 0x6a, 0xd4, 0x36, 0x15, 0xa9, 0xbd,
  27163. 0x7f
  27164. #elif defined(WOLFSSL_ECIES_GEN_IV)
  27165. /* EC P-256 point */
  27166. 0x04,
  27167. /* X */
  27168. 0x50, 0xf2, 0x93, 0xa2, 0x48, 0xa9, 0xc0, 0x5a,
  27169. 0x9a, 0xa7, 0x70, 0x34, 0xb7, 0x7f, 0x4c, 0x3a,
  27170. 0xad, 0xfc, 0xd8, 0xb6, 0x76, 0x0a, 0xe3, 0xc1,
  27171. 0x87, 0x17, 0x07, 0x2d, 0x8d, 0xa3, 0x63, 0xa0,
  27172. /* Y */
  27173. 0xc1, 0x27, 0xb2, 0x97, 0x9b, 0x84, 0xe7, 0xcd,
  27174. 0x20, 0x65, 0x8d, 0x2b, 0x6a, 0x93, 0x75, 0xaa,
  27175. 0x8b, 0xe1, 0x3a, 0x7b, 0x24, 0x1a, 0xbe, 0xe8,
  27176. 0x36, 0xd2, 0xe6, 0x34, 0x8a, 0x7a, 0xb3, 0x28,
  27177. /* IV */
  27178. 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
  27179. 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
  27180. /* Encrypted Msg */
  27181. 0xe5, 0x17, 0xaf, 0x0d, 0x65, 0x4d, 0x3d, 0x50,
  27182. 0x96, 0x05, 0xc9, 0x63, 0x2c, 0xef, 0x1c, 0x1f,
  27183. 0x78, 0xc9, 0x90, 0x7a, 0x14, 0x00, 0xfc, 0x44,
  27184. 0x71, 0x6d, 0x57, 0x8c, 0xdf, 0x23, 0xca, 0x65,
  27185. 0xcf, 0x93, 0x06, 0xb6, 0x9a, 0xf4, 0x61, 0xbd,
  27186. 0x44, 0x1a, 0xeb, 0x52, 0x68, 0x0f, 0xd1, 0xde,
  27187. /* HMAC */
  27188. 0x5a, 0x22, 0xc1, 0x5d, 0x99, 0x66, 0x3f, 0x24,
  27189. 0x35, 0x96, 0xac, 0xf7, 0xf6, 0x28, 0x45, 0x16,
  27190. 0x52, 0x19, 0x0d, 0xe4, 0xb2, 0xca, 0x5b, 0x28,
  27191. 0x4e, 0xbb, 0xf3, 0x98, 0x57, 0xd7, 0x3b, 0xe2
  27192. #else
  27193. 0x04, 0x50, 0xf2, 0x93, 0xa2, 0x48, 0xa9, 0xc0,
  27194. 0x5a, 0x9a, 0xa7, 0x70, 0x34, 0xb7, 0x7f, 0x4c,
  27195. 0x3a, 0xad, 0xfc, 0xd8, 0xb6, 0x76, 0x0a, 0xe3,
  27196. 0xc1, 0x87, 0x17, 0x07, 0x2d, 0x8d, 0xa3, 0x63,
  27197. 0xa0, 0xc1, 0x27, 0xb2, 0x97, 0x9b, 0x84, 0xe7,
  27198. 0xcd, 0x20, 0x65, 0x8d, 0x2b, 0x6a, 0x93, 0x75,
  27199. 0xaa, 0x8b, 0xe1, 0x3a, 0x7b, 0x24, 0x1a, 0xbe,
  27200. 0xe8, 0x36, 0xd2, 0xe6, 0x34, 0x8a, 0x7a, 0xb3,
  27201. 0x28, 0xe5, 0x17, 0xaf, 0x0d, 0x65, 0x4d, 0x3d,
  27202. 0x50, 0x96, 0x05, 0xc9, 0x63, 0x2c, 0xef, 0x1c,
  27203. 0x1f, 0x78, 0xc9, 0x90, 0x7a, 0x14, 0x00, 0xfc,
  27204. 0x44, 0x71, 0x6d, 0x57, 0x8c, 0xdf, 0x23, 0xca,
  27205. 0x65, 0xcf, 0x93, 0x06, 0xb6, 0x9a, 0xf4, 0x61,
  27206. 0xbd, 0x44, 0x1a, 0xeb, 0x52, 0x68, 0x0f, 0xd1,
  27207. 0xde, 0xc7, 0x3f, 0x6f, 0xce, 0xbe, 0x49, 0x61,
  27208. 0x48, 0x01, 0x77, 0x41, 0xd0, 0xd8, 0x5b, 0x48,
  27209. 0xca, 0x4e, 0x47, 0x3e, 0x47, 0xbf, 0x1d, 0x28,
  27210. 0x4c, 0x18, 0x1a, 0xfb, 0x96, 0x95, 0xda, 0xde,
  27211. 0x55
  27212. #endif
  27213. };
  27214. WOLFSSL_SMALL_STACK_STATIC const byte msg[] = {
  27215. 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
  27216. 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f,
  27217. 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17,
  27218. 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f,
  27219. 0x20, 0x21, 0x22, 0x23, 0x24, 0x25, 0x26, 0x27,
  27220. 0x28, 0x29, 0x2a, 0x2b, 0x2c, 0x2d, 0x2e, 0x2f
  27221. };
  27222. #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
  27223. userB = (ecc_key *)XMALLOC(sizeof(*userB), HEAP_HINT,
  27224. DYNAMIC_TYPE_TMP_BUFFER);
  27225. if (userB == NULL) {
  27226. ret = WC_TEST_RET_ENC_ERRNO;
  27227. }
  27228. #ifdef WOLFSSL_ECIES_OLD
  27229. if (ret == 0) {
  27230. userA = (ecc_key *)XMALLOC(sizeof(*userA), HEAP_HINT,
  27231. DYNAMIC_TYPE_TMP_BUFFER);
  27232. if (userA == NULL) {
  27233. ret = WC_TEST_RET_ENC_ERRNO;
  27234. }
  27235. }
  27236. #endif
  27237. #endif
  27238. if (ret == 0) {
  27239. ret = wc_ecc_init_ex(userB, HEAP_HINT, devId);
  27240. if (ret != 0)
  27241. ret = WC_TEST_RET_ENC_EC(ret);
  27242. }
  27243. if (ret == 0) {
  27244. userBInit = 1;
  27245. #ifdef WOLFSSL_ECIES_OLD
  27246. ret = wc_ecc_init_ex(userA, HEAP_HINT, devId);
  27247. if (ret != 0)
  27248. ret = WC_TEST_RET_ENC_EC(ret);
  27249. }
  27250. if (ret == 0) {
  27251. userAInit = 1;
  27252. tmpKey = userA;
  27253. #else
  27254. tmpKey = NULL;
  27255. #endif
  27256. }
  27257. if (ret == 0) {
  27258. #ifdef WOLFSSL_QNX_CAAM
  27259. ret = wc_ecc_import_private_key_ex(privKey, sizeof(privKey), pubKey,
  27260. sizeof(pubKey), userB, ECC_SECP256R1);
  27261. #else
  27262. ret = wc_ecc_import_private_key_ex(privKey, sizeof(privKey), NULL, 0,
  27263. userB, ECC_SECP256R1);
  27264. #endif
  27265. if (ret != 0)
  27266. ret = WC_TEST_RET_ENC_EC(ret);
  27267. }
  27268. #ifdef WOLFSSL_ECIES_OLD
  27269. if (ret == 0) {
  27270. ret = wc_ecc_import_x963_ex(pubKey, sizeof(pubKey), userA,
  27271. ECC_SECP256R1);
  27272. if (ret != 0)
  27273. ret = WC_TEST_RET_ENC_EC(ret);
  27274. }
  27275. #endif
  27276. #if defined(ECC_TIMING_RESISTANT) && (!defined(HAVE_FIPS) || \
  27277. (!defined(HAVE_FIPS_VERSION) || (HAVE_FIPS_VERSION != 2))) && \
  27278. !defined(HAVE_SELFTEST)
  27279. if (ret == 0) {
  27280. ret = wc_ecc_set_rng(userB, rng);
  27281. if (ret != 0) {
  27282. ret = WC_TEST_RET_ENC_EC(ret);
  27283. }
  27284. }
  27285. #else
  27286. (void)rng;
  27287. #endif
  27288. if (ret == 0) {
  27289. ret = wc_ecc_decrypt(userB, tmpKey, enc_msg, sizeof(enc_msg), plain,
  27290. &plainSz, NULL);
  27291. if (ret != 0)
  27292. ret = WC_TEST_RET_ENC_EC(ret);
  27293. }
  27294. if (ret == 0) {
  27295. if (XMEMCMP(plain, msg, sizeof(msg)) != 0) {
  27296. ret = WC_TEST_RET_ENC_NC;
  27297. }
  27298. }
  27299. if (userBInit)
  27300. wc_ecc_free(userB);
  27301. #ifdef WOLFSSL_ECIES_OLD
  27302. if (userAInit)
  27303. wc_ecc_free(userA);
  27304. #endif
  27305. #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
  27306. if (userB != NULL) {
  27307. XFREE(userB, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  27308. }
  27309. #ifdef WOLFSSL_ECIES_OLD
  27310. if (userA != NULL) {
  27311. XFREE(userA, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  27312. }
  27313. #endif
  27314. #endif
  27315. return ret;
  27316. }
  27317. #endif
  27318. static wc_test_ret_t ecc_encrypt_e2e_test(WC_RNG* rng, ecc_key* userA, ecc_key* userB,
  27319. byte encAlgo, byte kdfAlgo, byte macAlgo)
  27320. {
  27321. wc_test_ret_t ret = 0;
  27322. byte msg[48];
  27323. byte plain[48];
  27324. #ifdef WOLFSSL_ECIES_OLD
  27325. byte out[80];
  27326. #elif defined(WOLFSSL_ECIES_GEN_IV)
  27327. byte out[1 + ECC_KEYGEN_SIZE * 2 + 16 + 80];
  27328. #else
  27329. byte out[1 + ECC_KEYGEN_SIZE * 2 + 80];
  27330. #endif
  27331. word32 outSz = sizeof(out);
  27332. word32 plainSz = sizeof(plain);
  27333. int i;
  27334. ecEncCtx* cliCtx = NULL;
  27335. ecEncCtx* srvCtx = NULL;
  27336. byte cliSalt[EXCHANGE_SALT_SZ];
  27337. byte srvSalt[EXCHANGE_SALT_SZ];
  27338. const byte* tmpSalt;
  27339. byte msg2[48];
  27340. byte plain2[48];
  27341. #ifdef WOLFSSL_ECIES_OLD
  27342. byte out2[80];
  27343. #elif defined(WOLFSSL_ECIES_GEN_IV)
  27344. byte out2[1 + ECC_KEYGEN_SIZE * 2 + 16 + 80];
  27345. #else
  27346. byte out2[1 + ECC_KEYGEN_SIZE * 2 + 80];
  27347. #endif
  27348. word32 outSz2 = sizeof(out2);
  27349. word32 plainSz2 = sizeof(plain2);
  27350. #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
  27351. ecc_key *tmpKey = (ecc_key *)XMALLOC(sizeof(ecc_key), HEAP_HINT,
  27352. DYNAMIC_TYPE_TMP_BUFFER);
  27353. #else
  27354. ecc_key tmpKey[1];
  27355. #endif
  27356. #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
  27357. if (tmpKey == NULL) {
  27358. ERROR_OUT(MEMORY_E, done);
  27359. }
  27360. #endif
  27361. ret = wc_ecc_init_ex(tmpKey, HEAP_HINT, devId);
  27362. if (ret != 0)
  27363. goto done;
  27364. /* set message to incrementing 0,1,2,etc... */
  27365. for (i = 0; i < (int)sizeof(msg); i++)
  27366. msg[i] = i;
  27367. /* encrypt msg to B */
  27368. ret = wc_ecc_encrypt(userA, userB, msg, sizeof(msg), out, &outSz, NULL);
  27369. if (ret != 0) {
  27370. ret = WC_TEST_RET_ENC_EC(ret); goto done;
  27371. }
  27372. #ifdef WOLFSSL_ECIES_OLD
  27373. tmpKey->dp = userA->dp;
  27374. ret = wc_ecc_copy_point(&userA->pubkey, &tmpKey->pubkey);
  27375. if (ret != 0) {
  27376. ret = WC_TEST_RET_ENC_EC(ret); goto done;
  27377. }
  27378. #endif
  27379. /* decrypt msg from A */
  27380. ret = wc_ecc_decrypt(userB, tmpKey, out, outSz, plain, &plainSz, NULL);
  27381. if (ret != 0) {
  27382. ret = WC_TEST_RET_ENC_EC(ret); goto done;
  27383. }
  27384. if (XMEMCMP(plain, msg, sizeof(msg)) != 0) {
  27385. ret = WC_TEST_RET_ENC_NC; goto done;
  27386. }
  27387. #ifndef WOLFSSL_ECIES_OLD
  27388. /* A decrypts msg (response) from B */
  27389. ret = wc_ecc_decrypt(userB, NULL, out, outSz, plain2, &plainSz2, NULL);
  27390. if (ret != 0)
  27391. goto done;
  27392. if (XMEMCMP(plain, msg, sizeof(msg)) != 0) {
  27393. ret = WC_TEST_RET_ENC_NC; goto done;
  27394. }
  27395. #endif
  27396. /* let's verify message exchange works, A is client, B is server */
  27397. cliCtx = wc_ecc_ctx_new(REQ_RESP_CLIENT, rng);
  27398. srvCtx = wc_ecc_ctx_new(REQ_RESP_SERVER, rng);
  27399. if (cliCtx == NULL || srvCtx == NULL) {
  27400. ret = WC_TEST_RET_ENC_ERRNO; goto done;
  27401. }
  27402. ret = wc_ecc_ctx_set_algo(cliCtx, encAlgo, kdfAlgo, macAlgo);
  27403. if (ret != 0)
  27404. goto done;
  27405. ret = wc_ecc_ctx_set_algo(srvCtx, encAlgo, kdfAlgo, macAlgo);
  27406. if (ret != 0)
  27407. goto done;
  27408. /* get salt to send to peer */
  27409. tmpSalt = wc_ecc_ctx_get_own_salt(cliCtx);
  27410. if (tmpSalt == NULL) {
  27411. ret = WC_TEST_RET_ENC_NC; goto done;
  27412. }
  27413. XMEMCPY(cliSalt, tmpSalt, EXCHANGE_SALT_SZ);
  27414. tmpSalt = wc_ecc_ctx_get_own_salt(srvCtx);
  27415. if (tmpSalt == NULL) {
  27416. ret = WC_TEST_RET_ENC_NC; goto done;
  27417. }
  27418. XMEMCPY(srvSalt, tmpSalt, EXCHANGE_SALT_SZ);
  27419. /* in actual use, we'd get the peer's salt over the transport */
  27420. ret = wc_ecc_ctx_set_peer_salt(cliCtx, srvSalt);
  27421. if (ret != 0)
  27422. goto done;
  27423. ret = wc_ecc_ctx_set_peer_salt(srvCtx, cliSalt);
  27424. if (ret != 0)
  27425. goto done;
  27426. ret = wc_ecc_ctx_set_info(cliCtx, (byte*)"wolfSSL MSGE", 11);
  27427. if (ret != 0)
  27428. goto done;
  27429. ret = wc_ecc_ctx_set_info(srvCtx, (byte*)"wolfSSL MSGE", 11);
  27430. if (ret != 0)
  27431. goto done;
  27432. /* get encrypted msg (request) to send to B */
  27433. outSz = sizeof(out);
  27434. ret = wc_ecc_encrypt(userA, userB, msg, sizeof(msg), out, &outSz,cliCtx);
  27435. if (ret != 0)
  27436. goto done;
  27437. #ifndef WOLFSSL_ECIES_OLD
  27438. wc_ecc_free(tmpKey);
  27439. #endif
  27440. /* B decrypts msg (request) from A */
  27441. plainSz = sizeof(plain);
  27442. ret = wc_ecc_decrypt(userB, tmpKey, out, outSz, plain, &plainSz, srvCtx);
  27443. if (ret != 0)
  27444. goto done;
  27445. if (XMEMCMP(plain, msg, sizeof(msg)) != 0) {
  27446. ret = WC_TEST_RET_ENC_NC; goto done;
  27447. }
  27448. /* msg2 (response) from B to A */
  27449. for (i = 0; i < (int)sizeof(msg2); i++)
  27450. msg2[i] = i + sizeof(msg2);
  27451. /* get encrypted msg (response) to send to B */
  27452. ret = wc_ecc_encrypt(userB, userA, msg2, sizeof(msg2), out2,
  27453. &outSz2, srvCtx);
  27454. if (ret != 0)
  27455. goto done;
  27456. #ifdef WOLFSSL_ECIES_OLD
  27457. tmpKey->dp = userB->dp;
  27458. ret = wc_ecc_copy_point(&userB->pubkey, &tmpKey->pubkey);
  27459. if (ret != 0) {
  27460. ret = WC_TEST_RET_ENC_EC(ret); goto done;
  27461. }
  27462. #else
  27463. wc_ecc_free(tmpKey);
  27464. #endif
  27465. /* A decrypts msg (response) from B */
  27466. ret = wc_ecc_decrypt(userA, tmpKey, out2, outSz2, plain2, &plainSz2,
  27467. cliCtx);
  27468. if (ret != 0)
  27469. goto done;
  27470. if (XMEMCMP(plain2, msg2, sizeof(msg2)) != 0) {
  27471. ret = WC_TEST_RET_ENC_NC; goto done;
  27472. }
  27473. #if defined(HAVE_COMP_KEY) && \
  27474. (! defined(HAVE_FIPS) || (defined(FIPS_VERSION_GE) && FIPS_VERSION_GE(5,3)))
  27475. /* Create new client and server contexts. */
  27476. wc_ecc_ctx_free(srvCtx);
  27477. wc_ecc_ctx_free(cliCtx);
  27478. /* let's verify message exchange works, A is client, B is server */
  27479. cliCtx = wc_ecc_ctx_new(REQ_RESP_CLIENT, rng);
  27480. srvCtx = wc_ecc_ctx_new(REQ_RESP_SERVER, rng);
  27481. if (cliCtx == NULL || srvCtx == NULL) {
  27482. ret = WC_TEST_RET_ENC_ERRNO; goto done;
  27483. }
  27484. ret = wc_ecc_ctx_set_algo(cliCtx, encAlgo, kdfAlgo, macAlgo);
  27485. if (ret != 0)
  27486. goto done;
  27487. ret = wc_ecc_ctx_set_algo(srvCtx, encAlgo, kdfAlgo, macAlgo);
  27488. if (ret != 0)
  27489. goto done;
  27490. /* get salt to send to peer */
  27491. tmpSalt = wc_ecc_ctx_get_own_salt(cliCtx);
  27492. if (tmpSalt == NULL) {
  27493. ret = WC_TEST_RET_ENC_NC; goto done;
  27494. }
  27495. XMEMCPY(cliSalt, tmpSalt, EXCHANGE_SALT_SZ);
  27496. tmpSalt = wc_ecc_ctx_get_own_salt(srvCtx);
  27497. if (tmpSalt == NULL) {
  27498. ret = WC_TEST_RET_ENC_NC; goto done;
  27499. }
  27500. XMEMCPY(srvSalt, tmpSalt, EXCHANGE_SALT_SZ);
  27501. /* in actual use, we'd get the peer's salt over the transport */
  27502. ret = wc_ecc_ctx_set_peer_salt(cliCtx, srvSalt);
  27503. if (ret != 0)
  27504. goto done;
  27505. ret = wc_ecc_ctx_set_peer_salt(srvCtx, cliSalt);
  27506. if (ret != 0)
  27507. goto done;
  27508. ret = wc_ecc_ctx_set_info(cliCtx, (byte*)"wolfSSL MSGE", 12);
  27509. if (ret != 0)
  27510. goto done;
  27511. ret = wc_ecc_ctx_set_info(srvCtx, (byte*)"wolfSSL MSGE", 12);
  27512. if (ret != 0)
  27513. goto done;
  27514. /* get encrypted msg (request) to send to B - compressed public key */
  27515. outSz = sizeof(out);
  27516. ret = wc_ecc_encrypt_ex(userA, userB, msg, sizeof(msg), out, &outSz, cliCtx,
  27517. 1);
  27518. if (ret != 0)
  27519. goto done;
  27520. #ifndef WOLFSSL_ECIES_OLD
  27521. wc_ecc_free(tmpKey);
  27522. #endif
  27523. /* B decrypts msg (request) from A - out has a compressed public key */
  27524. plainSz = sizeof(plain);
  27525. ret = wc_ecc_decrypt(userB, tmpKey, out, outSz, plain, &plainSz, srvCtx);
  27526. if (ret != 0)
  27527. goto done;
  27528. if (XMEMCMP(plain, msg, sizeof(msg)) != 0) {
  27529. ret = WC_TEST_RET_ENC_NC; goto done;
  27530. }
  27531. #endif /* HAVE_COMP_KEY && (!FIPS || FIPS>=5.3) */
  27532. #if (!defined(NO_ECC256) || defined(HAVE_ALL_CURVES)) && \
  27533. (ECC_MIN_KEY_SZ <= 256) && defined(WOLFSSL_AES_128)
  27534. ret = ecc_encrypt_kat(rng);
  27535. #endif
  27536. done:
  27537. /* cleanup */
  27538. wc_ecc_ctx_free(srvCtx);
  27539. wc_ecc_ctx_free(cliCtx);
  27540. #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
  27541. if (tmpKey != NULL) {
  27542. wc_ecc_free(tmpKey);
  27543. XFREE(tmpKey, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  27544. }
  27545. #else
  27546. wc_ecc_free(tmpKey);
  27547. #endif
  27548. return ret;
  27549. }
  27550. #endif /* !HAVE_FIPS || FIPS_VERSION_GE(5,3) */
  27551. WOLFSSL_TEST_SUBROUTINE wc_test_ret_t ecc_encrypt_test(void)
  27552. {
  27553. WC_RNG rng;
  27554. wc_test_ret_t ret;
  27555. #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
  27556. ecc_key *userA;
  27557. ecc_key *userB;
  27558. #else
  27559. ecc_key userA[1];
  27560. ecc_key userB[1];
  27561. #endif
  27562. #ifndef HAVE_FIPS
  27563. ret = wc_InitRng_ex(&rng, HEAP_HINT, devId);
  27564. #else
  27565. ret = wc_InitRng(&rng);
  27566. #endif
  27567. if (ret != 0)
  27568. return WC_TEST_RET_ENC_EC(ret);
  27569. #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
  27570. userA = (ecc_key *)XMALLOC(sizeof *userA, HEAP_HINT,
  27571. DYNAMIC_TYPE_TMP_BUFFER);
  27572. userB = (ecc_key *)XMALLOC(sizeof *userB, HEAP_HINT,
  27573. DYNAMIC_TYPE_TMP_BUFFER);
  27574. if ((userA == NULL) || (userB == NULL)) {
  27575. ERROR_OUT(MEMORY_E, done);
  27576. }
  27577. #endif
  27578. XMEMSET(userA, 0, sizeof *userA);
  27579. XMEMSET(userB, 0, sizeof *userB);
  27580. ret = wc_ecc_init_ex(userA, HEAP_HINT, devId);
  27581. if (ret != 0)
  27582. goto done;
  27583. ret = wc_ecc_init_ex(userB, HEAP_HINT, devId);
  27584. if (ret != 0)
  27585. goto done;
  27586. ret = wc_ecc_make_key(&rng, ECC_KEYGEN_SIZE, userA);
  27587. #if defined(WOLFSSL_ASYNC_CRYPT)
  27588. ret = wc_AsyncWait(ret, &userA->asyncDev, WC_ASYNC_FLAG_NONE);
  27589. #endif
  27590. if (ret != 0){
  27591. ret = WC_TEST_RET_ENC_EC(ret); goto done;
  27592. }
  27593. ret = wc_ecc_make_key(&rng, ECC_KEYGEN_SIZE, userB);
  27594. #if defined(WOLFSSL_ASYNC_CRYPT)
  27595. ret = wc_AsyncWait(ret, &userB->asyncDev, WC_ASYNC_FLAG_NONE);
  27596. #endif
  27597. if (ret != 0){
  27598. ret = WC_TEST_RET_ENC_EC(ret); goto done;
  27599. }
  27600. #if defined(ECC_TIMING_RESISTANT) && (!defined(HAVE_FIPS) || \
  27601. (!defined(HAVE_FIPS_VERSION) || (HAVE_FIPS_VERSION != 2))) && \
  27602. !defined(HAVE_SELFTEST)
  27603. ret = wc_ecc_set_rng(userA, &rng);
  27604. if (ret != 0) {
  27605. ret = WC_TEST_RET_ENC_EC(ret); goto done;
  27606. }
  27607. ret = wc_ecc_set_rng(userB, &rng);
  27608. if (ret != 0) {
  27609. ret = WC_TEST_RET_ENC_EC(ret); goto done;
  27610. }
  27611. #endif
  27612. #if !defined(HAVE_FIPS) || (defined(FIPS_VERSION_GE) && FIPS_VERSION_GE(5,3))
  27613. #if !defined(NO_AES) && defined(HAVE_AES_CBC)
  27614. #ifdef WOLFSSL_AES_128
  27615. if (ret == 0) {
  27616. ret = ecc_encrypt_e2e_test(&rng, userA, userB, ecAES_128_CBC,
  27617. ecHKDF_SHA256, ecHMAC_SHA256);
  27618. if (ret != 0) {
  27619. printf("ECIES: AES_128_CBC, HKDF_SHA256, HMAC_SHA256\n");
  27620. }
  27621. }
  27622. #ifdef HAVE_X963_KDF
  27623. if (ret == 0) {
  27624. ret = ecc_encrypt_e2e_test(&rng, userA, userB, ecAES_128_CBC,
  27625. ecKDF_X963_SHA256, ecHMAC_SHA256);
  27626. if (ret != 0) {
  27627. printf("ECIES: AES_128_CBC, KDF_X963_SHA256, HMAC_SHA256\n");
  27628. }
  27629. }
  27630. if (ret == 0) {
  27631. ret = ecc_encrypt_e2e_test(&rng, userA, userB, ecAES_128_CBC,
  27632. ecKDF_SHA256, ecHMAC_SHA256);
  27633. if (ret != 0) {
  27634. printf("ECIES: AES_128_CBC, KDF_SHA256, HMAC_SHA256\n");
  27635. }
  27636. }
  27637. #endif
  27638. #endif
  27639. #ifdef WOLFSSL_AES_256
  27640. if (ret == 0) {
  27641. ret = ecc_encrypt_e2e_test(&rng, userA, userB, ecAES_256_CBC,
  27642. ecHKDF_SHA256, ecHMAC_SHA256);
  27643. if (ret != 0) {
  27644. printf("ECIES: AES_256_CBC, HKDF_SHA256, HMAC_SHA256\n");
  27645. }
  27646. }
  27647. #endif
  27648. #endif
  27649. #if !defined(NO_AES) && defined(WOLFSSL_AES_COUNTER)
  27650. #ifdef WOLFSSL_AES_128
  27651. if (ret == 0) {
  27652. ret = ecc_encrypt_e2e_test(&rng, userA, userB, ecAES_128_CTR,
  27653. ecHKDF_SHA256, ecHMAC_SHA256);
  27654. if (ret != 0) {
  27655. printf("ECIES: AES_128_CTR, HKDF_SHA256, HMAC_SHA256\n");
  27656. }
  27657. }
  27658. #endif
  27659. #ifdef WOLFSSL_AES_256
  27660. if (ret == 0) {
  27661. ret = ecc_encrypt_e2e_test(&rng, userA, userB, ecAES_256_CTR,
  27662. ecHKDF_SHA256, ecHMAC_SHA256);
  27663. if (ret != 0) {
  27664. printf("ECIES: AES_256_CTR, HKDF_SHA256, HMAC_SHA256\n");
  27665. }
  27666. }
  27667. #endif
  27668. #endif /* !NO_AES && WOLFSSL_AES_COUNTER */
  27669. #if !defined(NO_AES) && defined(HAVE_AES_CBC)
  27670. if (ret == 0) {
  27671. ret = ecc_ctx_kdf_salt_test(&rng, userA, userB);
  27672. }
  27673. #endif
  27674. #endif /* !HAVE_FIPS || FIPS_VERSION_GE(5,3) */
  27675. done:
  27676. #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
  27677. if (userA != NULL) {
  27678. wc_ecc_free(userA);
  27679. XFREE(userA, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  27680. }
  27681. if (userB != NULL) {
  27682. wc_ecc_free(userB);
  27683. XFREE(userB, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  27684. }
  27685. #else
  27686. wc_ecc_free(userB);
  27687. wc_ecc_free(userA);
  27688. #endif
  27689. wc_FreeRng(&rng);
  27690. return ret;
  27691. }
  27692. #endif /* HAVE_ECC_ENCRYPT && HAVE_AES_CBC && WOLFSSL_AES_128 */
  27693. #if defined(USE_CERT_BUFFERS_256) && !defined(WOLFSSL_ATECC508A) && \
  27694. !defined(WOLFSSL_ATECC608A) && !defined(NO_ECC256) && \
  27695. defined(HAVE_ECC_VERIFY) && defined(HAVE_ECC_SIGN) && \
  27696. !defined(WOLF_CRYPTO_CB_ONLY_ECC) && !defined(NO_ECC_SECP)
  27697. WOLFSSL_TEST_SUBROUTINE wc_test_ret_t ecc_test_buffers(void)
  27698. {
  27699. size_t bytes;
  27700. #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
  27701. ecc_key *cliKey = (ecc_key *)XMALLOC(sizeof *cliKey, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  27702. ecc_key *servKey = (ecc_key *)XMALLOC(sizeof *servKey, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  27703. ecc_key *tmpKey = (ecc_key *)XMALLOC(sizeof *tmpKey, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  27704. #else
  27705. ecc_key cliKey[1];
  27706. ecc_key servKey[1];
  27707. ecc_key tmpKey[1];
  27708. #endif
  27709. WC_RNG rng;
  27710. word32 idx = 0;
  27711. wc_test_ret_t ret;
  27712. /* pad our test message to 32 bytes so evenly divisible by AES_BLOCK_SZ */
  27713. byte in[] = "Everyone gets Friday off. ecc p";
  27714. word32 inLen = (word32)XSTRLEN((char*)in);
  27715. byte out[256];
  27716. byte plain[256];
  27717. int verify = 0;
  27718. word32 x;
  27719. #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
  27720. if ((cliKey == NULL) || (servKey == NULL) || (tmpKey == NULL))
  27721. ERROR_OUT(MEMORY_E, done);
  27722. #endif
  27723. ret = wc_ecc_init_ex(cliKey, HEAP_HINT, devId);
  27724. if (ret != 0)
  27725. ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done);
  27726. ret = wc_ecc_init_ex(servKey, HEAP_HINT, devId);
  27727. if (ret != 0)
  27728. ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done);
  27729. ret = wc_ecc_init_ex(tmpKey, HEAP_HINT, devId);
  27730. if (ret != 0)
  27731. ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done);
  27732. bytes = (size_t)sizeof_ecc_clikey_der_256;
  27733. /* place client key into ecc_key struct cliKey */
  27734. ret = wc_EccPrivateKeyDecode(ecc_clikey_der_256, &idx, cliKey,
  27735. (word32)bytes);
  27736. if (ret != 0)
  27737. ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done);
  27738. idx = 0;
  27739. bytes = (size_t)sizeof_ecc_key_der_256;
  27740. /* place server key into ecc_key struct servKey */
  27741. ret = wc_EccPrivateKeyDecode(ecc_key_der_256, &idx, servKey,
  27742. (word32)bytes);
  27743. if (ret != 0)
  27744. ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done);
  27745. #ifndef WC_NO_RNG
  27746. #ifndef HAVE_FIPS
  27747. ret = wc_InitRng_ex(&rng, HEAP_HINT, devId);
  27748. #else
  27749. ret = wc_InitRng(&rng);
  27750. #endif
  27751. if (ret != 0)
  27752. ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done);
  27753. #if defined(ECC_TIMING_RESISTANT) && (!defined(HAVE_FIPS) || \
  27754. (!defined(HAVE_FIPS_VERSION) || (HAVE_FIPS_VERSION != 2))) && \
  27755. !defined(HAVE_SELFTEST)
  27756. ret = wc_ecc_set_rng(cliKey, &rng);
  27757. if (ret != 0)
  27758. ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done);
  27759. ret = wc_ecc_set_rng(servKey, &rng);
  27760. if (ret != 0)
  27761. ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done);
  27762. #endif
  27763. #endif /* !WC_NO_RNG */
  27764. #if defined(HAVE_ECC_ENCRYPT) && defined(HAVE_HKDF) && \
  27765. defined(HAVE_AES_CBC) && defined(WOLFSSL_AES_128)
  27766. {
  27767. word32 y;
  27768. /* test encrypt and decrypt if they're available */
  27769. x = sizeof(out);
  27770. ret = wc_ecc_encrypt(cliKey, servKey, in, sizeof(in), out, &x, NULL);
  27771. if (ret < 0)
  27772. ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done);
  27773. #ifdef WOLFSSL_ECIES_OLD
  27774. tmpKey->dp = cliKey->dp;
  27775. ret = wc_ecc_copy_point(&cliKey->pubkey, &tmpKey->pubkey);
  27776. if (ret != 0) {
  27777. ret = WC_TEST_RET_ENC_EC(ret); goto done;
  27778. }
  27779. #endif
  27780. y = sizeof(plain);
  27781. ret = wc_ecc_decrypt(servKey, tmpKey, out, x, plain, &y, NULL);
  27782. if (ret < 0)
  27783. ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done);
  27784. if (XMEMCMP(plain, in, inLen))
  27785. ERROR_OUT(WC_TEST_RET_ENC_NC, done);
  27786. }
  27787. #endif
  27788. x = sizeof(out);
  27789. do {
  27790. #if defined(WOLFSSL_ASYNC_CRYPT)
  27791. ret = wc_AsyncWait(ret, &cliKey->asyncDev, WC_ASYNC_FLAG_CALL_AGAIN);
  27792. #endif
  27793. if (ret == 0)
  27794. ret = wc_ecc_sign_hash(in, inLen, out, &x, &rng, cliKey);
  27795. } while (ret == WC_PENDING_E);
  27796. if (ret < 0)
  27797. ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done);
  27798. TEST_SLEEP();
  27799. XMEMSET(plain, 0, sizeof(plain));
  27800. do {
  27801. #if defined(WOLFSSL_ASYNC_CRYPT)
  27802. ret = wc_AsyncWait(ret, &cliKey->asyncDev, WC_ASYNC_FLAG_CALL_AGAIN);
  27803. #endif
  27804. if (ret == 0)
  27805. ret = wc_ecc_verify_hash(out, x, in, inLen, &verify,
  27806. cliKey);
  27807. } while (ret == WC_PENDING_E);
  27808. if (ret < 0)
  27809. ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done);
  27810. if (verify != 1)
  27811. ERROR_OUT(WC_TEST_RET_ENC_NC, done);
  27812. TEST_SLEEP();
  27813. #ifdef WOLFSSL_CERT_EXT
  27814. idx = 0;
  27815. bytes = sizeof_ecc_clikeypub_der_256;
  27816. ret = wc_EccPublicKeyDecode(ecc_clikeypub_der_256, &idx, cliKey,
  27817. (word32) bytes);
  27818. if (ret != 0)
  27819. ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done);
  27820. #endif
  27821. ret = 0;
  27822. done:
  27823. #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
  27824. if (cliKey != NULL) {
  27825. wc_ecc_free(cliKey);
  27826. XFREE(cliKey, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  27827. }
  27828. if (servKey != NULL) {
  27829. wc_ecc_free(servKey);
  27830. XFREE(servKey, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  27831. }
  27832. if (tmpKey != NULL) {
  27833. wc_ecc_free(tmpKey);
  27834. XFREE(tmpKey, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  27835. }
  27836. #else
  27837. wc_ecc_free(cliKey);
  27838. wc_ecc_free(servKey);
  27839. wc_ecc_free(tmpKey);
  27840. #endif
  27841. wc_FreeRng(&rng);
  27842. return ret;
  27843. }
  27844. #endif /* USE_CERT_BUFFERS_256 && !WOLFSSL_ATECCX08A && !NO_ECC256 */
  27845. #endif /* HAVE_ECC */
  27846. #ifdef HAVE_CURVE25519
  27847. #if defined(HAVE_CURVE25519_SHARED_SECRET) && \
  27848. defined(HAVE_CURVE25519_KEY_IMPORT)
  27849. #ifdef CURVE25519_OVERFLOW_ALL_TESTS
  27850. #define X25519_TEST_CNT 5
  27851. #else
  27852. #define X25519_TEST_CNT 1
  27853. #endif
  27854. static wc_test_ret_t curve25519_overflow_test(void)
  27855. {
  27856. /* secret key for party a */
  27857. byte sa[X25519_TEST_CNT][32] = {
  27858. {
  27859. 0x8d,0xaf,0x6e,0x7a,0xc1,0xeb,0x8d,0x30,
  27860. 0x99,0x86,0xd3,0x90,0x47,0x96,0x21,0x3c,
  27861. 0x3a,0x75,0xc0,0x7b,0x75,0x01,0x75,0xa3,
  27862. 0x81,0x4b,0xff,0x5a,0xbc,0x96,0x87,0x28
  27863. },
  27864. #ifdef CURVE25519_OVERFLOW_ALL_TESTS
  27865. {
  27866. 0x9d,0x63,0x5f,0xce,0xe2,0xe8,0xd7,0xfb,
  27867. 0x68,0x77,0x0e,0x44,0xd1,0xad,0x87,0x2b,
  27868. 0xf4,0x65,0x06,0xb7,0xbb,0xdb,0xbe,0x6e,
  27869. 0x02,0x43,0x24,0xc7,0x3d,0x7b,0x88,0x60
  27870. },
  27871. {
  27872. 0x63,0xbf,0x76,0xa9,0x73,0xa0,0x09,0xb9,
  27873. 0xcc,0xc9,0x4d,0x47,0x2d,0x14,0x0e,0x52,
  27874. 0xa3,0x84,0x55,0xb8,0x7c,0xdb,0xce,0xb1,
  27875. 0xe4,0x5b,0x8a,0xb9,0x30,0xf1,0xa4,0xa0
  27876. },
  27877. {
  27878. 0x63,0xbf,0x76,0xa9,0x73,0xa0,0x09,0xb9,
  27879. 0xcc,0xc9,0x4d,0x47,0x2d,0x14,0x0e,0x52,
  27880. 0xa3,0x84,0x55,0xb8,0x7c,0xdb,0xce,0xb1,
  27881. 0xe4,0x5b,0x8a,0xb9,0x30,0xf1,0xa4,0xa0
  27882. },
  27883. {
  27884. 0x63,0xbf,0x76,0xa9,0x73,0xa0,0x09,0xb9,
  27885. 0xcc,0xc9,0x4d,0x47,0x2d,0x14,0x0e,0x52,
  27886. 0xa3,0x84,0x55,0xb8,0x7c,0xdb,0xce,0xb1,
  27887. 0xe4,0x5b,0x8a,0xb9,0x30,0xf1,0xa4,0xa0
  27888. }
  27889. #endif
  27890. };
  27891. /* public key for party b */
  27892. byte pb[X25519_TEST_CNT][32] = {
  27893. {
  27894. 0x7f,0xff,0xff,0xff,0xff,0xff,0xff,0xff,
  27895. 0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,
  27896. 0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,
  27897. 0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xf0
  27898. },
  27899. #ifdef CURVE25519_OVERFLOW_ALL_TESTS
  27900. {
  27901. /* 0xff first byte in original - invalid! */
  27902. 0x7f,0xff,0xff,0xff,0xff,0xff,0xff,0xff,
  27903. 0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,
  27904. 0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,
  27905. 0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xf0
  27906. },
  27907. {
  27908. 0x36,0x1a,0x74,0x87,0x28,0x59,0xe0,0xb6,
  27909. 0xe4,0x2b,0x17,0x9b,0x16,0xb0,0x3b,0xf8,
  27910. 0xb8,0x9f,0x2a,0x8f,0xc5,0x33,0x68,0x4f,
  27911. 0xde,0x4d,0xd8,0x80,0x63,0xe7,0xb4,0x0a
  27912. },
  27913. {
  27914. 0x00,0x80,0x38,0x59,0x19,0x3a,0x66,0x12,
  27915. 0xfd,0xa1,0xec,0x1c,0x40,0x84,0x40,0xbd,
  27916. 0x64,0x10,0x8b,0x53,0x81,0x21,0x03,0x2d,
  27917. 0x7d,0x33,0xb4,0x01,0x57,0x0d,0xe1,0x89
  27918. },
  27919. {
  27920. 0x1d,0xf8,0xf8,0x33,0x89,0x6c,0xb7,0xba,
  27921. 0x94,0x73,0xfa,0xc2,0x36,0xac,0xbe,0x49,
  27922. 0xaf,0x85,0x3e,0x93,0x5f,0xae,0xb2,0xc0,
  27923. 0xc8,0x80,0x8f,0x4a,0xaa,0xd3,0x55,0x2b
  27924. }
  27925. #endif
  27926. };
  27927. /* expected shared key */
  27928. byte ss[X25519_TEST_CNT][32] = {
  27929. {
  27930. 0x5c,0x4c,0x85,0x5f,0xfb,0x20,0x38,0xcc,
  27931. 0x55,0x16,0x5b,0x8a,0xa7,0xed,0x57,0x6e,
  27932. 0x35,0xaa,0x71,0x67,0x85,0x1f,0xb6,0x28,
  27933. 0x17,0x07,0x7b,0xda,0x76,0xdd,0xe0,0xb4
  27934. },
  27935. #ifdef CURVE25519_OVERFLOW_ALL_TESTS
  27936. {
  27937. 0x33,0xf6,0xc1,0x34,0x62,0x92,0x06,0x02,
  27938. 0x95,0xdb,0x91,0x4c,0x5d,0x52,0x54,0xc7,
  27939. 0xd2,0x5b,0x24,0xb5,0x4f,0x33,0x59,0x79,
  27940. 0x9f,0x6d,0x7e,0x4a,0x4c,0x30,0xd6,0x38
  27941. },
  27942. {
  27943. 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
  27944. 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
  27945. 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
  27946. 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x02
  27947. },
  27948. {
  27949. 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
  27950. 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
  27951. 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
  27952. 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x09
  27953. },
  27954. {
  27955. 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
  27956. 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
  27957. 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
  27958. 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x10
  27959. }
  27960. #endif
  27961. };
  27962. wc_test_ret_t ret = 0;
  27963. int i;
  27964. word32 y;
  27965. byte shared[32];
  27966. curve25519_key userA;
  27967. wc_curve25519_init_ex(&userA, HEAP_HINT, devId);
  27968. for (i = 0; i < X25519_TEST_CNT; i++) {
  27969. if (wc_curve25519_import_private_raw(sa[i], sizeof(sa[i]), pb[i],
  27970. sizeof(pb[i]), &userA) != 0) {
  27971. ret = WC_TEST_RET_ENC_I(i); break;
  27972. }
  27973. /* test against known test vector */
  27974. XMEMSET(shared, 0, sizeof(shared));
  27975. y = sizeof(shared);
  27976. if (wc_curve25519_shared_secret(&userA, &userA, shared, &y) != 0) {
  27977. ret = WC_TEST_RET_ENC_I(i); break;
  27978. }
  27979. if (XMEMCMP(ss[i], shared, y)) {
  27980. ret = WC_TEST_RET_ENC_I(i); break;
  27981. }
  27982. }
  27983. wc_curve25519_free(&userA);
  27984. return ret;
  27985. }
  27986. /* Test the wc_curve25519_check_public API.
  27987. *
  27988. * returns 0 on success and -ve on failure.
  27989. */
  27990. static wc_test_ret_t curve25519_check_public_test(void)
  27991. {
  27992. wc_test_ret_t ret;
  27993. /* Little-endian values that will fail */
  27994. byte fail_le[][CURVE25519_KEYSIZE] = {
  27995. {
  27996. 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
  27997. 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
  27998. 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
  27999. 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00
  28000. },
  28001. {
  28002. 0x01,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
  28003. 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
  28004. 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
  28005. 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00
  28006. },
  28007. {
  28008. 0x01,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
  28009. 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
  28010. 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
  28011. 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x81
  28012. },
  28013. };
  28014. /* Big-endian values that will fail */
  28015. byte fail_be[][CURVE25519_KEYSIZE] = {
  28016. {
  28017. 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
  28018. 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
  28019. 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
  28020. 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00
  28021. },
  28022. {
  28023. 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
  28024. 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
  28025. 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
  28026. 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x01
  28027. },
  28028. {
  28029. 0x81,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
  28030. 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
  28031. 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
  28032. 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x01
  28033. },
  28034. };
  28035. /* Good or valid public value */
  28036. byte good[CURVE25519_KEYSIZE] = {
  28037. 0x01,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
  28038. 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
  28039. 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
  28040. 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x01
  28041. };
  28042. int i;
  28043. /* Parameter checks */
  28044. /* NULL pointer */
  28045. ret = wc_curve25519_check_public(NULL, 0, EC25519_LITTLE_ENDIAN);
  28046. if (ret != BAD_FUNC_ARG) {
  28047. return WC_TEST_RET_ENC_EC(ret);
  28048. }
  28049. ret = wc_curve25519_check_public(NULL, 0, EC25519_BIG_ENDIAN);
  28050. if (ret != BAD_FUNC_ARG) {
  28051. return WC_TEST_RET_ENC_EC(ret);
  28052. }
  28053. /* Length of 0 treated differently to other invalid lengths for TLS */
  28054. ret = wc_curve25519_check_public(good, 0, EC25519_LITTLE_ENDIAN);
  28055. if (ret != BUFFER_E)
  28056. return WC_TEST_RET_ENC_EC(ret);
  28057. ret = wc_curve25519_check_public(good, 0, EC25519_BIG_ENDIAN);
  28058. if (ret != BUFFER_E)
  28059. return WC_TEST_RET_ENC_EC(ret);
  28060. /* Length not CURVE25519_KEYSIZE */
  28061. for (i = 1; i < CURVE25519_KEYSIZE + 2; i++) {
  28062. if (i == CURVE25519_KEYSIZE)
  28063. continue;
  28064. if (wc_curve25519_check_public(good, i, EC25519_LITTLE_ENDIAN) !=
  28065. ECC_BAD_ARG_E) {
  28066. return WC_TEST_RET_ENC_I(i);
  28067. }
  28068. if (wc_curve25519_check_public(good, i, EC25519_BIG_ENDIAN) !=
  28069. ECC_BAD_ARG_E) {
  28070. return WC_TEST_RET_ENC_I(i);
  28071. }
  28072. }
  28073. /* Little-endian fail cases */
  28074. for (i = 0; i < (int)(sizeof(fail_le) / sizeof(*fail_le)); i++) {
  28075. if (wc_curve25519_check_public(fail_le[i], CURVE25519_KEYSIZE,
  28076. EC25519_LITTLE_ENDIAN) == 0) {
  28077. return WC_TEST_RET_ENC_I(i);
  28078. }
  28079. }
  28080. /* Big-endian fail cases */
  28081. for (i = 0; i < (int)(sizeof(fail_be) / sizeof(*fail_be)); i++) {
  28082. if (wc_curve25519_check_public(fail_be[i], CURVE25519_KEYSIZE,
  28083. EC25519_BIG_ENDIAN) == 0) {
  28084. return WC_TEST_RET_ENC_I(i);
  28085. }
  28086. }
  28087. /* Check a valid public value works! */
  28088. ret = wc_curve25519_check_public(good, CURVE25519_KEYSIZE,
  28089. EC25519_LITTLE_ENDIAN);
  28090. if (ret != 0) {
  28091. return WC_TEST_RET_ENC_EC(ret);
  28092. }
  28093. ret = wc_curve25519_check_public(good, CURVE25519_KEYSIZE,
  28094. EC25519_BIG_ENDIAN);
  28095. if (ret != 0) {
  28096. return WC_TEST_RET_ENC_EC(ret);
  28097. }
  28098. return 0;
  28099. }
  28100. #endif /* HAVE_CURVE25519_SHARED_SECRET && HAVE_CURVE25519_KEY_IMPORT */
  28101. #if !defined(NO_ASN) && defined(HAVE_CURVE25519_KEY_EXPORT) && \
  28102. defined(HAVE_CURVE25519_KEY_IMPORT)
  28103. static wc_test_ret_t curve255519_der_test(void)
  28104. {
  28105. wc_test_ret_t ret = 0;
  28106. /* certs/statickeys/x25519.der */
  28107. const byte kCurve25519PrivDer[] = {
  28108. 0x30, 0x2E, 0x02, 0x01, 0x00, 0x30, 0x05, 0x06, 0x03, 0x2B, 0x65, 0x6E,
  28109. 0x04, 0x22, 0x04, 0x20, 0x78, 0x8E, 0x31, 0x5C, 0x33, 0xA9, 0x19, 0xC0,
  28110. 0x5E, 0x36, 0x70, 0x1B, 0xA4, 0xE8, 0xEF, 0xC1, 0x89, 0x8C, 0xB3, 0x15,
  28111. 0xC6, 0x79, 0xD3, 0xAC, 0x22, 0x00, 0xAE, 0xFA, 0xB3, 0xB7, 0x0F, 0x78
  28112. };
  28113. /* certs/statickeys/x25519-pub.der */
  28114. const byte kCurve25519PubDer[] = {
  28115. 0x30, 0x2A, 0x30, 0x05, 0x06, 0x03, 0x2B, 0x65, 0x6E, 0x03, 0x21, 0x00,
  28116. 0x09, 0xBC, 0x8C, 0xC7, 0x45, 0x0D, 0xC1, 0xC2, 0x02, 0x57, 0x9A, 0x68,
  28117. 0x3A, 0xFD, 0x7A, 0xA8, 0xA5, 0x2F, 0xF0, 0x99, 0x39, 0x98, 0xEA, 0x26,
  28118. 0xA2, 0x5B, 0x38, 0xFD, 0x96, 0xDB, 0x2A, 0x26
  28119. };
  28120. curve25519_key key;
  28121. byte output[128];
  28122. word32 outputSz = 128;
  28123. word32 idx;
  28124. ret = wc_curve25519_init_ex(&key, HEAP_HINT, devId);
  28125. if (ret != 0)
  28126. return WC_TEST_RET_ENC_EC(ret);
  28127. /* Test decode / encode of Curve25519 private key only */
  28128. if (ret == 0) {
  28129. idx = 0;
  28130. ret = wc_Curve25519PrivateKeyDecode(kCurve25519PrivDer, &idx, &key,
  28131. (word32)sizeof(kCurve25519PrivDer));
  28132. if (ret < 0)
  28133. ret = WC_TEST_RET_ENC_EC(ret);
  28134. }
  28135. if (ret == 0) {
  28136. outputSz = (word32)sizeof(output);
  28137. ret = wc_Curve25519PrivateKeyToDer(&key, output, outputSz);
  28138. if (ret >= 0) {
  28139. outputSz = (word32)ret;
  28140. ret = 0;
  28141. }
  28142. else {
  28143. ret = WC_TEST_RET_ENC_EC(ret);
  28144. }
  28145. }
  28146. if (ret == 0 && (outputSz != (word32)sizeof(kCurve25519PrivDer) ||
  28147. XMEMCMP(output, kCurve25519PrivDer, outputSz) != 0)) {
  28148. ret = WC_TEST_RET_ENC_NC;
  28149. }
  28150. /* Test decode / encode of Curve25519 public key only */
  28151. if (ret == 0) {
  28152. idx = 0;
  28153. ret = wc_Curve25519PublicKeyDecode(kCurve25519PubDer, &idx, &key,
  28154. (word32)sizeof(kCurve25519PubDer));
  28155. if (ret < 0)
  28156. ret = WC_TEST_RET_ENC_EC(ret);
  28157. }
  28158. if (ret == 0) {
  28159. outputSz = (word32)sizeof(output);
  28160. ret = wc_Curve25519PublicKeyToDer(&key, output, outputSz, 1);
  28161. if (ret >= 0) {
  28162. outputSz = (word32)ret;
  28163. ret = 0;
  28164. }
  28165. else {
  28166. ret = WC_TEST_RET_ENC_EC(ret);
  28167. }
  28168. }
  28169. if (ret == 0 && (outputSz != (word32)sizeof(kCurve25519PubDer) ||
  28170. XMEMCMP(output, kCurve25519PubDer, outputSz) != 0)) {
  28171. ret = WC_TEST_RET_ENC_NC;
  28172. }
  28173. wc_curve25519_free(&key);
  28174. return ret;
  28175. }
  28176. #endif /* !NO_ASN && HAVE_CURVE25519_KEY_EXPORT && HAVE_CURVE25519_KEY_IMPORT */
  28177. WOLFSSL_TEST_SUBROUTINE wc_test_ret_t curve25519_test(void)
  28178. {
  28179. WC_RNG rng;
  28180. wc_test_ret_t ret;
  28181. #ifdef HAVE_CURVE25519_SHARED_SECRET
  28182. byte sharedA[32];
  28183. byte sharedB[32];
  28184. word32 y;
  28185. #endif
  28186. #ifdef HAVE_CURVE25519_KEY_EXPORT
  28187. byte exportBuf[32];
  28188. #endif
  28189. word32 x = 0;
  28190. curve25519_key userA, userB, pubKey;
  28191. #if defined(HAVE_CURVE25519_SHARED_SECRET) && \
  28192. defined(HAVE_CURVE25519_KEY_IMPORT)
  28193. /* test vectors from
  28194. https://tools.ietf.org/html/draft-josefsson-tls-curve25519-03
  28195. */
  28196. /* secret key for party a */
  28197. byte sa[] = {
  28198. 0x5A,0xC9,0x9F,0x33,0x63,0x2E,0x5A,0x76,
  28199. 0x8D,0xE7,0xE8,0x1B,0xF8,0x54,0xC2,0x7C,
  28200. 0x46,0xE3,0xFB,0xF2,0xAB,0xBA,0xCD,0x29,
  28201. 0xEC,0x4A,0xFF,0x51,0x73,0x69,0xC6,0x60
  28202. };
  28203. /* public key for party a */
  28204. byte pa[] = {
  28205. 0x05,0x7E,0x23,0xEA,0x9F,0x1C,0xBE,0x8A,
  28206. 0x27,0x16,0x8F,0x6E,0x69,0x6A,0x79,0x1D,
  28207. 0xE6,0x1D,0xD3,0xAF,0x7A,0xCD,0x4E,0xEA,
  28208. 0xCC,0x6E,0x7B,0xA5,0x14,0xFD,0xA8,0x63
  28209. };
  28210. /* secret key for party b */
  28211. byte sb[] = {
  28212. 0x47,0xDC,0x3D,0x21,0x41,0x74,0x82,0x0E,
  28213. 0x11,0x54,0xB4,0x9B,0xC6,0xCD,0xB2,0xAB,
  28214. 0xD4,0x5E,0xE9,0x58,0x17,0x05,0x5D,0x25,
  28215. 0x5A,0xA3,0x58,0x31,0xB7,0x0D,0x32,0x60
  28216. };
  28217. /* public key for party b */
  28218. byte pb[] = {
  28219. 0x6E,0xB8,0x9D,0xA9,0x19,0x89,0xAE,0x37,
  28220. 0xC7,0xEA,0xC7,0x61,0x8D,0x9E,0x5C,0x49,
  28221. 0x51,0xDB,0xA1,0xD7,0x3C,0x28,0x5A,0xE1,
  28222. 0xCD,0x26,0xA8,0x55,0x02,0x0E,0xEF,0x04
  28223. };
  28224. /* expected shared key */
  28225. byte ss[] = {
  28226. 0x61,0x45,0x0C,0xD9,0x8E,0x36,0x01,0x6B,
  28227. 0x58,0x77,0x6A,0x89,0x7A,0x9F,0x0A,0xEF,
  28228. 0x73,0x8B,0x99,0xF0,0x94,0x68,0xB8,0xD6,
  28229. 0xB8,0x51,0x11,0x84,0xD5,0x34,0x94,0xAB
  28230. };
  28231. #endif /* HAVE_CURVE25519_SHARED_SECRET */
  28232. (void)x;
  28233. #ifndef HAVE_FIPS
  28234. ret = wc_InitRng_ex(&rng, HEAP_HINT, devId);
  28235. #else
  28236. ret = wc_InitRng(&rng);
  28237. #endif
  28238. if (ret != 0)
  28239. return WC_TEST_RET_ENC_EC(ret);
  28240. wc_curve25519_init_ex(&userA, HEAP_HINT, devId);
  28241. wc_curve25519_init_ex(&userB, HEAP_HINT, devId);
  28242. wc_curve25519_init_ex(&pubKey, HEAP_HINT, devId);
  28243. /* make curve25519 keys */
  28244. ret = wc_curve25519_make_key(&rng, 32, &userA);
  28245. if (ret != 0)
  28246. return WC_TEST_RET_ENC_EC(ret);
  28247. ret = wc_curve25519_make_key(&rng, 32, &userB);
  28248. if (ret != 0)
  28249. return WC_TEST_RET_ENC_EC(ret);
  28250. #ifdef HAVE_CURVE25519_SHARED_SECRET
  28251. /* find shared secret key */
  28252. x = sizeof(sharedA);
  28253. if ((ret = wc_curve25519_shared_secret(&userA, &userB, sharedA, &x)) != 0) {
  28254. printf("wc_curve25519_shared_secret 1 failed\n");
  28255. return WC_TEST_RET_ENC_EC(ret);
  28256. }
  28257. y = sizeof(sharedB);
  28258. if ((ret = wc_curve25519_shared_secret(&userB, &userA, sharedB, &y)) != 0) {
  28259. printf("wc_curve25519_shared_secret 2 failed\n");
  28260. return WC_TEST_RET_ENC_EC(ret);
  28261. }
  28262. /* compare shared secret keys to test they are the same */
  28263. if (y != x)
  28264. return WC_TEST_RET_ENC_NC;
  28265. if (XMEMCMP(sharedA, sharedB, x))
  28266. return WC_TEST_RET_ENC_NC;
  28267. #endif
  28268. #ifdef HAVE_CURVE25519_KEY_EXPORT
  28269. /* export a public key and import it for another user */
  28270. x = sizeof(exportBuf);
  28271. ret = wc_curve25519_export_public(&userA, exportBuf, &x);
  28272. if (ret != 0)
  28273. return WC_TEST_RET_ENC_EC(ret);
  28274. #ifdef HAVE_CURVE25519_KEY_IMPORT
  28275. ret = wc_curve25519_import_public(exportBuf, x, &pubKey);
  28276. if (ret != 0)
  28277. return WC_TEST_RET_ENC_EC(ret);
  28278. #endif
  28279. #endif
  28280. #if defined(HAVE_CURVE25519_SHARED_SECRET) && \
  28281. defined(HAVE_CURVE25519_KEY_IMPORT)
  28282. /* test shared key after importing a public key */
  28283. XMEMSET(sharedB, 0, sizeof(sharedB));
  28284. y = sizeof(sharedB);
  28285. if (wc_curve25519_shared_secret(&userB, &pubKey, sharedB, &y) != 0) {
  28286. return WC_TEST_RET_ENC_NC;
  28287. }
  28288. if (XMEMCMP(sharedA, sharedB, y))
  28289. return WC_TEST_RET_ENC_NC;
  28290. /* import RFC test vectors and compare shared key */
  28291. ret = wc_curve25519_import_private_raw(sa, sizeof(sa), pa, sizeof(pa),
  28292. &userA);
  28293. if (ret != 0)
  28294. return WC_TEST_RET_ENC_EC(ret);
  28295. ret = wc_curve25519_import_private_raw(sb, sizeof(sb), pb, sizeof(pb),
  28296. &userB);
  28297. if (ret != 0)
  28298. return WC_TEST_RET_ENC_EC(ret);
  28299. /* test against known test vector */
  28300. XMEMSET(sharedB, 0, sizeof(sharedB));
  28301. y = sizeof(sharedB);
  28302. ret = wc_curve25519_shared_secret(&userA, &userB, sharedB, &y);
  28303. if (ret != 0)
  28304. return WC_TEST_RET_ENC_EC(ret);
  28305. if (XMEMCMP(ss, sharedB, y))
  28306. return WC_TEST_RET_ENC_NC;
  28307. /* test swapping roles of keys and generating same shared key */
  28308. XMEMSET(sharedB, 0, sizeof(sharedB));
  28309. y = sizeof(sharedB);
  28310. ret = wc_curve25519_shared_secret(&userB, &userA, sharedB, &y);
  28311. if (ret != 0)
  28312. return WC_TEST_RET_ENC_EC(ret);
  28313. if (XMEMCMP(ss, sharedB, y))
  28314. return WC_TEST_RET_ENC_NC;
  28315. /* test with 1 generated key and 1 from known test vector */
  28316. ret = wc_curve25519_import_private_raw(sa, sizeof(sa), pa, sizeof(pa),
  28317. &userA);
  28318. if (ret != 0)
  28319. return WC_TEST_RET_ENC_EC(ret);
  28320. wc_curve25519_free(&userB);
  28321. wc_curve25519_init_ex(&userB, HEAP_HINT, devId);
  28322. ret = wc_curve25519_make_key(&rng, 32, &userB);
  28323. if (ret != 0)
  28324. return WC_TEST_RET_ENC_EC(ret);
  28325. x = sizeof(sharedA);
  28326. ret = wc_curve25519_shared_secret(&userA, &userB, sharedA, &x);
  28327. if (ret != 0)
  28328. return WC_TEST_RET_ENC_EC(ret);
  28329. y = sizeof(sharedB);
  28330. ret = wc_curve25519_shared_secret(&userB, &userA, sharedB, &y);
  28331. if (ret != 0)
  28332. return WC_TEST_RET_ENC_EC(ret);
  28333. /* compare shared secret keys to test they are the same */
  28334. if (y != x)
  28335. return WC_TEST_RET_ENC_NC;
  28336. if (XMEMCMP(sharedA, sharedB, x))
  28337. return WC_TEST_RET_ENC_NC;
  28338. ret = curve25519_overflow_test();
  28339. if (ret != 0)
  28340. return ret;
  28341. ret = curve25519_check_public_test();
  28342. if (ret != 0)
  28343. return ret;
  28344. #endif /* HAVE_CURVE25519_SHARED_SECRET && HAVE_CURVE25519_KEY_IMPORT */
  28345. #if !defined(NO_ASN) && defined(HAVE_CURVE25519_KEY_EXPORT) && \
  28346. defined(HAVE_CURVE25519_KEY_IMPORT)
  28347. ret = curve255519_der_test();
  28348. if (ret != 0)
  28349. return ret;
  28350. #endif
  28351. /* clean up keys when done */
  28352. wc_curve25519_free(&pubKey);
  28353. wc_curve25519_free(&userB);
  28354. wc_curve25519_free(&userA);
  28355. wc_FreeRng(&rng);
  28356. return 0;
  28357. }
  28358. #endif /* HAVE_CURVE25519 */
  28359. #ifdef HAVE_ED25519
  28360. #ifdef WOLFSSL_TEST_CERT
  28361. static wc_test_ret_t ed25519_test_cert(void)
  28362. {
  28363. DecodedCert cert[2];
  28364. DecodedCert* serverCert = NULL;
  28365. DecodedCert* caCert = NULL;
  28366. #ifdef HAVE_ED25519_VERIFY
  28367. ed25519_key key;
  28368. ed25519_key* pubKey = NULL;
  28369. int verify;
  28370. #endif /* HAVE_ED25519_VERIFY */
  28371. wc_test_ret_t ret;
  28372. byte* tmp;
  28373. size_t bytes;
  28374. XFILE file;
  28375. tmp = (byte *)XMALLOC(FOURK_BUF, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  28376. if (tmp == NULL) {
  28377. ERROR_OUT(WC_TEST_RET_ENC_ERRNO, done);
  28378. }
  28379. #ifdef USE_CERT_BUFFERS_256
  28380. XMEMCPY(tmp, ca_ed25519_cert, sizeof_ca_ed25519_cert);
  28381. bytes = sizeof_ca_ed25519_cert;
  28382. #elif !defined(NO_FILESYSTEM)
  28383. file = XFOPEN(caEd25519Cert, "rb");
  28384. if (file == NULL) {
  28385. ERROR_OUT(WC_TEST_RET_ENC_ERRNO, done);
  28386. }
  28387. bytes = XFREAD(tmp, 1, FOURK_BUF, file);
  28388. XFCLOSE(file);
  28389. if (bytes == 0)
  28390. ERROR_OUT(WC_TEST_RET_ENC_ERRNO, done);
  28391. #else
  28392. /* No certificate to use. */
  28393. ERROR_OUT(WC_TEST_RET_ENC_NC, done);
  28394. #endif
  28395. InitDecodedCert(&cert[0], tmp, (word32)bytes, 0);
  28396. caCert = &cert[0];
  28397. ret = ParseCert(caCert, CERT_TYPE, NO_VERIFY, NULL);
  28398. if (ret != 0)
  28399. ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done);
  28400. #ifdef USE_CERT_BUFFERS_256
  28401. XMEMCPY(tmp, server_ed25519_cert, sizeof_server_ed25519_cert);
  28402. bytes = sizeof_server_ed25519_cert;
  28403. #elif !defined(NO_FILESYSTEM)
  28404. file = XFOPEN(serverEd25519Cert, "rb");
  28405. if (file == NULL) {
  28406. ERROR_OUT(WC_TEST_RET_ENC_ERRNO, done);
  28407. }
  28408. bytes = XFREAD(tmp, 1, FOURK_BUF, file);
  28409. XFCLOSE(file);
  28410. if (bytes == 0)
  28411. ERROR_OUT(WC_TEST_RET_ENC_ERRNO, done);
  28412. #else
  28413. /* No certificate to use. */
  28414. ERROR_OUT(WC_TEST_RET_ENC_NC, done);
  28415. #endif
  28416. InitDecodedCert(&cert[1], tmp, (word32)bytes, 0);
  28417. serverCert = &cert[1];
  28418. ret = ParseCert(serverCert, CERT_TYPE, NO_VERIFY, NULL);
  28419. if (ret != 0)
  28420. ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done);
  28421. #ifdef HAVE_ED25519_VERIFY
  28422. ret = wc_ed25519_init(&key);
  28423. if (ret < 0)
  28424. ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done);
  28425. pubKey = &key;
  28426. ret = wc_ed25519_import_public(caCert->publicKey, caCert->pubKeySize,
  28427. pubKey);
  28428. if (ret < 0)
  28429. ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done);
  28430. ret = wc_ed25519_verify_msg(serverCert->signature, serverCert->sigLength,
  28431. serverCert->source + serverCert->certBegin,
  28432. serverCert->sigIndex - serverCert->certBegin,
  28433. &verify, pubKey);
  28434. if (ret < 0 || verify != 1)
  28435. ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done);
  28436. #endif /* HAVE_ED25519_VERIFY */
  28437. done:
  28438. if (tmp != NULL)
  28439. XFREE(tmp, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  28440. #ifdef HAVE_ED25519_VERIFY
  28441. wc_ed25519_free(pubKey);
  28442. #endif /* HAVE_ED25519_VERIFY */
  28443. if (caCert != NULL)
  28444. FreeDecodedCert(caCert);
  28445. if (serverCert != NULL)
  28446. FreeDecodedCert(serverCert);
  28447. return ret;
  28448. }
  28449. static wc_test_ret_t ed25519_test_make_cert(void)
  28450. {
  28451. WC_RNG rng;
  28452. Cert cert;
  28453. DecodedCert decode;
  28454. ed25519_key key;
  28455. ed25519_key* privKey = NULL;
  28456. wc_test_ret_t ret = 0;
  28457. byte* tmp = NULL;
  28458. wc_InitCert_ex(&cert, HEAP_HINT, devId);
  28459. #ifndef HAVE_FIPS
  28460. ret = wc_InitRng_ex(&rng, HEAP_HINT, devId);
  28461. #else
  28462. ret = wc_InitRng(&rng);
  28463. #endif
  28464. if (ret != 0)
  28465. return WC_TEST_RET_ENC_EC(ret);
  28466. wc_ed25519_init(&key);
  28467. privKey = &key;
  28468. wc_ed25519_make_key(&rng, ED25519_KEY_SIZE, privKey);
  28469. cert.daysValid = 365 * 2;
  28470. cert.selfSigned = 1;
  28471. XMEMCPY(&cert.issuer, &certDefaultName, sizeof(CertName));
  28472. XMEMCPY(&cert.subject, &certDefaultName, sizeof(CertName));
  28473. cert.isCA = 0;
  28474. #ifdef WOLFSSL_CERT_EXT
  28475. ret = wc_SetKeyUsage(&cert, certKeyUsage);
  28476. if (ret < 0)
  28477. ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done);
  28478. ret = wc_SetSubjectKeyIdFromPublicKey_ex(&cert, ED25519_TYPE, privKey);
  28479. if (ret < 0)
  28480. ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done);
  28481. ret = wc_SetAuthKeyIdFromPublicKey_ex(&cert, ED25519_TYPE, privKey);
  28482. if (ret < 0)
  28483. ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done);
  28484. #endif
  28485. tmp = (byte *)XMALLOC(FOURK_BUF, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  28486. if (tmp == NULL) {
  28487. ERROR_OUT(WC_TEST_RET_ENC_ERRNO, done);
  28488. }
  28489. cert.sigType = CTC_ED25519;
  28490. ret = wc_MakeCert_ex(&cert, tmp, FOURK_BUF, ED25519_TYPE, privKey, &rng);
  28491. if (ret < 0)
  28492. ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done);
  28493. ret = wc_SignCert_ex(cert.bodySz, cert.sigType, tmp, FOURK_BUF,
  28494. ED25519_TYPE, privKey, &rng);
  28495. if (ret < 0)
  28496. ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done);
  28497. InitDecodedCert(&decode, tmp, (word32)ret, HEAP_HINT);
  28498. ret = ParseCert(&decode, CERT_TYPE, NO_VERIFY, 0);
  28499. FreeDecodedCert(&decode);
  28500. if (ret != 0)
  28501. ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done);
  28502. done:
  28503. if (tmp != NULL)
  28504. XFREE(tmp, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  28505. wc_ed25519_free(privKey);
  28506. wc_FreeRng(&rng);
  28507. return ret;
  28508. }
  28509. #endif /* WOLFSSL_TEST_CERT */
  28510. #if defined(HAVE_ED25519_SIGN) && defined(HAVE_ED25519_KEY_EXPORT) && \
  28511. defined(HAVE_ED25519_KEY_IMPORT)
  28512. static wc_test_ret_t ed25519ctx_test(void)
  28513. {
  28514. wc_test_ret_t ret;
  28515. byte out[ED25519_SIG_SIZE];
  28516. word32 outlen;
  28517. #ifdef HAVE_ED25519_VERIFY
  28518. int verify = 0;
  28519. #endif /* HAVE_ED25519_VERIFY */
  28520. ed25519_key key;
  28521. WOLFSSL_SMALL_STACK_STATIC const byte sKeyCtx[] = {
  28522. 0x03,0x05,0x33,0x4e,0x38,0x1a,0xf7,0x8f,
  28523. 0x14,0x1c,0xb6,0x66,0xf6,0x19,0x9f,0x57,
  28524. 0xbc,0x34,0x95,0x33,0x5a,0x25,0x6a,0x95,
  28525. 0xbd,0x2a,0x55,0xbf,0x54,0x66,0x63,0xf6
  28526. };
  28527. WOLFSSL_SMALL_STACK_STATIC const byte pKeyCtx[] = {
  28528. 0xdf,0xc9,0x42,0x5e,0x4f,0x96,0x8f,0x7f,
  28529. 0x0c,0x29,0xf0,0x25,0x9c,0xf5,0xf9,0xae,
  28530. 0xd6,0x85,0x1c,0x2b,0xb4,0xad,0x8b,0xfb,
  28531. 0x86,0x0c,0xfe,0xe0,0xab,0x24,0x82,0x92
  28532. };
  28533. WOLFSSL_SMALL_STACK_STATIC const byte sigCtx1[] = {
  28534. 0x55,0xa4,0xcc,0x2f,0x70,0xa5,0x4e,0x04,
  28535. 0x28,0x8c,0x5f,0x4c,0xd1,0xe4,0x5a,0x7b,
  28536. 0xb5,0x20,0xb3,0x62,0x92,0x91,0x18,0x76,
  28537. 0xca,0xda,0x73,0x23,0x19,0x8d,0xd8,0x7a,
  28538. 0x8b,0x36,0x95,0x0b,0x95,0x13,0x00,0x22,
  28539. 0x90,0x7a,0x7f,0xb7,0xc4,0xe9,0xb2,0xd5,
  28540. 0xf6,0xcc,0xa6,0x85,0xa5,0x87,0xb4,0xb2,
  28541. 0x1f,0x4b,0x88,0x8e,0x4e,0x7e,0xdb,0x0d
  28542. };
  28543. WOLFSSL_SMALL_STACK_STATIC const byte sigCtx2[] = {
  28544. 0xcc,0x5e,0x63,0xa2,0x7e,0x94,0xaf,0xd3,
  28545. 0x41,0x83,0x38,0xd2,0x48,0x6f,0xa9,0x2a,
  28546. 0xf9,0x91,0x7c,0x2d,0x98,0x9e,0x06,0xe5,
  28547. 0x02,0x77,0x72,0x1c,0x34,0x38,0x18,0xb4,
  28548. 0x21,0x96,0xbc,0x29,0x2e,0x68,0xf3,0x4d,
  28549. 0x85,0x9b,0xbe,0xad,0x17,0x9f,0x54,0x54,
  28550. 0x2d,0x4b,0x04,0xdc,0xfb,0xfa,0x4a,0x68,
  28551. 0x4e,0x39,0x50,0xfb,0x1c,0xcd,0x8d,0x0d
  28552. };
  28553. WOLFSSL_SMALL_STACK_STATIC const byte msgCtx[] = {
  28554. 0xf7,0x26,0x93,0x6d,0x19,0xc8,0x00,0x49,
  28555. 0x4e,0x3f,0xda,0xff,0x20,0xb2,0x76,0xa8
  28556. };
  28557. WOLFSSL_SMALL_STACK_STATIC const byte contextCtx[] = {
  28558. 0x66,0x6f,0x6f
  28559. };
  28560. outlen = sizeof(out);
  28561. XMEMSET(out, 0, sizeof(out));
  28562. ret = wc_ed25519_init_ex(&key, HEAP_HINT, devId);
  28563. if (ret != 0)
  28564. return 10800;
  28565. ret = wc_ed25519_import_private_key(sKeyCtx, ED25519_KEY_SIZE, pKeyCtx,
  28566. sizeof(pKeyCtx), &key);
  28567. if (ret == 0)
  28568. ret = wc_ed25519ctx_sign_msg(msgCtx, sizeof(msgCtx), out, &outlen, &key,
  28569. contextCtx, sizeof(contextCtx));
  28570. if (ret == 0 && XMEMCMP(out, sigCtx1, 64) != 0)
  28571. ret = WC_TEST_RET_ENC_NC;
  28572. #if defined(HAVE_ED25519_VERIFY)
  28573. /* test verify on good msg */
  28574. if (ret == 0)
  28575. ret = wc_ed25519ctx_verify_msg(out, outlen, msgCtx, sizeof(msgCtx),
  28576. &verify, &key, contextCtx, sizeof(contextCtx));
  28577. if (ret == 0 && verify != 1)
  28578. ret = WC_TEST_RET_ENC_NC;
  28579. #endif
  28580. if (ret == 0)
  28581. ret = wc_ed25519ctx_sign_msg(msgCtx, sizeof(msgCtx), out, &outlen, &key,
  28582. NULL, 0);
  28583. if (ret == 0 && XMEMCMP(out, sigCtx2, 64) != 0)
  28584. ret = WC_TEST_RET_ENC_NC;
  28585. #if defined(HAVE_ED25519_VERIFY)
  28586. /* test verify on good msg */
  28587. if (ret == 0)
  28588. ret = wc_ed25519ctx_verify_msg(out, outlen, msgCtx, sizeof(msgCtx),
  28589. &verify, &key, NULL, 0);
  28590. if (ret == 0 && verify != 1)
  28591. ret = WC_TEST_RET_ENC_NC;
  28592. #endif
  28593. wc_ed25519_free(&key);
  28594. return ret;
  28595. }
  28596. static wc_test_ret_t ed25519ph_test(void)
  28597. {
  28598. wc_test_ret_t ret = 0;
  28599. byte out[ED25519_SIG_SIZE];
  28600. word32 outlen;
  28601. #ifdef HAVE_ED25519_VERIFY
  28602. int verify = 0;
  28603. #endif /* HAVE_ED25519_VERIFY */
  28604. ed25519_key key;
  28605. WOLFSSL_SMALL_STACK_STATIC const byte sKeyPh[] = {
  28606. 0x83,0x3f,0xe6,0x24,0x09,0x23,0x7b,0x9d,
  28607. 0x62,0xec,0x77,0x58,0x75,0x20,0x91,0x1e,
  28608. 0x9a,0x75,0x9c,0xec,0x1d,0x19,0x75,0x5b,
  28609. 0x7d,0xa9,0x01,0xb9,0x6d,0xca,0x3d,0x42
  28610. };
  28611. WOLFSSL_SMALL_STACK_STATIC const byte pKeyPh[] = {
  28612. 0xec,0x17,0x2b,0x93,0xad,0x5e,0x56,0x3b,
  28613. 0xf4,0x93,0x2c,0x70,0xe1,0x24,0x50,0x34,
  28614. 0xc3,0x54,0x67,0xef,0x2e,0xfd,0x4d,0x64,
  28615. 0xeb,0xf8,0x19,0x68,0x34,0x67,0xe2,0xbf
  28616. };
  28617. WOLFSSL_SMALL_STACK_STATIC const byte sigPh1[] = {
  28618. 0x98,0xa7,0x02,0x22,0xf0,0xb8,0x12,0x1a,
  28619. 0xa9,0xd3,0x0f,0x81,0x3d,0x68,0x3f,0x80,
  28620. 0x9e,0x46,0x2b,0x46,0x9c,0x7f,0xf8,0x76,
  28621. 0x39,0x49,0x9b,0xb9,0x4e,0x6d,0xae,0x41,
  28622. 0x31,0xf8,0x50,0x42,0x46,0x3c,0x2a,0x35,
  28623. 0x5a,0x20,0x03,0xd0,0x62,0xad,0xf5,0xaa,
  28624. 0xa1,0x0b,0x8c,0x61,0xe6,0x36,0x06,0x2a,
  28625. 0xaa,0xd1,0x1c,0x2a,0x26,0x08,0x34,0x06
  28626. };
  28627. WOLFSSL_SMALL_STACK_STATIC const byte sigPh2[] = {
  28628. 0xe0,0x39,0x70,0x2b,0x4c,0x25,0x95,0xa6,
  28629. 0xa5,0x41,0xac,0x85,0x09,0x23,0x6e,0x29,
  28630. 0x90,0x47,0x47,0x95,0x33,0x0c,0x9b,0x34,
  28631. 0xa7,0x5f,0x58,0xa6,0x60,0x12,0x9e,0x08,
  28632. 0xfd,0x73,0x69,0x43,0xfb,0x19,0x43,0xa5,
  28633. 0x57,0x20,0xb9,0xe0,0x95,0x7b,0x1e,0xd6,
  28634. 0x73,0x48,0x16,0x61,0x9f,0x13,0x88,0xf4,
  28635. 0x3f,0x73,0xe6,0xe3,0xba,0xa8,0x1c,0x0e
  28636. };
  28637. WOLFSSL_SMALL_STACK_STATIC const byte msgPh[] = {
  28638. 0x61,0x62,0x63
  28639. };
  28640. /* SHA-512 hash of msgPh */
  28641. WOLFSSL_SMALL_STACK_STATIC const byte hashPh[] = {
  28642. 0xdd,0xaf,0x35,0xa1,0x93,0x61,0x7a,0xba,
  28643. 0xcc,0x41,0x73,0x49,0xae,0x20,0x41,0x31,
  28644. 0x12,0xe6,0xfa,0x4e,0x89,0xa9,0x7e,0xa2,
  28645. 0x0a,0x9e,0xee,0xe6,0x4b,0x55,0xd3,0x9a,
  28646. 0x21,0x92,0x99,0x2a,0x27,0x4f,0xc1,0xa8,
  28647. 0x36,0xba,0x3c,0x23,0xa3,0xfe,0xeb,0xbd,
  28648. 0x45,0x4d,0x44,0x23,0x64,0x3c,0xe8,0x0e,
  28649. 0x2a,0x9a,0xc9,0x4f,0xa5,0x4c,0xa4,0x9f
  28650. };
  28651. WOLFSSL_SMALL_STACK_STATIC const byte contextPh2[] = {
  28652. 0x66,0x6f,0x6f
  28653. };
  28654. outlen = sizeof(out);
  28655. XMEMSET(out, 0, sizeof(out));
  28656. ret = wc_ed25519_init_ex(&key, HEAP_HINT, devId);
  28657. if (ret != 0)
  28658. return WC_TEST_RET_ENC_EC(ret);
  28659. ret = wc_ed25519_import_private_key(sKeyPh, ED25519_KEY_SIZE, pKeyPh,
  28660. sizeof(pKeyPh), &key);
  28661. if (ret == 0)
  28662. ret = wc_ed25519ph_sign_msg(msgPh, sizeof(msgPh), out, &outlen, &key,
  28663. NULL, 0);
  28664. if (ret == 0 && XMEMCMP(out, sigPh1, 64) != 0)
  28665. ret = WC_TEST_RET_ENC_NC;
  28666. #if defined(HAVE_ED25519_VERIFY)
  28667. /* test verify on good msg */
  28668. if (ret == 0)
  28669. ret = wc_ed25519ph_verify_msg(out, outlen, msgPh, sizeof(msgPh),
  28670. &verify, &key, NULL, 0);
  28671. if (ret == 0 && verify != 1)
  28672. ret = WC_TEST_RET_ENC_NC;
  28673. #endif
  28674. if (ret == 0)
  28675. ret = wc_ed25519ph_sign_msg(msgPh, sizeof(msgPh), out, &outlen, &key,
  28676. contextPh2, sizeof(contextPh2));
  28677. if (ret == 0 && XMEMCMP(out, sigPh2, 64) != 0)
  28678. ret = WC_TEST_RET_ENC_NC;
  28679. #if defined(HAVE_ED25519_VERIFY)
  28680. /* test verify on good msg */
  28681. if (ret == 0)
  28682. ret = wc_ed25519ph_verify_msg(out, outlen, msgPh, sizeof(msgPh), &verify,
  28683. &key, contextPh2, sizeof(contextPh2));
  28684. if (ret == 0 && verify != 1)
  28685. ret = WC_TEST_RET_ENC_NC;
  28686. #endif
  28687. if (ret == 0)
  28688. ret = wc_ed25519ph_sign_hash(hashPh, sizeof(hashPh), out, &outlen, &key,
  28689. NULL, 0);
  28690. if (ret == 0 && XMEMCMP(out, sigPh1, 64) != 0)
  28691. ret = WC_TEST_RET_ENC_NC;
  28692. #if defined(HAVE_ED25519_VERIFY)
  28693. if (ret == 0)
  28694. ret = wc_ed25519ph_verify_hash(out, outlen, hashPh, sizeof(hashPh),
  28695. &verify, &key, NULL, 0);
  28696. if (ret == 0 && verify != 1)
  28697. ret = WC_TEST_RET_ENC_NC;
  28698. #endif
  28699. if (ret == 0)
  28700. ret = wc_ed25519ph_sign_hash(hashPh, sizeof(hashPh), out, &outlen, &key,
  28701. contextPh2, sizeof(contextPh2));
  28702. if (ret == 0 && XMEMCMP(out, sigPh2, 64) != 0)
  28703. ret = WC_TEST_RET_ENC_NC;
  28704. #if defined(HAVE_ED25519_VERIFY)
  28705. if (ret == 0)
  28706. ret = wc_ed25519ph_verify_hash(out, outlen, hashPh, sizeof(hashPh), &verify,
  28707. &key, contextPh2, sizeof(contextPh2));
  28708. if (ret == 0 && verify != 1)
  28709. ret = WC_TEST_RET_ENC_NC;
  28710. #endif
  28711. wc_ed25519_free(&key);
  28712. return ret;
  28713. }
  28714. #endif /* HAVE_ED25519_SIGN && HAVE_ED25519_KEY_EXPORT && HAVE_ED25519_KEY_IMPORT */
  28715. WOLFSSL_TEST_SUBROUTINE wc_test_ret_t ed25519_test(void)
  28716. {
  28717. wc_test_ret_t ret;
  28718. WC_RNG rng;
  28719. #if defined(HAVE_ED25519_SIGN) && defined(HAVE_ED25519_KEY_EXPORT) &&\
  28720. defined(HAVE_ED25519_KEY_IMPORT)
  28721. byte out[ED25519_SIG_SIZE];
  28722. byte exportPKey[ED25519_KEY_SIZE];
  28723. byte exportSKey[ED25519_KEY_SIZE];
  28724. word32 exportPSz;
  28725. word32 exportSSz;
  28726. int i;
  28727. word32 outlen;
  28728. #ifdef HAVE_ED25519_VERIFY
  28729. #ifdef WOLFSSL_ED25519_STREAMING_VERIFY
  28730. int j;
  28731. #endif
  28732. int verify;
  28733. #endif /* HAVE_ED25519_VERIFY */
  28734. #endif /* HAVE_ED25519_SIGN && HAVE_ED25519_KEY_EXPORT && HAVE_ED25519_KEY_IMPORT */
  28735. word32 keySz, sigSz;
  28736. ed25519_key key;
  28737. ed25519_key key2;
  28738. #if defined(HAVE_ED25519_SIGN) && defined(HAVE_ED25519_KEY_EXPORT) && \
  28739. defined(HAVE_ED25519_KEY_IMPORT)
  28740. /* test vectors from
  28741. https://tools.ietf.org/html/draft-josefsson-eddsa-ed25519-02
  28742. */
  28743. WOLFSSL_SMALL_STACK_STATIC const byte sKey1[] = {
  28744. 0x9d,0x61,0xb1,0x9d,0xef,0xfd,0x5a,0x60,
  28745. 0xba,0x84,0x4a,0xf4,0x92,0xec,0x2c,0xc4,
  28746. 0x44,0x49,0xc5,0x69,0x7b,0x32,0x69,0x19,
  28747. 0x70,0x3b,0xac,0x03,0x1c,0xae,0x7f,0x60
  28748. };
  28749. WOLFSSL_SMALL_STACK_STATIC const byte sKey2[] = {
  28750. 0x4c,0xcd,0x08,0x9b,0x28,0xff,0x96,0xda,
  28751. 0x9d,0xb6,0xc3,0x46,0xec,0x11,0x4e,0x0f,
  28752. 0x5b,0x8a,0x31,0x9f,0x35,0xab,0xa6,0x24,
  28753. 0xda,0x8c,0xf6,0xed,0x4f,0xb8,0xa6,0xfb
  28754. };
  28755. WOLFSSL_SMALL_STACK_STATIC const byte sKey3[] = {
  28756. 0xc5,0xaa,0x8d,0xf4,0x3f,0x9f,0x83,0x7b,
  28757. 0xed,0xb7,0x44,0x2f,0x31,0xdc,0xb7,0xb1,
  28758. 0x66,0xd3,0x85,0x35,0x07,0x6f,0x09,0x4b,
  28759. 0x85,0xce,0x3a,0x2e,0x0b,0x44,0x58,0xf7
  28760. };
  28761. /* uncompressed test */
  28762. WOLFSSL_SMALL_STACK_STATIC const byte sKey4[] = {
  28763. 0x9d,0x61,0xb1,0x9d,0xef,0xfd,0x5a,0x60,
  28764. 0xba,0x84,0x4a,0xf4,0x92,0xec,0x2c,0xc4,
  28765. 0x44,0x49,0xc5,0x69,0x7b,0x32,0x69,0x19,
  28766. 0x70,0x3b,0xac,0x03,0x1c,0xae,0x7f,0x60
  28767. };
  28768. /* compressed prefix test */
  28769. WOLFSSL_SMALL_STACK_STATIC const byte sKey5[] = {
  28770. 0x9d,0x61,0xb1,0x9d,0xef,0xfd,0x5a,0x60,
  28771. 0xba,0x84,0x4a,0xf4,0x92,0xec,0x2c,0xc4,
  28772. 0x44,0x49,0xc5,0x69,0x7b,0x32,0x69,0x19,
  28773. 0x70,0x3b,0xac,0x03,0x1c,0xae,0x7f,0x60
  28774. };
  28775. WOLFSSL_SMALL_STACK_STATIC const byte sKey6[] = {
  28776. 0xf5,0xe5,0x76,0x7c,0xf1,0x53,0x31,0x95,
  28777. 0x17,0x63,0x0f,0x22,0x68,0x76,0xb8,0x6c,
  28778. 0x81,0x60,0xcc,0x58,0x3b,0xc0,0x13,0x74,
  28779. 0x4c,0x6b,0xf2,0x55,0xf5,0xcc,0x0e,0xe5
  28780. };
  28781. WOLFSSL_SMALL_STACK_STATIC const byte* sKeys[] = {sKey1, sKey2, sKey3, sKey4, sKey5, sKey6};
  28782. WOLFSSL_SMALL_STACK_STATIC const byte pKey1[] = {
  28783. 0xd7,0x5a,0x98,0x01,0x82,0xb1,0x0a,0xb7,
  28784. 0xd5,0x4b,0xfe,0xd3,0xc9,0x64,0x07,0x3a,
  28785. 0x0e,0xe1,0x72,0xf3,0xda,0xa6,0x23,0x25,
  28786. 0xaf,0x02,0x1a,0x68,0xf7,0x07,0x51,0x1a
  28787. };
  28788. WOLFSSL_SMALL_STACK_STATIC const byte pKey2[] = {
  28789. 0x3d,0x40,0x17,0xc3,0xe8,0x43,0x89,0x5a,
  28790. 0x92,0xb7,0x0a,0xa7,0x4d,0x1b,0x7e,0xbc,
  28791. 0x9c,0x98,0x2c,0xcf,0x2e,0xc4,0x96,0x8c,
  28792. 0xc0,0xcd,0x55,0xf1,0x2a,0xf4,0x66,0x0c
  28793. };
  28794. WOLFSSL_SMALL_STACK_STATIC const byte pKey3[] = {
  28795. 0xfc,0x51,0xcd,0x8e,0x62,0x18,0xa1,0xa3,
  28796. 0x8d,0xa4,0x7e,0xd0,0x02,0x30,0xf0,0x58,
  28797. 0x08,0x16,0xed,0x13,0xba,0x33,0x03,0xac,
  28798. 0x5d,0xeb,0x91,0x15,0x48,0x90,0x80,0x25
  28799. };
  28800. /* uncompressed test */
  28801. WOLFSSL_SMALL_STACK_STATIC const byte pKey4[] = {
  28802. 0x04,0x55,0xd0,0xe0,0x9a,0x2b,0x9d,0x34,
  28803. 0x29,0x22,0x97,0xe0,0x8d,0x60,0xd0,0xf6,
  28804. 0x20,0xc5,0x13,0xd4,0x72,0x53,0x18,0x7c,
  28805. 0x24,0xb1,0x27,0x86,0xbd,0x77,0x76,0x45,
  28806. 0xce,0x1a,0x51,0x07,0xf7,0x68,0x1a,0x02,
  28807. 0xaf,0x25,0x23,0xa6,0xda,0xf3,0x72,0xe1,
  28808. 0x0e,0x3a,0x07,0x64,0xc9,0xd3,0xfe,0x4b,
  28809. 0xd5,0xb7,0x0a,0xb1,0x82,0x01,0x98,0x5a,
  28810. 0xd7
  28811. };
  28812. /* compressed prefix */
  28813. WOLFSSL_SMALL_STACK_STATIC const byte pKey5[] = {
  28814. 0x40,0xd7,0x5a,0x98,0x01,0x82,0xb1,0x0a,0xb7,
  28815. 0xd5,0x4b,0xfe,0xd3,0xc9,0x64,0x07,0x3a,
  28816. 0x0e,0xe1,0x72,0xf3,0xda,0xa6,0x23,0x25,
  28817. 0xaf,0x02,0x1a,0x68,0xf7,0x07,0x51,0x1a
  28818. };
  28819. WOLFSSL_SMALL_STACK_STATIC const byte pKey6[] = {
  28820. 0x27,0x81,0x17,0xfc,0x14,0x4c,0x72,0x34,
  28821. 0x0f,0x67,0xd0,0xf2,0x31,0x6e,0x83,0x86,
  28822. 0xce,0xff,0xbf,0x2b,0x24,0x28,0xc9,0xc5,
  28823. 0x1f,0xef,0x7c,0x59,0x7f,0x1d,0x42,0x6e
  28824. };
  28825. WOLFSSL_SMALL_STACK_STATIC const byte* pKeys[] = {pKey1, pKey2, pKey3, pKey4, pKey5, pKey6};
  28826. WOLFSSL_SMALL_STACK_STATIC const byte pKeySz[] = {sizeof(pKey1), sizeof(pKey2), sizeof(pKey3),
  28827. sizeof(pKey4), sizeof(pKey5), sizeof(pKey6)};
  28828. WOLFSSL_SMALL_STACK_STATIC const byte sig1[] = {
  28829. 0xe5,0x56,0x43,0x00,0xc3,0x60,0xac,0x72,
  28830. 0x90,0x86,0xe2,0xcc,0x80,0x6e,0x82,0x8a,
  28831. 0x84,0x87,0x7f,0x1e,0xb8,0xe5,0xd9,0x74,
  28832. 0xd8,0x73,0xe0,0x65,0x22,0x49,0x01,0x55,
  28833. 0x5f,0xb8,0x82,0x15,0x90,0xa3,0x3b,0xac,
  28834. 0xc6,0x1e,0x39,0x70,0x1c,0xf9,0xb4,0x6b,
  28835. 0xd2,0x5b,0xf5,0xf0,0x59,0x5b,0xbe,0x24,
  28836. 0x65,0x51,0x41,0x43,0x8e,0x7a,0x10,0x0b
  28837. };
  28838. WOLFSSL_SMALL_STACK_STATIC const byte sig2[] = {
  28839. 0x92,0xa0,0x09,0xa9,0xf0,0xd4,0xca,0xb8,
  28840. 0x72,0x0e,0x82,0x0b,0x5f,0x64,0x25,0x40,
  28841. 0xa2,0xb2,0x7b,0x54,0x16,0x50,0x3f,0x8f,
  28842. 0xb3,0x76,0x22,0x23,0xeb,0xdb,0x69,0xda,
  28843. 0x08,0x5a,0xc1,0xe4,0x3e,0x15,0x99,0x6e,
  28844. 0x45,0x8f,0x36,0x13,0xd0,0xf1,0x1d,0x8c,
  28845. 0x38,0x7b,0x2e,0xae,0xb4,0x30,0x2a,0xee,
  28846. 0xb0,0x0d,0x29,0x16,0x12,0xbb,0x0c,0x00
  28847. };
  28848. WOLFSSL_SMALL_STACK_STATIC const byte sig3[] = {
  28849. 0x62,0x91,0xd6,0x57,0xde,0xec,0x24,0x02,
  28850. 0x48,0x27,0xe6,0x9c,0x3a,0xbe,0x01,0xa3,
  28851. 0x0c,0xe5,0x48,0xa2,0x84,0x74,0x3a,0x44,
  28852. 0x5e,0x36,0x80,0xd7,0xdb,0x5a,0xc3,0xac,
  28853. 0x18,0xff,0x9b,0x53,0x8d,0x16,0xf2,0x90,
  28854. 0xae,0x67,0xf7,0x60,0x98,0x4d,0xc6,0x59,
  28855. 0x4a,0x7c,0x15,0xe9,0x71,0x6e,0xd2,0x8d,
  28856. 0xc0,0x27,0xbe,0xce,0xea,0x1e,0xc4,0x0a
  28857. };
  28858. /* uncompressed test */
  28859. WOLFSSL_SMALL_STACK_STATIC const byte sig4[] = {
  28860. 0xe5,0x56,0x43,0x00,0xc3,0x60,0xac,0x72,
  28861. 0x90,0x86,0xe2,0xcc,0x80,0x6e,0x82,0x8a,
  28862. 0x84,0x87,0x7f,0x1e,0xb8,0xe5,0xd9,0x74,
  28863. 0xd8,0x73,0xe0,0x65,0x22,0x49,0x01,0x55,
  28864. 0x5f,0xb8,0x82,0x15,0x90,0xa3,0x3b,0xac,
  28865. 0xc6,0x1e,0x39,0x70,0x1c,0xf9,0xb4,0x6b,
  28866. 0xd2,0x5b,0xf5,0xf0,0x59,0x5b,0xbe,0x24,
  28867. 0x65,0x51,0x41,0x43,0x8e,0x7a,0x10,0x0b
  28868. };
  28869. /* compressed prefix */
  28870. WOLFSSL_SMALL_STACK_STATIC const byte sig5[] = {
  28871. 0xe5,0x56,0x43,0x00,0xc3,0x60,0xac,0x72,
  28872. 0x90,0x86,0xe2,0xcc,0x80,0x6e,0x82,0x8a,
  28873. 0x84,0x87,0x7f,0x1e,0xb8,0xe5,0xd9,0x74,
  28874. 0xd8,0x73,0xe0,0x65,0x22,0x49,0x01,0x55,
  28875. 0x5f,0xb8,0x82,0x15,0x90,0xa3,0x3b,0xac,
  28876. 0xc6,0x1e,0x39,0x70,0x1c,0xf9,0xb4,0x6b,
  28877. 0xd2,0x5b,0xf5,0xf0,0x59,0x5b,0xbe,0x24,
  28878. 0x65,0x51,0x41,0x43,0x8e,0x7a,0x10,0x0b
  28879. };
  28880. WOLFSSL_SMALL_STACK_STATIC const byte sig6[] = {
  28881. 0x0a,0xab,0x4c,0x90,0x05,0x01,0xb3,0xe2,
  28882. 0x4d,0x7c,0xdf,0x46,0x63,0x32,0x6a,0x3a,
  28883. 0x87,0xdf,0x5e,0x48,0x43,0xb2,0xcb,0xdb,
  28884. 0x67,0xcb,0xf6,0xe4,0x60,0xfe,0xc3,0x50,
  28885. 0xaa,0x53,0x71,0xb1,0x50,0x8f,0x9f,0x45,
  28886. 0x28,0xec,0xea,0x23,0xc4,0x36,0xd9,0x4b,
  28887. 0x5e,0x8f,0xcd,0x4f,0x68,0x1e,0x30,0xa6,
  28888. 0xac,0x00,0xa9,0x70,0x4a,0x18,0x8a,0x03
  28889. };
  28890. WOLFSSL_SMALL_STACK_STATIC const byte* sigs[] = {sig1, sig2, sig3, sig4, sig5, sig6};
  28891. WOLFSSL_SMALL_STACK_STATIC const byte msg1[] = {0x0 };
  28892. WOLFSSL_SMALL_STACK_STATIC const byte msg2[] = {0x72};
  28893. WOLFSSL_SMALL_STACK_STATIC const byte msg3[] = {0xAF,0x82};
  28894. /* test of a 1024 byte long message */
  28895. WOLFSSL_SMALL_STACK_STATIC const byte msg4[] = {
  28896. 0x08,0xb8,0xb2,0xb7,0x33,0x42,0x42,0x43,
  28897. 0x76,0x0f,0xe4,0x26,0xa4,0xb5,0x49,0x08,
  28898. 0x63,0x21,0x10,0xa6,0x6c,0x2f,0x65,0x91,
  28899. 0xea,0xbd,0x33,0x45,0xe3,0xe4,0xeb,0x98,
  28900. 0xfa,0x6e,0x26,0x4b,0xf0,0x9e,0xfe,0x12,
  28901. 0xee,0x50,0xf8,0xf5,0x4e,0x9f,0x77,0xb1,
  28902. 0xe3,0x55,0xf6,0xc5,0x05,0x44,0xe2,0x3f,
  28903. 0xb1,0x43,0x3d,0xdf,0x73,0xbe,0x84,0xd8,
  28904. 0x79,0xde,0x7c,0x00,0x46,0xdc,0x49,0x96,
  28905. 0xd9,0xe7,0x73,0xf4,0xbc,0x9e,0xfe,0x57,
  28906. 0x38,0x82,0x9a,0xdb,0x26,0xc8,0x1b,0x37,
  28907. 0xc9,0x3a,0x1b,0x27,0x0b,0x20,0x32,0x9d,
  28908. 0x65,0x86,0x75,0xfc,0x6e,0xa5,0x34,0xe0,
  28909. 0x81,0x0a,0x44,0x32,0x82,0x6b,0xf5,0x8c,
  28910. 0x94,0x1e,0xfb,0x65,0xd5,0x7a,0x33,0x8b,
  28911. 0xbd,0x2e,0x26,0x64,0x0f,0x89,0xff,0xbc,
  28912. 0x1a,0x85,0x8e,0xfc,0xb8,0x55,0x0e,0xe3,
  28913. 0xa5,0xe1,0x99,0x8b,0xd1,0x77,0xe9,0x3a,
  28914. 0x73,0x63,0xc3,0x44,0xfe,0x6b,0x19,0x9e,
  28915. 0xe5,0xd0,0x2e,0x82,0xd5,0x22,0xc4,0xfe,
  28916. 0xba,0x15,0x45,0x2f,0x80,0x28,0x8a,0x82,
  28917. 0x1a,0x57,0x91,0x16,0xec,0x6d,0xad,0x2b,
  28918. 0x3b,0x31,0x0d,0xa9,0x03,0x40,0x1a,0xa6,
  28919. 0x21,0x00,0xab,0x5d,0x1a,0x36,0x55,0x3e,
  28920. 0x06,0x20,0x3b,0x33,0x89,0x0c,0xc9,0xb8,
  28921. 0x32,0xf7,0x9e,0xf8,0x05,0x60,0xcc,0xb9,
  28922. 0xa3,0x9c,0xe7,0x67,0x96,0x7e,0xd6,0x28,
  28923. 0xc6,0xad,0x57,0x3c,0xb1,0x16,0xdb,0xef,
  28924. 0xef,0xd7,0x54,0x99,0xda,0x96,0xbd,0x68,
  28925. 0xa8,0xa9,0x7b,0x92,0x8a,0x8b,0xbc,0x10,
  28926. 0x3b,0x66,0x21,0xfc,0xde,0x2b,0xec,0xa1,
  28927. 0x23,0x1d,0x20,0x6b,0xe6,0xcd,0x9e,0xc7,
  28928. 0xaf,0xf6,0xf6,0xc9,0x4f,0xcd,0x72,0x04,
  28929. 0xed,0x34,0x55,0xc6,0x8c,0x83,0xf4,0xa4,
  28930. 0x1d,0xa4,0xaf,0x2b,0x74,0xef,0x5c,0x53,
  28931. 0xf1,0xd8,0xac,0x70,0xbd,0xcb,0x7e,0xd1,
  28932. 0x85,0xce,0x81,0xbd,0x84,0x35,0x9d,0x44,
  28933. 0x25,0x4d,0x95,0x62,0x9e,0x98,0x55,0xa9,
  28934. 0x4a,0x7c,0x19,0x58,0xd1,0xf8,0xad,0xa5,
  28935. 0xd0,0x53,0x2e,0xd8,0xa5,0xaa,0x3f,0xb2,
  28936. 0xd1,0x7b,0xa7,0x0e,0xb6,0x24,0x8e,0x59,
  28937. 0x4e,0x1a,0x22,0x97,0xac,0xbb,0xb3,0x9d,
  28938. 0x50,0x2f,0x1a,0x8c,0x6e,0xb6,0xf1,0xce,
  28939. 0x22,0xb3,0xde,0x1a,0x1f,0x40,0xcc,0x24,
  28940. 0x55,0x41,0x19,0xa8,0x31,0xa9,0xaa,0xd6,
  28941. 0x07,0x9c,0xad,0x88,0x42,0x5d,0xe6,0xbd,
  28942. 0xe1,0xa9,0x18,0x7e,0xbb,0x60,0x92,0xcf,
  28943. 0x67,0xbf,0x2b,0x13,0xfd,0x65,0xf2,0x70,
  28944. 0x88,0xd7,0x8b,0x7e,0x88,0x3c,0x87,0x59,
  28945. 0xd2,0xc4,0xf5,0xc6,0x5a,0xdb,0x75,0x53,
  28946. 0x87,0x8a,0xd5,0x75,0xf9,0xfa,0xd8,0x78,
  28947. 0xe8,0x0a,0x0c,0x9b,0xa6,0x3b,0xcb,0xcc,
  28948. 0x27,0x32,0xe6,0x94,0x85,0xbb,0xc9,0xc9,
  28949. 0x0b,0xfb,0xd6,0x24,0x81,0xd9,0x08,0x9b,
  28950. 0xec,0xcf,0x80,0xcf,0xe2,0xdf,0x16,0xa2,
  28951. 0xcf,0x65,0xbd,0x92,0xdd,0x59,0x7b,0x07,
  28952. 0x07,0xe0,0x91,0x7a,0xf4,0x8b,0xbb,0x75,
  28953. 0xfe,0xd4,0x13,0xd2,0x38,0xf5,0x55,0x5a,
  28954. 0x7a,0x56,0x9d,0x80,0xc3,0x41,0x4a,0x8d,
  28955. 0x08,0x59,0xdc,0x65,0xa4,0x61,0x28,0xba,
  28956. 0xb2,0x7a,0xf8,0x7a,0x71,0x31,0x4f,0x31,
  28957. 0x8c,0x78,0x2b,0x23,0xeb,0xfe,0x80,0x8b,
  28958. 0x82,0xb0,0xce,0x26,0x40,0x1d,0x2e,0x22,
  28959. 0xf0,0x4d,0x83,0xd1,0x25,0x5d,0xc5,0x1a,
  28960. 0xdd,0xd3,0xb7,0x5a,0x2b,0x1a,0xe0,0x78,
  28961. 0x45,0x04,0xdf,0x54,0x3a,0xf8,0x96,0x9b,
  28962. 0xe3,0xea,0x70,0x82,0xff,0x7f,0xc9,0x88,
  28963. 0x8c,0x14,0x4d,0xa2,0xaf,0x58,0x42,0x9e,
  28964. 0xc9,0x60,0x31,0xdb,0xca,0xd3,0xda,0xd9,
  28965. 0xaf,0x0d,0xcb,0xaa,0xaf,0x26,0x8c,0xb8,
  28966. 0xfc,0xff,0xea,0xd9,0x4f,0x3c,0x7c,0xa4,
  28967. 0x95,0xe0,0x56,0xa9,0xb4,0x7a,0xcd,0xb7,
  28968. 0x51,0xfb,0x73,0xe6,0x66,0xc6,0xc6,0x55,
  28969. 0xad,0xe8,0x29,0x72,0x97,0xd0,0x7a,0xd1,
  28970. 0xba,0x5e,0x43,0xf1,0xbc,0xa3,0x23,0x01,
  28971. 0x65,0x13,0x39,0xe2,0x29,0x04,0xcc,0x8c,
  28972. 0x42,0xf5,0x8c,0x30,0xc0,0x4a,0xaf,0xdb,
  28973. 0x03,0x8d,0xda,0x08,0x47,0xdd,0x98,0x8d,
  28974. 0xcd,0xa6,0xf3,0xbf,0xd1,0x5c,0x4b,0x4c,
  28975. 0x45,0x25,0x00,0x4a,0xa0,0x6e,0xef,0xf8,
  28976. 0xca,0x61,0x78,0x3a,0xac,0xec,0x57,0xfb,
  28977. 0x3d,0x1f,0x92,0xb0,0xfe,0x2f,0xd1,0xa8,
  28978. 0x5f,0x67,0x24,0x51,0x7b,0x65,0xe6,0x14,
  28979. 0xad,0x68,0x08,0xd6,0xf6,0xee,0x34,0xdf,
  28980. 0xf7,0x31,0x0f,0xdc,0x82,0xae,0xbf,0xd9,
  28981. 0x04,0xb0,0x1e,0x1d,0xc5,0x4b,0x29,0x27,
  28982. 0x09,0x4b,0x2d,0xb6,0x8d,0x6f,0x90,0x3b,
  28983. 0x68,0x40,0x1a,0xde,0xbf,0x5a,0x7e,0x08,
  28984. 0xd7,0x8f,0xf4,0xef,0x5d,0x63,0x65,0x3a,
  28985. 0x65,0x04,0x0c,0xf9,0xbf,0xd4,0xac,0xa7,
  28986. 0x98,0x4a,0x74,0xd3,0x71,0x45,0x98,0x67,
  28987. 0x80,0xfc,0x0b,0x16,0xac,0x45,0x16,0x49,
  28988. 0xde,0x61,0x88,0xa7,0xdb,0xdf,0x19,0x1f,
  28989. 0x64,0xb5,0xfc,0x5e,0x2a,0xb4,0x7b,0x57,
  28990. 0xf7,0xf7,0x27,0x6c,0xd4,0x19,0xc1,0x7a,
  28991. 0x3c,0xa8,0xe1,0xb9,0x39,0xae,0x49,0xe4,
  28992. 0x88,0xac,0xba,0x6b,0x96,0x56,0x10,0xb5,
  28993. 0x48,0x01,0x09,0xc8,0xb1,0x7b,0x80,0xe1,
  28994. 0xb7,0xb7,0x50,0xdf,0xc7,0x59,0x8d,0x5d,
  28995. 0x50,0x11,0xfd,0x2d,0xcc,0x56,0x00,0xa3,
  28996. 0x2e,0xf5,0xb5,0x2a,0x1e,0xcc,0x82,0x0e,
  28997. 0x30,0x8a,0xa3,0x42,0x72,0x1a,0xac,0x09,
  28998. 0x43,0xbf,0x66,0x86,0xb6,0x4b,0x25,0x79,
  28999. 0x37,0x65,0x04,0xcc,0xc4,0x93,0xd9,0x7e,
  29000. 0x6a,0xed,0x3f,0xb0,0xf9,0xcd,0x71,0xa4,
  29001. 0x3d,0xd4,0x97,0xf0,0x1f,0x17,0xc0,0xe2,
  29002. 0xcb,0x37,0x97,0xaa,0x2a,0x2f,0x25,0x66,
  29003. 0x56,0x16,0x8e,0x6c,0x49,0x6a,0xfc,0x5f,
  29004. 0xb9,0x32,0x46,0xf6,0xb1,0x11,0x63,0x98,
  29005. 0xa3,0x46,0xf1,0xa6,0x41,0xf3,0xb0,0x41,
  29006. 0xe9,0x89,0xf7,0x91,0x4f,0x90,0xcc,0x2c,
  29007. 0x7f,0xff,0x35,0x78,0x76,0xe5,0x06,0xb5,
  29008. 0x0d,0x33,0x4b,0xa7,0x7c,0x22,0x5b,0xc3,
  29009. 0x07,0xba,0x53,0x71,0x52,0xf3,0xf1,0x61,
  29010. 0x0e,0x4e,0xaf,0xe5,0x95,0xf6,0xd9,0xd9,
  29011. 0x0d,0x11,0xfa,0xa9,0x33,0xa1,0x5e,0xf1,
  29012. 0x36,0x95,0x46,0x86,0x8a,0x7f,0x3a,0x45,
  29013. 0xa9,0x67,0x68,0xd4,0x0f,0xd9,0xd0,0x34,
  29014. 0x12,0xc0,0x91,0xc6,0x31,0x5c,0xf4,0xfd,
  29015. 0xe7,0xcb,0x68,0x60,0x69,0x37,0x38,0x0d,
  29016. 0xb2,0xea,0xaa,0x70,0x7b,0x4c,0x41,0x85,
  29017. 0xc3,0x2e,0xdd,0xcd,0xd3,0x06,0x70,0x5e,
  29018. 0x4d,0xc1,0xff,0xc8,0x72,0xee,0xee,0x47,
  29019. 0x5a,0x64,0xdf,0xac,0x86,0xab,0xa4,0x1c,
  29020. 0x06,0x18,0x98,0x3f,0x87,0x41,0xc5,0xef,
  29021. 0x68,0xd3,0xa1,0x01,0xe8,0xa3,0xb8,0xca,
  29022. 0xc6,0x0c,0x90,0x5c,0x15,0xfc,0x91,0x08,
  29023. 0x40,0xb9,0x4c,0x00,0xa0,0xb9,0xd0
  29024. };
  29025. WOLFSSL_SMALL_STACK_STATIC const byte* msgs[] = {msg1, msg2, msg3, msg1, msg1, msg4};
  29026. WOLFSSL_SMALL_STACK_STATIC const word16 msgSz[] = {0 /*sizeof(msg1)*/,
  29027. sizeof(msg2),
  29028. sizeof(msg3),
  29029. 0 /*sizeof(msg1)*/,
  29030. 0 /*sizeof(msg1)*/,
  29031. sizeof(msg4)
  29032. };
  29033. #ifndef NO_ASN
  29034. static const byte privateEd25519[] = {
  29035. 0x30,0x2e,0x02,0x01,0x00,0x30,0x05,0x06,
  29036. 0x03,0x2b,0x65,0x70,0x04,0x22,0x04,0x20,
  29037. 0x9d,0x61,0xb1,0x9d,0xef,0xfd,0x5a,0x60,
  29038. 0xba,0x84,0x4a,0xf4,0x92,0xec,0x2c,0xc4,
  29039. 0x44,0x49,0xc5,0x69,0x7b,0x32,0x69,0x19,
  29040. 0x70,0x3b,0xac,0x03,0x1c,0xae,0x7f,0x60
  29041. };
  29042. static const byte badPrivateEd25519[] = {
  29043. 0x30,0x52,0x02,0x01,0x00,0x30,0x05,0x06,
  29044. 0x03,0x2b,0x65,0x70,0x04,0x22,0x04,0x20,
  29045. 0x9d,0x61,0xb1,0x9d,0xef,0xfd,0x5a,0x60,
  29046. 0xba,0x84,0x4a,0xf4,0x92,0xec,0x2c,0xc4,
  29047. 0x44,0x49,0xc5,0x69,0x7b,0x32,0x69,0x19,
  29048. 0x70,0x3b,0xac,0x03,0x1c,0xae,0x7f,0x60,
  29049. 0xa1,0x22,0x04,0x21,0xd7,0x5a,0x98,0x01, /* octet len 0x20 -> 0x21 */
  29050. 0x82,0xb1,0x0a,0xb7,0xd5,0x4b,0xfe,0xd3,
  29051. 0xc9,0x64,0x07,0x3a,0x0e,0xe1,0x72,0xf3,
  29052. 0xda,0xa6,0x23,0x25,0xaf,0x02,0x1a,0x68,
  29053. 0xf7,0x07,0x51,0x1a,
  29054. 0x00 /* add additional bytes to make the pubkey bigger */
  29055. };
  29056. static const byte publicEd25519[] = {
  29057. 0x30,0x2a,0x30,0x05,0x06,0x03,0x2b,0x65,
  29058. 0x70,0x03,0x21,0x00,0xd7,0x5a,0x98,0x01,
  29059. 0x82,0xb1,0x0a,0xb7,0xd5,0x4b,0xfe,0xd3,
  29060. 0xc9,0x64,0x07,0x3a,0x0e,0xe1,0x72,0xf3,
  29061. 0xda,0xa6,0x23,0x25,0xaf,0x02,0x1a,0x68,
  29062. 0xf7,0x07,0x51,0x1a
  29063. };
  29064. /* size has been altered to catch if sanity check is done */
  29065. static const byte badPublicEd25519[] = {
  29066. 0x30,0x2a,0x30,0x05,0x06,0x03,0x2b,0x65,
  29067. 0x70,0x03,0x21,0x00,0xd7,0x5a,0x98,0x01,
  29068. 0x82,0xb1,0x0a,0xb7,0xd5,0x4b,0xfe,0xd3,
  29069. 0xc9,0x64,0x07,0x3a,0x0e,0xe1,0x72,0xf3,
  29070. 0xda,0xa6,0x23,0x25,0xaf,0x02,0x1a,0x68,
  29071. 0xf7,0x07,0x51,0x1a,
  29072. 0x00 /* add an additional byte to make the pubkey appear bigger */
  29073. };
  29074. static const byte privPubEd25519[] = {
  29075. 0x30,0x50,0x02,0x01,0x00,0x30,0x05,0x06,
  29076. 0x03,0x2b,0x65,0x70,0x04,0x22,0x04,0x20,
  29077. 0x9d,0x61,0xb1,0x9d,0xef,0xfd,0x5a,0x60,
  29078. 0xba,0x84,0x4a,0xf4,0x92,0xec,0x2c,0xc4,
  29079. 0x44,0x49,0xc5,0x69,0x7b,0x32,0x69,0x19,
  29080. 0x70,0x3b,0xac,0x03,0x1c,0xae,0x7f,0x60,
  29081. 0x81,0x20,0xd7,0x5a,0x98,0x01,0x82,0xb1,
  29082. 0x0a,0xb7,0xd5,0x4b,0xfe,0xd3,0xc9,0x64,
  29083. 0x07,0x3a,0x0e,0xe1,0x72,0xf3,0xda,0xa6,
  29084. 0x23,0x25,0xaf,0x02,0x1a,0x68,0xf7,0x07,
  29085. 0x51,0x1a
  29086. };
  29087. word32 idx;
  29088. #endif /* NO_ASN */
  29089. #endif /* HAVE_ED25519_SIGN && HAVE_ED25519_KEY_EXPORT && HAVE_ED25519_KEY_IMPORT */
  29090. #if !defined(NO_ASN) && defined(HAVE_ED25519_SIGN)
  29091. ed25519_key key3;
  29092. #endif
  29093. /* create ed25519 keys */
  29094. #ifndef HAVE_FIPS
  29095. ret = wc_InitRng_ex(&rng, HEAP_HINT, devId);
  29096. #else
  29097. ret = wc_InitRng(&rng);
  29098. #endif
  29099. if (ret != 0)
  29100. return WC_TEST_RET_ENC_EC(ret);
  29101. wc_ed25519_init_ex(&key, HEAP_HINT, devId);
  29102. wc_ed25519_init_ex(&key2, HEAP_HINT, devId);
  29103. #if !defined(NO_ASN) && defined(HAVE_ED25519_SIGN)
  29104. wc_ed25519_init_ex(&key3, HEAP_HINT, devId);
  29105. #endif
  29106. #ifdef HAVE_ED25519_MAKE_KEY
  29107. wc_ed25519_make_key(&rng, ED25519_KEY_SIZE, &key);
  29108. wc_ed25519_make_key(&rng, ED25519_KEY_SIZE, &key2);
  29109. #endif
  29110. /* helper functions for signature and key size */
  29111. keySz = wc_ed25519_size(&key);
  29112. sigSz = wc_ed25519_sig_size(&key);
  29113. #if defined(HAVE_ED25519_SIGN) && defined(HAVE_ED25519_KEY_EXPORT) &&\
  29114. defined(HAVE_ED25519_KEY_IMPORT)
  29115. for (i = 0; i < 6; i++) {
  29116. outlen = sizeof(out);
  29117. XMEMSET(out, 0, sizeof(out));
  29118. if (wc_ed25519_import_private_key(sKeys[i], ED25519_KEY_SIZE, pKeys[i],
  29119. pKeySz[i], &key) != 0)
  29120. return WC_TEST_RET_ENC_I(i);
  29121. if (wc_ed25519_sign_msg(msgs[i], msgSz[i], out, &outlen, &key) != 0)
  29122. return WC_TEST_RET_ENC_I(i);
  29123. if (XMEMCMP(out, sigs[i], 64))
  29124. return WC_TEST_RET_ENC_I(i);
  29125. #if defined(HAVE_ED25519_VERIFY)
  29126. /* test verify on good msg */
  29127. if (wc_ed25519_verify_msg(out, outlen, msgs[i], msgSz[i], &verify,
  29128. &key) != 0 || verify != 1)
  29129. return WC_TEST_RET_ENC_I(i);
  29130. #ifdef WOLFSSL_ED25519_STREAMING_VERIFY
  29131. /* test verify on good msg using streaming interface directly */
  29132. if (wc_ed25519_verify_msg_init(out, outlen,
  29133. &key, (byte)Ed25519, NULL, 0) != 0)
  29134. return WC_TEST_RET_ENC_I(i);
  29135. for (j = 0; j < msgSz[i]; j += i) {
  29136. if (wc_ed25519_verify_msg_update(msgs[i] + j, MIN(i, msgSz[i] - j), &key) != 0)
  29137. return WC_TEST_RET_ENC_I(i);
  29138. }
  29139. if (wc_ed25519_verify_msg_final(out, outlen, &verify,
  29140. &key) != 0 || verify != 1)
  29141. return WC_TEST_RET_ENC_I(i);
  29142. #endif /* WOLFSSL_ED25519_STREAMING_VERIFY */
  29143. /* test verify on bad msg */
  29144. out[outlen-1] = out[outlen-1] + 1;
  29145. if (wc_ed25519_verify_msg(out, outlen, msgs[i], msgSz[i], &verify,
  29146. &key) == 0 || verify == 1)
  29147. return WC_TEST_RET_ENC_I(i);
  29148. #endif /* HAVE_ED25519_VERIFY */
  29149. /* test api for import/exporting keys */
  29150. exportPSz = sizeof(exportPKey);
  29151. exportSSz = sizeof(exportSKey);
  29152. if (wc_ed25519_export_public(&key, exportPKey, &exportPSz) != 0)
  29153. return WC_TEST_RET_ENC_I(i);
  29154. if (wc_ed25519_import_public_ex(exportPKey, exportPSz, &key2, 1) != 0)
  29155. return WC_TEST_RET_ENC_I(i);
  29156. if (wc_ed25519_export_private_only(&key, exportSKey, &exportSSz) != 0)
  29157. return WC_TEST_RET_ENC_I(i);
  29158. if (wc_ed25519_import_private_key(exportSKey, exportSSz,
  29159. exportPKey, exportPSz, &key2) != 0)
  29160. return WC_TEST_RET_ENC_I(i);
  29161. /* clear "out" buffer and test sign with imported keys */
  29162. outlen = sizeof(out);
  29163. XMEMSET(out, 0, sizeof(out));
  29164. if (wc_ed25519_sign_msg(msgs[i], msgSz[i], out, &outlen, &key2) != 0)
  29165. return WC_TEST_RET_ENC_I(i);
  29166. #if defined(HAVE_ED25519_VERIFY)
  29167. if (wc_ed25519_verify_msg(out, outlen, msgs[i], msgSz[i], &verify,
  29168. &key2) != 0 || verify != 1)
  29169. return WC_TEST_RET_ENC_I(i);
  29170. if (XMEMCMP(out, sigs[i], 64))
  29171. return WC_TEST_RET_ENC_I(i);
  29172. #endif /* HAVE_ED25519_VERIFY */
  29173. }
  29174. ret = ed25519ctx_test();
  29175. if (ret != 0)
  29176. return ret;
  29177. ret = ed25519ph_test();
  29178. if (ret != 0)
  29179. return ret;
  29180. #ifndef NO_ASN
  29181. /* Try ASN.1 encoded private-only key and public key. */
  29182. idx = 0;
  29183. ret = wc_Ed25519PrivateKeyDecode(privateEd25519, &idx, &key3,
  29184. sizeof(privateEd25519));
  29185. if (ret != 0)
  29186. return WC_TEST_RET_ENC_EC(ret);
  29187. idx = 0;
  29188. if (wc_Ed25519PrivateKeyDecode(badPrivateEd25519, &idx, &key3,
  29189. sizeof(badPrivateEd25519)) == 0)
  29190. return WC_TEST_RET_ENC_NC;
  29191. ret = wc_ed25519_sign_msg(msgs[0], msgSz[0], out, &outlen, &key3);
  29192. if (ret != BAD_FUNC_ARG)
  29193. return WC_TEST_RET_ENC_EC(ret);
  29194. /* try with a buffer size that is too large */
  29195. idx = 0;
  29196. if (wc_Ed25519PublicKeyDecode(badPublicEd25519, &idx, &key3,
  29197. sizeof(badPublicEd25519)) == 0)
  29198. return WC_TEST_RET_ENC_NC;
  29199. idx = 0;
  29200. ret = wc_Ed25519PublicKeyDecode(publicEd25519, &idx, &key3,
  29201. sizeof(publicEd25519));
  29202. if (ret != 0)
  29203. return WC_TEST_RET_ENC_EC(ret);
  29204. ret = wc_ed25519_sign_msg(msgs[0], msgSz[0], out, &outlen, &key3);
  29205. if (ret != 0)
  29206. return WC_TEST_RET_ENC_EC(ret);
  29207. if (XMEMCMP(out, sigs[0], 64))
  29208. return WC_TEST_RET_ENC_NC;
  29209. #if defined(HAVE_ED25519_VERIFY)
  29210. /* test verify on good msg */
  29211. ret = wc_ed25519_verify_msg(out, outlen, msgs[0], msgSz[0], &verify, &key3);
  29212. if (ret != 0 || verify != 1)
  29213. return WC_TEST_RET_ENC_EC(ret);
  29214. #endif /* HAVE_ED25519_VERIFY */
  29215. wc_ed25519_free(&key3);
  29216. wc_ed25519_init(&key3);
  29217. idx = 0;
  29218. ret = wc_Ed25519PrivateKeyDecode(privPubEd25519, &idx, &key3,
  29219. sizeof(privPubEd25519));
  29220. if (ret != 0)
  29221. return WC_TEST_RET_ENC_EC(ret);
  29222. ret = wc_ed25519_sign_msg(msgs[0], msgSz[0], out, &outlen, &key3);
  29223. if (ret != 0)
  29224. return WC_TEST_RET_ENC_EC(ret);
  29225. if (XMEMCMP(out, sigs[0], 64))
  29226. return WC_TEST_RET_ENC_NC;
  29227. wc_ed25519_free(&key3);
  29228. #endif /* NO_ASN */
  29229. #endif /* HAVE_ED25519_SIGN && HAVE_ED25519_KEY_EXPORT && HAVE_ED25519_KEY_IMPORT */
  29230. /* clean up keys when done */
  29231. wc_ed25519_free(&key);
  29232. wc_ed25519_free(&key2);
  29233. #if defined(HAVE_HASHDRBG) || defined(NO_RC4)
  29234. wc_FreeRng(&rng);
  29235. #endif
  29236. /* hush warnings of unused keySz and sigSz */
  29237. (void)keySz;
  29238. (void)sigSz;
  29239. #ifdef WOLFSSL_TEST_CERT
  29240. ret = ed25519_test_cert();
  29241. if (ret < 0)
  29242. return ret;
  29243. #if defined(WOLFSSL_CERT_GEN) && defined(HAVE_ED25519_MAKE_KEY)
  29244. ret = ed25519_test_make_cert();
  29245. if (ret < 0)
  29246. return ret;
  29247. #endif /* WOLFSSL_CERT_GEN */
  29248. #endif /* WOLFSSL_TEST_CERT */
  29249. return 0;
  29250. }
  29251. #endif /* HAVE_ED25519 */
  29252. #ifdef HAVE_CURVE448
  29253. #if defined(HAVE_CURVE448_SHARED_SECRET) && \
  29254. defined(HAVE_CURVE448_KEY_IMPORT)
  29255. /* Test the wc_curve448_check_public API.
  29256. *
  29257. * returns 0 on success and -ve on failure.
  29258. */
  29259. static wc_test_ret_t curve448_check_public_test(void)
  29260. {
  29261. /* Little-endian values that will fail */
  29262. byte fail_le[][CURVE448_KEY_SIZE] = {
  29263. {
  29264. 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
  29265. 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
  29266. 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
  29267. 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
  29268. 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
  29269. 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
  29270. 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00
  29271. },
  29272. {
  29273. 0x01,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
  29274. 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
  29275. 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
  29276. 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
  29277. 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
  29278. 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
  29279. 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00
  29280. },
  29281. };
  29282. /* Big-endian values that will fail */
  29283. byte fail_be[][CURVE448_KEY_SIZE] = {
  29284. {
  29285. 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
  29286. 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
  29287. 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
  29288. 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
  29289. 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
  29290. 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
  29291. 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00
  29292. },
  29293. {
  29294. 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
  29295. 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
  29296. 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
  29297. 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
  29298. 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
  29299. 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
  29300. 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x01
  29301. },
  29302. };
  29303. /* Good or valid public value */
  29304. byte good[CURVE448_KEY_SIZE] = {
  29305. 0x01,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
  29306. 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
  29307. 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
  29308. 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
  29309. 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
  29310. 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
  29311. 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x01
  29312. };
  29313. int i;
  29314. wc_test_ret_t ret;
  29315. /* Parameter checks */
  29316. /* NULL pointer */
  29317. ret = wc_curve448_check_public(NULL, 0, EC448_LITTLE_ENDIAN);
  29318. if (ret != BAD_FUNC_ARG)
  29319. return WC_TEST_RET_ENC_EC(ret);
  29320. ret = wc_curve448_check_public(NULL, 0, EC448_BIG_ENDIAN);
  29321. if (ret != BAD_FUNC_ARG)
  29322. return WC_TEST_RET_ENC_EC(ret);
  29323. /* Length of 0 treated differently to other invalid lengths for TLS */
  29324. ret = wc_curve448_check_public(good, 0, EC448_LITTLE_ENDIAN);
  29325. if (ret != BUFFER_E)
  29326. return WC_TEST_RET_ENC_EC(ret);
  29327. ret = wc_curve448_check_public(good, 0, EC448_BIG_ENDIAN);
  29328. if (ret != BUFFER_E)
  29329. return WC_TEST_RET_ENC_EC(ret);
  29330. /* Length not CURVE448_KEY_SIZE */
  29331. for (i = 1; i < CURVE448_KEY_SIZE + 2; i++) {
  29332. if (i == CURVE448_KEY_SIZE)
  29333. continue;
  29334. if (wc_curve448_check_public(good, i, EC448_LITTLE_ENDIAN) !=
  29335. ECC_BAD_ARG_E) {
  29336. return WC_TEST_RET_ENC_I(i);
  29337. }
  29338. if (wc_curve448_check_public(good, i, EC448_BIG_ENDIAN) !=
  29339. ECC_BAD_ARG_E) {
  29340. return WC_TEST_RET_ENC_I(i);
  29341. }
  29342. }
  29343. /* Little-endian fail cases */
  29344. for (i = 0; i < (int)(sizeof(fail_le) / sizeof(*fail_le)); i++) {
  29345. if (wc_curve448_check_public(fail_le[i], CURVE448_KEY_SIZE,
  29346. EC448_LITTLE_ENDIAN) == 0) {
  29347. return WC_TEST_RET_ENC_I(i);
  29348. }
  29349. }
  29350. /* Big-endian fail cases */
  29351. for (i = 0; i < (int)(sizeof(fail_be) / sizeof(*fail_be)); i++) {
  29352. if (wc_curve448_check_public(fail_be[i], CURVE448_KEY_SIZE,
  29353. EC448_BIG_ENDIAN) == 0) {
  29354. return WC_TEST_RET_ENC_I(i);
  29355. }
  29356. }
  29357. /* Check a valid public value works! */
  29358. ret = wc_curve448_check_public(good, CURVE448_KEY_SIZE,
  29359. EC448_LITTLE_ENDIAN);
  29360. if (ret != 0)
  29361. return WC_TEST_RET_ENC_EC(ret);
  29362. ret = wc_curve448_check_public(good, CURVE448_KEY_SIZE, EC448_BIG_ENDIAN);
  29363. if (ret != 0)
  29364. return WC_TEST_RET_ENC_EC(ret);
  29365. return 0;
  29366. }
  29367. #endif /* HAVE_CURVE448_SHARED_SECRET && HAVE_CURVE448_KEY_IMPORT */
  29368. WOLFSSL_TEST_SUBROUTINE wc_test_ret_t curve448_test(void)
  29369. {
  29370. WC_RNG rng;
  29371. wc_test_ret_t ret;
  29372. #ifdef HAVE_CURVE448_SHARED_SECRET
  29373. byte sharedA[CURVE448_KEY_SIZE];
  29374. byte sharedB[CURVE448_KEY_SIZE];
  29375. word32 y;
  29376. #endif
  29377. #ifdef HAVE_CURVE448_KEY_EXPORT
  29378. byte exportBuf[CURVE448_KEY_SIZE];
  29379. #endif
  29380. word32 x = 0;
  29381. curve448_key userA, userB, pubKey;
  29382. #if defined(HAVE_CURVE448_SHARED_SECRET) && \
  29383. defined(HAVE_CURVE448_KEY_IMPORT)
  29384. /* test vectors from
  29385. https://www.rfc-editor.org/rfc/rfc7748.html
  29386. */
  29387. /* secret key for party a */
  29388. byte sa[] = {
  29389. 0x6b, 0x72, 0x98, 0xa5, 0xc0, 0xd8, 0xc2, 0x9a,
  29390. 0x1d, 0xab, 0x27, 0xf1, 0xa6, 0x82, 0x63, 0x00,
  29391. 0x91, 0x73, 0x89, 0x44, 0x97, 0x41, 0xa9, 0x74,
  29392. 0xf5, 0xba, 0xc9, 0xd9, 0x8d, 0xc2, 0x98, 0xd4,
  29393. 0x65, 0x55, 0xbc, 0xe8, 0xba, 0xe8, 0x9e, 0xee,
  29394. 0xd4, 0x00, 0x58, 0x4b, 0xb0, 0x46, 0xcf, 0x75,
  29395. 0x57, 0x9f, 0x51, 0xd1, 0x25, 0x49, 0x8f, 0x9a,
  29396. };
  29397. /* public key for party a */
  29398. byte pa[] = {
  29399. 0xa0, 0x1f, 0xc4, 0x32, 0xe5, 0x80, 0x7f, 0x17,
  29400. 0x53, 0x0d, 0x12, 0x88, 0xda, 0x12, 0x5b, 0x0c,
  29401. 0xd4, 0x53, 0xd9, 0x41, 0x72, 0x64, 0x36, 0xc8,
  29402. 0xbb, 0xd9, 0xc5, 0x22, 0x2c, 0x3d, 0xa7, 0xfa,
  29403. 0x63, 0x9c, 0xe0, 0x3d, 0xb8, 0xd2, 0x3b, 0x27,
  29404. 0x4a, 0x07, 0x21, 0xa1, 0xae, 0xd5, 0x22, 0x7d,
  29405. 0xe6, 0xe3, 0xb7, 0x31, 0xcc, 0xf7, 0x08, 0x9b,
  29406. };
  29407. /* secret key for party b */
  29408. byte sb[] = {
  29409. 0x2d, 0x99, 0x73, 0x51, 0xb6, 0x10, 0x6f, 0x36,
  29410. 0xb0, 0xd1, 0x09, 0x1b, 0x92, 0x9c, 0x4c, 0x37,
  29411. 0x21, 0x3e, 0x0d, 0x2b, 0x97, 0xe8, 0x5e, 0xbb,
  29412. 0x20, 0xc1, 0x27, 0x69, 0x1d, 0x0d, 0xad, 0x8f,
  29413. 0x1d, 0x81, 0x75, 0xb0, 0x72, 0x37, 0x45, 0xe6,
  29414. 0x39, 0xa3, 0xcb, 0x70, 0x44, 0x29, 0x0b, 0x99,
  29415. 0xe0, 0xe2, 0xa0, 0xc2, 0x7a, 0x6a, 0x30, 0x1c,
  29416. };
  29417. /* public key for party b */
  29418. byte pb[] = {
  29419. 0x09, 0x36, 0xf3, 0x7b, 0xc6, 0xc1, 0xbd, 0x07,
  29420. 0xae, 0x3d, 0xec, 0x7a, 0xb5, 0xdc, 0x06, 0xa7,
  29421. 0x3c, 0xa1, 0x32, 0x42, 0xfb, 0x34, 0x3e, 0xfc,
  29422. 0x72, 0xb9, 0xd8, 0x27, 0x30, 0xb4, 0x45, 0xf3,
  29423. 0xd4, 0xb0, 0xbd, 0x07, 0x71, 0x62, 0xa4, 0x6d,
  29424. 0xcf, 0xec, 0x6f, 0x9b, 0x59, 0x0b, 0xfc, 0xbc,
  29425. 0xf5, 0x20, 0xcd, 0xb0, 0x29, 0xa8, 0xb7, 0x3e,
  29426. };
  29427. /* expected shared key */
  29428. byte ss[] = {
  29429. 0x9d, 0x87, 0x4a, 0x51, 0x37, 0x50, 0x9a, 0x44,
  29430. 0x9a, 0xd5, 0x85, 0x30, 0x40, 0x24, 0x1c, 0x52,
  29431. 0x36, 0x39, 0x54, 0x35, 0xc3, 0x64, 0x24, 0xfd,
  29432. 0x56, 0x0b, 0x0c, 0xb6, 0x2b, 0x28, 0x1d, 0x28,
  29433. 0x52, 0x75, 0xa7, 0x40, 0xce, 0x32, 0xa2, 0x2d,
  29434. 0xd1, 0x74, 0x0f, 0x4a, 0xa9, 0x16, 0x1c, 0xec,
  29435. 0x95, 0xcc, 0xc6, 0x1a, 0x18, 0xf4, 0xff, 0x07,
  29436. };
  29437. #endif /* HAVE_CURVE448_SHARED_SECRET */
  29438. (void)x;
  29439. #ifndef HAVE_FIPS
  29440. ret = wc_InitRng_ex(&rng, HEAP_HINT, devId);
  29441. #else
  29442. ret = wc_InitRng(&rng);
  29443. #endif
  29444. if (ret != 0)
  29445. return WC_TEST_RET_ENC_EC(ret);
  29446. wc_curve448_init(&userA);
  29447. wc_curve448_init(&userB);
  29448. wc_curve448_init(&pubKey);
  29449. /* make curve448 keys */
  29450. ret = wc_curve448_make_key(&rng, CURVE448_KEY_SIZE, &userA);
  29451. if (ret != 0)
  29452. return WC_TEST_RET_ENC_EC(ret);
  29453. ret = wc_curve448_make_key(&rng, CURVE448_KEY_SIZE, &userB);
  29454. if (ret != 0)
  29455. return WC_TEST_RET_ENC_EC(ret);
  29456. #ifdef HAVE_CURVE448_SHARED_SECRET
  29457. /* find shared secret key */
  29458. x = sizeof(sharedA);
  29459. ret = wc_curve448_shared_secret(&userA, &userB, sharedA, &x);
  29460. if (ret != 0)
  29461. return WC_TEST_RET_ENC_EC(ret);
  29462. y = sizeof(sharedB);
  29463. ret = wc_curve448_shared_secret(&userB, &userA, sharedB, &y);
  29464. if (ret != 0)
  29465. return WC_TEST_RET_ENC_EC(ret);
  29466. /* compare shared secret keys to test they are the same */
  29467. if (y != x)
  29468. return WC_TEST_RET_ENC_NC;
  29469. if (XMEMCMP(sharedA, sharedB, x))
  29470. return WC_TEST_RET_ENC_NC;
  29471. #endif
  29472. #ifdef HAVE_CURVE448_KEY_EXPORT
  29473. /* export a public key and import it for another user */
  29474. x = sizeof(exportBuf);
  29475. ret = wc_curve448_export_public(&userA, exportBuf, &x);
  29476. if (ret != 0)
  29477. return WC_TEST_RET_ENC_EC(ret);
  29478. #ifdef HAVE_CURVE448_KEY_IMPORT
  29479. ret = wc_curve448_import_public(exportBuf, x, &pubKey);
  29480. if (ret != 0)
  29481. return WC_TEST_RET_ENC_EC(ret);
  29482. #endif
  29483. #endif
  29484. #if defined(HAVE_CURVE448_SHARED_SECRET) && \
  29485. defined(HAVE_CURVE448_KEY_IMPORT)
  29486. /* test shared key after importing a public key */
  29487. XMEMSET(sharedB, 0, sizeof(sharedB));
  29488. y = sizeof(sharedB);
  29489. ret = wc_curve448_shared_secret(&userB, &pubKey, sharedB, &y);
  29490. if (ret != 0)
  29491. return WC_TEST_RET_ENC_EC(ret);
  29492. if (XMEMCMP(sharedA, sharedB, y))
  29493. return WC_TEST_RET_ENC_NC;
  29494. /* import RFC test vectors and compare shared key */
  29495. ret = wc_curve448_import_private_raw(sa, sizeof(sa), pa, sizeof(pa), &userA);
  29496. if (ret != 0)
  29497. return WC_TEST_RET_ENC_EC(ret);
  29498. ret = wc_curve448_import_private_raw(sb, sizeof(sb), pb, sizeof(pb), &userB);
  29499. if (ret != 0)
  29500. return WC_TEST_RET_ENC_EC(ret);
  29501. /* test against known test vector */
  29502. XMEMSET(sharedB, 0, sizeof(sharedB));
  29503. y = sizeof(sharedB);
  29504. ret = wc_curve448_shared_secret(&userA, &userB, sharedB, &y);
  29505. if (ret != 0)
  29506. return WC_TEST_RET_ENC_EC(ret);
  29507. if (XMEMCMP(ss, sharedB, y))
  29508. return WC_TEST_RET_ENC_NC;
  29509. /* test swapping roles of keys and generating same shared key */
  29510. XMEMSET(sharedB, 0, sizeof(sharedB));
  29511. y = sizeof(sharedB);
  29512. ret = wc_curve448_shared_secret(&userB, &userA, sharedB, &y);
  29513. if (ret != 0)
  29514. return WC_TEST_RET_ENC_EC(ret);
  29515. if (XMEMCMP(ss, sharedB, y))
  29516. return WC_TEST_RET_ENC_NC;
  29517. /* test with 1 generated key and 1 from known test vector */
  29518. ret = wc_curve448_import_private_raw(sa, sizeof(sa), pa, sizeof(pa), &userA);
  29519. if (ret != 0)
  29520. return WC_TEST_RET_ENC_EC(ret);
  29521. ret = wc_curve448_make_key(&rng, 56, &userB);
  29522. if (ret != 0)
  29523. return WC_TEST_RET_ENC_EC(ret);
  29524. x = sizeof(sharedA);
  29525. ret = wc_curve448_shared_secret(&userA, &userB, sharedA, &x);
  29526. if (ret != 0)
  29527. return WC_TEST_RET_ENC_EC(ret);
  29528. y = sizeof(sharedB);
  29529. ret = wc_curve448_shared_secret(&userB, &userA, sharedB, &y);
  29530. if (ret != 0)
  29531. return WC_TEST_RET_ENC_EC(ret);
  29532. /* compare shared secret keys to test they are the same */
  29533. if (y != x)
  29534. return WC_TEST_RET_ENC_NC;
  29535. if (XMEMCMP(sharedA, sharedB, x))
  29536. return WC_TEST_RET_ENC_NC;
  29537. ret = curve448_check_public_test();
  29538. if (ret != 0)
  29539. return ret;
  29540. #endif /* HAVE_CURVE448_SHARED_SECRET && HAVE_CURVE448_KEY_IMPORT */
  29541. /* clean up keys when done */
  29542. wc_curve448_free(&pubKey);
  29543. wc_curve448_free(&userB);
  29544. wc_curve448_free(&userA);
  29545. wc_FreeRng(&rng);
  29546. return 0;
  29547. }
  29548. #endif /* HAVE_CURVE448 */
  29549. #ifdef HAVE_ED448
  29550. #ifdef WOLFSSL_TEST_CERT
  29551. static wc_test_ret_t ed448_test_cert(void)
  29552. {
  29553. DecodedCert cert[2];
  29554. DecodedCert* serverCert = NULL;
  29555. DecodedCert* caCert = NULL;
  29556. #ifdef HAVE_ED448_VERIFY
  29557. ed448_key key;
  29558. ed448_key* pubKey = NULL;
  29559. int verify;
  29560. #endif /* HAVE_ED448_VERIFY */
  29561. wc_test_ret_t ret;
  29562. byte* tmp;
  29563. size_t bytes;
  29564. XFILE file;
  29565. tmp = (byte *)XMALLOC(FOURK_BUF, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  29566. if (tmp == NULL) {
  29567. ERROR_OUT(WC_TEST_RET_ENC_ERRNO, done);
  29568. }
  29569. #ifdef USE_CERT_BUFFERS_256
  29570. XMEMCPY(tmp, ca_ed448_cert, sizeof_ca_ed448_cert);
  29571. bytes = sizeof_ca_ed448_cert;
  29572. #elif !defined(NO_FILESYSTEM)
  29573. file = XFOPEN(caEd448Cert, "rb");
  29574. if (file == NULL) {
  29575. ERROR_OUT(WC_TEST_RET_ENC_ERRNO, done);
  29576. }
  29577. bytes = XFREAD(tmp, 1, FOURK_BUF, file);
  29578. XFCLOSE(file);
  29579. if (bytes == 0)
  29580. ERROR_OUT(WC_TEST_RET_ENC_ERRNO, done);
  29581. #else
  29582. /* No certificate to use. */
  29583. ERROR_OUT(WC_TEST_RET_ENC_NC, done);
  29584. #endif
  29585. InitDecodedCert(&cert[0], tmp, (word32)bytes, 0);
  29586. caCert = &cert[0];
  29587. ret = ParseCert(caCert, CERT_TYPE, NO_VERIFY, NULL);
  29588. if (ret != 0)
  29589. ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done);
  29590. #ifdef USE_CERT_BUFFERS_256
  29591. XMEMCPY(tmp, server_ed448_cert, sizeof_server_ed448_cert);
  29592. bytes = sizeof_server_ed448_cert;
  29593. #elif !defined(NO_FILESYSTEM)
  29594. file = XFOPEN(serverEd448Cert, "rb");
  29595. if (file == NULL) {
  29596. ERROR_OUT(WC_TEST_RET_ENC_ERRNO, done);
  29597. }
  29598. bytes = XFREAD(tmp, 1, FOURK_BUF, file);
  29599. XFCLOSE(file);
  29600. if (bytes == 0)
  29601. ERROR_OUT(WC_TEST_RET_ENC_ERRNO, done);
  29602. #else
  29603. /* No certificate to use. */
  29604. ERROR_OUT(WC_TEST_RET_ENC_NC, done);
  29605. #endif
  29606. InitDecodedCert(&cert[1], tmp, (word32)bytes, 0);
  29607. serverCert = &cert[1];
  29608. ret = ParseCert(serverCert, CERT_TYPE, NO_VERIFY, NULL);
  29609. if (ret != 0)
  29610. ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done);
  29611. #ifdef HAVE_ED448_VERIFY
  29612. ret = wc_ed448_init(&key);
  29613. if (ret < 0)
  29614. ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done);
  29615. pubKey = &key;
  29616. ret = wc_ed448_import_public(caCert->publicKey, caCert->pubKeySize, pubKey);
  29617. if (ret < 0)
  29618. ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done);
  29619. ret = wc_ed448_verify_msg(serverCert->signature, serverCert->sigLength,
  29620. serverCert->source + serverCert->certBegin,
  29621. serverCert->sigIndex - serverCert->certBegin,
  29622. &verify, pubKey, NULL, 0);
  29623. if (ret < 0 || verify != 1) {
  29624. ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done);
  29625. }
  29626. #endif /* HAVE_ED448_VERIFY */
  29627. done:
  29628. if (tmp != NULL)
  29629. XFREE(tmp, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  29630. #ifdef HAVE_ED448_VERIFY
  29631. wc_ed448_free(pubKey);
  29632. #endif /* HAVE_ED448_VERIFY */
  29633. if (caCert != NULL)
  29634. FreeDecodedCert(caCert);
  29635. if (serverCert != NULL)
  29636. FreeDecodedCert(serverCert);
  29637. return ret;
  29638. }
  29639. static wc_test_ret_t ed448_test_make_cert(void)
  29640. {
  29641. WC_RNG rng;
  29642. Cert cert;
  29643. DecodedCert decode;
  29644. ed448_key key;
  29645. ed448_key* privKey = NULL;
  29646. wc_test_ret_t ret = 0;
  29647. byte* tmp = NULL;
  29648. wc_InitCert_ex(&cert, HEAP_HINT, devId);
  29649. #ifndef HAVE_FIPS
  29650. ret = wc_InitRng_ex(&rng, HEAP_HINT, devId);
  29651. #else
  29652. ret = wc_InitRng(&rng);
  29653. #endif
  29654. if (ret != 0)
  29655. return WC_TEST_RET_ENC_EC(ret);
  29656. wc_ed448_init(&key);
  29657. privKey = &key;
  29658. wc_ed448_make_key(&rng, ED448_KEY_SIZE, privKey);
  29659. cert.daysValid = 365 * 2;
  29660. cert.selfSigned = 1;
  29661. XMEMCPY(&cert.issuer, &certDefaultName, sizeof(CertName));
  29662. XMEMCPY(&cert.subject, &certDefaultName, sizeof(CertName));
  29663. cert.isCA = 0;
  29664. #ifdef WOLFSSL_CERT_EXT
  29665. ret = wc_SetKeyUsage(&cert, certKeyUsage);
  29666. if (ret < 0)
  29667. ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done);
  29668. ret = wc_SetSubjectKeyIdFromPublicKey_ex(&cert, ED448_TYPE, privKey);
  29669. if (ret < 0)
  29670. ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done);
  29671. ret = wc_SetAuthKeyIdFromPublicKey_ex(&cert, ED448_TYPE, privKey);
  29672. if (ret < 0)
  29673. ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done);
  29674. #endif
  29675. tmp = (byte *)XMALLOC(FOURK_BUF, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  29676. if (tmp == NULL) {
  29677. ERROR_OUT(WC_TEST_RET_ENC_ERRNO, done);
  29678. }
  29679. cert.sigType = CTC_ED448;
  29680. ret = wc_MakeCert_ex(&cert, tmp, FOURK_BUF, ED448_TYPE, privKey, &rng);
  29681. if (ret < 0)
  29682. ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done);
  29683. ret = wc_SignCert_ex(cert.bodySz, cert.sigType, tmp, FOURK_BUF, ED448_TYPE,
  29684. privKey, &rng);
  29685. if (ret < 0)
  29686. ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done);
  29687. InitDecodedCert(&decode, tmp, (word32)ret, HEAP_HINT);
  29688. ret = ParseCert(&decode, CERT_TYPE, NO_VERIFY, 0);
  29689. FreeDecodedCert(&decode);
  29690. if (ret != 0)
  29691. ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done);
  29692. done:
  29693. if (tmp != NULL)
  29694. XFREE(tmp, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  29695. wc_ed448_free(privKey);
  29696. wc_FreeRng(&rng);
  29697. return ret;
  29698. }
  29699. #endif /* WOLFSSL_TEST_CERT */
  29700. #if defined(HAVE_ED448_SIGN) && defined(HAVE_ED448_KEY_EXPORT) && \
  29701. defined(HAVE_ED448_KEY_IMPORT)
  29702. static wc_test_ret_t ed448_ctx_test(void)
  29703. {
  29704. wc_test_ret_t ret;
  29705. byte out[ED448_SIG_SIZE];
  29706. word32 outlen;
  29707. #ifdef HAVE_ED448_VERIFY
  29708. int verify;
  29709. #endif /* HAVE_ED448_VERIFY */
  29710. ed448_key key;
  29711. WOLFSSL_SMALL_STACK_STATIC const byte sKeyCtx[] = {
  29712. 0xc4, 0xea, 0xb0, 0x5d, 0x35, 0x70, 0x07, 0xc6,
  29713. 0x32, 0xf3, 0xdb, 0xb4, 0x84, 0x89, 0x92, 0x4d,
  29714. 0x55, 0x2b, 0x08, 0xfe, 0x0c, 0x35, 0x3a, 0x0d,
  29715. 0x4a, 0x1f, 0x00, 0xac, 0xda, 0x2c, 0x46, 0x3a,
  29716. 0xfb, 0xea, 0x67, 0xc5, 0xe8, 0xd2, 0x87, 0x7c,
  29717. 0x5e, 0x3b, 0xc3, 0x97, 0xa6, 0x59, 0x94, 0x9e,
  29718. 0xf8, 0x02, 0x1e, 0x95, 0x4e, 0x0a, 0x12, 0x27,
  29719. 0x4e
  29720. };
  29721. WOLFSSL_SMALL_STACK_STATIC const byte pKeyCtx[] = {
  29722. 0x43, 0xba, 0x28, 0xf4, 0x30, 0xcd, 0xff, 0x45,
  29723. 0x6a, 0xe5, 0x31, 0x54, 0x5f, 0x7e, 0xcd, 0x0a,
  29724. 0xc8, 0x34, 0xa5, 0x5d, 0x93, 0x58, 0xc0, 0x37,
  29725. 0x2b, 0xfa, 0x0c, 0x6c, 0x67, 0x98, 0xc0, 0x86,
  29726. 0x6a, 0xea, 0x01, 0xeb, 0x00, 0x74, 0x28, 0x02,
  29727. 0xb8, 0x43, 0x8e, 0xa4, 0xcb, 0x82, 0x16, 0x9c,
  29728. 0x23, 0x51, 0x60, 0x62, 0x7b, 0x4c, 0x3a, 0x94,
  29729. 0x80
  29730. };
  29731. WOLFSSL_SMALL_STACK_STATIC const byte sigCtx[] = {
  29732. 0xd4, 0xf8, 0xf6, 0x13, 0x17, 0x70, 0xdd, 0x46,
  29733. 0xf4, 0x08, 0x67, 0xd6, 0xfd, 0x5d, 0x50, 0x55,
  29734. 0xde, 0x43, 0x54, 0x1f, 0x8c, 0x5e, 0x35, 0xab,
  29735. 0xbc, 0xd0, 0x01, 0xb3, 0x2a, 0x89, 0xf7, 0xd2,
  29736. 0x15, 0x1f, 0x76, 0x47, 0xf1, 0x1d, 0x8c, 0xa2,
  29737. 0xae, 0x27, 0x9f, 0xb8, 0x42, 0xd6, 0x07, 0x21,
  29738. 0x7f, 0xce, 0x6e, 0x04, 0x2f, 0x68, 0x15, 0xea,
  29739. 0x00, 0x0c, 0x85, 0x74, 0x1d, 0xe5, 0xc8, 0xda,
  29740. 0x11, 0x44, 0xa6, 0xa1, 0xab, 0xa7, 0xf9, 0x6d,
  29741. 0xe4, 0x25, 0x05, 0xd7, 0xa7, 0x29, 0x85, 0x24,
  29742. 0xfd, 0xa5, 0x38, 0xfc, 0xcb, 0xbb, 0x75, 0x4f,
  29743. 0x57, 0x8c, 0x1c, 0xad, 0x10, 0xd5, 0x4d, 0x0d,
  29744. 0x54, 0x28, 0x40, 0x7e, 0x85, 0xdc, 0xbc, 0x98,
  29745. 0xa4, 0x91, 0x55, 0xc1, 0x37, 0x64, 0xe6, 0x6c,
  29746. 0x3c, 0x00
  29747. };
  29748. WOLFSSL_SMALL_STACK_STATIC const byte msgCtx[] = {
  29749. 0x03
  29750. };
  29751. WOLFSSL_SMALL_STACK_STATIC const byte contextCtx[] = {
  29752. 0x66,0x6f,0x6f
  29753. };
  29754. outlen = sizeof(out);
  29755. XMEMSET(out, 0, sizeof(out));
  29756. ret = wc_ed448_init_ex(&key, HEAP_HINT, devId);
  29757. if (ret != 0)
  29758. return WC_TEST_RET_ENC_EC(ret);
  29759. ret = wc_ed448_import_private_key(sKeyCtx, ED448_KEY_SIZE, pKeyCtx,
  29760. sizeof(pKeyCtx), &key);
  29761. if (ret != 0)
  29762. return WC_TEST_RET_ENC_EC(ret);
  29763. ret = wc_ed448_sign_msg(msgCtx, sizeof(msgCtx), out, &outlen, &key,
  29764. contextCtx, sizeof(contextCtx));
  29765. if (ret != 0)
  29766. return WC_TEST_RET_ENC_EC(ret);
  29767. if (XMEMCMP(out, sigCtx, sizeof(sigCtx)))
  29768. return WC_TEST_RET_ENC_NC;
  29769. #if defined(HAVE_ED448_VERIFY)
  29770. /* test verify on good msg */
  29771. ret = wc_ed448_verify_msg(out, outlen, msgCtx, sizeof(msgCtx), &verify, &key,
  29772. contextCtx, sizeof(contextCtx));
  29773. if (ret != 0 || verify != 1)
  29774. return WC_TEST_RET_ENC_EC(ret);
  29775. #endif
  29776. wc_ed448_free(&key);
  29777. return 0;
  29778. }
  29779. static wc_test_ret_t ed448ph_test(void)
  29780. {
  29781. wc_test_ret_t ret;
  29782. byte out[ED448_SIG_SIZE];
  29783. word32 outlen;
  29784. #ifdef HAVE_ED448_VERIFY
  29785. int verify;
  29786. #endif /* HAVE_ED448_VERIFY */
  29787. ed448_key key;
  29788. WOLFSSL_SMALL_STACK_STATIC const byte sKeyPh[] = {
  29789. 0x83, 0x3f, 0xe6, 0x24, 0x09, 0x23, 0x7b, 0x9d,
  29790. 0x62, 0xec, 0x77, 0x58, 0x75, 0x20, 0x91, 0x1e,
  29791. 0x9a, 0x75, 0x9c, 0xec, 0x1d, 0x19, 0x75, 0x5b,
  29792. 0x7d, 0xa9, 0x01, 0xb9, 0x6d, 0xca, 0x3d, 0x42,
  29793. 0xef, 0x78, 0x22, 0xe0, 0xd5, 0x10, 0x41, 0x27,
  29794. 0xdc, 0x05, 0xd6, 0xdb, 0xef, 0xde, 0x69, 0xe3,
  29795. 0xab, 0x2c, 0xec, 0x7c, 0x86, 0x7c, 0x6e, 0x2c,
  29796. 0x49
  29797. };
  29798. WOLFSSL_SMALL_STACK_STATIC const byte pKeyPh[] = {
  29799. 0x25, 0x9b, 0x71, 0xc1, 0x9f, 0x83, 0xef, 0x77,
  29800. 0xa7, 0xab, 0xd2, 0x65, 0x24, 0xcb, 0xdb, 0x31,
  29801. 0x61, 0xb5, 0x90, 0xa4, 0x8f, 0x7d, 0x17, 0xde,
  29802. 0x3e, 0xe0, 0xba, 0x9c, 0x52, 0xbe, 0xb7, 0x43,
  29803. 0xc0, 0x94, 0x28, 0xa1, 0x31, 0xd6, 0xb1, 0xb5,
  29804. 0x73, 0x03, 0xd9, 0x0d, 0x81, 0x32, 0xc2, 0x76,
  29805. 0xd5, 0xed, 0x3d, 0x5d, 0x01, 0xc0, 0xf5, 0x38,
  29806. 0x80
  29807. };
  29808. WOLFSSL_SMALL_STACK_STATIC const byte sigPh1[] = {
  29809. 0x82, 0x2f, 0x69, 0x01, 0xf7, 0x48, 0x0f, 0x3d,
  29810. 0x5f, 0x56, 0x2c, 0x59, 0x29, 0x94, 0xd9, 0x69,
  29811. 0x36, 0x02, 0x87, 0x56, 0x14, 0x48, 0x32, 0x56,
  29812. 0x50, 0x56, 0x00, 0xbb, 0xc2, 0x81, 0xae, 0x38,
  29813. 0x1f, 0x54, 0xd6, 0xbc, 0xe2, 0xea, 0x91, 0x15,
  29814. 0x74, 0x93, 0x2f, 0x52, 0xa4, 0xe6, 0xca, 0xdd,
  29815. 0x78, 0x76, 0x93, 0x75, 0xec, 0x3f, 0xfd, 0x1b,
  29816. 0x80, 0x1a, 0x0d, 0x9b, 0x3f, 0x40, 0x30, 0xcd,
  29817. 0x43, 0x39, 0x64, 0xb6, 0x45, 0x7e, 0xa3, 0x94,
  29818. 0x76, 0x51, 0x12, 0x14, 0xf9, 0x74, 0x69, 0xb5,
  29819. 0x7d, 0xd3, 0x2d, 0xbc, 0x56, 0x0a, 0x9a, 0x94,
  29820. 0xd0, 0x0b, 0xff, 0x07, 0x62, 0x04, 0x64, 0xa3,
  29821. 0xad, 0x20, 0x3d, 0xf7, 0xdc, 0x7c, 0xe3, 0x60,
  29822. 0xc3, 0xcd, 0x36, 0x96, 0xd9, 0xd9, 0xfa, 0xb9,
  29823. 0x0f, 0x00
  29824. };
  29825. WOLFSSL_SMALL_STACK_STATIC const byte sigPh2[] = {
  29826. 0xc3, 0x22, 0x99, 0xd4, 0x6e, 0xc8, 0xff, 0x02,
  29827. 0xb5, 0x45, 0x40, 0x98, 0x28, 0x14, 0xdc, 0xe9,
  29828. 0xa0, 0x58, 0x12, 0xf8, 0x19, 0x62, 0xb6, 0x49,
  29829. 0xd5, 0x28, 0x09, 0x59, 0x16, 0xa2, 0xaa, 0x48,
  29830. 0x10, 0x65, 0xb1, 0x58, 0x04, 0x23, 0xef, 0x92,
  29831. 0x7e, 0xcf, 0x0a, 0xf5, 0x88, 0x8f, 0x90, 0xda,
  29832. 0x0f, 0x6a, 0x9a, 0x85, 0xad, 0x5d, 0xc3, 0xf2,
  29833. 0x80, 0xd9, 0x12, 0x24, 0xba, 0x99, 0x11, 0xa3,
  29834. 0x65, 0x3d, 0x00, 0xe4, 0x84, 0xe2, 0xce, 0x23,
  29835. 0x25, 0x21, 0x48, 0x1c, 0x86, 0x58, 0xdf, 0x30,
  29836. 0x4b, 0xb7, 0x74, 0x5a, 0x73, 0x51, 0x4c, 0xdb,
  29837. 0x9b, 0xf3, 0xe1, 0x57, 0x84, 0xab, 0x71, 0x28,
  29838. 0x4f, 0x8d, 0x07, 0x04, 0xa6, 0x08, 0xc5, 0x4a,
  29839. 0x6b, 0x62, 0xd9, 0x7b, 0xeb, 0x51, 0x1d, 0x13,
  29840. 0x21, 0x00
  29841. };
  29842. WOLFSSL_SMALL_STACK_STATIC const byte msgPh[] = {
  29843. 0x61,0x62,0x63
  29844. };
  29845. /* SHA-512 hash of msgPh */
  29846. WOLFSSL_SMALL_STACK_STATIC const byte hashPh[] = {
  29847. 0x48, 0x33, 0x66, 0x60, 0x13, 0x60, 0xa8, 0x77,
  29848. 0x1c, 0x68, 0x63, 0x08, 0x0c, 0xc4, 0x11, 0x4d,
  29849. 0x8d, 0xb4, 0x45, 0x30, 0xf8, 0xf1, 0xe1, 0xee,
  29850. 0x4f, 0x94, 0xea, 0x37, 0xe7, 0x8b, 0x57, 0x39,
  29851. 0xd5, 0xa1, 0x5b, 0xef, 0x18, 0x6a, 0x53, 0x86,
  29852. 0xc7, 0x57, 0x44, 0xc0, 0x52, 0x7e, 0x1f, 0xaa,
  29853. 0x9f, 0x87, 0x26, 0xe4, 0x62, 0xa1, 0x2a, 0x4f,
  29854. 0xeb, 0x06, 0xbd, 0x88, 0x01, 0xe7, 0x51, 0xe4
  29855. };
  29856. WOLFSSL_SMALL_STACK_STATIC const byte contextPh2[] = {
  29857. 0x66,0x6f,0x6f
  29858. };
  29859. outlen = sizeof(out);
  29860. XMEMSET(out, 0, sizeof(out));
  29861. ret = wc_ed448_init_ex(&key, HEAP_HINT, devId);
  29862. if (ret != 0)
  29863. return WC_TEST_RET_ENC_EC(ret);
  29864. ret = wc_ed448_import_private_key(sKeyPh, ED448_KEY_SIZE, pKeyPh,
  29865. sizeof(pKeyPh), &key);
  29866. if (ret != 0)
  29867. return WC_TEST_RET_ENC_EC(ret);
  29868. ret = wc_ed448ph_sign_msg(msgPh, sizeof(msgPh), out, &outlen, &key, NULL,
  29869. 0);
  29870. if (ret != 0)
  29871. return WC_TEST_RET_ENC_EC(ret);
  29872. if (XMEMCMP(out, sigPh1, sizeof(sigPh1)))
  29873. return WC_TEST_RET_ENC_NC;
  29874. #if defined(HAVE_ED448_VERIFY)
  29875. /* test verify on good msg */
  29876. ret = wc_ed448ph_verify_msg(out, outlen, msgPh, sizeof(msgPh), &verify, &key,
  29877. NULL, 0);
  29878. if (ret != 0 || verify != 1) {
  29879. return WC_TEST_RET_ENC_EC(ret);
  29880. }
  29881. #endif
  29882. ret = wc_ed448ph_sign_msg(msgPh, sizeof(msgPh), out, &outlen, &key,
  29883. contextPh2, sizeof(contextPh2));
  29884. if (ret != 0)
  29885. return WC_TEST_RET_ENC_EC(ret);
  29886. if (XMEMCMP(out, sigPh2, sizeof(sigPh2)))
  29887. return WC_TEST_RET_ENC_NC;
  29888. #if defined(HAVE_ED448_VERIFY)
  29889. /* test verify on good msg */
  29890. ret = wc_ed448ph_verify_msg(out, outlen, msgPh, sizeof(msgPh), &verify, &key,
  29891. contextPh2, sizeof(contextPh2));
  29892. if (ret != 0 || verify != 1) {
  29893. return WC_TEST_RET_ENC_EC(ret);
  29894. }
  29895. #endif
  29896. ret = wc_ed448ph_sign_hash(hashPh, sizeof(hashPh), out, &outlen, &key, NULL,
  29897. 0);
  29898. if (ret != 0)
  29899. return WC_TEST_RET_ENC_EC(ret);
  29900. if (XMEMCMP(out, sigPh1, sizeof(sigPh1)))
  29901. return WC_TEST_RET_ENC_NC;
  29902. #if defined(HAVE_ED448_VERIFY)
  29903. ret = wc_ed448ph_verify_hash(out, outlen, hashPh, sizeof(hashPh), &verify,
  29904. &key, NULL, 0);
  29905. if (ret != 0 || verify != 1) {
  29906. return WC_TEST_RET_ENC_EC(ret);
  29907. }
  29908. #endif
  29909. ret = wc_ed448ph_sign_hash(hashPh, sizeof(hashPh), out, &outlen, &key,
  29910. contextPh2, sizeof(contextPh2));
  29911. if (ret != 0)
  29912. return WC_TEST_RET_ENC_EC(ret);
  29913. if (XMEMCMP(out, sigPh2, sizeof(sigPh2)))
  29914. return WC_TEST_RET_ENC_NC;
  29915. #if defined(HAVE_ED448_VERIFY)
  29916. ret = wc_ed448ph_verify_hash(out, outlen, hashPh, sizeof(hashPh), &verify,
  29917. &key, contextPh2, sizeof(contextPh2));
  29918. if (ret != 0 || verify != 1) {
  29919. return WC_TEST_RET_ENC_EC(ret);
  29920. }
  29921. #endif
  29922. wc_ed448_free(&key);
  29923. return 0;
  29924. }
  29925. #endif /* HAVE_ED448_SIGN && HAVE_ED448_KEY_EXPORT && HAVE_ED448_KEY_IMPORT */
  29926. WOLFSSL_TEST_SUBROUTINE wc_test_ret_t ed448_test(void)
  29927. {
  29928. wc_test_ret_t ret;
  29929. WC_RNG rng;
  29930. #if defined(HAVE_ED448_SIGN) && defined(HAVE_ED448_KEY_EXPORT) &&\
  29931. defined(HAVE_ED448_KEY_IMPORT)
  29932. byte out[ED448_SIG_SIZE];
  29933. int i;
  29934. word32 outlen;
  29935. #ifdef HAVE_ED448_VERIFY
  29936. #ifdef WOLFSSL_ED448_STREAMING_VERIFY
  29937. int j;
  29938. #endif /* WOLFSSL_ED448_STREAMING_VERIFY */
  29939. int verify;
  29940. #endif /* HAVE_ED448_VERIFY */
  29941. #endif /* HAVE_ED448_SIGN && HAVE_ED448_KEY_EXPORT && HAVE_ED448_KEY_IMPORT */
  29942. word32 keySz, sigSz;
  29943. #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
  29944. ed448_key *key = NULL;
  29945. ed448_key *key2 = NULL;
  29946. #else
  29947. ed448_key key[1];
  29948. ed448_key key2[1];
  29949. #endif
  29950. #if defined(HAVE_ED448_SIGN) && defined(HAVE_ED448_KEY_EXPORT) && \
  29951. defined(HAVE_ED448_KEY_IMPORT)
  29952. /* test vectors from
  29953. https://tools.ietf.org/html/rfc8032
  29954. */
  29955. WOLFSSL_SMALL_STACK_STATIC const byte sKey1[] = {
  29956. 0x6c, 0x82, 0xa5, 0x62, 0xcb, 0x80, 0x8d, 0x10,
  29957. 0xd6, 0x32, 0xbe, 0x89, 0xc8, 0x51, 0x3e, 0xbf,
  29958. 0x6c, 0x92, 0x9f, 0x34, 0xdd, 0xfa, 0x8c, 0x9f,
  29959. 0x63, 0xc9, 0x96, 0x0e, 0xf6, 0xe3, 0x48, 0xa3,
  29960. 0x52, 0x8c, 0x8a, 0x3f, 0xcc, 0x2f, 0x04, 0x4e,
  29961. 0x39, 0xa3, 0xfc, 0x5b, 0x94, 0x49, 0x2f, 0x8f,
  29962. 0x03, 0x2e, 0x75, 0x49, 0xa2, 0x00, 0x98, 0xf9,
  29963. 0x5b
  29964. };
  29965. WOLFSSL_SMALL_STACK_STATIC const byte sKey2[] = {
  29966. 0xc4, 0xea, 0xb0, 0x5d, 0x35, 0x70, 0x07, 0xc6,
  29967. 0x32, 0xf3, 0xdb, 0xb4, 0x84, 0x89, 0x92, 0x4d,
  29968. 0x55, 0x2b, 0x08, 0xfe, 0x0c, 0x35, 0x3a, 0x0d,
  29969. 0x4a, 0x1f, 0x00, 0xac, 0xda, 0x2c, 0x46, 0x3a,
  29970. 0xfb, 0xea, 0x67, 0xc5, 0xe8, 0xd2, 0x87, 0x7c,
  29971. 0x5e, 0x3b, 0xc3, 0x97, 0xa6, 0x59, 0x94, 0x9e,
  29972. 0xf8, 0x02, 0x1e, 0x95, 0x4e, 0x0a, 0x12, 0x27,
  29973. 0x4e
  29974. };
  29975. WOLFSSL_SMALL_STACK_STATIC const byte sKey3[] = {
  29976. 0x25, 0x8c, 0xdd, 0x4a, 0xda, 0x32, 0xed, 0x9c,
  29977. 0x9f, 0xf5, 0x4e, 0x63, 0x75, 0x6a, 0xe5, 0x82,
  29978. 0xfb, 0x8f, 0xab, 0x2a, 0xc7, 0x21, 0xf2, 0xc8,
  29979. 0xe6, 0x76, 0xa7, 0x27, 0x68, 0x51, 0x3d, 0x93,
  29980. 0x9f, 0x63, 0xdd, 0xdb, 0x55, 0x60, 0x91, 0x33,
  29981. 0xf2, 0x9a, 0xdf, 0x86, 0xec, 0x99, 0x29, 0xdc,
  29982. 0xcb, 0x52, 0xc1, 0xc5, 0xfd, 0x2f, 0xf7, 0xe2,
  29983. 0x1b
  29984. };
  29985. /* uncompressed test */
  29986. WOLFSSL_SMALL_STACK_STATIC const byte sKey4[] = {
  29987. 0x6c, 0x82, 0xa5, 0x62, 0xcb, 0x80, 0x8d, 0x10,
  29988. 0xd6, 0x32, 0xbe, 0x89, 0xc8, 0x51, 0x3e, 0xbf,
  29989. 0x6c, 0x92, 0x9f, 0x34, 0xdd, 0xfa, 0x8c, 0x9f,
  29990. 0x63, 0xc9, 0x96, 0x0e, 0xf6, 0xe3, 0x48, 0xa3,
  29991. 0x52, 0x8c, 0x8a, 0x3f, 0xcc, 0x2f, 0x04, 0x4e,
  29992. 0x39, 0xa3, 0xfc, 0x5b, 0x94, 0x49, 0x2f, 0x8f,
  29993. 0x03, 0x2e, 0x75, 0x49, 0xa2, 0x00, 0x98, 0xf9,
  29994. 0x5b
  29995. };
  29996. /* compressed prefix test */
  29997. WOLFSSL_SMALL_STACK_STATIC const byte sKey5[] = {
  29998. 0x6c, 0x82, 0xa5, 0x62, 0xcb, 0x80, 0x8d, 0x10,
  29999. 0xd6, 0x32, 0xbe, 0x89, 0xc8, 0x51, 0x3e, 0xbf,
  30000. 0x6c, 0x92, 0x9f, 0x34, 0xdd, 0xfa, 0x8c, 0x9f,
  30001. 0x63, 0xc9, 0x96, 0x0e, 0xf6, 0xe3, 0x48, 0xa3,
  30002. 0x52, 0x8c, 0x8a, 0x3f, 0xcc, 0x2f, 0x04, 0x4e,
  30003. 0x39, 0xa3, 0xfc, 0x5b, 0x94, 0x49, 0x2f, 0x8f,
  30004. 0x03, 0x2e, 0x75, 0x49, 0xa2, 0x00, 0x98, 0xf9,
  30005. 0x5b
  30006. };
  30007. WOLFSSL_SMALL_STACK_STATIC const byte sKey6[] = {
  30008. 0x87, 0x2d, 0x09, 0x37, 0x80, 0xf5, 0xd3, 0x73,
  30009. 0x0d, 0xf7, 0xc2, 0x12, 0x66, 0x4b, 0x37, 0xb8,
  30010. 0xa0, 0xf2, 0x4f, 0x56, 0x81, 0x0d, 0xaa, 0x83,
  30011. 0x82, 0xcd, 0x4f, 0xa3, 0xf7, 0x76, 0x34, 0xec,
  30012. 0x44, 0xdc, 0x54, 0xf1, 0xc2, 0xed, 0x9b, 0xea,
  30013. 0x86, 0xfa, 0xfb, 0x76, 0x32, 0xd8, 0xbe, 0x19,
  30014. 0x9e, 0xa1, 0x65, 0xf5, 0xad, 0x55, 0xdd, 0x9c,
  30015. 0xe8
  30016. };
  30017. WOLFSSL_SMALL_STACK_STATIC const byte* sKeys[] = {sKey1, sKey2, sKey3, sKey4, sKey5, sKey6};
  30018. WOLFSSL_SMALL_STACK_STATIC const byte pKey1[] = {
  30019. 0x5f, 0xd7, 0x44, 0x9b, 0x59, 0xb4, 0x61, 0xfd,
  30020. 0x2c, 0xe7, 0x87, 0xec, 0x61, 0x6a, 0xd4, 0x6a,
  30021. 0x1d, 0xa1, 0x34, 0x24, 0x85, 0xa7, 0x0e, 0x1f,
  30022. 0x8a, 0x0e, 0xa7, 0x5d, 0x80, 0xe9, 0x67, 0x78,
  30023. 0xed, 0xf1, 0x24, 0x76, 0x9b, 0x46, 0xc7, 0x06,
  30024. 0x1b, 0xd6, 0x78, 0x3d, 0xf1, 0xe5, 0x0f, 0x6c,
  30025. 0xd1, 0xfa, 0x1a, 0xbe, 0xaf, 0xe8, 0x25, 0x61,
  30026. 0x80
  30027. };
  30028. WOLFSSL_SMALL_STACK_STATIC const byte pKey2[] = {
  30029. 0x43, 0xba, 0x28, 0xf4, 0x30, 0xcd, 0xff, 0x45,
  30030. 0x6a, 0xe5, 0x31, 0x54, 0x5f, 0x7e, 0xcd, 0x0a,
  30031. 0xc8, 0x34, 0xa5, 0x5d, 0x93, 0x58, 0xc0, 0x37,
  30032. 0x2b, 0xfa, 0x0c, 0x6c, 0x67, 0x98, 0xc0, 0x86,
  30033. 0x6a, 0xea, 0x01, 0xeb, 0x00, 0x74, 0x28, 0x02,
  30034. 0xb8, 0x43, 0x8e, 0xa4, 0xcb, 0x82, 0x16, 0x9c,
  30035. 0x23, 0x51, 0x60, 0x62, 0x7b, 0x4c, 0x3a, 0x94,
  30036. 0x80
  30037. };
  30038. WOLFSSL_SMALL_STACK_STATIC const byte pKey3[] = {
  30039. 0x3b, 0xa1, 0x6d, 0xa0, 0xc6, 0xf2, 0xcc, 0x1f,
  30040. 0x30, 0x18, 0x77, 0x40, 0x75, 0x6f, 0x5e, 0x79,
  30041. 0x8d, 0x6b, 0xc5, 0xfc, 0x01, 0x5d, 0x7c, 0x63,
  30042. 0xcc, 0x95, 0x10, 0xee, 0x3f, 0xd4, 0x4a, 0xdc,
  30043. 0x24, 0xd8, 0xe9, 0x68, 0xb6, 0xe4, 0x6e, 0x6f,
  30044. 0x94, 0xd1, 0x9b, 0x94, 0x53, 0x61, 0x72, 0x6b,
  30045. 0xd7, 0x5e, 0x14, 0x9e, 0xf0, 0x98, 0x17, 0xf5,
  30046. 0x80
  30047. };
  30048. /* uncompressed test */
  30049. WOLFSSL_SMALL_STACK_STATIC const byte pKey4[] = {
  30050. 0x5f, 0xd7, 0x44, 0x9b, 0x59, 0xb4, 0x61, 0xfd,
  30051. 0x2c, 0xe7, 0x87, 0xec, 0x61, 0x6a, 0xd4, 0x6a,
  30052. 0x1d, 0xa1, 0x34, 0x24, 0x85, 0xa7, 0x0e, 0x1f,
  30053. 0x8a, 0x0e, 0xa7, 0x5d, 0x80, 0xe9, 0x67, 0x78,
  30054. 0xed, 0xf1, 0x24, 0x76, 0x9b, 0x46, 0xc7, 0x06,
  30055. 0x1b, 0xd6, 0x78, 0x3d, 0xf1, 0xe5, 0x0f, 0x6c,
  30056. 0xd1, 0xfa, 0x1a, 0xbe, 0xaf, 0xe8, 0x25, 0x61,
  30057. 0x80
  30058. };
  30059. /* compressed prefix */
  30060. WOLFSSL_SMALL_STACK_STATIC const byte pKey5[] = {
  30061. 0x5f, 0xd7, 0x44, 0x9b, 0x59, 0xb4, 0x61, 0xfd,
  30062. 0x2c, 0xe7, 0x87, 0xec, 0x61, 0x6a, 0xd4, 0x6a,
  30063. 0x1d, 0xa1, 0x34, 0x24, 0x85, 0xa7, 0x0e, 0x1f,
  30064. 0x8a, 0x0e, 0xa7, 0x5d, 0x80, 0xe9, 0x67, 0x78,
  30065. 0xed, 0xf1, 0x24, 0x76, 0x9b, 0x46, 0xc7, 0x06,
  30066. 0x1b, 0xd6, 0x78, 0x3d, 0xf1, 0xe5, 0x0f, 0x6c,
  30067. 0xd1, 0xfa, 0x1a, 0xbe, 0xaf, 0xe8, 0x25, 0x61,
  30068. 0x80
  30069. };
  30070. WOLFSSL_SMALL_STACK_STATIC const byte pKey6[] = {
  30071. 0xa8, 0x1b, 0x2e, 0x8a, 0x70, 0xa5, 0xac, 0x94,
  30072. 0xff, 0xdb, 0xcc, 0x9b, 0xad, 0xfc, 0x3f, 0xeb,
  30073. 0x08, 0x01, 0xf2, 0x58, 0x57, 0x8b, 0xb1, 0x14,
  30074. 0xad, 0x44, 0xec, 0xe1, 0xec, 0x0e, 0x79, 0x9d,
  30075. 0xa0, 0x8e, 0xff, 0xb8, 0x1c, 0x5d, 0x68, 0x5c,
  30076. 0x0c, 0x56, 0xf6, 0x4e, 0xec, 0xae, 0xf8, 0xcd,
  30077. 0xf1, 0x1c, 0xc3, 0x87, 0x37, 0x83, 0x8c, 0xf4,
  30078. 0x00
  30079. };
  30080. WOLFSSL_SMALL_STACK_STATIC const byte* pKeys[] = {pKey1, pKey2, pKey3, pKey4, pKey5, pKey6};
  30081. WOLFSSL_SMALL_STACK_STATIC const byte pKeySz[] = {sizeof(pKey1), sizeof(pKey2), sizeof(pKey3),
  30082. sizeof(pKey4), sizeof(pKey5), sizeof(pKey6)};
  30083. WOLFSSL_SMALL_STACK_STATIC const byte sig1[] = {
  30084. 0x53, 0x3a, 0x37, 0xf6, 0xbb, 0xe4, 0x57, 0x25,
  30085. 0x1f, 0x02, 0x3c, 0x0d, 0x88, 0xf9, 0x76, 0xae,
  30086. 0x2d, 0xfb, 0x50, 0x4a, 0x84, 0x3e, 0x34, 0xd2,
  30087. 0x07, 0x4f, 0xd8, 0x23, 0xd4, 0x1a, 0x59, 0x1f,
  30088. 0x2b, 0x23, 0x3f, 0x03, 0x4f, 0x62, 0x82, 0x81,
  30089. 0xf2, 0xfd, 0x7a, 0x22, 0xdd, 0xd4, 0x7d, 0x78,
  30090. 0x28, 0xc5, 0x9b, 0xd0, 0xa2, 0x1b, 0xfd, 0x39,
  30091. 0x80, 0xff, 0x0d, 0x20, 0x28, 0xd4, 0xb1, 0x8a,
  30092. 0x9d, 0xf6, 0x3e, 0x00, 0x6c, 0x5d, 0x1c, 0x2d,
  30093. 0x34, 0x5b, 0x92, 0x5d, 0x8d, 0xc0, 0x0b, 0x41,
  30094. 0x04, 0x85, 0x2d, 0xb9, 0x9a, 0xc5, 0xc7, 0xcd,
  30095. 0xda, 0x85, 0x30, 0xa1, 0x13, 0xa0, 0xf4, 0xdb,
  30096. 0xb6, 0x11, 0x49, 0xf0, 0x5a, 0x73, 0x63, 0x26,
  30097. 0x8c, 0x71, 0xd9, 0x58, 0x08, 0xff, 0x2e, 0x65,
  30098. 0x26, 0x00
  30099. };
  30100. WOLFSSL_SMALL_STACK_STATIC const byte sig2[] = {
  30101. 0x26, 0xb8, 0xf9, 0x17, 0x27, 0xbd, 0x62, 0x89,
  30102. 0x7a, 0xf1, 0x5e, 0x41, 0xeb, 0x43, 0xc3, 0x77,
  30103. 0xef, 0xb9, 0xc6, 0x10, 0xd4, 0x8f, 0x23, 0x35,
  30104. 0xcb, 0x0b, 0xd0, 0x08, 0x78, 0x10, 0xf4, 0x35,
  30105. 0x25, 0x41, 0xb1, 0x43, 0xc4, 0xb9, 0x81, 0xb7,
  30106. 0xe1, 0x8f, 0x62, 0xde, 0x8c, 0xcd, 0xf6, 0x33,
  30107. 0xfc, 0x1b, 0xf0, 0x37, 0xab, 0x7c, 0xd7, 0x79,
  30108. 0x80, 0x5e, 0x0d, 0xbc, 0xc0, 0xaa, 0xe1, 0xcb,
  30109. 0xce, 0xe1, 0xaf, 0xb2, 0xe0, 0x27, 0xdf, 0x36,
  30110. 0xbc, 0x04, 0xdc, 0xec, 0xbf, 0x15, 0x43, 0x36,
  30111. 0xc1, 0x9f, 0x0a, 0xf7, 0xe0, 0xa6, 0x47, 0x29,
  30112. 0x05, 0xe7, 0x99, 0xf1, 0x95, 0x3d, 0x2a, 0x0f,
  30113. 0xf3, 0x34, 0x8a, 0xb2, 0x1a, 0xa4, 0xad, 0xaf,
  30114. 0xd1, 0xd2, 0x34, 0x44, 0x1c, 0xf8, 0x07, 0xc0,
  30115. 0x3a, 0x00
  30116. };
  30117. WOLFSSL_SMALL_STACK_STATIC const byte sig3[] = {
  30118. 0x7e, 0xee, 0xab, 0x7c, 0x4e, 0x50, 0xfb, 0x79,
  30119. 0x9b, 0x41, 0x8e, 0xe5, 0xe3, 0x19, 0x7f, 0xf6,
  30120. 0xbf, 0x15, 0xd4, 0x3a, 0x14, 0xc3, 0x43, 0x89,
  30121. 0xb5, 0x9d, 0xd1, 0xa7, 0xb1, 0xb8, 0x5b, 0x4a,
  30122. 0xe9, 0x04, 0x38, 0xac, 0xa6, 0x34, 0xbe, 0xa4,
  30123. 0x5e, 0x3a, 0x26, 0x95, 0xf1, 0x27, 0x0f, 0x07,
  30124. 0xfd, 0xcd, 0xf7, 0xc6, 0x2b, 0x8e, 0xfe, 0xaf,
  30125. 0x00, 0xb4, 0x5c, 0x2c, 0x96, 0xba, 0x45, 0x7e,
  30126. 0xb1, 0xa8, 0xbf, 0x07, 0x5a, 0x3d, 0xb2, 0x8e,
  30127. 0x5c, 0x24, 0xf6, 0xb9, 0x23, 0xed, 0x4a, 0xd7,
  30128. 0x47, 0xc3, 0xc9, 0xe0, 0x3c, 0x70, 0x79, 0xef,
  30129. 0xb8, 0x7c, 0xb1, 0x10, 0xd3, 0xa9, 0x98, 0x61,
  30130. 0xe7, 0x20, 0x03, 0xcb, 0xae, 0x6d, 0x6b, 0x8b,
  30131. 0x82, 0x7e, 0x4e, 0x6c, 0x14, 0x30, 0x64, 0xff,
  30132. 0x3c, 0x00
  30133. };
  30134. /* uncompressed test */
  30135. WOLFSSL_SMALL_STACK_STATIC const byte sig4[] = {
  30136. 0x53, 0x3a, 0x37, 0xf6, 0xbb, 0xe4, 0x57, 0x25,
  30137. 0x1f, 0x02, 0x3c, 0x0d, 0x88, 0xf9, 0x76, 0xae,
  30138. 0x2d, 0xfb, 0x50, 0x4a, 0x84, 0x3e, 0x34, 0xd2,
  30139. 0x07, 0x4f, 0xd8, 0x23, 0xd4, 0x1a, 0x59, 0x1f,
  30140. 0x2b, 0x23, 0x3f, 0x03, 0x4f, 0x62, 0x82, 0x81,
  30141. 0xf2, 0xfd, 0x7a, 0x22, 0xdd, 0xd4, 0x7d, 0x78,
  30142. 0x28, 0xc5, 0x9b, 0xd0, 0xa2, 0x1b, 0xfd, 0x39,
  30143. 0x80, 0xff, 0x0d, 0x20, 0x28, 0xd4, 0xb1, 0x8a,
  30144. 0x9d, 0xf6, 0x3e, 0x00, 0x6c, 0x5d, 0x1c, 0x2d,
  30145. 0x34, 0x5b, 0x92, 0x5d, 0x8d, 0xc0, 0x0b, 0x41,
  30146. 0x04, 0x85, 0x2d, 0xb9, 0x9a, 0xc5, 0xc7, 0xcd,
  30147. 0xda, 0x85, 0x30, 0xa1, 0x13, 0xa0, 0xf4, 0xdb,
  30148. 0xb6, 0x11, 0x49, 0xf0, 0x5a, 0x73, 0x63, 0x26,
  30149. 0x8c, 0x71, 0xd9, 0x58, 0x08, 0xff, 0x2e, 0x65,
  30150. 0x26, 0x00
  30151. };
  30152. /* compressed prefix */
  30153. WOLFSSL_SMALL_STACK_STATIC const byte sig5[] = {
  30154. 0x53, 0x3a, 0x37, 0xf6, 0xbb, 0xe4, 0x57, 0x25,
  30155. 0x1f, 0x02, 0x3c, 0x0d, 0x88, 0xf9, 0x76, 0xae,
  30156. 0x2d, 0xfb, 0x50, 0x4a, 0x84, 0x3e, 0x34, 0xd2,
  30157. 0x07, 0x4f, 0xd8, 0x23, 0xd4, 0x1a, 0x59, 0x1f,
  30158. 0x2b, 0x23, 0x3f, 0x03, 0x4f, 0x62, 0x82, 0x81,
  30159. 0xf2, 0xfd, 0x7a, 0x22, 0xdd, 0xd4, 0x7d, 0x78,
  30160. 0x28, 0xc5, 0x9b, 0xd0, 0xa2, 0x1b, 0xfd, 0x39,
  30161. 0x80, 0xff, 0x0d, 0x20, 0x28, 0xd4, 0xb1, 0x8a,
  30162. 0x9d, 0xf6, 0x3e, 0x00, 0x6c, 0x5d, 0x1c, 0x2d,
  30163. 0x34, 0x5b, 0x92, 0x5d, 0x8d, 0xc0, 0x0b, 0x41,
  30164. 0x04, 0x85, 0x2d, 0xb9, 0x9a, 0xc5, 0xc7, 0xcd,
  30165. 0xda, 0x85, 0x30, 0xa1, 0x13, 0xa0, 0xf4, 0xdb,
  30166. 0xb6, 0x11, 0x49, 0xf0, 0x5a, 0x73, 0x63, 0x26,
  30167. 0x8c, 0x71, 0xd9, 0x58, 0x08, 0xff, 0x2e, 0x65,
  30168. 0x26, 0x00
  30169. };
  30170. WOLFSSL_SMALL_STACK_STATIC const byte sig6[] = {
  30171. 0xe3, 0x01, 0x34, 0x5a, 0x41, 0xa3, 0x9a, 0x4d,
  30172. 0x72, 0xff, 0xf8, 0xdf, 0x69, 0xc9, 0x80, 0x75,
  30173. 0xa0, 0xcc, 0x08, 0x2b, 0x80, 0x2f, 0xc9, 0xb2,
  30174. 0xb6, 0xbc, 0x50, 0x3f, 0x92, 0x6b, 0x65, 0xbd,
  30175. 0xdf, 0x7f, 0x4c, 0x8f, 0x1c, 0xb4, 0x9f, 0x63,
  30176. 0x96, 0xaf, 0xc8, 0xa7, 0x0a, 0xbe, 0x6d, 0x8a,
  30177. 0xef, 0x0d, 0xb4, 0x78, 0xd4, 0xc6, 0xb2, 0x97,
  30178. 0x00, 0x76, 0xc6, 0xa0, 0x48, 0x4f, 0xe7, 0x6d,
  30179. 0x76, 0xb3, 0xa9, 0x76, 0x25, 0xd7, 0x9f, 0x1c,
  30180. 0xe2, 0x40, 0xe7, 0xc5, 0x76, 0x75, 0x0d, 0x29,
  30181. 0x55, 0x28, 0x28, 0x6f, 0x71, 0x9b, 0x41, 0x3d,
  30182. 0xe9, 0xad, 0xa3, 0xe8, 0xeb, 0x78, 0xed, 0x57,
  30183. 0x36, 0x03, 0xce, 0x30, 0xd8, 0xbb, 0x76, 0x17,
  30184. 0x85, 0xdc, 0x30, 0xdb, 0xc3, 0x20, 0x86, 0x9e,
  30185. 0x1a, 0x00
  30186. };
  30187. WOLFSSL_SMALL_STACK_STATIC const byte* sigs[] = {sig1, sig2, sig3, sig4, sig5, sig6};
  30188. #define SIGSZ sizeof(sig1)
  30189. PEDANTIC_EXTENSION WOLFSSL_SMALL_STACK_STATIC const byte msg1[] = { };
  30190. WOLFSSL_SMALL_STACK_STATIC const byte msg2[] = { 0x03 };
  30191. WOLFSSL_SMALL_STACK_STATIC const byte msg3[] = { 0x64, 0xa6, 0x5f, 0x3c, 0xde, 0xdc, 0xdd,
  30192. 0x66, 0x81, 0x1e, 0x29, 0x15 };
  30193. /* test of a 1023 byte long message */
  30194. WOLFSSL_SMALL_STACK_STATIC const byte msg4[] = {
  30195. 0x6d, 0xdf, 0x80, 0x2e, 0x1a, 0xae, 0x49, 0x86,
  30196. 0x93, 0x5f, 0x7f, 0x98, 0x1b, 0xa3, 0xf0, 0x35,
  30197. 0x1d, 0x62, 0x73, 0xc0, 0xa0, 0xc2, 0x2c, 0x9c,
  30198. 0x0e, 0x83, 0x39, 0x16, 0x8e, 0x67, 0x54, 0x12,
  30199. 0xa3, 0xde, 0xbf, 0xaf, 0x43, 0x5e, 0xd6, 0x51,
  30200. 0x55, 0x80, 0x07, 0xdb, 0x43, 0x84, 0xb6, 0x50,
  30201. 0xfc, 0xc0, 0x7e, 0x3b, 0x58, 0x6a, 0x27, 0xa4,
  30202. 0xf7, 0xa0, 0x0a, 0xc8, 0xa6, 0xfe, 0xc2, 0xcd,
  30203. 0x86, 0xae, 0x4b, 0xf1, 0x57, 0x0c, 0x41, 0xe6,
  30204. 0xa4, 0x0c, 0x93, 0x1d, 0xb2, 0x7b, 0x2f, 0xaa,
  30205. 0x15, 0xa8, 0xce, 0xdd, 0x52, 0xcf, 0xf7, 0x36,
  30206. 0x2c, 0x4e, 0x6e, 0x23, 0xda, 0xec, 0x0f, 0xbc,
  30207. 0x3a, 0x79, 0xb6, 0x80, 0x6e, 0x31, 0x6e, 0xfc,
  30208. 0xc7, 0xb6, 0x81, 0x19, 0xbf, 0x46, 0xbc, 0x76,
  30209. 0xa2, 0x60, 0x67, 0xa5, 0x3f, 0x29, 0x6d, 0xaf,
  30210. 0xdb, 0xdc, 0x11, 0xc7, 0x7f, 0x77, 0x77, 0xe9,
  30211. 0x72, 0x66, 0x0c, 0xf4, 0xb6, 0xa9, 0xb3, 0x69,
  30212. 0xa6, 0x66, 0x5f, 0x02, 0xe0, 0xcc, 0x9b, 0x6e,
  30213. 0xdf, 0xad, 0x13, 0x6b, 0x4f, 0xab, 0xe7, 0x23,
  30214. 0xd2, 0x81, 0x3d, 0xb3, 0x13, 0x6c, 0xfd, 0xe9,
  30215. 0xb6, 0xd0, 0x44, 0x32, 0x2f, 0xee, 0x29, 0x47,
  30216. 0x95, 0x2e, 0x03, 0x1b, 0x73, 0xab, 0x5c, 0x60,
  30217. 0x33, 0x49, 0xb3, 0x07, 0xbd, 0xc2, 0x7b, 0xc6,
  30218. 0xcb, 0x8b, 0x8b, 0xbd, 0x7b, 0xd3, 0x23, 0x21,
  30219. 0x9b, 0x80, 0x33, 0xa5, 0x81, 0xb5, 0x9e, 0xad,
  30220. 0xeb, 0xb0, 0x9b, 0x3c, 0x4f, 0x3d, 0x22, 0x77,
  30221. 0xd4, 0xf0, 0x34, 0x36, 0x24, 0xac, 0xc8, 0x17,
  30222. 0x80, 0x47, 0x28, 0xb2, 0x5a, 0xb7, 0x97, 0x17,
  30223. 0x2b, 0x4c, 0x5c, 0x21, 0xa2, 0x2f, 0x9c, 0x78,
  30224. 0x39, 0xd6, 0x43, 0x00, 0x23, 0x2e, 0xb6, 0x6e,
  30225. 0x53, 0xf3, 0x1c, 0x72, 0x3f, 0xa3, 0x7f, 0xe3,
  30226. 0x87, 0xc7, 0xd3, 0xe5, 0x0b, 0xdf, 0x98, 0x13,
  30227. 0xa3, 0x0e, 0x5b, 0xb1, 0x2c, 0xf4, 0xcd, 0x93,
  30228. 0x0c, 0x40, 0xcf, 0xb4, 0xe1, 0xfc, 0x62, 0x25,
  30229. 0x92, 0xa4, 0x95, 0x88, 0x79, 0x44, 0x94, 0xd5,
  30230. 0x6d, 0x24, 0xea, 0x4b, 0x40, 0xc8, 0x9f, 0xc0,
  30231. 0x59, 0x6c, 0xc9, 0xeb, 0xb9, 0x61, 0xc8, 0xcb,
  30232. 0x10, 0xad, 0xde, 0x97, 0x6a, 0x5d, 0x60, 0x2b,
  30233. 0x1c, 0x3f, 0x85, 0xb9, 0xb9, 0xa0, 0x01, 0xed,
  30234. 0x3c, 0x6a, 0x4d, 0x3b, 0x14, 0x37, 0xf5, 0x20,
  30235. 0x96, 0xcd, 0x19, 0x56, 0xd0, 0x42, 0xa5, 0x97,
  30236. 0xd5, 0x61, 0xa5, 0x96, 0xec, 0xd3, 0xd1, 0x73,
  30237. 0x5a, 0x8d, 0x57, 0x0e, 0xa0, 0xec, 0x27, 0x22,
  30238. 0x5a, 0x2c, 0x4a, 0xaf, 0xf2, 0x63, 0x06, 0xd1,
  30239. 0x52, 0x6c, 0x1a, 0xf3, 0xca, 0x6d, 0x9c, 0xf5,
  30240. 0xa2, 0xc9, 0x8f, 0x47, 0xe1, 0xc4, 0x6d, 0xb9,
  30241. 0xa3, 0x32, 0x34, 0xcf, 0xd4, 0xd8, 0x1f, 0x2c,
  30242. 0x98, 0x53, 0x8a, 0x09, 0xeb, 0xe7, 0x69, 0x98,
  30243. 0xd0, 0xd8, 0xfd, 0x25, 0x99, 0x7c, 0x7d, 0x25,
  30244. 0x5c, 0x6d, 0x66, 0xec, 0xe6, 0xfa, 0x56, 0xf1,
  30245. 0x11, 0x44, 0x95, 0x0f, 0x02, 0x77, 0x95, 0xe6,
  30246. 0x53, 0x00, 0x8f, 0x4b, 0xd7, 0xca, 0x2d, 0xee,
  30247. 0x85, 0xd8, 0xe9, 0x0f, 0x3d, 0xc3, 0x15, 0x13,
  30248. 0x0c, 0xe2, 0xa0, 0x03, 0x75, 0xa3, 0x18, 0xc7,
  30249. 0xc3, 0xd9, 0x7b, 0xe2, 0xc8, 0xce, 0x5b, 0x6d,
  30250. 0xb4, 0x1a, 0x62, 0x54, 0xff, 0x26, 0x4f, 0xa6,
  30251. 0x15, 0x5b, 0xae, 0xe3, 0xb0, 0x77, 0x3c, 0x0f,
  30252. 0x49, 0x7c, 0x57, 0x3f, 0x19, 0xbb, 0x4f, 0x42,
  30253. 0x40, 0x28, 0x1f, 0x0b, 0x1f, 0x4f, 0x7b, 0xe8,
  30254. 0x57, 0xa4, 0xe5, 0x9d, 0x41, 0x6c, 0x06, 0xb4,
  30255. 0xc5, 0x0f, 0xa0, 0x9e, 0x18, 0x10, 0xdd, 0xc6,
  30256. 0xb1, 0x46, 0x7b, 0xae, 0xac, 0x5a, 0x36, 0x68,
  30257. 0xd1, 0x1b, 0x6e, 0xca, 0xa9, 0x01, 0x44, 0x00,
  30258. 0x16, 0xf3, 0x89, 0xf8, 0x0a, 0xcc, 0x4d, 0xb9,
  30259. 0x77, 0x02, 0x5e, 0x7f, 0x59, 0x24, 0x38, 0x8c,
  30260. 0x7e, 0x34, 0x0a, 0x73, 0x2e, 0x55, 0x44, 0x40,
  30261. 0xe7, 0x65, 0x70, 0xf8, 0xdd, 0x71, 0xb7, 0xd6,
  30262. 0x40, 0xb3, 0x45, 0x0d, 0x1f, 0xd5, 0xf0, 0x41,
  30263. 0x0a, 0x18, 0xf9, 0xa3, 0x49, 0x4f, 0x70, 0x7c,
  30264. 0x71, 0x7b, 0x79, 0xb4, 0xbf, 0x75, 0xc9, 0x84,
  30265. 0x00, 0xb0, 0x96, 0xb2, 0x16, 0x53, 0xb5, 0xd2,
  30266. 0x17, 0xcf, 0x35, 0x65, 0xc9, 0x59, 0x74, 0x56,
  30267. 0xf7, 0x07, 0x03, 0x49, 0x7a, 0x07, 0x87, 0x63,
  30268. 0x82, 0x9b, 0xc0, 0x1b, 0xb1, 0xcb, 0xc8, 0xfa,
  30269. 0x04, 0xea, 0xdc, 0x9a, 0x6e, 0x3f, 0x66, 0x99,
  30270. 0x58, 0x7a, 0x9e, 0x75, 0xc9, 0x4e, 0x5b, 0xab,
  30271. 0x00, 0x36, 0xe0, 0xb2, 0xe7, 0x11, 0x39, 0x2c,
  30272. 0xff, 0x00, 0x47, 0xd0, 0xd6, 0xb0, 0x5b, 0xd2,
  30273. 0xa5, 0x88, 0xbc, 0x10, 0x97, 0x18, 0x95, 0x42,
  30274. 0x59, 0xf1, 0xd8, 0x66, 0x78, 0xa5, 0x79, 0xa3,
  30275. 0x12, 0x0f, 0x19, 0xcf, 0xb2, 0x96, 0x3f, 0x17,
  30276. 0x7a, 0xeb, 0x70, 0xf2, 0xd4, 0x84, 0x48, 0x26,
  30277. 0x26, 0x2e, 0x51, 0xb8, 0x02, 0x71, 0x27, 0x20,
  30278. 0x68, 0xef, 0x5b, 0x38, 0x56, 0xfa, 0x85, 0x35,
  30279. 0xaa, 0x2a, 0x88, 0xb2, 0xd4, 0x1f, 0x2a, 0x0e,
  30280. 0x2f, 0xda, 0x76, 0x24, 0xc2, 0x85, 0x02, 0x72,
  30281. 0xac, 0x4a, 0x2f, 0x56, 0x1f, 0x8f, 0x2f, 0x7a,
  30282. 0x31, 0x8b, 0xfd, 0x5c, 0xaf, 0x96, 0x96, 0x14,
  30283. 0x9e, 0x4a, 0xc8, 0x24, 0xad, 0x34, 0x60, 0x53,
  30284. 0x8f, 0xdc, 0x25, 0x42, 0x1b, 0xee, 0xc2, 0xcc,
  30285. 0x68, 0x18, 0x16, 0x2d, 0x06, 0xbb, 0xed, 0x0c,
  30286. 0x40, 0xa3, 0x87, 0x19, 0x23, 0x49, 0xdb, 0x67,
  30287. 0xa1, 0x18, 0xba, 0xda, 0x6c, 0xd5, 0xab, 0x01,
  30288. 0x40, 0xee, 0x27, 0x32, 0x04, 0xf6, 0x28, 0xaa,
  30289. 0xd1, 0xc1, 0x35, 0xf7, 0x70, 0x27, 0x9a, 0x65,
  30290. 0x1e, 0x24, 0xd8, 0xc1, 0x4d, 0x75, 0xa6, 0x05,
  30291. 0x9d, 0x76, 0xb9, 0x6a, 0x6f, 0xd8, 0x57, 0xde,
  30292. 0xf5, 0xe0, 0xb3, 0x54, 0xb2, 0x7a, 0xb9, 0x37,
  30293. 0xa5, 0x81, 0x5d, 0x16, 0xb5, 0xfa, 0xe4, 0x07,
  30294. 0xff, 0x18, 0x22, 0x2c, 0x6d, 0x1e, 0xd2, 0x63,
  30295. 0xbe, 0x68, 0xc9, 0x5f, 0x32, 0xd9, 0x08, 0xbd,
  30296. 0x89, 0x5c, 0xd7, 0x62, 0x07, 0xae, 0x72, 0x64,
  30297. 0x87, 0x56, 0x7f, 0x9a, 0x67, 0xda, 0xd7, 0x9a,
  30298. 0xbe, 0xc3, 0x16, 0xf6, 0x83, 0xb1, 0x7f, 0x2d,
  30299. 0x02, 0xbf, 0x07, 0xe0, 0xac, 0x8b, 0x5b, 0xc6,
  30300. 0x16, 0x2c, 0xf9, 0x46, 0x97, 0xb3, 0xc2, 0x7c,
  30301. 0xd1, 0xfe, 0xa4, 0x9b, 0x27, 0xf2, 0x3b, 0xa2,
  30302. 0x90, 0x18, 0x71, 0x96, 0x25, 0x06, 0x52, 0x0c,
  30303. 0x39, 0x2d, 0xa8, 0xb6, 0xad, 0x0d, 0x99, 0xf7,
  30304. 0x01, 0x3f, 0xbc, 0x06, 0xc2, 0xc1, 0x7a, 0x56,
  30305. 0x95, 0x00, 0xc8, 0xa7, 0x69, 0x64, 0x81, 0xc1,
  30306. 0xcd, 0x33, 0xe9, 0xb1, 0x4e, 0x40, 0xb8, 0x2e,
  30307. 0x79, 0xa5, 0xf5, 0xdb, 0x82, 0x57, 0x1b, 0xa9,
  30308. 0x7b, 0xae, 0x3a, 0xd3, 0xe0, 0x47, 0x95, 0x15,
  30309. 0xbb, 0x0e, 0x2b, 0x0f, 0x3b, 0xfc, 0xd1, 0xfd,
  30310. 0x33, 0x03, 0x4e, 0xfc, 0x62, 0x45, 0xed, 0xdd,
  30311. 0x7e, 0xe2, 0x08, 0x6d, 0xda, 0xe2, 0x60, 0x0d,
  30312. 0x8c, 0xa7, 0x3e, 0x21, 0x4e, 0x8c, 0x2b, 0x0b,
  30313. 0xdb, 0x2b, 0x04, 0x7c, 0x6a, 0x46, 0x4a, 0x56,
  30314. 0x2e, 0xd7, 0x7b, 0x73, 0xd2, 0xd8, 0x41, 0xc4,
  30315. 0xb3, 0x49, 0x73, 0x55, 0x12, 0x57, 0x71, 0x3b,
  30316. 0x75, 0x36, 0x32, 0xef, 0xba, 0x34, 0x81, 0x69,
  30317. 0xab, 0xc9, 0x0a, 0x68, 0xf4, 0x26, 0x11, 0xa4,
  30318. 0x01, 0x26, 0xd7, 0xcb, 0x21, 0xb5, 0x86, 0x95,
  30319. 0x56, 0x81, 0x86, 0xf7, 0xe5, 0x69, 0xd2, 0xff,
  30320. 0x0f, 0x9e, 0x74, 0x5d, 0x04, 0x87, 0xdd, 0x2e,
  30321. 0xb9, 0x97, 0xca, 0xfc, 0x5a, 0xbf, 0x9d, 0xd1,
  30322. 0x02, 0xe6, 0x2f, 0xf6, 0x6c, 0xba, 0x87
  30323. };
  30324. WOLFSSL_SMALL_STACK_STATIC const byte* msgs[] = {msg1, msg2, msg3, msg1, msg1, msg4};
  30325. WOLFSSL_SMALL_STACK_STATIC const word16 msgSz[] = {0 /*sizeof(msg1)*/,
  30326. sizeof(msg2),
  30327. sizeof(msg3),
  30328. 0 /*sizeof(msg1)*/,
  30329. 0 /*sizeof(msg1)*/,
  30330. sizeof(msg4)
  30331. };
  30332. #ifndef NO_ASN
  30333. static const byte privateEd448[] = {
  30334. 0x30, 0x47, 0x02, 0x01, 0x00, 0x30, 0x05, 0x06,
  30335. 0x03, 0x2b, 0x65, 0x71, 0x04, 0x3b, 0x04, 0x39,
  30336. 0x6c, 0x82, 0xa5, 0x62, 0xcb, 0x80, 0x8d, 0x10,
  30337. 0xd6, 0x32, 0xbe, 0x89, 0xc8, 0x51, 0x3e, 0xbf,
  30338. 0x6c, 0x92, 0x9f, 0x34, 0xdd, 0xfa, 0x8c, 0x9f,
  30339. 0x63, 0xc9, 0x96, 0x0e, 0xf6, 0xe3, 0x48, 0xa3,
  30340. 0x52, 0x8c, 0x8a, 0x3f, 0xcc, 0x2f, 0x04, 0x4e,
  30341. 0x39, 0xa3, 0xfc, 0x5b, 0x94, 0x49, 0x2f, 0x8f,
  30342. 0x03, 0x2e, 0x75, 0x49, 0xa2, 0x00, 0x98, 0xf9,
  30343. 0x5b
  30344. };
  30345. static const byte publicEd448[] = {
  30346. 0x30, 0x43, 0x30, 0x05, 0x06, 0x03, 0x2b, 0x65,
  30347. 0x71, 0x03, 0x3a, 0x00, 0x5f, 0xd7, 0x44, 0x9b,
  30348. 0x59, 0xb4, 0x61, 0xfd, 0x2c, 0xe7, 0x87, 0xec,
  30349. 0x61, 0x6a, 0xd4, 0x6a, 0x1d, 0xa1, 0x34, 0x24,
  30350. 0x85, 0xa7, 0x0e, 0x1f, 0x8a, 0x0e, 0xa7, 0x5d,
  30351. 0x80, 0xe9, 0x67, 0x78, 0xed, 0xf1, 0x24, 0x76,
  30352. 0x9b, 0x46, 0xc7, 0x06, 0x1b, 0xd6, 0x78, 0x3d,
  30353. 0xf1, 0xe5, 0x0f, 0x6c, 0xd1, 0xfa, 0x1a, 0xbe,
  30354. 0xaf, 0xe8, 0x25, 0x61, 0x80
  30355. };
  30356. static const byte privPubEd448[] = {
  30357. 0x30, 0x81, 0x82, 0x02, 0x01, 0x00, 0x30, 0x05,
  30358. 0x06, 0x03, 0x2b, 0x65, 0x71, 0x04, 0x3b, 0x04,
  30359. 0x39, 0x6c, 0x82, 0xa5, 0x62, 0xcb, 0x80, 0x8d,
  30360. 0x10, 0xd6, 0x32, 0xbe, 0x89, 0xc8, 0x51, 0x3e,
  30361. 0xbf, 0x6c, 0x92, 0x9f, 0x34, 0xdd, 0xfa, 0x8c,
  30362. 0x9f, 0x63, 0xc9, 0x96, 0x0e, 0xf6, 0xe3, 0x48,
  30363. 0xa3, 0x52, 0x8c, 0x8a, 0x3f, 0xcc, 0x2f, 0x04,
  30364. 0x4e, 0x39, 0xa3, 0xfc, 0x5b, 0x94, 0x49, 0x2f,
  30365. 0x8f, 0x03, 0x2e, 0x75, 0x49, 0xa2, 0x00, 0x98,
  30366. 0xf9, 0x5b, 0x81, 0x39, 0x5f, 0xd7, 0x44, 0x9b,
  30367. 0x59, 0xb4, 0x61, 0xfd, 0x2c, 0xe7, 0x87, 0xec,
  30368. 0x61, 0x6a, 0xd4, 0x6a, 0x1d, 0xa1, 0x34, 0x24,
  30369. 0x85, 0xa7, 0x0e, 0x1f, 0x8a, 0x0e, 0xa7, 0x5d,
  30370. 0x80, 0xe9, 0x67, 0x78, 0xed, 0xf1, 0x24, 0x76,
  30371. 0x9b, 0x46, 0xc7, 0x06, 0x1b, 0xd6, 0x78, 0x3d,
  30372. 0xf1, 0xe5, 0x0f, 0x6c, 0xd1, 0xfa, 0x1a, 0xbe,
  30373. 0xaf, 0xe8, 0x25, 0x61, 0x80
  30374. };
  30375. word32 idx;
  30376. #endif /* NO_ASN */
  30377. #endif /* HAVE_ED448_SIGN && HAVE_ED448_KEY_EXPORT && HAVE_ED448_KEY_IMPORT */
  30378. #if !defined(NO_ASN) && defined(HAVE_ED448_SIGN)
  30379. #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
  30380. ed448_key *key3 = NULL;
  30381. #else
  30382. ed448_key key3[1];
  30383. #endif
  30384. #endif
  30385. #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
  30386. key = (ed448_key *)XMALLOC(sizeof(*key), HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  30387. key2 = (ed448_key *)XMALLOC(sizeof(*key2), HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  30388. #if !defined(NO_ASN) && defined(HAVE_ED448_SIGN)
  30389. key3 = (ed448_key *)XMALLOC(sizeof(*key3), HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  30390. #endif
  30391. #endif
  30392. /* create ed448 keys */
  30393. #ifndef HAVE_FIPS
  30394. ret = wc_InitRng_ex(&rng, HEAP_HINT, devId);
  30395. #else
  30396. ret = wc_InitRng(&rng);
  30397. #endif
  30398. if (ret != 0) {
  30399. XMEMSET(&rng, 0, sizeof(rng));
  30400. ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
  30401. }
  30402. ret = wc_ed448_init(key);
  30403. if (ret < 0)
  30404. ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
  30405. ret = wc_ed448_init(key2);
  30406. if (ret < 0)
  30407. ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
  30408. #if !defined(NO_ASN) && defined(HAVE_ED448_SIGN)
  30409. ret = wc_ed448_init(key3);
  30410. if (ret < 0)
  30411. ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
  30412. #endif
  30413. ret = wc_ed448_make_key(&rng, ED448_KEY_SIZE, key);
  30414. if (ret < 0)
  30415. ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
  30416. ret = wc_ed448_make_key(&rng, ED448_KEY_SIZE, key2);
  30417. if (ret < 0)
  30418. ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
  30419. /* helper functions for signature and key size */
  30420. keySz = wc_ed448_size(key);
  30421. sigSz = wc_ed448_sig_size(key);
  30422. #if defined(HAVE_ED448_SIGN) && defined(HAVE_ED448_KEY_EXPORT) &&\
  30423. defined(HAVE_ED448_KEY_IMPORT)
  30424. for (i = 0; i < 6; i++) {
  30425. outlen = sizeof(out);
  30426. XMEMSET(out, 0, sizeof(out));
  30427. if (wc_ed448_import_private_key(sKeys[i], ED448_KEY_SIZE, pKeys[i],
  30428. pKeySz[i], key) != 0)
  30429. ERROR_OUT(WC_TEST_RET_ENC_I(i), out);
  30430. if (wc_ed448_sign_msg(msgs[i], msgSz[i], out, &outlen, key, NULL,
  30431. 0) != 0)
  30432. ERROR_OUT(WC_TEST_RET_ENC_I(i), out);
  30433. if (XMEMCMP(out, sigs[i], 114))
  30434. ERROR_OUT(WC_TEST_RET_ENC_I(i), out);
  30435. #if defined(HAVE_ED448_VERIFY)
  30436. /* test verify on good msg */
  30437. if (wc_ed448_verify_msg(out, outlen, msgs[i], msgSz[i], &verify, key,
  30438. NULL, 0) != 0 || verify != 1)
  30439. ERROR_OUT(WC_TEST_RET_ENC_I(i), out);
  30440. #ifdef WOLFSSL_ED448_STREAMING_VERIFY
  30441. /* test verify on good msg using streaming interface directly */
  30442. if (wc_ed448_verify_msg_init(out, outlen,
  30443. key, (byte)Ed448, NULL, 0) != 0)
  30444. ERROR_OUT(WC_TEST_RET_ENC_I(i), out);
  30445. for (j = 0; j < msgSz[i]; j += i) {
  30446. if (wc_ed448_verify_msg_update(msgs[i] + j, MIN(i, msgSz[i] - j), key) != 0)
  30447. ERROR_OUT(WC_TEST_RET_ENC_I(i), out);
  30448. }
  30449. if (wc_ed448_verify_msg_final(out, outlen, &verify,
  30450. key) != 0 || verify != 1)
  30451. ERROR_OUT(WC_TEST_RET_ENC_I(i), out);
  30452. #endif /* WOLFSSL_ED448_STREAMING_VERIFY */
  30453. /* test verify on bad msg */
  30454. out[outlen-2] = out[outlen-2] + 1;
  30455. if (wc_ed448_verify_msg(out, outlen, msgs[i], msgSz[i], &verify, key,
  30456. NULL, 0) == 0 || verify == 1)
  30457. ERROR_OUT(WC_TEST_RET_ENC_I(i), out);
  30458. #endif /* HAVE_ED448_VERIFY */
  30459. /* test api for import/exporting keys */
  30460. {
  30461. byte *exportPKey = NULL;
  30462. byte *exportSKey = NULL;
  30463. word32 exportPSz = ED448_KEY_SIZE;
  30464. word32 exportSSz = ED448_KEY_SIZE;
  30465. exportPKey = (byte *)XMALLOC(exportPSz, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  30466. exportSKey = (byte *)XMALLOC(exportSSz, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  30467. if ((exportPKey == NULL) || (exportSKey == NULL))
  30468. ERROR_OUT(WC_TEST_RET_ENC_NC, out);
  30469. ret = 0;
  30470. do {
  30471. if (wc_ed448_export_public(key, exportPKey, &exportPSz) != 0) {
  30472. ret = WC_TEST_RET_ENC_I(i);
  30473. break;
  30474. }
  30475. if (wc_ed448_import_public_ex(exportPKey, exportPSz, key2, 1) != 0) {
  30476. ret = WC_TEST_RET_ENC_I(i);
  30477. break;
  30478. }
  30479. if (wc_ed448_export_private_only(key, exportSKey, &exportSSz) != 0) {
  30480. ret = WC_TEST_RET_ENC_I(i);
  30481. break;
  30482. }
  30483. if (wc_ed448_import_private_key(exportSKey, exportSSz,
  30484. exportPKey, exportPSz, key2) != 0) {
  30485. ret = WC_TEST_RET_ENC_I(i);
  30486. break;
  30487. }
  30488. /* clear "out" buffer and test sign with imported keys */
  30489. outlen = sizeof(out);
  30490. XMEMSET(out, 0, sizeof(out));
  30491. if (wc_ed448_sign_msg(msgs[i], msgSz[i], out, &outlen, key2, NULL,
  30492. 0) != 0) {
  30493. ret = WC_TEST_RET_ENC_I(i);
  30494. break;
  30495. }
  30496. } while(0);
  30497. XFREE(exportPKey, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  30498. XFREE(exportSKey, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  30499. if (ret != 0)
  30500. goto out;
  30501. }
  30502. #if defined(HAVE_ED448_VERIFY)
  30503. if (wc_ed448_verify_msg(out, outlen, msgs[i], msgSz[i], &verify, key2,
  30504. NULL, 0) != 0 || verify != 1)
  30505. ERROR_OUT(WC_TEST_RET_ENC_I(i), out);
  30506. if (XMEMCMP(out, sigs[i], SIGSZ))
  30507. ERROR_OUT(WC_TEST_RET_ENC_I(i), out);
  30508. #endif /* HAVE_ED448_VERIFY */
  30509. }
  30510. ret = ed448_ctx_test();
  30511. if (ret != 0)
  30512. goto out;
  30513. ret = ed448ph_test();
  30514. if (ret != 0)
  30515. goto out;
  30516. #ifndef NO_ASN
  30517. /* Try ASN.1 encoded private-only key and public key. */
  30518. idx = 0;
  30519. ret = wc_Ed448PrivateKeyDecode(privateEd448, &idx, key3,
  30520. sizeof(privateEd448));
  30521. if (ret != 0)
  30522. ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
  30523. ret = wc_ed448_sign_msg(msgs[0], msgSz[0], out, &outlen, key3, NULL, 0);
  30524. if (ret != BAD_FUNC_ARG)
  30525. ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
  30526. idx = 0;
  30527. ret = wc_Ed448PublicKeyDecode(publicEd448, &idx, key3, sizeof(publicEd448));
  30528. if (ret != 0)
  30529. ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
  30530. ret = wc_ed448_sign_msg(msgs[0], msgSz[0], out, &outlen, key3, NULL, 0);
  30531. if (ret != 0)
  30532. ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
  30533. if (XMEMCMP(out, sigs[0], SIGSZ))
  30534. ERROR_OUT(WC_TEST_RET_ENC_NC, out);
  30535. #if defined(HAVE_ED448_VERIFY)
  30536. /* test verify on good msg */
  30537. ret = wc_ed448_verify_msg(out, outlen, msgs[0], msgSz[0], &verify, key3,
  30538. NULL, 0);
  30539. if (ret != 0 || verify != 1)
  30540. ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
  30541. #endif /* HAVE_ED448_VERIFY */
  30542. wc_ed448_free(key3);
  30543. ret = wc_ed448_init(key3);
  30544. if (ret < 0)
  30545. ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
  30546. idx = 0;
  30547. ret = wc_Ed448PrivateKeyDecode(privPubEd448, &idx, key3,
  30548. sizeof(privPubEd448));
  30549. if (ret != 0)
  30550. ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
  30551. ret = wc_ed448_sign_msg(msgs[0], msgSz[0], out, &outlen, key3, NULL, 0);
  30552. if (ret != 0)
  30553. ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
  30554. if (XMEMCMP(out, sigs[0], SIGSZ))
  30555. ERROR_OUT(WC_TEST_RET_ENC_NC, out);
  30556. #endif /* NO_ASN */
  30557. #endif /* HAVE_ED448_SIGN && HAVE_ED448_KEY_EXPORT && HAVE_ED448_KEY_IMPORT */
  30558. ret = 0;
  30559. out:
  30560. #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
  30561. if (key) {
  30562. wc_ed448_free(key);
  30563. XFREE(key, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  30564. }
  30565. if (key2) {
  30566. wc_ed448_free(key2);
  30567. XFREE(key2, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  30568. }
  30569. #if !defined(NO_ASN) && defined(HAVE_ED448_SIGN)
  30570. if (key3) {
  30571. wc_ed448_free(key3);
  30572. XFREE(key3, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  30573. }
  30574. #endif
  30575. #else
  30576. wc_ed448_free(key);
  30577. wc_ed448_free(key2);
  30578. #if !defined(NO_ASN) && defined(HAVE_ED448_SIGN)
  30579. wc_ed448_free(key3);
  30580. #endif
  30581. #endif
  30582. #if defined(HAVE_HASHDRBG) || defined(NO_RC4)
  30583. wc_FreeRng(&rng);
  30584. #endif
  30585. if (ret < 0)
  30586. return ret;
  30587. /* hush warnings of unused keySz and sigSz */
  30588. (void)keySz;
  30589. (void)sigSz;
  30590. #ifdef WOLFSSL_TEST_CERT
  30591. ret = ed448_test_cert();
  30592. if (ret < 0)
  30593. return ret;
  30594. #ifdef WOLFSSL_CERT_GEN
  30595. ret = ed448_test_make_cert();
  30596. if (ret < 0)
  30597. return ret;
  30598. #endif /* WOLFSSL_CERT_GEN */
  30599. #endif /* WOLFSSL_TEST_CERT */
  30600. return 0;
  30601. }
  30602. #endif /* HAVE_ED448 */
  30603. #ifdef WOLFSSL_HAVE_KYBER
  30604. #ifdef WOLFSSL_WC_KYBER /* OQS and PQM4 do not support KATs */
  30605. #ifdef WOLFSSL_KYBER512
  30606. static wc_test_ret_t kyber512_kat(void)
  30607. {
  30608. KyberKey key;
  30609. wc_test_ret_t ret;
  30610. byte priv[KYBER512_PRIVATE_KEY_SIZE];
  30611. byte pub[KYBER512_PUBLIC_KEY_SIZE];
  30612. byte ct[KYBER512_CIPHER_TEXT_SIZE];
  30613. byte ss[KYBER_SS_SZ];
  30614. byte ss_dec[KYBER_SS_SZ];
  30615. const byte kyber512_rand[] = {
  30616. 0x7c, 0x99, 0x35, 0xa0, 0xb0, 0x76, 0x94, 0xaa,
  30617. 0x0c, 0x6d, 0x10, 0xe4, 0xdb, 0x6b, 0x1a, 0xdd,
  30618. 0x2f, 0xd8, 0x1a, 0x25, 0xcc, 0xb1, 0x48, 0x03,
  30619. 0x2d, 0xcd, 0x73, 0x99, 0x36, 0x73, 0x7f, 0x2d,
  30620. 0x86, 0x26, 0xED, 0x79, 0xD4, 0x51, 0x14, 0x08,
  30621. 0x00, 0xE0, 0x3B, 0x59, 0xB9, 0x56, 0xF8, 0x21,
  30622. 0x0E, 0x55, 0x60, 0x67, 0x40, 0x7D, 0x13, 0xDC,
  30623. 0x90, 0xFA, 0x9E, 0x8B, 0x87, 0x2B, 0xFB, 0x8F
  30624. };
  30625. const byte kyber512enc_rand[] = {
  30626. 0x14, 0x7c, 0x03, 0xf7, 0xa5, 0xbe, 0xbb, 0xa4,
  30627. 0x06, 0xc8, 0xfa, 0xe1, 0x87, 0x4d, 0x7f, 0x13,
  30628. 0xc8, 0x0e, 0xfe, 0x79, 0xa3, 0xa9, 0xa8, 0x74,
  30629. 0xcc, 0x09, 0xfe, 0x76, 0xf6, 0x99, 0x76, 0x15
  30630. };
  30631. const byte kyber512_pk[] = {
  30632. 0x11, 0x5A, 0xCE, 0x0E, 0x64, 0x67, 0x7C, 0xBB,
  30633. 0x7D, 0xCF, 0xC9, 0x3C, 0x16, 0xD3, 0xA3, 0x05,
  30634. 0xF6, 0x76, 0x15, 0xA4, 0x88, 0xD7, 0x11, 0xAA,
  30635. 0x56, 0x69, 0x8C, 0x56, 0x63, 0xAB, 0x7A, 0xC9,
  30636. 0xCE, 0x66, 0xD5, 0x47, 0xC0, 0x59, 0x5F, 0x98,
  30637. 0xA4, 0x3F, 0x46, 0x50, 0xBB, 0xE0, 0x8C, 0x36,
  30638. 0x4D, 0x97, 0x67, 0x89, 0x11, 0x7D, 0x34, 0xF6,
  30639. 0xAE, 0x51, 0xAC, 0x06, 0x3C, 0xB5, 0x5C, 0x6C,
  30640. 0xA3, 0x25, 0x58, 0x22, 0x7D, 0xFE, 0xF8, 0x07,
  30641. 0xD1, 0x9C, 0x30, 0xDE, 0x41, 0x44, 0x24, 0x09,
  30642. 0x7F, 0x6A, 0xA2, 0x36, 0xA1, 0x05, 0x3B, 0x4A,
  30643. 0x07, 0xA7, 0x6B, 0xE3, 0x72, 0xA5, 0xC6, 0xB6,
  30644. 0x00, 0x27, 0x91, 0xEB, 0xE0, 0xAF, 0xDA, 0xF5,
  30645. 0x4E, 0x1C, 0xA2, 0x37, 0xFF, 0x54, 0x5B, 0xA6,
  30646. 0x83, 0x43, 0xE7, 0x45, 0xC0, 0x4A, 0xD1, 0x63,
  30647. 0x9D, 0xBC, 0x59, 0x03, 0x46, 0xB6, 0xB9, 0x56,
  30648. 0x9B, 0x56, 0xDB, 0xBF, 0xE5, 0x31, 0x51, 0x91,
  30649. 0x30, 0x66, 0xE5, 0xC8, 0x55, 0x27, 0xDC, 0x94,
  30650. 0x68, 0x11, 0x0A, 0x13, 0x6A, 0x41, 0x14, 0x97,
  30651. 0xC2, 0x27, 0xDC, 0xB8, 0xC9, 0xB2, 0x55, 0x70,
  30652. 0xB7, 0xA0, 0xE4, 0x2A, 0xAD, 0xA6, 0x70, 0x9F,
  30653. 0x23, 0x20, 0x8F, 0x5D, 0x49, 0x6E, 0xBA, 0xB7,
  30654. 0x84, 0x3F, 0x64, 0x83, 0xBF, 0x0C, 0x0C, 0x73,
  30655. 0xA4, 0x02, 0x96, 0xEC, 0x2C, 0x64, 0x40, 0x00,
  30656. 0x13, 0x94, 0xC9, 0x9C, 0xA1, 0x73, 0xD5, 0xC7,
  30657. 0x75, 0xB7, 0xF4, 0x15, 0xD0, 0x2A, 0x5A, 0x26,
  30658. 0xA0, 0x74, 0x07, 0x91, 0x85, 0x87, 0xC4, 0x11,
  30659. 0x69, 0xF2, 0xB7, 0x17, 0x87, 0x55, 0xAC, 0xC2,
  30660. 0x7F, 0xC8, 0xB1, 0x9C, 0x4C, 0x4B, 0x3F, 0xCD,
  30661. 0x41, 0x05, 0x3F, 0x2C, 0x74, 0xC8, 0xA1, 0x0A,
  30662. 0x83, 0x21, 0x24, 0x1B, 0x28, 0x02, 0x43, 0x28,
  30663. 0x75, 0xAE, 0x80, 0x8B, 0x9E, 0xF1, 0x36, 0x5C,
  30664. 0x7B, 0x8A, 0x52, 0x90, 0x2F, 0x13, 0x17, 0xBA,
  30665. 0x2F, 0xB0, 0x26, 0x9F, 0x47, 0x93, 0x06, 0x72,
  30666. 0x10, 0x7B, 0x47, 0x26, 0xFE, 0xF6, 0x45, 0x47,
  30667. 0x39, 0x4D, 0x33, 0x20, 0xC8, 0xF1, 0x20, 0xB3,
  30668. 0xC2, 0xF4, 0x72, 0x5B, 0x03, 0x05, 0xFA, 0xB8,
  30669. 0x8C, 0xC7, 0x98, 0x1F, 0xCB, 0x09, 0xA7, 0x6A,
  30670. 0x1C, 0xBF, 0x7F, 0x17, 0x9F, 0x43, 0xBB, 0x0A,
  30671. 0x4C, 0x8B, 0x05, 0x90, 0x85, 0x7F, 0x1E, 0x69,
  30672. 0x70, 0x84, 0x66, 0xC7, 0xF8, 0x60, 0x73, 0x91,
  30673. 0xE7, 0xBC, 0x52, 0x68, 0xBF, 0xD3, 0xD7, 0xA1,
  30674. 0xDF, 0xFC, 0xB4, 0xEC, 0xA2, 0xA1, 0xC9, 0xB5,
  30675. 0x97, 0x59, 0x30, 0x13, 0xD5, 0xFC, 0x42, 0x02,
  30676. 0xEC, 0x2B, 0x74, 0xE5, 0x7A, 0xB7, 0x6B, 0xBC,
  30677. 0xF3, 0x63, 0x2B, 0xBA, 0xF9, 0x7C, 0xDC, 0x41,
  30678. 0x8A, 0x6F, 0x16, 0x39, 0x28, 0x38, 0xCA, 0x9B,
  30679. 0xF4, 0x5D, 0xDF, 0x02, 0x37, 0x77, 0xB7, 0x56,
  30680. 0x18, 0x33, 0xC1, 0x05, 0x19, 0x0F, 0x94, 0xF3,
  30681. 0x02, 0xC5, 0x9B, 0x53, 0x19, 0x00, 0xBB, 0xC8,
  30682. 0x16, 0x36, 0x1F, 0xAA, 0x5B, 0x33, 0x80, 0xCA,
  30683. 0x3A, 0x89, 0x31, 0x04, 0xCA, 0x73, 0x88, 0xB1,
  30684. 0x85, 0x67, 0x1B, 0x3E, 0x5F, 0xE3, 0x79, 0x0E,
  30685. 0x9A, 0x62, 0x6E, 0xC4, 0x6D, 0x9B, 0x0B, 0x33,
  30686. 0xC7, 0xA4, 0x19, 0xAF, 0x7B, 0x32, 0xB6, 0x85,
  30687. 0x98, 0x94, 0xF5, 0x75, 0xD8, 0x2A, 0xC5, 0x45,
  30688. 0x6B, 0x54, 0x90, 0xA7, 0xAF, 0x8F, 0xE6, 0x10,
  30689. 0x46, 0x36, 0x05, 0x89, 0xEC, 0xBA, 0x72, 0x44,
  30690. 0x23, 0x6F, 0x41, 0x23, 0x11, 0x6B, 0x61, 0x74,
  30691. 0xAA, 0x17, 0x92, 0x49, 0xA4, 0x91, 0x95, 0xB3,
  30692. 0x56, 0xC7, 0x2F, 0xC6, 0x64, 0x1F, 0x02, 0x51,
  30693. 0x81, 0x2E, 0xAA, 0x98, 0x57, 0x0B, 0x04, 0x66,
  30694. 0x99, 0x07, 0x0E, 0x08, 0x19, 0xDC, 0x27, 0x13,
  30695. 0xF4, 0x69, 0x13, 0x7D, 0xFC, 0x6A, 0x3D, 0x7B,
  30696. 0x92, 0xB2, 0x98, 0x99, 0x5E, 0xE7, 0x80, 0x36,
  30697. 0x91, 0x53, 0xAC, 0x36, 0x6B, 0x06, 0xD7, 0x24,
  30698. 0x9C, 0xD0, 0x9E, 0x1B, 0x33, 0x78, 0xFB, 0x04,
  30699. 0x39, 0x9C, 0xEC, 0xB8, 0x65, 0x05, 0x81, 0xD6,
  30700. 0x37, 0xC7, 0x9A, 0xE6, 0x7D, 0x6F, 0x2C, 0xAF,
  30701. 0x6A, 0xBA, 0xCF, 0x59, 0x81, 0x59, 0xA7, 0x79,
  30702. 0x2C, 0xB3, 0xC9, 0x71, 0xD1, 0x49, 0x9D, 0x23,
  30703. 0x73, 0xAD, 0x20, 0xF6, 0x3F, 0x03, 0xBB, 0x59,
  30704. 0xED, 0x13, 0x73, 0x84, 0xAC, 0x61, 0xA7, 0x15,
  30705. 0x51, 0x43, 0xB8, 0xCA, 0x49, 0x32, 0x61, 0x2E,
  30706. 0xC9, 0x15, 0xE4, 0xCA, 0x34, 0x6A, 0x9B, 0xCE,
  30707. 0x5D, 0xD6, 0x04, 0x17, 0xC6, 0xB2, 0xA8, 0x9B,
  30708. 0x1C, 0xC4, 0x35, 0x64, 0x3F, 0x87, 0x5B, 0xDC,
  30709. 0x5A, 0x7E, 0x5B, 0x34, 0x81, 0xCF, 0x91, 0x9E,
  30710. 0xA0, 0x91, 0x72, 0xFE, 0xBC, 0x46, 0xD4, 0xFC,
  30711. 0x3F, 0xB0, 0xCB, 0x95, 0x91, 0x70, 0x4E, 0xE2,
  30712. 0xDB, 0xB6, 0x18, 0x44, 0xB2, 0xF3, 0x31, 0x4A,
  30713. 0x06, 0xBB, 0x6C, 0x6D, 0x34, 0x00, 0x5E, 0x48,
  30714. 0x5C, 0xE6, 0x67, 0xBD, 0xC7, 0xD0, 0x98, 0x58,
  30715. 0x69, 0x28, 0xD2, 0xD9, 0x13, 0x40, 0xF0, 0x04,
  30716. 0x19, 0xEA, 0x40, 0x13, 0x51, 0xA2, 0x40, 0xA0,
  30717. 0xB0, 0x41, 0x05, 0x8B, 0xEF, 0xB0, 0xC2, 0xFD,
  30718. 0x32, 0x64, 0x5B, 0x7A, 0x2D, 0xF8, 0xF5, 0xCB,
  30719. 0xFD, 0x87, 0x33, 0x27, 0xC9, 0x78, 0xD7, 0xB3,
  30720. 0x51, 0xA2, 0x80, 0x88, 0x43, 0x88, 0x37, 0x02,
  30721. 0x4C, 0x52, 0xB9, 0xC2, 0x95, 0xCD, 0x71, 0x36,
  30722. 0x46, 0xFB, 0x5D, 0x6C, 0x0C, 0xCF, 0xB4, 0x70,
  30723. 0x73, 0x4A, 0xC2, 0xB2, 0xBC, 0x81, 0x23, 0xC2,
  30724. 0xC1, 0x3D, 0xF6, 0x93, 0x8E, 0x92, 0x45, 0x5A,
  30725. 0x86, 0x26, 0x39, 0xFE, 0xB8, 0xA6, 0x4B, 0x85,
  30726. 0x16, 0x3E, 0x32, 0x70, 0x7E, 0x03, 0x7B, 0x38,
  30727. 0xD8, 0xAC, 0x39, 0x22, 0xB4, 0x51, 0x87, 0xBB,
  30728. 0x65, 0xEA, 0xFD, 0x46, 0x5F, 0xC6, 0x4A, 0x0C,
  30729. 0x5F, 0x8F, 0x3F, 0x90, 0x03, 0x48, 0x94, 0x15,
  30730. 0x89, 0x9D, 0x59, 0xA5, 0x43, 0xD8, 0x20, 0x8C,
  30731. 0x54, 0xA3, 0x16, 0x65, 0x29, 0xB5, 0x39, 0x22
  30732. };
  30733. const byte kyber512_sk[] = {
  30734. 0x6C, 0x89, 0x2B, 0x02, 0x97, 0xA9, 0xC7, 0x64,
  30735. 0x14, 0x93, 0xF8, 0x7D, 0xAF, 0x35, 0x33, 0xEE,
  30736. 0xD6, 0x1F, 0x07, 0xF4, 0x65, 0x20, 0x66, 0x33,
  30737. 0x7E, 0xD7, 0x40, 0x46, 0xDC, 0xC7, 0x1B, 0xA0,
  30738. 0x3F, 0x30, 0x96, 0x01, 0x03, 0x16, 0x1F, 0x7D,
  30739. 0xEB, 0x53, 0xA7, 0x1B, 0x11, 0x61, 0x72, 0x63,
  30740. 0xFE, 0x2A, 0x80, 0x97, 0x69, 0xCE, 0x6D, 0x70,
  30741. 0xA8, 0x5F, 0xE6, 0x00, 0xEC, 0xE2, 0x9D, 0x7F,
  30742. 0x36, 0xA1, 0x6D, 0x33, 0x1B, 0x8B, 0x2A, 0x9E,
  30743. 0x1D, 0xB8, 0xC0, 0x90, 0x74, 0x2D, 0xF0, 0x73,
  30744. 0x9F, 0xF0, 0x60, 0xCE, 0xB4, 0xEC, 0xC5, 0xAB,
  30745. 0x1C, 0x5E, 0x55, 0xAC, 0x97, 0xBB, 0x66, 0xA7,
  30746. 0xF8, 0x95, 0x10, 0x5D, 0x57, 0x78, 0x2B, 0x22,
  30747. 0x95, 0x38, 0xE3, 0x42, 0x15, 0x44, 0xA3, 0x42,
  30748. 0x14, 0x08, 0xDB, 0xF4, 0x49, 0x10, 0x93, 0x4C,
  30749. 0xC4, 0x23, 0x77, 0x4F, 0x16, 0x76, 0xFF, 0x1C,
  30750. 0x30, 0x6F, 0x97, 0x55, 0x5F, 0x57, 0xB4, 0xAE,
  30751. 0xD7, 0xA6, 0xBA, 0xB9, 0x50, 0xA8, 0x16, 0x3C,
  30752. 0x8D, 0x31, 0x8D, 0xEA, 0x62, 0x75, 0x1B, 0xD6,
  30753. 0xAB, 0xC5, 0x06, 0x9C, 0x06, 0xC8, 0x8F, 0x33,
  30754. 0x00, 0x26, 0xA1, 0x98, 0x06, 0xA0, 0x3B, 0x97,
  30755. 0xA7, 0x69, 0x6B, 0x56, 0xDA, 0x21, 0x82, 0x7B,
  30756. 0xB4, 0xE8, 0xDC, 0x03, 0x11, 0x52, 0xB4, 0x1B,
  30757. 0x89, 0x2A, 0x9E, 0x99, 0xAD, 0xF6, 0xE1, 0x96,
  30758. 0x3E, 0x96, 0x57, 0x88, 0x28, 0x15, 0x4F, 0x46,
  30759. 0x70, 0x33, 0x84, 0x69, 0x20, 0xFB, 0xB4, 0xB8,
  30760. 0x05, 0x44, 0xE7, 0xE8, 0xA8, 0x1A, 0xE9, 0x63,
  30761. 0xCF, 0x36, 0x8C, 0x9B, 0xA0, 0x37, 0xA8, 0xC2,
  30762. 0xAD, 0x62, 0xE3, 0x2B, 0x6E, 0x61, 0xC9, 0x1D,
  30763. 0x75, 0xCE, 0x00, 0x5A, 0xB3, 0x0F, 0x80, 0x99,
  30764. 0xA1, 0xF2, 0x9D, 0x7B, 0x63, 0x05, 0xB4, 0xDC,
  30765. 0x06, 0xE2, 0x56, 0x80, 0xBB, 0x00, 0x99, 0x2F,
  30766. 0x71, 0x7F, 0xE6, 0xC1, 0x15, 0xA8, 0x08, 0x42,
  30767. 0x31, 0xCC, 0x79, 0xDD, 0x70, 0x0E, 0xA6, 0x91,
  30768. 0x2A, 0xC7, 0xFA, 0x0D, 0x93, 0x7B, 0xB6, 0xA7,
  30769. 0x56, 0x66, 0x22, 0x30, 0x47, 0x0C, 0x18, 0x9B,
  30770. 0x5A, 0xA1, 0x65, 0x3D, 0xEB, 0x93, 0x7D, 0x5A,
  30771. 0x9C, 0x25, 0xA2, 0x1D, 0x93, 0xB1, 0x90, 0x74,
  30772. 0xFC, 0x23, 0x9D, 0x81, 0x53, 0x53, 0x97, 0x97,
  30773. 0xC7, 0xD4, 0xAB, 0x62, 0x64, 0x9D, 0x76, 0xAA,
  30774. 0x55, 0x37, 0x36, 0xA9, 0x49, 0x02, 0x2C, 0x22,
  30775. 0xC5, 0x2B, 0xAE, 0xEC, 0x60, 0x5B, 0x32, 0xCE,
  30776. 0x9E, 0x5B, 0x93, 0x84, 0x90, 0x35, 0x58, 0xCA,
  30777. 0x9D, 0x6A, 0x3A, 0xBA, 0x90, 0x42, 0x3E, 0xED,
  30778. 0xA0, 0x1C, 0x94, 0x19, 0x8B, 0x19, 0x2A, 0x8B,
  30779. 0xA9, 0x06, 0x34, 0x97, 0xA0, 0xC5, 0x01, 0x33,
  30780. 0x07, 0xDD, 0xD8, 0x63, 0x52, 0x64, 0x71, 0xA4,
  30781. 0xD9, 0x95, 0x23, 0xEB, 0x41, 0x7F, 0x29, 0x1A,
  30782. 0xAC, 0x0C, 0x3A, 0x58, 0x1B, 0x6D, 0xA0, 0x07,
  30783. 0x32, 0xE5, 0xE8, 0x1B, 0x1F, 0x7C, 0x87, 0x9B,
  30784. 0x16, 0x93, 0xC1, 0x3B, 0x6F, 0x9F, 0x79, 0x31,
  30785. 0x62, 0x24, 0x29, 0xE5, 0x42, 0xAF, 0x40, 0x69,
  30786. 0x22, 0x2F, 0x04, 0x55, 0x44, 0xE0, 0xCC, 0x4F,
  30787. 0xB2, 0x4D, 0x44, 0x48, 0xCF, 0x2C, 0x65, 0x96,
  30788. 0xF5, 0xCB, 0x08, 0x62, 0x4B, 0x11, 0x85, 0x01,
  30789. 0x3B, 0x6B, 0x02, 0x08, 0x92, 0xF9, 0x6B, 0xDF,
  30790. 0xD4, 0xAD, 0xA9, 0x17, 0x9D, 0xE7, 0x27, 0xB8,
  30791. 0xD9, 0x42, 0x6E, 0x09, 0x96, 0xB5, 0xD3, 0x49,
  30792. 0x48, 0xCE, 0x02, 0xD0, 0xC3, 0x69, 0xB3, 0x7C,
  30793. 0xBB, 0x54, 0xD3, 0x47, 0x9E, 0xD8, 0xB5, 0x82,
  30794. 0xE9, 0xE7, 0x28, 0x92, 0x9B, 0x4C, 0x71, 0xC9,
  30795. 0xBE, 0x11, 0xD4, 0x5B, 0x20, 0xC4, 0xBD, 0xC3,
  30796. 0xC7, 0x43, 0x13, 0x22, 0x3F, 0x58, 0x27, 0x4E,
  30797. 0x8B, 0xA5, 0x24, 0x44, 0x47, 0xC4, 0x95, 0x95,
  30798. 0x0B, 0x84, 0xCB, 0x0C, 0x3C, 0x27, 0x36, 0x40,
  30799. 0x10, 0x8A, 0x33, 0x97, 0x94, 0x45, 0x73, 0x27,
  30800. 0x93, 0x28, 0x99, 0x6C, 0xDC, 0x0C, 0x91, 0x3C,
  30801. 0x95, 0x8A, 0xD6, 0x20, 0xBA, 0x8B, 0x5E, 0x5E,
  30802. 0xCB, 0xBB, 0x7E, 0x13, 0xCB, 0x9C, 0x70, 0xBD,
  30803. 0x5A, 0xB3, 0x0E, 0xB7, 0x48, 0x8C, 0x97, 0x00,
  30804. 0x1C, 0x20, 0x49, 0x8F, 0x1D, 0x7C, 0xC0, 0x6D,
  30805. 0xA7, 0x6B, 0xF5, 0x20, 0xC6, 0x58, 0xCC, 0xAD,
  30806. 0xFA, 0x29, 0x56, 0x42, 0x45, 0x57, 0xAB, 0xEA,
  30807. 0x8A, 0xB8, 0x92, 0x39, 0xC1, 0x78, 0x33, 0xDC,
  30808. 0x3A, 0x49, 0xB3, 0x6A, 0x9A, 0xE9, 0xA4, 0x86,
  30809. 0x94, 0x05, 0x40, 0xEB, 0x44, 0x4F, 0x97, 0x15,
  30810. 0x23, 0x57, 0xE0, 0x20, 0x35, 0x93, 0x9D, 0x75,
  30811. 0xA3, 0xC0, 0x25, 0xF4, 0x1A, 0x40, 0x08, 0x23,
  30812. 0x82, 0xA0, 0x73, 0x3C, 0x39, 0xB0, 0x62, 0x2B,
  30813. 0x74, 0x0E, 0x40, 0x75, 0x92, 0xC6, 0x2E, 0xCA,
  30814. 0xEB, 0x14, 0x32, 0xC4, 0x45, 0xB3, 0x70, 0x3A,
  30815. 0x86, 0xF6, 0x98, 0x1A, 0x27, 0x81, 0x57, 0xEA,
  30816. 0x95, 0xA6, 0xE9, 0x2D, 0x55, 0xE4, 0xB9, 0x72,
  30817. 0xF9, 0x36, 0xC2, 0xF0, 0xA6, 0x58, 0x28, 0x0E,
  30818. 0xA2, 0xB0, 0x7A, 0x48, 0x99, 0x2D, 0xF8, 0x93,
  30819. 0x7E, 0x0A, 0x2A, 0xC1, 0xDC, 0xC9, 0x74, 0xFE,
  30820. 0x00, 0xAA, 0xE1, 0xF5, 0x61, 0xFA, 0x25, 0x8E,
  30821. 0x2D, 0x25, 0x9C, 0x3E, 0x86, 0x1D, 0xCE, 0x23,
  30822. 0x60, 0x39, 0x12, 0x76, 0x06, 0xFC, 0x1C, 0xE0,
  30823. 0x09, 0x00, 0x3A, 0x7B, 0xAC, 0x94, 0x21, 0x01,
  30824. 0xDC, 0xB8, 0x22, 0xB1, 0xF3, 0xC1, 0x2B, 0xF7,
  30825. 0x32, 0x38, 0xF5, 0x46, 0xE0, 0x1C, 0x36, 0xB5,
  30826. 0xA6, 0x93, 0x61, 0x92, 0x99, 0x5C, 0xC6, 0x9C,
  30827. 0x63, 0x23, 0x74, 0x09, 0xCB, 0x53, 0xC2, 0xE3,
  30828. 0x5D, 0x74, 0x89, 0x0D, 0x18, 0x88, 0x53, 0x76,
  30829. 0xFA, 0x55, 0x03, 0xB1, 0x07, 0xA2, 0xA3, 0x92,
  30830. 0x11, 0x5A, 0xCE, 0x0E, 0x64, 0x67, 0x7C, 0xBB,
  30831. 0x7D, 0xCF, 0xC9, 0x3C, 0x16, 0xD3, 0xA3, 0x05,
  30832. 0xF6, 0x76, 0x15, 0xA4, 0x88, 0xD7, 0x11, 0xAA,
  30833. 0x56, 0x69, 0x8C, 0x56, 0x63, 0xAB, 0x7A, 0xC9,
  30834. 0xCE, 0x66, 0xD5, 0x47, 0xC0, 0x59, 0x5F, 0x98,
  30835. 0xA4, 0x3F, 0x46, 0x50, 0xBB, 0xE0, 0x8C, 0x36,
  30836. 0x4D, 0x97, 0x67, 0x89, 0x11, 0x7D, 0x34, 0xF6,
  30837. 0xAE, 0x51, 0xAC, 0x06, 0x3C, 0xB5, 0x5C, 0x6C,
  30838. 0xA3, 0x25, 0x58, 0x22, 0x7D, 0xFE, 0xF8, 0x07,
  30839. 0xD1, 0x9C, 0x30, 0xDE, 0x41, 0x44, 0x24, 0x09,
  30840. 0x7F, 0x6A, 0xA2, 0x36, 0xA1, 0x05, 0x3B, 0x4A,
  30841. 0x07, 0xA7, 0x6B, 0xE3, 0x72, 0xA5, 0xC6, 0xB6,
  30842. 0x00, 0x27, 0x91, 0xEB, 0xE0, 0xAF, 0xDA, 0xF5,
  30843. 0x4E, 0x1C, 0xA2, 0x37, 0xFF, 0x54, 0x5B, 0xA6,
  30844. 0x83, 0x43, 0xE7, 0x45, 0xC0, 0x4A, 0xD1, 0x63,
  30845. 0x9D, 0xBC, 0x59, 0x03, 0x46, 0xB6, 0xB9, 0x56,
  30846. 0x9B, 0x56, 0xDB, 0xBF, 0xE5, 0x31, 0x51, 0x91,
  30847. 0x30, 0x66, 0xE5, 0xC8, 0x55, 0x27, 0xDC, 0x94,
  30848. 0x68, 0x11, 0x0A, 0x13, 0x6A, 0x41, 0x14, 0x97,
  30849. 0xC2, 0x27, 0xDC, 0xB8, 0xC9, 0xB2, 0x55, 0x70,
  30850. 0xB7, 0xA0, 0xE4, 0x2A, 0xAD, 0xA6, 0x70, 0x9F,
  30851. 0x23, 0x20, 0x8F, 0x5D, 0x49, 0x6E, 0xBA, 0xB7,
  30852. 0x84, 0x3F, 0x64, 0x83, 0xBF, 0x0C, 0x0C, 0x73,
  30853. 0xA4, 0x02, 0x96, 0xEC, 0x2C, 0x64, 0x40, 0x00,
  30854. 0x13, 0x94, 0xC9, 0x9C, 0xA1, 0x73, 0xD5, 0xC7,
  30855. 0x75, 0xB7, 0xF4, 0x15, 0xD0, 0x2A, 0x5A, 0x26,
  30856. 0xA0, 0x74, 0x07, 0x91, 0x85, 0x87, 0xC4, 0x11,
  30857. 0x69, 0xF2, 0xB7, 0x17, 0x87, 0x55, 0xAC, 0xC2,
  30858. 0x7F, 0xC8, 0xB1, 0x9C, 0x4C, 0x4B, 0x3F, 0xCD,
  30859. 0x41, 0x05, 0x3F, 0x2C, 0x74, 0xC8, 0xA1, 0x0A,
  30860. 0x83, 0x21, 0x24, 0x1B, 0x28, 0x02, 0x43, 0x28,
  30861. 0x75, 0xAE, 0x80, 0x8B, 0x9E, 0xF1, 0x36, 0x5C,
  30862. 0x7B, 0x8A, 0x52, 0x90, 0x2F, 0x13, 0x17, 0xBA,
  30863. 0x2F, 0xB0, 0x26, 0x9F, 0x47, 0x93, 0x06, 0x72,
  30864. 0x10, 0x7B, 0x47, 0x26, 0xFE, 0xF6, 0x45, 0x47,
  30865. 0x39, 0x4D, 0x33, 0x20, 0xC8, 0xF1, 0x20, 0xB3,
  30866. 0xC2, 0xF4, 0x72, 0x5B, 0x03, 0x05, 0xFA, 0xB8,
  30867. 0x8C, 0xC7, 0x98, 0x1F, 0xCB, 0x09, 0xA7, 0x6A,
  30868. 0x1C, 0xBF, 0x7F, 0x17, 0x9F, 0x43, 0xBB, 0x0A,
  30869. 0x4C, 0x8B, 0x05, 0x90, 0x85, 0x7F, 0x1E, 0x69,
  30870. 0x70, 0x84, 0x66, 0xC7, 0xF8, 0x60, 0x73, 0x91,
  30871. 0xE7, 0xBC, 0x52, 0x68, 0xBF, 0xD3, 0xD7, 0xA1,
  30872. 0xDF, 0xFC, 0xB4, 0xEC, 0xA2, 0xA1, 0xC9, 0xB5,
  30873. 0x97, 0x59, 0x30, 0x13, 0xD5, 0xFC, 0x42, 0x02,
  30874. 0xEC, 0x2B, 0x74, 0xE5, 0x7A, 0xB7, 0x6B, 0xBC,
  30875. 0xF3, 0x63, 0x2B, 0xBA, 0xF9, 0x7C, 0xDC, 0x41,
  30876. 0x8A, 0x6F, 0x16, 0x39, 0x28, 0x38, 0xCA, 0x9B,
  30877. 0xF4, 0x5D, 0xDF, 0x02, 0x37, 0x77, 0xB7, 0x56,
  30878. 0x18, 0x33, 0xC1, 0x05, 0x19, 0x0F, 0x94, 0xF3,
  30879. 0x02, 0xC5, 0x9B, 0x53, 0x19, 0x00, 0xBB, 0xC8,
  30880. 0x16, 0x36, 0x1F, 0xAA, 0x5B, 0x33, 0x80, 0xCA,
  30881. 0x3A, 0x89, 0x31, 0x04, 0xCA, 0x73, 0x88, 0xB1,
  30882. 0x85, 0x67, 0x1B, 0x3E, 0x5F, 0xE3, 0x79, 0x0E,
  30883. 0x9A, 0x62, 0x6E, 0xC4, 0x6D, 0x9B, 0x0B, 0x33,
  30884. 0xC7, 0xA4, 0x19, 0xAF, 0x7B, 0x32, 0xB6, 0x85,
  30885. 0x98, 0x94, 0xF5, 0x75, 0xD8, 0x2A, 0xC5, 0x45,
  30886. 0x6B, 0x54, 0x90, 0xA7, 0xAF, 0x8F, 0xE6, 0x10,
  30887. 0x46, 0x36, 0x05, 0x89, 0xEC, 0xBA, 0x72, 0x44,
  30888. 0x23, 0x6F, 0x41, 0x23, 0x11, 0x6B, 0x61, 0x74,
  30889. 0xAA, 0x17, 0x92, 0x49, 0xA4, 0x91, 0x95, 0xB3,
  30890. 0x56, 0xC7, 0x2F, 0xC6, 0x64, 0x1F, 0x02, 0x51,
  30891. 0x81, 0x2E, 0xAA, 0x98, 0x57, 0x0B, 0x04, 0x66,
  30892. 0x99, 0x07, 0x0E, 0x08, 0x19, 0xDC, 0x27, 0x13,
  30893. 0xF4, 0x69, 0x13, 0x7D, 0xFC, 0x6A, 0x3D, 0x7B,
  30894. 0x92, 0xB2, 0x98, 0x99, 0x5E, 0xE7, 0x80, 0x36,
  30895. 0x91, 0x53, 0xAC, 0x36, 0x6B, 0x06, 0xD7, 0x24,
  30896. 0x9C, 0xD0, 0x9E, 0x1B, 0x33, 0x78, 0xFB, 0x04,
  30897. 0x39, 0x9C, 0xEC, 0xB8, 0x65, 0x05, 0x81, 0xD6,
  30898. 0x37, 0xC7, 0x9A, 0xE6, 0x7D, 0x6F, 0x2C, 0xAF,
  30899. 0x6A, 0xBA, 0xCF, 0x59, 0x81, 0x59, 0xA7, 0x79,
  30900. 0x2C, 0xB3, 0xC9, 0x71, 0xD1, 0x49, 0x9D, 0x23,
  30901. 0x73, 0xAD, 0x20, 0xF6, 0x3F, 0x03, 0xBB, 0x59,
  30902. 0xED, 0x13, 0x73, 0x84, 0xAC, 0x61, 0xA7, 0x15,
  30903. 0x51, 0x43, 0xB8, 0xCA, 0x49, 0x32, 0x61, 0x2E,
  30904. 0xC9, 0x15, 0xE4, 0xCA, 0x34, 0x6A, 0x9B, 0xCE,
  30905. 0x5D, 0xD6, 0x04, 0x17, 0xC6, 0xB2, 0xA8, 0x9B,
  30906. 0x1C, 0xC4, 0x35, 0x64, 0x3F, 0x87, 0x5B, 0xDC,
  30907. 0x5A, 0x7E, 0x5B, 0x34, 0x81, 0xCF, 0x91, 0x9E,
  30908. 0xA0, 0x91, 0x72, 0xFE, 0xBC, 0x46, 0xD4, 0xFC,
  30909. 0x3F, 0xB0, 0xCB, 0x95, 0x91, 0x70, 0x4E, 0xE2,
  30910. 0xDB, 0xB6, 0x18, 0x44, 0xB2, 0xF3, 0x31, 0x4A,
  30911. 0x06, 0xBB, 0x6C, 0x6D, 0x34, 0x00, 0x5E, 0x48,
  30912. 0x5C, 0xE6, 0x67, 0xBD, 0xC7, 0xD0, 0x98, 0x58,
  30913. 0x69, 0x28, 0xD2, 0xD9, 0x13, 0x40, 0xF0, 0x04,
  30914. 0x19, 0xEA, 0x40, 0x13, 0x51, 0xA2, 0x40, 0xA0,
  30915. 0xB0, 0x41, 0x05, 0x8B, 0xEF, 0xB0, 0xC2, 0xFD,
  30916. 0x32, 0x64, 0x5B, 0x7A, 0x2D, 0xF8, 0xF5, 0xCB,
  30917. 0xFD, 0x87, 0x33, 0x27, 0xC9, 0x78, 0xD7, 0xB3,
  30918. 0x51, 0xA2, 0x80, 0x88, 0x43, 0x88, 0x37, 0x02,
  30919. 0x4C, 0x52, 0xB9, 0xC2, 0x95, 0xCD, 0x71, 0x36,
  30920. 0x46, 0xFB, 0x5D, 0x6C, 0x0C, 0xCF, 0xB4, 0x70,
  30921. 0x73, 0x4A, 0xC2, 0xB2, 0xBC, 0x81, 0x23, 0xC2,
  30922. 0xC1, 0x3D, 0xF6, 0x93, 0x8E, 0x92, 0x45, 0x5A,
  30923. 0x86, 0x26, 0x39, 0xFE, 0xB8, 0xA6, 0x4B, 0x85,
  30924. 0x16, 0x3E, 0x32, 0x70, 0x7E, 0x03, 0x7B, 0x38,
  30925. 0xD8, 0xAC, 0x39, 0x22, 0xB4, 0x51, 0x87, 0xBB,
  30926. 0x65, 0xEA, 0xFD, 0x46, 0x5F, 0xC6, 0x4A, 0x0C,
  30927. 0x5F, 0x8F, 0x3F, 0x90, 0x03, 0x48, 0x94, 0x15,
  30928. 0x89, 0x9D, 0x59, 0xA5, 0x43, 0xD8, 0x20, 0x8C,
  30929. 0x54, 0xA3, 0x16, 0x65, 0x29, 0xB5, 0x39, 0x22,
  30930. 0x7F, 0xFA, 0xD1, 0xBC, 0x8A, 0xF7, 0x3B, 0x7E,
  30931. 0x87, 0x49, 0x56, 0xB8, 0x1C, 0x2A, 0x2E, 0xF0,
  30932. 0xBF, 0xAB, 0xE8, 0xDC, 0x93, 0xD7, 0x7B, 0x2F,
  30933. 0xBC, 0x9E, 0x0C, 0x64, 0xEF, 0xA0, 0x1E, 0x84,
  30934. 0x86, 0x26, 0xED, 0x79, 0xD4, 0x51, 0x14, 0x08,
  30935. 0x00, 0xE0, 0x3B, 0x59, 0xB9, 0x56, 0xF8, 0x21,
  30936. 0x0E, 0x55, 0x60, 0x67, 0x40, 0x7D, 0x13, 0xDC,
  30937. 0x90, 0xFA, 0x9E, 0x8B, 0x87, 0x2B, 0xFB, 0x8F
  30938. };
  30939. const byte kyber512_ct[] = {
  30940. 0xED, 0xF2, 0x41, 0x45, 0xE4, 0x3B, 0x4F, 0x6D,
  30941. 0xC6, 0xBF, 0x83, 0x32, 0xF5, 0x4E, 0x02, 0xCA,
  30942. 0xB0, 0x2D, 0xBF, 0x3B, 0x56, 0x05, 0xDD, 0xC9,
  30943. 0x0A, 0x15, 0xC8, 0x86, 0xAD, 0x3E, 0xD4, 0x89,
  30944. 0x46, 0x26, 0x99, 0xE4, 0xAB, 0xED, 0x44, 0x35,
  30945. 0x0B, 0xC3, 0x75, 0x7E, 0x26, 0x96, 0xFB, 0xFB,
  30946. 0x25, 0x34, 0x41, 0x2E, 0x8D, 0xD2, 0x01, 0xF1,
  30947. 0xE4, 0x54, 0x0A, 0x39, 0x70, 0xB0, 0x55, 0xFE,
  30948. 0x3B, 0x0B, 0xEC, 0x3A, 0x71, 0xF9, 0xE1, 0x15,
  30949. 0xB3, 0xF9, 0xF3, 0x91, 0x02, 0x06, 0x5B, 0x1C,
  30950. 0xCA, 0x83, 0x14, 0xDC, 0xC7, 0x95, 0xE3, 0xC0,
  30951. 0xE8, 0xFA, 0x98, 0xEE, 0x83, 0xCA, 0x66, 0x28,
  30952. 0x45, 0x70, 0x28, 0xA4, 0xD0, 0x9E, 0x83, 0x9E,
  30953. 0x55, 0x48, 0x62, 0xCF, 0x0B, 0x7B, 0xF5, 0x6C,
  30954. 0x5C, 0x0A, 0x82, 0x9E, 0x86, 0x57, 0x94, 0x79,
  30955. 0x45, 0xFE, 0x9C, 0x22, 0x56, 0x4F, 0xBA, 0xEB,
  30956. 0xC1, 0xB3, 0xAF, 0x35, 0x0D, 0x79, 0x55, 0x50,
  30957. 0x8A, 0x26, 0xD8, 0xA8, 0xEB, 0x54, 0x7B, 0x8B,
  30958. 0x1A, 0x2C, 0xF0, 0x3C, 0xCA, 0x1A, 0xAB, 0xCE,
  30959. 0x6C, 0x34, 0x97, 0x78, 0x3B, 0x64, 0x65, 0xBA,
  30960. 0x0B, 0x6E, 0x7A, 0xCB, 0xA8, 0x21, 0x19, 0x51,
  30961. 0x24, 0xAE, 0xF0, 0x9E, 0x62, 0x83, 0x82, 0xA1,
  30962. 0xF9, 0x14, 0x04, 0x3B, 0xE7, 0x09, 0x6E, 0x95,
  30963. 0x2C, 0xBC, 0x4F, 0xB4, 0xAF, 0xED, 0x13, 0x60,
  30964. 0x90, 0x46, 0x11, 0x7C, 0x01, 0x1F, 0xD7, 0x41,
  30965. 0xEE, 0x28, 0x6C, 0x83, 0x77, 0x16, 0x90, 0xF0,
  30966. 0xAE, 0xB5, 0x0D, 0xA0, 0xD7, 0x12, 0x85, 0xA1,
  30967. 0x79, 0xB2, 0x15, 0xC6, 0x03, 0x6D, 0xEB, 0x78,
  30968. 0x0F, 0x4D, 0x16, 0x76, 0x9F, 0x72, 0xDE, 0x16,
  30969. 0xFD, 0xAD, 0xAC, 0x73, 0xBE, 0xFA, 0x5B, 0xEF,
  30970. 0x89, 0x43, 0x19, 0x7F, 0x44, 0xC5, 0x95, 0x89,
  30971. 0xDC, 0x9F, 0x49, 0x73, 0xDE, 0x14, 0x50, 0xBA,
  30972. 0x1D, 0x0C, 0x32, 0x90, 0xD6, 0xB1, 0xD6, 0x83,
  30973. 0xF2, 0x94, 0xE7, 0x59, 0xC9, 0x54, 0xAB, 0xE8,
  30974. 0xA7, 0xDA, 0x5B, 0x10, 0x54, 0xFD, 0x6D, 0x21,
  30975. 0x32, 0x9B, 0x8E, 0x73, 0xD3, 0x75, 0x6A, 0xFD,
  30976. 0xA0, 0xDC, 0xB1, 0xFC, 0x8B, 0x15, 0x82, 0xD1,
  30977. 0xF9, 0x0C, 0xF2, 0x75, 0xA1, 0x02, 0xAB, 0xC6,
  30978. 0xAC, 0x69, 0x9D, 0xF0, 0xC5, 0x87, 0x0E, 0x50,
  30979. 0xA1, 0xF9, 0x89, 0xE4, 0xE6, 0x24, 0x1B, 0x60,
  30980. 0xAA, 0xA2, 0xEC, 0xF9, 0xE8, 0xE3, 0x3E, 0x0F,
  30981. 0xFC, 0xF4, 0x0F, 0xE8, 0x31, 0xE8, 0xFD, 0xC2,
  30982. 0xE8, 0x3B, 0x52, 0xCA, 0x7A, 0xB6, 0xD9, 0x3F,
  30983. 0x14, 0x6D, 0x29, 0xDC, 0xA5, 0x3C, 0x7D, 0xA1,
  30984. 0xDB, 0x4A, 0xC4, 0xF2, 0xDB, 0x39, 0xEA, 0x12,
  30985. 0x0D, 0x90, 0xFA, 0x60, 0xF4, 0xD4, 0x37, 0xC6,
  30986. 0xD0, 0x0E, 0xF4, 0x83, 0xBC, 0x94, 0xA3, 0x17,
  30987. 0x5C, 0xDA, 0x16, 0x3F, 0xC1, 0xC2, 0x82, 0x8B,
  30988. 0xE4, 0xDB, 0xD6, 0x43, 0x05, 0x07, 0xB5, 0x84,
  30989. 0xBB, 0x51, 0x77, 0xE1, 0x71, 0xB8, 0xDD, 0xA9,
  30990. 0xA4, 0x29, 0x3C, 0x32, 0x00, 0x29, 0x5C, 0x80,
  30991. 0x3A, 0x86, 0x5D, 0x6D, 0x21, 0x66, 0xF6, 0x6B,
  30992. 0xA5, 0x40, 0x1F, 0xB7, 0xA0, 0xE8, 0x53, 0x16,
  30993. 0x86, 0x00, 0xA2, 0x94, 0x84, 0x37, 0xE0, 0x36,
  30994. 0xE3, 0xBF, 0x19, 0xE1, 0x2F, 0xD3, 0xF2, 0xA2,
  30995. 0xB8, 0xB3, 0x43, 0xF7, 0x84, 0x24, 0x8E, 0x8D,
  30996. 0x68, 0x5E, 0xB0, 0xAF, 0xDE, 0x63, 0x15, 0x33,
  30997. 0x87, 0x30, 0xE7, 0xA1, 0x00, 0x1C, 0x27, 0xD8,
  30998. 0xD2, 0xA7, 0x6F, 0xA6, 0x9D, 0x15, 0x7B, 0xA1,
  30999. 0xAC, 0x7A, 0xD5, 0x6D, 0xA5, 0xA8, 0xC7, 0x0F,
  31000. 0xE4, 0xB5, 0xB8, 0xD7, 0x86, 0xDC, 0x6F, 0xC0,
  31001. 0x56, 0x6B, 0xA8, 0xE1, 0xB8, 0x81, 0x63, 0x34,
  31002. 0xD3, 0x2A, 0x3F, 0xB1, 0xCE, 0x7D, 0x4D, 0x5E,
  31003. 0x4C, 0x33, 0x2A, 0xF7, 0xB0, 0x03, 0xD0, 0x91,
  31004. 0x74, 0x1A, 0x3D, 0x5C, 0x96, 0x52, 0x92, 0x25,
  31005. 0x5D, 0xFF, 0x8E, 0xD2, 0xBB, 0xF1, 0xF9, 0x11,
  31006. 0x6B, 0xE5, 0x0C, 0x17, 0xB8, 0xE5, 0x48, 0x74,
  31007. 0x8A, 0xD4, 0xB2, 0xE9, 0x57, 0xBB, 0xD1, 0x95,
  31008. 0x34, 0x82, 0xA2, 0xE1, 0x71, 0x8C, 0xEC, 0x66,
  31009. 0xCD, 0x2C, 0x81, 0xF5, 0x72, 0xD5, 0x52, 0xB7,
  31010. 0x18, 0x78, 0x85, 0xE6, 0xB8, 0x94, 0x3D, 0x64,
  31011. 0x31, 0x41, 0x3C, 0x59, 0xEB, 0xB7, 0xE0, 0x36,
  31012. 0x04, 0x84, 0x90, 0xBE, 0x52, 0x89, 0xE9, 0x5B,
  31013. 0x20, 0xA8, 0x9E, 0x8B, 0x15, 0x9F, 0x61, 0xA9,
  31014. 0xA9, 0x88, 0x6E, 0x14, 0x75, 0x68, 0xF4, 0xC9,
  31015. 0x02, 0x1F, 0x36, 0x2F, 0x02, 0x68, 0x8A, 0x1C,
  31016. 0x8C, 0x3B, 0xB0, 0xD2, 0x40, 0x86, 0x88, 0x0E,
  31017. 0x55, 0xB6, 0xED, 0xB4, 0x3F, 0x37, 0x45, 0xD2,
  31018. 0xC1, 0x66, 0xDC, 0x1C, 0xB7, 0x43, 0xC7, 0x6F,
  31019. 0xE6, 0xBE, 0x52, 0x3A, 0x89, 0x3C, 0xC7, 0x64,
  31020. 0xD1, 0x64, 0x35, 0xC3, 0x78, 0x51, 0x25, 0x2A,
  31021. 0x81, 0xE2, 0xFF, 0xBA, 0x0F, 0x18, 0x97, 0x1A,
  31022. 0x3D, 0xEE, 0x37, 0xD4, 0x87, 0x7C, 0xB9, 0x28,
  31023. 0xE3, 0x6E, 0x52, 0x35, 0x03, 0x7A, 0x6B, 0x20,
  31024. 0x57, 0x89, 0x7D, 0x51, 0x8A, 0x5F, 0x0E, 0x34,
  31025. 0x8E, 0x3A, 0xB6, 0xD5, 0xB5, 0x2D, 0xFC, 0x60,
  31026. 0x75, 0x7F, 0x3B, 0x41, 0xA4, 0xFE, 0xC7, 0x82,
  31027. 0x8F, 0x1D, 0xEE, 0xAF, 0x45, 0x87, 0xCC, 0xC8,
  31028. 0xEA, 0xDF, 0x64, 0x7F, 0x4D, 0x20, 0x3B, 0x2F,
  31029. 0xAA, 0x05, 0xA6, 0x49, 0xB5, 0x82, 0x34, 0x0C,
  31030. 0xB4, 0xCA, 0xCE, 0x57, 0xA3, 0x07, 0x11, 0xBE,
  31031. 0x75, 0x2F, 0xAC, 0xF0, 0x22, 0x7D, 0x0A, 0x80,
  31032. 0xC4, 0x12, 0x84, 0x42, 0xDD, 0xC5, 0x44, 0xBE,
  31033. 0x80, 0x5B, 0x9C, 0xFE, 0x8F, 0xE9, 0xB1, 0x23,
  31034. 0x7C, 0x80, 0xF9, 0x67, 0x87, 0xCD, 0x92, 0x81,
  31035. 0xCC, 0xF2, 0x70, 0xC1, 0xAF, 0xC0, 0x67, 0x0D
  31036. };
  31037. const byte kyber512_ss[] = {
  31038. 0x0A, 0x69, 0x25, 0x67, 0x6F, 0x24, 0xB2, 0x2C,
  31039. 0x28, 0x6F, 0x4C, 0x81, 0xA4, 0x22, 0x4C, 0xEC,
  31040. 0x50, 0x6C, 0x9B, 0x25, 0x7D, 0x48, 0x0E, 0x02,
  31041. 0xE3, 0xB4, 0x9F, 0x44, 0xCA, 0xA3, 0x23, 0x7F
  31042. };
  31043. ret = wc_KyberKey_Init(KYBER512, &key, HEAP_HINT, INVALID_DEVID);
  31044. if (ret != 0)
  31045. return WC_TEST_RET_ENC_EC(ret);
  31046. ret = wc_KyberKey_MakeKeyWithRandom(&key, kyber512_rand,
  31047. sizeof(kyber512_rand));
  31048. if (ret != 0)
  31049. return WC_TEST_RET_ENC_EC(ret);
  31050. ret = wc_KyberKey_EncodePublicKey(&key, pub, sizeof(pub));
  31051. if (ret != 0)
  31052. return WC_TEST_RET_ENC_EC(ret);
  31053. ret = wc_KyberKey_EncodePrivateKey(&key, priv, sizeof(priv));
  31054. if (ret != 0)
  31055. return WC_TEST_RET_ENC_EC(ret);
  31056. if (XMEMCMP(pub, kyber512_pk, sizeof(kyber512_pk)) != 0)
  31057. return WC_TEST_RET_ENC_NC;
  31058. if (XMEMCMP(priv, kyber512_sk, sizeof(kyber512_sk)) != 0)
  31059. return WC_TEST_RET_ENC_NC;
  31060. ret = wc_KyberKey_EncapsulateWithRandom(&key, ct, ss, kyber512enc_rand,
  31061. sizeof(kyber512enc_rand));
  31062. if (ret != 0)
  31063. return WC_TEST_RET_ENC_EC(ret);
  31064. if (XMEMCMP(ct, kyber512_ct, sizeof(kyber512_ct)) != 0)
  31065. return WC_TEST_RET_ENC_NC;
  31066. if (XMEMCMP(ss, kyber512_ss, sizeof(kyber512_ss)) != 0)
  31067. return WC_TEST_RET_ENC_NC;
  31068. ret = wc_KyberKey_Decapsulate(&key, ss_dec, ct, sizeof(kyber512_ct));
  31069. if (ret != 0)
  31070. return WC_TEST_RET_ENC_EC(ret);
  31071. if (XMEMCMP(ss_dec, kyber512_ss, sizeof(kyber512_ss)) != 0)
  31072. return WC_TEST_RET_ENC_NC;
  31073. wc_KyberKey_Free(&key);
  31074. return 0;
  31075. }
  31076. #endif /* WOLFSSL_KYBER512 */
  31077. #ifdef WOLFSSL_KYBER768
  31078. static wc_test_ret_t kyber768_kat(void)
  31079. {
  31080. KyberKey key;
  31081. wc_test_ret_t ret;
  31082. byte priv[KYBER768_PRIVATE_KEY_SIZE];
  31083. byte pub[KYBER768_PUBLIC_KEY_SIZE];
  31084. byte ct[KYBER768_CIPHER_TEXT_SIZE];
  31085. byte ss[KYBER_SS_SZ];
  31086. byte ss_dec[KYBER_SS_SZ];
  31087. const byte kyber768_rand[] = {
  31088. 0x7c, 0x99, 0x35, 0xa0, 0xb0, 0x76, 0x94, 0xaa,
  31089. 0x0c, 0x6d, 0x10, 0xe4, 0xdb, 0x6b, 0x1a, 0xdd,
  31090. 0x2f, 0xd8, 0x1a, 0x25, 0xcc, 0xb1, 0x48, 0x03,
  31091. 0x2d, 0xcd, 0x73, 0x99, 0x36, 0x73, 0x7f, 0x2d,
  31092. 0x86, 0x26, 0xED, 0x79, 0xD4, 0x51, 0x14, 0x08,
  31093. 0x00, 0xE0, 0x3B, 0x59, 0xB9, 0x56, 0xF8, 0x21,
  31094. 0x0E, 0x55, 0x60, 0x67, 0x40, 0x7D, 0x13, 0xDC,
  31095. 0x90, 0xFA, 0x9E, 0x8B, 0x87, 0x2B, 0xFB, 0x8F
  31096. };
  31097. const byte kyber768enc_rand[] = {
  31098. 0x14, 0x7c, 0x03, 0xf7, 0xa5, 0xbe, 0xbb, 0xa4,
  31099. 0x06, 0xc8, 0xfa, 0xe1, 0x87, 0x4d, 0x7f, 0x13,
  31100. 0xc8, 0x0e, 0xfe, 0x79, 0xa3, 0xa9, 0xa8, 0x74,
  31101. 0xcc, 0x09, 0xfe, 0x76, 0xf6, 0x99, 0x76, 0x15
  31102. };
  31103. const byte kyber768_pk[] = {
  31104. 0xA7, 0x2C, 0x2D, 0x9C, 0x84, 0x3E, 0xE9, 0xF8,
  31105. 0x31, 0x3E, 0xCC, 0x7F, 0x86, 0xD6, 0x29, 0x4D,
  31106. 0x59, 0x15, 0x9D, 0x9A, 0x87, 0x9A, 0x54, 0x2E,
  31107. 0x26, 0x09, 0x22, 0xAD, 0xF9, 0x99, 0x05, 0x1C,
  31108. 0xC4, 0x52, 0x00, 0xC9, 0xFF, 0xDB, 0x60, 0x44,
  31109. 0x9C, 0x49, 0x46, 0x59, 0x79, 0x27, 0x23, 0x67,
  31110. 0xC0, 0x83, 0xA7, 0xD6, 0x26, 0x7A, 0x3E, 0xD7,
  31111. 0xA7, 0xFD, 0x47, 0x95, 0x7C, 0x21, 0x93, 0x27,
  31112. 0xF7, 0xCA, 0x73, 0xA4, 0x00, 0x7E, 0x16, 0x27,
  31113. 0xF0, 0x0B, 0x11, 0xCC, 0x80, 0x57, 0x3C, 0x15,
  31114. 0xAE, 0xE6, 0x64, 0x0F, 0xB8, 0x56, 0x2D, 0xFA,
  31115. 0x6B, 0x24, 0x0C, 0xA0, 0xAD, 0x35, 0x1A, 0xC4,
  31116. 0xAC, 0x15, 0x5B, 0x96, 0xC1, 0x4C, 0x8A, 0xB1,
  31117. 0x3D, 0xD2, 0x62, 0xCD, 0xFD, 0x51, 0xC4, 0xBB,
  31118. 0x55, 0x72, 0xFD, 0x61, 0x65, 0x53, 0xD1, 0x7B,
  31119. 0xDD, 0x43, 0x0A, 0xCB, 0xEA, 0x3E, 0x95, 0xF0,
  31120. 0xB6, 0x98, 0xD6, 0x69, 0x90, 0xAB, 0x51, 0xE5,
  31121. 0xD0, 0x37, 0x83, 0xA8, 0xB3, 0xD2, 0x78, 0xA5,
  31122. 0x72, 0x04, 0x54, 0xCF, 0x96, 0x95, 0xCF, 0xDC,
  31123. 0xA0, 0x84, 0x85, 0xBA, 0x09, 0x9C, 0x51, 0xCD,
  31124. 0x92, 0xA7, 0xEA, 0x75, 0x87, 0xC1, 0xD1, 0x5C,
  31125. 0x28, 0xE6, 0x09, 0xA8, 0x18, 0x52, 0x60, 0x1B,
  31126. 0x06, 0x04, 0x01, 0x06, 0x79, 0xAA, 0x48, 0x2D,
  31127. 0x51, 0x26, 0x1E, 0xC3, 0x6E, 0x36, 0xB8, 0x71,
  31128. 0x96, 0x76, 0x21, 0x7F, 0xD7, 0x4C, 0x54, 0x78,
  31129. 0x64, 0x88, 0xF4, 0xB4, 0x96, 0x9C, 0x05, 0xA8,
  31130. 0xBA, 0x27, 0xCA, 0x3A, 0x77, 0xCC, 0xE7, 0x3B,
  31131. 0x96, 0x59, 0x23, 0xCA, 0x55, 0x4E, 0x42, 0x2B,
  31132. 0x9B, 0x61, 0xF4, 0x75, 0x46, 0x41, 0x60, 0x8A,
  31133. 0xC1, 0x6C, 0x9B, 0x85, 0x87, 0xA3, 0x2C, 0x1C,
  31134. 0x5D, 0xD7, 0x88, 0xF8, 0x8B, 0x36, 0xB7, 0x17,
  31135. 0xA4, 0x69, 0x65, 0x63, 0x5D, 0xEB, 0x67, 0xF4,
  31136. 0x5B, 0x12, 0x9B, 0x99, 0x07, 0x09, 0x09, 0xC9,
  31137. 0x3E, 0xB8, 0x0B, 0x42, 0xC2, 0xB3, 0xF3, 0xF7,
  31138. 0x03, 0x43, 0xA7, 0xCF, 0x37, 0xE8, 0x52, 0x0E,
  31139. 0x7B, 0xCF, 0xC4, 0x16, 0xAC, 0xA4, 0xF1, 0x8C,
  31140. 0x79, 0x81, 0x26, 0x2B, 0xA2, 0xBF, 0xC7, 0x56,
  31141. 0xAE, 0x03, 0x27, 0x8F, 0x0E, 0xC6, 0x6D, 0xC2,
  31142. 0x05, 0x76, 0x96, 0x82, 0x4B, 0xA6, 0x76, 0x98,
  31143. 0x65, 0xA6, 0x01, 0xD7, 0x14, 0x8E, 0xF6, 0xF5,
  31144. 0x4E, 0x5A, 0xF5, 0x68, 0x6A, 0xA2, 0x90, 0x6F,
  31145. 0x99, 0x4C, 0xE3, 0x8A, 0x5E, 0x0B, 0x93, 0x8F,
  31146. 0x23, 0x90, 0x07, 0x00, 0x30, 0x22, 0xC0, 0x33,
  31147. 0x92, 0xDF, 0x34, 0x01, 0xB1, 0xE4, 0xA3, 0xA7,
  31148. 0xEB, 0xC6, 0x16, 0x14, 0x49, 0xF7, 0x33, 0x74,
  31149. 0xC8, 0xB0, 0x14, 0x03, 0x69, 0x34, 0x3D, 0x92,
  31150. 0x95, 0xFD, 0xF5, 0x11, 0x84, 0x5C, 0x4A, 0x46,
  31151. 0xEB, 0xAA, 0xB6, 0xCA, 0x54, 0x92, 0xF6, 0x80,
  31152. 0x0B, 0x98, 0xC0, 0xCC, 0x80, 0x36, 0x53, 0xA4,
  31153. 0xB1, 0xD6, 0xE6, 0xAA, 0xED, 0x19, 0x32, 0xBA,
  31154. 0xCC, 0x5F, 0xEF, 0xAA, 0x81, 0x8B, 0xA5, 0x02,
  31155. 0x85, 0x9B, 0xA5, 0x49, 0x4C, 0x5F, 0x54, 0x02,
  31156. 0xC8, 0x53, 0x6A, 0x9C, 0x4C, 0x18, 0x88, 0x15,
  31157. 0x06, 0x17, 0xF8, 0x00, 0x98, 0xF6, 0xB2, 0xA9,
  31158. 0x9C, 0x39, 0xBC, 0x5D, 0xC7, 0xCF, 0x3B, 0x59,
  31159. 0x00, 0xA2, 0x13, 0x29, 0xAB, 0x59, 0x05, 0x3A,
  31160. 0xBA, 0xA6, 0x4E, 0xD1, 0x63, 0xE8, 0x59, 0xA8,
  31161. 0xB3, 0xB3, 0xCA, 0x33, 0x59, 0xB7, 0x50, 0xCC,
  31162. 0xC3, 0xE7, 0x10, 0xC7, 0xAC, 0x43, 0xC8, 0x19,
  31163. 0x1C, 0xB5, 0xD6, 0x88, 0x70, 0xC0, 0x63, 0x91,
  31164. 0xC0, 0xCB, 0x8A, 0xEC, 0x72, 0xB8, 0x97, 0xAC,
  31165. 0x6B, 0xE7, 0xFB, 0xAA, 0xCC, 0x67, 0x6E, 0xD6,
  31166. 0x63, 0x14, 0xC8, 0x36, 0x30, 0xE8, 0x94, 0x48,
  31167. 0xC8, 0x8A, 0x1D, 0xF0, 0x4A, 0xCE, 0xB2, 0x3A,
  31168. 0xBF, 0x2E, 0x40, 0x9E, 0xF3, 0x33, 0xC6, 0x22,
  31169. 0x28, 0x9C, 0x18, 0xA2, 0x13, 0x4E, 0x65, 0x0C,
  31170. 0x45, 0x25, 0x7E, 0x47, 0x47, 0x5F, 0xA3, 0x3A,
  31171. 0xA5, 0x37, 0xA5, 0xA8, 0xF7, 0x68, 0x02, 0x14,
  31172. 0x71, 0x6C, 0x50, 0xD4, 0x70, 0xE3, 0x28, 0x49,
  31173. 0x63, 0xCA, 0x64, 0xF5, 0x46, 0x77, 0xAE, 0xC5,
  31174. 0x4B, 0x52, 0x72, 0x16, 0x2B, 0xF5, 0x2B, 0xC8,
  31175. 0x14, 0x2E, 0x1D, 0x41, 0x83, 0xFC, 0x01, 0x74,
  31176. 0x54, 0xA6, 0xB5, 0xA4, 0x96, 0x83, 0x17, 0x59,
  31177. 0x06, 0x40, 0x24, 0x74, 0x59, 0x78, 0xCB, 0xD5,
  31178. 0x1A, 0x6C, 0xED, 0xC8, 0x95, 0x5D, 0xE4, 0xCC,
  31179. 0x6D, 0x36, 0x36, 0x70, 0xA4, 0x74, 0x66, 0xE8,
  31180. 0x2B, 0xE5, 0xC2, 0x36, 0x03, 0xA1, 0x7B, 0xF2,
  31181. 0x2A, 0xCD, 0xB7, 0xCC, 0x98, 0x4A, 0xF0, 0x8C,
  31182. 0x87, 0xE1, 0x4E, 0x27, 0x75, 0x3C, 0xF5, 0x87,
  31183. 0xA8, 0xEC, 0x34, 0x47, 0xE6, 0x2C, 0x64, 0x9E,
  31184. 0x88, 0x7A, 0x67, 0xC3, 0x6C, 0x9C, 0xE9, 0x87,
  31185. 0x21, 0xB6, 0x97, 0x21, 0x32, 0x75, 0x64, 0x6B,
  31186. 0x19, 0x4F, 0x36, 0x75, 0x86, 0x73, 0xA8, 0xED,
  31187. 0x11, 0x28, 0x44, 0x55, 0xAF, 0xC7, 0xA8, 0x52,
  31188. 0x9F, 0x69, 0xC9, 0x7A, 0x3C, 0x2D, 0x7B, 0x8C,
  31189. 0x63, 0x6C, 0x0B, 0xA5, 0x56, 0x14, 0xB7, 0x68,
  31190. 0xE6, 0x24, 0xE7, 0x12, 0x93, 0x0F, 0x77, 0x61,
  31191. 0x69, 0xB0, 0x17, 0x15, 0x72, 0x53, 0x51, 0xBC,
  31192. 0x74, 0xB4, 0x73, 0x95, 0xED, 0x52, 0xB2, 0x5A,
  31193. 0x13, 0x13, 0xC9, 0x51, 0x64, 0x81, 0x4C, 0x34,
  31194. 0xC9, 0x79, 0xCB, 0xDF, 0xAB, 0x85, 0x95, 0x46,
  31195. 0x62, 0xCA, 0xB4, 0x85, 0xE7, 0x50, 0x87, 0xA9,
  31196. 0x8C, 0xC7, 0x4B, 0xB8, 0x2C, 0xA2, 0xD1, 0xB5,
  31197. 0xBF, 0x28, 0x03, 0x23, 0x84, 0x80, 0x63, 0x8C,
  31198. 0x40, 0xE9, 0x0B, 0x43, 0xC7, 0x46, 0x0E, 0x7A,
  31199. 0xA9, 0x17, 0xF0, 0x10, 0x15, 0x1F, 0xAB, 0x11,
  31200. 0x69, 0x98, 0x7B, 0x37, 0x2A, 0xBB, 0x59, 0x27,
  31201. 0x1F, 0x70, 0x06, 0xC2, 0x4E, 0x60, 0x23, 0x6B,
  31202. 0x84, 0xB9, 0xDD, 0xD6, 0x00, 0x62, 0x37, 0x04,
  31203. 0x25, 0x46, 0x17, 0xFB, 0x49, 0x8D, 0x89, 0xE5,
  31204. 0x8B, 0x03, 0x68, 0xBC, 0xB2, 0x10, 0x3E, 0x79,
  31205. 0x35, 0x3E, 0xB5, 0x87, 0x86, 0x0C, 0x14, 0x22,
  31206. 0xE4, 0x76, 0x16, 0x2E, 0x42, 0x5B, 0xC2, 0x38,
  31207. 0x1D, 0xB8, 0x2C, 0x65, 0x92, 0x73, 0x7E, 0x1D,
  31208. 0xD6, 0x02, 0x86, 0x4B, 0x01, 0x67, 0xA7, 0x1E,
  31209. 0xC1, 0xF2, 0x23, 0x30, 0x5C, 0x02, 0xFE, 0x25,
  31210. 0x05, 0x2A, 0xF2, 0xB3, 0xB5, 0xA5, 0x5A, 0x0D,
  31211. 0x7A, 0x20, 0x22, 0xD9, 0xA7, 0x98, 0xDC, 0x0C,
  31212. 0x58, 0x74, 0xA9, 0x87, 0x02, 0xAA, 0xF4, 0x05,
  31213. 0x4C, 0x5D, 0x80, 0x33, 0x8A, 0x52, 0x48, 0xB5,
  31214. 0xB7, 0xBD, 0x09, 0xC5, 0x3B, 0x5E, 0x2A, 0x08,
  31215. 0x4B, 0x04, 0x7D, 0x27, 0x7A, 0x86, 0x1B, 0x1A,
  31216. 0x73, 0xBB, 0x51, 0x48, 0x8D, 0xE0, 0x4E, 0xF5,
  31217. 0x73, 0xC8, 0x52, 0x30, 0xA0, 0x47, 0x0B, 0x73,
  31218. 0x17, 0x5C, 0x9F, 0xA5, 0x05, 0x94, 0xF6, 0x6A,
  31219. 0x5F, 0x50, 0xB4, 0x15, 0x00, 0x54, 0xC9, 0x3B,
  31220. 0x68, 0x18, 0x6F, 0x8B, 0x5C, 0xBC, 0x49, 0x31,
  31221. 0x6C, 0x85, 0x48, 0xA6, 0x42, 0xB2, 0xB3, 0x6A,
  31222. 0x1D, 0x45, 0x4C, 0x74, 0x89, 0xAC, 0x33, 0xB2,
  31223. 0xD2, 0xCE, 0x66, 0x68, 0x09, 0x67, 0x82, 0xA2,
  31224. 0xC1, 0xE0, 0x86, 0x6D, 0x21, 0xA6, 0x5E, 0x16,
  31225. 0xB5, 0x85, 0xE7, 0xAF, 0x86, 0x18, 0xBD, 0xF3,
  31226. 0x18, 0x4C, 0x19, 0x86, 0x87, 0x85, 0x08, 0x91,
  31227. 0x72, 0x77, 0xB9, 0x3E, 0x10, 0x70, 0x6B, 0x16,
  31228. 0x14, 0x97, 0x2B, 0x2A, 0x94, 0xC7, 0x31, 0x0F,
  31229. 0xE9, 0xC7, 0x08, 0xC2, 0x31, 0xA1, 0xA8, 0xAC,
  31230. 0x8D, 0x93, 0x14, 0xA5, 0x29, 0xA9, 0x7F, 0x46,
  31231. 0x9B, 0xF6, 0x49, 0x62, 0xD8, 0x20, 0x64, 0x84,
  31232. 0x43, 0x09, 0x9A, 0x07, 0x6D, 0x55, 0xD4, 0xCE,
  31233. 0xA8, 0x24, 0xA5, 0x83, 0x04, 0x84, 0x4F, 0x99,
  31234. 0x49, 0x7C, 0x10, 0xA2, 0x51, 0x48, 0x61, 0x8A,
  31235. 0x31, 0x5D, 0x72, 0xCA, 0x85, 0x7D, 0x1B, 0x04,
  31236. 0xD5, 0x75, 0xB9, 0x4F, 0x85, 0xC0, 0x1D, 0x19,
  31237. 0xBE, 0xF2, 0x11, 0xBF, 0x0A, 0xA3, 0x36, 0x2E,
  31238. 0x70, 0x41, 0xFD, 0x16, 0x59, 0x6D, 0x80, 0x8E,
  31239. 0x86, 0x7B, 0x44, 0xC4, 0xC0, 0x0D, 0x1C, 0xDA,
  31240. 0x34, 0x18, 0x96, 0x77, 0x17, 0xF1, 0x47, 0xD0,
  31241. 0xEB, 0x21, 0xB4, 0x2A, 0xAE, 0xE7, 0x4A, 0xC3,
  31242. 0x5D, 0x0B, 0x92, 0x41, 0x4B, 0x95, 0x85, 0x31,
  31243. 0xAA, 0xDF, 0x46, 0x3E, 0xC6, 0x30, 0x5A, 0xE5,
  31244. 0xEC, 0xAF, 0x79, 0x17, 0x40, 0x02, 0xF2, 0x6D,
  31245. 0xDE, 0xCC, 0x81, 0x3B, 0xF3, 0x26, 0x72, 0xE8,
  31246. 0x52, 0x9D, 0x95, 0xA4, 0xE7, 0x30, 0xA7, 0xAB,
  31247. 0x4A, 0x3E, 0x8F, 0x8A, 0x8A, 0xF9, 0x79, 0xA6,
  31248. 0x65, 0xEA, 0xFD, 0x46, 0x5F, 0xC6, 0x4A, 0x0C,
  31249. 0x5F, 0x8F, 0x3F, 0x90, 0x03, 0x48, 0x94, 0x15,
  31250. 0x89, 0x9D, 0x59, 0xA5, 0x43, 0xD8, 0x20, 0x8C,
  31251. 0x54, 0xA3, 0x16, 0x65, 0x29, 0xB5, 0x39, 0x22
  31252. };
  31253. const byte kyber768_sk[] = {
  31254. 0x07, 0x63, 0x8F, 0xB6, 0x98, 0x68, 0xF3, 0xD3,
  31255. 0x20, 0xE5, 0x86, 0x2B, 0xD9, 0x69, 0x33, 0xFE,
  31256. 0xB3, 0x11, 0xB3, 0x62, 0x09, 0x3C, 0x9B, 0x5D,
  31257. 0x50, 0x17, 0x0B, 0xCE, 0xD4, 0x3F, 0x1B, 0x53,
  31258. 0x6D, 0x9A, 0x20, 0x4B, 0xB1, 0xF2, 0x26, 0x95,
  31259. 0x95, 0x0B, 0xA1, 0xF2, 0xA9, 0xE8, 0xEB, 0x82,
  31260. 0x8B, 0x28, 0x44, 0x88, 0x76, 0x0B, 0x3F, 0xC8,
  31261. 0x4F, 0xAB, 0xA0, 0x42, 0x75, 0xD5, 0x62, 0x8E,
  31262. 0x39, 0xC5, 0xB2, 0x47, 0x13, 0x74, 0x28, 0x3C,
  31263. 0x50, 0x32, 0x99, 0xC0, 0xAB, 0x49, 0xB6, 0x6B,
  31264. 0x8B, 0xBB, 0x56, 0xA4, 0x18, 0x66, 0x24, 0xF9,
  31265. 0x19, 0xA2, 0xBA, 0x59, 0xBB, 0x08, 0xD8, 0x55,
  31266. 0x18, 0x80, 0xC2, 0xBE, 0xFC, 0x4F, 0x87, 0xF2,
  31267. 0x5F, 0x59, 0xAB, 0x58, 0x7A, 0x79, 0xC3, 0x27,
  31268. 0xD7, 0x92, 0xD5, 0x4C, 0x97, 0x4A, 0x69, 0x26,
  31269. 0x2F, 0xF8, 0xA7, 0x89, 0x38, 0x28, 0x9E, 0x9A,
  31270. 0x87, 0xB6, 0x88, 0xB0, 0x83, 0xE0, 0x59, 0x5F,
  31271. 0xE2, 0x18, 0xB6, 0xBB, 0x15, 0x05, 0x94, 0x1C,
  31272. 0xE2, 0xE8, 0x1A, 0x5A, 0x64, 0xC5, 0xAA, 0xC6,
  31273. 0x04, 0x17, 0x25, 0x69, 0x85, 0x34, 0x9E, 0xE4,
  31274. 0x7A, 0x52, 0x42, 0x0A, 0x5F, 0x97, 0x47, 0x7B,
  31275. 0x72, 0x36, 0xAC, 0x76, 0xBC, 0x70, 0xE8, 0x28,
  31276. 0x87, 0x29, 0x28, 0x7E, 0xE3, 0xE3, 0x4A, 0x3D,
  31277. 0xBC, 0x36, 0x83, 0xC0, 0xB7, 0xB1, 0x00, 0x29,
  31278. 0xFC, 0x20, 0x34, 0x18, 0x53, 0x7E, 0x74, 0x66,
  31279. 0xBA, 0x63, 0x85, 0xA8, 0xFF, 0x30, 0x1E, 0xE1,
  31280. 0x27, 0x08, 0xF8, 0x2A, 0xAA, 0x1E, 0x38, 0x0F,
  31281. 0xC7, 0xA8, 0x8F, 0x8F, 0x20, 0x5A, 0xB7, 0xE8,
  31282. 0x8D, 0x7E, 0x95, 0x95, 0x2A, 0x55, 0xBA, 0x20,
  31283. 0xD0, 0x9B, 0x79, 0xA4, 0x71, 0x41, 0xD6, 0x2B,
  31284. 0xF6, 0xEB, 0x7D, 0xD3, 0x07, 0xB0, 0x8E, 0xCA,
  31285. 0x13, 0xA5, 0xBC, 0x5F, 0x6B, 0x68, 0x58, 0x1C,
  31286. 0x68, 0x65, 0xB2, 0x7B, 0xBC, 0xDD, 0xAB, 0x14,
  31287. 0x2F, 0x4B, 0x2C, 0xBF, 0xF4, 0x88, 0xC8, 0xA2,
  31288. 0x27, 0x05, 0xFA, 0xA9, 0x8A, 0x2B, 0x9E, 0xEA,
  31289. 0x35, 0x30, 0xC7, 0x66, 0x62, 0x33, 0x5C, 0xC7,
  31290. 0xEA, 0x3A, 0x00, 0x77, 0x77, 0x25, 0xEB, 0xCC,
  31291. 0xCD, 0x2A, 0x46, 0x36, 0xB2, 0xD9, 0x12, 0x2F,
  31292. 0xF3, 0xAB, 0x77, 0x12, 0x3C, 0xE0, 0x88, 0x3C,
  31293. 0x19, 0x11, 0x11, 0x5E, 0x50, 0xC9, 0xE8, 0xA9,
  31294. 0x41, 0x94, 0xE4, 0x8D, 0xD0, 0xD0, 0x9C, 0xFF,
  31295. 0xB3, 0xAD, 0xCD, 0x2C, 0x1E, 0x92, 0x43, 0x09,
  31296. 0x03, 0xD0, 0x7A, 0xDB, 0xF0, 0x05, 0x32, 0x03,
  31297. 0x15, 0x75, 0xAA, 0x7F, 0x9E, 0x7B, 0x5A, 0x1F,
  31298. 0x33, 0x62, 0xDE, 0xC9, 0x36, 0xD4, 0x04, 0x3C,
  31299. 0x05, 0xF2, 0x47, 0x6C, 0x07, 0x57, 0x8B, 0xC9,
  31300. 0xCB, 0xAF, 0x2A, 0xB4, 0xE3, 0x82, 0x72, 0x7A,
  31301. 0xD4, 0x16, 0x86, 0xA9, 0x6B, 0x25, 0x48, 0x82,
  31302. 0x0B, 0xB0, 0x3B, 0x32, 0xF1, 0x1B, 0x28, 0x11,
  31303. 0xAD, 0x62, 0xF4, 0x89, 0xE9, 0x51, 0x63, 0x2A,
  31304. 0xBA, 0x0D, 0x1D, 0xF8, 0x96, 0x80, 0xCC, 0x8A,
  31305. 0x8B, 0x53, 0xB4, 0x81, 0xD9, 0x2A, 0x68, 0xD7,
  31306. 0x0B, 0x4E, 0xA1, 0xC3, 0xA6, 0xA5, 0x61, 0xC0,
  31307. 0x69, 0x28, 0x82, 0xB5, 0xCA, 0x8C, 0xC9, 0x42,
  31308. 0xA8, 0xD4, 0x95, 0xAF, 0xCB, 0x06, 0xDE, 0x89,
  31309. 0x49, 0x8F, 0xB9, 0x35, 0xB7, 0x75, 0x90, 0x8F,
  31310. 0xE7, 0xA0, 0x3E, 0x32, 0x4D, 0x54, 0xCC, 0x19,
  31311. 0xD4, 0xE1, 0xAA, 0xBD, 0x35, 0x93, 0xB3, 0x8B,
  31312. 0x19, 0xEE, 0x13, 0x88, 0xFE, 0x49, 0x2B, 0x43,
  31313. 0x12, 0x7E, 0x5A, 0x50, 0x42, 0x53, 0x78, 0x6A,
  31314. 0x0D, 0x69, 0xAD, 0x32, 0x60, 0x1C, 0x28, 0xE2,
  31315. 0xC8, 0x85, 0x04, 0xA5, 0xBA, 0x59, 0x97, 0x06,
  31316. 0x02, 0x3A, 0x61, 0x36, 0x3E, 0x17, 0xC6, 0xB9,
  31317. 0xBB, 0x59, 0xBD, 0xC6, 0x97, 0x45, 0x2C, 0xD0,
  31318. 0x59, 0x45, 0x19, 0x83, 0xD7, 0x38, 0xCA, 0x3F,
  31319. 0xD0, 0x34, 0xE3, 0xF5, 0x98, 0x88, 0x54, 0xCA,
  31320. 0x05, 0x03, 0x1D, 0xB0, 0x96, 0x11, 0x49, 0x89,
  31321. 0x88, 0x19, 0x7C, 0x6B, 0x30, 0xD2, 0x58, 0xDF,
  31322. 0xE2, 0x62, 0x65, 0x54, 0x1C, 0x89, 0xA4, 0xB3,
  31323. 0x1D, 0x68, 0x64, 0xE9, 0x38, 0x9B, 0x03, 0xCB,
  31324. 0x74, 0xF7, 0xEC, 0x43, 0x23, 0xFB, 0x94, 0x21,
  31325. 0xA4, 0xB9, 0x79, 0x0A, 0x26, 0xD1, 0x7B, 0x03,
  31326. 0x98, 0xA2, 0x67, 0x67, 0x35, 0x09, 0x09, 0xF8,
  31327. 0x4D, 0x57, 0xB6, 0x69, 0x4D, 0xF8, 0x30, 0x66,
  31328. 0x4C, 0xA8, 0xB3, 0xC3, 0xC0, 0x3E, 0xD2, 0xAE,
  31329. 0x67, 0xB8, 0x90, 0x06, 0x86, 0x8A, 0x68, 0x52,
  31330. 0x7C, 0xCD, 0x66, 0x64, 0x59, 0xAB, 0x7F, 0x05,
  31331. 0x66, 0x71, 0x00, 0x0C, 0x61, 0x64, 0xD3, 0xA7,
  31332. 0xF2, 0x66, 0xA1, 0x4D, 0x97, 0xCB, 0xD7, 0x00,
  31333. 0x4D, 0x6C, 0x92, 0xCA, 0xCA, 0x77, 0x0B, 0x84,
  31334. 0x4A, 0x4F, 0xA9, 0xB1, 0x82, 0xE7, 0xB1, 0x8C,
  31335. 0xA8, 0x85, 0x08, 0x2A, 0xC5, 0x64, 0x6F, 0xCB,
  31336. 0x4A, 0x14, 0xE1, 0x68, 0x5F, 0xEB, 0x0C, 0x9C,
  31337. 0xE3, 0x37, 0x2A, 0xB9, 0x53, 0x65, 0xC0, 0x4F,
  31338. 0xD8, 0x30, 0x84, 0xF8, 0x0A, 0x23, 0xFF, 0x10,
  31339. 0xA0, 0x5B, 0xF1, 0x5F, 0x7F, 0xA5, 0xAC, 0xC6,
  31340. 0xC0, 0xCB, 0x46, 0x2C, 0x33, 0xCA, 0x52, 0x4F,
  31341. 0xA6, 0xB8, 0xBB, 0x35, 0x90, 0x43, 0xBA, 0x68,
  31342. 0x60, 0x9E, 0xAA, 0x25, 0x36, 0xE8, 0x1D, 0x08,
  31343. 0x46, 0x3B, 0x19, 0x65, 0x3B, 0x54, 0x35, 0xBA,
  31344. 0x94, 0x6C, 0x9A, 0xDD, 0xEB, 0x20, 0x2B, 0x04,
  31345. 0xB0, 0x31, 0xCC, 0x96, 0x0D, 0xCC, 0x12, 0xE4,
  31346. 0x51, 0x8D, 0x42, 0x8B, 0x32, 0xB2, 0x57, 0xA4,
  31347. 0xFC, 0x73, 0x13, 0xD3, 0xA7, 0x98, 0x0D, 0x80,
  31348. 0x08, 0x2E, 0x93, 0x4F, 0x9D, 0x95, 0xC3, 0x2B,
  31349. 0x0A, 0x01, 0x91, 0xA2, 0x36, 0x04, 0x38, 0x4D,
  31350. 0xD9, 0xE0, 0x79, 0xBB, 0xBA, 0xA2, 0x66, 0xD1,
  31351. 0x4C, 0x3F, 0x75, 0x6B, 0x9F, 0x21, 0x33, 0x10,
  31352. 0x74, 0x33, 0xA4, 0xE8, 0x3F, 0xA7, 0x18, 0x72,
  31353. 0x82, 0xA8, 0x09, 0x20, 0x3A, 0x4F, 0xAF, 0x84,
  31354. 0x18, 0x51, 0x83, 0x3D, 0x12, 0x1A, 0xC3, 0x83,
  31355. 0x84, 0x3A, 0x5E, 0x55, 0xBC, 0x23, 0x81, 0x42,
  31356. 0x5E, 0x16, 0xC7, 0xDB, 0x4C, 0xC9, 0xAB, 0x5C,
  31357. 0x1B, 0x0D, 0x91, 0xA4, 0x7E, 0x2B, 0x8D, 0xE0,
  31358. 0xE5, 0x82, 0xC8, 0x6B, 0x6B, 0x0D, 0x90, 0x7B,
  31359. 0xB3, 0x60, 0xB9, 0x7F, 0x40, 0xAB, 0x5D, 0x03,
  31360. 0x8F, 0x6B, 0x75, 0xC8, 0x14, 0xB2, 0x7D, 0x9B,
  31361. 0x96, 0x8D, 0x41, 0x98, 0x32, 0xBC, 0x8C, 0x2B,
  31362. 0xEE, 0x60, 0x5E, 0xF6, 0xE5, 0x05, 0x9D, 0x33,
  31363. 0x10, 0x0D, 0x90, 0x48, 0x5D, 0x37, 0x84, 0x50,
  31364. 0x01, 0x42, 0x21, 0x73, 0x6C, 0x07, 0x40, 0x7C,
  31365. 0xAC, 0x26, 0x04, 0x08, 0xAA, 0x64, 0x92, 0x66,
  31366. 0x19, 0x78, 0x8B, 0x86, 0x01, 0xC2, 0xA7, 0x52,
  31367. 0xD1, 0xA6, 0xCB, 0xF8, 0x20, 0xD7, 0xC7, 0xA0,
  31368. 0x47, 0x16, 0x20, 0x32, 0x25, 0xB3, 0x89, 0x5B,
  31369. 0x93, 0x42, 0xD1, 0x47, 0xA8, 0x18, 0x5C, 0xFC,
  31370. 0x1B, 0xB6, 0x5B, 0xA0, 0x6B, 0x41, 0x42, 0x33,
  31371. 0x99, 0x03, 0xC0, 0xAC, 0x46, 0x51, 0x38, 0x5B,
  31372. 0x45, 0xD9, 0x8A, 0x8B, 0x19, 0xD2, 0x8C, 0xD6,
  31373. 0xBA, 0xB0, 0x88, 0x78, 0x7F, 0x7E, 0xE1, 0xB1,
  31374. 0x24, 0x61, 0x76, 0x6B, 0x43, 0xCB, 0xCC, 0xB9,
  31375. 0x64, 0x34, 0x42, 0x7D, 0x93, 0xC0, 0x65, 0x55,
  31376. 0x06, 0x88, 0xF6, 0x94, 0x8E, 0xD1, 0xB5, 0x47,
  31377. 0x5A, 0x42, 0x5F, 0x1B, 0x85, 0x20, 0x9D, 0x06,
  31378. 0x1C, 0x08, 0xB5, 0x6C, 0x1C, 0xC0, 0x69, 0xF6,
  31379. 0xC0, 0xA7, 0xC6, 0xF2, 0x93, 0x58, 0xCA, 0xB9,
  31380. 0x11, 0x08, 0x77, 0x32, 0xA6, 0x49, 0xD2, 0x7C,
  31381. 0x9B, 0x98, 0xF9, 0xA4, 0x88, 0x79, 0x38, 0x7D,
  31382. 0x9B, 0x00, 0xC2, 0x59, 0x59, 0xA7, 0x16, 0x54,
  31383. 0xD6, 0xF6, 0xA9, 0x46, 0x16, 0x45, 0x13, 0xE4,
  31384. 0x7A, 0x75, 0xD0, 0x05, 0x98, 0x6C, 0x23, 0x63,
  31385. 0xC0, 0x9F, 0x6B, 0x53, 0x7E, 0xCA, 0x78, 0xB9,
  31386. 0x30, 0x3A, 0x5F, 0xA4, 0x57, 0x60, 0x8A, 0x58,
  31387. 0x6A, 0x65, 0x3A, 0x34, 0x7D, 0xB0, 0x4D, 0xFC,
  31388. 0xC1, 0x91, 0x75, 0xB3, 0xA3, 0x01, 0x17, 0x25,
  31389. 0x36, 0x06, 0x2A, 0x65, 0x8A, 0x95, 0x27, 0x75,
  31390. 0x70, 0xC8, 0x85, 0x2C, 0xA8, 0x97, 0x3F, 0x4A,
  31391. 0xE1, 0x23, 0xA3, 0x34, 0x04, 0x7D, 0xD7, 0x11,
  31392. 0xC8, 0x92, 0x7A, 0x63, 0x4A, 0x03, 0x38, 0x8A,
  31393. 0x52, 0x7B, 0x03, 0x4B, 0xF7, 0xA8, 0x17, 0x0F,
  31394. 0xA7, 0x02, 0xC1, 0xF7, 0xC2, 0x3E, 0xC3, 0x2D,
  31395. 0x18, 0xA2, 0x37, 0x48, 0x90, 0xBE, 0x9C, 0x78,
  31396. 0x7A, 0x94, 0x09, 0xC8, 0x2D, 0x19, 0x2C, 0x4B,
  31397. 0xB7, 0x05, 0xA2, 0xF9, 0x96, 0xCE, 0x40, 0x5D,
  31398. 0xA7, 0x2C, 0x2D, 0x9C, 0x84, 0x3E, 0xE9, 0xF8,
  31399. 0x31, 0x3E, 0xCC, 0x7F, 0x86, 0xD6, 0x29, 0x4D,
  31400. 0x59, 0x15, 0x9D, 0x9A, 0x87, 0x9A, 0x54, 0x2E,
  31401. 0x26, 0x09, 0x22, 0xAD, 0xF9, 0x99, 0x05, 0x1C,
  31402. 0xC4, 0x52, 0x00, 0xC9, 0xFF, 0xDB, 0x60, 0x44,
  31403. 0x9C, 0x49, 0x46, 0x59, 0x79, 0x27, 0x23, 0x67,
  31404. 0xC0, 0x83, 0xA7, 0xD6, 0x26, 0x7A, 0x3E, 0xD7,
  31405. 0xA7, 0xFD, 0x47, 0x95, 0x7C, 0x21, 0x93, 0x27,
  31406. 0xF7, 0xCA, 0x73, 0xA4, 0x00, 0x7E, 0x16, 0x27,
  31407. 0xF0, 0x0B, 0x11, 0xCC, 0x80, 0x57, 0x3C, 0x15,
  31408. 0xAE, 0xE6, 0x64, 0x0F, 0xB8, 0x56, 0x2D, 0xFA,
  31409. 0x6B, 0x24, 0x0C, 0xA0, 0xAD, 0x35, 0x1A, 0xC4,
  31410. 0xAC, 0x15, 0x5B, 0x96, 0xC1, 0x4C, 0x8A, 0xB1,
  31411. 0x3D, 0xD2, 0x62, 0xCD, 0xFD, 0x51, 0xC4, 0xBB,
  31412. 0x55, 0x72, 0xFD, 0x61, 0x65, 0x53, 0xD1, 0x7B,
  31413. 0xDD, 0x43, 0x0A, 0xCB, 0xEA, 0x3E, 0x95, 0xF0,
  31414. 0xB6, 0x98, 0xD6, 0x69, 0x90, 0xAB, 0x51, 0xE5,
  31415. 0xD0, 0x37, 0x83, 0xA8, 0xB3, 0xD2, 0x78, 0xA5,
  31416. 0x72, 0x04, 0x54, 0xCF, 0x96, 0x95, 0xCF, 0xDC,
  31417. 0xA0, 0x84, 0x85, 0xBA, 0x09, 0x9C, 0x51, 0xCD,
  31418. 0x92, 0xA7, 0xEA, 0x75, 0x87, 0xC1, 0xD1, 0x5C,
  31419. 0x28, 0xE6, 0x09, 0xA8, 0x18, 0x52, 0x60, 0x1B,
  31420. 0x06, 0x04, 0x01, 0x06, 0x79, 0xAA, 0x48, 0x2D,
  31421. 0x51, 0x26, 0x1E, 0xC3, 0x6E, 0x36, 0xB8, 0x71,
  31422. 0x96, 0x76, 0x21, 0x7F, 0xD7, 0x4C, 0x54, 0x78,
  31423. 0x64, 0x88, 0xF4, 0xB4, 0x96, 0x9C, 0x05, 0xA8,
  31424. 0xBA, 0x27, 0xCA, 0x3A, 0x77, 0xCC, 0xE7, 0x3B,
  31425. 0x96, 0x59, 0x23, 0xCA, 0x55, 0x4E, 0x42, 0x2B,
  31426. 0x9B, 0x61, 0xF4, 0x75, 0x46, 0x41, 0x60, 0x8A,
  31427. 0xC1, 0x6C, 0x9B, 0x85, 0x87, 0xA3, 0x2C, 0x1C,
  31428. 0x5D, 0xD7, 0x88, 0xF8, 0x8B, 0x36, 0xB7, 0x17,
  31429. 0xA4, 0x69, 0x65, 0x63, 0x5D, 0xEB, 0x67, 0xF4,
  31430. 0x5B, 0x12, 0x9B, 0x99, 0x07, 0x09, 0x09, 0xC9,
  31431. 0x3E, 0xB8, 0x0B, 0x42, 0xC2, 0xB3, 0xF3, 0xF7,
  31432. 0x03, 0x43, 0xA7, 0xCF, 0x37, 0xE8, 0x52, 0x0E,
  31433. 0x7B, 0xCF, 0xC4, 0x16, 0xAC, 0xA4, 0xF1, 0x8C,
  31434. 0x79, 0x81, 0x26, 0x2B, 0xA2, 0xBF, 0xC7, 0x56,
  31435. 0xAE, 0x03, 0x27, 0x8F, 0x0E, 0xC6, 0x6D, 0xC2,
  31436. 0x05, 0x76, 0x96, 0x82, 0x4B, 0xA6, 0x76, 0x98,
  31437. 0x65, 0xA6, 0x01, 0xD7, 0x14, 0x8E, 0xF6, 0xF5,
  31438. 0x4E, 0x5A, 0xF5, 0x68, 0x6A, 0xA2, 0x90, 0x6F,
  31439. 0x99, 0x4C, 0xE3, 0x8A, 0x5E, 0x0B, 0x93, 0x8F,
  31440. 0x23, 0x90, 0x07, 0x00, 0x30, 0x22, 0xC0, 0x33,
  31441. 0x92, 0xDF, 0x34, 0x01, 0xB1, 0xE4, 0xA3, 0xA7,
  31442. 0xEB, 0xC6, 0x16, 0x14, 0x49, 0xF7, 0x33, 0x74,
  31443. 0xC8, 0xB0, 0x14, 0x03, 0x69, 0x34, 0x3D, 0x92,
  31444. 0x95, 0xFD, 0xF5, 0x11, 0x84, 0x5C, 0x4A, 0x46,
  31445. 0xEB, 0xAA, 0xB6, 0xCA, 0x54, 0x92, 0xF6, 0x80,
  31446. 0x0B, 0x98, 0xC0, 0xCC, 0x80, 0x36, 0x53, 0xA4,
  31447. 0xB1, 0xD6, 0xE6, 0xAA, 0xED, 0x19, 0x32, 0xBA,
  31448. 0xCC, 0x5F, 0xEF, 0xAA, 0x81, 0x8B, 0xA5, 0x02,
  31449. 0x85, 0x9B, 0xA5, 0x49, 0x4C, 0x5F, 0x54, 0x02,
  31450. 0xC8, 0x53, 0x6A, 0x9C, 0x4C, 0x18, 0x88, 0x15,
  31451. 0x06, 0x17, 0xF8, 0x00, 0x98, 0xF6, 0xB2, 0xA9,
  31452. 0x9C, 0x39, 0xBC, 0x5D, 0xC7, 0xCF, 0x3B, 0x59,
  31453. 0x00, 0xA2, 0x13, 0x29, 0xAB, 0x59, 0x05, 0x3A,
  31454. 0xBA, 0xA6, 0x4E, 0xD1, 0x63, 0xE8, 0x59, 0xA8,
  31455. 0xB3, 0xB3, 0xCA, 0x33, 0x59, 0xB7, 0x50, 0xCC,
  31456. 0xC3, 0xE7, 0x10, 0xC7, 0xAC, 0x43, 0xC8, 0x19,
  31457. 0x1C, 0xB5, 0xD6, 0x88, 0x70, 0xC0, 0x63, 0x91,
  31458. 0xC0, 0xCB, 0x8A, 0xEC, 0x72, 0xB8, 0x97, 0xAC,
  31459. 0x6B, 0xE7, 0xFB, 0xAA, 0xCC, 0x67, 0x6E, 0xD6,
  31460. 0x63, 0x14, 0xC8, 0x36, 0x30, 0xE8, 0x94, 0x48,
  31461. 0xC8, 0x8A, 0x1D, 0xF0, 0x4A, 0xCE, 0xB2, 0x3A,
  31462. 0xBF, 0x2E, 0x40, 0x9E, 0xF3, 0x33, 0xC6, 0x22,
  31463. 0x28, 0x9C, 0x18, 0xA2, 0x13, 0x4E, 0x65, 0x0C,
  31464. 0x45, 0x25, 0x7E, 0x47, 0x47, 0x5F, 0xA3, 0x3A,
  31465. 0xA5, 0x37, 0xA5, 0xA8, 0xF7, 0x68, 0x02, 0x14,
  31466. 0x71, 0x6C, 0x50, 0xD4, 0x70, 0xE3, 0x28, 0x49,
  31467. 0x63, 0xCA, 0x64, 0xF5, 0x46, 0x77, 0xAE, 0xC5,
  31468. 0x4B, 0x52, 0x72, 0x16, 0x2B, 0xF5, 0x2B, 0xC8,
  31469. 0x14, 0x2E, 0x1D, 0x41, 0x83, 0xFC, 0x01, 0x74,
  31470. 0x54, 0xA6, 0xB5, 0xA4, 0x96, 0x83, 0x17, 0x59,
  31471. 0x06, 0x40, 0x24, 0x74, 0x59, 0x78, 0xCB, 0xD5,
  31472. 0x1A, 0x6C, 0xED, 0xC8, 0x95, 0x5D, 0xE4, 0xCC,
  31473. 0x6D, 0x36, 0x36, 0x70, 0xA4, 0x74, 0x66, 0xE8,
  31474. 0x2B, 0xE5, 0xC2, 0x36, 0x03, 0xA1, 0x7B, 0xF2,
  31475. 0x2A, 0xCD, 0xB7, 0xCC, 0x98, 0x4A, 0xF0, 0x8C,
  31476. 0x87, 0xE1, 0x4E, 0x27, 0x75, 0x3C, 0xF5, 0x87,
  31477. 0xA8, 0xEC, 0x34, 0x47, 0xE6, 0x2C, 0x64, 0x9E,
  31478. 0x88, 0x7A, 0x67, 0xC3, 0x6C, 0x9C, 0xE9, 0x87,
  31479. 0x21, 0xB6, 0x97, 0x21, 0x32, 0x75, 0x64, 0x6B,
  31480. 0x19, 0x4F, 0x36, 0x75, 0x86, 0x73, 0xA8, 0xED,
  31481. 0x11, 0x28, 0x44, 0x55, 0xAF, 0xC7, 0xA8, 0x52,
  31482. 0x9F, 0x69, 0xC9, 0x7A, 0x3C, 0x2D, 0x7B, 0x8C,
  31483. 0x63, 0x6C, 0x0B, 0xA5, 0x56, 0x14, 0xB7, 0x68,
  31484. 0xE6, 0x24, 0xE7, 0x12, 0x93, 0x0F, 0x77, 0x61,
  31485. 0x69, 0xB0, 0x17, 0x15, 0x72, 0x53, 0x51, 0xBC,
  31486. 0x74, 0xB4, 0x73, 0x95, 0xED, 0x52, 0xB2, 0x5A,
  31487. 0x13, 0x13, 0xC9, 0x51, 0x64, 0x81, 0x4C, 0x34,
  31488. 0xC9, 0x79, 0xCB, 0xDF, 0xAB, 0x85, 0x95, 0x46,
  31489. 0x62, 0xCA, 0xB4, 0x85, 0xE7, 0x50, 0x87, 0xA9,
  31490. 0x8C, 0xC7, 0x4B, 0xB8, 0x2C, 0xA2, 0xD1, 0xB5,
  31491. 0xBF, 0x28, 0x03, 0x23, 0x84, 0x80, 0x63, 0x8C,
  31492. 0x40, 0xE9, 0x0B, 0x43, 0xC7, 0x46, 0x0E, 0x7A,
  31493. 0xA9, 0x17, 0xF0, 0x10, 0x15, 0x1F, 0xAB, 0x11,
  31494. 0x69, 0x98, 0x7B, 0x37, 0x2A, 0xBB, 0x59, 0x27,
  31495. 0x1F, 0x70, 0x06, 0xC2, 0x4E, 0x60, 0x23, 0x6B,
  31496. 0x84, 0xB9, 0xDD, 0xD6, 0x00, 0x62, 0x37, 0x04,
  31497. 0x25, 0x46, 0x17, 0xFB, 0x49, 0x8D, 0x89, 0xE5,
  31498. 0x8B, 0x03, 0x68, 0xBC, 0xB2, 0x10, 0x3E, 0x79,
  31499. 0x35, 0x3E, 0xB5, 0x87, 0x86, 0x0C, 0x14, 0x22,
  31500. 0xE4, 0x76, 0x16, 0x2E, 0x42, 0x5B, 0xC2, 0x38,
  31501. 0x1D, 0xB8, 0x2C, 0x65, 0x92, 0x73, 0x7E, 0x1D,
  31502. 0xD6, 0x02, 0x86, 0x4B, 0x01, 0x67, 0xA7, 0x1E,
  31503. 0xC1, 0xF2, 0x23, 0x30, 0x5C, 0x02, 0xFE, 0x25,
  31504. 0x05, 0x2A, 0xF2, 0xB3, 0xB5, 0xA5, 0x5A, 0x0D,
  31505. 0x7A, 0x20, 0x22, 0xD9, 0xA7, 0x98, 0xDC, 0x0C,
  31506. 0x58, 0x74, 0xA9, 0x87, 0x02, 0xAA, 0xF4, 0x05,
  31507. 0x4C, 0x5D, 0x80, 0x33, 0x8A, 0x52, 0x48, 0xB5,
  31508. 0xB7, 0xBD, 0x09, 0xC5, 0x3B, 0x5E, 0x2A, 0x08,
  31509. 0x4B, 0x04, 0x7D, 0x27, 0x7A, 0x86, 0x1B, 0x1A,
  31510. 0x73, 0xBB, 0x51, 0x48, 0x8D, 0xE0, 0x4E, 0xF5,
  31511. 0x73, 0xC8, 0x52, 0x30, 0xA0, 0x47, 0x0B, 0x73,
  31512. 0x17, 0x5C, 0x9F, 0xA5, 0x05, 0x94, 0xF6, 0x6A,
  31513. 0x5F, 0x50, 0xB4, 0x15, 0x00, 0x54, 0xC9, 0x3B,
  31514. 0x68, 0x18, 0x6F, 0x8B, 0x5C, 0xBC, 0x49, 0x31,
  31515. 0x6C, 0x85, 0x48, 0xA6, 0x42, 0xB2, 0xB3, 0x6A,
  31516. 0x1D, 0x45, 0x4C, 0x74, 0x89, 0xAC, 0x33, 0xB2,
  31517. 0xD2, 0xCE, 0x66, 0x68, 0x09, 0x67, 0x82, 0xA2,
  31518. 0xC1, 0xE0, 0x86, 0x6D, 0x21, 0xA6, 0x5E, 0x16,
  31519. 0xB5, 0x85, 0xE7, 0xAF, 0x86, 0x18, 0xBD, 0xF3,
  31520. 0x18, 0x4C, 0x19, 0x86, 0x87, 0x85, 0x08, 0x91,
  31521. 0x72, 0x77, 0xB9, 0x3E, 0x10, 0x70, 0x6B, 0x16,
  31522. 0x14, 0x97, 0x2B, 0x2A, 0x94, 0xC7, 0x31, 0x0F,
  31523. 0xE9, 0xC7, 0x08, 0xC2, 0x31, 0xA1, 0xA8, 0xAC,
  31524. 0x8D, 0x93, 0x14, 0xA5, 0x29, 0xA9, 0x7F, 0x46,
  31525. 0x9B, 0xF6, 0x49, 0x62, 0xD8, 0x20, 0x64, 0x84,
  31526. 0x43, 0x09, 0x9A, 0x07, 0x6D, 0x55, 0xD4, 0xCE,
  31527. 0xA8, 0x24, 0xA5, 0x83, 0x04, 0x84, 0x4F, 0x99,
  31528. 0x49, 0x7C, 0x10, 0xA2, 0x51, 0x48, 0x61, 0x8A,
  31529. 0x31, 0x5D, 0x72, 0xCA, 0x85, 0x7D, 0x1B, 0x04,
  31530. 0xD5, 0x75, 0xB9, 0x4F, 0x85, 0xC0, 0x1D, 0x19,
  31531. 0xBE, 0xF2, 0x11, 0xBF, 0x0A, 0xA3, 0x36, 0x2E,
  31532. 0x70, 0x41, 0xFD, 0x16, 0x59, 0x6D, 0x80, 0x8E,
  31533. 0x86, 0x7B, 0x44, 0xC4, 0xC0, 0x0D, 0x1C, 0xDA,
  31534. 0x34, 0x18, 0x96, 0x77, 0x17, 0xF1, 0x47, 0xD0,
  31535. 0xEB, 0x21, 0xB4, 0x2A, 0xAE, 0xE7, 0x4A, 0xC3,
  31536. 0x5D, 0x0B, 0x92, 0x41, 0x4B, 0x95, 0x85, 0x31,
  31537. 0xAA, 0xDF, 0x46, 0x3E, 0xC6, 0x30, 0x5A, 0xE5,
  31538. 0xEC, 0xAF, 0x79, 0x17, 0x40, 0x02, 0xF2, 0x6D,
  31539. 0xDE, 0xCC, 0x81, 0x3B, 0xF3, 0x26, 0x72, 0xE8,
  31540. 0x52, 0x9D, 0x95, 0xA4, 0xE7, 0x30, 0xA7, 0xAB,
  31541. 0x4A, 0x3E, 0x8F, 0x8A, 0x8A, 0xF9, 0x79, 0xA6,
  31542. 0x65, 0xEA, 0xFD, 0x46, 0x5F, 0xC6, 0x4A, 0x0C,
  31543. 0x5F, 0x8F, 0x3F, 0x90, 0x03, 0x48, 0x94, 0x15,
  31544. 0x89, 0x9D, 0x59, 0xA5, 0x43, 0xD8, 0x20, 0x8C,
  31545. 0x54, 0xA3, 0x16, 0x65, 0x29, 0xB5, 0x39, 0x22,
  31546. 0xD4, 0xEC, 0x14, 0x3B, 0x50, 0xF0, 0x14, 0x23,
  31547. 0xB1, 0x77, 0x89, 0x5E, 0xDE, 0xE2, 0x2B, 0xB7,
  31548. 0x39, 0xF6, 0x47, 0xEC, 0xF8, 0x5F, 0x50, 0xBC,
  31549. 0x25, 0xEF, 0x7B, 0x5A, 0x72, 0x5D, 0xEE, 0x86,
  31550. 0x86, 0x26, 0xED, 0x79, 0xD4, 0x51, 0x14, 0x08,
  31551. 0x00, 0xE0, 0x3B, 0x59, 0xB9, 0x56, 0xF8, 0x21,
  31552. 0x0E, 0x55, 0x60, 0x67, 0x40, 0x7D, 0x13, 0xDC,
  31553. 0x90, 0xFA, 0x9E, 0x8B, 0x87, 0x2B, 0xFB, 0x8F
  31554. };
  31555. const byte kyber768_ct[] = {
  31556. 0xB5, 0x2C, 0x56, 0xB9, 0x2A, 0x4B, 0x7C, 0xE9,
  31557. 0xE4, 0xCB, 0x7C, 0x5B, 0x1B, 0x16, 0x31, 0x67,
  31558. 0xA8, 0xA1, 0x67, 0x5B, 0x2F, 0xDE, 0xF8, 0x4A,
  31559. 0x5B, 0x67, 0xCA, 0x15, 0xDB, 0x69, 0x4C, 0x9F,
  31560. 0x11, 0xBD, 0x02, 0x7C, 0x30, 0xAE, 0x22, 0xEC,
  31561. 0x92, 0x1A, 0x1D, 0x91, 0x15, 0x99, 0xAF, 0x05,
  31562. 0x85, 0xE4, 0x8D, 0x20, 0xDA, 0x70, 0xDF, 0x9F,
  31563. 0x39, 0xE3, 0x2E, 0xF9, 0x5D, 0x4C, 0x8F, 0x44,
  31564. 0xBF, 0xEF, 0xDA, 0xA5, 0xDA, 0x64, 0xF1, 0x05,
  31565. 0x46, 0x31, 0xD0, 0x4D, 0x6D, 0x3C, 0xFD, 0x0A,
  31566. 0x54, 0x0D, 0xD7, 0xBA, 0x38, 0x86, 0xE4, 0xB5,
  31567. 0xF1, 0x3E, 0x87, 0x87, 0x88, 0x60, 0x4C, 0x95,
  31568. 0xC0, 0x96, 0xEA, 0xB3, 0x91, 0x9F, 0x42, 0x75,
  31569. 0x21, 0x41, 0x9A, 0x94, 0x6C, 0x26, 0xCC, 0x04,
  31570. 0x14, 0x75, 0xD7, 0x12, 0x4C, 0xDC, 0x01, 0xD0,
  31571. 0x37, 0x3E, 0x5B, 0x09, 0xC7, 0xA7, 0x06, 0x03,
  31572. 0xCF, 0xDB, 0x4F, 0xB3, 0x40, 0x50, 0x23, 0xF2,
  31573. 0x26, 0x4D, 0xC3, 0xF9, 0x83, 0xC4, 0xFC, 0x02,
  31574. 0xA2, 0xD1, 0xB2, 0x68, 0xF2, 0x20, 0x8A, 0x1F,
  31575. 0x6E, 0x2A, 0x62, 0x09, 0xBF, 0xF1, 0x2F, 0x6F,
  31576. 0x46, 0x5F, 0x0B, 0x06, 0x9C, 0x3A, 0x7F, 0x84,
  31577. 0xF6, 0x06, 0xD8, 0xA9, 0x40, 0x64, 0x00, 0x3D,
  31578. 0x6E, 0xC1, 0x14, 0xC8, 0xE8, 0x08, 0xD3, 0x05,
  31579. 0x38, 0x84, 0xC1, 0xD5, 0xA1, 0x42, 0xFB, 0xF2,
  31580. 0x01, 0x12, 0xEB, 0x36, 0x0F, 0xDA, 0x3F, 0x0F,
  31581. 0x28, 0xB1, 0x72, 0xAE, 0x50, 0xF5, 0xE7, 0xD8,
  31582. 0x38, 0x01, 0xFB, 0x3F, 0x00, 0x64, 0xB6, 0x87,
  31583. 0x18, 0x70, 0x74, 0xBD, 0x7F, 0xE3, 0x0E, 0xDD,
  31584. 0xAA, 0x33, 0x4C, 0xF8, 0xFC, 0x04, 0xFA, 0x8C,
  31585. 0xED, 0x89, 0x9C, 0xEA, 0xDE, 0x4B, 0x4F, 0x28,
  31586. 0xB6, 0x83, 0x72, 0xBA, 0xF9, 0x8F, 0xF4, 0x82,
  31587. 0xA4, 0x15, 0xB7, 0x31, 0x15, 0x5B, 0x75, 0xCE,
  31588. 0xB9, 0x76, 0xBE, 0x0E, 0xA0, 0x28, 0x5B, 0xA0,
  31589. 0x1A, 0x27, 0xF1, 0x85, 0x7A, 0x8F, 0xB3, 0x77,
  31590. 0xA3, 0xAE, 0x0C, 0x23, 0xB2, 0xAA, 0x9A, 0x07,
  31591. 0x9B, 0xFA, 0xBF, 0xF0, 0xD5, 0xB2, 0xF1, 0xCD,
  31592. 0x9B, 0x71, 0x8B, 0xEA, 0x03, 0xC4, 0x2F, 0x34,
  31593. 0x3A, 0x39, 0xB4, 0xF1, 0x42, 0xD0, 0x1A, 0xD8,
  31594. 0xAC, 0xBB, 0x50, 0xE3, 0x88, 0x53, 0xCF, 0x9A,
  31595. 0x50, 0xC8, 0xB4, 0x4C, 0x3C, 0xF6, 0x71, 0xA4,
  31596. 0xA9, 0x04, 0x3B, 0x26, 0xDD, 0xBB, 0x24, 0x95,
  31597. 0x9A, 0xD6, 0x71, 0x5C, 0x08, 0x52, 0x18, 0x55,
  31598. 0xC7, 0x9A, 0x23, 0xB9, 0xC3, 0xD6, 0x47, 0x17,
  31599. 0x49, 0xC4, 0x07, 0x25, 0xBD, 0xD5, 0xC2, 0x77,
  31600. 0x6D, 0x43, 0xAE, 0xD2, 0x02, 0x04, 0xBA, 0xA1,
  31601. 0x41, 0xEF, 0xB3, 0x30, 0x49, 0x17, 0x47, 0x4B,
  31602. 0x7F, 0x9F, 0x7A, 0x4B, 0x08, 0xB1, 0xA9, 0x3D,
  31603. 0xAE, 0xD9, 0x8C, 0x67, 0x49, 0x53, 0x59, 0xD3,
  31604. 0x7D, 0x67, 0xF7, 0x43, 0x8B, 0xEE, 0x5E, 0x43,
  31605. 0x58, 0x56, 0x34, 0xB2, 0x6C, 0x6B, 0x38, 0x10,
  31606. 0xD7, 0xCD, 0xCB, 0xC0, 0xF6, 0xEB, 0x87, 0x7A,
  31607. 0x60, 0x87, 0xE6, 0x8A, 0xCB, 0x84, 0x80, 0xD3,
  31608. 0xA8, 0xCF, 0x69, 0x00, 0x44, 0x7E, 0x49, 0xB4,
  31609. 0x17, 0xF1, 0x5A, 0x53, 0xB6, 0x07, 0xA0, 0xE2,
  31610. 0x16, 0xB8, 0x55, 0x97, 0x0D, 0x37, 0x40, 0x68,
  31611. 0x70, 0xB4, 0x56, 0x87, 0x22, 0xDA, 0x77, 0xA4,
  31612. 0x08, 0x47, 0x03, 0x81, 0x67, 0x84, 0xE2, 0xF1,
  31613. 0x6B, 0xED, 0x18, 0x99, 0x65, 0x32, 0xC5, 0xD8,
  31614. 0xB7, 0xF5, 0xD2, 0x14, 0x46, 0x4E, 0x5F, 0x3F,
  31615. 0x6E, 0x90, 0x58, 0x67, 0xB0, 0xCE, 0x11, 0x9E,
  31616. 0x25, 0x2A, 0x66, 0x71, 0x32, 0x53, 0x54, 0x46,
  31617. 0x85, 0xD2, 0x08, 0xE1, 0x72, 0x39, 0x08, 0xA0,
  31618. 0xCE, 0x97, 0x83, 0x46, 0x52, 0xE0, 0x8A, 0xE7,
  31619. 0xBD, 0xC8, 0x81, 0xA1, 0x31, 0xB7, 0x3C, 0x71,
  31620. 0xE8, 0x4D, 0x20, 0xD6, 0x8F, 0xDE, 0xFF, 0x4F,
  31621. 0x5D, 0x70, 0xCD, 0x1A, 0xF5, 0x7B, 0x78, 0xE3,
  31622. 0x49, 0x1A, 0x98, 0x65, 0x94, 0x23, 0x21, 0x80,
  31623. 0x0A, 0x20, 0x3C, 0x05, 0xED, 0x1F, 0xEE, 0xB5,
  31624. 0xA2, 0x8E, 0x58, 0x4E, 0x19, 0xF6, 0x53, 0x5E,
  31625. 0x7F, 0x84, 0xE4, 0xA2, 0x4F, 0x84, 0xA7, 0x2D,
  31626. 0xCA, 0xF5, 0x64, 0x8B, 0x4A, 0x42, 0x35, 0xDD,
  31627. 0x66, 0x44, 0x64, 0x48, 0x2F, 0x03, 0x17, 0x6E,
  31628. 0x88, 0x8C, 0x28, 0xBF, 0xC6, 0xC1, 0xCB, 0x23,
  31629. 0x8C, 0xFF, 0xA3, 0x5A, 0x32, 0x1E, 0x71, 0x79,
  31630. 0x1D, 0x9E, 0xA8, 0xED, 0x08, 0x78, 0xC6, 0x11,
  31631. 0x21, 0xBF, 0x8D, 0x2A, 0x4A, 0xB2, 0xC1, 0xA5,
  31632. 0xE1, 0x20, 0xBC, 0x40, 0xAB, 0xB1, 0x89, 0x2D,
  31633. 0x17, 0x15, 0x09, 0x0A, 0x0E, 0xE4, 0x82, 0x52,
  31634. 0xCA, 0x29, 0x7A, 0x99, 0xAA, 0x0E, 0x51, 0x0C,
  31635. 0xF2, 0x6B, 0x1A, 0xDD, 0x06, 0xCA, 0x54, 0x3E,
  31636. 0x1C, 0x5D, 0x6B, 0xDC, 0xD3, 0xB9, 0xC5, 0x85,
  31637. 0xC8, 0x53, 0x80, 0x45, 0xDB, 0x5C, 0x25, 0x2E,
  31638. 0xC3, 0xC8, 0xC3, 0xC9, 0x54, 0xD9, 0xBE, 0x59,
  31639. 0x07, 0x09, 0x4A, 0x89, 0x4E, 0x60, 0xEA, 0xB4,
  31640. 0x35, 0x38, 0xCF, 0xEE, 0x82, 0xE8, 0xFF, 0xC0,
  31641. 0x79, 0x1B, 0x0D, 0x0F, 0x43, 0xAC, 0x16, 0x27,
  31642. 0x83, 0x0A, 0x61, 0xD5, 0x6D, 0xAD, 0x96, 0xC6,
  31643. 0x29, 0x58, 0xB0, 0xDE, 0x78, 0x0B, 0x78, 0xBD,
  31644. 0x47, 0xA6, 0x04, 0x55, 0x0D, 0xAB, 0x83, 0xFF,
  31645. 0xF2, 0x27, 0xC3, 0x24, 0x04, 0x94, 0x71, 0xF3,
  31646. 0x52, 0x48, 0xCF, 0xB8, 0x49, 0xB2, 0x57, 0x24,
  31647. 0xFF, 0x70, 0x4D, 0x52, 0x77, 0xAA, 0x35, 0x2D,
  31648. 0x55, 0x09, 0x58, 0xBE, 0x3B, 0x23, 0x7D, 0xFF,
  31649. 0x47, 0x3E, 0xC2, 0xAD, 0xBA, 0xEA, 0x48, 0xCA,
  31650. 0x26, 0x58, 0xAE, 0xFC, 0xC7, 0x7B, 0xBD, 0x42,
  31651. 0x64, 0xAB, 0x37, 0x4D, 0x70, 0xEA, 0xE5, 0xB9,
  31652. 0x64, 0x41, 0x6C, 0xE8, 0x22, 0x6A, 0x7E, 0x32,
  31653. 0x55, 0xA0, 0xF8, 0xD7, 0xE2, 0xAD, 0xCA, 0x06,
  31654. 0x2B, 0xCD, 0x6D, 0x78, 0xD6, 0x0D, 0x1B, 0x32,
  31655. 0xE1, 0x14, 0x05, 0xBE, 0x54, 0xB6, 0x6E, 0xF0,
  31656. 0xFD, 0xDD, 0x56, 0x77, 0x02, 0xA3, 0xBC, 0xCF,
  31657. 0xED, 0xE3, 0xC5, 0x84, 0x70, 0x12, 0x69, 0xED,
  31658. 0x14, 0x80, 0x9F, 0x06, 0xF8, 0x96, 0x83, 0x56,
  31659. 0xBB, 0x92, 0x67, 0xFE, 0x86, 0xE5, 0x14, 0x25,
  31660. 0x2E, 0x88, 0xBB, 0x5C, 0x30, 0xA7, 0xEC, 0xB3,
  31661. 0xD0, 0xE6, 0x21, 0x02, 0x1E, 0xE0, 0xFB, 0xF7,
  31662. 0x87, 0x1B, 0x09, 0x34, 0x2B, 0xF8, 0x4F, 0x55,
  31663. 0xC9, 0x7E, 0xAF, 0x86, 0xC4, 0x81, 0x89, 0xC7,
  31664. 0xFF, 0x4D, 0xF3, 0x89, 0xF0, 0x77, 0xE2, 0x80,
  31665. 0x6E, 0x5F, 0xA7, 0x3B, 0x3E, 0x94, 0x58, 0xA1,
  31666. 0x6C, 0x7E, 0x27, 0x5F, 0x4F, 0x60, 0x22, 0x75,
  31667. 0x58, 0x0E, 0xB7, 0xB7, 0x13, 0x5F, 0xB5, 0x37,
  31668. 0xFA, 0x0C, 0xD9, 0x5D, 0x6E, 0xA5, 0x8C, 0x10,
  31669. 0x8C, 0xD8, 0x94, 0x3D, 0x70, 0xC1, 0x64, 0x31,
  31670. 0x11, 0xF4, 0xF0, 0x1C, 0xA8, 0xA8, 0x27, 0x6A,
  31671. 0x90, 0x26, 0x66, 0xED, 0x81, 0xB7, 0x8D, 0x16,
  31672. 0x8B, 0x00, 0x6F, 0x16, 0xAA, 0xA3, 0xD8, 0xE4,
  31673. 0xCE, 0x4F, 0x4D, 0x0F, 0xB0, 0x99, 0x7E, 0x41,
  31674. 0xAE, 0xFF, 0xB5, 0xB3, 0xDA, 0xA8, 0x38, 0x73,
  31675. 0x2F, 0x35, 0x73, 0x49, 0x44, 0x7F, 0x38, 0x77,
  31676. 0x76, 0xC7, 0x93, 0xC0, 0x47, 0x9D, 0xE9, 0xE9,
  31677. 0x94, 0x98, 0xCC, 0x35, 0x6F, 0xDB, 0x00, 0x75,
  31678. 0xA7, 0x03, 0xF2, 0x3C, 0x55, 0xD4, 0x7B, 0x55,
  31679. 0x0E, 0xC8, 0x9B, 0x02, 0xAD, 0xE8, 0x93, 0x29,
  31680. 0x08, 0x6A, 0x50, 0x84, 0x34, 0x56, 0xFE, 0xDC,
  31681. 0x37, 0x88, 0xAC, 0x8D, 0x97, 0x23, 0x3C, 0x54,
  31682. 0x56, 0x04, 0x67, 0xEE, 0x1D, 0x0F, 0x02, 0x4B,
  31683. 0x18, 0x42, 0x8F, 0x0D, 0x73, 0xB3, 0x0E, 0x19,
  31684. 0xF5, 0xC6, 0x3B, 0x9A, 0xBF, 0x11, 0x41, 0x5B,
  31685. 0xEA, 0x4D, 0x01, 0x70, 0x13, 0x0B, 0xAA, 0xBD,
  31686. 0x33, 0xC0, 0x5E, 0x65, 0x24, 0xE5, 0xFB, 0x55,
  31687. 0x81, 0xB2, 0x2B, 0x04, 0x33, 0x34, 0x22, 0x48,
  31688. 0x26, 0x6D, 0x0F, 0x10, 0x53, 0xB2, 0x45, 0xCC,
  31689. 0x24, 0x62, 0xDC, 0x44, 0xD3, 0x49, 0x65, 0x10,
  31690. 0x24, 0x82, 0xA8, 0xED, 0x9E, 0x4E, 0x96, 0x4D,
  31691. 0x56, 0x83, 0xE5, 0xD4, 0x5D, 0x0C, 0x82, 0x69
  31692. };
  31693. const byte kyber768_ss[] = {
  31694. 0x91, 0x4C, 0xB6, 0x7F, 0xE5, 0xC3, 0x8E, 0x73,
  31695. 0xBF, 0x74, 0x18, 0x1C, 0x0A, 0xC5, 0x04, 0x28,
  31696. 0xDE, 0xDF, 0x77, 0x50, 0xA9, 0x80, 0x58, 0xF7,
  31697. 0xD5, 0x36, 0x70, 0x87, 0x74, 0x53, 0x5B, 0x29
  31698. };
  31699. ret = wc_KyberKey_Init(KYBER768, &key, HEAP_HINT, INVALID_DEVID);
  31700. if (ret != 0)
  31701. return WC_TEST_RET_ENC_EC(ret);
  31702. ret = wc_KyberKey_MakeKeyWithRandom(&key, kyber768_rand,
  31703. sizeof(kyber768_rand));
  31704. if (ret != 0)
  31705. return WC_TEST_RET_ENC_EC(ret);
  31706. ret = wc_KyberKey_EncodePublicKey(&key, pub, sizeof(pub));
  31707. if (ret != 0)
  31708. return WC_TEST_RET_ENC_EC(ret);
  31709. ret = wc_KyberKey_EncodePrivateKey(&key, priv, sizeof(priv));
  31710. if (ret != 0)
  31711. return WC_TEST_RET_ENC_EC(ret);
  31712. if (XMEMCMP(pub, kyber768_pk, sizeof(kyber768_pk)) != 0)
  31713. return WC_TEST_RET_ENC_NC;
  31714. if (XMEMCMP(priv, kyber768_sk, sizeof(kyber768_sk)) != 0)
  31715. return WC_TEST_RET_ENC_NC;
  31716. ret = wc_KyberKey_EncapsulateWithRandom(&key, ct, ss, kyber768enc_rand,
  31717. sizeof(kyber768enc_rand));
  31718. if (ret != 0)
  31719. return WC_TEST_RET_ENC_EC(ret);
  31720. if (XMEMCMP(ct, kyber768_ct, sizeof(kyber768_ct)) != 0)
  31721. return WC_TEST_RET_ENC_NC;
  31722. if (XMEMCMP(ss, kyber768_ss, sizeof(kyber768_ss)) != 0)
  31723. return WC_TEST_RET_ENC_NC;
  31724. ret = wc_KyberKey_Decapsulate(&key, ss_dec, ct, sizeof(kyber768_ct));
  31725. if (ret != 0)
  31726. return WC_TEST_RET_ENC_EC(ret);
  31727. if (XMEMCMP(ss_dec, kyber768_ss, sizeof(kyber768_ss)) != 0)
  31728. return WC_TEST_RET_ENC_NC;
  31729. wc_KyberKey_Free(&key);
  31730. return 0;
  31731. }
  31732. #endif /* WOLFSSL_KYBER768 */
  31733. #ifdef WOLFSSL_KYBER1024
  31734. static wc_test_ret_t kyber1024_kat(void)
  31735. {
  31736. KyberKey key;
  31737. wc_test_ret_t ret;
  31738. byte priv[KYBER1024_PRIVATE_KEY_SIZE];
  31739. byte pub[KYBER1024_PUBLIC_KEY_SIZE];
  31740. byte ct[KYBER1024_CIPHER_TEXT_SIZE];
  31741. byte ss[KYBER_SS_SZ];
  31742. byte ss_dec[KYBER_SS_SZ];
  31743. const byte kyber1024_rand[] = {
  31744. 0x7c, 0x99, 0x35, 0xa0, 0xb0, 0x76, 0x94, 0xaa,
  31745. 0x0c, 0x6d, 0x10, 0xe4, 0xdb, 0x6b, 0x1a, 0xdd,
  31746. 0x2f, 0xd8, 0x1a, 0x25, 0xcc, 0xb1, 0x48, 0x03,
  31747. 0x2d, 0xcd, 0x73, 0x99, 0x36, 0x73, 0x7f, 0x2d,
  31748. 0x86, 0x26, 0xED, 0x79, 0xD4, 0x51, 0x14, 0x08,
  31749. 0x00, 0xE0, 0x3B, 0x59, 0xB9, 0x56, 0xF8, 0x21,
  31750. 0x0E, 0x55, 0x60, 0x67, 0x40, 0x7D, 0x13, 0xDC,
  31751. 0x90, 0xFA, 0x9E, 0x8B, 0x87, 0x2B, 0xFB, 0x8F
  31752. };
  31753. const byte kyber1024enc_rand[] = {
  31754. 0x14, 0x7c, 0x03, 0xf7, 0xa5, 0xbe, 0xbb, 0xa4,
  31755. 0x06, 0xc8, 0xfa, 0xe1, 0x87, 0x4d, 0x7f, 0x13,
  31756. 0xc8, 0x0e, 0xfe, 0x79, 0xa3, 0xa9, 0xa8, 0x74,
  31757. 0xcc, 0x09, 0xfe, 0x76, 0xf6, 0x99, 0x76, 0x15
  31758. };
  31759. const byte kyber1024_pk[] = {
  31760. 0xD2, 0x23, 0x02, 0xCB, 0xD3, 0x39, 0x9F, 0xAC,
  31761. 0xC6, 0x30, 0x99, 0x1F, 0xC8, 0xF2, 0x8B, 0xDB,
  31762. 0x43, 0x54, 0x76, 0x25, 0x41, 0x52, 0x76, 0x78,
  31763. 0xBC, 0xF6, 0x1F, 0x65, 0xC2, 0x41, 0x14, 0x6C,
  31764. 0x42, 0x6D, 0x23, 0xB9, 0xBF, 0xAA, 0x6B, 0x7D,
  31765. 0xF1, 0x8C, 0x97, 0xF2, 0x0C, 0x1B, 0x61, 0x25,
  31766. 0xBF, 0x87, 0x4B, 0x1D, 0x89, 0x47, 0x58, 0x52,
  31767. 0xC4, 0x48, 0x21, 0x5D, 0xB0, 0xEB, 0x77, 0x37,
  31768. 0xF9, 0x14, 0x80, 0xE8, 0xCE, 0xBD, 0x9A, 0x08,
  31769. 0x71, 0x57, 0x4F, 0x5A, 0xB6, 0x2D, 0x90, 0x20,
  31770. 0x17, 0x5E, 0xC6, 0x92, 0x7C, 0xA0, 0xB5, 0x4C,
  31771. 0x09, 0x81, 0x8E, 0x42, 0xCF, 0x92, 0xA3, 0x83,
  31772. 0x17, 0x24, 0x22, 0xC7, 0xDC, 0x18, 0x31, 0xD6,
  31773. 0x3B, 0x0C, 0x29, 0x5D, 0xE7, 0x51, 0x59, 0xDB,
  31774. 0x80, 0x34, 0xE9, 0xE0, 0x7F, 0x7B, 0x0B, 0x91,
  31775. 0x0C, 0x3C, 0x1E, 0x5F, 0xB6, 0x6B, 0x3D, 0xC5,
  31776. 0x23, 0xF1, 0xFA, 0x6E, 0xB4, 0x91, 0x0C, 0xB8,
  31777. 0x9A, 0x6C, 0x17, 0x56, 0x2C, 0x83, 0xAB, 0x4C,
  31778. 0x18, 0xD0, 0xCD, 0x7E, 0x07, 0x96, 0x59, 0x2A,
  31779. 0x37, 0x2A, 0xA4, 0x09, 0xB1, 0xC5, 0x57, 0x34,
  31780. 0x7C, 0xCA, 0xCD, 0xC4, 0x64, 0x4A, 0x11, 0x90,
  31781. 0x64, 0xD0, 0x6D, 0xD4, 0x74, 0x92, 0x9D, 0x1C,
  31782. 0x6F, 0xB4, 0xD6, 0x86, 0xE5, 0x49, 0x1C, 0xE4,
  31783. 0xBC, 0x89, 0xA3, 0x0B, 0xB4, 0xB8, 0xC4, 0x1B,
  31784. 0xCE, 0x51, 0x57, 0xDF, 0xC1, 0x36, 0x08, 0x23,
  31785. 0xB1, 0xAB, 0x61, 0x8C, 0x14, 0xB1, 0x0F, 0x98,
  31786. 0xC2, 0x50, 0x67, 0x39, 0x8E, 0xA7, 0x01, 0x8C,
  31787. 0x27, 0x8A, 0x4B, 0x3D, 0xF3, 0x13, 0x34, 0xD6,
  31788. 0x03, 0xB2, 0x04, 0x4E, 0xF1, 0x87, 0xCD, 0x9B,
  31789. 0xC6, 0xCE, 0x42, 0x72, 0x5B, 0xD9, 0x62, 0xC2,
  31790. 0x64, 0x98, 0x3E, 0x9E, 0x18, 0x15, 0x5A, 0x8B,
  31791. 0x9C, 0x47, 0x14, 0x3D, 0x70, 0x46, 0x0A, 0x26,
  31792. 0xA5, 0x6F, 0xE7, 0x65, 0x8C, 0x1F, 0x15, 0x03,
  31793. 0x48, 0xC6, 0x08, 0x7E, 0xF7, 0x58, 0xAD, 0x16,
  31794. 0x78, 0x87, 0x86, 0x0A, 0x00, 0x7A, 0x5F, 0xC3,
  31795. 0x73, 0x58, 0xD4, 0x3B, 0x5E, 0xBE, 0xE8, 0x20,
  31796. 0xAC, 0xEA, 0x47, 0x4F, 0x0A, 0xC0, 0x7B, 0x76,
  31797. 0x80, 0x28, 0x66, 0x19, 0x9C, 0x61, 0x23, 0x1D,
  31798. 0x5C, 0x74, 0x7C, 0x93, 0x77, 0x4D, 0x2C, 0x1E,
  31799. 0x0C, 0x1C, 0x67, 0xE6, 0xC8, 0x1B, 0x82, 0x75,
  31800. 0x21, 0x73, 0xE1, 0x25, 0xBA, 0xF3, 0x9B, 0x4F,
  31801. 0xD1, 0x9A, 0x4F, 0x45, 0x3D, 0xC5, 0x79, 0x76,
  31802. 0xB1, 0xD9, 0x7F, 0xE6, 0x99, 0x69, 0x92, 0xBB,
  31803. 0xB6, 0x5B, 0x7C, 0xB2, 0x5D, 0x07, 0x7B, 0xBA,
  31804. 0xA6, 0xA1, 0x33, 0x22, 0x89, 0x9A, 0xF6, 0x59,
  31805. 0xCF, 0x1B, 0x35, 0x58, 0xC1, 0xB5, 0x00, 0x11,
  31806. 0x54, 0xB6, 0x25, 0x80, 0x9E, 0xD8, 0x9A, 0xEE,
  31807. 0xBB, 0x89, 0xE6, 0xEA, 0x7D, 0x67, 0xF7, 0x23,
  31808. 0xD0, 0x45, 0xAB, 0x05, 0x71, 0x5C, 0x42, 0x35,
  31809. 0x5D, 0xA6, 0xA5, 0xC8, 0xDD, 0x39, 0xC8, 0xAB,
  31810. 0xE3, 0x03, 0x77, 0x51, 0xA0, 0x1E, 0xD1, 0xC7,
  31811. 0x37, 0x49, 0x19, 0xF3, 0x12, 0x1B, 0x5A, 0x52,
  31812. 0xC5, 0x3D, 0x14, 0x87, 0x31, 0x67, 0x69, 0xF8,
  31813. 0x07, 0x21, 0xDE, 0xEA, 0xAA, 0xD3, 0xC9, 0x0F,
  31814. 0x76, 0xE7, 0xAE, 0x9E, 0x12, 0xBA, 0x92, 0xB3,
  31815. 0x2B, 0x5F, 0xD4, 0x57, 0xE3, 0xC7, 0x52, 0xC2,
  31816. 0x65, 0x0D, 0xFB, 0x88, 0x57, 0x71, 0xCB, 0x77,
  31817. 0xAC, 0x3C, 0x78, 0x5A, 0x8C, 0x56, 0x2E, 0x6A,
  31818. 0x1C, 0x63, 0xC2, 0xA5, 0x5E, 0xA4, 0x7C, 0xF8,
  31819. 0xB9, 0x0E, 0xB8, 0x22, 0x5C, 0x12, 0x3C, 0x34,
  31820. 0x64, 0x52, 0x56, 0x62, 0x35, 0xB2, 0xF3, 0x18,
  31821. 0x23, 0xA3, 0x35, 0x21, 0xE0, 0x87, 0x93, 0x7A,
  31822. 0x34, 0x5D, 0x8D, 0x66, 0x3E, 0xEA, 0xA0, 0x56,
  31823. 0x58, 0x91, 0x7B, 0xBA, 0xA0, 0x08, 0xC2, 0xE3,
  31824. 0x35, 0xF8, 0x85, 0x0A, 0x90, 0xA3, 0x26, 0xD0,
  31825. 0xE6, 0x64, 0x32, 0xF4, 0x4C, 0xEB, 0x82, 0x89,
  31826. 0xE4, 0xEC, 0xB2, 0xD1, 0x29, 0x58, 0xE9, 0x84,
  31827. 0x07, 0x2E, 0xCA, 0xCB, 0x88, 0xE1, 0x34, 0x8F,
  31828. 0xF0, 0xB5, 0x56, 0x54, 0xAC, 0xBA, 0x5B, 0x54,
  31829. 0x97, 0x1C, 0xBA, 0xEB, 0xA8, 0x8E, 0xC4, 0xB9,
  31830. 0x1A, 0x94, 0xC3, 0x71, 0x92, 0xFA, 0x98, 0x2B,
  31831. 0xEC, 0xB9, 0xF3, 0xDA, 0x42, 0x16, 0x03, 0xB6,
  31832. 0x1A, 0x51, 0xBC, 0x8E, 0x36, 0xCB, 0xD0, 0x53,
  31833. 0x85, 0x1C, 0x77, 0xB1, 0xB9, 0x26, 0xB1, 0x7A,
  31834. 0x27, 0x2A, 0xA9, 0x02, 0x32, 0x46, 0xB0, 0x2B,
  31835. 0x3E, 0xD4, 0x7F, 0x66, 0xA0, 0x0B, 0xD5, 0x68,
  31836. 0x48, 0x23, 0x63, 0x4E, 0x7C, 0xE5, 0x8C, 0xF8,
  31837. 0xF3, 0x06, 0xE3, 0x5B, 0x1E, 0x53, 0x22, 0x82,
  31838. 0x4D, 0x90, 0x48, 0x01, 0xF0, 0xA2, 0xFA, 0x7C,
  31839. 0x2B, 0xC9, 0xC2, 0x52, 0xB0, 0xA5, 0x6B, 0x7B,
  31840. 0xA2, 0xAB, 0x0F, 0x63, 0x60, 0x21, 0x74, 0x5A,
  31841. 0x70, 0xA9, 0xA4, 0x3E, 0x2B, 0x0A, 0x8D, 0x61,
  31842. 0x59, 0x70, 0xB6, 0x53, 0x09, 0x62, 0x4B, 0x51,
  31843. 0x84, 0xBC, 0xC3, 0x0B, 0x91, 0x16, 0x79, 0xAE,
  31844. 0xDD, 0x76, 0x02, 0x5F, 0xE3, 0x90, 0x8F, 0xD6,
  31845. 0x78, 0x97, 0xB0, 0xCF, 0x4B, 0xE5, 0xA6, 0xF5,
  31846. 0x41, 0x3D, 0x7D, 0xD9, 0x85, 0x64, 0xB2, 0x3E,
  31847. 0x42, 0xA9, 0x3E, 0x4A, 0xA8, 0x82, 0x1C, 0xD4,
  31848. 0x50, 0x54, 0xC6, 0x43, 0xED, 0xC1, 0x15, 0x8D,
  31849. 0xB6, 0xB3, 0xDE, 0xB1, 0x3F, 0xB5, 0xA5, 0x1E,
  31850. 0xBD, 0x1A, 0x8A, 0x78, 0xB8, 0x72, 0x25, 0xA7,
  31851. 0x33, 0x8E, 0x10, 0x11, 0x04, 0xC4, 0xA2, 0x20,
  31852. 0xD9, 0xBD, 0xED, 0xD4, 0x8C, 0x85, 0xA1, 0xC2,
  31853. 0xDA, 0xE7, 0x81, 0xA8, 0x0C, 0x40, 0xE1, 0x3B,
  31854. 0x87, 0xEA, 0xC7, 0x3A, 0x76, 0x42, 0x01, 0xC9,
  31855. 0xB7, 0x60, 0xCC, 0xFB, 0x1A, 0xE3, 0x92, 0x69,
  31856. 0x9C, 0x70, 0x39, 0xD2, 0x7C, 0x39, 0x36, 0x2B,
  31857. 0x27, 0xB8, 0xFC, 0x6F, 0x07, 0xA8, 0xA3, 0xD4,
  31858. 0x41, 0x0F, 0x15, 0x47, 0xC4, 0x8A, 0x99, 0x97,
  31859. 0xF6, 0x2C, 0x61, 0x07, 0x44, 0x52, 0xEF, 0x15,
  31860. 0x15, 0xF8, 0xA6, 0x49, 0xEB, 0xCA, 0x94, 0x37,
  31861. 0x20, 0x5A, 0x4E, 0x8A, 0x61, 0x60, 0x6B, 0x41,
  31862. 0xDA, 0xF6, 0x83, 0x4D, 0x67, 0x1F, 0x4D, 0x85,
  31863. 0x2C, 0x0C, 0x9C, 0x40, 0x96, 0x61, 0x16, 0x48,
  31864. 0xC6, 0xA3, 0x17, 0x06, 0x78, 0xB1, 0x53, 0x7C,
  31865. 0xC1, 0x82, 0x8D, 0x93, 0x58, 0x0C, 0x9E, 0x58,
  31866. 0x49, 0xA9, 0x65, 0x31, 0x75, 0xAC, 0xB7, 0x53,
  31867. 0xF2, 0xBE, 0x74, 0x37, 0xBE, 0x45, 0xF6, 0xC6,
  31868. 0x03, 0xE4, 0x85, 0xF2, 0xEC, 0x30, 0x1B, 0xB4,
  31869. 0x2B, 0x6C, 0x37, 0xC2, 0x25, 0xD7, 0x49, 0x5A,
  31870. 0x58, 0x4A, 0xE2, 0x31, 0x89, 0x0A, 0xB5, 0xC8,
  31871. 0xC3, 0x5C, 0x26, 0x8C, 0xF4, 0xBB, 0xB0, 0x21,
  31872. 0x3C, 0x09, 0x60, 0x19, 0x31, 0x95, 0x61, 0xA8,
  31873. 0xA6, 0x94, 0x76, 0x37, 0xAA, 0x40, 0xD0, 0x06,
  31874. 0xB4, 0x15, 0xBB, 0x2C, 0xFA, 0x22, 0x37, 0xE0,
  31875. 0x89, 0x0B, 0x6A, 0x3B, 0xC1, 0x34, 0xAB, 0xF8,
  31876. 0xF6, 0x58, 0x5E, 0x10, 0x8D, 0x15, 0x94, 0x0F,
  31877. 0x91, 0xF4, 0xBF, 0x5B, 0x0C, 0x81, 0x80, 0x55,
  31878. 0xB2, 0x1D, 0xEA, 0x6E, 0x63, 0xB5, 0x53, 0x98,
  31879. 0x8C, 0x47, 0xF4, 0xB9, 0x4E, 0x7C, 0xF8, 0x00,
  31880. 0xA4, 0x93, 0xB4, 0x73, 0x47, 0x05, 0xED, 0xC5,
  31881. 0x6A, 0x4B, 0x60, 0x21, 0xC6, 0x29, 0x50, 0x06,
  31882. 0x75, 0x87, 0x68, 0x04, 0xCF, 0x0B, 0x95, 0x1F,
  31883. 0x03, 0x8A, 0x5C, 0x7F, 0xE5, 0x8E, 0x89, 0x77,
  31884. 0x4E, 0xF2, 0x99, 0x2F, 0xD7, 0xC6, 0x30, 0x99,
  31885. 0xD3, 0x52, 0xA7, 0xD2, 0x15, 0x60, 0xB7, 0x88,
  31886. 0xB4, 0x05, 0x70, 0x98, 0x61, 0x81, 0x7E, 0x59,
  31887. 0xA9, 0x6B, 0x3A, 0x3A, 0x83, 0xCB, 0xA8, 0x03,
  31888. 0xB1, 0x69, 0x34, 0x33, 0x10, 0x71, 0x90, 0x5B,
  31889. 0xBE, 0xC6, 0x53, 0x29, 0x00, 0x15, 0x5D, 0x8A,
  31890. 0xC8, 0x8C, 0xB3, 0x2E, 0x4E, 0x21, 0xA3, 0xBD,
  31891. 0x3A, 0x03, 0xFD, 0xEC, 0x32, 0x5A, 0x51, 0xCD,
  31892. 0x27, 0x73, 0x96, 0x4E, 0x67, 0x84, 0xFC, 0xF1,
  31893. 0x85, 0x37, 0x37, 0xAA, 0x64, 0xEB, 0x67, 0x56,
  31894. 0x47, 0x27, 0x27, 0x26, 0x61, 0xAB, 0xF8, 0x43,
  31895. 0x13, 0xA5, 0x7A, 0x44, 0xB1, 0x23, 0xC6, 0x55,
  31896. 0x09, 0xCF, 0xB7, 0xA6, 0xF6, 0x64, 0x1C, 0xDC,
  31897. 0xC3, 0xB5, 0x7F, 0xE6, 0x28, 0xC7, 0xB8, 0x19,
  31898. 0x2D, 0xB4, 0x4F, 0xFB, 0xF5, 0x79, 0x6A, 0x86,
  31899. 0x13, 0xB1, 0xFA, 0x12, 0x6F, 0x60, 0x76, 0x88,
  31900. 0x3C, 0x78, 0x3D, 0xC2, 0x4E, 0x2A, 0x44, 0x64,
  31901. 0xC4, 0x0B, 0x3A, 0x41, 0xCA, 0x70, 0xAE, 0x87,
  31902. 0x62, 0x08, 0x66, 0xCF, 0x4F, 0xCB, 0x2B, 0xD2,
  31903. 0x04, 0xBF, 0x5C, 0x28, 0x38, 0x12, 0xBA, 0x05,
  31904. 0x6A, 0xC0, 0xC3, 0x45, 0xE3, 0x79, 0xC4, 0xBA,
  31905. 0x24, 0xD7, 0x50, 0x90, 0x12, 0x79, 0xBB, 0x2F,
  31906. 0x3A, 0x16, 0xF6, 0x12, 0xBF, 0xAD, 0xB3, 0x57,
  31907. 0x03, 0x33, 0x2C, 0x7C, 0x13, 0x6F, 0x68, 0xEA,
  31908. 0xB6, 0x75, 0x5C, 0x66, 0xB6, 0xA4, 0xAD, 0x1A,
  31909. 0xAB, 0xA7, 0xB7, 0x68, 0xA5, 0x8A, 0xCA, 0xAC,
  31910. 0xC1, 0x0A, 0x45, 0x9A, 0x1C, 0xC8, 0xEF, 0x29,
  31911. 0x37, 0x7B, 0xC2, 0x00, 0xE4, 0xD3, 0x15, 0xA3,
  31912. 0x0A, 0x6B, 0xCC, 0x32, 0x56, 0xF9, 0x73, 0x4D,
  31913. 0x06, 0xE9, 0x77, 0x9C, 0xAA, 0x54, 0x42, 0xA9,
  31914. 0xA1, 0x60, 0x69, 0x08, 0x13, 0x77, 0xC7, 0x6E,
  31915. 0x75, 0x15, 0x43, 0x68, 0x07, 0x2D, 0xC4, 0x46,
  31916. 0xED, 0x6C, 0x8B, 0x8E, 0x62, 0x2A, 0x21, 0xE3,
  31917. 0x83, 0xCF, 0x9B, 0xA1, 0xFB, 0x43, 0x4E, 0x2E,
  31918. 0xCC, 0x81, 0xE7, 0xB7, 0x8C, 0xEE, 0x98, 0x6B,
  31919. 0x8F, 0xF7, 0x98, 0xAB, 0x18, 0xCF, 0x96, 0x34,
  31920. 0x54, 0x35, 0x46, 0x28, 0x4E, 0xDA, 0x2A, 0x26,
  31921. 0xB4, 0x7F, 0x05, 0xB7, 0x35, 0xBC, 0xDB, 0x12,
  31922. 0x02, 0x22, 0x00, 0x76, 0xDC, 0x8B, 0x4E, 0x4B,
  31923. 0x9F, 0x85, 0x35, 0x33, 0xC8, 0xF6, 0xC7, 0xFF,
  31924. 0x38, 0x81, 0x7B, 0xA4, 0x97, 0x12, 0x83, 0x57,
  31925. 0x85, 0xF1, 0x7F, 0x14, 0xCA, 0x01, 0xD0, 0xC1,
  31926. 0xC1, 0xE9, 0x88, 0x10, 0xFE, 0x0B, 0x36, 0xE5,
  31927. 0xB4, 0x27, 0x15, 0x7B, 0x94, 0x18, 0x44, 0x9C,
  31928. 0xED, 0xD6, 0x41, 0xA4, 0x29, 0x3C, 0x85, 0xC3,
  31929. 0x27, 0x00, 0x10, 0x2A, 0xCE, 0xC2, 0x2E, 0xBA,
  31930. 0xD9, 0x8E, 0xD1, 0x60, 0xA5, 0xF0, 0x27, 0xBD,
  31931. 0x4C, 0xDA, 0x57, 0xF1, 0xF3, 0x72, 0x0A, 0x12,
  31932. 0xC1, 0x34, 0x65, 0x4D, 0xD5, 0xE7, 0x3F, 0x82,
  31933. 0x96, 0x76, 0x49, 0x53, 0x90, 0xD0, 0xE7, 0x92,
  31934. 0x9D, 0x60, 0x34, 0xE9, 0xC5, 0x5F, 0x7D, 0x55,
  31935. 0xBA, 0x65, 0x8B, 0xC5, 0x87, 0x98, 0x8E, 0x8A,
  31936. 0xF9, 0x49, 0x60, 0xF6, 0xCF, 0xB8, 0xD5, 0xAF,
  31937. 0x7A, 0x00, 0x21, 0x53, 0x5A, 0x6E, 0x25, 0xE4,
  31938. 0x37, 0xD4, 0x9A, 0x78, 0x06, 0x98, 0xBE, 0x22,
  31939. 0xAC, 0x99, 0x53, 0x94, 0x9F, 0x57, 0x1B, 0x85,
  31940. 0xA6, 0x85, 0x72, 0x5F, 0x82, 0x07, 0xA2, 0xB0,
  31941. 0xAE, 0x84, 0x9B, 0x60, 0x1A, 0xB9, 0x1B, 0x15,
  31942. 0x9B, 0x3D, 0xF4, 0xA1, 0x54, 0xC2, 0x04, 0x1E,
  31943. 0x77, 0x60, 0x70, 0xAF, 0xC4, 0x29, 0x69, 0x32,
  31944. 0x23, 0x80, 0x91, 0x7C, 0x97, 0x51, 0x07, 0x99,
  31945. 0xF3, 0x14, 0x91, 0x31, 0x47, 0x7E, 0x16, 0x66,
  31946. 0x3D, 0x31, 0x74, 0xC7, 0xC1, 0xCA, 0xEA, 0x78,
  31947. 0x85, 0x35, 0xC6, 0xC0, 0x05, 0xA6, 0x4F, 0x28,
  31948. 0x68, 0x63, 0x1B, 0x31, 0xB6, 0x6E, 0x20, 0x5F,
  31949. 0xD3, 0x8C, 0x1D, 0x84, 0x54, 0x2D, 0x0F, 0x1B,
  31950. 0x57, 0x8F, 0x58, 0xC9, 0xBF, 0x5A, 0x0F, 0xAE,
  31951. 0xAB, 0x6A, 0xB6, 0x49, 0x48, 0x93, 0x05, 0x31,
  31952. 0x65, 0xEA, 0xFD, 0x46, 0x5F, 0xC6, 0x4A, 0x0C,
  31953. 0x5F, 0x8F, 0x3F, 0x90, 0x03, 0x48, 0x94, 0x15,
  31954. 0x89, 0x9D, 0x59, 0xA5, 0x43, 0xD8, 0x20, 0x8C,
  31955. 0x54, 0xA3, 0x16, 0x65, 0x29, 0xB5, 0x39, 0x22
  31956. };
  31957. const byte kyber1024_sk[] = {
  31958. 0x07, 0x63, 0x8F, 0xB6, 0x98, 0x68, 0xF3, 0xD3,
  31959. 0x20, 0xE5, 0x86, 0x2B, 0xD9, 0x69, 0x33, 0xFE,
  31960. 0xB3, 0x11, 0xB3, 0x62, 0x09, 0x3C, 0x9B, 0x5D,
  31961. 0x50, 0x17, 0x0B, 0xCE, 0xD4, 0x3F, 0x1B, 0x53,
  31962. 0x6D, 0x9A, 0x20, 0x4B, 0xB1, 0xF2, 0x26, 0x95,
  31963. 0x95, 0x0B, 0xA1, 0xF2, 0xA9, 0xE8, 0xEB, 0x82,
  31964. 0x8B, 0x28, 0x44, 0x88, 0x76, 0x0B, 0x3F, 0xC8,
  31965. 0x4F, 0xAB, 0xA0, 0x42, 0x75, 0xD5, 0x62, 0x8E,
  31966. 0x39, 0xC5, 0xB2, 0x47, 0x13, 0x74, 0x28, 0x3C,
  31967. 0x50, 0x32, 0x99, 0xC0, 0xAB, 0x49, 0xB6, 0x6B,
  31968. 0x8B, 0xBB, 0x56, 0xA4, 0x18, 0x66, 0x24, 0xF9,
  31969. 0x19, 0xA2, 0xBA, 0x59, 0xBB, 0x08, 0xD8, 0x55,
  31970. 0x18, 0x80, 0xC2, 0xBE, 0xFC, 0x4F, 0x87, 0xF2,
  31971. 0x5F, 0x59, 0xAB, 0x58, 0x7A, 0x79, 0xC3, 0x27,
  31972. 0xD7, 0x92, 0xD5, 0x4C, 0x97, 0x4A, 0x69, 0x26,
  31973. 0x2F, 0xF8, 0xA7, 0x89, 0x38, 0x28, 0x9E, 0x9A,
  31974. 0x87, 0xB6, 0x88, 0xB0, 0x83, 0xE0, 0x59, 0x5F,
  31975. 0xE2, 0x18, 0xB6, 0xBB, 0x15, 0x05, 0x94, 0x1C,
  31976. 0xE2, 0xE8, 0x1A, 0x5A, 0x64, 0xC5, 0xAA, 0xC6,
  31977. 0x04, 0x17, 0x25, 0x69, 0x85, 0x34, 0x9E, 0xE4,
  31978. 0x7A, 0x52, 0x42, 0x0A, 0x5F, 0x97, 0x47, 0x7B,
  31979. 0x72, 0x36, 0xAC, 0x76, 0xBC, 0x70, 0xE8, 0x28,
  31980. 0x87, 0x29, 0x28, 0x7E, 0xE3, 0xE3, 0x4A, 0x3D,
  31981. 0xBC, 0x36, 0x83, 0xC0, 0xB7, 0xB1, 0x00, 0x29,
  31982. 0xFC, 0x20, 0x34, 0x18, 0x53, 0x7E, 0x74, 0x66,
  31983. 0xBA, 0x63, 0x85, 0xA8, 0xFF, 0x30, 0x1E, 0xE1,
  31984. 0x27, 0x08, 0xF8, 0x2A, 0xAA, 0x1E, 0x38, 0x0F,
  31985. 0xC7, 0xA8, 0x8F, 0x8F, 0x20, 0x5A, 0xB7, 0xE8,
  31986. 0x8D, 0x7E, 0x95, 0x95, 0x2A, 0x55, 0xBA, 0x20,
  31987. 0xD0, 0x9B, 0x79, 0xA4, 0x71, 0x41, 0xD6, 0x2B,
  31988. 0xF6, 0xEB, 0x7D, 0xD3, 0x07, 0xB0, 0x8E, 0xCA,
  31989. 0x13, 0xA5, 0xBC, 0x5F, 0x6B, 0x68, 0x58, 0x1C,
  31990. 0x68, 0x65, 0xB2, 0x7B, 0xBC, 0xDD, 0xAB, 0x14,
  31991. 0x2F, 0x4B, 0x2C, 0xBF, 0xF4, 0x88, 0xC8, 0xA2,
  31992. 0x27, 0x05, 0xFA, 0xA9, 0x8A, 0x2B, 0x9E, 0xEA,
  31993. 0x35, 0x30, 0xC7, 0x66, 0x62, 0x33, 0x5C, 0xC7,
  31994. 0xEA, 0x3A, 0x00, 0x77, 0x77, 0x25, 0xEB, 0xCC,
  31995. 0xCD, 0x2A, 0x46, 0x36, 0xB2, 0xD9, 0x12, 0x2F,
  31996. 0xF3, 0xAB, 0x77, 0x12, 0x3C, 0xE0, 0x88, 0x3C,
  31997. 0x19, 0x11, 0x11, 0x5E, 0x50, 0xC9, 0xE8, 0xA9,
  31998. 0x41, 0x94, 0xE4, 0x8D, 0xD0, 0xD0, 0x9C, 0xFF,
  31999. 0xB3, 0xAD, 0xCD, 0x2C, 0x1E, 0x92, 0x43, 0x09,
  32000. 0x03, 0xD0, 0x7A, 0xDB, 0xF0, 0x05, 0x32, 0x03,
  32001. 0x15, 0x75, 0xAA, 0x7F, 0x9E, 0x7B, 0x5A, 0x1F,
  32002. 0x33, 0x62, 0xDE, 0xC9, 0x36, 0xD4, 0x04, 0x3C,
  32003. 0x05, 0xF2, 0x47, 0x6C, 0x07, 0x57, 0x8B, 0xC9,
  32004. 0xCB, 0xAF, 0x2A, 0xB4, 0xE3, 0x82, 0x72, 0x7A,
  32005. 0xD4, 0x16, 0x86, 0xA9, 0x6B, 0x25, 0x48, 0x82,
  32006. 0x0B, 0xB0, 0x3B, 0x32, 0xF1, 0x1B, 0x28, 0x11,
  32007. 0xAD, 0x62, 0xF4, 0x89, 0xE9, 0x51, 0x63, 0x2A,
  32008. 0xBA, 0x0D, 0x1D, 0xF8, 0x96, 0x80, 0xCC, 0x8A,
  32009. 0x8B, 0x53, 0xB4, 0x81, 0xD9, 0x2A, 0x68, 0xD7,
  32010. 0x0B, 0x4E, 0xA1, 0xC3, 0xA6, 0xA5, 0x61, 0xC0,
  32011. 0x69, 0x28, 0x82, 0xB5, 0xCA, 0x8C, 0xC9, 0x42,
  32012. 0xA8, 0xD4, 0x95, 0xAF, 0xCB, 0x06, 0xDE, 0x89,
  32013. 0x49, 0x8F, 0xB9, 0x35, 0xB7, 0x75, 0x90, 0x8F,
  32014. 0xE7, 0xA0, 0x3E, 0x32, 0x4D, 0x54, 0xCC, 0x19,
  32015. 0xD4, 0xE1, 0xAA, 0xBD, 0x35, 0x93, 0xB3, 0x8B,
  32016. 0x19, 0xEE, 0x13, 0x88, 0xFE, 0x49, 0x2B, 0x43,
  32017. 0x12, 0x7E, 0x5A, 0x50, 0x42, 0x53, 0x78, 0x6A,
  32018. 0x0D, 0x69, 0xAD, 0x32, 0x60, 0x1C, 0x28, 0xE2,
  32019. 0xC8, 0x85, 0x04, 0xA5, 0xBA, 0x59, 0x97, 0x06,
  32020. 0x02, 0x3A, 0x61, 0x36, 0x3E, 0x17, 0xC6, 0xB9,
  32021. 0xBB, 0x59, 0xBD, 0xC6, 0x97, 0x45, 0x2C, 0xD0,
  32022. 0x59, 0x45, 0x19, 0x83, 0xD7, 0x38, 0xCA, 0x3F,
  32023. 0xD0, 0x34, 0xE3, 0xF5, 0x98, 0x88, 0x54, 0xCA,
  32024. 0x05, 0x03, 0x1D, 0xB0, 0x96, 0x11, 0x49, 0x89,
  32025. 0x88, 0x19, 0x7C, 0x6B, 0x30, 0xD2, 0x58, 0xDF,
  32026. 0xE2, 0x62, 0x65, 0x54, 0x1C, 0x89, 0xA4, 0xB3,
  32027. 0x1D, 0x68, 0x64, 0xE9, 0x38, 0x9B, 0x03, 0xCB,
  32028. 0x74, 0xF7, 0xEC, 0x43, 0x23, 0xFB, 0x94, 0x21,
  32029. 0xA4, 0xB9, 0x79, 0x0A, 0x26, 0xD1, 0x7B, 0x03,
  32030. 0x98, 0xA2, 0x67, 0x67, 0x35, 0x09, 0x09, 0xF8,
  32031. 0x4D, 0x57, 0xB6, 0x69, 0x4D, 0xF8, 0x30, 0x66,
  32032. 0x4C, 0xA8, 0xB3, 0xC3, 0xC0, 0x3E, 0xD2, 0xAE,
  32033. 0x67, 0xB8, 0x90, 0x06, 0x86, 0x8A, 0x68, 0x52,
  32034. 0x7C, 0xCD, 0x66, 0x64, 0x59, 0xAB, 0x7F, 0x05,
  32035. 0x66, 0x71, 0x00, 0x0C, 0x61, 0x64, 0xD3, 0xA7,
  32036. 0xF2, 0x66, 0xA1, 0x4D, 0x97, 0xCB, 0xD7, 0x00,
  32037. 0x4D, 0x6C, 0x92, 0xCA, 0xCA, 0x77, 0x0B, 0x84,
  32038. 0x4A, 0x4F, 0xA9, 0xB1, 0x82, 0xE7, 0xB1, 0x8C,
  32039. 0xA8, 0x85, 0x08, 0x2A, 0xC5, 0x64, 0x6F, 0xCB,
  32040. 0x4A, 0x14, 0xE1, 0x68, 0x5F, 0xEB, 0x0C, 0x9C,
  32041. 0xE3, 0x37, 0x2A, 0xB9, 0x53, 0x65, 0xC0, 0x4F,
  32042. 0xD8, 0x30, 0x84, 0xF8, 0x0A, 0x23, 0xFF, 0x10,
  32043. 0xA0, 0x5B, 0xF1, 0x5F, 0x7F, 0xA5, 0xAC, 0xC6,
  32044. 0xC0, 0xCB, 0x46, 0x2C, 0x33, 0xCA, 0x52, 0x4F,
  32045. 0xA6, 0xB8, 0xBB, 0x35, 0x90, 0x43, 0xBA, 0x68,
  32046. 0x60, 0x9E, 0xAA, 0x25, 0x36, 0xE8, 0x1D, 0x08,
  32047. 0x46, 0x3B, 0x19, 0x65, 0x3B, 0x54, 0x35, 0xBA,
  32048. 0x94, 0x6C, 0x9A, 0xDD, 0xEB, 0x20, 0x2B, 0x04,
  32049. 0xB0, 0x31, 0xCC, 0x96, 0x0D, 0xCC, 0x12, 0xE4,
  32050. 0x51, 0x8D, 0x42, 0x8B, 0x32, 0xB2, 0x57, 0xA4,
  32051. 0xFC, 0x73, 0x13, 0xD3, 0xA7, 0x98, 0x0D, 0x80,
  32052. 0x08, 0x2E, 0x93, 0x4F, 0x9D, 0x95, 0xC3, 0x2B,
  32053. 0x0A, 0x01, 0x91, 0xA2, 0x36, 0x04, 0x38, 0x4D,
  32054. 0xD9, 0xE0, 0x79, 0xBB, 0xBA, 0xA2, 0x66, 0xD1,
  32055. 0x4C, 0x3F, 0x75, 0x6B, 0x9F, 0x21, 0x33, 0x10,
  32056. 0x74, 0x33, 0xA4, 0xE8, 0x3F, 0xA7, 0x18, 0x72,
  32057. 0x82, 0xA8, 0x09, 0x20, 0x3A, 0x4F, 0xAF, 0x84,
  32058. 0x18, 0x51, 0x83, 0x3D, 0x12, 0x1A, 0xC3, 0x83,
  32059. 0x84, 0x3A, 0x5E, 0x55, 0xBC, 0x23, 0x81, 0x42,
  32060. 0x5E, 0x16, 0xC7, 0xDB, 0x4C, 0xC9, 0xAB, 0x5C,
  32061. 0x1B, 0x0D, 0x91, 0xA4, 0x7E, 0x2B, 0x8D, 0xE0,
  32062. 0xE5, 0x82, 0xC8, 0x6B, 0x6B, 0x0D, 0x90, 0x7B,
  32063. 0xB3, 0x60, 0xB9, 0x7F, 0x40, 0xAB, 0x5D, 0x03,
  32064. 0x8F, 0x6B, 0x75, 0xC8, 0x14, 0xB2, 0x7D, 0x9B,
  32065. 0x96, 0x8D, 0x41, 0x98, 0x32, 0xBC, 0x8C, 0x2B,
  32066. 0xEE, 0x60, 0x5E, 0xF6, 0xE5, 0x05, 0x9D, 0x33,
  32067. 0x10, 0x0D, 0x90, 0x48, 0x5D, 0x37, 0x84, 0x50,
  32068. 0x01, 0x42, 0x21, 0x73, 0x6C, 0x07, 0x40, 0x7C,
  32069. 0xAC, 0x26, 0x04, 0x08, 0xAA, 0x64, 0x92, 0x66,
  32070. 0x19, 0x78, 0x8B, 0x86, 0x01, 0xC2, 0xA7, 0x52,
  32071. 0xD1, 0xA6, 0xCB, 0xF8, 0x20, 0xD7, 0xC7, 0xA0,
  32072. 0x47, 0x16, 0x20, 0x32, 0x25, 0xB3, 0x89, 0x5B,
  32073. 0x93, 0x42, 0xD1, 0x47, 0xA8, 0x18, 0x5C, 0xFC,
  32074. 0x1B, 0xB6, 0x5B, 0xA0, 0x6B, 0x41, 0x42, 0x33,
  32075. 0x99, 0x03, 0xC0, 0xAC, 0x46, 0x51, 0x38, 0x5B,
  32076. 0x45, 0xD9, 0x8A, 0x8B, 0x19, 0xD2, 0x8C, 0xD6,
  32077. 0xBA, 0xB0, 0x88, 0x78, 0x7F, 0x7E, 0xE1, 0xB1,
  32078. 0x24, 0x61, 0x76, 0x6B, 0x43, 0xCB, 0xCC, 0xB9,
  32079. 0x64, 0x34, 0x42, 0x7D, 0x93, 0xC0, 0x65, 0x55,
  32080. 0x06, 0x88, 0xF6, 0x94, 0x8E, 0xD1, 0xB5, 0x47,
  32081. 0x5A, 0x42, 0x5F, 0x1B, 0x85, 0x20, 0x9D, 0x06,
  32082. 0x1C, 0x08, 0xB5, 0x6C, 0x1C, 0xC0, 0x69, 0xF6,
  32083. 0xC0, 0xA7, 0xC6, 0xF2, 0x93, 0x58, 0xCA, 0xB9,
  32084. 0x11, 0x08, 0x77, 0x32, 0xA6, 0x49, 0xD2, 0x7C,
  32085. 0x9B, 0x98, 0xF9, 0xA4, 0x88, 0x79, 0x38, 0x7D,
  32086. 0x9B, 0x00, 0xC2, 0x59, 0x59, 0xA7, 0x16, 0x54,
  32087. 0xD6, 0xF6, 0xA9, 0x46, 0x16, 0x45, 0x13, 0xE4,
  32088. 0x7A, 0x75, 0xD0, 0x05, 0x98, 0x6C, 0x23, 0x63,
  32089. 0xC0, 0x9F, 0x6B, 0x53, 0x7E, 0xCA, 0x78, 0xB9,
  32090. 0x30, 0x3A, 0x5F, 0xA4, 0x57, 0x60, 0x8A, 0x58,
  32091. 0x6A, 0x65, 0x3A, 0x34, 0x7D, 0xB0, 0x4D, 0xFC,
  32092. 0xC1, 0x91, 0x75, 0xB3, 0xA3, 0x01, 0x17, 0x25,
  32093. 0x36, 0x06, 0x2A, 0x65, 0x8A, 0x95, 0x27, 0x75,
  32094. 0x70, 0xC8, 0x85, 0x2C, 0xA8, 0x97, 0x3F, 0x4A,
  32095. 0xE1, 0x23, 0xA3, 0x34, 0x04, 0x7D, 0xD7, 0x11,
  32096. 0xC8, 0x92, 0x7A, 0x63, 0x4A, 0x03, 0x38, 0x8A,
  32097. 0x52, 0x7B, 0x03, 0x4B, 0xF7, 0xA8, 0x17, 0x0F,
  32098. 0xA7, 0x02, 0xC1, 0xF7, 0xC2, 0x3E, 0xC3, 0x2D,
  32099. 0x18, 0xA2, 0x37, 0x48, 0x90, 0xBE, 0x9C, 0x78,
  32100. 0x7A, 0x94, 0x09, 0xC8, 0x2D, 0x19, 0x2C, 0x4B,
  32101. 0xB7, 0x05, 0xA2, 0xF9, 0x96, 0xCE, 0x40, 0x5D,
  32102. 0x85, 0xA4, 0xC1, 0xA1, 0xAB, 0x9B, 0x6A, 0xEB,
  32103. 0x49, 0xCC, 0xE1, 0xC2, 0xF8, 0xA9, 0x7C, 0x35,
  32104. 0x16, 0xC7, 0x2A, 0x00, 0xA4, 0x62, 0x63, 0xBA,
  32105. 0xA6, 0x96, 0xBF, 0x25, 0x72, 0x77, 0x19, 0xC3,
  32106. 0x21, 0x64, 0x23, 0x61, 0x8F, 0xF3, 0x33, 0x80,
  32107. 0x93, 0x4A, 0x6C, 0x10, 0x54, 0x5C, 0x4C, 0x5C,
  32108. 0x51, 0x55, 0xB1, 0x24, 0x86, 0x18, 0x1F, 0xC7,
  32109. 0xA2, 0x31, 0x98, 0x73, 0x97, 0x8B, 0x6A, 0x2A,
  32110. 0x67, 0x49, 0x0F, 0x82, 0x56, 0xBD, 0x21, 0x96,
  32111. 0xFE, 0x17, 0x92, 0xA4, 0xC0, 0x00, 0x77, 0xB8,
  32112. 0x12, 0xEA, 0xE8, 0xBE, 0xD3, 0x57, 0x24, 0x99,
  32113. 0x68, 0x4A, 0xB3, 0x37, 0x18, 0x76, 0x76, 0x1E,
  32114. 0x45, 0x0C, 0x9F, 0x9D, 0x27, 0x68, 0xA3, 0x68,
  32115. 0x06, 0xD7, 0xAB, 0x20, 0x46, 0xC9, 0x1F, 0x17,
  32116. 0x59, 0x9E, 0x9A, 0xC5, 0x92, 0x99, 0x08, 0x08,
  32117. 0xDC, 0xD7, 0xB4, 0xD0, 0x91, 0x90, 0x72, 0xF1,
  32118. 0x4E, 0xC3, 0x61, 0x77, 0x3B, 0x72, 0x52, 0x44,
  32119. 0x4C, 0x32, 0x3C, 0x30, 0x83, 0x26, 0xF4, 0xA3,
  32120. 0x0F, 0x86, 0x80, 0xD2, 0xF7, 0x48, 0xF5, 0x6A,
  32121. 0x13, 0x2B, 0x82, 0x67, 0x4E, 0xD0, 0x18, 0x46,
  32122. 0x20, 0xB8, 0x2A, 0xD2, 0xCB, 0x18, 0x2C, 0x97,
  32123. 0xB4, 0x81, 0x62, 0x66, 0x47, 0x49, 0x12, 0x90,
  32124. 0xA0, 0x11, 0xCC, 0x73, 0x82, 0x86, 0x85, 0xA8,
  32125. 0xC3, 0x67, 0xA5, 0xB9, 0xCF, 0x8D, 0x62, 0x1B,
  32126. 0x0D, 0x5C, 0x1E, 0xFF, 0x03, 0x17, 0x27, 0x58,
  32127. 0xBD, 0x00, 0x49, 0x78, 0xC2, 0x51, 0xCD, 0x51,
  32128. 0x34, 0x22, 0x28, 0x98, 0x9C, 0xAE, 0x63, 0x32,
  32129. 0xAC, 0x48, 0x64, 0x37, 0xCB, 0x5C, 0x57, 0xD4,
  32130. 0x30, 0x74, 0x62, 0x86, 0x52, 0x53, 0xBE, 0x21,
  32131. 0x7B, 0x35, 0x15, 0xC7, 0x3D, 0xF4, 0x05, 0xB7,
  32132. 0xF2, 0x82, 0x17, 0xAD, 0x0B, 0x8C, 0xF6, 0x0C,
  32133. 0x2F, 0xFF, 0xAA, 0x0A, 0x00, 0x48, 0xB1, 0xFB,
  32134. 0x4A, 0xCD, 0xCD, 0xC3, 0x8B, 0x52, 0x50, 0xCF,
  32135. 0xEC, 0x35, 0x6A, 0x6D, 0xE2, 0x6C, 0xFA, 0x7A,
  32136. 0x58, 0x8F, 0xDC, 0x86, 0xF9, 0x8C, 0x85, 0x4A,
  32137. 0xC6, 0x4C, 0x7B, 0xFA, 0xA9, 0x6F, 0x5A, 0x32,
  32138. 0xCC, 0x06, 0x10, 0x93, 0x4B, 0xAA, 0x6A, 0x58,
  32139. 0x6B, 0x9A, 0x20, 0x54, 0xF1, 0x3B, 0xA2, 0x74,
  32140. 0x17, 0x4A, 0xA0, 0xD2, 0xB3, 0xA8, 0x1B, 0x96,
  32141. 0xA9, 0x40, 0x66, 0x6F, 0x78, 0x9B, 0x5A, 0x6B,
  32142. 0xCD, 0xC0, 0xA6, 0xA0, 0x17, 0x8A, 0x0C, 0x9A,
  32143. 0x02, 0x57, 0x8A, 0x49, 0x3F, 0x6E, 0xEA, 0x0D,
  32144. 0x2E, 0x6C, 0x13, 0x95, 0x1C, 0x9F, 0x24, 0x9A,
  32145. 0x5E, 0x8D, 0xD7, 0x1D, 0xD4, 0x9A, 0x74, 0x2D,
  32146. 0x45, 0x1F, 0x1A, 0xBB, 0xA1, 0x9A, 0xF8, 0xC5,
  32147. 0x47, 0x85, 0x5E, 0x0A, 0xFC, 0x72, 0x8E, 0x90,
  32148. 0xAB, 0xB4, 0x99, 0xC9, 0xBE, 0xEB, 0x76, 0x6F,
  32149. 0x47, 0x29, 0xCD, 0xA2, 0x22, 0x63, 0xE3, 0x24,
  32150. 0xD2, 0x23, 0x02, 0xCB, 0xD3, 0x39, 0x9F, 0xAC,
  32151. 0xC6, 0x30, 0x99, 0x1F, 0xC8, 0xF2, 0x8B, 0xDB,
  32152. 0x43, 0x54, 0x76, 0x25, 0x41, 0x52, 0x76, 0x78,
  32153. 0xBC, 0xF6, 0x1F, 0x65, 0xC2, 0x41, 0x14, 0x6C,
  32154. 0x42, 0x6D, 0x23, 0xB9, 0xBF, 0xAA, 0x6B, 0x7D,
  32155. 0xF1, 0x8C, 0x97, 0xF2, 0x0C, 0x1B, 0x61, 0x25,
  32156. 0xBF, 0x87, 0x4B, 0x1D, 0x89, 0x47, 0x58, 0x52,
  32157. 0xC4, 0x48, 0x21, 0x5D, 0xB0, 0xEB, 0x77, 0x37,
  32158. 0xF9, 0x14, 0x80, 0xE8, 0xCE, 0xBD, 0x9A, 0x08,
  32159. 0x71, 0x57, 0x4F, 0x5A, 0xB6, 0x2D, 0x90, 0x20,
  32160. 0x17, 0x5E, 0xC6, 0x92, 0x7C, 0xA0, 0xB5, 0x4C,
  32161. 0x09, 0x81, 0x8E, 0x42, 0xCF, 0x92, 0xA3, 0x83,
  32162. 0x17, 0x24, 0x22, 0xC7, 0xDC, 0x18, 0x31, 0xD6,
  32163. 0x3B, 0x0C, 0x29, 0x5D, 0xE7, 0x51, 0x59, 0xDB,
  32164. 0x80, 0x34, 0xE9, 0xE0, 0x7F, 0x7B, 0x0B, 0x91,
  32165. 0x0C, 0x3C, 0x1E, 0x5F, 0xB6, 0x6B, 0x3D, 0xC5,
  32166. 0x23, 0xF1, 0xFA, 0x6E, 0xB4, 0x91, 0x0C, 0xB8,
  32167. 0x9A, 0x6C, 0x17, 0x56, 0x2C, 0x83, 0xAB, 0x4C,
  32168. 0x18, 0xD0, 0xCD, 0x7E, 0x07, 0x96, 0x59, 0x2A,
  32169. 0x37, 0x2A, 0xA4, 0x09, 0xB1, 0xC5, 0x57, 0x34,
  32170. 0x7C, 0xCA, 0xCD, 0xC4, 0x64, 0x4A, 0x11, 0x90,
  32171. 0x64, 0xD0, 0x6D, 0xD4, 0x74, 0x92, 0x9D, 0x1C,
  32172. 0x6F, 0xB4, 0xD6, 0x86, 0xE5, 0x49, 0x1C, 0xE4,
  32173. 0xBC, 0x89, 0xA3, 0x0B, 0xB4, 0xB8, 0xC4, 0x1B,
  32174. 0xCE, 0x51, 0x57, 0xDF, 0xC1, 0x36, 0x08, 0x23,
  32175. 0xB1, 0xAB, 0x61, 0x8C, 0x14, 0xB1, 0x0F, 0x98,
  32176. 0xC2, 0x50, 0x67, 0x39, 0x8E, 0xA7, 0x01, 0x8C,
  32177. 0x27, 0x8A, 0x4B, 0x3D, 0xF3, 0x13, 0x34, 0xD6,
  32178. 0x03, 0xB2, 0x04, 0x4E, 0xF1, 0x87, 0xCD, 0x9B,
  32179. 0xC6, 0xCE, 0x42, 0x72, 0x5B, 0xD9, 0x62, 0xC2,
  32180. 0x64, 0x98, 0x3E, 0x9E, 0x18, 0x15, 0x5A, 0x8B,
  32181. 0x9C, 0x47, 0x14, 0x3D, 0x70, 0x46, 0x0A, 0x26,
  32182. 0xA5, 0x6F, 0xE7, 0x65, 0x8C, 0x1F, 0x15, 0x03,
  32183. 0x48, 0xC6, 0x08, 0x7E, 0xF7, 0x58, 0xAD, 0x16,
  32184. 0x78, 0x87, 0x86, 0x0A, 0x00, 0x7A, 0x5F, 0xC3,
  32185. 0x73, 0x58, 0xD4, 0x3B, 0x5E, 0xBE, 0xE8, 0x20,
  32186. 0xAC, 0xEA, 0x47, 0x4F, 0x0A, 0xC0, 0x7B, 0x76,
  32187. 0x80, 0x28, 0x66, 0x19, 0x9C, 0x61, 0x23, 0x1D,
  32188. 0x5C, 0x74, 0x7C, 0x93, 0x77, 0x4D, 0x2C, 0x1E,
  32189. 0x0C, 0x1C, 0x67, 0xE6, 0xC8, 0x1B, 0x82, 0x75,
  32190. 0x21, 0x73, 0xE1, 0x25, 0xBA, 0xF3, 0x9B, 0x4F,
  32191. 0xD1, 0x9A, 0x4F, 0x45, 0x3D, 0xC5, 0x79, 0x76,
  32192. 0xB1, 0xD9, 0x7F, 0xE6, 0x99, 0x69, 0x92, 0xBB,
  32193. 0xB6, 0x5B, 0x7C, 0xB2, 0x5D, 0x07, 0x7B, 0xBA,
  32194. 0xA6, 0xA1, 0x33, 0x22, 0x89, 0x9A, 0xF6, 0x59,
  32195. 0xCF, 0x1B, 0x35, 0x58, 0xC1, 0xB5, 0x00, 0x11,
  32196. 0x54, 0xB6, 0x25, 0x80, 0x9E, 0xD8, 0x9A, 0xEE,
  32197. 0xBB, 0x89, 0xE6, 0xEA, 0x7D, 0x67, 0xF7, 0x23,
  32198. 0xD0, 0x45, 0xAB, 0x05, 0x71, 0x5C, 0x42, 0x35,
  32199. 0x5D, 0xA6, 0xA5, 0xC8, 0xDD, 0x39, 0xC8, 0xAB,
  32200. 0xE3, 0x03, 0x77, 0x51, 0xA0, 0x1E, 0xD1, 0xC7,
  32201. 0x37, 0x49, 0x19, 0xF3, 0x12, 0x1B, 0x5A, 0x52,
  32202. 0xC5, 0x3D, 0x14, 0x87, 0x31, 0x67, 0x69, 0xF8,
  32203. 0x07, 0x21, 0xDE, 0xEA, 0xAA, 0xD3, 0xC9, 0x0F,
  32204. 0x76, 0xE7, 0xAE, 0x9E, 0x12, 0xBA, 0x92, 0xB3,
  32205. 0x2B, 0x5F, 0xD4, 0x57, 0xE3, 0xC7, 0x52, 0xC2,
  32206. 0x65, 0x0D, 0xFB, 0x88, 0x57, 0x71, 0xCB, 0x77,
  32207. 0xAC, 0x3C, 0x78, 0x5A, 0x8C, 0x56, 0x2E, 0x6A,
  32208. 0x1C, 0x63, 0xC2, 0xA5, 0x5E, 0xA4, 0x7C, 0xF8,
  32209. 0xB9, 0x0E, 0xB8, 0x22, 0x5C, 0x12, 0x3C, 0x34,
  32210. 0x64, 0x52, 0x56, 0x62, 0x35, 0xB2, 0xF3, 0x18,
  32211. 0x23, 0xA3, 0x35, 0x21, 0xE0, 0x87, 0x93, 0x7A,
  32212. 0x34, 0x5D, 0x8D, 0x66, 0x3E, 0xEA, 0xA0, 0x56,
  32213. 0x58, 0x91, 0x7B, 0xBA, 0xA0, 0x08, 0xC2, 0xE3,
  32214. 0x35, 0xF8, 0x85, 0x0A, 0x90, 0xA3, 0x26, 0xD0,
  32215. 0xE6, 0x64, 0x32, 0xF4, 0x4C, 0xEB, 0x82, 0x89,
  32216. 0xE4, 0xEC, 0xB2, 0xD1, 0x29, 0x58, 0xE9, 0x84,
  32217. 0x07, 0x2E, 0xCA, 0xCB, 0x88, 0xE1, 0x34, 0x8F,
  32218. 0xF0, 0xB5, 0x56, 0x54, 0xAC, 0xBA, 0x5B, 0x54,
  32219. 0x97, 0x1C, 0xBA, 0xEB, 0xA8, 0x8E, 0xC4, 0xB9,
  32220. 0x1A, 0x94, 0xC3, 0x71, 0x92, 0xFA, 0x98, 0x2B,
  32221. 0xEC, 0xB9, 0xF3, 0xDA, 0x42, 0x16, 0x03, 0xB6,
  32222. 0x1A, 0x51, 0xBC, 0x8E, 0x36, 0xCB, 0xD0, 0x53,
  32223. 0x85, 0x1C, 0x77, 0xB1, 0xB9, 0x26, 0xB1, 0x7A,
  32224. 0x27, 0x2A, 0xA9, 0x02, 0x32, 0x46, 0xB0, 0x2B,
  32225. 0x3E, 0xD4, 0x7F, 0x66, 0xA0, 0x0B, 0xD5, 0x68,
  32226. 0x48, 0x23, 0x63, 0x4E, 0x7C, 0xE5, 0x8C, 0xF8,
  32227. 0xF3, 0x06, 0xE3, 0x5B, 0x1E, 0x53, 0x22, 0x82,
  32228. 0x4D, 0x90, 0x48, 0x01, 0xF0, 0xA2, 0xFA, 0x7C,
  32229. 0x2B, 0xC9, 0xC2, 0x52, 0xB0, 0xA5, 0x6B, 0x7B,
  32230. 0xA2, 0xAB, 0x0F, 0x63, 0x60, 0x21, 0x74, 0x5A,
  32231. 0x70, 0xA9, 0xA4, 0x3E, 0x2B, 0x0A, 0x8D, 0x61,
  32232. 0x59, 0x70, 0xB6, 0x53, 0x09, 0x62, 0x4B, 0x51,
  32233. 0x84, 0xBC, 0xC3, 0x0B, 0x91, 0x16, 0x79, 0xAE,
  32234. 0xDD, 0x76, 0x02, 0x5F, 0xE3, 0x90, 0x8F, 0xD6,
  32235. 0x78, 0x97, 0xB0, 0xCF, 0x4B, 0xE5, 0xA6, 0xF5,
  32236. 0x41, 0x3D, 0x7D, 0xD9, 0x85, 0x64, 0xB2, 0x3E,
  32237. 0x42, 0xA9, 0x3E, 0x4A, 0xA8, 0x82, 0x1C, 0xD4,
  32238. 0x50, 0x54, 0xC6, 0x43, 0xED, 0xC1, 0x15, 0x8D,
  32239. 0xB6, 0xB3, 0xDE, 0xB1, 0x3F, 0xB5, 0xA5, 0x1E,
  32240. 0xBD, 0x1A, 0x8A, 0x78, 0xB8, 0x72, 0x25, 0xA7,
  32241. 0x33, 0x8E, 0x10, 0x11, 0x04, 0xC4, 0xA2, 0x20,
  32242. 0xD9, 0xBD, 0xED, 0xD4, 0x8C, 0x85, 0xA1, 0xC2,
  32243. 0xDA, 0xE7, 0x81, 0xA8, 0x0C, 0x40, 0xE1, 0x3B,
  32244. 0x87, 0xEA, 0xC7, 0x3A, 0x76, 0x42, 0x01, 0xC9,
  32245. 0xB7, 0x60, 0xCC, 0xFB, 0x1A, 0xE3, 0x92, 0x69,
  32246. 0x9C, 0x70, 0x39, 0xD2, 0x7C, 0x39, 0x36, 0x2B,
  32247. 0x27, 0xB8, 0xFC, 0x6F, 0x07, 0xA8, 0xA3, 0xD4,
  32248. 0x41, 0x0F, 0x15, 0x47, 0xC4, 0x8A, 0x99, 0x97,
  32249. 0xF6, 0x2C, 0x61, 0x07, 0x44, 0x52, 0xEF, 0x15,
  32250. 0x15, 0xF8, 0xA6, 0x49, 0xEB, 0xCA, 0x94, 0x37,
  32251. 0x20, 0x5A, 0x4E, 0x8A, 0x61, 0x60, 0x6B, 0x41,
  32252. 0xDA, 0xF6, 0x83, 0x4D, 0x67, 0x1F, 0x4D, 0x85,
  32253. 0x2C, 0x0C, 0x9C, 0x40, 0x96, 0x61, 0x16, 0x48,
  32254. 0xC6, 0xA3, 0x17, 0x06, 0x78, 0xB1, 0x53, 0x7C,
  32255. 0xC1, 0x82, 0x8D, 0x93, 0x58, 0x0C, 0x9E, 0x58,
  32256. 0x49, 0xA9, 0x65, 0x31, 0x75, 0xAC, 0xB7, 0x53,
  32257. 0xF2, 0xBE, 0x74, 0x37, 0xBE, 0x45, 0xF6, 0xC6,
  32258. 0x03, 0xE4, 0x85, 0xF2, 0xEC, 0x30, 0x1B, 0xB4,
  32259. 0x2B, 0x6C, 0x37, 0xC2, 0x25, 0xD7, 0x49, 0x5A,
  32260. 0x58, 0x4A, 0xE2, 0x31, 0x89, 0x0A, 0xB5, 0xC8,
  32261. 0xC3, 0x5C, 0x26, 0x8C, 0xF4, 0xBB, 0xB0, 0x21,
  32262. 0x3C, 0x09, 0x60, 0x19, 0x31, 0x95, 0x61, 0xA8,
  32263. 0xA6, 0x94, 0x76, 0x37, 0xAA, 0x40, 0xD0, 0x06,
  32264. 0xB4, 0x15, 0xBB, 0x2C, 0xFA, 0x22, 0x37, 0xE0,
  32265. 0x89, 0x0B, 0x6A, 0x3B, 0xC1, 0x34, 0xAB, 0xF8,
  32266. 0xF6, 0x58, 0x5E, 0x10, 0x8D, 0x15, 0x94, 0x0F,
  32267. 0x91, 0xF4, 0xBF, 0x5B, 0x0C, 0x81, 0x80, 0x55,
  32268. 0xB2, 0x1D, 0xEA, 0x6E, 0x63, 0xB5, 0x53, 0x98,
  32269. 0x8C, 0x47, 0xF4, 0xB9, 0x4E, 0x7C, 0xF8, 0x00,
  32270. 0xA4, 0x93, 0xB4, 0x73, 0x47, 0x05, 0xED, 0xC5,
  32271. 0x6A, 0x4B, 0x60, 0x21, 0xC6, 0x29, 0x50, 0x06,
  32272. 0x75, 0x87, 0x68, 0x04, 0xCF, 0x0B, 0x95, 0x1F,
  32273. 0x03, 0x8A, 0x5C, 0x7F, 0xE5, 0x8E, 0x89, 0x77,
  32274. 0x4E, 0xF2, 0x99, 0x2F, 0xD7, 0xC6, 0x30, 0x99,
  32275. 0xD3, 0x52, 0xA7, 0xD2, 0x15, 0x60, 0xB7, 0x88,
  32276. 0xB4, 0x05, 0x70, 0x98, 0x61, 0x81, 0x7E, 0x59,
  32277. 0xA9, 0x6B, 0x3A, 0x3A, 0x83, 0xCB, 0xA8, 0x03,
  32278. 0xB1, 0x69, 0x34, 0x33, 0x10, 0x71, 0x90, 0x5B,
  32279. 0xBE, 0xC6, 0x53, 0x29, 0x00, 0x15, 0x5D, 0x8A,
  32280. 0xC8, 0x8C, 0xB3, 0x2E, 0x4E, 0x21, 0xA3, 0xBD,
  32281. 0x3A, 0x03, 0xFD, 0xEC, 0x32, 0x5A, 0x51, 0xCD,
  32282. 0x27, 0x73, 0x96, 0x4E, 0x67, 0x84, 0xFC, 0xF1,
  32283. 0x85, 0x37, 0x37, 0xAA, 0x64, 0xEB, 0x67, 0x56,
  32284. 0x47, 0x27, 0x27, 0x26, 0x61, 0xAB, 0xF8, 0x43,
  32285. 0x13, 0xA5, 0x7A, 0x44, 0xB1, 0x23, 0xC6, 0x55,
  32286. 0x09, 0xCF, 0xB7, 0xA6, 0xF6, 0x64, 0x1C, 0xDC,
  32287. 0xC3, 0xB5, 0x7F, 0xE6, 0x28, 0xC7, 0xB8, 0x19,
  32288. 0x2D, 0xB4, 0x4F, 0xFB, 0xF5, 0x79, 0x6A, 0x86,
  32289. 0x13, 0xB1, 0xFA, 0x12, 0x6F, 0x60, 0x76, 0x88,
  32290. 0x3C, 0x78, 0x3D, 0xC2, 0x4E, 0x2A, 0x44, 0x64,
  32291. 0xC4, 0x0B, 0x3A, 0x41, 0xCA, 0x70, 0xAE, 0x87,
  32292. 0x62, 0x08, 0x66, 0xCF, 0x4F, 0xCB, 0x2B, 0xD2,
  32293. 0x04, 0xBF, 0x5C, 0x28, 0x38, 0x12, 0xBA, 0x05,
  32294. 0x6A, 0xC0, 0xC3, 0x45, 0xE3, 0x79, 0xC4, 0xBA,
  32295. 0x24, 0xD7, 0x50, 0x90, 0x12, 0x79, 0xBB, 0x2F,
  32296. 0x3A, 0x16, 0xF6, 0x12, 0xBF, 0xAD, 0xB3, 0x57,
  32297. 0x03, 0x33, 0x2C, 0x7C, 0x13, 0x6F, 0x68, 0xEA,
  32298. 0xB6, 0x75, 0x5C, 0x66, 0xB6, 0xA4, 0xAD, 0x1A,
  32299. 0xAB, 0xA7, 0xB7, 0x68, 0xA5, 0x8A, 0xCA, 0xAC,
  32300. 0xC1, 0x0A, 0x45, 0x9A, 0x1C, 0xC8, 0xEF, 0x29,
  32301. 0x37, 0x7B, 0xC2, 0x00, 0xE4, 0xD3, 0x15, 0xA3,
  32302. 0x0A, 0x6B, 0xCC, 0x32, 0x56, 0xF9, 0x73, 0x4D,
  32303. 0x06, 0xE9, 0x77, 0x9C, 0xAA, 0x54, 0x42, 0xA9,
  32304. 0xA1, 0x60, 0x69, 0x08, 0x13, 0x77, 0xC7, 0x6E,
  32305. 0x75, 0x15, 0x43, 0x68, 0x07, 0x2D, 0xC4, 0x46,
  32306. 0xED, 0x6C, 0x8B, 0x8E, 0x62, 0x2A, 0x21, 0xE3,
  32307. 0x83, 0xCF, 0x9B, 0xA1, 0xFB, 0x43, 0x4E, 0x2E,
  32308. 0xCC, 0x81, 0xE7, 0xB7, 0x8C, 0xEE, 0x98, 0x6B,
  32309. 0x8F, 0xF7, 0x98, 0xAB, 0x18, 0xCF, 0x96, 0x34,
  32310. 0x54, 0x35, 0x46, 0x28, 0x4E, 0xDA, 0x2A, 0x26,
  32311. 0xB4, 0x7F, 0x05, 0xB7, 0x35, 0xBC, 0xDB, 0x12,
  32312. 0x02, 0x22, 0x00, 0x76, 0xDC, 0x8B, 0x4E, 0x4B,
  32313. 0x9F, 0x85, 0x35, 0x33, 0xC8, 0xF6, 0xC7, 0xFF,
  32314. 0x38, 0x81, 0x7B, 0xA4, 0x97, 0x12, 0x83, 0x57,
  32315. 0x85, 0xF1, 0x7F, 0x14, 0xCA, 0x01, 0xD0, 0xC1,
  32316. 0xC1, 0xE9, 0x88, 0x10, 0xFE, 0x0B, 0x36, 0xE5,
  32317. 0xB4, 0x27, 0x15, 0x7B, 0x94, 0x18, 0x44, 0x9C,
  32318. 0xED, 0xD6, 0x41, 0xA4, 0x29, 0x3C, 0x85, 0xC3,
  32319. 0x27, 0x00, 0x10, 0x2A, 0xCE, 0xC2, 0x2E, 0xBA,
  32320. 0xD9, 0x8E, 0xD1, 0x60, 0xA5, 0xF0, 0x27, 0xBD,
  32321. 0x4C, 0xDA, 0x57, 0xF1, 0xF3, 0x72, 0x0A, 0x12,
  32322. 0xC1, 0x34, 0x65, 0x4D, 0xD5, 0xE7, 0x3F, 0x82,
  32323. 0x96, 0x76, 0x49, 0x53, 0x90, 0xD0, 0xE7, 0x92,
  32324. 0x9D, 0x60, 0x34, 0xE9, 0xC5, 0x5F, 0x7D, 0x55,
  32325. 0xBA, 0x65, 0x8B, 0xC5, 0x87, 0x98, 0x8E, 0x8A,
  32326. 0xF9, 0x49, 0x60, 0xF6, 0xCF, 0xB8, 0xD5, 0xAF,
  32327. 0x7A, 0x00, 0x21, 0x53, 0x5A, 0x6E, 0x25, 0xE4,
  32328. 0x37, 0xD4, 0x9A, 0x78, 0x06, 0x98, 0xBE, 0x22,
  32329. 0xAC, 0x99, 0x53, 0x94, 0x9F, 0x57, 0x1B, 0x85,
  32330. 0xA6, 0x85, 0x72, 0x5F, 0x82, 0x07, 0xA2, 0xB0,
  32331. 0xAE, 0x84, 0x9B, 0x60, 0x1A, 0xB9, 0x1B, 0x15,
  32332. 0x9B, 0x3D, 0xF4, 0xA1, 0x54, 0xC2, 0x04, 0x1E,
  32333. 0x77, 0x60, 0x70, 0xAF, 0xC4, 0x29, 0x69, 0x32,
  32334. 0x23, 0x80, 0x91, 0x7C, 0x97, 0x51, 0x07, 0x99,
  32335. 0xF3, 0x14, 0x91, 0x31, 0x47, 0x7E, 0x16, 0x66,
  32336. 0x3D, 0x31, 0x74, 0xC7, 0xC1, 0xCA, 0xEA, 0x78,
  32337. 0x85, 0x35, 0xC6, 0xC0, 0x05, 0xA6, 0x4F, 0x28,
  32338. 0x68, 0x63, 0x1B, 0x31, 0xB6, 0x6E, 0x20, 0x5F,
  32339. 0xD3, 0x8C, 0x1D, 0x84, 0x54, 0x2D, 0x0F, 0x1B,
  32340. 0x57, 0x8F, 0x58, 0xC9, 0xBF, 0x5A, 0x0F, 0xAE,
  32341. 0xAB, 0x6A, 0xB6, 0x49, 0x48, 0x93, 0x05, 0x31,
  32342. 0x65, 0xEA, 0xFD, 0x46, 0x5F, 0xC6, 0x4A, 0x0C,
  32343. 0x5F, 0x8F, 0x3F, 0x90, 0x03, 0x48, 0x94, 0x15,
  32344. 0x89, 0x9D, 0x59, 0xA5, 0x43, 0xD8, 0x20, 0x8C,
  32345. 0x54, 0xA3, 0x16, 0x65, 0x29, 0xB5, 0x39, 0x22,
  32346. 0x8A, 0x39, 0xE8, 0x7D, 0x53, 0x1F, 0x35, 0x27,
  32347. 0xC2, 0x07, 0xED, 0xCC, 0x1D, 0xB7, 0xFA, 0xDD,
  32348. 0xCF, 0x96, 0x28, 0x39, 0x18, 0x79, 0xB3, 0x35,
  32349. 0xC7, 0x07, 0x83, 0x9A, 0x0D, 0xB0, 0x51, 0xA8,
  32350. 0x86, 0x26, 0xED, 0x79, 0xD4, 0x51, 0x14, 0x08,
  32351. 0x00, 0xE0, 0x3B, 0x59, 0xB9, 0x56, 0xF8, 0x21,
  32352. 0x0E, 0x55, 0x60, 0x67, 0x40, 0x7D, 0x13, 0xDC,
  32353. 0x90, 0xFA, 0x9E, 0x8B, 0x87, 0x2B, 0xFB, 0x8F
  32354. };
  32355. const byte kyber1024_ct[] = {
  32356. 0xA6, 0xAF, 0x29, 0xD5, 0xF5, 0xB8, 0x0B, 0xD1,
  32357. 0x30, 0xF5, 0x18, 0xBA, 0xDD, 0xD6, 0xC8, 0xF1,
  32358. 0x75, 0x45, 0x41, 0x3D, 0x86, 0x0F, 0xB3, 0xDE,
  32359. 0x45, 0x19, 0x79, 0xEB, 0xFA, 0x5E, 0x4E, 0x31,
  32360. 0x12, 0xC7, 0xC0, 0xAD, 0xF9, 0x98, 0x24, 0xBB,
  32361. 0x52, 0x6F, 0x2C, 0x35, 0x50, 0x74, 0x8E, 0xD0,
  32362. 0xE1, 0x34, 0xF0, 0x45, 0x7A, 0x7C, 0x61, 0xF9,
  32363. 0xF5, 0x26, 0xF0, 0x02, 0xBA, 0xAD, 0xC0, 0x3F,
  32364. 0xC1, 0x3E, 0x38, 0x13, 0x12, 0x19, 0x51, 0x3C,
  32365. 0x3E, 0xDE, 0x06, 0x16, 0x61, 0xE7, 0x4F, 0x60,
  32366. 0x3C, 0x4F, 0xCF, 0x79, 0x51, 0xC8, 0xE5, 0x2C,
  32367. 0x9C, 0x21, 0x3B, 0x0D, 0x22, 0xD9, 0x29, 0x36,
  32368. 0x63, 0xD6, 0x69, 0xA6, 0xB5, 0x8E, 0xD8, 0xFC,
  32369. 0xEF, 0xCF, 0x82, 0x49, 0xD7, 0xBB, 0x52, 0x98,
  32370. 0xF5, 0x57, 0x61, 0x44, 0x5B, 0x2B, 0x83, 0xCE,
  32371. 0x7F, 0x00, 0x5C, 0xB0, 0x42, 0x48, 0xAE, 0xC8,
  32372. 0xBD, 0xA2, 0x2F, 0xD2, 0xD4, 0x2A, 0xA7, 0x66,
  32373. 0x32, 0x20, 0x14, 0xEA, 0x03, 0x8C, 0xC3, 0x2C,
  32374. 0x55, 0xC8, 0xE4, 0xB9, 0xE2, 0x8E, 0xC9, 0x11,
  32375. 0x9F, 0x52, 0x73, 0x41, 0xE4, 0xF6, 0x6A, 0x03,
  32376. 0x51, 0x21, 0x07, 0x3B, 0x85, 0xDE, 0x67, 0x06,
  32377. 0xDA, 0x19, 0xE0, 0x83, 0x8A, 0x9F, 0x33, 0xB7,
  32378. 0x19, 0xA6, 0x8F, 0x03, 0x9B, 0x66, 0x4D, 0xC0,
  32379. 0x02, 0x65, 0x9E, 0xAB, 0xFC, 0x39, 0x86, 0x79,
  32380. 0xAA, 0x70, 0x09, 0xCE, 0x0C, 0xD0, 0x1C, 0xDA,
  32381. 0xFB, 0x6C, 0xD2, 0xA2, 0x6F, 0xE4, 0x10, 0x16,
  32382. 0x72, 0xC9, 0x8F, 0xF5, 0x8F, 0x7C, 0x47, 0xD5,
  32383. 0xBD, 0xA2, 0x90, 0x66, 0x53, 0xB3, 0xA6, 0xF9,
  32384. 0x65, 0x1F, 0x7A, 0x12, 0x1E, 0xA7, 0x7E, 0xA7,
  32385. 0x47, 0x23, 0xFA, 0xE5, 0xB8, 0x73, 0xF9, 0xBB,
  32386. 0x7B, 0x66, 0x4F, 0x0C, 0x8A, 0x93, 0x83, 0x1E,
  32387. 0xF9, 0xD5, 0x1C, 0x7C, 0xC1, 0xEF, 0x44, 0xAC,
  32388. 0x0E, 0x55, 0xA5, 0x5C, 0xA7, 0x6D, 0x13, 0x7F,
  32389. 0xE9, 0xB7, 0x5F, 0x40, 0x50, 0x9C, 0xEF, 0x15,
  32390. 0x6E, 0x5A, 0xD1, 0x8F, 0x9F, 0xB9, 0x99, 0x68,
  32391. 0x00, 0x08, 0xE5, 0x47, 0xD5, 0x5E, 0xEC, 0xD5,
  32392. 0xB4, 0xD1, 0xCB, 0x1D, 0x9F, 0x07, 0x6C, 0xEC,
  32393. 0x21, 0x50, 0x1C, 0x74, 0x02, 0x50, 0x9E, 0xCB,
  32394. 0x77, 0xAF, 0xB2, 0xCB, 0x9A, 0x61, 0x34, 0x0A,
  32395. 0x8B, 0xD1, 0x51, 0x4C, 0x6E, 0x71, 0xB4, 0xAA,
  32396. 0x45, 0xE4, 0x7E, 0xC3, 0x75, 0x12, 0x27, 0x1B,
  32397. 0x91, 0x1F, 0x8F, 0xB4, 0x6C, 0x90, 0x82, 0xC9,
  32398. 0xDF, 0x07, 0x20, 0x4A, 0xBB, 0x5A, 0x50, 0xE6,
  32399. 0xE3, 0x64, 0x7A, 0x8A, 0xD4, 0xD8, 0xD5, 0xD7,
  32400. 0xBF, 0xF1, 0x9C, 0x8A, 0x50, 0x93, 0x08, 0xBC,
  32401. 0xFB, 0x89, 0x55, 0x36, 0xD0, 0x45, 0xCA, 0x2B,
  32402. 0x97, 0xCB, 0x16, 0xA2, 0x9B, 0xB7, 0x18, 0x1C,
  32403. 0xAD, 0x05, 0x09, 0xDD, 0xB9, 0x17, 0x35, 0x02,
  32404. 0x8E, 0xBA, 0x8C, 0x31, 0xD7, 0x4B, 0xD2, 0x75,
  32405. 0xEA, 0xA6, 0x5B, 0x53, 0x40, 0xB3, 0xA4, 0x3F,
  32406. 0xBF, 0xE0, 0xB3, 0x06, 0x1D, 0x6B, 0xAE, 0x7E,
  32407. 0x75, 0xB7, 0x09, 0x8C, 0xDA, 0xBE, 0x91, 0xD4,
  32408. 0xB3, 0x1E, 0x36, 0xC9, 0xAA, 0x7A, 0x82, 0x98,
  32409. 0x86, 0x2A, 0xD6, 0x3C, 0x8F, 0xD2, 0x82, 0xE0,
  32410. 0x3B, 0x46, 0x0B, 0x3A, 0xB4, 0x64, 0xCE, 0x0F,
  32411. 0x27, 0xB1, 0xC3, 0xD1, 0x11, 0x55, 0xAC, 0xAA,
  32412. 0x01, 0x1E, 0xB9, 0xE2, 0xAE, 0x3E, 0x6D, 0xDA,
  32413. 0x07, 0xD6, 0xF4, 0x91, 0x73, 0x7C, 0xBC, 0xE9,
  32414. 0xB0, 0x5F, 0x9B, 0xC5, 0x6B, 0xE2, 0x0E, 0x8D,
  32415. 0x32, 0x6B, 0xA1, 0x32, 0xC5, 0x7F, 0xB2, 0x35,
  32416. 0x16, 0x11, 0x44, 0x51, 0x9C, 0xDF, 0x40, 0x56,
  32417. 0x0F, 0xBE, 0x27, 0x9B, 0xDE, 0x41, 0x1E, 0x11,
  32418. 0x25, 0x31, 0xF8, 0x26, 0xD6, 0xAB, 0x10, 0xD4,
  32419. 0x54, 0x73, 0x50, 0xAD, 0xD2, 0xA9, 0xDE, 0x8D,
  32420. 0x62, 0xC2, 0xAC, 0x82, 0xCA, 0xBE, 0x68, 0x15,
  32421. 0x64, 0x6F, 0x4D, 0xC9, 0x74, 0x2B, 0xB0, 0xC2,
  32422. 0xA3, 0xF7, 0x7E, 0xC7, 0xB4, 0x6C, 0x6B, 0x53,
  32423. 0x76, 0x05, 0xFA, 0x31, 0x79, 0x8C, 0xD8, 0x92,
  32424. 0x81, 0x22, 0x1A, 0x33, 0xDF, 0xB9, 0x79, 0x6E,
  32425. 0x64, 0x43, 0x05, 0x63, 0x03, 0x32, 0xC2, 0xCB,
  32426. 0x93, 0x14, 0x08, 0xAB, 0x48, 0x1A, 0x16, 0xD9,
  32427. 0x53, 0xF6, 0xBE, 0xAE, 0x38, 0x91, 0xD6, 0xD9,
  32428. 0xAC, 0x1F, 0xAB, 0x38, 0x22, 0x2D, 0x92, 0x71,
  32429. 0x87, 0x2D, 0x9D, 0x0C, 0xAD, 0xB9, 0x1A, 0xBE,
  32430. 0x9B, 0x4E, 0x26, 0x5F, 0x75, 0xC6, 0xE5, 0xE8,
  32431. 0x29, 0xE1, 0x46, 0xC3, 0xD8, 0xCE, 0x1E, 0x9D,
  32432. 0x12, 0xE0, 0xD1, 0x29, 0x80, 0x19, 0x57, 0xF4,
  32433. 0x6B, 0x0D, 0x2D, 0xBE, 0x1F, 0x74, 0x9B, 0x1D,
  32434. 0x08, 0xE2, 0x34, 0x5F, 0x62, 0x39, 0xA7, 0x31,
  32435. 0x34, 0x2E, 0xB7, 0x5B, 0x0C, 0xF1, 0xBF, 0x41,
  32436. 0x17, 0x49, 0xBC, 0x2C, 0xAF, 0x28, 0x10, 0xB7,
  32437. 0x88, 0xC6, 0xB7, 0x23, 0x8B, 0x4D, 0x3D, 0xA2,
  32438. 0xD6, 0x31, 0x5C, 0xE9, 0x54, 0x2E, 0x24, 0x40,
  32439. 0x4F, 0x14, 0x57, 0x55, 0xA3, 0x0A, 0xB8, 0x51,
  32440. 0xE4, 0x44, 0x58, 0x41, 0xBD, 0x33, 0xF7, 0x16,
  32441. 0xA5, 0x86, 0x88, 0x48, 0x88, 0xEC, 0xC6, 0xBC,
  32442. 0x64, 0x98, 0xAA, 0x32, 0x91, 0x9A, 0xE8, 0x1D,
  32443. 0x20, 0xC2, 0x69, 0x73, 0xC2, 0xBD, 0x54, 0x58,
  32444. 0x2A, 0x0F, 0x6A, 0xD9, 0x8A, 0xBF, 0xD2, 0x62,
  32445. 0x7E, 0x15, 0x69, 0x0A, 0x72, 0x7E, 0x69, 0xF5,
  32446. 0x81, 0xDD, 0x2A, 0x71, 0x27, 0x98, 0x2A, 0x90,
  32447. 0xE3, 0x3E, 0x2D, 0x4A, 0x03, 0xFE, 0x33, 0x91,
  32448. 0x42, 0xC7, 0xE4, 0x4C, 0x32, 0x6A, 0xC4, 0x6E,
  32449. 0xD3, 0x95, 0xA2, 0x25, 0xD3, 0x03, 0x33, 0x89,
  32450. 0x91, 0x73, 0x28, 0xB4, 0x53, 0x16, 0xB1, 0x58,
  32451. 0x5A, 0x01, 0xB2, 0xC3, 0x04, 0xB2, 0x94, 0x4E,
  32452. 0x90, 0x3A, 0xBB, 0xB3, 0xEC, 0x56, 0x19, 0x44,
  32453. 0x1C, 0xFC, 0x89, 0x65, 0xA4, 0x46, 0xDF, 0x75,
  32454. 0xDE, 0xFA, 0x80, 0xC6, 0xE1, 0x5A, 0xDB, 0xD5,
  32455. 0x06, 0xB7, 0xAB, 0x2D, 0xE1, 0x2D, 0xDA, 0x9B,
  32456. 0xC8, 0x14, 0x41, 0xCF, 0xC8, 0x90, 0x52, 0xE2,
  32457. 0xE5, 0x80, 0x8F, 0x71, 0x26, 0xC6, 0xFD, 0x3A,
  32458. 0xC6, 0xAC, 0x80, 0x81, 0x25, 0x8A, 0x84, 0xA0,
  32459. 0x9A, 0xE5, 0x0F, 0x6C, 0xD7, 0xCC, 0x0F, 0x4A,
  32460. 0xF3, 0x36, 0xFD, 0x1D, 0x64, 0x3E, 0x99, 0x07,
  32461. 0x99, 0x96, 0x26, 0x8C, 0x2D, 0x32, 0xD9, 0x09,
  32462. 0xF2, 0x2E, 0x35, 0x04, 0xF0, 0x7F, 0xBB, 0x56,
  32463. 0x31, 0x96, 0xD4, 0x31, 0x2F, 0xDD, 0xB9, 0x33,
  32464. 0x5D, 0x5C, 0x1D, 0x36, 0xE8, 0xC5, 0xEE, 0xA2,
  32465. 0x27, 0x8D, 0xBA, 0x23, 0xB9, 0x4D, 0x19, 0x3C,
  32466. 0x94, 0x7C, 0xC4, 0x1C, 0xA9, 0x93, 0xDC, 0x7D,
  32467. 0xB1, 0x39, 0x63, 0x40, 0xAD, 0x9C, 0x4F, 0xE6,
  32468. 0x87, 0xDD, 0x7B, 0x8D, 0x0C, 0x7A, 0x51, 0x20,
  32469. 0xAE, 0x02, 0x04, 0xF2, 0xC6, 0x65, 0xBD, 0x5F,
  32470. 0x47, 0x3D, 0x64, 0x4C, 0x7F, 0xF2, 0x6B, 0xFF,
  32471. 0xBA, 0x7A, 0x36, 0x98, 0x08, 0x30, 0x70, 0x21,
  32472. 0x28, 0xA7, 0xE6, 0x61, 0xD6, 0x77, 0xA0, 0x92,
  32473. 0xA3, 0x6E, 0x74, 0x28, 0xA4, 0x13, 0x9F, 0xB2,
  32474. 0x9B, 0x00, 0x95, 0xCC, 0x11, 0x08, 0x6F, 0x44,
  32475. 0x7D, 0x2A, 0x9E, 0xF6, 0xC9, 0xB1, 0x61, 0xF1,
  32476. 0x89, 0xC6, 0x29, 0x9E, 0x08, 0x4C, 0xB7, 0xAA,
  32477. 0x00, 0xFA, 0xF7, 0x87, 0x79, 0x7B, 0xFB, 0x06,
  32478. 0x9F, 0xBC, 0x08, 0x7F, 0xDE, 0x26, 0x25, 0x2A,
  32479. 0x16, 0x64, 0xF1, 0x9C, 0x5A, 0x8A, 0x22, 0xEC,
  32480. 0x5E, 0xE1, 0xAE, 0xB0, 0x76, 0x35, 0x7B, 0x7D,
  32481. 0xC3, 0x7E, 0x6B, 0x0F, 0x15, 0x20, 0xF9, 0x58,
  32482. 0xF7, 0x85, 0x1B, 0xAC, 0xB9, 0x2C, 0x89, 0xFD,
  32483. 0x11, 0x4A, 0x72, 0xFE, 0xAC, 0x54, 0x65, 0x2D,
  32484. 0x45, 0xB0, 0x9E, 0x1A, 0xE7, 0x65, 0x1A, 0xBD,
  32485. 0x16, 0x4B, 0xCD, 0x53, 0x7D, 0x58, 0xFA, 0x39,
  32486. 0xD3, 0xEC, 0x8A, 0xCD, 0xCD, 0xF9, 0x84, 0x25,
  32487. 0x00, 0x58, 0x62, 0xFA, 0x59, 0x69, 0x2D, 0xE1,
  32488. 0x62, 0xB7, 0x7E, 0x62, 0x97, 0xC6, 0x62, 0x33,
  32489. 0x34, 0x84, 0x08, 0xA8, 0xAB, 0x69, 0x5C, 0xE2,
  32490. 0xF2, 0x72, 0x8D, 0xB9, 0xFB, 0xE2, 0x7E, 0x95,
  32491. 0x89, 0x67, 0xEC, 0x59, 0x74, 0x76, 0x7C, 0x5A,
  32492. 0x66, 0x02, 0x30, 0x74, 0xB4, 0xA7, 0x1A, 0xFD,
  32493. 0x26, 0x4A, 0xD2, 0x89, 0x0E, 0x97, 0x0A, 0x1F,
  32494. 0x31, 0xD6, 0xE3, 0x31, 0x1B, 0x73, 0x6F, 0x9F,
  32495. 0x94, 0x88, 0x79, 0x3D, 0xDC, 0x88, 0xF2, 0x34,
  32496. 0x58, 0x06, 0x42, 0x54, 0xC8, 0x2A, 0x1D, 0x9E,
  32497. 0x59, 0xEA, 0xD2, 0xFC, 0xEC, 0x40, 0xB4, 0x30,
  32498. 0x68, 0x7C, 0x4B, 0x7E, 0x28, 0x96, 0x09, 0x26,
  32499. 0xAF, 0xCA, 0xCC, 0x9B, 0xD7, 0x56, 0xA7, 0x10,
  32500. 0x88, 0xC7, 0x84, 0x50, 0xE2, 0x0A, 0x2E, 0x98,
  32501. 0x0A, 0xED, 0xE9, 0xEB, 0xED, 0xFE, 0x7F, 0xAB,
  32502. 0xD6, 0xAB, 0xFE, 0x96, 0xF9, 0x34, 0xC4, 0xB0,
  32503. 0x2C, 0x01, 0xCA, 0x19, 0x4D, 0x01, 0xB7, 0x3C,
  32504. 0x25, 0xD5, 0x99, 0x70, 0x39, 0xD3, 0xFC, 0xD0,
  32505. 0xF0, 0x99, 0x52, 0x1F, 0x70, 0xCA, 0xEE, 0x69,
  32506. 0x11, 0x0A, 0xC1, 0xFC, 0x5A, 0x99, 0x91, 0x7A,
  32507. 0xD7, 0x52, 0xFC, 0x96, 0xAD, 0xFA, 0xD7, 0x18,
  32508. 0x6D, 0x0A, 0x7C, 0x9C, 0xFE, 0x56, 0x01, 0xC0,
  32509. 0x75, 0x14, 0xEA, 0x64, 0x48, 0xD6, 0x61, 0xC5,
  32510. 0x7A, 0xA2, 0x02, 0x42, 0x10, 0x3C, 0x42, 0x76,
  32511. 0xA0, 0x70, 0xA4, 0x89, 0xA4, 0xCB, 0x6B, 0xCA,
  32512. 0x0F, 0x9E, 0xCC, 0x43, 0x79, 0xFB, 0x22, 0x02,
  32513. 0x15, 0xFD, 0x91, 0xF8, 0x10, 0x19, 0xD5, 0xB0,
  32514. 0xAE, 0x61, 0x93, 0x58, 0xB5, 0x24, 0x68, 0xF2,
  32515. 0x72, 0xC1, 0x78, 0xE3, 0xA7, 0x4C, 0xF6, 0x77,
  32516. 0x5A, 0xA9, 0x24, 0xFE, 0x32, 0x9C, 0x31, 0x75,
  32517. 0xD9, 0xE4, 0xC3, 0xE2, 0x1A, 0xB9, 0xEC, 0x83,
  32518. 0x6E, 0xDC, 0x3A, 0xCA, 0xB2, 0xE3, 0x89, 0x1E,
  32519. 0xE8, 0xDE, 0xDA, 0x51, 0x5D, 0x39, 0xAF, 0x9B,
  32520. 0x8D, 0xDD, 0x0E, 0xE7, 0xB0, 0x16, 0x4F, 0x80,
  32521. 0x5C, 0x38, 0x35, 0xF6, 0xD2, 0xBA, 0xBD, 0xB3,
  32522. 0x0E, 0xAB, 0x47, 0x56, 0xE7, 0xEC, 0x7F, 0x82,
  32523. 0x9E, 0xCE, 0x01, 0xE8, 0xEA, 0xDF, 0xBB, 0xED,
  32524. 0x12, 0xFC, 0x28, 0x3B, 0x3D, 0x4C, 0x69, 0xF5,
  32525. 0x75, 0xE7, 0xF8, 0x04, 0x17, 0x68, 0x9F, 0xDF,
  32526. 0xCF, 0xC7, 0xBE, 0x27, 0xEE, 0x3B, 0x8C, 0xDF,
  32527. 0x57, 0xAA, 0xEB, 0xEC, 0x4A, 0x95, 0xB7, 0xE5,
  32528. 0xBB, 0x58, 0x5B, 0x85, 0x22, 0x7F, 0x7C, 0x32,
  32529. 0xBE, 0x30, 0xDB, 0x3E, 0x65, 0xE4, 0x2E, 0x30,
  32530. 0xDC, 0xF5, 0xA5, 0xFA, 0x07, 0x3D, 0xBA, 0x39,
  32531. 0x9D, 0x94, 0x2F, 0x22, 0x22, 0xAD, 0xB9, 0xB9,
  32532. 0x89, 0x81, 0x02, 0xAF, 0xE5, 0x43, 0x2E, 0xDC,
  32533. 0x7F, 0x04, 0xAE, 0x34, 0xA8, 0xFE, 0xC2, 0xD8,
  32534. 0x1C, 0xB4, 0x9A, 0x9A, 0x9B, 0x43, 0x81, 0x4C,
  32535. 0xE7, 0x1D, 0x97, 0xF7, 0x26, 0xE2, 0xB1, 0xE8,
  32536. 0xF6, 0x4B, 0x50, 0xE6, 0x5D, 0xFB, 0x48, 0x16,
  32537. 0xE1, 0x2E, 0x82, 0xA3, 0x19, 0x74, 0x84, 0xA4,
  32538. 0xE9, 0xBB, 0xA4, 0xD2, 0xD6, 0x9E, 0x3F, 0x19,
  32539. 0xD0, 0xB7, 0x5C, 0x21, 0xE2, 0xBF, 0xFE, 0x9F,
  32540. 0xC0, 0xC9, 0x8C, 0xF4, 0x8A, 0x3A, 0xAF, 0x08,
  32541. 0xD4, 0x67, 0xF7, 0x26, 0x87, 0xDF, 0x01, 0x78,
  32542. 0x17, 0x4B, 0x78, 0x97, 0xF7, 0x34, 0x34, 0x9B,
  32543. 0x18, 0x1E, 0xCA, 0x86, 0xA5, 0x98, 0xA0, 0xC5,
  32544. 0xE8, 0xC2, 0x59, 0x46, 0xF2, 0x4D, 0xC5, 0x57,
  32545. 0x2B, 0xD3, 0x24, 0xA4, 0x04, 0x58, 0xA7, 0x88,
  32546. 0xE5, 0x13, 0x7F, 0x3C, 0x7A, 0x7C, 0x97, 0xFC,
  32547. 0x9F, 0x12, 0xA3, 0xC4, 0x63, 0xA8, 0xFE, 0x94,
  32548. 0x49, 0x10, 0x1C, 0xCE, 0x96, 0x6D, 0x7C, 0x00,
  32549. 0x93, 0x23, 0x93, 0x29, 0x98, 0xD5, 0x6E, 0xF4,
  32550. 0x30, 0xC7, 0x3B, 0xC2, 0x4F, 0x5D, 0x95, 0xF7,
  32551. 0x37, 0x85, 0x8D, 0xDC, 0x4F, 0x32, 0xC0, 0x13
  32552. };
  32553. const byte kyber1024_ss[] = {
  32554. 0xB1, 0x0F, 0x73, 0x94, 0x92, 0x6A, 0xD3, 0xB4,
  32555. 0x9C, 0x5D, 0x62, 0xD5, 0xAE, 0xB5, 0x31, 0xD5,
  32556. 0x75, 0x75, 0x38, 0xBC, 0xC0, 0xDA, 0x9E, 0x55,
  32557. 0x0D, 0x43, 0x8F, 0x1B, 0x61, 0xBD, 0x74, 0x19
  32558. };
  32559. ret = wc_KyberKey_Init(KYBER1024, &key, HEAP_HINT, INVALID_DEVID);
  32560. if (ret != 0)
  32561. return WC_TEST_RET_ENC_EC(ret);
  32562. ret = wc_KyberKey_MakeKeyWithRandom(&key, kyber1024_rand,
  32563. sizeof(kyber1024_rand));
  32564. if (ret != 0)
  32565. return WC_TEST_RET_ENC_EC(ret);
  32566. ret = wc_KyberKey_EncodePublicKey(&key, pub, sizeof(pub));
  32567. if (ret != 0)
  32568. return WC_TEST_RET_ENC_EC(ret);
  32569. ret = wc_KyberKey_EncodePrivateKey(&key, priv, sizeof(priv));
  32570. if (ret != 0)
  32571. return WC_TEST_RET_ENC_EC(ret);
  32572. if (XMEMCMP(pub, kyber1024_pk, sizeof(kyber1024_pk)) != 0)
  32573. return WC_TEST_RET_ENC_NC;
  32574. if (XMEMCMP(priv, kyber1024_sk, sizeof(kyber1024_sk)) != 0)
  32575. return WC_TEST_RET_ENC_NC;
  32576. ret = wc_KyberKey_EncapsulateWithRandom(&key, ct, ss, kyber1024enc_rand,
  32577. sizeof(kyber1024enc_rand));
  32578. if (ret != 0)
  32579. return WC_TEST_RET_ENC_EC(ret);
  32580. if (XMEMCMP(ct, kyber1024_ct, sizeof(kyber1024_ct)) != 0)
  32581. return WC_TEST_RET_ENC_NC;
  32582. if (XMEMCMP(ss, kyber1024_ss, sizeof(kyber1024_ss)) != 0)
  32583. return WC_TEST_RET_ENC_NC;
  32584. ret = wc_KyberKey_Decapsulate(&key, ss_dec, ct, sizeof(kyber1024_ct));
  32585. if (ret != 0)
  32586. return WC_TEST_RET_ENC_EC(ret);
  32587. if (XMEMCMP(ss_dec, kyber1024_ss, sizeof(kyber1024_ss)) != 0)
  32588. return WC_TEST_RET_ENC_NC;
  32589. wc_KyberKey_Free(&key);
  32590. return 0;
  32591. }
  32592. #endif /* WOLFSSL_KYBER1024 */
  32593. #endif /* WOLFSSL_WC_KYBER */
  32594. WOLFSSL_TEST_SUBROUTINE wc_test_ret_t kyber_test(void)
  32595. {
  32596. wc_test_ret_t ret;
  32597. KyberKey key;
  32598. WC_RNG rng;
  32599. int i;
  32600. byte priv[KYBER_MAX_PRIVATE_KEY_SIZE];
  32601. byte pub[KYBER_MAX_PUBLIC_KEY_SIZE];
  32602. byte priv2[KYBER_MAX_PRIVATE_KEY_SIZE];
  32603. byte pub2[KYBER_MAX_PUBLIC_KEY_SIZE];
  32604. byte ct[KYBER_MAX_CIPHER_TEXT_SIZE];
  32605. byte ss[KYBER_SS_SZ];
  32606. byte ss_dec[KYBER_SS_SZ];
  32607. int testData[][4] = {
  32608. #ifdef WOLFSSL_KYBER512
  32609. { KYBER512, KYBER512_PRIVATE_KEY_SIZE, KYBER512_PUBLIC_KEY_SIZE,
  32610. KYBER512_CIPHER_TEXT_SIZE },
  32611. #endif
  32612. #ifdef WOLFSSL_KYBER768
  32613. { KYBER768, KYBER768_PRIVATE_KEY_SIZE, KYBER768_PUBLIC_KEY_SIZE,
  32614. KYBER768_CIPHER_TEXT_SIZE },
  32615. #endif
  32616. #ifdef WOLFSSL_KYBER1024
  32617. { KYBER1024, KYBER1024_PRIVATE_KEY_SIZE, KYBER1024_PUBLIC_KEY_SIZE,
  32618. KYBER1024_CIPHER_TEXT_SIZE },
  32619. #endif
  32620. };
  32621. #ifndef HAVE_FIPS
  32622. ret = wc_InitRng_ex(&rng, HEAP_HINT, INVALID_DEVID);
  32623. #else
  32624. ret = wc_InitRng(&rng);
  32625. #endif
  32626. if (ret != 0)
  32627. return WC_TEST_RET_ENC_EC(ret);
  32628. for (i = 0; i < (int)(sizeof(testData) / sizeof(*testData)); i++) {
  32629. ret = wc_KyberKey_Init(testData[i][0], &key, HEAP_HINT, INVALID_DEVID);
  32630. if (ret != 0)
  32631. return WC_TEST_RET_ENC_I(i);
  32632. ret = wc_KyberKey_MakeKey(&key, &rng);
  32633. if (ret != 0)
  32634. return WC_TEST_RET_ENC_I(i);
  32635. ret = wc_KyberKey_EncodePublicKey(&key, pub, testData[i][2]);
  32636. if (ret != 0)
  32637. return WC_TEST_RET_ENC_I(i);
  32638. ret = wc_KyberKey_EncodePrivateKey(&key, priv, testData[i][1]);
  32639. if (ret != 0)
  32640. return WC_TEST_RET_ENC_I(i);
  32641. ret = wc_KyberKey_Init(testData[i][0], &key, HEAP_HINT, INVALID_DEVID);
  32642. if (ret != 0)
  32643. return WC_TEST_RET_ENC_I(i);
  32644. ret = wc_KyberKey_DecodePublicKey(&key, pub, testData[i][2]);
  32645. if (ret != 0)
  32646. return WC_TEST_RET_ENC_I(i);
  32647. ret = wc_KyberKey_Encapsulate(&key, ct, ss, &rng);
  32648. if (ret != 0)
  32649. return WC_TEST_RET_ENC_I(i);
  32650. ret = wc_KyberKey_EncodePublicKey(&key, pub2, testData[i][2]);
  32651. if (ret != 0)
  32652. return WC_TEST_RET_ENC_I(i);
  32653. if (XMEMCMP(pub, pub2, testData[i][2]) != 0)
  32654. return WC_TEST_RET_ENC_I(i);
  32655. ret = wc_KyberKey_Init(testData[i][0], &key, HEAP_HINT, INVALID_DEVID);
  32656. if (ret != 0)
  32657. return WC_TEST_RET_ENC_I(i);
  32658. ret = wc_KyberKey_DecodePrivateKey(&key, priv, testData[i][1]);
  32659. if (ret != 0)
  32660. return WC_TEST_RET_ENC_I(i);
  32661. ret = wc_KyberKey_Decapsulate(&key, ss_dec, ct, testData[i][3]);
  32662. if (ret != 0)
  32663. return WC_TEST_RET_ENC_I(i);
  32664. if (XMEMCMP(ss, ss_dec, sizeof(ss)) != 0)
  32665. return WC_TEST_RET_ENC_I(i);
  32666. ret = wc_KyberKey_EncodePrivateKey(&key, priv2, testData[i][1]);
  32667. if (ret != 0)
  32668. return WC_TEST_RET_ENC_I(i);
  32669. if (XMEMCMP(priv, priv2, testData[i][2]) != 0)
  32670. return WC_TEST_RET_ENC_I(i);
  32671. wc_KyberKey_Free(&key);
  32672. }
  32673. wc_FreeRng(&rng);
  32674. #ifdef WOLFSSL_WC_KYBER
  32675. #ifdef WOLFSSL_KYBER512
  32676. ret = kyber512_kat();
  32677. if (ret != 0)
  32678. return ret;
  32679. #endif
  32680. #ifdef WOLFSSL_KYBER768
  32681. ret = kyber768_kat();
  32682. if (ret != 0)
  32683. return ret;
  32684. #endif
  32685. #ifdef WOLFSSL_KYBER1024
  32686. ret = kyber1024_kat();
  32687. if (ret != 0)
  32688. return ret;
  32689. #endif
  32690. #endif /* WOLFSSL_WC_KYBER */
  32691. return 0;
  32692. }
  32693. #endif /* WOLFSSL_HAVE_KYBER */
  32694. #if defined(WOLFSSL_HAVE_XMSS) && !defined(WOLFSSL_XMSS_VERIFY_ONLY)
  32695. static enum wc_XmssRc xmss_write_key_mem(const byte * priv, word32 privSz,
  32696. void *context)
  32697. {
  32698. /* WARNING: THIS IS AN INSECURE WRITE CALLBACK THAT SHOULD ONLY
  32699. * BE USED FOR TESTING PURPOSES! Production applications should
  32700. * write only to non-volatile storage. */
  32701. XMEMCPY(context, priv, privSz);
  32702. return WC_XMSS_RC_SAVED_TO_NV_MEMORY;
  32703. }
  32704. static enum wc_XmssRc xmss_read_key_mem(byte * priv, word32 privSz,
  32705. void *context)
  32706. {
  32707. /* WARNING: THIS IS AN INSECURE READ CALLBACK THAT SHOULD ONLY
  32708. * BE USED FOR TESTING PURPOSES! */
  32709. XMEMCPY(priv, context, privSz);
  32710. return WC_XMSS_RC_READ_TO_MEMORY;
  32711. }
  32712. WOLFSSL_TEST_SUBROUTINE wc_test_ret_t xmss_test(void)
  32713. {
  32714. int i = 0;
  32715. int j = 0;
  32716. int ret = -1;
  32717. int ret2 = -1;
  32718. XmssKey signingKey;
  32719. XmssKey verifyKey;
  32720. WC_RNG rng;
  32721. word32 pkSz = 0;
  32722. word32 skSz = 0;
  32723. word32 sigSz = 0;
  32724. word32 bufSz = 0;
  32725. unsigned char * sk = NULL;
  32726. unsigned char * old_sk = NULL;
  32727. const char * msg = "XMSS post quantum signature test";
  32728. word32 msgSz = (word32) XSTRLEN(msg);
  32729. #if WOLFSSL_XMSS_MIN_HEIGHT <= 10
  32730. const char * param = "XMSS-SHA2_10_256";
  32731. #elif WOLFSSL_XMSS_MIN_HEIGHT <= 20
  32732. const char * param = "XMSSMT-SHA2_20/4_256";
  32733. #elif WOLFSSL_XMSS_MIN_HEIGHT <= 40
  32734. const char * param = "XMSSMT-SHA2_40/8_256";
  32735. #else
  32736. const char * param = "XMSSMT-SHA2_60/12_256";
  32737. #endif
  32738. byte * sig = NULL;
  32739. #ifndef HAVE_FIPS
  32740. ret = wc_InitRng_ex(&rng, HEAP_HINT, INVALID_DEVID);
  32741. #else
  32742. ret = wc_InitRng(&rng);
  32743. #endif
  32744. if (ret != 0) { return WC_TEST_RET_ENC_EC(ret); }
  32745. ret = wc_XmssKey_Init(&signingKey, NULL, INVALID_DEVID);
  32746. if (ret != 0) { return WC_TEST_RET_ENC_EC(ret); }
  32747. ret = wc_XmssKey_Init(&verifyKey, NULL, INVALID_DEVID);
  32748. if (ret != 0) { return WC_TEST_RET_ENC_EC(ret); }
  32749. /* Set the parameter string to the signing key, and
  32750. * get sizes for secret key, pub key, and signature. */
  32751. ret = wc_XmssKey_SetParamStr(&signingKey, param);
  32752. if (ret != 0) { return WC_TEST_RET_ENC_EC(ret); }
  32753. ret = wc_XmssKey_GetPubLen(&signingKey, &pkSz);
  32754. if (ret != 0) { return WC_TEST_RET_ENC_EC(ret); }
  32755. if (pkSz != XMSS_SHA256_PUBLEN) {
  32756. return WC_TEST_RET_ENC_EC(pkSz);
  32757. }
  32758. ret = wc_XmssKey_GetPrivLen(&signingKey, &skSz);
  32759. if (ret != 0) { return WC_TEST_RET_ENC_EC(ret); }
  32760. ret = wc_XmssKey_GetSigLen(&signingKey, &sigSz);
  32761. if (ret != 0) { return WC_TEST_RET_ENC_EC(ret); }
  32762. /* Allocate signature array. */
  32763. sig = (byte *)XMALLOC(sigSz, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  32764. if (sig == NULL) { return WC_TEST_RET_ENC_ERRNO; }
  32765. bufSz = sigSz;
  32766. #if defined(DEBUG_WOLFSSL) || defined(WOLFSSL_DEBUG_NONBLOCK)
  32767. fprintf(stderr, "param: %s\n", param);
  32768. fprintf(stderr, "pkSz: %d\n", pkSz);
  32769. fprintf(stderr, "skSz: %d\n", skSz);
  32770. fprintf(stderr, "sigSz: %d\n", sigSz);
  32771. #endif
  32772. /* Allocate current and old secret keys.*/
  32773. sk = (unsigned char *)XMALLOC(skSz, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  32774. if (sk == NULL) { return WC_TEST_RET_ENC_ERRNO; }
  32775. old_sk = (unsigned char *)XMALLOC(skSz, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  32776. if (old_sk == NULL) { return WC_TEST_RET_ENC_ERRNO; }
  32777. XMEMSET(sk, 0, skSz);
  32778. XMEMSET(old_sk, 0, skSz);
  32779. XMEMSET(sig, 0, sigSz);
  32780. ret = wc_XmssKey_SetWriteCb(&signingKey, xmss_write_key_mem);
  32781. if (ret != 0) { return WC_TEST_RET_ENC_EC(ret); }
  32782. ret = wc_XmssKey_SetReadCb(&signingKey, xmss_read_key_mem);
  32783. if (ret != 0) { return WC_TEST_RET_ENC_EC(ret); }
  32784. ret = wc_XmssKey_SetContext(&signingKey, (void *) sk);
  32785. if (ret != 0) { return WC_TEST_RET_ENC_EC(ret); }
  32786. ret = wc_XmssKey_MakeKey(&signingKey, &rng);
  32787. if (ret != 0) { return WC_TEST_RET_ENC_EC(ret); }
  32788. /* Export the pub to a verify key. */
  32789. ret = wc_XmssKey_ExportPub(&verifyKey, &signingKey);
  32790. if (ret != 0) { return WC_TEST_RET_ENC_EC(ret); }
  32791. /* Repeat a few times to check that:
  32792. * 1. The secret key is mutated on each sign.
  32793. * 2. We can verify each new signature.
  32794. * Only do a few times, because the full signature space
  32795. * for this parameter set is huge. */
  32796. for (i = 0; i < 10; ++i) {
  32797. XMEMCPY(old_sk, sk, skSz);
  32798. ret = wc_XmssKey_Sign(&signingKey, sig, &sigSz, (byte *) msg, msgSz);
  32799. if (ret != 0) { return WC_TEST_RET_ENC_I(i); }
  32800. if (sigSz != bufSz) { return WC_TEST_RET_ENC_I(i); }
  32801. /* Old secret key and current secret key should not match. */
  32802. ret = XMEMCMP(old_sk, sk, skSz);
  32803. if (ret == 0) { return WC_TEST_RET_ENC_I(i); }
  32804. ret = wc_XmssKey_Verify(&verifyKey, sig, sigSz, (byte *) msg, msgSz);
  32805. if (ret != 0) { return WC_TEST_RET_ENC_I(i); }
  32806. /* Flip bits in a few places throughout the signature, stepping in multiple
  32807. * of hash size. These should all fail with -1. */
  32808. for (j = 0; j < (int) sigSz; j+= 4 * 32) {
  32809. sig[j] ^= 1;
  32810. ret2 = wc_XmssKey_Verify(&verifyKey, sig, sigSz, (byte *) msg,
  32811. msgSz);
  32812. if ((ret2 != -1) && (ret2 != SIG_VERIFY_E)) {
  32813. /* Verify passed when it should have failed. */
  32814. return WC_TEST_RET_ENC_I(j);
  32815. }
  32816. /* Flip this spot back. */
  32817. sig[j] ^= 1;
  32818. }
  32819. }
  32820. /* Cleanup everything. */
  32821. if (sig != NULL) {
  32822. XFREE(sig, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  32823. sig = NULL;
  32824. }
  32825. if (sk != NULL) {
  32826. XFREE(sk, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  32827. sk = NULL;
  32828. }
  32829. if (old_sk != NULL) {
  32830. XFREE(old_sk, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  32831. old_sk = NULL;
  32832. }
  32833. wc_XmssKey_Free(&signingKey);
  32834. wc_FreeRng(&rng);
  32835. return ret;
  32836. }
  32837. #endif /*if defined(WOLFSSL_HAVE_XMSS) && !defined(WOLFSSL_XMSS_VERIFY_ONLY)*/
  32838. #if defined(WOLFSSL_HAVE_XMSS) && !defined(WOLFSSL_SMALL_STACK) && \
  32839. WOLFSSL_XMSS_MIN_HEIGHT <= 10
  32840. /* A simple xmss verify only test using:
  32841. * XMSS-SHA2_10_256
  32842. * pub len: 68
  32843. * msg len: 32
  32844. * sig len: 2500
  32845. *
  32846. * These were generated with the test xmss_fast, from the unpatched
  32847. * xmss-reference repository:
  32848. * https://github.com/XMSS/xmss-reference
  32849. * */
  32850. static const byte xmss_pub[XMSS_SHA256_PUBLEN] =
  32851. {
  32852. 0x00,0x00,0x00,0x01,0xA5,0x41,0x31,0x96,
  32853. 0x0A,0xF9,0xF3,0xB2,0x4B,0x2E,0x5B,0x3E,
  32854. 0xCA,0x74,0xAD,0x6C,0xA5,0x89,0xAD,0x2C,
  32855. 0x0E,0x96,0xB3,0x54,0xFB,0x5B,0x63,0x50,
  32856. 0x96,0x81,0xE2,0x59,0x72,0x10,0x09,0x54,
  32857. 0xBB,0x39,0xAC,0xEE,0x78,0xEF,0x95,0xEC,
  32858. 0x01,0x1D,0xF0,0x36,0x68,0xE2,0xC4,0xA5,
  32859. 0x2F,0x60,0x42,0x7E,0xD3,0x8E,0xAA,0x27,
  32860. 0xC9,0xB7,0x39,0x4E
  32861. };
  32862. static /* not const */ byte xmss_msg[32] =
  32863. {
  32864. 0x07,0x9F,0x80,0x86,0xDB,0x76,0x27,0xDF,
  32865. 0xED,0x5B,0x2A,0x81,0x60,0x60,0x7D,0xB4,
  32866. 0xE8,0x7A,0x69,0x45,0x20,0x6B,0xA2,0x96,
  32867. 0xC0,0x21,0xA5,0x46,0x29,0x63,0x9B,0x37
  32868. };
  32869. /* This was actually the 5th signature produced from
  32870. * xmss_fast test in xmss-reference. */
  32871. static /* not const */ byte xmss_sig[2500] =
  32872. {
  32873. 0x00,0x00,0x00,0x05,0xF0,0x15,0x34,0xBA,
  32874. 0x92,0x03,0x6A,0xB9,0xA5,0x23,0x86,0x11,
  32875. 0xAE,0x65,0x0A,0x5C,0x78,0x2C,0xC9,0xBE,
  32876. 0x7E,0xA6,0xDC,0xA2,0x8B,0xA9,0x9C,0x50,
  32877. 0xF6,0x61,0x8D,0x9D,0xD7,0xE9,0xC0,0xF8,
  32878. 0x67,0xCD,0x8A,0xC4,0x9B,0x74,0x96,0x07,
  32879. 0x5D,0xF2,0xC9,0xCC,0x28,0x05,0xB1,0xBE,
  32880. 0x5E,0xA4,0xBA,0xBE,0xAB,0xD8,0x21,0x6B,
  32881. 0x21,0x5F,0xAB,0xB7,0x6C,0xEC,0x2F,0xC8,
  32882. 0xC6,0x74,0x3E,0x97,0x1B,0xC3,0x45,0x57,
  32883. 0xAF,0xAA,0x1E,0xA8,0xF2,0x86,0xA8,0xAA,
  32884. 0x43,0x6D,0x66,0xE9,0x81,0x14,0xDE,0x09,
  32885. 0x39,0xD2,0xAF,0xD1,0x4C,0xE7,0x75,0x18,
  32886. 0x0D,0xAA,0x29,0xA1,0x92,0x53,0xCC,0xE9,
  32887. 0xF3,0x0B,0x1E,0x3B,0xE2,0xAE,0x80,0x0C,
  32888. 0xE7,0x7A,0x7C,0x13,0x8A,0x28,0xC6,0x5F,
  32889. 0x0A,0xA4,0xA3,0x73,0x0A,0x3A,0xC2,0xA6,
  32890. 0x3B,0xB4,0x30,0x67,0xC0,0x36,0x18,0xA1,
  32891. 0x58,0xCD,0xAD,0x54,0x36,0x64,0xCE,0xFD,
  32892. 0x52,0xFF,0x70,0x7E,0x09,0xFB,0x13,0xA2,
  32893. 0xEA,0xDF,0x67,0x8D,0x6C,0x42,0xB2,0x78,
  32894. 0xF5,0x7D,0x5C,0x4B,0xF7,0x8E,0xCF,0x3E,
  32895. 0xB7,0xC6,0xC1,0x23,0xFA,0x65,0xDE,0xD2,
  32896. 0xFA,0x40,0x51,0x97,0x0D,0x52,0x32,0x76,
  32897. 0x7E,0x82,0x8D,0xD0,0xB9,0x1E,0x62,0xD9,
  32898. 0x1E,0xC1,0xDB,0x40,0x43,0x37,0x4A,0x23,
  32899. 0x8A,0x1D,0x35,0xFA,0xF4,0x53,0x11,0x5A,
  32900. 0xB5,0x6D,0x1E,0x8B,0x22,0xC8,0x7D,0x2A,
  32901. 0xE4,0x94,0xAA,0x25,0x20,0x40,0x96,0xDB,
  32902. 0x82,0x62,0xBA,0x8F,0x8B,0x45,0xCB,0x4F,
  32903. 0x35,0x88,0x33,0xEB,0xEF,0xB3,0xBA,0xA7,
  32904. 0x09,0x72,0xB3,0x4C,0xEC,0xF2,0xC3,0xC7,
  32905. 0x5E,0x02,0x6C,0x41,0x93,0xCB,0x3C,0x89,
  32906. 0x12,0x09,0x68,0x54,0x8E,0xEC,0x6A,0x7E,
  32907. 0x20,0xE1,0x70,0x3D,0x8C,0xEB,0xB4,0x36,
  32908. 0xBE,0x91,0xBE,0x97,0xB5,0xA6,0x34,0x16,
  32909. 0x95,0x0F,0x10,0x26,0xA9,0x13,0x80,0x88,
  32910. 0x9C,0xAA,0x68,0xEC,0x34,0x70,0x4A,0x15,
  32911. 0x9B,0x5E,0x57,0x05,0x87,0x1C,0xF8,0x35,
  32912. 0x45,0x29,0xE9,0x6E,0xF2,0x70,0x13,0x42,
  32913. 0x89,0x4E,0x77,0xC0,0x18,0xC7,0x55,0x6D,
  32914. 0xE7,0xFA,0x0D,0x63,0x83,0x16,0x19,0x01,
  32915. 0x2D,0xFD,0x31,0x14,0x94,0xCA,0x3E,0x0E,
  32916. 0xD6,0x11,0x34,0x81,0x57,0x58,0xEC,0x24,
  32917. 0xA4,0x17,0x63,0xD3,0x25,0x00,0xBF,0x7D,
  32918. 0x78,0x5D,0xC5,0xD8,0xC6,0xC1,0xBD,0x8C,
  32919. 0xD0,0x94,0x0A,0xB1,0x33,0xA5,0x4B,0x31,
  32920. 0x25,0xF5,0xAF,0xE7,0x84,0x26,0xAA,0x05,
  32921. 0xBB,0xF3,0x9A,0xAF,0x58,0x36,0x40,0xEF,
  32922. 0x3D,0xA2,0xBD,0xCA,0xA1,0x8D,0x2F,0x6D,
  32923. 0x54,0xD2,0x62,0x33,0x09,0xAE,0xE6,0x73,
  32924. 0xD6,0x44,0xE8,0x7C,0x5C,0x39,0x2B,0x78,
  32925. 0x94,0x14,0xC7,0xC9,0xAF,0xEC,0x77,0x36,
  32926. 0xA1,0x61,0x61,0xF1,0xD0,0x09,0xA2,0xEE,
  32927. 0xE7,0x55,0xD7,0x35,0x89,0x89,0x9B,0xCF,
  32928. 0xFA,0xA6,0x09,0x1E,0x3B,0xBD,0x5D,0xD9,
  32929. 0x25,0xE7,0xED,0xDD,0x7C,0xF0,0x1C,0x57,
  32930. 0xE0,0x06,0xBB,0x08,0x39,0x59,0xDF,0xD7,
  32931. 0xAF,0x4B,0x88,0x0D,0x87,0x8F,0x4A,0xF3,
  32932. 0x1C,0xD4,0x4B,0xB3,0xE2,0xF3,0x1B,0x86,
  32933. 0x4F,0xCD,0x35,0x75,0xE2,0x03,0xF9,0x1D,
  32934. 0xBF,0x3E,0xD1,0x7B,0xC7,0x23,0x11,0x75,
  32935. 0x5F,0x92,0x0D,0x98,0xEE,0x14,0xE1,0xDA,
  32936. 0x7A,0x02,0x17,0x47,0x6B,0x41,0xEA,0x47,
  32937. 0xA1,0xAF,0x06,0x79,0x1A,0x52,0x6F,0x19,
  32938. 0x31,0x70,0x71,0xBD,0xC2,0x61,0x8D,0xB7,
  32939. 0xEE,0x6B,0x69,0x2A,0xE8,0x21,0x7A,0x95,
  32940. 0xBE,0x86,0x2A,0xA1,0xF4,0xE2,0x2F,0x17,
  32941. 0x02,0xFD,0xAD,0x17,0x9F,0x0A,0x0A,0x78,
  32942. 0xA9,0x92,0x30,0x21,0x72,0x2B,0x28,0xF8,
  32943. 0xF2,0x3E,0x05,0xD5,0xAC,0xC0,0x82,0xF8,
  32944. 0xD2,0xDA,0xD0,0xA3,0xBC,0x93,0xDB,0xA5,
  32945. 0x46,0xDE,0x14,0x1E,0xD4,0x3A,0x5D,0x79,
  32946. 0x3D,0x31,0x4B,0x06,0xCE,0x22,0x29,0x3C,
  32947. 0x98,0xB6,0x18,0x8A,0xAE,0xF7,0xBA,0x22,
  32948. 0x88,0xA1,0xEE,0xC0,0x14,0x4C,0x4A,0xA0,
  32949. 0x57,0x0A,0xD3,0x18,0xA2,0x3D,0xDD,0xC7,
  32950. 0x83,0x73,0xFC,0x38,0x9B,0x31,0xA3,0xE1,
  32951. 0x17,0x76,0xA1,0xA2,0x69,0xFC,0xAB,0x08,
  32952. 0x80,0x72,0x8D,0xF5,0xE4,0x14,0xB7,0x6B,
  32953. 0x03,0xFF,0xE8,0x11,0x4B,0x06,0x55,0x7E,
  32954. 0x36,0x21,0x2F,0xD7,0x54,0x82,0xC9,0x31,
  32955. 0xB4,0x85,0x68,0x41,0xEF,0x75,0xB0,0x3A,
  32956. 0xEA,0x4F,0xE0,0xEC,0x72,0xCC,0x33,0x96,
  32957. 0xCE,0x7D,0xAD,0xDD,0x0D,0x27,0x05,0x6E,
  32958. 0xA2,0xD4,0x11,0x07,0xD8,0x7D,0x27,0xD4,
  32959. 0x80,0x8F,0x00,0x22,0xE4,0xFC,0x2C,0x9D,
  32960. 0xD5,0xD8,0x18,0x7F,0x4E,0xF4,0xB9,0x7F,
  32961. 0xEF,0xD6,0x00,0x08,0x5C,0x05,0x04,0x1E,
  32962. 0x9A,0xC6,0x8D,0xCC,0x19,0xD9,0x0B,0x06,
  32963. 0xCC,0x6A,0x17,0xE2,0x03,0x23,0xDB,0x1C,
  32964. 0xBC,0xA2,0xB9,0xA2,0x95,0x3C,0x73,0xD8,
  32965. 0xFF,0xE6,0x0E,0xAE,0x04,0xB2,0xFC,0x91,
  32966. 0x4F,0xEF,0x8A,0x58,0xB7,0x31,0x68,0x4C,
  32967. 0x1E,0xD0,0x5B,0x85,0xCC,0x03,0xDC,0xF4,
  32968. 0xAC,0xDB,0x03,0x9B,0x35,0x33,0x08,0x71,
  32969. 0xD0,0x50,0x8D,0xDC,0xE3,0x3A,0x98,0x40,
  32970. 0x41,0x80,0xDD,0x35,0xE1,0xA2,0xAF,0x14,
  32971. 0x9A,0xDB,0xD3,0x68,0x14,0xE2,0x50,0x7A,
  32972. 0x76,0x3F,0xE4,0xA4,0x1B,0xAA,0xC1,0x06,
  32973. 0x87,0x9A,0x92,0xF9,0xBE,0x9E,0x86,0x8C,
  32974. 0x92,0x1D,0x74,0xB1,0x7F,0x27,0x43,0xC0,
  32975. 0xEE,0x2E,0xC2,0x6C,0x6D,0xAA,0x0C,0x0E,
  32976. 0x71,0xC9,0x56,0xD6,0x3A,0x56,0xCB,0x90,
  32977. 0xD1,0x7E,0x6E,0x1C,0x6A,0x00,0x2D,0x02,
  32978. 0x2C,0x96,0xF0,0x2A,0x37,0x37,0x18,0x07,
  32979. 0x0B,0xF4,0xB4,0x8C,0x30,0xF2,0xA4,0xAB,
  32980. 0x66,0xFB,0x8B,0x22,0xC0,0x00,0x7E,0x05,
  32981. 0xB6,0xF9,0x95,0x49,0x33,0xA1,0xDC,0x97,
  32982. 0x0C,0x5C,0x61,0x46,0xE2,0xD7,0x87,0x4B,
  32983. 0xC4,0xC7,0x5F,0x26,0x06,0x84,0xD7,0x47,
  32984. 0x05,0xF1,0x33,0xFF,0x85,0x85,0xB2,0xBD,
  32985. 0x1F,0x44,0xC6,0xC2,0x7D,0x51,0xBE,0x0E,
  32986. 0xB5,0xC4,0x44,0x2F,0xFE,0x73,0x5F,0xF4,
  32987. 0xA4,0xEF,0xE2,0xF1,0x73,0x0B,0xEF,0x3E,
  32988. 0x2B,0xD7,0xCC,0x9F,0xDA,0x1A,0x7E,0x92,
  32989. 0x39,0xA1,0x55,0xBF,0x60,0x0A,0xDB,0x23,
  32990. 0x74,0xFE,0xE7,0x05,0x63,0xA9,0x85,0x52,
  32991. 0x9F,0xCC,0xC3,0xFF,0xF6,0x6C,0x1B,0x4E,
  32992. 0x4F,0x01,0xBD,0xC3,0xEB,0x37,0xEC,0x29,
  32993. 0x21,0x3B,0x2C,0xC9,0x2E,0x93,0x20,0x3E,
  32994. 0x19,0xC0,0x8B,0xE8,0x33,0xCD,0xC6,0x6A,
  32995. 0x6E,0x72,0x13,0x15,0xA1,0x90,0x20,0x0C,
  32996. 0x14,0x66,0xED,0xCC,0xA4,0xDD,0x7F,0x58,
  32997. 0x53,0xBC,0x4A,0x68,0xFC,0x86,0x3E,0xAA,
  32998. 0xF1,0x17,0x0F,0x3E,0x20,0x54,0x93,0xF4,
  32999. 0x98,0xBF,0xB4,0x07,0x05,0xBD,0x70,0xE7,
  33000. 0xD7,0x34,0xFD,0xE3,0x69,0xDF,0xCD,0xF5,
  33001. 0x1A,0x73,0x6E,0xC9,0x2B,0x21,0xFB,0xB8,
  33002. 0x7E,0x44,0x10,0x83,0x56,0xCE,0xD5,0x15,
  33003. 0x9A,0x75,0xFC,0x91,0x8E,0x6B,0x9E,0x1A,
  33004. 0x3A,0x33,0x39,0x35,0xB4,0x0D,0x74,0xF4,
  33005. 0xFB,0x4C,0x0E,0x37,0xFE,0x82,0x95,0x46,
  33006. 0x6B,0xD2,0x6E,0xEE,0xCD,0x4D,0x38,0xAF,
  33007. 0x0A,0xAA,0xF1,0xD5,0xA4,0x7C,0x04,0xD8,
  33008. 0xB9,0xDB,0x11,0x68,0x88,0x35,0x41,0xDE,
  33009. 0x31,0x33,0x0C,0xDC,0x2D,0x4C,0xA8,0x20,
  33010. 0xCC,0x2C,0x4C,0x63,0xAB,0xBA,0xDF,0x48,
  33011. 0x84,0xD5,0x25,0xBC,0x70,0xE3,0x49,0xAA,
  33012. 0x43,0xCA,0x8B,0xE7,0x9F,0xDD,0x20,0x76,
  33013. 0x9B,0x38,0xF4,0xBA,0x4D,0x4E,0x34,0x4A,
  33014. 0xAF,0x81,0xE7,0x0B,0xEC,0xE9,0x59,0xC1,
  33015. 0x35,0x22,0x7F,0x69,0x46,0x62,0xD2,0x18,
  33016. 0x6E,0x1F,0x79,0xD1,0xAD,0xC3,0x84,0x95,
  33017. 0x96,0xB2,0x18,0x58,0x5E,0x7E,0x0C,0x25,
  33018. 0x0A,0x0F,0x69,0xA3,0x1D,0xEC,0x29,0xCB,
  33019. 0xDA,0xA2,0xD1,0x1A,0x10,0xA5,0x52,0xC3,
  33020. 0x62,0x1E,0xC5,0x83,0xFF,0xA3,0x56,0xC2,
  33021. 0xFD,0x87,0x3B,0x57,0x52,0x98,0x36,0x95,
  33022. 0x77,0x6B,0xE5,0x49,0x10,0x8E,0x39,0xDD,
  33023. 0xCA,0x4B,0xB3,0x9F,0x4C,0x0C,0x11,0x62,
  33024. 0xF3,0x22,0x78,0xDB,0x48,0xEB,0x68,0xFE,
  33025. 0xE4,0x2A,0xE9,0xAA,0x8F,0x7A,0x2F,0x69,
  33026. 0xA5,0xC5,0x03,0x2D,0xEF,0x62,0xA8,0x71,
  33027. 0x65,0x06,0x40,0x84,0x10,0x0F,0xF2,0xED,
  33028. 0xBC,0x70,0x71,0x69,0x24,0xA2,0xBF,0x83,
  33029. 0x39,0xDD,0xFA,0xA2,0x7B,0xE5,0xEC,0x3D,
  33030. 0xFE,0x3B,0x52,0x6E,0x3D,0x82,0xA6,0x2A,
  33031. 0x86,0x01,0x61,0x51,0x63,0xBF,0xF9,0x0A,
  33032. 0x06,0x72,0xF1,0xD5,0x39,0x0C,0xBA,0xC9,
  33033. 0x78,0xC6,0x77,0x22,0xE4,0x96,0x6E,0xB1,
  33034. 0x48,0x62,0x84,0x62,0x2D,0xEA,0x49,0x56,
  33035. 0x50,0x86,0x3F,0x90,0xC3,0x01,0x42,0x45,
  33036. 0xED,0xE6,0x9A,0x65,0x19,0x93,0x7F,0x48,
  33037. 0x16,0xF2,0x50,0xA7,0x70,0xB3,0xF5,0xDB,
  33038. 0x0E,0x5E,0x22,0x9E,0x64,0x04,0x26,0x69,
  33039. 0xC1,0x16,0xEE,0x65,0x08,0x82,0x27,0x65,
  33040. 0xEC,0x3D,0xDF,0x51,0x5E,0x2D,0xE8,0x76,
  33041. 0xF2,0xE3,0xE4,0x24,0x04,0x88,0x06,0x0F,
  33042. 0xB2,0x7B,0x9B,0x72,0x3D,0x4C,0x7D,0x6A,
  33043. 0x1F,0xB2,0xA2,0xD2,0x35,0xD6,0x40,0x25,
  33044. 0xC2,0x0B,0x25,0xF9,0xDF,0x26,0xE4,0xDC,
  33045. 0xFB,0xB1,0x84,0x84,0x77,0x1B,0x45,0x51,
  33046. 0x60,0xD5,0xF0,0xB6,0x09,0xE6,0xBC,0xE3,
  33047. 0x1C,0x70,0x96,0x2C,0xD3,0x9D,0x7D,0x7F,
  33048. 0xB1,0x70,0xDA,0x79,0xB8,0x74,0x99,0xBF,
  33049. 0x84,0x95,0xCC,0x93,0xD7,0x51,0xDD,0x66,
  33050. 0xD3,0x70,0x0C,0x75,0x86,0x09,0x06,0xFD,
  33051. 0x66,0x14,0x80,0xCD,0xF3,0x59,0xB4,0x92,
  33052. 0x5F,0xE4,0xEE,0x00,0xA8,0xB0,0x8B,0x5C,
  33053. 0x3E,0xDB,0x8A,0x9C,0x0B,0xB5,0x99,0xC2,
  33054. 0x0D,0x81,0x09,0x06,0x6C,0x28,0xC0,0x7E,
  33055. 0xA5,0x07,0x70,0x64,0xD7,0x41,0xF4,0xC3,
  33056. 0x66,0x61,0x1C,0xA8,0x51,0xF6,0x3C,0xBA,
  33057. 0xE0,0x94,0xA3,0x11,0x8C,0x2E,0xBA,0x13,
  33058. 0xB2,0x47,0x48,0x93,0xB4,0x1A,0x2C,0x9A,
  33059. 0x6E,0x8E,0x30,0x66,0x7B,0xD3,0xBB,0x3B,
  33060. 0x5D,0x97,0x0D,0xE4,0xEA,0x24,0x28,0x9E,
  33061. 0xB4,0x88,0xCE,0x1D,0x7D,0x6F,0x39,0xB3,
  33062. 0x87,0x21,0xE5,0x08,0x93,0xF0,0xD4,0x9D,
  33063. 0x2D,0x91,0xC9,0xFD,0x0C,0x74,0x34,0xB4,
  33064. 0x1F,0xFE,0xDA,0xDC,0x10,0x5B,0x8D,0x2B,
  33065. 0x87,0xD3,0x42,0xB4,0xAE,0x32,0x9C,0xAE,
  33066. 0x4C,0x99,0xD8,0xED,0x44,0x41,0x07,0xE0,
  33067. 0x8F,0xBD,0xA5,0x7C,0x5A,0xDF,0x91,0x29,
  33068. 0x00,0xB5,0x4B,0xC3,0x3A,0x40,0x6C,0x48,
  33069. 0xAB,0x2A,0xF3,0x02,0xCB,0xB3,0x69,0xDA,
  33070. 0x06,0x0C,0x4D,0x5C,0x45,0xC3,0x28,0xAC,
  33071. 0x7A,0x01,0xD4,0xF8,0xCB,0x07,0x63,0x89,
  33072. 0x09,0x34,0x78,0xA7,0x14,0x39,0xCF,0x2D,
  33073. 0x94,0x8D,0x7A,0x4E,0x4E,0xBD,0xC4,0x32,
  33074. 0xAB,0x21,0xC9,0xDA,0x3F,0x5F,0x04,0x6B,
  33075. 0x14,0x40,0x18,0x18,0x2F,0xF9,0x46,0x17,
  33076. 0x57,0x54,0x9B,0x28,0x7B,0xBD,0xF9,0xA2,
  33077. 0x13,0xAC,0x69,0x24,0xB1,0x31,0x39,0xBF,
  33078. 0x8D,0x75,0xC3,0xFD,0x03,0x54,0x5A,0xFD,
  33079. 0xD4,0x7A,0xB7,0x56,0x4F,0x66,0x43,0x57,
  33080. 0x1B,0xFB,0xF9,0x92,0x7A,0x83,0xE6,0xFF,
  33081. 0xB4,0xBA,0x83,0xD2,0x61,0x8E,0x4A,0x82,
  33082. 0x82,0xA8,0xF5,0x0C,0xD2,0x43,0x53,0xA8,
  33083. 0x85,0x0A,0xD4,0x69,0x7B,0x04,0x71,0x3B,
  33084. 0x80,0x49,0x27,0x47,0x12,0xB6,0xB0,0xEA,
  33085. 0x90,0x0A,0xFA,0xA8,0xC8,0x78,0x61,0xDE,
  33086. 0x30,0x12,0xBB,0xDC,0xA6,0x57,0x56,0x30,
  33087. 0x6E,0xF1,0xA8,0x3B,0xF6,0x09,0x07,0xEA,
  33088. 0x31,0xE2,0x08,0x23,0x31,0x0F,0xD4,0x34,
  33089. 0xE3,0x60,0xC2,0x2B,0xDB,0x5A,0x99,0xCF,
  33090. 0xD4,0x6B,0x4E,0x75,0x65,0x35,0xE8,0x8B,
  33091. 0x93,0x7D,0xCA,0x11,0x47,0xF0,0x3E,0x11,
  33092. 0x5C,0xD1,0xEE,0x4B,0x11,0xB4,0x65,0x2B,
  33093. 0x6B,0x79,0xC0,0x86,0x60,0xA4,0x4B,0x24,
  33094. 0xA0,0x5C,0x70,0x34,0xC3,0x7C,0xE7,0x4F,
  33095. 0x97,0x89,0x4D,0xFE,0x22,0x89,0x3A,0xE9,
  33096. 0x07,0xB9,0x1A,0x86,0xB8,0x7A,0x12,0x38,
  33097. 0xE1,0x24,0x46,0xBC,0x9B,0x21,0xCD,0xAC,
  33098. 0x30,0xAB,0x98,0x21,0x31,0xC5,0x17,0x3F,
  33099. 0x1E,0x56,0xC3,0x18,0xCE,0xF0,0xA1,0xCC,
  33100. 0xFF,0x9D,0xA8,0x53,0xAF,0x74,0x77,0x54,
  33101. 0x02,0x9A,0x8F,0xA4,0xD4,0xBD,0xB2,0x1A,
  33102. 0xBA,0x52,0x2E,0x19,0xBE,0x49,0x11,0x45,
  33103. 0x02,0x01,0x7A,0xBF,0x28,0xD6,0x18,0xED,
  33104. 0xBD,0xCE,0xE4,0xDE,0xB5,0xF1,0x53,0x5D,
  33105. 0x65,0xF9,0x5F,0x83,0x8F,0x2D,0xF2,0x82,
  33106. 0xA0,0x2D,0x28,0xD3,0x0A,0x9E,0x0F,0x7F,
  33107. 0xC7,0xC4,0x43,0x7F,0xC3,0x0E,0x06,0xEB,
  33108. 0x4E,0xB4,0x2D,0xFA,0xDD,0x48,0xAB,0xF4,
  33109. 0x7D,0x41,0x48,0x33,0x5A,0xE6,0x70,0x02,
  33110. 0xE7,0x71,0x8D,0xD9,0x6B,0x0C,0x5A,0x8F,
  33111. 0xA4,0xC1,0xB7,0x4E,0x96,0x83,0xD6,0xA7,
  33112. 0x1D,0xF1,0x88,0xB3,0x6E,0xF4,0x12,0xA9,
  33113. 0xF6,0x31,0x69,0x66,0xFE,0xFE,0x02,0xF2,
  33114. 0x86,0x6D,0xBB,0x57,0x51,0x8C,0x4C,0xE9,
  33115. 0x7C,0x92,0x3E,0x3A,0xD3,0x2D,0xA8,0x82,
  33116. 0x53,0x84,0x26,0x89,0xBB,0xCC,0x13,0x12,
  33117. 0x3D,0x94,0xBB,0xDF,0x3D,0x4C,0xDF,0x27,
  33118. 0x9B,0x1F,0xB8,0xB6,0xE4,0xEA,0xA2,0x07,
  33119. 0xF8,0x4D,0x42,0x8F,0x29,0x90,0xFE,0x21,
  33120. 0x20,0xE9,0x55,0x02,0xAD,0x90,0xA7,0x77,
  33121. 0x4E,0x29,0xB6,0xD9,0x14,0x94,0xB2,0x25,
  33122. 0xA4,0xB2,0x0E,0x96,0x31,0xAB,0x9E,0x93,
  33123. 0x49,0xAC,0xA9,0xCB,0x68,0x22,0xBA,0xB8,
  33124. 0x57,0x5C,0x9D,0x65,0xC1,0xF1,0xFC,0x99,
  33125. 0x7C,0x3C,0xE9,0xEA,0x4B,0x29,0x22,0x2F,
  33126. 0xDB,0x17,0x21,0x8D,0xB0,0x13,0xBF,0xEE,
  33127. 0x7D,0xE4,0x8B,0x6D,0x17,0xE0,0x53,0x92,
  33128. 0x0B,0x32,0x6B,0xB1,0x65,0x2E,0xA7,0x83,
  33129. 0xFD,0x62,0x62,0xE3,0xAA,0x81,0xE8,0xD6,
  33130. 0xF7,0xB1,0x30,0x65,0x80,0x9F,0x77,0x1E,
  33131. 0x4A,0xEA,0xE8,0x45,0x32,0x12,0x3A,0xFB,
  33132. 0x22,0xE9,0xA9,0xF6,0xCB,0xAB,0xA8,0x0C,
  33133. 0x20,0xA8,0x7C,0xF9,0xF7,0x53,0xC1,0xB4,
  33134. 0xC0,0x5D,0x06,0x45,0xDD,0x7E,0xA7,0x34,
  33135. 0xA1,0x21,0xC2,0x62,0xAB,0x22,0x45,0x3D,
  33136. 0x73,0x4C,0x26,0xD1,0x1A,0xB2,0xF0,0xB2,
  33137. 0x6D,0x11,0x70,0x58,0xAA,0xF5,0xA4,0xF5,
  33138. 0xF8,0x0B,0x3D,0xC1,0xF6,0x17,0x70,0x15,
  33139. 0xCD,0x72,0x02,0x7E,0x4E,0x94,0x96,0x0A,
  33140. 0x56,0xCC,0xA5,0xA3,0xB3,0x7E,0xDD,0x5A,
  33141. 0x72,0xD2,0xFB,0xAC,0x3D,0x0E,0x66,0x65,
  33142. 0xE9,0x08,0x6C,0xB0,0x1C,0xE2,0x1A,0x82,
  33143. 0xF6,0xF3,0x34,0x89,0x73,0x02,0x5B,0x42,
  33144. 0x6D,0x40,0x61,0xB6,0xE0,0xE6,0x53,0x32,
  33145. 0xA5,0x72,0x17,0x4F,0x3B,0x51,0x4F,0xBC,
  33146. 0x00,0xE0,0x69,0x26,0xA9,0xAE,0x83,0xE3,
  33147. 0x73,0x7F,0x71,0x97,0xE0,0xDC,0x7C,0x63,
  33148. 0x9C,0x85,0x5F,0xDF,0x7D,0xE4,0x6C,0xD8,
  33149. 0xA9,0x3A,0x6F,0x5E,0x4A,0x2E,0xB0,0xE7,
  33150. 0x8B,0x45,0xE2,0x90,0x05,0x37,0xE8,0xAB,
  33151. 0x49,0x48,0x4C,0xC0,0x59,0x1D,0x8C,0x46,
  33152. 0x5B,0x84,0xE0,0x83,0xCE,0xEA,0x4B,0xF9,
  33153. 0xD4,0xDC,0x63,0xDF,0x79,0xB7,0x5C,0x11,
  33154. 0x25,0x7F,0x90,0x2E,0x0A,0x38,0x03,0xEA,
  33155. 0xEA,0xA1,0x26,0x52,0x20,0x19,0xA3,0xBE,
  33156. 0xFC,0x9D,0xB7,0x6E,0xA6,0x58,0x8E,0x6D,
  33157. 0xC5,0x58,0xE9,0xED,0x2F,0x55,0x43,0x8B,
  33158. 0x03,0x8B,0xE6,0xA4,0xC2,0x25,0x4B,0x36,
  33159. 0xBA,0xD3,0x27,0x48,0x40,0x2E,0x87,0xA2,
  33160. 0xD4,0x12,0xC6,0x05,0x36,0x03,0x11,0x51,
  33161. 0xD1,0xF2,0xAC,0x71,0x2C,0xB6,0xC3,0xA5,
  33162. 0x57,0x0F,0xAF,0x4B,0xBD,0xCD,0x47,0x4C,
  33163. 0x3A,0x52,0x6F,0x47,0xE7,0x0B,0xB7,0xD5,
  33164. 0xF7,0xA6,0x39,0x63,0x82,0x08,0x4C,0x41,
  33165. 0x0E,0x2A,0x52,0x42,0x5A,0xEA,0x59,0xC7,
  33166. 0x94,0xFB,0xD0,0x88,0x47,0x27,0xF6,0x97,
  33167. 0x03,0x9E,0x29,0xB8,0x3A,0x67,0xE6,0xF3,
  33168. 0x95,0xA7,0x42,0xC1,0x96,0xD1,0x9A,0xA6,
  33169. 0xF0,0x09,0x0C,0xEA,0xE0,0xAB,0x0F,0x15,
  33170. 0xE9,0xC3,0xEB,0xA5,0x89,0x86,0x98,0x32,
  33171. 0x83,0xAB,0x30,0x33,0xAE,0x90,0x8D,0x2E,
  33172. 0xB3,0xAA,0x91,0xA6,0xD9,0xA4,0x4A,0x54,
  33173. 0xE0,0xD3,0x08,0xCC,0x79,0xCE,0xE4,0x15,
  33174. 0x31,0xA6,0xCE,0x61,0xCF,0x03,0x06,0xEE,
  33175. 0x8E,0xE2,0x64,0x29,0xD1,0x54,0x9B,0xD0,
  33176. 0x5F,0x09,0x2B,0x8B,0xD5,0xF8,0xD4,0x7D,
  33177. 0xF1,0x97,0x32,0xD9,0xEA,0x5A,0x0E,0x10,
  33178. 0x8C,0x4D,0xFB,0x55,0xE6,0x27,0x0C,0xBA,
  33179. 0xC1,0x73,0xC1,0x73,0xE3,0x1C,0x09,0xB3,
  33180. 0x6F,0xB4,0x12,0xFA,0xF3,0x29,0xDC,0x23,
  33181. 0x32,0xED,0x80,0x87,0x83,0xC2,0xF6,0x07,
  33182. 0xB5,0xA9,0x22,0xDE,0x66,0x1A,0xA7,0x4A,
  33183. 0x86,0xF1,0x39,0x9B,0xF4,0xE7,0x50,0x15,
  33184. 0x4A,0x55,0x3C,0x93,0xB9,0xF9,0xFD,0xDC,
  33185. 0xB3,0x5D,0x73,0x52
  33186. };
  33187. WOLFSSL_TEST_SUBROUTINE wc_test_ret_t xmss_test_verify_only(void)
  33188. {
  33189. int ret = -1;
  33190. int ret2 = -1;
  33191. int j = 0;
  33192. XmssKey verifyKey;
  33193. word32 pkSz = 0;
  33194. word32 sigSz = 0;
  33195. const char * param = "XMSS-SHA2_10_256";
  33196. ret = wc_XmssKey_Init(&verifyKey, NULL, INVALID_DEVID);
  33197. if (ret != 0) { return WC_TEST_RET_ENC_EC(ret); }
  33198. ret = wc_XmssKey_SetParamStr(&verifyKey, param);
  33199. if (ret != 0) { return WC_TEST_RET_ENC_EC(ret); }
  33200. ret = wc_XmssKey_GetPubLen(&verifyKey, &pkSz);
  33201. if (ret != 0) { return WC_TEST_RET_ENC_EC(ret); }
  33202. if (pkSz != XMSS_SHA256_PUBLEN) {
  33203. return WC_TEST_RET_ENC_EC(pkSz);
  33204. }
  33205. ret = wc_XmssKey_GetSigLen(&verifyKey, &sigSz);
  33206. if (ret != 0) { return WC_TEST_RET_ENC_EC(ret); }
  33207. #if defined(DEBUG_WOLFSSL) || defined(WOLFSSL_DEBUG_NONBLOCK)
  33208. fprintf(stderr, "param: %s\n", param);
  33209. fprintf(stderr, "pkSz: %d\n", pkSz);
  33210. fprintf(stderr, "sigSz: %d\n", sigSz);
  33211. #endif
  33212. if (sigSz != sizeof(xmss_sig)) {
  33213. return WC_TEST_RET_ENC_EC(sigSz);
  33214. }
  33215. ret = wc_XmssKey_ImportPubRaw(&verifyKey, xmss_pub, XMSS_SHA256_PUBLEN);
  33216. if (ret != 0) { return WC_TEST_RET_ENC_EC(ret); }
  33217. ret = wc_XmssKey_Verify(&verifyKey, xmss_sig, sizeof(xmss_sig),
  33218. (byte *) xmss_msg, sizeof(xmss_msg));
  33219. if (ret != 0) {
  33220. printf("error: wc_XmssKey_Verify returned %d, expected 0\n", ret);
  33221. return WC_TEST_RET_ENC_EC(ret);
  33222. }
  33223. /* Flip bits in message. This should fail. */
  33224. xmss_msg[sizeof(xmss_msg) / 2] ^= 1;
  33225. ret2 = wc_XmssKey_Verify(&verifyKey, xmss_sig, sizeof(xmss_sig),
  33226. (byte *) xmss_msg, sizeof(xmss_msg));
  33227. if ((ret2 != -1) && (ret2 != SIG_VERIFY_E)) {
  33228. printf("error: wc_XmssKey_Verify returned %d, expected -1\n", ret2);
  33229. return WC_TEST_RET_ENC_EC(ret);
  33230. }
  33231. /* Flip it back. This should pass again. */
  33232. xmss_msg[sizeof(xmss_msg) / 2] ^= 1;
  33233. ret = wc_XmssKey_Verify(&verifyKey, xmss_sig, sizeof(xmss_sig),
  33234. (byte *) xmss_msg, sizeof(xmss_msg));
  33235. if (ret != 0) {
  33236. printf("error: wc_XmssKey_Verify returned %d, expected 0\n", ret);
  33237. return WC_TEST_RET_ENC_EC(ret);
  33238. }
  33239. /* Flip bits in a few places throughout the signature, stepping in multiple
  33240. * of hash size. These should all fail with -1. */
  33241. for (j = 0; j < (int) sizeof(xmss_sig); j+= 4 * 32) {
  33242. xmss_sig[j] ^= 1;
  33243. ret2 = wc_XmssKey_Verify(&verifyKey, xmss_sig, sizeof(xmss_sig),
  33244. (byte *) xmss_msg, sizeof(xmss_msg));
  33245. if ((ret2 != -1) && (ret2 != SIG_VERIFY_E)) {
  33246. /* Verify passed when it should have failed. */
  33247. return WC_TEST_RET_ENC_I(j);
  33248. }
  33249. /* Flip this spot back. */
  33250. xmss_sig[j] ^= 1;
  33251. }
  33252. /* Cleanup everything. */
  33253. wc_XmssKey_Free(&verifyKey);
  33254. return ret;
  33255. }
  33256. #endif /* WOLFSSL_HAVE_XMSS && !WOLFSSL_SMALL_STACK &&
  33257. * WOLFSSL_XMSS_MIN_HEIGHT <= 10 */
  33258. #if defined(WOLFSSL_HAVE_LMS) && !defined(WOLFSSL_LMS_VERIFY_ONLY)
  33259. static int lms_write_key_mem(const byte * priv, word32 privSz, void *context)
  33260. {
  33261. /* WARNING: THIS IS AN INSECURE WRITE CALLBACK THAT SHOULD ONLY
  33262. * BE USED FOR TESTING PURPOSES! Production applications should
  33263. * write only to non-volatile storage. */
  33264. XMEMCPY(context, priv, privSz);
  33265. return WC_LMS_RC_SAVED_TO_NV_MEMORY;
  33266. }
  33267. static int lms_read_key_mem(byte * priv, word32 privSz, void *context)
  33268. {
  33269. /* WARNING: THIS IS AN INSECURE READ CALLBACK THAT SHOULD ONLY
  33270. * BE USED FOR TESTING PURPOSES! */
  33271. XMEMCPY(priv, context, privSz);
  33272. return WC_LMS_RC_READ_TO_MEMORY;
  33273. }
  33274. /* LMS signature sizes are a function of their parameters. This
  33275. * test has a signature of 8688 bytes. */
  33276. #define WC_TEST_LMS_SIG_LEN (8688)
  33277. WOLFSSL_TEST_SUBROUTINE wc_test_ret_t lms_test(void)
  33278. {
  33279. int i = 0;
  33280. int j = 0;
  33281. int ret = -1;
  33282. int ret2 = -1;
  33283. int sigsLeft = 0;
  33284. LmsKey signingKey;
  33285. LmsKey verifyKey;
  33286. WC_RNG rng;
  33287. word32 sigSz = 0;
  33288. const char * msg = "LMS HSS post quantum signature test";
  33289. word32 msgSz = (word32) XSTRLEN(msg);
  33290. unsigned char priv[HSS_MAX_PRIVATE_KEY_LEN];
  33291. unsigned char old_priv[HSS_MAX_PRIVATE_KEY_LEN];
  33292. #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
  33293. byte * sig = XMALLOC(WC_TEST_LMS_SIG_LEN, HEAP_HINT,
  33294. DYNAMIC_TYPE_TMP_BUFFER);
  33295. if (sig == NULL) {
  33296. return WC_TEST_RET_ENC_ERRNO;
  33297. }
  33298. #else
  33299. byte sig[WC_TEST_LMS_SIG_LEN];
  33300. #endif
  33301. XMEMSET(priv, 0, sizeof(priv));
  33302. XMEMSET(old_priv, 0, sizeof(old_priv));
  33303. XMEMSET(sig, 0, WC_TEST_LMS_SIG_LEN);
  33304. #ifndef HAVE_FIPS
  33305. ret = wc_InitRng_ex(&rng, HEAP_HINT, INVALID_DEVID);
  33306. #else
  33307. ret = wc_InitRng(&rng);
  33308. #endif
  33309. if (ret != 0) { return WC_TEST_RET_ENC_EC(ret); }
  33310. /* This test:
  33311. * levels: 1
  33312. * height: 5
  33313. * winternitz: 1
  33314. *
  33315. * max sigs: 2 ** (1 * 5) = 32
  33316. * signature length: 8688
  33317. */
  33318. ret = wc_LmsKey_Init(&signingKey, NULL, INVALID_DEVID);
  33319. if (ret != 0) { return WC_TEST_RET_ENC_EC(ret); }
  33320. ret = wc_LmsKey_Init(&verifyKey, NULL, INVALID_DEVID);
  33321. if (ret != 0) { return WC_TEST_RET_ENC_EC(ret); }
  33322. ret = wc_LmsKey_SetParameters(&signingKey, 1, 5, 1);
  33323. if (ret != 0) { return WC_TEST_RET_ENC_EC(ret); }
  33324. ret = wc_LmsKey_SetWriteCb(&signingKey, lms_write_key_mem);
  33325. if (ret != 0) { return WC_TEST_RET_ENC_EC(ret); }
  33326. ret = wc_LmsKey_SetReadCb(&signingKey, lms_read_key_mem);
  33327. if (ret != 0) { return WC_TEST_RET_ENC_EC(ret); }
  33328. ret = wc_LmsKey_SetContext(&signingKey, (void *) priv);
  33329. if (ret != 0) { return WC_TEST_RET_ENC_EC(ret); }
  33330. ret = wc_LmsKey_MakeKey(&signingKey, &rng);
  33331. if (ret != 0) { return WC_TEST_RET_ENC_EC(ret); }
  33332. XMEMCPY(old_priv, priv, sizeof(priv));
  33333. ret = wc_LmsKey_ExportPub(&verifyKey, &signingKey);
  33334. if (ret != 0) { return WC_TEST_RET_ENC_EC(ret); }
  33335. ret = wc_LmsKey_GetSigLen(&verifyKey, &sigSz);
  33336. if (ret != 0) { return WC_TEST_RET_ENC_EC(ret); }
  33337. if (sigSz != WC_TEST_LMS_SIG_LEN) {
  33338. printf("error: got %d, expected %d\n", sigSz, WC_TEST_LMS_SIG_LEN);
  33339. return WC_TEST_RET_ENC_EC(sigSz);
  33340. }
  33341. /* 2 ** 5 should be the max number of signatures */
  33342. for (i = 0; i < 32; ++i) {
  33343. /* We should have remaining signstures. */
  33344. sigsLeft = wc_LmsKey_SigsLeft(&signingKey);
  33345. if (sigsLeft == 0) {
  33346. return WC_TEST_RET_ENC_EC(sigsLeft);
  33347. }
  33348. /* Sign with key. The private key will be updated on every signature. */
  33349. ret = wc_LmsKey_Sign(&signingKey, sig, &sigSz, (byte *) msg, msgSz);
  33350. if (ret != 0) { return WC_TEST_RET_ENC_I(i); }
  33351. /* The updated private key should not match the old one. */
  33352. if (XMEMCMP(old_priv, priv, sizeof(priv)) == 0) {
  33353. printf("error: current priv key should not match old: %d\n", i);
  33354. return WC_TEST_RET_ENC_I(i);
  33355. }
  33356. XMEMCPY(old_priv, priv, sizeof(priv));
  33357. ret = wc_LmsKey_Verify(&verifyKey, sig, sigSz, (byte *) msg, msgSz);
  33358. if (ret != 0) { return WC_TEST_RET_ENC_I(i); }
  33359. /* Flip bits in a few places throughout the signature, stepping in multiple
  33360. * of hash size. These should all fail with -1. */
  33361. for (j = 0; j < (int) sigSz; j+= 4 * 32) {
  33362. sig[j] ^= 1;
  33363. ret2 = wc_LmsKey_Verify(&verifyKey, sig, sigSz, (byte *) msg,
  33364. msgSz);
  33365. if (ret2 != -1) {
  33366. /* Verify passed when it should have failed. */
  33367. return WC_TEST_RET_ENC_I(j);
  33368. }
  33369. /* Flip this spot back. */
  33370. sig[j] ^= 1;
  33371. }
  33372. }
  33373. /* This should be the last signature. */
  33374. sigsLeft = wc_LmsKey_SigsLeft(&signingKey);
  33375. if (sigsLeft != 0) {
  33376. return WC_TEST_RET_ENC_EC(sigsLeft);
  33377. }
  33378. wc_LmsKey_Free(&signingKey);
  33379. wc_LmsKey_Free(&verifyKey);
  33380. wc_FreeRng(&rng);
  33381. return ret;
  33382. }
  33383. #endif /* if defined(WOLFSSL_HAVE_LMS) && !defined(WOLFSSL_LMS_VERIFY_ONLY) */
  33384. #if defined(WOLFSSL_HAVE_LMS) && defined(WOLFSSL_LMS_VERIFY_ONLY) && \
  33385. !defined(WOLFSSL_SMALL_STACK)
  33386. /* A simple LMS verify only test.
  33387. *
  33388. * Note: LMS signature sizes are a function of their parameters. This
  33389. * test has a signature of 1456 bytes:
  33390. * levels: 1
  33391. * height: 10
  33392. * winternitz: 8
  33393. * max sigs: 2 ** (1 * 10) = 1024
  33394. * signature length: 1456
  33395. * */
  33396. /* "wolfSSL LMS example message!" without null terminator. */
  33397. static const byte lms_msg[28] =
  33398. {
  33399. 0x77,0x6F,0x6C,0x66,0x53,0x53,0x4C,0x20,
  33400. 0x4C,0x4D,0x53,0x20,0x65,0x78,0x61,0x6D,
  33401. 0x70,0x6C,0x65,0x20,0x6D,0x65,0x73,0x73,
  33402. 0x61,0x67,0x65,0x21
  33403. };
  33404. static const byte lms_L1H10W8_pub[HSS_MAX_PUBLIC_KEY_LEN] =
  33405. {
  33406. 0x00,0x00,0x00,0x01,0x00,0x00,0x00,0x06,
  33407. 0x00,0x00,0x00,0x04,0xA1,0x26,0x76,0xF8,
  33408. 0xBB,0x0B,0xC0,0x82,0x21,0x71,0x0B,0x2E,
  33409. 0x8C,0xA6,0xEF,0x12,0xED,0x41,0x0E,0x8C,
  33410. 0xAF,0x11,0x93,0x34,0x7B,0x49,0x79,0xB7,
  33411. 0xDE,0x63,0x1C,0xFE,0x1F,0xD1,0x17,0x49,
  33412. 0xCD,0x5C,0xD4,0x26,0xA0,0x53,0x26,0x1A,
  33413. 0xC5,0xB4,0x8F,0x23
  33414. };
  33415. #define LMS_L1H10W8_SIGLEN (1456)
  33416. static const byte lms_L1H10W8_sig[LMS_L1H10W8_SIGLEN] =
  33417. {
  33418. 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x01,
  33419. 0x00,0x00,0x00,0x04,0x18,0x70,0x09,0x2E,
  33420. 0x21,0xC9,0x6A,0xC9,0x5C,0xB6,0xB0,0xAA,
  33421. 0xC3,0xED,0x6E,0x66,0x2F,0xCC,0x45,0x81,
  33422. 0xBC,0xBA,0x44,0x96,0x1C,0xBF,0x4E,0xFB,
  33423. 0x7A,0x46,0xFB,0xBE,0x9A,0x0C,0xE4,0x50,
  33424. 0x90,0xC7,0x92,0xAC,0x53,0xAE,0x53,0x76,
  33425. 0x29,0xA6,0x65,0xF1,0x09,0xED,0x1A,0x8E,
  33426. 0x03,0x2E,0x5A,0x06,0x51,0xE3,0x1E,0xE6,
  33427. 0xF6,0xFE,0x3A,0x6E,0xD1,0x92,0x31,0x1D,
  33428. 0xA1,0x6A,0x5C,0x30,0x3A,0xC7,0xFD,0x5B,
  33429. 0xFE,0x71,0x2C,0x5C,0x2F,0x5B,0x5B,0xCF,
  33430. 0xBC,0x7F,0xBF,0x6C,0xAF,0x44,0x8A,0xAE,
  33431. 0x14,0x60,0xAB,0x88,0xED,0x0E,0x4F,0xF8,
  33432. 0xC7,0x1B,0x74,0x28,0x72,0xB3,0x96,0xA6,
  33433. 0xE6,0x46,0x22,0x82,0xCF,0x1F,0x4D,0xA6,
  33434. 0xEA,0x22,0x06,0x07,0x52,0xF5,0x26,0x16,
  33435. 0x0B,0x90,0xE3,0xFF,0x64,0xA9,0xE4,0x61,
  33436. 0x1E,0x9C,0x12,0x9C,0xF6,0xD4,0x63,0x29,
  33437. 0xEA,0x02,0xF7,0x18,0x52,0x79,0x6C,0x43,
  33438. 0xDC,0xCF,0x43,0x23,0xB9,0xCC,0x4A,0x25,
  33439. 0x9D,0x10,0xAF,0xA3,0xE6,0x47,0x5A,0x1C,
  33440. 0xFE,0x68,0x89,0xAF,0x1B,0x2D,0x88,0x3E,
  33441. 0xCA,0xDC,0x70,0xEA,0xAC,0x11,0x00,0x8A,
  33442. 0x6E,0xE0,0xC7,0xD0,0xD2,0x1A,0x36,0x18,
  33443. 0x97,0xB3,0x5F,0x0E,0x75,0x48,0x28,0xF8,
  33444. 0xA8,0xF5,0x90,0xD1,0xA1,0x84,0xFB,0xA4,
  33445. 0xAD,0x50,0xBE,0xE9,0x39,0x8C,0xC5,0xA1,
  33446. 0x67,0x51,0xA1,0x8C,0xD6,0x6B,0x97,0x1F,
  33447. 0x47,0x99,0xEE,0xE0,0x70,0x01,0xC7,0x07,
  33448. 0x50,0xF3,0x5E,0x3F,0xE7,0x06,0xD6,0x8D,
  33449. 0x26,0xD6,0x5A,0x59,0x18,0x72,0x6B,0x12,
  33450. 0xD2,0xAF,0x9B,0xB4,0x2B,0xD0,0xB2,0xF2,
  33451. 0x96,0x2F,0x40,0xEA,0xBE,0xE6,0xAC,0x1F,
  33452. 0xB8,0x33,0xC2,0x76,0xDC,0x8C,0xAC,0xC1,
  33453. 0x46,0x5E,0x04,0x84,0x1B,0xC8,0xB9,0x65,
  33454. 0x8D,0xAD,0x96,0xB5,0xB1,0xF6,0x17,0x4A,
  33455. 0x19,0x87,0xE7,0xBF,0x29,0xC7,0x9B,0xB9,
  33456. 0xD6,0x11,0x2C,0x92,0x2F,0xB7,0x24,0xD5,
  33457. 0x01,0x1D,0x80,0x37,0x54,0xED,0x33,0x32,
  33458. 0xAB,0x7A,0x12,0xD4,0x02,0x1D,0x27,0x52,
  33459. 0x89,0xDB,0x32,0xBF,0x61,0xD4,0xBB,0xB4,
  33460. 0x46,0x78,0x1B,0x64,0x17,0x84,0x4B,0x8A,
  33461. 0xBA,0xC6,0xC1,0xCF,0xC7,0x5D,0x8F,0x93,
  33462. 0xC5,0x9A,0x27,0x90,0xAC,0x17,0x98,0xFF,
  33463. 0xC8,0x22,0x59,0x55,0x90,0xB2,0x29,0x39,
  33464. 0xA0,0xBE,0x00,0x23,0x55,0x6B,0xDA,0x83,
  33465. 0xD8,0x5B,0x57,0x7C,0x67,0x1B,0xC3,0x6B,
  33466. 0x6D,0xC7,0x9B,0x2B,0x9E,0xB7,0x95,0xB3,
  33467. 0xF0,0x1B,0x89,0x5A,0xD7,0x4B,0x67,0xAF,
  33468. 0xDC,0x9E,0xCF,0x7E,0x1A,0xBA,0x1B,0xB9,
  33469. 0x3B,0x7A,0xDD,0x3F,0x0D,0xEE,0x4C,0x0B,
  33470. 0xD1,0x4F,0x34,0xF2,0x93,0xF7,0x21,0x64,
  33471. 0x2C,0x07,0x00,0x15,0x4F,0xE3,0x6A,0x9F,
  33472. 0x08,0x52,0xC2,0x65,0x47,0x1F,0x34,0x64,
  33473. 0x66,0x07,0xBC,0xEA,0xAF,0x9B,0xAA,0x39,
  33474. 0x15,0x8B,0x08,0x8C,0x24,0x41,0x9B,0x46,
  33475. 0x1B,0x5B,0x91,0x11,0xC4,0xFD,0xA9,0x88,
  33476. 0x35,0x0E,0x7D,0xAF,0xFD,0xB7,0x90,0x7E,
  33477. 0xD7,0x29,0x02,0x0A,0xDC,0xC8,0x3F,0xC0,
  33478. 0xFD,0x97,0xAF,0x50,0x49,0xA6,0x5E,0x12,
  33479. 0xC1,0xCD,0xEC,0x52,0xC5,0x51,0xF2,0x80,
  33480. 0x17,0x61,0xC7,0x7E,0xBE,0xD1,0x1B,0x65,
  33481. 0xA4,0xAB,0x92,0x8D,0x89,0xB2,0xC5,0x8F,
  33482. 0xFF,0xA5,0x6F,0xFA,0x62,0x75,0xE4,0xA1,
  33483. 0xD4,0x22,0xA8,0x9E,0x40,0x04,0x27,0x1F,
  33484. 0xCC,0x81,0xBA,0x28,0x67,0xA0,0x1C,0x80,
  33485. 0xEB,0xCA,0xB0,0x61,0xA5,0x48,0xD0,0x8A,
  33486. 0x25,0xEB,0x9E,0x67,0x8C,0x8E,0x9B,0xD1,
  33487. 0xAD,0xBB,0xC3,0xEA,0xD3,0xD4,0xC5,0x12,
  33488. 0x7B,0xDD,0x00,0x57,0x7F,0xF6,0xF7,0xF6,
  33489. 0x3C,0x05,0xCF,0xFC,0x12,0xE1,0x93,0x05,
  33490. 0xE5,0x9B,0x79,0x87,0x69,0xD8,0x82,0xD9,
  33491. 0xD7,0x1D,0x41,0x73,0xE4,0x52,0x1D,0x3E,
  33492. 0xE5,0x8C,0x8D,0x34,0xE1,0x75,0xA9,0xF1,
  33493. 0x9D,0x09,0xA2,0x5B,0xEF,0xDA,0x96,0x6E,
  33494. 0x76,0x3D,0xEA,0x50,0xD9,0xCF,0x4F,0xAC,
  33495. 0xAD,0x1D,0x35,0x72,0x1B,0x88,0x8B,0xCD,
  33496. 0x8C,0x8A,0x8A,0xE0,0x96,0x04,0xD8,0xBB,
  33497. 0x28,0x43,0x16,0x77,0x60,0x98,0x63,0xF9,
  33498. 0xB9,0x71,0x46,0xB7,0xE1,0xA7,0xA9,0x84,
  33499. 0xC3,0x65,0x82,0xE1,0x1B,0x67,0x04,0x2D,
  33500. 0x55,0x6B,0xF9,0xC0,0x79,0x09,0x09,0xE7,
  33501. 0xFD,0x06,0x4D,0x09,0x9B,0x1A,0xCE,0x35,
  33502. 0xFA,0x27,0x6F,0x2F,0x01,0x65,0x0D,0xA0,
  33503. 0x97,0x59,0x11,0xF0,0x48,0xD2,0xE7,0x46,
  33504. 0xBE,0xB4,0x0A,0xA3,0xE2,0x75,0x0E,0x09,
  33505. 0x94,0xD9,0x69,0x28,0xD4,0xDA,0x64,0xBA,
  33506. 0xFE,0xA4,0xB9,0xF0,0xBA,0xEB,0xBA,0xAC,
  33507. 0xA8,0xF9,0xD3,0x82,0x4C,0x36,0x80,0xFA,
  33508. 0xE5,0xF6,0x76,0xC3,0x80,0xFA,0x90,0x29,
  33509. 0xF4,0x85,0xA4,0xC6,0x25,0x22,0x79,0x7E,
  33510. 0x39,0x1E,0x30,0xB8,0x65,0x72,0xCF,0xE1,
  33511. 0x99,0xF0,0x75,0xE8,0x09,0xB4,0x92,0x96,
  33512. 0x1B,0x68,0x50,0x88,0xF1,0x2C,0x97,0xE3,
  33513. 0x2D,0x26,0x8F,0xC5,0x30,0xCF,0x24,0xCB,
  33514. 0xB2,0x60,0x77,0xDC,0x02,0x72,0x0D,0xD9,
  33515. 0x2E,0xF2,0x52,0xEA,0x00,0xF6,0x32,0x65,
  33516. 0xA5,0xC6,0x43,0x29,0x29,0x69,0xAB,0x27,
  33517. 0x0C,0x39,0xDF,0x76,0x3E,0x93,0x95,0xB1,
  33518. 0x2C,0xA2,0x0D,0x18,0xCE,0xA0,0x97,0x10,
  33519. 0x3C,0x90,0xC0,0xEF,0x0E,0x04,0xA6,0xC8,
  33520. 0xA0,0x21,0x3C,0x0B,0x22,0x77,0x7A,0x66,
  33521. 0xA5,0x90,0x25,0xA4,0x09,0x3E,0xD5,0x27,
  33522. 0x1F,0x6C,0x99,0x85,0x5C,0xA2,0x99,0x7A,
  33523. 0x25,0xEE,0x8D,0x32,0x3D,0xD3,0xDC,0xF5,
  33524. 0x00,0x5A,0x34,0x61,0xB6,0xCD,0x4E,0xBC,
  33525. 0x26,0x36,0xFB,0x44,0x97,0x35,0xBD,0x06,
  33526. 0x7D,0x2E,0x4A,0xA2,0xDC,0x24,0xFE,0x70,
  33527. 0x0A,0xF9,0x57,0xE3,0xEE,0xAB,0xD1,0x17,
  33528. 0xF3,0x7C,0xD6,0x37,0x26,0xFA,0x83,0x9F,
  33529. 0xDD,0xB2,0xE1,0xD7,0xF9,0xC7,0x0E,0x15,
  33530. 0x01,0xA6,0x58,0x32,0x98,0x04,0x32,0xD4,
  33531. 0xDE,0xB9,0xEF,0x09,0xFA,0xE4,0x5A,0xD7,
  33532. 0xDD,0x09,0x1C,0xC9,0xAC,0xB8,0x6A,0xF5,
  33533. 0x00,0x5D,0x6B,0x95,0x12,0x8C,0x2F,0xCC,
  33534. 0xD8,0xB9,0x50,0x3A,0xEB,0x74,0x86,0xD2,
  33535. 0x3F,0xA1,0x05,0x8F,0x6E,0xEF,0xF5,0xA4,
  33536. 0xD6,0x6E,0x53,0xFA,0x9E,0xFA,0xCE,0xDB,
  33537. 0x99,0x46,0xE7,0xC5,0xDA,0x92,0x51,0x4F,
  33538. 0x22,0x07,0xF3,0xA5,0x38,0x26,0xD3,0xEC,
  33539. 0xD6,0x01,0xDD,0x31,0x3A,0x48,0x93,0xF6,
  33540. 0x69,0x4F,0xD8,0xF6,0xC2,0x91,0xA5,0x7C,
  33541. 0xDF,0x51,0x64,0xF1,0x3B,0x79,0xBC,0x0A,
  33542. 0x2C,0xDC,0x33,0x5A,0x29,0xF6,0xB2,0x09,
  33543. 0x66,0xCA,0x24,0x9F,0x1A,0x18,0xF3,0x76,
  33544. 0x4C,0x5E,0x0B,0x81,0x7F,0x29,0x84,0xD8,
  33545. 0x7A,0xA8,0xD6,0x11,0xAC,0xEC,0xD9,0x07,
  33546. 0x91,0xEC,0xB6,0x6D,0xEC,0xDB,0xBE,0x6F,
  33547. 0x9F,0xC5,0x19,0x5E,0x56,0x87,0x20,0x80,
  33548. 0x75,0xD5,0x64,0xE9,0x80,0xBF,0x2D,0xD5,
  33549. 0x94,0x9F,0x8C,0xA4,0x54,0x41,0xAB,0xB1,
  33550. 0x8E,0xAD,0x51,0xE4,0x3C,0x24,0xF7,0x1D,
  33551. 0xFE,0x02,0x48,0x7C,0x6D,0xED,0xF1,0xAC,
  33552. 0xD9,0x79,0x42,0xE5,0x3A,0xCF,0x6A,0x4C,
  33553. 0x6D,0xE2,0x13,0xD2,0x2B,0x9D,0xAB,0x1F,
  33554. 0x70,0xD3,0xC0,0x6F,0x81,0xE9,0x9A,0x86,
  33555. 0x33,0x39,0x60,0xE7,0x6A,0x00,0x1F,0x97,
  33556. 0xEB,0xE5,0x1D,0x0D,0x66,0x15,0xC9,0xA2,
  33557. 0xB1,0xC0,0xF0,0x2E,0xF4,0x07,0xA2,0x2E,
  33558. 0x49,0x92,0x95,0x13,0xA3,0x18,0x46,0x25,
  33559. 0xB9,0x3C,0xA1,0x4B,0x00,0x00,0x00,0x06,
  33560. 0xAB,0xAA,0xF9,0x3F,0x7E,0x21,0xF4,0x0E,
  33561. 0xCE,0xFD,0xE0,0x44,0xAC,0xC7,0x1A,0x30,
  33562. 0x22,0x9D,0x0A,0xD7,0x96,0x2D,0x8F,0x9A,
  33563. 0x99,0x1F,0x40,0x75,0x7F,0x62,0xF9,0xC1,
  33564. 0x81,0x7B,0x4A,0x1B,0xFA,0xD6,0x87,0xB9,
  33565. 0xEF,0x58,0x48,0xE4,0x5C,0x79,0xE5,0xB1,
  33566. 0x2C,0x59,0xA4,0x42,0xDB,0xA6,0x53,0x70,
  33567. 0x80,0x61,0x17,0xD4,0xD3,0x77,0xBD,0x53,
  33568. 0x26,0x7C,0x0E,0x0E,0xFF,0x30,0x4B,0xD0,
  33569. 0x86,0xFC,0x02,0x20,0x24,0x46,0x5B,0xF5,
  33570. 0xE3,0x99,0x73,0x85,0x60,0x00,0x36,0x47,
  33571. 0x17,0xEE,0x0C,0xD2,0x80,0x71,0x46,0x0E,
  33572. 0x2B,0xB0,0xEF,0x7F,0xFE,0x3B,0xE5,0xE1,
  33573. 0x87,0xC2,0xAF,0x1A,0x6F,0x63,0xF4,0x5A,
  33574. 0xC4,0x16,0xF7,0xAD,0x07,0x70,0x71,0x85,
  33575. 0x7D,0x3D,0x67,0x08,0xB8,0xD8,0xE2,0xF0,
  33576. 0xA1,0xAC,0xD2,0x94,0x7D,0x93,0x03,0xDD,
  33577. 0x54,0xF9,0x64,0x19,0xB3,0xED,0x24,0x22,
  33578. 0x01,0xD7,0x12,0x5E,0xC1,0x2B,0x39,0x10,
  33579. 0x13,0xE2,0x56,0x1C,0xEE,0xF4,0x2A,0x49,
  33580. 0x7B,0xFB,0x36,0x8D,0xF8,0xAF,0x60,0xDF,
  33581. 0x10,0xF0,0x72,0xA2,0xED,0xB6,0x53,0x88,
  33582. 0xA9,0x0C,0xED,0x9C,0x18,0x33,0x7D,0x65,
  33583. 0x9B,0xB2,0x9C,0x3E,0xE9,0x1E,0x43,0x51,
  33584. 0x7E,0xBE,0x01,0x95,0xF6,0x60,0x65,0xBE,
  33585. 0xD1,0xF4,0xE2,0x83,0x6B,0xCA,0x7A,0x70,
  33586. 0x41,0x83,0x72,0xC0,0x23,0x51,0x13,0x11,
  33587. 0x2D,0xF9,0xC0,0x0D,0x7D,0x73,0x76,0xA5,
  33588. 0x30,0x83,0x68,0x10,0x35,0xA2,0x18,0x22,
  33589. 0x4E,0x21,0x93,0x27,0x6A,0x19,0x28,0x83,
  33590. 0x7F,0xDD,0xDD,0xFF,0xC3,0x8A,0x64,0x00,
  33591. 0x5F,0x1C,0x0D,0xF8,0xBB,0xD7,0x15,0xB9,
  33592. 0xEF,0xE0,0x07,0x62,0x05,0x9E,0xCF,0xFC,
  33593. 0x08,0x52,0x1E,0x65,0x41,0x56,0x6A,0xEB,
  33594. 0x81,0x53,0x30,0x7B,0xF2,0xFD,0x65,0xFF,
  33595. 0xA2,0x14,0xF5,0x62,0x1E,0x24,0x48,0x47,
  33596. 0xA5,0x41,0x80,0xB4,0xC5,0xDC,0xB2,0xB4,
  33597. 0x2D,0x17,0xE7,0xBE,0x49,0x53,0x7A,0x25,
  33598. 0xC5,0x0D,0x19,0x59,0xF4,0x88,0x59,0xED,
  33599. 0x92,0x13,0xEE,0x7A,0x4F,0x12,0x98,0x4C
  33600. };
  33601. WOLFSSL_TEST_SUBROUTINE wc_test_ret_t lms_test_verify_only(void)
  33602. {
  33603. int ret = -1;
  33604. int ret2 = -1;
  33605. int j = 0;
  33606. LmsKey verifyKey;
  33607. word32 sigSz = 0;
  33608. word32 msgSz = sizeof(lms_msg);
  33609. word32 pubLen = 0;
  33610. int levels = 0;
  33611. int height = 0;
  33612. int winternitz = 0;
  33613. ret = wc_LmsKey_Init(&verifyKey, NULL, INVALID_DEVID);
  33614. if (ret != 0) { return WC_TEST_RET_ENC_EC(ret); }
  33615. ret = wc_LmsKey_SetParameters(&verifyKey, 1, 10, 8);
  33616. if (ret != 0) { return WC_TEST_RET_ENC_EC(ret); }
  33617. ret = wc_LmsKey_ImportPubRaw(&verifyKey, lms_L1H10W8_pub,
  33618. HSS_MAX_PUBLIC_KEY_LEN);
  33619. if (ret != 0) { return WC_TEST_RET_ENC_EC(ret); }
  33620. /* Verify parameters, pub length, and sig length are correct. */
  33621. ret = wc_LmsKey_GetParameters(&verifyKey, &levels, &height, &winternitz);
  33622. if (ret != 0) { return WC_TEST_RET_ENC_EC(ret); }
  33623. if (levels != 1 || height != 10 || winternitz != 8) {
  33624. printf("error: invalid LMS parameters: L%d-H%d-W%d\n", levels, height,
  33625. winternitz);
  33626. return -1;
  33627. }
  33628. ret = wc_LmsKey_GetPubLen(&verifyKey, &pubLen);
  33629. if (ret != 0) { return WC_TEST_RET_ENC_EC(ret); }
  33630. if (pubLen != HSS_MAX_PUBLIC_KEY_LEN) {
  33631. printf("error: got %d, expected %d\n", pubLen, HSS_MAX_PUBLIC_KEY_LEN);
  33632. return WC_TEST_RET_ENC_EC(pubLen);
  33633. }
  33634. ret = wc_LmsKey_GetSigLen(&verifyKey, &sigSz);
  33635. if (ret != 0) { return WC_TEST_RET_ENC_EC(ret); }
  33636. if (sigSz != LMS_L1H10W8_SIGLEN) {
  33637. printf("error: got %d, expected %d\n", sigSz, LMS_L1H10W8_SIGLEN);
  33638. return WC_TEST_RET_ENC_EC(sigSz);
  33639. }
  33640. ret = wc_LmsKey_Verify(&verifyKey, lms_L1H10W8_sig, LMS_L1H10W8_SIGLEN,
  33641. (byte *) lms_msg, msgSz);
  33642. if (ret != 0) {
  33643. printf("error: wc_LmsKey_Verify returned %d\n", ret);
  33644. return WC_TEST_RET_ENC_EC(ret);
  33645. }
  33646. /* Flip bits in message. This should fail. */
  33647. lms_msg[msgSz / 2] ^= 1;
  33648. ret2 = wc_LmsKey_Verify(&verifyKey, lms_L1H10W8_sig, LMS_L1H10W8_SIGLEN,
  33649. (byte *) lms_msg, msgSz);
  33650. if (ret2 != -1) {
  33651. printf("error: wc_LmsKey_Verify returned %d, expected -1\n", ret2);
  33652. return WC_TEST_RET_ENC_EC(ret);
  33653. }
  33654. /* Flip it back. This should pass again. */
  33655. lms_msg[msgSz / 2] ^= 1;
  33656. ret = wc_LmsKey_Verify(&verifyKey, lms_L1H10W8_sig, LMS_L1H10W8_SIGLEN,
  33657. (byte *) lms_msg, msgSz);
  33658. if (ret != 0) {
  33659. printf("error: wc_LmsKey_Verify returned %d, expected 0\n", ret);
  33660. return WC_TEST_RET_ENC_EC(ret);
  33661. }
  33662. /* Flip bits in a few places throughout the signature, stepping in multiple
  33663. * of hash size. These should all fail with -1. */
  33664. for (j = 0; j < (int) sigSz; j+= 4 * 32) {
  33665. lms_L1H10W8_sig[j] ^= 1;
  33666. ret2 = wc_LmsKey_Verify(&verifyKey, lms_L1H10W8_sig,
  33667. LMS_L1H10W8_SIGLEN,
  33668. (byte *) lms_msg, msgSz);
  33669. if (ret2 != -1) {
  33670. /* Verify passed when it should have failed. */
  33671. return WC_TEST_RET_ENC_I(j);
  33672. }
  33673. /* Flip this spot back. */
  33674. lms_L1H10W8_sig[j] ^= 1;
  33675. }
  33676. wc_LmsKey_Free(&verifyKey);
  33677. return ret;
  33678. }
  33679. #endif /* if defined(WOLFSSL_HAVE_LMS) && defined(WOLFSSL_LMS_VERIFY_ONLY) &&
  33680. * !defined(WOLFSSL_SMALL_STACK) */
  33681. static const int fiducial3 = WC_TEST_RET_LN; /* source code reference point --
  33682. * see print_fiducials() below.
  33683. */
  33684. #ifdef WOLFCRYPT_HAVE_ECCSI
  33685. static wc_test_ret_t eccsi_api_test(WC_RNG* rng, EccsiKey* key, mp_int* ssk,
  33686. ecc_point* pvt)
  33687. {
  33688. wc_test_ret_t ret;
  33689. byte id[1] = { 0x00 };
  33690. int valid;
  33691. word32 sz;
  33692. byte data[256];
  33693. byte hash[WC_MAX_DIGEST_SIZE];
  33694. byte hashSz;
  33695. byte sig[257];
  33696. word32 sigSz;
  33697. ret = wc_InitEccsiKey_ex(NULL, 32, ECC_SECP256R1, HEAP_HINT, INVALID_DEVID);
  33698. if (ret != BAD_FUNC_ARG)
  33699. return WC_TEST_RET_ENC_EC(ret);
  33700. ret = wc_InitEccsiKey_ex(NULL, 32, ECC_SECP256R1, HEAP_HINT, INVALID_DEVID);
  33701. if (ret != BAD_FUNC_ARG)
  33702. return WC_TEST_RET_ENC_EC(ret);
  33703. ret = wc_InitEccsiKey(NULL, NULL, INVALID_DEVID);
  33704. if (ret != BAD_FUNC_ARG)
  33705. return WC_TEST_RET_ENC_EC(ret);
  33706. ret = wc_InitEccsiKey(NULL, HEAP_HINT, INVALID_DEVID);
  33707. if (ret != BAD_FUNC_ARG)
  33708. return WC_TEST_RET_ENC_EC(ret);
  33709. wc_FreeEccsiKey(NULL);
  33710. /* Create a valid key. */
  33711. ret = wc_InitEccsiKey(key, NULL, INVALID_DEVID);
  33712. if (ret != 0)
  33713. return WC_TEST_RET_ENC_EC(ret);
  33714. ret = wc_MakeEccsiKey(NULL, NULL);
  33715. if (ret != BAD_FUNC_ARG)
  33716. return WC_TEST_RET_ENC_EC(ret);
  33717. ret = wc_MakeEccsiKey(key, NULL);
  33718. if (ret != BAD_FUNC_ARG)
  33719. return WC_TEST_RET_ENC_EC(ret);
  33720. ret = wc_MakeEccsiKey(NULL, rng);
  33721. if (ret != BAD_FUNC_ARG)
  33722. return WC_TEST_RET_ENC_EC(ret);
  33723. ret = wc_MakeEccsiPair(NULL, NULL, WC_HASH_TYPE_SHA256, NULL, 1, NULL,
  33724. NULL);
  33725. if (ret != BAD_FUNC_ARG)
  33726. return WC_TEST_RET_ENC_EC(ret);
  33727. ret = wc_MakeEccsiPair(key, rng, WC_HASH_TYPE_SHA256, id, 1, ssk, NULL);
  33728. if (ret != BAD_FUNC_ARG)
  33729. return WC_TEST_RET_ENC_EC(ret);
  33730. ret = wc_MakeEccsiPair(key, rng, WC_HASH_TYPE_SHA256, id, 1, NULL, pvt);
  33731. if (ret != BAD_FUNC_ARG)
  33732. return WC_TEST_RET_ENC_EC(ret);
  33733. ret = wc_MakeEccsiPair(key, rng, WC_HASH_TYPE_SHA256, NULL, 1, ssk, pvt);
  33734. if (ret != BAD_FUNC_ARG)
  33735. return WC_TEST_RET_ENC_EC(ret);
  33736. ret = wc_MakeEccsiPair(key, NULL, WC_HASH_TYPE_SHA256, id, 1, ssk, pvt);
  33737. if (ret != BAD_FUNC_ARG)
  33738. return WC_TEST_RET_ENC_EC(ret);
  33739. ret = wc_MakeEccsiPair(NULL, rng, WC_HASH_TYPE_SHA256, id, 1, ssk, pvt);
  33740. if (ret != BAD_FUNC_ARG)
  33741. return WC_TEST_RET_ENC_EC(ret);
  33742. /* No key set */
  33743. ret = wc_MakeEccsiPair(key, rng, WC_HASH_TYPE_SHA256, id, 1, ssk, pvt);
  33744. if (ret != BAD_STATE_E)
  33745. return WC_TEST_RET_ENC_EC(ret);
  33746. ret = wc_ValidateEccsiPair(NULL, WC_HASH_TYPE_SHA256, NULL, 1, NULL, NULL,
  33747. NULL);
  33748. if (ret != BAD_FUNC_ARG)
  33749. return WC_TEST_RET_ENC_EC(ret);
  33750. ret = wc_ValidateEccsiPair(key, WC_HASH_TYPE_SHA256, id, 1, ssk, pvt,
  33751. NULL);
  33752. if (ret != BAD_FUNC_ARG)
  33753. return WC_TEST_RET_ENC_EC(ret);
  33754. ret = wc_ValidateEccsiPair(key, WC_HASH_TYPE_SHA256, id, 1, ssk, NULL,
  33755. &valid);
  33756. if (ret != BAD_FUNC_ARG)
  33757. return WC_TEST_RET_ENC_EC(ret);
  33758. ret = wc_ValidateEccsiPair(key, WC_HASH_TYPE_SHA256, id, 1, NULL, pvt,
  33759. &valid);
  33760. if (ret != BAD_FUNC_ARG)
  33761. return WC_TEST_RET_ENC_EC(ret);
  33762. ret = wc_ValidateEccsiPair(key, WC_HASH_TYPE_SHA256, NULL, 1, ssk, pvt,
  33763. &valid);
  33764. if (ret != BAD_FUNC_ARG)
  33765. return WC_TEST_RET_ENC_EC(ret);
  33766. ret = wc_ValidateEccsiPair(NULL, WC_HASH_TYPE_SHA256, id, 1, ssk, pvt,
  33767. &valid);
  33768. if (ret != BAD_FUNC_ARG)
  33769. return WC_TEST_RET_ENC_EC(ret);
  33770. /* No key set */
  33771. ret = wc_ValidateEccsiPair(key, WC_HASH_TYPE_SHA256, id, 1, ssk, pvt,
  33772. &valid);
  33773. if (ret != BAD_STATE_E)
  33774. return WC_TEST_RET_ENC_EC(ret);
  33775. ret = wc_ValidateEccsiPvt(NULL, NULL, NULL);
  33776. if (ret != BAD_FUNC_ARG)
  33777. return WC_TEST_RET_ENC_EC(ret);
  33778. ret = wc_ValidateEccsiPvt(key, NULL, NULL);
  33779. if (ret != BAD_FUNC_ARG)
  33780. return WC_TEST_RET_ENC_EC(ret);
  33781. ret = wc_ValidateEccsiPvt(NULL, pvt, NULL);
  33782. if (ret != BAD_FUNC_ARG)
  33783. return WC_TEST_RET_ENC_EC(ret);
  33784. ret = wc_ValidateEccsiPvt(NULL, NULL, &valid);
  33785. if (ret != BAD_FUNC_ARG)
  33786. return WC_TEST_RET_ENC_EC(ret);
  33787. ret = wc_ValidateEccsiPvt(key, pvt, NULL);
  33788. if (ret != BAD_FUNC_ARG)
  33789. return WC_TEST_RET_ENC_EC(ret);
  33790. ret = wc_ValidateEccsiPvt(key, NULL, &valid);
  33791. if (ret != BAD_FUNC_ARG)
  33792. return WC_TEST_RET_ENC_EC(ret);
  33793. ret = wc_ValidateEccsiPvt(NULL, pvt, &valid);
  33794. if (ret != BAD_FUNC_ARG)
  33795. return WC_TEST_RET_ENC_EC(ret);
  33796. ret = wc_EncodeEccsiPair(NULL, NULL, NULL, data, NULL);
  33797. if (ret != BAD_FUNC_ARG)
  33798. return WC_TEST_RET_ENC_EC(ret);
  33799. ret = wc_EncodeEccsiPair(key, ssk, pvt, data, NULL);
  33800. if (ret != BAD_FUNC_ARG)
  33801. return WC_TEST_RET_ENC_EC(ret);
  33802. ret = wc_EncodeEccsiPair(key, ssk, NULL, data, &sz);
  33803. if (ret != BAD_FUNC_ARG)
  33804. return WC_TEST_RET_ENC_EC(ret);
  33805. ret = wc_EncodeEccsiPair(key, NULL, pvt, data, &sz);
  33806. if (ret != BAD_FUNC_ARG)
  33807. return WC_TEST_RET_ENC_EC(ret);
  33808. ret = wc_EncodeEccsiPair(NULL, ssk, pvt, data, &sz);
  33809. if (ret != BAD_FUNC_ARG)
  33810. return WC_TEST_RET_ENC_EC(ret);
  33811. /* No key created so no curve information. */
  33812. ret = wc_EncodeEccsiPair(key, ssk, pvt, NULL, &sz);
  33813. if (ret != LENGTH_ONLY_E)
  33814. return WC_TEST_RET_ENC_EC(ret);
  33815. ret = wc_EncodeEccsiSsk(NULL, NULL, data, NULL);
  33816. if (ret != BAD_FUNC_ARG)
  33817. return WC_TEST_RET_ENC_EC(ret);
  33818. ret = wc_EncodeEccsiSsk(key, ssk, data, NULL);
  33819. if (ret != BAD_FUNC_ARG)
  33820. return WC_TEST_RET_ENC_EC(ret);
  33821. ret = wc_EncodeEccsiSsk(key, NULL, data, &sz);
  33822. if (ret != BAD_FUNC_ARG)
  33823. return WC_TEST_RET_ENC_EC(ret);
  33824. ret = wc_EncodeEccsiSsk(NULL, ssk, data, &sz);
  33825. if (ret != BAD_FUNC_ARG)
  33826. return WC_TEST_RET_ENC_EC(ret);
  33827. ret = wc_EncodeEccsiPvt(NULL, NULL, data, NULL, 1);
  33828. if (ret != BAD_FUNC_ARG)
  33829. return WC_TEST_RET_ENC_EC(ret);
  33830. ret = wc_EncodeEccsiPvt(key, pvt, data, NULL, 1);
  33831. if (ret != BAD_FUNC_ARG)
  33832. return WC_TEST_RET_ENC_EC(ret);
  33833. ret = wc_EncodeEccsiPvt(key, NULL, data, &sz, 1);
  33834. if (ret != BAD_FUNC_ARG)
  33835. return WC_TEST_RET_ENC_EC(ret);
  33836. ret = wc_EncodeEccsiPvt(NULL, pvt, data, &sz, 1);
  33837. if (ret != BAD_FUNC_ARG)
  33838. return WC_TEST_RET_ENC_EC(ret);
  33839. ret = wc_DecodeEccsiPair(NULL, NULL, 0, NULL, NULL);
  33840. if (ret != BAD_FUNC_ARG)
  33841. return WC_TEST_RET_ENC_EC(ret);
  33842. ret = wc_DecodeEccsiPair(key, data, 0, ssk, NULL);
  33843. if (ret != BAD_FUNC_ARG)
  33844. return WC_TEST_RET_ENC_EC(ret);
  33845. ret = wc_DecodeEccsiPair(key, data, 0, NULL, pvt);
  33846. if (ret != BAD_FUNC_ARG)
  33847. return WC_TEST_RET_ENC_EC(ret);
  33848. ret = wc_DecodeEccsiPair(key, NULL, 0, ssk, pvt);
  33849. if (ret != BAD_FUNC_ARG)
  33850. return WC_TEST_RET_ENC_EC(ret);
  33851. ret = wc_DecodeEccsiPair(NULL, data, 0, ssk, pvt);
  33852. if (ret != BAD_FUNC_ARG)
  33853. return WC_TEST_RET_ENC_EC(ret);
  33854. ret = wc_DecodeEccsiSsk(NULL, NULL, 0, NULL);
  33855. if (ret != BAD_FUNC_ARG)
  33856. return WC_TEST_RET_ENC_EC(ret);
  33857. ret = wc_DecodeEccsiSsk(key, data, 0, NULL);
  33858. if (ret != BAD_FUNC_ARG)
  33859. return WC_TEST_RET_ENC_EC(ret);
  33860. ret = wc_DecodeEccsiSsk(key, NULL, 0, ssk);
  33861. if (ret != BAD_FUNC_ARG)
  33862. return WC_TEST_RET_ENC_EC(ret);
  33863. ret = wc_DecodeEccsiSsk(NULL, data, 0, ssk);
  33864. if (ret != BAD_FUNC_ARG)
  33865. return WC_TEST_RET_ENC_EC(ret);
  33866. ret = wc_DecodeEccsiPvt(NULL, NULL, 0, NULL);
  33867. if (ret != BAD_FUNC_ARG)
  33868. return WC_TEST_RET_ENC_EC(ret);
  33869. ret = wc_DecodeEccsiPvt(key, data, 0, NULL);
  33870. if (ret != BAD_FUNC_ARG)
  33871. return WC_TEST_RET_ENC_EC(ret);
  33872. ret = wc_DecodeEccsiPvt(key, NULL, 0, pvt);
  33873. if (ret != BAD_FUNC_ARG)
  33874. return WC_TEST_RET_ENC_EC(ret);
  33875. ret = wc_DecodeEccsiPvt(NULL, data, 0, pvt);
  33876. if (ret != BAD_FUNC_ARG)
  33877. return WC_TEST_RET_ENC_EC(ret);
  33878. ret = wc_DecodeEccsiPvtFromSig(NULL, NULL, 0, NULL);
  33879. if (ret != BAD_FUNC_ARG)
  33880. return WC_TEST_RET_ENC_EC(ret);
  33881. ret = wc_DecodeEccsiPvtFromSig(key, data, 0, NULL);
  33882. if (ret != BAD_FUNC_ARG)
  33883. return WC_TEST_RET_ENC_EC(ret);
  33884. ret = wc_DecodeEccsiPvtFromSig(key, NULL, 0, pvt);
  33885. if (ret != BAD_FUNC_ARG)
  33886. return WC_TEST_RET_ENC_EC(ret);
  33887. ret = wc_DecodeEccsiPvtFromSig(NULL, data, 0, pvt);
  33888. if (ret != BAD_FUNC_ARG)
  33889. return WC_TEST_RET_ENC_EC(ret);
  33890. ret = wc_ExportEccsiKey(NULL, data, NULL);
  33891. if (ret != BAD_FUNC_ARG)
  33892. return WC_TEST_RET_ENC_EC(ret);
  33893. ret = wc_ExportEccsiKey(key, data, NULL);
  33894. if (ret != BAD_FUNC_ARG)
  33895. return WC_TEST_RET_ENC_EC(ret);
  33896. ret = wc_ExportEccsiKey(NULL, data, &sz);
  33897. if (ret != BAD_FUNC_ARG)
  33898. return WC_TEST_RET_ENC_EC(ret);
  33899. /* No key to export */
  33900. ret = wc_ExportEccsiKey(key, NULL, &sz);
  33901. if (ret != BAD_STATE_E)
  33902. return WC_TEST_RET_ENC_EC(ret);
  33903. ret = wc_ImportEccsiKey(NULL, NULL, 0);
  33904. if (ret != BAD_FUNC_ARG)
  33905. return WC_TEST_RET_ENC_EC(ret);
  33906. ret = wc_ImportEccsiKey(key, NULL, 0);
  33907. if (ret != BAD_FUNC_ARG)
  33908. return WC_TEST_RET_ENC_EC(ret);
  33909. ret = wc_ImportEccsiKey(NULL, data, 0);
  33910. if (ret != BAD_FUNC_ARG)
  33911. return WC_TEST_RET_ENC_EC(ret);
  33912. ret = wc_ExportEccsiPrivateKey(NULL, data, NULL);
  33913. if (ret != BAD_FUNC_ARG)
  33914. return WC_TEST_RET_ENC_EC(ret);
  33915. ret = wc_ExportEccsiPrivateKey(key, data, NULL);
  33916. if (ret != BAD_FUNC_ARG)
  33917. return WC_TEST_RET_ENC_EC(ret);
  33918. ret = wc_ExportEccsiPrivateKey(NULL, data, &sz);
  33919. if (ret != BAD_FUNC_ARG)
  33920. return WC_TEST_RET_ENC_EC(ret);
  33921. /* No key to export */
  33922. ret = wc_ExportEccsiPrivateKey(key, NULL, &sz);
  33923. if (ret != BAD_STATE_E)
  33924. return WC_TEST_RET_ENC_EC(ret);
  33925. ret = wc_ImportEccsiPrivateKey(NULL, NULL, 0);
  33926. if (ret != BAD_FUNC_ARG)
  33927. return WC_TEST_RET_ENC_EC(ret);
  33928. ret = wc_ImportEccsiPrivateKey(key, NULL, 0);
  33929. if (ret != BAD_FUNC_ARG)
  33930. return WC_TEST_RET_ENC_EC(ret);
  33931. ret = wc_ImportEccsiPrivateKey(NULL, data, 0);
  33932. if (ret != BAD_FUNC_ARG)
  33933. return WC_TEST_RET_ENC_EC(ret);
  33934. ret = wc_ExportEccsiPublicKey(NULL, data, NULL, 1);
  33935. if (ret != BAD_FUNC_ARG)
  33936. return WC_TEST_RET_ENC_EC(ret);
  33937. ret = wc_ExportEccsiPublicKey(key, data, NULL, 1);
  33938. if (ret != BAD_FUNC_ARG)
  33939. return WC_TEST_RET_ENC_EC(ret);
  33940. ret = wc_ExportEccsiPublicKey(NULL, data, &sz, 1);
  33941. if (ret != BAD_FUNC_ARG)
  33942. return WC_TEST_RET_ENC_EC(ret);
  33943. /* No key to export */
  33944. ret = wc_ExportEccsiPublicKey(key, data, &sz, 1);
  33945. if (ret != BAD_STATE_E)
  33946. return WC_TEST_RET_ENC_EC(ret);
  33947. ret = wc_ImportEccsiPublicKey(NULL, NULL, 0, 1);
  33948. if (ret != BAD_FUNC_ARG)
  33949. return WC_TEST_RET_ENC_EC(ret);
  33950. ret = wc_ImportEccsiPublicKey(key, NULL, 0, 1);
  33951. if (ret != BAD_FUNC_ARG)
  33952. return WC_TEST_RET_ENC_EC(ret);
  33953. ret = wc_ImportEccsiPublicKey(NULL, data, 0, 1);
  33954. if (ret != BAD_FUNC_ARG)
  33955. return WC_TEST_RET_ENC_EC(ret);
  33956. ret = wc_HashEccsiId(NULL, WC_HASH_TYPE_SHA256, NULL, 1, NULL, NULL, NULL);
  33957. if (ret != BAD_FUNC_ARG)
  33958. return WC_TEST_RET_ENC_EC(ret);
  33959. ret = wc_HashEccsiId(key, WC_HASH_TYPE_SHA256, id, 1, pvt, hash, NULL);
  33960. if (ret != BAD_FUNC_ARG)
  33961. return WC_TEST_RET_ENC_EC(ret);
  33962. ret = wc_HashEccsiId(key, WC_HASH_TYPE_SHA256, id, 1, pvt, NULL, &hashSz);
  33963. if (ret != BAD_FUNC_ARG)
  33964. return WC_TEST_RET_ENC_EC(ret);
  33965. ret = wc_HashEccsiId(key, WC_HASH_TYPE_SHA256, id, 1, NULL, hash, &hashSz);
  33966. if (ret != BAD_FUNC_ARG)
  33967. return WC_TEST_RET_ENC_EC(ret);
  33968. ret = wc_HashEccsiId(key, WC_HASH_TYPE_SHA256, NULL, 1, pvt, hash,
  33969. &hashSz);
  33970. if (ret != BAD_FUNC_ARG)
  33971. return WC_TEST_RET_ENC_EC(ret);
  33972. ret = wc_HashEccsiId(NULL, WC_HASH_TYPE_SHA256, id, 1, pvt, hash, &hashSz);
  33973. if (ret != BAD_FUNC_ARG)
  33974. return WC_TEST_RET_ENC_EC(ret);
  33975. ret = wc_HashEccsiId(key, WC_HASH_TYPE_SHA256, id, 1, pvt, hash, &hashSz);
  33976. if (ret != BAD_STATE_E)
  33977. return WC_TEST_RET_ENC_EC(ret);
  33978. ret = wc_SetEccsiHash(NULL, NULL, 1);
  33979. if (ret != BAD_FUNC_ARG)
  33980. return WC_TEST_RET_ENC_EC(ret);
  33981. ret = wc_SetEccsiHash(key, NULL, 1);
  33982. if (ret != BAD_FUNC_ARG)
  33983. return WC_TEST_RET_ENC_EC(ret);
  33984. ret = wc_SetEccsiHash(NULL, hash, 1);
  33985. if (ret != BAD_FUNC_ARG)
  33986. return WC_TEST_RET_ENC_EC(ret);
  33987. ret = wc_SetEccsiPair(NULL, NULL, NULL);
  33988. if (ret != BAD_FUNC_ARG)
  33989. return WC_TEST_RET_ENC_EC(ret);
  33990. ret = wc_SetEccsiPair(key, NULL, NULL);
  33991. if (ret != BAD_FUNC_ARG)
  33992. return WC_TEST_RET_ENC_EC(ret);
  33993. ret = wc_SetEccsiPair(NULL, ssk, NULL);
  33994. if (ret != BAD_FUNC_ARG)
  33995. return WC_TEST_RET_ENC_EC(ret);
  33996. ret = wc_SetEccsiPair(NULL, NULL, pvt);
  33997. if (ret != BAD_FUNC_ARG)
  33998. return WC_TEST_RET_ENC_EC(ret);
  33999. ret = wc_SetEccsiPair(key, ssk, NULL);
  34000. if (ret != BAD_FUNC_ARG)
  34001. return WC_TEST_RET_ENC_EC(ret);
  34002. ret = wc_SetEccsiPair(key, NULL, pvt);
  34003. if (ret != BAD_FUNC_ARG)
  34004. return WC_TEST_RET_ENC_EC(ret);
  34005. ret = wc_SetEccsiPair(NULL, ssk, pvt);
  34006. if (ret != BAD_FUNC_ARG)
  34007. return WC_TEST_RET_ENC_EC(ret);
  34008. ret = wc_SignEccsiHash(NULL, NULL, WC_HASH_TYPE_SHA256, NULL, 0, sig, NULL);
  34009. if (ret != BAD_FUNC_ARG)
  34010. return WC_TEST_RET_ENC_EC(ret);
  34011. ret = wc_SignEccsiHash(key, rng, WC_HASH_TYPE_SHA256, data, 0, sig, NULL);
  34012. if (ret != BAD_FUNC_ARG)
  34013. return WC_TEST_RET_ENC_EC(ret);
  34014. ret = wc_SignEccsiHash(key, rng, WC_HASH_TYPE_SHA256, NULL, 0, sig,
  34015. &sigSz);
  34016. if (ret != BAD_FUNC_ARG)
  34017. return WC_TEST_RET_ENC_EC(ret);
  34018. ret = wc_SignEccsiHash(key, NULL, WC_HASH_TYPE_SHA256, data, 0, sig,
  34019. &sigSz);
  34020. if (ret != BAD_FUNC_ARG)
  34021. return WC_TEST_RET_ENC_EC(ret);
  34022. ret = wc_SignEccsiHash(NULL, rng, WC_HASH_TYPE_SHA256, data, 0, sig,
  34023. &sigSz);
  34024. if (ret != BAD_FUNC_ARG)
  34025. return WC_TEST_RET_ENC_EC(ret);
  34026. /* Key not set. */
  34027. ret = wc_SignEccsiHash(key, rng, WC_HASH_TYPE_SHA256, data, 0, NULL,
  34028. &sigSz);
  34029. if (ret != BAD_STATE_E)
  34030. return WC_TEST_RET_ENC_EC(ret);
  34031. ret = wc_VerifyEccsiHash(NULL, WC_HASH_TYPE_SHA256, NULL, 0, NULL, 0, NULL);
  34032. if (ret != BAD_FUNC_ARG)
  34033. return WC_TEST_RET_ENC_EC(ret);
  34034. ret = wc_VerifyEccsiHash(key, WC_HASH_TYPE_SHA256, NULL, 0, NULL, 0, NULL);
  34035. if (ret != BAD_FUNC_ARG)
  34036. return WC_TEST_RET_ENC_EC(ret);
  34037. ret = wc_VerifyEccsiHash(NULL, WC_HASH_TYPE_SHA256, data, 0, NULL, 0, NULL);
  34038. if (ret != BAD_FUNC_ARG)
  34039. return WC_TEST_RET_ENC_EC(ret);
  34040. ret = wc_VerifyEccsiHash(NULL, WC_HASH_TYPE_SHA256, NULL, 0, sig, 0, NULL);
  34041. if (ret != BAD_FUNC_ARG)
  34042. return WC_TEST_RET_ENC_EC(ret);
  34043. ret = wc_VerifyEccsiHash(NULL, WC_HASH_TYPE_SHA256, NULL, 0, NULL, 0,
  34044. &valid);
  34045. if (ret != BAD_FUNC_ARG)
  34046. return WC_TEST_RET_ENC_EC(ret);
  34047. ret = wc_VerifyEccsiHash(key, WC_HASH_TYPE_SHA256, data, 0, sig, 0, NULL);
  34048. if (ret != BAD_FUNC_ARG)
  34049. return WC_TEST_RET_ENC_EC(ret);
  34050. ret = wc_VerifyEccsiHash(key, WC_HASH_TYPE_SHA256, data, 0, NULL, 0,
  34051. &valid);
  34052. if (ret != BAD_FUNC_ARG)
  34053. return WC_TEST_RET_ENC_EC(ret);
  34054. ret = wc_VerifyEccsiHash(key, WC_HASH_TYPE_SHA256, NULL, 0, sig, 0,
  34055. &valid);
  34056. if (ret != BAD_FUNC_ARG)
  34057. return WC_TEST_RET_ENC_EC(ret);
  34058. ret = wc_VerifyEccsiHash(NULL, WC_HASH_TYPE_SHA256, data, 0, sig, 0,
  34059. &valid);
  34060. if (ret != BAD_FUNC_ARG)
  34061. return WC_TEST_RET_ENC_EC(ret);
  34062. ret = wc_VerifyEccsiHash(key, WC_HASH_TYPE_SHA256, data, 0, sig, 0,
  34063. &valid);
  34064. if (ret != BAD_STATE_E)
  34065. return WC_TEST_RET_ENC_EC(ret);
  34066. ret = wc_SetEccsiPair(key, ssk, pvt);
  34067. if (ret != 0)
  34068. return WC_TEST_RET_ENC_EC(ret);
  34069. /* Identity hash not set. */
  34070. ret = wc_SignEccsiHash(key, rng, WC_HASH_TYPE_SHA256, data, 0, NULL,
  34071. &sigSz);
  34072. if (ret != BAD_STATE_E)
  34073. return WC_TEST_RET_ENC_EC(ret);
  34074. wc_FreeEccsiKey(key);
  34075. return 0;
  34076. }
  34077. /* RFC 6507: Appendix A */
  34078. static wc_test_ret_t eccsi_kat_verify_test(EccsiKey* key, ecc_point* pvt)
  34079. {
  34080. wc_test_ret_t ret;
  34081. int verified;
  34082. const byte msg[] = { 0x6D, 0x65, 0x73, 0x73, 0x61, 0x67, 0x65, 0x00 };
  34083. word32 msgSz = sizeof(msg);
  34084. byte hash[WC_SHA256_DIGEST_SIZE];
  34085. byte hashSz = WC_SHA256_DIGEST_SIZE;
  34086. static const byte id[] = {
  34087. 0x32, 0x30, 0x31, 0x31, 0x2D, 0x30, 0x32, 0x00,
  34088. 0x74, 0x65, 0x6C, 0x3A, 0x2B, 0x34, 0x34, 0x37,
  34089. 0x37, 0x30, 0x30, 0x39, 0x30, 0x30, 0x31, 0x32,
  34090. 0x33, 0x00
  34091. };
  34092. word32 idSz = sizeof(id);
  34093. static const byte sig[] = {
  34094. 0x26, 0x9D, 0x4C, 0x8F, 0xDE, 0xB6, 0x6A, 0x74,
  34095. 0xE4, 0xEF, 0x8C, 0x0D, 0x5D, 0xCC, 0x59, 0x7D,
  34096. 0xDF, 0xE6, 0x02, 0x9C, 0x2A, 0xFF, 0xC4, 0x93,
  34097. 0x60, 0x08, 0xCD, 0x2C, 0xC1, 0x04, 0x5D, 0x81,
  34098. 0xE0, 0x9B, 0x52, 0x8D, 0x0E, 0xF8, 0xD6, 0xDF,
  34099. 0x1A, 0xA3, 0xEC, 0xBF, 0x80, 0x11, 0x0C, 0xFC,
  34100. 0xEC, 0x9F, 0xC6, 0x82, 0x52, 0xCE, 0xBB, 0x67,
  34101. 0x9F, 0x41, 0x34, 0x84, 0x69, 0x40, 0xCC, 0xFD,
  34102. 0x04,
  34103. 0x75, 0x8A, 0x14, 0x27, 0x79, 0xBE, 0x89, 0xE8,
  34104. 0x29, 0xE7, 0x19, 0x84, 0xCB, 0x40, 0xEF, 0x75,
  34105. 0x8C, 0xC4, 0xAD, 0x77, 0x5F, 0xC5, 0xB9, 0xA3,
  34106. 0xE1, 0xC8, 0xED, 0x52, 0xF6, 0xFA, 0x36, 0xD9,
  34107. 0xA7, 0x9D, 0x24, 0x76, 0x92, 0xF4, 0xED, 0xA3,
  34108. 0xA6, 0xBD, 0xAB, 0x77, 0xD6, 0xAA, 0x64, 0x74,
  34109. 0xA4, 0x64, 0xAE, 0x49, 0x34, 0x66, 0x3C, 0x52,
  34110. 0x65, 0xBA, 0x70, 0x18, 0xBA, 0x09, 0x1F, 0x79
  34111. };
  34112. word32 sigSz = sizeof(sig);
  34113. static const byte pubData[] = {
  34114. 0x50, 0xD4, 0x67, 0x0B, 0xDE, 0x75, 0x24, 0x4F,
  34115. 0x28, 0xD2, 0x83, 0x8A, 0x0D, 0x25, 0x55, 0x8A,
  34116. 0x7A, 0x72, 0x68, 0x6D, 0x45, 0x22, 0xD4, 0xC8,
  34117. 0x27, 0x3F, 0xB6, 0x44, 0x2A, 0xEB, 0xFA, 0x93,
  34118. 0xDB, 0xDD, 0x37, 0x55, 0x1A, 0xFD, 0x26, 0x3B,
  34119. 0x5D, 0xFD, 0x61, 0x7F, 0x39, 0x60, 0xC6, 0x5A,
  34120. 0x8C, 0x29, 0x88, 0x50, 0xFF, 0x99, 0xF2, 0x03,
  34121. 0x66, 0xDC, 0xE7, 0xD4, 0x36, 0x72, 0x17, 0xF4
  34122. };
  34123. static const byte expHash[] = {
  34124. 0x49, 0x0f, 0x3f, 0xeb, 0xbc, 0x1c, 0x90, 0x2f,
  34125. 0x62, 0x89, 0x72, 0x3d, 0x7f, 0x8c, 0xbf, 0x79,
  34126. 0xdb, 0x88, 0x93, 0x08, 0x49, 0xd1, 0x9f, 0x38,
  34127. 0xf0, 0x29, 0x5b, 0x5c, 0x27, 0x6c, 0x14, 0xd1
  34128. };
  34129. ret = wc_ImportEccsiPublicKey(key, pubData, sizeof(pubData), 0);
  34130. if (ret != 0)
  34131. return WC_TEST_RET_ENC_EC(ret);
  34132. ret = wc_DecodeEccsiPvtFromSig(key, sig, sigSz, pvt);
  34133. if (ret != 0)
  34134. return WC_TEST_RET_ENC_EC(ret);
  34135. ret = wc_HashEccsiId(key, WC_HASH_TYPE_SHA256, id, idSz, pvt, hash,
  34136. &hashSz);
  34137. if (ret != 0)
  34138. return WC_TEST_RET_ENC_EC(ret);
  34139. if (hashSz != sizeof(expHash))
  34140. return WC_TEST_RET_ENC_NC;
  34141. if (XMEMCMP(hash, expHash, hashSz) != 0)
  34142. return WC_TEST_RET_ENC_NC;
  34143. ret = wc_SetEccsiHash(key, hash, hashSz);
  34144. if (ret != 0)
  34145. return WC_TEST_RET_ENC_EC(ret);
  34146. ret = wc_VerifyEccsiHash(key, WC_HASH_TYPE_SHA256, msg, msgSz, sig, sigSz,
  34147. &verified);
  34148. if (ret != 0)
  34149. return WC_TEST_RET_ENC_EC(ret);
  34150. if (!verified)
  34151. return WC_TEST_RET_ENC_NC;
  34152. return 0;
  34153. }
  34154. static wc_test_ret_t eccsi_enc_dec_pair_test(EccsiKey* priv, mp_int* ssk, ecc_point* pvt)
  34155. {
  34156. wc_test_ret_t ret;
  34157. byte data[32 * 3];
  34158. word32 sz;
  34159. ecc_point* decPvt = NULL;
  34160. #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
  34161. mp_int *decSsk = (mp_int *)XMALLOC(sizeof(*decSsk), HEAP_HINT,
  34162. DYNAMIC_TYPE_TMP_BUFFER);
  34163. if (decSsk == NULL)
  34164. return WC_TEST_RET_ENC_ERRNO;
  34165. #else
  34166. mp_int decSsk[1];
  34167. #endif
  34168. ret = mp_init(decSsk);
  34169. if (ret != 0)
  34170. ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
  34171. decPvt = wc_ecc_new_point();
  34172. if (decPvt == NULL)
  34173. ERROR_OUT(WC_TEST_RET_ENC_ERRNO, out);
  34174. ret = wc_EncodeEccsiPair(priv, ssk, pvt, NULL, &sz);
  34175. if (ret != LENGTH_ONLY_E)
  34176. ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
  34177. if (sz != 32 * 3)
  34178. ERROR_OUT(WC_TEST_RET_ENC_NC, out);
  34179. ret = wc_EncodeEccsiPair(priv, ssk, pvt, data, &sz);
  34180. if (ret != 0)
  34181. ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
  34182. if (sz != 32* 3)
  34183. ERROR_OUT(WC_TEST_RET_ENC_NC, out);
  34184. ret = wc_DecodeEccsiPair(priv, data, sz, decSsk, decPvt);
  34185. if (ret != 0)
  34186. ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
  34187. ret = mp_cmp(ssk, decSsk);
  34188. if (ret != MP_EQ)
  34189. ERROR_OUT(WC_TEST_RET_ENC_NC, out);
  34190. ret = wc_ecc_cmp_point(pvt, decPvt);
  34191. if (ret != MP_EQ)
  34192. ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
  34193. ret = wc_EncodeEccsiSsk(priv, ssk, NULL, &sz);
  34194. if (ret != LENGTH_ONLY_E)
  34195. ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
  34196. if (sz != 32)
  34197. ERROR_OUT(WC_TEST_RET_ENC_NC, out);
  34198. ret = wc_EncodeEccsiSsk(priv, ssk, data, &sz);
  34199. if (ret != 0)
  34200. ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
  34201. if (sz != 32)
  34202. ERROR_OUT(WC_TEST_RET_ENC_NC, out);
  34203. ret = wc_DecodeEccsiSsk(priv, data, sz, decSsk);
  34204. if (ret != 0)
  34205. ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
  34206. ret = mp_cmp(ssk, decSsk);
  34207. if (ret != MP_EQ)
  34208. ERROR_OUT(WC_TEST_RET_ENC_NC, out);
  34209. ret = wc_EncodeEccsiPvt(priv, pvt, NULL, &sz, 1);
  34210. if (ret != LENGTH_ONLY_E)
  34211. ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
  34212. if (sz != 32 * 2)
  34213. ERROR_OUT(WC_TEST_RET_ENC_NC, out);
  34214. ret = wc_EncodeEccsiPvt(priv, pvt, data, &sz, 1);
  34215. if (ret != 0)
  34216. ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
  34217. if (sz != 32 * 2)
  34218. ERROR_OUT(WC_TEST_RET_ENC_NC, out);
  34219. ret = wc_DecodeEccsiPvt(priv, data, sz, decPvt);
  34220. if (ret != 0)
  34221. ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
  34222. ret = wc_ecc_cmp_point(pvt, decPvt);
  34223. if (ret != MP_EQ)
  34224. ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
  34225. sz = sizeof(data);
  34226. ret = wc_EncodeEccsiPvt(priv, pvt, data, &sz, 0);
  34227. if (ret != 0)
  34228. ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
  34229. if (sz != 32 * 2 + 1)
  34230. ERROR_OUT(WC_TEST_RET_ENC_NC, out);
  34231. ret = wc_DecodeEccsiPvt(priv, data, sz, decPvt);
  34232. if (ret != 0)
  34233. ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
  34234. ret = wc_ecc_cmp_point(pvt, decPvt);
  34235. if (ret != MP_EQ)
  34236. ERROR_OUT(WC_TEST_RET_ENC_NC, out);
  34237. wc_ecc_del_point(decPvt);
  34238. out:
  34239. mp_free(decSsk);
  34240. #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
  34241. XFREE(decSsk, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  34242. #endif
  34243. return ret;
  34244. }
  34245. static wc_test_ret_t eccsi_imp_exp_key_test(EccsiKey* priv)
  34246. {
  34247. wc_test_ret_t ret;
  34248. byte data[32 * 3];
  34249. byte out[32 * 3];
  34250. word32 sz;
  34251. ret = wc_ExportEccsiKey(priv, NULL, &sz);
  34252. if (ret != LENGTH_ONLY_E)
  34253. return WC_TEST_RET_ENC_EC(ret);
  34254. if (sz != 32 * 3)
  34255. return WC_TEST_RET_ENC_NC;
  34256. ret = wc_ExportEccsiKey(priv, data, &sz);
  34257. if (ret != 0)
  34258. return WC_TEST_RET_ENC_EC(ret);
  34259. ret = wc_ImportEccsiKey(priv, data, sz);
  34260. if (ret != 0)
  34261. return WC_TEST_RET_ENC_EC(ret);
  34262. ret = wc_ExportEccsiKey(priv, NULL, &sz);
  34263. if (ret != LENGTH_ONLY_E)
  34264. return WC_TEST_RET_ENC_EC(ret);
  34265. if (sz != 32 * 3)
  34266. return WC_TEST_RET_ENC_NC;
  34267. ret = wc_ExportEccsiKey(priv, out, &sz);
  34268. if (ret != 0)
  34269. return WC_TEST_RET_ENC_EC(ret);
  34270. if (sz != 32 * 3)
  34271. return WC_TEST_RET_ENC_NC;
  34272. if (XMEMCMP(data, out, sz) != 0)
  34273. return WC_TEST_RET_ENC_NC;
  34274. ret = wc_ExportEccsiPrivateKey(priv, NULL, &sz);
  34275. if (ret != LENGTH_ONLY_E)
  34276. return WC_TEST_RET_ENC_EC(ret);
  34277. if (sz != 32)
  34278. return WC_TEST_RET_ENC_NC;
  34279. ret = wc_ExportEccsiPrivateKey(priv, data, &sz);
  34280. if (ret != 0)
  34281. return WC_TEST_RET_ENC_EC(ret);
  34282. ret = wc_ImportEccsiPrivateKey(priv, data, sz);
  34283. if (ret != 0)
  34284. return WC_TEST_RET_ENC_EC(ret);
  34285. ret = wc_ExportEccsiPrivateKey(priv, NULL, &sz);
  34286. if (ret != LENGTH_ONLY_E)
  34287. return WC_TEST_RET_ENC_EC(ret);
  34288. if (sz != 32)
  34289. return WC_TEST_RET_ENC_NC;
  34290. ret = wc_ExportEccsiPrivateKey(priv, out, &sz);
  34291. if (ret != 0)
  34292. return WC_TEST_RET_ENC_EC(ret);
  34293. if (sz != 32)
  34294. return WC_TEST_RET_ENC_NC;
  34295. if (XMEMCMP(data, out, sz) != 0)
  34296. return WC_TEST_RET_ENC_NC;
  34297. return 0;
  34298. }
  34299. static wc_test_ret_t eccsi_imp_exp_pubkey_test(EccsiKey* key1, EccsiKey* key2)
  34300. {
  34301. wc_test_ret_t ret;
  34302. byte data[32 * 2 + 1];
  34303. byte pubData[32 * 2 + 1];
  34304. word32 sz;
  34305. ret = wc_ExportEccsiPublicKey(key1, NULL, &sz, 1);
  34306. if (ret != LENGTH_ONLY_E)
  34307. return WC_TEST_RET_ENC_EC(ret);
  34308. if (sz != 32 * 2)
  34309. return WC_TEST_RET_ENC_NC;
  34310. ret = wc_ExportEccsiPublicKey(key1, data, &sz, 1);
  34311. if (ret != 0)
  34312. return WC_TEST_RET_ENC_EC(ret);
  34313. ret = wc_ImportEccsiPublicKey(key2, data, sz, 1);
  34314. if (ret != 0)
  34315. return WC_TEST_RET_ENC_EC(ret);
  34316. sz = sizeof(pubData);
  34317. ret = wc_ExportEccsiPublicKey(key2, pubData, &sz, 1);
  34318. if (ret != 0)
  34319. return WC_TEST_RET_ENC_EC(ret);
  34320. if (sz != 32 * 2)
  34321. return WC_TEST_RET_ENC_NC;
  34322. if (XMEMCMP(data, pubData, sz) != 0)
  34323. return WC_TEST_RET_ENC_NC;
  34324. sz = sizeof(pubData);
  34325. ret = wc_ExportEccsiPublicKey(key2, pubData, &sz, 0);
  34326. if (ret != 0)
  34327. return WC_TEST_RET_ENC_EC(ret);
  34328. if (sz != 32 * 2 + 1)
  34329. return WC_TEST_RET_ENC_NC;
  34330. if (pubData[0] != 0x04)
  34331. return WC_TEST_RET_ENC_NC;
  34332. if (XMEMCMP(pubData + 1, data, sz - 1) != 0)
  34333. return WC_TEST_RET_ENC_NC;
  34334. ret = wc_ImportEccsiPublicKey(key2, pubData, sz, 0);
  34335. if (ret != 0)
  34336. return WC_TEST_RET_ENC_EC(ret);
  34337. return 0;
  34338. }
  34339. static wc_test_ret_t eccsi_make_key_test(EccsiKey* priv, EccsiKey* pub, WC_RNG* rng,
  34340. mp_int* ssk, ecc_point* pvt)
  34341. {
  34342. wc_test_ret_t ret;
  34343. char mail[] = "test@wolfssl.com";
  34344. byte* id = (byte*)mail;
  34345. word32 idSz = (word32) XSTRLEN(mail);
  34346. int valid;
  34347. ret = wc_MakeEccsiKey(priv, rng);
  34348. if (ret != 0)
  34349. return WC_TEST_RET_ENC_EC(ret);
  34350. ret = eccsi_imp_exp_key_test(priv);
  34351. if (ret < 0)
  34352. return ret;
  34353. ret = eccsi_imp_exp_pubkey_test(priv, pub);
  34354. if (ret < 0)
  34355. return ret;
  34356. ret = wc_MakeEccsiPair(priv, rng, WC_HASH_TYPE_SHA256, id, idSz, ssk, pvt);
  34357. if (ret != 0)
  34358. return WC_TEST_RET_ENC_EC(ret);
  34359. ret = wc_ValidateEccsiPair(pub, WC_HASH_TYPE_SHA256, id, idSz, ssk, pvt,
  34360. &valid);
  34361. if (ret != 0)
  34362. return WC_TEST_RET_ENC_EC(ret);
  34363. if (!valid)
  34364. return WC_TEST_RET_ENC_NC;
  34365. ret = eccsi_enc_dec_pair_test(priv, ssk, pvt);
  34366. if (ret != 0)
  34367. return ret;
  34368. return 0;
  34369. }
  34370. static wc_test_ret_t eccsi_sign_verify_test(EccsiKey* priv, EccsiKey* pub, WC_RNG* rng,
  34371. mp_int* ssk, ecc_point* pvt)
  34372. {
  34373. wc_test_ret_t ret;
  34374. byte hashPriv[WC_MAX_DIGEST_SIZE];
  34375. byte hashPub[WC_MAX_DIGEST_SIZE];
  34376. byte hashSz;
  34377. byte sig[144];
  34378. word32 sigSz;
  34379. int verified, valid;
  34380. char mail[] = "test@wolfssl.com";
  34381. byte* id = (byte*)mail;
  34382. word32 idSz = (word32) XSTRLEN(mail);
  34383. byte msg[] = { 0x00 };
  34384. word32 msgSz = sizeof(msg);
  34385. #ifdef WOLFSSL_SHA384
  34386. ret = wc_HashEccsiId(priv, WC_HASH_TYPE_SHA384, id, idSz, pvt, hashPriv,
  34387. &hashSz);
  34388. if (ret != BAD_FUNC_ARG)
  34389. return WC_TEST_RET_ENC_EC(ret);
  34390. #endif
  34391. ret = wc_HashEccsiId(priv, WC_HASH_TYPE_SHA256, id, idSz, pvt, hashPriv,
  34392. &hashSz);
  34393. if (ret != 0)
  34394. return WC_TEST_RET_ENC_EC(ret);
  34395. if (hashSz != 32)
  34396. return WC_TEST_RET_ENC_NC;
  34397. ret = wc_HashEccsiId(priv, WC_HASH_TYPE_SHA256, id, idSz, pvt, hashPub,
  34398. &hashSz);
  34399. if (ret != 0)
  34400. return WC_TEST_RET_ENC_EC(ret);
  34401. if (hashSz != 32)
  34402. return WC_TEST_RET_ENC_NC;
  34403. if (XMEMCMP(hashPriv, hashPub, hashSz) != 0)
  34404. return WC_TEST_RET_ENC_NC;
  34405. ret = wc_SetEccsiHash(priv, hashPriv, hashSz);
  34406. if (ret != 0)
  34407. return WC_TEST_RET_ENC_EC(ret);
  34408. ret = wc_SetEccsiPair(priv, ssk, pvt);
  34409. if (ret != 0)
  34410. return WC_TEST_RET_ENC_EC(ret);
  34411. ret = wc_SignEccsiHash(priv, rng, WC_HASH_TYPE_SHA256, msg, msgSz, NULL,
  34412. &sigSz);
  34413. if (ret != LENGTH_ONLY_E)
  34414. return WC_TEST_RET_ENC_EC(ret);
  34415. if (sigSz != 129)
  34416. return WC_TEST_RET_ENC_NC;
  34417. ret = wc_SignEccsiHash(priv, rng, WC_HASH_TYPE_SHA256, msg, msgSz, sig,
  34418. &sigSz);
  34419. if (ret != 0)
  34420. return WC_TEST_RET_ENC_EC(ret);
  34421. ret = wc_SetEccsiHash(pub, hashPub, hashSz);
  34422. if (ret != 0)
  34423. return WC_TEST_RET_ENC_EC(ret);
  34424. ret = wc_VerifyEccsiHash(pub, WC_HASH_TYPE_SHA256, msg, msgSz, sig, sigSz,
  34425. &verified);
  34426. if (ret != 0)
  34427. return WC_TEST_RET_ENC_EC(ret);
  34428. if (!verified)
  34429. return WC_TEST_RET_ENC_NC;
  34430. /* Check that changing HS results in verification failure. */
  34431. hashPub[0] ^= 0x80;
  34432. ret = wc_SetEccsiHash(pub, hashPub, hashSz);
  34433. if (ret != 0)
  34434. return WC_TEST_RET_ENC_EC(ret);
  34435. ret = wc_VerifyEccsiHash(pub, WC_HASH_TYPE_SHA256, msg, msgSz, sig, sigSz,
  34436. &verified);
  34437. if (ret != 0)
  34438. return WC_TEST_RET_ENC_EC(ret);
  34439. if (verified)
  34440. return WC_TEST_RET_ENC_NC;
  34441. hashPub[0] ^= 0x80;
  34442. ret = wc_SetEccsiHash(pub, hashPub, hashSz);
  34443. if (ret != 0)
  34444. return WC_TEST_RET_ENC_EC(ret);
  34445. /* Check that changing msg results in verification failure. */
  34446. msg[0] ^= 0x80;
  34447. ret = wc_VerifyEccsiHash(pub, WC_HASH_TYPE_SHA256, msg, msgSz, sig, sigSz,
  34448. &verified);
  34449. if (ret != 0)
  34450. return WC_TEST_RET_ENC_EC(ret);
  34451. if (verified)
  34452. return WC_TEST_RET_ENC_NC;
  34453. msg[0] ^= 0x80;
  34454. /* Check that changing signature results in verification failure. */
  34455. sig[0] ^= 0x80;
  34456. ret = wc_VerifyEccsiHash(pub, WC_HASH_TYPE_SHA256, msg, msgSz, sig, sigSz,
  34457. &verified);
  34458. if (ret != 0)
  34459. return WC_TEST_RET_ENC_EC(ret);
  34460. if (verified)
  34461. return WC_TEST_RET_ENC_NC;
  34462. sig[0] ^= 0x80;
  34463. /* Check that key state hasn't been invalidated. */
  34464. ret = wc_VerifyEccsiHash(pub, WC_HASH_TYPE_SHA256, msg, msgSz, sig, sigSz,
  34465. &verified);
  34466. if (ret != 0)
  34467. return WC_TEST_RET_ENC_EC(ret);
  34468. if (!verified)
  34469. return WC_TEST_RET_ENC_NC;
  34470. /* Check that verifying with the private key works. */
  34471. ret = wc_VerifyEccsiHash(priv, WC_HASH_TYPE_SHA256, msg, msgSz, sig, sigSz,
  34472. &verified);
  34473. if (ret != 0)
  34474. return WC_TEST_RET_ENC_EC(ret);
  34475. if (!verified)
  34476. return WC_TEST_RET_ENC_NC;
  34477. /* Check that the KPAK is converted from montgomery form. */
  34478. ret = eccsi_imp_exp_key_test(priv);
  34479. if (ret != 0)
  34480. return ret;
  34481. /* Check that KPAK can converted to Montgomery form again. */
  34482. ret = wc_VerifyEccsiHash(priv, WC_HASH_TYPE_SHA256, msg, msgSz, sig, sigSz,
  34483. &verified);
  34484. if (ret != 0)
  34485. return WC_TEST_RET_ENC_EC(ret);
  34486. if (!verified)
  34487. return WC_TEST_RET_ENC_NC;
  34488. /* Check that the KPAK is converted from montgomery form. */
  34489. ret = wc_ValidateEccsiPair(pub, WC_HASH_TYPE_SHA256, id, idSz, ssk, pvt,
  34490. &valid);
  34491. if (ret != 0)
  34492. return WC_TEST_RET_ENC_EC(ret);
  34493. if (!valid)
  34494. return WC_TEST_RET_ENC_NC;
  34495. /* Check that KPAK can converted to Montgomery form again. */
  34496. ret = wc_VerifyEccsiHash(priv, WC_HASH_TYPE_SHA256, msg, msgSz, sig, sigSz,
  34497. &verified);
  34498. if (ret != 0)
  34499. return WC_TEST_RET_ENC_EC(ret);
  34500. if (!verified)
  34501. return WC_TEST_RET_ENC_NC;
  34502. /* Check that the KPAK is converted from montgomery form. */
  34503. ret = eccsi_imp_exp_pubkey_test(priv, pub);
  34504. if (ret != 0)
  34505. return ret;
  34506. return 0;
  34507. }
  34508. WOLFSSL_TEST_SUBROUTINE wc_test_ret_t eccsi_test(void)
  34509. {
  34510. wc_test_ret_t ret = 0;
  34511. WC_RNG rng;
  34512. int rng_inited = 0;
  34513. EccsiKey* priv = NULL;
  34514. EccsiKey* pub = NULL;
  34515. mp_int* ssk = NULL;
  34516. ecc_point* pvt = NULL;
  34517. priv = (EccsiKey*)XMALLOC(sizeof(EccsiKey), HEAP_HINT,
  34518. DYNAMIC_TYPE_TMP_BUFFER);
  34519. if (priv == NULL)
  34520. ret = WC_TEST_RET_ENC_NC;
  34521. else
  34522. XMEMSET(priv, 0, sizeof(*priv));
  34523. if (ret == 0) {
  34524. pub = (EccsiKey*)XMALLOC(sizeof(EccsiKey), HEAP_HINT,
  34525. DYNAMIC_TYPE_TMP_BUFFER);
  34526. if (pub == NULL)
  34527. ret = WC_TEST_RET_ENC_NC;
  34528. else
  34529. XMEMSET(pub, 0, sizeof(*pub));
  34530. }
  34531. if (ret == 0) {
  34532. ssk = (mp_int*)XMALLOC(sizeof(mp_int), HEAP_HINT,
  34533. DYNAMIC_TYPE_TMP_BUFFER);
  34534. if (ssk == NULL)
  34535. ret = WC_TEST_RET_ENC_NC;
  34536. else
  34537. XMEMSET(ssk, 0, sizeof(*ssk));
  34538. }
  34539. if (ret == 0) {
  34540. #ifndef HAVE_FIPS
  34541. ret = wc_InitRng_ex(&rng, HEAP_HINT, devId);
  34542. #else
  34543. ret = wc_InitRng(&rng);
  34544. #endif
  34545. if (ret != 0)
  34546. ret = WC_TEST_RET_ENC_EC(ret);
  34547. else
  34548. rng_inited = 1;
  34549. }
  34550. if (ret == 0) {
  34551. pvt = wc_ecc_new_point();
  34552. if (pvt == NULL)
  34553. ret = WC_TEST_RET_ENC_NC;
  34554. }
  34555. if (ret == 0) {
  34556. ret = mp_init(ssk);
  34557. if (ret != 0)
  34558. ret = WC_TEST_RET_ENC_EC(ret);
  34559. }
  34560. if (ret == 0) {
  34561. ret = eccsi_api_test(&rng, priv, ssk, pvt);
  34562. }
  34563. if (ret == 0) {
  34564. ret = wc_InitEccsiKey(pub, HEAP_HINT, INVALID_DEVID);
  34565. if (ret != 0)
  34566. ret = WC_TEST_RET_ENC_EC(ret);
  34567. }
  34568. if (ret == 0) {
  34569. ret = wc_InitEccsiKey(priv, HEAP_HINT, INVALID_DEVID);
  34570. if (ret != 0)
  34571. ret = WC_TEST_RET_ENC_EC(ret);
  34572. }
  34573. if (ret == 0) {
  34574. ret = eccsi_kat_verify_test(pub, pvt);
  34575. }
  34576. if (ret == 0) {
  34577. ret = eccsi_make_key_test(priv, pub, &rng, ssk, pvt);
  34578. }
  34579. if (ret == 0) {
  34580. ret = eccsi_sign_verify_test(priv, pub, &rng, ssk, pvt);
  34581. }
  34582. if (pvt != NULL)
  34583. wc_ecc_del_point(pvt);
  34584. if (rng_inited)
  34585. wc_FreeRng(&rng);
  34586. if (ssk != NULL) {
  34587. mp_free(ssk);
  34588. XFREE(ssk, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  34589. }
  34590. if (pub != NULL) {
  34591. wc_FreeEccsiKey(pub);
  34592. XFREE(pub, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  34593. }
  34594. if (priv != NULL) {
  34595. wc_FreeEccsiKey(priv);
  34596. XFREE(priv, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  34597. }
  34598. return ret;
  34599. }
  34600. #endif /* WOLFCRYPT_HAVE_ECCSI */
  34601. #ifdef WOLFCRYPT_HAVE_SAKKE
  34602. static wc_test_ret_t sakke_api_test(WC_RNG* rng, SakkeKey* key, ecc_point* rsk)
  34603. {
  34604. wc_test_ret_t ret;
  34605. byte id[1] = { 0x00 };
  34606. int valid;
  34607. byte data[256];
  34608. word32 sz;
  34609. byte auth[257];
  34610. word16 authSz;
  34611. byte ssv[256];
  34612. word16 ssvSz;
  34613. word32 len;
  34614. ret = wc_InitSakkeKey_ex(NULL, 128, ECC_SAKKE_1, NULL, INVALID_DEVID);
  34615. if (ret != BAD_FUNC_ARG)
  34616. return WC_TEST_RET_ENC_EC(ret);
  34617. ret = wc_InitSakkeKey_ex(NULL, 128, ECC_SAKKE_1, HEAP_HINT, INVALID_DEVID);
  34618. if (ret != BAD_FUNC_ARG)
  34619. return WC_TEST_RET_ENC_EC(ret);
  34620. wc_FreeSakkeKey(NULL);
  34621. XMEMSET(key, 0, sizeof(*key));
  34622. wc_FreeSakkeKey(key);
  34623. ret = wc_InitSakkeKey_ex(key, 128, ECC_SAKKE_1, HEAP_HINT, INVALID_DEVID);
  34624. if (ret != 0)
  34625. return WC_TEST_RET_ENC_EC(ret);
  34626. ret = wc_MakeSakkeKey(NULL, NULL);
  34627. if (ret != BAD_FUNC_ARG)
  34628. return WC_TEST_RET_ENC_EC(ret);
  34629. ret = wc_MakeSakkeKey(key, NULL);
  34630. if (ret != BAD_FUNC_ARG)
  34631. return WC_TEST_RET_ENC_EC(ret);
  34632. ret = wc_MakeSakkeKey(NULL, rng);
  34633. if (ret != BAD_FUNC_ARG)
  34634. return WC_TEST_RET_ENC_EC(ret);
  34635. ret = wc_MakeSakkePublicKey(NULL, NULL);
  34636. if (ret != BAD_FUNC_ARG)
  34637. return WC_TEST_RET_ENC_EC(ret);
  34638. ret = wc_MakeSakkePublicKey(key, NULL);
  34639. if (ret != BAD_FUNC_ARG)
  34640. return WC_TEST_RET_ENC_EC(ret);
  34641. ret = wc_MakeSakkePublicKey(NULL, rsk);
  34642. if (ret != BAD_FUNC_ARG)
  34643. return WC_TEST_RET_ENC_EC(ret);
  34644. ret = wc_MakeSakkeRsk(NULL, NULL, 1, NULL);
  34645. if (ret != BAD_FUNC_ARG)
  34646. return WC_TEST_RET_ENC_EC(ret);
  34647. ret = wc_MakeSakkeRsk(key, id, 1, NULL);
  34648. if (ret != BAD_FUNC_ARG)
  34649. return WC_TEST_RET_ENC_EC(ret);
  34650. ret = wc_MakeSakkeRsk(key, NULL, 1, rsk);
  34651. if (ret != BAD_FUNC_ARG)
  34652. return WC_TEST_RET_ENC_EC(ret);
  34653. ret = wc_MakeSakkeRsk(NULL, id, 1, rsk);
  34654. if (ret != BAD_FUNC_ARG)
  34655. return WC_TEST_RET_ENC_EC(ret);
  34656. ret = wc_ValidateSakkeRsk(NULL, NULL, 1, NULL, NULL);
  34657. if (ret != BAD_FUNC_ARG)
  34658. return WC_TEST_RET_ENC_EC(ret);
  34659. ret = wc_ValidateSakkeRsk(key, id, 1, rsk, NULL);
  34660. if (ret != BAD_FUNC_ARG)
  34661. return WC_TEST_RET_ENC_EC(ret);
  34662. ret = wc_ValidateSakkeRsk(NULL, id, 1, rsk, &valid);
  34663. if (ret != BAD_FUNC_ARG)
  34664. return WC_TEST_RET_ENC_EC(ret);
  34665. ret = wc_ExportSakkeKey(NULL, NULL, NULL);
  34666. if (ret != BAD_FUNC_ARG)
  34667. return WC_TEST_RET_ENC_EC(ret);
  34668. ret = wc_ExportSakkeKey(key, data, NULL);
  34669. if (ret != BAD_FUNC_ARG)
  34670. return WC_TEST_RET_ENC_EC(ret);
  34671. ret = wc_ExportSakkeKey(NULL, data, &sz);
  34672. if (ret != BAD_FUNC_ARG)
  34673. return WC_TEST_RET_ENC_EC(ret);
  34674. ret = wc_ImportSakkeKey(NULL, NULL, 1);
  34675. if (ret != BAD_FUNC_ARG)
  34676. return WC_TEST_RET_ENC_EC(ret);
  34677. ret = wc_ImportSakkeKey(key, NULL, 1);
  34678. if (ret != BAD_FUNC_ARG)
  34679. return WC_TEST_RET_ENC_EC(ret);
  34680. ret = wc_ImportSakkeKey(NULL, data, 1);
  34681. if (ret != BAD_FUNC_ARG)
  34682. return WC_TEST_RET_ENC_EC(ret);
  34683. ret = wc_ExportSakkePrivateKey(NULL, NULL, NULL);
  34684. if (ret != BAD_FUNC_ARG)
  34685. return WC_TEST_RET_ENC_EC(ret);
  34686. ret = wc_ExportSakkePrivateKey(key, data, NULL);
  34687. if (ret != BAD_FUNC_ARG)
  34688. return WC_TEST_RET_ENC_EC(ret);
  34689. ret = wc_ExportSakkePrivateKey(NULL, data, &sz);
  34690. if (ret != BAD_FUNC_ARG)
  34691. return WC_TEST_RET_ENC_EC(ret);
  34692. ret = wc_ImportSakkePrivateKey(NULL, NULL, 1);
  34693. if (ret != BAD_FUNC_ARG)
  34694. return WC_TEST_RET_ENC_EC(ret);
  34695. ret = wc_ImportSakkePrivateKey(key, NULL, 1);
  34696. if (ret != BAD_FUNC_ARG)
  34697. return WC_TEST_RET_ENC_EC(ret);
  34698. ret = wc_ImportSakkePrivateKey(NULL, data, 1);
  34699. if (ret != BAD_FUNC_ARG)
  34700. return WC_TEST_RET_ENC_EC(ret);
  34701. sz = sizeof(data);
  34702. ret = wc_EncodeSakkeRsk(NULL, NULL, data, NULL, 1);
  34703. if (ret != BAD_FUNC_ARG)
  34704. return WC_TEST_RET_ENC_EC(ret);
  34705. ret = wc_EncodeSakkeRsk(key, rsk, data, NULL, 1);
  34706. if (ret != BAD_FUNC_ARG)
  34707. return WC_TEST_RET_ENC_EC(ret);
  34708. ret = wc_EncodeSakkeRsk(key, NULL, data, &sz, 1);
  34709. if (ret != BAD_FUNC_ARG)
  34710. return WC_TEST_RET_ENC_EC(ret);
  34711. ret = wc_EncodeSakkeRsk(NULL, rsk, data, &sz, 1);
  34712. if (ret != BAD_FUNC_ARG)
  34713. return WC_TEST_RET_ENC_EC(ret);
  34714. ret = wc_DecodeSakkeRsk(NULL, NULL, sz, NULL);
  34715. if (ret != BAD_FUNC_ARG)
  34716. return WC_TEST_RET_ENC_EC(ret);
  34717. ret = wc_DecodeSakkeRsk(key, data, sz, NULL);
  34718. if (ret != BAD_FUNC_ARG)
  34719. return WC_TEST_RET_ENC_EC(ret);
  34720. ret = wc_DecodeSakkeRsk(key, NULL, sz, rsk);
  34721. if (ret != BAD_FUNC_ARG)
  34722. return WC_TEST_RET_ENC_EC(ret);
  34723. ret = wc_DecodeSakkeRsk(NULL, data, sz, rsk);
  34724. if (ret != BAD_FUNC_ARG)
  34725. return WC_TEST_RET_ENC_EC(ret);
  34726. ret = wc_ImportSakkeRsk(NULL, NULL, sz);
  34727. if (ret != BAD_FUNC_ARG)
  34728. return WC_TEST_RET_ENC_EC(ret);
  34729. ret = wc_ImportSakkeRsk(key, NULL, sz);
  34730. if (ret != BAD_FUNC_ARG)
  34731. return WC_TEST_RET_ENC_EC(ret);
  34732. ret = wc_ImportSakkeRsk(NULL, data, sz);
  34733. if (ret != BAD_FUNC_ARG)
  34734. return WC_TEST_RET_ENC_EC(ret);
  34735. ret = wc_ImportSakkeRsk(key, data, 1);
  34736. if (ret != BUFFER_E)
  34737. return WC_TEST_RET_ENC_EC(ret);
  34738. ret = wc_GenerateSakkeRskTable(NULL, NULL, data, NULL);
  34739. if (ret != BAD_FUNC_ARG)
  34740. return WC_TEST_RET_ENC_EC(ret);
  34741. ret = wc_GenerateSakkeRskTable(key, NULL, data, NULL);
  34742. if (ret != BAD_FUNC_ARG)
  34743. return WC_TEST_RET_ENC_EC(ret);
  34744. ret = wc_GenerateSakkeRskTable(NULL, rsk, data, NULL);
  34745. if (ret != BAD_FUNC_ARG)
  34746. return WC_TEST_RET_ENC_EC(ret);
  34747. ret = wc_GenerateSakkeRskTable(NULL, NULL, data, &len);
  34748. if (ret != BAD_FUNC_ARG)
  34749. return WC_TEST_RET_ENC_EC(ret);
  34750. ret = wc_GenerateSakkeRskTable(key, rsk, data, NULL);
  34751. if (ret != BAD_FUNC_ARG)
  34752. return WC_TEST_RET_ENC_EC(ret);
  34753. ret = wc_GenerateSakkeRskTable(key, NULL, data, &len);
  34754. if (ret != BAD_FUNC_ARG)
  34755. return WC_TEST_RET_ENC_EC(ret);
  34756. ret = wc_GenerateSakkeRskTable(NULL, rsk, data, &len);
  34757. if (ret != BAD_FUNC_ARG)
  34758. return WC_TEST_RET_ENC_EC(ret);
  34759. ret = wc_GenerateSakkeRskTable(key, rsk, NULL, &len);
  34760. if (ret != LENGTH_ONLY_E)
  34761. return WC_TEST_RET_ENC_EC(ret);
  34762. len--;
  34763. ret = wc_GenerateSakkeRskTable(key, rsk, data, &len);
  34764. if (ret != BUFFER_E)
  34765. return WC_TEST_RET_ENC_EC(ret);
  34766. ret = wc_ExportSakkePublicKey(NULL, data, NULL, 1);
  34767. if (ret != BAD_FUNC_ARG)
  34768. return WC_TEST_RET_ENC_EC(ret);
  34769. ret = wc_ExportSakkePublicKey(key, data, NULL, 1);
  34770. if (ret != BAD_FUNC_ARG)
  34771. return WC_TEST_RET_ENC_EC(ret);
  34772. ret = wc_ExportSakkePublicKey(NULL, data, &sz, 1);
  34773. if (ret != BAD_FUNC_ARG)
  34774. return WC_TEST_RET_ENC_EC(ret);
  34775. ret = wc_ImportSakkePublicKey(NULL, NULL, sz, 1);
  34776. if (ret != BAD_FUNC_ARG)
  34777. return WC_TEST_RET_ENC_EC(ret);
  34778. ret = wc_ImportSakkePublicKey(key, NULL, sz, 1);
  34779. if (ret != BAD_FUNC_ARG)
  34780. return WC_TEST_RET_ENC_EC(ret);
  34781. ret = wc_ImportSakkePublicKey(NULL, data, sz, 1);
  34782. if (ret != BAD_FUNC_ARG)
  34783. return WC_TEST_RET_ENC_EC(ret);
  34784. ret = wc_GetSakkeAuthSize(NULL, NULL);
  34785. if (ret != BAD_FUNC_ARG)
  34786. return WC_TEST_RET_ENC_EC(ret);
  34787. ret = wc_GetSakkeAuthSize(key, NULL);
  34788. if (ret != BAD_FUNC_ARG)
  34789. return WC_TEST_RET_ENC_EC(ret);
  34790. ret = wc_GetSakkeAuthSize(NULL, &authSz);
  34791. if (ret != BAD_FUNC_ARG)
  34792. return WC_TEST_RET_ENC_EC(ret);
  34793. ret = wc_MakeSakkePointI(NULL, NULL, SAKKE_ID_MAX_SIZE + 1);
  34794. if (ret != BAD_FUNC_ARG)
  34795. return WC_TEST_RET_ENC_EC(ret);
  34796. ret = wc_MakeSakkePointI(key, NULL, SAKKE_ID_MAX_SIZE + 1);
  34797. if (ret != BAD_FUNC_ARG)
  34798. return WC_TEST_RET_ENC_EC(ret);
  34799. ret = wc_MakeSakkePointI(NULL, id, 1);
  34800. if (ret != BAD_FUNC_ARG)
  34801. return WC_TEST_RET_ENC_EC(ret);
  34802. ret = wc_MakeSakkePointI(NULL, NULL, 1);
  34803. if (ret != BAD_FUNC_ARG)
  34804. return WC_TEST_RET_ENC_EC(ret);
  34805. ret = wc_MakeSakkePointI(key, id, SAKKE_ID_MAX_SIZE + 1);
  34806. if (ret != BAD_FUNC_ARG)
  34807. return WC_TEST_RET_ENC_EC(ret);
  34808. ret = wc_MakeSakkePointI(key, NULL, 1);
  34809. if (ret != BAD_FUNC_ARG)
  34810. return WC_TEST_RET_ENC_EC(ret);
  34811. ret = wc_MakeSakkePointI(NULL, id, 1);
  34812. if (ret != BAD_FUNC_ARG)
  34813. return WC_TEST_RET_ENC_EC(ret);
  34814. ret = wc_GenerateSakkePointITable(NULL, data, NULL);
  34815. if (ret != BAD_FUNC_ARG)
  34816. return WC_TEST_RET_ENC_EC(ret);
  34817. ret = wc_GenerateSakkePointITable(key, data, NULL);
  34818. if (ret != BAD_FUNC_ARG)
  34819. return WC_TEST_RET_ENC_EC(ret);
  34820. ret = wc_GenerateSakkePointITable(NULL, data, &len);
  34821. if (ret != BAD_FUNC_ARG)
  34822. return WC_TEST_RET_ENC_EC(ret);
  34823. ret = wc_GenerateSakkePointITable(key, NULL, &len);
  34824. if (ret != LENGTH_ONLY_E)
  34825. return WC_TEST_RET_ENC_EC(ret);
  34826. len--;
  34827. ret = wc_GenerateSakkePointITable(key, data, &len);
  34828. if (ret != BUFFER_E)
  34829. return WC_TEST_RET_ENC_EC(ret);
  34830. ret = wc_SetSakkePointITable(NULL, NULL, 1);
  34831. if (ret != BAD_FUNC_ARG)
  34832. return WC_TEST_RET_ENC_EC(ret);
  34833. ret = wc_SetSakkePointITable(key, NULL, 1);
  34834. if (ret != BAD_FUNC_ARG)
  34835. return WC_TEST_RET_ENC_EC(ret);
  34836. ret = wc_SetSakkePointITable(NULL, data, 1);
  34837. if (ret != BAD_FUNC_ARG)
  34838. return WC_TEST_RET_ENC_EC(ret);
  34839. ret = wc_SetSakkePointITable(key, data, 1);
  34840. if (ret != BUFFER_E)
  34841. return WC_TEST_RET_ENC_EC(ret);
  34842. ret = wc_ClearSakkePointITable(NULL);
  34843. if (ret != BAD_FUNC_ARG)
  34844. return WC_TEST_RET_ENC_EC(ret);
  34845. ret = wc_GetSakkePointI(NULL, data, NULL);
  34846. if (ret != BAD_FUNC_ARG)
  34847. return WC_TEST_RET_ENC_EC(ret);
  34848. ret = wc_GetSakkePointI(key, data, NULL);
  34849. if (ret != BAD_FUNC_ARG)
  34850. return WC_TEST_RET_ENC_EC(ret);
  34851. ret = wc_GetSakkePointI(NULL, data, &sz);
  34852. if (ret != BAD_FUNC_ARG)
  34853. return WC_TEST_RET_ENC_EC(ret);
  34854. sz = 1;
  34855. ret = wc_GetSakkePointI(key, data, &sz);
  34856. if (ret != BUFFER_E)
  34857. return WC_TEST_RET_ENC_EC(ret);
  34858. sz = 256;
  34859. ret = wc_SetSakkePointI(NULL, NULL, 1, NULL, sz);
  34860. if (ret != BAD_FUNC_ARG)
  34861. return WC_TEST_RET_ENC_EC(ret);
  34862. ret = wc_SetSakkePointI(key, NULL, 1, NULL, sz);
  34863. if (ret != BAD_FUNC_ARG)
  34864. return WC_TEST_RET_ENC_EC(ret);
  34865. ret = wc_SetSakkePointI(NULL, id, 1, NULL, sz);
  34866. if (ret != BAD_FUNC_ARG)
  34867. return WC_TEST_RET_ENC_EC(ret);
  34868. ret = wc_SetSakkePointI(NULL, NULL, 1, data, sz);
  34869. if (ret != BAD_FUNC_ARG)
  34870. return WC_TEST_RET_ENC_EC(ret);
  34871. ret = wc_SetSakkePointI(key, id, 1, NULL, sz);
  34872. if (ret != BAD_FUNC_ARG)
  34873. return WC_TEST_RET_ENC_EC(ret);
  34874. ret = wc_SetSakkePointI(key, NULL, 1, data, sz);
  34875. if (ret != BAD_FUNC_ARG)
  34876. return WC_TEST_RET_ENC_EC(ret);
  34877. ret = wc_SetSakkePointI(NULL, id, 1, data, sz);
  34878. if (ret != BAD_FUNC_ARG)
  34879. return WC_TEST_RET_ENC_EC(ret);
  34880. ret = wc_SetSakkePointI(key, id, SAKKE_ID_MAX_SIZE + 1, data, sz);
  34881. if (ret != BUFFER_E)
  34882. return WC_TEST_RET_ENC_EC(ret);
  34883. ret = wc_SetSakkePointI(key, id, 1, data, sz - 1);
  34884. if (ret != BUFFER_E)
  34885. return WC_TEST_RET_ENC_EC(ret);
  34886. ret = wc_SetSakkeIdentity(NULL, NULL, 1);
  34887. if (ret != BAD_FUNC_ARG)
  34888. return WC_TEST_RET_ENC_EC(ret);
  34889. ret = wc_SetSakkeIdentity(key, NULL, 1);
  34890. if (ret != BAD_FUNC_ARG)
  34891. return WC_TEST_RET_ENC_EC(ret);
  34892. ret = wc_SetSakkeIdentity(NULL, id, 1);
  34893. if (ret != BAD_FUNC_ARG)
  34894. return WC_TEST_RET_ENC_EC(ret);
  34895. ssvSz = sizeof(ssv);
  34896. ret = wc_MakeSakkeEncapsulatedSSV(NULL, WC_HASH_TYPE_SHA256, NULL, ssvSz,
  34897. auth, NULL);
  34898. if (ret != BAD_FUNC_ARG)
  34899. return WC_TEST_RET_ENC_EC(ret);
  34900. ret = wc_MakeSakkeEncapsulatedSSV(key, WC_HASH_TYPE_SHA256, NULL, ssvSz,
  34901. auth, NULL);
  34902. if (ret != BAD_FUNC_ARG)
  34903. return WC_TEST_RET_ENC_EC(ret);
  34904. ret = wc_MakeSakkeEncapsulatedSSV(NULL, WC_HASH_TYPE_SHA256, ssv, ssvSz,
  34905. auth, NULL);
  34906. if (ret != BAD_FUNC_ARG)
  34907. return WC_TEST_RET_ENC_EC(ret);
  34908. ret = wc_MakeSakkeEncapsulatedSSV(NULL, WC_HASH_TYPE_SHA256, NULL, ssvSz,
  34909. auth, &authSz);
  34910. if (ret != BAD_FUNC_ARG)
  34911. return WC_TEST_RET_ENC_EC(ret);
  34912. ret = wc_MakeSakkeEncapsulatedSSV(key, WC_HASH_TYPE_SHA256, ssv, ssvSz,
  34913. auth, NULL);
  34914. if (ret != BAD_FUNC_ARG)
  34915. return WC_TEST_RET_ENC_EC(ret);
  34916. ret = wc_MakeSakkeEncapsulatedSSV(key, WC_HASH_TYPE_SHA256, NULL, ssvSz,
  34917. auth, &authSz);
  34918. if (ret != BAD_FUNC_ARG)
  34919. return WC_TEST_RET_ENC_EC(ret);
  34920. ret = wc_MakeSakkeEncapsulatedSSV(NULL, WC_HASH_TYPE_SHA256, ssv, ssvSz,
  34921. auth, &authSz);
  34922. if (ret != BAD_FUNC_ARG)
  34923. return WC_TEST_RET_ENC_EC(ret);
  34924. ret = wc_MakeSakkeEncapsulatedSSV(key, WC_HASH_TYPE_SHA256, ssv, ssvSz,
  34925. auth, &authSz);
  34926. if (ret != BAD_STATE_E)
  34927. return WC_TEST_RET_ENC_EC(ret);
  34928. ret = wc_GenerateSakkeSSV(NULL, NULL, data, NULL);
  34929. if (ret != BAD_FUNC_ARG)
  34930. return WC_TEST_RET_ENC_EC(ret);
  34931. ret = wc_GenerateSakkeSSV(key, rng, data, NULL);
  34932. if (ret != BAD_FUNC_ARG)
  34933. return WC_TEST_RET_ENC_EC(ret);
  34934. ret = wc_GenerateSakkeSSV(key, NULL, data, &ssvSz);
  34935. if (ret != BAD_FUNC_ARG)
  34936. return WC_TEST_RET_ENC_EC(ret);
  34937. ret = wc_GenerateSakkeSSV(NULL, rng, data, &ssvSz);
  34938. if (ret != BAD_FUNC_ARG)
  34939. return WC_TEST_RET_ENC_EC(ret);
  34940. ret = wc_SetSakkeRsk(NULL, NULL, data, 1);
  34941. if (ret != BAD_FUNC_ARG)
  34942. return WC_TEST_RET_ENC_EC(ret);
  34943. ret = wc_SetSakkeRsk(key, NULL, data, 1);
  34944. if (ret != BAD_FUNC_ARG)
  34945. return WC_TEST_RET_ENC_EC(ret);
  34946. ret = wc_SetSakkeRsk(NULL, rsk, data, 1);
  34947. if (ret != BAD_FUNC_ARG)
  34948. return WC_TEST_RET_ENC_EC(ret);
  34949. ssvSz = sizeof(ssv);
  34950. authSz = sizeof(auth);
  34951. ret = wc_DeriveSakkeSSV(NULL, WC_HASH_TYPE_SHA256, NULL, ssvSz, NULL,
  34952. authSz);
  34953. if (ret != BAD_FUNC_ARG)
  34954. return WC_TEST_RET_ENC_EC(ret);
  34955. ret = wc_DeriveSakkeSSV(key, WC_HASH_TYPE_SHA256, NULL, ssvSz, NULL,
  34956. authSz);
  34957. if (ret != BAD_FUNC_ARG)
  34958. return WC_TEST_RET_ENC_EC(ret);
  34959. ret = wc_DeriveSakkeSSV(NULL, WC_HASH_TYPE_SHA256, ssv, ssvSz, NULL,
  34960. authSz);
  34961. if (ret != BAD_FUNC_ARG)
  34962. return WC_TEST_RET_ENC_EC(ret);
  34963. ret = wc_DeriveSakkeSSV(NULL, WC_HASH_TYPE_SHA256, NULL, ssvSz, auth,
  34964. authSz);
  34965. if (ret != BAD_FUNC_ARG)
  34966. return WC_TEST_RET_ENC_EC(ret);
  34967. ret = wc_DeriveSakkeSSV(key, WC_HASH_TYPE_SHA256, ssv, ssvSz, NULL,
  34968. authSz);
  34969. if (ret != BAD_FUNC_ARG)
  34970. return WC_TEST_RET_ENC_EC(ret);
  34971. ret = wc_DeriveSakkeSSV(key, WC_HASH_TYPE_SHA256, NULL, ssvSz, auth,
  34972. authSz);
  34973. if (ret != BAD_FUNC_ARG)
  34974. return WC_TEST_RET_ENC_EC(ret);
  34975. ret = wc_DeriveSakkeSSV(NULL, WC_HASH_TYPE_SHA256, ssv, ssvSz, auth,
  34976. authSz);
  34977. if (ret != BAD_FUNC_ARG)
  34978. return WC_TEST_RET_ENC_EC(ret);
  34979. ret = wc_DeriveSakkeSSV(key, WC_HASH_TYPE_SHA256, ssv, ssvSz, auth,
  34980. authSz);
  34981. if (ret != BAD_STATE_E)
  34982. return WC_TEST_RET_ENC_EC(ret);
  34983. ret = wc_SetSakkeIdentity(key, id, 1);
  34984. if (ret != 0)
  34985. return WC_TEST_RET_ENC_EC(ret);
  34986. ret = wc_DeriveSakkeSSV(key, WC_HASH_TYPE_SHA256, ssv, ssvSz, auth,
  34987. authSz);
  34988. if (ret != BAD_STATE_E)
  34989. return WC_TEST_RET_ENC_EC(ret);
  34990. ret = wc_SetSakkeIdentity(key, id, 0);
  34991. if (ret != 0)
  34992. return WC_TEST_RET_ENC_EC(ret);
  34993. ret = wc_SetSakkeRsk(key, rsk, data, 1);
  34994. if (ret != 0)
  34995. return WC_TEST_RET_ENC_EC(ret);
  34996. ret = wc_DeriveSakkeSSV(key, WC_HASH_TYPE_SHA256, ssv, ssvSz, auth,
  34997. authSz);
  34998. if (ret != BAD_STATE_E)
  34999. return WC_TEST_RET_ENC_EC(ret);
  35000. wc_FreeSakkeKey(key);
  35001. return 0;
  35002. }
  35003. static wc_test_ret_t sakke_kat_derive_test(SakkeKey* key, ecc_point* rsk)
  35004. {
  35005. WOLFSSL_SMALL_STACK_STATIC const byte pubData[] = {
  35006. 0x59, 0x58, 0xEF, 0x1B, 0x16, 0x79, 0xBF, 0x09,
  35007. 0x9B, 0x3A, 0x03, 0x0D, 0xF2, 0x55, 0xAA, 0x6A,
  35008. 0x23, 0xC1, 0xD8, 0xF1, 0x43, 0xD4, 0xD2, 0x3F,
  35009. 0x75, 0x3E, 0x69, 0xBD, 0x27, 0xA8, 0x32, 0xF3,
  35010. 0x8C, 0xB4, 0xAD, 0x53, 0xDD, 0xEF, 0x42, 0x60,
  35011. 0xB0, 0xFE, 0x8B, 0xB4, 0x5C, 0x4C, 0x1F, 0xF5,
  35012. 0x10, 0xEF, 0xFE, 0x30, 0x03, 0x67, 0xA3, 0x7B,
  35013. 0x61, 0xF7, 0x01, 0xD9, 0x14, 0xAE, 0xF0, 0x97,
  35014. 0x24, 0x82, 0x5F, 0xA0, 0x70, 0x7D, 0x61, 0xA6,
  35015. 0xDF, 0xF4, 0xFB, 0xD7, 0x27, 0x35, 0x66, 0xCD,
  35016. 0xDE, 0x35, 0x2A, 0x0B, 0x04, 0xB7, 0xC1, 0x6A,
  35017. 0x78, 0x30, 0x9B, 0xE6, 0x40, 0x69, 0x7D, 0xE7,
  35018. 0x47, 0x61, 0x3A, 0x5F, 0xC1, 0x95, 0xE8, 0xB9,
  35019. 0xF3, 0x28, 0x85, 0x2A, 0x57, 0x9D, 0xB8, 0xF9,
  35020. 0x9B, 0x1D, 0x00, 0x34, 0x47, 0x9E, 0xA9, 0xC5,
  35021. 0x59, 0x5F, 0x47, 0xC4, 0xB2, 0xF5, 0x4F, 0xF2,
  35022. 0x15, 0x08, 0xD3, 0x75, 0x14, 0xDC, 0xF7, 0xA8,
  35023. 0xE1, 0x43, 0xA6, 0x05, 0x8C, 0x09, 0xA6, 0xBF,
  35024. 0x2C, 0x98, 0x58, 0xCA, 0x37, 0xC2, 0x58, 0x06,
  35025. 0x5A, 0xE6, 0xBF, 0x75, 0x32, 0xBC, 0x8B, 0x5B,
  35026. 0x63, 0x38, 0x38, 0x66, 0xE0, 0x75, 0x3C, 0x5A,
  35027. 0xC0, 0xE7, 0x27, 0x09, 0xF8, 0x44, 0x5F, 0x2E,
  35028. 0x61, 0x78, 0xE0, 0x65, 0x85, 0x7E, 0x0E, 0xDA,
  35029. 0x10, 0xF6, 0x82, 0x06, 0xB6, 0x35, 0x05, 0xED,
  35030. 0x87, 0xE5, 0x34, 0xFB, 0x28, 0x31, 0xFF, 0x95,
  35031. 0x7F, 0xB7, 0xDC, 0x61, 0x9D, 0xAE, 0x61, 0x30,
  35032. 0x1E, 0xEA, 0xCC, 0x2F, 0xDA, 0x36, 0x80, 0xEA,
  35033. 0x49, 0x99, 0x25, 0x8A, 0x83, 0x3C, 0xEA, 0x8F,
  35034. 0xC6, 0x7C, 0x6D, 0x19, 0x48, 0x7F, 0xB4, 0x49,
  35035. 0x05, 0x9F, 0x26, 0xCC, 0x8A, 0xAB, 0x65, 0x5A,
  35036. 0xB5, 0x8B, 0x7C, 0xC7, 0x96, 0xE2, 0x4E, 0x9A,
  35037. 0x39, 0x40, 0x95, 0x75, 0x4F, 0x5F, 0x8B, 0xAE
  35038. };
  35039. WOLFSSL_SMALL_STACK_STATIC const byte rskData[] = {
  35040. 0x93, 0xAF, 0x67, 0xE5, 0x00, 0x7B, 0xA6, 0xE6,
  35041. 0xA8, 0x0D, 0xA7, 0x93, 0xDA, 0x30, 0x0F, 0xA4,
  35042. 0xB5, 0x2D, 0x0A, 0x74, 0xE2, 0x5E, 0x6E, 0x7B,
  35043. 0x2B, 0x3D, 0x6E, 0xE9, 0xD1, 0x8A, 0x9B, 0x5C,
  35044. 0x50, 0x23, 0x59, 0x7B, 0xD8, 0x2D, 0x80, 0x62,
  35045. 0xD3, 0x40, 0x19, 0x56, 0x3B, 0xA1, 0xD2, 0x5C,
  35046. 0x0D, 0xC5, 0x6B, 0x7B, 0x97, 0x9D, 0x74, 0xAA,
  35047. 0x50, 0xF2, 0x9F, 0xBF, 0x11, 0xCC, 0x2C, 0x93,
  35048. 0xF5, 0xDF, 0xCA, 0x61, 0x5E, 0x60, 0x92, 0x79,
  35049. 0xF6, 0x17, 0x5C, 0xEA, 0xDB, 0x00, 0xB5, 0x8C,
  35050. 0x6B, 0xEE, 0x1E, 0x7A, 0x2A, 0x47, 0xC4, 0xF0,
  35051. 0xC4, 0x56, 0xF0, 0x52, 0x59, 0xA6, 0xFA, 0x94,
  35052. 0xA6, 0x34, 0xA4, 0x0D, 0xAE, 0x1D, 0xF5, 0x93,
  35053. 0xD4, 0xFE, 0xCF, 0x68, 0x8D, 0x5F, 0xC6, 0x78,
  35054. 0xBE, 0x7E, 0xFC, 0x6D, 0xF3, 0xD6, 0x83, 0x53,
  35055. 0x25, 0xB8, 0x3B, 0x2C, 0x6E, 0x69, 0x03, 0x6B,
  35056. 0x15, 0x5F, 0x0A, 0x27, 0x24, 0x10, 0x94, 0xB0,
  35057. 0x4B, 0xFB, 0x0B, 0xDF, 0xAC, 0x6C, 0x67, 0x0A,
  35058. 0x65, 0xC3, 0x25, 0xD3, 0x9A, 0x06, 0x9F, 0x03,
  35059. 0x65, 0x9D, 0x44, 0xCA, 0x27, 0xD3, 0xBE, 0x8D,
  35060. 0xF3, 0x11, 0x17, 0x2B, 0x55, 0x41, 0x60, 0x18,
  35061. 0x1C, 0xBE, 0x94, 0xA2, 0xA7, 0x83, 0x32, 0x0C,
  35062. 0xED, 0x59, 0x0B, 0xC4, 0x26, 0x44, 0x70, 0x2C,
  35063. 0xF3, 0x71, 0x27, 0x1E, 0x49, 0x6B, 0xF2, 0x0F,
  35064. 0x58, 0x8B, 0x78, 0xA1, 0xBC, 0x01, 0xEC, 0xBB,
  35065. 0x65, 0x59, 0x93, 0x4B, 0xDD, 0x2F, 0xB6, 0x5D,
  35066. 0x28, 0x84, 0x31, 0x8A, 0x33, 0xD1, 0xA4, 0x2A,
  35067. 0xDF, 0x5E, 0x33, 0xCC, 0x58, 0x00, 0x28, 0x0B,
  35068. 0x28, 0x35, 0x64, 0x97, 0xF8, 0x71, 0x35, 0xBA,
  35069. 0xB9, 0x61, 0x2A, 0x17, 0x26, 0x04, 0x24, 0x40,
  35070. 0x9A, 0xC1, 0x5F, 0xEE, 0x99, 0x6B, 0x74, 0x4C,
  35071. 0x33, 0x21, 0x51, 0x23, 0x5D, 0xEC, 0xB0, 0xF5
  35072. };
  35073. WOLFSSL_SMALL_STACK_STATIC const byte id[] = {
  35074. 0x32, 0x30, 0x31, 0x31, 0x2D, 0x30, 0x32, 0x00,
  35075. 0x74, 0x65, 0x6C, 0x3A, 0x2B, 0x34, 0x34, 0x37,
  35076. 0x37, 0x30, 0x30, 0x39, 0x30, 0x30, 0x31, 0x32,
  35077. 0x33, 0x00
  35078. };
  35079. WOLFSSL_SMALL_STACK_STATIC const byte ssv[] = {
  35080. 0x12, 0x34, 0x56, 0x78, 0x9A, 0xBC, 0xDE, 0xF0,
  35081. 0x12, 0x34, 0x56, 0x78, 0x9A, 0xBC, 0xDE, 0xF0
  35082. };
  35083. WOLFSSL_SMALL_STACK_STATIC const byte auth[] = {
  35084. 0x04,
  35085. 0x44, 0xE8, 0xAD, 0x44, 0xAB, 0x85, 0x92, 0xA6,
  35086. 0xA5, 0xA3, 0xDD, 0xCA, 0x5C, 0xF8, 0x96, 0xC7,
  35087. 0x18, 0x04, 0x36, 0x06, 0xA0, 0x1D, 0x65, 0x0D,
  35088. 0xEF, 0x37, 0xA0, 0x1F, 0x37, 0xC2, 0x28, 0xC3,
  35089. 0x32, 0xFC, 0x31, 0x73, 0x54, 0xE2, 0xC2, 0x74,
  35090. 0xD4, 0xDA, 0xF8, 0xAD, 0x00, 0x10, 0x54, 0xC7,
  35091. 0x6C, 0xE5, 0x79, 0x71, 0xC6, 0xF4, 0x48, 0x6D,
  35092. 0x57, 0x23, 0x04, 0x32, 0x61, 0xC5, 0x06, 0xEB,
  35093. 0xF5, 0xBE, 0x43, 0x8F, 0x53, 0xDE, 0x04, 0xF0,
  35094. 0x67, 0xC7, 0x76, 0xE0, 0xDD, 0x3B, 0x71, 0xA6,
  35095. 0x29, 0x01, 0x33, 0x28, 0x37, 0x25, 0xA5, 0x32,
  35096. 0xF2, 0x1A, 0xF1, 0x45, 0x12, 0x6D, 0xC1, 0xD7,
  35097. 0x77, 0xEC, 0xC2, 0x7B, 0xE5, 0x08, 0x35, 0xBD,
  35098. 0x28, 0x09, 0x8B, 0x8A, 0x73, 0xD9, 0xF8, 0x01,
  35099. 0xD8, 0x93, 0x79, 0x3A, 0x41, 0xFF, 0x5C, 0x49,
  35100. 0xB8, 0x7E, 0x79, 0xF2, 0xBE, 0x4D, 0x56, 0xCE,
  35101. 0x55, 0x7E, 0x13, 0x4A, 0xD8, 0x5B, 0xB1, 0xD4,
  35102. 0xB9, 0xCE, 0x4F, 0x8B, 0xE4, 0xB0, 0x8A, 0x12,
  35103. 0xBA, 0xBF, 0x55, 0xB1, 0xD6, 0xF1, 0xD7, 0xA6,
  35104. 0x38, 0x01, 0x9E, 0xA2, 0x8E, 0x15, 0xAB, 0x1C,
  35105. 0x9F, 0x76, 0x37, 0x5F, 0xDD, 0x12, 0x10, 0xD4,
  35106. 0xF4, 0x35, 0x1B, 0x9A, 0x00, 0x94, 0x86, 0xB7,
  35107. 0xF3, 0xED, 0x46, 0xC9, 0x65, 0xDE, 0xD2, 0xD8,
  35108. 0x0D, 0xAD, 0xE4, 0xF3, 0x8C, 0x67, 0x21, 0xD5,
  35109. 0x2C, 0x3A, 0xD1, 0x03, 0xA1, 0x0E, 0xBD, 0x29,
  35110. 0x59, 0x24, 0x8B, 0x4E, 0xF0, 0x06, 0x83, 0x6B,
  35111. 0xF0, 0x97, 0x44, 0x8E, 0x61, 0x07, 0xC9, 0xED,
  35112. 0xEE, 0x9F, 0xB7, 0x04, 0x82, 0x3D, 0xF1, 0x99,
  35113. 0xF8, 0x32, 0xC9, 0x05, 0xAE, 0x45, 0xF8, 0xA2,
  35114. 0x47, 0xA0, 0x72, 0xD8, 0xEF, 0x72, 0x9E, 0xAB,
  35115. 0xC5, 0xE2, 0x75, 0x74, 0xB0, 0x77, 0x39, 0xB3,
  35116. 0x4B, 0xE7, 0x4A, 0x53, 0x2F, 0x74, 0x7B, 0x86
  35117. };
  35118. WOLFSSL_SMALL_STACK_STATIC const byte encSsv[] = {
  35119. 0x89, 0xE0, 0xBC, 0x66, 0x1A, 0xA1, 0xE9, 0x16,
  35120. 0x38, 0xE6, 0xAC, 0xC8, 0x4E, 0x49, 0x65, 0x07
  35121. };
  35122. wc_test_ret_t ret;
  35123. int valid;
  35124. byte pubKey[sizeof(pubData) + 1];
  35125. word32 sz = sizeof(pubKey);
  35126. byte tmpSsv[sizeof(encSsv)];
  35127. byte* iTable = NULL;
  35128. word32 iTableLen;
  35129. byte* table = NULL;
  35130. word32 len;
  35131. ret = wc_ImportSakkePublicKey(key, pubData, sizeof(pubData), 0);
  35132. if (ret != 0)
  35133. return WC_TEST_RET_ENC_EC(ret);
  35134. ret = wc_DecodeSakkeRsk(key, rskData, sizeof(rskData), rsk);
  35135. if (ret != 0)
  35136. return WC_TEST_RET_ENC_EC(ret);
  35137. ret = wc_ValidateSakkeRsk(key, id, sizeof(id), rsk, &valid);
  35138. if (ret != 0)
  35139. return WC_TEST_RET_ENC_EC(ret);
  35140. if (valid != 1)
  35141. return WC_TEST_RET_ENC_NC;
  35142. ret = wc_SetSakkeRsk(key, rsk, NULL, 0);
  35143. if (ret != 0)
  35144. return WC_TEST_RET_ENC_EC(ret);
  35145. ret = wc_SetSakkeIdentity(key, id, sizeof(id));
  35146. if (ret != 0)
  35147. return WC_TEST_RET_ENC_EC(ret);
  35148. XMEMCPY(tmpSsv, encSsv, sizeof(encSsv));
  35149. ret = wc_DeriveSakkeSSV(key, WC_HASH_TYPE_SHA256, tmpSsv, sizeof(tmpSsv),
  35150. auth, sizeof(auth));
  35151. if (ret != 0)
  35152. return WC_TEST_RET_ENC_EC(ret);
  35153. if (XMEMCMP(tmpSsv, ssv, sizeof(ssv)) != 0)
  35154. return WC_TEST_RET_ENC_NC;
  35155. ret = wc_MakeSakkePointI(key, id, sizeof(id));
  35156. if (ret != 0)
  35157. return WC_TEST_RET_ENC_EC(ret);
  35158. iTableLen = 0;
  35159. ret = wc_GenerateSakkePointITable(key, NULL, &iTableLen);
  35160. if (ret != LENGTH_ONLY_E)
  35161. return WC_TEST_RET_ENC_EC(ret);
  35162. if (iTableLen != 0) {
  35163. iTable = (byte*)XMALLOC(iTableLen, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  35164. if (iTable == NULL)
  35165. return WC_TEST_RET_ENC_ERRNO;
  35166. ret = wc_GenerateSakkePointITable(key, iTable, &iTableLen);
  35167. if (ret != 0)
  35168. return WC_TEST_RET_ENC_EC(ret);
  35169. }
  35170. len = 0;
  35171. ret = wc_GenerateSakkeRskTable(key, rsk, NULL, &len);
  35172. if (ret != LENGTH_ONLY_E)
  35173. return WC_TEST_RET_ENC_EC(ret);
  35174. if (len > 0) {
  35175. table = (byte*)XMALLOC(len, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  35176. if (table == NULL)
  35177. return WC_TEST_RET_ENC_ERRNO;
  35178. ret = wc_GenerateSakkeRskTable(key, rsk, table, &len);
  35179. if (ret != 0)
  35180. return WC_TEST_RET_ENC_EC(ret);
  35181. }
  35182. ret = wc_SetSakkeRsk(key, rsk, table, len);
  35183. if (ret != 0)
  35184. return WC_TEST_RET_ENC_EC(ret);
  35185. XMEMCPY(tmpSsv, encSsv, sizeof(encSsv));
  35186. ret = wc_DeriveSakkeSSV(key, WC_HASH_TYPE_SHA256, tmpSsv, sizeof(tmpSsv),
  35187. auth, sizeof(auth));
  35188. if (ret != 0)
  35189. return WC_TEST_RET_ENC_EC(ret);
  35190. if (XMEMCMP(tmpSsv, ssv, sizeof(ssv)) != 0)
  35191. return WC_TEST_RET_ENC_NC;
  35192. /* Don't reference table that is about to be freed. */
  35193. ret = wc_ClearSakkePointITable(key);
  35194. if (ret != 0)
  35195. return WC_TEST_RET_ENC_EC(ret);
  35196. /* Dispose of tables */
  35197. if (iTable != NULL)
  35198. XFREE(iTable, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  35199. if (table != NULL)
  35200. XFREE(table, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  35201. /* Make sure the key public key is exportable - convert to Montgomery form
  35202. * in Validation.
  35203. */
  35204. ret = wc_ExportSakkePublicKey(key, pubKey, &sz, 1);
  35205. if (ret != 0)
  35206. return WC_TEST_RET_ENC_EC(ret);
  35207. if (sz != sizeof(pubData))
  35208. return WC_TEST_RET_ENC_NC;
  35209. if (XMEMCMP(pubKey, pubData, sizeof(pubData)) != 0)
  35210. return WC_TEST_RET_ENC_NC;
  35211. sz = sizeof(pubData) + 1;
  35212. ret = wc_ExportSakkePublicKey(key, pubKey, &sz, 0);
  35213. if (ret != 0)
  35214. return WC_TEST_RET_ENC_EC(ret);
  35215. if (sz != sizeof(pubData) + 1)
  35216. return WC_TEST_RET_ENC_NC;
  35217. if (pubKey[0] != 0x04)
  35218. return WC_TEST_RET_ENC_NC;
  35219. if (XMEMCMP(pubKey + 1, pubData, sizeof(pubData)) != 0)
  35220. return WC_TEST_RET_ENC_NC;
  35221. return 0;
  35222. }
  35223. static wc_test_ret_t sakke_kat_encapsulate_test(SakkeKey* key)
  35224. {
  35225. static const byte pubData[] = {
  35226. 0x59, 0x58, 0xEF, 0x1B, 0x16, 0x79, 0xBF, 0x09,
  35227. 0x9B, 0x3A, 0x03, 0x0D, 0xF2, 0x55, 0xAA, 0x6A,
  35228. 0x23, 0xC1, 0xD8, 0xF1, 0x43, 0xD4, 0xD2, 0x3F,
  35229. 0x75, 0x3E, 0x69, 0xBD, 0x27, 0xA8, 0x32, 0xF3,
  35230. 0x8C, 0xB4, 0xAD, 0x53, 0xDD, 0xEF, 0x42, 0x60,
  35231. 0xB0, 0xFE, 0x8B, 0xB4, 0x5C, 0x4C, 0x1F, 0xF5,
  35232. 0x10, 0xEF, 0xFE, 0x30, 0x03, 0x67, 0xA3, 0x7B,
  35233. 0x61, 0xF7, 0x01, 0xD9, 0x14, 0xAE, 0xF0, 0x97,
  35234. 0x24, 0x82, 0x5F, 0xA0, 0x70, 0x7D, 0x61, 0xA6,
  35235. 0xDF, 0xF4, 0xFB, 0xD7, 0x27, 0x35, 0x66, 0xCD,
  35236. 0xDE, 0x35, 0x2A, 0x0B, 0x04, 0xB7, 0xC1, 0x6A,
  35237. 0x78, 0x30, 0x9B, 0xE6, 0x40, 0x69, 0x7D, 0xE7,
  35238. 0x47, 0x61, 0x3A, 0x5F, 0xC1, 0x95, 0xE8, 0xB9,
  35239. 0xF3, 0x28, 0x85, 0x2A, 0x57, 0x9D, 0xB8, 0xF9,
  35240. 0x9B, 0x1D, 0x00, 0x34, 0x47, 0x9E, 0xA9, 0xC5,
  35241. 0x59, 0x5F, 0x47, 0xC4, 0xB2, 0xF5, 0x4F, 0xF2,
  35242. 0x15, 0x08, 0xD3, 0x75, 0x14, 0xDC, 0xF7, 0xA8,
  35243. 0xE1, 0x43, 0xA6, 0x05, 0x8C, 0x09, 0xA6, 0xBF,
  35244. 0x2C, 0x98, 0x58, 0xCA, 0x37, 0xC2, 0x58, 0x06,
  35245. 0x5A, 0xE6, 0xBF, 0x75, 0x32, 0xBC, 0x8B, 0x5B,
  35246. 0x63, 0x38, 0x38, 0x66, 0xE0, 0x75, 0x3C, 0x5A,
  35247. 0xC0, 0xE7, 0x27, 0x09, 0xF8, 0x44, 0x5F, 0x2E,
  35248. 0x61, 0x78, 0xE0, 0x65, 0x85, 0x7E, 0x0E, 0xDA,
  35249. 0x10, 0xF6, 0x82, 0x06, 0xB6, 0x35, 0x05, 0xED,
  35250. 0x87, 0xE5, 0x34, 0xFB, 0x28, 0x31, 0xFF, 0x95,
  35251. 0x7F, 0xB7, 0xDC, 0x61, 0x9D, 0xAE, 0x61, 0x30,
  35252. 0x1E, 0xEA, 0xCC, 0x2F, 0xDA, 0x36, 0x80, 0xEA,
  35253. 0x49, 0x99, 0x25, 0x8A, 0x83, 0x3C, 0xEA, 0x8F,
  35254. 0xC6, 0x7C, 0x6D, 0x19, 0x48, 0x7F, 0xB4, 0x49,
  35255. 0x05, 0x9F, 0x26, 0xCC, 0x8A, 0xAB, 0x65, 0x5A,
  35256. 0xB5, 0x8B, 0x7C, 0xC7, 0x96, 0xE2, 0x4E, 0x9A,
  35257. 0x39, 0x40, 0x95, 0x75, 0x4F, 0x5F, 0x8B, 0xAE
  35258. };
  35259. static const byte id[] = {
  35260. 0x32, 0x30, 0x31, 0x31, 0x2D, 0x30, 0x32, 0x00,
  35261. 0x74, 0x65, 0x6C, 0x3A, 0x2B, 0x34, 0x34, 0x37,
  35262. 0x37, 0x30, 0x30, 0x39, 0x30, 0x30, 0x31, 0x32,
  35263. 0x33, 0x00
  35264. };
  35265. static const word32 idSz = sizeof(id);
  35266. byte ssv[] = {
  35267. 0x12, 0x34, 0x56, 0x78, 0x9A, 0xBC, 0xDE, 0xF0,
  35268. 0x12, 0x34, 0x56, 0x78, 0x9A, 0xBC, 0xDE, 0xF0
  35269. };
  35270. static const word16 ssvSz = sizeof(ssv);
  35271. static const byte expAuth[] = {
  35272. 0x04,
  35273. 0x44, 0xE8, 0xAD, 0x44, 0xAB, 0x85, 0x92, 0xA6,
  35274. 0xA5, 0xA3, 0xDD, 0xCA, 0x5C, 0xF8, 0x96, 0xC7,
  35275. 0x18, 0x04, 0x36, 0x06, 0xA0, 0x1D, 0x65, 0x0D,
  35276. 0xEF, 0x37, 0xA0, 0x1F, 0x37, 0xC2, 0x28, 0xC3,
  35277. 0x32, 0xFC, 0x31, 0x73, 0x54, 0xE2, 0xC2, 0x74,
  35278. 0xD4, 0xDA, 0xF8, 0xAD, 0x00, 0x10, 0x54, 0xC7,
  35279. 0x6C, 0xE5, 0x79, 0x71, 0xC6, 0xF4, 0x48, 0x6D,
  35280. 0x57, 0x23, 0x04, 0x32, 0x61, 0xC5, 0x06, 0xEB,
  35281. 0xF5, 0xBE, 0x43, 0x8F, 0x53, 0xDE, 0x04, 0xF0,
  35282. 0x67, 0xC7, 0x76, 0xE0, 0xDD, 0x3B, 0x71, 0xA6,
  35283. 0x29, 0x01, 0x33, 0x28, 0x37, 0x25, 0xA5, 0x32,
  35284. 0xF2, 0x1A, 0xF1, 0x45, 0x12, 0x6D, 0xC1, 0xD7,
  35285. 0x77, 0xEC, 0xC2, 0x7B, 0xE5, 0x08, 0x35, 0xBD,
  35286. 0x28, 0x09, 0x8B, 0x8A, 0x73, 0xD9, 0xF8, 0x01,
  35287. 0xD8, 0x93, 0x79, 0x3A, 0x41, 0xFF, 0x5C, 0x49,
  35288. 0xB8, 0x7E, 0x79, 0xF2, 0xBE, 0x4D, 0x56, 0xCE,
  35289. 0x55, 0x7E, 0x13, 0x4A, 0xD8, 0x5B, 0xB1, 0xD4,
  35290. 0xB9, 0xCE, 0x4F, 0x8B, 0xE4, 0xB0, 0x8A, 0x12,
  35291. 0xBA, 0xBF, 0x55, 0xB1, 0xD6, 0xF1, 0xD7, 0xA6,
  35292. 0x38, 0x01, 0x9E, 0xA2, 0x8E, 0x15, 0xAB, 0x1C,
  35293. 0x9F, 0x76, 0x37, 0x5F, 0xDD, 0x12, 0x10, 0xD4,
  35294. 0xF4, 0x35, 0x1B, 0x9A, 0x00, 0x94, 0x86, 0xB7,
  35295. 0xF3, 0xED, 0x46, 0xC9, 0x65, 0xDE, 0xD2, 0xD8,
  35296. 0x0D, 0xAD, 0xE4, 0xF3, 0x8C, 0x67, 0x21, 0xD5,
  35297. 0x2C, 0x3A, 0xD1, 0x03, 0xA1, 0x0E, 0xBD, 0x29,
  35298. 0x59, 0x24, 0x8B, 0x4E, 0xF0, 0x06, 0x83, 0x6B,
  35299. 0xF0, 0x97, 0x44, 0x8E, 0x61, 0x07, 0xC9, 0xED,
  35300. 0xEE, 0x9F, 0xB7, 0x04, 0x82, 0x3D, 0xF1, 0x99,
  35301. 0xF8, 0x32, 0xC9, 0x05, 0xAE, 0x45, 0xF8, 0xA2,
  35302. 0x47, 0xA0, 0x72, 0xD8, 0xEF, 0x72, 0x9E, 0xAB,
  35303. 0xC5, 0xE2, 0x75, 0x74, 0xB0, 0x77, 0x39, 0xB3,
  35304. 0x4B, 0xE7, 0x4A, 0x53, 0x2F, 0x74, 0x7B, 0x86
  35305. };
  35306. static const byte encSsv[] = {
  35307. 0x89, 0xE0, 0xBC, 0x66, 0x1A, 0xA1, 0xE9, 0x16,
  35308. 0x38, 0xE6, 0xAC, 0xC8, 0x4E, 0x49, 0x65, 0x07
  35309. };
  35310. wc_test_ret_t ret;
  35311. byte auth[257];
  35312. word16 authSz = sizeof(auth);
  35313. ret = wc_ImportSakkePublicKey(key, pubData, sizeof(pubData), 0);
  35314. if (ret != 0)
  35315. return WC_TEST_RET_ENC_EC(ret);
  35316. ret = wc_SetSakkeIdentity(key, id, idSz);
  35317. if (ret != 0)
  35318. return WC_TEST_RET_ENC_EC(ret);
  35319. ret = wc_MakeSakkeEncapsulatedSSV(key, WC_HASH_TYPE_SHA256, ssv, ssvSz,
  35320. auth, &authSz);
  35321. if (ret != 0)
  35322. return WC_TEST_RET_ENC_EC(ret);
  35323. if (authSz != 257)
  35324. return WC_TEST_RET_ENC_NC;
  35325. if (XMEMCMP(ssv, encSsv, ssvSz) != 0)
  35326. return WC_TEST_RET_ENC_NC;
  35327. if (XMEMCMP(auth, expAuth, authSz) != 0)
  35328. return WC_TEST_RET_ENC_NC;
  35329. return 0;
  35330. }
  35331. static wc_test_ret_t sakke_make_key_test(SakkeKey* priv, SakkeKey* pub, SakkeKey* key,
  35332. WC_RNG* rng, ecc_point* rsk)
  35333. {
  35334. wc_test_ret_t ret;
  35335. byte data[440];
  35336. byte pubData[257];
  35337. word32 sz;
  35338. char mail[] = "test@wolfssl.com";
  35339. byte* id = (byte*)mail;
  35340. word32 idSz = (word32)XSTRLEN(mail);
  35341. int valid;
  35342. ecc_point* pubKey = rsk;
  35343. ret = wc_InitSakkeKey_ex(key, 128, ECC_SAKKE_1, NULL, INVALID_DEVID);
  35344. if (ret != 0)
  35345. return WC_TEST_RET_ENC_EC(ret);
  35346. ret = wc_MakeSakkeKey(priv, rng);
  35347. if (ret != 0)
  35348. return WC_TEST_RET_ENC_EC(ret);
  35349. ret = wc_ExportSakkeKey(priv, NULL, &sz);
  35350. if (ret != LENGTH_ONLY_E)
  35351. return WC_TEST_RET_ENC_EC(ret);
  35352. if (sz != 384)
  35353. return WC_TEST_RET_ENC_NC;
  35354. sz--;
  35355. ret = wc_ExportSakkeKey(priv, data, &sz);
  35356. if (ret == 0)
  35357. return WC_TEST_RET_ENC_NC;
  35358. sz++;
  35359. ret = wc_ExportSakkeKey(priv, data, &sz);
  35360. if (ret != 0)
  35361. return WC_TEST_RET_ENC_EC(ret);
  35362. if (sz != 384)
  35363. return WC_TEST_RET_ENC_NC;
  35364. ret = wc_ImportSakkeKey(key, data, sz - 1);
  35365. if (ret == 0)
  35366. return WC_TEST_RET_ENC_NC;
  35367. ret = wc_ImportSakkeKey(key, data, sz);
  35368. if (ret != 0)
  35369. return WC_TEST_RET_ENC_EC(ret);
  35370. wc_FreeSakkeKey(key);
  35371. ret = wc_InitSakkeKey_ex(key, 128, ECC_SAKKE_1, NULL, INVALID_DEVID);
  35372. if (ret != 0)
  35373. return WC_TEST_RET_ENC_EC(ret);
  35374. ret = wc_ExportSakkePrivateKey(priv, NULL, &sz);
  35375. if (ret != LENGTH_ONLY_E)
  35376. return WC_TEST_RET_ENC_EC(ret);
  35377. if (sz != 128)
  35378. return WC_TEST_RET_ENC_NC;
  35379. sz--;
  35380. ret = wc_ExportSakkePrivateKey(priv, data, &sz);
  35381. if (ret == 0)
  35382. return WC_TEST_RET_ENC_NC;
  35383. sz++;
  35384. ret = wc_ExportSakkePrivateKey(priv, data, &sz);
  35385. if (ret != 0)
  35386. return WC_TEST_RET_ENC_EC(ret);
  35387. if (sz != 128)
  35388. return WC_TEST_RET_ENC_NC;
  35389. ret = wc_ImportSakkePrivateKey(key, data, sz - 1);
  35390. if (ret == 0)
  35391. return WC_TEST_RET_ENC_NC;
  35392. ret = wc_ImportSakkePrivateKey(key, data, sz);
  35393. if (ret != 0)
  35394. return WC_TEST_RET_ENC_EC(ret);
  35395. ret = wc_MakeSakkePublicKey(key, pubKey);
  35396. if (ret != 0)
  35397. return WC_TEST_RET_ENC_EC(ret);
  35398. ret = wc_ExportSakkePublicKey(priv, NULL, &sz, 1);
  35399. if (ret != LENGTH_ONLY_E)
  35400. return WC_TEST_RET_ENC_EC(ret);
  35401. if (sz != 256)
  35402. return WC_TEST_RET_ENC_NC;
  35403. sz--;
  35404. ret = wc_ExportSakkePublicKey(priv, data, &sz, 1);
  35405. if (ret == 0)
  35406. return WC_TEST_RET_ENC_NC;
  35407. sz++;
  35408. ret = wc_ExportSakkePublicKey(priv, data, &sz, 1);
  35409. if (ret != 0)
  35410. return WC_TEST_RET_ENC_EC(ret);
  35411. if (sz != 256)
  35412. return WC_TEST_RET_ENC_NC;
  35413. ret = wc_ImportSakkePublicKey(pub, data, sz - 1, 1);
  35414. if (ret == 0)
  35415. return WC_TEST_RET_ENC_NC;
  35416. ret = wc_ImportSakkePublicKey(pub, data, sz, 1);
  35417. if (ret != 0)
  35418. return WC_TEST_RET_ENC_EC(ret);
  35419. ret = wc_ExportSakkePublicKey(pub, pubData, &sz, 1);
  35420. if (ret != 0)
  35421. return WC_TEST_RET_ENC_EC(ret);
  35422. if (sz != 256)
  35423. return WC_TEST_RET_ENC_NC;
  35424. if (XMEMCMP(data, pubData, sz) != 0)
  35425. return WC_TEST_RET_ENC_NC;
  35426. ret = wc_MakeSakkeRsk(priv, id, idSz, rsk);
  35427. if (ret != 0)
  35428. return WC_TEST_RET_ENC_EC(ret);
  35429. ret = wc_ValidateSakkeRsk(priv, id, idSz, rsk, &valid);
  35430. if (ret != 0)
  35431. return WC_TEST_RET_ENC_EC(ret);
  35432. if (valid != 1)
  35433. return WC_TEST_RET_ENC_NC;
  35434. ret = wc_ValidateSakkeRsk(pub, id, idSz, rsk, &valid);
  35435. if (ret != 0)
  35436. return WC_TEST_RET_ENC_EC(ret);
  35437. if (valid != 1)
  35438. return WC_TEST_RET_ENC_NC;
  35439. sz = sizeof(data);
  35440. ret = wc_EncodeSakkeRsk(priv, rsk, data, &sz, 1);
  35441. if (ret != 0)
  35442. return WC_TEST_RET_ENC_EC(ret);
  35443. if (sz != 256)
  35444. return WC_TEST_RET_ENC_NC;
  35445. ret = wc_DecodeSakkeRsk(priv, data, sz, rsk);
  35446. if (ret != 0)
  35447. return WC_TEST_RET_ENC_EC(ret);
  35448. sz = sizeof(pubData);
  35449. ret = wc_EncodeSakkeRsk(priv, rsk, pubData, &sz, 0);
  35450. if (ret != 0)
  35451. return WC_TEST_RET_ENC_EC(ret);
  35452. if (sz != sizeof(pubData))
  35453. return WC_TEST_RET_ENC_NC;
  35454. ret = wc_DecodeSakkeRsk(priv, pubData, sz, rsk);
  35455. if (ret != 0)
  35456. return WC_TEST_RET_ENC_EC(ret);
  35457. wc_FreeSakkeKey(key);
  35458. return 0;
  35459. }
  35460. static wc_test_ret_t sakke_op_test(SakkeKey* priv, SakkeKey* pub, WC_RNG* rng,
  35461. ecc_point* rsk)
  35462. {
  35463. wc_test_ret_t ret;
  35464. byte ssv[16];
  35465. word16 ssvSz;
  35466. byte auth[257];
  35467. word16 authSz;
  35468. char mail[] = "test@wolfssl.com";
  35469. byte* id = (byte*)mail;
  35470. word32 idSz = (word32)XSTRLEN(mail);
  35471. byte pointI[256];
  35472. word32 sz;
  35473. ret = wc_GenerateSakkeSSV(pub, rng, NULL, &ssvSz);
  35474. if (ret != LENGTH_ONLY_E)
  35475. return WC_TEST_RET_ENC_EC(ret);
  35476. if (ssvSz != 16)
  35477. return WC_TEST_RET_ENC_NC;
  35478. ssvSz += 128;
  35479. ret = wc_GenerateSakkeSSV(pub, rng, ssv, &ssvSz);
  35480. if (ret == 0)
  35481. return WC_TEST_RET_ENC_NC;
  35482. ssvSz -= 128;
  35483. ret = wc_GenerateSakkeSSV(pub, rng, ssv, &ssvSz);
  35484. if (ret != 0)
  35485. return WC_TEST_RET_ENC_EC(ret);
  35486. if (ssvSz != 16)
  35487. return WC_TEST_RET_ENC_NC;
  35488. ret = wc_GetSakkeAuthSize(pub, &authSz);
  35489. if (ret != 0)
  35490. return WC_TEST_RET_ENC_EC(ret);
  35491. ret = wc_SetSakkeIdentity(pub, id, idSz);
  35492. if (ret != 0)
  35493. return WC_TEST_RET_ENC_EC(ret);
  35494. ret = wc_MakeSakkeEncapsulatedSSV(pub, WC_HASH_TYPE_SHA256, ssv, ssvSz,
  35495. NULL, &authSz);
  35496. if (ret != LENGTH_ONLY_E)
  35497. return WC_TEST_RET_ENC_EC(ret);
  35498. if (authSz != 257)
  35499. return WC_TEST_RET_ENC_NC;
  35500. authSz--;
  35501. ret = wc_MakeSakkeEncapsulatedSSV(pub, WC_HASH_TYPE_SHA256, ssv, ssvSz,
  35502. auth, &authSz);
  35503. if (ret == 0)
  35504. return WC_TEST_RET_ENC_NC;
  35505. authSz++;
  35506. ret = wc_MakeSakkeEncapsulatedSSV(pub, WC_HASH_TYPE_SHA256, ssv, ssvSz,
  35507. auth, &authSz);
  35508. if (ret != 0)
  35509. return WC_TEST_RET_ENC_EC(ret);
  35510. if (authSz != 257)
  35511. return WC_TEST_RET_ENC_NC;
  35512. ret = wc_GetSakkePointI(pub, NULL, &sz);
  35513. if (ret != LENGTH_ONLY_E)
  35514. return WC_TEST_RET_ENC_EC(ret);
  35515. if (sz != 256)
  35516. return WC_TEST_RET_ENC_NC;
  35517. ret = wc_GetSakkePointI(pub, pointI, &sz);
  35518. if (ret != 0)
  35519. return WC_TEST_RET_ENC_EC(ret);
  35520. if (sz != 256)
  35521. return WC_TEST_RET_ENC_NC;
  35522. /* Bogus identity - make it check and regenerate I. */
  35523. ret = wc_MakeSakkePointI(pub, ssv, ssvSz);
  35524. if (ret != 0)
  35525. return WC_TEST_RET_ENC_EC(ret);
  35526. ret = wc_MakeSakkeEncapsulatedSSV(pub, WC_HASH_TYPE_SHA256, ssv, ssvSz,
  35527. auth, &authSz);
  35528. if (ret != 0)
  35529. return WC_TEST_RET_ENC_EC(ret);
  35530. if (authSz != 257)
  35531. return WC_TEST_RET_ENC_NC;
  35532. ret = wc_SetSakkeRsk(priv, rsk, NULL, 0);
  35533. if (ret != 0)
  35534. return WC_TEST_RET_ENC_EC(ret);
  35535. ret = wc_SetSakkeIdentity(priv, id, idSz);
  35536. if (ret != 0)
  35537. return WC_TEST_RET_ENC_EC(ret);
  35538. authSz--;
  35539. ret = wc_DeriveSakkeSSV(priv, WC_HASH_TYPE_SHA256, ssv, ssvSz, auth,
  35540. authSz);
  35541. if (ret == 0)
  35542. return WC_TEST_RET_ENC_NC;
  35543. authSz++;
  35544. ret = wc_DeriveSakkeSSV(priv, WC_HASH_TYPE_SHA256, ssv, ssvSz, auth,
  35545. authSz);
  35546. if (ret != 0)
  35547. return WC_TEST_RET_ENC_EC(ret);
  35548. ssv[0] ^= 0x80;
  35549. ret = wc_DeriveSakkeSSV(priv, WC_HASH_TYPE_SHA256, ssv, ssvSz, auth,
  35550. authSz);
  35551. if (ret != SAKKE_VERIFY_FAIL_E)
  35552. return WC_TEST_RET_ENC_EC(ret);
  35553. ssv[0] ^= 0x80;
  35554. /* Bogus identity - make it check and regenerate I. */
  35555. ret = wc_MakeSakkePointI(pub, ssv, idSz);
  35556. if (ret != 0)
  35557. return WC_TEST_RET_ENC_EC(ret);
  35558. ret = wc_DeriveSakkeSSV(priv, WC_HASH_TYPE_SHA256, ssv, ssvSz, auth,
  35559. authSz);
  35560. if (ret != 0)
  35561. return WC_TEST_RET_ENC_EC(ret);
  35562. return 0;
  35563. }
  35564. WOLFSSL_TEST_SUBROUTINE wc_test_ret_t sakke_test(void)
  35565. {
  35566. wc_test_ret_t ret = 0;
  35567. WC_RNG rng;
  35568. int rng_inited = 0;
  35569. SakkeKey* priv = NULL;
  35570. SakkeKey* pub = NULL;
  35571. SakkeKey* key = NULL;
  35572. ecc_point* rsk = NULL;
  35573. priv = (SakkeKey*)XMALLOC(sizeof(SakkeKey), HEAP_HINT,
  35574. DYNAMIC_TYPE_TMP_BUFFER);
  35575. if (priv == NULL)
  35576. ret = WC_TEST_RET_ENC_NC;
  35577. else
  35578. XMEMSET(priv, 0, sizeof(*priv));
  35579. if (ret == 0) {
  35580. pub = (SakkeKey*)XMALLOC(sizeof(SakkeKey), HEAP_HINT,
  35581. DYNAMIC_TYPE_TMP_BUFFER);
  35582. if (pub == NULL)
  35583. ret = WC_TEST_RET_ENC_NC;
  35584. else
  35585. XMEMSET(pub, 0, sizeof(*pub));
  35586. }
  35587. if (ret == 0) {
  35588. key = (SakkeKey*)XMALLOC(sizeof(SakkeKey), HEAP_HINT,
  35589. DYNAMIC_TYPE_TMP_BUFFER);
  35590. if (key == NULL)
  35591. ret = WC_TEST_RET_ENC_NC;
  35592. else
  35593. XMEMSET(key, 0, sizeof(*key));
  35594. }
  35595. if (ret == 0) {
  35596. #ifndef HAVE_FIPS
  35597. ret = wc_InitRng_ex(&rng, HEAP_HINT, devId);
  35598. #else
  35599. ret = wc_InitRng(&rng);
  35600. #endif
  35601. if (ret == 0)
  35602. rng_inited = 1;
  35603. else
  35604. ret = WC_TEST_RET_ENC_EC(ret);
  35605. }
  35606. if (ret == 0) {
  35607. rsk = wc_ecc_new_point();
  35608. if (rsk == NULL)
  35609. ret = WC_TEST_RET_ENC_NC;
  35610. }
  35611. if (ret == 0) {
  35612. ret = wc_InitSakkeKey(pub, HEAP_HINT, INVALID_DEVID);
  35613. if (ret != 0)
  35614. ret = WC_TEST_RET_ENC_EC(ret);
  35615. }
  35616. if (ret == 0) {
  35617. ret = wc_InitSakkeKey(priv, HEAP_HINT, INVALID_DEVID);
  35618. if (ret != 0)
  35619. ret = WC_TEST_RET_ENC_EC(ret);
  35620. }
  35621. if (ret == 0) {
  35622. ret = sakke_api_test(&rng, key, rsk);
  35623. }
  35624. if (ret == 0) {
  35625. ret = sakke_kat_derive_test(pub, rsk);
  35626. }
  35627. if (ret == 0) {
  35628. ret = sakke_kat_encapsulate_test(pub);
  35629. }
  35630. if (ret == 0) {
  35631. ret = sakke_make_key_test(priv, pub, key, &rng, rsk);
  35632. }
  35633. if (ret == 0) {
  35634. ret = sakke_op_test(priv, pub, &rng, rsk);
  35635. }
  35636. if (rsk != NULL) {
  35637. wc_ecc_forcezero_point(rsk);
  35638. wc_ecc_del_point(rsk);
  35639. }
  35640. if (rng_inited)
  35641. wc_FreeRng(&rng);
  35642. if (key != NULL)
  35643. XFREE(key, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  35644. if (pub != NULL) {
  35645. wc_FreeSakkeKey(pub);
  35646. XFREE(pub, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  35647. }
  35648. if (priv != NULL) {
  35649. wc_FreeSakkeKey(priv);
  35650. XFREE(priv, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  35651. }
  35652. return ret;
  35653. }
  35654. #endif /* WOLFCRYPT_HAVE_SAKKE */
  35655. #if defined(WOLFSSL_CMAC) && !defined(NO_AES)
  35656. typedef struct CMAC_Test_Case {
  35657. int type;
  35658. int partial;
  35659. const byte* m;
  35660. word32 mSz;
  35661. const byte* k;
  35662. word32 kSz;
  35663. const byte* t;
  35664. word32 tSz;
  35665. } CMAC_Test_Case;
  35666. WOLFSSL_TEST_SUBROUTINE wc_test_ret_t cmac_test(void)
  35667. {
  35668. #ifdef WOLFSSL_AES_128
  35669. WOLFSSL_SMALL_STACK_STATIC const byte k128[] =
  35670. {
  35671. 0x2b, 0x7e, 0x15, 0x16, 0x28, 0xae, 0xd2, 0xa6,
  35672. 0xab, 0xf7, 0x15, 0x88, 0x09, 0xcf, 0x4f, 0x3c
  35673. };
  35674. #define KLEN_128 (sizeof(k128))
  35675. #endif
  35676. #ifdef WOLFSSL_AES_192
  35677. WOLFSSL_SMALL_STACK_STATIC const byte k192[] =
  35678. {
  35679. 0x8e, 0x73, 0xb0, 0xf7, 0xda, 0x0e, 0x64, 0x52,
  35680. 0xc8, 0x10, 0xf3, 0x2b, 0x80, 0x90, 0x79, 0xe5,
  35681. 0x62, 0xf8, 0xea, 0xd2, 0x52, 0x2c, 0x6b, 0x7b
  35682. };
  35683. #define KLEN_192 (sizeof(k192))
  35684. #endif
  35685. #ifdef WOLFSSL_AES_256
  35686. WOLFSSL_SMALL_STACK_STATIC const byte k256[] =
  35687. {
  35688. 0x60, 0x3d, 0xeb, 0x10, 0x15, 0xca, 0x71, 0xbe,
  35689. 0x2b, 0x73, 0xae, 0xf0, 0x85, 0x7d, 0x77, 0x81,
  35690. 0x1f, 0x35, 0x2c, 0x07, 0x3b, 0x61, 0x08, 0xd7,
  35691. 0x2d, 0x98, 0x10, 0xa3, 0x09, 0x14, 0xdf, 0xf4
  35692. };
  35693. #define KLEN_256 (sizeof(k256))
  35694. #endif
  35695. WOLFSSL_SMALL_STACK_STATIC const byte m[] =
  35696. {
  35697. 0x6b, 0xc1, 0xbe, 0xe2, 0x2e, 0x40, 0x9f, 0x96,
  35698. 0xe9, 0x3d, 0x7e, 0x11, 0x73, 0x93, 0x17, 0x2a,
  35699. 0xae, 0x2d, 0x8a, 0x57, 0x1e, 0x03, 0xac, 0x9c,
  35700. 0x9e, 0xb7, 0x6f, 0xac, 0x45, 0xaf, 0x8e, 0x51,
  35701. 0x30, 0xc8, 0x1c, 0x46, 0xa3, 0x5c, 0xe4, 0x11,
  35702. 0xe5, 0xfb, 0xc1, 0x19, 0x1a, 0x0a, 0x52, 0xef,
  35703. 0xf6, 0x9f, 0x24, 0x45, 0xdf, 0x4f, 0x9b, 0x17,
  35704. 0xad, 0x2b, 0x41, 0x7b, 0xe6, 0x6c, 0x37, 0x10
  35705. };
  35706. #define MLEN_0 (0)
  35707. #define MLEN_128 (128/8)
  35708. #define MLEN_320 (320/8)
  35709. #define MLEN_319 (MLEN_320 - 1)
  35710. #define MLEN_512 (512/8)
  35711. #ifdef WOLFSSL_AES_128
  35712. WOLFSSL_SMALL_STACK_STATIC const byte t128_0[] =
  35713. {
  35714. 0xbb, 0x1d, 0x69, 0x29, 0xe9, 0x59, 0x37, 0x28,
  35715. 0x7f, 0xa3, 0x7d, 0x12, 0x9b, 0x75, 0x67, 0x46
  35716. };
  35717. WOLFSSL_SMALL_STACK_STATIC const byte t128_128[] =
  35718. {
  35719. 0x07, 0x0a, 0x16, 0xb4, 0x6b, 0x4d, 0x41, 0x44,
  35720. 0xf7, 0x9b, 0xdd, 0x9d, 0xd0, 0x4a, 0x28, 0x7c
  35721. };
  35722. WOLFSSL_SMALL_STACK_STATIC const byte t128_319[] =
  35723. {
  35724. 0x2c, 0x17, 0x84, 0x4c, 0x93, 0x1c, 0x07, 0x95,
  35725. 0x15, 0x92, 0x73, 0x0a, 0x34, 0xd0, 0xd9, 0xd2
  35726. };
  35727. WOLFSSL_SMALL_STACK_STATIC const byte t128_320[] =
  35728. {
  35729. 0xdf, 0xa6, 0x67, 0x47, 0xde, 0x9a, 0xe6, 0x30,
  35730. 0x30, 0xca, 0x32, 0x61, 0x14, 0x97, 0xc8, 0x27
  35731. };
  35732. WOLFSSL_SMALL_STACK_STATIC const byte t128_512[] =
  35733. {
  35734. 0x51, 0xf0, 0xbe, 0xbf, 0x7e, 0x3b, 0x9d, 0x92,
  35735. 0xfc, 0x49, 0x74, 0x17, 0x79, 0x36, 0x3c, 0xfe
  35736. };
  35737. #endif
  35738. #ifdef WOLFSSL_AES_192
  35739. WOLFSSL_SMALL_STACK_STATIC const byte t192_0[] =
  35740. {
  35741. 0xd1, 0x7d, 0xdf, 0x46, 0xad, 0xaa, 0xcd, 0xe5,
  35742. 0x31, 0xca, 0xc4, 0x83, 0xde, 0x7a, 0x93, 0x67
  35743. };
  35744. WOLFSSL_SMALL_STACK_STATIC const byte t192_128[] =
  35745. {
  35746. 0x9e, 0x99, 0xa7, 0xbf, 0x31, 0xe7, 0x10, 0x90,
  35747. 0x06, 0x62, 0xf6, 0x5e, 0x61, 0x7c, 0x51, 0x84
  35748. };
  35749. WOLFSSL_SMALL_STACK_STATIC const byte t192_320[] =
  35750. {
  35751. 0x8a, 0x1d, 0xe5, 0xbe, 0x2e, 0xb3, 0x1a, 0xad,
  35752. 0x08, 0x9a, 0x82, 0xe6, 0xee, 0x90, 0x8b, 0x0e
  35753. };
  35754. WOLFSSL_SMALL_STACK_STATIC const byte t192_512[] =
  35755. {
  35756. 0xa1, 0xd5, 0xdf, 0x0e, 0xed, 0x79, 0x0f, 0x79,
  35757. 0x4d, 0x77, 0x58, 0x96, 0x59, 0xf3, 0x9a, 0x11
  35758. };
  35759. #endif
  35760. #ifdef WOLFSSL_AES_256
  35761. WOLFSSL_SMALL_STACK_STATIC const byte t256_0[] =
  35762. {
  35763. 0x02, 0x89, 0x62, 0xf6, 0x1b, 0x7b, 0xf8, 0x9e,
  35764. 0xfc, 0x6b, 0x55, 0x1f, 0x46, 0x67, 0xd9, 0x83
  35765. };
  35766. WOLFSSL_SMALL_STACK_STATIC const byte t256_128[] =
  35767. {
  35768. 0x28, 0xa7, 0x02, 0x3f, 0x45, 0x2e, 0x8f, 0x82,
  35769. 0xbd, 0x4b, 0xf2, 0x8d, 0x8c, 0x37, 0xc3, 0x5c
  35770. };
  35771. WOLFSSL_SMALL_STACK_STATIC const byte t256_320[] =
  35772. {
  35773. 0xaa, 0xf3, 0xd8, 0xf1, 0xde, 0x56, 0x40, 0xc2,
  35774. 0x32, 0xf5, 0xb1, 0x69, 0xb9, 0xc9, 0x11, 0xe6
  35775. };
  35776. WOLFSSL_SMALL_STACK_STATIC const byte t256_512[] =
  35777. {
  35778. 0xe1, 0x99, 0x21, 0x90, 0x54, 0x9f, 0x6e, 0xd5,
  35779. 0x69, 0x6a, 0x2c, 0x05, 0x6c, 0x31, 0x54, 0x10
  35780. };
  35781. #endif
  35782. const CMAC_Test_Case testCases[] =
  35783. {
  35784. #ifdef WOLFSSL_AES_128
  35785. {WC_CMAC_AES, 0, m, MLEN_0, k128, KLEN_128, t128_0, AES_BLOCK_SIZE},
  35786. {WC_CMAC_AES, 0, m, MLEN_128, k128, KLEN_128, t128_128, AES_BLOCK_SIZE},
  35787. {WC_CMAC_AES, 0, m, MLEN_320, k128, KLEN_128, t128_320, AES_BLOCK_SIZE},
  35788. {WC_CMAC_AES, 0, m, MLEN_512, k128, KLEN_128, t128_512, AES_BLOCK_SIZE},
  35789. {WC_CMAC_AES, 5, m, MLEN_512, k128, KLEN_128, t128_512, AES_BLOCK_SIZE},
  35790. #endif
  35791. #ifdef WOLFSSL_AES_192
  35792. {WC_CMAC_AES, 0, m, MLEN_0, k192, KLEN_192, t192_0, AES_BLOCK_SIZE},
  35793. {WC_CMAC_AES, 0, m, MLEN_128, k192, KLEN_192, t192_128, AES_BLOCK_SIZE},
  35794. {WC_CMAC_AES, 0, m, MLEN_320, k192, KLEN_192, t192_320, AES_BLOCK_SIZE},
  35795. {WC_CMAC_AES, 0, m, MLEN_512, k192, KLEN_192, t192_512, AES_BLOCK_SIZE},
  35796. #endif
  35797. #ifdef WOLFSSL_AES_256
  35798. {WC_CMAC_AES, 0, m, MLEN_0, k256, KLEN_256, t256_0, AES_BLOCK_SIZE},
  35799. {WC_CMAC_AES, 0, m, MLEN_128, k256, KLEN_256, t256_128, AES_BLOCK_SIZE},
  35800. {WC_CMAC_AES, 0, m, MLEN_320, k256, KLEN_256, t256_320, AES_BLOCK_SIZE},
  35801. {WC_CMAC_AES, 0, m, MLEN_512, k256, KLEN_256, t256_512, AES_BLOCK_SIZE},
  35802. #endif
  35803. #ifdef WOLFSSL_AES_128
  35804. {WC_CMAC_AES, 0, m, MLEN_319, k128, KLEN_128, t128_319, AES_BLOCK_SIZE}
  35805. #endif
  35806. };
  35807. #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
  35808. Cmac *cmac;
  35809. #else
  35810. Cmac cmac[1];
  35811. #endif
  35812. byte tag[AES_BLOCK_SIZE];
  35813. const CMAC_Test_Case* tc;
  35814. word32 i, tagSz;
  35815. wc_test_ret_t ret;
  35816. #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
  35817. if ((cmac = (Cmac *)XMALLOC(sizeof *cmac, HEAP_HINT, DYNAMIC_TYPE_CMAC)) == NULL)
  35818. ERROR_OUT(WC_TEST_RET_ENC_ERRNO, out);
  35819. #endif
  35820. for (i = 0, tc = testCases;
  35821. i < sizeof(testCases)/sizeof(CMAC_Test_Case);
  35822. i++, tc++) {
  35823. XMEMSET(tag, 0, sizeof(tag));
  35824. tagSz = AES_BLOCK_SIZE;
  35825. #if !defined(HAVE_FIPS) || \
  35826. defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION >= 3)
  35827. ret = wc_InitCmac_ex(cmac, tc->k, tc->kSz, tc->type, NULL, HEAP_HINT, devId);
  35828. #else
  35829. ret = wc_InitCmac(cmac, tc->k, tc->kSz, tc->type, NULL);
  35830. #endif
  35831. if (ret != 0)
  35832. {
  35833. ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
  35834. }
  35835. if (tc->partial) {
  35836. ret = wc_CmacUpdate(cmac, tc->m,
  35837. tc->mSz/2 - tc->partial);
  35838. if (ret != 0)
  35839. ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
  35840. ret = wc_CmacUpdate(cmac, tc->m + tc->mSz/2 - tc->partial,
  35841. tc->mSz/2 + tc->partial);
  35842. if (ret != 0)
  35843. ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
  35844. }
  35845. else {
  35846. ret = wc_CmacUpdate(cmac, tc->m, tc->mSz);
  35847. if (ret != 0)
  35848. ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
  35849. }
  35850. ret = wc_CmacFinal(cmac, tag, &tagSz);
  35851. if (ret != 0)
  35852. ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
  35853. if (XMEMCMP(tag, tc->t, AES_BLOCK_SIZE) != 0)
  35854. ERROR_OUT(WC_TEST_RET_ENC_NC, out);
  35855. XMEMSET(tag, 0, sizeof(tag));
  35856. tagSz = sizeof(tag);
  35857. #if !defined(HAVE_FIPS) || FIPS_VERSION_GE(5, 3)
  35858. ret = wc_AesCmacGenerate_ex(cmac, tag, &tagSz, tc->m, tc->mSz,
  35859. tc->k, tc->kSz, NULL, devId);
  35860. #else
  35861. ret = wc_AesCmacGenerate(tag, &tagSz, tc->m, tc->mSz,
  35862. tc->k, tc->kSz);
  35863. #endif
  35864. if (ret != 0)
  35865. ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
  35866. if (XMEMCMP(tag, tc->t, AES_BLOCK_SIZE) != 0)
  35867. ERROR_OUT(WC_TEST_RET_ENC_NC, out);
  35868. #if !defined(HAVE_FIPS) || FIPS_VERSION_GE(5, 3)
  35869. ret = wc_AesCmacVerify_ex(cmac, tc->t, tc->tSz, tc->m, tc->mSz,
  35870. tc->k, tc->kSz, HEAP_HINT, devId);
  35871. #else
  35872. ret = wc_AesCmacVerify(tc->t, tc->tSz, tc->m, tc->mSz,
  35873. tc->k, tc->kSz);
  35874. #endif
  35875. if (ret != 0)
  35876. ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
  35877. #if !defined(HAVE_FIPS) || FIPS_VERSION_GE(5, 3)
  35878. /* Test that keyless generate with init is the same */
  35879. XMEMSET(tag, 0, sizeof(tag));
  35880. tagSz = sizeof(tag);
  35881. ret = wc_InitCmac_ex(cmac, tc->k, tc->kSz, tc->type, NULL, HEAP_HINT, devId);
  35882. if (ret != 0) {
  35883. ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
  35884. }
  35885. ret = wc_AesCmacGenerate_ex(cmac, tag, &tagSz, tc->m, tc->mSz,
  35886. NULL, 0, HEAP_HINT, devId);
  35887. if (ret != 0) {
  35888. ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
  35889. }
  35890. #endif
  35891. }
  35892. ret = 0;
  35893. out:
  35894. #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
  35895. if (cmac)
  35896. XFREE(cmac, HEAP_HINT, DYNAMIC_TYPE_CMAC);
  35897. #endif
  35898. return ret;
  35899. }
  35900. #endif /* NO_AES && WOLFSSL_CMAC */
  35901. #if defined(WOLFSSL_SIPHASH)
  35902. #if WOLFSSL_SIPHASH_CROUNDS == 2 && WOLFSSL_SIPHASH_DROUNDS == 4
  35903. /* Test vectors from:
  35904. * https://github.com/veorq/SipHash/blob/master/vectors.h
  35905. */
  35906. static const unsigned char siphash_key[SIPHASH_KEY_SIZE] = {
  35907. 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
  35908. 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f
  35909. };
  35910. static const unsigned char siphash_msg[64] = {
  35911. 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
  35912. 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f,
  35913. 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17,
  35914. 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f,
  35915. 0x20, 0x21, 0x22, 0x23, 0x24, 0x25, 0x26, 0x27,
  35916. 0x28, 0x29, 0x2a, 0x2b, 0x2c, 0x2d, 0x2e, 0x2f,
  35917. 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37,
  35918. 0x38, 0x39, 0x3a, 0x3b, 0x3c, 0x3d, 0x3e, 0x3f
  35919. };
  35920. static const unsigned char siphash_r8[64][SIPHASH_MAC_SIZE_8] = {
  35921. { 0x31, 0x0e, 0x0e, 0xdd, 0x47, 0xdb, 0x6f, 0x72, },
  35922. { 0xfd, 0x67, 0xdc, 0x93, 0xc5, 0x39, 0xf8, 0x74, },
  35923. { 0x5a, 0x4f, 0xa9, 0xd9, 0x09, 0x80, 0x6c, 0x0d, },
  35924. { 0x2d, 0x7e, 0xfb, 0xd7, 0x96, 0x66, 0x67, 0x85, },
  35925. { 0xb7, 0x87, 0x71, 0x27, 0xe0, 0x94, 0x27, 0xcf, },
  35926. { 0x8d, 0xa6, 0x99, 0xcd, 0x64, 0x55, 0x76, 0x18, },
  35927. { 0xce, 0xe3, 0xfe, 0x58, 0x6e, 0x46, 0xc9, 0xcb, },
  35928. { 0x37, 0xd1, 0x01, 0x8b, 0xf5, 0x00, 0x02, 0xab, },
  35929. { 0x62, 0x24, 0x93, 0x9a, 0x79, 0xf5, 0xf5, 0x93, },
  35930. { 0xb0, 0xe4, 0xa9, 0x0b, 0xdf, 0x82, 0x00, 0x9e, },
  35931. { 0xf3, 0xb9, 0xdd, 0x94, 0xc5, 0xbb, 0x5d, 0x7a, },
  35932. { 0xa7, 0xad, 0x6b, 0x22, 0x46, 0x2f, 0xb3, 0xf4, },
  35933. { 0xfb, 0xe5, 0x0e, 0x86, 0xbc, 0x8f, 0x1e, 0x75, },
  35934. { 0x90, 0x3d, 0x84, 0xc0, 0x27, 0x56, 0xea, 0x14, },
  35935. { 0xee, 0xf2, 0x7a, 0x8e, 0x90, 0xca, 0x23, 0xf7, },
  35936. { 0xe5, 0x45, 0xbe, 0x49, 0x61, 0xca, 0x29, 0xa1, },
  35937. { 0xdb, 0x9b, 0xc2, 0x57, 0x7f, 0xcc, 0x2a, 0x3f, },
  35938. { 0x94, 0x47, 0xbe, 0x2c, 0xf5, 0xe9, 0x9a, 0x69, },
  35939. { 0x9c, 0xd3, 0x8d, 0x96, 0xf0, 0xb3, 0xc1, 0x4b, },
  35940. { 0xbd, 0x61, 0x79, 0xa7, 0x1d, 0xc9, 0x6d, 0xbb, },
  35941. { 0x98, 0xee, 0xa2, 0x1a, 0xf2, 0x5c, 0xd6, 0xbe, },
  35942. { 0xc7, 0x67, 0x3b, 0x2e, 0xb0, 0xcb, 0xf2, 0xd0, },
  35943. { 0x88, 0x3e, 0xa3, 0xe3, 0x95, 0x67, 0x53, 0x93, },
  35944. { 0xc8, 0xce, 0x5c, 0xcd, 0x8c, 0x03, 0x0c, 0xa8, },
  35945. { 0x94, 0xaf, 0x49, 0xf6, 0xc6, 0x50, 0xad, 0xb8, },
  35946. { 0xea, 0xb8, 0x85, 0x8a, 0xde, 0x92, 0xe1, 0xbc, },
  35947. { 0xf3, 0x15, 0xbb, 0x5b, 0xb8, 0x35, 0xd8, 0x17, },
  35948. { 0xad, 0xcf, 0x6b, 0x07, 0x63, 0x61, 0x2e, 0x2f, },
  35949. { 0xa5, 0xc9, 0x1d, 0xa7, 0xac, 0xaa, 0x4d, 0xde, },
  35950. { 0x71, 0x65, 0x95, 0x87, 0x66, 0x50, 0xa2, 0xa6, },
  35951. { 0x28, 0xef, 0x49, 0x5c, 0x53, 0xa3, 0x87, 0xad, },
  35952. { 0x42, 0xc3, 0x41, 0xd8, 0xfa, 0x92, 0xd8, 0x32, },
  35953. { 0xce, 0x7c, 0xf2, 0x72, 0x2f, 0x51, 0x27, 0x71, },
  35954. { 0xe3, 0x78, 0x59, 0xf9, 0x46, 0x23, 0xf3, 0xa7, },
  35955. { 0x38, 0x12, 0x05, 0xbb, 0x1a, 0xb0, 0xe0, 0x12, },
  35956. { 0xae, 0x97, 0xa1, 0x0f, 0xd4, 0x34, 0xe0, 0x15, },
  35957. { 0xb4, 0xa3, 0x15, 0x08, 0xbe, 0xff, 0x4d, 0x31, },
  35958. { 0x81, 0x39, 0x62, 0x29, 0xf0, 0x90, 0x79, 0x02, },
  35959. { 0x4d, 0x0c, 0xf4, 0x9e, 0xe5, 0xd4, 0xdc, 0xca, },
  35960. { 0x5c, 0x73, 0x33, 0x6a, 0x76, 0xd8, 0xbf, 0x9a, },
  35961. { 0xd0, 0xa7, 0x04, 0x53, 0x6b, 0xa9, 0x3e, 0x0e, },
  35962. { 0x92, 0x59, 0x58, 0xfc, 0xd6, 0x42, 0x0c, 0xad, },
  35963. { 0xa9, 0x15, 0xc2, 0x9b, 0xc8, 0x06, 0x73, 0x18, },
  35964. { 0x95, 0x2b, 0x79, 0xf3, 0xbc, 0x0a, 0xa6, 0xd4, },
  35965. { 0xf2, 0x1d, 0xf2, 0xe4, 0x1d, 0x45, 0x35, 0xf9, },
  35966. { 0x87, 0x57, 0x75, 0x19, 0x04, 0x8f, 0x53, 0xa9, },
  35967. { 0x10, 0xa5, 0x6c, 0xf5, 0xdf, 0xcd, 0x9a, 0xdb, },
  35968. { 0xeb, 0x75, 0x09, 0x5c, 0xcd, 0x98, 0x6c, 0xd0, },
  35969. { 0x51, 0xa9, 0xcb, 0x9e, 0xcb, 0xa3, 0x12, 0xe6, },
  35970. { 0x96, 0xaf, 0xad, 0xfc, 0x2c, 0xe6, 0x66, 0xc7, },
  35971. { 0x72, 0xfe, 0x52, 0x97, 0x5a, 0x43, 0x64, 0xee, },
  35972. { 0x5a, 0x16, 0x45, 0xb2, 0x76, 0xd5, 0x92, 0xa1, },
  35973. { 0xb2, 0x74, 0xcb, 0x8e, 0xbf, 0x87, 0x87, 0x0a, },
  35974. { 0x6f, 0x9b, 0xb4, 0x20, 0x3d, 0xe7, 0xb3, 0x81, },
  35975. { 0xea, 0xec, 0xb2, 0xa3, 0x0b, 0x22, 0xa8, 0x7f, },
  35976. { 0x99, 0x24, 0xa4, 0x3c, 0xc1, 0x31, 0x57, 0x24, },
  35977. { 0xbd, 0x83, 0x8d, 0x3a, 0xaf, 0xbf, 0x8d, 0xb7, },
  35978. { 0x0b, 0x1a, 0x2a, 0x32, 0x65, 0xd5, 0x1a, 0xea, },
  35979. { 0x13, 0x50, 0x79, 0xa3, 0x23, 0x1c, 0xe6, 0x60, },
  35980. { 0x93, 0x2b, 0x28, 0x46, 0xe4, 0xd7, 0x06, 0x66, },
  35981. { 0xe1, 0x91, 0x5f, 0x5c, 0xb1, 0xec, 0xa4, 0x6c, },
  35982. { 0xf3, 0x25, 0x96, 0x5c, 0xa1, 0x6d, 0x62, 0x9f, },
  35983. { 0x57, 0x5f, 0xf2, 0x8e, 0x60, 0x38, 0x1b, 0xe5, },
  35984. { 0x72, 0x45, 0x06, 0xeb, 0x4c, 0x32, 0x8a, 0x95, },
  35985. };
  35986. static const unsigned char siphash_r16[64][SIPHASH_MAC_SIZE_16] = {
  35987. { 0xa3, 0x81, 0x7f, 0x04, 0xba, 0x25, 0xa8, 0xe6,
  35988. 0x6d, 0xf6, 0x72, 0x14, 0xc7, 0x55, 0x02, 0x93, },
  35989. { 0xda, 0x87, 0xc1, 0xd8, 0x6b, 0x99, 0xaf, 0x44,
  35990. 0x34, 0x76, 0x59, 0x11, 0x9b, 0x22, 0xfc, 0x45, },
  35991. { 0x81, 0x77, 0x22, 0x8d, 0xa4, 0xa4, 0x5d, 0xc7,
  35992. 0xfc, 0xa3, 0x8b, 0xde, 0xf6, 0x0a, 0xff, 0xe4, },
  35993. { 0x9c, 0x70, 0xb6, 0x0c, 0x52, 0x67, 0xa9, 0x4e,
  35994. 0x5f, 0x33, 0xb6, 0xb0, 0x29, 0x85, 0xed, 0x51, },
  35995. { 0xf8, 0x81, 0x64, 0xc1, 0x2d, 0x9c, 0x8f, 0xaf,
  35996. 0x7d, 0x0f, 0x6e, 0x7c, 0x7b, 0xcd, 0x55, 0x79, },
  35997. { 0x13, 0x68, 0x87, 0x59, 0x80, 0x77, 0x6f, 0x88,
  35998. 0x54, 0x52, 0x7a, 0x07, 0x69, 0x0e, 0x96, 0x27, },
  35999. { 0x14, 0xee, 0xca, 0x33, 0x8b, 0x20, 0x86, 0x13,
  36000. 0x48, 0x5e, 0xa0, 0x30, 0x8f, 0xd7, 0xa1, 0x5e, },
  36001. { 0xa1, 0xf1, 0xeb, 0xbe, 0xd8, 0xdb, 0xc1, 0x53,
  36002. 0xc0, 0xb8, 0x4a, 0xa6, 0x1f, 0xf0, 0x82, 0x39, },
  36003. { 0x3b, 0x62, 0xa9, 0xba, 0x62, 0x58, 0xf5, 0x61,
  36004. 0x0f, 0x83, 0xe2, 0x64, 0xf3, 0x14, 0x97, 0xb4, },
  36005. { 0x26, 0x44, 0x99, 0x06, 0x0a, 0xd9, 0xba, 0xab,
  36006. 0xc4, 0x7f, 0x8b, 0x02, 0xbb, 0x6d, 0x71, 0xed, },
  36007. { 0x00, 0x11, 0x0d, 0xc3, 0x78, 0x14, 0x69, 0x56,
  36008. 0xc9, 0x54, 0x47, 0xd3, 0xf3, 0xd0, 0xfb, 0xba, },
  36009. { 0x01, 0x51, 0xc5, 0x68, 0x38, 0x6b, 0x66, 0x77,
  36010. 0xa2, 0xb4, 0xdc, 0x6f, 0x81, 0xe5, 0xdc, 0x18, },
  36011. { 0xd6, 0x26, 0xb2, 0x66, 0x90, 0x5e, 0xf3, 0x58,
  36012. 0x82, 0x63, 0x4d, 0xf6, 0x85, 0x32, 0xc1, 0x25, },
  36013. { 0x98, 0x69, 0xe2, 0x47, 0xe9, 0xc0, 0x8b, 0x10,
  36014. 0xd0, 0x29, 0x93, 0x4f, 0xc4, 0xb9, 0x52, 0xf7, },
  36015. { 0x31, 0xfc, 0xef, 0xac, 0x66, 0xd7, 0xde, 0x9c,
  36016. 0x7e, 0xc7, 0x48, 0x5f, 0xe4, 0x49, 0x49, 0x02, },
  36017. { 0x54, 0x93, 0xe9, 0x99, 0x33, 0xb0, 0xa8, 0x11,
  36018. 0x7e, 0x08, 0xec, 0x0f, 0x97, 0xcf, 0xc3, 0xd9, },
  36019. { 0x6e, 0xe2, 0xa4, 0xca, 0x67, 0xb0, 0x54, 0xbb,
  36020. 0xfd, 0x33, 0x15, 0xbf, 0x85, 0x23, 0x05, 0x77, },
  36021. { 0x47, 0x3d, 0x06, 0xe8, 0x73, 0x8d, 0xb8, 0x98,
  36022. 0x54, 0xc0, 0x66, 0xc4, 0x7a, 0xe4, 0x77, 0x40, },
  36023. { 0xa4, 0x26, 0xe5, 0xe4, 0x23, 0xbf, 0x48, 0x85,
  36024. 0x29, 0x4d, 0xa4, 0x81, 0xfe, 0xae, 0xf7, 0x23, },
  36025. { 0x78, 0x01, 0x77, 0x31, 0xcf, 0x65, 0xfa, 0xb0,
  36026. 0x74, 0xd5, 0x20, 0x89, 0x52, 0x51, 0x2e, 0xb1, },
  36027. { 0x9e, 0x25, 0xfc, 0x83, 0x3f, 0x22, 0x90, 0x73,
  36028. 0x3e, 0x93, 0x44, 0xa5, 0xe8, 0x38, 0x39, 0xeb, },
  36029. { 0x56, 0x8e, 0x49, 0x5a, 0xbe, 0x52, 0x5a, 0x21,
  36030. 0x8a, 0x22, 0x14, 0xcd, 0x3e, 0x07, 0x1d, 0x12, },
  36031. { 0x4a, 0x29, 0xb5, 0x45, 0x52, 0xd1, 0x6b, 0x9a,
  36032. 0x46, 0x9c, 0x10, 0x52, 0x8e, 0xff, 0x0a, 0xae, },
  36033. { 0xc9, 0xd1, 0x84, 0xdd, 0xd5, 0xa9, 0xf5, 0xe0,
  36034. 0xcf, 0x8c, 0xe2, 0x9a, 0x9a, 0xbf, 0x69, 0x1c, },
  36035. { 0x2d, 0xb4, 0x79, 0xae, 0x78, 0xbd, 0x50, 0xd8,
  36036. 0x88, 0x2a, 0x8a, 0x17, 0x8a, 0x61, 0x32, 0xad, },
  36037. { 0x8e, 0xce, 0x5f, 0x04, 0x2d, 0x5e, 0x44, 0x7b,
  36038. 0x50, 0x51, 0xb9, 0xea, 0xcb, 0x8d, 0x8f, 0x6f, },
  36039. { 0x9c, 0x0b, 0x53, 0xb4, 0xb3, 0xc3, 0x07, 0xe8,
  36040. 0x7e, 0xae, 0xe0, 0x86, 0x78, 0x14, 0x1f, 0x66, },
  36041. { 0xab, 0xf2, 0x48, 0xaf, 0x69, 0xa6, 0xea, 0xe4,
  36042. 0xbf, 0xd3, 0xeb, 0x2f, 0x12, 0x9e, 0xeb, 0x94, },
  36043. { 0x06, 0x64, 0xda, 0x16, 0x68, 0x57, 0x4b, 0x88,
  36044. 0xb9, 0x35, 0xf3, 0x02, 0x73, 0x58, 0xae, 0xf4, },
  36045. { 0xaa, 0x4b, 0x9d, 0xc4, 0xbf, 0x33, 0x7d, 0xe9,
  36046. 0x0c, 0xd4, 0xfd, 0x3c, 0x46, 0x7c, 0x6a, 0xb7, },
  36047. { 0xea, 0x5c, 0x7f, 0x47, 0x1f, 0xaf, 0x6b, 0xde,
  36048. 0x2b, 0x1a, 0xd7, 0xd4, 0x68, 0x6d, 0x22, 0x87, },
  36049. { 0x29, 0x39, 0xb0, 0x18, 0x32, 0x23, 0xfa, 0xfc,
  36050. 0x17, 0x23, 0xde, 0x4f, 0x52, 0xc4, 0x3d, 0x35, },
  36051. { 0x7c, 0x39, 0x56, 0xca, 0x5e, 0xea, 0xfc, 0x3e,
  36052. 0x36, 0x3e, 0x9d, 0x55, 0x65, 0x46, 0xeb, 0x68, },
  36053. { 0x77, 0xc6, 0x07, 0x71, 0x46, 0xf0, 0x1c, 0x32,
  36054. 0xb6, 0xb6, 0x9d, 0x5f, 0x4e, 0xa9, 0xff, 0xcf, },
  36055. { 0x37, 0xa6, 0x98, 0x6c, 0xb8, 0x84, 0x7e, 0xdf,
  36056. 0x09, 0x25, 0xf0, 0xf1, 0x30, 0x9b, 0x54, 0xde, },
  36057. { 0xa7, 0x05, 0xf0, 0xe6, 0x9d, 0xa9, 0xa8, 0xf9,
  36058. 0x07, 0x24, 0x1a, 0x2e, 0x92, 0x3c, 0x8c, 0xc8, },
  36059. { 0x3d, 0xc4, 0x7d, 0x1f, 0x29, 0xc4, 0x48, 0x46,
  36060. 0x1e, 0x9e, 0x76, 0xed, 0x90, 0x4f, 0x67, 0x11, },
  36061. { 0x0d, 0x62, 0xbf, 0x01, 0xe6, 0xfc, 0x0e, 0x1a,
  36062. 0x0d, 0x3c, 0x47, 0x51, 0xc5, 0xd3, 0x69, 0x2b, },
  36063. { 0x8c, 0x03, 0x46, 0x8b, 0xca, 0x7c, 0x66, 0x9e,
  36064. 0xe4, 0xfd, 0x5e, 0x08, 0x4b, 0xbe, 0xe7, 0xb5, },
  36065. { 0x52, 0x8a, 0x5b, 0xb9, 0x3b, 0xaf, 0x2c, 0x9c,
  36066. 0x44, 0x73, 0xcc, 0xe5, 0xd0, 0xd2, 0x2b, 0xd9, },
  36067. { 0xdf, 0x6a, 0x30, 0x1e, 0x95, 0xc9, 0x5d, 0xad,
  36068. 0x97, 0xae, 0x0c, 0xc8, 0xc6, 0x91, 0x3b, 0xd8, },
  36069. { 0x80, 0x11, 0x89, 0x90, 0x2c, 0x85, 0x7f, 0x39,
  36070. 0xe7, 0x35, 0x91, 0x28, 0x5e, 0x70, 0xb6, 0xdb, },
  36071. { 0xe6, 0x17, 0x34, 0x6a, 0xc9, 0xc2, 0x31, 0xbb,
  36072. 0x36, 0x50, 0xae, 0x34, 0xcc, 0xca, 0x0c, 0x5b, },
  36073. { 0x27, 0xd9, 0x34, 0x37, 0xef, 0xb7, 0x21, 0xaa,
  36074. 0x40, 0x18, 0x21, 0xdc, 0xec, 0x5a, 0xdf, 0x89, },
  36075. { 0x89, 0x23, 0x7d, 0x9d, 0xed, 0x9c, 0x5e, 0x78,
  36076. 0xd8, 0xb1, 0xc9, 0xb1, 0x66, 0xcc, 0x73, 0x42, },
  36077. { 0x4a, 0x6d, 0x80, 0x91, 0xbf, 0x5e, 0x7d, 0x65,
  36078. 0x11, 0x89, 0xfa, 0x94, 0xa2, 0x50, 0xb1, 0x4c, },
  36079. { 0x0e, 0x33, 0xf9, 0x60, 0x55, 0xe7, 0xae, 0x89,
  36080. 0x3f, 0xfc, 0x0e, 0x3d, 0xcf, 0x49, 0x29, 0x02, },
  36081. { 0xe6, 0x1c, 0x43, 0x2b, 0x72, 0x0b, 0x19, 0xd1,
  36082. 0x8e, 0xc8, 0xd8, 0x4b, 0xdc, 0x63, 0x15, 0x1b, },
  36083. { 0xf7, 0xe5, 0xae, 0xf5, 0x49, 0xf7, 0x82, 0xcf,
  36084. 0x37, 0x90, 0x55, 0xa6, 0x08, 0x26, 0x9b, 0x16, },
  36085. { 0x43, 0x8d, 0x03, 0x0f, 0xd0, 0xb7, 0xa5, 0x4f,
  36086. 0xa8, 0x37, 0xf2, 0xad, 0x20, 0x1a, 0x64, 0x03, },
  36087. { 0xa5, 0x90, 0xd3, 0xee, 0x4f, 0xbf, 0x04, 0xe3,
  36088. 0x24, 0x7e, 0x0d, 0x27, 0xf2, 0x86, 0x42, 0x3f, },
  36089. { 0x5f, 0xe2, 0xc1, 0xa1, 0x72, 0xfe, 0x93, 0xc4,
  36090. 0xb1, 0x5c, 0xd3, 0x7c, 0xae, 0xf9, 0xf5, 0x38, },
  36091. { 0x2c, 0x97, 0x32, 0x5c, 0xbd, 0x06, 0xb3, 0x6e,
  36092. 0xb2, 0x13, 0x3d, 0xd0, 0x8b, 0x3a, 0x01, 0x7c, },
  36093. { 0x92, 0xc8, 0x14, 0x22, 0x7a, 0x6b, 0xca, 0x94,
  36094. 0x9f, 0xf0, 0x65, 0x9f, 0x00, 0x2a, 0xd3, 0x9e, },
  36095. { 0xdc, 0xe8, 0x50, 0x11, 0x0b, 0xd8, 0x32, 0x8c,
  36096. 0xfb, 0xd5, 0x08, 0x41, 0xd6, 0x91, 0x1d, 0x87, },
  36097. { 0x67, 0xf1, 0x49, 0x84, 0xc7, 0xda, 0x79, 0x12,
  36098. 0x48, 0xe3, 0x2b, 0xb5, 0x92, 0x25, 0x83, 0xda, },
  36099. { 0x19, 0x38, 0xf2, 0xcf, 0x72, 0xd5, 0x4e, 0xe9,
  36100. 0x7e, 0x94, 0x16, 0x6f, 0xa9, 0x1d, 0x2a, 0x36, },
  36101. { 0x74, 0x48, 0x1e, 0x96, 0x46, 0xed, 0x49, 0xfe,
  36102. 0x0f, 0x62, 0x24, 0x30, 0x16, 0x04, 0x69, 0x8e, },
  36103. { 0x57, 0xfc, 0xa5, 0xde, 0x98, 0xa9, 0xd6, 0xd8,
  36104. 0x00, 0x64, 0x38, 0xd0, 0x58, 0x3d, 0x8a, 0x1d, },
  36105. { 0x9f, 0xec, 0xde, 0x1c, 0xef, 0xdc, 0x1c, 0xbe,
  36106. 0xd4, 0x76, 0x36, 0x74, 0xd9, 0x57, 0x53, 0x59, },
  36107. { 0xe3, 0x04, 0x0c, 0x00, 0xeb, 0x28, 0xf1, 0x53,
  36108. 0x66, 0xca, 0x73, 0xcb, 0xd8, 0x72, 0xe7, 0x40, },
  36109. { 0x76, 0x97, 0x00, 0x9a, 0x6a, 0x83, 0x1d, 0xfe,
  36110. 0xcc, 0xa9, 0x1c, 0x59, 0x93, 0x67, 0x0f, 0x7a, },
  36111. { 0x58, 0x53, 0x54, 0x23, 0x21, 0xf5, 0x67, 0xa0,
  36112. 0x05, 0xd5, 0x47, 0xa4, 0xf0, 0x47, 0x59, 0xbd, },
  36113. { 0x51, 0x50, 0xd1, 0x77, 0x2f, 0x50, 0x83, 0x4a,
  36114. 0x50, 0x3e, 0x06, 0x9a, 0x97, 0x3f, 0xbd, 0x7c, },
  36115. };
  36116. #endif
  36117. WOLFSSL_TEST_SUBROUTINE wc_test_ret_t siphash_test(void)
  36118. {
  36119. wc_test_ret_t ret = 0;
  36120. int i;
  36121. #if WOLFSSL_SIPHASH_CROUNDS == 2 && WOLFSSL_SIPHASH_DROUNDS == 4
  36122. unsigned char res[SIPHASH_MAC_SIZE_16];
  36123. unsigned char tmp[SIPHASH_MAC_SIZE_8];
  36124. SipHash siphash;
  36125. for (i = 0; i < 64; i++) {
  36126. ret = wc_InitSipHash(&siphash, siphash_key, SIPHASH_MAC_SIZE_8);
  36127. if (ret != 0)
  36128. return WC_TEST_RET_ENC_I(i);
  36129. ret = wc_SipHashUpdate(&siphash, siphash_msg, i);
  36130. if (ret != 0)
  36131. return WC_TEST_RET_ENC_I(i);
  36132. ret = wc_SipHashFinal(&siphash, res, SIPHASH_MAC_SIZE_8);
  36133. if (ret != 0)
  36134. return WC_TEST_RET_ENC_I(i);
  36135. if (XMEMCMP(res, siphash_r8[i], SIPHASH_MAC_SIZE_8) != 0)
  36136. return WC_TEST_RET_ENC_I(i);
  36137. ret = wc_SipHash(siphash_key, siphash_msg, i, res, SIPHASH_MAC_SIZE_8);
  36138. if (ret != 0)
  36139. return WC_TEST_RET_ENC_I(i);
  36140. if (XMEMCMP(res, siphash_r8[i], SIPHASH_MAC_SIZE_8) != 0)
  36141. return WC_TEST_RET_ENC_I(i);
  36142. }
  36143. for (i = 0; i < 64; i++) {
  36144. ret = wc_InitSipHash(&siphash, siphash_key, SIPHASH_MAC_SIZE_16);
  36145. if (ret != 0)
  36146. return WC_TEST_RET_ENC_I(i);
  36147. ret = wc_SipHashUpdate(&siphash, siphash_msg, i);
  36148. if (ret != 0)
  36149. return WC_TEST_RET_ENC_I(i);
  36150. ret = wc_SipHashFinal(&siphash, res, SIPHASH_MAC_SIZE_16);
  36151. if (ret != 0)
  36152. return WC_TEST_RET_ENC_I(i);
  36153. if (XMEMCMP(res, siphash_r16[i], SIPHASH_MAC_SIZE_16) != 0)
  36154. return WC_TEST_RET_ENC_I(i);
  36155. ret = wc_SipHash(siphash_key, siphash_msg, i, res, SIPHASH_MAC_SIZE_16);
  36156. if (ret != 0)
  36157. return WC_TEST_RET_ENC_I(i);
  36158. if (XMEMCMP(res, siphash_r16[i], SIPHASH_MAC_SIZE_16) != 0)
  36159. return WC_TEST_RET_ENC_I(i);
  36160. }
  36161. #endif
  36162. /* Testing bad parameters. */
  36163. ret = wc_InitSipHash(NULL, NULL, SIPHASH_MAC_SIZE_8);
  36164. if (ret != BAD_FUNC_ARG)
  36165. return WC_TEST_RET_ENC_EC(ret);
  36166. ret = wc_InitSipHash(NULL, siphash_key, SIPHASH_MAC_SIZE_8);
  36167. if (ret != BAD_FUNC_ARG)
  36168. return WC_TEST_RET_ENC_EC(ret);
  36169. ret = wc_InitSipHash(&siphash, NULL, SIPHASH_MAC_SIZE_8);
  36170. if (ret != BAD_FUNC_ARG)
  36171. return WC_TEST_RET_ENC_EC(ret);
  36172. ret = wc_InitSipHash(&siphash, siphash_key, 7);
  36173. if (ret != BAD_FUNC_ARG)
  36174. return WC_TEST_RET_ENC_EC(ret);
  36175. ret = wc_InitSipHash(&siphash, siphash_key, SIPHASH_MAC_SIZE_8);
  36176. if (ret != 0)
  36177. return WC_TEST_RET_ENC_EC(ret);
  36178. ret = wc_SipHashUpdate(NULL, NULL, 0);
  36179. if (ret != BAD_FUNC_ARG)
  36180. return WC_TEST_RET_ENC_EC(ret);
  36181. ret = wc_SipHashUpdate(&siphash, NULL, 1);
  36182. if (ret != BAD_FUNC_ARG)
  36183. return WC_TEST_RET_ENC_EC(ret);
  36184. ret = wc_SipHashFinal(NULL, NULL, SIPHASH_MAC_SIZE_8);
  36185. if (ret != BAD_FUNC_ARG)
  36186. return WC_TEST_RET_ENC_EC(ret);
  36187. ret = wc_SipHashFinal(&siphash, NULL, SIPHASH_MAC_SIZE_8);
  36188. if (ret != BAD_FUNC_ARG)
  36189. return WC_TEST_RET_ENC_EC(ret);
  36190. ret = wc_SipHashFinal(NULL, res, SIPHASH_MAC_SIZE_8);
  36191. if (ret != BAD_FUNC_ARG)
  36192. return WC_TEST_RET_ENC_EC(ret);
  36193. ret = wc_SipHashFinal(&siphash, res, SIPHASH_MAC_SIZE_16);
  36194. if (ret != BAD_FUNC_ARG)
  36195. return WC_TEST_RET_ENC_EC(ret);
  36196. ret = wc_SipHash(NULL, NULL, 0, NULL, SIPHASH_MAC_SIZE_16);
  36197. if (ret != BAD_FUNC_ARG)
  36198. return WC_TEST_RET_ENC_EC(ret);
  36199. ret = wc_SipHash(siphash_key, NULL, 0, NULL, SIPHASH_MAC_SIZE_16);
  36200. if (ret != BAD_FUNC_ARG)
  36201. return WC_TEST_RET_ENC_EC(ret);
  36202. ret = wc_SipHash(NULL, NULL, 0, res, SIPHASH_MAC_SIZE_16);
  36203. if (ret != BAD_FUNC_ARG)
  36204. return WC_TEST_RET_ENC_EC(ret);
  36205. ret = wc_SipHash(siphash_key, NULL, 0, res, 15);
  36206. if (ret != BAD_FUNC_ARG)
  36207. return WC_TEST_RET_ENC_EC(ret);
  36208. ret = wc_SipHash(siphash_key, NULL, 1, res, SIPHASH_MAC_SIZE_16);
  36209. if (ret != BAD_FUNC_ARG)
  36210. return WC_TEST_RET_ENC_EC(ret);
  36211. /* Test cache with multiple non blocksize bytes */
  36212. ret = wc_InitSipHash(&siphash, siphash_key, SIPHASH_MAC_SIZE_8);
  36213. if (ret != 0)
  36214. return WC_TEST_RET_ENC_EC(ret);
  36215. ret = wc_SipHashUpdate(&siphash, siphash_msg, 5);
  36216. if (ret != 0)
  36217. return WC_TEST_RET_ENC_EC(ret);
  36218. ret = wc_SipHashUpdate(&siphash, siphash_msg + 5, 4);
  36219. if (ret != 0)
  36220. return WC_TEST_RET_ENC_EC(ret);
  36221. ret = wc_SipHashFinal(&siphash, res, SIPHASH_MAC_SIZE_8);
  36222. if (ret != 0)
  36223. return WC_TEST_RET_ENC_EC(ret);
  36224. ret = wc_InitSipHash(&siphash, siphash_key, SIPHASH_MAC_SIZE_8);
  36225. if (ret != 0)
  36226. return WC_TEST_RET_ENC_EC(ret);
  36227. ret = wc_SipHashUpdate(&siphash, siphash_msg, 9);
  36228. if (ret != 0)
  36229. return WC_TEST_RET_ENC_EC(ret);
  36230. ret = wc_SipHashFinal(&siphash, tmp, SIPHASH_MAC_SIZE_8);
  36231. if (ret != 0)
  36232. return WC_TEST_RET_ENC_EC(ret);
  36233. if (XMEMCMP(res, tmp, SIPHASH_MAC_SIZE_8) != 0)
  36234. return WC_TEST_RET_ENC_NC;
  36235. return 0;
  36236. }
  36237. #endif /* WOLFSSL_SIPHASH */
  36238. #ifdef HAVE_LIBZ
  36239. static const byte sample_text[] =
  36240. "Biodiesel cupidatat marfa, cliche aute put a bird on it incididunt elit\n"
  36241. "polaroid. Sunt tattooed bespoke reprehenderit. Sint twee organic id\n"
  36242. "marfa. Commodo veniam ad esse gastropub. 3 wolf moon sartorial vero,\n"
  36243. "plaid delectus biodiesel squid +1 vice. Post-ironic keffiyeh leggings\n"
  36244. "selfies cray fap hoodie, forage anim. Carles cupidatat shoreditch, VHS\n"
  36245. "small batch meggings kogi dolore food truck bespoke gastropub.\n"
  36246. "\n"
  36247. "Terry richardson adipisicing actually typewriter tumblr, twee whatever\n"
  36248. "four loko you probably haven't heard of them high life. Messenger bag\n"
  36249. "whatever tattooed deep v mlkshk. Brooklyn pinterest assumenda chillwave\n"
  36250. "et, banksy ullamco messenger bag umami pariatur direct trade forage.\n"
  36251. "Typewriter culpa try-hard, pariatur sint brooklyn meggings. Gentrify\n"
  36252. "food truck next level, tousled irony non semiotics PBR ethical anim cred\n"
  36253. "readymade. Mumblecore brunch lomo odd future, portland organic terry\n"
  36254. "richardson elit leggings adipisicing ennui raw denim banjo hella. Godard\n"
  36255. "mixtape polaroid, pork belly readymade organic cray typewriter helvetica\n"
  36256. "four loko whatever street art yr farm-to-table.\n"
  36257. "\n"
  36258. "Vinyl keytar vice tofu. Locavore you probably haven't heard of them pug\n"
  36259. "pickled, hella tonx labore truffaut DIY mlkshk elit cosby sweater sint\n"
  36260. "et mumblecore. Elit swag semiotics, reprehenderit DIY sartorial nisi ugh\n"
  36261. "nesciunt pug pork belly wayfarers selfies delectus. Ethical hoodie\n"
  36262. "seitan fingerstache kale chips. Terry richardson artisan williamsburg,\n"
  36263. "eiusmod fanny pack irony tonx ennui lo-fi incididunt tofu YOLO\n"
  36264. "readymade. 8-bit sed ethnic beard officia. Pour-over iphone DIY butcher,\n"
  36265. "ethnic art party qui letterpress nisi proident jean shorts mlkshk\n"
  36266. "locavore.\n"
  36267. "\n"
  36268. "Narwhal flexitarian letterpress, do gluten-free voluptate next level\n"
  36269. "banh mi tonx incididunt carles DIY. Odd future nulla 8-bit beard ut\n"
  36270. "cillum pickled velit, YOLO officia you probably haven't heard of them\n"
  36271. "trust fund gastropub. Nisi adipisicing tattooed, Austin mlkshk 90's\n"
  36272. "small batch american apparel. Put a bird on it cosby sweater before they\n"
  36273. "sold out pork belly kogi hella. Street art mollit sustainable polaroid,\n"
  36274. "DIY ethnic ea pug beard dreamcatcher cosby sweater magna scenester nisi.\n"
  36275. "Sed pork belly skateboard mollit, labore proident eiusmod. Sriracha\n"
  36276. "excepteur cosby sweater, anim deserunt laborum eu aliquip ethical et\n"
  36277. "neutra PBR selvage.\n"
  36278. "\n"
  36279. "Raw denim pork belly truffaut, irony plaid sustainable put a bird on it\n"
  36280. "next level jean shorts exercitation. Hashtag keytar whatever, nihil\n"
  36281. "authentic aliquip disrupt laborum. Tattooed selfies deserunt trust fund\n"
  36282. "wayfarers. 3 wolf moon synth church-key sartorial, gastropub leggings\n"
  36283. "tattooed. Labore high life commodo, meggings raw denim fingerstache pug\n"
  36284. "trust fund leggings seitan forage. Nostrud ullamco duis, reprehenderit\n"
  36285. "incididunt flannel sustainable helvetica pork belly pug banksy you\n"
  36286. "probably haven't heard of them nesciunt farm-to-table. Disrupt nostrud\n"
  36287. "mollit magna, sriracha sartorial helvetica.\n"
  36288. "\n"
  36289. "Nulla kogi reprehenderit, skateboard sustainable duis adipisicing viral\n"
  36290. "ad fanny pack salvia. Fanny pack trust fund you probably haven't heard\n"
  36291. "of them YOLO vice nihil. Keffiyeh cray lo-fi pinterest cardigan aliqua,\n"
  36292. "reprehenderit aute. Culpa tousled williamsburg, marfa lomo actually anim\n"
  36293. "skateboard. Iphone aliqua ugh, semiotics pariatur vero readymade\n"
  36294. "organic. Marfa squid nulla, in laborum disrupt laboris irure gastropub.\n"
  36295. "Veniam sunt food truck leggings, sint vinyl fap.\n"
  36296. "\n"
  36297. "Hella dolore pork belly, truffaut carles you probably haven't heard of\n"
  36298. "them PBR helvetica in sapiente. Fashion axe ugh bushwick american\n"
  36299. "apparel. Fingerstache sed iphone, jean shorts blue bottle nisi bushwick\n"
  36300. "flexitarian officia veniam plaid bespoke fap YOLO lo-fi. Blog\n"
  36301. "letterpress mumblecore, food truck id cray brooklyn cillum ad sed.\n"
  36302. "Assumenda chambray wayfarers vinyl mixtape sustainable. VHS vinyl\n"
  36303. "delectus, culpa williamsburg polaroid cliche swag church-key synth kogi\n"
  36304. "magna pop-up literally. Swag thundercats ennui shoreditch vegan\n"
  36305. "pitchfork neutra truffaut etsy, sed single-origin coffee craft beer.\n"
  36306. "\n"
  36307. "Odio letterpress brooklyn elit. Nulla single-origin coffee in occaecat\n"
  36308. "meggings. Irony meggings 8-bit, chillwave lo-fi adipisicing cred\n"
  36309. "dreamcatcher veniam. Put a bird on it irony umami, trust fund bushwick\n"
  36310. "locavore kale chips. Sriracha swag thundercats, chillwave disrupt\n"
  36311. "tousled beard mollit mustache leggings portland next level. Nihil esse\n"
  36312. "est, skateboard art party etsy thundercats sed dreamcatcher ut iphone\n"
  36313. "swag consectetur et. Irure skateboard banjo, nulla deserunt messenger\n"
  36314. "bag dolor terry richardson sapiente.\n";
  36315. static const byte sample_text_gz[] = {
  36316. 0x1F, 0x8B, 0x08, 0x08, 0xC5, 0x49, 0xB5, 0x5B, 0x00, 0x03, 0x63, 0x69, 0x70,
  36317. 0x68, 0x65, 0x72, 0x74, 0x65, 0x78, 0x74, 0x2E, 0x74, 0x78, 0x74, 0x00, 0x8D,
  36318. 0x58, 0xCB, 0x92, 0xE4, 0xB6, 0x11, 0xBC, 0xE3, 0x2B, 0xEA, 0xA6, 0x83, 0xD9,
  36319. 0x1D, 0x72, 0xF8, 0x22, 0x1F, 0xB5, 0x96, 0xA5, 0xDD, 0x90, 0xBC, 0xAB, 0xD0,
  36320. 0x28, 0x36, 0x42, 0x47, 0x90, 0x2C, 0x36, 0xA1, 0x06, 0x09, 0x0A, 0x8F, 0xEE,
  36321. 0xE1, 0xDF, 0x3B, 0x0B, 0xE0, 0x73, 0x2C, 0x4B, 0xBA, 0xCD, 0xCE, 0x80, 0x78,
  36322. 0x64, 0x65, 0x65, 0x66, 0xED, 0x3B, 0xE3, 0x5A, 0xC3, 0x81, 0x2D, 0x35, 0x69,
  36323. 0x32, 0xAD, 0x8E, 0x3A, 0xD2, 0xA0, 0x7D, 0xA7, 0x2B, 0x6A, 0xAC, 0x69, 0x7A,
  36324. 0x26, 0x9D, 0x22, 0xD3, 0x94, 0x22, 0x69, 0xAA, 0x8D, 0x6F, 0xC9, 0x8D, 0x64,
  36325. 0x22, 0x99, 0xB1, 0x31, 0xAD, 0x69, 0xD3, 0x18, 0x89, 0xAD, 0x89, 0x6A, 0x72,
  36326. 0x56, 0x7B, 0x67, 0xDA, 0x2B, 0xBD, 0xC8, 0xEF, 0xB0, 0x4D, 0x74, 0x8E, 0x5B,
  36327. 0xAA, 0x39, 0x4C, 0xEE, 0xCE, 0xE4, 0x79, 0xF2, 0xDC, 0xF3, 0xD8, 0xB2, 0x37,
  36328. 0x11, 0x8B, 0x8C, 0x2C, 0x7A, 0x32, 0x93, 0xF3, 0x37, 0x3D, 0x9A, 0x86, 0x4C,
  36329. 0xAB, 0xF2, 0xB9, 0x57, 0xFA, 0x97, 0x1B, 0x06, 0xD7, 0x3A, 0x7A, 0xF0, 0x68,
  36330. 0xF4, 0x40, 0xBA, 0x25, 0x0E, 0x81, 0xE9, 0xA6, 0x43, 0xF4, 0x6E, 0x4A, 0xF5,
  36331. 0x95, 0xFE, 0x41, 0x4F, 0x67, 0x3B, 0x1A, 0x1C, 0xEE, 0x12, 0xB4, 0x8F, 0xCE,
  36332. 0x1B, 0x6D, 0xB1, 0xDE, 0xBB, 0x4A, 0x4D, 0x56, 0x9B, 0x96, 0x5A, 0xB6, 0xDC,
  36333. 0xC4, 0x14, 0x70, 0xE5, 0xF5, 0x7D, 0xE1, 0xB7, 0x84, 0x3F, 0xFC, 0xED, 0xEF,
  36334. 0xF4, 0x30, 0x0D, 0x5F, 0xE9, 0x47, 0x17, 0xE2, 0xC5, 0x78, 0x27, 0x67, 0xDF,
  36335. 0xB9, 0xEB, 0xCC, 0xCC, 0x3D, 0x59, 0xBE, 0xDD, 0xCC, 0x78, 0x0B, 0x0A, 0x1F,
  36336. 0x74, 0xF8, 0x8C, 0x1A, 0xAF, 0x67, 0xEA, 0xF4, 0x44, 0xBD, 0x93, 0x7D, 0x2A,
  36337. 0xEA, 0x9C, 0xD7, 0x37, 0x80, 0x32, 0x9A, 0x01, 0x37, 0xD5, 0xDE, 0xCA, 0xA2,
  36338. 0x0D, 0xB9, 0xD0, 0x3B, 0xCF, 0xAD, 0x89, 0x4D, 0x5F, 0xD1, 0xE7, 0xF7, 0x2F,
  36339. 0x2A, 0x0C, 0xDA, 0x5A, 0xAA, 0x35, 0x7E, 0x41, 0xC3, 0xB2, 0x37, 0xDD, 0xDD,
  36340. 0xCD, 0x50, 0xEB, 0x2C, 0x96, 0x62, 0x3B, 0xD7, 0x52, 0xF4, 0xA9, 0xB9, 0x6F,
  36341. 0x48, 0xED, 0xEF, 0x54, 0xEA, 0x67, 0xF6, 0x7E, 0x26, 0x8F, 0x3A, 0x68, 0xDF,
  36342. 0x06, 0xBC, 0x56, 0xB7, 0x66, 0x32, 0xC1, 0x34, 0xD8, 0x88, 0x34, 0x1E, 0x88,
  36343. 0xED, 0x67, 0x8A, 0xF3, 0xC4, 0x4F, 0xC0, 0xCA, 0x9E, 0x62, 0x1A, 0x6A, 0xEB,
  36344. 0xAB, 0x02, 0xED, 0xB3, 0xD7, 0x91, 0x81, 0x8A, 0xEA, 0x5C, 0xF2, 0x64, 0xDD,
  36345. 0xDD, 0xD1, 0xEC, 0x12, 0x4D, 0xDE, 0xD5, 0xBA, 0xC6, 0x77, 0xBD, 0x06, 0xC4,
  36346. 0x5F, 0x44, 0xEA, 0x59, 0x4B, 0x5D, 0x3B, 0x8A, 0x3D, 0x0F, 0xD4, 0x9B, 0x1B,
  36347. 0x80, 0x30, 0x1D, 0x30, 0xFA, 0x8F, 0x00, 0x3F, 0xDE, 0xB0, 0x6F, 0xAD, 0x6F,
  36348. 0x6A, 0xDD, 0x6E, 0x2F, 0x6E, 0xCB, 0x3C, 0xD1, 0x83, 0x06, 0x7B, 0x0F, 0xFD,
  36349. 0xFD, 0x4A, 0xEF, 0xBC, 0x73, 0x77, 0x3B, 0x8F, 0x34, 0xA1, 0xBA, 0xEC, 0x39,
  36350. 0x80, 0x33, 0x21, 0xA4, 0x01, 0x55, 0xD7, 0xD4, 0xF4, 0xC6, 0xDA, 0x27, 0x4E,
  36351. 0x54, 0x1C, 0x2B, 0xEC, 0x37, 0xDE, 0xC3, 0x4C, 0xC9, 0x5A, 0x3D, 0x34, 0x0E,
  36352. 0xD8, 0x1C, 0x0E, 0xA2, 0x34, 0xE8, 0xC1, 0xD0, 0xA4, 0x51, 0xD5, 0x88, 0x8B,
  36353. 0xB7, 0xC6, 0xA3, 0x96, 0x40, 0x49, 0xB7, 0xBC, 0xE0, 0x7F, 0x55, 0x3F, 0xEF,
  36354. 0x6F, 0x6E, 0x92, 0x9D, 0x34, 0xFE, 0x3C, 0x5F, 0x04, 0xA5, 0x6A, 0xFF, 0x30,
  36355. 0x08, 0xC9, 0xEA, 0xF5, 0x52, 0x2B, 0xFE, 0x57, 0xFA, 0x8E, 0xC7, 0xE8, 0x4D,
  36356. 0x37, 0xAB, 0x03, 0xFA, 0x23, 0xBF, 0x46, 0x94, 0xFF, 0xC1, 0x16, 0xE0, 0xB9,
  36357. 0x14, 0x2C, 0x9E, 0x27, 0xEC, 0x98, 0x69, 0x14, 0x92, 0xF1, 0x60, 0x5C, 0x34,
  36358. 0x4D, 0xA0, 0x1F, 0xDF, 0xFD, 0x44, 0x1C, 0x7B, 0xD3, 0x80, 0x70, 0x42, 0x02,
  36359. 0x30, 0x84, 0x5B, 0xE5, 0x59, 0xB7, 0xF3, 0x80, 0xFB, 0x01, 0x33, 0xA9, 0x00,
  36360. 0x37, 0x52, 0xDC, 0xDA, 0xA7, 0x11, 0x85, 0xB7, 0x6E, 0x70, 0xE4, 0xDA, 0x96,
  36361. 0xBA, 0x84, 0x5B, 0x81, 0x43, 0x93, 0xF3, 0xD1, 0xEA, 0xB1, 0xDD, 0xB8, 0x1F,
  36362. 0xA5, 0xCC, 0xEA, 0x50, 0x66, 0x69, 0xA9, 0x8D, 0x8C, 0xA7, 0xA2, 0xF3, 0x38,
  36363. 0x26, 0x43, 0x5E, 0x3F, 0x01, 0xBE, 0x1C, 0x0F, 0x20, 0x7F, 0x75, 0xA8, 0x20,
  36364. 0x80, 0xC4, 0xC3, 0x5C, 0x8B, 0x0D, 0xD4, 0x60, 0x5E, 0xA3, 0x9E, 0xD0, 0xB4,
  36365. 0x4B, 0x4F, 0xE6, 0x13, 0x85, 0x60, 0x42, 0x96, 0xED, 0xAA, 0xDB, 0xE9, 0x99,
  36366. 0xE3, 0x07, 0x0E, 0x61, 0xB3, 0x07, 0xE3, 0xB1, 0xFA, 0xC0, 0x9B, 0xAD, 0xF6,
  36367. 0xE0, 0x26, 0x33, 0xEA, 0xEA, 0x23, 0xCD, 0x1E, 0x9D, 0xE1, 0x87, 0x4B, 0x74,
  36368. 0x97, 0x08, 0x3E, 0xA1, 0x28, 0xEA, 0xB3, 0x19, 0x67, 0x8B, 0x76, 0x9A, 0xA3,
  36369. 0xF6, 0xB9, 0xCF, 0x80, 0x65, 0x97, 0xAE, 0xF4, 0x83, 0x6B, 0xF4, 0x43, 0x20,
  36370. 0xF9, 0x0B, 0xFC, 0x9B, 0xD2, 0x4D, 0x4D, 0xA6, 0xB9, 0xA3, 0x02, 0x55, 0x79,
  36371. 0x18, 0x36, 0x19, 0x5F, 0xC9, 0xEA, 0x5A, 0x76, 0x40, 0xB9, 0xBA, 0x0E, 0x9A,
  36372. 0x44, 0xDF, 0x7C, 0xF8, 0x65, 0x61, 0x5E, 0x81, 0xAB, 0x71, 0xA1, 0x9E, 0x29,
  36373. 0x3C, 0x59, 0xCB, 0x23, 0xA4, 0xF6, 0x60, 0x1A, 0x0D, 0x5B, 0x39, 0xAE, 0xF4,
  36374. 0x6F, 0x59, 0x16, 0x9E, 0x60, 0xD8, 0x56, 0xCF, 0xEA, 0x2C, 0x4C, 0x79, 0xD3,
  36375. 0x5D, 0x51, 0x46, 0xA0, 0x4E, 0xE9, 0xD6, 0xAB, 0x91, 0x43, 0x63, 0x44, 0xD7,
  36376. 0x70, 0xB9, 0x23, 0x98, 0x4F, 0x3D, 0x03, 0x02, 0xF6, 0x81, 0x56, 0xC1, 0x58,
  36377. 0x85, 0x07, 0xA7, 0x2D, 0x2C, 0x29, 0xCA, 0x01, 0x45, 0x31, 0x51, 0x8F, 0xD4,
  36378. 0x19, 0xA1, 0x79, 0x88, 0x5A, 0xA4, 0xF5, 0xAE, 0x2D, 0x4B, 0x63, 0x4C, 0x58,
  36379. 0xFE, 0xBF, 0xAD, 0xEE, 0xA3, 0x09, 0xF8, 0xE2, 0x89, 0xBE, 0x81, 0x0E, 0x86,
  36380. 0x3A, 0xF9, 0x5B, 0xA5, 0xD8, 0xA4, 0x00, 0x75, 0x04, 0xF2, 0x23, 0xB8, 0x39,
  36381. 0x69, 0x50, 0xB7, 0xD0, 0x34, 0x63, 0x54, 0xD8, 0x61, 0xDD, 0xA5, 0x33, 0x47,
  36382. 0x85, 0x96, 0x22, 0xD0, 0x2F, 0x9F, 0x7E, 0xF8, 0x74, 0x24, 0xEA, 0x57, 0x97,
  36383. 0x5A, 0xE0, 0x00, 0xCF, 0xC1, 0x67, 0xE1, 0x41, 0xBD, 0x94, 0xA1, 0x03, 0xD3,
  36384. 0xB4, 0x08, 0x64, 0xF2, 0x17, 0x27, 0x35, 0x37, 0x53, 0xEF, 0x46, 0xCE, 0xD8,
  36385. 0xD4, 0x09, 0x52, 0xC6, 0x1E, 0xF7, 0x28, 0xDF, 0x08, 0x0F, 0xD0, 0x6F, 0x71,
  36386. 0xA6, 0xDF, 0xE4, 0x60, 0x8E, 0xC0, 0x1E, 0x78, 0x86, 0x50, 0xB0, 0x9B, 0x84,
  36387. 0x7E, 0xE8, 0x36, 0xFA, 0x95, 0xF1, 0x12, 0x51, 0xC7, 0x18, 0x96, 0xA2, 0x29,
  36388. 0xBB, 0x70, 0x02, 0xB4, 0xF9, 0xA8, 0x3D, 0x08, 0x66, 0xA9, 0xB3, 0xFC, 0x0A,
  36389. 0x94, 0x80, 0xFD, 0x78, 0xDC, 0xAB, 0x82, 0x5A, 0xD2, 0xCD, 0xC2, 0x87, 0xC6,
  36390. 0x4B, 0x07, 0xFA, 0xD1, 0xC3, 0xD9, 0x34, 0x41, 0x85, 0xF8, 0xD0, 0xB6, 0x0A,
  36391. 0x9D, 0x00, 0x91, 0x35, 0x05, 0x88, 0xC3, 0xE3, 0x9B, 0x22, 0xD2, 0xB8, 0xFD,
  36392. 0x95, 0x3E, 0x6D, 0x5D, 0x48, 0xA3, 0x68, 0xCF, 0x02, 0x42, 0x79, 0x79, 0x8A,
  36393. 0xAA, 0x01, 0xD6, 0x09, 0x14, 0x2C, 0xF4, 0x83, 0xA3, 0x80, 0x31, 0x55, 0x46,
  36394. 0x6E, 0xC5, 0xE5, 0x2F, 0x30, 0x58, 0x81, 0xA2, 0x90, 0xBE, 0x2E, 0xA1, 0xC3,
  36395. 0x0F, 0xA6, 0xF5, 0x51, 0x00, 0x39, 0xB6, 0xF2, 0x2A, 0xA3, 0x15, 0x7D, 0x8D,
  36396. 0xF5, 0x66, 0x5C, 0xD9, 0xFC, 0xCF, 0x2F, 0xBF, 0x08, 0x27, 0xE7, 0xD0, 0x03,
  36397. 0xB8, 0xD9, 0x00, 0x13, 0x3D, 0x01, 0x6B, 0xB6, 0xA8, 0xCD, 0x5B, 0x3B, 0x3E,
  36398. 0x93, 0xBF, 0xE6, 0x2E, 0xB7, 0x4A, 0xCF, 0xB3, 0x0A, 0xCE, 0x62, 0x11, 0xD6,
  36399. 0x1F, 0x68, 0x9B, 0x1D, 0x68, 0xD1, 0x8C, 0x97, 0xBD, 0xA1, 0x07, 0x67, 0x73,
  36400. 0x87, 0xE0, 0x36, 0xDA, 0x8C, 0xD2, 0xD2, 0xBB, 0x84, 0x28, 0xA9, 0xFE, 0x52,
  36401. 0x74, 0xD6, 0xB9, 0x0F, 0x0A, 0x6A, 0x2D, 0x28, 0x35, 0x34, 0x3A, 0xD3, 0xE2,
  36402. 0xCD, 0x35, 0x06, 0x7D, 0x1B, 0x35, 0x85, 0x86, 0xD1, 0x3E, 0xF2, 0x6F, 0xA1,
  36403. 0xC4, 0x55, 0xBD, 0x00, 0xD8, 0xC3, 0x5D, 0xC2, 0x1D, 0x6B, 0x6B, 0x27, 0x5B,
  36404. 0x95, 0xF3, 0xAB, 0xB5, 0xD3, 0x37, 0xF2, 0x2C, 0x9C, 0xC7, 0x5D, 0xBD, 0xF1,
  36405. 0x68, 0x1C, 0xAD, 0xF8, 0xB5, 0xE1, 0x29, 0x72, 0x7A, 0x73, 0x62, 0x55, 0x24,
  36406. 0xB9, 0x85, 0xDF, 0x7B, 0x29, 0x7D, 0xDE, 0x08, 0xF5, 0xE4, 0x44, 0xDA, 0x1A,
  36407. 0x30, 0x74, 0xDA, 0xB4, 0x9B, 0x23, 0x9A, 0x3A, 0xC1, 0x53, 0xB2, 0xA2, 0xA3,
  36408. 0x7B, 0x1F, 0xD9, 0x56, 0xD4, 0x4F, 0x9B, 0xB2, 0x1E, 0xEE, 0xB8, 0x6A, 0x4E,
  36409. 0xB5, 0xF4, 0x5A, 0xC9, 0x18, 0x27, 0x9C, 0xDE, 0x14, 0x44, 0xED, 0xC4, 0x3C,
  36410. 0x71, 0x9F, 0x5F, 0xD9, 0x37, 0xA0, 0x78, 0x34, 0x6E, 0xBC, 0xD2, 0x7B, 0x1D,
  36411. 0xFA, 0x08, 0x39, 0x5A, 0x04, 0x73, 0x15, 0xD9, 0x0A, 0x48, 0xC1, 0x2D, 0x15,
  36412. 0x4E, 0x84, 0x30, 0x45, 0x69, 0xB3, 0xE5, 0xF6, 0xAD, 0x09, 0x1E, 0xCC, 0x5F,
  36413. 0x1F, 0x06, 0xD5, 0x58, 0xAD, 0x78, 0xD7, 0x9F, 0xE5, 0xED, 0x3B, 0x09, 0xD5,
  36414. 0xA6, 0x52, 0x6F, 0x92, 0xD3, 0x3C, 0xC6, 0x1E, 0xF2, 0x93, 0x7C, 0xD3, 0x5F,
  36415. 0x70, 0x85, 0x5D, 0xF8, 0xAA, 0x9D, 0xB7, 0x7B, 0x24, 0x5A, 0xE9, 0x0A, 0x35,
  36416. 0x2F, 0xF5, 0xD9, 0x82, 0x02, 0x8A, 0x90, 0x13, 0x5B, 0xB5, 0x67, 0x9C, 0xDD,
  36417. 0xA0, 0x4E, 0x82, 0x27, 0xDA, 0x7E, 0xE8, 0x8E, 0xCD, 0xE1, 0x56, 0x71, 0x2C,
  36418. 0xE6, 0x4E, 0x1F, 0x91, 0xCD, 0x7C, 0x6A, 0xB7, 0x78, 0xD0, 0x26, 0xF3, 0x56,
  36419. 0xA9, 0xD5, 0xA1, 0xC3, 0x3B, 0x98, 0xE9, 0x28, 0x09, 0xEF, 0x50, 0x90, 0xCD,
  36420. 0xC4, 0x8E, 0x75, 0xCC, 0xAC, 0x2D, 0xC9, 0x03, 0x6D, 0xAC, 0xFE, 0xC4, 0x88,
  36421. 0x36, 0xD1, 0x3F, 0xBB, 0x1C, 0x7D, 0xB3, 0x14, 0x61, 0x2C, 0xB7, 0x54, 0x4B,
  36422. 0xDB, 0x64, 0xB6, 0x57, 0x14, 0x16, 0x8E, 0x1E, 0x6C, 0x64, 0xBB, 0x8B, 0x48,
  36423. 0x5D, 0x96, 0x9D, 0xDC, 0x80, 0xA7, 0xF7, 0x54, 0xC7, 0x46, 0x38, 0x3E, 0x44,
  36424. 0xDE, 0x7E, 0x92, 0x8D, 0x07, 0xF6, 0x07, 0x37, 0x4E, 0x16, 0x10, 0xB4, 0x7D,
  36425. 0x88, 0x66, 0x7F, 0xBB, 0xFF, 0xEA, 0x00, 0xF3, 0xFF, 0x97, 0x2C, 0xB5, 0xBE,
  36426. 0x35, 0x4B, 0x5C, 0x36, 0xEC, 0x4C, 0xBD, 0x2B, 0x7D, 0xBF, 0x46, 0xE2, 0x9C,
  36427. 0x0E, 0x8A, 0xA3, 0xEC, 0xB1, 0x0E, 0x9A, 0xDA, 0x9A, 0x9B, 0x28, 0x92, 0x10,
  36428. 0x53, 0x57, 0xEA, 0xEC, 0xA2, 0x32, 0x32, 0x20, 0x1D, 0x97, 0x5C, 0xB6, 0x84,
  36429. 0xA9, 0x93, 0x8D, 0x95, 0x11, 0xA3, 0x24, 0xA3, 0x2D, 0xC6, 0x4A, 0xEF, 0xAA,
  36430. 0x1D, 0x85, 0x2B, 0x7D, 0x28, 0xBE, 0x53, 0xCE, 0x10, 0x1F, 0xAE, 0x0E, 0x41,
  36431. 0x6C, 0x4B, 0x79, 0x12, 0xFB, 0xF7, 0x54, 0xA3, 0x96, 0x54, 0x83, 0x20, 0x96,
  36432. 0x8F, 0x28, 0xA9, 0x3F, 0x8B, 0x3D, 0xBA, 0x77, 0xDC, 0x24, 0xE1, 0xD4, 0x49,
  36433. 0x40, 0xD8, 0x78, 0x31, 0x85, 0x43, 0xF6, 0xFE, 0x5C, 0xA6, 0x8F, 0x90, 0x09,
  36434. 0xB0, 0xE7, 0xC4, 0x95, 0xB2, 0x55, 0x49, 0x97, 0x8F, 0x1C, 0x78, 0x30, 0x20,
  36435. 0xA0, 0xB4, 0xEF, 0x73, 0x56, 0x59, 0x82, 0xFD, 0xCE, 0xBA, 0x6A, 0x8F, 0x2C,
  36436. 0x8B, 0x15, 0xFD, 0xA1, 0x85, 0xA8, 0x5C, 0x0F, 0x11, 0xA5, 0x9D, 0xC2, 0x46,
  36437. 0xC6, 0x9C, 0xC9, 0x40, 0x0B, 0x58, 0x6A, 0x1C, 0x7A, 0x23, 0xF9, 0xE0, 0x95,
  36438. 0x05, 0x13, 0x58, 0x72, 0xE8, 0x9F, 0x30, 0xAC, 0xCD, 0x26, 0xD4, 0x66, 0x13,
  36439. 0xDF, 0x1E, 0x7B, 0x4F, 0x9C, 0xBE, 0x38, 0x79, 0x75, 0x92, 0xA4, 0xDA, 0x26,
  36440. 0x44, 0x55, 0x17, 0xA3, 0xE5, 0x62, 0xDA, 0xEB, 0x86, 0xEA, 0x68, 0xC7, 0xAB,
  36441. 0xFD, 0x2D, 0x43, 0x59, 0x51, 0xC0, 0x75, 0x64, 0x91, 0x01, 0x29, 0x33, 0x28,
  36442. 0xF3, 0x04, 0x83, 0x80, 0x75, 0x37, 0x75, 0x0C, 0x03, 0x7B, 0x0A, 0xAB, 0x8E,
  36443. 0x60, 0x62, 0x8B, 0x4C, 0xAF, 0x2D, 0xA3, 0x2F, 0xFE, 0xAB, 0x45, 0xCF, 0xDA,
  36444. 0xAB, 0xFA, 0xFA, 0x30, 0x3D, 0xE8, 0xA1, 0x96, 0xA5, 0x7B, 0xE2, 0x2A, 0xD0,
  36445. 0xAF, 0x59, 0xF7, 0xD0, 0x32, 0x57, 0x19, 0xBD, 0xCA, 0x9F, 0xD5, 0x1A, 0xC7,
  36446. 0xAA, 0x65, 0x4A, 0x38, 0xB2, 0x70, 0x33, 0xB7, 0x75, 0xD2, 0xCD, 0xD1, 0xF0,
  36447. 0xA8, 0x87, 0x59, 0x20, 0xA5, 0x57, 0x55, 0xB1, 0xB2, 0xC9, 0x4D, 0x97, 0x34,
  36448. 0x41, 0xF3, 0xF0, 0x30, 0xA1, 0x2C, 0x1C, 0x49, 0x3E, 0x89, 0x7D, 0x12, 0xE2,
  36449. 0xC3, 0x04, 0xC3, 0x92, 0xC0, 0xF6, 0x39, 0x10, 0x80, 0x81, 0x8F, 0x08, 0xB4,
  36450. 0xF8, 0xB9, 0x13, 0x4E, 0x2C, 0xAE, 0xB3, 0x71, 0x82, 0x63, 0x98, 0xAB, 0x5C,
  36451. 0x1C, 0x10, 0xEA, 0x66, 0xF9, 0x02, 0x3A, 0x82, 0x61, 0xD0, 0xD4, 0xAE, 0x43,
  36452. 0xD4, 0x01, 0x3E, 0x9D, 0x04, 0x14, 0xF6, 0x60, 0xD8, 0xA7, 0xD6, 0xB8, 0x53,
  36453. 0xC8, 0xDA, 0x80, 0x93, 0xA0, 0x02, 0xDD, 0xCC, 0xE2, 0xF2, 0xBB, 0xFB, 0xE0,
  36454. 0x27, 0xD7, 0x34, 0x9A, 0x71, 0x49, 0xB5, 0x4F, 0x42, 0x1F, 0xB2, 0x9D, 0x6D,
  36455. 0xAA, 0x9D, 0xD3, 0x50, 0xB5, 0x8F, 0x6A, 0x4B, 0xDF, 0x1F, 0xD5, 0x27, 0x8F,
  36456. 0x3B, 0x27, 0xCF, 0x2F, 0x8C, 0xF8, 0x9D, 0x4C, 0x52, 0xBC, 0x32, 0x0F, 0x73,
  36457. 0xD5, 0x51, 0x8E, 0x36, 0x7E, 0xAD, 0x09, 0xF0, 0x94, 0x83, 0x5F, 0x36, 0xFD,
  36458. 0x7C, 0x03, 0xED, 0xF1, 0x5E, 0x4B, 0xF7, 0xAA, 0x55, 0x5C, 0x4A, 0x14, 0x59,
  36459. 0x85, 0x38, 0x2D, 0x8C, 0xDF, 0xEC, 0x65, 0x1B, 0xB8, 0x76, 0x57, 0x96, 0x3C,
  36460. 0x86, 0xED, 0xF2, 0x7F, 0x2D, 0x28, 0x48, 0xDA, 0x49, 0x7F, 0xF7, 0x54, 0x2B,
  36461. 0xD5, 0x39, 0xD5, 0x57, 0x0A, 0x75, 0x7A, 0x3E, 0x5E, 0x5D, 0xBA, 0x4A, 0x15,
  36462. 0xFA, 0xB8, 0x31, 0x80, 0x71, 0x2C, 0xCA, 0xC4, 0x51, 0x10, 0x16, 0x5D, 0x39,
  36463. 0xEC, 0x9D, 0x07, 0xB6, 0x6A, 0x89, 0x9F, 0x9B, 0x5B, 0x6F, 0x03, 0xB0, 0x92,
  36464. 0x01, 0x38, 0x6B, 0x48, 0x99, 0x0A, 0x8F, 0x13, 0xC1, 0xA6, 0x01, 0xEA, 0xBF,
  36465. 0x6F, 0x86, 0x43, 0x51, 0xB6, 0x11, 0x00, 0x00
  36466. };
  36467. WOLFSSL_TEST_SUBROUTINE wc_test_ret_t compress_test(void)
  36468. {
  36469. wc_test_ret_t ret = 0;
  36470. word32 dSz = sizeof(sample_text);
  36471. word32 cSz = (dSz + (word32)(dSz * 0.001) + 12);
  36472. byte *c;
  36473. byte *d;
  36474. c = (byte *)XMALLOC(cSz * sizeof(byte), HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  36475. d = (byte *)XMALLOC(dSz * sizeof(byte), HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  36476. if (c == NULL || d == NULL) {
  36477. ERROR_OUT(WC_TEST_RET_ENC_ERRNO, exit);
  36478. }
  36479. /* follow calloc and initialize to 0 */
  36480. XMEMSET(c, 0, cSz);
  36481. XMEMSET(d, 0, dSz);
  36482. if ((ret = wc_Compress(c, cSz, sample_text, dSz, 0)) < 0) {
  36483. ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit);
  36484. }
  36485. cSz = (word32)ret;
  36486. if ((ret = wc_DeCompress(d, dSz, c, cSz)) != (int)dSz) {
  36487. ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit);
  36488. }
  36489. dSz = (word32)ret;
  36490. if (XMEMCMP(d, sample_text, dSz) != 0) {
  36491. ERROR_OUT(WC_TEST_RET_ENC_NC, exit);
  36492. }
  36493. /* GZIP tests */
  36494. cSz = (dSz + (word32)(dSz * 0.001) + 12); /* reset cSz */
  36495. XMEMSET(c, 0, cSz);
  36496. XMEMSET(d, 0, dSz);
  36497. ret = wc_Compress_ex(c, cSz, sample_text, dSz, 0, LIBZ_WINBITS_GZIP);
  36498. if (ret < 0)
  36499. ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit);
  36500. cSz = (word32)ret;
  36501. ret = wc_DeCompress_ex(d, dSz, c, cSz, LIBZ_WINBITS_GZIP);
  36502. if (ret < 0)
  36503. ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit);
  36504. if (XMEMCMP(d, sample_text, dSz) != 0) {
  36505. ERROR_OUT(WC_TEST_RET_ENC_NC, exit);
  36506. }
  36507. /* Try with gzip generated output */
  36508. XMEMSET(d, 0, dSz);
  36509. ret = wc_DeCompress_ex(d, dSz, sample_text_gz, sizeof(sample_text_gz),
  36510. LIBZ_WINBITS_GZIP);
  36511. if (ret < 0)
  36512. ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit);
  36513. dSz = (word32)ret;
  36514. if (XMEMCMP(d, sample_text, dSz) != 0) {
  36515. ERROR_OUT(WC_TEST_RET_ENC_NC, exit);
  36516. }
  36517. ret = 0; /* success */
  36518. exit:
  36519. if (c) XFREE(c, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  36520. if (d) XFREE(d, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  36521. return ret;
  36522. }
  36523. #endif /* HAVE_LIBZ */
  36524. #ifdef HAVE_PKCS7
  36525. /* External Debugging/Testing Note:
  36526. *
  36527. * PKCS#7 test functions can output generated PKCS#7/CMS bundles for
  36528. * additional testing. To dump bundles to files DER encoded files, please
  36529. * define:
  36530. *
  36531. * #define PKCS7_OUTPUT_TEST_BUNDLES
  36532. */
  36533. /* Loads certs and keys for use with PKCS7 tests, from either files
  36534. * or buffers.
  36535. *
  36536. * rsaClientCertBuf - output buffer for RSA client cert
  36537. * rsaClientCertBufSz - IN/OUT size of output buffer, size of RSA client cert
  36538. * rsaClientPrivKeyBuf - output buffer for RSA client private key
  36539. * rsaClientPrivKeyBufSz - IN/OUT size of output buffer, size of RSA client key
  36540. *
  36541. * rsaServerCertBuf - output buffer for RSA server cert
  36542. * rsaServerCertBufSz - IN/OUT size of output buffer, size of RSA server cert
  36543. * rsaServerPrivKeyBuf - output buffer for RSA server private key
  36544. * rsaServerPrivKeyBufSz - IN/OUT size of output buffer, size of RSA server key
  36545. *
  36546. * rsaCaCertBuf - output buffer for RSA CA cert
  36547. * rsaCaCertBufSz - IN/OUT size of output buffer, size of RSA ca cert
  36548. * rsaCaPrivKeyBuf - output buffer for RSA CA private key
  36549. * rsaCaPrivKeyBufSz - IN/OUT size of output buffer, size of RSA CA key
  36550. *
  36551. * eccClientCertBuf - output buffer for ECC cert
  36552. * eccClientCertBufSz - IN/OUT size of output buffer, size of ECC cert
  36553. * eccClientPrivKeyBuf - output buffer for ECC private key
  36554. * eccClientPrivKeyBufSz - IN/OUT size of output buffer, size of ECC private key
  36555. *
  36556. * Returns 0 on success, negative on error
  36557. */
  36558. static wc_test_ret_t pkcs7_load_certs_keys(
  36559. byte* rsaClientCertBuf, word32* rsaClientCertBufSz,
  36560. byte* rsaClientPrivKeyBuf, word32* rsaClientPrivKeyBufSz,
  36561. byte* rsaServerCertBuf, word32* rsaServerCertBufSz,
  36562. byte* rsaServerPrivKeyBuf, word32* rsaServerPrivKeyBufSz,
  36563. byte* rsaCaCertBuf, word32* rsaCaCertBufSz,
  36564. byte* rsaCaPrivKeyBuf, word32* rsaCaPrivKeyBufSz,
  36565. byte* eccClientCertBuf, word32* eccClientCertBufSz,
  36566. byte* eccClientPrivKeyBuf, word32* eccClientPrivKeyBufSz)
  36567. {
  36568. #ifndef NO_FILESYSTEM
  36569. XFILE certFile;
  36570. XFILE keyFile;
  36571. (void)certFile;
  36572. (void)keyFile;
  36573. #endif
  36574. #ifndef NO_RSA
  36575. if (rsaClientCertBuf == NULL || rsaClientCertBufSz == NULL ||
  36576. rsaClientPrivKeyBuf == NULL || rsaClientPrivKeyBufSz == NULL)
  36577. return BAD_FUNC_ARG;
  36578. #endif
  36579. #ifdef HAVE_ECC
  36580. if (eccClientCertBuf == NULL || eccClientCertBufSz == NULL ||
  36581. eccClientPrivKeyBuf == NULL || eccClientPrivKeyBufSz == NULL)
  36582. return BAD_FUNC_ARG;
  36583. #endif
  36584. /* RSA */
  36585. #ifndef NO_RSA
  36586. #ifdef USE_CERT_BUFFERS_1024
  36587. if (*rsaClientCertBufSz < (word32)sizeof_client_cert_der_1024)
  36588. return WC_TEST_RET_ENC_NC;
  36589. XMEMCPY(rsaClientCertBuf, client_cert_der_1024,
  36590. sizeof_client_cert_der_1024);
  36591. *rsaClientCertBufSz = sizeof_client_cert_der_1024;
  36592. if (rsaServerCertBuf != NULL) {
  36593. if (*rsaServerCertBufSz < (word32)sizeof_server_cert_der_1024)
  36594. return WC_TEST_RET_ENC_NC;
  36595. XMEMCPY(rsaServerCertBuf, server_cert_der_1024,
  36596. sizeof_server_cert_der_1024);
  36597. *rsaServerCertBufSz = sizeof_server_cert_der_1024;
  36598. }
  36599. if (rsaCaCertBuf != NULL) {
  36600. if (*rsaCaCertBufSz < (word32)sizeof_ca_cert_der_1024)
  36601. return WC_TEST_RET_ENC_NC;
  36602. XMEMCPY(rsaCaCertBuf, ca_cert_der_1024, sizeof_ca_cert_der_1024);
  36603. *rsaCaCertBufSz = sizeof_ca_cert_der_1024;
  36604. }
  36605. #elif defined(USE_CERT_BUFFERS_2048)
  36606. if (*rsaClientCertBufSz < (word32)sizeof_client_cert_der_2048)
  36607. return WC_TEST_RET_ENC_NC;
  36608. XMEMCPY(rsaClientCertBuf, client_cert_der_2048,
  36609. sizeof_client_cert_der_2048);
  36610. *rsaClientCertBufSz = sizeof_client_cert_der_2048;
  36611. if (rsaServerCertBuf != NULL) {
  36612. if (*rsaServerCertBufSz < (word32)sizeof_server_cert_der_2048)
  36613. return WC_TEST_RET_ENC_NC;
  36614. XMEMCPY(rsaServerCertBuf, server_cert_der_2048,
  36615. sizeof_server_cert_der_2048);
  36616. *rsaServerCertBufSz = sizeof_server_cert_der_2048;
  36617. }
  36618. if (rsaCaCertBuf != NULL) {
  36619. if (*rsaCaCertBufSz < (word32)sizeof_ca_cert_der_2048)
  36620. return WC_TEST_RET_ENC_NC;
  36621. XMEMCPY(rsaCaCertBuf, ca_cert_der_2048, sizeof_ca_cert_der_2048);
  36622. *rsaCaCertBufSz = sizeof_ca_cert_der_2048;
  36623. }
  36624. #else
  36625. certFile = XFOPEN(clientCert, "rb");
  36626. if (!certFile)
  36627. return WC_TEST_RET_ENC_ERRNO;
  36628. *rsaClientCertBufSz = (word32)XFREAD(rsaClientCertBuf, 1,
  36629. *rsaClientCertBufSz, certFile);
  36630. XFCLOSE(certFile);
  36631. if (*rsaClientCertBufSz == 0)
  36632. return WC_TEST_RET_ENC_ERRNO;
  36633. if (rsaServerCertBuf != NULL) {
  36634. certFile = XFOPEN(rsaServerCertDerFile, "rb");
  36635. if (!certFile)
  36636. return WC_TEST_RET_ENC_ERRNO;
  36637. *rsaServerCertBufSz = (word32)XFREAD(rsaServerCertBuf, 1,
  36638. *rsaServerCertBufSz, certFile);
  36639. XFCLOSE(certFile);
  36640. if (*rsaServerCertBufSz == 0)
  36641. return WC_TEST_RET_ENC_ERRNO;
  36642. }
  36643. if (rsaCaCertBuf != NULL) {
  36644. certFile = XFOPEN(rsaCaCertDerFile, "rb");
  36645. if (!certFile)
  36646. return WC_TEST_RET_ENC_ERRNO;
  36647. *rsaCaCertBufSz = (word32)XFREAD(rsaCaCertBuf, 1, *rsaCaCertBufSz,
  36648. certFile);
  36649. XFCLOSE(certFile);
  36650. if (*rsaCaCertBufSz == 0)
  36651. return WC_TEST_RET_ENC_ERRNO;
  36652. }
  36653. #endif
  36654. #ifdef USE_CERT_BUFFERS_1024
  36655. if (*rsaClientPrivKeyBufSz < (word32)sizeof_client_key_der_1024)
  36656. return WC_TEST_RET_ENC_NC;
  36657. XMEMCPY(rsaClientPrivKeyBuf, client_key_der_1024,
  36658. sizeof_client_key_der_1024);
  36659. *rsaClientPrivKeyBufSz = sizeof_client_key_der_1024;
  36660. if (rsaServerPrivKeyBuf != NULL) {
  36661. if (*rsaServerPrivKeyBufSz < (word32)sizeof_server_key_der_1024)
  36662. return WC_TEST_RET_ENC_NC;
  36663. XMEMCPY(rsaServerPrivKeyBuf, server_key_der_1024,
  36664. sizeof_server_key_der_1024);
  36665. *rsaServerPrivKeyBufSz = sizeof_server_key_der_1024;
  36666. }
  36667. if (rsaCaPrivKeyBuf != NULL) {
  36668. if (*rsaCaPrivKeyBufSz < (word32)sizeof_ca_key_der_1024)
  36669. return WC_TEST_RET_ENC_NC;
  36670. XMEMCPY(rsaCaPrivKeyBuf, ca_key_der_1024, sizeof_ca_key_der_1024);
  36671. *rsaCaPrivKeyBufSz = sizeof_ca_key_der_1024;
  36672. }
  36673. #elif defined(USE_CERT_BUFFERS_2048)
  36674. if (*rsaClientPrivKeyBufSz < (word32)sizeof_client_key_der_2048)
  36675. return WC_TEST_RET_ENC_NC;
  36676. XMEMCPY(rsaClientPrivKeyBuf, client_key_der_2048,
  36677. sizeof_client_key_der_2048);
  36678. *rsaClientPrivKeyBufSz = sizeof_client_key_der_2048;
  36679. if (rsaServerPrivKeyBuf != NULL) {
  36680. if (*rsaServerPrivKeyBufSz < (word32)sizeof_server_key_der_2048)
  36681. return WC_TEST_RET_ENC_NC;
  36682. XMEMCPY(rsaServerPrivKeyBuf, server_key_der_2048,
  36683. sizeof_server_key_der_2048);
  36684. *rsaServerPrivKeyBufSz = sizeof_server_key_der_2048;
  36685. }
  36686. if (rsaCaPrivKeyBuf != NULL) {
  36687. if (*rsaCaPrivKeyBufSz < (word32)sizeof_ca_key_der_2048)
  36688. return WC_TEST_RET_ENC_NC;
  36689. XMEMCPY(rsaCaPrivKeyBuf, ca_key_der_2048, sizeof_ca_key_der_2048);
  36690. *rsaCaPrivKeyBufSz = sizeof_ca_key_der_2048;
  36691. }
  36692. #else
  36693. keyFile = XFOPEN(clientKey, "rb");
  36694. if (!keyFile)
  36695. return WC_TEST_RET_ENC_ERRNO;
  36696. *rsaClientPrivKeyBufSz = (word32)XFREAD(rsaClientPrivKeyBuf, 1,
  36697. *rsaClientPrivKeyBufSz, keyFile);
  36698. XFCLOSE(keyFile);
  36699. if (*rsaClientPrivKeyBufSz == 0)
  36700. return WC_TEST_RET_ENC_ERRNO;
  36701. if (rsaServerPrivKeyBuf != NULL) {
  36702. keyFile = XFOPEN(rsaServerKeyDerFile, "rb");
  36703. if (!keyFile)
  36704. return WC_TEST_RET_ENC_ERRNO;
  36705. *rsaServerPrivKeyBufSz = (word32)XFREAD(rsaServerPrivKeyBuf, 1,
  36706. *rsaServerPrivKeyBufSz, keyFile);
  36707. XFCLOSE(keyFile);
  36708. if (*rsaServerPrivKeyBufSz == 0)
  36709. return WC_TEST_RET_ENC_ERRNO;
  36710. }
  36711. if (rsaCaPrivKeyBuf != NULL) {
  36712. keyFile = XFOPEN(rsaCaKeyFile, "rb");
  36713. if (!keyFile)
  36714. return WC_TEST_RET_ENC_ERRNO;
  36715. *rsaCaPrivKeyBufSz = (word32)XFREAD(rsaCaPrivKeyBuf, 1,
  36716. *rsaCaPrivKeyBufSz, keyFile);
  36717. XFCLOSE(keyFile);
  36718. if (*rsaCaPrivKeyBufSz == 0)
  36719. return WC_TEST_RET_ENC_ERRNO;
  36720. }
  36721. #endif /* USE_CERT_BUFFERS */
  36722. #endif /* NO_RSA */
  36723. /* ECC */
  36724. #ifdef HAVE_ECC
  36725. #ifdef USE_CERT_BUFFERS_256
  36726. if (*eccClientCertBufSz < (word32)sizeof_cliecc_cert_der_256)
  36727. return WC_TEST_RET_ENC_NC;
  36728. XMEMCPY(eccClientCertBuf, cliecc_cert_der_256, sizeof_cliecc_cert_der_256);
  36729. *eccClientCertBufSz = sizeof_cliecc_cert_der_256;
  36730. #else
  36731. certFile = XFOPEN(eccClientCert, "rb");
  36732. if (!certFile)
  36733. return WC_TEST_RET_ENC_ERRNO;
  36734. *eccClientCertBufSz = (word32)XFREAD(eccClientCertBuf, 1,
  36735. *eccClientCertBufSz, certFile);
  36736. XFCLOSE(certFile);
  36737. if (*eccClientCertBufSz == 0)
  36738. return WC_TEST_RET_ENC_ERRNO;
  36739. #endif /* USE_CERT_BUFFERS_256 */
  36740. #ifdef USE_CERT_BUFFERS_256
  36741. if (*eccClientPrivKeyBufSz < (word32)sizeof_ecc_clikey_der_256)
  36742. return WC_TEST_RET_ENC_NC;
  36743. XMEMCPY(eccClientPrivKeyBuf, ecc_clikey_der_256, sizeof_ecc_clikey_der_256);
  36744. *eccClientPrivKeyBufSz = sizeof_ecc_clikey_der_256;
  36745. #else
  36746. keyFile = XFOPEN(eccClientKey, "rb");
  36747. if (!keyFile)
  36748. return WC_TEST_RET_ENC_ERRNO;
  36749. *eccClientPrivKeyBufSz = (word32)XFREAD(eccClientPrivKeyBuf, 1,
  36750. *eccClientPrivKeyBufSz, keyFile);
  36751. XFCLOSE(keyFile);
  36752. if (*eccClientPrivKeyBufSz == 0)
  36753. return WC_TEST_RET_ENC_ERRNO;
  36754. #endif /* USE_CERT_BUFFERS_256 */
  36755. #endif /* HAVE_ECC */
  36756. #ifdef NO_RSA
  36757. (void)rsaClientCertBuf;
  36758. (void)rsaClientCertBufSz;
  36759. (void)rsaClientPrivKeyBuf;
  36760. (void)rsaClientPrivKeyBufSz;
  36761. (void)rsaServerCertBuf;
  36762. (void)rsaServerCertBufSz;
  36763. (void)rsaServerPrivKeyBuf;
  36764. (void)rsaServerPrivKeyBufSz;
  36765. (void)rsaCaCertBuf;
  36766. (void)rsaCaCertBufSz;
  36767. (void)rsaCaPrivKeyBuf;
  36768. (void)rsaCaPrivKeyBufSz;
  36769. #endif
  36770. #ifndef HAVE_ECC
  36771. (void)eccClientCertBuf;
  36772. (void)eccClientCertBufSz;
  36773. (void)eccClientPrivKeyBuf;
  36774. (void)eccClientPrivKeyBufSz;
  36775. #endif
  36776. #ifndef NO_FILESYSTEM
  36777. (void)certFile;
  36778. (void)keyFile;
  36779. #endif
  36780. return 0;
  36781. }
  36782. typedef struct {
  36783. const byte* content;
  36784. word32 contentSz;
  36785. int contentOID;
  36786. int encryptOID;
  36787. int keyWrapOID;
  36788. int keyAgreeOID;
  36789. byte* cert;
  36790. size_t certSz;
  36791. byte* privateKey;
  36792. word32 privateKeySz;
  36793. byte* optionalUkm;
  36794. word32 optionalUkmSz;
  36795. int ktriOptions; /* KTRI options flags */
  36796. int kariOptions; /* KARI options flags */
  36797. /* KEKRI specific */
  36798. const byte* secretKey; /* key, only for kekri RecipientInfo types */
  36799. word32 secretKeySz; /* size of secretKey, bytes */
  36800. const byte* secretKeyId; /* key identifier */
  36801. word32 secretKeyIdSz; /* size of key identifier, bytes */
  36802. void* timePtr; /* time_t pointer */
  36803. byte* otherAttrOID; /* OPTIONAL, other attribute OID */
  36804. word32 otherAttrOIDSz; /* size of otherAttrOID, bytes */
  36805. byte* otherAttr; /* OPTIONAL, other attribute, ASN.1 encoded */
  36806. word32 otherAttrSz; /* size of otherAttr, bytes */
  36807. int kekriOptions; /* KEKRI options flags */
  36808. /* PWRI specific */
  36809. const char* password;
  36810. word32 passwordSz;
  36811. const byte* salt;
  36812. word32 saltSz;
  36813. int kdfOID;
  36814. int hashOID;
  36815. int kdfIterations;
  36816. int pwriOptions; /* PWRI options flags */
  36817. /* ORI specific */
  36818. int isOri;
  36819. int oriOptions; /* ORI options flags */
  36820. const char* outFileName;
  36821. } pkcs7EnvelopedVector;
  36822. static const byte asnDataOid[] = {
  36823. 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x07, 0x01
  36824. };
  36825. /* ORI encrypt callback, responsible for encrypting content-encryption key (CEK)
  36826. * and giving wolfCrypt the value for oriOID and oriValue to place in
  36827. * OtherRecipientInfo.
  36828. *
  36829. * Returns 0 on success, negative upon error. */
  36830. static int myOriEncryptCb(PKCS7* pkcs7, byte* cek, word32 cekSz, byte* oriType,
  36831. word32* oriTypeSz, byte* oriValue, word32* oriValueSz,
  36832. void* ctx)
  36833. {
  36834. int i;
  36835. /* make sure buffers are large enough */
  36836. if ((*oriValueSz < (2 + cekSz)) || (*oriTypeSz < sizeof(oriType)))
  36837. return WC_TEST_RET_ENC_NC;
  36838. /* our simple encryption algorithm will be take the bitwise complement */
  36839. oriValue[0] = 0x04; /*ASN OCTET STRING */
  36840. oriValue[1] = (byte)cekSz; /* length */
  36841. for (i = 0; i < (int)cekSz; i++) {
  36842. oriValue[2 + i] = ~cek[i];
  36843. }
  36844. *oriValueSz = 2 + cekSz;
  36845. /* set oriType to ASN.1 encoded data OID */
  36846. XMEMCPY(oriType, asnDataOid, sizeof(asnDataOid));
  36847. *oriTypeSz = sizeof(asnDataOid);
  36848. (void)pkcs7;
  36849. (void)ctx;
  36850. return 0;
  36851. }
  36852. /* ORI decrypt callback, responsible for providing a decrypted content
  36853. * encryption key (CEK) placed into decryptedKey and size placed into
  36854. * decryptedKeySz. oriOID and oriValue are given to the callback to help
  36855. * in decrypting the encrypted CEK.
  36856. *
  36857. * Returns 0 on success, negative upon error. */
  36858. static int myOriDecryptCb(PKCS7* pkcs7, byte* oriType, word32 oriTypeSz,
  36859. byte* oriValue, word32 oriValueSz, byte* decryptedKey,
  36860. word32* decryptedKeySz, void* ctx)
  36861. {
  36862. int i;
  36863. /* make sure oriType matches what we expect */
  36864. if (oriTypeSz != sizeof(asnDataOid))
  36865. return WC_TEST_RET_ENC_NC;
  36866. if (XMEMCMP(oriType, asnDataOid, sizeof(asnDataOid)) != 0)
  36867. return WC_TEST_RET_ENC_NC;
  36868. /* make sure decrypted buffer is large enough */
  36869. if (*decryptedKeySz < oriValueSz)
  36870. return WC_TEST_RET_ENC_NC;
  36871. /* decrypt encrypted CEK using simple bitwise complement,
  36872. only for example */
  36873. for (i = 0; i < (int)oriValueSz - 2; i++) {
  36874. decryptedKey[i] = ~oriValue[2 + i];
  36875. }
  36876. *decryptedKeySz = oriValueSz - 2;
  36877. (void)pkcs7;
  36878. (void)ctx;
  36879. return 0;
  36880. }
  36881. #if !defined(NO_AES) && defined(HAVE_AES_CBC)
  36882. /* returns 0 on success */
  36883. static int myDecryptionFunc(PKCS7* pkcs7, int encryptOID, byte* iv, int ivSz,
  36884. byte* aad, word32 aadSz, byte* authTag, word32 authTagSz,
  36885. byte* in, int inSz, byte* out, void* usrCtx)
  36886. {
  36887. wc_test_ret_t ret;
  36888. int keyId = -1, keySz;
  36889. word32 keyIdSz = 8;
  36890. const byte* key;
  36891. byte keyIdRaw[8];
  36892. #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
  36893. Aes *aes;
  36894. #else
  36895. Aes aes[1];
  36896. #endif
  36897. /* looking for KEY ID
  36898. * fwDecryptKeyID OID "1.2.840.113549.1.9.16.2.37
  36899. */
  36900. WOLFSSL_SMALL_STACK_STATIC const unsigned char OID[] = {
  36901. /* 0x06, 0x0B do not pass in tag and length */
  36902. 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D,
  36903. 0x01, 0x09, 0x10, 0x02, 0x25
  36904. };
  36905. WOLFSSL_SMALL_STACK_STATIC const byte defKey[] = {
  36906. 0x01,0x02,0x03,0x04,0x05,0x06,0x07,0x08,
  36907. 0x01,0x02,0x03,0x04,0x05,0x06,0x07,0x08,
  36908. 0x01,0x02,0x03,0x04,0x05,0x06,0x07,0x08,
  36909. 0x01,0x02,0x03,0x04,0x05,0x06,0x07,0x08
  36910. };
  36911. WOLFSSL_SMALL_STACK_STATIC const byte altKey[] = {
  36912. 0x01,0x02,0x03,0x04,0x05,0x06,0x07,0x08,
  36913. 0x01,0x02,0x03,0x04,0x05,0x06,0x07,0x08
  36914. };
  36915. /* test user context passed in */
  36916. if (usrCtx == NULL || *(int*)usrCtx != 1) {
  36917. return WC_TEST_RET_ENC_NC;
  36918. }
  36919. #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
  36920. if ((aes = (Aes *)XMALLOC(sizeof *aes, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER)) == NULL)
  36921. return WC_TEST_RET_ENC_ERRNO;
  36922. #endif
  36923. /* if needing to find keyIdSz can call with NULL */
  36924. ret = wc_PKCS7_GetAttributeValue(pkcs7, OID, sizeof(OID), NULL,
  36925. &keyIdSz);
  36926. if (ret != LENGTH_ONLY_E) {
  36927. printf("Unexpected error %d when getting keyIdSz\n", ret);
  36928. printf("Possibly no KEY ID attribute set\n");
  36929. ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
  36930. }
  36931. else {
  36932. XMEMSET(keyIdRaw, 0, sizeof(keyIdRaw));
  36933. ret = wc_PKCS7_GetAttributeValue(pkcs7, OID, sizeof(OID), keyIdRaw,
  36934. &keyIdSz);
  36935. if (ret < 0) {
  36936. ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
  36937. }
  36938. if (keyIdSz < 3) {
  36939. printf("keyIdSz is smaller than expected\n");
  36940. ERROR_OUT(WC_TEST_RET_ENC_NC, out);
  36941. }
  36942. if (keyIdSz > 2 + sizeof(int)) {
  36943. printf("example case was only expecting a keyId of int size\n");
  36944. ERROR_OUT(WC_TEST_RET_ENC_NC, out);
  36945. }
  36946. /* keyIdRaw[0] OCTET TAG */
  36947. /* keyIdRaw[1] Length */
  36948. #ifdef BIG_ENDIAN_ORDER
  36949. if (keyIdRaw[1] == 0x01) {
  36950. keyId = 1;
  36951. }
  36952. #else
  36953. XMEMCPY(&keyId, keyIdRaw + 2, sizeof(keyId));
  36954. #endif
  36955. }
  36956. /* Use keyID here if found to select key and decrypt in HSM or in this
  36957. * example just select key and do software decryption */
  36958. if (keyId == 1) {
  36959. key = altKey;
  36960. keySz = sizeof(altKey);
  36961. }
  36962. else {
  36963. key = defKey;
  36964. keySz = sizeof(defKey);
  36965. }
  36966. switch (encryptOID) {
  36967. #ifdef WOLFSSL_AES_256
  36968. case AES256CBCb:
  36969. if ((keySz != 32 ) || (ivSz != AES_BLOCK_SIZE))
  36970. WARNING_OUT(BAD_FUNC_ARG, out);
  36971. break;
  36972. #endif
  36973. #ifdef WOLFSSL_AES_128
  36974. case AES128CBCb:
  36975. if ((keySz != 16 ) || (ivSz != AES_BLOCK_SIZE))
  36976. ERROR_OUT(BAD_FUNC_ARG, out);
  36977. break;
  36978. #endif
  36979. default:
  36980. printf("Unsupported content cipher type for example");
  36981. ERROR_OUT(ALGO_ID_E, out);
  36982. };
  36983. ret = wc_AesInit(aes, HEAP_HINT, INVALID_DEVID);
  36984. if (ret == 0) {
  36985. ret = wc_AesSetKey(aes, key, keySz, iv, AES_DECRYPTION);
  36986. if (ret == 0)
  36987. ret = wc_AesCbcDecrypt(aes, out, in, inSz);
  36988. wc_AesFree(aes);
  36989. }
  36990. out:
  36991. #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
  36992. XFREE(aes, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  36993. #endif
  36994. (void)aad;
  36995. (void)aadSz;
  36996. (void)authTag;
  36997. (void)authTagSz;
  36998. return (int)ret;
  36999. }
  37000. #endif /* !NO_AES && HAVE_AES_CBC */
  37001. #define PKCS7_BUF_SIZE 2048
  37002. static wc_test_ret_t pkcs7enveloped_run_vectors(byte* rsaCert, word32 rsaCertSz,
  37003. byte* rsaPrivKey, word32 rsaPrivKeySz,
  37004. byte* eccCert, word32 eccCertSz,
  37005. byte* eccPrivKey, word32 eccPrivKeySz)
  37006. {
  37007. wc_test_ret_t ret = 0;
  37008. int testSz = 0, i;
  37009. int envelopedSz, decodedSz;
  37010. byte *enveloped = NULL;
  37011. byte *decoded = NULL;
  37012. PKCS7* pkcs7 = NULL;
  37013. #ifdef ECC_TIMING_RESISTANT
  37014. WC_RNG rng;
  37015. #endif
  37016. #ifdef PKCS7_OUTPUT_TEST_BUNDLES
  37017. XFILE pkcs7File;
  37018. #endif
  37019. WOLFSSL_SMALL_STACK_STATIC const byte data[] = { /* Hello World */
  37020. 0x48,0x65,0x6c,0x6c,0x6f,0x20,0x57,0x6f,
  37021. 0x72,0x6c,0x64
  37022. };
  37023. #if !defined(NO_AES) && defined(HAVE_AES_CBC) && defined(WOLFSSL_AES_256) && \
  37024. defined(HAVE_ECC) && defined(WOLFSSL_SHA512)
  37025. byte optionalUkm[] = {
  37026. 0x00,0x01,0x02,0x03,0x04,0x05,0x06,0x07
  37027. };
  37028. #endif /* NO_AES */
  37029. #if !defined(NO_AES) && defined(HAVE_AES_CBC) && defined(WOLFSSL_AES_128) && \
  37030. !defined(NO_SHA)
  37031. /* encryption key for kekri recipient types */
  37032. WOLFSSL_SMALL_STACK_STATIC const byte secretKey[] = {
  37033. 0x00,0x01,0x02,0x03,0x04,0x05,0x06,0x07,
  37034. 0x00,0x01,0x02,0x03,0x04,0x05,0x06,0x07
  37035. };
  37036. /* encryption key identifier */
  37037. WOLFSSL_SMALL_STACK_STATIC const byte secretKeyId[] = {
  37038. 0x02,0x02,0x03,0x04
  37039. };
  37040. #endif
  37041. #if !defined(NO_PWDBASED) && !defined(NO_SHA) && \
  37042. !defined(NO_AES) && defined(HAVE_AES_CBC) && defined(WOLFSSL_AES_128)
  37043. #ifndef HAVE_FIPS
  37044. WOLFSSL_SMALL_STACK_STATIC const char password[] = "password"; /* NOTE: Password is too short for FIPS */
  37045. #else
  37046. WOLFSSL_SMALL_STACK_STATIC const char password[] = "passwordFIPS_MODE";
  37047. #endif
  37048. WOLFSSL_SMALL_STACK_STATIC const byte salt[] = {
  37049. 0x12, 0x34, 0x56, 0x78, 0x78, 0x56, 0x34, 0x12
  37050. };
  37051. #endif
  37052. #define MAX_TESTVECTORS_LEN 13
  37053. #define ADD_PKCS7ENVELOPEDVECTOR(...) { \
  37054. pkcs7EnvelopedVector _this_vector = { __VA_ARGS__ }; \
  37055. if (testSz == MAX_TESTVECTORS_LEN) { \
  37056. ret = WC_TEST_RET_ENC_NC; \
  37057. goto out; \
  37058. } \
  37059. XMEMCPY(&testVectors[testSz++], &_this_vector, sizeof _this_vector);\
  37060. }
  37061. pkcs7EnvelopedVector *testVectors = NULL;
  37062. #ifdef ECC_TIMING_RESISTANT
  37063. XMEMSET(&rng, 0, sizeof(rng));
  37064. #endif
  37065. testVectors = (pkcs7EnvelopedVector *)XMALLOC(MAX_TESTVECTORS_LEN * sizeof(*testVectors),
  37066. HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  37067. if (testVectors == NULL) {
  37068. ret = WC_TEST_RET_ENC_ERRNO;
  37069. goto out;
  37070. }
  37071. {
  37072. /* key transport key encryption technique */
  37073. #ifndef NO_RSA
  37074. #ifndef NO_DES3
  37075. ADD_PKCS7ENVELOPEDVECTOR(
  37076. data, (word32)sizeof(data), DATA, DES3b, 0, 0, rsaCert, rsaCertSz,
  37077. rsaPrivKey, rsaPrivKeySz, NULL, 0, 0, 0, NULL, 0, NULL, 0, NULL, NULL,
  37078. 0, NULL, 0, 0, NULL, 0, NULL, 0, 0, 0, 0, 0, 0, 0,
  37079. "pkcs7envelopedDataDES3.der");
  37080. #endif
  37081. #if !defined(NO_AES) && defined(HAVE_AES_CBC)
  37082. #ifdef WOLFSSL_AES_128
  37083. ADD_PKCS7ENVELOPEDVECTOR(
  37084. data, (word32)sizeof(data), DATA, AES128CBCb, 0, 0, rsaCert, rsaCertSz,
  37085. rsaPrivKey, rsaPrivKeySz, NULL, 0, 0, 0, NULL, 0, NULL, 0, NULL, NULL,
  37086. 0, NULL, 0, 0, NULL, 0, NULL, 0, 0, 0, 0, 0, 0, 0,
  37087. "pkcs7envelopedDataAES128CBC.der");
  37088. #endif
  37089. #ifdef WOLFSSL_AES_192
  37090. ADD_PKCS7ENVELOPEDVECTOR(
  37091. data, (word32)sizeof(data), DATA, AES192CBCb, 0, 0, rsaCert, rsaCertSz,
  37092. rsaPrivKey, rsaPrivKeySz, NULL, 0, 0, 0, NULL, 0, NULL, 0, NULL, NULL,
  37093. 0, NULL, 0, 0, NULL, 0, NULL, 0, 0, 0, 0, 0, 0, 0,
  37094. "pkcs7envelopedDataAES192CBC.der");
  37095. #endif
  37096. #ifdef WOLFSSL_AES_256
  37097. ADD_PKCS7ENVELOPEDVECTOR(
  37098. data, (word32)sizeof(data), DATA, AES256CBCb, 0, 0, rsaCert, rsaCertSz,
  37099. rsaPrivKey, rsaPrivKeySz, NULL, 0, 0, 0, NULL, 0, NULL, 0, NULL, NULL,
  37100. 0, NULL, 0, 0, NULL, 0, NULL, 0, 0, 0, 0, 0, 0, 0,
  37101. "pkcs7envelopedDataAES256CBC.der");
  37102. /* explicitly using SKID for SubjectKeyIdentifier */
  37103. ADD_PKCS7ENVELOPEDVECTOR(
  37104. data, (word32)sizeof(data), DATA, AES256CBCb, 0, 0, rsaCert, rsaCertSz,
  37105. rsaPrivKey, rsaPrivKeySz, NULL, 0, CMS_SKID, 0, NULL, 0, NULL, 0, NULL,
  37106. NULL, 0, NULL, 0, 0, NULL, 0, NULL, 0, 0, 0, 0, 0, 0, 0,
  37107. "pkcs7envelopedDataAES256CBC_SKID.der");
  37108. /* explicitly using IssuerAndSerialNumber for SubjectKeyIdentifier */
  37109. ADD_PKCS7ENVELOPEDVECTOR(
  37110. data, (word32)sizeof(data), DATA, AES256CBCb, 0, 0, rsaCert, rsaCertSz,
  37111. rsaPrivKey, rsaPrivKeySz, NULL, 0, CMS_ISSUER_AND_SERIAL_NUMBER, 0,
  37112. NULL, 0, NULL, 0, NULL, NULL, 0, NULL, 0, 0, NULL, 0, NULL, 0, 0, 0,
  37113. 0, 0, 0, 0, "pkcs7envelopedDataAES256CBC_IANDS.der");
  37114. #endif
  37115. #endif /* !NO_AES && HAVE_AES_CBC */
  37116. #endif
  37117. /* key agreement key encryption technique*/
  37118. #ifdef HAVE_ECC
  37119. #if !defined(NO_AES) && defined(HAVE_AES_CBC)
  37120. #if !defined(NO_SHA) && defined(WOLFSSL_AES_128)
  37121. ADD_PKCS7ENVELOPEDVECTOR(
  37122. data, (word32)sizeof(data), DATA, AES128CBCb, AES128_WRAP,
  37123. dhSinglePass_stdDH_sha1kdf_scheme, eccCert, eccCertSz, eccPrivKey,
  37124. eccPrivKeySz, NULL, 0, 0, 0, NULL, 0, NULL, 0, NULL, NULL, 0, NULL, 0,
  37125. 0, NULL, 0, NULL, 0, 0, 0, 0, 0, 0, 0,
  37126. "pkcs7envelopedDataAES128CBC_ECDH_SHA1KDF.der");
  37127. #endif
  37128. #if !defined(NO_SHA256) && defined(WOLFSSL_AES_256)
  37129. ADD_PKCS7ENVELOPEDVECTOR(
  37130. data, (word32)sizeof(data), DATA, AES256CBCb, AES256_WRAP,
  37131. dhSinglePass_stdDH_sha256kdf_scheme, eccCert, eccCertSz, eccPrivKey,
  37132. eccPrivKeySz, NULL, 0, 0, 0, NULL, 0, NULL, 0, NULL, NULL, 0, NULL, 0,
  37133. 0, NULL, 0, NULL, 0, 0, 0, 0, 0, 0, 0,
  37134. "pkcs7envelopedDataAES256CBC_ECDH_SHA256KDF.der");
  37135. #endif /* NO_SHA256 && WOLFSSL_AES_256 */
  37136. #if defined(WOLFSSL_SHA512) && defined(WOLFSSL_AES_256)
  37137. ADD_PKCS7ENVELOPEDVECTOR(
  37138. data, (word32)sizeof(data), DATA, AES256CBCb, AES256_WRAP,
  37139. dhSinglePass_stdDH_sha512kdf_scheme, eccCert, eccCertSz, eccPrivKey,
  37140. eccPrivKeySz, NULL, 0, 0, 0, NULL, 0, NULL, 0, NULL, NULL, 0, NULL, 0,
  37141. 0, NULL, 0, NULL, 0, 0, 0, 0, 0, 0, 0,
  37142. "pkcs7envelopedDataAES256CBC_ECDH_SHA512KDF.der");
  37143. /* with optional user keying material (ukm) */
  37144. ADD_PKCS7ENVELOPEDVECTOR(
  37145. data, (word32)sizeof(data), DATA, AES256CBCb, AES256_WRAP,
  37146. dhSinglePass_stdDH_sha512kdf_scheme, eccCert, eccCertSz, eccPrivKey,
  37147. eccPrivKeySz, optionalUkm, sizeof(optionalUkm), 0, 0, NULL, 0,
  37148. NULL, 0, NULL, NULL, 0, NULL, 0, 0, NULL, 0, NULL, 0, 0, 0, 0, 0, 0, 0,
  37149. "pkcs7envelopedDataAES256CBC_ECDH_SHA512KDF_ukm.der");
  37150. #endif /* WOLFSSL_SHA512 && WOLFSSL_AES_256 */
  37151. #endif /* !NO_AES && HAVE_AES_CBC */
  37152. #endif
  37153. /* kekri (KEKRecipientInfo) recipient types */
  37154. #if !defined(NO_AES) && defined(HAVE_AES_CBC)
  37155. #if !defined(NO_SHA) && defined(WOLFSSL_AES_128)
  37156. ADD_PKCS7ENVELOPEDVECTOR(
  37157. data, (word32)sizeof(data), DATA, AES128CBCb, AES128_WRAP, 0,
  37158. NULL, 0, NULL, 0, NULL, 0, 0, 0, secretKey, sizeof(secretKey),
  37159. secretKeyId, sizeof(secretKeyId), NULL, NULL, 0, NULL, 0,
  37160. 0, NULL, 0, NULL, 0, 0, 0, 0, 0, 0, 0,
  37161. "pkcs7envelopedDataAES128CBC_KEKRI.der");
  37162. #endif
  37163. #endif /* !NO_AES && HAVE_AES_CBC */
  37164. /* pwri (PasswordRecipientInfo) recipient types */
  37165. #if !defined(NO_PWDBASED) && !defined(NO_AES) && defined(HAVE_AES_CBC)
  37166. #if !defined(NO_SHA) && defined(WOLFSSL_AES_128)
  37167. ADD_PKCS7ENVELOPEDVECTOR(
  37168. data, (word32)sizeof(data), DATA, AES128CBCb, 0, 0,
  37169. NULL, 0, NULL, 0, NULL, 0, 0, 0, NULL, 0,
  37170. NULL, 0, NULL, NULL, 0, NULL, 0, 0, password,
  37171. (word32)XSTRLEN(password), salt, sizeof(salt), PBKDF2_OID, WC_SHA, 5,
  37172. 0, 0, 0, "pkcs7envelopedDataAES128CBC_PWRI.der");
  37173. #endif
  37174. #endif
  37175. #if !defined(NO_AES) && defined(HAVE_AES_CBC) && !defined(NO_AES_128)
  37176. /* ori (OtherRecipientInfo) recipient types */
  37177. ADD_PKCS7ENVELOPEDVECTOR(
  37178. data, (word32)sizeof(data), DATA, AES128CBCb, 0, 0, NULL, 0, NULL, 0,
  37179. NULL, 0, 0, 0, NULL, 0, NULL, 0, NULL, NULL, 0, NULL, 0, 0, NULL, 0,
  37180. NULL, 0, 0, 0, 0, 0, 1, 0, "pkcs7envelopedDataAES128CBC_ORI.der");
  37181. #endif
  37182. };
  37183. #undef MAX_TESTVECTORS_LEN
  37184. #undef ADD_PKCS7ENVELOPEDVECTOR
  37185. enveloped = (byte *)XMALLOC(PKCS7_BUF_SIZE, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  37186. decoded = (byte *)XMALLOC(PKCS7_BUF_SIZE, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  37187. if ((! enveloped) || (! decoded)) {
  37188. ERROR_OUT(WC_TEST_RET_ENC_NC, out);
  37189. }
  37190. #ifdef ECC_TIMING_RESISTANT
  37191. #ifndef HAVE_FIPS
  37192. ret = wc_InitRng_ex(&rng, HEAP_HINT, devId);
  37193. #else
  37194. ret = wc_InitRng(&rng);
  37195. #endif
  37196. if (ret != 0)
  37197. ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
  37198. #endif
  37199. for (i = 0; i < testSz; i++) {
  37200. pkcs7 = wc_PKCS7_New(HEAP_HINT,
  37201. #ifdef WOLFSSL_ASYNC_CRYPT
  37202. INVALID_DEVID /* async PKCS7 is not supported */
  37203. #else
  37204. devId
  37205. #endif
  37206. );
  37207. if (pkcs7 == NULL) {
  37208. ERROR_OUT(WC_TEST_RET_ENC_ERRNO, out);
  37209. }
  37210. if (testVectors[i].secretKey != NULL) {
  37211. /* KEKRI recipient type */
  37212. ret = wc_PKCS7_Init(pkcs7, pkcs7->heap, pkcs7->devId);
  37213. if (ret != 0)
  37214. ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
  37215. pkcs7->content = (byte*)testVectors[i].content;
  37216. pkcs7->contentSz = testVectors[i].contentSz;
  37217. pkcs7->contentOID = testVectors[i].contentOID;
  37218. pkcs7->encryptOID = testVectors[i].encryptOID;
  37219. pkcs7->ukm = testVectors[i].optionalUkm;
  37220. pkcs7->ukmSz = testVectors[i].optionalUkmSz;
  37221. ret = wc_PKCS7_AddRecipient_KEKRI(pkcs7, testVectors[i].keyWrapOID,
  37222. (byte *)testVectors[i].secretKey, testVectors[i].secretKeySz,
  37223. (byte *)testVectors[i].secretKeyId, testVectors[i].secretKeyIdSz,
  37224. testVectors[i].timePtr, testVectors[i].otherAttrOID,
  37225. testVectors[i].otherAttrOIDSz, testVectors[i].otherAttr,
  37226. testVectors[i].otherAttrSz, testVectors[i].kekriOptions);
  37227. if (ret < 0) {
  37228. wc_PKCS7_Free(pkcs7);
  37229. ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
  37230. }
  37231. /* set key, for decryption */
  37232. ret = wc_PKCS7_SetKey(pkcs7, (byte *)testVectors[i].secretKey,
  37233. testVectors[i].secretKeySz);
  37234. if (ret != 0) {
  37235. wc_PKCS7_Free(pkcs7);
  37236. ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
  37237. }
  37238. } else if (testVectors[i].password != NULL) {
  37239. #if !defined(NO_PWDBASED) && !defined(NO_SHA)
  37240. /* PWRI recipient type */
  37241. ret = wc_PKCS7_Init(pkcs7, pkcs7->heap, pkcs7->devId);
  37242. if (ret != 0)
  37243. ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
  37244. pkcs7->content = (byte*)testVectors[i].content;
  37245. pkcs7->contentSz = testVectors[i].contentSz;
  37246. pkcs7->contentOID = testVectors[i].contentOID;
  37247. pkcs7->encryptOID = testVectors[i].encryptOID;
  37248. pkcs7->ukm = testVectors[i].optionalUkm;
  37249. pkcs7->ukmSz = testVectors[i].optionalUkmSz;
  37250. ret = wc_PKCS7_AddRecipient_PWRI(pkcs7,
  37251. (byte *)testVectors[i].password, testVectors[i].passwordSz,
  37252. (byte *)testVectors[i].salt, testVectors[i].saltSz,
  37253. testVectors[i].kdfOID,
  37254. testVectors[i].hashOID, testVectors[i].kdfIterations,
  37255. testVectors[i].encryptOID, testVectors[i].pwriOptions);
  37256. if (ret < 0) {
  37257. wc_PKCS7_Free(pkcs7);
  37258. ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
  37259. }
  37260. /* set password, for decryption */
  37261. ret = wc_PKCS7_SetPassword(pkcs7, (byte*)testVectors[i].password,
  37262. testVectors[i].passwordSz);
  37263. if (ret < 0) {
  37264. wc_PKCS7_Free(pkcs7);
  37265. ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
  37266. }
  37267. #endif /* ! NO_PWDBASED && ! NO_SHA */
  37268. } else if (testVectors[i].isOri == 1) {
  37269. /* ORI recipient type */
  37270. ret = wc_PKCS7_Init(pkcs7, pkcs7->heap, pkcs7->devId);
  37271. if (ret != 0)
  37272. ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
  37273. pkcs7->content = (byte*)testVectors[i].content;
  37274. pkcs7->contentSz = testVectors[i].contentSz;
  37275. pkcs7->contentOID = testVectors[i].contentOID;
  37276. pkcs7->encryptOID = testVectors[i].encryptOID;
  37277. ret = wc_PKCS7_AddRecipient_ORI(pkcs7, myOriEncryptCb,
  37278. testVectors[i].oriOptions);
  37279. if (ret < 0) {
  37280. wc_PKCS7_Free(pkcs7);
  37281. ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
  37282. }
  37283. /* set decrypt callback for decryption */
  37284. ret = wc_PKCS7_SetOriDecryptCb(pkcs7, myOriDecryptCb);
  37285. if (ret < 0) {
  37286. wc_PKCS7_Free(pkcs7);
  37287. ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
  37288. }
  37289. } else {
  37290. /* KTRI or KARI recipient types */
  37291. ret = wc_PKCS7_Init(pkcs7, pkcs7->heap, pkcs7->devId);
  37292. if (ret != 0)
  37293. ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
  37294. ret = wc_PKCS7_InitWithCert(pkcs7, testVectors[i].cert,
  37295. (word32)testVectors[i].certSz);
  37296. if (ret != 0) {
  37297. wc_PKCS7_Free(pkcs7);
  37298. ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
  37299. }
  37300. pkcs7->keyWrapOID = testVectors[i].keyWrapOID;
  37301. pkcs7->keyAgreeOID = testVectors[i].keyAgreeOID;
  37302. pkcs7->privateKey = testVectors[i].privateKey;
  37303. pkcs7->privateKeySz = testVectors[i].privateKeySz;
  37304. pkcs7->content = (byte*)testVectors[i].content;
  37305. pkcs7->contentSz = testVectors[i].contentSz;
  37306. pkcs7->contentOID = testVectors[i].contentOID;
  37307. pkcs7->encryptOID = testVectors[i].encryptOID;
  37308. pkcs7->ukm = testVectors[i].optionalUkm;
  37309. pkcs7->ukmSz = testVectors[i].optionalUkmSz;
  37310. /* set SubjectIdentifier type for KTRI types */
  37311. if (testVectors[i].ktriOptions & CMS_SKID) {
  37312. ret = wc_PKCS7_SetSignerIdentifierType(pkcs7, CMS_SKID);
  37313. if (ret != 0) {
  37314. wc_PKCS7_Free(pkcs7);
  37315. ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
  37316. }
  37317. } else if (testVectors[i].ktriOptions &
  37318. CMS_ISSUER_AND_SERIAL_NUMBER) {
  37319. ret = wc_PKCS7_SetSignerIdentifierType(pkcs7,
  37320. CMS_ISSUER_AND_SERIAL_NUMBER);
  37321. if (ret != 0) {
  37322. wc_PKCS7_Free(pkcs7);
  37323. ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
  37324. }
  37325. }
  37326. }
  37327. #ifdef ECC_TIMING_RESISTANT
  37328. pkcs7->rng = &rng;
  37329. #endif
  37330. /* encode envelopedData */
  37331. envelopedSz = wc_PKCS7_EncodeEnvelopedData(pkcs7, enveloped,
  37332. PKCS7_BUF_SIZE);
  37333. if (envelopedSz <= 0) {
  37334. wc_PKCS7_Free(pkcs7);
  37335. ERROR_OUT(WC_TEST_RET_ENC_EC(envelopedSz), out);
  37336. }
  37337. /* decode envelopedData */
  37338. pkcs7->contentOID = 0;
  37339. decodedSz = wc_PKCS7_DecodeEnvelopedData(pkcs7, enveloped, envelopedSz,
  37340. decoded, PKCS7_BUF_SIZE);
  37341. if (pkcs7->contentOID != testVectors[i].contentOID ||
  37342. decodedSz <= 0) {
  37343. wc_PKCS7_Free(pkcs7);
  37344. ERROR_OUT(WC_TEST_RET_ENC_EC(decodedSz), out);
  37345. }
  37346. /* test decode result */
  37347. if (XMEMCMP(decoded, data, sizeof(data)) != 0){
  37348. wc_PKCS7_Free(pkcs7);
  37349. ERROR_OUT(WC_TEST_RET_ENC_NC, out);
  37350. }
  37351. #ifndef NO_PKCS7_STREAM
  37352. { /* test reading byte by byte */
  37353. int z;
  37354. for (z = 0; z < envelopedSz; z++) {
  37355. decodedSz = wc_PKCS7_DecodeEnvelopedData(pkcs7, enveloped + z, 1,
  37356. decoded, PKCS7_BUF_SIZE);
  37357. if (decodedSz <= 0 && decodedSz != WC_PKCS7_WANT_READ_E) {
  37358. printf("unexpected error %d\n", decodedSz);
  37359. ERROR_OUT(WC_TEST_RET_ENC_EC(decodedSz), out);
  37360. }
  37361. }
  37362. /* test decode result */
  37363. if (XMEMCMP(decoded, data, sizeof(data)) != 0) {
  37364. printf("stream read compare failed\n");
  37365. wc_PKCS7_Free(pkcs7);
  37366. ERROR_OUT(WC_TEST_RET_ENC_NC, out);
  37367. }
  37368. }
  37369. #endif
  37370. #ifdef PKCS7_OUTPUT_TEST_BUNDLES
  37371. /* output pkcs7 envelopedData for external testing */
  37372. pkcs7File = XFOPEN(testVectors[i].outFileName, "wb");
  37373. if (!pkcs7File) {
  37374. wc_PKCS7_Free(pkcs7);
  37375. ERROR_OUT(WC_TEST_RET_ENC_ERRNO, out);
  37376. }
  37377. ret = (int)XFWRITE(enveloped, 1, envelopedSz, pkcs7File);
  37378. XFCLOSE(pkcs7File);
  37379. if (ret != envelopedSz) {
  37380. wc_PKCS7_Free(pkcs7);
  37381. ERROR_OUT(WC_TEST_RET_ENC_ERRNO, out);
  37382. } else {
  37383. /* reset ret to 0 for success */
  37384. ret = 0;
  37385. }
  37386. #endif /* PKCS7_OUTPUT_TEST_BUNDLES */
  37387. wc_PKCS7_Free(pkcs7);
  37388. pkcs7 = NULL;
  37389. }
  37390. #ifdef ECC_TIMING_RESISTANT
  37391. wc_FreeRng(&rng);
  37392. #endif
  37393. (void)eccCert;
  37394. (void)eccCertSz;
  37395. (void)eccPrivKey;
  37396. (void)eccPrivKeySz;
  37397. (void)rsaCert;
  37398. (void)rsaCertSz;
  37399. (void)rsaPrivKey;
  37400. (void)rsaPrivKeySz;
  37401. out:
  37402. if (testVectors)
  37403. XFREE(testVectors, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  37404. if (enveloped)
  37405. XFREE(enveloped, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  37406. if (decoded)
  37407. XFREE(decoded, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  37408. return ret;
  37409. }
  37410. WOLFSSL_TEST_SUBROUTINE wc_test_ret_t pkcs7enveloped_test(void)
  37411. {
  37412. wc_test_ret_t ret = 0;
  37413. byte* rsaCert = NULL;
  37414. byte* rsaPrivKey = NULL;
  37415. word32 rsaCertSz = 0;
  37416. word32 rsaPrivKeySz = 0;
  37417. byte* eccCert = NULL;
  37418. byte* eccPrivKey = NULL;
  37419. word32 eccCertSz = 0;
  37420. word32 eccPrivKeySz = 0;
  37421. #ifndef NO_RSA
  37422. /* read client RSA cert and key in DER format */
  37423. rsaCert = (byte*)XMALLOC(FOURK_BUF, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  37424. if (rsaCert == NULL)
  37425. return WC_TEST_RET_ENC_ERRNO;
  37426. rsaPrivKey = (byte*)XMALLOC(FOURK_BUF, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  37427. if (rsaPrivKey == NULL) {
  37428. XFREE(rsaCert, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  37429. return WC_TEST_RET_ENC_NC;
  37430. }
  37431. rsaCertSz = FOURK_BUF;
  37432. rsaPrivKeySz = FOURK_BUF;
  37433. #endif /* NO_RSA */
  37434. #ifdef HAVE_ECC
  37435. /* read client ECC cert and key in DER format */
  37436. eccCert = (byte*)XMALLOC(FOURK_BUF, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  37437. if (eccCert == NULL) {
  37438. #ifndef NO_RSA
  37439. XFREE(rsaCert, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  37440. XFREE(rsaPrivKey, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  37441. #endif
  37442. return WC_TEST_RET_ENC_NC;
  37443. }
  37444. eccPrivKey =(byte*)XMALLOC(FOURK_BUF, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  37445. if (eccPrivKey == NULL) {
  37446. #ifndef NO_RSA
  37447. XFREE(rsaCert, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  37448. XFREE(rsaPrivKey, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  37449. #endif
  37450. XFREE(eccCert, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  37451. return WC_TEST_RET_ENC_NC;
  37452. }
  37453. eccCertSz = FOURK_BUF;
  37454. eccPrivKeySz = FOURK_BUF;
  37455. #endif /* HAVE_ECC */
  37456. ret = pkcs7_load_certs_keys(rsaCert, &rsaCertSz, rsaPrivKey,
  37457. &rsaPrivKeySz, NULL, NULL, NULL, NULL,
  37458. NULL, NULL, NULL, NULL, eccCert, &eccCertSz,
  37459. eccPrivKey, &eccPrivKeySz);
  37460. if (ret < 0) {
  37461. #ifndef NO_RSA
  37462. XFREE(rsaCert, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  37463. XFREE(rsaPrivKey, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  37464. #endif
  37465. #ifdef HAVE_ECC
  37466. XFREE(eccCert, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  37467. XFREE(eccPrivKey, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  37468. #endif
  37469. return WC_TEST_RET_ENC_EC(ret);
  37470. }
  37471. ret = pkcs7enveloped_run_vectors(rsaCert, (word32)rsaCertSz,
  37472. rsaPrivKey, (word32)rsaPrivKeySz,
  37473. eccCert, (word32)eccCertSz,
  37474. eccPrivKey, (word32)eccPrivKeySz);
  37475. #ifndef NO_RSA
  37476. XFREE(rsaCert, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  37477. XFREE(rsaPrivKey, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  37478. #endif
  37479. #ifdef HAVE_ECC
  37480. XFREE(eccCert, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  37481. XFREE(eccPrivKey, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  37482. #endif
  37483. return ret;
  37484. }
  37485. #if defined(HAVE_AESGCM) || defined(HAVE_AESCCM)
  37486. typedef struct {
  37487. const byte* content;
  37488. word32 contentSz;
  37489. int contentOID;
  37490. int encryptOID;
  37491. int keyWrapOID;
  37492. int keyAgreeOID;
  37493. byte* cert;
  37494. size_t certSz;
  37495. byte* privateKey;
  37496. word32 privateKeySz;
  37497. PKCS7Attrib* authAttribs;
  37498. word32 authAttribsSz;
  37499. PKCS7Attrib* unauthAttribs;
  37500. word32 unauthAttribsSz;
  37501. /* KARI / KTRI specific */
  37502. byte* optionalUkm;
  37503. word32 optionalUkmSz;
  37504. int ktriOptions; /* KTRI options flags */
  37505. int kariOptions; /* KARI options flags */
  37506. /* KEKRI specific */
  37507. byte* secretKey; /* key, only for kekri RecipientInfo types */
  37508. word32 secretKeySz; /* size of secretKey, bytes */
  37509. byte* secretKeyId; /* key identifier */
  37510. word32 secretKeyIdSz; /* size of key identifier, bytes */
  37511. void* timePtr; /* time_t pointer */
  37512. byte* otherAttrOID; /* OPTIONAL, other attribute OID */
  37513. word32 otherAttrOIDSz; /* size of otherAttrOID, bytes */
  37514. byte* otherAttr; /* OPTIONAL, other attribute, ASN.1 encoded */
  37515. word32 otherAttrSz; /* size of otherAttr, bytes */
  37516. int kekriOptions; /* KEKRI options flags */
  37517. /* PWRI specific */
  37518. char* password; /* password */
  37519. word32 passwordSz; /* password size, bytes */
  37520. byte* salt; /* KDF salt */
  37521. word32 saltSz; /* KDF salt size, bytes */
  37522. int kdfOID; /* KDF OID */
  37523. int hashOID; /* KDF hash algorithm OID */
  37524. int kdfIterations; /* KDF iterations */
  37525. int kekEncryptOID; /* KEK encryption algorithm OID */
  37526. int pwriOptions; /* PWRI options flags */
  37527. /* ORI specific */
  37528. int isOri;
  37529. int oriOptions; /* ORI options flags */
  37530. const char* outFileName;
  37531. } pkcs7AuthEnvelopedVector;
  37532. static wc_test_ret_t pkcs7authenveloped_run_vectors(byte* rsaCert, word32 rsaCertSz,
  37533. byte* rsaPrivKey, word32 rsaPrivKeySz,
  37534. byte* eccCert, word32 eccCertSz,
  37535. byte* eccPrivKey, word32 eccPrivKeySz)
  37536. {
  37537. wc_test_ret_t ret = 0;
  37538. int testSz = 0, i;
  37539. int envelopedSz, decodedSz;
  37540. byte *enveloped = NULL;
  37541. byte *decoded = NULL;
  37542. WC_RNG rng;
  37543. PKCS7* pkcs7;
  37544. #ifdef PKCS7_OUTPUT_TEST_BUNDLES
  37545. XFILE pkcs7File;
  37546. #endif
  37547. WOLFSSL_SMALL_STACK_STATIC const byte data[] = { /* Hello World */
  37548. 0x48,0x65,0x6c,0x6c,0x6f,0x20,0x57,0x6f,
  37549. 0x72,0x6c,0x64
  37550. };
  37551. byte senderNonce[PKCS7_NONCE_SZ + 2];
  37552. #ifdef HAVE_ECC
  37553. #if !defined(NO_AES) && defined(HAVE_AESGCM)
  37554. #if !defined(NO_SHA256) && defined(WOLFSSL_AES_256)
  37555. WOLFSSL_SMALL_STACK_STATIC const byte senderNonceOid[] =
  37556. { 0x06, 0x0a, 0x60, 0x86, 0x48, 0x01, 0x86, 0xF8, 0x45, 0x01,
  37557. 0x09, 0x05 };
  37558. PKCS7Attrib attribs[] =
  37559. {
  37560. { senderNonceOid, sizeof(senderNonceOid), senderNonce,
  37561. sizeof(senderNonce) }
  37562. };
  37563. #endif
  37564. #endif
  37565. #endif
  37566. #if !defined(NO_AES) && defined(WOLFSSL_AES_256) && defined(HAVE_ECC) && \
  37567. defined(WOLFSSL_SHA512) && defined(HAVE_AESGCM)
  37568. WOLFSSL_SMALL_STACK_STATIC const byte optionalUkm[] = {
  37569. 0x00,0x01,0x02,0x03,0x04,0x05,0x06,0x07
  37570. };
  37571. #endif /* NO_AES */
  37572. #if !defined(NO_AES) && !defined(NO_SHA) && defined(WOLFSSL_AES_128)
  37573. /* encryption key for kekri recipient types */
  37574. WOLFSSL_SMALL_STACK_STATIC const byte secretKey[] = {
  37575. 0x00,0x01,0x02,0x03,0x04,0x05,0x06,0x07,
  37576. 0x00,0x01,0x02,0x03,0x04,0x05,0x06,0x07
  37577. };
  37578. /* encryption key identifier */
  37579. WOLFSSL_SMALL_STACK_STATIC const byte secretKeyId[] = {
  37580. 0x02,0x02,0x03,0x04
  37581. };
  37582. #endif
  37583. #if !defined(NO_PWDBASED) && !defined(NO_AES) && defined(HAVE_AESGCM) && \
  37584. !defined(NO_SHA) && defined(HAVE_AES_CBC) && defined(WOLFSSL_AES_128)
  37585. #ifndef HAVE_FIPS
  37586. WOLFSSL_SMALL_STACK_STATIC const char password[] = "password";
  37587. #else
  37588. WOLFSSL_SMALL_STACK_STATIC const char password[] = "passwordFIPS_MODE";
  37589. #endif
  37590. WOLFSSL_SMALL_STACK_STATIC const byte salt[] = {
  37591. 0x12, 0x34, 0x56, 0x78, 0x78, 0x56, 0x34, 0x12
  37592. };
  37593. #endif
  37594. #define MAX_TESTVECTORS_LEN 20
  37595. #define ADD_PKCS7AUTHENVELOPEDVECTOR(...) { \
  37596. pkcs7AuthEnvelopedVector _this_vector = { __VA_ARGS__ }; \
  37597. if (testSz == MAX_TESTVECTORS_LEN) { \
  37598. ret = WC_TEST_RET_ENC_NC; \
  37599. goto out; \
  37600. } \
  37601. XMEMCPY(&testVectors[testSz++], &_this_vector, \
  37602. sizeof _this_vector); \
  37603. }
  37604. pkcs7AuthEnvelopedVector *testVectors = NULL;
  37605. XMEMSET(&rng, 0, sizeof(rng));
  37606. testVectors = (pkcs7AuthEnvelopedVector *)XMALLOC(MAX_TESTVECTORS_LEN * sizeof(*testVectors),
  37607. HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  37608. if (testVectors == NULL) {
  37609. ret = WC_TEST_RET_ENC_ERRNO;
  37610. goto out;
  37611. }
  37612. {
  37613. /* key transport key encryption technique */
  37614. #ifndef NO_RSA
  37615. #if !defined(NO_AES) && defined(HAVE_AESGCM)
  37616. #ifdef WOLFSSL_AES_128
  37617. ADD_PKCS7AUTHENVELOPEDVECTOR(
  37618. data, (word32)sizeof(data), DATA, AES128GCMb, 0, 0, rsaCert, rsaCertSz,
  37619. rsaPrivKey, rsaPrivKeySz, NULL, 0, NULL, 0, NULL, 0, 0, 0, NULL, 0,
  37620. NULL, 0, NULL, NULL, 0, NULL, 0, 0, NULL, 0, NULL, 0, 0, 0, 0, 0, 0,
  37621. 0, 0, "pkcs7authEnvelopedDataAES128GCM.der");
  37622. #endif
  37623. #ifdef WOLFSSL_AES_192
  37624. ADD_PKCS7AUTHENVELOPEDVECTOR(
  37625. data, (word32)sizeof(data), DATA, AES192GCMb, 0, 0, rsaCert, rsaCertSz,
  37626. rsaPrivKey, rsaPrivKeySz, NULL, 0, NULL, 0, NULL, 0, 0, 0, NULL, 0,
  37627. NULL, 0, NULL, NULL, 0, NULL, 0, 0, NULL, 0, NULL, 0, 0, 0, 0, 0, 0,
  37628. 0, 0, "pkcs7authEnvelopedDataAES192GCM.der");
  37629. #endif
  37630. #ifdef WOLFSSL_AES_256
  37631. ADD_PKCS7AUTHENVELOPEDVECTOR(
  37632. data, (word32)sizeof(data), DATA, AES256GCMb, 0, 0, rsaCert, rsaCertSz,
  37633. rsaPrivKey, rsaPrivKeySz, NULL, 0, NULL, 0, NULL, 0, 0, 0, NULL, 0,
  37634. NULL, 0, NULL, NULL, 0, NULL, 0, 0, NULL, 0, NULL, 0, 0, 0, 0, 0, 0,
  37635. 0, 0, "pkcs7authEnvelopedDataAES256GCM.der");
  37636. /* test with contentType set to FirmwarePkgData */
  37637. ADD_PKCS7AUTHENVELOPEDVECTOR(
  37638. data, (word32)sizeof(data), FIRMWARE_PKG_DATA, AES256GCMb, 0, 0,
  37639. rsaCert, rsaCertSz, rsaPrivKey, rsaPrivKeySz, NULL, 0, NULL, 0, NULL,
  37640. 0, 0, 0, NULL, 0, NULL, 0, NULL, NULL, 0, NULL, 0, 0, NULL, 0, NULL,
  37641. 0, 0, 0, 0, 0, 0, 0, 0,
  37642. "pkcs7authEnvelopedDataAES256GCM_firmwarePkgData.der");
  37643. /* explicitly using SKID for SubjectKeyIdentifier */
  37644. ADD_PKCS7AUTHENVELOPEDVECTOR(
  37645. data, (word32)sizeof(data), DATA, AES256GCMb, 0, 0, rsaCert, rsaCertSz,
  37646. rsaPrivKey, rsaPrivKeySz, NULL, 0, NULL, 0, NULL, 0, CMS_SKID, 0,
  37647. NULL, 0, NULL, 0, NULL, NULL, 0, NULL, 0, 0, NULL, 0, NULL, 0, 0, 0,
  37648. 0, 0, 0, 0, 0, "pkcs7authEnvelopedDataAES256GCM_SKID.der");
  37649. /* explicitly using IssuerAndSerialNumber for SubjectKeyIdentifier */
  37650. ADD_PKCS7AUTHENVELOPEDVECTOR(
  37651. data, (word32)sizeof(data), DATA, AES256GCMb, 0, 0, rsaCert, rsaCertSz,
  37652. rsaPrivKey, rsaPrivKeySz, NULL, 0, NULL, 0, NULL, 0,
  37653. CMS_ISSUER_AND_SERIAL_NUMBER, 0, NULL, 0, NULL, 0, NULL, NULL, 0,
  37654. NULL, 0, 0, NULL, 0, NULL, 0, 0, 0, 0, 0, 0, 0, 0,
  37655. "pkcs7authEnvelopedDataAES256GCM_IANDS.der");
  37656. #endif
  37657. #else /* NO_AES || !HAVE_AESGCM */
  37658. (void)rsaCert;
  37659. (void)rsaCertSz;
  37660. (void)rsaPrivKey;
  37661. (void)rsaPrivKeySz;
  37662. #endif /* NO_AES || !HAVE_AESGCM */
  37663. #endif
  37664. /* key agreement key encryption technique*/
  37665. #ifdef HAVE_ECC
  37666. #if !defined(NO_AES) && defined(HAVE_AESGCM)
  37667. #if !defined(NO_SHA) && defined(WOLFSSL_AES_128)
  37668. ADD_PKCS7AUTHENVELOPEDVECTOR(
  37669. data, (word32)sizeof(data), DATA, AES128GCMb, AES128_WRAP,
  37670. dhSinglePass_stdDH_sha1kdf_scheme, eccCert, eccCertSz, eccPrivKey,
  37671. eccPrivKeySz, NULL, 0, NULL, 0, NULL, 0, 0, 0, NULL, 0, NULL, 0,
  37672. NULL, NULL, 0, NULL, 0, 0, NULL, 0, NULL, 0, 0, 0, 0, 0, 0, 0, 0,
  37673. "pkcs7authEnvelopedDataAES128GCM_ECDH_SHA1KDF.der");
  37674. #endif
  37675. #if !defined(NO_SHA256) && defined(WOLFSSL_AES_256)
  37676. ADD_PKCS7AUTHENVELOPEDVECTOR(
  37677. data, (word32)sizeof(data), DATA, AES256GCMb, AES256_WRAP,
  37678. dhSinglePass_stdDH_sha256kdf_scheme, eccCert, eccCertSz, eccPrivKey,
  37679. eccPrivKeySz, NULL, 0, NULL, 0, NULL, 0, 0, 0, NULL, 0, NULL, 0,
  37680. NULL, NULL, 0, NULL, 0, 0, NULL, 0, NULL, 0, 0, 0, 0, 0, 0, 0, 0,
  37681. "pkcs7authEnvelopedDataAES256GCM_ECDH_SHA256KDF.der");
  37682. /* with authenticated attributes */
  37683. ADD_PKCS7AUTHENVELOPEDVECTOR(
  37684. data, (word32)sizeof(data), DATA, AES256GCMb, AES256_WRAP,
  37685. dhSinglePass_stdDH_sha256kdf_scheme, eccCert, eccCertSz, eccPrivKey,
  37686. eccPrivKeySz, attribs, (sizeof(attribs) / sizeof(PKCS7Attrib)),
  37687. NULL, 0, NULL, 0, 0, 0, NULL, 0,
  37688. NULL, 0, NULL, NULL, 0, NULL, 0, 0, NULL, 0, NULL, 0, 0, 0, 0, 0,
  37689. 0, 0, 0,
  37690. "pkcs7authEnvelopedDataAES256GCM_ECDH_SHA256KDF_authAttribs.der");
  37691. /* with unauthenticated attributes */
  37692. ADD_PKCS7AUTHENVELOPEDVECTOR(
  37693. data, (word32)sizeof(data), DATA, AES256GCMb, AES256_WRAP,
  37694. dhSinglePass_stdDH_sha256kdf_scheme, eccCert, eccCertSz, eccPrivKey,
  37695. eccPrivKeySz, NULL, 0, attribs,
  37696. (sizeof(attribs) / sizeof(PKCS7Attrib)), NULL, 0, 0, 0, NULL, 0,
  37697. NULL, 0, NULL, NULL, 0, NULL, 0, 0, NULL, 0, NULL, 0, 0, 0, 0, 0,
  37698. 0, 0, 0,
  37699. "pkcs7authEnvelopedDataAES256GCM_ECDH_SHA256KDF_unauthAttribs.der");
  37700. /* with authenticated AND unauthenticated attributes */
  37701. ADD_PKCS7AUTHENVELOPEDVECTOR(
  37702. data, (word32)sizeof(data), DATA, AES256GCMb, AES256_WRAP,
  37703. dhSinglePass_stdDH_sha256kdf_scheme, eccCert, eccCertSz, eccPrivKey,
  37704. eccPrivKeySz, attribs, (sizeof(attribs) / sizeof(PKCS7Attrib)),
  37705. attribs, (sizeof(attribs) / sizeof(PKCS7Attrib)), NULL, 0, 0, 0,
  37706. NULL, 0, NULL, 0, NULL, NULL, 0, NULL, 0, 0, NULL, 0, NULL, 0, 0,
  37707. 0, 0, 0, 0, 0, 0,
  37708. "pkcs7authEnvelopedDataAES256GCM_ECDH_SHA256KDF_bothAttribs.der");
  37709. /* with authenticated AND unauthenticated attributes AND
  37710. * contentType of FirmwarePkgData */
  37711. ADD_PKCS7AUTHENVELOPEDVECTOR(
  37712. data, (word32)sizeof(data), FIRMWARE_PKG_DATA, AES256GCMb, AES256_WRAP,
  37713. dhSinglePass_stdDH_sha256kdf_scheme, eccCert, eccCertSz, eccPrivKey,
  37714. eccPrivKeySz, attribs, (sizeof(attribs) / sizeof(PKCS7Attrib)),
  37715. attribs, (sizeof(attribs) / sizeof(PKCS7Attrib)), NULL, 0, 0, 0,
  37716. NULL, 0, NULL, 0, NULL, NULL, 0, NULL, 0, 0, NULL, 0, NULL, 0, 0,
  37717. 0, 0, 0, 0, 0, 0,
  37718. "pkcs7authEnvelopedDataAES256GCM_ECDH_SHA256KDF_fw_bothAttribs.der");
  37719. #endif /* NO_SHA256 && WOLFSSL_AES_256 */
  37720. #if defined(WOLFSSL_SHA512) && defined(WOLFSSL_AES_256)
  37721. ADD_PKCS7AUTHENVELOPEDVECTOR(
  37722. data, (word32)sizeof(data), DATA, AES256GCMb, AES256_WRAP,
  37723. dhSinglePass_stdDH_sha512kdf_scheme, eccCert, eccCertSz, eccPrivKey,
  37724. eccPrivKeySz, NULL, 0, NULL, 0, NULL, 0, 0, 0, NULL, 0, NULL, 0, NULL,
  37725. NULL, 0, NULL, 0, 0, NULL, 0, NULL, 0, 0, 0, 0, 0, 0, 0, 0,
  37726. "pkcs7authEnvelopedDataAES256GCM_ECDH_SHA512KDF.der");
  37727. /* with optional user keying material (ukm) */
  37728. ADD_PKCS7AUTHENVELOPEDVECTOR(
  37729. data, (word32)sizeof(data), DATA, AES256GCMb, AES256_WRAP,
  37730. dhSinglePass_stdDH_sha512kdf_scheme, eccCert, eccCertSz, eccPrivKey,
  37731. eccPrivKeySz, NULL, 0, NULL, 0, (byte *)optionalUkm, sizeof(optionalUkm), 0,
  37732. 0, NULL, 0, NULL, 0, NULL, NULL, 0, NULL, 0, 0, NULL, 0, NULL, 0, 0,
  37733. 0, 0, 0, 0, 0, 0,
  37734. "pkcs7authEnvelopedDataAES256GCM_ECDH_SHA512KDF_ukm.der");
  37735. #endif /* WOLFSSL_SHA512 && WOLFSSL_AES_256 */
  37736. #endif /* NO_AES */
  37737. #endif
  37738. /* kekri (KEKRecipientInfo) recipient types */
  37739. #if !defined(NO_AES) && defined(HAVE_AESGCM)
  37740. #if !defined(NO_SHA) && defined(WOLFSSL_AES_128)
  37741. ADD_PKCS7AUTHENVELOPEDVECTOR(
  37742. data, (word32)sizeof(data), DATA, AES128GCMb, AES128_WRAP, 0,
  37743. NULL, 0, NULL, 0, NULL, 0, NULL, 0, NULL, 0, 0, 0,
  37744. (byte *)secretKey, sizeof(secretKey), (byte *)secretKeyId, sizeof(secretKeyId),
  37745. NULL, NULL, 0, NULL, 0, 0, NULL, 0, NULL, 0, 0, 0, 0, 0, 0, 0, 0,
  37746. "pkcs7authEnvelopedDataAES128GCM_KEKRI.der");
  37747. #endif
  37748. #endif
  37749. /* pwri (PasswordRecipientInfo) recipient types */
  37750. #if !defined(NO_PWDBASED) && !defined(NO_AES) && defined(HAVE_AESGCM)
  37751. #if !defined(NO_SHA) && defined(HAVE_AES_CBC) && defined(WOLFSSL_AES_128)
  37752. ADD_PKCS7AUTHENVELOPEDVECTOR(
  37753. data, (word32)sizeof(data), DATA, AES128GCMb, 0, 0,
  37754. NULL, 0, NULL, 0, NULL, 0, NULL, 0, NULL, 0, 0, 0, NULL, 0,
  37755. NULL, 0, NULL, NULL, 0, NULL, 0, 0, (char *)password,
  37756. (word32)XSTRLEN(password), (byte *)salt, sizeof(salt), PBKDF2_OID, WC_SHA, 5,
  37757. AES128CBCb, 0, 0, 0, "pkcs7authEnvelopedDataAES128GCM_PWRI.der");
  37758. #endif
  37759. #endif
  37760. #if !defined(NO_AES) && defined(HAVE_AESGCM)
  37761. #ifdef WOLFSSL_AES_128
  37762. /* ori (OtherRecipientInfo) recipient types */
  37763. ADD_PKCS7AUTHENVELOPEDVECTOR(
  37764. data, (word32)sizeof(data), DATA, AES128GCMb, 0, 0, NULL, 0, NULL, 0,
  37765. NULL, 0, NULL, 0, NULL, 0, 0, 0, NULL, 0, NULL, 0, NULL, NULL, 0,
  37766. NULL, 0, 0, NULL, 0, NULL, 0, 0, 0, 0, 0, 0, 1, 0,
  37767. "pkcs7authEnvelopedDataAES128GCM_ORI.der");
  37768. #endif
  37769. #endif
  37770. }
  37771. #undef MAX_TESTVECTORS_LEN
  37772. #undef ADD_PKCS7AUTHENVELOPEDVECTOR
  37773. enveloped = (byte *)XMALLOC(PKCS7_BUF_SIZE, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  37774. decoded = (byte *)XMALLOC(PKCS7_BUF_SIZE, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  37775. if ((! enveloped) || (! decoded)) {
  37776. ERROR_OUT(WC_TEST_RET_ENC_NC, out);
  37777. }
  37778. /* generate senderNonce */
  37779. {
  37780. #ifndef HAVE_FIPS
  37781. ret = wc_InitRng_ex(&rng, HEAP_HINT, devId);
  37782. #else
  37783. ret = wc_InitRng(&rng);
  37784. #endif
  37785. if (ret != 0)
  37786. ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
  37787. senderNonce[0] = 0x04;
  37788. senderNonce[1] = PKCS7_NONCE_SZ;
  37789. ret = wc_RNG_GenerateBlock(&rng, &senderNonce[2], PKCS7_NONCE_SZ);
  37790. if (ret != 0) {
  37791. wc_FreeRng(&rng);
  37792. ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
  37793. }
  37794. }
  37795. for (i = 0; i < testSz; i++) {
  37796. pkcs7 = wc_PKCS7_New(HEAP_HINT,
  37797. #ifdef WOLFSSL_ASYNC_CRYPT
  37798. INVALID_DEVID /* async PKCS7 is not supported */
  37799. #else
  37800. devId
  37801. #endif
  37802. );
  37803. if (pkcs7 == NULL) {
  37804. ERROR_OUT(WC_TEST_RET_ENC_ERRNO, out);
  37805. }
  37806. if (testVectors[i].secretKey != NULL) {
  37807. /* KEKRI recipient type */
  37808. ret = wc_PKCS7_Init(pkcs7, pkcs7->heap, pkcs7->devId);
  37809. if (ret != 0)
  37810. ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
  37811. pkcs7->content = (byte*)testVectors[i].content;
  37812. pkcs7->contentSz = testVectors[i].contentSz;
  37813. pkcs7->contentOID = testVectors[i].contentOID;
  37814. pkcs7->encryptOID = testVectors[i].encryptOID;
  37815. pkcs7->ukm = testVectors[i].optionalUkm;
  37816. pkcs7->ukmSz = testVectors[i].optionalUkmSz;
  37817. pkcs7->authAttribs = testVectors[i].authAttribs;
  37818. pkcs7->authAttribsSz = testVectors[i].authAttribsSz;
  37819. pkcs7->unauthAttribs = testVectors[i].unauthAttribs;
  37820. pkcs7->unauthAttribsSz = testVectors[i].unauthAttribsSz;
  37821. ret = wc_PKCS7_AddRecipient_KEKRI(pkcs7, testVectors[i].keyWrapOID,
  37822. testVectors[i].secretKey, testVectors[i].secretKeySz,
  37823. testVectors[i].secretKeyId, testVectors[i].secretKeyIdSz,
  37824. testVectors[i].timePtr, testVectors[i].otherAttrOID,
  37825. testVectors[i].otherAttrOIDSz, testVectors[i].otherAttr,
  37826. testVectors[i].otherAttrSz, testVectors[i].kekriOptions);
  37827. if (ret < 0) {
  37828. wc_PKCS7_Free(pkcs7);
  37829. ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
  37830. }
  37831. /* set key, for decryption */
  37832. ret = wc_PKCS7_SetKey(pkcs7, testVectors[i].secretKey,
  37833. testVectors[i].secretKeySz);
  37834. if (ret != 0) {
  37835. wc_PKCS7_Free(pkcs7);
  37836. ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
  37837. }
  37838. } else if (testVectors[i].password != NULL) {
  37839. #if !defined(NO_PWDBASED) && !defined(NO_SHA)
  37840. /* PWRI recipient type */
  37841. ret = wc_PKCS7_Init(pkcs7, pkcs7->heap, pkcs7->devId);
  37842. if (ret != 0)
  37843. ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
  37844. pkcs7->content = (byte*)testVectors[i].content;
  37845. pkcs7->contentSz = testVectors[i].contentSz;
  37846. pkcs7->contentOID = testVectors[i].contentOID;
  37847. pkcs7->encryptOID = testVectors[i].encryptOID;
  37848. pkcs7->ukm = testVectors[i].optionalUkm;
  37849. pkcs7->ukmSz = testVectors[i].optionalUkmSz;
  37850. pkcs7->authAttribs = testVectors[i].authAttribs;
  37851. pkcs7->authAttribsSz = testVectors[i].authAttribsSz;
  37852. pkcs7->unauthAttribs = testVectors[i].unauthAttribs;
  37853. pkcs7->unauthAttribsSz = testVectors[i].unauthAttribsSz;
  37854. ret = wc_PKCS7_AddRecipient_PWRI(pkcs7,
  37855. (byte*)testVectors[i].password,
  37856. testVectors[i].passwordSz, testVectors[i].salt,
  37857. testVectors[i].saltSz, testVectors[i].kdfOID,
  37858. testVectors[i].hashOID, testVectors[i].kdfIterations,
  37859. testVectors[i].kekEncryptOID, testVectors[i].pwriOptions);
  37860. if (ret < 0) {
  37861. wc_PKCS7_Free(pkcs7);
  37862. ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
  37863. }
  37864. /* set password, for decryption */
  37865. ret = wc_PKCS7_SetPassword(pkcs7, (byte*)testVectors[i].password,
  37866. testVectors[i].passwordSz);
  37867. if (ret < 0) {
  37868. wc_PKCS7_Free(pkcs7);
  37869. ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
  37870. }
  37871. #endif /* ! NO_PWDBASED && ! NO_SHA */
  37872. } else if (testVectors[i].isOri == 1) {
  37873. /* ORI recipient type */
  37874. ret = wc_PKCS7_Init(pkcs7, pkcs7->heap, pkcs7->devId);
  37875. if (ret != 0)
  37876. ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
  37877. pkcs7->content = (byte*)testVectors[i].content;
  37878. pkcs7->contentSz = testVectors[i].contentSz;
  37879. pkcs7->contentOID = testVectors[i].contentOID;
  37880. pkcs7->encryptOID = testVectors[i].encryptOID;
  37881. pkcs7->authAttribs = testVectors[i].authAttribs;
  37882. pkcs7->authAttribsSz = testVectors[i].authAttribsSz;
  37883. pkcs7->unauthAttribs = testVectors[i].unauthAttribs;
  37884. pkcs7->unauthAttribsSz = testVectors[i].unauthAttribsSz;
  37885. ret = wc_PKCS7_AddRecipient_ORI(pkcs7, myOriEncryptCb,
  37886. testVectors[i].oriOptions);
  37887. if (ret < 0) {
  37888. wc_PKCS7_Free(pkcs7);
  37889. ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
  37890. }
  37891. /* set decrypt callback for decryption */
  37892. ret = wc_PKCS7_SetOriDecryptCb(pkcs7, myOriDecryptCb);
  37893. if (ret < 0) {
  37894. wc_PKCS7_Free(pkcs7);
  37895. ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
  37896. }
  37897. } else {
  37898. /* KTRI or KARI recipient types */
  37899. ret = wc_PKCS7_InitWithCert(pkcs7, testVectors[i].cert,
  37900. (word32)testVectors[i].certSz);
  37901. if (ret != 0) {
  37902. wc_PKCS7_Free(pkcs7);
  37903. ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
  37904. }
  37905. pkcs7->keyWrapOID = testVectors[i].keyWrapOID;
  37906. pkcs7->keyAgreeOID = testVectors[i].keyAgreeOID;
  37907. pkcs7->privateKey = testVectors[i].privateKey;
  37908. pkcs7->privateKeySz = testVectors[i].privateKeySz;
  37909. pkcs7->content = (byte*)testVectors[i].content;
  37910. pkcs7->contentSz = testVectors[i].contentSz;
  37911. pkcs7->contentOID = testVectors[i].contentOID;
  37912. pkcs7->encryptOID = testVectors[i].encryptOID;
  37913. pkcs7->ukm = testVectors[i].optionalUkm;
  37914. pkcs7->ukmSz = testVectors[i].optionalUkmSz;
  37915. pkcs7->authAttribs = testVectors[i].authAttribs;
  37916. pkcs7->authAttribsSz = testVectors[i].authAttribsSz;
  37917. pkcs7->unauthAttribs = testVectors[i].unauthAttribs;
  37918. pkcs7->unauthAttribsSz = testVectors[i].unauthAttribsSz;
  37919. /* set SubjectIdentifier type for KTRI types */
  37920. if (testVectors[i].ktriOptions & CMS_SKID) {
  37921. ret = wc_PKCS7_SetSignerIdentifierType(pkcs7, CMS_SKID);
  37922. if (ret != 0) {
  37923. wc_PKCS7_Free(pkcs7);
  37924. ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
  37925. }
  37926. } else if (testVectors[i].ktriOptions &
  37927. CMS_ISSUER_AND_SERIAL_NUMBER) {
  37928. ret = wc_PKCS7_SetSignerIdentifierType(pkcs7,
  37929. CMS_ISSUER_AND_SERIAL_NUMBER);
  37930. if (ret != 0) {
  37931. wc_PKCS7_Free(pkcs7);
  37932. ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
  37933. }
  37934. }
  37935. }
  37936. #ifdef ECC_TIMING_RESISTANT
  37937. pkcs7->rng = &rng;
  37938. #endif
  37939. /* encode envelopedData */
  37940. envelopedSz = wc_PKCS7_EncodeAuthEnvelopedData(pkcs7, enveloped,
  37941. PKCS7_BUF_SIZE);
  37942. if (envelopedSz <= 0) {
  37943. wc_PKCS7_Free(pkcs7);
  37944. ERROR_OUT(WC_TEST_RET_ENC_EC(envelopedSz), out);
  37945. }
  37946. #ifndef NO_PKCS7_STREAM
  37947. { /* test reading byte by byte */
  37948. int z;
  37949. for (z = 0; z < envelopedSz; z++) {
  37950. decodedSz = wc_PKCS7_DecodeAuthEnvelopedData(pkcs7,
  37951. enveloped + z, 1, decoded, PKCS7_BUF_SIZE);
  37952. if (decodedSz <= 0 && decodedSz != WC_PKCS7_WANT_READ_E) {
  37953. printf("unexpected error %d\n", decodedSz);
  37954. ERROR_OUT(WC_TEST_RET_ENC_EC(decodedSz), out);
  37955. }
  37956. }
  37957. /* test decode result */
  37958. if (XMEMCMP(decoded, data, sizeof(data)) != 0) {
  37959. printf("stream read compare failed\n");
  37960. wc_PKCS7_Free(pkcs7);
  37961. ERROR_OUT(WC_TEST_RET_ENC_NC, out);
  37962. }
  37963. }
  37964. #endif
  37965. /* decode envelopedData */
  37966. decodedSz = wc_PKCS7_DecodeAuthEnvelopedData(pkcs7, enveloped,
  37967. envelopedSz, decoded,
  37968. PKCS7_BUF_SIZE);
  37969. if (decodedSz <= 0) {
  37970. wc_PKCS7_Free(pkcs7);
  37971. ERROR_OUT(WC_TEST_RET_ENC_EC(decodedSz), out);
  37972. }
  37973. /* test decode result */
  37974. if (XMEMCMP(decoded, data, sizeof(data)) != 0){
  37975. wc_PKCS7_Free(pkcs7);
  37976. ERROR_OUT(WC_TEST_RET_ENC_NC, out);
  37977. }
  37978. #ifdef PKCS7_OUTPUT_TEST_BUNDLES
  37979. /* output pkcs7 envelopedData for external testing */
  37980. pkcs7File = XFOPEN(testVectors[i].outFileName, "wb");
  37981. if (!pkcs7File) {
  37982. wc_PKCS7_Free(pkcs7);
  37983. ERROR_OUT(WC_TEST_RET_ENC_ERRNO, out);
  37984. }
  37985. ret = (int)XFWRITE(enveloped, 1, envelopedSz, pkcs7File);
  37986. XFCLOSE(pkcs7File);
  37987. if (ret != envelopedSz) {
  37988. wc_PKCS7_Free(pkcs7);
  37989. ERROR_OUT(WC_TEST_RET_ENC_ERRNO, out);
  37990. } else {
  37991. /* reset ret to 0 for success */
  37992. ret = 0;
  37993. }
  37994. #endif /* PKCS7_OUTPUT_TEST_BUNDLES */
  37995. wc_PKCS7_Free(pkcs7);
  37996. pkcs7 = NULL;
  37997. }
  37998. wc_FreeRng(&rng);
  37999. (void)eccCert;
  38000. (void)eccCertSz;
  38001. (void)eccPrivKey;
  38002. (void)eccPrivKeySz;
  38003. #if !defined(NO_AES) && !defined(NO_SHA) && defined(WOLFSSL_AES_128)
  38004. (void)secretKey;
  38005. (void)secretKeyId;
  38006. #endif
  38007. #ifdef NO_RSA
  38008. (void)rsaCert;
  38009. (void)rsaCertSz;
  38010. (void)rsaPrivKey;
  38011. (void)rsaPrivKeySz;
  38012. #endif
  38013. out:
  38014. if (testVectors)
  38015. XFREE(testVectors, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  38016. if (enveloped)
  38017. XFREE(enveloped, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  38018. if (decoded)
  38019. XFREE(decoded, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  38020. return ret;
  38021. }
  38022. WOLFSSL_TEST_SUBROUTINE wc_test_ret_t pkcs7authenveloped_test(void)
  38023. {
  38024. wc_test_ret_t ret = 0;
  38025. byte* rsaCert = NULL;
  38026. byte* rsaPrivKey = NULL;
  38027. word32 rsaCertSz = 0;
  38028. word32 rsaPrivKeySz = 0;
  38029. byte* eccCert = NULL;
  38030. byte* eccPrivKey = NULL;
  38031. word32 eccCertSz = 0;
  38032. word32 eccPrivKeySz = 0;
  38033. #ifndef NO_RSA
  38034. /* read client RSA cert and key in DER format */
  38035. rsaCert = (byte*)XMALLOC(FOURK_BUF, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  38036. if (rsaCert == NULL)
  38037. return WC_TEST_RET_ENC_ERRNO;
  38038. rsaPrivKey = (byte*)XMALLOC(FOURK_BUF, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  38039. if (rsaPrivKey == NULL) {
  38040. XFREE(rsaCert, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  38041. return WC_TEST_RET_ENC_NC;
  38042. }
  38043. rsaCertSz = FOURK_BUF;
  38044. rsaPrivKeySz = FOURK_BUF;
  38045. #endif /* NO_RSA */
  38046. #ifdef HAVE_ECC
  38047. /* read client ECC cert and key in DER format */
  38048. eccCert = (byte*)XMALLOC(FOURK_BUF, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  38049. if (eccCert == NULL) {
  38050. #ifndef NO_RSA
  38051. XFREE(rsaCert, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  38052. XFREE(rsaPrivKey, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  38053. #endif
  38054. return WC_TEST_RET_ENC_NC;
  38055. }
  38056. eccPrivKey =(byte*)XMALLOC(FOURK_BUF, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  38057. if (eccPrivKey == NULL) {
  38058. #ifndef NO_RSA
  38059. XFREE(rsaCert, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  38060. XFREE(rsaPrivKey, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  38061. #endif
  38062. XFREE(eccCert, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  38063. return WC_TEST_RET_ENC_NC;
  38064. }
  38065. eccCertSz = FOURK_BUF;
  38066. eccPrivKeySz = FOURK_BUF;
  38067. #endif /* HAVE_ECC */
  38068. ret = pkcs7_load_certs_keys(rsaCert, &rsaCertSz, rsaPrivKey,
  38069. &rsaPrivKeySz, NULL, NULL, NULL, NULL,
  38070. NULL, NULL, NULL, NULL, eccCert, &eccCertSz,
  38071. eccPrivKey, &eccPrivKeySz);
  38072. if (ret < 0) {
  38073. #ifndef NO_RSA
  38074. XFREE(rsaCert, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  38075. XFREE(rsaPrivKey, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  38076. #endif
  38077. #ifdef HAVE_ECC
  38078. XFREE(eccCert, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  38079. XFREE(eccPrivKey, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  38080. #endif
  38081. return WC_TEST_RET_ENC_EC(ret);
  38082. }
  38083. ret = pkcs7authenveloped_run_vectors(rsaCert, (word32)rsaCertSz,
  38084. rsaPrivKey, (word32)rsaPrivKeySz,
  38085. eccCert, (word32)eccCertSz,
  38086. eccPrivKey, (word32)eccPrivKeySz);
  38087. #ifndef NO_RSA
  38088. XFREE(rsaCert, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  38089. XFREE(rsaPrivKey, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  38090. #endif
  38091. #ifdef HAVE_ECC
  38092. XFREE(eccCert, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  38093. XFREE(eccPrivKey, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  38094. #endif
  38095. return ret;
  38096. }
  38097. #endif /* HAVE_AESGCM || HAVE_AESCCM */
  38098. #if !defined(NO_AES) && defined(HAVE_AES_CBC)
  38099. static const byte p7DefKey[] = {
  38100. 0x01,0x02,0x03,0x04,0x05,0x06,0x07,0x08,
  38101. 0x01,0x02,0x03,0x04,0x05,0x06,0x07,0x08,
  38102. 0x01,0x02,0x03,0x04,0x05,0x06,0x07,0x08,
  38103. 0x01,0x02,0x03,0x04,0x05,0x06,0x07,0x08
  38104. };
  38105. static const byte p7AltKey[] = {
  38106. 0x01,0x02,0x03,0x04,0x05,0x06,0x07,0x08,
  38107. 0x01,0x02,0x03,0x04,0x05,0x06,0x07,0x08
  38108. };
  38109. static int myCEKwrapFunc(PKCS7* pkcs7, byte* cek, word32 cekSz, byte* keyId,
  38110. word32 keyIdSz, byte* orginKey, word32 orginKeySz,
  38111. byte* out, word32 outSz, int keyWrapAlgo, int type, int direction)
  38112. {
  38113. wc_test_ret_t ret;
  38114. if (cek == NULL || out == NULL)
  38115. return BAD_FUNC_ARG;
  38116. /* test case sanity checks */
  38117. if (keyIdSz != 1) {
  38118. return WC_TEST_RET_ENC_NC;
  38119. }
  38120. if (keyId[0] != 0x00) {
  38121. return WC_TEST_RET_ENC_NC;
  38122. }
  38123. if (type != (int)PKCS7_KEKRI) {
  38124. return WC_TEST_RET_ENC_NC;
  38125. }
  38126. switch (keyWrapAlgo) {
  38127. case AES256_WRAP:
  38128. ret = wc_AesKeyUnWrap(p7DefKey, sizeof(p7DefKey), cek, cekSz,
  38129. out, outSz, NULL);
  38130. if (ret <= 0)
  38131. return (int)ret;
  38132. break;
  38133. default:
  38134. WOLFSSL_MSG("Unsupported key wrap algorithm in example");
  38135. return BAD_KEYWRAP_ALG_E;
  38136. };
  38137. (void)pkcs7;
  38138. (void)direction;
  38139. (void)orginKey; /* used with KAKRI */
  38140. (void)orginKeySz;
  38141. return (int)ret;
  38142. }
  38143. /* returns key size on success */
  38144. static wc_test_ret_t getFirmwareKey(PKCS7* pkcs7, byte* key, word32 keySz)
  38145. {
  38146. wc_test_ret_t ret;
  38147. word32 atrSz;
  38148. byte atr[256];
  38149. /* Additionally can look for fwWrappedFirmwareKey
  38150. * 1.2.840.113529.1.9.16.1.16 */
  38151. const unsigned char fwWrappedFirmwareKey[] = {
  38152. /* 0x06, 0x0B */
  38153. 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D,
  38154. 0x01, 0x09, 0x10, 0x02, 0x27
  38155. };
  38156. /* find keyID in fwWrappedFirmwareKey */
  38157. ret = wc_PKCS7_GetAttributeValue(pkcs7, fwWrappedFirmwareKey,
  38158. sizeof(fwWrappedFirmwareKey), NULL, &atrSz);
  38159. if (ret == LENGTH_ONLY_E) {
  38160. XMEMSET(atr, 0, sizeof(atr));
  38161. ret = wc_PKCS7_GetAttributeValue(pkcs7, fwWrappedFirmwareKey,
  38162. sizeof(fwWrappedFirmwareKey), atr, &atrSz);
  38163. /* keyIdRaw[0] OCTET TAG */
  38164. /* keyIdRaw[1] Length */
  38165. if (ret > 0) {
  38166. PKCS7* envPkcs7;
  38167. envPkcs7 = wc_PKCS7_New(NULL, 0);
  38168. if (envPkcs7 == NULL) {
  38169. return MEMORY_E;
  38170. }
  38171. wc_PKCS7_Init(envPkcs7, NULL, 0);
  38172. ret = wc_PKCS7_SetWrapCEKCb(envPkcs7, myCEKwrapFunc);
  38173. if (ret == 0) {
  38174. /* expecting FIRMWARE_PKG_DATA content */
  38175. envPkcs7->contentOID = FIRMWARE_PKG_DATA;
  38176. ret = wc_PKCS7_DecodeEnvelopedData(envPkcs7, atr, atrSz,
  38177. key, keySz);
  38178. if (envPkcs7->contentOID != FIRMWARE_PKG_DATA) {
  38179. /* the contentOID should have been set to the inner
  38180. * FIRMWARE_PKG_DATA content */
  38181. ret = BAD_STATE_E;
  38182. }
  38183. }
  38184. wc_PKCS7_Free(envPkcs7);
  38185. }
  38186. }
  38187. return ret;
  38188. }
  38189. /* create a KEKRI enveloped data
  38190. * return size on success */
  38191. static wc_test_ret_t envelopedData_encrypt(byte* in, word32 inSz, byte* out,
  38192. word32 outSz)
  38193. {
  38194. wc_test_ret_t ret;
  38195. PKCS7* pkcs7;
  38196. WOLFSSL_SMALL_STACK_STATIC const byte keyId[] = { 0x00 };
  38197. pkcs7 = wc_PKCS7_New(NULL, INVALID_DEVID);
  38198. if (pkcs7 == NULL)
  38199. return WC_TEST_RET_ENC_ERRNO;
  38200. pkcs7->content = in;
  38201. pkcs7->contentSz = inSz;
  38202. pkcs7->contentOID = FIRMWARE_PKG_DATA;
  38203. pkcs7->encryptOID = AES256CBCb;
  38204. pkcs7->ukm = NULL;
  38205. pkcs7->ukmSz = 0;
  38206. /* add recipient (KEKRI type) */
  38207. ret = wc_PKCS7_AddRecipient_KEKRI(pkcs7, AES256_WRAP, (byte*)p7DefKey,
  38208. sizeof(p7DefKey), (byte*)keyId,
  38209. sizeof(keyId), NULL, NULL, 0, NULL, 0, 0);
  38210. if (ret < 0) {
  38211. printf("wc_PKCS7_AddRecipient_KEKRI() failed\n");
  38212. wc_PKCS7_Free(pkcs7);
  38213. return WC_TEST_RET_ENC_EC(ret);
  38214. }
  38215. /* encode envelopedData, returns size */
  38216. ret = wc_PKCS7_EncodeEnvelopedData(pkcs7, out, outSz);
  38217. if (ret <= 0) {
  38218. printf("wc_PKCS7_EncodeEnvelopedData() failed\n");
  38219. wc_PKCS7_Free(pkcs7);
  38220. return WC_TEST_RET_ENC_EC(ret);
  38221. }
  38222. wc_PKCS7_Free(pkcs7);
  38223. return ret;
  38224. }
  38225. /*
  38226. * keyHint is the KeyID to be set in the fwDecryptKeyID attribute
  38227. * returns size of buffer output on success
  38228. */
  38229. static wc_test_ret_t generateBundle(byte* out, word32 *outSz, const byte* encryptKey,
  38230. word32 encryptKeySz, byte keyHint, byte* cert, word32 certSz,
  38231. byte* key, word32 keySz)
  38232. {
  38233. wc_test_ret_t ret;
  38234. int attribNum = 1;
  38235. PKCS7* pkcs7;
  38236. /* KEY ID
  38237. * fwDecryptKeyID OID 1.2.840.113549.1.9.16.2.37
  38238. */
  38239. const unsigned char fwDecryptKeyID[] = {
  38240. 0x06, 0x0B,
  38241. 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D,
  38242. 0x01, 0x09, 0x10, 0x02, 0x25
  38243. };
  38244. /* fwWrappedFirmwareKey 1.2.840.113529.1.9.16.1.16 */
  38245. const unsigned char fwWrappedFirmwareKey[] = {
  38246. 0x06, 0x0B, 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D,
  38247. 0x01, 0x09, 0x10, 0x02, 0x27
  38248. };
  38249. byte keyID[] = { 0x04, 0x01, 0x00 };
  38250. byte env[256];
  38251. char data[] = "Test of wolfSSL PKCS7 decrypt callback";
  38252. PKCS7Attrib attribs[] =
  38253. {
  38254. { fwDecryptKeyID, sizeof(fwDecryptKeyID), keyID, sizeof(keyID) },
  38255. { fwWrappedFirmwareKey, sizeof(fwWrappedFirmwareKey), env, 0 }
  38256. };
  38257. keyID[2] = keyHint;
  38258. /* If using keyHint 0 then create a bundle with fwWrappedFirmwareKey */
  38259. if (keyHint == 0) {
  38260. ret = envelopedData_encrypt((byte*)p7DefKey, sizeof(p7DefKey), env,
  38261. sizeof(env));
  38262. if (ret <= 0) {
  38263. return ret;
  38264. }
  38265. attribs[1].valueSz = (int)ret;
  38266. attribNum++;
  38267. }
  38268. /* init PKCS7 */
  38269. pkcs7 = wc_PKCS7_New(NULL, INVALID_DEVID);
  38270. if (pkcs7 == NULL)
  38271. return WC_TEST_RET_ENC_ERRNO;
  38272. ret = wc_PKCS7_InitWithCert(pkcs7, cert, certSz);
  38273. if (ret != 0) {
  38274. printf("ERROR: wc_PKCS7_InitWithCert() failed, ret = %d\n", ret);
  38275. wc_PKCS7_Free(pkcs7);
  38276. return WC_TEST_RET_ENC_EC(ret);
  38277. }
  38278. ret = wc_PKCS7_SetSignerIdentifierType(pkcs7, CMS_SKID);
  38279. if (ret != 0) {
  38280. wc_PKCS7_Free(pkcs7);
  38281. return WC_TEST_RET_ENC_EC(ret);
  38282. }
  38283. /* encode Signed Encrypted FirmwarePkgData */
  38284. if (encryptKeySz == 16) {
  38285. ret = wc_PKCS7_EncodeSignedEncryptedFPD(pkcs7, (byte*)encryptKey,
  38286. encryptKeySz, key, keySz, AES128CBCb, RSAk, SHA256h,
  38287. (byte*)data, sizeof(data), NULL, 0,
  38288. attribs, attribNum, out, *outSz);
  38289. }
  38290. else {
  38291. ret = wc_PKCS7_EncodeSignedEncryptedFPD(pkcs7, (byte*)encryptKey,
  38292. encryptKeySz, key, keySz, AES256CBCb, RSAk, SHA256h,
  38293. (byte*)data, sizeof(data), NULL, 0,
  38294. attribs, attribNum, out, *outSz);
  38295. }
  38296. if (ret <= 0) {
  38297. printf("ERROR: wc_PKCS7_EncodeSignedEncryptedFPD() failed, "
  38298. "ret = %d\n", ret);
  38299. wc_PKCS7_Free(pkcs7);
  38300. return WC_TEST_RET_ENC_EC(ret);
  38301. } else {
  38302. *outSz = (int)ret;
  38303. }
  38304. wc_PKCS7_Free(pkcs7);
  38305. return ret;
  38306. }
  38307. /* test verification and decryption of PKCS7 bundle
  38308. * return 0 on success
  38309. */
  38310. static wc_test_ret_t verifyBundle(byte* derBuf, word32 derSz, int keyHint)
  38311. {
  38312. wc_test_ret_t ret = 0;
  38313. int usrCtx = 1; /* test value to pass as user context to callback */
  38314. PKCS7* pkcs7 = NULL;
  38315. byte* sid = NULL;
  38316. word32 sidSz;
  38317. byte key[256];
  38318. word32 keySz = sizeof(key);
  38319. byte *decoded = NULL;
  38320. int decodedSz = FOURK_BUF/2;
  38321. WOLFSSL_SMALL_STACK_STATIC const byte expectedSid[] = {
  38322. #ifdef NO_SHA
  38323. #ifdef USE_CERT_BUFFERS_1024
  38324. 0x70, 0xe7, 0x79, 0x60, 0x8f, 0x41, 0xdc, 0xe9,
  38325. 0xad, 0x8b, 0x3d, 0x0c, 0x20, 0xf4, 0xc3, 0xf2,
  38326. 0x8e, 0x05, 0xe8, 0xa1, 0xb6, 0x68, 0x74, 0x06,
  38327. 0xbc, 0xe7, 0xc5, 0x3c, 0x13, 0x99, 0x79, 0xb9
  38328. #else
  38329. 0xce, 0x06, 0x07, 0xbe, 0xf1, 0xa6, 0x1e, 0x36,
  38330. 0xef, 0xfa, 0xbc, 0x89, 0x71, 0xf3, 0x23, 0x9e,
  38331. 0x34, 0x6d, 0xae, 0x86, 0xae, 0x2b, 0xdc, 0xf4,
  38332. 0x4a, 0x27, 0xd5, 0x63, 0x59, 0x4f, 0x4a, 0x71
  38333. #endif
  38334. #else /* !NO_SHA */
  38335. #ifdef USE_CERT_BUFFERS_1024
  38336. 0x81, 0x69, 0x0f, 0xf8, 0xdf, 0xdd, 0xcf, 0x34,
  38337. 0x29, 0xd5, 0x67, 0x75, 0x71, 0x85, 0xc7, 0x75,
  38338. 0x10, 0x69, 0x59, 0xec,
  38339. #else
  38340. 0x33, 0xD8, 0x45, 0x66, 0xD7, 0x68, 0x87, 0x18,
  38341. 0x7E, 0x54, 0x0D, 0x70, 0x27, 0x91, 0xC7, 0x26,
  38342. 0xD7, 0x85, 0x65, 0xC0
  38343. #endif
  38344. #endif /* !NO_SHA */
  38345. };
  38346. decoded = (byte *)XMALLOC(decodedSz, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  38347. if (decoded == NULL) {
  38348. ret = MEMORY_E;
  38349. goto out;
  38350. }
  38351. pkcs7 = wc_PKCS7_New(HEAP_HINT, INVALID_DEVID);
  38352. if (pkcs7 == NULL) {
  38353. ret = MEMORY_E;
  38354. goto out;
  38355. }
  38356. /* Test verify */
  38357. ret = wc_PKCS7_Init(pkcs7, HEAP_HINT, INVALID_DEVID);
  38358. if (ret != 0)
  38359. goto out;
  38360. ret = wc_PKCS7_InitWithCert(pkcs7, NULL, 0);
  38361. if (ret != 0)
  38362. goto out;
  38363. ret = wc_PKCS7_VerifySignedData(pkcs7, derBuf, derSz);
  38364. if (ret != 0)
  38365. goto out;
  38366. /* Get size of SID and print it out */
  38367. ret = wc_PKCS7_GetSignerSID(pkcs7, NULL, &sidSz);
  38368. if (ret != LENGTH_ONLY_E)
  38369. goto out;
  38370. sid = (byte*)XMALLOC(sidSz, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  38371. if (sid == NULL) {
  38372. ret = MEMORY_E;
  38373. goto out;
  38374. }
  38375. ret = wc_PKCS7_GetSignerSID(pkcs7, sid, &sidSz);
  38376. if (ret != 0)
  38377. goto out;
  38378. ret = XMEMCMP(sid, expectedSid, sidSz);
  38379. if (ret != 0) {
  38380. ret = PKCS7_NO_SIGNER_E; /* close enough */
  38381. goto out;
  38382. }
  38383. /* get expected fwWrappedFirmwareKey */
  38384. if (keyHint == 0) {
  38385. ret = getFirmwareKey(pkcs7, key, keySz);
  38386. if (ret < 0)
  38387. goto out;
  38388. pkcs7->encryptionKey = key;
  38389. pkcs7->encryptionKeySz = (int)ret;
  38390. }
  38391. else {
  38392. decodedSz = PKCS7_BUF_SIZE;
  38393. ret = wc_PKCS7_SetDecodeEncryptedCb(pkcs7, myDecryptionFunc);
  38394. if (ret != 0)
  38395. goto out;
  38396. ret = wc_PKCS7_SetDecodeEncryptedCtx(pkcs7, (void*)&usrCtx);
  38397. if (ret != 0)
  38398. goto out;
  38399. }
  38400. decodedSz = wc_PKCS7_DecodeEncryptedData(pkcs7, pkcs7->content,
  38401. pkcs7->contentSz, decoded, decodedSz);
  38402. if (decodedSz < 0) {
  38403. ret = decodedSz;
  38404. goto out;
  38405. }
  38406. ret = 0;
  38407. out:
  38408. if (decoded)
  38409. XFREE(decoded, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  38410. if (pkcs7)
  38411. wc_PKCS7_Free(pkcs7);
  38412. if (sid)
  38413. XFREE(sid, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  38414. return ret;
  38415. }
  38416. WOLFSSL_TEST_SUBROUTINE wc_test_ret_t pkcs7callback_test(byte* cert, word32 certSz, byte* key, word32 keySz)
  38417. {
  38418. wc_test_ret_t ret = 0;
  38419. word32 derSz;
  38420. byte *derBuf = (byte *)XMALLOC(FOURK_BUF, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  38421. if (! derBuf)
  38422. ERROR_OUT(WC_TEST_RET_ENC_NC, out);
  38423. /* Doing default generation and verify */
  38424. derSz = FOURK_BUF;
  38425. ret = generateBundle(derBuf, &derSz, p7DefKey, sizeof(p7DefKey), 0, cert,
  38426. certSz, key, keySz);
  38427. if (ret <= 0) {
  38428. ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
  38429. }
  38430. ret = verifyBundle(derBuf, derSz, 0);
  38431. if (ret != 0)
  38432. ERROR_OUT(ret, out);
  38433. /* test choosing other key with keyID */
  38434. derSz = FOURK_BUF;
  38435. ret = generateBundle(derBuf, &derSz, p7AltKey, sizeof(p7AltKey), 1,
  38436. cert, certSz, key, keySz);
  38437. if (ret <= 0) {
  38438. ERROR_OUT(ret, out);
  38439. }
  38440. ret = verifyBundle(derBuf, derSz, 1);
  38441. if (ret != 0)
  38442. ERROR_OUT(ret, out);
  38443. /* test fail case with wrong keyID */
  38444. derSz = FOURK_BUF;
  38445. ret = generateBundle(derBuf, &derSz, p7DefKey, sizeof(p7DefKey), 1,
  38446. cert, certSz, key, keySz);
  38447. if (ret <= 0) {
  38448. ERROR_OUT(ret, out);
  38449. }
  38450. ret = verifyBundle(derBuf, derSz, 1);
  38451. if (ret == 0) {
  38452. ERROR_OUT(WC_TEST_RET_ENC_NC, out);
  38453. }
  38454. ret = 0;
  38455. out:
  38456. if (derBuf)
  38457. XFREE(derBuf, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  38458. return ret;
  38459. }
  38460. #endif /* !NO_AES && HAVE_AES_CBC */
  38461. #ifndef NO_PKCS7_ENCRYPTED_DATA
  38462. typedef struct {
  38463. const byte* content;
  38464. word32 contentSz;
  38465. int contentOID;
  38466. int encryptOID;
  38467. byte* encryptionKey;
  38468. word32 encryptionKeySz;
  38469. PKCS7Attrib* attribs;
  38470. word32 attribsSz;
  38471. const char* outFileName;
  38472. } pkcs7EncryptedVector;
  38473. WOLFSSL_TEST_SUBROUTINE wc_test_ret_t pkcs7encrypted_test(void)
  38474. {
  38475. wc_test_ret_t ret = 0;
  38476. int i, testSz;
  38477. int encryptedSz, decodedSz, attribIdx;
  38478. PKCS7* pkcs7;
  38479. byte *encrypted;
  38480. byte *decoded;
  38481. #ifdef PKCS7_OUTPUT_TEST_BUNDLES
  38482. XFILE pkcs7File;
  38483. #endif
  38484. PKCS7Attrib* expectedAttrib;
  38485. PKCS7DecodedAttrib* decodedAttrib;
  38486. WOLFSSL_SMALL_STACK_STATIC const byte data[] = { /* Hello World */
  38487. 0x48,0x65,0x6c,0x6c,0x6f,0x20,0x57,0x6f,
  38488. 0x72,0x6c,0x64
  38489. };
  38490. #ifndef NO_DES3
  38491. byte desKey[] = {
  38492. 0x01,0x23,0x45,0x67,0x89,0xab,0xcd,0xef
  38493. };
  38494. byte des3Key[] = {
  38495. 0x01,0x23,0x45,0x67,0x89,0xab,0xcd,0xef,
  38496. 0xfe,0xde,0xba,0x98,0x76,0x54,0x32,0x10,
  38497. 0x89,0xab,0xcd,0xef,0x01,0x23,0x45,0x67
  38498. };
  38499. #endif
  38500. #if !defined(NO_AES) && defined(HAVE_AES_CBC)
  38501. #ifdef WOLFSSL_AES_128
  38502. byte aes128Key[] = {
  38503. 0x01,0x02,0x03,0x04,0x05,0x06,0x07,0x08,
  38504. 0x01,0x02,0x03,0x04,0x05,0x06,0x07,0x08
  38505. };
  38506. #endif
  38507. #ifdef WOLFSSL_AES_192
  38508. byte aes192Key[] = {
  38509. 0x01,0x02,0x03,0x04,0x05,0x06,0x07,0x08,
  38510. 0x01,0x02,0x03,0x04,0x05,0x06,0x07,0x08,
  38511. 0x01,0x02,0x03,0x04,0x05,0x06,0x07,0x08
  38512. };
  38513. #endif
  38514. #ifdef WOLFSSL_AES_256
  38515. byte aes256Key[] = {
  38516. 0x01,0x02,0x03,0x04,0x05,0x06,0x07,0x08,
  38517. 0x01,0x02,0x03,0x04,0x05,0x06,0x07,0x08,
  38518. 0x01,0x02,0x03,0x04,0x05,0x06,0x07,0x08,
  38519. 0x01,0x02,0x03,0x04,0x05,0x06,0x07,0x08
  38520. };
  38521. #endif
  38522. #ifdef WOLFSSL_AES_256
  38523. /* Attribute example from RFC 4134, Section 7.2
  38524. * OID = 1.2.5555
  38525. * OCTET STRING = 'This is a test General ASN Attribute, number 1.' */
  38526. static const byte genAttrOid[] = { 0x06, 0x03, 0x2a, 0xab, 0x33 };
  38527. static const byte genAttr[] = { 0x04, 47,
  38528. 0x54, 0x68, 0x69, 0x73, 0x20, 0x69, 0x73, 0x20,
  38529. 0x61, 0x20, 0x74, 0x65, 0x73, 0x74, 0x20, 0x47,
  38530. 0x65, 0x6e, 0x65, 0x72, 0x61, 0x6c, 0x20, 0x41,
  38531. 0x53, 0x4e, 0x20, 0x41, 0x74, 0x74, 0x72, 0x69,
  38532. 0x62, 0x75, 0x74, 0x65, 0x2c, 0x20, 0x6e, 0x75,
  38533. 0x6d, 0x62, 0x65, 0x72, 0x20, 0x31, 0x2e };
  38534. static const byte genAttrOid2[] = { 0x06, 0x03, 0x2a, 0xab, 0x34 };
  38535. static const byte genAttr2[] = { 0x04, 47,
  38536. 0x54, 0x68, 0x69, 0x73, 0x20, 0x69, 0x73, 0x20,
  38537. 0x61, 0x20, 0x74, 0x65, 0x73, 0x74, 0x20, 0x47,
  38538. 0x65, 0x6e, 0x65, 0x72, 0x61, 0x6c, 0x20, 0x41,
  38539. 0x53, 0x4e, 0x20, 0x41, 0x74, 0x74, 0x72, 0x69,
  38540. 0x62, 0x75, 0x74, 0x65, 0x2c, 0x20, 0x6e, 0x75,
  38541. 0x6d, 0x62, 0x65, 0x72, 0x20, 0x32, 0x2e };
  38542. PKCS7Attrib attribs[] =
  38543. {
  38544. { genAttrOid, sizeof(genAttrOid), genAttr, sizeof(genAttr) }
  38545. };
  38546. PKCS7Attrib multiAttribs[] =
  38547. {
  38548. { genAttrOid, sizeof(genAttrOid), genAttr, sizeof(genAttr) },
  38549. { genAttrOid2, sizeof(genAttrOid2), genAttr2, sizeof(genAttr2) }
  38550. };
  38551. #endif
  38552. #endif /* NO_AES */
  38553. const pkcs7EncryptedVector testVectors[] =
  38554. {
  38555. #ifndef NO_DES3
  38556. {data, (word32)sizeof(data), DATA, DES3b, des3Key, sizeof(des3Key),
  38557. NULL, 0, "pkcs7encryptedDataDES3.der"},
  38558. {data, (word32)sizeof(data), DATA, DESb, desKey, sizeof(desKey),
  38559. NULL, 0, "pkcs7encryptedDataDES.der"},
  38560. #endif /* NO_DES3 */
  38561. #if !defined(NO_AES) && defined(HAVE_AES_CBC)
  38562. #ifdef WOLFSSL_AES_128
  38563. {data, (word32)sizeof(data), DATA, AES128CBCb, aes128Key,
  38564. sizeof(aes128Key), NULL, 0, "pkcs7encryptedDataAES128CBC.der"},
  38565. #endif
  38566. #ifdef WOLFSSL_AES_192
  38567. {data, (word32)sizeof(data), DATA, AES192CBCb, aes192Key,
  38568. sizeof(aes192Key), NULL, 0, "pkcs7encryptedDataAES192CBC.der"},
  38569. #endif
  38570. #ifdef WOLFSSL_AES_256
  38571. {data, (word32)sizeof(data), DATA, AES256CBCb, aes256Key,
  38572. sizeof(aes256Key), NULL, 0, "pkcs7encryptedDataAES256CBC.der"},
  38573. /* test with optional unprotected attributes */
  38574. {data, (word32)sizeof(data), DATA, AES256CBCb, aes256Key,
  38575. sizeof(aes256Key), attribs, (sizeof(attribs)/sizeof(PKCS7Attrib)),
  38576. "pkcs7encryptedDataAES256CBC_attribs.der"},
  38577. /* test with multiple optional unprotected attributes */
  38578. {data, (word32)sizeof(data), DATA, AES256CBCb, aes256Key,
  38579. sizeof(aes256Key), multiAttribs,
  38580. (sizeof(multiAttribs)/sizeof(PKCS7Attrib)),
  38581. "pkcs7encryptedDataAES256CBC_multi_attribs.der"},
  38582. /* test with contentType set to FirmwarePkgData */
  38583. {data, (word32)sizeof(data), FIRMWARE_PKG_DATA, AES256CBCb, aes256Key,
  38584. sizeof(aes256Key), NULL, 0,
  38585. "pkcs7encryptedDataAES256CBC_firmwarePkgData.der"},
  38586. #endif
  38587. #endif /* !NO_AES && HAVE_AES_CBC */
  38588. };
  38589. encrypted = (byte *)XMALLOC(PKCS7_BUF_SIZE, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  38590. decoded = (byte *)XMALLOC(PKCS7_BUF_SIZE, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  38591. if ((! encrypted) || (! decoded)) {
  38592. ERROR_OUT(MEMORY_E, out);
  38593. }
  38594. testSz = sizeof(testVectors) / sizeof(pkcs7EncryptedVector);
  38595. for (i = 0; i < testSz; i++) {
  38596. pkcs7 = wc_PKCS7_New(HEAP_HINT, devId);
  38597. if (pkcs7 == NULL) {
  38598. ERROR_OUT(WC_TEST_RET_ENC_ERRNO, out);
  38599. }
  38600. pkcs7->content = (byte*)testVectors[i].content;
  38601. pkcs7->contentSz = testVectors[i].contentSz;
  38602. pkcs7->contentOID = testVectors[i].contentOID;
  38603. pkcs7->encryptOID = testVectors[i].encryptOID;
  38604. pkcs7->encryptionKey = testVectors[i].encryptionKey;
  38605. pkcs7->encryptionKeySz = testVectors[i].encryptionKeySz;
  38606. pkcs7->unprotectedAttribs = testVectors[i].attribs;
  38607. pkcs7->unprotectedAttribsSz = testVectors[i].attribsSz;
  38608. /* encode encryptedData */
  38609. encryptedSz = wc_PKCS7_EncodeEncryptedData(pkcs7, encrypted,
  38610. PKCS7_BUF_SIZE);
  38611. if (encryptedSz <= 0) {
  38612. wc_PKCS7_Free(pkcs7);
  38613. ERROR_OUT(WC_TEST_RET_ENC_EC(encryptedSz), out);
  38614. }
  38615. /* decode encryptedData */
  38616. #ifndef NO_PKCS7_STREAM
  38617. { /* test reading byte by byte */
  38618. int z;
  38619. for (z = 0; z < encryptedSz; z++) {
  38620. decodedSz = wc_PKCS7_DecodeEncryptedData(pkcs7, encrypted + z, 1,
  38621. decoded, PKCS7_BUF_SIZE);
  38622. if (decodedSz <= 0 && decodedSz != WC_PKCS7_WANT_READ_E) {
  38623. printf("unexpected error %d\n", decodedSz);
  38624. ERROR_OUT(WC_TEST_RET_ENC_EC(decodedSz), out);
  38625. }
  38626. }
  38627. /* test decode result */
  38628. if (XMEMCMP(decoded, data, sizeof(data)) != 0) {
  38629. printf("stream read failed\n");
  38630. wc_PKCS7_Free(pkcs7);
  38631. ERROR_OUT(WC_TEST_RET_ENC_NC, out);
  38632. }
  38633. }
  38634. #endif
  38635. decodedSz = wc_PKCS7_DecodeEncryptedData(pkcs7, encrypted, encryptedSz,
  38636. decoded, PKCS7_BUF_SIZE);
  38637. if (decodedSz <= 0){
  38638. wc_PKCS7_Free(pkcs7);
  38639. ERROR_OUT(WC_TEST_RET_ENC_EC(decodedSz), out);
  38640. }
  38641. /* test decode result */
  38642. if (XMEMCMP(decoded, data, sizeof(data)) != 0) {
  38643. wc_PKCS7_Free(pkcs7);
  38644. ERROR_OUT(WC_TEST_RET_ENC_NC, out);
  38645. }
  38646. /* verify decoded unprotected attributes */
  38647. if (pkcs7->decodedAttrib != NULL) {
  38648. decodedAttrib = pkcs7->decodedAttrib;
  38649. attribIdx = 1;
  38650. while (decodedAttrib != NULL) {
  38651. /* expected attribute, stored list is reversed */
  38652. expectedAttrib = &(pkcs7->unprotectedAttribs
  38653. [pkcs7->unprotectedAttribsSz - attribIdx]);
  38654. /* verify oid */
  38655. if (XMEMCMP(decodedAttrib->oid, expectedAttrib->oid,
  38656. decodedAttrib->oidSz) != 0) {
  38657. wc_PKCS7_Free(pkcs7);
  38658. ERROR_OUT(WC_TEST_RET_ENC_NC, out);
  38659. }
  38660. /* verify value */
  38661. if (XMEMCMP(decodedAttrib->value, expectedAttrib->value,
  38662. decodedAttrib->valueSz) != 0) {
  38663. wc_PKCS7_Free(pkcs7);
  38664. ERROR_OUT(WC_TEST_RET_ENC_NC, out);
  38665. }
  38666. decodedAttrib = decodedAttrib->next;
  38667. attribIdx++;
  38668. }
  38669. }
  38670. #ifdef PKCS7_OUTPUT_TEST_BUNDLES
  38671. /* output pkcs7 envelopedData for external testing */
  38672. pkcs7File = XFOPEN(testVectors[i].outFileName, "wb");
  38673. if (!pkcs7File) {
  38674. wc_PKCS7_Free(pkcs7);
  38675. ERROR_OUT(WC_TEST_RET_ENC_ERRNO, out);
  38676. }
  38677. ret = (int)XFWRITE(encrypted, encryptedSz, 1, pkcs7File);
  38678. if (ret < 0)
  38679. ret = WC_TEST_RET_ENC_ERRNO;
  38680. else
  38681. ret = 0;
  38682. XFCLOSE(pkcs7File);
  38683. #endif
  38684. wc_PKCS7_Free(pkcs7);
  38685. }
  38686. out:
  38687. if (encrypted)
  38688. XFREE(encrypted, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  38689. if (decoded)
  38690. XFREE(decoded, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  38691. return ret;
  38692. }
  38693. #endif /* NO_PKCS7_ENCRYPTED_DATA */
  38694. #if defined(HAVE_LIBZ) && !defined(NO_PKCS7_COMPRESSED_DATA)
  38695. typedef struct {
  38696. const byte* content;
  38697. word32 contentSz;
  38698. int contentOID;
  38699. const char* outFileName;
  38700. } pkcs7CompressedVector;
  38701. WOLFSSL_TEST_SUBROUTINE wc_test_ret_t pkcs7compressed_test(void)
  38702. {
  38703. wc_test_ret_t ret = 0;
  38704. int i, testSz;
  38705. int compressedSz, decodedSz;
  38706. PKCS7* pkcs7;
  38707. #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
  38708. byte *compressed;
  38709. byte *decoded;
  38710. #else
  38711. byte compressed[PKCS7_BUF_SIZE];
  38712. byte decoded[PKCS7_BUF_SIZE];
  38713. #endif
  38714. #ifdef PKCS7_OUTPUT_TEST_BUNDLES
  38715. XFILE pkcs7File;
  38716. #endif
  38717. WOLFSSL_SMALL_STACK_STATIC const byte data[] = { /* Hello World */
  38718. 0x48,0x65,0x6c,0x6c,0x6f,0x20,0x57,0x6f,
  38719. 0x72,0x6c,0x64
  38720. };
  38721. const pkcs7CompressedVector testVectors[] =
  38722. {
  38723. {data, (word32)sizeof(data), DATA,
  38724. "pkcs7compressedData_data_zlib.der"},
  38725. {data, (word32)sizeof(data), FIRMWARE_PKG_DATA,
  38726. "pkcs7compressedData_firmwarePkgData_zlib.der"},
  38727. };
  38728. #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
  38729. compressed = (byte *)XMALLOC(PKCS7_BUF_SIZE, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  38730. decoded = (byte *)XMALLOC(PKCS7_BUF_SIZE, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  38731. if ((! compressed) || (! decoded)) {
  38732. ERROR_OUT(MEMORY_E, out);
  38733. }
  38734. #endif
  38735. testSz = sizeof(testVectors) / sizeof(pkcs7CompressedVector);
  38736. for (i = 0; i < testSz; i++) {
  38737. pkcs7 = wc_PKCS7_New(HEAP_HINT, devId);
  38738. if (pkcs7 == NULL) {
  38739. ERROR_OUT(WC_TEST_RET_ENC_ERRNO, out);
  38740. }
  38741. pkcs7->content = (byte*)testVectors[i].content;
  38742. pkcs7->contentSz = testVectors[i].contentSz;
  38743. pkcs7->contentOID = testVectors[i].contentOID;
  38744. /* encode compressedData */
  38745. compressedSz = wc_PKCS7_EncodeCompressedData(pkcs7, compressed,
  38746. PKCS7_BUF_SIZE);
  38747. if (compressedSz <= 0) {
  38748. wc_PKCS7_Free(pkcs7);
  38749. ERROR_OUT(WC_TEST_RET_ENC_EC(compressedSz), out);
  38750. }
  38751. /* decode compressedData */
  38752. decodedSz = wc_PKCS7_DecodeCompressedData(pkcs7, compressed,
  38753. compressedSz, decoded,
  38754. PKCS7_BUF_SIZE);
  38755. if (decodedSz <= 0){
  38756. wc_PKCS7_Free(pkcs7);
  38757. ERROR_OUT(WC_TEST_RET_ENC_EC(decodedSz), out);
  38758. }
  38759. /* test decode result */
  38760. if (XMEMCMP(decoded, testVectors[i].content,
  38761. testVectors[i].contentSz) != 0) {
  38762. wc_PKCS7_Free(pkcs7);
  38763. ERROR_OUT(WC_TEST_RET_ENC_NC, out);
  38764. }
  38765. /* make sure content type is the same */
  38766. if (testVectors[i].contentOID != pkcs7->contentOID) {
  38767. ERROR_OUT(WC_TEST_RET_ENC_NC, out);
  38768. }
  38769. #ifdef PKCS7_OUTPUT_TEST_BUNDLES
  38770. /* output pkcs7 compressedData for external testing */
  38771. pkcs7File = XFOPEN(testVectors[i].outFileName, "wb");
  38772. if (!pkcs7File) {
  38773. wc_PKCS7_Free(pkcs7);
  38774. ERROR_OUT(WC_TEST_RET_ENC_ERRNO, out);
  38775. }
  38776. ret = (int)XFWRITE(compressed, compressedSz, 1, pkcs7File);
  38777. if (ret < 0)
  38778. ret = WC_TEST_RET_ENC_ERRNO;
  38779. else
  38780. ret = 0;
  38781. XFCLOSE(pkcs7File);
  38782. #endif
  38783. wc_PKCS7_Free(pkcs7);
  38784. }
  38785. out:
  38786. #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
  38787. if (compressed)
  38788. XFREE(compressed, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  38789. if (decoded)
  38790. XFREE(decoded, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  38791. #endif
  38792. return ret;
  38793. } /* pkcs7compressed_test() */
  38794. #undef PKCS7_BUF_SIZE
  38795. #endif /* HAVE_LIBZ */
  38796. typedef struct {
  38797. const byte* content;
  38798. word32 contentSz;
  38799. int hashOID;
  38800. int signOID;
  38801. byte* privateKey;
  38802. word32 privateKeySz;
  38803. byte* cert;
  38804. size_t certSz;
  38805. byte* caCert;
  38806. size_t caCertSz;
  38807. PKCS7Attrib* signedAttribs;
  38808. word32 signedAttribsSz;
  38809. const char* outFileName;
  38810. int contentOID;
  38811. const byte* contentType;
  38812. word32 contentTypeSz;
  38813. int sidType;
  38814. int encryptOID; /* for single-shot encrypt alg OID */
  38815. int encCompFlag; /* for single-shot. 1 = enc, 2 = comp, 3 = both*/
  38816. const byte* encryptKey; /* for single-shot, encryptedData */
  38817. word32 encryptKeySz; /* for single-shot, encryptedData */
  38818. PKCS7Attrib* unprotectedAttribs; /* for single-shot, encryptedData */
  38819. word32 unprotectedAttribsSz; /* for single-shot, encryptedData */
  38820. word16 detachedSignature; /* generate detached signature (0:1) */
  38821. } pkcs7SignedVector;
  38822. static wc_test_ret_t pkcs7signed_run_vectors(
  38823. byte* rsaClientCertBuf, word32 rsaClientCertBufSz,
  38824. byte* rsaClientPrivKeyBuf, word32 rsaClientPrivKeyBufSz,
  38825. byte* rsaServerCertBuf, word32 rsaServerCertBufSz,
  38826. byte* rsaServerPrivKeyBuf, word32 rsaServerPrivKeyBufSz,
  38827. byte* rsaCaCertBuf, word32 rsaCaCertBufSz,
  38828. byte* rsaCaPrivKeyBuf, word32 rsaCaPrivKeyBufSz,
  38829. byte* eccClientCertBuf, word32 eccClientCertBufSz,
  38830. byte* eccClientPrivKeyBuf, word32 eccClientPrivKeyBufSz)
  38831. {
  38832. wc_test_ret_t ret;
  38833. int testSz = 0, i;
  38834. int encodedSz;
  38835. byte* out = NULL;
  38836. word32 outSz;
  38837. WC_RNG rng;
  38838. PKCS7* pkcs7 = NULL;
  38839. #ifdef PKCS7_OUTPUT_TEST_BUNDLES
  38840. XFILE file;
  38841. #endif
  38842. WOLFSSL_SMALL_STACK_STATIC const byte data[] = { /* Hello World */
  38843. 0x48,0x65,0x6c,0x6c,0x6f,0x20,0x57,0x6f,
  38844. 0x72,0x6c,0x64
  38845. };
  38846. static const byte transIdOid[] =
  38847. { 0x06, 0x0a, 0x60, 0x86, 0x48, 0x01, 0x86, 0xF8, 0x45, 0x01,
  38848. 0x09, 0x07 };
  38849. static const byte messageTypeOid[] =
  38850. { 0x06, 0x0a, 0x60, 0x86, 0x48, 0x01, 0x86, 0xF8, 0x45, 0x01,
  38851. 0x09, 0x02 };
  38852. static const byte senderNonceOid[] =
  38853. { 0x06, 0x0a, 0x60, 0x86, 0x48, 0x01, 0x86, 0xF8, 0x45, 0x01,
  38854. 0x09, 0x05 };
  38855. #ifndef NO_SHA
  38856. byte transId[(WC_SHA_DIGEST_SIZE + 1) * 2 + 1];
  38857. #else
  38858. byte transId[(WC_SHA256_DIGEST_SIZE + 1) * 2 + 1];
  38859. #endif
  38860. static const byte messageType[] = { 0x13, 2, '1', '9' };
  38861. byte senderNonce[PKCS7_NONCE_SZ + 2];
  38862. PKCS7Attrib attribs[] =
  38863. {
  38864. { transIdOid, sizeof(transIdOid), transId,
  38865. sizeof(transId) - 1 }, /* take off the null */
  38866. { messageTypeOid, sizeof(messageTypeOid), messageType,
  38867. sizeof(messageType) },
  38868. { senderNonceOid, sizeof(senderNonceOid), senderNonce,
  38869. sizeof(senderNonce) }
  38870. };
  38871. /* for testing custom contentType, FirmwarePkgData */
  38872. static const byte customContentType[] = { 0x06, 0x0B, 0x2A, 0x86,
  38873. 0x48, 0x86, 0xF7, 0x0D,
  38874. 0x01, 0x09, 0x10, 0x01, 0x10 };
  38875. #define MAX_TESTVECTORS_LEN 20
  38876. #define ADD_PKCS7SIGNEDVECTOR(...) { \
  38877. const pkcs7SignedVector _this_vector = { __VA_ARGS__ }; \
  38878. if (testSz == MAX_TESTVECTORS_LEN) { \
  38879. ret = WC_TEST_RET_ENC_NC; \
  38880. goto out; \
  38881. } \
  38882. XMEMCPY(&testVectors[testSz++], &_this_vector, \
  38883. sizeof _this_vector); \
  38884. }
  38885. pkcs7SignedVector *testVectors = NULL;
  38886. XMEMSET(&rng, 0, sizeof(rng));
  38887. testVectors = (pkcs7SignedVector *)XMALLOC(MAX_TESTVECTORS_LEN * sizeof(*testVectors),
  38888. HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  38889. if (testVectors == NULL) {
  38890. ret = WC_TEST_RET_ENC_ERRNO;
  38891. goto out;
  38892. }
  38893. {
  38894. #ifndef NO_RSA
  38895. #ifndef NO_SHA
  38896. /* RSA with SHA */
  38897. ADD_PKCS7SIGNEDVECTOR(
  38898. data, (word32)sizeof(data), SHAh, RSAk, rsaClientPrivKeyBuf,
  38899. rsaClientPrivKeyBufSz, rsaClientCertBuf, rsaClientCertBufSz, NULL, 0,
  38900. attribs, (sizeof(attribs)/sizeof(PKCS7Attrib)),
  38901. "pkcs7signedData_RSA_SHA.der", 0, NULL, 0, 0, 0, 0, NULL, 0, NULL,
  38902. 0, 0);
  38903. /* RSA with SHA, no signed attributes */
  38904. ADD_PKCS7SIGNEDVECTOR(
  38905. data, (word32)sizeof(data), SHAh, RSAk, rsaClientPrivKeyBuf,
  38906. rsaClientPrivKeyBufSz, rsaClientCertBuf, rsaClientCertBufSz,
  38907. NULL, 0, NULL, 0,
  38908. "pkcs7signedData_RSA_SHA_noattr.der", 0, NULL, 0, 0, 0, 0, NULL, 0,
  38909. NULL, 0, 0);
  38910. #endif
  38911. #ifdef WOLFSSL_SHA224
  38912. /* RSA with SHA224 */
  38913. ADD_PKCS7SIGNEDVECTOR(
  38914. data, (word32)sizeof(data), SHA224h, RSAk, rsaClientPrivKeyBuf,
  38915. rsaClientPrivKeyBufSz, rsaClientCertBuf, rsaClientCertBufSz, NULL, 0,
  38916. attribs, (sizeof(attribs)/sizeof(PKCS7Attrib)),
  38917. "pkcs7signedData_RSA_SHA224.der", 0, NULL, 0, 0, 0, 0, NULL, 0,
  38918. NULL, 0, 0);
  38919. #endif
  38920. #ifndef NO_SHA256
  38921. /* RSA with SHA256 */
  38922. ADD_PKCS7SIGNEDVECTOR(
  38923. data, (word32)sizeof(data), SHA256h, RSAk, rsaClientPrivKeyBuf,
  38924. rsaClientPrivKeyBufSz, rsaClientCertBuf, rsaClientCertBufSz, NULL, 0,
  38925. attribs, (sizeof(attribs)/sizeof(PKCS7Attrib)),
  38926. "pkcs7signedData_RSA_SHA256.der", 0, NULL, 0, 0, 0, 0, NULL, 0,
  38927. NULL, 0, 0);
  38928. /* RSA with SHA256, detached signature */
  38929. ADD_PKCS7SIGNEDVECTOR(
  38930. data, (word32)sizeof(data), SHA256h, RSAk, rsaClientPrivKeyBuf,
  38931. rsaClientPrivKeyBufSz, rsaClientCertBuf, rsaClientCertBufSz, NULL, 0,
  38932. attribs, (sizeof(attribs)/sizeof(PKCS7Attrib)),
  38933. "pkcs7signedData_RSA_SHA256_detachedSig.der", 0, NULL, 0, 0, 0, 0,
  38934. NULL, 0, NULL, 0, 1);
  38935. /* RSA with SHA256 and SubjectKeyIdentifier in SignerIdentifier */
  38936. ADD_PKCS7SIGNEDVECTOR(
  38937. data, (word32)sizeof(data), SHA256h, RSAk, rsaClientPrivKeyBuf,
  38938. rsaClientPrivKeyBufSz, rsaClientCertBuf, rsaClientCertBufSz, NULL, 0,
  38939. attribs, (sizeof(attribs)/sizeof(PKCS7Attrib)),
  38940. "pkcs7signedData_RSA_SHA256_SKID.der", 0, NULL, 0, CMS_SKID, 0, 0,
  38941. NULL, 0, NULL, 0, 0);
  38942. /* RSA with SHA256 and custom contentType */
  38943. ADD_PKCS7SIGNEDVECTOR(
  38944. data, (word32)sizeof(data), SHA256h, RSAk, rsaClientPrivKeyBuf,
  38945. rsaClientPrivKeyBufSz, rsaClientCertBuf, rsaClientCertBufSz, NULL, 0,
  38946. attribs, (sizeof(attribs)/sizeof(PKCS7Attrib)),
  38947. "pkcs7signedData_RSA_SHA256_custom_contentType.der", 0,
  38948. customContentType, sizeof(customContentType), 0, 0, 0, NULL, 0,
  38949. NULL, 0, 0);
  38950. /* RSA with SHA256 and FirmwarePkgData contentType */
  38951. ADD_PKCS7SIGNEDVECTOR(
  38952. data, (word32)sizeof(data), SHA256h, RSAk, rsaClientPrivKeyBuf,
  38953. rsaClientPrivKeyBufSz, rsaClientCertBuf, rsaClientCertBufSz, NULL, 0,
  38954. attribs, (sizeof(attribs)/sizeof(PKCS7Attrib)),
  38955. "pkcs7signedData_RSA_SHA256_firmwarePkgData.der",
  38956. FIRMWARE_PKG_DATA, NULL, 0, 0, 0, 0, NULL, 0, NULL, 0, 0);
  38957. /* RSA with SHA256 using server cert and ca cert */
  38958. ADD_PKCS7SIGNEDVECTOR(
  38959. data, (word32)sizeof(data), SHA256h, RSAk, rsaServerPrivKeyBuf,
  38960. rsaServerPrivKeyBufSz, rsaServerCertBuf, rsaServerCertBufSz,
  38961. rsaCaCertBuf, rsaCaCertBufSz,
  38962. attribs, (sizeof(attribs)/sizeof(PKCS7Attrib)),
  38963. "pkcs7signedData_RSA_SHA256_with_ca_cert.der", 0, NULL, 0, 0, 0, 0,
  38964. NULL, 0, NULL, 0, 0);
  38965. #endif
  38966. #if defined(WOLFSSL_SHA384)
  38967. /* RSA with SHA384 */
  38968. ADD_PKCS7SIGNEDVECTOR(
  38969. data, (word32)sizeof(data), SHA384h, RSAk, rsaClientPrivKeyBuf,
  38970. rsaClientPrivKeyBufSz, rsaClientCertBuf, rsaClientCertBufSz, NULL, 0,
  38971. attribs, (sizeof(attribs)/sizeof(PKCS7Attrib)),
  38972. "pkcs7signedData_RSA_SHA384.der", 0, NULL, 0, 0, 0, 0, NULL, 0,
  38973. NULL, 0, 0);
  38974. #endif
  38975. #if defined(WOLFSSL_SHA512)
  38976. /* RSA with SHA512 */
  38977. ADD_PKCS7SIGNEDVECTOR(
  38978. data, (word32)sizeof(data), SHA512h, RSAk, rsaClientPrivKeyBuf,
  38979. rsaClientPrivKeyBufSz, rsaClientCertBuf, rsaClientCertBufSz, NULL, 0,
  38980. attribs, (sizeof(attribs)/sizeof(PKCS7Attrib)),
  38981. "pkcs7signedData_RSA_SHA512.der", 0, NULL, 0, 0, 0, 0, NULL, 0,
  38982. NULL, 0, 0);
  38983. #endif
  38984. #endif /* NO_RSA */
  38985. #ifdef HAVE_ECC
  38986. #ifndef NO_SHA
  38987. /* ECDSA with SHA */
  38988. ADD_PKCS7SIGNEDVECTOR(
  38989. data, (word32)sizeof(data), SHAh, ECDSAk, eccClientPrivKeyBuf,
  38990. eccClientPrivKeyBufSz, eccClientCertBuf, eccClientCertBufSz, NULL, 0,
  38991. attribs, (sizeof(attribs)/sizeof(PKCS7Attrib)),
  38992. "pkcs7signedData_ECDSA_SHA.der", 0, NULL, 0, 0, 0, 0, NULL, 0,
  38993. NULL, 0, 0);
  38994. /* ECDSA with SHA, no signed attributes */
  38995. ADD_PKCS7SIGNEDVECTOR(
  38996. data, (word32)sizeof(data), SHAh, ECDSAk, eccClientPrivKeyBuf,
  38997. eccClientPrivKeyBufSz, eccClientCertBuf, eccClientCertBufSz,
  38998. NULL, 0, NULL, 0,
  38999. "pkcs7signedData_ECDSA_SHA_noattr.der", 0, NULL, 0, 0, 0, 0, NULL, 0,
  39000. NULL, 0, 0);
  39001. #endif
  39002. #ifdef WOLFSSL_SHA224
  39003. /* ECDSA with SHA224 */
  39004. ADD_PKCS7SIGNEDVECTOR(
  39005. data, (word32)sizeof(data), SHA224h, ECDSAk, eccClientPrivKeyBuf,
  39006. eccClientPrivKeyBufSz, eccClientCertBuf, eccClientCertBufSz, NULL, 0,
  39007. attribs, (sizeof(attribs)/sizeof(PKCS7Attrib)),
  39008. "pkcs7signedData_ECDSA_SHA224.der", 0, NULL, 0, 0, 0, 0, NULL, 0,
  39009. NULL, 0, 0);
  39010. #endif
  39011. #ifndef NO_SHA256
  39012. /* ECDSA with SHA256 */
  39013. ADD_PKCS7SIGNEDVECTOR(
  39014. data, (word32)sizeof(data), SHA256h, ECDSAk, eccClientPrivKeyBuf,
  39015. eccClientPrivKeyBufSz, eccClientCertBuf, eccClientCertBufSz, NULL, 0,
  39016. attribs, (sizeof(attribs)/sizeof(PKCS7Attrib)),
  39017. "pkcs7signedData_ECDSA_SHA256.der", 0, NULL, 0, 0, 0, 0, NULL, 0,
  39018. NULL, 0, 0);
  39019. /* ECDSA with SHA256 and SubjectKeyIdentifier in SigherIdentifier */
  39020. ADD_PKCS7SIGNEDVECTOR(
  39021. data, (word32)sizeof(data), SHA256h, ECDSAk, eccClientPrivKeyBuf,
  39022. eccClientPrivKeyBufSz, eccClientCertBuf, eccClientCertBufSz, NULL, 0,
  39023. attribs, (sizeof(attribs)/sizeof(PKCS7Attrib)),
  39024. "pkcs7signedData_ECDSA_SHA256_SKID.der", 0, NULL, 0, CMS_SKID, 0, 0,
  39025. NULL, 0, NULL, 0, 0);
  39026. /* ECDSA with SHA256 and custom contentType */
  39027. ADD_PKCS7SIGNEDVECTOR(
  39028. data, (word32)sizeof(data), SHA256h, ECDSAk, eccClientPrivKeyBuf,
  39029. eccClientPrivKeyBufSz, eccClientCertBuf, eccClientCertBufSz, NULL, 0,
  39030. attribs, (sizeof(attribs)/sizeof(PKCS7Attrib)),
  39031. "pkcs7signedData_ECDSA_SHA256_custom_contentType.der", 0,
  39032. customContentType, sizeof(customContentType), 0, 0, 0, NULL, 0,
  39033. NULL, 0, 0);
  39034. /* ECDSA with SHA256 and FirmwarePkgData contentType */
  39035. ADD_PKCS7SIGNEDVECTOR(
  39036. data, (word32)sizeof(data), SHA256h, ECDSAk, eccClientPrivKeyBuf,
  39037. eccClientPrivKeyBufSz, eccClientCertBuf, eccClientCertBufSz, NULL, 0,
  39038. attribs, (sizeof(attribs)/sizeof(PKCS7Attrib)),
  39039. "pkcs7signedData_ECDSA_SHA256_firmwarePkgData.der",
  39040. FIRMWARE_PKG_DATA, NULL, 0, 0, 0, 0, NULL, 0, NULL, 0, 0);
  39041. #endif
  39042. #ifdef WOLFSSL_SHA384
  39043. /* ECDSA with SHA384 */
  39044. ADD_PKCS7SIGNEDVECTOR(
  39045. data, (word32)sizeof(data), SHA384h, ECDSAk, eccClientPrivKeyBuf,
  39046. eccClientPrivKeyBufSz, eccClientCertBuf, eccClientCertBufSz, NULL, 0,
  39047. attribs, (sizeof(attribs)/sizeof(PKCS7Attrib)),
  39048. "pkcs7signedData_ECDSA_SHA384.der", 0, NULL, 0, 0, 0, 0, NULL, 0,
  39049. NULL, 0, 0);
  39050. #endif
  39051. #ifdef WOLFSSL_SHA512
  39052. /* ECDSA with SHA512 */
  39053. ADD_PKCS7SIGNEDVECTOR(
  39054. data, (word32)sizeof(data), SHA512h, ECDSAk, eccClientPrivKeyBuf,
  39055. eccClientPrivKeyBufSz, eccClientCertBuf, eccClientCertBufSz, NULL, 0,
  39056. attribs, (sizeof(attribs)/sizeof(PKCS7Attrib)),
  39057. "pkcs7signedData_ECDSA_SHA512.der", 0, NULL, 0, 0, 0, 0, NULL, 0,
  39058. NULL, 0, 0);
  39059. #endif
  39060. #endif /* HAVE_ECC */
  39061. };
  39062. #undef MAX_TESTVECTORS_LEN
  39063. #undef ADD_PKCS7SIGNEDVECTOR
  39064. outSz = FOURK_BUF;
  39065. out = (byte*)XMALLOC(outSz, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  39066. if (out == NULL)
  39067. ERROR_OUT(WC_TEST_RET_ENC_ERRNO, out);
  39068. XMEMSET(out, 0, outSz);
  39069. ret = wc_PKCS7_PadData((byte*)data, sizeof(data), out, outSz, 16);
  39070. if (ret < 0)
  39071. ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
  39072. #ifndef HAVE_FIPS
  39073. ret = wc_InitRng_ex(&rng, HEAP_HINT, devId);
  39074. #else
  39075. ret = wc_InitRng(&rng);
  39076. #endif
  39077. if (ret != 0)
  39078. ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
  39079. for (i = 0; i < testSz; i++) {
  39080. if (pkcs7)
  39081. wc_PKCS7_Free(pkcs7);
  39082. pkcs7 = wc_PKCS7_New(HEAP_HINT, devId);
  39083. if (pkcs7 == NULL)
  39084. ERROR_OUT(WC_TEST_RET_ENC_ERRNO, out);
  39085. ret = wc_PKCS7_InitWithCert(pkcs7, testVectors[i].cert,
  39086. (word32)testVectors[i].certSz);
  39087. if (ret != 0)
  39088. ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
  39089. /* load CA certificate, if present */
  39090. if (testVectors[i].caCert != NULL) {
  39091. ret = wc_PKCS7_AddCertificate(pkcs7, testVectors[i].caCert,
  39092. (word32)testVectors[i].caCertSz);
  39093. if (ret != 0)
  39094. ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
  39095. }
  39096. pkcs7->rng = &rng;
  39097. pkcs7->content = (byte*)testVectors[i].content;
  39098. pkcs7->contentSz = testVectors[i].contentSz;
  39099. pkcs7->contentOID = testVectors[i].contentOID;
  39100. pkcs7->hashOID = testVectors[i].hashOID;
  39101. pkcs7->encryptOID = testVectors[i].signOID;
  39102. pkcs7->privateKey = testVectors[i].privateKey;
  39103. pkcs7->privateKeySz = testVectors[i].privateKeySz;
  39104. pkcs7->signedAttribs = testVectors[i].signedAttribs;
  39105. pkcs7->signedAttribsSz = testVectors[i].signedAttribsSz;
  39106. /* optional custom contentType, default is DATA,
  39107. overrides contentOID if set */
  39108. if (testVectors[i].contentType != NULL) {
  39109. ret = wc_PKCS7_SetContentType(pkcs7,
  39110. (byte *)testVectors[i].contentType,
  39111. testVectors[i].contentTypeSz);
  39112. if (ret != 0)
  39113. ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
  39114. }
  39115. /* set SignerIdentifier to use SubjectKeyIdentifier if desired,
  39116. default is IssuerAndSerialNumber */
  39117. if (testVectors[i].sidType == CMS_SKID) {
  39118. ret = wc_PKCS7_SetSignerIdentifierType(pkcs7, CMS_SKID);
  39119. if (ret != 0)
  39120. ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
  39121. }
  39122. /* generate senderNonce */
  39123. {
  39124. senderNonce[0] = 0x04;
  39125. senderNonce[1] = PKCS7_NONCE_SZ;
  39126. ret = wc_RNG_GenerateBlock(&rng, &senderNonce[2], PKCS7_NONCE_SZ);
  39127. if (ret != 0)
  39128. ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
  39129. }
  39130. /* generate transactionID (used with SCEP) */
  39131. {
  39132. #ifndef NO_SHA
  39133. wc_Sha sha;
  39134. byte digest[WC_SHA_DIGEST_SIZE];
  39135. #else
  39136. wc_Sha256 sha;
  39137. byte digest[WC_SHA256_DIGEST_SIZE];
  39138. #endif
  39139. int j,k;
  39140. transId[0] = 0x13;
  39141. transId[1] = sizeof(digest) * 2;
  39142. #ifndef NO_SHA
  39143. ret = wc_InitSha_ex(&sha, HEAP_HINT, devId);
  39144. if (ret != 0)
  39145. ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
  39146. wc_ShaUpdate(&sha, pkcs7->publicKey, pkcs7->publicKeySz);
  39147. wc_ShaFinal(&sha, digest);
  39148. wc_ShaFree(&sha);
  39149. #else
  39150. ret = wc_InitSha256_ex(&sha, HEAP_HINT, devId);
  39151. if (ret != 0)
  39152. ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
  39153. wc_Sha256Update(&sha, pkcs7->publicKey, pkcs7->publicKeySz);
  39154. wc_Sha256Final(&sha, digest);
  39155. wc_Sha256Free(&sha);
  39156. #endif
  39157. for (j = 0, k = 2; j < (int)sizeof(digest); j++, k += 2) {
  39158. #if defined(WOLF_C89)
  39159. XSPRINTF((char*)&transId[k], "%02x", digest[j]);
  39160. #else
  39161. (void)XSNPRINTF((char*)&transId[k], 3, "%02x", digest[j]);
  39162. #endif
  39163. }
  39164. }
  39165. /* enable detached signature generation, if set */
  39166. if (testVectors[i].detachedSignature == 1) {
  39167. ret = wc_PKCS7_SetDetached(pkcs7, 1);
  39168. if (ret != 0)
  39169. ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
  39170. }
  39171. encodedSz = wc_PKCS7_EncodeSignedData(pkcs7, out, outSz);
  39172. if (encodedSz < 0)
  39173. ERROR_OUT(WC_TEST_RET_ENC_EC(encodedSz), out);
  39174. #ifdef PKCS7_OUTPUT_TEST_BUNDLES
  39175. /* write PKCS#7 to output file for more testing */
  39176. file = XFOPEN(testVectors[i].outFileName, "wb");
  39177. if (!file) {
  39178. ERROR_OUT(WC_TEST_RET_ENC_ERRNO, out);
  39179. }
  39180. ret = (int)XFWRITE(out, 1, encodedSz, file);
  39181. XFCLOSE(file);
  39182. if (ret != (int)encodedSz)
  39183. ERROR_OUT(WC_TEST_RET_ENC_ERRNO, out);
  39184. #endif /* PKCS7_OUTPUT_TEST_BUNDLES */
  39185. wc_PKCS7_Free(pkcs7);
  39186. pkcs7 = wc_PKCS7_New(HEAP_HINT, devId);
  39187. if (pkcs7 == NULL)
  39188. ERROR_OUT(WC_TEST_RET_ENC_ERRNO, out);
  39189. wc_PKCS7_InitWithCert(pkcs7, NULL, 0);
  39190. if (testVectors[i].detachedSignature == 1) {
  39191. /* set content for verifying detached signatures */
  39192. pkcs7->content = (byte*)testVectors[i].content;
  39193. pkcs7->contentSz = testVectors[i].contentSz;
  39194. }
  39195. ret = wc_PKCS7_VerifySignedData(pkcs7, out, outSz);
  39196. if (ret < 0)
  39197. ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
  39198. /* verify contentType extracted successfully for custom content types */
  39199. if (testVectors[i].contentTypeSz > 0) {
  39200. if (pkcs7->contentTypeSz != testVectors[i].contentTypeSz) {
  39201. ERROR_OUT(WC_TEST_RET_ENC_NC, out);
  39202. } else if (XMEMCMP(pkcs7->contentType, testVectors[i].contentType,
  39203. pkcs7->contentTypeSz) != 0) {
  39204. ERROR_OUT(WC_TEST_RET_ENC_NC, out);
  39205. }
  39206. }
  39207. if (pkcs7->singleCert == NULL || pkcs7->singleCertSz == 0)
  39208. ERROR_OUT(WC_TEST_RET_ENC_NC, out);
  39209. {
  39210. /* check getting signed attributes */
  39211. #ifndef NO_SHA
  39212. byte buf[(WC_SHA_DIGEST_SIZE + 1) * 2 + 1];
  39213. #else
  39214. byte buf[(WC_SHA256_DIGEST_SIZE + 1) * 2 + 1];
  39215. #endif
  39216. const byte* oidPt = transIdOid + 2; /* skip object id tag and size */
  39217. int oidSz = (int)sizeof(transIdOid) - 2;
  39218. int bufSz = 0;
  39219. if (testVectors[i].signedAttribs != NULL) {
  39220. ret = wc_PKCS7_GetAttributeValue(pkcs7, oidPt, oidSz,
  39221. NULL, (word32*)&bufSz);
  39222. if (ret != LENGTH_ONLY_E)
  39223. ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
  39224. ret = 0;
  39225. }
  39226. if (bufSz > (int)sizeof(buf))
  39227. ERROR_OUT(WC_TEST_RET_ENC_NC, out);
  39228. bufSz = wc_PKCS7_GetAttributeValue(pkcs7, oidPt, oidSz,
  39229. buf, (word32*)&bufSz);
  39230. if ((testVectors[i].signedAttribs != NULL && bufSz < 0) ||
  39231. (testVectors[i].signedAttribs == NULL && bufSz > 0))
  39232. ERROR_OUT(WC_TEST_RET_ENC_NC, out);
  39233. }
  39234. #ifdef PKCS7_OUTPUT_TEST_BUNDLES
  39235. file = XFOPEN("./pkcs7cert.der", "wb");
  39236. if (!file)
  39237. ERROR_OUT(WC_TEST_RET_ENC_ERRNO, out);
  39238. ret = (int)XFWRITE(pkcs7->singleCert, 1, pkcs7->singleCertSz, file);
  39239. if (ret < 0)
  39240. ret = WC_TEST_RET_ENC_ERRNO;
  39241. else
  39242. ret = 0;
  39243. XFCLOSE(file);
  39244. #endif /* PKCS7_OUTPUT_TEST_BUNDLES */
  39245. }
  39246. out:
  39247. if (pkcs7 != NULL)
  39248. wc_PKCS7_Free(pkcs7);
  39249. if (out != NULL)
  39250. XFREE(out, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  39251. if (testVectors != NULL)
  39252. XFREE(testVectors, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  39253. wc_FreeRng(&rng);
  39254. if (ret > 0)
  39255. return 0;
  39256. (void)rsaClientCertBuf;
  39257. (void)rsaClientCertBufSz;
  39258. (void)rsaClientPrivKeyBuf;
  39259. (void)rsaClientPrivKeyBufSz;
  39260. (void)rsaServerCertBuf;
  39261. (void)rsaServerCertBufSz;
  39262. (void)rsaServerPrivKeyBuf;
  39263. (void)rsaServerPrivKeyBufSz;
  39264. (void)rsaCaCertBuf;
  39265. (void)rsaCaCertBufSz;
  39266. (void)rsaCaPrivKeyBuf;
  39267. (void)rsaCaPrivKeyBufSz;
  39268. (void)eccClientCertBuf;
  39269. (void)eccClientCertBufSz;
  39270. (void)eccClientPrivKeyBuf;
  39271. (void)eccClientPrivKeyBufSz;
  39272. return ret;
  39273. }
  39274. static wc_test_ret_t pkcs7signed_run_SingleShotVectors(
  39275. byte* rsaClientCertBuf, word32 rsaClientCertBufSz,
  39276. byte* rsaClientPrivKeyBuf, word32 rsaClientPrivKeyBufSz,
  39277. byte* rsaServerCertBuf, word32 rsaServerCertBufSz,
  39278. byte* rsaServerPrivKeyBuf, word32 rsaServerPrivKeyBufSz,
  39279. byte* rsaCaCertBuf, word32 rsaCaCertBufSz,
  39280. byte* rsaCaPrivKeyBuf, word32 rsaCaPrivKeyBufSz,
  39281. byte* eccClientCertBuf, word32 eccClientCertBufSz,
  39282. byte* eccClientPrivKeyBuf, word32 eccClientPrivKeyBufSz)
  39283. {
  39284. wc_test_ret_t ret;
  39285. int testSz = 0, i;
  39286. int encodedSz;
  39287. byte* out = NULL;
  39288. word32 outSz;
  39289. WC_RNG rng;
  39290. PKCS7* pkcs7 = NULL;
  39291. #ifdef PKCS7_OUTPUT_TEST_BUNDLES
  39292. XFILE file;
  39293. #endif
  39294. #if defined(HAVE_LIBZ) && !defined(NO_PKCS7_COMPRESSED_DATA) && \
  39295. !defined(NO_PKCS7_ENCRYPTED_DATA)
  39296. byte* encryptedTmp = NULL;
  39297. int encryptedTmpSz;
  39298. #endif
  39299. WOLFSSL_SMALL_STACK_STATIC const byte data[] = { /* Hello World */
  39300. 0x48,0x65,0x6c,0x6c,0x6f,0x20,0x57,0x6f,
  39301. 0x72,0x6c,0x64
  39302. };
  39303. #if !defined(NO_PKCS7_ENCRYPTED_DATA) && \
  39304. defined(HAVE_AES_CBC) && defined(WOLFSSL_AES_256)
  39305. static const byte aes256Key[] = {
  39306. 0x01,0x02,0x03,0x04,0x05,0x06,0x07,0x08,
  39307. 0x01,0x02,0x03,0x04,0x05,0x06,0x07,0x08,
  39308. 0x01,0x02,0x03,0x04,0x05,0x06,0x07,0x08,
  39309. 0x01,0x02,0x03,0x04,0x05,0x06,0x07,0x08
  39310. };
  39311. #endif
  39312. static const byte messageTypeOid[] =
  39313. { 0x06, 0x0a, 0x60, 0x86, 0x48, 0x01, 0x86, 0xF8, 0x45, 0x01,
  39314. 0x09, 0x02 };
  39315. static const byte messageType[] = { 0x13, 2, '1', '9' };
  39316. PKCS7Attrib attribs[] =
  39317. {
  39318. { messageTypeOid, sizeof(messageTypeOid), messageType,
  39319. sizeof(messageType) },
  39320. };
  39321. #define MAX_TESTVECTORS_LEN 19
  39322. #define ADD_PKCS7SIGNEDVECTOR(...) { \
  39323. pkcs7SignedVector _this_vector = { __VA_ARGS__ }; \
  39324. if (testSz == MAX_TESTVECTORS_LEN) { \
  39325. ret = WC_TEST_RET_ENC_NC; \
  39326. goto out; \
  39327. } \
  39328. XMEMCPY(&testVectors[testSz++], &_this_vector, \
  39329. sizeof _this_vector); \
  39330. }
  39331. pkcs7SignedVector *testVectors = NULL;
  39332. XMEMSET(&rng, 0, sizeof(rng));
  39333. testVectors = (pkcs7SignedVector *)XMALLOC(MAX_TESTVECTORS_LEN * sizeof(*testVectors),
  39334. HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  39335. if (testVectors == NULL) {
  39336. ret = WC_TEST_RET_ENC_ERRNO;
  39337. goto out;
  39338. }
  39339. {
  39340. #ifndef NO_RSA
  39341. #ifndef NO_SHA256
  39342. /* Signed FirmwarePkgData, RSA, SHA256, no attribs */
  39343. ADD_PKCS7SIGNEDVECTOR(
  39344. data, (word32)sizeof(data), SHA256h, RSAk, rsaClientPrivKeyBuf,
  39345. rsaClientPrivKeyBufSz, rsaClientCertBuf, rsaClientCertBufSz, NULL, 0,
  39346. NULL, 0,
  39347. "pkcs7signedFirmwarePkgData_RSA_SHA256_noattr.der", 0, NULL, 0, 0,
  39348. 0, 0, NULL, 0, NULL, 0, 0);
  39349. /* Signed FirmwarePkgData, RSA, SHA256, attrs */
  39350. ADD_PKCS7SIGNEDVECTOR(
  39351. data, (word32)sizeof(data), SHA256h, RSAk, rsaClientPrivKeyBuf,
  39352. rsaClientPrivKeyBufSz, rsaClientCertBuf, rsaClientCertBufSz, NULL, 0,
  39353. attribs, (sizeof(attribs)/sizeof(PKCS7Attrib)),
  39354. "pkcs7signedFirmwarePkgData_RSA_SHA256.der", 0, NULL, 0, 0, 0, 0,
  39355. NULL, 0, NULL, 0, 0);
  39356. /* Signed FirmwarePkgData, RSA, SHA256, SubjectKeyIdentifier, attrs */
  39357. ADD_PKCS7SIGNEDVECTOR(
  39358. data, (word32)sizeof(data), SHA256h, RSAk, rsaClientPrivKeyBuf,
  39359. rsaClientPrivKeyBufSz, rsaClientCertBuf, rsaClientCertBufSz, NULL, 0,
  39360. attribs, (sizeof(attribs)/sizeof(PKCS7Attrib)),
  39361. "pkcs7signedFirmwarePkgData_RSA_SHA256_SKID.der", 0, NULL,
  39362. 0, CMS_SKID, 0, 0, NULL, 0, NULL, 0, 0);
  39363. /* Signed FirmwraePkgData, RSA, SHA256, server cert and ca cert, attr */
  39364. ADD_PKCS7SIGNEDVECTOR(
  39365. data, (word32)sizeof(data), SHA256h, RSAk, rsaServerPrivKeyBuf,
  39366. rsaServerPrivKeyBufSz, rsaServerCertBuf, rsaServerCertBufSz,
  39367. rsaCaCertBuf, rsaCaCertBufSz,
  39368. attribs, (sizeof(attribs)/sizeof(PKCS7Attrib)),
  39369. "pkcs7signedFirmwarePkgData_RSA_SHA256_with_ca_cert.der", 0, NULL,
  39370. 0, 0, 0, 0, NULL, 0, NULL, 0, 0);
  39371. #if !defined(NO_PKCS7_ENCRYPTED_DATA) && \
  39372. defined(HAVE_AES_CBC) && defined(WOLFSSL_AES_256)
  39373. /* Signed Encrypted FirmwarePkgData, RSA, SHA256, no attribs */
  39374. ADD_PKCS7SIGNEDVECTOR(
  39375. data, (word32)sizeof(data), SHA256h, RSAk, rsaClientPrivKeyBuf,
  39376. rsaClientPrivKeyBufSz, rsaClientCertBuf, rsaClientCertBufSz, NULL, 0,
  39377. NULL, 0,
  39378. "pkcs7signedEncryptedFirmwarePkgData_RSA_SHA256_noattr.der", 0,
  39379. NULL, 0, 0, AES256CBCb, 1, aes256Key, sizeof(aes256Key), NULL, 0, 0);
  39380. /* Signed Encrypted FirmwarePkgData, RSA, SHA256, attribs */
  39381. ADD_PKCS7SIGNEDVECTOR(
  39382. data, (word32)sizeof(data), SHA256h, RSAk, rsaClientPrivKeyBuf,
  39383. rsaClientPrivKeyBufSz, rsaClientCertBuf, rsaClientCertBufSz, NULL, 0,
  39384. attribs, (sizeof(attribs)/sizeof(PKCS7Attrib)),
  39385. "pkcs7signedEncryptedFirmwarePkgData_RSA_SHA256.der", 0,
  39386. NULL, 0, 0, AES256CBCb, 1, aes256Key, sizeof(aes256Key),
  39387. attribs, (sizeof(attribs)/sizeof(PKCS7Attrib)), 0);
  39388. #endif /* WOLFSSL_AES_256 && !NO_PKCS7_ENCRYPTED_DATA */
  39389. #if defined(HAVE_LIBZ) && !defined(NO_PKCS7_COMPRESSED_DATA)
  39390. /* Signed Compressed FirmwarePkgData, RSA, SHA256, no attribs */
  39391. ADD_PKCS7SIGNEDVECTOR(
  39392. data, (word32)sizeof(data), SHA256h, RSAk, rsaClientPrivKeyBuf,
  39393. rsaClientPrivKeyBufSz, rsaClientCertBuf, rsaClientCertBufSz, NULL, 0,
  39394. NULL, 0,
  39395. "pkcs7signedCompressedFirmwarePkgData_RSA_SHA256_noattr.der", 0,
  39396. NULL, 0, 0, 0, 2, NULL, 0, NULL, 0, 0);
  39397. /* Signed Compressed FirmwarePkgData, RSA, SHA256, attribs */
  39398. ADD_PKCS7SIGNEDVECTOR(
  39399. data, (word32)sizeof(data), SHA256h, RSAk, rsaClientPrivKeyBuf,
  39400. rsaClientPrivKeyBufSz, rsaClientCertBuf, rsaClientCertBufSz, NULL, 0,
  39401. attribs, (sizeof(attribs)/sizeof(PKCS7Attrib)),
  39402. "pkcs7signedCompressedFirmwarePkgData_RSA_SHA256.der", 0,
  39403. NULL, 0, 0, 0, 2, NULL, 0, NULL, 0, 0);
  39404. #ifndef NO_PKCS7_ENCRYPTED_DATA
  39405. /* Signed Encrypted Compressed FirmwarePkgData, RSA, SHA256,
  39406. no attribs */
  39407. ADD_PKCS7SIGNEDVECTOR(
  39408. data, (word32)sizeof(data), SHA256h, RSAk, rsaClientPrivKeyBuf,
  39409. rsaClientPrivKeyBufSz, rsaClientCertBuf, rsaClientCertBufSz, NULL, 0,
  39410. NULL, 0,
  39411. "pkcs7signedEncryptedCompressedFirmwarePkgData_RSA_SHA256_noattr.der",
  39412. 0, NULL, 0, 0, AES256CBCb, 3, aes256Key, sizeof(aes256Key), NULL,
  39413. 0, 0);
  39414. /* Signed Encrypted Compressed FirmwarePkgData, RSA, SHA256,
  39415. attribs */
  39416. ADD_PKCS7SIGNEDVECTOR(
  39417. data, (word32)sizeof(data), SHA256h, RSAk, rsaClientPrivKeyBuf,
  39418. rsaClientPrivKeyBufSz, rsaClientCertBuf, rsaClientCertBufSz, NULL, 0,
  39419. attribs, (sizeof(attribs)/sizeof(PKCS7Attrib)),
  39420. "pkcs7signedEncryptedCompressedFirmwarePkgData_RSA_SHA256.der",
  39421. 0, NULL, 0, 0, AES256CBCb, 3, aes256Key, sizeof(aes256Key),
  39422. attribs, (sizeof(attribs)/sizeof(PKCS7Attrib)), 0);
  39423. #endif /* !NO_PKCS7_ENCRYPTED_DATA */
  39424. #endif /* HAVE_LIBZ && !NO_PKCS7_COMPRESSED_DATA */
  39425. #endif /* NO_SHA256 */
  39426. #endif /* NO_RSA */
  39427. #ifdef HAVE_ECC
  39428. #ifndef NO_SHA256
  39429. /* Signed FirmwarePkgData, ECDSA, SHA256, no attribs */
  39430. ADD_PKCS7SIGNEDVECTOR(
  39431. data, (word32)sizeof(data), SHA256h, ECDSAk, eccClientPrivKeyBuf,
  39432. eccClientPrivKeyBufSz, eccClientCertBuf, eccClientCertBufSz, NULL, 0,
  39433. NULL, 0,
  39434. "pkcs7signedFirmwarePkgData_ECDSA_SHA256_noattr.der", 0, NULL,
  39435. 0, 0, 0, 0, NULL, 0, NULL, 0, 0);
  39436. /* Signed FirmwarePkgData, ECDSA, SHA256, attribs */
  39437. ADD_PKCS7SIGNEDVECTOR(
  39438. data, (word32)sizeof(data), SHA256h, ECDSAk, eccClientPrivKeyBuf,
  39439. eccClientPrivKeyBufSz, eccClientCertBuf, eccClientCertBufSz, NULL, 0,
  39440. attribs, (sizeof(attribs)/sizeof(PKCS7Attrib)),
  39441. "pkcs7signedFirmwarePkgData_ECDSA_SHA256.der", 0, NULL,
  39442. 0, 0, 0, 0, NULL, 0, NULL, 0, 0);
  39443. /* Signed FirmwarePkgData, ECDSA, SHA256, SubjectKeyIdentifier, attr */
  39444. ADD_PKCS7SIGNEDVECTOR(
  39445. data, (word32)sizeof(data), SHA256h, ECDSAk, eccClientPrivKeyBuf,
  39446. eccClientPrivKeyBufSz, eccClientCertBuf, eccClientCertBufSz, NULL, 0,
  39447. attribs, (sizeof(attribs)/sizeof(PKCS7Attrib)),
  39448. "pkcs7signedFirmwarePkgData_ECDSA_SHA256_SKID.der", 0, NULL,
  39449. 0, CMS_SKID, 0, 0, NULL, 0, NULL, 0, 0);
  39450. #if !defined(NO_PKCS7_ENCRYPTED_DATA) && \
  39451. defined(HAVE_AES_CBC) && defined(WOLFSSL_AES_256)
  39452. /* Signed Encrypted FirmwarePkgData, ECDSA, SHA256, no attribs */
  39453. ADD_PKCS7SIGNEDVECTOR(
  39454. data, (word32)sizeof(data), SHA256h, ECDSAk, eccClientPrivKeyBuf,
  39455. eccClientPrivKeyBufSz, eccClientCertBuf, eccClientCertBufSz, NULL, 0,
  39456. NULL, 0,
  39457. "pkcs7signedEncryptedFirmwarePkgData_ECDSA_SHA256_noattr.der", 0, NULL,
  39458. 0, 0, AES256CBCb, 1, aes256Key, sizeof(aes256Key), NULL, 0, 0);
  39459. /* Signed Encrypted FirmwarePkgData, ECDSA, SHA256, attribs */
  39460. ADD_PKCS7SIGNEDVECTOR(
  39461. data, (word32)sizeof(data), SHA256h, ECDSAk, eccClientPrivKeyBuf,
  39462. eccClientPrivKeyBufSz, eccClientCertBuf, eccClientCertBufSz, NULL, 0,
  39463. attribs, (sizeof(attribs)/sizeof(PKCS7Attrib)),
  39464. "pkcs7signedEncryptedFirmwarePkgData_ECDSA_SHA256.der", 0, NULL,
  39465. 0, 0, AES256CBCb, 1, aes256Key, sizeof(aes256Key),
  39466. attribs, (sizeof(attribs)/sizeof(PKCS7Attrib)), 0);
  39467. #endif /* WOLFSSL_AES_256 && !NO_PKCS7_ENCRYPTED_DATA */
  39468. #if defined(HAVE_LIBZ) && !defined(NO_PKCS7_COMPRESSED_DATA)
  39469. /* Signed Compressed FirmwarePkgData, ECDSA, SHA256, no attribs */
  39470. ADD_PKCS7SIGNEDVECTOR(
  39471. data, (word32)sizeof(data), SHA256h, ECDSAk, eccClientPrivKeyBuf,
  39472. eccClientPrivKeyBufSz, eccClientCertBuf, eccClientCertBufSz, NULL, 0,
  39473. NULL, 0,
  39474. "pkcs7signedCompressedFirmwarePkgData_ECDSA_SHA256_noattr.der", 0, NULL,
  39475. 0, 0, 0, 2, NULL, 0, NULL, 0, 0);
  39476. /* Signed Compressed FirmwarePkgData, ECDSA, SHA256, attrib */
  39477. ADD_PKCS7SIGNEDVECTOR(
  39478. data, (word32)sizeof(data), SHA256h, ECDSAk, eccClientPrivKeyBuf,
  39479. eccClientPrivKeyBufSz, eccClientCertBuf, eccClientCertBufSz, NULL, 0,
  39480. attribs, (sizeof(attribs)/sizeof(PKCS7Attrib)),
  39481. "pkcs7signedCompressedFirmwarePkgData_ECDSA_SHA256.der", 0, NULL,
  39482. 0, 0, 0, 2, NULL, 0, NULL, 0, 0);
  39483. #ifndef NO_PKCS7_ENCRYPTED_DATA
  39484. /* Signed Encrypted Compressed FirmwarePkgData, ECDSA, SHA256,
  39485. no attribs */
  39486. ADD_PKCS7SIGNEDVECTOR(
  39487. data, (word32)sizeof(data), SHA256h, ECDSAk, eccClientPrivKeyBuf,
  39488. eccClientPrivKeyBufSz, eccClientCertBuf, eccClientCertBufSz, NULL, 0,
  39489. NULL, 0,
  39490. "pkcs7signedEncryptedCompressedFirmwarePkgData_ECDSA_SHA256_noattr.der",
  39491. 0, NULL, 0, 0, AES256CBCb, 3, aes256Key, sizeof(aes256Key), NULL,
  39492. 0, 0);
  39493. /* Signed Encrypted Compressed FirmwarePkgData, ECDSA, SHA256,
  39494. attribs */
  39495. ADD_PKCS7SIGNEDVECTOR(
  39496. data, (word32)sizeof(data), SHA256h, ECDSAk, eccClientPrivKeyBuf,
  39497. eccClientPrivKeyBufSz, eccClientCertBuf, eccClientCertBufSz, NULL, 0,
  39498. attribs, (sizeof(attribs)/sizeof(PKCS7Attrib)),
  39499. "pkcs7signedEncryptedCompressedFirmwarePkgData_ECDSA_SHA256.der",
  39500. 0, NULL, 0, 0, AES256CBCb, 3, aes256Key, sizeof(aes256Key),
  39501. attribs, (sizeof(attribs)/sizeof(PKCS7Attrib)), 0);
  39502. #endif /* !NO_PKCS7_ENCRYPTED_DATA */
  39503. #endif /* HAVE_LIBZ && !NO_PKCS7_COMPRESSED_DATA */
  39504. #endif /* NO_SHA256 */
  39505. #endif /* HAVE_ECC */
  39506. };
  39507. #undef MAX_TESTVECTORS_LEN
  39508. #undef ADD_PKCS7SIGNEDVECTOR
  39509. outSz = FOURK_BUF;
  39510. out = (byte*)XMALLOC(outSz, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  39511. if (out == NULL)
  39512. ERROR_OUT(WC_TEST_RET_ENC_ERRNO, out);
  39513. XMEMSET(out, 0, outSz);
  39514. ret = wc_PKCS7_PadData((byte*)data, sizeof(data), out, outSz, 16);
  39515. if (ret < 0)
  39516. ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
  39517. #ifndef HAVE_FIPS
  39518. ret = wc_InitRng_ex(&rng, HEAP_HINT, devId);
  39519. #else
  39520. ret = wc_InitRng(&rng);
  39521. #endif
  39522. if (ret != 0)
  39523. ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
  39524. for (i = 0; i < testSz; i++) {
  39525. if (pkcs7)
  39526. wc_PKCS7_Free(pkcs7);
  39527. pkcs7 = wc_PKCS7_New(HEAP_HINT, devId);
  39528. if (pkcs7 == NULL)
  39529. ERROR_OUT(WC_TEST_RET_ENC_ERRNO, out);
  39530. ret = wc_PKCS7_InitWithCert(pkcs7, testVectors[i].cert,
  39531. (word32)testVectors[i].certSz);
  39532. if (ret != 0)
  39533. ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
  39534. /* load CA certificate, if present */
  39535. if (testVectors[i].caCert != NULL) {
  39536. ret = wc_PKCS7_AddCertificate(pkcs7, testVectors[i].caCert,
  39537. (word32)testVectors[i].caCertSz);
  39538. if (ret != 0)
  39539. ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
  39540. }
  39541. /* set SignerIdentifier to use SubjectKeyIdentifier if desired,
  39542. default is IssuerAndSerialNumber */
  39543. if (testVectors[i].sidType == CMS_SKID) {
  39544. ret = wc_PKCS7_SetSignerIdentifierType(pkcs7, CMS_SKID);
  39545. if (ret != 0)
  39546. ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
  39547. }
  39548. if (testVectors[i].encCompFlag == 0) {
  39549. /* encode Signed FirmwarePkgData */
  39550. encodedSz = wc_PKCS7_EncodeSignedFPD(pkcs7,
  39551. testVectors[i].privateKey, testVectors[i].privateKeySz,
  39552. testVectors[i].signOID, testVectors[i].hashOID,
  39553. (byte*)testVectors[i].content, testVectors[i].contentSz,
  39554. testVectors[i].signedAttribs,
  39555. testVectors[i].signedAttribsSz, out, outSz);
  39556. if (encodedSz < 0)
  39557. ERROR_OUT(WC_TEST_RET_ENC_EC(encodedSz), out);
  39558. #ifndef NO_PKCS7_ENCRYPTED_DATA
  39559. } else if (testVectors[i].encCompFlag == 1) {
  39560. /* encode Signed Encrypted FirmwarePkgData */
  39561. encodedSz = wc_PKCS7_EncodeSignedEncryptedFPD(pkcs7,
  39562. (byte *)testVectors[i].encryptKey, testVectors[i].encryptKeySz,
  39563. testVectors[i].privateKey, testVectors[i].privateKeySz,
  39564. testVectors[i].encryptOID, testVectors[i].signOID,
  39565. testVectors[i].hashOID, (byte*)testVectors[i].content,
  39566. testVectors[i].contentSz, testVectors[i].unprotectedAttribs,
  39567. testVectors[i].unprotectedAttribsSz,
  39568. testVectors[i].signedAttribs,
  39569. testVectors[i].signedAttribsSz, out, outSz);
  39570. if (encodedSz <= 0)
  39571. ERROR_OUT(WC_TEST_RET_ENC_EC(encodedSz), out);
  39572. #endif
  39573. #if defined(HAVE_LIBZ) && !defined(NO_PKCS7_COMPRESSED_DATA)
  39574. } else if (testVectors[i].encCompFlag == 2) {
  39575. /* encode Signed Compressed FirmwarePkgData */
  39576. encodedSz = wc_PKCS7_EncodeSignedCompressedFPD(pkcs7,
  39577. testVectors[i].privateKey, testVectors[i].privateKeySz,
  39578. testVectors[i].signOID, testVectors[i].hashOID,
  39579. (byte*)testVectors[i].content, testVectors[i].contentSz,
  39580. testVectors[i].signedAttribs,
  39581. testVectors[i].signedAttribsSz, out, outSz);
  39582. if (encodedSz <= 0)
  39583. ERROR_OUT(WC_TEST_RET_ENC_EC(encodedSz), out);
  39584. #ifndef NO_PKCS7_ENCRYPTED_DATA
  39585. } else if (testVectors[i].encCompFlag == 3) {
  39586. /* encode Signed Encrypted Compressed FirmwarePkgData */
  39587. encodedSz = wc_PKCS7_EncodeSignedEncryptedCompressedFPD(pkcs7,
  39588. testVectors[i].encryptKey, testVectors[i].encryptKeySz,
  39589. testVectors[i].privateKey, testVectors[i].privateKeySz,
  39590. testVectors[i].encryptOID, testVectors[i].signOID,
  39591. testVectors[i].hashOID, (byte*)testVectors[i].content,
  39592. testVectors[i].contentSz, testVectors[i].unprotectedAttribs,
  39593. testVectors[i].unprotectedAttribsSz,
  39594. testVectors[i].signedAttribs,
  39595. testVectors[i].signedAttribsSz, out, outSz);
  39596. if (encodedSz <= 0)
  39597. ERROR_OUT(WC_TEST_RET_ENC_EC(encodedSz), out);
  39598. #endif /* NO_PKCS7_ENCRYPTED_DATA */
  39599. #endif /* HAVE_LIBZ && !NO_PKCS7_COMPRESSED_DATA */
  39600. } else {
  39601. /* unsupported SignedData single-shot combination */
  39602. ERROR_OUT(WC_TEST_RET_ENC_NC, out);
  39603. }
  39604. #ifdef PKCS7_OUTPUT_TEST_BUNDLES
  39605. /* write PKCS#7 to output file for more testing */
  39606. file = XFOPEN(testVectors[i].outFileName, "wb");
  39607. if (!file)
  39608. ERROR_OUT(WC_TEST_RET_ENC_ERRNO, out);
  39609. ret = (int)XFWRITE(out, 1, encodedSz, file);
  39610. XFCLOSE(file);
  39611. file = NULL;
  39612. if (ret != (int)encodedSz)
  39613. ERROR_OUT(WC_TEST_RET_ENC_ERRNO, out);
  39614. #endif /* PKCS7_OUTPUT_TEST_BUNDLES */
  39615. wc_PKCS7_Free(pkcs7);
  39616. pkcs7 = wc_PKCS7_New(HEAP_HINT, devId);
  39617. if (pkcs7 == NULL)
  39618. ERROR_OUT(WC_TEST_RET_ENC_ERRNO, out);
  39619. wc_PKCS7_InitWithCert(pkcs7, NULL, 0);
  39620. ret = wc_PKCS7_VerifySignedData(pkcs7, out, outSz);
  39621. if (ret < 0)
  39622. ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
  39623. #ifndef NO_PKCS7_STREAM
  39624. {
  39625. word32 z;
  39626. for (z = 0; z < outSz && ret != 0; z++) {
  39627. ret = wc_PKCS7_VerifySignedData(pkcs7, out + z, 1);
  39628. if (ret < 0 && ret != WC_PKCS7_WANT_READ_E) {
  39629. printf("unexpected error %d\n", ret);
  39630. ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
  39631. }
  39632. }
  39633. }
  39634. #endif
  39635. if (pkcs7->singleCert == NULL || pkcs7->singleCertSz == 0)
  39636. ERROR_OUT(WC_TEST_RET_ENC_NC, out);
  39637. if (testVectors[i].encCompFlag == 0) {
  39638. /* verify decoded content matches expected */
  39639. if ((pkcs7->contentSz != testVectors[i].contentSz) ||
  39640. XMEMCMP(pkcs7->content, testVectors[i].content,
  39641. pkcs7->contentSz)) {
  39642. ERROR_OUT(WC_TEST_RET_ENC_NC, out);
  39643. }
  39644. }
  39645. #ifndef NO_PKCS7_ENCRYPTED_DATA
  39646. else if (testVectors[i].encCompFlag == 1) {
  39647. /* decrypt inner encryptedData */
  39648. pkcs7->encryptionKey = (byte *)testVectors[i].encryptKey;
  39649. pkcs7->encryptionKeySz = testVectors[i].encryptKeySz;
  39650. ret = wc_PKCS7_DecodeEncryptedData(pkcs7, pkcs7->content,
  39651. pkcs7->contentSz, out, outSz);
  39652. if (ret < 0)
  39653. ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
  39654. /* compare decrypted to expected */
  39655. if (((word32)ret != testVectors[i].contentSz) ||
  39656. XMEMCMP(out, testVectors[i].content, ret))
  39657. ERROR_OUT(WC_TEST_RET_ENC_NC, out);
  39658. }
  39659. #endif
  39660. #if defined(HAVE_LIBZ) && !defined(NO_PKCS7_COMPRESSED_DATA)
  39661. else if (testVectors[i].encCompFlag == 2) {
  39662. /* decompress inner compressedData */
  39663. ret = wc_PKCS7_DecodeCompressedData(pkcs7, pkcs7->content,
  39664. pkcs7->contentSz, out, outSz);
  39665. if (ret < 0)
  39666. ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
  39667. /* compare decompressed to expected */
  39668. if (((word32)ret != testVectors[i].contentSz) ||
  39669. XMEMCMP(out, testVectors[i].content, ret))
  39670. ERROR_OUT(WC_TEST_RET_ENC_NC, out);
  39671. }
  39672. #ifndef NO_PKCS7_ENCRYPTED_DATA
  39673. else if (testVectors[i].encCompFlag == 3) {
  39674. encryptedTmpSz = FOURK_BUF;
  39675. encryptedTmp = (byte*)XMALLOC(encryptedTmpSz, HEAP_HINT,
  39676. DYNAMIC_TYPE_TMP_BUFFER);
  39677. if (encryptedTmp == NULL)
  39678. ERROR_OUT(WC_TEST_RET_ENC_ERRNO, out);
  39679. XMEMSET(encryptedTmp, 0, encryptedTmpSz);
  39680. /* decrypt inner encryptedData */
  39681. pkcs7->encryptionKey = testVectors[i].encryptKey;
  39682. pkcs7->encryptionKeySz = testVectors[i].encryptKeySz;
  39683. encryptedTmpSz = wc_PKCS7_DecodeEncryptedData(pkcs7, pkcs7->content,
  39684. pkcs7->contentSz, encryptedTmp,
  39685. encryptedTmpSz);
  39686. if (encryptedTmpSz < 0 || pkcs7->contentOID != COMPRESSED_DATA)
  39687. ERROR_OUT(WC_TEST_RET_ENC_NC, out);
  39688. /* decompress inner compressedData */
  39689. ret = wc_PKCS7_DecodeCompressedData(pkcs7, encryptedTmp,
  39690. encryptedTmpSz, out, outSz);
  39691. if (ret < 0)
  39692. ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
  39693. /* compare decompressed to expected */
  39694. if (((word32)ret != testVectors[i].contentSz) ||
  39695. XMEMCMP(out, testVectors[i].content, ret))
  39696. ERROR_OUT(WC_TEST_RET_ENC_NC, out);
  39697. }
  39698. #endif /* NO_PKCS7_ENCRYPTED_DATA */
  39699. #endif /* HAVE_LIBZ && !NO_PKCS7_COMPRESSED_DATA */
  39700. }
  39701. out:
  39702. if (pkcs7 != NULL)
  39703. wc_PKCS7_Free(pkcs7);
  39704. if (out != NULL)
  39705. XFREE(out, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  39706. #if defined(HAVE_LIBZ) && !defined(NO_PKCS7_COMPRESSED_DATA) && \
  39707. !defined(NO_PKCS7_ENCRYPTED_DATA)
  39708. if (encryptedTmp != NULL)
  39709. XFREE(encryptedTmp, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  39710. #endif
  39711. if (testVectors != NULL)
  39712. XFREE(testVectors, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  39713. wc_FreeRng(&rng);
  39714. if (ret > 0)
  39715. return 0;
  39716. (void)eccClientCertBuf;
  39717. (void)eccClientCertBufSz;
  39718. (void)eccClientPrivKeyBuf;
  39719. (void)eccClientPrivKeyBufSz;
  39720. (void)rsaClientCertBuf;
  39721. (void)rsaClientCertBufSz;
  39722. (void)rsaClientPrivKeyBuf;
  39723. (void)rsaClientPrivKeyBufSz;
  39724. (void)rsaServerCertBuf;
  39725. (void)rsaServerCertBufSz;
  39726. (void)rsaServerPrivKeyBuf;
  39727. (void)rsaServerPrivKeyBufSz;
  39728. (void)rsaCaCertBuf;
  39729. (void)rsaCaCertBufSz;
  39730. (void)rsaCaPrivKeyBuf;
  39731. (void)rsaCaPrivKeyBufSz;
  39732. return ret;
  39733. }
  39734. WOLFSSL_TEST_SUBROUTINE wc_test_ret_t pkcs7signed_test(void)
  39735. {
  39736. wc_test_ret_t ret = 0;
  39737. byte* rsaClientCertBuf = NULL;
  39738. byte* rsaServerCertBuf = NULL;
  39739. byte* rsaCaCertBuf = NULL;
  39740. byte* eccClientCertBuf = NULL;
  39741. byte* rsaClientPrivKeyBuf = NULL;
  39742. byte* rsaServerPrivKeyBuf = NULL;
  39743. byte* rsaCaPrivKeyBuf = NULL;
  39744. byte* eccClientPrivKeyBuf = NULL;
  39745. word32 rsaClientCertBufSz = 0;
  39746. word32 rsaServerCertBufSz = 0;
  39747. word32 rsaCaCertBufSz = 0;
  39748. word32 eccClientCertBufSz = 0;
  39749. word32 rsaClientPrivKeyBufSz = 0;
  39750. word32 rsaServerPrivKeyBufSz = 0;
  39751. word32 rsaCaPrivKeyBufSz = 0;
  39752. word32 eccClientPrivKeyBufSz = 0;
  39753. #ifndef NO_RSA
  39754. /* read client RSA cert and key in DER format */
  39755. rsaClientCertBuf = (byte*)XMALLOC(FOURK_BUF, HEAP_HINT,
  39756. DYNAMIC_TYPE_TMP_BUFFER);
  39757. if (rsaClientCertBuf == NULL)
  39758. ret = WC_TEST_RET_ENC_NC;
  39759. rsaClientPrivKeyBuf = (byte*)XMALLOC(FOURK_BUF, HEAP_HINT,
  39760. DYNAMIC_TYPE_TMP_BUFFER);
  39761. if (ret == 0 && rsaClientPrivKeyBuf == NULL) {
  39762. ret = WC_TEST_RET_ENC_ERRNO;
  39763. }
  39764. rsaClientCertBufSz = FOURK_BUF;
  39765. rsaClientPrivKeyBufSz = FOURK_BUF;
  39766. /* read server RSA cert and key in DER format */
  39767. rsaServerCertBuf = (byte*)XMALLOC(FOURK_BUF, HEAP_HINT,
  39768. DYNAMIC_TYPE_TMP_BUFFER);
  39769. if (ret == 0 && rsaServerCertBuf == NULL)
  39770. ret = WC_TEST_RET_ENC_NC;
  39771. rsaServerPrivKeyBuf = (byte*)XMALLOC(FOURK_BUF, HEAP_HINT,
  39772. DYNAMIC_TYPE_TMP_BUFFER);
  39773. if (ret == 0 && rsaServerPrivKeyBuf == NULL) {
  39774. ret = WC_TEST_RET_ENC_ERRNO;
  39775. }
  39776. rsaServerCertBufSz = FOURK_BUF;
  39777. rsaServerPrivKeyBufSz = FOURK_BUF;
  39778. /* read CA RSA cert and key in DER format, for use with server cert */
  39779. rsaCaCertBuf = (byte*)XMALLOC(FOURK_BUF, HEAP_HINT,
  39780. DYNAMIC_TYPE_TMP_BUFFER);
  39781. if (ret == 0 && rsaCaCertBuf == NULL)
  39782. ret = WC_TEST_RET_ENC_NC;
  39783. rsaCaPrivKeyBuf = (byte*)XMALLOC(FOURK_BUF, HEAP_HINT,
  39784. DYNAMIC_TYPE_TMP_BUFFER);
  39785. if (ret == 0 && rsaCaPrivKeyBuf == NULL) {
  39786. ret = WC_TEST_RET_ENC_ERRNO;
  39787. }
  39788. rsaCaCertBufSz = FOURK_BUF;
  39789. rsaCaPrivKeyBufSz = FOURK_BUF;
  39790. #endif /* NO_RSA */
  39791. #ifdef HAVE_ECC
  39792. /* read client ECC cert and key in DER format */
  39793. eccClientCertBuf = (byte*)XMALLOC(FOURK_BUF, HEAP_HINT,
  39794. DYNAMIC_TYPE_TMP_BUFFER);
  39795. if (ret == 0 && eccClientCertBuf == NULL) {
  39796. ret = WC_TEST_RET_ENC_ERRNO;
  39797. }
  39798. eccClientPrivKeyBuf =(byte*)XMALLOC(FOURK_BUF, HEAP_HINT,
  39799. DYNAMIC_TYPE_TMP_BUFFER);
  39800. if (ret == 0 && eccClientPrivKeyBuf == NULL) {
  39801. ret = WC_TEST_RET_ENC_ERRNO;
  39802. }
  39803. eccClientCertBufSz = FOURK_BUF;
  39804. eccClientPrivKeyBufSz = FOURK_BUF;
  39805. #endif /* HAVE_ECC */
  39806. if (ret >= 0)
  39807. ret = pkcs7_load_certs_keys(rsaClientCertBuf, &rsaClientCertBufSz,
  39808. rsaClientPrivKeyBuf, &rsaClientPrivKeyBufSz,
  39809. rsaServerCertBuf, &rsaServerCertBufSz,
  39810. rsaServerPrivKeyBuf, &rsaServerPrivKeyBufSz,
  39811. rsaCaCertBuf, &rsaCaCertBufSz,
  39812. rsaCaPrivKeyBuf, &rsaCaPrivKeyBufSz,
  39813. eccClientCertBuf, &eccClientCertBufSz,
  39814. eccClientPrivKeyBuf, &eccClientPrivKeyBufSz);
  39815. if (ret < 0) {
  39816. ret = WC_TEST_RET_ENC_EC(ret);
  39817. }
  39818. if (ret >= 0)
  39819. ret = pkcs7signed_run_vectors(rsaClientCertBuf, (word32)rsaClientCertBufSz,
  39820. rsaClientPrivKeyBuf, (word32)rsaClientPrivKeyBufSz,
  39821. rsaServerCertBuf, (word32)rsaServerCertBufSz,
  39822. rsaServerPrivKeyBuf, (word32)rsaServerPrivKeyBufSz,
  39823. rsaCaCertBuf, (word32)rsaCaCertBufSz,
  39824. rsaCaPrivKeyBuf, (word32)rsaCaPrivKeyBufSz,
  39825. eccClientCertBuf, (word32)eccClientCertBufSz,
  39826. eccClientPrivKeyBuf, (word32)eccClientPrivKeyBufSz);
  39827. if (ret >= 0)
  39828. ret = pkcs7signed_run_SingleShotVectors(
  39829. rsaClientCertBuf, (word32)rsaClientCertBufSz,
  39830. rsaClientPrivKeyBuf, (word32)rsaClientPrivKeyBufSz,
  39831. rsaServerCertBuf, (word32)rsaServerCertBufSz,
  39832. rsaServerPrivKeyBuf, (word32)rsaServerPrivKeyBufSz,
  39833. rsaCaCertBuf, (word32)rsaCaCertBufSz,
  39834. rsaCaPrivKeyBuf, (word32)rsaCaPrivKeyBufSz,
  39835. eccClientCertBuf, (word32)eccClientCertBufSz,
  39836. eccClientPrivKeyBuf, (word32)eccClientPrivKeyBufSz);
  39837. #if !defined(NO_RSA) && !defined(NO_AES) && defined(HAVE_AES_CBC)
  39838. if (ret >= 0)
  39839. ret = pkcs7callback_test(
  39840. rsaClientCertBuf, (word32)rsaClientCertBufSz,
  39841. rsaClientPrivKeyBuf, (word32)rsaClientPrivKeyBufSz);
  39842. #endif
  39843. XFREE(rsaClientCertBuf, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  39844. XFREE(rsaClientPrivKeyBuf, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  39845. XFREE(rsaServerCertBuf, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  39846. XFREE(rsaServerPrivKeyBuf, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  39847. XFREE(rsaCaCertBuf, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  39848. XFREE(rsaCaPrivKeyBuf, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  39849. XFREE(eccClientCertBuf, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  39850. XFREE(eccClientPrivKeyBuf, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  39851. return ret;
  39852. }
  39853. #endif /* HAVE_PKCS7 */
  39854. #if defined(WOLFSSL_PUBLIC_MP) && \
  39855. ((defined(WOLFSSL_SP_MATH_ALL) && !defined(WOLFSSL_RSA_VERIFY_ONLY)) || \
  39856. defined(USE_FAST_MATH))
  39857. /* Maximum number of bytes in a number to test. */
  39858. #define MP_MAX_TEST_BYTE_LEN 32
  39859. static wc_test_ret_t randNum(mp_int* n, int len, WC_RNG* rng, void* heap)
  39860. {
  39861. byte d[MP_MAX_TEST_BYTE_LEN];
  39862. wc_test_ret_t ret;
  39863. (void)heap;
  39864. do {
  39865. ret = wc_RNG_GenerateBlock(rng, d, len);
  39866. if (ret != 0)
  39867. return ret;
  39868. ret = mp_read_unsigned_bin(n, d, len);
  39869. if (ret != 0)
  39870. return ret;
  39871. } while (mp_iszero(n));
  39872. return 0;
  39873. }
  39874. #if defined(WOLFSSL_SP_MATH_ALL) || !defined(USE_FAST_MATH)
  39875. static wc_test_ret_t mp_test_div_3(mp_int* a, mp_int* r, WC_RNG* rng)
  39876. {
  39877. int i, j;
  39878. mp_digit rem;
  39879. mp_digit rem2;
  39880. wc_test_ret_t ret;
  39881. #if (defined(WOLFSSL_SP_MATH_ALL) && !defined(WOLFSSL_RSA_VERIFY_ONLY)) || \
  39882. defined(WOLFSSL_KEY_GEN) || defined(HAVE_COMP_KEY)
  39883. for (i = 0; i < 10; i++) {
  39884. for (j = 1; j < 10; j++) {
  39885. ret = randNum(a, j, rng, NULL);
  39886. if (ret != 0)
  39887. return WC_TEST_RET_ENC_EC(ret);
  39888. ret = mp_div_3(a, r, &rem);
  39889. if (ret != 0)
  39890. return WC_TEST_RET_ENC_EC(ret);
  39891. ret = mp_mul_d(r, 3, r);
  39892. if (ret != 0)
  39893. return WC_TEST_RET_ENC_EC(ret);
  39894. ret = mp_add_d(r, rem, r);
  39895. if (ret != 0)
  39896. return WC_TEST_RET_ENC_EC(ret);
  39897. ret = mp_cmp(r, a);
  39898. if (ret != MP_EQ)
  39899. return WC_TEST_RET_ENC_NC;
  39900. }
  39901. }
  39902. ret = mp_div_3(a, r, &rem);
  39903. if (ret != 0)
  39904. return WC_TEST_RET_ENC_NC;
  39905. ret = mp_div_3(a, a, NULL);
  39906. if (ret != 0)
  39907. return WC_TEST_RET_ENC_NC;
  39908. ret = mp_cmp(r, a);
  39909. if (ret != MP_EQ)
  39910. return WC_TEST_RET_ENC_NC;
  39911. #endif
  39912. #if defined(WOLFSSL_SP_MATH_ALL)
  39913. ret = mp_div_d(a, 10, r, &rem);
  39914. if (ret != 0)
  39915. return WC_TEST_RET_ENC_EC(ret);
  39916. ret = mp_div_d(a, 10, a, NULL);
  39917. if (ret != 0)
  39918. return WC_TEST_RET_ENC_EC(ret);
  39919. ret = mp_cmp(r, a);
  39920. if (ret != MP_EQ)
  39921. return WC_TEST_RET_ENC_NC;
  39922. ret = mp_div_d(a, 12, r, &rem);
  39923. if (ret != 0)
  39924. return WC_TEST_RET_ENC_EC(ret);
  39925. ret = mp_div_d(a, 12, a, NULL);
  39926. if (ret != 0)
  39927. return WC_TEST_RET_ENC_EC(ret);
  39928. ret = mp_cmp(r, a);
  39929. if (ret != MP_EQ)
  39930. return WC_TEST_RET_ENC_NC;
  39931. ret = mp_div_d(a, (mp_digit)1 << (DIGIT_BIT / 2), r, &rem);
  39932. if (ret != 0)
  39933. return WC_TEST_RET_ENC_EC(ret);
  39934. ret = mp_div_d(a, (mp_digit)1 << (DIGIT_BIT / 2), NULL, &rem2);
  39935. if (ret != 0)
  39936. return WC_TEST_RET_ENC_EC(ret);
  39937. ret = mp_div_d(a, (mp_digit)1 << (DIGIT_BIT / 2), a, NULL);
  39938. if (ret != 0)
  39939. return WC_TEST_RET_ENC_EC(ret);
  39940. ret = mp_cmp(r, a);
  39941. if (ret != MP_EQ)
  39942. return WC_TEST_RET_ENC_NC;
  39943. if (rem != rem2)
  39944. return WC_TEST_RET_ENC_NC;
  39945. #endif
  39946. (void)a;
  39947. (void)r;
  39948. (void)rng;
  39949. (void)i;
  39950. (void)j;
  39951. (void)rem;
  39952. (void)rem2;
  39953. (void)ret;
  39954. return 0;
  39955. }
  39956. #endif /* WOLFSSL_SP_MATH || !USE_FAST_MATH */
  39957. #if (defined(WOLFSSL_SP_MATH_ALL) && !defined(NO_RSA) && \
  39958. !defined(WOLFSSL_RSA_VERIFY_ONLY)) || \
  39959. (!defined WOLFSSL_SP_MATH && !defined(WOLFSSL_SP_MATH_ALL) && \
  39960. (defined(WOLFSSL_KEY_GEN) || defined(HAVE_COMP_KEY)))
  39961. static wc_test_ret_t mp_test_radix_10(mp_int* a, mp_int* r, WC_RNG* rng)
  39962. {
  39963. wc_test_ret_t ret;
  39964. int i, j;
  39965. int size;
  39966. char str[30];
  39967. WOLFSSL_SMALL_STACK_STATIC const char* badStr1 = "A";
  39968. WOLFSSL_SMALL_STACK_STATIC const char* badStr2 = "a";
  39969. WOLFSSL_SMALL_STACK_STATIC const char* empty2 = " ";
  39970. WOLFSSL_SMALL_STACK_STATIC const char* zeros = "000";
  39971. WOLFSSL_SMALL_STACK_STATIC const char* empty = "";
  39972. for (i = 0; i < 10; i++) {
  39973. for (j = 2; j < 12; j++) {
  39974. ret = randNum(a, j, rng, NULL);
  39975. if (ret != 0)
  39976. return WC_TEST_RET_ENC_EC(ret);
  39977. ret = mp_radix_size(a, MP_RADIX_DEC, &size);
  39978. if (ret != MP_OKAY)
  39979. return WC_TEST_RET_ENC_EC(ret);
  39980. ret = mp_toradix(a, str, MP_RADIX_DEC);
  39981. if (ret != MP_OKAY)
  39982. return WC_TEST_RET_ENC_EC(ret);
  39983. if ((int)XSTRLEN(str) != size - 1)
  39984. return WC_TEST_RET_ENC_NC;
  39985. ret = mp_read_radix(r, str, MP_RADIX_DEC);
  39986. if (ret != MP_OKAY)
  39987. return WC_TEST_RET_ENC_EC(ret);
  39988. ret = mp_cmp(a, r);
  39989. if (ret != MP_EQ)
  39990. return WC_TEST_RET_ENC_NC;
  39991. }
  39992. }
  39993. ret = mp_read_radix(r, badStr1, MP_RADIX_DEC);
  39994. if (ret != MP_VAL)
  39995. return WC_TEST_RET_ENC_EC(ret);
  39996. ret = mp_read_radix(r, badStr2, MP_RADIX_DEC);
  39997. if (ret != MP_VAL)
  39998. return WC_TEST_RET_ENC_EC(ret);
  39999. ret = mp_read_radix(r, empty2, MP_RADIX_DEC);
  40000. if (ret != MP_OKAY)
  40001. return WC_TEST_RET_ENC_EC(ret);
  40002. ret = mp_read_radix(r, zeros, MP_RADIX_DEC);
  40003. if (ret != MP_OKAY)
  40004. return WC_TEST_RET_ENC_EC(ret);
  40005. if (!mp_iszero(r))
  40006. return WC_TEST_RET_ENC_NC;
  40007. mp_set(r, 1);
  40008. ret = mp_read_radix(r, empty, MP_RADIX_DEC);
  40009. if (ret != MP_OKAY)
  40010. return WC_TEST_RET_ENC_EC(ret);
  40011. if (!mp_iszero(r))
  40012. return WC_TEST_RET_ENC_NC;
  40013. mp_zero(a);
  40014. ret = mp_radix_size(a, MP_RADIX_DEC, &size);
  40015. if (ret != 0)
  40016. return WC_TEST_RET_ENC_EC(ret);
  40017. if (size != 2)
  40018. return WC_TEST_RET_ENC_NC;
  40019. ret = mp_toradix(a, str, MP_RADIX_DEC);
  40020. if (ret != 0)
  40021. return WC_TEST_RET_ENC_EC(ret);
  40022. if ((int)XSTRLEN(str) != size - 1)
  40023. return WC_TEST_RET_ENC_NC;
  40024. ret = mp_read_radix(r, str, MP_RADIX_DEC);
  40025. if (ret != 0)
  40026. return WC_TEST_RET_ENC_EC(ret);
  40027. if (!mp_iszero(r))
  40028. return WC_TEST_RET_ENC_NC;
  40029. return 0;
  40030. }
  40031. #endif
  40032. #if defined(WOLFSSL_SP_MATH_ALL) || (!defined WOLFSSL_SP_MATH && \
  40033. defined(HAVE_ECC))
  40034. static wc_test_ret_t mp_test_radix_16(mp_int* a, mp_int* r, WC_RNG* rng)
  40035. {
  40036. wc_test_ret_t ret;
  40037. int i, j;
  40038. int size;
  40039. char str[30];
  40040. #if defined(WOLFSSL_SP_MATH) || defined(USE_FAST_MATH)
  40041. static char longStr[2 * sizeof(a->dp) + 2];
  40042. #endif
  40043. WOLFSSL_SMALL_STACK_STATIC const char* empty2 = " ";
  40044. WOLFSSL_SMALL_STACK_STATIC const char* badStr2 = "}";
  40045. WOLFSSL_SMALL_STACK_STATIC const char* empty = "";
  40046. for (i = 0; i < 10; i++) {
  40047. for (j = 2; j < 12; j++) {
  40048. ret = randNum(a, j, rng, NULL);
  40049. if (ret != 0)
  40050. return WC_TEST_RET_ENC_EC(ret);
  40051. mp_radix_size(a, MP_RADIX_HEX, &size);
  40052. mp_toradix(a, str, MP_RADIX_HEX);
  40053. if ((int)XSTRLEN(str) != size - 1)
  40054. return WC_TEST_RET_ENC_NC;
  40055. mp_read_radix(r, str, MP_RADIX_HEX);
  40056. ret = mp_cmp(a, r);
  40057. if (ret != MP_EQ)
  40058. return WC_TEST_RET_ENC_NC;
  40059. }
  40060. }
  40061. ret = mp_read_radix(r, empty2, MP_RADIX_HEX);
  40062. if (ret != MP_OKAY)
  40063. return WC_TEST_RET_ENC_EC(ret);
  40064. ret = mp_read_radix(r, badStr2, MP_RADIX_HEX);
  40065. if (ret != MP_VAL)
  40066. return WC_TEST_RET_ENC_EC(ret);
  40067. mp_set(r, 1);
  40068. ret = mp_read_radix(r, empty, MP_RADIX_HEX);
  40069. if (ret != MP_OKAY)
  40070. return WC_TEST_RET_ENC_EC(ret);
  40071. if (!mp_iszero(r))
  40072. return WC_TEST_RET_ENC_NC;
  40073. #if defined(WOLFSSL_SP_MATH) || defined(USE_FAST_MATH)
  40074. /* Fixed MP data size - string can be too long. */
  40075. longStr[0] = '8';
  40076. XMEMSET(longStr+1, '0', sizeof(longStr) - 2);
  40077. longStr[sizeof(longStr)-1] = '\0';
  40078. ret = mp_read_radix(r, longStr, MP_RADIX_HEX);
  40079. if (ret != MP_VAL)
  40080. return WC_TEST_RET_ENC_EC(ret);
  40081. #endif
  40082. mp_zero(a);
  40083. ret = mp_radix_size(a, MP_RADIX_HEX, &size);
  40084. if (ret != 0)
  40085. return WC_TEST_RET_ENC_EC(ret);
  40086. #ifndef WC_DISABLE_RADIX_ZERO_PAD
  40087. if (size != 3)
  40088. #else
  40089. if (size != 2)
  40090. #endif
  40091. return WC_TEST_RET_ENC_NC;
  40092. ret = mp_toradix(a, str, MP_RADIX_HEX);
  40093. if (ret != 0)
  40094. return WC_TEST_RET_ENC_EC(ret);
  40095. if ((int)XSTRLEN(str) != size - 1)
  40096. return WC_TEST_RET_ENC_NC;
  40097. ret = mp_read_radix(r, str, MP_RADIX_HEX);
  40098. if (ret != 0)
  40099. return WC_TEST_RET_ENC_EC(ret);
  40100. if (!mp_iszero(r))
  40101. return WC_TEST_RET_ENC_NC;
  40102. #ifdef WOLFSSL_SP_MATH
  40103. ret = mp_toradix(a, str, 8);
  40104. if (ret != MP_VAL)
  40105. return WC_TEST_RET_ENC_EC(ret);
  40106. ret = mp_radix_size(a, 8, &size);
  40107. if (ret != MP_VAL)
  40108. return WC_TEST_RET_ENC_EC(ret);
  40109. #endif
  40110. return 0;
  40111. }
  40112. #endif
  40113. static wc_test_ret_t mp_test_shift(mp_int* a, mp_int* r1, WC_RNG* rng)
  40114. {
  40115. int i;
  40116. wc_test_ret_t ret;
  40117. ret = randNum(a, 4, rng, NULL);
  40118. if (ret != 0)
  40119. return WC_TEST_RET_ENC_EC(ret);
  40120. for (i = 0; i < 4; i++) {
  40121. mp_copy(r1, a);
  40122. ret = mp_lshd(r1, i);
  40123. if (ret != MP_OKAY)
  40124. return WC_TEST_RET_ENC_EC(ret);
  40125. #ifndef WOLFSSL_SP_MATH
  40126. mp_rshd(r1, i);
  40127. #else
  40128. mp_rshb(r1, i * SP_WORD_SIZE);
  40129. #endif
  40130. ret = mp_cmp(a, r1);
  40131. if (ret != MP_EQ)
  40132. return WC_TEST_RET_ENC_NC;
  40133. }
  40134. #ifndef WOLFSSL_SP_MATH
  40135. for (i = 0; i < DIGIT_BIT+1; i++) {
  40136. ret = mp_mul_2d(a, i, r1);
  40137. if (ret != MP_OKAY)
  40138. return WC_TEST_RET_ENC_EC(ret);
  40139. mp_rshb(r1, i);
  40140. ret = mp_cmp(a, r1);
  40141. if (ret != MP_EQ)
  40142. return WC_TEST_RET_ENC_NC;
  40143. }
  40144. #endif
  40145. return 0;
  40146. }
  40147. static wc_test_ret_t mp_test_add_sub_d(mp_int* a, mp_int* r1)
  40148. {
  40149. int i, j;
  40150. wc_test_ret_t ret;
  40151. for (i = 0; i <= DIGIT_BIT * 2; i++) {
  40152. mp_zero(a);
  40153. mp_set_bit(a, i);
  40154. if ((int)a->used != (i + DIGIT_BIT) / DIGIT_BIT)
  40155. return WC_TEST_RET_ENC_NC;
  40156. for (j = 0; j < i && j < DIGIT_BIT; j++) {
  40157. mp_zero(r1);
  40158. mp_set_bit(r1, i);
  40159. ret = mp_sub_d(r1, (mp_digit)1 << j, r1);
  40160. if (ret != MP_OKAY)
  40161. return WC_TEST_RET_ENC_EC(ret);
  40162. ret = mp_add_d(r1, (mp_digit)1 << j, r1);
  40163. if (ret != MP_OKAY)
  40164. return WC_TEST_RET_ENC_EC(ret);
  40165. ret = mp_cmp(a, r1);
  40166. if (ret != MP_EQ)
  40167. return WC_TEST_RET_ENC_NC;
  40168. }
  40169. }
  40170. mp_zero(r1);
  40171. ret = mp_add_d(r1, 1, r1);
  40172. if (ret != MP_OKAY)
  40173. return WC_TEST_RET_ENC_EC(ret);
  40174. if (r1->used != 1)
  40175. return WC_TEST_RET_ENC_NC;
  40176. ret = mp_sub_d(r1, 1, r1);
  40177. if (ret != MP_OKAY)
  40178. return WC_TEST_RET_ENC_EC(ret);
  40179. if (r1->used != 0)
  40180. return WC_TEST_RET_ENC_NC;
  40181. return 0;
  40182. }
  40183. static wc_test_ret_t mp_test_read_to_bin(mp_int* a)
  40184. {
  40185. WOLFSSL_SMALL_STACK_STATIC const byte in[16] = {
  40186. 0x91, 0xa2, 0xb3, 0xc4, 0xd5, 0xe6, 0xf7, 0x08,
  40187. 0x93, 0xa4, 0xb4, 0xc5, 0xd6, 0xe7, 0xf8, 0x09
  40188. };
  40189. byte out[24];
  40190. int i, j, k;
  40191. const byte* p;
  40192. wc_test_ret_t ret;
  40193. for (i = 0; i < (int)sizeof(in); i++) {
  40194. p = in + sizeof(in) - i;
  40195. ret = mp_read_unsigned_bin(a, p, i);
  40196. if (ret != 0)
  40197. return WC_TEST_RET_ENC_EC(ret);
  40198. for (j = i; j < (int)sizeof(out); j++) {
  40199. XMEMSET(out, 0xff, sizeof(out));
  40200. ret = mp_to_unsigned_bin_len(a, out, j);
  40201. if (ret != 0)
  40202. return WC_TEST_RET_ENC_EC(ret);
  40203. for (k = 0; k < j - i; k++) {
  40204. if (out[k] != 0)
  40205. return WC_TEST_RET_ENC_NC;
  40206. }
  40207. for (; k < j; k++) {
  40208. if (out[k] != p[k - (j - i)])
  40209. return WC_TEST_RET_ENC_NC;
  40210. }
  40211. }
  40212. }
  40213. /* Length too small. */
  40214. ret = mp_to_unsigned_bin_len(a, out, 1);
  40215. if (ret != MP_VAL)
  40216. return WC_TEST_RET_ENC_EC(ret);
  40217. ret = mp_read_unsigned_bin(a, NULL, 0);
  40218. if (ret != 0)
  40219. return WC_TEST_RET_ENC_EC(ret);
  40220. if (!mp_iszero(a))
  40221. return WC_TEST_RET_ENC_NC;
  40222. return 0;
  40223. }
  40224. #if defined(WOLFSSL_SP_MATH) || defined(WOLFSSL_SP_MATH_ALL)
  40225. static wc_test_ret_t mp_test_set_int(mp_int* a)
  40226. {
  40227. #if SP_ULONG_BITS == 64
  40228. unsigned long n = 0xfedcba9876543210UL;
  40229. byte exp[8] = { 0xfe, 0xdc, 0xba, 0x98, 0x76, 0x54, 0x32, 0x10 };
  40230. byte out[8] = { 0 };
  40231. #elif SP_ULONG_BITS == 32
  40232. unsigned long n = 0xfedcba98UL;
  40233. byte exp[4] = { 0xfe, 0xdc, 0xba, 0x98 };
  40234. byte out[4] = { 0 };
  40235. #elif SP_ULONG_BITS == 16
  40236. unsigned long n = 0xfedc;
  40237. byte exp[2] = { 0xfe, 0xdc };
  40238. byte out[2] = { 0 };
  40239. #elif SP_ULONG_BITS == 8
  40240. unsigned long n = 0xfe;
  40241. byte exp[1] = { 0xfe };
  40242. byte out[1] = { 0 };
  40243. #endif
  40244. wc_test_ret_t ret;
  40245. ret = mp_set_int(a, n);
  40246. if (ret != 0)
  40247. return WC_TEST_RET_ENC_EC(ret);
  40248. ret = mp_unsigned_bin_size(a);
  40249. if (ret != sizeof(exp))
  40250. return WC_TEST_RET_ENC_NC;
  40251. ret = mp_to_unsigned_bin(a, out);
  40252. if (ret != 0)
  40253. return WC_TEST_RET_ENC_EC(ret);
  40254. if (XMEMCMP(exp, out, sizeof(exp)) != 0)
  40255. return WC_TEST_RET_ENC_NC;
  40256. return 0;
  40257. }
  40258. #endif
  40259. #if defined(WOLFSSL_SP_MATH) || defined(WOLFSSL_SP_MATH_ALL)
  40260. static wc_test_ret_t mp_test_param(mp_int* a, mp_int* b, mp_int* r, WC_RNG* rng)
  40261. {
  40262. byte buffer[16];
  40263. #if defined(HAVE_ECC) || defined(WOLFSSL_SP_MATH_ALL)
  40264. char hexStr[] = "abcdef0123456789";
  40265. #ifndef WOLFSSL_SP_INT_NEGATIVE
  40266. char negStr[] = "-1234";
  40267. #endif
  40268. #endif
  40269. #if !defined(WOLFSSL_SP_MATH_ALL) || defined(WOLFSSL_KEY_GEN) || \
  40270. defined(HAVE_COMP_KEY)
  40271. char decStr[] = "0987654321";
  40272. #endif
  40273. wc_test_ret_t ret;
  40274. #ifdef WOLFSSL_SP_MATH_ALL
  40275. mp_digit rho;
  40276. int size;
  40277. #endif
  40278. #if defined(WOLFSSL_SP_MATH_ALL) || defined(WOLFSSL_HAVE_SP_DH)
  40279. int result;
  40280. #endif
  40281. #if (defined(HAVE_ECC) && defined(HAVE_COMP_KEY)) || \
  40282. (defined(OPENSSL_EXTRA) && defined(WOLFSSL_KEY_GEN))
  40283. mp_digit rd;
  40284. #endif
  40285. (void)rng;
  40286. (void)r;
  40287. ret = mp_init(NULL);
  40288. if (ret != MP_VAL)
  40289. return WC_TEST_RET_ENC_EC(ret);
  40290. #if !defined(WOLFSSL_RSA_PUBLIC_ONLY) || (!defined(NO_DH) || defined(HAVE_ECC))
  40291. ret = mp_init_multi(NULL, NULL, NULL, NULL, NULL, NULL);
  40292. if (ret != MP_OKAY)
  40293. return WC_TEST_RET_ENC_EC(ret);
  40294. #endif
  40295. mp_free(NULL);
  40296. #if !defined(WOLFSSL_RSA_VERIFY_ONLY) || !defined(NO_DH) || defined(HAVE_ECC)
  40297. ret = mp_grow(NULL, 1);
  40298. if (ret != MP_VAL)
  40299. return WC_TEST_RET_ENC_EC(ret);
  40300. #ifdef WOLFSSL_SP_MATH
  40301. ret = mp_grow(a, SP_INT_DIGITS + 1);
  40302. if (ret != MP_MEM)
  40303. return WC_TEST_RET_ENC_EC(ret);
  40304. #endif
  40305. #endif
  40306. mp_clear(NULL);
  40307. ret = mp_abs(NULL, NULL);
  40308. if (ret != MP_VAL)
  40309. return WC_TEST_RET_ENC_EC(ret);
  40310. ret = mp_abs(a, NULL);
  40311. if (ret != MP_VAL)
  40312. return WC_TEST_RET_ENC_EC(ret);
  40313. ret = mp_abs(NULL, b);
  40314. if (ret != MP_VAL)
  40315. return WC_TEST_RET_ENC_EC(ret);
  40316. ret = mp_unsigned_bin_size(NULL);
  40317. if (ret != 0)
  40318. return WC_TEST_RET_ENC_EC(ret);
  40319. ret = mp_read_unsigned_bin(NULL, NULL, sizeof(buffer));
  40320. if (ret != MP_VAL)
  40321. return WC_TEST_RET_ENC_EC(ret);
  40322. ret = mp_read_unsigned_bin(NULL, buffer, sizeof(buffer));
  40323. if (ret != MP_VAL)
  40324. return WC_TEST_RET_ENC_EC(ret);
  40325. ret = mp_read_unsigned_bin(a, NULL, sizeof(buffer));
  40326. if (ret != MP_VAL)
  40327. return WC_TEST_RET_ENC_EC(ret);
  40328. ret = mp_read_unsigned_bin(a, buffer, SP_INT_DIGITS * SP_WORD_SIZEOF + 1);
  40329. if (ret != MP_VAL)
  40330. return WC_TEST_RET_ENC_EC(ret);
  40331. #if defined(HAVE_ECC) || defined(WOLFSSL_SP_MATH_ALL)
  40332. ret = mp_read_radix(NULL, NULL, 16);
  40333. if (ret != MP_VAL)
  40334. return WC_TEST_RET_ENC_EC(ret);
  40335. ret = mp_read_radix(a, NULL, 16);
  40336. if (ret != MP_VAL)
  40337. return WC_TEST_RET_ENC_EC(ret);
  40338. ret = mp_read_radix(NULL, hexStr, 16);
  40339. if (ret != MP_VAL)
  40340. return WC_TEST_RET_ENC_EC(ret);
  40341. #ifndef WOLFSSL_SP_INT_NEGATIVE
  40342. ret = mp_read_radix(a, negStr, 16);
  40343. if (ret != MP_VAL)
  40344. return WC_TEST_RET_ENC_EC(ret);
  40345. #ifdef WOLFSSL_SP_MATH_ALL
  40346. ret = mp_read_radix(a, negStr, 10);
  40347. if (ret != MP_VAL)
  40348. return WC_TEST_RET_ENC_EC(ret);
  40349. #endif /* WOLFSSL_SP_MATH_ALL */
  40350. #endif /* WOLFSSL_SP_INT_NEGATIVE */
  40351. #endif
  40352. #ifndef WOLFSSL_SP_MATH_ALL
  40353. /* Radix 10 only supported with ALL. */
  40354. ret = mp_read_radix(a, decStr, 10);
  40355. if (ret != MP_VAL)
  40356. return WC_TEST_RET_ENC_EC(ret);
  40357. #endif
  40358. /* Radix 8 not supported SP_INT. */
  40359. ret = mp_read_radix(a, "0123", 8);
  40360. if (ret != MP_VAL)
  40361. return WC_TEST_RET_ENC_EC(ret);
  40362. ret = mp_count_bits(NULL);
  40363. if (ret != 0)
  40364. return WC_TEST_RET_ENC_EC(ret);
  40365. ret = mp_is_bit_set(NULL, 0);
  40366. if (ret != 0)
  40367. return WC_TEST_RET_ENC_EC(ret);
  40368. ret = mp_leading_bit(NULL);
  40369. if (ret != 0)
  40370. return WC_TEST_RET_ENC_EC(ret);
  40371. mp_zero(a);
  40372. ret = mp_leading_bit(a);
  40373. if (ret != 0)
  40374. return WC_TEST_RET_ENC_EC(ret);
  40375. #if defined(WOLFSSL_SP_MATH_ALL) || defined(WOLFSSL_HAVE_SP_DH) || \
  40376. defined(HAVE_ECC) || defined(WOLFSSL_KEY_GEN) || defined(OPENSSL_EXTRA) || \
  40377. !defined(NO_RSA)
  40378. ret = mp_set_bit(NULL, 1);
  40379. if (ret != MP_VAL)
  40380. return WC_TEST_RET_ENC_EC(ret);
  40381. #endif
  40382. #if !defined(NO_DH) || defined(HAVE_ECC) || defined(WC_RSA_BLINDING) || \
  40383. !defined(WOLFSSL_RSA_VERIFY_ONLY)
  40384. ret = mp_to_unsigned_bin(NULL, NULL);
  40385. if (ret != MP_VAL)
  40386. return WC_TEST_RET_ENC_EC(ret);
  40387. ret = mp_to_unsigned_bin(a, NULL);
  40388. if (ret != MP_VAL)
  40389. return WC_TEST_RET_ENC_EC(ret);
  40390. ret = mp_to_unsigned_bin(NULL, buffer);
  40391. if (ret != MP_VAL)
  40392. return WC_TEST_RET_ENC_EC(ret);
  40393. #endif
  40394. ret = mp_to_unsigned_bin_len(NULL, NULL, 1);
  40395. if (ret != MP_VAL)
  40396. return WC_TEST_RET_ENC_EC(ret);
  40397. ret = mp_to_unsigned_bin_len(a, NULL, 1);
  40398. if (ret != MP_VAL)
  40399. return WC_TEST_RET_ENC_EC(ret);
  40400. ret = mp_to_unsigned_bin_len(NULL, buffer, 1);
  40401. if (ret != MP_VAL)
  40402. return WC_TEST_RET_ENC_EC(ret);
  40403. #if defined(WOLFSSL_SP_MATH_ALL) && !defined(NO_RSA) && \
  40404. !defined(WOLFSSL_RSA_VERIFY_ONLY)
  40405. ret = mp_to_unsigned_bin_at_pos(0, NULL, NULL);
  40406. if (ret != MP_VAL)
  40407. return WC_TEST_RET_ENC_EC(ret);
  40408. ret = mp_to_unsigned_bin_at_pos(0, a, NULL);
  40409. if (ret != MP_VAL)
  40410. return WC_TEST_RET_ENC_EC(ret);
  40411. ret = mp_to_unsigned_bin_at_pos(0, NULL, buffer);
  40412. if (ret != MP_VAL)
  40413. return WC_TEST_RET_ENC_EC(ret);
  40414. ret = mp_to_unsigned_bin_at_pos(0, a, buffer);
  40415. if (ret != MP_OKAY)
  40416. return WC_TEST_RET_ENC_EC(ret);
  40417. #endif
  40418. #if !defined(WOLFSSL_RSA_VERIFY_ONLY) || (!defined(NO_DH) || defined(HAVE_ECC))
  40419. ret = mp_copy(NULL, NULL);
  40420. if (ret != MP_VAL)
  40421. return WC_TEST_RET_ENC_EC(ret);
  40422. ret = mp_copy(a, NULL);
  40423. if (ret != MP_VAL)
  40424. return WC_TEST_RET_ENC_EC(ret);
  40425. ret = mp_copy(NULL, b);
  40426. if (ret != MP_VAL)
  40427. return WC_TEST_RET_ENC_EC(ret);
  40428. #endif
  40429. #if defined(WOLFSSL_KEY_GEN) || !defined(NO_DH)
  40430. ret = sp_2expt(NULL, 1);
  40431. if (ret != MP_VAL)
  40432. return WC_TEST_RET_ENC_EC(ret);
  40433. #endif
  40434. ret = mp_set(NULL, 0);
  40435. if (ret != MP_VAL)
  40436. return WC_TEST_RET_ENC_EC(ret);
  40437. ret = mp_cmp_d(NULL, 0);
  40438. if (ret != MP_LT)
  40439. return WC_TEST_RET_ENC_EC(ret);
  40440. ret = mp_cmp(NULL, NULL);
  40441. if (ret != MP_EQ)
  40442. return WC_TEST_RET_ENC_NC;
  40443. ret = mp_cmp(a, NULL);
  40444. if (ret != MP_GT)
  40445. return WC_TEST_RET_ENC_NC;
  40446. ret = mp_cmp(NULL, b);
  40447. if (ret != MP_LT)
  40448. return WC_TEST_RET_ENC_NC;
  40449. #ifdef WOLFSSL_SP_MATH_ALL
  40450. mp_rshd(NULL, 1);
  40451. #endif
  40452. mp_zero(NULL);
  40453. #if !defined(NO_DH) || defined(HAVE_ECC) || defined(WC_RSA_BLINDING) || \
  40454. !defined(WOLFSSL_RSA_VERIFY_ONLY)
  40455. ret = mp_lshd(NULL, 0);
  40456. if (ret != MP_VAL)
  40457. return WC_TEST_RET_ENC_EC(ret);
  40458. ret = mp_lshd(a, SP_INT_DIGITS + 1);
  40459. if (ret != MP_VAL)
  40460. return WC_TEST_RET_ENC_EC(ret);
  40461. #endif
  40462. #if defined(WOLFSSL_SP_MATH_ALL)
  40463. ret = mp_div(NULL, NULL, a, b);
  40464. if (ret != MP_VAL)
  40465. return WC_TEST_RET_ENC_EC(ret);
  40466. ret = mp_div(a, NULL, a, b);
  40467. if (ret != MP_VAL)
  40468. return WC_TEST_RET_ENC_EC(ret);
  40469. ret = mp_div(NULL, b, a, b);
  40470. if (ret != MP_VAL)
  40471. return WC_TEST_RET_ENC_EC(ret);
  40472. ret = mp_div(a, b, NULL, NULL);
  40473. if (ret != MP_VAL)
  40474. return WC_TEST_RET_ENC_EC(ret);
  40475. #endif
  40476. #if defined(WOLFSSL_SP_MATH_ALL) || !defined(NO_DH) || defined(HAVE_ECC) || \
  40477. (!defined(NO_RSA) && !defined(WOLFSSL_RSA_VERIFY_ONLY))
  40478. ret = mp_mod(NULL, NULL, NULL);
  40479. if (ret != MP_VAL)
  40480. return WC_TEST_RET_ENC_EC(ret);
  40481. ret = mp_mod(a, NULL, NULL);
  40482. if (ret != MP_VAL)
  40483. return WC_TEST_RET_ENC_EC(ret);
  40484. ret = mp_mod(NULL, b, NULL);
  40485. if (ret != MP_VAL)
  40486. return WC_TEST_RET_ENC_EC(ret);
  40487. ret = mp_mod(NULL, NULL, r);
  40488. if (ret != MP_VAL)
  40489. return WC_TEST_RET_ENC_EC(ret);
  40490. ret = mp_mod(a, b, NULL);
  40491. if (ret != MP_VAL)
  40492. return WC_TEST_RET_ENC_EC(ret);
  40493. ret = mp_mod(a, NULL, r);
  40494. if (ret != MP_VAL)
  40495. return WC_TEST_RET_ENC_EC(ret);
  40496. ret = mp_mod(NULL, b, r);
  40497. if (ret != MP_VAL)
  40498. return WC_TEST_RET_ENC_EC(ret);
  40499. #endif
  40500. #if !defined(NO_RSA) || defined(WOLFSSL_SP_MATH_ALL)
  40501. ret = mp_set_int(NULL, 0);
  40502. if (ret != MP_VAL)
  40503. return WC_TEST_RET_ENC_EC(ret);
  40504. #endif
  40505. #if !defined(NO_RSA) || !defined(NO_DSA) || !defined(NO_DH) || \
  40506. (defined(HAVE_ECC) && defined(HAVE_COMP_KEY)) || defined(OPENSSL_EXTRA)
  40507. ret = mp_exptmod_ex(NULL, NULL, 1, NULL, NULL);
  40508. if (ret != MP_VAL)
  40509. return WC_TEST_RET_ENC_EC(ret);
  40510. ret = mp_exptmod_ex(a, NULL, 1, NULL, NULL);
  40511. if (ret != MP_VAL)
  40512. return WC_TEST_RET_ENC_EC(ret);
  40513. ret = mp_exptmod_ex(NULL, a, 1, NULL, NULL);
  40514. if (ret != MP_VAL)
  40515. return WC_TEST_RET_ENC_EC(ret);
  40516. ret = mp_exptmod_ex(NULL, NULL, 1, a, NULL);
  40517. if (ret != MP_VAL)
  40518. return WC_TEST_RET_ENC_EC(ret);
  40519. ret = mp_exptmod_ex(NULL, NULL, 1, NULL, a);
  40520. if (ret != MP_VAL)
  40521. return WC_TEST_RET_ENC_EC(ret);
  40522. ret = mp_exptmod_ex(a, a, 1, a, NULL);
  40523. if (ret != MP_VAL)
  40524. return WC_TEST_RET_ENC_EC(ret);
  40525. ret = mp_exptmod_ex(a, a, 1, NULL, a);
  40526. if (ret != MP_VAL)
  40527. return WC_TEST_RET_ENC_EC(ret);
  40528. ret = mp_exptmod_ex(a, NULL, 1, a, a);
  40529. if (ret != MP_VAL)
  40530. return WC_TEST_RET_ENC_EC(ret);
  40531. ret = mp_exptmod_ex(NULL, a, 1, a, a);
  40532. if (ret != MP_VAL)
  40533. return WC_TEST_RET_ENC_EC(ret);
  40534. ret = mp_exptmod_nct(NULL, NULL, NULL, NULL);
  40535. if (ret != MP_VAL)
  40536. return WC_TEST_RET_ENC_EC(ret);
  40537. ret = mp_exptmod_nct(a, NULL, NULL, NULL);
  40538. if (ret != MP_VAL)
  40539. return WC_TEST_RET_ENC_EC(ret);
  40540. ret = mp_exptmod_nct(NULL, a, NULL, NULL);
  40541. if (ret != MP_VAL)
  40542. return WC_TEST_RET_ENC_EC(ret);
  40543. ret = mp_exptmod_nct(NULL, NULL, a, NULL);
  40544. if (ret != MP_VAL)
  40545. return WC_TEST_RET_ENC_EC(ret);
  40546. ret = mp_exptmod_nct(NULL, NULL, NULL, a);
  40547. if (ret != MP_VAL)
  40548. return WC_TEST_RET_ENC_EC(ret);
  40549. ret = mp_exptmod_nct(a, a, a, NULL);
  40550. if (ret != MP_VAL)
  40551. return WC_TEST_RET_ENC_EC(ret);
  40552. ret = mp_exptmod_nct(a, a, NULL, a);
  40553. if (ret != MP_VAL)
  40554. return WC_TEST_RET_ENC_EC(ret);
  40555. ret = mp_exptmod_nct(a, NULL, a, a);
  40556. if (ret != MP_VAL)
  40557. return WC_TEST_RET_ENC_EC(ret);
  40558. ret = mp_exptmod_nct(NULL, a, a, a);
  40559. if (ret != MP_VAL)
  40560. return WC_TEST_RET_ENC_EC(ret);
  40561. #endif
  40562. #if defined(WOLFSSL_KEY_GEN) && (!defined(NO_DH) || !defined(NO_DSA)) && \
  40563. !defined(WC_NO_RNG)
  40564. ret = mp_rand_prime(NULL, 32, NULL, NULL);
  40565. if (ret != MP_VAL)
  40566. return WC_TEST_RET_ENC_EC(ret);
  40567. ret = mp_rand_prime(a, 32, NULL, NULL);
  40568. if (ret != MP_VAL)
  40569. return WC_TEST_RET_ENC_EC(ret);
  40570. ret = mp_rand_prime(NULL, 32, rng, NULL);
  40571. if (ret != MP_VAL)
  40572. return WC_TEST_RET_ENC_EC(ret);
  40573. ret = mp_rand_prime(a, 0, rng, NULL);
  40574. if (ret != MP_VAL)
  40575. return WC_TEST_RET_ENC_EC(ret);
  40576. #endif
  40577. #if defined(WOLFSSL_SP_MATH_ALL) && !defined(WOLFSSL_RSA_VERIFY_ONLY)
  40578. ret = mp_mul(NULL, NULL, NULL);
  40579. if (ret != MP_VAL)
  40580. return WC_TEST_RET_ENC_EC(ret);
  40581. ret = mp_mul(a, NULL, NULL);
  40582. if (ret != MP_VAL)
  40583. return WC_TEST_RET_ENC_EC(ret);
  40584. ret = mp_mul(NULL, b, NULL);
  40585. if (ret != MP_VAL)
  40586. return WC_TEST_RET_ENC_EC(ret);
  40587. ret = mp_mul(NULL, NULL, r);
  40588. if (ret != MP_VAL)
  40589. return WC_TEST_RET_ENC_EC(ret);
  40590. ret = mp_mul(a, b, NULL);
  40591. if (ret != MP_VAL)
  40592. return WC_TEST_RET_ENC_EC(ret);
  40593. ret = mp_mul(a, NULL, r);
  40594. if (ret != MP_VAL)
  40595. return WC_TEST_RET_ENC_EC(ret);
  40596. ret = mp_mul(NULL, b, r);
  40597. if (ret != MP_VAL)
  40598. return WC_TEST_RET_ENC_EC(ret);
  40599. #endif
  40600. #if defined(WOLFSSL_SP_MATH_ALL) || defined(WOLFSSL_HAVE_SP_DH) || \
  40601. defined(HAVE_ECC) || (!defined(NO_RSA) && !defined(WOLFSSL_RSA_VERIFY_ONLY))
  40602. ret = mp_sqr(NULL, NULL);
  40603. if (ret != MP_VAL)
  40604. return WC_TEST_RET_ENC_EC(ret);
  40605. ret = mp_sqr(a, NULL);
  40606. if (ret != MP_VAL)
  40607. return WC_TEST_RET_ENC_EC(ret);
  40608. ret = mp_sqr(NULL, r);
  40609. if (ret != MP_VAL)
  40610. return WC_TEST_RET_ENC_EC(ret);
  40611. #endif
  40612. #if !defined(WOLFSSL_RSA_VERIFY_ONLY)
  40613. ret = mp_sqrmod(NULL, NULL, NULL);
  40614. if (ret != MP_VAL)
  40615. return WC_TEST_RET_ENC_EC(ret);
  40616. ret = mp_sqrmod(a, NULL, NULL);
  40617. if (ret != MP_VAL)
  40618. return WC_TEST_RET_ENC_EC(ret);
  40619. ret = mp_sqrmod(NULL, a, NULL);
  40620. if (ret != MP_VAL)
  40621. return WC_TEST_RET_ENC_EC(ret);
  40622. ret = mp_sqrmod(NULL, NULL, a);
  40623. if (ret != MP_VAL)
  40624. return WC_TEST_RET_ENC_EC(ret);
  40625. ret = mp_sqrmod(a, b, NULL);
  40626. if (ret != MP_VAL)
  40627. return WC_TEST_RET_ENC_EC(ret);
  40628. ret = mp_sqrmod(a, NULL, b);
  40629. if (ret != MP_VAL)
  40630. return WC_TEST_RET_ENC_EC(ret);
  40631. ret = mp_sqrmod(NULL, a, b);
  40632. if (ret != MP_VAL)
  40633. return WC_TEST_RET_ENC_EC(ret);
  40634. ret = mp_mulmod(NULL, NULL, NULL, NULL);
  40635. if (ret != MP_VAL)
  40636. return WC_TEST_RET_ENC_EC(ret);
  40637. ret = mp_mulmod(a, NULL, NULL, NULL);
  40638. if (ret != MP_VAL)
  40639. return WC_TEST_RET_ENC_EC(ret);
  40640. ret = mp_mulmod(NULL, a, NULL, NULL);
  40641. if (ret != MP_VAL)
  40642. return WC_TEST_RET_ENC_EC(ret);
  40643. ret = mp_mulmod(NULL, NULL, a, NULL);
  40644. if (ret != MP_VAL)
  40645. return WC_TEST_RET_ENC_EC(ret);
  40646. ret = mp_mulmod(NULL, NULL, NULL, a);
  40647. if (ret != MP_VAL)
  40648. return WC_TEST_RET_ENC_EC(ret);
  40649. ret = mp_mulmod(a, b, b, NULL);
  40650. if (ret != MP_VAL)
  40651. return WC_TEST_RET_ENC_EC(ret);
  40652. ret = mp_mulmod(a, b, NULL, a);
  40653. if (ret != MP_VAL)
  40654. return WC_TEST_RET_ENC_EC(ret);
  40655. ret = mp_mulmod(a, NULL, b, a);
  40656. if (ret != MP_VAL)
  40657. return WC_TEST_RET_ENC_EC(ret);
  40658. ret = mp_mulmod(NULL, b, b, a);
  40659. if (ret != MP_VAL)
  40660. return WC_TEST_RET_ENC_EC(ret);
  40661. #endif
  40662. #if !defined(NO_PWDBASED) || defined(WOLFSSL_KEY_GEN) || !defined(NO_DH) || \
  40663. !defined(NO_RSA) || !defined(NO_DSA)
  40664. ret = mp_add_d(NULL, 1, NULL);
  40665. if (ret != MP_VAL)
  40666. return WC_TEST_RET_ENC_EC(ret);
  40667. ret = mp_add_d(a, 1, NULL);
  40668. if (ret != MP_VAL)
  40669. return WC_TEST_RET_ENC_EC(ret);
  40670. ret = mp_add_d(NULL, 1, b);
  40671. if (ret != MP_VAL)
  40672. return WC_TEST_RET_ENC_EC(ret);
  40673. #endif
  40674. #if (!defined(NO_RSA) && !defined(WOLFSSL_RSA_VERIFY_ONLY)) || \
  40675. !defined(NO_DH) || defined(HAVE_ECC) || !defined(NO_DSA)
  40676. ret = mp_sub_d(NULL, 1, NULL);
  40677. if (ret != MP_VAL)
  40678. return WC_TEST_RET_ENC_EC(ret);
  40679. ret = mp_sub_d(a, 1, NULL);
  40680. if (ret != MP_VAL)
  40681. return WC_TEST_RET_ENC_EC(ret);
  40682. ret = mp_sub_d(NULL, 1, b);
  40683. if (ret != MP_VAL)
  40684. return WC_TEST_RET_ENC_EC(ret);
  40685. #endif
  40686. #if (defined(WOLFSSL_SP_MATH_ALL) && !defined(WOLFSSL_RSA_VERIFY_ONLY)) || \
  40687. defined(WOLFSSL_KEY_GEN) || defined(HAVE_COMP_KEY)
  40688. ret = mp_div_d(NULL, 0, NULL, NULL);
  40689. if (ret != MP_VAL)
  40690. return WC_TEST_RET_ENC_EC(ret);
  40691. ret = mp_div_d(a, 0, NULL, NULL);
  40692. if (ret != MP_VAL)
  40693. return WC_TEST_RET_ENC_EC(ret);
  40694. ret = mp_div_d(NULL, 1, NULL, NULL);
  40695. if (ret != MP_VAL)
  40696. return WC_TEST_RET_ENC_EC(ret);
  40697. #endif
  40698. #if (defined(HAVE_ECC) && defined(HAVE_COMP_KEY)) || \
  40699. (defined(OPENSSL_EXTRA) && defined(WOLFSSL_KEY_GEN))
  40700. ret = mp_mod_d(NULL, 0, NULL);
  40701. if (ret != MP_VAL)
  40702. return WC_TEST_RET_ENC_EC(ret);
  40703. ret = mp_mod_d(a, 0, NULL);
  40704. if (ret != MP_VAL)
  40705. return WC_TEST_RET_ENC_EC(ret);
  40706. ret = mp_mod_d(NULL, 0, &rd);
  40707. if (ret != MP_VAL)
  40708. return WC_TEST_RET_ENC_EC(ret);
  40709. #endif
  40710. #if defined(WOLFSSL_SP_MATH_ALL) && !defined(NO_RSA) && defined(WOLFSSL_KEY_GEN)
  40711. ret = mp_gcd(NULL, NULL, NULL);
  40712. if (ret != MP_VAL)
  40713. return WC_TEST_RET_ENC_EC(ret);
  40714. ret = mp_gcd(a, NULL, NULL);
  40715. if (ret != MP_VAL)
  40716. return WC_TEST_RET_ENC_EC(ret);
  40717. ret = mp_gcd(NULL, a, NULL);
  40718. if (ret != MP_VAL)
  40719. return WC_TEST_RET_ENC_EC(ret);
  40720. ret = mp_gcd(NULL, NULL, a);
  40721. if (ret != MP_VAL)
  40722. return WC_TEST_RET_ENC_EC(ret);
  40723. ret = mp_gcd(a, b, NULL);
  40724. if (ret != MP_VAL)
  40725. return WC_TEST_RET_ENC_EC(ret);
  40726. ret = mp_gcd(a, NULL, b);
  40727. if (ret != MP_VAL)
  40728. return WC_TEST_RET_ENC_EC(ret);
  40729. ret = mp_gcd(NULL, a, b);
  40730. if (ret != MP_VAL)
  40731. return WC_TEST_RET_ENC_EC(ret);
  40732. #endif
  40733. #if !defined(WOLFSSL_SP_MATH) && defined(HAVE_ECC)
  40734. ret = mp_div_2_mod_ct(NULL, NULL, NULL);
  40735. if (ret != MP_VAL)
  40736. return WC_TEST_RET_ENC_EC(ret);
  40737. ret = mp_div_2_mod_ct(a, NULL, NULL);
  40738. if (ret != MP_VAL)
  40739. return WC_TEST_RET_ENC_EC(ret);
  40740. ret = mp_div_2_mod_ct(NULL, b, NULL);
  40741. if (ret != MP_VAL)
  40742. return WC_TEST_RET_ENC_EC(ret);
  40743. ret = mp_div_2_mod_ct(NULL, NULL, a);
  40744. if (ret != MP_VAL)
  40745. return WC_TEST_RET_ENC_EC(ret);
  40746. ret = mp_div_2_mod_ct(a, b, NULL);
  40747. if (ret != MP_VAL)
  40748. return WC_TEST_RET_ENC_EC(ret);
  40749. ret = mp_div_2_mod_ct(a, b, NULL);
  40750. if (ret != MP_VAL)
  40751. return WC_TEST_RET_ENC_EC(ret);
  40752. ret = mp_div_2_mod_ct(NULL, b, a);
  40753. if (ret != MP_VAL)
  40754. return WC_TEST_RET_ENC_EC(ret);
  40755. ret = mp_div_2(NULL, NULL);
  40756. if (ret != MP_VAL)
  40757. return WC_TEST_RET_ENC_EC(ret);
  40758. ret = mp_div_2(a, NULL);
  40759. if (ret != MP_VAL)
  40760. return WC_TEST_RET_ENC_EC(ret);
  40761. ret = mp_div_2(NULL, a);
  40762. if (ret != MP_VAL)
  40763. return WC_TEST_RET_ENC_EC(ret);
  40764. #endif
  40765. #if (!defined(NO_RSA) && !defined(WOLFSSL_RSA_VERIFY_ONLY)) || \
  40766. defined(HAVE_ECC) || !defined(NO_DSA) || defined(OPENSSL_EXTRA)
  40767. ret = mp_invmod(NULL, NULL, NULL);
  40768. if (ret != MP_VAL)
  40769. return WC_TEST_RET_ENC_EC(ret);
  40770. ret = mp_invmod(a, NULL, NULL);
  40771. if (ret != MP_VAL)
  40772. return WC_TEST_RET_ENC_EC(ret);
  40773. ret = mp_invmod(NULL, b, NULL);
  40774. if (ret != MP_VAL)
  40775. return WC_TEST_RET_ENC_EC(ret);
  40776. ret = mp_invmod(NULL, NULL, a);
  40777. if (ret != MP_VAL)
  40778. return WC_TEST_RET_ENC_EC(ret);
  40779. ret = mp_invmod(a, b, NULL);
  40780. if (ret != MP_VAL)
  40781. return WC_TEST_RET_ENC_EC(ret);
  40782. ret = mp_invmod(a, NULL, a);
  40783. if (ret != MP_VAL)
  40784. return WC_TEST_RET_ENC_EC(ret);
  40785. ret = mp_invmod(NULL, b, a);
  40786. if (ret != MP_VAL)
  40787. return WC_TEST_RET_ENC_EC(ret);
  40788. #endif
  40789. #if !defined(WOLFSSL_SP_MATH) && defined(HAVE_ECC)
  40790. ret = mp_invmod_mont_ct(NULL, NULL, NULL, 1);
  40791. if (ret != MP_VAL)
  40792. return WC_TEST_RET_ENC_EC(ret);
  40793. ret = mp_invmod_mont_ct(a, NULL, NULL, 1);
  40794. if (ret != MP_VAL)
  40795. return WC_TEST_RET_ENC_EC(ret);
  40796. ret = mp_invmod_mont_ct(NULL, b, NULL, 1);
  40797. if (ret != MP_VAL)
  40798. return WC_TEST_RET_ENC_EC(ret);
  40799. ret = mp_invmod_mont_ct(NULL, NULL, a, 1);
  40800. if (ret != MP_VAL)
  40801. return WC_TEST_RET_ENC_EC(ret);
  40802. ret = mp_invmod_mont_ct(a, b, NULL, 1);
  40803. if (ret != MP_VAL)
  40804. return WC_TEST_RET_ENC_EC(ret);
  40805. ret = mp_invmod_mont_ct(a, NULL, a, 1);
  40806. if (ret != MP_VAL)
  40807. return WC_TEST_RET_ENC_EC(ret);
  40808. ret = mp_invmod_mont_ct(NULL, b, a, 1);
  40809. if (ret != MP_VAL)
  40810. return WC_TEST_RET_ENC_EC(ret);
  40811. #endif
  40812. #if !defined(NO_RSA) && defined(WOLFSSL_KEY_GEN) && !defined(WC_RSA_BLINDING)
  40813. ret = mp_lcm(NULL, NULL, NULL);
  40814. if (ret != MP_VAL)
  40815. return WC_TEST_RET_ENC_EC(ret);
  40816. ret = mp_lcm(a, NULL, NULL);
  40817. if (ret != MP_VAL)
  40818. return WC_TEST_RET_ENC_EC(ret);
  40819. ret = mp_lcm(NULL, b, NULL);
  40820. if (ret != MP_VAL)
  40821. return WC_TEST_RET_ENC_EC(ret);
  40822. ret = mp_lcm(NULL, NULL, a);
  40823. if (ret != MP_VAL)
  40824. return WC_TEST_RET_ENC_EC(ret);
  40825. ret = mp_lcm(a, b, NULL);
  40826. if (ret != MP_VAL)
  40827. return WC_TEST_RET_ENC_EC(ret);
  40828. ret = mp_lcm(a, NULL, a);
  40829. if (ret != MP_VAL)
  40830. return WC_TEST_RET_ENC_EC(ret);
  40831. ret = mp_lcm(NULL, b, a);
  40832. if (ret != MP_VAL)
  40833. return WC_TEST_RET_ENC_EC(ret);
  40834. #endif
  40835. #if defined(WOLFSSL_SP_MATH_ALL) || defined(WOLFSSL_HAVE_SP_DH)
  40836. ret = mp_exptmod_ex(NULL, NULL, 1, NULL, NULL);
  40837. if (ret != MP_VAL)
  40838. return WC_TEST_RET_ENC_EC(ret);
  40839. ret = mp_exptmod_ex(a, NULL, 1, NULL, NULL);
  40840. if (ret != MP_VAL)
  40841. return WC_TEST_RET_ENC_EC(ret);
  40842. ret = mp_exptmod_ex(NULL, b, 1, NULL, NULL);
  40843. if (ret != MP_VAL)
  40844. return WC_TEST_RET_ENC_EC(ret);
  40845. ret = mp_exptmod_ex(NULL, NULL, 1, b, NULL);
  40846. if (ret != MP_VAL)
  40847. return WC_TEST_RET_ENC_EC(ret);
  40848. ret = mp_exptmod_ex(NULL, NULL, 1, NULL, a);
  40849. if (ret != MP_VAL)
  40850. return WC_TEST_RET_ENC_EC(ret);
  40851. ret = mp_exptmod_ex(a, b, 1, b, NULL);
  40852. if (ret != MP_VAL)
  40853. return WC_TEST_RET_ENC_EC(ret);
  40854. ret = mp_exptmod_ex(a, b, 1, NULL, a);
  40855. if (ret != MP_VAL)
  40856. return WC_TEST_RET_ENC_EC(ret);
  40857. ret = mp_exptmod_ex(a, NULL, 1, b, a);
  40858. if (ret != MP_VAL)
  40859. return WC_TEST_RET_ENC_EC(ret);
  40860. ret = mp_exptmod_ex(NULL, b, 1, b, a);
  40861. if (ret != MP_VAL)
  40862. return WC_TEST_RET_ENC_EC(ret);
  40863. ret = mp_exptmod(NULL, NULL, NULL, NULL);
  40864. if (ret != MP_VAL)
  40865. return WC_TEST_RET_ENC_EC(ret);
  40866. ret = mp_exptmod(a, NULL, NULL, NULL);
  40867. if (ret != MP_VAL)
  40868. return WC_TEST_RET_ENC_EC(ret);
  40869. ret = mp_exptmod(NULL, b, NULL, NULL);
  40870. if (ret != MP_VAL)
  40871. return WC_TEST_RET_ENC_EC(ret);
  40872. ret = mp_exptmod(NULL, NULL, b, NULL);
  40873. if (ret != MP_VAL)
  40874. return WC_TEST_RET_ENC_EC(ret);
  40875. ret = mp_exptmod(NULL, NULL, NULL, a);
  40876. if (ret != MP_VAL)
  40877. return WC_TEST_RET_ENC_EC(ret);
  40878. ret = mp_exptmod(a, b, b, NULL);
  40879. if (ret != MP_VAL)
  40880. return WC_TEST_RET_ENC_EC(ret);
  40881. ret = mp_exptmod(a, b, NULL, a);
  40882. if (ret != MP_VAL)
  40883. return WC_TEST_RET_ENC_EC(ret);
  40884. ret = mp_exptmod(a, NULL, b, a);
  40885. if (ret != MP_VAL)
  40886. return WC_TEST_RET_ENC_EC(ret);
  40887. ret = mp_exptmod(NULL, b, b, a);
  40888. if (ret != MP_VAL)
  40889. return WC_TEST_RET_ENC_EC(ret);
  40890. ret = mp_exptmod_nct(NULL, NULL, NULL, NULL);
  40891. if (ret != MP_VAL)
  40892. return WC_TEST_RET_ENC_EC(ret);
  40893. ret = mp_exptmod_nct(a, NULL, NULL, NULL);
  40894. if (ret != MP_VAL)
  40895. return WC_TEST_RET_ENC_EC(ret);
  40896. ret = mp_exptmod_nct(NULL, b, NULL, NULL);
  40897. if (ret != MP_VAL)
  40898. return WC_TEST_RET_ENC_EC(ret);
  40899. ret = mp_exptmod_nct(NULL, NULL, b, NULL);
  40900. if (ret != MP_VAL)
  40901. return WC_TEST_RET_ENC_EC(ret);
  40902. ret = mp_exptmod_nct(NULL, NULL, NULL, a);
  40903. if (ret != MP_VAL)
  40904. return WC_TEST_RET_ENC_EC(ret);
  40905. ret = mp_exptmod_nct(a, b, b, NULL);
  40906. if (ret != MP_VAL)
  40907. return WC_TEST_RET_ENC_EC(ret);
  40908. ret = mp_exptmod_nct(a, b, NULL, a);
  40909. if (ret != MP_VAL)
  40910. return WC_TEST_RET_ENC_EC(ret);
  40911. ret = mp_exptmod_nct(a, NULL, b, a);
  40912. if (ret != MP_VAL)
  40913. return WC_TEST_RET_ENC_EC(ret);
  40914. ret = mp_exptmod_nct(NULL, b, b, a);
  40915. if (ret != MP_VAL)
  40916. return WC_TEST_RET_ENC_EC(ret);
  40917. #endif
  40918. #if defined(HAVE_ECC) && defined(HAVE_COMP_KEY)
  40919. ret = mp_cnt_lsb(NULL);
  40920. if (ret != 0)
  40921. return WC_TEST_RET_ENC_EC(ret);
  40922. #endif
  40923. #if defined(WOLFSSL_SP_MATH_ALL) || defined(WOLFSSL_HAVE_SP_DH)
  40924. ret = mp_prime_is_prime(NULL, 1, NULL);
  40925. if (ret != MP_VAL)
  40926. return WC_TEST_RET_ENC_EC(ret);
  40927. ret = mp_prime_is_prime(a, 1, NULL);
  40928. if (ret != MP_VAL)
  40929. return WC_TEST_RET_ENC_EC(ret);
  40930. ret = mp_prime_is_prime(NULL, 1, &result);
  40931. if (ret != MP_VAL)
  40932. return WC_TEST_RET_ENC_EC(ret);
  40933. ret = mp_prime_is_prime(a, 0, &result);
  40934. if (ret != MP_VAL)
  40935. return WC_TEST_RET_ENC_EC(ret);
  40936. ret = mp_prime_is_prime(a, 1024, &result);
  40937. if (ret != MP_VAL)
  40938. return WC_TEST_RET_ENC_EC(ret);
  40939. ret = mp_prime_is_prime_ex(NULL, 1, NULL, NULL);
  40940. if (ret != MP_VAL)
  40941. return WC_TEST_RET_ENC_EC(ret);
  40942. ret = mp_prime_is_prime_ex(a, 1, NULL, NULL);
  40943. if (ret != MP_VAL)
  40944. return WC_TEST_RET_ENC_EC(ret);
  40945. ret = mp_prime_is_prime_ex(NULL, 1, &result, NULL);
  40946. if (ret != MP_VAL)
  40947. return WC_TEST_RET_ENC_EC(ret);
  40948. ret = mp_prime_is_prime_ex(NULL, 1, NULL, rng);
  40949. if (ret != MP_VAL)
  40950. return WC_TEST_RET_ENC_EC(ret);
  40951. ret = mp_prime_is_prime_ex(a, 1, &result, NULL);
  40952. if (ret != MP_VAL)
  40953. return WC_TEST_RET_ENC_EC(ret);
  40954. ret = mp_prime_is_prime_ex(a, 1, NULL, rng);
  40955. if (ret != MP_VAL)
  40956. return WC_TEST_RET_ENC_EC(ret);
  40957. ret = mp_prime_is_prime_ex(NULL, 1, &result, rng);
  40958. if (ret != MP_VAL)
  40959. return WC_TEST_RET_ENC_EC(ret);
  40960. #endif
  40961. #if defined(WOLFSSL_SP_MATH_ALL) || !defined(NO_DH) || !defined(NO_DSA)
  40962. ret = mp_exch(NULL, NULL);
  40963. if (ret != MP_VAL)
  40964. return WC_TEST_RET_ENC_EC(ret);
  40965. ret = mp_exch(a, NULL);
  40966. if (ret != MP_VAL)
  40967. return WC_TEST_RET_ENC_EC(ret);
  40968. ret = mp_exch(NULL, b);
  40969. if (ret != MP_VAL)
  40970. return WC_TEST_RET_ENC_EC(ret);
  40971. #endif
  40972. #if (defined(WOLFSSL_KEY_GEN) && !defined(NO_RSA)) || \
  40973. defined(WOLFSSL_SP_MATH_ALL)
  40974. ret = mp_mul_d(NULL, 1, NULL);
  40975. if (ret != MP_VAL)
  40976. return WC_TEST_RET_ENC_EC(ret);
  40977. ret = mp_mul_d(a, 1, NULL);
  40978. if (ret != MP_VAL)
  40979. return WC_TEST_RET_ENC_EC(ret);
  40980. ret = mp_mul_d(NULL, 1, b);
  40981. if (ret != MP_VAL)
  40982. return WC_TEST_RET_ENC_EC(ret);
  40983. #endif
  40984. #if !defined(WOLFSSL_RSA_VERIFY_ONLY)
  40985. ret = mp_add(NULL, NULL, NULL);
  40986. if (ret != MP_VAL)
  40987. return WC_TEST_RET_ENC_EC(ret);
  40988. ret = mp_add(a, NULL, NULL);
  40989. if (ret != MP_VAL)
  40990. return WC_TEST_RET_ENC_EC(ret);
  40991. ret = mp_add(NULL, b, NULL);
  40992. if (ret != MP_VAL)
  40993. return WC_TEST_RET_ENC_EC(ret);
  40994. ret = mp_add(NULL, NULL, r);
  40995. if (ret != MP_VAL)
  40996. return WC_TEST_RET_ENC_EC(ret);
  40997. ret = mp_add(a, b, NULL);
  40998. if (ret != MP_VAL)
  40999. return WC_TEST_RET_ENC_EC(ret);
  41000. ret = mp_add(a, NULL, r);
  41001. if (ret != MP_VAL)
  41002. return WC_TEST_RET_ENC_EC(ret);
  41003. ret = mp_add(NULL, b, r);
  41004. if (ret != MP_VAL)
  41005. return WC_TEST_RET_ENC_EC(ret);
  41006. #endif
  41007. #if defined(WOLFSSL_SP_MATH_ALL) || !defined(NO_DH) || defined(HAVE_ECC) || \
  41008. (!defined(NO_RSA) && !defined(WOLFSSL_RSA_VERIFY_ONLY))
  41009. ret = mp_sub(NULL, NULL, NULL);
  41010. if (ret != MP_VAL)
  41011. return WC_TEST_RET_ENC_EC(ret);
  41012. ret = mp_sub(a, NULL, NULL);
  41013. if (ret != MP_VAL)
  41014. return WC_TEST_RET_ENC_EC(ret);
  41015. ret = mp_sub(NULL, b, NULL);
  41016. if (ret != MP_VAL)
  41017. return WC_TEST_RET_ENC_EC(ret);
  41018. ret = mp_sub(NULL, NULL, r);
  41019. if (ret != MP_VAL)
  41020. return WC_TEST_RET_ENC_EC(ret);
  41021. ret = mp_sub(a, b, NULL);
  41022. if (ret != MP_VAL)
  41023. return WC_TEST_RET_ENC_EC(ret);
  41024. ret = mp_sub(a, NULL, r);
  41025. if (ret != MP_VAL)
  41026. return WC_TEST_RET_ENC_EC(ret);
  41027. ret = mp_sub(NULL, b, r);
  41028. if (ret != MP_VAL)
  41029. return WC_TEST_RET_ENC_EC(ret);
  41030. #endif
  41031. #if defined(WOLFSSL_SP_MATH_ALL) || (!defined(WOLFSSL_SP_MATH) && \
  41032. defined(WOLFSSL_CUSTOM_CURVES))
  41033. ret = mp_addmod(NULL, NULL, NULL, NULL);
  41034. if (ret != MP_VAL)
  41035. return WC_TEST_RET_ENC_EC(ret);
  41036. ret = mp_addmod(a, NULL, NULL, NULL);
  41037. if (ret != MP_VAL)
  41038. return WC_TEST_RET_ENC_EC(ret);
  41039. ret = mp_addmod(NULL, b, NULL, NULL);
  41040. if (ret != MP_VAL)
  41041. return WC_TEST_RET_ENC_EC(ret);
  41042. ret = mp_addmod(NULL, NULL, b, NULL);
  41043. if (ret != MP_VAL)
  41044. return WC_TEST_RET_ENC_EC(ret);
  41045. ret = mp_addmod(NULL, NULL, NULL, a);
  41046. if (ret != MP_VAL)
  41047. return WC_TEST_RET_ENC_EC(ret);
  41048. ret = mp_addmod(a, b, b, NULL);
  41049. if (ret != MP_VAL)
  41050. return WC_TEST_RET_ENC_EC(ret);
  41051. ret = mp_addmod(a, b, NULL, a);
  41052. if (ret != MP_VAL)
  41053. return WC_TEST_RET_ENC_EC(ret);
  41054. ret = mp_addmod(a, NULL, b, a);
  41055. if (ret != MP_VAL)
  41056. return WC_TEST_RET_ENC_EC(ret);
  41057. ret = mp_addmod(NULL, b, b, a);
  41058. if (ret != MP_VAL)
  41059. return WC_TEST_RET_ENC_EC(ret);
  41060. #endif
  41061. #ifdef WOLFSSL_SP_MATH_ALL
  41062. ret = mp_submod(NULL, NULL, NULL, NULL);
  41063. if (ret != MP_VAL)
  41064. return WC_TEST_RET_ENC_EC(ret);
  41065. ret = mp_submod(a, NULL, NULL, NULL);
  41066. if (ret != MP_VAL)
  41067. return WC_TEST_RET_ENC_EC(ret);
  41068. ret = mp_submod(NULL, b, NULL, NULL);
  41069. if (ret != MP_VAL)
  41070. return WC_TEST_RET_ENC_EC(ret);
  41071. ret = mp_submod(NULL, NULL, b, NULL);
  41072. if (ret != MP_VAL)
  41073. return WC_TEST_RET_ENC_EC(ret);
  41074. ret = mp_submod(NULL, NULL, NULL, a);
  41075. if (ret != MP_VAL)
  41076. return WC_TEST_RET_ENC_EC(ret);
  41077. ret = mp_submod(a, b, b, NULL);
  41078. if (ret != MP_VAL)
  41079. return WC_TEST_RET_ENC_EC(ret);
  41080. ret = mp_submod(a, b, NULL, a);
  41081. if (ret != MP_VAL)
  41082. return WC_TEST_RET_ENC_EC(ret);
  41083. ret = mp_submod(a, NULL, b, a);
  41084. if (ret != MP_VAL)
  41085. return WC_TEST_RET_ENC_EC(ret);
  41086. ret = mp_submod(NULL, b, b, a);
  41087. if (ret != MP_VAL)
  41088. return WC_TEST_RET_ENC_EC(ret);
  41089. #endif
  41090. #ifdef WOLFSSL_SP_MATH_ALL
  41091. ret = mp_div_2d(NULL, 1, a, b);
  41092. if (ret != MP_VAL)
  41093. return WC_TEST_RET_ENC_EC(ret);
  41094. ret = mp_mod_2d(NULL, 1, NULL);
  41095. if (ret != MP_VAL)
  41096. return WC_TEST_RET_ENC_EC(ret);
  41097. ret = mp_mod_2d(a, 1, NULL);
  41098. if (ret != MP_VAL)
  41099. return WC_TEST_RET_ENC_EC(ret);
  41100. ret = mp_mod_2d(NULL, 1, b);
  41101. if (ret != MP_VAL)
  41102. return WC_TEST_RET_ENC_EC(ret);
  41103. ret = mp_mul_2d(NULL, 1, NULL);
  41104. if (ret != MP_VAL)
  41105. return WC_TEST_RET_ENC_EC(ret);
  41106. ret = mp_mul_2d(a, 1, NULL);
  41107. if (ret != MP_VAL)
  41108. return WC_TEST_RET_ENC_EC(ret);
  41109. ret = mp_mul_2d(NULL, 1, b);
  41110. if (ret != MP_VAL)
  41111. return WC_TEST_RET_ENC_EC(ret);
  41112. #endif
  41113. #if defined(WOLFSSL_SP_MATH_ALL) || defined(WOLFSSL_HAVE_SP_DH) || \
  41114. defined(HAVE_ECC) || (!defined(NO_RSA) && !defined(WOLFSSL_RSA_VERIFY_ONLY))
  41115. ret = mp_montgomery_reduce(NULL, NULL, 1);
  41116. if (ret != MP_VAL)
  41117. return WC_TEST_RET_ENC_EC(ret);
  41118. ret = mp_montgomery_reduce(a, NULL, 1);
  41119. if (ret != MP_VAL)
  41120. return WC_TEST_RET_ENC_EC(ret);
  41121. ret = mp_montgomery_reduce(NULL, b, 1);
  41122. if (ret != MP_VAL)
  41123. return WC_TEST_RET_ENC_EC(ret);
  41124. mp_zero(b);
  41125. ret = mp_montgomery_reduce(a, b, 1);
  41126. if (ret != MP_VAL)
  41127. return WC_TEST_RET_ENC_EC(ret);
  41128. #endif
  41129. #ifdef WOLFSSL_SP_MATH_ALL
  41130. ret = mp_montgomery_setup(NULL, NULL);
  41131. if (ret != MP_VAL)
  41132. return WC_TEST_RET_ENC_EC(ret);
  41133. ret = mp_montgomery_setup(a, NULL);
  41134. if (ret != MP_VAL)
  41135. return WC_TEST_RET_ENC_EC(ret);
  41136. ret = mp_montgomery_setup(NULL, &rho);
  41137. if (ret != MP_VAL)
  41138. return WC_TEST_RET_ENC_EC(ret);
  41139. ret = mp_montgomery_calc_normalization(NULL, NULL);
  41140. if (ret != MP_VAL)
  41141. return WC_TEST_RET_ENC_EC(ret);
  41142. ret = mp_montgomery_calc_normalization(a, NULL);
  41143. if (ret != MP_VAL)
  41144. return WC_TEST_RET_ENC_EC(ret);
  41145. ret = mp_montgomery_calc_normalization(NULL, b);
  41146. if (ret != MP_VAL)
  41147. return WC_TEST_RET_ENC_EC(ret);
  41148. #endif
  41149. ret = mp_unsigned_bin_size(NULL);
  41150. if (ret != 0)
  41151. return WC_TEST_RET_ENC_EC(ret);
  41152. #if defined(WC_MP_TO_RADIX) || defined(WOLFSSL_SP_MATH_ALL)
  41153. ret = mp_tohex(NULL, NULL);
  41154. if (ret != MP_VAL)
  41155. return WC_TEST_RET_ENC_EC(ret);
  41156. ret = mp_tohex(a, NULL);
  41157. if (ret != MP_VAL)
  41158. return WC_TEST_RET_ENC_EC(ret);
  41159. ret = mp_tohex(NULL, hexStr);
  41160. if (ret != MP_VAL)
  41161. return WC_TEST_RET_ENC_EC(ret);
  41162. #endif
  41163. #if defined(WOLFSSL_KEY_GEN) || defined(HAVE_COMP_KEY)
  41164. ret = mp_todecimal(NULL, NULL);
  41165. if (ret != MP_VAL)
  41166. return WC_TEST_RET_ENC_EC(ret);
  41167. ret = mp_todecimal(a, NULL);
  41168. if (ret != MP_VAL)
  41169. return WC_TEST_RET_ENC_EC(ret);
  41170. ret = mp_todecimal(NULL, decStr);
  41171. if (ret != MP_VAL)
  41172. return WC_TEST_RET_ENC_EC(ret);
  41173. #endif
  41174. #ifdef WOLFSSL_SP_MATH_ALL
  41175. ret = mp_toradix(NULL, NULL, MP_RADIX_HEX);
  41176. if (ret != MP_VAL)
  41177. return WC_TEST_RET_ENC_EC(ret);
  41178. ret = mp_toradix(a, NULL, MP_RADIX_HEX);
  41179. if (ret != MP_VAL)
  41180. return WC_TEST_RET_ENC_EC(ret);
  41181. ret = mp_toradix(NULL, hexStr, MP_RADIX_HEX);
  41182. if (ret != MP_VAL)
  41183. return WC_TEST_RET_ENC_EC(ret);
  41184. ret = mp_toradix(a, hexStr, 3);
  41185. if (ret != MP_VAL)
  41186. return WC_TEST_RET_ENC_EC(ret);
  41187. ret = mp_radix_size(NULL, MP_RADIX_HEX, NULL);
  41188. if (ret != MP_VAL)
  41189. return WC_TEST_RET_ENC_EC(ret);
  41190. ret = mp_radix_size(a, MP_RADIX_HEX, NULL);
  41191. if (ret != MP_VAL)
  41192. return WC_TEST_RET_ENC_EC(ret);
  41193. ret = mp_radix_size(NULL, MP_RADIX_HEX, &size);
  41194. if (ret != MP_VAL)
  41195. return WC_TEST_RET_ENC_EC(ret);
  41196. ret = mp_radix_size(a, 3, &size);
  41197. if (ret != MP_VAL)
  41198. return WC_TEST_RET_ENC_EC(ret);
  41199. #endif
  41200. return 0;
  41201. }
  41202. #endif
  41203. #if !defined(WOLFSSL_SP_MATH) || defined(WOLFSSL_SP_MATH_ALL)
  41204. static wc_test_ret_t mp_test_set_is_bit(mp_int* a)
  41205. {
  41206. int i, j;
  41207. wc_test_ret_t ret;
  41208. mp_zero(a);
  41209. for (i = 0; i <= DIGIT_BIT * 2; i++) {
  41210. if (mp_is_bit_set(a, i))
  41211. return WC_TEST_RET_ENC_NC;
  41212. for (j = 0; j < i; j++) {
  41213. if (!mp_is_bit_set(a, j))
  41214. return WC_TEST_RET_ENC_NC;
  41215. }
  41216. if (mp_set_bit(a, i) != 0)
  41217. return WC_TEST_RET_ENC_NC;
  41218. if (!mp_is_bit_set(a, i))
  41219. return WC_TEST_RET_ENC_NC;
  41220. }
  41221. mp_zero(a);
  41222. for (i = 0; i <= DIGIT_BIT * 2; i++) {
  41223. if (mp_is_bit_set(a, i))
  41224. return WC_TEST_RET_ENC_NC;
  41225. }
  41226. for (i = 0; i <= DIGIT_BIT * 2; i++) {
  41227. mp_zero(a);
  41228. if (mp_set_bit(a, i) != 0)
  41229. return WC_TEST_RET_ENC_NC;
  41230. for (j = 0; j < i; j++) {
  41231. if (mp_is_bit_set(a, j))
  41232. return WC_TEST_RET_ENC_NC;
  41233. }
  41234. if (!mp_is_bit_set(a, i))
  41235. return WC_TEST_RET_ENC_NC;
  41236. }
  41237. #ifdef WOLFSSL_KEY_GEN
  41238. for (i = 0; i < DIGIT_BIT * 2; i++) {
  41239. mp_set(a, 1);
  41240. ret = mp_2expt(a, i);
  41241. if (ret != 0)
  41242. return WC_TEST_RET_ENC_EC(ret);
  41243. for (j = 0; j < i; j++) {
  41244. if (mp_is_bit_set(a, j))
  41245. return WC_TEST_RET_ENC_NC;
  41246. }
  41247. if (!mp_is_bit_set(a, i))
  41248. return WC_TEST_RET_ENC_NC;
  41249. }
  41250. #endif
  41251. #ifdef WOLFSSL_SP_MATH
  41252. mp_zero(a);
  41253. for (j = 1; j <= 3; j++) {
  41254. i = SP_INT_MAX_BITS - j;
  41255. if (mp_is_bit_set(a, i))
  41256. return WC_TEST_RET_ENC_NC;
  41257. if (mp_set_bit(a, i) != 0)
  41258. return WC_TEST_RET_ENC_NC;
  41259. if (!mp_is_bit_set(a, i))
  41260. return WC_TEST_RET_ENC_NC;
  41261. #ifdef WOLFSSL_KEY_GEN
  41262. ret = mp_2expt(a, i);
  41263. if (ret != 0)
  41264. return WC_TEST_RET_ENC_EC(ret);
  41265. if (!mp_is_bit_set(a, i))
  41266. return WC_TEST_RET_ENC_NC;
  41267. #endif
  41268. }
  41269. mp_zero(a);
  41270. for (j = 0; j <= 3; j++) {
  41271. i = SP_INT_MAX_BITS + j;
  41272. if (mp_is_bit_set(a, i))
  41273. return WC_TEST_RET_ENC_NC;
  41274. if (mp_set_bit(a, i) != MP_VAL)
  41275. return WC_TEST_RET_ENC_NC;
  41276. #ifdef WOLFSSL_KEY_GEN
  41277. ret = mp_2expt(a, i);
  41278. if (ret != MP_VAL)
  41279. return WC_TEST_RET_ENC_EC(ret);
  41280. #endif
  41281. }
  41282. #endif
  41283. (void)ret;
  41284. return 0;
  41285. }
  41286. #endif /* !WOLFSSL_SP_MATH || WOLFSSL_SP_MATH_ALL */
  41287. static wc_test_ret_t mp_test_cmp(mp_int* a, mp_int* b)
  41288. {
  41289. wc_test_ret_t ret;
  41290. mp_zero(a);
  41291. mp_zero(b);
  41292. ret = mp_cmp_d(a, 0);
  41293. if (ret != MP_EQ)
  41294. return WC_TEST_RET_ENC_EC(ret);
  41295. ret = mp_cmp_d(a, 1);
  41296. if (ret != MP_LT)
  41297. return WC_TEST_RET_ENC_EC(ret);
  41298. ret = mp_cmp(a, b);
  41299. if (ret != MP_EQ)
  41300. return WC_TEST_RET_ENC_NC;
  41301. mp_set(a, 1);
  41302. ret = mp_cmp_d(a, 0);
  41303. if (ret != MP_GT)
  41304. return WC_TEST_RET_ENC_EC(ret);
  41305. ret = mp_cmp_d(a, 1);
  41306. if (ret != MP_EQ)
  41307. return WC_TEST_RET_ENC_EC(ret);
  41308. ret = mp_cmp_d(a, 2);
  41309. if (ret != MP_LT)
  41310. return WC_TEST_RET_ENC_EC(ret);
  41311. ret = mp_cmp(a, b);
  41312. if (ret != MP_GT)
  41313. return WC_TEST_RET_ENC_NC;
  41314. mp_read_radix(b, "1234567890123456789", MP_RADIX_HEX);
  41315. ret = mp_cmp_d(b, -1);
  41316. if (ret != MP_GT)
  41317. return WC_TEST_RET_ENC_EC(ret);
  41318. ret = mp_cmp(a, b);
  41319. if (ret != MP_LT)
  41320. return WC_TEST_RET_ENC_NC;
  41321. ret = mp_cmp(b, a);
  41322. if (ret != MP_GT)
  41323. return WC_TEST_RET_ENC_NC;
  41324. ret = mp_cmp(b, b);
  41325. if (ret != MP_EQ)
  41326. return WC_TEST_RET_ENC_NC;
  41327. #if (!defined(WOLFSSL_SP_MATH) && !defined(WOLFSSL_SP_MATH_ALL)) || \
  41328. defined(WOLFSSL_SP_INT_NEGATIVE)
  41329. mp_read_radix(a, "-1", MP_RADIX_HEX);
  41330. mp_read_radix(a, "1", MP_RADIX_HEX);
  41331. ret = mp_cmp(a, b);
  41332. if (ret != MP_LT)
  41333. return WC_TEST_RET_ENC_NC;
  41334. ret = mp_cmp(b, a);
  41335. if (ret != MP_GT)
  41336. return WC_TEST_RET_ENC_NC;
  41337. mp_read_radix(b, "-2", MP_RADIX_HEX);
  41338. ret = mp_cmp(a, b);
  41339. if (ret != MP_GT)
  41340. return WC_TEST_RET_ENC_NC;
  41341. ret = mp_cmp(b, a);
  41342. if (ret != MP_LT)
  41343. return WC_TEST_RET_ENC_NC;
  41344. mp_read_radix(a, "-2", MP_RADIX_HEX);
  41345. ret = mp_cmp(a, b);
  41346. if (ret != MP_EQ)
  41347. return WC_TEST_RET_ENC_NC;
  41348. #endif
  41349. #if defined(HAVE_ECC) && !defined(WC_NO_RNG) && \
  41350. defined(WOLFSSL_ECC_GEN_REJECT_SAMPLING)
  41351. mp_zero(a);
  41352. mp_zero(b);
  41353. ret = mp_cmp_ct(a, b, 1);
  41354. if (ret != MP_EQ)
  41355. return WC_TEST_RET_ENC_EC(ret);
  41356. ret = mp_cmp_ct(a, a, a->used);
  41357. if (ret != MP_EQ)
  41358. return WC_TEST_RET_ENC_EC(ret);
  41359. #ifdef WOLFSSL_SP_MATH_ALL
  41360. ret = mp_cmp_ct(a, NULL, a->used);
  41361. if (ret != MP_GT)
  41362. return WC_TEST_RET_ENC_EC(ret);
  41363. ret = mp_cmp_ct(NULL, a, a->used);
  41364. if (ret != MP_LT)
  41365. return WC_TEST_RET_ENC_EC(ret);
  41366. #endif
  41367. mp_read_radix(a, "1", MP_RADIX_HEX);
  41368. ret = mp_cmp_ct(a, b, 1);
  41369. if (ret != MP_GT)
  41370. return WC_TEST_RET_ENC_EC(ret);
  41371. ret = mp_cmp_ct(b, a, 1);
  41372. if (ret != MP_LT)
  41373. return WC_TEST_RET_ENC_EC(ret);
  41374. mp_read_radix(a, "0123456789abcdef0123456789abcdef", MP_RADIX_HEX);
  41375. ret = mp_cmp_ct(a, b, a->used);
  41376. if (ret != MP_GT)
  41377. return WC_TEST_RET_ENC_EC(ret);
  41378. ret = mp_cmp_ct(b, a, a->used);
  41379. if (ret != MP_LT)
  41380. return WC_TEST_RET_ENC_EC(ret);
  41381. mp_read_radix(b, "1123456789abcdef0123456789abcdef", MP_RADIX_HEX);
  41382. ret = mp_cmp_ct(b, a, a->used);
  41383. if (ret != MP_GT)
  41384. return WC_TEST_RET_ENC_EC(ret);
  41385. ret = mp_cmp_ct(a, b, a->used);
  41386. if (ret != MP_LT)
  41387. return WC_TEST_RET_ENC_EC(ret);
  41388. mp_read_radix(b, "0123456789abcdef0123456789abcdf0", MP_RADIX_HEX);
  41389. ret = mp_cmp_ct(b, a, a->used);
  41390. if (ret != MP_GT)
  41391. return WC_TEST_RET_ENC_EC(ret);
  41392. ret = mp_cmp_ct(a, b, a->used);
  41393. if (ret != MP_LT)
  41394. return WC_TEST_RET_ENC_EC(ret);
  41395. mp_read_radix(b, "0123456789abcdf0", MP_RADIX_HEX);
  41396. ret = mp_cmp_ct(a, b, a->used);
  41397. if (ret != MP_GT)
  41398. return WC_TEST_RET_ENC_EC(ret);
  41399. ret = mp_cmp_ct(b, a, a->used);
  41400. if (ret != MP_LT)
  41401. return WC_TEST_RET_ENC_EC(ret);
  41402. #endif
  41403. return 0;
  41404. }
  41405. #if !defined(NO_DH) || defined(HAVE_ECC) || !defined(WOLFSSL_RSA_VERIFY_ONLY)
  41406. static wc_test_ret_t mp_test_shbd(mp_int* a, mp_int* b, WC_RNG* rng)
  41407. {
  41408. wc_test_ret_t ret;
  41409. int i, j, k;
  41410. #ifndef WOLFSSL_SP_MATH
  41411. for (i = 0; i < 10; i++) {
  41412. for (j = 1; j < (DIGIT_BIT + 7) / 8 * 3; j++) {
  41413. ret = randNum(a, j, rng, NULL);
  41414. if (ret != MP_OKAY)
  41415. return WC_TEST_RET_ENC_EC(ret);
  41416. mp_copy(a, b);
  41417. for (k = 0; k <= DIGIT_BIT * 2; k++) {
  41418. ret = mp_mul_2d(a, k, a);
  41419. if (ret != MP_OKAY)
  41420. return WC_TEST_RET_ENC_EC(ret);
  41421. mp_rshb(a, k);
  41422. ret = mp_cmp(a, b);
  41423. if (ret != MP_EQ)
  41424. return WC_TEST_RET_ENC_NC;
  41425. }
  41426. }
  41427. }
  41428. #endif
  41429. for (i = 0; i < 10; i++) {
  41430. for (j = 1; j < (DIGIT_BIT + 7) / 8 * 3; j++) {
  41431. ret = randNum(a, j, rng, NULL);
  41432. if (ret != MP_OKAY)
  41433. return WC_TEST_RET_ENC_EC(ret);
  41434. mp_copy(a, b);
  41435. for (k = 0; k < 10; k++) {
  41436. ret = mp_lshd(a, k);
  41437. if (ret != MP_OKAY)
  41438. return WC_TEST_RET_ENC_EC(ret);
  41439. #ifndef WOLFSSL_SP_MATH
  41440. mp_rshd(a, k);
  41441. #else
  41442. mp_rshb(a, k * SP_WORD_SIZE);
  41443. #endif
  41444. ret = mp_cmp(a, b);
  41445. if (ret != MP_EQ)
  41446. return WC_TEST_RET_ENC_NC;
  41447. }
  41448. }
  41449. }
  41450. #ifndef WOLFSSL_SP_MATH
  41451. mp_zero(a);
  41452. mp_rshd(a, 1);
  41453. if (!mp_iszero(a))
  41454. return WC_TEST_RET_ENC_NC;
  41455. mp_set(a, 1);
  41456. mp_rshd(a, 1);
  41457. if (!mp_iszero(a))
  41458. return WC_TEST_RET_ENC_NC;
  41459. mp_set(a, 1);
  41460. mp_rshd(a, 2);
  41461. if (!mp_iszero(a))
  41462. return WC_TEST_RET_ENC_NC;
  41463. #endif
  41464. return 0;
  41465. }
  41466. #endif
  41467. #if defined(WOLFSSL_SP_MATH_ALL) || !defined(NO_DH) || defined(HAVE_ECC) || \
  41468. (!defined(NO_RSA) && !defined(WOLFSSL_RSA_VERIFY_ONLY) && \
  41469. !defined(WOLFSSL_RSA_PUBLIC_ONLY))
  41470. static wc_test_ret_t mp_test_div(mp_int* a, mp_int* d, mp_int* r, mp_int* rem,
  41471. WC_RNG* rng)
  41472. {
  41473. wc_test_ret_t ret;
  41474. int i, j, k;
  41475. mp_zero(a);
  41476. mp_zero(d);
  41477. ret = mp_div(a, d, r, rem);
  41478. if (ret != MP_VAL)
  41479. return WC_TEST_RET_ENC_EC(ret);
  41480. mp_set(d, 1);
  41481. ret = mp_div(a, d, r, rem);
  41482. if (ret != MP_OKAY)
  41483. return WC_TEST_RET_ENC_EC(ret);
  41484. if (!mp_iszero(r))
  41485. return WC_TEST_RET_ENC_EC(ret);
  41486. if (!mp_iszero(rem))
  41487. return WC_TEST_RET_ENC_EC(ret);
  41488. mp_set(a, 1);
  41489. ret = mp_div(a, d, r, rem);
  41490. if (ret != MP_OKAY)
  41491. return WC_TEST_RET_ENC_EC(ret);
  41492. if (!mp_isone(r))
  41493. return WC_TEST_RET_ENC_EC(ret);
  41494. if (!mp_iszero(rem))
  41495. return WC_TEST_RET_ENC_EC(ret);
  41496. for (i = 0; i < 100; i++) {
  41497. for (j = 1; j < (DIGIT_BIT + 7) / 8 * 2; j++) {
  41498. ret = randNum(d, j, rng, NULL);
  41499. if (ret != MP_OKAY)
  41500. return WC_TEST_RET_ENC_EC(ret);
  41501. for (k = 1; k < (DIGIT_BIT + 7) / 8 * 2 + 1; k++) {
  41502. ret = randNum(a, k, rng, NULL);
  41503. if (ret != MP_OKAY)
  41504. return WC_TEST_RET_ENC_EC(ret);
  41505. ret = mp_div(a, d, NULL, rem);
  41506. if (ret != MP_OKAY)
  41507. return WC_TEST_RET_ENC_EC(ret);
  41508. ret = mp_div(a, d, r, NULL);
  41509. if (ret != MP_OKAY)
  41510. return WC_TEST_RET_ENC_EC(ret);
  41511. ret = mp_div(a, d, r, rem);
  41512. if (ret != MP_OKAY)
  41513. return WC_TEST_RET_ENC_EC(ret);
  41514. mp_mul(r, d, r);
  41515. mp_add(r, rem, r);
  41516. if (mp_cmp(r, a) != MP_EQ)
  41517. return WC_TEST_RET_ENC_NC;
  41518. }
  41519. }
  41520. }
  41521. ret = randNum(d, (DIGIT_BIT + 7) / 8 * 2, rng, NULL);
  41522. if (ret != MP_OKAY)
  41523. return WC_TEST_RET_ENC_EC(ret);
  41524. mp_add(d, d, a);
  41525. mp_set(rem, 1);
  41526. mp_div(a, d, NULL, rem);
  41527. if (ret != MP_OKAY)
  41528. return WC_TEST_RET_ENC_EC(ret);
  41529. if (!mp_iszero(rem))
  41530. return WC_TEST_RET_ENC_EC(ret);
  41531. mp_set(r, 1);
  41532. mp_div(a, d, r, NULL);
  41533. if (ret != MP_OKAY)
  41534. return WC_TEST_RET_ENC_EC(ret);
  41535. if (mp_cmp_d(r, 2) != MP_EQ)
  41536. return WC_TEST_RET_ENC_EC(ret);
  41537. mp_set(r, 1);
  41538. mp_set(rem, 1);
  41539. mp_div(a, d, r, rem);
  41540. if (ret != MP_OKAY)
  41541. return WC_TEST_RET_ENC_EC(ret);
  41542. if (mp_cmp_d(r, 2) != MP_EQ)
  41543. return WC_TEST_RET_ENC_EC(ret);
  41544. if (!mp_iszero(rem))
  41545. return WC_TEST_RET_ENC_EC(ret);
  41546. mp_set(a, 0xfe);
  41547. mp_lshd(a, 3);
  41548. mp_add_d(a, 0xff, a);
  41549. mp_set(d, 0xfe);
  41550. mp_lshd(d, 2);
  41551. ret = mp_div(a, d, r, rem);
  41552. if (ret != MP_OKAY)
  41553. return WC_TEST_RET_ENC_EC(ret);
  41554. mp_mul(r, d, d);
  41555. mp_add(rem, d, d);
  41556. if (mp_cmp(a, d) != MP_EQ)
  41557. return WC_TEST_RET_ENC_NC;
  41558. /* Force (hi | lo) / d to be (d | 0) / d which will would not fit in
  41559. * a digit. So mp_div must detect and handle.
  41560. * For example: 0x800000 / 0x8001, DIGIT_BIT = 8
  41561. */
  41562. mp_zero(a);
  41563. mp_set_bit(a, DIGIT_BIT * 3 - 1);
  41564. mp_zero(d);
  41565. mp_set_bit(d, DIGIT_BIT * 2 - 1);
  41566. mp_add_d(d, 1, d);
  41567. ret = mp_div(a, d, r, rem);
  41568. if (ret != MP_OKAY)
  41569. return WC_TEST_RET_ENC_EC(ret);
  41570. /* Make sure [d | d] / d is handled. */
  41571. mp_zero(a);
  41572. mp_set_bit(a, DIGIT_BIT * 2 - 1);
  41573. mp_set_bit(a, DIGIT_BIT * 1 - 1);
  41574. mp_zero(d);
  41575. mp_set_bit(d, DIGIT_BIT - 1);
  41576. ret = mp_div(a, d, r, rem);
  41577. if (ret != MP_OKAY)
  41578. return WC_TEST_RET_ENC_EC(ret);
  41579. mp_zero(a);
  41580. mp_set_bit(a, DIGIT_BIT);
  41581. mp_set_bit(a, 0);
  41582. mp_zero(d);
  41583. if (mp_cmp(r, a) != MP_EQ)
  41584. return WC_TEST_RET_ENC_NC;
  41585. if (mp_cmp(rem, d) != MP_EQ)
  41586. return WC_TEST_RET_ENC_NC;
  41587. return 0;
  41588. }
  41589. #endif
  41590. #if defined(WOLFSSL_KEY_GEN) && (!defined(NO_DH) || !defined(NO_DSA)) && \
  41591. !defined(WC_NO_RNG)
  41592. static wc_test_ret_t mp_test_prime(mp_int* a, WC_RNG* rng)
  41593. {
  41594. wc_test_ret_t ret;
  41595. int res;
  41596. ret = mp_rand_prime(a, 1, rng, NULL);
  41597. #if defined(WOLFSSL_SP_MATH_ALL)
  41598. if (ret != 0)
  41599. return WC_TEST_RET_ENC_EC(ret);
  41600. #else
  41601. if (ret != MP_VAL)
  41602. return WC_TEST_RET_ENC_NC;
  41603. #endif
  41604. #ifndef WOLFSSL_SP_MATH
  41605. ret = mp_rand_prime(a, -5, rng, NULL);
  41606. if (ret != 0 || (a->dp[0] & 3) != 3)
  41607. return WC_TEST_RET_ENC_NC;
  41608. #endif
  41609. ret = mp_prime_is_prime(a, 1, &res);
  41610. if (ret != MP_OKAY)
  41611. return WC_TEST_RET_ENC_EC(ret);
  41612. #ifndef WOLFSSL_SP_MATH
  41613. if (res != MP_YES)
  41614. return WC_TEST_RET_ENC_EC(res);
  41615. #else
  41616. if (res != MP_NO)
  41617. return WC_TEST_RET_ENC_EC(res);
  41618. #endif
  41619. ret = mp_prime_is_prime(a, 0, &res);
  41620. if (ret != MP_VAL)
  41621. return WC_TEST_RET_ENC_EC(ret);
  41622. ret = mp_prime_is_prime(a, -1, &res);
  41623. if (ret != MP_VAL)
  41624. return WC_TEST_RET_ENC_EC(ret);
  41625. ret = mp_prime_is_prime(a, 257, &res);
  41626. if (ret != MP_VAL)
  41627. return WC_TEST_RET_ENC_EC(ret);
  41628. mp_set(a, 1);
  41629. ret = mp_prime_is_prime(a, 1, &res);
  41630. if (ret != MP_OKAY)
  41631. return WC_TEST_RET_ENC_EC(ret);
  41632. if (res != MP_NO)
  41633. return WC_TEST_RET_ENC_EC(res);
  41634. ret = mp_prime_is_prime_ex(a, 1, &res, rng);
  41635. if (ret != MP_OKAY)
  41636. return WC_TEST_RET_ENC_EC(ret);
  41637. if (res != MP_NO)
  41638. return WC_TEST_RET_ENC_EC(res);
  41639. mp_set(a, 2);
  41640. ret = mp_prime_is_prime(a, 1, &res);
  41641. if (ret != MP_OKAY)
  41642. return WC_TEST_RET_ENC_EC(ret);
  41643. if (res != MP_YES)
  41644. return WC_TEST_RET_ENC_EC(res);
  41645. ret = mp_prime_is_prime_ex(a, 1, &res, rng);
  41646. if (ret != MP_OKAY)
  41647. return WC_TEST_RET_ENC_EC(ret);
  41648. if (res != MP_YES)
  41649. return WC_TEST_RET_ENC_EC(res);
  41650. mp_set(a, 0xfb);
  41651. ret = mp_prime_is_prime(a, 1, &res);
  41652. if (ret != MP_OKAY)
  41653. return WC_TEST_RET_ENC_EC(ret);
  41654. if (res != MP_YES)
  41655. return WC_TEST_RET_ENC_EC(res);
  41656. ret = mp_prime_is_prime_ex(a, 1, &res, rng);
  41657. if (ret != MP_OKAY)
  41658. return WC_TEST_RET_ENC_EC(ret);
  41659. if (res != MP_YES)
  41660. return WC_TEST_RET_ENC_EC(res);
  41661. mp_set(a, 0x6);
  41662. ret = mp_prime_is_prime(a, 1, &res);
  41663. if (ret != MP_OKAY)
  41664. return WC_TEST_RET_ENC_EC(ret);
  41665. if (res != MP_NO)
  41666. return WC_TEST_RET_ENC_EC(res);
  41667. ret = mp_prime_is_prime_ex(a, 1, &res, rng);
  41668. if (ret != MP_OKAY)
  41669. return WC_TEST_RET_ENC_EC(ret);
  41670. if (res != MP_NO)
  41671. return WC_TEST_RET_ENC_EC(res);
  41672. mp_set_int(a, 0x655 * 0x65b);
  41673. ret = mp_prime_is_prime(a, 10, &res);
  41674. if (ret != MP_OKAY)
  41675. return WC_TEST_RET_ENC_EC(ret);
  41676. if (res != MP_NO)
  41677. return WC_TEST_RET_ENC_EC(res);
  41678. ret = mp_prime_is_prime_ex(a, 10, &res, rng);
  41679. if (ret != MP_OKAY)
  41680. return WC_TEST_RET_ENC_EC(ret);
  41681. if (res != MP_NO)
  41682. return WC_TEST_RET_ENC_EC(res);
  41683. return 0;
  41684. }
  41685. #endif
  41686. #if !defined(NO_RSA) && defined(WOLFSSL_KEY_GEN) && !defined(WC_RSA_BLINDING)
  41687. static wc_test_ret_t mp_test_lcm_gcd(mp_int* a, mp_int* b, mp_int* r, mp_int* exp,
  41688. WC_RNG* rng)
  41689. {
  41690. wc_test_ret_t ret;
  41691. int i;
  41692. WOLFSSL_SMALL_STACK_STATIC const int kat[][3] = {
  41693. { 1, 1, 1 }, { 2, 1, 2 }, { 1, 2, 2 }, { 2, 4, 4 }, { 4, 2, 4 },
  41694. { 12, 56, 168 }, { 56, 12, 168 }
  41695. };
  41696. (void)exp;
  41697. mp_set(a, 0);
  41698. mp_set(b, 1);
  41699. ret = mp_lcm(a, a, r);
  41700. if (ret != MP_VAL)
  41701. return WC_TEST_RET_ENC_EC(ret);
  41702. ret = mp_lcm(a, b, r);
  41703. if (ret != MP_VAL)
  41704. return WC_TEST_RET_ENC_EC(ret);
  41705. ret = mp_lcm(b, a, r);
  41706. if (ret != MP_VAL)
  41707. return WC_TEST_RET_ENC_EC(ret);
  41708. for (i = 0; i < (int)(sizeof(kat) / sizeof(*kat)); i++) {
  41709. mp_set(a, kat[i][0]);
  41710. mp_set(b, kat[i][1]);
  41711. ret = mp_lcm(a, b, r);
  41712. if (ret != MP_OKAY)
  41713. return WC_TEST_RET_ENC_EC(ret);
  41714. mp_set(exp, kat[i][2]);
  41715. ret = mp_cmp(r, exp);
  41716. if (ret != MP_EQ)
  41717. return WC_TEST_RET_ENC_NC;
  41718. }
  41719. (void)rng;
  41720. #if defined(WOLFSSL_KEY_GEN) && (!defined(NO_DH) || !defined(NO_DSA)) && \
  41721. !defined(WC_NO_RNG)
  41722. ret = mp_rand_prime(a, 20, rng, NULL);
  41723. if (ret != MP_OKAY)
  41724. return WC_TEST_RET_ENC_EC(ret);
  41725. ret = mp_rand_prime(b, 20, rng, NULL);
  41726. if (ret != MP_OKAY)
  41727. return WC_TEST_RET_ENC_EC(ret);
  41728. ret = mp_mul(a, b, exp);
  41729. if (ret != MP_OKAY)
  41730. return WC_TEST_RET_ENC_EC(ret);
  41731. ret = mp_lcm(a, b, r);
  41732. if (ret != MP_OKAY)
  41733. return WC_TEST_RET_ENC_EC(ret);
  41734. ret = mp_cmp(r, exp);
  41735. if (ret != MP_EQ)
  41736. return WC_TEST_RET_ENC_NC;
  41737. ret = mp_lcm(b, a, r);
  41738. if (ret != MP_OKAY)
  41739. return WC_TEST_RET_ENC_EC(ret);
  41740. ret = mp_cmp(r, exp);
  41741. if (ret != MP_EQ)
  41742. return WC_TEST_RET_ENC_NC;
  41743. #endif
  41744. mp_set(a, 11);
  41745. mp_zero(b);
  41746. ret = mp_gcd(a, b, r);
  41747. if (ret != MP_OKAY)
  41748. return WC_TEST_RET_ENC_EC(ret);
  41749. ret = mp_cmp_d(r, 11);
  41750. if (ret != MP_EQ)
  41751. return WC_TEST_RET_ENC_EC(ret);
  41752. ret = mp_gcd(b, a, r);
  41753. if (ret != MP_OKAY)
  41754. return WC_TEST_RET_ENC_EC(ret);
  41755. ret = mp_cmp_d(r, 11);
  41756. if (ret != MP_EQ)
  41757. return WC_TEST_RET_ENC_EC(ret);
  41758. ret = mp_gcd(b, b, r);
  41759. if (ret != MP_VAL)
  41760. return WC_TEST_RET_ENC_EC(ret);
  41761. return 0;
  41762. }
  41763. #endif
  41764. #if (!defined(WOLFSSL_SP_MATH) && !defined(USE_FAST_MATH)) || \
  41765. defined(WOLFSSL_SP_MATH_ALL)
  41766. static wc_test_ret_t mp_test_mod_2d(mp_int* a, mp_int* r, mp_int* t, WC_RNG* rng)
  41767. {
  41768. wc_test_ret_t ret;
  41769. int i;
  41770. int j;
  41771. mp_set(a, 10);
  41772. ret = mp_mod_2d(a, 0, r);
  41773. if (ret != MP_OKAY)
  41774. return WC_TEST_RET_ENC_EC(ret);
  41775. if (!mp_iszero(r))
  41776. return WC_TEST_RET_ENC_NC;
  41777. ret = mp_mod_2d(a, 1, r);
  41778. if (ret != MP_OKAY)
  41779. return WC_TEST_RET_ENC_EC(ret);
  41780. if (!mp_iszero(r))
  41781. return WC_TEST_RET_ENC_NC;
  41782. ret = mp_mod_2d(a, 2, r);
  41783. if (ret != MP_OKAY)
  41784. return WC_TEST_RET_ENC_EC(ret);
  41785. ret = mp_cmp_d(r, 2);
  41786. if (ret != 0)
  41787. return WC_TEST_RET_ENC_EC(ret);
  41788. for (i = 2; i < 20; i++) {
  41789. ret = randNum(a, i, rng, NULL);
  41790. if (ret != 0)
  41791. return WC_TEST_RET_ENC_EC(ret);
  41792. for (j = 1; j <= mp_count_bits(a); j++) {
  41793. /* Get top part */
  41794. ret = mp_div_2d(a, j, t, NULL);
  41795. if (ret != 0)
  41796. return WC_TEST_RET_ENC_EC(ret);
  41797. ret = mp_mul_2d(t, j, t);
  41798. if (ret != 0)
  41799. return WC_TEST_RET_ENC_EC(ret);
  41800. /* Get bottom part */
  41801. ret = mp_mod_2d(a, j, r);
  41802. if (ret != 0)
  41803. return WC_TEST_RET_ENC_EC(ret);
  41804. /* Reassemble */
  41805. ret = mp_add(t, r, r);
  41806. if (ret != 0)
  41807. return WC_TEST_RET_ENC_EC(ret);
  41808. ret = mp_cmp(a, r);
  41809. if (ret != MP_EQ)
  41810. return WC_TEST_RET_ENC_NC;
  41811. }
  41812. }
  41813. #if !defined(WOLFSSL_SP_MATH) && defined(WOLFSSL_SP_INT_NEGATIVE)
  41814. /* Test negative value being moded. */
  41815. for (j = 0; j < 20; j++) {
  41816. ret = randNum(a, 2, rng, NULL);
  41817. if (ret != 0)
  41818. return WC_TEST_RET_ENC_EC(ret);
  41819. a->sign = MP_NEG;
  41820. for (i = 1; i < DIGIT_BIT * 3 + 1; i++) {
  41821. ret = mp_mod_2d(a, i, r);
  41822. if (ret != 0)
  41823. return WC_TEST_RET_ENC_EC(ret);
  41824. mp_zero(t);
  41825. ret = mp_set_bit(t, i);
  41826. if (ret != 0)
  41827. return WC_TEST_RET_ENC_EC(ret);
  41828. ret = mp_mod(a, t, t);
  41829. if (ret != 0)
  41830. return WC_TEST_RET_ENC_EC(ret);
  41831. ret = mp_cmp(r, t);
  41832. if (ret != MP_EQ)
  41833. return WC_TEST_RET_ENC_NC;
  41834. }
  41835. }
  41836. #endif
  41837. return 0;
  41838. }
  41839. #endif
  41840. #if defined(WOLFSSL_SP_MATH_ALL) || defined(OPENSSL_EXTRA) || \
  41841. (defined(HAVE_ECC) && defined(HAVE_COMP_KEY))
  41842. static wc_test_ret_t mp_test_mod_d(mp_int* a, WC_RNG* rng)
  41843. {
  41844. wc_test_ret_t ret;
  41845. mp_digit r;
  41846. #if defined(WOLFSSL_SP_MATH_ALL) || defined(WOLFSSL_SP_MATH)
  41847. mp_digit rem;
  41848. int i;
  41849. #endif
  41850. (void)rng;
  41851. ret = mp_set(a, 1);
  41852. if (ret != MP_OKAY)
  41853. return WC_TEST_RET_ENC_EC(ret);
  41854. ret = mp_mod_d(a, 0, &r);
  41855. if (ret != MP_VAL)
  41856. return WC_TEST_RET_ENC_EC(ret);
  41857. mp_zero(a);
  41858. ret = mp_mod_d(a, 1, &r);
  41859. if (ret != MP_OKAY)
  41860. return WC_TEST_RET_ENC_EC(ret);
  41861. ret = mp_mod_d(a, 3, &r);
  41862. if (ret != MP_OKAY)
  41863. return WC_TEST_RET_ENC_EC(ret);
  41864. ret = mp_mod_d(a, 5, &r);
  41865. if (ret != MP_OKAY)
  41866. return WC_TEST_RET_ENC_EC(ret);
  41867. #if defined(WOLFSSL_SP_MATH_ALL) || defined(WOLFSSL_SP_MATH)
  41868. for (i = MP_MAX_TEST_BYTE_LEN - 16; i <= MP_MAX_TEST_BYTE_LEN; i++) {
  41869. ret = randNum(a, i, rng, NULL);
  41870. if (ret != MP_OKAY)
  41871. return WC_TEST_RET_ENC_EC(ret);
  41872. ret = mp_mod_d(a, 3, &r);
  41873. if (ret != MP_OKAY)
  41874. return WC_TEST_RET_ENC_EC(ret);
  41875. ret = mp_div_d(a, 3, a, &rem);
  41876. if (ret != MP_OKAY)
  41877. return WC_TEST_RET_ENC_EC(ret);
  41878. if (r != rem)
  41879. return WC_TEST_RET_ENC_NC;
  41880. }
  41881. #endif
  41882. return 0;
  41883. }
  41884. #endif
  41885. static wc_test_ret_t mp_test_mul_sqr(mp_int* a, mp_int* b, mp_int* r1, mp_int* r2,
  41886. WC_RNG* rng)
  41887. {
  41888. wc_test_ret_t ret;
  41889. int i;
  41890. for (i = 1; i < 16; i++) {
  41891. ret = randNum(a, i, rng, NULL);
  41892. if (ret != 0)
  41893. return WC_TEST_RET_ENC_EC(ret);
  41894. ret = mp_mul(a, a, r1);
  41895. if (ret != 0)
  41896. return WC_TEST_RET_ENC_EC(ret);
  41897. ret = mp_sqr(a, r2);
  41898. if (ret != 0)
  41899. return WC_TEST_RET_ENC_EC(ret);
  41900. ret = mp_cmp(r1, r2);
  41901. if (ret != MP_EQ)
  41902. return WC_TEST_RET_ENC_NC;
  41903. }
  41904. ret = mp_set(b, 0);
  41905. if (ret != MP_OKAY)
  41906. return WC_TEST_RET_ENC_EC(ret);
  41907. ret = mp_mul(a, b, r1);
  41908. if (ret != MP_OKAY)
  41909. return WC_TEST_RET_ENC_EC(ret);
  41910. if (!mp_iszero(r1))
  41911. return WC_TEST_RET_ENC_EC(ret);
  41912. ret = mp_sqr(b, r1);
  41913. if (ret != MP_OKAY)
  41914. return WC_TEST_RET_ENC_EC(ret);
  41915. if (!mp_iszero(r1))
  41916. return WC_TEST_RET_ENC_NC;
  41917. #ifdef WOLFSSL_SP_MATH_ALL
  41918. ret = mp_set(a, 1);
  41919. if (ret != MP_OKAY)
  41920. return WC_TEST_RET_ENC_EC(ret);
  41921. i = (SP_INT_DIGITS / 2) + 1;
  41922. ret = mp_mul_2d(a, i * SP_WORD_SIZE - 1, a);
  41923. if (ret != MP_OKAY)
  41924. return WC_TEST_RET_ENC_EC(ret);
  41925. ret = mp_set(b, 1);
  41926. if (ret != MP_OKAY)
  41927. return WC_TEST_RET_ENC_EC(ret);
  41928. ret = mp_mul_2d(b, (SP_INT_DIGITS - 1 - i) * SP_WORD_SIZE - 1, b);
  41929. if (ret != MP_OKAY)
  41930. return WC_TEST_RET_ENC_EC(ret);
  41931. ret = mp_mul(a, b, r1);
  41932. if (ret != MP_OKAY)
  41933. return WC_TEST_RET_ENC_EC(ret);
  41934. ret = mp_mul(a, a, r1);
  41935. if (ret == MP_OKAY)
  41936. return WC_TEST_RET_ENC_NC;
  41937. ret = mp_sqr(a, r1);
  41938. if (ret == MP_OKAY)
  41939. return WC_TEST_RET_ENC_NC;
  41940. ret = mp_sqr(b, r1);
  41941. if (ret != MP_OKAY)
  41942. return WC_TEST_RET_ENC_EC(ret);
  41943. #if defined(WOLFSSL_SP_MATH_ALL) || defined(WOLFSSL_HAVE_SP_DH) || \
  41944. (defined(HAVE_ECC) && defined(FP_ECC))
  41945. ret = mp_mulmod(a, b, b, r1);
  41946. if (ret != MP_OKAY)
  41947. return WC_TEST_RET_ENC_EC(ret);
  41948. ret = mp_mulmod(a, a, b, r1);
  41949. if (ret == MP_OKAY)
  41950. return WC_TEST_RET_ENC_NC;
  41951. #if defined(HAVE_ECC) && (defined(ECC_SHAMIR) || defined(FP_ECC))
  41952. ret = mp_sqrmod(a, b, r1);
  41953. if (ret == MP_OKAY)
  41954. return WC_TEST_RET_ENC_NC;
  41955. ret = mp_sqrmod(b, a, r1);
  41956. if (ret != MP_OKAY)
  41957. return WC_TEST_RET_ENC_EC(ret);
  41958. #endif /* HAVE_ECC && (ECC_SHAMIR || FP_ECC) */
  41959. #endif /* WOLFSSL_SP_MATH_ALL || WOLFSSL_HAVE_SP_DH || (HAVE_ECC && FP_ECC) */
  41960. #endif /* WOLFSSL_SP_MATH_ALL */
  41961. return 0;
  41962. }
  41963. #if !defined(NO_RSA) || defined(HAVE_ECC) || !defined(NO_DSA) || \
  41964. defined(OPENSSL_EXTRA)
  41965. static wc_test_ret_t mp_test_invmod(mp_int* a, mp_int* m, mp_int* r)
  41966. {
  41967. wc_test_ret_t ret;
  41968. mp_set(a, 0);
  41969. mp_set(m, 1);
  41970. ret = mp_invmod(a, m, r);
  41971. if (ret != MP_VAL)
  41972. return WC_TEST_RET_ENC_EC(ret);
  41973. ret = mp_invmod(m, a, r);
  41974. if (ret != MP_VAL)
  41975. return WC_TEST_RET_ENC_EC(ret);
  41976. mp_set(a, 2);
  41977. mp_set(m, 4);
  41978. ret = mp_invmod(a, m, r);
  41979. if (ret != MP_VAL)
  41980. return WC_TEST_RET_ENC_EC(ret);
  41981. mp_set(a, 3);
  41982. mp_set(m, 6);
  41983. ret = mp_invmod(a, m, r);
  41984. if (ret != MP_VAL)
  41985. return WC_TEST_RET_ENC_EC(ret);
  41986. mp_set(a, 5*9);
  41987. mp_set(m, 6*9);
  41988. ret = mp_invmod(a, m, r);
  41989. if (ret != MP_VAL)
  41990. return WC_TEST_RET_ENC_EC(ret);
  41991. mp_set(a, 1);
  41992. mp_set(m, 4);
  41993. ret = mp_invmod(a, m, r);
  41994. if (ret != MP_OKAY)
  41995. return WC_TEST_RET_ENC_EC(ret);
  41996. if (!mp_isone(r))
  41997. return WC_TEST_RET_ENC_NC;
  41998. mp_set(a, 3);
  41999. mp_set(m, 4);
  42000. ret = mp_invmod(a, m, r);
  42001. if (ret != MP_OKAY)
  42002. return WC_TEST_RET_ENC_EC(ret);
  42003. ret = mp_cmp_d(r, 3);
  42004. if (ret != 0)
  42005. return WC_TEST_RET_ENC_EC(ret);
  42006. mp_set(a, 3);
  42007. mp_set(m, 5);
  42008. ret = mp_invmod(a, m, r);
  42009. if (ret != MP_OKAY)
  42010. return WC_TEST_RET_ENC_EC(ret);
  42011. #if defined(WOLFSSL_SP_MATH) || defined(WOLFSSL_SP_MATH_ALL)
  42012. /* Maximum 'a' */
  42013. mp_set(a, 0);
  42014. mp_set_bit(a, (r->size / 2)* SP_WORD_SIZE - 1);
  42015. mp_sub_d(a, 1, a);
  42016. /* Modulus too big. */
  42017. mp_set(m, 0);
  42018. mp_set_bit(m, (r->size / 2) * SP_WORD_SIZE);
  42019. ret = mp_invmod(a, m, r);
  42020. if (ret != MP_VAL)
  42021. return WC_TEST_RET_ENC_EC(ret);
  42022. /* Maximum modulus - even. */
  42023. mp_set(m, 0);
  42024. mp_set_bit(m, (r->size / 2) * SP_WORD_SIZE - 1);
  42025. ret = mp_invmod(a, m, r);
  42026. if (ret != MP_OKAY)
  42027. return WC_TEST_RET_ENC_EC(ret);
  42028. #endif
  42029. #if !defined(WOLFSSL_SP_MATH) || defined(WOLFSSL_SP_INT_NEGATIVE)
  42030. mp_read_radix(a, "-3", 16);
  42031. ret = mp_invmod(a, m, r);
  42032. if (ret != MP_OKAY)
  42033. return WC_TEST_RET_ENC_EC(ret);
  42034. #endif
  42035. #if defined(WOLFSSL_SP_MATH_ALL) && defined(HAVE_ECC)
  42036. mp_set(a, 0);
  42037. mp_set(m, 3);
  42038. ret = mp_invmod_mont_ct(a, m, r, 1);
  42039. if (ret != MP_VAL)
  42040. return WC_TEST_RET_ENC_EC(ret);
  42041. mp_set(a, 1);
  42042. mp_set(m, 0);
  42043. ret = mp_invmod_mont_ct(a, m, r, 1);
  42044. if (ret != MP_VAL)
  42045. return WC_TEST_RET_ENC_EC(ret);
  42046. mp_set(a, 1);
  42047. mp_set(m, 1);
  42048. ret = mp_invmod_mont_ct(a, m, r, 1);
  42049. if (ret != MP_VAL)
  42050. return WC_TEST_RET_ENC_EC(ret);
  42051. mp_set(a, 1);
  42052. mp_set(m, 2);
  42053. ret = mp_invmod_mont_ct(a, m, r, 1);
  42054. if (ret != MP_VAL)
  42055. return WC_TEST_RET_ENC_EC(ret);
  42056. mp_set(a, 1);
  42057. mp_set(m, 3);
  42058. ret = mp_invmod_mont_ct(a, m, r, 1);
  42059. if (ret != MP_OKAY)
  42060. return WC_TEST_RET_ENC_EC(ret);
  42061. #endif
  42062. return 0;
  42063. }
  42064. #endif /* !NO_RSA || HAVE_ECC || !NO_DSA || OPENSSL_EXTRA */
  42065. #if !defined(NO_RSA) || !defined(NO_DSA) || !defined(NO_DH) || \
  42066. (defined(HAVE_ECC) && defined(HAVE_COMP_KEY)) || defined(OPENSSL_EXTRA)
  42067. static wc_test_ret_t mp_test_exptmod(mp_int* b, mp_int* e, mp_int* m, mp_int* r)
  42068. {
  42069. wc_test_ret_t ret;
  42070. mp_set(b, 0x2);
  42071. mp_set(e, 0x3);
  42072. mp_set(m, 0x0);
  42073. ret = mp_exptmod_ex(b, e, 1, m, r);
  42074. if (ret != MP_VAL)
  42075. return WC_TEST_RET_ENC_EC(ret);
  42076. ret = mp_exptmod_nct(b, e, m, r);
  42077. if (ret != MP_VAL)
  42078. return WC_TEST_RET_ENC_EC(ret);
  42079. mp_set(b, 0x2);
  42080. mp_set(e, 0x3);
  42081. mp_set(m, 0x1);
  42082. ret = mp_exptmod_ex(b, e, 1, m, r);
  42083. if (ret != MP_OKAY)
  42084. return WC_TEST_RET_ENC_EC(ret);
  42085. if (!mp_iszero(r))
  42086. return WC_TEST_RET_ENC_NC;
  42087. ret = mp_exptmod_nct(b, e, m, r);
  42088. if (ret != MP_OKAY)
  42089. return WC_TEST_RET_ENC_EC(ret);
  42090. if (!mp_iszero(r))
  42091. return WC_TEST_RET_ENC_NC;
  42092. mp_set(b, 0x2);
  42093. mp_set(e, 0x0);
  42094. mp_set(m, 0x7);
  42095. ret = mp_exptmod_ex(b, e, 1, m, r);
  42096. if (ret != MP_OKAY)
  42097. return WC_TEST_RET_ENC_EC(ret);
  42098. if (!mp_isone(r))
  42099. return WC_TEST_RET_ENC_NC;
  42100. ret = mp_exptmod_nct(b, e, m, r);
  42101. if (ret != MP_OKAY)
  42102. return WC_TEST_RET_ENC_EC(ret);
  42103. if (!mp_isone(r))
  42104. return WC_TEST_RET_ENC_NC;
  42105. mp_set(b, 0x0);
  42106. mp_set(e, 0x3);
  42107. mp_set(m, 0x7);
  42108. ret = mp_exptmod_ex(b, e, 1, m, r);
  42109. if (ret != MP_OKAY)
  42110. return WC_TEST_RET_ENC_EC(ret);
  42111. if (!mp_iszero(r))
  42112. return WC_TEST_RET_ENC_NC;
  42113. ret = mp_exptmod_nct(b, e, m, r);
  42114. if (ret != MP_OKAY)
  42115. return WC_TEST_RET_ENC_EC(ret);
  42116. if (!mp_iszero(r))
  42117. return WC_TEST_RET_ENC_NC;
  42118. mp_set(b, 0x10);
  42119. mp_set(e, 0x3);
  42120. mp_set(m, 0x7);
  42121. ret = mp_exptmod_ex(b, e, 1, m, r);
  42122. if (ret != MP_OKAY)
  42123. return WC_TEST_RET_ENC_EC(ret);
  42124. ret = mp_exptmod_nct(b, e, m, r);
  42125. if (ret != MP_OKAY)
  42126. return WC_TEST_RET_ENC_EC(ret);
  42127. mp_set(b, 0x7);
  42128. mp_set(e, 0x3);
  42129. mp_set(m, 0x7);
  42130. ret = mp_exptmod_ex(b, e, 1, m, r);
  42131. if (ret != MP_OKAY)
  42132. return WC_TEST_RET_ENC_EC(ret);
  42133. if (!mp_iszero(r))
  42134. return WC_TEST_RET_ENC_NC;
  42135. ret = mp_exptmod_nct(b, e, m, r);
  42136. if (ret != MP_OKAY)
  42137. return WC_TEST_RET_ENC_EC(ret);
  42138. if (!mp_iszero(r))
  42139. return WC_TEST_RET_ENC_NC;
  42140. #ifndef WOLFSSL_SP_MATH
  42141. mp_set(b, 0x01);
  42142. mp_mul_2d(b, DIGIT_BIT, b);
  42143. mp_add_d(b, 1, b);
  42144. mp_set(e, 0x3);
  42145. mp_copy(b, m);
  42146. ret = mp_exptmod_ex(b, e, 1, m, r);
  42147. if (ret != MP_OKAY)
  42148. return WC_TEST_RET_ENC_EC(ret);
  42149. if (!mp_iszero(r))
  42150. return WC_TEST_RET_ENC_NC;
  42151. ret = mp_exptmod_nct(b, e, m, r);
  42152. if (ret != MP_OKAY)
  42153. return WC_TEST_RET_ENC_EC(ret);
  42154. if (!mp_iszero(r))
  42155. return WC_TEST_RET_ENC_NC;
  42156. #endif
  42157. mp_set(b, 0x2);
  42158. mp_set(e, 0x3);
  42159. mp_set(m, 0x7);
  42160. ret = mp_exptmod_ex(b, e, 1, m, r);
  42161. if (ret != MP_OKAY)
  42162. return WC_TEST_RET_ENC_EC(ret);
  42163. ret = mp_exptmod_nct(b, e, m, r);
  42164. if (ret != MP_OKAY)
  42165. return WC_TEST_RET_ENC_EC(ret);
  42166. #ifdef WOLFSSL_SP_MATH_ALL
  42167. mp_set(b, 0x2);
  42168. mp_set(e, 0x3);
  42169. mp_set(m, 0x01);
  42170. mp_mul_2d(m, SP_WORD_SIZE * SP_INT_DIGITS / 2, m);
  42171. mp_add_d(m, 0x01, m);
  42172. ret = mp_exptmod_ex(b, e, 1, m, r);
  42173. if (ret != MP_VAL)
  42174. return WC_TEST_RET_ENC_EC(ret);
  42175. ret = mp_exptmod_nct(b, e, m, r);
  42176. if (ret != MP_VAL)
  42177. return WC_TEST_RET_ENC_EC(ret);
  42178. #endif
  42179. return 0;
  42180. }
  42181. #endif /* !NO_RSA || !NO_DSA || !NO_DH || (HAVE_ECC && HAVE_COMP_KEY) ||
  42182. * OPENSSL_EXTRA */
  42183. #if defined(WOLFSSL_SP_MATH_ALL) || defined(WOLFSSL_HAVE_SP_DH) || \
  42184. defined(HAVE_ECC) || (!defined(NO_RSA) && !defined(WOLFSSL_RSA_VERIFY_ONLY))
  42185. static wc_test_ret_t mp_test_mont(mp_int* a, mp_int* m, mp_int* n, mp_int* r, WC_RNG* rng)
  42186. {
  42187. wc_test_ret_t ret;
  42188. mp_digit mp;
  42189. static int exp[] = { 7, 8, 16, 27, 32, 64,
  42190. 127, 128, 255, 256,
  42191. #if defined(SP_WORD_SIZE) && SP_WORD_SIZE > 8
  42192. 383, 384, 2033, 2048
  42193. #endif
  42194. };
  42195. static mp_digit sub[] = { 0x01, 0x05, 0x0f, 0x27, 0x05, 0x3b,
  42196. 0x01, 0x9f, 0x13, 0xbd,
  42197. #if defined(SP_WORD_SIZE) && SP_WORD_SIZE > 8
  42198. 0x1f, 0x13d, 0x45, 0x615
  42199. #endif
  42200. };
  42201. int bits[] = { 256, 384,
  42202. #if defined(SP_INT_MAX_BITS) && SP_INT_MAX_BITS > 4096
  42203. 2048,
  42204. #endif
  42205. #if defined(SP_INT_MAX_BITS) && SP_INT_MAX_BITS > 6144
  42206. 3072
  42207. #endif
  42208. };
  42209. int i;
  42210. int j;
  42211. for (i = 0; i < (int)(sizeof(exp) / sizeof(*exp)); i++) {
  42212. if (exp[i] >= DIGIT_BIT)
  42213. continue;
  42214. mp_zero(m);
  42215. ret = mp_set_bit(m, exp[i]);
  42216. if (ret != MP_OKAY)
  42217. return WC_TEST_RET_ENC_EC(ret);
  42218. ret = mp_sub_d(m, sub[i], m);
  42219. if (ret != MP_OKAY)
  42220. return WC_TEST_RET_ENC_EC(ret);
  42221. ret = mp_montgomery_setup(m, &mp);
  42222. if (ret != MP_OKAY)
  42223. return WC_TEST_RET_ENC_EC(ret);
  42224. ret = mp_montgomery_calc_normalization(n, m);
  42225. if (ret != MP_OKAY)
  42226. return WC_TEST_RET_ENC_EC(ret);
  42227. for (j = 0; j < 10; j++) {
  42228. ret = randNum(a, (exp[i] + DIGIT_BIT - 1) / DIGIT_BIT, rng, NULL);
  42229. if (ret != 0)
  42230. return WC_TEST_RET_ENC_EC(ret);
  42231. ret = mp_mod(a, m, a);
  42232. if (ret != 0)
  42233. return WC_TEST_RET_ENC_EC(ret);
  42234. /* r = a * a */
  42235. ret = mp_sqrmod(a, m, r);
  42236. if (ret != MP_OKAY)
  42237. return WC_TEST_RET_ENC_EC(ret);
  42238. /* Convert to Montgomery form = a*n */
  42239. ret = mp_mulmod(a, n, m, a);
  42240. if (ret != MP_OKAY)
  42241. return WC_TEST_RET_ENC_EC(ret);
  42242. /* a*a mod m == ((a*n) * (a*n)) / n / n */
  42243. ret = mp_sqr(a, a);
  42244. if (ret != MP_OKAY)
  42245. return WC_TEST_RET_ENC_EC(ret);
  42246. ret = mp_montgomery_reduce(a, m, mp);
  42247. if (ret != MP_OKAY)
  42248. return WC_TEST_RET_ENC_EC(ret);
  42249. ret = mp_montgomery_reduce(a, m, mp);
  42250. if (ret != MP_OKAY)
  42251. return WC_TEST_RET_ENC_EC(ret);
  42252. if (mp_cmp(a, r) != MP_EQ)
  42253. return WC_TEST_RET_ENC_NC;
  42254. }
  42255. }
  42256. /* Force carries. */
  42257. for (i = 0; i < (int)(sizeof(bits) / sizeof(*bits)); i++) {
  42258. /* a = 2^(bits*2) - 1 */
  42259. mp_zero(a);
  42260. mp_set_bit(a, bits[i] * 2);
  42261. mp_sub_d(a, 1, a);
  42262. /* m = 2^(bits) - 1 */
  42263. mp_zero(m);
  42264. mp_set_bit(m, bits[i]);
  42265. mp_sub_d(m, 1, m);
  42266. mp = 1;
  42267. /* result = r = 2^(bits) - 1 */
  42268. mp_zero(r);
  42269. mp_set_bit(r, bits[i]);
  42270. mp_sub_d(r, 1, r);
  42271. ret = mp_montgomery_reduce(a, m, mp);
  42272. if (ret != MP_OKAY)
  42273. return WC_TEST_RET_ENC_EC(ret);
  42274. /* Result is m or 0 if reduced to range of modulus. */
  42275. if (mp_cmp(a, r) != MP_EQ && mp_iszero(a) != MP_YES)
  42276. return WC_TEST_RET_ENC_NC;
  42277. }
  42278. return 0;
  42279. }
  42280. #endif
  42281. WOLFSSL_TEST_SUBROUTINE wc_test_ret_t mp_test(void)
  42282. {
  42283. WC_RNG rng;
  42284. int rng_inited = 0;
  42285. wc_test_ret_t ret;
  42286. #if defined(HAVE_ECC) || defined(WOLFSSL_KEY_GEN)
  42287. int i, j;
  42288. #ifndef WOLFSSL_SP_MATH
  42289. int k;
  42290. #endif
  42291. mp_digit d = 0;
  42292. #endif
  42293. #ifdef WOLFSSL_SMALL_STACK
  42294. mp_int *a = (mp_int *)XMALLOC(sizeof(mp_int), HEAP_HINT,
  42295. DYNAMIC_TYPE_TMP_BUFFER),
  42296. *b = (mp_int *)XMALLOC(sizeof(mp_int), HEAP_HINT,
  42297. DYNAMIC_TYPE_TMP_BUFFER),
  42298. *r1 = (mp_int *)XMALLOC(sizeof(mp_int), HEAP_HINT,
  42299. DYNAMIC_TYPE_TMP_BUFFER),
  42300. *r2 = (mp_int *)XMALLOC(sizeof(mp_int), HEAP_HINT,
  42301. DYNAMIC_TYPE_TMP_BUFFER),
  42302. *p = (mp_int *)XMALLOC(sizeof(mp_int), HEAP_HINT,
  42303. DYNAMIC_TYPE_TMP_BUFFER);
  42304. if ((a == NULL) ||
  42305. (b == NULL) ||
  42306. (r1 == NULL) ||
  42307. (r2 == NULL) ||
  42308. (p == NULL))
  42309. {
  42310. ERROR_OUT(WC_TEST_RET_ENC_ERRNO, done);
  42311. }
  42312. #else
  42313. mp_int a[1], b[1], r1[1], r2[1], p[1];
  42314. #endif
  42315. ret = mp_init_multi(a, b, r1, r2, NULL, NULL);
  42316. if (ret != 0)
  42317. ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done);
  42318. #ifdef WOLFSSL_SP_MATH_ALL
  42319. mp_init_copy(p, a);
  42320. #else
  42321. ret = mp_init(p);
  42322. if (ret != 0)
  42323. ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done);
  42324. #endif
  42325. #ifndef HAVE_FIPS
  42326. ret = wc_InitRng_ex(&rng, HEAP_HINT, devId);
  42327. #else
  42328. ret = wc_InitRng(&rng);
  42329. #endif
  42330. if (ret != 0)
  42331. goto done;
  42332. rng_inited = 1;
  42333. #if defined(HAVE_ECC) || defined(WOLFSSL_KEY_GEN)
  42334. mp_set_int(a, 0);
  42335. if (a->used != 0 || a->dp[0] != 0)
  42336. ERROR_OUT(WC_TEST_RET_ENC_NC, done);
  42337. for (j = 1; j <= MP_MAX_TEST_BYTE_LEN; j++) {
  42338. for (i = 0; i < 4 * j; i++) {
  42339. /* New values to use. */
  42340. ret = randNum(p, j, &rng, NULL);
  42341. if (ret != 0)
  42342. ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done);
  42343. ret = randNum(a, j, &rng, NULL);
  42344. if (ret != 0)
  42345. ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done);
  42346. ret = randNum(b, j, &rng, NULL);
  42347. if (ret != 0)
  42348. ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done);
  42349. ret = wc_RNG_GenerateBlock(&rng, (byte*)&d, sizeof(d));
  42350. if (ret != 0)
  42351. ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done);
  42352. d &= MP_MASK;
  42353. #if !defined(WOLFSSL_SP_MATH) || (defined(HAVE_ECC) && \
  42354. (defined(ECC_SHAMIR) || defined(FP_ECC)))
  42355. /* Ensure sqrmod produce same result as mulmod. */
  42356. ret = mp_sqrmod(a, p, r1);
  42357. if (ret != 0)
  42358. ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done);
  42359. ret = mp_mulmod(a, a, p, r2);
  42360. if (ret != 0)
  42361. ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done);
  42362. if (mp_cmp(r1, r2) != 0)
  42363. ERROR_OUT(WC_TEST_RET_ENC_NC, done);
  42364. #endif
  42365. #if defined(WOLFSSL_SP_MATH_ALL) && !defined(WOLFSSL_RSA_VERIFY_ONLY)
  42366. #if defined(WOLFSSL_SP_MATH) || (defined(WOLFSSL_SP_MATH_ALL) && \
  42367. !defined(WOLFSSL_SP_INT_NEGATIVE))
  42368. ret = mp_addmod(a, b, p, r1);
  42369. if (ret != 0)
  42370. ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done);
  42371. ret = mp_submod(r1, b, p, r2);
  42372. if (ret != 0)
  42373. ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done);
  42374. ret = mp_mod(a, p, r1);
  42375. if (ret != 0)
  42376. ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done);
  42377. if (mp_cmp(r1, r2) != MP_EQ)
  42378. ERROR_OUT(WC_TEST_RET_ENC_NC, done);
  42379. #else
  42380. /* Ensure add with mod produce same result as sub with mod. */
  42381. ret = mp_addmod(a, b, p, r1);
  42382. if (ret != 0)
  42383. ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done);
  42384. b->sign ^= 1;
  42385. ret = mp_submod(a, b, p, r2);
  42386. if (ret != 0)
  42387. ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done);
  42388. if (mp_cmp(r1, r2) != 0)
  42389. ERROR_OUT(WC_TEST_RET_ENC_NC, done);
  42390. #endif
  42391. #endif
  42392. /* Ensure add digit produce same result as sub digit. */
  42393. ret = mp_add_d(a, d, r1);
  42394. if (ret != 0)
  42395. ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done);
  42396. ret = mp_sub_d(r1, d, r2);
  42397. if (ret != 0)
  42398. ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done);
  42399. if (mp_cmp(a, r2) != 0)
  42400. ERROR_OUT(WC_TEST_RET_ENC_NC, done);
  42401. /* Invert - if p is even it will use the slow impl.
  42402. * - if p and a are even it will fail.
  42403. */
  42404. ret = mp_invmod(a, p, r1);
  42405. if (ret != 0 && ret != MP_VAL)
  42406. ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done);
  42407. #ifndef WOLFSSL_SP_MATH
  42408. /* Shift up and down number all bits in a digit. */
  42409. for (k = 0; k < DIGIT_BIT; k++) {
  42410. mp_mul_2d(a, k, r1);
  42411. mp_div_2d(r1, k, r2, p);
  42412. if (mp_cmp(a, r2) != 0)
  42413. ERROR_OUT(WC_TEST_RET_ENC_NC, done);
  42414. if (!mp_iszero(p))
  42415. ERROR_OUT(WC_TEST_RET_ENC_NC, done);
  42416. mp_rshb(r1, k);
  42417. if (mp_cmp(a, r1) != 0)
  42418. ERROR_OUT(WC_TEST_RET_ENC_NC, done);
  42419. }
  42420. #endif
  42421. }
  42422. }
  42423. /* Test adding and subtracting zero from zero. */
  42424. mp_zero(a);
  42425. ret = mp_add_d(a, 0, r1);
  42426. if (ret != 0)
  42427. ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done);
  42428. if (!mp_iszero(r1)) {
  42429. ERROR_OUT(WC_TEST_RET_ENC_NC, done);
  42430. }
  42431. ret = mp_sub_d(a, 0, r2);
  42432. if (ret != 0)
  42433. ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done);
  42434. if (!mp_iszero(r2)) {
  42435. ERROR_OUT(WC_TEST_RET_ENC_NC, done);
  42436. }
  42437. #if DIGIT_BIT >= 32
  42438. /* Check that setting a 32-bit digit works. */
  42439. d &= 0xffffffffU;
  42440. mp_set_int(a, d);
  42441. if (a->used != 1 || a->dp[0] != d)
  42442. ERROR_OUT(WC_TEST_RET_ENC_NC, done);
  42443. #endif
  42444. /* Check setting a bit and testing a bit works. */
  42445. for (i = 0; i < MP_MAX_TEST_BYTE_LEN * 8; i++) {
  42446. mp_zero(a);
  42447. mp_set_bit(a, i);
  42448. if (!mp_is_bit_set(a, i))
  42449. ERROR_OUT(WC_TEST_RET_ENC_NC, done);
  42450. }
  42451. #endif
  42452. #if defined(HAVE_ECC) && defined(HAVE_COMP_KEY)
  42453. mp_zero(a);
  42454. i = mp_cnt_lsb(a);
  42455. if (i != 0)
  42456. ERROR_OUT(WC_TEST_RET_ENC_I(i), done);
  42457. mp_set(a, 1);
  42458. i = mp_cnt_lsb(a);
  42459. if (i != 0)
  42460. ERROR_OUT(WC_TEST_RET_ENC_I(i), done);
  42461. mp_set(a, 32);
  42462. i = mp_cnt_lsb(a);
  42463. if (i != 5)
  42464. ERROR_OUT(WC_TEST_RET_ENC_I(i), done);
  42465. mp_zero(a);
  42466. mp_set_bit(a, 129);
  42467. i = mp_cnt_lsb(a);
  42468. if (i != 129)
  42469. ERROR_OUT(WC_TEST_RET_ENC_I(i), done);
  42470. #endif
  42471. #if defined(WOLFSSL_SP_MATH) || defined(WOLFSSL_SP_MATH_ALL)
  42472. if ((ret = mp_test_param(a, b, r1, &rng)) != 0)
  42473. goto done;
  42474. #endif
  42475. #if defined(WOLFSSL_SP_MATH_ALL) || !defined(USE_FAST_MATH)
  42476. if ((ret = mp_test_div_3(a, r1, &rng)) != 0)
  42477. goto done;
  42478. #endif
  42479. #if (defined(WOLFSSL_SP_MATH_ALL) && !defined(NO_RSA) && \
  42480. !defined(WOLFSSL_RSA_VERIFY_ONLY)) || \
  42481. (!defined WOLFSSL_SP_MATH && !defined(WOLFSSL_SP_MATH_ALL) && \
  42482. (defined(WOLFSSL_KEY_GEN) || defined(HAVE_COMP_KEY)))
  42483. if ((ret = mp_test_radix_10(a, r1, &rng)) != 0)
  42484. goto done;
  42485. #endif
  42486. #if defined(WOLFSSL_SP_MATH_ALL) || (!defined WOLFSSL_SP_MATH && \
  42487. defined(HAVE_ECC))
  42488. if ((ret = mp_test_radix_16(a, r1, &rng)) != 0)
  42489. goto done;
  42490. #endif
  42491. if ((ret = mp_test_shift(a, r1, &rng)) != 0)
  42492. goto done;
  42493. if ((ret = mp_test_add_sub_d(a, r1)) != 0)
  42494. goto done;
  42495. if ((ret = mp_test_read_to_bin(a)) != 0)
  42496. goto done;
  42497. #if defined(WOLFSSL_SP_MATH) || defined(WOLFSSL_SP_MATH_ALL)
  42498. if ((ret = mp_test_set_int(a)) != 0)
  42499. goto done;
  42500. #endif
  42501. if ((ret = mp_test_cmp(a, r1)) != 0)
  42502. goto done;
  42503. #if !defined(NO_DH) || defined(HAVE_ECC) || !defined(WOLFSSL_RSA_VERIFY_ONLY)
  42504. if ((ret = mp_test_shbd(a, b, &rng)) != 0)
  42505. goto done;
  42506. #endif
  42507. #if !defined(WOLFSSL_SP_MATH) || defined(WOLFSSL_SP_MATH_ALL)
  42508. if ((ret = mp_test_set_is_bit(a)) != 0)
  42509. goto done;
  42510. #endif
  42511. #if defined(WOLFSSL_SP_MATH_ALL) || !defined(NO_DH) || defined(HAVE_ECC) || \
  42512. (!defined(NO_RSA) && !defined(WOLFSSL_RSA_VERIFY_ONLY) && \
  42513. !defined(WOLFSSL_RSA_PUBLIC_ONLY))
  42514. if ((ret = mp_test_div(a, b, r1, r2, &rng)) != 0)
  42515. goto done;
  42516. #endif
  42517. #if defined(WOLFSSL_KEY_GEN) && (!defined(NO_DH) || !defined(NO_DSA)) && \
  42518. !defined(WC_NO_RNG)
  42519. if ((ret = mp_test_prime(a, &rng)) != 0)
  42520. goto done;
  42521. #endif
  42522. #if !defined(NO_RSA) && defined(WOLFSSL_KEY_GEN) && !defined(WC_RSA_BLINDING)
  42523. if ((ret = mp_test_lcm_gcd(a, b, r1, r2, &rng)) != 0)
  42524. goto done;
  42525. #endif
  42526. #if (!defined(WOLFSSL_SP_MATH) && !defined(USE_FAST_MATH)) || \
  42527. defined(WOLFSSL_SP_MATH_ALL)
  42528. if ((ret = mp_test_mod_2d(a, r1, p, &rng)) != 0)
  42529. goto done;
  42530. #endif
  42531. #if defined(WOLFSSL_SP_MATH_ALL) || defined(OPENSSL_EXTRA) || \
  42532. (defined(HAVE_ECC) && defined(HAVE_COMP_KEY))
  42533. if ((ret = mp_test_mod_d(a, &rng)) != 0)
  42534. goto done;
  42535. #endif
  42536. if ((ret = mp_test_mul_sqr(a, b, r1, r2, &rng)) != 0)
  42537. goto done;
  42538. #if !defined(NO_RSA) || defined(HAVE_ECC) || !defined(NO_DSA) || \
  42539. defined(OPENSSL_EXTRA)
  42540. if ((ret = mp_test_invmod(a, b, r1)) != 0)
  42541. goto done;
  42542. #endif
  42543. #if !defined(NO_RSA) || !defined(NO_DSA) || !defined(NO_DH) || \
  42544. (defined(HAVE_ECC) && defined(HAVE_COMP_KEY)) || defined(OPENSSL_EXTRA)
  42545. if ((ret = mp_test_exptmod(a, b, r1, r2)) != 0)
  42546. goto done;
  42547. #endif
  42548. #if defined(WOLFSSL_SP_MATH_ALL) || defined(WOLFSSL_HAVE_SP_DH) || \
  42549. defined(HAVE_ECC) || (!defined(NO_RSA) && !defined(WOLFSSL_RSA_VERIFY_ONLY))
  42550. if ((ret = mp_test_mont(a, b, r1, r2, &rng)) != 0)
  42551. goto done;
  42552. #endif
  42553. done:
  42554. #ifdef WOLFSSL_SMALL_STACK
  42555. if (p) {
  42556. mp_clear(p);
  42557. XFREE(p, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  42558. }
  42559. if (r2) {
  42560. mp_clear(r2);
  42561. XFREE(r2, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  42562. }
  42563. if (r1) {
  42564. mp_clear(r1);
  42565. XFREE(r1, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  42566. }
  42567. if (b) {
  42568. mp_clear(b);
  42569. XFREE(b, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  42570. }
  42571. if (a) {
  42572. mp_clear(a);
  42573. XFREE(a, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  42574. }
  42575. #else
  42576. mp_clear(p);
  42577. mp_clear(r2);
  42578. mp_clear(r1);
  42579. mp_clear(b);
  42580. mp_clear(a);
  42581. #endif
  42582. if (rng_inited)
  42583. wc_FreeRng(&rng);
  42584. return ret;
  42585. }
  42586. #endif /* WOLFSSL_PUBLIC_MP && ((WOLFSSL_SP_MATH_ALL &&
  42587. * !WOLFSSL_RSA_VERIFY_ONLY) || USE_FAST_MATH) */
  42588. #if defined(WOLFSSL_PUBLIC_MP) && defined(WOLFSSL_KEY_GEN)
  42589. typedef struct pairs_t {
  42590. const unsigned char* coeff;
  42591. int coeffSz;
  42592. int exp;
  42593. } pairs_t;
  42594. /*
  42595. n =p1p2p3, where pi = ki(p1-1)+1 with (k2,k3) = (173,293)
  42596. p1 = 2^192 * 0x000000000000e24fd4f6d6363200bf2323ec46285cac1d3a
  42597. + 2^0 * 0x0b2488b0c29d96c5e67f8bec15b54b189ae5636efe89b45b
  42598. */
  42599. static const unsigned char c192a[] =
  42600. {
  42601. 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0xe2, 0x4f,
  42602. 0xd4, 0xf6, 0xd6, 0x36, 0x32, 0x00, 0xbf, 0x23,
  42603. 0x23, 0xec, 0x46, 0x28, 0x5c, 0xac, 0x1d, 0x3a
  42604. };
  42605. static const unsigned char c0a[] =
  42606. {
  42607. 0x0b, 0x24, 0x88, 0xb0, 0xc2, 0x9d, 0x96, 0xc5,
  42608. 0xe6, 0x7f, 0x8b, 0xec, 0x15, 0xb5, 0x4b, 0x18,
  42609. 0x9a, 0xe5, 0x63, 0x6e, 0xfe, 0x89, 0xb4, 0x5b
  42610. };
  42611. static const pairs_t ecPairsA[] =
  42612. {
  42613. {c192a, sizeof(c192a), 192},
  42614. {c0a, sizeof(c0a), 0}
  42615. };
  42616. static const int kA[] = {173, 293};
  42617. static const unsigned char controlPrime[] = {
  42618. 0xe1, 0x76, 0x45, 0x80, 0x59, 0xb6, 0xd3, 0x49,
  42619. 0xdf, 0x0a, 0xef, 0x12, 0xd6, 0x0f, 0xf0, 0xb7,
  42620. 0xcb, 0x2a, 0x37, 0xbf, 0xa7, 0xf8, 0xb5, 0x4d,
  42621. 0xf5, 0x31, 0x35, 0xad, 0xe4, 0xa3, 0x94, 0xa1,
  42622. 0xdb, 0xf1, 0x96, 0xad, 0xb5, 0x05, 0x64, 0x85,
  42623. 0x83, 0xfc, 0x1b, 0x5b, 0x29, 0xaa, 0xbe, 0xf8,
  42624. 0x26, 0x3f, 0x76, 0x7e, 0xad, 0x1c, 0xf0, 0xcb,
  42625. 0xd7, 0x26, 0xb4, 0x1b, 0x05, 0x8e, 0x56, 0x86,
  42626. 0x7e, 0x08, 0x62, 0x21, 0xc1, 0x86, 0xd6, 0x47,
  42627. 0x79, 0x3e, 0xb7, 0x5d, 0xa4, 0xc6, 0x3a, 0xd7,
  42628. 0xb1, 0x74, 0x20, 0xf6, 0x50, 0x97, 0x41, 0x04,
  42629. 0x53, 0xed, 0x3f, 0x26, 0xd6, 0x6f, 0x91, 0xfa,
  42630. 0x68, 0x26, 0xec, 0x2a, 0xdc, 0x9a, 0xf1, 0xe7,
  42631. 0xdc, 0xfb, 0x73, 0xf0, 0x79, 0x43, 0x1b, 0x21,
  42632. 0xa3, 0x59, 0x04, 0x63, 0x52, 0x07, 0xc9, 0xd7,
  42633. 0xe6, 0xd1, 0x1b, 0x5d, 0x5e, 0x96, 0xfa, 0x53
  42634. };
  42635. static const unsigned char testOne[] = { 1 };
  42636. static wc_test_ret_t GenerateNextP(mp_int* p1, mp_int* p2, int k)
  42637. {
  42638. wc_test_ret_t ret;
  42639. #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
  42640. mp_int *ki = (mp_int *)XMALLOC(sizeof(*ki), HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  42641. if (ki == NULL)
  42642. return MEMORY_E;
  42643. #else
  42644. mp_int ki[1];
  42645. #endif
  42646. ret = mp_init(ki);
  42647. if (ret != 0)
  42648. ret = WC_TEST_RET_ENC_EC(ret);
  42649. if (ret == 0) {
  42650. ret = mp_set(ki, k);
  42651. if (ret != 0)
  42652. ret = WC_TEST_RET_ENC_EC(ret);
  42653. }
  42654. if (ret == 0) {
  42655. ret = mp_sub_d(p1, 1, p2);
  42656. if (ret != 0)
  42657. ret = WC_TEST_RET_ENC_EC(ret);
  42658. }
  42659. if (ret == 0) {
  42660. ret = mp_mul(p2, ki, p2);
  42661. if (ret != 0)
  42662. ret = WC_TEST_RET_ENC_EC(ret);
  42663. }
  42664. if (ret == 0) {
  42665. ret = mp_add_d(p2, 1, p2);
  42666. if (ret != 0)
  42667. ret = WC_TEST_RET_ENC_EC(ret);
  42668. }
  42669. mp_clear(ki);
  42670. #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
  42671. XFREE(ki, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  42672. #endif
  42673. return ret;
  42674. }
  42675. static wc_test_ret_t GenerateP(mp_int* p1, mp_int* p2, mp_int* p3,
  42676. const pairs_t* ecPairs, int ecPairsSz,
  42677. const int* k)
  42678. {
  42679. #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
  42680. mp_int *x = NULL, *y = NULL;
  42681. #else
  42682. mp_int x[1], y[1];
  42683. #endif
  42684. wc_test_ret_t ret;
  42685. int i;
  42686. #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
  42687. if (((x = (mp_int *)XMALLOC(sizeof(*x), HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER)) == NULL) ||
  42688. ((y = (mp_int *)XMALLOC(sizeof(*x), HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER)) == NULL)) {
  42689. ret = MEMORY_E;
  42690. goto out;
  42691. }
  42692. #endif
  42693. ret = mp_init_multi(x, y, NULL, NULL, NULL, NULL);
  42694. if (ret != 0) {
  42695. ret = WC_TEST_RET_ENC_EC(ret);
  42696. goto out;
  42697. }
  42698. for (i = 0; ret == 0 && i < ecPairsSz; i++) {
  42699. ret = mp_read_unsigned_bin(x, ecPairs[i].coeff, ecPairs[i].coeffSz);
  42700. if (ret != 0) {
  42701. ret = WC_TEST_RET_ENC_EC(ret);
  42702. break;
  42703. }
  42704. /* p1 = 2^exp */
  42705. ret = mp_2expt(y, ecPairs[i].exp);
  42706. if (ret != 0) {
  42707. ret = WC_TEST_RET_ENC_EC(ret);
  42708. break;
  42709. }
  42710. /* p1 = p1 * m */
  42711. ret = mp_mul(x, y, x);
  42712. if (ret != 0) {
  42713. ret = WC_TEST_RET_ENC_EC(ret);
  42714. break;
  42715. }
  42716. /* p1 += */
  42717. ret = mp_add(p1, x, p1);
  42718. if (ret != 0) {
  42719. ret = WC_TEST_RET_ENC_EC(ret);
  42720. break;
  42721. }
  42722. mp_zero(x);
  42723. mp_zero(y);
  42724. }
  42725. if (ret == 0)
  42726. ret = GenerateNextP(p1, p2, k[0]);
  42727. if (ret == 0)
  42728. ret = GenerateNextP(p1, p3, k[1]);
  42729. out:
  42730. #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
  42731. if (x != NULL) {
  42732. mp_clear(x);
  42733. XFREE(x, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  42734. }
  42735. if (y != NULL) {
  42736. mp_clear(y);
  42737. XFREE(y, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  42738. }
  42739. #else
  42740. mp_clear(x);
  42741. mp_clear(y);
  42742. #endif
  42743. return ret;
  42744. }
  42745. WOLFSSL_TEST_SUBROUTINE wc_test_ret_t prime_test(void)
  42746. {
  42747. #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
  42748. mp_int *n = (mp_int *)XMALLOC(sizeof *n, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER),
  42749. *p1 = (mp_int *)XMALLOC(sizeof *p1, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER),
  42750. *p2 = (mp_int *)XMALLOC(sizeof *p2, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER),
  42751. *p3 = (mp_int *)XMALLOC(sizeof *p3, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  42752. #else
  42753. mp_int n[1],
  42754. p1[1],
  42755. p2[1],
  42756. p3[1];
  42757. #endif
  42758. wc_test_ret_t ret;
  42759. int isPrime = 0;
  42760. WC_RNG rng;
  42761. #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
  42762. if ((n == NULL) ||
  42763. (p1 == NULL) ||
  42764. (p2 == NULL) ||
  42765. (p3 == NULL))
  42766. ERROR_OUT(MEMORY_E, out);
  42767. #endif
  42768. ret = wc_InitRng(&rng);
  42769. if (ret != 0)
  42770. ret = WC_TEST_RET_ENC_EC(ret);
  42771. if (ret == 0) {
  42772. ret = mp_init_multi(n, p1, p2, p3, NULL, NULL);
  42773. if (ret != 0)
  42774. ret = WC_TEST_RET_ENC_EC(ret);
  42775. }
  42776. if (ret == 0)
  42777. ret = GenerateP(p1, p2, p3,
  42778. ecPairsA, sizeof(ecPairsA) / sizeof(ecPairsA[0]), kA);
  42779. if (ret == 0) {
  42780. ret = mp_mul(p1, p2, n);
  42781. if (ret != 0)
  42782. ret = WC_TEST_RET_ENC_EC(ret);
  42783. }
  42784. if (ret == 0) {
  42785. ret = mp_mul(n, p3, n);
  42786. if (ret != 0)
  42787. ret = WC_TEST_RET_ENC_EC(ret);
  42788. }
  42789. if (ret != 0)
  42790. ERROR_OUT(ret, out);
  42791. /* Check the old prime test using the number that false positives.
  42792. * This test result should indicate as not prime. */
  42793. ret = mp_prime_is_prime(n, 40, &isPrime);
  42794. if (ret != 0)
  42795. ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
  42796. if (isPrime)
  42797. ERROR_OUT(WC_TEST_RET_ENC_NC, out);
  42798. /* This test result should fail. It should indicate the value as prime. */
  42799. ret = mp_prime_is_prime(n, 8, &isPrime);
  42800. if (ret != 0)
  42801. ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
  42802. if (!isPrime)
  42803. ERROR_OUT(WC_TEST_RET_ENC_NC, out);
  42804. /* This test result should indicate the value as not prime. */
  42805. ret = mp_prime_is_prime_ex(n, 8, &isPrime, &rng);
  42806. if (ret != 0)
  42807. ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
  42808. if (isPrime)
  42809. ERROR_OUT(WC_TEST_RET_ENC_NC, out);
  42810. ret = mp_read_unsigned_bin(n, controlPrime, sizeof(controlPrime));
  42811. if (ret != 0)
  42812. ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
  42813. /* This test result should indicate the value as prime. */
  42814. ret = mp_prime_is_prime_ex(n, 8, &isPrime, &rng);
  42815. if (ret != 0)
  42816. ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
  42817. if (!isPrime)
  42818. ERROR_OUT(WC_TEST_RET_ENC_NC, out);
  42819. /* This test result should indicate the value as prime. */
  42820. isPrime = -1;
  42821. ret = mp_prime_is_prime(n, 8, &isPrime);
  42822. if (ret != 0)
  42823. ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
  42824. if (!isPrime)
  42825. ERROR_OUT(WC_TEST_RET_ENC_NC, out);
  42826. ret = mp_read_unsigned_bin(n, testOne, sizeof(testOne));
  42827. if (ret != 0)
  42828. ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
  42829. /* This test result should indicate the value as not prime. */
  42830. ret = mp_prime_is_prime_ex(n, 8, &isPrime, &rng);
  42831. if (ret != 0)
  42832. ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
  42833. if (isPrime)
  42834. ERROR_OUT(WC_TEST_RET_ENC_NC, out);
  42835. ret = mp_prime_is_prime(n, 8, &isPrime);
  42836. if (ret != 0)
  42837. ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
  42838. if (isPrime)
  42839. ERROR_OUT(WC_TEST_RET_ENC_NC, out);
  42840. ret = 0;
  42841. out:
  42842. #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
  42843. if (n != NULL) {
  42844. mp_clear(n);
  42845. XFREE(n, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  42846. }
  42847. if (p1 != NULL) {
  42848. mp_clear(p1);
  42849. XFREE(p1, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  42850. }
  42851. if (p2 != NULL) {
  42852. mp_clear(p2);
  42853. XFREE(p2, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  42854. }
  42855. if (p3 != NULL) {
  42856. mp_clear(p3);
  42857. XFREE(p3, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  42858. }
  42859. #else
  42860. mp_clear(p3);
  42861. mp_clear(p2);
  42862. mp_clear(p1);
  42863. mp_clear(n);
  42864. #endif
  42865. wc_FreeRng(&rng);
  42866. return ret;
  42867. }
  42868. #endif /* WOLFSSL_PUBLIC_MP */
  42869. #if defined(ASN_BER_TO_DER) && \
  42870. (defined(WOLFSSL_TEST_CERT) || defined(OPENSSL_EXTRA) || \
  42871. defined(OPENSSL_EXTRA_X509_SMALL))
  42872. /* wc_BerToDer is only public facing in the case of test cert or opensslextra */
  42873. typedef struct berDerTestData {
  42874. const byte *in;
  42875. word32 inSz;
  42876. const byte *out;
  42877. word32 outSz;
  42878. } berDerTestData;
  42879. WOLFSSL_TEST_SUBROUTINE wc_test_ret_t berder_test(void)
  42880. {
  42881. wc_test_ret_t ret;
  42882. int i;
  42883. word32 len = 0, l;
  42884. byte out[32];
  42885. WOLFSSL_SMALL_STACK_STATIC const byte good1_in[] = { 0x30, 0x80, 0x00, 0x00 };
  42886. WOLFSSL_SMALL_STACK_STATIC const byte good1_out[] = { 0x30, 0x00 };
  42887. WOLFSSL_SMALL_STACK_STATIC const byte good2_in[] = { 0x30, 0x80, 0x02, 0x01, 0x01, 0x00, 0x00 };
  42888. WOLFSSL_SMALL_STACK_STATIC const byte good2_out[] = { 0x30, 0x03, 0x02, 0x01, 0x01 };
  42889. WOLFSSL_SMALL_STACK_STATIC const byte good3_in[] = {
  42890. 0x24, 0x80, 0x04, 0x01, 0x01, 0x00, 0x00
  42891. };
  42892. WOLFSSL_SMALL_STACK_STATIC const byte good3_out[] = { 0x04, 0x1, 0x01 };
  42893. WOLFSSL_SMALL_STACK_STATIC const byte good4_in[] = {
  42894. 0x30, 0x80,
  42895. 0x02, 0x01, 0x01,
  42896. 0x30, 0x80,
  42897. 0x24, 0x80,
  42898. 0x04, 0x01, 0x01,
  42899. 0x04, 0x02, 0x02, 0x03,
  42900. 0x00, 0x00,
  42901. 0x06, 0x01, 0x01,
  42902. 0x00, 0x00,
  42903. 0x31, 0x80,
  42904. 0x06, 0x01, 0x01,
  42905. 0x00, 0x00,
  42906. 0x00, 0x00,
  42907. };
  42908. WOLFSSL_SMALL_STACK_STATIC const byte good4_out[] = {
  42909. 0x30, 0x12,
  42910. 0x02, 0x01, 0x01,
  42911. 0x30, 0x08,
  42912. 0x04, 0x03, 0x01, 0x02, 0x03,
  42913. 0x06, 0x01, 0x01,
  42914. 0x31, 0x03,
  42915. 0x06, 0x01, 0x01
  42916. };
  42917. WOLFSSL_SMALL_STACK_STATIC const byte good5_in[] = { 0x30, 0x03, 0x02, 0x01, 0x01 };
  42918. berDerTestData testData[] = {
  42919. { good1_in, sizeof(good1_in), good1_out, sizeof(good1_out) },
  42920. { good2_in, sizeof(good2_in), good2_out, sizeof(good2_out) },
  42921. { good3_in, sizeof(good3_in), good3_out, sizeof(good3_out) },
  42922. { good4_in, sizeof(good4_in), good4_out, sizeof(good4_out) },
  42923. { good5_in, sizeof(good5_in), good5_in , sizeof(good5_in ) },
  42924. };
  42925. for (i = 0; i < (int)(sizeof(testData) / sizeof(*testData)); i++) {
  42926. ret = wc_BerToDer(testData[i].in, testData[i].inSz, NULL, &len);
  42927. if (ret != LENGTH_ONLY_E)
  42928. return WC_TEST_RET_ENC_I(i);
  42929. if (len != testData[i].outSz)
  42930. return WC_TEST_RET_ENC_I(i);
  42931. len = testData[i].outSz;
  42932. ret = wc_BerToDer(testData[i].in, testData[i].inSz, out, &len);
  42933. if (ret != 0)
  42934. return WC_TEST_RET_ENC_I(i);
  42935. if (XMEMCMP(out, testData[i].out, len) != 0)
  42936. return WC_TEST_RET_ENC_I(i);
  42937. for (l = 1; l < testData[i].inSz; l++) {
  42938. ret = wc_BerToDer(testData[i].in, l, NULL, &len);
  42939. if (ret != ASN_PARSE_E)
  42940. return WC_TEST_RET_ENC_EC(ret);
  42941. len = testData[i].outSz;
  42942. ret = wc_BerToDer(testData[i].in, l, out, &len);
  42943. if (ret != ASN_PARSE_E)
  42944. return WC_TEST_RET_ENC_EC(ret);
  42945. }
  42946. for (l = 0; l < testData[i].outSz-1; l++) {
  42947. ret = wc_BerToDer(testData[i].in, testData[i].inSz, out, &l);
  42948. if (ret != BUFFER_E)
  42949. return WC_TEST_RET_ENC_EC(ret);
  42950. }
  42951. }
  42952. ret = wc_BerToDer(NULL, 4, NULL, NULL);
  42953. if (ret != BAD_FUNC_ARG)
  42954. return WC_TEST_RET_ENC_EC(ret);
  42955. ret = wc_BerToDer(out, 4, NULL, NULL);
  42956. if (ret != BAD_FUNC_ARG)
  42957. return WC_TEST_RET_ENC_EC(ret);
  42958. ret = wc_BerToDer(NULL, 4, NULL, &len);
  42959. if (ret != BAD_FUNC_ARG)
  42960. return WC_TEST_RET_ENC_EC(ret);
  42961. ret = wc_BerToDer(NULL, 4, out, NULL);
  42962. if (ret != BAD_FUNC_ARG)
  42963. return WC_TEST_RET_ENC_EC(ret);
  42964. ret = wc_BerToDer(out, 4, out, NULL);
  42965. if (ret != BAD_FUNC_ARG)
  42966. return WC_TEST_RET_ENC_EC(ret);
  42967. ret = wc_BerToDer(NULL, 4, out, &len);
  42968. if (ret != BAD_FUNC_ARG)
  42969. return WC_TEST_RET_ENC_EC(ret);
  42970. for (l = 1; l < sizeof(good4_out); l++) {
  42971. len = l;
  42972. ret = wc_BerToDer(good4_in, sizeof(good4_in), out, &len);
  42973. if (ret != BUFFER_E)
  42974. return WC_TEST_RET_ENC_EC(ret);
  42975. }
  42976. return 0;
  42977. }
  42978. #endif
  42979. #ifdef DEBUG_WOLFSSL
  42980. static THREAD_LS_T int log_cnt = 0;
  42981. static void my_Logging_cb(const int logLevel, const char *const logMessage)
  42982. {
  42983. (void)logLevel;
  42984. (void)logMessage;
  42985. log_cnt++;
  42986. }
  42987. #endif /* DEBUG_WOLFSSL */
  42988. WOLFSSL_TEST_SUBROUTINE wc_test_ret_t logging_test(void)
  42989. {
  42990. wc_test_ret_t ret;
  42991. #ifdef DEBUG_WOLFSSL
  42992. const char* msg = "Testing, testing. 1, 2, 3, 4 ...";
  42993. byte a[8] = { 1, 2, 3, 4, 5, 6, 7, 8 };
  42994. byte b[256];
  42995. int i;
  42996. for (i = 0; i < (int)sizeof(b); i++)
  42997. b[i] = i;
  42998. ret = wolfSSL_Debugging_ON();
  42999. if (ret != 0)
  43000. return WC_TEST_RET_ENC_EC(ret);
  43001. ret = wolfSSL_SetLoggingCb(my_Logging_cb);
  43002. if (ret != 0)
  43003. return WC_TEST_RET_ENC_EC(ret);
  43004. WOLFSSL_MSG(msg);
  43005. WOLFSSL_BUFFER(a, sizeof(a));
  43006. WOLFSSL_BUFFER(b, sizeof(b));
  43007. WOLFSSL_BUFFER(NULL, 0);
  43008. WOLFSSL_ERROR(MEMORY_E);
  43009. WOLFSSL_ERROR_MSG(msg);
  43010. /* turn off logs */
  43011. wolfSSL_Debugging_OFF();
  43012. /* capture log count */
  43013. i = log_cnt;
  43014. /* validate no logs are output when disabled */
  43015. WOLFSSL_MSG(msg);
  43016. WOLFSSL_BUFFER(a, sizeof(a));
  43017. WOLFSSL_BUFFER(b, sizeof(b));
  43018. WOLFSSL_BUFFER(NULL, 0);
  43019. WOLFSSL_ERROR(MEMORY_E);
  43020. WOLFSSL_ERROR_MSG(msg);
  43021. /* check the logs were disabled */
  43022. if (i != log_cnt)
  43023. return WC_TEST_RET_ENC_NC;
  43024. /* restore callback and leave logging enabled */
  43025. wolfSSL_SetLoggingCb(NULL);
  43026. wolfSSL_Debugging_ON();
  43027. /* suppress unused args */
  43028. (void)a;
  43029. (void)b;
  43030. #else
  43031. ret = wolfSSL_Debugging_ON();
  43032. if (ret != NOT_COMPILED_IN)
  43033. return WC_TEST_RET_ENC_EC(ret);
  43034. wolfSSL_Debugging_OFF();
  43035. ret = wolfSSL_SetLoggingCb(NULL);
  43036. if (ret != NOT_COMPILED_IN)
  43037. return WC_TEST_RET_ENC_EC(ret);
  43038. #endif /* DEBUG_WOLFSSL */
  43039. return 0;
  43040. }
  43041. #if defined(__INCLUDE_NUTTX_CONFIG_H)
  43042. WOLFSSL_TEST_SUBROUTINE wc_test_ret_t wolfcrypt_mutex_test(void)
  43043. #else
  43044. WOLFSSL_TEST_SUBROUTINE wc_test_ret_t mutex_test(void)
  43045. #endif
  43046. {
  43047. #ifdef WOLFSSL_PTHREADS
  43048. wolfSSL_Mutex m;
  43049. #endif
  43050. #if defined(WOLFSSL_PTHREADS) || (!defined(WOLFSSL_NO_MALLOC) && \
  43051. !defined(WOLFSSL_USER_MUTEX) && defined(WOLFSSL_STATIC_MEMORY))
  43052. wc_test_ret_t ret;
  43053. #endif
  43054. #if !defined(WOLFSSL_NO_MALLOC) && !defined(WOLFSSL_USER_MUTEX)
  43055. #ifndef WOLFSSL_STATIC_MEMORY
  43056. wolfSSL_Mutex *mm = wc_InitAndAllocMutex();
  43057. #else
  43058. wolfSSL_Mutex *mm = (wolfSSL_Mutex*) XMALLOC(sizeof(wolfSSL_Mutex),
  43059. HEAP_HINT, DYNAMIC_TYPE_MUTEX);
  43060. if (mm != NULL) {
  43061. ret = wc_InitMutex(mm);
  43062. if (ret != 0) {
  43063. WOLFSSL_MSG("Init Mutex failed");
  43064. XFREE(mm, HEAP_HINT, DYNAMIC_TYPE_MUTEX);
  43065. return WC_TEST_RET_ENC_EC(ret);
  43066. }
  43067. }
  43068. #endif
  43069. if (mm == NULL)
  43070. return WC_TEST_RET_ENC_ERRNO;
  43071. wc_FreeMutex(mm);
  43072. XFREE(mm, HEAP_HINT, DYNAMIC_TYPE_MUTEX);
  43073. #endif
  43074. /* Can optionally enable advanced pthread tests using "ENABLE_PTHREAD_LOCKFREE_TESTS" */
  43075. #ifdef WOLFSSL_PTHREADS
  43076. ret = wc_InitMutex(&m);
  43077. if (ret != 0)
  43078. return WC_TEST_RET_ENC_EC(ret);
  43079. ret = wc_LockMutex(&m);
  43080. if (ret != 0)
  43081. return WC_TEST_RET_ENC_EC(ret);
  43082. #if !defined(WOLFSSL_SOLARIS) && defined(ENABLE_PTHREAD_LOCKFREE_TESTS)
  43083. /* trying to free a locked mutex is not portable behavior with pthread */
  43084. /* Attempting to destroy a locked mutex results in undefined behavior */
  43085. ret = wc_FreeMutex(&m);
  43086. if (ret != BAD_MUTEX_E)
  43087. return WC_TEST_RET_ENC_EC(ret);
  43088. #endif
  43089. ret = wc_UnLockMutex(&m);
  43090. if (ret != 0)
  43091. return WC_TEST_RET_ENC_EC(ret);
  43092. ret = wc_FreeMutex(&m);
  43093. if (ret != 0)
  43094. return WC_TEST_RET_ENC_EC(ret);
  43095. #if !defined(WOLFSSL_SOLARIS) && defined(ENABLE_PTHREAD_LOCKFREE_TESTS)
  43096. /* Trying to use a pthread after free'ing is not portable behavior */
  43097. ret = wc_LockMutex(&m);
  43098. if (ret != BAD_MUTEX_E)
  43099. return WC_TEST_RET_ENC_EC(ret);
  43100. ret = wc_UnLockMutex(&m);
  43101. if (ret != BAD_MUTEX_E)
  43102. return WC_TEST_RET_ENC_EC(ret);
  43103. #endif
  43104. #endif
  43105. return 0;
  43106. }
  43107. #if defined(USE_WOLFSSL_MEMORY) && !defined(FREERTOS)
  43108. #if !defined(WOLFSSL_NO_MALLOC) && !defined(WOLFSSL_LINUXKM) && \
  43109. !defined(WOLFSSL_STATIC_MEMORY)
  43110. static wc_test_ret_t malloc_cnt = 0;
  43111. static wc_test_ret_t realloc_cnt = 0;
  43112. static wc_test_ret_t free_cnt = 0;
  43113. #ifdef WOLFSSL_DEBUG_MEMORY
  43114. static void *my_Malloc_cb(size_t size, const char* func, unsigned int line)
  43115. {
  43116. (void) func;
  43117. (void) line;
  43118. #else
  43119. static void *my_Malloc_cb(size_t size)
  43120. {
  43121. #endif
  43122. malloc_cnt++;
  43123. #ifndef WOLFSSL_NO_MALLOC
  43124. return malloc(size);
  43125. #else
  43126. WOLFSSL_MSG("No malloc available");
  43127. (void)size;
  43128. return NULL;
  43129. #endif
  43130. }
  43131. #ifdef WOLFSSL_DEBUG_MEMORY
  43132. static void my_Free_cb(void *ptr, const char* func, unsigned int line)
  43133. {
  43134. (void) func;
  43135. (void) line;
  43136. #else
  43137. static void my_Free_cb(void *ptr)
  43138. {
  43139. #endif
  43140. free_cnt++;
  43141. #ifndef WOLFSSL_NO_MALLOC
  43142. free(ptr);
  43143. #else
  43144. WOLFSSL_MSG("No free available");
  43145. (void)ptr;
  43146. #endif
  43147. }
  43148. #ifdef WOLFSSL_DEBUG_MEMORY
  43149. static void *my_Realloc_cb(void *ptr, size_t size, const char* func, unsigned int line)
  43150. {
  43151. (void) func;
  43152. (void) line;
  43153. #else
  43154. static void *my_Realloc_cb(void *ptr, size_t size)
  43155. {
  43156. #endif
  43157. realloc_cnt++;
  43158. #ifndef WOLFSSL_NO_MALLOC
  43159. return realloc(ptr, size);
  43160. #else
  43161. WOLFSSL_MSG("No realloc available");
  43162. (void)ptr;
  43163. (void)size;
  43164. return NULL;
  43165. #endif
  43166. }
  43167. #endif /* !WOLFSSL_NO_MALLOC */
  43168. WOLFSSL_TEST_SUBROUTINE wc_test_ret_t memcb_test(void)
  43169. {
  43170. wc_test_ret_t ret = 0;
  43171. #if !defined(WOLFSSL_NO_MALLOC) && !defined(WOLFSSL_LINUXKM) && \
  43172. !defined(WOLFSSL_STATIC_MEMORY)
  43173. byte* b = NULL;
  43174. #endif
  43175. wolfSSL_Malloc_cb mc;
  43176. wolfSSL_Free_cb fc;
  43177. wolfSSL_Realloc_cb rc;
  43178. /* Save existing memory callbacks */
  43179. ret = wolfSSL_GetAllocators(&mc, &fc, &rc);
  43180. if (ret != 0)
  43181. return WC_TEST_RET_ENC_EC(ret);
  43182. #if !defined(WOLFSSL_NO_MALLOC) && !defined(WOLFSSL_LINUXKM) && \
  43183. !defined(WOLFSSL_STATIC_MEMORY)
  43184. /* test realloc */
  43185. b = (byte*)XREALLOC(b, 1024, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  43186. if (b == NULL) {
  43187. ERROR_OUT(WC_TEST_RET_ENC_ERRNO, exit_memcb);
  43188. }
  43189. XFREE(b, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  43190. b = NULL;
  43191. /* Use API. */
  43192. ret = wolfSSL_SetAllocators((wolfSSL_Malloc_cb)my_Malloc_cb,
  43193. (wolfSSL_Free_cb)my_Free_cb,
  43194. (wolfSSL_Realloc_cb)my_Realloc_cb);
  43195. if (ret != 0) {
  43196. ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_memcb);
  43197. }
  43198. b = (byte*)XMALLOC(1024, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  43199. b = (byte*)XREALLOC(b, 1024, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  43200. XFREE(b, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  43201. #ifndef WOLFSSL_STATIC_MEMORY
  43202. #ifndef WOLFSSL_CHECK_MEM_ZERO
  43203. if (malloc_cnt != 1 || free_cnt != 1 || realloc_cnt != 1)
  43204. #else
  43205. /* Checking zeroized memory means realloc is a malloc and free. */
  43206. if (malloc_cnt != 2 || free_cnt != 2 || realloc_cnt != 0)
  43207. #endif
  43208. #else
  43209. if (malloc_cnt != 0 || free_cnt != 0 || realloc_cnt != 0)
  43210. #endif
  43211. ret = WC_TEST_RET_ENC_NC;
  43212. #endif /* !WOLFSSL_NO_MALLOC */
  43213. #if !defined(WOLFSSL_NO_MALLOC) && !defined(WOLFSSL_LINUXKM) && \
  43214. !defined(WOLFSSL_STATIC_MEMORY)
  43215. exit_memcb:
  43216. /* reset malloc/free/realloc counts */
  43217. malloc_cnt = 0;
  43218. free_cnt = 0;
  43219. realloc_cnt = 0;
  43220. #endif
  43221. /* restore memory callbacks */
  43222. wolfSSL_SetAllocators(mc, fc, rc);
  43223. return ret;
  43224. }
  43225. #endif /* USE_WOLFSSL_MEMORY && !WOLFSSL_NO_MALLOC */
  43226. #if defined(WOLFSSL_CAAM_BLOB)
  43227. WOLFSSL_TEST_SUBROUTINE wc_test_ret_t blob_test(void)
  43228. {
  43229. wc_test_ret_t ret = 0;
  43230. byte out[112];
  43231. byte blob[112];
  43232. word32 outSz;
  43233. WOLFSSL_SMALL_STACK_STATIC const byte iv[] =
  43234. {
  43235. 0xf0,0xf1,0xf2,0xf3,0xf4,0xf5,0xf6,0xf7,
  43236. 0xf8,0xf9,0xfa,0xfb,0xfc,0xfd,0xfe,0xff
  43237. };
  43238. WOLFSSL_SMALL_STACK_STATIC const byte text[] =
  43239. {
  43240. 0x6b,0xc1,0xbe,0xe2,0x2e,0x40,0x9f,0x96,
  43241. 0xe9,0x3d,0x7e,0x11,0x73,0x93,0x17,0x2a,
  43242. 0xae,0x2d,0x8a,0x57,0x1e,0x03,0xac,0x9c,
  43243. 0x9e,0xb7,0x6f,0xac,0x45,0xaf,0x8e,0x51,
  43244. 0x30,0xc8,0x1c,0x46,0xa3,0x5c,0xe4,0x11,
  43245. 0xe5,0xfb,0xc1,0x19,0x1a,0x0a,0x52,0xef,
  43246. 0xf6,0x9f,0x24,0x45,0xdf,0x4f,0x9b,0x17,
  43247. 0xad,0x2b,0x41,0x7b,0xe6,0x6c,0x37,0x10
  43248. };
  43249. XMEMSET(blob, 0, sizeof(blob));
  43250. XMEMSET(out, 0, sizeof(out));
  43251. outSz = sizeof(blob);
  43252. ret = wc_caamCreateBlob((byte*)iv, sizeof(iv), blob, &outSz);
  43253. if (ret != 0)
  43254. ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_blob);
  43255. blob[outSz - 2] += 1;
  43256. ret = wc_caamOpenBlob(blob, outSz, out, &outSz);
  43257. if (ret == 0) { /* should fail with altered blob */
  43258. ERROR_OUT(WC_TEST_RET_ENC_NC, exit_blob);
  43259. }
  43260. XMEMSET(blob, 0, sizeof(blob));
  43261. outSz = sizeof(blob);
  43262. ret = wc_caamCreateBlob((byte*)iv, sizeof(iv), blob, &outSz);
  43263. if (ret != 0)
  43264. ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_blob);
  43265. ret = wc_caamOpenBlob(blob, outSz, out, &outSz);
  43266. if (ret != 0)
  43267. ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_blob);
  43268. if (XMEMCMP(out, iv, sizeof(iv))) {
  43269. ERROR_OUT(WC_TEST_RET_ENC_NC, exit_blob);
  43270. }
  43271. XMEMSET(blob, 0, sizeof(blob));
  43272. outSz = sizeof(blob);
  43273. ret = wc_caamCreateBlob((byte*)text, sizeof(text), blob, &outSz);
  43274. if (ret != 0)
  43275. ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_blob);
  43276. ret = wc_caamOpenBlob(blob, outSz, out, &outSz);
  43277. if (ret != 0)
  43278. ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_blob);
  43279. if (XMEMCMP(out, text, sizeof(text))) {
  43280. ERROR_OUT(WC_TEST_RET_ENC_NC, exit_blob);
  43281. }
  43282. exit_blob:
  43283. return ret;
  43284. }
  43285. #endif /* WOLFSSL_CAAM_BLOB */
  43286. #ifdef WOLF_CRYPTO_CB
  43287. /* Example custom context for crypto callback */
  43288. typedef struct {
  43289. int exampleVar; /* flag for testing if only crypt is enabled. */
  43290. } myCryptoDevCtx;
  43291. #ifdef WOLF_CRYPTO_CB_ONLY_RSA
  43292. /* Testing rsa cb when CB_ONLY_RSA is enabled
  43293. * When CB_ONLY_RSA is enabled, software imple. is not available.
  43294. *
  43295. * ctx callback ctx
  43296. * returen 0 on success, otherwise return negative
  43297. */
  43298. static wc_test_ret_t rsa_onlycb_test(myCryptoDevCtx *ctx)
  43299. {
  43300. wc_test_ret_t ret = 0;
  43301. #if !defined(NO_RSA)
  43302. #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
  43303. RsaKey *key = (RsaKey *)XMALLOC(sizeof *key,
  43304. HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  43305. byte* tmp = NULL;
  43306. #else
  43307. RsaKey key[1];
  43308. byte tmp[FOURK_BUF];
  43309. #endif
  43310. size_t bytes;
  43311. const word32 inLen = (word32)TEST_STRING_SZ;
  43312. word32 idx = 0;
  43313. word32 sigSz;
  43314. WOLFSSL_SMALL_STACK_STATIC const byte in[] = TEST_STRING;
  43315. byte out[RSA_TEST_BYTES];
  43316. #if !defined(USE_CERT_BUFFERS_1024) && !defined(USE_CERT_BUFFERS_2048) && \
  43317. !defined(USE_CERT_BUFFERS_3072) && !defined(USE_CERT_BUFFERS_4096) && \
  43318. !defined(NO_FILESYSTEM)
  43319. XFILE file;
  43320. #endif
  43321. #ifdef WOLFSSL_KEY_GEN
  43322. WC_RNG rng;
  43323. #endif
  43324. #ifdef USE_CERT_BUFFERS_1024
  43325. bytes = (size_t)sizeof_client_key_der_1024;
  43326. if (bytes < (size_t)sizeof_client_cert_der_1024)
  43327. bytes = (size_t)sizeof_client_cert_der_1024;
  43328. #elif defined(USE_CERT_BUFFERS_2048)
  43329. bytes = (size_t)sizeof_client_key_der_2048;
  43330. if (bytes < (size_t)sizeof_client_cert_der_2048)
  43331. bytes = (size_t)sizeof_client_cert_der_2048;
  43332. #elif defined(USE_CERT_BUFFERS_3072)
  43333. bytes = (size_t)sizeof_client_key_der_3072;
  43334. if (bytes < (size_t)sizeof_client_cert_der_3072)
  43335. bytes = (size_t)sizeof_client_cert_der_3072;
  43336. #elif defined(USE_CERT_BUFFERS_4096)
  43337. bytes = (size_t)sizeof_client_key_der_4096;
  43338. if (bytes < (size_t)sizeof_client_cert_der_4096)
  43339. bytes = (size_t)sizeof_client_cert_der_4096;
  43340. #else
  43341. bytes = FOURK_BUF;
  43342. #endif
  43343. #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
  43344. tmp = (byte*)XMALLOC(bytes, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  43345. if (tmp == NULL)
  43346. ERROR_OUT(WC_TEST_RET_ENC_ERRNO, exit_onlycb);
  43347. #endif
  43348. #ifdef USE_CERT_BUFFERS_1024
  43349. XMEMCPY(tmp, client_key_der_1024, (size_t)sizeof_client_key_der_1024);
  43350. #elif defined(USE_CERT_BUFFERS_2048)
  43351. XMEMCPY(tmp, client_key_der_2048, (size_t)sizeof_client_key_der_2048);
  43352. #elif defined(USE_CERT_BUFFERS_3072)
  43353. XMEMCPY(tmp, client_key_der_3072, (size_t)sizeof_client_key_der_3072);
  43354. #elif defined(USE_CERT_BUFFERS_4096)
  43355. XMEMCPY(tmp, client_key_der_4096, (size_t)sizeof_client_key_der_4096);
  43356. #elif !defined(NO_FILESYSTEM)
  43357. file = XFOPEN(clientKey, "rb");
  43358. if (!file) {
  43359. ret = WC_TEST_RET_ENC_ERRNO;
  43360. err_sys("can't open ./certs/client-key.der, "
  43361. "Please run from wolfSSL home dir", ret);
  43362. ERROR_OUT(ret, exit_onlycb);
  43363. }
  43364. bytes = XFREAD(tmp, 1, FOURK_BUF, file);
  43365. XFCLOSE(file);
  43366. if (bytes == 0)
  43367. ERROR_OUT(WC_TEST_RET_ENC_ERRNO, exit_onlycb);
  43368. #endif
  43369. #ifdef WOLFSSL_KEY_GEN
  43370. /* wc_CryptoCb_MakeRsaKey cb test, no actual making key
  43371. * wc_MakeRsaKey() -> rsa cb ->
  43372. * myCryptoDevCb -> wc_MakeRsaKey(CBONLY_TEST_DEVID)
  43373. * wc_MakeRsaKey(CBONLY_TEST_DEVID) expects to return 0(success)
  43374. */
  43375. ctx->exampleVar = 99;
  43376. ret = wc_MakeRsaKey(key, keySz, WC_RSA_EXPONENT, rng);
  43377. if (ret != 0)
  43378. ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_onlycb);
  43379. /* wc_MakeRsaKey() -> rsa cb ->
  43380. * myCryptoDevCb -> wc_MakeRsaKey(INVALID_DEVID)
  43381. * wc_MakeRsaKey(CBONLY_TEST_DEVID) expects to return NO_VALID_DEVID(failure)
  43382. */
  43383. ctx->exampleVar = 1;
  43384. ret = wc_MakeRsaKey(key, keySz, WC_RSA_EXPONENT, rng);
  43385. if (ret != NO_VALID_DEVID) {
  43386. ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_onlycb);
  43387. } else
  43388. /* reset return code */
  43389. ret = 0;
  43390. #endif
  43391. ret = wc_InitRsaKey_ex(key, HEAP_HINT, devId);
  43392. if (ret != 0)
  43393. ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_onlycb);
  43394. ret = wc_RsaPrivateKeyDecode(tmp, &idx, key, (word32)bytes);
  43395. if (ret != 0)
  43396. ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_onlycb);
  43397. sigSz = (word32)wc_RsaEncryptSize(key);
  43398. /* wc_CryptoCb_Rsa cb test, no actual rsa operation */
  43399. if (ret == 0) {
  43400. /* wc_SignatureGenerate() -> rsa cb ->
  43401. * myCryptoDevCb -> wc_RsaFunction(CBONLY_TEST_DEVID)
  43402. * wc_RsaFunction(CBONLY_TEST_DEVID) expects to return 0(success)
  43403. */
  43404. ctx->exampleVar = 99;
  43405. ret = wc_SignatureGenerate(WC_HASH_TYPE_SHA256, WC_SIGNATURE_TYPE_RSA,
  43406. in, inLen, out, &sigSz, key, sizeof(*key), NULL);
  43407. if (ret != 0)
  43408. ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_onlycb);
  43409. }
  43410. if (ret == 0) {
  43411. /* wc_SignatureGenerate() -> rsa cb ->
  43412. * myCryptoDevCb -> wc_RsaFunction(INVALID_DEVID)
  43413. * wc_SignatureGenerate(INVALID_DEVID) expects to
  43414. * return NO_VALID_DEVID(failure)
  43415. */
  43416. ctx->exampleVar = 1;
  43417. ret = wc_SignatureGenerate(WC_HASH_TYPE_SHA256, WC_SIGNATURE_TYPE_RSA,
  43418. in, inLen, out, &sigSz, key, sizeof(*key), NULL);
  43419. if (ret != NO_VALID_DEVID) {
  43420. ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_onlycb);
  43421. } else
  43422. /* reset return code */
  43423. ret = 0;
  43424. }
  43425. exit_onlycb:
  43426. #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
  43427. if (key != NULL) {
  43428. wc_FreeRsaKey(key);
  43429. XFREE(key, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  43430. }
  43431. XFREE(tmp, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  43432. #else
  43433. wc_FreeRsaKey(key);
  43434. #endif
  43435. #endif
  43436. return ret;
  43437. }
  43438. #endif
  43439. #ifdef WOLF_CRYPTO_CB_ONLY_ECC
  43440. /* Testing rsa cb when CB_ONLY_ECC is enabled
  43441. * When CB_ONLY_ECC is enabled, software imple. is not available.
  43442. *
  43443. * ctx callback ctx
  43444. * returen 0 on success, otherwise return negative
  43445. */
  43446. static wc_test_ret_t ecc_onlycb_test(myCryptoDevCtx *ctx)
  43447. {
  43448. wc_test_ret_t ret = 0;
  43449. #if defined(HAVE_ECC)
  43450. #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
  43451. ecc_key* key = (ecc_key *)XMALLOC(sizeof *key,
  43452. HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  43453. ecc_key* pub = (ecc_key *)XMALLOC(sizeof *pub,
  43454. HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  43455. byte* out = (byte*)XMALLOC(sizeof(byte),
  43456. HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  43457. #ifdef OPENSSL_EXTRA
  43458. byte* check = (byte*)XMALLOC(sizeof(byte)*(256), HEAP_HINT,
  43459. DYNAMIC_TYPE_TMP_BUFFER);
  43460. #endif
  43461. #else
  43462. ecc_key key[1];
  43463. ecc_key pub[1];
  43464. byte out[256];
  43465. #ifdef OPENSSL_EXTRA
  43466. unsigned char check[256];
  43467. #endif
  43468. #endif
  43469. #ifdef OPENSSL_EXTRA
  43470. EVP_PKEY* privKey = NULL;
  43471. EVP_PKEY* pubKey = NULL;
  43472. #ifdef USE_CERT_BUFFERS_256
  43473. ecc_key* pkey;
  43474. const unsigned char* cp;
  43475. #endif
  43476. EVP_MD_CTX mdCtx;
  43477. const char testData[] = "Hi There";
  43478. size_t checkSz = -1;
  43479. const unsigned char* p;
  43480. const unsigned char check_v[256] = {
  43481. 0x30,0x45,0x02,0x20,0x1b,0x5c,0x2a,0xf0,0x18,0x09,
  43482. 0x74,0x65,0xa1,0x04,0x76,0x3a,0xce,0xcc,0xe5,0x34,
  43483. 0x5e,0x89,0xed,0x40,0x1e,0x5a,0xb1,0x53,0xb4,0xff,
  43484. 0xc7,0x18,0xfe,0x0f,0xc7,0xa6,0x02,0x21,0x00,0xe5,
  43485. 0x70,0x21,0xfc,0xf9,0x63,0x36,0xfd,0x16,0x18,0x08,
  43486. 0x9a,0x63,0x61,0x0f,0xe7,0x7c,0xa3,0xc9,0x14,0xa3,
  43487. 0x30,0x87,0xf7,0xf5,0x70,0x19,0xaf,0x56,0x96,0x9b,
  43488. 0xd8,0x64,0xcd,0xd9,0xff,0x7b,0x2a,0x55,0x52,0xca,
  43489. 0x41,0xb2,0xa6,0xa4,0x8a,0x3b,0x02,0x20,0x8c,0xc5,
  43490. 0xf9,0xc1,0x7d,0x2a,0x65,0x6c,0xe6,0x5a,0xe3,0x76,
  43491. 0x9b,0xab,0x0b,0x9f,0xaf,0x62,0x5d,0xb2,0x60,0xd7,
  43492. 0xeb,0xb4,0x1b,0x73,0xdc,0x01,0x7d,0x7b,0xab,0xc1,
  43493. 0x0c,0x74,0x96,0x41,0xe6,0x3f,0xc5,0x86,0xe6,0x7d,
  43494. 0x2b,0x9d,0x54,0x6b,0xcd,0x31,0x35,0x1f,0xdb,0x49,
  43495. 0x1f,0x32,0x34,0xf8,0x57,0x12,0x86,0x5c,0x0e,0x80,
  43496. 0x55,0x8d,0xff,0xd8,0xbd,0xdf,0x32,0x26,0x62,0x42,
  43497. 0x09,0xda,0xf7,0x74,0xf2,0x3f,0xe6,0xf1,0x77,0x82,
  43498. 0xce,0xe4,0xbb,0x61,0xa6,0xc0,0x17,0x0c,0x6c,0x47,
  43499. 0x2a,0x40,0x1c,0x2b,0xe0,0x98,0x3b,0xbf,0xc6,0xf8,
  43500. 0x6d,0xfd,0xd0,0xfa,0xc1,0x02,0xfb,0x5f,0xfb,0xb0,
  43501. 0xcb,0xd9,0xa3,0x59,0x94,0xe9,0x0f,0x74,0xbb,0x3f,
  43502. 0x64,0xa3,0x83,0xc4,0x2b,0xf7,0xd2,0x97,0xbf,0x3b,
  43503. 0xcf,0xbb,0x60,0x81,0x33,0x94,0xfa,0x0d,0x35,0xd2,
  43504. 0x3d,0xb9,0x99,0xe3,0x12,0xf8,0xf4,0xa3,0x74,0xf4,
  43505. 0x94,0x1d,0x7a,0x66,0xf8,0xd1,0x1d,0xcf,0xb0,0x48,
  43506. 0xef,0x8c,0x94,0x6f,0xdd,0x62,
  43507. };
  43508. #endif
  43509. WC_RNG rng;
  43510. EncryptedInfo encInfo;
  43511. int keyFormat = 0;
  43512. word32 keyIdx = 0;
  43513. byte in[] = "Everyone gets Friday off. ecc p";
  43514. word32 inLen = (word32)XSTRLEN((char*)in);
  43515. word32 outLen;
  43516. int verify;
  43517. #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
  43518. if (key == NULL || pub == NULL) {
  43519. ERROR_OUT(WC_TEST_RET_ENC_ERRNO, exit_onlycb);
  43520. }
  43521. #endif
  43522. ret = wc_ecc_init_ex(key, HEAP_HINT, devId);
  43523. if (ret != 0)
  43524. ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_onlycb);
  43525. /* wc_CryptoCb_MakeEccKey cb test, , no actual testing */
  43526. ctx->exampleVar = 99;
  43527. ret = wc_ecc_make_key(&rng, ECC_KEYGEN_SIZE, key);
  43528. if (ret != 0)
  43529. ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_onlycb);
  43530. ctx->exampleVar = 1;
  43531. ret = wc_ecc_make_key(&rng, ECC_KEYGEN_SIZE, key);
  43532. if (ret != NO_VALID_DEVID) {
  43533. ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_onlycb);
  43534. } else
  43535. /* reset return code */
  43536. ret = 0;
  43537. #ifdef USE_CERT_BUFFERS_256
  43538. if (ret == 0) {
  43539. /* load ECC private key and perform private transform */
  43540. ret = wc_EccPrivateKeyDecode(ecc_key_der_256, &keyIdx,
  43541. key, sizeof_ecc_key_der_256);
  43542. }
  43543. if (ret != 0)
  43544. ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_onlycb);
  43545. /* wc_CryptoCb_EccSign cb test, no actual testing */
  43546. ctx->exampleVar = 99;
  43547. if (ret == 0) {
  43548. ret = wc_ecc_sign_hash(in, inLen, out, &outLen, &rng, key);
  43549. }
  43550. if (ret != 0)
  43551. ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_onlycb);
  43552. ctx->exampleVar = 1;
  43553. if (ret == 0) {
  43554. ret = wc_ecc_sign_hash(in, inLen, out, &outLen, &rng, key);
  43555. }
  43556. if (ret != NO_VALID_DEVID) {
  43557. ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_onlycb);
  43558. }
  43559. else
  43560. ret = 0;
  43561. /* wc_CryptoCb_EccVerify cb test, no actual testing */
  43562. ctx->exampleVar = 99;
  43563. if (ret == 0) {
  43564. ret = wc_ecc_verify_hash(in, inLen, out, outLen, &verify, key);
  43565. }
  43566. if (ret != 0)
  43567. ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_onlycb);
  43568. ctx->exampleVar = 1;
  43569. if (ret == 0) {
  43570. ret = wc_ecc_verify_hash(in, inLen, out, outLen, &verify, key);
  43571. }
  43572. if (ret != NO_VALID_DEVID) {
  43573. ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_onlycb);
  43574. }
  43575. else
  43576. ret = 0;
  43577. /* wc_CryptoCb_Ecdh cb test, no actual testing */
  43578. /* make public key for shared secret */
  43579. wc_ecc_init_ex(pub, HEAP_HINT, devId);
  43580. ctx->exampleVar = 99;
  43581. if (ret == 0) {
  43582. ret = wc_ecc_shared_secret(key, pub, out, &outLen);
  43583. }
  43584. if (ret != 0)
  43585. ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_onlycb);
  43586. ctx->exampleVar = 1;
  43587. if (ret == 0) {
  43588. ret = wc_ecc_shared_secret(key, pub, out, &outLen);
  43589. }
  43590. if (ret != NO_VALID_DEVID) {
  43591. ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_onlycb);
  43592. }
  43593. else
  43594. ret = 0;
  43595. #ifdef OPENSSL_EXTRA
  43596. (void)pkey;
  43597. cp = ecc_clikey_der_256;
  43598. privKey = d2i_PrivateKey(EVP_PKEY_EC, NULL, &cp,
  43599. sizeof_ecc_clikey_der_256);
  43600. if (privKey == NULL) {
  43601. ERROR_OUT(WC_TEST_RET_ENC_NC, exit_onlycb);
  43602. }
  43603. pkey = (ecc_key*)privKey->ecc->internal;
  43604. pkey->devId = devId;
  43605. p = ecc_clikeypub_der_256;
  43606. pubKey = d2i_PUBKEY(NULL, &p, sizeof_ecc_clikeypub_der_256);
  43607. if (pubKey == NULL) {
  43608. ERROR_OUT(WC_TEST_RET_ENC_NC, exit_onlycb);
  43609. }
  43610. pkey = (ecc_key*)pubKey->ecc->internal;
  43611. pkey->devId = devId;
  43612. /* sign */
  43613. EVP_MD_CTX_init(&mdCtx);
  43614. ret = EVP_DigestSignInit(&mdCtx, NULL, EVP_sha256(), NULL, privKey);
  43615. if (ret != WOLFSSL_SUCCESS) {
  43616. ERROR_OUT(WC_TEST_RET_ENC_NC, exit_onlycb);
  43617. }
  43618. ret = EVP_DigestSignUpdate(&mdCtx, testData,
  43619. (unsigned int)XSTRLEN(testData));
  43620. if (ret != WOLFSSL_SUCCESS) {
  43621. ERROR_OUT(WC_TEST_RET_ENC_NC, exit_onlycb);
  43622. }
  43623. ret = EVP_DigestSignFinal(&mdCtx, NULL, &checkSz);
  43624. if (ret != WOLFSSL_SUCCESS) {
  43625. ERROR_OUT(WC_TEST_RET_ENC_NC, exit_onlycb);
  43626. }
  43627. ctx->exampleVar = 99;
  43628. ret = EVP_DigestSignFinal(&mdCtx, check, &checkSz);
  43629. /* just called crypt callback as dummy
  43630. * EVP_DigestSignFinal returns 0 internally.
  43631. */
  43632. if (ret != 0)
  43633. ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_onlycb);
  43634. ctx->exampleVar = 1;
  43635. ret = EVP_DigestSignFinal(&mdCtx, check, &checkSz);
  43636. /* just called crypt callback as dummy
  43637. * EVP_DigestSignFinal returns 0 internally.
  43638. */
  43639. if (ret != 0)
  43640. ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_onlycb);
  43641. /* restore checkSz for verify */
  43642. checkSz = 71;
  43643. ret = EVP_MD_CTX_cleanup(&mdCtx);
  43644. if (ret != SSL_SUCCESS) {
  43645. ERROR_OUT(WC_TEST_RET_ENC_NC, exit_onlycb);
  43646. }
  43647. /* verify */
  43648. EVP_MD_CTX_init(&mdCtx);
  43649. if (ret == SSL_SUCCESS) {
  43650. ret = EVP_DigestVerifyInit(&mdCtx, NULL, EVP_sha256(), NULL, pubKey);
  43651. }
  43652. if (ret != WOLFSSL_SUCCESS) {
  43653. ERROR_OUT(WC_TEST_RET_ENC_NC, exit_onlycb);
  43654. }
  43655. if (ret == WOLFSSL_SUCCESS) {
  43656. ret = EVP_DigestVerifyUpdate(&mdCtx, testData,
  43657. (unsigned int)XSTRLEN(testData));
  43658. }
  43659. if (ret != WOLFSSL_SUCCESS) {
  43660. ERROR_OUT(WC_TEST_RET_ENC_NC, exit_onlycb);
  43661. }
  43662. ctx->exampleVar = 99;
  43663. ret = EVP_DigestVerifyFinal(&mdCtx, check_v, checkSz);
  43664. /* just called crypt callback as dummy
  43665. * EVP_DigestSignFinal returns 0 internally.
  43666. */
  43667. if (ret != 0)
  43668. ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_onlycb);
  43669. ctx->exampleVar = 1;
  43670. ret = EVP_DigestVerifyFinal(&mdCtx, check_v, checkSz);
  43671. /* just called crypt callback as dummy
  43672. * EVP_DigestVerifyFinal returns -1 internally rather than NO_VALID_DEVID.
  43673. */
  43674. if (ret != -1) {
  43675. ERROR_OUT(WC_TEST_RET_ENC_NC, exit_onlycb);
  43676. }
  43677. ret = EVP_MD_CTX_cleanup(&mdCtx);
  43678. if (ret != SSL_SUCCESS) {
  43679. ERROR_OUT(WC_TEST_RET_ENC_NC, exit_onlycb);
  43680. } else
  43681. ret = 0;
  43682. #endif
  43683. #else
  43684. (void)verify;
  43685. (void)outLen;
  43686. (void)inLen;
  43687. (void)out;
  43688. (void)pub;
  43689. #ifdef OPENSSL_EXTRA
  43690. (void)privKey;
  43691. (void)pubKey;
  43692. (void)mdCtx;
  43693. (void)check;
  43694. (void)checkSz;
  43695. (void)p;
  43696. #endif
  43697. #endif
  43698. (void)keyFormat;
  43699. (void)encInfo;
  43700. exit_onlycb:
  43701. #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
  43702. if (key != NULL) {
  43703. wc_ecc_free(key);
  43704. XFREE(key, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  43705. }
  43706. if (pub != NULL) {
  43707. XFREE(pub, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  43708. }
  43709. if (out != NULL) {
  43710. XFREE(out, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  43711. }
  43712. #ifdef OPENSSL_EXTRA
  43713. if (check) {
  43714. FREE(check, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  43715. }
  43716. #endif
  43717. #else
  43718. wc_ecc_free(key);
  43719. #ifdef OPENSSL_EXTRA
  43720. if (privKey)
  43721. EVP_PKEY_free(privKey);
  43722. if (pubKey)
  43723. EVP_PKEY_free(pubKey);
  43724. #endif
  43725. #endif
  43726. #endif /* HAVE_ECC */
  43727. return ret;
  43728. }
  43729. #endif
  43730. /* Example crypto dev callback function that calls software version */
  43731. static int myCryptoDevCb(int devIdArg, wc_CryptoInfo* info, void* ctx)
  43732. {
  43733. int ret = NOT_COMPILED_IN; /* return this to bypass HW and use SW */
  43734. myCryptoDevCtx* myCtx = (myCryptoDevCtx*)ctx;
  43735. if (info == NULL)
  43736. return BAD_FUNC_ARG;
  43737. #ifdef DEBUG_WOLFSSL
  43738. printf("CryptoDevCb: Algo Type %d\n", info->algo_type);
  43739. #endif
  43740. if (info->algo_type == WC_ALGO_TYPE_RNG) {
  43741. #if defined(WOLF_CRYPTO_CB) && !defined(HAVE_HASHDRBG) && \
  43742. !defined(WC_NO_RNG) && !defined(CUSTOM_RAND_GENERATE_BLOCK)
  43743. /* if RNG only supports crypto callback, just use seed */
  43744. ret = wc_GenerateSeed(&info->rng.rng->seed,
  43745. info->rng.out, info->rng.sz);
  43746. #elif !defined(WC_NO_RNG)
  43747. /* set devId to invalid, so software is used */
  43748. info->rng.rng->devId = INVALID_DEVID;
  43749. ret = wc_RNG_GenerateBlock(info->rng.rng,
  43750. info->rng.out, info->rng.sz);
  43751. /* reset devId */
  43752. info->rng.rng->devId = devIdArg;
  43753. #endif
  43754. }
  43755. else if (info->algo_type == WC_ALGO_TYPE_SEED) {
  43756. #ifndef WC_NO_RNG
  43757. ALIGN32 static byte seed[sizeof(word32)] = { 0x00, 0x00, 0x00, 0x01 };
  43758. word32* seedWord32 = (word32*)seed;
  43759. word32 len;
  43760. /* wc_GenerateSeed is a local symbol so we need to fake the entropy. */
  43761. while (info->seed.sz > 0) {
  43762. len = (word32)sizeof(seed);
  43763. if (info->seed.sz < len)
  43764. len = info->seed.sz;
  43765. XMEMCPY(info->seed.seed, seed, sizeof(seed));
  43766. info->seed.seed += len;
  43767. info->seed.sz -= len;
  43768. (*seedWord32)++;
  43769. }
  43770. ret = 0;
  43771. #endif
  43772. }
  43773. else if (info->algo_type == WC_ALGO_TYPE_PK) {
  43774. #ifdef DEBUG_WOLFSSL
  43775. printf("CryptoDevCb: Pk Type %d\n", info->pk.type);
  43776. #endif
  43777. #ifndef NO_RSA
  43778. if (info->pk.type == WC_PK_TYPE_RSA) {
  43779. /* set devId to invalid, so software is used */
  43780. info->pk.rsa.key->devId = INVALID_DEVID;
  43781. #if defined(WOLF_CRYPTO_CB_ONLY_RSA)
  43782. #ifdef DEBUG_WOLFSSL
  43783. printf("CryptoDevCb: exampleVar %d\n", myCtx->exampleVar);
  43784. #endif
  43785. if (myCtx->exampleVar == 99) {
  43786. info->pk.rsa.key->devId = devIdArg;
  43787. return 0;
  43788. }
  43789. #endif
  43790. switch (info->pk.rsa.type) {
  43791. case RSA_PUBLIC_ENCRYPT:
  43792. case RSA_PUBLIC_DECRYPT:
  43793. /* perform software based RSA public op */
  43794. ret = wc_RsaFunction(
  43795. info->pk.rsa.in, info->pk.rsa.inLen,
  43796. info->pk.rsa.out, info->pk.rsa.outLen,
  43797. info->pk.rsa.type, info->pk.rsa.key, info->pk.rsa.rng);
  43798. break;
  43799. case RSA_PRIVATE_ENCRYPT:
  43800. case RSA_PRIVATE_DECRYPT:
  43801. /* perform software based RSA private op */
  43802. ret = wc_RsaFunction(
  43803. info->pk.rsa.in, info->pk.rsa.inLen,
  43804. info->pk.rsa.out, info->pk.rsa.outLen,
  43805. info->pk.rsa.type, info->pk.rsa.key, info->pk.rsa.rng);
  43806. break;
  43807. }
  43808. /* reset devId */
  43809. info->pk.rsa.key->devId = devIdArg;
  43810. }
  43811. #ifdef WOLFSSL_KEY_GEN
  43812. else if (info->pk.type == WC_PK_TYPE_RSA_KEYGEN) {
  43813. info->pk.rsakg.key->devId = INVALID_DEVID;
  43814. #if defined(WOLF_CRYPTO_CB_ONLY_RSA)
  43815. #ifdef DEBUG_WOLFSSL
  43816. printf("CryptoDevCb: exampleVar %d\n", myCtx->exampleVar);
  43817. #endif
  43818. if (myCtx->exampleVar == 99) {
  43819. info->pk.rsakg.key->devId = devIdArg;
  43820. return 0;
  43821. }
  43822. #endif
  43823. #ifdef HAVE_FIPS
  43824. for (;;) {
  43825. #endif
  43826. ret = wc_MakeRsaKey(info->pk.rsakg.key, info->pk.rsakg.size,
  43827. info->pk.rsakg.e, info->pk.rsakg.rng);
  43828. #ifdef HAVE_FIPS
  43829. if (ret == PRIME_GEN_E)
  43830. continue;
  43831. break;
  43832. }
  43833. #endif
  43834. /* reset devId */
  43835. info->pk.rsakg.key->devId = devIdArg;
  43836. }
  43837. #endif
  43838. #endif /* !NO_RSA */
  43839. #ifdef HAVE_ECC
  43840. if (info->pk.type == WC_PK_TYPE_EC_KEYGEN) {
  43841. /* set devId to invalid, so software is used */
  43842. info->pk.eckg.key->devId = INVALID_DEVID;
  43843. #if defined(WOLF_CRYPTO_CB_ONLY_ECC)
  43844. #ifdef DEBUG_WOLFSSL
  43845. printf("CryptoDevCb: exampleVar %d\n", myCtx->exampleVar);
  43846. #endif
  43847. if (myCtx->exampleVar == 99) {
  43848. info->pk.eckg.key->devId = devIdArg;
  43849. return 0;
  43850. }
  43851. #endif
  43852. ret = wc_ecc_make_key_ex(info->pk.eckg.rng, info->pk.eckg.size,
  43853. info->pk.eckg.key, info->pk.eckg.curveId);
  43854. /* reset devId */
  43855. info->pk.eckg.key->devId = devIdArg;
  43856. }
  43857. else if (info->pk.type == WC_PK_TYPE_ECDSA_SIGN) {
  43858. /* set devId to invalid, so software is used */
  43859. info->pk.eccsign.key->devId = INVALID_DEVID;
  43860. #if defined(WOLF_CRYPTO_CB_ONLY_ECC)
  43861. #ifdef DEBUG_WOLFSSL
  43862. printf("CryptoDevCb: exampleVar %d\n", myCtx->exampleVar);
  43863. #endif
  43864. if (myCtx->exampleVar == 99) {
  43865. info->pk.eccsign.key->devId = devIdArg;
  43866. return 0;
  43867. }
  43868. #endif
  43869. ret = wc_ecc_sign_hash(
  43870. info->pk.eccsign.in, info->pk.eccsign.inlen,
  43871. info->pk.eccsign.out, info->pk.eccsign.outlen,
  43872. info->pk.eccsign.rng, info->pk.eccsign.key);
  43873. /* reset devId */
  43874. info->pk.eccsign.key->devId = devIdArg;
  43875. }
  43876. else if (info->pk.type == WC_PK_TYPE_ECDSA_VERIFY) {
  43877. /* set devId to invalid, so software is used */
  43878. info->pk.eccverify.key->devId = INVALID_DEVID;
  43879. #if defined(WOLF_CRYPTO_CB_ONLY_ECC)
  43880. #ifdef DEBUG_WOLFSSL
  43881. printf("CryptoDevCb: exampleVar %d\n", myCtx->exampleVar);
  43882. #endif
  43883. if (myCtx->exampleVar == 99) {
  43884. info->pk.eccverify.key->devId = devIdArg;
  43885. return 0;
  43886. }
  43887. #endif
  43888. ret = wc_ecc_verify_hash(
  43889. info->pk.eccverify.sig, info->pk.eccverify.siglen,
  43890. info->pk.eccverify.hash, info->pk.eccverify.hashlen,
  43891. info->pk.eccverify.res, info->pk.eccverify.key);
  43892. /* reset devId */
  43893. info->pk.eccverify.key->devId = devIdArg;
  43894. }
  43895. else if (info->pk.type == WC_PK_TYPE_ECDH) {
  43896. /* set devId to invalid, so software is used */
  43897. info->pk.ecdh.private_key->devId = INVALID_DEVID;
  43898. #if defined(WOLF_CRYPTO_CB_ONLY_ECC)
  43899. #ifdef DEBUG_WOLFSSL
  43900. printf("CryptoDevCb: exampleVar %d\n", myCtx->exampleVar);
  43901. #endif
  43902. if (myCtx->exampleVar == 99) {
  43903. info->pk.ecdh.private_key->devId = devIdArg;
  43904. return 0;
  43905. }
  43906. #endif
  43907. ret = wc_ecc_shared_secret(
  43908. info->pk.ecdh.private_key, info->pk.ecdh.public_key,
  43909. info->pk.ecdh.out, info->pk.ecdh.outlen);
  43910. /* reset devId */
  43911. info->pk.ecdh.private_key->devId = devIdArg;
  43912. }
  43913. #endif /* HAVE_ECC */
  43914. #ifdef HAVE_CURVE25519
  43915. if (info->pk.type == WC_PK_TYPE_CURVE25519_KEYGEN) {
  43916. /* set devId to invalid, so software is used */
  43917. info->pk.curve25519kg.key->devId = INVALID_DEVID;
  43918. ret = wc_curve25519_make_key(info->pk.curve25519kg.rng,
  43919. info->pk.curve25519kg.size, info->pk.curve25519kg.key);
  43920. /* reset devId */
  43921. info->pk.curve25519kg.key->devId = devIdArg;
  43922. }
  43923. else if (info->pk.type == WC_PK_TYPE_CURVE25519) {
  43924. /* set devId to invalid, so software is used */
  43925. info->pk.curve25519.private_key->devId = INVALID_DEVID;
  43926. ret = wc_curve25519_shared_secret_ex(
  43927. info->pk.curve25519.private_key, info->pk.curve25519.public_key,
  43928. info->pk.curve25519.out, info->pk.curve25519.outlen,
  43929. info->pk.curve25519.endian);
  43930. /* reset devId */
  43931. info->pk.curve25519.private_key->devId = devIdArg;
  43932. }
  43933. #endif /* HAVE_CURVE25519 */
  43934. #if defined(HAVE_ED25519) && defined(HAVE_ED25519_MAKE_KEY)
  43935. if (info->pk.type == WC_PK_TYPE_ED25519_KEYGEN) {
  43936. /* set devId to invalid, so software is used */
  43937. info->pk.ed25519kg.key->devId = INVALID_DEVID;
  43938. ret = wc_ed25519_make_key(info->pk.ed25519kg.rng,
  43939. info->pk.ed25519kg.size, info->pk.ed25519kg.key);
  43940. /* reset devId */
  43941. info->pk.ed25519kg.key->devId = devIdArg;
  43942. }
  43943. #ifdef HAVE_ED25519_SIGN
  43944. else if (info->pk.type == WC_PK_TYPE_ED25519_SIGN) {
  43945. /* set devId to invalid, so software is used */
  43946. info->pk.ed25519sign.key->devId = INVALID_DEVID;
  43947. ret = wc_ed25519_sign_msg_ex(
  43948. info->pk.ed25519sign.in, info->pk.ed25519sign.inLen,
  43949. info->pk.ed25519sign.out, info->pk.ed25519sign.outLen,
  43950. info->pk.ed25519sign.key, info->pk.ed25519sign.type,
  43951. info->pk.ed25519sign.context, info->pk.ed25519sign.contextLen);
  43952. /* reset devId */
  43953. info->pk.ed25519sign.key->devId = devIdArg;
  43954. }
  43955. #endif
  43956. #ifdef HAVE_ED25519_VERIFY
  43957. else if (info->pk.type == WC_PK_TYPE_ED25519_VERIFY) {
  43958. /* set devId to invalid, so software is used */
  43959. info->pk.ed25519verify.key->devId = INVALID_DEVID;
  43960. ret = wc_ed25519_verify_msg_ex(
  43961. info->pk.ed25519verify.sig, info->pk.ed25519verify.sigLen,
  43962. info->pk.ed25519verify.msg, info->pk.ed25519verify.msgLen,
  43963. info->pk.ed25519verify.res, info->pk.ed25519verify.key,
  43964. info->pk.ed25519verify.type, info->pk.ed25519verify.context,
  43965. info->pk.ed25519verify.contextLen);
  43966. /* reset devId */
  43967. info->pk.ed25519verify.key->devId = devIdArg;
  43968. }
  43969. #endif
  43970. #endif /* HAVE_ED25519 */
  43971. }
  43972. else if (info->algo_type == WC_ALGO_TYPE_CIPHER) {
  43973. #if !defined(NO_AES) || !defined(NO_DES3)
  43974. #ifdef HAVE_AESGCM
  43975. if (info->cipher.type == WC_CIPHER_AES_GCM) {
  43976. if (info->cipher.enc) {
  43977. /* set devId to invalid, so software is used */
  43978. info->cipher.aesgcm_enc.aes->devId = INVALID_DEVID;
  43979. ret = wc_AesGcmEncrypt(
  43980. info->cipher.aesgcm_enc.aes,
  43981. info->cipher.aesgcm_enc.out,
  43982. info->cipher.aesgcm_enc.in,
  43983. info->cipher.aesgcm_enc.sz,
  43984. info->cipher.aesgcm_enc.iv,
  43985. info->cipher.aesgcm_enc.ivSz,
  43986. info->cipher.aesgcm_enc.authTag,
  43987. info->cipher.aesgcm_enc.authTagSz,
  43988. info->cipher.aesgcm_enc.authIn,
  43989. info->cipher.aesgcm_enc.authInSz);
  43990. /* reset devId */
  43991. info->cipher.aesgcm_enc.aes->devId = devIdArg;
  43992. }
  43993. else {
  43994. /* set devId to invalid, so software is used */
  43995. info->cipher.aesgcm_dec.aes->devId = INVALID_DEVID;
  43996. ret = wc_AesGcmDecrypt(
  43997. info->cipher.aesgcm_dec.aes,
  43998. info->cipher.aesgcm_dec.out,
  43999. info->cipher.aesgcm_dec.in,
  44000. info->cipher.aesgcm_dec.sz,
  44001. info->cipher.aesgcm_dec.iv,
  44002. info->cipher.aesgcm_dec.ivSz,
  44003. info->cipher.aesgcm_dec.authTag,
  44004. info->cipher.aesgcm_dec.authTagSz,
  44005. info->cipher.aesgcm_dec.authIn,
  44006. info->cipher.aesgcm_dec.authInSz);
  44007. /* reset devId */
  44008. info->cipher.aesgcm_dec.aes->devId = devIdArg;
  44009. }
  44010. }
  44011. #endif /* HAVE_AESGCM */
  44012. #ifdef HAVE_AES_CBC
  44013. if (info->cipher.type == WC_CIPHER_AES_CBC) {
  44014. if (info->cipher.enc) {
  44015. /* set devId to invalid, so software is used */
  44016. info->cipher.aescbc.aes->devId = INVALID_DEVID;
  44017. ret = wc_AesCbcEncrypt(
  44018. info->cipher.aescbc.aes,
  44019. info->cipher.aescbc.out,
  44020. info->cipher.aescbc.in,
  44021. info->cipher.aescbc.sz);
  44022. /* reset devId */
  44023. info->cipher.aescbc.aes->devId = devIdArg;
  44024. }
  44025. else {
  44026. /* set devId to invalid, so software is used */
  44027. info->cipher.aescbc.aes->devId = INVALID_DEVID;
  44028. ret = wc_AesCbcDecrypt(
  44029. info->cipher.aescbc.aes,
  44030. info->cipher.aescbc.out,
  44031. info->cipher.aescbc.in,
  44032. info->cipher.aescbc.sz);
  44033. /* reset devId */
  44034. info->cipher.aescbc.aes->devId = devIdArg;
  44035. }
  44036. }
  44037. #endif /* HAVE_AES_CBC */
  44038. #if defined(HAVE_AES_ECB) && !defined(HAVE_FIPS) && !defined(HAVE_SELFTEST)
  44039. if (info->cipher.type == WC_CIPHER_AES_ECB) {
  44040. if (info->cipher.enc) {
  44041. /* set devId to invalid, so software is used */
  44042. info->cipher.aesecb.aes->devId = INVALID_DEVID;
  44043. ret = wc_AesEcbEncrypt(
  44044. info->cipher.aesecb.aes,
  44045. info->cipher.aesecb.out,
  44046. info->cipher.aesecb.in,
  44047. info->cipher.aesecb.sz);
  44048. /* reset devId */
  44049. info->cipher.aesecb.aes->devId = devIdArg;
  44050. }
  44051. else {
  44052. /* set devId to invalid, so software is used */
  44053. info->cipher.aesecb.aes->devId = INVALID_DEVID;
  44054. ret = wc_AesEcbDecrypt(
  44055. info->cipher.aesecb.aes,
  44056. info->cipher.aesecb.out,
  44057. info->cipher.aesecb.in,
  44058. info->cipher.aesecb.sz);
  44059. /* reset devId */
  44060. info->cipher.aesecb.aes->devId = devIdArg;
  44061. }
  44062. }
  44063. #endif /* HAVE_AES_ECB */
  44064. #if defined(WOLFSSL_AES_COUNTER) && !defined(HAVE_FIPS) && \
  44065. !defined(HAVE_SELFTEST)
  44066. if (info->cipher.type == WC_CIPHER_AES_CTR) {
  44067. /* set devId to invalid, so software is used */
  44068. info->cipher.aesctr.aes->devId = INVALID_DEVID;
  44069. ret = wc_AesCtrEncrypt(
  44070. info->cipher.aesctr.aes,
  44071. info->cipher.aesctr.out,
  44072. info->cipher.aesctr.in,
  44073. info->cipher.aesctr.sz);
  44074. /* reset devId */
  44075. info->cipher.aesctr.aes->devId = devIdArg;
  44076. }
  44077. #endif /* WOLFSSL_AES_COUNTER */
  44078. #if defined(HAVE_AESCCM) && defined(WOLFSSL_AES_128)
  44079. if (info->cipher.type == WC_CIPHER_AES_CCM) {
  44080. if (info->cipher.enc) {
  44081. /* set devId to invalid, so software is used */
  44082. info->cipher.aesccm_enc.aes->devId = INVALID_DEVID;
  44083. ret = wc_AesCcmEncrypt(
  44084. info->cipher.aesccm_enc.aes,
  44085. info->cipher.aesccm_enc.out,
  44086. info->cipher.aesccm_enc.in,
  44087. info->cipher.aesccm_enc.sz,
  44088. info->cipher.aesccm_enc.nonce,
  44089. info->cipher.aesccm_enc.nonceSz,
  44090. info->cipher.aesccm_enc.authTag,
  44091. info->cipher.aesccm_enc.authTagSz,
  44092. info->cipher.aesccm_enc.authIn,
  44093. info->cipher.aesccm_enc.authInSz);
  44094. /* reset devId */
  44095. info->cipher.aesccm_enc.aes->devId = devIdArg;
  44096. }
  44097. else {
  44098. /* set devId to invalid, so software is used */
  44099. info->cipher.aesccm_dec.aes->devId = INVALID_DEVID;
  44100. ret = wc_AesCcmDecrypt(
  44101. info->cipher.aesccm_dec.aes,
  44102. info->cipher.aesccm_dec.out,
  44103. info->cipher.aesccm_dec.in,
  44104. info->cipher.aesccm_dec.sz,
  44105. info->cipher.aesccm_dec.nonce,
  44106. info->cipher.aesccm_dec.nonceSz,
  44107. info->cipher.aesccm_dec.authTag,
  44108. info->cipher.aesccm_dec.authTagSz,
  44109. info->cipher.aesccm_dec.authIn,
  44110. info->cipher.aesccm_dec.authInSz);
  44111. /* reset devId */
  44112. info->cipher.aesccm_dec.aes->devId = devIdArg;
  44113. }
  44114. }
  44115. #endif
  44116. #ifndef NO_DES3
  44117. if (info->cipher.type == WC_CIPHER_DES3) {
  44118. if (info->cipher.enc) {
  44119. /* set devId to invalid, so software is used */
  44120. info->cipher.des3.des->devId = INVALID_DEVID;
  44121. ret = wc_Des3_CbcEncrypt(
  44122. info->cipher.des3.des,
  44123. info->cipher.des3.out,
  44124. info->cipher.des3.in,
  44125. info->cipher.des3.sz);
  44126. /* reset devId */
  44127. info->cipher.des3.des->devId = devIdArg;
  44128. }
  44129. else {
  44130. /* set devId to invalid, so software is used */
  44131. info->cipher.des3.des->devId = INVALID_DEVID;
  44132. ret = wc_Des3_CbcDecrypt(
  44133. info->cipher.des3.des,
  44134. info->cipher.des3.out,
  44135. info->cipher.des3.in,
  44136. info->cipher.des3.sz);
  44137. /* reset devId */
  44138. info->cipher.des3.des->devId = devIdArg;
  44139. }
  44140. }
  44141. #endif /* !NO_DES3 */
  44142. #endif /* !NO_AES || !NO_DES3 */
  44143. }
  44144. #if !defined(NO_SHA) || !defined(NO_SHA256) || \
  44145. defined(WOLFSSL_SHA384) || defined(WOLFSSL_SHA512)
  44146. else if (info->algo_type == WC_ALGO_TYPE_HASH) {
  44147. #if !defined(NO_SHA)
  44148. if (info->hash.type == WC_HASH_TYPE_SHA) {
  44149. if (info->hash.sha1 == NULL)
  44150. return NOT_COMPILED_IN;
  44151. /* set devId to invalid, so software is used */
  44152. info->hash.sha1->devId = INVALID_DEVID;
  44153. if (info->hash.in != NULL) {
  44154. ret = wc_ShaUpdate(
  44155. info->hash.sha1,
  44156. info->hash.in,
  44157. info->hash.inSz);
  44158. }
  44159. if (info->hash.digest != NULL) {
  44160. ret = wc_ShaFinal(
  44161. info->hash.sha1,
  44162. info->hash.digest);
  44163. }
  44164. /* reset devId */
  44165. info->hash.sha1->devId = devIdArg;
  44166. }
  44167. else
  44168. #endif
  44169. #if !defined(NO_SHA256)
  44170. if (info->hash.type == WC_HASH_TYPE_SHA256) {
  44171. if (info->hash.sha256 == NULL)
  44172. return NOT_COMPILED_IN;
  44173. /* set devId to invalid, so software is used */
  44174. info->hash.sha256->devId = INVALID_DEVID;
  44175. if (info->hash.in != NULL) {
  44176. ret = wc_Sha256Update(
  44177. info->hash.sha256,
  44178. info->hash.in,
  44179. info->hash.inSz);
  44180. }
  44181. if (info->hash.digest != NULL) {
  44182. ret = wc_Sha256Final(
  44183. info->hash.sha256,
  44184. info->hash.digest);
  44185. }
  44186. /* reset devId */
  44187. info->hash.sha256->devId = devIdArg;
  44188. }
  44189. else
  44190. #endif
  44191. #ifdef WOLFSSL_SHA384
  44192. if (info->hash.type == WC_HASH_TYPE_SHA384) {
  44193. if (info->hash.sha384 == NULL)
  44194. return NOT_COMPILED_IN;
  44195. #ifndef NO_SHA2_CRYPTO_CB
  44196. /* set devId to invalid, so software is used */
  44197. info->hash.sha384->devId = INVALID_DEVID;
  44198. #endif
  44199. if (info->hash.in != NULL) {
  44200. ret = wc_Sha384Update(
  44201. info->hash.sha384,
  44202. info->hash.in,
  44203. info->hash.inSz);
  44204. }
  44205. if (info->hash.digest != NULL) {
  44206. ret = wc_Sha384Final(
  44207. info->hash.sha384,
  44208. info->hash.digest);
  44209. }
  44210. #ifndef NO_SHA2_CRYPTO_CB
  44211. /* reset devId */
  44212. info->hash.sha384->devId = devIdArg;
  44213. #endif
  44214. }
  44215. else
  44216. #endif
  44217. #ifdef WOLFSSL_SHA512
  44218. if (info->hash.type == WC_HASH_TYPE_SHA512) {
  44219. if (info->hash.sha512 == NULL)
  44220. return NOT_COMPILED_IN;
  44221. #ifndef NO_SHA2_CRYPTO_CB
  44222. /* set devId to invalid, so software is used */
  44223. info->hash.sha512->devId = INVALID_DEVID;
  44224. #endif
  44225. if (info->hash.in != NULL) {
  44226. ret = wc_Sha512Update(
  44227. info->hash.sha512,
  44228. info->hash.in,
  44229. info->hash.inSz);
  44230. }
  44231. if (info->hash.digest != NULL) {
  44232. ret = wc_Sha512Final(
  44233. info->hash.sha512,
  44234. info->hash.digest);
  44235. }
  44236. #ifndef NO_SHA2_CRYPTO_CB
  44237. /* reset devId */
  44238. info->hash.sha512->devId = devIdArg;
  44239. #endif
  44240. }
  44241. else
  44242. #endif
  44243. {
  44244. }
  44245. }
  44246. #endif /* !NO_SHA || !NO_SHA256 */
  44247. #ifndef NO_HMAC
  44248. else if (info->algo_type == WC_ALGO_TYPE_HMAC) {
  44249. if (info->hmac.hmac == NULL)
  44250. return NOT_COMPILED_IN;
  44251. /* set devId to invalid, so software is used */
  44252. info->hmac.hmac->devId = INVALID_DEVID;
  44253. if (info->hmac.in != NULL) {
  44254. ret = wc_HmacUpdate(
  44255. info->hmac.hmac,
  44256. info->hmac.in,
  44257. info->hmac.inSz);
  44258. }
  44259. else if (info->hmac.digest != NULL) {
  44260. ret = wc_HmacFinal(
  44261. info->hmac.hmac,
  44262. info->hmac.digest);
  44263. }
  44264. /* reset devId */
  44265. info->hmac.hmac->devId = devIdArg;
  44266. }
  44267. #endif
  44268. #if defined(WOLFSSL_CMAC) && !defined(NO_AES)
  44269. else if (info->algo_type == WC_ALGO_TYPE_CMAC) {
  44270. if (info->cmac.cmac == NULL) {
  44271. return NOT_COMPILED_IN;
  44272. }
  44273. /* set devId to invalid so software is used */
  44274. info->cmac.cmac->devId = INVALID_DEVID;
  44275. /* Handle one-shot cases */
  44276. if (info->cmac.key != NULL && info->cmac.in != NULL
  44277. && info->cmac.out != NULL) {
  44278. ret = wc_AesCmacGenerate(info->cmac.out,
  44279. info->cmac.outSz,
  44280. info->cmac.in,
  44281. info->cmac.inSz,
  44282. info->cmac.key,
  44283. info->cmac.keySz);
  44284. /* Sequentially handle incremental cases */
  44285. } else {
  44286. if (info->cmac.key != NULL) {
  44287. ret = wc_InitCmac(info->cmac.cmac,
  44288. info->cmac.key,
  44289. info->cmac.keySz,
  44290. info->cmac.type,
  44291. NULL);
  44292. }
  44293. if ((ret == 0) && (info->cmac.in != NULL)) {
  44294. ret = wc_CmacUpdate(info->cmac.cmac,
  44295. info->cmac.in,
  44296. info->cmac.inSz);
  44297. }
  44298. if ((ret ==0) && (info->cmac.out != NULL)) {
  44299. ret = wc_CmacFinal(info->cmac.cmac,
  44300. info->cmac.out,
  44301. info->cmac.outSz);
  44302. }
  44303. }
  44304. /* reset devId */
  44305. info->cmac.cmac->devId = devIdArg;
  44306. }
  44307. #endif /* WOLFSSL_CMAC && !(NO_AES) && WOLFSSL_AES_DIRECT */
  44308. (void)devIdArg;
  44309. (void)myCtx;
  44310. return ret;
  44311. }
  44312. #ifdef WOLF_CRYPTO_CB_FIND
  44313. static int myCryptoCbFind(int currentId, int algoType)
  44314. {
  44315. /* can have algo specific overrides here
  44316. switch (algoType) {
  44317. i.e.
  44318. WC_ALGO_TYPE_CMAC
  44319. WC_ALGO_TYPE_SEED
  44320. WC_ALGO_TYPE_HMAC
  44321. WC_ALGO_TYPE_HASH
  44322. WC_ALGO_TYPE_CIPHER
  44323. WC_ALGO_TYPE_PK
  44324. }
  44325. */
  44326. (void)algoType;
  44327. if (currentId == INVALID_DEVID) {
  44328. /* can override invalid devid found with 1 */
  44329. }
  44330. return currentId;
  44331. }
  44332. #endif /* WOLF_CRYPTO_CB_FIND */
  44333. WOLFSSL_TEST_SUBROUTINE wc_test_ret_t cryptocb_test(void)
  44334. {
  44335. wc_test_ret_t ret = 0;
  44336. int origDevId = devId;
  44337. myCryptoDevCtx myCtx;
  44338. /* example data for callback */
  44339. myCtx.exampleVar = 1;
  44340. /* set devId to something other than INVALID_DEVID */
  44341. devId = 1;
  44342. ret = wc_CryptoCb_RegisterDevice(devId, myCryptoDevCb, &myCtx);
  44343. #ifdef WOLF_CRYPTO_CB_FIND
  44344. wc_CryptoCb_SetDeviceFindCb(myCryptoCbFind);
  44345. #endif /* WOLF_CRYPTO_CB_FIND */
  44346. #ifndef WC_NO_RNG
  44347. if (ret == 0)
  44348. ret = random_test();
  44349. #endif /* WC_NO_RNG */
  44350. #if !defined(NO_RSA)
  44351. PRIVATE_KEY_UNLOCK();
  44352. if (ret == 0)
  44353. ret = rsa_test();
  44354. PRIVATE_KEY_LOCK();
  44355. #endif
  44356. #if defined(WOLF_CRYPTO_CB_ONLY_RSA)
  44357. PRIVATE_KEY_UNLOCK();
  44358. if (ret == 0)
  44359. ret = rsa_onlycb_test(&myCtx);
  44360. PRIVATE_KEY_LOCK();
  44361. #endif
  44362. #if defined(HAVE_ECC)
  44363. PRIVATE_KEY_UNLOCK();
  44364. if (ret == 0)
  44365. ret = ecc_test();
  44366. PRIVATE_KEY_LOCK();
  44367. #endif
  44368. #if defined(WOLF_CRYPTO_CB_ONLY_ECC)
  44369. PRIVATE_KEY_UNLOCK();
  44370. if (ret == 0)
  44371. ret = ecc_onlycb_test(&myCtx);
  44372. PRIVATE_KEY_LOCK();
  44373. #endif
  44374. #ifdef HAVE_ED25519
  44375. if (ret == 0)
  44376. ret = ed25519_test();
  44377. #endif
  44378. #ifdef HAVE_CURVE25519
  44379. if (ret == 0)
  44380. ret = curve25519_test();
  44381. #endif
  44382. #ifndef NO_AES
  44383. #ifdef HAVE_AESGCM
  44384. if (ret == 0)
  44385. ret = aesgcm_test();
  44386. #endif
  44387. #ifdef HAVE_AES_CBC
  44388. if (ret == 0)
  44389. ret = aes_test();
  44390. #endif
  44391. #ifdef WOLFSSL_AES_XTS
  44392. if (ret == 0)
  44393. ret = aes_xts_test();
  44394. #endif
  44395. #if defined(HAVE_AESCCM) && defined(WOLFSSL_AES_128)
  44396. if (ret == 0)
  44397. ret = aesccm_test();
  44398. #endif
  44399. #endif /* !NO_AES */
  44400. #ifndef NO_DES3
  44401. if (ret == 0)
  44402. ret = des3_test();
  44403. #endif /* !NO_DES3 */
  44404. #ifndef NO_SHA
  44405. if (ret == 0)
  44406. ret = sha_test();
  44407. #endif
  44408. #ifndef NO_SHA256
  44409. if (ret == 0)
  44410. ret = sha256_test();
  44411. #endif
  44412. #ifdef WOLFSSL_SHA384
  44413. if (ret == 0)
  44414. ret = sha384_test();
  44415. #endif
  44416. #ifdef WOLFSSL_SHA512
  44417. if (ret == 0)
  44418. ret = sha512_test();
  44419. #endif
  44420. #ifndef NO_HMAC
  44421. #ifndef NO_SHA
  44422. if (ret == 0)
  44423. ret = hmac_sha_test();
  44424. #endif
  44425. #ifndef NO_SHA256
  44426. if (ret == 0)
  44427. ret = hmac_sha256_test();
  44428. #endif
  44429. #endif
  44430. #ifndef NO_PWDBASED
  44431. #if defined(HAVE_PBKDF2) && !defined(NO_SHA256) && !defined(NO_HMAC)
  44432. if (ret == 0)
  44433. ret = pbkdf2_test();
  44434. #endif
  44435. #endif
  44436. #if defined(WOLFSSL_CMAC) && !defined(NO_AES)
  44437. if (ret == 0)
  44438. ret = cmac_test();
  44439. #endif
  44440. /* restore devId */
  44441. devId = origDevId;
  44442. return ret;
  44443. }
  44444. #endif /* WOLF_CRYPTO_CB */
  44445. #ifdef WOLFSSL_CERT_PIV
  44446. WOLFSSL_TEST_SUBROUTINE wc_test_ret_t certpiv_test(void)
  44447. {
  44448. wc_test_ret_t ret;
  44449. wc_CertPIV piv;
  44450. /* Template for Identiv PIV cert, nonce and signature */
  44451. WOLFSSL_SMALL_STACK_STATIC const byte pivCertIdentiv[] = {
  44452. 0x0A, 0x0B,
  44453. 0x53, 0x09, /* NIST PIV Cert */
  44454. 0x70, 0x02, /* Certificate */
  44455. 0x30, 0x00,
  44456. 0x71, 0x01, 0x05, /* Cert Info */
  44457. 0xFE, 0x00, /* Error Detection */
  44458. 0x0B, 0x01, 0x00, /* Nonce */
  44459. 0x0C, 0x01, 0x00, /* Signed Nonce */
  44460. };
  44461. /* PIV certificate data including certificate, info and error detection. */
  44462. WOLFSSL_SMALL_STACK_STATIC const byte pivCert[] = {
  44463. 0x53, 0x09, /* NIST PIV Cert */
  44464. 0x70, 0x02, /* Certificate */
  44465. 0x30, 0x00,
  44466. 0x71, 0x01, 0x04, /* Cert Info */
  44467. 0xFE, 0x00, /* Error Detection */
  44468. };
  44469. XMEMSET(&piv, 0, sizeof(piv));
  44470. /* Test with Identiv 0x0A, 0x0B and 0x0C markers */
  44471. ret = wc_ParseCertPIV(&piv, pivCertIdentiv, sizeof(pivCertIdentiv));
  44472. if (ret != 0) {
  44473. return WC_TEST_RET_ENC_EC(ret);
  44474. }
  44475. if (!piv.isIdentiv) {
  44476. return WC_TEST_RET_ENC_NC;
  44477. }
  44478. if ((piv.cert == NULL) || (piv.certSz != 2)) {
  44479. return WC_TEST_RET_ENC_NC;
  44480. }
  44481. if ((piv.certErrDet == NULL) || (piv.certErrDetSz != 0)) {
  44482. return WC_TEST_RET_ENC_NC;
  44483. }
  44484. if ((piv.compression != ASN_PIV_CERT_INFO_GZIP)) {
  44485. return WC_TEST_RET_ENC_NC;
  44486. }
  44487. if (!piv.isX509) {
  44488. return WC_TEST_RET_ENC_NC;
  44489. }
  44490. if ((piv.nonce == NULL) || (piv.nonceSz != 1)) {
  44491. return WC_TEST_RET_ENC_NC;
  44492. }
  44493. if ((piv.signedNonce == NULL) || (piv.signedNonceSz != 1)) {
  44494. return WC_TEST_RET_ENC_NC;
  44495. }
  44496. XMEMSET(&piv, 0, sizeof(piv));
  44497. /* Test with NIST PIV format */
  44498. ret = wc_ParseCertPIV(&piv, pivCert, sizeof(pivCert));
  44499. if (ret != 0) {
  44500. return WC_TEST_RET_ENC_EC(ret);
  44501. }
  44502. if (piv.isIdentiv) {
  44503. return WC_TEST_RET_ENC_NC;
  44504. }
  44505. if ((piv.cert == NULL) || (piv.certSz != 2)) {
  44506. return WC_TEST_RET_ENC_NC;
  44507. }
  44508. if ((piv.certErrDet == NULL) || (piv.certErrDetSz != 0)) {
  44509. return WC_TEST_RET_ENC_NC;
  44510. }
  44511. if ((piv.compression != 0)) {
  44512. return WC_TEST_RET_ENC_NC;
  44513. }
  44514. if (!piv.isX509) {
  44515. return WC_TEST_RET_ENC_NC;
  44516. }
  44517. return ret;
  44518. }
  44519. #endif /* WOLFSSL_CERT_PIV */
  44520. #if !defined(NO_ASN) && !defined(NO_ASN_TIME)
  44521. static time_t time_cb(time_t* t)
  44522. {
  44523. if (t != NULL) {
  44524. *t = 99;
  44525. }
  44526. return 99;
  44527. }
  44528. WOLFSSL_TEST_SUBROUTINE wc_test_ret_t time_test(void)
  44529. {
  44530. time_t t;
  44531. wc_test_ret_t ret;
  44532. ret = wc_SetTimeCb(time_cb);
  44533. if (ret != 0)
  44534. return WC_TEST_RET_ENC_EC(ret);
  44535. t = wc_Time(NULL);
  44536. if (t != 99)
  44537. return WC_TEST_RET_ENC_NC;
  44538. ret = wc_GetTime(&t, sizeof(time_t));
  44539. if (ret != 0)
  44540. return WC_TEST_RET_ENC_EC(ret);
  44541. if (t != 99)
  44542. return WC_TEST_RET_ENC_NC;
  44543. ret = wc_SetTimeCb(NULL);
  44544. if (ret != 0)
  44545. return WC_TEST_RET_ENC_EC(ret);
  44546. return 0;
  44547. }
  44548. #endif
  44549. #ifdef WOLFSSL_AES_SIV
  44550. typedef struct {
  44551. const byte key[33];
  44552. word32 keySz;
  44553. const byte nonce[49];
  44554. word32 nonceSz;
  44555. const byte assoc[81];
  44556. word32 assocSz;
  44557. const byte plaintext[83];
  44558. word32 plaintextSz;
  44559. const byte siv[AES_BLOCK_SIZE+1];
  44560. const byte ciphertext[82];
  44561. word32 ciphertextSz;
  44562. } AesSivTestVector;
  44563. #define AES_SIV_TEST_VECTORS 7
  44564. WOLFSSL_TEST_SUBROUTINE wc_test_ret_t aes_siv_test(void)
  44565. {
  44566. /* These test vectors come from chrony 4.1's SIV unit tests. */
  44567. WOLFSSL_SMALL_STACK_STATIC const AesSivTestVector testVectors[AES_SIV_TEST_VECTORS] = {
  44568. { "\x01\x23\x45\x67\x89\xab\xcd\xef\xf0\x12\x34\x56\x78\x9a\xbc\xde"
  44569. "\xef\x01\x23\x45\x67\x89\xab\xcd\xde\xf0\x12\x34\x56\x78\x9a\xbc", 32,
  44570. "\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f", 16,
  44571. "", 0,
  44572. "", 0,
  44573. "\x22\x3e\xb5\x94\xe0\xe0\x25\x4b\x00\x25\x8e\x21\x9a\x1c\xa4\x21",
  44574. "", 0
  44575. },
  44576. { "\x01\x23\x45\x67\x89\xab\xcd\xef\xf0\x12\x34\x56\x78\x9a\xbc\xde"
  44577. "\xef\x01\x23\x45\x67\x89\xab\xcd\xde\xf0\x12\x34\x56\x78\x9a\xbc", 32,
  44578. "\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f", 16,
  44579. "\x4c\x9d\x4f\xca\xed\x8a\xe2\xba\xad\x3f\x3e\xa6\xe9\x3c\x8c\x8b", 16,
  44580. "", 0,
  44581. "\xd7\x20\x19\x89\xc6\xdb\xc6\xd6\x61\xfc\x62\xbc\x86\x5e\xee\xef",
  44582. "", 0
  44583. },
  44584. { "\x01\x23\x45\x67\x89\xab\xcd\xef\xf0\x12\x34\x56\x78\x9a\xbc\xde"
  44585. "\xef\x01\x23\x45\x67\x89\xab\xcd\xde\xf0\x12\x34\x56\x78\x9a\xbc", 32,
  44586. "\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f", 16,
  44587. "", 0,
  44588. "\x4c\x9d\x4f\xca\xed\x8a\xe2\xba\xad\x3f\x3e\xa6\xe9\x3c\x8c\x8b", 16,
  44589. "\xb6\xc1\x60\xe9\xc2\xfd\x2a\xe8\xde\xc5\x36\x8b\x2a\x33\xed\xe1",
  44590. "\x14\xff\xb3\x97\x34\x5c\xcb\xe4\x4a\xa4\xde\xac\xd9\x36\x90\x46", 16
  44591. },
  44592. { "\x01\x23\x45\x67\x89\xab\xcd\xef\xf0\x12\x34\x56\x78\x9a\xbc\xde"
  44593. "\xef\x01\x23\x45\x67\x89\xab\xcd\xde\xf0\x12\x34\x56\x78\x9a\xbc", 32,
  44594. "\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e", 15,
  44595. "\x4c\x9d\x4f\xca\xed\x8a\xe2\xba\xad\x3f\x3e\xa6\xe9\x3c\x8c", 15,
  44596. "\xba\x99\x79\x31\x23\x7e\x3c\x53\x58\x7e\xd4\x93\x02\xab\xe4", 15,
  44597. "\x03\x8c\x41\x51\xba\x7a\x8f\x77\x6e\x56\x31\x99\x42\x0b\xc7\x03",
  44598. "\xe7\x6c\x67\xc9\xda\xb7\x0d\x5b\x44\x06\x26\x5a\xd0\xd2\x3b", 15
  44599. },
  44600. { "\x01\x23\x45\x67\x89\xab\xcd\xef\xf0\x12\x34\x56\x78\x9a\xbc\xde"
  44601. "\xef\x01\x23\x45\x67\x89\xab\xcd\xde\xf0\x12\x34\x56\x78\x9a\xbc", 32,
  44602. "\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f", 16,
  44603. "\x4c\x9d\x4f\xca\xed\x8a\xe2\xba\xad\x3f\x3e\xa6\xe9\x3c\x8c\x8b", 16,
  44604. "\xba\x99\x79\x31\x23\x7e\x3c\x53\x58\x7e\xd4\x93\x02\xab\xe4\xa7", 16,
  44605. "\x5c\x05\x23\x65\xf4\x57\x0a\xa0\xfb\x38\x3e\xce\x9b\x75\x85\xeb",
  44606. "\x68\x85\x19\x36\x0c\x7c\x48\x11\x40\xcb\x9b\x57\x9a\x0e\x65\x32", 16
  44607. },
  44608. { "\x01\x23\x45\x67\x89\xab\xcd\xef\xf0\x12\x34\x56\x78\x9a\xbc\xde"
  44609. "\xef\x01\x23\x45\x67\x89\xab\xcd\xde\xf0\x12\x34\x56\x78\x9a\xbc", 32,
  44610. "\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f"
  44611. "\xd5", 17,
  44612. "\x4c\x9d\x4f\xca\xed\x8a\xe2\xba\xad\x3f\x3e\xa6\xe9\x3c\x8c\x8b"
  44613. "\xa0", 17,
  44614. "\xba\x99\x79\x31\x23\x7e\x3c\x53\x58\x7e\xd4\x93\x02\xab\xe4\xa7"
  44615. "\x08", 17,
  44616. "\xaf\x58\x4b\xe7\x82\x1e\x96\x19\x29\x91\x25\xe0\xdd\x80\x3b\x49",
  44617. "\xa5\x11\xcd\xb6\x08\xf3\x76\xa0\xb6\xfa\x15\x82\xf3\x95\xe1\xeb"
  44618. "\xbd", 17
  44619. },
  44620. { "\x01\x23\x45\x67\x89\xab\xcd\xef\xf0\x12\x34\x56\x78\x9a\xbc\xde"
  44621. "\xef\x01\x23\x45\x67\x89\xab\xcd\xde\xf0\x12\x34\x56\x78\x9a\xbc", 32,
  44622. "\xb0\x5a\x1b\xc7\x56\xe7\xb6\x2c\xb4\x85\xe5\x56\xa5\x28\xc0\x6c"
  44623. "\x2f\x3b\x0b\x9d\x1a\x0c\xdf\x69\x47\xe0\xcc\xc0\x87\xaa\x5c\x09"
  44624. "\x98\x48\x8d\x6a\x8e\x1e\x05\xd7\x8b\x68\x74\x83\xb5\x1d\xf1\x2c", 48,
  44625. "\xe5\x8b\xd2\x6a\x30\xc5\xc5\x61\xcc\xbd\x7c\x27\xbf\xfe\xf9\x06"
  44626. "\x00\x5b\xd7\xfc\x11\x0b\xcf\x16\x61\xef\xac\x05\xa7\xaf\xec\x27"
  44627. "\x41\xc8\x5e\x9e\x0d\xf9\x2f\xaf\x20\x79\x17\xe5\x17\x91\x2a\x27"
  44628. "\x34\x1c\xbc\xaf\xeb\xef\x7f\x52\xe7\x1e\x4c\x2a\xca\xbd\x2b\xbe"
  44629. "\x34\xd6\xfb\x69\xd3\x3e\x49\x59\x60\xb4\x26\xc9\xb8\xce\xba", 79,
  44630. "\x6c\xe7\xcf\x7e\xab\x7b\xa0\xe1\xa7\x22\xcb\x88\xde\x5e\x42\xd2"
  44631. "\xec\x79\xe0\xa2\xcf\x5f\x0f\x6f\x6b\x89\x57\xcd\xae\x17\xd4\xc2"
  44632. "\xf3\x1b\xa2\xa8\x13\x78\x23\x2f\x83\xa8\xd4\x0c\xc0\xd2\xf3\x99"
  44633. "\xae\x81\xa1\xca\x5b\x5f\x45\xa6\x6f\x0c\x8a\xf3\xd4\x67\x40\x81"
  44634. "\x26\xe2\x01\x86\xe8\x5a\xd5\xf8\x58\x80\x9f\x56\xaa\x76\x96\xbf"
  44635. "\x31", 81,
  44636. "\x9a\x06\x33\xe0\xee\x00\x6a\x9b\xc8\x20\xd5\xe2\xc2\xed\xb5\x75",
  44637. "\xfa\x9e\x42\x2a\x31\x6b\xda\xca\xaa\x7d\x31\x8b\x84\x7a\xb8\xd7"
  44638. "\x8a\x81\x25\x64\xed\x41\x9b\xa9\x77\x10\xbd\x05\x0c\x4e\xc5\x31"
  44639. "\x0c\xa2\x86\xec\x8a\x94\xc8\x24\x23\x3c\x13\xee\xa5\x51\xc9\xdf"
  44640. "\x48\xc9\x55\xc5\x2f\x40\x73\x3f\x98\xbb\x8d\x69\x78\x46\x64\x17"
  44641. "\x8d\x49\x2f\x14\x62\xa4\x7c\x2a\x57\x38\x87\xce\xc6\x72\xd3\x5c"
  44642. "\xa1", 81
  44643. }};
  44644. int i;
  44645. byte computedCiphertext[82];
  44646. byte computedPlaintext[82];
  44647. byte siv[AES_BLOCK_SIZE];
  44648. wc_test_ret_t ret = 0;
  44649. for (i = 0; i < AES_SIV_TEST_VECTORS; ++i) {
  44650. ret = wc_AesSivEncrypt(testVectors[i].key, testVectors[i].keySz,
  44651. testVectors[i].assoc, testVectors[i].assocSz,
  44652. testVectors[i].nonce, testVectors[i].nonceSz,
  44653. testVectors[i].plaintext,
  44654. testVectors[i].plaintextSz, siv,
  44655. computedCiphertext);
  44656. if (ret != 0) {
  44657. return WC_TEST_RET_ENC_EC(ret);
  44658. }
  44659. ret = XMEMCMP(siv, testVectors[i].siv, AES_BLOCK_SIZE);
  44660. if (ret != 0) {
  44661. return WC_TEST_RET_ENC_NC;
  44662. }
  44663. ret = XMEMCMP(computedCiphertext, testVectors[i].ciphertext,
  44664. testVectors[i].ciphertextSz);
  44665. if (ret != 0) {
  44666. return WC_TEST_RET_ENC_NC;
  44667. }
  44668. ret = wc_AesSivDecrypt(testVectors[i].key, testVectors[i].keySz,
  44669. testVectors[i].assoc, testVectors[i].assocSz,
  44670. testVectors[i].nonce, testVectors[i].nonceSz,
  44671. computedCiphertext, testVectors[i].plaintextSz,
  44672. siv, computedPlaintext);
  44673. if (ret != 0) {
  44674. return WC_TEST_RET_ENC_EC(ret);
  44675. }
  44676. ret = XMEMCMP(computedPlaintext, testVectors[i].plaintext,
  44677. testVectors[i].plaintextSz);
  44678. if (ret != 0) {
  44679. return WC_TEST_RET_ENC_NC;
  44680. }
  44681. }
  44682. return 0;
  44683. }
  44684. #endif
  44685. #undef ERROR_OUT
  44686. static const int fiducial4 = WC_TEST_RET_LN;
  44687. /* print the fiducial line numbers assigned above, allowing confirmation of
  44688. * source code version match when in doubt.
  44689. */
  44690. static void print_fiducials(void) {
  44691. printf(" [fiducial line numbers: %d %d %d %d]\n",
  44692. fiducial1, fiducial2, fiducial3, fiducial4);
  44693. }
  44694. #else
  44695. #ifndef NO_MAIN_DRIVER
  44696. int main(void) { return 0; }
  44697. #endif
  44698. #endif /* NO_CRYPT_TEST */