api.c 1.3 MB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422423424425426427428429430431432433434435436437438439440441442443444445446447448449450451452453454455456457458459460461462463464465466467468469470471472473474475476477478479480481482483484485486487488489490491492493494495496497498499500501502503504505506507508509510511512513514515516517518519520521522523524525526527528529530531532533534535536537538539540541542543544545546547548549550551552553554555556557558559560561562563564565566567568569570571572573574575576577578579580581582583584585586587588589590591592593594595596597598599600601602603604605606607608609610611612613614615616617618619620621622623624625626627628629630631632633634635636637638639640641642643644645646647648649650651652653654655656657658659660661662663664665666667668669670671672673674675676677678679680681682683684685686687688689690691692693694695696697698699700701702703704705706707708709710711712713714715716717718719720721722723724725726727728729730731732733734735736737738739740741742743744745746747748749750751752753754755756757758759760761762763764765766767768769770771772773774775776777778779780781782783784785786787788789790791792793794795796797798799800801802803804805806807808809810811812813814815816817818819820821822823824825826827828829830831832833834835836837838839840841842843844845846847848849850851852853854855856857858859860861862863864865866867868869870871872873874875876877878879880881882883884885886887888889890891892893894895896897898899900901902903904905906907908909910911912913914915916917918919920921922923924925926927928929930931932933934935936937938939940941942943944945946947948949950951952953954955956957958959960961962963964965966967968969970971972973974975976977978979980981982983984985986987988989990991992993994995996997998999100010011002100310041005100610071008100910101011101210131014101510161017101810191020102110221023102410251026102710281029103010311032103310341035103610371038103910401041104210431044104510461047104810491050105110521053105410551056105710581059106010611062106310641065106610671068106910701071107210731074107510761077107810791080108110821083108410851086108710881089109010911092109310941095109610971098109911001101110211031104110511061107110811091110111111121113111411151116111711181119112011211122112311241125112611271128112911301131113211331134113511361137113811391140114111421143114411451146114711481149115011511152115311541155115611571158115911601161116211631164116511661167116811691170117111721173117411751176117711781179118011811182118311841185118611871188118911901191119211931194119511961197119811991200120112021203120412051206120712081209121012111212121312141215121612171218121912201221122212231224122512261227122812291230123112321233123412351236123712381239124012411242124312441245124612471248124912501251125212531254125512561257125812591260126112621263126412651266126712681269127012711272127312741275127612771278127912801281128212831284128512861287128812891290129112921293129412951296129712981299130013011302130313041305130613071308130913101311131213131314131513161317131813191320132113221323132413251326132713281329133013311332133313341335133613371338133913401341134213431344134513461347134813491350135113521353135413551356135713581359136013611362136313641365136613671368136913701371137213731374137513761377137813791380138113821383138413851386138713881389139013911392139313941395139613971398139914001401140214031404140514061407140814091410141114121413141414151416141714181419142014211422142314241425142614271428142914301431143214331434143514361437143814391440144114421443144414451446144714481449145014511452145314541455145614571458145914601461146214631464146514661467146814691470147114721473147414751476147714781479148014811482148314841485148614871488148914901491149214931494149514961497149814991500150115021503150415051506150715081509151015111512151315141515151615171518151915201521152215231524152515261527152815291530153115321533153415351536153715381539154015411542154315441545154615471548154915501551155215531554155515561557155815591560156115621563156415651566156715681569157015711572157315741575157615771578157915801581158215831584158515861587158815891590159115921593159415951596159715981599160016011602160316041605160616071608160916101611161216131614161516161617161816191620162116221623162416251626162716281629163016311632163316341635163616371638163916401641164216431644164516461647164816491650165116521653165416551656165716581659166016611662166316641665166616671668166916701671167216731674167516761677167816791680168116821683168416851686168716881689169016911692169316941695169616971698169917001701170217031704170517061707170817091710171117121713171417151716171717181719172017211722172317241725172617271728172917301731173217331734173517361737173817391740174117421743174417451746174717481749175017511752175317541755175617571758175917601761176217631764176517661767176817691770177117721773177417751776177717781779178017811782178317841785178617871788178917901791179217931794179517961797179817991800180118021803180418051806180718081809181018111812181318141815181618171818181918201821182218231824182518261827182818291830183118321833183418351836183718381839184018411842184318441845184618471848184918501851185218531854185518561857185818591860186118621863186418651866186718681869187018711872187318741875187618771878187918801881188218831884188518861887188818891890189118921893189418951896189718981899190019011902190319041905190619071908190919101911191219131914191519161917191819191920192119221923192419251926192719281929193019311932193319341935193619371938193919401941194219431944194519461947194819491950195119521953195419551956195719581959196019611962196319641965196619671968196919701971197219731974197519761977197819791980198119821983198419851986198719881989199019911992199319941995199619971998199920002001200220032004200520062007200820092010201120122013201420152016201720182019202020212022202320242025202620272028202920302031203220332034203520362037203820392040204120422043204420452046204720482049205020512052205320542055205620572058205920602061206220632064206520662067206820692070207120722073207420752076207720782079208020812082208320842085208620872088208920902091209220932094209520962097209820992100210121022103210421052106210721082109211021112112211321142115211621172118211921202121212221232124212521262127212821292130213121322133213421352136213721382139214021412142214321442145214621472148214921502151215221532154215521562157215821592160216121622163216421652166216721682169217021712172217321742175217621772178217921802181218221832184218521862187218821892190219121922193219421952196219721982199220022012202220322042205220622072208220922102211221222132214221522162217221822192220222122222223222422252226222722282229223022312232223322342235223622372238223922402241224222432244224522462247224822492250225122522253225422552256225722582259226022612262226322642265226622672268226922702271227222732274227522762277227822792280228122822283228422852286228722882289229022912292229322942295229622972298229923002301230223032304230523062307230823092310231123122313231423152316231723182319232023212322232323242325232623272328232923302331233223332334233523362337233823392340234123422343234423452346234723482349235023512352235323542355235623572358235923602361236223632364236523662367236823692370237123722373237423752376237723782379238023812382238323842385238623872388238923902391239223932394239523962397239823992400240124022403240424052406240724082409241024112412241324142415241624172418241924202421242224232424242524262427242824292430243124322433243424352436243724382439244024412442244324442445244624472448244924502451245224532454245524562457245824592460246124622463246424652466246724682469247024712472247324742475247624772478247924802481248224832484248524862487248824892490249124922493249424952496249724982499250025012502250325042505250625072508250925102511251225132514251525162517251825192520252125222523252425252526252725282529253025312532253325342535253625372538253925402541254225432544254525462547254825492550255125522553255425552556255725582559256025612562256325642565256625672568256925702571257225732574257525762577257825792580258125822583258425852586258725882589259025912592259325942595259625972598259926002601260226032604260526062607260826092610261126122613261426152616261726182619262026212622262326242625262626272628262926302631263226332634263526362637263826392640264126422643264426452646264726482649265026512652265326542655265626572658265926602661266226632664266526662667266826692670267126722673267426752676267726782679268026812682268326842685268626872688268926902691269226932694269526962697269826992700270127022703270427052706270727082709271027112712271327142715271627172718271927202721272227232724272527262727272827292730273127322733273427352736273727382739274027412742274327442745274627472748274927502751275227532754275527562757275827592760276127622763276427652766276727682769277027712772277327742775277627772778277927802781278227832784278527862787278827892790279127922793279427952796279727982799280028012802280328042805280628072808280928102811281228132814281528162817281828192820282128222823282428252826282728282829283028312832283328342835283628372838283928402841284228432844284528462847284828492850285128522853285428552856285728582859286028612862286328642865286628672868286928702871287228732874287528762877287828792880288128822883288428852886288728882889289028912892289328942895289628972898289929002901290229032904290529062907290829092910291129122913291429152916291729182919292029212922292329242925292629272928292929302931293229332934293529362937293829392940294129422943294429452946294729482949295029512952295329542955295629572958295929602961296229632964296529662967296829692970297129722973297429752976297729782979298029812982298329842985298629872988298929902991299229932994299529962997299829993000300130023003300430053006300730083009301030113012301330143015301630173018301930203021302230233024302530263027302830293030303130323033303430353036303730383039304030413042304330443045304630473048304930503051305230533054305530563057305830593060306130623063306430653066306730683069307030713072307330743075307630773078307930803081308230833084308530863087308830893090309130923093309430953096309730983099310031013102310331043105310631073108310931103111311231133114311531163117311831193120312131223123312431253126312731283129313031313132313331343135313631373138313931403141314231433144314531463147314831493150315131523153315431553156315731583159316031613162316331643165316631673168316931703171317231733174317531763177317831793180318131823183318431853186318731883189319031913192319331943195319631973198319932003201320232033204320532063207320832093210321132123213321432153216321732183219322032213222322332243225322632273228322932303231323232333234323532363237323832393240324132423243324432453246324732483249325032513252325332543255325632573258325932603261326232633264326532663267326832693270327132723273327432753276327732783279328032813282328332843285328632873288328932903291329232933294329532963297329832993300330133023303330433053306330733083309331033113312331333143315331633173318331933203321332233233324332533263327332833293330333133323333333433353336333733383339334033413342334333443345334633473348334933503351335233533354335533563357335833593360336133623363336433653366336733683369337033713372337333743375337633773378337933803381338233833384338533863387338833893390339133923393339433953396339733983399340034013402340334043405340634073408340934103411341234133414341534163417341834193420342134223423342434253426342734283429343034313432343334343435343634373438343934403441344234433444344534463447344834493450345134523453345434553456345734583459346034613462346334643465346634673468346934703471347234733474347534763477347834793480348134823483348434853486348734883489349034913492349334943495349634973498349935003501350235033504350535063507350835093510351135123513351435153516351735183519352035213522352335243525352635273528352935303531353235333534353535363537353835393540354135423543354435453546354735483549355035513552355335543555355635573558355935603561356235633564356535663567356835693570357135723573357435753576357735783579358035813582358335843585358635873588358935903591359235933594359535963597359835993600360136023603360436053606360736083609361036113612361336143615361636173618361936203621362236233624362536263627362836293630363136323633363436353636363736383639364036413642364336443645364636473648364936503651365236533654365536563657365836593660366136623663366436653666366736683669367036713672367336743675367636773678367936803681368236833684368536863687368836893690369136923693369436953696369736983699370037013702370337043705370637073708370937103711371237133714371537163717371837193720372137223723372437253726372737283729373037313732373337343735373637373738373937403741374237433744374537463747374837493750375137523753375437553756375737583759376037613762376337643765376637673768376937703771377237733774377537763777377837793780378137823783378437853786378737883789379037913792379337943795379637973798379938003801380238033804380538063807380838093810381138123813381438153816381738183819382038213822382338243825382638273828382938303831383238333834383538363837383838393840384138423843384438453846384738483849385038513852385338543855385638573858385938603861386238633864386538663867386838693870387138723873387438753876387738783879388038813882388338843885388638873888388938903891389238933894389538963897389838993900390139023903390439053906390739083909391039113912391339143915391639173918391939203921392239233924392539263927392839293930393139323933393439353936393739383939394039413942394339443945394639473948394939503951395239533954395539563957395839593960396139623963396439653966396739683969397039713972397339743975397639773978397939803981398239833984398539863987398839893990399139923993399439953996399739983999400040014002400340044005400640074008400940104011401240134014401540164017401840194020402140224023402440254026402740284029403040314032403340344035403640374038403940404041404240434044404540464047404840494050405140524053405440554056405740584059406040614062406340644065406640674068406940704071407240734074407540764077407840794080408140824083408440854086408740884089409040914092409340944095409640974098409941004101410241034104410541064107410841094110411141124113411441154116411741184119412041214122412341244125412641274128412941304131413241334134413541364137413841394140414141424143414441454146414741484149415041514152415341544155415641574158415941604161416241634164416541664167416841694170417141724173417441754176417741784179418041814182418341844185418641874188418941904191419241934194419541964197419841994200420142024203420442054206420742084209421042114212421342144215421642174218421942204221422242234224422542264227422842294230423142324233423442354236423742384239424042414242424342444245424642474248424942504251425242534254425542564257425842594260426142624263426442654266426742684269427042714272427342744275427642774278427942804281428242834284428542864287428842894290429142924293429442954296429742984299430043014302430343044305430643074308430943104311431243134314431543164317431843194320432143224323432443254326432743284329433043314332433343344335433643374338433943404341434243434344434543464347434843494350435143524353435443554356435743584359436043614362436343644365436643674368436943704371437243734374437543764377437843794380438143824383438443854386438743884389439043914392439343944395439643974398439944004401440244034404440544064407440844094410441144124413441444154416441744184419442044214422442344244425442644274428442944304431443244334434443544364437443844394440444144424443444444454446444744484449445044514452445344544455445644574458445944604461446244634464446544664467446844694470447144724473447444754476447744784479448044814482448344844485448644874488448944904491449244934494449544964497449844994500450145024503450445054506450745084509451045114512451345144515451645174518451945204521452245234524452545264527452845294530453145324533453445354536453745384539454045414542454345444545454645474548454945504551455245534554455545564557455845594560456145624563456445654566456745684569457045714572457345744575457645774578457945804581458245834584458545864587458845894590459145924593459445954596459745984599460046014602460346044605460646074608460946104611461246134614461546164617461846194620462146224623462446254626462746284629463046314632463346344635463646374638463946404641464246434644464546464647464846494650465146524653465446554656465746584659466046614662466346644665466646674668466946704671467246734674467546764677467846794680468146824683468446854686468746884689469046914692469346944695469646974698469947004701470247034704470547064707470847094710471147124713471447154716471747184719472047214722472347244725472647274728472947304731473247334734473547364737473847394740474147424743474447454746474747484749475047514752475347544755475647574758475947604761476247634764476547664767476847694770477147724773477447754776477747784779478047814782478347844785478647874788478947904791479247934794479547964797479847994800480148024803480448054806480748084809481048114812481348144815481648174818481948204821482248234824482548264827482848294830483148324833483448354836483748384839484048414842484348444845484648474848484948504851485248534854485548564857485848594860486148624863486448654866486748684869487048714872487348744875487648774878487948804881488248834884488548864887488848894890489148924893489448954896489748984899490049014902490349044905490649074908490949104911491249134914491549164917491849194920492149224923492449254926492749284929493049314932493349344935493649374938493949404941494249434944494549464947494849494950495149524953495449554956495749584959496049614962496349644965496649674968496949704971497249734974497549764977497849794980498149824983498449854986498749884989499049914992499349944995499649974998499950005001500250035004500550065007500850095010501150125013501450155016501750185019502050215022502350245025502650275028502950305031503250335034503550365037503850395040504150425043504450455046504750485049505050515052505350545055505650575058505950605061506250635064506550665067506850695070507150725073507450755076507750785079508050815082508350845085508650875088508950905091509250935094509550965097509850995100510151025103510451055106510751085109511051115112511351145115511651175118511951205121512251235124512551265127512851295130513151325133513451355136513751385139514051415142514351445145514651475148514951505151515251535154515551565157515851595160516151625163516451655166516751685169517051715172517351745175517651775178517951805181518251835184518551865187518851895190519151925193519451955196519751985199520052015202520352045205520652075208520952105211521252135214521552165217521852195220522152225223522452255226522752285229523052315232523352345235523652375238523952405241524252435244524552465247524852495250525152525253525452555256525752585259526052615262526352645265526652675268526952705271527252735274527552765277527852795280528152825283528452855286528752885289529052915292529352945295529652975298529953005301530253035304530553065307530853095310531153125313531453155316531753185319532053215322532353245325532653275328532953305331533253335334533553365337533853395340534153425343534453455346534753485349535053515352535353545355535653575358535953605361536253635364536553665367536853695370537153725373537453755376537753785379538053815382538353845385538653875388538953905391539253935394539553965397539853995400540154025403540454055406540754085409541054115412541354145415541654175418541954205421542254235424542554265427542854295430543154325433543454355436543754385439544054415442544354445445544654475448544954505451545254535454545554565457545854595460546154625463546454655466546754685469547054715472547354745475547654775478547954805481548254835484548554865487548854895490549154925493549454955496549754985499550055015502550355045505550655075508550955105511551255135514551555165517551855195520552155225523552455255526552755285529553055315532553355345535553655375538553955405541554255435544554555465547554855495550555155525553555455555556555755585559556055615562556355645565556655675568556955705571557255735574557555765577557855795580558155825583558455855586558755885589559055915592559355945595559655975598559956005601560256035604560556065607560856095610561156125613561456155616561756185619562056215622562356245625562656275628562956305631563256335634563556365637563856395640564156425643564456455646564756485649565056515652565356545655565656575658565956605661566256635664566556665667566856695670567156725673567456755676567756785679568056815682568356845685568656875688568956905691569256935694569556965697569856995700570157025703570457055706570757085709571057115712571357145715571657175718571957205721572257235724572557265727572857295730573157325733573457355736573757385739574057415742574357445745574657475748574957505751575257535754575557565757575857595760576157625763576457655766576757685769577057715772577357745775577657775778577957805781578257835784578557865787578857895790579157925793579457955796579757985799580058015802580358045805580658075808580958105811581258135814581558165817581858195820582158225823582458255826582758285829583058315832583358345835583658375838583958405841584258435844584558465847584858495850585158525853585458555856585758585859586058615862586358645865586658675868586958705871587258735874587558765877587858795880588158825883588458855886588758885889589058915892589358945895589658975898589959005901590259035904590559065907590859095910591159125913591459155916591759185919592059215922592359245925592659275928592959305931593259335934593559365937593859395940594159425943594459455946594759485949595059515952595359545955595659575958595959605961596259635964596559665967596859695970597159725973597459755976597759785979598059815982598359845985598659875988598959905991599259935994599559965997599859996000600160026003600460056006600760086009601060116012601360146015601660176018601960206021602260236024602560266027602860296030603160326033603460356036603760386039604060416042604360446045604660476048604960506051605260536054605560566057605860596060606160626063606460656066606760686069607060716072607360746075607660776078607960806081608260836084608560866087608860896090609160926093609460956096609760986099610061016102610361046105610661076108610961106111611261136114611561166117611861196120612161226123612461256126612761286129613061316132613361346135613661376138613961406141614261436144614561466147614861496150615161526153615461556156615761586159616061616162616361646165616661676168616961706171617261736174617561766177617861796180618161826183618461856186618761886189619061916192619361946195619661976198619962006201620262036204620562066207620862096210621162126213621462156216621762186219622062216222622362246225622662276228622962306231623262336234623562366237623862396240624162426243624462456246624762486249625062516252625362546255625662576258625962606261626262636264626562666267626862696270627162726273627462756276627762786279628062816282628362846285628662876288628962906291629262936294629562966297629862996300630163026303630463056306630763086309631063116312631363146315631663176318631963206321632263236324632563266327632863296330633163326333633463356336633763386339634063416342634363446345634663476348634963506351635263536354635563566357635863596360636163626363636463656366636763686369637063716372637363746375637663776378637963806381638263836384638563866387638863896390639163926393639463956396639763986399640064016402640364046405640664076408640964106411641264136414641564166417641864196420642164226423642464256426642764286429643064316432643364346435643664376438643964406441644264436444644564466447644864496450645164526453645464556456645764586459646064616462646364646465646664676468646964706471647264736474647564766477647864796480648164826483648464856486648764886489649064916492649364946495649664976498649965006501650265036504650565066507650865096510651165126513651465156516651765186519652065216522652365246525652665276528652965306531653265336534653565366537653865396540654165426543654465456546654765486549655065516552655365546555655665576558655965606561656265636564656565666567656865696570657165726573657465756576657765786579658065816582658365846585658665876588658965906591659265936594659565966597659865996600660166026603660466056606660766086609661066116612661366146615661666176618661966206621662266236624662566266627662866296630663166326633663466356636663766386639664066416642664366446645664666476648664966506651665266536654665566566657665866596660666166626663666466656666666766686669667066716672667366746675667666776678667966806681668266836684668566866687668866896690669166926693669466956696669766986699670067016702670367046705670667076708670967106711671267136714671567166717671867196720672167226723672467256726672767286729673067316732673367346735673667376738673967406741674267436744674567466747674867496750675167526753675467556756675767586759676067616762676367646765676667676768676967706771677267736774677567766777677867796780678167826783678467856786678767886789679067916792679367946795679667976798679968006801680268036804680568066807680868096810681168126813681468156816681768186819682068216822682368246825682668276828682968306831683268336834683568366837683868396840684168426843684468456846684768486849685068516852685368546855685668576858685968606861686268636864686568666867686868696870687168726873687468756876687768786879688068816882688368846885688668876888688968906891689268936894689568966897689868996900690169026903690469056906690769086909691069116912691369146915691669176918691969206921692269236924692569266927692869296930693169326933693469356936693769386939694069416942694369446945694669476948694969506951695269536954695569566957695869596960696169626963696469656966696769686969697069716972697369746975697669776978697969806981698269836984698569866987698869896990699169926993699469956996699769986999700070017002700370047005700670077008700970107011701270137014701570167017701870197020702170227023702470257026702770287029703070317032703370347035703670377038703970407041704270437044704570467047704870497050705170527053705470557056705770587059706070617062706370647065706670677068706970707071707270737074707570767077707870797080708170827083708470857086708770887089709070917092709370947095709670977098709971007101710271037104710571067107710871097110711171127113711471157116711771187119712071217122712371247125712671277128712971307131713271337134713571367137713871397140714171427143714471457146714771487149715071517152715371547155715671577158715971607161716271637164716571667167716871697170717171727173717471757176717771787179718071817182718371847185718671877188718971907191719271937194719571967197719871997200720172027203720472057206720772087209721072117212721372147215721672177218721972207221722272237224722572267227722872297230723172327233723472357236723772387239724072417242724372447245724672477248724972507251725272537254725572567257725872597260726172627263726472657266726772687269727072717272727372747275727672777278727972807281728272837284728572867287728872897290729172927293729472957296729772987299730073017302730373047305730673077308730973107311731273137314731573167317731873197320732173227323732473257326732773287329733073317332733373347335733673377338733973407341734273437344734573467347734873497350735173527353735473557356735773587359736073617362736373647365736673677368736973707371737273737374737573767377737873797380738173827383738473857386738773887389739073917392739373947395739673977398739974007401740274037404740574067407740874097410741174127413741474157416741774187419742074217422742374247425742674277428742974307431743274337434743574367437743874397440744174427443744474457446744774487449745074517452745374547455745674577458745974607461746274637464746574667467746874697470747174727473747474757476747774787479748074817482748374847485748674877488748974907491749274937494749574967497749874997500750175027503750475057506750775087509751075117512751375147515751675177518751975207521752275237524752575267527752875297530753175327533753475357536753775387539754075417542754375447545754675477548754975507551755275537554755575567557755875597560756175627563756475657566756775687569757075717572757375747575757675777578757975807581758275837584758575867587758875897590759175927593759475957596759775987599760076017602760376047605760676077608760976107611761276137614761576167617761876197620762176227623762476257626762776287629763076317632763376347635763676377638763976407641764276437644764576467647764876497650765176527653765476557656765776587659766076617662766376647665766676677668766976707671767276737674767576767677767876797680768176827683768476857686768776887689769076917692769376947695769676977698769977007701770277037704770577067707770877097710771177127713771477157716771777187719772077217722772377247725772677277728772977307731773277337734773577367737773877397740774177427743774477457746774777487749775077517752775377547755775677577758775977607761776277637764776577667767776877697770777177727773777477757776777777787779778077817782778377847785778677877788778977907791779277937794779577967797779877997800780178027803780478057806780778087809781078117812781378147815781678177818781978207821782278237824782578267827782878297830783178327833783478357836783778387839784078417842784378447845784678477848784978507851785278537854785578567857785878597860786178627863786478657866786778687869787078717872787378747875787678777878787978807881788278837884788578867887788878897890789178927893789478957896789778987899790079017902790379047905790679077908790979107911791279137914791579167917791879197920792179227923792479257926792779287929793079317932793379347935793679377938793979407941794279437944794579467947794879497950795179527953795479557956795779587959796079617962796379647965796679677968796979707971797279737974797579767977797879797980798179827983798479857986798779887989799079917992799379947995799679977998799980008001800280038004800580068007800880098010801180128013801480158016801780188019802080218022802380248025802680278028802980308031803280338034803580368037803880398040804180428043804480458046804780488049805080518052805380548055805680578058805980608061806280638064806580668067806880698070807180728073807480758076807780788079808080818082808380848085808680878088808980908091809280938094809580968097809880998100810181028103810481058106810781088109811081118112811381148115811681178118811981208121812281238124812581268127812881298130813181328133813481358136813781388139814081418142814381448145814681478148814981508151815281538154815581568157815881598160816181628163816481658166816781688169817081718172817381748175817681778178817981808181818281838184818581868187818881898190819181928193819481958196819781988199820082018202820382048205820682078208820982108211821282138214821582168217821882198220822182228223822482258226822782288229823082318232823382348235823682378238823982408241824282438244824582468247824882498250825182528253825482558256825782588259826082618262826382648265826682678268826982708271827282738274827582768277827882798280828182828283828482858286828782888289829082918292829382948295829682978298829983008301830283038304830583068307830883098310831183128313831483158316831783188319832083218322832383248325832683278328832983308331833283338334833583368337833883398340834183428343834483458346834783488349835083518352835383548355835683578358835983608361836283638364836583668367836883698370837183728373837483758376837783788379838083818382838383848385838683878388838983908391839283938394839583968397839883998400840184028403840484058406840784088409841084118412841384148415841684178418841984208421842284238424842584268427842884298430843184328433843484358436843784388439844084418442844384448445844684478448844984508451845284538454845584568457845884598460846184628463846484658466846784688469847084718472847384748475847684778478847984808481848284838484848584868487848884898490849184928493849484958496849784988499850085018502850385048505850685078508850985108511851285138514851585168517851885198520852185228523852485258526852785288529853085318532853385348535853685378538853985408541854285438544854585468547854885498550855185528553855485558556855785588559856085618562856385648565856685678568856985708571857285738574857585768577857885798580858185828583858485858586858785888589859085918592859385948595859685978598859986008601860286038604860586068607860886098610861186128613861486158616861786188619862086218622862386248625862686278628862986308631863286338634863586368637863886398640864186428643864486458646864786488649865086518652865386548655865686578658865986608661866286638664866586668667866886698670867186728673867486758676867786788679868086818682868386848685868686878688868986908691869286938694869586968697869886998700870187028703870487058706870787088709871087118712871387148715871687178718871987208721872287238724872587268727872887298730873187328733873487358736873787388739874087418742874387448745874687478748874987508751875287538754875587568757875887598760876187628763876487658766876787688769877087718772877387748775877687778778877987808781878287838784878587868787878887898790879187928793879487958796879787988799880088018802880388048805880688078808880988108811881288138814881588168817881888198820882188228823882488258826882788288829883088318832883388348835883688378838883988408841884288438844884588468847884888498850885188528853885488558856885788588859886088618862886388648865886688678868886988708871887288738874887588768877887888798880888188828883888488858886888788888889889088918892889388948895889688978898889989008901890289038904890589068907890889098910891189128913891489158916891789188919892089218922892389248925892689278928892989308931893289338934893589368937893889398940894189428943894489458946894789488949895089518952895389548955895689578958895989608961896289638964896589668967896889698970897189728973897489758976897789788979898089818982898389848985898689878988898989908991899289938994899589968997899889999000900190029003900490059006900790089009901090119012901390149015901690179018901990209021902290239024902590269027902890299030903190329033903490359036903790389039904090419042904390449045904690479048904990509051905290539054905590569057905890599060906190629063906490659066906790689069907090719072907390749075907690779078907990809081908290839084908590869087908890899090909190929093909490959096909790989099910091019102910391049105910691079108910991109111911291139114911591169117911891199120912191229123912491259126912791289129913091319132913391349135913691379138913991409141914291439144914591469147914891499150915191529153915491559156915791589159916091619162916391649165916691679168916991709171917291739174917591769177917891799180918191829183918491859186918791889189919091919192919391949195919691979198919992009201920292039204920592069207920892099210921192129213921492159216921792189219922092219222922392249225922692279228922992309231923292339234923592369237923892399240924192429243924492459246924792489249925092519252925392549255925692579258925992609261926292639264926592669267926892699270927192729273927492759276927792789279928092819282928392849285928692879288928992909291929292939294929592969297929892999300930193029303930493059306930793089309931093119312931393149315931693179318931993209321932293239324932593269327932893299330933193329333933493359336933793389339934093419342934393449345934693479348934993509351935293539354935593569357935893599360936193629363936493659366936793689369937093719372937393749375937693779378937993809381938293839384938593869387938893899390939193929393939493959396939793989399940094019402940394049405940694079408940994109411941294139414941594169417941894199420942194229423942494259426942794289429943094319432943394349435943694379438943994409441944294439444944594469447944894499450945194529453945494559456945794589459946094619462946394649465946694679468946994709471947294739474947594769477947894799480948194829483948494859486948794889489949094919492949394949495949694979498949995009501950295039504950595069507950895099510951195129513951495159516951795189519952095219522952395249525952695279528952995309531953295339534953595369537953895399540954195429543954495459546954795489549955095519552955395549555955695579558955995609561956295639564956595669567956895699570957195729573957495759576957795789579958095819582958395849585958695879588958995909591959295939594959595969597959895999600960196029603960496059606960796089609961096119612961396149615961696179618961996209621962296239624962596269627962896299630963196329633963496359636963796389639964096419642964396449645964696479648964996509651965296539654965596569657965896599660966196629663966496659666966796689669967096719672967396749675967696779678967996809681968296839684968596869687968896899690969196929693969496959696969796989699970097019702970397049705970697079708970997109711971297139714971597169717971897199720972197229723972497259726972797289729973097319732973397349735973697379738973997409741974297439744974597469747974897499750975197529753975497559756975797589759976097619762976397649765976697679768976997709771977297739774977597769777977897799780978197829783978497859786978797889789979097919792979397949795979697979798979998009801980298039804980598069807980898099810981198129813981498159816981798189819982098219822982398249825982698279828982998309831983298339834983598369837983898399840984198429843984498459846984798489849985098519852985398549855985698579858985998609861986298639864986598669867986898699870987198729873987498759876987798789879988098819882988398849885988698879888988998909891989298939894989598969897989898999900990199029903990499059906990799089909991099119912991399149915991699179918991999209921992299239924992599269927992899299930993199329933993499359936993799389939994099419942994399449945994699479948994999509951995299539954995599569957995899599960996199629963996499659966996799689969997099719972997399749975997699779978997999809981998299839984998599869987998899899990999199929993999499959996999799989999100001000110002100031000410005100061000710008100091001010011100121001310014100151001610017100181001910020100211002210023100241002510026100271002810029100301003110032100331003410035100361003710038100391004010041100421004310044100451004610047100481004910050100511005210053100541005510056100571005810059100601006110062100631006410065100661006710068100691007010071100721007310074100751007610077100781007910080100811008210083100841008510086100871008810089100901009110092100931009410095100961009710098100991010010101101021010310104101051010610107101081010910110101111011210113101141011510116101171011810119101201012110122101231012410125101261012710128101291013010131101321013310134101351013610137101381013910140101411014210143101441014510146101471014810149101501015110152101531015410155101561015710158101591016010161101621016310164101651016610167101681016910170101711017210173101741017510176101771017810179101801018110182101831018410185101861018710188101891019010191101921019310194101951019610197101981019910200102011020210203102041020510206102071020810209102101021110212102131021410215102161021710218102191022010221102221022310224102251022610227102281022910230102311023210233102341023510236102371023810239102401024110242102431024410245102461024710248102491025010251102521025310254102551025610257102581025910260102611026210263102641026510266102671026810269102701027110272102731027410275102761027710278102791028010281102821028310284102851028610287102881028910290102911029210293102941029510296102971029810299103001030110302103031030410305103061030710308103091031010311103121031310314103151031610317103181031910320103211032210323103241032510326103271032810329103301033110332103331033410335103361033710338103391034010341103421034310344103451034610347103481034910350103511035210353103541035510356103571035810359103601036110362103631036410365103661036710368103691037010371103721037310374103751037610377103781037910380103811038210383103841038510386103871038810389103901039110392103931039410395103961039710398103991040010401104021040310404104051040610407104081040910410104111041210413104141041510416104171041810419104201042110422104231042410425104261042710428104291043010431104321043310434104351043610437104381043910440104411044210443104441044510446104471044810449104501045110452104531045410455104561045710458104591046010461104621046310464104651046610467104681046910470104711047210473104741047510476104771047810479104801048110482104831048410485104861048710488104891049010491104921049310494104951049610497104981049910500105011050210503105041050510506105071050810509105101051110512105131051410515105161051710518105191052010521105221052310524105251052610527105281052910530105311053210533105341053510536105371053810539105401054110542105431054410545105461054710548105491055010551105521055310554105551055610557105581055910560105611056210563105641056510566105671056810569105701057110572105731057410575105761057710578105791058010581105821058310584105851058610587105881058910590105911059210593105941059510596105971059810599106001060110602106031060410605106061060710608106091061010611106121061310614106151061610617106181061910620106211062210623106241062510626106271062810629106301063110632106331063410635106361063710638106391064010641106421064310644106451064610647106481064910650106511065210653106541065510656106571065810659106601066110662106631066410665106661066710668106691067010671106721067310674106751067610677106781067910680106811068210683106841068510686106871068810689106901069110692106931069410695106961069710698106991070010701107021070310704107051070610707107081070910710107111071210713107141071510716107171071810719107201072110722107231072410725107261072710728107291073010731107321073310734107351073610737107381073910740107411074210743107441074510746107471074810749107501075110752107531075410755107561075710758107591076010761107621076310764107651076610767107681076910770107711077210773107741077510776107771077810779107801078110782107831078410785107861078710788107891079010791107921079310794107951079610797107981079910800108011080210803108041080510806108071080810809108101081110812108131081410815108161081710818108191082010821108221082310824108251082610827108281082910830108311083210833108341083510836108371083810839108401084110842108431084410845108461084710848108491085010851108521085310854108551085610857108581085910860108611086210863108641086510866108671086810869108701087110872108731087410875108761087710878108791088010881108821088310884108851088610887108881088910890108911089210893108941089510896108971089810899109001090110902109031090410905109061090710908109091091010911109121091310914109151091610917109181091910920109211092210923109241092510926109271092810929109301093110932109331093410935109361093710938109391094010941109421094310944109451094610947109481094910950109511095210953109541095510956109571095810959109601096110962109631096410965109661096710968109691097010971109721097310974109751097610977109781097910980109811098210983109841098510986109871098810989109901099110992109931099410995109961099710998109991100011001110021100311004110051100611007110081100911010110111101211013110141101511016110171101811019110201102111022110231102411025110261102711028110291103011031110321103311034110351103611037110381103911040110411104211043110441104511046110471104811049110501105111052110531105411055110561105711058110591106011061110621106311064110651106611067110681106911070110711107211073110741107511076110771107811079110801108111082110831108411085110861108711088110891109011091110921109311094110951109611097110981109911100111011110211103111041110511106111071110811109111101111111112111131111411115111161111711118111191112011121111221112311124111251112611127111281112911130111311113211133111341113511136111371113811139111401114111142111431114411145111461114711148111491115011151111521115311154111551115611157111581115911160111611116211163111641116511166111671116811169111701117111172111731117411175111761117711178111791118011181111821118311184111851118611187111881118911190111911119211193111941119511196111971119811199112001120111202112031120411205112061120711208112091121011211112121121311214112151121611217112181121911220112211122211223112241122511226112271122811229112301123111232112331123411235112361123711238112391124011241112421124311244112451124611247112481124911250112511125211253112541125511256112571125811259112601126111262112631126411265112661126711268112691127011271112721127311274112751127611277112781127911280112811128211283112841128511286112871128811289112901129111292112931129411295112961129711298112991130011301113021130311304113051130611307113081130911310113111131211313113141131511316113171131811319113201132111322113231132411325113261132711328113291133011331113321133311334113351133611337113381133911340113411134211343113441134511346113471134811349113501135111352113531135411355113561135711358113591136011361113621136311364113651136611367113681136911370113711137211373113741137511376113771137811379113801138111382113831138411385113861138711388113891139011391113921139311394113951139611397113981139911400114011140211403114041140511406114071140811409114101141111412114131141411415114161141711418114191142011421114221142311424114251142611427114281142911430114311143211433114341143511436114371143811439114401144111442114431144411445114461144711448114491145011451114521145311454114551145611457114581145911460114611146211463114641146511466114671146811469114701147111472114731147411475114761147711478114791148011481114821148311484114851148611487114881148911490114911149211493114941149511496114971149811499115001150111502115031150411505115061150711508115091151011511115121151311514115151151611517115181151911520115211152211523115241152511526115271152811529115301153111532115331153411535115361153711538115391154011541115421154311544115451154611547115481154911550115511155211553115541155511556115571155811559115601156111562115631156411565115661156711568115691157011571115721157311574115751157611577115781157911580115811158211583115841158511586115871158811589115901159111592115931159411595115961159711598115991160011601116021160311604116051160611607116081160911610116111161211613116141161511616116171161811619116201162111622116231162411625116261162711628116291163011631116321163311634116351163611637116381163911640116411164211643116441164511646116471164811649116501165111652116531165411655116561165711658116591166011661116621166311664116651166611667116681166911670116711167211673116741167511676116771167811679116801168111682116831168411685116861168711688116891169011691116921169311694116951169611697116981169911700117011170211703117041170511706117071170811709117101171111712117131171411715117161171711718117191172011721117221172311724117251172611727117281172911730117311173211733117341173511736117371173811739117401174111742117431174411745117461174711748117491175011751117521175311754117551175611757117581175911760117611176211763117641176511766117671176811769117701177111772117731177411775117761177711778117791178011781117821178311784117851178611787117881178911790117911179211793117941179511796117971179811799118001180111802118031180411805118061180711808118091181011811118121181311814118151181611817118181181911820118211182211823118241182511826118271182811829118301183111832118331183411835118361183711838118391184011841118421184311844118451184611847118481184911850118511185211853118541185511856118571185811859118601186111862118631186411865118661186711868118691187011871118721187311874118751187611877118781187911880118811188211883118841188511886118871188811889118901189111892118931189411895118961189711898118991190011901119021190311904119051190611907119081190911910119111191211913119141191511916119171191811919119201192111922119231192411925119261192711928119291193011931119321193311934119351193611937119381193911940119411194211943119441194511946119471194811949119501195111952119531195411955119561195711958119591196011961119621196311964119651196611967119681196911970119711197211973119741197511976119771197811979119801198111982119831198411985119861198711988119891199011991119921199311994119951199611997119981199912000120011200212003120041200512006120071200812009120101201112012120131201412015120161201712018120191202012021120221202312024120251202612027120281202912030120311203212033120341203512036120371203812039120401204112042120431204412045120461204712048120491205012051120521205312054120551205612057120581205912060120611206212063120641206512066120671206812069120701207112072120731207412075120761207712078120791208012081120821208312084120851208612087120881208912090120911209212093120941209512096120971209812099121001210112102121031210412105121061210712108121091211012111121121211312114121151211612117121181211912120121211212212123121241212512126121271212812129121301213112132121331213412135121361213712138121391214012141121421214312144121451214612147121481214912150121511215212153121541215512156121571215812159121601216112162121631216412165121661216712168121691217012171121721217312174121751217612177121781217912180121811218212183121841218512186121871218812189121901219112192121931219412195121961219712198121991220012201122021220312204122051220612207122081220912210122111221212213122141221512216122171221812219122201222112222122231222412225122261222712228122291223012231122321223312234122351223612237122381223912240122411224212243122441224512246122471224812249122501225112252122531225412255122561225712258122591226012261122621226312264122651226612267122681226912270122711227212273122741227512276122771227812279122801228112282122831228412285122861228712288122891229012291122921229312294122951229612297122981229912300123011230212303123041230512306123071230812309123101231112312123131231412315123161231712318123191232012321123221232312324123251232612327123281232912330123311233212333123341233512336123371233812339123401234112342123431234412345123461234712348123491235012351123521235312354123551235612357123581235912360123611236212363123641236512366123671236812369123701237112372123731237412375123761237712378123791238012381123821238312384123851238612387123881238912390123911239212393123941239512396123971239812399124001240112402124031240412405124061240712408124091241012411124121241312414124151241612417124181241912420124211242212423124241242512426124271242812429124301243112432124331243412435124361243712438124391244012441124421244312444124451244612447124481244912450124511245212453124541245512456124571245812459124601246112462124631246412465124661246712468124691247012471124721247312474124751247612477124781247912480124811248212483124841248512486124871248812489124901249112492124931249412495124961249712498124991250012501125021250312504125051250612507125081250912510125111251212513125141251512516125171251812519125201252112522125231252412525125261252712528125291253012531125321253312534125351253612537125381253912540125411254212543125441254512546125471254812549125501255112552125531255412555125561255712558125591256012561125621256312564125651256612567125681256912570125711257212573125741257512576125771257812579125801258112582125831258412585125861258712588125891259012591125921259312594125951259612597125981259912600126011260212603126041260512606126071260812609126101261112612126131261412615126161261712618126191262012621126221262312624126251262612627126281262912630126311263212633126341263512636126371263812639126401264112642126431264412645126461264712648126491265012651126521265312654126551265612657126581265912660126611266212663126641266512666126671266812669126701267112672126731267412675126761267712678126791268012681126821268312684126851268612687126881268912690126911269212693126941269512696126971269812699127001270112702127031270412705127061270712708127091271012711127121271312714127151271612717127181271912720127211272212723127241272512726127271272812729127301273112732127331273412735127361273712738127391274012741127421274312744127451274612747127481274912750127511275212753127541275512756127571275812759127601276112762127631276412765127661276712768127691277012771127721277312774127751277612777127781277912780127811278212783127841278512786127871278812789127901279112792127931279412795127961279712798127991280012801128021280312804128051280612807128081280912810128111281212813128141281512816128171281812819128201282112822128231282412825128261282712828128291283012831128321283312834128351283612837128381283912840128411284212843128441284512846128471284812849128501285112852128531285412855128561285712858128591286012861128621286312864128651286612867128681286912870128711287212873128741287512876128771287812879128801288112882128831288412885128861288712888128891289012891128921289312894128951289612897128981289912900129011290212903129041290512906129071290812909129101291112912129131291412915129161291712918129191292012921129221292312924129251292612927129281292912930129311293212933129341293512936129371293812939129401294112942129431294412945129461294712948129491295012951129521295312954129551295612957129581295912960129611296212963129641296512966129671296812969129701297112972129731297412975129761297712978129791298012981129821298312984129851298612987129881298912990129911299212993129941299512996129971299812999130001300113002130031300413005130061300713008130091301013011130121301313014130151301613017130181301913020130211302213023130241302513026130271302813029130301303113032130331303413035130361303713038130391304013041130421304313044130451304613047130481304913050130511305213053130541305513056130571305813059130601306113062130631306413065130661306713068130691307013071130721307313074130751307613077130781307913080130811308213083130841308513086130871308813089130901309113092130931309413095130961309713098130991310013101131021310313104131051310613107131081310913110131111311213113131141311513116131171311813119131201312113122131231312413125131261312713128131291313013131131321313313134131351313613137131381313913140131411314213143131441314513146131471314813149131501315113152131531315413155131561315713158131591316013161131621316313164131651316613167131681316913170131711317213173131741317513176131771317813179131801318113182131831318413185131861318713188131891319013191131921319313194131951319613197131981319913200132011320213203132041320513206132071320813209132101321113212132131321413215132161321713218132191322013221132221322313224132251322613227132281322913230132311323213233132341323513236132371323813239132401324113242132431324413245132461324713248132491325013251132521325313254132551325613257132581325913260132611326213263132641326513266132671326813269132701327113272132731327413275132761327713278132791328013281132821328313284132851328613287132881328913290132911329213293132941329513296132971329813299133001330113302133031330413305133061330713308133091331013311133121331313314133151331613317133181331913320133211332213323133241332513326133271332813329133301333113332133331333413335133361333713338133391334013341133421334313344133451334613347133481334913350133511335213353133541335513356133571335813359133601336113362133631336413365133661336713368133691337013371133721337313374133751337613377133781337913380133811338213383133841338513386133871338813389133901339113392133931339413395133961339713398133991340013401134021340313404134051340613407134081340913410134111341213413134141341513416134171341813419134201342113422134231342413425134261342713428134291343013431134321343313434134351343613437134381343913440134411344213443134441344513446134471344813449134501345113452134531345413455134561345713458134591346013461134621346313464134651346613467134681346913470134711347213473134741347513476134771347813479134801348113482134831348413485134861348713488134891349013491134921349313494134951349613497134981349913500135011350213503135041350513506135071350813509135101351113512135131351413515135161351713518135191352013521135221352313524135251352613527135281352913530135311353213533135341353513536135371353813539135401354113542135431354413545135461354713548135491355013551135521355313554135551355613557135581355913560135611356213563135641356513566135671356813569135701357113572135731357413575135761357713578135791358013581135821358313584135851358613587135881358913590135911359213593135941359513596135971359813599136001360113602136031360413605136061360713608136091361013611136121361313614136151361613617136181361913620136211362213623136241362513626136271362813629136301363113632136331363413635136361363713638136391364013641136421364313644136451364613647136481364913650136511365213653136541365513656136571365813659136601366113662136631366413665136661366713668136691367013671136721367313674136751367613677136781367913680136811368213683136841368513686136871368813689136901369113692136931369413695136961369713698136991370013701137021370313704137051370613707137081370913710137111371213713137141371513716137171371813719137201372113722137231372413725137261372713728137291373013731137321373313734137351373613737137381373913740137411374213743137441374513746137471374813749137501375113752137531375413755137561375713758137591376013761137621376313764137651376613767137681376913770137711377213773137741377513776137771377813779137801378113782137831378413785137861378713788137891379013791137921379313794137951379613797137981379913800138011380213803138041380513806138071380813809138101381113812138131381413815138161381713818138191382013821138221382313824138251382613827138281382913830138311383213833138341383513836138371383813839138401384113842138431384413845138461384713848138491385013851138521385313854138551385613857138581385913860138611386213863138641386513866138671386813869138701387113872138731387413875138761387713878138791388013881138821388313884138851388613887138881388913890138911389213893138941389513896138971389813899139001390113902139031390413905139061390713908139091391013911139121391313914139151391613917139181391913920139211392213923139241392513926139271392813929139301393113932139331393413935139361393713938139391394013941139421394313944139451394613947139481394913950139511395213953139541395513956139571395813959139601396113962139631396413965139661396713968139691397013971139721397313974139751397613977139781397913980139811398213983139841398513986139871398813989139901399113992139931399413995139961399713998139991400014001140021400314004140051400614007140081400914010140111401214013140141401514016140171401814019140201402114022140231402414025140261402714028140291403014031140321403314034140351403614037140381403914040140411404214043140441404514046140471404814049140501405114052140531405414055140561405714058140591406014061140621406314064140651406614067140681406914070140711407214073140741407514076140771407814079140801408114082140831408414085140861408714088140891409014091140921409314094140951409614097140981409914100141011410214103141041410514106141071410814109141101411114112141131411414115141161411714118141191412014121141221412314124141251412614127141281412914130141311413214133141341413514136141371413814139141401414114142141431414414145141461414714148141491415014151141521415314154141551415614157141581415914160141611416214163141641416514166141671416814169141701417114172141731417414175141761417714178141791418014181141821418314184141851418614187141881418914190141911419214193141941419514196141971419814199142001420114202142031420414205142061420714208142091421014211142121421314214142151421614217142181421914220142211422214223142241422514226142271422814229142301423114232142331423414235142361423714238142391424014241142421424314244142451424614247142481424914250142511425214253142541425514256142571425814259142601426114262142631426414265142661426714268142691427014271142721427314274142751427614277142781427914280142811428214283142841428514286142871428814289142901429114292142931429414295142961429714298142991430014301143021430314304143051430614307143081430914310143111431214313143141431514316143171431814319143201432114322143231432414325143261432714328143291433014331143321433314334143351433614337143381433914340143411434214343143441434514346143471434814349143501435114352143531435414355143561435714358143591436014361143621436314364143651436614367143681436914370143711437214373143741437514376143771437814379143801438114382143831438414385143861438714388143891439014391143921439314394143951439614397143981439914400144011440214403144041440514406144071440814409144101441114412144131441414415144161441714418144191442014421144221442314424144251442614427144281442914430144311443214433144341443514436144371443814439144401444114442144431444414445144461444714448144491445014451144521445314454144551445614457144581445914460144611446214463144641446514466144671446814469144701447114472144731447414475144761447714478144791448014481144821448314484144851448614487144881448914490144911449214493144941449514496144971449814499145001450114502145031450414505145061450714508145091451014511145121451314514145151451614517145181451914520145211452214523145241452514526145271452814529145301453114532145331453414535145361453714538145391454014541145421454314544145451454614547145481454914550145511455214553145541455514556145571455814559145601456114562145631456414565145661456714568145691457014571145721457314574145751457614577145781457914580145811458214583145841458514586145871458814589145901459114592145931459414595145961459714598145991460014601146021460314604146051460614607146081460914610146111461214613146141461514616146171461814619146201462114622146231462414625146261462714628146291463014631146321463314634146351463614637146381463914640146411464214643146441464514646146471464814649146501465114652146531465414655146561465714658146591466014661146621466314664146651466614667146681466914670146711467214673146741467514676146771467814679146801468114682146831468414685146861468714688146891469014691146921469314694146951469614697146981469914700147011470214703147041470514706147071470814709147101471114712147131471414715147161471714718147191472014721147221472314724147251472614727147281472914730147311473214733147341473514736147371473814739147401474114742147431474414745147461474714748147491475014751147521475314754147551475614757147581475914760147611476214763147641476514766147671476814769147701477114772147731477414775147761477714778147791478014781147821478314784147851478614787147881478914790147911479214793147941479514796147971479814799148001480114802148031480414805148061480714808148091481014811148121481314814148151481614817148181481914820148211482214823148241482514826148271482814829148301483114832148331483414835148361483714838148391484014841148421484314844148451484614847148481484914850148511485214853148541485514856148571485814859148601486114862148631486414865148661486714868148691487014871148721487314874148751487614877148781487914880148811488214883148841488514886148871488814889148901489114892148931489414895148961489714898148991490014901149021490314904149051490614907149081490914910149111491214913149141491514916149171491814919149201492114922149231492414925149261492714928149291493014931149321493314934149351493614937149381493914940149411494214943149441494514946149471494814949149501495114952149531495414955149561495714958149591496014961149621496314964149651496614967149681496914970149711497214973149741497514976149771497814979149801498114982149831498414985149861498714988149891499014991149921499314994149951499614997149981499915000150011500215003150041500515006150071500815009150101501115012150131501415015150161501715018150191502015021150221502315024150251502615027150281502915030150311503215033150341503515036150371503815039150401504115042150431504415045150461504715048150491505015051150521505315054150551505615057150581505915060150611506215063150641506515066150671506815069150701507115072150731507415075150761507715078150791508015081150821508315084150851508615087150881508915090150911509215093150941509515096150971509815099151001510115102151031510415105151061510715108151091511015111151121511315114151151511615117151181511915120151211512215123151241512515126151271512815129151301513115132151331513415135151361513715138151391514015141151421514315144151451514615147151481514915150151511515215153151541515515156151571515815159151601516115162151631516415165151661516715168151691517015171151721517315174151751517615177151781517915180151811518215183151841518515186151871518815189151901519115192151931519415195151961519715198151991520015201152021520315204152051520615207152081520915210152111521215213152141521515216152171521815219152201522115222152231522415225152261522715228152291523015231152321523315234152351523615237152381523915240152411524215243152441524515246152471524815249152501525115252152531525415255152561525715258152591526015261152621526315264152651526615267152681526915270152711527215273152741527515276152771527815279152801528115282152831528415285152861528715288152891529015291152921529315294152951529615297152981529915300153011530215303153041530515306153071530815309153101531115312153131531415315153161531715318153191532015321153221532315324153251532615327153281532915330153311533215333153341533515336153371533815339153401534115342153431534415345153461534715348153491535015351153521535315354153551535615357153581535915360153611536215363153641536515366153671536815369153701537115372153731537415375153761537715378153791538015381153821538315384153851538615387153881538915390153911539215393153941539515396153971539815399154001540115402154031540415405154061540715408154091541015411154121541315414154151541615417154181541915420154211542215423154241542515426154271542815429154301543115432154331543415435154361543715438154391544015441154421544315444154451544615447154481544915450154511545215453154541545515456154571545815459154601546115462154631546415465154661546715468154691547015471154721547315474154751547615477154781547915480154811548215483154841548515486154871548815489154901549115492154931549415495154961549715498154991550015501155021550315504155051550615507155081550915510155111551215513155141551515516155171551815519155201552115522155231552415525155261552715528155291553015531155321553315534155351553615537155381553915540155411554215543155441554515546155471554815549155501555115552155531555415555155561555715558155591556015561155621556315564155651556615567155681556915570155711557215573155741557515576155771557815579155801558115582155831558415585155861558715588155891559015591155921559315594155951559615597155981559915600156011560215603156041560515606156071560815609156101561115612156131561415615156161561715618156191562015621156221562315624156251562615627156281562915630156311563215633156341563515636156371563815639156401564115642156431564415645156461564715648156491565015651156521565315654156551565615657156581565915660156611566215663156641566515666156671566815669156701567115672156731567415675156761567715678156791568015681156821568315684156851568615687156881568915690156911569215693156941569515696156971569815699157001570115702157031570415705157061570715708157091571015711157121571315714157151571615717157181571915720157211572215723157241572515726157271572815729157301573115732157331573415735157361573715738157391574015741157421574315744157451574615747157481574915750157511575215753157541575515756157571575815759157601576115762157631576415765157661576715768157691577015771157721577315774157751577615777157781577915780157811578215783157841578515786157871578815789157901579115792157931579415795157961579715798157991580015801158021580315804158051580615807158081580915810158111581215813158141581515816158171581815819158201582115822158231582415825158261582715828158291583015831158321583315834158351583615837158381583915840158411584215843158441584515846158471584815849158501585115852158531585415855158561585715858158591586015861158621586315864158651586615867158681586915870158711587215873158741587515876158771587815879158801588115882158831588415885158861588715888158891589015891158921589315894158951589615897158981589915900159011590215903159041590515906159071590815909159101591115912159131591415915159161591715918159191592015921159221592315924159251592615927159281592915930159311593215933159341593515936159371593815939159401594115942159431594415945159461594715948159491595015951159521595315954159551595615957159581595915960159611596215963159641596515966159671596815969159701597115972159731597415975159761597715978159791598015981159821598315984159851598615987159881598915990159911599215993159941599515996159971599815999160001600116002160031600416005160061600716008160091601016011160121601316014160151601616017160181601916020160211602216023160241602516026160271602816029160301603116032160331603416035160361603716038160391604016041160421604316044160451604616047160481604916050160511605216053160541605516056160571605816059160601606116062160631606416065160661606716068160691607016071160721607316074160751607616077160781607916080160811608216083160841608516086160871608816089160901609116092160931609416095160961609716098160991610016101161021610316104161051610616107161081610916110161111611216113161141611516116161171611816119161201612116122161231612416125161261612716128161291613016131161321613316134161351613616137161381613916140161411614216143161441614516146161471614816149161501615116152161531615416155161561615716158161591616016161161621616316164161651616616167161681616916170161711617216173161741617516176161771617816179161801618116182161831618416185161861618716188161891619016191161921619316194161951619616197161981619916200162011620216203162041620516206162071620816209162101621116212162131621416215162161621716218162191622016221162221622316224162251622616227162281622916230162311623216233162341623516236162371623816239162401624116242162431624416245162461624716248162491625016251162521625316254162551625616257162581625916260162611626216263162641626516266162671626816269162701627116272162731627416275162761627716278162791628016281162821628316284162851628616287162881628916290162911629216293162941629516296162971629816299163001630116302163031630416305163061630716308163091631016311163121631316314163151631616317163181631916320163211632216323163241632516326163271632816329163301633116332163331633416335163361633716338163391634016341163421634316344163451634616347163481634916350163511635216353163541635516356163571635816359163601636116362163631636416365163661636716368163691637016371163721637316374163751637616377163781637916380163811638216383163841638516386163871638816389163901639116392163931639416395163961639716398163991640016401164021640316404164051640616407164081640916410164111641216413164141641516416164171641816419164201642116422164231642416425164261642716428164291643016431164321643316434164351643616437164381643916440164411644216443164441644516446164471644816449164501645116452164531645416455164561645716458164591646016461164621646316464164651646616467164681646916470164711647216473164741647516476164771647816479164801648116482164831648416485164861648716488164891649016491164921649316494164951649616497164981649916500165011650216503165041650516506165071650816509165101651116512165131651416515165161651716518165191652016521165221652316524165251652616527165281652916530165311653216533165341653516536165371653816539165401654116542165431654416545165461654716548165491655016551165521655316554165551655616557165581655916560165611656216563165641656516566165671656816569165701657116572165731657416575165761657716578165791658016581165821658316584165851658616587165881658916590165911659216593165941659516596165971659816599166001660116602166031660416605166061660716608166091661016611166121661316614166151661616617166181661916620166211662216623166241662516626166271662816629166301663116632166331663416635166361663716638166391664016641166421664316644166451664616647166481664916650166511665216653166541665516656166571665816659166601666116662166631666416665166661666716668166691667016671166721667316674166751667616677166781667916680166811668216683166841668516686166871668816689166901669116692166931669416695166961669716698166991670016701167021670316704167051670616707167081670916710167111671216713167141671516716167171671816719167201672116722167231672416725167261672716728167291673016731167321673316734167351673616737167381673916740167411674216743167441674516746167471674816749167501675116752167531675416755167561675716758167591676016761167621676316764167651676616767167681676916770167711677216773167741677516776167771677816779167801678116782167831678416785167861678716788167891679016791167921679316794167951679616797167981679916800168011680216803168041680516806168071680816809168101681116812168131681416815168161681716818168191682016821168221682316824168251682616827168281682916830168311683216833168341683516836168371683816839168401684116842168431684416845168461684716848168491685016851168521685316854168551685616857168581685916860168611686216863168641686516866168671686816869168701687116872168731687416875168761687716878168791688016881168821688316884168851688616887168881688916890168911689216893168941689516896168971689816899169001690116902169031690416905169061690716908169091691016911169121691316914169151691616917169181691916920169211692216923169241692516926169271692816929169301693116932169331693416935169361693716938169391694016941169421694316944169451694616947169481694916950169511695216953169541695516956169571695816959169601696116962169631696416965169661696716968169691697016971169721697316974169751697616977169781697916980169811698216983169841698516986169871698816989169901699116992169931699416995169961699716998169991700017001170021700317004170051700617007170081700917010170111701217013170141701517016170171701817019170201702117022170231702417025170261702717028170291703017031170321703317034170351703617037170381703917040170411704217043170441704517046170471704817049170501705117052170531705417055170561705717058170591706017061170621706317064170651706617067170681706917070170711707217073170741707517076170771707817079170801708117082170831708417085170861708717088170891709017091170921709317094170951709617097170981709917100171011710217103171041710517106171071710817109171101711117112171131711417115171161711717118171191712017121171221712317124171251712617127171281712917130171311713217133171341713517136171371713817139171401714117142171431714417145171461714717148171491715017151171521715317154171551715617157171581715917160171611716217163171641716517166171671716817169171701717117172171731717417175171761717717178171791718017181171821718317184171851718617187171881718917190171911719217193171941719517196171971719817199172001720117202172031720417205172061720717208172091721017211172121721317214172151721617217172181721917220172211722217223172241722517226172271722817229172301723117232172331723417235172361723717238172391724017241172421724317244172451724617247172481724917250172511725217253172541725517256172571725817259172601726117262172631726417265172661726717268172691727017271172721727317274172751727617277172781727917280172811728217283172841728517286172871728817289172901729117292172931729417295172961729717298172991730017301173021730317304173051730617307173081730917310173111731217313173141731517316173171731817319173201732117322173231732417325173261732717328173291733017331173321733317334173351733617337173381733917340173411734217343173441734517346173471734817349173501735117352173531735417355173561735717358173591736017361173621736317364173651736617367173681736917370173711737217373173741737517376173771737817379173801738117382173831738417385173861738717388173891739017391173921739317394173951739617397173981739917400174011740217403174041740517406174071740817409174101741117412174131741417415174161741717418174191742017421174221742317424174251742617427174281742917430174311743217433174341743517436174371743817439174401744117442174431744417445174461744717448174491745017451174521745317454174551745617457174581745917460174611746217463174641746517466174671746817469174701747117472174731747417475174761747717478174791748017481174821748317484174851748617487174881748917490174911749217493174941749517496174971749817499175001750117502175031750417505175061750717508175091751017511175121751317514175151751617517175181751917520175211752217523175241752517526175271752817529175301753117532175331753417535175361753717538175391754017541175421754317544175451754617547175481754917550175511755217553175541755517556175571755817559175601756117562175631756417565175661756717568175691757017571175721757317574175751757617577175781757917580175811758217583175841758517586175871758817589175901759117592175931759417595175961759717598175991760017601176021760317604176051760617607176081760917610176111761217613176141761517616176171761817619176201762117622176231762417625176261762717628176291763017631176321763317634176351763617637176381763917640176411764217643176441764517646176471764817649176501765117652176531765417655176561765717658176591766017661176621766317664176651766617667176681766917670176711767217673176741767517676176771767817679176801768117682176831768417685176861768717688176891769017691176921769317694176951769617697176981769917700177011770217703177041770517706177071770817709177101771117712177131771417715177161771717718177191772017721177221772317724177251772617727177281772917730177311773217733177341773517736177371773817739177401774117742177431774417745177461774717748177491775017751177521775317754177551775617757177581775917760177611776217763177641776517766177671776817769177701777117772177731777417775177761777717778177791778017781177821778317784177851778617787177881778917790177911779217793177941779517796177971779817799178001780117802178031780417805178061780717808178091781017811178121781317814178151781617817178181781917820178211782217823178241782517826178271782817829178301783117832178331783417835178361783717838178391784017841178421784317844178451784617847178481784917850178511785217853178541785517856178571785817859178601786117862178631786417865178661786717868178691787017871178721787317874178751787617877178781787917880178811788217883178841788517886178871788817889178901789117892178931789417895178961789717898178991790017901179021790317904179051790617907179081790917910179111791217913179141791517916179171791817919179201792117922179231792417925179261792717928179291793017931179321793317934179351793617937179381793917940179411794217943179441794517946179471794817949179501795117952179531795417955179561795717958179591796017961179621796317964179651796617967179681796917970179711797217973179741797517976179771797817979179801798117982179831798417985179861798717988179891799017991179921799317994179951799617997179981799918000180011800218003180041800518006180071800818009180101801118012180131801418015180161801718018180191802018021180221802318024180251802618027180281802918030180311803218033180341803518036180371803818039180401804118042180431804418045180461804718048180491805018051180521805318054180551805618057180581805918060180611806218063180641806518066180671806818069180701807118072180731807418075180761807718078180791808018081180821808318084180851808618087180881808918090180911809218093180941809518096180971809818099181001810118102181031810418105181061810718108181091811018111181121811318114181151811618117181181811918120181211812218123181241812518126181271812818129181301813118132181331813418135181361813718138181391814018141181421814318144181451814618147181481814918150181511815218153181541815518156181571815818159181601816118162181631816418165181661816718168181691817018171181721817318174181751817618177181781817918180181811818218183181841818518186181871818818189181901819118192181931819418195181961819718198181991820018201182021820318204182051820618207182081820918210182111821218213182141821518216182171821818219182201822118222182231822418225182261822718228182291823018231182321823318234182351823618237182381823918240182411824218243182441824518246182471824818249182501825118252182531825418255182561825718258182591826018261182621826318264182651826618267182681826918270182711827218273182741827518276182771827818279182801828118282182831828418285182861828718288182891829018291182921829318294182951829618297182981829918300183011830218303183041830518306183071830818309183101831118312183131831418315183161831718318183191832018321183221832318324183251832618327183281832918330183311833218333183341833518336183371833818339183401834118342183431834418345183461834718348183491835018351183521835318354183551835618357183581835918360183611836218363183641836518366183671836818369183701837118372183731837418375183761837718378183791838018381183821838318384183851838618387183881838918390183911839218393183941839518396183971839818399184001840118402184031840418405184061840718408184091841018411184121841318414184151841618417184181841918420184211842218423184241842518426184271842818429184301843118432184331843418435184361843718438184391844018441184421844318444184451844618447184481844918450184511845218453184541845518456184571845818459184601846118462184631846418465184661846718468184691847018471184721847318474184751847618477184781847918480184811848218483184841848518486184871848818489184901849118492184931849418495184961849718498184991850018501185021850318504185051850618507185081850918510185111851218513185141851518516185171851818519185201852118522185231852418525185261852718528185291853018531185321853318534185351853618537185381853918540185411854218543185441854518546185471854818549185501855118552185531855418555185561855718558185591856018561185621856318564185651856618567185681856918570185711857218573185741857518576185771857818579185801858118582185831858418585185861858718588185891859018591185921859318594185951859618597185981859918600186011860218603186041860518606186071860818609186101861118612186131861418615186161861718618186191862018621186221862318624186251862618627186281862918630186311863218633186341863518636186371863818639186401864118642186431864418645186461864718648186491865018651186521865318654186551865618657186581865918660186611866218663186641866518666186671866818669186701867118672186731867418675186761867718678186791868018681186821868318684186851868618687186881868918690186911869218693186941869518696186971869818699187001870118702187031870418705187061870718708187091871018711187121871318714187151871618717187181871918720187211872218723187241872518726187271872818729187301873118732187331873418735187361873718738187391874018741187421874318744187451874618747187481874918750187511875218753187541875518756187571875818759187601876118762187631876418765187661876718768187691877018771187721877318774187751877618777187781877918780187811878218783187841878518786187871878818789187901879118792187931879418795187961879718798187991880018801188021880318804188051880618807188081880918810188111881218813188141881518816188171881818819188201882118822188231882418825188261882718828188291883018831188321883318834188351883618837188381883918840188411884218843188441884518846188471884818849188501885118852188531885418855188561885718858188591886018861188621886318864188651886618867188681886918870188711887218873188741887518876188771887818879188801888118882188831888418885188861888718888188891889018891188921889318894188951889618897188981889918900189011890218903189041890518906189071890818909189101891118912189131891418915189161891718918189191892018921189221892318924189251892618927189281892918930189311893218933189341893518936189371893818939189401894118942189431894418945189461894718948189491895018951189521895318954189551895618957189581895918960189611896218963189641896518966189671896818969189701897118972189731897418975189761897718978189791898018981189821898318984189851898618987189881898918990189911899218993189941899518996189971899818999190001900119002190031900419005190061900719008190091901019011190121901319014190151901619017190181901919020190211902219023190241902519026190271902819029190301903119032190331903419035190361903719038190391904019041190421904319044190451904619047190481904919050190511905219053190541905519056190571905819059190601906119062190631906419065190661906719068190691907019071190721907319074190751907619077190781907919080190811908219083190841908519086190871908819089190901909119092190931909419095190961909719098190991910019101191021910319104191051910619107191081910919110191111911219113191141911519116191171911819119191201912119122191231912419125191261912719128191291913019131191321913319134191351913619137191381913919140191411914219143191441914519146191471914819149191501915119152191531915419155191561915719158191591916019161191621916319164191651916619167191681916919170191711917219173191741917519176191771917819179191801918119182191831918419185191861918719188191891919019191191921919319194191951919619197191981919919200192011920219203192041920519206192071920819209192101921119212192131921419215192161921719218192191922019221192221922319224192251922619227192281922919230192311923219233192341923519236192371923819239192401924119242192431924419245192461924719248192491925019251192521925319254192551925619257192581925919260192611926219263192641926519266192671926819269192701927119272192731927419275192761927719278192791928019281192821928319284192851928619287192881928919290192911929219293192941929519296192971929819299193001930119302193031930419305193061930719308193091931019311193121931319314193151931619317193181931919320193211932219323193241932519326193271932819329193301933119332193331933419335193361933719338193391934019341193421934319344193451934619347193481934919350193511935219353193541935519356193571935819359193601936119362193631936419365193661936719368193691937019371193721937319374193751937619377193781937919380193811938219383193841938519386193871938819389193901939119392193931939419395193961939719398193991940019401194021940319404194051940619407194081940919410194111941219413194141941519416194171941819419194201942119422194231942419425194261942719428194291943019431194321943319434194351943619437194381943919440194411944219443194441944519446194471944819449194501945119452194531945419455194561945719458194591946019461194621946319464194651946619467194681946919470194711947219473194741947519476194771947819479194801948119482194831948419485194861948719488194891949019491194921949319494194951949619497194981949919500195011950219503195041950519506195071950819509195101951119512195131951419515195161951719518195191952019521195221952319524195251952619527195281952919530195311953219533195341953519536195371953819539195401954119542195431954419545195461954719548195491955019551195521955319554195551955619557195581955919560195611956219563195641956519566195671956819569195701957119572195731957419575195761957719578195791958019581195821958319584195851958619587195881958919590195911959219593195941959519596195971959819599196001960119602196031960419605196061960719608196091961019611196121961319614196151961619617196181961919620196211962219623196241962519626196271962819629196301963119632196331963419635196361963719638196391964019641196421964319644196451964619647196481964919650196511965219653196541965519656196571965819659196601966119662196631966419665196661966719668196691967019671196721967319674196751967619677196781967919680196811968219683196841968519686196871968819689196901969119692196931969419695196961969719698196991970019701197021970319704197051970619707197081970919710197111971219713197141971519716197171971819719197201972119722197231972419725197261972719728197291973019731197321973319734197351973619737197381973919740197411974219743197441974519746197471974819749197501975119752197531975419755197561975719758197591976019761197621976319764197651976619767197681976919770197711977219773197741977519776197771977819779197801978119782197831978419785197861978719788197891979019791197921979319794197951979619797197981979919800198011980219803198041980519806198071980819809198101981119812198131981419815198161981719818198191982019821198221982319824198251982619827198281982919830198311983219833198341983519836198371983819839198401984119842198431984419845198461984719848198491985019851198521985319854198551985619857198581985919860198611986219863198641986519866198671986819869198701987119872198731987419875198761987719878198791988019881198821988319884198851988619887198881988919890198911989219893198941989519896198971989819899199001990119902199031990419905199061990719908199091991019911199121991319914199151991619917199181991919920199211992219923199241992519926199271992819929199301993119932199331993419935199361993719938199391994019941199421994319944199451994619947199481994919950199511995219953199541995519956199571995819959199601996119962199631996419965199661996719968199691997019971199721997319974199751997619977199781997919980199811998219983199841998519986199871998819989199901999119992199931999419995199961999719998199992000020001200022000320004200052000620007200082000920010200112001220013200142001520016200172001820019200202002120022200232002420025200262002720028200292003020031200322003320034200352003620037200382003920040200412004220043200442004520046200472004820049200502005120052200532005420055200562005720058200592006020061200622006320064200652006620067200682006920070200712007220073200742007520076200772007820079200802008120082200832008420085200862008720088200892009020091200922009320094200952009620097200982009920100201012010220103201042010520106201072010820109201102011120112201132011420115201162011720118201192012020121201222012320124201252012620127201282012920130201312013220133201342013520136201372013820139201402014120142201432014420145201462014720148201492015020151201522015320154201552015620157201582015920160201612016220163201642016520166201672016820169201702017120172201732017420175201762017720178201792018020181201822018320184201852018620187201882018920190201912019220193201942019520196201972019820199202002020120202202032020420205202062020720208202092021020211202122021320214202152021620217202182021920220202212022220223202242022520226202272022820229202302023120232202332023420235202362023720238202392024020241202422024320244202452024620247202482024920250202512025220253202542025520256202572025820259202602026120262202632026420265202662026720268202692027020271202722027320274202752027620277202782027920280202812028220283202842028520286202872028820289202902029120292202932029420295202962029720298202992030020301203022030320304203052030620307203082030920310203112031220313203142031520316203172031820319203202032120322203232032420325203262032720328203292033020331203322033320334203352033620337203382033920340203412034220343203442034520346203472034820349203502035120352203532035420355203562035720358203592036020361203622036320364203652036620367203682036920370203712037220373203742037520376203772037820379203802038120382203832038420385203862038720388203892039020391203922039320394203952039620397203982039920400204012040220403204042040520406204072040820409204102041120412204132041420415204162041720418204192042020421204222042320424204252042620427204282042920430204312043220433204342043520436204372043820439204402044120442204432044420445204462044720448204492045020451204522045320454204552045620457204582045920460204612046220463204642046520466204672046820469204702047120472204732047420475204762047720478204792048020481204822048320484204852048620487204882048920490204912049220493204942049520496204972049820499205002050120502205032050420505205062050720508205092051020511205122051320514205152051620517205182051920520205212052220523205242052520526205272052820529205302053120532205332053420535205362053720538205392054020541205422054320544205452054620547205482054920550205512055220553205542055520556205572055820559205602056120562205632056420565205662056720568205692057020571205722057320574205752057620577205782057920580205812058220583205842058520586205872058820589205902059120592205932059420595205962059720598205992060020601206022060320604206052060620607206082060920610206112061220613206142061520616206172061820619206202062120622206232062420625206262062720628206292063020631206322063320634206352063620637206382063920640206412064220643206442064520646206472064820649206502065120652206532065420655206562065720658206592066020661206622066320664206652066620667206682066920670206712067220673206742067520676206772067820679206802068120682206832068420685206862068720688206892069020691206922069320694206952069620697206982069920700207012070220703207042070520706207072070820709207102071120712207132071420715207162071720718207192072020721207222072320724207252072620727207282072920730207312073220733207342073520736207372073820739207402074120742207432074420745207462074720748207492075020751207522075320754207552075620757207582075920760207612076220763207642076520766207672076820769207702077120772207732077420775207762077720778207792078020781207822078320784207852078620787207882078920790207912079220793207942079520796207972079820799208002080120802208032080420805208062080720808208092081020811208122081320814208152081620817208182081920820208212082220823208242082520826208272082820829208302083120832208332083420835208362083720838208392084020841208422084320844208452084620847208482084920850208512085220853208542085520856208572085820859208602086120862208632086420865208662086720868208692087020871208722087320874208752087620877208782087920880208812088220883208842088520886208872088820889208902089120892208932089420895208962089720898208992090020901209022090320904209052090620907209082090920910209112091220913209142091520916209172091820919209202092120922209232092420925209262092720928209292093020931209322093320934209352093620937209382093920940209412094220943209442094520946209472094820949209502095120952209532095420955209562095720958209592096020961209622096320964209652096620967209682096920970209712097220973209742097520976209772097820979209802098120982209832098420985209862098720988209892099020991209922099320994209952099620997209982099921000210012100221003210042100521006210072100821009210102101121012210132101421015210162101721018210192102021021210222102321024210252102621027210282102921030210312103221033210342103521036210372103821039210402104121042210432104421045210462104721048210492105021051210522105321054210552105621057210582105921060210612106221063210642106521066210672106821069210702107121072210732107421075210762107721078210792108021081210822108321084210852108621087210882108921090210912109221093210942109521096210972109821099211002110121102211032110421105211062110721108211092111021111211122111321114211152111621117211182111921120211212112221123211242112521126211272112821129211302113121132211332113421135211362113721138211392114021141211422114321144211452114621147211482114921150211512115221153211542115521156211572115821159211602116121162211632116421165211662116721168211692117021171211722117321174211752117621177211782117921180211812118221183211842118521186211872118821189211902119121192211932119421195211962119721198211992120021201212022120321204212052120621207212082120921210212112121221213212142121521216212172121821219212202122121222212232122421225212262122721228212292123021231212322123321234212352123621237212382123921240212412124221243212442124521246212472124821249212502125121252212532125421255212562125721258212592126021261212622126321264212652126621267212682126921270212712127221273212742127521276212772127821279212802128121282212832128421285212862128721288212892129021291212922129321294212952129621297212982129921300213012130221303213042130521306213072130821309213102131121312213132131421315213162131721318213192132021321213222132321324213252132621327213282132921330213312133221333213342133521336213372133821339213402134121342213432134421345213462134721348213492135021351213522135321354213552135621357213582135921360213612136221363213642136521366213672136821369213702137121372213732137421375213762137721378213792138021381213822138321384213852138621387213882138921390213912139221393213942139521396213972139821399214002140121402214032140421405214062140721408214092141021411214122141321414214152141621417214182141921420214212142221423214242142521426214272142821429214302143121432214332143421435214362143721438214392144021441214422144321444214452144621447214482144921450214512145221453214542145521456214572145821459214602146121462214632146421465214662146721468214692147021471214722147321474214752147621477214782147921480214812148221483214842148521486214872148821489214902149121492214932149421495214962149721498214992150021501215022150321504215052150621507215082150921510215112151221513215142151521516215172151821519215202152121522215232152421525215262152721528215292153021531215322153321534215352153621537215382153921540215412154221543215442154521546215472154821549215502155121552215532155421555215562155721558215592156021561215622156321564215652156621567215682156921570215712157221573215742157521576215772157821579215802158121582215832158421585215862158721588215892159021591215922159321594215952159621597215982159921600216012160221603216042160521606216072160821609216102161121612216132161421615216162161721618216192162021621216222162321624216252162621627216282162921630216312163221633216342163521636216372163821639216402164121642216432164421645216462164721648216492165021651216522165321654216552165621657216582165921660216612166221663216642166521666216672166821669216702167121672216732167421675216762167721678216792168021681216822168321684216852168621687216882168921690216912169221693216942169521696216972169821699217002170121702217032170421705217062170721708217092171021711217122171321714217152171621717217182171921720217212172221723217242172521726217272172821729217302173121732217332173421735217362173721738217392174021741217422174321744217452174621747217482174921750217512175221753217542175521756217572175821759217602176121762217632176421765217662176721768217692177021771217722177321774217752177621777217782177921780217812178221783217842178521786217872178821789217902179121792217932179421795217962179721798217992180021801218022180321804218052180621807218082180921810218112181221813218142181521816218172181821819218202182121822218232182421825218262182721828218292183021831218322183321834218352183621837218382183921840218412184221843218442184521846218472184821849218502185121852218532185421855218562185721858218592186021861218622186321864218652186621867218682186921870218712187221873218742187521876218772187821879218802188121882218832188421885218862188721888218892189021891218922189321894218952189621897218982189921900219012190221903219042190521906219072190821909219102191121912219132191421915219162191721918219192192021921219222192321924219252192621927219282192921930219312193221933219342193521936219372193821939219402194121942219432194421945219462194721948219492195021951219522195321954219552195621957219582195921960219612196221963219642196521966219672196821969219702197121972219732197421975219762197721978219792198021981219822198321984219852198621987219882198921990219912199221993219942199521996219972199821999220002200122002220032200422005220062200722008220092201022011220122201322014220152201622017220182201922020220212202222023220242202522026220272202822029220302203122032220332203422035220362203722038220392204022041220422204322044220452204622047220482204922050220512205222053220542205522056220572205822059220602206122062220632206422065220662206722068220692207022071220722207322074220752207622077220782207922080220812208222083220842208522086220872208822089220902209122092220932209422095220962209722098220992210022101221022210322104221052210622107221082210922110221112211222113221142211522116221172211822119221202212122122221232212422125221262212722128221292213022131221322213322134221352213622137221382213922140221412214222143221442214522146221472214822149221502215122152221532215422155221562215722158221592216022161221622216322164221652216622167221682216922170221712217222173221742217522176221772217822179221802218122182221832218422185221862218722188221892219022191221922219322194221952219622197221982219922200222012220222203222042220522206222072220822209222102221122212222132221422215222162221722218222192222022221222222222322224222252222622227222282222922230222312223222233222342223522236222372223822239222402224122242222432224422245222462224722248222492225022251222522225322254222552225622257222582225922260222612226222263222642226522266222672226822269222702227122272222732227422275222762227722278222792228022281222822228322284222852228622287222882228922290222912229222293222942229522296222972229822299223002230122302223032230422305223062230722308223092231022311223122231322314223152231622317223182231922320223212232222323223242232522326223272232822329223302233122332223332233422335223362233722338223392234022341223422234322344223452234622347223482234922350223512235222353223542235522356223572235822359223602236122362223632236422365223662236722368223692237022371223722237322374223752237622377223782237922380223812238222383223842238522386223872238822389223902239122392223932239422395223962239722398223992240022401224022240322404224052240622407224082240922410224112241222413224142241522416224172241822419224202242122422224232242422425224262242722428224292243022431224322243322434224352243622437224382243922440224412244222443224442244522446224472244822449224502245122452224532245422455224562245722458224592246022461224622246322464224652246622467224682246922470224712247222473224742247522476224772247822479224802248122482224832248422485224862248722488224892249022491224922249322494224952249622497224982249922500225012250222503225042250522506225072250822509225102251122512225132251422515225162251722518225192252022521225222252322524225252252622527225282252922530225312253222533225342253522536225372253822539225402254122542225432254422545225462254722548225492255022551225522255322554225552255622557225582255922560225612256222563225642256522566225672256822569225702257122572225732257422575225762257722578225792258022581225822258322584225852258622587225882258922590225912259222593225942259522596225972259822599226002260122602226032260422605226062260722608226092261022611226122261322614226152261622617226182261922620226212262222623226242262522626226272262822629226302263122632226332263422635226362263722638226392264022641226422264322644226452264622647226482264922650226512265222653226542265522656226572265822659226602266122662226632266422665226662266722668226692267022671226722267322674226752267622677226782267922680226812268222683226842268522686226872268822689226902269122692226932269422695226962269722698226992270022701227022270322704227052270622707227082270922710227112271222713227142271522716227172271822719227202272122722227232272422725227262272722728227292273022731227322273322734227352273622737227382273922740227412274222743227442274522746227472274822749227502275122752227532275422755227562275722758227592276022761227622276322764227652276622767227682276922770227712277222773227742277522776227772277822779227802278122782227832278422785227862278722788227892279022791227922279322794227952279622797227982279922800228012280222803228042280522806228072280822809228102281122812228132281422815228162281722818228192282022821228222282322824228252282622827228282282922830228312283222833228342283522836228372283822839228402284122842228432284422845228462284722848228492285022851228522285322854228552285622857228582285922860228612286222863228642286522866228672286822869228702287122872228732287422875228762287722878228792288022881228822288322884228852288622887228882288922890228912289222893228942289522896228972289822899229002290122902229032290422905229062290722908229092291022911229122291322914229152291622917229182291922920229212292222923229242292522926229272292822929229302293122932229332293422935229362293722938229392294022941229422294322944229452294622947229482294922950229512295222953229542295522956229572295822959229602296122962229632296422965229662296722968229692297022971229722297322974229752297622977229782297922980229812298222983229842298522986229872298822989229902299122992229932299422995229962299722998229992300023001230022300323004230052300623007230082300923010230112301223013230142301523016230172301823019230202302123022230232302423025230262302723028230292303023031230322303323034230352303623037230382303923040230412304223043230442304523046230472304823049230502305123052230532305423055230562305723058230592306023061230622306323064230652306623067230682306923070230712307223073230742307523076230772307823079230802308123082230832308423085230862308723088230892309023091230922309323094230952309623097230982309923100231012310223103231042310523106231072310823109231102311123112231132311423115231162311723118231192312023121231222312323124231252312623127231282312923130231312313223133231342313523136231372313823139231402314123142231432314423145231462314723148231492315023151231522315323154231552315623157231582315923160231612316223163231642316523166231672316823169231702317123172231732317423175231762317723178231792318023181231822318323184231852318623187231882318923190231912319223193231942319523196231972319823199232002320123202232032320423205232062320723208232092321023211232122321323214232152321623217232182321923220232212322223223232242322523226232272322823229232302323123232232332323423235232362323723238232392324023241232422324323244232452324623247232482324923250232512325223253232542325523256232572325823259232602326123262232632326423265232662326723268232692327023271232722327323274232752327623277232782327923280232812328223283232842328523286232872328823289232902329123292232932329423295232962329723298232992330023301233022330323304233052330623307233082330923310233112331223313233142331523316233172331823319233202332123322233232332423325233262332723328233292333023331233322333323334233352333623337233382333923340233412334223343233442334523346233472334823349233502335123352233532335423355233562335723358233592336023361233622336323364233652336623367233682336923370233712337223373233742337523376233772337823379233802338123382233832338423385233862338723388233892339023391233922339323394233952339623397233982339923400234012340223403234042340523406234072340823409234102341123412234132341423415234162341723418234192342023421234222342323424234252342623427234282342923430234312343223433234342343523436234372343823439234402344123442234432344423445234462344723448234492345023451234522345323454234552345623457234582345923460234612346223463234642346523466234672346823469234702347123472234732347423475234762347723478234792348023481234822348323484234852348623487234882348923490234912349223493234942349523496234972349823499235002350123502235032350423505235062350723508235092351023511235122351323514235152351623517235182351923520235212352223523235242352523526235272352823529235302353123532235332353423535235362353723538235392354023541235422354323544235452354623547235482354923550235512355223553235542355523556235572355823559235602356123562235632356423565235662356723568235692357023571235722357323574235752357623577235782357923580235812358223583235842358523586235872358823589235902359123592235932359423595235962359723598235992360023601236022360323604236052360623607236082360923610236112361223613236142361523616236172361823619236202362123622236232362423625236262362723628236292363023631236322363323634236352363623637236382363923640236412364223643236442364523646236472364823649236502365123652236532365423655236562365723658236592366023661236622366323664236652366623667236682366923670236712367223673236742367523676236772367823679236802368123682236832368423685236862368723688236892369023691236922369323694236952369623697236982369923700237012370223703237042370523706237072370823709237102371123712237132371423715237162371723718237192372023721237222372323724237252372623727237282372923730237312373223733237342373523736237372373823739237402374123742237432374423745237462374723748237492375023751237522375323754237552375623757237582375923760237612376223763237642376523766237672376823769237702377123772237732377423775237762377723778237792378023781237822378323784237852378623787237882378923790237912379223793237942379523796237972379823799238002380123802238032380423805238062380723808238092381023811238122381323814238152381623817238182381923820238212382223823238242382523826238272382823829238302383123832238332383423835238362383723838238392384023841238422384323844238452384623847238482384923850238512385223853238542385523856238572385823859238602386123862238632386423865238662386723868238692387023871238722387323874238752387623877238782387923880238812388223883238842388523886238872388823889238902389123892238932389423895238962389723898238992390023901239022390323904239052390623907239082390923910239112391223913239142391523916239172391823919239202392123922239232392423925239262392723928239292393023931239322393323934239352393623937239382393923940239412394223943239442394523946239472394823949239502395123952239532395423955239562395723958239592396023961239622396323964239652396623967239682396923970239712397223973239742397523976239772397823979239802398123982239832398423985239862398723988239892399023991239922399323994239952399623997239982399924000240012400224003240042400524006240072400824009240102401124012240132401424015240162401724018240192402024021240222402324024240252402624027240282402924030240312403224033240342403524036240372403824039240402404124042240432404424045240462404724048240492405024051240522405324054240552405624057240582405924060240612406224063240642406524066240672406824069240702407124072240732407424075240762407724078240792408024081240822408324084240852408624087240882408924090240912409224093240942409524096240972409824099241002410124102241032410424105241062410724108241092411024111241122411324114241152411624117241182411924120241212412224123241242412524126241272412824129241302413124132241332413424135241362413724138241392414024141241422414324144241452414624147241482414924150241512415224153241542415524156241572415824159241602416124162241632416424165241662416724168241692417024171241722417324174241752417624177241782417924180241812418224183241842418524186241872418824189241902419124192241932419424195241962419724198241992420024201242022420324204242052420624207242082420924210242112421224213242142421524216242172421824219242202422124222242232422424225242262422724228242292423024231242322423324234242352423624237242382423924240242412424224243242442424524246242472424824249242502425124252242532425424255242562425724258242592426024261242622426324264242652426624267242682426924270242712427224273242742427524276242772427824279242802428124282242832428424285242862428724288242892429024291242922429324294242952429624297242982429924300243012430224303243042430524306243072430824309243102431124312243132431424315243162431724318243192432024321243222432324324243252432624327243282432924330243312433224333243342433524336243372433824339243402434124342243432434424345243462434724348243492435024351243522435324354243552435624357243582435924360243612436224363243642436524366243672436824369243702437124372243732437424375243762437724378243792438024381243822438324384243852438624387243882438924390243912439224393243942439524396243972439824399244002440124402244032440424405244062440724408244092441024411244122441324414244152441624417244182441924420244212442224423244242442524426244272442824429244302443124432244332443424435244362443724438244392444024441244422444324444244452444624447244482444924450244512445224453244542445524456244572445824459244602446124462244632446424465244662446724468244692447024471244722447324474244752447624477244782447924480244812448224483244842448524486244872448824489244902449124492244932449424495244962449724498244992450024501245022450324504245052450624507245082450924510245112451224513245142451524516245172451824519245202452124522245232452424525245262452724528245292453024531245322453324534245352453624537245382453924540245412454224543245442454524546245472454824549245502455124552245532455424555245562455724558245592456024561245622456324564245652456624567245682456924570245712457224573245742457524576245772457824579245802458124582245832458424585245862458724588245892459024591245922459324594245952459624597245982459924600246012460224603246042460524606246072460824609246102461124612246132461424615246162461724618246192462024621246222462324624246252462624627246282462924630246312463224633246342463524636246372463824639246402464124642246432464424645246462464724648246492465024651246522465324654246552465624657246582465924660246612466224663246642466524666246672466824669246702467124672246732467424675246762467724678246792468024681246822468324684246852468624687246882468924690246912469224693246942469524696246972469824699247002470124702247032470424705247062470724708247092471024711247122471324714247152471624717247182471924720247212472224723247242472524726247272472824729247302473124732247332473424735247362473724738247392474024741247422474324744247452474624747247482474924750247512475224753247542475524756247572475824759247602476124762247632476424765247662476724768247692477024771247722477324774247752477624777247782477924780247812478224783247842478524786247872478824789247902479124792247932479424795247962479724798247992480024801248022480324804248052480624807248082480924810248112481224813248142481524816248172481824819248202482124822248232482424825248262482724828248292483024831248322483324834248352483624837248382483924840248412484224843248442484524846248472484824849248502485124852248532485424855248562485724858248592486024861248622486324864248652486624867248682486924870248712487224873248742487524876248772487824879248802488124882248832488424885248862488724888248892489024891248922489324894248952489624897248982489924900249012490224903249042490524906249072490824909249102491124912249132491424915249162491724918249192492024921249222492324924249252492624927249282492924930249312493224933249342493524936249372493824939249402494124942249432494424945249462494724948249492495024951249522495324954249552495624957249582495924960249612496224963249642496524966249672496824969249702497124972249732497424975249762497724978249792498024981249822498324984249852498624987249882498924990249912499224993249942499524996249972499824999250002500125002250032500425005250062500725008250092501025011250122501325014250152501625017250182501925020250212502225023250242502525026250272502825029250302503125032250332503425035250362503725038250392504025041250422504325044250452504625047250482504925050250512505225053250542505525056250572505825059250602506125062250632506425065250662506725068250692507025071250722507325074250752507625077250782507925080250812508225083250842508525086250872508825089250902509125092250932509425095250962509725098250992510025101251022510325104251052510625107251082510925110251112511225113251142511525116251172511825119251202512125122251232512425125251262512725128251292513025131251322513325134251352513625137251382513925140251412514225143251442514525146251472514825149251502515125152251532515425155251562515725158251592516025161251622516325164251652516625167251682516925170251712517225173251742517525176251772517825179251802518125182251832518425185251862518725188251892519025191251922519325194251952519625197251982519925200252012520225203252042520525206252072520825209252102521125212252132521425215252162521725218252192522025221252222522325224252252522625227252282522925230252312523225233252342523525236252372523825239252402524125242252432524425245252462524725248252492525025251252522525325254252552525625257252582525925260252612526225263252642526525266252672526825269252702527125272252732527425275252762527725278252792528025281252822528325284252852528625287252882528925290252912529225293252942529525296252972529825299253002530125302253032530425305253062530725308253092531025311253122531325314253152531625317253182531925320253212532225323253242532525326253272532825329253302533125332253332533425335253362533725338253392534025341253422534325344253452534625347253482534925350253512535225353253542535525356253572535825359253602536125362253632536425365253662536725368253692537025371253722537325374253752537625377253782537925380253812538225383253842538525386253872538825389253902539125392253932539425395253962539725398253992540025401254022540325404254052540625407254082540925410254112541225413254142541525416254172541825419254202542125422254232542425425254262542725428254292543025431254322543325434254352543625437254382543925440254412544225443254442544525446254472544825449254502545125452254532545425455254562545725458254592546025461254622546325464254652546625467254682546925470254712547225473254742547525476254772547825479254802548125482254832548425485254862548725488254892549025491254922549325494254952549625497254982549925500255012550225503255042550525506255072550825509255102551125512255132551425515255162551725518255192552025521255222552325524255252552625527255282552925530255312553225533255342553525536255372553825539255402554125542255432554425545255462554725548255492555025551255522555325554255552555625557255582555925560255612556225563255642556525566255672556825569255702557125572255732557425575255762557725578255792558025581255822558325584255852558625587255882558925590255912559225593255942559525596255972559825599256002560125602256032560425605256062560725608256092561025611256122561325614256152561625617256182561925620256212562225623256242562525626256272562825629256302563125632256332563425635256362563725638256392564025641256422564325644256452564625647256482564925650256512565225653256542565525656256572565825659256602566125662256632566425665256662566725668256692567025671256722567325674256752567625677256782567925680256812568225683256842568525686256872568825689256902569125692256932569425695256962569725698256992570025701257022570325704257052570625707257082570925710257112571225713257142571525716257172571825719257202572125722257232572425725257262572725728257292573025731257322573325734257352573625737257382573925740257412574225743257442574525746257472574825749257502575125752257532575425755257562575725758257592576025761257622576325764257652576625767257682576925770257712577225773257742577525776257772577825779257802578125782257832578425785257862578725788257892579025791257922579325794257952579625797257982579925800258012580225803258042580525806258072580825809258102581125812258132581425815258162581725818258192582025821258222582325824258252582625827258282582925830258312583225833258342583525836258372583825839258402584125842258432584425845258462584725848258492585025851258522585325854258552585625857258582585925860258612586225863258642586525866258672586825869258702587125872258732587425875258762587725878258792588025881258822588325884258852588625887258882588925890258912589225893258942589525896258972589825899259002590125902259032590425905259062590725908259092591025911259122591325914259152591625917259182591925920259212592225923259242592525926259272592825929259302593125932259332593425935259362593725938259392594025941259422594325944259452594625947259482594925950259512595225953259542595525956259572595825959259602596125962259632596425965259662596725968259692597025971259722597325974259752597625977259782597925980259812598225983259842598525986259872598825989259902599125992259932599425995259962599725998259992600026001260022600326004260052600626007260082600926010260112601226013260142601526016260172601826019260202602126022260232602426025260262602726028260292603026031260322603326034260352603626037260382603926040260412604226043260442604526046260472604826049260502605126052260532605426055260562605726058260592606026061260622606326064260652606626067260682606926070260712607226073260742607526076260772607826079260802608126082260832608426085260862608726088260892609026091260922609326094260952609626097260982609926100261012610226103261042610526106261072610826109261102611126112261132611426115261162611726118261192612026121261222612326124261252612626127261282612926130261312613226133261342613526136261372613826139261402614126142261432614426145261462614726148261492615026151261522615326154261552615626157261582615926160261612616226163261642616526166261672616826169261702617126172261732617426175261762617726178261792618026181261822618326184261852618626187261882618926190261912619226193261942619526196261972619826199262002620126202262032620426205262062620726208262092621026211262122621326214262152621626217262182621926220262212622226223262242622526226262272622826229262302623126232262332623426235262362623726238262392624026241262422624326244262452624626247262482624926250262512625226253262542625526256262572625826259262602626126262262632626426265262662626726268262692627026271262722627326274262752627626277262782627926280262812628226283262842628526286262872628826289262902629126292262932629426295262962629726298262992630026301263022630326304263052630626307263082630926310263112631226313263142631526316263172631826319263202632126322263232632426325263262632726328263292633026331263322633326334263352633626337263382633926340263412634226343263442634526346263472634826349263502635126352263532635426355263562635726358263592636026361263622636326364263652636626367263682636926370263712637226373263742637526376263772637826379263802638126382263832638426385263862638726388263892639026391263922639326394263952639626397263982639926400264012640226403264042640526406264072640826409264102641126412264132641426415264162641726418264192642026421264222642326424264252642626427264282642926430264312643226433264342643526436264372643826439264402644126442264432644426445264462644726448264492645026451264522645326454264552645626457264582645926460264612646226463264642646526466264672646826469264702647126472264732647426475264762647726478264792648026481264822648326484264852648626487264882648926490264912649226493264942649526496264972649826499265002650126502265032650426505265062650726508265092651026511265122651326514265152651626517265182651926520265212652226523265242652526526265272652826529265302653126532265332653426535265362653726538265392654026541265422654326544265452654626547265482654926550265512655226553265542655526556265572655826559265602656126562265632656426565265662656726568265692657026571265722657326574265752657626577265782657926580265812658226583265842658526586265872658826589265902659126592265932659426595265962659726598265992660026601266022660326604266052660626607266082660926610266112661226613266142661526616266172661826619266202662126622266232662426625266262662726628266292663026631266322663326634266352663626637266382663926640266412664226643266442664526646266472664826649266502665126652266532665426655266562665726658266592666026661266622666326664266652666626667266682666926670266712667226673266742667526676266772667826679266802668126682266832668426685266862668726688266892669026691266922669326694266952669626697266982669926700267012670226703267042670526706267072670826709267102671126712267132671426715267162671726718267192672026721267222672326724267252672626727267282672926730267312673226733267342673526736267372673826739267402674126742267432674426745267462674726748267492675026751267522675326754267552675626757267582675926760267612676226763267642676526766267672676826769267702677126772267732677426775267762677726778267792678026781267822678326784267852678626787267882678926790267912679226793267942679526796267972679826799268002680126802268032680426805268062680726808268092681026811268122681326814268152681626817268182681926820268212682226823268242682526826268272682826829268302683126832268332683426835268362683726838268392684026841268422684326844268452684626847268482684926850268512685226853268542685526856268572685826859268602686126862268632686426865268662686726868268692687026871268722687326874268752687626877268782687926880268812688226883268842688526886268872688826889268902689126892268932689426895268962689726898268992690026901269022690326904269052690626907269082690926910269112691226913269142691526916269172691826919269202692126922269232692426925269262692726928269292693026931269322693326934269352693626937269382693926940269412694226943269442694526946269472694826949269502695126952269532695426955269562695726958269592696026961269622696326964269652696626967269682696926970269712697226973269742697526976269772697826979269802698126982269832698426985269862698726988269892699026991269922699326994269952699626997269982699927000270012700227003270042700527006270072700827009270102701127012270132701427015270162701727018270192702027021270222702327024270252702627027270282702927030270312703227033270342703527036270372703827039270402704127042270432704427045270462704727048270492705027051270522705327054270552705627057270582705927060270612706227063270642706527066270672706827069270702707127072270732707427075270762707727078270792708027081270822708327084270852708627087270882708927090270912709227093270942709527096270972709827099271002710127102271032710427105271062710727108271092711027111271122711327114271152711627117271182711927120271212712227123271242712527126271272712827129271302713127132271332713427135271362713727138271392714027141271422714327144271452714627147271482714927150271512715227153271542715527156271572715827159271602716127162271632716427165271662716727168271692717027171271722717327174271752717627177271782717927180271812718227183271842718527186271872718827189271902719127192271932719427195271962719727198271992720027201272022720327204272052720627207272082720927210272112721227213272142721527216272172721827219272202722127222272232722427225272262722727228272292723027231272322723327234272352723627237272382723927240272412724227243272442724527246272472724827249272502725127252272532725427255272562725727258272592726027261272622726327264272652726627267272682726927270272712727227273272742727527276272772727827279272802728127282272832728427285272862728727288272892729027291272922729327294272952729627297272982729927300273012730227303273042730527306273072730827309273102731127312273132731427315273162731727318273192732027321273222732327324273252732627327273282732927330273312733227333273342733527336273372733827339273402734127342273432734427345273462734727348273492735027351273522735327354273552735627357273582735927360273612736227363273642736527366273672736827369273702737127372273732737427375273762737727378273792738027381273822738327384273852738627387273882738927390273912739227393273942739527396273972739827399274002740127402274032740427405274062740727408274092741027411274122741327414274152741627417274182741927420274212742227423274242742527426274272742827429274302743127432274332743427435274362743727438274392744027441274422744327444274452744627447274482744927450274512745227453274542745527456274572745827459274602746127462274632746427465274662746727468274692747027471274722747327474274752747627477274782747927480274812748227483274842748527486274872748827489274902749127492274932749427495274962749727498274992750027501275022750327504275052750627507275082750927510275112751227513275142751527516275172751827519275202752127522275232752427525275262752727528275292753027531275322753327534275352753627537275382753927540275412754227543275442754527546275472754827549275502755127552275532755427555275562755727558275592756027561275622756327564275652756627567275682756927570275712757227573275742757527576275772757827579275802758127582275832758427585275862758727588275892759027591275922759327594275952759627597275982759927600276012760227603276042760527606276072760827609276102761127612276132761427615276162761727618276192762027621276222762327624276252762627627276282762927630276312763227633276342763527636276372763827639276402764127642276432764427645276462764727648276492765027651276522765327654276552765627657276582765927660276612766227663276642766527666276672766827669276702767127672276732767427675276762767727678276792768027681276822768327684276852768627687276882768927690276912769227693276942769527696276972769827699277002770127702277032770427705277062770727708277092771027711277122771327714277152771627717277182771927720277212772227723277242772527726277272772827729277302773127732277332773427735277362773727738277392774027741277422774327744277452774627747277482774927750277512775227753277542775527756277572775827759277602776127762277632776427765277662776727768277692777027771277722777327774277752777627777277782777927780277812778227783277842778527786277872778827789277902779127792277932779427795277962779727798277992780027801278022780327804278052780627807278082780927810278112781227813278142781527816278172781827819278202782127822278232782427825278262782727828278292783027831278322783327834278352783627837278382783927840278412784227843278442784527846278472784827849278502785127852278532785427855278562785727858278592786027861278622786327864278652786627867278682786927870278712787227873278742787527876278772787827879278802788127882278832788427885278862788727888278892789027891278922789327894278952789627897278982789927900279012790227903279042790527906279072790827909279102791127912279132791427915279162791727918279192792027921279222792327924279252792627927279282792927930279312793227933279342793527936279372793827939279402794127942279432794427945279462794727948279492795027951279522795327954279552795627957279582795927960279612796227963279642796527966279672796827969279702797127972279732797427975279762797727978279792798027981279822798327984279852798627987279882798927990279912799227993279942799527996279972799827999280002800128002280032800428005280062800728008280092801028011280122801328014280152801628017280182801928020280212802228023280242802528026280272802828029280302803128032280332803428035280362803728038280392804028041280422804328044280452804628047280482804928050280512805228053280542805528056280572805828059280602806128062280632806428065280662806728068280692807028071280722807328074280752807628077280782807928080280812808228083280842808528086280872808828089280902809128092280932809428095280962809728098280992810028101281022810328104281052810628107281082810928110281112811228113281142811528116281172811828119281202812128122281232812428125281262812728128281292813028131281322813328134281352813628137281382813928140281412814228143281442814528146281472814828149281502815128152281532815428155281562815728158281592816028161281622816328164281652816628167281682816928170281712817228173281742817528176281772817828179281802818128182281832818428185281862818728188281892819028191281922819328194281952819628197281982819928200282012820228203282042820528206282072820828209282102821128212282132821428215282162821728218282192822028221282222822328224282252822628227282282822928230282312823228233282342823528236282372823828239282402824128242282432824428245282462824728248282492825028251282522825328254282552825628257282582825928260282612826228263282642826528266282672826828269282702827128272282732827428275282762827728278282792828028281282822828328284282852828628287282882828928290282912829228293282942829528296282972829828299283002830128302283032830428305283062830728308283092831028311283122831328314283152831628317283182831928320283212832228323283242832528326283272832828329283302833128332283332833428335283362833728338283392834028341283422834328344283452834628347283482834928350283512835228353283542835528356283572835828359283602836128362283632836428365283662836728368283692837028371283722837328374283752837628377283782837928380283812838228383283842838528386283872838828389283902839128392283932839428395283962839728398283992840028401284022840328404284052840628407284082840928410284112841228413284142841528416284172841828419284202842128422284232842428425284262842728428284292843028431284322843328434284352843628437284382843928440284412844228443284442844528446284472844828449284502845128452284532845428455284562845728458284592846028461284622846328464284652846628467284682846928470284712847228473284742847528476284772847828479284802848128482284832848428485284862848728488284892849028491284922849328494284952849628497284982849928500285012850228503285042850528506285072850828509285102851128512285132851428515285162851728518285192852028521285222852328524285252852628527285282852928530285312853228533285342853528536285372853828539285402854128542285432854428545285462854728548285492855028551285522855328554285552855628557285582855928560285612856228563285642856528566285672856828569285702857128572285732857428575285762857728578285792858028581285822858328584285852858628587285882858928590285912859228593285942859528596285972859828599286002860128602286032860428605286062860728608286092861028611286122861328614286152861628617286182861928620286212862228623286242862528626286272862828629286302863128632286332863428635286362863728638286392864028641286422864328644286452864628647286482864928650286512865228653286542865528656286572865828659286602866128662286632866428665286662866728668286692867028671286722867328674286752867628677286782867928680286812868228683286842868528686286872868828689286902869128692286932869428695286962869728698286992870028701287022870328704287052870628707287082870928710287112871228713287142871528716287172871828719287202872128722287232872428725287262872728728287292873028731287322873328734287352873628737287382873928740287412874228743287442874528746287472874828749287502875128752287532875428755287562875728758287592876028761287622876328764287652876628767287682876928770287712877228773287742877528776287772877828779287802878128782287832878428785287862878728788287892879028791287922879328794287952879628797287982879928800288012880228803288042880528806288072880828809288102881128812288132881428815288162881728818288192882028821288222882328824288252882628827288282882928830288312883228833288342883528836288372883828839288402884128842288432884428845288462884728848288492885028851288522885328854288552885628857288582885928860288612886228863288642886528866288672886828869288702887128872288732887428875288762887728878288792888028881288822888328884288852888628887288882888928890288912889228893288942889528896288972889828899289002890128902289032890428905289062890728908289092891028911289122891328914289152891628917289182891928920289212892228923289242892528926289272892828929289302893128932289332893428935289362893728938289392894028941289422894328944289452894628947289482894928950289512895228953289542895528956289572895828959289602896128962289632896428965289662896728968289692897028971289722897328974289752897628977289782897928980289812898228983289842898528986289872898828989289902899128992289932899428995289962899728998289992900029001290022900329004290052900629007290082900929010290112901229013290142901529016290172901829019290202902129022290232902429025290262902729028290292903029031290322903329034290352903629037290382903929040290412904229043290442904529046290472904829049290502905129052290532905429055290562905729058290592906029061290622906329064290652906629067290682906929070290712907229073290742907529076290772907829079290802908129082290832908429085290862908729088290892909029091290922909329094290952909629097290982909929100291012910229103291042910529106291072910829109291102911129112291132911429115291162911729118291192912029121291222912329124291252912629127291282912929130291312913229133291342913529136291372913829139291402914129142291432914429145291462914729148291492915029151291522915329154291552915629157291582915929160291612916229163291642916529166291672916829169291702917129172291732917429175291762917729178291792918029181291822918329184291852918629187291882918929190291912919229193291942919529196291972919829199292002920129202292032920429205292062920729208292092921029211292122921329214292152921629217292182921929220292212922229223292242922529226292272922829229292302923129232292332923429235292362923729238292392924029241292422924329244292452924629247292482924929250292512925229253292542925529256292572925829259292602926129262292632926429265292662926729268292692927029271292722927329274292752927629277292782927929280292812928229283292842928529286292872928829289292902929129292292932929429295292962929729298292992930029301293022930329304293052930629307293082930929310293112931229313293142931529316293172931829319293202932129322293232932429325293262932729328293292933029331293322933329334293352933629337293382933929340293412934229343293442934529346293472934829349293502935129352293532935429355293562935729358293592936029361293622936329364293652936629367293682936929370293712937229373293742937529376293772937829379293802938129382293832938429385293862938729388293892939029391293922939329394293952939629397293982939929400294012940229403294042940529406294072940829409294102941129412294132941429415294162941729418294192942029421294222942329424294252942629427294282942929430294312943229433294342943529436294372943829439294402944129442294432944429445294462944729448294492945029451294522945329454294552945629457294582945929460294612946229463294642946529466294672946829469294702947129472294732947429475294762947729478294792948029481294822948329484294852948629487294882948929490294912949229493294942949529496294972949829499295002950129502295032950429505295062950729508295092951029511295122951329514295152951629517295182951929520295212952229523295242952529526295272952829529295302953129532295332953429535295362953729538295392954029541295422954329544295452954629547295482954929550295512955229553295542955529556295572955829559295602956129562295632956429565295662956729568295692957029571295722957329574295752957629577295782957929580295812958229583295842958529586295872958829589295902959129592295932959429595295962959729598295992960029601296022960329604296052960629607296082960929610296112961229613296142961529616296172961829619296202962129622296232962429625296262962729628296292963029631296322963329634296352963629637296382963929640296412964229643296442964529646296472964829649296502965129652296532965429655296562965729658296592966029661296622966329664296652966629667296682966929670296712967229673296742967529676296772967829679296802968129682296832968429685296862968729688296892969029691296922969329694296952969629697296982969929700297012970229703297042970529706297072970829709297102971129712297132971429715297162971729718297192972029721297222972329724297252972629727297282972929730297312973229733297342973529736297372973829739297402974129742297432974429745297462974729748297492975029751297522975329754297552975629757297582975929760297612976229763297642976529766297672976829769297702977129772297732977429775297762977729778297792978029781297822978329784297852978629787297882978929790297912979229793297942979529796297972979829799298002980129802298032980429805298062980729808298092981029811298122981329814298152981629817298182981929820298212982229823298242982529826298272982829829298302983129832298332983429835298362983729838298392984029841298422984329844298452984629847298482984929850298512985229853298542985529856298572985829859298602986129862298632986429865298662986729868298692987029871298722987329874298752987629877298782987929880298812988229883298842988529886298872988829889298902989129892298932989429895298962989729898298992990029901299022990329904299052990629907299082990929910299112991229913299142991529916299172991829919299202992129922299232992429925299262992729928299292993029931299322993329934299352993629937299382993929940299412994229943299442994529946299472994829949299502995129952299532995429955299562995729958299592996029961299622996329964299652996629967299682996929970299712997229973299742997529976299772997829979299802998129982299832998429985299862998729988299892999029991299922999329994299952999629997299982999930000300013000230003300043000530006300073000830009300103001130012300133001430015300163001730018300193002030021300223002330024300253002630027300283002930030300313003230033300343003530036300373003830039300403004130042300433004430045300463004730048300493005030051300523005330054300553005630057300583005930060300613006230063300643006530066300673006830069300703007130072300733007430075300763007730078300793008030081300823008330084300853008630087300883008930090300913009230093300943009530096300973009830099301003010130102301033010430105301063010730108301093011030111301123011330114301153011630117301183011930120301213012230123301243012530126301273012830129301303013130132301333013430135301363013730138301393014030141301423014330144301453014630147301483014930150301513015230153301543015530156301573015830159301603016130162301633016430165301663016730168301693017030171301723017330174301753017630177301783017930180301813018230183301843018530186301873018830189301903019130192301933019430195301963019730198301993020030201302023020330204302053020630207302083020930210302113021230213302143021530216302173021830219302203022130222302233022430225302263022730228302293023030231302323023330234302353023630237302383023930240302413024230243302443024530246302473024830249302503025130252302533025430255302563025730258302593026030261302623026330264302653026630267302683026930270302713027230273302743027530276302773027830279302803028130282302833028430285302863028730288302893029030291302923029330294302953029630297302983029930300303013030230303303043030530306303073030830309303103031130312303133031430315303163031730318303193032030321303223032330324303253032630327303283032930330303313033230333303343033530336303373033830339303403034130342303433034430345303463034730348303493035030351303523035330354303553035630357303583035930360303613036230363303643036530366303673036830369303703037130372303733037430375303763037730378303793038030381303823038330384303853038630387303883038930390303913039230393303943039530396303973039830399304003040130402304033040430405304063040730408304093041030411304123041330414304153041630417304183041930420304213042230423304243042530426304273042830429304303043130432304333043430435304363043730438304393044030441304423044330444304453044630447304483044930450304513045230453304543045530456304573045830459304603046130462304633046430465304663046730468304693047030471304723047330474304753047630477304783047930480304813048230483304843048530486304873048830489304903049130492304933049430495304963049730498304993050030501305023050330504305053050630507305083050930510305113051230513305143051530516305173051830519305203052130522305233052430525305263052730528305293053030531305323053330534305353053630537305383053930540305413054230543305443054530546305473054830549305503055130552305533055430555305563055730558305593056030561305623056330564305653056630567305683056930570305713057230573305743057530576305773057830579305803058130582305833058430585305863058730588305893059030591305923059330594305953059630597305983059930600306013060230603306043060530606306073060830609306103061130612306133061430615306163061730618306193062030621306223062330624306253062630627306283062930630306313063230633306343063530636306373063830639306403064130642306433064430645306463064730648306493065030651306523065330654306553065630657306583065930660306613066230663306643066530666306673066830669306703067130672306733067430675306763067730678306793068030681306823068330684306853068630687306883068930690306913069230693306943069530696306973069830699307003070130702307033070430705307063070730708307093071030711307123071330714307153071630717307183071930720307213072230723307243072530726307273072830729307303073130732307333073430735307363073730738307393074030741307423074330744307453074630747307483074930750307513075230753307543075530756307573075830759307603076130762307633076430765307663076730768307693077030771307723077330774307753077630777307783077930780307813078230783307843078530786307873078830789307903079130792307933079430795307963079730798307993080030801308023080330804308053080630807308083080930810308113081230813308143081530816308173081830819308203082130822308233082430825308263082730828308293083030831308323083330834308353083630837308383083930840308413084230843308443084530846308473084830849308503085130852308533085430855308563085730858308593086030861308623086330864308653086630867308683086930870308713087230873308743087530876308773087830879308803088130882308833088430885308863088730888308893089030891308923089330894308953089630897308983089930900309013090230903309043090530906309073090830909309103091130912309133091430915309163091730918309193092030921309223092330924309253092630927309283092930930309313093230933309343093530936309373093830939309403094130942309433094430945309463094730948309493095030951309523095330954309553095630957309583095930960309613096230963309643096530966309673096830969309703097130972309733097430975309763097730978309793098030981309823098330984309853098630987309883098930990309913099230993309943099530996309973099830999310003100131002310033100431005310063100731008310093101031011310123101331014310153101631017310183101931020310213102231023310243102531026310273102831029310303103131032310333103431035310363103731038310393104031041310423104331044310453104631047310483104931050310513105231053310543105531056310573105831059310603106131062310633106431065310663106731068310693107031071310723107331074310753107631077310783107931080310813108231083310843108531086310873108831089310903109131092310933109431095310963109731098310993110031101311023110331104311053110631107311083110931110311113111231113311143111531116311173111831119311203112131122311233112431125311263112731128311293113031131311323113331134311353113631137311383113931140311413114231143311443114531146311473114831149311503115131152311533115431155311563115731158311593116031161311623116331164311653116631167311683116931170311713117231173311743117531176311773117831179311803118131182311833118431185311863118731188311893119031191311923119331194311953119631197311983119931200312013120231203312043120531206312073120831209312103121131212312133121431215312163121731218312193122031221312223122331224312253122631227312283122931230312313123231233312343123531236312373123831239312403124131242312433124431245312463124731248312493125031251312523125331254312553125631257312583125931260312613126231263312643126531266312673126831269312703127131272312733127431275312763127731278312793128031281312823128331284312853128631287312883128931290312913129231293312943129531296312973129831299313003130131302313033130431305313063130731308313093131031311313123131331314313153131631317313183131931320313213132231323313243132531326313273132831329313303133131332313333133431335313363133731338313393134031341313423134331344313453134631347313483134931350313513135231353313543135531356313573135831359313603136131362313633136431365313663136731368313693137031371313723137331374313753137631377313783137931380313813138231383313843138531386313873138831389313903139131392313933139431395313963139731398313993140031401314023140331404314053140631407314083140931410314113141231413314143141531416314173141831419314203142131422314233142431425314263142731428314293143031431314323143331434314353143631437314383143931440314413144231443314443144531446314473144831449314503145131452314533145431455314563145731458314593146031461314623146331464314653146631467314683146931470314713147231473314743147531476314773147831479314803148131482314833148431485314863148731488314893149031491314923149331494314953149631497314983149931500315013150231503315043150531506315073150831509315103151131512315133151431515315163151731518315193152031521315223152331524315253152631527315283152931530315313153231533315343153531536315373153831539315403154131542315433154431545315463154731548315493155031551315523155331554315553155631557315583155931560315613156231563315643156531566315673156831569315703157131572315733157431575315763157731578315793158031581315823158331584315853158631587315883158931590315913159231593315943159531596315973159831599316003160131602316033160431605316063160731608316093161031611316123161331614316153161631617316183161931620316213162231623316243162531626316273162831629316303163131632316333163431635316363163731638316393164031641316423164331644316453164631647316483164931650316513165231653316543165531656316573165831659316603166131662316633166431665316663166731668316693167031671316723167331674316753167631677316783167931680316813168231683316843168531686316873168831689316903169131692316933169431695316963169731698316993170031701317023170331704317053170631707317083170931710317113171231713317143171531716317173171831719317203172131722317233172431725317263172731728317293173031731317323173331734317353173631737317383173931740317413174231743317443174531746317473174831749317503175131752317533175431755317563175731758317593176031761317623176331764317653176631767317683176931770317713177231773317743177531776317773177831779317803178131782317833178431785317863178731788317893179031791317923179331794317953179631797317983179931800318013180231803318043180531806318073180831809318103181131812318133181431815318163181731818318193182031821318223182331824318253182631827318283182931830318313183231833318343183531836318373183831839318403184131842318433184431845318463184731848318493185031851318523185331854318553185631857318583185931860318613186231863318643186531866318673186831869318703187131872318733187431875318763187731878318793188031881318823188331884318853188631887318883188931890318913189231893318943189531896318973189831899319003190131902319033190431905319063190731908319093191031911319123191331914319153191631917319183191931920319213192231923319243192531926319273192831929319303193131932319333193431935319363193731938319393194031941319423194331944319453194631947319483194931950319513195231953319543195531956319573195831959319603196131962319633196431965319663196731968319693197031971319723197331974319753197631977319783197931980319813198231983319843198531986319873198831989319903199131992319933199431995319963199731998319993200032001320023200332004320053200632007320083200932010320113201232013320143201532016320173201832019320203202132022320233202432025320263202732028320293203032031320323203332034320353203632037320383203932040320413204232043320443204532046320473204832049320503205132052320533205432055320563205732058320593206032061320623206332064320653206632067320683206932070320713207232073320743207532076320773207832079320803208132082320833208432085320863208732088320893209032091320923209332094320953209632097320983209932100321013210232103321043210532106321073210832109321103211132112321133211432115321163211732118321193212032121321223212332124321253212632127321283212932130321313213232133321343213532136321373213832139321403214132142321433214432145321463214732148321493215032151321523215332154321553215632157321583215932160321613216232163321643216532166321673216832169321703217132172321733217432175321763217732178321793218032181321823218332184321853218632187321883218932190321913219232193321943219532196321973219832199322003220132202322033220432205322063220732208322093221032211322123221332214322153221632217322183221932220322213222232223322243222532226322273222832229322303223132232322333223432235322363223732238322393224032241322423224332244322453224632247322483224932250322513225232253322543225532256322573225832259322603226132262322633226432265322663226732268322693227032271322723227332274322753227632277322783227932280322813228232283322843228532286322873228832289322903229132292322933229432295322963229732298322993230032301323023230332304323053230632307323083230932310323113231232313323143231532316323173231832319323203232132322323233232432325323263232732328323293233032331323323233332334323353233632337323383233932340323413234232343323443234532346323473234832349323503235132352323533235432355323563235732358323593236032361323623236332364323653236632367323683236932370323713237232373323743237532376323773237832379323803238132382323833238432385323863238732388323893239032391323923239332394323953239632397323983239932400324013240232403324043240532406324073240832409324103241132412324133241432415324163241732418324193242032421324223242332424324253242632427324283242932430324313243232433324343243532436324373243832439324403244132442324433244432445324463244732448324493245032451324523245332454324553245632457324583245932460324613246232463324643246532466324673246832469324703247132472324733247432475324763247732478324793248032481324823248332484324853248632487324883248932490324913249232493324943249532496324973249832499325003250132502325033250432505325063250732508325093251032511325123251332514325153251632517325183251932520325213252232523325243252532526325273252832529325303253132532325333253432535325363253732538325393254032541325423254332544325453254632547325483254932550325513255232553325543255532556325573255832559325603256132562325633256432565325663256732568325693257032571325723257332574325753257632577325783257932580325813258232583325843258532586325873258832589325903259132592325933259432595325963259732598325993260032601326023260332604326053260632607326083260932610326113261232613326143261532616326173261832619326203262132622326233262432625326263262732628326293263032631326323263332634326353263632637326383263932640326413264232643326443264532646326473264832649326503265132652326533265432655326563265732658326593266032661326623266332664326653266632667326683266932670326713267232673326743267532676326773267832679326803268132682326833268432685326863268732688326893269032691326923269332694326953269632697326983269932700327013270232703327043270532706327073270832709327103271132712327133271432715327163271732718327193272032721327223272332724327253272632727327283272932730327313273232733327343273532736327373273832739327403274132742327433274432745327463274732748327493275032751327523275332754327553275632757327583275932760327613276232763327643276532766327673276832769327703277132772327733277432775327763277732778327793278032781327823278332784327853278632787327883278932790327913279232793327943279532796327973279832799328003280132802328033280432805328063280732808328093281032811328123281332814328153281632817328183281932820328213282232823328243282532826328273282832829328303283132832328333283432835328363283732838328393284032841328423284332844328453284632847328483284932850328513285232853328543285532856328573285832859328603286132862328633286432865328663286732868328693287032871328723287332874328753287632877328783287932880328813288232883328843288532886328873288832889328903289132892328933289432895328963289732898328993290032901329023290332904329053290632907329083290932910329113291232913329143291532916329173291832919329203292132922329233292432925329263292732928329293293032931329323293332934329353293632937329383293932940329413294232943329443294532946329473294832949329503295132952329533295432955329563295732958329593296032961329623296332964329653296632967329683296932970329713297232973329743297532976329773297832979329803298132982329833298432985329863298732988329893299032991329923299332994329953299632997329983299933000330013300233003330043300533006330073300833009330103301133012330133301433015330163301733018330193302033021330223302333024330253302633027330283302933030330313303233033330343303533036330373303833039330403304133042330433304433045330463304733048330493305033051330523305333054330553305633057330583305933060330613306233063330643306533066330673306833069330703307133072330733307433075330763307733078330793308033081330823308333084330853308633087330883308933090330913309233093330943309533096330973309833099331003310133102331033310433105331063310733108331093311033111331123311333114331153311633117331183311933120331213312233123331243312533126331273312833129331303313133132331333313433135331363313733138331393314033141331423314333144331453314633147331483314933150331513315233153331543315533156331573315833159331603316133162331633316433165331663316733168331693317033171331723317333174331753317633177331783317933180331813318233183331843318533186331873318833189331903319133192331933319433195331963319733198331993320033201332023320333204332053320633207332083320933210332113321233213332143321533216332173321833219332203322133222332233322433225332263322733228332293323033231332323323333234332353323633237332383323933240332413324233243332443324533246332473324833249332503325133252332533325433255332563325733258332593326033261332623326333264332653326633267332683326933270332713327233273332743327533276332773327833279332803328133282332833328433285332863328733288332893329033291332923329333294332953329633297332983329933300333013330233303333043330533306333073330833309333103331133312333133331433315333163331733318333193332033321333223332333324333253332633327333283332933330333313333233333333343333533336333373333833339333403334133342333433334433345333463334733348333493335033351333523335333354333553335633357333583335933360333613336233363333643336533366333673336833369333703337133372333733337433375333763337733378333793338033381333823338333384333853338633387333883338933390333913339233393333943339533396333973339833399334003340133402334033340433405334063340733408334093341033411334123341333414334153341633417334183341933420334213342233423334243342533426334273342833429334303343133432334333343433435334363343733438334393344033441334423344333444334453344633447334483344933450334513345233453334543345533456334573345833459334603346133462334633346433465334663346733468334693347033471334723347333474334753347633477334783347933480334813348233483334843348533486334873348833489334903349133492334933349433495334963349733498334993350033501335023350333504335053350633507335083350933510335113351233513335143351533516335173351833519335203352133522335233352433525335263352733528335293353033531335323353333534335353353633537335383353933540335413354233543335443354533546335473354833549335503355133552335533355433555335563355733558335593356033561335623356333564335653356633567335683356933570335713357233573335743357533576335773357833579335803358133582335833358433585335863358733588335893359033591335923359333594335953359633597335983359933600336013360233603336043360533606336073360833609336103361133612336133361433615336163361733618336193362033621336223362333624336253362633627336283362933630336313363233633336343363533636336373363833639336403364133642336433364433645336463364733648336493365033651336523365333654336553365633657336583365933660336613366233663336643366533666336673366833669336703367133672336733367433675336763367733678336793368033681336823368333684336853368633687336883368933690336913369233693336943369533696336973369833699337003370133702337033370433705337063370733708337093371033711337123371333714337153371633717337183371933720337213372233723337243372533726337273372833729337303373133732337333373433735337363373733738337393374033741337423374333744337453374633747337483374933750337513375233753337543375533756337573375833759337603376133762337633376433765337663376733768337693377033771337723377333774337753377633777337783377933780337813378233783337843378533786337873378833789337903379133792337933379433795337963379733798337993380033801338023380333804338053380633807338083380933810338113381233813338143381533816338173381833819338203382133822338233382433825338263382733828338293383033831338323383333834338353383633837338383383933840338413384233843338443384533846338473384833849338503385133852338533385433855338563385733858338593386033861338623386333864338653386633867338683386933870338713387233873338743387533876338773387833879338803388133882338833388433885338863388733888338893389033891338923389333894338953389633897338983389933900339013390233903339043390533906339073390833909339103391133912339133391433915339163391733918339193392033921339223392333924339253392633927339283392933930339313393233933339343393533936339373393833939339403394133942339433394433945339463394733948339493395033951339523395333954339553395633957339583395933960339613396233963339643396533966339673396833969339703397133972339733397433975339763397733978339793398033981339823398333984339853398633987339883398933990339913399233993339943399533996339973399833999340003400134002340033400434005340063400734008340093401034011340123401334014340153401634017340183401934020340213402234023340243402534026340273402834029340303403134032340333403434035340363403734038340393404034041340423404334044340453404634047340483404934050340513405234053340543405534056340573405834059340603406134062340633406434065340663406734068340693407034071340723407334074340753407634077340783407934080340813408234083340843408534086340873408834089340903409134092340933409434095340963409734098340993410034101341023410334104341053410634107341083410934110341113411234113341143411534116341173411834119341203412134122341233412434125341263412734128341293413034131341323413334134341353413634137341383413934140341413414234143341443414534146341473414834149341503415134152341533415434155341563415734158341593416034161341623416334164341653416634167341683416934170341713417234173341743417534176341773417834179341803418134182341833418434185341863418734188341893419034191341923419334194341953419634197341983419934200342013420234203342043420534206342073420834209342103421134212342133421434215342163421734218342193422034221342223422334224342253422634227342283422934230342313423234233342343423534236342373423834239342403424134242342433424434245342463424734248342493425034251342523425334254342553425634257342583425934260342613426234263342643426534266342673426834269342703427134272342733427434275342763427734278342793428034281342823428334284342853428634287342883428934290342913429234293342943429534296342973429834299343003430134302343033430434305343063430734308343093431034311343123431334314343153431634317343183431934320343213432234323343243432534326343273432834329343303433134332343333433434335343363433734338343393434034341343423434334344343453434634347343483434934350343513435234353343543435534356343573435834359343603436134362343633436434365343663436734368343693437034371343723437334374343753437634377343783437934380343813438234383343843438534386343873438834389343903439134392343933439434395343963439734398343993440034401344023440334404344053440634407344083440934410344113441234413344143441534416344173441834419344203442134422344233442434425344263442734428344293443034431344323443334434344353443634437344383443934440344413444234443344443444534446344473444834449344503445134452344533445434455344563445734458344593446034461344623446334464344653446634467344683446934470344713447234473344743447534476344773447834479344803448134482344833448434485344863448734488344893449034491344923449334494344953449634497344983449934500345013450234503345043450534506345073450834509345103451134512345133451434515345163451734518345193452034521345223452334524345253452634527345283452934530345313453234533345343453534536345373453834539345403454134542345433454434545345463454734548345493455034551345523455334554345553455634557345583455934560345613456234563345643456534566345673456834569345703457134572345733457434575345763457734578345793458034581345823458334584345853458634587345883458934590345913459234593345943459534596345973459834599346003460134602346033460434605346063460734608346093461034611346123461334614346153461634617346183461934620346213462234623346243462534626346273462834629346303463134632346333463434635346363463734638346393464034641346423464334644346453464634647346483464934650346513465234653346543465534656346573465834659346603466134662346633466434665346663466734668346693467034671346723467334674346753467634677346783467934680346813468234683346843468534686346873468834689346903469134692346933469434695346963469734698346993470034701347023470334704347053470634707347083470934710347113471234713347143471534716347173471834719347203472134722347233472434725347263472734728347293473034731347323473334734347353473634737347383473934740347413474234743347443474534746347473474834749347503475134752347533475434755347563475734758347593476034761347623476334764347653476634767347683476934770347713477234773347743477534776347773477834779347803478134782347833478434785347863478734788347893479034791347923479334794347953479634797347983479934800348013480234803348043480534806348073480834809348103481134812348133481434815348163481734818348193482034821348223482334824348253482634827348283482934830348313483234833348343483534836348373483834839348403484134842348433484434845348463484734848348493485034851348523485334854348553485634857348583485934860348613486234863348643486534866348673486834869348703487134872348733487434875348763487734878348793488034881348823488334884348853488634887348883488934890348913489234893348943489534896348973489834899349003490134902349033490434905349063490734908349093491034911349123491334914349153491634917349183491934920349213492234923349243492534926349273492834929349303493134932349333493434935349363493734938349393494034941349423494334944349453494634947349483494934950349513495234953349543495534956349573495834959349603496134962349633496434965349663496734968349693497034971349723497334974349753497634977349783497934980349813498234983349843498534986349873498834989349903499134992349933499434995349963499734998349993500035001350023500335004350053500635007350083500935010350113501235013350143501535016350173501835019350203502135022350233502435025350263502735028350293503035031350323503335034350353503635037350383503935040350413504235043350443504535046350473504835049350503505135052350533505435055350563505735058350593506035061350623506335064350653506635067350683506935070350713507235073350743507535076350773507835079350803508135082350833508435085350863508735088350893509035091350923509335094350953509635097350983509935100351013510235103351043510535106351073510835109351103511135112351133511435115351163511735118351193512035121351223512335124351253512635127351283512935130351313513235133351343513535136351373513835139351403514135142351433514435145351463514735148351493515035151351523515335154351553515635157351583515935160351613516235163351643516535166351673516835169351703517135172351733517435175351763517735178351793518035181351823518335184351853518635187351883518935190351913519235193351943519535196351973519835199352003520135202352033520435205352063520735208352093521035211352123521335214352153521635217352183521935220352213522235223352243522535226352273522835229352303523135232352333523435235352363523735238352393524035241352423524335244352453524635247352483524935250352513525235253352543525535256352573525835259352603526135262352633526435265352663526735268352693527035271352723527335274352753527635277352783527935280352813528235283352843528535286352873528835289352903529135292352933529435295352963529735298352993530035301353023530335304353053530635307353083530935310353113531235313353143531535316353173531835319353203532135322353233532435325353263532735328353293533035331353323533335334353353533635337353383533935340353413534235343353443534535346353473534835349353503535135352353533535435355353563535735358353593536035361353623536335364353653536635367353683536935370353713537235373353743537535376353773537835379353803538135382353833538435385353863538735388353893539035391353923539335394353953539635397353983539935400354013540235403354043540535406354073540835409354103541135412354133541435415354163541735418354193542035421354223542335424354253542635427354283542935430354313543235433354343543535436354373543835439354403544135442354433544435445354463544735448354493545035451354523545335454354553545635457354583545935460354613546235463354643546535466354673546835469354703547135472354733547435475354763547735478354793548035481354823548335484354853548635487354883548935490354913549235493354943549535496354973549835499355003550135502355033550435505355063550735508355093551035511355123551335514355153551635517355183551935520355213552235523355243552535526355273552835529355303553135532355333553435535355363553735538355393554035541355423554335544355453554635547355483554935550355513555235553355543555535556355573555835559355603556135562355633556435565355663556735568355693557035571355723557335574355753557635577355783557935580355813558235583355843558535586355873558835589355903559135592355933559435595355963559735598355993560035601356023560335604356053560635607356083560935610356113561235613356143561535616356173561835619356203562135622356233562435625356263562735628356293563035631356323563335634356353563635637356383563935640356413564235643356443564535646356473564835649356503565135652356533565435655356563565735658356593566035661356623566335664356653566635667356683566935670356713567235673356743567535676356773567835679356803568135682356833568435685356863568735688356893569035691356923569335694356953569635697356983569935700357013570235703357043570535706357073570835709357103571135712357133571435715357163571735718357193572035721357223572335724357253572635727357283572935730357313573235733357343573535736357373573835739357403574135742357433574435745357463574735748357493575035751357523575335754357553575635757357583575935760357613576235763357643576535766357673576835769357703577135772357733577435775357763577735778357793578035781357823578335784357853578635787357883578935790357913579235793357943579535796357973579835799358003580135802358033580435805358063580735808358093581035811358123581335814358153581635817358183581935820358213582235823358243582535826358273582835829358303583135832358333583435835358363583735838358393584035841358423584335844358453584635847358483584935850358513585235853358543585535856358573585835859358603586135862358633586435865358663586735868358693587035871358723587335874358753587635877358783587935880358813588235883358843588535886358873588835889358903589135892358933589435895358963589735898358993590035901359023590335904359053590635907359083590935910359113591235913359143591535916359173591835919359203592135922359233592435925359263592735928359293593035931359323593335934359353593635937359383593935940359413594235943359443594535946359473594835949359503595135952359533595435955359563595735958359593596035961359623596335964359653596635967359683596935970359713597235973359743597535976359773597835979359803598135982359833598435985359863598735988359893599035991359923599335994359953599635997359983599936000360013600236003360043600536006360073600836009360103601136012360133601436015360163601736018360193602036021360223602336024360253602636027360283602936030360313603236033360343603536036360373603836039360403604136042360433604436045360463604736048360493605036051360523605336054360553605636057360583605936060360613606236063360643606536066360673606836069360703607136072360733607436075360763607736078360793608036081360823608336084360853608636087360883608936090360913609236093360943609536096360973609836099361003610136102361033610436105361063610736108361093611036111361123611336114361153611636117361183611936120361213612236123361243612536126361273612836129361303613136132361333613436135361363613736138361393614036141361423614336144361453614636147361483614936150361513615236153361543615536156361573615836159361603616136162361633616436165361663616736168361693617036171361723617336174361753617636177361783617936180361813618236183361843618536186361873618836189361903619136192361933619436195361963619736198361993620036201362023620336204362053620636207362083620936210362113621236213362143621536216362173621836219362203622136222362233622436225362263622736228362293623036231362323623336234362353623636237362383623936240362413624236243362443624536246362473624836249362503625136252362533625436255362563625736258362593626036261362623626336264362653626636267362683626936270362713627236273362743627536276362773627836279362803628136282362833628436285362863628736288362893629036291362923629336294362953629636297362983629936300363013630236303363043630536306363073630836309363103631136312363133631436315363163631736318363193632036321363223632336324363253632636327363283632936330363313633236333363343633536336363373633836339363403634136342363433634436345363463634736348363493635036351363523635336354363553635636357363583635936360363613636236363363643636536366363673636836369363703637136372363733637436375363763637736378363793638036381363823638336384363853638636387363883638936390363913639236393363943639536396363973639836399364003640136402364033640436405364063640736408364093641036411364123641336414364153641636417364183641936420364213642236423364243642536426364273642836429364303643136432364333643436435364363643736438364393644036441364423644336444364453644636447364483644936450364513645236453364543645536456364573645836459364603646136462364633646436465364663646736468364693647036471364723647336474364753647636477364783647936480364813648236483364843648536486364873648836489364903649136492364933649436495364963649736498364993650036501365023650336504365053650636507365083650936510365113651236513365143651536516365173651836519365203652136522365233652436525365263652736528365293653036531365323653336534365353653636537365383653936540365413654236543365443654536546365473654836549365503655136552365533655436555365563655736558365593656036561365623656336564365653656636567365683656936570365713657236573365743657536576365773657836579365803658136582365833658436585365863658736588365893659036591365923659336594365953659636597365983659936600366013660236603366043660536606366073660836609366103661136612366133661436615366163661736618366193662036621366223662336624366253662636627366283662936630366313663236633366343663536636366373663836639366403664136642366433664436645366463664736648366493665036651366523665336654366553665636657366583665936660366613666236663366643666536666366673666836669366703667136672366733667436675366763667736678366793668036681366823668336684366853668636687366883668936690366913669236693366943669536696366973669836699367003670136702367033670436705367063670736708367093671036711367123671336714367153671636717367183671936720367213672236723367243672536726367273672836729367303673136732367333673436735367363673736738367393674036741367423674336744367453674636747367483674936750367513675236753367543675536756367573675836759367603676136762367633676436765367663676736768367693677036771367723677336774367753677636777367783677936780367813678236783367843678536786367873678836789367903679136792367933679436795367963679736798367993680036801368023680336804368053680636807368083680936810368113681236813368143681536816368173681836819368203682136822368233682436825368263682736828368293683036831368323683336834368353683636837368383683936840368413684236843368443684536846368473684836849368503685136852368533685436855368563685736858368593686036861368623686336864368653686636867368683686936870368713687236873368743687536876368773687836879368803688136882368833688436885368863688736888368893689036891368923689336894368953689636897368983689936900369013690236903369043690536906369073690836909369103691136912369133691436915369163691736918369193692036921369223692336924369253692636927369283692936930369313693236933369343693536936369373693836939369403694136942369433694436945369463694736948369493695036951369523695336954369553695636957369583695936960369613696236963369643696536966369673696836969369703697136972369733697436975369763697736978369793698036981369823698336984369853698636987369883698936990369913699236993369943699536996369973699836999370003700137002370033700437005370063700737008370093701037011370123701337014370153701637017370183701937020370213702237023370243702537026370273702837029370303703137032370333703437035370363703737038370393704037041370423704337044370453704637047370483704937050370513705237053370543705537056370573705837059370603706137062370633706437065370663706737068370693707037071370723707337074370753707637077370783707937080370813708237083370843708537086370873708837089370903709137092370933709437095370963709737098370993710037101371023710337104371053710637107371083710937110371113711237113371143711537116371173711837119371203712137122371233712437125371263712737128371293713037131371323713337134371353713637137371383713937140371413714237143371443714537146371473714837149371503715137152371533715437155371563715737158371593716037161371623716337164371653716637167371683716937170371713717237173371743717537176371773717837179371803718137182371833718437185371863718737188371893719037191371923719337194371953719637197371983719937200372013720237203372043720537206372073720837209372103721137212372133721437215372163721737218372193722037221372223722337224372253722637227372283722937230372313723237233372343723537236372373723837239372403724137242372433724437245372463724737248372493725037251372523725337254372553725637257372583725937260372613726237263372643726537266372673726837269372703727137272372733727437275372763727737278372793728037281372823728337284372853728637287372883728937290372913729237293372943729537296372973729837299373003730137302373033730437305373063730737308373093731037311373123731337314373153731637317373183731937320373213732237323373243732537326373273732837329373303733137332373333733437335373363733737338373393734037341373423734337344373453734637347373483734937350373513735237353373543735537356373573735837359373603736137362373633736437365373663736737368373693737037371373723737337374373753737637377373783737937380373813738237383373843738537386373873738837389373903739137392373933739437395373963739737398373993740037401374023740337404374053740637407374083740937410374113741237413374143741537416374173741837419374203742137422374233742437425374263742737428374293743037431374323743337434374353743637437374383743937440374413744237443374443744537446374473744837449374503745137452374533745437455374563745737458374593746037461374623746337464374653746637467374683746937470374713747237473374743747537476374773747837479374803748137482374833748437485374863748737488374893749037491374923749337494374953749637497374983749937500375013750237503375043750537506375073750837509375103751137512375133751437515375163751737518375193752037521375223752337524375253752637527375283752937530375313753237533375343753537536375373753837539375403754137542375433754437545375463754737548375493755037551375523755337554375553755637557375583755937560375613756237563375643756537566375673756837569375703757137572375733757437575375763757737578375793758037581375823758337584375853758637587375883758937590375913759237593375943759537596375973759837599376003760137602376033760437605376063760737608376093761037611376123761337614376153761637617376183761937620376213762237623376243762537626376273762837629376303763137632376333763437635376363763737638376393764037641376423764337644376453764637647376483764937650376513765237653376543765537656376573765837659376603766137662376633766437665376663766737668376693767037671376723767337674376753767637677376783767937680376813768237683376843768537686376873768837689376903769137692376933769437695376963769737698376993770037701377023770337704377053770637707377083770937710377113771237713377143771537716377173771837719377203772137722377233772437725377263772737728377293773037731377323773337734377353773637737377383773937740377413774237743377443774537746377473774837749377503775137752377533775437755377563775737758377593776037761377623776337764377653776637767377683776937770377713777237773377743777537776377773777837779377803778137782377833778437785377863778737788377893779037791377923779337794377953779637797377983779937800378013780237803378043780537806378073780837809378103781137812378133781437815378163781737818378193782037821378223782337824378253782637827378283782937830378313783237833378343783537836378373783837839378403784137842378433784437845378463784737848378493785037851378523785337854378553785637857378583785937860378613786237863378643786537866378673786837869378703787137872378733787437875378763787737878378793788037881378823788337884378853788637887378883788937890378913789237893378943789537896378973789837899379003790137902379033790437905379063790737908379093791037911379123791337914379153791637917379183791937920379213792237923379243792537926379273792837929379303793137932379333793437935379363793737938379393794037941379423794337944379453794637947379483794937950379513795237953379543795537956379573795837959379603796137962379633796437965379663796737968379693797037971379723797337974379753797637977379783797937980379813798237983379843798537986379873798837989379903799137992379933799437995379963799737998379993800038001380023800338004380053800638007380083800938010380113801238013380143801538016380173801838019380203802138022380233802438025380263802738028380293803038031380323803338034380353803638037380383803938040380413804238043380443804538046380473804838049380503805138052380533805438055380563805738058380593806038061380623806338064380653806638067380683806938070380713807238073380743807538076380773807838079380803808138082380833808438085380863808738088380893809038091380923809338094380953809638097380983809938100381013810238103381043810538106381073810838109381103811138112381133811438115381163811738118381193812038121381223812338124381253812638127381283812938130381313813238133381343813538136381373813838139381403814138142381433814438145381463814738148381493815038151381523815338154381553815638157381583815938160381613816238163381643816538166381673816838169381703817138172381733817438175381763817738178381793818038181381823818338184381853818638187381883818938190381913819238193381943819538196381973819838199382003820138202382033820438205382063820738208382093821038211382123821338214382153821638217382183821938220382213822238223382243822538226382273822838229382303823138232382333823438235382363823738238382393824038241382423824338244382453824638247382483824938250382513825238253382543825538256382573825838259382603826138262382633826438265382663826738268382693827038271382723827338274382753827638277382783827938280382813828238283382843828538286382873828838289382903829138292382933829438295382963829738298382993830038301383023830338304383053830638307383083830938310383113831238313383143831538316383173831838319383203832138322383233832438325383263832738328383293833038331383323833338334383353833638337383383833938340383413834238343383443834538346383473834838349383503835138352383533835438355383563835738358383593836038361383623836338364383653836638367383683836938370383713837238373383743837538376383773837838379383803838138382383833838438385383863838738388383893839038391383923839338394383953839638397383983839938400384013840238403384043840538406384073840838409384103841138412384133841438415384163841738418384193842038421384223842338424384253842638427384283842938430384313843238433384343843538436384373843838439384403844138442384433844438445384463844738448384493845038451384523845338454384553845638457384583845938460384613846238463384643846538466384673846838469384703847138472384733847438475384763847738478384793848038481384823848338484384853848638487384883848938490384913849238493384943849538496384973849838499385003850138502385033850438505385063850738508385093851038511385123851338514385153851638517385183851938520385213852238523385243852538526385273852838529385303853138532385333853438535385363853738538385393854038541385423854338544385453854638547385483854938550385513855238553385543855538556385573855838559385603856138562385633856438565385663856738568385693857038571385723857338574385753857638577385783857938580385813858238583385843858538586385873858838589385903859138592385933859438595385963859738598385993860038601386023860338604386053860638607386083860938610386113861238613386143861538616386173861838619386203862138622386233862438625386263862738628386293863038631386323863338634386353863638637386383863938640386413864238643386443864538646386473864838649386503865138652386533865438655386563865738658386593866038661386623866338664386653866638667386683866938670386713867238673386743867538676386773867838679386803868138682386833868438685386863868738688386893869038691386923869338694386953869638697386983869938700387013870238703387043870538706387073870838709387103871138712387133871438715387163871738718387193872038721387223872338724387253872638727387283872938730387313873238733387343873538736387373873838739387403874138742387433874438745387463874738748387493875038751387523875338754387553875638757387583875938760387613876238763387643876538766387673876838769387703877138772387733877438775387763877738778387793878038781387823878338784387853878638787387883878938790387913879238793387943879538796387973879838799388003880138802388033880438805388063880738808388093881038811388123881338814388153881638817388183881938820388213882238823388243882538826388273882838829388303883138832388333883438835388363883738838388393884038841388423884338844388453884638847388483884938850388513885238853388543885538856388573885838859388603886138862388633886438865388663886738868388693887038871388723887338874388753887638877388783887938880388813888238883388843888538886388873888838889388903889138892388933889438895388963889738898388993890038901389023890338904389053890638907389083890938910389113891238913389143891538916389173891838919389203892138922389233892438925389263892738928389293893038931389323893338934389353893638937389383893938940389413894238943389443894538946389473894838949389503895138952389533895438955389563895738958389593896038961389623896338964389653896638967389683896938970389713897238973389743897538976389773897838979389803898138982389833898438985389863898738988389893899038991389923899338994389953899638997389983899939000390013900239003390043900539006390073900839009390103901139012390133901439015390163901739018390193902039021390223902339024390253902639027390283902939030390313903239033390343903539036390373903839039390403904139042390433904439045390463904739048390493905039051390523905339054390553905639057390583905939060390613906239063390643906539066390673906839069390703907139072390733907439075390763907739078390793908039081390823908339084390853908639087390883908939090390913909239093390943909539096390973909839099391003910139102391033910439105391063910739108391093911039111391123911339114391153911639117391183911939120391213912239123391243912539126391273912839129391303913139132391333913439135391363913739138391393914039141391423914339144391453914639147391483914939150391513915239153391543915539156391573915839159391603916139162391633916439165391663916739168391693917039171391723917339174391753917639177391783917939180391813918239183391843918539186391873918839189391903919139192391933919439195391963919739198391993920039201392023920339204392053920639207392083920939210392113921239213392143921539216392173921839219392203922139222392233922439225392263922739228392293923039231392323923339234392353923639237392383923939240392413924239243392443924539246392473924839249392503925139252392533925439255392563925739258392593926039261392623926339264392653926639267392683926939270392713927239273392743927539276392773927839279392803928139282392833928439285392863928739288392893929039291392923929339294392953929639297392983929939300393013930239303393043930539306393073930839309393103931139312393133931439315393163931739318393193932039321393223932339324393253932639327393283932939330393313933239333393343933539336393373933839339393403934139342393433934439345393463934739348393493935039351393523935339354393553935639357393583935939360393613936239363393643936539366393673936839369393703937139372393733937439375393763937739378393793938039381393823938339384393853938639387393883938939390393913939239393393943939539396393973939839399394003940139402394033940439405394063940739408394093941039411394123941339414394153941639417394183941939420394213942239423394243942539426394273942839429394303943139432394333943439435394363943739438394393944039441394423944339444394453944639447394483944939450394513945239453394543945539456394573945839459394603946139462394633946439465394663946739468394693947039471394723947339474394753947639477394783947939480394813948239483394843948539486394873948839489394903949139492394933949439495394963949739498394993950039501395023950339504395053950639507395083950939510395113951239513395143951539516395173951839519395203952139522395233952439525395263952739528395293953039531395323953339534395353953639537395383953939540395413954239543395443954539546395473954839549395503955139552395533955439555395563955739558395593956039561395623956339564395653956639567395683956939570395713957239573395743957539576395773957839579395803958139582395833958439585395863958739588395893959039591395923959339594395953959639597395983959939600396013960239603396043960539606396073960839609396103961139612396133961439615396163961739618396193962039621396223962339624396253962639627396283962939630396313963239633396343963539636396373963839639396403964139642396433964439645396463964739648396493965039651396523965339654396553965639657396583965939660396613966239663396643966539666396673966839669396703967139672396733967439675396763967739678396793968039681396823968339684396853968639687396883968939690396913969239693396943969539696396973969839699397003970139702397033970439705397063970739708397093971039711397123971339714397153971639717397183971939720397213972239723397243972539726397273972839729397303973139732397333973439735397363973739738397393974039741397423974339744397453974639747397483974939750397513975239753397543975539756397573975839759397603976139762397633976439765397663976739768397693977039771397723977339774397753977639777397783977939780397813978239783397843978539786397873978839789397903979139792397933979439795397963979739798397993980039801398023980339804398053980639807398083980939810398113981239813398143981539816398173981839819398203982139822398233982439825398263982739828398293983039831398323983339834398353983639837398383983939840398413984239843398443984539846398473984839849398503985139852398533985439855398563985739858398593986039861398623986339864398653986639867398683986939870398713987239873398743987539876398773987839879398803988139882398833988439885398863988739888398893989039891398923989339894398953989639897398983989939900399013990239903399043990539906399073990839909399103991139912399133991439915399163991739918399193992039921399223992339924399253992639927399283992939930399313993239933399343993539936399373993839939399403994139942399433994439945399463994739948399493995039951399523995339954399553995639957399583995939960399613996239963399643996539966399673996839969399703997139972399733997439975399763997739978399793998039981399823998339984399853998639987399883998939990399913999239993399943999539996399973999839999400004000140002400034000440005400064000740008400094001040011400124001340014400154001640017400184001940020400214002240023400244002540026400274002840029400304003140032400334003440035400364003740038400394004040041400424004340044400454004640047400484004940050400514005240053400544005540056400574005840059400604006140062400634006440065400664006740068400694007040071400724007340074400754007640077400784007940080400814008240083400844008540086400874008840089400904009140092400934009440095400964009740098400994010040101401024010340104401054010640107401084010940110401114011240113401144011540116401174011840119401204012140122401234012440125401264012740128401294013040131401324013340134401354013640137401384013940140401414014240143401444014540146401474014840149401504015140152401534015440155401564015740158401594016040161401624016340164401654016640167401684016940170401714017240173401744017540176401774017840179401804018140182401834018440185401864018740188401894019040191401924019340194401954019640197401984019940200402014020240203402044020540206402074020840209402104021140212402134021440215402164021740218402194022040221402224022340224402254022640227402284022940230402314023240233402344023540236402374023840239402404024140242402434024440245402464024740248402494025040251402524025340254402554025640257402584025940260402614026240263402644026540266402674026840269402704027140272402734027440275402764027740278402794028040281402824028340284402854028640287402884028940290402914029240293402944029540296402974029840299403004030140302403034030440305403064030740308403094031040311403124031340314403154031640317403184031940320403214032240323403244032540326403274032840329403304033140332403334033440335403364033740338403394034040341403424034340344403454034640347403484034940350403514035240353403544035540356403574035840359403604036140362403634036440365403664036740368403694037040371403724037340374403754037640377403784037940380403814038240383403844038540386403874038840389403904039140392403934039440395403964039740398403994040040401404024040340404404054040640407404084040940410404114041240413404144041540416404174041840419404204042140422404234042440425404264042740428404294043040431404324043340434404354043640437404384043940440404414044240443404444044540446404474044840449404504045140452404534045440455404564045740458404594046040461404624046340464404654046640467404684046940470404714047240473404744047540476404774047840479404804048140482404834048440485404864048740488404894049040491404924049340494404954049640497404984049940500405014050240503405044050540506405074050840509405104051140512405134051440515405164051740518405194052040521405224052340524405254052640527405284052940530405314053240533405344053540536405374053840539405404054140542405434054440545405464054740548405494055040551405524055340554405554055640557405584055940560405614056240563405644056540566405674056840569405704057140572405734057440575405764057740578405794058040581405824058340584405854058640587405884058940590405914059240593405944059540596405974059840599406004060140602406034060440605406064060740608406094061040611406124061340614406154061640617406184061940620406214062240623406244062540626406274062840629406304063140632406334063440635406364063740638406394064040641406424064340644406454064640647406484064940650406514065240653406544065540656406574065840659406604066140662406634066440665406664066740668406694067040671406724067340674406754067640677406784067940680406814068240683406844068540686406874068840689406904069140692406934069440695406964069740698406994070040701407024070340704407054070640707407084070940710407114071240713407144071540716407174071840719407204072140722407234072440725407264072740728407294073040731407324073340734407354073640737407384073940740407414074240743407444074540746407474074840749407504075140752407534075440755407564075740758407594076040761407624076340764407654076640767407684076940770407714077240773407744077540776407774077840779407804078140782407834078440785407864078740788407894079040791407924079340794407954079640797407984079940800408014080240803408044080540806408074080840809408104081140812408134081440815408164081740818408194082040821408224082340824408254082640827408284082940830408314083240833408344083540836408374083840839408404084140842408434084440845408464084740848408494085040851408524085340854408554085640857408584085940860408614086240863408644086540866408674086840869408704087140872408734087440875408764087740878408794088040881408824088340884408854088640887408884088940890408914089240893408944089540896408974089840899409004090140902409034090440905409064090740908409094091040911409124091340914409154091640917409184091940920409214092240923409244092540926409274092840929409304093140932409334093440935409364093740938409394094040941409424094340944409454094640947409484094940950409514095240953409544095540956409574095840959409604096140962409634096440965409664096740968409694097040971409724097340974409754097640977409784097940980409814098240983409844098540986409874098840989409904099140992409934099440995409964099740998409994100041001410024100341004410054100641007410084100941010410114101241013410144101541016410174101841019410204102141022410234102441025410264102741028410294103041031410324103341034410354103641037410384103941040410414104241043410444104541046410474104841049410504105141052410534105441055410564105741058410594106041061410624106341064410654106641067410684106941070410714107241073410744107541076410774107841079410804108141082410834108441085410864108741088410894109041091410924109341094410954109641097410984109941100411014110241103411044110541106411074110841109411104111141112411134111441115411164111741118411194112041121411224112341124411254112641127411284112941130411314113241133411344113541136411374113841139411404114141142411434114441145411464114741148411494115041151411524115341154411554115641157411584115941160411614116241163411644116541166411674116841169411704117141172411734117441175411764117741178411794118041181411824118341184411854118641187411884118941190411914119241193411944119541196411974119841199412004120141202412034120441205412064120741208412094121041211412124121341214412154121641217412184121941220412214122241223412244122541226412274122841229412304123141232412334123441235412364123741238412394124041241412424124341244412454124641247412484124941250412514125241253412544125541256412574125841259412604126141262412634126441265412664126741268412694127041271412724127341274412754127641277412784127941280412814128241283412844128541286412874128841289412904129141292412934129441295412964129741298412994130041301413024130341304413054130641307413084130941310413114131241313413144131541316413174131841319413204132141322413234132441325413264132741328413294133041331413324133341334413354133641337413384133941340413414134241343413444134541346413474134841349413504135141352413534135441355413564135741358413594136041361413624136341364413654136641367413684136941370413714137241373413744137541376413774137841379413804138141382413834138441385413864138741388413894139041391413924139341394413954139641397413984139941400414014140241403414044140541406414074140841409414104141141412414134141441415414164141741418414194142041421414224142341424414254142641427414284142941430414314143241433414344143541436414374143841439414404144141442414434144441445414464144741448414494145041451414524145341454414554145641457414584145941460414614146241463414644146541466414674146841469414704147141472414734147441475414764147741478414794148041481414824148341484414854148641487414884148941490414914149241493414944149541496414974149841499415004150141502415034150441505415064150741508415094151041511415124151341514415154151641517415184151941520415214152241523415244152541526415274152841529415304153141532415334153441535415364153741538415394154041541415424154341544415454154641547415484154941550415514155241553415544155541556415574155841559415604156141562415634156441565415664156741568415694157041571415724157341574415754157641577415784157941580415814158241583415844158541586415874158841589415904159141592415934159441595415964159741598415994160041601416024160341604416054160641607416084160941610416114161241613416144161541616416174161841619416204162141622416234162441625416264162741628416294163041631416324163341634416354163641637416384163941640416414164241643416444164541646416474164841649416504165141652416534165441655416564165741658416594166041661416624166341664416654166641667416684166941670416714167241673416744167541676416774167841679416804168141682416834168441685416864168741688416894169041691416924169341694416954169641697416984169941700417014170241703417044170541706417074170841709417104171141712417134171441715417164171741718417194172041721417224172341724417254172641727417284172941730417314173241733417344173541736417374173841739417404174141742417434174441745417464174741748417494175041751417524175341754417554175641757417584175941760417614176241763417644176541766417674176841769417704177141772417734177441775417764177741778417794178041781417824178341784417854178641787417884178941790417914179241793417944179541796417974179841799418004180141802418034180441805418064180741808418094181041811418124181341814418154181641817418184181941820418214182241823418244182541826418274182841829418304183141832418334183441835418364183741838418394184041841418424184341844418454184641847418484184941850418514185241853418544185541856418574185841859418604186141862418634186441865418664186741868418694187041871418724187341874418754187641877418784187941880418814188241883418844188541886418874188841889418904189141892418934189441895418964189741898418994190041901419024190341904419054190641907419084190941910419114191241913419144191541916419174191841919419204192141922419234192441925419264192741928419294193041931419324193341934419354193641937419384193941940419414194241943419444194541946419474194841949419504195141952419534195441955419564195741958419594196041961419624196341964419654196641967419684196941970419714197241973419744197541976419774197841979419804198141982419834198441985419864198741988419894199041991419924199341994419954199641997419984199942000420014200242003420044200542006420074200842009420104201142012420134201442015420164201742018420194202042021420224202342024420254202642027420284202942030420314203242033420344203542036420374203842039420404204142042420434204442045420464204742048420494205042051420524205342054420554205642057420584205942060420614206242063420644206542066420674206842069420704207142072420734207442075420764207742078420794208042081420824208342084420854208642087420884208942090420914209242093420944209542096420974209842099421004210142102421034210442105421064210742108421094211042111421124211342114421154211642117421184211942120421214212242123421244212542126421274212842129421304213142132421334213442135421364213742138421394214042141421424214342144421454214642147421484214942150421514215242153421544215542156421574215842159421604216142162421634216442165421664216742168421694217042171421724217342174421754217642177421784217942180421814218242183421844218542186421874218842189421904219142192421934219442195421964219742198421994220042201422024220342204422054220642207422084220942210422114221242213422144221542216422174221842219422204222142222422234222442225422264222742228422294223042231422324223342234422354223642237422384223942240422414224242243422444224542246422474224842249422504225142252422534225442255422564225742258422594226042261422624226342264422654226642267422684226942270422714227242273422744227542276422774227842279422804228142282422834228442285422864228742288422894229042291422924229342294422954229642297422984229942300423014230242303423044230542306423074230842309423104231142312423134231442315423164231742318423194232042321423224232342324423254232642327423284232942330423314233242333423344233542336423374233842339423404234142342423434234442345423464234742348423494235042351423524235342354423554235642357423584235942360423614236242363423644236542366423674236842369423704237142372423734237442375423764237742378423794238042381423824238342384423854238642387423884238942390423914239242393423944239542396423974239842399424004240142402424034240442405424064240742408424094241042411424124241342414424154241642417424184241942420424214242242423424244242542426424274242842429424304243142432424334243442435424364243742438424394244042441424424244342444424454244642447424484244942450424514245242453424544245542456424574245842459424604246142462424634246442465424664246742468424694247042471424724247342474424754247642477424784247942480424814248242483424844248542486424874248842489424904249142492424934249442495424964249742498424994250042501425024250342504425054250642507425084250942510425114251242513425144251542516425174251842519425204252142522425234252442525425264252742528425294253042531425324253342534425354253642537425384253942540425414254242543425444254542546425474254842549425504255142552425534255442555425564255742558425594256042561425624256342564425654256642567425684256942570425714257242573425744257542576425774257842579425804258142582425834258442585425864258742588425894259042591425924259342594425954259642597425984259942600426014260242603426044260542606426074260842609426104261142612426134261442615426164261742618426194262042621426224262342624426254262642627426284262942630426314263242633426344263542636426374263842639426404264142642426434264442645426464264742648426494265042651426524265342654426554265642657426584265942660426614266242663426644266542666426674266842669426704267142672426734267442675426764267742678426794268042681426824268342684426854268642687426884268942690426914269242693426944269542696426974269842699427004270142702427034270442705427064270742708427094271042711427124271342714427154271642717427184271942720427214272242723427244272542726427274272842729427304273142732427334273442735427364273742738427394274042741427424274342744427454274642747427484274942750427514275242753427544275542756427574275842759427604276142762427634276442765427664276742768427694277042771427724277342774427754277642777427784277942780427814278242783427844278542786427874278842789427904279142792427934279442795427964279742798427994280042801428024280342804428054280642807428084280942810428114281242813428144281542816428174281842819428204282142822428234282442825428264282742828428294283042831428324283342834428354283642837428384283942840428414284242843428444284542846428474284842849428504285142852428534285442855428564285742858428594286042861428624286342864428654286642867428684286942870428714287242873428744287542876428774287842879428804288142882428834288442885428864288742888428894289042891428924289342894428954289642897428984289942900429014290242903429044290542906429074290842909429104291142912429134291442915429164291742918429194292042921429224292342924429254292642927429284292942930429314293242933429344293542936429374293842939429404294142942429434294442945429464294742948429494295042951429524295342954429554295642957429584295942960429614296242963429644296542966429674296842969429704297142972429734297442975429764297742978429794298042981429824298342984
  1. /* api.c API unit tests
  2. *
  3. * Copyright (C) 2006-2021 wolfSSL Inc.
  4. *
  5. * This file is part of wolfSSL.
  6. *
  7. * wolfSSL is free software; you can redistribute it and/or modify
  8. * it under the terms of the GNU General Public License as published by
  9. * the Free Software Foundation; either version 2 of the License, or
  10. * (at your option) any later version.
  11. *
  12. * wolfSSL is distributed in the hope that it will be useful,
  13. * but WITHOUT ANY WARRANTY; without even the implied warranty of
  14. * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
  15. * GNU General Public License for more details.
  16. *
  17. * You should have received a copy of the GNU General Public License
  18. * along with this program; if not, write to the Free Software
  19. * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
  20. */
  21. /* For AES-CBC, input lengths can optionally be validated to be a
  22. * multiple of the block size, by defining WOLFSSL_AES_CBC_LENGTH_CHECKS,
  23. * also available via the configure option --enable-aescbc-length-checks.
  24. */
  25. /*----------------------------------------------------------------------------*
  26. | Includes
  27. *----------------------------------------------------------------------------*/
  28. #ifdef HAVE_CONFIG_H
  29. #include <config.h>
  30. #endif
  31. #include <wolfssl/wolfcrypt/settings.h>
  32. #ifndef FOURK_BUF
  33. #define FOURK_BUF 4096
  34. #endif
  35. #ifndef TWOK_BUF
  36. #define TWOK_BUF 2048
  37. #endif
  38. #ifndef ONEK_BUF
  39. #define ONEK_BUF 1024
  40. #endif
  41. #if defined(WOLFSSL_STATIC_MEMORY)
  42. #include <wolfssl/wolfcrypt/memory.h>
  43. #endif /* WOLFSSL_STATIC_MEMORY */
  44. #ifndef HEAP_HINT
  45. #define HEAP_HINT NULL
  46. #endif /* WOLFSSL_STAIC_MEMORY */
  47. #ifdef WOLFSSL_ASNC_CRYPT
  48. #include <wolfssl/wolfcrypt/async.h>
  49. #endif
  50. #ifdef HAVE_ECC
  51. #include <wolfssl/wolfcrypt/ecc.h> /* wc_ecc_fp_free */
  52. #ifndef ECC_ASN963_MAX_BUF_SZ
  53. #define ECC_ASN963_MAX_BUF_SZ 133
  54. #endif
  55. #ifndef ECC_PRIV_KEY_BUF
  56. #define ECC_PRIV_KEY_BUF 66 /* For non user defined curves. */
  57. #endif
  58. /* ecc key sizes: 14, 16, 20, 24, 28, 30, 32, 40, 48, 64 */
  59. /* logic to choose right key ECC size */
  60. #if (defined(HAVE_ECC112) || defined(HAVE_ALL_CURVES)) && ECC_MIN_KEY_SZ <= 112
  61. #define KEY14 14
  62. #else
  63. #define KEY14 32
  64. #endif
  65. #if (defined(HAVE_ECC128) || defined(HAVE_ALL_CURVES)) && ECC_MIN_KEY_SZ <= 128
  66. #define KEY16 16
  67. #else
  68. #define KEY16 32
  69. #endif
  70. #if (defined(HAVE_ECC160) || defined(HAVE_ALL_CURVES)) && ECC_MIN_KEY_SZ <= 160
  71. #define KEY20 20
  72. #else
  73. #define KEY20 32
  74. #endif
  75. #if (defined(HAVE_ECC192) || defined(HAVE_ALL_CURVES)) && ECC_MIN_KEY_SZ <= 192
  76. #define KEY24 24
  77. #else
  78. #define KEY24 32
  79. #endif
  80. #if defined(HAVE_ECC224) || defined(HAVE_ALL_CURVES)
  81. #define KEY28 28
  82. #else
  83. #define KEY28 32
  84. #endif
  85. #if defined(HAVE_ECC239) || defined(HAVE_ALL_CURVES)
  86. #define KEY30 30
  87. #else
  88. #define KEY30 32
  89. #endif
  90. #define KEY32 32
  91. #if defined(HAVE_ECC320) || defined(HAVE_ALL_CURVES)
  92. #define KEY40 40
  93. #else
  94. #define KEY40 32
  95. #endif
  96. #if defined(HAVE_ECC384) || defined(HAVE_ALL_CURVES)
  97. #define KEY48 48
  98. #else
  99. #define KEY48 32
  100. #endif
  101. #if defined(HAVE_ECC512) || defined(HAVE_ALL_CURVES)
  102. #define KEY64 64
  103. #else
  104. #define KEY64 32
  105. #endif
  106. #if !defined(HAVE_COMP_KEY)
  107. #if !defined(NOCOMP)
  108. #define NOCOMP 0
  109. #endif
  110. #else
  111. #if !defined(COMP)
  112. #define COMP 1
  113. #endif
  114. #endif
  115. #if !defined(DER_SZ)
  116. #define DER_SZ(ks) (ks * 2 + 1)
  117. #endif
  118. #endif
  119. #ifndef NO_ASN
  120. #include <wolfssl/wolfcrypt/asn_public.h>
  121. #endif
  122. #include <wolfssl/error-ssl.h>
  123. #include <stdlib.h>
  124. #include <wolfssl/ssl.h> /* compatibility layer */
  125. #include <wolfssl/test.h>
  126. #include <tests/unit.h>
  127. #include "examples/server/server.h"
  128. /* for testing compatibility layer callbacks */
  129. #ifndef NO_MD5
  130. #include <wolfssl/wolfcrypt/md5.h>
  131. #endif
  132. #ifndef NO_SHA
  133. #include <wolfssl/wolfcrypt/sha.h>
  134. #endif
  135. #ifndef NO_SHA256
  136. #include <wolfssl/wolfcrypt/sha256.h>
  137. #endif
  138. #ifdef WOLFSSL_SHA512
  139. #include <wolfssl/wolfcrypt/sha512.h>
  140. #endif
  141. #ifdef WOLFSSL_SHA384
  142. #include <wolfssl/wolfcrypt/sha512.h>
  143. #endif
  144. #ifdef WOLFSSL_SHA3
  145. #include <wolfssl/wolfcrypt/sha3.h>
  146. #ifndef HEAP_HINT
  147. #define HEAP_HINT NULL
  148. #endif
  149. #endif
  150. #ifndef NO_AES
  151. #include <wolfssl/wolfcrypt/aes.h>
  152. #ifdef HAVE_AES_DECRYPT
  153. #include <wolfssl/wolfcrypt/wc_encrypt.h>
  154. #endif
  155. #endif
  156. #ifdef WOLFSSL_RIPEMD
  157. #include <wolfssl/wolfcrypt/ripemd.h>
  158. #endif
  159. #ifdef HAVE_IDEA
  160. #include <wolfssl/wolfcrypt/idea.h>
  161. #endif
  162. #ifndef NO_DES3
  163. #include <wolfssl/wolfcrypt/des3.h>
  164. #include <wolfssl/wolfcrypt/wc_encrypt.h>
  165. #endif
  166. #ifdef WC_RC2
  167. #include <wolfssl/wolfcrypt/rc2.h>
  168. #endif
  169. #ifndef NO_HMAC
  170. #include <wolfssl/wolfcrypt/hmac.h>
  171. #endif
  172. #ifdef HAVE_CHACHA
  173. #include <wolfssl/wolfcrypt/chacha.h>
  174. #endif
  175. #ifdef HAVE_POLY1305
  176. #include <wolfssl/wolfcrypt/poly1305.h>
  177. #endif
  178. #if defined(HAVE_CHACHA) && defined(HAVE_POLY1305)
  179. #include <wolfssl/wolfcrypt/chacha20_poly1305.h>
  180. #endif
  181. #ifdef HAVE_CAMELLIA
  182. #include <wolfssl/wolfcrypt/camellia.h>
  183. #endif
  184. #ifndef NO_RABBIT
  185. #include <wolfssl/wolfcrypt/rabbit.h>
  186. #endif
  187. #ifndef NO_RC4
  188. #include <wolfssl/wolfcrypt/arc4.h>
  189. #endif
  190. #ifdef HAVE_BLAKE2
  191. #include <wolfssl/wolfcrypt/blake2.h>
  192. #endif
  193. #include <wolfssl/wolfcrypt/hash.h>
  194. #ifndef NO_RSA
  195. #include <wolfssl/wolfcrypt/rsa.h>
  196. #define FOURK_BUF 4096
  197. #define GEN_BUF 294
  198. #ifndef USER_CRYPTO_ERROR
  199. #define USER_CRYPTO_ERROR -101 /* error returned by IPP lib. */
  200. #endif
  201. #endif
  202. #ifndef NO_SIG_WRAPPER
  203. #include <wolfssl/wolfcrypt/signature.h>
  204. #endif
  205. #ifdef HAVE_AESCCM
  206. #include <wolfssl/wolfcrypt/aes.h>
  207. #endif
  208. #ifdef HAVE_HC128
  209. #include <wolfssl/wolfcrypt/hc128.h>
  210. #endif
  211. #ifdef HAVE_PKCS7
  212. #include <wolfssl/wolfcrypt/pkcs7.h>
  213. #include <wolfssl/wolfcrypt/asn.h>
  214. #ifdef HAVE_LIBZ
  215. #include <wolfssl/wolfcrypt/compress.h>
  216. #endif
  217. #endif
  218. #ifdef WOLFSSL_SMALL_CERT_VERIFY
  219. #include <wolfssl/wolfcrypt/asn.h>
  220. #endif
  221. #ifndef NO_DSA
  222. #include <wolfssl/wolfcrypt/dsa.h>
  223. #ifndef ONEK_BUF
  224. #define ONEK_BUF 1024
  225. #endif
  226. #ifndef TWOK_BUF
  227. #define TWOK_BUF 2048
  228. #endif
  229. #ifndef FOURK_BUF
  230. #define FOURK_BUF 4096
  231. #endif
  232. #ifndef DSA_SIG_SIZE
  233. #define DSA_SIG_SIZE 40
  234. #endif
  235. #ifndef MAX_DSA_PARAM_SIZE
  236. #define MAX_DSA_PARAM_SIZE 256
  237. #endif
  238. #endif
  239. #ifdef WOLFSSL_CMAC
  240. #include <wolfssl/wolfcrypt/cmac.h>
  241. #endif
  242. #ifdef HAVE_ED25519
  243. #include <wolfssl/wolfcrypt/ed25519.h>
  244. #endif
  245. #ifdef HAVE_CURVE25519
  246. #include <wolfssl/wolfcrypt/curve25519.h>
  247. #endif
  248. #ifdef HAVE_ED448
  249. #include <wolfssl/wolfcrypt/ed448.h>
  250. #endif
  251. #ifdef HAVE_CURVE448
  252. #include <wolfssl/wolfcrypt/curve448.h>
  253. #endif
  254. #ifdef HAVE_PKCS12
  255. #include <wolfssl/wolfcrypt/pkcs12.h>
  256. #endif
  257. #if (defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL) || defined(OPENSSL_ALL))
  258. #include <wolfssl/openssl/ssl.h>
  259. #ifndef NO_ASN
  260. /* for ASN_COMMON_NAME DN_tags enum */
  261. #include <wolfssl/wolfcrypt/asn.h>
  262. #endif
  263. #ifdef HAVE_OCSP
  264. #include <wolfssl/openssl/ocsp.h>
  265. #endif
  266. #endif
  267. #ifdef OPENSSL_EXTRA
  268. #include <wolfssl/openssl/x509v3.h>
  269. #include <wolfssl/openssl/asn1.h>
  270. #include <wolfssl/openssl/crypto.h>
  271. #include <wolfssl/openssl/pkcs12.h>
  272. #include <wolfssl/openssl/evp.h>
  273. #include <wolfssl/openssl/dh.h>
  274. #include <wolfssl/openssl/bn.h>
  275. #include <wolfssl/openssl/buffer.h>
  276. #include <wolfssl/openssl/pem.h>
  277. #include <wolfssl/openssl/ec.h>
  278. #include <wolfssl/openssl/engine.h>
  279. #include <wolfssl/openssl/crypto.h>
  280. #include <wolfssl/openssl/hmac.h>
  281. #include <wolfssl/openssl/objects.h>
  282. #include <wolfssl/openssl/rand.h>
  283. #ifdef OPENSSL_ALL
  284. #include <wolfssl/openssl/txt_db.h>
  285. #include <wolfssl/openssl/lhash.h>
  286. #endif
  287. #ifndef NO_AES
  288. #include <wolfssl/openssl/aes.h>
  289. #endif
  290. #ifndef NO_DES3
  291. #include <wolfssl/openssl/des.h>
  292. #endif
  293. #ifdef HAVE_ECC
  294. #include <wolfssl/openssl/ecdsa.h>
  295. #endif
  296. #ifdef HAVE_PKCS7
  297. #include <wolfssl/openssl/pkcs7.h>
  298. #endif
  299. #ifdef HAVE_ED25519
  300. #include <wolfssl/openssl/ed25519.h>
  301. #endif
  302. #ifdef HAVE_ED448
  303. #include <wolfssl/openssl/ed448.h>
  304. #endif
  305. #endif /* OPENSSL_EXTRA */
  306. #if defined(OPENSSL_EXTRA) && defined(WOLFCRYPT_HAVE_SRP) \
  307. && !defined(NO_SHA256) && !defined(RC_NO_RNG)
  308. #include <wolfssl/wolfcrypt/srp.h>
  309. #endif
  310. #if defined(SESSION_CERTS) && defined(TEST_PEER_CERT_CHAIN)
  311. #include "wolfssl/internal.h" /* for testing SSL_get_peer_cert_chain */
  312. #endif
  313. /* force enable test buffers */
  314. #ifndef USE_CERT_BUFFERS_2048
  315. #define USE_CERT_BUFFERS_2048
  316. #endif
  317. #ifndef USE_CERT_BUFFERS_256
  318. #define USE_CERT_BUFFERS_256
  319. #endif
  320. #include <wolfssl/certs_test.h>
  321. typedef struct testVector {
  322. const char* input;
  323. const char* output;
  324. size_t inLen;
  325. size_t outLen;
  326. } testVector;
  327. #if defined(HAVE_PKCS7)
  328. typedef struct {
  329. const byte* content;
  330. word32 contentSz;
  331. int contentOID;
  332. int encryptOID;
  333. int keyWrapOID;
  334. int keyAgreeOID;
  335. byte* cert;
  336. size_t certSz;
  337. byte* privateKey;
  338. word32 privateKeySz;
  339. } pkcs7EnvelopedVector;
  340. #ifndef NO_PKCS7_ENCRYPTED_DATA
  341. typedef struct {
  342. const byte* content;
  343. word32 contentSz;
  344. int contentOID;
  345. int encryptOID;
  346. byte* encryptionKey;
  347. word32 encryptionKeySz;
  348. } pkcs7EncryptedVector;
  349. #endif
  350. #endif /* HAVE_PKCS7 */
  351. /*----------------------------------------------------------------------------*
  352. | Constants
  353. *----------------------------------------------------------------------------*/
  354. #define TEST_SUCCESS (1)
  355. #define TEST_FAIL (0)
  356. #define testingFmt " %s:"
  357. #define resultFmt " %s\n"
  358. static const char* passed = "passed";
  359. static const char* failed = "failed";
  360. #define TEST_STRING "Everyone gets Friday off."
  361. #define TEST_STRING_SZ 25
  362. #if !defined(WOLFSSL_SP_MATH) || defined(WOLFSSL_SP_MATH_ALL)
  363. #define TEST_RSA_BITS 1024
  364. #else
  365. #define TEST_RSA_BITS 2048
  366. #endif
  367. #define TEST_RSA_BYTES (TEST_RSA_BITS/8)
  368. #if !defined(NO_FILESYSTEM) && !defined(NO_CERTS) && \
  369. (!defined(NO_WOLFSSL_SERVER) || !defined(NO_WOLFSSL_CLIENT))
  370. static const char* bogusFile =
  371. #ifdef _WIN32
  372. "NUL"
  373. #else
  374. "/dev/null"
  375. #endif
  376. ;
  377. #endif /* !NO_FILESYSTEM && !NO_CERTS && (!NO_WOLFSSL_SERVER || !NO_WOLFSSL_CLIENT) */
  378. enum {
  379. TESTING_RSA = 1,
  380. TESTING_ECC = 2
  381. };
  382. #ifdef WOLFSSL_QNX_CAAM
  383. #include <wolfssl/wolfcrypt/port/caam/wolfcaam.h>
  384. static int devId = WOLFSSL_CAAM_DEVID;
  385. #else
  386. static int devId = INVALID_DEVID;
  387. #endif
  388. /*----------------------------------------------------------------------------*
  389. | Setup
  390. *----------------------------------------------------------------------------*/
  391. static int test_wolfSSL_Init(void)
  392. {
  393. int result;
  394. printf(testingFmt, "wolfSSL_Init()");
  395. result = wolfSSL_Init();
  396. printf(resultFmt, result == WOLFSSL_SUCCESS ? passed : failed);
  397. return result;
  398. }
  399. static int test_wolfSSL_Cleanup(void)
  400. {
  401. int result;
  402. printf(testingFmt, "wolfSSL_Cleanup()");
  403. result = wolfSSL_Cleanup();
  404. printf(resultFmt, result == WOLFSSL_SUCCESS ? passed : failed);
  405. return result;
  406. }
  407. /* Initialize the wolfCrypt state.
  408. * POST: 0 success.
  409. */
  410. static int test_wolfCrypt_Init(void)
  411. {
  412. int result;
  413. printf(testingFmt, "wolfCrypt_Init()");
  414. result = wolfCrypt_Init();
  415. printf(resultFmt, result == 0 ? passed : failed);
  416. return result;
  417. } /* END test_wolfCrypt_Init */
  418. /*----------------------------------------------------------------------------*
  419. | Platform dependent function test
  420. *----------------------------------------------------------------------------*/
  421. static int test_fileAccess(void)
  422. {
  423. #if defined(WOLFSSL_TEST_PLATFORMDEPEND) && !defined(NO_FILESYSTEM)
  424. const char *fname[] = {
  425. svrCertFile, svrKeyFile, caCertFile,
  426. eccCertFile, eccKeyFile, eccRsaCertFile,
  427. cliCertFile, cliCertDerFile, cliKeyFile,
  428. ntruCertFile, ntruKeyFile, dhParamFile,
  429. cliEccKeyFile, cliEccCertFile, caEccCertFile, edCertFile, edKeyFile,
  430. cliEdCertFile, cliEdKeyFile, caEdCertFile,
  431. NULL
  432. };
  433. const char derfile[] = "./certs/server-cert.der";
  434. XFILE f;
  435. size_t sz;
  436. byte *buff;
  437. int i;
  438. printf(testingFmt, "test_fileAccess()");
  439. AssertTrue(XFOPEN("badfilename", "rb") == XBADFILE);
  440. for(i=0; fname[i] != NULL ; i++){
  441. AssertTrue((f = XFOPEN(fname[i], "rb")) != XBADFILE);
  442. XFCLOSE(f);
  443. }
  444. AssertTrue((f = XFOPEN(derfile, "rb")) != XBADFILE);
  445. AssertTrue(XFSEEK(f, 0, XSEEK_END) == 0);
  446. sz = (size_t) XFTELL(f);
  447. XREWIND(f);
  448. AssertTrue(sz == sizeof_server_cert_der_2048);
  449. AssertTrue((buff = (byte*)XMALLOC(sz, NULL, DYNAMIC_TYPE_FILE)) != NULL) ;
  450. AssertTrue(XFREAD(buff, 1, sz, f) == sz);
  451. XMEMCMP(server_cert_der_2048, buff, sz);
  452. printf(resultFmt, passed);
  453. #endif
  454. return WOLFSSL_SUCCESS;
  455. }
  456. /*----------------------------------------------------------------------------*
  457. | Method Allocators
  458. *----------------------------------------------------------------------------*/
  459. static void test_wolfSSL_Method_Allocators(void)
  460. {
  461. #define TEST_METHOD_ALLOCATOR(allocator, condition) \
  462. do { \
  463. WOLFSSL_METHOD *method; \
  464. condition(method = allocator()); \
  465. XFREE(method, 0, DYNAMIC_TYPE_METHOD); \
  466. } while(0)
  467. #define TEST_VALID_METHOD_ALLOCATOR(a) \
  468. TEST_METHOD_ALLOCATOR(a, AssertNotNull)
  469. #define TEST_INVALID_METHOD_ALLOCATOR(a) \
  470. TEST_METHOD_ALLOCATOR(a, AssertNull)
  471. #ifndef NO_OLD_TLS
  472. #ifdef WOLFSSL_ALLOW_SSLV3
  473. #ifndef NO_WOLFSSL_SERVER
  474. TEST_VALID_METHOD_ALLOCATOR(wolfSSLv3_server_method);
  475. #endif
  476. #ifndef NO_WOLFSSL_CLIENT
  477. TEST_VALID_METHOD_ALLOCATOR(wolfSSLv3_client_method);
  478. #endif
  479. #endif
  480. #ifdef WOLFSSL_ALLOW_TLSV10
  481. #ifndef NO_WOLFSSL_SERVER
  482. TEST_VALID_METHOD_ALLOCATOR(wolfTLSv1_server_method);
  483. #endif
  484. #ifndef NO_WOLFSSL_CLIENT
  485. TEST_VALID_METHOD_ALLOCATOR(wolfTLSv1_client_method);
  486. #endif
  487. #endif
  488. #ifndef NO_WOLFSSL_SERVER
  489. TEST_VALID_METHOD_ALLOCATOR(wolfTLSv1_1_server_method);
  490. #endif
  491. #ifndef NO_WOLFSSL_CLIENT
  492. TEST_VALID_METHOD_ALLOCATOR(wolfTLSv1_1_client_method);
  493. #endif
  494. #endif /* !NO_OLD_TLS */
  495. #ifndef WOLFSSL_NO_TLS12
  496. #ifndef NO_WOLFSSL_SERVER
  497. TEST_VALID_METHOD_ALLOCATOR(wolfTLSv1_2_server_method);
  498. #endif
  499. #ifndef NO_WOLFSSL_CLIENT
  500. TEST_VALID_METHOD_ALLOCATOR(wolfTLSv1_2_client_method);
  501. #endif
  502. #endif /* !WOLFSSL_NO_TLS12 */
  503. #ifdef WOLFSSL_TLS13
  504. #ifndef NO_WOLFSSL_SERVER
  505. TEST_VALID_METHOD_ALLOCATOR(wolfTLSv1_3_server_method);
  506. #endif
  507. #ifndef NO_WOLFSSL_CLIENT
  508. TEST_VALID_METHOD_ALLOCATOR(wolfTLSv1_3_client_method);
  509. #endif
  510. #endif /* WOLFSSL_TLS13 */
  511. #ifndef NO_WOLFSSL_SERVER
  512. TEST_VALID_METHOD_ALLOCATOR(wolfSSLv23_server_method);
  513. #endif
  514. #ifndef NO_WOLFSSL_CLIENT
  515. TEST_VALID_METHOD_ALLOCATOR(wolfSSLv23_client_method);
  516. #endif
  517. #ifdef WOLFSSL_DTLS
  518. #ifndef NO_OLD_TLS
  519. #ifndef NO_WOLFSSL_SERVER
  520. TEST_VALID_METHOD_ALLOCATOR(wolfDTLSv1_server_method);
  521. #endif
  522. #ifndef NO_WOLFSSL_CLIENT
  523. TEST_VALID_METHOD_ALLOCATOR(wolfDTLSv1_client_method);
  524. #endif
  525. #endif
  526. #ifndef WOLFSSL_NO_TLS12
  527. #ifndef NO_WOLFSSL_SERVER
  528. TEST_VALID_METHOD_ALLOCATOR(wolfDTLSv1_2_server_method);
  529. #endif
  530. #ifndef NO_WOLFSSL_CLIENT
  531. TEST_VALID_METHOD_ALLOCATOR(wolfDTLSv1_2_client_method);
  532. #endif
  533. #endif
  534. #endif /* WOLFSSL_DTLS */
  535. #if !defined(NO_OLD_TLS) && defined(OPENSSL_EXTRA)
  536. /* Stubs */
  537. #ifndef NO_WOLFSSL_SERVER
  538. TEST_INVALID_METHOD_ALLOCATOR(wolfSSLv2_server_method);
  539. #endif
  540. #ifndef NO_WOLFSSL_CLIENT
  541. TEST_INVALID_METHOD_ALLOCATOR(wolfSSLv2_client_method);
  542. #endif
  543. #endif
  544. /* Test Either Method (client or server) */
  545. #if defined(OPENSSL_EXTRA) || defined(WOLFSSL_EITHER_SIDE)
  546. TEST_VALID_METHOD_ALLOCATOR(wolfSSLv23_method);
  547. #ifndef NO_OLD_TLS
  548. #ifdef WOLFSSL_ALLOW_TLSV10
  549. TEST_VALID_METHOD_ALLOCATOR(wolfTLSv1_method);
  550. #endif
  551. TEST_VALID_METHOD_ALLOCATOR(wolfTLSv1_1_method);
  552. #endif /* !NO_OLD_TLS */
  553. #ifndef WOLFSSL_NO_TLS12
  554. TEST_VALID_METHOD_ALLOCATOR(wolfTLSv1_2_method);
  555. #endif /* !WOLFSSL_NO_TLS12 */
  556. #ifdef WOLFSSL_TLS13
  557. TEST_VALID_METHOD_ALLOCATOR(wolfTLSv1_3_method);
  558. #endif /* WOLFSSL_TLS13 */
  559. #ifdef WOLFSSL_DTLS
  560. TEST_VALID_METHOD_ALLOCATOR(wolfDTLS_method);
  561. #ifndef NO_OLD_TLS
  562. TEST_VALID_METHOD_ALLOCATOR(wolfDTLSv1_method);
  563. #endif /* !NO_OLD_TLS */
  564. #ifndef WOLFSSL_NO_TLS12
  565. TEST_VALID_METHOD_ALLOCATOR(wolfDTLSv1_2_method);
  566. #endif /* !WOLFSSL_NO_TLS12 */
  567. #endif /* WOLFSSL_DTLS */
  568. #endif /* OPENSSL_EXTRA || WOLFSSL_EITHER_SIDE */
  569. }
  570. /*----------------------------------------------------------------------------*
  571. | Context
  572. *----------------------------------------------------------------------------*/
  573. #ifndef NO_WOLFSSL_SERVER
  574. static void test_wolfSSL_CTX_new(WOLFSSL_METHOD *method)
  575. {
  576. WOLFSSL_CTX *ctx;
  577. AssertNull(ctx = wolfSSL_CTX_new(NULL));
  578. AssertNotNull(method);
  579. AssertNotNull(ctx = wolfSSL_CTX_new(method));
  580. wolfSSL_CTX_free(ctx);
  581. }
  582. #endif
  583. #if (!defined(NO_WOLFSSL_CLIENT) || !defined(NO_WOLFSSL_SERVER)) && \
  584. (!defined(NO_RSA) || defined(HAVE_ECC))
  585. static void test_for_double_Free(void)
  586. {
  587. WOLFSSL_CTX* ctx;
  588. WOLFSSL* ssl;
  589. int skipTest = 0;
  590. const char* testCertFile;
  591. const char* testKeyFile;
  592. char optionsCiphers[] = "RC4-SHA:RC4-MD5:DES-CBC3-SHA:AES128-SHA:AES256-SHA"
  593. ":NULL-SHA:NULL-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA:DHE-PSK-AES256-GCM"
  594. "-SHA384:DHE-PSK-AES128-GCM-SHA256:PSK-AES256-GCM-SHA384:PSK-AES128-GCM-SHA256:"
  595. "DHE-PSK-AES256-CBC-SHA384:DHE-PSK-AES128-CBC-SHA256:PSK-AES256-CBC-SHA384:PSK-"
  596. "AES128-CBC-SHA256:PSK-AES128-CBC-SHA:PSK-AES256-CBC-SHA:DHE-PSK-AES128-CCM:DHE"
  597. "-PSK-AES256-CCM:PSK-AES128-CCM:PSK-AES256-CCM:PSK-AES128-CCM-8:PSK-AES256-CCM-"
  598. "8:DHE-PSK-NULL-SHA384:DHE-PSK-NULL-SHA256:PSK-NULL-SHA384:PSK-NULL-SHA256:PSK-"
  599. "NULL-SHA:HC128-MD5:HC128-SHA:RABBIT-SHA:AES128-CCM-8:AES256-CCM-8:ECDHE-ECDSA-"
  600. "AES128-CCM:ECDHE-ECDSA-AES128-CCM-8:ECDHE-ECDSA-AES256-CCM-8:ECDHE-RSA-AES128-"
  601. "SHA:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA:ECDHE-R"
  602. "SA-RC4-SHA:ECDHE-RSA-DES-CBC3-SHA:ECDHE-ECDSA-RC4-SHA:ECDHE-ECDSA-DES-CBC3-SHA"
  603. ":AES128-SHA256:AES256-SHA256:DHE-RSA-AES128-SHA256:DHE-RSA-AES256-SHA256:ECDH-"
  604. "RSA-AES128-SHA:ECDH-RSA-AES256-SHA:ECDH-ECDSA-AES128-SHA:ECDH-ECDSA-AES256-SHA"
  605. ":ECDH-RSA-RC4-SHA:ECDH-RSA-DES-CBC3-SHA:ECDH-ECDSA-RC4-SHA:ECDH-ECDSA-DES-CBC3"
  606. "-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES"
  607. "256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-E"
  608. "CDSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDH-RSA-AES128-GCM-SHA25"
  609. "6:ECDH-RSA-AES256-GCM-SHA384:ECDH-ECDSA-AES128-GCM-SHA256:ECDH-ECDSA-AES256-GC"
  610. "M-SHA384:CAMELLIA128-SHA:DHE-RSA-CAMELLIA128-SHA:CAMELLIA256-SHA:DHE-RSA-CAMEL"
  611. "LIA256-SHA:CAMELLIA128-SHA256:DHE-RSA-CAMELLIA128-SHA256:CAMELLIA256-SHA256:DH"
  612. "E-RSA-CAMELLIA256-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECD"
  613. "H-RSA-AES128-SHA256:ECDH-ECDSA-AES128-SHA256:ECDHE-RSA-AES256-SHA384:ECDHE-ECD"
  614. "SA-AES256-SHA384:ECDH-RSA-AES256-SHA384:ECDH-ECDSA-AES256-SHA384:ECDHE-RSA-CHA"
  615. "CHA20-POLY1305:ECDHE-ECDSA-CHACHA20-POLY1305:DHE-RSA-CHACHA20-POLY1305:ECDHE-R"
  616. "SA-CHACHA20-POLY1305-OLD:ECDHE-ECDSA-CHACHA20-POLY1305-OLD:DHE-RSA-CHACHA20-PO"
  617. "LY1305-OLD:IDEA-CBC-SHA:ECDHE-ECDSA-NULL-SHA:ECDHE-PSK-NULL-SHA256:ECDHE-PSK-A"
  618. "ES128-CBC-SHA256:PSK-CHACHA20-POLY1305:ECDHE-PSK-CHACHA20-POLY1305:DHE-PSK-CHA"
  619. "CHA20-POLY1305:EDH-RSA-DES-CBC3-SHA:TLS13-AES128-GCM-SHA256:TLS13-AES256-GCM-S"
  620. "HA384:TLS13-CHACHA20-POLY1305-SHA256:TLS13-AES128-CCM-SHA256:TLS13-AES128-CCM-"
  621. "8-SHA256:TLS13-SHA256-SHA256:TLS13-SHA384-SHA384";
  622. #ifndef NO_RSA
  623. testCertFile = svrCertFile;
  624. testKeyFile = svrKeyFile;
  625. #elif defined(HAVE_ECC)
  626. testCertFile = eccCertFile;
  627. testKeyFile = eccKeyFile;
  628. #else
  629. skipTest = 1;
  630. #endif
  631. if (skipTest != 1) {
  632. #ifndef NO_WOLFSSL_SERVER
  633. ctx = wolfSSL_CTX_new(wolfSSLv23_server_method());
  634. AssertNotNull(ctx);
  635. #else
  636. ctx = wolfSSL_CTX_new(wolfSSLv23_client_method());
  637. AssertNotNull(ctx);
  638. #endif
  639. AssertTrue(wolfSSL_CTX_use_certificate_file(ctx, testCertFile, WOLFSSL_FILETYPE_PEM));
  640. AssertTrue(wolfSSL_CTX_use_PrivateKey_file(ctx, testKeyFile, WOLFSSL_FILETYPE_PEM));
  641. ssl = wolfSSL_new(ctx);
  642. AssertNotNull(ssl);
  643. /* First test freeing SSL, then CTX */
  644. wolfSSL_free(ssl);
  645. wolfSSL_CTX_free(ctx);
  646. #ifndef NO_WOLFSSL_CLIENT
  647. ctx = wolfSSL_CTX_new(wolfSSLv23_client_method());
  648. AssertNotNull(ctx);
  649. #else
  650. ctx = wolfSSL_CTX_new(wolfSSLv23_server_method());
  651. AssertNotNull(ctx);
  652. #endif
  653. AssertTrue(wolfSSL_CTX_use_certificate_file(ctx, testCertFile, WOLFSSL_FILETYPE_PEM));
  654. AssertTrue(wolfSSL_CTX_use_PrivateKey_file(ctx, testKeyFile, WOLFSSL_FILETYPE_PEM));
  655. ssl = wolfSSL_new(ctx);
  656. AssertNotNull(ssl);
  657. /* Next test freeing CTX then SSL */
  658. wolfSSL_CTX_free(ctx);
  659. wolfSSL_free(ssl);
  660. #ifndef NO_WOLFSSL_SERVER
  661. ctx = wolfSSL_CTX_new(wolfSSLv23_server_method());
  662. AssertNotNull(ctx);
  663. #else
  664. ctx = wolfSSL_CTX_new(wolfSSLv23_client_method());
  665. AssertNotNull(ctx);
  666. #endif
  667. /* Test setting ciphers at ctx level */
  668. AssertTrue(wolfSSL_CTX_use_certificate_file(ctx, testCertFile, WOLFSSL_FILETYPE_PEM));
  669. AssertTrue(wolfSSL_CTX_use_PrivateKey_file(ctx, testKeyFile, WOLFSSL_FILETYPE_PEM));
  670. AssertTrue(wolfSSL_CTX_set_cipher_list(ctx, optionsCiphers));
  671. AssertNotNull(ssl = wolfSSL_new(ctx));
  672. wolfSSL_CTX_free(ctx);
  673. wolfSSL_free(ssl);
  674. #ifndef NO_WOLFSSL_CLIENT
  675. ctx = wolfSSL_CTX_new(wolfSSLv23_client_method());
  676. AssertNotNull(ctx);
  677. #else
  678. ctx = wolfSSL_CTX_new(wolfSSLv23_server_method());
  679. AssertNotNull(ctx);
  680. #endif
  681. AssertTrue(wolfSSL_CTX_use_certificate_file(ctx, testCertFile, WOLFSSL_FILETYPE_PEM));
  682. AssertTrue(wolfSSL_CTX_use_PrivateKey_file(ctx, testKeyFile, WOLFSSL_FILETYPE_PEM));
  683. ssl = wolfSSL_new(ctx);
  684. AssertNotNull(ssl);
  685. /* test setting ciphers at SSL level */
  686. AssertTrue(wolfSSL_set_cipher_list(ssl, optionsCiphers));
  687. wolfSSL_CTX_free(ctx);
  688. wolfSSL_free(ssl);
  689. }
  690. }
  691. #endif
  692. static void test_wolfSSL_CTX_use_certificate_file(void)
  693. {
  694. #if !defined(NO_FILESYSTEM) && !defined(NO_CERTS) && !defined(NO_WOLFSSL_SERVER)
  695. WOLFSSL_CTX *ctx;
  696. AssertNotNull(ctx = wolfSSL_CTX_new(wolfSSLv23_server_method()));
  697. /* invalid context */
  698. AssertFalse(wolfSSL_CTX_use_certificate_file(NULL, svrCertFile,
  699. WOLFSSL_FILETYPE_PEM));
  700. /* invalid cert file */
  701. AssertFalse(wolfSSL_CTX_use_certificate_file(ctx, bogusFile,
  702. WOLFSSL_FILETYPE_PEM));
  703. /* invalid cert type */
  704. AssertFalse(wolfSSL_CTX_use_certificate_file(ctx, svrCertFile, 9999));
  705. #ifdef NO_RSA
  706. /* rsa needed */
  707. AssertFalse(wolfSSL_CTX_use_certificate_file(ctx, svrCertFile,WOLFSSL_FILETYPE_PEM));
  708. #else
  709. /* success */
  710. AssertTrue(wolfSSL_CTX_use_certificate_file(ctx, svrCertFile, WOLFSSL_FILETYPE_PEM));
  711. #endif
  712. wolfSSL_CTX_free(ctx);
  713. #endif
  714. }
  715. #if (defined(OPENSSL_ALL) || defined(WOLFSSL_ASIO)) && !defined(NO_RSA)
  716. static int test_wolfSSL_CTX_use_certificate_ASN1(void)
  717. {
  718. #if !defined(NO_CERTS) && !defined(NO_WOLFSSL_SERVER) && !defined(NO_ASN)
  719. WOLFSSL_CTX* ctx;
  720. int ret;
  721. printf(testingFmt, "wolfSSL_CTX_use_certificate_ASN1()");
  722. AssertNotNull(ctx = wolfSSL_CTX_new(wolfSSLv23_server_method()));
  723. ret = SSL_CTX_use_certificate_ASN1(ctx, sizeof_server_cert_der_2048,
  724. server_cert_der_2048);
  725. printf(resultFmt, ret == WOLFSSL_SUCCESS ? passed : failed);
  726. wolfSSL_CTX_free(ctx);
  727. return ret;
  728. #else
  729. return WOLFSSL_SUCCESS;
  730. #endif
  731. }
  732. #endif /* (OPENSSL_ALL || WOLFSSL_ASIO) && !NO_RSA */
  733. /* Test function for wolfSSL_CTX_use_certificate_buffer. Load cert into
  734. * context using buffer.
  735. * PRE: NO_CERTS not defined; USE_CERT_BUFFERS_2048 defined; compile with
  736. * --enable-testcert flag.
  737. */
  738. static int test_wolfSSL_CTX_use_certificate_buffer(void)
  739. {
  740. #if !defined(NO_CERTS) && defined(USE_CERT_BUFFERS_2048) && \
  741. !defined(NO_RSA) && !defined(NO_WOLFSSL_SERVER)
  742. WOLFSSL_CTX* ctx;
  743. int ret;
  744. printf(testingFmt, "wolfSSL_CTX_use_certificate_buffer()");
  745. AssertNotNull(ctx = wolfSSL_CTX_new(wolfSSLv23_server_method()));
  746. ret = wolfSSL_CTX_use_certificate_buffer(ctx, server_cert_der_2048,
  747. sizeof_server_cert_der_2048, WOLFSSL_FILETYPE_ASN1);
  748. printf(resultFmt, ret == WOLFSSL_SUCCESS ? passed : failed);
  749. wolfSSL_CTX_free(ctx);
  750. return ret;
  751. #else
  752. return WOLFSSL_SUCCESS;
  753. #endif
  754. } /*END test_wolfSSL_CTX_use_certificate_buffer*/
  755. static void test_wolfSSL_CTX_use_PrivateKey_file(void)
  756. {
  757. #if !defined(NO_FILESYSTEM) && !defined(NO_CERTS) && !defined(NO_WOLFSSL_SERVER)
  758. WOLFSSL_CTX *ctx;
  759. AssertNotNull(ctx = wolfSSL_CTX_new(wolfSSLv23_server_method()));
  760. /* invalid context */
  761. AssertFalse(wolfSSL_CTX_use_PrivateKey_file(NULL, svrKeyFile,
  762. WOLFSSL_FILETYPE_PEM));
  763. /* invalid key file */
  764. AssertFalse(wolfSSL_CTX_use_PrivateKey_file(ctx, bogusFile,
  765. WOLFSSL_FILETYPE_PEM));
  766. /* invalid key type */
  767. AssertFalse(wolfSSL_CTX_use_PrivateKey_file(ctx, svrKeyFile, 9999));
  768. /* success */
  769. #ifdef NO_RSA
  770. /* rsa needed */
  771. AssertFalse(wolfSSL_CTX_use_PrivateKey_file(ctx, svrKeyFile, WOLFSSL_FILETYPE_PEM));
  772. #else
  773. /* success */
  774. AssertTrue(wolfSSL_CTX_use_PrivateKey_file(ctx, svrKeyFile, WOLFSSL_FILETYPE_PEM));
  775. #endif
  776. wolfSSL_CTX_free(ctx);
  777. #endif
  778. }
  779. /* test both file and buffer versions along with unloading trusted peer certs */
  780. static void test_wolfSSL_CTX_trust_peer_cert(void)
  781. {
  782. #if !defined(NO_CERTS) && defined(WOLFSSL_TRUST_PEER_CERT) && \
  783. !defined(NO_WOLFSSL_CLIENT)
  784. WOLFSSL_CTX *ctx;
  785. AssertNotNull(ctx = wolfSSL_CTX_new(wolfSSLv23_client_method()));
  786. #if !defined(NO_FILESYSTEM)
  787. /* invalid file */
  788. assert(wolfSSL_CTX_trust_peer_cert(ctx, NULL,
  789. WOLFSSL_FILETYPE_PEM) != WOLFSSL_SUCCESS);
  790. assert(wolfSSL_CTX_trust_peer_cert(ctx, bogusFile,
  791. WOLFSSL_FILETYPE_PEM) != WOLFSSL_SUCCESS);
  792. assert(wolfSSL_CTX_trust_peer_cert(ctx, cliCertFile,
  793. WOLFSSL_FILETYPE_ASN1) != WOLFSSL_SUCCESS);
  794. /* success */
  795. assert(wolfSSL_CTX_trust_peer_cert(ctx, cliCertFile, WOLFSSL_FILETYPE_PEM)
  796. == WOLFSSL_SUCCESS);
  797. /* unload cert */
  798. assert(wolfSSL_CTX_Unload_trust_peers(NULL) != WOLFSSL_SUCCESS);
  799. assert(wolfSSL_CTX_Unload_trust_peers(ctx) == WOLFSSL_SUCCESS);
  800. #endif
  801. /* Test of loading certs from buffers */
  802. /* invalid buffer */
  803. assert(wolfSSL_CTX_trust_peer_buffer(ctx, NULL, -1,
  804. WOLFSSL_FILETYPE_ASN1) != WOLFSSL_SUCCESS);
  805. /* success */
  806. #ifdef USE_CERT_BUFFERS_1024
  807. assert(wolfSSL_CTX_trust_peer_buffer(ctx, client_cert_der_1024,
  808. sizeof_client_cert_der_1024, WOLFSSL_FILETYPE_ASN1) == WOLFSSL_SUCCESS);
  809. #endif
  810. #ifdef USE_CERT_BUFFERS_2048
  811. assert(wolfSSL_CTX_trust_peer_buffer(ctx, client_cert_der_2048,
  812. sizeof_client_cert_der_2048, WOLFSSL_FILETYPE_ASN1) == WOLFSSL_SUCCESS);
  813. #endif
  814. /* unload cert */
  815. assert(wolfSSL_CTX_Unload_trust_peers(NULL) != WOLFSSL_SUCCESS);
  816. assert(wolfSSL_CTX_Unload_trust_peers(ctx) == WOLFSSL_SUCCESS);
  817. wolfSSL_CTX_free(ctx);
  818. #endif
  819. }
  820. static void test_wolfSSL_CTX_load_verify_locations(void)
  821. {
  822. #if !defined(NO_FILESYSTEM) && !defined(NO_CERTS) && !defined(NO_WOLFSSL_CLIENT)
  823. WOLFSSL_CTX *ctx;
  824. #ifndef NO_RSA
  825. WOLFSSL_CERT_MANAGER* cm;
  826. #ifdef PERSIST_CERT_CACHE
  827. int cacheSz;
  828. #endif
  829. #endif
  830. #if !defined(NO_WOLFSSL_DIR) && !defined(WOLFSSL_TIRTOS)
  831. const char* load_certs_path = "./certs/external";
  832. const char* load_no_certs_path = "./examples";
  833. const char* load_expired_path = "./certs/test/expired";
  834. #endif
  835. AssertNotNull(ctx = wolfSSL_CTX_new(wolfSSLv23_client_method()));
  836. /* invalid arguments */
  837. AssertIntEQ(wolfSSL_CTX_load_verify_locations(NULL, caCertFile, NULL), WOLFSSL_FAILURE);
  838. AssertIntEQ(wolfSSL_CTX_load_verify_locations(ctx, NULL, NULL), WOLFSSL_FAILURE);
  839. /* invalid ca file */
  840. AssertIntEQ(wolfSSL_CTX_load_verify_locations(ctx, bogusFile, NULL),
  841. WS_RETURN_CODE(WOLFSSL_BAD_FILE,WOLFSSL_FAILURE));
  842. #if !defined(NO_WOLFSSL_DIR) && !defined(WOLFSSL_TIRTOS)
  843. /* invalid path */
  844. AssertIntEQ(wolfSSL_CTX_load_verify_locations(ctx, NULL, bogusFile),
  845. WS_RETURN_CODE(BAD_PATH_ERROR,WOLFSSL_FAILURE));
  846. #endif
  847. /* load ca cert */
  848. #ifdef NO_RSA
  849. AssertIntEQ(wolfSSL_CTX_load_verify_locations(ctx, caCertFile, NULL),
  850. WS_RETURN_CODE(ASN_UNKNOWN_OID_E,WOLFSSL_FAILURE));
  851. #else /* Skip the following test without RSA certs. */
  852. AssertIntEQ(wolfSSL_CTX_load_verify_locations(ctx, caCertFile, NULL), WOLFSSL_SUCCESS);
  853. #ifdef PERSIST_CERT_CACHE
  854. /* Get cert cache size */
  855. cacheSz = wolfSSL_CTX_get_cert_cache_memsize(ctx);
  856. #endif
  857. /* Test unloading CA's */
  858. AssertIntEQ(wolfSSL_CTX_UnloadCAs(ctx), WOLFSSL_SUCCESS);
  859. #ifdef PERSIST_CERT_CACHE
  860. /* Verify no certs (result is less than cacheSz) */
  861. AssertIntGT(cacheSz, wolfSSL_CTX_get_cert_cache_memsize(ctx));
  862. #endif
  863. /* load ca cert again */
  864. AssertIntEQ(wolfSSL_CTX_load_verify_locations(ctx, caCertFile, NULL), WOLFSSL_SUCCESS);
  865. /* Test getting CERT_MANAGER */
  866. AssertNotNull(cm = wolfSSL_CTX_GetCertManager(ctx));
  867. /* Test unloading CA's using CM */
  868. AssertIntEQ(wolfSSL_CertManagerUnloadCAs(cm), WOLFSSL_SUCCESS);
  869. #ifdef PERSIST_CERT_CACHE
  870. /* Verify no certs (result is less than cacheSz) */
  871. AssertIntGT(cacheSz, wolfSSL_CTX_get_cert_cache_memsize(ctx));
  872. #endif
  873. #endif
  874. #if !defined(NO_WOLFSSL_DIR) && !defined(WOLFSSL_TIRTOS)
  875. /* Test loading CA certificates using a path */
  876. #ifdef NO_RSA
  877. /* failure here okay since certs in external directory are RSA */
  878. AssertIntNE(wolfSSL_CTX_load_verify_locations_ex(ctx, NULL, load_certs_path,
  879. WOLFSSL_LOAD_FLAG_PEM_CA_ONLY), WOLFSSL_SUCCESS);
  880. #else
  881. AssertIntEQ(wolfSSL_CTX_load_verify_locations_ex(ctx, NULL, load_certs_path,
  882. WOLFSSL_LOAD_FLAG_PEM_CA_ONLY), WOLFSSL_SUCCESS);
  883. #endif
  884. /* Test loading path with no files */
  885. AssertIntEQ(wolfSSL_CTX_load_verify_locations_ex(ctx, NULL, load_no_certs_path,
  886. WOLFSSL_LOAD_FLAG_PEM_CA_ONLY), WOLFSSL_FAILURE);
  887. /* Test loading expired CA certificates */
  888. #ifdef NO_RSA
  889. AssertIntNE(wolfSSL_CTX_load_verify_locations_ex(ctx, NULL, load_expired_path,
  890. WOLFSSL_LOAD_FLAG_DATE_ERR_OKAY | WOLFSSL_LOAD_FLAG_PEM_CA_ONLY),
  891. WOLFSSL_SUCCESS);
  892. #else
  893. AssertIntEQ(wolfSSL_CTX_load_verify_locations_ex(ctx, NULL, load_expired_path,
  894. WOLFSSL_LOAD_FLAG_DATE_ERR_OKAY | WOLFSSL_LOAD_FLAG_PEM_CA_ONLY),
  895. WOLFSSL_SUCCESS);
  896. #endif
  897. /* Test loading CA certificates and ignoring all errors */
  898. #ifdef NO_RSA
  899. AssertIntEQ(wolfSSL_CTX_load_verify_locations_ex(ctx, NULL, load_certs_path,
  900. WOLFSSL_LOAD_FLAG_IGNORE_ERR), WOLFSSL_FAILURE);
  901. #else
  902. AssertIntEQ(wolfSSL_CTX_load_verify_locations_ex(ctx, NULL, load_certs_path,
  903. WOLFSSL_LOAD_FLAG_IGNORE_ERR), WOLFSSL_SUCCESS);
  904. #endif
  905. #endif
  906. wolfSSL_CTX_free(ctx);
  907. #endif
  908. }
  909. #if !defined(NO_FILESYSTEM) && !defined(NO_CERTS)
  910. static int test_cm_load_ca_buffer(const byte* cert_buf, size_t cert_sz, int file_type)
  911. {
  912. int ret;
  913. WOLFSSL_CERT_MANAGER* cm;
  914. cm = wolfSSL_CertManagerNew();
  915. if (cm == NULL) {
  916. printf("test_cm_load_ca failed\n");
  917. return -1;
  918. }
  919. ret = wolfSSL_CertManagerLoadCABuffer(cm, cert_buf, cert_sz, file_type);
  920. wolfSSL_CertManagerFree(cm);
  921. return ret;
  922. }
  923. static int test_cm_load_ca_file(const char* ca_cert_file)
  924. {
  925. int ret = 0;
  926. byte* cert_buf = NULL;
  927. size_t cert_sz = 0;
  928. #if defined(WOLFSSL_PEM_TO_DER)
  929. DerBuffer* pDer = NULL;
  930. #endif
  931. ret = load_file(ca_cert_file, &cert_buf, &cert_sz);
  932. if (ret == 0) {
  933. /* normal test */
  934. ret = test_cm_load_ca_buffer(cert_buf, cert_sz, WOLFSSL_FILETYPE_PEM);
  935. if (ret == 0) {
  936. /* test including null terminator in length */
  937. ret = test_cm_load_ca_buffer(cert_buf, cert_sz+1, WOLFSSL_FILETYPE_PEM);
  938. }
  939. #if defined(WOLFSSL_PEM_TO_DER)
  940. if (ret == 0) {
  941. /* test loading DER */
  942. ret = wc_PemToDer(cert_buf, cert_sz, CA_TYPE, &pDer, NULL, NULL, NULL);
  943. if (ret == 0 && pDer != NULL) {
  944. ret = test_cm_load_ca_buffer(pDer->buffer, pDer->length,
  945. WOLFSSL_FILETYPE_ASN1);
  946. wc_FreeDer(&pDer);
  947. }
  948. }
  949. #endif
  950. free(cert_buf);
  951. }
  952. return ret;
  953. }
  954. #endif /* !NO_FILESYSTEM && !NO_CERTS */
  955. static int test_wolfSSL_CertManagerLoadCABuffer(void)
  956. {
  957. int ret = 0;
  958. #if !defined(NO_FILESYSTEM) && !defined(NO_CERTS)
  959. const char* ca_cert = "./certs/ca-cert.pem";
  960. const char* ca_expired_cert = "./certs/test/expired/expired-ca.pem";
  961. ret = test_cm_load_ca_file(ca_cert);
  962. #ifdef NO_RSA
  963. AssertIntEQ(ret, ASN_UNKNOWN_OID_E);
  964. #else
  965. AssertIntEQ(ret, WOLFSSL_SUCCESS);
  966. #endif
  967. ret = test_cm_load_ca_file(ca_expired_cert);
  968. #ifdef NO_RSA
  969. AssertIntEQ(ret, ASN_UNKNOWN_OID_E);
  970. #else
  971. AssertIntEQ(ret, ASN_AFTER_DATE_E);
  972. #endif
  973. #endif
  974. return ret;
  975. }
  976. static void test_wolfSSL_CertManagerGetCerts(void)
  977. {
  978. #if defined(OPENSSL_ALL) && !defined(NO_CERTS) && \
  979. !defined(NO_FILESYSTEM) && !defined(NO_RSA) && \
  980. defined(WOLFSSL_SIGNER_DER_CERT)
  981. WOLFSSL_CERT_MANAGER* cm = NULL;
  982. WOLFSSL_STACK* sk = NULL;
  983. X509* x509 = NULL;
  984. X509* cert1 = NULL;
  985. FILE* file1 = NULL;
  986. #ifdef DEBUG_WOLFSSL_VERBOSE
  987. WOLFSSL_BIO* bio = NULL;
  988. #endif
  989. int i = 0;
  990. printf(testingFmt, "wolfSSL_CertManagerGetCerts()");
  991. AssertNotNull(file1=fopen("./certs/ca-cert.pem", "rb"));
  992. AssertNotNull(cert1 = wolfSSL_PEM_read_X509(file1, NULL, NULL, NULL));
  993. fclose(file1);
  994. AssertNotNull(cm = wolfSSL_CertManagerNew_ex(NULL));
  995. AssertNull(sk = wolfSSL_CertManagerGetCerts(cm));
  996. AssertIntEQ(WOLFSSL_SUCCESS, wolfSSL_CertManagerLoadCA(cm,
  997. "./certs/ca-cert.pem", NULL));
  998. AssertNotNull(sk = wolfSSL_CertManagerGetCerts(cm));
  999. for (i = 0; i < sk_X509_num(sk); i++) {
  1000. x509 = sk_X509_value(sk, i);
  1001. AssertIntEQ(0, wolfSSL_X509_cmp(x509, cert1));
  1002. #ifdef DEBUG_WOLFSSL_VERBOSE
  1003. bio = BIO_new(wolfSSL_BIO_s_file());
  1004. if (bio != NULL) {
  1005. BIO_set_fp(bio, stdout, BIO_NOCLOSE);
  1006. X509_print(bio, x509);
  1007. BIO_free(bio);
  1008. }
  1009. #endif /* DEBUG_WOLFSSL_VERBOSE */
  1010. }
  1011. wolfSSL_X509_free(cert1);
  1012. sk_X509_free(sk);
  1013. wolfSSL_CertManagerFree(cm);
  1014. printf(resultFmt, passed);
  1015. #endif /* defined(OPENSSL_ALL) && !defined(NO_CERTS) && \
  1016. !defined(NO_FILESYSTEM) && !defined(NO_RSA) && \
  1017. defined(WOLFSSL_SIGNER_DER_CERT) */
  1018. }
  1019. static int test_wolfSSL_CertManagerSetVerify(void)
  1020. {
  1021. int ret = 0;
  1022. #if !defined(NO_FILESYSTEM) && !defined(NO_CERTS) && \
  1023. !defined(NO_WOLFSSL_CM_VERIFY) && !defined(NO_RSA) && \
  1024. (!defined(NO_WOLFSSL_CLIENT) || !defined(WOLFSSL_NO_CLIENT_AUTH))
  1025. WOLFSSL_CERT_MANAGER* cm;
  1026. int tmp = myVerifyAction;
  1027. const char* ca_cert = "./certs/ca-cert.pem";
  1028. const char* expiredCert = "./certs/test/expired/expired-cert.pem";
  1029. cm = wolfSSL_CertManagerNew();
  1030. AssertNotNull(cm);
  1031. wolfSSL_CertManagerSetVerify(cm, myVerify);
  1032. ret = wolfSSL_CertManagerLoadCA(cm, ca_cert, NULL);
  1033. AssertIntEQ(ret, WOLFSSL_SUCCESS);
  1034. /* Use the test CB that always accepts certs */
  1035. myVerifyAction = VERIFY_OVERRIDE_ERROR;
  1036. ret = wolfSSL_CertManagerVerify(cm, expiredCert, WOLFSSL_FILETYPE_PEM);
  1037. AssertIntEQ(ret, WOLFSSL_SUCCESS);
  1038. #ifdef WOLFSSL_ALWAYS_VERIFY_CB
  1039. {
  1040. const char* verifyCert = "./certs/server-cert.pem";
  1041. /* Use the test CB that always fails certs */
  1042. myVerifyAction = VERIFY_FORCE_FAIL;
  1043. ret = wolfSSL_CertManagerVerify(cm, verifyCert, WOLFSSL_FILETYPE_PEM);
  1044. AssertIntEQ(ret, VERIFY_CERT_ERROR);
  1045. }
  1046. #endif
  1047. wolfSSL_CertManagerFree(cm);
  1048. myVerifyAction = tmp;
  1049. #endif
  1050. return ret;
  1051. }
  1052. static void test_wolfSSL_CertManagerNameConstraint(void)
  1053. {
  1054. #if !defined(NO_FILESYSTEM) && !defined(NO_CERTS) && \
  1055. !defined(NO_WOLFSSL_CM_VERIFY) && !defined(NO_RSA) && \
  1056. defined(OPENSSL_EXTRA) && defined(WOLFSSL_CERT_GEN) && \
  1057. defined(WOLFSSL_CERT_EXT) && defined(WOLFSSL_ALT_NAMES)
  1058. WOLFSSL_CERT_MANAGER* cm;
  1059. const char* ca_cert = "./certs/test/cert-ext-nc.der";
  1060. int i = 0;
  1061. static const byte extNameConsOid[] = {85, 29, 30};
  1062. RsaKey key;
  1063. WC_RNG rng;
  1064. byte *der;
  1065. int derSz;
  1066. word32 idx = 0;
  1067. byte *pt;
  1068. WOLFSSL_X509 *x509;
  1069. wc_InitRng(&rng);
  1070. /* load in CA private key for signing */
  1071. AssertIntEQ(wc_InitRsaKey_ex(&key, HEAP_HINT, devId), 0);
  1072. AssertIntEQ(wc_RsaPrivateKeyDecode(server_key_der_2048, &idx, &key,
  1073. sizeof_server_key_der_2048), 0);
  1074. /* get ca certificate then alter it */
  1075. AssertNotNull(der =
  1076. (byte*)XMALLOC(FOURK_BUF, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER));
  1077. AssertNotNull(x509 = wolfSSL_X509_load_certificate_file(ca_cert,
  1078. WOLFSSL_FILETYPE_ASN1));
  1079. AssertNotNull(pt = (byte*)wolfSSL_X509_get_tbs(x509, &derSz));
  1080. XMEMCPY(der, pt, derSz);
  1081. /* find the name constraint extension and alter it */
  1082. pt = der;
  1083. for (i = 0; i < derSz - 3; i++) {
  1084. if (XMEMCMP(pt, extNameConsOid, 3) == 0) {
  1085. pt += 3;
  1086. break;
  1087. }
  1088. pt++;
  1089. }
  1090. AssertIntNE(i, derSz - 3); /* did not find OID if this case is hit */
  1091. /* go to the length value and set it to 0 */
  1092. while (i < derSz && *pt != 0x81) {
  1093. pt++;
  1094. i++;
  1095. }
  1096. AssertIntNE(i, derSz); /* did not place to alter */
  1097. pt++;
  1098. *pt = 0x00;
  1099. /* resign the altered certificate */
  1100. AssertIntGT((derSz = wc_SignCert(derSz, CTC_SHA256wRSA, der,
  1101. FOURK_BUF, &key, NULL, &rng)), 0);
  1102. AssertNotNull(cm = wolfSSL_CertManagerNew());
  1103. AssertIntEQ(wolfSSL_CertManagerLoadCABuffer(cm, der, derSz,
  1104. WOLFSSL_FILETYPE_ASN1), ASN_PARSE_E);
  1105. wolfSSL_CertManagerFree(cm);
  1106. XFREE(der, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  1107. wolfSSL_X509_free(x509);
  1108. wc_FreeRsaKey(&key);
  1109. wc_FreeRng(&rng);
  1110. #endif
  1111. }
  1112. static void test_wolfSSL_CertManagerNameConstraint2(void)
  1113. {
  1114. #if !defined(NO_FILESYSTEM) && !defined(NO_CERTS) && \
  1115. !defined(NO_WOLFSSL_CM_VERIFY) && !defined(NO_RSA) && \
  1116. defined(OPENSSL_EXTRA) && defined(WOLFSSL_CERT_GEN) && \
  1117. defined(WOLFSSL_CERT_EXT) && defined(WOLFSSL_ALT_NAMES)
  1118. const char* ca_cert = "./certs/test/cert-ext-ndir.der";
  1119. const char* ca_cert2 = "./certs/test/cert-ext-ndir-exc.der";
  1120. const char* server_cert = "./certs/server-cert.pem";
  1121. WOLFSSL_CERT_MANAGER* cm;
  1122. WOLFSSL_X509 *x509, *ca;
  1123. const unsigned char *der;
  1124. const unsigned char *pt;
  1125. WOLFSSL_EVP_PKEY *priv;
  1126. WOLFSSL_X509_NAME* name;
  1127. int derSz;
  1128. /* C=US*/
  1129. char altName[] = {
  1130. 0x30, 0x0D, 0x31, 0x0B, 0x30, 0x09,
  1131. 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x55, 0x53
  1132. };
  1133. /* C=ID */
  1134. char altNameFail[] = {
  1135. 0x30, 0x0D, 0x31, 0x0B, 0x30, 0x09,
  1136. 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x49, 0x44
  1137. };
  1138. /* C=US ST=California*/
  1139. char altNameExc[] = {
  1140. 0x30, 0x22,
  1141. 0x31, 0x0B,
  1142. 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x55, 0x53,
  1143. 0x31, 0x13,
  1144. 0x30, 0x11, 0x06, 0x03, 0x55, 0x04, 0x08, 0x0C, 0x0A,
  1145. 0x43, 0x61, 0x6c, 0x69, 0x66, 0x6f, 0x72, 0x6e, 0x69, 0x61
  1146. };
  1147. /* load in CA private key for signing */
  1148. pt = ca_key_der_2048;
  1149. AssertNotNull(priv = wolfSSL_d2i_PrivateKey(EVP_PKEY_RSA, NULL, &pt,
  1150. sizeof_ca_key_der_2048));
  1151. AssertNotNull(cm = wolfSSL_CertManagerNew());
  1152. AssertNotNull(ca = wolfSSL_X509_load_certificate_file(ca_cert,
  1153. WOLFSSL_FILETYPE_ASN1));
  1154. AssertNotNull((der = wolfSSL_X509_get_der(ca, &derSz)));
  1155. AssertIntEQ(wolfSSL_CertManagerLoadCABuffer(cm, der, derSz,
  1156. WOLFSSL_FILETYPE_ASN1), WOLFSSL_SUCCESS);
  1157. AssertNotNull(x509 = wolfSSL_X509_load_certificate_file(server_cert,
  1158. WOLFSSL_FILETYPE_PEM));
  1159. AssertNotNull(name = wolfSSL_X509_get_subject_name(ca));
  1160. AssertIntEQ(wolfSSL_X509_set_issuer_name(x509, name), WOLFSSL_SUCCESS);
  1161. wolfSSL_X509_sign(x509, priv, EVP_sha256());
  1162. AssertNotNull((der = wolfSSL_X509_get_der(x509, &derSz)));
  1163. AssertIntEQ(wolfSSL_CertManagerVerifyBuffer(cm, der, derSz,
  1164. WOLFSSL_FILETYPE_ASN1), WOLFSSL_SUCCESS);
  1165. /* add in matching DIR alt name and resign */
  1166. wolfSSL_X509_add_altname_ex(x509, altName, sizeof(altName), ASN_DIR_TYPE);
  1167. wolfSSL_X509_sign(x509, priv, EVP_sha256());
  1168. AssertNotNull((der = wolfSSL_X509_get_der(x509, &derSz)));
  1169. AssertIntEQ(wolfSSL_CertManagerVerifyBuffer(cm, der, derSz,
  1170. WOLFSSL_FILETYPE_ASN1), WOLFSSL_SUCCESS);
  1171. wolfSSL_X509_free(x509);
  1172. /* check verify fail */
  1173. AssertNotNull(x509 = wolfSSL_X509_load_certificate_file(server_cert,
  1174. WOLFSSL_FILETYPE_PEM));
  1175. AssertNotNull(name = wolfSSL_X509_get_subject_name(ca));
  1176. AssertIntEQ(wolfSSL_X509_set_issuer_name(x509, name), WOLFSSL_SUCCESS);
  1177. /* add in miss matching DIR alt name and resign */
  1178. wolfSSL_X509_add_altname_ex(x509, altNameFail, sizeof(altNameFail),
  1179. ASN_DIR_TYPE);
  1180. wolfSSL_X509_sign(x509, priv, EVP_sha256());
  1181. AssertNotNull((der = wolfSSL_X509_get_der(x509, &derSz)));
  1182. AssertIntEQ(wolfSSL_CertManagerVerifyBuffer(cm, der, derSz,
  1183. WOLFSSL_FILETYPE_ASN1), ASN_NAME_INVALID_E);
  1184. wolfSSL_CertManagerFree(cm);
  1185. wolfSSL_X509_free(x509);
  1186. wolfSSL_X509_free(ca);
  1187. /* now test with excluded name constraint */
  1188. AssertNotNull(cm = wolfSSL_CertManagerNew());
  1189. AssertNotNull(ca = wolfSSL_X509_load_certificate_file(ca_cert2,
  1190. WOLFSSL_FILETYPE_ASN1));
  1191. AssertNotNull((der = wolfSSL_X509_get_der(ca, &derSz)));
  1192. AssertIntEQ(wolfSSL_CertManagerLoadCABuffer(cm, der, derSz,
  1193. WOLFSSL_FILETYPE_ASN1), WOLFSSL_SUCCESS);
  1194. AssertNotNull(x509 = wolfSSL_X509_load_certificate_file(server_cert,
  1195. WOLFSSL_FILETYPE_PEM));
  1196. wolfSSL_X509_add_altname_ex(x509, altNameExc, sizeof(altNameExc),
  1197. ASN_DIR_TYPE);
  1198. AssertNotNull(name = wolfSSL_X509_get_subject_name(ca));
  1199. AssertIntEQ(wolfSSL_X509_set_issuer_name(x509, name), WOLFSSL_SUCCESS);
  1200. wolfSSL_X509_sign(x509, priv, EVP_sha256());
  1201. AssertNotNull((der = wolfSSL_X509_get_der(x509, &derSz)));
  1202. AssertIntEQ(wolfSSL_CertManagerVerifyBuffer(cm, der, derSz,
  1203. WOLFSSL_FILETYPE_ASN1), ASN_NAME_INVALID_E);
  1204. wolfSSL_CertManagerFree(cm);
  1205. wolfSSL_X509_free(x509);
  1206. wolfSSL_X509_free(ca);
  1207. wolfSSL_EVP_PKEY_free(priv);
  1208. #endif
  1209. }
  1210. static void test_wolfSSL_CertManagerCRL(void)
  1211. {
  1212. #if !defined(NO_FILESYSTEM) && !defined(NO_CERTS) && defined(HAVE_CRL) && \
  1213. !defined(NO_RSA)
  1214. const char* ca_cert = "./certs/ca-cert.pem";
  1215. const char* crl1 = "./certs/crl/crl.pem";
  1216. const char* crl2 = "./certs/crl/crl2.pem";
  1217. WOLFSSL_CERT_MANAGER* cm = NULL;
  1218. AssertNotNull(cm = wolfSSL_CertManagerNew());
  1219. AssertIntEQ(WOLFSSL_SUCCESS,
  1220. wolfSSL_CertManagerLoadCA(cm, ca_cert, NULL));
  1221. AssertIntEQ(WOLFSSL_SUCCESS,
  1222. wolfSSL_CertManagerLoadCRL(cm, crl1, WOLFSSL_FILETYPE_PEM, 0));
  1223. AssertIntEQ(WOLFSSL_SUCCESS,
  1224. wolfSSL_CertManagerLoadCRL(cm, crl2, WOLFSSL_FILETYPE_PEM, 0));
  1225. wolfSSL_CertManagerFreeCRL(cm);
  1226. AssertIntEQ(WOLFSSL_SUCCESS,
  1227. wolfSSL_CertManagerLoadCRL(cm, crl1, WOLFSSL_FILETYPE_PEM, 0));
  1228. AssertIntEQ(WOLFSSL_SUCCESS,
  1229. wolfSSL_CertManagerLoadCA(cm, ca_cert, NULL));
  1230. wolfSSL_CertManagerFree(cm);
  1231. #endif
  1232. }
  1233. static void test_wolfSSL_CTX_load_verify_locations_ex(void)
  1234. {
  1235. #if !defined(NO_FILESYSTEM) && !defined(NO_CERTS) && !defined(NO_RSA) && \
  1236. !defined(NO_WOLFSSL_CLIENT)
  1237. WOLFSSL_CTX* ctx;
  1238. const char* ca_cert = "./certs/ca-cert.pem";
  1239. const char* ca_expired_cert = "./certs/test/expired/expired-ca.pem";
  1240. ctx = wolfSSL_CTX_new(wolfSSLv23_client_method());
  1241. AssertNotNull(ctx);
  1242. /* test good CA */
  1243. AssertTrue(WOLFSSL_SUCCESS ==
  1244. wolfSSL_CTX_load_verify_locations_ex(ctx, ca_cert, NULL,
  1245. WOLFSSL_LOAD_FLAG_NONE));
  1246. /* test expired CA */
  1247. AssertTrue(WOLFSSL_SUCCESS !=
  1248. wolfSSL_CTX_load_verify_locations_ex(ctx, ca_expired_cert, NULL,
  1249. WOLFSSL_LOAD_FLAG_NONE));
  1250. AssertTrue(WOLFSSL_SUCCESS ==
  1251. wolfSSL_CTX_load_verify_locations_ex(ctx, ca_expired_cert, NULL,
  1252. WOLFSSL_LOAD_FLAG_DATE_ERR_OKAY));
  1253. wolfSSL_CTX_free(ctx);
  1254. #endif
  1255. }
  1256. static void test_wolfSSL_CTX_load_verify_buffer_ex(void)
  1257. {
  1258. #if !defined(NO_FILESYSTEM) && !defined(NO_CERTS) && !defined(NO_RSA) && \
  1259. defined(USE_CERT_BUFFERS_2048)
  1260. WOLFSSL_CTX* ctx;
  1261. const char* ca_expired_cert_file = "./certs/test/expired/expired-ca.der";
  1262. byte ca_expired_cert[TWOK_BUF];
  1263. word32 sizeof_ca_expired_cert;
  1264. XFILE fp;
  1265. #ifndef NO_WOLFSSL_CLIENT
  1266. ctx = wolfSSL_CTX_new(wolfSSLv23_client_method());
  1267. #else
  1268. ctx = wolfSSL_CTX_new(wolfSSLv23_server_method());
  1269. #endif
  1270. AssertNotNull(ctx);
  1271. /* test good CA */
  1272. AssertTrue(WOLFSSL_SUCCESS ==
  1273. wolfSSL_CTX_load_verify_buffer_ex(ctx, ca_cert_der_2048,
  1274. sizeof_ca_cert_der_2048, WOLFSSL_FILETYPE_ASN1, 0,
  1275. WOLFSSL_LOAD_FLAG_NONE));
  1276. /* load expired CA */
  1277. XMEMSET(ca_expired_cert, 0, sizeof(ca_expired_cert));
  1278. fp = XFOPEN(ca_expired_cert_file, "rb");
  1279. AssertTrue(fp != XBADFILE);
  1280. sizeof_ca_expired_cert = (word32)XFREAD(ca_expired_cert, 1,
  1281. sizeof(ca_expired_cert), fp);
  1282. XFCLOSE(fp);
  1283. /* test expired CA failure */
  1284. AssertTrue(WOLFSSL_SUCCESS !=
  1285. wolfSSL_CTX_load_verify_buffer_ex(ctx, ca_expired_cert,
  1286. sizeof_ca_expired_cert, WOLFSSL_FILETYPE_ASN1, 0,
  1287. WOLFSSL_LOAD_FLAG_NONE));
  1288. /* test expired CA success */
  1289. AssertTrue(WOLFSSL_SUCCESS ==
  1290. wolfSSL_CTX_load_verify_buffer_ex(ctx, ca_expired_cert,
  1291. sizeof_ca_expired_cert, WOLFSSL_FILETYPE_ASN1, 0,
  1292. WOLFSSL_LOAD_FLAG_DATE_ERR_OKAY));
  1293. wolfSSL_CTX_free(ctx);
  1294. #endif
  1295. }
  1296. static void test_wolfSSL_CTX_load_verify_chain_buffer_format(void)
  1297. {
  1298. #if !defined(NO_CERTS) && !defined(NO_RSA) && defined(OPENSSL_EXTRA) && \
  1299. defined(WOLFSSL_CERT_GEN) && defined(USE_CERT_BUFFERS_2048)
  1300. WOLFSSL_CTX* ctx;
  1301. #ifndef NO_WOLFSSL_CLIENT
  1302. AssertNotNull(ctx = wolfSSL_CTX_new(wolfSSLv23_client_method()));
  1303. #else
  1304. AssertNotNull(ctx = wolfSSL_CTX_new(wolfSSLv23_server_method()));
  1305. #endif
  1306. AssertTrue(WOLFSSL_SUCCESS ==
  1307. wolfSSL_CTX_load_verify_chain_buffer_format(ctx, ca_cert_chain_der,
  1308. sizeof_ca_cert_chain_der,
  1309. WOLFSSL_FILETYPE_ASN1));
  1310. wolfSSL_CTX_free(ctx);
  1311. #endif
  1312. }
  1313. static int test_wolfSSL_CTX_use_certificate_chain_file_format(void)
  1314. {
  1315. int ret = 0;
  1316. #if !defined(NO_FILESYSTEM) && !defined(NO_CERTS) && !defined(NO_RSA)
  1317. const char* server_chain_der = "./certs/server-cert-chain.der";
  1318. WOLFSSL_CTX* ctx;
  1319. #ifndef NO_WOLFSSL_CLIENT
  1320. ctx = wolfSSL_CTX_new(wolfSSLv23_client_method());
  1321. AssertNotNull(ctx);
  1322. #else
  1323. ctx = wolfSSL_CTX_new(wolfSSLv23_server_method());
  1324. AssertNotNull(ctx);
  1325. #endif
  1326. AssertIntEQ(wolfSSL_CTX_use_certificate_chain_file_format(ctx,
  1327. server_chain_der, WOLFSSL_FILETYPE_ASN1), WOLFSSL_SUCCESS);
  1328. wolfSSL_CTX_free(ctx);
  1329. #endif
  1330. return ret;
  1331. }
  1332. static void test_wolfSSL_CTX_SetTmpDH_file(void)
  1333. {
  1334. #if !defined(NO_FILESYSTEM) && !defined(NO_CERTS) && !defined(NO_DH)
  1335. WOLFSSL_CTX *ctx;
  1336. #ifndef NO_WOLFSSL_CLIENT
  1337. AssertNotNull(ctx = wolfSSL_CTX_new(wolfSSLv23_client_method()));
  1338. #else
  1339. AssertNotNull(ctx = wolfSSL_CTX_new(wolfSSLv23_server_method()));
  1340. #endif
  1341. /* invalid context */
  1342. AssertIntNE(WOLFSSL_SUCCESS, wolfSSL_CTX_SetTmpDH_file(NULL,
  1343. dhParamFile, WOLFSSL_FILETYPE_PEM));
  1344. /* invalid dhParamFile file */
  1345. AssertIntNE(WOLFSSL_SUCCESS, wolfSSL_CTX_SetTmpDH_file(ctx,
  1346. NULL, WOLFSSL_FILETYPE_PEM));
  1347. AssertIntNE(WOLFSSL_SUCCESS, wolfSSL_CTX_SetTmpDH_file(ctx,
  1348. bogusFile, WOLFSSL_FILETYPE_PEM));
  1349. /* success */
  1350. AssertIntEQ(WOLFSSL_SUCCESS, wolfSSL_CTX_SetTmpDH_file(ctx, dhParamFile,
  1351. WOLFSSL_FILETYPE_PEM));
  1352. wolfSSL_CTX_free(ctx);
  1353. #endif
  1354. }
  1355. static void test_wolfSSL_CTX_SetTmpDH_buffer(void)
  1356. {
  1357. #if !defined(NO_CERTS) && !defined(NO_DH)
  1358. WOLFSSL_CTX *ctx;
  1359. #ifndef NO_WOLFSSL_CLIENT
  1360. AssertNotNull(ctx = wolfSSL_CTX_new(wolfSSLv23_client_method()));
  1361. #else
  1362. AssertNotNull(ctx = wolfSSL_CTX_new(wolfSSLv23_server_method()));
  1363. #endif
  1364. /* invalid context */
  1365. AssertIntNE(WOLFSSL_SUCCESS, wolfSSL_CTX_SetTmpDH_buffer(NULL, dh_key_der_2048,
  1366. sizeof_dh_key_der_2048, WOLFSSL_FILETYPE_ASN1));
  1367. /* invalid dhParamFile file */
  1368. AssertIntNE(WOLFSSL_SUCCESS, wolfSSL_CTX_SetTmpDH_buffer(NULL, NULL,
  1369. 0, WOLFSSL_FILETYPE_ASN1));
  1370. AssertIntNE(WOLFSSL_SUCCESS, wolfSSL_CTX_SetTmpDH_buffer(ctx, dsa_key_der_2048,
  1371. sizeof_dsa_key_der_2048, WOLFSSL_FILETYPE_ASN1));
  1372. /* success */
  1373. AssertIntEQ(WOLFSSL_SUCCESS, wolfSSL_CTX_SetTmpDH_buffer(ctx, dh_key_der_2048,
  1374. sizeof_dh_key_der_2048, WOLFSSL_FILETYPE_ASN1));
  1375. wolfSSL_CTX_free(ctx);
  1376. #endif
  1377. }
  1378. static void test_wolfSSL_CTX_SetMinMaxDhKey_Sz(void)
  1379. {
  1380. #if !defined(NO_CERTS) && !defined(NO_DH)
  1381. WOLFSSL_CTX *ctx;
  1382. #ifndef NO_WOLFSSL_CLIENT
  1383. ctx = wolfSSL_CTX_new(wolfSSLv23_client_method());
  1384. AssertNotNull(ctx);
  1385. #else
  1386. ctx = wolfSSL_CTX_new(wolfSSLv23_server_method());
  1387. AssertNotNull(ctx);
  1388. #endif
  1389. AssertIntEQ(WOLFSSL_SUCCESS, wolfSSL_CTX_SetMinDhKey_Sz(ctx, 3072));
  1390. AssertIntEQ(DH_KEY_SIZE_E, wolfSSL_CTX_SetTmpDH_buffer(ctx, dh_key_der_2048,
  1391. sizeof_dh_key_der_2048, WOLFSSL_FILETYPE_ASN1));
  1392. AssertIntEQ(WOLFSSL_SUCCESS, wolfSSL_CTX_SetMinDhKey_Sz(ctx, 2048));
  1393. AssertIntEQ(WOLFSSL_SUCCESS, wolfSSL_CTX_SetTmpDH_buffer(ctx, dh_key_der_2048,
  1394. sizeof_dh_key_der_2048, WOLFSSL_FILETYPE_ASN1));
  1395. AssertIntEQ(WOLFSSL_SUCCESS, wolfSSL_CTX_SetMaxDhKey_Sz(ctx, 1024));
  1396. AssertIntEQ(DH_KEY_SIZE_E, wolfSSL_CTX_SetTmpDH_buffer(ctx, dh_key_der_2048,
  1397. sizeof_dh_key_der_2048, WOLFSSL_FILETYPE_ASN1));
  1398. AssertIntEQ(WOLFSSL_SUCCESS, wolfSSL_CTX_SetMaxDhKey_Sz(ctx, 2048));
  1399. AssertIntEQ(WOLFSSL_SUCCESS, wolfSSL_CTX_SetTmpDH_buffer(ctx, dh_key_der_2048,
  1400. sizeof_dh_key_der_2048, WOLFSSL_FILETYPE_ASN1));
  1401. wolfSSL_CTX_free(ctx);
  1402. #endif
  1403. }
  1404. static void test_wolfSSL_CTX_der_load_verify_locations(void)
  1405. {
  1406. #ifdef WOLFSSL_DER_LOAD
  1407. WOLFSSL_CTX* ctx = NULL;
  1408. const char* derCert = "./certs/server-cert.der";
  1409. const char* nullPath = NULL;
  1410. const char* invalidPath = "./certs/this-cert-does-not-exist.der";
  1411. const char* emptyPath = "";
  1412. /* der load Case 1 ctx NULL */
  1413. AssertIntEQ(wolfSSL_CTX_der_load_verify_locations(ctx, derCert,
  1414. WOLFSSL_FILETYPE_ASN1), WOLFSSL_FAILURE);
  1415. #ifndef NO_WOLFSSL_CLIENT
  1416. AssertNotNull(ctx = wolfSSL_CTX_new(wolfSSLv23_client_method()));
  1417. #else
  1418. AssertNotNull(ctx = wolfSSL_CTX_new(wolfSSLv23_server_method()));
  1419. #endif
  1420. /* Case 2 filePath NULL */
  1421. AssertIntEQ(wolfSSL_CTX_der_load_verify_locations(ctx, nullPath,
  1422. WOLFSSL_FILETYPE_ASN1), WOLFSSL_FAILURE);
  1423. /* Case 3 invalid format */
  1424. AssertIntEQ(wolfSSL_CTX_der_load_verify_locations(ctx, derCert,
  1425. WOLFSSL_FILETYPE_PEM), WOLFSSL_FAILURE);
  1426. /* Case 4 filePath not valid */
  1427. AssertIntEQ(wolfSSL_CTX_der_load_verify_locations(ctx, invalidPath,
  1428. WOLFSSL_FILETYPE_ASN1), WOLFSSL_FAILURE);
  1429. /* Case 5 filePath empty */
  1430. AssertIntEQ(wolfSSL_CTX_der_load_verify_locations(ctx, emptyPath,
  1431. WOLFSSL_FILETYPE_ASN1), WOLFSSL_FAILURE);
  1432. #ifndef NO_RSA
  1433. /* Case 6 success case */
  1434. AssertIntEQ(wolfSSL_CTX_der_load_verify_locations(ctx, derCert,
  1435. WOLFSSL_FILETYPE_ASN1), WOLFSSL_SUCCESS);
  1436. #endif
  1437. wolfSSL_CTX_free(ctx);
  1438. #endif
  1439. }
  1440. static void test_wolfSSL_CTX_enable_disable(void)
  1441. {
  1442. #ifndef NO_CERTS
  1443. WOLFSSL_CTX* ctx = NULL;
  1444. #ifdef HAVE_CRL
  1445. AssertIntEQ(wolfSSL_CTX_DisableCRL(ctx), BAD_FUNC_ARG);
  1446. AssertIntEQ(wolfSSL_CTX_EnableCRL(ctx, 0), BAD_FUNC_ARG);
  1447. #endif
  1448. #ifdef HAVE_OCSP
  1449. AssertIntEQ(wolfSSL_CTX_DisableOCSP(ctx), BAD_FUNC_ARG);
  1450. AssertIntEQ(wolfSSL_CTX_EnableOCSP(ctx, 0), BAD_FUNC_ARG);
  1451. #endif
  1452. #if defined(HAVE_CERTIFICATE_STATUS_REQUEST) || \
  1453. defined(HAVE_CERTIFICATE_STATUS_REQUEST_V2)
  1454. AssertIntEQ(wolfSSL_CTX_DisableOCSPStapling(ctx), BAD_FUNC_ARG);
  1455. AssertIntEQ(wolfSSL_CTX_EnableOCSPStapling(ctx), BAD_FUNC_ARG);
  1456. AssertIntEQ(wolfSSL_CTX_DisableOCSPMustStaple(ctx), BAD_FUNC_ARG);
  1457. AssertIntEQ(wolfSSL_CTX_EnableOCSPMustStaple(ctx), BAD_FUNC_ARG);
  1458. #endif
  1459. #ifndef NO_WOLFSSL_CLIENT
  1460. #ifdef HAVE_EXTENDED_MASTER
  1461. AssertIntEQ(wolfSSL_CTX_DisableExtendedMasterSecret(ctx), BAD_FUNC_ARG);
  1462. #endif
  1463. ctx = wolfSSL_CTX_new(wolfSSLv23_client_method());
  1464. AssertNotNull(ctx);
  1465. #ifdef HAVE_EXTENDED_MASTER
  1466. AssertIntEQ(wolfSSL_CTX_DisableExtendedMasterSecret(ctx), WOLFSSL_SUCCESS);
  1467. #endif
  1468. #elif !defined(NO_WOLFSSL_SERVER)
  1469. AssertNotNull(ctx = wolfSSL_CTX_new(wolfSSLv23_server_method()));
  1470. #else
  1471. return;
  1472. #endif
  1473. #ifdef HAVE_CRL
  1474. AssertIntEQ(wolfSSL_CTX_DisableCRL(ctx), WOLFSSL_SUCCESS);
  1475. AssertIntEQ(wolfSSL_CTX_EnableCRL(ctx, 0), WOLFSSL_SUCCESS);
  1476. #endif
  1477. #ifdef HAVE_OCSP
  1478. AssertIntEQ(wolfSSL_CTX_DisableOCSP(ctx), WOLFSSL_SUCCESS);
  1479. AssertIntEQ(wolfSSL_CTX_EnableOCSP(ctx, WOLFSSL_OCSP_URL_OVERRIDE),
  1480. WOLFSSL_SUCCESS);
  1481. AssertIntEQ(wolfSSL_CTX_EnableOCSP(ctx, WOLFSSL_OCSP_NO_NONCE),
  1482. WOLFSSL_SUCCESS);
  1483. AssertIntEQ(wolfSSL_CTX_EnableOCSP(ctx, WOLFSSL_OCSP_CHECKALL),
  1484. WOLFSSL_SUCCESS);
  1485. #endif
  1486. #if defined(HAVE_CERTIFICATE_STATUS_REQUEST) || \
  1487. defined(HAVE_CERTIFICATE_STATUS_REQUEST_V2)
  1488. AssertIntEQ(wolfSSL_CTX_DisableOCSPStapling(ctx), WOLFSSL_SUCCESS);
  1489. AssertIntEQ(wolfSSL_CTX_EnableOCSPStapling(ctx), WOLFSSL_SUCCESS);
  1490. AssertIntEQ(wolfSSL_CTX_DisableOCSPMustStaple(ctx), WOLFSSL_SUCCESS);
  1491. AssertIntEQ(wolfSSL_CTX_DisableOCSPMustStaple(ctx), WOLFSSL_SUCCESS);
  1492. #endif
  1493. wolfSSL_CTX_free(ctx);
  1494. #endif /* NO_CERTS */
  1495. }
  1496. static void test_wolfSSL_CTX_ticket_API(void)
  1497. {
  1498. #if defined(HAVE_SESSION_TICKET) && !defined(NO_WOLFSSL_SERVER)
  1499. WOLFSSL_CTX* ctx = NULL;
  1500. void *userCtx = (void*)"this is my ctx";
  1501. AssertNotNull(ctx = wolfSSL_CTX_new(wolfSSLv23_server_method()));
  1502. AssertIntEQ(WOLFSSL_SUCCESS, wolfSSL_CTX_set_TicketEncCtx(ctx, userCtx));
  1503. AssertTrue(userCtx == wolfSSL_CTX_get_TicketEncCtx(ctx));
  1504. wolfSSL_CTX_free(ctx);
  1505. AssertIntNE(WOLFSSL_SUCCESS, wolfSSL_CTX_set_TicketEncCtx(NULL, userCtx));
  1506. AssertNull(wolfSSL_CTX_get_TicketEncCtx(NULL));
  1507. #endif /* HAVE_SESSION_TICKET && !NO_WOLFSSL_SERVER */
  1508. }
  1509. /*----------------------------------------------------------------------------*
  1510. | SSL
  1511. *----------------------------------------------------------------------------*/
  1512. static void test_server_wolfSSL_new(void)
  1513. {
  1514. #if !defined(NO_FILESYSTEM) && !defined(NO_CERTS) && !defined(NO_RSA) && \
  1515. !defined(NO_WOLFSSL_SERVER)
  1516. WOLFSSL_CTX *ctx;
  1517. WOLFSSL_CTX *ctx_nocert;
  1518. WOLFSSL *ssl;
  1519. AssertNotNull(ctx_nocert = wolfSSL_CTX_new(wolfSSLv23_server_method()));
  1520. AssertNotNull(ctx = wolfSSL_CTX_new(wolfSSLv23_server_method()));
  1521. AssertTrue(wolfSSL_CTX_use_certificate_file(ctx, svrCertFile, WOLFSSL_FILETYPE_PEM));
  1522. AssertTrue(wolfSSL_CTX_use_PrivateKey_file(ctx, svrKeyFile, WOLFSSL_FILETYPE_PEM));
  1523. /* invalid context */
  1524. AssertNull(ssl = wolfSSL_new(NULL));
  1525. #ifndef WOLFSSL_SESSION_EXPORT
  1526. AssertNull(ssl = wolfSSL_new(ctx_nocert));
  1527. #endif
  1528. /* success */
  1529. AssertNotNull(ssl = wolfSSL_new(ctx));
  1530. wolfSSL_free(ssl);
  1531. wolfSSL_CTX_free(ctx);
  1532. wolfSSL_CTX_free(ctx_nocert);
  1533. #endif
  1534. }
  1535. static void test_client_wolfSSL_new(void)
  1536. {
  1537. #if !defined(NO_FILESYSTEM) && !defined(NO_CERTS) && !defined(NO_RSA) && \
  1538. !defined(NO_WOLFSSL_CLIENT)
  1539. WOLFSSL_CTX *ctx;
  1540. WOLFSSL_CTX *ctx_nocert;
  1541. WOLFSSL *ssl;
  1542. AssertNotNull(ctx_nocert = wolfSSL_CTX_new(wolfSSLv23_client_method()));
  1543. AssertNotNull(ctx = wolfSSL_CTX_new(wolfSSLv23_client_method()));
  1544. AssertTrue(wolfSSL_CTX_load_verify_locations(ctx, caCertFile, 0));
  1545. /* invalid context */
  1546. AssertNull(ssl = wolfSSL_new(NULL));
  1547. /* success */
  1548. AssertNotNull(ssl = wolfSSL_new(ctx_nocert));
  1549. wolfSSL_free(ssl);
  1550. /* success */
  1551. AssertNotNull(ssl = wolfSSL_new(ctx));
  1552. wolfSSL_free(ssl);
  1553. wolfSSL_CTX_free(ctx);
  1554. wolfSSL_CTX_free(ctx_nocert);
  1555. #endif
  1556. }
  1557. static void test_wolfSSL_SetTmpDH_file(void)
  1558. {
  1559. #if !defined(NO_FILESYSTEM) && !defined(NO_CERTS) && !defined(NO_DH) && \
  1560. !defined(NO_WOLFSSL_SERVER)
  1561. WOLFSSL_CTX *ctx;
  1562. WOLFSSL *ssl;
  1563. AssertNotNull(ctx = wolfSSL_CTX_new(wolfSSLv23_server_method()));
  1564. #ifndef NO_RSA
  1565. AssertTrue(wolfSSL_CTX_use_certificate_file(ctx, svrCertFile,
  1566. WOLFSSL_FILETYPE_PEM));
  1567. AssertTrue(wolfSSL_CTX_use_PrivateKey_file(ctx, svrKeyFile,
  1568. WOLFSSL_FILETYPE_PEM));
  1569. #elif defined(HAVE_ECC)
  1570. AssertTrue(wolfSSL_CTX_use_certificate_file(ctx, eccCertFile,
  1571. WOLFSSL_FILETYPE_PEM));
  1572. AssertTrue(wolfSSL_CTX_use_PrivateKey_file(ctx, eccKeyFile,
  1573. WOLFSSL_FILETYPE_PEM));
  1574. #elif defined(HAVE_ED25519)
  1575. AssertTrue(wolfSSL_CTX_use_certificate_file(ctx, edCertFile,
  1576. WOLFSSL_FILETYPE_PEM));
  1577. AssertTrue(wolfSSL_CTX_use_PrivateKey_file(ctx, edKeyFile,
  1578. WOLFSSL_FILETYPE_PEM));
  1579. #elif defined(HAVE_ED448)
  1580. AssertTrue(wolfSSL_CTX_use_certificate_file(ctx, ed448CertFile,
  1581. WOLFSSL_FILETYPE_PEM));
  1582. AssertTrue(wolfSSL_CTX_use_PrivateKey_file(ctx, ed448KeyFile,
  1583. WOLFSSL_FILETYPE_PEM));
  1584. #endif
  1585. AssertNotNull(ssl = wolfSSL_new(ctx));
  1586. /* invalid ssl */
  1587. AssertIntNE(WOLFSSL_SUCCESS, wolfSSL_SetTmpDH_file(NULL,
  1588. dhParamFile, WOLFSSL_FILETYPE_PEM));
  1589. /* invalid dhParamFile file */
  1590. AssertIntNE(WOLFSSL_SUCCESS, wolfSSL_SetTmpDH_file(ssl,
  1591. NULL, WOLFSSL_FILETYPE_PEM));
  1592. AssertIntNE(WOLFSSL_SUCCESS, wolfSSL_SetTmpDH_file(ssl,
  1593. bogusFile, WOLFSSL_FILETYPE_PEM));
  1594. /* success */
  1595. AssertIntEQ(WOLFSSL_SUCCESS, wolfSSL_SetTmpDH_file(ssl, dhParamFile,
  1596. WOLFSSL_FILETYPE_PEM));
  1597. wolfSSL_free(ssl);
  1598. wolfSSL_CTX_free(ctx);
  1599. #endif
  1600. }
  1601. static void test_wolfSSL_SetTmpDH_buffer(void)
  1602. {
  1603. #if !defined(NO_CERTS) && !defined(NO_DH) && !defined(NO_WOLFSSL_SERVER)
  1604. WOLFSSL_CTX *ctx;
  1605. WOLFSSL *ssl;
  1606. AssertNotNull(ctx = wolfSSL_CTX_new(wolfSSLv23_server_method()));
  1607. AssertTrue(wolfSSL_CTX_use_certificate_buffer(ctx, server_cert_der_2048,
  1608. sizeof_server_cert_der_2048, WOLFSSL_FILETYPE_ASN1));
  1609. AssertTrue(wolfSSL_CTX_use_PrivateKey_buffer(ctx, server_key_der_2048,
  1610. sizeof_server_key_der_2048, WOLFSSL_FILETYPE_ASN1));
  1611. AssertNotNull(ssl = wolfSSL_new(ctx));
  1612. /* invalid ssl */
  1613. AssertIntNE(WOLFSSL_SUCCESS, wolfSSL_SetTmpDH_buffer(NULL, dh_key_der_2048,
  1614. sizeof_dh_key_der_2048, WOLFSSL_FILETYPE_ASN1));
  1615. /* invalid dhParamFile file */
  1616. AssertIntNE(WOLFSSL_SUCCESS, wolfSSL_SetTmpDH_buffer(NULL, NULL,
  1617. 0, WOLFSSL_FILETYPE_ASN1));
  1618. AssertIntNE(WOLFSSL_SUCCESS, wolfSSL_SetTmpDH_buffer(ssl, dsa_key_der_2048,
  1619. sizeof_dsa_key_der_2048, WOLFSSL_FILETYPE_ASN1));
  1620. /* success */
  1621. AssertIntEQ(WOLFSSL_SUCCESS, wolfSSL_SetTmpDH_buffer(ssl, dh_key_der_2048,
  1622. sizeof_dh_key_der_2048, WOLFSSL_FILETYPE_ASN1));
  1623. wolfSSL_free(ssl);
  1624. wolfSSL_CTX_free(ctx);
  1625. #endif
  1626. }
  1627. static void test_wolfSSL_SetMinMaxDhKey_Sz(void)
  1628. {
  1629. #if !defined(NO_CERTS) && !defined(NO_DH) && !defined(NO_WOLFSSL_SERVER)
  1630. WOLFSSL_CTX *ctx, *ctx2;
  1631. WOLFSSL *ssl, *ssl2;
  1632. ctx = wolfSSL_CTX_new(wolfSSLv23_server_method());
  1633. AssertNotNull(ctx);
  1634. AssertTrue(wolfSSL_CTX_use_certificate_buffer(ctx, server_cert_der_2048,
  1635. sizeof_server_cert_der_2048, WOLFSSL_FILETYPE_ASN1));
  1636. AssertTrue(wolfSSL_CTX_use_PrivateKey_buffer(ctx, server_key_der_2048,
  1637. sizeof_server_key_der_2048, WOLFSSL_FILETYPE_ASN1));
  1638. AssertIntEQ(WOLFSSL_SUCCESS, wolfSSL_CTX_SetMinDhKey_Sz(ctx, 3072));
  1639. ssl = wolfSSL_new(ctx);
  1640. AssertNotNull(ssl);
  1641. ctx2 = wolfSSL_CTX_new(wolfSSLv23_server_method());
  1642. AssertNotNull(ctx2);
  1643. AssertTrue(wolfSSL_CTX_use_certificate_buffer(ctx2, server_cert_der_2048,
  1644. sizeof_server_cert_der_2048, WOLFSSL_FILETYPE_ASN1));
  1645. AssertTrue(wolfSSL_CTX_use_PrivateKey_buffer(ctx2, server_key_der_2048,
  1646. sizeof_server_key_der_2048, WOLFSSL_FILETYPE_ASN1));
  1647. AssertIntEQ(WOLFSSL_SUCCESS, wolfSSL_CTX_SetMaxDhKey_Sz(ctx, 1024));
  1648. ssl2 = wolfSSL_new(ctx2);
  1649. AssertNotNull(ssl2);
  1650. AssertIntEQ(DH_KEY_SIZE_E, wolfSSL_SetTmpDH_buffer(ssl, dh_key_der_2048,
  1651. sizeof_dh_key_der_2048, WOLFSSL_FILETYPE_ASN1));
  1652. AssertIntEQ(WOLFSSL_SUCCESS, wolfSSL_SetMinDhKey_Sz(ssl, 2048));
  1653. AssertIntEQ(WOLFSSL_SUCCESS, wolfSSL_SetTmpDH_buffer(ssl, dh_key_der_2048,
  1654. sizeof_dh_key_der_2048, WOLFSSL_FILETYPE_ASN1));
  1655. AssertIntEQ(WOLFSSL_SUCCESS, wolfSSL_SetMinDhKey_Sz(ssl, 3072));
  1656. AssertIntEQ(DH_KEY_SIZE_E, wolfSSL_SetTmpDH_buffer(ssl, dh_key_der_2048,
  1657. sizeof_dh_key_der_2048, WOLFSSL_FILETYPE_ASN1));
  1658. AssertIntEQ(WOLFSSL_SUCCESS, wolfSSL_SetTmpDH_buffer(ssl2, dh_key_der_2048,
  1659. sizeof_dh_key_der_2048, WOLFSSL_FILETYPE_ASN1));
  1660. AssertIntEQ(WOLFSSL_SUCCESS, wolfSSL_SetMaxDhKey_Sz(ssl2, 2048));
  1661. AssertIntEQ(WOLFSSL_SUCCESS, wolfSSL_SetTmpDH_buffer(ssl2, dh_key_der_2048,
  1662. sizeof_dh_key_der_2048, WOLFSSL_FILETYPE_ASN1));
  1663. AssertIntEQ(WOLFSSL_SUCCESS, wolfSSL_SetMaxDhKey_Sz(ssl2, 1024));
  1664. AssertIntEQ(DH_KEY_SIZE_E, wolfSSL_SetTmpDH_buffer(ssl, dh_key_der_2048,
  1665. sizeof_dh_key_der_2048, WOLFSSL_FILETYPE_ASN1));
  1666. wolfSSL_free(ssl2);
  1667. wolfSSL_CTX_free(ctx2);
  1668. wolfSSL_free(ssl);
  1669. wolfSSL_CTX_free(ctx);
  1670. #endif
  1671. }
  1672. /* Test function for wolfSSL_SetMinVersion. Sets the minimum downgrade version
  1673. * allowed.
  1674. * POST: return 1 on success.
  1675. */
  1676. static int test_wolfSSL_SetMinVersion(void)
  1677. {
  1678. int failFlag = WOLFSSL_SUCCESS;
  1679. #ifndef NO_WOLFSSL_CLIENT
  1680. WOLFSSL_CTX* ctx;
  1681. WOLFSSL* ssl;
  1682. int itr;
  1683. #ifndef NO_OLD_TLS
  1684. const int versions[] = {
  1685. #ifdef WOLFSSL_ALLOW_TLSV10
  1686. WOLFSSL_TLSV1,
  1687. #endif
  1688. WOLFSSL_TLSV1_1,
  1689. WOLFSSL_TLSV1_2};
  1690. #elif !defined(WOLFSSL_NO_TLS12)
  1691. const int versions[] = { WOLFSSL_TLSV1_2 };
  1692. #else
  1693. const int versions[] = { WOLFSSL_TLSV1_3 };
  1694. #endif
  1695. ctx = wolfSSL_CTX_new(wolfSSLv23_client_method());
  1696. ssl = wolfSSL_new(ctx);
  1697. printf(testingFmt, "wolfSSL_SetMinVersion()");
  1698. for (itr = 0; itr < (int)(sizeof(versions)/sizeof(int)); itr++){
  1699. if(wolfSSL_SetMinVersion(ssl, *(versions + itr)) != WOLFSSL_SUCCESS){
  1700. failFlag = WOLFSSL_FAILURE;
  1701. }
  1702. }
  1703. printf(resultFmt, failFlag == WOLFSSL_SUCCESS ? passed : failed);
  1704. wolfSSL_free(ssl);
  1705. wolfSSL_CTX_free(ctx);
  1706. #endif
  1707. return failFlag;
  1708. } /* END test_wolfSSL_SetMinVersion */
  1709. /*----------------------------------------------------------------------------*
  1710. | EC
  1711. *----------------------------------------------------------------------------*/
  1712. /* Test function for EC_POINT_new, EC_POINT_mul, EC_POINT_free,
  1713. EC_GROUP_new_by_curve_name, EC_GROUP_order_bits
  1714. */
  1715. # if defined(OPENSSL_EXTRA) && \
  1716. (!defined(HAVE_FIPS) || (defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION>2)))
  1717. static void test_wolfSSL_EC(void)
  1718. {
  1719. #if defined(HAVE_ECC)
  1720. BN_CTX *ctx;
  1721. EC_GROUP *group;
  1722. EC_GROUP *group2;
  1723. EC_POINT *Gxy, *new_point, *set_point;
  1724. BIGNUM *k = NULL, *Gx = NULL, *Gy = NULL, *Gz = NULL;
  1725. BIGNUM *X, *Y;
  1726. BIGNUM *set_point_bn;
  1727. char* hexStr;
  1728. int group_bits;
  1729. const char* kTest = "F4F8338AFCC562C5C3F3E1E46A7EFECD17AF381913FF7A96314EA47055EA0FD0";
  1730. /* NISTP256R1 Gx/Gy */
  1731. const char* kGx = "6B17D1F2E12C4247F8BCE6E563A440F277037D812DEB33A0F4A13945D898C296";
  1732. const char* kGy = "4FE342E2FE1A7F9B8EE7EB4A7C0F9E162BCE33576B315ECECBB6406837BF51F5";
  1733. #ifndef HAVE_SELFTEST
  1734. EC_POINT *tmp;
  1735. size_t bin_len;
  1736. unsigned char* buf = NULL;
  1737. const char* uncompG = "046B17D1F2E12C4247F8BCE6E563A440F277037D812DEB33A0F4A13945D898C2964FE342E2FE1A7F9B8EE7EB4A7C0F9E162BCE33576B315ECECBB6406837BF51F5";
  1738. const unsigned char binUncompG[] = {
  1739. 0x04, 0x6b, 0x17, 0xd1, 0xf2, 0xe1, 0x2c, 0x42, 0x47, 0xf8, 0xbc,
  1740. 0xe6, 0xe5, 0x63, 0xa4, 0x40, 0xf2, 0x77, 0x03, 0x7d, 0x81, 0x2d,
  1741. 0xeb, 0x33, 0xa0, 0xf4, 0xa1, 0x39, 0x45, 0xd8, 0x98, 0xc2, 0x96,
  1742. 0x4f, 0xe3, 0x42, 0xe2, 0xfe, 0x1a, 0x7f, 0x9b, 0x8e, 0xe7, 0xeb,
  1743. 0x4a, 0x7c, 0x0f, 0x9e, 0x16, 0x2b, 0xce, 0x33, 0x57, 0x6b, 0x31,
  1744. 0x5e, 0xce, 0xcb, 0xb6, 0x40, 0x68, 0x37, 0xbf, 0x51, 0xf5,
  1745. };
  1746. #ifdef HAVE_COMP_KEY
  1747. const char* compG = "036B17D1F2E12C4247F8BCE6E563A440F277037D812DEB33A0F4A13945D898C296";
  1748. const unsigned char binCompG[] = {
  1749. 0x03, 0x6b, 0x17, 0xd1, 0xf2, 0xe1, 0x2c, 0x42, 0x47, 0xf8, 0xbc,
  1750. 0xe6, 0xe5, 0x63, 0xa4, 0x40, 0xf2, 0x77, 0x03, 0x7d, 0x81, 0x2d,
  1751. 0xeb, 0x33, 0xa0, 0xf4, 0xa1, 0x39, 0x45, 0xd8, 0x98, 0xc2, 0x96,
  1752. };
  1753. #endif
  1754. #endif
  1755. AssertNotNull(ctx = BN_CTX_new());
  1756. AssertNotNull(group = EC_GROUP_new_by_curve_name(NID_X9_62_prime256v1));
  1757. AssertNotNull(group2 = EC_GROUP_dup(group));
  1758. AssertIntEQ((group_bits = EC_GROUP_order_bits(group)), 256);
  1759. AssertNotNull(Gxy = EC_POINT_new(group));
  1760. AssertNotNull(new_point = EC_POINT_new(group));
  1761. AssertNotNull(set_point = EC_POINT_new(group));
  1762. AssertNotNull(X = BN_new());
  1763. AssertNotNull(Y = BN_new());
  1764. AssertNotNull(set_point_bn = BN_new());
  1765. /* load test values */
  1766. AssertIntEQ(BN_hex2bn(&k, kTest), WOLFSSL_SUCCESS);
  1767. AssertIntEQ(BN_hex2bn(&Gx, kGx), WOLFSSL_SUCCESS);
  1768. AssertIntEQ(BN_hex2bn(&Gy, kGy), WOLFSSL_SUCCESS);
  1769. AssertIntEQ(BN_hex2bn(&Gz, "1"), WOLFSSL_SUCCESS);
  1770. /* populate coordinates for input point */
  1771. Gxy->X = Gx;
  1772. Gxy->Y = Gy;
  1773. Gxy->Z = Gz;
  1774. #ifndef HAVE_SELFTEST
  1775. /* perform point multiplication */
  1776. AssertIntEQ(EC_POINT_add(group, new_point, new_point, Gxy, ctx), WOLFSSL_SUCCESS);
  1777. AssertIntEQ(EC_POINT_mul(group, new_point, Gx, Gxy, k, ctx), WOLFSSL_SUCCESS);
  1778. AssertIntEQ(BN_is_zero(new_point->X), 0);
  1779. AssertIntEQ(BN_is_zero(new_point->Y), 0);
  1780. AssertIntEQ(BN_is_zero(new_point->Z), 0);
  1781. AssertIntEQ(EC_POINT_mul(group, new_point, NULL, Gxy, k, ctx), WOLFSSL_SUCCESS);
  1782. AssertIntEQ(BN_is_zero(new_point->X), 0);
  1783. AssertIntEQ(BN_is_zero(new_point->Y), 0);
  1784. AssertIntEQ(BN_is_zero(new_point->Z), 0);
  1785. AssertIntEQ(EC_POINT_mul(group, new_point, Gx, NULL, NULL, ctx), WOLFSSL_SUCCESS);
  1786. AssertIntEQ(BN_is_zero(new_point->X), 0);
  1787. AssertIntEQ(BN_is_zero(new_point->Y), 0);
  1788. AssertIntEQ(BN_is_zero(new_point->Z), 0);
  1789. #else
  1790. AssertIntEQ(EC_POINT_set_affine_coordinates_GFp(group, new_point, Gx, Gy, ctx), WOLFSSL_SUCCESS);
  1791. AssertIntEQ(BN_is_zero(new_point->X), 0);
  1792. AssertIntEQ(BN_is_zero(new_point->Y), 0);
  1793. AssertIntEQ(BN_is_zero(new_point->Z), 0);
  1794. #endif
  1795. /* check if point X coordinate is zero */
  1796. AssertIntEQ(BN_is_zero(new_point->X), 0);
  1797. #ifdef USE_ECC_B_PARAM
  1798. AssertIntEQ(EC_POINT_is_on_curve(group, new_point, ctx), 1);
  1799. #endif /* USE_ECC_B_PARAM */
  1800. /* Force non-affine coordinates */
  1801. AssertIntEQ(BN_add(new_point->Z, (WOLFSSL_BIGNUM*)BN_value_one(),
  1802. (WOLFSSL_BIGNUM*)BN_value_one()), 1);
  1803. new_point->inSet = 0;
  1804. /* extract the coordinates from point */
  1805. AssertIntEQ(EC_POINT_get_affine_coordinates_GFp(group, new_point, X, Y, ctx), WOLFSSL_SUCCESS);
  1806. /* check if point X coordinate is zero */
  1807. AssertIntEQ(BN_is_zero(X), WOLFSSL_FAILURE);
  1808. /* set the same X and Y points in another object */
  1809. AssertIntEQ(EC_POINT_set_affine_coordinates_GFp(group, set_point, X, Y, ctx), WOLFSSL_SUCCESS);
  1810. /* compare points as they should be the same */
  1811. AssertIntEQ(EC_POINT_cmp(group, new_point, set_point, ctx), 0);
  1812. /* Test copying */
  1813. AssertIntEQ(EC_POINT_copy(new_point, set_point), 1);
  1814. /* Test inverting */
  1815. AssertIntEQ(EC_POINT_invert(group, new_point, ctx), 1);
  1816. AssertPtrEq(EC_POINT_point2bn(group, set_point, POINT_CONVERSION_UNCOMPRESSED,
  1817. set_point_bn, ctx), set_point_bn);
  1818. /* check bn2hex */
  1819. hexStr = BN_bn2hex(k);
  1820. AssertStrEQ(hexStr, kTest);
  1821. #ifndef NO_FILESYSTEM
  1822. BN_print_fp(stdout, k);
  1823. printf("\n");
  1824. #endif
  1825. XFREE(hexStr, NULL, DYNAMIC_TYPE_ECC);
  1826. hexStr = BN_bn2hex(Gx);
  1827. AssertStrEQ(hexStr, kGx);
  1828. #ifndef NO_FILESYSTEM
  1829. BN_print_fp(stdout, Gx);
  1830. printf("\n");
  1831. #endif
  1832. XFREE(hexStr, NULL, DYNAMIC_TYPE_ECC);
  1833. hexStr = BN_bn2hex(Gy);
  1834. AssertStrEQ(hexStr, kGy);
  1835. #ifndef NO_FILESYSTEM
  1836. BN_print_fp(stdout, Gy);
  1837. printf("\n");
  1838. #endif
  1839. XFREE(hexStr, NULL, DYNAMIC_TYPE_ECC);
  1840. #ifndef HAVE_SELFTEST
  1841. hexStr = EC_POINT_point2hex(group, Gxy, POINT_CONVERSION_UNCOMPRESSED, ctx);
  1842. AssertStrEQ(hexStr, uncompG);
  1843. XFREE(hexStr, NULL, DYNAMIC_TYPE_ECC);
  1844. #ifdef HAVE_COMP_KEY
  1845. hexStr = EC_POINT_point2hex(group, Gxy, POINT_CONVERSION_COMPRESSED, ctx);
  1846. AssertStrEQ(hexStr, compG);
  1847. XFREE(hexStr, NULL, DYNAMIC_TYPE_ECC);
  1848. #endif
  1849. bin_len = EC_POINT_point2oct(group, Gxy, POINT_CONVERSION_UNCOMPRESSED, NULL, 0, ctx);
  1850. AssertIntEQ(bin_len, sizeof(binUncompG));
  1851. AssertNotNull(buf = (unsigned char*)XMALLOC(bin_len, NULL, DYNAMIC_TYPE_ECC));
  1852. AssertIntEQ(EC_POINT_point2oct(group, Gxy, POINT_CONVERSION_UNCOMPRESSED, buf,
  1853. bin_len, ctx), bin_len);
  1854. AssertIntEQ(XMEMCMP(buf, binUncompG, sizeof(binUncompG)), 0);
  1855. XFREE(buf, NULL, DYNAMIC_TYPE_ECC);
  1856. #ifdef HAVE_COMP_KEY
  1857. bin_len = EC_POINT_point2oct(group, Gxy, POINT_CONVERSION_COMPRESSED, NULL, 0, ctx);
  1858. AssertIntEQ(bin_len, sizeof(binCompG));
  1859. AssertNotNull(buf = (unsigned char*)XMALLOC(bin_len, NULL, DYNAMIC_TYPE_ECC));
  1860. AssertIntEQ(EC_POINT_point2oct(group, Gxy, POINT_CONVERSION_COMPRESSED, buf,
  1861. bin_len, ctx), bin_len);
  1862. AssertIntEQ(XMEMCMP(buf, binCompG, sizeof(binCompG)), 0);
  1863. XFREE(buf, NULL, DYNAMIC_TYPE_ECC);
  1864. #endif
  1865. AssertNotNull(tmp = EC_POINT_new(group));
  1866. AssertIntEQ(EC_POINT_oct2point(group, tmp, binUncompG, sizeof(binUncompG), ctx), 1);
  1867. AssertIntEQ(EC_POINT_cmp(group, tmp, Gxy, ctx), 0);
  1868. EC_POINT_free(tmp);
  1869. #ifdef HAVE_COMP_KEY
  1870. AssertNotNull(tmp = EC_POINT_new(group));
  1871. AssertIntEQ(EC_POINT_oct2point(group, tmp, binCompG, sizeof(binCompG), ctx), 1);
  1872. AssertIntEQ(EC_POINT_cmp(group, tmp, Gxy, ctx), 0);
  1873. EC_POINT_free(tmp);
  1874. #endif
  1875. #endif
  1876. /* test BN_mod_add */
  1877. AssertIntEQ(BN_mod_add(new_point->Z, (WOLFSSL_BIGNUM*)BN_value_one(),
  1878. (WOLFSSL_BIGNUM*)BN_value_one(),
  1879. (WOLFSSL_BIGNUM*)BN_value_one(), NULL), 1);
  1880. AssertIntEQ(BN_is_zero(new_point->Z), 1);
  1881. /* cleanup */
  1882. BN_free(X);
  1883. BN_free(Y);
  1884. BN_free(k);
  1885. BN_free(set_point_bn);
  1886. EC_POINT_free(new_point);
  1887. EC_POINT_free(set_point);
  1888. EC_POINT_free(Gxy);
  1889. EC_GROUP_free(group);
  1890. EC_GROUP_free(group2);
  1891. BN_CTX_free(ctx);
  1892. #endif /* HAVE_ECC */
  1893. }
  1894. #endif /* OPENSSL_EXTRA && ( !HAVE_FIPS || HAVE_FIPS_VERSION > 2) */
  1895. #ifndef NO_BIO
  1896. static void test_wolfSSL_PEM_read_bio_ECPKParameters(void)
  1897. {
  1898. #if defined(HAVE_ECC) && !defined(NO_FILESYSTEM) && defined(OPENSSL_EXTRA)
  1899. EC_GROUP *group;
  1900. BIO* bio;
  1901. AssertNotNull(bio = BIO_new(BIO_s_file()));
  1902. AssertIntEQ(BIO_read_filename(bio, eccKeyFile), WOLFSSL_SUCCESS);
  1903. AssertNotNull(group = PEM_read_bio_ECPKParameters(bio, NULL, NULL, NULL));
  1904. AssertIntEQ(EC_GROUP_get_curve_name(group), NID_X9_62_prime256v1);
  1905. EC_GROUP_free(group);
  1906. BIO_free(bio);
  1907. #endif /* HAVE_ECC */
  1908. }
  1909. #endif /* !NO_BIO */
  1910. # if defined(OPENSSL_EXTRA)
  1911. static void test_wolfSSL_ECDSA_SIG(void)
  1912. {
  1913. #ifdef HAVE_ECC
  1914. WOLFSSL_ECDSA_SIG* sig = NULL;
  1915. WOLFSSL_ECDSA_SIG* sig2 = NULL;
  1916. const unsigned char* cp;
  1917. unsigned char* p;
  1918. unsigned char outSig[8];
  1919. unsigned char sigData[8] =
  1920. { 0x30, 0x06, 0x02, 0x01, 0x01, 0x02, 0x01, 0x01 };
  1921. sig = wolfSSL_d2i_ECDSA_SIG(NULL, NULL, sizeof(sigData));
  1922. AssertNull(sig);
  1923. cp = sigData;
  1924. AssertNotNull((sig = wolfSSL_d2i_ECDSA_SIG(NULL, &cp, sizeof(sigData))));
  1925. AssertIntEQ((cp == sigData + 8), 1);
  1926. cp = sigData;
  1927. AssertNull(wolfSSL_d2i_ECDSA_SIG(&sig, NULL, sizeof(sigData)));
  1928. AssertNotNull((sig2 = wolfSSL_d2i_ECDSA_SIG(&sig, &cp, sizeof(sigData))));
  1929. AssertIntEQ((sig == sig2), 1);
  1930. cp = outSig;
  1931. p = outSig;
  1932. AssertIntEQ(wolfSSL_i2d_ECDSA_SIG(NULL, &p), 0);
  1933. AssertIntEQ(wolfSSL_i2d_ECDSA_SIG(NULL, NULL), 0);
  1934. AssertIntEQ(wolfSSL_i2d_ECDSA_SIG(sig, NULL), 8);
  1935. AssertIntEQ(wolfSSL_i2d_ECDSA_SIG(sig, &p), sizeof(sigData));
  1936. AssertIntEQ((p == outSig + 8), 1);
  1937. AssertIntEQ(XMEMCMP(sigData, outSig, 8), 0);
  1938. wolfSSL_ECDSA_SIG_free(sig);
  1939. #endif /* HAVE_ECC */
  1940. }
  1941. static void test_EC_i2d(void)
  1942. {
  1943. #if defined(HAVE_ECC) && !defined(HAVE_FIPS)
  1944. EC_KEY *key;
  1945. EC_KEY *copy;
  1946. int len;
  1947. unsigned char *buf = NULL;
  1948. const unsigned char *tmp = NULL;
  1949. AssertNotNull(key = EC_KEY_new_by_curve_name(NID_X9_62_prime256v1));
  1950. AssertIntEQ(EC_KEY_generate_key(key), 1);
  1951. AssertIntGT((len = i2d_EC_PUBKEY(key, NULL)), 0);
  1952. AssertIntEQ(i2d_EC_PUBKEY(key, &buf), len);
  1953. XFREE(buf, NULL, DYNAMIC_TYPE_TMP_BUFFER);
  1954. buf = NULL;
  1955. AssertIntGT((len = i2d_ECPrivateKey(key, NULL)), 0);
  1956. AssertIntEQ(i2d_ECPrivateKey(key, &buf), len);
  1957. tmp = buf;
  1958. AssertNotNull(d2i_ECPrivateKey(&copy, &tmp, len));
  1959. XFREE(buf, NULL, DYNAMIC_TYPE_TMP_BUFFER);
  1960. EC_KEY_free(key);
  1961. EC_KEY_free(copy);
  1962. #endif /* HAVE_ECC */
  1963. }
  1964. static void test_ECDSA_size_sign(void)
  1965. {
  1966. #if defined(HAVE_ECC) && !defined(NO_ECC256) && !defined(NO_ECC_SECP)
  1967. EC_KEY *key;
  1968. int id;
  1969. byte hash[WC_MAX_DIGEST_SIZE];
  1970. byte sig[ECC_BUFSIZE];
  1971. unsigned int sigSz = sizeof(sig);
  1972. XMEMSET(hash, 123, sizeof(hash));
  1973. id = wc_ecc_get_curve_id_from_name("SECP256R1");
  1974. AssertIntEQ(id, ECC_SECP256R1);
  1975. AssertNotNull(key = EC_KEY_new_by_curve_name(NID_X9_62_prime256v1));
  1976. AssertIntEQ(EC_KEY_generate_key(key), 1);
  1977. AssertIntEQ(ECDSA_sign(0, hash, sizeof(hash), sig, &sigSz, key), 1);
  1978. AssertIntGE(ECDSA_size(key), sigSz);
  1979. EC_KEY_free(key);
  1980. #endif /* HAVE_ECC && !NO_ECC256 && !NO_ECC_SECP */
  1981. }
  1982. static void test_ED25519(void)
  1983. {
  1984. #if defined(HAVE_ED25519) && defined(WOLFSSL_KEY_GEN)
  1985. byte priv[ED25519_PRV_KEY_SIZE];
  1986. unsigned int privSz = (unsigned int)sizeof(priv);
  1987. byte pub[ED25519_PUB_KEY_SIZE];
  1988. unsigned int pubSz = (unsigned int)sizeof(pub);
  1989. const char* msg = TEST_STRING;
  1990. unsigned int msglen = (unsigned int)TEST_STRING_SZ;
  1991. byte sig[ED25519_SIG_SIZE];
  1992. unsigned int sigSz = (unsigned int)sizeof(sig);
  1993. AssertIntEQ(wolfSSL_ED25519_generate_key(priv, &privSz, pub, &pubSz),
  1994. WOLFSSL_SUCCESS);
  1995. AssertIntEQ(privSz, ED25519_PRV_KEY_SIZE);
  1996. AssertIntEQ(pubSz, ED25519_PUB_KEY_SIZE);
  1997. AssertIntEQ(wolfSSL_ED25519_sign((byte*)msg, msglen, priv, privSz, sig,
  1998. &sigSz), WOLFSSL_SUCCESS);
  1999. AssertIntEQ(sigSz, ED25519_SIG_SIZE);
  2000. AssertIntEQ(wolfSSL_ED25519_verify((byte*)msg, msglen, pub, pubSz, sig,
  2001. sigSz), WOLFSSL_SUCCESS);
  2002. #endif /* HAVE_ED25519 && WOLFSSL_KEY_GEN */
  2003. }
  2004. static void test_ED448(void)
  2005. {
  2006. #if defined(HAVE_ED448) && defined(WOLFSSL_KEY_GEN)
  2007. byte priv[ED448_PRV_KEY_SIZE];
  2008. unsigned int privSz = (unsigned int)sizeof(priv);
  2009. byte pub[ED448_PUB_KEY_SIZE];
  2010. unsigned int pubSz = (unsigned int)sizeof(pub);
  2011. const char* msg = TEST_STRING;
  2012. unsigned int msglen = (unsigned int)TEST_STRING_SZ;
  2013. byte sig[ED448_SIG_SIZE];
  2014. unsigned int sigSz = (unsigned int)sizeof(sig);
  2015. AssertIntEQ(wolfSSL_ED448_generate_key(priv, &privSz, pub, &pubSz),
  2016. WOLFSSL_SUCCESS);
  2017. AssertIntEQ(privSz, ED448_PRV_KEY_SIZE);
  2018. AssertIntEQ(pubSz, ED448_PUB_KEY_SIZE);
  2019. AssertIntEQ(wolfSSL_ED448_sign((byte*)msg, msglen, priv, privSz, sig,
  2020. &sigSz), WOLFSSL_SUCCESS);
  2021. AssertIntEQ(sigSz, ED448_SIG_SIZE);
  2022. AssertIntEQ(wolfSSL_ED448_verify((byte*)msg, msglen, pub, pubSz, sig,
  2023. sigSz), WOLFSSL_SUCCESS);
  2024. #endif /* HAVE_ED448 && WOLFSSL_KEY_GEN */
  2025. }
  2026. #endif /* OPENSSL_EXTRA */
  2027. #include <wolfssl/openssl/pem.h>
  2028. /*----------------------------------------------------------------------------*
  2029. | EVP
  2030. *----------------------------------------------------------------------------*/
  2031. /* Test function for wolfSSL_EVP_get_cipherbynid.
  2032. */
  2033. #ifdef OPENSSL_EXTRA
  2034. static void test_wolfSSL_EVP_get_cipherbynid(void)
  2035. {
  2036. #ifndef NO_AES
  2037. const WOLFSSL_EVP_CIPHER* c;
  2038. c = wolfSSL_EVP_get_cipherbynid(419);
  2039. #if defined(HAVE_AES_CBC) && defined(WOLFSSL_AES_128)
  2040. AssertNotNull(c);
  2041. AssertNotNull(strcmp("EVP_AES_128_CBC", c));
  2042. #else
  2043. AssertNull(c);
  2044. #endif
  2045. c = wolfSSL_EVP_get_cipherbynid(423);
  2046. #if defined(HAVE_AES_CBC) && defined(WOLFSSL_AES_192)
  2047. AssertNotNull(c);
  2048. AssertNotNull(strcmp("EVP_AES_192_CBC", c));
  2049. #else
  2050. AssertNull(c);
  2051. #endif
  2052. c = wolfSSL_EVP_get_cipherbynid(427);
  2053. #if defined(HAVE_AES_CBC) && defined(WOLFSSL_AES_256)
  2054. AssertNotNull(c);
  2055. AssertNotNull(strcmp("EVP_AES_256_CBC", c));
  2056. #else
  2057. AssertNull(c);
  2058. #endif
  2059. c = wolfSSL_EVP_get_cipherbynid(904);
  2060. #if defined(WOLFSSL_AES_COUNTER) && defined(WOLFSSL_AES_128)
  2061. AssertNotNull(c);
  2062. AssertNotNull(strcmp("EVP_AES_128_CTR", c));
  2063. #else
  2064. AssertNull(c);
  2065. #endif
  2066. c = wolfSSL_EVP_get_cipherbynid(905);
  2067. #if defined(WOLFSSL_AES_COUNTER) && defined(WOLFSSL_AES_192)
  2068. AssertNotNull(c);
  2069. AssertNotNull(strcmp("EVP_AES_192_CTR", c));
  2070. #else
  2071. AssertNull(c);
  2072. #endif
  2073. c = wolfSSL_EVP_get_cipherbynid(906);
  2074. #if defined(WOLFSSL_AES_COUNTER) && defined(WOLFSSL_AES_256)
  2075. AssertNotNull(c);
  2076. AssertNotNull(strcmp("EVP_AES_256_CTR", c));
  2077. #else
  2078. AssertNull(c);
  2079. #endif
  2080. c = wolfSSL_EVP_get_cipherbynid(418);
  2081. #if defined(HAVE_AES_ECB) && defined(WOLFSSL_AES_128)
  2082. AssertNotNull(c);
  2083. AssertNotNull(strcmp("EVP_AES_128_ECB", c));
  2084. #else
  2085. AssertNull(c);
  2086. #endif
  2087. c = wolfSSL_EVP_get_cipherbynid(422);
  2088. #if defined(HAVE_AES_ECB) && defined(WOLFSSL_AES_192)
  2089. AssertNotNull(c);
  2090. AssertNotNull(strcmp("EVP_AES_192_ECB", c));
  2091. #else
  2092. AssertNull(c);
  2093. #endif
  2094. c = wolfSSL_EVP_get_cipherbynid(426);
  2095. #if defined(HAVE_AES_ECB) && defined(WOLFSSL_AES_256)
  2096. AssertNotNull(c);
  2097. AssertNotNull(strcmp("EVP_AES_256_ECB", c));
  2098. #else
  2099. AssertNull(c);
  2100. #endif
  2101. #endif /* !NO_AES */
  2102. #ifndef NO_DES3
  2103. AssertNotNull(strcmp("EVP_DES_CBC", wolfSSL_EVP_get_cipherbynid(31)));
  2104. #ifdef WOLFSSL_DES_ECB
  2105. AssertNotNull(strcmp("EVP_DES_ECB", wolfSSL_EVP_get_cipherbynid(29)));
  2106. #endif
  2107. AssertNotNull(strcmp("EVP_DES_EDE3_CBC", wolfSSL_EVP_get_cipherbynid(44)));
  2108. #ifdef WOLFSSL_DES_ECB
  2109. AssertNotNull(strcmp("EVP_DES_EDE3_ECB", wolfSSL_EVP_get_cipherbynid(33)));
  2110. #endif
  2111. #endif /* !NO_DES3 */
  2112. #ifdef HAVE_IDEA
  2113. AssertNotNull(strcmp("EVP_IDEA_CBC", wolfSSL_EVP_get_cipherbynid(34)));
  2114. #endif
  2115. /* test for nid is out of range */
  2116. AssertNull(wolfSSL_EVP_get_cipherbynid(1));
  2117. }
  2118. static void test_wolfSSL_EVP_CIPHER_CTX(void)
  2119. {
  2120. #if !defined(NO_AES) && defined(HAVE_AES_CBC) && defined(WOLFSSL_AES_128)
  2121. EVP_CIPHER_CTX *ctx = EVP_CIPHER_CTX_new();
  2122. const EVP_CIPHER *init = EVP_aes_128_cbc();
  2123. const EVP_CIPHER *test;
  2124. byte key[AES_BLOCK_SIZE] = {0};
  2125. byte iv[AES_BLOCK_SIZE] = {0};
  2126. AssertNotNull(ctx);
  2127. wolfSSL_EVP_CIPHER_CTX_init(ctx);
  2128. AssertIntEQ(EVP_CipherInit(ctx, init, key, iv, 1), WOLFSSL_SUCCESS);
  2129. test = EVP_CIPHER_CTX_cipher(ctx);
  2130. AssertTrue(init == test);
  2131. AssertIntEQ(EVP_CIPHER_nid(test), NID_aes_128_cbc);
  2132. AssertIntEQ(EVP_CIPHER_CTX_reset(ctx), WOLFSSL_SUCCESS);
  2133. AssertIntEQ(EVP_CIPHER_CTX_reset(NULL), WOLFSSL_FAILURE);
  2134. EVP_CIPHER_CTX_free(ctx);
  2135. #endif /* !NO_AES && HAVE_AES_CBC && WOLFSSL_AES_128 */
  2136. }
  2137. #endif /* OPENSSL_EXTRA */
  2138. /*----------------------------------------------------------------------------*
  2139. | IO
  2140. *----------------------------------------------------------------------------*/
  2141. #if !defined(NO_FILESYSTEM) && !defined(NO_CERTS) && \
  2142. !defined(NO_RSA) && !defined(SINGLE_THREADED) && \
  2143. !defined(NO_WOLFSSL_SERVER) && !defined(NO_WOLFSSL_CLIENT)
  2144. #define HAVE_IO_TESTS_DEPENDENCIES
  2145. #endif
  2146. /* helper functions */
  2147. #ifdef HAVE_IO_TESTS_DEPENDENCIES
  2148. #ifdef WOLFSSL_SESSION_EXPORT
  2149. /* set up function for sending session information */
  2150. static int test_export(WOLFSSL* inSsl, byte* buf, word32 sz, void* userCtx)
  2151. {
  2152. WOLFSSL_CTX* ctx;
  2153. WOLFSSL* ssl;
  2154. AssertNotNull(inSsl);
  2155. AssertNotNull(buf);
  2156. AssertIntNE(0, sz);
  2157. /* Set ctx to DTLS 1.2 */
  2158. ctx = wolfSSL_CTX_new(wolfDTLSv1_2_server_method());
  2159. AssertNotNull(ctx);
  2160. ssl = wolfSSL_new(ctx);
  2161. AssertNotNull(ssl);
  2162. AssertIntGE(wolfSSL_dtls_import(ssl, buf, sz), 0);
  2163. wolfSSL_free(ssl);
  2164. wolfSSL_CTX_free(ctx);
  2165. (void)userCtx;
  2166. return WOLFSSL_SUCCESS;
  2167. }
  2168. /* returns negative value on fail and positive (including 0) on success */
  2169. static int nonblocking_accept_read(void* args, WOLFSSL* ssl, SOCKET_T* sockfd)
  2170. {
  2171. int ret, err, loop_count, count, timeout = 10;
  2172. char msg[] = "I hear you fa shizzle!";
  2173. char input[1024];
  2174. loop_count = ((func_args*)args)->argc;
  2175. do {
  2176. #ifdef WOLFSSL_ASYNC_CRYPT
  2177. if (err == WC_PENDING_E) {
  2178. ret = wolfSSL_AsyncPoll(ssl, WOLF_POLL_FLAG_CHECK_HW);
  2179. if (ret < 0) { break; } else if (ret == 0) { continue; }
  2180. }
  2181. #endif
  2182. err = 0; /* Reset error */
  2183. ret = wolfSSL_accept(ssl);
  2184. if (ret != WOLFSSL_SUCCESS) {
  2185. err = wolfSSL_get_error(ssl, 0);
  2186. if (err == WOLFSSL_ERROR_WANT_READ ||
  2187. err == WOLFSSL_ERROR_WANT_WRITE) {
  2188. int select_ret;
  2189. err = WC_PENDING_E;
  2190. select_ret = tcp_select(*sockfd, timeout);
  2191. if (select_ret == TEST_TIMEOUT) {
  2192. return WOLFSSL_FATAL_ERROR;
  2193. }
  2194. }
  2195. }
  2196. } while (ret != WOLFSSL_SUCCESS && err == WC_PENDING_E);
  2197. if (ret != WOLFSSL_SUCCESS) {
  2198. char buff[WOLFSSL_MAX_ERROR_SZ];
  2199. printf("error = %d, %s\n", err, wolfSSL_ERR_error_string(err, buff));
  2200. return ret;
  2201. }
  2202. for (count = 0; count < loop_count; count++) {
  2203. int select_ret;
  2204. select_ret = tcp_select(*sockfd, timeout);
  2205. if (select_ret == TEST_TIMEOUT) {
  2206. ret = WOLFSSL_FATAL_ERROR;
  2207. break;
  2208. }
  2209. do {
  2210. ret = wolfSSL_read(ssl, input, sizeof(input)-1);
  2211. if (ret > 0) {
  2212. input[ret] = '\0';
  2213. printf("Client message: %s\n", input);
  2214. }
  2215. } while (err == WOLFSSL_ERROR_WANT_READ && ret != WOLFSSL_SUCCESS);
  2216. do {
  2217. if ((ret = wolfSSL_write(ssl, msg, sizeof(msg))) != sizeof(msg)) {
  2218. return WOLFSSL_FATAL_ERROR;
  2219. }
  2220. err = wolfSSL_get_error(ssl, ret);
  2221. } while (err == WOLFSSL_ERROR_WANT_READ && ret != WOLFSSL_SUCCESS);
  2222. }
  2223. return ret;
  2224. }
  2225. #endif /* WOLFSSL_SESSION_EXPORT */
  2226. /* TODO: Expand and enable this when EVP_chacha20_poly1305 is supported */
  2227. #if defined(HAVE_SESSION_TICKET) && \
  2228. defined(HAVE_AESGCM) && \
  2229. defined(OPENSSL_EXTRA)
  2230. typedef struct openssl_key_ctx {
  2231. byte name[WOLFSSL_TICKET_NAME_SZ]; /* server name */
  2232. byte key[WOLFSSL_TICKET_KEY_SZ]; /* cipher key */
  2233. byte hmacKey[WOLFSSL_TICKET_NAME_SZ]; /* hmac key */
  2234. byte iv[WOLFSSL_TICKET_IV_SZ]; /* cipher iv */
  2235. } openssl_key_ctx;
  2236. static THREAD_LS_T openssl_key_ctx myOpenSSLKey_ctx;
  2237. static THREAD_LS_T WC_RNG myOpenSSLKey_rng;
  2238. static WC_INLINE int OpenSSLTicketInit(void)
  2239. {
  2240. int ret = wc_InitRng(&myOpenSSLKey_rng);
  2241. if (ret != 0) return ret;
  2242. ret = wc_RNG_GenerateBlock(&myOpenSSLKey_rng, myOpenSSLKey_ctx.name,
  2243. sizeof(myOpenSSLKey_ctx.name));
  2244. if (ret != 0) return ret;
  2245. ret = wc_RNG_GenerateBlock(&myOpenSSLKey_rng, myOpenSSLKey_ctx.key,
  2246. sizeof(myOpenSSLKey_ctx.key));
  2247. if (ret != 0) return ret;
  2248. ret = wc_RNG_GenerateBlock(&myOpenSSLKey_rng, myOpenSSLKey_ctx.hmacKey,
  2249. sizeof(myOpenSSLKey_ctx.hmacKey));
  2250. if (ret != 0) return ret;
  2251. ret = wc_RNG_GenerateBlock(&myOpenSSLKey_rng, myOpenSSLKey_ctx.iv,
  2252. sizeof(myOpenSSLKey_ctx.iv));
  2253. if (ret != 0) return ret;
  2254. return 0;
  2255. }
  2256. static WC_INLINE int myTicketEncCbOpenSSL(WOLFSSL* ssl,
  2257. byte name[WOLFSSL_TICKET_NAME_SZ],
  2258. byte iv[WOLFSSL_TICKET_IV_SZ],
  2259. WOLFSSL_EVP_CIPHER_CTX *ectx,
  2260. WOLFSSL_HMAC_CTX *hctx, int enc) {
  2261. (void)ssl;
  2262. if (enc) {
  2263. XMEMCPY(name, myOpenSSLKey_ctx.name, sizeof(myOpenSSLKey_ctx.name));
  2264. XMEMCPY(iv, myOpenSSLKey_ctx.iv, sizeof(myOpenSSLKey_ctx.iv));
  2265. }
  2266. else if (XMEMCMP(name, myOpenSSLKey_ctx.name,
  2267. sizeof(myOpenSSLKey_ctx.name)) != 0 ||
  2268. XMEMCMP(iv, myOpenSSLKey_ctx.iv,
  2269. sizeof(myOpenSSLKey_ctx.iv)) != 0) {
  2270. return 0;
  2271. }
  2272. HMAC_Init_ex(hctx, myOpenSSLKey_ctx.hmacKey, WOLFSSL_TICKET_NAME_SZ, EVP_sha256(), NULL);
  2273. if (enc)
  2274. EVP_EncryptInit_ex(ectx, EVP_aes_256_cbc(), NULL, myOpenSSLKey_ctx.key, iv);
  2275. else
  2276. EVP_DecryptInit_ex(ectx, EVP_aes_256_cbc(), NULL, myOpenSSLKey_ctx.key, iv);
  2277. return 1;
  2278. }
  2279. static WC_INLINE void OpenSSLTicketCleanup(void)
  2280. {
  2281. wc_FreeRng(&myOpenSSLKey_rng);
  2282. }
  2283. #endif
  2284. static THREAD_RETURN WOLFSSL_THREAD test_server_nofail(void* args)
  2285. {
  2286. SOCKET_T sockfd = 0;
  2287. SOCKET_T clientfd = 0;
  2288. word16 port;
  2289. callback_functions* cbf;
  2290. WOLFSSL_CTX* ctx = 0;
  2291. WOLFSSL* ssl = 0;
  2292. char msg[] = "I hear you fa shizzle!";
  2293. char input[1024];
  2294. int idx;
  2295. int ret, err = 0;
  2296. int sharedCtx = 0;
  2297. #ifdef WOLFSSL_TIRTOS
  2298. fdOpenSession(Task_self());
  2299. #endif
  2300. ((func_args*)args)->return_code = TEST_FAIL;
  2301. cbf = ((func_args*)args)->callbacks;
  2302. #if defined(OPENSSL_EXTRA) || defined(WOLFSSL_EITHER_SIDE)
  2303. if (cbf != NULL && cbf->ctx) {
  2304. ctx = cbf->ctx;
  2305. sharedCtx = 1;
  2306. }
  2307. else
  2308. #endif
  2309. {
  2310. WOLFSSL_METHOD* method = NULL;
  2311. if (cbf != NULL && cbf->method != NULL) {
  2312. method = cbf->method();
  2313. }
  2314. else {
  2315. method = wolfSSLv23_server_method();
  2316. }
  2317. ctx = wolfSSL_CTX_new(method);
  2318. }
  2319. if (ctx == NULL) {
  2320. goto done;
  2321. }
  2322. #if defined(HAVE_SESSION_TICKET) && \
  2323. ((defined(HAVE_CHACHA) && defined(HAVE_POLY1305)) || defined(HAVE_AESGCM))
  2324. #if defined(OPENSSL_EXTRA) && defined(HAVE_AESGCM)
  2325. OpenSSLTicketInit();
  2326. wolfSSL_CTX_set_tlsext_ticket_key_cb(ctx, myTicketEncCbOpenSSL);
  2327. #elif defined(WOLFSSL_NO_DEF_TICKET_ENC_CB)
  2328. TicketInit();
  2329. wolfSSL_CTX_set_TicketEncCb(ctx, myTicketEncCb);
  2330. #endif
  2331. #endif
  2332. #if defined(USE_WINDOWS_API)
  2333. port = ((func_args*)args)->signal->port;
  2334. #elif defined(NO_MAIN_DRIVER) && !defined(WOLFSSL_SNIFFER) && \
  2335. !defined(WOLFSSL_MDK_SHELL) && !defined(WOLFSSL_TIRTOS)
  2336. /* Let tcp_listen assign port */
  2337. port = 0;
  2338. #else
  2339. /* Use default port */
  2340. port = wolfSSLPort;
  2341. #endif
  2342. /* do it here to detect failure */
  2343. tcp_accept(&sockfd, &clientfd, (func_args*)args, port, 0, 0, 0, 0, 1);
  2344. CloseSocket(sockfd);
  2345. wolfSSL_CTX_set_verify(ctx,
  2346. WOLFSSL_VERIFY_PEER | WOLFSSL_VERIFY_FAIL_IF_NO_PEER_CERT, 0);
  2347. #ifdef WOLFSSL_ENCRYPTED_KEYS
  2348. wolfSSL_CTX_set_default_passwd_cb(ctx, PasswordCallBack);
  2349. #endif
  2350. if (wolfSSL_CTX_load_verify_locations(ctx, cliCertFile, 0)
  2351. != WOLFSSL_SUCCESS) {
  2352. /*err_sys("can't load ca file, Please run from wolfSSL home dir");*/
  2353. goto done;
  2354. }
  2355. #if defined(OPENSSL_EXTRA) || defined(WOLFSSL_EITHER_SIDE)
  2356. if (!sharedCtx && wolfSSL_CTX_use_certificate_file(ctx, svrCertFile,
  2357. WOLFSSL_FILETYPE_PEM) != WOLFSSL_SUCCESS) {
  2358. #else
  2359. if (wolfSSL_CTX_use_certificate_file(ctx, svrCertFile,
  2360. WOLFSSL_FILETYPE_PEM) != WOLFSSL_SUCCESS) {
  2361. #endif
  2362. /*err_sys("can't load server cert chain file, "
  2363. "Please run from wolfSSL home dir");*/
  2364. goto done;
  2365. }
  2366. #if defined(OPENSSL_EXTRA) || defined(WOLFSSL_EITHER_SIDE)
  2367. if (!sharedCtx && wolfSSL_CTX_use_PrivateKey_file(ctx, svrKeyFile,
  2368. WOLFSSL_FILETYPE_PEM) != WOLFSSL_SUCCESS) {
  2369. #else
  2370. if (wolfSSL_CTX_use_PrivateKey_file(ctx, svrKeyFile,
  2371. WOLFSSL_FILETYPE_PEM) != WOLFSSL_SUCCESS) {
  2372. #endif
  2373. /*err_sys("can't load server key file, "
  2374. "Please run from wolfSSL home dir");*/
  2375. goto done;
  2376. }
  2377. /* call ctx setup callback */
  2378. if (cbf != NULL && cbf->ctx_ready != NULL) {
  2379. cbf->ctx_ready(ctx);
  2380. }
  2381. ssl = wolfSSL_new(ctx);
  2382. if (ssl == NULL) {
  2383. goto done;
  2384. }
  2385. #ifdef WOLFSSL_SESSION_EXPORT
  2386. /* only add in more complex nonblocking case with session export tests */
  2387. if (args && ((func_args*)args)->argc > 0) {
  2388. /* set as nonblock and time out for waiting on read/write */
  2389. tcp_set_nonblocking(&clientfd);
  2390. wolfSSL_dtls_set_using_nonblock(ssl, 1);
  2391. }
  2392. #endif
  2393. #if defined(OPENSSL_EXTRA) || defined(WOLFSSL_EITHER_SIDE)
  2394. if (sharedCtx && wolfSSL_use_certificate_file(ssl, svrCertFile,
  2395. WOLFSSL_FILETYPE_PEM) != WOLFSSL_SUCCESS) {
  2396. #else
  2397. if (wolfSSL_use_certificate_file(ssl, svrCertFile,
  2398. WOLFSSL_FILETYPE_PEM) != WOLFSSL_SUCCESS) {
  2399. #endif
  2400. /*err_sys("can't load server cert chain file, "
  2401. "Please run from wolfSSL home dir");*/
  2402. goto done;
  2403. }
  2404. #if defined(OPENSSL_EXTRA) || defined(WOLFSSL_EITHER_SIDE)
  2405. if (sharedCtx && wolfSSL_use_PrivateKey_file(ssl, svrKeyFile,
  2406. WOLFSSL_FILETYPE_PEM) != WOLFSSL_SUCCESS) {
  2407. #else
  2408. if (wolfSSL_use_PrivateKey_file(ssl, svrKeyFile,
  2409. WOLFSSL_FILETYPE_PEM) != WOLFSSL_SUCCESS) {
  2410. #endif
  2411. /*err_sys("can't load server key file, "
  2412. "Please run from wolfSSL home dir");*/
  2413. goto done;
  2414. }
  2415. if (wolfSSL_set_fd(ssl, clientfd) != WOLFSSL_SUCCESS) {
  2416. /*err_sys("SSL_set_fd failed");*/
  2417. goto done;
  2418. }
  2419. #if !defined(NO_FILESYSTEM) && !defined(NO_DH)
  2420. wolfSSL_SetTmpDH_file(ssl, dhParamFile, WOLFSSL_FILETYPE_PEM);
  2421. #elif !defined(NO_DH)
  2422. SetDH(ssl); /* will repick suites with DHE, higher priority than PSK */
  2423. #endif
  2424. /* call ssl setup callback */
  2425. if (cbf != NULL && cbf->ssl_ready != NULL) {
  2426. cbf->ssl_ready(ssl);
  2427. }
  2428. #ifdef WOLFSSL_SESSION_EXPORT
  2429. /* only add in more complex nonblocking case with session export tests */
  2430. if (((func_args*)args)->argc > 0) {
  2431. ret = nonblocking_accept_read(args, ssl, &clientfd);
  2432. if (ret >= 0) {
  2433. ((func_args*)args)->return_code = TEST_SUCCESS;
  2434. }
  2435. #ifdef WOLFSSL_TIRTOS
  2436. Task_yield();
  2437. #endif
  2438. goto done;
  2439. }
  2440. #endif
  2441. do {
  2442. #ifdef WOLFSSL_ASYNC_CRYPT
  2443. if (err == WC_PENDING_E) {
  2444. ret = wolfSSL_AsyncPoll(ssl, WOLF_POLL_FLAG_CHECK_HW);
  2445. if (ret < 0) { break; } else if (ret == 0) { continue; }
  2446. }
  2447. #endif
  2448. err = 0; /* Reset error */
  2449. ret = wolfSSL_accept(ssl);
  2450. if (ret != WOLFSSL_SUCCESS) {
  2451. err = wolfSSL_get_error(ssl, 0);
  2452. }
  2453. } while (ret != WOLFSSL_SUCCESS && err == WC_PENDING_E);
  2454. if (ret != WOLFSSL_SUCCESS) {
  2455. char buff[WOLFSSL_MAX_ERROR_SZ];
  2456. printf("error = %d, %s\n", err, wolfSSL_ERR_error_string(err, buff));
  2457. /*err_sys("SSL_accept failed");*/
  2458. goto done;
  2459. }
  2460. idx = wolfSSL_read(ssl, input, sizeof(input)-1);
  2461. if (idx > 0) {
  2462. input[idx] = '\0';
  2463. printf("Client message: %s\n", input);
  2464. }
  2465. if (wolfSSL_write(ssl, msg, sizeof(msg)) != sizeof(msg)) {
  2466. /*err_sys("SSL_write failed");*/
  2467. #ifdef WOLFSSL_TIRTOS
  2468. return;
  2469. #else
  2470. return 0;
  2471. #endif
  2472. }
  2473. #ifdef WOLFSSL_TIRTOS
  2474. Task_yield();
  2475. #endif
  2476. ((func_args*)args)->return_code = TEST_SUCCESS;
  2477. done:
  2478. wolfSSL_shutdown(ssl);
  2479. wolfSSL_free(ssl);
  2480. if (!sharedCtx)
  2481. wolfSSL_CTX_free(ctx);
  2482. CloseSocket(clientfd);
  2483. #ifdef WOLFSSL_TIRTOS
  2484. fdCloseSession(Task_self());
  2485. #endif
  2486. #if defined(NO_MAIN_DRIVER) && defined(HAVE_ECC) && defined(FP_ECC) \
  2487. && defined(HAVE_THREAD_LS)
  2488. wc_ecc_fp_free(); /* free per thread cache */
  2489. #endif
  2490. #if defined(HAVE_SESSION_TICKET) && \
  2491. ((defined(HAVE_CHACHA) && defined(HAVE_POLY1305)) || defined(HAVE_AESGCM))
  2492. #if defined(OPENSSL_EXTRA) && defined(HAVE_AESGCM)
  2493. OpenSSLTicketCleanup();
  2494. #elif defined(WOLFSSL_NO_DEF_TICKET_ENC_CB)
  2495. TicketCleanup();
  2496. #endif
  2497. #endif
  2498. #ifndef WOLFSSL_TIRTOS
  2499. return 0;
  2500. #endif
  2501. }
  2502. #if defined(OPENSSL_EXTRA) && !defined(NO_SESSION_CACHE) && !defined(WOLFSSL_TLS13)
  2503. static THREAD_RETURN WOLFSSL_THREAD test_server_loop(void* args)
  2504. {
  2505. SOCKET_T sockfd = 0;
  2506. SOCKET_T clientfd = 0;
  2507. word16 port;
  2508. callback_functions* cbf;
  2509. WOLFSSL_CTX* ctx = 0;
  2510. WOLFSSL* ssl = 0;
  2511. char msg[] = "I hear you fa shizzle!";
  2512. char input[1024];
  2513. int idx;
  2514. int ret, err = 0;
  2515. int sharedCtx = 0;
  2516. int loop_count = ((func_args*)args)->argc;
  2517. int count = 0;
  2518. #ifdef WOLFSSL_TIRTOS
  2519. fdOpenSession(Task_self());
  2520. #endif
  2521. ((func_args*)args)->return_code = TEST_FAIL;
  2522. cbf = ((func_args*)args)->callbacks;
  2523. #if defined(OPENSSL_EXTRA) || defined(WOLFSSL_EITHER_SIDE)
  2524. if (cbf != NULL && cbf->ctx) {
  2525. ctx = cbf->ctx;
  2526. sharedCtx = 1;
  2527. }
  2528. else
  2529. #endif
  2530. {
  2531. WOLFSSL_METHOD* method = NULL;
  2532. if (cbf != NULL && cbf->method != NULL) {
  2533. method = cbf->method();
  2534. }
  2535. else {
  2536. method = wolfSSLv23_server_method();
  2537. }
  2538. ctx = wolfSSL_CTX_new(method);
  2539. }
  2540. #if defined(USE_WINDOWS_API)
  2541. port = ((func_args*)args)->signal->port;
  2542. #elif defined(NO_MAIN_DRIVER) && !defined(WOLFSSL_SNIFFER) && \
  2543. !defined(WOLFSSL_MDK_SHELL) && !defined(WOLFSSL_TIRTOS)
  2544. /* Let tcp_listen assign port */
  2545. port = 0;
  2546. #else
  2547. /* Use default port */
  2548. port = wolfSSLPort;
  2549. #endif
  2550. wolfSSL_CTX_set_verify(ctx,
  2551. WOLFSSL_VERIFY_PEER | WOLFSSL_VERIFY_FAIL_IF_NO_PEER_CERT, 0);
  2552. #ifdef WOLFSSL_ENCRYPTED_KEYS
  2553. wolfSSL_CTX_set_default_passwd_cb(ctx, PasswordCallBack);
  2554. #endif
  2555. if (wolfSSL_CTX_load_verify_locations(ctx, cliCertFile, 0)
  2556. != WOLFSSL_SUCCESS) {
  2557. /*err_sys("can't load ca file, Please run from wolfSSL home dir");*/
  2558. goto done;
  2559. }
  2560. if (!sharedCtx && wolfSSL_CTX_use_certificate_file(ctx, svrCertFile,
  2561. WOLFSSL_FILETYPE_PEM) != WOLFSSL_SUCCESS) {
  2562. /*err_sys("can't load server cert chain file, "
  2563. "Please run from wolfSSL home dir");*/
  2564. goto done;
  2565. }
  2566. if (!sharedCtx && wolfSSL_CTX_use_PrivateKey_file(ctx, svrKeyFile,
  2567. WOLFSSL_FILETYPE_PEM) != WOLFSSL_SUCCESS) {
  2568. /*err_sys("can't load server key file, "
  2569. "Please run from wolfSSL home dir");*/
  2570. goto done;
  2571. }
  2572. /* call ctx setup callback */
  2573. if (cbf != NULL && cbf->ctx_ready != NULL) {
  2574. cbf->ctx_ready(ctx);
  2575. }
  2576. while(count != loop_count) {
  2577. ssl = wolfSSL_new(ctx);
  2578. if (ssl == NULL) {
  2579. goto done;
  2580. }
  2581. if (sharedCtx && wolfSSL_use_certificate_file(ssl, svrCertFile,
  2582. WOLFSSL_FILETYPE_PEM) != WOLFSSL_SUCCESS) {
  2583. /*err_sys("can't load server cert chain file, "
  2584. "Please run from wolfSSL home dir");*/
  2585. goto done;
  2586. }
  2587. if (sharedCtx && wolfSSL_use_PrivateKey_file(ssl, svrKeyFile,
  2588. WOLFSSL_FILETYPE_PEM) != WOLFSSL_SUCCESS) {
  2589. /*err_sys("can't load server key file, "
  2590. "Please run from wolfSSL home dir");*/
  2591. goto done;
  2592. }
  2593. #if !defined(NO_FILESYSTEM) && !defined(NO_DH)
  2594. wolfSSL_SetTmpDH_file(ssl, dhParamFile, WOLFSSL_FILETYPE_PEM);
  2595. #elif !defined(NO_DH)
  2596. SetDH(ssl); /* will repick suites with DHE, higher priority than PSK */
  2597. #endif
  2598. /* call ssl setup callback */
  2599. if (cbf != NULL && cbf->ssl_ready != NULL) {
  2600. cbf->ssl_ready(ssl);
  2601. }
  2602. /* do it here to detect failure */
  2603. tcp_accept(&sockfd, &clientfd, (func_args*)args, port, 0, 0, 0, 0, 1);
  2604. CloseSocket(sockfd);
  2605. if (wolfSSL_set_fd(ssl, clientfd) != WOLFSSL_SUCCESS) {
  2606. /*err_sys("SSL_set_fd failed");*/
  2607. goto done;
  2608. }
  2609. do {
  2610. #ifdef WOLFSSL_ASYNC_CRYPT
  2611. if (err == WC_PENDING_E) {
  2612. ret = wolfSSL_AsyncPoll(ssl, WOLF_POLL_FLAG_CHECK_HW);
  2613. if (ret < 0) { break; } else if (ret == 0) { continue; }
  2614. }
  2615. #endif
  2616. err = 0; /* Reset error */
  2617. ret = wolfSSL_accept(ssl);
  2618. if (ret != WOLFSSL_SUCCESS) {
  2619. err = wolfSSL_get_error(ssl, 0);
  2620. }
  2621. } while (ret != WOLFSSL_SUCCESS && err == WC_PENDING_E);
  2622. if (ret != WOLFSSL_SUCCESS) {
  2623. char buff[WOLFSSL_MAX_ERROR_SZ];
  2624. printf("error = %d, %s\n", err, wolfSSL_ERR_error_string(err, buff));
  2625. /*err_sys("SSL_accept failed");*/
  2626. goto done;
  2627. }
  2628. idx = wolfSSL_read(ssl, input, sizeof(input)-1);
  2629. if (idx > 0) {
  2630. input[idx] = '\0';
  2631. printf("Client message: %s\n", input);
  2632. }
  2633. if (wolfSSL_write(ssl, msg, sizeof(msg)) != sizeof(msg)) {
  2634. /*err_sys("SSL_write failed");*/
  2635. #ifdef WOLFSSL_TIRTOS
  2636. return;
  2637. #else
  2638. return 0;
  2639. #endif
  2640. }
  2641. /* free ssl for this connection */
  2642. wolfSSL_shutdown(ssl);
  2643. wolfSSL_free(ssl); ssl = NULL;
  2644. CloseSocket(clientfd);
  2645. count++;
  2646. }
  2647. #ifdef WOLFSSL_TIRTOS
  2648. Task_yield();
  2649. #endif
  2650. ((func_args*)args)->return_code = TEST_SUCCESS;
  2651. done:
  2652. if(ssl != NULL) {
  2653. wolfSSL_shutdown(ssl);
  2654. wolfSSL_free(ssl);
  2655. }
  2656. if (!sharedCtx)
  2657. wolfSSL_CTX_free(ctx);
  2658. CloseSocket(clientfd);
  2659. #ifdef WOLFSSL_TIRTOS
  2660. fdCloseSession(Task_self());
  2661. #endif
  2662. #if defined(NO_MAIN_DRIVER) && defined(HAVE_ECC) && defined(FP_ECC) \
  2663. && defined(HAVE_THREAD_LS)
  2664. wc_ecc_fp_free(); /* free per thread cache */
  2665. #endif
  2666. #ifndef WOLFSSL_TIRTOS
  2667. return 0;
  2668. #endif
  2669. }
  2670. #endif /* defined(OPENSSL_EXTRA) && !defined(NO_SESSION_CACHE) && !defined(WOLFSSL_TLS13) */
  2671. typedef int (*cbType)(WOLFSSL_CTX *ctx, WOLFSSL *ssl);
  2672. static void test_client_nofail(void* args, void *cb)
  2673. {
  2674. SOCKET_T sockfd = 0;
  2675. callback_functions* cbf;
  2676. WOLFSSL_CTX* ctx = 0;
  2677. WOLFSSL* ssl = 0;
  2678. WOLFSSL_CIPHER* cipher;
  2679. char msg[64] = "hello wolfssl!";
  2680. char reply[1024];
  2681. int input;
  2682. int msgSz = (int)XSTRLEN(msg);
  2683. int ret, err = 0;
  2684. int cipherSuite;
  2685. int sharedCtx = 0;
  2686. const char* cipherName1, *cipherName2;
  2687. #ifdef WOLFSSL_TIRTOS
  2688. fdOpenSession(Task_self());
  2689. #endif
  2690. ((func_args*)args)->return_code = TEST_FAIL;
  2691. cbf = ((func_args*)args)->callbacks;
  2692. #if defined(OPENSSL_EXTRA) || defined(WOLFSSL_EITHER_SIDE)
  2693. if (cbf != NULL && cbf->ctx) {
  2694. ctx = cbf->ctx;
  2695. sharedCtx = cbf->isSharedCtx;
  2696. }
  2697. else
  2698. #endif
  2699. {
  2700. WOLFSSL_METHOD* method = NULL;
  2701. if (cbf != NULL && cbf->method != NULL) {
  2702. method = cbf->method();
  2703. }
  2704. else {
  2705. method = wolfSSLv23_client_method();
  2706. }
  2707. ctx = wolfSSL_CTX_new(method);
  2708. }
  2709. #ifdef WOLFSSL_ENCRYPTED_KEYS
  2710. wolfSSL_CTX_set_default_passwd_cb(ctx, PasswordCallBack);
  2711. #endif
  2712. /* Do connect here so server detects failures */
  2713. tcp_connect(&sockfd, wolfSSLIP, ((func_args*)args)->signal->port,
  2714. 0, 0, NULL);
  2715. if (wolfSSL_CTX_load_verify_locations(ctx, caCertFile, 0) != WOLFSSL_SUCCESS)
  2716. {
  2717. /* err_sys("can't load ca file, Please run from wolfSSL home dir");*/
  2718. goto done;
  2719. }
  2720. #if defined(OPENSSL_EXTRA) || defined(WOLFSSL_EITHER_SIDE)
  2721. if (!sharedCtx && wolfSSL_CTX_use_certificate_file(ctx, cliCertFile,
  2722. WOLFSSL_FILETYPE_PEM) != WOLFSSL_SUCCESS) {
  2723. #else
  2724. if (wolfSSL_CTX_use_certificate_file(ctx, cliCertFile,
  2725. WOLFSSL_FILETYPE_PEM) != WOLFSSL_SUCCESS) {
  2726. #endif
  2727. /*err_sys("can't load client cert file, "
  2728. "Please run from wolfSSL home dir");*/
  2729. goto done;
  2730. }
  2731. #if defined(OPENSSL_EXTRA) || defined(WOLFSSL_EITHER_SIDE)
  2732. if (!sharedCtx && wolfSSL_CTX_use_PrivateKey_file(ctx, cliKeyFile,
  2733. WOLFSSL_FILETYPE_PEM) != WOLFSSL_SUCCESS) {
  2734. #else
  2735. if (wolfSSL_CTX_use_PrivateKey_file(ctx, cliKeyFile,
  2736. WOLFSSL_FILETYPE_PEM) != WOLFSSL_SUCCESS) {
  2737. #endif
  2738. /*err_sys("can't load client key file, "
  2739. "Please run from wolfSSL home dir");*/
  2740. goto done;
  2741. }
  2742. /* call ctx setup callback */
  2743. if (cbf != NULL && cbf->ctx_ready != NULL) {
  2744. cbf->ctx_ready(ctx);
  2745. }
  2746. ssl = wolfSSL_new(ctx);
  2747. if (ssl == NULL) {
  2748. goto done;
  2749. }
  2750. #if defined(OPENSSL_EXTRA) || defined(WOLFSSL_EITHER_SIDE)
  2751. if (sharedCtx && wolfSSL_use_certificate_file(ssl, cliCertFile,
  2752. WOLFSSL_FILETYPE_PEM) != WOLFSSL_SUCCESS) {
  2753. #else
  2754. if (wolfSSL_use_certificate_file(ssl, cliCertFile,
  2755. WOLFSSL_FILETYPE_PEM) != WOLFSSL_SUCCESS) {
  2756. #endif
  2757. /*err_sys("can't load client cert file, "
  2758. "Please run from wolfSSL home dir");*/
  2759. goto done;
  2760. }
  2761. #if defined(OPENSSL_EXTRA) || defined(WOLFSSL_EITHER_SIDE)
  2762. if (sharedCtx && wolfSSL_use_PrivateKey_file(ssl, cliKeyFile,
  2763. WOLFSSL_FILETYPE_PEM) != WOLFSSL_SUCCESS) {
  2764. #else
  2765. if (wolfSSL_use_PrivateKey_file(ssl, cliKeyFile,
  2766. WOLFSSL_FILETYPE_PEM) != WOLFSSL_SUCCESS) {
  2767. #endif
  2768. /*err_sys("can't load client key file, "
  2769. "Please run from wolfSSL home dir");*/
  2770. goto done;
  2771. }
  2772. if (wolfSSL_set_fd(ssl, sockfd) != WOLFSSL_SUCCESS) {
  2773. /*err_sys("SSL_set_fd failed");*/
  2774. goto done;
  2775. }
  2776. /* call ssl setup callback */
  2777. if (cbf != NULL && cbf->ssl_ready != NULL) {
  2778. cbf->ssl_ready(ssl);
  2779. }
  2780. do {
  2781. #ifdef WOLFSSL_ASYNC_CRYPT
  2782. if (err == WC_PENDING_E) {
  2783. ret = wolfSSL_AsyncPoll(ssl, WOLF_POLL_FLAG_CHECK_HW);
  2784. if (ret < 0) { break; } else if (ret == 0) { continue; }
  2785. }
  2786. #endif
  2787. err = 0; /* Reset error */
  2788. ret = wolfSSL_connect(ssl);
  2789. if (ret != WOLFSSL_SUCCESS) {
  2790. err = wolfSSL_get_error(ssl, 0);
  2791. }
  2792. } while (ret != WOLFSSL_SUCCESS && err == WC_PENDING_E);
  2793. if (ret != WOLFSSL_SUCCESS) {
  2794. char buff[WOLFSSL_MAX_ERROR_SZ];
  2795. printf("error = %d, %s\n", err, wolfSSL_ERR_error_string(err, buff));
  2796. /*err_sys("SSL_connect failed");*/
  2797. goto done;
  2798. }
  2799. /* test the various get cipher methods */
  2800. /* Internal cipher suite names */
  2801. cipherSuite = wolfSSL_get_current_cipher_suite(ssl);
  2802. cipherName1 = wolfSSL_get_cipher_name(ssl);
  2803. cipherName2 = wolfSSL_get_cipher_name_from_suite(
  2804. (cipherSuite >> 8), cipherSuite & 0xFF);
  2805. AssertStrEQ(cipherName1, cipherName2);
  2806. /* IANA Cipher Suites Names */
  2807. /* Unless WOLFSSL_CIPHER_INTERNALNAME or NO_ERROR_STRINGS,
  2808. then it's the internal cipher suite name */
  2809. cipher = wolfSSL_get_current_cipher(ssl);
  2810. cipherName1 = wolfSSL_CIPHER_get_name(cipher);
  2811. cipherName2 = wolfSSL_get_cipher(ssl);
  2812. AssertStrEQ(cipherName1, cipherName2);
  2813. #if !defined(WOLFSSL_CIPHER_INTERNALNAME) && !defined(NO_ERROR_STRINGS) && \
  2814. !defined(WOLFSSL_QT)
  2815. cipherName1 = wolfSSL_get_cipher_name_iana_from_suite(
  2816. (cipherSuite >> 8), cipherSuite & 0xFF);
  2817. AssertStrEQ(cipherName1, cipherName2);
  2818. #endif
  2819. if (cb != NULL)
  2820. ((cbType)cb)(ctx, ssl);
  2821. if (wolfSSL_write(ssl, msg, msgSz) != msgSz) {
  2822. /*err_sys("SSL_write failed");*/
  2823. goto done;
  2824. }
  2825. input = wolfSSL_read(ssl, reply, sizeof(reply)-1);
  2826. if (input > 0) {
  2827. reply[input] = '\0';
  2828. printf("Server response: %s\n", reply);
  2829. }
  2830. ((func_args*)args)->return_code = TEST_SUCCESS;
  2831. done:
  2832. wolfSSL_free(ssl);
  2833. if (!sharedCtx)
  2834. wolfSSL_CTX_free(ctx);
  2835. CloseSocket(sockfd);
  2836. #ifdef WOLFSSL_TIRTOS
  2837. fdCloseSession(Task_self());
  2838. #endif
  2839. #if defined(NO_MAIN_DRIVER) && defined(HAVE_ECC) && defined(FP_ECC) \
  2840. && defined(HAVE_THREAD_LS)
  2841. wc_ecc_fp_free(); /* free per thread cache */
  2842. #endif
  2843. return;
  2844. }
  2845. #if defined(OPENSSL_EXTRA) && !defined(NO_SESSION_CACHE) && !defined(WOLFSSL_TLS13)
  2846. static void test_client_reuse_WOLFSSLobj(void* args, void *cb, void* server_args)
  2847. {
  2848. SOCKET_T sockfd = 0;
  2849. callback_functions* cbf;
  2850. WOLFSSL_CTX* ctx = 0;
  2851. WOLFSSL* ssl = 0;
  2852. WOLFSSL_SESSION* session = NULL;
  2853. char msg[64] = "hello wolfssl!";
  2854. char reply[1024];
  2855. int input;
  2856. int msgSz = (int)XSTRLEN(msg);
  2857. int ret, err = 0;
  2858. int sharedCtx = 0;
  2859. #ifdef WOLFSSL_TIRTOS
  2860. fdOpenSession(Task_self());
  2861. #endif
  2862. ((func_args*)args)->return_code = TEST_FAIL;
  2863. cbf = ((func_args*)args)->callbacks;
  2864. #if defined(OPENSSL_EXTRA) || defined(WOLFSSL_EITHER_SIDE)
  2865. if (cbf != NULL && cbf->ctx) {
  2866. ctx = cbf->ctx;
  2867. sharedCtx = 1;
  2868. }
  2869. else
  2870. #endif
  2871. {
  2872. WOLFSSL_METHOD* method = NULL;
  2873. if (cbf != NULL && cbf->method != NULL) {
  2874. method = cbf->method();
  2875. }
  2876. else {
  2877. method = wolfSSLv23_client_method();
  2878. }
  2879. ctx = wolfSSL_CTX_new(method);
  2880. }
  2881. #ifdef WOLFSSL_ENCRYPTED_KEYS
  2882. wolfSSL_CTX_set_default_passwd_cb(ctx, PasswordCallBack);
  2883. #endif
  2884. /* Do connect here so server detects failures */
  2885. tcp_connect(&sockfd, wolfSSLIP, ((func_args*)args)->signal->port,
  2886. 0, 0, NULL);
  2887. if (wolfSSL_CTX_load_verify_locations(ctx, caCertFile, 0) != WOLFSSL_SUCCESS)
  2888. {
  2889. /* err_sys("can't load ca file, Please run from wolfSSL home dir");*/
  2890. goto done;
  2891. }
  2892. if (!sharedCtx && wolfSSL_CTX_use_certificate_file(ctx, cliCertFile,
  2893. WOLFSSL_FILETYPE_PEM) != WOLFSSL_SUCCESS) {
  2894. /*err_sys("can't load client cert file, "
  2895. "Please run from wolfSSL home dir");*/
  2896. goto done;
  2897. }
  2898. if (!sharedCtx && wolfSSL_CTX_use_PrivateKey_file(ctx, cliKeyFile,
  2899. WOLFSSL_FILETYPE_PEM) != WOLFSSL_SUCCESS) {
  2900. /*err_sys("can't load client key file, "
  2901. "Please run from wolfSSL home dir");*/
  2902. goto done;
  2903. }
  2904. /* call ctx setup callback */
  2905. if (cbf != NULL && cbf->ctx_ready != NULL) {
  2906. cbf->ctx_ready(ctx);
  2907. }
  2908. ssl = wolfSSL_new(ctx);
  2909. if (ssl == NULL) {
  2910. goto done;
  2911. }
  2912. /* keep handshakre resources for re-using WOLFSSL obj */
  2913. wolfSSL_KeepArrays(ssl);
  2914. if(wolfSSL_KeepHandshakeResources(ssl)) {
  2915. /* err_sys("SSL_KeepHandshakeResources failed"); */
  2916. goto done;
  2917. }
  2918. if (sharedCtx && wolfSSL_use_certificate_file(ssl, cliCertFile,
  2919. WOLFSSL_FILETYPE_PEM) != WOLFSSL_SUCCESS) {
  2920. /*err_sys("can't load client cert file, "
  2921. "Please run from wolfSSL home dir");*/
  2922. goto done;
  2923. }
  2924. if (sharedCtx && wolfSSL_use_PrivateKey_file(ssl, cliKeyFile,
  2925. WOLFSSL_FILETYPE_PEM) != WOLFSSL_SUCCESS) {
  2926. /*err_sys("can't load client key file, "
  2927. "Please run from wolfSSL home dir");*/
  2928. goto done;
  2929. }
  2930. if (wolfSSL_set_fd(ssl, sockfd) != WOLFSSL_SUCCESS) {
  2931. /*err_sys("SSL_set_fd failed");*/
  2932. goto done;
  2933. }
  2934. /* call ssl setup callback */
  2935. if (cbf != NULL && cbf->ssl_ready != NULL) {
  2936. cbf->ssl_ready(ssl);
  2937. }
  2938. do {
  2939. #ifdef WOLFSSL_ASYNC_CRYPT
  2940. if (err == WC_PENDING_E) {
  2941. ret = wolfSSL_AsyncPoll(ssl, WOLF_POLL_FLAG_CHECK_HW);
  2942. if (ret < 0) { break; } else if (ret == 0) { continue; }
  2943. }
  2944. #endif
  2945. err = 0; /* Reset error */
  2946. ret = wolfSSL_connect(ssl);
  2947. if (ret != WOLFSSL_SUCCESS) {
  2948. err = wolfSSL_get_error(ssl, 0);
  2949. }
  2950. } while (ret != WOLFSSL_SUCCESS && err == WC_PENDING_E);
  2951. if (ret != WOLFSSL_SUCCESS) {
  2952. char buff[WOLFSSL_MAX_ERROR_SZ];
  2953. printf("error = %d, %s\n", err, wolfSSL_ERR_error_string(err, buff));
  2954. /*err_sys("SSL_connect failed");*/
  2955. goto done;
  2956. }
  2957. /* Build first session */
  2958. if (cb != NULL)
  2959. ((cbType)cb)(ctx, ssl);
  2960. if (wolfSSL_write(ssl, msg, msgSz) != msgSz) {
  2961. /*err_sys("SSL_write failed");*/
  2962. goto done;
  2963. }
  2964. input = wolfSSL_read(ssl, reply, sizeof(reply)-1);
  2965. if (input > 0) {
  2966. reply[input] = '\0';
  2967. printf("Server response: %s\n", reply);
  2968. }
  2969. /* Session Resumption by re-using WOLFSSL object */
  2970. wolfSSL_set_quiet_shutdown(ssl, 1);
  2971. if (wolfSSL_shutdown(ssl) != WOLFSSL_SUCCESS) {
  2972. /* err_sys ("SSL shutdown failed"); */
  2973. goto done;
  2974. }
  2975. session = wolfSSL_get_session(ssl);
  2976. if (wolfSSL_clear(ssl) != WOLFSSL_SUCCESS) {
  2977. /* err_sys ("SSL_clear failed"); */
  2978. goto done;
  2979. }
  2980. wolfSSL_set_session(ssl, session);
  2981. /* close socket once */
  2982. CloseSocket(sockfd);
  2983. sockfd = 0;
  2984. /* wait until server ready */
  2985. wait_tcp_ready((func_args*)server_args);
  2986. printf("session resumption\n");
  2987. /* Do re-connect */
  2988. tcp_connect(&sockfd, wolfSSLIP, ((func_args*)args)->signal->port,
  2989. 0, 0, NULL);
  2990. if (wolfSSL_set_fd(ssl, sockfd) != WOLFSSL_SUCCESS) {
  2991. /*err_sys("SSL_set_fd failed");*/
  2992. goto done;
  2993. }
  2994. do {
  2995. #ifdef WOLFSSL_ASYNC_CRYPT
  2996. if (err == WC_PENDING_E) {
  2997. ret = wolfSSL_AsyncPoll(ssl, WOLF_POLL_FLAG_CHECK_HW);
  2998. if (ret < 0) { break; } else if (ret == 0) { continue; }
  2999. }
  3000. #endif
  3001. err = 0; /* Reset error */
  3002. ret = wolfSSL_connect(ssl);
  3003. if (ret != WOLFSSL_SUCCESS) {
  3004. err = wolfSSL_get_error(ssl, 0);
  3005. }
  3006. } while (ret != WOLFSSL_SUCCESS && err == WC_PENDING_E);
  3007. if (ret != WOLFSSL_SUCCESS) {
  3008. char buff[WOLFSSL_MAX_ERROR_SZ];
  3009. printf("error = %d, %s\n", err, wolfSSL_ERR_error_string(err, buff));
  3010. /*err_sys("SSL_connect failed");*/
  3011. goto done;
  3012. }
  3013. /* Build first session */
  3014. if (cb != NULL)
  3015. ((cbType)cb)(ctx, ssl);
  3016. if (wolfSSL_write(ssl, msg, msgSz) != msgSz) {
  3017. /*err_sys("SSL_write failed");*/
  3018. goto done;
  3019. }
  3020. input = wolfSSL_read(ssl, reply, sizeof(reply)-1);
  3021. if (input > 0) {
  3022. reply[input] = '\0';
  3023. printf("Server response: %s\n", reply);
  3024. }
  3025. ((func_args*)args)->return_code = TEST_SUCCESS;
  3026. done:
  3027. wolfSSL_free(ssl);
  3028. if (!sharedCtx)
  3029. wolfSSL_CTX_free(ctx);
  3030. CloseSocket(sockfd);
  3031. #ifdef WOLFSSL_TIRTOS
  3032. fdCloseSession(Task_self());
  3033. #endif
  3034. return;
  3035. }
  3036. #endif /* defined(OPENSSL_EXTRA) && !defined(NO_SESSION_CACHE) && !defined(WOLFSSL_TLS13) */
  3037. /* SNI / ALPN / session export helper functions */
  3038. #if defined(HAVE_SNI) || defined(HAVE_ALPN) || defined(WOLFSSL_SESSION_EXPORT)
  3039. static THREAD_RETURN WOLFSSL_THREAD run_wolfssl_server(void* args)
  3040. {
  3041. callback_functions* callbacks = ((func_args*)args)->callbacks;
  3042. WOLFSSL_CTX* ctx = wolfSSL_CTX_new(callbacks->method());
  3043. WOLFSSL* ssl = NULL;
  3044. SOCKET_T sfd = 0;
  3045. SOCKET_T cfd = 0;
  3046. word16 port;
  3047. char msg[] = "I hear you fa shizzle!";
  3048. int len = (int) XSTRLEN(msg);
  3049. char input[1024];
  3050. int idx;
  3051. int ret, err = 0;
  3052. #ifdef WOLFSSL_TIRTOS
  3053. fdOpenSession(Task_self());
  3054. #endif
  3055. ((func_args*)args)->return_code = TEST_FAIL;
  3056. #if defined(USE_WINDOWS_API)
  3057. port = ((func_args*)args)->signal->port;
  3058. #elif defined(NO_MAIN_DRIVER) && !defined(WOLFSSL_SNIFFER) && \
  3059. !defined(WOLFSSL_MDK_SHELL) && !defined(WOLFSSL_TIRTOS)
  3060. /* Let tcp_listen assign port */
  3061. port = 0;
  3062. #else
  3063. /* Use default port */
  3064. port = wolfSSLPort;
  3065. #endif
  3066. wolfSSL_CTX_set_verify(ctx,
  3067. WOLFSSL_VERIFY_PEER | WOLFSSL_VERIFY_FAIL_IF_NO_PEER_CERT, 0);
  3068. #ifdef WOLFSSL_ENCRYPTED_KEYS
  3069. wolfSSL_CTX_set_default_passwd_cb(ctx, PasswordCallBack);
  3070. #endif
  3071. #ifdef WOLFSSL_SESSION_EXPORT
  3072. AssertIntEQ(WOLFSSL_SUCCESS, wolfSSL_CTX_dtls_set_export(ctx, test_export));
  3073. #endif
  3074. AssertIntEQ(WOLFSSL_SUCCESS,
  3075. wolfSSL_CTX_load_verify_locations(ctx, cliCertFile, 0));
  3076. AssertIntEQ(WOLFSSL_SUCCESS,
  3077. wolfSSL_CTX_use_certificate_file(ctx, svrCertFile,
  3078. WOLFSSL_FILETYPE_PEM));
  3079. AssertIntEQ(WOLFSSL_SUCCESS,
  3080. wolfSSL_CTX_use_PrivateKey_file(ctx, svrKeyFile, WOLFSSL_FILETYPE_PEM));
  3081. if (callbacks->ctx_ready)
  3082. callbacks->ctx_ready(ctx);
  3083. ssl = wolfSSL_new(ctx);
  3084. if (wolfSSL_dtls(ssl)) {
  3085. SOCKADDR_IN_T cliAddr;
  3086. socklen_t cliLen;
  3087. cliLen = sizeof(cliAddr);
  3088. tcp_accept(&sfd, &cfd, (func_args*)args, port, 0, 1, 0, 0, 0);
  3089. idx = (int)recvfrom(sfd, input, sizeof(input), MSG_PEEK,
  3090. (struct sockaddr*)&cliAddr, &cliLen);
  3091. AssertIntGT(idx, 0);
  3092. wolfSSL_dtls_set_peer(ssl, &cliAddr, cliLen);
  3093. }
  3094. else {
  3095. tcp_accept(&sfd, &cfd, (func_args*)args, port, 0, 0, 0, 0, 1);
  3096. CloseSocket(sfd);
  3097. }
  3098. AssertIntEQ(WOLFSSL_SUCCESS, wolfSSL_set_fd(ssl, cfd));
  3099. #ifdef NO_PSK
  3100. #if !defined(NO_FILESYSTEM) && !defined(NO_DH)
  3101. wolfSSL_SetTmpDH_file(ssl, dhParamFile, WOLFSSL_FILETYPE_PEM);
  3102. #elif !defined(NO_DH)
  3103. SetDH(ssl); /* will repick suites with DHE, higher priority than PSK */
  3104. #endif
  3105. #endif
  3106. if (callbacks->ssl_ready)
  3107. callbacks->ssl_ready(ssl);
  3108. do {
  3109. #ifdef WOLFSSL_ASYNC_CRYPT
  3110. if (err == WC_PENDING_E) {
  3111. ret = wolfSSL_AsyncPoll(ssl, WOLF_POLL_FLAG_CHECK_HW);
  3112. if (ret < 0) { break; } else if (ret == 0) { continue; }
  3113. }
  3114. #endif
  3115. err = 0; /* Reset error */
  3116. ret = wolfSSL_accept(ssl);
  3117. if (ret != WOLFSSL_SUCCESS) {
  3118. err = wolfSSL_get_error(ssl, 0);
  3119. }
  3120. } while (ret != WOLFSSL_SUCCESS && err == WC_PENDING_E);
  3121. if (ret != WOLFSSL_SUCCESS) {
  3122. char buff[WOLFSSL_MAX_ERROR_SZ];
  3123. printf("error = %d, %s\n", err, wolfSSL_ERR_error_string(err, buff));
  3124. /*err_sys("SSL_accept failed");*/
  3125. }
  3126. else {
  3127. if (0 < (idx = wolfSSL_read(ssl, input, sizeof(input)-1))) {
  3128. input[idx] = 0;
  3129. printf("Client message: %s\n", input);
  3130. }
  3131. AssertIntEQ(len, wolfSSL_write(ssl, msg, len));
  3132. #if defined(WOLFSSL_SESSION_EXPORT) && !defined(HAVE_IO_POOL)
  3133. if (wolfSSL_dtls(ssl)) {
  3134. byte* import;
  3135. word32 sz;
  3136. wolfSSL_dtls_export(ssl, NULL, &sz);
  3137. import = (byte*)XMALLOC(sz, NULL, DYNAMIC_TYPE_TMP_BUFFER);
  3138. AssertNotNull(import);
  3139. idx = wolfSSL_dtls_export(ssl, import, &sz);
  3140. AssertIntGE(idx, 0);
  3141. AssertIntGE(wolfSSL_dtls_import(ssl, import, idx), 0);
  3142. XFREE(import, NULL, DYNAMIC_TYPE_TMP_BUFFER);
  3143. }
  3144. #endif
  3145. #ifdef WOLFSSL_TIRTOS
  3146. Task_yield();
  3147. #endif
  3148. ((func_args*)args)->return_code = TEST_SUCCESS;
  3149. }
  3150. if (callbacks->on_result)
  3151. callbacks->on_result(ssl);
  3152. wolfSSL_shutdown(ssl);
  3153. wolfSSL_free(ssl);
  3154. wolfSSL_CTX_free(ctx);
  3155. CloseSocket(cfd);
  3156. #ifdef WOLFSSL_TIRTOS
  3157. fdCloseSession(Task_self());
  3158. #endif
  3159. #if defined(NO_MAIN_DRIVER) && defined(HAVE_ECC) && defined(FP_ECC) \
  3160. && defined(HAVE_THREAD_LS)
  3161. wc_ecc_fp_free(); /* free per thread cache */
  3162. #endif
  3163. #ifndef WOLFSSL_TIRTOS
  3164. return 0;
  3165. #endif
  3166. }
  3167. static void run_wolfssl_client(void* args)
  3168. {
  3169. callback_functions* callbacks = ((func_args*)args)->callbacks;
  3170. WOLFSSL_CTX* ctx = wolfSSL_CTX_new(callbacks->method());
  3171. WOLFSSL* ssl = NULL;
  3172. SOCKET_T sfd = 0;
  3173. char msg[] = "hello wolfssl server!";
  3174. int len = (int) XSTRLEN(msg);
  3175. char input[1024];
  3176. int idx;
  3177. int ret, err = 0;
  3178. #ifdef WOLFSSL_TIRTOS
  3179. fdOpenSession(Task_self());
  3180. #endif
  3181. ((func_args*)args)->return_code = TEST_FAIL;
  3182. #ifdef WOLFSSL_ENCRYPTED_KEYS
  3183. wolfSSL_CTX_set_default_passwd_cb(ctx, PasswordCallBack);
  3184. #endif
  3185. AssertIntEQ(WOLFSSL_SUCCESS, wolfSSL_CTX_load_verify_locations(ctx, caCertFile, 0));
  3186. AssertIntEQ(WOLFSSL_SUCCESS,
  3187. wolfSSL_CTX_use_certificate_file(ctx, cliCertFile, WOLFSSL_FILETYPE_PEM));
  3188. AssertIntEQ(WOLFSSL_SUCCESS,
  3189. wolfSSL_CTX_use_PrivateKey_file(ctx, cliKeyFile, WOLFSSL_FILETYPE_PEM));
  3190. if (callbacks->ctx_ready)
  3191. callbacks->ctx_ready(ctx);
  3192. ssl = wolfSSL_new(ctx);
  3193. if (wolfSSL_dtls(ssl)) {
  3194. tcp_connect(&sfd, wolfSSLIP, ((func_args*)args)->signal->port,
  3195. 1, 0, ssl);
  3196. }
  3197. else {
  3198. tcp_connect(&sfd, wolfSSLIP, ((func_args*)args)->signal->port,
  3199. 0, 0, ssl);
  3200. }
  3201. AssertIntEQ(WOLFSSL_SUCCESS, wolfSSL_set_fd(ssl, sfd));
  3202. if (callbacks->ssl_ready)
  3203. callbacks->ssl_ready(ssl);
  3204. do {
  3205. #ifdef WOLFSSL_ASYNC_CRYPT
  3206. if (err == WC_PENDING_E) {
  3207. ret = wolfSSL_AsyncPoll(ssl, WOLF_POLL_FLAG_CHECK_HW);
  3208. if (ret < 0) { break; } else if (ret == 0) { continue; }
  3209. }
  3210. #endif
  3211. err = 0; /* Reset error */
  3212. ret = wolfSSL_connect(ssl);
  3213. if (ret != WOLFSSL_SUCCESS) {
  3214. err = wolfSSL_get_error(ssl, 0);
  3215. }
  3216. } while (ret != WOLFSSL_SUCCESS && err == WC_PENDING_E);
  3217. if (ret != WOLFSSL_SUCCESS) {
  3218. char buff[WOLFSSL_MAX_ERROR_SZ];
  3219. printf("error = %d, %s\n", err, wolfSSL_ERR_error_string(err, buff));
  3220. /*err_sys("SSL_connect failed");*/
  3221. }
  3222. else {
  3223. AssertIntEQ(len, wolfSSL_write(ssl, msg, len));
  3224. if (0 < (idx = wolfSSL_read(ssl, input, sizeof(input)-1))) {
  3225. input[idx] = 0;
  3226. printf("Server response: %s\n", input);
  3227. }
  3228. ((func_args*)args)->return_code = TEST_SUCCESS;
  3229. }
  3230. if (callbacks->on_result)
  3231. callbacks->on_result(ssl);
  3232. wolfSSL_free(ssl);
  3233. wolfSSL_CTX_free(ctx);
  3234. CloseSocket(sfd);
  3235. #ifdef WOLFSSL_TIRTOS
  3236. fdCloseSession(Task_self());
  3237. #endif
  3238. }
  3239. #endif /* defined(HAVE_SNI) || defined(HAVE_ALPN) ||
  3240. defined(WOLFSSL_SESSION_EXPORT) */
  3241. static void test_wolfSSL_read_write(void)
  3242. {
  3243. /* The unit testing for read and write shall happen simultaneously, since
  3244. * one can't do anything with one without the other. (Except for a failure
  3245. * test case.) This function will call all the others that will set up,
  3246. * execute, and report their test findings.
  3247. *
  3248. * Set up the success case first. This function will become the template
  3249. * for the other tests. This should eventually be renamed
  3250. *
  3251. * The success case isn't interesting, how can this fail?
  3252. * - Do not give the client context a CA certificate. The connect should
  3253. * fail. Do not need server for this?
  3254. * - Using NULL for the ssl object on server. Do not need client for this.
  3255. * - Using NULL for the ssl object on client. Do not need server for this.
  3256. * - Good ssl objects for client and server. Client write() without server
  3257. * read().
  3258. * - Good ssl objects for client and server. Server write() without client
  3259. * read().
  3260. * - Forgetting the password callback?
  3261. */
  3262. tcp_ready ready;
  3263. func_args client_args;
  3264. func_args server_args;
  3265. THREAD_TYPE serverThread;
  3266. XMEMSET(&client_args, 0, sizeof(func_args));
  3267. XMEMSET(&server_args, 0, sizeof(func_args));
  3268. #ifdef WOLFSSL_TIRTOS
  3269. fdOpenSession(Task_self());
  3270. #endif
  3271. StartTCP();
  3272. InitTcpReady(&ready);
  3273. #if defined(USE_WINDOWS_API)
  3274. /* use RNG to get random port if using windows */
  3275. ready.port = GetRandomPort();
  3276. #endif
  3277. server_args.signal = &ready;
  3278. client_args.signal = &ready;
  3279. start_thread(test_server_nofail, &server_args, &serverThread);
  3280. wait_tcp_ready(&server_args);
  3281. test_client_nofail(&client_args, NULL);
  3282. join_thread(serverThread);
  3283. AssertTrue(client_args.return_code);
  3284. AssertTrue(server_args.return_code);
  3285. FreeTcpReady(&ready);
  3286. #ifdef WOLFSSL_TIRTOS
  3287. fdOpenSession(Task_self());
  3288. #endif
  3289. }
  3290. #if defined(OPENSSL_EXTRA) && !defined(NO_SESSION_CACHE) && !defined(WOLFSSL_TLS13)
  3291. static void test_wolfSSL_reuse_WOLFSSLobj(void)
  3292. {
  3293. /* The unit test for session resumption by re-using WOLFSSL object.
  3294. * WOLFSSL object is not cleared after first session. It re-use the obeject
  3295. * for second connection.
  3296. */
  3297. tcp_ready ready;
  3298. func_args client_args;
  3299. func_args server_args;
  3300. THREAD_TYPE serverThread;
  3301. XMEMSET(&client_args, 0, sizeof(func_args));
  3302. XMEMSET(&server_args, 0, sizeof(func_args));
  3303. #ifdef WOLFSSL_TIRTOS
  3304. fdOpenSession(Task_self());
  3305. #endif
  3306. StartTCP();
  3307. InitTcpReady(&ready);
  3308. #if defined(USE_WINDOWS_API)
  3309. /* use RNG to get random port if using windows */
  3310. ready.port = GetRandomPort();
  3311. #endif
  3312. server_args.signal = &ready;
  3313. client_args.signal = &ready;
  3314. /* the var is used for loop number */
  3315. server_args.argc = 2;
  3316. start_thread(test_server_loop, &server_args, &serverThread);
  3317. wait_tcp_ready(&server_args);
  3318. test_client_reuse_WOLFSSLobj(&client_args, NULL, &server_args);
  3319. join_thread(serverThread);
  3320. AssertTrue(client_args.return_code);
  3321. AssertTrue(server_args.return_code);
  3322. FreeTcpReady(&ready);
  3323. #ifdef WOLFSSL_TIRTOS
  3324. fdOpenSession(Task_self());
  3325. #endif
  3326. }
  3327. #endif /* defined(OPENSSL_EXTRA) && !defined(NO_SESSION_CACHE) && !defined(WOLFSSL_TLS13) */
  3328. #if defined(WOLFSSL_DTLS) && defined(WOLFSSL_SESSION_EXPORT)
  3329. /* canned export of a session using older version 3 */
  3330. static unsigned char version_3[] = {
  3331. 0xA5, 0xA3, 0x01, 0x87, 0x00, 0x3b, 0x00, 0x01,
  3332. 0x00, 0x00, 0x00, 0x80, 0x0C, 0x00, 0x00, 0x00,
  3333. 0x00, 0x80, 0x00, 0x1C, 0x00, 0x00, 0x00, 0x00,
  3334. 0x00, 0x01, 0x01, 0x01, 0x01, 0x00, 0x00, 0x00,
  3335. 0x00, 0x00, 0x00, 0x00, 0x01, 0x00, 0x00, 0x00,
  3336. 0x00, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
  3337. 0x00, 0x00, 0x00, 0x00, 0x00, 0xC0, 0x30, 0x05,
  3338. 0x09, 0x0A, 0x01, 0x01, 0x00, 0x0D, 0x05, 0xFE,
  3339. 0xFD, 0x01, 0x25, 0x00, 0x00, 0x00, 0x00, 0x00,
  3340. 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
  3341. 0x00, 0x00, 0x00, 0x00, 0x01, 0x00, 0x00, 0x00,
  3342. 0x00, 0x00, 0x01, 0x00, 0x01, 0x00, 0x00, 0x00,
  3343. 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
  3344. 0x06, 0x00, 0x05, 0x00, 0x06, 0x00, 0x00, 0x00,
  3345. 0x00, 0x00, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00,
  3346. 0x06, 0x00, 0x01, 0x00, 0x07, 0x00, 0x00, 0x00,
  3347. 0x30, 0x00, 0x00, 0x00, 0x10, 0x01, 0x01, 0x00,
  3348. 0x02, 0x00, 0x00, 0x00, 0x01, 0x00, 0x00, 0x00,
  3349. 0x00, 0x00, 0x02, 0x00, 0x00, 0x00, 0x3F, 0x00,
  3350. 0x00, 0x00, 0x00, 0x00, 0x30, 0x00, 0x00, 0x00,
  3351. 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
  3352. 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
  3353. 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
  3354. 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
  3355. 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
  3356. 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
  3357. 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
  3358. 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
  3359. 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
  3360. 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
  3361. 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
  3362. 0x00, 0x00, 0x00, 0x00, 0x00, 0x20, 0x05, 0x12,
  3363. 0xCF, 0x22, 0xA1, 0x9F, 0x1C, 0x39, 0x1D, 0x31,
  3364. 0x11, 0x12, 0x1D, 0x11, 0x18, 0x0D, 0x0B, 0xF3,
  3365. 0xE1, 0x4D, 0xDC, 0xB1, 0xF1, 0x39, 0x98, 0x91,
  3366. 0x6C, 0x48, 0xE5, 0xED, 0x11, 0x12, 0xA0, 0x00,
  3367. 0xF2, 0x25, 0x4C, 0x09, 0x26, 0xD1, 0x74, 0xDF,
  3368. 0x23, 0x40, 0x15, 0x6A, 0x42, 0x2A, 0x26, 0xA5,
  3369. 0xAC, 0x56, 0xD5, 0x4A, 0x20, 0xB7, 0xE9, 0xEF,
  3370. 0xEB, 0xAF, 0xA8, 0x1E, 0x23, 0x7C, 0x04, 0xAA,
  3371. 0xA1, 0x6D, 0x92, 0x79, 0x7B, 0xFA, 0x80, 0x00,
  3372. 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01, 0x0C,
  3373. 0x79, 0x7B, 0xFA, 0x80, 0x00, 0x00, 0x00, 0x00,
  3374. 0x00, 0x00, 0x00, 0x00, 0xAA, 0xA1, 0x6D, 0x92,
  3375. 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
  3376. 0x00, 0x10, 0x00, 0x20, 0x00, 0x04, 0x00, 0x10,
  3377. 0x00, 0x10, 0x08, 0x02, 0x05, 0x08, 0x01, 0x30,
  3378. 0x28, 0x00, 0x00, 0x0F, 0x00, 0x02, 0x00, 0x09,
  3379. 0x31, 0x32, 0x37, 0x2E, 0x30, 0x2E, 0x30, 0x2E,
  3380. 0x31, 0xED, 0x4F
  3381. };
  3382. #endif /* defined(WOLFSSL_DTLS) && defined(WOLFSSL_SESSION_EXPORT) */
  3383. static void test_wolfSSL_dtls_export(void)
  3384. {
  3385. #if defined(WOLFSSL_DTLS) && defined(WOLFSSL_SESSION_EXPORT)
  3386. tcp_ready ready;
  3387. func_args client_args;
  3388. func_args server_args;
  3389. THREAD_TYPE serverThread;
  3390. callback_functions server_cbf;
  3391. callback_functions client_cbf;
  3392. #ifdef WOLFSSL_TIRTOS
  3393. fdOpenSession(Task_self());
  3394. #endif
  3395. InitTcpReady(&ready);
  3396. #if defined(USE_WINDOWS_API)
  3397. /* use RNG to get random port if using windows */
  3398. ready.port = GetRandomPort();
  3399. #endif
  3400. /* set using dtls */
  3401. XMEMSET(&client_args, 0, sizeof(func_args));
  3402. XMEMSET(&server_args, 0, sizeof(func_args));
  3403. XMEMSET(&server_cbf, 0, sizeof(callback_functions));
  3404. XMEMSET(&client_cbf, 0, sizeof(callback_functions));
  3405. server_cbf.method = wolfDTLSv1_2_server_method;
  3406. client_cbf.method = wolfDTLSv1_2_client_method;
  3407. server_args.callbacks = &server_cbf;
  3408. client_args.callbacks = &client_cbf;
  3409. server_args.signal = &ready;
  3410. client_args.signal = &ready;
  3411. start_thread(run_wolfssl_server, &server_args, &serverThread);
  3412. wait_tcp_ready(&server_args);
  3413. run_wolfssl_client(&client_args);
  3414. join_thread(serverThread);
  3415. AssertTrue(client_args.return_code);
  3416. AssertTrue(server_args.return_code);
  3417. FreeTcpReady(&ready);
  3418. #ifdef WOLFSSL_TIRTOS
  3419. fdOpenSession(Task_self());
  3420. #endif
  3421. {
  3422. SOCKET_T sockfd = 0;
  3423. WOLFSSL_CTX* ctx;
  3424. WOLFSSL* ssl;
  3425. char msg[64] = "hello wolfssl!";
  3426. char reply[1024];
  3427. int msgSz = (int)XSTRLEN(msg);
  3428. byte *session, *window;
  3429. unsigned int sessionSz, windowSz;
  3430. struct sockaddr_in peerAddr;
  3431. int i;
  3432. /* Set ctx to DTLS 1.2 */
  3433. AssertNotNull(ctx = wolfSSL_CTX_new(wolfDTLSv1_2_server_method()));
  3434. AssertNotNull(ssl = wolfSSL_new(ctx));
  3435. /* test importing version 3 */
  3436. AssertIntGE(wolfSSL_dtls_import(ssl, version_3, sizeof(version_3)), 0);
  3437. /* test importing bad length and bad version */
  3438. version_3[2] += 1;
  3439. AssertIntLT(wolfSSL_dtls_import(ssl, version_3, sizeof(version_3)), 0);
  3440. version_3[2] -= 1; version_3[1] = 0XA0;
  3441. AssertIntLT(wolfSSL_dtls_import(ssl, version_3, sizeof(version_3)), 0);
  3442. wolfSSL_free(ssl);
  3443. wolfSSL_CTX_free(ctx);
  3444. /* check storing client state after connection and storing window only */
  3445. #ifdef WOLFSSL_TIRTOS
  3446. fdOpenSession(Task_self());
  3447. #endif
  3448. InitTcpReady(&ready);
  3449. #if defined(USE_WINDOWS_API)
  3450. /* use RNG to get random port if using windows */
  3451. ready.port = GetRandomPort();
  3452. #endif
  3453. /* set using dtls */
  3454. XMEMSET(&server_args, 0, sizeof(func_args));
  3455. XMEMSET(&server_cbf, 0, sizeof(callback_functions));
  3456. server_cbf.method = wolfDTLSv1_2_server_method;
  3457. server_args.callbacks = &server_cbf;
  3458. server_args.argc = 3; /* set loop_count to 3 */
  3459. server_args.signal = &ready;
  3460. start_thread(test_server_nofail, &server_args, &serverThread);
  3461. wait_tcp_ready(&server_args);
  3462. /* create and connect with client */
  3463. AssertNotNull(ctx = wolfSSL_CTX_new(wolfDTLSv1_2_client_method()));
  3464. AssertIntEQ(WOLFSSL_SUCCESS,
  3465. wolfSSL_CTX_load_verify_locations(ctx, caCertFile, 0));
  3466. AssertIntEQ(WOLFSSL_SUCCESS,
  3467. wolfSSL_CTX_use_certificate_file(ctx, cliCertFile, SSL_FILETYPE_PEM));
  3468. AssertIntEQ(WOLFSSL_SUCCESS,
  3469. wolfSSL_CTX_use_PrivateKey_file(ctx, cliKeyFile, SSL_FILETYPE_PEM));
  3470. tcp_connect(&sockfd, wolfSSLIP, server_args.signal->port, 0, 0, NULL);
  3471. AssertNotNull(ssl = wolfSSL_new(ctx));
  3472. AssertIntEQ(wolfSSL_set_fd(ssl, sockfd), WOLFSSL_SUCCESS);
  3473. /* store server information connected too */
  3474. XMEMSET(&peerAddr, 0, sizeof(peerAddr));
  3475. peerAddr.sin_family = AF_INET;
  3476. peerAddr.sin_port = XHTONS(server_args.signal->port);
  3477. wolfSSL_dtls_set_peer(ssl, &peerAddr, sizeof(peerAddr));
  3478. AssertIntEQ(wolfSSL_connect(ssl), WOLFSSL_SUCCESS);
  3479. AssertIntEQ(wolfSSL_dtls_export(ssl, NULL, &sessionSz), 0);
  3480. session = (byte*)XMALLOC(sessionSz, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  3481. AssertIntGT(wolfSSL_dtls_export(ssl, session, &sessionSz), 0);
  3482. AssertIntEQ(wolfSSL_write(ssl, msg, msgSz), msgSz);
  3483. AssertIntGT(wolfSSL_read(ssl, reply, sizeof(reply)), 0);
  3484. AssertIntEQ(wolfSSL_dtls_export_state_only(ssl, NULL, &windowSz), 0);
  3485. window = (byte*)XMALLOC(windowSz, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  3486. AssertIntGT(wolfSSL_dtls_export_state_only(ssl, window, &windowSz), 0);
  3487. wolfSSL_free(ssl);
  3488. for (i = 1; i < server_args.argc; i++) {
  3489. /* restore state */
  3490. AssertNotNull(ssl = wolfSSL_new(ctx));
  3491. AssertIntGT(wolfSSL_dtls_import(ssl, session, sessionSz), 0);
  3492. AssertIntGT(wolfSSL_dtls_import(ssl, window, windowSz), 0);
  3493. AssertIntEQ(wolfSSL_set_fd(ssl, sockfd), WOLFSSL_SUCCESS);
  3494. AssertIntEQ(wolfSSL_write(ssl, msg, msgSz), msgSz);
  3495. AssertIntGE(wolfSSL_read(ssl, reply, sizeof(reply)), 0);
  3496. AssertIntGT(wolfSSL_dtls_export_state_only(ssl, window, &windowSz), 0);
  3497. wolfSSL_free(ssl);
  3498. }
  3499. XFREE(session, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  3500. XFREE(window, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  3501. wolfSSL_CTX_free(ctx);
  3502. printf("done and waiting for server\n");
  3503. join_thread(serverThread);
  3504. AssertIntEQ(server_args.return_code, TEST_SUCCESS);
  3505. FreeTcpReady(&ready);
  3506. #ifdef WOLFSSL_TIRTOS
  3507. fdOpenSession(Task_self());
  3508. #endif
  3509. }
  3510. printf(testingFmt, "wolfSSL_dtls_export()");
  3511. printf(resultFmt, passed);
  3512. #endif
  3513. }
  3514. /*----------------------------------------------------------------------------*
  3515. | TLS extensions tests
  3516. *----------------------------------------------------------------------------*/
  3517. #if defined(HAVE_SNI) || defined(HAVE_ALPN)
  3518. /* connection test runner */
  3519. static void test_wolfSSL_client_server(callback_functions* client_callbacks,
  3520. callback_functions* server_callbacks)
  3521. {
  3522. tcp_ready ready;
  3523. func_args client_args;
  3524. func_args server_args;
  3525. THREAD_TYPE serverThread;
  3526. XMEMSET(&client_args, 0, sizeof(func_args));
  3527. XMEMSET(&server_args, 0, sizeof(func_args));
  3528. StartTCP();
  3529. client_args.callbacks = client_callbacks;
  3530. server_args.callbacks = server_callbacks;
  3531. #ifdef WOLFSSL_TIRTOS
  3532. fdOpenSession(Task_self());
  3533. #endif
  3534. /* RUN Server side */
  3535. InitTcpReady(&ready);
  3536. #if defined(USE_WINDOWS_API)
  3537. /* use RNG to get random port if using windows */
  3538. ready.port = GetRandomPort();
  3539. #endif
  3540. server_args.signal = &ready;
  3541. client_args.signal = &ready;
  3542. start_thread(run_wolfssl_server, &server_args, &serverThread);
  3543. wait_tcp_ready(&server_args);
  3544. /* RUN Client side */
  3545. run_wolfssl_client(&client_args);
  3546. join_thread(serverThread);
  3547. FreeTcpReady(&ready);
  3548. #ifdef WOLFSSL_TIRTOS
  3549. fdCloseSession(Task_self());
  3550. #endif
  3551. }
  3552. #endif /* defined(HAVE_SNI) || defined(HAVE_ALPN) */
  3553. #ifdef HAVE_SNI
  3554. static void test_wolfSSL_UseSNI_params(void)
  3555. {
  3556. WOLFSSL_CTX *ctx = wolfSSL_CTX_new(wolfSSLv23_client_method());
  3557. WOLFSSL *ssl = wolfSSL_new(ctx);
  3558. AssertNotNull(ctx);
  3559. AssertNotNull(ssl);
  3560. /* invalid [ctx|ssl] */
  3561. AssertIntNE(WOLFSSL_SUCCESS, wolfSSL_CTX_UseSNI(NULL, 0, "ctx", 3));
  3562. AssertIntNE(WOLFSSL_SUCCESS, wolfSSL_UseSNI( NULL, 0, "ssl", 3));
  3563. /* invalid type */
  3564. AssertIntNE(WOLFSSL_SUCCESS, wolfSSL_CTX_UseSNI(ctx, -1, "ctx", 3));
  3565. AssertIntNE(WOLFSSL_SUCCESS, wolfSSL_UseSNI( ssl, -1, "ssl", 3));
  3566. /* invalid data */
  3567. AssertIntNE(WOLFSSL_SUCCESS, wolfSSL_CTX_UseSNI(ctx, 0, NULL, 3));
  3568. AssertIntNE(WOLFSSL_SUCCESS, wolfSSL_UseSNI( ssl, 0, NULL, 3));
  3569. /* success case */
  3570. AssertIntEQ(WOLFSSL_SUCCESS, wolfSSL_CTX_UseSNI(ctx, 0, "ctx", 3));
  3571. AssertIntEQ(WOLFSSL_SUCCESS, wolfSSL_UseSNI( ssl, 0, "ssl", 3));
  3572. wolfSSL_free(ssl);
  3573. wolfSSL_CTX_free(ctx);
  3574. }
  3575. /* BEGIN of connection tests callbacks */
  3576. static void use_SNI_at_ctx(WOLFSSL_CTX* ctx)
  3577. {
  3578. AssertIntEQ(WOLFSSL_SUCCESS,
  3579. wolfSSL_CTX_UseSNI(ctx, WOLFSSL_SNI_HOST_NAME, "www.wolfssl.com", 15));
  3580. }
  3581. static void use_SNI_at_ssl(WOLFSSL* ssl)
  3582. {
  3583. AssertIntEQ(WOLFSSL_SUCCESS,
  3584. wolfSSL_UseSNI(ssl, WOLFSSL_SNI_HOST_NAME, "www.wolfssl.com", 15));
  3585. }
  3586. static void different_SNI_at_ssl(WOLFSSL* ssl)
  3587. {
  3588. AssertIntEQ(WOLFSSL_SUCCESS,
  3589. wolfSSL_UseSNI(ssl, WOLFSSL_SNI_HOST_NAME, "ww2.wolfssl.com", 15));
  3590. }
  3591. static void use_SNI_WITH_CONTINUE_at_ssl(WOLFSSL* ssl)
  3592. {
  3593. use_SNI_at_ssl(ssl);
  3594. wolfSSL_SNI_SetOptions(ssl, WOLFSSL_SNI_HOST_NAME,
  3595. WOLFSSL_SNI_CONTINUE_ON_MISMATCH);
  3596. }
  3597. static void use_SNI_WITH_FAKE_ANSWER_at_ssl(WOLFSSL* ssl)
  3598. {
  3599. use_SNI_at_ssl(ssl);
  3600. wolfSSL_SNI_SetOptions(ssl, WOLFSSL_SNI_HOST_NAME,
  3601. WOLFSSL_SNI_ANSWER_ON_MISMATCH);
  3602. }
  3603. static void use_MANDATORY_SNI_at_ctx(WOLFSSL_CTX* ctx)
  3604. {
  3605. use_SNI_at_ctx(ctx);
  3606. wolfSSL_CTX_SNI_SetOptions(ctx, WOLFSSL_SNI_HOST_NAME,
  3607. WOLFSSL_SNI_ABORT_ON_ABSENCE);
  3608. }
  3609. static void use_MANDATORY_SNI_at_ssl(WOLFSSL* ssl)
  3610. {
  3611. use_SNI_at_ssl(ssl);
  3612. wolfSSL_SNI_SetOptions(ssl, WOLFSSL_SNI_HOST_NAME,
  3613. WOLFSSL_SNI_ABORT_ON_ABSENCE);
  3614. }
  3615. static void use_PSEUDO_MANDATORY_SNI_at_ctx(WOLFSSL_CTX* ctx)
  3616. {
  3617. use_SNI_at_ctx(ctx);
  3618. wolfSSL_CTX_SNI_SetOptions(ctx, WOLFSSL_SNI_HOST_NAME,
  3619. WOLFSSL_SNI_ANSWER_ON_MISMATCH | WOLFSSL_SNI_ABORT_ON_ABSENCE);
  3620. }
  3621. static void verify_UNKNOWN_SNI_on_server(WOLFSSL* ssl)
  3622. {
  3623. AssertIntEQ(UNKNOWN_SNI_HOST_NAME_E, wolfSSL_get_error(ssl, 0));
  3624. }
  3625. static void verify_SNI_ABSENT_on_server(WOLFSSL* ssl)
  3626. {
  3627. AssertIntEQ(SNI_ABSENT_ERROR, wolfSSL_get_error(ssl, 0));
  3628. }
  3629. static void verify_SNI_no_matching(WOLFSSL* ssl)
  3630. {
  3631. byte type = WOLFSSL_SNI_HOST_NAME;
  3632. char* request = (char*) &type; /* to be overwritten */
  3633. AssertIntEQ(WOLFSSL_SNI_NO_MATCH, wolfSSL_SNI_Status(ssl, type));
  3634. AssertNotNull(request);
  3635. AssertIntEQ(0, wolfSSL_SNI_GetRequest(ssl, type, (void**) &request));
  3636. AssertNull(request);
  3637. }
  3638. static void verify_SNI_real_matching(WOLFSSL* ssl)
  3639. {
  3640. byte type = WOLFSSL_SNI_HOST_NAME;
  3641. char* request = NULL;
  3642. AssertIntEQ(WOLFSSL_SNI_REAL_MATCH, wolfSSL_SNI_Status(ssl, type));
  3643. AssertIntEQ(15, wolfSSL_SNI_GetRequest(ssl, type, (void**) &request));
  3644. AssertNotNull(request);
  3645. AssertStrEQ("www.wolfssl.com", request);
  3646. }
  3647. static void verify_SNI_fake_matching(WOLFSSL* ssl)
  3648. {
  3649. byte type = WOLFSSL_SNI_HOST_NAME;
  3650. char* request = NULL;
  3651. AssertIntEQ(WOLFSSL_SNI_FAKE_MATCH, wolfSSL_SNI_Status(ssl, type));
  3652. AssertIntEQ(15, wolfSSL_SNI_GetRequest(ssl, type, (void**) &request));
  3653. AssertNotNull(request);
  3654. AssertStrEQ("ww2.wolfssl.com", request);
  3655. }
  3656. static void verify_FATAL_ERROR_on_client(WOLFSSL* ssl)
  3657. {
  3658. AssertIntEQ(FATAL_ERROR, wolfSSL_get_error(ssl, 0));
  3659. }
  3660. /* END of connection tests callbacks */
  3661. static void test_wolfSSL_UseSNI_connection(void)
  3662. {
  3663. unsigned long i;
  3664. callback_functions callbacks[] = {
  3665. /* success case at ctx */
  3666. {0, use_SNI_at_ctx, 0, 0, 0, 0},
  3667. {0, use_SNI_at_ctx, 0, verify_SNI_real_matching, 0, 0},
  3668. /* success case at ssl */
  3669. {0, 0, use_SNI_at_ssl, verify_SNI_real_matching, 0, 0},
  3670. {0, 0, use_SNI_at_ssl, verify_SNI_real_matching, 0, 0},
  3671. /* default mismatch behavior */
  3672. {0, 0, different_SNI_at_ssl, verify_FATAL_ERROR_on_client, 0, 0},
  3673. {0, 0, use_SNI_at_ssl, verify_UNKNOWN_SNI_on_server, 0, 0},
  3674. /* continue on mismatch */
  3675. {0, 0, different_SNI_at_ssl, 0, 0, 0},
  3676. {0, 0, use_SNI_WITH_CONTINUE_at_ssl, verify_SNI_no_matching, 0, 0},
  3677. /* fake answer on mismatch */
  3678. {0, 0, different_SNI_at_ssl, 0, 0, 0},
  3679. {0, 0, use_SNI_WITH_FAKE_ANSWER_at_ssl, verify_SNI_fake_matching, 0, 0},
  3680. /* sni abort - success */
  3681. {0, use_SNI_at_ctx, 0, 0, 0, 0},
  3682. {0, use_MANDATORY_SNI_at_ctx, 0, verify_SNI_real_matching, 0, 0},
  3683. /* sni abort - abort when absent (ctx) */
  3684. {0, 0, 0, verify_FATAL_ERROR_on_client, 0, 0},
  3685. {0, use_MANDATORY_SNI_at_ctx, 0, verify_SNI_ABSENT_on_server, 0, 0},
  3686. /* sni abort - abort when absent (ssl) */
  3687. {0, 0, 0, verify_FATAL_ERROR_on_client, 0, 0},
  3688. {0, 0, use_MANDATORY_SNI_at_ssl, verify_SNI_ABSENT_on_server, 0, 0},
  3689. /* sni abort - success when overwritten */
  3690. {0, 0, 0, 0, 0, 0},
  3691. {0, use_MANDATORY_SNI_at_ctx, use_SNI_at_ssl, verify_SNI_no_matching, 0, 0},
  3692. /* sni abort - success when allowing mismatches */
  3693. {0, 0, different_SNI_at_ssl, 0, 0, 0},
  3694. {0, use_PSEUDO_MANDATORY_SNI_at_ctx, 0, verify_SNI_fake_matching, 0, 0},
  3695. };
  3696. for (i = 0; i < sizeof(callbacks) / sizeof(callback_functions); i += 2) {
  3697. callbacks[i ].method = wolfSSLv23_client_method;
  3698. callbacks[i + 1].method = wolfSSLv23_server_method;
  3699. test_wolfSSL_client_server(&callbacks[i], &callbacks[i + 1]);
  3700. }
  3701. }
  3702. static void test_wolfSSL_SNI_GetFromBuffer(void)
  3703. {
  3704. byte buff[] = { /* www.paypal.com */
  3705. 0x00, 0x00, 0x00, 0x00, 0xff, 0x01, 0x00, 0x00, 0x60, 0x03, 0x03, 0x5c,
  3706. 0xc4, 0xb3, 0x8c, 0x87, 0xef, 0xa4, 0x09, 0xe0, 0x02, 0xab, 0x86, 0xca,
  3707. 0x76, 0xf0, 0x9e, 0x01, 0x65, 0xf6, 0xa6, 0x06, 0x13, 0x1d, 0x0f, 0xa5,
  3708. 0x79, 0xb0, 0xd4, 0x77, 0x22, 0xeb, 0x1a, 0x00, 0x00, 0x16, 0x00, 0x6b,
  3709. 0x00, 0x67, 0x00, 0x39, 0x00, 0x33, 0x00, 0x3d, 0x00, 0x3c, 0x00, 0x35,
  3710. 0x00, 0x2f, 0x00, 0x05, 0x00, 0x04, 0x00, 0x0a, 0x01, 0x00, 0x00, 0x21,
  3711. 0x00, 0x00, 0x00, 0x13, 0x00, 0x11, 0x00, 0x00, 0x0e, 0x77, 0x77, 0x77,
  3712. 0x2e, 0x70, 0x61, 0x79, 0x70, 0x61, 0x6c, 0x2e, 0x63, 0x6f, 0x6d, 0x00,
  3713. 0x0d, 0x00, 0x06, 0x00, 0x04, 0x04, 0x01, 0x02, 0x01
  3714. };
  3715. byte buff2[] = { /* api.textmate.org */
  3716. 0x16, 0x03, 0x01, 0x00, 0xc6, 0x01, 0x00, 0x00, 0xc2, 0x03, 0x03, 0x52,
  3717. 0x8b, 0x7b, 0xca, 0x69, 0xec, 0x97, 0xd5, 0x08, 0x03, 0x50, 0xfe, 0x3b,
  3718. 0x99, 0xc3, 0x20, 0xce, 0xa5, 0xf6, 0x99, 0xa5, 0x71, 0xf9, 0x57, 0x7f,
  3719. 0x04, 0x38, 0xf6, 0x11, 0x0b, 0xb8, 0xd3, 0x00, 0x00, 0x5e, 0x00, 0xff,
  3720. 0xc0, 0x24, 0xc0, 0x23, 0xc0, 0x0a, 0xc0, 0x09, 0xc0, 0x07, 0xc0, 0x08,
  3721. 0xc0, 0x28, 0xc0, 0x27, 0xc0, 0x14, 0xc0, 0x13, 0xc0, 0x11, 0xc0, 0x12,
  3722. 0xc0, 0x26, 0xc0, 0x25, 0xc0, 0x2a, 0xc0, 0x29, 0xc0, 0x05, 0xc0, 0x04,
  3723. 0xc0, 0x02, 0xc0, 0x03, 0xc0, 0x0f, 0xc0, 0x0e, 0xc0, 0x0c, 0xc0, 0x0d,
  3724. 0x00, 0x3d, 0x00, 0x3c, 0x00, 0x2f, 0x00, 0x05, 0x00, 0x04, 0x00, 0x35,
  3725. 0x00, 0x0a, 0x00, 0x67, 0x00, 0x6b, 0x00, 0x33, 0x00, 0x39, 0x00, 0x16,
  3726. 0x00, 0xaf, 0x00, 0xae, 0x00, 0x8d, 0x00, 0x8c, 0x00, 0x8a, 0x00, 0x8b,
  3727. 0x00, 0xb1, 0x00, 0xb0, 0x00, 0x2c, 0x00, 0x3b, 0x01, 0x00, 0x00, 0x3b,
  3728. 0x00, 0x00, 0x00, 0x15, 0x00, 0x13, 0x00, 0x00, 0x10, 0x61, 0x70, 0x69,
  3729. 0x2e, 0x74, 0x65, 0x78, 0x74, 0x6d, 0x61, 0x74, 0x65, 0x2e, 0x6f, 0x72,
  3730. 0x67, 0x00, 0x0a, 0x00, 0x08, 0x00, 0x06, 0x00, 0x17, 0x00, 0x18, 0x00,
  3731. 0x19, 0x00, 0x0b, 0x00, 0x02, 0x01, 0x00, 0x00, 0x0d, 0x00, 0x0c, 0x00,
  3732. 0x0a, 0x05, 0x01, 0x04, 0x01, 0x02, 0x01, 0x04, 0x03, 0x02, 0x03
  3733. };
  3734. byte buff3[] = { /* no sni extension */
  3735. 0x16, 0x03, 0x03, 0x00, 0x4d, 0x01, 0x00, 0x00, 0x49, 0x03, 0x03, 0xea,
  3736. 0xa1, 0x9f, 0x60, 0xdd, 0x52, 0x12, 0x13, 0xbd, 0x84, 0x34, 0xd5, 0x1c,
  3737. 0x38, 0x25, 0xa8, 0x97, 0xd2, 0xd5, 0xc6, 0x45, 0xaf, 0x1b, 0x08, 0xe4,
  3738. 0x1e, 0xbb, 0xdf, 0x9d, 0x39, 0xf0, 0x65, 0x00, 0x00, 0x16, 0x00, 0x6b,
  3739. 0x00, 0x67, 0x00, 0x39, 0x00, 0x33, 0x00, 0x3d, 0x00, 0x3c, 0x00, 0x35,
  3740. 0x00, 0x2f, 0x00, 0x05, 0x00, 0x04, 0x00, 0x0a, 0x01, 0x00, 0x00, 0x0a,
  3741. 0x00, 0x0d, 0x00, 0x06, 0x00, 0x04, 0x04, 0x01, 0x02, 0x01
  3742. };
  3743. byte buff4[] = { /* last extension has zero size */
  3744. 0x16, 0x03, 0x01, 0x00, 0xba, 0x01, 0x00, 0x00,
  3745. 0xb6, 0x03, 0x03, 0x83, 0xa3, 0xe6, 0xdc, 0x16, 0xa1, 0x43, 0xe9, 0x45,
  3746. 0x15, 0xbd, 0x64, 0xa9, 0xb6, 0x07, 0xb4, 0x50, 0xc6, 0xdd, 0xff, 0xc2,
  3747. 0xd3, 0x0d, 0x4f, 0x36, 0xb4, 0x41, 0x51, 0x61, 0xc1, 0xa5, 0x9e, 0x00,
  3748. 0x00, 0x28, 0xcc, 0x14, 0xcc, 0x13, 0xc0, 0x2b, 0xc0, 0x2f, 0x00, 0x9e,
  3749. 0xc0, 0x0a, 0xc0, 0x09, 0xc0, 0x13, 0xc0, 0x14, 0xc0, 0x07, 0xc0, 0x11,
  3750. 0x00, 0x33, 0x00, 0x32, 0x00, 0x39, 0x00, 0x9c, 0x00, 0x2f, 0x00, 0x35,
  3751. 0x00, 0x0a, 0x00, 0x05, 0x00, 0x04, 0x01, 0x00, 0x00, 0x65, 0xff, 0x01,
  3752. 0x00, 0x01, 0x00, 0x00, 0x0a, 0x00, 0x08, 0x00, 0x06, 0x00, 0x17, 0x00,
  3753. 0x18, 0x00, 0x19, 0x00, 0x0b, 0x00, 0x02, 0x01, 0x00, 0x00, 0x23, 0x00,
  3754. 0x00, 0x33, 0x74, 0x00, 0x00, 0x00, 0x10, 0x00, 0x1b, 0x00, 0x19, 0x06,
  3755. 0x73, 0x70, 0x64, 0x79, 0x2f, 0x33, 0x08, 0x73, 0x70, 0x64, 0x79, 0x2f,
  3756. 0x33, 0x2e, 0x31, 0x08, 0x68, 0x74, 0x74, 0x70, 0x2f, 0x31, 0x2e, 0x31,
  3757. 0x75, 0x50, 0x00, 0x00, 0x00, 0x05, 0x00, 0x05, 0x01, 0x00, 0x00, 0x00,
  3758. 0x00, 0x00, 0x0d, 0x00, 0x12, 0x00, 0x10, 0x04, 0x01, 0x05, 0x01, 0x02,
  3759. 0x01, 0x04, 0x03, 0x05, 0x03, 0x02, 0x03, 0x04, 0x02, 0x02, 0x02, 0x00,
  3760. 0x12, 0x00, 0x00
  3761. };
  3762. byte buff5[] = { /* SSL v2.0 client hello */
  3763. 0x00, 0x2b, 0x01, 0x03, 0x01, 0x00, 0x09, 0x00, 0x00,
  3764. /* dummy bytes bellow, just to pass size check */
  3765. 0xb6, 0x03, 0x03, 0x83, 0xa3, 0xe6, 0xdc, 0x16, 0xa1, 0x43, 0xe9, 0x45,
  3766. 0x15, 0xbd, 0x64, 0xa9, 0xb6, 0x07, 0xb4, 0x50, 0xc6, 0xdd, 0xff, 0xc2,
  3767. 0xd3, 0x0d, 0x4f, 0x36, 0xb4, 0x41, 0x51, 0x61, 0xc1, 0xa5, 0x9e, 0x00,
  3768. };
  3769. byte result[32] = {0};
  3770. word32 length = 32;
  3771. AssertIntEQ(0, wolfSSL_SNI_GetFromBuffer(buff4, sizeof(buff4),
  3772. 0, result, &length));
  3773. AssertIntEQ(0, wolfSSL_SNI_GetFromBuffer(buff3, sizeof(buff3),
  3774. 0, result, &length));
  3775. AssertIntEQ(0, wolfSSL_SNI_GetFromBuffer(buff2, sizeof(buff2),
  3776. 1, result, &length));
  3777. AssertIntEQ(BUFFER_ERROR, wolfSSL_SNI_GetFromBuffer(buff, sizeof(buff),
  3778. 0, result, &length));
  3779. buff[0] = 0x16;
  3780. AssertIntEQ(BUFFER_ERROR, wolfSSL_SNI_GetFromBuffer(buff, sizeof(buff),
  3781. 0, result, &length));
  3782. buff[1] = 0x03;
  3783. AssertIntEQ(SNI_UNSUPPORTED, wolfSSL_SNI_GetFromBuffer(buff,
  3784. sizeof(buff), 0, result, &length));
  3785. buff[2] = 0x03;
  3786. AssertIntEQ(INCOMPLETE_DATA, wolfSSL_SNI_GetFromBuffer(buff,
  3787. sizeof(buff), 0, result, &length));
  3788. buff[4] = 0x64;
  3789. AssertIntEQ(WOLFSSL_SUCCESS, wolfSSL_SNI_GetFromBuffer(buff, sizeof(buff),
  3790. 0, result, &length));
  3791. result[length] = 0;
  3792. AssertStrEQ("www.paypal.com", (const char*) result);
  3793. length = 32;
  3794. AssertIntEQ(WOLFSSL_SUCCESS, wolfSSL_SNI_GetFromBuffer(buff2, sizeof(buff2),
  3795. 0, result, &length));
  3796. result[length] = 0;
  3797. AssertStrEQ("api.textmate.org", (const char*) result);
  3798. /* SSL v2.0 tests */
  3799. AssertIntEQ(SNI_UNSUPPORTED, wolfSSL_SNI_GetFromBuffer(buff5,
  3800. sizeof(buff5), 0, result, &length));
  3801. buff5[2] = 0x02;
  3802. AssertIntEQ(BUFFER_ERROR, wolfSSL_SNI_GetFromBuffer(buff5,
  3803. sizeof(buff5), 0, result, &length));
  3804. buff5[2] = 0x01; buff5[6] = 0x08;
  3805. AssertIntEQ(BUFFER_ERROR, wolfSSL_SNI_GetFromBuffer(buff5,
  3806. sizeof(buff5), 0, result, &length));
  3807. buff5[6] = 0x09; buff5[8] = 0x01;
  3808. AssertIntEQ(BUFFER_ERROR, wolfSSL_SNI_GetFromBuffer(buff5,
  3809. sizeof(buff5), 0, result, &length));
  3810. }
  3811. #endif /* HAVE_SNI */
  3812. static void test_wolfSSL_UseSNI(void)
  3813. {
  3814. #ifdef HAVE_SNI
  3815. test_wolfSSL_UseSNI_params();
  3816. test_wolfSSL_UseSNI_connection();
  3817. test_wolfSSL_SNI_GetFromBuffer();
  3818. #endif
  3819. }
  3820. #endif /* HAVE_IO_TESTS_DEPENDENCIES */
  3821. static void test_wolfSSL_UseTrustedCA(void)
  3822. {
  3823. #if defined(HAVE_TRUSTED_CA) && !defined(NO_CERTS) && !defined(NO_FILESYSTEM)
  3824. WOLFSSL_CTX *ctx;
  3825. WOLFSSL *ssl;
  3826. byte id[20];
  3827. #ifndef NO_WOLFSSL_SERVER
  3828. AssertNotNull((ctx = wolfSSL_CTX_new(wolfSSLv23_server_method())));
  3829. AssertTrue(wolfSSL_CTX_use_certificate_file(ctx, svrCertFile, SSL_FILETYPE_PEM));
  3830. AssertTrue(SSL_CTX_use_PrivateKey_file(ctx, svrKeyFile, SSL_FILETYPE_PEM));
  3831. #else
  3832. AssertNotNull((ctx = wolfSSL_CTX_new(wolfSSLv23_client_method())));
  3833. #endif
  3834. AssertNotNull((ssl = wolfSSL_new(ctx)));
  3835. XMEMSET(id, 0, sizeof(id));
  3836. /* error cases */
  3837. AssertIntNE(WOLFSSL_SUCCESS, wolfSSL_UseTrustedCA(NULL, 0, NULL, 0));
  3838. AssertIntNE(WOLFSSL_SUCCESS, wolfSSL_UseTrustedCA(ssl,
  3839. WOLFSSL_TRUSTED_CA_CERT_SHA1+1, NULL, 0));
  3840. AssertIntNE(WOLFSSL_SUCCESS, wolfSSL_UseTrustedCA(ssl,
  3841. WOLFSSL_TRUSTED_CA_CERT_SHA1, NULL, 0));
  3842. AssertIntNE(WOLFSSL_SUCCESS, wolfSSL_UseTrustedCA(ssl,
  3843. WOLFSSL_TRUSTED_CA_CERT_SHA1, id, 5));
  3844. #ifdef NO_SHA
  3845. AssertIntNE(WOLFSSL_SUCCESS, wolfSSL_UseTrustedCA(ssl,
  3846. WOLFSSL_TRUSTED_CA_KEY_SHA1, id, sizeof(id)));
  3847. #endif
  3848. AssertIntNE(WOLFSSL_SUCCESS, wolfSSL_UseTrustedCA(ssl,
  3849. WOLFSSL_TRUSTED_CA_X509_NAME, id, 0));
  3850. /* success cases */
  3851. AssertIntEQ(WOLFSSL_SUCCESS, wolfSSL_UseTrustedCA(ssl,
  3852. WOLFSSL_TRUSTED_CA_PRE_AGREED, NULL, 0));
  3853. #ifndef NO_SHA
  3854. AssertIntEQ(WOLFSSL_SUCCESS, wolfSSL_UseTrustedCA(ssl,
  3855. WOLFSSL_TRUSTED_CA_KEY_SHA1, id, sizeof(id)));
  3856. #endif
  3857. AssertIntEQ(WOLFSSL_SUCCESS, wolfSSL_UseTrustedCA(ssl,
  3858. WOLFSSL_TRUSTED_CA_X509_NAME, id, 5));
  3859. wolfSSL_free(ssl);
  3860. wolfSSL_CTX_free(ctx);
  3861. #endif /* HAVE_TRUSTED_CA */
  3862. }
  3863. static void test_wolfSSL_UseMaxFragment(void)
  3864. {
  3865. #if defined(HAVE_MAX_FRAGMENT) && !defined(NO_CERTS) && !defined(NO_FILESYSTEM)
  3866. #ifndef NO_WOLFSSL_SERVER
  3867. WOLFSSL_CTX* ctx = wolfSSL_CTX_new(wolfSSLv23_server_method());
  3868. AssertTrue(wolfSSL_CTX_use_certificate_file(ctx, svrCertFile, WOLFSSL_FILETYPE_PEM));
  3869. AssertTrue(SSL_CTX_use_PrivateKey_file(ctx, svrKeyFile, WOLFSSL_FILETYPE_PEM));
  3870. #else
  3871. WOLFSSL_CTX* ctx = wolfSSL_CTX_new(wolfSSLv23_client_method());
  3872. #endif
  3873. WOLFSSL *ssl = wolfSSL_new(ctx);
  3874. AssertNotNull(ctx);
  3875. AssertNotNull(ssl);
  3876. /* error cases */
  3877. AssertIntNE(WOLFSSL_SUCCESS, wolfSSL_CTX_UseMaxFragment(NULL, WOLFSSL_MFL_2_9));
  3878. AssertIntNE(WOLFSSL_SUCCESS, wolfSSL_UseMaxFragment( NULL, WOLFSSL_MFL_2_9));
  3879. AssertIntNE(WOLFSSL_SUCCESS, wolfSSL_CTX_UseMaxFragment(ctx, WOLFSSL_MFL_MIN-1));
  3880. AssertIntNE(WOLFSSL_SUCCESS, wolfSSL_CTX_UseMaxFragment(ctx, WOLFSSL_MFL_MAX+1));
  3881. AssertIntNE(WOLFSSL_SUCCESS, wolfSSL_UseMaxFragment(ssl, WOLFSSL_MFL_MIN-1));
  3882. AssertIntNE(WOLFSSL_SUCCESS, wolfSSL_UseMaxFragment(ssl, WOLFSSL_MFL_MAX+1));
  3883. /* success case */
  3884. AssertIntEQ(WOLFSSL_SUCCESS, wolfSSL_CTX_UseMaxFragment(ctx, WOLFSSL_MFL_2_8));
  3885. AssertIntEQ(WOLFSSL_SUCCESS, wolfSSL_CTX_UseMaxFragment(ctx, WOLFSSL_MFL_2_9));
  3886. AssertIntEQ(WOLFSSL_SUCCESS, wolfSSL_CTX_UseMaxFragment(ctx, WOLFSSL_MFL_2_10));
  3887. AssertIntEQ(WOLFSSL_SUCCESS, wolfSSL_CTX_UseMaxFragment(ctx, WOLFSSL_MFL_2_11));
  3888. AssertIntEQ(WOLFSSL_SUCCESS, wolfSSL_CTX_UseMaxFragment(ctx, WOLFSSL_MFL_2_12));
  3889. AssertIntEQ(WOLFSSL_SUCCESS, wolfSSL_CTX_UseMaxFragment(ctx, WOLFSSL_MFL_2_13));
  3890. AssertIntEQ(WOLFSSL_SUCCESS, wolfSSL_UseMaxFragment( ssl, WOLFSSL_MFL_2_8));
  3891. AssertIntEQ(WOLFSSL_SUCCESS, wolfSSL_UseMaxFragment( ssl, WOLFSSL_MFL_2_9));
  3892. AssertIntEQ(WOLFSSL_SUCCESS, wolfSSL_UseMaxFragment( ssl, WOLFSSL_MFL_2_10));
  3893. AssertIntEQ(WOLFSSL_SUCCESS, wolfSSL_UseMaxFragment( ssl, WOLFSSL_MFL_2_11));
  3894. AssertIntEQ(WOLFSSL_SUCCESS, wolfSSL_UseMaxFragment( ssl, WOLFSSL_MFL_2_12));
  3895. AssertIntEQ(WOLFSSL_SUCCESS, wolfSSL_UseMaxFragment( ssl, WOLFSSL_MFL_2_13));
  3896. wolfSSL_free(ssl);
  3897. wolfSSL_CTX_free(ctx);
  3898. #endif
  3899. }
  3900. static void test_wolfSSL_UseTruncatedHMAC(void)
  3901. {
  3902. #if defined(HAVE_TRUNCATED_HMAC) && !defined(NO_CERTS) && !defined(NO_FILESYSTEM)
  3903. #ifndef NO_WOLFSSL_SERVER
  3904. WOLFSSL_CTX* ctx = wolfSSL_CTX_new(wolfSSLv23_server_method());
  3905. AssertTrue(wolfSSL_CTX_use_certificate_file(ctx, svrCertFile, WOLFSSL_FILETYPE_PEM));
  3906. AssertTrue(SSL_CTX_use_PrivateKey_file(ctx, svrKeyFile, WOLFSSL_FILETYPE_PEM));
  3907. #else
  3908. WOLFSSL_CTX* ctx = wolfSSL_CTX_new(wolfSSLv23_client_method());
  3909. #endif
  3910. WOLFSSL *ssl = wolfSSL_new(ctx);
  3911. AssertNotNull(ctx);
  3912. AssertNotNull(ssl);
  3913. /* error cases */
  3914. AssertIntNE(WOLFSSL_SUCCESS, wolfSSL_CTX_UseTruncatedHMAC(NULL));
  3915. AssertIntNE(WOLFSSL_SUCCESS, wolfSSL_UseTruncatedHMAC(NULL));
  3916. /* success case */
  3917. AssertIntEQ(WOLFSSL_SUCCESS, wolfSSL_CTX_UseTruncatedHMAC(ctx));
  3918. AssertIntEQ(WOLFSSL_SUCCESS, wolfSSL_UseTruncatedHMAC(ssl));
  3919. wolfSSL_free(ssl);
  3920. wolfSSL_CTX_free(ctx);
  3921. #endif
  3922. }
  3923. static void test_wolfSSL_UseSupportedCurve(void)
  3924. {
  3925. #if defined(HAVE_SUPPORTED_CURVES) && !defined(NO_WOLFSSL_CLIENT) && !defined(NO_TLS)
  3926. WOLFSSL_CTX* ctx = wolfSSL_CTX_new(wolfSSLv23_client_method());
  3927. WOLFSSL *ssl = wolfSSL_new(ctx);
  3928. AssertNotNull(ctx);
  3929. AssertNotNull(ssl);
  3930. /* error cases */
  3931. AssertIntNE(WOLFSSL_SUCCESS,
  3932. wolfSSL_CTX_UseSupportedCurve(NULL, WOLFSSL_ECC_SECP256R1));
  3933. AssertIntNE(WOLFSSL_SUCCESS, wolfSSL_CTX_UseSupportedCurve(ctx, 0));
  3934. AssertIntNE(WOLFSSL_SUCCESS,
  3935. wolfSSL_UseSupportedCurve(NULL, WOLFSSL_ECC_SECP256R1));
  3936. AssertIntNE(WOLFSSL_SUCCESS, wolfSSL_UseSupportedCurve(ssl, 0));
  3937. /* success case */
  3938. AssertIntEQ(WOLFSSL_SUCCESS,
  3939. wolfSSL_CTX_UseSupportedCurve(ctx, WOLFSSL_ECC_SECP256R1));
  3940. AssertIntEQ(WOLFSSL_SUCCESS,
  3941. wolfSSL_UseSupportedCurve(ssl, WOLFSSL_ECC_SECP256R1));
  3942. wolfSSL_free(ssl);
  3943. wolfSSL_CTX_free(ctx);
  3944. #endif
  3945. }
  3946. #if defined(HAVE_ALPN) && !defined(NO_WOLFSSL_SERVER) && \
  3947. defined(HAVE_IO_TESTS_DEPENDENCIES)
  3948. static void verify_ALPN_FATAL_ERROR_on_client(WOLFSSL* ssl)
  3949. {
  3950. AssertIntEQ(UNKNOWN_ALPN_PROTOCOL_NAME_E, wolfSSL_get_error(ssl, 0));
  3951. }
  3952. static void use_ALPN_all(WOLFSSL* ssl)
  3953. {
  3954. /* http/1.1,spdy/1,spdy/2,spdy/3 */
  3955. char alpn_list[] = {0x68, 0x74, 0x74, 0x70, 0x2f, 0x31, 0x2e, 0x31, 0x2c,
  3956. 0x73, 0x70, 0x64, 0x79, 0x2f, 0x31, 0x2c,
  3957. 0x73, 0x70, 0x64, 0x79, 0x2f, 0x32, 0x2c,
  3958. 0x73, 0x70, 0x64, 0x79, 0x2f, 0x33};
  3959. AssertIntEQ(WOLFSSL_SUCCESS, wolfSSL_UseALPN(ssl, alpn_list, sizeof(alpn_list),
  3960. WOLFSSL_ALPN_FAILED_ON_MISMATCH));
  3961. }
  3962. static void use_ALPN_all_continue(WOLFSSL* ssl)
  3963. {
  3964. /* http/1.1,spdy/1,spdy/2,spdy/3 */
  3965. char alpn_list[] = {0x68, 0x74, 0x74, 0x70, 0x2f, 0x31, 0x2e, 0x31, 0x2c,
  3966. 0x73, 0x70, 0x64, 0x79, 0x2f, 0x31, 0x2c,
  3967. 0x73, 0x70, 0x64, 0x79, 0x2f, 0x32, 0x2c,
  3968. 0x73, 0x70, 0x64, 0x79, 0x2f, 0x33};
  3969. AssertIntEQ(WOLFSSL_SUCCESS, wolfSSL_UseALPN(ssl, alpn_list, sizeof(alpn_list),
  3970. WOLFSSL_ALPN_CONTINUE_ON_MISMATCH));
  3971. }
  3972. static void use_ALPN_one(WOLFSSL* ssl)
  3973. {
  3974. /* spdy/2 */
  3975. char proto[] = {0x73, 0x70, 0x64, 0x79, 0x2f, 0x32};
  3976. AssertIntEQ(WOLFSSL_SUCCESS, wolfSSL_UseALPN(ssl, proto, sizeof(proto),
  3977. WOLFSSL_ALPN_FAILED_ON_MISMATCH));
  3978. }
  3979. static void use_ALPN_unknown(WOLFSSL* ssl)
  3980. {
  3981. /* http/2.0 */
  3982. char proto[] = {0x68, 0x74, 0x74, 0x70, 0x2f, 0x32, 0x2e, 0x30};
  3983. AssertIntEQ(WOLFSSL_SUCCESS, wolfSSL_UseALPN(ssl, proto, sizeof(proto),
  3984. WOLFSSL_ALPN_FAILED_ON_MISMATCH));
  3985. }
  3986. static void use_ALPN_unknown_continue(WOLFSSL* ssl)
  3987. {
  3988. /* http/2.0 */
  3989. char proto[] = {0x68, 0x74, 0x74, 0x70, 0x2f, 0x32, 0x2e, 0x30};
  3990. AssertIntEQ(WOLFSSL_SUCCESS, wolfSSL_UseALPN(ssl, proto, sizeof(proto),
  3991. WOLFSSL_ALPN_CONTINUE_ON_MISMATCH));
  3992. }
  3993. static void verify_ALPN_not_matching_spdy3(WOLFSSL* ssl)
  3994. {
  3995. /* spdy/3 */
  3996. char nego_proto[] = {0x73, 0x70, 0x64, 0x79, 0x2f, 0x33};
  3997. char *proto = NULL;
  3998. word16 protoSz = 0;
  3999. AssertIntEQ(WOLFSSL_SUCCESS, wolfSSL_ALPN_GetProtocol(ssl, &proto, &protoSz));
  4000. /* check value */
  4001. AssertIntNE(1, sizeof(nego_proto) == protoSz);
  4002. if (proto) {
  4003. AssertIntNE(0, XMEMCMP(nego_proto, proto, sizeof(nego_proto)));
  4004. }
  4005. }
  4006. static void verify_ALPN_not_matching_continue(WOLFSSL* ssl)
  4007. {
  4008. char *proto = NULL;
  4009. word16 protoSz = 0;
  4010. AssertIntEQ(WOLFSSL_ALPN_NOT_FOUND,
  4011. wolfSSL_ALPN_GetProtocol(ssl, &proto, &protoSz));
  4012. /* check value */
  4013. AssertIntEQ(1, (0 == protoSz));
  4014. AssertIntEQ(1, (NULL == proto));
  4015. }
  4016. static void verify_ALPN_matching_http1(WOLFSSL* ssl)
  4017. {
  4018. /* http/1.1 */
  4019. char nego_proto[] = {0x68, 0x74, 0x74, 0x70, 0x2f, 0x31, 0x2e, 0x31};
  4020. char *proto;
  4021. word16 protoSz = 0;
  4022. AssertIntEQ(WOLFSSL_SUCCESS, wolfSSL_ALPN_GetProtocol(ssl, &proto, &protoSz));
  4023. /* check value */
  4024. AssertIntEQ(1, sizeof(nego_proto) == protoSz);
  4025. AssertIntEQ(0, XMEMCMP(nego_proto, proto, protoSz));
  4026. }
  4027. static void verify_ALPN_matching_spdy2(WOLFSSL* ssl)
  4028. {
  4029. /* spdy/2 */
  4030. char nego_proto[] = {0x73, 0x70, 0x64, 0x79, 0x2f, 0x32};
  4031. char *proto;
  4032. word16 protoSz = 0;
  4033. AssertIntEQ(WOLFSSL_SUCCESS, wolfSSL_ALPN_GetProtocol(ssl, &proto, &protoSz));
  4034. /* check value */
  4035. AssertIntEQ(1, sizeof(nego_proto) == protoSz);
  4036. AssertIntEQ(0, XMEMCMP(nego_proto, proto, protoSz));
  4037. }
  4038. static void verify_ALPN_client_list(WOLFSSL* ssl)
  4039. {
  4040. /* http/1.1,spdy/1,spdy/2,spdy/3 */
  4041. char alpn_list[] = {0x68, 0x74, 0x74, 0x70, 0x2f, 0x31, 0x2e, 0x31, 0x2c,
  4042. 0x73, 0x70, 0x64, 0x79, 0x2f, 0x31, 0x2c,
  4043. 0x73, 0x70, 0x64, 0x79, 0x2f, 0x32, 0x2c,
  4044. 0x73, 0x70, 0x64, 0x79, 0x2f, 0x33};
  4045. char *clist = NULL;
  4046. word16 clistSz = 0;
  4047. AssertIntEQ(WOLFSSL_SUCCESS, wolfSSL_ALPN_GetPeerProtocol(ssl, &clist,
  4048. &clistSz));
  4049. /* check value */
  4050. AssertIntEQ(1, sizeof(alpn_list) == clistSz);
  4051. AssertIntEQ(0, XMEMCMP(alpn_list, clist, clistSz));
  4052. AssertIntEQ(WOLFSSL_SUCCESS, wolfSSL_ALPN_FreePeerProtocol(ssl, &clist));
  4053. }
  4054. static void test_wolfSSL_UseALPN_connection(void)
  4055. {
  4056. unsigned long i;
  4057. callback_functions callbacks[] = {
  4058. /* success case same list */
  4059. {0, 0, use_ALPN_all, 0, 0, 0},
  4060. {0, 0, use_ALPN_all, verify_ALPN_matching_http1, 0, 0},
  4061. /* success case only one for server */
  4062. {0, 0, use_ALPN_all, 0, 0, 0},
  4063. {0, 0, use_ALPN_one, verify_ALPN_matching_spdy2, 0, 0},
  4064. /* success case only one for client */
  4065. {0, 0, use_ALPN_one, 0, 0, 0},
  4066. {0, 0, use_ALPN_all, verify_ALPN_matching_spdy2, 0, 0},
  4067. /* success case none for client */
  4068. {0, 0, 0, 0, 0, 0},
  4069. {0, 0, use_ALPN_all, 0, 0, 0},
  4070. /* success case mismatch behavior but option 'continue' set */
  4071. {0, 0, use_ALPN_all_continue, verify_ALPN_not_matching_continue, 0, 0},
  4072. {0, 0, use_ALPN_unknown_continue, 0, 0, 0},
  4073. /* success case read protocol send by client */
  4074. {0, 0, use_ALPN_all, 0, 0, 0},
  4075. {0, 0, use_ALPN_one, verify_ALPN_client_list, 0, 0},
  4076. /* mismatch behavior with same list
  4077. * the first and only this one must be taken */
  4078. {0, 0, use_ALPN_all, 0, 0, 0},
  4079. {0, 0, use_ALPN_all, verify_ALPN_not_matching_spdy3, 0, 0},
  4080. /* default mismatch behavior */
  4081. {0, 0, use_ALPN_all, 0, 0, 0},
  4082. {0, 0, use_ALPN_unknown, verify_ALPN_FATAL_ERROR_on_client, 0, 0},
  4083. };
  4084. for (i = 0; i < sizeof(callbacks) / sizeof(callback_functions); i += 2) {
  4085. callbacks[i ].method = wolfSSLv23_client_method;
  4086. callbacks[i + 1].method = wolfSSLv23_server_method;
  4087. test_wolfSSL_client_server(&callbacks[i], &callbacks[i + 1]);
  4088. }
  4089. }
  4090. static void test_wolfSSL_UseALPN_params(void)
  4091. {
  4092. #ifndef NO_WOLFSSL_CLIENT
  4093. /* "http/1.1" */
  4094. char http1[] = {0x68, 0x74, 0x74, 0x70, 0x2f, 0x31, 0x2e, 0x31};
  4095. /* "spdy/1" */
  4096. char spdy1[] = {0x73, 0x70, 0x64, 0x79, 0x2f, 0x31};
  4097. /* "spdy/2" */
  4098. char spdy2[] = {0x73, 0x70, 0x64, 0x79, 0x2f, 0x32};
  4099. /* "spdy/3" */
  4100. char spdy3[] = {0x73, 0x70, 0x64, 0x79, 0x2f, 0x33};
  4101. char buff[256];
  4102. word32 idx;
  4103. WOLFSSL_CTX *ctx = wolfSSL_CTX_new(wolfSSLv23_client_method());
  4104. WOLFSSL *ssl = wolfSSL_new(ctx);
  4105. AssertNotNull(ctx);
  4106. AssertNotNull(ssl);
  4107. /* error cases */
  4108. AssertIntNE(WOLFSSL_SUCCESS,
  4109. wolfSSL_UseALPN(NULL, http1, sizeof(http1),
  4110. WOLFSSL_ALPN_FAILED_ON_MISMATCH));
  4111. AssertIntNE(WOLFSSL_SUCCESS, wolfSSL_UseALPN(ssl, NULL, 0,
  4112. WOLFSSL_ALPN_FAILED_ON_MISMATCH));
  4113. /* success case */
  4114. /* http1 only */
  4115. AssertIntEQ(WOLFSSL_SUCCESS,
  4116. wolfSSL_UseALPN(ssl, http1, sizeof(http1),
  4117. WOLFSSL_ALPN_FAILED_ON_MISMATCH));
  4118. /* http1, spdy1 */
  4119. XMEMCPY(buff, http1, sizeof(http1));
  4120. idx = sizeof(http1);
  4121. buff[idx++] = ',';
  4122. XMEMCPY(buff+idx, spdy1, sizeof(spdy1));
  4123. idx += sizeof(spdy1);
  4124. AssertIntEQ(WOLFSSL_SUCCESS, wolfSSL_UseALPN(ssl, buff, idx,
  4125. WOLFSSL_ALPN_FAILED_ON_MISMATCH));
  4126. /* http1, spdy2, spdy1 */
  4127. XMEMCPY(buff, http1, sizeof(http1));
  4128. idx = sizeof(http1);
  4129. buff[idx++] = ',';
  4130. XMEMCPY(buff+idx, spdy2, sizeof(spdy2));
  4131. idx += sizeof(spdy2);
  4132. buff[idx++] = ',';
  4133. XMEMCPY(buff+idx, spdy1, sizeof(spdy1));
  4134. idx += sizeof(spdy1);
  4135. AssertIntEQ(WOLFSSL_SUCCESS, wolfSSL_UseALPN(ssl, buff, idx,
  4136. WOLFSSL_ALPN_FAILED_ON_MISMATCH));
  4137. /* spdy3, http1, spdy2, spdy1 */
  4138. XMEMCPY(buff, spdy3, sizeof(spdy3));
  4139. idx = sizeof(spdy3);
  4140. buff[idx++] = ',';
  4141. XMEMCPY(buff+idx, http1, sizeof(http1));
  4142. idx += sizeof(http1);
  4143. buff[idx++] = ',';
  4144. XMEMCPY(buff+idx, spdy2, sizeof(spdy2));
  4145. idx += sizeof(spdy2);
  4146. buff[idx++] = ',';
  4147. XMEMCPY(buff+idx, spdy1, sizeof(spdy1));
  4148. idx += sizeof(spdy1);
  4149. AssertIntEQ(WOLFSSL_SUCCESS, wolfSSL_UseALPN(ssl, buff, idx,
  4150. WOLFSSL_ALPN_CONTINUE_ON_MISMATCH));
  4151. wolfSSL_free(ssl);
  4152. wolfSSL_CTX_free(ctx);
  4153. #endif
  4154. }
  4155. #endif /* HAVE_ALPN */
  4156. static void test_wolfSSL_UseALPN(void)
  4157. {
  4158. #if defined(HAVE_ALPN) && !defined(NO_WOLFSSL_SERVER) &&\
  4159. defined(HAVE_IO_TESTS_DEPENDENCIES)
  4160. test_wolfSSL_UseALPN_connection();
  4161. test_wolfSSL_UseALPN_params();
  4162. #endif
  4163. }
  4164. static void test_wolfSSL_DisableExtendedMasterSecret(void)
  4165. {
  4166. #if defined(HAVE_EXTENDED_MASTER) && !defined(NO_WOLFSSL_CLIENT)
  4167. WOLFSSL_CTX *ctx = wolfSSL_CTX_new(wolfSSLv23_client_method());
  4168. WOLFSSL *ssl = wolfSSL_new(ctx);
  4169. AssertNotNull(ctx);
  4170. AssertNotNull(ssl);
  4171. /* error cases */
  4172. AssertIntNE(WOLFSSL_SUCCESS, wolfSSL_CTX_DisableExtendedMasterSecret(NULL));
  4173. AssertIntNE(WOLFSSL_SUCCESS, wolfSSL_DisableExtendedMasterSecret(NULL));
  4174. /* success cases */
  4175. AssertIntEQ(WOLFSSL_SUCCESS, wolfSSL_CTX_DisableExtendedMasterSecret(ctx));
  4176. AssertIntEQ(WOLFSSL_SUCCESS, wolfSSL_DisableExtendedMasterSecret(ssl));
  4177. wolfSSL_free(ssl);
  4178. wolfSSL_CTX_free(ctx);
  4179. #endif
  4180. }
  4181. static void test_wolfSSL_wolfSSL_UseSecureRenegotiation(void)
  4182. {
  4183. #if defined(HAVE_SECURE_RENEGOTIATION) && !defined(NO_WOLFSSL_CLIENT)
  4184. WOLFSSL_CTX *ctx = wolfSSL_CTX_new(wolfSSLv23_client_method());
  4185. WOLFSSL *ssl = wolfSSL_new(ctx);
  4186. AssertNotNull(ctx);
  4187. AssertNotNull(ssl);
  4188. /* error cases */
  4189. AssertIntNE(WOLFSSL_SUCCESS, wolfSSL_CTX_UseSecureRenegotiation(NULL));
  4190. AssertIntNE(WOLFSSL_SUCCESS, wolfSSL_UseSecureRenegotiation(NULL));
  4191. /* success cases */
  4192. AssertIntEQ(WOLFSSL_SUCCESS, wolfSSL_CTX_UseSecureRenegotiation(ctx));
  4193. AssertIntEQ(WOLFSSL_SUCCESS, wolfSSL_UseSecureRenegotiation(ssl));
  4194. wolfSSL_free(ssl);
  4195. wolfSSL_CTX_free(ctx);
  4196. #endif
  4197. }
  4198. /*----------------------------------------------------------------------------*
  4199. | X509 Tests
  4200. *----------------------------------------------------------------------------*/
  4201. static void test_wolfSSL_X509_NAME_get_entry(void)
  4202. {
  4203. #if !defined(NO_CERTS) && !defined(NO_RSA)
  4204. #if defined(OPENSSL_ALL) || \
  4205. (defined(OPENSSL_EXTRA) && \
  4206. (defined(KEEP_PEER_CERT) || defined(SESSION_CERTS)))
  4207. printf(testingFmt, "wolfSSL_X509_NAME_get_entry()");
  4208. {
  4209. /* use openssl like name to test mapping */
  4210. X509_NAME_ENTRY* ne;
  4211. X509_NAME* name;
  4212. X509* x509;
  4213. #ifndef NO_FILESYSTEM
  4214. ASN1_STRING* asn;
  4215. char* subCN = NULL;
  4216. #endif
  4217. int idx;
  4218. ASN1_OBJECT *object = NULL;
  4219. #if defined(WOLFSSL_APACHE_HTTPD) || defined(OPENSSL_ALL) || defined(WOLFSSL_NGINX)
  4220. #ifndef NO_BIO
  4221. BIO* bio;
  4222. #endif
  4223. #endif
  4224. #ifndef NO_FILESYSTEM
  4225. x509 = wolfSSL_X509_load_certificate_file(cliCertFile, WOLFSSL_FILETYPE_PEM);
  4226. AssertNotNull(x509);
  4227. name = X509_get_subject_name(x509);
  4228. idx = X509_NAME_get_index_by_NID(name, NID_commonName, -1);
  4229. AssertIntGE(idx, 0);
  4230. ne = X509_NAME_get_entry(name, idx);
  4231. AssertNotNull(ne);
  4232. asn = X509_NAME_ENTRY_get_data(ne);
  4233. AssertNotNull(asn);
  4234. subCN = (char*)ASN1_STRING_data(asn);
  4235. AssertNotNull(subCN);
  4236. wolfSSL_FreeX509(x509);
  4237. #endif
  4238. x509 = wolfSSL_X509_load_certificate_file(cliCertFile, WOLFSSL_FILETYPE_PEM);
  4239. AssertNotNull(x509);
  4240. name = X509_get_subject_name(x509);
  4241. idx = X509_NAME_get_index_by_NID(name, NID_commonName, -1);
  4242. AssertIntGE(idx, 0);
  4243. #if defined(WOLFSSL_APACHE_HTTPD) || defined(OPENSSL_ALL) || defined(WOLFSSL_NGINX)
  4244. #ifndef NO_BIO
  4245. AssertNotNull(bio = BIO_new(BIO_s_mem()));
  4246. AssertIntEQ(X509_NAME_print_ex(bio, name, 4,
  4247. (XN_FLAG_RFC2253 & ~XN_FLAG_DN_REV)), WOLFSSL_SUCCESS);
  4248. AssertIntEQ(X509_NAME_print_ex_fp(stdout, name, 4,
  4249. (XN_FLAG_RFC2253 & ~XN_FLAG_DN_REV)), WOLFSSL_SUCCESS);
  4250. BIO_free(bio);
  4251. #endif
  4252. #endif
  4253. ne = X509_NAME_get_entry(name, idx);
  4254. AssertNotNull(ne);
  4255. AssertNotNull(object = X509_NAME_ENTRY_get_object(ne));
  4256. wolfSSL_FreeX509(x509);
  4257. }
  4258. printf(resultFmt, passed);
  4259. #endif /* OPENSSL_ALL || (OPENSSL_EXTRA && (KEEP_PEER_CERT || SESSION_CERTS) */
  4260. #endif /* !NO_CERTS && !NO_RSA */
  4261. }
  4262. /* Testing functions dealing with PKCS12 parsing out X509 certs */
  4263. static void test_wolfSSL_PKCS12(void)
  4264. {
  4265. /* .p12 file is encrypted with DES3 */
  4266. #ifndef HAVE_FIPS /* Password used in cert "wolfSSL test" is only 12-bytes
  4267. * (96-bit) FIPS mode requires Minimum of 14-byte (112-bit)
  4268. * Password Key
  4269. */
  4270. #if defined(OPENSSL_EXTRA) && !defined(NO_DES3) && !defined(NO_FILESYSTEM) && \
  4271. !defined(NO_ASN) && !defined(NO_PWDBASED) && !defined(NO_RSA) && \
  4272. !defined(NO_SHA) && defined(HAVE_PKCS12)
  4273. byte buffer[6000];
  4274. char file[] = "./certs/test-servercert.p12";
  4275. char order[] = "./certs/ecc-rsa-server.p12";
  4276. #ifdef WC_RC2
  4277. char rc2p12[] = "./certs/test-servercert-rc2.p12";
  4278. #endif
  4279. char pass[] = "a password";
  4280. #ifdef HAVE_ECC
  4281. WOLFSSL_X509_NAME* subject;
  4282. WOLFSSL_X509 *x509;
  4283. #endif
  4284. XFILE f;
  4285. int bytes, ret;
  4286. WOLFSSL_BIO *bio;
  4287. WOLFSSL_EVP_PKEY *pkey;
  4288. WC_PKCS12 *pkcs12;
  4289. WC_PKCS12 *pkcs12_2;
  4290. WOLFSSL_X509 *cert;
  4291. WOLFSSL_X509 *tmp;
  4292. WOLF_STACK_OF(WOLFSSL_X509) *ca;
  4293. #if (defined(OPENSSL_ALL) || defined(WOLFSSL_ASIO) || defined(WOLFSSL_HAPROXY) \
  4294. || defined(WOLFSSL_NGINX)) && defined(SESSION_CERTS)
  4295. WOLFSSL_CTX *ctx;
  4296. WOLFSSL *ssl;
  4297. WOLF_STACK_OF(WOLFSSL_X509) *tmp_ca = NULL;
  4298. #endif
  4299. printf(testingFmt, "wolfSSL_PKCS12()");
  4300. f = XFOPEN(file, "rb");
  4301. AssertTrue((f != XBADFILE));
  4302. bytes = (int)XFREAD(buffer, 1, sizeof(buffer), f);
  4303. XFCLOSE(f);
  4304. bio = BIO_new_mem_buf((void*)buffer, bytes);
  4305. AssertNotNull(bio);
  4306. pkcs12 = d2i_PKCS12_bio(bio, NULL);
  4307. AssertNotNull(pkcs12);
  4308. PKCS12_free(pkcs12);
  4309. d2i_PKCS12_bio(bio, &pkcs12);
  4310. AssertNotNull(pkcs12);
  4311. BIO_free(bio);
  4312. /* check verify MAC fail case */
  4313. ret = PKCS12_parse(pkcs12, "bad", &pkey, &cert, NULL);
  4314. AssertIntEQ(ret, 0);
  4315. AssertNull(pkey);
  4316. AssertNull(cert);
  4317. /* check parse with no extra certs kept */
  4318. ret = PKCS12_parse(pkcs12, "wolfSSL test", &pkey, &cert, NULL);
  4319. AssertIntEQ(ret, 1);
  4320. AssertNotNull(pkey);
  4321. AssertNotNull(cert);
  4322. wolfSSL_EVP_PKEY_free(pkey);
  4323. wolfSSL_X509_free(cert);
  4324. /* check parse with extra certs kept */
  4325. ret = PKCS12_parse(pkcs12, "wolfSSL test", &pkey, &cert, &ca);
  4326. AssertIntEQ(ret, 1);
  4327. AssertNotNull(pkey);
  4328. AssertNotNull(cert);
  4329. AssertNotNull(ca);
  4330. #if (defined(OPENSSL_ALL) || defined(WOLFSSL_ASIO) || defined(WOLFSSL_HAPROXY) \
  4331. || defined(WOLFSSL_NGINX)) && defined(SESSION_CERTS)
  4332. /* Check that SSL_CTX_set0_chain correctly sets the certChain buffer */
  4333. #if !defined(NO_WOLFSSL_CLIENT) && defined(SESSION_CERTS)
  4334. AssertNotNull(ctx = wolfSSL_CTX_new(wolfSSLv23_client_method()));
  4335. #else
  4336. AssertNotNull(ctx = wolfSSL_CTX_new(wolfSSLv23_server_method()));
  4337. #endif
  4338. /* Copy stack structure */
  4339. AssertNotNull(tmp_ca = sk_X509_dup(ca));
  4340. AssertIntEQ(SSL_CTX_set0_chain(ctx, tmp_ca), 1);
  4341. /* CTX now owns the tmp_ca stack structure */
  4342. tmp_ca = NULL;
  4343. AssertIntEQ(wolfSSL_CTX_get_extra_chain_certs(ctx, &tmp_ca), 1);
  4344. AssertNotNull(tmp_ca);
  4345. AssertIntEQ(sk_X509_num(tmp_ca), sk_X509_num(ca));
  4346. /* Check that the main cert is also set */
  4347. AssertNotNull(SSL_CTX_get0_certificate(ctx));
  4348. AssertNotNull(ssl = SSL_new(ctx));
  4349. AssertNotNull(SSL_get_certificate(ssl));
  4350. SSL_free(ssl);
  4351. SSL_CTX_free(ctx);
  4352. #endif
  4353. /* should be 2 other certs on stack */
  4354. tmp = sk_X509_pop(ca);
  4355. AssertNotNull(tmp);
  4356. X509_free(tmp);
  4357. tmp = sk_X509_pop(ca);
  4358. AssertNotNull(tmp);
  4359. X509_free(tmp);
  4360. AssertNull(sk_X509_pop(ca));
  4361. EVP_PKEY_free(pkey);
  4362. X509_free(cert);
  4363. sk_X509_pop_free(ca, X509_free);
  4364. /* check PKCS12_create */
  4365. AssertNull(PKCS12_create(pass, NULL, NULL, NULL, NULL, -1, -1, -1, -1,0));
  4366. AssertIntEQ(PKCS12_parse(pkcs12, "wolfSSL test", &pkey, &cert, &ca),
  4367. SSL_SUCCESS);
  4368. AssertNotNull((pkcs12_2 = PKCS12_create(pass, NULL, pkey, cert, ca,
  4369. -1, -1, 100, -1, 0)));
  4370. EVP_PKEY_free(pkey);
  4371. X509_free(cert);
  4372. sk_X509_free(ca);
  4373. AssertIntEQ(PKCS12_parse(pkcs12_2, "a password", &pkey, &cert, &ca),
  4374. SSL_SUCCESS);
  4375. PKCS12_free(pkcs12_2);
  4376. AssertNotNull((pkcs12_2 = PKCS12_create(pass, NULL, pkey, cert, ca,
  4377. NID_pbe_WithSHA1And3_Key_TripleDES_CBC,
  4378. NID_pbe_WithSHA1And3_Key_TripleDES_CBC,
  4379. 2000, 1, 0)));
  4380. EVP_PKEY_free(pkey);
  4381. X509_free(cert);
  4382. sk_X509_free(ca);
  4383. /* convert to DER then back and parse */
  4384. AssertNotNull(bio = BIO_new(BIO_s_mem()));
  4385. AssertIntEQ(i2d_PKCS12_bio(bio, pkcs12_2), SSL_SUCCESS);
  4386. PKCS12_free(pkcs12_2);
  4387. AssertNotNull(pkcs12_2 = d2i_PKCS12_bio(bio, NULL));
  4388. BIO_free(bio);
  4389. AssertIntEQ(PKCS12_parse(pkcs12_2, "a password", &pkey, &cert, &ca),
  4390. SSL_SUCCESS);
  4391. /* should be 2 other certs on stack */
  4392. tmp = sk_X509_pop(ca);
  4393. AssertNotNull(tmp);
  4394. X509_free(tmp);
  4395. tmp = sk_X509_pop(ca);
  4396. AssertNotNull(tmp);
  4397. X509_free(tmp);
  4398. AssertNull(sk_X509_pop(ca));
  4399. #ifndef NO_RC4
  4400. PKCS12_free(pkcs12_2);
  4401. AssertNotNull((pkcs12_2 = PKCS12_create(pass, NULL, pkey, cert, NULL,
  4402. NID_pbe_WithSHA1And128BitRC4,
  4403. NID_pbe_WithSHA1And128BitRC4,
  4404. 2000, 1, 0)));
  4405. EVP_PKEY_free(pkey);
  4406. X509_free(cert);
  4407. sk_X509_free(ca);
  4408. AssertIntEQ(PKCS12_parse(pkcs12_2, "a password", &pkey, &cert, &ca),
  4409. SSL_SUCCESS);
  4410. #endif /* NO_RC4 */
  4411. EVP_PKEY_free(pkey);
  4412. X509_free(cert);
  4413. PKCS12_free(pkcs12);
  4414. PKCS12_free(pkcs12_2);
  4415. sk_X509_free(ca);
  4416. #ifdef HAVE_ECC
  4417. /* test order of parsing */
  4418. f = XFOPEN(order, "rb");
  4419. AssertTrue(f != XBADFILE);
  4420. bytes = (int)XFREAD(buffer, 1, sizeof(buffer), f);
  4421. XFCLOSE(f);
  4422. AssertNotNull(bio = BIO_new_mem_buf((void*)buffer, bytes));
  4423. AssertNotNull(pkcs12 = d2i_PKCS12_bio(bio, NULL));
  4424. AssertIntEQ((ret = PKCS12_parse(pkcs12, "", &pkey, &cert, &ca)),
  4425. WOLFSSL_SUCCESS);
  4426. AssertNotNull(pkey);
  4427. AssertNotNull(cert);
  4428. AssertNotNull(ca);
  4429. /* compare subject lines of certificates */
  4430. AssertNotNull(subject = wolfSSL_X509_get_subject_name(cert));
  4431. AssertNotNull(x509 = wolfSSL_X509_load_certificate_file(eccRsaCertFile,
  4432. SSL_FILETYPE_PEM));
  4433. AssertIntEQ(wolfSSL_X509_NAME_cmp((const WOLFSSL_X509_NAME*)subject,
  4434. (const WOLFSSL_X509_NAME*)wolfSSL_X509_get_subject_name(x509)), 0);
  4435. X509_free(x509);
  4436. /* test expected fail case */
  4437. AssertNotNull(x509 = wolfSSL_X509_load_certificate_file(eccCertFile,
  4438. SSL_FILETYPE_PEM));
  4439. AssertIntNE(wolfSSL_X509_NAME_cmp((const WOLFSSL_X509_NAME*)subject,
  4440. (const WOLFSSL_X509_NAME*)wolfSSL_X509_get_subject_name(x509)), 0);
  4441. X509_free(x509);
  4442. X509_free(cert);
  4443. /* get subject line from ca stack */
  4444. AssertNotNull(cert = sk_X509_pop(ca));
  4445. AssertNotNull(subject = wolfSSL_X509_get_subject_name(cert));
  4446. /* compare subject from certificate in ca to expected */
  4447. AssertNotNull(x509 = wolfSSL_X509_load_certificate_file(eccCertFile,
  4448. SSL_FILETYPE_PEM));
  4449. AssertIntEQ(wolfSSL_X509_NAME_cmp((const WOLFSSL_X509_NAME*)subject,
  4450. (const WOLFSSL_X509_NAME*)wolfSSL_X509_get_subject_name(x509)), 0);
  4451. EVP_PKEY_free(pkey);
  4452. X509_free(x509);
  4453. X509_free(cert);
  4454. BIO_free(bio);
  4455. PKCS12_free(pkcs12);
  4456. sk_X509_free(ca); /* TEST d2i_PKCS12_fp */
  4457. /* test order of parsing */
  4458. f = XFOPEN(file, "rb");
  4459. AssertTrue(f != XBADFILE);
  4460. AssertNotNull(pkcs12 = d2i_PKCS12_fp(f, NULL));
  4461. XFCLOSE(f);
  4462. /* check verify MAC fail case */
  4463. ret = PKCS12_parse(pkcs12, "bad", &pkey, &cert, NULL);
  4464. AssertIntEQ(ret, 0);
  4465. AssertNull(pkey);
  4466. AssertNull(cert);
  4467. /* check parse with no extra certs kept */
  4468. ret = PKCS12_parse(pkcs12, "wolfSSL test", &pkey, &cert, NULL);
  4469. AssertIntEQ(ret, 1);
  4470. AssertNotNull(pkey);
  4471. AssertNotNull(cert);
  4472. wolfSSL_EVP_PKEY_free(pkey);
  4473. wolfSSL_X509_free(cert);
  4474. /* check parse with extra certs kept */
  4475. ret = PKCS12_parse(pkcs12, "wolfSSL test", &pkey, &cert, &ca);
  4476. AssertIntEQ(ret, 1);
  4477. AssertNotNull(pkey);
  4478. AssertNotNull(cert);
  4479. AssertNotNull(ca);
  4480. wolfSSL_EVP_PKEY_free(pkey);
  4481. wolfSSL_X509_free(cert);
  4482. sk_X509_free(ca);
  4483. PKCS12_free(pkcs12);
  4484. #endif /* HAVE_ECC */
  4485. #ifdef WC_RC2
  4486. /* test PKCS#12 with RC2 encryption */
  4487. f = XFOPEN(rc2p12, "rb");
  4488. AssertTrue(f != XBADFILE);
  4489. bytes = (int)XFREAD(buffer, 1, sizeof(buffer), f);
  4490. XFCLOSE(f);
  4491. AssertNotNull(bio = BIO_new_mem_buf((void*)buffer, bytes));
  4492. AssertNotNull(pkcs12 = d2i_PKCS12_bio(bio, NULL));
  4493. /* check verify MAC fail case */
  4494. ret = PKCS12_parse(pkcs12, "bad", &pkey, &cert, NULL);
  4495. AssertIntEQ(ret, 0);
  4496. AssertNull(pkey);
  4497. AssertNull(cert);
  4498. /* check parse iwth not extra certs kept */
  4499. ret = PKCS12_parse(pkcs12, "wolfSSL test", &pkey, &cert, NULL);
  4500. AssertIntEQ(ret, WOLFSSL_SUCCESS);
  4501. AssertNotNull(pkey);
  4502. AssertNotNull(cert);
  4503. /* check parse with extra certs kept */
  4504. ret = PKCS12_parse(pkcs12, "wolfSSL test", &pkey, &cert, &ca);
  4505. AssertIntEQ(ret, WOLFSSL_SUCCESS);
  4506. AssertNotNull(pkey);
  4507. AssertNotNull(cert);
  4508. AssertNotNull(ca);
  4509. wolfSSL_EVP_PKEY_free(pkey);
  4510. wolfSSL_X509_free(cert);
  4511. sk_X509_free(ca);
  4512. BIO_free(bio);
  4513. PKCS12_free(pkcs12);
  4514. #endif /* WC_RC2 */
  4515. /* Test i2d_PKCS12_bio */
  4516. f = XFOPEN(file, "rb");
  4517. AssertTrue((f != XBADFILE));
  4518. AssertNotNull(pkcs12 = d2i_PKCS12_fp(f, NULL));
  4519. XFCLOSE(f);
  4520. bio = BIO_new(BIO_s_mem());
  4521. AssertNotNull(bio);
  4522. ret = i2d_PKCS12_bio(bio, pkcs12);
  4523. AssertIntEQ(ret, 1);
  4524. ret = i2d_PKCS12_bio(NULL, pkcs12);
  4525. AssertIntEQ(ret, 0);
  4526. ret = i2d_PKCS12_bio(bio, NULL);
  4527. AssertIntEQ(ret, 0);
  4528. PKCS12_free(pkcs12);
  4529. BIO_free(bio);
  4530. (void)order;
  4531. printf(resultFmt, passed);
  4532. #endif /* OPENSSL_EXTRA */
  4533. #endif /* HAVE_FIPS */
  4534. }
  4535. #if !defined(NO_FILESYSTEM) && !defined(NO_ASN) && defined(HAVE_PKCS8) && \
  4536. defined(WOLFSSL_ENCRYPTED_KEYS) && !defined(NO_DES3) && !defined(NO_PWDBASED) && \
  4537. (!defined(NO_RSA) || defined(HAVE_ECC)) && !defined(NO_MD5)
  4538. #define TEST_PKCS8_ENC
  4539. #endif
  4540. #if !defined(NO_FILESYSTEM) && !defined(NO_ASN) && defined(HAVE_PKCS8) \
  4541. && defined(HAVE_ECC) && defined(WOLFSSL_ENCRYPTED_KEYS)
  4542. /* used to keep track if FailTestCallback was called */
  4543. static int failTestCallbackCalled = 0;
  4544. static WC_INLINE int FailTestCallBack(char* passwd, int sz, int rw, void* userdata)
  4545. {
  4546. (void)passwd;
  4547. (void)sz;
  4548. (void)rw;
  4549. (void)userdata;
  4550. /* mark called, test_wolfSSL_no_password_cb() will check and fail if set */
  4551. failTestCallbackCalled = 1;
  4552. return -1;
  4553. }
  4554. #endif
  4555. static void test_wolfSSL_no_password_cb(void)
  4556. {
  4557. #if !defined(NO_FILESYSTEM) && !defined(NO_ASN) && defined(HAVE_PKCS8) \
  4558. && defined(HAVE_ECC) && defined(WOLFSSL_ENCRYPTED_KEYS)
  4559. WOLFSSL_CTX* ctx;
  4560. byte buff[FOURK_BUF];
  4561. const char eccPkcs8PrivKeyDerFile[] = "./certs/ecc-privkeyPkcs8.der";
  4562. const char eccPkcs8PrivKeyPemFile[] = "./certs/ecc-privkeyPkcs8.pem";
  4563. XFILE f;
  4564. int bytes;
  4565. printf(testingFmt, "test_wolfSSL_no_password_cb()");
  4566. #ifndef NO_WOLFSSL_CLIENT
  4567. AssertNotNull(ctx = wolfSSL_CTX_new(wolfTLS_client_method()));
  4568. #else
  4569. AssertNotNull(ctx = wolfSSL_CTX_new(wolfTLS_server_method()));
  4570. #endif
  4571. wolfSSL_CTX_set_default_passwd_cb(ctx, FailTestCallBack);
  4572. AssertTrue((f = XFOPEN(eccPkcs8PrivKeyDerFile, "rb")) != XBADFILE);
  4573. bytes = (int)XFREAD(buff, 1, sizeof(buff), f);
  4574. XFCLOSE(f);
  4575. AssertIntLE(bytes, sizeof(buff));
  4576. AssertIntEQ(wolfSSL_CTX_use_PrivateKey_buffer(ctx, buff, bytes,
  4577. WOLFSSL_FILETYPE_ASN1), WOLFSSL_SUCCESS);
  4578. AssertTrue((f = XFOPEN(eccPkcs8PrivKeyPemFile, "rb")) != XBADFILE);
  4579. bytes = (int)XFREAD(buff, 1, sizeof(buff), f);
  4580. XFCLOSE(f);
  4581. AssertIntLE(bytes, sizeof(buff));
  4582. AssertIntEQ(wolfSSL_CTX_use_PrivateKey_buffer(ctx, buff, bytes,
  4583. WOLFSSL_FILETYPE_PEM), WOLFSSL_SUCCESS);
  4584. wolfSSL_CTX_free(ctx);
  4585. if (failTestCallbackCalled != 0) {
  4586. Fail(("Password callback should not be called by default"),
  4587. ("Password callback was called without attempting "
  4588. "to first decipher private key without password."));
  4589. }
  4590. printf(resultFmt, passed);
  4591. #endif
  4592. }
  4593. #ifdef TEST_PKCS8_ENC
  4594. /* for PKCS8 test case */
  4595. static int PKCS8TestCallBack(char* passwd, int sz, int rw, void* userdata)
  4596. {
  4597. int flag = 0;
  4598. (void)rw;
  4599. if (userdata != NULL) {
  4600. flag = *((int*)userdata); /* user set data */
  4601. }
  4602. switch (flag) {
  4603. case 1: /* flag set for specific WOLFSSL_CTX structure, note userdata
  4604. * can be anything the user wishes to be passed to the callback
  4605. * associated with the WOLFSSL_CTX */
  4606. XSTRNCPY(passwd, "yassl123", sz);
  4607. return 8;
  4608. default:
  4609. return BAD_FUNC_ARG;
  4610. }
  4611. }
  4612. #endif /* TEST_PKCS8_ENC */
  4613. /* Testing functions dealing with PKCS8 */
  4614. static void test_wolfSSL_PKCS8(void)
  4615. {
  4616. #if !defined(NO_FILESYSTEM) && !defined(NO_ASN) && defined(HAVE_PKCS8)
  4617. byte buff[FOURK_BUF];
  4618. byte der[FOURK_BUF];
  4619. #ifndef NO_RSA
  4620. const char serverKeyPkcs8PemFile[] = "./certs/server-keyPkcs8.pem";
  4621. const char serverKeyPkcs8DerFile[] = "./certs/server-keyPkcs8.der";
  4622. #endif
  4623. const char eccPkcs8PrivKeyPemFile[] = "./certs/ecc-privkeyPkcs8.pem";
  4624. #ifdef HAVE_ECC
  4625. const char eccPkcs8PrivKeyDerFile[] = "./certs/ecc-privkeyPkcs8.der";
  4626. #endif
  4627. XFILE f;
  4628. int bytes;
  4629. WOLFSSL_CTX* ctx;
  4630. #ifdef HAVE_ECC
  4631. int ret;
  4632. ecc_key key;
  4633. word32 x = 0;
  4634. #endif
  4635. #ifdef TEST_PKCS8_ENC
  4636. #if !defined(NO_RSA) && !defined(NO_SHA)
  4637. const char serverKeyPkcs8EncPemFile[] = "./certs/server-keyPkcs8Enc.pem";
  4638. const char serverKeyPkcs8EncDerFile[] = "./certs/server-keyPkcs8Enc.der";
  4639. #endif
  4640. #if defined(HAVE_ECC) && !defined(NO_SHA)
  4641. const char eccPkcs8EncPrivKeyPemFile[] = "./certs/ecc-keyPkcs8Enc.pem";
  4642. const char eccPkcs8EncPrivKeyDerFile[] = "./certs/ecc-keyPkcs8Enc.der";
  4643. #endif
  4644. int flag;
  4645. #endif
  4646. printf(testingFmt, "wolfSSL_PKCS8()");
  4647. #ifndef NO_WOLFSSL_CLIENT
  4648. #ifndef WOLFSSL_NO_TLS12
  4649. AssertNotNull(ctx = wolfSSL_CTX_new(wolfTLSv1_2_client_method()));
  4650. #else
  4651. AssertNotNull(ctx = wolfSSL_CTX_new(wolfTLSv1_3_client_method()));
  4652. #endif
  4653. #else
  4654. #ifndef WOLFSSL_NO_TLS12
  4655. AssertNotNull(ctx = wolfSSL_CTX_new(wolfTLSv1_2_server_method()));
  4656. #else
  4657. AssertNotNull(ctx = wolfSSL_CTX_new(wolfTLSv1_3_server_method()));
  4658. #endif
  4659. #endif
  4660. #ifdef TEST_PKCS8_ENC
  4661. wolfSSL_CTX_set_default_passwd_cb(ctx, PKCS8TestCallBack);
  4662. wolfSSL_CTX_set_default_passwd_cb_userdata(ctx, (void*)&flag);
  4663. flag = 1; /* used by password callback as return code */
  4664. #if !defined(NO_RSA) && !defined(NO_SHA)
  4665. /* test loading PEM PKCS8 encrypted file */
  4666. f = XFOPEN(serverKeyPkcs8EncPemFile, "rb");
  4667. AssertTrue((f != XBADFILE));
  4668. bytes = (int)XFREAD(buff, 1, sizeof(buff), f);
  4669. XFCLOSE(f);
  4670. AssertIntEQ(wolfSSL_CTX_use_PrivateKey_buffer(ctx, buff, bytes,
  4671. WOLFSSL_FILETYPE_PEM), WOLFSSL_SUCCESS);
  4672. /* this next case should fail because of password callback return code */
  4673. flag = 0; /* used by password callback as return code */
  4674. AssertIntNE(wolfSSL_CTX_use_PrivateKey_buffer(ctx, buff, bytes,
  4675. WOLFSSL_FILETYPE_PEM), WOLFSSL_SUCCESS);
  4676. /* decrypt PKCS8 PEM to key in DER format with not using WOLFSSL_CTX */
  4677. AssertIntGT(wc_KeyPemToDer(buff, bytes, der, (word32)sizeof(der),
  4678. "yassl123"), 0);
  4679. /* test that error value is returned with a bad password */
  4680. AssertIntLT(wc_KeyPemToDer(buff, bytes, der, (word32)sizeof(der),
  4681. "bad"), 0);
  4682. /* test loading PEM PKCS8 encrypted file */
  4683. f = XFOPEN(serverKeyPkcs8EncDerFile, "rb");
  4684. AssertTrue((f != XBADFILE));
  4685. bytes = (int)XFREAD(buff, 1, sizeof(buff), f);
  4686. XFCLOSE(f);
  4687. flag = 1; /* used by password callback as return code */
  4688. AssertIntEQ(wolfSSL_CTX_use_PrivateKey_buffer(ctx, buff, bytes,
  4689. WOLFSSL_FILETYPE_ASN1), WOLFSSL_SUCCESS);
  4690. /* this next case should fail because of password callback return code */
  4691. flag = 0; /* used by password callback as return code */
  4692. AssertIntNE(wolfSSL_CTX_use_PrivateKey_buffer(ctx, buff, bytes,
  4693. WOLFSSL_FILETYPE_ASN1), WOLFSSL_SUCCESS);
  4694. #endif /* !NO_RSA && !NO_SHA */
  4695. #if defined(HAVE_ECC) && !defined(NO_SHA)
  4696. /* test loading PEM PKCS8 encrypted ECC Key file */
  4697. f = XFOPEN(eccPkcs8EncPrivKeyPemFile, "rb");
  4698. AssertTrue((f != XBADFILE));
  4699. bytes = (int)XFREAD(buff, 1, sizeof(buff), f);
  4700. XFCLOSE(f);
  4701. flag = 1; /* used by password callback as return code */
  4702. AssertIntEQ(wolfSSL_CTX_use_PrivateKey_buffer(ctx, buff, bytes,
  4703. WOLFSSL_FILETYPE_PEM), WOLFSSL_SUCCESS);
  4704. /* this next case should fail because of password callback return code */
  4705. flag = 0; /* used by password callback as return code */
  4706. AssertIntNE(wolfSSL_CTX_use_PrivateKey_buffer(ctx, buff, bytes,
  4707. WOLFSSL_FILETYPE_PEM), WOLFSSL_SUCCESS);
  4708. /* decrypt PKCS8 PEM to key in DER format with not using WOLFSSL_CTX */
  4709. AssertIntGT(wc_KeyPemToDer(buff, bytes, der, (word32)sizeof(der),
  4710. "yassl123"), 0);
  4711. /* test that error value is returned with a bad password */
  4712. AssertIntLT(wc_KeyPemToDer(buff, bytes, der, (word32)sizeof(der),
  4713. "bad"), 0);
  4714. /* test loading DER PKCS8 encrypted ECC Key file */
  4715. f = XFOPEN(eccPkcs8EncPrivKeyDerFile, "rb");
  4716. AssertTrue((f != XBADFILE));
  4717. bytes = (int)XFREAD(buff, 1, sizeof(buff), f);
  4718. XFCLOSE(f);
  4719. flag = 1; /* used by password callback as return code */
  4720. AssertIntEQ(wolfSSL_CTX_use_PrivateKey_buffer(ctx, buff, bytes,
  4721. WOLFSSL_FILETYPE_ASN1), WOLFSSL_SUCCESS);
  4722. /* this next case should fail because of password callback return code */
  4723. flag = 0; /* used by password callback as return code */
  4724. AssertIntNE(wolfSSL_CTX_use_PrivateKey_buffer(ctx, buff, bytes,
  4725. WOLFSSL_FILETYPE_ASN1), WOLFSSL_SUCCESS);
  4726. /* leave flag as "okay" */
  4727. flag = 1;
  4728. #endif /* HAVE_ECC && !NO_SHA */
  4729. #endif /* TEST_PKCS8_ENC */
  4730. #ifndef NO_RSA
  4731. /* test loading ASN.1 (DER) PKCS8 private key file (not encrypted) */
  4732. f = XFOPEN(serverKeyPkcs8DerFile, "rb");
  4733. AssertTrue((f != XBADFILE));
  4734. bytes = (int)XFREAD(buff, 1, sizeof(buff), f);
  4735. XFCLOSE(f);
  4736. AssertIntEQ(wolfSSL_CTX_use_PrivateKey_buffer(ctx, buff, bytes,
  4737. WOLFSSL_FILETYPE_ASN1), WOLFSSL_SUCCESS);
  4738. /* test loading PEM PKCS8 private key file (not encrypted) */
  4739. f = XFOPEN(serverKeyPkcs8PemFile, "rb");
  4740. AssertTrue((f != XBADFILE));
  4741. bytes = (int)XFREAD(buff, 1, sizeof(buff), f);
  4742. XFCLOSE(f);
  4743. AssertIntEQ(wolfSSL_CTX_use_PrivateKey_buffer(ctx, buff, bytes,
  4744. WOLFSSL_FILETYPE_PEM), WOLFSSL_SUCCESS);
  4745. #endif /* !NO_RSA */
  4746. /* Test PKCS8 PEM ECC key no crypt */
  4747. f = XFOPEN(eccPkcs8PrivKeyPemFile, "rb");
  4748. AssertTrue((f != XBADFILE));
  4749. bytes = (int)XFREAD(buff, 1, sizeof(buff), f);
  4750. XFCLOSE(f);
  4751. #ifdef HAVE_ECC
  4752. /* Test PKCS8 PEM ECC key no crypt */
  4753. AssertIntEQ(wolfSSL_CTX_use_PrivateKey_buffer(ctx, buff, bytes,
  4754. WOLFSSL_FILETYPE_PEM), WOLFSSL_SUCCESS);
  4755. /* decrypt PKCS8 PEM to key in DER format */
  4756. AssertIntGT((bytes = wc_KeyPemToDer(buff, bytes, der,
  4757. (word32)sizeof(der), NULL)), 0);
  4758. ret = wc_ecc_init(&key);
  4759. if (ret == 0) {
  4760. ret = wc_EccPrivateKeyDecode(der, &x, &key, bytes);
  4761. wc_ecc_free(&key);
  4762. }
  4763. AssertIntEQ(ret, 0);
  4764. /* Test PKCS8 DER ECC key no crypt */
  4765. f = XFOPEN(eccPkcs8PrivKeyDerFile, "rb");
  4766. AssertTrue((f != XBADFILE));
  4767. bytes = (int)XFREAD(buff, 1, sizeof(buff), f);
  4768. XFCLOSE(f);
  4769. /* Test using a PKCS8 ECC PEM */
  4770. AssertIntEQ(wolfSSL_CTX_use_PrivateKey_buffer(ctx, buff, bytes,
  4771. WOLFSSL_FILETYPE_ASN1), WOLFSSL_SUCCESS);
  4772. #else
  4773. /* if HAVE_ECC is not defined then BEGIN EC PRIVATE KEY is not found */
  4774. AssertIntEQ((bytes = wc_KeyPemToDer(buff, bytes, der,
  4775. (word32)sizeof(der), NULL)), ASN_NO_PEM_HEADER);
  4776. #endif /* HAVE_ECC */
  4777. wolfSSL_CTX_free(ctx);
  4778. printf(resultFmt, passed);
  4779. #endif /* !NO_FILESYSTEM && !NO_ASN && HAVE_PKCS8 */
  4780. }
  4781. static void test_wolfSSL_PKCS8_ED25519(void)
  4782. {
  4783. #if !defined(NO_ASN) && defined(HAVE_PKCS8) && \
  4784. defined(WOLFSSL_ENCRYPTED_KEYS) && defined(HAVE_ED25519)
  4785. const byte encPrivKey[] = \
  4786. "-----BEGIN ENCRYPTED PRIVATE KEY-----\n"
  4787. "MIGbMFcGCSqGSIb3DQEFDTBKMCkGCSqGSIb3DQEFDDAcBAheCGLmWGh7+AICCAAw\n"
  4788. "DAYIKoZIhvcNAgkFADAdBglghkgBZQMEASoEEC4L5P6GappsTyhOOoQfvh8EQJMX\n"
  4789. "OAdlsYKCOcFo4djg6AI1lRdeBRwVFWkha7gBdoCJOzS8wDvTbYcJMPvANu5ft3nl\n"
  4790. "2L9W4v7swXkV+X+a1ww=\n"
  4791. "-----END ENCRYPTED PRIVATE KEY-----\n";
  4792. const char password[] = "abcdefghijklmnopqrstuvwxyz";
  4793. byte der[FOURK_BUF];
  4794. WOLFSSL_CTX* ctx;
  4795. int bytes;
  4796. XMEMSET(der, 0, sizeof(der));
  4797. AssertIntGT((bytes = wc_KeyPemToDer(encPrivKey, sizeof(encPrivKey), der,
  4798. (word32)sizeof(der), password)), 0);
  4799. #ifndef NO_WOLFSSL_SERVER
  4800. AssertNotNull(ctx = wolfSSL_CTX_new(wolfSSLv23_server_method()));
  4801. #else
  4802. AssertNotNull(ctx = wolfSSL_CTX_new(wolfSSLv23_client_method()));
  4803. #endif
  4804. AssertIntEQ(wolfSSL_CTX_use_PrivateKey_buffer(ctx, der, bytes,
  4805. WOLFSSL_FILETYPE_ASN1), WOLFSSL_SUCCESS);
  4806. wolfSSL_CTX_free(ctx);
  4807. #endif
  4808. }
  4809. static void test_wolfSSL_PKCS8_ED448(void)
  4810. {
  4811. #if !defined(NO_ASN) && defined(HAVE_PKCS8) && \
  4812. defined(WOLFSSL_ENCRYPTED_KEYS) && defined(HAVE_ED448)
  4813. const byte encPrivKey[] = \
  4814. "-----BEGIN ENCRYPTED PRIVATE KEY-----\n"
  4815. "MIGrMFcGCSqGSIb3DQEFDTBKMCkGCSqGSIb3DQEFDDAcBAjSbZKnG4EPggICCAAw\n"
  4816. "DAYIKoZIhvcNAgkFADAdBglghkgBZQMEASoEEFvCFWBBHBlJBsYleBJlJWcEUNC7\n"
  4817. "Tf5pZviT5Btar4D/MNg6BsQHSDf5KW4ix871EsgDY2Zz+euaoWspiMntz7gU+PQu\n"
  4818. "T/JJcbD2Ly8BbE3l5WHMifAQqNLxJBfXrHkfYtAo\n"
  4819. "-----END ENCRYPTED PRIVATE KEY-----\n";
  4820. const char password[] = "abcdefghijklmnopqrstuvwxyz";
  4821. byte der[FOURK_BUF];
  4822. WOLFSSL_CTX* ctx;
  4823. int bytes;
  4824. XMEMSET(der, 0, sizeof(der));
  4825. AssertIntGT((bytes = wc_KeyPemToDer(encPrivKey, sizeof(encPrivKey), der,
  4826. (word32)sizeof(der), password)), 0);
  4827. #ifndef NO_WOLFSSL_SERVER
  4828. AssertNotNull(ctx = wolfSSL_CTX_new(wolfSSLv23_server_method()));
  4829. #else
  4830. AssertNotNull(ctx = wolfSSL_CTX_new(wolfSSLv23_client_method()));
  4831. #endif
  4832. AssertIntEQ(wolfSSL_CTX_use_PrivateKey_buffer(ctx, der, bytes,
  4833. WOLFSSL_FILETYPE_ASN1), WOLFSSL_SUCCESS);
  4834. wolfSSL_CTX_free(ctx);
  4835. #endif
  4836. }
  4837. /* Testing functions dealing with PKCS5 */
  4838. static void test_wolfSSL_PKCS5(void)
  4839. {
  4840. #if defined(OPENSSL_EXTRA) && !defined(NO_SHA) && !defined(NO_PWDBASED)
  4841. #ifdef HAVE_FIPS /* Password minimum length is 14 (112-bit) in FIPS MODE */
  4842. const char* passwd = "myfipsPa$$W0rd";
  4843. #else
  4844. const char *passwd = "pass1234";
  4845. #endif
  4846. const unsigned char *salt = (unsigned char *)"salt1234";
  4847. unsigned char *out = (unsigned char *)XMALLOC(WC_SHA_DIGEST_SIZE, NULL,
  4848. DYNAMIC_TYPE_TMP_BUFFER);
  4849. int ret = 0;
  4850. AssertNotNull(out);
  4851. ret = PKCS5_PBKDF2_HMAC_SHA1(passwd,(int)XSTRLEN(passwd), salt,
  4852. (int)XSTRLEN((const char *) salt), 10,
  4853. WC_SHA_DIGEST_SIZE,out);
  4854. AssertIntEQ(ret, SSL_SUCCESS);
  4855. #ifdef WOLFSSL_SHA512
  4856. ret = PKCS5_PBKDF2_HMAC(passwd,(int)XSTRLEN(passwd), salt,
  4857. (int)XSTRLEN((const char *) salt), 10,
  4858. wolfSSL_EVP_sha512(), WC_SHA_DIGEST_SIZE, out);
  4859. AssertIntEQ(ret, SSL_SUCCESS);
  4860. #endif
  4861. XFREE(out, NULL, DYNAMIC_TYPE_TMP_BUFFER);
  4862. #endif /* defined(OPENSSL_EXTRA) && !defined(NO_SHA) */
  4863. }
  4864. /* test parsing URI from certificate */
  4865. static void test_wolfSSL_URI(void)
  4866. {
  4867. #if !defined(NO_CERTS) && !defined(NO_RSA) && !defined(NO_FILESYSTEM) \
  4868. && (defined(KEEP_PEER_CERT) || defined(SESSION_CERTS) || \
  4869. defined(OPENSSL_EXTRA))
  4870. WOLFSSL_X509* x509;
  4871. const char uri[] = "./certs/client-uri-cert.pem";
  4872. const char badUri[] = "./certs/client-relative-uri.pem";
  4873. printf(testingFmt, "wolfSSL URI parse");
  4874. x509 = wolfSSL_X509_load_certificate_file(uri, WOLFSSL_FILETYPE_PEM);
  4875. AssertNotNull(x509);
  4876. wolfSSL_FreeX509(x509);
  4877. x509 = wolfSSL_X509_load_certificate_file(badUri, WOLFSSL_FILETYPE_PEM);
  4878. #ifndef IGNORE_NAME_CONSTRAINTS
  4879. AssertNull(x509);
  4880. #else
  4881. AssertNotNull(x509);
  4882. #endif
  4883. printf(resultFmt, passed);
  4884. #endif
  4885. }
  4886. static void test_wolfSSL_TBS(void)
  4887. {
  4888. #if !defined(NO_CERTS) && !defined(NO_RSA) && !defined(NO_FILESYSTEM) \
  4889. && defined(OPENSSL_EXTRA)
  4890. WOLFSSL_X509* x509;
  4891. const unsigned char* tbs;
  4892. int tbsSz;
  4893. printf(testingFmt, "wolfSSL TBS");
  4894. AssertNotNull(x509 =
  4895. wolfSSL_X509_load_certificate_file(caCertFile, WOLFSSL_FILETYPE_PEM));
  4896. AssertNull(tbs = wolfSSL_X509_get_tbs(NULL, &tbsSz));
  4897. AssertNull(tbs = wolfSSL_X509_get_tbs(x509, NULL));
  4898. AssertNotNull(tbs = wolfSSL_X509_get_tbs(x509, &tbsSz));
  4899. AssertIntEQ(tbsSz, 981);
  4900. wolfSSL_FreeX509(x509);
  4901. printf(resultFmt, passed);
  4902. #endif
  4903. }
  4904. static void test_wolfSSL_X509_verify(void)
  4905. {
  4906. #if !defined(NO_CERTS) && !defined(NO_RSA) && !defined(NO_FILESYSTEM) \
  4907. && defined(OPENSSL_EXTRA)
  4908. WOLFSSL_X509* ca;
  4909. WOLFSSL_X509* serv;
  4910. WOLFSSL_EVP_PKEY* pkey;
  4911. unsigned char buf[2048];
  4912. const unsigned char* pt = NULL;
  4913. int bufSz;
  4914. printf(testingFmt, "wolfSSL X509 verify");
  4915. AssertNotNull(ca =
  4916. wolfSSL_X509_load_certificate_file(caCertFile, WOLFSSL_FILETYPE_PEM));
  4917. AssertIntNE(wolfSSL_X509_get_pubkey_buffer(NULL, buf, &bufSz),
  4918. WOLFSSL_SUCCESS);
  4919. AssertIntEQ(wolfSSL_X509_get_pubkey_buffer(ca, NULL, &bufSz),
  4920. WOLFSSL_SUCCESS);
  4921. AssertIntEQ(bufSz, 294);
  4922. bufSz = 2048;
  4923. AssertIntEQ(wolfSSL_X509_get_pubkey_buffer(ca, buf, &bufSz),
  4924. WOLFSSL_SUCCESS);
  4925. AssertIntEQ(wolfSSL_X509_get_pubkey_type(NULL), WOLFSSL_FAILURE);
  4926. AssertIntEQ(wolfSSL_X509_get_pubkey_type(ca), RSAk);
  4927. AssertNotNull(serv =
  4928. wolfSSL_X509_load_certificate_file(svrCertFile, WOLFSSL_FILETYPE_PEM));
  4929. /* success case */
  4930. pt = buf;
  4931. AssertNotNull(pkey = wolfSSL_d2i_PUBKEY(NULL, &pt, bufSz));
  4932. AssertIntEQ(i2d_PUBKEY(pkey, NULL), bufSz);
  4933. AssertIntEQ(wolfSSL_X509_verify(serv, pkey), WOLFSSL_SUCCESS);
  4934. wolfSSL_EVP_PKEY_free(pkey);
  4935. /* fail case */
  4936. bufSz = 2048;
  4937. AssertIntEQ(wolfSSL_X509_get_pubkey_buffer(serv, buf, &bufSz),
  4938. WOLFSSL_SUCCESS);
  4939. pt = buf;
  4940. AssertNotNull(pkey = wolfSSL_d2i_PUBKEY(NULL, &pt, bufSz));
  4941. AssertIntEQ(wolfSSL_X509_verify(serv, pkey), WOLFSSL_FAILURE);
  4942. AssertIntEQ(wolfSSL_X509_verify(NULL, pkey), WOLFSSL_FATAL_ERROR);
  4943. AssertIntEQ(wolfSSL_X509_verify(serv, NULL), WOLFSSL_FATAL_ERROR);
  4944. wolfSSL_EVP_PKEY_free(pkey);
  4945. wolfSSL_FreeX509(ca);
  4946. wolfSSL_FreeX509(serv);
  4947. printf(resultFmt, passed);
  4948. #endif
  4949. }
  4950. #if !defined(NO_FILESYSTEM) && !defined(NO_CERTS) && !defined(NO_RSA) && \
  4951. !defined(NO_WOLFSSL_CLIENT) && !defined(NO_DH) && !defined(NO_AES) && \
  4952. defined(HAVE_IO_TESTS_DEPENDENCIES) && !defined(SINGLE_THREADED) && \
  4953. defined(OPENSSL_EXTRA) && defined(WOLFSSL_CERT_GEN)
  4954. /* create certificate with version 2 */
  4955. static void test_set_x509_badversion(WOLFSSL_CTX* ctx)
  4956. {
  4957. WOLFSSL_X509 *x509, *x509v2;
  4958. WOLFSSL_EVP_PKEY *priv, *pub;
  4959. unsigned char *der = NULL, *key = NULL, *pt;
  4960. char *header, *name;
  4961. int derSz;
  4962. long keySz;
  4963. XFILE fp;
  4964. WOLFSSL_ASN1_TIME *notBefore, *notAfter;
  4965. time_t t;
  4966. AssertNotNull(x509 = wolfSSL_X509_load_certificate_file(cliCertFile,
  4967. WOLFSSL_FILETYPE_PEM));
  4968. fp = XFOPEN(cliKeyFile, "rb");
  4969. AssertIntEQ(wolfSSL_PEM_read(fp, &name, &header, &key, &keySz),
  4970. WOLFSSL_SUCCESS);
  4971. XFCLOSE(fp);
  4972. pt = key;
  4973. AssertNotNull(priv = wolfSSL_d2i_PrivateKey(EVP_PKEY_RSA, NULL,
  4974. (const unsigned char**)&pt, keySz));
  4975. /* create the version 2 certificate */
  4976. AssertNotNull(x509v2 = X509_new());
  4977. AssertIntEQ(wolfSSL_X509_set_version(x509v2, 1), WOLFSSL_SUCCESS);
  4978. AssertIntEQ(wolfSSL_X509_set_subject_name(x509v2,
  4979. wolfSSL_X509_get_subject_name(x509)), WOLFSSL_SUCCESS);
  4980. AssertIntEQ(wolfSSL_X509_set_issuer_name(x509v2,
  4981. wolfSSL_X509_get_issuer_name(x509)), WOLFSSL_SUCCESS);
  4982. AssertNotNull(pub = wolfSSL_X509_get_pubkey(x509));
  4983. AssertIntEQ(X509_set_pubkey(x509v2, pub), WOLFSSL_SUCCESS);
  4984. t = time(NULL);
  4985. AssertNotNull(notBefore = wolfSSL_ASN1_TIME_adj(NULL, t, 0, 0));
  4986. AssertNotNull(notAfter = wolfSSL_ASN1_TIME_adj(NULL, t, 365, 0));
  4987. AssertTrue(wolfSSL_X509_set_notBefore(x509v2, notBefore));
  4988. AssertTrue(wolfSSL_X509_set_notAfter(x509v2, notAfter));
  4989. AssertIntGT(wolfSSL_X509_sign(x509v2, priv, EVP_sha256()), 0);
  4990. derSz = wolfSSL_i2d_X509(x509v2, &der);
  4991. AssertIntGT(derSz, 0);
  4992. AssertIntEQ(wolfSSL_CTX_use_certificate_buffer(ctx, der, derSz,
  4993. WOLFSSL_FILETYPE_ASN1), WOLFSSL_SUCCESS);
  4994. XFREE(der, HEAP_HINT, DYNAMIC_TYPE_OPENSSL); /* TODO: Replace with API call */
  4995. XFREE(key, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  4996. XFREE(name, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  4997. XFREE(header, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  4998. wolfSSL_X509_free(x509);
  4999. wolfSSL_X509_free(x509v2);
  5000. wolfSSL_EVP_PKEY_free(priv);
  5001. wolfSSL_EVP_PKEY_free(pub);
  5002. wolfSSL_ASN1_TIME_free(notBefore);
  5003. wolfSSL_ASN1_TIME_free(notAfter);
  5004. }
  5005. /* override certificate version error */
  5006. static int test_override_x509(int preverify, WOLFSSL_X509_STORE_CTX* store)
  5007. {
  5008. AssertIntEQ(store->error, ASN_VERSION_E);
  5009. AssertIntEQ((int)wolfSSL_X509_get_version(store->current_cert), 1);
  5010. (void)preverify;
  5011. return 1;
  5012. }
  5013. /* set verify callback that will override bad certificate version */
  5014. static void test_set_override_x509(WOLFSSL_CTX* ctx)
  5015. {
  5016. wolfSSL_CTX_set_verify(ctx, WOLFSSL_VERIFY_PEER, test_override_x509);
  5017. }
  5018. #endif
  5019. static void test_wolfSSL_X509_TLS_version(void)
  5020. {
  5021. #if !defined(NO_FILESYSTEM) && !defined(NO_CERTS) && !defined(NO_RSA) && \
  5022. !defined(NO_WOLFSSL_CLIENT) && !defined(NO_DH) && !defined(NO_AES) && \
  5023. defined(HAVE_IO_TESTS_DEPENDENCIES) && !defined(SINGLE_THREADED) && \
  5024. defined(OPENSSL_EXTRA) && defined(WOLFSSL_CERT_GEN)
  5025. tcp_ready ready;
  5026. func_args server_args;
  5027. func_args client_args;
  5028. THREAD_TYPE serverThread;
  5029. callback_functions func_cb_client;
  5030. callback_functions func_cb_server;
  5031. printf(testingFmt, "test_wolfSSL_X509_TLS_version");
  5032. /* test server rejects a client certificate that is not version 3 */
  5033. #ifdef WOLFSSL_TIRTOS
  5034. fdOpenSession(Task_self());
  5035. #endif
  5036. XMEMSET(&server_args, 0, sizeof(func_args));
  5037. XMEMSET(&client_args, 0, sizeof(func_args));
  5038. XMEMSET(&func_cb_client, 0, sizeof(callback_functions));
  5039. XMEMSET(&func_cb_server, 0, sizeof(callback_functions));
  5040. StartTCP();
  5041. InitTcpReady(&ready);
  5042. #if defined(USE_WINDOWS_API)
  5043. /* use RNG to get random port if using windows */
  5044. ready.port = GetRandomPort();
  5045. #endif
  5046. server_args.signal = &ready;
  5047. client_args.signal = &ready;
  5048. server_args.return_code = TEST_FAIL;
  5049. client_args.return_code = TEST_FAIL;
  5050. func_cb_client.ctx_ready = &test_set_x509_badversion;
  5051. #ifndef WOLFSSL_NO_TLS12
  5052. func_cb_client.method = wolfTLSv1_2_client_method;
  5053. #else
  5054. func_cb_client.method = wolfTLSv1_3_client_method;
  5055. #endif
  5056. client_args.callbacks = &func_cb_client;
  5057. #ifndef WOLFSSL_NO_TLS12
  5058. func_cb_server.method = wolfTLSv1_2_server_method;
  5059. #else
  5060. func_cb_server.method = wolfTLSv1_3_server_method;
  5061. #endif
  5062. server_args.callbacks = &func_cb_server;
  5063. start_thread(test_server_nofail, &server_args, &serverThread);
  5064. wait_tcp_ready(&server_args);
  5065. test_client_nofail(&client_args, NULL);
  5066. join_thread(serverThread);
  5067. AssertIntEQ(client_args.return_code, TEST_FAIL);
  5068. AssertIntEQ(server_args.return_code, TEST_FAIL);
  5069. FreeTcpReady(&ready);
  5070. #ifdef WOLFSSL_TIRTOS
  5071. fdCloseSession(Task_self());
  5072. #endif
  5073. /* Now re run but override the bad X509 version */
  5074. #ifdef WOLFSSL_TIRTOS
  5075. fdOpenSession(Task_self());
  5076. #endif
  5077. XMEMSET(&server_args, 0, sizeof(func_args));
  5078. XMEMSET(&client_args, 0, sizeof(func_args));
  5079. XMEMSET(&func_cb_client, 0, sizeof(callback_functions));
  5080. XMEMSET(&func_cb_server, 0, sizeof(callback_functions));
  5081. StartTCP();
  5082. InitTcpReady(&ready);
  5083. #if defined(USE_WINDOWS_API)
  5084. /* use RNG to get random port if using windows */
  5085. ready.port = GetRandomPort();
  5086. #endif
  5087. server_args.signal = &ready;
  5088. client_args.signal = &ready;
  5089. server_args.return_code = TEST_FAIL;
  5090. client_args.return_code = TEST_FAIL;
  5091. func_cb_client.ctx_ready = &test_set_x509_badversion;
  5092. func_cb_server.ctx_ready = &test_set_override_x509;
  5093. #ifndef WOLFSSL_NO_TLS12
  5094. func_cb_client.method = wolfTLSv1_2_client_method;
  5095. #else
  5096. func_cb_client.method = wolfTLSv1_3_client_method;
  5097. #endif
  5098. client_args.callbacks = &func_cb_client;
  5099. #ifndef WOLFSSL_NO_TLS12
  5100. func_cb_server.method = wolfTLSv1_2_server_method;
  5101. #else
  5102. func_cb_server.method = wolfTLSv1_3_server_method;
  5103. #endif
  5104. server_args.callbacks = &func_cb_server;
  5105. start_thread(test_server_nofail, &server_args, &serverThread);
  5106. wait_tcp_ready(&server_args);
  5107. test_client_nofail(&client_args, NULL);
  5108. join_thread(serverThread);
  5109. AssertIntEQ(client_args.return_code, TEST_SUCCESS);
  5110. AssertIntEQ(server_args.return_code, TEST_SUCCESS);
  5111. FreeTcpReady(&ready);
  5112. #ifdef WOLFSSL_TIRTOS
  5113. fdCloseSession(Task_self());
  5114. #endif
  5115. printf(resultFmt, passed);
  5116. #endif
  5117. }
  5118. /* Testing function wolfSSL_CTX_SetMinVersion; sets the minimum downgrade
  5119. * version allowed.
  5120. * POST: 1 on success.
  5121. */
  5122. static int test_wolfSSL_CTX_SetMinVersion(void)
  5123. {
  5124. int failFlag = WOLFSSL_SUCCESS;
  5125. #ifndef NO_WOLFSSL_CLIENT
  5126. WOLFSSL_CTX* ctx;
  5127. int itr;
  5128. #ifndef NO_OLD_TLS
  5129. const int versions[] = {
  5130. #ifdef WOLFSSL_ALLOW_TLSV10
  5131. WOLFSSL_TLSV1,
  5132. #endif
  5133. WOLFSSL_TLSV1_1,
  5134. WOLFSSL_TLSV1_2 };
  5135. #elif !defined(WOLFSSL_NO_TLS12)
  5136. const int versions[] = { WOLFSSL_TLSV1_2 };
  5137. #elif defined(WOLFSSL_TLS13)
  5138. const int versions[] = { WOLFSSL_TLSV1_3 };
  5139. #else
  5140. const int versions[0];
  5141. #endif
  5142. ctx = wolfSSL_CTX_new(wolfSSLv23_client_method());
  5143. printf(testingFmt, "wolfSSL_CTX_SetMinVersion()");
  5144. for (itr = 0; itr < (int)(sizeof(versions)/sizeof(int)); itr++){
  5145. if(wolfSSL_CTX_SetMinVersion(ctx, *(versions + itr)) != WOLFSSL_SUCCESS){
  5146. failFlag = WOLFSSL_FAILURE;
  5147. }
  5148. }
  5149. printf(resultFmt, failFlag == WOLFSSL_SUCCESS ? passed : failed);
  5150. wolfSSL_CTX_free(ctx);
  5151. #endif
  5152. return failFlag;
  5153. } /* END test_wolfSSL_CTX_SetMinVersion */
  5154. /*----------------------------------------------------------------------------*
  5155. | OCSP Stapling
  5156. *----------------------------------------------------------------------------*/
  5157. /* Testing wolfSSL_UseOCSPStapling function. OCSP stapling eliminates the need
  5158. * need to contact the CA, lowering the cost of cert revocation checking.
  5159. * PRE: HAVE_OCSP and HAVE_CERTIFICATE_STATUS_REQUEST
  5160. * POST: 1 returned for success.
  5161. */
  5162. static int test_wolfSSL_UseOCSPStapling(void)
  5163. {
  5164. #if defined(HAVE_CERTIFICATE_STATUS_REQUEST) && defined(HAVE_OCSP) && \
  5165. !defined(NO_WOLFSSL_CLIENT)
  5166. int ret;
  5167. WOLFSSL_CTX* ctx;
  5168. WOLFSSL* ssl;
  5169. #ifndef NO_WOLFSSL_CLIENT
  5170. #ifndef WOLFSSL_NO_TLS12
  5171. ctx = wolfSSL_CTX_new(wolfTLSv1_2_client_method());
  5172. #else
  5173. ctx = wolfSSL_CTX_new(wolfTLSv1_3_client_method());
  5174. #endif
  5175. #else
  5176. #ifndef WOLFSSL_NO_TLS12
  5177. ctx = wolfSSL_CTX_new(wolfTLSv1_2_server_method());
  5178. #else
  5179. ctx = wolfSSL_CTX_new(wolfTLSv1_3_server_method());
  5180. #endif
  5181. #endif
  5182. ssl = wolfSSL_new(ctx);
  5183. printf(testingFmt, "wolfSSL_UseOCSPStapling()");
  5184. ret = wolfSSL_UseOCSPStapling(ssl, WOLFSSL_CSR2_OCSP,
  5185. WOLFSSL_CSR2_OCSP_USE_NONCE);
  5186. printf(resultFmt, ret == WOLFSSL_SUCCESS ? passed : failed);
  5187. wolfSSL_free(ssl);
  5188. wolfSSL_CTX_free(ctx);
  5189. return ret;
  5190. #else
  5191. return WOLFSSL_SUCCESS;
  5192. #endif
  5193. } /*END test_wolfSSL_UseOCSPStapling */
  5194. /* Testing OCSP stapling version 2, wolfSSL_UseOCSPStaplingV2 function. OCSP
  5195. * stapling eliminates the need to contact the CA and lowers cert revocation
  5196. * check.
  5197. * PRE: HAVE_CERTIFICATE_STATUS_REQUEST_V2 and HAVE_OCSP defined.
  5198. */
  5199. static int test_wolfSSL_UseOCSPStaplingV2 (void)
  5200. {
  5201. #if defined(HAVE_CERTIFICATE_STATUS_REQUEST_V2) && defined(HAVE_OCSP) && \
  5202. !defined(NO_WOLFSSL_CLIENT)
  5203. int ret;
  5204. WOLFSSL_CTX* ctx;
  5205. WOLFSSL* ssl;
  5206. #ifndef NO_WOLFSSL_CLIENT
  5207. #ifndef WOLFSSL_NO_TLS12
  5208. ctx = wolfSSL_CTX_new(wolfTLSv1_2_client_method());
  5209. #else
  5210. ctx = wolfSSL_CTX_new(wolfTLSv1_3_client_method());
  5211. #endif
  5212. #else
  5213. #ifndef WOLFSSL_NO_TLS12
  5214. ctx = wolfSSL_CTX_new(wolfTLSv1_2_server_method());
  5215. #else
  5216. ctx = wolfSSL_CTX_new(wolfTLSv1_3_server_method());
  5217. #endif
  5218. #endif
  5219. ssl = wolfSSL_new(ctx);
  5220. printf(testingFmt, "wolfSSL_UseOCSPStaplingV2()");
  5221. ret = wolfSSL_UseOCSPStaplingV2(ssl, WOLFSSL_CSR2_OCSP,
  5222. WOLFSSL_CSR2_OCSP_USE_NONCE );
  5223. printf(resultFmt, ret == WOLFSSL_SUCCESS ? passed : failed);
  5224. wolfSSL_free(ssl);
  5225. wolfSSL_CTX_free(ctx);
  5226. return ret;
  5227. #else
  5228. return WOLFSSL_SUCCESS;
  5229. #endif
  5230. } /*END test_wolfSSL_UseOCSPStaplingV2*/
  5231. /*----------------------------------------------------------------------------*
  5232. | Multicast Tests
  5233. *----------------------------------------------------------------------------*/
  5234. static void test_wolfSSL_mcast(void)
  5235. {
  5236. #if defined(WOLFSSL_DTLS) && defined(WOLFSSL_MULTICAST) && \
  5237. (defined(WOLFSSL_TLS13) || defined(WOLFSSL_SNIFFER))
  5238. WOLFSSL_CTX* ctx;
  5239. WOLFSSL* ssl;
  5240. int result;
  5241. byte preMasterSecret[512];
  5242. byte clientRandom[32];
  5243. byte serverRandom[32];
  5244. byte suite[2] = {0, 0xfe}; /* WDM_WITH_NULL_SHA256 */
  5245. byte buf[256];
  5246. word16 newId;
  5247. ctx = wolfSSL_CTX_new(wolfDTLSv1_2_client_method());
  5248. AssertNotNull(ctx);
  5249. result = wolfSSL_CTX_mcast_set_member_id(ctx, 0);
  5250. AssertIntEQ(result, WOLFSSL_SUCCESS);
  5251. ssl = wolfSSL_new(ctx);
  5252. AssertNotNull(ssl);
  5253. XMEMSET(preMasterSecret, 0x23, sizeof(preMasterSecret));
  5254. XMEMSET(clientRandom, 0xA5, sizeof(clientRandom));
  5255. XMEMSET(serverRandom, 0x5A, sizeof(serverRandom));
  5256. result = wolfSSL_set_secret(ssl, 23,
  5257. preMasterSecret, sizeof(preMasterSecret),
  5258. clientRandom, serverRandom, suite);
  5259. AssertIntEQ(result, WOLFSSL_SUCCESS);
  5260. result = wolfSSL_mcast_read(ssl, &newId, buf, sizeof(buf));
  5261. AssertIntLE(result, 0);
  5262. AssertIntLE(newId, 100);
  5263. wolfSSL_free(ssl);
  5264. wolfSSL_CTX_free(ctx);
  5265. #endif /* WOLFSSL_DTLS && WOLFSSL_MULTICAST && (WOLFSSL_TLS13 || WOLFSSL_SNIFFER) */
  5266. }
  5267. /*----------------------------------------------------------------------------*
  5268. | Wolfcrypt
  5269. *----------------------------------------------------------------------------*/
  5270. /*
  5271. * Unit test for the wc_InitBlake2b()
  5272. */
  5273. static int test_wc_InitBlake2b (void)
  5274. {
  5275. int ret = 0;
  5276. #ifdef HAVE_BLAKE2
  5277. Blake2b blake2b;
  5278. printf(testingFmt, "wc_InitBlake2B()");
  5279. /* Test good arg. */
  5280. ret = wc_InitBlake2b(&blake2b, 64);
  5281. if (ret != 0) {
  5282. ret = WOLFSSL_FATAL_ERROR;
  5283. }
  5284. /* Test bad arg. */
  5285. if (!ret) {
  5286. ret = wc_InitBlake2b(NULL, 64);
  5287. if (ret == 0) {
  5288. ret = WOLFSSL_FATAL_ERROR;
  5289. } else {
  5290. ret = 0;
  5291. }
  5292. }
  5293. if (!ret) {
  5294. ret = wc_InitBlake2b(NULL, 128);
  5295. if (ret == 0) {
  5296. ret = WOLFSSL_FATAL_ERROR;
  5297. } else {
  5298. ret = 0;
  5299. }
  5300. }
  5301. if (!ret) {
  5302. ret = wc_InitBlake2b(&blake2b, 128);
  5303. if (ret == 0) {
  5304. ret = WOLFSSL_FATAL_ERROR;
  5305. } else {
  5306. ret = 0;
  5307. }
  5308. }
  5309. if (!ret) {
  5310. ret = wc_InitBlake2b(NULL, 0);
  5311. if (ret == 0) {
  5312. ret = WOLFSSL_FATAL_ERROR;
  5313. } else {
  5314. ret = 0;
  5315. }
  5316. }
  5317. if (!ret) {
  5318. ret = wc_InitBlake2b(&blake2b, 0);
  5319. if (ret == 0) {
  5320. ret = WOLFSSL_FATAL_ERROR;
  5321. } else {
  5322. ret = 0;
  5323. }
  5324. }
  5325. printf(resultFmt, ret == 0 ? passed : failed);
  5326. #endif
  5327. return ret;
  5328. } /*END test_wc_InitBlake2b*/
  5329. /*
  5330. * Unit test for the wc_InitBlake2b_WithKey()
  5331. */
  5332. static int test_wc_InitBlake2b_WithKey (void)
  5333. {
  5334. int ret = 0;
  5335. #ifdef HAVE_BLAKE2
  5336. Blake2b blake2b;
  5337. word32 digestSz = BLAKE2B_KEYBYTES;
  5338. byte key[BLAKE2B_KEYBYTES];
  5339. word32 keylen = BLAKE2B_KEYBYTES;
  5340. printf(testingFmt, "wc_InitBlake2b_WithKey()");
  5341. /* Test good arg. */
  5342. ret = wc_InitBlake2b_WithKey(&blake2b, digestSz, key, keylen);
  5343. if (ret != 0) {
  5344. ret = WOLFSSL_FATAL_ERROR;
  5345. }
  5346. /* Test bad args. */
  5347. if (ret == 0) {
  5348. ret = wc_InitBlake2b_WithKey(NULL, digestSz, key, keylen);
  5349. if (ret == BAD_FUNC_ARG) {
  5350. ret = 0;
  5351. }
  5352. }
  5353. if (ret == 0) {
  5354. ret = wc_InitBlake2b_WithKey(&blake2b, digestSz, key, 256);
  5355. if (ret == BAD_FUNC_ARG) {
  5356. ret = 0;
  5357. }
  5358. }
  5359. if (ret == 0) {
  5360. ret = wc_InitBlake2b_WithKey(&blake2b, digestSz, NULL, keylen);
  5361. }
  5362. printf(resultFmt, ret == 0 ? passed : failed);
  5363. #endif
  5364. return ret;
  5365. } /*END wc_InitBlake2b_WithKey*/
  5366. /*
  5367. * Unit test for the wc_InitBlake2s_WithKey()
  5368. */
  5369. static int test_wc_InitBlake2s_WithKey (void)
  5370. {
  5371. int ret = 0;
  5372. #ifdef HAVE_BLAKE2S
  5373. Blake2s blake2s;
  5374. word32 digestSz = BLAKE2S_KEYBYTES;
  5375. byte *key = (byte*)"01234567890123456789012345678901";
  5376. word32 keylen = BLAKE2S_KEYBYTES;
  5377. printf(testingFmt, "wc_InitBlake2s_WithKey()");
  5378. /* Test good arg. */
  5379. ret = wc_InitBlake2s_WithKey(&blake2s, digestSz, key, keylen);
  5380. if (ret != 0) {
  5381. ret = WOLFSSL_FATAL_ERROR;
  5382. }
  5383. /* Test bad args. */
  5384. if (ret == 0) {
  5385. ret = wc_InitBlake2s_WithKey(NULL, digestSz, key, keylen);
  5386. if (ret == BAD_FUNC_ARG) {
  5387. ret = 0;
  5388. }
  5389. }
  5390. if (ret == 0) {
  5391. ret = wc_InitBlake2s_WithKey(&blake2s, digestSz, key, 256);
  5392. if (ret == BAD_FUNC_ARG) {
  5393. ret = 0;
  5394. }
  5395. }
  5396. if (ret == 0) {
  5397. ret = wc_InitBlake2s_WithKey(&blake2s, digestSz, NULL, keylen);
  5398. }
  5399. printf(resultFmt, ret == 0 ? passed : failed);
  5400. #endif
  5401. return ret;
  5402. } /*END wc_InitBlake2s_WithKey*/
  5403. /*
  5404. * Unit test for the wc_InitMd5()
  5405. */
  5406. static int test_wc_InitMd5 (void)
  5407. {
  5408. int flag = 0;
  5409. #ifndef NO_MD5
  5410. wc_Md5 md5;
  5411. int ret;
  5412. printf(testingFmt, "wc_InitMd5()");
  5413. /* Test good arg. */
  5414. ret = wc_InitMd5(&md5);
  5415. if (ret != 0) {
  5416. flag = WOLFSSL_FATAL_ERROR;
  5417. }
  5418. /* Test bad arg. */
  5419. if (!flag) {
  5420. ret = wc_InitMd5(NULL);
  5421. if (ret != BAD_FUNC_ARG) {
  5422. flag = WOLFSSL_FATAL_ERROR;
  5423. }
  5424. }
  5425. wc_Md5Free(&md5);
  5426. printf(resultFmt, flag == 0 ? passed : failed);
  5427. #endif
  5428. return flag;
  5429. } /* END test_wc_InitMd5 */
  5430. /*
  5431. * Testing wc_UpdateMd5()
  5432. */
  5433. static int test_wc_Md5Update (void)
  5434. {
  5435. int flag = 0;
  5436. #ifndef NO_MD5
  5437. wc_Md5 md5;
  5438. byte hash[WC_MD5_DIGEST_SIZE];
  5439. testVector a, b, c;
  5440. int ret;
  5441. ret = wc_InitMd5(&md5);
  5442. if (ret != 0) {
  5443. flag = ret;
  5444. }
  5445. printf(testingFmt, "wc_Md5Update()");
  5446. /* Input */
  5447. if (!flag) {
  5448. a.input = "a";
  5449. a.inLen = XSTRLEN(a.input);
  5450. ret = wc_Md5Update(&md5, (byte*)a.input, (word32)a.inLen);
  5451. if (ret != 0) {
  5452. flag = ret;
  5453. }
  5454. }
  5455. if (!flag) {
  5456. ret = wc_Md5Final(&md5, hash);
  5457. if (ret != 0) {
  5458. flag = ret;
  5459. }
  5460. }
  5461. /* Update input. */
  5462. if (!flag) {
  5463. a.input = "abc";
  5464. a.output = "\x90\x01\x50\x98\x3c\xd2\x4f\xb0\xd6\x96\x3f\x7d\x28\xe1\x7f"
  5465. "\x72";
  5466. a.inLen = XSTRLEN(a.input);
  5467. a.outLen = XSTRLEN(a.output);
  5468. ret = wc_Md5Update(&md5, (byte*) a.input, (word32) a.inLen);
  5469. if (ret != 0) {
  5470. flag = ret;
  5471. }
  5472. }
  5473. if (!flag) {
  5474. ret = wc_Md5Final(&md5, hash);
  5475. if (ret != 0) {
  5476. flag = ret;
  5477. }
  5478. }
  5479. if (!flag) {
  5480. if (XMEMCMP(hash, a.output, WC_MD5_DIGEST_SIZE) != 0) {
  5481. flag = WOLFSSL_FATAL_ERROR;
  5482. }
  5483. }
  5484. /*Pass in bad values. */
  5485. if (!flag) {
  5486. b.input = NULL;
  5487. b.inLen = 0;
  5488. ret = wc_Md5Update(&md5, (byte*)b.input, (word32)b.inLen);
  5489. if (ret != 0) {
  5490. flag = ret;
  5491. }
  5492. }
  5493. if (!flag) {
  5494. c.input = NULL;
  5495. c.inLen = WC_MD5_DIGEST_SIZE;
  5496. ret = wc_Md5Update(&md5, (byte*)c.input, (word32)c.inLen);
  5497. if (ret != BAD_FUNC_ARG) {
  5498. flag = WOLFSSL_FATAL_ERROR;
  5499. }
  5500. }
  5501. if (!flag) {
  5502. ret = wc_Md5Update(NULL, (byte*)a.input, (word32)a.inLen);
  5503. if (ret != BAD_FUNC_ARG) {
  5504. flag = WOLFSSL_FATAL_ERROR;
  5505. }
  5506. }
  5507. wc_Md5Free(&md5);
  5508. printf(resultFmt, flag == 0 ? passed : failed);
  5509. #endif
  5510. return flag;
  5511. } /* END test_wc_Md5Update() */
  5512. /*
  5513. * Unit test on wc_Md5Final() in wolfcrypt/src/md5.c
  5514. */
  5515. static int test_wc_Md5Final (void)
  5516. {
  5517. int flag = 0;
  5518. #ifndef NO_MD5
  5519. /* Instantiate */
  5520. wc_Md5 md5;
  5521. byte* hash_test[3];
  5522. byte hash1[WC_MD5_DIGEST_SIZE];
  5523. byte hash2[2*WC_MD5_DIGEST_SIZE];
  5524. byte hash3[5*WC_MD5_DIGEST_SIZE];
  5525. int times, i, ret;
  5526. /* Initialize */
  5527. ret = wc_InitMd5(&md5);
  5528. if (ret != 0) {
  5529. flag = ret;
  5530. }
  5531. if (!flag) {
  5532. hash_test[0] = hash1;
  5533. hash_test[1] = hash2;
  5534. hash_test[2] = hash3;
  5535. }
  5536. times = sizeof(hash_test)/sizeof(byte*);
  5537. /* Test good args. */
  5538. printf(testingFmt, "wc_Md5Final()");
  5539. for (i = 0; i < times; i++) {
  5540. if (!flag) {
  5541. ret = wc_Md5Final(&md5, hash_test[i]);
  5542. if (ret != 0) {
  5543. flag = WOLFSSL_FATAL_ERROR;
  5544. }
  5545. }
  5546. }
  5547. /* Test bad args. */
  5548. if (!flag) {
  5549. ret = wc_Md5Final(NULL, NULL);
  5550. if (ret != BAD_FUNC_ARG) {
  5551. flag = WOLFSSL_FATAL_ERROR;
  5552. }
  5553. }
  5554. if (!flag) {
  5555. ret = wc_Md5Final(NULL, hash1);
  5556. if (ret != BAD_FUNC_ARG) {
  5557. flag = WOLFSSL_FATAL_ERROR;
  5558. }
  5559. }
  5560. if (!flag) {
  5561. ret = wc_Md5Final(&md5, NULL);
  5562. if (ret != BAD_FUNC_ARG) {
  5563. flag = WOLFSSL_FATAL_ERROR;
  5564. }
  5565. }
  5566. wc_Md5Free(&md5);
  5567. printf(resultFmt, flag == 0 ? passed : failed);
  5568. #endif
  5569. return flag;
  5570. }
  5571. /*
  5572. * Unit test for the wc_InitSha()
  5573. */
  5574. static int test_wc_InitSha(void)
  5575. {
  5576. int flag = 0;
  5577. #ifndef NO_SHA
  5578. wc_Sha sha;
  5579. int ret;
  5580. printf(testingFmt, "wc_InitSha()");
  5581. /* Test good arg. */
  5582. ret = wc_InitSha(&sha);
  5583. if (ret != 0) {
  5584. flag = WOLFSSL_FATAL_ERROR;
  5585. }
  5586. /* Test bad arg. */
  5587. if (!flag) {
  5588. ret = wc_InitSha(NULL);
  5589. if (ret != BAD_FUNC_ARG) {
  5590. flag = WOLFSSL_FATAL_ERROR;
  5591. }
  5592. }
  5593. wc_ShaFree(&sha);
  5594. printf(resultFmt, flag == 0 ? passed : failed);
  5595. #endif
  5596. return flag;
  5597. } /* END test_wc_InitSha */
  5598. /*
  5599. * Tesing wc_ShaUpdate()
  5600. */
  5601. static int test_wc_ShaUpdate (void)
  5602. {
  5603. int flag = 0;
  5604. #ifndef NO_SHA
  5605. wc_Sha sha;
  5606. byte hash[WC_SHA_DIGEST_SIZE];
  5607. testVector a, b, c;
  5608. int ret;
  5609. ret = wc_InitSha(&sha);
  5610. if (ret != 0) {
  5611. flag = ret;
  5612. }
  5613. printf(testingFmt, "wc_ShaUpdate()");
  5614. /* Input. */
  5615. if (!flag) {
  5616. a.input = "a";
  5617. a.inLen = XSTRLEN(a.input);
  5618. ret = wc_ShaUpdate(&sha, (byte*)a.input, (word32)a.inLen);
  5619. if (ret != 0) {
  5620. flag = ret;
  5621. }
  5622. }
  5623. if (!flag) {
  5624. ret = wc_ShaFinal(&sha, hash);
  5625. if (ret != 0) {
  5626. flag = ret;
  5627. }
  5628. }
  5629. /* Update input. */
  5630. if (!flag) {
  5631. a.input = "abc";
  5632. a.output = "\xA9\x99\x3E\x36\x47\x06\x81\x6A\xBA\x3E\x25\x71\x78\x50\xC2"
  5633. "\x6C\x9C\xD0\xD8\x9D";
  5634. a.inLen = XSTRLEN(a.input);
  5635. a.outLen = XSTRLEN(a.output);
  5636. ret = wc_ShaUpdate(&sha, (byte*)a.input, (word32)a.inLen);
  5637. if (ret != 0) {
  5638. flag = ret;
  5639. }
  5640. }
  5641. if (!flag) {
  5642. ret = wc_ShaFinal(&sha, hash);
  5643. if (ret !=0) {
  5644. flag = ret;
  5645. }
  5646. }
  5647. if (!flag) {
  5648. if (XMEMCMP(hash, a.output, WC_SHA_DIGEST_SIZE) != 0) {
  5649. flag = WOLFSSL_FATAL_ERROR;
  5650. }
  5651. }
  5652. /* Try passing in bad values. */
  5653. if (!flag) {
  5654. b.input = NULL;
  5655. b.inLen = 0;
  5656. ret = wc_ShaUpdate(&sha, (byte*)b.input, (word32)b.inLen);
  5657. if (ret != 0) {
  5658. flag = ret;
  5659. }
  5660. }
  5661. if (!flag) {
  5662. c.input = NULL;
  5663. c.inLen = WC_SHA_DIGEST_SIZE;
  5664. ret = wc_ShaUpdate(&sha, (byte*)c.input, (word32)c.inLen);
  5665. if (ret != BAD_FUNC_ARG) {
  5666. flag = WOLFSSL_FATAL_ERROR;
  5667. }
  5668. }
  5669. if (!flag) {
  5670. ret = wc_ShaUpdate(NULL, (byte*)a.input, (word32)a.inLen);
  5671. if (ret != BAD_FUNC_ARG) {
  5672. flag = WOLFSSL_FATAL_ERROR;
  5673. }
  5674. }
  5675. wc_ShaFree(&sha);
  5676. /* If not returned then the unit test passed test vectors. */
  5677. printf(resultFmt, flag == 0 ? passed : failed);
  5678. #endif
  5679. return flag;
  5680. } /* END test_wc_ShaUpdate() */
  5681. /*
  5682. * Unit test on wc_ShaFinal
  5683. */
  5684. static int test_wc_ShaFinal (void)
  5685. {
  5686. int flag = 0;
  5687. #ifndef NO_SHA
  5688. wc_Sha sha;
  5689. byte* hash_test[3];
  5690. byte hash1[WC_SHA_DIGEST_SIZE];
  5691. byte hash2[2*WC_SHA_DIGEST_SIZE];
  5692. byte hash3[5*WC_SHA_DIGEST_SIZE];
  5693. int times, i, ret;
  5694. /*Initialize*/
  5695. ret = wc_InitSha(&sha);
  5696. if (ret) {
  5697. flag = ret;
  5698. }
  5699. if (!flag) {
  5700. hash_test[0] = hash1;
  5701. hash_test[1] = hash2;
  5702. hash_test[2] = hash3;
  5703. }
  5704. times = sizeof(hash_test)/sizeof(byte*);
  5705. /* Good test args. */
  5706. printf(testingFmt, "wc_ShaFinal()");
  5707. for (i = 0; i < times; i++) {
  5708. if (!flag) {
  5709. ret = wc_ShaFinal(&sha, hash_test[i]);
  5710. if (ret != 0) {
  5711. flag = WOLFSSL_FATAL_ERROR;
  5712. }
  5713. }
  5714. }
  5715. /* Test bad args. */
  5716. if (!flag) {
  5717. ret = wc_ShaFinal(NULL, NULL);
  5718. if (ret != BAD_FUNC_ARG) {
  5719. flag = WOLFSSL_FATAL_ERROR;
  5720. }
  5721. }
  5722. if (!flag) {
  5723. ret = wc_ShaFinal(NULL, hash1);
  5724. if (ret != BAD_FUNC_ARG) {
  5725. flag = WOLFSSL_FATAL_ERROR;
  5726. }
  5727. }
  5728. if (!flag) {
  5729. ret = wc_ShaFinal(&sha, NULL);
  5730. if (ret != BAD_FUNC_ARG) {
  5731. flag = WOLFSSL_FATAL_ERROR;
  5732. }
  5733. }
  5734. wc_ShaFree(&sha);
  5735. printf(resultFmt, flag == 0 ? passed : failed);
  5736. #endif
  5737. return flag;
  5738. } /* END test_wc_ShaFinal */
  5739. /*
  5740. * Unit test for wc_InitSha256()
  5741. */
  5742. static int test_wc_InitSha256 (void)
  5743. {
  5744. int flag = 0;
  5745. #ifndef NO_SHA256
  5746. wc_Sha256 sha256;
  5747. int ret;
  5748. printf(testingFmt, "wc_InitSha256()");
  5749. /* Test good arg. */
  5750. ret = wc_InitSha256(&sha256);
  5751. if (ret != 0) {
  5752. flag = WOLFSSL_FATAL_ERROR;
  5753. }
  5754. /* Test bad arg. */
  5755. if (!flag) {
  5756. ret = wc_InitSha256(NULL);
  5757. if (ret != BAD_FUNC_ARG) {
  5758. flag = WOLFSSL_FATAL_ERROR;
  5759. }
  5760. }
  5761. wc_Sha256Free(&sha256);
  5762. printf(resultFmt, flag == 0 ? passed : failed);
  5763. #endif
  5764. return flag;
  5765. } /* END test_wc_InitSha256 */
  5766. /*
  5767. * Unit test for wc_Sha256Update()
  5768. */
  5769. static int test_wc_Sha256Update (void)
  5770. {
  5771. int flag = 0;
  5772. #ifndef NO_SHA256
  5773. wc_Sha256 sha256;
  5774. byte hash[WC_SHA256_DIGEST_SIZE];
  5775. testVector a, b, c;
  5776. int ret;
  5777. ret = wc_InitSha256(&sha256);
  5778. if (ret != 0) {
  5779. flag = ret;
  5780. }
  5781. printf(testingFmt, "wc_Sha256Update()");
  5782. /* Input. */
  5783. if (!flag) {
  5784. a.input = "a";
  5785. a.inLen = XSTRLEN(a.input);
  5786. ret = wc_Sha256Update(&sha256, (byte*)a.input, (word32)a.inLen);
  5787. if (ret != 0) {
  5788. flag = ret;
  5789. }
  5790. }
  5791. if (!flag) {
  5792. ret = wc_Sha256Final(&sha256, hash);
  5793. if (ret != 0) {
  5794. flag = ret;
  5795. }
  5796. }
  5797. /* Update input. */
  5798. if (!flag) {
  5799. a.input = "abc";
  5800. a.output = "\xBA\x78\x16\xBF\x8F\x01\xCF\xEA\x41\x41\x40\xDE\x5D\xAE\x22"
  5801. "\x23\xB0\x03\x61\xA3\x96\x17\x7A\x9C\xB4\x10\xFF\x61\xF2\x00"
  5802. "\x15\xAD";
  5803. a.inLen = XSTRLEN(a.input);
  5804. a.outLen = XSTRLEN(a.output);
  5805. ret = wc_Sha256Update(&sha256, (byte*)a.input, (word32)a.inLen);
  5806. if (ret != 0) {
  5807. flag = ret;
  5808. }
  5809. }
  5810. if (!flag) {
  5811. ret = wc_Sha256Final(&sha256, hash);
  5812. if (ret != 0) {
  5813. flag = ret;
  5814. }
  5815. }
  5816. if (!flag) {
  5817. if (XMEMCMP(hash, a.output, WC_SHA256_DIGEST_SIZE) != 0) {
  5818. flag = WOLFSSL_FATAL_ERROR;
  5819. }
  5820. }
  5821. /* Try passing in bad values */
  5822. if (!flag) {
  5823. b.input = NULL;
  5824. b.inLen = 0;
  5825. ret = wc_Sha256Update(&sha256, (byte*)b.input, (word32)b.inLen);
  5826. if (ret != 0) {
  5827. flag = ret;
  5828. }
  5829. }
  5830. if (!flag) {
  5831. c.input = NULL;
  5832. c.inLen = WC_SHA256_DIGEST_SIZE;
  5833. ret = wc_Sha256Update(&sha256, (byte*)c.input, (word32)c.inLen);
  5834. if (ret != BAD_FUNC_ARG) {
  5835. flag = WOLFSSL_FATAL_ERROR;
  5836. }
  5837. }
  5838. if (!flag) {
  5839. ret = wc_Sha256Update(NULL, (byte*)a.input, (word32)a.inLen);
  5840. if (ret != BAD_FUNC_ARG) {
  5841. flag = WOLFSSL_FATAL_ERROR;
  5842. }
  5843. }
  5844. wc_Sha256Free(&sha256);
  5845. /* If not returned then the unit test passed. */
  5846. printf(resultFmt, flag == 0 ? passed : failed);
  5847. #endif
  5848. return flag;
  5849. } /* END test_wc_Sha256Update */
  5850. /*
  5851. * Unit test function for wc_Sha256Final()
  5852. */
  5853. static int test_wc_Sha256Final (void)
  5854. {
  5855. int flag = 0;
  5856. #ifndef NO_SHA256
  5857. wc_Sha256 sha256;
  5858. byte* hash_test[3];
  5859. byte hash1[WC_SHA256_DIGEST_SIZE];
  5860. byte hash2[2*WC_SHA256_DIGEST_SIZE];
  5861. byte hash3[5*WC_SHA256_DIGEST_SIZE];
  5862. int times, i, ret;
  5863. /* Initialize */
  5864. ret = wc_InitSha256(&sha256);
  5865. if (ret != 0) {
  5866. flag = ret;
  5867. }
  5868. if (!flag) {
  5869. hash_test[0] = hash1;
  5870. hash_test[1] = hash2;
  5871. hash_test[2] = hash3;
  5872. }
  5873. times = sizeof(hash_test) / sizeof(byte*);
  5874. /* Good test args. */
  5875. printf(testingFmt, "wc_Sha256Final()");
  5876. for (i = 0; i < times; i++) {
  5877. if (!flag) {
  5878. ret = wc_Sha256Final(&sha256, hash_test[i]);
  5879. if (ret != 0) {
  5880. flag = WOLFSSL_FATAL_ERROR;
  5881. }
  5882. }
  5883. }
  5884. /* Test bad args. */
  5885. if (!flag ) {
  5886. ret = wc_Sha256Final(NULL, NULL);
  5887. if (ret != BAD_FUNC_ARG) {
  5888. flag = WOLFSSL_FATAL_ERROR;
  5889. }
  5890. }
  5891. if (!flag) {
  5892. ret = wc_Sha256Final(NULL, hash1);
  5893. if (ret != BAD_FUNC_ARG) {
  5894. flag = WOLFSSL_FATAL_ERROR;
  5895. }
  5896. }
  5897. if (!flag) {
  5898. ret = wc_Sha256Final(&sha256, NULL);
  5899. if (ret != BAD_FUNC_ARG) {
  5900. flag = WOLFSSL_FATAL_ERROR;
  5901. }
  5902. }
  5903. wc_Sha256Free(&sha256);
  5904. printf(resultFmt, flag == 0 ? passed : failed);
  5905. #endif
  5906. return flag;
  5907. } /* END test_wc_Sha256Final */
  5908. /*
  5909. * Unit test function for wc_Sha256FinalRaw()
  5910. */
  5911. static int test_wc_Sha256FinalRaw (void)
  5912. {
  5913. int flag = 0;
  5914. #if !defined(NO_SHA256) && !defined(HAVE_SELFTEST) && !defined(WOLFSSL_DEVCRYPTO) && (!defined(HAVE_FIPS) || \
  5915. (defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION >= 3))) && \
  5916. !defined(WOLFSSL_NO_HASH_RAW)
  5917. wc_Sha256 sha256;
  5918. byte* hash_test[3];
  5919. byte hash1[WC_SHA256_DIGEST_SIZE];
  5920. byte hash2[2*WC_SHA256_DIGEST_SIZE];
  5921. byte hash3[5*WC_SHA256_DIGEST_SIZE];
  5922. int times, i, ret;
  5923. /* Initialize */
  5924. ret = wc_InitSha256(&sha256);
  5925. if (ret != 0) {
  5926. flag = ret;
  5927. }
  5928. if (!flag) {
  5929. hash_test[0] = hash1;
  5930. hash_test[1] = hash2;
  5931. hash_test[2] = hash3;
  5932. }
  5933. times = sizeof(hash_test) / sizeof(byte*);
  5934. /* Good test args. */
  5935. printf(testingFmt, "wc_Sha256FinalRaw()");
  5936. for (i = 0; i < times; i++) {
  5937. if (!flag) {
  5938. ret = wc_Sha256FinalRaw(&sha256, hash_test[i]);
  5939. if (ret != 0) {
  5940. flag = WOLFSSL_FATAL_ERROR;
  5941. }
  5942. }
  5943. }
  5944. /* Test bad args. */
  5945. if (!flag ) {
  5946. ret = wc_Sha256FinalRaw(NULL, NULL);
  5947. if (ret != BAD_FUNC_ARG) {
  5948. flag = WOLFSSL_FATAL_ERROR;
  5949. }
  5950. }
  5951. if (!flag) {
  5952. ret = wc_Sha256FinalRaw(NULL, hash1);
  5953. if (ret != BAD_FUNC_ARG) {
  5954. flag = WOLFSSL_FATAL_ERROR;
  5955. }
  5956. }
  5957. if (!flag) {
  5958. ret = wc_Sha256FinalRaw(&sha256, NULL);
  5959. if (ret != BAD_FUNC_ARG) {
  5960. flag = WOLFSSL_FATAL_ERROR;
  5961. }
  5962. }
  5963. wc_Sha256Free(&sha256);
  5964. printf(resultFmt, flag == 0 ? passed : failed);
  5965. #endif
  5966. return flag;
  5967. } /* END test_wc_Sha256FinalRaw */
  5968. /*
  5969. * Unit test function for wc_Sha256GetFlags()
  5970. */
  5971. static int test_wc_Sha256GetFlags (void)
  5972. {
  5973. int flag = 0;
  5974. #if !defined(NO_SHA256) && \
  5975. (defined(WOLFSSL_HASH_FLAGS) || defined(WOLF_CRYPTO_CB))
  5976. wc_Sha256 sha256;
  5977. word32 flags = 0;
  5978. printf(testingFmt, "wc_Sha256GetFlags()");
  5979. /* Initialize */
  5980. flag = wc_InitSha256(&sha256);
  5981. if (flag == 0) {
  5982. flag = wc_Sha256GetFlags(&sha256, &flags);
  5983. }
  5984. if (flag == 0) {
  5985. if (flags & WC_HASH_FLAG_ISCOPY) {
  5986. flag = 0;
  5987. }
  5988. }
  5989. wc_Sha256Free(&sha256);
  5990. printf(resultFmt, flag == 0 ? passed : failed);
  5991. #endif
  5992. return flag;
  5993. } /* END test_wc_Sha256GetFlags */
  5994. /*
  5995. * Unit test function for wc_Sha256Free()
  5996. */
  5997. static int test_wc_Sha256Free (void)
  5998. {
  5999. int flag = 0;
  6000. #ifndef NO_SHA256
  6001. printf(testingFmt, "wc_Sha256Free()");
  6002. wc_Sha256Free(NULL);
  6003. printf(resultFmt, flag == 0 ? passed : failed);
  6004. #endif
  6005. return flag;
  6006. } /* END test_wc_Sha256Free */
  6007. /*
  6008. * Unit test function for wc_Sha256GetHash()
  6009. */
  6010. static int test_wc_Sha256GetHash (void)
  6011. {
  6012. int flag = 0;
  6013. #ifndef NO_SHA256
  6014. wc_Sha256 sha256;
  6015. byte hash1[WC_SHA256_DIGEST_SIZE];
  6016. printf(testingFmt, "wc_Sha256GetHash()");
  6017. /* Initialize */
  6018. flag = wc_InitSha256(&sha256);
  6019. if (flag == 0) {
  6020. flag = wc_Sha256GetHash(&sha256, hash1);
  6021. }
  6022. /*test bad arguements*/
  6023. if (flag == 0) {
  6024. flag = wc_Sha256GetHash(NULL, NULL);
  6025. if (flag == BAD_FUNC_ARG) {
  6026. flag = 0;
  6027. }
  6028. }
  6029. if (flag == 0) {
  6030. flag = wc_Sha256GetHash(NULL, hash1);
  6031. if (flag == BAD_FUNC_ARG) {
  6032. flag = 0;
  6033. }
  6034. }
  6035. if (flag == 0) {
  6036. flag = wc_Sha256GetHash(&sha256, NULL);
  6037. if (flag == BAD_FUNC_ARG) {
  6038. flag = 0;
  6039. }
  6040. }
  6041. wc_Sha256Free(&sha256);
  6042. printf(resultFmt, flag == 0 ? passed : failed);
  6043. #endif
  6044. return flag;
  6045. } /* END test_wc_Sha256GetHash */
  6046. /*
  6047. * Unit test function for wc_Sha256Copy()
  6048. */
  6049. static int test_wc_Sha256Copy (void)
  6050. {
  6051. int flag = 0;
  6052. #ifndef NO_SHA256
  6053. wc_Sha256 sha256;
  6054. wc_Sha256 temp;
  6055. printf(testingFmt, "wc_Sha256Copy()");
  6056. /* Initialize */
  6057. flag = wc_InitSha256(&sha256);
  6058. if (flag == 0) {
  6059. flag = wc_InitSha256(&temp);
  6060. }
  6061. if (flag == 0) {
  6062. flag = wc_Sha256Copy(&sha256, &temp);
  6063. }
  6064. /*test bad arguements*/
  6065. if (flag == 0) {
  6066. flag = wc_Sha256Copy(NULL, NULL);
  6067. if (flag == BAD_FUNC_ARG) {
  6068. flag = 0;
  6069. }
  6070. }
  6071. if (flag == 0) {
  6072. flag = wc_Sha256Copy(NULL, &temp);
  6073. if (flag == BAD_FUNC_ARG) {
  6074. flag = 0;
  6075. }
  6076. }
  6077. if (flag == 0) {
  6078. flag = wc_Sha256Copy(&sha256, NULL);
  6079. if (flag == BAD_FUNC_ARG) {
  6080. flag = 0;
  6081. }
  6082. }
  6083. wc_Sha256Free(&sha256);
  6084. wc_Sha256Free(&temp);
  6085. printf(resultFmt, flag == 0 ? passed : failed);
  6086. #endif
  6087. return flag;
  6088. } /* END test_wc_Sha256Copy */
  6089. /*
  6090. * Testing wc_InitSha512()
  6091. */
  6092. static int test_wc_InitSha512 (void)
  6093. {
  6094. int flag = 0;
  6095. #ifdef WOLFSSL_SHA512
  6096. wc_Sha512 sha512;
  6097. int ret;
  6098. printf(testingFmt, "wc_InitSha512()");
  6099. /* Test good arg. */
  6100. ret = wc_InitSha512(&sha512);
  6101. if (ret != 0) {
  6102. flag = WOLFSSL_FATAL_ERROR;
  6103. }
  6104. /* Test bad arg. */
  6105. if (!flag) {
  6106. ret = wc_InitSha512(NULL);
  6107. if (ret != BAD_FUNC_ARG) {
  6108. flag = WOLFSSL_FATAL_ERROR;
  6109. }
  6110. }
  6111. wc_Sha512Free(&sha512);
  6112. printf(resultFmt, flag == 0 ? passed : failed);
  6113. #endif
  6114. return flag;
  6115. } /* END test_wc_InitSha512 */
  6116. /*
  6117. * wc_Sha512Update() test.
  6118. */
  6119. static int test_wc_Sha512Update (void)
  6120. {
  6121. int flag = 0;
  6122. #ifdef WOLFSSL_SHA512
  6123. wc_Sha512 sha512;
  6124. byte hash[WC_SHA512_DIGEST_SIZE];
  6125. testVector a, b, c;
  6126. int ret;
  6127. ret = wc_InitSha512(&sha512);
  6128. if (ret != 0) {
  6129. flag = ret;
  6130. }
  6131. printf(testingFmt, "wc_Sha512Update()");
  6132. /* Input. */
  6133. if (!flag) {
  6134. a.input = "a";
  6135. a.inLen = XSTRLEN(a.input);
  6136. ret = wc_Sha512Update(&sha512, (byte*)a.input, (word32)a.inLen);
  6137. if (ret != 0) {
  6138. flag = ret;
  6139. }
  6140. ret = wc_Sha512Final(&sha512, hash);
  6141. if (ret != 0) {
  6142. flag = ret;
  6143. }
  6144. }
  6145. /* Update input. */
  6146. if (!flag) {
  6147. a.input = "abc";
  6148. a.output = "\xdd\xaf\x35\xa1\x93\x61\x7a\xba\xcc\x41\x73\x49\xae\x20\x41"
  6149. "\x31\x12\xe6\xfa\x4e\x89\xa9\x7e\xa2\x0a\x9e\xee\xe6\x4b"
  6150. "\x55\xd3\x9a\x21\x92\x99\x2a\x27\x4f\xc1\xa8\x36\xba\x3c"
  6151. "\x23\xa3\xfe\xeb\xbd\x45\x4d\x44\x23\x64\x3c\xe8\x0e\x2a"
  6152. "\x9a\xc9\x4f\xa5\x4c\xa4\x9f";
  6153. a.inLen = XSTRLEN(a.input);
  6154. a.outLen = XSTRLEN(a.output);
  6155. ret = wc_Sha512Update(&sha512, (byte*) a.input, (word32) a.inLen);
  6156. if (ret != 0) {
  6157. flag = ret;
  6158. }
  6159. }
  6160. if (!flag) {
  6161. ret = wc_Sha512Final(&sha512, hash);
  6162. if (ret != 0) {
  6163. flag = ret;
  6164. }
  6165. }
  6166. if (!flag) {
  6167. if (XMEMCMP(hash, a.output, WC_SHA512_DIGEST_SIZE) != 0) {
  6168. flag = WOLFSSL_FATAL_ERROR;
  6169. }
  6170. }
  6171. /* Try passing in bad values */
  6172. if (!flag) {
  6173. b.input = NULL;
  6174. b.inLen = 0;
  6175. ret = wc_Sha512Update(&sha512, (byte*)b.input, (word32)b.inLen);
  6176. if (ret != 0) {
  6177. flag = ret;
  6178. }
  6179. }
  6180. if (!flag) {
  6181. c.input = NULL;
  6182. c.inLen = WC_SHA512_DIGEST_SIZE;
  6183. ret = wc_Sha512Update(&sha512, (byte*)c.input, (word32)c.inLen);
  6184. if (ret != BAD_FUNC_ARG) {
  6185. flag = WOLFSSL_FATAL_ERROR;
  6186. }
  6187. }
  6188. if (!flag) {
  6189. ret = wc_Sha512Update(NULL, (byte*)a.input, (word32)a.inLen);
  6190. if (ret != BAD_FUNC_ARG) {
  6191. flag = WOLFSSL_FATAL_ERROR;
  6192. }
  6193. }
  6194. wc_Sha512Free(&sha512);
  6195. /* If not returned then the unit test passed test vectors. */
  6196. printf(resultFmt, flag == 0 ? passed : failed);
  6197. #endif
  6198. return flag;
  6199. } /* END test_wc_Sha512Update */
  6200. /*
  6201. * Unit test function for wc_Sha512Final()
  6202. */
  6203. static int test_wc_Sha512Final (void)
  6204. {
  6205. int flag = 0;
  6206. #ifdef WOLFSSL_SHA512
  6207. wc_Sha512 sha512;
  6208. byte* hash_test[3];
  6209. byte hash1[WC_SHA512_DIGEST_SIZE];
  6210. byte hash2[2*WC_SHA512_DIGEST_SIZE];
  6211. byte hash3[5*WC_SHA512_DIGEST_SIZE];
  6212. int times, i, ret;
  6213. /* Initialize */
  6214. ret = wc_InitSha512(&sha512);
  6215. if (ret != 0) {
  6216. flag = ret;
  6217. }
  6218. if (!flag) {
  6219. hash_test[0] = hash1;
  6220. hash_test[1] = hash2;
  6221. hash_test[2] = hash3;
  6222. }
  6223. times = sizeof(hash_test) / sizeof(byte *);
  6224. /* Good test args. */
  6225. printf(testingFmt, "wc_Sha512Final()");
  6226. for (i = 0; i < times; i++) {
  6227. if (!flag) {
  6228. ret = wc_Sha512Final(&sha512, hash_test[i]);
  6229. if (ret != 0) {
  6230. flag = WOLFSSL_FATAL_ERROR;
  6231. }
  6232. }
  6233. }
  6234. /* Test bad args. */
  6235. if (!flag) {
  6236. ret = wc_Sha512Final(NULL, NULL);
  6237. if (ret != BAD_FUNC_ARG) {
  6238. flag = WOLFSSL_FATAL_ERROR;
  6239. }
  6240. if (!flag) {}
  6241. ret = wc_Sha512Final(NULL, hash1);
  6242. if (ret != BAD_FUNC_ARG) {
  6243. flag = WOLFSSL_FATAL_ERROR;
  6244. }
  6245. }
  6246. if (!flag) {
  6247. ret = wc_Sha512Final(&sha512, NULL);
  6248. if (ret != BAD_FUNC_ARG) {
  6249. flag = WOLFSSL_FATAL_ERROR;
  6250. }
  6251. }
  6252. wc_Sha512Free(&sha512);
  6253. printf(resultFmt, flag == 0 ? passed : failed);
  6254. #endif
  6255. return flag;
  6256. } /* END test_wc_Sha512Final */
  6257. /*
  6258. * Unit test function for wc_Sha512GetFlags()
  6259. */
  6260. static int test_wc_Sha512GetFlags (void)
  6261. {
  6262. int flag = 0;
  6263. #if defined(WOLFSSL_SHA512) && \
  6264. (defined(WOLFSSL_HASH_FLAGS) || defined(WOLF_CRYPTO_CB))
  6265. wc_Sha512 sha512;
  6266. word32 flags = 0;
  6267. printf(testingFmt, "wc_Sha512GetFlags()");
  6268. /* Initialize */
  6269. flag = wc_InitSha512(&sha512);
  6270. if (flag == 0) {
  6271. flag = wc_Sha512GetFlags(&sha512, &flags);
  6272. }
  6273. if (flag == 0) {
  6274. if (flags & WC_HASH_FLAG_ISCOPY) {
  6275. flag = 0;
  6276. }
  6277. }
  6278. wc_Sha512Free(&sha512);
  6279. printf(resultFmt, flag == 0 ? passed : failed);
  6280. #endif
  6281. return flag;
  6282. } /* END test_wc_Sha512GetFlags */
  6283. /*
  6284. * Unit test function for wc_Sha512FinalRaw()
  6285. */
  6286. static int test_wc_Sha512FinalRaw (void)
  6287. {
  6288. int flag = 0;
  6289. #if defined(WOLFSSL_SHA512) && !defined(HAVE_SELFTEST) && (!defined(HAVE_FIPS) || \
  6290. (defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION >= 3)))
  6291. wc_Sha512 sha512;
  6292. byte* hash_test[3];
  6293. byte hash1[WC_SHA512_DIGEST_SIZE];
  6294. byte hash2[2*WC_SHA512_DIGEST_SIZE];
  6295. byte hash3[5*WC_SHA512_DIGEST_SIZE];
  6296. int times, i, ret;
  6297. /* Initialize */
  6298. ret = wc_InitSha512(&sha512);
  6299. if (ret != 0) {
  6300. flag = ret;
  6301. }
  6302. if (!flag) {
  6303. hash_test[0] = hash1;
  6304. hash_test[1] = hash2;
  6305. hash_test[2] = hash3;
  6306. }
  6307. times = sizeof(hash_test) / sizeof(byte*);
  6308. /* Good test args. */
  6309. printf(testingFmt, "wc_Sha512FinalRaw()");
  6310. for (i = 0; i < times; i++) {
  6311. if (!flag) {
  6312. ret = wc_Sha512FinalRaw(&sha512, hash_test[i]);
  6313. if (ret != 0) {
  6314. flag = WOLFSSL_FATAL_ERROR;
  6315. }
  6316. }
  6317. }
  6318. /* Test bad args. */
  6319. if (!flag ) {
  6320. ret = wc_Sha512FinalRaw(NULL, NULL);
  6321. if (ret != BAD_FUNC_ARG) {
  6322. flag = WOLFSSL_FATAL_ERROR;
  6323. }
  6324. }
  6325. if (!flag) {
  6326. ret = wc_Sha512FinalRaw(NULL, hash1);
  6327. if (ret != BAD_FUNC_ARG) {
  6328. flag = WOLFSSL_FATAL_ERROR;
  6329. }
  6330. }
  6331. if (!flag) {
  6332. ret = wc_Sha512FinalRaw(&sha512, NULL);
  6333. if (ret != BAD_FUNC_ARG) {
  6334. flag = WOLFSSL_FATAL_ERROR;
  6335. }
  6336. }
  6337. wc_Sha512Free(&sha512);
  6338. printf(resultFmt, flag == 0 ? passed : failed);
  6339. #endif
  6340. return flag;
  6341. } /* END test_wc_Sha512FinalRaw */
  6342. /*
  6343. * Unit test function for wc_Sha512Free()
  6344. */
  6345. static int test_wc_Sha512Free (void)
  6346. {
  6347. int flag = 0;
  6348. #ifdef WOLFSSL_SHA512
  6349. printf(testingFmt, "wc_Sha512Free()");
  6350. wc_Sha512Free(NULL);
  6351. printf(resultFmt, flag == 0 ? passed : failed);
  6352. #endif
  6353. return flag;
  6354. } /* END test_wc_Sha512Free */
  6355. /*
  6356. * Unit test function for wc_Sha512GetHash()
  6357. */
  6358. static int test_wc_Sha512GetHash (void)
  6359. {
  6360. int flag = 0;
  6361. #ifdef WOLFSSL_SHA512
  6362. wc_Sha512 sha512;
  6363. byte hash1[WC_SHA512_DIGEST_SIZE];
  6364. printf(testingFmt, "wc_Sha512GetHash()");
  6365. /* Initialize */
  6366. flag = wc_InitSha512(&sha512);
  6367. if (flag == 0) {
  6368. flag = wc_Sha512GetHash(&sha512, hash1);
  6369. }
  6370. /*test bad arguements*/
  6371. if (flag == 0) {
  6372. flag = wc_Sha512GetHash(NULL, NULL);
  6373. if (flag == BAD_FUNC_ARG) {
  6374. flag = 0;
  6375. }
  6376. }
  6377. if (flag == 0) {
  6378. flag = wc_Sha512GetHash(NULL, hash1);
  6379. if (flag == BAD_FUNC_ARG) {
  6380. flag = 0;
  6381. }
  6382. }
  6383. if (flag == 0) {
  6384. flag = wc_Sha512GetHash(&sha512, NULL);
  6385. if (flag == BAD_FUNC_ARG) {
  6386. flag = 0;
  6387. }
  6388. }
  6389. wc_Sha512Free(&sha512);
  6390. printf(resultFmt, flag == 0 ? passed : failed);
  6391. #endif
  6392. return flag;
  6393. } /* END test_wc_Sha512GetHash */
  6394. /*
  6395. * Unit test function for wc_Sha512Copy()
  6396. */
  6397. static int test_wc_Sha512Copy (void)
  6398. {
  6399. int flag = 0;
  6400. #ifdef WOLFSSL_SHA512
  6401. wc_Sha512 sha512;
  6402. wc_Sha512 temp;
  6403. printf(testingFmt, "wc_Sha512Copy()");
  6404. /* Initialize */
  6405. flag = wc_InitSha512(&sha512);
  6406. if (flag == 0) {
  6407. flag = wc_InitSha512(&temp);
  6408. }
  6409. if (flag == 0) {
  6410. flag = wc_Sha512Copy(&sha512, &temp);
  6411. }
  6412. /*test bad arguements*/
  6413. if (flag == 0) {
  6414. flag = wc_Sha512Copy(NULL, NULL);
  6415. if (flag == BAD_FUNC_ARG) {
  6416. flag = 0;
  6417. }
  6418. }
  6419. if (flag == 0) {
  6420. flag = wc_Sha512Copy(NULL, &temp);
  6421. if (flag == BAD_FUNC_ARG) {
  6422. flag = 0;
  6423. }
  6424. }
  6425. if (flag == 0) {
  6426. flag = wc_Sha512Copy(&sha512, NULL);
  6427. if (flag == BAD_FUNC_ARG) {
  6428. flag = 0;
  6429. }
  6430. }
  6431. wc_Sha512Free(&sha512);
  6432. wc_Sha512Free(&temp);
  6433. printf(resultFmt, flag == 0 ? passed : failed);
  6434. #endif
  6435. return flag;
  6436. } /* END test_wc_Sha512Copy */
  6437. /*
  6438. * Testing wc_InitSha384()
  6439. */
  6440. static int test_wc_InitSha384 (void)
  6441. {
  6442. int flag = 0;
  6443. #ifdef WOLFSSL_SHA384
  6444. wc_Sha384 sha384;
  6445. int ret;
  6446. printf(testingFmt, "wc_InitSha384()");
  6447. /* Test good arg. */
  6448. ret = wc_InitSha384(&sha384);
  6449. if (ret != 0) {
  6450. flag = WOLFSSL_FATAL_ERROR;
  6451. }
  6452. /* Test bad arg. */
  6453. if (!flag) {
  6454. ret = wc_InitSha384(NULL);
  6455. if (ret != BAD_FUNC_ARG) {
  6456. flag = WOLFSSL_FATAL_ERROR;
  6457. }
  6458. }
  6459. wc_Sha384Free(&sha384);
  6460. printf(resultFmt, flag == 0 ? passed : failed);
  6461. #endif
  6462. return flag;
  6463. } /* END test_wc_InitSha384 */
  6464. /*
  6465. * test wc_Sha384Update()
  6466. */
  6467. static int test_wc_Sha384Update (void)
  6468. {
  6469. int flag = 0;
  6470. #ifdef WOLFSSL_SHA384
  6471. wc_Sha384 sha384;
  6472. byte hash[WC_SHA384_DIGEST_SIZE];
  6473. testVector a, b, c;
  6474. int ret;
  6475. ret = wc_InitSha384(&sha384);
  6476. if (ret != 0) {
  6477. flag = ret;
  6478. }
  6479. printf(testingFmt, "wc_Sha384Update()");
  6480. /* Input */
  6481. if (!flag) {
  6482. a.input = "a";
  6483. a.inLen = XSTRLEN(a.input);
  6484. ret = wc_Sha384Update(&sha384, (byte*)a.input, (word32)a.inLen);
  6485. if (ret != 0) {
  6486. flag = ret;
  6487. }
  6488. }
  6489. if (!flag) {
  6490. ret = wc_Sha384Final(&sha384, hash);
  6491. if (ret != 0) {
  6492. flag = ret;
  6493. }
  6494. }
  6495. /* Update input. */
  6496. if (!flag) {
  6497. a.input = "abc";
  6498. a.output = "\xcb\x00\x75\x3f\x45\xa3\x5e\x8b\xb5\xa0\x3d\x69\x9a\xc6\x50"
  6499. "\x07\x27\x2c\x32\xab\x0e\xde\xd1\x63\x1a\x8b\x60\x5a\x43\xff"
  6500. "\x5b\xed\x80\x86\x07\x2b\xa1\xe7\xcc\x23\x58\xba\xec\xa1\x34"
  6501. "\xc8\x25\xa7";
  6502. a.inLen = XSTRLEN(a.input);
  6503. a.outLen = XSTRLEN(a.output);
  6504. ret = wc_Sha384Update(&sha384, (byte*)a.input, (word32)a.inLen);
  6505. if (ret != 0) {
  6506. flag = ret;
  6507. }
  6508. }
  6509. if (!flag) {
  6510. ret = wc_Sha384Final(&sha384, hash);
  6511. if (ret != 0) {
  6512. flag = ret;
  6513. }
  6514. }
  6515. if (!flag) {
  6516. if (XMEMCMP(hash, a.output, WC_SHA384_DIGEST_SIZE) != 0) {
  6517. flag = WOLFSSL_FATAL_ERROR;
  6518. }
  6519. }
  6520. /* Pass in bad values. */
  6521. if (!flag) {
  6522. b.input = NULL;
  6523. b.inLen = 0;
  6524. ret = wc_Sha384Update(&sha384, (byte*)b.input, (word32)b.inLen);
  6525. if (ret != 0) {
  6526. flag = ret;
  6527. }
  6528. }
  6529. if (!flag) {
  6530. c.input = NULL;
  6531. c.inLen = WC_SHA384_DIGEST_SIZE;
  6532. ret = wc_Sha384Update(&sha384, (byte*)c.input, (word32)c.inLen);
  6533. if (ret != BAD_FUNC_ARG) {
  6534. flag = WOLFSSL_FATAL_ERROR;
  6535. }
  6536. }
  6537. if (!flag) {
  6538. ret = wc_Sha384Update(NULL, (byte*)a.input, (word32)a.inLen);
  6539. if (ret != BAD_FUNC_ARG) {
  6540. flag = WOLFSSL_FATAL_ERROR;
  6541. }
  6542. }
  6543. wc_Sha384Free(&sha384);
  6544. /* If not returned then the unit test passed test vectors. */
  6545. printf(resultFmt, flag == 0 ? passed : failed);
  6546. #endif
  6547. return flag;
  6548. } /* END test_wc_Sha384Update */
  6549. /*
  6550. * Unit test function for wc_Sha384Final();
  6551. */
  6552. static int test_wc_Sha384Final (void)
  6553. {
  6554. int flag = 0;
  6555. #ifdef WOLFSSL_SHA384
  6556. wc_Sha384 sha384;
  6557. byte* hash_test[3];
  6558. byte hash1[WC_SHA384_DIGEST_SIZE];
  6559. byte hash2[2*WC_SHA384_DIGEST_SIZE];
  6560. byte hash3[5*WC_SHA384_DIGEST_SIZE];
  6561. int times, i, ret;
  6562. /* Initialize */
  6563. ret = wc_InitSha384(&sha384);
  6564. if (ret) {
  6565. flag = ret;
  6566. }
  6567. if (!flag) {
  6568. hash_test[0] = hash1;
  6569. hash_test[1] = hash2;
  6570. hash_test[2] = hash3;
  6571. }
  6572. times = sizeof(hash_test) / sizeof(byte*);
  6573. /* Good test args. */
  6574. printf(testingFmt, "wc_Sha384Final()");
  6575. for (i = 0; i < times; i++) {
  6576. if (!flag) {
  6577. ret = wc_Sha384Final(&sha384, hash_test[i]);
  6578. if (ret != 0) {
  6579. flag = WOLFSSL_FATAL_ERROR;
  6580. }
  6581. }
  6582. }
  6583. /* Test bad args. */
  6584. if (!flag) {
  6585. ret = wc_Sha384Final(NULL, NULL);
  6586. if (ret != BAD_FUNC_ARG) {
  6587. flag = WOLFSSL_FATAL_ERROR;
  6588. }
  6589. }
  6590. if (!flag) {
  6591. ret = wc_Sha384Final(NULL, hash1);
  6592. if (ret != BAD_FUNC_ARG) {
  6593. flag = WOLFSSL_FATAL_ERROR;
  6594. }
  6595. }
  6596. if (!flag) {
  6597. ret = wc_Sha384Final(&sha384, NULL);
  6598. if (ret != BAD_FUNC_ARG) {
  6599. flag = WOLFSSL_FATAL_ERROR;
  6600. }
  6601. }
  6602. wc_Sha384Free(&sha384);
  6603. printf(resultFmt, flag == 0 ? passed : failed);
  6604. #endif
  6605. return flag;
  6606. } /* END test_wc_Sha384Final */
  6607. /*
  6608. * Unit test function for wc_Sha384GetFlags()
  6609. */
  6610. static int test_wc_Sha384GetFlags (void)
  6611. {
  6612. int flag = 0;
  6613. #if defined(WOLFSSL_SHA384) && \
  6614. (defined(WOLFSSL_HASH_FLAGS) || defined(WOLF_CRYPTO_CB))
  6615. wc_Sha384 sha384;
  6616. word32 flags = 0;
  6617. printf(testingFmt, "wc_Sha384GetFlags()");
  6618. /* Initialize */
  6619. flag = wc_InitSha384(&sha384);
  6620. if (flag == 0) {
  6621. flag = wc_Sha384GetFlags(&sha384, &flags);
  6622. }
  6623. if (flag == 0) {
  6624. if (flags & WC_HASH_FLAG_ISCOPY) {
  6625. flag = 0;
  6626. }
  6627. }
  6628. wc_Sha384Free(&sha384);
  6629. printf(resultFmt, flag == 0 ? passed : failed);
  6630. #endif
  6631. return flag;
  6632. } /* END test_wc_Sha384GetFlags */
  6633. /*
  6634. * Unit test function for wc_Sha384FinalRaw()
  6635. */
  6636. static int test_wc_Sha384FinalRaw (void)
  6637. {
  6638. int flag = 0;
  6639. #if defined(WOLFSSL_SHA384) && !defined(HAVE_SELFTEST) && (!defined(HAVE_FIPS) || \
  6640. (defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION >= 3)))
  6641. wc_Sha384 sha384;
  6642. byte* hash_test[3];
  6643. byte hash1[WC_SHA384_DIGEST_SIZE];
  6644. byte hash2[2*WC_SHA384_DIGEST_SIZE];
  6645. byte hash3[5*WC_SHA384_DIGEST_SIZE];
  6646. int times, i, ret;
  6647. /* Initialize */
  6648. ret = wc_InitSha384(&sha384);
  6649. if (ret != 0) {
  6650. flag = ret;
  6651. }
  6652. if (!flag) {
  6653. hash_test[0] = hash1;
  6654. hash_test[1] = hash2;
  6655. hash_test[2] = hash3;
  6656. }
  6657. times = sizeof(hash_test) / sizeof(byte*);
  6658. /* Good test args. */
  6659. printf(testingFmt, "wc_Sha384FinalRaw()");
  6660. for (i = 0; i < times; i++) {
  6661. if (!flag) {
  6662. ret = wc_Sha384FinalRaw(&sha384, hash_test[i]);
  6663. if (ret != 0) {
  6664. flag = WOLFSSL_FATAL_ERROR;
  6665. }
  6666. }
  6667. }
  6668. /* Test bad args. */
  6669. if (!flag ) {
  6670. ret = wc_Sha384FinalRaw(NULL, NULL);
  6671. if (ret != BAD_FUNC_ARG) {
  6672. flag = WOLFSSL_FATAL_ERROR;
  6673. }
  6674. }
  6675. if (!flag) {
  6676. ret = wc_Sha384FinalRaw(NULL, hash1);
  6677. if (ret != BAD_FUNC_ARG) {
  6678. flag = WOLFSSL_FATAL_ERROR;
  6679. }
  6680. }
  6681. if (!flag) {
  6682. ret = wc_Sha384FinalRaw(&sha384, NULL);
  6683. if (ret != BAD_FUNC_ARG) {
  6684. flag = WOLFSSL_FATAL_ERROR;
  6685. }
  6686. }
  6687. wc_Sha384Free(&sha384);
  6688. printf(resultFmt, flag == 0 ? passed : failed);
  6689. #endif
  6690. return flag;
  6691. } /* END test_wc_Sha384FinalRaw */
  6692. /*
  6693. * Unit test function for wc_Sha384Free()
  6694. */
  6695. static int test_wc_Sha384Free (void)
  6696. {
  6697. int flag = 0;
  6698. #ifdef WOLFSSL_SHA384
  6699. printf(testingFmt, "wc_Sha384Free()");
  6700. wc_Sha384Free(NULL);
  6701. printf(resultFmt, flag == 0 ? passed : failed);
  6702. #endif
  6703. return flag;
  6704. } /* END test_wc_Sha384Free */
  6705. /*
  6706. * Unit test function for wc_Sha384GetHash()
  6707. */
  6708. static int test_wc_Sha384GetHash (void)
  6709. {
  6710. int flag = 0;
  6711. #ifdef WOLFSSL_SHA384
  6712. wc_Sha384 sha384;
  6713. byte hash1[WC_SHA384_DIGEST_SIZE];
  6714. printf(testingFmt, "wc_Sha384GetHash()");
  6715. /* Initialize */
  6716. flag = wc_InitSha384(&sha384);
  6717. if (flag == 0) {
  6718. flag = wc_Sha384GetHash(&sha384, hash1);
  6719. }
  6720. /*test bad arguements*/
  6721. if (flag == 0) {
  6722. flag = wc_Sha384GetHash(NULL, NULL);
  6723. if (flag == BAD_FUNC_ARG) {
  6724. flag = 0;
  6725. }
  6726. }
  6727. if (flag == 0) {
  6728. flag = wc_Sha384GetHash(NULL, hash1);
  6729. if (flag == BAD_FUNC_ARG) {
  6730. flag = 0;
  6731. }
  6732. }
  6733. if (flag == 0) {
  6734. flag = wc_Sha384GetHash(&sha384, NULL);
  6735. if (flag == BAD_FUNC_ARG) {
  6736. flag = 0;
  6737. }
  6738. }
  6739. wc_Sha384Free(&sha384);
  6740. printf(resultFmt, flag == 0 ? passed : failed);
  6741. #endif
  6742. return flag;
  6743. } /* END test_wc_Sha384GetHash */
  6744. /*
  6745. * Unit test function for wc_Sha384Copy()
  6746. */
  6747. static int test_wc_Sha384Copy (void)
  6748. {
  6749. int flag = 0;
  6750. #ifdef WOLFSSL_SHA384
  6751. wc_Sha384 sha384;
  6752. wc_Sha384 temp;
  6753. printf(testingFmt, "wc_Sha384Copy()");
  6754. /* Initialize */
  6755. flag = wc_InitSha384(&sha384);
  6756. if (flag == 0) {
  6757. flag = wc_InitSha384(&temp);
  6758. }
  6759. if (flag == 0) {
  6760. flag = wc_Sha384Copy(&sha384, &temp);
  6761. }
  6762. /*test bad arguements*/
  6763. if (flag == 0) {
  6764. flag = wc_Sha384Copy(NULL, NULL);
  6765. if (flag == BAD_FUNC_ARG) {
  6766. flag = 0;
  6767. }
  6768. }
  6769. if (flag == 0) {
  6770. flag = wc_Sha384Copy(NULL, &temp);
  6771. if (flag == BAD_FUNC_ARG) {
  6772. flag = 0;
  6773. }
  6774. }
  6775. if (flag == 0) {
  6776. flag = wc_Sha384Copy(&sha384, NULL);
  6777. if (flag == BAD_FUNC_ARG) {
  6778. flag = 0;
  6779. }
  6780. }
  6781. wc_Sha384Free(&sha384);
  6782. wc_Sha384Free(&temp);
  6783. printf(resultFmt, flag == 0 ? passed : failed);
  6784. #endif
  6785. return flag;
  6786. } /* END test_wc_Sha384Copy */
  6787. /*
  6788. * Testing wc_InitSha224();
  6789. */
  6790. static int test_wc_InitSha224 (void)
  6791. {
  6792. int flag = 0;
  6793. #ifdef WOLFSSL_SHA224
  6794. wc_Sha224 sha224;
  6795. int ret;
  6796. printf(testingFmt, "wc_InitSha224()");
  6797. /* Test good arg. */
  6798. ret = wc_InitSha224(&sha224);
  6799. if (ret != 0) {
  6800. flag = WOLFSSL_FATAL_ERROR;
  6801. }
  6802. /* Test bad arg. */
  6803. if (!flag) {
  6804. ret = wc_InitSha224(NULL);
  6805. if (ret != BAD_FUNC_ARG) {
  6806. flag = WOLFSSL_FATAL_ERROR;
  6807. }
  6808. }
  6809. wc_Sha224Free(&sha224);
  6810. printf(resultFmt, flag == 0 ? passed : failed);
  6811. #endif
  6812. return flag;
  6813. } /* END test_wc_InitSha224 */
  6814. /*
  6815. * Unit test on wc_Sha224Update
  6816. */
  6817. static int test_wc_Sha224Update (void)
  6818. {
  6819. int flag = 0;
  6820. #ifdef WOLFSSL_SHA224
  6821. wc_Sha224 sha224;
  6822. byte hash[WC_SHA224_DIGEST_SIZE];
  6823. testVector a, b, c;
  6824. int ret;
  6825. ret = wc_InitSha224(&sha224);
  6826. if (ret != 0) {
  6827. flag = ret;
  6828. }
  6829. printf(testingFmt, "wc_Sha224Update()");
  6830. /* Input. */
  6831. if (!flag) {
  6832. a.input = "a";
  6833. a.inLen = XSTRLEN(a.input);
  6834. ret = wc_Sha224Update(&sha224, (byte*)a.input, (word32)a.inLen);
  6835. if (ret != 0) {
  6836. flag = ret;
  6837. }
  6838. }
  6839. if (!flag) {
  6840. ret = wc_Sha224Final(&sha224, hash);
  6841. if (ret != 0) {
  6842. flag = ret;
  6843. }
  6844. }
  6845. /* Update input. */
  6846. if (!flag) {
  6847. a.input = "abc";
  6848. a.output = "\x23\x09\x7d\x22\x34\x05\xd8\x22\x86\x42\xa4\x77\xbd\xa2"
  6849. "\x55\xb3\x2a\xad\xbc\xe4\xbd\xa0\xb3\xf7\xe3\x6c\x9d\xa7";
  6850. a.inLen = XSTRLEN(a.input);
  6851. a.outLen = XSTRLEN(a.output);
  6852. ret = wc_Sha224Update(&sha224, (byte*)a.input, (word32)a.inLen);
  6853. if (ret != 0) {
  6854. flag = ret;
  6855. }
  6856. }
  6857. if (!flag) {
  6858. ret = wc_Sha224Final(&sha224, hash);
  6859. if (ret != 0) {
  6860. flag = ret;
  6861. }
  6862. }
  6863. if (!flag) {
  6864. if (XMEMCMP(hash, a.output, WC_SHA224_DIGEST_SIZE) != 0) {
  6865. flag = WOLFSSL_FATAL_ERROR;
  6866. }
  6867. }
  6868. /* Pass in bad values. */
  6869. if (!flag) {
  6870. b.input = NULL;
  6871. b.inLen = 0;
  6872. ret = wc_Sha224Update(&sha224, (byte*)b.input, (word32)b.inLen);
  6873. if (ret != 0) {
  6874. flag = ret;
  6875. }
  6876. }
  6877. if (!flag) {
  6878. c.input = NULL;
  6879. c.inLen = WC_SHA224_DIGEST_SIZE;
  6880. ret = wc_Sha224Update(&sha224, (byte*)c.input, (word32)c.inLen);
  6881. if (ret != BAD_FUNC_ARG) {
  6882. flag = WOLFSSL_FATAL_ERROR;
  6883. }
  6884. }
  6885. if (!flag) {
  6886. ret = wc_Sha224Update(NULL, (byte*)a.input, (word32)a.inLen);
  6887. if (ret != BAD_FUNC_ARG) {
  6888. flag = WOLFSSL_FATAL_ERROR;
  6889. }
  6890. }
  6891. wc_Sha224Free(&sha224);
  6892. /* If not returned then the unit test passed test vectors. */
  6893. printf(resultFmt, flag == 0 ? passed : failed);
  6894. #endif
  6895. return flag;
  6896. } /* END test_wc_Sha224Update */
  6897. /*
  6898. * Unit test for wc_Sha224Final();
  6899. */
  6900. static int test_wc_Sha224Final (void)
  6901. {
  6902. int flag = 0;
  6903. #ifdef WOLFSSL_SHA224
  6904. wc_Sha224 sha224;
  6905. byte* hash_test[3];
  6906. byte hash1[WC_SHA224_DIGEST_SIZE];
  6907. byte hash2[2*WC_SHA224_DIGEST_SIZE];
  6908. byte hash3[5*WC_SHA224_DIGEST_SIZE];
  6909. int times, i, ret;
  6910. /* Initialize */
  6911. ret = wc_InitSha224(&sha224);
  6912. if (ret) {
  6913. flag = ret;
  6914. }
  6915. if (!flag) {
  6916. hash_test[0] = hash1;
  6917. hash_test[1] = hash2;
  6918. hash_test[2] = hash3;
  6919. }
  6920. times = sizeof(hash_test) / sizeof(byte*);
  6921. /* Good test args. */
  6922. printf(testingFmt, "wc_sha224Final()");
  6923. /* Testing oversized buffers. */
  6924. for (i = 0; i < times; i++) {
  6925. if (!flag) {
  6926. ret = wc_Sha224Final(&sha224, hash_test[i]);
  6927. if (ret != 0) {
  6928. flag = WOLFSSL_FATAL_ERROR;
  6929. }
  6930. }
  6931. }
  6932. /* Test bad args. */
  6933. if (!flag) {
  6934. ret = wc_Sha224Final(NULL, NULL);
  6935. if (ret != BAD_FUNC_ARG) {
  6936. flag = WOLFSSL_FATAL_ERROR;
  6937. }
  6938. }
  6939. if (!flag) {
  6940. ret = wc_Sha224Final(NULL, hash1);
  6941. if (ret != BAD_FUNC_ARG) {
  6942. flag = WOLFSSL_FATAL_ERROR;
  6943. }
  6944. }
  6945. if (!flag) {
  6946. ret = wc_Sha224Final(&sha224, NULL);
  6947. if (ret != BAD_FUNC_ARG) {
  6948. flag = WOLFSSL_FATAL_ERROR;
  6949. }
  6950. }
  6951. wc_Sha224Free(&sha224);
  6952. printf(resultFmt, flag == 0 ? passed : failed);
  6953. #endif
  6954. return flag;
  6955. } /* END test_wc_Sha224Final */
  6956. /*
  6957. * Unit test function for wc_Sha224SetFlags()
  6958. */
  6959. static int test_wc_Sha224SetFlags (void)
  6960. {
  6961. int flag = 0;
  6962. #if defined(WOLFSSL_SHA224) && \
  6963. (defined(WOLFSSL_HASH_FLAGS) || defined(WOLF_CRYPTO_CB))
  6964. wc_Sha224 sha224;
  6965. word32 flags = 0;
  6966. printf(testingFmt, "wc_Sha224SetFlags()");
  6967. /* Initialize */
  6968. flag = wc_InitSha224(&sha224);
  6969. if (flag == 0) {
  6970. flag = wc_Sha224SetFlags(&sha224, flags);
  6971. }
  6972. if (flag == 0) {
  6973. if (flags & WC_HASH_FLAG_ISCOPY) {
  6974. flag = 0;
  6975. }
  6976. }
  6977. wc_Sha224Free(&sha224);
  6978. printf(resultFmt, flag == 0 ? passed : failed);
  6979. #endif
  6980. return flag;
  6981. } /* END test_wc_Sha224SetFlags */
  6982. /*
  6983. * Unit test function for wc_Sha224GetFlags()
  6984. */
  6985. static int test_wc_Sha224GetFlags (void)
  6986. {
  6987. int flag = 0;
  6988. #if defined(WOLFSSL_SHA224) && \
  6989. (defined(WOLFSSL_HASH_FLAGS) || defined(WOLF_CRYPTO_CB))
  6990. wc_Sha224 sha224;
  6991. word32 flags = 0;
  6992. printf(testingFmt, "wc_Sha224GetFlags()");
  6993. /* Initialize */
  6994. flag = wc_InitSha224(&sha224);
  6995. if (flag == 0) {
  6996. flag = wc_Sha224GetFlags(&sha224, &flags);
  6997. }
  6998. if (flag == 0) {
  6999. if (flags & WC_HASH_FLAG_ISCOPY) {
  7000. flag = 0;
  7001. }
  7002. }
  7003. wc_Sha224Free(&sha224);
  7004. printf(resultFmt, flag == 0 ? passed : failed);
  7005. #endif
  7006. return flag;
  7007. } /* END test_wc_Sha224GetFlags */
  7008. /*
  7009. * Unit test function for wc_Sha224Free()
  7010. */
  7011. static int test_wc_Sha224Free (void)
  7012. {
  7013. int flag = 0;
  7014. #ifdef WOLFSSL_SHA224
  7015. printf(testingFmt, "wc_Sha224Free()");
  7016. wc_Sha224Free(NULL);
  7017. printf(resultFmt, flag == 0 ? passed : failed);
  7018. #endif
  7019. return flag;
  7020. } /* END test_wc_Sha224Free */
  7021. /*
  7022. * Unit test function for wc_Sha224GetHash()
  7023. */
  7024. static int test_wc_Sha224GetHash (void)
  7025. {
  7026. int flag = 0;
  7027. #ifdef WOLFSSL_SHA224
  7028. wc_Sha224 sha224;
  7029. byte hash1[WC_SHA224_DIGEST_SIZE];
  7030. printf(testingFmt, "wc_Sha224GetHash()");
  7031. /* Initialize */
  7032. flag = wc_InitSha224(&sha224);
  7033. if (flag == 0) {
  7034. flag = wc_Sha224GetHash(&sha224, hash1);
  7035. }
  7036. /*test bad arguements*/
  7037. if (flag == 0) {
  7038. flag = wc_Sha224GetHash(NULL, NULL);
  7039. if (flag == BAD_FUNC_ARG) {
  7040. flag = 0;
  7041. }
  7042. }
  7043. if (flag == 0) {
  7044. flag = wc_Sha224GetHash(NULL, hash1);
  7045. if (flag == BAD_FUNC_ARG) {
  7046. flag = 0;
  7047. }
  7048. }
  7049. if (flag == 0) {
  7050. flag = wc_Sha224GetHash(&sha224, NULL);
  7051. if (flag == BAD_FUNC_ARG) {
  7052. flag = 0;
  7053. }
  7054. }
  7055. wc_Sha224Free(&sha224);
  7056. printf(resultFmt, flag == 0 ? passed : failed);
  7057. #endif
  7058. return flag;
  7059. } /* END test_wc_Sha224GetHash */
  7060. /*
  7061. * Unit test function for wc_Sha224Copy()
  7062. */
  7063. static int test_wc_Sha224Copy (void)
  7064. {
  7065. int flag = 0;
  7066. #ifdef WOLFSSL_SHA224
  7067. wc_Sha224 sha224;
  7068. wc_Sha224 temp;
  7069. printf(testingFmt, "wc_Sha224Copy()");
  7070. /* Initialize */
  7071. flag = wc_InitSha224(&sha224);
  7072. if (flag == 0) {
  7073. flag = wc_InitSha224(&temp);
  7074. }
  7075. if (flag == 0) {
  7076. flag = wc_Sha224Copy(&sha224, &temp);
  7077. }
  7078. /*test bad arguements*/
  7079. if (flag == 0) {
  7080. flag = wc_Sha224Copy(NULL, NULL);
  7081. if (flag == BAD_FUNC_ARG) {
  7082. flag = 0;
  7083. }
  7084. }
  7085. if (flag == 0) {
  7086. flag = wc_Sha224Copy(NULL, &temp);
  7087. if (flag == BAD_FUNC_ARG) {
  7088. flag = 0;
  7089. }
  7090. }
  7091. if (flag == 0) {
  7092. flag = wc_Sha224Copy(&sha224, NULL);
  7093. if (flag == BAD_FUNC_ARG) {
  7094. flag = 0;
  7095. }
  7096. }
  7097. wc_Sha224Free(&sha224);
  7098. wc_Sha224Free(&temp);
  7099. printf(resultFmt, flag == 0 ? passed : failed);
  7100. #endif
  7101. return flag;
  7102. } /* END test_wc_Sha224Copy */
  7103. /*
  7104. * Testing wc_InitRipeMd()
  7105. */
  7106. static int test_wc_InitRipeMd (void)
  7107. {
  7108. int flag = 0;
  7109. #ifdef WOLFSSL_RIPEMD
  7110. RipeMd ripemd;
  7111. int ret;
  7112. printf(testingFmt, "wc_InitRipeMd()");
  7113. /* Test good arg. */
  7114. ret = wc_InitRipeMd(&ripemd);
  7115. if (ret != 0) {
  7116. flag = WOLFSSL_FATAL_ERROR;
  7117. }
  7118. /* Test bad arg. */
  7119. if (!flag) {
  7120. ret = wc_InitRipeMd(NULL);
  7121. if (ret != BAD_FUNC_ARG) {
  7122. flag = WOLFSSL_FATAL_ERROR;
  7123. }
  7124. }
  7125. printf(resultFmt, flag == 0 ? passed : failed);
  7126. #endif
  7127. return flag;
  7128. } /* END test_wc_InitRipeMd */
  7129. /*
  7130. * Testing wc_RipeMdUpdate()
  7131. */
  7132. static int test_wc_RipeMdUpdate (void)
  7133. {
  7134. int flag = 0;
  7135. #ifdef WOLFSSL_RIPEMD
  7136. RipeMd ripemd;
  7137. byte hash[RIPEMD_DIGEST_SIZE];
  7138. testVector a, b, c;
  7139. int ret;
  7140. ret = wc_InitRipeMd(&ripemd);
  7141. if (ret != 0) {
  7142. flag = ret;
  7143. }
  7144. printf(testingFmt, "wc_RipeMdUpdate()");
  7145. /* Input */
  7146. if (!flag) {
  7147. a.input = "a";
  7148. a.inLen = XSTRLEN(a.input);
  7149. ret = wc_RipeMdUpdate(&ripemd, (byte*)a.input, (word32)a.inLen);
  7150. if (ret != 0) {
  7151. flag = ret;
  7152. }
  7153. }
  7154. if (!flag) {
  7155. ret = wc_RipeMdFinal(&ripemd, hash);
  7156. if (ret != 0) {
  7157. flag = ret;
  7158. }
  7159. }
  7160. /* Update input. */
  7161. if (!flag) {
  7162. a.input = "abc";
  7163. a.output = "\x8e\xb2\x08\xf7\xe0\x5d\x98\x7a\x9b\x04\x4a\x8e\x98\xc6"
  7164. "\xb0\x87\xf1\x5a\x0b\xfc";
  7165. a.inLen = XSTRLEN(a.input);
  7166. a.outLen = XSTRLEN(a.output);
  7167. ret = wc_RipeMdUpdate(&ripemd, (byte*)a.input, (word32)a.inLen);
  7168. if (ret != 0) {
  7169. flag = ret;
  7170. }
  7171. }
  7172. if (!flag) {
  7173. ret = wc_RipeMdFinal(&ripemd, hash);
  7174. if (ret != 0) {
  7175. flag = ret;
  7176. }
  7177. }
  7178. if (!flag) {
  7179. if (XMEMCMP(hash, a.output, RIPEMD_DIGEST_SIZE) != 0) {
  7180. flag = WOLFSSL_FATAL_ERROR;
  7181. }
  7182. }
  7183. /* Pass in bad values. */
  7184. if (!flag) {
  7185. b.input = NULL;
  7186. b.inLen = 0;
  7187. ret = wc_RipeMdUpdate(&ripemd, (byte*)b.input, (word32)b.inLen);
  7188. if (ret != 0) {
  7189. flag = ret;
  7190. }
  7191. }
  7192. if (!flag) {
  7193. c.input = NULL;
  7194. c.inLen = RIPEMD_DIGEST_SIZE;
  7195. ret = wc_RipeMdUpdate(&ripemd, (byte*)c.input, (word32)c.inLen);
  7196. if (ret != BAD_FUNC_ARG) {
  7197. flag = WOLFSSL_FATAL_ERROR;
  7198. }
  7199. }
  7200. if (!flag) {
  7201. ret = wc_RipeMdUpdate(NULL, (byte*)a.input, (word32)a.inLen);
  7202. if (ret != BAD_FUNC_ARG) {
  7203. flag = WOLFSSL_FATAL_ERROR;
  7204. }
  7205. }
  7206. printf(resultFmt, flag == 0 ? passed : failed);
  7207. #endif
  7208. return flag;
  7209. } /* END test_wc_RipeMdUdpate */
  7210. /*
  7211. * Unit test function for wc_RipeMdFinal()
  7212. */
  7213. static int test_wc_RipeMdFinal (void)
  7214. {
  7215. int flag = 0;
  7216. #ifdef WOLFSSL_RIPEMD
  7217. RipeMd ripemd;
  7218. byte* hash_test[3];
  7219. byte hash1[RIPEMD_DIGEST_SIZE];
  7220. byte hash2[2*RIPEMD_DIGEST_SIZE];
  7221. byte hash3[5*RIPEMD_DIGEST_SIZE];
  7222. int times, i, ret;
  7223. /* Initialize */
  7224. ret = wc_InitRipeMd(&ripemd);
  7225. if (ret != 0) {
  7226. flag = ret;
  7227. }
  7228. if (!flag) {
  7229. hash_test[0] = hash1;
  7230. hash_test[1] = hash2;
  7231. hash_test[2] = hash3;
  7232. }
  7233. times = sizeof(hash_test) / sizeof(byte*);
  7234. /* Good test args. */
  7235. printf(testingFmt, "wc_RipeMdFinal()");
  7236. /* Testing oversized buffers. */
  7237. for (i = 0; i < times; i++) {
  7238. if (!flag) {
  7239. ret = wc_RipeMdFinal(&ripemd, hash_test[i]);
  7240. if (ret != 0) {
  7241. flag = WOLFSSL_FATAL_ERROR;
  7242. }
  7243. }
  7244. }
  7245. /* Test bad args. */
  7246. if (!flag) {
  7247. ret = wc_RipeMdFinal(NULL, NULL);
  7248. if (ret != BAD_FUNC_ARG) {
  7249. flag = WOLFSSL_FATAL_ERROR;
  7250. }
  7251. }
  7252. if (!flag) {
  7253. ret = wc_RipeMdFinal(NULL, hash1);
  7254. if (ret != BAD_FUNC_ARG) {
  7255. flag = WOLFSSL_FATAL_ERROR;
  7256. }
  7257. }
  7258. if (!flag) {
  7259. ret = wc_RipeMdFinal(&ripemd, NULL);
  7260. if (ret != BAD_FUNC_ARG) {
  7261. flag = WOLFSSL_FATAL_ERROR;
  7262. }
  7263. }
  7264. printf(resultFmt, flag == 0 ? passed : failed);
  7265. #endif
  7266. return flag;
  7267. } /* END test_wc_RipeMdFinal */
  7268. /*
  7269. * Testing wc_InitSha3_224, wc_InitSha3_256, wc_InitSha3_384, and
  7270. * wc_InitSha3_512
  7271. */
  7272. static int test_wc_InitSha3 (void)
  7273. {
  7274. int ret = 0;
  7275. #if defined(WOLFSSL_SHA3)
  7276. wc_Sha3 sha3;
  7277. (void)sha3;
  7278. #if !defined(WOLFSSL_NOSHA3_224)
  7279. printf(testingFmt, "wc_InitSha3_224()");
  7280. ret = wc_InitSha3_224(&sha3, HEAP_HINT, devId);
  7281. /* Test bad args. */
  7282. if (ret == 0) {
  7283. ret = wc_InitSha3_224(NULL, HEAP_HINT, devId);
  7284. if (ret == BAD_FUNC_ARG) {
  7285. ret = 0;
  7286. } else if (ret == 0) {
  7287. ret = WOLFSSL_FATAL_ERROR;
  7288. }
  7289. }
  7290. wc_Sha3_224_Free(&sha3);
  7291. printf(resultFmt, ret == 0 ? passed : failed);
  7292. #endif /* NOSHA3_224 */
  7293. #if !defined(WOLFSSL_NOSHA3_256)
  7294. if (ret == 0) {
  7295. printf(testingFmt, "wc_InitSha3_256()");
  7296. ret = wc_InitSha3_256(&sha3, HEAP_HINT, devId);
  7297. /* Test bad args. */
  7298. if (ret == 0) {
  7299. ret = wc_InitSha3_256(NULL, HEAP_HINT, devId);
  7300. if (ret == BAD_FUNC_ARG) {
  7301. ret = 0;
  7302. } else if (ret == 0) {
  7303. ret = WOLFSSL_FATAL_ERROR;
  7304. }
  7305. }
  7306. wc_Sha3_256_Free(&sha3);
  7307. printf(resultFmt, ret == 0 ? passed : failed);
  7308. } /* END sha3_256 */
  7309. #endif /* NOSHA3_256 */
  7310. #if !defined(WOLFSSL_NOSHA3_384)
  7311. if (ret == 0) {
  7312. printf(testingFmt, "wc_InitSha3_384()");
  7313. ret = wc_InitSha3_384(&sha3, HEAP_HINT, devId);
  7314. /* Test bad args. */
  7315. if (ret == 0) {
  7316. ret = wc_InitSha3_384(NULL, HEAP_HINT, devId);
  7317. if (ret == BAD_FUNC_ARG) {
  7318. ret = 0;
  7319. } else if (ret == 0) {
  7320. ret = WOLFSSL_FATAL_ERROR;
  7321. }
  7322. }
  7323. wc_Sha3_384_Free(&sha3);
  7324. printf(resultFmt, ret == 0 ? passed : failed);
  7325. } /* END sha3_384 */
  7326. #endif /* NOSHA3_384 */
  7327. #if !defined(WOLFSSL_NOSHA3_512)
  7328. if (ret == 0) {
  7329. printf(testingFmt, "wc_InitSha3_512()");
  7330. ret = wc_InitSha3_512(&sha3, HEAP_HINT, devId);
  7331. /* Test bad args. */
  7332. if (ret == 0) {
  7333. ret = wc_InitSha3_512(NULL, HEAP_HINT, devId);
  7334. if (ret == BAD_FUNC_ARG) {
  7335. ret = 0;
  7336. } else if (ret == 0) {
  7337. ret = WOLFSSL_FATAL_ERROR;
  7338. }
  7339. }
  7340. wc_Sha3_512_Free(&sha3);
  7341. printf(resultFmt, ret == 0 ? passed : failed);
  7342. } /* END sha3_512 */
  7343. #endif /* NOSHA3_512 */
  7344. #endif
  7345. return ret;
  7346. } /* END test_wc_InitSha3 */
  7347. /*
  7348. * Testing wc_Sha3_Update()
  7349. */
  7350. static int testing_wc_Sha3_Update (void)
  7351. {
  7352. int ret = 0;
  7353. #if defined(WOLFSSL_SHA3) && !defined(WOLFSSL_XILINX_CRYPT) && \
  7354. !defined(WOLFSSL_AFALG_XILINX)
  7355. wc_Sha3 sha3;
  7356. byte msg[] = "Everybody's working for the weekend.";
  7357. byte msg2[] = "Everybody gets Friday off.";
  7358. byte msgCmp[] = "\x45\x76\x65\x72\x79\x62\x6f\x64\x79\x27\x73\x20"
  7359. "\x77\x6f\x72\x6b\x69\x6e\x67\x20\x66\x6f\x72\x20\x74"
  7360. "\x68\x65\x20\x77\x65\x65\x6b\x65\x6e\x64\x2e\x45\x76"
  7361. "\x65\x72\x79\x62\x6f\x64\x79\x20\x67\x65\x74\x73\x20"
  7362. "\x46\x72\x69\x64\x61\x79\x20\x6f\x66\x66\x2e";
  7363. word32 msglen = sizeof(msg) - 1;
  7364. word32 msg2len = sizeof(msg2);
  7365. word32 msgCmplen = sizeof(msgCmp);
  7366. #if !defined(WOLFSSL_NOSHA3_224)
  7367. printf(testingFmt, "wc_Sha3_224_Update()");
  7368. ret = wc_InitSha3_224(&sha3, HEAP_HINT, devId);
  7369. if (ret != 0) {
  7370. return ret;
  7371. }
  7372. ret = wc_Sha3_224_Update(&sha3, msg, msglen);
  7373. if (XMEMCMP(msg, sha3.t, msglen) || sha3.i != msglen) {
  7374. ret = WOLFSSL_FATAL_ERROR;
  7375. }
  7376. if (ret == 0) {
  7377. ret = wc_Sha3_224_Update(&sha3, msg2, msg2len);
  7378. if (ret == 0 && XMEMCMP(sha3.t, msgCmp, msgCmplen) != 0) {
  7379. ret = WOLFSSL_FATAL_ERROR;
  7380. }
  7381. }
  7382. /* Pass bad args. */
  7383. if (ret == 0) {
  7384. ret = wc_Sha3_224_Update(NULL, msg2, msg2len);
  7385. if (ret == BAD_FUNC_ARG) {
  7386. ret = wc_Sha3_224_Update(&sha3, NULL, 5);
  7387. }
  7388. if (ret == BAD_FUNC_ARG) {
  7389. wc_Sha3_224_Free(&sha3);
  7390. if (wc_InitSha3_224(&sha3, HEAP_HINT, devId)) {
  7391. return ret;
  7392. }
  7393. ret = wc_Sha3_224_Update(&sha3, NULL, 0);
  7394. if (ret == 0) {
  7395. ret = wc_Sha3_224_Update(&sha3, msg2, msg2len);
  7396. }
  7397. if (ret == 0 && XMEMCMP(msg2, sha3.t, msg2len) != 0) {
  7398. ret = WOLFSSL_FATAL_ERROR;
  7399. }
  7400. }
  7401. }
  7402. wc_Sha3_224_Free(&sha3);
  7403. printf(resultFmt, ret == 0 ? passed : failed);
  7404. #endif /* SHA3_224 */
  7405. #if !defined(WOLFSSL_NOSHA3_256)
  7406. if (ret == 0) {
  7407. printf(testingFmt, "wc_Sha3_256_Update()");
  7408. ret = wc_InitSha3_256(&sha3, HEAP_HINT, devId);
  7409. if (ret != 0) {
  7410. return ret;
  7411. }
  7412. ret = wc_Sha3_256_Update(&sha3, msg, msglen);
  7413. if (XMEMCMP(msg, sha3.t, msglen) || sha3.i != msglen) {
  7414. ret = WOLFSSL_FATAL_ERROR;
  7415. }
  7416. if (ret == 0) {
  7417. ret = wc_Sha3_256_Update(&sha3, msg2, msg2len);
  7418. if (XMEMCMP(sha3.t, msgCmp, msgCmplen) != 0) {
  7419. ret = WOLFSSL_FATAL_ERROR;
  7420. }
  7421. }
  7422. /* Pass bad args. */
  7423. if (ret == 0) {
  7424. ret = wc_Sha3_256_Update(NULL, msg2, msg2len);
  7425. if (ret == BAD_FUNC_ARG) {
  7426. ret = wc_Sha3_256_Update(&sha3, NULL, 5);
  7427. }
  7428. if (ret == BAD_FUNC_ARG) {
  7429. wc_Sha3_256_Free(&sha3);
  7430. if (wc_InitSha3_256(&sha3, HEAP_HINT, devId)) {
  7431. return ret;
  7432. }
  7433. ret = wc_Sha3_256_Update(&sha3, NULL, 0);
  7434. if (ret == 0) {
  7435. ret = wc_Sha3_256_Update(&sha3, msg2, msg2len);
  7436. }
  7437. if (ret == 0 && XMEMCMP(msg2, sha3.t, msg2len) != 0) {
  7438. ret = WOLFSSL_FATAL_ERROR;
  7439. }
  7440. }
  7441. }
  7442. wc_Sha3_256_Free(&sha3);
  7443. printf(resultFmt, ret == 0 ? passed : failed);
  7444. }
  7445. #endif /* SHA3_256 */
  7446. #if !defined(WOLFSSL_NOSHA3_384)
  7447. if (ret == 0) {
  7448. printf(testingFmt, "wc_Sha3_384_Update()");
  7449. ret = wc_InitSha3_384(&sha3, HEAP_HINT, devId);
  7450. if (ret != 0) {
  7451. return ret;
  7452. }
  7453. ret = wc_Sha3_384_Update(&sha3, msg, msglen);
  7454. if (XMEMCMP(msg, sha3.t, msglen) || sha3.i != msglen) {
  7455. ret = WOLFSSL_FATAL_ERROR;
  7456. }
  7457. if (ret == 0) {
  7458. ret = wc_Sha3_384_Update(&sha3, msg2, msg2len);
  7459. if (XMEMCMP(sha3.t, msgCmp, msgCmplen) != 0) {
  7460. ret = WOLFSSL_FATAL_ERROR;
  7461. }
  7462. }
  7463. /* Pass bad args. */
  7464. if (ret == 0) {
  7465. ret = wc_Sha3_384_Update(NULL, msg2, msg2len);
  7466. if (ret == BAD_FUNC_ARG) {
  7467. ret = wc_Sha3_384_Update(&sha3, NULL, 5);
  7468. }
  7469. if (ret == BAD_FUNC_ARG) {
  7470. wc_Sha3_384_Free(&sha3);
  7471. if (wc_InitSha3_384(&sha3, HEAP_HINT, devId)) {
  7472. return ret;
  7473. }
  7474. ret = wc_Sha3_384_Update(&sha3, NULL, 0);
  7475. if (ret == 0) {
  7476. ret = wc_Sha3_384_Update(&sha3, msg2, msg2len);
  7477. }
  7478. if (ret == 0 && XMEMCMP(msg2, sha3.t, msg2len) != 0) {
  7479. ret = WOLFSSL_FATAL_ERROR;
  7480. }
  7481. }
  7482. }
  7483. wc_Sha3_384_Free(&sha3);
  7484. printf(resultFmt, ret == 0 ? passed : failed);
  7485. }
  7486. #endif /* SHA3_384 */
  7487. #if !defined(WOLFSSL_NOSHA3_512)
  7488. if (ret == 0) {
  7489. printf(testingFmt, "wc_Sha3_512_Update()");
  7490. ret = wc_InitSha3_512(&sha3, HEAP_HINT, devId);
  7491. if (ret != 0) {
  7492. return ret;
  7493. }
  7494. ret = wc_Sha3_512_Update(&sha3, msg, msglen);
  7495. if (XMEMCMP(msg, sha3.t, msglen) || sha3.i != msglen) {
  7496. ret = WOLFSSL_FATAL_ERROR;
  7497. }
  7498. if (ret == 0) {
  7499. ret = wc_Sha3_512_Update(&sha3, msg2, msg2len);
  7500. if (XMEMCMP(sha3.t, msgCmp, msgCmplen) != 0) {
  7501. ret = WOLFSSL_FATAL_ERROR;
  7502. }
  7503. }
  7504. /* Pass bad args. */
  7505. if (ret == 0) {
  7506. ret = wc_Sha3_512_Update(NULL, msg2, msg2len);
  7507. if (ret == BAD_FUNC_ARG) {
  7508. ret = wc_Sha3_512_Update(&sha3, NULL, 5);
  7509. }
  7510. if (ret == BAD_FUNC_ARG) {
  7511. wc_Sha3_512_Free(&sha3);
  7512. if (wc_InitSha3_512(&sha3, HEAP_HINT, devId)) {
  7513. return ret;
  7514. }
  7515. ret = wc_Sha3_512_Update(&sha3, NULL, 0);
  7516. if (ret == 0) {
  7517. ret = wc_Sha3_512_Update(&sha3, msg2, msg2len);
  7518. }
  7519. if (ret == 0 && XMEMCMP(msg2, sha3.t, msg2len) != 0) {
  7520. ret = WOLFSSL_FATAL_ERROR;
  7521. }
  7522. }
  7523. }
  7524. wc_Sha3_512_Free(&sha3);
  7525. printf(resultFmt, ret == 0 ? passed : failed);
  7526. }
  7527. #endif /* SHA3_512 */
  7528. #endif /* WOLFSSL_SHA3 */
  7529. return ret;
  7530. } /* END testing_wc_Sha3_Update */
  7531. /*
  7532. * Testing wc_Sha3_224_Final()
  7533. */
  7534. static int test_wc_Sha3_224_Final (void)
  7535. {
  7536. int ret = 0;
  7537. #if defined(WOLFSSL_SHA3) && !defined(WOLFSSL_NOSHA3_224)
  7538. wc_Sha3 sha3;
  7539. const char* msg = "abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnom"
  7540. "nopnopq";
  7541. const char* expOut = "\x8a\x24\x10\x8b\x15\x4a\xda\x21\xc9\xfd\x55"
  7542. "\x74\x49\x44\x79\xba\x5c\x7e\x7a\xb7\x6e\xf2"
  7543. "\x64\xea\xd0\xfc\xce\x33";
  7544. byte hash[WC_SHA3_224_DIGEST_SIZE];
  7545. byte hashRet[WC_SHA3_224_DIGEST_SIZE];
  7546. /* Init stack variables. */
  7547. XMEMSET(hash, 0, sizeof(hash));
  7548. printf(testingFmt, "wc_Sha3_224_Final()");
  7549. ret = wc_InitSha3_224(&sha3, HEAP_HINT, devId);
  7550. if (ret != 0) {
  7551. return ret;
  7552. }
  7553. ret= wc_Sha3_224_Update(&sha3, (byte*)msg, (word32)XSTRLEN(msg));
  7554. if (ret == 0) {
  7555. ret = wc_Sha3_224_Final(&sha3, hash);
  7556. if (ret == 0 && XMEMCMP(expOut, hash, WC_SHA3_224_DIGEST_SIZE) != 0) {
  7557. ret = WOLFSSL_FATAL_ERROR;
  7558. }
  7559. }
  7560. /* Test bad args. */
  7561. if (ret == 0) {
  7562. ret = wc_Sha3_224_Final(NULL, hash);
  7563. if (ret == 0) {
  7564. ret = wc_Sha3_224_Final(&sha3, NULL);
  7565. }
  7566. if (ret == BAD_FUNC_ARG) {
  7567. ret = 0;
  7568. } else if (ret == 0) {
  7569. ret = WOLFSSL_FATAL_ERROR;
  7570. }
  7571. }
  7572. wc_Sha3_224_Free(&sha3);
  7573. printf(resultFmt, ret == 0 ? passed : failed);
  7574. if (ret == 0) {
  7575. printf(testingFmt, "wc_Sha3_224_GetHash()");
  7576. ret = wc_InitSha3_224(&sha3, HEAP_HINT, devId);
  7577. if (ret != 0) {
  7578. return ret;
  7579. }
  7580. /* Init stack variables. */
  7581. XMEMSET(hash, 0, sizeof(hash));
  7582. XMEMSET(hashRet, 0, sizeof(hashRet));
  7583. ret= wc_Sha3_224_Update(&sha3, (byte*)msg, (word32)XSTRLEN(msg));
  7584. if (ret == 0) {
  7585. ret = wc_Sha3_224_GetHash(&sha3, hashRet);
  7586. }
  7587. if (ret == 0) {
  7588. ret = wc_Sha3_224_Final(&sha3, hash);
  7589. if (ret == 0 && XMEMCMP(hash, hashRet, WC_SHA3_224_DIGEST_SIZE) != 0) {
  7590. ret = WOLFSSL_FATAL_ERROR;
  7591. }
  7592. }
  7593. if (ret == 0) {
  7594. /* Test bad args. */
  7595. ret = wc_Sha3_224_GetHash(NULL, hashRet);
  7596. if (ret == BAD_FUNC_ARG) {
  7597. ret = wc_Sha3_224_GetHash(&sha3, NULL);
  7598. }
  7599. if (ret == BAD_FUNC_ARG) {
  7600. ret = 0;
  7601. } else if (ret == 0) {
  7602. ret = WOLFSSL_FATAL_ERROR;
  7603. }
  7604. }
  7605. printf(resultFmt, ret == 0 ? passed : failed);
  7606. }
  7607. wc_Sha3_224_Free(&sha3);
  7608. #endif
  7609. return ret;
  7610. } /* END test_wc_Sha3_224_Final */
  7611. /*
  7612. * Testing wc_Sha3_256_Final()
  7613. */
  7614. static int test_wc_Sha3_256_Final (void)
  7615. {
  7616. int ret = 0;
  7617. #if defined(WOLFSSL_SHA3) && !defined(WOLFSSL_NOSHA3_256)
  7618. wc_Sha3 sha3;
  7619. const char* msg = "abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnom"
  7620. "nopnopq";
  7621. const char* expOut = "\x41\xc0\xdb\xa2\xa9\xd6\x24\x08\x49\x10\x03\x76\xa8"
  7622. "\x23\x5e\x2c\x82\xe1\xb9\x99\x8a\x99\x9e\x21\xdb\x32"
  7623. "\xdd\x97\x49\x6d\x33\x76";
  7624. byte hash[WC_SHA3_256_DIGEST_SIZE];
  7625. byte hashRet[WC_SHA3_256_DIGEST_SIZE];
  7626. /* Init stack variables. */
  7627. XMEMSET(hash, 0, sizeof(hash));
  7628. printf(testingFmt, "wc_Sha3_256_Final()");
  7629. ret = wc_InitSha3_256(&sha3, HEAP_HINT, devId);
  7630. if (ret != 0) {
  7631. return ret;
  7632. }
  7633. ret= wc_Sha3_256_Update(&sha3, (byte*)msg, (word32)XSTRLEN(msg));
  7634. if (ret == 0) {
  7635. ret = wc_Sha3_256_Final(&sha3, hash);
  7636. if (ret == 0 && XMEMCMP(expOut, hash, WC_SHA3_256_DIGEST_SIZE) != 0) {
  7637. ret = WOLFSSL_FATAL_ERROR;
  7638. }
  7639. }
  7640. /* Test bad args. */
  7641. if (ret == 0) {
  7642. ret = wc_Sha3_256_Final(NULL, hash);
  7643. if (ret == 0) {
  7644. ret = wc_Sha3_256_Final(&sha3, NULL);
  7645. }
  7646. if (ret == BAD_FUNC_ARG) {
  7647. ret = 0;
  7648. } else if (ret == 0) {
  7649. ret = WOLFSSL_FATAL_ERROR;
  7650. }
  7651. }
  7652. wc_Sha3_256_Free(&sha3);
  7653. printf(resultFmt, ret == 0 ? passed : failed);
  7654. if (ret == 0) {
  7655. printf(testingFmt, "wc_Sha3_256_GetHash()");
  7656. ret = wc_InitSha3_256(&sha3, HEAP_HINT, devId);
  7657. if (ret != 0) {
  7658. return ret;
  7659. }
  7660. /* Init stack variables. */
  7661. XMEMSET(hash, 0, sizeof(hash));
  7662. XMEMSET(hashRet, 0, sizeof(hashRet));
  7663. ret= wc_Sha3_256_Update(&sha3, (byte*)msg, (word32)XSTRLEN(msg));
  7664. if (ret == 0) {
  7665. ret = wc_Sha3_256_GetHash(&sha3, hashRet);
  7666. }
  7667. if (ret == 0) {
  7668. ret = wc_Sha3_256_Final(&sha3, hash);
  7669. if (ret == 0 && XMEMCMP(hash, hashRet, WC_SHA3_256_DIGEST_SIZE) != 0) {
  7670. ret = WOLFSSL_FATAL_ERROR;
  7671. }
  7672. }
  7673. if (ret == 0) {
  7674. /* Test bad args. */
  7675. ret = wc_Sha3_256_GetHash(NULL, hashRet);
  7676. if (ret == BAD_FUNC_ARG) {
  7677. ret = wc_Sha3_256_GetHash(&sha3, NULL);
  7678. }
  7679. if (ret == BAD_FUNC_ARG) {
  7680. ret = 0;
  7681. } else if (ret == 0) {
  7682. ret = WOLFSSL_FATAL_ERROR;
  7683. }
  7684. }
  7685. printf(resultFmt, ret == 0 ? passed : failed);
  7686. }
  7687. wc_Sha3_256_Free(&sha3);
  7688. #endif
  7689. return ret;
  7690. } /* END test_wc_Sha3_256_Final */
  7691. /*
  7692. * Testing wc_Sha3_384_Final()
  7693. */
  7694. static int test_wc_Sha3_384_Final (void)
  7695. {
  7696. int ret = 0;
  7697. #if defined(WOLFSSL_SHA3) && !defined(WOLFSSL_NOSHA3_384)
  7698. wc_Sha3 sha3;
  7699. const char* msg = "abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnom"
  7700. "nopnopq";
  7701. const char* expOut = "\x99\x1c\x66\x57\x55\xeb\x3a\x4b\x6b\xbd\xfb\x75\xc7"
  7702. "\x8a\x49\x2e\x8c\x56\xa2\x2c\x5c\x4d\x7e\x42\x9b\xfd"
  7703. "\xbc\x32\xb9\xd4\xad\x5a\xa0\x4a\x1f\x07\x6e\x62\xfe"
  7704. "\xa1\x9e\xef\x51\xac\xd0\x65\x7c\x22";
  7705. byte hash[WC_SHA3_384_DIGEST_SIZE];
  7706. byte hashRet[WC_SHA3_384_DIGEST_SIZE];
  7707. /* Init stack variables. */
  7708. XMEMSET(hash, 0, sizeof(hash));
  7709. printf(testingFmt, "wc_Sha3_384_Final()");
  7710. ret = wc_InitSha3_384(&sha3, HEAP_HINT, devId);
  7711. if (ret != 0) {
  7712. return ret;
  7713. }
  7714. ret= wc_Sha3_384_Update(&sha3, (byte*)msg, (word32)XSTRLEN(msg));
  7715. if (ret == 0) {
  7716. ret = wc_Sha3_384_Final(&sha3, hash);
  7717. if (ret == 0 && XMEMCMP(expOut, hash, WC_SHA3_384_DIGEST_SIZE) != 0) {
  7718. ret = WOLFSSL_FATAL_ERROR;
  7719. }
  7720. }
  7721. /* Test bad args. */
  7722. if (ret == 0) {
  7723. ret = wc_Sha3_384_Final(NULL, hash);
  7724. if (ret == 0) {
  7725. ret = wc_Sha3_384_Final(&sha3, NULL);
  7726. }
  7727. if (ret == BAD_FUNC_ARG) {
  7728. ret = 0;
  7729. } else if (ret == 0) {
  7730. ret = WOLFSSL_FATAL_ERROR;
  7731. }
  7732. }
  7733. wc_Sha3_384_Free(&sha3);
  7734. printf(resultFmt, ret == 0 ? passed : failed);
  7735. if (ret == 0) {
  7736. printf(testingFmt, "wc_Sha3_384_GetHash()");
  7737. ret = wc_InitSha3_384(&sha3, HEAP_HINT, devId);
  7738. if (ret != 0) {
  7739. return ret;
  7740. }
  7741. /* Init stack variables. */
  7742. XMEMSET(hash, 0, sizeof(hash));
  7743. XMEMSET(hashRet, 0, sizeof(hashRet));
  7744. ret= wc_Sha3_384_Update(&sha3, (byte*)msg, (word32)XSTRLEN(msg));
  7745. if (ret == 0) {
  7746. ret = wc_Sha3_384_GetHash(&sha3, hashRet);
  7747. }
  7748. if (ret == 0) {
  7749. ret = wc_Sha3_384_Final(&sha3, hash);
  7750. if (ret == 0 && XMEMCMP(hash, hashRet, WC_SHA3_384_DIGEST_SIZE) != 0) {
  7751. ret = WOLFSSL_FATAL_ERROR;
  7752. }
  7753. }
  7754. if (ret == 0) {
  7755. /* Test bad args. */
  7756. ret = wc_Sha3_384_GetHash(NULL, hashRet);
  7757. if (ret == BAD_FUNC_ARG) {
  7758. ret = wc_Sha3_384_GetHash(&sha3, NULL);
  7759. }
  7760. if (ret == BAD_FUNC_ARG) {
  7761. ret = 0;
  7762. } else if (ret == 0) {
  7763. ret = WOLFSSL_FATAL_ERROR;
  7764. }
  7765. }
  7766. printf(resultFmt, ret == 0 ? passed : failed);
  7767. }
  7768. wc_Sha3_384_Free(&sha3);
  7769. #endif
  7770. return ret;
  7771. } /* END test_wc_Sha3_384_Final */
  7772. /*
  7773. * Testing wc_Sha3_512_Final()
  7774. */
  7775. static int test_wc_Sha3_512_Final (void)
  7776. {
  7777. int ret = 0;
  7778. #if defined(WOLFSSL_SHA3) && !defined(WOLFSSL_NOSHA3_512) && \
  7779. !defined(WOLFSSL_NOSHA3_384)
  7780. wc_Sha3 sha3;
  7781. const char* msg = "abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnom"
  7782. "nopnopq";
  7783. const char* expOut = "\x04\xa3\x71\xe8\x4e\xcf\xb5\xb8\xb7\x7c\xb4\x86\x10"
  7784. "\xfc\xa8\x18\x2d\xd4\x57\xce\x6f\x32\x6a\x0f\xd3\xd7"
  7785. "\xec\x2f\x1e\x91\x63\x6d\xee\x69\x1f\xbe\x0c\x98\x53"
  7786. "\x02\xba\x1b\x0d\x8d\xc7\x8c\x08\x63\x46\xb5\x33\xb4"
  7787. "\x9c\x03\x0d\x99\xa2\x7d\xaf\x11\x39\xd6\xe7\x5e";
  7788. byte hash[WC_SHA3_512_DIGEST_SIZE];
  7789. byte hashRet[WC_SHA3_512_DIGEST_SIZE];
  7790. /* Init stack variables. */
  7791. XMEMSET(hash, 0, sizeof(hash));
  7792. printf(testingFmt, "wc_Sha3_512_Final()");
  7793. ret = wc_InitSha3_512(&sha3, HEAP_HINT, devId);
  7794. if (ret != 0) {
  7795. return ret;
  7796. }
  7797. ret= wc_Sha3_512_Update(&sha3, (byte*)msg, (word32)XSTRLEN(msg));
  7798. if (ret == 0) {
  7799. ret = wc_Sha3_512_Final(&sha3, hash);
  7800. if (ret == 0 && XMEMCMP(expOut, hash, WC_SHA3_512_DIGEST_SIZE) != 0) {
  7801. ret = WOLFSSL_FATAL_ERROR;
  7802. }
  7803. }
  7804. /* Test bad args. */
  7805. if (ret == 0) {
  7806. ret = wc_Sha3_512_Final(NULL, hash);
  7807. if (ret == 0) {
  7808. ret = wc_Sha3_384_Final(&sha3, NULL);
  7809. }
  7810. if (ret == BAD_FUNC_ARG) {
  7811. ret = 0;
  7812. } else if (ret == 0) {
  7813. ret = WOLFSSL_FATAL_ERROR;
  7814. }
  7815. }
  7816. wc_Sha3_512_Free(&sha3);
  7817. printf(resultFmt, ret == 0 ? passed : failed);
  7818. if (ret == 0) {
  7819. printf(testingFmt, "wc_Sha3_512_GetHash()");
  7820. ret = wc_InitSha3_512(&sha3, HEAP_HINT, devId);
  7821. if (ret != 0) {
  7822. return ret;
  7823. }
  7824. /* Init stack variables. */
  7825. XMEMSET(hash, 0, sizeof(hash));
  7826. XMEMSET(hashRet, 0, sizeof(hashRet));
  7827. ret= wc_Sha3_512_Update(&sha3, (byte*)msg, (word32)XSTRLEN(msg));
  7828. if (ret == 0) {
  7829. ret = wc_Sha3_512_GetHash(&sha3, hashRet);
  7830. }
  7831. if (ret == 0) {
  7832. ret = wc_Sha3_512_Final(&sha3, hash);
  7833. if (ret == 0 && XMEMCMP(hash, hashRet, WC_SHA3_512_DIGEST_SIZE) != 0) {
  7834. ret = WOLFSSL_FATAL_ERROR;
  7835. }
  7836. }
  7837. if (ret == 0) {
  7838. /* Test bad args. */
  7839. ret = wc_Sha3_512_GetHash(NULL, hashRet);
  7840. if (ret == BAD_FUNC_ARG) {
  7841. ret = wc_Sha3_512_GetHash(&sha3, NULL);
  7842. }
  7843. if (ret == BAD_FUNC_ARG) {
  7844. ret = 0;
  7845. } else if (ret == 0) {
  7846. ret = WOLFSSL_FATAL_ERROR;
  7847. }
  7848. }
  7849. printf(resultFmt, ret == 0 ? passed : failed);
  7850. }
  7851. wc_Sha3_512_Free(&sha3);
  7852. #endif
  7853. return ret;
  7854. } /* END test_wc_Sha3_512_Final */
  7855. /*
  7856. * Testing wc_Sha3_224_Copy()
  7857. */
  7858. static int test_wc_Sha3_224_Copy (void)
  7859. {
  7860. int ret = 0;
  7861. #if defined(WOLFSSL_SHA3) && !defined(WOLFSSL_NOSHA3_224)
  7862. wc_Sha3 sha3, sha3Cpy;
  7863. const char* msg = TEST_STRING;
  7864. word32 msglen = (word32)TEST_STRING_SZ;
  7865. byte hash[WC_SHA3_224_DIGEST_SIZE];
  7866. byte hashCpy[WC_SHA3_224_DIGEST_SIZE];
  7867. XMEMSET(hash, 0, sizeof(hash));
  7868. XMEMSET(hashCpy, 0, sizeof(hashCpy));
  7869. printf(testingFmt, "wc_Sha3_224_Copy()");
  7870. ret = wc_InitSha3_224(&sha3, HEAP_HINT, devId);
  7871. if (ret != 0) {
  7872. return ret;
  7873. }
  7874. ret = wc_InitSha3_224(&sha3Cpy, HEAP_HINT, devId);
  7875. if (ret != 0) {
  7876. wc_Sha3_224_Free(&sha3);
  7877. return ret;
  7878. }
  7879. ret = wc_Sha3_224_Update(&sha3, (byte*)msg, msglen);
  7880. if (ret == 0) {
  7881. ret = wc_Sha3_224_Copy(&sha3Cpy, &sha3);
  7882. if (ret == 0) {
  7883. ret = wc_Sha3_224_Final(&sha3, hash);
  7884. if (ret == 0) {
  7885. ret = wc_Sha3_224_Final(&sha3Cpy, hashCpy);
  7886. }
  7887. }
  7888. if (ret == 0 && XMEMCMP(hash, hashCpy, sizeof(hash)) != 0) {
  7889. ret = WOLFSSL_FATAL_ERROR;
  7890. }
  7891. }
  7892. /* Test bad args. */
  7893. if (ret == 0) {
  7894. ret = wc_Sha3_224_Copy(NULL, &sha3);
  7895. if (ret == BAD_FUNC_ARG) {
  7896. ret = wc_Sha3_224_Copy(&sha3Cpy, NULL);
  7897. }
  7898. if (ret == BAD_FUNC_ARG) {
  7899. ret = 0;
  7900. } else if (ret == 0) {
  7901. ret = WOLFSSL_FATAL_ERROR;
  7902. }
  7903. }
  7904. printf(resultFmt, ret == 0 ? passed : failed);
  7905. #endif
  7906. return ret;
  7907. } /* END test_wc_Sha3_224_Copy */
  7908. /*
  7909. * Testing wc_Sha3_256_Copy()
  7910. */
  7911. static int test_wc_Sha3_256_Copy (void)
  7912. {
  7913. int ret = 0;
  7914. #if defined(WOLFSSL_SHA3) && !defined(WOLFSSL_NOSHA3_256)
  7915. wc_Sha3 sha3, sha3Cpy;
  7916. const char* msg = TEST_STRING;
  7917. word32 msglen = (word32)TEST_STRING_SZ;
  7918. byte hash[WC_SHA3_256_DIGEST_SIZE];
  7919. byte hashCpy[WC_SHA3_256_DIGEST_SIZE];
  7920. XMEMSET(hash, 0, sizeof(hash));
  7921. XMEMSET(hashCpy, 0, sizeof(hashCpy));
  7922. printf(testingFmt, "wc_Sha3_256_Copy()");
  7923. ret = wc_InitSha3_256(&sha3, HEAP_HINT, devId);
  7924. if (ret != 0) {
  7925. return ret;
  7926. }
  7927. ret = wc_InitSha3_256(&sha3Cpy, HEAP_HINT, devId);
  7928. if (ret != 0) {
  7929. wc_Sha3_256_Free(&sha3);
  7930. return ret;
  7931. }
  7932. ret = wc_Sha3_256_Update(&sha3, (byte*)msg, msglen);
  7933. if (ret == 0) {
  7934. ret = wc_Sha3_256_Copy(&sha3Cpy, &sha3);
  7935. if (ret == 0) {
  7936. ret = wc_Sha3_256_Final(&sha3, hash);
  7937. if (ret == 0) {
  7938. ret = wc_Sha3_256_Final(&sha3Cpy, hashCpy);
  7939. }
  7940. }
  7941. if (ret == 0 && XMEMCMP(hash, hashCpy, sizeof(hash)) != 0) {
  7942. ret = WOLFSSL_FATAL_ERROR;
  7943. }
  7944. }
  7945. /* Test bad args. */
  7946. if (ret == 0) {
  7947. ret = wc_Sha3_256_Copy(NULL, &sha3);
  7948. if (ret == BAD_FUNC_ARG) {
  7949. ret = wc_Sha3_256_Copy(&sha3Cpy, NULL);
  7950. }
  7951. if (ret == BAD_FUNC_ARG) {
  7952. ret = 0;
  7953. } else if (ret == 0) {
  7954. ret = WOLFSSL_FATAL_ERROR;
  7955. }
  7956. }
  7957. printf(resultFmt, ret == 0 ? passed : failed);
  7958. #endif
  7959. return ret;
  7960. } /* END test_wc_Sha3_256_Copy */
  7961. /*
  7962. * Testing wc_Sha3_384_Copy()
  7963. */
  7964. static int test_wc_Sha3_384_Copy (void)
  7965. {
  7966. int ret = 0;
  7967. #if defined(WOLFSSL_SHA3) && !defined(WOLFSSL_NOSHA3_384)
  7968. wc_Sha3 sha3, sha3Cpy;
  7969. const char* msg = TEST_STRING;
  7970. word32 msglen = (word32)TEST_STRING_SZ;
  7971. byte hash[WC_SHA3_384_DIGEST_SIZE];
  7972. byte hashCpy[WC_SHA3_384_DIGEST_SIZE];
  7973. XMEMSET(hash, 0, sizeof(hash));
  7974. XMEMSET(hashCpy, 0, sizeof(hashCpy));
  7975. printf(testingFmt, "wc_Sha3_384_Copy()");
  7976. ret = wc_InitSha3_384(&sha3, HEAP_HINT, devId);
  7977. if (ret != 0) {
  7978. return ret;
  7979. }
  7980. ret = wc_InitSha3_384(&sha3Cpy, HEAP_HINT, devId);
  7981. if (ret != 0) {
  7982. wc_Sha3_384_Free(&sha3);
  7983. return ret;
  7984. }
  7985. ret = wc_Sha3_384_Update(&sha3, (byte*)msg, msglen);
  7986. if (ret == 0) {
  7987. ret = wc_Sha3_384_Copy(&sha3Cpy, &sha3);
  7988. if (ret == 0) {
  7989. ret = wc_Sha3_384_Final(&sha3, hash);
  7990. if (ret == 0) {
  7991. ret = wc_Sha3_384_Final(&sha3Cpy, hashCpy);
  7992. }
  7993. }
  7994. if (ret == 0 && XMEMCMP(hash, hashCpy, sizeof(hash)) != 0) {
  7995. ret = WOLFSSL_FATAL_ERROR;
  7996. }
  7997. }
  7998. /* Test bad args. */
  7999. if (ret == 0) {
  8000. ret = wc_Sha3_384_Copy(NULL, &sha3);
  8001. if (ret == BAD_FUNC_ARG) {
  8002. ret = wc_Sha3_384_Copy(&sha3Cpy, NULL);
  8003. }
  8004. if (ret == BAD_FUNC_ARG) {
  8005. ret = 0;
  8006. } else if (ret == 0) {
  8007. ret = WOLFSSL_FATAL_ERROR;
  8008. }
  8009. }
  8010. printf(resultFmt, ret == 0 ? passed : failed);
  8011. #endif
  8012. return ret;
  8013. } /* END test_wc_Sha3_384_Copy */
  8014. /*
  8015. * Testing wc_Sha3_512_Copy()
  8016. */
  8017. static int test_wc_Sha3_512_Copy (void)
  8018. {
  8019. int ret = 0;
  8020. #if defined(WOLFSSL_SHA3) && !defined(WOLFSSL_NOSHA3_512)
  8021. wc_Sha3 sha3, sha3Cpy;
  8022. const char* msg = TEST_STRING;
  8023. word32 msglen = (word32)TEST_STRING_SZ;
  8024. byte hash[WC_SHA3_512_DIGEST_SIZE];
  8025. byte hashCpy[WC_SHA3_512_DIGEST_SIZE];
  8026. XMEMSET(hash, 0, sizeof(hash));
  8027. XMEMSET(hashCpy, 0, sizeof(hashCpy));
  8028. printf(testingFmt, "wc_Sha3_512_Copy()");
  8029. ret = wc_InitSha3_512(&sha3, HEAP_HINT, devId);
  8030. if (ret != 0) {
  8031. return ret;
  8032. }
  8033. ret = wc_InitSha3_512(&sha3Cpy, HEAP_HINT, devId);
  8034. if (ret != 0) {
  8035. wc_Sha3_512_Free(&sha3);
  8036. return ret;
  8037. }
  8038. ret = wc_Sha3_512_Update(&sha3, (byte*)msg, msglen);
  8039. if (ret == 0) {
  8040. ret = wc_Sha3_512_Copy(&sha3Cpy, &sha3);
  8041. if (ret == 0) {
  8042. ret = wc_Sha3_512_Final(&sha3, hash);
  8043. if (ret == 0) {
  8044. ret = wc_Sha3_512_Final(&sha3Cpy, hashCpy);
  8045. }
  8046. }
  8047. if (ret == 0 && XMEMCMP(hash, hashCpy, sizeof(hash)) != 0) {
  8048. ret = WOLFSSL_FATAL_ERROR;
  8049. }
  8050. }
  8051. /* Test bad args. */
  8052. if (ret == 0) {
  8053. ret = wc_Sha3_512_Copy(NULL, &sha3);
  8054. if (ret == BAD_FUNC_ARG) {
  8055. ret = wc_Sha3_512_Copy(&sha3Cpy, NULL);
  8056. }
  8057. if (ret == BAD_FUNC_ARG) {
  8058. ret = 0;
  8059. } else if (ret == 0) {
  8060. ret = WOLFSSL_FATAL_ERROR;
  8061. }
  8062. }
  8063. printf(resultFmt, ret == 0 ? passed : failed);
  8064. #endif
  8065. return ret;
  8066. } /* END test_wc_Sha3_512_Copy */
  8067. /*
  8068. * Unit test function for wc_Sha3_GetFlags()
  8069. */
  8070. static int test_wc_Sha3_GetFlags (void)
  8071. {
  8072. int ret = 0;
  8073. #if defined(WOLFSSL_SHA3) && \
  8074. (defined(WOLFSSL_HASH_FLAGS) || defined(WOLF_CRYPTO_CB))
  8075. wc_Sha3 sha3;
  8076. word32 flags = 0;
  8077. printf(testingFmt, "wc_Sha3_GetFlags()");
  8078. /* Initialize */
  8079. ret = wc_InitSha3_224(&sha3, HEAP_HINT, devId);
  8080. if (ret != 0) {
  8081. return ret;
  8082. }
  8083. if (ret == 0) {
  8084. ret = wc_Sha3_GetFlags(&sha3, &flags);
  8085. }
  8086. if (ret == 0) {
  8087. if (flags & WC_HASH_FLAG_ISCOPY) {
  8088. ret = 0;
  8089. }
  8090. }
  8091. wc_Sha3_224_Free(&sha3);
  8092. printf(resultFmt, ret == 0 ? passed : failed);
  8093. #endif
  8094. return ret;
  8095. } /* END test_wc_Sha3_GetFlags */
  8096. static int test_wc_InitShake256 (void)
  8097. {
  8098. int ret = 0;
  8099. #if defined(WOLFSSL_SHAKE256) && !defined(WOLFSSL_NO_SHAKE256)
  8100. wc_Shake shake;
  8101. printf(testingFmt, "wc_InitShake256()");
  8102. ret = wc_InitShake256(&shake, HEAP_HINT, devId);
  8103. /* Test bad args. */
  8104. if (ret == 0) {
  8105. ret = wc_InitShake256(NULL, HEAP_HINT, devId);
  8106. if (ret == BAD_FUNC_ARG) {
  8107. ret = 0;
  8108. } else if (ret == 0) {
  8109. ret = WOLFSSL_FATAL_ERROR;
  8110. }
  8111. }
  8112. wc_Shake256_Free(&shake);
  8113. printf(resultFmt, ret == 0 ? passed : failed);
  8114. #endif
  8115. return ret;
  8116. } /* END test_wc_InitSha3 */
  8117. static int testing_wc_Shake256_Update (void)
  8118. {
  8119. int ret = 0;
  8120. #if defined(WOLFSSL_SHAKE256) && !defined(WOLFSSL_NO_SHAKE256)
  8121. wc_Shake shake;
  8122. byte msg[] = "Everybody's working for the weekend.";
  8123. byte msg2[] = "Everybody gets Friday off.";
  8124. byte msgCmp[] = "\x45\x76\x65\x72\x79\x62\x6f\x64\x79\x27\x73\x20"
  8125. "\x77\x6f\x72\x6b\x69\x6e\x67\x20\x66\x6f\x72\x20\x74"
  8126. "\x68\x65\x20\x77\x65\x65\x6b\x65\x6e\x64\x2e\x45\x76"
  8127. "\x65\x72\x79\x62\x6f\x64\x79\x20\x67\x65\x74\x73\x20"
  8128. "\x46\x72\x69\x64\x61\x79\x20\x6f\x66\x66\x2e";
  8129. word32 msglen = sizeof(msg) - 1;
  8130. word32 msg2len = sizeof(msg2);
  8131. word32 msgCmplen = sizeof(msgCmp);
  8132. printf(testingFmt, "wc_Shake256_Update()");
  8133. ret = wc_InitShake256(&shake, HEAP_HINT, devId);
  8134. if (ret != 0) {
  8135. return ret;
  8136. }
  8137. ret = wc_Shake256_Update(&shake, msg, msglen);
  8138. if (XMEMCMP(msg, shake.t, msglen) || shake.i != msglen) {
  8139. ret = WOLFSSL_FATAL_ERROR;
  8140. }
  8141. if (ret == 0) {
  8142. ret = wc_Shake256_Update(&shake, msg2, msg2len);
  8143. if (XMEMCMP(shake.t, msgCmp, msgCmplen) != 0) {
  8144. ret = WOLFSSL_FATAL_ERROR;
  8145. }
  8146. }
  8147. /* Pass bad args. */
  8148. if (ret == 0) {
  8149. ret = wc_Shake256_Update(NULL, msg2, msg2len);
  8150. if (ret == BAD_FUNC_ARG) {
  8151. ret = wc_Shake256_Update(&shake, NULL, 5);
  8152. }
  8153. if (ret == BAD_FUNC_ARG) {
  8154. wc_Shake256_Free(&shake);
  8155. if (wc_InitShake256(&shake, HEAP_HINT, devId)) {
  8156. return ret;
  8157. }
  8158. ret = wc_Shake256_Update(&shake, NULL, 0);
  8159. if (ret == 0) {
  8160. ret = wc_Shake256_Update(&shake, msg2, msg2len);
  8161. }
  8162. if (ret == 0 && XMEMCMP(msg2, shake.t, msg2len) != 0) {
  8163. ret = WOLFSSL_FATAL_ERROR;
  8164. }
  8165. }
  8166. }
  8167. wc_Shake256_Free(&shake);
  8168. printf(resultFmt, ret == 0 ? passed : failed);
  8169. #endif /* WOLFSSL_SHAKE256 && !WOLFSSL_NO_SHAKE256 */
  8170. return ret;
  8171. }
  8172. static int test_wc_Shake256_Final (void)
  8173. {
  8174. int ret = 0;
  8175. #if defined(WOLFSSL_SHAKE256) && !defined(WOLFSSL_NO_SHAKE256)
  8176. wc_Shake shake;
  8177. const char* msg = "abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnom"
  8178. "nopnopq";
  8179. const char* expOut = "\x4d\x8c\x2d\xd2\x43\x5a\x01\x28\xee\xfb\xb8\xc3\x6f"
  8180. "\x6f\x87\x13\x3a\x79\x11\xe1\x8d\x97\x9e\xe1\xae\x6b"
  8181. "\xe5\xd4\xfd\x2e\x33\x29\x40\xd8\x68\x8a\x4e\x6a\x59"
  8182. "\xaa\x80\x60\xf1\xf9\xbc\x99\x6c\x05\xac\xa3\xc6\x96"
  8183. "\xa8\xb6\x62\x79\xdc\x67\x2c\x74\x0b\xb2\x24\xec\x37"
  8184. "\xa9\x2b\x65\xdb\x05\x39\xc0\x20\x34\x55\xf5\x1d\x97"
  8185. "\xcc\xe4\xcf\xc4\x91\x27\xd7\x26\x0a\xfc\x67\x3a\xf2"
  8186. "\x08\xba\xf1\x9b\xe2\x12\x33\xf3\xde\xbe\x78\xd0\x67"
  8187. "\x60\xcf\xa5\x51\xee\x1e\x07\x91\x41\xd4";
  8188. byte hash[114];
  8189. /* Init stack variables. */
  8190. XMEMSET(hash, 0, sizeof(hash));
  8191. printf(testingFmt, "wc_Shake256_Final()");
  8192. ret = wc_InitShake256(&shake, HEAP_HINT, devId);
  8193. if (ret != 0) {
  8194. return ret;
  8195. }
  8196. ret= wc_Shake256_Update(&shake, (byte*)msg, (word32)XSTRLEN(msg));
  8197. if (ret == 0) {
  8198. ret = wc_Shake256_Final(&shake, hash, (word32)sizeof(hash));
  8199. if (ret == 0 && XMEMCMP(expOut, hash, (word32)sizeof(hash)) != 0) {
  8200. ret = WOLFSSL_FATAL_ERROR;
  8201. }
  8202. }
  8203. /* Test bad args. */
  8204. if (ret == 0) {
  8205. ret = wc_Shake256_Final(NULL, hash, (word32)sizeof(hash));
  8206. if (ret == 0) {
  8207. ret = wc_Shake256_Final(&shake, NULL, (word32)sizeof(hash));
  8208. }
  8209. if (ret == BAD_FUNC_ARG) {
  8210. ret = 0;
  8211. } else if (ret == 0) {
  8212. ret = WOLFSSL_FATAL_ERROR;
  8213. }
  8214. }
  8215. wc_Shake256_Free(&shake);
  8216. printf(resultFmt, ret == 0 ? passed : failed);
  8217. #endif
  8218. return ret;
  8219. }
  8220. /*
  8221. * Testing wc_Shake256_Copy()
  8222. */
  8223. static int test_wc_Shake256_Copy (void)
  8224. {
  8225. int ret = 0;
  8226. #if defined(WOLFSSL_SHAKE256) && !defined(WOLFSSL_NO_SHAKE256)
  8227. wc_Shake shake, shakeCpy;
  8228. const char* msg = TEST_STRING;
  8229. word32 msglen = (word32)TEST_STRING_SZ;
  8230. byte hash[144];
  8231. byte hashCpy[144];
  8232. word32 hashLen = sizeof(hash);
  8233. word32 hashLenCpy = sizeof(hashCpy);
  8234. XMEMSET(hash, 0, sizeof(hash));
  8235. XMEMSET(hashCpy, 0, sizeof(hashCpy));
  8236. printf(testingFmt, "wc_Shake256_Copy()");
  8237. ret = wc_InitShake256(&shake, HEAP_HINT, devId);
  8238. if (ret != 0) {
  8239. return ret;
  8240. }
  8241. ret = wc_InitShake256(&shakeCpy, HEAP_HINT, devId);
  8242. if (ret != 0) {
  8243. wc_Shake256_Free(&shake);
  8244. return ret;
  8245. }
  8246. ret = wc_Shake256_Update(&shake, (byte*)msg, msglen);
  8247. if (ret == 0) {
  8248. ret = wc_Shake256_Copy(&shakeCpy, &shake);
  8249. if (ret == 0) {
  8250. ret = wc_Shake256_Final(&shake, hash, hashLen);
  8251. if (ret == 0) {
  8252. ret = wc_Shake256_Final(&shakeCpy, hashCpy, hashLenCpy);
  8253. }
  8254. }
  8255. if (ret == 0 && XMEMCMP(hash, hashCpy, sizeof(hash)) != 0) {
  8256. ret = WOLFSSL_FATAL_ERROR;
  8257. }
  8258. }
  8259. /* Test bad args. */
  8260. if (ret == 0) {
  8261. ret = wc_Shake256_Copy(NULL, &shake);
  8262. if (ret == BAD_FUNC_ARG) {
  8263. ret = wc_Shake256_Copy(&shakeCpy, NULL);
  8264. }
  8265. if (ret == BAD_FUNC_ARG) {
  8266. ret = 0;
  8267. } else if (ret == 0) {
  8268. ret = WOLFSSL_FATAL_ERROR;
  8269. }
  8270. }
  8271. wc_Shake256_Free(&shake);
  8272. printf(resultFmt, ret == 0 ? passed : failed);
  8273. #endif
  8274. return ret;
  8275. } /* END test_wc_Shake256_Copy */
  8276. /*
  8277. * Unit test function for wc_Shake256Hash()
  8278. */
  8279. static int test_wc_Shake256Hash(void)
  8280. {
  8281. int ret = 0;
  8282. #if defined(WOLFSSL_SHAKE256) && !defined(WOLFSSL_NO_SHAKE256)
  8283. const byte data[] = { /* Hello World */
  8284. 0x48,0x65,0x6c,0x6c,0x6f,0x20,0x57,0x6f,
  8285. 0x72,0x6c,0x64
  8286. };
  8287. word32 len = sizeof(data);
  8288. byte hash[144];
  8289. word32 hashLen = sizeof(hash);
  8290. printf(testingFmt, "wc_Shake256Hash()");
  8291. ret = wc_Shake256Hash(data, len, hash, hashLen);
  8292. printf(resultFmt, ret == 0 ? passed : failed);
  8293. #endif
  8294. return ret;
  8295. } /* END test_wc_Shake256Hash */
  8296. /*
  8297. * unit test for wc_IdeaSetKey()
  8298. */
  8299. static int test_wc_IdeaSetKey (void)
  8300. {
  8301. int ret = 0;
  8302. #ifdef HAVE_IDEA
  8303. Idea idea;
  8304. const byte key[] =
  8305. {
  8306. 0x37, 0x37, 0x37, 0x37, 0x37, 0x37, 0x37, 0x37,
  8307. 0x37, 0x37, 0x37, 0x37, 0x37, 0x37, 0x37, 0x37
  8308. };
  8309. int flag = 0;
  8310. printf(testingFmt, "wc_IdeaSetKey()");
  8311. /*IV can be NULL, default value is 0*/
  8312. ret = wc_IdeaSetKey(&idea, key, IDEA_KEY_SIZE, NULL, IDEA_ENCRYPTION);
  8313. if (ret == 0) {
  8314. ret = wc_IdeaSetKey(&idea, key, IDEA_KEY_SIZE, NULL, IDEA_DECRYPTION);
  8315. }
  8316. /* Bad args. */
  8317. if (ret == 0) {
  8318. ret = wc_IdeaSetKey(NULL, key, IDEA_KEY_SIZE, NULL, IDEA_ENCRYPTION);
  8319. if (ret != BAD_FUNC_ARG) {
  8320. flag = 1;
  8321. }
  8322. ret = wc_IdeaSetKey(&idea, NULL, IDEA_KEY_SIZE, NULL, IDEA_ENCRYPTION);
  8323. if (ret != BAD_FUNC_ARG) {
  8324. flag = 1;
  8325. }
  8326. ret = wc_IdeaSetKey(&idea, key, IDEA_KEY_SIZE - 1,
  8327. NULL, IDEA_ENCRYPTION);
  8328. if (ret != BAD_FUNC_ARG) {
  8329. flag = 1;
  8330. }
  8331. ret = wc_IdeaSetKey(&idea, key, IDEA_KEY_SIZE, NULL, -1);
  8332. if (ret != BAD_FUNC_ARG) {
  8333. flag = 1;
  8334. }
  8335. if (flag == 1) {
  8336. ret = WOLFSSL_FATAL_ERROR;
  8337. } else {
  8338. ret = 0;
  8339. }
  8340. } /* END Test Bad Args. */
  8341. printf(resultFmt, ret == 0 ? passed : failed);
  8342. #endif
  8343. return ret;
  8344. } /* END test_wc_IdeaSetKey */
  8345. /*
  8346. * Unit test for wc_IdeaSetIV()
  8347. */
  8348. static int test_wc_IdeaSetIV (void)
  8349. {
  8350. int ret = 0;
  8351. #ifdef HAVE_IDEA
  8352. Idea idea;
  8353. printf(testingFmt, "wc_IdeaSetIV()");
  8354. ret = wc_IdeaSetIV(&idea, NULL);
  8355. /* Test bad args. */
  8356. if (ret == 0) {
  8357. ret = wc_IdeaSetIV(NULL, NULL);
  8358. if (ret == BAD_FUNC_ARG) {
  8359. ret = 0;
  8360. } else {
  8361. ret = WOLFSSL_FATAL_ERROR;
  8362. }
  8363. }
  8364. printf(resultFmt, ret == 0 ? passed : failed);
  8365. #endif
  8366. return ret;
  8367. } /* END test_wc_IdeaSetIV */
  8368. /*
  8369. * Unit test for wc_IdeaCipher()
  8370. */
  8371. static int test_wc_IdeaCipher (void)
  8372. {
  8373. int ret = 0;
  8374. #ifdef HAVE_IDEA
  8375. Idea idea;
  8376. const byte key[] =
  8377. {
  8378. 0x2B, 0xD6, 0x45, 0x9F, 0x82, 0xC5, 0xB3, 0x00,
  8379. 0x95, 0x2C, 0x49, 0x10, 0x48, 0x81, 0xFF, 0x48
  8380. };
  8381. const byte plain[] =
  8382. {
  8383. 0x37, 0x37, 0x37, 0x37, 0x37, 0x37, 0x37, 0x37
  8384. };
  8385. byte enc[sizeof(plain)];
  8386. byte dec[sizeof(enc)];
  8387. printf(testingFmt, "wc_IdeaCipher()");
  8388. ret = wc_IdeaSetKey(&idea, key, IDEA_KEY_SIZE, NULL, IDEA_ENCRYPTION);
  8389. if (ret == 0) {
  8390. ret = wc_IdeaCipher(&idea, enc, plain);
  8391. if (ret != 0) {
  8392. ret = WOLFSSL_FATAL_ERROR;
  8393. }
  8394. }
  8395. if (ret == 0) {
  8396. ret = wc_IdeaSetKey(&idea, key, IDEA_KEY_SIZE, NULL, IDEA_DECRYPTION);
  8397. if (ret == 0) {
  8398. ret = wc_IdeaCipher(&idea, dec, enc);
  8399. }
  8400. if (ret == 0) {
  8401. ret = XMEMCMP(plain, dec, IDEA_BLOCK_SIZE);
  8402. }
  8403. if (ret != 0) {
  8404. ret = WOLFSSL_FATAL_ERROR;
  8405. }
  8406. }
  8407. /* Pass Bad Args. */
  8408. if (ret == 0) {
  8409. ret = wc_IdeaCipher(NULL, enc, dec);
  8410. if (ret == BAD_FUNC_ARG) {
  8411. ret = wc_IdeaCipher(&idea, NULL, dec);
  8412. }
  8413. if (ret == BAD_FUNC_ARG) {
  8414. ret = wc_IdeaCipher(&idea, enc, NULL);
  8415. }
  8416. if (ret == BAD_FUNC_ARG) {
  8417. ret = 0;
  8418. } else {
  8419. ret = WOLFSSL_FATAL_ERROR;
  8420. }
  8421. }
  8422. printf(resultFmt, ret == 0 ? passed : failed);
  8423. #endif
  8424. return ret;
  8425. } /* END test_wc_IdeaCipher */
  8426. /*
  8427. * Unit test for functions wc_IdeaCbcEncrypt and wc_IdeaCbcDecrypt
  8428. */
  8429. static int test_wc_IdeaCbcEncyptDecrypt (void)
  8430. {
  8431. int ret = 0;
  8432. #ifdef HAVE_IDEA
  8433. Idea idea;
  8434. const byte key[] =
  8435. {
  8436. 0x37, 0x37, 0x37, 0x37, 0x37, 0x37, 0x37, 0x37,
  8437. 0x37, 0x37, 0x37, 0x37, 0x37, 0x37, 0x37, 0x37
  8438. };
  8439. const char* message = "International Data Encryption Algorithm";
  8440. byte msg_enc[40];
  8441. byte msg_dec[40];
  8442. printf(testingFmt, "wc_IdeaCbcEncrypt()");
  8443. ret = wc_IdeaSetKey(&idea, key, sizeof(key), NULL, IDEA_ENCRYPTION);
  8444. if (ret == 0) {
  8445. ret = wc_IdeaCbcEncrypt(&idea, msg_enc, (byte *)message,
  8446. (word32)XSTRLEN(message) + 1);
  8447. }
  8448. if (ret == 0) {
  8449. ret = wc_IdeaSetKey(&idea, key, sizeof(key), NULL, IDEA_DECRYPTION);
  8450. }
  8451. if (ret == 0) {
  8452. ret = wc_IdeaCbcDecrypt(&idea, msg_dec, msg_enc,
  8453. (word32)XSTRLEN(message) + 1);
  8454. if (XMEMCMP(message, msg_dec, (word32)XSTRLEN(message))) {
  8455. ret = WOLFSSL_FATAL_ERROR;
  8456. }
  8457. }
  8458. /* Test bad args. Enc */
  8459. if (ret == 0) {
  8460. ret = wc_IdeaCbcEncrypt(NULL, msg_enc, (byte*)message,
  8461. (word32)XSTRLEN(message) + 1);
  8462. if (ret == BAD_FUNC_ARG) {
  8463. ret = wc_IdeaCbcEncrypt(&idea, NULL, (byte*)message,
  8464. (word32)XSTRLEN(message) + 1);
  8465. }
  8466. if (ret == BAD_FUNC_ARG) {
  8467. ret = wc_IdeaCbcEncrypt(&idea, msg_enc, NULL,
  8468. (word32)XSTRLEN(message) + 1);
  8469. }
  8470. if (ret != BAD_FUNC_ARG) {
  8471. ret = WOLFSSL_FATAL_ERROR;
  8472. } else {
  8473. ret = 0;
  8474. }
  8475. } /* END test bad args ENC */
  8476. /* Test bad args DEC */
  8477. if (ret == 0) {
  8478. ret = wc_IdeaCbcDecrypt(NULL, msg_dec, msg_enc,
  8479. (word32)XSTRLEN(message) + 1);
  8480. if (ret == BAD_FUNC_ARG) {
  8481. ret = wc_IdeaCbcDecrypt(&idea, NULL, msg_enc,
  8482. (word32)XSTRLEN(message) + 1);
  8483. }
  8484. if (ret == BAD_FUNC_ARG) {
  8485. ret = wc_IdeaCbcDecrypt(&idea, msg_dec, NULL,
  8486. (word32)XSTRLEN(message) + 1);
  8487. }
  8488. if (ret != BAD_FUNC_ARG) {
  8489. ret = WOLFSSL_FATAL_ERROR;
  8490. } else {
  8491. ret = 0;
  8492. }
  8493. }
  8494. printf(resultFmt, ret == 0 ? passed : failed);
  8495. #endif
  8496. return ret;
  8497. } /* END test_wc_IdeaCbcEncryptDecrypt */
  8498. /*
  8499. * Test function for wc_HmacSetKey
  8500. */
  8501. static int test_wc_Md5HmacSetKey (void)
  8502. {
  8503. int flag = 0;
  8504. #if !defined(NO_HMAC) && !defined(NO_MD5)
  8505. Hmac hmac;
  8506. int ret, times, itr;
  8507. const char* keys[]=
  8508. {
  8509. "\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b",
  8510. #ifndef HAVE_FIPS
  8511. "Jefe", /* smaller than minimum FIPS key size */
  8512. #endif
  8513. "\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA"
  8514. };
  8515. times = sizeof(keys) / sizeof(char*);
  8516. flag = 0;
  8517. printf(testingFmt, "wc_HmacSetKey() with MD5");
  8518. ret = wc_HmacInit(&hmac, NULL, INVALID_DEVID);
  8519. if (ret != 0)
  8520. return ret;
  8521. for (itr = 0; itr < times; itr++) {
  8522. ret = wc_HmacSetKey(&hmac, WC_MD5, (byte*)keys[itr],
  8523. (word32)XSTRLEN(keys[itr]));
  8524. if (ret != 0) {
  8525. flag = ret;
  8526. }
  8527. }
  8528. /* Bad args. */
  8529. if (!flag) {
  8530. ret = wc_HmacSetKey(NULL, WC_MD5, (byte*)keys[0],
  8531. (word32)XSTRLEN(keys[0]));
  8532. if (ret != BAD_FUNC_ARG) {
  8533. flag = WOLFSSL_FATAL_ERROR;
  8534. }
  8535. }
  8536. if (!flag) {
  8537. ret = wc_HmacSetKey(&hmac, WC_MD5, NULL, (word32)XSTRLEN(keys[0]));
  8538. if (ret != BAD_FUNC_ARG) {
  8539. flag = WOLFSSL_FATAL_ERROR;
  8540. }
  8541. }
  8542. if (!flag) {
  8543. ret = wc_HmacSetKey(&hmac, 20, (byte*)keys[0],
  8544. (word32)XSTRLEN(keys[0]));
  8545. if (ret != BAD_FUNC_ARG) {
  8546. flag = WOLFSSL_FATAL_ERROR;
  8547. }
  8548. }
  8549. if (!flag) {
  8550. ret = wc_HmacSetKey(&hmac, WC_MD5, (byte*)keys[0], 0);
  8551. #ifdef HAVE_FIPS
  8552. if (ret != HMAC_MIN_KEYLEN_E) {
  8553. flag = WOLFSSL_FATAL_ERROR;
  8554. }
  8555. #else
  8556. if (ret != 0) {
  8557. flag = WOLFSSL_FATAL_ERROR;
  8558. }
  8559. #endif
  8560. }
  8561. wc_HmacFree(&hmac);
  8562. printf(resultFmt, flag == 0 ? passed : failed);
  8563. #endif
  8564. return flag;
  8565. } /* END test_wc_Md5HmacSetKey */
  8566. /*
  8567. * testing wc_HmacSetKey() on wc_Sha hash.
  8568. */
  8569. static int test_wc_ShaHmacSetKey (void)
  8570. {
  8571. int flag = 0;
  8572. #if !defined(NO_HMAC) && !defined(NO_SHA)
  8573. Hmac hmac;
  8574. int ret, times, itr;
  8575. const char* keys[]=
  8576. {
  8577. "\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b"
  8578. "\x0b\x0b\x0b",
  8579. #ifndef HAVE_FIPS
  8580. "Jefe", /* smaller than minimum FIPS key size */
  8581. #endif
  8582. "\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA"
  8583. "\xAA\xAA\xAA"
  8584. };
  8585. times = sizeof(keys) / sizeof(char*);
  8586. flag = 0;
  8587. printf(testingFmt, "wc_HmacSetKey() with SHA");
  8588. ret = wc_HmacInit(&hmac, NULL, INVALID_DEVID);
  8589. if (ret != 0)
  8590. return ret;
  8591. for (itr = 0; itr < times; itr++) {
  8592. ret = wc_HmacSetKey(&hmac, WC_SHA, (byte*)keys[itr],
  8593. (word32)XSTRLEN(keys[itr]));
  8594. if (ret != 0) {
  8595. flag = ret;
  8596. }
  8597. }
  8598. /* Bad args. */
  8599. if (!flag) {
  8600. ret = wc_HmacSetKey(NULL, WC_SHA, (byte*)keys[0],
  8601. (word32)XSTRLEN(keys[0]));
  8602. if (ret != BAD_FUNC_ARG) {
  8603. flag = WOLFSSL_FATAL_ERROR;
  8604. }
  8605. }
  8606. if (!flag) {
  8607. ret = wc_HmacSetKey(&hmac, WC_SHA, NULL, (word32)XSTRLEN(keys[0]));
  8608. if (ret != BAD_FUNC_ARG) {
  8609. flag = WOLFSSL_FATAL_ERROR;
  8610. }
  8611. }
  8612. if (!flag) {
  8613. ret = wc_HmacSetKey(&hmac, 20, (byte*)keys[0],
  8614. (word32)XSTRLEN(keys[0]));
  8615. if (ret != BAD_FUNC_ARG) {
  8616. flag = WOLFSSL_FATAL_ERROR;
  8617. }
  8618. }
  8619. if (!flag) {
  8620. ret = wc_HmacSetKey(&hmac, WC_SHA, (byte*)keys[0], 0);
  8621. #ifdef HAVE_FIPS
  8622. if (ret != HMAC_MIN_KEYLEN_E) {
  8623. flag = WOLFSSL_FATAL_ERROR;
  8624. }
  8625. #else
  8626. if (ret != 0) {
  8627. flag = WOLFSSL_FATAL_ERROR;
  8628. }
  8629. #endif
  8630. }
  8631. wc_HmacFree(&hmac);
  8632. printf(resultFmt, flag == 0 ? passed : failed);
  8633. #endif
  8634. return flag;
  8635. } /* END test_wc_ShaHmacSetKey() */
  8636. /*
  8637. * testing wc_HmacSetKey() on Sha224 hash.
  8638. */
  8639. static int test_wc_Sha224HmacSetKey (void)
  8640. {
  8641. int flag = 0;
  8642. #if !defined(NO_HMAC) && defined(WOLFSSL_SHA224)
  8643. Hmac hmac;
  8644. int ret, times, itr;
  8645. const char* keys[]=
  8646. {
  8647. "\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b"
  8648. "\x0b\x0b\x0b",
  8649. #ifndef HAVE_FIPS
  8650. "Jefe", /* smaller than minimum FIPS key size */
  8651. #endif
  8652. "\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA"
  8653. "\xAA\xAA\xAA"
  8654. };
  8655. times = sizeof(keys) / sizeof(char*);
  8656. flag = 0;
  8657. printf(testingFmt, "wc_HmacSetKey() with SHA 224");
  8658. ret = wc_HmacInit(&hmac, NULL, INVALID_DEVID);
  8659. if (ret != 0)
  8660. return ret;
  8661. for (itr = 0; itr < times; itr++) {
  8662. ret = wc_HmacSetKey(&hmac, WC_SHA224, (byte*)keys[itr],
  8663. (word32)XSTRLEN(keys[itr]));
  8664. if (ret != 0) {
  8665. flag = ret;
  8666. }
  8667. }
  8668. /* Bad args. */
  8669. if (!flag) {
  8670. ret = wc_HmacSetKey(NULL, WC_SHA224, (byte*)keys[0],
  8671. (word32)XSTRLEN(keys[0]));
  8672. if (ret != BAD_FUNC_ARG) {
  8673. flag = WOLFSSL_FATAL_ERROR;
  8674. }
  8675. }
  8676. if (!flag) {
  8677. ret = wc_HmacSetKey(&hmac, WC_SHA224, NULL, (word32)XSTRLEN(keys[0]));
  8678. if (ret != BAD_FUNC_ARG) {
  8679. flag = WOLFSSL_FATAL_ERROR;
  8680. }
  8681. }
  8682. if (!flag) {
  8683. ret = wc_HmacSetKey(&hmac, 20, (byte*)keys[0],
  8684. (word32)XSTRLEN(keys[0]));
  8685. if (ret != BAD_FUNC_ARG) {
  8686. flag = WOLFSSL_FATAL_ERROR;
  8687. }
  8688. }
  8689. if (!flag) {
  8690. ret = wc_HmacSetKey(&hmac, WC_SHA224, (byte*)keys[0], 0);
  8691. #ifdef HAVE_FIPS
  8692. if (ret != HMAC_MIN_KEYLEN_E) {
  8693. flag = WOLFSSL_FATAL_ERROR;
  8694. }
  8695. #else
  8696. if (ret != 0) {
  8697. flag = WOLFSSL_FATAL_ERROR;
  8698. }
  8699. #endif
  8700. }
  8701. wc_HmacFree(&hmac);
  8702. printf(resultFmt, flag == 0 ? passed : failed);
  8703. #endif
  8704. return flag;
  8705. } /* END test_wc_Sha224HmacSetKey() */
  8706. /*
  8707. * testing wc_HmacSetKey() on Sha256 hash
  8708. */
  8709. static int test_wc_Sha256HmacSetKey (void)
  8710. {
  8711. int flag = 0;
  8712. #if !defined(NO_HMAC) && !defined(NO_SHA256)
  8713. Hmac hmac;
  8714. int ret, times, itr;
  8715. const char* keys[]=
  8716. {
  8717. "\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b"
  8718. "\x0b\x0b\x0b",
  8719. #ifndef HAVE_FIPS
  8720. "Jefe", /* smaller than minimum FIPS key size */
  8721. #endif
  8722. "\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA"
  8723. "\xAA\xAA\xAA"
  8724. };
  8725. times = sizeof(keys) / sizeof(char*);
  8726. flag = 0;
  8727. printf(testingFmt, "wc_HmacSetKey() with SHA256");
  8728. ret = wc_HmacInit(&hmac, NULL, INVALID_DEVID);
  8729. if (ret != 0)
  8730. return ret;
  8731. for (itr = 0; itr < times; itr++) {
  8732. ret = wc_HmacSetKey(&hmac, WC_SHA256, (byte*)keys[itr],
  8733. (word32)XSTRLEN(keys[itr]));
  8734. if (ret != 0) {
  8735. flag = ret;
  8736. }
  8737. }
  8738. /* Bad args. */
  8739. if (!flag) {
  8740. ret = wc_HmacSetKey(NULL, WC_SHA256, (byte*)keys[0],
  8741. (word32)XSTRLEN(keys[0]));
  8742. if (ret != BAD_FUNC_ARG) {
  8743. flag = WOLFSSL_FATAL_ERROR;
  8744. }
  8745. }
  8746. if (!flag) {
  8747. ret = wc_HmacSetKey(&hmac, WC_SHA256, NULL, (word32)XSTRLEN(keys[0]));
  8748. if (ret != BAD_FUNC_ARG) {
  8749. flag = WOLFSSL_FATAL_ERROR;
  8750. }
  8751. }
  8752. if (!flag) {
  8753. ret = wc_HmacSetKey(&hmac, 20, (byte*)keys[0],
  8754. (word32)XSTRLEN(keys[0]));
  8755. if (ret != BAD_FUNC_ARG) {
  8756. flag = WOLFSSL_FATAL_ERROR;
  8757. }
  8758. }
  8759. if (!flag) {
  8760. ret = wc_HmacSetKey(&hmac, WC_SHA256, (byte*)keys[0], 0);
  8761. #ifdef HAVE_FIPS
  8762. if (ret != HMAC_MIN_KEYLEN_E) {
  8763. flag = WOLFSSL_FATAL_ERROR;
  8764. }
  8765. #else
  8766. if (ret != 0) {
  8767. flag = WOLFSSL_FATAL_ERROR;
  8768. }
  8769. #endif
  8770. }
  8771. wc_HmacFree(&hmac);
  8772. printf(resultFmt, flag == 0 ? passed : failed);
  8773. #endif
  8774. return flag;
  8775. } /* END test_wc_Sha256HmacSetKey() */
  8776. /*
  8777. * testing wc_HmacSetKey on Sha384 hash.
  8778. */
  8779. static int test_wc_Sha384HmacSetKey (void)
  8780. {
  8781. int flag = 0;
  8782. #if !defined(NO_HMAC) && defined(WOLFSSL_SHA384)
  8783. Hmac hmac;
  8784. int ret, times, itr;
  8785. const char* keys[]=
  8786. {
  8787. "\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b"
  8788. "\x0b\x0b\x0b",
  8789. #ifndef HAVE_FIPS
  8790. "Jefe", /* smaller than minimum FIPS key size */
  8791. #endif
  8792. "\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA"
  8793. "\xAA\xAA\xAA"
  8794. };
  8795. times = sizeof(keys) / sizeof(char*);
  8796. flag = 0;
  8797. printf(testingFmt, "wc_HmacSetKey() with SHA384");
  8798. ret = wc_HmacInit(&hmac, NULL, INVALID_DEVID);
  8799. if (ret != 0)
  8800. return ret;
  8801. for (itr = 0; itr < times; itr++) {
  8802. ret = wc_HmacSetKey(&hmac, WC_SHA384, (byte*)keys[itr],
  8803. (word32)XSTRLEN(keys[itr]));
  8804. if (ret != 0) {
  8805. flag = ret;
  8806. }
  8807. }
  8808. /* Bad args. */
  8809. if (!flag) {
  8810. ret = wc_HmacSetKey(NULL, WC_SHA384, (byte*)keys[0],
  8811. (word32)XSTRLEN(keys[0]));
  8812. if (ret != BAD_FUNC_ARG) {
  8813. flag = WOLFSSL_FATAL_ERROR;
  8814. }
  8815. }
  8816. if (!flag) {
  8817. ret = wc_HmacSetKey(&hmac, WC_SHA384, NULL, (word32)XSTRLEN(keys[0]));
  8818. if (ret != BAD_FUNC_ARG) {
  8819. flag = WOLFSSL_FATAL_ERROR;
  8820. }
  8821. }
  8822. if (!flag) {
  8823. ret = wc_HmacSetKey(&hmac, 20, (byte*)keys[0],
  8824. (word32)XSTRLEN(keys[0]));
  8825. if (ret != BAD_FUNC_ARG) {
  8826. flag = WOLFSSL_FATAL_ERROR;
  8827. }
  8828. }
  8829. if (!flag) {
  8830. ret = wc_HmacSetKey(&hmac, WC_SHA384, (byte*)keys[0], 0);
  8831. #ifdef HAVE_FIPS
  8832. if (ret != HMAC_MIN_KEYLEN_E) {
  8833. flag = WOLFSSL_FATAL_ERROR;
  8834. }
  8835. #else
  8836. if (ret != 0) {
  8837. flag = WOLFSSL_FATAL_ERROR;
  8838. }
  8839. #endif
  8840. }
  8841. wc_HmacFree(&hmac);
  8842. printf(resultFmt, flag == 0 ? passed : failed);
  8843. #endif
  8844. return flag;
  8845. } /* END test_wc_Sha384HmacSetKey() */
  8846. /*
  8847. * testing wc_HmacUpdate on wc_Md5 hash.
  8848. */
  8849. static int test_wc_Md5HmacUpdate (void)
  8850. {
  8851. int flag = 0;
  8852. #if !defined(NO_HMAC) && !defined(NO_MD5)
  8853. Hmac hmac;
  8854. testVector a, b;
  8855. int ret;
  8856. #ifdef HAVE_FIPS
  8857. const char* keys =
  8858. "\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b";
  8859. #else
  8860. const char* keys = "Jefe";
  8861. #endif
  8862. a.input = "what do ya want for nothing?";
  8863. a.inLen = XSTRLEN(a.input);
  8864. b.input = "Hi There";
  8865. b.inLen = XSTRLEN(b.input);
  8866. flag = 0;
  8867. printf(testingFmt, "wc_HmacUpdate() with MD5");
  8868. ret = wc_HmacInit(&hmac, NULL, INVALID_DEVID);
  8869. if (ret != 0)
  8870. return ret;
  8871. ret = wc_HmacSetKey(&hmac, WC_MD5, (byte*)keys, (word32)XSTRLEN(keys));
  8872. if (ret != 0) {
  8873. flag = ret;
  8874. }
  8875. if (!flag) {
  8876. ret = wc_HmacUpdate(&hmac, (byte*)b.input, (word32)b.inLen);
  8877. if (ret != 0) {
  8878. flag = ret;
  8879. }
  8880. }
  8881. /* Update Hmac. */
  8882. if (!flag) {
  8883. ret = wc_HmacUpdate(&hmac, (byte*)a.input, (word32)a.inLen);
  8884. if (ret != 0) {
  8885. flag = ret;
  8886. }
  8887. }
  8888. /* Test bad args. */
  8889. if (!flag) {
  8890. ret = wc_HmacUpdate(NULL, (byte*)a.input, (word32)a.inLen);
  8891. if (ret != BAD_FUNC_ARG) {
  8892. flag = WOLFSSL_FATAL_ERROR;
  8893. }
  8894. }
  8895. if (!flag) {
  8896. ret = wc_HmacUpdate(&hmac, NULL, (word32)a.inLen);
  8897. if (ret != BAD_FUNC_ARG) {
  8898. flag = WOLFSSL_FATAL_ERROR;
  8899. }
  8900. }
  8901. if (!flag) {
  8902. ret = wc_HmacUpdate(&hmac, (byte*)a.input, 0);
  8903. if (ret != 0) {
  8904. flag = ret;
  8905. }
  8906. }
  8907. wc_HmacFree(&hmac);
  8908. printf(resultFmt, flag == 0 ? passed : failed);
  8909. #endif
  8910. return flag;
  8911. } /* END test_wc_Md5HmacUpdate */
  8912. /*
  8913. * testing wc_HmacUpdate on SHA hash.
  8914. */
  8915. static int test_wc_ShaHmacUpdate (void)
  8916. {
  8917. int flag = 0;
  8918. #if !defined(NO_HMAC) && !defined(NO_SHA)
  8919. Hmac hmac;
  8920. testVector a, b;
  8921. int ret;
  8922. #ifdef HAVE_FIPS
  8923. const char* keys =
  8924. "\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b";
  8925. #else
  8926. const char* keys = "Jefe";
  8927. #endif
  8928. a.input = "what do ya want for nothing?";
  8929. a.inLen = XSTRLEN(a.input);
  8930. b.input = "Hi There";
  8931. b.inLen = XSTRLEN(b.input);
  8932. flag = 0;
  8933. printf(testingFmt, "wc_HmacUpdate() with SHA");
  8934. ret = wc_HmacInit(&hmac, NULL, INVALID_DEVID);
  8935. if (ret != 0)
  8936. return ret;
  8937. ret = wc_HmacSetKey(&hmac, WC_SHA, (byte*)keys, (word32)XSTRLEN(keys));
  8938. if (ret != 0) {
  8939. flag = ret;
  8940. }
  8941. if (!flag) {
  8942. ret = wc_HmacUpdate(&hmac, (byte*)b.input, (word32)b.inLen);
  8943. if (ret != 0) {
  8944. flag = ret;
  8945. }
  8946. }
  8947. /* Update Hmac. */
  8948. if (!flag) {
  8949. ret = wc_HmacUpdate(&hmac, (byte*)a.input, (word32)a.inLen);
  8950. if (ret != 0) {
  8951. flag = ret;
  8952. }
  8953. }
  8954. /* Test bad args. */
  8955. if (!flag) {
  8956. ret = wc_HmacUpdate(NULL, (byte*)a.input, (word32)a.inLen);
  8957. if (ret != BAD_FUNC_ARG) {
  8958. flag = WOLFSSL_FATAL_ERROR;
  8959. }
  8960. }
  8961. if (!flag) {
  8962. ret = wc_HmacUpdate(&hmac, NULL, (word32)a.inLen);
  8963. if (ret != BAD_FUNC_ARG) {
  8964. flag = WOLFSSL_FATAL_ERROR;
  8965. }
  8966. }
  8967. if (!flag) {
  8968. ret = wc_HmacUpdate(&hmac, (byte*)a.input, 0);
  8969. if (ret != 0) {
  8970. flag = ret;
  8971. }
  8972. }
  8973. wc_HmacFree(&hmac);
  8974. printf(resultFmt, flag == 0 ? passed : failed);
  8975. #endif
  8976. return flag;
  8977. } /* END test_wc_ShaHmacUpdate */
  8978. /*
  8979. * testing wc_HmacUpdate on SHA224 hash.
  8980. */
  8981. static int test_wc_Sha224HmacUpdate (void)
  8982. {
  8983. int flag = 0;
  8984. #if !defined(NO_HMAC) && defined(WOLFSSL_SHA224)
  8985. Hmac hmac;
  8986. testVector a, b;
  8987. int ret;
  8988. #ifdef HAVE_FIPS
  8989. const char* keys =
  8990. "\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b";
  8991. #else
  8992. const char* keys = "Jefe";
  8993. #endif
  8994. a.input = "what do ya want for nothing?";
  8995. a.inLen = XSTRLEN(a.input);
  8996. b.input = "Hi There";
  8997. b.inLen = XSTRLEN(b.input);
  8998. flag = 0;
  8999. printf(testingFmt, "wc_HmacUpdate() with SHA224");
  9000. ret = wc_HmacInit(&hmac, NULL, INVALID_DEVID);
  9001. if (ret != 0)
  9002. return ret;
  9003. ret = wc_HmacSetKey(&hmac, WC_SHA224, (byte*)keys, (word32)XSTRLEN(keys));
  9004. if (ret != 0) {
  9005. flag = ret;
  9006. }
  9007. if (!flag) {
  9008. ret = wc_HmacUpdate(&hmac, (byte*)b.input, (word32)b.inLen);
  9009. if (ret != 0) {
  9010. flag = ret;
  9011. }
  9012. }
  9013. /* Update Hmac. */
  9014. if (!flag) {
  9015. ret = wc_HmacUpdate(&hmac, (byte*)a.input, (word32)a.inLen);
  9016. if (ret != 0) {
  9017. flag = ret;
  9018. }
  9019. }
  9020. /* Test bad args. */
  9021. if (!flag) {
  9022. ret = wc_HmacUpdate(NULL, (byte*)a.input, (word32)a.inLen);
  9023. if (ret != BAD_FUNC_ARG) {
  9024. flag = WOLFSSL_FATAL_ERROR;
  9025. }
  9026. }
  9027. if (!flag) {
  9028. ret = wc_HmacUpdate(&hmac, NULL, (word32)a.inLen);
  9029. if (ret != BAD_FUNC_ARG) {
  9030. flag = WOLFSSL_FATAL_ERROR;
  9031. }
  9032. }
  9033. if (!flag) {
  9034. ret = wc_HmacUpdate(&hmac, (byte*)a.input, 0);
  9035. if (ret != 0) {
  9036. flag = ret;
  9037. }
  9038. }
  9039. wc_HmacFree(&hmac);
  9040. printf(resultFmt, flag == 0 ? passed : failed);
  9041. #endif
  9042. return flag;
  9043. } /* END test_wc_Sha224HmacUpdate */
  9044. /*
  9045. * testing wc_HmacUpdate on SHA256 hash.
  9046. */
  9047. static int test_wc_Sha256HmacUpdate (void)
  9048. {
  9049. int flag = 0;
  9050. #if !defined(NO_HMAC) && !defined(NO_SHA256)
  9051. Hmac hmac;
  9052. testVector a, b;
  9053. int ret;
  9054. #ifdef HAVE_FIPS
  9055. const char* keys =
  9056. "\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b";
  9057. #else
  9058. const char* keys = "Jefe";
  9059. #endif
  9060. a.input = "what do ya want for nothing?";
  9061. a.inLen = XSTRLEN(a.input);
  9062. b.input = "Hi There";
  9063. b.inLen = XSTRLEN(b.input);
  9064. flag = 0;
  9065. printf(testingFmt, "wc_HmacUpdate() with WC_SHA256");
  9066. ret = wc_HmacInit(&hmac, NULL, INVALID_DEVID);
  9067. if (ret != 0)
  9068. return ret;
  9069. ret = wc_HmacSetKey(&hmac, WC_SHA256, (byte*)keys, (word32)XSTRLEN(keys));
  9070. if (ret != 0) {
  9071. flag = ret;
  9072. }
  9073. if (!flag) {
  9074. ret = wc_HmacUpdate(&hmac, (byte*)b.input, (word32)b.inLen);
  9075. if (ret != 0) {
  9076. flag = ret;
  9077. }
  9078. }
  9079. /* Update Hmac. */
  9080. if (!flag) {
  9081. ret = wc_HmacUpdate(&hmac, (byte*)a.input, (word32)a.inLen);
  9082. if (ret != 0) {
  9083. flag = ret;
  9084. }
  9085. }
  9086. /* Test bad args. */
  9087. if (!flag) {
  9088. ret = wc_HmacUpdate(NULL, (byte*)a.input, (word32)a.inLen);
  9089. if (ret != BAD_FUNC_ARG) {
  9090. flag = WOLFSSL_FATAL_ERROR;
  9091. }
  9092. }
  9093. if (!flag) {
  9094. ret = wc_HmacUpdate(&hmac, NULL, (word32)a.inLen);
  9095. if (ret != BAD_FUNC_ARG) {
  9096. flag = WOLFSSL_FATAL_ERROR;
  9097. }
  9098. }
  9099. if (!flag) {
  9100. ret = wc_HmacUpdate(&hmac, (byte*)a.input, 0);
  9101. if (ret != 0) {
  9102. flag = ret;
  9103. }
  9104. }
  9105. wc_HmacFree(&hmac);
  9106. printf(resultFmt, flag == 0 ? passed : failed);
  9107. #endif
  9108. return flag;
  9109. } /* END test_wc_Sha256HmacUpdate */
  9110. /*
  9111. * testing wc_HmacUpdate on SHA384 hash.
  9112. */
  9113. static int test_wc_Sha384HmacUpdate (void)
  9114. {
  9115. int flag = 0;
  9116. #if !defined(NO_HMAC) && defined(WOLFSSL_SHA384)
  9117. Hmac hmac;
  9118. testVector a, b;
  9119. int ret;
  9120. #ifdef HAVE_FIPS
  9121. const char* keys =
  9122. "\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b";
  9123. #else
  9124. const char* keys = "Jefe";
  9125. #endif
  9126. a.input = "what do ya want for nothing?";
  9127. a.inLen = XSTRLEN(a.input);
  9128. b.input = "Hi There";
  9129. b.inLen = XSTRLEN(b.input);
  9130. flag = 0;
  9131. printf(testingFmt, "wc_HmacUpdate() with SHA384");
  9132. ret = wc_HmacInit(&hmac, NULL, INVALID_DEVID);
  9133. if (ret != 0)
  9134. return ret;
  9135. ret = wc_HmacSetKey(&hmac, WC_SHA384, (byte*)keys, (word32)XSTRLEN(keys));
  9136. if (ret != 0) {
  9137. flag = ret;
  9138. }
  9139. if (!flag) {
  9140. ret = wc_HmacUpdate(&hmac, (byte*)b.input, (word32)b.inLen);
  9141. if (ret != 0) {
  9142. flag = ret;
  9143. }
  9144. }
  9145. /* Update Hmac. */
  9146. if (!flag) {
  9147. ret = wc_HmacUpdate(&hmac, (byte*)a.input, (word32)a.inLen);
  9148. if (ret != 0) {
  9149. flag = ret;
  9150. }
  9151. }
  9152. /* Test bad args. */
  9153. if (!flag) {
  9154. ret = wc_HmacUpdate(NULL, (byte*)a.input, (word32)a.inLen);
  9155. if (ret != BAD_FUNC_ARG) {
  9156. flag = WOLFSSL_FATAL_ERROR;
  9157. }
  9158. }
  9159. if (!flag) {
  9160. ret = wc_HmacUpdate(&hmac, NULL, (word32)a.inLen);
  9161. if (ret != BAD_FUNC_ARG) {
  9162. flag = WOLFSSL_FATAL_ERROR;
  9163. }
  9164. }
  9165. if (!flag) {
  9166. ret = wc_HmacUpdate(&hmac, (byte*)a.input, 0);
  9167. if (ret != 0) {
  9168. flag = ret;
  9169. }
  9170. }
  9171. wc_HmacFree(&hmac);
  9172. printf(resultFmt, flag == 0 ? passed : failed);
  9173. #endif
  9174. return flag;
  9175. } /* END test_wc_Sha384HmacUpdate */
  9176. /*
  9177. * Testing wc_HmacFinal() with MD5
  9178. */
  9179. static int test_wc_Md5HmacFinal (void)
  9180. {
  9181. int flag = 0;
  9182. #if !defined(NO_HMAC) && !defined(NO_MD5)
  9183. Hmac hmac;
  9184. byte hash[WC_MD5_DIGEST_SIZE];
  9185. testVector a;
  9186. int ret;
  9187. const char* key;
  9188. key = "\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b";
  9189. a.input = "Hi There";
  9190. a.output = "\x92\x94\x72\x7a\x36\x38\xbb\x1c\x13\xf4\x8e\xf8\x15\x8b\xfc"
  9191. "\x9d";
  9192. a.inLen = XSTRLEN(a.input);
  9193. a.outLen = XSTRLEN(a.output);
  9194. flag = 0;
  9195. printf(testingFmt, "wc_HmacFinal() with MD5");
  9196. ret = wc_HmacInit(&hmac, NULL, INVALID_DEVID);
  9197. if (ret != 0)
  9198. return ret;
  9199. ret = wc_HmacSetKey(&hmac, WC_MD5, (byte*)key, (word32)XSTRLEN(key));
  9200. if (ret != 0) {
  9201. flag = ret;
  9202. }
  9203. if (!flag) {
  9204. ret = wc_HmacUpdate(&hmac, (byte*)a.input, (word32)a.inLen);
  9205. if (ret != 0) {
  9206. flag = ret;
  9207. }
  9208. }
  9209. if (!flag) {
  9210. ret = wc_HmacFinal(&hmac, hash);
  9211. if (ret != 0) {
  9212. flag = ret;
  9213. }
  9214. }
  9215. if (!flag) {
  9216. if (XMEMCMP(hash, a.output, WC_MD5_DIGEST_SIZE) != 0) {
  9217. flag = WOLFSSL_FATAL_ERROR;
  9218. }
  9219. }
  9220. /* Try bad parameters. */
  9221. if (!flag) {
  9222. ret = wc_HmacFinal(NULL, hash);
  9223. if (ret != BAD_FUNC_ARG) {
  9224. flag = WOLFSSL_FATAL_ERROR;
  9225. }
  9226. }
  9227. #ifndef HAVE_FIPS
  9228. if (!flag) {
  9229. ret = wc_HmacFinal(&hmac, NULL);
  9230. if (ret != BAD_FUNC_ARG) {
  9231. flag = WOLFSSL_FATAL_ERROR;
  9232. }
  9233. }
  9234. #endif
  9235. wc_HmacFree(&hmac);
  9236. printf(resultFmt, flag == 0 ? passed : failed);
  9237. #endif
  9238. return flag;
  9239. } /* END test_wc_Md5HmacFinal */
  9240. /*
  9241. * Testing wc_HmacFinal() with SHA
  9242. */
  9243. static int test_wc_ShaHmacFinal (void)
  9244. {
  9245. int flag = 0;
  9246. #if !defined(NO_HMAC) && !defined(NO_SHA)
  9247. Hmac hmac;
  9248. byte hash[WC_SHA_DIGEST_SIZE];
  9249. testVector a;
  9250. int ret;
  9251. const char* key;
  9252. key = "\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b"
  9253. "\x0b\x0b\x0b";
  9254. a.input = "Hi There";
  9255. a.output = "\xb6\x17\x31\x86\x55\x05\x72\x64\xe2\x8b\xc0\xb6\xfb\x37\x8c"
  9256. "\x8e\xf1\x46\xbe\x00";
  9257. a.inLen = XSTRLEN(a.input);
  9258. a.outLen = XSTRLEN(a.output);
  9259. flag = 0;
  9260. printf(testingFmt, "wc_HmacFinal() with SHA");
  9261. ret = wc_HmacInit(&hmac, NULL, INVALID_DEVID);
  9262. if (ret != 0)
  9263. return ret;
  9264. ret = wc_HmacSetKey(&hmac, WC_SHA, (byte*)key, (word32)XSTRLEN(key));
  9265. if (ret != 0) {
  9266. flag = ret;
  9267. }
  9268. if (!flag) {
  9269. ret = wc_HmacUpdate(&hmac, (byte*)a.input, (word32)a.inLen);
  9270. if (ret != 0) {
  9271. flag = ret;
  9272. }
  9273. }
  9274. if (!flag) {
  9275. ret = wc_HmacFinal(&hmac, hash);
  9276. if (ret != 0) {
  9277. flag = ret;
  9278. }
  9279. }
  9280. if (!flag) {
  9281. if (XMEMCMP(hash, a.output, WC_SHA_DIGEST_SIZE) != 0) {
  9282. flag = WOLFSSL_FATAL_ERROR;
  9283. }
  9284. }
  9285. /* Try bad parameters. */
  9286. if (!flag) {
  9287. ret = wc_HmacFinal(NULL, hash);
  9288. if (ret != BAD_FUNC_ARG) {
  9289. flag = WOLFSSL_FATAL_ERROR;
  9290. }
  9291. }
  9292. #ifndef HAVE_FIPS
  9293. if (!flag) {
  9294. ret = wc_HmacFinal(&hmac, NULL);
  9295. if (ret != BAD_FUNC_ARG) {
  9296. flag = WOLFSSL_FATAL_ERROR;
  9297. }
  9298. }
  9299. #endif
  9300. wc_HmacFree(&hmac);
  9301. printf(resultFmt, flag == 0 ? passed : failed);
  9302. #endif
  9303. return flag;
  9304. } /* END test_wc_ShaHmacFinal */
  9305. /*
  9306. * Testing wc_HmacFinal() with SHA224
  9307. */
  9308. static int test_wc_Sha224HmacFinal (void)
  9309. {
  9310. int flag = 0;
  9311. #if !defined(NO_HMAC) && defined(WOLFSSL_SHA224)
  9312. Hmac hmac;
  9313. byte hash[WC_SHA224_DIGEST_SIZE];
  9314. testVector a;
  9315. int ret;
  9316. const char* key;
  9317. key = "\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b"
  9318. "\x0b\x0b\x0b";
  9319. a.input = "Hi There";
  9320. a.output = "\x89\x6f\xb1\x12\x8a\xbb\xdf\x19\x68\x32\x10\x7c\xd4\x9d\xf3"
  9321. "\x3f\x47\xb4\xb1\x16\x99\x12\xba\x4f\x53\x68\x4b\x22";
  9322. a.inLen = XSTRLEN(a.input);
  9323. a.outLen = XSTRLEN(a.output);
  9324. flag = 0;
  9325. printf(testingFmt, "wc_HmacFinal() with SHA224");
  9326. ret = wc_HmacInit(&hmac, NULL, INVALID_DEVID);
  9327. if (ret != 0)
  9328. return ret;
  9329. ret = wc_HmacSetKey(&hmac, WC_SHA224, (byte*)key, (word32)XSTRLEN(key));
  9330. if (ret != 0) {
  9331. flag = ret;
  9332. }
  9333. if (!flag) {
  9334. ret = wc_HmacUpdate(&hmac, (byte*)a.input, (word32)a.inLen);
  9335. if (ret != 0) {
  9336. flag = ret;
  9337. }
  9338. }
  9339. if (!flag) {
  9340. ret = wc_HmacFinal(&hmac, hash);
  9341. if (ret != 0) {
  9342. flag = ret;
  9343. }
  9344. }
  9345. if (!flag) {
  9346. if (XMEMCMP(hash, a.output, WC_SHA224_DIGEST_SIZE) != 0) {
  9347. flag = WOLFSSL_FATAL_ERROR;
  9348. }
  9349. }
  9350. /* Try bad parameters. */
  9351. if (!flag) {
  9352. ret = wc_HmacFinal(NULL, hash);
  9353. if (ret != BAD_FUNC_ARG) {
  9354. flag = WOLFSSL_FATAL_ERROR;
  9355. }
  9356. }
  9357. #ifndef HAVE_FIPS
  9358. if (!flag) {
  9359. ret = wc_HmacFinal(&hmac, NULL);
  9360. if (ret != BAD_FUNC_ARG) {
  9361. flag = WOLFSSL_FATAL_ERROR;
  9362. }
  9363. }
  9364. #endif
  9365. wc_HmacFree(&hmac);
  9366. printf(resultFmt, flag == 0 ? passed : failed);
  9367. #endif
  9368. return flag;
  9369. } /* END test_wc_Sha224HmacFinal */
  9370. /*
  9371. * Testing wc_HmacFinal() with SHA256
  9372. */
  9373. static int test_wc_Sha256HmacFinal (void)
  9374. {
  9375. int flag = 0;
  9376. #if !defined(NO_HMAC) && !defined(NO_SHA256)
  9377. Hmac hmac;
  9378. byte hash[WC_SHA256_DIGEST_SIZE];
  9379. testVector a;
  9380. int ret;
  9381. const char* key;
  9382. key = "\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b"
  9383. "\x0b\x0b\x0b";
  9384. a.input = "Hi There";
  9385. a.output = "\xb0\x34\x4c\x61\xd8\xdb\x38\x53\x5c\xa8\xaf\xce\xaf\x0b\xf1"
  9386. "\x2b\x88\x1d\xc2\x00\xc9\x83\x3d\xa7\x26\xe9\x37\x6c\x2e\x32"
  9387. "\xcf\xf7";
  9388. a.inLen = XSTRLEN(a.input);
  9389. a.outLen = XSTRLEN(a.output);
  9390. flag = 0;
  9391. printf(testingFmt, "wc_HmacFinal() with WC_SHA256");
  9392. ret = wc_HmacInit(&hmac, NULL, INVALID_DEVID);
  9393. if (ret != 0)
  9394. return ret;
  9395. ret = wc_HmacSetKey(&hmac, WC_SHA256, (byte*)key, (word32)XSTRLEN(key));
  9396. if (ret != 0) {
  9397. flag = ret;
  9398. }
  9399. if (!flag) {
  9400. ret = wc_HmacUpdate(&hmac, (byte*)a.input, (word32)a.inLen);
  9401. if (ret != 0) {
  9402. flag = ret;
  9403. }
  9404. }
  9405. if (!flag) {
  9406. ret = wc_HmacFinal(&hmac, hash);
  9407. if (ret != 0) {
  9408. flag = ret;
  9409. }
  9410. }
  9411. if (!flag) {
  9412. if (XMEMCMP(hash, a.output, WC_SHA256_DIGEST_SIZE) != 0) {
  9413. flag = WOLFSSL_FATAL_ERROR;
  9414. }
  9415. }
  9416. /* Try bad parameters. */
  9417. if (!flag) {
  9418. ret = wc_HmacFinal(NULL, hash);
  9419. if (ret != BAD_FUNC_ARG) {
  9420. flag = WOLFSSL_FATAL_ERROR;
  9421. }
  9422. }
  9423. #ifndef HAVE_FIPS
  9424. if (!flag) {
  9425. ret = wc_HmacFinal(&hmac, NULL);
  9426. if (ret != BAD_FUNC_ARG) {
  9427. flag = WOLFSSL_FATAL_ERROR;
  9428. }
  9429. }
  9430. #endif
  9431. wc_HmacFree(&hmac);
  9432. printf(resultFmt, flag == 0 ? passed : failed);
  9433. #endif
  9434. return flag;
  9435. } /* END test_wc_Sha256HmacFinal */
  9436. /*
  9437. * Testing wc_HmacFinal() with SHA384
  9438. */
  9439. static int test_wc_Sha384HmacFinal (void)
  9440. {
  9441. int flag = 0;
  9442. #if !defined(NO_HMAC) && defined(WOLFSSL_SHA384)
  9443. Hmac hmac;
  9444. byte hash[WC_SHA384_DIGEST_SIZE];
  9445. testVector a;
  9446. int ret;
  9447. const char* key;
  9448. key = "\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b"
  9449. "\x0b\x0b\x0b";
  9450. a.input = "Hi There";
  9451. a.output = "\xaf\xd0\x39\x44\xd8\x48\x95\x62\x6b\x08\x25\xf4\xab\x46\x90"
  9452. "\x7f\x15\xf9\xda\xdb\xe4\x10\x1e\xc6\x82\xaa\x03\x4c\x7c\xeb"
  9453. "\xc5\x9c\xfa\xea\x9e\xa9\x07\x6e\xde\x7f\x4a\xf1\x52\xe8\xb2"
  9454. "\xfa\x9c\xb6";
  9455. a.inLen = XSTRLEN(a.input);
  9456. a.outLen = XSTRLEN(a.output);
  9457. flag = 0;
  9458. printf(testingFmt, "wc_HmacFinal() with SHA384");
  9459. ret = wc_HmacInit(&hmac, NULL, INVALID_DEVID);
  9460. if (ret != 0)
  9461. return ret;
  9462. ret = wc_HmacSetKey(&hmac, WC_SHA384, (byte*)key, (word32)XSTRLEN(key));
  9463. if (ret != 0) {
  9464. flag = ret;
  9465. }
  9466. if (!flag) {
  9467. ret = wc_HmacUpdate(&hmac, (byte*)a.input, (word32)a.inLen);
  9468. if (ret != 0) {
  9469. flag = ret;
  9470. }
  9471. }
  9472. if (!flag) {
  9473. ret = wc_HmacFinal(&hmac, hash);
  9474. if (ret != 0) {
  9475. flag = ret;
  9476. }
  9477. }
  9478. if (!flag) {
  9479. if (XMEMCMP(hash, a.output, WC_SHA384_DIGEST_SIZE) != 0) {
  9480. flag = WOLFSSL_FATAL_ERROR;
  9481. }
  9482. }
  9483. /* Try bad parameters. */
  9484. if (!flag) {
  9485. ret = wc_HmacFinal(NULL, hash);
  9486. if (ret != BAD_FUNC_ARG) {
  9487. flag = WOLFSSL_FATAL_ERROR;
  9488. }
  9489. }
  9490. #ifndef HAVE_FIPS
  9491. if (!flag) {
  9492. ret = wc_HmacFinal(&hmac, NULL);
  9493. if (ret != BAD_FUNC_ARG) {
  9494. flag = WOLFSSL_FATAL_ERROR;
  9495. }
  9496. }
  9497. #endif
  9498. wc_HmacFree(&hmac);
  9499. printf(resultFmt, flag == 0 ? passed : failed);
  9500. #endif
  9501. return flag;
  9502. } /* END test_wc_Sha384HmacFinal */
  9503. /*
  9504. * Testing wc_InitCmac()
  9505. */
  9506. static int test_wc_InitCmac (void)
  9507. {
  9508. int ret = 0;
  9509. #if defined(WOLFSSL_CMAC) && !defined(NO_AES)
  9510. Cmac cmac1, cmac2, cmac3;
  9511. /* AES 128 key. */
  9512. byte key1[] = "\x01\x02\x03\x04\x05\x06\x07\x08"
  9513. "\x09\x10\x11\x12\x13\x14\x15\x16";
  9514. /* AES 192 key. */
  9515. byte key2[] = "\x01\x02\x03\x04\x05\x06\x07\x08"
  9516. "\x09\x01\x11\x12\x13\x14\x15\x16"
  9517. "\x01\x02\x03\x04\x05\x06\x07\x08";
  9518. /* AES 256 key. */
  9519. byte key3[] = "\x01\x02\x03\x04\x05\x06\x07\x08"
  9520. "\x09\x01\x11\x12\x13\x14\x15\x16"
  9521. "\x01\x02\x03\x04\x05\x06\x07\x08"
  9522. "\x09\x01\x11\x12\x13\x14\x15\x16";
  9523. word32 key1Sz = (word32)sizeof(key1) - 1;
  9524. word32 key2Sz = (word32)sizeof(key2) - 1;
  9525. word32 key3Sz = (word32)sizeof(key3) - 1;
  9526. int type = WC_CMAC_AES;
  9527. printf(testingFmt, "wc_InitCmac()");
  9528. #ifdef WOLFSSL_AES_128
  9529. ret = wc_InitCmac(&cmac1, key1, key1Sz, type, NULL);
  9530. #endif
  9531. #ifdef WOLFSSL_AES_192
  9532. if (ret == 0)
  9533. ret = wc_InitCmac(&cmac2, key2, key2Sz, type, NULL);
  9534. #endif
  9535. #ifdef WOLFSSL_AES_256
  9536. if (ret == 0)
  9537. ret = wc_InitCmac(&cmac3, key3, key3Sz, type, NULL);
  9538. #endif
  9539. /* Test bad args. */
  9540. if (ret == 0) {
  9541. ret = wc_InitCmac(NULL, key3, key3Sz, type, NULL);
  9542. if (ret == BAD_FUNC_ARG) {
  9543. ret = wc_InitCmac(&cmac3, NULL, key3Sz, type, NULL);
  9544. }
  9545. if (ret == BAD_FUNC_ARG) {
  9546. ret = wc_InitCmac(&cmac3, key3, 0, type, NULL);
  9547. }
  9548. if (ret == BAD_FUNC_ARG) {
  9549. ret = wc_InitCmac(&cmac3, key3, key3Sz, 0, NULL);
  9550. }
  9551. if (ret == BAD_FUNC_ARG) {
  9552. ret = 0;
  9553. } else {
  9554. ret = WOLFSSL_FATAL_ERROR;
  9555. }
  9556. }
  9557. (void)key1;
  9558. (void)key1Sz;
  9559. (void)key2;
  9560. (void)key2Sz;
  9561. (void)cmac1;
  9562. (void)cmac2;
  9563. printf(resultFmt, ret == 0 ? passed : failed);
  9564. #endif
  9565. return ret;
  9566. } /* END test_wc_InitCmac */
  9567. /*
  9568. * Testing wc_CmacUpdate()
  9569. */
  9570. static int test_wc_CmacUpdate (void)
  9571. {
  9572. int ret = 0;
  9573. #if defined(WOLFSSL_CMAC) && !defined(NO_AES) && defined(WOLFSSL_AES_128)
  9574. Cmac cmac;
  9575. byte key[] =
  9576. {
  9577. 0x64, 0x4c, 0xbf, 0x12, 0x85, 0x9d, 0xf0, 0x55,
  9578. 0x7e, 0xa9, 0x1f, 0x08, 0xe0, 0x51, 0xff, 0x27
  9579. };
  9580. byte in[] = "\xe2\xb4\xb6\xf9\x48\x44\x02\x64"
  9581. "\x5c\x47\x80\x9e\xd5\xa8\x3a\x17"
  9582. "\xb3\x78\xcf\x85\x22\x41\x74\xd9"
  9583. "\xa0\x97\x39\x71\x62\xf1\x8e\x8f"
  9584. "\xf4";
  9585. word32 inSz = (word32)sizeof(in) - 1;
  9586. word32 keySz = (word32)sizeof(key);
  9587. int type = WC_CMAC_AES;
  9588. ret = wc_InitCmac(&cmac, key, keySz, type, NULL);
  9589. if (ret != 0) {
  9590. return ret;
  9591. }
  9592. printf(testingFmt, "wc_CmacUpdate()");
  9593. ret = wc_CmacUpdate(&cmac, in, inSz);
  9594. /* Test bad args. */
  9595. if (ret == 0) {
  9596. ret = wc_CmacUpdate(NULL, in, inSz);
  9597. if (ret == BAD_FUNC_ARG) {
  9598. ret = wc_CmacUpdate(&cmac, NULL, 30);
  9599. }
  9600. if (ret == BAD_FUNC_ARG) {
  9601. ret = 0;
  9602. } else if (ret == 0) {
  9603. ret = WOLFSSL_FATAL_ERROR;
  9604. }
  9605. }
  9606. printf(resultFmt, ret == 0 ? passed : failed);
  9607. #endif
  9608. return ret;
  9609. } /* END test_wc_CmacUpdate */
  9610. /*
  9611. * Testing wc_CmacFinal()
  9612. */
  9613. static int test_wc_CmacFinal (void)
  9614. {
  9615. int ret = 0;
  9616. #if defined(WOLFSSL_CMAC) && !defined(NO_AES) && defined(WOLFSSL_AES_128)
  9617. Cmac cmac;
  9618. byte key[] =
  9619. {
  9620. 0x64, 0x4c, 0xbf, 0x12, 0x85, 0x9d, 0xf0, 0x55,
  9621. 0x7e, 0xa9, 0x1f, 0x08, 0xe0, 0x51, 0xff, 0x27
  9622. };
  9623. byte msg[] =
  9624. {
  9625. 0xe2, 0xb4, 0xb6, 0xf9, 0x48, 0x44, 0x02, 0x64,
  9626. 0x5c, 0x47, 0x80, 0x9e, 0xd5, 0xa8, 0x3a, 0x17,
  9627. 0xb3, 0x78, 0xcf, 0x85, 0x22, 0x41, 0x74, 0xd9,
  9628. 0xa0, 0x97, 0x39, 0x71, 0x62, 0xf1, 0x8e, 0x8f,
  9629. 0xf4
  9630. };
  9631. /* Test vectors from CMACGenAES128.rsp from
  9632. * http://csrc.nist.gov/groups/STM/cavp/block-cipher-modes.html#cmac
  9633. * Per RFC4493 truncation of lsb is possible.
  9634. */
  9635. byte expMac[] =
  9636. {
  9637. 0x4e, 0x6e, 0xc5, 0x6f, 0xf9, 0x5d, 0x0e, 0xae,
  9638. 0x1c, 0xf8, 0x3e, 0xfc, 0xf4, 0x4b, 0xeb
  9639. };
  9640. byte mac[AES_BLOCK_SIZE];
  9641. word32 msgSz = (word32)sizeof(msg);
  9642. word32 keySz = (word32)sizeof(key);
  9643. word32 macSz = sizeof(mac);
  9644. word32 badMacSz = 17;
  9645. int expMacSz = sizeof(expMac);
  9646. int type = WC_CMAC_AES;
  9647. XMEMSET(mac, 0, macSz);
  9648. ret = wc_InitCmac(&cmac, key, keySz, type, NULL);
  9649. if (ret != 0) {
  9650. return ret;
  9651. }
  9652. ret = wc_CmacUpdate(&cmac, msg, msgSz);
  9653. printf(testingFmt, "wc_CmacFinal()");
  9654. if (ret == 0) {
  9655. ret = wc_CmacFinal(&cmac, mac, &macSz);
  9656. if (ret == 0 && XMEMCMP(mac, expMac, expMacSz) != 0) {
  9657. ret = WOLFSSL_FATAL_ERROR;
  9658. }
  9659. /* Pass in bad args. */
  9660. if (ret == 0) {
  9661. ret = wc_CmacFinal(NULL, mac, &macSz);
  9662. if (ret == BAD_FUNC_ARG) {
  9663. ret = wc_CmacFinal(&cmac, NULL, &macSz);
  9664. }
  9665. if (ret == BAD_FUNC_ARG) {
  9666. ret = wc_CmacFinal(&cmac, mac, &badMacSz);
  9667. if (ret == BUFFER_E) {
  9668. ret = 0;
  9669. }
  9670. } else if (ret == 0) {
  9671. ret = WOLFSSL_FATAL_ERROR;
  9672. }
  9673. }
  9674. }
  9675. printf(resultFmt, ret == 0 ? passed : failed);
  9676. #endif
  9677. return ret;
  9678. } /* END test_wc_CmacFinal */
  9679. /*
  9680. * Testing wc_AesCmacGenerate() && wc_AesCmacVerify()
  9681. */
  9682. static int test_wc_AesCmacGenerate (void)
  9683. {
  9684. int ret = 0;
  9685. #if defined(WOLFSSL_CMAC) && !defined(NO_AES) && defined(WOLFSSL_AES_128)
  9686. Cmac cmac;
  9687. byte key[] =
  9688. {
  9689. 0x26, 0xef, 0x8b, 0x40, 0x34, 0x11, 0x7d, 0x9e,
  9690. 0xbe, 0xc0, 0xc7, 0xfc, 0x31, 0x08, 0x54, 0x69
  9691. };
  9692. byte msg[] = "\x18\x90\x49\xef\xfd\x7c\xf9\xc8"
  9693. "\xf3\x59\x65\xbc\xb0\x97\x8f\xd4";
  9694. byte expMac[] = "\x29\x5f\x2f\x71\xfc\x58\xe6\xf6"
  9695. "\x3d\x32\x65\x4c\x66\x23\xc5";
  9696. byte mac[AES_BLOCK_SIZE];
  9697. word32 keySz = sizeof(key);
  9698. word32 macSz = sizeof(mac);
  9699. word32 msgSz = sizeof(msg) - 1;
  9700. word32 expMacSz = sizeof(expMac) - 1;
  9701. int type = WC_CMAC_AES;
  9702. XMEMSET(mac, 0, macSz);
  9703. ret = wc_InitCmac(&cmac, key, keySz, type, NULL);
  9704. if (ret != 0) {
  9705. return ret;
  9706. }
  9707. ret = wc_CmacUpdate(&cmac, msg, msgSz);
  9708. if (ret != 0) {
  9709. return ret;
  9710. }
  9711. printf(testingFmt, "wc_AesCmacGenerate()");
  9712. ret = wc_AesCmacGenerate(mac, &macSz, msg, msgSz, key, keySz);
  9713. if (ret == 0 && XMEMCMP(mac, expMac, expMacSz) != 0) {
  9714. ret = WOLFSSL_FATAL_ERROR;
  9715. }
  9716. /* Pass in bad args. */
  9717. if (ret == 0) {
  9718. ret = wc_AesCmacGenerate(NULL, &macSz, msg, msgSz, key, keySz);
  9719. if (ret == BAD_FUNC_ARG) {
  9720. ret = wc_AesCmacGenerate(mac, &macSz, msg, msgSz, NULL, keySz);
  9721. }
  9722. if (ret == BAD_FUNC_ARG) {
  9723. ret = wc_AesCmacGenerate(mac, &macSz, msg, msgSz, key, 0);
  9724. }
  9725. if (ret == BAD_FUNC_ARG) {
  9726. ret = wc_AesCmacGenerate(mac, &macSz, NULL, msgSz, key, keySz);
  9727. }
  9728. if (ret == BAD_FUNC_ARG) {
  9729. ret = 0;
  9730. } else if (ret == 0) {
  9731. ret = WOLFSSL_FATAL_ERROR;
  9732. }
  9733. }
  9734. printf(resultFmt, ret == 0 ? passed : failed);
  9735. if (ret == 0) {
  9736. printf(testingFmt, "wc_AesCmacVerify()");
  9737. ret = wc_AesCmacVerify(mac, macSz, msg, msgSz, key, keySz);
  9738. /* Test bad args. */
  9739. if (ret == 0) {
  9740. ret = wc_AesCmacVerify(NULL, macSz, msg, msgSz, key, keySz);
  9741. if (ret == BAD_FUNC_ARG) {
  9742. ret = wc_AesCmacVerify(mac, 0, msg, msgSz, key, keySz);
  9743. }
  9744. if (ret == BAD_FUNC_ARG) {
  9745. ret = wc_AesCmacVerify(mac, macSz, msg, msgSz, NULL, keySz);
  9746. }
  9747. if (ret == BAD_FUNC_ARG) {
  9748. ret = wc_AesCmacVerify(mac, macSz, msg, msgSz, key, 0);
  9749. }
  9750. if (ret == BAD_FUNC_ARG) {
  9751. ret = wc_AesCmacVerify(mac, macSz, NULL, msgSz, key, keySz);
  9752. }
  9753. if (ret == BAD_FUNC_ARG) {
  9754. ret = 0;
  9755. } else if (ret == 0) {
  9756. ret = WOLFSSL_FATAL_ERROR;
  9757. }
  9758. }
  9759. printf(resultFmt, ret == 0 ? passed : failed);
  9760. }
  9761. #endif
  9762. return ret;
  9763. } /* END test_wc_AesCmacGenerate */
  9764. /*
  9765. * Testing streaming AES-GCM API.
  9766. */
  9767. static int test_wc_AesGcmStream (void)
  9768. {
  9769. int ret = 0;
  9770. #if !defined(NO_AES) && defined(WOLFSSL_AES_128) && defined(HAVE_AESGCM) && \
  9771. defined(WOLFSSL_AESGCM_STREAM)
  9772. int i;
  9773. WC_RNG rng[1];
  9774. Aes aesEnc[1];
  9775. Aes aesDec[1];
  9776. byte tag[AES_BLOCK_SIZE];
  9777. byte in[AES_BLOCK_SIZE * 3 + 2] = { 0, };
  9778. byte out[AES_BLOCK_SIZE * 3 + 2];
  9779. byte plain[AES_BLOCK_SIZE * 3 + 2];
  9780. byte aad[AES_BLOCK_SIZE * 3 + 2] = { 0, };
  9781. byte key[AES_128_KEY_SIZE] = { 0, };
  9782. byte iv[AES_IV_SIZE] = { 1, };
  9783. byte ivOut[AES_IV_SIZE];
  9784. static const byte expTagAAD1[AES_BLOCK_SIZE] = {
  9785. 0x6c, 0x35, 0xe6, 0x7f, 0x59, 0x9e, 0xa9, 0x2f,
  9786. 0x27, 0x2d, 0x5f, 0x8e, 0x7e, 0x42, 0xd3, 0x05
  9787. };
  9788. static const byte expTagPlain1[AES_BLOCK_SIZE] = {
  9789. 0x24, 0xba, 0x57, 0x95, 0xd0, 0x27, 0x9e, 0x78,
  9790. 0x3a, 0x88, 0x4c, 0x0a, 0x5d, 0x50, 0x23, 0xd1
  9791. };
  9792. static const byte expTag[AES_BLOCK_SIZE] = {
  9793. 0x22, 0x91, 0x70, 0xad, 0x42, 0xc3, 0xad, 0x96,
  9794. 0xe0, 0x31, 0x57, 0x60, 0xb7, 0x92, 0xa3, 0x6d
  9795. };
  9796. /* Create a random for generating IV/nonce. */
  9797. AssertIntEQ(wc_InitRng(rng), 0);
  9798. /* Initialize data structures. */
  9799. AssertIntEQ(wc_AesInit(aesEnc, NULL, INVALID_DEVID), 0);
  9800. AssertIntEQ(wc_AesInit(aesDec, NULL, INVALID_DEVID), 0);
  9801. /* BadParameters to streaming init. */
  9802. AssertIntEQ(wc_AesGcmEncryptInit(NULL, NULL, 0, NULL, 0), BAD_FUNC_ARG);
  9803. AssertIntEQ(wc_AesGcmDecryptInit(NULL, NULL, 0, NULL, 0), BAD_FUNC_ARG);
  9804. AssertIntEQ(wc_AesGcmDecryptInit(aesEnc, NULL, AES_128_KEY_SIZE, NULL, 0),
  9805. BAD_FUNC_ARG);
  9806. AssertIntEQ(wc_AesGcmDecryptInit(aesEnc, NULL, 0, NULL, GCM_NONCE_MID_SZ),
  9807. BAD_FUNC_ARG);
  9808. /* Bad parameters to encrypt update. */
  9809. AssertIntEQ(wc_AesGcmEncryptUpdate(NULL, NULL, NULL, 0, NULL, 0),
  9810. BAD_FUNC_ARG);
  9811. AssertIntEQ(wc_AesGcmEncryptUpdate(aesEnc, NULL, NULL, 1, NULL, 0),
  9812. BAD_FUNC_ARG);
  9813. AssertIntEQ(wc_AesGcmEncryptUpdate(aesEnc, NULL, in, 1, NULL, 0),
  9814. BAD_FUNC_ARG);
  9815. AssertIntEQ(wc_AesGcmEncryptUpdate(aesEnc, out, NULL, 1, NULL, 0),
  9816. BAD_FUNC_ARG);
  9817. AssertIntEQ(wc_AesGcmEncryptUpdate(aesEnc, NULL, NULL, 0, NULL, 1),
  9818. BAD_FUNC_ARG);
  9819. /* Bad parameters to decrypt update. */
  9820. AssertIntEQ(wc_AesGcmDecryptUpdate(NULL, NULL, NULL, 0, NULL, 0),
  9821. BAD_FUNC_ARG);
  9822. AssertIntEQ(wc_AesGcmDecryptUpdate(aesDec, NULL, NULL, 1, NULL, 0),
  9823. BAD_FUNC_ARG);
  9824. AssertIntEQ(wc_AesGcmDecryptUpdate(aesDec, NULL, in, 1, NULL, 0),
  9825. BAD_FUNC_ARG);
  9826. AssertIntEQ(wc_AesGcmDecryptUpdate(aesDec, out, NULL, 1, NULL, 0),
  9827. BAD_FUNC_ARG);
  9828. AssertIntEQ(wc_AesGcmDecryptUpdate(aesDec, NULL, NULL, 0, NULL, 1),
  9829. BAD_FUNC_ARG);
  9830. /* Bad parameters to encrypt final. */
  9831. AssertIntEQ(wc_AesGcmEncryptFinal(NULL, NULL, 0), BAD_FUNC_ARG);
  9832. AssertIntEQ(wc_AesGcmEncryptFinal(NULL, tag, 0), BAD_FUNC_ARG);
  9833. AssertIntEQ(wc_AesGcmEncryptFinal(NULL, NULL, AES_BLOCK_SIZE),
  9834. BAD_FUNC_ARG);
  9835. AssertIntEQ(wc_AesGcmEncryptFinal(aesEnc, tag, 0), BAD_FUNC_ARG);
  9836. AssertIntEQ(wc_AesGcmEncryptFinal(aesEnc, NULL, AES_BLOCK_SIZE),
  9837. BAD_FUNC_ARG);
  9838. AssertIntEQ(wc_AesGcmEncryptFinal(aesEnc, tag, AES_BLOCK_SIZE + 1),
  9839. BAD_FUNC_ARG);
  9840. /* Bad parameters to decrypt final. */
  9841. AssertIntEQ(wc_AesGcmDecryptFinal(NULL, NULL, 0), BAD_FUNC_ARG);
  9842. AssertIntEQ(wc_AesGcmDecryptFinal(NULL, tag, 0), BAD_FUNC_ARG);
  9843. AssertIntEQ(wc_AesGcmDecryptFinal(NULL, NULL, AES_BLOCK_SIZE),
  9844. BAD_FUNC_ARG);
  9845. AssertIntEQ(wc_AesGcmDecryptFinal(aesDec, tag, 0), BAD_FUNC_ARG);
  9846. AssertIntEQ(wc_AesGcmDecryptFinal(aesDec, NULL, AES_BLOCK_SIZE),
  9847. BAD_FUNC_ARG);
  9848. AssertIntEQ(wc_AesGcmDecryptFinal(aesDec, tag, AES_BLOCK_SIZE + 1),
  9849. BAD_FUNC_ARG);
  9850. /* Check calling final before setting key fails. */
  9851. AssertIntEQ(wc_AesGcmEncryptFinal(aesEnc, tag, sizeof(tag)), MISSING_KEY);
  9852. AssertIntEQ(wc_AesGcmEncryptFinal(aesDec, tag, sizeof(tag)), MISSING_KEY);
  9853. /* Check calling update before setting key else fails. */
  9854. AssertIntEQ(wc_AesGcmEncryptUpdate(aesEnc, NULL, NULL, 0, aad, 1),
  9855. MISSING_KEY);
  9856. AssertIntEQ(wc_AesGcmDecryptUpdate(aesDec, NULL, NULL, 0, aad, 1),
  9857. MISSING_KEY);
  9858. /* Set key but not IV. */
  9859. AssertIntEQ(wc_AesGcmInit(aesEnc, key, sizeof(key), NULL, 0), 0);
  9860. AssertIntEQ(wc_AesGcmInit(aesDec, key, sizeof(key), NULL, 0), 0);
  9861. /* Check calling final before setting IV fails. */
  9862. AssertIntEQ(wc_AesGcmEncryptFinal(aesEnc, tag, sizeof(tag)), MISSING_IV);
  9863. AssertIntEQ(wc_AesGcmEncryptFinal(aesDec, tag, sizeof(tag)), MISSING_IV);
  9864. /* Check calling update before setting IV else fails. */
  9865. AssertIntEQ(wc_AesGcmEncryptUpdate(aesEnc, NULL, NULL, 0, aad, 1),
  9866. MISSING_IV);
  9867. AssertIntEQ(wc_AesGcmDecryptUpdate(aesDec, NULL, NULL, 0, aad, 1),
  9868. MISSING_IV);
  9869. /* Set IV using fixed part IV and external IV APIs. */
  9870. AssertIntEQ(wc_AesGcmSetIV(aesEnc, GCM_NONCE_MID_SZ, iv, AES_IV_FIXED_SZ,
  9871. rng), 0);
  9872. AssertIntEQ(wc_AesGcmEncryptInit_ex(aesEnc, NULL, 0, ivOut,
  9873. GCM_NONCE_MID_SZ), 0);
  9874. AssertIntEQ(wc_AesGcmSetExtIV(aesDec, ivOut, GCM_NONCE_MID_SZ), 0);
  9875. AssertIntEQ(wc_AesGcmInit(aesDec, NULL, 0, NULL, 0), 0);
  9876. /* Encrypt and decrypt data. */
  9877. AssertIntEQ(wc_AesGcmEncryptUpdate(aesEnc, out, in, 1, aad, 1), 0);
  9878. AssertIntEQ(wc_AesGcmDecryptUpdate(aesDec, plain, out, 1, aad, 1), 0);
  9879. AssertIntEQ(XMEMCMP(plain, in, 1), 0);
  9880. /* Finalize and check tag matches. */
  9881. AssertIntEQ(wc_AesGcmEncryptFinal(aesEnc, tag, AES_BLOCK_SIZE), 0);
  9882. AssertIntEQ(wc_AesGcmDecryptFinal(aesDec, tag, AES_BLOCK_SIZE), 0);
  9883. /* Set key and IV through streaming init API. */
  9884. AssertIntEQ(wc_AesGcmInit(aesEnc, key, sizeof(key), iv, AES_IV_SIZE), 0);
  9885. AssertIntEQ(wc_AesGcmInit(aesDec, key, sizeof(key), iv, AES_IV_SIZE), 0);
  9886. /* Encrypt/decrypt one block and AAD of one block. */
  9887. AssertIntEQ(wc_AesGcmEncryptUpdate(aesEnc, out, in, AES_BLOCK_SIZE, aad,
  9888. AES_BLOCK_SIZE), 0);
  9889. AssertIntEQ(wc_AesGcmDecryptUpdate(aesDec, plain, out, AES_BLOCK_SIZE, aad,
  9890. AES_BLOCK_SIZE), 0);
  9891. AssertIntEQ(XMEMCMP(plain, in, AES_BLOCK_SIZE), 0);
  9892. /* Finalize and check tag matches. */
  9893. AssertIntEQ(wc_AesGcmEncryptFinal(aesEnc, tag, AES_BLOCK_SIZE), 0);
  9894. AssertIntEQ(wc_AesGcmDecryptFinal(aesDec, tag, AES_BLOCK_SIZE), 0);
  9895. /* Set key and IV through streaming init API. */
  9896. AssertIntEQ(wc_AesGcmInit(aesEnc, key, sizeof(key), iv, AES_IV_SIZE), 0);
  9897. AssertIntEQ(wc_AesGcmInit(aesDec, key, sizeof(key), iv, AES_IV_SIZE), 0);
  9898. /* No data to encrypt/decrypt one byte of AAD. */
  9899. AssertIntEQ(wc_AesGcmEncryptUpdate(aesEnc, NULL, NULL, 0, aad, 1), 0);
  9900. AssertIntEQ(wc_AesGcmDecryptUpdate(aesDec, NULL, NULL, 0, aad, 1), 0);
  9901. /* Finalize and check tag matches. */
  9902. AssertIntEQ(wc_AesGcmEncryptFinal(aesEnc, tag, AES_BLOCK_SIZE), 0);
  9903. AssertIntEQ(XMEMCMP(tag, expTagAAD1, AES_BLOCK_SIZE), 0);
  9904. AssertIntEQ(wc_AesGcmDecryptFinal(aesDec, tag, AES_BLOCK_SIZE), 0);
  9905. /* Set key and IV through streaming init API. */
  9906. AssertIntEQ(wc_AesGcmInit(aesEnc, key, sizeof(key), iv, AES_IV_SIZE), 0);
  9907. AssertIntEQ(wc_AesGcmInit(aesDec, key, sizeof(key), iv, AES_IV_SIZE), 0);
  9908. /* Encrypt/decrypt one byte and no AAD. */
  9909. AssertIntEQ(wc_AesGcmEncryptUpdate(aesEnc, out, in, 1, NULL, 0), 0);
  9910. AssertIntEQ(wc_AesGcmDecryptUpdate(aesDec, plain, out, 1, NULL, 0), 0);
  9911. AssertIntEQ(XMEMCMP(plain, in, 1), 0);
  9912. /* Finalize and check tag matches. */
  9913. AssertIntEQ(wc_AesGcmEncryptFinal(aesEnc, tag, AES_BLOCK_SIZE), 0);
  9914. AssertIntEQ(XMEMCMP(tag, expTagPlain1, AES_BLOCK_SIZE), 0);
  9915. AssertIntEQ(wc_AesGcmDecryptFinal(aesDec, tag, AES_BLOCK_SIZE), 0);
  9916. /* Set key and IV through streaming init API. */
  9917. AssertIntEQ(wc_AesGcmInit(aesEnc, key, sizeof(key), iv, AES_IV_SIZE), 0);
  9918. AssertIntEQ(wc_AesGcmInit(aesDec, key, sizeof(key), iv, AES_IV_SIZE), 0);
  9919. /* Encryption AES is one byte at a time */
  9920. for (i = 0; i < (int)sizeof(aad); i++) {
  9921. AssertIntEQ(wc_AesGcmEncryptUpdate(aesEnc, NULL, NULL, 0, aad + i, 1),
  9922. 0);
  9923. }
  9924. for (i = 0; i < (int)sizeof(in); i++) {
  9925. AssertIntEQ(wc_AesGcmEncryptUpdate(aesEnc, out + i, in + i, 1, NULL, 0),
  9926. 0);
  9927. }
  9928. /* Decryption AES is two bytes at a time */
  9929. for (i = 0; i < (int)sizeof(aad); i += 2) {
  9930. AssertIntEQ(wc_AesGcmDecryptUpdate(aesDec, NULL, NULL, 0, aad + i, 2),
  9931. 0);
  9932. }
  9933. for (i = 0; i < (int)sizeof(aad); i += 2) {
  9934. AssertIntEQ(wc_AesGcmDecryptUpdate(aesDec, plain + i, out + i, 2, NULL,
  9935. 0), 0);
  9936. }
  9937. AssertIntEQ(XMEMCMP(plain, in, sizeof(in)), 0);
  9938. /* Finalize and check tag matches. */
  9939. AssertIntEQ(wc_AesGcmEncryptFinal(aesEnc, tag, AES_BLOCK_SIZE), 0);
  9940. AssertIntEQ(XMEMCMP(tag, expTag, AES_BLOCK_SIZE), 0);
  9941. AssertIntEQ(wc_AesGcmDecryptFinal(aesDec, tag, AES_BLOCK_SIZE), 0);
  9942. /* Check streaming encryption can be decrypted with one shot. */
  9943. AssertIntEQ(wc_AesGcmSetKey(aesDec, key, sizeof(key)), 0);
  9944. AssertIntEQ(wc_AesGcmDecrypt(aesDec, plain, out, sizeof(in), iv,
  9945. AES_IV_SIZE, tag, AES_BLOCK_SIZE, aad, sizeof(aad)), 0);
  9946. AssertIntEQ(XMEMCMP(plain, in, sizeof(in)), 0);
  9947. #endif
  9948. return ret;
  9949. } /* END test_wc_AesGcmStream */
  9950. /*
  9951. * unit test for wc_Des3_SetIV()
  9952. */
  9953. static int test_wc_Des3_SetIV (void)
  9954. {
  9955. int ret = 0;
  9956. #ifndef NO_DES3
  9957. Des3 des;
  9958. const byte key[] =
  9959. {
  9960. 0x01,0x23,0x45,0x67,0x89,0xab,0xcd,0xef,
  9961. 0xfe,0xde,0xba,0x98,0x76,0x54,0x32,0x10,
  9962. 0x89,0xab,0xcd,0xef,0x01,0x23,0x45,0x67
  9963. };
  9964. const byte iv[] =
  9965. {
  9966. 0x12,0x34,0x56,0x78,0x90,0xab,0xcd,0xef,
  9967. 0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01,
  9968. 0x11,0x21,0x31,0x41,0x51,0x61,0x71,0x81
  9969. };
  9970. printf(testingFmt, "wc_Des3_SetIV()");
  9971. ret = wc_Des3Init(&des, NULL, INVALID_DEVID);
  9972. if (ret != 0)
  9973. return ret;
  9974. /* DES_ENCRYPTION or DES_DECRYPTION */
  9975. ret = wc_Des3_SetKey(&des, key, iv, DES_ENCRYPTION);
  9976. if (ret == 0) {
  9977. if (XMEMCMP(iv, des.reg, DES_BLOCK_SIZE) != 0) {
  9978. ret = WOLFSSL_FATAL_ERROR;
  9979. }
  9980. }
  9981. #ifndef HAVE_FIPS /* no sanity checks with FIPS wrapper */
  9982. /* Test explicitly wc_Des3_SetIV() */
  9983. if (ret == 0) {
  9984. ret = wc_Des3_SetIV(NULL, iv);
  9985. if (ret == BAD_FUNC_ARG) {
  9986. ret = wc_Des3_SetIV(&des, NULL);
  9987. } else if (ret == 0) {
  9988. ret = WOLFSSL_FATAL_ERROR;
  9989. }
  9990. }
  9991. #endif
  9992. wc_Des3Free(&des);
  9993. printf(resultFmt, ret == 0 ? passed : failed);
  9994. #endif
  9995. return ret;
  9996. } /* END test_wc_Des3_SetIV */
  9997. /*
  9998. * unit test for wc_Des3_SetKey()
  9999. */
  10000. static int test_wc_Des3_SetKey (void)
  10001. {
  10002. int ret = 0;
  10003. #ifndef NO_DES3
  10004. Des3 des;
  10005. const byte key[] =
  10006. {
  10007. 0x01,0x23,0x45,0x67,0x89,0xab,0xcd,0xef,
  10008. 0xfe,0xde,0xba,0x98,0x76,0x54,0x32,0x10,
  10009. 0x89,0xab,0xcd,0xef,0x01,0x23,0x45,0x67
  10010. };
  10011. const byte iv[] =
  10012. {
  10013. 0x12,0x34,0x56,0x78,0x90,0xab,0xcd,0xef,
  10014. 0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01,
  10015. 0x11,0x21,0x31,0x41,0x51,0x61,0x71,0x81
  10016. };
  10017. printf(testingFmt, "wc_Des3_SetKey()");
  10018. ret = wc_Des3Init(&des, NULL, INVALID_DEVID);
  10019. if (ret != 0)
  10020. return ret;
  10021. /* DES_ENCRYPTION or DES_DECRYPTION */
  10022. ret = wc_Des3_SetKey(&des, key, iv, DES_ENCRYPTION);
  10023. if (ret == 0) {
  10024. if (XMEMCMP(iv, des.reg, DES_BLOCK_SIZE) != 0) {
  10025. ret = WOLFSSL_FATAL_ERROR;
  10026. }
  10027. }
  10028. /* Test bad args. */
  10029. if (ret == 0) {
  10030. ret = wc_Des3_SetKey(NULL, key, iv, DES_ENCRYPTION);
  10031. if (ret == BAD_FUNC_ARG) {
  10032. ret = wc_Des3_SetKey(&des, NULL, iv, DES_ENCRYPTION);
  10033. }
  10034. if (ret == BAD_FUNC_ARG) {
  10035. ret = wc_Des3_SetKey(&des, key, iv, -1);
  10036. }
  10037. if (ret == BAD_FUNC_ARG) {
  10038. /* Default case. Should return 0. */
  10039. ret = wc_Des3_SetKey(&des, key, NULL, DES_ENCRYPTION);
  10040. }
  10041. } /* END if ret != 0 */
  10042. wc_Des3Free(&des);
  10043. printf(resultFmt, ret == 0 ? passed : failed);
  10044. #endif
  10045. return ret;
  10046. } /* END test_wc_Des3_SetKey */
  10047. /*
  10048. * Test function for wc_Des3_CbcEncrypt and wc_Des3_CbcDecrypt
  10049. */
  10050. static int test_wc_Des3_CbcEncryptDecrypt (void)
  10051. {
  10052. int ret = 0;
  10053. #ifndef NO_DES3
  10054. Des3 des;
  10055. byte cipher[24];
  10056. byte plain[24];
  10057. const byte key[] =
  10058. {
  10059. 0x01,0x23,0x45,0x67,0x89,0xab,0xcd,0xef,
  10060. 0xfe,0xde,0xba,0x98,0x76,0x54,0x32,0x10,
  10061. 0x89,0xab,0xcd,0xef,0x01,0x23,0x45,0x67
  10062. };
  10063. const byte iv[] =
  10064. {
  10065. 0x12,0x34,0x56,0x78,0x90,0xab,0xcd,0xef,
  10066. 0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01,
  10067. 0x11,0x21,0x31,0x41,0x51,0x61,0x71,0x81
  10068. };
  10069. const byte vector[] = { /* "Now is the time for all " w/o trailing 0 */
  10070. 0x4e,0x6f,0x77,0x20,0x69,0x73,0x20,0x74,
  10071. 0x68,0x65,0x20,0x74,0x69,0x6d,0x65,0x20,
  10072. 0x66,0x6f,0x72,0x20,0x61,0x6c,0x6c,0x20
  10073. };
  10074. printf(testingFmt, "wc_Des3_CbcEncrypt()");
  10075. ret = wc_Des3Init(&des, NULL, INVALID_DEVID);
  10076. if (ret != 0)
  10077. return ret;
  10078. ret = wc_Des3_SetKey(&des, key, iv, DES_ENCRYPTION);
  10079. if (ret == 0) {
  10080. ret = wc_Des3_CbcEncrypt(&des, cipher, vector, 24);
  10081. if (ret == 0) {
  10082. ret = wc_Des3_SetKey(&des, key, iv, DES_DECRYPTION);
  10083. }
  10084. if (ret == 0) {
  10085. ret = wc_Des3_CbcDecrypt(&des, plain, cipher, 24);
  10086. }
  10087. }
  10088. if (ret == 0) {
  10089. if (XMEMCMP(plain, vector, 24) != 0) {
  10090. ret = WOLFSSL_FATAL_ERROR;
  10091. }
  10092. }
  10093. /* Pass in bad args. */
  10094. if (ret == 0) {
  10095. ret = wc_Des3_CbcEncrypt(NULL, cipher, vector, 24);
  10096. if (ret == BAD_FUNC_ARG) {
  10097. ret = wc_Des3_CbcEncrypt(&des, NULL, vector, 24);
  10098. }
  10099. if (ret == BAD_FUNC_ARG) {
  10100. ret = wc_Des3_CbcEncrypt(&des, cipher, NULL, sizeof(vector));
  10101. }
  10102. if (ret != BAD_FUNC_ARG) {
  10103. ret = WOLFSSL_FATAL_ERROR;
  10104. } else {
  10105. ret = 0;
  10106. }
  10107. }
  10108. if (ret == 0) {
  10109. ret = wc_Des3_CbcDecrypt(NULL, plain, cipher, 24);
  10110. if (ret == BAD_FUNC_ARG) {
  10111. ret = wc_Des3_CbcDecrypt(&des, NULL, cipher, 24);
  10112. }
  10113. if (ret == BAD_FUNC_ARG) {
  10114. ret = wc_Des3_CbcDecrypt(&des, plain, NULL, 24);
  10115. }
  10116. if (ret != BAD_FUNC_ARG) {
  10117. ret = WOLFSSL_FATAL_ERROR;
  10118. } else {
  10119. ret = 0;
  10120. }
  10121. }
  10122. wc_Des3Free(&des);
  10123. printf(resultFmt, ret == 0 ? passed : failed);
  10124. #endif
  10125. return ret;
  10126. } /* END wc_Des3_CbcEncrypt */
  10127. /*
  10128. * Unit test for wc_Des3_CbcEncryptWithKey and wc_Des3_CbcDecryptWithKey
  10129. */
  10130. static int test_wc_Des3_CbcEncryptDecryptWithKey (void)
  10131. {
  10132. int ret = 0;
  10133. #ifndef NO_DES3
  10134. word32 vectorSz, cipherSz;
  10135. byte cipher[24];
  10136. byte plain[24];
  10137. byte vector[] = /* Now is the time for all w/o trailing 0 */
  10138. {
  10139. 0x4e,0x6f,0x77,0x20,0x69,0x73,0x20,0x74,
  10140. 0x68,0x65,0x20,0x74,0x69,0x6d,0x65,0x20,
  10141. 0x66,0x6f,0x72,0x20,0x61,0x6c,0x6c,0x20
  10142. };
  10143. byte key[] =
  10144. {
  10145. 0x01,0x23,0x45,0x67,0x89,0xab,0xcd,0xef,
  10146. 0xfe,0xde,0xba,0x98,0x76,0x54,0x32,0x10,
  10147. 0x89,0xab,0xcd,0xef,0x01,0x23,0x45,0x67
  10148. };
  10149. byte iv[] =
  10150. {
  10151. 0x12,0x34,0x56,0x78,0x90,0xab,0xcd,0xef,
  10152. 0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01,
  10153. 0x11,0x21,0x31,0x41,0x51,0x61,0x71,0x81
  10154. };
  10155. vectorSz = sizeof(byte) * 24;
  10156. cipherSz = sizeof(byte) * 24;
  10157. printf(testingFmt, "wc_Des3_CbcEncryptWithKey()");
  10158. ret = wc_Des3_CbcEncryptWithKey(cipher, vector, vectorSz, key, iv);
  10159. if (ret == 0) {
  10160. ret = wc_Des3_CbcDecryptWithKey(plain, cipher, cipherSz, key, iv);
  10161. if (ret == 0) {
  10162. if (XMEMCMP(plain, vector, 24) != 0) {
  10163. ret = WOLFSSL_FATAL_ERROR;
  10164. }
  10165. }
  10166. }
  10167. /* pass in bad args. */
  10168. if (ret == 0) {
  10169. ret = wc_Des3_CbcEncryptWithKey(NULL, vector, vectorSz, key, iv);
  10170. if (ret == BAD_FUNC_ARG) {
  10171. ret = wc_Des3_CbcEncryptWithKey(cipher, NULL, vectorSz, key, iv);
  10172. }
  10173. if (ret == BAD_FUNC_ARG) {
  10174. ret = wc_Des3_CbcEncryptWithKey(cipher, vector, vectorSz, NULL, iv);
  10175. }
  10176. if (ret == BAD_FUNC_ARG) {
  10177. ret = wc_Des3_CbcEncryptWithKey(cipher, vector, vectorSz,
  10178. key, NULL);
  10179. } else {
  10180. /* Return code catch. */
  10181. ret = WOLFSSL_FAILURE;
  10182. }
  10183. }
  10184. if (ret == 0) {
  10185. ret = wc_Des3_CbcDecryptWithKey(NULL, cipher, cipherSz, key, iv);
  10186. if (ret == BAD_FUNC_ARG) {
  10187. ret = wc_Des3_CbcDecryptWithKey(plain, NULL, cipherSz, key, iv);
  10188. }
  10189. if (ret == BAD_FUNC_ARG) {
  10190. ret = wc_Des3_CbcDecryptWithKey(plain, cipher, cipherSz, NULL, iv);
  10191. }
  10192. if (ret == BAD_FUNC_ARG) {
  10193. ret = wc_Des3_CbcDecryptWithKey(plain, cipher, cipherSz, key, NULL);
  10194. } else {
  10195. ret = WOLFSSL_FAILURE;
  10196. }
  10197. }
  10198. printf(resultFmt, ret == 0 ? passed : failed);
  10199. #endif
  10200. return ret;
  10201. } /* END test_wc_Des3_CbcEncryptDecryptWithKey */
  10202. /*
  10203. * Unit test for wc_Des3_EcbEncrypt
  10204. */
  10205. static int test_wc_Des3_EcbEncrypt (void)
  10206. {
  10207. int ret = 0;
  10208. #if !defined(NO_DES3) && defined(WOLFSSL_DES_ECB)
  10209. Des3 des;
  10210. byte cipher[24];
  10211. word32 cipherSz = sizeof(cipher);
  10212. const byte key[] =
  10213. {
  10214. 0x01,0x23,0x45,0x67,0x89,0xab,0xcd,0xef,
  10215. 0xfe,0xde,0xba,0x98,0x76,0x54,0x32,0x10,
  10216. 0x89,0xab,0xcd,0xef,0x01,0x23,0x45,0x67
  10217. };
  10218. const byte iv[] =
  10219. {
  10220. 0x12,0x34,0x56,0x78,0x90,0xab,0xcd,0xef,
  10221. 0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01,
  10222. 0x11,0x21,0x31,0x41,0x51,0x61,0x71,0x81
  10223. };
  10224. const byte vector[] = { /* "Now is the time for all " w/o trailing 0 */
  10225. 0x4e,0x6f,0x77,0x20,0x69,0x73,0x20,0x74,
  10226. 0x68,0x65,0x20,0x74,0x69,0x6d,0x65,0x20,
  10227. 0x66,0x6f,0x72,0x20,0x61,0x6c,0x6c,0x20
  10228. };
  10229. printf(testingFmt, "wc_Des3_EcbEncrypt()");
  10230. ret = wc_Des3Init(&des, NULL, INVALID_DEVID);
  10231. if (ret != 0) {
  10232. return ret;
  10233. }
  10234. if (ret == 0 ) {
  10235. ret = wc_Des3_SetKey(&des, key, iv, DES_ENCRYPTION);
  10236. }
  10237. /* Bad Cases */
  10238. if (ret == 0) {
  10239. ret = wc_Des3_EcbEncrypt(NULL, cipher, vector, cipherSz);
  10240. if (ret == BAD_FUNC_ARG) {
  10241. ret = 0;
  10242. }
  10243. }
  10244. if (ret == 0) {
  10245. ret = wc_Des3_EcbEncrypt(&des, 0, vector, cipherSz);
  10246. if (ret == BAD_FUNC_ARG) {
  10247. ret = 0;
  10248. }
  10249. }
  10250. if (ret == 0) {
  10251. ret = wc_Des3_EcbEncrypt(&des, cipher, NULL, cipherSz);
  10252. if (ret == BAD_FUNC_ARG) {
  10253. ret = 0;
  10254. }
  10255. }
  10256. if (ret == 0) {
  10257. ret = wc_Des3_EcbEncrypt(&des, cipher, vector, 0);
  10258. if (ret == BAD_FUNC_ARG) {
  10259. ret = 0;
  10260. }
  10261. }
  10262. if (ret == 0) {
  10263. ret = wc_Des3_EcbEncrypt(NULL, 0, NULL, 0);
  10264. if (ret == BAD_FUNC_ARG) {
  10265. ret = 0;
  10266. }
  10267. }
  10268. /* Good Cases */
  10269. if (ret == 0) {
  10270. ret = wc_Des3_EcbEncrypt(&des, cipher, vector, cipherSz);
  10271. }
  10272. wc_Des3Free(&des);
  10273. printf(resultFmt, ret == 0 ? passed : failed);
  10274. #endif
  10275. return ret;
  10276. } /* END test_wc_Des3_EcbEncrypt */
  10277. /*
  10278. * Testing wc_Chacha_SetKey() and wc_Chacha_SetIV()
  10279. */
  10280. static int test_wc_Chacha_SetKey (void)
  10281. {
  10282. int ret = 0;
  10283. #ifdef HAVE_CHACHA
  10284. ChaCha ctx;
  10285. const byte key[] =
  10286. {
  10287. 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
  10288. 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
  10289. 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
  10290. 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x01
  10291. };
  10292. byte cipher[128];
  10293. printf(testingFmt, "wc_Chacha_SetKey()");
  10294. ret = wc_Chacha_SetKey(&ctx, key, (word32)(sizeof(key)/sizeof(byte)));
  10295. /* Test bad args. */
  10296. if (ret == 0) {
  10297. ret = wc_Chacha_SetKey(NULL, key, (word32)(sizeof(key)/sizeof(byte)));
  10298. if (ret == BAD_FUNC_ARG) {
  10299. ret = wc_Chacha_SetKey(&ctx, key, 18);
  10300. }
  10301. if (ret == BAD_FUNC_ARG) {
  10302. ret = 0;
  10303. } else {
  10304. ret = WOLFSSL_FATAL_ERROR;
  10305. }
  10306. }
  10307. printf(resultFmt, ret == 0 ? passed : failed);
  10308. if (ret != 0) {
  10309. return ret;
  10310. }
  10311. printf(testingFmt, "wc_Chacha_SetIV");
  10312. ret = wc_Chacha_SetIV(&ctx, cipher, 0);
  10313. if (ret == 0) {
  10314. /* Test bad args. */
  10315. ret = wc_Chacha_SetIV(NULL, cipher, 0);
  10316. if (ret == BAD_FUNC_ARG) {
  10317. ret = 0;
  10318. } else {
  10319. ret = WOLFSSL_FAILURE;
  10320. }
  10321. }
  10322. printf(resultFmt, ret == 0 ? passed : failed);
  10323. #endif
  10324. return ret;
  10325. } /* END test_wc_Chacha_SetKey */
  10326. /*
  10327. * unit test for wc_Poly1305SetKey()
  10328. */
  10329. static int test_wc_Poly1305SetKey(void)
  10330. {
  10331. int ret = 0;
  10332. #ifdef HAVE_POLY1305
  10333. Poly1305 ctx;
  10334. const byte key[] =
  10335. {
  10336. 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
  10337. 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
  10338. 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
  10339. 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x01
  10340. };
  10341. printf(testingFmt, "wc_Poly1305_SetKey()");
  10342. ret = wc_Poly1305SetKey(&ctx, key, (word32)(sizeof(key)/sizeof(byte)));
  10343. /* Test bad args. */
  10344. if (ret == 0) {
  10345. ret = wc_Poly1305SetKey(NULL, key, (word32)(sizeof(key)/sizeof(byte)));
  10346. if(ret == BAD_FUNC_ARG) {
  10347. ret = wc_Poly1305SetKey(&ctx, NULL, (word32)(sizeof(key)/sizeof(byte)));
  10348. }
  10349. if (ret == BAD_FUNC_ARG) {
  10350. ret = wc_Poly1305SetKey(&ctx, key, 18);
  10351. }
  10352. if (ret == BAD_FUNC_ARG) {
  10353. ret = 0;
  10354. } else {
  10355. ret = WOLFSSL_FATAL_ERROR;
  10356. }
  10357. }
  10358. printf(resultFmt, ret == 0 ? passed : failed);
  10359. #endif
  10360. return ret;
  10361. } /* END test_wc_Poly1305_SetKey() */
  10362. /*
  10363. * Testing wc_Chacha_Process()
  10364. */
  10365. static int test_wc_Chacha_Process (void)
  10366. {
  10367. int ret = 0;
  10368. #ifdef HAVE_CHACHA
  10369. ChaCha enc, dec;
  10370. byte cipher[128];
  10371. byte plain[128];
  10372. const byte key[] =
  10373. {
  10374. 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
  10375. 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
  10376. 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
  10377. 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x01
  10378. };
  10379. const char* input = "Everybody gets Friday off.";
  10380. word32 keySz = sizeof(key)/sizeof(byte);
  10381. unsigned long int inlen = XSTRLEN(input);
  10382. /*Initialize stack varialbes.*/
  10383. XMEMSET(cipher, 0, 128);
  10384. XMEMSET(plain, 0, 128);
  10385. printf(testingFmt, "wc_Chacha_Process()");
  10386. ret = wc_Chacha_SetKey(&enc, key, keySz);
  10387. AssertIntEQ(ret, 0);
  10388. ret = wc_Chacha_SetKey(&dec, key, keySz);
  10389. AssertIntEQ(ret, 0);
  10390. ret = wc_Chacha_SetIV(&enc, cipher, 0);
  10391. AssertIntEQ(ret, 0);
  10392. ret = wc_Chacha_SetIV(&dec, cipher, 0);
  10393. AssertIntEQ(ret, 0);
  10394. ret = wc_Chacha_Process(&enc, cipher, (byte*)input, (word32)inlen);
  10395. AssertIntEQ(ret, 0);
  10396. ret = wc_Chacha_Process(&dec, plain, cipher, (word32)inlen);
  10397. AssertIntEQ(ret, 0);
  10398. ret = XMEMCMP(input, plain, (int)inlen);
  10399. AssertIntEQ(ret, 0);
  10400. #if !defined(USE_INTEL_CHACHA_SPEEDUP) && !defined(WOLFSSL_ARMASM)
  10401. /* test checking and using leftovers, currently just in C code */
  10402. ret = wc_Chacha_SetIV(&enc, cipher, 0);
  10403. AssertIntEQ(ret, 0);
  10404. ret = wc_Chacha_SetIV(&dec, cipher, 0);
  10405. AssertIntEQ(ret, 0);
  10406. ret = wc_Chacha_Process(&enc, cipher, (byte*)input, (word32)inlen - 2);
  10407. AssertIntEQ(ret, 0);
  10408. ret = wc_Chacha_Process(&enc, cipher + (inlen - 2),
  10409. (byte*)input + (inlen - 2), 2);
  10410. AssertIntEQ(ret, 0);
  10411. ret = wc_Chacha_Process(&dec, plain, (byte*)cipher, (word32)inlen - 2);
  10412. AssertIntEQ(ret, 0);
  10413. ret = wc_Chacha_Process(&dec, cipher + (inlen - 2),
  10414. (byte*)input + (inlen - 2), 2);
  10415. AssertIntEQ(ret, 0);
  10416. ret = XMEMCMP(input, plain, (int)inlen);
  10417. AssertIntEQ(ret, 0);
  10418. /* check edge cases with counter increment */
  10419. {
  10420. /* expected results collected from wolfSSL 4.3.0 encrypted in one call*/
  10421. const byte expected[] = {
  10422. 0x54,0xB1,0xE2,0xD4,0xA2,0x4D,0x52,0x5F,
  10423. 0x42,0x04,0x89,0x7C,0x6E,0x2D,0xFC,0x2D,
  10424. 0x10,0x25,0xB6,0x92,0x71,0xD5,0xC3,0x20,
  10425. 0xE3,0x0E,0xEC,0xF4,0xD8,0x10,0x70,0x29,
  10426. 0x2D,0x4C,0x2A,0x56,0x21,0xE1,0xC7,0x37,
  10427. 0x0B,0x86,0xF5,0x02,0x8C,0xB8,0xB8,0x38,
  10428. 0x41,0xFD,0xDF,0xD9,0xC3,0xE6,0xC8,0x88,
  10429. 0x06,0x82,0xD4,0x80,0x6A,0x50,0x69,0xD5,
  10430. 0xB9,0xB0,0x2F,0x44,0x36,0x5D,0xDA,0x5E,
  10431. 0xDE,0xF6,0xF5,0xFC,0x44,0xDC,0x07,0x51,
  10432. 0xA7,0x32,0x42,0xDB,0xCC,0xBD,0xE2,0xE5,
  10433. 0x0B,0xB1,0x14,0xFF,0x12,0x80,0x16,0x43,
  10434. 0xE7,0x40,0xD5,0xEA,0xC7,0x3F,0x69,0x07,
  10435. 0x64,0xD4,0x86,0x6C,0xE2,0x1F,0x8F,0x6E,
  10436. 0x35,0x41,0xE7,0xD3,0xB5,0x5D,0xD6,0xD4,
  10437. 0x9F,0x00,0xA9,0xAE,0x3D,0x28,0xA5,0x37,
  10438. 0x80,0x3D,0x11,0x25,0xE2,0xB6,0x99,0xD9,
  10439. 0x9B,0x98,0xE9,0x37,0xB9,0xF8,0xA0,0x04,
  10440. 0xDF,0x13,0x49,0x3F,0x19,0x6A,0x45,0x06,
  10441. 0x21,0xB4,0xC7,0x3B,0x49,0x45,0xB4,0xC8,
  10442. 0x03,0x5B,0x43,0x89,0xBD,0xB3,0x96,0x4B,
  10443. 0x17,0x6F,0x85,0xC6,0xCF,0xA6,0x05,0x35,
  10444. 0x1E,0x25,0x03,0xBB,0x55,0x0A,0xD5,0x54,
  10445. 0x41,0xEA,0xEB,0x50,0x40,0x1B,0x43,0x19,
  10446. 0x59,0x1B,0x0E,0x12,0x3E,0xA2,0x71,0xC3,
  10447. 0x1A,0xA7,0x11,0x50,0x43,0x9D,0x56,0x3B,
  10448. 0x63,0x2F,0x63,0xF1,0x8D,0xAE,0xF3,0x23,
  10449. 0xFA,0x1E,0xD8,0x6A,0xE1,0xB2,0x4B,0xF3,
  10450. 0xB9,0x13,0x7A,0x72,0x2B,0x6D,0xCC,0x41,
  10451. 0x1C,0x69,0x7C,0xCD,0x43,0x6F,0xE4,0xE2,
  10452. 0x38,0x99,0xFB,0xC3,0x38,0x92,0x62,0x35,
  10453. 0xC0,0x1D,0x60,0xE4,0x4B,0xDD,0x0C,0x14
  10454. };
  10455. const byte iv2[] = {
  10456. 0x9D,0xED,0xE7,0x0F,0xEC,0x81,0x51,0xD9,
  10457. 0x77,0x39,0x71,0xA6,0x21,0xDF,0xB8,0x93
  10458. };
  10459. byte input2[256];
  10460. int i;
  10461. for (i = 0; i < 256; i++)
  10462. input2[i] = i;
  10463. ret = wc_Chacha_SetIV(&enc, iv2, 0);
  10464. AssertIntEQ(ret, 0);
  10465. ret = wc_Chacha_Process(&enc, cipher, input2, 64);
  10466. AssertIntEQ(ret, 0);
  10467. AssertIntEQ(XMEMCMP(expected, cipher, 64), 0);
  10468. ret = wc_Chacha_Process(&enc, cipher, input2 + 64, 128);
  10469. AssertIntEQ(ret, 0);
  10470. AssertIntEQ(XMEMCMP(expected + 64, cipher, 128), 0);
  10471. /* partial */
  10472. ret = wc_Chacha_Process(&enc, cipher, input2 + 192, 32);
  10473. AssertIntEQ(ret, 0);
  10474. AssertIntEQ(XMEMCMP(expected + 192, cipher, 32), 0);
  10475. ret = wc_Chacha_Process(&enc, cipher, input2 + 224, 32);
  10476. AssertIntEQ(ret, 0);
  10477. AssertIntEQ(XMEMCMP(expected + 224, cipher, 32), 0);
  10478. }
  10479. #endif
  10480. /* Test bad args. */
  10481. ret = wc_Chacha_Process(NULL, cipher, (byte*)input, (word32)inlen);
  10482. AssertIntEQ(ret, BAD_FUNC_ARG);
  10483. if (ret == BAD_FUNC_ARG) {
  10484. ret = 0;
  10485. }
  10486. printf(resultFmt, ret == 0 ? passed : failed);
  10487. #endif
  10488. return ret;
  10489. } /* END test_wc_Chacha_Process */
  10490. /*
  10491. * Testing wc_ChaCha20Poly1305_Encrypt() and wc_ChaCha20Poly1305_Decrypt()
  10492. */
  10493. static int test_wc_ChaCha20Poly1305_aead (void)
  10494. {
  10495. int ret = 0;
  10496. #if defined(HAVE_CHACHA) && defined(HAVE_POLY1305)
  10497. const byte key[] = {
  10498. 0x80, 0x81, 0x82, 0x83, 0x84, 0x85, 0x86, 0x87,
  10499. 0x88, 0x89, 0x8a, 0x8b, 0x8c, 0x8d, 0x8e, 0x8f,
  10500. 0x90, 0x91, 0x92, 0x93, 0x94, 0x95, 0x96, 0x97,
  10501. 0x98, 0x99, 0x9a, 0x9b, 0x9c, 0x9d, 0x9e, 0x9f
  10502. };
  10503. const byte plaintext[] = {
  10504. 0x4c, 0x61, 0x64, 0x69, 0x65, 0x73, 0x20, 0x61,
  10505. 0x6e, 0x64, 0x20, 0x47, 0x65, 0x6e, 0x74, 0x6c,
  10506. 0x65, 0x6d, 0x65, 0x6e, 0x20, 0x6f, 0x66, 0x20,
  10507. 0x74, 0x68, 0x65, 0x20, 0x63, 0x6c, 0x61, 0x73,
  10508. 0x73, 0x20, 0x6f, 0x66, 0x20, 0x27, 0x39, 0x39,
  10509. 0x3a, 0x20, 0x49, 0x66, 0x20, 0x49, 0x20, 0x63,
  10510. 0x6f, 0x75, 0x6c, 0x64, 0x20, 0x6f, 0x66, 0x66,
  10511. 0x65, 0x72, 0x20, 0x79, 0x6f, 0x75, 0x20, 0x6f,
  10512. 0x6e, 0x6c, 0x79, 0x20, 0x6f, 0x6e, 0x65, 0x20,
  10513. 0x74, 0x69, 0x70, 0x20, 0x66, 0x6f, 0x72, 0x20,
  10514. 0x74, 0x68, 0x65, 0x20, 0x66, 0x75, 0x74, 0x75,
  10515. 0x72, 0x65, 0x2c, 0x20, 0x73, 0x75, 0x6e, 0x73,
  10516. 0x63, 0x72, 0x65, 0x65, 0x6e, 0x20, 0x77, 0x6f,
  10517. 0x75, 0x6c, 0x64, 0x20, 0x62, 0x65, 0x20, 0x69,
  10518. 0x74, 0x2e
  10519. };
  10520. const byte iv[] = {
  10521. 0x07, 0x00, 0x00, 0x00, 0x40, 0x41, 0x42, 0x43,
  10522. 0x44, 0x45, 0x46, 0x47
  10523. };
  10524. const byte aad[] = { /* additional data */
  10525. 0x50, 0x51, 0x52, 0x53, 0xc0, 0xc1, 0xc2, 0xc3,
  10526. 0xc4, 0xc5, 0xc6, 0xc7
  10527. };
  10528. const byte cipher[] = { /* expected output from operation */
  10529. 0xd3, 0x1a, 0x8d, 0x34, 0x64, 0x8e, 0x60, 0xdb,
  10530. 0x7b, 0x86, 0xaf, 0xbc, 0x53, 0xef, 0x7e, 0xc2,
  10531. 0xa4, 0xad, 0xed, 0x51, 0x29, 0x6e, 0x08, 0xfe,
  10532. 0xa9, 0xe2, 0xb5, 0xa7, 0x36, 0xee, 0x62, 0xd6,
  10533. 0x3d, 0xbe, 0xa4, 0x5e, 0x8c, 0xa9, 0x67, 0x12,
  10534. 0x82, 0xfa, 0xfb, 0x69, 0xda, 0x92, 0x72, 0x8b,
  10535. 0x1a, 0x71, 0xde, 0x0a, 0x9e, 0x06, 0x0b, 0x29,
  10536. 0x05, 0xd6, 0xa5, 0xb6, 0x7e, 0xcd, 0x3b, 0x36,
  10537. 0x92, 0xdd, 0xbd, 0x7f, 0x2d, 0x77, 0x8b, 0x8c,
  10538. 0x98, 0x03, 0xae, 0xe3, 0x28, 0x09, 0x1b, 0x58,
  10539. 0xfa, 0xb3, 0x24, 0xe4, 0xfa, 0xd6, 0x75, 0x94,
  10540. 0x55, 0x85, 0x80, 0x8b, 0x48, 0x31, 0xd7, 0xbc,
  10541. 0x3f, 0xf4, 0xde, 0xf0, 0x8e, 0x4b, 0x7a, 0x9d,
  10542. 0xe5, 0x76, 0xd2, 0x65, 0x86, 0xce, 0xc6, 0x4b,
  10543. 0x61, 0x16
  10544. };
  10545. const byte authTag[] = { /* expected output from operation */
  10546. 0x1a, 0xe1, 0x0b, 0x59, 0x4f, 0x09, 0xe2, 0x6a,
  10547. 0x7e, 0x90, 0x2e, 0xcb, 0xd0, 0x60, 0x06, 0x91
  10548. };
  10549. byte generatedCiphertext[272];
  10550. byte generatedPlaintext[272];
  10551. byte generatedAuthTag[CHACHA20_POLY1305_AEAD_AUTHTAG_SIZE];
  10552. /* Initialize stack variables. */
  10553. XMEMSET(generatedCiphertext, 0, 272);
  10554. XMEMSET(generatedPlaintext, 0, 272);
  10555. /* Test Encrypt */
  10556. printf(testingFmt, "wc_ChaCha20Poly1305_Encrypt()");
  10557. ret = wc_ChaCha20Poly1305_Encrypt(key, iv, aad, sizeof(aad), plaintext,
  10558. sizeof(plaintext), generatedCiphertext, generatedAuthTag);
  10559. AssertIntEQ(ret, 0);
  10560. ret = XMEMCMP(generatedCiphertext, cipher, sizeof(cipher)/sizeof(byte));
  10561. AssertIntEQ(ret, 0);
  10562. /* Test bad args. */
  10563. ret = wc_ChaCha20Poly1305_Encrypt(NULL, iv, aad, sizeof(aad), plaintext,
  10564. sizeof(plaintext), generatedCiphertext, generatedAuthTag);
  10565. AssertIntEQ(ret, BAD_FUNC_ARG);
  10566. ret = wc_ChaCha20Poly1305_Encrypt(key, NULL, aad, sizeof(aad),
  10567. plaintext, sizeof(plaintext),
  10568. generatedCiphertext, generatedAuthTag);
  10569. AssertIntEQ(ret, BAD_FUNC_ARG);
  10570. ret = wc_ChaCha20Poly1305_Encrypt(key, iv, aad, sizeof(aad), NULL,
  10571. sizeof(plaintext), generatedCiphertext, generatedAuthTag);
  10572. AssertIntEQ(ret, BAD_FUNC_ARG);
  10573. ret = wc_ChaCha20Poly1305_Encrypt(key, iv, aad, sizeof(aad),
  10574. plaintext, 0, generatedCiphertext, generatedAuthTag);
  10575. AssertIntEQ(ret, BAD_FUNC_ARG);
  10576. ret = wc_ChaCha20Poly1305_Encrypt(key, iv, aad, sizeof(aad),
  10577. plaintext, sizeof(plaintext), NULL, generatedAuthTag);
  10578. AssertIntEQ(ret, BAD_FUNC_ARG);
  10579. ret = wc_ChaCha20Poly1305_Encrypt(key, iv, aad, sizeof(aad),
  10580. plaintext, sizeof(plaintext), generatedCiphertext, NULL);
  10581. if (ret == BAD_FUNC_ARG) {
  10582. ret = 0;
  10583. }
  10584. printf(resultFmt, ret == 0 ? passed : failed);
  10585. if (ret != 0) {
  10586. return ret;
  10587. }
  10588. printf(testingFmt, "wc_ChaCha20Poly1305_Decrypt()");
  10589. ret = wc_ChaCha20Poly1305_Decrypt(key, iv, aad, sizeof(aad), cipher,
  10590. sizeof(cipher), authTag, generatedPlaintext);
  10591. AssertIntEQ(ret, 0);
  10592. ret = XMEMCMP(generatedPlaintext, plaintext,
  10593. sizeof(plaintext)/sizeof(byte));
  10594. AssertIntEQ(ret, 0);
  10595. /* Test bad args. */
  10596. ret = wc_ChaCha20Poly1305_Decrypt(NULL, iv, aad, sizeof(aad), cipher,
  10597. sizeof(cipher), authTag, generatedPlaintext);
  10598. AssertIntEQ(ret, BAD_FUNC_ARG);
  10599. ret = wc_ChaCha20Poly1305_Decrypt(key, NULL, aad, sizeof(aad),
  10600. cipher, sizeof(cipher), authTag, generatedPlaintext);
  10601. AssertIntEQ(ret, BAD_FUNC_ARG);
  10602. ret = wc_ChaCha20Poly1305_Decrypt(key, iv, aad, sizeof(aad), NULL,
  10603. sizeof(cipher), authTag, generatedPlaintext);
  10604. AssertIntEQ(ret, BAD_FUNC_ARG);
  10605. ret = wc_ChaCha20Poly1305_Decrypt(key, iv, aad, sizeof(aad), cipher,
  10606. sizeof(cipher), NULL, generatedPlaintext);
  10607. AssertIntEQ(ret, BAD_FUNC_ARG);
  10608. ret = wc_ChaCha20Poly1305_Decrypt(key, iv, aad, sizeof(aad), cipher,
  10609. sizeof(cipher), authTag, NULL);
  10610. AssertIntEQ(ret, BAD_FUNC_ARG);
  10611. ret = wc_ChaCha20Poly1305_Decrypt(key, iv, aad, sizeof(aad), cipher,
  10612. 0, authTag, generatedPlaintext);
  10613. AssertIntEQ(ret, BAD_FUNC_ARG);
  10614. if (ret == BAD_FUNC_ARG) {
  10615. ret = 0;
  10616. }
  10617. printf(resultFmt, ret == 0 ? passed : failed);
  10618. #endif
  10619. return ret;
  10620. } /* END test-wc_ChaCha20Poly1305_EncryptDecrypt */
  10621. /*
  10622. * Testing function for wc_Rc2SetKey().
  10623. */
  10624. static int test_wc_Rc2SetKey(void)
  10625. {
  10626. int ret = 0;
  10627. #ifdef WC_RC2
  10628. Rc2 rc2;
  10629. byte key40[] = { 0x01, 0x02, 0x03, 0x04, 0x05 };
  10630. byte iv[] = { 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08 };
  10631. printf(testingFmt, "wc_Rc2SetKey()");
  10632. /* valid key and IV */
  10633. ret = wc_Rc2SetKey(&rc2, key40, (word32) sizeof(key40) / sizeof(byte),
  10634. iv, 40);
  10635. if (ret == 0) {
  10636. /* valid key, no IV */
  10637. ret = wc_Rc2SetKey(&rc2, key40, (word32) sizeof(key40) / sizeof(byte),
  10638. NULL, 40);
  10639. }
  10640. /* bad arguments */
  10641. if (ret == 0) {
  10642. /* null Rc2 struct */
  10643. ret = wc_Rc2SetKey(NULL, key40, (word32) sizeof(key40) / sizeof(byte),
  10644. iv, 40);
  10645. if (ret == BAD_FUNC_ARG) {
  10646. ret = 0;
  10647. }
  10648. }
  10649. if (ret == 0) {
  10650. /* null key */
  10651. ret = wc_Rc2SetKey(&rc2, NULL, (word32) sizeof(key40) / sizeof(byte),
  10652. iv, 40);
  10653. if (ret == BAD_FUNC_ARG) {
  10654. ret = 0;
  10655. }
  10656. }
  10657. if (ret == 0) {
  10658. /* key size == 0 */
  10659. ret = wc_Rc2SetKey(&rc2, key40, 0, iv, 40);
  10660. if (ret == WC_KEY_SIZE_E) {
  10661. ret = 0;
  10662. }
  10663. }
  10664. if (ret == 0) {
  10665. /* key size > 128 */
  10666. ret = wc_Rc2SetKey(&rc2, key40, 129, iv, 40);
  10667. if (ret == WC_KEY_SIZE_E) {
  10668. ret = 0;
  10669. }
  10670. }
  10671. if (ret == 0) {
  10672. /* effective bits == 0 */
  10673. ret = wc_Rc2SetKey(&rc2, key40, (word32)sizeof(key40) / sizeof(byte),
  10674. iv, 0);
  10675. if (ret == WC_KEY_SIZE_E) {
  10676. ret = 0;
  10677. }
  10678. }
  10679. if (ret == 0) {
  10680. /* effective bits > 1024 */
  10681. ret = wc_Rc2SetKey(&rc2, key40, (word32)sizeof(key40) / sizeof(byte),
  10682. iv, 1025);
  10683. if (ret == WC_KEY_SIZE_E) {
  10684. ret = 0;
  10685. }
  10686. }
  10687. printf(resultFmt, ret == 0 ? passed : failed);
  10688. #endif
  10689. return ret;
  10690. } /* END test_wc_Rc2SetKey */
  10691. /*
  10692. * Testing function for wc_Rc2SetIV().
  10693. */
  10694. static int test_wc_Rc2SetIV(void)
  10695. {
  10696. int ret = 0;
  10697. #ifdef WC_RC2
  10698. Rc2 rc2;
  10699. byte iv[] = { 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08 };
  10700. printf(testingFmt, "wc_Rc2SetIV()");
  10701. /* valid IV */
  10702. ret = wc_Rc2SetIV(&rc2, iv);
  10703. if (ret == 0) {
  10704. /* valid NULL IV */
  10705. ret = wc_Rc2SetIV(&rc2, NULL);
  10706. }
  10707. /* bad arguments */
  10708. if (ret == 0) {
  10709. ret = wc_Rc2SetIV(NULL, iv);
  10710. if (ret == BAD_FUNC_ARG) {
  10711. ret = 0;
  10712. }
  10713. }
  10714. printf(resultFmt, ret == 0 ? passed : failed);
  10715. #endif
  10716. return ret;
  10717. } /* END test_wc_Rc2SetKey */
  10718. /*
  10719. * Testing function for wc_Rc2EcbEncrypt().
  10720. */
  10721. static int test_wc_Rc2EcbEncryptDecrypt(void)
  10722. {
  10723. int ret = 0;
  10724. #ifdef WC_RC2
  10725. Rc2 rc2;
  10726. int effectiveKeyBits = 63;
  10727. byte cipher[RC2_BLOCK_SIZE];
  10728. byte plain[RC2_BLOCK_SIZE];
  10729. byte key[] = { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 };
  10730. byte input[] = { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 };
  10731. byte output[] = { 0xeb, 0xb7, 0x73, 0xf9, 0x93, 0x27, 0x8e, 0xff };
  10732. printf(testingFmt, "wc_Rc2EcbEncryptDecrypt()");
  10733. XMEMSET(cipher, 0, sizeof(cipher));
  10734. XMEMSET(plain, 0, sizeof(plain));
  10735. ret = wc_Rc2SetKey(&rc2, key, (word32) sizeof(key) / sizeof(byte),
  10736. NULL, effectiveKeyBits);
  10737. if (ret == 0) {
  10738. ret = wc_Rc2EcbEncrypt(&rc2, cipher, input, RC2_BLOCK_SIZE);
  10739. if (ret != 0 || XMEMCMP(cipher, output, RC2_BLOCK_SIZE) != 0) {
  10740. ret = WOLFSSL_FATAL_ERROR;
  10741. }
  10742. if (ret == 0) {
  10743. ret = wc_Rc2EcbDecrypt(&rc2, plain, cipher, RC2_BLOCK_SIZE);
  10744. if (ret != 0 || XMEMCMP(plain, input, RC2_BLOCK_SIZE) != 0) {
  10745. ret = WOLFSSL_FATAL_ERROR;
  10746. }
  10747. }
  10748. }
  10749. /* Rc2EcbEncrypt bad arguments */
  10750. if (ret == 0) {
  10751. /* null Rc2 struct */
  10752. ret = wc_Rc2EcbEncrypt(NULL, cipher, input, RC2_BLOCK_SIZE);
  10753. if (ret == BAD_FUNC_ARG) {
  10754. ret = 0;
  10755. }
  10756. }
  10757. if (ret == 0) {
  10758. /* null out buffer */
  10759. ret = wc_Rc2EcbEncrypt(&rc2, NULL, input, RC2_BLOCK_SIZE);
  10760. if (ret == BAD_FUNC_ARG) {
  10761. ret = 0;
  10762. }
  10763. }
  10764. if (ret == 0) {
  10765. /* null input buffer */
  10766. ret = wc_Rc2EcbEncrypt(&rc2, cipher, NULL, RC2_BLOCK_SIZE);
  10767. if (ret == BAD_FUNC_ARG) {
  10768. ret = 0;
  10769. }
  10770. }
  10771. if (ret == 0) {
  10772. /* output buffer sz != RC2_BLOCK_SIZE (8) */
  10773. ret = wc_Rc2EcbEncrypt(&rc2, cipher, input, 7);
  10774. if (ret == BUFFER_E) {
  10775. ret = 0;
  10776. }
  10777. }
  10778. /* Rc2EcbDecrypt bad arguments */
  10779. if (ret == 0) {
  10780. /* null Rc2 struct */
  10781. ret = wc_Rc2EcbDecrypt(NULL, plain, output, RC2_BLOCK_SIZE);
  10782. if (ret == BAD_FUNC_ARG) {
  10783. ret = 0;
  10784. }
  10785. }
  10786. if (ret == 0) {
  10787. /* null out buffer */
  10788. ret = wc_Rc2EcbDecrypt(&rc2, NULL, output, RC2_BLOCK_SIZE);
  10789. if (ret == BAD_FUNC_ARG) {
  10790. ret = 0;
  10791. }
  10792. }
  10793. if (ret == 0) {
  10794. /* null input buffer */
  10795. ret = wc_Rc2EcbDecrypt(&rc2, plain, NULL, RC2_BLOCK_SIZE);
  10796. if (ret == BAD_FUNC_ARG) {
  10797. ret = 0;
  10798. }
  10799. }
  10800. if (ret == 0) {
  10801. /* output buffer sz != RC2_BLOCK_SIZE (8) */
  10802. ret = wc_Rc2EcbDecrypt(&rc2, plain, output, 7);
  10803. if (ret == BUFFER_E) {
  10804. ret = 0;
  10805. }
  10806. }
  10807. printf(resultFmt, ret == 0 ? passed : failed);
  10808. #endif
  10809. return ret;
  10810. } /* END test_wc_Rc2SetKey */
  10811. /*
  10812. * Testing function for wc_Rc2CbcEncrypt().
  10813. */
  10814. static int test_wc_Rc2CbcEncryptDecrypt(void)
  10815. {
  10816. int ret = 0;
  10817. #ifdef WC_RC2
  10818. Rc2 rc2;
  10819. int effectiveKeyBits = 63;
  10820. byte cipher[RC2_BLOCK_SIZE*2];
  10821. byte plain[RC2_BLOCK_SIZE*2];
  10822. /* vector taken from test.c */
  10823. byte key[] = {
  10824. 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00
  10825. };
  10826. byte iv[] = {
  10827. 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00
  10828. };
  10829. byte input[] = {
  10830. 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
  10831. 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00
  10832. };
  10833. byte output[] = {
  10834. 0xeb, 0xb7, 0x73, 0xf9, 0x93, 0x27, 0x8e, 0xff,
  10835. 0xf0, 0x51, 0x77, 0x8b, 0x65, 0xdb, 0x13, 0x57
  10836. };
  10837. printf(testingFmt, "wc_Rc2CbcEncryptDecrypt()");
  10838. XMEMSET(cipher, 0, sizeof(cipher));
  10839. XMEMSET(plain, 0, sizeof(plain));
  10840. ret = wc_Rc2SetKey(&rc2, key, (word32) sizeof(key) / sizeof(byte),
  10841. iv, effectiveKeyBits);
  10842. if (ret == 0) {
  10843. ret = wc_Rc2CbcEncrypt(&rc2, cipher, input, sizeof(input));
  10844. if (ret != 0 || XMEMCMP(cipher, output, sizeof(output)) != 0) {
  10845. ret = WOLFSSL_FATAL_ERROR;
  10846. } else {
  10847. /* reset IV for decrypt */
  10848. ret = wc_Rc2SetIV(&rc2, iv);
  10849. }
  10850. if (ret == 0) {
  10851. ret = wc_Rc2CbcDecrypt(&rc2, plain, cipher, sizeof(cipher));
  10852. if (ret != 0 || XMEMCMP(plain, input, sizeof(input)) != 0) {
  10853. ret = WOLFSSL_FATAL_ERROR;
  10854. }
  10855. }
  10856. }
  10857. /* Rc2CbcEncrypt bad arguments */
  10858. if (ret == 0) {
  10859. /* null Rc2 struct */
  10860. ret = wc_Rc2CbcEncrypt(NULL, cipher, input, sizeof(input));
  10861. if (ret == BAD_FUNC_ARG) {
  10862. ret = 0;
  10863. }
  10864. }
  10865. if (ret == 0) {
  10866. /* null out buffer */
  10867. ret = wc_Rc2CbcEncrypt(&rc2, NULL, input, sizeof(input));
  10868. if (ret == BAD_FUNC_ARG) {
  10869. ret = 0;
  10870. }
  10871. }
  10872. if (ret == 0) {
  10873. /* null input buffer */
  10874. ret = wc_Rc2CbcEncrypt(&rc2, cipher, NULL, sizeof(input));
  10875. if (ret == BAD_FUNC_ARG) {
  10876. ret = 0;
  10877. }
  10878. }
  10879. /* Rc2CbcDecrypt bad arguments */
  10880. if (ret == 0) {
  10881. /* in size is 0 */
  10882. ret = wc_Rc2CbcDecrypt(&rc2, plain, output, 0);
  10883. if (ret != 0) {
  10884. ret = WOLFSSL_FATAL_ERROR;
  10885. }
  10886. }
  10887. if (ret == 0) {
  10888. /* null Rc2 struct */
  10889. ret = wc_Rc2CbcDecrypt(NULL, plain, output, sizeof(output));
  10890. if (ret == BAD_FUNC_ARG) {
  10891. ret = 0;
  10892. }
  10893. }
  10894. if (ret == 0) {
  10895. /* null out buffer */
  10896. ret = wc_Rc2CbcDecrypt(&rc2, NULL, output, sizeof(output));
  10897. if (ret == BAD_FUNC_ARG) {
  10898. ret = 0;
  10899. }
  10900. }
  10901. if (ret == 0) {
  10902. /* null input buffer */
  10903. ret = wc_Rc2CbcDecrypt(&rc2, plain, NULL, sizeof(output));
  10904. if (ret == BAD_FUNC_ARG) {
  10905. ret = 0;
  10906. }
  10907. }
  10908. printf(resultFmt, ret == 0 ? passed : failed);
  10909. #endif
  10910. return ret;
  10911. } /* END test_wc_Rc2SetKey */
  10912. /*
  10913. * Testing function for wc_AesSetIV
  10914. */
  10915. static int test_wc_AesSetIV (void)
  10916. {
  10917. int ret = 0;
  10918. #if !defined(NO_AES) && defined(WOLFSSL_AES_128)
  10919. Aes aes;
  10920. byte key16[] =
  10921. {
  10922. 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37,
  10923. 0x38, 0x39, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66
  10924. };
  10925. byte iv1[] = "1234567890abcdef";
  10926. byte iv2[] = "0987654321fedcba";
  10927. printf(testingFmt, "wc_AesSetIV()");
  10928. ret = wc_AesInit(&aes, NULL, INVALID_DEVID);
  10929. if (ret != 0)
  10930. return ret;
  10931. ret = wc_AesSetKey(&aes, key16, (word32) sizeof(key16) / sizeof(byte),
  10932. iv1, AES_ENCRYPTION);
  10933. if(ret == 0) {
  10934. ret = wc_AesSetIV(&aes, iv2);
  10935. }
  10936. /* Test bad args. */
  10937. if(ret == 0) {
  10938. ret = wc_AesSetIV(NULL, iv1);
  10939. if(ret == BAD_FUNC_ARG) {
  10940. /* NULL iv should return 0. */
  10941. ret = wc_AesSetIV(&aes, NULL);
  10942. } else {
  10943. ret = WOLFSSL_FATAL_ERROR;
  10944. }
  10945. }
  10946. wc_AesFree(&aes);
  10947. printf(resultFmt, ret == 0 ? passed : failed);
  10948. #endif
  10949. return ret;
  10950. } /* test_wc_AesSetIV */
  10951. /*
  10952. * Testing function for wc_AesSetKey().
  10953. */
  10954. static int test_wc_AesSetKey (void)
  10955. {
  10956. int ret = 0;
  10957. #ifndef NO_AES
  10958. Aes aes;
  10959. byte key16[] =
  10960. {
  10961. 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37,
  10962. 0x38, 0x39, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66
  10963. };
  10964. #ifdef WOLFSSL_AES_192
  10965. byte key24[] =
  10966. {
  10967. 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37,
  10968. 0x38, 0x39, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66,
  10969. 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37
  10970. };
  10971. #endif
  10972. #ifdef WOLFSSL_AES_256
  10973. byte key32[] =
  10974. {
  10975. 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37,
  10976. 0x38, 0x39, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66,
  10977. 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37,
  10978. 0x38, 0x39, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66
  10979. };
  10980. #endif
  10981. byte badKey16[] =
  10982. {
  10983. 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37,
  10984. 0x38, 0x39, 0x61, 0x62, 0x63, 0x64, 0x65
  10985. };
  10986. byte iv[] = "1234567890abcdef";
  10987. printf(testingFmt, "wc_AesSetKey()");
  10988. ret = wc_AesInit(&aes, NULL, INVALID_DEVID);
  10989. if (ret != 0)
  10990. return ret;
  10991. #ifdef WOLFSSL_AES_128
  10992. ret = wc_AesSetKey(&aes, key16, (word32) sizeof(key16) / sizeof(byte),
  10993. iv, AES_ENCRYPTION);
  10994. #endif
  10995. #ifdef WOLFSSL_AES_192
  10996. if (ret == 0) {
  10997. ret = wc_AesSetKey (&aes, key24, (word32) sizeof(key24) / sizeof(byte),
  10998. iv, AES_ENCRYPTION);
  10999. }
  11000. #endif
  11001. #ifdef WOLFSSL_AES_256
  11002. if (ret == 0) {
  11003. ret = wc_AesSetKey (&aes, key32, (word32) sizeof(key32) / sizeof(byte),
  11004. iv, AES_ENCRYPTION);
  11005. }
  11006. #endif
  11007. /* Pass in bad args. */
  11008. if (ret == 0) {
  11009. ret = wc_AesSetKey (NULL, key16, (word32) sizeof(key16) / sizeof(byte),
  11010. iv, AES_ENCRYPTION);
  11011. if (ret == BAD_FUNC_ARG) {
  11012. ret = wc_AesSetKey(&aes, badKey16,
  11013. (word32) sizeof(badKey16) / sizeof(byte),
  11014. iv, AES_ENCRYPTION);
  11015. }
  11016. if (ret == BAD_FUNC_ARG) {
  11017. ret = 0;
  11018. } else {
  11019. ret = WOLFSSL_FATAL_ERROR;
  11020. }
  11021. }
  11022. wc_AesFree(&aes);
  11023. printf(resultFmt, ret == 0 ? passed : failed);
  11024. #endif
  11025. return ret;
  11026. } /* END test_wc_AesSetKey */
  11027. /*
  11028. * test function for wc_AesCbcEncrypt(), wc_AesCbcDecrypt(),
  11029. * and wc_AesCbcDecryptWithKey()
  11030. */
  11031. static int test_wc_AesCbcEncryptDecrypt (void)
  11032. {
  11033. int ret = 0;
  11034. #if !defined(NO_AES) && defined(HAVE_AES_CBC) && defined(HAVE_AES_DECRYPT)&& \
  11035. defined(WOLFSSL_AES_256)
  11036. Aes aes;
  11037. byte key32[] =
  11038. {
  11039. 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37,
  11040. 0x38, 0x39, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66,
  11041. 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37,
  11042. 0x38, 0x39, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66
  11043. };
  11044. byte vector[] = /* Now is the time for all good men w/o trailing 0 */
  11045. {
  11046. 0x4e,0x6f,0x77,0x20,0x69,0x73,0x20,0x74,
  11047. 0x68,0x65,0x20,0x74,0x69,0x6d,0x65,0x20,
  11048. 0x66,0x6f,0x72,0x20,0x61,0x6c,0x6c,0x20,
  11049. 0x67,0x6f,0x6f,0x64,0x20,0x6d,0x65,0x6e
  11050. };
  11051. byte iv[] = "1234567890abcdef";
  11052. byte enc[sizeof(vector)];
  11053. byte dec[sizeof(vector)];
  11054. int cbcE = WOLFSSL_FATAL_ERROR;
  11055. int cbcD = WOLFSSL_FATAL_ERROR;
  11056. int cbcDWK = WOLFSSL_FATAL_ERROR;
  11057. byte dec2[sizeof(vector)];
  11058. /* Init stack variables. */
  11059. XMEMSET(enc, 0, sizeof(enc));
  11060. XMEMSET(dec, 0, sizeof(vector));
  11061. XMEMSET(dec2, 0, sizeof(vector));
  11062. ret = wc_AesInit(&aes, NULL, INVALID_DEVID);
  11063. if (ret != 0)
  11064. return ret;
  11065. ret = wc_AesSetKey(&aes, key32, AES_BLOCK_SIZE * 2, iv, AES_ENCRYPTION);
  11066. if (ret == 0) {
  11067. ret = wc_AesCbcEncrypt(&aes, enc, vector, sizeof(vector));
  11068. if (ret == 0) {
  11069. /* Re init for decrypt and set flag. */
  11070. cbcE = 0;
  11071. wc_AesFree(&aes);
  11072. ret = wc_AesSetKey(&aes, key32, AES_BLOCK_SIZE * 2,
  11073. iv, AES_DECRYPTION);
  11074. }
  11075. if (ret == 0) {
  11076. ret = wc_AesCbcDecrypt(&aes, dec, enc, sizeof(vector));
  11077. if (ret != 0 || XMEMCMP(vector, dec, sizeof(vector)) != 0) {
  11078. ret = WOLFSSL_FATAL_ERROR;
  11079. } else {
  11080. /* Set flag. */
  11081. cbcD = 0;
  11082. }
  11083. }
  11084. }
  11085. /* If encrypt succeeds but cbc decrypt fails, we can still test. */
  11086. if (ret == 0 || cbcE == 0) {
  11087. ret = wc_AesCbcDecryptWithKey(dec2, enc, AES_BLOCK_SIZE,
  11088. key32, sizeof(key32)/sizeof(byte), iv);
  11089. if (ret == 0 || XMEMCMP(vector, dec2, AES_BLOCK_SIZE) == 0) {
  11090. cbcDWK = 0;
  11091. }
  11092. }
  11093. printf(testingFmt, "wc_AesCbcEncrypt()");
  11094. /* Pass in bad args */
  11095. if (cbcE == 0) {
  11096. cbcE = wc_AesCbcEncrypt(NULL, enc, vector, sizeof(vector));
  11097. if (cbcE == BAD_FUNC_ARG) {
  11098. cbcE = wc_AesCbcEncrypt(&aes, NULL, vector, sizeof(vector));
  11099. }
  11100. if (cbcE == BAD_FUNC_ARG) {
  11101. cbcE = wc_AesCbcEncrypt(&aes, enc, NULL, sizeof(vector));
  11102. }
  11103. if (cbcE == BAD_FUNC_ARG) {
  11104. cbcE = 0;
  11105. } else {
  11106. cbcE = WOLFSSL_FATAL_ERROR;
  11107. }
  11108. #ifdef WOLFSSL_AES_CBC_LENGTH_CHECKS
  11109. if (cbcE == 0) {
  11110. cbcE = wc_AesCbcEncrypt(&aes, enc, vector, sizeof(vector) - 1);
  11111. }
  11112. if (cbcE == BAD_LENGTH_E) {
  11113. cbcE = 0;
  11114. } else {
  11115. cbcE = WOLFSSL_FATAL_ERROR;
  11116. }
  11117. #endif
  11118. }
  11119. if (cbcE == 0) {
  11120. /* Test passing in size of 0 */
  11121. XMEMSET(enc, 0, sizeof(enc));
  11122. cbcE = wc_AesCbcEncrypt(&aes, enc, vector, 0);
  11123. if (cbcE == 0) {
  11124. /* Check enc was not modified */
  11125. cbcE |= enc[0];
  11126. }
  11127. }
  11128. printf(resultFmt, cbcE == 0 ? passed : failed);
  11129. if (cbcE != 0) {
  11130. wc_AesFree(&aes);
  11131. return cbcE;
  11132. }
  11133. printf(testingFmt, "wc_AesCbcDecrypt()");
  11134. if (cbcD == 0) {
  11135. cbcD = wc_AesCbcDecrypt(NULL, dec, enc, AES_BLOCK_SIZE);
  11136. if (cbcD == BAD_FUNC_ARG) {
  11137. cbcD = wc_AesCbcDecrypt(&aes, NULL, enc, AES_BLOCK_SIZE);
  11138. }
  11139. if (cbcD == BAD_FUNC_ARG) {
  11140. cbcD = wc_AesCbcDecrypt(&aes, dec, NULL, AES_BLOCK_SIZE);
  11141. }
  11142. if (cbcD == BAD_FUNC_ARG) {
  11143. cbcD = wc_AesCbcDecrypt(&aes, dec, enc, AES_BLOCK_SIZE * 2 - 1);
  11144. }
  11145. #ifdef WOLFSSL_AES_CBC_LENGTH_CHECKS
  11146. if (cbcD == BAD_LENGTH_E) {
  11147. cbcD = 0;
  11148. } else {
  11149. cbcD = WOLFSSL_FATAL_ERROR;
  11150. }
  11151. #else
  11152. if (cbcD == BAD_FUNC_ARG) {
  11153. cbcD = 0;
  11154. } else {
  11155. cbcD = WOLFSSL_FATAL_ERROR;
  11156. }
  11157. #endif
  11158. }
  11159. if (cbcD == 0) {
  11160. /* Test passing in size of 0 */
  11161. XMEMSET(dec, 0, sizeof(dec));
  11162. cbcD = wc_AesCbcDecrypt(&aes, dec, enc, 0);
  11163. if (cbcD == 0) {
  11164. /* Check dec was not modified */
  11165. cbcD |= dec[0];
  11166. }
  11167. }
  11168. printf(resultFmt, cbcD == 0 ? passed : failed);
  11169. if (cbcD != 0) {
  11170. wc_AesFree(&aes);
  11171. return cbcD;
  11172. }
  11173. printf(testingFmt, "wc_AesCbcDecryptWithKey()");
  11174. if (cbcDWK == 0) {
  11175. cbcDWK = wc_AesCbcDecryptWithKey(NULL, enc, AES_BLOCK_SIZE,
  11176. key32, sizeof(key32)/sizeof(byte), iv);
  11177. if (cbcDWK == BAD_FUNC_ARG) {
  11178. cbcDWK = wc_AesCbcDecryptWithKey(dec2, NULL, AES_BLOCK_SIZE,
  11179. key32, sizeof(key32)/sizeof(byte), iv);
  11180. }
  11181. if (cbcDWK == BAD_FUNC_ARG) {
  11182. cbcDWK = wc_AesCbcDecryptWithKey(dec2, enc, AES_BLOCK_SIZE,
  11183. NULL, sizeof(key32)/sizeof(byte), iv);
  11184. }
  11185. if (cbcDWK == BAD_FUNC_ARG) {
  11186. cbcDWK = wc_AesCbcDecryptWithKey(dec2, enc, AES_BLOCK_SIZE,
  11187. key32, sizeof(key32)/sizeof(byte), NULL);
  11188. }
  11189. if (cbcDWK == BAD_FUNC_ARG) {
  11190. cbcDWK = 0;
  11191. } else {
  11192. cbcDWK = WOLFSSL_FATAL_ERROR;
  11193. }
  11194. }
  11195. wc_AesFree(&aes);
  11196. printf(resultFmt, cbcDWK == 0 ? passed : failed);
  11197. if (cbcDWK != 0) {
  11198. return cbcDWK;
  11199. }
  11200. #endif
  11201. return ret;
  11202. } /* END test_wc_AesCbcEncryptDecrypt */
  11203. /*
  11204. * Testing wc_AesCtrEncrypt and wc_AesCtrDecrypt
  11205. */
  11206. static int test_wc_AesCtrEncryptDecrypt (void)
  11207. {
  11208. int ret = 0;
  11209. #if !defined(NO_AES) && defined(WOLFSSL_AES_COUNTER) && defined(WOLFSSL_AES_256)
  11210. Aes aesEnc, aesDec;
  11211. byte key32[] =
  11212. {
  11213. 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37,
  11214. 0x38, 0x39, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66,
  11215. 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37,
  11216. 0x38, 0x39, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66
  11217. };
  11218. byte vector[] = /* Now is the time for all w/o trailing 0 */
  11219. {
  11220. 0x4e,0x6f,0x77,0x20,0x69,0x73,0x20,0x74,
  11221. 0x68,0x65,0x20,0x74,0x69,0x6d,0x65,0x20,
  11222. 0x66,0x6f,0x72,0x20,0x61,0x6c,0x6c,0x20
  11223. };
  11224. byte iv[] = "1234567890abcdef";
  11225. byte enc[AES_BLOCK_SIZE * 2];
  11226. byte dec[AES_BLOCK_SIZE * 2];
  11227. /* Init stack variables. */
  11228. XMEMSET(enc, 0, AES_BLOCK_SIZE * 2);
  11229. XMEMSET(dec, 0, AES_BLOCK_SIZE * 2);
  11230. printf(testingFmt, "wc_AesCtrEncrypt()");
  11231. ret = wc_AesInit(&aesEnc, NULL, INVALID_DEVID);
  11232. if (ret != 0)
  11233. return ret;
  11234. ret = wc_AesInit(&aesDec, NULL, INVALID_DEVID);
  11235. if (ret != 0) {
  11236. wc_AesFree(&aesEnc);
  11237. return ret;
  11238. }
  11239. ret = wc_AesSetKey(&aesEnc, key32, AES_BLOCK_SIZE * 2,
  11240. iv, AES_ENCRYPTION);
  11241. if (ret == 0) {
  11242. ret = wc_AesCtrEncrypt(&aesEnc, enc, vector,
  11243. sizeof(vector)/sizeof(byte));
  11244. if (ret == 0) {
  11245. /* Decrypt with wc_AesCtrEncrypt() */
  11246. ret = wc_AesSetKey(&aesDec, key32, AES_BLOCK_SIZE * 2,
  11247. iv, AES_ENCRYPTION);
  11248. }
  11249. if (ret == 0) {
  11250. ret = wc_AesCtrEncrypt(&aesDec, dec, enc, sizeof(enc)/sizeof(byte));
  11251. if (ret != 0 || XMEMCMP(vector, dec, sizeof(vector))) {
  11252. ret = WOLFSSL_FATAL_ERROR;
  11253. }
  11254. }
  11255. }
  11256. /* Test bad args. */
  11257. if (ret == 0) {
  11258. ret = wc_AesCtrEncrypt(NULL, dec, enc, sizeof(enc)/sizeof(byte));
  11259. if (ret == BAD_FUNC_ARG) {
  11260. ret = wc_AesCtrEncrypt(&aesDec, NULL, enc, sizeof(enc)/sizeof(byte));
  11261. }
  11262. if (ret == BAD_FUNC_ARG) {
  11263. ret = wc_AesCtrEncrypt(&aesDec, dec, NULL, sizeof(enc)/sizeof(byte));
  11264. }
  11265. if (ret == BAD_FUNC_ARG) {
  11266. ret = 0;
  11267. } else {
  11268. ret = WOLFSSL_FATAL_ERROR;
  11269. }
  11270. }
  11271. wc_AesFree(&aesEnc);
  11272. wc_AesFree(&aesDec);
  11273. printf(resultFmt, ret == 0 ? passed : failed);
  11274. #endif
  11275. return ret;
  11276. } /* END test_wc_AesCtrEncryptDecrypt */
  11277. /*
  11278. * test function for wc_AesGcmSetKey()
  11279. */
  11280. static int test_wc_AesGcmSetKey (void)
  11281. {
  11282. int ret = 0;
  11283. #if !defined(NO_AES) && defined(HAVE_AESGCM)
  11284. Aes aes;
  11285. #ifdef WOLFSSL_AES_128
  11286. byte key16[] =
  11287. {
  11288. 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37,
  11289. 0x38, 0x39, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66
  11290. };
  11291. #endif
  11292. #ifdef WOLFSSL_AES_192
  11293. byte key24[] =
  11294. {
  11295. 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37,
  11296. 0x38, 0x39, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66,
  11297. 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37
  11298. };
  11299. #endif
  11300. #ifdef WOLFSSL_AES_256
  11301. byte key32[] =
  11302. {
  11303. 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37,
  11304. 0x38, 0x39, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66,
  11305. 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37,
  11306. 0x38, 0x39, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66
  11307. };
  11308. #endif
  11309. byte badKey16[] =
  11310. {
  11311. 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37,
  11312. 0x38, 0x39, 0x61, 0x62, 0x63, 0x64, 0x65
  11313. };
  11314. byte badKey24[] =
  11315. {
  11316. 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37,
  11317. 0x38, 0x39, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66,
  11318. 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36
  11319. };
  11320. byte badKey32[] =
  11321. {
  11322. 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x37, 0x37,
  11323. 0x38, 0x39, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66,
  11324. 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37,
  11325. 0x38, 0x39, 0x61, 0x62, 0x63, 0x64, 0x65
  11326. };
  11327. printf(testingFmt, "wc_AesGcmSetKey()");
  11328. ret = wc_AesInit(&aes, NULL, INVALID_DEVID);
  11329. if (ret != 0)
  11330. return ret;
  11331. #ifdef WOLFSSL_AES_128
  11332. ret = wc_AesGcmSetKey(&aes, key16, sizeof(key16)/sizeof(byte));
  11333. #endif
  11334. #ifdef WOLFSSL_AES_192
  11335. if (ret == 0) {
  11336. ret = wc_AesGcmSetKey(&aes, key24, sizeof(key24)/sizeof(byte));
  11337. }
  11338. #endif
  11339. #ifdef WOLFSSL_AES_256
  11340. if (ret == 0) {
  11341. ret = wc_AesGcmSetKey(&aes, key32, sizeof(key32)/sizeof(byte));
  11342. }
  11343. #endif
  11344. /* Pass in bad args. */
  11345. if (ret == 0) {
  11346. ret = wc_AesGcmSetKey(&aes, badKey16, sizeof(badKey16)/sizeof(byte));
  11347. if (ret == BAD_FUNC_ARG) {
  11348. ret = wc_AesGcmSetKey(&aes, badKey24, sizeof(badKey24)/sizeof(byte));
  11349. }
  11350. if (ret == BAD_FUNC_ARG) {
  11351. ret = wc_AesGcmSetKey(&aes, badKey32, sizeof(badKey32)/sizeof(byte));
  11352. }
  11353. if (ret == BAD_FUNC_ARG) {
  11354. ret = 0;
  11355. } else {
  11356. ret = WOLFSSL_FATAL_ERROR;
  11357. }
  11358. }
  11359. wc_AesFree(&aes);
  11360. printf(resultFmt, ret == 0 ? passed : failed);
  11361. #endif
  11362. return ret;
  11363. } /* END test_wc_AesGcmSetKey */
  11364. /*
  11365. * test function for wc_AesGcmEncrypt and wc_AesGcmDecrypt
  11366. */
  11367. static int test_wc_AesGcmEncryptDecrypt (void)
  11368. {
  11369. int ret = 0;
  11370. /* WOLFSSL_AFALG requires 12 byte IV */
  11371. #if !defined(NO_AES) && defined(HAVE_AESGCM) && defined(WOLFSSL_AES_256) && \
  11372. !defined(WOLFSSL_AFALG) && !defined(WOLFSSL_DEVCRYPTO_AES)
  11373. Aes aes;
  11374. byte key32[] =
  11375. {
  11376. 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37,
  11377. 0x38, 0x39, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66,
  11378. 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37,
  11379. 0x38, 0x39, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66
  11380. };
  11381. byte vector[] = /* Now is the time for all w/o trailing 0 */
  11382. {
  11383. 0x4e,0x6f,0x77,0x20,0x69,0x73,0x20,0x74,
  11384. 0x68,0x65,0x20,0x74,0x69,0x6d,0x65,0x20,
  11385. 0x66,0x6f,0x72,0x20,0x61,0x6c,0x6c,0x20
  11386. };
  11387. const byte a[] =
  11388. {
  11389. 0xfe, 0xed, 0xfa, 0xce, 0xde, 0xad, 0xbe, 0xef,
  11390. 0xfe, 0xed, 0xfa, 0xce, 0xde, 0xad, 0xbe, 0xef,
  11391. 0xab, 0xad, 0xda, 0xd2
  11392. };
  11393. byte iv[] = "1234567890a";
  11394. byte longIV[] = "1234567890abcdefghij";
  11395. byte enc[sizeof(vector)];
  11396. byte resultT[AES_BLOCK_SIZE];
  11397. byte dec[sizeof(vector)];
  11398. int gcmD = WOLFSSL_FATAL_ERROR;
  11399. int gcmE = WOLFSSL_FATAL_ERROR;
  11400. /* Init stack variables. */
  11401. XMEMSET(enc, 0, sizeof(vector));
  11402. XMEMSET(dec, 0, sizeof(vector));
  11403. XMEMSET(resultT, 0, AES_BLOCK_SIZE);
  11404. ret = wc_AesInit(&aes, NULL, INVALID_DEVID);
  11405. if (ret != 0)
  11406. return ret;
  11407. ret = wc_AesGcmSetKey(&aes, key32, sizeof(key32)/sizeof(byte));
  11408. if (ret == 0) {
  11409. gcmE = wc_AesGcmEncrypt(&aes, enc, vector, sizeof(vector),
  11410. iv, sizeof(iv)/sizeof(byte), resultT,
  11411. sizeof(resultT), a, sizeof(a));
  11412. }
  11413. if (gcmE == 0) { /* If encrypt fails, no decrypt. */
  11414. gcmD = wc_AesGcmDecrypt(&aes, dec, enc, sizeof(vector),
  11415. iv, sizeof(iv)/sizeof(byte), resultT,
  11416. sizeof(resultT), a, sizeof(a));
  11417. if(gcmD == 0 && (XMEMCMP(vector, dec, sizeof(vector)) != 0)) {
  11418. gcmD = WOLFSSL_FATAL_ERROR;
  11419. }
  11420. }
  11421. printf(testingFmt, "wc_AesGcmEncrypt()");
  11422. /*Test bad args for wc_AesGcmEncrypt and wc_AesGcmDecrypt */
  11423. if (gcmE == 0) {
  11424. gcmE = wc_AesGcmEncrypt(NULL, enc, vector, sizeof(vector),
  11425. iv, sizeof(iv)/sizeof(byte), resultT, sizeof(resultT),
  11426. a, sizeof(a));
  11427. if (gcmE == BAD_FUNC_ARG) {
  11428. gcmE = wc_AesGcmEncrypt(&aes, enc, vector,
  11429. sizeof(vector), iv, sizeof(iv)/sizeof(byte),
  11430. resultT, sizeof(resultT) + 1, a, sizeof(a));
  11431. }
  11432. if (gcmE == BAD_FUNC_ARG) {
  11433. gcmE = wc_AesGcmEncrypt(&aes, enc, vector,
  11434. sizeof(vector), iv, sizeof(iv)/sizeof(byte),
  11435. resultT, sizeof(resultT) - 5, a, sizeof(a));
  11436. }
  11437. #if (defined(HAVE_FIPS) && defined(HAVE_FIPS_VERSION) && \
  11438. (HAVE_FIPS_VERSION == 2)) || defined(HAVE_SELFTEST)
  11439. /* FIPS does not check the lower bound of ivSz */
  11440. #else
  11441. if (gcmE == BAD_FUNC_ARG) {
  11442. gcmE = wc_AesGcmEncrypt(&aes, enc, vector,
  11443. sizeof(vector), iv, 0,
  11444. resultT, sizeof(resultT), a, sizeof(a));
  11445. }
  11446. #endif
  11447. if (gcmE == BAD_FUNC_ARG) {
  11448. gcmE = 0;
  11449. } else {
  11450. gcmE = WOLFSSL_FATAL_ERROR;
  11451. }
  11452. }
  11453. /* This case is now considered good. Long IVs are now allowed.
  11454. * Except for the original FIPS release, it still has an upper
  11455. * bound on the IV length. */
  11456. #if !defined(HAVE_FIPS) || \
  11457. (defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION >= 2))
  11458. if (gcmE == 0) {
  11459. gcmE = wc_AesGcmEncrypt(&aes, enc, vector, sizeof(vector), longIV,
  11460. sizeof(longIV)/sizeof(byte), resultT, sizeof(resultT),
  11461. a, sizeof(a));
  11462. }
  11463. #else
  11464. (void)longIV;
  11465. #endif /* Old FIPS */
  11466. /* END wc_AesGcmEncrypt */
  11467. printf(resultFmt, gcmE == 0 ? passed : failed);
  11468. if (gcmE != 0) {
  11469. wc_AesFree(&aes);
  11470. return gcmE;
  11471. }
  11472. #ifdef HAVE_AES_DECRYPT
  11473. printf(testingFmt, "wc_AesGcmDecrypt()");
  11474. if (gcmD == 0) {
  11475. gcmD = wc_AesGcmDecrypt(NULL, dec, enc, sizeof(enc)/sizeof(byte),
  11476. iv, sizeof(iv)/sizeof(byte), resultT,
  11477. sizeof(resultT), a, sizeof(a));
  11478. if (gcmD == BAD_FUNC_ARG) {
  11479. gcmD = wc_AesGcmDecrypt(&aes, NULL, enc, sizeof(enc)/sizeof(byte),
  11480. iv, sizeof(iv)/sizeof(byte), resultT,
  11481. sizeof(resultT), a, sizeof(a));
  11482. }
  11483. if (gcmD == BAD_FUNC_ARG) {
  11484. gcmD = wc_AesGcmDecrypt(&aes, dec, NULL, sizeof(enc)/sizeof(byte),
  11485. iv, sizeof(iv)/sizeof(byte), resultT,
  11486. sizeof(resultT), a, sizeof(a));
  11487. }
  11488. if (gcmD == BAD_FUNC_ARG) {
  11489. gcmD = wc_AesGcmDecrypt(&aes, dec, enc, sizeof(enc)/sizeof(byte),
  11490. NULL, sizeof(iv)/sizeof(byte), resultT,
  11491. sizeof(resultT), a, sizeof(a));
  11492. }
  11493. if (gcmD == BAD_FUNC_ARG) {
  11494. gcmD = wc_AesGcmDecrypt(&aes, dec, enc, sizeof(enc)/sizeof(byte),
  11495. iv, sizeof(iv)/sizeof(byte), NULL,
  11496. sizeof(resultT), a, sizeof(a));
  11497. }
  11498. if (gcmD == BAD_FUNC_ARG) {
  11499. gcmD = wc_AesGcmDecrypt(&aes, dec, enc, sizeof(enc)/sizeof(byte),
  11500. iv, sizeof(iv)/sizeof(byte), resultT,
  11501. sizeof(resultT) + 1, a, sizeof(a));
  11502. }
  11503. #if (defined(HAVE_FIPS) && defined(HAVE_FIPS_VERSION) && \
  11504. (HAVE_FIPS_VERSION == 2)) || defined(HAVE_SELFTEST)
  11505. /* FIPS does not check the lower bound of ivSz */
  11506. #else
  11507. if (gcmD == BAD_FUNC_ARG) {
  11508. gcmD = wc_AesGcmDecrypt(&aes, dec, enc, sizeof(enc)/sizeof(byte),
  11509. iv, 0, resultT,
  11510. sizeof(resultT), a, sizeof(a));
  11511. }
  11512. #endif
  11513. if (gcmD == BAD_FUNC_ARG) {
  11514. gcmD = 0;
  11515. } else {
  11516. gcmD = WOLFSSL_FATAL_ERROR;
  11517. }
  11518. } /* END wc_AesGcmDecrypt */
  11519. printf(resultFmt, gcmD == 0 ? passed : failed);
  11520. #endif /* HAVE_AES_DECRYPT */
  11521. wc_AesFree(&aes);
  11522. #endif
  11523. return ret;
  11524. } /* END test_wc_AesGcmEncryptDecrypt */
  11525. /*
  11526. * unit test for wc_GmacSetKey()
  11527. */
  11528. static int test_wc_GmacSetKey (void)
  11529. {
  11530. int ret = 0;
  11531. #if !defined(NO_AES) && defined(HAVE_AESGCM)
  11532. Gmac gmac;
  11533. byte key16[] =
  11534. {
  11535. 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37,
  11536. 0x38, 0x39, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66
  11537. };
  11538. #ifdef WOLFSSL_AES_192
  11539. byte key24[] =
  11540. {
  11541. 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37,
  11542. 0x38, 0x39, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66,
  11543. 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37
  11544. };
  11545. #endif
  11546. #ifdef WOLFSSL_AES_256
  11547. byte key32[] =
  11548. {
  11549. 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37,
  11550. 0x38, 0x39, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66,
  11551. 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37,
  11552. 0x38, 0x39, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66
  11553. };
  11554. #endif
  11555. byte badKey16[] =
  11556. {
  11557. 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37,
  11558. 0x38, 0x39, 0x61, 0x62, 0x63, 0x64, 0x66
  11559. };
  11560. byte badKey24[] =
  11561. {
  11562. 0x30, 0x31, 0x32, 0x33, 0x34, 0x36, 0x37,
  11563. 0x38, 0x39, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66,
  11564. 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37
  11565. };
  11566. byte badKey32[] =
  11567. {
  11568. 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37,
  11569. 0x38, 0x39, 0x61, 0x62, 0x64, 0x65, 0x66,
  11570. 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37,
  11571. 0x38, 0x39, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66
  11572. };
  11573. printf(testingFmt, "wc_GmacSetKey()");
  11574. ret = wc_AesInit(&gmac.aes, NULL, INVALID_DEVID);
  11575. if (ret != 0)
  11576. return ret;
  11577. #ifdef WOLFSSL_AES_128
  11578. ret = wc_GmacSetKey(&gmac, key16, sizeof(key16)/sizeof(byte));
  11579. #endif
  11580. #ifdef WOLFSSL_AES_192
  11581. if (ret == 0) {
  11582. ret = wc_GmacSetKey(&gmac, key24, sizeof(key24)/sizeof(byte));
  11583. }
  11584. #endif
  11585. #ifdef WOLFSSL_AES_256
  11586. if (ret == 0) {
  11587. ret = wc_GmacSetKey(&gmac, key32, sizeof(key32)/sizeof(byte));
  11588. }
  11589. #endif
  11590. /* Pass in bad args. */
  11591. if (ret == 0) {
  11592. ret = wc_GmacSetKey(NULL, key16, sizeof(key16)/sizeof(byte));
  11593. if (ret == BAD_FUNC_ARG) {
  11594. ret = wc_GmacSetKey(&gmac, NULL, sizeof(key16)/sizeof(byte));
  11595. }
  11596. if (ret == BAD_FUNC_ARG) {
  11597. ret = wc_GmacSetKey(&gmac, badKey16, sizeof(badKey16)/sizeof(byte));
  11598. }
  11599. if (ret == BAD_FUNC_ARG) {
  11600. ret = wc_GmacSetKey(&gmac, badKey24, sizeof(badKey24)/sizeof(byte));
  11601. }
  11602. if (ret == BAD_FUNC_ARG) {
  11603. ret = wc_GmacSetKey(&gmac, badKey32, sizeof(badKey32)/sizeof(byte));
  11604. }
  11605. if (ret == BAD_FUNC_ARG) {
  11606. ret = 0;
  11607. } else {
  11608. ret = WOLFSSL_FATAL_ERROR;
  11609. }
  11610. }
  11611. wc_AesFree(&gmac.aes);
  11612. printf(resultFmt, ret == 0 ? passed : failed);
  11613. #endif
  11614. return ret;
  11615. } /* END test_wc_GmacSetKey */
  11616. /*
  11617. * unit test for wc_GmacUpdate
  11618. */
  11619. static int test_wc_GmacUpdate (void)
  11620. {
  11621. int ret = 0;
  11622. #if !defined(NO_AES) && defined(HAVE_AESGCM)
  11623. Gmac gmac;
  11624. #ifdef WOLFSSL_AES_128
  11625. const byte key16[] =
  11626. {
  11627. 0x89, 0xc9, 0x49, 0xe9, 0xc8, 0x04, 0xaf, 0x01,
  11628. 0x4d, 0x56, 0x04, 0xb3, 0x94, 0x59, 0xf2, 0xc8
  11629. };
  11630. #endif
  11631. #ifdef WOLFSSL_AES_192
  11632. byte key24[] =
  11633. {
  11634. 0x41, 0xc5, 0xda, 0x86, 0x67, 0xef, 0x72, 0x52,
  11635. 0x20, 0xff, 0xe3, 0x9a, 0xe0, 0xac, 0x59, 0x0a,
  11636. 0xc9, 0xfc, 0xa7, 0x29, 0xab, 0x60, 0xad, 0xa0
  11637. };
  11638. #endif
  11639. #ifdef WOLFSSL_AES_256
  11640. byte key32[] =
  11641. {
  11642. 0x78, 0xdc, 0x4e, 0x0a, 0xaf, 0x52, 0xd9, 0x35,
  11643. 0xc3, 0xc0, 0x1e, 0xea, 0x57, 0x42, 0x8f, 0x00,
  11644. 0xca, 0x1f, 0xd4, 0x75, 0xf5, 0xda, 0x86, 0xa4,
  11645. 0x9c, 0x8d, 0xd7, 0x3d, 0x68, 0xc8, 0xe2, 0x23
  11646. };
  11647. #endif
  11648. #ifdef WOLFSSL_AES_128
  11649. const byte authIn[] =
  11650. {
  11651. 0x82, 0xad, 0xcd, 0x63, 0x8d, 0x3f, 0xa9, 0xd9,
  11652. 0xf3, 0xe8, 0x41, 0x00, 0xd6, 0x1e, 0x07, 0x77
  11653. };
  11654. #endif
  11655. #ifdef WOLFSSL_AES_192
  11656. const byte authIn2[] =
  11657. {
  11658. 0x8b, 0x5c, 0x12, 0x4b, 0xef, 0x6e, 0x2f, 0x0f,
  11659. 0xe4, 0xd8, 0xc9, 0x5c, 0xd5, 0xfa, 0x4c, 0xf1
  11660. };
  11661. #endif
  11662. const byte authIn3[] =
  11663. {
  11664. 0xb9, 0x6b, 0xaa, 0x8c, 0x1c, 0x75, 0xa6, 0x71,
  11665. 0xbf, 0xb2, 0xd0, 0x8d, 0x06, 0xbe, 0x5f, 0x36
  11666. };
  11667. #ifdef WOLFSSL_AES_128
  11668. const byte tag1[] = /* Known. */
  11669. {
  11670. 0x88, 0xdb, 0x9d, 0x62, 0x17, 0x2e, 0xd0, 0x43,
  11671. 0xaa, 0x10, 0xf1, 0x6d, 0x22, 0x7d, 0xc4, 0x1b
  11672. };
  11673. #endif
  11674. #ifdef WOLFSSL_AES_192
  11675. const byte tag2[] = /* Known */
  11676. {
  11677. 0x20, 0x4b, 0xdb, 0x1b, 0xd6, 0x21, 0x54, 0xbf,
  11678. 0x08, 0x92, 0x2a, 0xaa, 0x54, 0xee, 0xd7, 0x05
  11679. };
  11680. #endif
  11681. const byte tag3[] = /* Known */
  11682. {
  11683. 0x3e, 0x5d, 0x48, 0x6a, 0xa2, 0xe3, 0x0b, 0x22,
  11684. 0xe0, 0x40, 0xb8, 0x57, 0x23, 0xa0, 0x6e, 0x76
  11685. };
  11686. #ifdef WOLFSSL_AES_128
  11687. const byte iv[] =
  11688. {
  11689. 0xd1, 0xb1, 0x04, 0xc8, 0x15, 0xbf, 0x1e, 0x94,
  11690. 0xe2, 0x8c, 0x8f, 0x16
  11691. };
  11692. #endif
  11693. #ifdef WOLFSSL_AES_192
  11694. const byte iv2[] =
  11695. {
  11696. 0x05, 0xad, 0x13, 0xa5, 0xe2, 0xc2, 0xab, 0x66,
  11697. 0x7e, 0x1a, 0x6f, 0xbc
  11698. };
  11699. #endif
  11700. const byte iv3[] =
  11701. {
  11702. 0xd7, 0x9c, 0xf2, 0x2d, 0x50, 0x4c, 0xc7, 0x93,
  11703. 0xc3, 0xfb, 0x6c, 0x8a
  11704. };
  11705. byte tagOut[16];
  11706. byte tagOut2[24];
  11707. byte tagOut3[32];
  11708. /* Init stack variables. */
  11709. XMEMSET(tagOut, 0, sizeof(tagOut));
  11710. XMEMSET(tagOut2, 0, sizeof(tagOut2));
  11711. XMEMSET(tagOut3, 0, sizeof(tagOut3));
  11712. printf(testingFmt, "wc_GmacUpdate()");
  11713. ret = wc_AesInit(&gmac.aes, NULL, INVALID_DEVID);
  11714. if (ret != 0)
  11715. return ret;
  11716. #ifdef WOLFSSL_AES_128
  11717. ret = wc_GmacSetKey(&gmac, key16, sizeof(key16));
  11718. if (ret == 0) {
  11719. ret = wc_GmacUpdate(&gmac, iv, sizeof(iv), authIn, sizeof(authIn),
  11720. tagOut, sizeof(tag1));
  11721. if (ret == 0) {
  11722. ret = XMEMCMP(tag1, tagOut, sizeof(tag1));
  11723. }
  11724. }
  11725. #endif
  11726. #ifdef WOLFSSL_AES_192
  11727. if (ret == 0) {
  11728. XMEMSET(&gmac, 0, sizeof(Gmac));
  11729. ret = wc_GmacSetKey(&gmac, key24, sizeof(key24)/sizeof(byte));
  11730. }
  11731. if (ret == 0) {
  11732. ret = wc_GmacUpdate(&gmac, iv2, sizeof(iv2), authIn2,
  11733. sizeof(authIn2), tagOut2, sizeof(tag2));
  11734. }
  11735. if (ret == 0) {
  11736. ret = XMEMCMP(tagOut2, tag2, sizeof(tag2));
  11737. }
  11738. #endif
  11739. #ifdef WOLFSSL_AES_256
  11740. if (ret == 0) {
  11741. XMEMSET(&gmac, 0, sizeof(Gmac));
  11742. ret = wc_GmacSetKey(&gmac, key32, sizeof(key32)/sizeof(byte));
  11743. }
  11744. if (ret == 0) {
  11745. ret = wc_GmacUpdate(&gmac, iv3, sizeof(iv3), authIn3,
  11746. sizeof(authIn3), tagOut3, sizeof(tag3));
  11747. }
  11748. if (ret == 0) {
  11749. ret = XMEMCMP(tag3, tagOut3, sizeof(tag3));
  11750. }
  11751. #endif
  11752. /*Pass bad args. */
  11753. if (ret == 0) {
  11754. ret = wc_GmacUpdate(NULL, iv3, sizeof(iv3), authIn3,
  11755. sizeof(authIn3), tagOut3, sizeof(tag3));
  11756. if (ret == BAD_FUNC_ARG) {
  11757. ret = wc_GmacUpdate(&gmac, iv3, sizeof(iv3), authIn3,
  11758. sizeof(authIn3), tagOut3, sizeof(tag3) - 5);
  11759. }
  11760. if (ret == BAD_FUNC_ARG) {
  11761. ret = wc_GmacUpdate(&gmac, iv3, sizeof(iv3), authIn3,
  11762. sizeof(authIn3), tagOut3, sizeof(tag3) + 1);
  11763. }
  11764. if (ret == BAD_FUNC_ARG) {
  11765. ret = 0;
  11766. } else {
  11767. ret = WOLFSSL_FATAL_ERROR;
  11768. }
  11769. }
  11770. wc_AesFree(&gmac.aes);
  11771. printf(resultFmt, ret == 0 ? passed : failed);
  11772. #endif
  11773. return ret;
  11774. } /* END test_wc_GmacUpdate */
  11775. /*
  11776. * testing wc_CamelliaSetKey
  11777. */
  11778. static int test_wc_CamelliaSetKey (void)
  11779. {
  11780. int ret = 0;
  11781. #ifdef HAVE_CAMELLIA
  11782. Camellia camellia;
  11783. /*128-bit key*/
  11784. static const byte key16[] =
  11785. {
  11786. 0x01, 0x23, 0x45, 0x67, 0x89, 0xab, 0xcd, 0xef,
  11787. 0xfe, 0xdc, 0xba, 0x98, 0x76, 0x54, 0x32, 0x10
  11788. };
  11789. /* 192-bit key */
  11790. static const byte key24[] =
  11791. {
  11792. 0x01, 0x23, 0x45, 0x67, 0x89, 0xab, 0xcd, 0xef,
  11793. 0xfe, 0xdc, 0xba, 0x98, 0x76, 0x54, 0x32, 0x10,
  11794. 0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77
  11795. };
  11796. /* 256-bit key */
  11797. static const byte key32[] =
  11798. {
  11799. 0x01, 0x23, 0x45, 0x67, 0x89, 0xab, 0xcd, 0xef,
  11800. 0xfe, 0xdc, 0xba, 0x98, 0x76, 0x54, 0x32, 0x10,
  11801. 0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77,
  11802. 0x88, 0x99, 0xaa, 0xbb, 0xcc, 0xdd, 0xee, 0xff
  11803. };
  11804. static const byte iv[] =
  11805. {
  11806. 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
  11807. 0x08, 0x09, 0x0A, 0x0B, 0x0C, 0x0D, 0x0E, 0x0F
  11808. };
  11809. printf(testingFmt, "wc_CamelliaSetKey()");
  11810. ret = wc_CamelliaSetKey(&camellia, key16, (word32)sizeof(key16), iv);
  11811. if (ret == 0) {
  11812. ret = wc_CamelliaSetKey(&camellia, key16,
  11813. (word32)sizeof(key16), NULL);
  11814. if (ret == 0) {
  11815. ret = wc_CamelliaSetKey(&camellia, key24,
  11816. (word32)sizeof(key24), iv);
  11817. }
  11818. if (ret == 0) {
  11819. ret = wc_CamelliaSetKey(&camellia, key24,
  11820. (word32)sizeof(key24), NULL);
  11821. }
  11822. if (ret == 0) {
  11823. ret = wc_CamelliaSetKey(&camellia, key32,
  11824. (word32)sizeof(key32), iv);
  11825. }
  11826. if (ret == 0) {
  11827. ret = wc_CamelliaSetKey(&camellia, key32,
  11828. (word32)sizeof(key32), NULL);
  11829. }
  11830. }
  11831. /* Bad args. */
  11832. if (ret == 0) {
  11833. ret = wc_CamelliaSetKey(NULL, key32, (word32)sizeof(key32), iv);
  11834. if (ret != BAD_FUNC_ARG) {
  11835. ret = WOLFSSL_FATAL_ERROR;
  11836. } else {
  11837. ret = 0;
  11838. }
  11839. } /* END bad args. */
  11840. #endif
  11841. return ret;
  11842. } /* END test_wc_CammeliaSetKey */
  11843. /*
  11844. * Testing wc_CamelliaSetIV()
  11845. */
  11846. static int test_wc_CamelliaSetIV (void)
  11847. {
  11848. int ret = 0;
  11849. #ifdef HAVE_CAMELLIA
  11850. Camellia camellia;
  11851. static const byte iv[] =
  11852. {
  11853. 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
  11854. 0x08, 0x09, 0x0A, 0x0B, 0x0C, 0x0D, 0x0E, 0x0F
  11855. };
  11856. printf(testingFmt, "wc_CamelliaSetIV()");
  11857. ret = wc_CamelliaSetIV(&camellia, iv);
  11858. if (ret == 0) {
  11859. ret = wc_CamelliaSetIV(&camellia, NULL);
  11860. }
  11861. /* Bad args. */
  11862. if (ret == 0) {
  11863. ret = wc_CamelliaSetIV(NULL, NULL);
  11864. if (ret != BAD_FUNC_ARG) {
  11865. ret = WOLFSSL_FATAL_ERROR;
  11866. } else {
  11867. ret = 0;
  11868. }
  11869. }
  11870. printf(resultFmt, ret == 0 ? passed : failed);
  11871. #endif
  11872. return ret;
  11873. } /*END test_wc_CamelliaSetIV*/
  11874. /*
  11875. * Test wc_CamelliaEncryptDirect and wc_CamelliaDecryptDirect
  11876. */
  11877. static int test_wc_CamelliaEncryptDecryptDirect (void)
  11878. {
  11879. int ret = 0;
  11880. #ifdef HAVE_CAMELLIA
  11881. Camellia camellia;
  11882. static const byte key24[] =
  11883. {
  11884. 0x01, 0x23, 0x45, 0x67, 0x89, 0xab, 0xcd, 0xef,
  11885. 0xfe, 0xdc, 0xba, 0x98, 0x76, 0x54, 0x32, 0x10,
  11886. 0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77
  11887. };
  11888. static const byte iv[] =
  11889. {
  11890. 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
  11891. 0x08, 0x09, 0x0A, 0x0B, 0x0C, 0x0D, 0x0E, 0x0F
  11892. };
  11893. static const byte plainT[] =
  11894. {
  11895. 0x6B, 0xC1, 0xBE, 0xE2, 0x2E, 0x40, 0x9F, 0x96,
  11896. 0xE9, 0x3D, 0x7E, 0x11, 0x73, 0x93, 0x17, 0x2A
  11897. };
  11898. byte enc[sizeof(plainT)];
  11899. byte dec[sizeof(enc)];
  11900. int camE = WOLFSSL_FATAL_ERROR;
  11901. int camD = WOLFSSL_FATAL_ERROR;
  11902. /*Init stack variables.*/
  11903. XMEMSET(enc, 0, 16);
  11904. XMEMSET(enc, 0, 16);
  11905. ret = wc_CamelliaSetKey(&camellia, key24, (word32)sizeof(key24), iv);
  11906. if (ret == 0) {
  11907. ret = wc_CamelliaEncryptDirect(&camellia, enc, plainT);
  11908. if (ret == 0) {
  11909. ret = wc_CamelliaDecryptDirect(&camellia, dec, enc);
  11910. if (XMEMCMP(plainT, dec, CAMELLIA_BLOCK_SIZE)) {
  11911. ret = WOLFSSL_FATAL_ERROR;
  11912. }
  11913. }
  11914. }
  11915. printf(testingFmt, "wc_CamelliaEncryptDirect()");
  11916. /* Pass bad args. */
  11917. if (ret == 0) {
  11918. camE = wc_CamelliaEncryptDirect(NULL, enc, plainT);
  11919. if (camE == BAD_FUNC_ARG) {
  11920. camE = wc_CamelliaEncryptDirect(&camellia, NULL, plainT);
  11921. }
  11922. if (camE == BAD_FUNC_ARG) {
  11923. camE = wc_CamelliaEncryptDirect(&camellia, enc, NULL);
  11924. }
  11925. if (camE == BAD_FUNC_ARG) {
  11926. camE = 0;
  11927. } else {
  11928. camE = WOLFSSL_FATAL_ERROR;
  11929. }
  11930. }
  11931. printf(resultFmt, camE == 0 ? passed : failed);
  11932. if (camE != 0) {
  11933. return camE;
  11934. }
  11935. printf(testingFmt, "wc_CamelliaDecryptDirect()");
  11936. if (ret == 0) {
  11937. camD = wc_CamelliaDecryptDirect(NULL, dec, enc);
  11938. if (camD == BAD_FUNC_ARG) {
  11939. camD = wc_CamelliaDecryptDirect(&camellia, NULL, enc);
  11940. }
  11941. if (camD == BAD_FUNC_ARG) {
  11942. camD = wc_CamelliaDecryptDirect(&camellia, dec, NULL);
  11943. }
  11944. if (camD == BAD_FUNC_ARG) {
  11945. camD = 0;
  11946. } else {
  11947. camD = WOLFSSL_FATAL_ERROR;
  11948. }
  11949. }
  11950. printf(resultFmt, camD == 0 ? passed : failed);
  11951. if (camD != 0) {
  11952. return camD;
  11953. }
  11954. #endif
  11955. return ret;
  11956. } /* END test-wc_CamelliaEncryptDecryptDirect */
  11957. /*
  11958. * Testing wc_CamelliaCbcEncrypt and wc_CamelliaCbcDecrypt
  11959. */
  11960. static int test_wc_CamelliaCbcEncryptDecrypt (void)
  11961. {
  11962. int ret = 0;
  11963. #ifdef HAVE_CAMELLIA
  11964. Camellia camellia;
  11965. static const byte key24[] =
  11966. {
  11967. 0x01, 0x23, 0x45, 0x67, 0x89, 0xab, 0xcd, 0xef,
  11968. 0xfe, 0xdc, 0xba, 0x98, 0x76, 0x54, 0x32, 0x10,
  11969. 0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77
  11970. };
  11971. static const byte plainT[] =
  11972. {
  11973. 0x6B, 0xC1, 0xBE, 0xE2, 0x2E, 0x40, 0x9F, 0x96,
  11974. 0xE9, 0x3D, 0x7E, 0x11, 0x73, 0x93, 0x17, 0x2A
  11975. };
  11976. byte enc[CAMELLIA_BLOCK_SIZE];
  11977. byte dec[CAMELLIA_BLOCK_SIZE];
  11978. int camCbcE = WOLFSSL_FATAL_ERROR;
  11979. int camCbcD = WOLFSSL_FATAL_ERROR;
  11980. /* Init stack variables. */
  11981. XMEMSET(enc, 0, CAMELLIA_BLOCK_SIZE);
  11982. XMEMSET(enc, 0, CAMELLIA_BLOCK_SIZE);
  11983. ret = wc_CamelliaSetKey(&camellia, key24, (word32)sizeof(key24), NULL);
  11984. if (ret == 0) {
  11985. ret = wc_CamelliaCbcEncrypt(&camellia, enc, plainT, CAMELLIA_BLOCK_SIZE);
  11986. if (ret != 0) {
  11987. ret = WOLFSSL_FATAL_ERROR;
  11988. }
  11989. }
  11990. if (ret == 0) {
  11991. ret = wc_CamelliaSetKey(&camellia, key24, (word32)sizeof(key24), NULL);
  11992. if (ret == 0) {
  11993. ret = wc_CamelliaCbcDecrypt(&camellia, dec, enc, CAMELLIA_BLOCK_SIZE);
  11994. if (XMEMCMP(plainT, dec, CAMELLIA_BLOCK_SIZE)) {
  11995. ret = WOLFSSL_FATAL_ERROR;
  11996. }
  11997. }
  11998. }
  11999. printf(testingFmt, "wc_CamelliaCbcEncrypt");
  12000. /* Pass in bad args. */
  12001. if (ret == 0) {
  12002. camCbcE = wc_CamelliaCbcEncrypt(NULL, enc, plainT, CAMELLIA_BLOCK_SIZE);
  12003. if (camCbcE == BAD_FUNC_ARG) {
  12004. camCbcE = wc_CamelliaCbcEncrypt(&camellia, NULL, plainT,
  12005. CAMELLIA_BLOCK_SIZE);
  12006. }
  12007. if (camCbcE == BAD_FUNC_ARG) {
  12008. camCbcE = wc_CamelliaCbcEncrypt(&camellia, enc, NULL,
  12009. CAMELLIA_BLOCK_SIZE);
  12010. }
  12011. if (camCbcE == BAD_FUNC_ARG) {
  12012. camCbcE = 0;
  12013. } else {
  12014. camCbcE = WOLFSSL_FATAL_ERROR;
  12015. }
  12016. }
  12017. printf(resultFmt, camCbcE == 0 ? passed : failed);
  12018. if (camCbcE != 0) {
  12019. return camCbcE;
  12020. }
  12021. printf(testingFmt, "wc_CamelliaCbcDecrypt()");
  12022. if (ret == 0) {
  12023. camCbcD = wc_CamelliaCbcDecrypt(NULL, dec, enc, CAMELLIA_BLOCK_SIZE);
  12024. if (camCbcD == BAD_FUNC_ARG) {
  12025. camCbcD = wc_CamelliaCbcDecrypt(&camellia, NULL, enc,
  12026. CAMELLIA_BLOCK_SIZE);
  12027. }
  12028. if (camCbcD == BAD_FUNC_ARG) {
  12029. camCbcD = wc_CamelliaCbcDecrypt(&camellia, dec, NULL,
  12030. CAMELLIA_BLOCK_SIZE);
  12031. }
  12032. if (camCbcD == BAD_FUNC_ARG) {
  12033. camCbcD = 0;
  12034. } else {
  12035. camCbcD = WOLFSSL_FATAL_ERROR;
  12036. }
  12037. } /* END bad args. */
  12038. printf(resultFmt, camCbcD == 0 ? passed : failed);
  12039. if (camCbcD != 0) {
  12040. return camCbcD;
  12041. }
  12042. #endif
  12043. return ret;
  12044. } /* END test_wc_CamelliaCbcEncryptDecrypt */
  12045. /*
  12046. * Testing wc_RabbitSetKey()
  12047. */
  12048. static int test_wc_RabbitSetKey (void)
  12049. {
  12050. int ret = 0;
  12051. #ifndef NO_RABBIT
  12052. Rabbit rabbit;
  12053. const char* key = "\xAC\xC3\x51\xDC\xF1\x62\xFC\x3B"
  12054. "\xFE\x36\x3D\x2E\x29\x13\x28\x91";
  12055. const char* iv = "\x59\x7E\x26\xC1\x75\xF5\x73\xC3";
  12056. printf(testingFmt, "wc_RabbitSetKey()");
  12057. ret = wc_RabbitSetKey(&rabbit, (byte*)key, (byte*)iv);
  12058. /* Test bad args. */
  12059. if (ret == 0) {
  12060. ret = wc_RabbitSetKey(NULL, (byte*)key, (byte*)iv);
  12061. if (ret == BAD_FUNC_ARG) {
  12062. ret = wc_RabbitSetKey(&rabbit, NULL, (byte*)iv);
  12063. }
  12064. if (ret == BAD_FUNC_ARG) {
  12065. ret = wc_RabbitSetKey(&rabbit, (byte*)key, NULL);
  12066. }
  12067. }
  12068. printf(resultFmt, ret == 0 ? passed : failed);
  12069. #endif
  12070. return ret;
  12071. } /* END test_wc_RabbitSetKey */
  12072. /*
  12073. * Test wc_RabbitProcess()
  12074. */
  12075. static int test_wc_RabbitProcess (void)
  12076. {
  12077. int ret = 0;
  12078. #ifndef NO_RABBIT
  12079. Rabbit enc, dec;
  12080. byte cipher[25];
  12081. byte plain[25];
  12082. const char* key = "\xAC\xC3\x51\xDC\xF1\x62\xFC\x3B"
  12083. "\xFE\x36\x3D\x2E\x29\x13\x28\x91";
  12084. const char* iv = "\x59\x7E\x26\xC1\x75\xF5\x73\xC3";
  12085. const char* input = TEST_STRING;
  12086. unsigned long int inlen = (unsigned long int)TEST_STRING_SZ;
  12087. /* Initialize stack variables. */
  12088. XMEMSET(cipher, 0, sizeof(cipher));
  12089. XMEMSET(plain, 0, sizeof(plain));
  12090. printf(testingFmt, "wc_RabbitProcess()");
  12091. ret = wc_RabbitSetKey(&enc, (byte*)key, (byte*)iv);
  12092. if (ret == 0) {
  12093. ret = wc_RabbitSetKey(&dec, (byte*)key, (byte*)iv);
  12094. }
  12095. if (ret == 0) {
  12096. ret = wc_RabbitProcess(&enc, cipher, (byte*)input, (word32)inlen);
  12097. }
  12098. if (ret == 0) {
  12099. ret = wc_RabbitProcess(&dec, plain, cipher, (word32)inlen);
  12100. if (ret != 0 || XMEMCMP(input, plain, inlen)) {
  12101. ret = WOLFSSL_FATAL_ERROR;
  12102. } else {
  12103. ret = 0;
  12104. }
  12105. }
  12106. /* Test bad args. */
  12107. if (ret == 0) {
  12108. ret = wc_RabbitProcess(NULL, plain, cipher, (word32)inlen);
  12109. if (ret == BAD_FUNC_ARG) {
  12110. ret = wc_RabbitProcess(&dec, NULL, cipher, (word32)inlen);
  12111. }
  12112. if (ret == BAD_FUNC_ARG) {
  12113. ret = wc_RabbitProcess(&dec, plain, NULL, (word32)inlen);
  12114. }
  12115. if (ret == BAD_FUNC_ARG) {
  12116. ret = 0;
  12117. } else {
  12118. ret = WOLFSSL_FATAL_ERROR;
  12119. }
  12120. }
  12121. printf(resultFmt, ret == 0 ? passed : failed);
  12122. #endif
  12123. return ret;
  12124. } /* END test_wc_RabbitProcess */
  12125. /*
  12126. * Testing wc_Arc4SetKey()
  12127. */
  12128. static int test_wc_Arc4SetKey (void)
  12129. {
  12130. int ret = 0;
  12131. #ifndef NO_RC4
  12132. Arc4 arc;
  12133. const char* key = "\x01\x23\x45\x67\x89\xab\xcd\xef";
  12134. int keyLen = 8;
  12135. printf(testingFmt, "wc_Arch4SetKey()");
  12136. ret = wc_Arc4SetKey(&arc, (byte*)key, keyLen);
  12137. /* Test bad args. */
  12138. if (ret == 0) {
  12139. ret = wc_Arc4SetKey(NULL, (byte*)key, keyLen);
  12140. if (ret == BAD_FUNC_ARG)
  12141. ret = wc_Arc4SetKey(&arc, NULL, keyLen); /* NULL key */
  12142. if (ret == BAD_FUNC_ARG)
  12143. ret = wc_Arc4SetKey(&arc, (byte*)key, 0); /* length == 0 */
  12144. if (ret == BAD_FUNC_ARG)
  12145. ret = WOLFSSL_ERROR_NONE;
  12146. else
  12147. ret = WOLFSSL_FATAL_ERROR;
  12148. } /* END test bad args. */
  12149. printf(resultFmt, ret == 0 ? passed : failed);
  12150. #endif
  12151. return ret;
  12152. } /* END test_wc_Arc4SetKey */
  12153. /*
  12154. * Testing wc_Arc4Process for ENC/DEC.
  12155. */
  12156. static int test_wc_Arc4Process (void)
  12157. {
  12158. int ret = 0;
  12159. #ifndef NO_RC4
  12160. Arc4 enc, dec;
  12161. const char* key = "\x01\x23\x45\x67\x89\xab\xcd\xef";
  12162. int keyLen = 8;
  12163. const char* input = "\x01\x23\x45\x67\x89\xab\xcd\xef";
  12164. byte cipher[8];
  12165. byte plain[8];
  12166. /* Init stack variables */
  12167. XMEMSET(cipher, 0, sizeof(cipher));
  12168. XMEMSET(plain, 0, sizeof(plain));
  12169. /* Use for async. */
  12170. ret = wc_Arc4Init(&enc, NULL, INVALID_DEVID);
  12171. if (ret == 0) {
  12172. ret = wc_Arc4Init(&dec, NULL, INVALID_DEVID);
  12173. }
  12174. printf(testingFmt, "wc_Arc4Process()");
  12175. if (ret == 0) {
  12176. ret = wc_Arc4SetKey(&enc, (byte*)key, keyLen);
  12177. }
  12178. if (ret == 0) {
  12179. ret = wc_Arc4SetKey(&dec, (byte*)key, keyLen);
  12180. }
  12181. if (ret == 0) {
  12182. ret = wc_Arc4Process(&enc, cipher, (byte*)input, keyLen);
  12183. }
  12184. if (ret == 0) {
  12185. ret = wc_Arc4Process(&dec, plain, cipher, keyLen);
  12186. if (ret != 0 || XMEMCMP(plain, input, keyLen)) {
  12187. ret = WOLFSSL_FATAL_ERROR;
  12188. } else {
  12189. ret = 0;
  12190. }
  12191. }
  12192. /* Bad args. */
  12193. if (ret == 0) {
  12194. ret = wc_Arc4Process(NULL, plain, cipher, keyLen);
  12195. if (ret == BAD_FUNC_ARG) {
  12196. ret = wc_Arc4Process(&dec, NULL, cipher, keyLen);
  12197. }
  12198. if (ret == BAD_FUNC_ARG) {
  12199. ret = wc_Arc4Process(&dec, plain, NULL, keyLen);
  12200. }
  12201. if (ret == BAD_FUNC_ARG) {
  12202. ret = 0;
  12203. } else {
  12204. ret = WOLFSSL_FATAL_ERROR;
  12205. }
  12206. }
  12207. printf(resultFmt, ret == 0 ? passed : failed);
  12208. wc_Arc4Free(&enc);
  12209. wc_Arc4Free(&dec);
  12210. #endif
  12211. return ret;
  12212. }/* END test_wc_Arc4Process */
  12213. /*
  12214. * Testing wc_Init RsaKey()
  12215. */
  12216. static int test_wc_InitRsaKey (void)
  12217. {
  12218. int ret = 0;
  12219. #ifndef NO_RSA
  12220. RsaKey key;
  12221. printf(testingFmt, "wc_InitRsaKey()");
  12222. ret = wc_InitRsaKey(&key, NULL);
  12223. /* Test bad args. */
  12224. if (ret == 0) {
  12225. ret = wc_InitRsaKey(NULL, NULL);
  12226. #ifndef HAVE_USER_RSA
  12227. if (ret == BAD_FUNC_ARG) {
  12228. ret = 0;
  12229. } else {
  12230. #else
  12231. if (ret == USER_CRYPTO_ERROR) {
  12232. ret = 0;
  12233. } else {
  12234. #endif
  12235. ret = WOLFSSL_FATAL_ERROR;
  12236. }
  12237. } /* end if */
  12238. if (wc_FreeRsaKey(&key) || ret != 0) {
  12239. ret = WOLFSSL_FATAL_ERROR;
  12240. }
  12241. printf(resultFmt, ret == 0 ? passed : failed);
  12242. #endif
  12243. return ret;
  12244. } /* END test_wc_InitRsaKey */
  12245. /*
  12246. * Testing wc_RsaPrivateKeyDecode()
  12247. */
  12248. static int test_wc_RsaPrivateKeyDecode (void)
  12249. {
  12250. int ret = 0;
  12251. #if !defined(NO_RSA) && (defined(USE_CERT_BUFFERS_1024)\
  12252. || defined(USE_CERT_BUFFERS_2048)) && !defined(HAVE_FIPS)
  12253. RsaKey key;
  12254. byte* tmp;
  12255. word32 idx = 0;
  12256. int bytes = 0;
  12257. printf(testingFmt, "wc_RsaPrivateKeyDecode()");
  12258. tmp = (byte*)XMALLOC(FOURK_BUF, NULL, DYNAMIC_TYPE_TMP_BUFFER);
  12259. if (tmp == NULL) {
  12260. ret = WOLFSSL_FATAL_ERROR;
  12261. }
  12262. if (ret == 0) {
  12263. ret = wc_InitRsaKey(&key, NULL);
  12264. }
  12265. if (ret == 0) {
  12266. #ifdef USE_CERT_BUFFERS_1024
  12267. XMEMCPY(tmp, client_key_der_1024, sizeof_client_key_der_1024);
  12268. bytes = sizeof_client_key_der_1024;
  12269. #else
  12270. XMEMCPY(tmp, client_key_der_2048, sizeof_client_key_der_2048);
  12271. bytes = sizeof_client_key_der_2048;
  12272. #endif /* Use cert buffers. */
  12273. ret = wc_RsaPrivateKeyDecode(tmp, &idx, &key, (word32)bytes);
  12274. }
  12275. #ifndef HAVE_USER_RSA
  12276. /* Test bad args. */
  12277. if (ret == 0) {
  12278. ret = wc_RsaPrivateKeyDecode(NULL, &idx, &key, (word32)bytes);
  12279. if (ret == BAD_FUNC_ARG) {
  12280. ret = wc_RsaPrivateKeyDecode(tmp, NULL, &key, (word32)bytes);
  12281. }
  12282. if (ret == BAD_FUNC_ARG) {
  12283. ret = wc_RsaPrivateKeyDecode(tmp, &idx, NULL, (word32)bytes);
  12284. }
  12285. if (ret == BAD_FUNC_ARG) {
  12286. ret = 0;
  12287. } else {
  12288. ret = WOLFSSL_FATAL_ERROR;
  12289. }
  12290. }
  12291. #else
  12292. /* Test bad args. User RSA. */
  12293. if (ret == 0) {
  12294. ret = wc_RsaPrivateKeyDecode(NULL, &idx, &key, (word32)bytes);
  12295. if (ret == USER_CRYPTO_ERROR) {
  12296. ret = wc_RsaPrivateKeyDecode(tmp, NULL, &key, (word32)bytes);
  12297. }
  12298. if (ret == USER_CRYPTO_ERROR) {
  12299. ret = wc_RsaPrivateKeyDecode(tmp, &idx, NULL, (word32)bytes);
  12300. }
  12301. if (ret == USER_CRYPTO_ERROR) {
  12302. ret = 0;
  12303. } else {
  12304. ret = WOLFSSL_FATAL_ERROR;
  12305. }
  12306. }
  12307. #endif
  12308. if (tmp != NULL) {
  12309. XFREE(tmp, NULL, DYNAMIC_TYPE_TMP_BUFFER);
  12310. }
  12311. if (wc_FreeRsaKey(&key) || ret != 0) {
  12312. ret = WOLFSSL_FATAL_ERROR;
  12313. }
  12314. printf(resultFmt, ret == 0 ? passed : failed);
  12315. #endif
  12316. return ret;
  12317. } /* END test_wc_RsaPrivateKeyDecode */
  12318. /*
  12319. * Testing wc_RsaPublicKeyDecode()
  12320. */
  12321. static int test_wc_RsaPublicKeyDecode (void)
  12322. {
  12323. int ret = 0;
  12324. #if !defined(NO_RSA) && (defined(USE_CERT_BUFFERS_1024)\
  12325. || defined(USE_CERT_BUFFERS_2048)) && !defined(HAVE_FIPS)
  12326. RsaKey keyPub;
  12327. byte* tmp;
  12328. word32 idx = 0;
  12329. int bytes = 0;
  12330. word32 keySz = 0;
  12331. word32 tstKeySz = 0;
  12332. tmp = (byte*)XMALLOC(GEN_BUF, NULL, DYNAMIC_TYPE_TMP_BUFFER);
  12333. if (tmp == NULL) {
  12334. ret = WOLFSSL_FATAL_ERROR;
  12335. }
  12336. if (ret == 0) {
  12337. ret = wc_InitRsaKey(&keyPub, NULL);
  12338. }
  12339. if (ret == 0) {
  12340. #ifdef USE_CERT_BUFFERS_1024
  12341. XMEMCPY(tmp, client_keypub_der_1024, sizeof_client_keypub_der_1024);
  12342. bytes = sizeof_client_keypub_der_1024;
  12343. keySz = 1024;
  12344. #else
  12345. XMEMCPY(tmp, client_keypub_der_2048, sizeof_client_keypub_der_2048);
  12346. bytes = sizeof_client_keypub_der_2048;
  12347. keySz = 2048;
  12348. #endif
  12349. printf(testingFmt, "wc_RsaPublicKeyDecode()");
  12350. ret = wc_RsaPublicKeyDecode(tmp, &idx, &keyPub, (word32)bytes);
  12351. }
  12352. #ifndef HAVE_USER_RSA
  12353. /* Pass in bad args. */
  12354. if (ret == 0) {
  12355. ret = wc_RsaPublicKeyDecode(NULL, &idx, &keyPub, (word32)bytes);
  12356. if (ret == BAD_FUNC_ARG) {
  12357. ret = wc_RsaPublicKeyDecode(tmp, NULL, &keyPub, (word32)bytes);
  12358. }
  12359. if (ret == BAD_FUNC_ARG) {
  12360. ret = wc_RsaPublicKeyDecode(tmp, &idx, NULL, (word32)bytes);
  12361. }
  12362. if (ret == BAD_FUNC_ARG) {
  12363. ret = 0;
  12364. } else {
  12365. ret = WOLFSSL_FATAL_ERROR;
  12366. }
  12367. }
  12368. #else
  12369. /* Pass in bad args. */
  12370. if (ret == 0) {
  12371. ret = wc_RsaPublicKeyDecode(NULL, &idx, &keyPub, (word32)bytes);
  12372. if (ret == USER_CRYPTO_ERROR) {
  12373. ret = wc_RsaPublicKeyDecode(tmp, NULL, &keyPub, (word32)bytes);
  12374. }
  12375. if (ret == USER_CRYPTO_ERROR) {
  12376. ret = wc_RsaPublicKeyDecode(tmp, &idx, NULL, (word32)bytes);
  12377. }
  12378. if (ret == USER_CRYPTO_ERROR) {
  12379. ret = 0;
  12380. } else {
  12381. ret = WOLFSSL_FATAL_ERROR;
  12382. }
  12383. }
  12384. #endif
  12385. if (wc_FreeRsaKey(&keyPub) || ret != 0) {
  12386. ret = WOLFSSL_FATAL_ERROR;
  12387. }
  12388. if (ret == 0) {
  12389. /* Test for getting modulus key size */
  12390. idx = 0;
  12391. ret = wc_RsaPublicKeyDecode_ex(tmp, &idx, (word32)bytes, NULL,
  12392. &tstKeySz, NULL, NULL);
  12393. ret = (ret == 0 && tstKeySz == keySz/8) ? 0 : WOLFSSL_FATAL_ERROR;
  12394. }
  12395. if (tmp != NULL) {
  12396. XFREE(tmp, NULL, DYNAMIC_TYPE_TMP_BUFFER);
  12397. }
  12398. printf(resultFmt, ret == 0 ? passed : failed);
  12399. #endif
  12400. return ret;
  12401. } /* END test_wc_RsaPublicKeyDecode */
  12402. /*
  12403. * Testing wc_RsaPublicKeyDecodeRaw()
  12404. */
  12405. static int test_wc_RsaPublicKeyDecodeRaw (void)
  12406. {
  12407. int ret = 0;
  12408. #if !defined(NO_RSA)
  12409. RsaKey key;
  12410. const byte n = 0x23;
  12411. const byte e = 0x03;
  12412. int nSz = sizeof(n);
  12413. int eSz = sizeof(e);
  12414. printf(testingFmt, "wc_RsaPublicKeyDecodeRaw()");
  12415. ret = wc_InitRsaKey(&key, NULL);
  12416. if (ret == 0) {
  12417. ret = wc_RsaPublicKeyDecodeRaw(&n, nSz, &e, eSz, &key);
  12418. }
  12419. #ifndef HAVE_USER_RSA
  12420. /* Pass in bad args. */
  12421. if (ret == 0) {
  12422. ret = wc_RsaPublicKeyDecodeRaw(NULL, nSz, &e, eSz, &key);
  12423. if (ret == BAD_FUNC_ARG) {
  12424. ret = wc_RsaPublicKeyDecodeRaw(&n, nSz, NULL, eSz, &key);
  12425. }
  12426. if (ret == BAD_FUNC_ARG) {
  12427. ret = wc_RsaPublicKeyDecodeRaw(&n, nSz, &e, eSz, NULL);
  12428. }
  12429. if (ret == BAD_FUNC_ARG) {
  12430. ret = 0;
  12431. } else {
  12432. ret = WOLFSSL_FATAL_ERROR;
  12433. }
  12434. }
  12435. #else
  12436. /* Pass in bad args. User RSA. */
  12437. if (ret == 0) {
  12438. ret = wc_RsaPublicKeyDecodeRaw(NULL, nSz, &e, eSz, &key);
  12439. if (ret == USER_CRYPTO_ERROR) {
  12440. ret = wc_RsaPublicKeyDecodeRaw(&n, nSz, NULL, eSz, &key);
  12441. }
  12442. if (ret == USER_CRYPTO_ERROR) {
  12443. ret = wc_RsaPublicKeyDecodeRaw(&n, nSz, &e, eSz, NULL);
  12444. }
  12445. if (ret == USER_CRYPTO_ERROR) {
  12446. ret = 0;
  12447. } else {
  12448. ret = WOLFSSL_FATAL_ERROR;
  12449. }
  12450. }
  12451. #endif
  12452. if (wc_FreeRsaKey(&key) || ret != 0) {
  12453. ret = WOLFSSL_FATAL_ERROR;
  12454. }
  12455. printf(resultFmt, ret == 0 ? passed : failed);
  12456. #endif
  12457. return ret;
  12458. } /* END test_wc_RsaPublicKeyDecodeRaw */
  12459. #if (!defined(NO_RSA) || !defined(HAVE_FAST_RSA)) && defined(WOLFSSL_KEY_GEN)
  12460. /* In FIPS builds, wc_MakeRsaKey() will return an error if it cannot find
  12461. * a probable prime in 5*(modLen/2) attempts. In non-FIPS builds, it keeps
  12462. * trying until it gets a probable prime. */
  12463. #ifdef HAVE_FIPS
  12464. static int MakeRsaKeyRetry(RsaKey* key, int size, long e, WC_RNG* rng)
  12465. {
  12466. int ret;
  12467. for (;;) {
  12468. ret = wc_MakeRsaKey(key, size, e, rng);
  12469. if (ret != PRIME_GEN_E) break;
  12470. printf("MakeRsaKey couldn't find prime; trying again.\n");
  12471. }
  12472. return ret;
  12473. }
  12474. #define MAKE_RSA_KEY(a, b, c, d) MakeRsaKeyRetry(a, b, c, d)
  12475. #else
  12476. #define MAKE_RSA_KEY(a, b, c, d) wc_MakeRsaKey(a, b, c, d)
  12477. #endif
  12478. #endif
  12479. /*
  12480. * Testing wc_MakeRsaKey()
  12481. */
  12482. static int test_wc_MakeRsaKey (void)
  12483. {
  12484. int ret = 0;
  12485. #if !defined(NO_RSA) && defined(WOLFSSL_KEY_GEN)
  12486. RsaKey genKey;
  12487. WC_RNG rng;
  12488. #if !defined(WOLFSSL_SP_MATH) || defined(WOLFSSL_SP_MATH_ALL)
  12489. int bits = 1024;
  12490. #else
  12491. int bits = 2048;
  12492. #endif
  12493. printf(testingFmt, "wc_MakeRsaKey()");
  12494. ret = wc_InitRsaKey(&genKey, NULL);
  12495. if (ret == 0) {
  12496. ret = wc_InitRng(&rng);
  12497. if (ret == 0) {
  12498. ret = MAKE_RSA_KEY(&genKey, bits, WC_RSA_EXPONENT, &rng);
  12499. if (ret == 0 && wc_FreeRsaKey(&genKey) != 0) {
  12500. ret = WOLFSSL_FATAL_ERROR;
  12501. }
  12502. }
  12503. }
  12504. #ifndef HAVE_USER_RSA
  12505. /* Test bad args. */
  12506. if (ret == 0) {
  12507. ret = MAKE_RSA_KEY(NULL, bits, WC_RSA_EXPONENT, &rng);
  12508. if (ret == BAD_FUNC_ARG) {
  12509. ret = MAKE_RSA_KEY(&genKey, bits, WC_RSA_EXPONENT, NULL);
  12510. }
  12511. if (ret == BAD_FUNC_ARG) {
  12512. /* e < 3 */
  12513. ret = MAKE_RSA_KEY(&genKey, bits, 2, &rng);
  12514. }
  12515. if (ret == BAD_FUNC_ARG) {
  12516. /* e & 1 == 0 */
  12517. ret = MAKE_RSA_KEY(&genKey, bits, 6, &rng);
  12518. }
  12519. if (ret == BAD_FUNC_ARG) {
  12520. ret = 0;
  12521. } else {
  12522. ret = WOLFSSL_FATAL_ERROR;
  12523. }
  12524. }
  12525. #else
  12526. /* Test bad args. */
  12527. if (ret == 0) {
  12528. ret = MAKE_RSA_KEY(NULL, bits, WC_RSA_EXPONENT, &rng);
  12529. if (ret == USER_CRYPTO_ERROR) {
  12530. ret = MAKE_RSA_KEY(&genKey, bits, WC_RSA_EXPONENT, NULL);
  12531. }
  12532. if (ret == USER_CRYPTO_ERROR) {
  12533. /* e < 3 */
  12534. ret = MAKE_RSA_KEY(&genKey, bits, 2, &rng);
  12535. }
  12536. if (ret == USER_CRYPTO_ERROR) {
  12537. /* e & 1 == 0 */
  12538. ret = MAKE_RSA_KEY(&genKey, bits, 6, &rng);
  12539. }
  12540. if (ret == USER_CRYPTO_ERROR) {
  12541. ret = 0;
  12542. } else {
  12543. ret = WOLFSSL_FATAL_ERROR;
  12544. }
  12545. }
  12546. #endif
  12547. if (wc_FreeRng(&rng) || ret != 0) {
  12548. ret = WOLFSSL_FATAL_ERROR;
  12549. }
  12550. printf(resultFmt, ret == 0 ? passed : failed);
  12551. #endif
  12552. return ret;
  12553. } /* END test_wc_MakeRsaKey */
  12554. /*
  12555. * Test the bounds checking on the cipher text versus the key modulus.
  12556. * 1. Make a new RSA key.
  12557. * 2. Set c to 1.
  12558. * 3. Decrypt c into k. (error)
  12559. * 4. Copy the key modulus to c and sub 1 from the copy.
  12560. * 5. Decrypt c into k. (error)
  12561. * Valid bounds test cases are covered by all the other RSA tests.
  12562. */
  12563. static int test_RsaDecryptBoundsCheck(void)
  12564. {
  12565. int ret = 0;
  12566. #if !defined(NO_RSA) && defined(WC_RSA_NO_PADDING) && \
  12567. (defined(USE_CERT_BUFFERS_1024) || defined(USE_CERT_BUFFERS_2048)) && \
  12568. defined(WOLFSSL_PUBLIC_MP) && !defined(NO_RSA_BOUNDS_CHECK)
  12569. RsaKey key;
  12570. byte flatC[256];
  12571. word32 flatCSz;
  12572. byte out[256];
  12573. word32 outSz = sizeof(out);
  12574. WC_RNG rng;
  12575. printf(testingFmt, "RSA decrypt bounds check");
  12576. XMEMSET(&rng, 0, sizeof(rng));
  12577. ret = wc_InitRng(&rng);
  12578. if (ret == 0)
  12579. ret = wc_InitRsaKey(&key, NULL);
  12580. if (ret == 0) {
  12581. const byte* derKey;
  12582. word32 derKeySz;
  12583. word32 idx = 0;
  12584. #ifdef USE_CERT_BUFFERS_1024
  12585. derKey = server_key_der_1024;
  12586. derKeySz = (word32)sizeof_server_key_der_1024;
  12587. flatCSz = 128;
  12588. #else
  12589. derKey = server_key_der_2048;
  12590. derKeySz = (word32)sizeof_server_key_der_2048;
  12591. flatCSz = 256;
  12592. #endif
  12593. ret = wc_RsaPrivateKeyDecode(derKey, &idx, &key, derKeySz);
  12594. }
  12595. if (ret == 0) {
  12596. XMEMSET(flatC, 0, flatCSz);
  12597. flatC[flatCSz-1] = 1;
  12598. ret = wc_RsaDirect(flatC, flatCSz, out, &outSz, &key,
  12599. RSA_PRIVATE_DECRYPT, &rng);
  12600. }
  12601. if (ret == RSA_OUT_OF_RANGE_E) {
  12602. mp_int c;
  12603. mp_init_copy(&c, &key.n);
  12604. mp_sub_d(&c, 1, &c);
  12605. mp_to_unsigned_bin(&c, flatC);
  12606. ret = wc_RsaDirect(flatC, sizeof(flatC), out, &outSz, &key,
  12607. RSA_PRIVATE_DECRYPT, NULL);
  12608. mp_clear(&c);
  12609. }
  12610. if (ret == RSA_OUT_OF_RANGE_E)
  12611. ret = 0;
  12612. if (wc_FreeRsaKey(&key) || wc_FreeRng(&rng) || ret != 0)
  12613. ret = WOLFSSL_FATAL_ERROR;
  12614. printf(resultFmt, ret == 0 ? passed : failed);
  12615. #endif
  12616. return ret;
  12617. } /* END test_wc_RsaDecryptBoundsCheck */
  12618. /*
  12619. * Testing wc_SetKeyUsage()
  12620. */
  12621. static int test_wc_SetKeyUsage (void)
  12622. {
  12623. int ret = 0;
  12624. #if !defined(NO_RSA) && defined(WOLFSSL_CERT_EXT) && defined(WOLFSSL_CERT_GEN) && !defined(HAVE_FIPS)
  12625. Cert myCert;
  12626. ret = wc_InitCert(&myCert);
  12627. printf(testingFmt, "wc_SetKeyUsage()");
  12628. if (ret == 0) {
  12629. ret = wc_SetKeyUsage(&myCert, "keyEncipherment,keyAgreement");
  12630. if (ret == 0) {
  12631. ret = wc_SetKeyUsage(&myCert, "digitalSignature,nonRepudiation");
  12632. }
  12633. if (ret == 0) {
  12634. ret = wc_SetKeyUsage(&myCert, "contentCommitment,encipherOnly");
  12635. }
  12636. if (ret == 0) {
  12637. ret = wc_SetKeyUsage(&myCert, "decipherOnly");
  12638. }
  12639. if (ret == 0) {
  12640. ret = wc_SetKeyUsage(&myCert, "cRLSign,keyCertSign");
  12641. }
  12642. }
  12643. /* Test bad args. */
  12644. if (ret == 0) {
  12645. ret = wc_SetKeyUsage(NULL, "decipherOnly");
  12646. if (ret == BAD_FUNC_ARG) {
  12647. ret = wc_SetKeyUsage(&myCert, NULL);
  12648. }
  12649. if (ret == BAD_FUNC_ARG) {
  12650. ret = wc_SetKeyUsage(&myCert, "");
  12651. }
  12652. if (ret == KEYUSAGE_E) {
  12653. ret = wc_SetKeyUsage(&myCert, ",");
  12654. }
  12655. if (ret == KEYUSAGE_E) {
  12656. ret = wc_SetKeyUsage(&myCert, "digitalSignature, cRLSign");
  12657. }
  12658. if (ret == KEYUSAGE_E) {
  12659. ret = 0;
  12660. } else {
  12661. ret = WOLFSSL_FATAL_ERROR;
  12662. }
  12663. }
  12664. printf(resultFmt, ret == 0 ? passed : failed);
  12665. #endif
  12666. return ret;
  12667. } /* END test_wc_SetKeyUsage */
  12668. /*
  12669. * Testing wc_CheckProbablePrime()
  12670. */
  12671. static int test_wc_CheckProbablePrime (void)
  12672. {
  12673. int ret = 0;
  12674. #if !defined(NO_RSA) && defined(WOLFSSL_KEY_GEN) && !defined(HAVE_SELFTEST) && \
  12675. !defined(HAVE_FIPS) && defined(WC_RSA_BLINDING)
  12676. #define CHECK_PROBABLE_PRIME_KEY_BITS 2048
  12677. RsaKey key;
  12678. WC_RNG rng;
  12679. byte e[3];
  12680. word32 eSz = (word32)sizeof(e);
  12681. byte n[CHECK_PROBABLE_PRIME_KEY_BITS / 8];
  12682. word32 nSz = (word32)sizeof(n);
  12683. byte d[CHECK_PROBABLE_PRIME_KEY_BITS / 8];
  12684. word32 dSz = (word32)sizeof(d);
  12685. byte p[CHECK_PROBABLE_PRIME_KEY_BITS / 8 / 2];
  12686. word32 pSz = (word32)sizeof(p);
  12687. byte q[CHECK_PROBABLE_PRIME_KEY_BITS / 8 / 2];
  12688. word32 qSz = (word32)sizeof(q);
  12689. int nlen = CHECK_PROBABLE_PRIME_KEY_BITS;
  12690. int* isPrime;
  12691. int test[5];
  12692. isPrime = test;
  12693. printf(testingFmt, "wc_CheckProbablePrime()");
  12694. ret = wc_InitRsaKey(&key, NULL);
  12695. if (ret == 0) {
  12696. ret = wc_InitRng(&rng);
  12697. }
  12698. if (ret == 0) {
  12699. ret = wc_RsaSetRNG(&key, &rng);
  12700. }
  12701. if (ret == 0) {
  12702. ret = wc_MakeRsaKey(&key, CHECK_PROBABLE_PRIME_KEY_BITS, WC_RSA_EXPONENT, &rng);
  12703. }
  12704. if (ret == 0) {
  12705. ret = wc_RsaExportKey(&key, e, &eSz, n, &nSz, d, &dSz,
  12706. p, &pSz, q, &qSz);
  12707. }
  12708. /* Bad cases */
  12709. if (ret == 0) {
  12710. ret = wc_CheckProbablePrime(NULL, pSz, q, qSz, e, eSz,
  12711. nlen, isPrime);
  12712. if (ret == BAD_FUNC_ARG) {
  12713. ret = 0;
  12714. }
  12715. }
  12716. if (ret == 0) {
  12717. ret = wc_CheckProbablePrime(p, 0, q, qSz, e, eSz,
  12718. nlen, isPrime);
  12719. if (ret == BAD_FUNC_ARG) {
  12720. ret = 0;
  12721. }
  12722. }
  12723. if (ret == 0) {
  12724. ret = wc_CheckProbablePrime(p, pSz, NULL, qSz, e, eSz,
  12725. nlen, isPrime);
  12726. if (ret == BAD_FUNC_ARG) {
  12727. ret = 0;
  12728. }
  12729. }
  12730. if (ret == 0) {
  12731. ret = wc_CheckProbablePrime(p, pSz, q, 0, e, eSz,
  12732. nlen, isPrime);
  12733. if (ret == BAD_FUNC_ARG) {
  12734. ret = 0;
  12735. }
  12736. }
  12737. if (ret == 0) {
  12738. ret = wc_CheckProbablePrime(p, pSz, q, qSz, NULL, eSz,
  12739. nlen, isPrime);
  12740. if (ret == BAD_FUNC_ARG) {
  12741. ret = 0;
  12742. }
  12743. }
  12744. if (ret == 0) {
  12745. ret = wc_CheckProbablePrime(p, pSz, q, qSz, e, 0,
  12746. nlen, isPrime);
  12747. if (ret == BAD_FUNC_ARG) {
  12748. ret = 0;
  12749. }
  12750. }
  12751. if (ret == 0) {
  12752. ret = wc_CheckProbablePrime(NULL, 0, NULL, 0, NULL, 0,
  12753. nlen, isPrime);
  12754. if (ret == BAD_FUNC_ARG) {
  12755. ret = 0;
  12756. }
  12757. }
  12758. /* Good case */
  12759. if (ret == 0) {
  12760. ret = wc_CheckProbablePrime(p, pSz, q, qSz, e, eSz,
  12761. nlen, isPrime);
  12762. }
  12763. wc_FreeRsaKey(&key);
  12764. wc_FreeRng(&rng);
  12765. printf(resultFmt, ret == 0 ? passed : failed);
  12766. #undef CHECK_PROBABLE_PRIME_KEY_BITS
  12767. #endif
  12768. return ret;
  12769. } /* END test_wc_CheckProbablePrime */
  12770. /*
  12771. * Testing wc_RsaPSS_Verify()
  12772. */
  12773. static int test_wc_RsaPSS_Verify (void)
  12774. {
  12775. int ret = 0;
  12776. #if !defined(NO_RSA) && defined(WOLFSSL_KEY_GEN) && !defined(HAVE_SELFTEST) && \
  12777. !defined(HAVE_FIPS) && defined(WC_RSA_BLINDING)
  12778. RsaKey key;
  12779. WC_RNG rng;
  12780. int sz = 256;
  12781. byte* pt;
  12782. const char* szMessage = "This is the string to be signed";
  12783. unsigned char pSignature[2048/8]; /* 2048 is RSA_KEY_SIZE */
  12784. unsigned char pDecrypted[2048/8];
  12785. word32 outLen = sizeof(pDecrypted);
  12786. pt = pDecrypted;
  12787. printf(testingFmt, "wc_RsaPSS_Verify()");
  12788. ret = wc_InitRsaKey(&key, NULL);
  12789. if (ret == 0) {
  12790. ret = wc_InitRng(&rng);
  12791. }
  12792. if (ret == 0) {
  12793. ret = wc_RsaSetRNG(&key, &rng);
  12794. }
  12795. if (ret == 0) {
  12796. ret = wc_MakeRsaKey(&key, 2048, WC_RSA_EXPONENT, &rng);
  12797. }
  12798. if (ret == 0) {
  12799. ret = wc_RsaPSS_Sign((byte*)szMessage, (word32)XSTRLEN(szMessage)+1,
  12800. pSignature, sizeof(pSignature),
  12801. WC_HASH_TYPE_SHA256, WC_MGF1SHA256, &key, &rng);
  12802. if (ret > 0 ){
  12803. sz = ret;
  12804. ret = 0;
  12805. }
  12806. }
  12807. /* Bad cases */
  12808. if (ret == 0) {
  12809. ret = wc_RsaPSS_Verify(NULL, sz, pt, outLen,
  12810. WC_HASH_TYPE_SHA256, WC_MGF1SHA256, &key);
  12811. if (ret == BAD_FUNC_ARG) {
  12812. ret = 0;
  12813. }
  12814. }
  12815. if (ret == 0) {
  12816. ret = wc_RsaPSS_Verify(pSignature, 0, pt, outLen,
  12817. WC_HASH_TYPE_SHA256, WC_MGF1SHA256, &key);
  12818. if (ret == BAD_FUNC_ARG) {
  12819. ret = 0;
  12820. }
  12821. }
  12822. if (ret == 0) {
  12823. ret = wc_RsaPSS_Verify(pSignature, sz, NULL, outLen,
  12824. WC_HASH_TYPE_SHA256, WC_MGF1SHA256, &key);
  12825. if (ret == BAD_FUNC_ARG) {
  12826. ret = 0;
  12827. }
  12828. }
  12829. if (ret == 0) {
  12830. ret = wc_RsaPSS_Verify(NULL, 0, NULL, outLen,
  12831. WC_HASH_TYPE_SHA256, WC_MGF1SHA256, &key);
  12832. if (ret == BAD_FUNC_ARG) {
  12833. ret = 0;
  12834. }
  12835. }
  12836. /* Good case */
  12837. if (ret == 0) {
  12838. ret = wc_RsaPSS_Verify(pSignature, sz, pt, outLen,
  12839. WC_HASH_TYPE_SHA256, WC_MGF1SHA256, &key);
  12840. if (ret > 0) {
  12841. ret = 0;
  12842. }
  12843. }
  12844. wc_FreeRsaKey(&key);
  12845. wc_FreeRng(&rng);
  12846. printf(resultFmt, ret == 0 ? passed : failed);
  12847. #endif
  12848. return ret;
  12849. } /* END test_wc_RsaPSS_Verify */
  12850. /*
  12851. * Testing wc_RsaPSS_VerifyCheck()
  12852. */
  12853. static int test_wc_RsaPSS_VerifyCheck (void)
  12854. {
  12855. int ret = 0;
  12856. #if !defined(NO_RSA) && defined(WOLFSSL_KEY_GEN) && !defined(HAVE_SELFTEST) && \
  12857. !defined(HAVE_FIPS) && defined(WC_RSA_BLINDING)
  12858. RsaKey key;
  12859. WC_RNG rng;
  12860. int sz = 256; /* 2048/8 */
  12861. byte* pt;
  12862. byte digest[32];
  12863. word32 digestSz;
  12864. unsigned char pSignature[2048/8]; /* 2048 is RSA_KEY_SIZE */
  12865. word32 pSignatureSz = sizeof(pSignature);
  12866. unsigned char pDecrypted[2048/8];
  12867. word32 outLen = sizeof(pDecrypted);
  12868. pt = pDecrypted;
  12869. printf(testingFmt, "wc_RsaPSS_VerifyCheck()");
  12870. XMEMSET(digest, 0, sizeof(digest));
  12871. XMEMSET(pSignature, 0, sizeof(pSignature));
  12872. ret = wc_InitRsaKey(&key, NULL);
  12873. if (ret == 0) {
  12874. ret = wc_InitRng(&rng);
  12875. }
  12876. if (ret == 0) {
  12877. ret = wc_RsaSetRNG(&key, &rng);
  12878. }
  12879. if (ret == 0) {
  12880. ret = wc_MakeRsaKey(&key, 2048, WC_RSA_EXPONENT, &rng);
  12881. }
  12882. if (ret == 0) {
  12883. digestSz = wc_HashGetDigestSize(WC_HASH_TYPE_SHA256);
  12884. ret = wc_Hash(WC_HASH_TYPE_SHA256, pSignature, sz, digest, digestSz);
  12885. }
  12886. if (ret == 0) {
  12887. ret = wc_RsaPSS_Sign(digest, digestSz, pSignature, pSignatureSz,
  12888. WC_HASH_TYPE_SHA256, WC_MGF1SHA256, &key, &rng);
  12889. if (ret > 0 ){
  12890. sz = ret;
  12891. ret = 0;
  12892. }
  12893. }
  12894. /* Bad cases */
  12895. if (ret == 0) {
  12896. ret = wc_RsaPSS_VerifyCheck(NULL, sz, pt, outLen,
  12897. digest, digestSz, WC_HASH_TYPE_SHA256, WC_MGF1SHA256, &key);
  12898. if (ret == BAD_FUNC_ARG) {
  12899. ret = 0;
  12900. }
  12901. }
  12902. if (ret == 0) {
  12903. ret = wc_RsaPSS_VerifyCheck(pSignature, 0, pt, outLen,
  12904. digest, digestSz, WC_HASH_TYPE_SHA256, WC_MGF1SHA256, &key);
  12905. if (ret == BAD_FUNC_ARG) {
  12906. ret = 0;
  12907. }
  12908. }
  12909. if (ret == 0) {
  12910. ret = wc_RsaPSS_VerifyCheck(pSignature, sz, NULL, outLen,
  12911. digest, digestSz, WC_HASH_TYPE_SHA256, WC_MGF1SHA256, &key);
  12912. if (ret == BAD_FUNC_ARG) {
  12913. ret = 0;
  12914. }
  12915. }
  12916. if (ret == 0) {
  12917. ret = wc_RsaPSS_VerifyCheck(NULL, 0, NULL, outLen,
  12918. digest, digestSz, WC_HASH_TYPE_SHA256, WC_MGF1SHA256, &key);
  12919. if (ret == BAD_FUNC_ARG) {
  12920. ret = 0;
  12921. }
  12922. }
  12923. /* Good case */
  12924. if (ret == 0) {
  12925. ret = wc_RsaPSS_VerifyCheck(pSignature, sz, pt, outLen,
  12926. digest, digestSz, WC_HASH_TYPE_SHA256, WC_MGF1SHA256, &key);
  12927. if (ret > 0) {
  12928. ret = 0;
  12929. }
  12930. }
  12931. wc_FreeRsaKey(&key);
  12932. wc_FreeRng(&rng);
  12933. printf(resultFmt, ret == 0 ? passed : failed);
  12934. #endif
  12935. return ret;
  12936. } /* END test_wc_RsaPSS_VerifyCheck */
  12937. /*
  12938. * Testing wc_RsaPSS_VerifyCheckInline()
  12939. */
  12940. static int test_wc_RsaPSS_VerifyCheckInline (void)
  12941. {
  12942. int ret = 0;
  12943. #if !defined(NO_RSA) && defined(WOLFSSL_KEY_GEN) && !defined(HAVE_SELFTEST) && \
  12944. !defined(HAVE_FIPS) && defined(WC_RSA_BLINDING)
  12945. RsaKey key;
  12946. WC_RNG rng;
  12947. int sz = 256;
  12948. byte* pt;
  12949. byte digest[32];
  12950. word32 digestSz;
  12951. unsigned char pSignature[2048/8]; /* 2048 is RSA_KEY_SIZE */
  12952. unsigned char pDecrypted[2048/8];
  12953. pt = pDecrypted;
  12954. printf(testingFmt, "wc_RsaPSS_VerifyCheckInline()");
  12955. ret = wc_InitRsaKey(&key, NULL);
  12956. XMEMSET(digest, 0, sizeof(digest));
  12957. XMEMSET(pSignature, 0, sizeof(pSignature));
  12958. if (ret == 0) {
  12959. ret = wc_InitRng(&rng);
  12960. }
  12961. if (ret == 0) {
  12962. ret = wc_RsaSetRNG(&key, &rng);
  12963. }
  12964. if (ret == 0) {
  12965. ret = wc_MakeRsaKey(&key, 2048, WC_RSA_EXPONENT, &rng);
  12966. }
  12967. if (ret == 0) {
  12968. digestSz = wc_HashGetDigestSize(WC_HASH_TYPE_SHA256);
  12969. ret = wc_Hash(WC_HASH_TYPE_SHA256, pSignature, sz, digest, digestSz);
  12970. }
  12971. if (ret == 0) {
  12972. ret = wc_RsaPSS_Sign(digest, digestSz, pSignature, sizeof(pSignature),
  12973. WC_HASH_TYPE_SHA256, WC_MGF1SHA256, &key, &rng);
  12974. if (ret > 0 ){
  12975. sz = ret;
  12976. ret = 0;
  12977. }
  12978. }
  12979. /* Bad Cases */
  12980. if (ret == 0) {
  12981. ret = wc_RsaPSS_VerifyCheckInline(NULL, sz, &pt,
  12982. digest, digestSz, WC_HASH_TYPE_SHA256, WC_MGF1SHA256, &key);
  12983. if (ret == BAD_FUNC_ARG) {
  12984. ret = 0;
  12985. }
  12986. }
  12987. if (ret == 0) {
  12988. ret = wc_RsaPSS_VerifyCheckInline(pSignature, 0, NULL,
  12989. digest, digestSz, WC_HASH_TYPE_SHA256, WC_MGF1SHA256, &key);
  12990. if (ret == BAD_FUNC_ARG) {
  12991. ret = 0;
  12992. }
  12993. }
  12994. if (ret == 0) {
  12995. ret = wc_RsaPSS_VerifyCheckInline(NULL, 0, &pt,
  12996. digest, digestSz, WC_HASH_TYPE_SHA256, WC_MGF1SHA256, &key);
  12997. if (ret == BAD_FUNC_ARG) {
  12998. ret = 0;
  12999. }
  13000. }
  13001. if (ret == 0) {
  13002. ret = wc_RsaPSS_VerifyCheckInline(pSignature, sz, &pt,
  13003. digest, digestSz, WC_HASH_TYPE_SHA, WC_MGF1SHA256, &key);
  13004. if (ret == BAD_FUNC_ARG) {
  13005. ret = 0;
  13006. }
  13007. }
  13008. /* Good case */
  13009. if (ret == 0) {
  13010. ret = wc_RsaPSS_VerifyCheckInline(pSignature, sz, &pt,
  13011. digest, digestSz, WC_HASH_TYPE_SHA256, WC_MGF1SHA256, &key);
  13012. if (ret > 0) {
  13013. ret = 0;
  13014. }
  13015. }
  13016. wc_FreeRsaKey(&key);
  13017. wc_FreeRng(&rng);
  13018. printf(resultFmt, ret == 0 ? passed : failed);
  13019. #endif
  13020. return ret;
  13021. } /* END test_wc_RsaPSS_VerifyCheckInline */
  13022. #if defined(OPENSSL_EXTRA) || defined(HAVE_WEBSERVER)
  13023. static void sample_mutex_cb (int flag, int type, const char* file, int line)
  13024. {
  13025. (void)flag;
  13026. (void)type;
  13027. (void)file;
  13028. (void)line;
  13029. }
  13030. #endif
  13031. /*
  13032. * Testing wc_LockMutex_ex
  13033. */
  13034. static int test_wc_LockMutex_ex (void)
  13035. {
  13036. int ret = 0;
  13037. #if defined(OPENSSL_EXTRA) || defined(HAVE_WEBSERVER)
  13038. int flag = CRYPTO_LOCK;
  13039. int type = 0;
  13040. const char* file = "./test-LockMutex_ex.txt";
  13041. int line = 0;
  13042. printf(testingFmt, "wc_LockMutex_ex()");
  13043. /*without SetMutexCb*/
  13044. ret = wc_LockMutex_ex(flag, type, file, line);
  13045. if (ret == BAD_STATE_E) {
  13046. ret = 0;
  13047. }
  13048. /*with SetMutexCb*/
  13049. if (ret == 0) {
  13050. ret = wc_SetMutexCb(sample_mutex_cb);
  13051. if (ret == 0) {
  13052. ret = wc_LockMutex_ex(flag, type, file, line);
  13053. }
  13054. }
  13055. printf(resultFmt, ret == 0 ? passed : failed);
  13056. #endif
  13057. return ret;
  13058. }/*End test_wc_LockMutex_ex*/
  13059. /*
  13060. * Testing wc_SetMutexCb
  13061. */
  13062. static int test_wc_SetMutexCb (void)
  13063. {
  13064. int ret = 0;
  13065. #if defined(OPENSSL_EXTRA) || defined(HAVE_WEBSERVER)
  13066. printf(testingFmt, "wc_SetMutexCb()");
  13067. ret = wc_SetMutexCb(sample_mutex_cb);
  13068. printf(resultFmt, ret == 0 ? passed : failed);
  13069. #endif
  13070. return ret;
  13071. }/*End test_wc_SetMutexCb*/
  13072. /*
  13073. * Testing wc_RsaKeyToDer()
  13074. */
  13075. static int test_wc_RsaKeyToDer (void)
  13076. {
  13077. int ret = 0;
  13078. #if !defined(NO_RSA) && defined(WOLFSSL_KEY_GEN)
  13079. RsaKey genKey;
  13080. WC_RNG rng;
  13081. byte* der;
  13082. #if !defined(WOLFSSL_SP_MATH) || defined(WOLFSSL_SP_MATH_ALL)
  13083. int bits = 1024;
  13084. word32 derSz = 611;
  13085. /* (2 x 128) + 2 (possible leading 00) + (5 x 64) + 5 (possible leading 00)
  13086. + 3 (e) + 8 (ASN tag) + 10 (ASN length) + 4 seqSz + 3 version */
  13087. #else
  13088. int bits = 2048;
  13089. word32 derSz = 1196;
  13090. /* (2 x 256) + 2 (possible leading 00) + (5 x 128) + 5 (possible leading 00)
  13091. + 3 (e) + 8 (ASN tag) + 17 (ASN length) + 4 seqSz + 3 version */
  13092. #endif
  13093. XMEMSET(&rng, 0, sizeof(rng));
  13094. XMEMSET(&genKey, 0, sizeof(genKey));
  13095. der = (byte*)XMALLOC(derSz, NULL, DYNAMIC_TYPE_TMP_BUFFER);
  13096. if (der == NULL) {
  13097. ret = WOLFSSL_FATAL_ERROR;
  13098. }
  13099. /* Init structures. */
  13100. if (ret == 0) {
  13101. ret = wc_InitRsaKey(&genKey, NULL);
  13102. }
  13103. if (ret == 0) {
  13104. ret = wc_InitRng(&rng);
  13105. }
  13106. /* Make key. */
  13107. if (ret == 0) {
  13108. ret = MAKE_RSA_KEY(&genKey, bits, WC_RSA_EXPONENT, &rng);
  13109. if (ret != 0) {
  13110. ret = WOLFSSL_FATAL_ERROR;
  13111. }
  13112. }
  13113. printf(testingFmt, "wc_RsaKeyToDer()");
  13114. if (ret == 0) {
  13115. ret = wc_RsaKeyToDer(&genKey, der, derSz);
  13116. if (ret > 0) {
  13117. ret = 0;
  13118. } else {
  13119. ret = WOLFSSL_FATAL_ERROR;
  13120. }
  13121. }
  13122. #ifndef HAVE_USER_RSA
  13123. /* Pass good/bad args. */
  13124. if (ret == 0) {
  13125. ret = wc_RsaKeyToDer(NULL, der, FOURK_BUF);
  13126. if (ret == BAD_FUNC_ARG) {
  13127. /* Get just the output length */
  13128. ret = wc_RsaKeyToDer(&genKey, NULL, 0);
  13129. }
  13130. if (ret > 0) {
  13131. /* Try Public Key. */
  13132. genKey.type = 0;
  13133. ret = wc_RsaKeyToDer(&genKey, der, FOURK_BUF);
  13134. }
  13135. if (ret == BAD_FUNC_ARG) {
  13136. ret = 0;
  13137. } else {
  13138. ret = WOLFSSL_FATAL_ERROR;
  13139. }
  13140. }
  13141. #else
  13142. /* Pass good/bad args. */
  13143. if (ret == 0) {
  13144. ret = wc_RsaKeyToDer(NULL, der, FOURK_BUF);
  13145. if (ret == USER_CRYPTO_ERROR) {
  13146. /* Get just the output length */
  13147. ret = wc_RsaKeyToDer(&genKey, NULL, 0);
  13148. }
  13149. if (ret > 0) {
  13150. /* Try Public Key. */
  13151. genKey.type = 0;
  13152. ret = wc_RsaKeyToDer(&genKey, der, FOURK_BUF);
  13153. }
  13154. if (ret == USER_CRYPTO_ERROR) {
  13155. ret = 0;
  13156. } else {
  13157. ret = WOLFSSL_FATAL_ERROR;
  13158. }
  13159. }
  13160. #endif
  13161. if (der != NULL) {
  13162. XFREE(der, NULL, DYNAMIC_TYPE_TMP_BUFFER);
  13163. }
  13164. if (wc_FreeRsaKey(&genKey) || ret != 0) {
  13165. ret = WOLFSSL_FATAL_ERROR;
  13166. }
  13167. if (wc_FreeRng(&rng) || ret != 0) {
  13168. ret = WOLFSSL_FATAL_ERROR;
  13169. }
  13170. printf(resultFmt, ret == 0 ? passed : failed);
  13171. #endif
  13172. return ret;
  13173. } /* END test_wc_RsaKeyToDer */
  13174. /*
  13175. * Testing wc_RsaKeyToPublicDer()
  13176. */
  13177. static int test_wc_RsaKeyToPublicDer (void)
  13178. {
  13179. int ret = 0;
  13180. #if !defined(NO_RSA) && !defined(HAVE_FAST_RSA) && defined(WOLFSSL_KEY_GEN) &&\
  13181. (defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL))
  13182. RsaKey key;
  13183. WC_RNG rng;
  13184. byte* der;
  13185. #if !defined(WOLFSSL_SP_MATH) || defined(WOLFSSL_SP_MATH_ALL)
  13186. int bits = 1024;
  13187. word32 derLen = 162;
  13188. #else
  13189. int bits = 2048;
  13190. word32 derLen = 290;
  13191. #endif
  13192. XMEMSET(&rng, 0, sizeof(rng));
  13193. XMEMSET(&key, 0, sizeof(key));
  13194. der = (byte*)XMALLOC(derLen, NULL, DYNAMIC_TYPE_TMP_BUFFER);
  13195. if (der == NULL) {
  13196. ret = WOLFSSL_FATAL_ERROR;
  13197. }
  13198. if (ret == 0) {
  13199. ret = wc_InitRsaKey(&key, NULL);
  13200. }
  13201. if (ret == 0) {
  13202. ret = wc_InitRng(&rng);
  13203. }
  13204. if (ret == 0) {
  13205. ret = MAKE_RSA_KEY(&key, bits, WC_RSA_EXPONENT, &rng);
  13206. }
  13207. printf(testingFmt, "wc_RsaKeyToPublicDer()");
  13208. if (ret == 0) {
  13209. ret = wc_RsaKeyToPublicDer(&key, der, derLen);
  13210. if (ret >= 0) {
  13211. ret = 0;
  13212. } else {
  13213. ret = WOLFSSL_FATAL_ERROR;
  13214. }
  13215. }
  13216. #ifndef HAVE_USER_RSA
  13217. /* Pass in bad args. */
  13218. if (ret == 0) {
  13219. ret = wc_RsaKeyToPublicDer(NULL, der, derLen);
  13220. if (ret == BAD_FUNC_ARG) {
  13221. ret = wc_RsaKeyToPublicDer(&key, NULL, derLen);
  13222. }
  13223. if (ret == BAD_FUNC_ARG) {
  13224. ret = wc_RsaKeyToPublicDer(&key, der, -1);
  13225. }
  13226. if (ret == BAD_FUNC_ARG) {
  13227. ret = 0;
  13228. } else {
  13229. ret = WOLFSSL_FATAL_ERROR;
  13230. }
  13231. }
  13232. #else
  13233. /* Pass in bad args. */
  13234. if (ret == 0) {
  13235. ret = wc_RsaKeyToPublicDer(NULL, der, derLen);
  13236. if (ret == USER_CRYPTO_ERROR) {
  13237. ret = wc_RsaKeyToPublicDer(&key, NULL, derLen);
  13238. }
  13239. if (ret == USER_CRYPTO_ERROR) {
  13240. ret = wc_RsaKeyToPublicDer(&key, der, -1);
  13241. }
  13242. if (ret == USER_CRYPTO_ERROR) {
  13243. ret = 0;
  13244. } else {
  13245. ret = WOLFSSL_FATAL_ERROR;
  13246. }
  13247. }
  13248. #endif
  13249. if (der != NULL) {
  13250. XFREE(der, NULL, DYNAMIC_TYPE_TMP_BUFFER);
  13251. }
  13252. if (wc_FreeRsaKey(&key) || ret != 0) {
  13253. ret = WOLFSSL_FATAL_ERROR;
  13254. }
  13255. if (wc_FreeRng(&rng) || ret != 0) {
  13256. ret = WOLFSSL_FATAL_ERROR;
  13257. }
  13258. printf(resultFmt, ret == 0 ? passed : failed);
  13259. #endif
  13260. return ret;
  13261. } /* END test_wc_RsaKeyToPublicDer */
  13262. /*
  13263. * Testing wc_RsaPublicEncrypt() and wc_RsaPrivateDecrypt()
  13264. */
  13265. static int test_wc_RsaPublicEncryptDecrypt (void)
  13266. {
  13267. int ret = 0;
  13268. #if !defined(NO_RSA) && defined(WOLFSSL_KEY_GEN)
  13269. RsaKey key;
  13270. WC_RNG rng;
  13271. const char inStr[] = TEST_STRING;
  13272. const word32 plainLen = (word32)TEST_STRING_SZ;
  13273. const word32 inLen = (word32)TEST_STRING_SZ;
  13274. int bits = TEST_RSA_BITS;
  13275. const word32 cipherLen = TEST_RSA_BYTES;
  13276. word32 cipherLenResult = cipherLen;
  13277. DECLARE_VAR(in, byte, TEST_STRING_SZ, NULL);
  13278. DECLARE_VAR(plain, byte, TEST_STRING_SZ, NULL);
  13279. DECLARE_VAR(cipher, byte, TEST_RSA_BYTES, NULL);
  13280. #ifdef DECLARE_VAR_IS_HEAP_ALLOC
  13281. if (in == NULL || plain == NULL || cipher == NULL) {
  13282. printf("test_wc_RsaPublicEncryptDecrypt malloc failed\n");
  13283. return MEMORY_E;
  13284. }
  13285. #endif
  13286. XMEMCPY(in, inStr, inLen);
  13287. ret = wc_InitRsaKey(&key, NULL);
  13288. if (ret == 0) {
  13289. ret = wc_InitRng(&rng);
  13290. }
  13291. if (ret == 0) {
  13292. ret = MAKE_RSA_KEY(&key, bits, WC_RSA_EXPONENT, &rng);
  13293. }
  13294. /* Encrypt. */
  13295. printf(testingFmt, "wc_RsaPublicEncrypt()");
  13296. if (ret == 0) {
  13297. ret = wc_RsaPublicEncrypt(in, inLen, cipher, cipherLen, &key, &rng);
  13298. if (ret >= 0) {
  13299. cipherLenResult = ret;
  13300. ret = 0;
  13301. } else {
  13302. ret = WOLFSSL_FATAL_ERROR;
  13303. }
  13304. }
  13305. /* Pass bad args. */
  13306. /* Tests PsaPublicEncryptEx() which, is tested by another fn. No need dup.*/
  13307. printf(resultFmt, ret == 0 ? passed : failed);
  13308. if (ret != 0) {
  13309. return ret;
  13310. }
  13311. /* Decrypt */
  13312. printf(testingFmt, "wc_RsaPrivateDecrypt()");
  13313. #if defined(WC_RSA_BLINDING) && !defined(HAVE_FIPS)
  13314. /* Bind rng */
  13315. if (ret == 0) {
  13316. ret = wc_RsaSetRNG(&key, &rng);
  13317. }
  13318. #endif
  13319. if (ret == 0) {
  13320. ret = wc_RsaPrivateDecrypt(cipher, cipherLenResult, plain, plainLen, &key);
  13321. }
  13322. if (ret >= 0) {
  13323. ret = XMEMCMP(plain, inStr, plainLen);
  13324. }
  13325. /* Pass in bad args. */
  13326. /* Tests RsaPrivateDecryptEx() which, is tested by another fn. No need dup.*/
  13327. FREE_VAR(in, NULL);
  13328. FREE_VAR(plain, NULL);
  13329. FREE_VAR(cipher, NULL);
  13330. if (wc_FreeRsaKey(&key) || ret != 0) {
  13331. ret = WOLFSSL_FATAL_ERROR;
  13332. }
  13333. if (wc_FreeRng(&rng) || ret != 0) {
  13334. ret = WOLFSSL_FATAL_ERROR;
  13335. }
  13336. printf(resultFmt, ret == 0 ? passed : failed);
  13337. #endif
  13338. return ret;
  13339. } /* END test_wc_RsaPublicEncryptDecrypt */
  13340. /*
  13341. * Testing wc_RsaPrivateDecrypt_ex() and wc_RsaPrivateDecryptInline_ex()
  13342. */
  13343. static int test_wc_RsaPublicEncryptDecrypt_ex (void)
  13344. {
  13345. int ret = 0;
  13346. #if !defined(NO_RSA) && defined(WOLFSSL_KEY_GEN) && !defined(HAVE_FIPS)\
  13347. && !defined(WC_NO_RSA_OAEP) && !defined(HAVE_USER_RSA)\
  13348. && !defined(NO_SHA)
  13349. RsaKey key;
  13350. WC_RNG rng;
  13351. const char inStr[] = TEST_STRING;
  13352. const word32 inLen = (word32)TEST_STRING_SZ;
  13353. const word32 plainSz = (word32)TEST_STRING_SZ;
  13354. byte* res = NULL;
  13355. int idx = 0;
  13356. int bits = TEST_RSA_BITS;
  13357. const word32 cipherSz = TEST_RSA_BYTES;
  13358. DECLARE_VAR(in, byte, TEST_STRING_SZ, NULL);
  13359. DECLARE_VAR(plain, byte, TEST_STRING_SZ, NULL);
  13360. DECLARE_VAR(cipher, byte, TEST_RSA_BYTES, NULL);
  13361. #ifdef DECLARE_VAR_IS_HEAP_ALLOC
  13362. if (in == NULL || plain == NULL || cipher == NULL) {
  13363. printf("test_wc_RsaPublicEncryptDecrypt_exmalloc failed\n");
  13364. return MEMORY_E;
  13365. }
  13366. #endif
  13367. XMEMCPY(in, inStr, inLen);
  13368. /* Initialize stack structures. */
  13369. XMEMSET(&rng, 0, sizeof(rng));
  13370. XMEMSET(&key, 0, sizeof(key));
  13371. ret = wc_InitRsaKey_ex(&key, NULL, INVALID_DEVID);
  13372. if (ret == 0) {
  13373. ret = wc_InitRng(&rng);
  13374. }
  13375. if (ret == 0) {
  13376. ret = MAKE_RSA_KEY(&key, bits, WC_RSA_EXPONENT, &rng);
  13377. }
  13378. /* Encrypt */
  13379. printf(testingFmt, "wc_RsaPublicEncrypt_ex()");
  13380. if (ret == 0) {
  13381. ret = wc_RsaPublicEncrypt_ex(in, inLen, cipher, cipherSz, &key, &rng,
  13382. WC_RSA_OAEP_PAD, WC_HASH_TYPE_SHA, WC_MGF1SHA1, NULL, 0);
  13383. if (ret >= 0) {
  13384. idx = ret;
  13385. ret = 0;
  13386. } else {
  13387. ret = WOLFSSL_FATAL_ERROR;
  13388. }
  13389. }
  13390. /*Pass bad args.*/
  13391. /* Tests RsaPublicEncryptEx again. No need duplicate. */
  13392. printf(resultFmt, ret == 0 ? passed : failed);
  13393. if (ret != 0) {
  13394. return ret;
  13395. }
  13396. #ifndef WOLFSSL_RSA_PUBLIC_ONLY
  13397. /* Decrypt */
  13398. printf(testingFmt, "wc_RsaPrivateDecrypt_ex()");
  13399. #if defined(WC_RSA_BLINDING) && !defined(HAVE_FIPS)
  13400. if (ret == 0) {
  13401. ret = wc_RsaSetRNG(&key, &rng);
  13402. }
  13403. #endif
  13404. if (ret == 0) {
  13405. ret = wc_RsaPrivateDecrypt_ex(cipher, (word32)idx,
  13406. plain, plainSz, &key, WC_RSA_OAEP_PAD, WC_HASH_TYPE_SHA,
  13407. WC_MGF1SHA1, NULL, 0);
  13408. }
  13409. if (ret >= 0) {
  13410. if (!XMEMCMP(plain, inStr, plainSz)) {
  13411. ret = 0;
  13412. } else {
  13413. ret = WOLFSSL_FATAL_ERROR;
  13414. }
  13415. }
  13416. /*Pass bad args.*/
  13417. /* Tests RsaPrivateDecryptEx() again. No need duplicate. */
  13418. printf(resultFmt, ret == 0 ? passed : failed);
  13419. if (ret != 0) {
  13420. return ret;
  13421. }
  13422. printf(testingFmt, "wc_RsaPrivateDecryptInline_ex()");
  13423. if (ret == 0) {
  13424. ret = wc_RsaPrivateDecryptInline_ex(cipher, (word32)idx,
  13425. &res, &key, WC_RSA_OAEP_PAD, WC_HASH_TYPE_SHA,
  13426. WC_MGF1SHA1, NULL, 0);
  13427. if (ret >= 0) {
  13428. if (!XMEMCMP(inStr, res, plainSz)) {
  13429. ret = 0;
  13430. } else {
  13431. ret = WOLFSSL_FATAL_ERROR;
  13432. }
  13433. }
  13434. }
  13435. #endif
  13436. FREE_VAR(in, NULL);
  13437. FREE_VAR(plain, NULL);
  13438. FREE_VAR(cipher, NULL);
  13439. if (wc_FreeRsaKey(&key) || ret != 0) {
  13440. ret = WOLFSSL_FATAL_ERROR;
  13441. }
  13442. if (wc_FreeRng(&rng) || ret != 0) {
  13443. ret = WOLFSSL_FATAL_ERROR;
  13444. }
  13445. printf(resultFmt, ret == 0 ? passed : failed);
  13446. #endif
  13447. return ret;
  13448. } /* END test_wc_RsaPublicEncryptDecrypt_ex */
  13449. /*
  13450. * Tesing wc_RsaSSL_Sign() and wc_RsaSSL_Verify()
  13451. */
  13452. static int test_wc_RsaSSL_SignVerify (void)
  13453. {
  13454. int ret = 0;
  13455. #if !defined(NO_RSA) && defined(WOLFSSL_KEY_GEN)
  13456. RsaKey key;
  13457. WC_RNG rng;
  13458. const char inStr[] = TEST_STRING;
  13459. const word32 plainSz = (word32)TEST_STRING_SZ;
  13460. const word32 inLen = (word32)TEST_STRING_SZ;
  13461. word32 idx = 0;
  13462. int bits = TEST_RSA_BITS;
  13463. const word32 outSz = TEST_RSA_BYTES;
  13464. DECLARE_VAR(in, byte, TEST_STRING_SZ, NULL);
  13465. DECLARE_VAR(out, byte, TEST_RSA_BYTES, NULL);
  13466. DECLARE_VAR(plain, byte, TEST_STRING_SZ, NULL);
  13467. #ifdef DECLARE_VAR_IS_HEAP_ALLOC
  13468. if (in == NULL || out == NULL || plain == NULL) {
  13469. printf("test_wc_RsaSSL_SignVerify failed\n");
  13470. return MEMORY_E;
  13471. }
  13472. #endif
  13473. XMEMCPY(in, inStr, inLen);
  13474. ret = wc_InitRsaKey(&key, NULL);
  13475. if (ret == 0) {
  13476. ret = wc_InitRng(&rng);
  13477. }
  13478. if (ret == 0) {
  13479. ret = MAKE_RSA_KEY(&key, bits, WC_RSA_EXPONENT, &rng);
  13480. }
  13481. /* Sign. */
  13482. printf(testingFmt, "wc_RsaSSL_Sign()");
  13483. if (ret == 0) {
  13484. ret = wc_RsaSSL_Sign(in, inLen, out, outSz, &key, &rng);
  13485. if (ret == (int)outSz) {
  13486. idx = ret;
  13487. ret = 0;
  13488. } else {
  13489. ret = WOLFSSL_FATAL_ERROR;
  13490. }
  13491. }
  13492. #ifndef HAVE_USER_RSA
  13493. /* Test bad args. */
  13494. if (ret == 0) {
  13495. ret = wc_RsaSSL_Sign(NULL, inLen, out, outSz, &key, &rng);
  13496. if (ret == BAD_FUNC_ARG) {
  13497. ret = wc_RsaSSL_Sign(in, 0, out, outSz, &key, &rng);
  13498. }
  13499. if (ret == BAD_FUNC_ARG) {
  13500. ret = wc_RsaSSL_Sign(in, inLen, NULL, outSz, &key, &rng);
  13501. }
  13502. if (ret == BAD_FUNC_ARG) {
  13503. ret = wc_RsaSSL_Sign(in, inLen, out, outSz, NULL, &rng);
  13504. }
  13505. if (ret == BAD_FUNC_ARG) {
  13506. ret = 0;
  13507. } else {
  13508. ret = WOLFSSL_FATAL_ERROR;
  13509. }
  13510. }
  13511. #else
  13512. /* Test bad args. */
  13513. if (ret == 0) {
  13514. ret = wc_RsaSSL_Sign(NULL, inLen, out, outSz, &key, &rng);
  13515. if (ret == USER_CRYPTO_ERROR) {
  13516. ret = wc_RsaSSL_Sign(in, 0, out, outSz, &key, &rng);
  13517. }
  13518. if (ret == USER_CRYPTO_ERROR) {
  13519. ret = wc_RsaSSL_Sign(in, inLen, NULL, outSz, &key, &rng);
  13520. }
  13521. if (ret == USER_CRYPTO_ERROR) {
  13522. ret = wc_RsaSSL_Sign(in, inLen, out, outSz, NULL, &rng);
  13523. }
  13524. if (ret == USER_CRYPTO_ERROR) {
  13525. ret = 0;
  13526. } else {
  13527. ret = WOLFSSL_FATAL_ERROR;
  13528. }
  13529. }
  13530. #endif
  13531. printf(resultFmt, ret == 0 ? passed : failed);
  13532. if (ret != 0) {
  13533. return ret;
  13534. }
  13535. /* Verify. */
  13536. printf(testingFmt, "wc_RsaSSL_Verify()");
  13537. if (ret == 0) {
  13538. ret = wc_RsaSSL_Verify(out, idx, plain, plainSz, &key);
  13539. if (ret == (int)inLen) {
  13540. ret = 0;
  13541. } else {
  13542. ret = WOLFSSL_FATAL_ERROR;
  13543. }
  13544. }
  13545. #ifndef HAVE_USER_RSA
  13546. /* Pass bad args. */
  13547. if (ret == 0) {
  13548. ret = wc_RsaSSL_Verify(NULL, idx, plain, plainSz, &key);
  13549. if (ret == BAD_FUNC_ARG) {
  13550. ret = wc_RsaSSL_Verify(out, 0, plain, plainSz, &key);
  13551. }
  13552. if (ret == BAD_FUNC_ARG) {
  13553. ret = wc_RsaSSL_Verify(out, idx, NULL, plainSz, &key);
  13554. }
  13555. if (ret == BAD_FUNC_ARG) {
  13556. ret = wc_RsaSSL_Verify(out, idx, plain, plainSz, NULL);
  13557. }
  13558. if (ret == BAD_FUNC_ARG) {
  13559. ret = 0;
  13560. } else {
  13561. ret = WOLFSSL_FATAL_ERROR;
  13562. }
  13563. }
  13564. #else
  13565. /* Pass bad args. */
  13566. if (ret == 0) {
  13567. ret = wc_RsaSSL_Verify(NULL, idx, plain, plainSz, &key);
  13568. if (ret == USER_CRYPTO_ERROR) {
  13569. ret = wc_RsaSSL_Verify(out, 0, plain, plainSz, &key);
  13570. }
  13571. if (ret == USER_CRYPTO_ERROR) {
  13572. ret = wc_RsaSSL_Verify(out, idx, NULL, plainSz, &key);
  13573. }
  13574. if (ret == USER_CRYPTO_ERROR) {
  13575. ret = wc_RsaSSL_Verify(out, idx, plain, plainSz, NULL);
  13576. }
  13577. if (ret == USER_CRYPTO_ERROR) {
  13578. ret = 0;
  13579. } else {
  13580. ret = WOLFSSL_FATAL_ERROR;
  13581. }
  13582. }
  13583. #endif
  13584. FREE_VAR(in, NULL);
  13585. FREE_VAR(out, NULL);
  13586. FREE_VAR(plain, NULL);
  13587. if (wc_FreeRsaKey(&key) || ret != 0) {
  13588. ret = WOLFSSL_FATAL_ERROR;
  13589. }
  13590. if (wc_FreeRng(&rng) || ret != 0) {
  13591. ret = WOLFSSL_FATAL_ERROR;
  13592. }
  13593. printf(resultFmt, ret == 0 ? passed : failed);
  13594. #endif
  13595. return ret;
  13596. } /* END test_wc_RsaSSL_SignVerify */
  13597. /*
  13598. * Testing wc_RsaEncryptSize()
  13599. */
  13600. static int test_wc_RsaEncryptSize (void)
  13601. {
  13602. int ret = 0;
  13603. #if !defined(NO_RSA) && defined(WOLFSSL_KEY_GEN)
  13604. RsaKey key;
  13605. WC_RNG rng;
  13606. ret = wc_InitRsaKey(&key, NULL);
  13607. if (ret == 0) {
  13608. ret = wc_InitRng(&rng);
  13609. }
  13610. printf(testingFmt, "wc_RsaEncryptSize()");
  13611. #if !defined(WOLFSSL_SP_MATH) || defined(WOLFSSL_SP_MATH_ALL)
  13612. if (ret == 0) {
  13613. ret = MAKE_RSA_KEY(&key, 1024, WC_RSA_EXPONENT, &rng);
  13614. if (ret == 0) {
  13615. ret = wc_RsaEncryptSize(&key);
  13616. }
  13617. if (ret == 128) {
  13618. ret = 0;
  13619. } else {
  13620. ret = WOLFSSL_FATAL_ERROR;
  13621. }
  13622. }
  13623. if (wc_FreeRsaKey(&key) || ret != 0) {
  13624. ret = WOLFSSL_FATAL_ERROR;
  13625. } else {
  13626. ret = 0;
  13627. }
  13628. #endif
  13629. if (ret == 0) {
  13630. ret = MAKE_RSA_KEY(&key, 2048, WC_RSA_EXPONENT, &rng);
  13631. if (ret == 0) {
  13632. ret = wc_RsaEncryptSize(&key);
  13633. }
  13634. if (ret == 256) {
  13635. ret = 0;
  13636. } else {
  13637. ret = WOLFSSL_FATAL_ERROR;
  13638. }
  13639. }
  13640. /* Pass in bad arg. */
  13641. if (ret == 0) {
  13642. ret = wc_RsaEncryptSize(NULL);
  13643. #ifndef HAVE_USER_RSA
  13644. if (ret == BAD_FUNC_ARG) {
  13645. ret = 0;
  13646. } else {
  13647. ret = WOLFSSL_FATAL_ERROR;
  13648. }
  13649. #endif
  13650. }
  13651. if (wc_FreeRsaKey(&key) || ret != 0) {
  13652. ret = WOLFSSL_FATAL_ERROR;
  13653. }
  13654. if (wc_FreeRng(&rng) || ret != 0) {
  13655. ret = WOLFSSL_FATAL_ERROR;
  13656. }
  13657. printf(resultFmt, ret == 0 ? passed : failed);
  13658. #endif
  13659. return ret;
  13660. } /* END test_wc_RsaEncryptSize*/
  13661. /*
  13662. * Testing wc_RsaFlattenPublicKey()
  13663. */
  13664. static int test_wc_RsaFlattenPublicKey (void)
  13665. {
  13666. int ret = 0;
  13667. #if !defined(NO_RSA) && defined(WOLFSSL_KEY_GEN)
  13668. RsaKey key;
  13669. WC_RNG rng;
  13670. byte e[256];
  13671. byte n[256];
  13672. word32 eSz = sizeof(e);
  13673. word32 nSz = sizeof(n);
  13674. #if !defined(WOLFSSL_SP_MATH) || defined(WOLFSSL_SP_MATH_ALL)
  13675. int bits = 1024;
  13676. #else
  13677. int bits = 2048;
  13678. #endif
  13679. ret = wc_InitRsaKey(&key, NULL);
  13680. if (ret == 0) {
  13681. ret = wc_InitRng(&rng);
  13682. }
  13683. if (ret == 0) {
  13684. ret = MAKE_RSA_KEY(&key, bits, WC_RSA_EXPONENT, &rng);
  13685. if (ret >= 0) {
  13686. ret = 0;
  13687. } else {
  13688. ret = WOLFSSL_FATAL_ERROR;
  13689. }
  13690. }
  13691. printf(testingFmt, "wc_RsaFlattenPublicKey()");
  13692. if (ret == 0) {
  13693. ret = wc_RsaFlattenPublicKey(&key, e, &eSz, n, &nSz);
  13694. }
  13695. #ifndef HAVE_USER_RSA
  13696. /* Pass bad args. */
  13697. if (ret == 0) {
  13698. ret = wc_RsaFlattenPublicKey(NULL, e, &eSz, n, &nSz);
  13699. if (ret == BAD_FUNC_ARG) {
  13700. ret = wc_RsaFlattenPublicKey(&key, NULL, &eSz, n, &nSz);
  13701. }
  13702. if (ret == BAD_FUNC_ARG) {
  13703. ret = wc_RsaFlattenPublicKey(&key, e, NULL, n, &nSz);
  13704. }
  13705. if (ret == BAD_FUNC_ARG) {
  13706. ret = wc_RsaFlattenPublicKey(&key, e, &eSz, NULL, &nSz);
  13707. }
  13708. if (ret == BAD_FUNC_ARG) {
  13709. ret = wc_RsaFlattenPublicKey(&key, e, &eSz, n, NULL);
  13710. }
  13711. if (ret == BAD_FUNC_ARG) {
  13712. ret = 0;
  13713. } else {
  13714. ret = WOLFSSL_FATAL_ERROR;
  13715. }
  13716. }
  13717. #else
  13718. /* Pass bad args. */
  13719. if (ret == 0) {
  13720. ret = wc_RsaFlattenPublicKey(NULL, e, &eSz, n, &nSz);
  13721. if (ret == USER_CRYPTO_ERROR) {
  13722. ret = wc_RsaFlattenPublicKey(&key, NULL, &eSz, n, &nSz);
  13723. }
  13724. if (ret == USER_CRYPTO_ERROR) {
  13725. ret = wc_RsaFlattenPublicKey(&key, e, NULL, n, &nSz);
  13726. }
  13727. if (ret == USER_CRYPTO_ERROR) {
  13728. ret = wc_RsaFlattenPublicKey(&key, e, &eSz, NULL, &nSz);
  13729. }
  13730. if (ret == USER_CRYPTO_ERROR) {
  13731. ret = wc_RsaFlattenPublicKey(&key, e, &eSz, n, NULL);
  13732. }
  13733. if (ret == USER_CRYPTO_ERROR) {
  13734. ret = 0;
  13735. } else {
  13736. ret = WOLFSSL_FATAL_ERROR;
  13737. }
  13738. }
  13739. #endif
  13740. if (wc_FreeRsaKey(&key) || ret != 0) {
  13741. ret = WOLFSSL_FATAL_ERROR;
  13742. }
  13743. if (wc_FreeRng(&rng) || ret != 0) {
  13744. ret = WOLFSSL_FATAL_ERROR;
  13745. }
  13746. printf(resultFmt, ret == 0 ? passed : failed);
  13747. #endif
  13748. return ret;
  13749. } /* END test_wc_RsaFlattenPublicKey */
  13750. /*
  13751. * unit test for wc_AesCcmSetKey
  13752. */
  13753. static int test_wc_AesCcmSetKey (void)
  13754. {
  13755. int ret = 0;
  13756. #ifdef HAVE_AESCCM
  13757. Aes aes;
  13758. const byte key16[] =
  13759. {
  13760. 0xc0, 0xc1, 0xc2, 0xc3, 0xc4, 0xc5, 0xc6, 0xc7,
  13761. 0xc8, 0xc9, 0xca, 0xcb, 0xcc, 0xcd, 0xce, 0xcf
  13762. };
  13763. const byte key24[] =
  13764. {
  13765. 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37,
  13766. 0x38, 0x39, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66,
  13767. 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37
  13768. };
  13769. const byte key32[] =
  13770. {
  13771. 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37,
  13772. 0x38, 0x39, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66,
  13773. 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37,
  13774. 0x38, 0x39, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66
  13775. };
  13776. printf(testingFmt, "wc_AesCcmSetKey()");
  13777. ret = wc_AesInit(&aes, NULL, INVALID_DEVID);
  13778. if (ret != 0)
  13779. return ret;
  13780. #ifdef WOLFSSL_AES_128
  13781. ret = wc_AesCcmSetKey(&aes, key16, sizeof(key16));
  13782. #endif
  13783. #ifdef WOLFSSL_AES_192
  13784. if (ret == 0) {
  13785. ret = wc_AesCcmSetKey(&aes, key24, sizeof(key24));
  13786. }
  13787. #endif
  13788. #ifdef WOLFSSL_AES_256
  13789. if (ret == 0) {
  13790. ret = wc_AesCcmSetKey(&aes, key32, sizeof(key32));
  13791. }
  13792. #endif
  13793. /* Test bad args. */
  13794. if (ret == 0) {
  13795. ret = wc_AesCcmSetKey(&aes, key16, sizeof(key16) - 1);
  13796. if (ret == BAD_FUNC_ARG) {
  13797. ret = wc_AesCcmSetKey(&aes, key24, sizeof(key24) - 1);
  13798. }
  13799. if (ret == BAD_FUNC_ARG) {
  13800. ret = wc_AesCcmSetKey(&aes, key32, sizeof(key32) - 1);
  13801. }
  13802. if (ret != BAD_FUNC_ARG) {
  13803. ret = WOLFSSL_FATAL_ERROR;
  13804. } else {
  13805. ret = 0;
  13806. }
  13807. }
  13808. wc_AesFree(&aes);
  13809. printf(resultFmt, ret == 0 ? passed : failed);
  13810. #endif
  13811. return ret;
  13812. } /* END test_wc_AesCcmSetKey */
  13813. /*
  13814. * Unit test function for wc_AesCcmEncrypt and wc_AesCcmDecrypt
  13815. */
  13816. static int test_wc_AesCcmEncryptDecrypt (void)
  13817. {
  13818. int ret = 0;
  13819. #if defined(HAVE_AESCCM) && defined(WOLFSSL_AES_128)
  13820. Aes aes;
  13821. const byte key16[] =
  13822. {
  13823. 0xc0, 0xc1, 0xc2, 0xc3, 0xc4, 0xc5, 0xc6, 0xc7,
  13824. 0xc8, 0xc9, 0xca, 0xcb, 0xcc, 0xcd, 0xce, 0xcf
  13825. };
  13826. /* plaintext */
  13827. const byte plainT[] =
  13828. {
  13829. 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f,
  13830. 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17,
  13831. 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e
  13832. };
  13833. /* nonce */
  13834. const byte iv[] =
  13835. {
  13836. 0x00, 0x00, 0x00, 0x03, 0x02, 0x01, 0x00, 0xa0,
  13837. 0xa1, 0xa2, 0xa3, 0xa4, 0xa5
  13838. };
  13839. const byte c[] = /* cipher text. */
  13840. {
  13841. 0x58, 0x8c, 0x97, 0x9a, 0x61, 0xc6, 0x63, 0xd2,
  13842. 0xf0, 0x66, 0xd0, 0xc2, 0xc0, 0xf9, 0x89, 0x80,
  13843. 0x6d, 0x5f, 0x6b, 0x61, 0xda, 0xc3, 0x84
  13844. };
  13845. const byte t[] = /* Auth tag */
  13846. {
  13847. 0x17, 0xe8, 0xd1, 0x2c, 0xfd, 0xf9, 0x26, 0xe0
  13848. };
  13849. const byte authIn[] =
  13850. {
  13851. 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07
  13852. };
  13853. byte cipherOut[sizeof(plainT)];
  13854. byte authTag[sizeof(t)];
  13855. int ccmE = WOLFSSL_FATAL_ERROR;
  13856. #ifdef HAVE_AES_DECRYPT
  13857. int ccmD = WOLFSSL_FATAL_ERROR;
  13858. byte plainOut[sizeof(cipherOut)];
  13859. #endif
  13860. ret = wc_AesInit(&aes, NULL, INVALID_DEVID);
  13861. if (ret != 0)
  13862. return ret;
  13863. ret = wc_AesCcmSetKey(&aes, key16, sizeof(key16));
  13864. if (ret == 0) {
  13865. ccmE = wc_AesCcmEncrypt(&aes, cipherOut, plainT, sizeof(cipherOut),
  13866. iv, sizeof(iv), authTag, sizeof(authTag),
  13867. authIn , sizeof(authIn));
  13868. if ((XMEMCMP(cipherOut, c, sizeof(c)) && ccmE == 0) ||
  13869. XMEMCMP(t, authTag, sizeof(t))) {
  13870. ccmE = WOLFSSL_FATAL_ERROR;
  13871. ret = WOLFSSL_FATAL_ERROR;
  13872. }
  13873. #ifdef HAVE_AES_DECRYPT
  13874. if (ret == 0) {
  13875. ccmD = wc_AesCcmDecrypt(&aes, plainOut, cipherOut,
  13876. sizeof(plainOut), iv, sizeof(iv),
  13877. authTag, sizeof(authTag),
  13878. authIn, sizeof(authIn));
  13879. if (XMEMCMP(plainOut, plainT, sizeof(plainT)) && ccmD == 0) {
  13880. ccmD = WOLFSSL_FATAL_ERROR;
  13881. }
  13882. }
  13883. #endif
  13884. }
  13885. printf(testingFmt, "wc_AesCcmEncrypt()");
  13886. /* Pass in bad args. Encrypt*/
  13887. if (ret == 0 && ccmE == 0) {
  13888. ccmE = wc_AesCcmEncrypt(NULL, cipherOut, plainT, sizeof(cipherOut),
  13889. iv, sizeof(iv), authTag, sizeof(authTag),
  13890. authIn , sizeof(authIn));
  13891. if (ccmE == BAD_FUNC_ARG) {
  13892. ccmE = wc_AesCcmEncrypt(&aes, NULL, plainT, sizeof(cipherOut),
  13893. iv, sizeof(iv), authTag, sizeof(authTag),
  13894. authIn , sizeof(authIn));
  13895. }
  13896. if (ccmE == BAD_FUNC_ARG) {
  13897. ccmE = wc_AesCcmEncrypt(&aes, cipherOut, NULL, sizeof(cipherOut),
  13898. iv, sizeof(iv), authTag, sizeof(authTag),
  13899. authIn , sizeof(authIn));
  13900. }
  13901. if (ccmE == BAD_FUNC_ARG) {
  13902. ccmE = wc_AesCcmEncrypt(&aes, cipherOut, plainT, sizeof(cipherOut),
  13903. NULL, sizeof(iv), authTag, sizeof(authTag),
  13904. authIn , sizeof(authIn));
  13905. }
  13906. if (ccmE == BAD_FUNC_ARG) {
  13907. ccmE = wc_AesCcmEncrypt(&aes, cipherOut, plainT, sizeof(cipherOut),
  13908. iv, sizeof(iv), NULL, sizeof(authTag),
  13909. authIn , sizeof(authIn));
  13910. }
  13911. if (ccmE == BAD_FUNC_ARG) {
  13912. ccmE = wc_AesCcmEncrypt(&aes, cipherOut, plainT, sizeof(cipherOut),
  13913. iv, sizeof(iv) + 1, authTag, sizeof(authTag),
  13914. authIn , sizeof(authIn));
  13915. }
  13916. if (ccmE == BAD_FUNC_ARG) {
  13917. ccmE = wc_AesCcmEncrypt(&aes, cipherOut, plainT, sizeof(cipherOut),
  13918. iv, sizeof(iv) - 7, authTag, sizeof(authTag),
  13919. authIn , sizeof(authIn));
  13920. }
  13921. if (ccmE != BAD_FUNC_ARG) {
  13922. ccmE = WOLFSSL_FATAL_ERROR;
  13923. } else {
  13924. ccmE = 0;
  13925. }
  13926. } /* End Encrypt */
  13927. printf(resultFmt, ccmE == 0 ? passed : failed);
  13928. if (ccmE != 0) {
  13929. wc_AesFree(&aes);
  13930. return ccmE;
  13931. }
  13932. #ifdef HAVE_AES_DECRYPT
  13933. printf(testingFmt, "wc_AesCcmDecrypt()");
  13934. /* Pass in bad args. Decrypt*/
  13935. if (ret == 0 && ccmD == 0) {
  13936. ccmD = wc_AesCcmDecrypt(NULL, plainOut, cipherOut, sizeof(plainOut),
  13937. iv, sizeof(iv), authTag, sizeof(authTag),
  13938. authIn, sizeof(authIn));
  13939. if (ccmD == BAD_FUNC_ARG) {
  13940. ccmD = wc_AesCcmDecrypt(&aes, NULL, cipherOut, sizeof(plainOut),
  13941. iv, sizeof(iv), authTag, sizeof(authTag),
  13942. authIn, sizeof(authIn));
  13943. }
  13944. if (ccmD == BAD_FUNC_ARG) {
  13945. ccmD = wc_AesCcmDecrypt(&aes, plainOut, NULL, sizeof(plainOut),
  13946. iv, sizeof(iv), authTag, sizeof(authTag),
  13947. authIn, sizeof(authIn));
  13948. }
  13949. if (ccmD == BAD_FUNC_ARG) {
  13950. ccmD = wc_AesCcmDecrypt(&aes, plainOut, cipherOut,
  13951. sizeof(plainOut), NULL, sizeof(iv),
  13952. authTag, sizeof(authTag),
  13953. authIn, sizeof(authIn));
  13954. }
  13955. if (ccmD == BAD_FUNC_ARG) {
  13956. ccmD = wc_AesCcmDecrypt(&aes, plainOut, cipherOut,
  13957. sizeof(plainOut), iv, sizeof(iv), NULL,
  13958. sizeof(authTag), authIn, sizeof(authIn));
  13959. }
  13960. if (ccmD == BAD_FUNC_ARG) {
  13961. ccmD = wc_AesCcmDecrypt(&aes, plainOut, cipherOut,
  13962. sizeof(plainOut), iv, sizeof(iv) + 1,
  13963. authTag, sizeof(authTag),
  13964. authIn, sizeof(authIn));
  13965. }
  13966. if (ccmD == BAD_FUNC_ARG) {
  13967. ccmD = wc_AesCcmDecrypt(&aes, plainOut, cipherOut,
  13968. sizeof(plainOut), iv, sizeof(iv) - 7,
  13969. authTag, sizeof(authTag),
  13970. authIn, sizeof(authIn));
  13971. }
  13972. if (ccmD != BAD_FUNC_ARG) {
  13973. ccmD = WOLFSSL_FATAL_ERROR;
  13974. } else {
  13975. ccmD = 0;
  13976. }
  13977. } /* END Decrypt */
  13978. printf(resultFmt, ccmD == 0 ? passed : failed);
  13979. if (ccmD != 0) {
  13980. return ccmD;
  13981. }
  13982. #endif
  13983. wc_AesFree(&aes);
  13984. #endif /* HAVE_AESCCM */
  13985. return ret;
  13986. } /* END test_wc_AesCcmEncryptDecrypt */
  13987. /*
  13988. * Test wc_Hc128_SetKey()
  13989. */
  13990. static int test_wc_Hc128_SetKey (void)
  13991. {
  13992. int ret = 0;
  13993. #ifdef HAVE_HC128
  13994. HC128 ctx;
  13995. const char* key = "\x80\x00\x00\x00\x00\x00\x00\x00"
  13996. "\x00\x00\x00\x00\x00\x00\x00\x00";
  13997. const char* iv = "\x0D\x74\xDB\x42\xA9\x10\x77\xDE"
  13998. "\x45\xAC\x13\x7A\xE1\x48\xAF\x16";
  13999. printf(testingFmt, "wc_Hc128_SetKey()");
  14000. ret = wc_Hc128_SetKey(&ctx, (byte*)key, (byte*)iv);
  14001. /* Test bad args. */
  14002. if (ret == 0) {
  14003. ret = wc_Hc128_SetKey(NULL, (byte*)key, (byte*)iv);
  14004. if (ret == BAD_FUNC_ARG) {
  14005. ret = wc_Hc128_SetKey(&ctx, NULL, (byte*)iv);
  14006. }
  14007. if (ret == BAD_FUNC_ARG) {
  14008. ret = wc_Hc128_SetKey(&ctx, (byte*)key, NULL);
  14009. }
  14010. }
  14011. printf(resultFmt, ret == 0 ? passed : failed);
  14012. #endif
  14013. return ret;
  14014. } /* END test_wc_Hc128_SetKey */
  14015. /*
  14016. * Testing wc_Hc128_Process()
  14017. */
  14018. static int test_wc_Hc128_Process (void)
  14019. {
  14020. int ret = 0;
  14021. #ifdef HAVE_HC128
  14022. HC128 enc;
  14023. HC128 dec;
  14024. const char* key = "\x0F\x62\xB5\x08\x5B\xAE\x01\x54"
  14025. "\xA7\xFA\x4D\xA0\xF3\x46\x99\xEC";
  14026. const char* input = "Encrypt Hc128, and then Decrypt.";
  14027. size_t inlen = XSTRLEN(input) + 1; /* Add null terminator */
  14028. byte cipher[inlen];
  14029. byte plain[inlen];
  14030. printf(testingFmt, "wc_Hc128_Process()");
  14031. ret = wc_Hc128_SetKey(&enc, (byte*)key, NULL);
  14032. if (ret == 0) {
  14033. ret = wc_Hc128_SetKey(&dec, (byte*)key, NULL);
  14034. }
  14035. if (ret == 0) {
  14036. ret = wc_Hc128_Process(&enc, cipher, (byte*)input, (word32)inlen);
  14037. if (ret == 0) {
  14038. ret = wc_Hc128_Process(&dec, plain, cipher, (word32)inlen);
  14039. }
  14040. }
  14041. /* Bad args. */
  14042. if (ret == 0) {
  14043. ret = wc_Hc128_Process(NULL, plain, cipher, (word32)inlen);
  14044. if (ret == BAD_FUNC_ARG) {
  14045. ret = wc_Hc128_Process(&dec, NULL, cipher, (word32)inlen);
  14046. }
  14047. if (ret == BAD_FUNC_ARG) {
  14048. ret = wc_Hc128_Process(&dec, plain, NULL, (word32)inlen);
  14049. }
  14050. if (ret == BAD_FUNC_ARG) {
  14051. ret = 0;
  14052. } else {
  14053. ret = WOLFSSL_FATAL_ERROR;
  14054. }
  14055. }
  14056. printf(resultFmt, ret == 0 ? passed : failed);
  14057. #endif
  14058. return ret;
  14059. } /* END test_wc_Hc128_Process */
  14060. /*
  14061. * Testing wc_InitDsaKey()
  14062. */
  14063. static int test_wc_InitDsaKey (void)
  14064. {
  14065. int ret = 0;
  14066. #ifndef NO_DSA
  14067. DsaKey key;
  14068. printf(testingFmt, "wc_InitDsaKey()");
  14069. ret = wc_InitDsaKey(&key);
  14070. /* Pass in bad args. */
  14071. if (ret == 0) {
  14072. ret = wc_InitDsaKey(NULL);
  14073. if (ret == BAD_FUNC_ARG) {
  14074. ret = 0;
  14075. } else {
  14076. ret = WOLFSSL_FATAL_ERROR;
  14077. }
  14078. }
  14079. printf(resultFmt, ret == 0 ? passed : failed);
  14080. wc_FreeDsaKey(&key);
  14081. #endif
  14082. return ret;
  14083. } /* END test_wc_InitDsaKey */
  14084. /*
  14085. * Testing wc_DsaSign() and wc_DsaVerify()
  14086. */
  14087. static int test_wc_DsaSignVerify (void)
  14088. {
  14089. int ret = 0;
  14090. #if !defined(NO_DSA)
  14091. DsaKey key;
  14092. WC_RNG rng;
  14093. wc_Sha sha;
  14094. byte signature[DSA_SIG_SIZE];
  14095. byte hash[WC_SHA_DIGEST_SIZE];
  14096. word32 idx = 0;
  14097. word32 bytes;
  14098. int answer;
  14099. #ifdef USE_CERT_BUFFERS_1024
  14100. byte tmp[ONEK_BUF];
  14101. XMEMSET(tmp, 0, sizeof(tmp));
  14102. XMEMCPY(tmp, dsa_key_der_1024, sizeof_dsa_key_der_1024);
  14103. bytes = sizeof_dsa_key_der_1024;
  14104. #elif defined(USE_CERT_BUFFERS_2048)
  14105. byte tmp[TWOK_BUF];
  14106. XMEMSET(tmp, 0, sizeof(tmp));
  14107. XMEMCPY(tmp, dsa_key_der_2048, sizeof_dsa_key_der_2048);
  14108. bytes = sizeof_dsa_key_der_2048;
  14109. #else
  14110. byte tmp[TWOK_BUF];
  14111. XMEMSET(tmp, 0, sizeof(tmp));
  14112. XFILE fp = XFOPEN("./certs/dsa2048.der", "rb");
  14113. if (fp == XBADFILE) {
  14114. return WOLFSSL_BAD_FILE;
  14115. }
  14116. bytes = (word32) XFREAD(tmp, 1, sizeof(tmp), fp);
  14117. XFCLOSE(fp);
  14118. #endif /* END USE_CERT_BUFFERS_1024 */
  14119. ret = wc_InitSha(&sha);
  14120. if (ret == 0) {
  14121. ret = wc_ShaUpdate(&sha, tmp, bytes);
  14122. if (ret == 0) {
  14123. ret = wc_ShaFinal(&sha, hash);
  14124. }
  14125. if (ret == 0) {
  14126. ret = wc_InitDsaKey(&key);
  14127. }
  14128. if (ret == 0) {
  14129. ret = wc_DsaPrivateKeyDecode(tmp, &idx, &key, bytes);
  14130. }
  14131. if (ret == 0) {
  14132. ret = wc_InitRng(&rng);
  14133. }
  14134. }
  14135. printf(testingFmt, "wc_DsaSign()");
  14136. /* Sign. */
  14137. if (ret == 0) {
  14138. ret = wc_DsaSign(hash, signature, &key, &rng);
  14139. }
  14140. /* Test bad args. */
  14141. if (ret == 0) {
  14142. ret = wc_DsaSign(NULL, signature, &key, &rng);
  14143. if (ret == BAD_FUNC_ARG) {
  14144. ret = wc_DsaSign(hash, NULL, &key, &rng);
  14145. }
  14146. if (ret == BAD_FUNC_ARG) {
  14147. ret = wc_DsaSign(hash, signature, NULL, &rng);
  14148. }
  14149. if (ret == BAD_FUNC_ARG) {
  14150. ret = wc_DsaSign(hash, signature, &key, NULL);
  14151. }
  14152. if (ret == BAD_FUNC_ARG) {
  14153. ret = 0;
  14154. } else {
  14155. ret = WOLFSSL_FATAL_ERROR;
  14156. }
  14157. }
  14158. printf(resultFmt, ret == 0 ? passed : failed);
  14159. if (ret != 0) {
  14160. return ret;
  14161. }
  14162. /* Verify. */
  14163. printf(testingFmt, "wc_DsaVerify()");
  14164. ret = wc_DsaVerify(hash, signature, &key, &answer);
  14165. if (ret != 0 || answer != 1) {
  14166. ret = WOLFSSL_FATAL_ERROR;
  14167. } else {
  14168. ret = 0;
  14169. }
  14170. /* Pass in bad args. */
  14171. if (ret == 0) {
  14172. ret = wc_DsaVerify(NULL, signature, &key, &answer);
  14173. if (ret == BAD_FUNC_ARG) {
  14174. ret = wc_DsaVerify(hash, NULL, &key, &answer);
  14175. }
  14176. if (ret == BAD_FUNC_ARG) {
  14177. ret = wc_DsaVerify(hash, signature, NULL, &answer);
  14178. }
  14179. if (ret == BAD_FUNC_ARG) {
  14180. ret = wc_DsaVerify(hash, signature, &key, NULL);
  14181. }
  14182. if (ret == BAD_FUNC_ARG) {
  14183. ret = 0;
  14184. } else {
  14185. ret = WOLFSSL_FATAL_ERROR;
  14186. }
  14187. }
  14188. if (wc_FreeRng(&rng) && ret == 0) {
  14189. ret = WOLFSSL_FATAL_ERROR;
  14190. }
  14191. printf(resultFmt, ret == 0 ? passed : failed);
  14192. wc_FreeDsaKey(&key);
  14193. wc_ShaFree(&sha);
  14194. #endif
  14195. return ret;
  14196. } /* END test_wc_DsaSign */
  14197. /*
  14198. * Testing wc_DsaPrivateKeyDecode() and wc_DsaPublicKeyDecode()
  14199. */
  14200. static int test_wc_DsaPublicPrivateKeyDecode (void)
  14201. {
  14202. int ret = 0;
  14203. #if !defined(NO_DSA)
  14204. DsaKey key;
  14205. word32 bytes;
  14206. word32 idx = 0;
  14207. int priv = WOLFSSL_FATAL_ERROR;
  14208. int pub = WOLFSSL_FATAL_ERROR;
  14209. #ifdef USE_CERT_BUFFERS_1024
  14210. byte tmp[ONEK_BUF];
  14211. XMEMCPY(tmp, dsa_key_der_1024, sizeof_dsa_key_der_1024);
  14212. bytes = sizeof_dsa_key_der_1024;
  14213. #elif defined(USE_CERT_BUFFERS_2048)
  14214. byte tmp[TWOK_BUF];
  14215. XMEMCPY(tmp, dsa_key_der_2048, sizeof_dsa_key_der_2048);
  14216. bytes = sizeof_dsa_key_der_2048;
  14217. #else
  14218. byte tmp[TWOK_BUF];
  14219. XMEMSET(tmp, 0, sizeof(tmp));
  14220. XFILE fp = XFOPEN("./certs/dsa2048.der", "rb");
  14221. if (fp == XBADFILE)
  14222. {
  14223. return WOLFSSL_BAD_FILE;
  14224. }
  14225. bytes = (word32) XFREAD(tmp, 1, sizeof(tmp), fp);
  14226. XFCLOSE(fp);
  14227. #endif /* END USE_CERT_BUFFERS_1024 */
  14228. ret = wc_InitDsaKey(&key);
  14229. printf(testingFmt, "wc_DsaPrivateKeyDecode()");
  14230. if (ret == 0) {
  14231. priv = wc_DsaPrivateKeyDecode(tmp, &idx, &key, bytes);
  14232. /* Test bad args. */
  14233. if (priv == 0) {
  14234. priv = wc_DsaPrivateKeyDecode(NULL, &idx, &key, bytes);
  14235. if (priv == BAD_FUNC_ARG) {
  14236. priv = wc_DsaPrivateKeyDecode(tmp, NULL, &key, bytes);
  14237. }
  14238. if (priv == BAD_FUNC_ARG) {
  14239. priv = wc_DsaPrivateKeyDecode(tmp, &idx, NULL, bytes);
  14240. }
  14241. if (priv == BAD_FUNC_ARG) {
  14242. priv = wc_DsaPrivateKeyDecode(tmp, &idx, &key, bytes);
  14243. }
  14244. if (priv == ASN_PARSE_E) {
  14245. priv = 0;
  14246. } else {
  14247. priv = WOLFSSL_FATAL_ERROR;
  14248. }
  14249. }
  14250. wc_FreeDsaKey(&key);
  14251. ret = wc_InitDsaKey(&key);
  14252. }
  14253. printf(resultFmt, priv == 0 ? passed : failed);
  14254. printf(testingFmt, "wc_DsaPublicKeyDecode()");
  14255. if (ret == 0) {
  14256. idx = 0; /* Reset */
  14257. pub = wc_DsaPublicKeyDecode(tmp, &idx, &key, bytes);
  14258. /* Test bad args. */
  14259. if (pub == 0) {
  14260. pub = wc_DsaPublicKeyDecode(NULL, &idx, &key, bytes);
  14261. if (pub == BAD_FUNC_ARG) {
  14262. pub = wc_DsaPublicKeyDecode(tmp, NULL, &key, bytes);
  14263. }
  14264. if (pub == BAD_FUNC_ARG) {
  14265. pub = wc_DsaPublicKeyDecode(tmp, &idx, NULL, bytes);
  14266. }
  14267. if (pub == BAD_FUNC_ARG) {
  14268. pub = wc_DsaPublicKeyDecode(tmp, &idx, &key, bytes);
  14269. }
  14270. if (pub == ASN_PARSE_E) {
  14271. pub = 0;
  14272. } else {
  14273. pub = WOLFSSL_FATAL_ERROR;
  14274. }
  14275. }
  14276. } /* END Public Key */
  14277. printf(resultFmt, pub == 0 ? passed : failed);
  14278. wc_FreeDsaKey(&key);
  14279. #endif
  14280. return ret;
  14281. } /* END test_wc_DsaPublicPrivateKeyDecode */
  14282. /*
  14283. * Testing wc_MakeDsaKey() and wc_MakeDsaParameters()
  14284. */
  14285. static int test_wc_MakeDsaKey (void)
  14286. {
  14287. int ret = 0;
  14288. #if !defined(NO_DSA) && defined(WOLFSSL_KEY_GEN)
  14289. DsaKey genKey;
  14290. WC_RNG rng;
  14291. XMEMSET(&rng, 0, sizeof(rng));
  14292. XMEMSET(&genKey, 0, sizeof(genKey));
  14293. ret = wc_InitRng(&rng);
  14294. if (ret == 0) {
  14295. ret = wc_InitDsaKey(&genKey);
  14296. }
  14297. printf(testingFmt, "wc_MakeDsaParameters()");
  14298. if (ret == 0) {
  14299. ret = wc_MakeDsaParameters(&rng, ONEK_BUF, &genKey);
  14300. }
  14301. /* Test bad args. */
  14302. if (ret == 0) {
  14303. ret = wc_MakeDsaParameters(NULL, ONEK_BUF, &genKey);
  14304. if (ret == BAD_FUNC_ARG) {
  14305. ret = wc_MakeDsaParameters(&rng, ONEK_BUF, NULL);
  14306. }
  14307. if (ret == BAD_FUNC_ARG) {
  14308. ret = wc_MakeDsaParameters(&rng, ONEK_BUF + 1, &genKey);
  14309. }
  14310. if (ret == BAD_FUNC_ARG) {
  14311. ret = 0;
  14312. } else {
  14313. ret = WOLFSSL_FATAL_ERROR;
  14314. }
  14315. }
  14316. printf(resultFmt, ret == 0 ? passed : failed);
  14317. printf(testingFmt, "wc_MakeDsaKey()");
  14318. if (ret == 0) {
  14319. ret = wc_MakeDsaKey(&rng, &genKey);
  14320. }
  14321. /* Test bad args. */
  14322. if (ret == 0) {
  14323. ret = wc_MakeDsaKey(NULL, &genKey);
  14324. if (ret == BAD_FUNC_ARG) {
  14325. ret = wc_MakeDsaKey(&rng, NULL);
  14326. }
  14327. if (ret == BAD_FUNC_ARG) {
  14328. ret = 0;
  14329. } else {
  14330. ret = WOLFSSL_FATAL_ERROR;
  14331. }
  14332. }
  14333. if (wc_FreeRng(&rng) && ret == 0) {
  14334. ret = WOLFSSL_FAILURE;
  14335. }
  14336. printf(resultFmt, ret == 0 ? passed : failed);
  14337. wc_FreeDsaKey(&genKey);
  14338. #endif
  14339. return ret;
  14340. } /* END test_wc_MakeDsaKey */
  14341. /*
  14342. * Testing wc_DsaKeyToDer()
  14343. */
  14344. static int test_wc_DsaKeyToDer (void)
  14345. {
  14346. int ret = 0;
  14347. #if !defined(NO_DSA) && defined(WOLFSSL_KEY_GEN)
  14348. DsaKey genKey;
  14349. WC_RNG rng;
  14350. word32 bytes;
  14351. word32 idx = 0;
  14352. #ifdef USE_CERT_BUFFERS_1024
  14353. byte tmp[ONEK_BUF];
  14354. byte der[ONEK_BUF];
  14355. XMEMSET(tmp, 0, sizeof(tmp));
  14356. XMEMSET(der, 0, sizeof(der));
  14357. XMEMCPY(tmp, dsa_key_der_1024, sizeof_dsa_key_der_1024);
  14358. bytes = sizeof_dsa_key_der_1024;
  14359. #elif defined(USE_CERT_BUFFERS_2048)
  14360. byte tmp[TWOK_BUF];
  14361. byte der[TWOK_BUF];
  14362. XMEMSET(tmp, 0, sizeof(tmp));
  14363. XMEMSET(der, 0, sizeof(der));
  14364. XMEMCPY(tmp, dsa_key_der_2048, sizeof_dsa_key_der_2048);
  14365. bytes = sizeof_dsa_key_der_2048;
  14366. #else
  14367. byte tmp[TWOK_BUF];
  14368. byte der[TWOK_BUF];
  14369. XMEMSET(tmp, 0, sizeof(tmp));
  14370. XMEMSET(der, 0, sizeof(der));
  14371. XFILE fp = XFOPEN("./certs/dsa2048.der", "rb");
  14372. if (fp == XBADFILE) {
  14373. return WOLFSSL_BAD_FILE;
  14374. }
  14375. bytes = (word32) XFREAD(tmp, 1, sizeof(tmp), fp);
  14376. XFCLOSE(fp);
  14377. #endif /* END USE_CERT_BUFFERS_1024 */
  14378. #if !defined(NO_DSA) && defined(WOLFSSL_KEY_GEN)
  14379. XMEMSET(&rng, 0, sizeof(rng));
  14380. XMEMSET(&genKey, 0, sizeof(genKey));
  14381. #endif
  14382. ret = wc_InitRng(&rng);
  14383. if (ret == 0) {
  14384. ret = wc_InitDsaKey(&genKey);
  14385. }
  14386. if (ret == 0) {
  14387. ret = wc_MakeDsaParameters(&rng, sizeof(tmp), &genKey);
  14388. if (ret == 0) {
  14389. wc_FreeDsaKey(&genKey);
  14390. ret = wc_InitDsaKey(&genKey);
  14391. }
  14392. }
  14393. if (ret == 0) {
  14394. ret = wc_DsaPrivateKeyDecode(tmp, &idx, &genKey, bytes);
  14395. }
  14396. printf(testingFmt, "wc_DsaKeyToDer()");
  14397. if (ret == 0) {
  14398. ret = wc_DsaKeyToDer(&genKey, der, bytes);
  14399. if ( ret >= 0 && ( ret = XMEMCMP(der, tmp, bytes) ) == 0 ) {
  14400. ret = 0;
  14401. }
  14402. }
  14403. /* Test bad args. */
  14404. if (ret == 0) {
  14405. ret = wc_DsaKeyToDer(NULL, der, FOURK_BUF);
  14406. if (ret == BAD_FUNC_ARG) {
  14407. ret = wc_DsaKeyToDer(&genKey, NULL, FOURK_BUF);
  14408. }
  14409. if (ret == BAD_FUNC_ARG) {
  14410. ret = 0;
  14411. } else {
  14412. ret = WOLFSSL_FATAL_ERROR;
  14413. }
  14414. }
  14415. if (wc_FreeRng(&rng) && ret == 0) {
  14416. ret = WOLFSSL_FATAL_ERROR;
  14417. }
  14418. printf(resultFmt, ret == 0 ? passed : failed);
  14419. wc_FreeDsaKey(&genKey);
  14420. #endif
  14421. return ret;
  14422. } /* END test_wc_DsaKeyToDer */
  14423. /*
  14424. * Testing wc_DsaKeyToPublicDer()
  14425. * (indirectly testing setDsaPublicKey())
  14426. */
  14427. static int test_wc_DsaKeyToPublicDer(void)
  14428. {
  14429. int ret = 0;
  14430. #ifndef HAVE_SELFTEST
  14431. #if !defined(NO_DSA) && defined(WOLFSSL_KEY_GEN)
  14432. DsaKey genKey;
  14433. WC_RNG rng;
  14434. byte* der;
  14435. printf(testingFmt, "wc_DsaKeyToPublicDer()");
  14436. der = (byte*)XMALLOC(ONEK_BUF, NULL, DYNAMIC_TYPE_TMP_BUFFER);
  14437. if (der == NULL) {
  14438. ret = WOLFSSL_FATAL_ERROR;
  14439. }
  14440. if (ret == 0) {
  14441. ret = wc_InitDsaKey(&genKey);
  14442. }
  14443. if (ret == 0) {
  14444. ret = wc_InitRng(&rng);
  14445. }
  14446. if (ret == 0) {
  14447. ret = wc_MakeDsaParameters(&rng, ONEK_BUF, &genKey);
  14448. }
  14449. if (ret == 0) {
  14450. ret = wc_MakeDsaKey(&rng, &genKey);
  14451. }
  14452. if (ret == 0) {
  14453. ret = wc_DsaKeyToPublicDer(&genKey, der, ONEK_BUF);
  14454. if (ret >= 0) {
  14455. ret = 0;
  14456. } else {
  14457. ret = WOLFSSL_FATAL_ERROR;
  14458. }
  14459. }
  14460. /* Test bad args. */
  14461. if (ret == 0) {
  14462. ret = wc_DsaKeyToPublicDer(NULL, der, FOURK_BUF);
  14463. if (ret == BAD_FUNC_ARG) {
  14464. ret = wc_DsaKeyToPublicDer(&genKey, NULL, FOURK_BUF);
  14465. }
  14466. if (ret == BAD_FUNC_ARG) {
  14467. ret = 0;
  14468. } else {
  14469. ret = WOLFSSL_FATAL_ERROR;
  14470. }
  14471. }
  14472. if (wc_FreeRng(&rng) && ret == 0) {
  14473. ret = WOLFSSL_FATAL_ERROR;
  14474. }
  14475. printf(resultFmt, ret == 0 ? passed : failed);
  14476. XFREE(der,NULL,DYNAMIC_TYPE_TMP_BUFFER);
  14477. wc_FreeDsaKey(&genKey);
  14478. #endif /* !defined(NO_DSA) && defined(WOLFSSL_KEY_GEN) */
  14479. #endif /* HAVE_SELFTEST */
  14480. return ret;
  14481. } /* END test_wc_DsaKeyToPublicDer */
  14482. /*
  14483. * Testing wc_DsaImportParamsRaw()
  14484. */
  14485. static int test_wc_DsaImportParamsRaw (void)
  14486. {
  14487. int ret = 0;
  14488. #if !defined(NO_DSA)
  14489. DsaKey key;
  14490. /* [mod = L=1024, N=160], from CAVP KeyPair */
  14491. const char* p = "d38311e2cd388c3ed698e82fdf88eb92b5a9a483dc88005d"
  14492. "4b725ef341eabb47cf8a7a8a41e792a156b7ce97206c4f9c"
  14493. "5ce6fc5ae7912102b6b502e59050b5b21ce263dddb2044b6"
  14494. "52236f4d42ab4b5d6aa73189cef1ace778d7845a5c1c1c71"
  14495. "47123188f8dc551054ee162b634d60f097f719076640e209"
  14496. "80a0093113a8bd73";
  14497. const char* q = "96c5390a8b612c0e422bb2b0ea194a3ec935a281";
  14498. const char* g = "06b7861abbd35cc89e79c52f68d20875389b127361ca66822"
  14499. "138ce4991d2b862259d6b4548a6495b195aa0e0b6137ca37e"
  14500. "b23b94074d3c3d300042bdf15762812b6333ef7b07ceba786"
  14501. "07610fcc9ee68491dbc1e34cd12615474e52b18bc934fb00c"
  14502. "61d39e7da8902291c4434a4e2224c3f4fd9f93cd6f4f17fc0"
  14503. "76341a7e7d9";
  14504. /* invalid p and q parameters */
  14505. const char* invalidP = "d38311e2cd388c3ed698e82fdf88eb92b5a9a483dc88005d";
  14506. const char* invalidQ = "96c5390a";
  14507. printf(testingFmt, "wc_DsaImportParamsRaw()");
  14508. ret = wc_InitDsaKey(&key);
  14509. if (ret == 0) {
  14510. ret = wc_DsaImportParamsRaw(&key, p, q, g);
  14511. }
  14512. /* test bad args */
  14513. if (ret == 0) {
  14514. /* null key struct */
  14515. ret = wc_DsaImportParamsRaw(NULL, p, q, g);
  14516. if (ret == BAD_FUNC_ARG) {
  14517. /* null param pointers */
  14518. ret = wc_DsaImportParamsRaw(&key, NULL, NULL, NULL);
  14519. }
  14520. if (ret == BAD_FUNC_ARG) {
  14521. /* illegal p length */
  14522. ret = wc_DsaImportParamsRaw(&key, invalidP, q, g);
  14523. }
  14524. if (ret == BAD_FUNC_ARG) {
  14525. /* illegal q length */
  14526. ret = wc_DsaImportParamsRaw(&key, p, invalidQ, g);
  14527. if (ret == BAD_FUNC_ARG)
  14528. ret = 0;
  14529. }
  14530. }
  14531. printf(resultFmt, ret == 0 ? passed : failed);
  14532. wc_FreeDsaKey(&key);
  14533. #endif
  14534. return ret;
  14535. } /* END test_wc_DsaImportParamsRaw */
  14536. /*
  14537. * Testing wc_DsaImportParamsRawCheck()
  14538. */
  14539. static int test_wc_DsaImportParamsRawCheck (void)
  14540. {
  14541. int ret = 0;
  14542. #if !defined(NO_DSA) && !defined(HAVE_FIPS) && !defined(HAVE_SELFTEST)
  14543. DsaKey key;
  14544. int trusted = 0;
  14545. /* [mod = L=1024, N=160], from CAVP KeyPair */
  14546. const char* p = "d38311e2cd388c3ed698e82fdf88eb92b5a9a483dc88005d"
  14547. "4b725ef341eabb47cf8a7a8a41e792a156b7ce97206c4f9c"
  14548. "5ce6fc5ae7912102b6b502e59050b5b21ce263dddb2044b6"
  14549. "52236f4d42ab4b5d6aa73189cef1ace778d7845a5c1c1c71"
  14550. "47123188f8dc551054ee162b634d60f097f719076640e209"
  14551. "80a0093113a8bd73";
  14552. const char* q = "96c5390a8b612c0e422bb2b0ea194a3ec935a281";
  14553. const char* g = "06b7861abbd35cc89e79c52f68d20875389b127361ca66822"
  14554. "138ce4991d2b862259d6b4548a6495b195aa0e0b6137ca37e"
  14555. "b23b94074d3c3d300042bdf15762812b6333ef7b07ceba786"
  14556. "07610fcc9ee68491dbc1e34cd12615474e52b18bc934fb00c"
  14557. "61d39e7da8902291c4434a4e2224c3f4fd9f93cd6f4f17fc0"
  14558. "76341a7e7d9";
  14559. /* invalid p and q parameters */
  14560. const char* invalidP = "d38311e2cd388c3ed698e82fdf88eb92b5a9a483dc88005d";
  14561. const char* invalidQ = "96c5390a";
  14562. printf(testingFmt, "wc_DsaImportParamsRawCheck()");
  14563. ret = wc_InitDsaKey(&key);
  14564. if (ret == 0) {
  14565. ret = wc_DsaImportParamsRawCheck(&key, p, q, g, trusted, NULL);
  14566. }
  14567. /* test bad args */
  14568. if (ret == 0) {
  14569. /* null key struct */
  14570. ret = wc_DsaImportParamsRawCheck(NULL, p, q, g, trusted, NULL);
  14571. if (ret == BAD_FUNC_ARG) {
  14572. /* null param pointers */
  14573. ret = wc_DsaImportParamsRawCheck(&key, NULL, NULL, NULL, trusted, NULL);
  14574. }
  14575. if (ret == BAD_FUNC_ARG) {
  14576. /* illegal p length */
  14577. ret = wc_DsaImportParamsRawCheck(&key, invalidP, q, g, trusted, NULL);
  14578. }
  14579. if (ret == BAD_FUNC_ARG) {
  14580. /* illegal q length */
  14581. ret = wc_DsaImportParamsRawCheck(&key, p, invalidQ, g, trusted, NULL);
  14582. if (ret == BAD_FUNC_ARG)
  14583. ret = 0;
  14584. }
  14585. }
  14586. printf(resultFmt, ret == 0 ? passed : failed);
  14587. wc_FreeDsaKey(&key);
  14588. #endif
  14589. return ret;
  14590. } /* END test_wc_DsaImportParamsRawCheck */
  14591. /*
  14592. * Testing wc_DsaExportParamsRaw()
  14593. */
  14594. static int test_wc_DsaExportParamsRaw (void)
  14595. {
  14596. int ret = 0;
  14597. #if !defined(NO_DSA)
  14598. DsaKey key;
  14599. /* [mod = L=1024, N=160], from CAVP KeyPair */
  14600. const char* p = "d38311e2cd388c3ed698e82fdf88eb92b5a9a483dc88005d"
  14601. "4b725ef341eabb47cf8a7a8a41e792a156b7ce97206c4f9c"
  14602. "5ce6fc5ae7912102b6b502e59050b5b21ce263dddb2044b6"
  14603. "52236f4d42ab4b5d6aa73189cef1ace778d7845a5c1c1c71"
  14604. "47123188f8dc551054ee162b634d60f097f719076640e209"
  14605. "80a0093113a8bd73";
  14606. const char* q = "96c5390a8b612c0e422bb2b0ea194a3ec935a281";
  14607. const char* g = "06b7861abbd35cc89e79c52f68d20875389b127361ca66822"
  14608. "138ce4991d2b862259d6b4548a6495b195aa0e0b6137ca37e"
  14609. "b23b94074d3c3d300042bdf15762812b6333ef7b07ceba786"
  14610. "07610fcc9ee68491dbc1e34cd12615474e52b18bc934fb00c"
  14611. "61d39e7da8902291c4434a4e2224c3f4fd9f93cd6f4f17fc0"
  14612. "76341a7e7d9";
  14613. const char* pCompare = "\xd3\x83\x11\xe2\xcd\x38\x8c\x3e\xd6\x98\xe8\x2f"
  14614. "\xdf\x88\xeb\x92\xb5\xa9\xa4\x83\xdc\x88\x00\x5d"
  14615. "\x4b\x72\x5e\xf3\x41\xea\xbb\x47\xcf\x8a\x7a\x8a"
  14616. "\x41\xe7\x92\xa1\x56\xb7\xce\x97\x20\x6c\x4f\x9c"
  14617. "\x5c\xe6\xfc\x5a\xe7\x91\x21\x02\xb6\xb5\x02\xe5"
  14618. "\x90\x50\xb5\xb2\x1c\xe2\x63\xdd\xdb\x20\x44\xb6"
  14619. "\x52\x23\x6f\x4d\x42\xab\x4b\x5d\x6a\xa7\x31\x89"
  14620. "\xce\xf1\xac\xe7\x78\xd7\x84\x5a\x5c\x1c\x1c\x71"
  14621. "\x47\x12\x31\x88\xf8\xdc\x55\x10\x54\xee\x16\x2b"
  14622. "\x63\x4d\x60\xf0\x97\xf7\x19\x07\x66\x40\xe2\x09"
  14623. "\x80\xa0\x09\x31\x13\xa8\xbd\x73";
  14624. const char* qCompare = "\x96\xc5\x39\x0a\x8b\x61\x2c\x0e\x42\x2b\xb2\xb0"
  14625. "\xea\x19\x4a\x3e\xc9\x35\xa2\x81";
  14626. const char* gCompare = "\x06\xb7\x86\x1a\xbb\xd3\x5c\xc8\x9e\x79\xc5\x2f"
  14627. "\x68\xd2\x08\x75\x38\x9b\x12\x73\x61\xca\x66\x82"
  14628. "\x21\x38\xce\x49\x91\xd2\xb8\x62\x25\x9d\x6b\x45"
  14629. "\x48\xa6\x49\x5b\x19\x5a\xa0\xe0\xb6\x13\x7c\xa3"
  14630. "\x7e\xb2\x3b\x94\x07\x4d\x3c\x3d\x30\x00\x42\xbd"
  14631. "\xf1\x57\x62\x81\x2b\x63\x33\xef\x7b\x07\xce\xba"
  14632. "\x78\x60\x76\x10\xfc\xc9\xee\x68\x49\x1d\xbc\x1e"
  14633. "\x34\xcd\x12\x61\x54\x74\xe5\x2b\x18\xbc\x93\x4f"
  14634. "\xb0\x0c\x61\xd3\x9e\x7d\xa8\x90\x22\x91\xc4\x43"
  14635. "\x4a\x4e\x22\x24\xc3\xf4\xfd\x9f\x93\xcd\x6f\x4f"
  14636. "\x17\xfc\x07\x63\x41\xa7\xe7\xd9";
  14637. byte pOut[MAX_DSA_PARAM_SIZE];
  14638. byte qOut[MAX_DSA_PARAM_SIZE];
  14639. byte gOut[MAX_DSA_PARAM_SIZE];
  14640. word32 pOutSz, qOutSz, gOutSz;
  14641. printf(testingFmt, "wc_DsaExportParamsRaw()");
  14642. ret = wc_InitDsaKey(&key);
  14643. if (ret == 0) {
  14644. /* first test using imported raw parameters, for expected */
  14645. ret = wc_DsaImportParamsRaw(&key, p, q, g);
  14646. }
  14647. if (ret == 0) {
  14648. pOutSz = sizeof(pOut);
  14649. qOutSz = sizeof(qOut);
  14650. gOutSz = sizeof(gOut);
  14651. ret = wc_DsaExportParamsRaw(&key, pOut, &pOutSz, qOut, &qOutSz,
  14652. gOut, &gOutSz);
  14653. }
  14654. if (ret == 0) {
  14655. /* validate exported parameters are correct */
  14656. if ((XMEMCMP(pOut, pCompare, pOutSz) != 0) ||
  14657. (XMEMCMP(qOut, qCompare, qOutSz) != 0) ||
  14658. (XMEMCMP(gOut, gCompare, gOutSz) != 0) ) {
  14659. ret = -1;
  14660. }
  14661. }
  14662. /* test bad args */
  14663. if (ret == 0) {
  14664. /* null key struct */
  14665. ret = wc_DsaExportParamsRaw(NULL, pOut, &pOutSz, qOut, &qOutSz,
  14666. gOut, &gOutSz);
  14667. if (ret == BAD_FUNC_ARG) {
  14668. /* null output pointers */
  14669. ret = wc_DsaExportParamsRaw(&key, NULL, &pOutSz, NULL, &qOutSz,
  14670. NULL, &gOutSz);
  14671. }
  14672. if (ret == LENGTH_ONLY_E) {
  14673. /* null output size pointers */
  14674. ret = wc_DsaExportParamsRaw(&key, pOut, NULL, qOut, NULL,
  14675. gOut, NULL);
  14676. }
  14677. if (ret == BAD_FUNC_ARG) {
  14678. /* p output buffer size too small */
  14679. pOutSz = 1;
  14680. ret = wc_DsaExportParamsRaw(&key, pOut, &pOutSz, qOut, &qOutSz,
  14681. gOut, &gOutSz);
  14682. pOutSz = sizeof(pOut);
  14683. }
  14684. if (ret == BUFFER_E) {
  14685. /* q output buffer size too small */
  14686. qOutSz = 1;
  14687. ret = wc_DsaExportParamsRaw(&key, pOut, &pOutSz, qOut, &qOutSz,
  14688. gOut, &gOutSz);
  14689. qOutSz = sizeof(qOut);
  14690. }
  14691. if (ret == BUFFER_E) {
  14692. /* g output buffer size too small */
  14693. gOutSz = 1;
  14694. ret = wc_DsaExportParamsRaw(&key, pOut, &pOutSz, qOut, &qOutSz,
  14695. gOut, &gOutSz);
  14696. if (ret == BUFFER_E)
  14697. ret = 0;
  14698. }
  14699. }
  14700. printf(resultFmt, ret == 0 ? passed : failed);
  14701. wc_FreeDsaKey(&key);
  14702. #endif
  14703. return ret;
  14704. } /* END test_wc_DsaExportParamsRaw */
  14705. /*
  14706. * Testing wc_DsaExportKeyRaw()
  14707. */
  14708. static int test_wc_DsaExportKeyRaw (void)
  14709. {
  14710. int ret = 0;
  14711. #if !defined(NO_DSA) && defined(WOLFSSL_KEY_GEN)
  14712. DsaKey key;
  14713. WC_RNG rng;
  14714. byte xOut[MAX_DSA_PARAM_SIZE];
  14715. byte yOut[MAX_DSA_PARAM_SIZE];
  14716. word32 xOutSz, yOutSz;
  14717. printf(testingFmt, "wc_DsaExportKeyRaw()");
  14718. XMEMSET(&rng, 0, sizeof(rng));
  14719. XMEMSET(&key, 0, sizeof(key));
  14720. ret = wc_InitRng(&rng);
  14721. if (ret == 0) {
  14722. ret = wc_InitDsaKey(&key);
  14723. }
  14724. if (ret == 0) {
  14725. ret = wc_MakeDsaParameters(&rng, 1024, &key);
  14726. if (ret == 0) {
  14727. ret = wc_MakeDsaKey(&rng, &key);
  14728. }
  14729. }
  14730. /* try successful export */
  14731. if (ret == 0) {
  14732. xOutSz = sizeof(xOut);
  14733. yOutSz = sizeof(yOut);
  14734. ret = wc_DsaExportKeyRaw(&key, xOut, &xOutSz, yOut, &yOutSz);
  14735. }
  14736. /* test bad args */
  14737. if (ret == 0) {
  14738. /* null key struct */
  14739. ret = wc_DsaExportKeyRaw(NULL, xOut, &xOutSz, yOut, &yOutSz);
  14740. if (ret == BAD_FUNC_ARG) {
  14741. /* null output pointers */
  14742. ret = wc_DsaExportKeyRaw(&key, NULL, &xOutSz, NULL, &yOutSz);
  14743. }
  14744. if (ret == LENGTH_ONLY_E) {
  14745. /* null output size pointers */
  14746. ret = wc_DsaExportKeyRaw(&key, xOut, NULL, yOut, NULL);
  14747. }
  14748. if (ret == BAD_FUNC_ARG) {
  14749. /* x output buffer size too small */
  14750. xOutSz = 1;
  14751. ret = wc_DsaExportKeyRaw(&key, xOut, &xOutSz, yOut, &yOutSz);
  14752. xOutSz = sizeof(xOut);
  14753. }
  14754. if (ret == BUFFER_E) {
  14755. /* y output buffer size too small */
  14756. yOutSz = 1;
  14757. ret = wc_DsaExportKeyRaw(&key, xOut, &xOutSz, yOut, &yOutSz);
  14758. if (ret == BUFFER_E)
  14759. ret = 0;
  14760. }
  14761. }
  14762. printf(resultFmt, ret == 0 ? passed : failed);
  14763. wc_FreeDsaKey(&key);
  14764. wc_FreeRng(&rng);
  14765. #endif
  14766. return ret;
  14767. } /* END test_wc_DsaExportParamsRaw */
  14768. /*
  14769. * Testing wc_ed25519_make_key().
  14770. */
  14771. static int test_wc_ed25519_make_key (void)
  14772. {
  14773. int ret = 0;
  14774. #if defined(HAVE_ED25519)
  14775. ed25519_key key;
  14776. WC_RNG rng;
  14777. ret = wc_InitRng(&rng);
  14778. if (ret == 0) {
  14779. ret = wc_ed25519_init(&key);
  14780. }
  14781. printf(testingFmt, "wc_ed25519_make_key()");
  14782. if (ret == 0) {
  14783. ret = wc_ed25519_make_key(&rng, ED25519_KEY_SIZE, &key);
  14784. }
  14785. /* Test bad args. */
  14786. if (ret == 0) {
  14787. ret = wc_ed25519_make_key(NULL, ED25519_KEY_SIZE, &key);
  14788. if (ret == BAD_FUNC_ARG) {
  14789. ret = wc_ed25519_make_key(&rng, ED25519_KEY_SIZE, NULL);
  14790. }
  14791. if (ret == BAD_FUNC_ARG) {
  14792. ret = wc_ed25519_make_key(&rng, ED25519_KEY_SIZE - 1, &key);
  14793. }
  14794. if (ret == BAD_FUNC_ARG) {
  14795. ret = wc_ed25519_make_key(&rng, ED25519_KEY_SIZE + 1, &key);
  14796. }
  14797. if (ret == BAD_FUNC_ARG) {
  14798. ret = 0;
  14799. } else if (ret == 0) {
  14800. ret = SSL_FATAL_ERROR;
  14801. }
  14802. }
  14803. printf(resultFmt, ret == 0 ? passed : failed);
  14804. if (wc_FreeRng(&rng) && ret == 0) {
  14805. ret = SSL_FATAL_ERROR;
  14806. }
  14807. wc_ed25519_free(&key);
  14808. #endif
  14809. return ret;
  14810. } /* END test_wc_ed25519_make_key */
  14811. /*
  14812. * Testing wc_ed25519_init()
  14813. */
  14814. static int test_wc_ed25519_init (void)
  14815. {
  14816. int ret = 0;
  14817. #if defined(HAVE_ED25519)
  14818. ed25519_key key;
  14819. printf(testingFmt, "wc_ed25519_init()");
  14820. ret = wc_ed25519_init(&key);
  14821. /* Test bad args. */
  14822. if (ret == 0) {
  14823. ret = wc_ed25519_init(NULL);
  14824. if (ret == BAD_FUNC_ARG) {
  14825. ret = 0;
  14826. } else if (ret == 0) {
  14827. ret = SSL_FATAL_ERROR;
  14828. }
  14829. }
  14830. printf(resultFmt, ret == 0 ? passed : failed);
  14831. wc_ed25519_free(&key);
  14832. #endif
  14833. return ret;
  14834. } /* END test_wc_ed25519_init */
  14835. /*
  14836. * Test wc_ed25519_sign_msg() and wc_ed25519_verify_msg()
  14837. */
  14838. static int test_wc_ed25519_sign_msg (void)
  14839. {
  14840. int ret = 0;
  14841. #if defined(HAVE_ED25519) && defined(HAVE_ED25519_SIGN)
  14842. WC_RNG rng;
  14843. ed25519_key key;
  14844. byte msg[] = "Everybody gets Friday off.\n";
  14845. byte sig[ED25519_SIG_SIZE];
  14846. word32 msglen = sizeof(msg);
  14847. word32 siglen = sizeof(sig);
  14848. word32 badSigLen = sizeof(sig) - 1;
  14849. int verify_ok = 0; /*1 = Verify success.*/
  14850. /* Initialize stack variables. */
  14851. XMEMSET(sig, 0, siglen);
  14852. /* Initialize key. */
  14853. ret = wc_InitRng(&rng);
  14854. if (ret == 0) {
  14855. ret = wc_ed25519_init(&key);
  14856. if (ret == 0) {
  14857. ret = wc_ed25519_make_key(&rng, ED25519_KEY_SIZE, &key);
  14858. }
  14859. }
  14860. printf(testingFmt, "wc_ed25519_sign_msg()");
  14861. if (ret == 0) {
  14862. ret = wc_ed25519_sign_msg(msg, msglen, sig, &siglen, &key);
  14863. }
  14864. /* Test bad args. */
  14865. if (ret == 0 && siglen == ED25519_SIG_SIZE) {
  14866. ret = wc_ed25519_sign_msg(NULL, msglen, sig, &siglen, &key);
  14867. if (ret == BAD_FUNC_ARG) {
  14868. ret = wc_ed25519_sign_msg(msg, msglen, NULL, &siglen, &key);
  14869. }
  14870. if (ret == BAD_FUNC_ARG) {
  14871. ret = wc_ed25519_sign_msg(msg, msglen, sig, NULL, &key);
  14872. }
  14873. if (ret == BAD_FUNC_ARG) {
  14874. ret = wc_ed25519_sign_msg(msg, msglen, sig, &siglen, NULL);
  14875. }
  14876. if (ret == BAD_FUNC_ARG) {
  14877. ret = wc_ed25519_sign_msg(msg, msglen, sig, &badSigLen, &key);
  14878. }
  14879. if (ret == BUFFER_E && badSigLen == ED25519_SIG_SIZE) {
  14880. badSigLen -= 1;
  14881. ret = 0;
  14882. } else if (ret == 0) {
  14883. ret = SSL_FATAL_ERROR;
  14884. }
  14885. } /* END sign */
  14886. printf(resultFmt, ret == 0 ? passed : failed);
  14887. #ifdef HAVE_ED25519_VERIFY
  14888. printf(testingFmt, "wc_ed25519_verify_msg()");
  14889. if (ret == 0) {
  14890. ret = wc_ed25519_verify_msg(sig, siglen, msg, msglen, &verify_ok, &key);
  14891. if (ret == 0 && verify_ok == 1) {
  14892. ret = 0;
  14893. } else if (ret == 0) {
  14894. ret = SSL_FATAL_ERROR;
  14895. }
  14896. /* Test bad args. */
  14897. if (ret == 0) {
  14898. AssertIntEQ(wc_ed25519_verify_msg(sig, siglen - 1, msg,
  14899. msglen, &verify_ok, &key),
  14900. BAD_FUNC_ARG);
  14901. AssertIntEQ(wc_ed25519_verify_msg(sig, siglen + 1, msg,
  14902. msglen, &verify_ok, &key),
  14903. BAD_FUNC_ARG);
  14904. ret = wc_ed25519_verify_msg(NULL, siglen, msg, msglen, &verify_ok,
  14905. &key);
  14906. if (ret == BAD_FUNC_ARG) {
  14907. ret = wc_ed25519_verify_msg(sig, siglen, NULL, msglen,
  14908. &verify_ok, &key);
  14909. }
  14910. if (ret == BAD_FUNC_ARG) {
  14911. ret = wc_ed25519_verify_msg(sig, siglen, msg, msglen,
  14912. NULL, &key);
  14913. }
  14914. if (ret == BAD_FUNC_ARG) {
  14915. ret = wc_ed25519_verify_msg(sig, siglen, msg, msglen,
  14916. &verify_ok, NULL);
  14917. }
  14918. if (ret == BAD_FUNC_ARG) {
  14919. ret = wc_ed25519_verify_msg(sig, badSigLen, msg, msglen,
  14920. &verify_ok, &key);
  14921. }
  14922. if (ret == BAD_FUNC_ARG) {
  14923. ret = 0;
  14924. } else if (ret == 0) {
  14925. ret = SSL_FATAL_ERROR;
  14926. }
  14927. }
  14928. } /* END verify. */
  14929. printf(resultFmt, ret == 0 ? passed : failed);
  14930. #endif /* Verify. */
  14931. if (wc_FreeRng(&rng) && ret == 0) {
  14932. ret = SSL_FATAL_ERROR;
  14933. }
  14934. wc_ed25519_free(&key);
  14935. #endif
  14936. return ret;
  14937. } /* END test_wc_ed25519_sign_msg */
  14938. /*
  14939. * Testing wc_ed25519_import_public()
  14940. */
  14941. static int test_wc_ed25519_import_public (void)
  14942. {
  14943. int ret = 0;
  14944. #if defined(HAVE_ED25519) && defined(HAVE_ED25519_KEY_IMPORT)
  14945. WC_RNG rng;
  14946. ed25519_key pubKey;
  14947. const byte in[] = "Ed25519PublicKeyUnitTest......\n";
  14948. word32 inlen = sizeof(in);
  14949. ret = wc_InitRng(&rng);
  14950. if (ret == 0) {
  14951. ret = wc_ed25519_init(&pubKey);
  14952. if (ret == 0) {
  14953. ret = wc_ed25519_make_key(&rng, ED25519_KEY_SIZE, &pubKey);
  14954. }
  14955. }
  14956. printf(testingFmt, "wc_ed25519_import_public()");
  14957. if (ret == 0) {
  14958. ret = wc_ed25519_import_public(in, inlen, &pubKey);
  14959. if (ret == 0 && XMEMCMP(in, pubKey.p, inlen) == 0) {
  14960. ret = 0;
  14961. } else {
  14962. ret = SSL_FATAL_ERROR;
  14963. }
  14964. /* Test bad args. */
  14965. if (ret == 0) {
  14966. ret = wc_ed25519_import_public(NULL, inlen, &pubKey);
  14967. if (ret == BAD_FUNC_ARG) {
  14968. ret = wc_ed25519_import_public(in, inlen, NULL);
  14969. }
  14970. if (ret == BAD_FUNC_ARG) {
  14971. ret = wc_ed25519_import_public(in, inlen - 1, &pubKey);
  14972. }
  14973. if (ret == BAD_FUNC_ARG) {
  14974. ret = 0;
  14975. } else if (ret == 0) {
  14976. ret = SSL_FATAL_ERROR;
  14977. }
  14978. }
  14979. }
  14980. printf(resultFmt, ret == 0 ? passed : failed);
  14981. if (wc_FreeRng(&rng) && ret == 0) {
  14982. ret = SSL_FATAL_ERROR;
  14983. }
  14984. wc_ed25519_free(&pubKey);
  14985. #endif
  14986. return ret;
  14987. } /* END wc_ed25519_import_public */
  14988. /*
  14989. * Testing wc_ed25519_import_private_key()
  14990. */
  14991. static int test_wc_ed25519_import_private_key (void)
  14992. {
  14993. int ret = 0;
  14994. #if defined(HAVE_ED25519) && defined(HAVE_ED25519_KEY_IMPORT)
  14995. WC_RNG rng;
  14996. ed25519_key key;
  14997. const byte privKey[] = "Ed25519PrivateKeyUnitTest.....\n";
  14998. const byte pubKey[] = "Ed25519PublicKeyUnitTest......\n";
  14999. word32 privKeySz = sizeof(privKey);
  15000. word32 pubKeySz = sizeof(pubKey);
  15001. ret = wc_InitRng(&rng);
  15002. if (ret != 0) {
  15003. return ret;
  15004. }
  15005. ret = wc_ed25519_init(&key);
  15006. if (ret != 0) {
  15007. wc_FreeRng(&rng);
  15008. return ret;
  15009. }
  15010. ret = wc_ed25519_make_key(&rng, ED25519_KEY_SIZE, &key);
  15011. printf(testingFmt, "wc_ed25519_import_private_key()");
  15012. if (ret == 0) {
  15013. ret = wc_ed25519_import_private_key(privKey, privKeySz, pubKey,
  15014. pubKeySz, &key);
  15015. if (ret == 0 && (XMEMCMP(pubKey, key.p, privKeySz) != 0
  15016. || XMEMCMP(privKey, key.k, pubKeySz) != 0)) {
  15017. ret = SSL_FATAL_ERROR;
  15018. }
  15019. }
  15020. /* Test bad args. */
  15021. if (ret == 0) {
  15022. ret = wc_ed25519_import_private_key(NULL, privKeySz, pubKey, pubKeySz,
  15023. &key);
  15024. if (ret == BAD_FUNC_ARG) {
  15025. ret = wc_ed25519_import_private_key(privKey, privKeySz, NULL,
  15026. pubKeySz, &key);
  15027. }
  15028. if (ret == BAD_FUNC_ARG) {
  15029. ret = wc_ed25519_import_private_key(privKey, privKeySz, pubKey,
  15030. pubKeySz, NULL);
  15031. }
  15032. if (ret == BAD_FUNC_ARG) {
  15033. ret = wc_ed25519_import_private_key(privKey, privKeySz - 1, pubKey,
  15034. pubKeySz, &key);
  15035. }
  15036. if (ret == BAD_FUNC_ARG) {
  15037. ret = wc_ed25519_import_private_key(privKey, privKeySz, pubKey,
  15038. pubKeySz - 1, &key);
  15039. }
  15040. if (ret == BAD_FUNC_ARG) {
  15041. ret = 0;
  15042. } else if (ret == 0) {
  15043. ret = SSL_FATAL_ERROR;
  15044. }
  15045. }
  15046. printf(resultFmt, ret == 0 ? passed : failed);
  15047. if (wc_FreeRng(&rng) && ret == 0) {
  15048. ret = SSL_FATAL_ERROR;
  15049. }
  15050. wc_ed25519_free(&key);
  15051. #endif
  15052. return ret;
  15053. } /* END test_wc_ed25519_import_private_key */
  15054. /*
  15055. * Testing wc_ed25519_export_public() and wc_ed25519_export_private_only()
  15056. */
  15057. static int test_wc_ed25519_export (void)
  15058. {
  15059. int ret = 0;
  15060. #if defined(HAVE_ED25519) && defined(HAVE_ED25519_KEY_EXPORT)
  15061. WC_RNG rng;
  15062. ed25519_key key;
  15063. byte priv[ED25519_PRV_KEY_SIZE];
  15064. byte pub[ED25519_PUB_KEY_SIZE];
  15065. word32 privSz = sizeof(priv);
  15066. word32 pubSz = sizeof(pub);
  15067. ret = wc_InitRng(&rng);
  15068. if (ret != 0) {
  15069. return ret;
  15070. }
  15071. ret = wc_ed25519_init(&key);
  15072. if (ret != 0) {
  15073. wc_FreeRng(&rng);
  15074. return ret;
  15075. }
  15076. if (ret == 0) {
  15077. ret = wc_ed25519_make_key(&rng, ED25519_KEY_SIZE, &key);
  15078. }
  15079. printf(testingFmt, "wc_ed25519_export_public()");
  15080. if (ret == 0) {
  15081. ret = wc_ed25519_export_public(&key, pub, &pubSz);
  15082. if (ret == 0 && (pubSz != ED25519_KEY_SIZE
  15083. || XMEMCMP(key.p, pub, pubSz) != 0)) {
  15084. ret = SSL_FATAL_ERROR;
  15085. }
  15086. if (ret == 0) {
  15087. ret = wc_ed25519_export_public(NULL, pub, &pubSz);
  15088. if (ret == BAD_FUNC_ARG) {
  15089. ret = wc_ed25519_export_public(&key, NULL, &pubSz);
  15090. }
  15091. if (ret == BAD_FUNC_ARG) {
  15092. ret = wc_ed25519_export_public(&key, pub, NULL);
  15093. }
  15094. if (ret == BAD_FUNC_ARG) {
  15095. ret = 0;
  15096. } else if (ret == 0) {
  15097. ret = SSL_FATAL_ERROR;
  15098. }
  15099. }
  15100. }
  15101. printf(resultFmt, ret == 0 ? passed : failed);
  15102. printf(testingFmt, "wc_ed25519_export_private_only()");
  15103. if (ret == 0) {
  15104. ret = wc_ed25519_export_private_only(&key, priv, &privSz);
  15105. if (ret == 0 && (privSz != ED25519_KEY_SIZE
  15106. || XMEMCMP(key.k, priv, privSz) != 0)) {
  15107. ret = SSL_FATAL_ERROR;
  15108. }
  15109. if (ret == 0) {
  15110. ret = wc_ed25519_export_private_only(NULL, priv, &privSz);
  15111. if (ret == BAD_FUNC_ARG) {
  15112. ret = wc_ed25519_export_private_only(&key, NULL, &privSz);
  15113. }
  15114. if (ret == BAD_FUNC_ARG) {
  15115. ret = wc_ed25519_export_private_only(&key, priv, NULL);
  15116. }
  15117. if (ret == BAD_FUNC_ARG) {
  15118. ret = 0;
  15119. } else if (ret == 0) {
  15120. ret = SSL_FATAL_ERROR;
  15121. }
  15122. }
  15123. }
  15124. printf(resultFmt, ret == 0 ? passed : failed);
  15125. if (wc_FreeRng(&rng) && ret == 0) {
  15126. ret = SSL_FATAL_ERROR;
  15127. }
  15128. wc_ed25519_free(&key);
  15129. #endif
  15130. return ret;
  15131. } /* END test_wc_ed25519_export */
  15132. /*
  15133. * Testing wc_ed25519_size()
  15134. */
  15135. static int test_wc_ed25519_size (void)
  15136. {
  15137. int ret = 0;
  15138. #if defined(HAVE_ED25519)
  15139. WC_RNG rng;
  15140. ed25519_key key;
  15141. ret = wc_InitRng(&rng);
  15142. if (ret != 0) {
  15143. return ret;
  15144. }
  15145. ret = wc_ed25519_init(&key);
  15146. if (ret != 0) {
  15147. wc_FreeRng(&rng);
  15148. return ret;
  15149. }
  15150. ret = wc_ed25519_make_key(&rng, ED25519_KEY_SIZE, &key);
  15151. if (ret != 0) {
  15152. wc_FreeRng(&rng);
  15153. wc_ed25519_free(&key);
  15154. return ret;
  15155. }
  15156. printf(testingFmt, "wc_ed25519_size()");
  15157. ret = wc_ed25519_size(&key);
  15158. /* Test bad args. */
  15159. if (ret == ED25519_KEY_SIZE) {
  15160. ret = wc_ed25519_size(NULL);
  15161. if (ret == BAD_FUNC_ARG) {
  15162. ret = 0;
  15163. }
  15164. }
  15165. printf(resultFmt, ret == 0 ? passed : failed);
  15166. if (ret == 0) {
  15167. printf(testingFmt, "wc_ed25519_sig_size()");
  15168. ret = wc_ed25519_sig_size(&key);
  15169. if (ret == ED25519_SIG_SIZE) {
  15170. ret = 0;
  15171. }
  15172. /* Test bad args. */
  15173. if (ret == 0) {
  15174. ret = wc_ed25519_sig_size(NULL);
  15175. if (ret == BAD_FUNC_ARG) {
  15176. ret = 0;
  15177. }
  15178. }
  15179. printf(resultFmt, ret == 0 ? passed : failed);
  15180. } /* END wc_ed25519_sig_size() */
  15181. if (ret == 0) {
  15182. printf(testingFmt, "wc_ed25519_pub_size");
  15183. ret = wc_ed25519_pub_size(&key);
  15184. if (ret == ED25519_PUB_KEY_SIZE) {
  15185. ret = 0;
  15186. }
  15187. if (ret == 0) {
  15188. ret = wc_ed25519_pub_size(NULL);
  15189. if (ret == BAD_FUNC_ARG) {
  15190. ret = 0;
  15191. }
  15192. }
  15193. printf(resultFmt, ret == 0 ? passed : failed);
  15194. } /* END wc_ed25519_pub_size */
  15195. if (ret == 0) {
  15196. printf(testingFmt, "wc_ed25519_priv_size");
  15197. ret = wc_ed25519_priv_size(&key);
  15198. if (ret == ED25519_PRV_KEY_SIZE) {
  15199. ret = 0;
  15200. }
  15201. if (ret == 0) {
  15202. ret = wc_ed25519_priv_size(NULL);
  15203. if (ret == BAD_FUNC_ARG) {
  15204. ret = 0;
  15205. }
  15206. }
  15207. printf(resultFmt, ret == 0 ? passed : failed);
  15208. } /* END wc_ed25519_pub_size */
  15209. if (wc_FreeRng(&rng) && ret == 0) {
  15210. ret = SSL_FATAL_ERROR;
  15211. }
  15212. wc_ed25519_free(&key);
  15213. #endif
  15214. return ret;
  15215. } /* END test_wc_ed25519_size */
  15216. /*
  15217. * Testing wc_ed25519_export_private() and wc_ed25519_export_key()
  15218. */
  15219. static int test_wc_ed25519_exportKey (void)
  15220. {
  15221. int ret = 0;
  15222. #if defined(HAVE_ED25519) && defined(HAVE_ED25519_KEY_EXPORT)
  15223. WC_RNG rng;
  15224. ed25519_key key;
  15225. byte priv[ED25519_PRV_KEY_SIZE];
  15226. byte pub[ED25519_PUB_KEY_SIZE];
  15227. byte privOnly[ED25519_PRV_KEY_SIZE];
  15228. word32 privSz = sizeof(priv);
  15229. word32 pubSz = sizeof(pub);
  15230. word32 privOnlySz = sizeof(privOnly);
  15231. ret = wc_InitRng(&rng);
  15232. if (ret != 0) {
  15233. return ret;
  15234. }
  15235. ret = wc_ed25519_init(&key);
  15236. if (ret != 0) {
  15237. wc_FreeRng(&rng);
  15238. return ret;
  15239. }
  15240. ret = wc_ed25519_make_key(&rng, ED25519_KEY_SIZE, &key);
  15241. if (ret != 0) {
  15242. wc_FreeRng(&rng);
  15243. wc_ed25519_free(&key);
  15244. return ret;
  15245. }
  15246. printf(testingFmt, "wc_ed25519_export_private()");
  15247. ret = wc_ed25519_export_private(&key, privOnly, &privOnlySz);
  15248. if (ret == 0) {
  15249. ret = wc_ed25519_export_private(NULL, privOnly, &privOnlySz);
  15250. if (ret == BAD_FUNC_ARG) {
  15251. ret = wc_ed25519_export_private(&key, NULL, &privOnlySz);
  15252. }
  15253. if (ret == BAD_FUNC_ARG) {
  15254. ret = wc_ed25519_export_private(&key, privOnly, NULL);
  15255. }
  15256. if (ret == BAD_FUNC_ARG) {
  15257. ret = 0;
  15258. } else if (ret == 0) {
  15259. ret = SSL_FATAL_ERROR;
  15260. }
  15261. }
  15262. printf(resultFmt, ret == 0 ? passed : failed);
  15263. if (ret == 0) {
  15264. printf(testingFmt, "wc_ed25519_export_key()");
  15265. ret = wc_ed25519_export_key(&key, priv, &privSz, pub, &pubSz);
  15266. if (ret == 0) {
  15267. ret = wc_ed25519_export_key(NULL, priv, &privSz, pub, &pubSz);
  15268. if (ret == BAD_FUNC_ARG) {
  15269. ret = wc_ed25519_export_key(&key, NULL, &privSz, pub, &pubSz);
  15270. }
  15271. if (ret == BAD_FUNC_ARG) {
  15272. ret = wc_ed25519_export_key(&key, priv, NULL, pub, &pubSz);
  15273. }
  15274. if (ret == BAD_FUNC_ARG) {
  15275. ret = wc_ed25519_export_key(&key, priv, &privSz, NULL, &pubSz);
  15276. }
  15277. if (ret == BAD_FUNC_ARG) {
  15278. ret = wc_ed25519_export_key(&key, priv, &privSz, pub, NULL);
  15279. }
  15280. if (ret == BAD_FUNC_ARG) {
  15281. ret = 0;
  15282. } else if (ret == 0) {
  15283. ret = SSL_FATAL_ERROR;
  15284. }
  15285. }
  15286. printf(resultFmt, ret == 0 ? passed : failed);
  15287. } /* END wc_ed25519_export_key() */
  15288. /* Cross check output. */
  15289. if (ret == 0 && XMEMCMP(priv, privOnly, privSz) != 0) {
  15290. ret = SSL_FATAL_ERROR;
  15291. }
  15292. if (wc_FreeRng(&rng) && ret == 0) {
  15293. ret = SSL_FATAL_ERROR;
  15294. }
  15295. wc_ed25519_free(&key);
  15296. #endif
  15297. return ret;
  15298. } /* END test_wc_ed25519_exportKey */
  15299. /*
  15300. * Testing wc_Ed25519PublicKeyToDer
  15301. */
  15302. static int test_wc_Ed25519PublicKeyToDer (void)
  15303. {
  15304. int ret = 0;
  15305. #if defined(HAVE_ED25519) && (defined(WOLFSSL_CERT_GEN) || \
  15306. defined(WOLFSSL_KEY_GEN))
  15307. int tmp;
  15308. ed25519_key key;
  15309. byte derBuf[1024];
  15310. printf(testingFmt, "wc_Ed25519PublicKeyToDer()");
  15311. /* Test bad args */
  15312. tmp = wc_Ed25519PublicKeyToDer(NULL, NULL, 0, 0);
  15313. if (tmp != BAD_FUNC_ARG) {
  15314. ret = SSL_FATAL_ERROR;
  15315. }
  15316. if (ret == 0) {
  15317. wc_ed25519_init(&key);
  15318. tmp = wc_Ed25519PublicKeyToDer(&key, derBuf, 0, 0);
  15319. if (tmp != BUFFER_E) {
  15320. ret = SSL_FATAL_ERROR;
  15321. }
  15322. wc_ed25519_free(&key);
  15323. }
  15324. /* Test good args */
  15325. if (ret == 0) {
  15326. WC_RNG rng;
  15327. ret = wc_InitRng(&rng);
  15328. if (ret != 0) {
  15329. return ret;
  15330. }
  15331. ret = wc_ed25519_init(&key);
  15332. if (ret != 0) {
  15333. wc_FreeRng(&rng);
  15334. return ret;
  15335. }
  15336. ret = wc_ed25519_make_key(&rng, ED25519_KEY_SIZE, &key);
  15337. if (ret != 0) {
  15338. wc_FreeRng(&rng);
  15339. wc_ed25519_free(&key);
  15340. return ret;
  15341. }
  15342. tmp = wc_Ed25519PublicKeyToDer(&key, derBuf, 1024, 1);
  15343. if (tmp <= 0) {
  15344. ret = SSL_FATAL_ERROR;
  15345. }
  15346. wc_FreeRng(&rng);
  15347. wc_ed25519_free(&key);
  15348. }
  15349. printf(resultFmt, ret == 0 ? passed : failed);
  15350. #endif
  15351. return ret;
  15352. } /* END testing wc_Ed25519PublicKeyToDer */
  15353. /*
  15354. * Testing wc_curve25519_init and wc_curve25519_free.
  15355. */
  15356. static int test_wc_curve25519_init (void)
  15357. {
  15358. int ret = 0;
  15359. #if defined(HAVE_CURVE25519)
  15360. curve25519_key key;
  15361. printf(testingFmt, "wc_curve25519_init()");
  15362. ret = wc_curve25519_init(&key);
  15363. /* Test bad args for wc_curve25519_init */
  15364. if (ret == 0) {
  15365. ret = wc_curve25519_init(NULL);
  15366. if (ret == BAD_FUNC_ARG) {
  15367. ret = 0;
  15368. } else if (ret == 0) {
  15369. ret = SSL_FATAL_ERROR;
  15370. }
  15371. }
  15372. printf(resultFmt, ret == 0 ? passed : failed);
  15373. /* Test good args for wc_curve_25519_free */
  15374. wc_curve25519_free(&key);
  15375. wc_curve25519_free(NULL);
  15376. #endif
  15377. return ret;
  15378. } /* END test_wc_curve25519_init and wc_curve_25519_free*/
  15379. /*
  15380. * Testing test_wc_curve25519_size.
  15381. */
  15382. static int test_wc_curve25519_size (void)
  15383. {
  15384. int ret = 0;
  15385. #if defined(HAVE_CURVE25519)
  15386. curve25519_key key;
  15387. printf(testingFmt, "wc_curve25519_size()");
  15388. ret = wc_curve25519_init(&key);
  15389. /* Test good args for wc_curve25519_size */
  15390. if (ret == 0) {
  15391. ret = wc_curve25519_size(&key);
  15392. }
  15393. /* Test bad args for wc_curve25519_size */
  15394. if (ret != 0) {
  15395. ret = wc_curve25519_size(NULL);
  15396. }
  15397. printf(resultFmt, ret == 0 ? passed : failed);
  15398. wc_curve25519_free(&key);
  15399. #endif
  15400. return ret;
  15401. } /* END test_wc_curve25519_size*/
  15402. /*
  15403. * Testing test_wc_curve25519_export_key_raw().
  15404. */
  15405. static int test_wc_curve25519_export_key_raw (void)
  15406. {
  15407. #if defined(HAVE_CURVE25519) && defined(HAVE_CURVE25519_KEY_EXPORT)
  15408. curve25519_key key;
  15409. WC_RNG rng;
  15410. byte privateKey[CURVE25519_KEYSIZE];
  15411. byte publicKey[CURVE25519_KEYSIZE];
  15412. word32 prvkSz;
  15413. word32 pubkSz;
  15414. byte prik[CURVE25519_KEYSIZE];
  15415. byte pubk[CURVE25519_KEYSIZE];
  15416. word32 prksz;
  15417. word32 pbksz;
  15418. printf(testingFmt, "wc_curve25519_export_key_raw()");
  15419. if(0 != wc_InitRng(&rng)){
  15420. printf(testingFmt, "failed due to wc_InitRng");
  15421. fflush( stdout );
  15422. return 1;
  15423. }
  15424. if(0 != wc_curve25519_init(&key)){
  15425. printf(testingFmt, "failed due to wc_curve25519_init");
  15426. fflush( stdout );
  15427. wc_FreeRng(&rng);
  15428. return 1;
  15429. }
  15430. if(0 != wc_curve25519_make_key(&rng, CURVE25519_KEYSIZE, &key)){
  15431. printf(testingFmt, "failed due to wc_curve25519_make_key");
  15432. fflush( stdout );
  15433. wc_curve25519_free(&key);
  15434. wc_FreeRng(&rng);
  15435. return 1;
  15436. }
  15437. /*
  15438. bad-argument-test cases
  15439. target function sould return BAD_FUNC_ARG
  15440. */
  15441. prvkSz = CURVE25519_KEYSIZE;
  15442. pubkSz = CURVE25519_KEYSIZE;
  15443. if(BAD_FUNC_ARG != wc_curve25519_export_key_raw(
  15444. NULL , privateKey, &prvkSz, publicKey, &pubkSz)){
  15445. printf(testingFmt,"failed at bad-arg-case-1.");
  15446. fflush( stdout );
  15447. wc_curve25519_free(&key);
  15448. wc_FreeRng(&rng);
  15449. return 1;
  15450. }
  15451. prvkSz = CURVE25519_KEYSIZE;
  15452. pubkSz = CURVE25519_KEYSIZE;
  15453. if(BAD_FUNC_ARG != wc_curve25519_export_key_raw(
  15454. &key , NULL, &prvkSz, publicKey, &pubkSz)){
  15455. printf(testingFmt,"failed at bad-arg-case-2.");
  15456. fflush( stdout );
  15457. wc_curve25519_free(&key);
  15458. wc_FreeRng(&rng);
  15459. return 1;
  15460. }
  15461. prvkSz = CURVE25519_KEYSIZE;
  15462. pubkSz = CURVE25519_KEYSIZE;
  15463. if(BAD_FUNC_ARG != wc_curve25519_export_key_raw(
  15464. &key , privateKey, NULL, publicKey, &pubkSz)){
  15465. printf(testingFmt,"failed at bad-arg-case-3.");
  15466. fflush( stdout );
  15467. wc_curve25519_free(&key);
  15468. wc_FreeRng(&rng);
  15469. return 1;
  15470. }
  15471. /* prvkSz = CURVE25519_KEYSIZE; */
  15472. pubkSz = CURVE25519_KEYSIZE;
  15473. if(BAD_FUNC_ARG != wc_curve25519_export_key_raw(
  15474. &key , privateKey, &prvkSz, NULL, &pubkSz)){
  15475. printf(testingFmt,"failed at bad-arg-case-4.");
  15476. fflush( stdout );
  15477. wc_curve25519_free(&key);
  15478. wc_FreeRng(&rng);
  15479. return 1;
  15480. }
  15481. prvkSz = CURVE25519_KEYSIZE;
  15482. pubkSz = CURVE25519_KEYSIZE;
  15483. if(BAD_FUNC_ARG != wc_curve25519_export_key_raw(
  15484. &key , privateKey, &prvkSz, publicKey, NULL )){
  15485. printf(testingFmt,"failed at bad-arg-case-5.");
  15486. fflush( stdout );
  15487. wc_curve25519_free(&key);
  15488. wc_FreeRng(&rng);
  15489. return 1;
  15490. }
  15491. /*
  15492. cross-testing
  15493. */
  15494. prksz = CURVE25519_KEYSIZE;
  15495. if( 0 != wc_curve25519_export_private_raw(&key, prik, &prksz)){
  15496. printf(testingFmt,"failed due to wc_curve25519_export_private_raw");
  15497. fflush( stdout );
  15498. wc_curve25519_free(&key);
  15499. wc_FreeRng(&rng);
  15500. return 1;
  15501. }
  15502. pbksz = CURVE25519_KEYSIZE;
  15503. if(0 != wc_curve25519_export_public(&key, pubk, &pbksz)){
  15504. printf(testingFmt,"failed due to wc_curve25519_export_public");
  15505. fflush( stdout );
  15506. wc_curve25519_free(&key);
  15507. wc_FreeRng(&rng);
  15508. return 1;
  15509. }
  15510. prvkSz = CURVE25519_KEYSIZE;
  15511. /* pubkSz = CURVE25519_KEYSIZE; */
  15512. if(0 != wc_curve25519_export_key_raw(&key, privateKey, &prvkSz,
  15513. publicKey, &pubkSz)){
  15514. printf(testingFmt,"failed due to wc_curve25519_export_key_raw");
  15515. fflush( stdout );
  15516. wc_curve25519_free(&key);
  15517. wc_FreeRng(&rng);
  15518. return 1;
  15519. }
  15520. if((prksz == CURVE25519_KEYSIZE) &&
  15521. (pbksz == CURVE25519_KEYSIZE) &&
  15522. (prvkSz == CURVE25519_KEYSIZE) &&
  15523. (pubkSz == CURVE25519_KEYSIZE)){
  15524. if( 0 == XMEMCMP(privateKey, prik, CURVE25519_KEYSIZE) &&
  15525. 0 == XMEMCMP(publicKey, pubk, CURVE25519_KEYSIZE)){
  15526. printf(resultFmt,passed);
  15527. fflush( stdout );
  15528. wc_curve25519_free(&key);
  15529. wc_FreeRng(&rng);
  15530. return 0;
  15531. }
  15532. else{
  15533. printf(testingFmt,"failed due to key-contents-inconsistency.");
  15534. fflush( stdout );
  15535. wc_curve25519_free(&key);
  15536. wc_FreeRng(&rng);
  15537. return 1;
  15538. }
  15539. }
  15540. else{
  15541. printf(testingFmt,"failed due to bad-key-size.");
  15542. fflush( stdout );
  15543. wc_curve25519_free(&key);
  15544. wc_FreeRng(&rng);
  15545. return 1;
  15546. }
  15547. #endif
  15548. fflush( stdout );
  15549. return 0;
  15550. } /* end of test_wc_curve25519_export_key_raw */
  15551. /*
  15552. * Testing test_wc_curve25519_export_key_raw_ex().
  15553. */
  15554. static int test_wc_curve25519_export_key_raw_ex (void)
  15555. {
  15556. #if defined(HAVE_CURVE25519) && defined(HAVE_CURVE25519_KEY_EXPORT)
  15557. curve25519_key key;
  15558. WC_RNG rng;
  15559. byte privateKey[CURVE25519_KEYSIZE];
  15560. byte publicKey[CURVE25519_KEYSIZE];
  15561. word32 prvkSz;
  15562. word32 pubkSz;
  15563. byte prik[CURVE25519_KEYSIZE];
  15564. byte pubk[CURVE25519_KEYSIZE];
  15565. word32 prksz;
  15566. word32 pbksz;
  15567. printf(testingFmt, "wc_curve25519_export_key_raw_ex()");
  15568. if(0 != wc_InitRng(&rng)){
  15569. printf(testingFmt, "failed due to wc_InitRng");
  15570. fflush( stdout );
  15571. return 1;
  15572. }
  15573. if(0 != wc_curve25519_init(&key)){
  15574. printf(testingFmt, "failed due to wc_curve25519_init");
  15575. fflush( stdout );
  15576. wc_FreeRng(&rng);
  15577. return 1;
  15578. }
  15579. if(0 != wc_curve25519_make_key(&rng, CURVE25519_KEYSIZE, &key)){
  15580. printf(testingFmt, "failed due to wc_curve25519_make_key");
  15581. fflush( stdout );
  15582. wc_curve25519_free(&key);
  15583. wc_FreeRng(&rng);
  15584. return 1;
  15585. }
  15586. /*
  15587. bad-argument-test cases
  15588. target function sould return BAD_FUNC_ARG
  15589. */
  15590. prvkSz = CURVE25519_KEYSIZE;
  15591. pubkSz = CURVE25519_KEYSIZE;
  15592. if(BAD_FUNC_ARG != wc_curve25519_export_key_raw_ex( NULL , privateKey,
  15593. &prvkSz, publicKey, &pubkSz, EC25519_LITTLE_ENDIAN)){
  15594. printf(testingFmt,"failed at bad-arg-case-1.");
  15595. fflush( stdout );
  15596. wc_curve25519_free(&key);
  15597. wc_FreeRng(&rng);
  15598. return 1;
  15599. }
  15600. prvkSz = CURVE25519_KEYSIZE;
  15601. pubkSz = CURVE25519_KEYSIZE;
  15602. if(BAD_FUNC_ARG != wc_curve25519_export_key_raw_ex( &key , NULL,
  15603. &prvkSz, publicKey, &pubkSz, EC25519_LITTLE_ENDIAN)){
  15604. printf(testingFmt,"failed at bad-arg-case-2.");
  15605. fflush( stdout );
  15606. wc_curve25519_free(&key);
  15607. wc_FreeRng(&rng);
  15608. return 1;
  15609. }
  15610. prvkSz = CURVE25519_KEYSIZE;
  15611. pubkSz = CURVE25519_KEYSIZE;
  15612. if(BAD_FUNC_ARG != wc_curve25519_export_key_raw_ex( &key,privateKey,
  15613. NULL,publicKey, &pubkSz,EC25519_LITTLE_ENDIAN)){
  15614. printf(testingFmt,"failed at bad-arg-case-3.");
  15615. fflush( stdout );
  15616. wc_curve25519_free(&key);
  15617. wc_FreeRng(&rng);
  15618. return 1;
  15619. }
  15620. /* prvkSz = CURVE25519_KEYSIZE; */
  15621. pubkSz = CURVE25519_KEYSIZE;
  15622. if(BAD_FUNC_ARG != wc_curve25519_export_key_raw_ex( &key, privateKey,
  15623. &prvkSz, NULL, &pubkSz, EC25519_LITTLE_ENDIAN)){
  15624. printf(testingFmt,"failed at bad-arg-case-4.");
  15625. fflush( stdout );
  15626. wc_curve25519_free(&key);
  15627. wc_FreeRng(&rng);
  15628. return 1;
  15629. }
  15630. prvkSz = CURVE25519_KEYSIZE;
  15631. pubkSz = CURVE25519_KEYSIZE;
  15632. if(BAD_FUNC_ARG != wc_curve25519_export_key_raw_ex( &key, privateKey,
  15633. &prvkSz, publicKey, NULL, EC25519_LITTLE_ENDIAN)){
  15634. printf(testingFmt,"failed at bad-arg-case-5.");
  15635. fflush( stdout );
  15636. wc_curve25519_free(&key);
  15637. wc_FreeRng(&rng);
  15638. return 1;
  15639. }
  15640. prvkSz = CURVE25519_KEYSIZE;
  15641. /* pubkSz = CURVE25519_KEYSIZE; */
  15642. if(BAD_FUNC_ARG != wc_curve25519_export_key_raw_ex( NULL, privateKey,
  15643. &prvkSz, publicKey, &pubkSz, EC25519_BIG_ENDIAN)){
  15644. printf(testingFmt,"failed at bad-arg-case-6.");
  15645. fflush( stdout );
  15646. wc_curve25519_free(&key);
  15647. wc_FreeRng(&rng);
  15648. return 1;
  15649. }
  15650. prvkSz = CURVE25519_KEYSIZE;
  15651. pubkSz = CURVE25519_KEYSIZE;
  15652. if(BAD_FUNC_ARG != wc_curve25519_export_key_raw_ex( &key, NULL, &prvkSz,
  15653. publicKey, &pubkSz, EC25519_BIG_ENDIAN)){
  15654. printf(testingFmt,"failed at bad-arg-case-7.");
  15655. fflush( stdout );
  15656. wc_curve25519_free(&key);
  15657. wc_FreeRng(&rng);
  15658. return 1;
  15659. }
  15660. prvkSz = CURVE25519_KEYSIZE;
  15661. pubkSz = CURVE25519_KEYSIZE;
  15662. if(BAD_FUNC_ARG != wc_curve25519_export_key_raw_ex( &key, privateKey,
  15663. NULL, publicKey, &pubkSz, EC25519_BIG_ENDIAN)){
  15664. printf(testingFmt,"failed at bad-arg-case-8.");
  15665. fflush( stdout );
  15666. wc_curve25519_free(&key);
  15667. wc_FreeRng(&rng);
  15668. return 1;
  15669. }
  15670. /* prvkSz = CURVE25519_KEYSIZE; */
  15671. pubkSz = CURVE25519_KEYSIZE;
  15672. if(BAD_FUNC_ARG != wc_curve25519_export_key_raw_ex( &key, privateKey,
  15673. &prvkSz, NULL, &pubkSz, EC25519_BIG_ENDIAN)){
  15674. printf(testingFmt,"failed at bad-arg-case-9.");
  15675. fflush( stdout );
  15676. wc_curve25519_free(&key);
  15677. wc_FreeRng(&rng);
  15678. return 1;
  15679. }
  15680. prvkSz = CURVE25519_KEYSIZE;
  15681. pubkSz = CURVE25519_KEYSIZE;
  15682. if(BAD_FUNC_ARG != wc_curve25519_export_key_raw_ex( &key, privateKey,
  15683. &prvkSz, publicKey, NULL, EC25519_BIG_ENDIAN)){
  15684. printf(testingFmt,"failed at bad-arg-case-10.");
  15685. fflush( stdout );
  15686. wc_curve25519_free(&key);
  15687. wc_FreeRng(&rng);
  15688. return 1;
  15689. }
  15690. /* illegal value for endien */
  15691. prvkSz = CURVE25519_KEYSIZE;
  15692. /* pubkSz = CURVE25519_KEYSIZE; */
  15693. if(BAD_FUNC_ARG != wc_curve25519_export_key_raw_ex( &key, privateKey,
  15694. &prvkSz, publicKey, NULL, EC25519_BIG_ENDIAN + 10 )){
  15695. printf(testingFmt,"failed at bad-arg-case-11.");
  15696. fflush( stdout );
  15697. wc_curve25519_free(&key);
  15698. wc_FreeRng(&rng);
  15699. return 1;
  15700. }
  15701. /*
  15702. cross-testing
  15703. */
  15704. prksz = CURVE25519_KEYSIZE;
  15705. if(0 != wc_curve25519_export_private_raw( &key, prik, &prksz )){
  15706. printf(testingFmt,"failed due to wc_curve25519_export_private_raw");
  15707. fflush( stdout );
  15708. wc_curve25519_free(&key);
  15709. wc_FreeRng(&rng);
  15710. return 1;
  15711. }
  15712. pbksz = CURVE25519_KEYSIZE;
  15713. if(0 != wc_curve25519_export_public( &key, pubk, &pbksz )){
  15714. printf(testingFmt,"failed due to wc_curve25519_export_public");
  15715. fflush( stdout );
  15716. wc_curve25519_free(&key);
  15717. wc_FreeRng(&rng);
  15718. return 1;
  15719. }
  15720. prvkSz = CURVE25519_KEYSIZE;
  15721. /* pubkSz = CURVE25519_KEYSIZE; */
  15722. if(0 != wc_curve25519_export_key_raw_ex( &key, privateKey, &prvkSz,
  15723. publicKey, &pubkSz, EC25519_BIG_ENDIAN)) {
  15724. printf(testingFmt,"failed due to wc_curve25519_export_key_raw_ex");
  15725. fflush( stdout );
  15726. wc_curve25519_free(&key);
  15727. wc_FreeRng(&rng);
  15728. return 1;
  15729. }
  15730. if( prksz == CURVE25519_KEYSIZE &&
  15731. pbksz == CURVE25519_KEYSIZE &&
  15732. prvkSz == CURVE25519_KEYSIZE &&
  15733. pubkSz == CURVE25519_KEYSIZE ){
  15734. if( 0 == XMEMCMP( privateKey, prik, CURVE25519_KEYSIZE ) &&
  15735. 0 == XMEMCMP( publicKey, pubk, CURVE25519_KEYSIZE )){
  15736. if( 0 == wc_curve25519_export_key_raw_ex( &key, privateKey,
  15737. &prvkSz, publicKey, &pubkSz, EC25519_LITTLE_ENDIAN)){
  15738. if( prvkSz == CURVE25519_KEYSIZE &&
  15739. pubkSz == CURVE25519_KEYSIZE ){
  15740. ; /* proceed to the next test */
  15741. }
  15742. else{
  15743. printf(testingFmt,"failed due to key-size-inconsistency");
  15744. fflush( stdout );
  15745. wc_curve25519_free(&key);
  15746. wc_FreeRng(&rng);
  15747. return 1;
  15748. }
  15749. }
  15750. else{
  15751. printf(testingFmt,
  15752. "failed due to wc_curve25519_export_key_raw_ex");
  15753. fflush( stdout );
  15754. wc_curve25519_free(&key);
  15755. wc_FreeRng(&rng);
  15756. return 1;
  15757. }
  15758. }
  15759. else{
  15760. printf(testingFmt,"failed due to key-contents-inconsistency");
  15761. fflush( stdout );
  15762. wc_curve25519_free(&key);
  15763. wc_FreeRng(&rng);
  15764. return 1;
  15765. }
  15766. }
  15767. else{
  15768. printf(testingFmt,"failed due to bad-key-size");
  15769. fflush( stdout );
  15770. wc_curve25519_free(&key);
  15771. wc_FreeRng(&rng);
  15772. return 1;
  15773. }
  15774. /*
  15775. try once with another endian
  15776. */
  15777. prvkSz = CURVE25519_KEYSIZE;
  15778. pubkSz = CURVE25519_KEYSIZE;
  15779. if( 0 == wc_curve25519_export_key_raw_ex( &key, privateKey,
  15780. &prvkSz, publicKey, &pubkSz, EC25519_BIG_ENDIAN)){
  15781. if( prvkSz == CURVE25519_KEYSIZE &&
  15782. pubkSz == CURVE25519_KEYSIZE ){
  15783. /* no more test*/
  15784. printf(resultFmt, passed );
  15785. fflush( stdout );
  15786. wc_curve25519_free(&key);
  15787. wc_FreeRng(&rng);
  15788. return 0;
  15789. }
  15790. else{
  15791. printf(testingFmt,"failed due to key-size-inconsistency");
  15792. fflush( stdout );
  15793. wc_curve25519_free(&key);
  15794. wc_FreeRng(&rng);
  15795. return 1;
  15796. }
  15797. }
  15798. else{
  15799. printf(testingFmt,
  15800. "failed due to wc_curve25519_export_key_raw_ex(BIGENDIAN)");
  15801. fflush( stdout );
  15802. wc_curve25519_free(&key);
  15803. wc_FreeRng(&rng);
  15804. return 1;
  15805. }
  15806. #endif
  15807. return 0;
  15808. } /* end of test_wc_curve25519_export_key_raw_ex */
  15809. /*
  15810. * Testing wc_curve25519_make_key
  15811. */
  15812. static int test_wc_curve25519_make_key (void)
  15813. {
  15814. int ret = 0;
  15815. #if defined(HAVE_CURVE25519)
  15816. WC_RNG rng;
  15817. curve25519_key key;
  15818. int keysize;
  15819. printf(testingFmt, "wc_curve25519_make_key()");
  15820. ret = wc_curve25519_init(&key);
  15821. if (ret == 0) {
  15822. ret = wc_InitRng(&rng);
  15823. }
  15824. if (ret == 0) {
  15825. ret = wc_curve25519_make_key(&rng, CURVE25519_KEYSIZE, &key);
  15826. if (ret == 0) {
  15827. keysize = wc_curve25519_size(&key);
  15828. if (keysize != CURVE25519_KEYSIZE) {
  15829. ret = SSL_FATAL_ERROR;
  15830. }
  15831. }
  15832. if (ret == 0) {
  15833. ret = wc_curve25519_make_key(&rng, keysize, &key);
  15834. }
  15835. }
  15836. /*test bad cases*/
  15837. if (ret == 0) {
  15838. ret = wc_curve25519_make_key(NULL, 0, NULL);
  15839. if (ret == BAD_FUNC_ARG) {
  15840. ret = 0;
  15841. }
  15842. }
  15843. if (ret == 0) {
  15844. ret = wc_curve25519_make_key(&rng, keysize, NULL);
  15845. if (ret == BAD_FUNC_ARG) {
  15846. ret = 0;
  15847. }
  15848. }
  15849. if (ret == 0) {
  15850. ret = wc_curve25519_make_key(NULL, keysize, &key);
  15851. if (ret == BAD_FUNC_ARG) {
  15852. ret = 0;
  15853. }
  15854. }
  15855. if (ret == 0) {
  15856. ret = wc_curve25519_make_key(&rng, 0, &key);
  15857. if (ret == ECC_BAD_ARG_E) {
  15858. ret = 0;
  15859. }
  15860. }
  15861. printf(resultFmt, ret == 0 ? passed : failed);
  15862. wc_curve25519_free(&key);
  15863. wc_FreeRng(&rng);
  15864. #endif
  15865. return ret;
  15866. } /*END test_wc_curve25519_make_key*/
  15867. /*
  15868. * Testing wc_curve25519_shared_secret_ex
  15869. */
  15870. static int test_wc_curve25519_shared_secret_ex (void)
  15871. {
  15872. int ret = 0;
  15873. #if defined(HAVE_CURVE25519)
  15874. WC_RNG rng;
  15875. curve25519_key private_key, public_key;
  15876. byte out[CURVE25519_KEYSIZE];
  15877. word32 outLen = sizeof(out);
  15878. int endian = EC25519_BIG_ENDIAN;
  15879. printf(testingFmt, "wc_curve25519_shared_secret_ex()");
  15880. ret = wc_curve25519_init(&private_key);
  15881. if (ret == 0) {
  15882. ret = wc_InitRng(&rng);
  15883. if (ret == 0) {
  15884. ret = wc_curve25519_make_key(&rng, CURVE25519_KEYSIZE, &private_key);
  15885. }
  15886. }
  15887. if (ret == 0) {
  15888. ret = wc_curve25519_make_key(&rng, CURVE25519_KEYSIZE, &public_key);
  15889. }
  15890. if (ret == 0) {
  15891. ret = wc_curve25519_shared_secret_ex(&private_key, &public_key, out,
  15892. &outLen, endian);
  15893. }
  15894. /*test bad cases*/
  15895. if (ret == 0) {
  15896. ret = wc_curve25519_shared_secret_ex(NULL, NULL, NULL,
  15897. 0, endian);
  15898. if (ret == BAD_FUNC_ARG) {
  15899. ret = 0;
  15900. }
  15901. }
  15902. if (ret == 0) {
  15903. ret = wc_curve25519_shared_secret_ex(NULL, &public_key, out,
  15904. &outLen, endian);
  15905. if (ret == BAD_FUNC_ARG) {
  15906. ret = 0;
  15907. }
  15908. }
  15909. if (ret == 0) {
  15910. ret = wc_curve25519_shared_secret_ex(&private_key, NULL, out,
  15911. &outLen, endian);
  15912. if (ret == BAD_FUNC_ARG) {
  15913. ret = 0;
  15914. }
  15915. }
  15916. if (ret == 0) {
  15917. ret = wc_curve25519_shared_secret_ex(&private_key, &public_key, NULL,
  15918. &outLen, endian);
  15919. if (ret == BAD_FUNC_ARG) {
  15920. ret = 0;
  15921. }
  15922. }
  15923. if (ret == 0) {
  15924. ret = wc_curve25519_shared_secret_ex(&private_key, &public_key, out,
  15925. NULL, endian);
  15926. if (ret == BAD_FUNC_ARG) {
  15927. ret = 0;
  15928. }
  15929. }
  15930. if (ret == 0) {
  15931. /*curve25519.c is checking for public_key size less than or equal to 0x7f,
  15932. *increasing to 0x8f checks for error being returned*/
  15933. public_key.p.point[CURVE25519_KEYSIZE-1] = 0x8F;
  15934. ret = wc_curve25519_shared_secret_ex(&private_key, &public_key, out,
  15935. &outLen, endian);
  15936. if (ret == ECC_BAD_ARG_E) {
  15937. ret = 0;
  15938. }
  15939. }
  15940. outLen = outLen - 2;
  15941. if (ret == 0) {
  15942. ret = wc_curve25519_shared_secret_ex(&private_key, &public_key, out,
  15943. &outLen, endian);
  15944. if (ret == BAD_FUNC_ARG) {
  15945. ret = 0;
  15946. }
  15947. }
  15948. printf(resultFmt, ret == 0 ? passed : failed);
  15949. wc_curve25519_free(&private_key);
  15950. wc_curve25519_free(&public_key);
  15951. wc_FreeRng(&rng);
  15952. #endif
  15953. return ret;
  15954. } /*END test_wc_curve25519_shared_secret_ex*/
  15955. /*
  15956. * Testing wc_curve25519_make_pub
  15957. */
  15958. static int test_wc_curve25519_make_pub (void)
  15959. {
  15960. int ret = 0;
  15961. #if defined(HAVE_CURVE25519)
  15962. WC_RNG rng;
  15963. curve25519_key key;
  15964. byte out[CURVE25519_KEYSIZE];
  15965. printf(testingFmt, "wc_curve25519_make_pub()");
  15966. ret = wc_curve25519_init(&key);
  15967. if (ret == 0) {
  15968. ret = wc_InitRng(&rng);
  15969. if (ret == 0) {
  15970. ret = wc_curve25519_make_key(&rng, CURVE25519_KEYSIZE, &key);
  15971. }
  15972. }
  15973. if (ret == 0) {
  15974. ret = wc_curve25519_make_pub((int)sizeof out, out, (int)sizeof key.k.point, key.k.point);
  15975. }
  15976. /*test bad cases*/
  15977. if (ret == 0) {
  15978. ret = wc_curve25519_make_pub((int)sizeof key.k.point - 1, key.k.point, (int)sizeof out, out);
  15979. if (ret == ECC_BAD_ARG_E) {
  15980. ret = 0;
  15981. }
  15982. }
  15983. if (ret == 0) {
  15984. ret = wc_curve25519_make_pub((int)sizeof out, out, (int)sizeof key.k.point, NULL);
  15985. if (ret == ECC_BAD_ARG_E) {
  15986. ret = 0;
  15987. }
  15988. }
  15989. if (ret == 0) {
  15990. ret = wc_curve25519_make_pub((int)sizeof out - 1, out, (int)sizeof key.k.point, key.k.point);
  15991. if (ret == ECC_BAD_ARG_E) {
  15992. ret = 0;
  15993. }
  15994. }
  15995. if (ret == 0) {
  15996. ret = wc_curve25519_make_pub((int)sizeof out, NULL, (int)sizeof key.k.point, key.k.point);
  15997. if (ret == ECC_BAD_ARG_E) {
  15998. ret = 0;
  15999. }
  16000. }
  16001. if (ret == 0) {
  16002. /* verify clamping test */
  16003. key.k.point[0] |= ~248;
  16004. ret = wc_curve25519_make_pub((int)sizeof out, out, (int)sizeof key.k.point, key.k.point);
  16005. if (ret == ECC_BAD_ARG_E) {
  16006. ret = 0;
  16007. }
  16008. key.k.point[0] &= 248;
  16009. }
  16010. /* repeat the expected-to-succeed test. */
  16011. if (ret == 0) {
  16012. ret = wc_curve25519_make_pub((int)sizeof out, out, (int)sizeof key.k.point, key.k.point);
  16013. }
  16014. printf(resultFmt, ret == 0 ? passed : failed);
  16015. wc_curve25519_free(&key);
  16016. wc_FreeRng(&rng);
  16017. #endif
  16018. return ret;
  16019. } /*END test_wc_curve25519_make_pub */
  16020. /*
  16021. * Testing test_wc_curve25519_export_public_ex
  16022. */
  16023. static int test_wc_curve25519_export_public_ex (void)
  16024. {
  16025. int ret = 0;
  16026. #if defined(HAVE_CURVE25519)
  16027. WC_RNG rng;
  16028. curve25519_key key;
  16029. byte out[CURVE25519_KEYSIZE];
  16030. word32 outLen = sizeof(out);
  16031. int endian = EC25519_BIG_ENDIAN;
  16032. printf(testingFmt, "wc_curve25519_export_public_ex()");
  16033. ret = wc_curve25519_init(&key);
  16034. if (ret == 0) {
  16035. ret = wc_InitRng(&rng);
  16036. }
  16037. if (ret == 0) {
  16038. ret = wc_curve25519_make_key(&rng, CURVE25519_KEYSIZE, &key);
  16039. if (ret == 0) {
  16040. ret = wc_curve25519_export_public(&key, out, &outLen);
  16041. }
  16042. if (ret == 0) {
  16043. ret = wc_curve25519_export_public_ex(&key, out, &outLen, endian);
  16044. }
  16045. }
  16046. /*test bad cases*/
  16047. if (ret == 0) {
  16048. ret = wc_curve25519_export_public_ex(NULL, NULL, NULL, endian);
  16049. if (ret == BAD_FUNC_ARG) {
  16050. ret = 0;
  16051. }
  16052. }
  16053. if (ret == 0) {
  16054. ret = wc_curve25519_export_public_ex(NULL, out, &outLen, endian);
  16055. if (ret == BAD_FUNC_ARG) {
  16056. ret = 0;
  16057. }
  16058. }
  16059. if (ret == 0) {
  16060. ret = wc_curve25519_export_public_ex(&key, NULL, &outLen, endian);
  16061. if (ret == BAD_FUNC_ARG) {
  16062. ret = 0;
  16063. }
  16064. }
  16065. if (ret == 0) {
  16066. ret = wc_curve25519_export_public_ex(&key, out, NULL, endian);
  16067. if (ret == BAD_FUNC_ARG) {
  16068. ret = 0;
  16069. }
  16070. }
  16071. outLen = outLen - 2;
  16072. if (ret == 0) {
  16073. ret = wc_curve25519_export_public_ex(&key, out, &outLen, endian);
  16074. if (ret == ECC_BAD_ARG_E) {
  16075. ret = 0;
  16076. }
  16077. }
  16078. printf(resultFmt, ret == 0 ? passed : failed);
  16079. wc_curve25519_free(&key);
  16080. wc_FreeRng(&rng);
  16081. #endif
  16082. return ret;
  16083. } /*END test_wc_curve25519_export_public_ex*/
  16084. /*
  16085. * Testing test_wc_curve25519_import_private_raw_ex
  16086. */
  16087. static int test_wc_curve25519_import_private_raw_ex (void)
  16088. {
  16089. int ret = 0;
  16090. #if defined(HAVE_CURVE25519)
  16091. WC_RNG rng;
  16092. curve25519_key key;
  16093. byte priv[CURVE25519_KEYSIZE];
  16094. byte pub[CURVE25519_KEYSIZE];
  16095. word32 privSz = sizeof(priv);
  16096. word32 pubSz = sizeof(pub);
  16097. int endian = EC25519_BIG_ENDIAN;
  16098. printf(testingFmt, "wc_curve25519_import_private_raw_ex()");
  16099. ret = wc_curve25519_init(&key);
  16100. if (ret == 0) {
  16101. ret = wc_InitRng(&rng);
  16102. }
  16103. if (ret == 0) {
  16104. ret = wc_curve25519_make_key(&rng, CURVE25519_KEYSIZE, &key);
  16105. if (ret == 0) {
  16106. ret = wc_curve25519_export_private_raw_ex(&key, priv, &privSz, endian);
  16107. }
  16108. if (ret == 0) {
  16109. ret = wc_curve25519_export_public(&key, pub, &pubSz);
  16110. }
  16111. if (ret == 0) {
  16112. ret = wc_curve25519_import_private_raw_ex(priv, privSz, pub, pubSz,
  16113. &key, endian);
  16114. }
  16115. }
  16116. /*test bad cases*/
  16117. if (ret == 0) {
  16118. ret = wc_curve25519_import_private_raw_ex(NULL, 0, NULL, 0, NULL,
  16119. endian);
  16120. if (ret == BAD_FUNC_ARG) {
  16121. ret = 0;
  16122. }
  16123. }
  16124. if (ret == 0) {
  16125. ret = wc_curve25519_import_private_raw_ex(NULL, privSz, pub, pubSz,
  16126. &key, endian);
  16127. if (ret == BAD_FUNC_ARG) {
  16128. ret = 0;
  16129. }
  16130. }
  16131. if (ret == 0) {
  16132. ret = wc_curve25519_import_private_raw_ex(priv, privSz, NULL, pubSz,
  16133. &key, endian);
  16134. if (ret == BAD_FUNC_ARG) {
  16135. ret = 0;
  16136. }
  16137. }
  16138. if (ret == 0) {
  16139. ret = wc_curve25519_import_private_raw_ex(priv, privSz, pub, pubSz,
  16140. NULL, endian);
  16141. if (ret == BAD_FUNC_ARG) {
  16142. ret = 0;
  16143. }
  16144. }
  16145. if (ret == 0) {
  16146. ret = wc_curve25519_import_private_raw_ex(priv, 0, pub, pubSz,
  16147. &key, endian);
  16148. if (ret == ECC_BAD_ARG_E) {
  16149. ret = 0;
  16150. }
  16151. }
  16152. if (ret == 0) {
  16153. ret = wc_curve25519_import_private_raw_ex(priv, privSz, pub, 0,
  16154. &key, endian);
  16155. if (ret == ECC_BAD_ARG_E) {
  16156. ret = 0;
  16157. }
  16158. }
  16159. if (ret == 0) {
  16160. ret = wc_curve25519_import_private_raw_ex(priv, privSz, pub, pubSz,
  16161. &key, EC25519_LITTLE_ENDIAN);
  16162. }
  16163. printf(resultFmt, ret == 0 ? passed : failed);
  16164. wc_curve25519_free(&key);
  16165. wc_FreeRng(&rng);
  16166. #endif
  16167. return ret;
  16168. } /*END test_wc_curve25519_import_private_raw_ex*/
  16169. /*
  16170. * Testing test_wc_curve25519_import_private
  16171. */
  16172. static int test_wc_curve25519_import_private (void)
  16173. {
  16174. int ret = 0;
  16175. #if defined(HAVE_CURVE25519)
  16176. curve25519_key key;
  16177. WC_RNG rng;
  16178. byte priv[CURVE25519_KEYSIZE];
  16179. word32 privSz = sizeof(priv);
  16180. printf(testingFmt, "wc_curve25519_import_private()");
  16181. ret = wc_curve25519_init(&key);
  16182. if (ret == 0) {
  16183. ret = wc_InitRng(&rng);
  16184. }
  16185. if (ret == 0) {
  16186. ret = wc_curve25519_make_key(&rng, CURVE25519_KEYSIZE, &key);
  16187. if (ret == 0) {
  16188. ret = wc_curve25519_export_private_raw(&key, priv, &privSz);
  16189. }
  16190. }
  16191. if (ret == 0) {
  16192. ret = wc_curve25519_import_private(priv, privSz, &key);
  16193. }
  16194. printf(resultFmt, ret == 0 ? passed : failed);
  16195. wc_curve25519_free(&key);
  16196. wc_FreeRng(&rng);
  16197. #endif
  16198. return ret;
  16199. } /*END test_wc_curve25519_import*/
  16200. /*
  16201. * Testing test_wc_curve25519_export_private_raw_ex
  16202. */
  16203. static int test_wc_curve25519_export_private_raw_ex (void)
  16204. {
  16205. int ret = 0;
  16206. #if defined(HAVE_CURVE25519)
  16207. curve25519_key key;
  16208. byte out[CURVE25519_KEYSIZE];
  16209. word32 outLen = sizeof(out);
  16210. int endian = EC25519_BIG_ENDIAN;
  16211. printf(testingFmt, "wc_curve25519_export_private_raw_ex()");
  16212. ret = wc_curve25519_init(&key);
  16213. if (ret == 0) {
  16214. ret = wc_curve25519_export_private_raw_ex(&key, out, &outLen, endian);
  16215. }
  16216. /*test bad cases*/
  16217. if (ret == 0) {
  16218. ret = wc_curve25519_export_private_raw_ex(NULL, NULL, NULL, endian);
  16219. if (ret == BAD_FUNC_ARG) {
  16220. ret = 0;
  16221. }
  16222. }
  16223. if (ret == 0) {
  16224. ret = wc_curve25519_export_private_raw_ex(NULL, out, &outLen, endian);
  16225. if (ret == BAD_FUNC_ARG) {
  16226. ret = 0;
  16227. }
  16228. }
  16229. if (ret == 0) {
  16230. ret = wc_curve25519_export_private_raw_ex(&key, NULL, &outLen, endian);
  16231. if (ret == BAD_FUNC_ARG) {
  16232. ret = 0;
  16233. }
  16234. }
  16235. if (ret == 0) {
  16236. ret = wc_curve25519_export_private_raw_ex(&key, out, NULL, endian);
  16237. if (ret == BAD_FUNC_ARG) {
  16238. ret = 0;
  16239. }
  16240. }
  16241. if (ret == 0) {
  16242. ret = wc_curve25519_export_private_raw_ex(&key, out, &outLen,
  16243. EC25519_LITTLE_ENDIAN);
  16244. }
  16245. outLen = outLen - 2;
  16246. if (ret == 0) {
  16247. ret = wc_curve25519_export_private_raw_ex(&key, out, &outLen, endian);
  16248. if (ret == ECC_BAD_ARG_E) {
  16249. ret = 0;
  16250. }
  16251. }
  16252. printf(resultFmt, ret == 0 ? passed : failed);
  16253. wc_curve25519_free(&key);
  16254. #endif
  16255. return ret;
  16256. }/*END test_wc_curve25519_export_private_raw_ex*/
  16257. /*
  16258. * Testing wc_ed448_make_key().
  16259. */
  16260. static int test_wc_ed448_make_key (void)
  16261. {
  16262. int ret = 0;
  16263. #if defined(HAVE_ED448)
  16264. ed448_key key;
  16265. WC_RNG rng;
  16266. ret = wc_InitRng(&rng);
  16267. if (ret == 0) {
  16268. ret = wc_ed448_init(&key);
  16269. }
  16270. printf(testingFmt, "wc_ed448_make_key()");
  16271. if (ret == 0) {
  16272. ret = wc_ed448_make_key(&rng, ED448_KEY_SIZE, &key);
  16273. }
  16274. /* Test bad args. */
  16275. if (ret == 0) {
  16276. ret = wc_ed448_make_key(NULL, ED448_KEY_SIZE, &key);
  16277. if (ret == BAD_FUNC_ARG) {
  16278. ret = wc_ed448_make_key(&rng, ED448_KEY_SIZE, NULL);
  16279. }
  16280. if (ret == BAD_FUNC_ARG) {
  16281. ret = wc_ed448_make_key(&rng, ED448_KEY_SIZE - 1, &key);
  16282. }
  16283. if (ret == BAD_FUNC_ARG) {
  16284. ret = wc_ed448_make_key(&rng, ED448_KEY_SIZE + 1, &key);
  16285. }
  16286. if (ret == BAD_FUNC_ARG) {
  16287. ret = 0;
  16288. } else if (ret == 0) {
  16289. ret = SSL_FATAL_ERROR;
  16290. }
  16291. }
  16292. printf(resultFmt, ret == 0 ? passed : failed);
  16293. if (wc_FreeRng(&rng) && ret == 0) {
  16294. ret = SSL_FATAL_ERROR;
  16295. }
  16296. wc_ed448_free(&key);
  16297. #endif
  16298. return ret;
  16299. } /* END test_wc_ed448_make_key */
  16300. /*
  16301. * Testing wc_ed448_init()
  16302. */
  16303. static int test_wc_ed448_init (void)
  16304. {
  16305. int ret = 0;
  16306. #if defined(HAVE_ED448)
  16307. ed448_key key;
  16308. printf(testingFmt, "wc_ed448_init()");
  16309. ret = wc_ed448_init(&key);
  16310. /* Test bad args. */
  16311. if (ret == 0) {
  16312. ret = wc_ed448_init(NULL);
  16313. if (ret == BAD_FUNC_ARG) {
  16314. ret = 0;
  16315. } else if (ret == 0) {
  16316. ret = SSL_FATAL_ERROR;
  16317. }
  16318. }
  16319. printf(resultFmt, ret == 0 ? passed : failed);
  16320. wc_ed448_free(&key);
  16321. #endif
  16322. return ret;
  16323. } /* END test_wc_ed448_init */
  16324. /*
  16325. * Test wc_ed448_sign_msg() and wc_ed448_verify_msg()
  16326. */
  16327. static int test_wc_ed448_sign_msg (void)
  16328. {
  16329. int ret = 0;
  16330. #if defined(HAVE_ED448) && defined(HAVE_ED448_SIGN)
  16331. WC_RNG rng;
  16332. ed448_key key;
  16333. byte msg[] = "Everybody gets Friday off.\n";
  16334. byte sig[ED448_SIG_SIZE];
  16335. word32 msglen = sizeof(msg);
  16336. word32 siglen = sizeof(sig);
  16337. word32 badSigLen = sizeof(sig) - 1;
  16338. int verify_ok = 0; /*1 = Verify success.*/
  16339. /* Initialize stack variables. */
  16340. XMEMSET(sig, 0, siglen);
  16341. /* Initialize key. */
  16342. ret = wc_InitRng(&rng);
  16343. if (ret == 0) {
  16344. ret = wc_ed448_init(&key);
  16345. if (ret == 0) {
  16346. ret = wc_ed448_make_key(&rng, ED448_KEY_SIZE, &key);
  16347. }
  16348. }
  16349. printf(testingFmt, "wc_ed448_sign_msg()");
  16350. if (ret == 0) {
  16351. ret = wc_ed448_sign_msg(msg, msglen, sig, &siglen, &key, NULL, 0);
  16352. }
  16353. /* Test bad args. */
  16354. if (ret == 0 && siglen == ED448_SIG_SIZE) {
  16355. ret = wc_ed448_sign_msg(NULL, msglen, sig, &siglen, &key, NULL, 0);
  16356. if (ret == BAD_FUNC_ARG) {
  16357. ret = wc_ed448_sign_msg(msg, msglen, NULL, &siglen, &key, NULL, 0);
  16358. }
  16359. if (ret == BAD_FUNC_ARG) {
  16360. ret = wc_ed448_sign_msg(msg, msglen, sig, NULL, &key, NULL, 0);
  16361. }
  16362. if (ret == BAD_FUNC_ARG) {
  16363. ret = wc_ed448_sign_msg(msg, msglen, sig, &siglen, NULL, NULL, 0);
  16364. }
  16365. if (ret == BAD_FUNC_ARG) {
  16366. ret = wc_ed448_sign_msg(msg, msglen, sig, &badSigLen, &key,
  16367. NULL, 0);
  16368. }
  16369. if (ret == BUFFER_E && badSigLen == ED448_SIG_SIZE) {
  16370. badSigLen -= 1;
  16371. ret = 0;
  16372. } else if (ret == 0) {
  16373. ret = SSL_FATAL_ERROR;
  16374. }
  16375. } /* END sign */
  16376. printf(resultFmt, ret == 0 ? passed : failed);
  16377. #ifdef HAVE_ED448_VERIFY
  16378. printf(testingFmt, "wc_ed448_verify_msg()");
  16379. if (ret == 0) {
  16380. ret = wc_ed448_verify_msg(sig, siglen, msg, msglen, &verify_ok,
  16381. &key, NULL, 0);
  16382. if (ret == 0 && verify_ok == 1) {
  16383. ret = 0;
  16384. } else if (ret == 0) {
  16385. ret = SSL_FATAL_ERROR;
  16386. }
  16387. /* Test bad args. */
  16388. if (ret == 0) {
  16389. AssertIntEQ(wc_ed448_verify_msg(sig, siglen - 1, msg,
  16390. msglen, &verify_ok, &key,
  16391. NULL, 0),
  16392. BAD_FUNC_ARG);
  16393. AssertIntEQ(wc_ed448_verify_msg(sig, siglen + 1, msg,
  16394. msglen, &verify_ok, &key,
  16395. NULL, 0),
  16396. BAD_FUNC_ARG);
  16397. ret = wc_ed448_verify_msg(NULL, siglen, msg, msglen, &verify_ok,
  16398. &key, NULL, 0);
  16399. if (ret == BAD_FUNC_ARG) {
  16400. ret = wc_ed448_verify_msg(sig, siglen, NULL, msglen,
  16401. &verify_ok, &key, NULL, 0);
  16402. }
  16403. if (ret == BAD_FUNC_ARG) {
  16404. ret = wc_ed448_verify_msg(sig, siglen, msg, msglen,
  16405. NULL, &key, NULL, 0);
  16406. }
  16407. if (ret == BAD_FUNC_ARG) {
  16408. ret = wc_ed448_verify_msg(sig, siglen, msg, msglen,
  16409. &verify_ok, NULL, NULL, 0);
  16410. }
  16411. if (ret == BAD_FUNC_ARG) {
  16412. ret = wc_ed448_verify_msg(sig, badSigLen, msg, msglen,
  16413. &verify_ok, &key, NULL, 0);
  16414. }
  16415. if (ret == BAD_FUNC_ARG) {
  16416. ret = 0;
  16417. } else if (ret == 0) {
  16418. ret = SSL_FATAL_ERROR;
  16419. }
  16420. }
  16421. } /* END verify. */
  16422. printf(resultFmt, ret == 0 ? passed : failed);
  16423. #endif /* Verify. */
  16424. if (wc_FreeRng(&rng) && ret == 0) {
  16425. ret = SSL_FATAL_ERROR;
  16426. }
  16427. wc_ed448_free(&key);
  16428. #endif
  16429. return ret;
  16430. } /* END test_wc_ed448_sign_msg */
  16431. /*
  16432. * Testing wc_ed448_import_public()
  16433. */
  16434. static int test_wc_ed448_import_public (void)
  16435. {
  16436. int ret = 0;
  16437. #if defined(HAVE_ED448) && defined(HAVE_ED448_KEY_IMPORT)
  16438. WC_RNG rng;
  16439. ed448_key pubKey;
  16440. const byte in[] =
  16441. "Ed448PublicKeyUnitTest.................................\n";
  16442. word32 inlen = sizeof(in);
  16443. ret = wc_InitRng(&rng);
  16444. if (ret == 0) {
  16445. ret = wc_ed448_init(&pubKey);
  16446. if (ret == 0) {
  16447. ret = wc_ed448_make_key(&rng, ED448_KEY_SIZE, &pubKey);
  16448. }
  16449. }
  16450. printf(testingFmt, "wc_ed448_import_public()");
  16451. if (ret == 0) {
  16452. ret = wc_ed448_import_public(in, inlen, &pubKey);
  16453. if (ret == 0 && XMEMCMP(in, pubKey.p, inlen) == 0) {
  16454. ret = 0;
  16455. } else {
  16456. ret = SSL_FATAL_ERROR;
  16457. }
  16458. /* Test bad args. */
  16459. if (ret == 0) {
  16460. ret = wc_ed448_import_public(NULL, inlen, &pubKey);
  16461. if (ret == BAD_FUNC_ARG) {
  16462. ret = wc_ed448_import_public(in, inlen, NULL);
  16463. }
  16464. if (ret == BAD_FUNC_ARG) {
  16465. ret = wc_ed448_import_public(in, inlen - 1, &pubKey);
  16466. }
  16467. if (ret == BAD_FUNC_ARG) {
  16468. ret = 0;
  16469. } else if (ret == 0) {
  16470. ret = SSL_FATAL_ERROR;
  16471. }
  16472. }
  16473. }
  16474. printf(resultFmt, ret == 0 ? passed : failed);
  16475. if (wc_FreeRng(&rng) && ret == 0) {
  16476. ret = SSL_FATAL_ERROR;
  16477. }
  16478. wc_ed448_free(&pubKey);
  16479. #endif
  16480. return ret;
  16481. } /* END wc_ed448_import_public */
  16482. /*
  16483. * Testing wc_ed448_import_private_key()
  16484. */
  16485. static int test_wc_ed448_import_private_key (void)
  16486. {
  16487. int ret = 0;
  16488. #if defined(HAVE_ED448) && defined(HAVE_ED448_KEY_IMPORT)
  16489. WC_RNG rng;
  16490. ed448_key key;
  16491. const byte privKey[] =
  16492. "Ed448PrivateKeyUnitTest................................\n";
  16493. const byte pubKey[] =
  16494. "Ed448PublicKeyUnitTest.................................\n";
  16495. word32 privKeySz = sizeof(privKey);
  16496. word32 pubKeySz = sizeof(pubKey);
  16497. ret = wc_InitRng(&rng);
  16498. if (ret != 0) {
  16499. return ret;
  16500. }
  16501. ret = wc_ed448_init(&key);
  16502. if (ret != 0) {
  16503. wc_FreeRng(&rng);
  16504. return ret;
  16505. }
  16506. ret = wc_ed448_make_key(&rng, ED448_KEY_SIZE, &key);
  16507. printf(testingFmt, "wc_ed448_import_private_key()");
  16508. if (ret == 0) {
  16509. ret = wc_ed448_import_private_key(privKey, privKeySz, pubKey, pubKeySz,
  16510. &key);
  16511. if (ret == 0 && (XMEMCMP(pubKey, key.p, privKeySz) != 0 ||
  16512. XMEMCMP(privKey, key.k, pubKeySz) != 0)) {
  16513. ret = SSL_FATAL_ERROR;
  16514. }
  16515. }
  16516. /* Test bad args. */
  16517. if (ret == 0) {
  16518. ret = wc_ed448_import_private_key(NULL, privKeySz, pubKey, pubKeySz,
  16519. &key);
  16520. if (ret == BAD_FUNC_ARG) {
  16521. ret = wc_ed448_import_private_key(privKey, privKeySz, NULL,
  16522. pubKeySz, &key);
  16523. }
  16524. if (ret == BAD_FUNC_ARG) {
  16525. ret = wc_ed448_import_private_key(privKey, privKeySz, pubKey,
  16526. pubKeySz, NULL);
  16527. }
  16528. if (ret == BAD_FUNC_ARG) {
  16529. ret = wc_ed448_import_private_key(privKey, privKeySz - 1, pubKey,
  16530. pubKeySz, &key);
  16531. }
  16532. if (ret == BAD_FUNC_ARG) {
  16533. ret = wc_ed448_import_private_key(privKey, privKeySz, pubKey,
  16534. pubKeySz - 1, &key);
  16535. }
  16536. if (ret == BAD_FUNC_ARG) {
  16537. ret = 0;
  16538. } else if (ret == 0) {
  16539. ret = SSL_FATAL_ERROR;
  16540. }
  16541. }
  16542. printf(resultFmt, ret == 0 ? passed : failed);
  16543. if (wc_FreeRng(&rng) && ret == 0) {
  16544. ret = SSL_FATAL_ERROR;
  16545. }
  16546. wc_ed448_free(&key);
  16547. #endif
  16548. return ret;
  16549. } /* END test_wc_ed448_import_private_key */
  16550. /*
  16551. * Testing wc_ed448_export_public() and wc_ed448_export_private_only()
  16552. */
  16553. static int test_wc_ed448_export (void)
  16554. {
  16555. int ret = 0;
  16556. #if defined(HAVE_ED448) && defined(HAVE_ED448_KEY_EXPORT)
  16557. WC_RNG rng;
  16558. ed448_key key;
  16559. byte priv[ED448_PRV_KEY_SIZE];
  16560. byte pub[ED448_PUB_KEY_SIZE];
  16561. word32 privSz = sizeof(priv);
  16562. word32 pubSz = sizeof(pub);
  16563. ret = wc_InitRng(&rng);
  16564. if (ret != 0) {
  16565. return ret;
  16566. }
  16567. ret = wc_ed448_init(&key);
  16568. if (ret != 0) {
  16569. wc_FreeRng(&rng);
  16570. return ret;
  16571. }
  16572. if (ret == 0) {
  16573. ret = wc_ed448_make_key(&rng, ED448_KEY_SIZE, &key);
  16574. }
  16575. printf(testingFmt, "wc_ed448_export_public()");
  16576. if (ret == 0) {
  16577. ret = wc_ed448_export_public(&key, pub, &pubSz);
  16578. if (ret == 0 && (pubSz != ED448_KEY_SIZE ||
  16579. XMEMCMP(key.p, pub, pubSz) != 0)) {
  16580. ret = SSL_FATAL_ERROR;
  16581. }
  16582. if (ret == 0) {
  16583. ret = wc_ed448_export_public(NULL, pub, &pubSz);
  16584. if (ret == BAD_FUNC_ARG) {
  16585. ret = wc_ed448_export_public(&key, NULL, &pubSz);
  16586. }
  16587. if (ret == BAD_FUNC_ARG) {
  16588. ret = wc_ed448_export_public(&key, pub, NULL);
  16589. }
  16590. if (ret == BAD_FUNC_ARG) {
  16591. ret = 0;
  16592. } else if (ret == 0) {
  16593. ret = SSL_FATAL_ERROR;
  16594. }
  16595. }
  16596. }
  16597. printf(resultFmt, ret == 0 ? passed : failed);
  16598. printf(testingFmt, "wc_ed448_export_private_only()");
  16599. if (ret == 0) {
  16600. ret = wc_ed448_export_private_only(&key, priv, &privSz);
  16601. if (ret == 0 && (privSz != ED448_KEY_SIZE ||
  16602. XMEMCMP(key.k, priv, privSz) != 0)) {
  16603. ret = SSL_FATAL_ERROR;
  16604. }
  16605. if (ret == 0) {
  16606. ret = wc_ed448_export_private_only(NULL, priv, &privSz);
  16607. if (ret == BAD_FUNC_ARG) {
  16608. ret = wc_ed448_export_private_only(&key, NULL, &privSz);
  16609. }
  16610. if (ret == BAD_FUNC_ARG) {
  16611. ret = wc_ed448_export_private_only(&key, priv, NULL);
  16612. }
  16613. if (ret == BAD_FUNC_ARG) {
  16614. ret = 0;
  16615. } else if (ret == 0) {
  16616. ret = SSL_FATAL_ERROR;
  16617. }
  16618. }
  16619. }
  16620. printf(resultFmt, ret == 0 ? passed : failed);
  16621. if (wc_FreeRng(&rng) && ret == 0) {
  16622. ret = SSL_FATAL_ERROR;
  16623. }
  16624. wc_ed448_free(&key);
  16625. #endif
  16626. return ret;
  16627. } /* END test_wc_ed448_export */
  16628. /*
  16629. * Testing wc_ed448_size()
  16630. */
  16631. static int test_wc_ed448_size (void)
  16632. {
  16633. int ret = 0;
  16634. #if defined(HAVE_ED448)
  16635. WC_RNG rng;
  16636. ed448_key key;
  16637. ret = wc_InitRng(&rng);
  16638. if (ret != 0) {
  16639. return ret;
  16640. }
  16641. ret = wc_ed448_init(&key);
  16642. if (ret != 0) {
  16643. wc_FreeRng(&rng);
  16644. return ret;
  16645. }
  16646. ret = wc_ed448_make_key(&rng, ED448_KEY_SIZE, &key);
  16647. if (ret != 0) {
  16648. wc_FreeRng(&rng);
  16649. wc_ed448_free(&key);
  16650. return ret;
  16651. }
  16652. printf(testingFmt, "wc_ed448_size()");
  16653. ret = wc_ed448_size(&key);
  16654. /* Test bad args. */
  16655. if (ret == ED448_KEY_SIZE) {
  16656. ret = wc_ed448_size(NULL);
  16657. if (ret == BAD_FUNC_ARG) {
  16658. ret = 0;
  16659. }
  16660. }
  16661. printf(resultFmt, ret == 0 ? passed : failed);
  16662. if (ret == 0) {
  16663. printf(testingFmt, "wc_ed448_sig_size()");
  16664. ret = wc_ed448_sig_size(&key);
  16665. if (ret == ED448_SIG_SIZE) {
  16666. ret = 0;
  16667. }
  16668. /* Test bad args. */
  16669. if (ret == 0) {
  16670. ret = wc_ed448_sig_size(NULL);
  16671. if (ret == BAD_FUNC_ARG) {
  16672. ret = 0;
  16673. }
  16674. }
  16675. printf(resultFmt, ret == 0 ? passed : failed);
  16676. } /* END wc_ed448_sig_size() */
  16677. if (ret == 0) {
  16678. printf(testingFmt, "wc_ed448_pub_size");
  16679. ret = wc_ed448_pub_size(&key);
  16680. if (ret == ED448_PUB_KEY_SIZE) {
  16681. ret = 0;
  16682. }
  16683. if (ret == 0) {
  16684. ret = wc_ed448_pub_size(NULL);
  16685. if (ret == BAD_FUNC_ARG) {
  16686. ret = 0;
  16687. }
  16688. }
  16689. printf(resultFmt, ret == 0 ? passed : failed);
  16690. } /* END wc_ed448_pub_size */
  16691. if (ret == 0) {
  16692. printf(testingFmt, "wc_ed448_priv_size");
  16693. ret = wc_ed448_priv_size(&key);
  16694. if (ret == ED448_PRV_KEY_SIZE) {
  16695. ret = 0;
  16696. }
  16697. if (ret == 0) {
  16698. ret = wc_ed448_priv_size(NULL);
  16699. if (ret == BAD_FUNC_ARG) {
  16700. ret = 0;
  16701. }
  16702. }
  16703. printf(resultFmt, ret == 0 ? passed : failed);
  16704. } /* END wc_ed448_pub_size */
  16705. if (wc_FreeRng(&rng) && ret == 0) {
  16706. ret = SSL_FATAL_ERROR;
  16707. }
  16708. wc_ed448_free(&key);
  16709. #endif
  16710. return ret;
  16711. } /* END test_wc_ed448_size */
  16712. /*
  16713. * Testing wc_ed448_export_private() and wc_ed448_export_key()
  16714. */
  16715. static int test_wc_ed448_exportKey (void)
  16716. {
  16717. int ret = 0;
  16718. #if defined(HAVE_ED448) && defined(HAVE_ED448_KEY_EXPORT)
  16719. WC_RNG rng;
  16720. ed448_key key;
  16721. byte priv[ED448_PRV_KEY_SIZE];
  16722. byte pub[ED448_PUB_KEY_SIZE];
  16723. byte privOnly[ED448_PRV_KEY_SIZE];
  16724. word32 privSz = sizeof(priv);
  16725. word32 pubSz = sizeof(pub);
  16726. word32 privOnlySz = sizeof(privOnly);
  16727. ret = wc_InitRng(&rng);
  16728. if (ret != 0) {
  16729. return ret;
  16730. }
  16731. ret = wc_ed448_init(&key);
  16732. if (ret != 0) {
  16733. wc_FreeRng(&rng);
  16734. return ret;
  16735. }
  16736. ret = wc_ed448_make_key(&rng, ED448_KEY_SIZE, &key);
  16737. if (ret != 0) {
  16738. wc_FreeRng(&rng);
  16739. wc_ed448_free(&key);
  16740. return ret;
  16741. }
  16742. printf(testingFmt, "wc_ed448_export_private()");
  16743. ret = wc_ed448_export_private(&key, privOnly, &privOnlySz);
  16744. if (ret == 0) {
  16745. ret = wc_ed448_export_private(NULL, privOnly, &privOnlySz);
  16746. if (ret == BAD_FUNC_ARG) {
  16747. ret = wc_ed448_export_private(&key, NULL, &privOnlySz);
  16748. }
  16749. if (ret == BAD_FUNC_ARG) {
  16750. ret = wc_ed448_export_private(&key, privOnly, NULL);
  16751. }
  16752. if (ret == BAD_FUNC_ARG) {
  16753. ret = 0;
  16754. } else if (ret == 0) {
  16755. ret = SSL_FATAL_ERROR;
  16756. }
  16757. }
  16758. printf(resultFmt, ret == 0 ? passed : failed);
  16759. if (ret == 0) {
  16760. printf(testingFmt, "wc_ed448_export_key()");
  16761. ret = wc_ed448_export_key(&key, priv, &privSz, pub, &pubSz);
  16762. if (ret == 0) {
  16763. ret = wc_ed448_export_key(NULL, priv, &privSz, pub, &pubSz);
  16764. if (ret == BAD_FUNC_ARG) {
  16765. ret = wc_ed448_export_key(&key, NULL, &privSz, pub, &pubSz);
  16766. }
  16767. if (ret == BAD_FUNC_ARG) {
  16768. ret = wc_ed448_export_key(&key, priv, NULL, pub, &pubSz);
  16769. }
  16770. if (ret == BAD_FUNC_ARG) {
  16771. ret = wc_ed448_export_key(&key, priv, &privSz, NULL, &pubSz);
  16772. }
  16773. if (ret == BAD_FUNC_ARG) {
  16774. ret = wc_ed448_export_key(&key, priv, &privSz, pub, NULL);
  16775. }
  16776. if (ret == BAD_FUNC_ARG) {
  16777. ret = 0;
  16778. } else if (ret == 0) {
  16779. ret = SSL_FATAL_ERROR;
  16780. }
  16781. }
  16782. printf(resultFmt, ret == 0 ? passed : failed);
  16783. } /* END wc_ed448_export_key() */
  16784. /* Cross check output. */
  16785. if (ret == 0 && XMEMCMP(priv, privOnly, privSz) != 0) {
  16786. ret = SSL_FATAL_ERROR;
  16787. }
  16788. if (wc_FreeRng(&rng) && ret == 0) {
  16789. ret = SSL_FATAL_ERROR;
  16790. }
  16791. wc_ed448_free(&key);
  16792. #endif
  16793. return ret;
  16794. } /* END test_wc_ed448_exportKey */
  16795. /*
  16796. * Testing wc_Ed448PublicKeyToDer
  16797. */
  16798. static int test_wc_Ed448PublicKeyToDer (void)
  16799. {
  16800. int ret = 0;
  16801. #if defined(HAVE_ED448) && (defined(WOLFSSL_CERT_GEN) || \
  16802. defined(WOLFSSL_KEY_GEN))
  16803. int tmp;
  16804. ed448_key key;
  16805. byte derBuf[1024];
  16806. printf(testingFmt, "wc_Ed448PublicKeyToDer()");
  16807. /* Test bad args */
  16808. tmp = wc_Ed448PublicKeyToDer(NULL, NULL, 0, 0);
  16809. if (tmp != BAD_FUNC_ARG) {
  16810. ret = SSL_FATAL_ERROR;
  16811. }
  16812. if (ret == 0) {
  16813. wc_ed448_init(&key);
  16814. tmp = wc_Ed448PublicKeyToDer(&key, derBuf, 0, 0);
  16815. if (tmp != BUFFER_E) {
  16816. ret = SSL_FATAL_ERROR;
  16817. }
  16818. wc_ed448_free(&key);
  16819. }
  16820. /* Test good args */
  16821. if (ret == 0) {
  16822. WC_RNG rng;
  16823. ret = wc_InitRng(&rng);
  16824. if (ret != 0) {
  16825. return ret;
  16826. }
  16827. ret = wc_ed448_init(&key);
  16828. if (ret != 0) {
  16829. wc_FreeRng(&rng);
  16830. return ret;
  16831. }
  16832. ret = wc_ed448_make_key(&rng, ED448_KEY_SIZE, &key);
  16833. if (ret != 0) {
  16834. wc_FreeRng(&rng);
  16835. wc_ed448_free(&key);
  16836. return ret;
  16837. }
  16838. tmp = wc_Ed448PublicKeyToDer(&key, derBuf, 1024, 1);
  16839. if (tmp <= 0) {
  16840. ret = SSL_FATAL_ERROR;
  16841. }
  16842. wc_FreeRng(&rng);
  16843. wc_ed448_free(&key);
  16844. }
  16845. printf(resultFmt, ret == 0 ? passed : failed);
  16846. #endif
  16847. return ret;
  16848. } /* END testing wc_Ed448PublicKeyToDer */
  16849. /*
  16850. * Testing wc_curve448_init and wc_curve448_free.
  16851. */
  16852. static int test_wc_curve448_init (void)
  16853. {
  16854. int ret = 0;
  16855. #if defined(HAVE_CURVE448)
  16856. curve448_key key;
  16857. printf(testingFmt, "wc_curve448_init()");
  16858. ret = wc_curve448_init(&key);
  16859. /* Test bad args for wc_curve448_init */
  16860. if (ret == 0) {
  16861. ret = wc_curve448_init(NULL);
  16862. if (ret == BAD_FUNC_ARG) {
  16863. ret = 0;
  16864. } else if (ret == 0) {
  16865. ret = SSL_FATAL_ERROR;
  16866. }
  16867. }
  16868. printf(resultFmt, ret == 0 ? passed : failed);
  16869. /* Test good args for wc_curve_448_free */
  16870. wc_curve448_free(&key);
  16871. wc_curve448_free(NULL);
  16872. #endif
  16873. return ret;
  16874. } /* END test_wc_curve448_init and wc_curve_448_free*/
  16875. /*
  16876. * Testing wc_curve448_make_key
  16877. */
  16878. static int test_wc_curve448_make_key (void)
  16879. {
  16880. int ret = 0;
  16881. #if defined(HAVE_CURVE448)
  16882. WC_RNG rng;
  16883. curve448_key key;
  16884. int keysize;
  16885. printf(testingFmt, "wc_curve448_make_key()");
  16886. ret = wc_curve448_init(&key);
  16887. if (ret == 0) {
  16888. ret = wc_InitRng(&rng);
  16889. }
  16890. if (ret == 0) {
  16891. ret = wc_curve448_make_key(&rng, CURVE448_KEY_SIZE, &key);
  16892. if (ret == 0) {
  16893. keysize = wc_curve448_size(&key);
  16894. if (keysize != CURVE448_KEY_SIZE) {
  16895. ret = SSL_FATAL_ERROR;
  16896. }
  16897. }
  16898. if (ret == 0) {
  16899. ret = wc_curve448_make_key(&rng, keysize, &key);
  16900. }
  16901. }
  16902. /*test bad cases*/
  16903. if (ret == 0) {
  16904. ret = wc_curve448_make_key(NULL, 0, NULL);
  16905. if (ret == BAD_FUNC_ARG) {
  16906. ret = 0;
  16907. }
  16908. }
  16909. if (ret == 0) {
  16910. ret = wc_curve448_make_key(&rng, keysize, NULL);
  16911. if (ret == BAD_FUNC_ARG) {
  16912. ret = 0;
  16913. }
  16914. }
  16915. if (ret == 0) {
  16916. ret = wc_curve448_make_key(NULL, keysize, &key);
  16917. if (ret == BAD_FUNC_ARG) {
  16918. ret = 0;
  16919. }
  16920. }
  16921. if (ret == 0) {
  16922. ret = wc_curve448_make_key(&rng, 0, &key);
  16923. if (ret == ECC_BAD_ARG_E) {
  16924. ret = 0;
  16925. }
  16926. }
  16927. if (wc_FreeRng(&rng) != 0 && ret == 0) {
  16928. ret = WOLFSSL_FATAL_ERROR;
  16929. }
  16930. printf(resultFmt, ret == 0 ? passed : failed);
  16931. wc_curve448_free(&key);
  16932. #endif
  16933. return ret;
  16934. } /*END test_wc_curve448_make_key*/
  16935. /*
  16936. * Testing test_wc_curve448_shared_secret_ex
  16937. */
  16938. static int test_wc_curve448_shared_secret_ex (void)
  16939. {
  16940. int ret = 0;
  16941. #if defined(HAVE_CURVE448)
  16942. WC_RNG rng;
  16943. curve448_key private_key, public_key;
  16944. byte out[CURVE448_KEY_SIZE];
  16945. word32 outLen = sizeof(out);
  16946. int endian = EC448_BIG_ENDIAN;
  16947. printf(testingFmt, "wc_curve448_shared_secret_ex()");
  16948. ret = wc_curve448_init(&private_key);
  16949. if (ret == 0) {
  16950. ret = wc_InitRng(&rng);
  16951. if (ret == 0) {
  16952. ret = wc_curve448_make_key(&rng, CURVE448_KEY_SIZE, &private_key);
  16953. }
  16954. }
  16955. if (ret == 0) {
  16956. ret = wc_curve448_init(&public_key);
  16957. }
  16958. if (ret == 0) {
  16959. if (ret == 0) {
  16960. ret = wc_curve448_make_key(&rng, CURVE448_KEY_SIZE, &public_key);
  16961. }
  16962. }
  16963. if (ret == 0) {
  16964. ret = wc_curve448_shared_secret_ex(&private_key, &public_key, out,
  16965. &outLen, endian);
  16966. }
  16967. /*test bad cases*/
  16968. if (ret == 0) {
  16969. ret = wc_curve448_shared_secret_ex(NULL, NULL, NULL,
  16970. 0, endian);
  16971. if (ret == BAD_FUNC_ARG) {
  16972. ret = 0;
  16973. }
  16974. }
  16975. if (ret == 0) {
  16976. ret = wc_curve448_shared_secret_ex(NULL, &public_key, out,
  16977. &outLen, endian);
  16978. if (ret == BAD_FUNC_ARG) {
  16979. ret = 0;
  16980. }
  16981. }
  16982. if (ret == 0) {
  16983. ret = wc_curve448_shared_secret_ex(&private_key, NULL, out,
  16984. &outLen, endian);
  16985. if (ret == BAD_FUNC_ARG) {
  16986. ret = 0;
  16987. }
  16988. }
  16989. if (ret == 0) {
  16990. ret = wc_curve448_shared_secret_ex(&private_key, &public_key, NULL,
  16991. &outLen, endian);
  16992. if (ret == BAD_FUNC_ARG) {
  16993. ret = 0;
  16994. }
  16995. }
  16996. if (ret == 0) {
  16997. ret = wc_curve448_shared_secret_ex(&private_key, &public_key, out,
  16998. NULL, endian);
  16999. if (ret == BAD_FUNC_ARG) {
  17000. ret = 0;
  17001. }
  17002. }
  17003. outLen = outLen - 2;
  17004. if (ret == 0) {
  17005. ret = wc_curve448_shared_secret_ex(&private_key, &public_key, out,
  17006. &outLen, endian);
  17007. if (ret == BAD_FUNC_ARG) {
  17008. ret = 0;
  17009. }
  17010. }
  17011. printf(resultFmt, ret == 0 ? passed : failed);
  17012. wc_curve448_free(&private_key);
  17013. wc_curve448_free(&public_key);
  17014. wc_FreeRng(&rng);
  17015. #endif
  17016. return ret;
  17017. } /*END test_wc_curve448_shared_secret_ex*/
  17018. /*
  17019. * Testing test_wc_curve448_export_public_ex
  17020. */
  17021. static int test_wc_curve448_export_public_ex (void)
  17022. {
  17023. int ret = 0;
  17024. #if defined(HAVE_CURVE448)
  17025. WC_RNG rng;
  17026. curve448_key key;
  17027. byte out[CURVE448_KEY_SIZE];
  17028. word32 outLen = sizeof(out);
  17029. int endian = EC448_BIG_ENDIAN;
  17030. printf(testingFmt, "wc_curve448_export_public_ex()");
  17031. ret = wc_curve448_init(&key);
  17032. if (ret == 0) {
  17033. ret = wc_InitRng(&rng);
  17034. }
  17035. if (ret == 0) {
  17036. ret = wc_curve448_make_key(&rng, CURVE448_KEY_SIZE, &key);
  17037. if (ret == 0){
  17038. ret = wc_curve448_export_public(&key, out, &outLen);
  17039. }
  17040. if (ret == 0) {
  17041. ret = wc_curve448_export_public_ex(&key, out, &outLen, endian);
  17042. }
  17043. }
  17044. /*test bad cases*/
  17045. if (ret == 0) {
  17046. ret = wc_curve448_export_public_ex(NULL, NULL, NULL, endian);
  17047. if (ret == BAD_FUNC_ARG) {
  17048. ret = 0;
  17049. }
  17050. }
  17051. if (ret == 0) {
  17052. ret = wc_curve448_export_public_ex(NULL, out, &outLen, endian);
  17053. if (ret == BAD_FUNC_ARG) {
  17054. ret = 0;
  17055. }
  17056. }
  17057. if (ret == 0) {
  17058. ret = wc_curve448_export_public_ex(&key, NULL, &outLen, endian);
  17059. if (ret == BAD_FUNC_ARG) {
  17060. ret = 0;
  17061. }
  17062. }
  17063. if (ret == 0) {
  17064. ret = wc_curve448_export_public_ex(&key, out, NULL, endian);
  17065. if (ret == BAD_FUNC_ARG) {
  17066. ret = 0;
  17067. }
  17068. }
  17069. outLen = outLen - 2;
  17070. if (ret == 0) {
  17071. ret = wc_curve448_export_public_ex(&key, out, &outLen, endian);
  17072. if (ret == ECC_BAD_ARG_E) {
  17073. ret = 0;
  17074. }
  17075. }
  17076. printf(resultFmt, ret == 0 ? passed : failed);
  17077. wc_curve448_free(&key);
  17078. wc_FreeRng(&rng);
  17079. #endif
  17080. return ret;
  17081. } /*END test_wc_curve448_export_public_ex*/
  17082. /*
  17083. * Testing test_wc_curve448_export_private_raw_ex
  17084. */
  17085. static int test_wc_curve448_export_private_raw_ex (void)
  17086. {
  17087. int ret = 0;
  17088. #if defined(HAVE_CURVE448)
  17089. curve448_key key;
  17090. byte out[CURVE448_KEY_SIZE];
  17091. word32 outLen = sizeof(out);
  17092. int endian = EC448_BIG_ENDIAN;
  17093. printf(testingFmt, "wc_curve448_export_private_raw_ex()");
  17094. ret = wc_curve448_init(&key);
  17095. if (ret == 0) {
  17096. ret = wc_curve448_export_private_raw_ex(&key, out, &outLen, endian);
  17097. }
  17098. /*test bad cases*/
  17099. if (ret == 0) {
  17100. ret = wc_curve448_export_private_raw_ex(NULL, NULL, NULL, endian);
  17101. if (ret == BAD_FUNC_ARG) {
  17102. ret = 0;
  17103. }
  17104. }
  17105. if (ret == 0) {
  17106. ret = wc_curve448_export_private_raw_ex(NULL, out, &outLen, endian);
  17107. if (ret == BAD_FUNC_ARG) {
  17108. ret = 0;
  17109. }
  17110. }
  17111. if (ret == 0) {
  17112. ret = wc_curve448_export_private_raw_ex(&key, NULL, &outLen, endian);
  17113. if (ret == BAD_FUNC_ARG) {
  17114. ret = 0;
  17115. }
  17116. }
  17117. if (ret == 0) {
  17118. ret = wc_curve448_export_private_raw_ex(&key, out, NULL, endian);
  17119. if (ret == BAD_FUNC_ARG) {
  17120. ret = 0;
  17121. }
  17122. }
  17123. if (ret == 0) {
  17124. ret = wc_curve448_export_private_raw_ex(&key, out, &outLen,
  17125. EC448_LITTLE_ENDIAN);
  17126. }
  17127. outLen = outLen - 2;
  17128. if (ret == 0) {
  17129. ret = wc_curve448_export_private_raw_ex(&key, out, &outLen, endian);
  17130. if (ret == ECC_BAD_ARG_E) {
  17131. ret = 0;
  17132. }
  17133. }
  17134. printf(resultFmt, ret == 0 ? passed : failed);
  17135. wc_curve448_free(&key);
  17136. #endif
  17137. return ret;
  17138. }/*END test_wc_curve448_export_private_raw_ex*/
  17139. /*
  17140. * Testing test_wc_curve448_import_private_raw_ex
  17141. */
  17142. static int test_wc_curve448_import_private_raw_ex (void)
  17143. {
  17144. int ret = 0;
  17145. #if defined(HAVE_CURVE448)
  17146. WC_RNG rng;
  17147. curve448_key key;
  17148. byte priv[CURVE448_KEY_SIZE];
  17149. byte pub[CURVE448_KEY_SIZE];
  17150. word32 privSz = sizeof(priv);
  17151. word32 pubSz = sizeof(pub);
  17152. int endian = EC448_BIG_ENDIAN;
  17153. printf(testingFmt, "wc_curve448_import_private_raw_ex()");
  17154. ret = wc_curve448_init(&key);
  17155. if (ret == 0) {
  17156. ret = wc_InitRng(&rng);
  17157. }
  17158. if (ret == 0) {
  17159. ret = wc_curve448_make_key(&rng, CURVE448_KEY_SIZE, &key);
  17160. if (ret == 0){
  17161. ret = wc_curve448_export_private_raw(&key, priv, &privSz);
  17162. }
  17163. if (ret == 0){
  17164. ret = wc_curve448_export_public(&key, pub, &pubSz);
  17165. }
  17166. if (ret == 0) {
  17167. ret = wc_curve448_import_private_raw_ex(priv, privSz, pub, pubSz,
  17168. &key, endian);
  17169. }
  17170. }
  17171. /*test bad cases*/
  17172. if (ret == 0) {
  17173. ret = wc_curve448_import_private_raw_ex(NULL, 0, NULL, 0, NULL, 0);
  17174. if (ret == BAD_FUNC_ARG) {
  17175. ret = 0;
  17176. }
  17177. }
  17178. if (ret == 0) {
  17179. ret = wc_curve448_import_private_raw_ex(NULL, privSz, pub, pubSz,
  17180. &key, endian);
  17181. if (ret == BAD_FUNC_ARG) {
  17182. ret = 0;
  17183. }
  17184. }
  17185. if (ret == 0) {
  17186. ret = wc_curve448_import_private_raw_ex(priv, privSz, NULL, pubSz,
  17187. &key, endian);
  17188. if (ret == BAD_FUNC_ARG) {
  17189. ret = 0;
  17190. }
  17191. }
  17192. if (ret == 0) {
  17193. ret = wc_curve448_import_private_raw_ex(priv, privSz, pub, pubSz,
  17194. NULL, endian);
  17195. if (ret == BAD_FUNC_ARG) {
  17196. ret = 0;
  17197. }
  17198. }
  17199. if (ret == 0) {
  17200. ret = wc_curve448_import_private_raw_ex(priv, 0, pub, pubSz,
  17201. &key, endian);
  17202. if (ret == ECC_BAD_ARG_E) {
  17203. ret = 0;
  17204. }
  17205. }
  17206. if (ret == 0) {
  17207. ret = wc_curve448_import_private_raw_ex(priv, privSz, pub, 0,
  17208. &key, endian);
  17209. if (ret == ECC_BAD_ARG_E) {
  17210. ret = 0;
  17211. }
  17212. }
  17213. if (ret == 0) {
  17214. ret = wc_curve448_import_private_raw_ex(priv, privSz, pub, pubSz,
  17215. &key, EC448_LITTLE_ENDIAN);
  17216. }
  17217. if (wc_FreeRng(&rng) != 0 && ret == 0) {
  17218. ret = WOLFSSL_FATAL_ERROR;
  17219. }
  17220. printf(resultFmt, ret == 0 ? passed : failed);
  17221. wc_curve448_free(&key);
  17222. #endif
  17223. return ret;
  17224. } /*END test_wc_curve448_import_private_raw_ex*/
  17225. /*
  17226. * Testing test_curve448_export_key_raw
  17227. */
  17228. static int test_wc_curve448_export_key_raw (void)
  17229. {
  17230. int ret = 0;
  17231. #if defined(HAVE_CURVE448)
  17232. WC_RNG rng;
  17233. curve448_key key;
  17234. byte priv[CURVE448_KEY_SIZE];
  17235. byte pub[CURVE448_KEY_SIZE];
  17236. word32 privSz = sizeof(priv);
  17237. word32 pubSz = sizeof(pub);
  17238. printf(testingFmt, "wc_curve448_export_key_raw()");
  17239. ret = wc_curve448_init(&key);
  17240. if (ret == 0) {
  17241. ret = wc_InitRng(&rng);
  17242. }
  17243. if (ret == 0) {
  17244. ret = wc_curve448_make_key(&rng, CURVE448_KEY_SIZE, &key);
  17245. if (ret == 0) {
  17246. ret = wc_curve448_export_private_raw(&key, priv, &privSz);
  17247. }
  17248. if (ret == 0) {
  17249. ret = wc_curve448_export_public(&key, pub, &pubSz);
  17250. }
  17251. if (ret == 0) {
  17252. ret = wc_curve448_export_key_raw(&key, priv, &privSz, pub, &pubSz);
  17253. }
  17254. }
  17255. printf(resultFmt, ret == 0 ? passed : failed);
  17256. wc_curve448_free(&key);
  17257. wc_FreeRng(&rng);
  17258. #endif
  17259. return ret;
  17260. }/*END test_wc_curve448_import_private_raw_ex*/
  17261. /*
  17262. * Testing test_wc_curve448_import_private
  17263. */
  17264. static int test_wc_curve448_import_private (void)
  17265. {
  17266. int ret = 0;
  17267. #if defined(HAVE_CURVE448)
  17268. curve448_key key;
  17269. WC_RNG rng;
  17270. byte priv[CURVE448_KEY_SIZE];
  17271. word32 privSz = sizeof(priv);
  17272. printf(testingFmt, "wc_curve448_import_private()");
  17273. ret = wc_curve448_init(&key);
  17274. if (ret == 0) {
  17275. ret = wc_InitRng(&rng);
  17276. }
  17277. if (ret == 0) {
  17278. ret = wc_curve448_make_key(&rng, CURVE448_KEY_SIZE, &key);
  17279. if (ret == 0) {
  17280. ret = wc_curve448_export_private_raw(&key, priv, &privSz);
  17281. }
  17282. }
  17283. if (ret == 0) {
  17284. ret = wc_curve448_import_private(priv, privSz, &key);
  17285. }
  17286. printf(resultFmt, ret == 0 ? passed : failed);
  17287. wc_curve448_free(&key);
  17288. wc_FreeRng(&rng);
  17289. #endif
  17290. return ret;
  17291. } /*END test_wc_curve448_import*/
  17292. /*
  17293. * Testing test_wc_curve448_size.
  17294. */
  17295. static int test_wc_curve448_size (void)
  17296. {
  17297. int ret = 0;
  17298. #if defined(HAVE_CURVE448)
  17299. curve448_key key;
  17300. printf(testingFmt, "wc_curve448_size()");
  17301. ret = wc_curve448_init(&key);
  17302. /* Test good args for wc_curve448_size */
  17303. if (ret == 0) {
  17304. ret = wc_curve448_size(&key);
  17305. }
  17306. /* Test bad args for wc_curve448_size */
  17307. if (ret != 0) {
  17308. ret = wc_curve448_size(NULL);
  17309. }
  17310. printf(resultFmt, ret == 0 ? passed : failed);
  17311. wc_curve448_free(&key);
  17312. #endif
  17313. return ret;
  17314. } /* END test_wc_curve448_size*/
  17315. /*
  17316. * Testing wc_ecc_make_key.
  17317. */
  17318. static int test_wc_ecc_make_key (void)
  17319. {
  17320. int ret = 0;
  17321. #if defined(HAVE_ECC) && !defined(WC_NO_RNG)
  17322. WC_RNG rng;
  17323. ecc_key key;
  17324. printf(testingFmt, "wc_ecc_make_key()");
  17325. ret = wc_InitRng(&rng);
  17326. if (ret != 0)
  17327. return ret;
  17328. ret = wc_ecc_init(&key);
  17329. if (ret == 0) {
  17330. ret = wc_ecc_make_key(&rng, KEY14, &key);
  17331. /* Pass in bad args. */
  17332. if (ret == 0) {
  17333. ret = wc_ecc_make_key(NULL, KEY14, &key);
  17334. if (ret == BAD_FUNC_ARG) {
  17335. ret = wc_ecc_make_key(&rng, KEY14, NULL);
  17336. }
  17337. if (ret == BAD_FUNC_ARG) {
  17338. ret = 0;
  17339. } else if (ret == 0) {
  17340. ret = WOLFSSL_FATAL_ERROR;
  17341. }
  17342. }
  17343. wc_ecc_free(&key);
  17344. }
  17345. if (wc_FreeRng(&rng) != 0 && ret == 0) {
  17346. ret = WOLFSSL_FATAL_ERROR;
  17347. }
  17348. #ifdef FP_ECC
  17349. wc_ecc_fp_free();
  17350. #endif
  17351. printf(resultFmt, ret == 0 ? passed : failed);
  17352. #endif
  17353. return ret;
  17354. } /* END test_wc_ecc_make_key */
  17355. /*
  17356. * Testing wc_ecc_init()
  17357. */
  17358. static int test_wc_ecc_init (void)
  17359. {
  17360. int ret = 0;
  17361. #ifdef HAVE_ECC
  17362. ecc_key key;
  17363. printf(testingFmt, "wc_ecc_init()");
  17364. ret = wc_ecc_init(&key);
  17365. /* Pass in bad args. */
  17366. if (ret == 0) {
  17367. ret = wc_ecc_init(NULL);
  17368. if (ret == BAD_FUNC_ARG) {
  17369. ret = 0;
  17370. } else if (ret == 0) {
  17371. ret = WOLFSSL_FATAL_ERROR;
  17372. }
  17373. }
  17374. printf(resultFmt, ret == 0 ? passed : failed);
  17375. wc_ecc_free(&key);
  17376. #endif
  17377. return ret;
  17378. } /* END test_wc_ecc_init */
  17379. /*
  17380. * Testing wc_ecc_check_key()
  17381. */
  17382. static int test_wc_ecc_check_key (void)
  17383. {
  17384. int ret = 0;
  17385. #if defined(HAVE_ECC) && !defined(WC_NO_RNG)
  17386. WC_RNG rng;
  17387. ecc_key key;
  17388. XMEMSET(&rng, 0, sizeof(rng));
  17389. XMEMSET(&key, 0, sizeof(key));
  17390. ret = wc_InitRng(&rng);
  17391. if (ret == 0) {
  17392. ret = wc_ecc_init(&key);
  17393. if (ret == 0) {
  17394. ret = wc_ecc_make_key(&rng, KEY14, &key);
  17395. }
  17396. }
  17397. printf(testingFmt, "wc_ecc_check_key()");
  17398. if (ret == 0) {
  17399. ret = wc_ecc_check_key(&key);
  17400. }
  17401. /* Pass in bad args. */
  17402. if (ret == 0) {
  17403. ret = wc_ecc_check_key(NULL);
  17404. if (ret == BAD_FUNC_ARG) {
  17405. ret = 0;
  17406. } else if (ret == 0) {
  17407. ret = WOLFSSL_FATAL_ERROR;
  17408. }
  17409. }
  17410. printf(resultFmt, ret == 0 ? passed : failed);
  17411. if (wc_FreeRng(&rng) && ret == 0) {
  17412. ret = WOLFSSL_FATAL_ERROR;
  17413. }
  17414. wc_ecc_free(&key);
  17415. #ifdef FP_ECC
  17416. wc_ecc_fp_free();
  17417. #endif
  17418. #endif
  17419. return ret;
  17420. } /* END test_wc_ecc_check_key */
  17421. /*
  17422. * Testing wc_ecc_get_generator()
  17423. */
  17424. static int test_wc_ecc_get_generator(void)
  17425. {
  17426. int ret = 0;
  17427. #if defined(HAVE_ECC) && !defined(WC_NO_RNG) && !defined(HAVE_SELFTEST) && \
  17428. !defined(HAVE_FIPS) && defined(OPENSSL_EXTRA)
  17429. ecc_point* pt;
  17430. printf(testingFmt, "wc_ecc_new_point()");
  17431. pt = wc_ecc_new_point();
  17432. if (!pt) {
  17433. ret = WOLFSSL_FATAL_ERROR;
  17434. }
  17435. printf(testingFmt, "wc_ecc_get_generator()");
  17436. if (ret == 0) {
  17437. ret = wc_ecc_get_generator(pt, wc_ecc_get_curve_idx(ECC_SECP256R1));
  17438. }
  17439. /* Test bad args. */
  17440. if (ret == MP_OKAY) {
  17441. /* Returns Zero for bad arg. */
  17442. ret = wc_ecc_get_generator(pt, -1);
  17443. if (ret != MP_OKAY)
  17444. wc_ecc_get_generator(NULL, wc_ecc_get_curve_idx(ECC_SECP256R1));
  17445. if (ret != MP_OKAY)
  17446. wc_ecc_get_generator(pt, 1000); /* If we ever get to 1000 curves
  17447. * increase this number */
  17448. if (ret != MP_OKAY)
  17449. wc_ecc_get_generator(NULL, -1);
  17450. ret = ret == MP_OKAY ? WOLFSSL_FATAL_ERROR : 0;
  17451. }
  17452. printf(resultFmt, ret == 0 ? passed : failed);
  17453. wc_ecc_del_point(pt);
  17454. #endif
  17455. return ret;
  17456. } /* END test_wc_ecc_get_generator */
  17457. /*
  17458. * Testing wc_ecc_size()
  17459. */
  17460. static int test_wc_ecc_size (void)
  17461. {
  17462. int ret = 0;
  17463. #if defined(HAVE_ECC) && !defined(WC_NO_RNG)
  17464. WC_RNG rng;
  17465. ecc_key key;
  17466. XMEMSET(&rng, 0, sizeof(rng));
  17467. XMEMSET(&key, 0, sizeof(key));
  17468. ret = wc_InitRng(&rng);
  17469. if (ret == 0) {
  17470. ret = wc_ecc_init(&key);
  17471. if (ret == 0) {
  17472. ret = wc_ecc_make_key(&rng, KEY14, &key);
  17473. }
  17474. }
  17475. printf(testingFmt, "wc_ecc_size()");
  17476. if (ret == 0) {
  17477. ret = wc_ecc_size(&key);
  17478. if (ret == KEY14) {
  17479. ret = 0;
  17480. } else if (ret == 0){
  17481. ret = WOLFSSL_FATAL_ERROR;
  17482. }
  17483. }
  17484. /* Test bad args. */
  17485. if (ret == 0) {
  17486. /* Returns Zero for bad arg. */
  17487. ret = wc_ecc_size(NULL);
  17488. }
  17489. printf(resultFmt, ret == 0 ? passed : failed);
  17490. if (wc_FreeRng(&rng) && ret == 0) {
  17491. ret = WOLFSSL_FATAL_ERROR;
  17492. }
  17493. wc_ecc_free(&key);
  17494. #endif
  17495. return ret;
  17496. } /* END test_wc_ecc_size */
  17497. static void test_wc_ecc_params(void)
  17498. {
  17499. /* FIPS/CAVP self-test modules do not have `wc_ecc_get_curve_params`.
  17500. It was added after certifications */
  17501. #if defined(HAVE_ECC) && !defined(HAVE_FIPS) && !defined(HAVE_SELFTEST)
  17502. const ecc_set_type* ecc_set;
  17503. #if !defined(NO_ECC256) && !defined(NO_ECC_SECP)
  17504. /* Test for SECP256R1 curve */
  17505. int curve_id = ECC_SECP256R1;
  17506. int curve_idx = wc_ecc_get_curve_idx(curve_id);
  17507. AssertIntNE(curve_idx, ECC_CURVE_INVALID);
  17508. ecc_set = wc_ecc_get_curve_params(curve_idx);
  17509. AssertNotNull(ecc_set);
  17510. AssertIntEQ(ecc_set->id, curve_id);
  17511. #endif
  17512. /* Test case when SECP256R1 is not enabled */
  17513. /* Test that we get curve params for index 0 */
  17514. ecc_set = wc_ecc_get_curve_params(0);
  17515. AssertNotNull(ecc_set);
  17516. #endif /* HAVE_ECC && !HAVE_FIPS && !HAVE_SELFTEST */
  17517. }
  17518. /*
  17519. * Testing wc_ecc_sign_hash() and wc_ecc_verify_hash()
  17520. */
  17521. static int test_wc_ecc_signVerify_hash (void)
  17522. {
  17523. int ret = 0;
  17524. #if defined(HAVE_ECC) && defined(HAVE_ECC_SIGN) && !defined(NO_ASN) && !defined(WC_NO_RNG)
  17525. WC_RNG rng;
  17526. ecc_key key;
  17527. int signH = WOLFSSL_FATAL_ERROR;
  17528. #ifdef HAVE_ECC_VERIFY
  17529. int verifyH = WOLFSSL_FATAL_ERROR;
  17530. int verify = 0;
  17531. #endif
  17532. word32 siglen = ECC_BUFSIZE;
  17533. byte sig[ECC_BUFSIZE];
  17534. byte digest[] = TEST_STRING;
  17535. word32 digestlen = (word32)TEST_STRING_SZ;
  17536. /* Init stack var */
  17537. XMEMSET(sig, 0, siglen);
  17538. XMEMSET(&key, 0, sizeof(key));
  17539. /* Init structs. */
  17540. ret = wc_InitRng(&rng);
  17541. if (ret == 0) {
  17542. ret = wc_ecc_init(&key);
  17543. if (ret == 0) {
  17544. ret = wc_ecc_make_key(&rng, KEY14, &key);
  17545. }
  17546. }
  17547. printf(testingFmt, "wc_ecc_sign_hash()");
  17548. if (ret == 0) {
  17549. ret = wc_ecc_sign_hash(digest, digestlen, sig, &siglen, &rng, &key);
  17550. }
  17551. /* Check bad args. */
  17552. if (ret == 0) {
  17553. signH = wc_ecc_sign_hash(NULL, digestlen, sig, &siglen, &rng, &key);
  17554. if (signH == ECC_BAD_ARG_E) {
  17555. signH = wc_ecc_sign_hash(digest, digestlen, NULL, &siglen,
  17556. &rng, &key);
  17557. }
  17558. if (signH == ECC_BAD_ARG_E) {
  17559. signH = wc_ecc_sign_hash(digest, digestlen, sig, NULL,
  17560. &rng, &key);
  17561. }
  17562. if (signH == ECC_BAD_ARG_E) {
  17563. signH = wc_ecc_sign_hash(digest, digestlen, sig, &siglen,
  17564. NULL, &key);
  17565. }
  17566. if (signH == ECC_BAD_ARG_E) {
  17567. signH = wc_ecc_sign_hash(digest, digestlen, sig, &siglen,
  17568. &rng, NULL);
  17569. }
  17570. if (signH == ECC_BAD_ARG_E) {
  17571. signH = 0;
  17572. } else if (ret == 0) {
  17573. signH = WOLFSSL_FATAL_ERROR;
  17574. }
  17575. }
  17576. printf(resultFmt, signH == 0 ? passed : failed);
  17577. #ifdef HAVE_ECC_VERIFY
  17578. printf(testingFmt, "wc_ecc_verify_hash()");
  17579. ret = wc_ecc_verify_hash(sig, siglen, digest, digestlen, &verify, &key);
  17580. if (verify != 1 && ret == 0) {
  17581. ret = WOLFSSL_FATAL_ERROR;
  17582. }
  17583. /* Test bad args. */
  17584. if (ret == 0) {
  17585. verifyH = wc_ecc_verify_hash(NULL, siglen, digest, digestlen,
  17586. &verify, &key);
  17587. if (verifyH == ECC_BAD_ARG_E) {
  17588. verifyH = wc_ecc_verify_hash(sig, siglen, NULL, digestlen,
  17589. &verify, &key);
  17590. }
  17591. if (verifyH == ECC_BAD_ARG_E) {
  17592. verifyH = wc_ecc_verify_hash(sig, siglen, digest, digestlen,
  17593. NULL, &key);
  17594. }
  17595. if (verifyH == ECC_BAD_ARG_E) {
  17596. verifyH = wc_ecc_verify_hash(sig, siglen, digest, digestlen,
  17597. &verify, NULL);
  17598. }
  17599. if (verifyH == ECC_BAD_ARG_E) {
  17600. verifyH = 0;
  17601. } else if (ret == 0) {
  17602. verifyH = WOLFSSL_FATAL_ERROR;
  17603. }
  17604. }
  17605. printf(resultFmt, verifyH == 0 ? passed : failed);
  17606. #endif /* HAVE_ECC_VERIFY */
  17607. if (wc_FreeRng(&rng) && ret == 0) {
  17608. ret = WOLFSSL_FATAL_ERROR;
  17609. }
  17610. wc_ecc_free(&key);
  17611. #ifdef FP_ECC
  17612. wc_ecc_fp_free();
  17613. #endif
  17614. #endif
  17615. return ret;
  17616. } /* END test_wc_ecc_sign_hash */
  17617. /*
  17618. * Testing wc_ecc_shared_secret()
  17619. */
  17620. static int test_wc_ecc_shared_secret (void)
  17621. {
  17622. int ret = 0;
  17623. #if defined(HAVE_ECC) && defined(HAVE_ECC_DHE) && !defined(WC_NO_RNG)
  17624. ecc_key key, pubKey;
  17625. WC_RNG rng;
  17626. int keySz = KEY16;
  17627. byte out[KEY16];
  17628. word32 outlen = (word32)sizeof(out);
  17629. /* Initialize variables. */
  17630. XMEMSET(out, 0, keySz);
  17631. XMEMSET(&rng, 0, sizeof(rng));
  17632. XMEMSET(&key, 0, sizeof(key));
  17633. XMEMSET(&pubKey, 0, sizeof(pubKey));
  17634. ret = wc_InitRng(&rng);
  17635. if (ret == 0) {
  17636. ret = wc_ecc_init(&key);
  17637. if (ret == 0) {
  17638. ret = wc_ecc_init(&pubKey);
  17639. }
  17640. }
  17641. if (ret == 0) {
  17642. ret = wc_ecc_make_key(&rng, keySz, &key);
  17643. }
  17644. if (ret == 0) {
  17645. ret = wc_ecc_make_key(&rng, keySz, &pubKey);
  17646. }
  17647. #if defined(ECC_TIMING_RESISTANT) && (!defined(HAVE_FIPS) || \
  17648. (!defined(HAVE_FIPS_VERSION) || (HAVE_FIPS_VERSION != 2))) && \
  17649. !defined(HAVE_SELFTEST)
  17650. if (ret == 0) {
  17651. ret = wc_ecc_set_rng(&key, &rng);
  17652. }
  17653. #endif
  17654. printf(testingFmt, "wc_ecc_shared_secret()");
  17655. if (ret == 0) {
  17656. ret = wc_ecc_shared_secret(&key, &pubKey, out, &outlen);
  17657. /* Test bad args. */
  17658. if (ret == 0) {
  17659. ret = wc_ecc_shared_secret(NULL, &pubKey, out, &outlen);
  17660. if (ret == BAD_FUNC_ARG) {
  17661. ret = wc_ecc_shared_secret(&key, NULL, out, &outlen);
  17662. }
  17663. if (ret == BAD_FUNC_ARG) {
  17664. ret = wc_ecc_shared_secret(&key, &pubKey, NULL, &outlen);
  17665. }
  17666. if (ret == BAD_FUNC_ARG) {
  17667. ret = wc_ecc_shared_secret(&key, &pubKey, out, NULL);
  17668. }
  17669. if (ret == BAD_FUNC_ARG) {
  17670. ret = 0;
  17671. } else if (ret == 0) {
  17672. ret = WOLFSSL_FATAL_ERROR;
  17673. }
  17674. }
  17675. }
  17676. printf(resultFmt, ret == 0 ? passed : failed);
  17677. if (wc_FreeRng(&rng) && ret == 0) {
  17678. ret = WOLFSSL_FATAL_ERROR;
  17679. }
  17680. wc_ecc_free(&key);
  17681. wc_ecc_free(&pubKey);
  17682. #ifdef FP_ECC
  17683. wc_ecc_fp_free();
  17684. #endif
  17685. #endif
  17686. return ret;
  17687. } /* END tests_wc_ecc_shared_secret */
  17688. /*
  17689. * testint wc_ecc_export_x963()
  17690. */
  17691. static int test_wc_ecc_export_x963 (void)
  17692. {
  17693. int ret = 0;
  17694. #if defined(HAVE_ECC) && defined(HAVE_ECC_KEY_EXPORT) && !defined(WC_NO_RNG)
  17695. ecc_key key;
  17696. WC_RNG rng;
  17697. byte out[ECC_ASN963_MAX_BUF_SZ];
  17698. word32 outlen = sizeof(out);
  17699. /* Initialize variables. */
  17700. XMEMSET(out, 0, outlen);
  17701. XMEMSET(&rng, 0, sizeof(rng));
  17702. XMEMSET(&key, 0, sizeof(key));
  17703. ret = wc_InitRng(&rng);
  17704. if (ret == 0) {
  17705. ret = wc_ecc_init(&key);
  17706. if (ret == 0) {
  17707. ret = wc_ecc_make_key(&rng, KEY20, &key);
  17708. }
  17709. }
  17710. printf(testingFmt, "wc_ecc_export_x963()");
  17711. if (ret == 0) {
  17712. ret = wc_ecc_export_x963(&key, out, &outlen);
  17713. }
  17714. /* Test bad args. */
  17715. if (ret == 0) {
  17716. ret = wc_ecc_export_x963(NULL, out, &outlen);
  17717. if (ret == ECC_BAD_ARG_E) {
  17718. ret = wc_ecc_export_x963(&key, NULL, &outlen);
  17719. }
  17720. if (ret == LENGTH_ONLY_E) {
  17721. ret = wc_ecc_export_x963(&key, out, NULL);
  17722. }
  17723. if (ret == ECC_BAD_ARG_E) {
  17724. key.idx = -4;
  17725. ret = wc_ecc_export_x963(&key, out, &outlen);
  17726. }
  17727. if (ret == ECC_BAD_ARG_E) {
  17728. ret = 0;
  17729. } else {
  17730. ret = WOLFSSL_FATAL_ERROR;
  17731. }
  17732. }
  17733. printf(resultFmt, ret == 0 ? passed : failed);
  17734. if (wc_FreeRng(&rng) && ret == 0) {
  17735. ret = WOLFSSL_FATAL_ERROR;
  17736. }
  17737. wc_ecc_free(&key);
  17738. #ifdef FP_ECC
  17739. wc_ecc_fp_free();
  17740. #endif
  17741. #endif
  17742. return ret;
  17743. } /* END test_wc_ecc_export_x963 */
  17744. /*
  17745. * Testing wc_ecc_export_x963_ex()
  17746. * compile with --enable-compkey will use compression.
  17747. */
  17748. static int test_wc_ecc_export_x963_ex (void)
  17749. {
  17750. int ret = 0;
  17751. #if defined(HAVE_ECC) && defined(HAVE_ECC_KEY_EXPORT) && !defined(WC_NO_RNG)
  17752. ecc_key key;
  17753. WC_RNG rng;
  17754. byte out[ECC_ASN963_MAX_BUF_SZ];
  17755. word32 outlen = sizeof(out);
  17756. #ifdef HAVE_COMP_KEY
  17757. word32 badOutLen = 5;
  17758. #endif
  17759. /* Init stack variables. */
  17760. XMEMSET(out, 0, outlen);
  17761. XMEMSET(&rng, 0, sizeof(rng));
  17762. XMEMSET(&key, 0, sizeof(key));
  17763. ret = wc_InitRng(&rng);
  17764. if (ret == 0) {
  17765. ret = wc_ecc_init(&key);
  17766. if (ret == 0) {
  17767. ret = wc_ecc_make_key(&rng, KEY64, &key);
  17768. }
  17769. }
  17770. printf(testingFmt, "wc_ecc_export_x963_ex()");
  17771. #ifdef HAVE_COMP_KEY
  17772. if (ret == 0) {
  17773. ret = wc_ecc_export_x963_ex(&key, out, &outlen, COMP);
  17774. }
  17775. #else
  17776. if (ret == 0) {
  17777. ret = wc_ecc_export_x963_ex(&key, out, &outlen, NOCOMP);
  17778. }
  17779. #endif
  17780. /* Test bad args. */
  17781. #ifdef HAVE_COMP_KEY
  17782. if (ret == 0) {
  17783. ret = wc_ecc_export_x963_ex(NULL, out, &outlen, COMP);
  17784. if (ret == BAD_FUNC_ARG) {
  17785. ret = wc_ecc_export_x963_ex(&key, NULL, &outlen, COMP);
  17786. }
  17787. if (ret == BAD_FUNC_ARG) {
  17788. ret = wc_ecc_export_x963_ex(&key, out, NULL, COMP);
  17789. }
  17790. if (ret == BAD_FUNC_ARG) {
  17791. ret = wc_ecc_export_x963_ex(&key, out, &badOutLen, COMP);
  17792. }
  17793. if (ret == BUFFER_E) {
  17794. key.idx = -4;
  17795. ret = wc_ecc_export_x963_ex(&key, out, &outlen, COMP);
  17796. }
  17797. if (ret == ECC_BAD_ARG_E) {
  17798. ret = 0;
  17799. } else {
  17800. ret = WOLFSSL_FATAL_ERROR;
  17801. }
  17802. }
  17803. #else
  17804. if (ret == 0) {
  17805. ret = wc_ecc_export_x963_ex(NULL, out, &outlen, NOCOMP);
  17806. if (ret == BAD_FUNC_ARG) {
  17807. ret = wc_ecc_export_x963_ex(&key, NULL, &outlen, NOCOMP);
  17808. }
  17809. if (ret == BAD_FUNC_ARG) {
  17810. ret = wc_ecc_export_x963_ex(&key, out, &outlen, 1);
  17811. }
  17812. if (ret == NOT_COMPILED_IN) {
  17813. ret = wc_ecc_export_x963_ex(&key, out, NULL, NOCOMP);
  17814. }
  17815. if (ret == BAD_FUNC_ARG) {
  17816. key.idx = -4;
  17817. ret = wc_ecc_export_x963_ex(&key, out, &outlen, NOCOMP);
  17818. }
  17819. if (ret == ECC_BAD_ARG_E) {
  17820. ret = 0;
  17821. } else if (ret == 0) {
  17822. ret = WOLFSSL_FATAL_ERROR;
  17823. }
  17824. }
  17825. #endif
  17826. printf(resultFmt, ret == 0 ? passed : failed);
  17827. if (wc_FreeRng(&rng) && ret == 0) {
  17828. ret = WOLFSSL_FATAL_ERROR;
  17829. }
  17830. wc_ecc_free(&key);
  17831. #ifdef FP_ECC
  17832. wc_ecc_fp_free();
  17833. #endif
  17834. #endif
  17835. return ret;
  17836. } /* END test_wc_ecc_export_x963_ex */
  17837. /*
  17838. * testing wc_ecc_import_x963()
  17839. */
  17840. static int test_wc_ecc_import_x963 (void)
  17841. {
  17842. int ret = 0;
  17843. #if defined(HAVE_ECC) && defined(HAVE_ECC_KEY_IMPORT) && \
  17844. defined(HAVE_ECC_KEY_EXPORT) && !defined(WC_NO_RNG)
  17845. ecc_key pubKey, key;
  17846. WC_RNG rng;
  17847. byte x963[ECC_ASN963_MAX_BUF_SZ];
  17848. word32 x963Len = (word32)sizeof(x963);
  17849. /* Init stack variables. */
  17850. XMEMSET(x963, 0, x963Len);
  17851. XMEMSET(&rng, 0, sizeof(rng));
  17852. XMEMSET(&key, 0, sizeof(key));
  17853. XMEMSET(&pubKey, 0, sizeof(pubKey));
  17854. ret = wc_InitRng(&rng);
  17855. if (ret == 0) {
  17856. ret = wc_ecc_init(&pubKey);
  17857. if (ret == 0) {
  17858. ret = wc_ecc_init(&key);
  17859. }
  17860. if (ret == 0) {
  17861. ret = wc_ecc_make_key(&rng, KEY24, &key);
  17862. }
  17863. if (ret == 0) {
  17864. ret = wc_ecc_export_x963(&key, x963, &x963Len);
  17865. }
  17866. }
  17867. printf(testingFmt, "wc_ecc_import_x963()");
  17868. if (ret == 0) {
  17869. ret = wc_ecc_import_x963(x963, x963Len, &pubKey);
  17870. }
  17871. /* Test bad args. */
  17872. if (ret == 0) {
  17873. ret = wc_ecc_import_x963(NULL, x963Len, &pubKey);
  17874. if (ret == BAD_FUNC_ARG) {
  17875. ret = wc_ecc_import_x963(x963, x963Len, NULL);
  17876. }
  17877. if (ret == BAD_FUNC_ARG) {
  17878. ret = wc_ecc_import_x963(x963, x963Len + 1, &pubKey);
  17879. }
  17880. if (ret == ECC_BAD_ARG_E) {
  17881. ret = 0;
  17882. } else if (ret == 0) {
  17883. ret = WOLFSSL_FATAL_ERROR;
  17884. }
  17885. }
  17886. printf(resultFmt, ret == 0 ? passed : failed);
  17887. if (wc_FreeRng(&rng) && ret == 0) {
  17888. ret = WOLFSSL_FATAL_ERROR;
  17889. }
  17890. wc_ecc_free(&key);
  17891. wc_ecc_free(&pubKey);
  17892. #ifdef FP_ECC
  17893. wc_ecc_fp_free();
  17894. #endif
  17895. #endif
  17896. return ret;
  17897. } /* END wc_ecc_import_x963 */
  17898. /*
  17899. * testing wc_ecc_import_private_key()
  17900. */
  17901. static int ecc_import_private_key (void)
  17902. {
  17903. int ret = 0;
  17904. #if defined(HAVE_ECC) && defined(HAVE_ECC_KEY_IMPORT) && \
  17905. defined(HAVE_ECC_KEY_EXPORT) && !defined(WC_NO_RNG)
  17906. ecc_key key, keyImp;
  17907. WC_RNG rng;
  17908. byte privKey[ECC_PRIV_KEY_BUF]; /* Raw private key.*/
  17909. byte x963Key[ECC_ASN963_MAX_BUF_SZ];
  17910. word32 privKeySz = (word32)sizeof(privKey);
  17911. word32 x963KeySz = (word32)sizeof(x963Key);
  17912. /* Init stack variables. */
  17913. XMEMSET(privKey, 0, privKeySz);
  17914. XMEMSET(x963Key, 0, x963KeySz);
  17915. XMEMSET(&rng, 0, sizeof(rng));
  17916. XMEMSET(&key, 0, sizeof(key));
  17917. XMEMSET(&keyImp, 0, sizeof(keyImp));
  17918. ret = wc_InitRng(&rng);
  17919. if (ret == 0) {
  17920. ret = wc_ecc_init(&key);
  17921. if (ret == 0) {
  17922. ret = wc_ecc_init(&keyImp);
  17923. }
  17924. if (ret == 0) {
  17925. ret = wc_ecc_make_key(&rng, KEY48, &key);
  17926. }
  17927. if (ret == 0) {
  17928. ret = wc_ecc_export_x963(&key, x963Key, &x963KeySz);
  17929. }
  17930. if (ret == 0) {
  17931. ret = wc_ecc_export_private_only(&key, privKey, &privKeySz);
  17932. }
  17933. }
  17934. printf(testingFmt, "wc_ecc_import_private_key()");
  17935. if (ret == 0) {
  17936. ret = wc_ecc_import_private_key(privKey, privKeySz, x963Key,
  17937. x963KeySz, &keyImp);
  17938. }
  17939. /* Pass in bad args. */
  17940. if (ret == 0) {
  17941. ret = wc_ecc_import_private_key(privKey, privKeySz, x963Key,
  17942. x963KeySz, NULL);
  17943. if (ret == BAD_FUNC_ARG) {
  17944. ret = wc_ecc_import_private_key(NULL, privKeySz, x963Key,
  17945. x963KeySz, &keyImp);
  17946. }
  17947. if (ret == BAD_FUNC_ARG) {
  17948. ret = 0;
  17949. } else if (ret == 0) {
  17950. ret = WOLFSSL_FATAL_ERROR;
  17951. }
  17952. }
  17953. printf(resultFmt, ret == 0 ? passed : failed);
  17954. if (wc_FreeRng(&rng) && ret == 0) {
  17955. ret = WOLFSSL_FATAL_ERROR;
  17956. }
  17957. wc_ecc_free(&key);
  17958. wc_ecc_free(&keyImp);
  17959. #ifdef FP_ECC
  17960. wc_ecc_fp_free();
  17961. #endif
  17962. #endif
  17963. return ret;
  17964. } /* END wc_ecc_import_private_key */
  17965. /*
  17966. * Testing wc_ecc_export_private_only()
  17967. */
  17968. static int test_wc_ecc_export_private_only (void)
  17969. {
  17970. int ret = 0;
  17971. #if defined(HAVE_ECC) && defined(HAVE_ECC_KEY_EXPORT) && !defined(WC_NO_RNG)
  17972. ecc_key key;
  17973. WC_RNG rng;
  17974. byte out[ECC_PRIV_KEY_BUF];
  17975. word32 outlen = sizeof(out);
  17976. /* Init stack variables. */
  17977. XMEMSET(out, 0, outlen);
  17978. XMEMSET(&rng, 0, sizeof(rng));
  17979. XMEMSET(&key, 0, sizeof(key));
  17980. ret = wc_InitRng(&rng);
  17981. if (ret == 0) {
  17982. ret = wc_ecc_init(&key);
  17983. if (ret == 0) {
  17984. ret = wc_ecc_make_key(&rng, KEY32, &key);
  17985. }
  17986. }
  17987. printf(testingFmt, "wc_ecc_export_private_only()");
  17988. if (ret == 0) {
  17989. ret = wc_ecc_export_private_only(&key, out, &outlen);
  17990. }
  17991. /* Pass in bad args. */
  17992. if (ret == 0) {
  17993. ret = wc_ecc_export_private_only(NULL, out, &outlen);
  17994. if (ret == BAD_FUNC_ARG) {
  17995. ret = wc_ecc_export_private_only(&key, NULL, &outlen);
  17996. }
  17997. if (ret == BAD_FUNC_ARG) {
  17998. ret = wc_ecc_export_private_only(&key, out, NULL);
  17999. }
  18000. if (ret == BAD_FUNC_ARG) {
  18001. ret = 0;
  18002. } else if (ret == 0) {
  18003. ret = WOLFSSL_FATAL_ERROR;
  18004. }
  18005. }
  18006. printf(resultFmt, ret == 0 ? passed : failed);
  18007. if (wc_FreeRng(&rng) && ret == 0) {
  18008. ret = WOLFSSL_FATAL_ERROR;
  18009. }
  18010. wc_ecc_free(&key);
  18011. #ifdef FP_ECC
  18012. wc_ecc_fp_free();
  18013. #endif
  18014. #endif
  18015. return ret;
  18016. } /* END test_wc_ecc_export_private_only */
  18017. /*
  18018. * Testing wc_ecc_rs_to_sig()
  18019. */
  18020. static int test_wc_ecc_rs_to_sig (void)
  18021. {
  18022. int ret = 0;
  18023. #if defined(HAVE_ECC) && !defined(NO_ASN)
  18024. /* first [P-192,SHA-1] vector from FIPS 186-3 NIST vectors */
  18025. const char* R = "6994d962bdd0d793ffddf855ec5bf2f91a9698b46258a63e";
  18026. const char* S = "02ba6465a234903744ab02bc8521405b73cf5fc00e1a9f41";
  18027. const char* zeroStr = "0";
  18028. byte sig[ECC_MAX_SIG_SIZE];
  18029. word32 siglen = (word32)sizeof(sig);
  18030. /*R and S max size is the order of curve. 2^192.*/
  18031. int keySz = KEY24;
  18032. byte r[KEY24];
  18033. byte s[KEY24];
  18034. word32 rlen = (word32)sizeof(r);
  18035. word32 slen = (word32)sizeof(s);
  18036. /* Init stack variables. */
  18037. XMEMSET(sig, 0, ECC_MAX_SIG_SIZE);
  18038. XMEMSET(r, 0, keySz);
  18039. XMEMSET(s, 0, keySz);
  18040. printf(testingFmt, "wc_ecc_rs_to_sig()");
  18041. ret = wc_ecc_rs_to_sig(R, S, sig, &siglen);
  18042. /* Test bad args. */
  18043. if (ret == 0) {
  18044. ret = wc_ecc_rs_to_sig(NULL, S, sig, &siglen);
  18045. if (ret == ECC_BAD_ARG_E) {
  18046. ret = wc_ecc_rs_to_sig(R, NULL, sig, &siglen);
  18047. }
  18048. if (ret == ECC_BAD_ARG_E) {
  18049. ret = wc_ecc_rs_to_sig(R, S, sig, NULL);
  18050. }
  18051. if (ret == ECC_BAD_ARG_E) {
  18052. ret = wc_ecc_rs_to_sig(R, S, NULL, &siglen);
  18053. }
  18054. if (ret == ECC_BAD_ARG_E) {
  18055. ret = wc_ecc_rs_to_sig(R, zeroStr, sig, &siglen);
  18056. }
  18057. if (ret == MP_ZERO_E) {
  18058. ret = wc_ecc_rs_to_sig(zeroStr, S, sig, &siglen);
  18059. }
  18060. if (ret == MP_ZERO_E) {
  18061. ret = 0;
  18062. } else {
  18063. ret = WOLFSSL_FATAL_ERROR;
  18064. }
  18065. }
  18066. printf(resultFmt, ret == 0 ? passed : failed);
  18067. printf(testingFmt, "wc_ecc_sig_to_rs()");
  18068. if (ret == 0) {
  18069. ret = wc_ecc_sig_to_rs(sig, siglen, r, &rlen, s, &slen);
  18070. }
  18071. /* Test bad args. */
  18072. if (ret == 0) {
  18073. ret = wc_ecc_sig_to_rs(NULL, siglen, r, &rlen, s, &slen);
  18074. if (ret == ECC_BAD_ARG_E) {
  18075. ret = wc_ecc_sig_to_rs(sig, siglen, NULL, &rlen, s, &slen);
  18076. }
  18077. if (ret == ECC_BAD_ARG_E) {
  18078. ret = wc_ecc_sig_to_rs(sig, siglen, r, NULL, s, &slen);
  18079. }
  18080. if (ret == ECC_BAD_ARG_E) {
  18081. ret = wc_ecc_sig_to_rs(sig, siglen, r, &rlen, NULL, &slen);
  18082. }
  18083. if (ret == ECC_BAD_ARG_E) {
  18084. ret = wc_ecc_sig_to_rs(sig, siglen, r, &rlen, s, NULL);
  18085. }
  18086. if (ret == ECC_BAD_ARG_E) {
  18087. ret = 0;
  18088. } else if (ret == 0) {
  18089. ret = WOLFSSL_FATAL_ERROR;
  18090. }
  18091. }
  18092. printf(resultFmt, ret == 0 ? passed : failed);
  18093. #endif
  18094. return ret;
  18095. } /* END test_wc_ecc_rs_to_sig */
  18096. static int test_wc_ecc_import_raw(void)
  18097. {
  18098. int ret = 0;
  18099. #if defined(HAVE_ECC) && !defined(NO_ECC256)
  18100. ecc_key key;
  18101. const char* qx =
  18102. "bb33ac4c27504ac64aa504c33cde9f36db722dce94ea2bfacb2009392c16e861";
  18103. const char* qy =
  18104. "02e9af4dd302939a315b9792217ff0cf18da9111023486e82058330b803489d8";
  18105. const char* d =
  18106. "45b66902739c6c85a1385b72e8e8c7acc4038d533504fa6c28dc348de1a8098c";
  18107. const char* curveName = "SECP256R1";
  18108. #ifdef WOLFSSL_VALIDATE_ECC_IMPORT
  18109. const char* kNullStr = "";
  18110. #endif
  18111. ret = wc_ecc_init(&key);
  18112. printf(testingFmt, "wc_ecc_import_raw()");
  18113. if (ret == 0) {
  18114. ret = wc_ecc_import_raw(&key, qx, qy, d, curveName);
  18115. }
  18116. /* Test bad args. */
  18117. if (ret == 0) {
  18118. ret = wc_ecc_import_raw(NULL, qx, qy, d, curveName);
  18119. if (ret == BAD_FUNC_ARG) {
  18120. ret = wc_ecc_import_raw(&key, NULL, qy, d, curveName);
  18121. }
  18122. if (ret == BAD_FUNC_ARG) {
  18123. ret = wc_ecc_import_raw(&key, qx, NULL, d, curveName);
  18124. }
  18125. if (ret == BAD_FUNC_ARG) {
  18126. ret = wc_ecc_import_raw(&key, qx, qy, d, NULL);
  18127. }
  18128. #ifdef WOLFSSL_VALIDATE_ECC_IMPORT
  18129. if (ret == BAD_FUNC_ARG) {
  18130. #if !defined(USE_FAST_MATH) && !defined(WOLFSSL_SP_MATH)
  18131. wc_ecc_free(&key);
  18132. #endif
  18133. ret = wc_ecc_import_raw(&key, kNullStr, kNullStr, kNullStr, curveName);
  18134. if (ret == ECC_INF_E)
  18135. ret = BAD_FUNC_ARG; /* This is expected by other tests */
  18136. }
  18137. #endif
  18138. #if !defined(HAVE_SELFTEST) && !defined(HAVE_FIPS)
  18139. if (ret == BAD_FUNC_ARG) {
  18140. #if !defined(USE_FAST_MATH) && !defined(WOLFSSL_SP_MATH)
  18141. wc_ecc_free(&key);
  18142. #endif
  18143. ret = wc_ecc_import_raw(&key, "0", qy, d, curveName);
  18144. }
  18145. if (ret == BAD_FUNC_ARG) {
  18146. #if !defined(USE_FAST_MATH) && !defined(WOLFSSL_SP_MATH)
  18147. wc_ecc_free(&key);
  18148. #endif
  18149. ret = wc_ecc_import_raw(&key, qx, "0", d, curveName);
  18150. }
  18151. #endif
  18152. if (ret == BAD_FUNC_ARG) {
  18153. ret = 0;
  18154. }
  18155. }
  18156. printf(resultFmt, ret == 0 ? passed : failed);
  18157. wc_ecc_free(&key);
  18158. #endif
  18159. return ret;
  18160. } /* END test_wc_ecc_import_raw */
  18161. static int test_wc_ecc_import_unsigned(void)
  18162. {
  18163. int ret = 0;
  18164. #if defined(HAVE_ECC) && !defined(NO_ECC256) && !defined(HAVE_SELFTEST) && \
  18165. (!defined(HAVE_FIPS) || (defined(HAVE_FIPS_VERSION) && HAVE_FIPS_VERSION >= 2))
  18166. ecc_key key;
  18167. const byte qx[] = {
  18168. 0xbb, 0x33, 0xac, 0x4c, 0x27, 0x50, 0x4a, 0xc6,
  18169. 0x4a, 0xa5, 0x04, 0xc3, 0x3c, 0xde, 0x9f, 0x36,
  18170. 0xdb, 0x72, 0x2d, 0xce, 0x94, 0xea, 0x2b, 0xfa,
  18171. 0xcb, 0x20, 0x09, 0x39, 0x2c, 0x16, 0xe8, 0x61
  18172. };
  18173. const byte qy[] = {
  18174. 0x02, 0xe9, 0xaf, 0x4d, 0xd3, 0x02, 0x93, 0x9a,
  18175. 0x31, 0x5b, 0x97, 0x92, 0x21, 0x7f, 0xf0, 0xcf,
  18176. 0x18, 0xda, 0x91, 0x11, 0x02, 0x34, 0x86, 0xe8,
  18177. 0x20, 0x58, 0x33, 0x0b, 0x80, 0x34, 0x89, 0xd8
  18178. };
  18179. const byte d[] = {
  18180. 0x45, 0xb6, 0x69, 0x02, 0x73, 0x9c, 0x6c, 0x85,
  18181. 0xa1, 0x38, 0x5b, 0x72, 0xe8, 0xe8, 0xc7, 0xac,
  18182. 0xc4, 0x03, 0x8d, 0x53, 0x35, 0x04, 0xfa, 0x6c,
  18183. 0x28, 0xdc, 0x34, 0x8d, 0xe1, 0xa8, 0x09, 0x8c
  18184. };
  18185. #ifdef WOLFSSL_VALIDATE_ECC_IMPORT
  18186. const byte nullBytes[32] = {0};
  18187. #endif
  18188. int curveId = ECC_SECP256R1;
  18189. ret = wc_ecc_init(&key);
  18190. printf(testingFmt, "wc_ecc_import_unsigned()");
  18191. if (ret == 0) {
  18192. ret = wc_ecc_import_unsigned(&key, (byte*)qx, (byte*)qy, (byte*)d,
  18193. curveId);
  18194. }
  18195. /* Test bad args. */
  18196. if (ret == 0) {
  18197. ret = wc_ecc_import_unsigned(NULL, (byte*)qx, (byte*)qy, (byte*)d,
  18198. curveId);
  18199. if (ret == BAD_FUNC_ARG) {
  18200. ret = wc_ecc_import_unsigned(&key, NULL, (byte*)qy, (byte*)d,
  18201. curveId);
  18202. }
  18203. if (ret == BAD_FUNC_ARG) {
  18204. ret = wc_ecc_import_unsigned(&key, (byte*)qx, NULL, (byte*)d,
  18205. curveId);
  18206. }
  18207. if (ret == BAD_FUNC_ARG) {
  18208. ret = wc_ecc_import_unsigned(&key, (byte*)qx, (byte*)qy, (byte*)d,
  18209. ECC_CURVE_INVALID);
  18210. }
  18211. #ifdef WOLFSSL_VALIDATE_ECC_IMPORT
  18212. if (ret == BAD_FUNC_ARG) {
  18213. ret = wc_ecc_import_unsigned(&key, (byte*)nullBytes,
  18214. (byte*)nullBytes, (byte*)nullBytes, curveId);
  18215. }
  18216. #endif
  18217. if (ret == BAD_FUNC_ARG || ret == ECC_INF_E) {
  18218. ret = 0;
  18219. }
  18220. }
  18221. printf(resultFmt, ret == 0 ? passed : failed);
  18222. wc_ecc_free(&key);
  18223. #endif
  18224. return ret;
  18225. } /* END test_wc_ecc_import_unsigned */
  18226. /*
  18227. * Testing wc_ecc_sig_size()
  18228. */
  18229. static int test_wc_ecc_sig_size (void)
  18230. {
  18231. int ret = 0;
  18232. #if defined(HAVE_ECC) && !defined(WC_NO_RNG)
  18233. ecc_key key;
  18234. WC_RNG rng;
  18235. int keySz = KEY16;
  18236. XMEMSET(&rng, 0, sizeof(rng));
  18237. XMEMSET(&key, 0, sizeof(key));
  18238. ret = wc_InitRng(&rng);
  18239. if (ret == 0) {
  18240. ret = wc_ecc_init(&key);
  18241. if (ret == 0) {
  18242. ret = wc_ecc_make_key(&rng, keySz, &key);
  18243. }
  18244. }
  18245. printf(testingFmt, "wc_ecc_sig_size()");
  18246. if (ret == 0) {
  18247. ret = wc_ecc_sig_size(&key);
  18248. if (ret <= (2 * keySz + SIG_HEADER_SZ + ECC_MAX_PAD_SZ)) {
  18249. ret = 0;
  18250. }
  18251. }
  18252. printf(resultFmt, ret == 0 ? passed : failed);
  18253. if (wc_FreeRng(&rng) && ret == 0) {
  18254. ret = WOLFSSL_FATAL_ERROR;
  18255. }
  18256. wc_ecc_free(&key);
  18257. #endif
  18258. return ret;
  18259. } /* END test_wc_ecc_sig_size */
  18260. /*
  18261. * Testing wc_ecc_ctx_new()
  18262. */
  18263. static int test_wc_ecc_ctx_new (void)
  18264. {
  18265. int ret = 0;
  18266. #if defined(HAVE_ECC) && defined(HAVE_ECC_ENCRYPT) && !defined(WC_NO_RNG)
  18267. WC_RNG rng;
  18268. ecEncCtx* cli = NULL;
  18269. ecEncCtx* srv = NULL;
  18270. ret = wc_InitRng(&rng);
  18271. printf(testingFmt, "wc_ecc_ctx_new()");
  18272. if (ret == 0) {
  18273. cli = wc_ecc_ctx_new(REQ_RESP_CLIENT, &rng);
  18274. srv = wc_ecc_ctx_new(REQ_RESP_SERVER, &rng);
  18275. }
  18276. if (ret == 0 && (cli == NULL || srv == NULL)) {
  18277. ret = WOLFSSL_FATAL_ERROR;
  18278. }
  18279. wc_ecc_ctx_free(cli);
  18280. wc_ecc_ctx_free(srv);
  18281. /* Test bad args. */
  18282. if (ret == 0) {
  18283. /* wc_ecc_ctx_new_ex() will free if returned NULL. */
  18284. cli = wc_ecc_ctx_new(0, &rng);
  18285. if (cli != NULL) {
  18286. ret = WOLFSSL_FATAL_ERROR;
  18287. }
  18288. cli = wc_ecc_ctx_new(REQ_RESP_CLIENT, NULL);
  18289. if (cli != NULL) {
  18290. ret = WOLFSSL_FATAL_ERROR;
  18291. }
  18292. }
  18293. printf(resultFmt, ret == 0 ? passed : failed);
  18294. if (wc_FreeRng(&rng) && ret == 0) {
  18295. ret = WOLFSSL_FATAL_ERROR;
  18296. }
  18297. wc_ecc_ctx_free(cli);
  18298. #endif
  18299. return ret;
  18300. } /* END test_wc_ecc_ctx_new */
  18301. /*
  18302. * Tesing wc_ecc_reset()
  18303. */
  18304. static int test_wc_ecc_ctx_reset (void)
  18305. {
  18306. int ret = 0;
  18307. #if defined(HAVE_ECC) && defined(HAVE_ECC_ENCRYPT) && !defined(WC_NO_RNG)
  18308. ecEncCtx* ctx = NULL;
  18309. WC_RNG rng;
  18310. ret = wc_InitRng(&rng);
  18311. if (ret == 0) {
  18312. if ( (ctx = wc_ecc_ctx_new(REQ_RESP_CLIENT, &rng)) == NULL ) {
  18313. ret = WOLFSSL_FATAL_ERROR;
  18314. }
  18315. }
  18316. printf(testingFmt, "wc_ecc_ctx_reset()");
  18317. if (ret == 0) {
  18318. ret = wc_ecc_ctx_reset(ctx, &rng);
  18319. }
  18320. /* Pass in bad args. */
  18321. if (ret == 0) {
  18322. ret = wc_ecc_ctx_reset(NULL, &rng);
  18323. if (ret == BAD_FUNC_ARG) {
  18324. ret = wc_ecc_ctx_reset(ctx, NULL);
  18325. }
  18326. if (ret == BAD_FUNC_ARG) {
  18327. ret = 0;
  18328. } else if (ret == 0) {
  18329. ret = WOLFSSL_FATAL_ERROR;
  18330. }
  18331. }
  18332. printf(resultFmt, ret == 0 ? passed : failed);
  18333. if (wc_FreeRng(&rng) && ret == 0) {
  18334. ret = WOLFSSL_FATAL_ERROR;
  18335. }
  18336. wc_ecc_ctx_free(ctx);
  18337. #endif
  18338. return ret;
  18339. } /* END test_wc_ecc_ctx_reset */
  18340. /*
  18341. * Testing wc_ecc_ctx_set_peer_salt() and wc_ecc_ctx_get_own_salt()
  18342. */
  18343. static int test_wc_ecc_ctx_set_peer_salt (void)
  18344. {
  18345. int ret = 0;
  18346. #if defined(HAVE_ECC) && defined(HAVE_ECC_ENCRYPT) && !defined(WC_NO_RNG)
  18347. WC_RNG rng;
  18348. ecEncCtx* cliCtx = NULL;
  18349. ecEncCtx* servCtx = NULL;
  18350. const byte* cliSalt = NULL;
  18351. const byte* servSalt = NULL;
  18352. ret = wc_InitRng(&rng);
  18353. if (ret == 0) {
  18354. if ( ( (cliCtx = wc_ecc_ctx_new(REQ_RESP_CLIENT, &rng)) == NULL ) ||
  18355. ( (servCtx = wc_ecc_ctx_new(REQ_RESP_SERVER, &rng)) == NULL) ) {
  18356. ret = WOLFSSL_FATAL_ERROR;
  18357. }
  18358. }
  18359. printf(testingFmt, "wc_ecc_ctx_get_own_salt()");
  18360. /* Test bad args. */
  18361. if (ret == 0) {
  18362. cliSalt = wc_ecc_ctx_get_own_salt(NULL);
  18363. if (cliSalt != NULL) {
  18364. ret = WOLFSSL_FATAL_ERROR;
  18365. }
  18366. }
  18367. if (ret == 0) {
  18368. cliSalt = wc_ecc_ctx_get_own_salt(cliCtx);
  18369. servSalt = wc_ecc_ctx_get_own_salt(servCtx);
  18370. if (cliSalt == NULL || servSalt == NULL) {
  18371. ret = WOLFSSL_FATAL_ERROR;
  18372. }
  18373. }
  18374. printf(resultFmt, ret == 0 ? passed : failed);
  18375. printf(testingFmt, "wc_ecc_ctx_set_peer_salt()");
  18376. if (ret == 0) {
  18377. ret = wc_ecc_ctx_set_peer_salt(cliCtx, servSalt);
  18378. }
  18379. /* Test bad args. */
  18380. if (ret == 0) {
  18381. ret = wc_ecc_ctx_set_peer_salt(NULL, servSalt);
  18382. if (ret == BAD_FUNC_ARG) {
  18383. ret = wc_ecc_ctx_set_peer_salt(cliCtx, NULL);
  18384. }
  18385. if (ret == BAD_FUNC_ARG) {
  18386. ret = 0;
  18387. } else if (ret == 0) {
  18388. ret = WOLFSSL_FATAL_ERROR;
  18389. }
  18390. }
  18391. printf(resultFmt, ret == 0 ? passed : failed);
  18392. if (wc_FreeRng(&rng) && ret == 0) {
  18393. ret = WOLFSSL_FATAL_ERROR;
  18394. }
  18395. wc_ecc_ctx_free(cliCtx);
  18396. wc_ecc_ctx_free(servCtx);
  18397. #endif
  18398. return ret;
  18399. } /* END test_wc_ecc_ctx_set_peer_salt */
  18400. /*
  18401. * Testing wc_ecc_ctx_set_info()
  18402. */
  18403. static int test_wc_ecc_ctx_set_info (void)
  18404. {
  18405. int ret = 0;
  18406. #if defined(HAVE_ECC) && defined(HAVE_ECC_ENCRYPT) && !defined(WC_NO_RNG)
  18407. ecEncCtx* ctx = NULL;
  18408. WC_RNG rng;
  18409. const char* optInfo = "Optional Test Info.";
  18410. int optInfoSz = (int)XSTRLEN(optInfo);
  18411. const char* badOptInfo = NULL;
  18412. ret = wc_InitRng(&rng);
  18413. if ( (ctx = wc_ecc_ctx_new(REQ_RESP_CLIENT, &rng)) == NULL || ret != 0 ) {
  18414. ret = WOLFSSL_FATAL_ERROR;
  18415. }
  18416. printf(testingFmt, "wc_ecc_ctx_set_info()");
  18417. if (ret == 0) {
  18418. ret = wc_ecc_ctx_set_info(ctx, (byte*)optInfo, optInfoSz);
  18419. }
  18420. /* Test bad args. */
  18421. if (ret == 0) {
  18422. ret = wc_ecc_ctx_set_info(NULL, (byte*)optInfo, optInfoSz);
  18423. if (ret == BAD_FUNC_ARG) {
  18424. ret = wc_ecc_ctx_set_info(ctx, (byte*)badOptInfo, optInfoSz);
  18425. }
  18426. if (ret == BAD_FUNC_ARG) {
  18427. ret = wc_ecc_ctx_set_info(ctx, (byte*)optInfo, -1);
  18428. }
  18429. if (ret == BAD_FUNC_ARG) {
  18430. ret = 0;
  18431. } else if (ret == 0) {
  18432. ret = WOLFSSL_FATAL_ERROR;
  18433. }
  18434. }
  18435. printf(resultFmt, ret == 0 ? passed : failed);
  18436. if (wc_FreeRng(&rng) && ret == 0) {
  18437. ret = WOLFSSL_FATAL_ERROR;
  18438. }
  18439. wc_ecc_ctx_free(ctx);
  18440. #endif
  18441. return ret;
  18442. } /* END test_wc_ecc_ctx_set_info */
  18443. /*
  18444. * Testing wc_ecc_encrypt() and wc_ecc_decrypt()
  18445. */
  18446. static int test_wc_ecc_encryptDecrypt (void)
  18447. {
  18448. int ret = 0;
  18449. #if defined(HAVE_ECC) && defined(HAVE_ECC_ENCRYPT) && defined(WOLFSSL_AES_128) \
  18450. && !defined(WC_NO_RNG)
  18451. ecc_key srvKey, cliKey;
  18452. WC_RNG rng;
  18453. const char* msg = "EccBlock Size 16";
  18454. word32 msgSz = (word32)XSTRLEN(msg);
  18455. byte out[XSTRLEN(msg) + WC_SHA256_DIGEST_SIZE];
  18456. word32 outSz = (word32)sizeof(out);
  18457. byte plain[XSTRLEN(msg) + 1];
  18458. word32 plainSz = (word32)sizeof(plain);
  18459. int keySz = KEY20;
  18460. /* Init stack variables. */
  18461. XMEMSET(out, 0, outSz);
  18462. XMEMSET(plain, 0, plainSz);
  18463. XMEMSET(&rng, 0, sizeof(rng));
  18464. XMEMSET(&srvKey, 0, sizeof(srvKey));
  18465. XMEMSET(&cliKey, 0, sizeof(cliKey));
  18466. ret = wc_InitRng(&rng);
  18467. if (ret == 0) {
  18468. ret = wc_ecc_init(&cliKey);
  18469. if (ret == 0) {
  18470. ret = wc_ecc_make_key(&rng, keySz, &cliKey);
  18471. }
  18472. if (ret == 0) {
  18473. ret = wc_ecc_init(&srvKey);
  18474. }
  18475. if (ret == 0) {
  18476. ret = wc_ecc_make_key(&rng, keySz, &srvKey);
  18477. }
  18478. }
  18479. #if defined(ECC_TIMING_RESISTANT) && (!defined(HAVE_FIPS) || \
  18480. (!defined(HAVE_FIPS_VERSION) || (HAVE_FIPS_VERSION != 2))) && \
  18481. !defined(HAVE_SELFTEST)
  18482. if (ret == 0) {
  18483. ret = wc_ecc_set_rng(&srvKey, &rng);
  18484. }
  18485. if (ret == 0) {
  18486. ret = wc_ecc_set_rng(&cliKey, &rng);
  18487. }
  18488. #endif
  18489. printf(testingFmt, "wc_ecc_encrypt()");
  18490. if (ret == 0) {
  18491. ret = wc_ecc_encrypt(&cliKey, &srvKey, (byte*)msg, msgSz, out,
  18492. &outSz, NULL);
  18493. }
  18494. if (ret == 0) {
  18495. ret = wc_ecc_encrypt(NULL, &srvKey, (byte*)msg, msgSz, out,
  18496. &outSz, NULL);
  18497. if (ret == BAD_FUNC_ARG) {
  18498. ret = wc_ecc_encrypt(&cliKey, NULL, (byte*)msg, msgSz, out,
  18499. &outSz, NULL);
  18500. }
  18501. if (ret == BAD_FUNC_ARG) {
  18502. ret = wc_ecc_encrypt(&cliKey, &srvKey, NULL, msgSz, out,
  18503. &outSz, NULL);
  18504. }
  18505. if (ret == BAD_FUNC_ARG) {
  18506. ret = wc_ecc_encrypt(&cliKey, &srvKey, (byte*)msg, msgSz, NULL,
  18507. &outSz, NULL);
  18508. }
  18509. if (ret == BAD_FUNC_ARG) {
  18510. ret = wc_ecc_encrypt(&cliKey, &srvKey, (byte*)msg, msgSz, out,
  18511. NULL, NULL);
  18512. }
  18513. if (ret == BAD_FUNC_ARG) {
  18514. ret = 0;
  18515. } else if (ret == 0) {
  18516. ret = WOLFSSL_FATAL_ERROR;
  18517. }
  18518. }
  18519. printf(resultFmt, ret == 0 ? passed : failed);
  18520. printf(testingFmt, "wc_ecc_decrypt()");
  18521. if (ret == 0) {
  18522. ret = wc_ecc_decrypt(&srvKey, &cliKey, out, outSz, plain,
  18523. &plainSz, NULL);
  18524. }
  18525. if (ret == 0) {
  18526. ret = wc_ecc_decrypt(NULL, &cliKey, out, outSz, plain,
  18527. &plainSz, NULL);
  18528. if (ret == BAD_FUNC_ARG) {
  18529. ret = wc_ecc_decrypt(&srvKey, NULL, out, outSz, plain,
  18530. &plainSz, NULL);
  18531. }
  18532. if (ret == BAD_FUNC_ARG) {
  18533. ret = wc_ecc_decrypt(&srvKey, &cliKey, NULL, outSz, plain,
  18534. &plainSz, NULL);
  18535. }
  18536. if (ret == BAD_FUNC_ARG) {
  18537. ret = wc_ecc_decrypt(&srvKey, &cliKey, out, outSz, NULL,
  18538. &plainSz, NULL);
  18539. }
  18540. if (ret == BAD_FUNC_ARG) {
  18541. ret = wc_ecc_decrypt(&srvKey, &cliKey, out, outSz,
  18542. plain, NULL, NULL);
  18543. }
  18544. if (ret == BAD_FUNC_ARG) {
  18545. ret = 0;
  18546. } else if (ret == 0) {
  18547. ret = WOLFSSL_FATAL_ERROR;
  18548. }
  18549. }
  18550. if (XMEMCMP(msg, plain, msgSz) != 0) {
  18551. ret = WOLFSSL_FATAL_ERROR;
  18552. }
  18553. printf(resultFmt, ret == 0 ? passed : failed);
  18554. if (wc_FreeRng(&rng) && ret == 0) {
  18555. ret = WOLFSSL_FATAL_ERROR;
  18556. }
  18557. wc_ecc_free(&cliKey);
  18558. wc_ecc_free(&srvKey);
  18559. #endif
  18560. return ret;
  18561. } /* END test_wc_ecc_encryptDecrypt */
  18562. /*
  18563. * Testing wc_ecc_del_point() and wc_ecc_new_point()
  18564. */
  18565. static int test_wc_ecc_del_point (void)
  18566. {
  18567. int ret = 0;
  18568. #if defined(HAVE_ECC)
  18569. ecc_point* pt;
  18570. printf(testingFmt, "wc_ecc_new_point()");
  18571. pt = wc_ecc_new_point();
  18572. if (!pt) {
  18573. ret = WOLFSSL_FATAL_ERROR;
  18574. }
  18575. printf(resultFmt, ret == 0 ? passed : failed);
  18576. wc_ecc_del_point(pt);
  18577. #endif
  18578. return ret;
  18579. } /* END test_wc_ecc_del_point */
  18580. /*
  18581. * Testing wc_ecc_point_is_at_infinity(), wc_ecc_export_point_der(),
  18582. * wc_ecc_import_point_der(), wc_ecc_copy_point(), wc_ecc_point_is_on_curve(),
  18583. * and wc_ecc_cmp_point()
  18584. */
  18585. static int test_wc_ecc_pointFns (void)
  18586. {
  18587. int ret = 0;
  18588. #if defined(HAVE_ECC) && defined(HAVE_ECC_KEY_EXPORT) && \
  18589. !defined(WC_NO_RNG) && !defined(WOLFSSL_ATECC508A) && \
  18590. !defined(WOLFSSL_ATECC608A)
  18591. ecc_key key;
  18592. WC_RNG rng;
  18593. ecc_point* point = NULL;
  18594. ecc_point* cpypt = NULL;
  18595. int idx = 0;
  18596. int keySz = KEY32;
  18597. byte der[DER_SZ(KEY32)];
  18598. word32 derlenChk = 0;
  18599. word32 derSz = DER_SZ(KEY32);
  18600. /* Init stack variables. */
  18601. XMEMSET(der, 0, derSz);
  18602. XMEMSET(&rng, 0, sizeof(rng));
  18603. XMEMSET(&key, 0, sizeof(key));
  18604. ret = wc_InitRng(&rng);
  18605. if (ret == 0) {
  18606. ret = wc_ecc_init(&key);
  18607. if (ret == 0) {
  18608. ret = wc_ecc_make_key(&rng, keySz, &key);
  18609. }
  18610. }
  18611. if (ret == 0) {
  18612. point = wc_ecc_new_point();
  18613. if (!point) {
  18614. ret = WOLFSSL_FATAL_ERROR;
  18615. }
  18616. }
  18617. if (ret == 0) {
  18618. cpypt = wc_ecc_new_point();
  18619. if (!cpypt) {
  18620. ret = WOLFSSL_FATAL_ERROR;
  18621. }
  18622. }
  18623. /* Export */
  18624. printf(testingFmt, "wc_ecc_export_point_der()");
  18625. if (ret == 0) {
  18626. ret = wc_ecc_export_point_der((idx = key.idx), &key.pubkey,
  18627. NULL, &derlenChk);
  18628. /* Check length value. */
  18629. if (derSz == derlenChk && ret == LENGTH_ONLY_E) {
  18630. ret = wc_ecc_export_point_der((idx = key.idx), &key.pubkey,
  18631. der, &derSz);
  18632. }
  18633. }
  18634. /* Test bad args. */
  18635. if (ret == 0) {
  18636. ret = wc_ecc_export_point_der(-2, &key.pubkey, der, &derSz);
  18637. if (ret == ECC_BAD_ARG_E) {
  18638. ret = wc_ecc_export_point_der((idx = key.idx), NULL, der, &derSz);
  18639. }
  18640. if (ret == ECC_BAD_ARG_E) {
  18641. ret = wc_ecc_export_point_der((idx = key.idx), &key.pubkey,
  18642. der, NULL);
  18643. }
  18644. if (ret == ECC_BAD_ARG_E) {
  18645. ret = 0;
  18646. } else if (ret == 0) {
  18647. ret = WOLFSSL_FATAL_ERROR;
  18648. }
  18649. }
  18650. printf(resultFmt, ret == 0 ? passed : failed);
  18651. /* Import */
  18652. printf(testingFmt, "wc_ecc_import_point_der()");
  18653. if (ret == 0) {
  18654. ret = wc_ecc_import_point_der(der, derSz, idx, point);
  18655. /* Condition double checks wc_ecc_cmp_point(). */
  18656. if (ret == 0 && XMEMCMP(&key.pubkey, point, sizeof(key.pubkey))) {
  18657. ret = wc_ecc_cmp_point(&key.pubkey, point);
  18658. }
  18659. }
  18660. /* Test bad args. */
  18661. if (ret == 0) {
  18662. ret = wc_ecc_import_point_der(NULL, derSz, idx, point);
  18663. if (ret == ECC_BAD_ARG_E) {
  18664. ret = wc_ecc_import_point_der(der, derSz, idx, NULL);
  18665. }
  18666. if (ret == ECC_BAD_ARG_E) {
  18667. ret = wc_ecc_import_point_der(der, derSz, -1, point);
  18668. }
  18669. if (ret == ECC_BAD_ARG_E) {
  18670. ret = wc_ecc_import_point_der(der, derSz + 1, idx, point);
  18671. }
  18672. if (ret == ECC_BAD_ARG_E) {
  18673. ret = 0;
  18674. } else if (ret == 0) {
  18675. ret = WOLFSSL_FATAL_ERROR;
  18676. }
  18677. }
  18678. printf(resultFmt, ret == 0 ? passed : failed);
  18679. /* Copy */
  18680. printf(testingFmt, "wc_ecc_copy_point()");
  18681. if (ret == 0) {
  18682. ret = wc_ecc_copy_point(point, cpypt);
  18683. }
  18684. /* Test bad args. */
  18685. if (ret == 0) {
  18686. ret = wc_ecc_copy_point(NULL, cpypt);
  18687. if (ret == ECC_BAD_ARG_E) {
  18688. ret = wc_ecc_copy_point(point, NULL);
  18689. }
  18690. if (ret == ECC_BAD_ARG_E) {
  18691. ret = 0;
  18692. } else if (ret == 0) {
  18693. ret = WOLFSSL_FATAL_ERROR;
  18694. }
  18695. }
  18696. printf(resultFmt, ret == 0 ? passed : failed);
  18697. printf(testingFmt, "wc_ecc_cmp_point()");
  18698. /* Compare point */
  18699. if (ret == 0) {
  18700. ret = wc_ecc_cmp_point(point, cpypt);
  18701. }
  18702. /* Test bad args. */
  18703. if (ret == 0) {
  18704. ret = wc_ecc_cmp_point(NULL, cpypt);
  18705. if (ret == BAD_FUNC_ARG) {
  18706. ret = wc_ecc_cmp_point(point, NULL);
  18707. }
  18708. if (ret == BAD_FUNC_ARG) {
  18709. ret = 0;
  18710. } else if (ret == 0) {
  18711. ret = WOLFSSL_FATAL_ERROR;
  18712. }
  18713. }
  18714. printf(resultFmt, ret == 0 ? passed : failed);
  18715. printf(testingFmt, "wc_ecc_point_is_at_infinity()");
  18716. /* At infinity if return == 1, otherwise return == 0. */
  18717. if (ret == 0) {
  18718. ret = wc_ecc_point_is_at_infinity(point);
  18719. }
  18720. /* Test bad args. */
  18721. if (ret == 0) {
  18722. ret = wc_ecc_point_is_at_infinity(NULL);
  18723. if (ret == BAD_FUNC_ARG) {
  18724. ret = 0;
  18725. } else if (ret == 0) {
  18726. ret = WOLFSSL_FATAL_ERROR;
  18727. }
  18728. }
  18729. printf(resultFmt, ret == 0 ? passed : failed);
  18730. #ifdef USE_ECC_B_PARAM
  18731. printf(testingFmt, "wc_ecc_point_is_on_curve()");
  18732. /* On curve if ret == 0 */
  18733. if (ret == 0) {
  18734. ret = wc_ecc_point_is_on_curve(point, idx);
  18735. }
  18736. /* Test bad args. */
  18737. if (ret == 0) {
  18738. ret = wc_ecc_point_is_on_curve(NULL, idx);
  18739. if (ret == BAD_FUNC_ARG) {
  18740. ret = wc_ecc_point_is_on_curve(point, 1000);
  18741. }
  18742. if (ret == ECC_BAD_ARG_E) {
  18743. ret = 0;
  18744. } else if (ret == 0) {
  18745. ret = WOLFSSL_FATAL_ERROR;
  18746. }
  18747. }
  18748. printf(resultFmt, ret == 0 ? passed : failed);
  18749. #endif /* USE_ECC_B_PARAM */
  18750. /* Free */
  18751. wc_ecc_del_point(point);
  18752. wc_ecc_del_point(cpypt);
  18753. wc_ecc_free(&key);
  18754. if (wc_FreeRng(&rng) && ret == 0) {
  18755. ret = WOLFSSL_FATAL_ERROR;
  18756. }
  18757. #endif
  18758. return ret;
  18759. } /* END test_wc_ecc_pointFns */
  18760. /*
  18761. * Testing wc_ecc_sahred_secret_ssh()
  18762. */
  18763. static int test_wc_ecc_shared_secret_ssh (void)
  18764. {
  18765. int ret = 0;
  18766. #if defined(HAVE_ECC) && defined(HAVE_ECC_DHE) && \
  18767. !defined(WC_NO_RNG) && !defined(WOLFSSL_ATECC508A) && \
  18768. !defined(WOLFSSL_ATECC608A)
  18769. ecc_key key, key2;
  18770. WC_RNG rng;
  18771. int keySz = KEY32;
  18772. int key2Sz = KEY24;
  18773. byte secret[KEY32];
  18774. word32 secretLen = keySz;
  18775. /* Init stack variables. */
  18776. XMEMSET(secret, 0, secretLen);
  18777. XMEMSET(&rng, 0, sizeof(rng));
  18778. XMEMSET(&key, 0, sizeof(key));
  18779. XMEMSET(&key2, 0, sizeof(key2));
  18780. /* Make keys */
  18781. ret = wc_InitRng(&rng);
  18782. if (ret == 0) {
  18783. ret = wc_ecc_init(&key);
  18784. if (ret == 0) {
  18785. ret = wc_ecc_make_key(&rng, keySz, &key);
  18786. }
  18787. if (wc_FreeRng(&rng) && ret == 0) {
  18788. ret = WOLFSSL_FATAL_ERROR;
  18789. }
  18790. }
  18791. if (ret == 0) {
  18792. ret = wc_InitRng(&rng);
  18793. if (ret == 0) {
  18794. ret = wc_ecc_init(&key2);
  18795. }
  18796. if (ret == 0) {
  18797. ret = wc_ecc_make_key(&rng, key2Sz, &key2);
  18798. }
  18799. }
  18800. printf(testingFmt, "ecc_shared_secret_ssh()");
  18801. #if defined(ECC_TIMING_RESISTANT) && (!defined(HAVE_FIPS) || \
  18802. (!defined(HAVE_FIPS_VERSION) || (HAVE_FIPS_VERSION != 2))) && \
  18803. !defined(HAVE_SELFTEST)
  18804. if (ret == 0) {
  18805. ret = wc_ecc_set_rng(&key, &rng);
  18806. }
  18807. #endif
  18808. if (ret == 0) {
  18809. ret = wc_ecc_shared_secret_ssh(&key, &key2.pubkey, secret, &secretLen);
  18810. }
  18811. /* Pass in bad args. */
  18812. if (ret == 0) {
  18813. ret = wc_ecc_shared_secret_ssh(NULL, &key2.pubkey, secret, &secretLen);
  18814. if (ret == BAD_FUNC_ARG) {
  18815. ret = wc_ecc_shared_secret_ssh(&key, NULL, secret, &secretLen);
  18816. }
  18817. if (ret == BAD_FUNC_ARG) {
  18818. ret = wc_ecc_shared_secret_ssh(&key, &key2.pubkey, NULL, &secretLen);
  18819. }
  18820. if (ret == BAD_FUNC_ARG) {
  18821. ret = wc_ecc_shared_secret_ssh(&key, &key2.pubkey, secret, NULL);
  18822. }
  18823. if (ret == BAD_FUNC_ARG) {
  18824. key.type = ECC_PUBLICKEY;
  18825. ret = wc_ecc_shared_secret_ssh(&key, &key2.pubkey, secret, &secretLen);
  18826. if (ret == ECC_BAD_ARG_E) {
  18827. ret = 0;
  18828. } else if (ret == 0) {
  18829. ret = WOLFSSL_FATAL_ERROR;
  18830. }
  18831. } else if (ret == 0) {
  18832. ret = WOLFSSL_FATAL_ERROR;
  18833. }
  18834. }
  18835. printf(resultFmt, ret == 0 ? passed : failed);
  18836. if (wc_FreeRng(&rng) && ret == 0) {
  18837. ret = WOLFSSL_FATAL_ERROR;
  18838. }
  18839. wc_ecc_free(&key);
  18840. wc_ecc_free(&key2);
  18841. #ifdef FP_ECC
  18842. wc_ecc_fp_free();
  18843. #endif
  18844. #endif
  18845. return ret;
  18846. } /* END test_wc_ecc_shared_secret_ssh */
  18847. /*
  18848. * Testing wc_ecc_verify_hash_ex() and wc_ecc_verify_hash_ex()
  18849. */
  18850. static int test_wc_ecc_verify_hash_ex (void)
  18851. {
  18852. int ret = 0;
  18853. #if defined(HAVE_ECC) && defined(HAVE_ECC_SIGN) && defined(WOLFSSL_PUBLIC_MP) \
  18854. && !defined(WC_NO_RNG) && !defined(WOLFSSL_ATECC508A) && \
  18855. !defined(WOLFSSL_ATECC608A)
  18856. ecc_key key;
  18857. WC_RNG rng;
  18858. mp_int r;
  18859. mp_int s;
  18860. unsigned char hash[] = "Everyone gets Friday off.EccSig";
  18861. unsigned char iHash[] = "Everyone gets Friday off.......";
  18862. unsigned char shortHash[] = TEST_STRING;
  18863. word32 hashlen = sizeof(hash);
  18864. word32 iHashLen = sizeof(iHash);
  18865. word32 shortHashLen = sizeof(shortHash);
  18866. int keySz = KEY32;
  18867. int sig = WOLFSSL_FATAL_ERROR;
  18868. int ver = WOLFSSL_FATAL_ERROR;
  18869. int verify_ok = 0;
  18870. /* Initialize r and s. */
  18871. ret = mp_init_multi(&r, &s, NULL, NULL, NULL, NULL);
  18872. if (ret != MP_OKAY) {
  18873. return MP_INIT_E;
  18874. }
  18875. ret = wc_InitRng(&rng);
  18876. if (ret == 0) {
  18877. ret = wc_ecc_init(&key);
  18878. if (ret == 0) {
  18879. ret = wc_ecc_make_key(&rng, keySz, &key);
  18880. }
  18881. }
  18882. if (ret == 0) {
  18883. ret = wc_ecc_sign_hash_ex(hash, hashlen, &rng, &key, &r, &s);
  18884. if (ret == 0) {
  18885. /* verify_ok should be 1. */
  18886. ret = wc_ecc_verify_hash_ex(&r, &s, hash, hashlen, &verify_ok, &key);
  18887. if (verify_ok != 1 && ret == 0) {
  18888. ret = WOLFSSL_FATAL_ERROR;
  18889. }
  18890. }
  18891. if (ret == 0) {
  18892. /* verify_ok should be 0 */
  18893. ret = wc_ecc_verify_hash_ex(&r, &s, iHash, iHashLen,
  18894. &verify_ok, &key);
  18895. if (verify_ok != 0 && ret == 0) {
  18896. ret = WOLFSSL_FATAL_ERROR;
  18897. }
  18898. }
  18899. if (ret == 0) {
  18900. /* verify_ok should be 0. */
  18901. ret = wc_ecc_verify_hash_ex(&r, &s, shortHash, shortHashLen,
  18902. &verify_ok, &key);
  18903. if (verify_ok != 0 && ret == 0) {
  18904. ret = WOLFSSL_FATAL_ERROR;
  18905. }
  18906. }
  18907. }
  18908. printf(testingFmt, "wc_ecc_sign_hash_ex()");
  18909. /* Test bad args. */
  18910. if (ret == 0) {
  18911. if (wc_ecc_sign_hash_ex(NULL, hashlen, &rng, &key, &r, &s)
  18912. == ECC_BAD_ARG_E) {
  18913. sig = 0;
  18914. }
  18915. if (sig == 0 && wc_ecc_sign_hash_ex(hash, hashlen, NULL, &key, &r, &s)
  18916. != ECC_BAD_ARG_E) {
  18917. sig = WOLFSSL_FATAL_ERROR;
  18918. }
  18919. if (sig == 0 && wc_ecc_sign_hash_ex(hash, hashlen, &rng, NULL, &r, &s)
  18920. != ECC_BAD_ARG_E) {
  18921. sig = WOLFSSL_FATAL_ERROR;
  18922. }
  18923. if (sig == 0 && wc_ecc_sign_hash_ex(hash, hashlen, &rng, &key, NULL, &s)
  18924. != ECC_BAD_ARG_E) {
  18925. sig = WOLFSSL_FATAL_ERROR;
  18926. }
  18927. if (sig == 0 && wc_ecc_sign_hash_ex(hash, hashlen, &rng, &key, &r, NULL)
  18928. != ECC_BAD_ARG_E) {
  18929. sig = WOLFSSL_FATAL_ERROR;
  18930. }
  18931. }
  18932. printf(resultFmt, sig == 0 ? passed : failed);
  18933. printf(testingFmt, "wc_ecc_verify_hash_ex()");
  18934. /* Test bad args. */
  18935. if (ret == 0) {
  18936. if (wc_ecc_verify_hash_ex(NULL, &s, shortHash, shortHashLen, &verify_ok, &key)
  18937. == ECC_BAD_ARG_E) {
  18938. ver = 0;
  18939. }
  18940. if (ver == 0 && wc_ecc_verify_hash_ex(&r, NULL, shortHash, shortHashLen,
  18941. &verify_ok, &key) != ECC_BAD_ARG_E) {
  18942. ver = WOLFSSL_FATAL_ERROR;
  18943. }
  18944. if (ver == 0 && wc_ecc_verify_hash_ex(&r, &s, NULL, shortHashLen, &verify_ok,
  18945. &key) != ECC_BAD_ARG_E) {
  18946. ver = WOLFSSL_FATAL_ERROR;
  18947. }
  18948. if (ver == 0 && wc_ecc_verify_hash_ex(&r, &s, shortHash, shortHashLen,
  18949. NULL, &key) != ECC_BAD_ARG_E) {
  18950. ver = WOLFSSL_FATAL_ERROR;
  18951. }
  18952. if (ver == 0 && wc_ecc_verify_hash_ex(&r, &s, shortHash, shortHashLen,
  18953. &verify_ok, NULL) != ECC_BAD_ARG_E) {
  18954. ver = WOLFSSL_FATAL_ERROR;
  18955. }
  18956. }
  18957. printf(resultFmt, ver == 0 ? passed : failed);
  18958. wc_ecc_free(&key);
  18959. mp_free(&r);
  18960. mp_free(&s);
  18961. if (wc_FreeRng(&rng)) {
  18962. return WOLFSSL_FATAL_ERROR;
  18963. }
  18964. if (ret == 0 && (sig != 0 || ver != 0)) {
  18965. ret = WOLFSSL_FATAL_ERROR;
  18966. }
  18967. #endif
  18968. return ret;
  18969. } /* END test_wc_ecc_verify_hash_ex */
  18970. /*
  18971. * Testing wc_ecc_mulmod()
  18972. */
  18973. static int test_wc_ecc_mulmod (void)
  18974. {
  18975. int ret = 0;
  18976. #if defined(HAVE_ECC) && !defined(WC_NO_RNG) && \
  18977. !(defined(WOLFSSL_ATECC508A) || defined(WOLFSSL_ATECC608A) || \
  18978. defined(WOLFSSL_VALIDATE_ECC_IMPORT))
  18979. ecc_key key1, key2, key3;
  18980. WC_RNG rng;
  18981. ret = wc_InitRng(&rng);
  18982. if (ret == 0) {
  18983. ret = wc_ecc_init(&key1);
  18984. if (ret == 0) {
  18985. ret = wc_ecc_init(&key2);
  18986. }
  18987. if (ret == 0) {
  18988. ret = wc_ecc_init(&key3);
  18989. }
  18990. if (ret == 0) {
  18991. ret = wc_ecc_make_key(&rng, KEY32, &key1);
  18992. }
  18993. wc_FreeRng(&rng);
  18994. }
  18995. if (ret == 0) {
  18996. ret = wc_ecc_import_raw_ex(&key2, key1.dp->Gx, key1.dp->Gy, key1.dp->Af,
  18997. ECC_SECP256R1);
  18998. if (ret == 0) {
  18999. ret = wc_ecc_import_raw_ex(&key3, key1.dp->Gx, key1.dp->Gy,
  19000. key1.dp->prime, ECC_SECP256R1);
  19001. }
  19002. }
  19003. printf(testingFmt, "wc_ecc_mulmod()");
  19004. if (ret == 0) {
  19005. ret = wc_ecc_mulmod(&key1.k, &key2.pubkey, &key3.pubkey, &key2.k,
  19006. &key3.k, 1);
  19007. }
  19008. /* Test bad args. */
  19009. if (ret == 0) {
  19010. ret = wc_ecc_mulmod(NULL, &key2.pubkey, &key3.pubkey, &key2.k,
  19011. &key3.k, 1);
  19012. if (ret == ECC_BAD_ARG_E) {
  19013. ret = wc_ecc_mulmod(&key1.k, NULL, &key3.pubkey, &key2.k,
  19014. &key3.k, 1);
  19015. }
  19016. if (ret == ECC_BAD_ARG_E) {
  19017. ret = wc_ecc_mulmod(&key1.k, &key2.pubkey, NULL, &key2.k,
  19018. &key3.k, 1);
  19019. }
  19020. if (ret == ECC_BAD_ARG_E) {
  19021. ret = wc_ecc_mulmod(&key1.k, &key2.pubkey, &key3.pubkey,
  19022. &key2.k, NULL, 1);
  19023. }
  19024. if (ret == ECC_BAD_ARG_E) {
  19025. ret = 0;
  19026. } else if (ret == 0) {
  19027. ret = WOLFSSL_FATAL_ERROR;
  19028. }
  19029. }
  19030. printf(resultFmt, ret == 0 ? passed : failed);
  19031. wc_ecc_free(&key1);
  19032. wc_ecc_free(&key2);
  19033. wc_ecc_free(&key3);
  19034. #ifdef FP_ECC
  19035. wc_ecc_fp_free();
  19036. #endif
  19037. #endif /* HAVE_ECC && !WOLFSSL_ATECC508A */
  19038. return ret;
  19039. } /* END test_wc_ecc_mulmod */
  19040. /*
  19041. * Testing wc_ecc_is_valid_idx()
  19042. */
  19043. static int test_wc_ecc_is_valid_idx (void)
  19044. {
  19045. int ret = 0;
  19046. #if defined(HAVE_ECC) && !defined(WC_NO_RNG)
  19047. ecc_key key;
  19048. WC_RNG rng;
  19049. int iVal = -2;
  19050. int iVal2 = 3000;
  19051. XMEMSET(&rng, 0, sizeof(rng));
  19052. XMEMSET(&key, 0, sizeof(key));
  19053. ret = wc_InitRng(&rng);
  19054. if (ret == 0) {
  19055. ret = wc_ecc_init(&key);
  19056. if (ret == 0) {
  19057. ret = wc_ecc_make_key(&rng, 32, &key);
  19058. }
  19059. }
  19060. printf(testingFmt, "wc_ecc_is_valid_idx()");
  19061. if (ret == 0) {
  19062. ret = wc_ecc_is_valid_idx(key.idx);
  19063. if (ret == 1) {
  19064. ret = 0;
  19065. } else {
  19066. ret = WOLFSSL_FATAL_ERROR;
  19067. }
  19068. }
  19069. /* Test bad args. */
  19070. if (ret == 0) {
  19071. ret = wc_ecc_is_valid_idx(iVal); /* should return 0 */
  19072. if (ret == 0) {
  19073. ret = wc_ecc_is_valid_idx(iVal2);
  19074. }
  19075. if (ret != 0) {
  19076. ret = WOLFSSL_FATAL_ERROR;
  19077. }
  19078. }
  19079. printf(resultFmt, ret == 0 ? passed : failed);
  19080. if (wc_FreeRng(&rng) && ret == 0) {
  19081. ret = WOLFSSL_FATAL_ERROR;
  19082. }
  19083. wc_ecc_free(&key);
  19084. #ifdef FP_ECC
  19085. wc_ecc_fp_free();
  19086. #endif
  19087. #endif
  19088. return ret;
  19089. } /* END test_wc_ecc_is_valid_idx */
  19090. /*
  19091. * Testing wc_ecc_get_curve_id_from_oid()
  19092. */
  19093. static int test_wc_ecc_get_curve_id_from_oid (void)
  19094. {
  19095. int ret = 0;
  19096. #if defined(HAVE_ECC) && !defined(NO_ECC256) && !defined(HAVE_SELFTEST) && \
  19097. !defined(HAVE_FIPS)
  19098. const byte oid[] = {0x2A,0x86,0x48,0xCE,0x3D,0x03,0x01,0x07};
  19099. word32 len = sizeof(oid);
  19100. printf(testingFmt, "wc_ecc_get_curve_id_from_oid()");
  19101. /* Bad Cases */
  19102. ret = wc_ecc_get_curve_id_from_oid(NULL, len);
  19103. if (ret == BAD_FUNC_ARG) {
  19104. ret = 0;
  19105. }
  19106. if (ret == 0) {
  19107. ret = wc_ecc_get_curve_id_from_oid(oid, 0);
  19108. if (ret == ECC_CURVE_INVALID) {
  19109. ret = 0;
  19110. }
  19111. }
  19112. /* Good Case */
  19113. if (ret == 0) {
  19114. ret = wc_ecc_get_curve_id_from_oid(oid, len);
  19115. if (ret == 7) {
  19116. ret = 0;
  19117. }
  19118. }
  19119. printf(resultFmt, ret == 0 ? passed : failed);
  19120. #endif
  19121. return ret;
  19122. }/* END test_wc_ecc_get_curve_id_from_oid */
  19123. /*
  19124. * Testing wc_ecc_sig_size_calc()
  19125. */
  19126. static int test_wc_ecc_sig_size_calc (void)
  19127. {
  19128. int ret = 0;
  19129. #if defined(HAVE_ECC) && !defined(WC_NO_RNG) && !defined(HAVE_SELFTEST)
  19130. ecc_key key;
  19131. WC_RNG rng;
  19132. int sz = 0;
  19133. printf(testingFmt, "wc_ecc_sig_size_calc()");
  19134. ret = wc_InitRng(&rng);
  19135. if (ret == 0) {
  19136. ret = wc_ecc_init(&key);
  19137. if (ret == 0) {
  19138. ret = wc_ecc_make_key(&rng, 16, &key);
  19139. }
  19140. sz = key.dp->size;
  19141. }
  19142. if (ret == 0) {
  19143. ret = wc_ecc_sig_size_calc(sz);
  19144. if (ret > 0) {
  19145. ret = 0;
  19146. }
  19147. }
  19148. printf(resultFmt, ret == 0 ? passed : failed);
  19149. wc_ecc_free(&key);
  19150. wc_FreeRng(&rng);
  19151. #endif
  19152. return ret;
  19153. } /* END test_wc_ecc_sig_size_calc */
  19154. /*
  19155. * Testing ToTraditional
  19156. */
  19157. static int test_ToTraditional (void)
  19158. {
  19159. int ret = 0;
  19160. #if !defined(NO_ASN) && (defined(HAVE_PKCS8) || defined(HAVE_PKCS12)) && \
  19161. (defined(WOLFSSL_TEST_CERT) || defined(OPENSSL_EXTRA) || \
  19162. defined(OPENSSL_EXTRA_X509_SMALL))
  19163. XFILE f;
  19164. byte input[TWOK_BUF];
  19165. word32 sz;
  19166. printf(testingFmt, "ToTraditional()");
  19167. f = XFOPEN("./certs/server-keyPkcs8.der", "rb");
  19168. AssertTrue((f != XBADFILE));
  19169. sz = (word32)XFREAD(input, 1, sizeof(input), f);
  19170. XFCLOSE(f);
  19171. /* Good case */
  19172. ret = ToTraditional(input, sz);
  19173. if (ret > 0) {
  19174. ret = 0;
  19175. }
  19176. /* Bad cases */
  19177. if (ret == 0) {
  19178. ret = ToTraditional(NULL, 0);
  19179. if (ret == BAD_FUNC_ARG) {
  19180. ret = 0;
  19181. }
  19182. }
  19183. if (ret == 0) {
  19184. ret = ToTraditional(NULL, sz);
  19185. if (ret == BAD_FUNC_ARG) {
  19186. ret = 0;
  19187. }
  19188. }
  19189. if (ret == 0) {
  19190. ret = ToTraditional(input, 0);
  19191. if (ret == ASN_PARSE_E) {
  19192. ret = 0;
  19193. }
  19194. }
  19195. printf(resultFmt, ret == 0 ? passed : failed);
  19196. #endif
  19197. return ret;
  19198. }/* End test_ToTraditional*/
  19199. /*
  19200. * Testing wc_EccPrivateKeyToDer
  19201. */
  19202. static int test_wc_EccPrivateKeyToDer (void)
  19203. {
  19204. int ret = 0;
  19205. #if defined(HAVE_ECC) && !defined(WC_NO_RNG)
  19206. byte output[ONEK_BUF];
  19207. ecc_key eccKey;
  19208. WC_RNG rng;
  19209. word32 inLen;
  19210. printf(testingFmt, "wc_EccPrivateKeyToDer()");
  19211. ret = wc_InitRng(&rng);
  19212. if (ret == 0) {
  19213. ret = wc_ecc_init(&eccKey);
  19214. if (ret == 0) {
  19215. ret = wc_ecc_make_key(&rng, KEY14, &eccKey);
  19216. }
  19217. inLen = (word32)sizeof(output);
  19218. /* Bad Cases */
  19219. if (ret == 0) {
  19220. ret = wc_EccPrivateKeyToDer(NULL, NULL, 0);
  19221. if (ret == BAD_FUNC_ARG) {
  19222. ret = 0;
  19223. }
  19224. }
  19225. if (ret == 0) {
  19226. ret = wc_EccPrivateKeyToDer(NULL, output, inLen);
  19227. if (ret == BAD_FUNC_ARG) {
  19228. ret = 0;
  19229. }
  19230. }
  19231. if (ret == 0) {
  19232. ret = wc_EccPrivateKeyToDer(&eccKey, NULL, inLen);
  19233. if (ret == LENGTH_ONLY_E) {
  19234. ret = 0;
  19235. }
  19236. }
  19237. if (ret == 0) {
  19238. ret = wc_EccPrivateKeyToDer(&eccKey, output, 0);
  19239. if (ret == BAD_FUNC_ARG) {
  19240. ret = 0;
  19241. }
  19242. }
  19243. /*Good Case */
  19244. if (ret == 0) {
  19245. ret = wc_EccPrivateKeyToDer(&eccKey, output, inLen);
  19246. if (ret > 0) {
  19247. ret = 0;
  19248. }
  19249. }
  19250. wc_ecc_free(&eccKey);
  19251. }
  19252. wc_FreeRng(&rng);
  19253. printf(resultFmt, ret == 0 ? passed : failed);
  19254. #endif
  19255. return ret;
  19256. }/* End test_wc_EccPrivateKeyToDer*/
  19257. /*
  19258. * Testing wc_Ed25519KeyToDer
  19259. */
  19260. static int test_wc_Ed25519KeyToDer (void)
  19261. {
  19262. int ret = 0;
  19263. #if defined(HAVE_ED25519) && (defined(WOLFSSL_CERT_GEN) || \
  19264. defined(WOLFSSL_KEY_GEN))
  19265. byte output[ONEK_BUF];
  19266. ed25519_key ed25519Key;
  19267. WC_RNG rng;
  19268. word32 inLen;
  19269. printf(testingFmt, "wc_Ed25519KeyToDer()");
  19270. ret = wc_InitRng(&rng);
  19271. if (ret == 0) {
  19272. ret = wc_ed25519_init(&ed25519Key);
  19273. if (ret == 0) {
  19274. ret = wc_ed25519_make_key(&rng, ED25519_KEY_SIZE, &ed25519Key);
  19275. }
  19276. inLen = (word32)sizeof(output);
  19277. /* Bad Cases */
  19278. if (ret == 0) {
  19279. ret = wc_Ed25519KeyToDer(NULL, NULL, 0);
  19280. if (ret == BAD_FUNC_ARG) {
  19281. ret = 0;
  19282. }
  19283. }
  19284. if (ret == 0) {
  19285. ret = wc_Ed25519KeyToDer(NULL, output, inLen);
  19286. if (ret == BAD_FUNC_ARG) {
  19287. ret = 0;
  19288. }
  19289. }
  19290. if (ret == 0) {
  19291. ret = wc_Ed25519KeyToDer(&ed25519Key, NULL, inLen);
  19292. if (ret == BAD_FUNC_ARG) {
  19293. ret = 0;
  19294. }
  19295. }
  19296. if (ret == 0) {
  19297. ret = wc_Ed25519KeyToDer(&ed25519Key, output, 0);
  19298. if (ret == BAD_FUNC_ARG) {
  19299. ret = 0;
  19300. }
  19301. }
  19302. /* Good Case */
  19303. if (ret == 0) {
  19304. ret = wc_Ed25519KeyToDer(&ed25519Key, output, inLen);
  19305. if (ret > 0) {
  19306. ret = 0;
  19307. }
  19308. }
  19309. wc_ed25519_free(&ed25519Key);
  19310. }
  19311. wc_FreeRng(&rng);
  19312. printf(resultFmt, ret == 0 ? passed : failed);
  19313. #endif
  19314. return ret;
  19315. }/* End test_wc_Ed25519KeyToDer*/
  19316. /*
  19317. * Testing wc_Ed25519PrivateKeyToDer
  19318. */
  19319. static int test_wc_Ed25519PrivateKeyToDer (void)
  19320. {
  19321. int ret = 0;
  19322. #if defined(HAVE_ED25519) && (defined(WOLFSSL_CERT_GEN) || \
  19323. defined(WOLFSSL_KEY_GEN))
  19324. byte output[ONEK_BUF];
  19325. ed25519_key ed25519PrivKey;
  19326. WC_RNG rng;
  19327. word32 inLen;
  19328. printf(testingFmt, "wc_Ed25519PrivateKeyToDer()");
  19329. ret = wc_InitRng(&rng);
  19330. if (ret == 0) {
  19331. ret = wc_ed25519_init(&ed25519PrivKey);
  19332. if (ret == 0) {
  19333. ret = wc_ed25519_make_key(&rng, ED25519_KEY_SIZE, &ed25519PrivKey);
  19334. }
  19335. inLen = (word32)sizeof(output);
  19336. /* Bad Cases */
  19337. if (ret == 0) {
  19338. ret = wc_Ed25519PrivateKeyToDer(NULL, NULL, 0);
  19339. if (ret == BAD_FUNC_ARG) {
  19340. ret = 0;
  19341. }
  19342. }
  19343. if (ret == 0) {
  19344. ret = wc_Ed25519PrivateKeyToDer(NULL, output, inLen);
  19345. if (ret == BAD_FUNC_ARG) {
  19346. ret = 0;
  19347. }
  19348. }
  19349. if (ret == 0) {
  19350. ret = wc_Ed25519PrivateKeyToDer(&ed25519PrivKey, NULL, inLen);
  19351. if (ret == BAD_FUNC_ARG) {
  19352. ret = 0;
  19353. }
  19354. }
  19355. if (ret == 0) {
  19356. ret = wc_Ed25519PrivateKeyToDer(&ed25519PrivKey, output, 0);
  19357. if (ret == BAD_FUNC_ARG) {
  19358. ret = 0;
  19359. }
  19360. }
  19361. /* Good Case */
  19362. if (ret == 0) {
  19363. ret = wc_Ed25519PrivateKeyToDer(&ed25519PrivKey, output, inLen);
  19364. if (ret > 0) {
  19365. ret = 0;
  19366. }
  19367. }
  19368. wc_ed25519_free(&ed25519PrivKey);
  19369. }
  19370. wc_FreeRng(&rng);
  19371. printf(resultFmt, ret == 0 ? passed : failed);
  19372. #endif
  19373. return ret;
  19374. }/* End test_wc_Ed25519PrivateKeyToDer*/
  19375. /*
  19376. * Testing wc_Ed448KeyToDer
  19377. */
  19378. static int test_wc_Ed448KeyToDer (void)
  19379. {
  19380. int ret = 0;
  19381. #if defined(HAVE_ED448) && (defined(WOLFSSL_CERT_GEN) || \
  19382. defined(WOLFSSL_KEY_GEN))
  19383. byte output[ONEK_BUF];
  19384. ed448_key ed448Key;
  19385. WC_RNG rng;
  19386. word32 inLen;
  19387. printf(testingFmt, "wc_Ed448KeyToDer()");
  19388. ret = wc_InitRng(&rng);
  19389. if (ret == 0) {
  19390. ret = wc_ed448_init(&ed448Key);
  19391. if (ret == 0) {
  19392. ret = wc_ed448_make_key(&rng, ED448_KEY_SIZE, &ed448Key);
  19393. }
  19394. inLen = sizeof(output);
  19395. /* Bad Cases */
  19396. if (ret == 0) {
  19397. ret = wc_Ed448KeyToDer(NULL, NULL, 0);
  19398. if (ret == BAD_FUNC_ARG) {
  19399. ret = 0;
  19400. }
  19401. }
  19402. if (ret == 0) {
  19403. ret = wc_Ed448KeyToDer(NULL, output, inLen);
  19404. if (ret == BAD_FUNC_ARG) {
  19405. ret = 0;
  19406. }
  19407. }
  19408. if (ret == 0) {
  19409. ret = wc_Ed448KeyToDer(&ed448Key, NULL, inLen);
  19410. if (ret == BAD_FUNC_ARG) {
  19411. ret = 0;
  19412. }
  19413. }
  19414. if (ret == 0) {
  19415. ret = wc_Ed448KeyToDer(&ed448Key, output, 0);
  19416. if (ret == BAD_FUNC_ARG) {
  19417. ret = 0;
  19418. }
  19419. }
  19420. /* Good Case */
  19421. if (ret == 0) {
  19422. ret = wc_Ed448KeyToDer(&ed448Key, output, inLen);
  19423. if (ret > 0) {
  19424. ret = 0;
  19425. }
  19426. }
  19427. wc_ed448_free(&ed448Key);
  19428. }
  19429. wc_FreeRng(&rng);
  19430. printf(resultFmt, ret == 0 ? passed : failed);
  19431. #endif
  19432. return ret;
  19433. }/* End test_wc_Ed448KeyToDer*/
  19434. /*
  19435. * Testing wc_Ed448PrivateKeyToDer
  19436. */
  19437. static int test_wc_Ed448PrivateKeyToDer (void)
  19438. {
  19439. int ret = 0;
  19440. #if defined(HAVE_ED448) && (defined(WOLFSSL_CERT_GEN) || \
  19441. defined(WOLFSSL_KEY_GEN))
  19442. byte output[ONEK_BUF];
  19443. ed448_key ed448PrivKey;
  19444. WC_RNG rng;
  19445. word32 inLen;
  19446. printf(testingFmt, "wc_Ed448PrivateKeyToDer()");
  19447. ret = wc_InitRng(&rng);
  19448. if (ret == 0) {
  19449. ret = wc_ed448_init(&ed448PrivKey);
  19450. if (ret == 0) {
  19451. ret = wc_ed448_make_key(&rng, ED448_KEY_SIZE, &ed448PrivKey);
  19452. }
  19453. inLen = sizeof(output);
  19454. /* Bad Cases */
  19455. if (ret == 0) {
  19456. ret = wc_Ed448PrivateKeyToDer(NULL, NULL, 0);
  19457. if (ret == BAD_FUNC_ARG) {
  19458. ret = 0;
  19459. }
  19460. }
  19461. if (ret == 0) {
  19462. ret = wc_Ed448PrivateKeyToDer(NULL, output, inLen);
  19463. if (ret == BAD_FUNC_ARG) {
  19464. ret = 0;
  19465. }
  19466. }
  19467. if (ret == 0) {
  19468. ret = wc_Ed448PrivateKeyToDer(&ed448PrivKey, NULL, inLen);
  19469. if (ret == BAD_FUNC_ARG) {
  19470. ret = 0;
  19471. }
  19472. }
  19473. if (ret == 0) {
  19474. ret = wc_Ed448PrivateKeyToDer(&ed448PrivKey, output, 0);
  19475. if (ret == BAD_FUNC_ARG) {
  19476. ret = 0;
  19477. }
  19478. }
  19479. /* Good case */
  19480. if (ret == 0) {
  19481. ret = wc_Ed448PrivateKeyToDer(&ed448PrivKey, output, inLen);
  19482. if (ret > 0) {
  19483. ret = 0;
  19484. }
  19485. }
  19486. wc_ed448_free(&ed448PrivKey);
  19487. }
  19488. wc_FreeRng(&rng);
  19489. printf(resultFmt, ret == 0 ? passed : failed);
  19490. #endif
  19491. return ret;
  19492. }/* End test_wc_Ed448PrivateKeyToDer*/
  19493. /*
  19494. * Testing wc_SetSubjectBuffer
  19495. */
  19496. static int test_wc_SetSubjectBuffer (void)
  19497. {
  19498. int ret = 0;
  19499. #if defined(WOLFSSL_CERT_GEN) && !defined(NO_RSA)
  19500. Cert cert;
  19501. FILE* file;
  19502. byte* der;
  19503. word32 derSz;
  19504. printf(testingFmt, "wc_SetSubjectBuffer()");
  19505. derSz = FOURK_BUF;
  19506. der = (byte*)XMALLOC(FOURK_BUF, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  19507. if (der == NULL) {
  19508. ret = -1;
  19509. }
  19510. if (ret == 0) {
  19511. file = XFOPEN("./certs/ca-cert.der", "rb");
  19512. if (file != NULL) {
  19513. derSz = (word32)XFREAD(der, 1, FOURK_BUF, file);
  19514. XFCLOSE(file);
  19515. }
  19516. }
  19517. if (ret == 0) {
  19518. ret = wc_InitCert(&cert);
  19519. }
  19520. if (ret == 0) {
  19521. ret = wc_SetSubjectBuffer(&cert, der, derSz);
  19522. }
  19523. if (ret == 0) {
  19524. ret = wc_SetSubjectBuffer(NULL, der, derSz);
  19525. if (ret == BAD_FUNC_ARG) {
  19526. ret = 0;
  19527. }
  19528. }
  19529. XFREE(der, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  19530. printf(resultFmt, ret == 0 ? passed : failed);
  19531. #endif
  19532. return ret;
  19533. }/* End test_wc_SetSubjectBuffer*/
  19534. /*
  19535. * Testing wc_SetSubjectKeyIdFromPublicKey_ex
  19536. */
  19537. static int test_wc_SetSubjectKeyIdFromPublicKey_ex (void)
  19538. {
  19539. int ret = 0;
  19540. #if defined(WOLFSSL_CERT_EXT) && defined(WOLFSSL_CERT_GEN)
  19541. WC_RNG rng;
  19542. Cert cert;
  19543. #if defined(HAVE_ED25519)
  19544. ed25519_key ed25519Key;
  19545. #endif
  19546. #if !defined(NO_RSA) && defined(HAVE_RSA)
  19547. RsaKey rsaKey;
  19548. int bits = 2048;
  19549. #endif
  19550. #if defined(HAVE_ECC)
  19551. ecc_key eccKey;
  19552. #endif
  19553. #if defined(HAVE_ED448)
  19554. ed448_key ed448Key;
  19555. #endif
  19556. printf(testingFmt, "wc_SetSubjectKeyIdFromPublicKey_ex()");
  19557. #ifndef HAVE_FIPS
  19558. ret = wc_InitRng_ex(&rng, HEAP_HINT, devId);
  19559. #else
  19560. ret = wc_InitRng(&rng);
  19561. #endif
  19562. wc_InitCert(&cert);
  19563. #if defined(HAVE_ED25519)
  19564. if (ret == 0) { /*ED25519*/
  19565. ret = wc_ed25519_init(&ed25519Key);
  19566. if (ret == 0) {
  19567. wc_ed25519_make_key(&rng, ED25519_KEY_SIZE, &ed25519Key);
  19568. }
  19569. if (ret == 0) {
  19570. ret = wc_SetSubjectKeyIdFromPublicKey_ex(&cert, ED25519_TYPE,
  19571. &ed25519Key);
  19572. }
  19573. wc_ed25519_free(&ed25519Key);
  19574. }
  19575. #endif
  19576. #if !defined(NO_RSA) && defined(HAVE_RSA) && defined(WOLFSSL_KEY_GEN)
  19577. if (ret == 0) { /*RSA*/
  19578. ret = wc_InitRsaKey(&rsaKey, NULL);
  19579. if (ret == 0) {
  19580. MAKE_RSA_KEY(&rsaKey, bits, WC_RSA_EXPONENT, &rng);
  19581. }
  19582. if (ret == 0) {
  19583. ret = wc_SetSubjectKeyIdFromPublicKey_ex(&cert, RSA_TYPE, &rsaKey);
  19584. }
  19585. wc_FreeRsaKey(&rsaKey);
  19586. }
  19587. #endif
  19588. #if defined(HAVE_ECC)
  19589. if (ret == 0) { /*ECC*/
  19590. ret = wc_ecc_init(&eccKey);
  19591. if (ret == 0) {
  19592. wc_ecc_make_key(&rng, KEY14, &eccKey);
  19593. }
  19594. if (ret == 0) {
  19595. ret = wc_SetSubjectKeyIdFromPublicKey_ex(&cert, ECC_TYPE, &eccKey);
  19596. }
  19597. wc_ecc_free(&eccKey);
  19598. }
  19599. #endif
  19600. #if defined(HAVE_ED448) && (defined(WOLFSSL_CERT_GEN) || \
  19601. defined(WOLFSSL_KEY_GEN))
  19602. if (ret == 0) { /*ED448*/
  19603. ret = wc_ed448_init(&ed448Key);
  19604. if (ret == 0) {
  19605. wc_ed448_make_key(&rng, ED448_KEY_SIZE, &ed448Key);
  19606. }
  19607. if (ret == 0) {
  19608. ret = wc_SetSubjectKeyIdFromPublicKey_ex(&cert, ED448_TYPE,
  19609. &ed448Key);
  19610. }
  19611. wc_ed448_free(&ed448Key);
  19612. }
  19613. #endif
  19614. printf(resultFmt, ret == 0 ? passed : failed);
  19615. wc_FreeRng(&rng);
  19616. #endif
  19617. return ret;
  19618. }/* End test_wc_SetSubjectKeyIdFromPublicKey_ex*/
  19619. /*
  19620. * Testing wc_SetAuthKeyIdFromPublicKey_ex
  19621. */
  19622. static int test_wc_SetAuthKeyIdFromPublicKey_ex (void)
  19623. {
  19624. int ret = 0;
  19625. #if defined(WOLFSSL_CERT_EXT) && defined(WOLFSSL_CERT_GEN)
  19626. WC_RNG rng;
  19627. Cert cert;
  19628. #if defined(HAVE_ED25519)
  19629. ed25519_key ed25519Key;
  19630. #endif
  19631. #if !defined(NO_RSA) && defined(HAVE_RSA)
  19632. RsaKey rsaKey;
  19633. int bits = 2048;
  19634. #endif
  19635. #if defined(HAVE_ECC)
  19636. ecc_key eccKey;
  19637. #endif
  19638. #if defined(HAVE_ED448)
  19639. ed448_key ed448Key;
  19640. #endif
  19641. printf(testingFmt, "wc_SetAuthKeyIdFromPublicKey_ex()");
  19642. #ifndef HAVE_FIPS
  19643. ret = wc_InitRng_ex(&rng, HEAP_HINT, devId);
  19644. #else
  19645. ret = wc_InitRng(&rng);
  19646. #endif
  19647. wc_InitCert(&cert);
  19648. #if defined(HAVE_ED25519)
  19649. if (ret == 0) { /*ED25519*/
  19650. ret = wc_ed25519_init(&ed25519Key);
  19651. if (ret == 0) {
  19652. wc_ed25519_make_key(&rng, ED25519_KEY_SIZE, &ed25519Key);
  19653. }
  19654. if (ret == 0) {
  19655. ret = wc_SetAuthKeyIdFromPublicKey_ex(&cert, ED25519_TYPE,
  19656. &ed25519Key);
  19657. }
  19658. wc_ed25519_free(&ed25519Key);
  19659. }
  19660. #endif
  19661. #if !defined(NO_RSA) && defined(HAVE_RSA) && defined(WOLFSSL_KEY_GEN)
  19662. if (ret == 0) { /*RSA*/
  19663. ret = wc_InitRsaKey(&rsaKey, NULL);
  19664. if (ret == 0) {
  19665. MAKE_RSA_KEY(&rsaKey, bits, WC_RSA_EXPONENT, &rng);
  19666. }
  19667. if (ret == 0) {
  19668. ret = wc_SetAuthKeyIdFromPublicKey_ex(&cert, RSA_TYPE, &rsaKey);
  19669. }
  19670. wc_FreeRsaKey(&rsaKey);
  19671. }
  19672. #endif
  19673. #if defined(HAVE_ECC)
  19674. if (ret == 0) { /*ECC*/
  19675. ret = wc_ecc_init(&eccKey);
  19676. if (ret == 0) {
  19677. wc_ecc_make_key(&rng, KEY14, &eccKey);
  19678. }
  19679. if (ret == 0) {
  19680. ret = wc_SetAuthKeyIdFromPublicKey_ex(&cert, ECC_TYPE, &eccKey);
  19681. }
  19682. wc_ecc_free(&eccKey);
  19683. }
  19684. #endif
  19685. #if defined(HAVE_ED448) && (defined(WOLFSSL_CERT_GEN) || \
  19686. defined(WOLFSSL_KEY_GEN))
  19687. if (ret == 0) { /*ED448*/
  19688. ret = wc_ed448_init(&ed448Key);
  19689. if (ret == 0) {
  19690. wc_ed448_make_key(&rng, ED448_KEY_SIZE, &ed448Key);
  19691. }
  19692. if (ret == 0) {
  19693. ret = wc_SetAuthKeyIdFromPublicKey_ex(&cert, ED448_TYPE,
  19694. &ed448Key);
  19695. }
  19696. wc_ed448_free(&ed448Key);
  19697. }
  19698. #endif
  19699. printf(resultFmt, ret == 0 ? passed : failed);
  19700. wc_FreeRng(&rng);
  19701. #endif /*defined(WOLFSSL_CERT_EXT) && defined(WOLFSSL_CERT_GEN)*/
  19702. return ret;
  19703. }/* End test_wc_SetAuthKeyIdFromPublicKey_ex*/
  19704. /*
  19705. * Testing wc_PKCS7_New()
  19706. */
  19707. static void test_wc_PKCS7_New (void)
  19708. {
  19709. #if defined(HAVE_PKCS7)
  19710. PKCS7* pkcs7;
  19711. void* heap = NULL;
  19712. printf(testingFmt, "wc_PKCS7_New()");
  19713. pkcs7 = wc_PKCS7_New(heap, devId);
  19714. AssertNotNull(pkcs7);
  19715. printf(resultFmt, passed);
  19716. wc_PKCS7_Free(pkcs7);
  19717. #endif
  19718. } /* END test-wc_PKCS7_New */
  19719. /*
  19720. * Testing wc_PKCS7_Init()
  19721. */
  19722. static void test_wc_PKCS7_Init (void)
  19723. {
  19724. #if defined(HAVE_PKCS7)
  19725. PKCS7* pkcs7;
  19726. void* heap = NULL;
  19727. printf(testingFmt, "wc_PKCS7_Init()");
  19728. pkcs7 = wc_PKCS7_New(heap, devId);
  19729. AssertNotNull(pkcs7);
  19730. AssertIntEQ(wc_PKCS7_Init(pkcs7, heap, devId), 0);
  19731. /* Pass in bad args. */
  19732. AssertIntEQ(wc_PKCS7_Init(NULL, heap, devId), BAD_FUNC_ARG);
  19733. printf(resultFmt, passed);
  19734. wc_PKCS7_Free(pkcs7);
  19735. #endif
  19736. } /* END test-wc_PKCS7_Init */
  19737. /*
  19738. * Testing wc_PKCS7_InitWithCert()
  19739. */
  19740. static void test_wc_PKCS7_InitWithCert (void)
  19741. {
  19742. #if defined(HAVE_PKCS7)
  19743. PKCS7* pkcs7;
  19744. #ifndef NO_RSA
  19745. #if defined(USE_CERT_BUFFERS_2048)
  19746. unsigned char cert[sizeof_client_cert_der_2048];
  19747. int certSz = (int)sizeof(cert);
  19748. XMEMSET(cert, 0, certSz);
  19749. XMEMCPY(cert, client_cert_der_2048, sizeof_client_cert_der_2048);
  19750. #elif defined(USE_CERT_BUFFERS_1024)
  19751. unsigned char cert[sizeof_client_cert_der_1024];
  19752. int certSz = (int)sizeof(cert);
  19753. XMEMSET(cert, 0, certSz);
  19754. XMEMCPY(cert, client_cert_der_1024, sizeof_client_cert_der_1024);
  19755. #else
  19756. unsigned char cert[ONEK_BUF];
  19757. XFILE fp;
  19758. int certSz;
  19759. fp = XFOPEN("./certs/1024/client-cert.der", "rb");
  19760. AssertTrue(fp != XBADFILE);
  19761. certSz = (int)XFREAD(cert, 1, sizeof_client_cert_der_1024, fp);
  19762. XFCLOSE(fp);
  19763. #endif
  19764. #elif defined(HAVE_ECC)
  19765. #if defined(USE_CERT_BUFFERS_256)
  19766. unsigned char cert[sizeof_cliecc_cert_der_256];
  19767. int certSz = (int)sizeof(cert);
  19768. XMEMSET(cert, 0, certSz);
  19769. XMEMCPY(cert, cliecc_cert_der_256, sizeof_cliecc_cert_der_256);
  19770. #else
  19771. unsigned char cert[ONEK_BUF];
  19772. XFILE fp;
  19773. int certSz;
  19774. fp = XFOPEN("./certs/client-ecc-cert.der", "rb");
  19775. AssertTrue(fp != XBADFILE);
  19776. certSz = (int)XFREAD(cert, 1, sizeof_cliecc_cert_der_256, fp);
  19777. XFCLOSE(fp);
  19778. #endif
  19779. #else
  19780. #error PKCS7 requires ECC or RSA
  19781. #endif
  19782. #ifdef HAVE_ECC
  19783. /* bad test case from ZD 11011, malformed cert gives bad ECC key */
  19784. unsigned char certWithInvalidEccKey[] = {
  19785. 0x30, 0x82, 0x03, 0x5F, 0x30, 0x82, 0x03, 0x04, 0xA0, 0x03, 0x02, 0x01,
  19786. 0x02, 0x02, 0x14, 0x61, 0xB3, 0x1E, 0x59, 0xF3, 0x68, 0x6C, 0xA4, 0x79,
  19787. 0x42, 0x83, 0x2F, 0x1A, 0x50, 0x71, 0x03, 0xBE, 0x31, 0xAA, 0x2C, 0x30,
  19788. 0x0A, 0x06, 0x08, 0x2A, 0x86, 0x48, 0xCE, 0x3D, 0x04, 0x03, 0x02, 0x30,
  19789. 0x81, 0x8D, 0x31, 0x0B, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13,
  19790. 0x02, 0x55, 0x53, 0x31, 0x0F, 0x30, 0x0D, 0x06, 0x03, 0x55, 0x04, 0x08,
  19791. 0x0C, 0x06, 0x4F, 0x72, 0x65, 0x67, 0x6F, 0x6E, 0x31, 0x0E, 0x30, 0x0C,
  19792. 0x06, 0x03, 0x55, 0x04, 0x07, 0x0C, 0x05, 0x53, 0x61, 0x6C, 0x65, 0x6D,
  19793. 0x31, 0x13, 0x30, 0x11, 0x06, 0x03, 0x55, 0x04, 0x0A, 0x0C, 0x0A, 0x43,
  19794. 0x6C, 0x69, 0x65, 0x6E, 0x74, 0x20, 0x45, 0x43, 0x43, 0x31, 0x0D, 0x30,
  19795. 0x0B, 0x06, 0x03, 0x55, 0x04, 0x0B, 0x0C, 0x04, 0x46, 0x61, 0x73, 0x74,
  19796. 0x31, 0x18, 0x30, 0x16, 0x06, 0x03, 0x55, 0x04, 0x03, 0x0C, 0x0F, 0x77,
  19797. 0x77, 0x77, 0x2E, 0x77, 0x6F, 0x6C, 0x66, 0x73, 0x73, 0x6C, 0x2E, 0x63,
  19798. 0x6F, 0x6D, 0x31, 0x1F, 0x30, 0x1D, 0x06, 0x09, 0x2A, 0x86, 0x48, 0x86,
  19799. 0xF7, 0x0D, 0x01, 0x09, 0x01, 0x16, 0x10, 0x69, 0x6E, 0x66, 0x6F, 0x40,
  19800. 0x77, 0x6F, 0x6C, 0x66, 0x73, 0x73, 0x6C, 0x2E, 0x63, 0x6F, 0x6D, 0x30,
  19801. 0x1E, 0x17, 0x0D, 0x32, 0x30, 0x30, 0x36, 0x31, 0x39, 0x31, 0x33, 0x32,
  19802. 0x33, 0x34, 0x31, 0x5A, 0x17, 0x0D, 0x32, 0x33, 0x30, 0x33, 0x31, 0x36,
  19803. 0x31, 0x33, 0x32, 0x33, 0x34, 0x31, 0x5A, 0x30, 0x81, 0x8D, 0x31, 0x0B,
  19804. 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x55, 0x53, 0x31,
  19805. 0x0F, 0x30, 0x0D, 0x06, 0x03, 0x55, 0x04, 0x08, 0x0C, 0x06, 0x4F, 0x72,
  19806. 0x65, 0x67, 0x6F, 0x6E, 0x31, 0x0E, 0x30, 0x0C, 0x06, 0x03, 0x55, 0x04,
  19807. 0x07, 0x0C, 0x05, 0x53, 0x61, 0x6C, 0x65, 0x6D, 0x31, 0x13, 0x30, 0x11,
  19808. 0x06, 0x03, 0x55, 0x04, 0x0A, 0x0C, 0x0A, 0x43, 0x6C, 0x69, 0x65, 0x6E,
  19809. 0x74, 0x20, 0x45, 0x43, 0x43, 0x31, 0x0D, 0x30, 0x0B, 0x06, 0x03, 0x55,
  19810. 0x04, 0x0B, 0x0C, 0x04, 0x46, 0x61, 0x73, 0x74, 0x31, 0x18, 0x30, 0x26,
  19811. 0x06, 0x03, 0x55, 0x04, 0x03, 0x0C, 0x0F, 0x77, 0x77, 0x77, 0x2E, 0x77,
  19812. 0x6F, 0x6C, 0x66, 0x73, 0x73, 0x6C, 0x2E, 0x63, 0x6F, 0x6D, 0x31, 0x1F,
  19813. 0x30, 0x1D, 0x06, 0x09, 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x09,
  19814. 0x01, 0x16, 0x10, 0x69, 0x6E, 0x66, 0x6F, 0x40, 0x77, 0x6F, 0x6C, 0x66,
  19815. 0x73, 0x73, 0x6C, 0x2E, 0x63, 0x6F, 0x6D, 0x30, 0x59, 0x30, 0x13, 0x06,
  19816. 0x07, 0x2A, 0x86, 0x48, 0xCE, 0x3D, 0x02, 0x01, 0x06, 0x08, 0x2A, 0x86,
  19817. 0x48, 0xCE, 0x3D, 0x03, 0x01, 0x07, 0x03, 0x02, 0x00, 0x04, 0x55, 0xBF,
  19818. 0xF4, 0x0F, 0x44, 0x50, 0x9A, 0x3D, 0xCE, 0x9B, 0xB7, 0xF0, 0xC5, 0x4D,
  19819. 0xF5, 0x70, 0x7B, 0xD4, 0xEC, 0x24, 0x8E, 0x19, 0x80, 0xEC, 0x5A, 0x4C,
  19820. 0xA2, 0x24, 0x03, 0x62, 0x2C, 0x9B, 0xDA, 0xEF, 0xA2, 0x35, 0x12, 0x43,
  19821. 0x84, 0x76, 0x16, 0xC6, 0x56, 0x95, 0x06, 0xCC, 0x01, 0xA9, 0xBD, 0xF6,
  19822. 0x75, 0x1A, 0x42, 0xF7, 0xBD, 0xA9, 0xB2, 0x36, 0x22, 0x5F, 0xC7, 0x5D,
  19823. 0x7F, 0xB4, 0xA3, 0x82, 0x01, 0x3E, 0x30, 0x82, 0x01, 0x3A, 0x30, 0x1D,
  19824. 0x06, 0x03, 0x55, 0x1D, 0x0E, 0x04, 0x16, 0x04, 0x14, 0xEB, 0xD4, 0x4B,
  19825. 0x59, 0x6B, 0x95, 0x61, 0x3F, 0x51, 0x57, 0xB6, 0x04, 0x4D, 0x89, 0x41,
  19826. 0x88, 0x44, 0x5C, 0xAB, 0xF2, 0x30, 0x81, 0xCD, 0x06, 0x03, 0x55, 0x1D,
  19827. 0x23, 0x04, 0x81, 0xC5, 0x30, 0x81, 0xC2, 0x80, 0x14, 0xEB, 0xD4, 0x4B,
  19828. 0x59, 0x72, 0x95, 0x61, 0x3F, 0x51, 0x57, 0xB6, 0x04, 0x4D, 0x89, 0x41,
  19829. 0x88, 0x44, 0x5C, 0xAB, 0xF2, 0xA1, 0x81, 0x93, 0xA4, 0x81, 0x90, 0x30,
  19830. 0x81, 0x8D, 0x31, 0x0B, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13,
  19831. 0x02, 0x55, 0x53, 0x31, 0x0F, 0x30, 0x0D, 0x06, 0x03, 0x55, 0x08, 0x08,
  19832. 0x0C, 0x06, 0x4F, 0x72, 0x65, 0x67, 0x6F, 0x6E, 0x31, 0x0E, 0x30, 0x0C,
  19833. 0x06, 0x03, 0x55, 0x04, 0x07, 0x0C, 0x05, 0x53, 0x61, 0x6C, 0x65, 0x6D,
  19834. 0x31, 0x13, 0x30, 0x11, 0x06, 0x03, 0x55, 0x04, 0x0A, 0x0C, 0x0A, 0x43,
  19835. 0x6C, 0x69, 0x65, 0x6E, 0x74, 0x20, 0x45, 0x43, 0x43, 0x31, 0x0D, 0x30,
  19836. 0x0B, 0x06, 0x03, 0x55, 0x04, 0x0B, 0x0C, 0x04, 0x46, 0x61, 0x73, 0x74,
  19837. 0x31, 0x18, 0x30, 0x16, 0x06, 0x03, 0x55, 0x04, 0x03, 0x0C, 0x0F, 0x77,
  19838. 0x77, 0x77, 0x2E, 0x77, 0x6F, 0x6C, 0x66, 0x73, 0x73, 0x6C, 0x2E, 0x63,
  19839. 0x6F, 0x6D, 0x30, 0x1F, 0x30, 0x1D, 0x06, 0x09, 0x2A, 0x86, 0x48, 0x86,
  19840. 0xF7, 0x0D, 0x01, 0x09, 0x01, 0x16, 0x10, 0x69, 0x6E, 0x66, 0x6F, 0x40,
  19841. 0x77, 0x6F, 0x6C, 0x66, 0x73, 0x73, 0x6C, 0x2E, 0x63, 0x6F, 0x6D, 0x82,
  19842. 0x14, 0x61, 0xB3, 0x1E, 0x59, 0xF3, 0x68, 0x6C, 0xA4, 0x79, 0x42, 0x83,
  19843. 0x2F, 0x1A, 0x50, 0x71, 0x03, 0xBE, 0x32, 0xAA, 0x2C, 0x30, 0x0C, 0x06,
  19844. 0x03, 0x55, 0x1D, 0x13, 0x04, 0x05, 0x30, 0x03, 0x01, 0x01, 0xFF, 0x30,
  19845. 0x1C, 0x06, 0x03, 0x55, 0x1D, 0x11, 0x04, 0x15, 0x30, 0x13, 0x82, 0x0B,
  19846. 0x65, 0x78, 0x61, 0x6D, 0x70, 0x6C, 0x65, 0x2E, 0x63, 0x6F, 0x6D, 0x87,
  19847. 0x04, 0x23, 0x00, 0x00, 0x01, 0x30, 0x1D, 0x06, 0x03, 0x55, 0x1D, 0x25,
  19848. 0x04, 0x16, 0x30, 0x14, 0x06, 0x08, 0x2B, 0x06, 0x01, 0x05, 0x05, 0x07,
  19849. 0x03, 0x01, 0x06, 0x08, 0x2B, 0x06, 0x01, 0x05, 0x05, 0x07, 0x03, 0x02,
  19850. 0x30, 0x0A, 0x06, 0x08, 0x2A, 0x86, 0x48, 0xCE, 0x3D, 0x04, 0x03, 0x02,
  19851. 0x03, 0x49, 0x00, 0x30, 0x46, 0x02, 0x21, 0x00, 0xE4, 0xA0, 0x23, 0x26,
  19852. 0x2B, 0x0B, 0x42, 0x0F, 0x97, 0x37, 0x6D, 0xCB, 0x14, 0x23, 0xC3, 0xC3,
  19853. 0xE6, 0x44, 0xCF, 0x5F, 0x4C, 0x26, 0xA3, 0x72, 0x64, 0x7A, 0x9C, 0xCB,
  19854. 0x64, 0xAB, 0xA6, 0xBE, 0x02, 0x21, 0x00, 0xAA, 0xC5, 0xA3, 0x50, 0xF6,
  19855. 0xF1, 0xA5, 0xDB, 0x05, 0xE0, 0x75, 0xD2, 0xF7, 0xBA, 0x49, 0x5F, 0x8F,
  19856. 0x7D, 0x1C, 0x44, 0xB1, 0x6E, 0xDF, 0xC8, 0xDA, 0x10, 0x48, 0x2D, 0x53,
  19857. 0x08, 0xA8, 0xB4};
  19858. #endif
  19859. printf(testingFmt, "wc_PKCS7_InitWithCert()");
  19860. AssertNotNull(pkcs7 = wc_PKCS7_New(HEAP_HINT, devId));
  19861. /* If initialization is not successful, it's free'd in init func. */
  19862. AssertIntEQ(wc_PKCS7_InitWithCert(pkcs7, (byte*)cert, (word32)certSz), 0);
  19863. wc_PKCS7_Free(pkcs7);
  19864. AssertNotNull(pkcs7 = wc_PKCS7_New(HEAP_HINT, devId));
  19865. /* Valid initialization usage. */
  19866. AssertIntEQ(wc_PKCS7_InitWithCert(pkcs7, NULL, 0), 0);
  19867. /* Pass in bad args. No need free for null checks, free at end.*/
  19868. AssertIntEQ(wc_PKCS7_InitWithCert(NULL, (byte*)cert, (word32)certSz),
  19869. BAD_FUNC_ARG);
  19870. AssertIntEQ(wc_PKCS7_InitWithCert(pkcs7, NULL, (word32)certSz),
  19871. BAD_FUNC_ARG);
  19872. #ifdef HAVE_ECC
  19873. AssertIntLT(wc_PKCS7_InitWithCert(pkcs7, certWithInvalidEccKey,
  19874. sizeof(certWithInvalidEccKey)), 0);
  19875. #endif
  19876. printf(resultFmt, passed);
  19877. wc_PKCS7_Free(pkcs7);
  19878. #endif
  19879. } /* END test_wc_PKCS7_InitWithCert */
  19880. /*
  19881. * Testing wc_PKCS7_EncodeData()
  19882. */
  19883. static void test_wc_PKCS7_EncodeData (void)
  19884. {
  19885. #if defined(HAVE_PKCS7)
  19886. PKCS7* pkcs7;
  19887. byte output[FOURK_BUF];
  19888. byte data[] = "My encoded DER cert.";
  19889. #ifndef NO_RSA
  19890. #if defined(USE_CERT_BUFFERS_2048)
  19891. unsigned char cert[sizeof_client_cert_der_2048];
  19892. unsigned char key[sizeof_client_key_der_2048];
  19893. int certSz = (int)sizeof(cert);
  19894. int keySz = (int)sizeof(key);
  19895. XMEMSET(cert, 0, certSz);
  19896. XMEMSET(key, 0, keySz);
  19897. XMEMCPY(cert, client_cert_der_2048, certSz);
  19898. XMEMCPY(key, client_key_der_2048, keySz);
  19899. #elif defined(USE_CERT_BUFFERS_1024)
  19900. unsigned char cert[sizeof_client_cert_der_1024];
  19901. unsigned char key[sizeof_client_key_der_1024];
  19902. int certSz = (int)sizeof(cert);
  19903. int keySz = (int)sizeof(key);
  19904. XMEMSET(cert, 0, certSz);
  19905. XMEMSET(key, 0, keySz);
  19906. XMEMCPY(cert, client_cert_der_1024, certSz);
  19907. XMEMCPY(key, client_key_der_1024, keySz);
  19908. #else
  19909. unsigned char cert[ONEK_BUF];
  19910. unsigned char key[ONEK_BUF];
  19911. XFILE fp;
  19912. int certSz;
  19913. int keySz;
  19914. fp = XFOPEN("./certs/1024/client-cert.der", "rb");
  19915. AssertTrue(fp != XBADFILE);
  19916. certSz = (int)XFREAD(cert, 1, sizeof_client_cert_der_1024, fp);
  19917. XFCLOSE(fp);
  19918. fp = XFOPEN("./certs/1024/client-key.der", "rb");
  19919. AssertTrue(fp != XBADFILE);
  19920. keySz = (int)XFREAD(key, 1, sizeof_client_key_der_1024, fp);
  19921. XFCLOSE(fp);
  19922. #endif
  19923. #elif defined(HAVE_ECC)
  19924. #if defined(USE_CERT_BUFFERS_256)
  19925. unsigned char cert[sizeof_cliecc_cert_der_256];
  19926. unsigned char key[sizeof_ecc_clikey_der_256];
  19927. int certSz = (int)sizeof(cert);
  19928. int keySz = (int)sizeof(key);
  19929. XMEMSET(cert, 0, certSz);
  19930. XMEMSET(key, 0, keySz);
  19931. XMEMCPY(cert, cliecc_cert_der_256, sizeof_cliecc_cert_der_256);
  19932. XMEMCPY(key, ecc_clikey_der_256, sizeof_ecc_clikey_der_256);
  19933. #else
  19934. unsigned char cert[ONEK_BUF];
  19935. unsigned char key[ONEK_BUF];
  19936. XFILE fp;
  19937. int certSz, keySz;
  19938. fp = XFOPEN("./certs/client-ecc-cert.der", "rb");
  19939. AssertTrue(fp != XBADFILE);
  19940. certSz = (int)XFREAD(cert, 1, sizeof_cliecc_cert_der_256, fp);
  19941. XFCLOSE(fp);
  19942. fp = XFOPEN("./certs/client-ecc-key.der", "rb");
  19943. AssertTrue(fp != XBADFILE);
  19944. keySz = (int)XFREAD(key, 1, sizeof_ecc_clikey_der_256, fp);
  19945. XFCLOSE(fp);
  19946. #endif
  19947. #endif
  19948. XMEMSET(output, 0, sizeof(output));
  19949. AssertNotNull(pkcs7 = wc_PKCS7_New(HEAP_HINT, devId));
  19950. AssertIntEQ(wc_PKCS7_Init(pkcs7, HEAP_HINT, INVALID_DEVID), 0);
  19951. AssertIntEQ(wc_PKCS7_InitWithCert(pkcs7, (byte*)cert, certSz), 0);
  19952. printf(testingFmt, "wc_PKCS7_EncodeData()");
  19953. pkcs7->content = data;
  19954. pkcs7->contentSz = sizeof(data);
  19955. pkcs7->privateKey = key;
  19956. pkcs7->privateKeySz = keySz;
  19957. AssertIntGT(wc_PKCS7_EncodeData(pkcs7, output, (word32)sizeof(output)), 0);
  19958. /* Test bad args. */
  19959. AssertIntEQ(wc_PKCS7_EncodeData(NULL, output, (word32)sizeof(output)),
  19960. BAD_FUNC_ARG);
  19961. AssertIntEQ(wc_PKCS7_EncodeData(pkcs7, NULL, (word32)sizeof(output)),
  19962. BAD_FUNC_ARG);
  19963. AssertIntEQ(wc_PKCS7_EncodeData(pkcs7, output, 5), BUFFER_E);
  19964. printf(resultFmt, passed);
  19965. wc_PKCS7_Free(pkcs7);
  19966. #endif
  19967. } /* END test_wc_PKCS7_EncodeData */
  19968. #if defined(HAVE_PKCS7) && defined(HAVE_PKCS7_RSA_RAW_SIGN_CALLBACK) && \
  19969. !defined(NO_RSA) && !defined(NO_SHA256)
  19970. /* RSA sign raw digest callback */
  19971. static int rsaSignRawDigestCb(PKCS7* pkcs7, byte* digest, word32 digestSz,
  19972. byte* out, word32 outSz, byte* privateKey,
  19973. word32 privateKeySz, int devid, int hashOID)
  19974. {
  19975. /* specific DigestInfo ASN.1 encoding prefix for a SHA2565 digest */
  19976. byte digInfoEncoding[] = {
  19977. 0x30, 0x31, 0x30, 0x0d, 0x06, 0x09, 0x60, 0x86,
  19978. 0x48, 0x01, 0x65, 0x03, 0x04, 0x02, 0x01, 0x05,
  19979. 0x00, 0x04, 0x20
  19980. };
  19981. int ret;
  19982. byte digestInfo[ONEK_BUF];
  19983. byte sig[FOURK_BUF];
  19984. word32 digestInfoSz = 0;
  19985. word32 idx = 0;
  19986. RsaKey rsa;
  19987. /* SHA-256 required only for this example callback due to above
  19988. * digInfoEncoding[] */
  19989. if (pkcs7 == NULL || digest == NULL || out == NULL ||
  19990. (sizeof(digestInfo) < sizeof(digInfoEncoding) + digestSz) ||
  19991. (hashOID != SHA256h)) {
  19992. return -1;
  19993. }
  19994. /* build DigestInfo */
  19995. XMEMCPY(digestInfo, digInfoEncoding, sizeof(digInfoEncoding));
  19996. digestInfoSz += sizeof(digInfoEncoding);
  19997. XMEMCPY(digestInfo + digestInfoSz, digest, digestSz);
  19998. digestInfoSz += digestSz;
  19999. /* set up RSA key */
  20000. ret = wc_InitRsaKey_ex(&rsa, pkcs7->heap, devid);
  20001. if (ret != 0) {
  20002. return ret;
  20003. }
  20004. ret = wc_RsaPrivateKeyDecode(privateKey, &idx, &rsa, privateKeySz);
  20005. /* sign DigestInfo */
  20006. if (ret == 0) {
  20007. ret = wc_RsaSSL_Sign(digestInfo, digestInfoSz, sig, sizeof(sig),
  20008. &rsa, pkcs7->rng);
  20009. if (ret > 0) {
  20010. if (ret > (int)outSz) {
  20011. /* output buffer too small */
  20012. ret = -1;
  20013. } else {
  20014. /* success, ret holds sig size */
  20015. XMEMCPY(out, sig, ret);
  20016. }
  20017. }
  20018. }
  20019. wc_FreeRsaKey(&rsa);
  20020. return ret;
  20021. }
  20022. #endif
  20023. /*
  20024. * Testing wc_PKCS7_EncodeSignedData()
  20025. */
  20026. static void test_wc_PKCS7_EncodeSignedData(void)
  20027. {
  20028. #if defined(HAVE_PKCS7)
  20029. PKCS7* pkcs7;
  20030. WC_RNG rng;
  20031. byte output[FOURK_BUF];
  20032. byte badOut[0];
  20033. word32 outputSz = (word32)sizeof(output);
  20034. word32 badOutSz = (word32)sizeof(badOut);
  20035. byte data[] = "Test data to encode.";
  20036. #ifndef NO_RSA
  20037. #if defined(USE_CERT_BUFFERS_2048)
  20038. byte key[sizeof_client_key_der_2048];
  20039. byte cert[sizeof_client_cert_der_2048];
  20040. word32 keySz = (word32)sizeof(key);
  20041. word32 certSz = (word32)sizeof(cert);
  20042. XMEMSET(key, 0, keySz);
  20043. XMEMSET(cert, 0, certSz);
  20044. XMEMCPY(key, client_key_der_2048, keySz);
  20045. XMEMCPY(cert, client_cert_der_2048, certSz);
  20046. #elif defined(USE_CERT_BUFFERS_1024)
  20047. byte key[sizeof_client_key_der_1024];
  20048. byte cert[sizeof_client_cert_der_1024];
  20049. word32 keySz = (word32)sizeof(key);
  20050. word32 certSz = (word32)sizeof(cert);
  20051. XMEMSET(key, 0, keySz);
  20052. XMEMSET(cert, 0, certSz);
  20053. XMEMCPY(key, client_key_der_1024, keySz);
  20054. XMEMCPY(cert, client_cert_der_1024, certSz);
  20055. #else
  20056. unsigned char cert[ONEK_BUF];
  20057. unsigned char key[ONEK_BUF];
  20058. XFILE fp;
  20059. int certSz;
  20060. int keySz;
  20061. fp = XFOPEN("./certs/1024/client-cert.der", "rb");
  20062. AssertTrue(fp != XBADFILE);
  20063. certSz = (int)XFREAD(cert, 1, sizeof_client_cert_der_1024, fp);
  20064. XFCLOSE(fp);
  20065. fp = XFOPEN("./certs/1024/client-key.der", "rb");
  20066. AssertTrue(fp != XBADFILE);
  20067. keySz = (int)XFREAD(key, 1, sizeof_client_key_der_1024, fp);
  20068. XFCLOSE(fp);
  20069. #endif
  20070. #elif defined(HAVE_ECC)
  20071. #if defined(USE_CERT_BUFFERS_256)
  20072. unsigned char cert[sizeof_cliecc_cert_der_256];
  20073. unsigned char key[sizeof_ecc_clikey_der_256];
  20074. int certSz = (int)sizeof(cert);
  20075. int keySz = (int)sizeof(key);
  20076. XMEMSET(cert, 0, certSz);
  20077. XMEMSET(key, 0, keySz);
  20078. XMEMCPY(cert, cliecc_cert_der_256, sizeof_cliecc_cert_der_256);
  20079. XMEMCPY(key, ecc_clikey_der_256, sizeof_ecc_clikey_der_256);
  20080. #else
  20081. unsigned char cert[ONEK_BUF];
  20082. unsigned char key[ONEK_BUF];
  20083. XFILE fp;
  20084. int certSz, keySz;
  20085. fp = XOPEN("./certs/client-ecc-cert.der", "rb");
  20086. AssertTrue(fp != XBADFILE);
  20087. certSz = (int)XFREAD(cert, 1, sizeof_cliecc_cert_der_256, fp);
  20088. XFCLOSE(fp);
  20089. fp = XFOPEN("./certs/client-ecc-key.der", "rb");
  20090. AssertTrue(fp != XBADFILE);
  20091. keySz = (int)XFREAD(key, 1, sizeof_ecc_clikey_der_256, fp);
  20092. XFCLOSE(fp);
  20093. #endif
  20094. #endif
  20095. XMEMSET(output, 0, outputSz);
  20096. AssertIntEQ(wc_InitRng(&rng), 0);
  20097. AssertNotNull(pkcs7 = wc_PKCS7_New(HEAP_HINT, devId));
  20098. AssertIntEQ(wc_PKCS7_Init(pkcs7, HEAP_HINT, INVALID_DEVID), 0);
  20099. AssertIntEQ(wc_PKCS7_InitWithCert(pkcs7, cert, certSz), 0);
  20100. printf(testingFmt, "wc_PKCS7_EncodeSignedData()");
  20101. pkcs7->content = data;
  20102. pkcs7->contentSz = (word32)sizeof(data);
  20103. pkcs7->privateKey = key;
  20104. pkcs7->privateKeySz = (word32)sizeof(key);
  20105. pkcs7->encryptOID = RSAk;
  20106. pkcs7->hashOID = SHAh;
  20107. pkcs7->rng = &rng;
  20108. AssertIntGT(wc_PKCS7_EncodeSignedData(pkcs7, output, outputSz), 0);
  20109. wc_PKCS7_Free(pkcs7);
  20110. AssertNotNull(pkcs7 = wc_PKCS7_New(HEAP_HINT, devId));
  20111. AssertIntEQ(wc_PKCS7_InitWithCert(pkcs7, NULL, 0), 0);
  20112. AssertIntEQ(wc_PKCS7_VerifySignedData(pkcs7, output, outputSz), 0);
  20113. /* Pass in bad args. */
  20114. AssertIntEQ(wc_PKCS7_EncodeSignedData(NULL, output, outputSz), BAD_FUNC_ARG);
  20115. AssertIntEQ(wc_PKCS7_EncodeSignedData(pkcs7, NULL, outputSz), BAD_FUNC_ARG);
  20116. AssertIntEQ(wc_PKCS7_EncodeSignedData(pkcs7, badOut,
  20117. badOutSz), BAD_FUNC_ARG);
  20118. pkcs7->hashOID = 0; /* bad hashOID */
  20119. AssertIntEQ(wc_PKCS7_EncodeSignedData(pkcs7, output, outputSz), BAD_FUNC_ARG);
  20120. #if defined(HAVE_PKCS7) && defined(HAVE_PKCS7_RSA_RAW_SIGN_CALLBACK) && \
  20121. !defined(NO_RSA) && !defined(NO_SHA256)
  20122. /* test RSA sign raw digest callback, if using RSA and compiled in.
  20123. * Example callback assumes SHA-256, so only run test if compiled in. */
  20124. wc_PKCS7_Free(pkcs7);
  20125. AssertNotNull(pkcs7 = wc_PKCS7_New(HEAP_HINT, devId));
  20126. AssertIntEQ(wc_PKCS7_InitWithCert(pkcs7, cert, certSz), 0);
  20127. pkcs7->content = data;
  20128. pkcs7->contentSz = (word32)sizeof(data);
  20129. pkcs7->privateKey = key;
  20130. pkcs7->privateKeySz = (word32)sizeof(key);
  20131. pkcs7->encryptOID = RSAk;
  20132. pkcs7->hashOID = SHA256h;
  20133. pkcs7->rng = &rng;
  20134. AssertIntEQ(wc_PKCS7_SetRsaSignRawDigestCb(pkcs7, rsaSignRawDigestCb), 0);
  20135. AssertIntGT(wc_PKCS7_EncodeSignedData(pkcs7, output, outputSz), 0);
  20136. #endif
  20137. printf(resultFmt, passed);
  20138. wc_PKCS7_Free(pkcs7);
  20139. wc_FreeRng(&rng);
  20140. #endif
  20141. } /* END test_wc_PKCS7_EncodeSignedData */
  20142. /*
  20143. * Testing wc_PKCS7_EncodeSignedData_ex() and wc_PKCS7_VerifySignedData_ex()
  20144. */
  20145. static void test_wc_PKCS7_EncodeSignedData_ex(void)
  20146. {
  20147. #if defined(HAVE_PKCS7)
  20148. int ret, i;
  20149. PKCS7* pkcs7;
  20150. WC_RNG rng;
  20151. byte outputHead[FOURK_BUF/2];
  20152. byte outputFoot[FOURK_BUF/2];
  20153. word32 outputHeadSz = (word32)sizeof(outputHead);
  20154. word32 outputFootSz = (word32)sizeof(outputFoot);
  20155. byte data[FOURK_BUF];
  20156. wc_HashAlg hash;
  20157. enum wc_HashType hashType = WC_HASH_TYPE_SHA;
  20158. byte hashBuf[WC_MAX_DIGEST_SIZE];
  20159. word32 hashSz = wc_HashGetDigestSize(hashType);
  20160. #ifndef NO_RSA
  20161. #if defined(USE_CERT_BUFFERS_2048)
  20162. byte key[sizeof_client_key_der_2048];
  20163. byte cert[sizeof_client_cert_der_2048];
  20164. word32 keySz = (word32)sizeof(key);
  20165. word32 certSz = (word32)sizeof(cert);
  20166. XMEMSET(key, 0, keySz);
  20167. XMEMSET(cert, 0, certSz);
  20168. XMEMCPY(key, client_key_der_2048, keySz);
  20169. XMEMCPY(cert, client_cert_der_2048, certSz);
  20170. #elif defined(USE_CERT_BUFFERS_1024)
  20171. byte key[sizeof_client_key_der_1024];
  20172. byte cert[sizeof_client_cert_der_1024];
  20173. word32 keySz = (word32)sizeof(key);
  20174. word32 certSz = (word32)sizeof(cert);
  20175. XMEMSET(key, 0, keySz);
  20176. XMEMSET(cert, 0, certSz);
  20177. XMEMCPY(key, client_key_der_1024, keySz);
  20178. XMEMCPY(cert, client_cert_der_1024, certSz);
  20179. #else
  20180. unsigned char cert[ONEK_BUF];
  20181. unsigned char key[ONEK_BUF];
  20182. XFILE fp;
  20183. int certSz;
  20184. int keySz;
  20185. fp = XFOPEN("./certs/1024/client-cert.der", "rb");
  20186. AssertTrue((fp != XBADFILE));
  20187. certSz = (int)XFREAD(cert, 1, sizeof_client_cert_der_1024, fp);
  20188. XFCLOSE(fp);
  20189. fp = XFOPEN("./certs/1024/client-key.der", "rb");
  20190. AssertTrue(fp != XBADFILE);
  20191. keySz = (int)XFREAD(key, 1, sizeof_client_key_der_1024, fp);
  20192. XFCLOSE(fp);
  20193. #endif
  20194. #elif defined(HAVE_ECC)
  20195. #if defined(USE_CERT_BUFFERS_256)
  20196. unsigned char cert[sizeof_cliecc_cert_der_256];
  20197. unsigned char key[sizeof_ecc_clikey_der_256];
  20198. int certSz = (int)sizeof(cert);
  20199. int keySz = (int)sizeof(key);
  20200. XMEMSET(cert, 0, certSz);
  20201. XMEMSET(key, 0, keySz);
  20202. XMEMCPY(cert, cliecc_cert_der_256, sizeof_cliecc_cert_der_256);
  20203. XMEMCPY(key, ecc_clikey_der_256, sizeof_ecc_clikey_der_256);
  20204. #else
  20205. unsigned char cert[ONEK_BUF];
  20206. unsigned char key[ONEK_BUF];
  20207. XFILE fp;
  20208. int certSz, keySz;
  20209. fp = XFOPEN("./certs/client-ecc-cert.der", "rb");
  20210. AssertTrue(fp != XBADFILE);
  20211. certSz = (int)XFREAD(cert, 1, sizeof_cliecc_cert_der_256, fp);
  20212. XFCLOSE(fp);
  20213. fp = XFOPEN("./certs/client-ecc-key.der", "rb");
  20214. AssertTrue(fp != XBADFILE);
  20215. keySz = (int)XFREAD(key, 1, sizeof_ecc_clikey_der_256, fp);
  20216. XFCLOSE(fp);
  20217. #endif
  20218. #endif
  20219. /* initialize large data with sequence */
  20220. for (i=0; i<(int)sizeof(data); i++)
  20221. data[i] = i & 0xff;
  20222. XMEMSET(outputHead, 0, outputHeadSz);
  20223. XMEMSET(outputFoot, 0, outputFootSz);
  20224. AssertIntEQ(wc_InitRng(&rng), 0);
  20225. AssertNotNull(pkcs7 = wc_PKCS7_New(HEAP_HINT, devId));
  20226. AssertIntEQ(wc_PKCS7_Init(pkcs7, HEAP_HINT, INVALID_DEVID), 0);
  20227. AssertIntEQ(wc_PKCS7_InitWithCert(pkcs7, cert, certSz), 0);
  20228. printf(testingFmt, "wc_PKCS7_EncodeSignedData()");
  20229. pkcs7->content = NULL; /* not used for ex */
  20230. pkcs7->contentSz = (word32)sizeof(data);
  20231. pkcs7->privateKey = key;
  20232. pkcs7->privateKeySz = (word32)sizeof(key);
  20233. pkcs7->encryptOID = RSAk;
  20234. pkcs7->hashOID = SHAh;
  20235. pkcs7->rng = &rng;
  20236. /* calculate hash for content */
  20237. ret = wc_HashInit(&hash, hashType);
  20238. if (ret == 0) {
  20239. ret = wc_HashUpdate(&hash, hashType, data, sizeof(data));
  20240. if (ret == 0) {
  20241. ret = wc_HashFinal(&hash, hashType, hashBuf);
  20242. }
  20243. wc_HashFree(&hash, hashType);
  20244. }
  20245. AssertIntEQ(ret, 0);
  20246. /* Perform PKCS7 sign using hash directly */
  20247. AssertIntEQ(wc_PKCS7_EncodeSignedData_ex(pkcs7, hashBuf, hashSz,
  20248. outputHead, &outputHeadSz, outputFoot, &outputFootSz), 0);
  20249. AssertIntGT(outputHeadSz, 0);
  20250. AssertIntGT(outputFootSz, 0);
  20251. wc_PKCS7_Free(pkcs7);
  20252. AssertNotNull(pkcs7 = wc_PKCS7_New(HEAP_HINT, devId));
  20253. AssertIntEQ(wc_PKCS7_InitWithCert(pkcs7, NULL, 0), 0);
  20254. /* required parameter even on verify when using _ex */
  20255. pkcs7->contentSz = (word32)sizeof(data);
  20256. AssertIntEQ(wc_PKCS7_VerifySignedData_ex(pkcs7, hashBuf, hashSz,
  20257. outputHead, outputHeadSz, outputFoot, outputFootSz), 0);
  20258. wc_PKCS7_Free(pkcs7);
  20259. /* assembly complete PKCS7 sign and use normal verify */
  20260. {
  20261. byte* output = (byte*)XMALLOC(outputHeadSz + sizeof(data) + outputFootSz, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  20262. word32 outputSz = 0;
  20263. AssertNotNull(output);
  20264. XMEMCPY(&output[outputSz], outputHead, outputHeadSz);
  20265. outputSz += outputHeadSz;
  20266. XMEMCPY(&output[outputSz], data, sizeof(data));
  20267. outputSz += sizeof(data);
  20268. XMEMCPY(&output[outputSz], outputFoot, outputFootSz);
  20269. outputSz += outputFootSz;
  20270. AssertNotNull(pkcs7 = wc_PKCS7_New(HEAP_HINT, devId));
  20271. AssertIntEQ(wc_PKCS7_InitWithCert(pkcs7, NULL, 0), 0);
  20272. AssertIntEQ(wc_PKCS7_VerifySignedData(pkcs7, output, outputSz), 0);
  20273. XFREE(output, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  20274. }
  20275. /* Pass in bad args. */
  20276. AssertIntEQ(wc_PKCS7_EncodeSignedData_ex(NULL, hashBuf, hashSz, outputHead,
  20277. &outputHeadSz, outputFoot, &outputFootSz), BAD_FUNC_ARG);
  20278. AssertIntEQ(wc_PKCS7_EncodeSignedData_ex(pkcs7, NULL, hashSz, outputHead,
  20279. &outputHeadSz, outputFoot, &outputFootSz), BAD_FUNC_ARG);
  20280. AssertIntEQ(wc_PKCS7_EncodeSignedData_ex(pkcs7, hashBuf, 0, outputHead,
  20281. &outputHeadSz, outputFoot, &outputFootSz), BAD_FUNC_ARG);
  20282. AssertIntEQ(wc_PKCS7_EncodeSignedData_ex(pkcs7, hashBuf, hashSz, NULL,
  20283. &outputHeadSz, outputFoot, &outputFootSz), BAD_FUNC_ARG);
  20284. AssertIntEQ(wc_PKCS7_EncodeSignedData_ex(pkcs7, hashBuf, hashSz,
  20285. outputHead, NULL, outputFoot, &outputFootSz), BAD_FUNC_ARG);
  20286. AssertIntEQ(wc_PKCS7_EncodeSignedData_ex(pkcs7, hashBuf, hashSz,
  20287. outputHead, &outputHeadSz, NULL, &outputFootSz), BAD_FUNC_ARG);
  20288. AssertIntEQ(wc_PKCS7_EncodeSignedData_ex(pkcs7, hashBuf, hashSz,
  20289. outputHead, &outputHeadSz, outputFoot, NULL), BAD_FUNC_ARG);
  20290. pkcs7->hashOID = 0; /* bad hashOID */
  20291. AssertIntEQ(wc_PKCS7_EncodeSignedData_ex(pkcs7, hashBuf, hashSz,
  20292. outputHead, &outputHeadSz, outputFoot, &outputFootSz), BAD_FUNC_ARG);
  20293. AssertIntEQ(wc_PKCS7_VerifySignedData_ex(NULL, hashBuf, hashSz, outputHead,
  20294. outputHeadSz, outputFoot, outputFootSz), BAD_FUNC_ARG);
  20295. AssertIntEQ(wc_PKCS7_VerifySignedData_ex(pkcs7, NULL, hashSz, outputHead,
  20296. outputHeadSz, outputFoot, outputFootSz), BAD_FUNC_ARG);
  20297. #ifndef NO_PKCS7_STREAM
  20298. AssertIntEQ(wc_PKCS7_VerifySignedData_ex(pkcs7, hashBuf, 0, outputHead,
  20299. outputHeadSz, outputFoot, outputFootSz), WC_PKCS7_WANT_READ_E);
  20300. #else
  20301. AssertIntEQ(wc_PKCS7_VerifySignedData_ex(pkcs7, hashBuf, 0, outputHead,
  20302. outputHeadSz, outputFoot, outputFootSz), BUFFER_E);
  20303. #endif
  20304. AssertIntEQ(wc_PKCS7_VerifySignedData_ex(pkcs7, hashBuf, hashSz, NULL,
  20305. outputHeadSz, outputFoot, outputFootSz), BAD_FUNC_ARG);
  20306. #ifndef NO_PKCS7_STREAM
  20307. /* can pass in 0 buffer length with streaming API */
  20308. AssertIntEQ(wc_PKCS7_VerifySignedData_ex(pkcs7, hashBuf, hashSz,
  20309. outputHead, 0, outputFoot, outputFootSz), WC_PKCS7_WANT_READ_E);
  20310. #else
  20311. AssertIntEQ(wc_PKCS7_VerifySignedData_ex(pkcs7, hashBuf, hashSz,
  20312. outputHead, 0, outputFoot, outputFootSz), BAD_FUNC_ARG);
  20313. #endif
  20314. AssertIntEQ(wc_PKCS7_VerifySignedData_ex(pkcs7, hashBuf, hashSz,
  20315. outputHead, outputHeadSz, NULL, outputFootSz), BAD_FUNC_ARG);
  20316. #ifndef NO_PKCS7_STREAM
  20317. AssertIntEQ(wc_PKCS7_VerifySignedData_ex(pkcs7, hashBuf, hashSz,
  20318. outputHead, outputHeadSz, outputFoot, 0), WC_PKCS7_WANT_READ_E);
  20319. #else
  20320. AssertIntEQ(wc_PKCS7_VerifySignedData_ex(pkcs7, hashBuf, hashSz,
  20321. outputHead, outputHeadSz, outputFoot, 0), ASN_PARSE_E);
  20322. #endif
  20323. printf(resultFmt, passed);
  20324. wc_PKCS7_Free(pkcs7);
  20325. wc_FreeRng(&rng);
  20326. #endif
  20327. } /* END test_wc_PKCS7_EncodeSignedData_ex */
  20328. #if defined(HAVE_PKCS7)
  20329. static int CreatePKCS7SignedData(unsigned char* output, int outputSz,
  20330. byte* data, word32 dataSz,
  20331. int withAttribs, int detachedSig)
  20332. {
  20333. PKCS7* pkcs7;
  20334. WC_RNG rng;
  20335. static byte messageTypeOid[] =
  20336. { 0x06, 0x0a, 0x60, 0x86, 0x48, 0x01, 0x86, 0xF8, 0x45, 0x01,
  20337. 0x09, 0x02 };
  20338. static byte messageType[] = { 0x13, 2, '1', '9' };
  20339. PKCS7Attrib attribs[] =
  20340. {
  20341. { messageTypeOid, sizeof(messageTypeOid), messageType,
  20342. sizeof(messageType) }
  20343. };
  20344. #ifndef NO_RSA
  20345. #if defined(USE_CERT_BUFFERS_2048)
  20346. byte key[sizeof_client_key_der_2048];
  20347. byte cert[sizeof_client_cert_der_2048];
  20348. word32 keySz = (word32)sizeof(key);
  20349. word32 certSz = (word32)sizeof(cert);
  20350. XMEMSET(key, 0, keySz);
  20351. XMEMSET(cert, 0, certSz);
  20352. XMEMCPY(key, client_key_der_2048, keySz);
  20353. XMEMCPY(cert, client_cert_der_2048, certSz);
  20354. #elif defined(USE_CERT_BUFFERS_1024)
  20355. byte key[sizeof_client_key_der_1024];
  20356. byte cert[sizeof_client_cert_der_1024];
  20357. word32 keySz = (word32)sizeof(key);
  20358. word32 certSz = (word32)sizeof(cert);
  20359. XMEMSET(key, 0, keySz);
  20360. XMEMSET(cert, 0, certSz);
  20361. XMEMCPY(key, client_key_der_1024, keySz);
  20362. XMEMCPY(cert, client_cert_der_1024, certSz);
  20363. #else
  20364. unsigned char cert[ONEK_BUF];
  20365. unsigned char key[ONEK_BUF];
  20366. FILE* fp;
  20367. int certSz;
  20368. int keySz;
  20369. fp = fopen("./certs/1024/client-cert.der", "rb");
  20370. AssertNotNull(fp);
  20371. certSz = fread(cert, 1, sizeof_client_cert_der_1024, fp);
  20372. fclose(fp);
  20373. fp = fopen("./certs/1024/client-key.der", "rb");
  20374. AssertNotNull(fp);
  20375. keySz = fread(key, 1, sizeof_client_key_der_1024, fp);
  20376. fclose(fp);
  20377. #endif
  20378. #elif defined(HAVE_ECC)
  20379. #if defined(USE_CERT_BUFFERS_256)
  20380. unsigned char cert[sizeof_cliecc_cert_der_256];
  20381. unsigned char key[sizeof_ecc_clikey_der_256];
  20382. int certSz = (int)sizeof(cert);
  20383. int keySz = (int)sizeof(key);
  20384. XMEMSET(cert, 0, certSz);
  20385. XMEMSET(key, 0, keySz);
  20386. XMEMCPY(cert, cliecc_cert_der_256, sizeof_cliecc_cert_der_256);
  20387. XMEMCPY(key, ecc_clikey_der_256, sizeof_ecc_clikey_der_256);
  20388. #else
  20389. unsigned char cert[ONEK_BUF];
  20390. unsigned char key[ONEK_BUF];
  20391. FILE* fp;
  20392. int certSz, keySz;
  20393. fp = fopen("./certs/client-ecc-cert.der", "rb");
  20394. AssertNotNull(fp);
  20395. certSz = fread(cert, 1, sizeof_cliecc_cert_der_256, fp);
  20396. fclose(fp);
  20397. fp = fopen("./certs/client-ecc-key.der", "rb");
  20398. AssertNotNull(fp);
  20399. keySz = fread(key, 1, sizeof_ecc_clikey_der_256, fp);
  20400. fclose(fp);
  20401. #endif
  20402. #endif
  20403. XMEMSET(output, 0, outputSz);
  20404. AssertIntEQ(wc_InitRng(&rng), 0);
  20405. AssertNotNull(pkcs7 = wc_PKCS7_New(HEAP_HINT, devId));
  20406. AssertIntEQ(wc_PKCS7_Init(pkcs7, HEAP_HINT, INVALID_DEVID), 0);
  20407. AssertIntEQ(wc_PKCS7_InitWithCert(pkcs7, cert, certSz), 0);
  20408. printf(testingFmt, "wc_PKCS7_VerifySignedData()");
  20409. pkcs7->content = data;
  20410. pkcs7->contentSz = dataSz;
  20411. pkcs7->privateKey = key;
  20412. pkcs7->privateKeySz = (word32)sizeof(key);
  20413. pkcs7->encryptOID = RSAk;
  20414. pkcs7->hashOID = SHAh;
  20415. pkcs7->rng = &rng;
  20416. if (withAttribs) {
  20417. /* include a signed attribute */
  20418. pkcs7->signedAttribs = attribs;
  20419. pkcs7->signedAttribsSz = (sizeof(attribs)/sizeof(PKCS7Attrib));
  20420. }
  20421. if (detachedSig) {
  20422. AssertIntEQ(wc_PKCS7_SetDetached(pkcs7, 1), 0);
  20423. }
  20424. AssertIntGT(wc_PKCS7_EncodeSignedData(pkcs7, output, outputSz), 0);
  20425. wc_PKCS7_Free(pkcs7);
  20426. AssertNotNull(pkcs7 = wc_PKCS7_New(HEAP_HINT, devId));
  20427. AssertIntEQ(wc_PKCS7_InitWithCert(pkcs7, NULL, 0), 0);
  20428. if (detachedSig) {
  20429. pkcs7->content = data;
  20430. pkcs7->contentSz = dataSz;
  20431. }
  20432. AssertIntEQ(wc_PKCS7_VerifySignedData(pkcs7, output, outputSz), 0);
  20433. wc_PKCS7_Free(pkcs7);
  20434. wc_FreeRng(&rng);
  20435. return outputSz;
  20436. }
  20437. #endif
  20438. /*
  20439. * Testing wc_PKCS_VerifySignedData()
  20440. */
  20441. static void test_wc_PKCS7_VerifySignedData(void)
  20442. {
  20443. #if defined(HAVE_PKCS7)
  20444. PKCS7* pkcs7;
  20445. byte output[FOURK_BUF];
  20446. word32 outputSz = sizeof(output);
  20447. byte data[] = "Test data to encode.";
  20448. byte badOut[0];
  20449. word32 badOutSz = (word32)sizeof(badOut);
  20450. byte badContent[] = "This is different content than was signed";
  20451. AssertIntGT((outputSz = CreatePKCS7SignedData(output, outputSz, data,
  20452. (word32)sizeof(data),
  20453. 0, 0)), 0);
  20454. AssertNotNull(pkcs7 = wc_PKCS7_New(HEAP_HINT, devId));
  20455. AssertIntEQ(wc_PKCS7_Init(pkcs7, HEAP_HINT, INVALID_DEVID), 0);
  20456. AssertIntEQ(wc_PKCS7_InitWithCert(pkcs7, NULL, 0), 0);
  20457. AssertIntEQ(wc_PKCS7_VerifySignedData(pkcs7, output, outputSz), 0);
  20458. /* Test bad args. */
  20459. AssertIntEQ(wc_PKCS7_VerifySignedData(NULL, output, outputSz), BAD_FUNC_ARG);
  20460. AssertIntEQ(wc_PKCS7_VerifySignedData(pkcs7, NULL, outputSz), BAD_FUNC_ARG);
  20461. #ifndef NO_PKCS7_STREAM
  20462. /* can pass in 0 buffer length with streaming API */
  20463. AssertIntEQ(wc_PKCS7_VerifySignedData(pkcs7, badOut,
  20464. badOutSz), WC_PKCS7_WANT_READ_E);
  20465. #else
  20466. AssertIntEQ(wc_PKCS7_VerifySignedData(pkcs7, badOut,
  20467. badOutSz), BAD_FUNC_ARG);
  20468. #endif
  20469. wc_PKCS7_Free(pkcs7);
  20470. /* Invalid content should error, use detached signature so we can
  20471. * easily change content */
  20472. AssertIntGT((outputSz = CreatePKCS7SignedData(output, outputSz, data,
  20473. (word32)sizeof(data),
  20474. 1, 1)), 0);
  20475. AssertNotNull(pkcs7 = wc_PKCS7_New(HEAP_HINT, devId));
  20476. AssertIntEQ(wc_PKCS7_InitWithCert(pkcs7, NULL, 0), 0);
  20477. pkcs7->content = badContent;
  20478. pkcs7->contentSz = sizeof(badContent);
  20479. AssertIntEQ(wc_PKCS7_VerifySignedData(pkcs7, output, outputSz), SIG_VERIFY_E);
  20480. wc_PKCS7_Free(pkcs7);
  20481. /* Test success case with detached signature and valid content */
  20482. AssertNotNull(pkcs7 = wc_PKCS7_New(HEAP_HINT, devId));
  20483. AssertIntEQ(wc_PKCS7_InitWithCert(pkcs7, NULL, 0), 0);
  20484. pkcs7->content = data;
  20485. pkcs7->contentSz = sizeof(data);
  20486. AssertIntEQ(wc_PKCS7_VerifySignedData(pkcs7, output, outputSz), 0);
  20487. wc_PKCS7_Free(pkcs7);
  20488. printf(resultFmt, passed);
  20489. #endif
  20490. } /* END test_wc_PKCS7_VerifySignedData() */
  20491. #if defined(HAVE_PKCS7) && !defined(NO_AES) && !defined(NO_AES_256)
  20492. static const byte defKey[] = {
  20493. 0x01,0x02,0x03,0x04,0x05,0x06,0x07,0x08,
  20494. 0x01,0x02,0x03,0x04,0x05,0x06,0x07,0x08,
  20495. 0x01,0x02,0x03,0x04,0x05,0x06,0x07,0x08,
  20496. 0x01,0x02,0x03,0x04,0x05,0x06,0x07,0x08
  20497. };
  20498. static byte aesHandle[32]; /* simulated hardware key handle */
  20499. /* return 0 on success */
  20500. static int myDecryptionFunc(PKCS7* pkcs7, int encryptOID, byte* iv, int ivSz,
  20501. byte* aad, word32 aadSz, byte* authTag, word32 authTagSz,
  20502. byte* in, int inSz, byte* out, void* usrCtx)
  20503. {
  20504. int ret;
  20505. Aes aes;
  20506. if (usrCtx == NULL) {
  20507. /* no simulated handle passed in */
  20508. return -1;
  20509. }
  20510. switch (encryptOID) {
  20511. case AES256CBCb:
  20512. if (ivSz != AES_BLOCK_SIZE)
  20513. return BAD_FUNC_ARG;
  20514. break;
  20515. default:
  20516. WOLFSSL_MSG("Unsupported content cipher type for test");
  20517. return ALGO_ID_E;
  20518. };
  20519. /* simulate using handle to get key */
  20520. ret = wc_AesInit(&aes, HEAP_HINT, INVALID_DEVID);
  20521. if (ret == 0) {
  20522. ret = wc_AesSetKey(&aes, (byte*)usrCtx, 32, iv, AES_DECRYPTION);
  20523. if (ret == 0)
  20524. ret = wc_AesCbcDecrypt(&aes, out, in, inSz);
  20525. wc_AesFree(&aes);
  20526. }
  20527. (void)aad;
  20528. (void)aadSz;
  20529. (void)authTag;
  20530. (void)authTagSz;
  20531. (void)pkcs7;
  20532. return ret;
  20533. }
  20534. /* returns key size on success */
  20535. static int myCEKwrapFunc(PKCS7* pkcs7, byte* cek, word32 cekSz, byte* keyId,
  20536. word32 keyIdSz, byte* orginKey, word32 orginKeySz,
  20537. byte* out, word32 outSz, int keyWrapAlgo, int type, int direction)
  20538. {
  20539. int ret = -1;
  20540. if (out == NULL)
  20541. return BAD_FUNC_ARG;
  20542. if (keyId[0] != 0x00) {
  20543. return -1;
  20544. }
  20545. if (type != (int)PKCS7_KEKRI) {
  20546. return -1;
  20547. }
  20548. switch (keyWrapAlgo) {
  20549. case AES256_WRAP:
  20550. /* simulate setting a handle for later decryption but use key
  20551. * as handle in the test case here */
  20552. ret = wc_AesKeyUnWrap(defKey, sizeof(defKey), cek, cekSz,
  20553. aesHandle, sizeof(aesHandle), NULL);
  20554. if (ret < 0)
  20555. return ret;
  20556. ret = wc_PKCS7_SetDecodeEncryptedCtx(pkcs7, (void*)aesHandle);
  20557. if (ret < 0)
  20558. return ret;
  20559. /* return key size on success */
  20560. return sizeof(defKey);
  20561. default:
  20562. WOLFSSL_MSG("Unsupported key wrap algorithm in example");
  20563. return BAD_KEYWRAP_ALG_E;
  20564. };
  20565. (void)cekSz;
  20566. (void)cek;
  20567. (void)outSz;
  20568. (void)keyIdSz;
  20569. (void)direction;
  20570. (void)orginKey; /* used with KAKRI */
  20571. (void)orginKeySz;
  20572. return ret;
  20573. }
  20574. #endif /* HAVE_PKCS7 && !NO_AES && !NO_AES_256 */
  20575. /*
  20576. * Testing wc_PKCS7_EncodeEnvelopedData()
  20577. */
  20578. static void test_wc_PKCS7_EncodeDecodeEnvelopedData (void)
  20579. {
  20580. #if defined(HAVE_PKCS7)
  20581. PKCS7* pkcs7;
  20582. #ifdef ECC_TIMING_RESISTANT
  20583. WC_RNG rng;
  20584. #endif
  20585. word32 tempWrd32 = 0;
  20586. byte* tmpBytePtr = NULL;
  20587. const char input[] = "Test data to encode.";
  20588. int i;
  20589. int testSz = 0;
  20590. #if !defined(NO_RSA) && (!defined(NO_AES) || (!defined(NO_SHA) || \
  20591. !defined(NO_SHA256) || defined(WOLFSSL_SHA512)))
  20592. byte* rsaCert = NULL;
  20593. byte* rsaPrivKey = NULL;
  20594. word32 rsaCertSz;
  20595. word32 rsaPrivKeySz;
  20596. #if !defined(NO_FILESYSTEM) && (!defined(USE_CERT_BUFFERS_1024) && \
  20597. !defined(USE_CERT_BUFFERS_2048) )
  20598. static const char* rsaClientCert = "./certs/client-cert.der";
  20599. static const char* rsaClientKey = "./certs/client-key.der";
  20600. rsaCertSz = (word32)sizeof(rsaClientCert);
  20601. rsaPrivKeySz = (word32)sizeof(rsaClientKey);
  20602. #endif
  20603. #endif
  20604. #if defined(HAVE_ECC) && (!defined(NO_AES) || (!defined(NO_SHA) ||\
  20605. !defined(NO_SHA256) || defined(WOLFSSL_SHA512)))
  20606. byte* eccCert = NULL;
  20607. byte* eccPrivKey = NULL;
  20608. word32 eccCertSz;
  20609. word32 eccPrivKeySz;
  20610. #if !defined(NO_FILESYSTEM) && !defined(USE_CERT_BUFFERS_256)
  20611. static const char* eccClientCert = "./certs/client-ecc-cert.der";
  20612. static const char* eccClientKey = "./certs/ecc-client-key.der";
  20613. #endif
  20614. #endif
  20615. /* Generic buffer size. */
  20616. byte output[ONEK_BUF];
  20617. byte decoded[sizeof(input)/sizeof(char)];
  20618. int decodedSz = 0;
  20619. #ifndef NO_FILESYSTEM
  20620. XFILE certFile;
  20621. XFILE keyFile;
  20622. #endif
  20623. #if !defined(NO_RSA) && (!defined(NO_AES) || (!defined(NO_SHA) ||\
  20624. !defined(NO_SHA256) || defined(WOLFSSL_SHA512)))
  20625. /* RSA certs and keys. */
  20626. #if defined(USE_CERT_BUFFERS_1024)
  20627. /* Allocate buffer space. */
  20628. AssertNotNull(rsaCert =
  20629. (byte*)XMALLOC(ONEK_BUF, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER));
  20630. /* Init buffer. */
  20631. rsaCertSz = (word32)sizeof_client_cert_der_1024;
  20632. XMEMCPY(rsaCert, client_cert_der_1024, rsaCertSz);
  20633. AssertNotNull(rsaPrivKey = (byte*)XMALLOC(ONEK_BUF, HEAP_HINT,
  20634. DYNAMIC_TYPE_TMP_BUFFER));
  20635. rsaPrivKeySz = (word32)sizeof_client_key_der_1024;
  20636. XMEMCPY(rsaPrivKey, client_key_der_1024, rsaPrivKeySz);
  20637. #elif defined(USE_CERT_BUFFERS_2048)
  20638. /* Allocate buffer */
  20639. AssertNotNull(rsaCert =
  20640. (byte*)XMALLOC(TWOK_BUF, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER));
  20641. /* Init buffer. */
  20642. rsaCertSz = (word32)sizeof_client_cert_der_2048;
  20643. XMEMCPY(rsaCert, client_cert_der_2048, rsaCertSz);
  20644. AssertNotNull(rsaPrivKey = (byte*)XMALLOC(TWOK_BUF, HEAP_HINT,
  20645. DYNAMIC_TYPE_TMP_BUFFER));
  20646. rsaPrivKeySz = (word32)sizeof_client_key_der_2048;
  20647. XMEMCPY(rsaPrivKey, client_key_der_2048, rsaPrivKeySz);
  20648. #else
  20649. /* File system. */
  20650. certFile = XFOPEN(rsaClientCert, "rb");
  20651. AssertTrue(certFile != XBADFILE);
  20652. rsaCertSz = (word32)FOURK_BUF;
  20653. AssertNotNull(rsaCert =
  20654. (byte*)XMALLOC(FOURK_BUF, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER));
  20655. rsaCertSz = (word32)XFREAD(rsaCert, 1, rsaCertSz, certFile);
  20656. XFCLOSE(certFile);
  20657. keyFile = XFOPEN(rsaClientKey, "rb");
  20658. AssertTrue(keyFile != XBADFILE);
  20659. AssertNotNull(rsaPrivKey = (byte*)XMALLOC(FOURK_BUF, HEAP_HINT,
  20660. DYNAMIC_TYPE_TMP_BUFFER));
  20661. rsaPrivKeySz = (word32)FOURK_BUF;
  20662. rsaPrivKeySz = (word32)XFREAD(rsaPrivKey, 1, rsaPrivKeySz, keyFile);
  20663. XFCLOSE(keyFile);
  20664. #endif /* USE_CERT_BUFFERS */
  20665. #endif /* NO_RSA */
  20666. /* ECC */
  20667. #if defined(HAVE_ECC) && (!defined(NO_AES) || (!defined(NO_SHA) ||\
  20668. !defined(NO_SHA256) || defined(WOLFSSL_SHA512)))
  20669. #ifdef USE_CERT_BUFFERS_256
  20670. AssertNotNull(eccCert =
  20671. (byte*)XMALLOC(TWOK_BUF, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER));
  20672. /* Init buffer. */
  20673. eccCertSz = (word32)sizeof_cliecc_cert_der_256;
  20674. XMEMCPY(eccCert, cliecc_cert_der_256, eccCertSz);
  20675. AssertNotNull(eccPrivKey = (byte*)XMALLOC(TWOK_BUF, HEAP_HINT,
  20676. DYNAMIC_TYPE_TMP_BUFFER));
  20677. eccPrivKeySz = (word32)sizeof_ecc_clikey_der_256;
  20678. XMEMCPY(eccPrivKey, ecc_clikey_der_256, eccPrivKeySz);
  20679. #else /* File system. */
  20680. certFile = XFOPEN(eccClientCert, "rb");
  20681. AssertTrue(certFile != XBADFILE);
  20682. eccCertSz = (word32)FOURK_BUF;
  20683. AssertNotNull(eccCert =
  20684. (byte*)XMALLOC(FOURK_BUF, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER));
  20685. eccCertSz = (word32)XFREAD(eccCert, 1, eccCertSz, certFile);
  20686. XFCLOSE(certFile);
  20687. keyFile = XFOPEN(eccClientKey, "rb");
  20688. AssertTrue(keyFile != XBADFILE);
  20689. eccPrivKeySz = (word32)FOURK_BUF;
  20690. AssertNotNull(eccPrivKey = (byte*)XMALLOC(FOURK_BUF, HEAP_HINT,
  20691. DYNAMIC_TYPE_TMP_BUFFER));
  20692. eccPrivKeySz = (word32)XFREAD(eccPrivKey, 1, eccPrivKeySz, keyFile);
  20693. XFCLOSE(keyFile);
  20694. #endif /* USE_CERT_BUFFERS_256 */
  20695. #endif /* END HAVE_ECC */
  20696. /* Silence. */
  20697. (void)keyFile;
  20698. (void)certFile;
  20699. const pkcs7EnvelopedVector testVectors[] = {
  20700. /* DATA is a global variable defined in the makefile. */
  20701. #if !defined(NO_RSA)
  20702. #ifndef NO_DES3
  20703. {(byte*)input, (word32)(sizeof(input)/sizeof(char)), DATA, DES3b, 0, 0,
  20704. rsaCert, rsaCertSz, rsaPrivKey, rsaPrivKeySz},
  20705. #endif /* NO_DES3 */
  20706. #ifndef NO_AES
  20707. #ifndef NO_AES_128
  20708. {(byte*)input, (word32)(sizeof(input)/sizeof(char)), DATA, AES128CBCb,
  20709. 0, 0, rsaCert, rsaCertSz, rsaPrivKey, rsaPrivKeySz},
  20710. #endif
  20711. #ifndef NO_AES_192
  20712. {(byte*)input, (word32)(sizeof(input)/sizeof(char)), DATA, AES192CBCb,
  20713. 0, 0, rsaCert, rsaCertSz, rsaPrivKey, rsaPrivKeySz},
  20714. #endif
  20715. #ifndef NO_AES_256
  20716. {(byte*)input, (word32)(sizeof(input)/sizeof(char)), DATA, AES256CBCb,
  20717. 0, 0, rsaCert, rsaCertSz, rsaPrivKey, rsaPrivKeySz},
  20718. #endif
  20719. #endif /* NO_AES */
  20720. #endif /* NO_RSA */
  20721. #if defined(HAVE_ECC)
  20722. #ifndef NO_AES
  20723. #if !defined(NO_SHA) && !defined(NO_AES_128)
  20724. {(byte*)input, (word32)(sizeof(input)/sizeof(char)), DATA, AES128CBCb,
  20725. AES128_WRAP, dhSinglePass_stdDH_sha1kdf_scheme, eccCert,
  20726. eccCertSz, eccPrivKey, eccPrivKeySz},
  20727. #endif
  20728. #if !defined(NO_SHA256) && !defined(NO_AES_256)
  20729. {(byte*)input, (word32)(sizeof(input)/sizeof(char)), DATA, AES256CBCb,
  20730. AES256_WRAP, dhSinglePass_stdDH_sha256kdf_scheme, eccCert,
  20731. eccCertSz, eccPrivKey, eccPrivKeySz},
  20732. #endif
  20733. #if defined(WOLFSSL_SHA512) && !defined(NO_AES_256)
  20734. {(byte*)input, (word32)(sizeof(input)/sizeof(char)), DATA, AES256CBCb,
  20735. AES256_WRAP, dhSinglePass_stdDH_sha512kdf_scheme, eccCert,
  20736. eccCertSz, eccPrivKey, eccPrivKeySz},
  20737. #endif
  20738. #endif /* NO_AES */
  20739. #endif /* END HAVE_ECC */
  20740. }; /* END pkcs7EnvelopedVector */
  20741. #ifdef ECC_TIMING_RESISTANT
  20742. AssertIntEQ(wc_InitRng(&rng), 0);
  20743. #endif
  20744. printf(testingFmt, "wc_PKCS7_EncodeEnvelopedData()");
  20745. AssertNotNull(pkcs7 = wc_PKCS7_New(HEAP_HINT, devId));
  20746. AssertIntEQ(wc_PKCS7_Init(pkcs7, HEAP_HINT, devId), 0);
  20747. testSz = (int)sizeof(testVectors)/(int)sizeof(pkcs7EnvelopedVector);
  20748. for (i = 0; i < testSz; i++) {
  20749. AssertIntEQ(wc_PKCS7_InitWithCert(pkcs7, (testVectors + i)->cert,
  20750. (word32)(testVectors + i)->certSz), 0);
  20751. #ifdef ECC_TIMING_RESISTANT
  20752. pkcs7->rng = &rng;
  20753. #endif
  20754. pkcs7->content = (byte*)(testVectors + i)->content;
  20755. pkcs7->contentSz = (testVectors + i)->contentSz;
  20756. pkcs7->contentOID = (testVectors + i)->contentOID;
  20757. pkcs7->encryptOID = (testVectors + i)->encryptOID;
  20758. pkcs7->keyWrapOID = (testVectors + i)->keyWrapOID;
  20759. pkcs7->keyAgreeOID = (testVectors + i)->keyAgreeOID;
  20760. pkcs7->privateKey = (testVectors + i)->privateKey;
  20761. pkcs7->privateKeySz = (testVectors + i)->privateKeySz;
  20762. AssertIntGE(wc_PKCS7_EncodeEnvelopedData(pkcs7, output,
  20763. (word32)sizeof(output)), 0);
  20764. decodedSz = wc_PKCS7_DecodeEnvelopedData(pkcs7, output,
  20765. (word32)sizeof(output), decoded, (word32)sizeof(decoded));
  20766. AssertIntGE(decodedSz, 0);
  20767. /* Verify the size of each buffer. */
  20768. AssertIntEQ((word32)sizeof(input)/sizeof(char), decodedSz);
  20769. /* Don't free the last time through the loop. */
  20770. if (i < testSz - 1 ){
  20771. wc_PKCS7_Free(pkcs7);
  20772. AssertNotNull(pkcs7 = wc_PKCS7_New(HEAP_HINT, devId));
  20773. }
  20774. } /* END test loop. */
  20775. /* Test bad args. */
  20776. AssertIntEQ(wc_PKCS7_EncodeEnvelopedData(NULL, output,
  20777. (word32)sizeof(output)), BAD_FUNC_ARG);
  20778. AssertIntEQ(wc_PKCS7_EncodeEnvelopedData(pkcs7, NULL,
  20779. (word32)sizeof(output)), BAD_FUNC_ARG);
  20780. AssertIntEQ(wc_PKCS7_EncodeEnvelopedData(pkcs7, output, 0), BAD_FUNC_ARG);
  20781. printf(resultFmt, passed);
  20782. /* Decode. */
  20783. printf(testingFmt, "wc_PKCS7_DecodeEnvelopedData()");
  20784. AssertIntEQ(wc_PKCS7_DecodeEnvelopedData(NULL, output,
  20785. (word32)sizeof(output), decoded, (word32)sizeof(decoded)), BAD_FUNC_ARG);
  20786. AssertIntEQ(wc_PKCS7_DecodeEnvelopedData(pkcs7, output,
  20787. (word32)sizeof(output), NULL, (word32)sizeof(decoded)), BAD_FUNC_ARG);
  20788. AssertIntEQ(wc_PKCS7_DecodeEnvelopedData(pkcs7, output,
  20789. (word32)sizeof(output), decoded, 0), BAD_FUNC_ARG);
  20790. AssertIntEQ(wc_PKCS7_DecodeEnvelopedData(pkcs7, NULL,
  20791. (word32)sizeof(output), decoded, (word32)sizeof(decoded)), BAD_FUNC_ARG);
  20792. AssertIntEQ(wc_PKCS7_DecodeEnvelopedData(pkcs7, output, 0, decoded,
  20793. (word32)sizeof(decoded)), BAD_FUNC_ARG);
  20794. /* Should get a return of BAD_FUNC_ARG with structure data. Order matters.*/
  20795. #if defined(HAVE_ECC) && !defined(NO_AES)
  20796. /* only a failure for KARI test cases */
  20797. tempWrd32 = pkcs7->singleCertSz;
  20798. pkcs7->singleCertSz = 0;
  20799. AssertIntEQ(wc_PKCS7_DecodeEnvelopedData(pkcs7, output,
  20800. (word32)sizeof(output), decoded, (word32)sizeof(decoded)), BAD_FUNC_ARG);
  20801. pkcs7->singleCertSz = tempWrd32;
  20802. tmpBytePtr = pkcs7->singleCert;
  20803. pkcs7->singleCert = NULL;
  20804. AssertIntEQ(wc_PKCS7_DecodeEnvelopedData(pkcs7, output,
  20805. (word32)sizeof(output), decoded, (word32)sizeof(decoded)), BAD_FUNC_ARG);
  20806. pkcs7->singleCert = tmpBytePtr;
  20807. #endif
  20808. tempWrd32 = pkcs7->privateKeySz;
  20809. pkcs7->privateKeySz = 0;
  20810. AssertIntEQ(wc_PKCS7_DecodeEnvelopedData(pkcs7, output,
  20811. (word32)sizeof(output), decoded, (word32)sizeof(decoded)), BAD_FUNC_ARG);
  20812. pkcs7->privateKeySz = tempWrd32;
  20813. tmpBytePtr = pkcs7->privateKey;
  20814. pkcs7->privateKey = NULL;
  20815. AssertIntEQ(wc_PKCS7_DecodeEnvelopedData(pkcs7, output,
  20816. (word32)sizeof(output), decoded, (word32)sizeof(decoded)), BAD_FUNC_ARG);
  20817. pkcs7->privateKey = tmpBytePtr;
  20818. wc_PKCS7_Free(pkcs7);
  20819. #if !defined(NO_AES) && !defined(NO_AES_256)
  20820. /* test of decrypt callback with KEKRI enveloped data */
  20821. {
  20822. int envelopedSz;
  20823. const byte keyId[] = { 0x00 };
  20824. AssertNotNull(pkcs7 = wc_PKCS7_New(HEAP_HINT, devId));
  20825. pkcs7->content = (byte*)input;
  20826. pkcs7->contentSz = (word32)(sizeof(input)/sizeof(char));
  20827. pkcs7->contentOID = DATA;
  20828. pkcs7->encryptOID = AES256CBCb;
  20829. AssertIntGT(wc_PKCS7_AddRecipient_KEKRI(pkcs7, AES256_WRAP,
  20830. (byte*)defKey, sizeof(defKey), (byte*)keyId,
  20831. sizeof(keyId), NULL, NULL, 0, NULL, 0, 0), 0);
  20832. AssertIntEQ(wc_PKCS7_SetSignerIdentifierType(pkcs7, CMS_SKID), 0);
  20833. AssertIntGT((envelopedSz = wc_PKCS7_EncodeEnvelopedData(pkcs7, output,
  20834. (word32)sizeof(output))), 0);
  20835. wc_PKCS7_Free(pkcs7);
  20836. /* decode envelopedData */
  20837. AssertNotNull(pkcs7 = wc_PKCS7_New(HEAP_HINT, devId));
  20838. AssertIntEQ(wc_PKCS7_SetWrapCEKCb(pkcs7, myCEKwrapFunc), 0);
  20839. AssertIntEQ(wc_PKCS7_SetDecodeEncryptedCb(pkcs7, myDecryptionFunc), 0);
  20840. AssertIntGT((decodedSz = wc_PKCS7_DecodeEnvelopedData(pkcs7, output,
  20841. envelopedSz, decoded, sizeof(decoded))), 0);
  20842. wc_PKCS7_Free(pkcs7);
  20843. }
  20844. #endif /* !NO_AES && !NO_AES_256 */
  20845. printf(resultFmt, passed);
  20846. #ifndef NO_RSA
  20847. if (rsaCert) {
  20848. XFREE(rsaCert, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  20849. }
  20850. if (rsaPrivKey) {
  20851. XFREE(rsaPrivKey, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  20852. }
  20853. #endif /*NO_RSA */
  20854. #ifdef HAVE_ECC
  20855. if (eccCert) {
  20856. XFREE(eccCert, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  20857. }
  20858. if (eccPrivKey) {
  20859. XFREE(eccPrivKey, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  20860. }
  20861. #endif /* HAVE_ECC */
  20862. #ifdef ECC_TIMING_RESISTANT
  20863. wc_FreeRng(&rng);
  20864. #endif
  20865. #endif /* HAVE_PKCS7 */
  20866. } /* END test_wc_PKCS7_EncodeEnvelopedData() */
  20867. /*
  20868. * Testing wc_PKCS7_EncodeEncryptedData()
  20869. */
  20870. static void test_wc_PKCS7_EncodeEncryptedData (void)
  20871. {
  20872. #if defined(HAVE_PKCS7) && !defined(NO_PKCS7_ENCRYPTED_DATA)
  20873. PKCS7* pkcs7;
  20874. byte* tmpBytePtr = NULL;
  20875. byte encrypted[TWOK_BUF];
  20876. byte decoded[TWOK_BUF];
  20877. word32 tmpWrd32 = 0;
  20878. int tmpInt = 0;
  20879. int decodedSz;
  20880. int encryptedSz;
  20881. int testSz;
  20882. int i;
  20883. const byte data[] = { /* Hello World */
  20884. 0x48,0x65,0x6c,0x6c,0x6f,0x20,0x57,0x6f,
  20885. 0x72,0x6c,0x64
  20886. };
  20887. #ifndef NO_DES3
  20888. byte desKey[] = {
  20889. 0x01,0x23,0x45,0x67,0x89,0xab,0xcd,0xef
  20890. };
  20891. byte des3Key[] = {
  20892. 0x01,0x23,0x45,0x67,0x89,0xab,0xcd,0xef,
  20893. 0xfe,0xde,0xba,0x98,0x76,0x54,0x32,0x10,
  20894. 0x89,0xab,0xcd,0xef,0x01,0x23,0x45,0x67
  20895. };
  20896. #endif
  20897. #ifndef NO_AES
  20898. #ifndef NO_AES_128
  20899. byte aes128Key[] = {
  20900. 0x01,0x02,0x03,0x04,0x05,0x06,0x07,0x08,
  20901. 0x01,0x02,0x03,0x04,0x05,0x06,0x07,0x08
  20902. };
  20903. #endif
  20904. #ifndef NO_AES_192
  20905. byte aes192Key[] = {
  20906. 0x01,0x02,0x03,0x04,0x05,0x06,0x07,0x08,
  20907. 0x01,0x02,0x03,0x04,0x05,0x06,0x07,0x08,
  20908. 0x01,0x02,0x03,0x04,0x05,0x06,0x07,0x08
  20909. };
  20910. #endif
  20911. #ifndef NO_AES_256
  20912. byte aes256Key[] = {
  20913. 0x01,0x02,0x03,0x04,0x05,0x06,0x07,0x08,
  20914. 0x01,0x02,0x03,0x04,0x05,0x06,0x07,0x08,
  20915. 0x01,0x02,0x03,0x04,0x05,0x06,0x07,0x08,
  20916. 0x01,0x02,0x03,0x04,0x05,0x06,0x07,0x08
  20917. };
  20918. #endif
  20919. #endif
  20920. const pkcs7EncryptedVector testVectors[] =
  20921. {
  20922. #ifndef NO_DES3
  20923. {data, (word32)sizeof(data), DATA, DES3b, des3Key, sizeof(des3Key)},
  20924. {data, (word32)sizeof(data), DATA, DESb, desKey, sizeof(desKey)},
  20925. #endif /* NO_DES3 */
  20926. #ifndef NO_AES
  20927. #ifndef NO_AES_128
  20928. {data, (word32)sizeof(data), DATA, AES128CBCb, aes128Key,
  20929. sizeof(aes128Key)},
  20930. #endif
  20931. #ifndef NO_AES_192
  20932. {data, (word32)sizeof(data), DATA, AES192CBCb, aes192Key,
  20933. sizeof(aes192Key)},
  20934. #endif
  20935. #ifndef NO_AES_256
  20936. {data, (word32)sizeof(data), DATA, AES256CBCb, aes256Key,
  20937. sizeof(aes256Key)},
  20938. #endif
  20939. #endif /* NO_AES */
  20940. };
  20941. testSz = sizeof(testVectors) / sizeof(pkcs7EncryptedVector);
  20942. for (i = 0; i < testSz; i++) {
  20943. AssertNotNull(pkcs7 = wc_PKCS7_New(HEAP_HINT, devId));
  20944. AssertIntEQ(wc_PKCS7_Init(pkcs7, HEAP_HINT, devId), 0);
  20945. pkcs7->content = (byte*)testVectors[i].content;
  20946. pkcs7->contentSz = testVectors[i].contentSz;
  20947. pkcs7->contentOID = testVectors[i].contentOID;
  20948. pkcs7->encryptOID = testVectors[i].encryptOID;
  20949. pkcs7->encryptionKey = testVectors[i].encryptionKey;
  20950. pkcs7->encryptionKeySz = testVectors[i].encryptionKeySz;
  20951. pkcs7->heap = HEAP_HINT;
  20952. /* encode encryptedData */
  20953. encryptedSz = wc_PKCS7_EncodeEncryptedData(pkcs7, encrypted,
  20954. sizeof(encrypted));
  20955. AssertIntGT(encryptedSz, 0);
  20956. /* Decode encryptedData */
  20957. decodedSz = wc_PKCS7_DecodeEncryptedData(pkcs7, encrypted, encryptedSz,
  20958. decoded, sizeof(decoded));
  20959. AssertIntEQ(XMEMCMP(decoded, data, decodedSz), 0);
  20960. /* Keep values for last itr. */
  20961. if (i < testSz - 1) {
  20962. wc_PKCS7_Free(pkcs7);
  20963. }
  20964. }
  20965. printf(testingFmt, "wc_PKCS7_EncodeEncryptedData()");
  20966. AssertIntEQ(wc_PKCS7_EncodeEncryptedData(NULL, encrypted,
  20967. sizeof(encrypted)),BAD_FUNC_ARG);
  20968. AssertIntEQ(wc_PKCS7_EncodeEncryptedData(pkcs7, NULL,
  20969. sizeof(encrypted)), BAD_FUNC_ARG);
  20970. AssertIntEQ(wc_PKCS7_EncodeEncryptedData(pkcs7, encrypted,
  20971. 0), BAD_FUNC_ARG);
  20972. /* Testing the struct. */
  20973. tmpBytePtr = pkcs7->content;
  20974. pkcs7->content = NULL;
  20975. AssertIntEQ(wc_PKCS7_EncodeEncryptedData(pkcs7, encrypted,
  20976. sizeof(encrypted)), BAD_FUNC_ARG);
  20977. pkcs7->content = tmpBytePtr;
  20978. tmpWrd32 = pkcs7->contentSz;
  20979. pkcs7->contentSz = 0;
  20980. AssertIntEQ(wc_PKCS7_EncodeEncryptedData(pkcs7, encrypted,
  20981. sizeof(encrypted)), BAD_FUNC_ARG);
  20982. pkcs7->contentSz = tmpWrd32;
  20983. tmpInt = pkcs7->encryptOID;
  20984. pkcs7->encryptOID = 0;
  20985. AssertIntEQ(wc_PKCS7_EncodeEncryptedData(pkcs7, encrypted,
  20986. sizeof(encrypted)), BAD_FUNC_ARG);
  20987. pkcs7->encryptOID = tmpInt;
  20988. tmpBytePtr = pkcs7->encryptionKey;
  20989. pkcs7->encryptionKey = NULL;
  20990. AssertIntEQ(wc_PKCS7_EncodeEncryptedData(pkcs7, encrypted,
  20991. sizeof(encrypted)), BAD_FUNC_ARG);
  20992. pkcs7->encryptionKey = tmpBytePtr;
  20993. tmpWrd32 = pkcs7->encryptionKeySz;
  20994. pkcs7->encryptionKeySz = 0;
  20995. AssertIntEQ(wc_PKCS7_EncodeEncryptedData(pkcs7, encrypted,
  20996. sizeof(encrypted)), BAD_FUNC_ARG);
  20997. pkcs7->encryptionKeySz = tmpWrd32;
  20998. printf(resultFmt, passed);
  20999. printf(testingFmt, "wc_PKCS7_EncodeEncryptedData()");
  21000. AssertIntEQ(wc_PKCS7_DecodeEncryptedData(NULL, encrypted, encryptedSz,
  21001. decoded, sizeof(decoded)), BAD_FUNC_ARG);
  21002. AssertIntEQ(wc_PKCS7_DecodeEncryptedData(pkcs7, NULL, encryptedSz,
  21003. decoded, sizeof(decoded)), BAD_FUNC_ARG);
  21004. AssertIntEQ(wc_PKCS7_DecodeEncryptedData(pkcs7, encrypted, 0,
  21005. decoded, sizeof(decoded)), BAD_FUNC_ARG);
  21006. AssertIntEQ(wc_PKCS7_DecodeEncryptedData(pkcs7, encrypted, encryptedSz,
  21007. NULL, sizeof(decoded)), BAD_FUNC_ARG);
  21008. AssertIntEQ(wc_PKCS7_DecodeEncryptedData(pkcs7, encrypted, encryptedSz,
  21009. decoded, 0), BAD_FUNC_ARG);
  21010. /* Test struct fields */
  21011. tmpBytePtr = pkcs7->encryptionKey;
  21012. pkcs7->encryptionKey = NULL;
  21013. AssertIntEQ(wc_PKCS7_DecodeEncryptedData(pkcs7, encrypted, encryptedSz,
  21014. decoded, sizeof(decoded)), BAD_FUNC_ARG);
  21015. pkcs7->encryptionKey = tmpBytePtr;
  21016. pkcs7->encryptionKeySz = 0;
  21017. AssertIntEQ(wc_PKCS7_DecodeEncryptedData(pkcs7, encrypted, encryptedSz,
  21018. decoded, sizeof(decoded)), BAD_FUNC_ARG);
  21019. printf(resultFmt, passed);
  21020. wc_PKCS7_Free(pkcs7);
  21021. #endif
  21022. } /* END test_wc_PKCS7_EncodeEncryptedData() */
  21023. /*
  21024. * Testing wc_PKCS7_Degenerate()
  21025. */
  21026. static void test_wc_PKCS7_Degenerate(void)
  21027. {
  21028. #if defined(HAVE_PKCS7) && !defined(NO_FILESYSTEM)
  21029. PKCS7* pkcs7;
  21030. char fName[] = "./certs/test-degenerate.p7b";
  21031. XFILE f;
  21032. byte der[4096];
  21033. word32 derSz;
  21034. int ret;
  21035. printf(testingFmt, "wc_PKCS7_Degenerate()");
  21036. AssertNotNull(f = XFOPEN(fName, "rb"));
  21037. AssertIntGT((ret = (int)fread(der, 1, sizeof(der), f)), 0);
  21038. derSz = (word32)ret;
  21039. XFCLOSE(f);
  21040. /* test degenerate success */
  21041. AssertNotNull(pkcs7 = wc_PKCS7_New(HEAP_HINT, devId));
  21042. AssertIntEQ(wc_PKCS7_Init(pkcs7, HEAP_HINT, INVALID_DEVID), 0);
  21043. AssertIntEQ(wc_PKCS7_InitWithCert(pkcs7, NULL, 0), 0);
  21044. #ifndef NO_RSA
  21045. AssertIntEQ(wc_PKCS7_VerifySignedData(pkcs7, der, derSz), 0);
  21046. #else
  21047. AssertIntNE(wc_PKCS7_VerifySignedData(pkcs7, der, derSz), 0);
  21048. #endif
  21049. wc_PKCS7_Free(pkcs7);
  21050. /* test with turning off degenerate cases */
  21051. AssertNotNull(pkcs7 = wc_PKCS7_New(HEAP_HINT, devId));
  21052. AssertIntEQ(wc_PKCS7_Init(pkcs7, HEAP_HINT, INVALID_DEVID), 0);
  21053. AssertIntEQ(wc_PKCS7_InitWithCert(pkcs7, NULL, 0), 0);
  21054. wc_PKCS7_AllowDegenerate(pkcs7, 0); /* override allowing degenerate case */
  21055. AssertIntEQ(wc_PKCS7_VerifySignedData(pkcs7, der, derSz), PKCS7_NO_SIGNER_E);
  21056. wc_PKCS7_Free(pkcs7);
  21057. printf(resultFmt, passed);
  21058. #endif
  21059. } /* END test_wc_PKCS7_Degenerate() */
  21060. #if defined(HAVE_PKCS7) && !defined(NO_FILESYSTEM) && \
  21061. defined(ASN_BER_TO_DER) && !defined(NO_DES3)
  21062. static byte berContent[] = {
  21063. 0x30, 0x80, 0x06, 0x09, 0x2A, 0x86, 0x48, 0x86,
  21064. 0xF7, 0x0D, 0x01, 0x07, 0x03, 0xA0, 0x80, 0x30,
  21065. 0x80, 0x02, 0x01, 0x00, 0x31, 0x82, 0x01, 0x48,
  21066. 0x30, 0x82, 0x01, 0x44, 0x02, 0x01, 0x00, 0x30,
  21067. 0x81, 0xAC, 0x30, 0x81, 0x9E, 0x31, 0x0B, 0x30,
  21068. 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02,
  21069. 0x55, 0x53, 0x31, 0x10, 0x30, 0x0E, 0x06, 0x03,
  21070. 0x55, 0x04, 0x08, 0x0C, 0x07, 0x4D, 0x6F, 0x6E,
  21071. 0x74, 0x61, 0x6E, 0x61, 0x31, 0x10, 0x30, 0x0E,
  21072. 0x06, 0x03, 0x55, 0x04, 0x07, 0x0C, 0x07, 0x42,
  21073. 0x6F, 0x7A, 0x65, 0x6D, 0x61, 0x6E, 0x31, 0x15,
  21074. 0x30, 0x13, 0x06, 0x03, 0x55, 0x04, 0x0A, 0x0C,
  21075. 0x0C, 0x77, 0x6F, 0x6C, 0x66, 0x53, 0x53, 0x4C,
  21076. 0x5F, 0x31, 0x30, 0x32, 0x34, 0x31, 0x19, 0x30,
  21077. 0x17, 0x06, 0x03, 0x55, 0x04, 0x0B, 0x0C, 0x10,
  21078. 0x50, 0x72, 0x6F, 0x67, 0x72, 0x61, 0x6D, 0x6D,
  21079. 0x69, 0x6E, 0x67, 0x2D, 0x31, 0x30, 0x32, 0x34,
  21080. 0x31, 0x18, 0x30, 0x16, 0x06, 0x03, 0x55, 0x04,
  21081. 0x03, 0x0C, 0x0F, 0x77, 0x77, 0x77, 0x2E, 0x77,
  21082. 0x6F, 0x6C, 0x66, 0x73, 0x73, 0x6C, 0x2E, 0x63,
  21083. 0x6F, 0x6D, 0x31, 0x1F, 0x30, 0x1D, 0x06, 0x09,
  21084. 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x09,
  21085. 0x01, 0x16, 0x10, 0x69, 0x6E, 0x66, 0x6F, 0x40,
  21086. 0x77, 0x6F, 0x6C, 0x66, 0x73, 0x73, 0x6C, 0x2E,
  21087. 0x63, 0x6F, 0x6D, 0x02, 0x09, 0x00, 0xBB, 0xD3,
  21088. 0x10, 0x03, 0xE6, 0x9D, 0x28, 0x03, 0x30, 0x0D,
  21089. 0x06, 0x09, 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D,
  21090. 0x01, 0x01, 0x01, 0x05, 0x00, 0x04, 0x81, 0x80,
  21091. 0x2F, 0xF9, 0x77, 0x4F, 0x04, 0x5C, 0x16, 0x62,
  21092. 0xF0, 0x77, 0x8D, 0x95, 0x4C, 0xB1, 0x44, 0x9A,
  21093. 0x8C, 0x3C, 0x8C, 0xE4, 0xD1, 0xC1, 0x14, 0x72,
  21094. 0xD0, 0x4A, 0x1A, 0x94, 0x27, 0x0F, 0xAA, 0xE8,
  21095. 0xD0, 0xA2, 0xE7, 0xED, 0x4C, 0x7F, 0x0F, 0xC7,
  21096. 0x1B, 0xFB, 0x81, 0x0E, 0x76, 0x8F, 0xDD, 0x32,
  21097. 0x11, 0x68, 0xA0, 0x13, 0xD2, 0x8D, 0x95, 0xEF,
  21098. 0x80, 0x53, 0x81, 0x0E, 0x1F, 0xC8, 0xD6, 0x76,
  21099. 0x5C, 0x31, 0xD3, 0x77, 0x33, 0x29, 0xA6, 0x1A,
  21100. 0xD3, 0xC6, 0x14, 0x36, 0xCA, 0x8E, 0x7D, 0x72,
  21101. 0xA0, 0x29, 0x4C, 0xC7, 0x3A, 0xAF, 0xFE, 0xF7,
  21102. 0xFC, 0xD7, 0xE2, 0x8F, 0x6A, 0x20, 0x46, 0x09,
  21103. 0x40, 0x22, 0x2D, 0x79, 0x38, 0x11, 0xB1, 0x4A,
  21104. 0xE3, 0x48, 0xE8, 0x10, 0x37, 0xA0, 0x22, 0xF7,
  21105. 0xB4, 0x79, 0xD1, 0xA9, 0x3D, 0xC2, 0xAB, 0x37,
  21106. 0xAE, 0x82, 0x68, 0x1A, 0x16, 0xEF, 0x33, 0x0C,
  21107. 0x30, 0x80, 0x06, 0x09, 0x2A, 0x86, 0x48, 0x86,
  21108. 0xF7, 0x0D, 0x01, 0x07, 0x01, 0x30, 0x14, 0x06,
  21109. 0x08, 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x03,
  21110. 0x07, 0x04, 0x08, 0xAD, 0xD0, 0x38, 0x9B, 0x16,
  21111. 0x4B, 0x7F, 0x99, 0xA0, 0x80, 0x04, 0x82, 0x03,
  21112. 0xE8, 0x6D, 0x48, 0xFB, 0x8A, 0xBD, 0xED, 0x6C,
  21113. 0xCD, 0xC6, 0x48, 0xFD, 0xB7, 0xB0, 0x7C, 0x86,
  21114. 0x2C, 0x8D, 0xF0, 0x23, 0x12, 0xD8, 0xA3, 0x2A,
  21115. 0x21, 0x6F, 0x8B, 0x75, 0xBB, 0x47, 0x7F, 0xC9,
  21116. 0xBA, 0xBA, 0xFF, 0x91, 0x09, 0x01, 0x7A, 0x5C,
  21117. 0x96, 0x02, 0xB8, 0x8E, 0xF8, 0x67, 0x7E, 0x8F,
  21118. 0xF9, 0x51, 0x0E, 0xFF, 0x8E, 0xE2, 0x61, 0xC0,
  21119. 0xDF, 0xFA, 0xE2, 0x4C, 0x50, 0x90, 0xAE, 0xA1,
  21120. 0x15, 0x38, 0x3D, 0xBE, 0x88, 0xD7, 0x57, 0xC0,
  21121. 0x11, 0x44, 0xA2, 0x61, 0x05, 0x49, 0x6A, 0x94,
  21122. 0x04, 0x10, 0xD9, 0xC2, 0x2D, 0x15, 0x20, 0x0D,
  21123. 0xBD, 0xA2, 0xEF, 0xE4, 0x68, 0xFA, 0x39, 0x75,
  21124. 0x7E, 0xD8, 0x64, 0x44, 0xCB, 0xE0, 0x00, 0x6D,
  21125. 0x57, 0x4E, 0x8A, 0x17, 0xA9, 0x83, 0x6C, 0x7F,
  21126. 0xFE, 0x01, 0xEE, 0xDE, 0x99, 0x3A, 0xB2, 0xFF,
  21127. 0xD3, 0x72, 0x78, 0xBA, 0xF1, 0x23, 0x54, 0x48,
  21128. 0x02, 0xD8, 0x38, 0xA9, 0x54, 0xE5, 0x4A, 0x81,
  21129. 0xB9, 0xC0, 0x67, 0xB2, 0x7D, 0x3C, 0x6F, 0xCE,
  21130. 0xA4, 0xDD, 0x34, 0x5F, 0x60, 0xB1, 0xA3, 0x7A,
  21131. 0xE4, 0x43, 0xF2, 0x89, 0x64, 0x35, 0x09, 0x32,
  21132. 0x51, 0xFB, 0x5C, 0x67, 0x0C, 0x3B, 0xFC, 0x36,
  21133. 0x6B, 0x37, 0x43, 0x6C, 0x03, 0xCD, 0x44, 0xC7,
  21134. 0x2B, 0x62, 0xD6, 0xD1, 0xF4, 0x07, 0x7B, 0x19,
  21135. 0x91, 0xF0, 0xD7, 0xF5, 0x54, 0xBC, 0x0F, 0x42,
  21136. 0x6B, 0x69, 0xF7, 0xA3, 0xC8, 0xEE, 0xB9, 0x7A,
  21137. 0x9E, 0x3D, 0xDF, 0x53, 0x47, 0xF7, 0x50, 0x67,
  21138. 0x00, 0xCF, 0x2B, 0x3B, 0xE9, 0x85, 0xEE, 0xBD,
  21139. 0x4C, 0x64, 0x66, 0x0B, 0x77, 0x80, 0x9D, 0xEF,
  21140. 0x11, 0x32, 0x77, 0xA8, 0xA4, 0x5F, 0xEE, 0x2D,
  21141. 0xE0, 0x43, 0x87, 0x76, 0x87, 0x53, 0x4E, 0xD7,
  21142. 0x1A, 0x04, 0x7B, 0xE1, 0xD1, 0xE1, 0xF5, 0x87,
  21143. 0x51, 0x13, 0xE0, 0xC2, 0xAA, 0xA3, 0x4B, 0xAA,
  21144. 0x9E, 0xB4, 0xA6, 0x1D, 0x4E, 0x28, 0x57, 0x0B,
  21145. 0x80, 0x90, 0x81, 0x4E, 0x04, 0xF5, 0x30, 0x8D,
  21146. 0x51, 0xCE, 0x57, 0x2F, 0x88, 0xC5, 0x70, 0xC4,
  21147. 0x06, 0x8F, 0xDD, 0x37, 0xC1, 0x34, 0x1E, 0x0E,
  21148. 0x15, 0x32, 0x23, 0x92, 0xAB, 0x40, 0xEA, 0xF7,
  21149. 0x43, 0xE2, 0x1D, 0xE2, 0x4B, 0xC9, 0x91, 0xF4,
  21150. 0x63, 0x21, 0x34, 0xDB, 0xE9, 0x86, 0x83, 0x1A,
  21151. 0xD2, 0x52, 0xEF, 0x7A, 0xA2, 0xEE, 0xA4, 0x11,
  21152. 0x56, 0xD3, 0x6C, 0xF5, 0x6D, 0xE4, 0xA5, 0x2D,
  21153. 0x99, 0x02, 0x10, 0xDF, 0x29, 0xC5, 0xE3, 0x0B,
  21154. 0xC4, 0xA1, 0xEE, 0x5F, 0x4A, 0x10, 0xEE, 0x85,
  21155. 0x73, 0x2A, 0x92, 0x15, 0x2C, 0xC8, 0xF4, 0x8C,
  21156. 0xD7, 0x3D, 0xBC, 0xAD, 0x18, 0xE0, 0x59, 0xD3,
  21157. 0xEE, 0x75, 0x90, 0x1C, 0xCC, 0x76, 0xC6, 0x64,
  21158. 0x17, 0xD2, 0xD0, 0x91, 0xA6, 0xD0, 0xC1, 0x4A,
  21159. 0xAA, 0x58, 0x22, 0xEC, 0x45, 0x98, 0xF2, 0xCC,
  21160. 0x4C, 0xE4, 0xBF, 0xED, 0xF6, 0x44, 0x72, 0x36,
  21161. 0x65, 0x3F, 0xE3, 0xB5, 0x8B, 0x3E, 0x54, 0x9C,
  21162. 0x82, 0x86, 0x5E, 0xB0, 0xF2, 0x12, 0xE5, 0x69,
  21163. 0xFA, 0x46, 0xA2, 0x54, 0xFC, 0xF5, 0x4B, 0xE0,
  21164. 0x24, 0x3B, 0x99, 0x04, 0x1A, 0x7A, 0xF7, 0xD1,
  21165. 0xFF, 0x68, 0x97, 0xB2, 0x85, 0x82, 0x95, 0x27,
  21166. 0x2B, 0xF4, 0xE7, 0x1A, 0x74, 0x19, 0xEC, 0x8C,
  21167. 0x4E, 0xA7, 0x0F, 0xAD, 0x4F, 0x5A, 0x02, 0x80,
  21168. 0xC1, 0x6A, 0x9E, 0x54, 0xE4, 0x8E, 0xA3, 0x41,
  21169. 0x3F, 0x6F, 0x9C, 0x82, 0x9F, 0x83, 0xB0, 0x44,
  21170. 0x01, 0x5F, 0x10, 0x9D, 0xD3, 0xB6, 0x33, 0x5B,
  21171. 0xAF, 0xAC, 0x6B, 0x57, 0x2A, 0x01, 0xED, 0x0E,
  21172. 0x17, 0xB9, 0x80, 0x76, 0x12, 0x1C, 0x51, 0x56,
  21173. 0xDD, 0x6D, 0x94, 0xAB, 0xD2, 0xE5, 0x15, 0x2D,
  21174. 0x3C, 0xC5, 0xE8, 0x62, 0x05, 0x8B, 0x40, 0xB1,
  21175. 0xC2, 0x83, 0xCA, 0xAC, 0x4B, 0x8B, 0x39, 0xF7,
  21176. 0xA0, 0x08, 0x43, 0x5C, 0xF7, 0xE8, 0xED, 0x40,
  21177. 0x72, 0x73, 0xE3, 0x6B, 0x18, 0x67, 0xA0, 0xB6,
  21178. 0x0F, 0xED, 0x8F, 0x9A, 0xE4, 0x27, 0x62, 0x23,
  21179. 0xAA, 0x6D, 0x6C, 0x31, 0xC9, 0x9D, 0x6B, 0xE0,
  21180. 0xBF, 0x9D, 0x7D, 0x2E, 0x76, 0x71, 0x06, 0x39,
  21181. 0xAC, 0x96, 0x1C, 0xAF, 0x30, 0xF2, 0x62, 0x9C,
  21182. 0x84, 0x3F, 0x43, 0x5E, 0x19, 0xA8, 0xE5, 0x3C,
  21183. 0x9D, 0x43, 0x3C, 0x43, 0x41, 0xE8, 0x82, 0xE7,
  21184. 0x5B, 0xF3, 0xE2, 0x15, 0xE3, 0x52, 0x20, 0xFD,
  21185. 0x0D, 0xB2, 0x4D, 0x48, 0xAD, 0x53, 0x7E, 0x0C,
  21186. 0xF0, 0xB9, 0xBE, 0xC9, 0x58, 0x4B, 0xC8, 0xA8,
  21187. 0xA3, 0x36, 0xF1, 0x2C, 0xD2, 0xE1, 0xC8, 0xC4,
  21188. 0x3C, 0x48, 0x70, 0xC2, 0x6D, 0x6C, 0x3D, 0x99,
  21189. 0xAC, 0x43, 0x19, 0x69, 0xCA, 0x67, 0x1A, 0xC9,
  21190. 0xE1, 0x47, 0xFA, 0x0A, 0xE6, 0x5B, 0x6F, 0x61,
  21191. 0xD0, 0x03, 0xE4, 0x03, 0x4B, 0xFD, 0xE2, 0xA5,
  21192. 0x8D, 0x83, 0x01, 0x7E, 0xC0, 0x7B, 0x2E, 0x0B,
  21193. 0x29, 0xDD, 0xD6, 0xDC, 0x71, 0x46, 0xBD, 0x9A,
  21194. 0x40, 0x46, 0x1E, 0x0A, 0xB1, 0x00, 0xE7, 0x71,
  21195. 0x29, 0x77, 0xFC, 0x9A, 0x76, 0x8A, 0x5F, 0x66,
  21196. 0x9B, 0x63, 0x91, 0x12, 0x78, 0xBF, 0x67, 0xAD,
  21197. 0xA1, 0x72, 0x9E, 0xC5, 0x3E, 0xE5, 0xCB, 0xAF,
  21198. 0xD6, 0x5A, 0x0D, 0xB6, 0x9B, 0xA3, 0x78, 0xE8,
  21199. 0xB0, 0x8F, 0x69, 0xED, 0xC1, 0x73, 0xD5, 0xE5,
  21200. 0x1C, 0x18, 0xA0, 0x58, 0x4C, 0x49, 0xBD, 0x91,
  21201. 0xCE, 0x15, 0x0D, 0xAA, 0x5A, 0x07, 0xEA, 0x1C,
  21202. 0xA7, 0x4B, 0x11, 0x31, 0x80, 0xAF, 0xA1, 0x0A,
  21203. 0xED, 0x6C, 0x70, 0xE4, 0xDB, 0x75, 0x86, 0xAE,
  21204. 0xBF, 0x4A, 0x05, 0x72, 0xDE, 0x84, 0x8C, 0x7B,
  21205. 0x59, 0x81, 0x58, 0xE0, 0xC0, 0x15, 0xB5, 0xF3,
  21206. 0xD5, 0x73, 0x78, 0x83, 0x53, 0xDA, 0x92, 0xC1,
  21207. 0xE6, 0x71, 0x74, 0xC7, 0x7E, 0xAA, 0x36, 0x06,
  21208. 0xF0, 0xDF, 0xBA, 0xFB, 0xEF, 0x54, 0xE8, 0x11,
  21209. 0xB2, 0x33, 0xA3, 0x0B, 0x9E, 0x0C, 0x59, 0x75,
  21210. 0x13, 0xFA, 0x7F, 0x88, 0xB9, 0x86, 0xBD, 0x1A,
  21211. 0xDB, 0x52, 0x12, 0xFB, 0x6D, 0x1A, 0xCB, 0x49,
  21212. 0x94, 0x94, 0xC4, 0xA9, 0x99, 0xC0, 0xA4, 0xB6,
  21213. 0x60, 0x36, 0x09, 0x94, 0x2A, 0xD5, 0xC4, 0x26,
  21214. 0xF4, 0xA3, 0x6A, 0x0E, 0x57, 0x8B, 0x7C, 0xA4,
  21215. 0x1D, 0x75, 0xE8, 0x2A, 0xF3, 0xC4, 0x3C, 0x7D,
  21216. 0x45, 0x6D, 0xD8, 0x24, 0xD1, 0x3B, 0xF7, 0xCF,
  21217. 0xE4, 0x45, 0x2A, 0x55, 0xE5, 0xA9, 0x1F, 0x1C,
  21218. 0x8F, 0x55, 0x8D, 0xC1, 0xF7, 0x74, 0xCC, 0x26,
  21219. 0xC7, 0xBA, 0x2E, 0x5C, 0xC1, 0x71, 0x0A, 0xAA,
  21220. 0xD9, 0x6D, 0x76, 0xA7, 0xF9, 0xD1, 0x18, 0xCB,
  21221. 0x5A, 0x52, 0x98, 0xA8, 0x0D, 0x3F, 0x06, 0xFC,
  21222. 0x49, 0x11, 0x21, 0x5F, 0x86, 0x19, 0x33, 0x81,
  21223. 0xB5, 0x7A, 0xDA, 0xA1, 0x47, 0xBF, 0x7C, 0xD7,
  21224. 0x05, 0x96, 0xC7, 0xF5, 0xC1, 0x61, 0xE5, 0x18,
  21225. 0xA5, 0x38, 0x68, 0xED, 0xB4, 0x17, 0x62, 0x0D,
  21226. 0x01, 0x5E, 0xC3, 0x04, 0xA6, 0xBA, 0xB1, 0x01,
  21227. 0x60, 0x5C, 0xC1, 0x3A, 0x34, 0x97, 0xD6, 0xDB,
  21228. 0x67, 0x73, 0x4D, 0x33, 0x96, 0x01, 0x67, 0x44,
  21229. 0xEA, 0x47, 0x5E, 0x44, 0xB5, 0xE5, 0xD1, 0x6C,
  21230. 0x20, 0xA9, 0x6D, 0x4D, 0xBC, 0x02, 0xF0, 0x70,
  21231. 0xE4, 0xDD, 0xE9, 0xD5, 0x5C, 0x28, 0x29, 0x0B,
  21232. 0xB4, 0x60, 0x2A, 0xF1, 0xF7, 0x1A, 0xF0, 0x36,
  21233. 0xAE, 0x51, 0x3A, 0xAE, 0x6E, 0x48, 0x7D, 0xC7,
  21234. 0x5C, 0xF3, 0xDC, 0xF6, 0xED, 0x27, 0x4E, 0x8E,
  21235. 0x48, 0x18, 0x3E, 0x08, 0xF1, 0xD8, 0x3D, 0x0D,
  21236. 0xE7, 0x2F, 0x65, 0x8A, 0x6F, 0xE2, 0x1E, 0x06,
  21237. 0xC1, 0x04, 0x58, 0x7B, 0x4A, 0x75, 0x60, 0x92,
  21238. 0x13, 0xC6, 0x40, 0x2D, 0x3A, 0x8A, 0xD1, 0x03,
  21239. 0x05, 0x1F, 0x28, 0x66, 0xC2, 0x57, 0x2A, 0x4C,
  21240. 0xE1, 0xA3, 0xCB, 0xA1, 0x95, 0x30, 0x10, 0xED,
  21241. 0xDF, 0xAE, 0x70, 0x49, 0x4E, 0xF6, 0xB4, 0x5A,
  21242. 0xB6, 0x22, 0x56, 0x37, 0x05, 0xE7, 0x3E, 0xB2,
  21243. 0xE3, 0x96, 0x62, 0xEC, 0x09, 0x53, 0xC0, 0x50,
  21244. 0x3D, 0xA7, 0xBC, 0x9B, 0x39, 0x02, 0x26, 0x16,
  21245. 0xB5, 0x34, 0x17, 0xD4, 0xCA, 0xFE, 0x1D, 0xE4,
  21246. 0x5A, 0xDA, 0x4C, 0xC2, 0xCA, 0x8E, 0x79, 0xBF,
  21247. 0xD8, 0x4C, 0xBB, 0xFA, 0x30, 0x7B, 0xA9, 0x3E,
  21248. 0x52, 0x19, 0xB1, 0x00, 0x00, 0x00, 0x00, 0x00,
  21249. 0x00, 0x00, 0x00, 0x00, 0x00
  21250. };
  21251. #endif /* HAVE_PKCS7 && !NO_FILESYSTEM && ASN_BER_TO_DER && !NO_DES3 */
  21252. /*
  21253. * Testing wc_PKCS7_BER()
  21254. */
  21255. static void test_wc_PKCS7_BER(void)
  21256. {
  21257. #if defined(HAVE_PKCS7) && !defined(NO_FILESYSTEM) && \
  21258. defined(ASN_BER_TO_DER)
  21259. PKCS7* pkcs7;
  21260. char fName[] = "./certs/test-ber-exp02-05-2022.p7b";
  21261. XFILE f;
  21262. byte der[4096];
  21263. #ifndef NO_DES3
  21264. byte decoded[2048];
  21265. #endif
  21266. word32 derSz;
  21267. int ret;
  21268. printf(testingFmt, "wc_PKCS7_BER()");
  21269. AssertNotNull(f = XFOPEN(fName, "rb"));
  21270. AssertIntGT((ret = (int)fread(der, 1, sizeof(der), f)), 0);
  21271. derSz = (word32)ret;
  21272. XFCLOSE(f);
  21273. AssertNotNull(pkcs7 = wc_PKCS7_New(HEAP_HINT, devId));
  21274. AssertIntEQ(wc_PKCS7_Init(pkcs7, HEAP_HINT, INVALID_DEVID), 0);
  21275. AssertIntEQ(wc_PKCS7_InitWithCert(pkcs7, NULL, 0), 0);
  21276. #ifndef NO_RSA
  21277. AssertIntEQ(wc_PKCS7_VerifySignedData(pkcs7, der, derSz), 0);
  21278. #else
  21279. AssertIntNE(wc_PKCS7_VerifySignedData(pkcs7, der, derSz), 0);
  21280. #endif
  21281. wc_PKCS7_Free(pkcs7);
  21282. #ifndef NO_DES3
  21283. /* decode BER content */
  21284. AssertNotNull(f = XFOPEN("./certs/1024/client-cert.der", "rb"));
  21285. AssertIntGT((ret = (int)fread(der, 1, sizeof(der), f)), 0);
  21286. derSz = (word32)ret;
  21287. XFCLOSE(f);
  21288. AssertNotNull(pkcs7 = wc_PKCS7_New(HEAP_HINT, devId));
  21289. #ifndef NO_RSA
  21290. AssertIntEQ(wc_PKCS7_InitWithCert(pkcs7, der, derSz), 0);
  21291. #else
  21292. AssertIntNE(wc_PKCS7_InitWithCert(pkcs7, der, derSz), 0);
  21293. #endif
  21294. AssertNotNull(f = XFOPEN("./certs/1024/client-key.der", "rb"));
  21295. AssertIntGT((ret = (int)fread(der, 1, sizeof(der), f)), 0);
  21296. derSz = (word32)ret;
  21297. XFCLOSE(f);
  21298. pkcs7->privateKey = der;
  21299. pkcs7->privateKeySz = derSz;
  21300. #ifndef NO_RSA
  21301. #ifdef WOLFSSL_SP_MATH
  21302. AssertIntEQ(wc_PKCS7_DecodeEnvelopedData(pkcs7, berContent,
  21303. sizeof(berContent), decoded, sizeof(decoded)), WC_KEY_SIZE_E);
  21304. #else
  21305. AssertIntGT(wc_PKCS7_DecodeEnvelopedData(pkcs7, berContent,
  21306. sizeof(berContent), decoded, sizeof(decoded)), 0);
  21307. #endif
  21308. #else
  21309. AssertIntEQ(wc_PKCS7_DecodeEnvelopedData(pkcs7, berContent,
  21310. sizeof(berContent), decoded, sizeof(decoded)), NOT_COMPILED_IN);
  21311. #endif
  21312. wc_PKCS7_Free(pkcs7);
  21313. #endif /* !NO_DES3 */
  21314. printf(resultFmt, passed);
  21315. #endif
  21316. } /* END test_wc_PKCS7_BER() */
  21317. static void test_PKCS7_signed_enveloped(void)
  21318. {
  21319. #if defined(HAVE_PKCS7) && !defined(NO_FILESYSTEM) && !defined(NO_RSA) \
  21320. && !defined(NO_AES)
  21321. XFILE f;
  21322. PKCS7* pkcs7;
  21323. PKCS7* inner;
  21324. void* pt;
  21325. WC_RNG rng;
  21326. unsigned char key[FOURK_BUF/2];
  21327. unsigned char cert[FOURK_BUF/2];
  21328. unsigned char env[FOURK_BUF];
  21329. int envSz = FOURK_BUF;
  21330. int keySz;
  21331. int certSz;
  21332. unsigned char sig[FOURK_BUF * 2];
  21333. int sigSz = FOURK_BUF * 2;
  21334. unsigned char decoded[FOURK_BUF];
  21335. int decodedSz = FOURK_BUF;
  21336. printf(testingFmt, "PKCS7_signed_enveloped");
  21337. /* load cert */
  21338. AssertNotNull(f = XFOPEN(cliCertDerFile, "rb"));
  21339. AssertIntGT((certSz = (int)XFREAD(cert, 1, sizeof(cert), f)), 0);
  21340. XFCLOSE(f);
  21341. /* load key */
  21342. AssertNotNull(f = XFOPEN(cliKeyFile, "rb"));
  21343. AssertIntGT((keySz = (int)XFREAD(key, 1, sizeof(key), f)), 0);
  21344. XFCLOSE(f);
  21345. keySz = wolfSSL_KeyPemToDer(key, keySz, key, keySz, NULL);
  21346. /* sign cert for envelope */
  21347. AssertNotNull(pkcs7 = wc_PKCS7_New(NULL, 0));
  21348. AssertIntEQ(wc_InitRng(&rng), 0);
  21349. AssertIntEQ(wc_PKCS7_InitWithCert(pkcs7, cert, certSz), 0);
  21350. pkcs7->content = cert;
  21351. pkcs7->contentSz = certSz;
  21352. pkcs7->contentOID = DATA;
  21353. pkcs7->privateKey = key;
  21354. pkcs7->privateKeySz = keySz;
  21355. pkcs7->encryptOID = RSAk;
  21356. pkcs7->hashOID = SHA256h;
  21357. pkcs7->rng = &rng;
  21358. AssertIntGT((sigSz = wc_PKCS7_EncodeSignedData(pkcs7, sig, sigSz)), 0);
  21359. wc_PKCS7_Free(pkcs7);
  21360. wc_FreeRng(&rng);
  21361. /* create envelope */
  21362. AssertNotNull(pkcs7 = wc_PKCS7_New(NULL, 0));
  21363. AssertIntEQ(wc_PKCS7_InitWithCert(pkcs7, cert, certSz), 0);
  21364. pkcs7->content = sig;
  21365. pkcs7->contentSz = sigSz;
  21366. pkcs7->contentOID = DATA;
  21367. pkcs7->encryptOID = AES256CBCb;
  21368. pkcs7->privateKey = key;
  21369. pkcs7->privateKeySz = keySz;
  21370. AssertIntGT((envSz = wc_PKCS7_EncodeEnvelopedData(pkcs7, env, envSz)), 0);
  21371. wc_PKCS7_Free(pkcs7);
  21372. /* create bad signed enveloped data */
  21373. sigSz = FOURK_BUF * 2;
  21374. AssertNotNull(pkcs7 = wc_PKCS7_New(NULL, 0));
  21375. AssertIntEQ(wc_InitRng(&rng), 0);
  21376. AssertIntEQ(wc_PKCS7_InitWithCert(pkcs7, cert, certSz), 0);
  21377. pkcs7->content = env;
  21378. pkcs7->contentSz = envSz;
  21379. pkcs7->contentOID = DATA;
  21380. pkcs7->privateKey = key;
  21381. pkcs7->privateKeySz = keySz;
  21382. pkcs7->encryptOID = RSAk;
  21383. pkcs7->hashOID = SHA256h;
  21384. pkcs7->rng = &rng;
  21385. /* Set no certs in bundle for this test. Hang on to the pointer though to
  21386. * free it later. */
  21387. pt = (void*)pkcs7->certList;
  21388. pkcs7->certList = NULL; /* no certs in bundle */
  21389. AssertIntGT((sigSz = wc_PKCS7_EncodeSignedData(pkcs7, sig, sigSz)), 0);
  21390. pkcs7->certList = (Pkcs7Cert*)pt; /* restore pointer for PKCS7 free call */
  21391. wc_PKCS7_Free(pkcs7);
  21392. /* check verify fails */
  21393. AssertNotNull(pkcs7 = wc_PKCS7_New(NULL, 0));
  21394. AssertIntEQ(wc_PKCS7_InitWithCert(pkcs7, NULL, 0), 0);
  21395. AssertIntEQ(wc_PKCS7_VerifySignedData(pkcs7, sig, sigSz),
  21396. PKCS7_SIGNEEDS_CHECK);
  21397. /* try verifying the signature manually */
  21398. {
  21399. RsaKey rKey;
  21400. word32 idx = 0;
  21401. byte digest[MAX_SEQ_SZ + MAX_ALGO_SZ + MAX_OCTET_STR_SZ +
  21402. WC_MAX_DIGEST_SIZE];
  21403. int digestSz;
  21404. AssertIntEQ(wc_InitRsaKey(&rKey, HEAP_HINT), 0);
  21405. AssertIntEQ(wc_RsaPrivateKeyDecode(key, &idx, &rKey, keySz), 0);
  21406. digestSz = wc_RsaSSL_Verify(pkcs7->signature, pkcs7->signatureSz,
  21407. digest, sizeof(digest), &rKey);
  21408. AssertIntGT(digestSz, 0);
  21409. AssertIntEQ(digestSz, pkcs7->pkcs7DigestSz);
  21410. AssertIntEQ(XMEMCMP(digest, pkcs7->pkcs7Digest, digestSz), 0);
  21411. AssertIntEQ(wc_FreeRsaKey(&rKey), 0);
  21412. /* verify was success */
  21413. }
  21414. wc_PKCS7_Free(pkcs7);
  21415. /* initializing the PKCS7 struct with the signing certificate should pass */
  21416. AssertNotNull(pkcs7 = wc_PKCS7_New(NULL, 0));
  21417. AssertIntEQ(wc_PKCS7_InitWithCert(pkcs7, cert, certSz), 0);
  21418. AssertIntEQ(wc_PKCS7_VerifySignedData(pkcs7, sig, sigSz), 0);
  21419. wc_PKCS7_Free(pkcs7);
  21420. /* create valid degenerate bundle */
  21421. sigSz = FOURK_BUF * 2;
  21422. AssertNotNull(pkcs7 = wc_PKCS7_New(NULL, 0));
  21423. pkcs7->content = env;
  21424. pkcs7->contentSz = envSz;
  21425. pkcs7->contentOID = DATA;
  21426. pkcs7->privateKey = key;
  21427. pkcs7->privateKeySz = keySz;
  21428. pkcs7->encryptOID = RSAk;
  21429. pkcs7->hashOID = SHA256h;
  21430. pkcs7->rng = &rng;
  21431. AssertIntEQ(wc_PKCS7_SetSignerIdentifierType(pkcs7, DEGENERATE_SID), 0);
  21432. AssertIntGT((sigSz = wc_PKCS7_EncodeSignedData(pkcs7, sig, sigSz)), 0);
  21433. wc_PKCS7_Free(pkcs7);
  21434. wc_FreeRng(&rng);
  21435. /* check verify */
  21436. AssertNotNull(pkcs7 = wc_PKCS7_New(NULL, 0));
  21437. AssertIntEQ(wc_PKCS7_Init(pkcs7, HEAP_HINT, devId), 0);
  21438. AssertIntEQ(wc_PKCS7_VerifySignedData(pkcs7, sig, sigSz), 0);
  21439. AssertNotNull(pkcs7->content);
  21440. /* check decode */
  21441. AssertNotNull(inner = wc_PKCS7_New(NULL, 0));
  21442. AssertIntEQ(wc_PKCS7_InitWithCert(inner, cert, certSz), 0);
  21443. inner->privateKey = key;
  21444. inner->privateKeySz = keySz;
  21445. AssertIntGT((decodedSz = wc_PKCS7_DecodeEnvelopedData(inner, pkcs7->content,
  21446. pkcs7->contentSz, decoded, decodedSz)), 0);
  21447. wc_PKCS7_Free(inner);
  21448. wc_PKCS7_Free(pkcs7);
  21449. /* check cert set */
  21450. AssertNotNull(pkcs7 = wc_PKCS7_New(NULL, 0));
  21451. AssertIntEQ(wc_PKCS7_InitWithCert(pkcs7, NULL, 0), 0);
  21452. AssertIntEQ(wc_PKCS7_VerifySignedData(pkcs7, decoded, decodedSz), 0);
  21453. AssertNotNull(pkcs7->singleCert);
  21454. AssertIntNE(pkcs7->singleCertSz, 0);
  21455. wc_PKCS7_Free(pkcs7);
  21456. printf(resultFmt, passed);
  21457. #endif
  21458. }
  21459. static void test_wc_PKCS7_NoDefaultSignedAttribs (void)
  21460. {
  21461. #if defined(HAVE_PKCS7) && !defined(NO_FILESYSTEM) && !defined(NO_RSA) \
  21462. && !defined(NO_AES)
  21463. PKCS7* pkcs7;
  21464. void* heap = NULL;
  21465. printf(testingFmt, "wc_PKCS7_NoDefaultSignedAttribs()");
  21466. pkcs7 = wc_PKCS7_New(heap, devId);
  21467. AssertNotNull(pkcs7);
  21468. AssertIntEQ(wc_PKCS7_Init(pkcs7, heap, devId), 0);
  21469. AssertIntEQ(wc_PKCS7_NoDefaultSignedAttribs(NULL), BAD_FUNC_ARG);
  21470. AssertIntEQ(wc_PKCS7_NoDefaultSignedAttribs(pkcs7), 0);
  21471. wc_PKCS7_Free(pkcs7);
  21472. printf(resultFmt, passed);
  21473. #endif
  21474. }
  21475. static void test_wc_PKCS7_SetOriEncryptCtx (void)
  21476. {
  21477. #if defined(HAVE_PKCS7) && !defined(NO_FILESYSTEM) && !defined(NO_RSA) \
  21478. && !defined(NO_AES)
  21479. PKCS7* pkcs7;
  21480. void* heap = NULL;
  21481. WOLFSSL_CTX* ctx;
  21482. ctx = NULL;
  21483. printf(testingFmt, "wc_PKCS7_SetOriEncryptCtx()");
  21484. pkcs7 = wc_PKCS7_New(heap, devId);
  21485. AssertNotNull(pkcs7);
  21486. AssertIntEQ(wc_PKCS7_Init(pkcs7, heap, devId), 0);
  21487. AssertIntEQ(wc_PKCS7_SetOriEncryptCtx(NULL, ctx), BAD_FUNC_ARG);
  21488. AssertIntEQ(wc_PKCS7_SetOriEncryptCtx(pkcs7, ctx), 0);
  21489. wc_PKCS7_Free(pkcs7);
  21490. printf(resultFmt, passed);
  21491. #endif
  21492. }
  21493. static void test_wc_PKCS7_SetOriDecryptCtx (void)
  21494. {
  21495. #if defined(HAVE_PKCS7) && !defined(NO_FILESYSTEM) && !defined(NO_RSA) \
  21496. && !defined(NO_AES)
  21497. PKCS7* pkcs7;
  21498. void* heap = NULL;
  21499. WOLFSSL_CTX* ctx;
  21500. ctx = NULL;
  21501. printf(testingFmt, "wc_PKCS7_SetOriDecryptCtx()");
  21502. pkcs7 = wc_PKCS7_New(heap, devId);
  21503. AssertNotNull(pkcs7);
  21504. AssertIntEQ(wc_PKCS7_Init(pkcs7, heap, devId), 0);
  21505. AssertIntEQ(wc_PKCS7_SetOriDecryptCtx(NULL, ctx), BAD_FUNC_ARG);
  21506. AssertIntEQ(wc_PKCS7_SetOriDecryptCtx(pkcs7, ctx), 0);
  21507. wc_PKCS7_Free(pkcs7);
  21508. printf(resultFmt, passed);
  21509. #endif
  21510. }
  21511. static void test_wc_PKCS7_DecodeCompressedData(void)
  21512. {
  21513. #if defined(HAVE_PKCS7) && !defined(NO_FILESYSTEM) && !defined(NO_RSA) \
  21514. && !defined(NO_AES) && defined(HAVE_LIBZ)
  21515. PKCS7* pkcs7;
  21516. void* heap = NULL;
  21517. byte out[4096];
  21518. byte *decompressed;
  21519. int outSz, decompressedSz;
  21520. const char* cert = "./certs/client-cert.pem";
  21521. byte* cert_buf = NULL;
  21522. size_t cert_sz = 0;
  21523. printf(testingFmt, "wc_PKCS7_DecodeCompressedData()");
  21524. AssertIntEQ(load_file(cert, &cert_buf, &cert_sz), 0);
  21525. AssertNotNull((decompressed =
  21526. (byte*)XMALLOC(cert_sz, heap, DYNAMIC_TYPE_TMP_BUFFER)));
  21527. decompressedSz = (int)cert_sz;
  21528. AssertNotNull((pkcs7 = wc_PKCS7_New(heap, devId)));
  21529. pkcs7->content = (byte*)cert_buf;
  21530. pkcs7->contentSz = (word32)cert_sz;
  21531. pkcs7->contentOID = DATA;
  21532. AssertIntGT((outSz = wc_PKCS7_EncodeCompressedData(pkcs7, out,
  21533. sizeof(out))), 0);
  21534. wc_PKCS7_Free(pkcs7);
  21535. /* compressed key should be smaller than when started */
  21536. AssertIntLT(outSz, cert_sz);
  21537. /* test decompression */
  21538. AssertNotNull((pkcs7 = wc_PKCS7_New(heap, devId)));
  21539. /* fail case with out buffer too small */
  21540. AssertIntLT(wc_PKCS7_DecodeCompressedData(pkcs7, out, outSz,
  21541. decompressed, outSz), 0);
  21542. /* success case */
  21543. AssertIntEQ(wc_PKCS7_DecodeCompressedData(pkcs7, out, outSz,
  21544. decompressed, decompressedSz), cert_sz);
  21545. AssertIntEQ(XMEMCMP(decompressed, cert_buf, cert_sz), 0);
  21546. XFREE(decompressed, heap, DYNAMIC_TYPE_TMP_BUFFER);
  21547. decompressed = NULL;
  21548. /* test decompression function with different 'max' inputs */
  21549. outSz = sizeof(out);
  21550. AssertIntGT((outSz = wc_Compress(out, outSz, cert_buf, (word32)cert_sz, 0)),
  21551. 0);
  21552. AssertIntLT(wc_DeCompressDynamic(&decompressed, 1, DYNAMIC_TYPE_TMP_BUFFER,
  21553. out, outSz, 0, heap), 0);
  21554. AssertNull(decompressed);
  21555. AssertIntGT(wc_DeCompressDynamic(&decompressed, -1, DYNAMIC_TYPE_TMP_BUFFER,
  21556. out, outSz, 0, heap), 0);
  21557. AssertNotNull(decompressed);
  21558. AssertIntEQ(XMEMCMP(decompressed, cert_buf, cert_sz), 0);
  21559. XFREE(decompressed, heap, DYNAMIC_TYPE_TMP_BUFFER);
  21560. decompressed = NULL;
  21561. AssertIntGT(wc_DeCompressDynamic(&decompressed, DYNAMIC_TYPE_TMP_BUFFER, 5,
  21562. out, outSz, 0, heap), 0);
  21563. AssertNotNull(decompressed);
  21564. AssertIntEQ(XMEMCMP(decompressed, cert_buf, cert_sz), 0);
  21565. XFREE(decompressed, heap, DYNAMIC_TYPE_TMP_BUFFER);
  21566. if (cert_buf)
  21567. free(cert_buf);
  21568. wc_PKCS7_Free(pkcs7);
  21569. printf(resultFmt, passed);
  21570. #endif
  21571. }
  21572. static void test_wc_i2d_PKCS12(void)
  21573. {
  21574. #if !defined(NO_ASN) && !defined(NO_PWDBASED) && defined(HAVE_PKCS12) \
  21575. && !defined(NO_FILESYSTEM) && !defined(NO_RSA) \
  21576. && !defined(NO_AES) && !defined(NO_DES3) && !defined(NO_SHA)
  21577. WC_PKCS12* pkcs12 = NULL;
  21578. unsigned char der[FOURK_BUF * 2];
  21579. unsigned char* pt;
  21580. int derSz;
  21581. unsigned char out[FOURK_BUF * 2];
  21582. int outSz = FOURK_BUF * 2;
  21583. const char p12_f[] = "./certs/test-servercert.p12";
  21584. XFILE f;
  21585. printf(testingFmt, "wc_i2d_PKCS12");
  21586. f = XFOPEN(p12_f, "rb");
  21587. AssertNotNull(f);
  21588. derSz = (int)XFREAD(der, 1, sizeof(der), f);
  21589. AssertIntGT(derSz, 0);
  21590. XFCLOSE(f);
  21591. AssertNotNull(pkcs12 = wc_PKCS12_new());
  21592. AssertIntEQ(wc_d2i_PKCS12(der, derSz, pkcs12), 0);
  21593. AssertIntEQ(wc_i2d_PKCS12(pkcs12, NULL, &outSz), LENGTH_ONLY_E);
  21594. AssertIntEQ(outSz, derSz);
  21595. outSz = derSz - 1;
  21596. pt = out;
  21597. AssertIntLE(wc_i2d_PKCS12(pkcs12, &pt, &outSz), 0);
  21598. outSz = derSz;
  21599. AssertIntEQ(wc_i2d_PKCS12(pkcs12, &pt, &outSz), derSz);
  21600. AssertIntEQ((pt == out), 0);
  21601. pt = NULL;
  21602. AssertIntEQ(wc_i2d_PKCS12(pkcs12, &pt, NULL), derSz);
  21603. XFREE(pt, NULL, DYNAMIC_TYPE_PKCS);
  21604. wc_PKCS12_free(pkcs12);
  21605. printf(resultFmt, passed);
  21606. #endif
  21607. }
  21608. /* Testing wc_SignatureGetSize() for signature type ECC */
  21609. static int test_wc_SignatureGetSize_ecc(void)
  21610. {
  21611. int ret = 0;
  21612. #ifndef NO_SIG_WRAPPER
  21613. #if defined(HAVE_ECC) && !defined(NO_ECC256)
  21614. enum wc_SignatureType sig_type;
  21615. word32 key_len;
  21616. /* Initialize ECC Key */
  21617. ecc_key ecc;
  21618. const char* qx =
  21619. "fa2737fb93488d19caef11ae7faf6b7f4bcd67b286e3fc54e8a65c2b74aeccb0";
  21620. const char* qy =
  21621. "d4ccd6dae698208aa8c3a6f39e45510d03be09b2f124bfc067856c324f9b4d09";
  21622. const char* d =
  21623. "be34baa8d040a3b991f9075b56ba292f755b90e4b6dc10dad36715c33cfdac25";
  21624. ret = wc_ecc_init(&ecc);
  21625. if (ret == 0) {
  21626. ret = wc_ecc_import_raw(&ecc, qx, qy, d, "SECP256R1");
  21627. }
  21628. printf(testingFmt, "wc_SigntureGetSize_ecc()");
  21629. if (ret == 0) {
  21630. /* Input for signature type ECC */
  21631. sig_type = WC_SIGNATURE_TYPE_ECC;
  21632. key_len = sizeof(ecc_key);
  21633. ret = wc_SignatureGetSize(sig_type, &ecc, key_len);
  21634. /* Test bad args */
  21635. if (ret > 0) {
  21636. sig_type = (enum wc_SignatureType) 100;
  21637. ret = wc_SignatureGetSize(sig_type, &ecc, key_len);
  21638. if (ret == BAD_FUNC_ARG) {
  21639. sig_type = WC_SIGNATURE_TYPE_ECC;
  21640. ret = wc_SignatureGetSize(sig_type, NULL, key_len);
  21641. }
  21642. if (ret >= 0) {
  21643. key_len = (word32) 0;
  21644. ret = wc_SignatureGetSize(sig_type, &ecc, key_len);
  21645. }
  21646. if (ret == BAD_FUNC_ARG) {
  21647. ret = SIG_TYPE_E;
  21648. }
  21649. }
  21650. } else {
  21651. ret = WOLFSSL_FATAL_ERROR;
  21652. }
  21653. wc_ecc_free(&ecc);
  21654. #else
  21655. ret = SIG_TYPE_E;
  21656. #endif
  21657. if (ret == SIG_TYPE_E) {
  21658. ret = 0;
  21659. }
  21660. else {
  21661. ret = WOLFSSL_FATAL_ERROR;
  21662. }
  21663. printf(resultFmt, ret == 0 ? passed : failed);
  21664. #endif /* NO_SIG_WRAPPER */
  21665. return ret;
  21666. }/* END test_wc_SignatureGetSize_ecc() */
  21667. /* Testing wc_SignatureGetSize() for signature type rsa */
  21668. static int test_wc_SignatureGetSize_rsa(void)
  21669. {
  21670. int ret = 0;
  21671. #ifndef NO_SIG_WRAPPER
  21672. #ifndef NO_RSA
  21673. enum wc_SignatureType sig_type;
  21674. word32 key_len;
  21675. word32 idx = 0;
  21676. /* Initialize RSA Key */
  21677. RsaKey rsa_key;
  21678. byte* tmp = NULL;
  21679. size_t bytes;
  21680. #ifdef USE_CERT_BUFFERS_1024
  21681. bytes = (size_t)sizeof_client_key_der_1024;
  21682. if (bytes < (size_t)sizeof_client_key_der_1024)
  21683. bytes = (size_t)sizeof_client_cert_der_1024;
  21684. #elif defined(USE_CERT_BUFFERS_2048)
  21685. bytes = (size_t)sizeof_client_key_der_2048;
  21686. if (bytes < (size_t)sizeof_client_cert_der_2048)
  21687. bytes = (size_t)sizeof_client_cert_der_2048;
  21688. #else
  21689. bytes = FOURK_BUF;
  21690. #endif
  21691. tmp = (byte*)XMALLOC(bytes, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  21692. if (tmp != NULL) {
  21693. #ifdef USE_CERT_BUFFERS_1024
  21694. XMEMCPY(tmp, client_key_der_1024,
  21695. (size_t)sizeof_client_key_der_1024);
  21696. #elif defined(USE_CERT_BUFFERS_2048)
  21697. XMEMCPY(tmp, client_key_der_2048,
  21698. (size_t)sizeof_client_key_der_2048);
  21699. #elif !defined(NO_FILESYSTEM)
  21700. file = XFOPEN(clientKey, "rb");
  21701. if (file != XBADFILE) {
  21702. bytes = (size_t)XFREAD(tmp, 1, FOURK_BUF, file);
  21703. XFCLOSE(file);
  21704. }
  21705. else {
  21706. ret = WOLFSSL_FATAL_ERROR;
  21707. }
  21708. #else
  21709. ret = WOLFSSL_FATAL_ERROR;
  21710. #endif
  21711. } else {
  21712. ret = WOLFSSL_FATAL_ERROR;
  21713. }
  21714. if (ret == 0) {
  21715. ret = wc_InitRsaKey_ex(&rsa_key, HEAP_HINT, devId);
  21716. }
  21717. if (ret == 0) {
  21718. ret = wc_RsaPrivateKeyDecode(tmp, &idx, &rsa_key, (word32)bytes);
  21719. }
  21720. printf(testingFmt, "wc_SigntureGetSize_rsa()");
  21721. if (ret == 0) {
  21722. /* Input for signature type RSA */
  21723. sig_type = WC_SIGNATURE_TYPE_RSA;
  21724. key_len = sizeof(RsaKey);
  21725. ret = wc_SignatureGetSize(sig_type, &rsa_key, key_len);
  21726. /* Test bad args */
  21727. if (ret > 0) {
  21728. sig_type = (enum wc_SignatureType) 100;
  21729. ret = wc_SignatureGetSize(sig_type, &rsa_key, key_len);
  21730. if (ret == BAD_FUNC_ARG) {
  21731. sig_type = WC_SIGNATURE_TYPE_RSA;
  21732. ret = wc_SignatureGetSize(sig_type, NULL, key_len);
  21733. }
  21734. #ifndef HAVE_USER_RSA
  21735. if (ret == BAD_FUNC_ARG) {
  21736. #else
  21737. if (ret == 0) {
  21738. #endif
  21739. key_len = (word32)0;
  21740. ret = wc_SignatureGetSize(sig_type, &rsa_key, key_len);
  21741. }
  21742. if (ret == BAD_FUNC_ARG) {
  21743. ret = SIG_TYPE_E;
  21744. }
  21745. }
  21746. } else {
  21747. ret = WOLFSSL_FATAL_ERROR;
  21748. }
  21749. wc_FreeRsaKey(&rsa_key);
  21750. XFREE(tmp, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  21751. #else
  21752. ret = SIG_TYPE_E;
  21753. #endif
  21754. if (ret == SIG_TYPE_E) {
  21755. ret = 0;
  21756. }else {
  21757. ret = WOLFSSL_FATAL_ERROR;
  21758. }
  21759. printf(resultFmt, ret == 0 ? passed : failed);
  21760. #endif /* NO_SIG_WRAPPER */
  21761. return ret;
  21762. }/* END test_wc_SignatureGetSize_rsa(void) */
  21763. /*----------------------------------------------------------------------------*
  21764. | hash.h Tests
  21765. *----------------------------------------------------------------------------*/
  21766. static int test_wc_HashInit(void)
  21767. {
  21768. int ret = 0, i; /* 0 indicates tests passed, 1 indicates failure */
  21769. wc_HashAlg hash;
  21770. /* enum for holding supported algorithms, #ifndef's restrict if disabled */
  21771. enum wc_HashType enumArray[] = {
  21772. #ifndef NO_MD5
  21773. WC_HASH_TYPE_MD5,
  21774. #endif
  21775. #ifndef NO_SHA
  21776. WC_HASH_TYPE_SHA,
  21777. #endif
  21778. #ifndef WOLFSSL_SHA224
  21779. WC_HASH_TYPE_SHA224,
  21780. #endif
  21781. #ifndef NO_SHA256
  21782. WC_HASH_TYPE_SHA256,
  21783. #endif
  21784. #ifndef WOLFSSL_SHA384
  21785. WC_HASH_TYPE_SHA384,
  21786. #endif
  21787. #ifndef WOLFSSL_SHA512
  21788. WC_HASH_TYPE_SHA512,
  21789. #endif
  21790. };
  21791. /* dynamically finds the length */
  21792. int enumlen = (sizeof(enumArray)/sizeof(enum wc_HashType));
  21793. /* For loop to test various arguments... */
  21794. for (i = 0; i < enumlen; i++) {
  21795. /* check for bad args */
  21796. if (wc_HashInit(&hash, enumArray[i]) == BAD_FUNC_ARG) {
  21797. ret = 1;
  21798. break;
  21799. }
  21800. wc_HashFree(&hash, enumArray[i]);
  21801. /* check for null ptr */
  21802. if (wc_HashInit(NULL, enumArray[i]) != BAD_FUNC_ARG) {
  21803. ret = 1;
  21804. break;
  21805. }
  21806. } /* end of for loop */
  21807. printf(testingFmt, "wc_HashInit()");
  21808. if (ret==0) { /* all tests have passed */
  21809. printf(resultFmt, passed);
  21810. }
  21811. else { /* a test has failed */
  21812. printf(resultFmt, failed);
  21813. }
  21814. return ret;
  21815. } /* end of test_wc_HashInit */
  21816. /*
  21817. * Unit test function for wc_HashSetFlags()
  21818. */
  21819. static int test_wc_HashSetFlags(void)
  21820. {
  21821. int ret = 0;
  21822. #if defined(WOLFSSL_HASH_FLAGS) || defined(WOLF_CRYPTO_CB)
  21823. wc_HashAlg hash;
  21824. word32 flags = 0;
  21825. int i, j;
  21826. printf(testingFmt, "wc_HashSetFlags()");
  21827. /* enum for holding supported algorithms, #ifndef's restrict if disabled */
  21828. enum wc_HashType enumArray[] = {
  21829. #ifndef NO_MD5
  21830. WC_HASH_TYPE_MD5,
  21831. #endif
  21832. #ifndef NO_SHA
  21833. WC_HASH_TYPE_SHA,
  21834. #endif
  21835. #ifdef WOLFSSL_SHA224
  21836. WC_HASH_TYPE_SHA224,
  21837. #endif
  21838. #ifndef NO_SHA256
  21839. WC_HASH_TYPE_SHA256,
  21840. #endif
  21841. #ifdef WOLFSSL_SHA384
  21842. WC_HASH_TYPE_SHA384,
  21843. #endif
  21844. #ifdef WOLFSSL_SHA512
  21845. WC_HASH_TYPE_SHA512,
  21846. #endif
  21847. #ifdef WOLFSSL_SHA3
  21848. WC_HASH_TYPE_SHA3_224,
  21849. #endif
  21850. };
  21851. enum wc_HashType notSupported[] = {
  21852. WC_HASH_TYPE_MD5_SHA,
  21853. WC_HASH_TYPE_MD2,
  21854. WC_HASH_TYPE_MD4,
  21855. WC_HASH_TYPE_BLAKE2B,
  21856. WC_HASH_TYPE_BLAKE2S,
  21857. WC_HASH_TYPE_NONE,
  21858. };
  21859. /* dynamically finds the length */
  21860. int enumlen = (sizeof(enumArray)/sizeof(enum wc_HashType));
  21861. /* For loop to test various arguments... */
  21862. for (i = 0; i < enumlen; i++) {
  21863. ret = wc_HashInit(&hash, enumArray[i]);
  21864. if (ret == 0) {
  21865. ret = wc_HashSetFlags(&hash, enumArray[i], flags);
  21866. }
  21867. if (ret == 0) {
  21868. if (flags & WC_HASH_FLAG_ISCOPY) {
  21869. ret = 0;
  21870. }
  21871. }
  21872. if (ret == 0) {
  21873. ret = wc_HashSetFlags(NULL, enumArray[i], flags);
  21874. if (ret == BAD_FUNC_ARG) {
  21875. ret = 0;
  21876. }
  21877. }
  21878. wc_HashFree(&hash, enumArray[i]);
  21879. }
  21880. /* For loop to test not supported cases */
  21881. int notSupportedLen = (sizeof(notSupported)/sizeof(enum wc_HashType));
  21882. for (j = 0; j < notSupportedLen; j++){
  21883. if (ret == 0) {
  21884. ret = wc_HashInit(&hash, notSupported[j]);
  21885. if (ret == BAD_FUNC_ARG){
  21886. ret = 0;
  21887. if (ret == 0){
  21888. ret = wc_HashSetFlags(&hash, notSupported[j], flags);
  21889. if (ret == BAD_FUNC_ARG) {
  21890. ret = 0;
  21891. }
  21892. }
  21893. }
  21894. }
  21895. if (ret == 0) {
  21896. ret = wc_HashFree(&hash, notSupported[j]);
  21897. if (ret == BAD_FUNC_ARG) {
  21898. ret = 0;
  21899. }
  21900. }
  21901. }
  21902. printf(resultFmt, ret == 0 ? passed : failed);
  21903. #endif
  21904. return ret;
  21905. } /* END test_wc_HashSetFlags */
  21906. /*
  21907. * Unit test function for wc_HashGetFlags()
  21908. */
  21909. static int test_wc_HashGetFlags(void)
  21910. {
  21911. int ret = 0;
  21912. #if defined(WOLFSSL_HASH_FLAGS) || defined(WOLF_CRYPTO_CB)
  21913. wc_HashAlg hash;
  21914. word32 flags = 0;
  21915. int i, j;
  21916. printf(testingFmt, "wc_HashGetFlags()");
  21917. /* enum for holding supported algorithms, #ifndef's restrict if disabled */
  21918. enum wc_HashType enumArray[] = {
  21919. #ifndef NO_MD5
  21920. WC_HASH_TYPE_MD5,
  21921. #endif
  21922. #ifndef NO_SHA
  21923. WC_HASH_TYPE_SHA,
  21924. #endif
  21925. #ifdef WOLFSSL_SHA224
  21926. WC_HASH_TYPE_SHA224,
  21927. #endif
  21928. #ifndef NO_SHA256
  21929. WC_HASH_TYPE_SHA256,
  21930. #endif
  21931. #ifdef WOLFSSL_SHA384
  21932. WC_HASH_TYPE_SHA384,
  21933. #endif
  21934. #ifdef WOLFSSL_SHA512
  21935. WC_HASH_TYPE_SHA512,
  21936. #endif
  21937. #ifdef WOLFSSL_SHA3
  21938. WC_HASH_TYPE_SHA3_224,
  21939. #endif
  21940. };
  21941. enum wc_HashType notSupported[] = {
  21942. WC_HASH_TYPE_MD5_SHA,
  21943. WC_HASH_TYPE_MD2,
  21944. WC_HASH_TYPE_MD4,
  21945. WC_HASH_TYPE_BLAKE2B,
  21946. WC_HASH_TYPE_BLAKE2S,
  21947. WC_HASH_TYPE_NONE,
  21948. };
  21949. int enumlen = (sizeof(enumArray)/sizeof(enum wc_HashType));
  21950. /* For loop to test various arguments... */
  21951. for (i = 0; i < enumlen; i++) {
  21952. ret = wc_HashInit(&hash, enumArray[i]);
  21953. if (ret == 0) {
  21954. ret = wc_HashGetFlags(&hash, enumArray[i], &flags);
  21955. }
  21956. if (ret == 0) {
  21957. if (flags & WC_HASH_FLAG_ISCOPY) {
  21958. ret = 0;
  21959. }
  21960. }
  21961. if (ret == 0) {
  21962. ret = wc_HashGetFlags(NULL, enumArray[i], &flags);
  21963. if (ret == BAD_FUNC_ARG) {
  21964. ret = 0;
  21965. }
  21966. }
  21967. wc_HashFree(&hash, enumArray[i]);
  21968. if (ret != 0) {
  21969. break;
  21970. }
  21971. }
  21972. /* For loop to test not supported cases */
  21973. int notSupportedLen = (sizeof(notSupported)/sizeof(enum wc_HashType));
  21974. for (j = 0; j < notSupportedLen; j++){
  21975. if (ret == 0) {
  21976. ret = wc_HashInit(&hash, notSupported[j]);
  21977. if (ret == BAD_FUNC_ARG){
  21978. ret = 0;
  21979. if (ret == 0){
  21980. ret = wc_HashGetFlags(&hash, notSupported[j], &flags);
  21981. if (ret == BAD_FUNC_ARG) {
  21982. ret = 0;
  21983. }
  21984. }
  21985. }
  21986. }
  21987. if (ret == 0) {
  21988. ret = wc_HashFree(&hash, notSupported[j]);
  21989. if (ret == BAD_FUNC_ARG) {
  21990. ret = 0;
  21991. }
  21992. }
  21993. }
  21994. printf(resultFmt, ret == 0 ? passed : failed);
  21995. #endif
  21996. return ret;
  21997. } /* END test_wc_HashGetFlags */
  21998. /*----------------------------------------------------------------------------*
  21999. | Compatibility Tests
  22000. *----------------------------------------------------------------------------*/
  22001. static void test_wolfSSL_lhash(void)
  22002. {
  22003. #ifdef OPENSSL_ALL
  22004. const char testStr[] = "Like a true nature's child\n"
  22005. "We were born\n"
  22006. "Born to be wild";
  22007. printf(testingFmt, "wolfSSL_LH_strhash()");
  22008. AssertIntEQ(lh_strhash(testStr), 0xb1231320);
  22009. printf(resultFmt, passed);
  22010. #endif
  22011. }
  22012. static void test_wolfSSL_X509_NAME(void)
  22013. {
  22014. #if (defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL)) && \
  22015. !defined(NO_CERTS) && !defined(NO_FILESYSTEM) \
  22016. && !defined(NO_RSA) && defined(WOLFSSL_CERT_GEN) && \
  22017. (defined(WOLFSSL_CERT_REQ) || defined(WOLFSSL_CERT_EXT) || \
  22018. defined(OPENSSL_EXTRA))
  22019. X509* x509;
  22020. const unsigned char* c;
  22021. unsigned char buf[4096];
  22022. int bytes;
  22023. XFILE f;
  22024. const X509_NAME* a;
  22025. const X509_NAME* b;
  22026. X509_NAME* d2i_name = NULL;
  22027. int sz;
  22028. unsigned char* tmp;
  22029. char file[] = "./certs/ca-cert.der";
  22030. #ifndef OPENSSL_EXTRA_X509_SMALL
  22031. byte empty[] = { /* CN=empty emailAddress= */
  22032. 0x30, 0x21, 0x31, 0x0E, 0x30, 0x0C, 0x06, 0x03,
  22033. 0x55, 0x04, 0x03, 0x0C, 0x05, 0x65, 0x6D, 0x70,
  22034. 0x74, 0x79, 0x31, 0x0F, 0x30, 0x0D, 0x06, 0x09,
  22035. 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x09,
  22036. 0x01, 0x16, 0x00
  22037. };
  22038. #endif
  22039. printf(testingFmt, "wolfSSL_X509_NAME()");
  22040. #ifndef OPENSSL_EXTRA_X509_SMALL
  22041. /* test compile of deprecated function, returns 0 */
  22042. AssertIntEQ(CRYPTO_thread_id(), 0);
  22043. #endif
  22044. AssertNotNull(a = X509_NAME_new());
  22045. X509_NAME_free((X509_NAME*)a);
  22046. f = XFOPEN(file, "rb");
  22047. AssertTrue(f != XBADFILE);
  22048. bytes = (int)XFREAD(buf, 1, sizeof(buf), f);
  22049. XFCLOSE(f);
  22050. c = buf;
  22051. AssertNotNull(x509 = wolfSSL_X509_d2i(NULL, c, bytes));
  22052. /* test cmp function */
  22053. AssertNotNull(a = X509_get_issuer_name(x509));
  22054. AssertNotNull(b = X509_get_subject_name(x509));
  22055. #ifndef OPENSSL_EXTRA_X509_SMALL
  22056. AssertIntEQ(X509_NAME_cmp(a, b), 0); /* self signed should be 0 */
  22057. #endif
  22058. tmp = buf;
  22059. AssertIntGT((sz = i2d_X509_NAME((X509_NAME*)a, &tmp)), 0);
  22060. if (sz > 0 && tmp == buf) {
  22061. printf("\nERROR - %s line %d failed with:", __FILE__, __LINE__); \
  22062. printf(" Expected pointer to be incremented\n");
  22063. abort();
  22064. }
  22065. #ifndef OPENSSL_EXTRA_X509_SMALL
  22066. tmp = buf;
  22067. AssertNotNull(d2i_name = d2i_X509_NAME(NULL, &tmp, sz));
  22068. #endif
  22069. /* retry but with the function creating a buffer */
  22070. tmp = NULL;
  22071. AssertIntGT((sz = i2d_X509_NAME((X509_NAME*)b, &tmp)), 0);
  22072. XFREE(tmp, NULL, DYNAMIC_TYPE_OPENSSL);
  22073. AssertNotNull(b = X509_NAME_dup((X509_NAME*)a));
  22074. #ifndef OPENSSL_EXTRA_X509_SMALL
  22075. AssertIntEQ(X509_NAME_cmp(a, b), 0);
  22076. #endif
  22077. X509_NAME_free((X509_NAME*)b);
  22078. X509_NAME_free(d2i_name);
  22079. X509_free(x509);
  22080. #ifndef OPENSSL_EXTRA_X509_SMALL
  22081. /* test with an empty domain component */
  22082. tmp = empty;
  22083. sz = sizeof(empty);
  22084. AssertNotNull(d2i_name = d2i_X509_NAME(NULL, &tmp, sz));
  22085. AssertIntEQ(X509_NAME_entry_count(d2i_name), 2);
  22086. /* size of empty emailAddress will be 0 */
  22087. tmp = buf;
  22088. AssertIntEQ(X509_NAME_get_text_by_NID(d2i_name, NID_emailAddress,
  22089. (char*)tmp, sizeof(buf)), 0);
  22090. /* should contain no organization name */
  22091. tmp = buf;
  22092. AssertIntEQ(X509_NAME_get_text_by_NID(d2i_name, NID_organizationName,
  22093. (char*)tmp, sizeof(buf)), -1);
  22094. X509_NAME_free(d2i_name);
  22095. #endif
  22096. printf(resultFmt, passed);
  22097. #endif /* defined(OPENSSL_EXTRA) && !defined(NO_DES3) */
  22098. }
  22099. #ifndef NO_BIO
  22100. static void test_wolfSSL_X509_INFO(void)
  22101. {
  22102. #if defined(OPENSSL_ALL)
  22103. STACK_OF(X509_INFO) *info_stack;
  22104. X509_INFO *info;
  22105. BIO *cert;
  22106. int i;
  22107. printf(testingFmt, "wolfSSL_X509_INFO");
  22108. AssertNotNull(cert = BIO_new_file(cliCertFileExt, "rb"));
  22109. AssertNotNull(info_stack = PEM_X509_INFO_read_bio(cert, NULL, NULL, NULL));
  22110. for (i = 0; i < sk_X509_INFO_num(info_stack); i++) {
  22111. AssertNotNull(info = sk_X509_INFO_value(info_stack, i));
  22112. AssertNotNull(info->x509);
  22113. AssertNull(info->crl);
  22114. }
  22115. sk_X509_INFO_pop_free(info_stack, X509_INFO_free);
  22116. BIO_free(cert);
  22117. AssertNotNull(cert = BIO_new_file(cliCertFileExt, "rb"));
  22118. AssertNotNull(info_stack = PEM_X509_INFO_read_bio(cert, NULL, NULL, NULL));
  22119. sk_X509_INFO_free(info_stack);
  22120. BIO_free(cert);
  22121. printf(resultFmt, passed);
  22122. #endif
  22123. }
  22124. #endif
  22125. static void test_wolfSSL_X509_subject_name_hash(void)
  22126. {
  22127. #if defined(OPENSSL_EXTRA) && !defined(NO_CERTS) && !defined(NO_FILESYSTEM) \
  22128. && !defined(NO_RSA) && (!defined(NO_SHA) || !defined(NO_SHA256))
  22129. X509* x509;
  22130. X509_NAME* subjectName = NULL;
  22131. unsigned long ret = 0;
  22132. printf(testingFmt, "wolfSSL_X509_subject_name_hash()");
  22133. AssertNotNull(x509 = wolfSSL_X509_load_certificate_file(cliCertFile,
  22134. SSL_FILETYPE_PEM));
  22135. AssertNotNull(subjectName = wolfSSL_X509_get_subject_name(x509));
  22136. ret = X509_subject_name_hash(x509);
  22137. AssertIntNE(ret, 0);
  22138. X509_free(x509);
  22139. printf(resultFmt, passed);
  22140. #endif
  22141. }
  22142. static void test_wolfSSL_X509_issuer_name_hash(void)
  22143. {
  22144. #if defined(OPENSSL_EXTRA) && !defined(NO_CERTS) && !defined(NO_FILESYSTEM) \
  22145. && !defined(NO_RSA) && (!defined(NO_SHA) || !defined(NO_SHA256))
  22146. X509* x509;
  22147. X509_NAME* issuertName = NULL;
  22148. unsigned long ret = 0;
  22149. printf(testingFmt, "wolfSSL_X509_issuer_name_hash()");
  22150. AssertNotNull(x509 = wolfSSL_X509_load_certificate_file(cliCertFile,
  22151. SSL_FILETYPE_PEM));
  22152. AssertNotNull(issuertName = wolfSSL_X509_get_issuer_name(x509));
  22153. ret = X509_issuer_name_hash(x509);
  22154. AssertIntNE(ret, 0);
  22155. X509_free(x509);
  22156. printf(resultFmt, passed);
  22157. #endif
  22158. }
  22159. static void test_wolfSSL_X509_check_host(void)
  22160. {
  22161. #if defined(OPENSSL_EXTRA) && !defined(NO_CERTS) && !defined(NO_FILESYSTEM) \
  22162. && !defined(NO_SHA) && !defined(NO_RSA)
  22163. X509* x509;
  22164. const char altName[] = "example.com";
  22165. printf(testingFmt, "wolfSSL_X509_check_host()");
  22166. AssertNotNull(x509 = wolfSSL_X509_load_certificate_file(cliCertFile,
  22167. SSL_FILETYPE_PEM));
  22168. AssertIntEQ(X509_check_host(x509, altName, XSTRLEN(altName), 0, NULL),
  22169. WOLFSSL_SUCCESS);
  22170. AssertIntEQ(X509_check_host(x509, NULL, 0, 0, NULL),
  22171. WOLFSSL_FAILURE);
  22172. X509_free(x509);
  22173. AssertIntEQ(X509_check_host(NULL, altName, XSTRLEN(altName), 0, NULL),
  22174. WOLFSSL_FAILURE);
  22175. printf(resultFmt, passed);
  22176. #endif
  22177. }
  22178. static void test_wolfSSL_DES(void)
  22179. {
  22180. #if defined(OPENSSL_EXTRA) && !defined(NO_DES3)
  22181. const_DES_cblock myDes;
  22182. DES_cblock iv;
  22183. DES_key_schedule key;
  22184. word32 i;
  22185. DES_LONG dl;
  22186. unsigned char msg[] = "hello wolfssl";
  22187. printf(testingFmt, "wolfSSL_DES()");
  22188. DES_check_key(1);
  22189. DES_set_key(&myDes, &key);
  22190. /* check, check of odd parity */
  22191. XMEMSET(myDes, 4, sizeof(const_DES_cblock)); myDes[0] = 6; /*set even parity*/
  22192. XMEMSET(key, 5, sizeof(DES_key_schedule));
  22193. AssertIntEQ(DES_set_key_checked(&myDes, &key), -1);
  22194. AssertIntNE(key[0], myDes[0]); /* should not have copied over key */
  22195. /* set odd parity for success case */
  22196. DES_set_odd_parity(&myDes);
  22197. AssertIntEQ(DES_check_key_parity(&myDes), 1);
  22198. printf("%02x %02x %02x %02x", myDes[0], myDes[1], myDes[2], myDes[3]);
  22199. AssertIntEQ(DES_set_key_checked(&myDes, &key), 0);
  22200. for (i = 0; i < sizeof(DES_key_schedule); i++) {
  22201. AssertIntEQ(key[i], myDes[i]);
  22202. }
  22203. AssertIntEQ(DES_is_weak_key(&myDes), 0);
  22204. /* check weak key */
  22205. XMEMSET(myDes, 1, sizeof(const_DES_cblock));
  22206. XMEMSET(key, 5, sizeof(DES_key_schedule));
  22207. AssertIntEQ(DES_set_key_checked(&myDes, &key), -2);
  22208. AssertIntNE(key[0], myDes[0]); /* should not have copied over key */
  22209. /* now do unchecked copy of a weak key over */
  22210. DES_set_key_unchecked(&myDes, &key);
  22211. /* compare arrays, should be the same */
  22212. for (i = 0; i < sizeof(DES_key_schedule); i++) {
  22213. AssertIntEQ(key[i], myDes[i]);
  22214. }
  22215. AssertIntEQ(DES_is_weak_key(&myDes), 1);
  22216. /* check DES_key_sched API */
  22217. XMEMSET(key, 1, sizeof(DES_key_schedule));
  22218. AssertIntEQ(DES_key_sched(&myDes, NULL), 0);
  22219. AssertIntEQ(DES_key_sched(NULL, &key), 0);
  22220. AssertIntEQ(DES_key_sched(&myDes, &key), 0);
  22221. /* compare arrays, should be the same */
  22222. for (i = 0; i < sizeof(DES_key_schedule); i++) {
  22223. AssertIntEQ(key[i], myDes[i]);
  22224. }
  22225. /* DES_cbc_cksum should return the last 4 of the last 8 bytes after
  22226. * DES_cbc_encrypt on the input */
  22227. XMEMSET(iv, 0, sizeof(DES_cblock));
  22228. XMEMSET(myDes, 5, sizeof(DES_key_schedule));
  22229. AssertIntGT((dl = DES_cbc_cksum(msg, &key, sizeof(msg), &myDes, &iv)), 0);
  22230. AssertIntEQ(dl, 480052723);
  22231. printf(resultFmt, passed);
  22232. #endif /* defined(OPENSSL_EXTRA) && !defined(NO_DES3) */
  22233. }
  22234. static void test_wc_PemToDer(void)
  22235. {
  22236. #if !defined(NO_CERTS) && defined(WOLFSSL_PEM_TO_DER)
  22237. int ret;
  22238. DerBuffer* pDer = NULL;
  22239. const char* ca_cert = "./certs/server-cert.pem";
  22240. byte* cert_buf = NULL;
  22241. size_t cert_sz = 0;
  22242. int eccKey = 0;
  22243. EncryptedInfo info;
  22244. printf(testingFmt, "wc_PemToDer()");
  22245. XMEMSET(&info, 0, sizeof(info));
  22246. ret = load_file(ca_cert, &cert_buf, &cert_sz);
  22247. if (ret == 0) {
  22248. ret = wc_PemToDer(cert_buf, cert_sz, CERT_TYPE,
  22249. &pDer, NULL, &info, &eccKey);
  22250. AssertIntEQ(ret, 0);
  22251. wc_FreeDer(&pDer);
  22252. }
  22253. if (cert_buf)
  22254. free(cert_buf);
  22255. #ifdef HAVE_ECC
  22256. {
  22257. const char* ecc_private_key = "./certs/ecc-privOnlyKey.pem";
  22258. byte key_buf[256] = {0};
  22259. /* Test fail of loading a key with cert type */
  22260. AssertIntEQ(load_file(ecc_private_key, &cert_buf, &cert_sz), 0);
  22261. key_buf[0] = '\n';
  22262. XMEMCPY(key_buf + 1, cert_buf, cert_sz);
  22263. AssertIntNE((ret = wc_PemToDer(key_buf, cert_sz + 1, CERT_TYPE,
  22264. &pDer, NULL, &info, &eccKey)), 0);
  22265. #ifdef OPENSSL_EXTRA
  22266. AssertIntEQ((ret = wc_PemToDer(key_buf, cert_sz + 1, PRIVATEKEY_TYPE,
  22267. &pDer, NULL, &info, &eccKey)), 0);
  22268. #endif
  22269. wc_FreeDer(&pDer);
  22270. if (cert_buf)
  22271. free(cert_buf);
  22272. }
  22273. #endif
  22274. printf(resultFmt, passed);
  22275. #endif
  22276. }
  22277. static void test_wc_AllocDer(void)
  22278. {
  22279. #if !defined(NO_CERTS)
  22280. int ret;
  22281. DerBuffer* pDer = NULL;
  22282. word32 testSize = 1024;
  22283. printf(testingFmt, "wc_AllocDer()");
  22284. ret = wc_AllocDer(&pDer, testSize, CERT_TYPE, HEAP_HINT);
  22285. AssertIntEQ(ret, 0);
  22286. AssertNotNull(pDer);
  22287. wc_FreeDer(&pDer);
  22288. printf(resultFmt, passed);
  22289. #endif
  22290. }
  22291. static void test_wc_CertPemToDer(void)
  22292. {
  22293. #if !defined(NO_CERTS) && defined(WOLFSSL_PEM_TO_DER)
  22294. int ret;
  22295. const char* ca_cert = "./certs/ca-cert.pem";
  22296. byte* cert_buf = NULL;
  22297. size_t cert_sz = 0, cert_dersz = 0;
  22298. byte* cert_der = NULL;
  22299. printf(testingFmt, "wc_CertPemToDer()");
  22300. ret = load_file(ca_cert, &cert_buf, &cert_sz);
  22301. if (ret == 0) {
  22302. cert_dersz = cert_sz; /* DER will be smaller than PEM */
  22303. cert_der = (byte*)malloc(cert_dersz);
  22304. if (cert_der) {
  22305. ret = wc_CertPemToDer(cert_buf, (int)cert_sz,
  22306. cert_der, (int)cert_dersz, CERT_TYPE);
  22307. AssertIntGE(ret, 0);
  22308. }
  22309. }
  22310. if (cert_der)
  22311. free(cert_der);
  22312. if (cert_buf)
  22313. free(cert_buf);
  22314. #endif
  22315. }
  22316. static void test_wc_PubKeyPemToDer(void)
  22317. {
  22318. #ifdef WOLFSSL_PEM_TO_DER
  22319. #if defined(WOLFSSL_CERT_EXT) || defined(WOLFSSL_PUB_PEM_TO_DER)
  22320. int ret;
  22321. const char* key = "./certs/ecc-client-keyPub.pem";
  22322. byte* cert_buf = NULL;
  22323. size_t cert_sz = 0, cert_dersz = 0;
  22324. byte* cert_der = NULL;
  22325. printf(testingFmt, "wc_PubKeyPemToDer()");
  22326. ret = wc_PubKeyPemToDer(cert_buf, (int)cert_sz,
  22327. cert_der, (int)cert_dersz);
  22328. AssertIntGE(ret, BAD_FUNC_ARG);
  22329. ret = load_file(key, &cert_buf, &cert_sz);
  22330. if (ret == 0) {
  22331. cert_dersz = cert_sz; /* DER will be smaller than PEM */
  22332. cert_der = (byte*)malloc(cert_dersz);
  22333. if (cert_der) {
  22334. ret = wc_PubKeyPemToDer(cert_buf, (int)cert_sz,
  22335. cert_der, (int)cert_dersz);
  22336. AssertIntGE(ret, 0);
  22337. }
  22338. }
  22339. if (cert_der)
  22340. free(cert_der);
  22341. if (cert_buf)
  22342. free(cert_buf);
  22343. #endif
  22344. #endif
  22345. }
  22346. static void test_wc_PemPubKeyToDer(void)
  22347. {
  22348. #if defined(WOLFSSL_CERT_EXT) || defined(WOLFSSL_PUB_PEM_TO_DER)
  22349. int ret;
  22350. const char* key = "./certs/ecc-client-keyPub.pem";
  22351. size_t cert_dersz = 1024;
  22352. byte* cert_der = (byte*)malloc(cert_dersz);
  22353. printf(testingFmt, "wc_PemPubKeyToDer()");
  22354. ret = wc_PemPubKeyToDer(NULL, cert_der, (int)cert_dersz);
  22355. AssertIntGE(ret, BAD_FUNC_ARG);
  22356. if (cert_der) {
  22357. ret = wc_PemPubKeyToDer(key, cert_der, (int)cert_dersz);
  22358. AssertIntGE(ret, 0);
  22359. free(cert_der);
  22360. }
  22361. #endif
  22362. }
  22363. static void test_wolfSSL_certs(void)
  22364. {
  22365. #if defined(OPENSSL_EXTRA) && !defined(NO_CERTS) && !defined(NO_FILESYSTEM) && \
  22366. !defined(NO_RSA)
  22367. X509* x509ext;
  22368. #ifdef OPENSSL_ALL
  22369. X509* x509;
  22370. WOLFSSL_X509_EXTENSION* ext;
  22371. #endif
  22372. WOLFSSL* ssl;
  22373. WOLFSSL_CTX* ctx;
  22374. STACK_OF(ASN1_OBJECT)* sk;
  22375. ASN1_STRING* asn1_str;
  22376. AUTHORITY_KEYID* akey;
  22377. BASIC_CONSTRAINTS* bc;
  22378. int crit;
  22379. printf(testingFmt, "wolfSSL_certs()");
  22380. #ifndef NO_WOLFSSL_SERVER
  22381. AssertNotNull(ctx = SSL_CTX_new(SSLv23_server_method()));
  22382. #else
  22383. AssertNotNull(ctx = SSL_CTX_new(SSLv23_client_method()));
  22384. #endif
  22385. AssertTrue(SSL_CTX_use_certificate_file(ctx, svrCertFile, SSL_FILETYPE_PEM));
  22386. AssertTrue(SSL_CTX_use_PrivateKey_file(ctx, svrKeyFile, SSL_FILETYPE_PEM));
  22387. #ifndef HAVE_USER_RSA
  22388. AssertTrue(SSL_CTX_use_PrivateKey_file(ctx, cliKeyFile, SSL_FILETYPE_PEM));
  22389. AssertIntEQ(SSL_CTX_check_private_key(ctx), SSL_FAILURE);
  22390. AssertTrue(SSL_CTX_use_PrivateKey_file(ctx, svrKeyFile, SSL_FILETYPE_PEM));
  22391. AssertIntEQ(SSL_CTX_check_private_key(ctx), SSL_SUCCESS);
  22392. #endif
  22393. AssertNotNull(ssl = SSL_new(ctx));
  22394. AssertIntEQ(wolfSSL_check_private_key(ssl), WOLFSSL_SUCCESS);
  22395. #ifdef HAVE_PK_CALLBACKS
  22396. AssertIntEQ((int)SSL_set_tlsext_debug_arg(ssl, NULL), WOLFSSL_SUCCESS);
  22397. #endif /* HAVE_PK_CALLBACKS */
  22398. /* create and use x509 */
  22399. #ifdef OPENSSL_ALL
  22400. x509 = wolfSSL_X509_load_certificate_file(cliCertFile, WOLFSSL_FILETYPE_PEM);
  22401. AssertNotNull(x509);
  22402. #endif
  22403. x509ext = wolfSSL_X509_load_certificate_file(cliCertFileExt, WOLFSSL_FILETYPE_PEM);
  22404. AssertNotNull(x509ext);
  22405. AssertIntEQ(SSL_use_certificate(ssl, x509ext), WOLFSSL_SUCCESS);
  22406. #ifndef HAVE_USER_RSA
  22407. /* with loading in a new cert the check on private key should now fail */
  22408. AssertIntNE(wolfSSL_check_private_key(ssl), WOLFSSL_SUCCESS);
  22409. #endif
  22410. #if defined(USE_CERT_BUFFERS_2048)
  22411. AssertIntEQ(SSL_use_certificate_ASN1(ssl,
  22412. (unsigned char*)server_cert_der_2048,
  22413. sizeof_server_cert_der_2048), WOLFSSL_SUCCESS);
  22414. #endif
  22415. #if !defined(NO_SHA) && !defined(NO_SHA256)
  22416. /************* Get Digest of Certificate ******************/
  22417. {
  22418. byte digest[64]; /* max digest size */
  22419. word32 digestSz;
  22420. XMEMSET(digest, 0, sizeof(digest));
  22421. AssertIntEQ(X509_digest(x509ext, wolfSSL_EVP_sha1(), digest, &digestSz),
  22422. WOLFSSL_SUCCESS);
  22423. AssertIntEQ(X509_digest(x509ext, wolfSSL_EVP_sha256(), digest, &digestSz),
  22424. WOLFSSL_SUCCESS);
  22425. AssertIntEQ(X509_digest(NULL, wolfSSL_EVP_sha1(), digest, &digestSz),
  22426. WOLFSSL_FAILURE);
  22427. }
  22428. #endif /* !NO_SHA && !NO_SHA256*/
  22429. /* test and checkout X509 extensions */
  22430. bc = (BASIC_CONSTRAINTS*)X509_get_ext_d2i(x509ext, NID_basic_constraints,
  22431. &crit, NULL);
  22432. AssertNotNull(bc);
  22433. #ifdef OPENSSL_ALL
  22434. ext = X509V3_EXT_i2d(NID_basic_constraints, crit, bc);
  22435. AssertNotNull(ext);
  22436. X509_EXTENSION_free(ext);
  22437. #endif
  22438. AssertIntEQ(crit, 0);
  22439. BASIC_CONSTRAINTS_free(bc);
  22440. asn1_str = (ASN1_STRING*)X509_get_ext_d2i(x509ext, NID_key_usage, &crit, NULL);
  22441. AssertNotNull(asn1_str);
  22442. AssertIntEQ(crit, 1);
  22443. AssertIntEQ(asn1_str->type, NID_key_usage);
  22444. #ifdef OPENSSL_ALL
  22445. ext = X509V3_EXT_i2d(NID_key_usage, crit, asn1_str);
  22446. AssertNotNull(ext);
  22447. X509_EXTENSION_free(ext);
  22448. #endif
  22449. ASN1_STRING_free(asn1_str);
  22450. #ifdef OPENSSL_ALL
  22451. sk = (STACK_OF(ASN1_OBJECT)*)X509_get_ext_d2i(x509, NID_ext_key_usage,
  22452. &crit, NULL);
  22453. AssertNotNull(sk);
  22454. ext = X509V3_EXT_i2d(NID_ext_key_usage, crit, sk);
  22455. AssertNotNull(ext);
  22456. X509_EXTENSION_free(ext);
  22457. sk_ASN1_OBJECT_free(sk);
  22458. #else
  22459. sk = (STACK_OF(ASN1_OBJECT)*)X509_get_ext_d2i(x509ext, NID_ext_key_usage,
  22460. &crit, NULL);
  22461. AssertNull(sk);
  22462. #endif
  22463. akey = (AUTHORITY_KEYID*)X509_get_ext_d2i(x509ext,
  22464. NID_authority_key_identifier, &crit, NULL);
  22465. AssertNotNull(akey);
  22466. #ifdef OPENSSL_ALL
  22467. ext = X509V3_EXT_i2d(NID_authority_key_identifier, crit, akey);
  22468. AssertNotNull(ext);
  22469. X509_EXTENSION_free(ext);
  22470. #endif
  22471. wolfSSL_AUTHORITY_KEYID_free(akey);
  22472. sk = (STACK_OF(ASN1_OBJECT)*)X509_get_ext_d2i(x509ext,
  22473. NID_private_key_usage_period, &crit, NULL);
  22474. /* AssertNotNull(sk); NID not yet supported */
  22475. AssertIntEQ(crit, -1);
  22476. sk_ASN1_OBJECT_free(sk);
  22477. sk = (STACK_OF(GENERAL_NAME)*)X509_get_ext_d2i(x509ext, NID_subject_alt_name,
  22478. &crit, NULL);
  22479. /* AssertNotNull(sk); no alt names set */
  22480. sk_GENERAL_NAME_free(sk);
  22481. sk = (STACK_OF(ASN1_OBJECT)*)X509_get_ext_d2i(x509ext, NID_issuer_alt_name,
  22482. &crit, NULL);
  22483. /* AssertNotNull(sk); NID not yet supported */
  22484. AssertIntEQ(crit, -1);
  22485. sk_ASN1_OBJECT_free(sk);
  22486. sk = (STACK_OF(ASN1_OBJECT)*)X509_get_ext_d2i(x509ext, NID_info_access, &crit,
  22487. NULL);
  22488. /* AssertNotNull(sk); no auth info set */
  22489. sk_ASN1_OBJECT_free(sk);
  22490. sk = (STACK_OF(ASN1_OBJECT)*)X509_get_ext_d2i(x509ext, NID_sinfo_access,
  22491. &crit, NULL);
  22492. /* AssertNotNull(sk); NID not yet supported */
  22493. AssertIntEQ(crit, -1);
  22494. sk_ASN1_OBJECT_free(sk);
  22495. sk = (STACK_OF(ASN1_OBJECT)*)X509_get_ext_d2i(x509ext, NID_name_constraints,
  22496. &crit, NULL);
  22497. /* AssertNotNull(sk); NID not yet supported */
  22498. AssertIntEQ(crit, -1);
  22499. sk_ASN1_OBJECT_free(sk);
  22500. sk = (STACK_OF(ASN1_OBJECT)*)X509_get_ext_d2i(x509ext,
  22501. NID_certificate_policies, &crit, NULL);
  22502. #if !defined(WOLFSSL_SEP) && !defined(WOLFSSL_CERT_EXT)
  22503. AssertNull(sk);
  22504. #else
  22505. /* AssertNotNull(sk); no cert policy set */
  22506. #endif
  22507. sk_ASN1_OBJECT_free(sk);
  22508. sk = (STACK_OF(ASN1_OBJECT)*)X509_get_ext_d2i(x509ext, NID_policy_mappings,
  22509. &crit, NULL);
  22510. /* AssertNotNull(sk); NID not yet supported */
  22511. AssertIntEQ(crit, -1);
  22512. sk_ASN1_OBJECT_free(sk);
  22513. sk = (STACK_OF(ASN1_OBJECT)*)X509_get_ext_d2i(x509ext, NID_policy_constraints,
  22514. &crit, NULL);
  22515. /* AssertNotNull(sk); NID not yet supported */
  22516. AssertIntEQ(crit, -1);
  22517. sk_ASN1_OBJECT_free(sk);
  22518. sk = (STACK_OF(ASN1_OBJECT)*)X509_get_ext_d2i(x509ext, NID_inhibit_any_policy,
  22519. &crit, NULL);
  22520. /* AssertNotNull(sk); NID not yet supported */
  22521. AssertIntEQ(crit, -1);
  22522. sk_ASN1_OBJECT_free(sk);
  22523. sk = (STACK_OF(ASN1_OBJECT)*)X509_get_ext_d2i(x509ext, NID_tlsfeature, &crit,
  22524. NULL);
  22525. /* AssertNotNull(sk); NID not yet supported */
  22526. AssertIntEQ(crit, -1);
  22527. sk_ASN1_OBJECT_free(sk);
  22528. /* test invalid cases */
  22529. crit = 0;
  22530. sk = (STACK_OF(ASN1_OBJECT)*)X509_get_ext_d2i(x509ext, -1, &crit, NULL);
  22531. AssertNull(sk);
  22532. AssertIntEQ(crit, -1);
  22533. sk = (STACK_OF(ASN1_OBJECT)*)X509_get_ext_d2i(NULL, NID_tlsfeature,
  22534. NULL, NULL);
  22535. AssertNull(sk);
  22536. AssertIntEQ(SSL_get_hit(ssl), 0);
  22537. #ifdef OPENSSL_ALL
  22538. X509_free(x509);
  22539. #endif
  22540. X509_free(x509ext);
  22541. SSL_free(ssl);
  22542. SSL_CTX_free(ctx);
  22543. printf(resultFmt, passed);
  22544. #endif /* OPENSSL_EXTRA && !NO_CERTS */
  22545. }
  22546. static void test_wolfSSL_X509_check_private_key(void)
  22547. {
  22548. #if defined(OPENSSL_EXTRA) && !defined(NO_CERTS) && !defined(NO_RSA) && \
  22549. defined(USE_CERT_BUFFERS_2048)
  22550. X509* x509;
  22551. EVP_PKEY* pkey = NULL;
  22552. const byte* key;
  22553. printf(testingFmt, "wolfSSL_X509_check_private_key()");
  22554. /* Check with correct key */
  22555. AssertNotNull((x509 = X509_load_certificate_file(cliCertFile,
  22556. SSL_FILETYPE_PEM)));
  22557. key = client_key_der_2048;
  22558. AssertNotNull(d2i_PrivateKey(EVP_PKEY_RSA, &pkey,
  22559. &key, (long)sizeof_client_key_der_2048));
  22560. AssertIntEQ(X509_check_private_key(x509, pkey), 1);
  22561. EVP_PKEY_free(pkey);
  22562. pkey = NULL;
  22563. /* Check with wrong key */
  22564. key = server_key_der_2048;
  22565. AssertNotNull(d2i_PrivateKey(EVP_PKEY_RSA, &pkey,
  22566. &key, (long)sizeof_server_key_der_2048));
  22567. AssertIntEQ(X509_check_private_key(x509, pkey), 0);
  22568. EVP_PKEY_free(pkey);
  22569. X509_free(x509);
  22570. printf(resultFmt, passed);
  22571. #endif
  22572. }
  22573. static void test_wolfSSL_ASN1_TIME_print(void)
  22574. {
  22575. #if defined(OPENSSL_EXTRA) && !defined(NO_CERTS) && !defined(NO_RSA) \
  22576. && (defined(WOLFSSL_MYSQL_COMPATIBLE) || defined(WOLFSSL_NGINX) || \
  22577. defined(WOLFSSL_HAPROXY)) && defined(USE_CERT_BUFFERS_2048)
  22578. BIO* bio;
  22579. X509* x509;
  22580. const unsigned char* der = client_cert_der_2048;
  22581. ASN1_TIME* t;
  22582. unsigned char buf[25];
  22583. printf(testingFmt, "wolfSSL_ASN1_TIME_print()");
  22584. AssertNotNull(bio = BIO_new(BIO_s_mem()));
  22585. AssertNotNull(x509 = wolfSSL_X509_load_certificate_buffer(der,
  22586. sizeof_client_cert_der_2048, WOLFSSL_FILETYPE_ASN1));
  22587. AssertIntEQ(ASN1_TIME_print(bio, X509_get_notBefore(x509)), 1);
  22588. AssertIntEQ(BIO_read(bio, buf, sizeof(buf)), 24);
  22589. AssertIntEQ(XMEMCMP(buf, "Feb 10 19:49:52 2021 GMT", sizeof(buf) - 1), 0);
  22590. /* create a bad time and test results */
  22591. AssertNotNull(t = X509_get_notAfter(x509));
  22592. AssertIntEQ(ASN1_TIME_check(t), WOLFSSL_SUCCESS);
  22593. t->data[8] = 0;
  22594. t->data[3] = 0;
  22595. AssertIntNE(ASN1_TIME_print(bio, t), 1);
  22596. AssertIntEQ(BIO_read(bio, buf, sizeof(buf)), 14);
  22597. AssertIntEQ(XMEMCMP(buf, "Bad time value", 14), 0);
  22598. AssertIntEQ(ASN1_TIME_check(t), WOLFSSL_FAILURE);
  22599. BIO_free(bio);
  22600. X509_free(x509);
  22601. printf(resultFmt, passed);
  22602. #endif
  22603. }
  22604. static void test_wolfSSL_ASN1_UTCTIME_print(void)
  22605. {
  22606. #if defined(OPENSSL_EXTRA) && !defined(NO_ASN_TIME) && !defined(NO_BIO)
  22607. BIO* bio;
  22608. ASN1_UTCTIME* utc = NULL;
  22609. unsigned char buf[25];
  22610. const char* validDate = "190424111501Z"; /* UTC = YYMMDDHHMMSSZ */
  22611. const char* invalidDate = "190424111501X"; /* UTC = YYMMDDHHMMSSZ */
  22612. printf(testingFmt, "ASN1_UTCTIME_print()");
  22613. /* NULL parameter check */
  22614. AssertNotNull(bio = BIO_new(BIO_s_mem()));
  22615. AssertIntEQ(ASN1_UTCTIME_print(bio, utc), 0);
  22616. BIO_free(bio);
  22617. /* Valid date */
  22618. AssertNotNull(bio = BIO_new(BIO_s_mem()));
  22619. AssertNotNull(utc = (ASN1_UTCTIME*)XMALLOC(sizeof(ASN1_UTCTIME), NULL,
  22620. DYNAMIC_TYPE_ASN1));
  22621. utc->type = ASN_UTC_TIME;
  22622. utc->length = ASN_UTC_TIME_SIZE;
  22623. XMEMCPY(utc->data, (byte*)validDate, ASN_UTC_TIME_SIZE);
  22624. AssertIntEQ(ASN1_UTCTIME_print(bio, utc), 1);
  22625. AssertIntEQ(BIO_read(bio, buf, sizeof(buf)), 24);
  22626. AssertIntEQ(XMEMCMP(buf, "Apr 24 11:15:01 2019 GMT", sizeof(buf)-1), 0);
  22627. XMEMSET(buf, 0, sizeof(buf));
  22628. BIO_free(bio);
  22629. /* Invalid format */
  22630. AssertNotNull(bio = BIO_new(BIO_s_mem()));
  22631. utc->type = ASN_UTC_TIME;
  22632. utc->length = ASN_UTC_TIME_SIZE;
  22633. XMEMCPY(utc->data, (byte*)invalidDate, ASN_UTC_TIME_SIZE);
  22634. AssertIntEQ(ASN1_UTCTIME_print(bio, utc), 0);
  22635. AssertIntEQ(BIO_read(bio, buf, sizeof(buf)), 14);
  22636. AssertIntEQ(XMEMCMP(buf, "Bad time value", 14), 0);
  22637. XFREE(utc, NULL, DYNAMIC_TYPE_ASN1);
  22638. BIO_free(bio);
  22639. printf(resultFmt, passed);
  22640. #endif /* OPENSSL_EXTRA && !NO_ASN_TIME && !NO_BIO */
  22641. }
  22642. static void test_wolfSSL_ASN1_GENERALIZEDTIME_free(void)
  22643. {
  22644. #if defined(OPENSSL_EXTRA)
  22645. WOLFSSL_ASN1_GENERALIZEDTIME* asn1_gtime;
  22646. unsigned char nullstr[32];
  22647. XMEMSET(nullstr, 0, 32);
  22648. asn1_gtime = (WOLFSSL_ASN1_GENERALIZEDTIME*)XMALLOC(
  22649. sizeof(WOLFSSL_ASN1_GENERALIZEDTIME), NULL,
  22650. DYNAMIC_TYPE_TMP_BUFFER);
  22651. if (asn1_gtime) {
  22652. XMEMCPY(asn1_gtime->data,"20180504123500Z",ASN_GENERALIZED_TIME_SIZE);
  22653. wolfSSL_ASN1_GENERALIZEDTIME_free(asn1_gtime);
  22654. AssertIntEQ(0, XMEMCMP(asn1_gtime->data, nullstr, 32));
  22655. XFREE(asn1_gtime, NULL, DYNAMIC_TYPE_TMP_BUFFER);
  22656. }
  22657. #endif /* OPENSSL_EXTRA */
  22658. }
  22659. static void test_wolfSSL_private_keys(void)
  22660. {
  22661. #if defined(OPENSSL_EXTRA) && !defined(NO_CERTS) && \
  22662. !defined(NO_FILESYSTEM)
  22663. WOLFSSL* ssl;
  22664. WOLFSSL_CTX* ctx;
  22665. EVP_PKEY* pkey = NULL;
  22666. printf(testingFmt, "wolfSSL_private_keys()");
  22667. OpenSSL_add_all_digests();
  22668. OpenSSL_add_all_algorithms();
  22669. #ifndef NO_RSA
  22670. #ifndef NO_WOLFSSL_SERVER
  22671. AssertNotNull(ctx = SSL_CTX_new(wolfSSLv23_server_method()));
  22672. #else
  22673. AssertNotNull(ctx = SSL_CTX_new(wolfSSLv23_client_method()));
  22674. #endif
  22675. AssertTrue(SSL_CTX_use_PrivateKey_file(ctx, svrKeyFile, WOLFSSL_FILETYPE_PEM));
  22676. /* Have to load a cert before you can check the private key against that
  22677. * certificates public key! */
  22678. AssertIntEQ(wolfSSL_CTX_check_private_key(ctx), WOLFSSL_FAILURE);
  22679. AssertTrue(SSL_CTX_use_certificate_file(ctx, svrCertFile, WOLFSSL_FILETYPE_PEM));
  22680. AssertIntEQ(wolfSSL_CTX_check_private_key(ctx), WOLFSSL_SUCCESS);
  22681. AssertNotNull(ssl = SSL_new(ctx));
  22682. AssertIntEQ(wolfSSL_check_private_key(ssl), WOLFSSL_SUCCESS);
  22683. #ifdef USE_CERT_BUFFERS_2048
  22684. {
  22685. const unsigned char* server_key = (const unsigned char*)server_key_der_2048;
  22686. unsigned char buf[FOURK_BUF];
  22687. word32 bufSz;
  22688. AssertIntEQ(SSL_use_RSAPrivateKey_ASN1(ssl,
  22689. (unsigned char*)client_key_der_2048,
  22690. sizeof_client_key_der_2048), WOLFSSL_SUCCESS);
  22691. #ifndef HAVE_USER_RSA
  22692. /* Should mismatch now that a different private key loaded */
  22693. AssertIntNE(wolfSSL_check_private_key(ssl), WOLFSSL_SUCCESS);
  22694. #endif
  22695. AssertIntEQ(SSL_use_PrivateKey_ASN1(0, ssl,
  22696. (unsigned char*)server_key,
  22697. sizeof_server_key_der_2048), WOLFSSL_SUCCESS);
  22698. /* After loading back in DER format of original key, should match */
  22699. AssertIntEQ(wolfSSL_check_private_key(ssl), WOLFSSL_SUCCESS);
  22700. /* test loading private key to the WOLFSSL_CTX */
  22701. AssertIntEQ(SSL_CTX_use_PrivateKey_ASN1(0, ctx,
  22702. (unsigned char*)client_key_der_2048,
  22703. sizeof_client_key_der_2048), WOLFSSL_SUCCESS);
  22704. #ifndef NO_CHECK_PRIVATE_KEY
  22705. #ifndef HAVE_USER_RSA
  22706. /* Should mismatch now that a different private key loaded */
  22707. AssertIntNE(wolfSSL_CTX_check_private_key(ctx), WOLFSSL_SUCCESS);
  22708. #endif
  22709. AssertIntEQ(SSL_CTX_use_PrivateKey_ASN1(0, ctx,
  22710. (unsigned char*)server_key,
  22711. sizeof_server_key_der_2048), WOLFSSL_SUCCESS);
  22712. /* After loading back in DER format of original key, should match */
  22713. AssertIntEQ(wolfSSL_CTX_check_private_key(ctx), WOLFSSL_SUCCESS);
  22714. #endif /* !NO_CHECK_PRIVATE_KEY */
  22715. /* pkey not set yet, expecting to fail */
  22716. AssertIntEQ(SSL_use_PrivateKey(ssl, pkey), WOLFSSL_FAILURE);
  22717. /* set PKEY and test again */
  22718. AssertNotNull(wolfSSL_d2i_PrivateKey(EVP_PKEY_RSA, &pkey,
  22719. &server_key, (long)sizeof_server_key_der_2048));
  22720. AssertIntEQ(SSL_use_PrivateKey(ssl, pkey), WOLFSSL_SUCCESS);
  22721. /* reuse PKEY structure and test
  22722. * this should be checked with a memory management sanity checker */
  22723. AssertFalse(server_key == (const unsigned char*)server_key_der_2048);
  22724. server_key = (const unsigned char*)server_key_der_2048;
  22725. AssertNotNull(wolfSSL_d2i_PrivateKey(EVP_PKEY_RSA, &pkey,
  22726. &server_key, (long)sizeof_server_key_der_2048));
  22727. AssertIntEQ(SSL_use_PrivateKey(ssl, pkey), WOLFSSL_SUCCESS);
  22728. /* check striping PKCS8 header with wolfSSL_d2i_PrivateKey */
  22729. bufSz = FOURK_BUF;
  22730. AssertIntGT((bufSz = wc_CreatePKCS8Key(buf, &bufSz,
  22731. (byte*)server_key_der_2048, sizeof_server_key_der_2048,
  22732. RSAk, NULL, 0)), 0);
  22733. server_key = (const unsigned char*)buf;
  22734. AssertNotNull(wolfSSL_d2i_PrivateKey(EVP_PKEY_RSA, &pkey, &server_key,
  22735. (long)bufSz));
  22736. }
  22737. #endif
  22738. EVP_PKEY_free(pkey);
  22739. SSL_free(ssl); /* frees x509 also since loaded into ssl */
  22740. SSL_CTX_free(ctx);
  22741. #endif /* end of RSA private key match tests */
  22742. #ifdef HAVE_ECC
  22743. #ifndef NO_WOLFSSL_SERVER
  22744. AssertNotNull(ctx = SSL_CTX_new(wolfSSLv23_server_method()));
  22745. #else
  22746. AssertNotNull(ctx = SSL_CTX_new(wolfSSLv23_client_method()));
  22747. #endif
  22748. AssertTrue(SSL_CTX_use_certificate_file(ctx, eccCertFile,
  22749. WOLFSSL_FILETYPE_PEM));
  22750. AssertTrue(SSL_CTX_use_PrivateKey_file(ctx, eccKeyFile,
  22751. WOLFSSL_FILETYPE_PEM));
  22752. AssertNotNull(ssl = SSL_new(ctx));
  22753. AssertIntEQ(wolfSSL_check_private_key(ssl), WOLFSSL_SUCCESS);
  22754. SSL_free(ssl);
  22755. AssertTrue(SSL_CTX_use_PrivateKey_file(ctx, cliEccKeyFile,
  22756. WOLFSSL_FILETYPE_PEM));
  22757. AssertNotNull(ssl = SSL_new(ctx));
  22758. AssertIntNE(wolfSSL_check_private_key(ssl), WOLFSSL_SUCCESS);
  22759. SSL_free(ssl);
  22760. SSL_CTX_free(ctx);
  22761. #endif /* end of ECC private key match tests */
  22762. #ifdef HAVE_ED25519
  22763. #ifndef NO_WOLFSSL_SERVER
  22764. AssertNotNull(ctx = SSL_CTX_new(wolfSSLv23_server_method()));
  22765. #else
  22766. AssertNotNull(ctx = SSL_CTX_new(wolfSSLv23_client_method()));
  22767. #endif
  22768. AssertTrue(SSL_CTX_use_certificate_file(ctx, edCertFile,
  22769. WOLFSSL_FILETYPE_PEM));
  22770. AssertTrue(SSL_CTX_use_PrivateKey_file(ctx, edKeyFile,
  22771. WOLFSSL_FILETYPE_PEM));
  22772. AssertNotNull(ssl = SSL_new(ctx));
  22773. AssertIntEQ(wolfSSL_check_private_key(ssl), WOLFSSL_SUCCESS);
  22774. SSL_free(ssl);
  22775. AssertTrue(SSL_CTX_use_PrivateKey_file(ctx, cliEdKeyFile,
  22776. WOLFSSL_FILETYPE_PEM));
  22777. AssertNotNull(ssl = SSL_new(ctx));
  22778. AssertIntNE(wolfSSL_check_private_key(ssl), WOLFSSL_SUCCESS);
  22779. SSL_free(ssl);
  22780. SSL_CTX_free(ctx);
  22781. #endif /* end of Ed25519 private key match tests */
  22782. #ifdef HAVE_ED448
  22783. #ifndef NO_WOLFSSL_SERVER
  22784. AssertNotNull(ctx = SSL_CTX_new(wolfSSLv23_server_method()));
  22785. #else
  22786. AssertNotNull(ctx = SSL_CTX_new(wolfSSLv23_client_method()));
  22787. #endif
  22788. AssertTrue(SSL_CTX_use_certificate_file(ctx, ed448CertFile,
  22789. WOLFSSL_FILETYPE_PEM));
  22790. AssertTrue(SSL_CTX_use_PrivateKey_file(ctx, ed448KeyFile,
  22791. WOLFSSL_FILETYPE_PEM));
  22792. AssertNotNull(ssl = SSL_new(ctx));
  22793. AssertIntEQ(wolfSSL_check_private_key(ssl), WOLFSSL_SUCCESS);
  22794. SSL_free(ssl);
  22795. AssertTrue(SSL_CTX_use_PrivateKey_file(ctx, cliEd448KeyFile,
  22796. WOLFSSL_FILETYPE_PEM));
  22797. AssertNotNull(ssl = SSL_new(ctx));
  22798. AssertIntNE(wolfSSL_check_private_key(ssl), WOLFSSL_SUCCESS);
  22799. SSL_free(ssl);
  22800. SSL_CTX_free(ctx);
  22801. #endif /* end of Ed448 private key match tests */
  22802. EVP_cleanup();
  22803. /* test existence of no-op macros in wolfssl/openssl/ssl.h */
  22804. CONF_modules_free();
  22805. ENGINE_cleanup();
  22806. CONF_modules_unload();
  22807. (void)ssl;
  22808. (void)ctx;
  22809. (void)pkey;
  22810. printf(resultFmt, passed);
  22811. #endif /* defined(OPENSSL_EXTRA) && !defined(NO_CERTS) */
  22812. }
  22813. static void test_wolfSSL_PEM_PrivateKey(void)
  22814. {
  22815. #if defined(OPENSSL_EXTRA) && !defined(NO_CERTS) && \
  22816. (!defined(NO_RSA) || defined(HAVE_ECC)) && defined(USE_CERT_BUFFERS_2048)
  22817. #ifndef NO_BIO
  22818. BIO* bio = NULL;
  22819. #endif
  22820. EVP_PKEY* pkey = NULL;
  22821. const unsigned char* server_key = (const unsigned char*)server_key_der_2048;
  22822. #ifndef NO_BIO
  22823. /* test creating new EVP_PKEY with bad arg */
  22824. AssertNull((pkey = PEM_read_bio_PrivateKey(NULL, NULL, NULL, NULL)));
  22825. /* test loading RSA key using BIO */
  22826. #if !defined(NO_RSA) && !defined(NO_FILESYSTEM)
  22827. {
  22828. XFILE file;
  22829. const char* fname = "./certs/server-key.pem";
  22830. size_t sz;
  22831. byte* buf;
  22832. EVP_PKEY* pkey2;
  22833. file = XFOPEN(fname, "rb");
  22834. AssertTrue((file != XBADFILE));
  22835. AssertTrue(XFSEEK(file, 0, XSEEK_END) == 0);
  22836. sz = XFTELL(file);
  22837. XREWIND(file);
  22838. AssertNotNull(buf = (byte*)XMALLOC(sz, NULL, DYNAMIC_TYPE_FILE));
  22839. if (buf) {
  22840. AssertIntEQ(XFREAD(buf, 1, sz, file), sz);
  22841. }
  22842. XFCLOSE(file);
  22843. /* Test using BIO new mem and loading PEM private key */
  22844. bio = BIO_new_mem_buf(buf, (int)sz);
  22845. AssertNotNull(bio);
  22846. AssertNotNull((pkey = PEM_read_bio_PrivateKey(bio, NULL, NULL, NULL)));
  22847. XFREE(buf, NULL, DYNAMIC_TYPE_FILE);
  22848. BIO_free(bio);
  22849. bio = NULL;
  22850. AssertNotNull(pkey2 = EVP_PKEY_new());
  22851. pkey2->type = EVP_PKEY_RSA;
  22852. /* Test parameter copy */
  22853. AssertIntEQ(EVP_PKEY_copy_parameters(pkey2, pkey), 0);
  22854. EVP_PKEY_free(pkey2);
  22855. EVP_PKEY_free(pkey);
  22856. pkey = NULL;
  22857. }
  22858. #endif
  22859. /* test loading ECC key using BIO */
  22860. #if defined(HAVE_ECC) && !defined(NO_FILESYSTEM)
  22861. {
  22862. XFILE file;
  22863. const char* fname = "./certs/ecc-key.pem";
  22864. size_t sz;
  22865. byte* buf;
  22866. EVP_PKEY* pkey2;
  22867. int nid = 0;
  22868. file = XFOPEN(fname, "rb");
  22869. AssertTrue((file != XBADFILE));
  22870. AssertTrue(XFSEEK(file, 0, XSEEK_END) == 0);
  22871. sz = XFTELL(file);
  22872. XREWIND(file);
  22873. AssertNotNull(buf = (byte*)XMALLOC(sz, NULL, DYNAMIC_TYPE_FILE));
  22874. if (buf)
  22875. AssertIntEQ(XFREAD(buf, 1, sz, file), sz);
  22876. XFCLOSE(file);
  22877. /* Test using BIO new mem and loading PEM private key */
  22878. AssertNotNull(bio = BIO_new_mem_buf(buf, (int)sz));
  22879. AssertNotNull((pkey = PEM_read_bio_PrivateKey(bio, NULL, NULL, NULL)));
  22880. XFREE(buf, NULL, DYNAMIC_TYPE_FILE);
  22881. BIO_free(bio);
  22882. bio = NULL;
  22883. AssertNotNull(pkey2 = EVP_PKEY_new());
  22884. pkey2->type = EVP_PKEY_EC;
  22885. /* Test parameter copy */
  22886. AssertIntEQ(EVP_PKEY_copy_parameters(pkey2, pkey), 1);
  22887. /* Test default digest */
  22888. AssertIntEQ(EVP_PKEY_get_default_digest_nid(pkey, &nid), 1);
  22889. AssertIntEQ(nid, NID_sha256);
  22890. EVP_PKEY_free(pkey2);
  22891. EVP_PKEY_free(pkey);
  22892. pkey = NULL;
  22893. }
  22894. #endif
  22895. #if !defined(NO_RSA) && (defined(WOLFSSL_KEY_GEN) || defined(WOLFSSL_CERT_GEN))
  22896. {
  22897. #define BIO_PEM_TEST_CHAR 'a'
  22898. EVP_PKEY* pkey2 = NULL;
  22899. unsigned char extra[10];
  22900. int i;
  22901. printf(testingFmt, "wolfSSL_PEM_PrivateKey()");
  22902. XMEMSET(extra, BIO_PEM_TEST_CHAR, sizeof(extra));
  22903. AssertNotNull(bio = wolfSSL_BIO_new(wolfSSL_BIO_s_mem()));
  22904. AssertIntEQ(BIO_set_write_buf_size(bio, 4096), SSL_FAILURE);
  22905. AssertNull(d2i_PrivateKey(EVP_PKEY_EC, &pkey,
  22906. &server_key, (long)sizeof_server_key_der_2048));
  22907. AssertNull(pkey);
  22908. AssertNotNull(wolfSSL_d2i_PrivateKey(EVP_PKEY_RSA, &pkey,
  22909. &server_key, (long)sizeof_server_key_der_2048));
  22910. AssertIntEQ(PEM_write_bio_PrivateKey(bio, pkey, NULL, NULL, 0, NULL, NULL),
  22911. WOLFSSL_SUCCESS);
  22912. /* test creating new EVP_PKEY with good args */
  22913. AssertNotNull((pkey2 = PEM_read_bio_PrivateKey(bio, NULL, NULL, NULL)));
  22914. if (pkey && pkey->pkey.ptr && pkey2 && pkey2->pkey.ptr)
  22915. AssertIntEQ((int)XMEMCMP(pkey->pkey.ptr, pkey2->pkey.ptr, pkey->pkey_sz), 0);
  22916. /* test of reuse of EVP_PKEY */
  22917. AssertNull(PEM_read_bio_PrivateKey(bio, &pkey, NULL, NULL));
  22918. AssertIntEQ(BIO_pending(bio), 0);
  22919. AssertIntEQ(PEM_write_bio_PrivateKey(bio, pkey, NULL, NULL, 0, NULL, NULL),
  22920. SSL_SUCCESS);
  22921. AssertIntEQ(BIO_write(bio, extra, 10), 10); /* add 10 extra bytes after PEM */
  22922. AssertNotNull(PEM_read_bio_PrivateKey(bio, &pkey, NULL, NULL));
  22923. AssertNotNull(pkey);
  22924. if (pkey && pkey->pkey.ptr && pkey2 && pkey2->pkey.ptr) {
  22925. AssertIntEQ((int)XMEMCMP(pkey->pkey.ptr, pkey2->pkey.ptr, pkey->pkey_sz),0);
  22926. }
  22927. AssertIntEQ(BIO_pending(bio), 10); /* check 10 extra bytes still there */
  22928. AssertIntEQ(BIO_read(bio, extra, 10), 10);
  22929. for (i = 0; i < 10; i++) {
  22930. AssertIntEQ(extra[i], BIO_PEM_TEST_CHAR);
  22931. }
  22932. BIO_free(bio);
  22933. bio = NULL;
  22934. EVP_PKEY_free(pkey);
  22935. pkey = NULL;
  22936. EVP_PKEY_free(pkey2);
  22937. }
  22938. #endif
  22939. /* key is DES encrypted */
  22940. #if !defined(NO_DES3) && defined(WOLFSSL_ENCRYPTED_KEYS) && \
  22941. !defined(NO_RSA) && !defined(NO_FILESYSTEM) && !defined(NO_MD5)
  22942. {
  22943. XFILE f;
  22944. pem_password_cb* passwd_cb;
  22945. void* passwd_cb_userdata;
  22946. SSL_CTX* ctx;
  22947. char passwd[] = "bad password";
  22948. #ifndef WOLFSSL_NO_TLS12
  22949. #ifndef NO_WOLFSSL_SERVER
  22950. AssertNotNull(ctx = SSL_CTX_new(TLSv1_2_server_method()));
  22951. #else
  22952. AssertNotNull(ctx = SSL_CTX_new(TLSv1_2_client_method()));
  22953. #endif
  22954. #else
  22955. #ifndef NO_WOLFSSL_SERVER
  22956. AssertNotNull(ctx = SSL_CTX_new(wolfTLSv1_3_server_method()));
  22957. #else
  22958. AssertNotNull(ctx = SSL_CTX_new(wolfTLSv1_3_client_method()));
  22959. #endif
  22960. #endif
  22961. AssertNotNull(bio = BIO_new_file("./certs/server-keyEnc.pem", "rb"));
  22962. SSL_CTX_set_default_passwd_cb(ctx, PasswordCallBack);
  22963. AssertNotNull(passwd_cb = SSL_CTX_get_default_passwd_cb(ctx));
  22964. AssertNull(passwd_cb_userdata =
  22965. SSL_CTX_get_default_passwd_cb_userdata(ctx));
  22966. /* fail case with password call back */
  22967. AssertNull(pkey = PEM_read_bio_PrivateKey(bio, NULL, NULL,
  22968. (void*)passwd));
  22969. BIO_free(bio);
  22970. AssertNotNull(bio = BIO_new_file("./certs/server-keyEnc.pem", "rb"));
  22971. AssertNull(pkey = PEM_read_bio_PrivateKey(bio, NULL, passwd_cb,
  22972. (void*)passwd));
  22973. BIO_free(bio);
  22974. f = XFOPEN("./certs/server-keyEnc.pem", "rb");
  22975. AssertNotNull(bio = BIO_new_fp(f, BIO_CLOSE));
  22976. /* use callback that works */
  22977. AssertNotNull(pkey = PEM_read_bio_PrivateKey(bio, NULL, passwd_cb,
  22978. (void*)"yassl123"));
  22979. AssertIntEQ(SSL_CTX_use_PrivateKey(ctx, pkey), SSL_SUCCESS);
  22980. EVP_PKEY_free(pkey);
  22981. pkey = NULL;
  22982. BIO_free(bio);
  22983. bio = NULL;
  22984. SSL_CTX_free(ctx);
  22985. }
  22986. #endif /* !defined(NO_DES3) */
  22987. #endif /* !NO_BIO */
  22988. #if defined(HAVE_ECC) && !defined(NO_FILESYSTEM)
  22989. {
  22990. unsigned char buf[2048];
  22991. size_t bytes;
  22992. XFILE f;
  22993. SSL_CTX* ctx;
  22994. #ifndef WOLFSSL_NO_TLS12
  22995. #ifndef NO_WOLFSSL_SERVER
  22996. AssertNotNull(ctx = SSL_CTX_new(TLSv1_2_server_method()));
  22997. #else
  22998. AssertNotNull(ctx = SSL_CTX_new(TLSv1_2_client_method()));
  22999. #endif
  23000. #else
  23001. #ifndef NO_WOLFSSL_SERVER
  23002. AssertNotNull(ctx = SSL_CTX_new(wolfTLSv1_3_server_method()));
  23003. #else
  23004. AssertNotNull(ctx = SSL_CTX_new(wolfTLSv1_3_client_method()));
  23005. #endif
  23006. #endif
  23007. f = XFOPEN("./certs/ecc-key.der", "rb");
  23008. AssertTrue((f != XBADFILE));
  23009. bytes = (size_t)XFREAD(buf, 1, sizeof(buf), f);
  23010. XFCLOSE(f);
  23011. server_key = buf;
  23012. pkey = NULL;
  23013. AssertNull(d2i_PrivateKey(EVP_PKEY_RSA, &pkey, &server_key, bytes));
  23014. AssertNull(pkey);
  23015. AssertNotNull(d2i_PrivateKey(EVP_PKEY_EC, &pkey, &server_key, bytes));
  23016. AssertIntEQ(SSL_CTX_use_PrivateKey(ctx, pkey), SSL_SUCCESS);
  23017. EVP_PKEY_free(pkey);
  23018. pkey = NULL;
  23019. SSL_CTX_free(ctx);
  23020. }
  23021. #endif
  23022. printf(resultFmt, passed);
  23023. #ifndef NO_BIO
  23024. (void)bio;
  23025. #endif
  23026. (void)pkey;
  23027. (void)server_key;
  23028. #endif /* OPENSSL_EXTRA && !NO_CERTS && !NO_RSA && USE_CERT_BUFFERS_2048 */
  23029. }
  23030. #ifndef NO_BIO
  23031. static void test_wolfSSL_PEM_bio_RSAKey(void)
  23032. {
  23033. #if (defined(OPENSSL_EXTRA) || defined(OPENSSL_ALL)) && \
  23034. defined(WOLFSSL_KEY_GEN) && !defined(NO_RSA) && \
  23035. !defined(HAVE_USER_RSA) && !defined(NO_FILESYSTEM) && !defined(NO_CERTS)
  23036. RSA* rsa = NULL;
  23037. BIO* bio = NULL;
  23038. printf(testingFmt, "wolfSSL_PEM_bio_RSAKey");
  23039. /* PrivateKey */
  23040. AssertNotNull(bio = BIO_new_file(svrKeyFile, "rb"));
  23041. AssertNull((rsa = PEM_read_bio_RSAPrivateKey(NULL, NULL, NULL, NULL)));
  23042. AssertNotNull((rsa = PEM_read_bio_RSAPrivateKey(bio, NULL, NULL, NULL)));
  23043. AssertIntEQ(RSA_size(rsa), 256);
  23044. AssertIntEQ(PEM_write_bio_RSAPrivateKey(NULL, NULL, NULL, NULL, 0, NULL, \
  23045. NULL), WOLFSSL_FAILURE);
  23046. BIO_free(bio);
  23047. AssertNotNull(bio = wolfSSL_BIO_new(wolfSSL_BIO_s_mem()));
  23048. AssertIntEQ(PEM_write_bio_RSAPrivateKey(bio, rsa, NULL, NULL, 0, NULL, \
  23049. NULL), WOLFSSL_SUCCESS);
  23050. BIO_free(bio);
  23051. RSA_free(rsa);
  23052. /* PUBKEY */
  23053. AssertNotNull(bio = BIO_new_file("./certs/rsa-pub-2048.pem", "rb"));
  23054. AssertNull((rsa = PEM_read_bio_RSA_PUBKEY(NULL, NULL, NULL, NULL)));
  23055. AssertNotNull((rsa = PEM_read_bio_RSA_PUBKEY(bio, NULL, NULL, NULL)));
  23056. AssertIntEQ(RSA_size(rsa), 256);
  23057. AssertIntEQ(PEM_write_bio_RSA_PUBKEY(NULL, NULL), WOLFSSL_FAILURE);
  23058. BIO_free(bio);
  23059. AssertNotNull(bio = wolfSSL_BIO_new(wolfSSL_BIO_s_mem()));
  23060. AssertIntEQ(PEM_write_bio_RSA_PUBKEY(bio, rsa), WOLFSSL_SUCCESS);
  23061. BIO_free(bio);
  23062. RSA_free(rsa);
  23063. #ifdef HAVE_ECC
  23064. /* ensure that non-rsa keys do not work */
  23065. AssertNotNull(bio = BIO_new_file(eccKeyFile, "rb")); /* ecc key */
  23066. AssertNull((rsa = PEM_read_bio_RSAPrivateKey(bio, NULL, NULL, NULL)));
  23067. AssertNull((rsa = PEM_read_bio_RSA_PUBKEY(bio, NULL, NULL, NULL)));
  23068. BIO_free(bio);
  23069. RSA_free(rsa);
  23070. #endif /* HAVE_ECC */
  23071. printf(resultFmt, passed);
  23072. #endif /* defined(OPENSSL_EXTRA) || defined(OPENSSL_ALL)) && \
  23073. (defined(WOLFSSL_KEY_GEN) || WOLFSSL_CERT_GEN) && \
  23074. !defined(NO_FILESYSTEM) && !defined(NO_RSA) && !defined(NO_CERTS) */
  23075. }
  23076. static void test_wolfSSL_PEM_RSAPrivateKey(void)
  23077. {
  23078. #if defined(OPENSSL_EXTRA) && !defined(NO_CERTS) && \
  23079. !defined(NO_FILESYSTEM) && !defined(NO_RSA)
  23080. RSA* rsa = NULL;
  23081. RSA* rsa_dup = NULL;
  23082. BIO* bio = NULL;
  23083. printf(testingFmt, "wolfSSL_PEM_RSAPrivateKey()");
  23084. AssertNotNull(bio = BIO_new_file(svrKeyFile, "rb"));
  23085. AssertNotNull((rsa = PEM_read_bio_RSAPrivateKey(bio, NULL, NULL, NULL)));
  23086. AssertIntEQ(RSA_size(rsa), 256);
  23087. #if defined(WOLFSSL_KEY_GEN) && !defined(NO_RSA) && !defined(HAVE_USER_RSA)
  23088. AssertNotNull(rsa_dup = RSAPublicKey_dup(rsa));
  23089. AssertPtrNE(rsa_dup, rsa);
  23090. #endif
  23091. /* test if valgrind complains about unreleased memory */
  23092. RSA_up_ref(rsa);
  23093. RSA_free(rsa);
  23094. BIO_free(bio);
  23095. RSA_free(rsa);
  23096. RSA_free(rsa_dup);
  23097. #ifdef HAVE_ECC
  23098. AssertNotNull(bio = BIO_new_file(eccKeyFile, "rb"));
  23099. AssertNull((rsa = PEM_read_bio_RSAPrivateKey(bio, NULL, NULL, NULL)));
  23100. BIO_free(bio);
  23101. #endif /* HAVE_ECC */
  23102. printf(resultFmt, passed);
  23103. #endif /* defined(OPENSSL_EXTRA) && !defined(NO_CERTS) */
  23104. }
  23105. static void test_wolfSSL_PEM_bio_DSAKey(void)
  23106. {
  23107. #ifndef HAVE_SELFTEST
  23108. #if (defined(WOLFSSL_QT) || defined(OPENSSL_ALL)) && !defined(NO_CERTS) && \
  23109. defined(WOLFSSL_KEY_GEN) && !defined(NO_FILESYSTEM) && !defined(NO_DSA)
  23110. DSA* dsa = NULL;
  23111. BIO* bio = NULL;
  23112. printf(testingFmt, "wolfSSL_PEM_bio_DSAKey");
  23113. /* PrivateKey */
  23114. AssertNotNull(bio = BIO_new_file("./certs/1024/dsa1024.pem", "rb"));
  23115. AssertNull((dsa = PEM_read_bio_DSAPrivateKey(NULL, NULL, NULL, NULL)));
  23116. AssertNotNull((dsa = PEM_read_bio_DSAPrivateKey(bio, NULL, NULL, NULL)));
  23117. AssertIntEQ(BN_num_bytes(dsa->g), 128);
  23118. AssertIntEQ(PEM_write_bio_DSAPrivateKey(NULL, NULL, NULL, NULL, 0, NULL, NULL),
  23119. WOLFSSL_FAILURE);
  23120. BIO_free(bio);
  23121. AssertNotNull(bio = wolfSSL_BIO_new(wolfSSL_BIO_s_mem()));
  23122. AssertIntEQ(PEM_write_bio_DSAPrivateKey(bio, dsa, NULL, NULL, 0, NULL, NULL),
  23123. WOLFSSL_SUCCESS);
  23124. BIO_free(bio);
  23125. DSA_free(dsa);
  23126. /* PUBKEY */
  23127. AssertNotNull(bio = BIO_new_file("./certs/1024/dsa-pub-1024.pem", "rb"));
  23128. AssertNull((dsa = PEM_read_bio_DSA_PUBKEY(NULL, NULL, NULL, NULL)));
  23129. AssertNotNull((dsa = PEM_read_bio_DSA_PUBKEY(bio, NULL, NULL, NULL)));
  23130. AssertIntEQ(BN_num_bytes(dsa->g), 128);
  23131. AssertIntEQ(PEM_write_bio_DSA_PUBKEY(NULL, NULL), WOLFSSL_FAILURE);
  23132. BIO_free(bio);
  23133. AssertNotNull(bio = wolfSSL_BIO_new(wolfSSL_BIO_s_mem()));
  23134. AssertIntEQ(PEM_write_bio_DSA_PUBKEY(bio, dsa), WOLFSSL_SUCCESS);
  23135. BIO_free(bio);
  23136. DSA_free(dsa);
  23137. #ifdef HAVE_ECC
  23138. /* ensure that non-dsa keys do not work */
  23139. AssertNotNull(bio = BIO_new_file(eccKeyFile, "rb")); /* ecc key */
  23140. AssertNull((dsa = PEM_read_bio_DSAPrivateKey(bio, NULL, NULL, NULL)));
  23141. AssertNull((dsa = PEM_read_bio_DSA_PUBKEY(bio, NULL, NULL, NULL)));
  23142. BIO_free(bio);
  23143. DSA_free(dsa);
  23144. #endif /* HAVE_ECC */
  23145. printf(resultFmt, passed);
  23146. #endif /* defined(WOLFSSL_QT) || defined(OPENSSL_ALL)) && \
  23147. !defined(NO_CERTS) && defined(WOLFSSL_KEY_GEN) && \
  23148. !defined(NO_FILESYSTEM) && !defined(NO_DSA) */
  23149. #endif /* HAVE_SELFTEST */
  23150. }
  23151. static void test_wolfSSL_PEM_bio_ECKey(void)
  23152. {
  23153. #if (defined(OPENSSL_EXTRA) || defined(OPENSSL_ALL)) && \
  23154. defined(WOLFSSL_KEY_GEN) && !defined(NO_FILESYSTEM) && defined(HAVE_ECC)
  23155. EC_KEY* ec = NULL;
  23156. BIO* bio = NULL;
  23157. printf(testingFmt, "wolfSSL_PEM_bio_ECKey");
  23158. /* PrivateKey */
  23159. AssertNotNull(bio = BIO_new_file("./certs/ecc-key.pem", "rb"));
  23160. AssertNull((ec = PEM_read_bio_ECPrivateKey(NULL, NULL, NULL, NULL)));
  23161. AssertNotNull((ec = PEM_read_bio_ECPrivateKey(bio, NULL, NULL, NULL)));
  23162. AssertIntEQ(wc_ecc_size((ecc_key*)ec->internal), 32);
  23163. AssertIntEQ(PEM_write_bio_ECPrivateKey(NULL, NULL, NULL, NULL, 0, NULL, \
  23164. NULL),WOLFSSL_FAILURE);
  23165. BIO_free(bio);
  23166. AssertNotNull(bio = wolfSSL_BIO_new(wolfSSL_BIO_s_mem()));
  23167. AssertIntEQ(PEM_write_bio_ECPrivateKey(bio, ec, NULL, NULL, 0, NULL, \
  23168. NULL), WOLFSSL_SUCCESS);
  23169. BIO_free(bio);
  23170. EC_KEY_free(ec);
  23171. /* PUBKEY */
  23172. AssertNotNull(bio = BIO_new_file("./certs/ecc-client-keyPub.pem", "rb"));
  23173. AssertNull((ec = PEM_read_bio_EC_PUBKEY(NULL, NULL, NULL, NULL)));
  23174. AssertNotNull((ec = PEM_read_bio_EC_PUBKEY(bio, NULL, NULL, NULL)));
  23175. AssertIntEQ(wc_ecc_size((ecc_key*)ec->internal), 32);
  23176. AssertIntEQ(PEM_write_bio_EC_PUBKEY(NULL, NULL), WOLFSSL_FAILURE);
  23177. BIO_free(bio);
  23178. AssertNotNull(bio = wolfSSL_BIO_new(wolfSSL_BIO_s_mem()));
  23179. AssertIntEQ(PEM_write_bio_EC_PUBKEY(bio, ec), WOLFSSL_SUCCESS);
  23180. BIO_free(bio);
  23181. EC_KEY_free(ec);
  23182. #ifndef NO_RSA
  23183. /* ensure that non-ec keys do not work */
  23184. AssertNotNull(bio = BIO_new_file(svrKeyFile, "rb")); /* rsa key */
  23185. AssertNull((ec = PEM_read_bio_ECPrivateKey(bio, NULL, NULL, NULL)));
  23186. AssertNull((ec = PEM_read_bio_EC_PUBKEY(bio, NULL, NULL, NULL)));
  23187. BIO_free(bio);
  23188. EC_KEY_free(ec);
  23189. #endif /* HAVE_ECC */
  23190. printf(resultFmt, passed);
  23191. #endif /* defined(OPENSSL_EXTRA) && !defined(NO_CERTS) */
  23192. }
  23193. static void test_wolfSSL_PEM_PUBKEY(void)
  23194. {
  23195. #if defined(OPENSSL_EXTRA) && defined(HAVE_ECC)
  23196. BIO* bio = NULL;
  23197. EVP_PKEY* pkey = NULL;
  23198. /* test creating new EVP_PKEY with bad arg */
  23199. AssertNull((pkey = PEM_read_bio_PUBKEY(NULL, NULL, NULL, NULL)));
  23200. /* test loading ECC key using BIO */
  23201. #if defined(HAVE_ECC) && !defined(NO_FILESYSTEM)
  23202. {
  23203. XFILE file;
  23204. const char* fname = "./certs/ecc-client-keyPub.pem";
  23205. size_t sz;
  23206. byte* buf;
  23207. file = XFOPEN(fname, "rb");
  23208. AssertTrue((file != XBADFILE));
  23209. XFSEEK(file, 0, XSEEK_END);
  23210. sz = XFTELL(file);
  23211. XREWIND(file);
  23212. AssertNotNull(buf = (byte*)XMALLOC(sz, NULL, DYNAMIC_TYPE_FILE));
  23213. if (buf)
  23214. AssertIntEQ(XFREAD(buf, 1, sz, file), sz);
  23215. XFCLOSE(file);
  23216. /* Test using BIO new mem and loading PEM private key */
  23217. AssertNotNull(bio = BIO_new_mem_buf(buf, (int)sz));
  23218. AssertNotNull((pkey = PEM_read_bio_PUBKEY(bio, NULL, NULL, NULL)));
  23219. XFREE(buf, NULL, DYNAMIC_TYPE_FILE);
  23220. BIO_free(bio);
  23221. bio = NULL;
  23222. EVP_PKEY_free(pkey);
  23223. pkey = NULL;
  23224. }
  23225. #endif
  23226. (void)bio;
  23227. (void)pkey;
  23228. #endif
  23229. }
  23230. #endif /* !NO_BIO */
  23231. static void test_DSA_do_sign_verify(void)
  23232. {
  23233. #if !defined(HAVE_SELFTEST) && !defined(HAVE_FIPS)
  23234. #if defined(OPENSSL_EXTRA) && !defined(NO_FILESYSTEM) && \
  23235. !defined(NO_DSA)
  23236. unsigned char digest[WC_SHA_DIGEST_SIZE];
  23237. DSA_SIG* sig;
  23238. DSA* dsa;
  23239. word32 bytes;
  23240. byte sigBin[DSA_SIG_SIZE];
  23241. int dsacheck;
  23242. #ifdef USE_CERT_BUFFERS_1024
  23243. byte tmp[ONEK_BUF];
  23244. XMEMSET(tmp, 0, sizeof(tmp));
  23245. XMEMCPY(tmp, dsa_key_der_1024, sizeof_dsa_key_der_1024);
  23246. bytes = sizeof_dsa_key_der_1024;
  23247. #elif defined(USE_CERT_BUFFERS_2048)
  23248. byte tmp[TWOK_BUF];
  23249. XMEMSET(tmp, 0, sizeof(tmp));
  23250. XMEMCPY(tmp, dsa_key_der_2048, sizeof_dsa_key_der_2048);
  23251. bytes = sizeof_dsa_key_der_2048;
  23252. #else
  23253. byte tmp[TWOK_BUF];
  23254. XMEMSET(tmp, 0, sizeof(tmp));
  23255. XFILE fp = XFOPEN("./certs/dsa2048.der", "rb");
  23256. if (fp == XBADFILE) {
  23257. return WOLFSSL_BAD_FILE;
  23258. }
  23259. bytes = (word32) XFREAD(tmp, 1, sizeof(tmp), fp);
  23260. XFCLOSE(fp);
  23261. #endif /* END USE_CERT_BUFFERS_1024 */
  23262. printf(testingFmt, "DSA_do_sign_verify()");
  23263. XMEMSET(digest, 202, sizeof(digest));
  23264. AssertNotNull(dsa = DSA_new());
  23265. AssertIntEQ(DSA_LoadDer(dsa, tmp, bytes), 1);
  23266. AssertIntEQ(wolfSSL_DSA_do_sign(digest, sigBin, dsa), 1);
  23267. AssertIntEQ(wolfSSL_DSA_do_verify(digest, sigBin, dsa, &dsacheck), 1);
  23268. AssertNotNull(sig = DSA_do_sign(digest, WC_SHA_DIGEST_SIZE, dsa));
  23269. AssertIntEQ(DSA_do_verify(digest, WC_SHA_DIGEST_SIZE, sig, dsa), 1);
  23270. DSA_SIG_free(sig);
  23271. DSA_free(dsa);
  23272. #endif
  23273. #endif /* !HAVE_SELFTEST && !HAVE_FIPS */
  23274. }
  23275. static void test_wolfSSL_tmp_dh(void)
  23276. {
  23277. #if defined(OPENSSL_EXTRA) && !defined(NO_CERTS) && !defined(NO_FILESYSTEM) && \
  23278. !defined(NO_DSA) && !defined(NO_RSA) && !defined(NO_DH) && !defined(NO_BIO)
  23279. byte buff[6000];
  23280. char file[] = "./certs/dsaparams.pem";
  23281. XFILE f;
  23282. int bytes;
  23283. DSA* dsa;
  23284. DH* dh;
  23285. #if !defined(NO_DH) && (defined(WOLFSSL_QT) || defined(OPENSSL_ALL) || defined(WOLFSSL_OPENSSH))
  23286. DH* dh2;
  23287. #endif
  23288. BIO* bio;
  23289. SSL* ssl;
  23290. SSL_CTX* ctx;
  23291. printf(testingFmt, "wolfSSL_tmp_dh()");
  23292. #ifndef NO_WOLFSSL_SERVER
  23293. AssertNotNull(ctx = SSL_CTX_new(wolfSSLv23_server_method()));
  23294. #else
  23295. AssertNotNull(ctx = SSL_CTX_new(wolfSSLv23_client_method()));
  23296. #endif
  23297. AssertTrue(SSL_CTX_use_certificate_file(ctx, svrCertFile, WOLFSSL_FILETYPE_PEM));
  23298. AssertTrue(SSL_CTX_use_PrivateKey_file(ctx, svrKeyFile, WOLFSSL_FILETYPE_PEM));
  23299. AssertNotNull(ssl = SSL_new(ctx));
  23300. f = XFOPEN(file, "rb");
  23301. AssertTrue((f != XBADFILE));
  23302. bytes = (int)XFREAD(buff, 1, sizeof(buff), f);
  23303. XFCLOSE(f);
  23304. bio = BIO_new_mem_buf((void*)buff, bytes);
  23305. AssertNotNull(bio);
  23306. dsa = wolfSSL_PEM_read_bio_DSAparams(bio, NULL, NULL, NULL);
  23307. AssertNotNull(dsa);
  23308. dh = wolfSSL_DSA_dup_DH(dsa);
  23309. AssertNotNull(dh);
  23310. #if !defined(NO_DH) && (defined(WOLFSSL_QT) || defined(OPENSSL_ALL) || defined(WOLFSSL_OPENSSH))
  23311. AssertNotNull(dh2 = wolfSSL_DH_dup(dh));
  23312. #endif
  23313. AssertIntEQ((int)SSL_CTX_set_tmp_dh(ctx, dh), WOLFSSL_SUCCESS);
  23314. #ifndef NO_WOLFSSL_SERVER
  23315. AssertIntEQ((int)SSL_set_tmp_dh(ssl, dh), WOLFSSL_SUCCESS);
  23316. #else
  23317. AssertIntEQ((int)SSL_set_tmp_dh(ssl, dh), SIDE_ERROR);
  23318. #endif
  23319. BIO_free(bio);
  23320. DSA_free(dsa);
  23321. DH_free(dh);
  23322. #if !defined(NO_DH) && (defined(WOLFSSL_QT) || defined(OPENSSL_ALL) || defined(WOLFSSL_OPENSSH))
  23323. DH_free(dh2);
  23324. #endif
  23325. SSL_free(ssl);
  23326. SSL_CTX_free(ctx);
  23327. printf(resultFmt, passed);
  23328. #endif
  23329. }
  23330. static void test_wolfSSL_ctrl(void)
  23331. {
  23332. #if defined (OPENSSL_EXTRA) && !defined(NO_BIO)
  23333. byte buff[6000];
  23334. BIO* bio;
  23335. int bytes;
  23336. BUF_MEM* ptr = NULL;
  23337. printf(testingFmt, "wolfSSL_crtl()");
  23338. bytes = sizeof(buff);
  23339. bio = BIO_new_mem_buf((void*)buff, bytes);
  23340. AssertNotNull(bio);
  23341. AssertNotNull(BIO_s_socket());
  23342. AssertIntEQ((int)wolfSSL_BIO_get_mem_ptr(bio, &ptr), WOLFSSL_SUCCESS);
  23343. /* needs tested after stubs filled out @TODO
  23344. SSL_ctrl
  23345. SSL_CTX_ctrl
  23346. */
  23347. BIO_free(bio);
  23348. printf(resultFmt, passed);
  23349. #endif /* defined(OPENSSL_EXTRA) && !defined(NO_BIO) */
  23350. }
  23351. static void test_wolfSSL_EVP_PKEY_new_mac_key(void)
  23352. {
  23353. #ifdef OPENSSL_EXTRA
  23354. static const unsigned char pw[] = "password";
  23355. static const int pwSz = sizeof(pw) - 1;
  23356. size_t checkPwSz = 0;
  23357. const unsigned char* checkPw = NULL;
  23358. WOLFSSL_EVP_PKEY* key = NULL;
  23359. printf(testingFmt, "wolfSSL_EVP_PKEY_new_mac_key()");
  23360. AssertNull(key = wolfSSL_EVP_PKEY_new_mac_key(0, NULL, pw, pwSz));
  23361. AssertNull(key = wolfSSL_EVP_PKEY_new_mac_key(0, NULL, NULL, pwSz));
  23362. AssertNotNull(key = wolfSSL_EVP_PKEY_new_mac_key(EVP_PKEY_HMAC, NULL, pw, pwSz));
  23363. if (key) {
  23364. AssertIntEQ(key->type, EVP_PKEY_HMAC);
  23365. AssertIntEQ(key->save_type, EVP_PKEY_HMAC);
  23366. AssertIntEQ(key->pkey_sz, pwSz);
  23367. AssertIntEQ(XMEMCMP(key->pkey.ptr, pw, pwSz), 0);
  23368. }
  23369. AssertNotNull(checkPw = wolfSSL_EVP_PKEY_get0_hmac(key, &checkPwSz));
  23370. AssertIntEQ((int)checkPwSz, pwSz);
  23371. if (checkPw) {
  23372. AssertIntEQ(XMEMCMP(checkPw, pw, pwSz), 0);
  23373. }
  23374. wolfSSL_EVP_PKEY_free(key);
  23375. AssertNotNull(key = wolfSSL_EVP_PKEY_new_mac_key(EVP_PKEY_HMAC, NULL, pw, 0));
  23376. if (key) {
  23377. AssertIntEQ(key->pkey_sz, 0);
  23378. }
  23379. checkPw = wolfSSL_EVP_PKEY_get0_hmac(key, &checkPwSz);
  23380. (void)checkPw;
  23381. AssertIntEQ((int)checkPwSz, 0);
  23382. wolfSSL_EVP_PKEY_free(key);
  23383. AssertNotNull(key = wolfSSL_EVP_PKEY_new_mac_key(EVP_PKEY_HMAC, NULL, NULL, 0));
  23384. if (key) {
  23385. AssertIntEQ(key->pkey_sz, 0);
  23386. }
  23387. checkPw = wolfSSL_EVP_PKEY_get0_hmac(key, &checkPwSz);
  23388. (void)checkPw;
  23389. AssertIntEQ((int)checkPwSz, 0);
  23390. wolfSSL_EVP_PKEY_free(key);
  23391. printf(resultFmt, passed);
  23392. #endif /* OPENSSL_EXTRA */
  23393. }
  23394. static void test_wolfSSL_EVP_Digest(void)
  23395. {
  23396. #if defined(OPENSSL_EXTRA) && !defined(NO_SHA256) && !defined(NO_PWDBASED)
  23397. const char* in = "abc";
  23398. int inLen = (int)XSTRLEN(in);
  23399. byte out[WC_SHA256_DIGEST_SIZE];
  23400. unsigned int outLen;
  23401. const char* expOut = "\xBA\x78\x16\xBF\x8F\x01\xCF\xEA\x41\x41\x40\xDE\x5D\xAE\x22"
  23402. "\x23\xB0\x03\x61\xA3\x96\x17\x7A\x9C\xB4\x10\xFF\x61\xF2\x00"
  23403. "\x15\xAD";
  23404. printf(testingFmt, "wolfSSL_EVP_Digest()");
  23405. AssertIntEQ(wolfSSL_EVP_Digest((unsigned char*)in, inLen, out, &outLen, "SHA256", NULL), 1);
  23406. AssertIntEQ(outLen, WC_SHA256_DIGEST_SIZE);
  23407. AssertIntEQ(XMEMCMP(out, expOut, WC_SHA256_DIGEST_SIZE), 0);
  23408. printf(resultFmt, passed);
  23409. #endif /* OPEN_EXTRA && ! NO_SHA256 */
  23410. }
  23411. static void test_wolfSSL_EVP_MD_size(void)
  23412. {
  23413. #ifdef OPENSSL_EXTRA
  23414. WOLFSSL_EVP_MD_CTX mdCtx;
  23415. printf(testingFmt, "wolfSSL_EVP_MD_size()");
  23416. #ifndef NO_SHA256
  23417. wolfSSL_EVP_MD_CTX_init(&mdCtx);
  23418. AssertIntEQ(wolfSSL_EVP_DigestInit(&mdCtx, "SHA256"), 1);
  23419. AssertIntEQ(wolfSSL_EVP_MD_size(wolfSSL_EVP_MD_CTX_md(&mdCtx)), WC_SHA256_DIGEST_SIZE);
  23420. AssertIntEQ(wolfSSL_EVP_MD_CTX_block_size(&mdCtx), WC_SHA256_BLOCK_SIZE);
  23421. AssertIntEQ(wolfSSL_EVP_MD_CTX_cleanup(&mdCtx), 1);
  23422. #endif
  23423. #ifndef NO_MD5
  23424. wolfSSL_EVP_MD_CTX_init(&mdCtx);
  23425. AssertIntEQ(wolfSSL_EVP_DigestInit(&mdCtx, "MD5"), 1);
  23426. AssertIntEQ(wolfSSL_EVP_MD_CTX_size(&mdCtx), WC_MD5_DIGEST_SIZE);
  23427. AssertIntEQ(wolfSSL_EVP_MD_CTX_block_size(&mdCtx), WC_MD5_BLOCK_SIZE);
  23428. AssertIntEQ(wolfSSL_EVP_MD_CTX_cleanup(&mdCtx), 1);
  23429. #endif
  23430. #ifdef WOLFSSL_SHA224
  23431. wolfSSL_EVP_MD_CTX_init(&mdCtx);
  23432. AssertIntEQ(wolfSSL_EVP_DigestInit(&mdCtx, "SHA224"), 1);
  23433. AssertIntEQ(wolfSSL_EVP_MD_CTX_size(&mdCtx), WC_SHA224_DIGEST_SIZE);
  23434. AssertIntEQ(wolfSSL_EVP_MD_CTX_block_size(&mdCtx), WC_SHA224_BLOCK_SIZE);
  23435. AssertIntEQ(wolfSSL_EVP_MD_CTX_cleanup(&mdCtx), 1);
  23436. #endif
  23437. #ifdef WOLFSSL_SHA384
  23438. wolfSSL_EVP_MD_CTX_init(&mdCtx);
  23439. AssertIntEQ(wolfSSL_EVP_DigestInit(&mdCtx, "SHA384"), 1);
  23440. AssertIntEQ(wolfSSL_EVP_MD_CTX_size(&mdCtx), WC_SHA384_DIGEST_SIZE);
  23441. AssertIntEQ(wolfSSL_EVP_MD_CTX_block_size(&mdCtx), WC_SHA384_BLOCK_SIZE);
  23442. AssertIntEQ(wolfSSL_EVP_MD_CTX_cleanup(&mdCtx), 1);
  23443. #endif
  23444. #ifdef WOLFSSL_SHA512
  23445. wolfSSL_EVP_MD_CTX_init(&mdCtx);
  23446. AssertIntEQ(wolfSSL_EVP_DigestInit(&mdCtx, "SHA512"), 1);
  23447. AssertIntEQ(wolfSSL_EVP_MD_CTX_size(&mdCtx), WC_SHA512_DIGEST_SIZE);
  23448. AssertIntEQ(wolfSSL_EVP_MD_CTX_block_size(&mdCtx), WC_SHA512_BLOCK_SIZE);
  23449. AssertIntEQ(wolfSSL_EVP_MD_CTX_cleanup(&mdCtx), 1);
  23450. #endif
  23451. #ifndef NO_SHA
  23452. wolfSSL_EVP_MD_CTX_init(&mdCtx);
  23453. AssertIntEQ(wolfSSL_EVP_DigestInit(&mdCtx, "SHA"), 1);
  23454. AssertIntEQ(wolfSSL_EVP_MD_CTX_size(&mdCtx), WC_SHA_DIGEST_SIZE);
  23455. AssertIntEQ(wolfSSL_EVP_MD_CTX_block_size(&mdCtx), WC_SHA_BLOCK_SIZE);
  23456. AssertIntEQ(wolfSSL_EVP_MD_CTX_cleanup(&mdCtx), 1);
  23457. wolfSSL_EVP_MD_CTX_init(&mdCtx);
  23458. AssertIntEQ(wolfSSL_EVP_DigestInit(&mdCtx, "SHA1"), 1);
  23459. AssertIntEQ(wolfSSL_EVP_MD_CTX_size(&mdCtx), WC_SHA_DIGEST_SIZE);
  23460. AssertIntEQ(wolfSSL_EVP_MD_CTX_block_size(&mdCtx), WC_SHA_BLOCK_SIZE);
  23461. AssertIntEQ(wolfSSL_EVP_MD_CTX_cleanup(&mdCtx), 1);
  23462. #endif
  23463. /* error case */
  23464. wolfSSL_EVP_MD_CTX_init(&mdCtx);
  23465. AssertIntEQ(wolfSSL_EVP_DigestInit(&mdCtx, ""), BAD_FUNC_ARG);
  23466. AssertIntEQ(wolfSSL_EVP_MD_size(wolfSSL_EVP_MD_CTX_md(&mdCtx)), BAD_FUNC_ARG);
  23467. AssertIntEQ(wolfSSL_EVP_MD_CTX_block_size(&mdCtx), BAD_FUNC_ARG);
  23468. AssertIntEQ(wolfSSL_EVP_MD_CTX_cleanup(&mdCtx), 0);
  23469. printf(resultFmt, passed);
  23470. #endif /* OPENSSL_EXTRA */
  23471. }
  23472. #ifdef OPENSSL_EXTRA
  23473. static void test_hmac_signing(const WOLFSSL_EVP_MD *type, const byte* testKey,
  23474. size_t testKeySz, const char* testData, size_t testDataSz,
  23475. const byte* testResult, size_t testResultSz)
  23476. {
  23477. unsigned char check[WC_MAX_DIGEST_SIZE];
  23478. size_t checkSz = -1;
  23479. WOLFSSL_EVP_PKEY* key;
  23480. WOLFSSL_EVP_MD_CTX mdCtx;
  23481. printf(testingFmt, "wolfSSL_EVP_MD_hmac_signing()");
  23482. AssertNotNull(key = wolfSSL_EVP_PKEY_new_mac_key(EVP_PKEY_HMAC, NULL,
  23483. testKey, (int)testKeySz));
  23484. wolfSSL_EVP_MD_CTX_init(&mdCtx);
  23485. AssertIntEQ(wolfSSL_EVP_DigestSignInit(&mdCtx, NULL, type, NULL, key), 1);
  23486. AssertIntEQ(wolfSSL_EVP_DigestSignUpdate(&mdCtx, testData,
  23487. (unsigned int)testDataSz), 1);
  23488. AssertIntEQ(wolfSSL_EVP_DigestSignFinal(&mdCtx, NULL, &checkSz), 1);
  23489. AssertIntEQ((int)checkSz, (int)testResultSz);
  23490. AssertIntEQ(wolfSSL_EVP_DigestSignFinal(&mdCtx, check, &checkSz), 1);
  23491. AssertIntEQ((int)checkSz,(int)testResultSz);
  23492. AssertIntEQ(XMEMCMP(testResult, check, testResultSz), 0);
  23493. AssertIntEQ(wolfSSL_EVP_MD_CTX_cleanup(&mdCtx), 1);
  23494. AssertIntEQ(wolfSSL_EVP_DigestVerifyInit(&mdCtx, NULL, type, NULL, key), 1);
  23495. AssertIntEQ(wolfSSL_EVP_DigestVerifyUpdate(&mdCtx, testData,
  23496. (unsigned int)testDataSz), 1);
  23497. AssertIntEQ(wolfSSL_EVP_DigestVerifyFinal(&mdCtx, testResult, checkSz), 1);
  23498. AssertIntEQ(wolfSSL_EVP_MD_CTX_cleanup(&mdCtx), 1);
  23499. wolfSSL_EVP_MD_CTX_init(&mdCtx);
  23500. AssertIntEQ(wolfSSL_EVP_DigestSignInit(&mdCtx, NULL, type, NULL, key), 1);
  23501. AssertIntEQ(wolfSSL_EVP_DigestSignUpdate(&mdCtx, testData, 4), 1);
  23502. AssertIntEQ(wolfSSL_EVP_DigestSignFinal(&mdCtx, NULL, &checkSz), 1);
  23503. AssertIntEQ((int)checkSz, (int)testResultSz);
  23504. AssertIntEQ(wolfSSL_EVP_DigestSignFinal(&mdCtx, check, &checkSz), 1);
  23505. AssertIntEQ((int)checkSz,(int)testResultSz);
  23506. AssertIntEQ(wolfSSL_EVP_DigestSignUpdate(&mdCtx, testData + 4,
  23507. (unsigned int)testDataSz - 4), 1);
  23508. AssertIntEQ(wolfSSL_EVP_DigestSignFinal(&mdCtx, check, &checkSz), 1);
  23509. AssertIntEQ((int)checkSz,(int)testResultSz);
  23510. AssertIntEQ(XMEMCMP(testResult, check, testResultSz), 0);
  23511. AssertIntEQ(wolfSSL_EVP_MD_CTX_cleanup(&mdCtx), 1);
  23512. AssertIntEQ(wolfSSL_EVP_DigestVerifyInit(&mdCtx, NULL, type, NULL, key), 1);
  23513. AssertIntEQ(wolfSSL_EVP_DigestVerifyUpdate(&mdCtx, testData, 4), 1);
  23514. AssertIntEQ(wolfSSL_EVP_DigestVerifyUpdate(&mdCtx, testData + 4,
  23515. (unsigned int)testDataSz - 4), 1);
  23516. AssertIntEQ(wolfSSL_EVP_DigestVerifyFinal(&mdCtx, testResult, checkSz), 1);
  23517. AssertIntEQ(wolfSSL_EVP_MD_CTX_cleanup(&mdCtx), 1);
  23518. wolfSSL_EVP_PKEY_free(key);
  23519. }
  23520. #endif
  23521. static void test_wolfSSL_EVP_MD_hmac_signing(void)
  23522. {
  23523. #ifdef OPENSSL_EXTRA
  23524. static const unsigned char testKey[] =
  23525. {
  23526. 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b,
  23527. 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b,
  23528. 0x0b, 0x0b, 0x0b, 0x0b
  23529. };
  23530. static const char testData[] = "Hi There";
  23531. #ifdef WOLFSSL_SHA224
  23532. static const unsigned char testResultSha224[] =
  23533. {
  23534. 0x89, 0x6f, 0xb1, 0x12, 0x8a, 0xbb, 0xdf, 0x19,
  23535. 0x68, 0x32, 0x10, 0x7c, 0xd4, 0x9d, 0xf3, 0x3f,
  23536. 0x47, 0xb4, 0xb1, 0x16, 0x99, 0x12, 0xba, 0x4f,
  23537. 0x53, 0x68, 0x4b, 0x22
  23538. };
  23539. #endif
  23540. #ifndef NO_SHA256
  23541. static const unsigned char testResultSha256[] =
  23542. {
  23543. 0xb0, 0x34, 0x4c, 0x61, 0xd8, 0xdb, 0x38, 0x53,
  23544. 0x5c, 0xa8, 0xaf, 0xce, 0xaf, 0x0b, 0xf1, 0x2b,
  23545. 0x88, 0x1d, 0xc2, 0x00, 0xc9, 0x83, 0x3d, 0xa7,
  23546. 0x26, 0xe9, 0x37, 0x6c, 0x2e, 0x32, 0xcf, 0xf7
  23547. };
  23548. #endif
  23549. #ifdef WOLFSSL_SHA384
  23550. static const unsigned char testResultSha384[] =
  23551. {
  23552. 0xaf, 0xd0, 0x39, 0x44, 0xd8, 0x48, 0x95, 0x62,
  23553. 0x6b, 0x08, 0x25, 0xf4, 0xab, 0x46, 0x90, 0x7f,
  23554. 0x15, 0xf9, 0xda, 0xdb, 0xe4, 0x10, 0x1e, 0xc6,
  23555. 0x82, 0xaa, 0x03, 0x4c, 0x7c, 0xeb, 0xc5, 0x9c,
  23556. 0xfa, 0xea, 0x9e, 0xa9, 0x07, 0x6e, 0xde, 0x7f,
  23557. 0x4a, 0xf1, 0x52, 0xe8, 0xb2, 0xfa, 0x9c, 0xb6
  23558. };
  23559. #endif
  23560. #ifdef WOLFSSL_SHA512
  23561. static const unsigned char testResultSha512[] =
  23562. {
  23563. 0x87, 0xaa, 0x7c, 0xde, 0xa5, 0xef, 0x61, 0x9d,
  23564. 0x4f, 0xf0, 0xb4, 0x24, 0x1a, 0x1d, 0x6c, 0xb0,
  23565. 0x23, 0x79, 0xf4, 0xe2, 0xce, 0x4e, 0xc2, 0x78,
  23566. 0x7a, 0xd0, 0xb3, 0x05, 0x45, 0xe1, 0x7c, 0xde,
  23567. 0xda, 0xa8, 0x33, 0xb7, 0xd6, 0xb8, 0xa7, 0x02,
  23568. 0x03, 0x8b, 0x27, 0x4e, 0xae, 0xa3, 0xf4, 0xe4,
  23569. 0xbe, 0x9d, 0x91, 0x4e, 0xeb, 0x61, 0xf1, 0x70,
  23570. 0x2e, 0x69, 0x6c, 0x20, 0x3a, 0x12, 0x68, 0x54
  23571. };
  23572. #endif
  23573. #ifdef WOLFSSL_SHA3
  23574. #ifndef WOLFSSL_NOSHA3_224
  23575. static const unsigned char testResultSha3_224[] =
  23576. {
  23577. 0x3b, 0x16, 0x54, 0x6b, 0xbc, 0x7b, 0xe2, 0x70,
  23578. 0x6a, 0x03, 0x1d, 0xca, 0xfd, 0x56, 0x37, 0x3d,
  23579. 0x98, 0x84, 0x36, 0x76, 0x41, 0xd8, 0xc5, 0x9a,
  23580. 0xf3, 0xc8, 0x60, 0xf7
  23581. };
  23582. #endif
  23583. #ifndef WOLFSSL_NOSHA3_256
  23584. static const unsigned char testResultSha3_256[] =
  23585. {
  23586. 0xba, 0x85, 0x19, 0x23, 0x10, 0xdf, 0xfa, 0x96,
  23587. 0xe2, 0xa3, 0xa4, 0x0e, 0x69, 0x77, 0x43, 0x51,
  23588. 0x14, 0x0b, 0xb7, 0x18, 0x5e, 0x12, 0x02, 0xcd,
  23589. 0xcc, 0x91, 0x75, 0x89, 0xf9, 0x5e, 0x16, 0xbb
  23590. };
  23591. #endif
  23592. #ifndef WOLFSSL_NOSHA3_384
  23593. static const unsigned char testResultSha3_384[] =
  23594. {
  23595. 0x68, 0xd2, 0xdc, 0xf7, 0xfd, 0x4d, 0xdd, 0x0a,
  23596. 0x22, 0x40, 0xc8, 0xa4, 0x37, 0x30, 0x5f, 0x61,
  23597. 0xfb, 0x73, 0x34, 0xcf, 0xb5, 0xd0, 0x22, 0x6e,
  23598. 0x1b, 0xc2, 0x7d, 0xc1, 0x0a, 0x2e, 0x72, 0x3a,
  23599. 0x20, 0xd3, 0x70, 0xb4, 0x77, 0x43, 0x13, 0x0e,
  23600. 0x26, 0xac, 0x7e, 0x3d, 0x53, 0x28, 0x86, 0xbd
  23601. };
  23602. #endif
  23603. #ifndef WOLFSSL_NOSHA3_512
  23604. static const unsigned char testResultSha3_512[] =
  23605. {
  23606. 0xeb, 0x3f, 0xbd, 0x4b, 0x2e, 0xaa, 0xb8, 0xf5,
  23607. 0xc5, 0x04, 0xbd, 0x3a, 0x41, 0x46, 0x5a, 0xac,
  23608. 0xec, 0x15, 0x77, 0x0a, 0x7c, 0xab, 0xac, 0x53,
  23609. 0x1e, 0x48, 0x2f, 0x86, 0x0b, 0x5e, 0xc7, 0xba,
  23610. 0x47, 0xcc, 0xb2, 0xc6, 0xf2, 0xaf, 0xce, 0x8f,
  23611. 0x88, 0xd2, 0x2b, 0x6d, 0xc6, 0x13, 0x80, 0xf2,
  23612. 0x3a, 0x66, 0x8f, 0xd3, 0x88, 0x8b, 0xb8, 0x05,
  23613. 0x37, 0xc0, 0xa0, 0xb8, 0x64, 0x07, 0x68, 0x9e
  23614. };
  23615. #endif
  23616. #endif
  23617. #ifndef NO_SHA256
  23618. test_hmac_signing(wolfSSL_EVP_sha256(), testKey, sizeof(testKey), testData,
  23619. XSTRLEN(testData), testResultSha256, sizeof(testResultSha256));
  23620. #endif
  23621. #ifdef WOLFSSL_SHA224
  23622. test_hmac_signing(wolfSSL_EVP_sha224(), testKey, sizeof(testKey), testData,
  23623. XSTRLEN(testData), testResultSha224, sizeof(testResultSha224));
  23624. #endif
  23625. #ifdef WOLFSSL_SHA384
  23626. test_hmac_signing(wolfSSL_EVP_sha384(), testKey, sizeof(testKey), testData,
  23627. XSTRLEN(testData), testResultSha384, sizeof(testResultSha384));
  23628. #endif
  23629. #ifdef WOLFSSL_SHA512
  23630. test_hmac_signing(wolfSSL_EVP_sha512(), testKey, sizeof(testKey), testData,
  23631. XSTRLEN(testData), testResultSha512, sizeof(testResultSha512));
  23632. #endif
  23633. #ifdef WOLFSSL_SHA3
  23634. #ifndef WOLFSSL_NOSHA3_224
  23635. test_hmac_signing(wolfSSL_EVP_sha3_224(), testKey, sizeof(testKey),
  23636. testData, XSTRLEN(testData), testResultSha3_224,
  23637. sizeof(testResultSha3_224));
  23638. #endif
  23639. #ifndef WOLFSSL_NOSHA3_256
  23640. test_hmac_signing(wolfSSL_EVP_sha3_256(), testKey, sizeof(testKey),
  23641. testData, XSTRLEN(testData), testResultSha3_256,
  23642. sizeof(testResultSha3_256));
  23643. #endif
  23644. #ifndef WOLFSSL_NOSHA3_384
  23645. test_hmac_signing(wolfSSL_EVP_sha3_384(), testKey, sizeof(testKey),
  23646. testData, XSTRLEN(testData), testResultSha3_384,
  23647. sizeof(testResultSha3_384));
  23648. #endif
  23649. #ifndef WOLFSSL_NOSHA3_512
  23650. test_hmac_signing(wolfSSL_EVP_sha3_512(), testKey, sizeof(testKey),
  23651. testData, XSTRLEN(testData), testResultSha3_512,
  23652. sizeof(testResultSha3_512));
  23653. #endif
  23654. #endif
  23655. printf(resultFmt, passed);
  23656. #endif /* OPENSSL_EXTRA */
  23657. }
  23658. static void test_wolfSSL_EVP_MD_rsa_signing(void)
  23659. {
  23660. #if defined(OPENSSL_EXTRA) && !defined(NO_RSA) && !defined(HAVE_USER_RSA) && \
  23661. defined(USE_CERT_BUFFERS_2048)
  23662. WOLFSSL_EVP_PKEY* privKey;
  23663. WOLFSSL_EVP_PKEY* pubKey;
  23664. WOLFSSL_EVP_PKEY_CTX* keyCtx;
  23665. const char testData[] = "Hi There";
  23666. WOLFSSL_EVP_MD_CTX mdCtx;
  23667. size_t checkSz = -1;
  23668. int sz = 2048 / 8;
  23669. const unsigned char* cp;
  23670. const unsigned char* p;
  23671. unsigned char check[2048/8];
  23672. size_t i;
  23673. int paddings[] = {
  23674. RSA_PKCS1_PADDING,
  23675. #if !defined(HAVE_FIPS) && !defined(HAVE_SELFTEST) && defined(WC_RSA_PSS)
  23676. RSA_PKCS1_PSS_PADDING,
  23677. #endif
  23678. };
  23679. printf(testingFmt, "wolfSSL_EVP_MD_rsa_signing()");
  23680. cp = client_key_der_2048;
  23681. AssertNotNull((privKey = wolfSSL_d2i_PrivateKey(EVP_PKEY_RSA, NULL, &cp,
  23682. sizeof_client_key_der_2048)));
  23683. p = client_keypub_der_2048;
  23684. AssertNotNull((pubKey = wolfSSL_d2i_PUBKEY(NULL, &p,
  23685. sizeof_client_keypub_der_2048)));
  23686. wolfSSL_EVP_MD_CTX_init(&mdCtx);
  23687. AssertIntEQ(wolfSSL_EVP_DigestSignInit(&mdCtx, NULL, wolfSSL_EVP_sha256(),
  23688. NULL, privKey), 1);
  23689. AssertIntEQ(wolfSSL_EVP_DigestSignUpdate(&mdCtx, testData,
  23690. (unsigned int)XSTRLEN(testData)), 1);
  23691. AssertIntEQ(wolfSSL_EVP_DigestSignFinal(&mdCtx, NULL, &checkSz), 1);
  23692. AssertIntEQ((int)checkSz, sz);
  23693. AssertIntEQ(wolfSSL_EVP_DigestSignFinal(&mdCtx, check, &checkSz), 1);
  23694. AssertIntEQ((int)checkSz,sz);
  23695. AssertIntEQ(wolfSSL_EVP_MD_CTX_cleanup(&mdCtx), 1);
  23696. wolfSSL_EVP_MD_CTX_init(&mdCtx);
  23697. AssertIntEQ(wolfSSL_EVP_DigestVerifyInit(&mdCtx, NULL, wolfSSL_EVP_sha256(),
  23698. NULL, pubKey), 1);
  23699. AssertIntEQ(wolfSSL_EVP_DigestVerifyUpdate(&mdCtx, testData,
  23700. (unsigned int)XSTRLEN(testData)),
  23701. 1);
  23702. AssertIntEQ(wolfSSL_EVP_DigestVerifyFinal(&mdCtx, check, checkSz), 1);
  23703. AssertIntEQ(wolfSSL_EVP_MD_CTX_cleanup(&mdCtx), 1);
  23704. wolfSSL_EVP_MD_CTX_init(&mdCtx);
  23705. AssertIntEQ(wolfSSL_EVP_DigestSignInit(&mdCtx, NULL, wolfSSL_EVP_sha256(),
  23706. NULL, privKey), 1);
  23707. AssertIntEQ(wolfSSL_EVP_DigestSignUpdate(&mdCtx, testData, 4), 1);
  23708. AssertIntEQ(wolfSSL_EVP_DigestSignFinal(&mdCtx, NULL, &checkSz), 1);
  23709. AssertIntEQ((int)checkSz, sz);
  23710. AssertIntEQ(wolfSSL_EVP_DigestSignFinal(&mdCtx, check, &checkSz), 1);
  23711. AssertIntEQ((int)checkSz, sz);
  23712. AssertIntEQ(wolfSSL_EVP_DigestSignUpdate(&mdCtx, testData + 4,
  23713. (unsigned int)XSTRLEN(testData) - 4), 1);
  23714. AssertIntEQ(wolfSSL_EVP_DigestSignFinal(&mdCtx, check, &checkSz), 1);
  23715. AssertIntEQ((int)checkSz, sz);
  23716. AssertIntEQ(wolfSSL_EVP_MD_CTX_cleanup(&mdCtx), 1);
  23717. wolfSSL_EVP_MD_CTX_init(&mdCtx);
  23718. AssertIntEQ(wolfSSL_EVP_DigestVerifyInit(&mdCtx, NULL, wolfSSL_EVP_sha256(),
  23719. NULL, pubKey), 1);
  23720. AssertIntEQ(wolfSSL_EVP_DigestVerifyUpdate(&mdCtx, testData, 4), 1);
  23721. AssertIntEQ(wolfSSL_EVP_DigestVerifyUpdate(&mdCtx, testData + 4,
  23722. (unsigned int)XSTRLEN(testData) - 4),
  23723. 1);
  23724. AssertIntEQ(wolfSSL_EVP_DigestVerifyFinal(&mdCtx, check, checkSz), 1);
  23725. AssertIntEQ(wolfSSL_EVP_MD_CTX_cleanup(&mdCtx), 1);
  23726. /* Check all signing padding types */
  23727. for (i = 0; i < sizeof(paddings)/sizeof(int); i++) {
  23728. wolfSSL_EVP_MD_CTX_init(&mdCtx);
  23729. AssertIntEQ(wolfSSL_EVP_DigestSignInit(&mdCtx, &keyCtx,
  23730. wolfSSL_EVP_sha256(), NULL, privKey), 1);
  23731. AssertIntEQ(wolfSSL_EVP_PKEY_CTX_set_rsa_padding(keyCtx,
  23732. paddings[i]), 1);
  23733. AssertIntEQ(wolfSSL_EVP_DigestSignUpdate(&mdCtx, testData,
  23734. (unsigned int)XSTRLEN(testData)), 1);
  23735. AssertIntEQ(wolfSSL_EVP_DigestSignFinal(&mdCtx, NULL, &checkSz), 1);
  23736. AssertIntEQ((int)checkSz, sz);
  23737. AssertIntEQ(wolfSSL_EVP_DigestSignFinal(&mdCtx, check, &checkSz), 1);
  23738. AssertIntEQ((int)checkSz,sz);
  23739. AssertIntEQ(wolfSSL_EVP_MD_CTX_cleanup(&mdCtx), 1);
  23740. wolfSSL_EVP_MD_CTX_init(&mdCtx);
  23741. AssertIntEQ(wolfSSL_EVP_DigestVerifyInit(&mdCtx, &keyCtx,
  23742. wolfSSL_EVP_sha256(), NULL, pubKey), 1);
  23743. AssertIntEQ(wolfSSL_EVP_PKEY_CTX_set_rsa_padding(keyCtx,
  23744. paddings[i]), 1);
  23745. AssertIntEQ(wolfSSL_EVP_DigestVerifyUpdate(&mdCtx, testData,
  23746. (unsigned int)XSTRLEN(testData)), 1);
  23747. AssertIntEQ(wolfSSL_EVP_DigestVerifyFinal(&mdCtx, check, checkSz), 1);
  23748. AssertIntEQ(wolfSSL_EVP_MD_CTX_cleanup(&mdCtx), 1);
  23749. }
  23750. wolfSSL_EVP_PKEY_free(pubKey);
  23751. wolfSSL_EVP_PKEY_free(privKey);
  23752. printf(resultFmt, passed);
  23753. #endif
  23754. }
  23755. static void test_wolfSSL_EVP_MD_ecc_signing(void)
  23756. {
  23757. #if defined(OPENSSL_EXTRA) && defined(HAVE_ECC) && defined(USE_CERT_BUFFERS_256)
  23758. WOLFSSL_EVP_PKEY* privKey;
  23759. WOLFSSL_EVP_PKEY* pubKey;
  23760. const char testData[] = "Hi There";
  23761. WOLFSSL_EVP_MD_CTX mdCtx;
  23762. size_t checkSz = -1;
  23763. const unsigned char* cp;
  23764. const unsigned char* p;
  23765. unsigned char check[2048/8];
  23766. printf(testingFmt, "wolfSSL_EVP_MD_ecc_signing()");
  23767. cp = ecc_clikey_der_256;
  23768. privKey = wolfSSL_d2i_PrivateKey(EVP_PKEY_EC, NULL, &cp,
  23769. sizeof_ecc_clikey_der_256);
  23770. AssertNotNull(privKey);
  23771. p = ecc_clikeypub_der_256;
  23772. AssertNotNull((pubKey = wolfSSL_d2i_PUBKEY(NULL, &p,
  23773. sizeof_ecc_clikeypub_der_256)));
  23774. wolfSSL_EVP_MD_CTX_init(&mdCtx);
  23775. AssertIntEQ(wolfSSL_EVP_DigestSignInit(&mdCtx, NULL, wolfSSL_EVP_sha256(),
  23776. NULL, privKey), 1);
  23777. AssertIntEQ(wolfSSL_EVP_DigestSignUpdate(&mdCtx, testData,
  23778. (unsigned int)XSTRLEN(testData)), 1);
  23779. AssertIntEQ(wolfSSL_EVP_DigestSignFinal(&mdCtx, NULL, &checkSz), 1);
  23780. AssertIntEQ(wolfSSL_EVP_DigestSignFinal(&mdCtx, check, &checkSz), 1);
  23781. AssertIntEQ(wolfSSL_EVP_MD_CTX_cleanup(&mdCtx), 1);
  23782. wolfSSL_EVP_MD_CTX_init(&mdCtx);
  23783. AssertIntEQ(wolfSSL_EVP_DigestVerifyInit(&mdCtx, NULL, wolfSSL_EVP_sha256(),
  23784. NULL, pubKey), 1);
  23785. AssertIntEQ(wolfSSL_EVP_DigestVerifyUpdate(&mdCtx, testData,
  23786. (unsigned int)XSTRLEN(testData)),
  23787. 1);
  23788. AssertIntEQ(wolfSSL_EVP_DigestVerifyFinal(&mdCtx, check, checkSz), 1);
  23789. AssertIntEQ(wolfSSL_EVP_MD_CTX_cleanup(&mdCtx), 1);
  23790. wolfSSL_EVP_MD_CTX_init(&mdCtx);
  23791. AssertIntEQ(wolfSSL_EVP_DigestSignInit(&mdCtx, NULL, wolfSSL_EVP_sha256(),
  23792. NULL, privKey), 1);
  23793. AssertIntEQ(wolfSSL_EVP_DigestSignUpdate(&mdCtx, testData, 4), 1);
  23794. AssertIntEQ(wolfSSL_EVP_DigestSignFinal(&mdCtx, NULL, &checkSz), 1);
  23795. AssertIntEQ(wolfSSL_EVP_DigestSignFinal(&mdCtx, check, &checkSz), 1);
  23796. AssertIntEQ(wolfSSL_EVP_DigestSignUpdate(&mdCtx, testData + 4,
  23797. (unsigned int)XSTRLEN(testData) - 4), 1);
  23798. AssertIntEQ(wolfSSL_EVP_DigestSignFinal(&mdCtx, check, &checkSz), 1);
  23799. AssertIntEQ(wolfSSL_EVP_MD_CTX_cleanup(&mdCtx), 1);
  23800. wolfSSL_EVP_MD_CTX_init(&mdCtx);
  23801. AssertIntEQ(wolfSSL_EVP_DigestVerifyInit(&mdCtx, NULL, wolfSSL_EVP_sha256(),
  23802. NULL, pubKey), 1);
  23803. AssertIntEQ(wolfSSL_EVP_DigestVerifyUpdate(&mdCtx, testData, 4), 1);
  23804. AssertIntEQ(wolfSSL_EVP_DigestVerifyUpdate(&mdCtx, testData + 4,
  23805. (unsigned int)XSTRLEN(testData) - 4),
  23806. 1);
  23807. AssertIntEQ(wolfSSL_EVP_DigestVerifyFinal(&mdCtx, check, checkSz), 1);
  23808. AssertIntEQ(wolfSSL_EVP_MD_CTX_cleanup(&mdCtx), 1);
  23809. wolfSSL_EVP_PKEY_free(pubKey);
  23810. wolfSSL_EVP_PKEY_free(privKey);
  23811. printf(resultFmt, passed);
  23812. #endif
  23813. }
  23814. static void test_wolfSSL_CTX_add_extra_chain_cert(void)
  23815. {
  23816. #if defined(OPENSSL_EXTRA) && !defined(NO_CERTS) && \
  23817. !defined(NO_FILESYSTEM) && !defined(NO_RSA)
  23818. char caFile[] = "./certs/client-ca.pem";
  23819. char clientFile[] = "./certs/client-cert.pem";
  23820. SSL_CTX* ctx;
  23821. X509* x509;
  23822. printf(testingFmt, "wolfSSL_CTX_add_extra_chain_cert()");
  23823. #ifndef NO_WOLFSSL_SERVER
  23824. AssertNotNull(ctx = SSL_CTX_new(wolfSSLv23_server_method()));
  23825. #else
  23826. AssertNotNull(ctx = SSL_CTX_new(wolfSSLv23_client_method()));
  23827. #endif
  23828. x509 = wolfSSL_X509_load_certificate_file(caFile, WOLFSSL_FILETYPE_PEM);
  23829. AssertNotNull(x509);
  23830. AssertIntEQ((int)SSL_CTX_add_extra_chain_cert(ctx, x509), WOLFSSL_SUCCESS);
  23831. x509 = wolfSSL_X509_load_certificate_file(clientFile, WOLFSSL_FILETYPE_PEM);
  23832. AssertNotNull(x509);
  23833. #if !defined(HAVE_USER_RSA) && !defined(HAVE_FAST_RSA)
  23834. /* additional test of getting EVP_PKEY key size from X509
  23835. * Do not run with user RSA because wolfSSL_RSA_size is not currently
  23836. * allowed with user RSA */
  23837. {
  23838. EVP_PKEY* pkey;
  23839. #if defined(HAVE_ECC)
  23840. X509* ecX509;
  23841. #endif /* HAVE_ECC */
  23842. AssertNotNull(pkey = X509_get_pubkey(x509));
  23843. /* current RSA key is 2048 bit (256 bytes) */
  23844. AssertIntEQ(EVP_PKEY_size(pkey), 256);
  23845. EVP_PKEY_free(pkey);
  23846. #if defined(HAVE_ECC)
  23847. #if defined(USE_CERT_BUFFERS_256)
  23848. AssertNotNull(ecX509 = wolfSSL_X509_load_certificate_buffer(
  23849. cliecc_cert_der_256, sizeof_cliecc_cert_der_256,
  23850. SSL_FILETYPE_ASN1));
  23851. #else
  23852. AssertNotNull(ecX509 = wolfSSL_X509_load_certificate_file(cliEccCertFile,
  23853. SSL_FILETYPE_PEM));
  23854. #endif
  23855. pkey = X509_get_pubkey(ecX509);
  23856. AssertNotNull(pkey);
  23857. /* current ECC key is 256 bit (32 bytes) */
  23858. AssertIntEQ(EVP_PKEY_size(pkey), 32);
  23859. X509_free(ecX509);
  23860. EVP_PKEY_free(pkey);
  23861. #endif /* HAVE_ECC */
  23862. }
  23863. #endif /* !defined(HAVE_USER_RSA) && !defined(HAVE_FAST_RSA) */
  23864. AssertIntEQ((int)SSL_CTX_add_extra_chain_cert(ctx, x509), SSL_SUCCESS);
  23865. #ifdef WOLFSSL_ENCRYPTED_KEYS
  23866. AssertNull(SSL_CTX_get_default_passwd_cb(ctx));
  23867. AssertNull(SSL_CTX_get_default_passwd_cb_userdata(ctx));
  23868. #endif
  23869. SSL_CTX_free(ctx);
  23870. printf(resultFmt, passed);
  23871. #endif /* defined(OPENSSL_EXTRA) && !defined(NO_CERTS) && \
  23872. !defined(NO_FILESYSTEM) && !defined(NO_RSA) */
  23873. }
  23874. #if !defined(NO_WOLFSSL_CLIENT) && !defined(NO_WOLFSSL_SERVER)
  23875. static void test_wolfSSL_ERR_peek_last_error_line(void)
  23876. {
  23877. #if defined(OPENSSL_EXTRA) && !defined(NO_CERTS) && \
  23878. !defined(NO_FILESYSTEM) && defined(DEBUG_WOLFSSL) && \
  23879. !defined(NO_OLD_TLS) && !defined(WOLFSSL_NO_TLS12) && \
  23880. defined(HAVE_IO_TESTS_DEPENDENCIES) && !defined(NO_ERROR_QUEUE)
  23881. tcp_ready ready;
  23882. func_args client_args;
  23883. func_args server_args;
  23884. #ifndef SINGLE_THREADED
  23885. THREAD_TYPE serverThread;
  23886. #endif
  23887. callback_functions client_cb;
  23888. callback_functions server_cb;
  23889. int line = 0;
  23890. int flag = ERR_TXT_STRING;
  23891. const char* file = NULL;
  23892. const char* data = NULL;
  23893. printf(testingFmt, "wolfSSL_ERR_peek_last_error_line()");
  23894. /* create a failed connection and inspect the error */
  23895. #ifdef WOLFSSL_TIRTOS
  23896. fdOpenSession(Task_self());
  23897. #endif
  23898. XMEMSET(&client_args, 0, sizeof(func_args));
  23899. XMEMSET(&server_args, 0, sizeof(func_args));
  23900. StartTCP();
  23901. InitTcpReady(&ready);
  23902. XMEMSET(&client_cb, 0, sizeof(callback_functions));
  23903. XMEMSET(&server_cb, 0, sizeof(callback_functions));
  23904. client_cb.method = wolfTLSv1_1_client_method;
  23905. server_cb.method = wolfTLSv1_2_server_method;
  23906. server_args.signal = &ready;
  23907. server_args.callbacks = &server_cb;
  23908. client_args.signal = &ready;
  23909. client_args.callbacks = &client_cb;
  23910. #ifndef SINGLE_THREADED
  23911. start_thread(test_server_nofail, &server_args, &serverThread);
  23912. wait_tcp_ready(&server_args);
  23913. test_client_nofail(&client_args, NULL);
  23914. join_thread(serverThread);
  23915. #endif
  23916. FreeTcpReady(&ready);
  23917. AssertIntGT(ERR_get_error_line_data(NULL, NULL, &data, &flag), 0);
  23918. AssertNotNull(data);
  23919. /* check clearing error state */
  23920. ERR_remove_state(0);
  23921. AssertIntEQ((int)ERR_peek_last_error_line(NULL, NULL), 0);
  23922. ERR_peek_last_error_line(NULL, &line);
  23923. AssertIntEQ(line, 0);
  23924. ERR_peek_last_error_line(&file, NULL);
  23925. AssertNull(file);
  23926. /* retry connection to fill error queue */
  23927. XMEMSET(&client_args, 0, sizeof(func_args));
  23928. XMEMSET(&server_args, 0, sizeof(func_args));
  23929. StartTCP();
  23930. InitTcpReady(&ready);
  23931. client_cb.method = wolfTLSv1_1_client_method;
  23932. server_cb.method = wolfTLSv1_2_server_method;
  23933. server_args.signal = &ready;
  23934. server_args.callbacks = &server_cb;
  23935. client_args.signal = &ready;
  23936. client_args.callbacks = &client_cb;
  23937. start_thread(test_server_nofail, &server_args, &serverThread);
  23938. wait_tcp_ready(&server_args);
  23939. test_client_nofail(&client_args, NULL);
  23940. join_thread(serverThread);
  23941. FreeTcpReady(&ready);
  23942. /* check that error code was stored */
  23943. AssertIntNE((int)ERR_peek_last_error_line(NULL, NULL), 0);
  23944. ERR_peek_last_error_line(NULL, &line);
  23945. AssertIntNE(line, 0);
  23946. ERR_peek_last_error_line(&file, NULL);
  23947. AssertNotNull(file);
  23948. #ifdef WOLFSSL_TIRTOS
  23949. fdOpenSession(Task_self());
  23950. #endif
  23951. printf(resultFmt, passed);
  23952. printf("\nTesting error print out\n");
  23953. ERR_print_errors_fp(stdout);
  23954. printf("Done testing print out\n\n");
  23955. fflush(stdout);
  23956. #endif /* defined(OPENSSL_EXTRA) && !defined(NO_CERTS) && \
  23957. !defined(NO_FILESYSTEM) && !defined(DEBUG_WOLFSSL) */
  23958. }
  23959. #endif
  23960. #if defined(OPENSSL_EXTRA) && !defined(NO_CERTS) && \
  23961. !defined(NO_FILESYSTEM) && !defined(NO_RSA)
  23962. static int verify_cb(int ok, X509_STORE_CTX *ctx)
  23963. {
  23964. (void) ok;
  23965. (void) ctx;
  23966. printf("ENTER verify_cb\n");
  23967. return SSL_SUCCESS;
  23968. }
  23969. #endif
  23970. static void test_wolfSSL_X509_Name_canon(void)
  23971. {
  23972. #if defined(OPENSSL_ALL) && !defined(NO_CERTS) && \
  23973. !defined(NO_FILESYSTEM) && !defined(NO_SHA) && \
  23974. defined(WOLFSSL_CERT_GEN) && \
  23975. (defined(WOLFSSL_CERT_REQ) || defined(WOLFSSL_CERT_EXT))
  23976. const long ex_hash1 = 0x0fdb2da4;
  23977. const long ex_hash2 = 0x9f3e8c9e;
  23978. X509_NAME *name = NULL;
  23979. X509 *x509 = NULL;
  23980. FILE* file = NULL;
  23981. unsigned long hash = 0;
  23982. byte digest[WC_MAX_DIGEST_SIZE] = {0};
  23983. byte *pbuf = NULL;
  23984. word32 len = 0;
  23985. (void) ex_hash2;
  23986. printf(testingFmt, "test_wolfSSL_X509_Name_canon()");
  23987. file = XFOPEN(caCertFile, "rb");
  23988. AssertNotNull(file);
  23989. AssertNotNull(x509 = PEM_read_X509(file, NULL, NULL, NULL));
  23990. AssertNotNull(name = X509_get_issuer_name(x509));
  23991. AssertIntGT((len = wolfSSL_i2d_X509_NAME_canon(name, &pbuf)), 0);
  23992. AssertIntEQ(wc_ShaHash((const byte*)pbuf, (word32)len, digest), 0);
  23993. hash = (((unsigned long)digest[3] << 24) |
  23994. ((unsigned long)digest[2] << 16) |
  23995. ((unsigned long)digest[1] << 8) |
  23996. ((unsigned long)digest[0]));
  23997. AssertIntEQ(hash, ex_hash1);
  23998. XFCLOSE(file);
  23999. X509_free(x509);
  24000. XFREE(pbuf, NULL, DYNAMIC_TYPE_OPENSSL);
  24001. pbuf = NULL;
  24002. file = XFOPEN(cliCertFile, "rb");
  24003. AssertNotNull(file);
  24004. AssertNotNull(x509 = PEM_read_X509(file, NULL, NULL, NULL));
  24005. AssertNotNull(name = X509_get_issuer_name(x509));
  24006. AssertIntGT((len = wolfSSL_i2d_X509_NAME_canon(name, &pbuf)), 0);
  24007. AssertIntEQ(wc_ShaHash((const byte*)pbuf, (word32)len, digest), 0);
  24008. hash = (((unsigned long)digest[3] << 24) |
  24009. ((unsigned long)digest[2] << 16) |
  24010. ((unsigned long)digest[1] << 8) |
  24011. ((unsigned long)digest[0]));
  24012. AssertIntEQ(hash, ex_hash2);
  24013. XFCLOSE(file);
  24014. X509_free(x509);
  24015. XFREE(pbuf, NULL, DYNAMIC_TYPE_OPENSSL);
  24016. printf(resultFmt, passed);
  24017. #endif
  24018. }
  24019. static void test_wolfSSL_X509_LOOKUP_ctrl_hash_dir(void)
  24020. {
  24021. #if defined(OPENSSL_ALL) && !defined(NO_FILESYSTEM) && !defined(NO_WOLFSSL_DIR)
  24022. const int MAX_DIR = 4;
  24023. const char paths[][32] = {
  24024. "./certs/ed25519",
  24025. "./certs/ecc",
  24026. "./certs/crl",
  24027. "./certs/",
  24028. };
  24029. char CertCrl_path[MAX_FILENAME_SZ];
  24030. char *p;
  24031. X509_STORE* str;
  24032. X509_LOOKUP* lookup;
  24033. WOLFSSL_STACK* sk = NULL;
  24034. int len, total_len, i;
  24035. (void) sk;
  24036. printf(testingFmt, "test_wolfSSL_X509_LOOKUP_ctrl_hash_dir()");
  24037. XMEMSET(CertCrl_path, 0, MAX_FILENAME_SZ);
  24038. /* illegal string */
  24039. AssertNotNull((str = wolfSSL_X509_STORE_new()));
  24040. AssertNotNull(lookup = X509_STORE_add_lookup(str, X509_LOOKUP_file()));
  24041. AssertIntEQ(X509_LOOKUP_ctrl(lookup, X509_L_ADD_DIR, "",
  24042. SSL_FILETYPE_PEM,NULL), 0);
  24043. /* free store */
  24044. X509_STORE_free(str);
  24045. /* short folder string */
  24046. AssertNotNull((str = wolfSSL_X509_STORE_new()));
  24047. AssertNotNull(lookup = X509_STORE_add_lookup(str, X509_LOOKUP_file()));
  24048. AssertIntEQ(X509_LOOKUP_ctrl(lookup, X509_L_ADD_DIR, "./",
  24049. SSL_FILETYPE_PEM,NULL), 1);
  24050. #if defined(WOLFSSL_INT_H)
  24051. /* only available when including internal.h */
  24052. AssertNotNull(sk = lookup->dirs->dir_entry);
  24053. #endif
  24054. /* free store */
  24055. X509_STORE_free(str);
  24056. /* typical function check */
  24057. p = &CertCrl_path[0];
  24058. total_len = 0;
  24059. for(i = MAX_DIR - 1; i>=0 && total_len < MAX_FILENAME_SZ; i--) {
  24060. len = (int)XSTRLEN((const char*)&paths[i]);
  24061. total_len += len;
  24062. XSTRNCPY(p, paths[i], MAX_FILENAME_SZ - total_len);
  24063. p += len;
  24064. if (i != 0) *(p++) = SEPARATOR_CHAR;
  24065. }
  24066. AssertNotNull((str = wolfSSL_X509_STORE_new()));
  24067. AssertNotNull(lookup = X509_STORE_add_lookup(str, X509_LOOKUP_file()));
  24068. AssertIntEQ(X509_LOOKUP_ctrl(lookup, X509_L_ADD_DIR, CertCrl_path,
  24069. SSL_FILETYPE_PEM,NULL), 1);
  24070. #if defined(WOLFSSL_INT_H)
  24071. /* only available when including internal.h */
  24072. AssertNotNull(sk = lookup->dirs->dir_entry);
  24073. #endif
  24074. X509_STORE_free(str);
  24075. printf(resultFmt, passed);
  24076. #endif
  24077. }
  24078. static void test_wolfSSL_X509_LOOKUP_ctrl_file(void)
  24079. {
  24080. #if defined(OPENSSL_ALL) && !defined(NO_CERTS) && \
  24081. !defined(NO_FILESYSTEM) && !defined(NO_RSA) && \
  24082. defined(WOLFSSL_SIGNER_DER_CERT)
  24083. X509_STORE_CTX* ctx;
  24084. X509_STORE* str;
  24085. X509_LOOKUP* lookup;
  24086. X509* cert1;
  24087. X509* x509Ca;
  24088. X509* x509Svr;
  24089. X509* issuer;
  24090. WOLFSSL_STACK* sk = NULL;
  24091. X509_NAME* caName;
  24092. X509_NAME* issuerName;
  24093. FILE* file1 = NULL;
  24094. int i, cert_count, cmp;
  24095. char der[] = "certs/ca-cert.der";
  24096. #ifdef HAVE_CRL
  24097. char pem[][100] = {
  24098. "./certs/crl/crl.pem",
  24099. "./certs/crl/crl2.pem",
  24100. "./certs/crl/caEccCrl.pem",
  24101. "./certs/crl/eccCliCRL.pem",
  24102. "./certs/crl/eccSrvCRL.pem",
  24103. ""
  24104. };
  24105. #endif
  24106. printf(testingFmt, "test_wolfSSL_X509_LOOKUP_ctrl_file()");
  24107. AssertNotNull(file1=fopen("./certs/ca-cert.pem", "rb"));
  24108. AssertNotNull(cert1 = wolfSSL_PEM_read_X509(file1, NULL, NULL, NULL));
  24109. fclose(file1);
  24110. AssertNotNull(ctx = X509_STORE_CTX_new());
  24111. AssertNotNull((str = wolfSSL_X509_STORE_new()));
  24112. AssertNotNull(lookup = X509_STORE_add_lookup(str, X509_LOOKUP_file()));
  24113. AssertIntEQ(X509_LOOKUP_ctrl(lookup, X509_L_FILE_LOAD, caCertFile,
  24114. SSL_FILETYPE_PEM,NULL), 1);
  24115. AssertNotNull(sk = wolfSSL_CertManagerGetCerts(str->cm));
  24116. AssertIntEQ((cert_count = sk_X509_num(sk)), 1);
  24117. /* check if CA cert is loaded into the store */
  24118. for (i = 0; i < cert_count; i++) {
  24119. x509Ca = sk_X509_value(sk, i);
  24120. AssertIntEQ(0, wolfSSL_X509_cmp(x509Ca, cert1));
  24121. }
  24122. AssertNotNull((x509Svr =
  24123. wolfSSL_X509_load_certificate_file(svrCertFile, SSL_FILETYPE_PEM)));
  24124. AssertIntEQ(X509_STORE_CTX_init(ctx, str, x509Svr, NULL), SSL_SUCCESS);
  24125. AssertNull(X509_STORE_CTX_get0_current_issuer(NULL));
  24126. issuer = X509_STORE_CTX_get0_current_issuer(ctx);
  24127. AssertNotNull(issuer);
  24128. caName = X509_get_subject_name(x509Ca);
  24129. AssertNotNull(caName);
  24130. issuerName = X509_get_subject_name(issuer);
  24131. AssertNotNull(issuerName);
  24132. cmp = X509_NAME_cmp(caName, issuerName);
  24133. AssertIntEQ(cmp, 0);
  24134. /* load der format */
  24135. X509_free(issuer);
  24136. X509_STORE_CTX_free(ctx);
  24137. X509_STORE_free(str);
  24138. sk_X509_free(sk);
  24139. X509_free(x509Svr);
  24140. AssertNotNull((str = wolfSSL_X509_STORE_new()));
  24141. AssertNotNull(lookup = X509_STORE_add_lookup(str, X509_LOOKUP_file()));
  24142. AssertIntEQ(X509_LOOKUP_ctrl(lookup, X509_L_FILE_LOAD, der,
  24143. SSL_FILETYPE_ASN1,NULL), 1);
  24144. AssertNotNull(sk = wolfSSL_CertManagerGetCerts(str->cm));
  24145. AssertIntEQ((cert_count = sk_X509_num(sk)), 1);
  24146. /* check if CA cert is loaded into the store */
  24147. for (i = 0; i < cert_count; i++) {
  24148. x509Ca = sk_X509_value(sk, i);
  24149. AssertIntEQ(0, wolfSSL_X509_cmp(x509Ca, cert1));
  24150. }
  24151. X509_STORE_free(str);
  24152. sk_X509_free(sk);
  24153. X509_free(cert1);
  24154. #ifdef HAVE_CRL
  24155. AssertNotNull(str = wolfSSL_X509_STORE_new());
  24156. AssertNotNull(lookup = X509_STORE_add_lookup(str, X509_LOOKUP_file()));
  24157. AssertIntEQ(X509_LOOKUP_ctrl(lookup, X509_L_FILE_LOAD, caCertFile,
  24158. SSL_FILETYPE_PEM,NULL), 1);
  24159. AssertIntEQ(X509_LOOKUP_ctrl(lookup, X509_L_FILE_LOAD,
  24160. "certs/server-revoked-cert.pem",
  24161. SSL_FILETYPE_PEM,NULL), 1);
  24162. if (str) {
  24163. AssertIntEQ(wolfSSL_CertManagerVerify(str->cm, svrCertFile,
  24164. WOLFSSL_FILETYPE_PEM), 1);
  24165. /* since store hasn't yet known the revoked cert*/
  24166. AssertIntEQ(wolfSSL_CertManagerVerify(str->cm,
  24167. "certs/server-revoked-cert.pem",
  24168. WOLFSSL_FILETYPE_PEM), 1);
  24169. }
  24170. for (i = 0; pem[i][0] != '\0'; i++)
  24171. {
  24172. AssertIntEQ(X509_LOOKUP_ctrl(lookup, X509_L_FILE_LOAD, pem[i],
  24173. SSL_FILETYPE_PEM, NULL), 1);
  24174. }
  24175. if (str) {
  24176. /* since store knows crl list */
  24177. AssertIntEQ(wolfSSL_CertManagerVerify(str->cm,
  24178. "certs/server-revoked-cert.pem",
  24179. WOLFSSL_FILETYPE_PEM ), CRL_CERT_REVOKED);
  24180. }
  24181. X509_STORE_free(str);
  24182. #endif
  24183. printf(resultFmt, passed);
  24184. #endif
  24185. }
  24186. static void test_wolfSSL_X509_STORE_CTX_get0_current_issuer(void)
  24187. {
  24188. #if defined(OPENSSL_EXTRA) && !defined(NO_RSA)
  24189. #ifdef WOLFSSL_SIGNER_DER_CERT
  24190. int cmp;
  24191. #endif
  24192. X509_STORE_CTX* ctx;
  24193. X509_STORE* str;
  24194. X509* x509Ca;
  24195. X509* x509Svr;
  24196. X509* issuer;
  24197. X509_NAME* caName;
  24198. X509_NAME* issuerName;
  24199. printf(testingFmt, "wolfSSL_X509_STORE_CTX_get0_current_issuer()");
  24200. AssertNotNull(ctx = X509_STORE_CTX_new());
  24201. AssertNotNull((str = wolfSSL_X509_STORE_new()));
  24202. AssertNotNull((x509Ca =
  24203. wolfSSL_X509_load_certificate_file(caCertFile, SSL_FILETYPE_PEM)));
  24204. AssertIntEQ(X509_STORE_add_cert(str, x509Ca), SSL_SUCCESS);
  24205. AssertNotNull((x509Svr =
  24206. wolfSSL_X509_load_certificate_file(svrCertFile, SSL_FILETYPE_PEM)));
  24207. AssertIntEQ(X509_STORE_CTX_init(ctx, str, x509Svr, NULL), SSL_SUCCESS);
  24208. AssertNull(X509_STORE_CTX_get0_current_issuer(NULL));
  24209. issuer = X509_STORE_CTX_get0_current_issuer(ctx);
  24210. AssertNotNull(issuer);
  24211. caName = X509_get_subject_name(x509Ca);
  24212. AssertNotNull(caName);
  24213. issuerName = X509_get_subject_name(issuer);
  24214. #ifdef WOLFSSL_SIGNER_DER_CERT
  24215. AssertNotNull(issuerName);
  24216. cmp = X509_NAME_cmp(caName, issuerName);
  24217. AssertIntEQ(cmp, 0);
  24218. #else
  24219. AssertNotNull(issuerName);
  24220. #endif
  24221. X509_free(issuer);
  24222. X509_STORE_CTX_free(ctx);
  24223. X509_free(x509Svr);
  24224. X509_STORE_free(str);
  24225. X509_free(x509Ca);
  24226. printf(resultFmt, passed);
  24227. #endif
  24228. }
  24229. static void test_wolfSSL_PKCS7_certs(void)
  24230. {
  24231. #if defined(OPENSSL_ALL) && !defined(NO_CERTS) && \
  24232. !defined(NO_FILESYSTEM) && !defined(NO_RSA) && defined(HAVE_PKCS7)
  24233. STACK_OF(X509)* sk = NULL;
  24234. STACK_OF(X509_INFO)* info_sk = NULL;
  24235. PKCS7 *p7 = NULL;
  24236. BIO* bio;
  24237. const byte* p = NULL;
  24238. int buflen = 0;
  24239. int i;
  24240. printf(testingFmt, "wolfSSL_PKCS7_certs()");
  24241. /* Test twice. Once with d2i and once without to test
  24242. * that everything is free'd correctly. */
  24243. for (i = 0; i < 2; i++) {
  24244. AssertNotNull(p7 = PKCS7_new());
  24245. p7->version = 1;
  24246. p7->hashOID = SHAh;
  24247. AssertNotNull(bio = BIO_new(BIO_s_file()));
  24248. AssertIntGT(BIO_read_filename(bio, svrCertFile), 0);
  24249. AssertNotNull(info_sk = PEM_X509_INFO_read_bio(bio, NULL, NULL, NULL));
  24250. AssertIntEQ(sk_X509_INFO_num(info_sk), 2);
  24251. AssertNotNull(sk = sk_X509_new_null());
  24252. while (sk_X509_INFO_num(info_sk)) {
  24253. X509_INFO* info;
  24254. AssertNotNull(info = sk_X509_INFO_shift(info_sk));
  24255. AssertIntEQ(sk_X509_push(sk, info->x509), 1);
  24256. info->x509 = NULL;
  24257. X509_INFO_free(info);
  24258. }
  24259. sk_X509_INFO_free(info_sk);
  24260. BIO_free(bio);
  24261. bio = BIO_new(BIO_s_mem());
  24262. AssertIntEQ(wolfSSL_PKCS7_encode_certs(p7, sk, bio), 1);
  24263. AssertIntGT((buflen = BIO_get_mem_data(bio, &p)), 0);
  24264. if (i == 0) {
  24265. PKCS7_free(p7);
  24266. AssertNotNull(d2i_PKCS7(&p7, &p, buflen));
  24267. /* Reset certs to force wolfSSL_PKCS7_to_stack to regenerate them */
  24268. ((WOLFSSL_PKCS7*)p7)->certs = NULL;
  24269. /* PKCS7_free free's the certs */
  24270. AssertNotNull(wolfSSL_PKCS7_to_stack(p7));
  24271. }
  24272. BIO_free(bio);
  24273. PKCS7_free(p7);
  24274. }
  24275. printf(resultFmt, passed);
  24276. #endif /* defined(OPENSSL_ALL) && !defined(NO_CERTS) && \
  24277. !defined(NO_FILESYSTEM) && !defined(NO_RSA) && defined(HAVE_PKCS7) */
  24278. }
  24279. static void test_wolfSSL_X509_STORE_CTX(void)
  24280. {
  24281. #if defined(OPENSSL_EXTRA) && !defined(NO_CERTS) && \
  24282. !defined(NO_FILESYSTEM) && !defined(NO_RSA)
  24283. X509_STORE_CTX* ctx;
  24284. X509_STORE* str;
  24285. X509* x509;
  24286. #ifdef OPENSSL_ALL
  24287. X509* x5092;
  24288. STACK_OF(X509) *sk, *sk2, *sk3;
  24289. #endif
  24290. printf(testingFmt, "wolfSSL_X509_STORE_CTX()");
  24291. AssertNotNull(ctx = X509_STORE_CTX_new());
  24292. AssertNotNull((str = wolfSSL_X509_STORE_new()));
  24293. AssertNotNull((x509 =
  24294. wolfSSL_X509_load_certificate_file(svrCertFile, SSL_FILETYPE_PEM)));
  24295. AssertIntEQ(X509_STORE_add_cert(str, x509), SSL_SUCCESS);
  24296. #ifdef OPENSSL_ALL
  24297. /* sk_X509_new only in OPENSSL_ALL */
  24298. sk = sk_X509_new();
  24299. AssertNotNull(sk);
  24300. AssertIntEQ(X509_STORE_CTX_init(ctx, str, x509, sk), SSL_SUCCESS);
  24301. #else
  24302. AssertIntEQ(X509_STORE_CTX_init(ctx, str, x509, NULL), SSL_SUCCESS);
  24303. #endif
  24304. AssertIntEQ(SSL_get_ex_data_X509_STORE_CTX_idx(), 0);
  24305. X509_STORE_CTX_set_error(ctx, -5);
  24306. X509_STORE_CTX_set_error(NULL, -5);
  24307. X509_STORE_CTX_free(ctx);
  24308. #ifdef OPENSSL_ALL
  24309. sk_X509_free(sk);
  24310. #endif
  24311. X509_STORE_free(str);
  24312. X509_free(x509);
  24313. AssertNotNull(ctx = X509_STORE_CTX_new());
  24314. X509_STORE_CTX_set_verify_cb(ctx, verify_cb);
  24315. X509_STORE_CTX_free(ctx);
  24316. #ifdef OPENSSL_ALL
  24317. /* test X509_STORE_CTX_get(1)_chain */
  24318. AssertNotNull((x509 = X509_load_certificate_file(svrCertFile,
  24319. SSL_FILETYPE_PEM)));
  24320. AssertNotNull((x5092 = X509_load_certificate_file(cliCertFile,
  24321. SSL_FILETYPE_PEM)));
  24322. AssertNotNull((sk = sk_X509_new()));
  24323. AssertIntEQ(sk_X509_push(sk, x509), 1);
  24324. AssertNotNull((str = X509_STORE_new()));
  24325. AssertNotNull((ctx = X509_STORE_CTX_new()));
  24326. AssertIntEQ(X509_STORE_CTX_init(ctx, str, x5092, sk), 1);
  24327. AssertNull((sk2 = X509_STORE_CTX_get_chain(NULL)));
  24328. AssertNotNull((sk2 = X509_STORE_CTX_get_chain(ctx)));
  24329. AssertIntEQ(sk_num(sk2), 1); /* sanity, make sure chain has 1 cert */
  24330. AssertNull((sk3 = X509_STORE_CTX_get1_chain(NULL)));
  24331. AssertNotNull((sk3 = X509_STORE_CTX_get1_chain(ctx)));
  24332. AssertIntEQ(sk_num(sk3), 1); /* sanity, make sure chain has 1 cert */
  24333. X509_STORE_CTX_free(ctx);
  24334. X509_STORE_free(str);
  24335. /* CTX certs not freed yet */
  24336. X509_free(x5092);
  24337. sk_X509_free(sk);
  24338. /* sk3 is dup so free here */
  24339. sk_X509_free(sk3);
  24340. #endif
  24341. /* test X509_STORE_CTX_get/set_ex_data */
  24342. {
  24343. int i = 0, tmpData = 5;
  24344. void* tmpDataRet;
  24345. AssertNotNull(ctx = X509_STORE_CTX_new());
  24346. #if defined(HAVE_EX_DATA) || defined(FORTRESS)
  24347. for (i = 0; i < MAX_EX_DATA; i++) {
  24348. AssertIntEQ(X509_STORE_CTX_set_ex_data(ctx, i, &tmpData),
  24349. WOLFSSL_SUCCESS);
  24350. tmpDataRet = (int*)X509_STORE_CTX_get_ex_data(ctx, i);
  24351. AssertNotNull(tmpDataRet);
  24352. AssertIntEQ(tmpData, *(int*)tmpDataRet);
  24353. }
  24354. #else
  24355. AssertIntEQ(X509_STORE_CTX_set_ex_data(ctx, i, &tmpData),
  24356. WOLFSSL_FAILURE);
  24357. tmpDataRet = (int*)X509_STORE_CTX_get_ex_data(ctx, i);
  24358. AssertNull(tmpDataRet);
  24359. #endif
  24360. X509_STORE_CTX_free(ctx);
  24361. }
  24362. /* test X509_STORE_get/set_ex_data */
  24363. {
  24364. int i = 0, tmpData = 99;
  24365. void* tmpDataRet;
  24366. AssertNotNull(str = X509_STORE_new());
  24367. #if defined(HAVE_EX_DATA)
  24368. for (i = 0; i < MAX_EX_DATA; i++) {
  24369. AssertIntEQ(X509_STORE_set_ex_data(str, i, &tmpData),
  24370. WOLFSSL_SUCCESS);
  24371. tmpDataRet = (int*)X509_STORE_get_ex_data(str, i);
  24372. AssertNotNull(tmpDataRet);
  24373. AssertIntEQ(tmpData, *(int*)tmpDataRet);
  24374. }
  24375. #else
  24376. AssertIntEQ(X509_STORE_set_ex_data(str, i, &tmpData),
  24377. WOLFSSL_FAILURE);
  24378. tmpDataRet = (int*)X509_STORE_get_ex_data(str, i);
  24379. AssertNull(tmpDataRet);
  24380. #endif
  24381. X509_STORE_free(str);
  24382. }
  24383. printf(resultFmt, passed);
  24384. #endif /* defined(OPENSSL_EXTRA) && !defined(NO_CERTS) && \
  24385. !defined(NO_FILESYSTEM) && !defined(NO_RSA) */
  24386. }
  24387. static void test_wolfSSL_X509_STORE_set_flags(void)
  24388. {
  24389. #if defined(OPENSSL_EXTRA) && !defined(NO_CERTS) && \
  24390. !defined(NO_FILESYSTEM) && !defined(NO_RSA)
  24391. X509_STORE* store;
  24392. X509* x509;
  24393. printf(testingFmt, "wolfSSL_X509_STORE_set_flags()");
  24394. AssertNotNull((store = wolfSSL_X509_STORE_new()));
  24395. AssertNotNull((x509 =
  24396. wolfSSL_X509_load_certificate_file(svrCertFile, WOLFSSL_FILETYPE_PEM)));
  24397. AssertIntEQ(X509_STORE_add_cert(store, x509), WOLFSSL_SUCCESS);
  24398. #ifdef HAVE_CRL
  24399. AssertIntEQ(X509_STORE_set_flags(store, WOLFSSL_CRL_CHECKALL), WOLFSSL_SUCCESS);
  24400. #else
  24401. AssertIntEQ(X509_STORE_set_flags(store, WOLFSSL_CRL_CHECKALL),
  24402. NOT_COMPILED_IN);
  24403. #endif
  24404. wolfSSL_X509_free(x509);
  24405. wolfSSL_X509_STORE_free(store);
  24406. printf(resultFmt, passed);
  24407. #endif /* defined(OPENSSL_EXTRA) && !defined(NO_CERTS) && \
  24408. !defined(NO_FILESYSTEM) && !defined(NO_RSA) */
  24409. }
  24410. static void test_wolfSSL_X509_LOOKUP_load_file(void)
  24411. {
  24412. #if defined(OPENSSL_EXTRA) && defined(HAVE_CRL) && \
  24413. !defined(NO_FILESYSTEM) && !defined(NO_RSA) && \
  24414. (!defined(NO_WOLFSSL_CLIENT) || !defined(WOLFSSL_NO_CLIENT_AUTH))
  24415. WOLFSSL_X509_STORE* store;
  24416. WOLFSSL_X509_LOOKUP* lookup;
  24417. printf(testingFmt, "wolfSSL_X509_LOOKUP_load_file()");
  24418. AssertNotNull(store = wolfSSL_X509_STORE_new());
  24419. AssertNotNull(lookup = X509_STORE_add_lookup(store, X509_LOOKUP_file()));
  24420. AssertIntEQ(wolfSSL_X509_LOOKUP_load_file(lookup, "certs/client-ca.pem",
  24421. X509_FILETYPE_PEM), 1);
  24422. AssertIntEQ(wolfSSL_X509_LOOKUP_load_file(lookup, "certs/crl/crl2.pem",
  24423. X509_FILETYPE_PEM), 1);
  24424. if (store) {
  24425. AssertIntEQ(wolfSSL_CertManagerVerify(store->cm, cliCertFile,
  24426. WOLFSSL_FILETYPE_PEM), 1);
  24427. AssertIntEQ(wolfSSL_CertManagerVerify(store->cm, svrCertFile,
  24428. WOLFSSL_FILETYPE_PEM), ASN_NO_SIGNER_E);
  24429. }
  24430. AssertIntEQ(wolfSSL_X509_LOOKUP_load_file(lookup, "certs/ca-cert.pem",
  24431. X509_FILETYPE_PEM), 1);
  24432. if (store) {
  24433. AssertIntEQ(wolfSSL_CertManagerVerify(store->cm, svrCertFile,
  24434. WOLFSSL_FILETYPE_PEM), 1);
  24435. }
  24436. wolfSSL_X509_STORE_free(store);
  24437. printf(resultFmt, passed);
  24438. #endif /* defined(OPENSSL_EXTRA) && defined(HAVE_CRL) && \
  24439. !defined(NO_FILESYSTEM) && !defined(NO_RSA) */
  24440. }
  24441. static void test_wolfSSL_X509_STORE_CTX_set_time(void)
  24442. {
  24443. #if defined(OPENSSL_EXTRA)
  24444. WOLFSSL_X509_STORE_CTX* ctx;
  24445. time_t c_time;
  24446. printf(testingFmt, "wolfSSL_X509_set_time()");
  24447. AssertNotNull(ctx = wolfSSL_X509_STORE_CTX_new());
  24448. c_time = 365*24*60*60;
  24449. wolfSSL_X509_STORE_CTX_set_time(ctx, 0, c_time);
  24450. AssertTrue(
  24451. (ctx->param->flags & WOLFSSL_USE_CHECK_TIME) == WOLFSSL_USE_CHECK_TIME);
  24452. AssertTrue(ctx->param->check_time == c_time);
  24453. wolfSSL_X509_STORE_CTX_free(ctx);
  24454. printf(resultFmt, passed);
  24455. #endif /* OPENSSL_EXTRA */
  24456. }
  24457. static void test_wolfSSL_CTX_get0_set1_param(void)
  24458. {
  24459. #if defined(OPENSSL_EXTRA)
  24460. int ret;
  24461. SSL_CTX* ctx;
  24462. WOLFSSL_X509_VERIFY_PARAM* pParam;
  24463. WOLFSSL_X509_VERIFY_PARAM* pvpm;
  24464. char testIPv4[] = "127.0.0.1";
  24465. char testhostName[] = "foo.hoge.com";
  24466. printf(testingFmt, "wolfSSL_CTX_get0_set1_param()");
  24467. #ifndef NO_WOLFSSL_SERVER
  24468. AssertNotNull(ctx = SSL_CTX_new(wolfSSLv23_server_method()));
  24469. #else
  24470. AssertNotNull(ctx = SSL_CTX_new(wolfSSLv23_client_method()));
  24471. #endif
  24472. AssertNotNull(pParam = SSL_CTX_get0_param(ctx));
  24473. pvpm = (WOLFSSL_X509_VERIFY_PARAM *)XMALLOC(
  24474. sizeof(WOLFSSL_X509_VERIFY_PARAM), NULL, DYNAMIC_TYPE_OPENSSL);
  24475. AssertNotNull(pvpm);
  24476. XMEMSET(pvpm, 0, sizeof(WOLFSSL_X509_VERIFY_PARAM));
  24477. wolfSSL_X509_VERIFY_PARAM_set1_host(pvpm, testhostName,
  24478. (int)XSTRLEN(testhostName));
  24479. wolfSSL_X509_VERIFY_PARAM_set1_ip_asc(pvpm, testIPv4);
  24480. wolfSSL_X509_VERIFY_PARAM_set_hostflags(pvpm, 0x01);
  24481. ret = SSL_CTX_set1_param(ctx, pvpm);
  24482. AssertIntEQ(1, ret);
  24483. AssertIntEQ(0, XSTRNCMP(pParam->hostName, testhostName,
  24484. (int)XSTRLEN(testhostName)));
  24485. AssertIntEQ(0x01, pParam->hostFlags);
  24486. AssertIntEQ(0, XSTRNCMP(pParam->ipasc, testIPv4, WOLFSSL_MAX_IPSTR));
  24487. SSL_CTX_free(ctx);
  24488. XFREE(pvpm, NULL, DYNAMIC_TYPE_OPENSSL);
  24489. printf(resultFmt, passed);
  24490. #endif /* OPENSSL_EXTRA && !defined(NO_RSA)*/
  24491. }
  24492. static void test_wolfSSL_get0_param(void)
  24493. {
  24494. #if defined(OPENSSL_EXTRA) && !defined(NO_RSA)
  24495. SSL_CTX* ctx;
  24496. SSL* ssl;
  24497. WOLFSSL_X509_VERIFY_PARAM* pParam;
  24498. printf(testingFmt, "wolfSSL_get0_param()");
  24499. #ifndef NO_WOLFSSL_SERVER
  24500. AssertNotNull(ctx = SSL_CTX_new(wolfSSLv23_server_method()));
  24501. #else
  24502. AssertNotNull(ctx = SSL_CTX_new(wolfSSLv23_client_method()));
  24503. #endif
  24504. AssertTrue(SSL_CTX_use_certificate_file(ctx, svrCertFile, SSL_FILETYPE_PEM));
  24505. AssertTrue(SSL_CTX_use_PrivateKey_file(ctx, svrKeyFile, SSL_FILETYPE_PEM));
  24506. AssertNotNull(ssl = SSL_new(ctx));
  24507. pParam = SSL_get0_param(ssl);
  24508. (void)pParam;
  24509. SSL_free(ssl);
  24510. SSL_CTX_free(ctx);
  24511. printf(resultFmt, passed);
  24512. #endif /* OPENSSL_EXTRA && !defined(NO_RSA)*/
  24513. }
  24514. static void test_wolfSSL_X509_VERIFY_PARAM_set1_host(void)
  24515. {
  24516. #if defined(OPENSSL_EXTRA)
  24517. const char host[] = "www.example.com";
  24518. WOLFSSL_X509_VERIFY_PARAM* pParam;
  24519. printf(testingFmt, "wolfSSL_X509_VERIFY_PARAM_set1_host()");
  24520. AssertNotNull(pParam = (WOLFSSL_X509_VERIFY_PARAM*)XMALLOC(
  24521. sizeof(WOLFSSL_X509_VERIFY_PARAM),
  24522. HEAP_HINT, DYNAMIC_TYPE_OPENSSL));
  24523. XMEMSET(pParam, 0, sizeof(WOLFSSL_X509_VERIFY_PARAM));
  24524. X509_VERIFY_PARAM_set1_host(pParam, host, sizeof(host));
  24525. AssertIntEQ(XMEMCMP(pParam->hostName, host, sizeof(host)), 0);
  24526. XMEMSET(pParam, 0, sizeof(WOLFSSL_X509_VERIFY_PARAM));
  24527. AssertIntNE(XMEMCMP(pParam->hostName, host, sizeof(host)), 0);
  24528. XFREE(pParam, HEAP_HINT, DYNAMIC_TYPE_OPENSSL);
  24529. printf(resultFmt, passed);
  24530. #endif /* OPENSSL_EXTRA */
  24531. }
  24532. static void test_wolfSSL_X509_STORE_CTX_get0_store(void)
  24533. {
  24534. #if defined(OPENSSL_EXTRA)
  24535. X509_STORE* store;
  24536. X509_STORE_CTX* ctx;
  24537. X509_STORE_CTX* ctx_no_init;
  24538. printf(testingFmt, "wolfSSL_X509_STORE_CTX_get0_store()");
  24539. AssertNotNull((store = X509_STORE_new()));
  24540. AssertNotNull(ctx = X509_STORE_CTX_new());
  24541. AssertNotNull(ctx_no_init = X509_STORE_CTX_new());
  24542. AssertIntEQ(X509_STORE_CTX_init(ctx, store, NULL, NULL), SSL_SUCCESS);
  24543. AssertNull(X509_STORE_CTX_get0_store(NULL));
  24544. /* should return NULL if ctx has not bee initialized */
  24545. AssertNull(X509_STORE_CTX_get0_store(ctx_no_init));
  24546. AssertNotNull(X509_STORE_CTX_get0_store(ctx));
  24547. wolfSSL_X509_STORE_CTX_free(ctx);
  24548. wolfSSL_X509_STORE_CTX_free(ctx_no_init);
  24549. X509_STORE_free(store);
  24550. printf(resultFmt, passed);
  24551. #endif /* OPENSSL_EXTRA */
  24552. }
  24553. static void test_wolfSSL_CTX_set_client_CA_list(void)
  24554. {
  24555. #if defined(OPENSSL_ALL) && !defined(NO_RSA) && !defined(NO_CERTS) && \
  24556. !defined(NO_WOLFSSL_CLIENT) && !defined(NO_BIO)
  24557. WOLFSSL_CTX* ctx;
  24558. X509_NAME* name = NULL;
  24559. STACK_OF(X509_NAME)* names = NULL;
  24560. STACK_OF(X509_NAME)* ca_list = NULL;
  24561. int i, names_len;
  24562. printf(testingFmt, "wolfSSL_CTX_set_client_CA_list()");
  24563. AssertNotNull(ctx = wolfSSL_CTX_new(wolfSSLv23_client_method()));
  24564. names = SSL_load_client_CA_file(cliCertFile);
  24565. AssertNotNull(names);
  24566. SSL_CTX_set_client_CA_list(ctx,names);
  24567. AssertNotNull(ca_list = SSL_CTX_get_client_CA_list(ctx));
  24568. AssertIntGT((names_len = sk_X509_NAME_num(names)), 0);
  24569. for (i=0; i<names_len; i++) {
  24570. AssertNotNull(name = sk_X509_NAME_value(names, i));
  24571. AssertIntEQ(sk_X509_NAME_find(names, name), i);
  24572. }
  24573. wolfSSL_CTX_free(ctx);
  24574. printf(resultFmt, passed);
  24575. #endif /* OPENSSL_EXTRA && !NO_RSA && !NO_CERTS && !NO_WOLFSSL_CLIENT && !NO_BIO */
  24576. }
  24577. static void test_wolfSSL_CTX_add_client_CA(void)
  24578. {
  24579. #if defined(OPENSSL_EXTRA) && !defined(NO_RSA) && !defined(NO_CERTS) && \
  24580. !defined(NO_WOLFSSL_CLIENT)
  24581. WOLFSSL_CTX* ctx;
  24582. WOLFSSL_X509* x509;
  24583. WOLFSSL_X509* x509_a;
  24584. STACK_OF(X509_NAME)* ca_list;
  24585. int ret = 0;
  24586. printf(testingFmt, "wolfSSL_CTX_add_client_CA()");
  24587. AssertNotNull(ctx = SSL_CTX_new(wolfSSLv23_client_method()));
  24588. /* Add client cert */
  24589. x509 = X509_load_certificate_file(cliCertFile, SSL_FILETYPE_PEM);
  24590. AssertNotNull(x509);
  24591. ret = SSL_CTX_add_client_CA(ctx, x509);
  24592. AssertIntEQ(ret, SSL_SUCCESS);
  24593. AssertNotNull(ca_list = SSL_CTX_get_client_CA_list(ctx));
  24594. /* Add another client cert */
  24595. AssertNotNull(x509_a = X509_load_certificate_file(cliCertFile,
  24596. SSL_FILETYPE_PEM));
  24597. AssertIntEQ(SSL_CTX_add_client_CA(ctx, x509_a), SSL_SUCCESS);
  24598. X509_free(x509);
  24599. X509_free(x509_a);
  24600. SSL_CTX_free(ctx);
  24601. printf(resultFmt, passed);
  24602. #endif /* OPENSSL_EXTRA && !NO_RSA && !NO_CERTS && !NO_WOLFSSL_CLIENT */
  24603. }
  24604. static void test_wolfSSL_X509_NID(void)
  24605. {
  24606. #if (defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL)) && \
  24607. !defined(NO_RSA) && defined(USE_CERT_BUFFERS_2048) && !defined(NO_ASN)
  24608. int sigType;
  24609. int nameSz;
  24610. X509* cert;
  24611. EVP_PKEY* pubKeyTmp;
  24612. X509_NAME* name;
  24613. char commonName[80];
  24614. char countryName[80];
  24615. char localityName[80];
  24616. char stateName[80];
  24617. char orgName[80];
  24618. char orgUnit[80];
  24619. printf(testingFmt, "wolfSSL_X509_NID()");
  24620. /* ------ PARSE ORIGINAL SELF-SIGNED CERTIFICATE ------ */
  24621. /* convert cert from DER to internal WOLFSSL_X509 struct */
  24622. AssertNotNull(cert = wolfSSL_X509_d2i(&cert, client_cert_der_2048,
  24623. sizeof_client_cert_der_2048));
  24624. /* ------ EXTRACT CERTIFICATE ELEMENTS ------ */
  24625. /* extract PUBLIC KEY from cert */
  24626. AssertNotNull(pubKeyTmp = X509_get_pubkey(cert));
  24627. /* extract signatureType */
  24628. AssertIntNE((sigType = wolfSSL_X509_get_signature_type(cert)), 0);
  24629. /* extract subjectName info */
  24630. AssertNotNull(name = X509_get_subject_name(cert));
  24631. AssertIntEQ(X509_NAME_get_text_by_NID(name, -1, NULL, 0), -1);
  24632. AssertIntGT((nameSz = X509_NAME_get_text_by_NID(name, NID_commonName,
  24633. NULL, 0)), 0);
  24634. AssertIntEQ(nameSz, 15);
  24635. AssertIntGT((nameSz = X509_NAME_get_text_by_NID(name, NID_commonName,
  24636. commonName, sizeof(commonName))), 0);
  24637. AssertIntEQ(nameSz, 15);
  24638. AssertIntEQ(XMEMCMP(commonName, "www.wolfssl.com", nameSz), 0);
  24639. AssertIntGT((nameSz = X509_NAME_get_text_by_NID(name, NID_commonName,
  24640. commonName, 9)), 0);
  24641. AssertIntEQ(nameSz, 8);
  24642. AssertIntEQ(XMEMCMP(commonName, "www.wolf", nameSz), 0);
  24643. AssertIntGT((nameSz = X509_NAME_get_text_by_NID(name, NID_countryName,
  24644. countryName, sizeof(countryName))), 0);
  24645. AssertIntEQ(XMEMCMP(countryName, "US", nameSz), 0);
  24646. AssertIntGT((nameSz = X509_NAME_get_text_by_NID(name, NID_localityName,
  24647. localityName, sizeof(localityName))), 0);
  24648. AssertIntEQ(XMEMCMP(localityName, "Bozeman", nameSz), 0);
  24649. AssertIntGT((nameSz = X509_NAME_get_text_by_NID(name, NID_stateOrProvinceName,
  24650. stateName, sizeof(stateName))), 0);
  24651. AssertIntEQ(XMEMCMP(stateName, "Montana", nameSz), 0);
  24652. AssertIntGT((nameSz = X509_NAME_get_text_by_NID(name, NID_organizationName,
  24653. orgName, sizeof(orgName))), 0);
  24654. AssertIntEQ(XMEMCMP(orgName, "wolfSSL_2048", nameSz), 0);
  24655. AssertIntGT((nameSz = X509_NAME_get_text_by_NID(name, NID_organizationalUnitName,
  24656. orgUnit, sizeof(orgUnit))), 0);
  24657. AssertIntEQ(XMEMCMP(orgUnit, "Programming-2048", nameSz), 0);
  24658. EVP_PKEY_free(pubKeyTmp);
  24659. X509_free(cert);
  24660. printf(resultFmt, passed);
  24661. #endif
  24662. }
  24663. static void test_wolfSSL_CTX_set_srp_username(void)
  24664. {
  24665. #if defined(OPENSSL_EXTRA) && defined(WOLFCRYPT_HAVE_SRP) \
  24666. && !defined(NO_SHA256) && !defined(WC_NO_RNG)
  24667. WOLFSSL_CTX* ctx;
  24668. WOLFSSL* ssl;
  24669. const char *username = "TESTUSER";
  24670. const char *password = "TESTPASSWORD";
  24671. int r;
  24672. printf(testingFmt, "wolfSSL_CTX_set_srp_username()");
  24673. ctx = wolfSSL_CTX_new(wolfSSLv23_client_method());
  24674. AssertNotNull(ctx);
  24675. r = wolfSSL_CTX_set_srp_username(ctx, (char *)username);
  24676. AssertIntEQ(r,SSL_SUCCESS);
  24677. wolfSSL_CTX_free(ctx);
  24678. ctx = wolfSSL_CTX_new(wolfSSLv23_client_method());
  24679. AssertNotNull(ctx);
  24680. r = wolfSSL_CTX_set_srp_password(ctx, (char *)password);
  24681. AssertIntEQ(r,SSL_SUCCESS);
  24682. r = wolfSSL_CTX_set_srp_username(ctx, (char *)username);
  24683. AssertIntEQ(r,SSL_SUCCESS);
  24684. AssertNotNull(ssl = SSL_new(ctx));
  24685. AssertNotNull(SSL_get_srp_username(ssl));
  24686. AssertStrEQ(SSL_get_srp_username(ssl), username);
  24687. wolfSSL_free(ssl);
  24688. wolfSSL_CTX_free(ctx);
  24689. printf(resultFmt, passed);
  24690. #endif /* OPENSSL_EXTRA && WOLFCRYPT_HAVE_SRP */
  24691. /* && !NO_SHA256 && !WC_NO_RNG */
  24692. }
  24693. static void test_wolfSSL_CTX_set_srp_password(void)
  24694. {
  24695. #if defined(OPENSSL_EXTRA) && defined(WOLFCRYPT_HAVE_SRP) \
  24696. && !defined(NO_SHA256) && !defined(WC_NO_RNG)
  24697. WOLFSSL_CTX* ctx;
  24698. const char *username = "TESTUSER";
  24699. const char *password = "TESTPASSWORD";
  24700. int r;
  24701. printf(testingFmt, "wolfSSL_CTX_set_srp_password()");
  24702. ctx = wolfSSL_CTX_new(wolfSSLv23_client_method());
  24703. AssertNotNull(ctx);
  24704. r = wolfSSL_CTX_set_srp_password(ctx, (char *)password);
  24705. AssertIntEQ(r,SSL_SUCCESS);
  24706. wolfSSL_CTX_free(ctx);
  24707. ctx = wolfSSL_CTX_new(wolfSSLv23_client_method());
  24708. AssertNotNull(ctx);
  24709. r = wolfSSL_CTX_set_srp_username(ctx, (char *)username);
  24710. AssertIntEQ(r,SSL_SUCCESS);
  24711. r = wolfSSL_CTX_set_srp_password(ctx, (char *)password);
  24712. AssertIntEQ(r,SSL_SUCCESS);
  24713. wolfSSL_CTX_free(ctx);
  24714. printf(resultFmt, passed);
  24715. #endif /* OPENSSL_EXTRA && WOLFCRYPT_HAVE_SRP */
  24716. /* && !NO_SHA256 && !WC_NO_RNG */
  24717. }
  24718. static void test_wolfSSL_X509_STORE(void)
  24719. {
  24720. #if defined(OPENSSL_EXTRA) && !defined(NO_RSA)
  24721. X509_STORE *store;
  24722. #ifdef HAVE_CRL
  24723. X509_STORE_CTX *storeCtx;
  24724. X509_CRL *crl;
  24725. X509 *ca, *cert;
  24726. const char crlPem[] = "./certs/crl/crl.revoked";
  24727. const char srvCert[] = "./certs/server-revoked-cert.pem";
  24728. const char caCert[] = "./certs/ca-cert.pem";
  24729. XFILE fp;
  24730. printf(testingFmt, "test_wolfSSL_X509_STORE");
  24731. AssertNotNull(store = (X509_STORE *)X509_STORE_new());
  24732. AssertNotNull((ca = wolfSSL_X509_load_certificate_file(caCert,
  24733. SSL_FILETYPE_PEM)));
  24734. AssertIntEQ(X509_STORE_add_cert(store, ca), SSL_SUCCESS);
  24735. AssertNotNull((cert = wolfSSL_X509_load_certificate_file(srvCert,
  24736. SSL_FILETYPE_PEM)));
  24737. AssertNotNull((storeCtx = X509_STORE_CTX_new()));
  24738. AssertIntEQ(X509_STORE_CTX_init(storeCtx, store, cert, NULL), SSL_SUCCESS);
  24739. AssertIntEQ(X509_verify_cert(storeCtx), SSL_SUCCESS);
  24740. X509_STORE_free(store);
  24741. X509_STORE_CTX_free(storeCtx);
  24742. X509_free(cert);
  24743. X509_free(ca);
  24744. /* should fail to verify now after adding in CRL */
  24745. AssertNotNull(store = (X509_STORE *)X509_STORE_new());
  24746. AssertNotNull((ca = wolfSSL_X509_load_certificate_file(caCert,
  24747. SSL_FILETYPE_PEM)));
  24748. AssertIntEQ(X509_STORE_add_cert(store, ca), SSL_SUCCESS);
  24749. fp = XFOPEN(crlPem, "rb");
  24750. AssertTrue((fp != XBADFILE));
  24751. AssertNotNull(crl = (X509_CRL *)PEM_read_X509_CRL(fp, (X509_CRL **)NULL,
  24752. NULL, NULL));
  24753. XFCLOSE(fp);
  24754. AssertIntEQ(X509_STORE_add_crl(store, crl), SSL_SUCCESS);
  24755. AssertIntEQ(X509_STORE_set_flags(store, X509_V_FLAG_CRL_CHECK),SSL_SUCCESS);
  24756. AssertNotNull((storeCtx = X509_STORE_CTX_new()));
  24757. AssertNotNull((cert = wolfSSL_X509_load_certificate_file(srvCert,
  24758. SSL_FILETYPE_PEM)));
  24759. AssertIntEQ(X509_STORE_CTX_init(storeCtx, store, cert, NULL), SSL_SUCCESS);
  24760. AssertIntNE(X509_verify_cert(storeCtx), SSL_SUCCESS);
  24761. AssertIntEQ(X509_STORE_CTX_get_error(storeCtx), CRL_CERT_REVOKED);
  24762. X509_CRL_free(crl);
  24763. X509_STORE_free(store);
  24764. X509_STORE_CTX_free(storeCtx);
  24765. X509_free(cert);
  24766. X509_free(ca);
  24767. #endif /* HAVE_CRL */
  24768. #ifndef WOLFCRYPT_ONLY
  24769. {
  24770. SSL_CTX* ctx;
  24771. #ifndef NO_WOLFSSL_SERVER
  24772. AssertNotNull(ctx = SSL_CTX_new(wolfSSLv23_server_method()));
  24773. #else
  24774. AssertNotNull(ctx = SSL_CTX_new(wolfSSLv23_client_method()));
  24775. #endif
  24776. AssertNotNull(store = (X509_STORE *)X509_STORE_new());
  24777. SSL_CTX_set_cert_store(ctx, store);
  24778. AssertNotNull(store = (X509_STORE *)X509_STORE_new());
  24779. SSL_CTX_set_cert_store(ctx, store);
  24780. SSL_CTX_free(ctx);
  24781. }
  24782. #endif
  24783. printf(resultFmt, passed);
  24784. #endif
  24785. return;
  24786. }
  24787. static void test_wolfSSL_X509_STORE_load_locations(void)
  24788. {
  24789. #if (defined(OPENSSL_ALL) || defined(WOLFSSL_APACHE_HTTPD)) && !defined(NO_FILESYSTEM)\
  24790. && !defined(NO_WOLFSSL_DIR)
  24791. SSL_CTX *ctx;
  24792. X509_STORE *store;
  24793. const char ca_file[] = "./certs/ca-cert.pem";
  24794. const char client_pem_file[] = "./certs/client-cert.pem";
  24795. const char client_der_file[] = "./certs/client-cert.der";
  24796. const char ecc_file[] = "./certs/ecc-key.pem";
  24797. const char certs_path[] = "./certs/";
  24798. const char bad_path[] = "./bad-path/";
  24799. #ifdef HAVE_CRL
  24800. const char crl_path[] = "./certs/crl/";
  24801. const char crl_file[] = "./certs/crl/crl.pem";
  24802. #endif
  24803. printf(testingFmt, "wolfSSL_X509_STORE_load_locations");
  24804. #ifndef NO_WOLFSSL_SERVER
  24805. AssertNotNull(ctx = SSL_CTX_new(SSLv23_server_method()));
  24806. #else
  24807. AssertNotNull(ctx = SSL_CTX_new(SSLv23_client_method()));
  24808. #endif
  24809. AssertNotNull(store = SSL_CTX_get_cert_store(ctx));
  24810. AssertIntEQ(wolfSSL_CertManagerLoadCA(store->cm, ca_file, NULL), WOLFSSL_SUCCESS);
  24811. /* Test bad arguments */
  24812. AssertIntEQ(X509_STORE_load_locations(NULL, ca_file, NULL), WOLFSSL_FAILURE);
  24813. AssertIntEQ(X509_STORE_load_locations(store, NULL, NULL), WOLFSSL_FAILURE);
  24814. AssertIntEQ(X509_STORE_load_locations(store, client_der_file, NULL), WOLFSSL_FAILURE);
  24815. AssertIntEQ(X509_STORE_load_locations(store, ecc_file, NULL), WOLFSSL_FAILURE);
  24816. AssertIntEQ(X509_STORE_load_locations(store, NULL, bad_path), WOLFSSL_FAILURE);
  24817. #ifdef HAVE_CRL
  24818. /* Test with CRL */
  24819. AssertIntEQ(X509_STORE_load_locations(store, crl_file, NULL), WOLFSSL_SUCCESS);
  24820. AssertIntEQ(X509_STORE_load_locations(store, NULL, crl_path), WOLFSSL_SUCCESS);
  24821. #endif
  24822. /* Test with CA */
  24823. AssertIntEQ(X509_STORE_load_locations(store, ca_file, NULL), WOLFSSL_SUCCESS);
  24824. /* Test with client_cert and certs path */
  24825. AssertIntEQ(X509_STORE_load_locations(store, client_pem_file, NULL), WOLFSSL_SUCCESS);
  24826. AssertIntEQ(X509_STORE_load_locations(store, NULL, certs_path), WOLFSSL_SUCCESS);
  24827. SSL_CTX_free(ctx);
  24828. printf(resultFmt, passed);
  24829. #endif
  24830. }
  24831. static void test_wolfSSL_BN(void)
  24832. {
  24833. #if defined(OPENSSL_EXTRA) && !defined(NO_ASN)
  24834. BIGNUM* a;
  24835. BIGNUM* b;
  24836. BIGNUM* c;
  24837. BIGNUM* d;
  24838. ASN1_INTEGER* ai;
  24839. unsigned char value[1];
  24840. printf(testingFmt, "wolfSSL_BN()");
  24841. AssertNotNull(b = BN_new());
  24842. AssertNotNull(c = BN_new());
  24843. AssertNotNull(d = BN_new());
  24844. value[0] = 0x03;
  24845. ai = ASN1_INTEGER_new();
  24846. AssertNotNull(ai);
  24847. /* at the moment hard setting since no set function */
  24848. ai->data[0] = 0x02; /* tag for ASN_INTEGER */
  24849. ai->data[1] = 0x01; /* length of integer */
  24850. ai->data[2] = value[0];
  24851. AssertNotNull(a = ASN1_INTEGER_to_BN(ai, NULL));
  24852. ASN1_INTEGER_free(ai);
  24853. value[0] = 0x02;
  24854. AssertNotNull(BN_bin2bn(value, sizeof(value), b));
  24855. value[0] = 0x05;
  24856. AssertNotNull(BN_bin2bn(value, sizeof(value), c));
  24857. /* a^b mod c = */
  24858. AssertIntEQ(BN_mod_exp(d, NULL, b, c, NULL), WOLFSSL_FAILURE);
  24859. AssertIntEQ(BN_mod_exp(d, a, b, c, NULL), WOLFSSL_SUCCESS);
  24860. /* check result 3^2 mod 5 */
  24861. value[0] = 0;
  24862. AssertIntEQ(BN_bn2bin(d, value), sizeof(value));
  24863. AssertIntEQ((int)(value[0]), 4);
  24864. /* a*b mod c = */
  24865. AssertIntEQ(BN_mod_mul(d, NULL, b, c, NULL), SSL_FAILURE);
  24866. AssertIntEQ(BN_mod_mul(d, a, b, c, NULL), SSL_SUCCESS);
  24867. /* check result 3*2 mod 5 */
  24868. value[0] = 0;
  24869. AssertIntEQ(BN_bn2bin(d, value), sizeof(value));
  24870. AssertIntEQ((int)(value[0]), 1);
  24871. /* BN_mod_inverse test */
  24872. value[0] = 0;
  24873. BIGNUM *r = BN_new();
  24874. BIGNUM *val = BN_mod_inverse(r,b,c,NULL);
  24875. AssertIntEQ(BN_bn2bin(r, value), 1);
  24876. AssertIntEQ((int)(value[0] & 0x03), 3);
  24877. BN_free(val);
  24878. #if !defined(WOLFSSL_SP_MATH) && (!defined(WOLFSSL_SP_MATH_ALL) || \
  24879. defined(WOLFSSL_SP_INT_NEGATIVE))
  24880. AssertIntEQ(BN_set_word(a, 1), SSL_SUCCESS);
  24881. AssertIntEQ(BN_set_word(b, 5), SSL_SUCCESS);
  24882. AssertIntEQ(BN_is_word(a, (WOLFSSL_BN_ULONG)BN_get_word(a)), SSL_SUCCESS);
  24883. AssertIntEQ(BN_is_word(a, 3), SSL_FAILURE);
  24884. AssertIntEQ(BN_sub(c, a, b), SSL_SUCCESS);
  24885. #if defined(WOLFSSL_KEY_GEN) || defined(HAVE_COMP_KEY)
  24886. {
  24887. char* ret;
  24888. AssertNotNull(ret = BN_bn2dec(c));
  24889. AssertIntEQ(XMEMCMP(ret, "-4", sizeof("-4")), 0);
  24890. XFREE(ret, NULL, DYNAMIC_TYPE_OPENSSL);
  24891. }
  24892. #endif
  24893. AssertIntEQ(BN_get_word(c), 4);
  24894. #endif
  24895. BN_free(a);
  24896. BN_free(b);
  24897. BN_free(c);
  24898. BN_clear_free(d);
  24899. /* check that converting NULL and the null string returns an error */
  24900. a = NULL;
  24901. AssertIntLE(BN_hex2bn(&a, NULL), 0);
  24902. AssertIntLE(BN_hex2bn(&a, ""), 0);
  24903. AssertNull(a);
  24904. /* check that getting a string and a bin of the same number are equal,
  24905. * and that the comparison works EQ, LT and GT */
  24906. AssertIntGT(BN_hex2bn(&a, "03"), 0);
  24907. value[0] = 0x03;
  24908. AssertNotNull(b = BN_new());
  24909. AssertNotNull(BN_bin2bn(value, sizeof(value), b));
  24910. value[0] = 0x04;
  24911. AssertNotNull(c = BN_new());
  24912. AssertNotNull(BN_bin2bn(value, sizeof(value), c));
  24913. AssertIntEQ(BN_cmp(a, b), 0);
  24914. AssertIntLT(BN_cmp(a, c), 0);
  24915. AssertIntGT(BN_cmp(c, b), 0);
  24916. AssertIntEQ(BN_set_word(a, 0), 1);
  24917. AssertIntEQ(BN_is_zero(a), 1);
  24918. AssertIntEQ(BN_set_bit(a, 0x45), 1);
  24919. AssertIntEQ(BN_is_zero(a), 0);
  24920. AssertIntEQ(BN_is_bit_set(a, 0x45), 1);
  24921. AssertIntEQ(BN_clear_bit(a, 0x45), 1);
  24922. AssertIntEQ(BN_is_bit_set(a, 0x45), 0);
  24923. AssertIntEQ(BN_is_zero(a), 1);
  24924. BN_free(a);
  24925. BN_free(b);
  24926. BN_free(c);
  24927. #if defined(USE_FAST_MATH) && !defined(HAVE_WOLF_BIGINT)
  24928. {
  24929. BIGNUM *ap;
  24930. BIGNUM bv;
  24931. BIGNUM cv;
  24932. BIGNUM dv;
  24933. AssertNotNull(ap = BN_new());
  24934. BN_init(&bv);
  24935. BN_init(&cv);
  24936. BN_init(&dv);
  24937. value[0] = 0x3;
  24938. AssertNotNull(BN_bin2bn(value, sizeof(value), ap));
  24939. value[0] = 0x02;
  24940. AssertNotNull(BN_bin2bn(value, sizeof(value), &bv));
  24941. value[0] = 0x05;
  24942. AssertNotNull(BN_bin2bn(value, sizeof(value), &cv));
  24943. /* a^b mod c = */
  24944. AssertIntEQ(BN_mod_exp(&dv, NULL, &bv, &cv, NULL), WOLFSSL_FAILURE);
  24945. AssertIntEQ(BN_mod_exp(&dv, ap, &bv, &cv, NULL), WOLFSSL_SUCCESS);
  24946. /* check result 3^2 mod 5 */
  24947. value[0] = 0;
  24948. AssertIntEQ(BN_bn2bin(&dv, value), sizeof(value));
  24949. AssertIntEQ((int)(value[0]), 4);
  24950. /* a*b mod c = */
  24951. AssertIntEQ(BN_mod_mul(&dv, NULL, &bv, &cv, NULL), SSL_FAILURE);
  24952. AssertIntEQ(BN_mod_mul(&dv, ap, &bv, &cv, NULL), SSL_SUCCESS);
  24953. /* check result 3*2 mod 5 */
  24954. value[0] = 0;
  24955. AssertIntEQ(BN_bn2bin(&dv, value), sizeof(value));
  24956. AssertIntEQ((int)(value[0]), 1);
  24957. BN_free(ap);
  24958. }
  24959. #endif
  24960. printf(resultFmt, passed);
  24961. #endif /* defined(OPENSSL_EXTRA) && !defined(NO_ASN) */
  24962. }
  24963. #if defined(OPENSSL_EXTRA) && !defined(NO_CERTS) && \
  24964. !defined(NO_FILESYSTEM) && !defined(NO_RSA)
  24965. #define TEST_ARG 0x1234
  24966. static void msg_cb(int write_p, int version, int content_type,
  24967. const void *buf, size_t len, SSL *ssl, void *arg)
  24968. {
  24969. (void)write_p;
  24970. (void)version;
  24971. (void)content_type;
  24972. (void)buf;
  24973. (void)len;
  24974. (void)ssl;
  24975. AssertTrue(arg == (void*)TEST_ARG);
  24976. }
  24977. #endif
  24978. #if defined(OPENSSL_EXTRA) && !defined(NO_CERTS) && \
  24979. !defined(NO_FILESYSTEM) && defined(DEBUG_WOLFSSL) && \
  24980. defined(HAVE_IO_TESTS_DEPENDENCIES) && !defined(NO_WOLFSSL_CLIENT) && \
  24981. !defined(NO_WOLFSSL_SERVER)
  24982. #ifndef SINGLE_THREADED
  24983. #if defined(SESSION_CERTS)
  24984. #include "wolfssl/internal.h"
  24985. #endif
  24986. static int msgCb(SSL_CTX *ctx, SSL *ssl)
  24987. {
  24988. (void) ctx;
  24989. (void) ssl;
  24990. #if defined(OPENSSL_ALL) && defined(SESSION_CERTS)
  24991. STACK_OF(X509)* sk;
  24992. X509* x509;
  24993. int i, num;
  24994. BIO* bio;
  24995. #endif
  24996. printf("\n===== msgcb called ====\n");
  24997. #if defined(SESSION_CERTS) && defined(TEST_PEER_CERT_CHAIN)
  24998. AssertTrue(SSL_get_peer_cert_chain(ssl) != NULL);
  24999. AssertIntEQ(((WOLFSSL_X509_CHAIN *)SSL_get_peer_cert_chain(ssl))->count, 2);
  25000. #endif
  25001. #if defined(OPENSSL_ALL) && defined(SESSION_CERTS)
  25002. bio = BIO_new(BIO_s_file());
  25003. BIO_set_fp(bio, stdout, BIO_NOCLOSE);
  25004. sk = SSL_get_peer_cert_chain(ssl);
  25005. AssertNotNull(sk);
  25006. if (!sk) {
  25007. BIO_free(bio);
  25008. return SSL_FAILURE;
  25009. }
  25010. num = sk_X509_num(sk);
  25011. AssertTrue(num > 0);
  25012. for (i = 0; i < num; i++) {
  25013. x509 = sk_X509_value(sk,i);
  25014. AssertNotNull(x509);
  25015. if (!x509)
  25016. break;
  25017. printf("Certificate at index [%d] = :\n",i);
  25018. X509_print(bio,x509);
  25019. printf("\n\n");
  25020. }
  25021. BIO_free(bio);
  25022. #endif
  25023. return SSL_SUCCESS;
  25024. }
  25025. #endif
  25026. #endif
  25027. static void test_wolfSSL_msgCb(void)
  25028. {
  25029. #if defined(OPENSSL_EXTRA) && !defined(NO_CERTS) && \
  25030. !defined(NO_FILESYSTEM) && defined(DEBUG_WOLFSSL) && \
  25031. defined(HAVE_IO_TESTS_DEPENDENCIES) && !defined(NO_WOLFSSL_CLIENT) && \
  25032. !defined(NO_WOLFSSL_SERVER)
  25033. tcp_ready ready;
  25034. func_args client_args;
  25035. func_args server_args;
  25036. #ifndef SINGLE_THREADED
  25037. THREAD_TYPE serverThread;
  25038. #endif
  25039. callback_functions client_cb;
  25040. callback_functions server_cb;
  25041. printf(testingFmt, "test_wolfSSL_msgCb");
  25042. /* create a failed connection and inspect the error */
  25043. #ifdef WOLFSSL_TIRTOS
  25044. fdOpenSession(Task_self());
  25045. #endif
  25046. XMEMSET(&client_args, 0, sizeof(func_args));
  25047. XMEMSET(&server_args, 0, sizeof(func_args));
  25048. StartTCP();
  25049. InitTcpReady(&ready);
  25050. XMEMSET(&client_cb, 0, sizeof(callback_functions));
  25051. XMEMSET(&server_cb, 0, sizeof(callback_functions));
  25052. #ifndef WOLFSSL_NO_TLS12
  25053. client_cb.method = wolfTLSv1_2_client_method;
  25054. server_cb.method = wolfTLSv1_2_server_method;
  25055. #else
  25056. client_cb.method = wolfTLSv1_3_client_method;
  25057. server_cb.method = wolfTLSv1_3_server_method;
  25058. #endif
  25059. server_args.signal = &ready;
  25060. server_args.callbacks = &server_cb;
  25061. client_args.signal = &ready;
  25062. client_args.callbacks = &client_cb;
  25063. client_args.return_code = TEST_FAIL;
  25064. #ifndef SINGLE_THREADED
  25065. start_thread(test_server_nofail, &server_args, &serverThread);
  25066. wait_tcp_ready(&server_args);
  25067. test_client_nofail(&client_args, (void *)msgCb);
  25068. join_thread(serverThread);
  25069. #endif
  25070. FreeTcpReady(&ready);
  25071. #ifndef SINGLE_THREADED
  25072. AssertTrue(client_args.return_code);
  25073. AssertTrue(server_args.return_code);
  25074. #endif
  25075. #ifdef WOLFSSL_TIRTOS
  25076. fdOpenSession(Task_self());
  25077. #endif
  25078. printf(resultFmt, passed);
  25079. #endif
  25080. }
  25081. static void test_wolfSSL_either_side(void)
  25082. {
  25083. #if (defined(OPENSSL_EXTRA) || defined(WOLFSSL_EITHER_SIDE)) && \
  25084. !defined(NO_FILESYSTEM) && defined(HAVE_IO_TESTS_DEPENDENCIES) && \
  25085. !defined(NO_WOLFSSL_CLIENT) && !defined(NO_WOLFSSL_SERVER)
  25086. tcp_ready ready;
  25087. func_args client_args;
  25088. func_args server_args;
  25089. #ifndef SINGLE_THREADED
  25090. THREAD_TYPE serverThread;
  25091. #endif
  25092. callback_functions client_cb;
  25093. callback_functions server_cb;
  25094. printf(testingFmt, "test_wolfSSL_either_side");
  25095. /* create a failed connection and inspect the error */
  25096. #ifdef WOLFSSL_TIRTOS
  25097. fdOpenSession(Task_self());
  25098. #endif
  25099. XMEMSET(&client_args, 0, sizeof(func_args));
  25100. XMEMSET(&server_args, 0, sizeof(func_args));
  25101. StartTCP();
  25102. InitTcpReady(&ready);
  25103. XMEMSET(&client_cb, 0, sizeof(callback_functions));
  25104. XMEMSET(&server_cb, 0, sizeof(callback_functions));
  25105. /* Use different CTX for client and server */
  25106. client_cb.ctx = wolfSSL_CTX_new(wolfSSLv23_method());
  25107. AssertNotNull(client_cb.ctx);
  25108. server_cb.ctx = wolfSSL_CTX_new(wolfSSLv23_method());
  25109. AssertNotNull(server_cb.ctx);
  25110. /* we are responsible for free'ing WOLFSSL_CTX */
  25111. server_cb.isSharedCtx = client_cb.isSharedCtx = 1;
  25112. server_args.signal = &ready;
  25113. server_args.callbacks = &server_cb;
  25114. client_args.signal = &ready;
  25115. client_args.callbacks = &client_cb;
  25116. client_args.return_code = TEST_FAIL;
  25117. #ifndef SINGLE_THREADED
  25118. start_thread(test_server_nofail, &server_args, &serverThread);
  25119. wait_tcp_ready(&server_args);
  25120. test_client_nofail(&client_args, NULL);
  25121. join_thread(serverThread);
  25122. #endif
  25123. wolfSSL_CTX_free(client_cb.ctx);
  25124. wolfSSL_CTX_free(server_cb.ctx);
  25125. FreeTcpReady(&ready);
  25126. #ifndef SINGLE_THREADED
  25127. AssertTrue(client_args.return_code);
  25128. AssertTrue(server_args.return_code);
  25129. #endif
  25130. #ifdef WOLFSSL_TIRTOS
  25131. fdOpenSession(Task_self());
  25132. #endif
  25133. printf(resultFmt, passed);
  25134. #endif
  25135. }
  25136. static void test_wolfSSL_DTLS_either_side(void)
  25137. {
  25138. #if (defined(OPENSSL_EXTRA) || defined(WOLFSSL_EITHER_SIDE)) && \
  25139. !defined(NO_FILESYSTEM) && defined(HAVE_IO_TESTS_DEPENDENCIES) && \
  25140. !defined(NO_WOLFSSL_CLIENT) && !defined(NO_WOLFSSL_SERVER) && \
  25141. defined(WOLFSSL_DTLS)
  25142. tcp_ready ready;
  25143. func_args client_args;
  25144. func_args server_args;
  25145. #ifndef SINGLE_THREADED
  25146. THREAD_TYPE serverThread;
  25147. #endif
  25148. callback_functions client_cb;
  25149. callback_functions server_cb;
  25150. printf(testingFmt, "test_wolfSSL_DTLS_either_side");
  25151. /* create a failed connection and inspect the error */
  25152. #ifdef WOLFSSL_TIRTOS
  25153. fdOpenSession(Task_self());
  25154. #endif
  25155. XMEMSET(&client_args, 0, sizeof(func_args));
  25156. XMEMSET(&server_args, 0, sizeof(func_args));
  25157. StartTCP();
  25158. InitTcpReady(&ready);
  25159. XMEMSET(&client_cb, 0, sizeof(callback_functions));
  25160. XMEMSET(&server_cb, 0, sizeof(callback_functions));
  25161. /* Use different CTX for client and server */
  25162. client_cb.ctx = wolfSSL_CTX_new(wolfDTLS_method());
  25163. AssertNotNull(client_cb.ctx);
  25164. server_cb.ctx = wolfSSL_CTX_new(wolfDTLS_method());
  25165. AssertNotNull(server_cb.ctx);
  25166. /* we are responsible for free'ing WOLFSSL_CTX */
  25167. server_cb.isSharedCtx = client_cb.isSharedCtx = 1;
  25168. server_args.signal = &ready;
  25169. server_args.callbacks = &server_cb;
  25170. client_args.signal = &ready;
  25171. client_args.callbacks = &client_cb;
  25172. client_args.return_code = TEST_FAIL;
  25173. #ifndef SINGLE_THREADED
  25174. start_thread(test_server_nofail, &server_args, &serverThread);
  25175. wait_tcp_ready(&server_args);
  25176. test_client_nofail(&client_args, NULL);
  25177. join_thread(serverThread);
  25178. #endif
  25179. wolfSSL_CTX_free(client_cb.ctx);
  25180. wolfSSL_CTX_free(server_cb.ctx);
  25181. FreeTcpReady(&ready);
  25182. #ifndef SINGLE_THREADED
  25183. AssertTrue(client_args.return_code);
  25184. AssertTrue(server_args.return_code);
  25185. #endif
  25186. #ifdef WOLFSSL_TIRTOS
  25187. fdOpenSession(Task_self());
  25188. #endif
  25189. printf(resultFmt, passed);
  25190. #endif
  25191. }
  25192. static void test_generate_cookie(void)
  25193. {
  25194. #if defined(WOLFSSL_DTLS) && defined(OPENSSL_EXTRA)
  25195. SSL_CTX* ctx;
  25196. SSL* ssl;
  25197. byte buf[FOURK_BUF] = {0};
  25198. printf(testingFmt, "test_generate_cookie");
  25199. AssertNotNull(ctx = wolfSSL_CTX_new(wolfDTLS_method()));
  25200. AssertNotNull(ssl = SSL_new(ctx));
  25201. /* Test unconnected */
  25202. AssertIntEQ(EmbedGenerateCookie(ssl, buf, FOURK_BUF, NULL), GEN_COOKIE_E);
  25203. wolfSSL_CTX_SetGenCookie(ctx, EmbedGenerateCookie);
  25204. wolfSSL_SetCookieCtx(ssl, ctx);
  25205. AssertNotNull(wolfSSL_GetCookieCtx(ssl));
  25206. AssertNull(wolfSSL_GetCookieCtx(NULL));
  25207. SSL_free(ssl);
  25208. SSL_CTX_free(ctx);
  25209. printf(resultFmt, passed);
  25210. #endif
  25211. }
  25212. static void test_wolfSSL_set_options(void)
  25213. {
  25214. #if defined(OPENSSL_EXTRA) && !defined(NO_CERTS) && \
  25215. !defined(NO_FILESYSTEM) && !defined(NO_RSA)
  25216. SSL* ssl;
  25217. SSL_CTX* ctx;
  25218. char appData[] = "extra msg";
  25219. unsigned char protos[] = {
  25220. 7, 't', 'l', 's', '/', '1', '.', '2',
  25221. 8, 'h', 't', 't', 'p', '/', '1', '.', '1'
  25222. };
  25223. unsigned int len = sizeof(protos);
  25224. void *arg = (void *)TEST_ARG;
  25225. printf(testingFmt, "wolfSSL_set_options()");
  25226. #ifndef NO_WOLFSSL_SERVER
  25227. AssertNotNull(ctx = SSL_CTX_new(wolfSSLv23_server_method()));
  25228. #else
  25229. AssertNotNull(ctx = SSL_CTX_new(wolfSSLv23_client_method()));
  25230. #endif
  25231. AssertTrue(SSL_CTX_use_certificate_file(ctx, svrCertFile, SSL_FILETYPE_PEM));
  25232. AssertTrue(SSL_CTX_use_PrivateKey_file(ctx, svrKeyFile, SSL_FILETYPE_PEM));
  25233. AssertTrue(SSL_CTX_set_options(ctx, SSL_OP_NO_TLSv1) == SSL_OP_NO_TLSv1);
  25234. AssertTrue(SSL_CTX_get_options(ctx) == SSL_OP_NO_TLSv1);
  25235. AssertIntGT((int)SSL_CTX_set_options(ctx, (SSL_OP_COOKIE_EXCHANGE |
  25236. SSL_OP_NO_SSLv2)), 0);
  25237. AssertTrue((SSL_CTX_set_options(ctx, SSL_OP_COOKIE_EXCHANGE) &
  25238. SSL_OP_COOKIE_EXCHANGE) == SSL_OP_COOKIE_EXCHANGE);
  25239. AssertTrue((SSL_CTX_set_options(ctx, SSL_OP_NO_TLSv1_2) &
  25240. SSL_OP_NO_TLSv1_2) == SSL_OP_NO_TLSv1_2);
  25241. AssertTrue((SSL_CTX_set_options(ctx, SSL_OP_NO_COMPRESSION) &
  25242. SSL_OP_NO_COMPRESSION) == SSL_OP_NO_COMPRESSION);
  25243. AssertNull((SSL_CTX_clear_options(ctx, SSL_OP_NO_COMPRESSION) &
  25244. SSL_OP_NO_COMPRESSION));
  25245. SSL_CTX_free(ctx);
  25246. #ifndef NO_WOLFSSL_SERVER
  25247. ctx = SSL_CTX_new(wolfSSLv23_server_method());
  25248. AssertNotNull(ctx);
  25249. #else
  25250. ctx = SSL_CTX_new(wolfSSLv23_client_method());
  25251. AssertNotNull(ctx);
  25252. #endif
  25253. AssertTrue(SSL_CTX_use_certificate_file(ctx, svrCertFile, SSL_FILETYPE_PEM));
  25254. AssertTrue(SSL_CTX_use_PrivateKey_file(ctx, svrKeyFile, SSL_FILETYPE_PEM));
  25255. AssertNotNull(ssl = SSL_new(ctx));
  25256. #if defined(HAVE_EX_DATA) || defined(FORTRESS)
  25257. AssertIntEQ(SSL_set_app_data(ssl, (void*)appData), SSL_SUCCESS);
  25258. AssertNotNull(SSL_get_app_data((const WOLFSSL*)ssl));
  25259. if (ssl) {
  25260. AssertIntEQ(XMEMCMP(SSL_get_app_data((const WOLFSSL*)ssl),
  25261. appData, sizeof(appData)), 0);
  25262. }
  25263. #else
  25264. AssertIntEQ(SSL_set_app_data(ssl, (void*)appData), SSL_FAILURE);
  25265. AssertNull(SSL_get_app_data((const WOLFSSL*)ssl));
  25266. #endif
  25267. AssertTrue(SSL_set_options(ssl, SSL_OP_NO_TLSv1) == SSL_OP_NO_TLSv1);
  25268. AssertTrue(SSL_get_options(ssl) == SSL_OP_NO_TLSv1);
  25269. AssertIntGT((int)SSL_set_options(ssl, (SSL_OP_COOKIE_EXCHANGE |
  25270. WOLFSSL_OP_NO_SSLv2)), 0);
  25271. AssertTrue((SSL_set_options(ssl, SSL_OP_COOKIE_EXCHANGE) &
  25272. SSL_OP_COOKIE_EXCHANGE) == SSL_OP_COOKIE_EXCHANGE);
  25273. AssertTrue((SSL_set_options(ssl, SSL_OP_NO_TLSv1_2) &
  25274. SSL_OP_NO_TLSv1_2) == SSL_OP_NO_TLSv1_2);
  25275. AssertTrue((SSL_set_options(ssl, SSL_OP_NO_COMPRESSION) &
  25276. SSL_OP_NO_COMPRESSION) == SSL_OP_NO_COMPRESSION);
  25277. AssertNull((SSL_clear_options(ssl, SSL_OP_NO_COMPRESSION) &
  25278. SSL_OP_NO_COMPRESSION));
  25279. AssertTrue(SSL_set_msg_callback(ssl, msg_cb) == SSL_SUCCESS);
  25280. SSL_set_msg_callback_arg(ssl, arg);
  25281. AssertTrue(SSL_CTX_set_alpn_protos(ctx, protos, len) == SSL_SUCCESS);
  25282. SSL_free(ssl);
  25283. SSL_CTX_free(ctx);
  25284. printf(resultFmt, passed);
  25285. #endif /* defined(OPENSSL_EXTRA) && !defined(NO_CERTS) && \
  25286. !defined(NO_FILESYSTEM) && !defined(NO_RSA) */
  25287. }
  25288. static void test_wolfSSL_sk_SSL_CIPHER(void)
  25289. {
  25290. #if defined(OPENSSL_ALL) && !defined(NO_CERTS) && \
  25291. !defined(NO_FILESYSTEM) && !defined(NO_RSA)
  25292. SSL* ssl;
  25293. SSL_CTX* ctx;
  25294. STACK_OF(SSL_CIPHER) *sk, *dup;
  25295. printf(testingFmt, "wolfSSL_sk_SSL_CIPHER_*()");
  25296. #ifndef NO_WOLFSSL_SERVER
  25297. AssertNotNull(ctx = SSL_CTX_new(wolfSSLv23_server_method()));
  25298. #else
  25299. AssertNotNull(ctx = SSL_CTX_new(wolfSSLv23_client_method()));
  25300. #endif
  25301. AssertTrue(SSL_CTX_use_certificate_file(ctx, svrCertFile, SSL_FILETYPE_PEM));
  25302. AssertTrue(SSL_CTX_use_PrivateKey_file(ctx, svrKeyFile, SSL_FILETYPE_PEM));
  25303. AssertNotNull(ssl = SSL_new(ctx));
  25304. AssertNotNull(sk = SSL_get_ciphers(ssl));
  25305. AssertNotNull(dup = sk_SSL_CIPHER_dup(sk));
  25306. AssertIntGT(sk_SSL_CIPHER_num(sk), 0);
  25307. AssertIntEQ(sk_SSL_CIPHER_num(sk), sk_SSL_CIPHER_num(dup));
  25308. /* error case because connection has not been established yet */
  25309. AssertIntEQ(sk_SSL_CIPHER_find(sk, SSL_get_current_cipher(ssl)), -1);
  25310. sk_SSL_CIPHER_free(dup);
  25311. /* sk is pointer to internal struct that should be free'd in SSL_free */
  25312. SSL_free(ssl);
  25313. SSL_CTX_free(ctx);
  25314. printf(resultFmt, passed);
  25315. #endif /* defined(OPENSSL_EXTRA) && !defined(NO_CERTS) && \
  25316. !defined(NO_FILESYSTEM) && !defined(NO_RSA) */
  25317. }
  25318. /* Testing wolfSSL_set_tlsext_status_type function.
  25319. * PRE: OPENSSL and HAVE_CERTIFICATE_STATUS_REQUEST defined.
  25320. */
  25321. static void test_wolfSSL_set_tlsext_status_type(void){
  25322. #if defined(OPENSSL_EXTRA) && defined(HAVE_CERTIFICATE_STATUS_REQUEST) && \
  25323. !defined(NO_RSA) && !defined(NO_WOLFSSL_SERVER)
  25324. SSL* ssl;
  25325. SSL_CTX* ctx;
  25326. printf(testingFmt, "wolfSSL_set_tlsext_status_type()");
  25327. AssertNotNull(ctx = SSL_CTX_new(wolfSSLv23_server_method()));
  25328. AssertTrue(SSL_CTX_use_certificate_file(ctx, svrCertFile, SSL_FILETYPE_PEM));
  25329. AssertTrue(SSL_CTX_use_PrivateKey_file(ctx, svrKeyFile, SSL_FILETYPE_PEM));
  25330. AssertNotNull(ssl = SSL_new(ctx));
  25331. AssertTrue(SSL_set_tlsext_status_type(ssl,TLSEXT_STATUSTYPE_ocsp)
  25332. == SSL_SUCCESS);
  25333. SSL_free(ssl);
  25334. SSL_CTX_free(ctx);
  25335. #endif /* OPENSSL_EXTRA && HAVE_CERTIFICATE_STATUS_REQUEST && !NO_RSA */
  25336. }
  25337. #ifndef NO_BIO
  25338. static void test_wolfSSL_PEM_read_bio(void)
  25339. {
  25340. #if defined(OPENSSL_EXTRA) && !defined(NO_CERTS) && \
  25341. !defined(NO_FILESYSTEM) && !defined(NO_RSA)
  25342. byte buff[6000];
  25343. XFILE f;
  25344. int bytes;
  25345. X509* x509;
  25346. BIO* bio = NULL;
  25347. BUF_MEM* buf;
  25348. printf(testingFmt, "wolfSSL_PEM_read_bio()");
  25349. f = XFOPEN(cliCertFile, "rb");
  25350. AssertTrue((f != XBADFILE));
  25351. bytes = (int)XFREAD(buff, 1, sizeof(buff), f);
  25352. XFCLOSE(f);
  25353. AssertNull(x509 = PEM_read_bio_X509_AUX(bio, NULL, NULL, NULL));
  25354. AssertNotNull(bio = BIO_new_mem_buf((void*)buff, bytes));
  25355. AssertNotNull(x509 = PEM_read_bio_X509_AUX(bio, NULL, NULL, NULL));
  25356. AssertIntEQ((int)BIO_set_fd(bio, 0, BIO_CLOSE), 1);
  25357. AssertIntEQ(BIO_set_close(bio, BIO_NOCLOSE), 1);
  25358. AssertIntEQ(BIO_set_close(NULL, BIO_NOCLOSE), 1);
  25359. AssertIntEQ(SSL_SUCCESS, BIO_get_mem_ptr(bio, &buf));
  25360. BIO_free(bio);
  25361. BUF_MEM_free(buf);
  25362. X509_free(x509);
  25363. printf(resultFmt, passed);
  25364. #endif /* defined(OPENSSL_EXTRA) && !defined(NO_CERTS) && \
  25365. !defined(NO_FILESYSTEM) && !defined(NO_RSA) */
  25366. }
  25367. #if defined(OPENSSL_EXTRA)
  25368. static long bioCallback(BIO *bio, int cmd, const char* argp, int argi,
  25369. long argl, long ret)
  25370. {
  25371. (void)bio;
  25372. (void)cmd;
  25373. (void)argp;
  25374. (void)argi;
  25375. (void)argl;
  25376. return ret;
  25377. }
  25378. #endif
  25379. static void test_wolfSSL_BIO(void)
  25380. {
  25381. #if defined(OPENSSL_EXTRA)
  25382. const unsigned char* p;
  25383. byte buff[20];
  25384. BIO* bio1;
  25385. BIO* bio2;
  25386. BIO* bio3;
  25387. char* bufPt;
  25388. int i;
  25389. printf(testingFmt, "wolfSSL_BIO()");
  25390. for (i = 0; i < 20; i++) {
  25391. buff[i] = i;
  25392. }
  25393. /* Creating and testing type BIO_s_bio */
  25394. AssertNotNull(bio1 = BIO_new(BIO_s_bio()));
  25395. AssertNotNull(bio2 = BIO_new(BIO_s_bio()));
  25396. AssertNotNull(bio3 = BIO_new(BIO_s_bio()));
  25397. /* read/write before set up */
  25398. AssertIntEQ(BIO_read(bio1, buff, 2), WOLFSSL_BIO_UNSET);
  25399. AssertIntEQ(BIO_write(bio1, buff, 2), WOLFSSL_BIO_UNSET);
  25400. AssertIntEQ(BIO_set_nbio(bio1, 1), 1);
  25401. AssertIntEQ(BIO_set_write_buf_size(bio1, 20), WOLFSSL_SUCCESS);
  25402. AssertIntEQ(BIO_set_write_buf_size(bio2, 8), WOLFSSL_SUCCESS);
  25403. AssertIntEQ(BIO_make_bio_pair(bio1, bio2), WOLFSSL_SUCCESS);
  25404. AssertIntEQ(BIO_nwrite(bio1, &bufPt, 10), 10);
  25405. XMEMCPY(bufPt, buff, 10);
  25406. AssertIntEQ(BIO_write(bio1, buff + 10, 10), 10);
  25407. /* write buffer full */
  25408. AssertIntEQ(BIO_write(bio1, buff, 10), WOLFSSL_BIO_ERROR);
  25409. AssertIntEQ(BIO_flush(bio1), WOLFSSL_SUCCESS);
  25410. AssertIntEQ((int)BIO_ctrl_pending(bio1), 0);
  25411. /* write the other direction with pair */
  25412. AssertIntEQ((int)BIO_nwrite(bio2, &bufPt, 10), 8);
  25413. XMEMCPY(bufPt, buff, 8);
  25414. AssertIntEQ(BIO_write(bio2, buff, 10), WOLFSSL_BIO_ERROR);
  25415. /* try read */
  25416. AssertIntEQ((int)BIO_ctrl_pending(bio1), 8);
  25417. AssertIntEQ((int)BIO_ctrl_pending(bio2), 20);
  25418. /* try read using ctrl function */
  25419. AssertIntEQ((int)BIO_ctrl(bio1, BIO_CTRL_WPENDING, 0, NULL), 8);
  25420. AssertIntEQ((int)BIO_ctrl(bio1, BIO_CTRL_PENDING, 0, NULL), 8);
  25421. AssertIntEQ((int)BIO_ctrl(bio2, BIO_CTRL_WPENDING, 0, NULL), 20);
  25422. AssertIntEQ((int)BIO_ctrl(bio2, BIO_CTRL_PENDING, 0, NULL), 20);
  25423. AssertIntEQ(BIO_nread(bio2, &bufPt, (int)BIO_ctrl_pending(bio2)), 20);
  25424. for (i = 0; i < 20; i++) {
  25425. AssertIntEQ((int)bufPt[i], i);
  25426. }
  25427. AssertIntEQ(BIO_nread(bio2, &bufPt, 1), WOLFSSL_BIO_ERROR);
  25428. AssertIntEQ(BIO_nread(bio1, &bufPt, (int)BIO_ctrl_pending(bio1)), 8);
  25429. for (i = 0; i < 8; i++) {
  25430. AssertIntEQ((int)bufPt[i], i);
  25431. }
  25432. AssertIntEQ(BIO_nread(bio1, &bufPt, 1), WOLFSSL_BIO_ERROR);
  25433. AssertIntEQ(BIO_ctrl_reset_read_request(bio1), 1);
  25434. /* new pair */
  25435. AssertIntEQ(BIO_make_bio_pair(bio1, bio3), WOLFSSL_FAILURE);
  25436. BIO_free(bio2); /* free bio2 and automatically remove from pair */
  25437. AssertIntEQ(BIO_make_bio_pair(bio1, bio3), WOLFSSL_SUCCESS);
  25438. AssertIntEQ((int)BIO_ctrl_pending(bio3), 0);
  25439. AssertIntEQ(BIO_nread(bio3, &bufPt, 10), WOLFSSL_BIO_ERROR);
  25440. /* test wrap around... */
  25441. AssertIntEQ(BIO_reset(bio1), 0);
  25442. AssertIntEQ(BIO_reset(bio3), 0);
  25443. /* fill write buffer, read only small amount then write again */
  25444. AssertIntEQ(BIO_nwrite(bio1, &bufPt, 20), 20);
  25445. XMEMCPY(bufPt, buff, 20);
  25446. AssertIntEQ(BIO_nread(bio3, &bufPt, 4), 4);
  25447. for (i = 0; i < 4; i++) {
  25448. AssertIntEQ(bufPt[i], i);
  25449. }
  25450. /* try writing over read index */
  25451. AssertIntEQ(BIO_nwrite(bio1, &bufPt, 5), 4);
  25452. XMEMSET(bufPt, 0, 4);
  25453. AssertIntEQ((int)BIO_ctrl_pending(bio3), 20);
  25454. /* read and write 0 bytes */
  25455. AssertIntEQ(BIO_nread(bio3, &bufPt, 0), 0);
  25456. AssertIntEQ(BIO_nwrite(bio1, &bufPt, 0), 0);
  25457. /* should read only to end of write buffer then need to read again */
  25458. AssertIntEQ(BIO_nread(bio3, &bufPt, 20), 16);
  25459. for (i = 0; i < 16; i++) {
  25460. AssertIntEQ(bufPt[i], buff[4 + i]);
  25461. }
  25462. AssertIntEQ(BIO_nread(bio3, NULL, 0), WOLFSSL_FAILURE);
  25463. AssertIntEQ(BIO_nread0(bio3, &bufPt), 4);
  25464. for (i = 0; i < 4; i++) {
  25465. AssertIntEQ(bufPt[i], 0);
  25466. }
  25467. /* read index should not have advanced with nread0 */
  25468. AssertIntEQ(BIO_nread(bio3, &bufPt, 5), 4);
  25469. for (i = 0; i < 4; i++) {
  25470. AssertIntEQ(bufPt[i], 0);
  25471. }
  25472. /* write and fill up buffer checking reset of index state */
  25473. AssertIntEQ(BIO_nwrite(bio1, &bufPt, 20), 20);
  25474. XMEMCPY(bufPt, buff, 20);
  25475. /* test reset on data in bio1 write buffer */
  25476. AssertIntEQ(BIO_reset(bio1), 0);
  25477. AssertIntEQ((int)BIO_ctrl_pending(bio3), 0);
  25478. AssertIntEQ(BIO_nread(bio3, &bufPt, 3), WOLFSSL_BIO_ERROR);
  25479. AssertIntEQ(BIO_nwrite(bio1, &bufPt, 20), 20);
  25480. AssertIntEQ((int)BIO_ctrl(bio1, BIO_CTRL_INFO, 0, &p), 20);
  25481. AssertNotNull(p);
  25482. XMEMCPY(bufPt, buff, 20);
  25483. AssertIntEQ(BIO_nread(bio3, &bufPt, 6), 6);
  25484. for (i = 0; i < 6; i++) {
  25485. AssertIntEQ(bufPt[i], i);
  25486. }
  25487. /* test case of writing twice with offset read index */
  25488. AssertIntEQ(BIO_nwrite(bio1, &bufPt, 3), 3);
  25489. AssertIntEQ(BIO_nwrite(bio1, &bufPt, 4), 3); /* try overwriting */
  25490. AssertIntEQ(BIO_nwrite(bio1, &bufPt, 4), WOLFSSL_BIO_ERROR);
  25491. AssertIntEQ(BIO_nread(bio3, &bufPt, 0), 0);
  25492. AssertIntEQ(BIO_nwrite(bio1, &bufPt, 4), WOLFSSL_BIO_ERROR);
  25493. AssertIntEQ(BIO_nread(bio3, &bufPt, 1), 1);
  25494. AssertIntEQ(BIO_nwrite(bio1, &bufPt, 4), 1);
  25495. AssertIntEQ(BIO_nwrite(bio1, &bufPt, 4), WOLFSSL_BIO_ERROR);
  25496. BIO_free(bio1);
  25497. BIO_free(bio3);
  25498. #if defined(OPENSSL_ALL) || defined(WOLFSSL_ASIO)
  25499. {
  25500. BIO* bioA = NULL;
  25501. BIO* bioB = NULL;
  25502. AssertIntEQ(BIO_new_bio_pair(NULL, 256, NULL, 256), BAD_FUNC_ARG);
  25503. AssertIntEQ(BIO_new_bio_pair(&bioA, 256, &bioB, 256), WOLFSSL_SUCCESS);
  25504. BIO_free(bioA);
  25505. bioA = NULL;
  25506. BIO_free(bioB);
  25507. bioB = NULL;
  25508. }
  25509. #endif /* OPENSSL_ALL || WOLFSSL_ASIO */
  25510. /* BIOs with file pointers */
  25511. #if !defined(NO_FILESYSTEM)
  25512. {
  25513. XFILE f1;
  25514. XFILE f2;
  25515. BIO* f_bio1;
  25516. BIO* f_bio2;
  25517. unsigned char cert[300];
  25518. char testFile[] = "tests/bio_write_test.txt";
  25519. char msg[] = "bio_write_test.txt contains the first 300 bytes of certs/server-cert.pem\ncreated by tests/unit.test\n\n";
  25520. AssertNotNull(f_bio1 = BIO_new(BIO_s_file()));
  25521. AssertNotNull(f_bio2 = BIO_new(BIO_s_file()));
  25522. AssertIntEQ((int)BIO_set_mem_eof_return(f_bio1, -1), 0);
  25523. AssertIntEQ((int)BIO_set_mem_eof_return(NULL, -1), 0);
  25524. f1 = XFOPEN(svrCertFile, "rwb");
  25525. AssertTrue((f1 != XBADFILE));
  25526. AssertIntEQ((int)BIO_set_fp(f_bio1, f1, BIO_CLOSE), WOLFSSL_SUCCESS);
  25527. AssertIntEQ(BIO_write_filename(f_bio2, testFile),
  25528. WOLFSSL_SUCCESS);
  25529. AssertIntEQ(BIO_read(f_bio1, cert, sizeof(cert)), sizeof(cert));
  25530. AssertIntEQ(BIO_tell(f_bio1),sizeof(cert));
  25531. AssertIntEQ(BIO_write(f_bio2, msg, sizeof(msg)), sizeof(msg));
  25532. AssertIntEQ(BIO_tell(f_bio2),sizeof(msg));
  25533. AssertIntEQ(BIO_write(f_bio2, cert, sizeof(cert)), sizeof(cert));
  25534. AssertIntEQ(BIO_tell(f_bio2),sizeof(cert) + sizeof(msg));
  25535. AssertIntEQ((int)BIO_get_fp(f_bio2, &f2), WOLFSSL_SUCCESS);
  25536. AssertIntEQ(BIO_reset(f_bio2), 0);
  25537. AssertIntEQ(BIO_tell(NULL),-1);
  25538. AssertIntEQ(BIO_tell(f_bio2),0);
  25539. AssertIntEQ(BIO_seek(f_bio2, 4), 0);
  25540. AssertIntEQ(BIO_tell(f_bio2),4);
  25541. BIO_free(f_bio1);
  25542. BIO_free(f_bio2);
  25543. AssertNotNull(f_bio1 = BIO_new_file(svrCertFile, "rwb"));
  25544. AssertIntEQ((int)BIO_set_mem_eof_return(f_bio1, -1), 0);
  25545. AssertIntEQ(BIO_read(f_bio1, cert, sizeof(cert)), sizeof(cert));
  25546. BIO_free(f_bio1);
  25547. }
  25548. #endif /* !defined(NO_FILESYSTEM) */
  25549. /* BIO info callback */
  25550. {
  25551. const char* testArg = "test";
  25552. BIO* cb_bio;
  25553. AssertNotNull(cb_bio = BIO_new(BIO_s_mem()));
  25554. BIO_set_callback(cb_bio, bioCallback);
  25555. AssertNotNull(BIO_get_callback(cb_bio));
  25556. BIO_set_callback(cb_bio, NULL);
  25557. AssertNull(BIO_get_callback(cb_bio));
  25558. BIO_set_callback_arg(cb_bio, (char*)testArg);
  25559. AssertStrEQ(BIO_get_callback_arg(cb_bio), testArg);
  25560. AssertNull(BIO_get_callback_arg(NULL));
  25561. BIO_free(cb_bio);
  25562. }
  25563. /* BIO_vfree */
  25564. AssertNotNull(bio1 = BIO_new(BIO_s_bio()));
  25565. BIO_vfree(NULL);
  25566. BIO_vfree(bio1);
  25567. printf(resultFmt, passed);
  25568. #endif
  25569. }
  25570. #endif /* !NO_BIO */
  25571. static void test_wolfSSL_ASN1_STRING(void)
  25572. {
  25573. #if defined(OPENSSL_EXTRA)
  25574. ASN1_STRING* str = NULL;
  25575. const char data[] = "hello wolfSSL";
  25576. printf(testingFmt, "wolfSSL_ASN1_STRING()");
  25577. AssertNotNull(str = ASN1_STRING_type_new(V_ASN1_OCTET_STRING));
  25578. AssertIntEQ(ASN1_STRING_type(str), V_ASN1_OCTET_STRING);
  25579. AssertIntEQ(ASN1_STRING_set(str, (const void*)data, sizeof(data)), 1);
  25580. AssertIntEQ(ASN1_STRING_set(str, (const void*)data, -1), 1);
  25581. AssertIntEQ(ASN1_STRING_set(str, NULL, -1), 0);
  25582. ASN1_STRING_free(str);
  25583. printf(resultFmt, passed);
  25584. #endif
  25585. }
  25586. static void test_wolfSSL_ASN1_BIT_STRING(void)
  25587. {
  25588. #ifdef OPENSSL_ALL
  25589. ASN1_BIT_STRING* str;
  25590. printf(testingFmt, "test_wolfSSL_ASN1_BIT_STRING()");
  25591. AssertNotNull(str = ASN1_BIT_STRING_new());
  25592. AssertIntEQ(ASN1_BIT_STRING_set_bit(str, 42, 1), 1);
  25593. AssertIntEQ(ASN1_BIT_STRING_get_bit(str, 42), 1);
  25594. AssertIntEQ(ASN1_BIT_STRING_get_bit(str, 41), 0);
  25595. AssertIntEQ(ASN1_BIT_STRING_set_bit(str, 84, 1), 1);
  25596. AssertIntEQ(ASN1_BIT_STRING_get_bit(str, 84), 1);
  25597. AssertIntEQ(ASN1_BIT_STRING_get_bit(str, 83), 0);
  25598. ASN1_BIT_STRING_free(str);
  25599. printf(resultFmt, passed);
  25600. #endif
  25601. }
  25602. static void test_wolfSSL_a2i_ASN1_INTEGER(void)
  25603. {
  25604. #ifdef OPENSSL_EXTRA
  25605. BIO *bio, *out;
  25606. ASN1_INTEGER* ai;
  25607. char buf[] = "123456\n12345\n112345678912345678901234567890\n";
  25608. char tmp[1024];
  25609. int tmpSz;
  25610. const char expected1[] = "123456";
  25611. const char expected2[] = "112345678912345678901234567890";
  25612. printf(testingFmt, "test_wolfSSL_a2i_ASN1_INTEGER()");
  25613. AssertNotNull(bio = BIO_new_mem_buf(buf, -1));
  25614. AssertNotNull(out = BIO_new(BIO_s_mem()));
  25615. AssertNotNull(ai = ASN1_INTEGER_new());
  25616. /* read first line */
  25617. AssertIntEQ(a2i_ASN1_INTEGER(bio, ai, tmp, 1024), SSL_SUCCESS);
  25618. AssertIntEQ(i2a_ASN1_INTEGER(out, ai), 6);
  25619. XMEMSET(tmp, 0, 1024);
  25620. tmpSz = BIO_read(out, tmp, 1024);
  25621. AssertIntEQ(tmpSz, 6);
  25622. AssertIntEQ(XMEMCMP(tmp, expected1, tmpSz), 0);
  25623. /* fail on second line (not % 2) */
  25624. AssertIntNE(a2i_ASN1_INTEGER(bio, ai, tmp, 1024), SSL_SUCCESS);
  25625. /* read 3rd long line */
  25626. AssertIntEQ(a2i_ASN1_INTEGER(bio, ai, tmp, 1024), SSL_SUCCESS);
  25627. AssertIntEQ(i2a_ASN1_INTEGER(out, ai), 30);
  25628. XMEMSET(tmp, 0, 1024);
  25629. tmpSz = BIO_read(out, tmp, 1024);
  25630. AssertIntEQ(tmpSz, 30);
  25631. AssertIntEQ(XMEMCMP(tmp, expected2, tmpSz), 0);
  25632. BIO_free(out);
  25633. BIO_free(bio);
  25634. ASN1_INTEGER_free(ai);
  25635. printf(resultFmt, passed);
  25636. #endif
  25637. }
  25638. static void test_wolfSSL_DES_ecb_encrypt(void)
  25639. {
  25640. #if defined(OPENSSL_EXTRA) && !defined(NO_DES3) && defined(WOLFSSL_DES_ECB)
  25641. WOLFSSL_DES_cblock input1,input2,output1,output2,back1,back2;
  25642. WOLFSSL_DES_key_schedule key;
  25643. printf(testingFmt, "wolfSSL_DES_ecb_encrypt()");
  25644. XMEMCPY(key,"12345678",sizeof(WOLFSSL_DES_key_schedule));
  25645. XMEMCPY(input1, "Iamhuman",sizeof(WOLFSSL_DES_cblock));
  25646. XMEMCPY(input2, "Whoisit?",sizeof(WOLFSSL_DES_cblock));
  25647. XMEMSET(output1, 0, sizeof(WOLFSSL_DES_cblock));
  25648. XMEMSET(output2, 0, sizeof(WOLFSSL_DES_cblock));
  25649. XMEMSET(back1, 0, sizeof(WOLFSSL_DES_cblock));
  25650. XMEMSET(back2, 0, sizeof(WOLFSSL_DES_cblock));
  25651. /* Encrypt messages */
  25652. wolfSSL_DES_ecb_encrypt(&input1,&output1,&key,DES_ENCRYPT);
  25653. wolfSSL_DES_ecb_encrypt(&input2,&output2,&key,DES_ENCRYPT);
  25654. /* Decrypt messages */
  25655. int ret1 = 0;
  25656. int ret2 = 0;
  25657. wolfSSL_DES_ecb_encrypt(&output1,&back1,&key,DES_DECRYPT);
  25658. ret1 = XMEMCMP((unsigned char *) back1,(unsigned char *) input1,sizeof(WOLFSSL_DES_cblock));
  25659. AssertIntEQ(ret1,0);
  25660. wolfSSL_DES_ecb_encrypt(&output2,&back2,&key,DES_DECRYPT);
  25661. ret2 = XMEMCMP((unsigned char *) back2,(unsigned char *) input2,sizeof(WOLFSSL_DES_cblock));
  25662. AssertIntEQ(ret2,0);
  25663. printf(resultFmt, passed);
  25664. #endif
  25665. }
  25666. static void test_wolfSSL_ASN1_TIME_adj(void)
  25667. {
  25668. #if defined(OPENSSL_EXTRA) && !defined(NO_ASN_TIME) \
  25669. && !defined(USER_TIME) && !defined(TIME_OVERRIDES)
  25670. const int year = 365*24*60*60;
  25671. const int day = 24*60*60;
  25672. const int hour = 60*60;
  25673. const int mini = 60;
  25674. const byte asn_utc_time = ASN_UTC_TIME;
  25675. #if !defined(TIME_T_NOT_64BIT) && !defined(NO_64BIT)
  25676. const byte asn_gen_time = ASN_GENERALIZED_TIME;
  25677. #endif
  25678. WOLFSSL_ASN1_TIME *asn_time, *s;
  25679. int offset_day;
  25680. long offset_sec;
  25681. char date_str[CTC_DATE_SIZE + 1];
  25682. time_t t;
  25683. printf(testingFmt, "wolfSSL_ASN1_TIME_adj()");
  25684. s = wolfSSL_ASN1_TIME_new();
  25685. /* UTC notation test */
  25686. /* 2000/2/15 20:30:00 */
  25687. t = (time_t)30 * year + 45 * day + 20 * hour + 30 * mini + 7 * day;
  25688. offset_day = 7;
  25689. offset_sec = 45 * mini;
  25690. /* offset_sec = -45 * min;*/
  25691. AssertNotNull(asn_time =
  25692. wolfSSL_ASN1_TIME_adj(s, t, offset_day, offset_sec));
  25693. AssertTrue(asn_time->type == asn_utc_time);
  25694. XSTRNCPY(date_str, (const char*)&asn_time->data, CTC_DATE_SIZE);
  25695. date_str[CTC_DATE_SIZE] = '\0';
  25696. AssertIntEQ(0, XMEMCMP(date_str, "000222211500Z", 13));
  25697. /* negative offset */
  25698. offset_sec = -45 * mini;
  25699. asn_time = wolfSSL_ASN1_TIME_adj(s, t, offset_day, offset_sec);
  25700. AssertTrue(asn_time->type == asn_utc_time);
  25701. XSTRNCPY(date_str, (const char*)&asn_time->data, CTC_DATE_SIZE);
  25702. date_str[CTC_DATE_SIZE] = '\0';
  25703. AssertIntEQ(0, XMEMCMP(date_str, "000222194500Z", 13));
  25704. XFREE(s, NULL, DYNAMIC_TYPE_OPENSSL);
  25705. XMEMSET(date_str, 0, sizeof(date_str));
  25706. /* Generalized time will overflow time_t if not long */
  25707. #if !defined(TIME_T_NOT_64BIT) && !defined(NO_64BIT)
  25708. s = (WOLFSSL_ASN1_TIME*)XMALLOC(sizeof(WOLFSSL_ASN1_TIME), NULL,
  25709. DYNAMIC_TYPE_OPENSSL);
  25710. /* GeneralizedTime notation test */
  25711. /* 2055/03/01 09:00:00 */
  25712. t = (time_t)85 * year + 59 * day + 9 * hour + 21 * day;
  25713. offset_day = 12;
  25714. offset_sec = 10 * mini;
  25715. asn_time = wolfSSL_ASN1_TIME_adj(s, t, offset_day, offset_sec);
  25716. AssertTrue(asn_time->type == asn_gen_time);
  25717. XSTRNCPY(date_str, (const char*)&asn_time->data, CTC_DATE_SIZE);
  25718. date_str[CTC_DATE_SIZE] = '\0';
  25719. AssertIntEQ(0, XMEMCMP(date_str, "20550313091000Z", 15));
  25720. XFREE(s, NULL, DYNAMIC_TYPE_OPENSSL);
  25721. XMEMSET(date_str, 0, sizeof(date_str));
  25722. #endif /* !TIME_T_NOT_64BIT && !NO_64BIT */
  25723. /* if WOLFSSL_ASN1_TIME struct is not allocated */
  25724. s = NULL;
  25725. t = (time_t)30 * year + 45 * day + 20 * hour + 30 * mini + 15 + 7 * day;
  25726. offset_day = 7;
  25727. offset_sec = 45 * mini;
  25728. asn_time = wolfSSL_ASN1_TIME_adj(s, t, offset_day, offset_sec);
  25729. AssertTrue(asn_time->type == asn_utc_time);
  25730. XSTRNCPY(date_str, (const char*)&asn_time->data, CTC_DATE_SIZE);
  25731. date_str[CTC_DATE_SIZE] = '\0';
  25732. AssertIntEQ(0, XMEMCMP(date_str, "000222211515Z", 13));
  25733. XFREE(asn_time, NULL, DYNAMIC_TYPE_OPENSSL);
  25734. asn_time = wolfSSL_ASN1_TIME_adj(NULL, t, offset_day, offset_sec);
  25735. AssertTrue(asn_time->type == asn_utc_time);
  25736. XSTRNCPY(date_str, (const char*)&asn_time->data, CTC_DATE_SIZE);
  25737. date_str[CTC_DATE_SIZE] = '\0';
  25738. AssertIntEQ(0, XMEMCMP(date_str, "000222211515Z", 13));
  25739. XFREE(asn_time, NULL, DYNAMIC_TYPE_OPENSSL);
  25740. printf(resultFmt, passed);
  25741. #endif
  25742. }
  25743. static void test_wolfSSL_X509_cmp_time(void)
  25744. {
  25745. #if defined(OPENSSL_EXTRA) && !defined(NO_ASN_TIME) \
  25746. && !defined(USER_TIME) && !defined(TIME_OVERRIDES)
  25747. WOLFSSL_ASN1_TIME asn_time;
  25748. time_t t;
  25749. printf(testingFmt, "wolfSSL_X509_cmp_time()");
  25750. AssertIntEQ(0, wolfSSL_X509_cmp_time(NULL, &t));
  25751. XMEMSET(&asn_time, 0, sizeof(WOLFSSL_ASN1_TIME));
  25752. AssertIntEQ(0, wolfSSL_X509_cmp_time(&asn_time, &t));
  25753. AssertIntEQ(ASN1_TIME_set_string(&asn_time, "000222211515Z"), 1);
  25754. AssertIntEQ(-1, wolfSSL_X509_cmp_time(&asn_time, NULL));
  25755. printf(resultFmt, passed);
  25756. #endif
  25757. }
  25758. static void test_wolfSSL_X509_time_adj(void)
  25759. {
  25760. #if defined(OPENSSL_EXTRA) && !defined(NO_ASN_TIME) && \
  25761. !defined(USER_TIME) && !defined(TIME_OVERRIDES) && \
  25762. defined(USE_CERT_BUFFERS_2048) && !defined(NO_RSA) && \
  25763. !defined(NO_ASN_TIME)
  25764. X509* x509;
  25765. time_t t, not_before, not_after;
  25766. printf(testingFmt, "wolfSSL_X509_time_adj()");
  25767. AssertNotNull(x509 = wolfSSL_X509_load_certificate_buffer(
  25768. client_cert_der_2048, sizeof_client_cert_der_2048,
  25769. WOLFSSL_FILETYPE_ASN1));
  25770. t = 0;
  25771. not_before = XTIME(0);
  25772. not_after = XTIME(0) + (60 * 24 * 30); /* 30 days after */
  25773. AssertNotNull(X509_time_adj(X509_get_notBefore(x509), not_before, &t));
  25774. AssertNotNull(X509_time_adj(X509_get_notAfter(x509), not_after, &t));
  25775. X509_free(x509);
  25776. printf(resultFmt, passed);
  25777. #endif
  25778. }
  25779. static void test_wolfSSL_X509(void)
  25780. {
  25781. #if defined(OPENSSL_EXTRA) && !defined(NO_CERTS) && !defined(NO_FILESYSTEM)\
  25782. && !defined(NO_RSA)
  25783. X509* x509;
  25784. #ifndef NO_BIO
  25785. BIO* bio;
  25786. X509_STORE_CTX* ctx;
  25787. X509_STORE* store;
  25788. #endif
  25789. char der[] = "certs/ca-cert.der";
  25790. XFILE fp;
  25791. printf(testingFmt, "wolfSSL_X509()");
  25792. AssertNotNull(x509 = X509_new());
  25793. X509_free(x509);
  25794. #ifndef NO_BIO
  25795. x509 = wolfSSL_X509_load_certificate_file(cliCertFile, SSL_FILETYPE_PEM);
  25796. AssertNotNull(bio = BIO_new(BIO_s_mem()));
  25797. #ifdef WOLFSSL_CERT_GEN
  25798. AssertIntEQ(i2d_X509_bio(bio, x509), SSL_SUCCESS);
  25799. #endif
  25800. AssertNotNull(ctx = X509_STORE_CTX_new());
  25801. AssertIntEQ(X509_verify_cert(ctx), SSL_FATAL_ERROR);
  25802. AssertNotNull(store = X509_STORE_new());
  25803. AssertIntEQ(X509_STORE_add_cert(store, x509), SSL_SUCCESS);
  25804. AssertIntEQ(X509_STORE_CTX_init(ctx, store, x509, NULL), SSL_SUCCESS);
  25805. AssertIntEQ(X509_verify_cert(ctx), SSL_SUCCESS);
  25806. X509_STORE_CTX_free(ctx);
  25807. X509_STORE_free(store);
  25808. X509_free(x509);
  25809. BIO_free(bio);
  25810. #endif
  25811. /** d2i_X509_fp test **/
  25812. fp = XFOPEN(der, "rb");
  25813. AssertTrue((fp != XBADFILE));
  25814. AssertNotNull(x509 = (X509 *)d2i_X509_fp(fp, (X509 **)NULL));
  25815. AssertNotNull(x509);
  25816. X509_free(x509);
  25817. XFCLOSE(fp);
  25818. fp = XFOPEN(der, "rb");
  25819. AssertTrue((fp != XBADFILE));
  25820. AssertNotNull((X509 *)d2i_X509_fp(fp, (X509 **)&x509));
  25821. AssertNotNull(x509);
  25822. X509_free(x509);
  25823. XFCLOSE(fp);
  25824. /* X509_up_ref test */
  25825. AssertIntEQ(X509_up_ref(NULL), 0);
  25826. AssertNotNull(x509 = X509_new()); /* refCount = 1 */
  25827. AssertIntEQ(X509_up_ref(x509), 1); /* refCount = 2 */
  25828. AssertIntEQ(X509_up_ref(x509), 1); /* refCount = 3 */
  25829. X509_free(x509); /* refCount = 2 */
  25830. X509_free(x509); /* refCount = 1 */
  25831. X509_free(x509); /* refCount = 0, free */
  25832. printf(resultFmt, passed);
  25833. #endif
  25834. }
  25835. static void test_wolfSSL_X509_get_ext_count(void)
  25836. {
  25837. #if defined(OPENSSL_ALL) && !defined(NO_CERTS) && !defined(NO_FILESYSTEM)
  25838. int ret = 0;
  25839. WOLFSSL_X509* x509;
  25840. const char ocspRootCaFile[] = "./certs/ocsp/root-ca-cert.pem";
  25841. FILE* f;
  25842. printf(testingFmt, "wolfSSL_X509_get_ext_count()");
  25843. /* NULL parameter check */
  25844. AssertIntEQ(X509_get_ext_count(NULL), WOLFSSL_FAILURE);
  25845. AssertNotNull(x509 = wolfSSL_X509_load_certificate_file(svrCertFile,
  25846. SSL_FILETYPE_PEM));
  25847. AssertIntEQ(X509_get_ext_count(x509), 5);
  25848. wolfSSL_X509_free(x509);
  25849. AssertNotNull(x509 = wolfSSL_X509_load_certificate_file(ocspRootCaFile,
  25850. SSL_FILETYPE_PEM));
  25851. AssertIntEQ(X509_get_ext_count(x509), 5);
  25852. wolfSSL_X509_free(x509);
  25853. AssertNotNull(f = fopen("./certs/server-cert.pem", "rb"));
  25854. AssertNotNull(x509 = wolfSSL_PEM_read_X509(f, NULL, NULL, NULL));
  25855. fclose(f);
  25856. printf(testingFmt, "wolfSSL_X509_get_ext_count() valid input");
  25857. AssertIntEQ((ret = wolfSSL_X509_get_ext_count(x509)), 5);
  25858. printf(resultFmt, ret == 4 ? passed : failed);
  25859. printf(testingFmt, "wolfSSL_X509_get_ext_count() NULL argument");
  25860. AssertIntEQ((ret = wolfSSL_X509_get_ext_count(NULL)), WOLFSSL_FAILURE);
  25861. printf(resultFmt, ret == WOLFSSL_FAILURE ? passed : failed);
  25862. wolfSSL_X509_free(x509);
  25863. printf(resultFmt, passed);
  25864. #endif
  25865. }
  25866. static void test_wolfSSL_X509_sign2(void)
  25867. {
  25868. #if defined(OPENSSL_EXTRA) && !defined(NO_CERTS) && \
  25869. defined(WOLFSSL_CERT_GEN) && defined(WOLFSSL_ALT_NAMES) && \
  25870. defined(WOLFSSL_CERT_EXT) && \
  25871. (defined(WOLFSSL_QT) || defined(OPENSSL_ALL) || defined(WOLFSSL_IP_ALT_NAME))
  25872. WOLFSSL_X509 *x509, *ca;
  25873. const unsigned char *der;
  25874. const unsigned char *pt;
  25875. WOLFSSL_EVP_PKEY *priv;
  25876. WOLFSSL_X509_NAME *name;
  25877. WOLFSSL_ASN1_TIME *notBefore, *notAfter;
  25878. int derSz;
  25879. const int year = 365*24*60*60;
  25880. const int day = 24*60*60;
  25881. const int hour = 60*60;
  25882. const int mini = 60;
  25883. time_t t;
  25884. const unsigned char expected[] = {
  25885. 0x30, 0x82, 0x04, 0x25, 0x30, 0x82, 0x03, 0x0D,
  25886. 0xA0, 0x03, 0x02, 0x01, 0x02, 0x02, 0x09, 0x00,
  25887. 0xF1, 0x5C, 0x99, 0x43, 0x66, 0x3D, 0x96, 0x04,
  25888. 0x30, 0x0D, 0x06, 0x09, 0x2A, 0x86, 0x48, 0x86,
  25889. 0xF7, 0x0D, 0x01, 0x01, 0x0B, 0x05, 0x00, 0x30,
  25890. 0x81, 0x94, 0x31, 0x0B, 0x30, 0x09, 0x06, 0x03,
  25891. 0x55, 0x04, 0x06, 0x13, 0x02, 0x55, 0x53, 0x31,
  25892. 0x10, 0x30, 0x0E, 0x06, 0x03, 0x55, 0x04, 0x08,
  25893. 0x0C, 0x07, 0x4D, 0x6F, 0x6E, 0x74, 0x61, 0x6E,
  25894. 0x61, 0x31, 0x10, 0x30, 0x0E, 0x06, 0x03, 0x55,
  25895. 0x04, 0x07, 0x0C, 0x07, 0x42, 0x6F, 0x7A, 0x65,
  25896. 0x6D, 0x61, 0x6E, 0x31, 0x11, 0x30, 0x0F, 0x06,
  25897. 0x03, 0x55, 0x04, 0x0A, 0x0C, 0x08, 0x53, 0x61,
  25898. 0x77, 0x74, 0x6F, 0x6F, 0x74, 0x68, 0x31, 0x13,
  25899. 0x30, 0x11, 0x06, 0x03, 0x55, 0x04, 0x0B, 0x0C,
  25900. 0x0A, 0x43, 0x6F, 0x6E, 0x73, 0x75, 0x6C, 0x74,
  25901. 0x69, 0x6E, 0x67, 0x31, 0x18, 0x30, 0x16, 0x06,
  25902. 0x03, 0x55, 0x04, 0x03, 0x0C, 0x0F, 0x77, 0x77,
  25903. 0x77, 0x2E, 0x77, 0x6F, 0x6C, 0x66, 0x73, 0x73,
  25904. 0x6C, 0x2E, 0x63, 0x6F, 0x6D, 0x31, 0x1F, 0x30,
  25905. 0x1D, 0x06, 0x09, 0x2A, 0x86, 0x48, 0x86, 0xF7,
  25906. 0x0D, 0x01, 0x09, 0x01, 0x16, 0x10, 0x69, 0x6E,
  25907. 0x66, 0x6F, 0x40, 0x77, 0x6F, 0x6C, 0x66, 0x73,
  25908. 0x73, 0x6C, 0x2E, 0x63, 0x6F, 0x6D, 0x30, 0x1E,
  25909. 0x17, 0x0D, 0x30, 0x30, 0x30, 0x32, 0x31, 0x35,
  25910. 0x32, 0x30, 0x33, 0x30, 0x30, 0x30, 0x5A, 0x17,
  25911. 0x0D, 0x30, 0x31, 0x30, 0x32, 0x31, 0x34, 0x32,
  25912. 0x30, 0x33, 0x30, 0x30, 0x30, 0x5A, 0x30, 0x81,
  25913. 0x9E, 0x31, 0x0B, 0x30, 0x09, 0x06, 0x03, 0x55,
  25914. 0x04, 0x06, 0x13, 0x02, 0x55, 0x53, 0x31, 0x10,
  25915. 0x30, 0x0E, 0x06, 0x03, 0x55, 0x04, 0x08, 0x0C,
  25916. 0x07, 0x4D, 0x6F, 0x6E, 0x74, 0x61, 0x6E, 0x61,
  25917. 0x31, 0x10, 0x30, 0x0E, 0x06, 0x03, 0x55, 0x04,
  25918. 0x07, 0x0C, 0x07, 0x42, 0x6F, 0x7A, 0x65, 0x6D,
  25919. 0x61, 0x6E, 0x31, 0x15, 0x30, 0x13, 0x06, 0x03,
  25920. 0x55, 0x04, 0x0A, 0x0C, 0x0C, 0x77, 0x6F, 0x6C,
  25921. 0x66, 0x53, 0x53, 0x4C, 0x5F, 0x32, 0x30, 0x34,
  25922. 0x38, 0x31, 0x19, 0x30, 0x17, 0x06, 0x03, 0x55,
  25923. 0x04, 0x0B, 0x0C, 0x10, 0x50, 0x72, 0x6F, 0x67,
  25924. 0x72, 0x61, 0x6D, 0x6D, 0x69, 0x6E, 0x67, 0x2D,
  25925. 0x32, 0x30, 0x34, 0x38, 0x31, 0x18, 0x30, 0x16,
  25926. 0x06, 0x03, 0x55, 0x04, 0x03, 0x0C, 0x0F, 0x77,
  25927. 0x77, 0x77, 0x2E, 0x77, 0x6F, 0x6C, 0x66, 0x73,
  25928. 0x73, 0x6C, 0x2E, 0x63, 0x6F, 0x6D, 0x31, 0x1F,
  25929. 0x30, 0x1D, 0x06, 0x09, 0x2A, 0x86, 0x48, 0x86,
  25930. 0xF7, 0x0D, 0x01, 0x09, 0x01, 0x16, 0x10, 0x69,
  25931. 0x6E, 0x66, 0x6F, 0x40, 0x77, 0x6F, 0x6C, 0x66,
  25932. 0x73, 0x73, 0x6C, 0x2E, 0x63, 0x6F, 0x6D, 0x30,
  25933. 0x82, 0x01, 0x22, 0x30, 0x0D, 0x06, 0x09, 0x2A,
  25934. 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x01, 0x01,
  25935. 0x05, 0x00, 0x03, 0x82, 0x01, 0x0F, 0x00, 0x30,
  25936. 0x82, 0x01, 0x0A, 0x02, 0x82, 0x01, 0x01, 0x00,
  25937. 0xC3, 0x03, 0xD1, 0x2B, 0xFE, 0x39, 0xA4, 0x32,
  25938. 0x45, 0x3B, 0x53, 0xC8, 0x84, 0x2B, 0x2A, 0x7C,
  25939. 0x74, 0x9A, 0xBD, 0xAA, 0x2A, 0x52, 0x07, 0x47,
  25940. 0xD6, 0xA6, 0x36, 0xB2, 0x07, 0x32, 0x8E, 0xD0,
  25941. 0xBA, 0x69, 0x7B, 0xC6, 0xC3, 0x44, 0x9E, 0xD4,
  25942. 0x81, 0x48, 0xFD, 0x2D, 0x68, 0xA2, 0x8B, 0x67,
  25943. 0xBB, 0xA1, 0x75, 0xC8, 0x36, 0x2C, 0x4A, 0xD2,
  25944. 0x1B, 0xF7, 0x8B, 0xBA, 0xCF, 0x0D, 0xF9, 0xEF,
  25945. 0xEC, 0xF1, 0x81, 0x1E, 0x7B, 0x9B, 0x03, 0x47,
  25946. 0x9A, 0xBF, 0x65, 0xCC, 0x7F, 0x65, 0x24, 0x69,
  25947. 0xA6, 0xE8, 0x14, 0x89, 0x5B, 0xE4, 0x34, 0xF7,
  25948. 0xC5, 0xB0, 0x14, 0x93, 0xF5, 0x67, 0x7B, 0x3A,
  25949. 0x7A, 0x78, 0xE1, 0x01, 0x56, 0x56, 0x91, 0xA6,
  25950. 0x13, 0x42, 0x8D, 0xD2, 0x3C, 0x40, 0x9C, 0x4C,
  25951. 0xEF, 0xD1, 0x86, 0xDF, 0x37, 0x51, 0x1B, 0x0C,
  25952. 0xA1, 0x3B, 0xF5, 0xF1, 0xA3, 0x4A, 0x35, 0xE4,
  25953. 0xE1, 0xCE, 0x96, 0xDF, 0x1B, 0x7E, 0xBF, 0x4E,
  25954. 0x97, 0xD0, 0x10, 0xE8, 0xA8, 0x08, 0x30, 0x81,
  25955. 0xAF, 0x20, 0x0B, 0x43, 0x14, 0xC5, 0x74, 0x67,
  25956. 0xB4, 0x32, 0x82, 0x6F, 0x8D, 0x86, 0xC2, 0x88,
  25957. 0x40, 0x99, 0x36, 0x83, 0xBA, 0x1E, 0x40, 0x72,
  25958. 0x22, 0x17, 0xD7, 0x52, 0x65, 0x24, 0x73, 0xB0,
  25959. 0xCE, 0xEF, 0x19, 0xCD, 0xAE, 0xFF, 0x78, 0x6C,
  25960. 0x7B, 0xC0, 0x12, 0x03, 0xD4, 0x4E, 0x72, 0x0D,
  25961. 0x50, 0x6D, 0x3B, 0xA3, 0x3B, 0xA3, 0x99, 0x5E,
  25962. 0x9D, 0xC8, 0xD9, 0x0C, 0x85, 0xB3, 0xD9, 0x8A,
  25963. 0xD9, 0x54, 0x26, 0xDB, 0x6D, 0xFA, 0xAC, 0xBB,
  25964. 0xFF, 0x25, 0x4C, 0xC4, 0xD1, 0x79, 0xF4, 0x71,
  25965. 0xD3, 0x86, 0x40, 0x18, 0x13, 0xB0, 0x63, 0xB5,
  25966. 0x72, 0x4E, 0x30, 0xC4, 0x97, 0x84, 0x86, 0x2D,
  25967. 0x56, 0x2F, 0xD7, 0x15, 0xF7, 0x7F, 0xC0, 0xAE,
  25968. 0xF5, 0xFC, 0x5B, 0xE5, 0xFB, 0xA1, 0xBA, 0xD3,
  25969. 0x02, 0x03, 0x01, 0x00, 0x01, 0xA3, 0x6E, 0x30,
  25970. 0x6C, 0x30, 0x0C, 0x06, 0x03, 0x55, 0x1D, 0x13,
  25971. 0x04, 0x05, 0x30, 0x03, 0x01, 0x01, 0xFF, 0x30,
  25972. 0x1C, 0x06, 0x03, 0x55, 0x1D, 0x11, 0x04, 0x15,
  25973. 0x30, 0x13, 0x87, 0x04, 0x7F, 0x00, 0x00, 0x01,
  25974. 0x82, 0x0B, 0x65, 0x78, 0x61, 0x6D, 0x70, 0x6C,
  25975. 0x65, 0x2E, 0x63, 0x6F, 0x6D, 0x30, 0x1D, 0x06,
  25976. 0x03, 0x55, 0x1D, 0x0E, 0x04, 0x16, 0x04, 0x14,
  25977. 0x33, 0xD8, 0x45, 0x66, 0xD7, 0x68, 0x87, 0x18,
  25978. 0x7E, 0x54, 0x0D, 0x70, 0x27, 0x91, 0xC7, 0x26,
  25979. 0xD7, 0x85, 0x65, 0xC0, 0x30, 0x1F, 0x06, 0x03,
  25980. 0x55, 0x1D, 0x23, 0x04, 0x18, 0x30, 0x16, 0x80,
  25981. 0x14, 0x33, 0xD8, 0x45, 0x66, 0xD7, 0x68, 0x87,
  25982. 0x18, 0x7E, 0x54, 0x0D, 0x70, 0x27, 0x91, 0xC7,
  25983. 0x26, 0xD7, 0x85, 0x65, 0xC0, 0x30, 0x0D, 0x06,
  25984. 0x09, 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01,
  25985. 0x01, 0x0B, 0x05, 0x00, 0x03, 0x82, 0x01, 0x01,
  25986. 0x00, 0x19, 0xE7, 0xD0, 0x9A, 0xF9, 0x90, 0xAA,
  25987. 0xAD, 0x63, 0x58, 0x21, 0x38, 0xA2, 0x4D, 0x30,
  25988. 0x9A, 0x6F, 0x88, 0x9E, 0x9B, 0xFB, 0xDE, 0x73,
  25989. 0xF2, 0x38, 0xFC, 0x7E, 0x60, 0xC5, 0xFA, 0xBB,
  25990. 0x64, 0xA0, 0xD2, 0xC0, 0xBD, 0xB6, 0x4A, 0xAC,
  25991. 0x38, 0x90, 0xF5, 0xEE, 0xEC, 0x43, 0x90, 0x7D,
  25992. 0x5B, 0xF0, 0x22, 0xA0, 0xAC, 0x59, 0x10, 0xE2,
  25993. 0x8D, 0x16, 0xDA, 0x3A, 0xAB, 0x0F, 0x94, 0x11,
  25994. 0x6C, 0x0C, 0x61, 0xC1, 0xFD, 0xB5, 0xA3, 0xFC,
  25995. 0xE7, 0xFD, 0x0C, 0x63, 0x20, 0xE5, 0x00, 0xCE,
  25996. 0xFD, 0xEE, 0x21, 0xE1, 0xE1, 0x9D, 0x48, 0x9B,
  25997. 0x71, 0x9C, 0x80, 0x39, 0x5E, 0x5A, 0xD3, 0x32,
  25998. 0xA6, 0xAC, 0x3F, 0x84, 0x8C, 0xB6, 0xBC, 0x70,
  25999. 0x90, 0xE9, 0xC1, 0x0F, 0xAB, 0xA5, 0x97, 0xD4,
  26000. 0xE0, 0x8E, 0x3B, 0xBB, 0x02, 0xE0, 0xED, 0xB0,
  26001. 0x10, 0xE8, 0x3F, 0x49, 0xD2, 0x46, 0x4E, 0xE7,
  26002. 0x72, 0x0F, 0x1A, 0xFD, 0xE4, 0x59, 0x84, 0x24,
  26003. 0xA9, 0x7B, 0x9D, 0x8E, 0x8C, 0xBC, 0xEA, 0xD1,
  26004. 0x04, 0x1F, 0xC6, 0x30, 0x47, 0xBD, 0xCC, 0xD1,
  26005. 0xBC, 0x87, 0x00, 0xB5, 0x23, 0x3C, 0x60, 0x8F,
  26006. 0xB2, 0xDB, 0x71, 0xD2, 0xF5, 0xBA, 0xEB, 0xB1,
  26007. 0xD0, 0x53, 0xAC, 0x2E, 0x2C, 0xA5, 0x5D, 0x41,
  26008. 0xCD, 0x9B, 0x4F, 0x8B, 0x41, 0xA1, 0x5D, 0x8E,
  26009. 0xD9, 0x89, 0x5B, 0x5C, 0x58, 0x1C, 0x4A, 0xE6,
  26010. 0x22, 0xC8, 0x15, 0x2D, 0x8E, 0x24, 0x48, 0xF8,
  26011. 0xB2, 0x3C, 0x7A, 0x72, 0x62, 0xEC, 0xB2, 0x76,
  26012. 0xAD, 0x3D, 0x42, 0x29, 0xE9, 0x3B, 0x4E, 0x7F,
  26013. 0x06, 0xA4, 0xA4, 0x72, 0x55, 0xDD, 0x1C, 0x69,
  26014. 0x5E, 0x2B, 0x7E, 0xB7, 0x7C, 0xBD, 0xF6, 0x2F,
  26015. 0xC9, 0x9A, 0x33, 0x31, 0xD9, 0x92, 0x32, 0xB6,
  26016. 0x60, 0x4D, 0x8F, 0x5B, 0xF2, 0xAE, 0xD5, 0x72,
  26017. 0x88, 0x92, 0x75, 0xC4, 0xDC, 0xBD, 0x0B, 0xB8, 0x9D
  26018. };
  26019. printf(testingFmt, "wolfSSL_X509_sign2");
  26020. pt = ca_key_der_2048;
  26021. AssertNotNull(priv = wolfSSL_d2i_PrivateKey(EVP_PKEY_RSA, NULL, &pt,
  26022. sizeof_ca_key_der_2048));
  26023. pt = client_cert_der_2048;
  26024. AssertNotNull(x509 = wolfSSL_d2i_X509(NULL, &pt,
  26025. sizeof_client_cert_der_2048));
  26026. pt = ca_cert_der_2048;
  26027. AssertNotNull(ca = wolfSSL_d2i_X509(NULL, &pt, sizeof_ca_cert_der_2048));
  26028. AssertNotNull(name = wolfSSL_X509_get_subject_name(ca));
  26029. AssertIntEQ(wolfSSL_X509_set_issuer_name(x509, name), WOLFSSL_SUCCESS);
  26030. t = (time_t)30 * year + 45 * day + 20 * hour + 30 * mini + 7 * day;
  26031. AssertNotNull(notBefore = wolfSSL_ASN1_TIME_adj(NULL, t, 0, 0));
  26032. AssertNotNull(notAfter = wolfSSL_ASN1_TIME_adj(NULL, t, 365, 0));
  26033. AssertIntEQ(notAfter->length, 13);
  26034. AssertTrue(wolfSSL_X509_set_notBefore(x509, notBefore));
  26035. AssertTrue(wolfSSL_X509_set_notAfter(x509, notAfter));
  26036. wolfSSL_X509_sign(x509, priv, EVP_sha256());
  26037. AssertNotNull((der = wolfSSL_X509_get_der(x509, &derSz)));
  26038. AssertIntEQ(derSz, sizeof(expected));
  26039. AssertIntEQ(XMEMCMP(der, expected, derSz), 0);
  26040. wolfSSL_X509_free(ca);
  26041. wolfSSL_X509_free(x509);
  26042. wolfSSL_EVP_PKEY_free(priv);
  26043. wolfSSL_ASN1_TIME_free(notBefore);
  26044. wolfSSL_ASN1_TIME_free(notAfter);
  26045. printf(resultFmt, passed);
  26046. #endif
  26047. }
  26048. static void test_wolfSSL_X509_sign(void)
  26049. {
  26050. #if defined(OPENSSL_EXTRA) && !defined(NO_CERTS) && \
  26051. defined(WOLFSSL_CERT_GEN) && defined(WOLFSSL_CERT_REQ)
  26052. int ret;
  26053. char *caSubject;
  26054. X509_NAME *name;
  26055. X509 *x509, *ca;
  26056. DecodedCert dCert;
  26057. EVP_PKEY *pub;
  26058. EVP_PKEY *priv;
  26059. EVP_MD_CTX *mctx;
  26060. #if defined(USE_CERT_BUFFERS_1024)
  26061. const unsigned char* rsaPriv = client_key_der_1024;
  26062. const unsigned char* rsaPub = client_keypub_der_1024;
  26063. const unsigned char* certIssuer = client_cert_der_1024;
  26064. long clientKeySz = (long)sizeof_client_key_der_1024;
  26065. long clientPubKeySz = (long)sizeof_client_keypub_der_1024;
  26066. long certIssuerSz = (long)sizeof_client_cert_der_1024;
  26067. #elif defined(USE_CERT_BUFFERS_2048)
  26068. const unsigned char* rsaPriv = client_key_der_2048;
  26069. const unsigned char* rsaPub = client_keypub_der_2048;
  26070. const unsigned char* certIssuer = client_cert_der_2048;
  26071. long clientKeySz = (long)sizeof_client_key_der_2048;
  26072. long clientPubKeySz = (long)sizeof_client_keypub_der_2048;
  26073. long certIssuerSz = (long)sizeof_client_cert_der_2048;
  26074. #endif
  26075. byte sn[16];
  26076. int snSz = sizeof(sn);
  26077. printf(testingFmt, "wolfSSL_X509_sign");
  26078. /* Set X509_NAME fields */
  26079. AssertNotNull(name = X509_NAME_new());
  26080. AssertIntEQ(X509_NAME_add_entry_by_txt(name, "countryName", MBSTRING_UTF8,
  26081. (byte*)"US", 2, -1, 0), SSL_SUCCESS);
  26082. AssertIntEQ(X509_NAME_add_entry_by_txt(name, "commonName", MBSTRING_UTF8,
  26083. (byte*)"wolfssl.com", 11, -1, 0), SSL_SUCCESS);
  26084. AssertIntEQ(X509_NAME_add_entry_by_txt(name, "emailAddress", MBSTRING_UTF8,
  26085. (byte*)"support@wolfssl.com", 19, -1, 0), SSL_SUCCESS);
  26086. /* Get private and public keys */
  26087. AssertNotNull(priv = wolfSSL_d2i_PrivateKey(EVP_PKEY_RSA, NULL, &rsaPriv,
  26088. clientKeySz));
  26089. AssertNotNull(pub = wolfSSL_d2i_PUBKEY(NULL, &rsaPub, clientPubKeySz));
  26090. AssertNotNull(x509 = X509_new());
  26091. /* Set version 3 */
  26092. AssertIntNE(X509_set_version(x509, 2L), 0);
  26093. /* Set subject name, add pubkey, and sign certificate */
  26094. AssertIntEQ(X509_set_subject_name(x509, name), SSL_SUCCESS);
  26095. X509_NAME_free(name);
  26096. AssertIntEQ(X509_set_pubkey(x509, pub), SSL_SUCCESS);
  26097. #ifdef WOLFSSL_ALT_NAMES
  26098. /* Add some subject alt names */
  26099. AssertIntNE(wolfSSL_X509_add_altname(NULL,
  26100. "ipsum", ASN_DNS_TYPE), SSL_SUCCESS);
  26101. AssertIntEQ(wolfSSL_X509_add_altname(x509,
  26102. NULL, ASN_DNS_TYPE), SSL_SUCCESS);
  26103. AssertIntEQ(wolfSSL_X509_add_altname(x509,
  26104. "sphygmomanometer",
  26105. ASN_DNS_TYPE), SSL_SUCCESS);
  26106. AssertIntEQ(wolfSSL_X509_add_altname(x509,
  26107. "supercalifragilisticexpialidocious",
  26108. ASN_DNS_TYPE), SSL_SUCCESS);
  26109. AssertIntEQ(wolfSSL_X509_add_altname(x509,
  26110. "Llanfairpwllgwyngyllgogerychwyrndrobwllllantysiliogogogoch",
  26111. ASN_DNS_TYPE), SSL_SUCCESS);
  26112. #if defined(OPENSSL_ALL) || defined(WOLFSSL_IP_ALT_NAME)
  26113. {
  26114. unsigned char ip_type[] = {127,0,0,1};
  26115. AssertIntEQ(wolfSSL_X509_add_altname_ex(x509, (char*)ip_type,
  26116. sizeof(ip_type), ASN_IP_TYPE), SSL_SUCCESS);
  26117. }
  26118. #endif
  26119. #endif /* WOLFSSL_ALT_NAMES */
  26120. /* test valid sign case */
  26121. ret = X509_sign(x509, priv, EVP_sha256());
  26122. /* test valid X509_sign_ctx case */
  26123. AssertNotNull(mctx = EVP_MD_CTX_new());
  26124. AssertIntEQ(EVP_DigestSignInit(mctx, NULL, EVP_sha256(), NULL, priv), 1);
  26125. AssertIntGT(X509_sign_ctx(x509, mctx), 0);
  26126. #if defined(OPENSSL_ALL) && defined(WOLFSSL_ALT_NAMES)
  26127. AssertIntEQ(X509_get_ext_count(x509), 1);
  26128. #endif
  26129. #if defined(WOLFSSL_ALT_NAMES) && (defined(OPENSSL_ALL) || defined(WOLFSSL_IP_ALT_NAME))
  26130. AssertIntEQ(wolfSSL_X509_check_ip_asc(x509, "127.0.0.1", 0), 1);
  26131. #endif
  26132. AssertIntEQ(wolfSSL_X509_get_serial_number(x509, sn, &snSz),
  26133. WOLFSSL_SUCCESS);
  26134. #if 0
  26135. /* example for writing to file */
  26136. XFILE tmpFile = XFOPEN("./signed.der", "wb");
  26137. if (tmpFile) {
  26138. int derSz = 0;
  26139. const byte* der = wolfSSL_X509_get_der(x509, &derSz);
  26140. XFWRITE(der, 1, derSz, tmpFile);
  26141. }
  26142. XFCLOSE(tmpFile);
  26143. #endif
  26144. /* Variation in size depends on ASN.1 encoding when MSB is set */
  26145. #ifndef WOLFSSL_ALT_NAMES
  26146. /* Valid case - size should be 798-797 with 16 byte serial number */
  26147. AssertTrue((ret == 781 + snSz) || (ret == 782 + snSz));
  26148. #elif defined(OPENSSL_ALL) || defined(WOLFSSL_IP_ALT_NAME)
  26149. /* Valid case - size should be 935-936 with 16 byte serial number */
  26150. AssertTrue((ret == 919 + snSz) || (ret == 920 + snSz));
  26151. #else
  26152. /* Valid case - size should be 926-927 with 16 byte serial number */
  26153. AssertTrue((ret == 910 + snSz) || (ret == 911 + snSz));
  26154. #endif
  26155. /* check that issuer name is as expected after signature */
  26156. InitDecodedCert(&dCert, certIssuer, (word32)certIssuerSz, 0);
  26157. AssertIntEQ(ParseCert(&dCert, CERT_TYPE, NO_VERIFY, NULL), 0);
  26158. AssertNotNull(ca = wolfSSL_d2i_X509(NULL, &certIssuer, (int)certIssuerSz));
  26159. AssertNotNull(caSubject = wolfSSL_X509_NAME_oneline(
  26160. X509_get_subject_name(ca), 0, 0));
  26161. AssertIntEQ(0, XSTRNCMP(caSubject, dCert.subject, XSTRLEN(caSubject)));
  26162. XFREE(caSubject, HEAP_HINT, DYNAMIC_TYPE_OPENSSL);
  26163. #ifdef WOLFSSL_MULTI_ATTRIB
  26164. /* test adding multiple OU's to the signer */
  26165. AssertNotNull(name = X509_get_subject_name(ca));
  26166. AssertIntEQ(X509_NAME_add_entry_by_txt(name, "OU", MBSTRING_UTF8,
  26167. (byte*)"OU1", 3, -1, 0), SSL_SUCCESS);
  26168. AssertIntEQ(X509_NAME_add_entry_by_txt(name, "OU", MBSTRING_UTF8,
  26169. (byte*)"OU2", 3, -1, 0), SSL_SUCCESS);
  26170. AssertIntGT(X509_sign(ca, priv, EVP_sha256()), 0);
  26171. #endif
  26172. AssertNotNull(name = X509_get_subject_name(ca));
  26173. AssertIntEQ(X509_set_issuer_name(x509, name), SSL_SUCCESS);
  26174. AssertIntGT(X509_sign(x509, priv, EVP_sha256()), 0);
  26175. AssertNotNull(caSubject = wolfSSL_X509_NAME_oneline(
  26176. X509_get_issuer_name(x509), 0, 0));
  26177. XFREE(caSubject, HEAP_HINT, DYNAMIC_TYPE_OPENSSL);
  26178. FreeDecodedCert(&dCert);
  26179. /* Test invalid parameters */
  26180. AssertIntEQ(X509_sign(NULL, priv, EVP_sha256()), 0);
  26181. AssertIntEQ(X509_sign(x509, NULL, EVP_sha256()), 0);
  26182. AssertIntEQ(X509_sign(x509, priv, NULL), 0);
  26183. AssertIntEQ(X509_sign_ctx(NULL, mctx), 0);
  26184. EVP_MD_CTX_free(mctx);
  26185. AssertNotNull(mctx = EVP_MD_CTX_new());
  26186. AssertIntEQ(X509_sign_ctx(x509, mctx), 0);
  26187. AssertIntEQ(X509_sign_ctx(x509, NULL), 0);
  26188. /* test invalid version number */
  26189. #if defined(OPENSSL_ALL)
  26190. AssertIntNE(X509_set_version(x509, 6L), 0);
  26191. AssertIntGT(X509_sign(x509, priv, EVP_sha256()), 0);
  26192. /* uses ParseCert which fails on bad version number */
  26193. AssertIntEQ(X509_get_ext_count(x509), SSL_FAILURE);
  26194. #endif
  26195. EVP_MD_CTX_free(mctx);
  26196. EVP_PKEY_free(priv);
  26197. EVP_PKEY_free(pub);
  26198. X509_free(x509);
  26199. X509_free(ca);
  26200. printf(resultFmt, passed);
  26201. #endif
  26202. }
  26203. static void test_wolfSSL_X509_get0_tbs_sigalg(void)
  26204. {
  26205. #if (defined(OPENSSL_ALL) || defined(WOLFSSL_APACHE_HTTPD))
  26206. X509* x509 = NULL;
  26207. const X509_ALGOR* alg;
  26208. printf(testingFmt, "wolfSSL_X509_get0_tbs_sigalg");
  26209. AssertNotNull(x509 = X509_new());
  26210. AssertNull(alg = X509_get0_tbs_sigalg(NULL));
  26211. AssertNotNull(alg = X509_get0_tbs_sigalg(x509));
  26212. X509_free(x509);
  26213. printf(resultFmt, passed);
  26214. #endif
  26215. }
  26216. static void test_wolfSSL_X509_ALGOR_get0(void)
  26217. {
  26218. #if (defined(OPENSSL_ALL) || defined(WOLFSSL_APACHE_HTTPD)) && !defined(NO_SHA256)
  26219. X509* x509 = NULL;
  26220. const ASN1_OBJECT* obj = NULL;
  26221. const X509_ALGOR* alg;
  26222. int pptype = 0;
  26223. const void *ppval = NULL;
  26224. printf(testingFmt, "wolfSSL_X509_ALGOR_get0");
  26225. AssertNotNull(x509 = wolfSSL_X509_load_certificate_file(cliCertFile,
  26226. SSL_FILETYPE_PEM));
  26227. AssertNotNull(alg = X509_get0_tbs_sigalg(x509));
  26228. /* Invalid case */
  26229. X509_ALGOR_get0(&obj, NULL, NULL, NULL);
  26230. AssertNull(obj);
  26231. /* Valid case */
  26232. X509_ALGOR_get0(&obj, &pptype, &ppval, alg);
  26233. AssertNotNull(obj);
  26234. AssertNotNull(ppval);
  26235. AssertIntNE(pptype, 0);
  26236. /* Make sure NID of X509_ALGOR is Sha256 with RSA */
  26237. AssertIntEQ(OBJ_obj2nid(obj), CTC_SHA256wRSA);
  26238. X509_free(x509);
  26239. printf(resultFmt, passed);
  26240. #endif
  26241. }
  26242. static void test_wolfSSL_X509_VERIFY_PARAM(void)
  26243. {
  26244. #if defined(OPENSSL_EXTRA)
  26245. WOLFSSL_X509_VERIFY_PARAM *paramTo;
  26246. WOLFSSL_X509_VERIFY_PARAM *paramFrom;
  26247. int ret;
  26248. char testIPv4[] = "127.0.0.1";
  26249. char testIPv6[] = "0001:0000:0000:0000:0000:0000:0000:0000/32";
  26250. char testhostName1[] = "foo.hoge.com";
  26251. char testhostName2[] = "foobar.hoge.com";
  26252. printf(testingFmt, "wolfSSL_X509()");
  26253. paramTo = wolfSSL_X509_VERIFY_PARAM_new();
  26254. AssertNotNull(paramTo);
  26255. XMEMSET(paramTo, 0, sizeof(WOLFSSL_X509_VERIFY_PARAM ));
  26256. paramFrom = wolfSSL_X509_VERIFY_PARAM_new();
  26257. AssertNotNull(paramFrom);
  26258. XMEMSET(paramFrom, 0, sizeof(WOLFSSL_X509_VERIFY_PARAM ));
  26259. ret = wolfSSL_X509_VERIFY_PARAM_set1_host(paramFrom, testhostName1,
  26260. (int)XSTRLEN(testhostName1));
  26261. AssertIntEQ(1, ret);
  26262. AssertIntEQ(0, XSTRNCMP(paramFrom->hostName, testhostName1,
  26263. (int)XSTRLEN(testhostName1)));
  26264. wolfSSL_X509_VERIFY_PARAM_set_hostflags(NULL, 0x00);
  26265. wolfSSL_X509_VERIFY_PARAM_set_hostflags(paramFrom, 0x01);
  26266. AssertIntEQ(0x01, paramFrom->hostFlags);
  26267. ret = wolfSSL_X509_VERIFY_PARAM_set1_ip_asc(NULL, testIPv4);
  26268. AssertIntEQ(0, ret);
  26269. ret = wolfSSL_X509_VERIFY_PARAM_set1_ip_asc(paramFrom, testIPv4);
  26270. AssertIntEQ(1, ret);
  26271. AssertIntEQ(0, XSTRNCMP(paramFrom->ipasc, testIPv4, WOLFSSL_MAX_IPSTR));
  26272. ret = wolfSSL_X509_VERIFY_PARAM_set1_ip_asc(paramFrom, NULL);
  26273. AssertIntEQ(1, ret);
  26274. ret = wolfSSL_X509_VERIFY_PARAM_set1_ip_asc(paramFrom, testIPv6);
  26275. AssertIntEQ(1, ret);
  26276. AssertIntEQ(0, XSTRNCMP(paramFrom->ipasc, testIPv6, WOLFSSL_MAX_IPSTR));
  26277. /* null pointer */
  26278. ret = wolfSSL_X509_VERIFY_PARAM_set1(NULL, paramFrom);
  26279. AssertIntEQ(WOLFSSL_FAILURE, ret);
  26280. /* in the case of "from" null, returns success */
  26281. ret = wolfSSL_X509_VERIFY_PARAM_set1(paramTo, NULL);
  26282. AssertIntEQ(WOLFSSL_SUCCESS, ret);
  26283. ret = wolfSSL_X509_VERIFY_PARAM_set1(NULL, NULL);
  26284. AssertIntEQ(WOLFSSL_FAILURE, ret);
  26285. /* inherit flags test : VPARAM_DEFAULT */
  26286. ret = wolfSSL_X509_VERIFY_PARAM_set1(paramTo, paramFrom);
  26287. AssertIntEQ(1, ret);
  26288. AssertIntEQ(0, XSTRNCMP(paramTo->hostName, testhostName1,
  26289. (int)XSTRLEN(testhostName1)));
  26290. AssertIntEQ(0x01, paramTo->hostFlags);
  26291. AssertIntEQ(0, XSTRNCMP(paramTo->ipasc, testIPv6, WOLFSSL_MAX_IPSTR));
  26292. /* inherit flags test : VPARAM OVERWRITE */
  26293. wolfSSL_X509_VERIFY_PARAM_set1_host(paramTo, testhostName2,
  26294. (int)XSTRLEN(testhostName2));
  26295. wolfSSL_X509_VERIFY_PARAM_set1_ip_asc(paramTo, testIPv4);
  26296. wolfSSL_X509_VERIFY_PARAM_set_hostflags(paramTo, 0x00);
  26297. paramTo->inherit_flags = WOLFSSL_VPARAM_OVERWRITE;
  26298. ret = wolfSSL_X509_VERIFY_PARAM_set1(paramTo, paramFrom);
  26299. AssertIntEQ(1, ret);
  26300. AssertIntEQ(0, XSTRNCMP(paramTo->hostName, testhostName1,
  26301. (int)XSTRLEN(testhostName1)));
  26302. AssertIntEQ(0x01, paramTo->hostFlags);
  26303. AssertIntEQ(0, XSTRNCMP(paramTo->ipasc, testIPv6, WOLFSSL_MAX_IPSTR));
  26304. /* inherit flags test : VPARAM_RESET_FLAGS */
  26305. wolfSSL_X509_VERIFY_PARAM_set1_host(paramTo, testhostName2,
  26306. (int)XSTRLEN(testhostName2));
  26307. wolfSSL_X509_VERIFY_PARAM_set1_ip_asc(paramTo, testIPv4);
  26308. wolfSSL_X509_VERIFY_PARAM_set_hostflags(paramTo, 0x10);
  26309. paramTo->inherit_flags = WOLFSSL_VPARAM_RESET_FLAGS;
  26310. ret = wolfSSL_X509_VERIFY_PARAM_set1(paramTo, paramFrom);
  26311. AssertIntEQ(1, ret);
  26312. AssertIntEQ(0, XSTRNCMP(paramTo->hostName, testhostName1,
  26313. (int)XSTRLEN(testhostName1)));
  26314. AssertIntEQ(0x01, paramTo->hostFlags);
  26315. AssertIntEQ(0, XSTRNCMP(paramTo->ipasc, testIPv6, WOLFSSL_MAX_IPSTR));
  26316. /* inherit flags test : VPARAM_LOCKED */
  26317. wolfSSL_X509_VERIFY_PARAM_set1_host(paramTo, testhostName2,
  26318. (int)XSTRLEN(testhostName2));
  26319. wolfSSL_X509_VERIFY_PARAM_set1_ip_asc(paramTo, testIPv4);
  26320. wolfSSL_X509_VERIFY_PARAM_set_hostflags(paramTo, 0x00);
  26321. paramTo->inherit_flags = WOLFSSL_VPARAM_LOCKED;
  26322. ret = wolfSSL_X509_VERIFY_PARAM_set1(paramTo, paramFrom);
  26323. AssertIntEQ(1, ret);
  26324. AssertIntEQ(0, XSTRNCMP(paramTo->hostName, testhostName2,
  26325. (int)XSTRLEN(testhostName2)));
  26326. AssertIntEQ(0x00, paramTo->hostFlags);
  26327. AssertIntEQ(0, XSTRNCMP(paramTo->ipasc, testIPv4, WOLFSSL_MAX_IPSTR));
  26328. /* inherit flags test : VPARAM_ONCE, not testable yet */
  26329. ret = wolfSSL_X509_VERIFY_PARAM_set_flags(paramTo, WOLFSSL_CRL_CHECKALL);
  26330. AssertIntEQ(1, ret);
  26331. ret = wolfSSL_X509_VERIFY_PARAM_get_flags(paramTo);
  26332. AssertIntEQ(WOLFSSL_CRL_CHECKALL, ret);
  26333. ret = wolfSSL_X509_VERIFY_PARAM_clear_flags(paramTo, WOLFSSL_CRL_CHECKALL);
  26334. AssertIntEQ(1, ret);
  26335. ret = wolfSSL_X509_VERIFY_PARAM_get_flags(paramTo);
  26336. AssertIntEQ(0, ret);
  26337. wolfSSL_X509_VERIFY_PARAM_free(paramTo);
  26338. wolfSSL_X509_VERIFY_PARAM_free(paramFrom);
  26339. printf(resultFmt, passed);
  26340. #endif
  26341. }
  26342. static void test_wolfSSL_X509_get_X509_PUBKEY(void)
  26343. {
  26344. #if (defined(OPENSSL_ALL) || defined(WOLFSSL_APACHE_HTTPD))
  26345. X509* x509 = NULL;
  26346. X509_PUBKEY* pubKey;
  26347. printf(testingFmt, "wolfSSL_X509_get_X509_PUBKEY");
  26348. AssertNotNull(x509 = X509_new());
  26349. AssertNull(pubKey = wolfSSL_X509_get_X509_PUBKEY(NULL));
  26350. AssertNotNull(pubKey = wolfSSL_X509_get_X509_PUBKEY(x509));
  26351. X509_free(x509);
  26352. printf(resultFmt, passed);
  26353. #endif
  26354. }
  26355. static void test_wolfSSL_X509_PUBKEY(void)
  26356. {
  26357. #if (defined(OPENSSL_ALL) || defined(WOLFSSL_APACHE_HTTPD)) && !defined(NO_SHA256)
  26358. X509* x509 = NULL;
  26359. ASN1_OBJECT* obj = NULL;
  26360. X509_PUBKEY* pubKey;
  26361. X509_PUBKEY* pubKey2;
  26362. EVP_PKEY* evpKey;
  26363. const unsigned char *pk;
  26364. int ppklen;
  26365. WOLFSSL_X509_ALGOR *pa;
  26366. printf(testingFmt, "wolfSSL_X509_get_X509_PUBKEY");
  26367. AssertNotNull(x509 = X509_load_certificate_file(cliCertFile,
  26368. SSL_FILETYPE_PEM));
  26369. AssertNotNull(pubKey = X509_get_X509_PUBKEY(x509));
  26370. AssertIntEQ(X509_PUBKEY_get0_param(&obj, &pk, &ppklen, &pa, pubKey), 1);
  26371. AssertNotNull(pk);
  26372. AssertNotNull(pa);
  26373. AssertNotNull(pubKey);
  26374. AssertIntGT(ppklen, 0);
  26375. AssertIntEQ(OBJ_obj2nid(obj), RSAk);
  26376. AssertNotNull(evpKey = X509_PUBKEY_get(pubKey));
  26377. AssertNotNull(pubKey2 = X509_PUBKEY_new());
  26378. AssertIntEQ(X509_PUBKEY_set(&pubKey2, evpKey), 1);
  26379. X509_PUBKEY_free(pubKey2);
  26380. X509_free(x509);
  26381. EVP_PKEY_free(evpKey);
  26382. printf(resultFmt, passed);
  26383. #endif
  26384. }
  26385. static void test_wolfSSL_RAND(void)
  26386. {
  26387. #if defined(OPENSSL_EXTRA)
  26388. byte seed[16];
  26389. printf(testingFmt, "wolfSSL_RAND()");
  26390. RAND_seed(seed, sizeof(seed));
  26391. AssertIntEQ(RAND_poll(), 1);
  26392. RAND_cleanup();
  26393. AssertIntEQ(RAND_egd(NULL), -1);
  26394. #ifndef NO_FILESYSTEM
  26395. {
  26396. char fname[100];
  26397. AssertNotNull(RAND_file_name(fname, (sizeof(fname) - 1)));
  26398. AssertIntEQ(RAND_write_file(NULL), 0);
  26399. }
  26400. #endif
  26401. printf(resultFmt, passed);
  26402. #endif
  26403. }
  26404. static void test_wolfSSL_BUF(void)
  26405. {
  26406. #if defined(OPENSSL_EXTRA)
  26407. BUF_MEM* buf;
  26408. AssertNotNull(buf = BUF_MEM_new());
  26409. AssertIntEQ(BUF_MEM_grow(buf, 10), 10);
  26410. AssertIntEQ(BUF_MEM_grow(buf, -1), 0);
  26411. BUF_MEM_free(buf);
  26412. #endif /* OPENSSL_EXTRA */
  26413. }
  26414. #if defined(OPENSSL_EXTRA) && !defined(WOLFSSL_NO_OPENSSL_RAND_CB)
  26415. static int stub_rand_seed(const void *buf, int num)
  26416. {
  26417. (void)buf;
  26418. (void)num;
  26419. return 123;
  26420. }
  26421. static int stub_rand_bytes(unsigned char *buf, int num)
  26422. {
  26423. (void)buf;
  26424. (void)num;
  26425. return 456;
  26426. }
  26427. static byte* was_stub_rand_cleanup_called(void)
  26428. {
  26429. static byte was_called = 0;
  26430. return &was_called;
  26431. }
  26432. static void stub_rand_cleanup(void)
  26433. {
  26434. byte* was_called = was_stub_rand_cleanup_called();
  26435. *was_called = 1;
  26436. return;
  26437. }
  26438. static byte* was_stub_rand_add_called(void)
  26439. {
  26440. static byte was_called = 0;
  26441. return &was_called;
  26442. }
  26443. static int stub_rand_add(const void *buf, int num, double entropy)
  26444. {
  26445. byte* was_called = was_stub_rand_add_called();
  26446. (void)buf;
  26447. (void)num;
  26448. (void)entropy;
  26449. *was_called = 1;
  26450. return 0;
  26451. }
  26452. static int stub_rand_pseudo_bytes(unsigned char *buf, int num)
  26453. {
  26454. (void)buf;
  26455. (void)num;
  26456. return 9876;
  26457. }
  26458. static int stub_rand_status(void)
  26459. {
  26460. return 5432;
  26461. }
  26462. #endif /* OPENSSL_EXTRA && !WOLFSSL_NO_OPENSSL_RAND_CB */
  26463. static void test_wolfSSL_RAND_set_rand_method(void)
  26464. {
  26465. #if defined(OPENSSL_EXTRA) && !defined(WOLFSSL_NO_OPENSSL_RAND_CB)
  26466. WOLFSSL_RAND_METHOD rand_methods = {NULL, NULL, NULL, NULL, NULL, NULL};
  26467. unsigned char* buf = NULL;
  26468. int num = 0;
  26469. double entropy = 0;
  26470. byte* was_cleanup_called = was_stub_rand_cleanup_called();
  26471. byte* was_add_called = was_stub_rand_add_called();
  26472. printf(testingFmt, "wolfSSL_RAND_set_rand_method()");
  26473. buf = (byte*)XMALLOC(32 * sizeof(byte), NULL,
  26474. DYNAMIC_TYPE_TMP_BUFFER);
  26475. AssertIntNE(wolfSSL_RAND_status(), 5432);
  26476. AssertIntEQ(*was_cleanup_called, 0);
  26477. wolfSSL_RAND_Cleanup();
  26478. AssertIntEQ(*was_cleanup_called, 0);
  26479. rand_methods.seed = &stub_rand_seed;
  26480. rand_methods.bytes = &stub_rand_bytes;
  26481. rand_methods.cleanup = &stub_rand_cleanup;
  26482. rand_methods.add = &stub_rand_add;
  26483. rand_methods.pseudorand = &stub_rand_pseudo_bytes;
  26484. rand_methods.status = &stub_rand_status;
  26485. AssertIntEQ(wolfSSL_RAND_set_rand_method(&rand_methods), WOLFSSL_SUCCESS);
  26486. AssertIntEQ(wolfSSL_RAND_seed(buf, num), 123);
  26487. AssertIntEQ(wolfSSL_RAND_bytes(buf, num), 456);
  26488. AssertIntEQ(wolfSSL_RAND_pseudo_bytes(buf, num), 9876);
  26489. AssertIntEQ(wolfSSL_RAND_status(), 5432);
  26490. AssertIntEQ(*was_add_called, 0);
  26491. /* The function pointer for RAND_add returns int, but RAND_add itself returns void. */
  26492. wolfSSL_RAND_add(buf, num, entropy);
  26493. AssertIntEQ(*was_add_called, 1);
  26494. was_add_called = 0;
  26495. AssertIntEQ(*was_cleanup_called, 0);
  26496. wolfSSL_RAND_Cleanup();
  26497. AssertIntEQ(*was_cleanup_called, 1);
  26498. *was_cleanup_called = 0;
  26499. AssertIntEQ(wolfSSL_RAND_set_rand_method(NULL), WOLFSSL_SUCCESS);
  26500. AssertIntNE(wolfSSL_RAND_status(), 5432);
  26501. AssertIntEQ(*was_cleanup_called, 0);
  26502. wolfSSL_RAND_Cleanup();
  26503. AssertIntEQ(*was_cleanup_called, 0);
  26504. XFREE(buf, NULL, DYNAMIC_TYPE_TMP_BUFFER);
  26505. printf(resultFmt, passed);
  26506. #endif /* OPENSSL_EXTRA && !WOLFSSL_NO_OPENSSL_RAND_CB */
  26507. }
  26508. static void test_wolfSSL_RAND_bytes(void)
  26509. {
  26510. #if defined(OPENSSL_EXTRA)
  26511. const int size1 = RNG_MAX_BLOCK_LEN; /* in bytes */
  26512. const int size2 = RNG_MAX_BLOCK_LEN + 1; /* in bytes */
  26513. const int size3 = RNG_MAX_BLOCK_LEN * 2; /* in bytes */
  26514. const int size4 = RNG_MAX_BLOCK_LEN * 4; /* in bytes */
  26515. int max_bufsize;
  26516. byte *my_buf;
  26517. printf(testingFmt, "test_wolfSSL_RAND_bytes()");
  26518. /* sanity check */
  26519. AssertIntEQ(RAND_bytes(NULL, 16), 0);
  26520. AssertIntEQ(RAND_bytes(NULL, 0), 0);
  26521. max_bufsize = size4;
  26522. my_buf = (byte*)XMALLOC(max_bufsize * sizeof(byte), NULL,
  26523. DYNAMIC_TYPE_TMP_BUFFER);
  26524. AssertIntEQ(RAND_bytes(my_buf, 0), 1);
  26525. AssertIntEQ(RAND_bytes(my_buf, -1), 0);
  26526. AssertNotNull(my_buf);
  26527. XMEMSET(my_buf, 0, max_bufsize);
  26528. AssertIntEQ(RAND_bytes(my_buf, size1), 1);
  26529. AssertIntEQ(RAND_bytes(my_buf, size2), 1);
  26530. AssertIntEQ(RAND_bytes(my_buf, size3), 1);
  26531. AssertIntEQ(RAND_bytes(my_buf, size4), 1);
  26532. XFREE(my_buf, NULL, DYNAMIC_TYPE_TMP_BUFFER);
  26533. printf(resultFmt, passed);
  26534. #endif
  26535. }
  26536. static void test_wolfSSL_BN_rand(void)
  26537. {
  26538. #if defined(OPENSSL_EXTRA)
  26539. BIGNUM* bn;
  26540. printf(testingFmt, "wolfSSL_BN_rand()");
  26541. AssertNotNull(bn = BN_new());
  26542. AssertIntNE(BN_rand(bn, 0, 0, 0), SSL_SUCCESS);
  26543. BN_free(bn);
  26544. AssertNotNull(bn = BN_new());
  26545. AssertIntEQ(BN_rand(bn, 8, 0, 0), SSL_SUCCESS);
  26546. BN_free(bn);
  26547. AssertNotNull(bn = BN_new());
  26548. AssertIntEQ(BN_rand(bn, 64, 0, 0), SSL_SUCCESS);
  26549. BN_free(bn);
  26550. printf(resultFmt, passed);
  26551. #endif
  26552. }
  26553. static void test_wolfSSL_pseudo_rand(void)
  26554. {
  26555. #if defined(OPENSSL_EXTRA)
  26556. BIGNUM* bn;
  26557. unsigned char bin[8];
  26558. int i;
  26559. printf(testingFmt, "wolfSSL_pseudo_rand()");
  26560. /* BN_pseudo_rand returns 1 on success 0 on failure
  26561. * int BN_pseudo_rand(BIGNUM* bn, int bits, int top, int bottom) */
  26562. for (i = 0; i < 10; i++) {
  26563. AssertNotNull(bn = BN_new());
  26564. AssertIntEQ(BN_pseudo_rand(bn, 8, 0, 0), SSL_SUCCESS);
  26565. AssertIntGT(BN_bn2bin(bn, bin),0);
  26566. AssertIntEQ((bin[0] & 0x80), 0x80); /* top bit should be set */
  26567. BN_free(bn);
  26568. }
  26569. for (i = 0; i < 10; i++) {
  26570. AssertNotNull(bn = BN_new());
  26571. AssertIntEQ(BN_pseudo_rand(bn, 8, 1, 1), SSL_SUCCESS);
  26572. AssertIntGT(BN_bn2bin(bn, bin),0);
  26573. AssertIntEQ((bin[0] & 0xc1), 0xc1); /* top bit should be set */
  26574. BN_free(bn);
  26575. }
  26576. printf(resultFmt, passed);
  26577. #endif
  26578. }
  26579. static void test_wolfSSL_PKCS8_Compat(void)
  26580. {
  26581. #if defined(OPENSSL_EXTRA) && !defined(NO_FILESYSTEM) && defined(HAVE_ECC)
  26582. #ifndef NO_BIO
  26583. PKCS8_PRIV_KEY_INFO* pt;
  26584. BIO* bio;
  26585. XFILE f;
  26586. int bytes;
  26587. char pkcs8_buffer[512];
  26588. printf(testingFmt, "wolfSSL_pkcs8()");
  26589. /* file from wolfssl/certs/ directory */
  26590. f = XFOPEN("./certs/ecc-keyPkcs8.pem", "rb");
  26591. AssertTrue(f != XBADFILE);
  26592. AssertIntGT((bytes = (int)XFREAD(pkcs8_buffer, 1, sizeof(pkcs8_buffer), f)), 0);
  26593. XFCLOSE(f);
  26594. AssertNotNull(bio = BIO_new_mem_buf((void*)pkcs8_buffer, bytes));
  26595. AssertNotNull(pt = d2i_PKCS8_PRIV_KEY_INFO_bio(bio, NULL));
  26596. BIO_free(bio);
  26597. PKCS8_PRIV_KEY_INFO_free(pt);
  26598. printf(resultFmt, passed);
  26599. #endif
  26600. #endif
  26601. }
  26602. static void test_wolfSSL_PKCS8_d2i(void)
  26603. {
  26604. #ifndef HAVE_FIPS
  26605. /* This test ends up using HMAC as a part of PBKDF2, and HMAC
  26606. * requires a 12 byte password in FIPS mode. This test ends up
  26607. * trying to use an 8 byte password. */
  26608. #ifdef OPENSSL_ALL
  26609. WOLFSSL_EVP_PKEY* pkey = NULL;
  26610. #ifndef NO_FILESYSTEM
  26611. unsigned char pkcs8_buffer[2048];
  26612. const unsigned char* p;
  26613. int bytes;
  26614. XFILE file;
  26615. #ifndef NO_BIO
  26616. BIO* bio;
  26617. #if defined(HAVE_ECC)
  26618. WOLFSSL_EVP_PKEY* evpPkey = NULL;
  26619. #endif
  26620. #endif
  26621. #endif
  26622. #ifndef NO_RSA
  26623. #ifndef NO_FILESYSTEM
  26624. const char rsaDerPkcs8File[] = "./certs/server-keyPkcs8.der";
  26625. const char rsaPemPkcs8File[] = "./certs/server-keyPkcs8.pem";
  26626. #ifndef NO_DES3
  26627. const char rsaDerPkcs8EncFile[] = "./certs/server-keyPkcs8Enc.der";
  26628. #endif
  26629. #endif
  26630. #ifdef USE_CERT_BUFFERS_1024
  26631. const unsigned char* rsa = (unsigned char*)server_key_der_1024;
  26632. int rsaSz = sizeof_server_key_der_1024;
  26633. #else
  26634. const unsigned char* rsa = (unsigned char*)server_key_der_2048;
  26635. int rsaSz = sizeof_server_key_der_2048;
  26636. #endif
  26637. #endif
  26638. #ifdef HAVE_ECC
  26639. const unsigned char* ec = (unsigned char*)ecc_key_der_256;
  26640. int ecSz = sizeof_ecc_key_der_256;
  26641. #ifndef NO_FILESYSTEM
  26642. const char ecDerPkcs8File[] = "certs/ecc-keyPkcs8.der";
  26643. const char ecPemPkcs8File[] = "certs/ecc-keyPkcs8.pem";
  26644. #ifndef NO_DES3
  26645. const char ecDerPkcs8EncFile[] = "certs/ecc-keyPkcs8Enc.der";
  26646. #endif
  26647. #endif
  26648. #endif
  26649. #ifndef NO_FILESYSTEM
  26650. (void)pkcs8_buffer;
  26651. (void)p;
  26652. (void)bytes;
  26653. (void)file;
  26654. #ifndef NO_BIO
  26655. (void)bio;
  26656. #endif
  26657. #endif
  26658. #ifndef NO_RSA
  26659. /* Try to auto-detect normal RSA private key */
  26660. AssertNotNull(pkey = d2i_AutoPrivateKey(NULL, &rsa, rsaSz));
  26661. wolfSSL_EVP_PKEY_free(pkey);
  26662. #endif
  26663. #ifdef HAVE_ECC
  26664. /* Try to auto-detect normal EC private key */
  26665. AssertNotNull(pkey = d2i_AutoPrivateKey(NULL, &ec, ecSz));
  26666. wolfSSL_EVP_PKEY_free(pkey);
  26667. #endif
  26668. #ifndef NO_FILESYSTEM
  26669. #ifndef NO_RSA
  26670. /* Get DER encoded RSA PKCS#8 data. */
  26671. file = XFOPEN(rsaDerPkcs8File, "rb");
  26672. AssertTrue(file != XBADFILE);
  26673. AssertIntGT((bytes = (int)XFREAD(pkcs8_buffer, 1, sizeof(pkcs8_buffer),
  26674. file)), 0);
  26675. XFCLOSE(file);
  26676. p = pkcs8_buffer;
  26677. /* Try to decode - auto-detect key type. */
  26678. AssertNotNull(pkey = d2i_AutoPrivateKey(NULL, &p, bytes));
  26679. /* Get PEM encoded RSA PKCS#8 data. */
  26680. file = XFOPEN(rsaPemPkcs8File, "rb");
  26681. AssertTrue(file != XBADFILE);
  26682. AssertIntGT((bytes = (int)XFREAD(pkcs8_buffer, 1, sizeof(pkcs8_buffer),
  26683. file)), 0);
  26684. XFCLOSE(file);
  26685. #ifndef NO_BIO
  26686. AssertNotNull(bio = BIO_new(BIO_s_mem()));
  26687. /* Write PKCS#8 PEM to BIO. */
  26688. AssertIntEQ(PEM_write_bio_PKCS8PrivateKey(bio, pkey, NULL, NULL, 0, NULL,
  26689. NULL), bytes);
  26690. /* Compare file and written data */
  26691. AssertIntEQ(wolfSSL_BIO_get_mem_data(bio, &p), bytes);
  26692. AssertIntEQ(XMEMCMP(p, pkcs8_buffer, bytes), 0);
  26693. BIO_free(bio);
  26694. #ifndef NO_DES3
  26695. AssertNotNull(bio = BIO_new(BIO_s_mem()));
  26696. /* Write Encrypted PKCS#8 PEM to BIO. */
  26697. bytes = 1834;
  26698. AssertIntEQ(PEM_write_bio_PKCS8PrivateKey(bio, pkey, EVP_des_ede3_cbc(),
  26699. NULL, 0, PasswordCallBack, (void*)"yassl123"), bytes);
  26700. AssertNotNull(evpPkey = PEM_read_bio_PrivateKey(bio, NULL, PasswordCallBack,
  26701. (void*)"yassl123"));
  26702. wolfSSL_EVP_PKEY_free(evpPkey);
  26703. BIO_free(bio);
  26704. #endif
  26705. #endif /* !NO_BIO */
  26706. wolfSSL_EVP_PKEY_free(pkey);
  26707. /* PKCS#8 encrypted RSA key */
  26708. #ifndef NO_DES3
  26709. file = XFOPEN(rsaDerPkcs8EncFile, "rb");
  26710. AssertTrue(file != XBADFILE);
  26711. AssertIntGT((bytes = (int)XFREAD(pkcs8_buffer, 1, sizeof(pkcs8_buffer),
  26712. file)), 0);
  26713. XFCLOSE(file);
  26714. #ifndef NO_BIO
  26715. AssertNotNull(bio = BIO_new_mem_buf((void*)pkcs8_buffer, bytes));
  26716. AssertNotNull(pkey = d2i_PKCS8PrivateKey_bio(bio, NULL, PasswordCallBack,
  26717. (void*)"yassl123"));
  26718. wolfSSL_EVP_PKEY_free(pkey);
  26719. BIO_free(bio);
  26720. #endif
  26721. #endif
  26722. #endif
  26723. #ifdef HAVE_ECC
  26724. /* PKCS#8 encode EC key */
  26725. file = XFOPEN(ecDerPkcs8File, "rb");
  26726. AssertTrue(file != XBADFILE);
  26727. AssertIntGT((bytes = (int)XFREAD(pkcs8_buffer, 1, sizeof(pkcs8_buffer),
  26728. file)), 0);
  26729. XFCLOSE(file);
  26730. p = pkcs8_buffer;
  26731. /* Try to decode - auto-detect key type. */
  26732. AssertNotNull(pkey = d2i_AutoPrivateKey(NULL, &p, bytes));
  26733. /* Get PEM encoded RSA PKCS#8 data. */
  26734. file = XFOPEN(ecPemPkcs8File, "rb");
  26735. AssertTrue(file != XBADFILE);
  26736. AssertIntGT((bytes = (int)XFREAD(pkcs8_buffer, 1, sizeof(pkcs8_buffer),
  26737. file)), 0);
  26738. XFCLOSE(file);
  26739. #ifndef NO_BIO
  26740. AssertNotNull(bio = BIO_new(BIO_s_mem()));
  26741. /* Write PKCS#8 PEM to BIO. */
  26742. AssertIntEQ(PEM_write_bio_PKCS8PrivateKey(bio, pkey, NULL, NULL, 0, NULL,
  26743. NULL), bytes);
  26744. /* Compare file and written data */
  26745. AssertIntEQ(wolfSSL_BIO_get_mem_data(bio, &p), bytes);
  26746. AssertIntEQ(XMEMCMP(p, pkcs8_buffer, bytes), 0);
  26747. BIO_free(bio);
  26748. AssertNotNull(bio = BIO_new(BIO_s_mem()));
  26749. /* Write Encrypted PKCS#8 PEM to BIO. */
  26750. bytes = 379;
  26751. AssertIntEQ(PEM_write_bio_PKCS8PrivateKey(bio, pkey, EVP_aes_256_cbc(),
  26752. NULL, 0, PasswordCallBack, (void*)"yassl123"), bytes);
  26753. AssertNotNull(evpPkey = PEM_read_bio_PrivateKey(bio, NULL, PasswordCallBack,
  26754. (void*)"yassl123"));
  26755. wolfSSL_EVP_PKEY_free(evpPkey);
  26756. BIO_free(bio);
  26757. #endif
  26758. wolfSSL_EVP_PKEY_free(pkey);
  26759. /* PKCS#8 encrypted EC key */
  26760. #ifndef NO_DES3
  26761. file = XFOPEN(ecDerPkcs8EncFile, "rb");
  26762. AssertTrue(file != XBADFILE);
  26763. AssertIntGT((bytes = (int)XFREAD(pkcs8_buffer, 1, sizeof(pkcs8_buffer),
  26764. file)), 0);
  26765. XFCLOSE(file);
  26766. #ifndef NO_BIO
  26767. AssertNotNull(bio = BIO_new_mem_buf((void*)pkcs8_buffer, bytes));
  26768. AssertNotNull(pkey = d2i_PKCS8PrivateKey_bio(bio, NULL, PasswordCallBack,
  26769. (void*)"yassl123"));
  26770. wolfSSL_EVP_PKEY_free(pkey);
  26771. BIO_free(bio);
  26772. #endif
  26773. #endif
  26774. #endif
  26775. #endif
  26776. printf(resultFmt, passed);
  26777. #endif
  26778. #endif /* HAVE_FIPS */
  26779. }
  26780. #if defined(ERROR_QUEUE_PER_THREAD) && !defined(NO_ERROR_QUEUE) && \
  26781. defined(OPENSSL_EXTRA) && defined(DEBUG_WOLFSSL)
  26782. #define LOGGING_THREADS 5
  26783. #define ERROR_COUNT 10
  26784. static volatile int loggingThreadsReady;
  26785. static THREAD_RETURN WOLFSSL_THREAD test_logging(void* args)
  26786. {
  26787. const char* file;
  26788. int line;
  26789. int err;
  26790. int errorCount = 0;
  26791. int i;
  26792. (void)args;
  26793. while (!loggingThreadsReady);
  26794. for (i = 0; i < ERROR_COUNT; i++)
  26795. ERR_put_error(ERR_LIB_PEM, SYS_F_ACCEPT, -990 - i, __FILE__, __LINE__);
  26796. while ((err = ERR_get_error_line(&file, &line))) {
  26797. AssertIntEQ(err, 990 + errorCount);
  26798. errorCount++;
  26799. }
  26800. AssertIntEQ(errorCount, ERROR_COUNT);
  26801. return 0;
  26802. }
  26803. #endif
  26804. static void test_error_queue_per_thread(void)
  26805. {
  26806. #if defined(ERROR_QUEUE_PER_THREAD) && !defined(NO_ERROR_QUEUE) && \
  26807. defined(OPENSSL_EXTRA) && defined(DEBUG_WOLFSSL)
  26808. THREAD_TYPE loggingThreads[LOGGING_THREADS];
  26809. int i;
  26810. printf(testingFmt, "error_queue_per_thread()");
  26811. ERR_clear_error(); /* clear out any error nodes */
  26812. loggingThreadsReady = 0;
  26813. for (i = 0; i < LOGGING_THREADS; i++)
  26814. start_thread(test_logging, NULL, &loggingThreads[i]);
  26815. loggingThreadsReady = 1;
  26816. for (i = 0; i < LOGGING_THREADS; i++)
  26817. join_thread(loggingThreads[i]);
  26818. printf(resultFmt, passed);
  26819. #endif
  26820. }
  26821. static void test_wolfSSL_ERR_put_error(void)
  26822. {
  26823. #if !defined(NO_ERROR_QUEUE) && defined(OPENSSL_EXTRA) && \
  26824. defined(DEBUG_WOLFSSL)
  26825. const char* file;
  26826. int line;
  26827. printf(testingFmt, "wolfSSL_ERR_put_error()");
  26828. ERR_clear_error(); /* clear out any error nodes */
  26829. ERR_put_error(0,SYS_F_ACCEPT, 0, "this file", 0);
  26830. AssertIntEQ(ERR_get_error_line(&file, &line), 0);
  26831. ERR_put_error(0,SYS_F_BIND, 1, "this file", 1);
  26832. AssertIntEQ(ERR_get_error_line(&file, &line), 1);
  26833. ERR_put_error(0,SYS_F_CONNECT, 2, "this file", 2);
  26834. AssertIntEQ(ERR_get_error_line(&file, &line), 2);
  26835. ERR_put_error(0,SYS_F_FOPEN, 3, "this file", 3);
  26836. AssertIntEQ(ERR_get_error_line(&file, &line), 3);
  26837. ERR_put_error(0,SYS_F_FREAD, 4, "this file", 4);
  26838. AssertIntEQ(ERR_get_error_line(&file, &line), 4);
  26839. ERR_put_error(0,SYS_F_GETADDRINFO, 5, "this file", 5);
  26840. AssertIntEQ(ERR_get_error_line(&file, &line), 5);
  26841. ERR_put_error(0,SYS_F_GETSOCKOPT, 6, "this file", 6);
  26842. AssertIntEQ(ERR_get_error_line(&file, &line), 6);
  26843. ERR_put_error(0,SYS_F_GETSOCKNAME, 7, "this file", 7);
  26844. AssertIntEQ(ERR_get_error_line(&file, &line), 7);
  26845. ERR_put_error(0,SYS_F_GETHOSTBYNAME, 8, "this file", 8);
  26846. AssertIntEQ(ERR_get_error_line(&file, &line), 8);
  26847. ERR_put_error(0,SYS_F_GETNAMEINFO, 9, "this file", 9);
  26848. AssertIntEQ(ERR_get_error_line(&file, &line), 9);
  26849. ERR_put_error(0,SYS_F_GETSERVBYNAME, 10, "this file", 10);
  26850. AssertIntEQ(ERR_get_error_line(&file, &line), 10);
  26851. ERR_put_error(0,SYS_F_IOCTLSOCKET, 11, "this file", 11);
  26852. AssertIntEQ(ERR_get_error_line(&file, &line), 11);
  26853. ERR_put_error(0,SYS_F_LISTEN, 12, "this file", 12);
  26854. AssertIntEQ(ERR_get_error_line(&file, &line), 12);
  26855. ERR_put_error(0,SYS_F_OPENDIR, 13, "this file", 13);
  26856. AssertIntEQ(ERR_get_error_line(&file, &line), 13);
  26857. ERR_put_error(0,SYS_F_SETSOCKOPT, 14, "this file", 14);
  26858. AssertIntEQ(ERR_get_error_line(&file, &line), 14);
  26859. ERR_put_error(0,SYS_F_SOCKET, 15, "this file", 15);
  26860. AssertIntEQ(ERR_get_error_line(&file, &line), 15);
  26861. /* try reading past end of error queue */
  26862. file = NULL;
  26863. AssertIntEQ(ERR_get_error_line(&file, &line), 0);
  26864. AssertNull(file);
  26865. AssertIntEQ(ERR_get_error_line_data(&file, &line, NULL, NULL), 0);
  26866. PEMerr(4,4);
  26867. AssertIntEQ(ERR_get_error(), 4);
  26868. /* Empty and free up all error nodes */
  26869. ERR_clear_error();
  26870. /* Verify all nodes are cleared */
  26871. ERR_put_error(0,SYS_F_ACCEPT, 0, "this file", 0);
  26872. ERR_clear_error();
  26873. AssertIntEQ(ERR_get_error_line(&file, &line), 0);
  26874. printf(resultFmt, passed);
  26875. #endif
  26876. }
  26877. #ifndef NO_BIO
  26878. static void test_wolfSSL_ERR_print_errors(void)
  26879. {
  26880. #if !defined(NO_ERROR_QUEUE) && defined(OPENSSL_EXTRA) && \
  26881. defined(DEBUG_WOLFSSL) && !defined(NO_ERROR_STRINGS)
  26882. BIO* bio;
  26883. char buf[1024];
  26884. printf(testingFmt, "wolfSSL_ERR_print_errors()");
  26885. AssertNotNull(bio = BIO_new(BIO_s_mem()));
  26886. ERR_clear_error(); /* clear out any error nodes */
  26887. ERR_put_error(0,SYS_F_ACCEPT, -173, "ssl.c", 0);
  26888. /* Choosing -299 as an unused errno between MIN_CODE_E < x < WC_LAST_E. */
  26889. ERR_put_error(0,SYS_F_BIND, -299, "asn.c", 100);
  26890. ERR_print_errors(bio);
  26891. AssertIntEQ(BIO_gets(bio, buf, sizeof(buf)), 56);
  26892. AssertIntEQ(XSTRNCMP("error:173:wolfSSL library:Bad function argument:ssl.c:0",
  26893. buf, 55), 0);
  26894. AssertIntEQ(BIO_gets(bio, buf, sizeof(buf)), 57);
  26895. AssertIntEQ(XSTRNCMP("error:299:wolfSSL library:unknown error number:asn.c:100",
  26896. buf, 56), 0);
  26897. AssertIntEQ(BIO_gets(bio, buf, sizeof(buf)), 1);
  26898. AssertIntEQ(buf[0], '\0');
  26899. AssertIntEQ(ERR_get_error_line(NULL, NULL), 0);
  26900. BIO_free(bio);
  26901. printf(resultFmt, passed);
  26902. #endif
  26903. }
  26904. #if !defined(NO_ERROR_QUEUE) && defined(OPENSSL_EXTRA) && \
  26905. defined(DEBUG_WOLFSSL)
  26906. static int test_wolfSSL_error_cb(const char *str, size_t len, void *u)
  26907. {
  26908. wolfSSL_BIO_write((BIO*)u, str, (int)len);
  26909. return 0;
  26910. }
  26911. #endif
  26912. static void test_wolfSSL_ERR_print_errors_cb(void)
  26913. {
  26914. #if !defined(NO_ERROR_QUEUE) && defined(OPENSSL_EXTRA) && \
  26915. defined(DEBUG_WOLFSSL)
  26916. BIO* bio;
  26917. char buf[1024];
  26918. printf(testingFmt, "wolfSSL_ERR_print_errors_cb()");
  26919. AssertNotNull(bio = BIO_new(BIO_s_mem()));
  26920. ERR_clear_error(); /* clear out any error nodes */
  26921. ERR_put_error(0,SYS_F_ACCEPT, -173, "ssl.c", 0);
  26922. ERR_put_error(0,SYS_F_BIND, -275, "asn.c", 100);
  26923. ERR_print_errors_cb(test_wolfSSL_error_cb, bio);
  26924. AssertIntEQ(BIO_gets(bio, buf, sizeof(buf)), 108);
  26925. AssertIntEQ(XSTRNCMP("wolfSSL error occurred, error = 173 line:0 file:ssl.c",
  26926. buf, 53), 0);
  26927. AssertIntEQ(XSTRNCMP("wolfSSL error occurred, error = 275 line:100 file:asn.c",
  26928. buf + 53, 55), 0);
  26929. AssertIntEQ(BIO_gets(bio, buf, sizeof(buf)), 0);
  26930. BIO_free(bio);
  26931. printf(resultFmt, passed);
  26932. #endif
  26933. }
  26934. /*
  26935. * Testing WOLFSSL_ERROR_MSG
  26936. */
  26937. static int test_WOLFSSL_ERROR_MSG (void)
  26938. {
  26939. int ret = 0;
  26940. #if defined(DEBUG_WOLFSSL) || defined(OPENSSL_ALL) || defined(WOLFSSL_NGINX) ||\
  26941. defined(WOLFSSL_HAPROXY) || defined(OPENSSL_EXTRA)
  26942. const char* msg = TEST_STRING;
  26943. printf(testingFmt, "WOLFSSL_ERROR_MSG()");
  26944. WOLFSSL_ERROR_MSG(msg);
  26945. printf(resultFmt, ret == 0 ? passed : failed);
  26946. #endif
  26947. return ret;
  26948. }/*End test_WOLFSSL_ERROR_MSG*/
  26949. /*
  26950. * Testing wc_ERR_remove_state
  26951. */
  26952. static int test_wc_ERR_remove_state (void)
  26953. {
  26954. int ret = 0;
  26955. #if defined(OPENSSL_EXTRA) || defined(DEBUG_WOLFSSL_VERBOSE)
  26956. printf(testingFmt, "wc_ERR_remove_state()");
  26957. wc_ERR_remove_state();
  26958. printf(resultFmt, ret == 0 ? passed : failed);
  26959. #endif
  26960. return ret;
  26961. }/*End test_wc_ERR_remove_state*/
  26962. /*
  26963. * Testing wc_ERR_print_errors_fp
  26964. */
  26965. static int test_wc_ERR_print_errors_fp (void)
  26966. {
  26967. int ret = 0;
  26968. #if (defined(OPENSSL_EXTRA) || defined(DEBUG_WOLFSSL_VERBOSE)) && \
  26969. (!defined(NO_FILESYSTEM) && !defined(NO_STDIO_FILESYSTEM))
  26970. long sz;
  26971. printf(testingFmt, "wc_ERR_print_errors_fp()");
  26972. WOLFSSL_ERROR(BAD_FUNC_ARG);
  26973. XFILE fp = XFOPEN("./tests/test-log-dump-to-file.txt", "ar");
  26974. wc_ERR_print_errors_fp(fp);
  26975. #if defined(DEBUG_WOLFSSL)
  26976. AssertTrue(XFSEEK(fp, 0, XSEEK_END) == 0);
  26977. sz = XFTELL(fp);
  26978. if (sz == 0) {
  26979. ret = BAD_FUNC_ARG;
  26980. }
  26981. #endif
  26982. printf(resultFmt, ret == 0 ? passed : failed);
  26983. XFCLOSE(fp);
  26984. (void)sz;
  26985. #endif
  26986. return ret;
  26987. }/*End test_wc_ERR_print_errors_fp*/
  26988. #ifdef DEBUG_WOLFSSL
  26989. static void Logging_cb(const int logLevel, const char *const logMessage)
  26990. {
  26991. (void)logLevel;
  26992. (void)logMessage;
  26993. }
  26994. #endif
  26995. /*
  26996. * Testing wolfSSL_GetLoggingCb
  26997. */
  26998. static int test_wolfSSL_GetLoggingCb (void)
  26999. {
  27000. int ret = 0;
  27001. printf(testingFmt, "wolfSSL_GetLoggingCb()");
  27002. #ifdef DEBUG_WOLFSSL
  27003. /* Testing without wolfSSL_SetLoggingCb() */
  27004. if (ret == 0) {
  27005. if (wolfSSL_GetLoggingCb() == NULL) { /* Should be true */
  27006. ret = 0;
  27007. }
  27008. if (wolfSSL_GetLoggingCb() != NULL) { /* Should not be true */
  27009. ret = -1;
  27010. }
  27011. }
  27012. /* Testing with wolfSSL_SetLoggingCb() */
  27013. if (ret == 0) {
  27014. ret = wolfSSL_SetLoggingCb(Logging_cb);
  27015. if (ret == 0){
  27016. if (wolfSSL_GetLoggingCb() == NULL) { /* Should not be true */
  27017. ret = -1;
  27018. }
  27019. if (ret == 0) {
  27020. if (wolfSSL_GetLoggingCb() == Logging_cb) { /* Should be true */
  27021. ret = 0;
  27022. }
  27023. }
  27024. /* reset logging callback */
  27025. wolfSSL_SetLoggingCb(NULL);
  27026. }
  27027. }
  27028. #endif
  27029. if (ret == 0) {
  27030. if (wolfSSL_GetLoggingCb() != NULL) {
  27031. ret = -1;
  27032. }
  27033. }
  27034. printf(resultFmt, ret == 0 ? passed : failed);
  27035. return ret;
  27036. }/*End test_wolfSSL_GetLoggingCb*/
  27037. #endif /* !NO_BIO */
  27038. #if defined(OPENSSL_EXTRA) && (!defined(NO_SHA256) || \
  27039. defined(WOLFSSL_SHA224) || defined(WOLFSSL_SHA384) || \
  27040. defined(WOLFSSL_SHA512) || defined(WOLFSSL_SHA3))
  27041. static void test_openssl_hmac(const WOLFSSL_EVP_MD* md, int md_len)
  27042. {
  27043. static const unsigned char key[] = "simple test key";
  27044. HMAC_CTX* hmac;
  27045. ENGINE* e = NULL;
  27046. unsigned char hash[WC_MAX_DIGEST_SIZE];
  27047. unsigned int len;
  27048. AssertNotNull(hmac = HMAC_CTX_new());
  27049. HMAC_CTX_init(hmac);
  27050. AssertIntEQ(HMAC_Init_ex(hmac, (void*)key, (int)sizeof(key), md, e),
  27051. SSL_SUCCESS);
  27052. /* re-using test key as data to hash */
  27053. AssertIntEQ(HMAC_Update(hmac, key, (int)sizeof(key)), SSL_SUCCESS);
  27054. AssertIntEQ(HMAC_Update(hmac, NULL, 0), SSL_SUCCESS);
  27055. AssertIntEQ(HMAC_Final(hmac, hash, &len), SSL_SUCCESS);
  27056. AssertIntEQ(len, md_len);
  27057. AssertIntEQ(HMAC_size(hmac), md_len);
  27058. HMAC_cleanup(hmac);
  27059. HMAC_CTX_free(hmac);
  27060. len = 0;
  27061. AssertNotNull(HMAC(md, key, (int)sizeof(key), NULL, 0, hash, &len));
  27062. AssertIntEQ(len, md_len);
  27063. }
  27064. #endif
  27065. static void test_wolfSSL_HMAC(void)
  27066. {
  27067. #if defined(OPENSSL_EXTRA) && (!defined(NO_SHA256) || \
  27068. defined(WOLFSSL_SHA224) || defined(WOLFSSL_SHA384) || \
  27069. defined(WOLFSSL_SHA512) || defined(WOLFSSL_SHA3))
  27070. printf(testingFmt, "wolfSSL_HMAC()");
  27071. #ifndef NO_SHA256
  27072. test_openssl_hmac(EVP_sha256(), (int)WC_SHA256_DIGEST_SIZE);
  27073. #endif
  27074. #ifdef WOLFSSL_SHA224
  27075. test_openssl_hmac(EVP_sha224(), (int)WC_SHA224_DIGEST_SIZE);
  27076. #endif
  27077. #ifdef WOLFSSL_SHA384
  27078. test_openssl_hmac(EVP_sha384(), (int)WC_SHA384_DIGEST_SIZE);
  27079. #endif
  27080. #ifdef WOLFSSL_SHA512
  27081. test_openssl_hmac(EVP_sha512(), (int)WC_SHA512_DIGEST_SIZE);
  27082. #endif
  27083. #ifdef WOLFSSL_SHA3
  27084. #ifndef WOLFSSL_NOSHA3_224
  27085. test_openssl_hmac(EVP_sha3_224(), (int)WC_SHA3_224_DIGEST_SIZE);
  27086. #endif
  27087. #ifndef WOLFSSL_NOSHA3_256
  27088. test_openssl_hmac(EVP_sha3_256(), (int)WC_SHA3_256_DIGEST_SIZE);
  27089. #endif
  27090. #ifndef WOLFSSL_NOSHA3_384
  27091. test_openssl_hmac(EVP_sha3_384(), (int)WC_SHA3_384_DIGEST_SIZE);
  27092. #endif
  27093. #ifndef WOLFSSL_NOSHA3_512
  27094. test_openssl_hmac(EVP_sha3_512(), (int)WC_SHA3_512_DIGEST_SIZE);
  27095. #endif
  27096. #endif
  27097. printf(resultFmt, passed);
  27098. #endif
  27099. }
  27100. static void test_wolfSSL_OBJ(void)
  27101. {
  27102. /* Password "wolfSSL test" is only 12 (96-bit) too short for testing in FIPS
  27103. * mode
  27104. */
  27105. #if defined(OPENSSL_EXTRA) && !defined(NO_SHA256) && !defined(NO_ASN) && \
  27106. !defined(HAVE_FIPS) && !defined(NO_SHA) && defined(WOLFSSL_CERT_EXT) && \
  27107. defined(WOLFSSL_CERT_GEN)
  27108. ASN1_OBJECT *obj = NULL;
  27109. char buf[50];
  27110. XFILE fp;
  27111. X509 *x509 = NULL;
  27112. X509_NAME *x509Name;
  27113. X509_NAME_ENTRY *x509NameEntry;
  27114. ASN1_OBJECT *asn1Name = NULL;
  27115. int numNames;
  27116. BIO *bio = NULL;
  27117. int nid;
  27118. int i, j;
  27119. const char *f[] = {
  27120. #ifndef NO_RSA
  27121. "./certs/ca-cert.der",
  27122. #endif
  27123. #ifdef HAVE_ECC
  27124. "./certs/ca-ecc-cert.der",
  27125. "./certs/ca-ecc384-cert.der",
  27126. #endif
  27127. NULL};
  27128. ASN1_OBJECT *field_name_obj = NULL;
  27129. int lastpos = -1;
  27130. int tmp = -1;
  27131. ASN1_STRING *asn1 = NULL;
  27132. unsigned char *buf_dyn = NULL;
  27133. printf(testingFmt, "wolfSSL_OBJ()");
  27134. AssertIntEQ(OBJ_obj2txt(buf, (int)sizeof(buf), obj, 1), SSL_FAILURE);
  27135. AssertNotNull(obj = OBJ_nid2obj(NID_any_policy));
  27136. AssertIntEQ(OBJ_obj2nid(obj), NID_any_policy);
  27137. AssertIntEQ(OBJ_obj2txt(buf, (int)sizeof(buf), obj, 1), 11);
  27138. AssertIntGT(OBJ_obj2txt(buf, (int)sizeof(buf), obj, 0), 0);
  27139. ASN1_OBJECT_free(obj);
  27140. AssertNotNull(obj = OBJ_nid2obj(NID_sha256));
  27141. AssertIntEQ(OBJ_obj2nid(obj), NID_sha256);
  27142. AssertIntEQ(OBJ_obj2txt(buf, (int)sizeof(buf), obj, 1), 22);
  27143. #ifdef WOLFSSL_CERT_EXT
  27144. AssertIntEQ(OBJ_txt2nid(buf), NID_sha256);
  27145. #endif
  27146. AssertIntGT(OBJ_obj2txt(buf, (int)sizeof(buf), obj, 0), 0);
  27147. ASN1_OBJECT_free(obj);
  27148. for (i = 0; f[i] != NULL; i++)
  27149. {
  27150. AssertTrue((fp = XFOPEN(f[i], "rb")) != XBADFILE);
  27151. AssertNotNull(x509 = d2i_X509_fp(fp, NULL));
  27152. XFCLOSE(fp);
  27153. AssertNotNull(x509Name = X509_get_issuer_name(x509));
  27154. AssertIntNE((numNames = X509_NAME_entry_count(x509Name)), 0);
  27155. /* Get the Common Name by using OBJ_txt2obj */
  27156. AssertNotNull(field_name_obj = OBJ_txt2obj("CN", 0));
  27157. do
  27158. {
  27159. lastpos = tmp;
  27160. tmp = X509_NAME_get_index_by_OBJ(x509Name, field_name_obj, lastpos);
  27161. } while (tmp > -1);
  27162. AssertIntNE(lastpos, -1);
  27163. ASN1_OBJECT_free(field_name_obj);
  27164. AssertNotNull(x509NameEntry = X509_NAME_get_entry(x509Name, lastpos));
  27165. AssertNotNull(asn1 = X509_NAME_ENTRY_get_data(x509NameEntry));
  27166. AssertIntGE(ASN1_STRING_to_UTF8(&buf_dyn, asn1), 0);
  27167. /*
  27168. * All Common Names should be www.wolfssl.com
  27169. * This makes testing easier as we can test for the expected value.
  27170. */
  27171. AssertStrEQ((char*)buf_dyn, "www.wolfssl.com");
  27172. OPENSSL_free(buf_dyn);
  27173. bio = BIO_new(BIO_s_mem());
  27174. AssertTrue(bio != NULL);
  27175. for (j = 0; j < numNames; j++)
  27176. {
  27177. AssertNotNull(x509NameEntry = X509_NAME_get_entry(x509Name, j));
  27178. AssertNotNull(asn1Name = X509_NAME_ENTRY_get_object(x509NameEntry));
  27179. AssertTrue((nid = OBJ_obj2nid(asn1Name)) > 0);
  27180. }
  27181. BIO_free(bio);
  27182. X509_free(x509);
  27183. }
  27184. #ifdef HAVE_PKCS12
  27185. {
  27186. PKCS12 *p12;
  27187. int boolRet;
  27188. EVP_PKEY *pkey = NULL;
  27189. const char *p12_f[] = {
  27190. #if !defined(NO_DES3) && !defined(NO_RSA)
  27191. "./certs/test-servercert.p12",
  27192. #endif
  27193. NULL};
  27194. for (i = 0; p12_f[i] != NULL; i++)
  27195. {
  27196. AssertTrue((fp = XFOPEN(p12_f[i], "rb")) != XBADFILE);
  27197. AssertNotNull(p12 = d2i_PKCS12_fp(fp, NULL));
  27198. XFCLOSE(fp);
  27199. AssertTrue((boolRet = PKCS12_parse(p12, "wolfSSL test",
  27200. &pkey, &x509, NULL)) > 0);
  27201. wc_PKCS12_free(p12);
  27202. EVP_PKEY_free(pkey);
  27203. x509Name = X509_get_issuer_name(x509);
  27204. AssertNotNull(x509Name);
  27205. AssertIntNE((numNames = X509_NAME_entry_count(x509Name)), 0);
  27206. AssertTrue((bio = BIO_new(BIO_s_mem())) != NULL);
  27207. for (j = 0; j < numNames; j++)
  27208. {
  27209. AssertNotNull(x509NameEntry = X509_NAME_get_entry(x509Name, j));
  27210. AssertNotNull(asn1Name =
  27211. X509_NAME_ENTRY_get_object(x509NameEntry));
  27212. AssertTrue((nid = OBJ_obj2nid(asn1Name)) > 0);
  27213. }
  27214. BIO_free(bio);
  27215. X509_free(x509);
  27216. }
  27217. }
  27218. #endif /* HAVE_PKCS12 */
  27219. printf(resultFmt, passed);
  27220. #endif
  27221. }
  27222. static void test_wolfSSL_i2a_ASN1_OBJECT(void)
  27223. {
  27224. #if defined(OPENSSL_EXTRA) && !defined(NO_ASN) && !defined(NO_BIO)
  27225. ASN1_OBJECT *obj = NULL;
  27226. BIO *bio = NULL;
  27227. AssertNotNull(obj = OBJ_nid2obj(NID_sha256));
  27228. AssertTrue((bio = BIO_new(BIO_s_mem())) != NULL);
  27229. AssertIntGT(wolfSSL_i2a_ASN1_OBJECT(bio, obj), 0);
  27230. AssertIntGT(wolfSSL_i2a_ASN1_OBJECT(bio, NULL), 0);
  27231. AssertIntEQ(wolfSSL_i2a_ASN1_OBJECT(NULL, obj), 0);
  27232. BIO_free(bio);
  27233. ASN1_OBJECT_free(obj);
  27234. #endif
  27235. }
  27236. static void test_wolfSSL_OBJ_cmp(void)
  27237. {
  27238. #if defined(OPENSSL_EXTRA) && !defined(NO_SHA256)
  27239. ASN1_OBJECT *obj = NULL;
  27240. ASN1_OBJECT *obj2 = NULL;
  27241. printf(testingFmt, "wolfSSL_OBJ_cmp()");
  27242. AssertNotNull(obj = OBJ_nid2obj(NID_any_policy));
  27243. AssertNotNull(obj2 = OBJ_nid2obj(NID_sha256));
  27244. AssertIntEQ(OBJ_cmp(NULL, NULL), WOLFSSL_FATAL_ERROR);
  27245. AssertIntEQ(OBJ_cmp(obj, NULL), WOLFSSL_FATAL_ERROR);
  27246. AssertIntEQ(OBJ_cmp(NULL, obj2), WOLFSSL_FATAL_ERROR);
  27247. AssertIntEQ(OBJ_cmp(obj, obj2), WOLFSSL_FATAL_ERROR);
  27248. AssertIntEQ(OBJ_cmp(obj, obj), 0);
  27249. AssertIntEQ(OBJ_cmp(obj2, obj2), 0);
  27250. ASN1_OBJECT_free(obj);
  27251. ASN1_OBJECT_free(obj2);
  27252. printf(resultFmt, passed);
  27253. #endif
  27254. }
  27255. static void test_wolfSSL_OBJ_txt2nid(void)
  27256. {
  27257. #if !defined(NO_WOLFSSL_STUB) && defined(WOLFSSL_APACHE_HTTPD)
  27258. int i;
  27259. static const struct {
  27260. const char* sn;
  27261. const char* ln;
  27262. const char* oid;
  27263. int nid;
  27264. } testVals[] = {
  27265. { "tlsfeature", "TLS Feature", "1.3.6.1.5.5.7.1.24", NID_tlsfeature },
  27266. { "id-on-dnsSRV", "SRVName", "1.3.6.1.5.5.7.8.7",
  27267. NID_id_on_dnsSRV },
  27268. { "msUPN", "Microsoft User Principal Name",
  27269. "1.3.6.1.4.1.311.20.2.3", NID_ms_upn },
  27270. { NULL, NULL, NULL, NID_undef }
  27271. };
  27272. printf(testingFmt, "wolfSSL_OBJ_txt2nid()");
  27273. /* Invalid cases */
  27274. AssertIntEQ(OBJ_txt2nid(NULL), NID_undef);
  27275. AssertIntEQ(OBJ_txt2nid("Bad name"), NID_undef);
  27276. /* Valid cases */
  27277. for (i = 0; testVals[i].sn != NULL; i++) {
  27278. AssertIntEQ(OBJ_txt2nid(testVals[i].sn), testVals[i].nid);
  27279. AssertIntEQ(OBJ_txt2nid(testVals[i].ln), testVals[i].nid);
  27280. AssertIntEQ(OBJ_txt2nid(testVals[i].oid), testVals[i].nid);
  27281. }
  27282. printf(resultFmt, passed);
  27283. #endif
  27284. }
  27285. static void test_wolfSSL_OBJ_txt2obj(void)
  27286. {
  27287. #if defined(WOLFSSL_APACHE_HTTPD) || (defined(OPENSSL_EXTRA) && \
  27288. defined(WOLFSSL_CERT_EXT) && defined(WOLFSSL_CERT_GEN))
  27289. int i;
  27290. char buf[50];
  27291. ASN1_OBJECT* obj;
  27292. static const struct {
  27293. const char* oidStr;
  27294. const char* sn;
  27295. const char* ln;
  27296. } objs_list[] = {
  27297. #if defined(WOLFSSL_APACHE_HTTPD)
  27298. { "1.3.6.1.5.5.7.1.24", "tlsfeature", "TLS Feature" },
  27299. { "1.3.6.1.5.5.7.8.7", "id-on-dnsSRV", "SRVName" },
  27300. #endif
  27301. { "2.5.29.19", "basicConstraints", "X509v3 Basic Constraints"},
  27302. { NULL, NULL, NULL }
  27303. };
  27304. printf(testingFmt, "wolfSSL_OBJ_txt2obj()");
  27305. AssertNull(obj = OBJ_txt2obj("Bad name", 0));
  27306. AssertNull(obj = OBJ_txt2obj(NULL, 0));
  27307. for (i = 0; objs_list[i].oidStr != NULL; i++) {
  27308. /* Test numerical value of oid (oidStr) */
  27309. AssertNotNull(obj = OBJ_txt2obj(objs_list[i].oidStr, 1));
  27310. /* Convert object back to text to confirm oid is correct */
  27311. wolfSSL_OBJ_obj2txt(buf, (int)sizeof(buf), obj, 1);
  27312. AssertIntEQ(XSTRNCMP(buf, objs_list[i].oidStr, (int)XSTRLEN(buf)), 0);
  27313. ASN1_OBJECT_free(obj);
  27314. XMEMSET(buf, 0, sizeof(buf));
  27315. /* Test short name (sn) */
  27316. AssertNull(obj = OBJ_txt2obj(objs_list[i].sn, 1));
  27317. AssertNotNull(obj = OBJ_txt2obj(objs_list[i].sn, 0));
  27318. /* Convert object back to text to confirm oid is correct */
  27319. wolfSSL_OBJ_obj2txt(buf, (int)sizeof(buf), obj, 1);
  27320. AssertIntEQ(XSTRNCMP(buf, objs_list[i].oidStr, (int)XSTRLEN(buf)), 0);
  27321. ASN1_OBJECT_free(obj);
  27322. XMEMSET(buf, 0, sizeof(buf));
  27323. /* Test long name (ln) - should fail when no_name = 1 */
  27324. AssertNull(obj = OBJ_txt2obj(objs_list[i].ln, 1));
  27325. AssertNotNull(obj = OBJ_txt2obj(objs_list[i].ln, 0));
  27326. /* Convert object back to text to confirm oid is correct */
  27327. wolfSSL_OBJ_obj2txt(buf, (int)sizeof(buf), obj, 1);
  27328. AssertIntEQ(XSTRNCMP(buf, objs_list[i].oidStr, (int)XSTRLEN(buf)), 0);
  27329. ASN1_OBJECT_free(obj);
  27330. XMEMSET(buf, 0, sizeof(buf));
  27331. }
  27332. printf(resultFmt, passed);
  27333. #endif
  27334. }
  27335. static void test_wolfSSL_X509_NAME_ENTRY(void)
  27336. {
  27337. #if defined(OPENSSL_EXTRA) && !defined(NO_CERTS) && !defined(NO_FILESYSTEM) && \
  27338. !defined(NO_RSA) && defined(WOLFSSL_CERT_GEN)
  27339. X509* x509;
  27340. #ifndef NO_BIO
  27341. BIO* bio;
  27342. #endif
  27343. X509_NAME* nm;
  27344. X509_NAME_ENTRY* entry;
  27345. unsigned char cn[] = "another name to add";
  27346. printf(testingFmt, "wolfSSL_X509_NAME_ENTRY()");
  27347. AssertNotNull(x509 =
  27348. wolfSSL_X509_load_certificate_file(cliCertFile, SSL_FILETYPE_PEM));
  27349. #ifndef NO_BIO
  27350. AssertNotNull(bio = BIO_new(BIO_s_mem()));
  27351. AssertIntEQ(PEM_write_bio_X509_AUX(bio, x509), SSL_SUCCESS);
  27352. #endif
  27353. #ifdef WOLFSSL_CERT_REQ
  27354. {
  27355. X509_REQ* req;
  27356. #ifndef NO_BIO
  27357. BIO* bReq;
  27358. #endif
  27359. AssertNotNull(req =
  27360. wolfSSL_X509_load_certificate_file(cliCertFile, SSL_FILETYPE_PEM));
  27361. #ifndef NO_BIO
  27362. AssertNotNull(bReq = BIO_new(BIO_s_mem()));
  27363. AssertIntEQ(PEM_write_bio_X509_REQ(bReq, req), SSL_SUCCESS);
  27364. BIO_free(bReq);
  27365. #endif
  27366. X509_free(req);
  27367. }
  27368. #endif
  27369. AssertNotNull(nm = X509_get_subject_name(x509));
  27370. /* Test add entry */
  27371. AssertNotNull(entry = X509_NAME_ENTRY_create_by_NID(NULL, NID_commonName,
  27372. 0x0c, cn, (int)sizeof(cn)));
  27373. AssertIntEQ(X509_NAME_add_entry(nm, entry, -1, 0), SSL_SUCCESS);
  27374. #ifdef WOLFSSL_CERT_EXT
  27375. AssertIntEQ(X509_NAME_add_entry_by_txt(nm, "emailAddress", MBSTRING_UTF8,
  27376. (byte*)"support@wolfssl.com", 19, -1,
  27377. 1), WOLFSSL_SUCCESS);
  27378. #endif
  27379. X509_NAME_ENTRY_free(entry);
  27380. /* Test add entry by text */
  27381. AssertNotNull(entry = X509_NAME_ENTRY_create_by_txt(NULL, "commonName",
  27382. 0x0c, cn, (int)sizeof(cn)));
  27383. #if defined(OPENSSL_ALL) || defined(WOLFSSL_ASIO) \
  27384. || defined(WOLFSSL_HAPROXY) || defined(WOLFSSL_NGINX)
  27385. AssertNull(X509_NAME_ENTRY_create_by_txt(&entry, "unknown",
  27386. V_ASN1_UTF8STRING, cn, (int)sizeof(cn)));
  27387. #endif
  27388. AssertIntEQ(X509_NAME_add_entry(nm, entry, -1, 0), SSL_SUCCESS);
  27389. X509_NAME_ENTRY_free(entry);
  27390. /* Test add entry by NID */
  27391. AssertIntEQ(X509_NAME_add_entry_by_NID(nm, NID_commonName, MBSTRING_UTF8,
  27392. cn, -1, -1, 0), WOLFSSL_SUCCESS);
  27393. #ifndef NO_BIO
  27394. BIO_free(bio);
  27395. #endif
  27396. X509_free(x509); /* free's nm */
  27397. printf(resultFmt, passed);
  27398. #endif
  27399. }
  27400. static void test_wolfSSL_X509_set_name(void)
  27401. {
  27402. #if defined(OPENSSL_EXTRA) && !defined(NO_CERTS) && \
  27403. defined(WOLFSSL_CERT_GEN) && defined(WOLFSSL_CERT_REQ)
  27404. X509* x509;
  27405. X509_NAME* name;
  27406. printf(testingFmt, "wolfSSL_X509_set_name()");
  27407. AssertNotNull(name = X509_NAME_new());
  27408. AssertIntEQ(X509_NAME_add_entry_by_txt(name, "commonName", MBSTRING_UTF8,
  27409. (byte*)"wolfssl.com", 11, 0, 1),
  27410. WOLFSSL_SUCCESS);
  27411. AssertIntEQ(X509_NAME_add_entry_by_txt(name, "emailAddress", MBSTRING_UTF8,
  27412. (byte*)"support@wolfssl.com", 19, -1,
  27413. 1), WOLFSSL_SUCCESS);
  27414. AssertNotNull(x509 = X509_new());
  27415. AssertIntEQ(X509_set_subject_name(NULL, NULL), WOLFSSL_FAILURE);
  27416. AssertIntEQ(X509_set_subject_name(x509, NULL), WOLFSSL_FAILURE);
  27417. AssertIntEQ(X509_set_subject_name(NULL, name), WOLFSSL_FAILURE);
  27418. AssertIntEQ(X509_set_subject_name(x509, name), WOLFSSL_SUCCESS);
  27419. AssertIntEQ(X509_set_issuer_name(NULL, NULL), WOLFSSL_FAILURE);
  27420. AssertIntEQ(X509_set_issuer_name(x509, NULL), WOLFSSL_FAILURE);
  27421. AssertIntEQ(X509_set_issuer_name(NULL, name), WOLFSSL_FAILURE);
  27422. AssertIntEQ(X509_set_issuer_name(x509, name), WOLFSSL_SUCCESS);
  27423. X509_free(x509);
  27424. X509_NAME_free(name);
  27425. printf(resultFmt, passed);
  27426. #endif /* OPENSSL_ALL && !NO_CERTS */
  27427. }
  27428. static void test_wolfSSL_X509_set_notAfter(void)
  27429. {
  27430. #if (defined(OPENSSL_ALL) || defined(WOLFSSL_APACHE_HTTPD)) \
  27431. && !defined(NO_ASN_TIME) && !defined(USER_TIME) && \
  27432. !defined(TIME_OVERRIDES) && !defined(NO_CERTS) && \
  27433. defined(WOLFSSL_CERT_GEN) && defined(WOLFSSL_CERT_REQ) &&\
  27434. !defined(TIME_T_NOT_64BIT) && !defined(NO_64BIT)
  27435. /* Generalized time will overflow time_t if not long */
  27436. X509* x;
  27437. BIO* bio;
  27438. ASN1_TIME *asn_time, *time_check;
  27439. const int year = 365*24*60*60;
  27440. const int day = 24*60*60;
  27441. const int hour = 60*60;
  27442. const int mini = 60;
  27443. int offset_day;
  27444. unsigned char buf[25];
  27445. time_t t;
  27446. printf(testingFmt, "wolfSSL_X509_set_notAfter()");
  27447. /*
  27448. * Setup asn_time. APACHE HTTPD uses time(NULL)
  27449. */
  27450. t = (time_t)107 * year + 31 * day + 34 * hour + 30 * mini + 7 * day;
  27451. offset_day = 7;
  27452. /*
  27453. * Free these.
  27454. */
  27455. asn_time = wolfSSL_ASN1_TIME_adj(NULL, t, offset_day, 0);
  27456. AssertNotNull(asn_time);
  27457. AssertNotNull(x = X509_new());
  27458. AssertNotNull(bio = BIO_new(BIO_s_mem()));
  27459. /*
  27460. * Tests
  27461. */
  27462. AssertTrue(wolfSSL_X509_set_notAfter(x, asn_time));
  27463. /* time_check is simply (ANS1_TIME*)x->notAfter */
  27464. AssertNotNull(time_check = X509_get_notAfter(x));
  27465. /* ANS1_TIME_check validates by checking if argument can be parsed */
  27466. AssertIntEQ(ASN1_TIME_check(time_check), WOLFSSL_SUCCESS);
  27467. /* Convert to human readable format and compare to intended date */
  27468. AssertIntEQ(ASN1_TIME_print(bio, time_check), 1);
  27469. AssertIntEQ(BIO_read(bio, buf, sizeof(buf)), 24);
  27470. AssertIntEQ(XMEMCMP(buf, "Jan 20 10:30:00 2077 GMT", sizeof(buf) - 1), 0);
  27471. /*
  27472. * Cleanup
  27473. */
  27474. XFREE(asn_time,NULL,DYNAMIC_TYPE_OPENSSL);
  27475. X509_free(x);
  27476. BIO_free(bio);
  27477. printf(resultFmt, passed);
  27478. #endif
  27479. }
  27480. static void test_wolfSSL_X509_set_notBefore(void)
  27481. {
  27482. #if (defined(OPENSSL_ALL) || defined(WOLFSSL_APACHE_HTTPD)) \
  27483. && !defined(NO_ASN_TIME) && !defined(USER_TIME) && \
  27484. !defined(TIME_OVERRIDES) && !defined(NO_CERTS) && \
  27485. defined(WOLFSSL_CERT_GEN) && defined(WOLFSSL_CERT_REQ)
  27486. X509* x;
  27487. BIO* bio;
  27488. ASN1_TIME *asn_time, *time_check;
  27489. const int year = 365*24*60*60;
  27490. const int day = 24*60*60;
  27491. const int hour = 60*60;
  27492. const int mini = 60;
  27493. int offset_day;
  27494. unsigned char buf[25];
  27495. time_t t;
  27496. printf(testingFmt, "wolfSSL_X509_set_notBefore()");
  27497. /*
  27498. * Setup asn_time. APACHE HTTPD uses time(NULL)
  27499. */
  27500. t = (time_t)49 * year + 125 * day + 20 * hour + 30 * mini + 7 * day;
  27501. offset_day = 7;
  27502. /*
  27503. * Free these.
  27504. */
  27505. asn_time = wolfSSL_ASN1_TIME_adj(NULL, t, offset_day, 0);
  27506. AssertNotNull(asn_time);
  27507. AssertNotNull(x = X509_new());
  27508. AssertNotNull(bio = BIO_new(BIO_s_mem()));
  27509. AssertIntEQ(ASN1_TIME_check(asn_time), WOLFSSL_SUCCESS);
  27510. /*
  27511. * Main Tests
  27512. */
  27513. AssertTrue(wolfSSL_X509_set_notBefore(x, asn_time));
  27514. /* time_check == (ANS1_TIME*)x->notBefore */
  27515. AssertNotNull(time_check = X509_get_notBefore(x));
  27516. /* ANS1_TIME_check validates by checking if argument can be parsed */
  27517. AssertIntEQ(ASN1_TIME_check(time_check), WOLFSSL_SUCCESS);
  27518. /* Convert to human readable format and compare to intended date */
  27519. AssertIntEQ(ASN1_TIME_print(bio, time_check), 1);
  27520. AssertIntEQ(BIO_read(bio, buf, sizeof(buf)), 24);
  27521. AssertIntEQ(XMEMCMP(buf, "May 8 20:30:00 2019 GMT", sizeof(buf) - 1), 0);
  27522. /*
  27523. * Cleanup
  27524. */
  27525. XFREE(asn_time,NULL,DYNAMIC_TYPE_OPENSSL);
  27526. X509_free(x);
  27527. BIO_free(bio);
  27528. printf(resultFmt, passed);
  27529. #endif
  27530. }
  27531. static void test_wolfSSL_X509_set_version(void)
  27532. {
  27533. #if (defined(OPENSSL_ALL) || defined(WOLFSSL_APACHE_HTTPD)) && \
  27534. !defined(NO_CERTS) && defined(WOLFSSL_CERT_GEN) && defined(WOLFSSL_CERT_REQ)
  27535. X509* x509;
  27536. long v = 2L;
  27537. long maxInt = INT_MAX;
  27538. AssertNotNull(x509 = X509_new());
  27539. /* These should pass. */
  27540. AssertTrue(wolfSSL_X509_set_version(x509, v));
  27541. AssertIntEQ(v, wolfSSL_X509_get_version(x509));
  27542. /* Fail Case: When v(long) is greater than x509->version(int). */
  27543. v = maxInt+1;
  27544. AssertFalse(wolfSSL_X509_set_version(x509, v));
  27545. /* Cleanup */
  27546. X509_free(x509);
  27547. printf(resultFmt, passed);
  27548. #endif
  27549. }
  27550. #ifndef NO_BIO
  27551. static void test_wolfSSL_BIO_gets(void)
  27552. {
  27553. #if defined(OPENSSL_EXTRA)
  27554. BIO* bio;
  27555. BIO* bio2;
  27556. char msg[] = "\nhello wolfSSL\n security plus\t---...**adf\na...b.c";
  27557. char emp[] = "";
  27558. char bio_buffer[20];
  27559. int bufferSz = 20;
  27560. printf(testingFmt, "wolfSSL_BIO_gets()");
  27561. /* try with bad args */
  27562. AssertNull(bio = BIO_new_mem_buf(NULL, sizeof(msg)));
  27563. /* try with real msg */
  27564. AssertNotNull(bio = BIO_new_mem_buf((void*)msg, -1));
  27565. XMEMSET(bio_buffer, 0, bufferSz);
  27566. AssertNotNull(BIO_push(bio, BIO_new(BIO_s_bio())));
  27567. AssertNull(bio2 = BIO_find_type(bio, BIO_TYPE_FILE));
  27568. AssertNotNull(bio2 = BIO_find_type(bio, BIO_TYPE_BIO));
  27569. AssertFalse(bio2 != BIO_next(bio));
  27570. /* make buffer filled with no terminating characters */
  27571. XMEMSET(bio_buffer, 1, bufferSz);
  27572. /* BIO_gets reads a line of data */
  27573. AssertIntEQ(BIO_gets(bio, bio_buffer, -3), 0);
  27574. AssertIntEQ(BIO_gets(bio, bio_buffer, bufferSz), 1);
  27575. AssertIntEQ(BIO_gets(bio, bio_buffer, bufferSz), 14);
  27576. AssertStrEQ(bio_buffer, "hello wolfSSL\n");
  27577. AssertIntEQ(BIO_gets(bio, bio_buffer, bufferSz), 19);
  27578. AssertIntEQ(BIO_gets(bio, bio_buffer, bufferSz), 8);
  27579. AssertIntEQ(BIO_gets(bio, bio_buffer, -1), 0);
  27580. /* check not null terminated string */
  27581. BIO_free(bio);
  27582. msg[0] = 0x33;
  27583. msg[1] = 0x33;
  27584. msg[2] = 0x33;
  27585. AssertNotNull(bio = BIO_new_mem_buf((void*)msg, 3));
  27586. AssertIntEQ(BIO_gets(bio, bio_buffer, 3), 2);
  27587. AssertIntEQ(bio_buffer[0], msg[0]);
  27588. AssertIntEQ(bio_buffer[1], msg[1]);
  27589. AssertIntNE(bio_buffer[2], msg[2]);
  27590. BIO_free(bio);
  27591. msg[3] = 0x33;
  27592. bio_buffer[3] = 0x33;
  27593. AssertNotNull(bio = BIO_new_mem_buf((void*)msg, 3));
  27594. AssertIntEQ(BIO_gets(bio, bio_buffer, bufferSz), 3);
  27595. AssertIntEQ(bio_buffer[0], msg[0]);
  27596. AssertIntEQ(bio_buffer[1], msg[1]);
  27597. AssertIntEQ(bio_buffer[2], msg[2]);
  27598. AssertIntNE(bio_buffer[3], 0x33); /* make sure null terminator was set */
  27599. /* check reading an empty string */
  27600. BIO_free(bio);
  27601. AssertNotNull(bio = BIO_new_mem_buf((void*)emp, sizeof(emp)));
  27602. AssertIntEQ(BIO_gets(bio, bio_buffer, bufferSz), 1); /* just terminator */
  27603. AssertStrEQ(emp, bio_buffer);
  27604. AssertIntEQ(BIO_gets(bio, bio_buffer, bufferSz), 0); /* Nothing to read */
  27605. /* check error cases */
  27606. BIO_free(bio);
  27607. AssertIntEQ(BIO_gets(NULL, NULL, 0), SSL_FAILURE);
  27608. AssertNotNull(bio = BIO_new(BIO_s_mem()));
  27609. AssertIntEQ(BIO_gets(bio, bio_buffer, 2), 0); /* nothing to read */
  27610. #if !defined(NO_FILESYSTEM)
  27611. {
  27612. BIO* f_bio;
  27613. XFILE f;
  27614. AssertNotNull(f_bio = BIO_new(BIO_s_file()));
  27615. AssertIntLE(BIO_gets(f_bio, bio_buffer, bufferSz), 0);
  27616. f = XFOPEN(svrCertFile, "rb");
  27617. AssertTrue((f != XBADFILE));
  27618. AssertIntEQ((int)BIO_set_fp(f_bio, f, BIO_CLOSE), SSL_SUCCESS);
  27619. AssertIntGT(BIO_gets(f_bio, bio_buffer, bufferSz), 0);
  27620. BIO_free(f_bio);
  27621. }
  27622. #endif /* NO_FILESYSTEM */
  27623. BIO_free(bio);
  27624. BIO_free(bio2);
  27625. /* try with type BIO */
  27626. XMEMCPY(msg, "\nhello wolfSSL\n security plus\t---...**adf\na...b.c",
  27627. sizeof(msg));
  27628. AssertNotNull(bio = BIO_new(BIO_s_bio()));
  27629. AssertIntEQ(BIO_gets(bio, bio_buffer, 2), 0); /* nothing to read */
  27630. AssertNotNull(bio2 = BIO_new(BIO_s_bio()));
  27631. AssertIntEQ(BIO_set_write_buf_size(bio, 10), SSL_SUCCESS);
  27632. AssertIntEQ(BIO_set_write_buf_size(bio2, sizeof(msg)), SSL_SUCCESS);
  27633. AssertIntEQ(BIO_make_bio_pair(bio, bio2), SSL_SUCCESS);
  27634. AssertIntEQ(BIO_write(bio2, msg, sizeof(msg)), sizeof(msg));
  27635. AssertIntEQ(BIO_gets(bio, bio_buffer, -3), 0);
  27636. AssertIntEQ(BIO_gets(bio, bio_buffer, bufferSz), 1);
  27637. AssertIntEQ(BIO_gets(bio, bio_buffer, bufferSz), 14);
  27638. AssertStrEQ(bio_buffer, "hello wolfSSL\n");
  27639. AssertIntEQ(BIO_gets(bio, bio_buffer, bufferSz), 19);
  27640. AssertIntEQ(BIO_gets(bio, bio_buffer, bufferSz), 8);
  27641. AssertIntEQ(BIO_gets(bio, bio_buffer, -1), 0);
  27642. BIO_free(bio);
  27643. BIO_free(bio2);
  27644. /* check reading an empty string */
  27645. AssertNotNull(bio = BIO_new(BIO_s_bio()));
  27646. AssertIntEQ(BIO_set_write_buf_size(bio, sizeof(emp)), SSL_SUCCESS);
  27647. AssertIntEQ(BIO_gets(bio, bio_buffer, bufferSz), 0); /* Nothing to read */
  27648. AssertStrEQ(emp, bio_buffer);
  27649. BIO_free(bio);
  27650. printf(resultFmt, passed);
  27651. #endif
  27652. }
  27653. static void test_wolfSSL_BIO_puts(void)
  27654. {
  27655. #if defined(OPENSSL_EXTRA)
  27656. BIO* bio;
  27657. char input[] = "hello\0world\n.....ok\n\0";
  27658. char output[128];
  27659. printf(testingFmt, "wolfSSL_BIO_puts()");
  27660. XMEMSET(output, 0, sizeof(output));
  27661. AssertNotNull(bio = BIO_new(BIO_s_mem()));
  27662. AssertIntEQ(BIO_puts(bio, input), 5);
  27663. AssertIntEQ(BIO_pending(bio), 5);
  27664. AssertIntEQ(BIO_puts(bio, input + 6), 14);
  27665. AssertIntEQ(BIO_pending(bio), 19);
  27666. AssertIntEQ(BIO_gets(bio, output, sizeof(output)), 11);
  27667. AssertStrEQ(output, "helloworld\n");
  27668. AssertIntEQ(BIO_pending(bio), 8);
  27669. AssertIntEQ(BIO_gets(bio, output, sizeof(output)), 8);
  27670. AssertStrEQ(output, ".....ok\n");
  27671. AssertIntEQ(BIO_pending(bio), 0);
  27672. AssertIntEQ(BIO_puts(bio, ""), -1);
  27673. BIO_free(bio);
  27674. printf(resultFmt, passed);
  27675. #endif
  27676. }
  27677. #if defined(OPENSSL_ALL) && !defined(NO_FILESYSTEM) && !defined(NO_CERTS) && \
  27678. !defined(NO_RSA) && defined(HAVE_EXT_CACHE) && \
  27679. defined(HAVE_IO_TESTS_DEPENDENCIES)
  27680. static int forceWantRead(WOLFSSL *ssl, char *buf, int sz, void *ctx)
  27681. {
  27682. (void)ssl;
  27683. (void)buf;
  27684. (void)sz;
  27685. (void)ctx;
  27686. return WOLFSSL_CBIO_ERR_WANT_READ;
  27687. }
  27688. #endif
  27689. static void test_wolfSSL_BIO_should_retry(void)
  27690. {
  27691. #if defined(OPENSSL_ALL) && !defined(NO_FILESYSTEM) && !defined(NO_CERTS) && \
  27692. !defined(NO_RSA) && defined(HAVE_EXT_CACHE) && \
  27693. defined(HAVE_IO_TESTS_DEPENDENCIES)
  27694. tcp_ready ready;
  27695. func_args server_args;
  27696. THREAD_TYPE serverThread;
  27697. SOCKET_T sockfd = 0;
  27698. WOLFSSL_CTX* ctx;
  27699. WOLFSSL* ssl;
  27700. char msg[64] = "hello wolfssl!";
  27701. char reply[1024];
  27702. int msgSz = (int)XSTRLEN(msg);
  27703. int ret;
  27704. BIO* bio;
  27705. printf(testingFmt, "wolfSSL_BIO_should_retry()");
  27706. XMEMSET(&server_args, 0, sizeof(func_args));
  27707. #ifdef WOLFSSL_TIRTOS
  27708. fdOpenSession(Task_self());
  27709. #endif
  27710. StartTCP();
  27711. InitTcpReady(&ready);
  27712. #if defined(USE_WINDOWS_API)
  27713. /* use RNG to get random port if using windows */
  27714. ready.port = GetRandomPort();
  27715. #endif
  27716. server_args.signal = &ready;
  27717. start_thread(test_server_nofail, &server_args, &serverThread);
  27718. wait_tcp_ready(&server_args);
  27719. AssertNotNull(ctx = wolfSSL_CTX_new(wolfSSLv23_client_method()));
  27720. AssertIntEQ(WOLFSSL_SUCCESS,
  27721. wolfSSL_CTX_load_verify_locations(ctx, caCertFile, 0));
  27722. AssertIntEQ(WOLFSSL_SUCCESS,
  27723. wolfSSL_CTX_use_certificate_file(ctx, cliCertFile, SSL_FILETYPE_PEM));
  27724. AssertIntEQ(WOLFSSL_SUCCESS,
  27725. wolfSSL_CTX_use_PrivateKey_file(ctx, cliKeyFile, SSL_FILETYPE_PEM));
  27726. tcp_connect(&sockfd, wolfSSLIP, server_args.signal->port, 0, 0, NULL);
  27727. /* force retry */
  27728. ssl = wolfSSL_new(ctx);
  27729. AssertNotNull(ssl);
  27730. AssertIntEQ(wolfSSL_set_fd(ssl, sockfd), WOLFSSL_SUCCESS);
  27731. wolfSSL_SSLSetIORecv(ssl, forceWantRead);
  27732. AssertNotNull(bio = BIO_new(BIO_f_ssl()));
  27733. BIO_set_ssl(bio, ssl, BIO_CLOSE);
  27734. AssertIntLE(BIO_write(bio, msg, msgSz), 0);
  27735. AssertIntNE(BIO_should_retry(bio), 0);
  27736. /* now perform successful connection */
  27737. wolfSSL_SSLSetIORecv(ssl, EmbedReceive);
  27738. AssertIntEQ(BIO_write(bio, msg, msgSz), msgSz);
  27739. BIO_read(bio, reply, sizeof(reply));
  27740. ret = wolfSSL_get_error(ssl, -1);
  27741. if (ret == WOLFSSL_ERROR_WANT_READ || ret == WOLFSSL_ERROR_WANT_WRITE) {
  27742. AssertIntNE(BIO_should_retry(bio), 0);
  27743. }
  27744. else {
  27745. AssertIntEQ(BIO_should_retry(bio), 0);
  27746. }
  27747. AssertIntEQ(XMEMCMP(reply, "I hear you fa shizzle!",
  27748. XSTRLEN("I hear you fa shizzle!")), 0);
  27749. BIO_free(bio);
  27750. wolfSSL_CTX_free(ctx);
  27751. join_thread(serverThread);
  27752. FreeTcpReady(&ready);
  27753. #ifdef WOLFSSL_TIRTOS
  27754. fdOpenSession(Task_self());
  27755. #endif
  27756. printf(resultFmt, passed);
  27757. #endif
  27758. }
  27759. static void test_wolfSSL_BIO_connect(void)
  27760. {
  27761. #if defined(OPENSSL_ALL) && defined(HAVE_IO_TESTS_DEPENDENCIES)
  27762. tcp_ready ready;
  27763. func_args server_args;
  27764. THREAD_TYPE serverThread;
  27765. BIO *tcp_bio;
  27766. BIO *ssl_bio;
  27767. SSL_CTX* ctx;
  27768. SSL *ssl;
  27769. char msg[] = "hello wolfssl!";
  27770. char reply[30];
  27771. char buff[10] = {0};
  27772. printf(testingFmt, "wolfSSL_BIO_new_connect()");
  27773. /* Setup server */
  27774. XMEMSET(&server_args, 0, sizeof(func_args));
  27775. StartTCP();
  27776. InitTcpReady(&ready);
  27777. #if defined(USE_WINDOWS_API)
  27778. /* use RNG to get random port if using windows */
  27779. ready.port = GetRandomPort();
  27780. #endif
  27781. server_args.signal = &ready;
  27782. start_thread(test_server_nofail, &server_args, &serverThread);
  27783. wait_tcp_ready(&server_args);
  27784. AssertIntGT(XSPRINTF(buff, "%d", ready.port), 0);
  27785. /* Start the test proper */
  27786. /* Setup the TCP BIO */
  27787. AssertNotNull(tcp_bio = BIO_new_connect(wolfSSLIP));
  27788. AssertIntEQ(BIO_set_conn_port(tcp_bio, buff), 1);
  27789. /* Setup the SSL object */
  27790. AssertNotNull(ctx = wolfSSL_CTX_new(wolfSSLv23_client_method()));
  27791. AssertIntEQ(WOLFSSL_SUCCESS,
  27792. wolfSSL_CTX_load_verify_locations(ctx, caCertFile, 0));
  27793. AssertIntEQ(WOLFSSL_SUCCESS,
  27794. wolfSSL_CTX_use_certificate_file(ctx, cliCertFile, SSL_FILETYPE_PEM));
  27795. AssertIntEQ(WOLFSSL_SUCCESS,
  27796. wolfSSL_CTX_use_PrivateKey_file(ctx, cliKeyFile, SSL_FILETYPE_PEM));
  27797. AssertNotNull(ssl = SSL_new(ctx));
  27798. SSL_set_connect_state(ssl);
  27799. /* Setup the SSL BIO */
  27800. AssertNotNull(ssl_bio = BIO_new(BIO_f_ssl()));
  27801. AssertIntEQ(BIO_set_ssl(ssl_bio, ssl, BIO_CLOSE), 1);
  27802. /* Link BIO's so that ssl_bio uses tcp_bio for IO */
  27803. AssertPtrEq(BIO_push(ssl_bio, tcp_bio), ssl_bio);
  27804. /* Do TCP connect */
  27805. AssertIntEQ(BIO_do_connect(ssl_bio), 1);
  27806. /* Do TLS handshake */
  27807. AssertIntEQ(BIO_do_handshake(ssl_bio), 1);
  27808. /* Test writing */
  27809. AssertIntEQ(BIO_write(ssl_bio, msg, sizeof(msg)), sizeof(msg));
  27810. /* Expect length of default wolfSSL reply */
  27811. AssertIntEQ(BIO_read(ssl_bio, reply, sizeof(reply)), 23);
  27812. /* Clean it all up */
  27813. BIO_free_all(ssl_bio);
  27814. SSL_CTX_free(ctx);
  27815. /* Server clean up */
  27816. join_thread(serverThread);
  27817. FreeTcpReady(&ready);
  27818. printf(resultFmt, passed);
  27819. #endif
  27820. }
  27821. static void test_wolfSSL_BIO_write(void)
  27822. {
  27823. #if defined(OPENSSL_EXTRA) && defined(WOLFSSL_BASE64_ENCODE)
  27824. BIO* bio;
  27825. BIO* bio64;
  27826. BIO* ptr;
  27827. int sz;
  27828. char msg[] = "conversion test";
  27829. char out[40];
  27830. char expected[] = "Y29udmVyc2lvbiB0ZXN0AA==\n";
  27831. void* bufPtr = NULL;
  27832. BUF_MEM* buf = NULL;
  27833. printf(testingFmt, "wolfSSL_BIO_write()");
  27834. AssertNotNull(bio64 = BIO_new(BIO_f_base64()));
  27835. AssertNotNull(bio = BIO_push(bio64, BIO_new(BIO_s_mem())));
  27836. /* now should convert to base64 then write to memory */
  27837. AssertIntEQ(BIO_write(bio, msg, sizeof(msg)), sizeof(msg));
  27838. BIO_flush(bio);
  27839. /* test BIO chain */
  27840. AssertIntEQ(SSL_SUCCESS, (int)BIO_get_mem_ptr(bio, &buf));
  27841. AssertNotNull(buf);
  27842. AssertIntEQ(buf->length, 25);
  27843. AssertIntEQ(BIO_get_mem_data(bio, &bufPtr), 25);
  27844. AssertPtrEq(buf->data, bufPtr);
  27845. AssertNotNull(ptr = BIO_find_type(bio, BIO_TYPE_MEM));
  27846. sz = sizeof(out);
  27847. XMEMSET(out, 0, sz);
  27848. AssertIntEQ((sz = BIO_read(ptr, out, sz)), 25);
  27849. AssertIntEQ(XMEMCMP(out, expected, sz), 0);
  27850. /* write then read should return the same message */
  27851. AssertIntEQ(BIO_write(bio, msg, sizeof(msg)), sizeof(msg));
  27852. sz = sizeof(out);
  27853. XMEMSET(out, 0, sz);
  27854. AssertIntEQ(BIO_read(bio, out, sz), 16);
  27855. AssertIntEQ(XMEMCMP(out, msg, sizeof(msg)), 0);
  27856. /* now try encoding with no line ending */
  27857. BIO_set_flags(bio64, BIO_FLAGS_BASE64_NO_NL);
  27858. #ifdef HAVE_EX_DATA
  27859. BIO_set_ex_data(bio64, 0, (void*) "data");
  27860. AssertIntEQ(strcmp((const char*)BIO_get_ex_data(bio64, 0), "data"), 0);
  27861. #endif
  27862. AssertIntEQ(BIO_write(bio, msg, sizeof(msg)), sizeof(msg));
  27863. BIO_flush(bio);
  27864. sz = sizeof(out);
  27865. XMEMSET(out, 0, sz);
  27866. AssertIntEQ((sz = BIO_read(ptr, out, sz)), 24);
  27867. AssertIntEQ(XMEMCMP(out, expected, sz), 0);
  27868. BIO_free_all(bio); /* frees bio64 also */
  27869. /* test with more than one bio64 in list */
  27870. AssertNotNull(bio64 = BIO_new(BIO_f_base64()));
  27871. AssertNotNull(bio = BIO_push(BIO_new(BIO_f_base64()), bio64));
  27872. AssertNotNull(BIO_push(bio64, BIO_new(BIO_s_mem())));
  27873. /* now should convert to base64 when stored and then decode with read */
  27874. AssertIntEQ(BIO_write(bio, msg, sizeof(msg)), 25);
  27875. BIO_flush(bio);
  27876. sz = sizeof(out);
  27877. XMEMSET(out, 0, sz);
  27878. AssertIntEQ((sz = BIO_read(bio, out, sz)), 16);
  27879. AssertIntEQ(XMEMCMP(out, msg, sz), 0);
  27880. BIO_clear_flags(bio64, ~0);
  27881. BIO_set_retry_read(bio);
  27882. BIO_free_all(bio); /* frees bio64s also */
  27883. printf(resultFmt, passed);
  27884. #endif
  27885. }
  27886. static void test_wolfSSL_BIO_printf(void)
  27887. {
  27888. #if defined(OPENSSL_ALL)
  27889. BIO* bio;
  27890. int sz = 7;
  27891. char msg[] = "TLS 1.3 for the world";
  27892. char out[60];
  27893. char expected[] = "TLS 1.3 for the world : sz = 7";
  27894. printf(testingFmt, "wolfSSL_BIO_printf()");
  27895. XMEMSET(out, 0, sizeof(out));
  27896. AssertNotNull(bio = BIO_new(BIO_s_mem()));
  27897. AssertIntEQ(BIO_printf(bio, "%s : sz = %d", msg, sz), 30);
  27898. AssertIntEQ(BIO_printf(NULL, ""), WOLFSSL_FATAL_ERROR);
  27899. AssertIntEQ(BIO_read(bio, out, sizeof(out)), 30);
  27900. AssertIntEQ(XSTRNCMP(out, expected, sizeof(expected)), 0);
  27901. BIO_free(bio);
  27902. printf(resultFmt, passed);
  27903. #endif
  27904. }
  27905. static void test_wolfSSL_BIO_f_md(void)
  27906. {
  27907. #if defined(OPENSSL_ALL) && !defined(NO_SHA256)
  27908. BIO *bio, *mem;
  27909. char msg[] = "message to hash";
  27910. char out[60];
  27911. EVP_MD_CTX* ctx;
  27912. const unsigned char testKey[] =
  27913. {
  27914. 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b,
  27915. 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b,
  27916. 0x0b, 0x0b, 0x0b, 0x0b
  27917. };
  27918. const char testData[] = "Hi There";
  27919. const unsigned char testResult[] =
  27920. {
  27921. 0xb0, 0x34, 0x4c, 0x61, 0xd8, 0xdb, 0x38, 0x53,
  27922. 0x5c, 0xa8, 0xaf, 0xce, 0xaf, 0x0b, 0xf1, 0x2b,
  27923. 0x88, 0x1d, 0xc2, 0x00, 0xc9, 0x83, 0x3d, 0xa7,
  27924. 0x26, 0xe9, 0x37, 0x6c, 0x2e, 0x32, 0xcf, 0xf7
  27925. };
  27926. const unsigned char expectedHash[] =
  27927. {
  27928. 0x66, 0x49, 0x3C, 0xE8, 0x8A, 0x57, 0xB0, 0x60,
  27929. 0xDC, 0x55, 0x7D, 0xFC, 0x1F, 0xA5, 0xE5, 0x07,
  27930. 0x70, 0x5A, 0xF6, 0xD7, 0xC4, 0x1F, 0x1A, 0xE4,
  27931. 0x2D, 0xA6, 0xFD, 0xD1, 0x29, 0x7D, 0x60, 0x0D
  27932. };
  27933. const unsigned char emptyHash[] =
  27934. {
  27935. 0xE3, 0xB0, 0xC4, 0x42, 0x98, 0xFC, 0x1C, 0x14,
  27936. 0x9A, 0xFB, 0xF4, 0xC8, 0x99, 0x6F, 0xB9, 0x24,
  27937. 0x27, 0xAE, 0x41, 0xE4, 0x64, 0x9B, 0x93, 0x4C,
  27938. 0xA4, 0x95, 0x99, 0x1B, 0x78, 0x52, 0xB8, 0x55
  27939. };
  27940. unsigned char check[sizeof(testResult) + 1];
  27941. size_t checkSz = -1;
  27942. EVP_PKEY* key;
  27943. printf(testingFmt, "wolfSSL_BIO_f_md()");
  27944. XMEMSET(out, 0, sizeof(out));
  27945. AssertNotNull(bio = BIO_new(BIO_f_md()));
  27946. AssertNotNull(mem = BIO_new(BIO_s_mem()));
  27947. AssertIntEQ(BIO_get_md_ctx(bio, &ctx), 1);
  27948. AssertIntEQ(EVP_DigestInit(ctx, EVP_sha256()), 1);
  27949. /* should not be able to write/read yet since just digest wrapper and no
  27950. * data is passing through the bio */
  27951. AssertIntEQ(BIO_write(bio, msg, 0), 0);
  27952. AssertIntEQ(BIO_pending(bio), 0);
  27953. AssertIntEQ(BIO_read(bio, out, sizeof(out)), 0);
  27954. AssertIntEQ(BIO_gets(bio, out, 3), 0);
  27955. AssertIntEQ(BIO_gets(bio, out, sizeof(out)), 32);
  27956. AssertIntEQ(XMEMCMP(emptyHash, out, 32), 0);
  27957. BIO_reset(bio);
  27958. /* append BIO mem to bio in order to read/write */
  27959. AssertNotNull(bio = BIO_push(bio, mem));
  27960. XMEMSET(out, 0, sizeof(out));
  27961. AssertIntEQ(BIO_write(mem, msg, sizeof(msg)), 16);
  27962. AssertIntEQ(BIO_pending(bio), 16);
  27963. /* this just reads the message and does not hash it (gets calls final) */
  27964. AssertIntEQ(BIO_read(bio, out, sizeof(out)), 16);
  27965. AssertIntEQ(XMEMCMP(out, msg, sizeof(msg)), 0);
  27966. /* create a message digest using BIO */
  27967. XMEMSET(out, 0, sizeof(out));
  27968. AssertIntEQ(BIO_write(bio, msg, sizeof(msg)), 16);
  27969. AssertIntEQ(BIO_pending(mem), 16);
  27970. AssertIntEQ(BIO_pending(bio), 16);
  27971. AssertIntEQ(BIO_gets(bio, out, sizeof(out)), 32);
  27972. AssertIntEQ(XMEMCMP(expectedHash, out, 32), 0);
  27973. BIO_free(bio);
  27974. BIO_free(mem);
  27975. /* test with HMAC */
  27976. XMEMSET(out, 0, sizeof(out));
  27977. AssertNotNull(bio = BIO_new(BIO_f_md()));
  27978. AssertNotNull(mem = BIO_new(BIO_s_mem()));
  27979. BIO_get_md_ctx(bio, &ctx);
  27980. AssertNotNull(key = EVP_PKEY_new_mac_key(EVP_PKEY_HMAC, NULL,
  27981. testKey, (int)sizeof(testKey)));
  27982. EVP_DigestSignInit(ctx, NULL, EVP_sha256(), NULL, key);
  27983. AssertNotNull(bio = BIO_push(bio, mem));
  27984. BIO_write(bio, testData, (int)strlen(testData));
  27985. EVP_DigestSignFinal(ctx, NULL, &checkSz);
  27986. EVP_DigestSignFinal(ctx, check, &checkSz);
  27987. AssertIntEQ(XMEMCMP(check, testResult, sizeof(testResult)), 0);
  27988. EVP_PKEY_free(key);
  27989. BIO_free(bio);
  27990. BIO_free(mem);
  27991. printf(resultFmt, passed);
  27992. #endif
  27993. }
  27994. #endif /* !NO_BIO */
  27995. static void test_wolfSSL_SESSION(void)
  27996. {
  27997. #if !defined(NO_FILESYSTEM) && !defined(NO_CERTS) && \
  27998. !defined(NO_RSA) && defined(HAVE_EXT_CACHE) && \
  27999. defined(HAVE_IO_TESTS_DEPENDENCIES) && !defined(NO_SESSION_CACHE)
  28000. WOLFSSL* ssl;
  28001. WOLFSSL_CTX* ctx;
  28002. WOLFSSL_SESSION* sess;
  28003. WOLFSSL_SESSION* sess_copy;
  28004. unsigned char* sessDer = NULL;
  28005. unsigned char* ptr = NULL;
  28006. #ifdef OPENSSL_EXTRA
  28007. const unsigned char context[] = "user app context";
  28008. unsigned int contextSz = (unsigned int)sizeof(context);
  28009. #endif
  28010. int ret, err, sockfd, sz;
  28011. tcp_ready ready;
  28012. func_args server_args;
  28013. THREAD_TYPE serverThread;
  28014. char msg[80];
  28015. printf(testingFmt, "wolfSSL_SESSION()");
  28016. /* TLS v1.3 requires session tickets */
  28017. /* CHACHA and POLY1305 required for myTicketEncCb */
  28018. #if defined(WOLFSSL_TLS13) && (!defined(HAVE_SESSION_TICKET) && \
  28019. !defined(WOLFSSL_NO_TLS12) || !(defined(HAVE_CHACHA) && \
  28020. defined(HAVE_POLY1305) && !defined(HAVE_AESGCM)))
  28021. AssertNotNull(ctx = wolfSSL_CTX_new(wolfTLSv1_2_client_method()));
  28022. #else
  28023. AssertNotNull(ctx = wolfSSL_CTX_new(wolfSSLv23_client_method()));
  28024. #endif
  28025. AssertTrue(wolfSSL_CTX_use_certificate_file(ctx, cliCertFile, SSL_FILETYPE_PEM));
  28026. AssertTrue(wolfSSL_CTX_use_PrivateKey_file(ctx, cliKeyFile, SSL_FILETYPE_PEM));
  28027. AssertIntEQ(wolfSSL_CTX_load_verify_locations(ctx, caCertFile, 0), SSL_SUCCESS);
  28028. #ifdef WOLFSSL_ENCRYPTED_KEYS
  28029. wolfSSL_CTX_set_default_passwd_cb(ctx, PasswordCallBack);
  28030. #endif
  28031. XMEMSET(&server_args, 0, sizeof(func_args));
  28032. #ifdef WOLFSSL_TIRTOS
  28033. fdOpenSession(Task_self());
  28034. #endif
  28035. StartTCP();
  28036. InitTcpReady(&ready);
  28037. #if defined(USE_WINDOWS_API)
  28038. /* use RNG to get random port if using windows */
  28039. ready.port = GetRandomPort();
  28040. #endif
  28041. server_args.signal = &ready;
  28042. start_thread(test_server_nofail, &server_args, &serverThread);
  28043. wait_tcp_ready(&server_args);
  28044. /* client connection */
  28045. ssl = wolfSSL_new(ctx);
  28046. tcp_connect(&sockfd, wolfSSLIP, ready.port, 0, 0, ssl);
  28047. AssertIntEQ(wolfSSL_set_fd(ssl, sockfd), SSL_SUCCESS);
  28048. err = 0; /* Reset error */
  28049. do {
  28050. #ifdef WOLFSSL_ASYNC_CRYPT
  28051. if (err == WC_PENDING_E) {
  28052. ret = wolfSSL_AsyncPoll(ssl, WOLF_POLL_FLAG_CHECK_HW);
  28053. if (ret < 0) { break; } else if (ret == 0) { continue; }
  28054. }
  28055. #endif
  28056. ret = wolfSSL_connect(ssl);
  28057. if (ret != SSL_SUCCESS) {
  28058. err = wolfSSL_get_error(ssl, 0);
  28059. }
  28060. } while (ret != SSL_SUCCESS && err == WC_PENDING_E);
  28061. AssertIntEQ(ret, SSL_SUCCESS);
  28062. AssertIntEQ(wolfSSL_write(ssl, "GET", 3), 3);
  28063. AssertIntEQ(wolfSSL_read(ssl, msg, sizeof(msg)), 23);
  28064. sess = wolfSSL_get_session(ssl);
  28065. wolfSSL_shutdown(ssl);
  28066. wolfSSL_free(ssl);
  28067. join_thread(serverThread);
  28068. FreeTcpReady(&ready);
  28069. #ifdef WOLFSSL_TIRTOS
  28070. fdOpenSession(Task_self());
  28071. #endif
  28072. #if defined(SESSION_CERTS) && defined(OPENSSL_EXTRA)
  28073. {
  28074. X509 *x509;
  28075. char buf[30];
  28076. int bufSz;
  28077. AssertNotNull(x509 = SSL_SESSION_get0_peer(sess));
  28078. AssertIntGT((bufSz = X509_NAME_get_text_by_NID(
  28079. X509_get_subject_name(x509), NID_organizationalUnitName,
  28080. buf, sizeof(buf))), 0);
  28081. AssertIntNE((bufSz == 7 || bufSz == 16), 0); /* should be one of these*/
  28082. if (bufSz == 7) {
  28083. AssertIntEQ(XMEMCMP(buf, "Support", bufSz), 0);
  28084. }
  28085. if (bufSz == 16) {
  28086. AssertIntEQ(XMEMCMP(buf, "Programming-2048", bufSz), 0);
  28087. }
  28088. }
  28089. #endif
  28090. AssertNotNull(sess_copy = wolfSSL_SESSION_dup(sess));
  28091. wolfSSL_SESSION_free(sess_copy);
  28092. /* get session from DER and update the timeout */
  28093. AssertIntEQ(wolfSSL_i2d_SSL_SESSION(NULL, &sessDer), BAD_FUNC_ARG);
  28094. AssertIntGT((sz = wolfSSL_i2d_SSL_SESSION(sess, &sessDer)), 0);
  28095. wolfSSL_SESSION_free(sess);
  28096. ptr = sessDer;
  28097. AssertNull(sess = wolfSSL_d2i_SSL_SESSION(NULL, NULL, sz));
  28098. AssertNotNull(sess = wolfSSL_d2i_SSL_SESSION(NULL,
  28099. (const unsigned char**)&ptr, sz));
  28100. XFREE(sessDer, NULL, DYNAMIC_TYPE_OPENSSL);
  28101. AssertIntGT(wolfSSL_SESSION_get_time(sess), 0);
  28102. AssertIntEQ(wolfSSL_SSL_SESSION_set_timeout(sess, 500), SSL_SUCCESS);
  28103. /* successful set session test */
  28104. AssertNotNull(ssl = wolfSSL_new(ctx));
  28105. AssertIntEQ(wolfSSL_set_session(ssl, sess), SSL_SUCCESS);
  28106. #ifdef HAVE_SESSION_TICKET
  28107. /* Test set/get session ticket */
  28108. {
  28109. const char* ticket = "This is a session ticket";
  28110. char buf[64] = {0};
  28111. word32 bufSz = (word32)sizeof(buf);
  28112. AssertIntEQ(SSL_SUCCESS,
  28113. wolfSSL_set_SessionTicket(ssl, (byte *)ticket, (word32)XSTRLEN(ticket)));
  28114. AssertIntEQ(SSL_SUCCESS,
  28115. wolfSSL_get_SessionTicket(ssl, (byte *)buf, &bufSz));
  28116. AssertStrEQ(ticket, buf);
  28117. }
  28118. #endif
  28119. #ifdef OPENSSL_EXTRA
  28120. /* fail case with miss match session context IDs (use compatibility API) */
  28121. AssertIntEQ(SSL_set_session_id_context(ssl, context, contextSz),
  28122. SSL_SUCCESS);
  28123. AssertIntEQ(wolfSSL_set_session(ssl, sess), SSL_FAILURE);
  28124. wolfSSL_free(ssl);
  28125. AssertIntEQ(SSL_CTX_set_session_id_context(NULL, context, contextSz),
  28126. SSL_FAILURE);
  28127. AssertIntEQ(SSL_CTX_set_session_id_context(ctx, context, contextSz),
  28128. SSL_SUCCESS);
  28129. AssertNotNull(ssl = wolfSSL_new(ctx));
  28130. AssertIntEQ(wolfSSL_set_session(ssl, sess), SSL_FAILURE);
  28131. #endif
  28132. wolfSSL_free(ssl);
  28133. SSL_SESSION_free(sess);
  28134. wolfSSL_CTX_free(ctx);
  28135. printf(resultFmt, passed);
  28136. #endif
  28137. }
  28138. static void test_wolfSSL_ticket_keys(void)
  28139. {
  28140. #if defined(HAVE_SESSION_TICKET) && !defined(WOLFSSL_NO_DEF_TICKET_ENC_CB) && \
  28141. !defined(NO_WOLFSSL_SERVER)
  28142. WOLFSSL_CTX* ctx;
  28143. byte keys[WOLFSSL_TICKET_KEYS_SZ];
  28144. AssertNotNull(ctx = wolfSSL_CTX_new(wolfSSLv23_client_method()));
  28145. AssertIntEQ(wolfSSL_CTX_get_tlsext_ticket_keys(NULL, NULL, 0),
  28146. WOLFSSL_FAILURE);
  28147. AssertIntEQ(wolfSSL_CTX_get_tlsext_ticket_keys(ctx, NULL, 0),
  28148. WOLFSSL_FAILURE);
  28149. AssertIntEQ(wolfSSL_CTX_get_tlsext_ticket_keys(ctx, keys, 0),
  28150. WOLFSSL_FAILURE);
  28151. AssertIntEQ(wolfSSL_CTX_get_tlsext_ticket_keys(NULL, keys, 0),
  28152. WOLFSSL_FAILURE);
  28153. AssertIntEQ(wolfSSL_CTX_get_tlsext_ticket_keys(NULL, NULL, sizeof(keys)),
  28154. WOLFSSL_FAILURE);
  28155. AssertIntEQ(wolfSSL_CTX_get_tlsext_ticket_keys(ctx, NULL, sizeof(keys)),
  28156. WOLFSSL_FAILURE);
  28157. AssertIntEQ(wolfSSL_CTX_get_tlsext_ticket_keys(NULL, keys, sizeof(keys)),
  28158. WOLFSSL_FAILURE);
  28159. AssertIntEQ(wolfSSL_CTX_set_tlsext_ticket_keys(NULL, NULL, 0),
  28160. WOLFSSL_FAILURE);
  28161. AssertIntEQ(wolfSSL_CTX_set_tlsext_ticket_keys(ctx, NULL, 0),
  28162. WOLFSSL_FAILURE);
  28163. AssertIntEQ(wolfSSL_CTX_set_tlsext_ticket_keys(ctx, keys, 0),
  28164. WOLFSSL_FAILURE);
  28165. AssertIntEQ(wolfSSL_CTX_set_tlsext_ticket_keys(NULL, keys, 0),
  28166. WOLFSSL_FAILURE);
  28167. AssertIntEQ(wolfSSL_CTX_set_tlsext_ticket_keys(NULL, NULL, sizeof(keys)),
  28168. WOLFSSL_FAILURE);
  28169. AssertIntEQ(wolfSSL_CTX_set_tlsext_ticket_keys(ctx, NULL, sizeof(keys)),
  28170. WOLFSSL_FAILURE);
  28171. AssertIntEQ(wolfSSL_CTX_set_tlsext_ticket_keys(NULL, keys, sizeof(keys)),
  28172. WOLFSSL_FAILURE);
  28173. AssertIntEQ(wolfSSL_CTX_get_tlsext_ticket_keys(ctx, keys, sizeof(keys)),
  28174. WOLFSSL_SUCCESS);
  28175. AssertIntEQ(wolfSSL_CTX_set_tlsext_ticket_keys(ctx, keys, sizeof(keys)),
  28176. WOLFSSL_SUCCESS);
  28177. wolfSSL_CTX_free(ctx);
  28178. #endif
  28179. }
  28180. #ifndef NO_BIO
  28181. static void test_wolfSSL_d2i_PUBKEY(void)
  28182. {
  28183. #if defined(OPENSSL_EXTRA)
  28184. BIO* bio;
  28185. EVP_PKEY* pkey;
  28186. printf(testingFmt, "wolfSSL_d2i_PUBKEY()");
  28187. AssertNotNull(bio = BIO_new(BIO_s_mem()));
  28188. AssertNull(d2i_PUBKEY_bio(NULL, NULL));
  28189. #if defined(USE_CERT_BUFFERS_2048) && !defined(NO_RSA)
  28190. /* RSA PUBKEY test */
  28191. AssertIntGT(BIO_write(bio, client_keypub_der_2048,
  28192. sizeof_client_keypub_der_2048), 0);
  28193. AssertNotNull(pkey = d2i_PUBKEY_bio(bio, NULL));
  28194. EVP_PKEY_free(pkey);
  28195. #endif
  28196. #if defined(USE_CERT_BUFFERS_256) && defined(HAVE_ECC)
  28197. /* ECC PUBKEY test */
  28198. AssertIntGT(BIO_write(bio, ecc_clikeypub_der_256,
  28199. sizeof_ecc_clikeypub_der_256), 0);
  28200. AssertNotNull(pkey = d2i_PUBKEY_bio(bio, NULL));
  28201. EVP_PKEY_free(pkey);
  28202. #endif
  28203. BIO_free(bio);
  28204. (void)pkey;
  28205. printf(resultFmt, passed);
  28206. #endif
  28207. }
  28208. #if (defined(OPENSSL_ALL) || defined(WOLFSSL_ASIO)) && !defined(NO_RSA)
  28209. static void test_wolfSSL_d2i_PrivateKeys_bio(void)
  28210. {
  28211. BIO* bio = NULL;
  28212. EVP_PKEY* pkey = NULL;
  28213. #ifndef NO_RSA
  28214. #endif
  28215. WOLFSSL_CTX* ctx;
  28216. #if defined(WOLFSSL_KEY_GEN)
  28217. unsigned char buff[4096];
  28218. unsigned char* bufPtr = buff;
  28219. #endif
  28220. printf(testingFmt, "wolfSSL_d2i_PrivateKeys_bio()");
  28221. /* test creating new EVP_PKEY with bad arg */
  28222. AssertNull((pkey = d2i_PrivateKey_bio(NULL, NULL)));
  28223. /* test loading RSA key using BIO */
  28224. #if !defined(NO_RSA) && !defined(NO_FILESYSTEM)
  28225. {
  28226. XFILE file;
  28227. const char* fname = "./certs/server-key.der";
  28228. size_t sz;
  28229. byte* buf;
  28230. file = XFOPEN(fname, "rb");
  28231. AssertTrue((file != XBADFILE));
  28232. AssertTrue(XFSEEK(file, 0, XSEEK_END) == 0);
  28233. sz = XFTELL(file);
  28234. XREWIND(file);
  28235. AssertNotNull(buf = (byte*)XMALLOC(sz, HEAP_HINT, DYNAMIC_TYPE_FILE));
  28236. AssertIntEQ(XFREAD(buf, 1, sz, file), sz);
  28237. XFCLOSE(file);
  28238. /* Test using BIO new mem and loading DER private key */
  28239. AssertNotNull(bio = BIO_new_mem_buf(buf, (int)sz));
  28240. AssertNotNull((pkey = d2i_PrivateKey_bio(bio, NULL)));
  28241. XFREE(buf, HEAP_HINT, DYNAMIC_TYPE_FILE);
  28242. BIO_free(bio);
  28243. bio = NULL;
  28244. EVP_PKEY_free(pkey);
  28245. pkey = NULL;
  28246. }
  28247. #endif
  28248. /* test loading ECC key using BIO */
  28249. #if defined(HAVE_ECC) && !defined(NO_FILESYSTEM)
  28250. {
  28251. XFILE file;
  28252. const char* fname = "./certs/ecc-key.der";
  28253. size_t sz;
  28254. byte* buf;
  28255. file = XFOPEN(fname, "rb");
  28256. AssertTrue((file != XBADFILE));
  28257. AssertTrue(XFSEEK(file, 0, XSEEK_END) == 0);
  28258. sz = XFTELL(file);
  28259. XREWIND(file);
  28260. AssertNotNull(buf = (byte*)XMALLOC(sz, HEAP_HINT, DYNAMIC_TYPE_FILE));
  28261. AssertIntEQ(XFREAD(buf, 1, sz, file), sz);
  28262. XFCLOSE(file);
  28263. /* Test using BIO new mem and loading DER private key */
  28264. AssertNotNull(bio = BIO_new_mem_buf(buf, (int)sz));
  28265. AssertNotNull((pkey = d2i_PrivateKey_bio(bio, NULL)));
  28266. XFREE(buf, HEAP_HINT, DYNAMIC_TYPE_FILE);
  28267. BIO_free(bio);
  28268. bio = NULL;
  28269. EVP_PKEY_free(pkey);
  28270. pkey = NULL;
  28271. }
  28272. #endif
  28273. AssertNotNull(bio = BIO_new(BIO_s_mem()));
  28274. #ifndef NO_WOLFSSL_SERVER
  28275. AssertNotNull(ctx = SSL_CTX_new(wolfSSLv23_server_method()));
  28276. #else
  28277. AssertNotNull(ctx = SSL_CTX_new(wolfSSLv23_client_method()));
  28278. #endif
  28279. #if !defined(HAVE_FAST_RSA) && defined(WOLFSSL_KEY_GEN) && \
  28280. !defined(NO_RSA) && !defined(HAVE_USER_RSA)
  28281. {
  28282. RSA* rsa = NULL;
  28283. /* Tests bad parameters */
  28284. AssertNull(d2i_RSAPrivateKey_bio(NULL, NULL));
  28285. /* RSA not set yet, expecting to fail*/
  28286. AssertIntEQ(SSL_CTX_use_RSAPrivateKey(ctx, rsa), BAD_FUNC_ARG);
  28287. #if defined(USE_CERT_BUFFERS_2048) && defined(WOLFSSL_KEY_GEN)
  28288. /* set RSA using bio*/
  28289. AssertIntGT(BIO_write(bio, client_key_der_2048,
  28290. sizeof_client_key_der_2048), 0);
  28291. AssertNotNull(rsa = d2i_RSAPrivateKey_bio(bio, NULL));
  28292. AssertIntEQ(SSL_CTX_use_RSAPrivateKey(ctx, rsa), WOLFSSL_SUCCESS);
  28293. /*i2d RSAprivate key tests */
  28294. AssertIntEQ(wolfSSL_i2d_RSAPrivateKey(NULL, NULL), BAD_FUNC_ARG);
  28295. AssertIntEQ(wolfSSL_i2d_RSAPrivateKey(rsa, NULL), 1192);
  28296. AssertIntEQ(wolfSSL_i2d_RSAPrivateKey(rsa, &bufPtr),
  28297. sizeof_client_key_der_2048);
  28298. bufPtr = NULL;
  28299. AssertIntEQ(wolfSSL_i2d_RSAPrivateKey(rsa, &bufPtr),
  28300. sizeof_client_key_der_2048);
  28301. AssertNotNull(bufPtr);
  28302. XFREE(bufPtr, NULL, DYNAMIC_TYPE_OPENSSL);
  28303. #endif /* USE_CERT_BUFFERS_2048 WOLFSSL_KEY_GEN */
  28304. RSA_free(rsa);
  28305. }
  28306. #endif /* !HAVE_FAST_RSA && WOLFSSL_KEY_GEN && !NO_RSA && !HAVE_USER_RSA*/
  28307. SSL_CTX_free(ctx);
  28308. ctx = NULL;
  28309. BIO_free(bio);
  28310. bio = NULL;
  28311. printf(resultFmt, passed);
  28312. }
  28313. #endif /* OPENSSL_ALL || WOLFSSL_ASIO */
  28314. #endif /* !NO_BIO */
  28315. static void test_wolfSSL_sk_GENERAL_NAME(void)
  28316. {
  28317. #if defined(OPENSSL_EXTRA) && !defined(NO_FILESYSTEM) && !defined(NO_CERTS) && \
  28318. !defined(NO_RSA)
  28319. X509* x509;
  28320. GENERAL_NAME* gn;
  28321. unsigned char buf[4096];
  28322. const unsigned char* bufPt;
  28323. int bytes, i;
  28324. XFILE f;
  28325. STACK_OF(GENERAL_NAME)* sk;
  28326. printf(testingFmt, "wolfSSL_sk_GENERAL_NAME()");
  28327. f = XFOPEN(cliCertDerFileExt, "rb");
  28328. AssertTrue((f != XBADFILE));
  28329. AssertIntGT((bytes = (int)XFREAD(buf, 1, sizeof(buf), f)), 0);
  28330. XFCLOSE(f);
  28331. bufPt = buf;
  28332. AssertNotNull(x509 = d2i_X509(NULL, &bufPt, bytes));
  28333. AssertNotNull(sk = (STACK_OF(ASN1_OBJECT)*)X509_get_ext_d2i(x509,
  28334. NID_subject_alt_name, NULL, NULL));
  28335. AssertIntEQ(sk_GENERAL_NAME_num(sk), 1);
  28336. for (i = 0; i < sk_GENERAL_NAME_num(sk); i++) {
  28337. AssertNotNull(gn = sk_GENERAL_NAME_value(sk, i));
  28338. switch (gn->type) {
  28339. case GEN_DNS:
  28340. printf("found type GEN_DNS\n");
  28341. break;
  28342. case GEN_EMAIL:
  28343. printf("found type GEN_EMAIL\n");
  28344. break;
  28345. case GEN_URI:
  28346. printf("found type GEN_URI\n");
  28347. break;
  28348. }
  28349. }
  28350. X509_free(x509);
  28351. sk_GENERAL_NAME_pop_free(sk, GENERAL_NAME_free);
  28352. printf(resultFmt, passed);
  28353. #endif
  28354. }
  28355. static void test_wolfSSL_MD4(void)
  28356. {
  28357. #if defined(OPENSSL_EXTRA) && !defined(NO_MD4)
  28358. MD4_CTX md4;
  28359. unsigned char out[16]; /* MD4_DIGEST_SIZE */
  28360. const char* msg = "12345678901234567890123456789012345678901234567890123456"
  28361. "789012345678901234567890";
  28362. const char* test = "\xe3\x3b\x4d\xdc\x9c\x38\xf2\x19\x9c\x3e\x7b\x16\x4f"
  28363. "\xcc\x05\x36";
  28364. int msgSz = (int)XSTRLEN(msg);
  28365. printf(testingFmt, "wolfSSL_MD4()");
  28366. XMEMSET(out, 0, sizeof(out));
  28367. MD4_Init(&md4);
  28368. MD4_Update(&md4, (const void*)msg, (unsigned long)msgSz);
  28369. MD4_Final(out, &md4);
  28370. AssertIntEQ(XMEMCMP(out, test, sizeof(out)), 0);
  28371. printf(resultFmt, passed);
  28372. #endif
  28373. }
  28374. static void test_wolfSSL_RSA(void)
  28375. {
  28376. #if defined(OPENSSL_EXTRA) && !defined(NO_RSA) && !defined(HAVE_USER_RSA) && \
  28377. defined(WOLFSSL_KEY_GEN)
  28378. RSA* rsa;
  28379. const BIGNUM *n;
  28380. const BIGNUM *e;
  28381. const BIGNUM *d;
  28382. printf(testingFmt, "wolfSSL_RSA()");
  28383. AssertNotNull(rsa = RSA_generate_key(2048, 3, NULL, NULL));
  28384. AssertIntEQ(RSA_size(rsa), 256);
  28385. /* sanity check */
  28386. AssertIntEQ(RSA_bits(NULL), 0);
  28387. AssertIntEQ(RSA_bits(rsa), 2048);
  28388. RSA_get0_key(rsa, &n, &e, &d);
  28389. AssertPtrEq(rsa->n, n);
  28390. AssertPtrEq(rsa->e, e);
  28391. AssertPtrEq(rsa->d, d);
  28392. AssertNotNull(n = BN_new());
  28393. AssertNotNull(e = BN_new());
  28394. AssertNotNull(d = BN_new());
  28395. AssertIntEQ(RSA_set0_key(rsa, (BIGNUM*)n, (BIGNUM*)e, (BIGNUM*)d), 1);
  28396. AssertPtrEq(rsa->n, n);
  28397. AssertPtrEq(rsa->e, e);
  28398. AssertPtrEq(rsa->d, d);
  28399. AssertIntEQ(BN_hex2bn(&rsa->n, "1FFFFF"), 1);
  28400. AssertIntEQ(RSA_bits(rsa), 21);
  28401. RSA_free(rsa);
  28402. #if !defined(USE_FAST_MATH) || (FP_MAX_BITS >= (3072*2))
  28403. AssertNotNull(rsa = RSA_generate_key(3072, 17, NULL, NULL));
  28404. AssertIntEQ(RSA_size(rsa), 384);
  28405. AssertIntEQ(RSA_bits(rsa), 3072);
  28406. RSA_free(rsa);
  28407. #endif
  28408. /* remove for now with odd key size until adjusting rsa key size check with
  28409. wc_MakeRsaKey()
  28410. AssertNotNull(rsa = RSA_generate_key(2999, 65537, NULL, NULL));
  28411. RSA_free(rsa);
  28412. */
  28413. AssertNull(RSA_generate_key(-1, 3, NULL, NULL));
  28414. AssertNull(RSA_generate_key(511, 3, NULL, NULL)); /* RSA_MIN_SIZE - 1 */
  28415. AssertNull(RSA_generate_key(4097, 3, NULL, NULL)); /* RSA_MAX_SIZE + 1 */
  28416. AssertNull(RSA_generate_key(2048, 0, NULL, NULL));
  28417. #if !defined(NO_FILESYSTEM) && !defined(NO_ASN)
  28418. {
  28419. byte buff[FOURK_BUF];
  28420. byte der[FOURK_BUF];
  28421. const char PrivKeyPemFile[] = "certs/client-keyEnc.pem";
  28422. XFILE f;
  28423. int bytes;
  28424. /* test loading encrypted RSA private pem w/o password */
  28425. f = XFOPEN(PrivKeyPemFile, "rb");
  28426. AssertTrue((f != XBADFILE));
  28427. bytes = (int)XFREAD(buff, 1, sizeof(buff), f);
  28428. XFCLOSE(f);
  28429. XMEMSET(der, 0, sizeof(der));
  28430. /* test that error value is returned with no password */
  28431. AssertIntLT(wc_KeyPemToDer(buff, bytes, der, (word32)sizeof(der), ""), 0);
  28432. }
  28433. #endif
  28434. printf(resultFmt, passed);
  28435. #endif
  28436. }
  28437. static void test_wolfSSL_RSA_DER(void)
  28438. {
  28439. #if !defined(HAVE_FAST_RSA) && defined(WOLFSSL_KEY_GEN) && \
  28440. !defined(NO_RSA) && !defined(HAVE_USER_RSA) && defined(OPENSSL_EXTRA)
  28441. RSA *rsa;
  28442. int i;
  28443. const unsigned char *buff = NULL;
  28444. struct tbl_s
  28445. {
  28446. const unsigned char *der;
  28447. int sz;
  28448. } tbl[] = {
  28449. #ifdef USE_CERT_BUFFERS_1024
  28450. {client_key_der_1024, sizeof_client_key_der_1024},
  28451. {server_key_der_1024, sizeof_server_key_der_1024},
  28452. #endif
  28453. #ifdef USE_CERT_BUFFERS_2048
  28454. {client_key_der_2048, sizeof_client_key_der_2048},
  28455. {server_key_der_2048, sizeof_server_key_der_2048},
  28456. #endif
  28457. {NULL, 0}
  28458. };
  28459. /* Public Key DER */
  28460. struct tbl_s pub[] = {
  28461. #ifdef USE_CERT_BUFFERS_1024
  28462. {client_keypub_der_1024, sizeof_client_keypub_der_1024},
  28463. #endif
  28464. #ifdef USE_CERT_BUFFERS_2048
  28465. {client_keypub_der_2048, sizeof_client_keypub_der_2048},
  28466. #endif
  28467. {NULL, 0}
  28468. };
  28469. printf(testingFmt, "test_wolfSSL_RSA_DER()");
  28470. for (i = 0; tbl[i].der != NULL; i++)
  28471. {
  28472. AssertNotNull(d2i_RSAPublicKey(&rsa, &tbl[i].der, tbl[i].sz));
  28473. AssertNotNull(rsa);
  28474. RSA_free(rsa);
  28475. }
  28476. for (i = 0; tbl[i].der != NULL; i++)
  28477. {
  28478. AssertNotNull(d2i_RSAPrivateKey(&rsa, &tbl[i].der, tbl[i].sz));
  28479. AssertNotNull(rsa);
  28480. RSA_free(rsa);
  28481. }
  28482. for (i = 0; pub[i].der != NULL; i++)
  28483. {
  28484. AssertNotNull(d2i_RSAPublicKey(&rsa, &pub[i].der, pub[i].sz));
  28485. AssertNotNull(rsa);
  28486. AssertIntEQ(i2d_RSAPublicKey(rsa, NULL), pub[i].sz);
  28487. buff = NULL;
  28488. AssertIntEQ(i2d_RSAPublicKey(rsa, &buff), pub[i].sz);
  28489. AssertNotNull(buff);
  28490. AssertIntEQ(0, memcmp((void *)buff, (void *)pub[i].der, pub[i].sz));
  28491. XFREE((void *)buff, NULL, DYNAMIC_TYPE_TMP_BUFFER);
  28492. RSA_free(rsa);
  28493. }
  28494. printf(resultFmt, passed);
  28495. #endif
  28496. }
  28497. static void test_wolfSSL_RSA_get0_key(void)
  28498. {
  28499. #if defined(OPENSSL_EXTRA) && !defined(NO_RSA) && !defined(HAVE_USER_RSA)
  28500. RSA *rsa = NULL;
  28501. const BIGNUM* n = NULL;
  28502. const BIGNUM* e = NULL;
  28503. const BIGNUM* d = NULL;
  28504. const unsigned char* der;
  28505. int derSz;
  28506. #ifdef USE_CERT_BUFFERS_1024
  28507. der = client_key_der_1024;
  28508. derSz = sizeof_client_key_der_1024;
  28509. #elif defined(USE_CERT_BUFFERS_2048)
  28510. der = client_key_der_2048;
  28511. derSz = sizeof_client_key_der_2048;
  28512. #else
  28513. der = NULL;
  28514. derSz = 0;
  28515. #endif
  28516. printf(testingFmt, "test_wolfSSL_RSA_get0_key()");
  28517. if (der != NULL) {
  28518. RSA_get0_key(NULL, NULL, NULL, NULL);
  28519. RSA_get0_key(rsa, NULL, NULL, NULL);
  28520. RSA_get0_key(NULL, &n, &e, &d);
  28521. AssertNull(n);
  28522. AssertNull(e);
  28523. AssertNull(d);
  28524. AssertNotNull(d2i_RSAPrivateKey(&rsa, &der, derSz));
  28525. AssertNotNull(rsa);
  28526. RSA_get0_key(rsa, NULL, NULL, NULL);
  28527. RSA_get0_key(rsa, &n, NULL, NULL);
  28528. AssertNotNull(n);
  28529. RSA_get0_key(rsa, NULL, &e, NULL);
  28530. AssertNotNull(e);
  28531. RSA_get0_key(rsa, NULL, NULL, &d);
  28532. AssertNotNull(d);
  28533. RSA_get0_key(rsa, &n, &e, &d);
  28534. AssertNotNull(n);
  28535. AssertNotNull(e);
  28536. AssertNotNull(d);
  28537. RSA_free(rsa);
  28538. }
  28539. printf(resultFmt, passed);
  28540. #endif
  28541. }
  28542. static void test_wolfSSL_RSA_meth(void)
  28543. {
  28544. #if defined(OPENSSL_EXTRA) && !defined(NO_RSA) && !defined(HAVE_FAST_RSA)
  28545. RSA *rsa;
  28546. RSA_METHOD *rsa_meth;
  28547. printf(testingFmt, "test_wolfSSL_RSA_meth");
  28548. #ifdef WOLFSSL_KEY_GEN
  28549. AssertNotNull(rsa = RSA_generate_key(2048, 3, NULL, NULL));
  28550. RSA_free(rsa);
  28551. #else
  28552. AssertNull(rsa = RSA_generate_key(2048, 3, NULL, NULL));
  28553. #endif
  28554. AssertNotNull(rsa_meth =
  28555. RSA_meth_new("placeholder RSA method", RSA_METHOD_FLAG_NO_CHECK));
  28556. #ifndef NO_WOLFSSL_STUB
  28557. AssertIntEQ(RSA_meth_set_pub_enc(rsa_meth, NULL), 1);
  28558. AssertIntEQ(RSA_meth_set_pub_dec(rsa_meth, NULL), 1);
  28559. AssertIntEQ(RSA_meth_set_priv_enc(rsa_meth, NULL), 1);
  28560. AssertIntEQ(RSA_meth_set_priv_dec(rsa_meth, NULL), 1);
  28561. AssertIntEQ(RSA_meth_set_init(rsa_meth, NULL), 1);
  28562. AssertIntEQ(RSA_meth_set_finish(rsa_meth, NULL), 1);
  28563. AssertIntEQ(RSA_meth_set0_app_data(rsa_meth, NULL), 1);
  28564. #endif
  28565. AssertNotNull(rsa = RSA_new());
  28566. AssertIntEQ(RSA_set_method(rsa, rsa_meth), 1);
  28567. AssertPtrEq(RSA_get_method(rsa), rsa_meth);
  28568. AssertIntEQ(RSA_flags(rsa), RSA_METHOD_FLAG_NO_CHECK);
  28569. RSA_set_flags(rsa, RSA_FLAG_CACHE_PUBLIC);
  28570. AssertIntEQ(RSA_flags(rsa), RSA_FLAG_CACHE_PUBLIC);
  28571. /* rsa_meth is freed here */
  28572. RSA_free(rsa);
  28573. printf(resultFmt, passed);
  28574. #endif
  28575. }
  28576. static void test_wolfSSL_verify_mode(void)
  28577. {
  28578. #if defined(OPENSSL_ALL)
  28579. WOLFSSL* ssl;
  28580. WOLFSSL_CTX* ctx;
  28581. printf(testingFmt, "test_wolfSSL_verify()");
  28582. AssertNotNull(ctx = wolfSSL_CTX_new(wolfSSLv23_client_method()));
  28583. AssertTrue(wolfSSL_CTX_use_certificate_file(ctx, cliCertFile, SSL_FILETYPE_PEM));
  28584. AssertTrue(wolfSSL_CTX_use_PrivateKey_file(ctx, cliKeyFile, SSL_FILETYPE_PEM));
  28585. AssertIntEQ(wolfSSL_CTX_load_verify_locations(ctx, caCertFile, 0), SSL_SUCCESS);
  28586. AssertNotNull(ssl = SSL_new(ctx));
  28587. AssertIntEQ(SSL_get_verify_mode(ssl), SSL_CTX_get_verify_mode(ctx));
  28588. SSL_free(ssl);
  28589. SSL_CTX_set_verify(ctx, SSL_VERIFY_PEER, 0);
  28590. AssertNotNull(ssl = SSL_new(ctx));
  28591. AssertIntEQ(SSL_get_verify_mode(ssl), SSL_CTX_get_verify_mode(ctx));
  28592. AssertIntEQ(SSL_get_verify_mode(ssl), SSL_VERIFY_PEER);
  28593. wolfSSL_set_verify(ssl, SSL_VERIFY_NONE, 0);
  28594. AssertIntEQ(SSL_CTX_get_verify_mode(ctx), SSL_VERIFY_PEER);
  28595. AssertIntEQ(SSL_get_verify_mode(ssl), SSL_VERIFY_NONE);
  28596. SSL_free(ssl);
  28597. wolfSSL_CTX_set_verify(ctx,
  28598. WOLFSSL_VERIFY_PEER | WOLFSSL_VERIFY_FAIL_IF_NO_PEER_CERT, 0);
  28599. AssertNotNull(ssl = SSL_new(ctx));
  28600. AssertIntEQ(SSL_get_verify_mode(ssl), SSL_CTX_get_verify_mode(ctx));
  28601. AssertIntEQ(SSL_get_verify_mode(ssl),
  28602. WOLFSSL_VERIFY_PEER | WOLFSSL_VERIFY_FAIL_IF_NO_PEER_CERT);
  28603. wolfSSL_set_verify(ssl, SSL_VERIFY_PEER, 0);
  28604. AssertIntEQ(SSL_CTX_get_verify_mode(ctx),
  28605. WOLFSSL_VERIFY_PEER | WOLFSSL_VERIFY_FAIL_IF_NO_PEER_CERT);
  28606. AssertIntEQ(SSL_get_verify_mode(ssl), SSL_VERIFY_PEER);
  28607. wolfSSL_set_verify(ssl, SSL_VERIFY_NONE, 0);
  28608. AssertIntEQ(SSL_get_verify_mode(ssl), SSL_VERIFY_NONE);
  28609. wolfSSL_set_verify(ssl, SSL_VERIFY_FAIL_IF_NO_PEER_CERT, 0);
  28610. AssertIntEQ(SSL_get_verify_mode(ssl), SSL_VERIFY_FAIL_IF_NO_PEER_CERT);
  28611. wolfSSL_set_verify(ssl, SSL_VERIFY_FAIL_EXCEPT_PSK, 0);
  28612. AssertIntEQ(SSL_get_verify_mode(ssl), SSL_VERIFY_FAIL_EXCEPT_PSK);
  28613. AssertIntEQ(SSL_CTX_get_verify_mode(ctx),
  28614. WOLFSSL_VERIFY_PEER | WOLFSSL_VERIFY_FAIL_IF_NO_PEER_CERT);
  28615. SSL_free(ssl);
  28616. SSL_CTX_free(ctx);
  28617. printf(resultFmt, passed);
  28618. #endif
  28619. }
  28620. static void test_wolfSSL_verify_depth(void)
  28621. {
  28622. #if defined(OPENSSL_EXTRA) && !defined(NO_RSA) && !defined(NO_WOLFSSL_CLIENT)
  28623. WOLFSSL* ssl;
  28624. WOLFSSL_CTX* ctx;
  28625. long depth;
  28626. printf(testingFmt, "test_wolfSSL_verify_depth()");
  28627. AssertNotNull(ctx = wolfSSL_CTX_new(wolfSSLv23_client_method()));
  28628. AssertTrue(wolfSSL_CTX_use_certificate_file(ctx, cliCertFile, SSL_FILETYPE_PEM));
  28629. AssertTrue(wolfSSL_CTX_use_PrivateKey_file(ctx, cliKeyFile, SSL_FILETYPE_PEM));
  28630. AssertIntEQ(wolfSSL_CTX_load_verify_locations(ctx, caCertFile, 0), SSL_SUCCESS);
  28631. AssertIntGT((depth = SSL_CTX_get_verify_depth(ctx)), 0);
  28632. AssertNotNull(ssl = SSL_new(ctx));
  28633. AssertIntEQ(SSL_get_verify_depth(ssl), SSL_CTX_get_verify_depth(ctx));
  28634. SSL_free(ssl);
  28635. SSL_CTX_set_verify_depth(ctx, -1);
  28636. AssertIntEQ(depth, SSL_CTX_get_verify_depth(ctx));
  28637. SSL_CTX_set_verify_depth(ctx, 2);
  28638. AssertIntEQ(2, SSL_CTX_get_verify_depth(ctx));
  28639. AssertNotNull(ssl = SSL_new(ctx));
  28640. AssertIntEQ(2, SSL_get_verify_depth(ssl));
  28641. SSL_free(ssl);
  28642. SSL_CTX_free(ctx);
  28643. printf(resultFmt, passed);
  28644. #endif
  28645. }
  28646. #if defined(OPENSSL_EXTRA) && !defined(NO_HMAC)
  28647. /* helper function for test_wolfSSL_HMAC_CTX, digest size is expected to be a
  28648. * buffer of 64 bytes.
  28649. *
  28650. * returns the size of the digest buffer on success and a negative value on
  28651. * failure.
  28652. */
  28653. static int test_HMAC_CTX_helper(const EVP_MD* type, unsigned char* digest)
  28654. {
  28655. HMAC_CTX ctx1;
  28656. HMAC_CTX ctx2;
  28657. unsigned char key[] = "\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b"
  28658. "\x0b\x0b\x0b\x0b\x0b\x0b\x0b";
  28659. unsigned char long_key[] =
  28660. "0123456789012345678901234567890123456789"
  28661. "0123456789012345678901234567890123456789"
  28662. "0123456789012345678901234567890123456789"
  28663. "0123456789012345678901234567890123456789";
  28664. unsigned char msg[] = "message to hash";
  28665. unsigned int digestSz = 64;
  28666. int keySz = sizeof(key);
  28667. int long_keySz = sizeof(long_key);
  28668. int msgSz = sizeof(msg);
  28669. unsigned char digest2[64];
  28670. unsigned int digestSz2 = 64;
  28671. HMAC_CTX_init(&ctx1);
  28672. AssertIntEQ(HMAC_Init(&ctx1, (const void*)key, keySz, type), SSL_SUCCESS);
  28673. AssertIntEQ(HMAC_Update(&ctx1, msg, msgSz), SSL_SUCCESS);
  28674. AssertIntEQ(HMAC_CTX_copy(&ctx2, &ctx1), SSL_SUCCESS);
  28675. AssertIntEQ(HMAC_Update(&ctx1, msg, msgSz), SSL_SUCCESS);
  28676. AssertIntEQ(HMAC_Final(&ctx1, digest, &digestSz), SSL_SUCCESS);
  28677. HMAC_CTX_cleanup(&ctx1);
  28678. AssertIntEQ(HMAC_Update(&ctx2, msg, msgSz), SSL_SUCCESS);
  28679. AssertIntEQ(HMAC_Final(&ctx2, digest2, &digestSz2), SSL_SUCCESS);
  28680. HMAC_CTX_cleanup(&ctx2);
  28681. AssertIntEQ(digestSz, digestSz2);
  28682. AssertIntEQ(XMEMCMP(digest, digest2, digestSz), 0);
  28683. /* test HMAC_Init with NULL key */
  28684. /* init after copy */
  28685. printf("test HMAC_Init with NULL key (0)\n");
  28686. HMAC_CTX_init(&ctx1);
  28687. AssertIntEQ(HMAC_Init(&ctx1, (const void*)key, keySz, type), SSL_SUCCESS);
  28688. AssertIntEQ(HMAC_Update(&ctx1, msg, msgSz), SSL_SUCCESS);
  28689. AssertIntEQ(HMAC_CTX_copy(&ctx2, &ctx1), SSL_SUCCESS);
  28690. AssertIntEQ(HMAC_Init(&ctx1, NULL, 0, NULL), SSL_SUCCESS);
  28691. AssertIntEQ(HMAC_Update(&ctx1, msg, msgSz), SSL_SUCCESS);
  28692. AssertIntEQ(HMAC_Update(&ctx1, msg, msgSz), SSL_SUCCESS);
  28693. AssertIntEQ(HMAC_Final(&ctx1, digest, &digestSz), SSL_SUCCESS);
  28694. HMAC_CTX_cleanup(&ctx1);
  28695. AssertIntEQ(HMAC_Init(&ctx2, NULL, 0, NULL), SSL_SUCCESS);
  28696. AssertIntEQ(HMAC_Update(&ctx2, msg, msgSz), SSL_SUCCESS);
  28697. AssertIntEQ(HMAC_Update(&ctx2, msg, msgSz), SSL_SUCCESS);
  28698. AssertIntEQ(HMAC_Final(&ctx2, digest2, &digestSz), SSL_SUCCESS);
  28699. HMAC_CTX_cleanup(&ctx2);
  28700. AssertIntEQ(digestSz, digestSz2);
  28701. AssertIntEQ(XMEMCMP(digest, digest2, digestSz), 0);
  28702. /* long key */
  28703. printf("test HMAC_Init with NULL key (1)\n");
  28704. HMAC_CTX_init(&ctx1);
  28705. AssertIntEQ(HMAC_Init(&ctx1, (const void*)long_key, long_keySz, type), SSL_SUCCESS);
  28706. AssertIntEQ(HMAC_Update(&ctx1, msg, msgSz), SSL_SUCCESS);
  28707. AssertIntEQ(HMAC_CTX_copy(&ctx2, &ctx1), SSL_SUCCESS);
  28708. AssertIntEQ(HMAC_Init(&ctx1, NULL, 0, NULL), SSL_SUCCESS);
  28709. AssertIntEQ(HMAC_Update(&ctx1, msg, msgSz), SSL_SUCCESS);
  28710. AssertIntEQ(HMAC_Update(&ctx1, msg, msgSz), SSL_SUCCESS);
  28711. AssertIntEQ(HMAC_Final(&ctx1, digest, &digestSz), SSL_SUCCESS);
  28712. HMAC_CTX_cleanup(&ctx1);
  28713. AssertIntEQ(HMAC_Init(&ctx2, NULL, 0, NULL), SSL_SUCCESS);
  28714. AssertIntEQ(HMAC_Update(&ctx2, msg, msgSz), SSL_SUCCESS);
  28715. AssertIntEQ(HMAC_Update(&ctx2, msg, msgSz), SSL_SUCCESS);
  28716. AssertIntEQ(HMAC_Final(&ctx2, digest2, &digestSz), SSL_SUCCESS);
  28717. HMAC_CTX_cleanup(&ctx2);
  28718. AssertIntEQ(digestSz, digestSz2);
  28719. AssertIntEQ(XMEMCMP(digest, digest2, digestSz), 0);
  28720. /* init before copy */
  28721. printf("test HMAC_Init with NULL key (2)\n");
  28722. HMAC_CTX_init(&ctx1);
  28723. AssertIntEQ(HMAC_Init(&ctx1, (const void*)key, keySz, type), SSL_SUCCESS);
  28724. AssertIntEQ(HMAC_Update(&ctx1, msg, msgSz), SSL_SUCCESS);
  28725. AssertIntEQ(HMAC_Init(&ctx1, NULL, 0, NULL), SSL_SUCCESS);
  28726. AssertIntEQ(HMAC_CTX_copy(&ctx2, &ctx1), SSL_SUCCESS);
  28727. AssertIntEQ(HMAC_Update(&ctx1, msg, msgSz), SSL_SUCCESS);
  28728. AssertIntEQ(HMAC_Update(&ctx1, msg, msgSz), SSL_SUCCESS);
  28729. AssertIntEQ(HMAC_Final(&ctx1, digest, &digestSz), SSL_SUCCESS);
  28730. HMAC_CTX_cleanup(&ctx1);
  28731. AssertIntEQ(HMAC_Update(&ctx2, msg, msgSz), SSL_SUCCESS);
  28732. AssertIntEQ(HMAC_Update(&ctx2, msg, msgSz), SSL_SUCCESS);
  28733. AssertIntEQ(HMAC_Final(&ctx2, digest2, &digestSz), SSL_SUCCESS);
  28734. HMAC_CTX_cleanup(&ctx2);
  28735. AssertIntEQ(digestSz, digestSz2);
  28736. AssertIntEQ(XMEMCMP(digest, digest2, digestSz), 0);
  28737. return digestSz;
  28738. }
  28739. #endif /* defined(OPENSSL_EXTRA) && !defined(NO_HMAC) */
  28740. static void test_wolfSSL_HMAC_CTX(void)
  28741. {
  28742. #if defined(OPENSSL_EXTRA) && !defined(NO_HMAC)
  28743. unsigned char digest[64];
  28744. int digestSz;
  28745. printf(testingFmt, "wolfSSL_HMAC_CTX()");
  28746. #ifndef NO_SHA
  28747. AssertIntEQ((digestSz = test_HMAC_CTX_helper(EVP_sha1(), digest)), 20);
  28748. AssertIntEQ(XMEMCMP("\xD9\x68\x77\x23\x70\xFB\x53\x70\x53\xBA\x0E\xDC\xDA"
  28749. "\xBF\x03\x98\x31\x19\xB2\xCC", digest, digestSz), 0);
  28750. #endif /* !NO_SHA */
  28751. #ifdef WOLFSSL_SHA224
  28752. AssertIntEQ((digestSz = test_HMAC_CTX_helper(EVP_sha224(), digest)), 28);
  28753. AssertIntEQ(XMEMCMP("\x57\xFD\xF4\xE1\x2D\xB0\x79\xD7\x4B\x25\x7E\xB1\x95"
  28754. "\x9C\x11\xAC\x2D\x1E\x78\x94\x4F\x3A\x0F\xED\xF8\xAD"
  28755. "\x02\x0E", digest, digestSz), 0);
  28756. #endif /* WOLFSSL_SHA224 */
  28757. #ifndef NO_SHA256
  28758. AssertIntEQ((digestSz = test_HMAC_CTX_helper(EVP_sha256(), digest)), 32);
  28759. AssertIntEQ(XMEMCMP("\x13\xAB\x76\x91\x0C\x37\x86\x8D\xB3\x7E\x30\x0C\xFC"
  28760. "\xB0\x2E\x8E\x4A\xD7\xD4\x25\xCC\x3A\xA9\x0F\xA2\xF2"
  28761. "\x47\x1E\x62\x6F\x5D\xF2", digest, digestSz), 0);
  28762. #endif /* !NO_SHA256 */
  28763. #ifdef WOLFSSL_SHA384
  28764. AssertIntEQ((digestSz = test_HMAC_CTX_helper(EVP_sha384(), digest)), 48);
  28765. AssertIntEQ(XMEMCMP("\x9E\xCB\x07\x0C\x11\x76\x3F\x23\xC3\x25\x0E\xC4\xB7"
  28766. "\x28\x77\x95\x99\xD5\x9D\x7A\xBB\x1A\x9F\xB7\xFD\x25"
  28767. "\xC9\x72\x47\x9F\x8F\x86\x76\xD6\x20\x57\x87\xB7\xE7"
  28768. "\xCD\xFB\xC2\xCC\x9F\x2B\xC5\x41\xAB",
  28769. digest, digestSz), 0);
  28770. #endif /* WOLFSSL_SHA384 */
  28771. #ifdef WOLFSSL_SHA512
  28772. AssertIntEQ((digestSz = test_HMAC_CTX_helper(EVP_sha512(), digest)), 64);
  28773. AssertIntEQ(XMEMCMP("\xD4\x21\x0C\x8B\x60\x6F\xF4\xBF\x07\x2F\x26\xCC\xAD"
  28774. "\xBC\x06\x0B\x34\x78\x8B\x4F\xD6\xC0\x42\xF1\x33\x10"
  28775. "\x6C\x4F\x1E\x55\x59\xDD\x2A\x9F\x15\x88\x62\xF8\x60"
  28776. "\xA3\x99\x91\xE2\x08\x7B\xF7\x95\x3A\xB0\x92\x48\x60"
  28777. "\x88\x8B\x5B\xB8\x5F\xE9\xB6\xB1\x96\xE3\xB5\xF0",
  28778. digest, digestSz), 0);
  28779. #endif /* WOLFSSL_SHA512 */
  28780. #ifndef NO_MD5
  28781. AssertIntEQ((digestSz = test_HMAC_CTX_helper(EVP_md5(), digest)), 16);
  28782. AssertIntEQ(XMEMCMP("\xB7\x27\xC4\x41\xE5\x2E\x62\xBA\x54\xED\x72\x70\x9F"
  28783. "\xE4\x98\xDD", digest, digestSz), 0);
  28784. #endif /* !NO_MD5 */
  28785. printf(resultFmt, passed);
  28786. #endif
  28787. }
  28788. #if defined(OPENSSL_EXTRA) && !defined(NO_RSA) && !defined(NO_WOLFSSL_CLIENT)
  28789. static void sslMsgCb(int w, int version, int type, const void* buf,
  28790. size_t sz, SSL* ssl, void* arg)
  28791. {
  28792. int i;
  28793. unsigned char* pt = (unsigned char*)buf;
  28794. printf("%s %d bytes of version %d , type %d : ", (w)?"Writing":"Reading",
  28795. (int)sz, version, type);
  28796. for (i = 0; i < (int)sz; i++) printf("%02X", pt[i]);
  28797. printf("\n");
  28798. (void)ssl;
  28799. (void)arg;
  28800. }
  28801. #endif /* OPENSSL_EXTRA */
  28802. static void test_wolfSSL_msg_callback(void)
  28803. {
  28804. #if defined(OPENSSL_EXTRA) && !defined(NO_RSA) && !defined(NO_WOLFSSL_CLIENT)
  28805. WOLFSSL* ssl;
  28806. WOLFSSL_CTX* ctx;
  28807. printf(testingFmt, "wolfSSL_msg_callback()");
  28808. AssertNotNull(ctx = wolfSSL_CTX_new(wolfSSLv23_client_method()));
  28809. AssertTrue(wolfSSL_CTX_use_certificate_file(ctx, cliCertFile,
  28810. SSL_FILETYPE_PEM));
  28811. AssertTrue(wolfSSL_CTX_use_PrivateKey_file(ctx, cliKeyFile,
  28812. SSL_FILETYPE_PEM));
  28813. AssertIntEQ(wolfSSL_CTX_load_verify_locations(ctx, caCertFile, 0),
  28814. SSL_SUCCESS);
  28815. AssertNotNull(ssl = SSL_new(ctx));
  28816. AssertIntEQ(SSL_set_msg_callback(ssl, NULL), SSL_SUCCESS);
  28817. AssertIntEQ(SSL_set_msg_callback(ssl, &sslMsgCb), SSL_SUCCESS);
  28818. AssertIntEQ(SSL_set_msg_callback(NULL, &sslMsgCb), SSL_FAILURE);
  28819. SSL_free(ssl);
  28820. SSL_CTX_free(ctx);
  28821. printf(resultFmt, passed);
  28822. #endif
  28823. }
  28824. static void test_wolfSSL_SHA(void)
  28825. {
  28826. #if defined(OPENSSL_EXTRA) && !defined(HAVE_SELFTEST)
  28827. printf(testingFmt, "wolfSSL_SHA()");
  28828. #if !defined(NO_SHA) && defined(NO_OLD_SHA_NAMES)
  28829. {
  28830. const unsigned char in[] = "abc";
  28831. unsigned char expected[] = "\xA9\x99\x3E\x36\x47\x06\x81\x6A\xBA\x3E"
  28832. "\x25\x71\x78\x50\xC2\x6C\x9C\xD0\xD8\x9D";
  28833. unsigned char out[WC_SHA_DIGEST_SIZE];
  28834. XMEMSET(out, 0, WC_SHA_DIGEST_SIZE);
  28835. AssertNotNull(SHA1(in, XSTRLEN((char*)in), out));
  28836. AssertIntEQ(XMEMCMP(out, expected, WC_SHA_DIGEST_SIZE), 0);
  28837. /* SHA interface test */
  28838. XMEMSET(out, 0, WC_SHA_DIGEST_SIZE);
  28839. AssertNotNull(SHA(in, XSTRLEN((char*)in), out));
  28840. AssertIntEQ(XMEMCMP(out, expected, WC_SHA_DIGEST_SIZE), 0);
  28841. }
  28842. #endif
  28843. #if !defined(NO_SHA256)
  28844. {
  28845. const unsigned char in[] = "abc";
  28846. unsigned char expected[] = "\xBA\x78\x16\xBF\x8F\x01\xCF\xEA\x41\x41\x40\xDE\x5D\xAE\x22"
  28847. "\x23\xB0\x03\x61\xA3\x96\x17\x7A\x9C\xB4\x10\xFF\x61\xF2\x00"
  28848. "\x15\xAD";
  28849. unsigned char out[WC_SHA256_DIGEST_SIZE];
  28850. XMEMSET(out, 0, WC_SHA256_DIGEST_SIZE);
  28851. #if !defined(NO_OLD_NAMES) && !defined(HAVE_FIPS)
  28852. AssertNotNull(SHA256(in, XSTRLEN((char*)in), out));
  28853. #else
  28854. AssertNotNull(wolfSSL_SHA256(in, XSTRLEN((char*)in), out));
  28855. #endif
  28856. AssertIntEQ(XMEMCMP(out, expected, WC_SHA256_DIGEST_SIZE), 0);
  28857. }
  28858. #endif
  28859. #if defined(WOLFSSL_SHA384)
  28860. {
  28861. const unsigned char in[] = "abc";
  28862. unsigned char expected[] = "\xcb\x00\x75\x3f\x45\xa3\x5e\x8b\xb5\xa0\x3d\x69\x9a\xc6\x50"
  28863. "\x07\x27\x2c\x32\xab\x0e\xde\xd1\x63\x1a\x8b\x60\x5a\x43\xff"
  28864. "\x5b\xed\x80\x86\x07\x2b\xa1\xe7\xcc\x23\x58\xba\xec\xa1\x34"
  28865. "\xc8\x25\xa7";
  28866. unsigned char out[WC_SHA384_DIGEST_SIZE];
  28867. XMEMSET(out, 0, WC_SHA384_DIGEST_SIZE);
  28868. #if !defined(NO_OLD_NAMES) && !defined(HAVE_FIPS)
  28869. AssertNotNull(SHA384(in, XSTRLEN((char*)in), out));
  28870. #else
  28871. AssertNotNull(wolfSSL_SHA384(in, XSTRLEN((char*)in), out));
  28872. #endif
  28873. AssertIntEQ(XMEMCMP(out, expected, WC_SHA384_DIGEST_SIZE), 0);
  28874. }
  28875. #endif
  28876. #if defined(WOLFSSL_SHA512)
  28877. {
  28878. const unsigned char in[] = "abc";
  28879. unsigned char expected[] = "\xdd\xaf\x35\xa1\x93\x61\x7a\xba\xcc\x41\x73\x49\xae\x20\x41"
  28880. "\x31\x12\xe6\xfa\x4e\x89\xa9\x7e\xa2\x0a\x9e\xee\xe6\x4b\x55"
  28881. "\xd3\x9a\x21\x92\x99\x2a\x27\x4f\xc1\xa8\x36\xba\x3c\x23\xa3"
  28882. "\xfe\xeb\xbd\x45\x4d\x44\x23\x64\x3c\xe8\x0e\x2a\x9a\xc9\x4f"
  28883. "\xa5\x4c\xa4\x9f";
  28884. unsigned char out[WC_SHA512_DIGEST_SIZE];
  28885. XMEMSET(out, 0, WC_SHA512_DIGEST_SIZE);
  28886. #if !defined(NO_OLD_NAMES) && !defined(HAVE_FIPS)
  28887. AssertNotNull(SHA512(in, XSTRLEN((char*)in), out));
  28888. #else
  28889. AssertNotNull(wolfSSL_SHA512(in, XSTRLEN((char*)in), out));
  28890. #endif
  28891. AssertIntEQ(XMEMCMP(out, expected, WC_SHA512_DIGEST_SIZE), 0);
  28892. }
  28893. #endif
  28894. printf(resultFmt, passed);
  28895. #endif
  28896. }
  28897. static void test_wolfSSL_DH_1536_prime(void)
  28898. {
  28899. #if defined(OPENSSL_EXTRA) && !defined(NO_DH)
  28900. BIGNUM* bn;
  28901. unsigned char bits[200];
  28902. int sz = 192; /* known binary size */
  28903. const byte expected[] = {
  28904. 0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,
  28905. 0xC9,0x0F,0xDA,0xA2,0x21,0x68,0xC2,0x34,
  28906. 0xC4,0xC6,0x62,0x8B,0x80,0xDC,0x1C,0xD1,
  28907. 0x29,0x02,0x4E,0x08,0x8A,0x67,0xCC,0x74,
  28908. 0x02,0x0B,0xBE,0xA6,0x3B,0x13,0x9B,0x22,
  28909. 0x51,0x4A,0x08,0x79,0x8E,0x34,0x04,0xDD,
  28910. 0xEF,0x95,0x19,0xB3,0xCD,0x3A,0x43,0x1B,
  28911. 0x30,0x2B,0x0A,0x6D,0xF2,0x5F,0x14,0x37,
  28912. 0x4F,0xE1,0x35,0x6D,0x6D,0x51,0xC2,0x45,
  28913. 0xE4,0x85,0xB5,0x76,0x62,0x5E,0x7E,0xC6,
  28914. 0xF4,0x4C,0x42,0xE9,0xA6,0x37,0xED,0x6B,
  28915. 0x0B,0xFF,0x5C,0xB6,0xF4,0x06,0xB7,0xED,
  28916. 0xEE,0x38,0x6B,0xFB,0x5A,0x89,0x9F,0xA5,
  28917. 0xAE,0x9F,0x24,0x11,0x7C,0x4B,0x1F,0xE6,
  28918. 0x49,0x28,0x66,0x51,0xEC,0xE4,0x5B,0x3D,
  28919. 0xC2,0x00,0x7C,0xB8,0xA1,0x63,0xBF,0x05,
  28920. 0x98,0xDA,0x48,0x36,0x1C,0x55,0xD3,0x9A,
  28921. 0x69,0x16,0x3F,0xA8,0xFD,0x24,0xCF,0x5F,
  28922. 0x83,0x65,0x5D,0x23,0xDC,0xA3,0xAD,0x96,
  28923. 0x1C,0x62,0xF3,0x56,0x20,0x85,0x52,0xBB,
  28924. 0x9E,0xD5,0x29,0x07,0x70,0x96,0x96,0x6D,
  28925. 0x67,0x0C,0x35,0x4E,0x4A,0xBC,0x98,0x04,
  28926. 0xF1,0x74,0x6C,0x08,0xCA,0x23,0x73,0x27,
  28927. 0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,
  28928. };
  28929. printf(testingFmt, "wolfSSL_DH_1536_prime()");
  28930. bn = get_rfc3526_prime_1536(NULL);
  28931. AssertNotNull(bn);
  28932. AssertIntEQ(sz, BN_bn2bin((const BIGNUM*)bn, bits));
  28933. AssertIntEQ(0, XMEMCMP(expected, bits, sz));
  28934. BN_free(bn);
  28935. printf(resultFmt, passed);
  28936. #endif
  28937. }
  28938. static void test_wolfSSL_PEM_write_DHparams(void)
  28939. {
  28940. #if defined(OPENSSL_ALL) || defined(WOLFSSL_QT)
  28941. #if defined(OPENSSL_EXTRA) && !defined(NO_DH) && !defined(NO_FILESYSTEM)
  28942. #if !defined(HAVE_FIPS) || (defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION>2))
  28943. #ifndef NO_BIO
  28944. DH* dh;
  28945. BIO* bio;
  28946. XFILE fp;
  28947. byte pem[2048];
  28948. int pemSz;
  28949. const char expected[] =
  28950. "-----BEGIN DH PARAMETERS-----\n\
  28951. MIIBCAKCAQEAsKEIBpwIE7pZBjy8MNX1AMFPRKfW70rGJScc6NKWUwpckd2iwpSE\n\
  28952. v32yRJ+b0sGKxb5yXKfnkebUn3MHhVtmSMdw+rTuAsk9mkraPcFGPhlp0RdGB6NN\n\
  28953. nyuWFzltMI0q85TTdc+gdebykh8acAWqBINXMPvadpM4UOgn/WPuPOW3yAmub1A1\n\
  28954. joTOSgDpEn5aMdcz/CETdswWMNsM/MVipzW477ewrMA29tnJRkj5QJAAKxuqbOMa\n\
  28955. wwsDnhvCRuRITiJzb8Nf1JrWMAdI1oyQq9T28eNI01hLprnNKb9oHwhLY4YvXGvW\n\
  28956. tgZl96bcAGdru8OpQYP7x/rI4h5+rwA/kwIBAg==\n\
  28957. -----END DH PARAMETERS-----\n";
  28958. printf(testingFmt, "wolfSSL_PEM_write_DHparams()");
  28959. AssertNotNull(fp = XFOPEN(dhParamFile, "rb"));
  28960. AssertIntGT((pemSz = (int)XFREAD(pem, 1, sizeof(pem), fp)), 0);
  28961. XFCLOSE(fp);
  28962. AssertNotNull(bio = BIO_new(BIO_s_mem()));
  28963. AssertIntEQ(BIO_write(bio, pem, pemSz), pemSz);
  28964. AssertNotNull(dh = PEM_read_bio_DHparams(bio, NULL, NULL, NULL));
  28965. BIO_free(bio);
  28966. AssertNotNull(fp = XFOPEN("./test-write-dhparams.pem", "wb"));
  28967. AssertIntEQ(PEM_write_DHparams(fp, dh), WOLFSSL_SUCCESS);
  28968. AssertIntEQ(PEM_write_DHparams(fp, NULL), WOLFSSL_FAILURE);
  28969. XFCLOSE(fp);
  28970. DH_free(dh);
  28971. /* check results */
  28972. XMEMSET(pem, 0, sizeof(pem));
  28973. AssertNotNull(fp = XFOPEN("./test-write-dhparams.pem", "rb"));
  28974. AssertIntGT((pemSz = (int)XFREAD(pem, 1, sizeof(pem), fp)), 0);
  28975. AssertIntEQ(XMEMCMP(pem, expected, pemSz), 0);
  28976. XFCLOSE(fp);
  28977. printf(resultFmt, passed);
  28978. #endif /* !NO_BIO */
  28979. #endif /* !HAVE_FIPS || HAVE_FIPS_VERSION > 2 */
  28980. #endif /* OPENSSL_ALL || OPENSSL_QT */
  28981. #endif
  28982. }
  28983. static void test_wolfSSL_AES_ecb_encrypt(void)
  28984. {
  28985. #if defined(OPENSSL_EXTRA) && !defined(NO_AES) && defined(HAVE_AES_ECB)
  28986. AES_KEY aes;
  28987. const byte msg[] =
  28988. {
  28989. 0x6b,0xc1,0xbe,0xe2,0x2e,0x40,0x9f,0x96,
  28990. 0xe9,0x3d,0x7e,0x11,0x73,0x93,0x17,0x2a
  28991. };
  28992. const byte verify[] =
  28993. {
  28994. 0xf3,0xee,0xd1,0xbd,0xb5,0xd2,0xa0,0x3c,
  28995. 0x06,0x4b,0x5a,0x7e,0x3d,0xb1,0x81,0xf8
  28996. };
  28997. const byte key[] =
  28998. {
  28999. 0x60,0x3d,0xeb,0x10,0x15,0xca,0x71,0xbe,
  29000. 0x2b,0x73,0xae,0xf0,0x85,0x7d,0x77,0x81,
  29001. 0x1f,0x35,0x2c,0x07,0x3b,0x61,0x08,0xd7,
  29002. 0x2d,0x98,0x10,0xa3,0x09,0x14,0xdf,0xf4
  29003. };
  29004. byte out[AES_BLOCK_SIZE];
  29005. printf(testingFmt, "wolfSSL_AES_ecb_encrypt()");
  29006. AssertIntEQ(AES_set_encrypt_key(key, sizeof(key)*8, &aes), 0);
  29007. XMEMSET(out, 0, AES_BLOCK_SIZE);
  29008. AES_ecb_encrypt(msg, out, &aes, AES_ENCRYPT);
  29009. AssertIntEQ(XMEMCMP(out, verify, AES_BLOCK_SIZE), 0);
  29010. #ifdef HAVE_AES_DECRYPT
  29011. AssertIntEQ(AES_set_decrypt_key(key, sizeof(key)*8, &aes), 0);
  29012. XMEMSET(out, 0, AES_BLOCK_SIZE);
  29013. AES_ecb_encrypt(verify, out, &aes, AES_DECRYPT);
  29014. AssertIntEQ(XMEMCMP(out, msg, AES_BLOCK_SIZE), 0);
  29015. #endif
  29016. /* test bad arguments */
  29017. AES_ecb_encrypt(NULL, out, &aes, AES_DECRYPT);
  29018. AES_ecb_encrypt(verify, NULL, &aes, AES_DECRYPT);
  29019. AES_ecb_encrypt(verify, out, NULL, AES_DECRYPT);
  29020. printf(resultFmt, passed);
  29021. #endif
  29022. }
  29023. static void test_wolfSSL_MD5(void)
  29024. {
  29025. #if defined(OPENSSL_EXTRA) && !defined(NO_MD5)
  29026. byte input1[] = "";
  29027. byte input2[] = "message digest";
  29028. byte hash[WC_MD5_DIGEST_SIZE];
  29029. unsigned char output1[] =
  29030. "\xd4\x1d\x8c\xd9\x8f\x00\xb2\x04\xe9\x80\x09\x98\xec\xf8\x42\x7e";
  29031. unsigned char output2[] =
  29032. "\xf9\x6b\x69\x7d\x7c\xb7\x93\x8d\x52\x5a\x2f\x31\xaa\xf1\x61\xd0";
  29033. WOLFSSL_MD5_CTX md5;
  29034. printf(testingFmt, "wolfSSL_MD5()");
  29035. XMEMSET(&md5, 0, sizeof(md5));
  29036. /* Init MD5 CTX */
  29037. AssertIntEQ(wolfSSL_MD5_Init(&md5), 1);
  29038. AssertIntEQ(wolfSSL_MD5_Update(&md5, input1,
  29039. XSTRLEN((const char*)&input1)), 1);
  29040. AssertIntEQ(wolfSSL_MD5_Final(hash, &md5), 1);
  29041. AssertIntEQ(XMEMCMP(&hash, output1, WC_MD5_DIGEST_SIZE), 0);
  29042. /* Init MD5 CTX */
  29043. AssertIntEQ(wolfSSL_MD5_Init(&md5), 1);
  29044. AssertIntEQ(wolfSSL_MD5_Update(&md5, input2,
  29045. (int)XSTRLEN((const char*)input2)), 1);
  29046. AssertIntEQ(wolfSSL_MD5_Final(hash, &md5), 1);
  29047. AssertIntEQ(XMEMCMP(&hash, output2, WC_MD5_DIGEST_SIZE), 0);
  29048. #if !defined(NO_OLD_NAMES) && \
  29049. (!defined(HAVE_FIPS) || (defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION>2)))
  29050. AssertIntEQ(MD5(input1, (int)XSTRLEN((const char*)&input1), (byte*)&hash), 0);
  29051. AssertIntEQ(XMEMCMP(&hash, output1, WC_MD5_DIGEST_SIZE), 0);
  29052. AssertIntEQ(MD5(input2, (int)XSTRLEN((const char*)&input2), (byte*)&hash), 0);
  29053. AssertIntEQ(XMEMCMP(&hash, output2, WC_MD5_DIGEST_SIZE), 0);
  29054. #endif
  29055. printf(resultFmt, passed);
  29056. #endif
  29057. }
  29058. static void test_wolfSSL_MD5_Transform(void)
  29059. {
  29060. #if defined(OPENSSL_EXTRA) && !defined(NO_MD5)
  29061. byte input1[] = "";
  29062. byte input2[] = "abc";
  29063. byte local[WC_MD5_BLOCK_SIZE];
  29064. word32 sLen = 0;
  29065. unsigned char output1[] =
  29066. "\xac\x1d\x1f\x03\xd0\x8e\xa5\x6e\xb7\x67\xab\x1f\x91\x77\x31\x74";
  29067. unsigned char output2[] =
  29068. "\x8d\x79\xd3\xef\x90\x25\x17\x67\xc7\x79\x13\xa4\xbc\x7b\xa7\xe3";
  29069. MD5_CTX md5;
  29070. printf(testingFmt, "wolfSSL_MD5_Transform()");
  29071. XMEMSET(&md5, 0, sizeof(md5));
  29072. XMEMSET(&local, 0, sizeof(local));
  29073. /* sanity check */
  29074. AssertIntEQ(MD5_Transform(NULL, NULL), 0);
  29075. AssertIntEQ(MD5_Transform(NULL, (const byte*)&input1), 0);
  29076. AssertIntEQ(MD5_Transform(&md5, NULL), 0);
  29077. AssertIntEQ(wc_Md5Transform(NULL, NULL), BAD_FUNC_ARG);
  29078. AssertIntEQ(wc_Md5Transform(NULL, (const byte*)&input1), BAD_FUNC_ARG);
  29079. AssertIntEQ(wc_Md5Transform((wc_Md5*)&md5, NULL), BAD_FUNC_ARG);
  29080. /* Init MD5 CTX */
  29081. AssertIntEQ(wolfSSL_MD5_Init(&md5), 1);
  29082. /* Do Transform*/
  29083. sLen = (word32)XSTRLEN((char*)input1);
  29084. XMEMCPY(local, input1, sLen);
  29085. AssertIntEQ(MD5_Transform(&md5, (const byte*)&local[0]), 1);
  29086. AssertIntEQ(XMEMCMP(&((wc_Md5*)&md5)->digest[0], output1,
  29087. WC_MD5_DIGEST_SIZE), 0);
  29088. /* Init MD5 CTX */
  29089. AssertIntEQ(MD5_Init(&md5), 1);
  29090. sLen = (word32)XSTRLEN((char*)input2);
  29091. XMEMSET(local, 0, WC_MD5_BLOCK_SIZE);
  29092. XMEMCPY(local, input2, sLen);
  29093. AssertIntEQ(MD5_Transform(&md5, (const byte*)&local[0]), 1);
  29094. AssertIntEQ(XMEMCMP(&((wc_Md5*)&md5)->digest[0], output2,
  29095. WC_MD5_DIGEST_SIZE), 0);
  29096. printf(resultFmt, passed);
  29097. #endif
  29098. }
  29099. static void test_wolfSSL_SHA224(void)
  29100. {
  29101. #if defined(OPENSSL_EXTRA) && defined(WOLFSSL_SHA224) && \
  29102. !defined(HAVE_SELFTEST) && (!defined(HAVE_FIPS) || \
  29103. (defined(HAVE_FIPS_VERSION) && HAVE_FIPS_VERSION > 2))
  29104. unsigned char input[] =
  29105. "abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq";
  29106. unsigned char output[] =
  29107. "\x75\x38\x8b\x16\x51\x27\x76\xcc\x5d\xba\x5d\xa1\xfd\x89\x01"
  29108. "\x50\xb0\xc6\x45\x5c\xb4\xf5\x8b\x19\x52\x52\x25\x25";
  29109. size_t inLen;
  29110. byte hash[WC_SHA224_DIGEST_SIZE];
  29111. printf(testingFmt, "wolfSSL_SHA224()");
  29112. inLen = XSTRLEN((char*)input);
  29113. XMEMSET(hash, 0, WC_SHA224_DIGEST_SIZE);
  29114. AssertNotNull(SHA224(input, inLen, hash));
  29115. AssertIntEQ(XMEMCMP(hash, output, WC_SHA224_DIGEST_SIZE), 0);
  29116. printf(resultFmt, passed);
  29117. #endif
  29118. }
  29119. static void test_wolfSSL_SHA_Transform(void)
  29120. {
  29121. #if defined(OPENSSL_EXTRA) && !defined(NO_SHA)
  29122. #if !defined(HAVE_SELFTEST) && (!defined(HAVE_FIPS) || \
  29123. (defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION > 2)))
  29124. byte input1[] = "";
  29125. byte input2[] = "abc";
  29126. byte local[WC_SHA_BLOCK_SIZE];
  29127. word32 sLen = 0;
  29128. unsigned char output1[] =
  29129. "\xe5\x04\xb4\x92\xed\x8c\x58\x56\x4e\xcd\x1a\x6c\x68\x3f\x05\xbf"
  29130. "\x93\x3a\xf7\x09";
  29131. unsigned char output2[] =
  29132. "\x8b\x74\xb2\x97\xca\xbc\x5b\x4f\xea\xe6\xc0\x5b\xa0\xb4\x40\x2d"
  29133. "\xb8\x08\x6e\x7c";
  29134. SHA_CTX sha;
  29135. SHA_CTX sha1;
  29136. printf(testingFmt, "wolfSSL_SHA_Transform()");
  29137. XMEMSET(&sha, 0, sizeof(sha));
  29138. XMEMSET(&local, 0, sizeof(local));
  29139. /* sanity check */
  29140. AssertIntEQ(SHA_Transform(NULL, NULL), 0);
  29141. AssertIntEQ(SHA_Transform(NULL, (const byte*)&input1), 0);
  29142. AssertIntEQ(SHA_Transform(&sha, NULL), 0);
  29143. AssertIntEQ(SHA1_Transform(NULL, NULL), 0);
  29144. AssertIntEQ(SHA1_Transform(NULL, (const byte*)&input1), 0);
  29145. AssertIntEQ(SHA1_Transform(&sha, NULL), 0);
  29146. AssertIntEQ(wc_ShaTransform(NULL, NULL), BAD_FUNC_ARG);
  29147. AssertIntEQ(wc_ShaTransform(NULL, (const byte*)&input1), BAD_FUNC_ARG);
  29148. AssertIntEQ(wc_ShaTransform((wc_Sha*)&sha, NULL), BAD_FUNC_ARG);
  29149. /* Init SHA CTX */
  29150. AssertIntEQ(SHA_Init(&sha), 1);
  29151. /* Do Transform*/
  29152. sLen = (word32)XSTRLEN((char*)input1);
  29153. XMEMCPY(local, input1, sLen);
  29154. AssertIntEQ(SHA_Transform(&sha, (const byte*)&local[0]), 1);
  29155. AssertIntEQ(XMEMCMP(&((wc_Sha*)&sha)->digest[0], output1,
  29156. WC_SHA_DIGEST_SIZE), 0);
  29157. /* Init SHA CTX */
  29158. AssertIntEQ(SHA_Init(&sha), 1);
  29159. sLen = (word32)XSTRLEN((char*)input2);
  29160. XMEMSET(local, 0, WC_SHA_BLOCK_SIZE);
  29161. XMEMCPY(local, input2, sLen);
  29162. AssertIntEQ(SHA_Transform(&sha, (const byte*)&local[0]), 1);
  29163. AssertIntEQ(XMEMCMP(&((wc_Sha*)&sha)->digest[0], output2,
  29164. WC_SHA_DIGEST_SIZE), 0);
  29165. /* SHA1 */
  29166. XMEMSET(local, 0, WC_SHA_BLOCK_SIZE);
  29167. /* Init SHA CTX */
  29168. AssertIntEQ(SHA1_Init(&sha1), 1);
  29169. /* Do Transform*/
  29170. sLen = (word32)XSTRLEN((char*)input1);
  29171. XMEMCPY(local, input1, sLen);
  29172. AssertIntEQ(SHA1_Transform(&sha1, (const byte*)&local[0]), 1);
  29173. AssertIntEQ(XMEMCMP(&((wc_Sha*)&sha1)->digest[0], output1,
  29174. WC_SHA_DIGEST_SIZE), 0);
  29175. /* Init SHA CTX */
  29176. AssertIntEQ(SHA1_Init(&sha1), 1);
  29177. sLen = (word32)XSTRLEN((char*)input2);
  29178. XMEMSET(local, 0, WC_SHA_BLOCK_SIZE);
  29179. XMEMCPY(local, input2, sLen);
  29180. AssertIntEQ(SHA1_Transform(&sha1, (const byte*)&local[0]), 1);
  29181. AssertIntEQ(XMEMCMP(&((wc_Sha*)&sha1)->digest[0], output2,
  29182. WC_SHA_DIGEST_SIZE), 0);
  29183. printf(resultFmt, passed);
  29184. #endif
  29185. #endif
  29186. }
  29187. static void test_wolfSSL_SHA256_Transform(void)
  29188. {
  29189. #if defined(OPENSSL_EXTRA) && !defined(NO_SHA256)
  29190. #if !defined(HAVE_SELFTEST) && (!defined(HAVE_FIPS) || \
  29191. (defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION > 2)))
  29192. byte input1[] = "";
  29193. byte input2[] = "abc";
  29194. byte local[WC_SHA256_BLOCK_SIZE];
  29195. word32 sLen = 0;
  29196. unsigned char output1[] =
  29197. "\xbe\x98\x56\xda\x69\xb4\xb9\x17\x99\x57\x33\x62\xca\xbe\x9f\x77"
  29198. "\x91\xd4\xe5\x8c\x43\x62\xd2\xc0\xea\xf9\xfe\xba\xd8\xa9\x37\x18";
  29199. unsigned char output2[] =
  29200. "\x67\xd4\x4e\x1d\x67\x61\x7c\x67\x26\x76\x10\x44\xb8\xff\x10\x78"
  29201. "\x39\x9a\xc8\x40\x8c\x60\x16\x73\x05\xd6\x61\xa6\x35\x8c\xf2\x91";
  29202. SHA256_CTX sha256;
  29203. printf(testingFmt, "wolfSSL_SHA256_Transform()");
  29204. XMEMSET(&sha256, 0, sizeof(sha256));
  29205. XMEMSET(&local, 0, sizeof(local));
  29206. /* sanity check */
  29207. AssertIntEQ(SHA256_Transform(NULL, NULL), 0);
  29208. AssertIntEQ(SHA256_Transform(NULL, (const byte*)&input1), 0);
  29209. AssertIntEQ(SHA256_Transform(&sha256, NULL), 0);
  29210. AssertIntEQ(wc_Sha256Transform(NULL, NULL), BAD_FUNC_ARG);
  29211. AssertIntEQ(wc_Sha256Transform(NULL, (const byte*)&input1), BAD_FUNC_ARG);
  29212. AssertIntEQ(wc_Sha256Transform((wc_Sha256*)&sha256, NULL), BAD_FUNC_ARG);
  29213. /* Init SHA256 CTX */
  29214. AssertIntEQ(SHA256_Init(&sha256), 1);
  29215. /* Do Transform*/
  29216. sLen = (word32)XSTRLEN((char*)input1);
  29217. XMEMCPY(local, input1, sLen);
  29218. AssertIntEQ(SHA256_Transform(&sha256, (const byte*)&local[0]), 1);
  29219. AssertIntEQ(XMEMCMP(&((wc_Sha256*)&sha256)->digest[0], output1,
  29220. WC_SHA256_DIGEST_SIZE), 0);
  29221. /* Init SHA256 CTX */
  29222. AssertIntEQ(SHA256_Init(&sha256), 1);
  29223. sLen = (word32)XSTRLEN((char*)input2);
  29224. XMEMSET(local, 0, WC_SHA256_BLOCK_SIZE);
  29225. XMEMCPY(local, input2, sLen);
  29226. AssertIntEQ(SHA256_Transform(&sha256, (const byte*)&local[0]), 1);
  29227. AssertIntEQ(XMEMCMP(&((wc_Sha256*)&sha256)->digest[0], output2,
  29228. WC_SHA256_DIGEST_SIZE), 0);
  29229. printf(resultFmt, passed);
  29230. #endif
  29231. #endif
  29232. }
  29233. static void test_wolfSSL_SHA256(void)
  29234. {
  29235. #if defined(OPENSSL_EXTRA) && !defined(NO_SHA256) && \
  29236. defined(NO_OLD_SHA_NAMES) && !defined(HAVE_FIPS) && !defined(HAVE_SELFTEST)
  29237. unsigned char input[] =
  29238. "abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq";
  29239. unsigned char output[] =
  29240. "\x24\x8D\x6A\x61\xD2\x06\x38\xB8\xE5\xC0\x26\x93\x0C\x3E\x60"
  29241. "\x39\xA3\x3C\xE4\x59\x64\xFF\x21\x67\xF6\xEC\xED\xD4\x19\xDB"
  29242. "\x06\xC1";
  29243. size_t inLen;
  29244. byte hash[WC_SHA256_DIGEST_SIZE];
  29245. printf(testingFmt, "wolfSSL_SHA256()");
  29246. inLen = XSTRLEN((char*)input);
  29247. XMEMSET(hash, 0, WC_SHA256_DIGEST_SIZE);
  29248. AssertNotNull(SHA256(input, inLen, hash));
  29249. AssertIntEQ(XMEMCMP(hash, output, WC_SHA256_DIGEST_SIZE), 0);
  29250. printf(resultFmt, passed);
  29251. #endif
  29252. }
  29253. static void test_wolfSSL_SHA512_Transform(void)
  29254. {
  29255. #if defined(OPENSSL_EXTRA) && defined(WOLFSSL_SHA512)
  29256. #if !defined(HAVE_SELFTEST) && (!defined(HAVE_FIPS) || \
  29257. (defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION > 2)))
  29258. byte input1[] = "";
  29259. byte input2[] = "abc";
  29260. byte local[WC_SHA512_BLOCK_SIZE];
  29261. word32 sLen = 0;
  29262. unsigned char output1[] =
  29263. "\xe8\xcb\x4a\x77\xd5\x81\x78\xcf\x70\x80\xc7\xfb\xe0\x62\x33\x53"
  29264. "\xda\x0e\x46\x87\x9d\x63\x67\x02\xb0\x31\x59\xe8\x40\xcb\x86\x30"
  29265. "\xa3\x23\xa0\x88\x52\xc9\x7d\x71\xe0\xb5\xe0\x4c\xc1\xb2\xba\x96"
  29266. "\x0b\x3e\xe3\xea\x04\xfe\xc4\x6f\xee\x8b\x66\xbd\x0c\xd8\xf4\x91";
  29267. unsigned char output2[] =
  29268. "\x0d\xcc\xa0\xeb\x4e\x93\x10\x11\x21\xc8\x04\xfb\x9c\x43\x33\xfd"
  29269. "\x41\x31\xab\xca\x3d\x26\xb4\xa9\xab\xd7\x67\xe1\xaf\xaa\xc6\xe2"
  29270. "\x83\x4e\xba\x2c\x54\x2e\x8f\x31\x98\x38\x2b\x8f\x9d\xec\x88\xbe"
  29271. "\x4d\x5e\x8b\x53\x9d\x4e\xd2\x14\xf0\x96\x20\xaf\x69\x6c\x68\xde";
  29272. SHA512_CTX sha512;
  29273. printf(testingFmt, "wolfSSL_SHA512_Transform()");
  29274. XMEMSET(&sha512, 0, sizeof(sha512));
  29275. XMEMSET(&local, 0, sizeof(local));
  29276. /* sanity check */
  29277. AssertIntEQ(SHA512_Transform(NULL, NULL), 0);
  29278. AssertIntEQ(SHA512_Transform(NULL, (const byte*)&input1), 0);
  29279. AssertIntEQ(SHA512_Transform(&sha512, NULL), 0);
  29280. AssertIntEQ(wc_Sha512Transform(NULL, NULL), BAD_FUNC_ARG);
  29281. AssertIntEQ(wc_Sha512Transform(NULL, (const byte*)&input1), BAD_FUNC_ARG);
  29282. AssertIntEQ(wc_Sha512Transform((wc_Sha512*)&sha512, NULL), BAD_FUNC_ARG);
  29283. /* Init SHA512 CTX */
  29284. AssertIntEQ(wolfSSL_SHA512_Init(&sha512), 1);
  29285. /* Do Transform*/
  29286. sLen = (word32)XSTRLEN((char*)input1);
  29287. XMEMCPY(local, input1, sLen);
  29288. AssertIntEQ(SHA512_Transform(&sha512, (const byte*)&local[0]), 1);
  29289. AssertIntEQ(XMEMCMP(&((wc_Sha512*)&sha512)->digest[0], output1,
  29290. WC_SHA512_DIGEST_SIZE), 0);
  29291. /* Init SHA512 CTX */
  29292. AssertIntEQ(SHA512_Init(&sha512), 1);
  29293. sLen = (word32)XSTRLEN((char*)input2);
  29294. XMEMSET(local, 0, WC_SHA512_BLOCK_SIZE);
  29295. XMEMCPY(local, input2, sLen);
  29296. AssertIntEQ(SHA512_Transform(&sha512, (const byte*)&local[0]), 1);
  29297. AssertIntEQ(XMEMCMP(&((wc_Sha512*)&sha512)->digest[0], output2,
  29298. WC_SHA512_DIGEST_SIZE), 0);
  29299. (void)input1;
  29300. printf(resultFmt, passed);
  29301. #endif
  29302. #endif
  29303. }
  29304. static void test_wolfSSL_X509_get_serialNumber(void)
  29305. {
  29306. #if defined(OPENSSL_EXTRA) && !defined(NO_CERTS) && !defined(NO_RSA)
  29307. ASN1_INTEGER* a;
  29308. BIGNUM* bn;
  29309. X509* x509;
  29310. char *serialHex;
  29311. byte serial[3];
  29312. int serialSz;
  29313. printf(testingFmt, "wolfSSL_X509_get_serialNumber()");
  29314. AssertNotNull(x509 = wolfSSL_X509_load_certificate_file(svrCertFile,
  29315. SSL_FILETYPE_PEM));
  29316. AssertNotNull(a = X509_get_serialNumber(x509));
  29317. /* check on value of ASN1 Integer */
  29318. AssertNotNull(bn = ASN1_INTEGER_to_BN(a, NULL));
  29319. /* test setting serial number and then retrieving it */
  29320. AssertNotNull(a = ASN1_INTEGER_new());
  29321. ASN1_INTEGER_set(a, 3);
  29322. AssertIntEQ(X509_set_serialNumber(x509, a), WOLFSSL_SUCCESS);
  29323. serialSz = sizeof(serial);
  29324. AssertIntEQ(wolfSSL_X509_get_serial_number(x509, serial, &serialSz),
  29325. WOLFSSL_SUCCESS);
  29326. AssertIntEQ(serialSz, 1);
  29327. AssertIntEQ(serial[0], 3);
  29328. ASN1_INTEGER_free(a);
  29329. /* test setting serial number with 0's in it */
  29330. serial[0] = 0x01;
  29331. serial[1] = 0x00;
  29332. serial[2] = 0x02;
  29333. AssertNotNull(a = wolfSSL_ASN1_INTEGER_new());
  29334. a->data[0] = ASN_INTEGER;
  29335. a->data[1] = sizeof(serial);
  29336. XMEMCPY(&a->data[2], serial, sizeof(serial));
  29337. a->length = sizeof(serial) + 2;
  29338. AssertIntEQ(X509_set_serialNumber(x509, a), WOLFSSL_SUCCESS);
  29339. XMEMSET(serial, 0, sizeof(serial));
  29340. serialSz = sizeof(serial);
  29341. AssertIntEQ(wolfSSL_X509_get_serial_number(x509, serial, &serialSz),
  29342. WOLFSSL_SUCCESS);
  29343. AssertIntEQ(serialSz, 3);
  29344. AssertIntEQ(serial[0], 0x01);
  29345. AssertIntEQ(serial[1], 0x00);
  29346. AssertIntEQ(serial[2], 0x02);
  29347. ASN1_INTEGER_free(a);
  29348. X509_free(x509); /* free's a */
  29349. AssertNotNull(serialHex = BN_bn2hex(bn));
  29350. #ifndef WC_DISABLE_RADIX_ZERO_PAD
  29351. AssertStrEQ(serialHex, "01");
  29352. #else
  29353. AssertStrEQ(serialHex, "1");
  29354. #endif
  29355. OPENSSL_free(serialHex);
  29356. AssertIntEQ(BN_get_word(bn), 1);
  29357. BN_free(bn);
  29358. /* hard test free'ing with dynamic buffer to make sure there is no leaks */
  29359. a = ASN1_INTEGER_new();
  29360. if (a) {
  29361. AssertNotNull(a->data = (unsigned char*)XMALLOC(100, NULL,
  29362. DYNAMIC_TYPE_OPENSSL));
  29363. a->isDynamic = 1;
  29364. ASN1_INTEGER_free(a);
  29365. }
  29366. printf(resultFmt, passed);
  29367. #endif
  29368. }
  29369. static void test_wolfSSL_OpenSSL_add_all_algorithms(void){
  29370. #if defined(OPENSSL_EXTRA)
  29371. printf(testingFmt, "wolfSSL_OpenSSL_add_all_algorithms()");
  29372. AssertIntEQ(wolfSSL_add_all_algorithms(),WOLFSSL_SUCCESS);
  29373. wolfSSL_Cleanup();
  29374. AssertIntEQ(wolfSSL_OpenSSL_add_all_algorithms_noconf(),WOLFSSL_SUCCESS);
  29375. wolfSSL_Cleanup();
  29376. AssertIntEQ(wolfSSL_OpenSSL_add_all_algorithms_conf(),WOLFSSL_SUCCESS);
  29377. wolfSSL_Cleanup();
  29378. printf(resultFmt, passed);
  29379. #endif
  29380. }
  29381. static void test_wolfSSL_ASN1_STRING_print_ex(void){
  29382. #if defined(OPENSSL_EXTRA) && !defined(NO_ASN)
  29383. #ifndef NO_BIO
  29384. ASN1_STRING* asn_str;
  29385. const char data[] = "Hello wolfSSL!";
  29386. ASN1_STRING* esc_str;
  29387. const char esc_data[] = "a+;<>";
  29388. BIO *bio;
  29389. unsigned long flags;
  29390. int p_len;
  29391. unsigned char rbuf[255];
  29392. printf(testingFmt, "wolfSSL_ASN1_STRING_print_ex()");
  29393. /* setup */
  29394. XMEMSET(rbuf, 0, 255);
  29395. bio = BIO_new(BIO_s_mem());
  29396. BIO_set_write_buf_size(bio,255);
  29397. asn_str = ASN1_STRING_type_new(V_ASN1_OCTET_STRING);
  29398. ASN1_STRING_set(asn_str, (const void*)data, sizeof(data));
  29399. esc_str = ASN1_STRING_type_new(V_ASN1_OCTET_STRING);
  29400. ASN1_STRING_set(esc_str, (const void*)esc_data, sizeof(esc_data));
  29401. /* no flags */
  29402. XMEMSET(rbuf, 0, 255);
  29403. flags = 0;
  29404. p_len = wolfSSL_ASN1_STRING_print_ex(bio, asn_str, flags);
  29405. AssertIntEQ(p_len, 15);
  29406. BIO_read(bio, (void*)rbuf, 15);
  29407. AssertStrEQ((char*)rbuf, "Hello wolfSSL!");
  29408. /* RFC2253 Escape */
  29409. XMEMSET(rbuf, 0, 255);
  29410. flags = ASN1_STRFLGS_ESC_2253;
  29411. p_len = wolfSSL_ASN1_STRING_print_ex(bio, esc_str, flags);
  29412. AssertIntEQ(p_len, 9);
  29413. BIO_read(bio, (void*)rbuf, 9);
  29414. AssertStrEQ((char*)rbuf, "a\\+\\;\\<\\>");
  29415. /* Show type */
  29416. XMEMSET(rbuf, 0, 255);
  29417. flags = ASN1_STRFLGS_SHOW_TYPE;
  29418. p_len = wolfSSL_ASN1_STRING_print_ex(bio, asn_str, flags);
  29419. AssertIntEQ(p_len, 28);
  29420. BIO_read(bio, (void*)rbuf, 28);
  29421. AssertStrEQ((char*)rbuf, "OCTET STRING:Hello wolfSSL!");
  29422. /* Dump All */
  29423. XMEMSET(rbuf, 0, 255);
  29424. flags = ASN1_STRFLGS_DUMP_ALL;
  29425. p_len = wolfSSL_ASN1_STRING_print_ex(bio, asn_str, flags);
  29426. AssertIntEQ(p_len, 31);
  29427. BIO_read(bio, (void*)rbuf, 31);
  29428. AssertStrEQ((char*)rbuf, "#48656C6C6F20776F6C6653534C2100");
  29429. /* Dump Der */
  29430. XMEMSET(rbuf, 0, 255);
  29431. flags = ASN1_STRFLGS_DUMP_ALL | ASN1_STRFLGS_DUMP_DER;
  29432. p_len = wolfSSL_ASN1_STRING_print_ex(bio, asn_str, flags);
  29433. AssertIntEQ(p_len, 35);
  29434. BIO_read(bio, (void*)rbuf, 35);
  29435. AssertStrEQ((char*)rbuf, "#040F48656C6C6F20776F6C6653534C2100");
  29436. /* Dump All + Show type */
  29437. XMEMSET(rbuf, 0, 255);
  29438. flags = ASN1_STRFLGS_DUMP_ALL | ASN1_STRFLGS_SHOW_TYPE;
  29439. p_len = wolfSSL_ASN1_STRING_print_ex(bio, asn_str, flags);
  29440. AssertIntEQ(p_len, 44);
  29441. BIO_read(bio, (void*)rbuf, 44);
  29442. AssertStrEQ((char*)rbuf, "OCTET STRING:#48656C6C6F20776F6C6653534C2100");
  29443. BIO_free(bio);
  29444. ASN1_STRING_free(asn_str);
  29445. ASN1_STRING_free(esc_str);
  29446. printf(resultFmt, passed);
  29447. #endif /* !NO_BIO */
  29448. #endif
  29449. }
  29450. static void test_wolfSSL_ASN1_TIME_to_generalizedtime(void){
  29451. #if defined(OPENSSL_EXTRA) && !defined(NO_ASN_TIME)
  29452. WOLFSSL_ASN1_TIME *t;
  29453. WOLFSSL_ASN1_TIME *out;
  29454. WOLFSSL_ASN1_TIME *gtime;
  29455. int tlen = 0;
  29456. unsigned char *data;
  29457. printf(testingFmt, "wolfSSL_ASN1_TIME_to_generalizedtime()");
  29458. /* UTC Time test */
  29459. AssertNotNull(t = wolfSSL_ASN1_TIME_new());
  29460. XMEMSET(t->data, 0, ASN_GENERALIZED_TIME_SIZE);
  29461. AssertNotNull(out = wolfSSL_ASN1_TIME_new());
  29462. t->type = ASN_UTC_TIME;
  29463. t->length = ASN_UTC_TIME_SIZE;
  29464. XMEMCPY(t->data, "050727123456Z", ASN_UTC_TIME_SIZE);
  29465. tlen = wolfSSL_ASN1_TIME_get_length(t);
  29466. AssertIntEQ(tlen, ASN_UTC_TIME_SIZE);
  29467. data = wolfSSL_ASN1_TIME_get_data(t);
  29468. AssertStrEQ((char*)data, "050727123456Z");
  29469. gtime = wolfSSL_ASN1_TIME_to_generalizedtime(t, &out);
  29470. AssertIntEQ(gtime->type, ASN_GENERALIZED_TIME);
  29471. AssertIntEQ(gtime->length, ASN_GENERALIZED_TIME_SIZE);
  29472. AssertStrEQ((char*)gtime->data, "20050727123456Z");
  29473. /* Generalized Time test */
  29474. XMEMSET(t, 0, ASN_GENERALIZED_TIME_SIZE);
  29475. XMEMSET(out, 0, ASN_GENERALIZED_TIME_SIZE);
  29476. XMEMSET(data, 0, ASN_GENERALIZED_TIME_SIZE);
  29477. t->type = ASN_GENERALIZED_TIME;
  29478. t->length = ASN_GENERALIZED_TIME_SIZE;
  29479. XMEMCPY(t->data, "20050727123456Z", ASN_GENERALIZED_TIME_SIZE);
  29480. tlen = wolfSSL_ASN1_TIME_get_length(t);
  29481. AssertIntEQ(tlen, ASN_GENERALIZED_TIME_SIZE);
  29482. data = wolfSSL_ASN1_TIME_get_data(t);
  29483. AssertStrEQ((char*)data, "20050727123456Z");
  29484. gtime = wolfSSL_ASN1_TIME_to_generalizedtime(t, &out);
  29485. AssertIntEQ(gtime->type, ASN_GENERALIZED_TIME);
  29486. AssertIntEQ(gtime->length, ASN_GENERALIZED_TIME_SIZE);
  29487. AssertStrEQ((char*)gtime->data, "20050727123456Z");
  29488. XFREE(out, NULL, DYNAMIC_TYPE_TMP_BUFFER);
  29489. /* Null parameter test */
  29490. XMEMSET(t, 0, ASN_GENERALIZED_TIME_SIZE);
  29491. gtime = NULL;
  29492. out = NULL;
  29493. t->type = ASN_UTC_TIME;
  29494. t->length = ASN_UTC_TIME_SIZE;
  29495. XMEMCPY(t->data, "050727123456Z", ASN_UTC_TIME_SIZE);
  29496. AssertNotNull(gtime = wolfSSL_ASN1_TIME_to_generalizedtime(t, NULL));
  29497. AssertIntEQ(gtime->type, ASN_GENERALIZED_TIME);
  29498. AssertIntEQ(gtime->length, ASN_GENERALIZED_TIME_SIZE);
  29499. AssertStrEQ((char*)gtime->data, "20050727123456Z");
  29500. XFREE(gtime, NULL, DYNAMIC_TYPE_TMP_BUFFER);
  29501. XFREE(t, NULL, DYNAMIC_TYPE_TMP_BUFFER);
  29502. printf(resultFmt, passed);
  29503. #endif
  29504. }
  29505. static void test_wolfSSL_X509_CA_num(void){
  29506. #if defined(OPENSSL_EXTRA) && !defined(NO_CERTS) && !defined(NO_FILESYSTEM) && \
  29507. defined(HAVE_ECC) && !defined(NO_RSA)
  29508. WOLFSSL_X509_STORE *store;
  29509. WOLFSSL_X509 *x509_1, *x509_2;
  29510. int ca_num = 0;
  29511. printf(testingFmt, "wolfSSL_X509_CA_num()");
  29512. store = wolfSSL_X509_STORE_new();
  29513. x509_1 = wolfSSL_X509_load_certificate_file(svrCertFile, WOLFSSL_FILETYPE_PEM);
  29514. wolfSSL_X509_STORE_add_cert(store, x509_1);
  29515. ca_num = wolfSSL_X509_CA_num(store);
  29516. AssertIntEQ(ca_num, 1);
  29517. x509_2 = wolfSSL_X509_load_certificate_file(eccCertFile, WOLFSSL_FILETYPE_PEM);
  29518. wolfSSL_X509_STORE_add_cert(store, x509_2);
  29519. ca_num = wolfSSL_X509_CA_num(store);
  29520. AssertIntEQ(ca_num, 2);
  29521. wolfSSL_X509_free(x509_1);
  29522. wolfSSL_X509_free(x509_2);
  29523. wolfSSL_X509_STORE_free(store);
  29524. printf(resultFmt, passed);
  29525. #endif
  29526. }
  29527. static void test_wolfSSL_X509_check_ca(void){
  29528. #if defined(OPENSSL_EXTRA) && !defined(NO_RSA) && !defined(NO_FILESYSTEM)
  29529. WOLFSSL_X509 *x509;
  29530. printf(testingFmt, "wolfSSL_X509_check_ca()");
  29531. x509 = wolfSSL_X509_load_certificate_file(svrCertFile, WOLFSSL_FILETYPE_PEM);
  29532. AssertIntEQ(wolfSSL_X509_check_ca(x509), 1);
  29533. wolfSSL_X509_free(x509);
  29534. x509 = wolfSSL_X509_load_certificate_file(ntruCertFile, WOLFSSL_FILETYPE_PEM);
  29535. AssertIntEQ(wolfSSL_X509_check_ca(x509), 0);
  29536. wolfSSL_X509_free(x509);
  29537. printf(resultFmt, passed);
  29538. #endif
  29539. }
  29540. static void test_wolfSSL_X509_check_ip_asc(void){
  29541. #if defined(OPENSSL_EXTRA) && !defined(NO_RSA) && !defined(NO_FILESYSTEM)
  29542. WOLFSSL_X509 *x509;
  29543. printf(testingFmt, "wolfSSL_X509_check_ip_asc()");
  29544. x509 = wolfSSL_X509_load_certificate_file(cliCertFile, WOLFSSL_FILETYPE_PEM);
  29545. #if 0
  29546. /* TODO: add cert gen for testing positive case */
  29547. AssertIntEQ(wolfSSL_X509_check_ip_asc(x509, "127.0.0.1", 0), 1);
  29548. #endif
  29549. AssertIntEQ(wolfSSL_X509_check_ip_asc(x509, "0.0.0.0", 0), 0);
  29550. AssertIntEQ(wolfSSL_X509_check_ip_asc(x509, NULL, 0), 0);
  29551. wolfSSL_X509_free(x509);
  29552. printf(resultFmt, passed);
  29553. #endif
  29554. }
  29555. static void test_wolfSSL_DC_cert(void)
  29556. {
  29557. #if defined(OPENSSL_EXTRA) && !defined(NO_RSA) && !defined(NO_FILESYSTEM) && \
  29558. defined(WOLFSSL_CERT_GEN) && defined(WOLFSSL_KEY_GEN) && \
  29559. defined(WOLFSSL_CERT_EXT)
  29560. Cert cert;
  29561. RsaKey key;
  29562. WC_RNG rng;
  29563. byte der[FOURK_BUF];
  29564. int certSz;
  29565. int ret, idx;
  29566. const byte mySerial[8] = {1,2,3,4,5,6,7,8};
  29567. const unsigned char* pt;
  29568. X509* x509;
  29569. X509_NAME* x509name;
  29570. X509_NAME_ENTRY* entry;
  29571. ASN1_STRING* entryValue;
  29572. CertName name;
  29573. printf(testingFmt, "wolfSSL Certs with DC");
  29574. XMEMSET(&name, 0, sizeof(CertName));
  29575. /* set up cert name */
  29576. XMEMCPY(name.country, "US", sizeof("US"));
  29577. name.countryEnc = CTC_PRINTABLE;
  29578. XMEMCPY(name.state, "Oregon", sizeof("Oregon"));
  29579. name.stateEnc = CTC_UTF8;
  29580. XMEMCPY(name.locality, "Portland", sizeof("Portland"));
  29581. name.localityEnc = CTC_UTF8;
  29582. XMEMCPY(name.sur, "Test", sizeof("Test"));
  29583. name.surEnc = CTC_UTF8;
  29584. XMEMCPY(name.org, "wolfSSL", sizeof("wolfSSL"));
  29585. name.orgEnc = CTC_UTF8;
  29586. XMEMCPY(name.unit, "Development", sizeof("Development"));
  29587. name.unitEnc = CTC_UTF8;
  29588. XMEMCPY(name.commonName, "www.wolfssl.com", sizeof("www.wolfssl.com"));
  29589. name.commonNameEnc = CTC_UTF8;
  29590. XMEMCPY(name.serialDev, "wolfSSL12345", sizeof("wolfSSL12345"));
  29591. name.serialDevEnc = CTC_PRINTABLE;
  29592. #ifdef WOLFSSL_MULTI_ATTRIB
  29593. #if CTC_MAX_ATTRIB > 2
  29594. {
  29595. NameAttrib* n;
  29596. n = &name.name[0];
  29597. n->id = ASN_DOMAIN_COMPONENT;
  29598. n->type = CTC_UTF8;
  29599. n->sz = sizeof("com");
  29600. XMEMCPY(n->value, "com", sizeof("com"));
  29601. n = &name.name[1];
  29602. n->id = ASN_DOMAIN_COMPONENT;
  29603. n->type = CTC_UTF8;
  29604. n->sz = sizeof("wolfssl");
  29605. XMEMCPY(n->value, "wolfssl", sizeof("wolfssl"));
  29606. }
  29607. #endif
  29608. #endif /* WOLFSSL_MULTI_ATTRIB */
  29609. AssertIntEQ(wc_InitRsaKey(&key, HEAP_HINT), 0);
  29610. #ifndef HAVE_FIPS
  29611. AssertIntEQ(wc_InitRng_ex(&rng, HEAP_HINT, devId), 0);
  29612. #else
  29613. AssertIntEQ(wc_InitRng(&rng), 0);
  29614. #endif
  29615. AssertIntEQ(wc_MakeRsaKey(&key, 2048, 3, &rng), 0);
  29616. XMEMSET(&cert, 0 , sizeof(Cert));
  29617. AssertIntEQ(wc_InitCert(&cert), 0);
  29618. XMEMCPY(&cert.subject, &name, sizeof(CertName));
  29619. XMEMCPY(cert.serial, mySerial, sizeof(mySerial));
  29620. cert.serialSz = (int)sizeof(mySerial);
  29621. cert.isCA = 1;
  29622. #ifndef NO_SHA256
  29623. cert.sigType = CTC_SHA256wRSA;
  29624. #else
  29625. cert.sigType = CTC_SHAwRSA;
  29626. #endif
  29627. /* add SKID from the Public Key */
  29628. AssertIntEQ(wc_SetSubjectKeyIdFromPublicKey(&cert, &key, NULL), 0);
  29629. /* add AKID from the Public Key */
  29630. AssertIntEQ(wc_SetAuthKeyIdFromPublicKey(&cert, &key, NULL), 0);
  29631. ret = 0;
  29632. do {
  29633. #if defined(WOLFSSL_ASYNC_CRYPT)
  29634. ret = wc_AsyncWait(ret, &key.asyncDev, WC_ASYNC_FLAG_CALL_AGAIN);
  29635. #endif
  29636. if (ret >= 0) {
  29637. ret = wc_MakeSelfCert(&cert, der, FOURK_BUF, &key, &rng);
  29638. }
  29639. } while (ret == WC_PENDING_E);
  29640. AssertIntGT(ret, 0);
  29641. certSz = ret;
  29642. /* der holds a certificate with DC's now check X509 parsing of it */
  29643. pt = der;
  29644. AssertNotNull(x509 = d2i_X509(NULL, &pt, certSz));
  29645. AssertNotNull(x509name = X509_get_subject_name(x509));
  29646. #ifdef WOLFSSL_MULTI_ATTRIB
  29647. AssertIntEQ((idx = X509_NAME_get_index_by_NID(x509name, NID_domainComponent,
  29648. -1)), 5);
  29649. AssertIntEQ((idx = X509_NAME_get_index_by_NID(x509name, NID_domainComponent,
  29650. idx)), 6);
  29651. AssertIntEQ((idx = X509_NAME_get_index_by_NID(x509name, NID_domainComponent,
  29652. idx)), -1);
  29653. #endif /* WOLFSSL_MULTI_ATTRIB */
  29654. /* compare DN at index 0 */
  29655. AssertNotNull(entry = X509_NAME_get_entry(x509name, 0));
  29656. AssertNotNull(entryValue = X509_NAME_ENTRY_get_data(entry));
  29657. AssertIntEQ(ASN1_STRING_length(entryValue), 2);
  29658. AssertStrEQ((const char*)ASN1_STRING_data(entryValue), "US");
  29659. #ifdef WOLFSSL_MULTI_ATTRIB
  29660. /* get first and second DC and compare result */
  29661. AssertIntEQ((idx = X509_NAME_get_index_by_NID(x509name, NID_domainComponent,
  29662. -1)), 5);
  29663. AssertNotNull(entry = X509_NAME_get_entry(x509name, idx));
  29664. AssertNotNull(entryValue = X509_NAME_ENTRY_get_data(entry));
  29665. AssertStrEQ((const char *)ASN1_STRING_data(entryValue), "com");
  29666. AssertIntEQ((idx = X509_NAME_get_index_by_NID(x509name, NID_domainComponent,
  29667. idx)), 6);
  29668. AssertNotNull(entry = X509_NAME_get_entry(x509name, idx));
  29669. AssertNotNull(entryValue = X509_NAME_ENTRY_get_data(entry));
  29670. AssertStrEQ((const char *)ASN1_STRING_data(entryValue), "wolfssl");
  29671. #endif /* WOLFSSL_MULTI_ATTRIB */
  29672. /* try invalid index locations for regression test and sanity check */
  29673. AssertNull(entry = X509_NAME_get_entry(x509name, 11));
  29674. AssertNull(entry = X509_NAME_get_entry(x509name, 20));
  29675. (void)idx;
  29676. X509_free(x509);
  29677. wc_FreeRsaKey(&key);
  29678. wc_FreeRng(&rng);
  29679. printf(resultFmt, passed);
  29680. #endif
  29681. }
  29682. static void test_wolfSSL_X509_get_version(void){
  29683. #if defined(OPENSSL_EXTRA) && !defined(NO_FILESYSTEM) && !defined(NO_RSA)
  29684. WOLFSSL_X509 *x509;
  29685. printf(testingFmt, "wolfSSL_X509_get_version()");
  29686. x509 = wolfSSL_X509_load_certificate_file(svrCertFile, WOLFSSL_FILETYPE_PEM);
  29687. AssertNotNull(x509);
  29688. AssertIntEQ((int)wolfSSL_X509_get_version(x509), 2);
  29689. wolfSSL_X509_free(x509);
  29690. printf(resultFmt, passed);
  29691. #endif
  29692. }
  29693. static void test_wolfSSL_DES_ncbc(void){
  29694. #if defined(OPENSSL_EXTRA) && !defined(NO_DES3)
  29695. const_DES_cblock myDes;
  29696. DES_cblock iv = {1};
  29697. DES_key_schedule key = {0};
  29698. unsigned char msg[] = "hello wolfssl";
  29699. unsigned char out[DES_BLOCK_SIZE * 2] = {0};
  29700. unsigned char pln[DES_BLOCK_SIZE * 2] = {0};
  29701. unsigned char exp[] = {0x31, 0x98, 0x2F, 0x3A, 0x55, 0xBF, 0xD8, 0xC4};
  29702. unsigned char exp2[] = {0xC7, 0x45, 0x8B, 0x28, 0x10, 0x53, 0xE0, 0x58};
  29703. printf(testingFmt, "wolfSSL_DES_ncbc()");
  29704. /* partial block test */
  29705. DES_set_key(&key, &myDes);
  29706. DES_ncbc_encrypt(msg, out, 3, &myDes, &iv, DES_ENCRYPT);
  29707. AssertIntEQ(XMEMCMP(exp, out, DES_BLOCK_SIZE), 0);
  29708. AssertIntEQ(XMEMCMP(exp, iv, DES_BLOCK_SIZE), 0);
  29709. DES_set_key(&key, &myDes);
  29710. XMEMSET((byte*)&iv, 0, DES_BLOCK_SIZE);
  29711. *((byte*)&iv) = 1;
  29712. DES_ncbc_encrypt(out, pln, 3, &myDes, &iv, DES_DECRYPT);
  29713. AssertIntEQ(XMEMCMP(msg, pln, 3), 0);
  29714. AssertIntEQ(XMEMCMP(exp, iv, DES_BLOCK_SIZE), 0);
  29715. /* full block test */
  29716. DES_set_key(&key, &myDes);
  29717. XMEMSET(pln, 0, DES_BLOCK_SIZE);
  29718. XMEMSET((byte*)&iv, 0, DES_BLOCK_SIZE);
  29719. *((byte*)&iv) = 1;
  29720. DES_ncbc_encrypt(msg, out, 8, &myDes, &iv, DES_ENCRYPT);
  29721. AssertIntEQ(XMEMCMP(exp2, out, DES_BLOCK_SIZE), 0);
  29722. AssertIntEQ(XMEMCMP(exp2, iv, DES_BLOCK_SIZE), 0);
  29723. DES_set_key(&key, &myDes);
  29724. XMEMSET((byte*)&iv, 0, DES_BLOCK_SIZE);
  29725. *((byte*)&iv) = 1;
  29726. DES_ncbc_encrypt(out, pln, 8, &myDes, &iv, DES_DECRYPT);
  29727. AssertIntEQ(XMEMCMP(msg, pln, 8), 0);
  29728. AssertIntEQ(XMEMCMP(exp2, iv, DES_BLOCK_SIZE), 0);
  29729. printf(resultFmt, passed);
  29730. #endif
  29731. }
  29732. static void test_wolfSSL_AES_cbc_encrypt(void)
  29733. {
  29734. #if !defined(NO_AES) && defined(HAVE_AES_CBC) && defined(OPENSSL_EXTRA)
  29735. AES_KEY aes;
  29736. AES_KEY* aesN = NULL;
  29737. size_t len = 0;
  29738. size_t lenB = 0;
  29739. int keySz0 = 0;
  29740. int keySzN = -1;
  29741. byte out[AES_BLOCK_SIZE] = {0};
  29742. byte* outN = NULL;
  29743. const int enc1 = AES_ENCRYPT;
  29744. const int enc2 = AES_DECRYPT;
  29745. /* Test vectors retrieved from:
  29746. * <begin URL>
  29747. * https://csrc.nist.gov/
  29748. * CSRC/media/Projects/Cryptographic-Algorithm-Validation-Program/
  29749. * documents/aes/KAT_AES.zip
  29750. * </end URL>
  29751. */
  29752. const byte* pt128N = NULL;
  29753. byte* key128N = NULL;
  29754. byte* iv128N = NULL;
  29755. byte iv128tmp[AES_BLOCK_SIZE] = {0};
  29756. const byte pt128[] = { 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
  29757. 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00 };
  29758. const byte ct128[] = { 0x87,0x85,0xb1,0xa7,0x5b,0x0f,0x3b,0xd9,
  29759. 0x58,0xdc,0xd0,0xe2,0x93,0x18,0xc5,0x21 };
  29760. const byte iv128[] = { 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
  29761. 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00 };
  29762. byte key128[] = { 0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,
  29763. 0xff,0xff,0xf0,0x00,0x00,0x00,0x00,0x00 };
  29764. len = sizeof(pt128);
  29765. #define STRESS_T(a, b, c, d, e, f, g, h, i) \
  29766. wolfSSL_AES_cbc_encrypt(a, b, c, d, e, f); \
  29767. AssertIntNE(XMEMCMP(b, g, h), i)
  29768. #define RESET_IV(x, y) XMEMCPY(x, y, AES_BLOCK_SIZE)
  29769. printf(testingFmt, "Stressing wolfSSL_AES_cbc_encrypt()");
  29770. STRESS_T(pt128N, out, len, &aes, iv128tmp, enc1, ct128, AES_BLOCK_SIZE, 0);
  29771. STRESS_T(pt128, out, len, &aes, iv128N, enc1, ct128, AES_BLOCK_SIZE, 0);
  29772. wolfSSL_AES_cbc_encrypt(pt128, outN, len, &aes, iv128tmp, enc1);
  29773. AssertIntNE(XMEMCMP(out, ct128, AES_BLOCK_SIZE), 0);
  29774. wolfSSL_AES_cbc_encrypt(pt128, out, len, aesN, iv128tmp, enc1);
  29775. AssertIntNE(XMEMCMP(out, ct128, AES_BLOCK_SIZE), 0);
  29776. STRESS_T(pt128, out, lenB, &aes, iv128tmp, enc1, ct128, AES_BLOCK_SIZE, 0);
  29777. printf(resultFmt, "Stress Tests: passed");
  29778. printf(testingFmt, "Stressing wolfSSL_AES_set_encrypt_key");
  29779. AssertIntNE(wolfSSL_AES_set_encrypt_key(key128N, sizeof(key128)*8, &aes),0);
  29780. AssertIntNE(wolfSSL_AES_set_encrypt_key(key128, sizeof(key128)*8, aesN),0);
  29781. AssertIntNE(wolfSSL_AES_set_encrypt_key(key128, keySz0, &aes), 0);
  29782. AssertIntNE(wolfSSL_AES_set_encrypt_key(key128, keySzN, &aes), 0);
  29783. printf(resultFmt, "Stress Tests: passed");
  29784. printf(testingFmt, "Stressing wolfSSL_AES_set_decrypt_key");
  29785. AssertIntNE(wolfSSL_AES_set_decrypt_key(key128N, sizeof(key128)*8, &aes),0);
  29786. AssertIntNE(wolfSSL_AES_set_decrypt_key(key128N, sizeof(key128)*8, aesN),0);
  29787. AssertIntNE(wolfSSL_AES_set_decrypt_key(key128, keySz0, &aes), 0);
  29788. AssertIntNE(wolfSSL_AES_set_decrypt_key(key128, keySzN, &aes), 0);
  29789. printf(resultFmt, "Stress Tests: passed");
  29790. #ifdef WOLFSSL_AES_128
  29791. printf(testingFmt, "wolfSSL_AES_cbc_encrypt() 128-bit");
  29792. XMEMSET(out, 0, AES_BLOCK_SIZE);
  29793. RESET_IV(iv128tmp, iv128);
  29794. AssertIntEQ(wolfSSL_AES_set_encrypt_key(key128, sizeof(key128)*8, &aes), 0);
  29795. wolfSSL_AES_cbc_encrypt(pt128, out, len, &aes, iv128tmp, enc1);
  29796. AssertIntEQ(XMEMCMP(out, ct128, AES_BLOCK_SIZE), 0);
  29797. printf(resultFmt, "passed");
  29798. #ifdef HAVE_AES_DECRYPT
  29799. printf(testingFmt, "wolfSSL_AES_cbc_encrypt() 128-bit in decrypt mode");
  29800. XMEMSET(out, 0, AES_BLOCK_SIZE);
  29801. RESET_IV(iv128tmp, iv128);
  29802. len = sizeof(ct128);
  29803. AssertIntEQ(wolfSSL_AES_set_decrypt_key(key128, sizeof(key128)*8, &aes), 0);
  29804. wolfSSL_AES_cbc_encrypt(ct128, out, len, &aes, iv128tmp, enc2);
  29805. AssertIntEQ(XMEMCMP(out, pt128, AES_BLOCK_SIZE), 0);
  29806. printf(resultFmt, "passed");
  29807. #endif
  29808. #endif /* WOLFSSL_AES_128 */
  29809. #ifdef WOLFSSL_AES_192
  29810. /* Test vectors from NIST Special Publication 800-38A, 2001 Edition
  29811. * Appendix F.2.3 */
  29812. byte iv192tmp[AES_BLOCK_SIZE] = {0};
  29813. const byte pt192[] = { 0x6b,0xc1,0xbe,0xe2,0x2e,0x40,0x9f,0x96,
  29814. 0xe9,0x3d,0x7e,0x11,0x73,0x93,0x17,0x2a };
  29815. const byte ct192[] = { 0x4f,0x02,0x1d,0xb2,0x43,0xbc,0x63,0x3d,
  29816. 0x71,0x78,0x18,0x3a,0x9f,0xa0,0x71,0xe8 };
  29817. const byte iv192[] = { 0x00,0x01,0x02,0x03,0x04,0x05,0x06,0x07,
  29818. 0x08,0x09,0x0A,0x0B,0x0C,0x0D,0x0E,0x0F };
  29819. byte key192[] = { 0x8e,0x73,0xb0,0xf7,0xda,0x0e,0x64,0x52,
  29820. 0xc8,0x10,0xf3,0x2b,0x80,0x90,0x79,0xe5,
  29821. 0x62,0xf8,0xea,0xd2,0x52,0x2c,0x6b,0x7b };
  29822. len = sizeof(pt192);
  29823. printf(testingFmt, "wolfSSL_AES_cbc_encrypt() 192-bit");
  29824. XMEMSET(out, 0, AES_BLOCK_SIZE);
  29825. RESET_IV(iv192tmp, iv192);
  29826. AssertIntEQ(wolfSSL_AES_set_encrypt_key(key192, sizeof(key192)*8, &aes), 0);
  29827. wolfSSL_AES_cbc_encrypt(pt192, out, len, &aes, iv192tmp, enc1);
  29828. AssertIntEQ(XMEMCMP(out, ct192, AES_BLOCK_SIZE), 0);
  29829. printf(resultFmt, "passed");
  29830. #ifdef HAVE_AES_DECRYPT
  29831. printf(testingFmt, "wolfSSL_AES_cbc_encrypt() 192-bit in decrypt mode");
  29832. len = sizeof(ct192);
  29833. RESET_IV(iv192tmp, iv192);
  29834. XMEMSET(out, 0, AES_BLOCK_SIZE);
  29835. AssertIntEQ(wolfSSL_AES_set_decrypt_key(key192, sizeof(key192)*8, &aes), 0);
  29836. wolfSSL_AES_cbc_encrypt(ct192, out, len, &aes, iv192tmp, enc2);
  29837. AssertIntEQ(XMEMCMP(out, pt192, AES_BLOCK_SIZE), 0);
  29838. printf(resultFmt, "passed");
  29839. #endif
  29840. #endif /* WOLFSSL_AES_192 */
  29841. #ifdef WOLFSSL_AES_256
  29842. /* Test vectors from NIST Special Publication 800-38A, 2001 Edition,
  29843. * Appendix F.2.5 */
  29844. byte iv256tmp[AES_BLOCK_SIZE] = {0};
  29845. const byte pt256[] = { 0x6b,0xc1,0xbe,0xe2,0x2e,0x40,0x9f,0x96,
  29846. 0xe9,0x3d,0x7e,0x11,0x73,0x93,0x17,0x2a };
  29847. const byte ct256[] = { 0xf5,0x8c,0x4c,0x04,0xd6,0xe5,0xf1,0xba,
  29848. 0x77,0x9e,0xab,0xfb,0x5f,0x7b,0xfb,0xd6 };
  29849. const byte iv256[] = { 0x00,0x01,0x02,0x03,0x04,0x05,0x06,0x07,
  29850. 0x08,0x09,0x0A,0x0B,0x0C,0x0D,0x0E,0x0F };
  29851. byte key256[] = { 0x60,0x3d,0xeb,0x10,0x15,0xca,0x71,0xbe,
  29852. 0x2b,0x73,0xae,0xf0,0x85,0x7d,0x77,0x81,
  29853. 0x1f,0x35,0x2c,0x07,0x3b,0x61,0x08,0xd7,
  29854. 0x2d,0x98,0x10,0xa3,0x09,0x14,0xdf,0xf4 };
  29855. len = sizeof(pt256);
  29856. printf(testingFmt, "wolfSSL_AES_cbc_encrypt() 256-bit");
  29857. XMEMSET(out, 0, AES_BLOCK_SIZE);
  29858. RESET_IV(iv256tmp, iv256);
  29859. AssertIntEQ(wolfSSL_AES_set_encrypt_key(key256, sizeof(key256)*8, &aes), 0);
  29860. wolfSSL_AES_cbc_encrypt(pt256, out, len, &aes, iv256tmp, enc1);
  29861. AssertIntEQ(XMEMCMP(out, ct256, AES_BLOCK_SIZE), 0);
  29862. printf(resultFmt, "passed");
  29863. #ifdef HAVE_AES_DECRYPT
  29864. printf(testingFmt, "wolfSSL_AES_cbc_encrypt() 256-bit in decrypt mode");
  29865. len = sizeof(ct256);
  29866. RESET_IV(iv256tmp, iv256);
  29867. XMEMSET(out, 0, AES_BLOCK_SIZE);
  29868. AssertIntEQ(wolfSSL_AES_set_decrypt_key(key256, sizeof(key256)*8, &aes), 0);
  29869. wolfSSL_AES_cbc_encrypt(ct256, out, len, &aes, iv256tmp, enc2);
  29870. AssertIntEQ(XMEMCMP(out, pt256, AES_BLOCK_SIZE), 0);
  29871. printf(resultFmt, "passed");
  29872. #endif
  29873. #if defined(HAVE_AES_KEYWRAP) && !defined(HAVE_FIPS) && !defined(HAVE_SELFTEST)
  29874. byte wrapCipher[sizeof(key256) + KEYWRAP_BLOCK_SIZE] = { 0 };
  29875. byte wrapPlain[sizeof(key256)] = { 0 };
  29876. byte wrapIV[KEYWRAP_BLOCK_SIZE] = { 0 };
  29877. printf(testingFmt, "wolfSSL_AES_wrap_key() 256-bit NULL iv");
  29878. AssertIntEQ(wolfSSL_AES_set_encrypt_key(key256, sizeof(key256)*8, &aes), 0);
  29879. AssertIntEQ(wolfSSL_AES_wrap_key(&aes, NULL, wrapCipher, key256,
  29880. sizeof(key256)), sizeof(wrapCipher));
  29881. printf(resultFmt, "passed");
  29882. printf(testingFmt, "wolfSSL_AES_unwrap_key() 256-bit NULL iv");
  29883. AssertIntEQ(wolfSSL_AES_set_decrypt_key(key256, sizeof(key256)*8, &aes), 0);
  29884. AssertIntEQ(wolfSSL_AES_unwrap_key(&aes, NULL, wrapPlain, wrapCipher,
  29885. sizeof(wrapCipher)), sizeof(wrapPlain));
  29886. AssertIntEQ(XMEMCMP(wrapPlain, key256, sizeof(key256)), 0);
  29887. printf(resultFmt, "passed");
  29888. XMEMSET(wrapCipher, 0, sizeof(wrapCipher));
  29889. XMEMSET(wrapPlain, 0, sizeof(wrapPlain));
  29890. printf(testingFmt, "wolfSSL_AES_wrap_key() 256-bit custom iv");
  29891. AssertIntEQ(wolfSSL_AES_set_encrypt_key(key256, sizeof(key256)*8, &aes), 0);
  29892. AssertIntEQ(wolfSSL_AES_wrap_key(&aes, wrapIV, wrapCipher, key256,
  29893. sizeof(key256)), sizeof(wrapCipher));
  29894. printf(resultFmt, "passed");
  29895. printf(testingFmt, "wolfSSL_AES_unwrap_key() 256-bit custom iv");
  29896. AssertIntEQ(wolfSSL_AES_set_decrypt_key(key256, sizeof(key256)*8, &aes), 0);
  29897. AssertIntEQ(wolfSSL_AES_unwrap_key(&aes, wrapIV, wrapPlain, wrapCipher,
  29898. sizeof(wrapCipher)), sizeof(wrapPlain));
  29899. AssertIntEQ(XMEMCMP(wrapPlain, key256, sizeof(key256)), 0);
  29900. printf(resultFmt, "passed");
  29901. #endif /* HAVE_AES_KEYWRAP */
  29902. #endif /* WOLFSSL_AES_256 */
  29903. #endif
  29904. }
  29905. #if defined(OPENSSL_ALL)
  29906. #if !defined(NO_ASN)
  29907. static void test_wolfSSL_ASN1_STRING_to_UTF8(void)
  29908. {
  29909. WOLFSSL_X509* x509;
  29910. WOLFSSL_X509_NAME* subject;
  29911. WOLFSSL_X509_NAME_ENTRY* e;
  29912. WOLFSSL_ASN1_STRING* a;
  29913. FILE* file;
  29914. int idx = 0;
  29915. char targetOutput[16] = "www.wolfssl.com";
  29916. unsigned char* actual_output;
  29917. int len = 0;
  29918. int result = 0;
  29919. AssertNotNull(file = fopen("./certs/server-cert.pem", "rb"));
  29920. AssertNotNull(x509 = wolfSSL_PEM_read_X509(file, NULL, NULL, NULL));
  29921. fclose(file);
  29922. printf(testingFmt, "wolfSSL_ASN1_STRING_to_UTF8(): NID_commonName");
  29923. AssertNotNull(subject = wolfSSL_X509_get_subject_name(x509));
  29924. AssertIntEQ((idx = wolfSSL_X509_NAME_get_index_by_NID(subject,
  29925. NID_commonName, -1)), 5);
  29926. AssertNotNull(e = wolfSSL_X509_NAME_get_entry(subject, idx));
  29927. AssertNotNull(a = wolfSSL_X509_NAME_ENTRY_get_data(e));
  29928. AssertIntEQ((len = wolfSSL_ASN1_STRING_to_UTF8(&actual_output, a)), 15);
  29929. result = strncmp((const char*)actual_output, targetOutput, len);
  29930. AssertIntEQ(result, 0);
  29931. printf(resultFmt, result == 0 ? passed : failed);
  29932. printf(testingFmt, "wolfSSL_ASN1_STRING_to_UTF8(NULL, valid): ");
  29933. AssertIntEQ((len = wolfSSL_ASN1_STRING_to_UTF8(NULL, a)),
  29934. WOLFSSL_FATAL_ERROR);
  29935. printf(resultFmt, len == WOLFSSL_FATAL_ERROR ? passed : failed);
  29936. printf(testingFmt, "wolfSSL_ASN1_STRING_to_UTF8(valid, NULL): ");
  29937. AssertIntEQ((len = wolfSSL_ASN1_STRING_to_UTF8(&actual_output, NULL)),
  29938. WOLFSSL_FATAL_ERROR);
  29939. printf(resultFmt, len == WOLFSSL_FATAL_ERROR ? passed : failed);
  29940. printf(testingFmt, "wolfSSL_ASN1_STRING_to_UTF8(NULL, NULL): ");
  29941. AssertIntEQ((len = wolfSSL_ASN1_STRING_to_UTF8(NULL, NULL)),
  29942. WOLFSSL_FATAL_ERROR);
  29943. printf(resultFmt, len == WOLFSSL_FATAL_ERROR ? passed : failed);
  29944. wolfSSL_X509_free(x509);
  29945. XFREE(actual_output, NULL, DYNAMIC_TYPE_TMP_BUFFER);
  29946. }
  29947. static void test_wolfSSL_ASN1_UNIVERSALSTRING_to_string(void)
  29948. {
  29949. ASN1_STRING* asn1str_test;
  29950. ASN1_STRING* asn1str_answer;
  29951. /* Each character is encoded using 4 bytes */
  29952. char input[] = {
  29953. 0, 0, 0, 'T',
  29954. 0, 0, 0, 'e',
  29955. 0, 0, 0, 's',
  29956. 0, 0, 0, 't',
  29957. };
  29958. char output[] = "Test";
  29959. printf(testingFmt, "test_wolfSSL_ASN1_UNIVERSALSTRING_to_string()");
  29960. AssertNotNull(asn1str_test = ASN1_STRING_type_new(V_ASN1_UNIVERSALSTRING));
  29961. AssertIntEQ(ASN1_STRING_set(asn1str_test, input, sizeof(input)), 1);
  29962. AssertIntEQ(ASN1_UNIVERSALSTRING_to_string(asn1str_test), 1);
  29963. AssertNotNull(asn1str_answer = ASN1_STRING_type_new(V_ASN1_PRINTABLESTRING));
  29964. AssertIntEQ(ASN1_STRING_set(asn1str_answer, output, sizeof(output)-1), 1);
  29965. AssertIntEQ(ASN1_STRING_cmp(asn1str_test, asn1str_answer), 0);
  29966. ASN1_STRING_free(asn1str_test);
  29967. ASN1_STRING_free(asn1str_answer);
  29968. printf(resultFmt, "passed");
  29969. }
  29970. #endif /* !defined(NO_ASN) */
  29971. static void test_wolfSSL_sk_CIPHER_description(void)
  29972. {
  29973. const long flags = SSL_OP_NO_SSLv2 | SSL_OP_NO_COMPRESSION;
  29974. int i,j,k;
  29975. int numCiphers = 0;
  29976. const SSL_METHOD *method = NULL;
  29977. const SSL_CIPHER *cipher = NULL;
  29978. STACK_OF(SSL_CIPHER) *supportedCiphers = NULL;
  29979. SSL_CTX *ctx = NULL;
  29980. SSL *ssl = NULL;
  29981. char buf[256];
  29982. char test_str[9] = "0000000";
  29983. const char badStr[] = "unknown";
  29984. const char certPath[] = "./certs/client-cert.pem";
  29985. XMEMSET(buf, 0, sizeof(buf));
  29986. printf(testingFmt, "wolfSSL_sk_CIPHER_description");
  29987. AssertNotNull(method = TLSv1_2_client_method());
  29988. AssertNotNull(ctx = SSL_CTX_new(method));
  29989. SSL_CTX_set_verify(ctx, SSL_VERIFY_PEER, 0);
  29990. SSL_CTX_set_verify_depth(ctx, 4);
  29991. SSL_CTX_set_options(ctx, flags);
  29992. AssertIntEQ(SSL_CTX_load_verify_locations(ctx, certPath, NULL),
  29993. WOLFSSL_SUCCESS);
  29994. AssertNotNull(ssl = SSL_new(ctx));
  29995. /* SSL_get_ciphers returns a stack of all configured ciphers
  29996. * A flag, getCipherAtOffset, is set to later have SSL_CIPHER_description
  29997. */
  29998. AssertNotNull(supportedCiphers = SSL_get_ciphers(ssl));
  29999. /* loop through the amount of supportedCiphers */
  30000. numCiphers = sk_num(supportedCiphers);
  30001. for (i = 0; i < numCiphers; ++i) {
  30002. /* sk_value increments "sk->data.cipher->cipherOffset".
  30003. * wolfSSL_sk_CIPHER_description sets the description for
  30004. * the cipher based on the provided offset.
  30005. */
  30006. if ((cipher = (const WOLFSSL_CIPHER*)sk_value(supportedCiphers, i))) {
  30007. SSL_CIPHER_description(cipher, buf, sizeof(buf));
  30008. }
  30009. /* Search cipher description string for "unknown" descriptor */
  30010. for (j = 0; j < (int)XSTRLEN(buf); j++) {
  30011. k = 0;
  30012. while ((k < (int)XSTRLEN(badStr)) && (buf[j] == badStr[k])) {
  30013. test_str[k] = badStr[k];
  30014. j++;
  30015. k++;
  30016. }
  30017. }
  30018. /* Fail if test_str == badStr == "unknown" */
  30019. AssertStrNE(test_str,badStr);
  30020. }
  30021. SSL_free(ssl);
  30022. SSL_CTX_free(ctx);
  30023. printf(resultFmt, passed);
  30024. }
  30025. static void test_wolfSSL_get_ciphers_compat(void)
  30026. {
  30027. const SSL_METHOD *method = NULL;
  30028. const char certPath[] = "./certs/client-cert.pem";
  30029. STACK_OF(SSL_CIPHER) *supportedCiphers = NULL;
  30030. SSL_CTX *ctx = NULL;
  30031. WOLFSSL *ssl = NULL;
  30032. const long flags = SSL_OP_NO_SSLv2 | SSL_OP_NO_COMPRESSION;
  30033. printf(testingFmt, "wolfSSL_get_ciphers_compat");
  30034. method = SSLv23_client_method();
  30035. AssertNotNull(method);
  30036. ctx = SSL_CTX_new(method);
  30037. AssertNotNull(ctx);
  30038. SSL_CTX_set_verify(ctx, SSL_VERIFY_PEER, 0);
  30039. SSL_CTX_set_verify_depth(ctx, 4);
  30040. SSL_CTX_set_options(ctx, flags);
  30041. AssertIntEQ(SSL_CTX_load_verify_locations(ctx, certPath, NULL),
  30042. WOLFSSL_SUCCESS);
  30043. AssertNotNull(ssl = SSL_new(ctx));
  30044. /* Test Bad NULL input */
  30045. AssertNull(supportedCiphers = SSL_get_ciphers(NULL));
  30046. /* Test for Good input */
  30047. AssertNotNull(supportedCiphers = SSL_get_ciphers(ssl));
  30048. /* Further usage of SSL_get_ciphers/wolfSSL_get_ciphers_compat is
  30049. * tested in test_wolfSSL_sk_CIPHER_description according to Qt usage */
  30050. SSL_free(ssl);
  30051. SSL_CTX_free(ctx);
  30052. printf(resultFmt, passed);
  30053. }
  30054. static void test_wolfSSL_X509_PUBKEY_get(void)
  30055. {
  30056. WOLFSSL_X509_PUBKEY pubkey;
  30057. WOLFSSL_X509_PUBKEY* key;
  30058. WOLFSSL_EVP_PKEY evpkey ;
  30059. WOLFSSL_EVP_PKEY* evpPkey;
  30060. WOLFSSL_EVP_PKEY* retEvpPkey;
  30061. XMEMSET(&pubkey, 0, sizeof(WOLFSSL_X509_PUBKEY));
  30062. XMEMSET(&evpkey, 0, sizeof(WOLFSSL_EVP_PKEY));
  30063. key = &pubkey;
  30064. evpPkey = &evpkey;
  30065. evpPkey->type = WOLFSSL_SUCCESS;
  30066. key->pkey = evpPkey;
  30067. printf(testingFmt, "wolfSSL_X509_PUBKEY_get()");
  30068. AssertNotNull(retEvpPkey = wolfSSL_X509_PUBKEY_get(key));
  30069. AssertIntEQ(retEvpPkey->type, WOLFSSL_SUCCESS);
  30070. AssertNull(retEvpPkey = wolfSSL_X509_PUBKEY_get(NULL));
  30071. key->pkey = NULL;
  30072. AssertNull(retEvpPkey = wolfSSL_X509_PUBKEY_get(key));
  30073. printf(resultFmt,retEvpPkey == NULL ? passed : failed);
  30074. }
  30075. static void test_wolfSSL_d2i_DHparams(void)
  30076. {
  30077. #if !defined(NO_DH)
  30078. #if !defined(HAVE_FIPS) || (defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION>2))
  30079. FILE* f = NULL;
  30080. unsigned char buf[4096];
  30081. const unsigned char* pt = buf;
  30082. const char* params1 = "./certs/dh2048.der";
  30083. const char* params2 = "./certs/dh3072.der";
  30084. long len = 0;
  30085. WOLFSSL_DH* dh = NULL;
  30086. XMEMSET(buf, 0, sizeof(buf));
  30087. /* Test 2048 bit parameters */
  30088. printf(testingFmt, "wolfSSL_d2i_DHparams() 2048-bit");
  30089. f = XFOPEN(params1, "rb");
  30090. AssertTrue(f != XBADFILE);
  30091. len = (long)XFREAD(buf, 1, sizeof(buf), f);
  30092. XFCLOSE(f);
  30093. /* Valid case */
  30094. AssertNotNull(dh = wolfSSL_d2i_DHparams(NULL, &pt, len));
  30095. AssertNotNull(dh->p);
  30096. AssertNotNull(dh->g);
  30097. AssertTrue(pt != buf);
  30098. AssertIntEQ(DH_generate_key(dh), WOLFSSL_SUCCESS);
  30099. /* Invalid cases */
  30100. AssertNull(wolfSSL_d2i_DHparams(NULL, NULL, len));
  30101. AssertNull(wolfSSL_d2i_DHparams(NULL, &pt, -1));
  30102. AssertNull(wolfSSL_d2i_DHparams(NULL, &pt, 10));
  30103. DH_free(dh);
  30104. printf(resultFmt, passed);
  30105. *buf = 0;
  30106. pt = buf;
  30107. /* Test 3072 bit parameters */
  30108. printf(testingFmt, "wolfSSL_d2i_DHparams() 3072-bit");
  30109. f = XFOPEN(params2, "rb");
  30110. AssertTrue(f != XBADFILE);
  30111. len = (long)XFREAD(buf, 1, sizeof(buf), f);
  30112. XFCLOSE(f);
  30113. /* Valid case */
  30114. AssertNotNull(dh = wolfSSL_d2i_DHparams(NULL, &pt, len));
  30115. AssertNotNull(dh->p);
  30116. AssertNotNull(dh->g);
  30117. AssertTrue(pt != buf);
  30118. AssertIntEQ(DH_generate_key(dh), 1);
  30119. /* Invalid cases */
  30120. AssertNull(wolfSSL_d2i_DHparams(NULL, NULL, len));
  30121. AssertNull(wolfSSL_d2i_DHparams(NULL, &pt, -1));
  30122. DH_free(dh);
  30123. printf(resultFmt, passed);
  30124. #endif /* !HAVE_FIPS || HAVE_FIPS_VERSION > 2 */
  30125. #endif /* !NO_DH */
  30126. }
  30127. static void test_wolfSSL_i2d_DHparams(void)
  30128. {
  30129. #if !defined(NO_DH)
  30130. #if !defined(HAVE_FIPS) || (defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION>2))
  30131. FILE* f;
  30132. unsigned char buf[4096];
  30133. const unsigned char* pt = buf;
  30134. unsigned char* pt2 = buf;
  30135. const char* params1 = "./certs/dh2048.der";
  30136. const char* params2 = "./certs/dh3072.der";
  30137. long len;
  30138. WOLFSSL_DH* dh;
  30139. /* Test 2048 bit parameters */
  30140. printf(testingFmt, "wolfSSL_i2d_DHparams() 2048-bit");
  30141. f = XFOPEN(params1, "rb");
  30142. AssertTrue(f != XBADFILE);
  30143. len = (long)XFREAD(buf, 1, sizeof(buf), f);
  30144. XFCLOSE(f);
  30145. /* Valid case */
  30146. AssertNotNull(dh = wolfSSL_d2i_DHparams(NULL, &pt, len));
  30147. AssertTrue(pt != buf);
  30148. AssertIntEQ(DH_generate_key(dh), 1);
  30149. AssertIntEQ(wolfSSL_i2d_DHparams(dh, &pt2), 268);
  30150. /* Invalid cases */
  30151. AssertIntEQ(wolfSSL_i2d_DHparams(NULL, &pt2), 0);
  30152. AssertIntEQ(wolfSSL_i2d_DHparams(dh, NULL), 264);
  30153. DH_free(dh);
  30154. printf(resultFmt, passed);
  30155. *buf = 0;
  30156. pt = buf;
  30157. pt2 = buf;
  30158. /* Test 3072 bit parameters */
  30159. printf(testingFmt, "wolfSSL_i2d_DHparams() 3072-bit");
  30160. f = XFOPEN(params2, "rb");
  30161. AssertTrue(f != XBADFILE);
  30162. len = (long)XFREAD(buf, 1, sizeof(buf), f);
  30163. XFCLOSE(f);
  30164. /* Valid case */
  30165. AssertNotNull(dh = wolfSSL_d2i_DHparams(NULL, &pt, len));
  30166. AssertTrue(pt != buf);
  30167. AssertIntEQ(DH_generate_key(dh), 1);
  30168. AssertIntEQ(wolfSSL_i2d_DHparams(dh, &pt2), 396);
  30169. /* Invalid cases */
  30170. AssertIntEQ(wolfSSL_i2d_DHparams(NULL, &pt2), 0);
  30171. AssertIntEQ(wolfSSL_i2d_DHparams(dh, NULL), 392);
  30172. DH_free(dh);
  30173. printf(resultFmt, passed);
  30174. #endif /* !HAVE_FIPS || HAVE_FIPS_VERSION > 2 */
  30175. #endif
  30176. }
  30177. static void test_wolfSSL_EC_KEY_dup(void)
  30178. {
  30179. #if defined(HAVE_ECC) && (defined(OPENSSL_EXTRA) || \
  30180. defined(OPENSSL_EXTRA_X509_SMALL))
  30181. WOLFSSL_EC_KEY* ecKey;
  30182. WOLFSSL_EC_KEY* dupKey;
  30183. ecc_key* srcKey;
  30184. ecc_key* destKey;
  30185. printf(testingFmt, "wolfSSL_EC_KEY_dup()");
  30186. AssertNotNull(ecKey = wolfSSL_EC_KEY_new());
  30187. AssertIntEQ(wolfSSL_EC_KEY_generate_key(ecKey), 1);
  30188. /* Valid cases */
  30189. AssertNotNull(dupKey = wolfSSL_EC_KEY_dup(ecKey));
  30190. AssertIntEQ(wc_ecc_check_key((ecc_key*)dupKey->internal), 0);
  30191. /* Compare pubkey */
  30192. srcKey = (ecc_key*)ecKey->internal;
  30193. destKey = (ecc_key*)dupKey->internal;
  30194. AssertIntEQ(wc_ecc_cmp_point(&srcKey->pubkey, &destKey->pubkey), 0);
  30195. /* compare EC_GROUP */
  30196. AssertIntEQ(wolfSSL_EC_GROUP_cmp(ecKey->group, dupKey->group, NULL), MP_EQ);
  30197. /* compare EC_POINT */
  30198. AssertIntEQ(wolfSSL_EC_POINT_cmp(ecKey->group, ecKey->pub_key, \
  30199. dupKey->pub_key, NULL), MP_EQ);
  30200. /* compare BIGNUM */
  30201. AssertIntEQ(wolfSSL_BN_cmp(ecKey->priv_key, dupKey->priv_key), MP_EQ);
  30202. wolfSSL_EC_KEY_free(dupKey);
  30203. /* Invalid cases */
  30204. /* NULL key */
  30205. AssertNull(dupKey = wolfSSL_EC_KEY_dup(NULL));
  30206. /* NULL ecc_key */
  30207. wc_ecc_free((ecc_key*)ecKey->internal);
  30208. XFREE(ecKey->internal, NULL, DYNAMIC_TYPE_ECC);
  30209. ecKey->internal = NULL; /* Set ecc_key to NULL */
  30210. AssertNull(dupKey = wolfSSL_EC_KEY_dup(ecKey));
  30211. wolfSSL_EC_KEY_free(ecKey);
  30212. wolfSSL_EC_KEY_free(dupKey);
  30213. /* NULL Group */
  30214. AssertNotNull(ecKey = wolfSSL_EC_KEY_new());
  30215. AssertIntEQ(wolfSSL_EC_KEY_generate_key(ecKey), 1);
  30216. wolfSSL_EC_GROUP_free(ecKey->group);
  30217. ecKey->group = NULL; /* Set group to NULL */
  30218. AssertNull(dupKey = wolfSSL_EC_KEY_dup(ecKey));
  30219. wolfSSL_EC_KEY_free(ecKey);
  30220. wolfSSL_EC_KEY_free(dupKey);
  30221. /* NULL public key */
  30222. AssertNotNull(ecKey = wolfSSL_EC_KEY_new());
  30223. AssertIntEQ(wolfSSL_EC_KEY_generate_key(ecKey), 1);
  30224. wc_ecc_del_point((ecc_point*)ecKey->pub_key->internal);
  30225. ecKey->pub_key->internal = NULL; /* Set ecc_point to NULL */
  30226. AssertNull(dupKey = wolfSSL_EC_KEY_dup(ecKey));
  30227. wolfSSL_EC_POINT_free(ecKey->pub_key);
  30228. ecKey->pub_key = NULL; /* Set pub_key to NULL */
  30229. AssertNull(dupKey = wolfSSL_EC_KEY_dup(ecKey));
  30230. wolfSSL_EC_KEY_free(ecKey);
  30231. wolfSSL_EC_KEY_free(dupKey);
  30232. /* NULL private key */
  30233. AssertNotNull(ecKey = wolfSSL_EC_KEY_new());
  30234. AssertIntEQ(wolfSSL_EC_KEY_generate_key(ecKey), 1);
  30235. wolfSSL_BN_free(ecKey->priv_key);
  30236. ecKey->priv_key = NULL; /* Set priv_key to NULL */
  30237. AssertNull(dupKey = wolfSSL_EC_KEY_dup(ecKey));
  30238. wolfSSL_EC_KEY_free(ecKey);
  30239. wolfSSL_EC_KEY_free(dupKey);
  30240. printf(resultFmt, passed);
  30241. #endif
  30242. }
  30243. static void test_wolfSSL_EVP_PKEY_set1_get1_DSA(void)
  30244. {
  30245. #if !defined(NO_DSA)
  30246. DSA *dsa = NULL;
  30247. DSA *setDsa = NULL;
  30248. EVP_PKEY *pkey = NULL;
  30249. EVP_PKEY *set1Pkey = NULL;
  30250. SHA_CTX sha;
  30251. byte signature[DSA_SIG_SIZE];
  30252. byte hash[WC_SHA_DIGEST_SIZE];
  30253. word32 bytes;
  30254. int answer;
  30255. #ifdef USE_CERT_BUFFERS_1024
  30256. const unsigned char* dsaKeyDer = dsa_key_der1024;
  30257. int dsaKeySz = sizeof_dsa_key_der_1024;
  30258. byte tmp[ONEK_BUF];
  30259. XMEMSET(tmp, 0, sizeof(tmp));
  30260. XMEMCPY(tmp, dsaKeyDer , dsaKeySz);
  30261. bytes = dsa_key_der_sz;
  30262. #elif defined(USE_CERT_BUFFERS_2048)
  30263. const unsigned char* dsaKeyDer = dsa_key_der_2048;
  30264. int dsaKeySz = sizeof_dsa_key_der_2048;
  30265. byte tmp[TWOK_BUF];
  30266. XMEMSET(tmp, 0, sizeof(tmp));
  30267. XMEMCPY(tmp, dsaKeyDer , dsaKeySz);
  30268. bytes = dsaKeySz;
  30269. #else
  30270. const unsigned char* dsaKeyDer = dsa_key_der_2048;
  30271. int dsaKeySz = sizeof_dsa_key_der_2048;
  30272. byte tmp[TWOK_BUF];
  30273. XMEMSET(tmp, 0, sizeof(tmp));
  30274. XMEMCPY(tmp, dsaKeyDer , dsaKeySz);
  30275. XFILE fp = XOPEN("./certs/dsa2048.der", "rb");
  30276. if (fp == XBADFILE) {
  30277. return WOLFSSL_BAD_FILE;
  30278. }
  30279. bytes = (word32) XFREAD(tmp, 1, sizeof(tmp), fp);
  30280. XFCLOSE(fp);
  30281. #endif /* END USE_CERT_BUFFERS_1024 */
  30282. printf(testingFmt,
  30283. "wolfSSL_EVP_PKEY_set1_DSA and wolfSSL_EVP_PKEY_get1_DSA");
  30284. /* Create hash to later Sign and Verify */
  30285. AssertIntEQ(SHA1_Init(&sha), WOLFSSL_SUCCESS);
  30286. AssertIntEQ(SHA1_Update(&sha, tmp, bytes), WOLFSSL_SUCCESS);
  30287. AssertIntEQ(SHA1_Final(hash,&sha), WOLFSSL_SUCCESS);
  30288. /* Initialize pkey with der format dsa key */
  30289. AssertNotNull(d2i_PrivateKey(EVP_PKEY_DSA, &pkey,
  30290. &dsaKeyDer ,(long)dsaKeySz));
  30291. /* Test wolfSSL_EVP_PKEY_get1_DSA */
  30292. /* Should Fail: NULL argument */
  30293. AssertNull(dsa = EVP_PKEY_get0_DSA(NULL));
  30294. AssertNull(dsa = EVP_PKEY_get1_DSA(NULL));
  30295. /* Should Pass: Initialized pkey argument */
  30296. AssertNotNull(dsa = EVP_PKEY_get0_DSA(pkey));
  30297. AssertNotNull(dsa = EVP_PKEY_get1_DSA(pkey));
  30298. AssertIntEQ(DSA_bits(dsa), 2048);
  30299. /* Sign */
  30300. AssertIntEQ(wolfSSL_DSA_do_sign(hash, signature, dsa), WOLFSSL_SUCCESS);
  30301. /* Verify. */
  30302. AssertIntEQ(wolfSSL_DSA_do_verify(hash, signature, dsa, &answer),
  30303. WOLFSSL_SUCCESS);
  30304. /* Test wolfSSL_EVP_PKEY_set1_DSA */
  30305. /* Should Fail: set1Pkey not initialized */
  30306. AssertIntNE(EVP_PKEY_set1_DSA(set1Pkey, dsa), WOLFSSL_SUCCESS);
  30307. /* Initialize set1Pkey */
  30308. set1Pkey = EVP_PKEY_new();
  30309. /* Should Fail Verify: setDsa not initialized from set1Pkey */
  30310. AssertIntNE(wolfSSL_DSA_do_verify(hash,signature,setDsa,&answer),
  30311. WOLFSSL_SUCCESS);
  30312. /* Should Pass: set dsa into set1Pkey */
  30313. AssertIntEQ(EVP_PKEY_set1_DSA(set1Pkey, dsa), WOLFSSL_SUCCESS);
  30314. printf(resultFmt, passed);
  30315. DSA_free(dsa);
  30316. DSA_free(setDsa);
  30317. EVP_PKEY_free(pkey);
  30318. EVP_PKEY_free(set1Pkey);
  30319. #endif /* NO_DSA */
  30320. } /* END test_EVP_PKEY_set1_get1_DSA */
  30321. static void test_wolfSSL_EVP_PKEY_set1_get1_EC_KEY (void)
  30322. {
  30323. #ifdef HAVE_ECC
  30324. WOLFSSL_EC_KEY *ecKey = NULL;
  30325. WOLFSSL_EC_KEY *ecGet1 = NULL;
  30326. EVP_PKEY *pkey = NULL;
  30327. printf(testingFmt,
  30328. "wolfSSL_EVP_PKEY_set1_EC_KEY and wolfSSL_EVP_PKEY_get1_EC_KEY");
  30329. AssertNotNull(ecKey = wolfSSL_EC_KEY_new());
  30330. AssertNotNull(pkey = wolfSSL_EVP_PKEY_new());
  30331. /* Test wolfSSL_EVP_PKEY_set1_EC_KEY */
  30332. AssertIntEQ(wolfSSL_EVP_PKEY_set1_EC_KEY(NULL, ecKey), WOLFSSL_FAILURE);
  30333. AssertIntEQ(wolfSSL_EVP_PKEY_set1_EC_KEY(pkey, NULL), WOLFSSL_FAILURE);
  30334. /* Should fail since ecKey is empty */
  30335. AssertIntEQ(wolfSSL_EVP_PKEY_set1_EC_KEY(pkey, ecKey), WOLFSSL_FAILURE);
  30336. AssertIntEQ(wolfSSL_EC_KEY_generate_key(ecKey), 1);
  30337. AssertIntEQ(wolfSSL_EVP_PKEY_set1_EC_KEY(pkey, ecKey), WOLFSSL_SUCCESS);
  30338. /* Test wolfSSL_EVP_PKEY_get1_EC_KEY */
  30339. AssertNull(wolfSSL_EVP_PKEY_get1_EC_KEY(NULL));
  30340. AssertNotNull(ecGet1 = wolfSSL_EVP_PKEY_get1_EC_KEY(pkey));
  30341. wolfSSL_EC_KEY_free(ecKey);
  30342. wolfSSL_EC_KEY_free(ecGet1);
  30343. EVP_PKEY_free(pkey);
  30344. /* PASSED */
  30345. printf(resultFmt, passed);
  30346. #endif /* HAVE_ECC */
  30347. } /* END test_EVP_PKEY_set1_get1_EC_KEY */
  30348. static void test_wolfSSL_EVP_PKEY_set1_get1_DH (void)
  30349. {
  30350. #if !defined(NO_DH)
  30351. #if !defined(HAVE_FIPS) || (defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION>2))
  30352. DH *dh = NULL;
  30353. DH *setDh = NULL;
  30354. EVP_PKEY *pkey = NULL;
  30355. FILE* f = NULL;
  30356. unsigned char buf[4096];
  30357. const unsigned char* pt = buf;
  30358. const char* dh2048 = "./certs/dh2048.der";
  30359. long len = 0;
  30360. int code = -1;
  30361. printf(testingFmt,"wolfSSL_EVP_PKEY_set1_DH and wolfSSL_EVP_PKEY_get1_DH");
  30362. XMEMSET(buf, 0, sizeof(buf));
  30363. f = XFOPEN(dh2048, "rb");
  30364. AssertTrue(f != XBADFILE);
  30365. len = (long)XFREAD(buf, 1, sizeof(buf), f);
  30366. XFCLOSE(f);
  30367. /* Load dh2048.der into DH with internal format */
  30368. AssertNotNull(setDh = wolfSSL_d2i_DHparams(NULL, &pt, len));
  30369. AssertIntEQ(wolfSSL_DH_check(setDh, &code), WOLFSSL_SUCCESS);
  30370. AssertIntEQ(code, 0);
  30371. code = -1;
  30372. pkey = wolfSSL_EVP_PKEY_new();
  30373. /* Set DH into PKEY */
  30374. AssertIntEQ(wolfSSL_EVP_PKEY_set1_DH(pkey, setDh), WOLFSSL_SUCCESS);
  30375. /* Get DH from PKEY */
  30376. AssertNotNull(dh = wolfSSL_EVP_PKEY_get1_DH(pkey));
  30377. AssertIntEQ(wolfSSL_DH_check(dh, &code), WOLFSSL_SUCCESS);
  30378. AssertIntEQ(code, 0);
  30379. EVP_PKEY_free(pkey);
  30380. DH_free(setDh);
  30381. DH_free(dh);
  30382. printf(resultFmt, passed);
  30383. #endif /* !HAVE_FIPS || HAVE_FIPS_VERSION > 2 */
  30384. #endif /* NO_DH */
  30385. } /* END test_EVP_PKEY_set1_get1_DH */
  30386. static void test_wolfSSL_CTX_ctrl(void)
  30387. {
  30388. #if defined(OPENSSL_EXTRA) && !defined(NO_CERTS) && \
  30389. !defined(NO_FILESYSTEM) && !defined(NO_RSA)
  30390. char caFile[] = "./certs/client-ca.pem";
  30391. char clientFile[] = "./certs/client-cert.pem";
  30392. SSL_CTX* ctx;
  30393. X509* x509 = NULL;
  30394. #if !defined(NO_DH) && !defined(NO_DSA) && !defined(NO_BIO)
  30395. byte buf[6000];
  30396. char file[] = "./certs/dsaparams.pem";
  30397. XFILE f;
  30398. int bytes;
  30399. BIO* bio;
  30400. DSA* dsa;
  30401. DH* dh;
  30402. #endif
  30403. #ifdef HAVE_ECC
  30404. WOLFSSL_EC_KEY* ecKey;
  30405. #endif
  30406. printf(testingFmt, "wolfSSL_CTX_ctrl");
  30407. AssertNotNull(ctx = SSL_CTX_new(wolfSSLv23_server_method()));
  30408. x509 = wolfSSL_X509_load_certificate_file(caFile, WOLFSSL_FILETYPE_PEM);
  30409. AssertNotNull(x509);
  30410. AssertIntEQ((int)SSL_CTX_add_extra_chain_cert(ctx, x509), WOLFSSL_SUCCESS);
  30411. x509 = wolfSSL_X509_load_certificate_file(clientFile, WOLFSSL_FILETYPE_PEM);
  30412. AssertNotNull(x509);
  30413. #if !defined(NO_DH) && !defined(NO_DSA) && !defined(NO_BIO)
  30414. /* Initialize DH */
  30415. f = XFOPEN(file, "rb");
  30416. AssertTrue((f != XBADFILE));
  30417. bytes = (int)XFREAD(buf, 1, sizeof(buf), f);
  30418. XFCLOSE(f);
  30419. bio = BIO_new_mem_buf((void*)buf, bytes);
  30420. AssertNotNull(bio);
  30421. dsa = wolfSSL_PEM_read_bio_DSAparams(bio, NULL, NULL, NULL);
  30422. AssertNotNull(dsa);
  30423. dh = wolfSSL_DSA_dup_DH(dsa);
  30424. AssertNotNull(dh);
  30425. #endif
  30426. #ifdef HAVE_ECC
  30427. /* Initialize WOLFSSL_EC_KEY */
  30428. AssertNotNull(ecKey = wolfSSL_EC_KEY_new());
  30429. AssertIntEQ(wolfSSL_EC_KEY_generate_key(ecKey),1);
  30430. #endif
  30431. #if !defined(HAVE_USER_RSA) && !defined(HAVE_FAST_RSA)
  30432. /* additional test of getting EVP_PKEY key size from X509
  30433. * Do not run with user RSA because wolfSSL_RSA_size is not currently
  30434. * allowed with user RSA */
  30435. {
  30436. EVP_PKEY* pkey;
  30437. #if defined(HAVE_ECC)
  30438. X509* ecX509;
  30439. #endif /* HAVE_ECC */
  30440. AssertNotNull(pkey = X509_get_pubkey(x509));
  30441. /* current RSA key is 2048 bit (256 bytes) */
  30442. AssertIntEQ(EVP_PKEY_size(pkey), 256);
  30443. EVP_PKEY_free(pkey);
  30444. #if defined(HAVE_ECC)
  30445. #if defined(USE_CERT_BUFFERS_256)
  30446. AssertNotNull(ecX509 = wolfSSL_X509_load_certificate_buffer(
  30447. cliecc_cert_der_256, sizeof_cliecc_cert_der_256,
  30448. SSL_FILETYPE_ASN1));
  30449. #else
  30450. AssertNotNull(ecX509 = wolfSSL_X509_load_certificate_file(
  30451. cliEccCertFile, SSL_FILETYPE_PEM));
  30452. #endif
  30453. AssertNotNull(pkey = X509_get_pubkey(ecX509));
  30454. /* current ECC key is 256 bit (32 bytes) */
  30455. AssertIntEQ(EVP_PKEY_size(pkey), 32);
  30456. X509_free(ecX509);
  30457. EVP_PKEY_free(pkey);
  30458. #endif /* HAVE_ECC */
  30459. }
  30460. #endif /* !defined(HAVE_USER_RSA) && !defined(HAVE_FAST_RSA) */
  30461. /* Tests should fail with passed in NULL pointer */
  30462. AssertIntEQ((int)wolfSSL_CTX_ctrl(ctx,SSL_CTRL_EXTRA_CHAIN_CERT,0,NULL),
  30463. SSL_FAILURE);
  30464. #if !defined(NO_DH) && !defined(NO_DSA)
  30465. AssertIntEQ((int)wolfSSL_CTX_ctrl(ctx,SSL_CTRL_SET_TMP_DH,0,NULL),
  30466. SSL_FAILURE);
  30467. #endif
  30468. #ifdef HAVE_ECC
  30469. AssertIntEQ((int)wolfSSL_CTX_ctrl(ctx,SSL_CTRL_SET_TMP_ECDH,0,NULL),
  30470. SSL_FAILURE);
  30471. #endif
  30472. /* Test with SSL_CTRL_EXTRA_CHAIN_CERT
  30473. * wolfSSL_CTX_ctrl should succesffuly call SSL_CTX_add_extra_chain_cert
  30474. */
  30475. AssertIntEQ((int)wolfSSL_CTX_ctrl(ctx,SSL_CTRL_EXTRA_CHAIN_CERT,0,x509),
  30476. SSL_SUCCESS);
  30477. /* Test with SSL_CTRL_OPTIONS
  30478. * wolfSSL_CTX_ctrl should succesffuly call SSL_CTX_set_options
  30479. */
  30480. AssertTrue(wolfSSL_CTX_ctrl(ctx,SSL_CTRL_OPTIONS,SSL_OP_NO_TLSv1,NULL)
  30481. == SSL_OP_NO_TLSv1);
  30482. AssertTrue(SSL_CTX_get_options(ctx) == SSL_OP_NO_TLSv1);
  30483. /* Test with SSL_CTRL_SET_TMP_DH
  30484. * wolfSSL_CTX_ctrl should succesffuly call wolfSSL_SSL_CTX_set_tmp_dh
  30485. */
  30486. #if !defined(NO_DH) && !defined(NO_DSA) && !defined(NO_BIO)
  30487. AssertIntEQ((int)wolfSSL_CTX_ctrl(ctx,SSL_CTRL_SET_TMP_DH,0,dh),
  30488. SSL_SUCCESS);
  30489. #endif
  30490. /* Test with SSL_CTRL_SET_TMP_ECDH
  30491. * wolfSSL_CTX_ctrl should succesffuly call wolfSSL_SSL_CTX_set_tmp_ecdh
  30492. */
  30493. #ifdef HAVE_ECC
  30494. AssertIntEQ((int)wolfSSL_CTX_ctrl(ctx,SSL_CTRL_SET_TMP_ECDH,0,ecKey),
  30495. SSL_SUCCESS);
  30496. #endif
  30497. #ifdef WOLFSSL_ENCRYPTED_KEYS
  30498. AssertNull(SSL_CTX_get_default_passwd_cb(ctx));
  30499. AssertNull(SSL_CTX_get_default_passwd_cb_userdata(ctx));
  30500. #endif
  30501. /* Cleanup and Pass */
  30502. #if !defined(NO_DH) && !defined(NO_DSA)
  30503. #ifndef NO_BIO
  30504. BIO_free(bio);
  30505. DSA_free(dsa);
  30506. DH_free(dh);
  30507. #endif
  30508. #endif
  30509. #ifdef HAVE_ECC
  30510. wolfSSL_EC_KEY_free(ecKey);
  30511. #endif
  30512. SSL_CTX_free(ctx);
  30513. printf(resultFmt, passed);
  30514. #endif /* defined(OPENSSL_EXTRA) && !defined(NO_CERTS) && \
  30515. !defined(NO_FILESYSTEM) && !defined(NO_RSA) */
  30516. }
  30517. static void test_wolfSSL_DH_check(void)
  30518. {
  30519. #if !defined(NO_DH) && !defined(NO_DSA)
  30520. #ifndef NO_BIO
  30521. byte buf[6000];
  30522. char file[] = "./certs/dsaparams.pem";
  30523. XFILE f;
  30524. int bytes;
  30525. BIO* bio;
  30526. DSA* dsa;
  30527. DH* dh = NULL;
  30528. WOLFSSL_BIGNUM* pTmp = NULL;
  30529. WOLFSSL_BIGNUM* gTmp = NULL;
  30530. int codes = -1;
  30531. printf(testingFmt, "wolfSSL_DH_check");
  30532. /* Initialize DH */
  30533. f = XFOPEN(file, "rb");
  30534. AssertTrue((f != XBADFILE));
  30535. bytes = (int)XFREAD(buf, 1, sizeof(buf), f);
  30536. XFCLOSE(f);
  30537. bio = BIO_new_mem_buf((void*)buf, bytes);
  30538. AssertNotNull(bio);
  30539. dsa = wolfSSL_PEM_read_bio_DSAparams(bio, NULL, NULL, NULL);
  30540. AssertNotNull(dsa);
  30541. dh = wolfSSL_DSA_dup_DH(dsa);
  30542. AssertNotNull(dh);
  30543. /* Test assumed to be valid dh.
  30544. * Should return WOLFSSL_SUCCESS
  30545. * codes should be 0
  30546. * Invalid codes = {DH_NOT_SUITABLE_GENERATOR, DH_CHECK_P_NOT_PRIME}
  30547. */
  30548. AssertIntEQ(wolfSSL_DH_check(dh, &codes), WOLFSSL_SUCCESS);
  30549. AssertIntEQ(codes, 0);
  30550. /* Test NULL dh: expected BAD_FUNC_ARG */
  30551. AssertIntEQ(wolfSSL_DH_check(NULL, &codes), WOLFSSL_FAILURE);
  30552. /* Break dh prime to test if codes = DH_CHECK_P_NOT_PRIME */
  30553. pTmp = dh->p;
  30554. dh->p = NULL;
  30555. AssertIntEQ(wolfSSL_DH_check(dh, &codes), WOLFSSL_FAILURE);
  30556. AssertIntEQ(codes, DH_CHECK_P_NOT_PRIME);
  30557. /* set dh->p back to normal so it wont fail on next tests */
  30558. dh->p = pTmp;
  30559. pTmp = NULL;
  30560. /* Break dh generator to test if codes = DH_NOT_SUITABLE_GENERATOR */
  30561. gTmp = dh->g;
  30562. dh->g = NULL;
  30563. AssertIntEQ(wolfSSL_DH_check(dh, &codes), WOLFSSL_FAILURE);
  30564. AssertIntEQ(codes, DH_NOT_SUITABLE_GENERATOR);
  30565. dh->g = gTmp;
  30566. gTmp = NULL;
  30567. /* Cleanup and Pass Test */
  30568. BIO_free(bio);
  30569. DSA_free(dsa);
  30570. DH_free(dh);
  30571. printf(resultFmt, passed);
  30572. #endif
  30573. #endif /* !NO_DH && !NO_DSA */
  30574. }
  30575. static void test_wolfSSL_EVP_PKEY_assign(void)
  30576. {
  30577. #if defined(OPENSSL_ALL)
  30578. int type;
  30579. WOLFSSL_EVP_PKEY* pkey;
  30580. #ifndef NO_RSA
  30581. WOLFSSL_RSA* rsa;
  30582. #endif
  30583. #ifndef NO_DSA
  30584. WOLFSSL_DSA* dsa;
  30585. #endif
  30586. #ifdef HAVE_ECC
  30587. WOLFSSL_EC_KEY* ecKey;
  30588. #endif
  30589. (void)pkey;
  30590. printf(testingFmt, "wolfSSL_EVP_PKEY_assign");
  30591. #ifndef NO_RSA
  30592. type = EVP_PKEY_RSA;
  30593. AssertNotNull(pkey = wolfSSL_EVP_PKEY_new());
  30594. AssertNotNull(rsa = wolfSSL_RSA_new());
  30595. AssertIntEQ(wolfSSL_EVP_PKEY_assign(NULL,type,rsa), WOLFSSL_FAILURE);
  30596. AssertIntEQ(wolfSSL_EVP_PKEY_assign(pkey,type,NULL), WOLFSSL_FAILURE);
  30597. AssertIntEQ(wolfSSL_EVP_PKEY_assign(pkey,-1,rsa), WOLFSSL_FAILURE);
  30598. AssertIntEQ(wolfSSL_EVP_PKEY_assign(pkey,type,rsa), WOLFSSL_SUCCESS);
  30599. wolfSSL_EVP_PKEY_free(pkey);
  30600. #endif /* NO_RSA */
  30601. #ifndef NO_DSA
  30602. type = EVP_PKEY_DSA;
  30603. AssertNotNull(pkey = wolfSSL_EVP_PKEY_new());
  30604. AssertNotNull(dsa = wolfSSL_DSA_new());
  30605. AssertIntEQ(wolfSSL_EVP_PKEY_assign(NULL,type,dsa), WOLFSSL_FAILURE);
  30606. AssertIntEQ(wolfSSL_EVP_PKEY_assign(pkey,type,NULL), WOLFSSL_FAILURE);
  30607. AssertIntEQ(wolfSSL_EVP_PKEY_assign(pkey,-1,dsa), WOLFSSL_FAILURE);
  30608. AssertIntEQ(wolfSSL_EVP_PKEY_assign(pkey,type,dsa), WOLFSSL_SUCCESS);
  30609. wolfSSL_EVP_PKEY_free(pkey);
  30610. #endif /* NO_DSA */
  30611. #ifdef HAVE_ECC
  30612. type = EVP_PKEY_EC;
  30613. AssertNotNull(pkey = wolfSSL_EVP_PKEY_new());
  30614. AssertNotNull(ecKey = wolfSSL_EC_KEY_new());
  30615. AssertIntEQ(wolfSSL_EVP_PKEY_assign(NULL,type,ecKey), WOLFSSL_FAILURE);
  30616. AssertIntEQ(wolfSSL_EVP_PKEY_assign(pkey,type,NULL), WOLFSSL_FAILURE);
  30617. AssertIntEQ(wolfSSL_EVP_PKEY_assign(pkey,-1,ecKey), WOLFSSL_FAILURE);
  30618. AssertIntEQ(wolfSSL_EVP_PKEY_assign(pkey,type,ecKey), WOLFSSL_FAILURE);
  30619. AssertIntEQ(wolfSSL_EC_KEY_generate_key(ecKey), 1);
  30620. AssertIntEQ(wolfSSL_EVP_PKEY_assign(pkey,type,ecKey), WOLFSSL_SUCCESS);
  30621. wolfSSL_EVP_PKEY_free(pkey);
  30622. #endif /* HAVE_ECC */
  30623. printf(resultFmt, passed);
  30624. #endif /* OPENSSL_ALL */
  30625. }
  30626. static void test_wolfSSL_EVP_PKEY_base_id(void)
  30627. {
  30628. #if defined(OPENSSL_ALL)
  30629. WOLFSSL_EVP_PKEY* pkey;
  30630. printf(testingFmt, "wolfSSL_EVP_PKEY_base_id");
  30631. AssertNotNull(pkey = wolfSSL_EVP_PKEY_new());
  30632. AssertIntEQ(wolfSSL_EVP_PKEY_base_id(NULL), NID_undef);
  30633. AssertIntEQ(wolfSSL_EVP_PKEY_base_id(pkey), EVP_PKEY_RSA);
  30634. EVP_PKEY_free(pkey);
  30635. printf(resultFmt, passed);
  30636. #endif
  30637. }
  30638. static void test_wolfSSL_EVP_PKEY_id(void)
  30639. {
  30640. #if defined(OPENSSL_ALL)
  30641. WOLFSSL_EVP_PKEY* pkey;
  30642. printf(testingFmt, "wolfSSL_EVP_PKEY_id");
  30643. AssertNotNull(pkey = wolfSSL_EVP_PKEY_new());
  30644. AssertIntEQ(wolfSSL_EVP_PKEY_id(NULL), 0);
  30645. AssertIntEQ(wolfSSL_EVP_PKEY_id(pkey), EVP_PKEY_RSA);
  30646. EVP_PKEY_free(pkey);
  30647. printf(resultFmt, passed);
  30648. #endif
  30649. }
  30650. static void test_wolfSSL_EVP_PKEY_keygen(void)
  30651. {
  30652. #if defined(OPENSSL_ALL)
  30653. WOLFSSL_EVP_PKEY* pkey;
  30654. EVP_PKEY_CTX *ctx;
  30655. printf(testingFmt, "wolfSSL_EVP_PKEY_keygen");
  30656. AssertNotNull(pkey = wolfSSL_EVP_PKEY_new());
  30657. AssertNotNull(ctx = EVP_PKEY_CTX_new(pkey, NULL));
  30658. /* Bad cases */
  30659. AssertIntEQ(wolfSSL_EVP_PKEY_keygen(NULL, &pkey), BAD_FUNC_ARG);
  30660. AssertIntEQ(wolfSSL_EVP_PKEY_keygen(ctx, NULL), BAD_FUNC_ARG);
  30661. AssertIntEQ(wolfSSL_EVP_PKEY_keygen(NULL, NULL), BAD_FUNC_ARG);
  30662. /* Good case */
  30663. AssertIntEQ(wolfSSL_EVP_PKEY_keygen(ctx, &pkey), 0);
  30664. EVP_PKEY_CTX_free(ctx);
  30665. EVP_PKEY_free(pkey);
  30666. printf(resultFmt, passed);
  30667. #endif
  30668. }
  30669. static void test_wolfSSL_EVP_PKEY_keygen_init(void)
  30670. {
  30671. #if defined(OPENSSL_ALL)
  30672. WOLFSSL_EVP_PKEY* pkey;
  30673. EVP_PKEY_CTX *ctx;
  30674. printf(testingFmt, "wolfSSL_EVP_PKEY_keygen_init");
  30675. AssertNotNull(pkey = wolfSSL_EVP_PKEY_new());
  30676. AssertNotNull(ctx = EVP_PKEY_CTX_new(pkey, NULL));
  30677. AssertIntEQ(wolfSSL_EVP_PKEY_keygen_init(ctx), WOLFSSL_SUCCESS);
  30678. EVP_PKEY_CTX_free(ctx);
  30679. EVP_PKEY_free(pkey);
  30680. printf(resultFmt, passed);
  30681. #endif
  30682. }
  30683. static void test_wolfSSL_EVP_PKEY_missing_parameters(void)
  30684. {
  30685. #if defined(OPENSSL_ALL) && !defined(NO_WOLFSSL_STUB)
  30686. WOLFSSL_EVP_PKEY* pkey;
  30687. printf(testingFmt, "wolfSSL_EVP_PKEY_missing_parameters");
  30688. AssertNotNull(pkey = wolfSSL_EVP_PKEY_new());
  30689. AssertIntEQ(wolfSSL_EVP_PKEY_missing_parameters(pkey), 0);
  30690. EVP_PKEY_free(pkey);
  30691. printf(resultFmt, passed);
  30692. #endif
  30693. }
  30694. static void test_wolfSSL_EVP_PKEY_CTX_set_rsa_keygen_bits(void)
  30695. {
  30696. #if defined(OPENSSL_ALL)
  30697. WOLFSSL_EVP_PKEY* pkey;
  30698. EVP_PKEY_CTX *ctx;
  30699. int bits = 2048;
  30700. printf(testingFmt, "wolfSSL_EVP_PKEY_CTX_set_rsa_keygen_bits");
  30701. AssertNotNull(pkey = wolfSSL_EVP_PKEY_new());
  30702. AssertNotNull(ctx = EVP_PKEY_CTX_new(pkey, NULL));
  30703. AssertIntEQ(wolfSSL_EVP_PKEY_CTX_set_rsa_keygen_bits(ctx, bits),
  30704. WOLFSSL_SUCCESS);
  30705. EVP_PKEY_CTX_free(ctx);
  30706. EVP_PKEY_free(pkey);
  30707. printf(resultFmt, passed);
  30708. #endif
  30709. }
  30710. static void test_wolfSSL_EVP_CIPHER_CTX_iv_length(void)
  30711. {
  30712. #if defined(OPENSSL_ALL)
  30713. /* This is large enough to be used for all key sizes */
  30714. byte key[AES_256_KEY_SIZE] = {0};
  30715. byte iv[AES_BLOCK_SIZE] = {0};
  30716. int i, enumlen;
  30717. EVP_CIPHER_CTX *ctx;
  30718. const EVP_CIPHER *init;
  30719. int enumArray[] = {
  30720. #ifdef HAVE_AES_CBC
  30721. NID_aes_128_cbc,
  30722. #endif
  30723. #if (!defined(HAVE_FIPS) && !defined(HAVE_SELFTEST)) || \
  30724. (defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION > 2))
  30725. #ifdef HAVE_AESGCM
  30726. NID_aes_128_gcm,
  30727. #endif
  30728. #endif /* (HAVE_FIPS && !HAVE_SELFTEST) || HAVE_FIPS_VERSION > 2 */
  30729. #ifdef WOLFSSL_AES_COUNTER
  30730. NID_aes_128_ctr,
  30731. #endif
  30732. #ifndef NO_DES3
  30733. NID_des_cbc,
  30734. NID_des_ede3_cbc,
  30735. #endif
  30736. #ifdef HAVE_IDEA
  30737. NID_idea_cbc,
  30738. #endif
  30739. };
  30740. int iv_lengths[] = {
  30741. #ifdef HAVE_AES_CBC
  30742. AES_BLOCK_SIZE,
  30743. #endif
  30744. #if (!defined(HAVE_FIPS) && !defined(HAVE_SELFTEST)) || \
  30745. (defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION > 2))
  30746. #ifdef HAVE_AESGCM
  30747. GCM_NONCE_MID_SZ,
  30748. #endif
  30749. #endif /* (HAVE_FIPS && !HAVE_SELFTEST) || HAVE_FIPS_VERSION > 2 */
  30750. #ifdef WOLFSSL_AES_COUNTER
  30751. AES_BLOCK_SIZE,
  30752. #endif
  30753. #ifndef NO_DES3
  30754. DES_BLOCK_SIZE,
  30755. DES_BLOCK_SIZE,
  30756. #endif
  30757. #ifdef HAVE_IDEA
  30758. IDEA_BLOCK_SIZE,
  30759. #endif
  30760. };
  30761. printf(testingFmt, "wolfSSL_EVP_CIPHER_CTX_iv_length");
  30762. enumlen = (sizeof(enumArray)/sizeof(int));
  30763. for(i = 0; i < enumlen; i++)
  30764. {
  30765. ctx = EVP_CIPHER_CTX_new();
  30766. init = wolfSSL_EVP_get_cipherbynid(enumArray[i]);
  30767. wolfSSL_EVP_CIPHER_CTX_init(ctx);
  30768. AssertIntEQ(EVP_CipherInit(ctx, init, key, iv, 1), WOLFSSL_SUCCESS);
  30769. AssertIntEQ(wolfSSL_EVP_CIPHER_CTX_iv_length(ctx), iv_lengths[i]);
  30770. EVP_CIPHER_CTX_free(ctx);
  30771. }
  30772. printf(resultFmt, passed);
  30773. #endif
  30774. }
  30775. static void test_wolfSSL_EVP_CIPHER_CTX_key_length(void)
  30776. {
  30777. #if defined(OPENSSL_ALL) && !defined(NO_DES3)
  30778. byte key[AES_256_KEY_SIZE] = {0};
  30779. byte iv[AES_BLOCK_SIZE] = {0};
  30780. EVP_CIPHER_CTX *ctx = EVP_CIPHER_CTX_new();
  30781. const EVP_CIPHER *init = EVP_des_ede3_cbc();
  30782. printf(testingFmt, "wolfSSL_EVP_CIPHER_CTX_key_length");
  30783. wolfSSL_EVP_CIPHER_CTX_init(ctx);
  30784. AssertIntEQ(EVP_CipherInit(ctx, init, key, iv, 1), WOLFSSL_SUCCESS);
  30785. AssertIntEQ(wolfSSL_EVP_CIPHER_CTX_key_length(ctx), 24);
  30786. EVP_CIPHER_CTX_free(ctx);
  30787. printf(resultFmt, passed);
  30788. #endif
  30789. }
  30790. static void test_wolfSSL_EVP_CIPHER_CTX_set_key_length(void)
  30791. {
  30792. #if defined(OPENSSL_ALL) && !defined(NO_DES3)
  30793. byte key[AES_256_KEY_SIZE] = {0};
  30794. byte iv[AES_BLOCK_SIZE] = {0};
  30795. int keylen;
  30796. EVP_CIPHER_CTX *ctx = EVP_CIPHER_CTX_new();
  30797. const EVP_CIPHER *init = EVP_des_ede3_cbc();
  30798. printf(testingFmt, "wolfSSL_EVP_CIPHER_CTX_set_key_length");
  30799. wolfSSL_EVP_CIPHER_CTX_init(ctx);
  30800. AssertIntEQ(EVP_CipherInit(ctx, init, key, iv, 1), WOLFSSL_SUCCESS);
  30801. keylen = wolfSSL_EVP_CIPHER_CTX_key_length(ctx);
  30802. AssertIntEQ(wolfSSL_EVP_CIPHER_CTX_set_key_length(ctx, keylen),
  30803. WOLFSSL_SUCCESS);
  30804. EVP_CIPHER_CTX_free(ctx);
  30805. printf(resultFmt, passed);
  30806. #endif
  30807. }
  30808. static void test_wolfSSL_EVP_CIPHER_CTX_set_iv(void)
  30809. {
  30810. #if defined(OPENSSL_ALL) && defined(HAVE_AESGCM) && !defined(NO_DES3)
  30811. byte key[DES3_KEY_SIZE] = {0};
  30812. byte iv[DES_IV_SIZE] = {0};
  30813. int ivLen, keyLen;
  30814. EVP_CIPHER_CTX *ctx = EVP_CIPHER_CTX_new();
  30815. const EVP_CIPHER *init = EVP_des_ede3_cbc();
  30816. printf(testingFmt, "wolfSSL_EVP_CIPHER_CTX_set_iv");
  30817. wolfSSL_EVP_CIPHER_CTX_init(ctx);
  30818. AssertIntEQ(EVP_CipherInit(ctx, init, key, iv, 1), WOLFSSL_SUCCESS);
  30819. ivLen = wolfSSL_EVP_CIPHER_CTX_iv_length(ctx);
  30820. keyLen = wolfSSL_EVP_CIPHER_CTX_key_length(ctx);
  30821. /* Bad cases */
  30822. AssertIntEQ(wolfSSL_EVP_CIPHER_CTX_set_iv(NULL, iv, ivLen), WOLFSSL_FAILURE);
  30823. AssertIntEQ(wolfSSL_EVP_CIPHER_CTX_set_iv(ctx, NULL, ivLen), WOLFSSL_FAILURE);
  30824. AssertIntEQ(wolfSSL_EVP_CIPHER_CTX_set_iv(ctx, iv, 0), WOLFSSL_FAILURE);
  30825. AssertIntEQ(wolfSSL_EVP_CIPHER_CTX_set_iv(NULL, NULL, 0), WOLFSSL_FAILURE);
  30826. AssertIntEQ(wolfSSL_EVP_CIPHER_CTX_set_iv(ctx, iv, keyLen), WOLFSSL_FAILURE);
  30827. /* Good case */
  30828. AssertIntEQ(wolfSSL_EVP_CIPHER_CTX_set_iv(ctx, iv, ivLen), 1);
  30829. EVP_CIPHER_CTX_free(ctx);
  30830. printf(resultFmt, passed);
  30831. #endif
  30832. }
  30833. static void test_wolfSSL_EVP_PKEY_CTX_new_id(void)
  30834. {
  30835. #if defined(OPENSSL_ALL)
  30836. WOLFSSL_ENGINE* e = NULL;
  30837. int id = 0;
  30838. EVP_PKEY_CTX *ctx;
  30839. printf(testingFmt, "wolfSSL_EVP_PKEY_CTX_new_id");
  30840. AssertNotNull(ctx = wolfSSL_EVP_PKEY_CTX_new_id(id, e));
  30841. EVP_PKEY_CTX_free(ctx);
  30842. printf(resultFmt, passed);
  30843. #endif
  30844. }
  30845. static void test_wolfSSL_EVP_rc4(void)
  30846. {
  30847. #if defined(OPENSSL_ALL) && !defined(NO_RC4)
  30848. printf(testingFmt, "wolfSSL_EVP_rc4");
  30849. AssertNotNull(wolfSSL_EVP_rc4());
  30850. printf(resultFmt, passed);
  30851. #endif
  30852. }
  30853. static void test_wolfSSL_EVP_enc_null(void)
  30854. {
  30855. #if defined(OPENSSL_ALL)
  30856. printf(testingFmt, "wolfSSL_EVP_enc_null");
  30857. AssertNotNull(wolfSSL_EVP_enc_null());
  30858. printf(resultFmt, passed);
  30859. #endif
  30860. }
  30861. static void test_wolfSSL_EVP_rc2_cbc(void)
  30862. {
  30863. #if defined(OPENSSL_ALL) && defined(WOLFSSL_QT) && !defined(NO_WOLFSSL_STUB)
  30864. printf(testingFmt, "wolfSSL_EVP_rc2_cbc");
  30865. AssertNull(wolfSSL_EVP_rc2_cbc());
  30866. printf(resultFmt, passed);
  30867. #endif
  30868. }
  30869. static void test_wolfSSL_EVP_mdc2(void)
  30870. {
  30871. #if defined(OPENSSL_ALL) && !defined(NO_WOLFSSL_STUB)
  30872. printf(testingFmt, "wolfSSL_EVP_mdc2");
  30873. AssertNull(wolfSSL_EVP_mdc2());
  30874. printf(resultFmt, passed);
  30875. #endif
  30876. }
  30877. static void test_wolfSSL_EVP_md4(void)
  30878. {
  30879. #if defined(OPENSSL_ALL) && !defined(NO_MD4)
  30880. printf(testingFmt, "wolfSSL_EVP_md4");
  30881. AssertNotNull(wolfSSL_EVP_md4());
  30882. printf(resultFmt, passed);
  30883. #endif
  30884. }
  30885. static void test_wolfSSL_EVP_aes_256_gcm(void)
  30886. {
  30887. #if defined(OPENSSL_ALL)
  30888. printf(testingFmt, "wolfSSL_EVP_aes_256_gcm");
  30889. AssertNotNull(wolfSSL_EVP_aes_256_gcm());
  30890. printf(resultFmt, passed);
  30891. #endif
  30892. }
  30893. static void test_wolfSSL_EVP_aes_192_gcm(void)
  30894. {
  30895. #if defined(OPENSSL_ALL)
  30896. printf(testingFmt, "wolfSSL_EVP_aes_192_gcm");
  30897. AssertNotNull(wolfSSL_EVP_aes_192_gcm());
  30898. printf(resultFmt, passed);
  30899. #endif
  30900. }
  30901. static void test_wolfSSL_EVP_ripemd160(void)
  30902. {
  30903. #if defined(OPENSSL_ALL) && !defined(NO_WOLFSSL_STUB)
  30904. printf(testingFmt, "wolfSSL_EVP_ripemd160");
  30905. AssertNull(wolfSSL_EVP_ripemd160());
  30906. printf(resultFmt, passed);
  30907. #endif
  30908. }
  30909. static void test_wolfSSL_EVP_get_digestbynid(void)
  30910. {
  30911. #if defined(OPENSSL_ALL)
  30912. printf(testingFmt, "wolfSSL_EVP_get_digestbynid");
  30913. AssertNotNull(wolfSSL_EVP_get_digestbynid(NID_md5));
  30914. AssertNotNull(wolfSSL_EVP_get_digestbynid(NID_sha1));
  30915. AssertNull(wolfSSL_EVP_get_digestbynid(0));
  30916. printf(resultFmt, passed);
  30917. #endif
  30918. }
  30919. static void test_wolfSSL_EVP_PKEY_get0_EC_KEY(void)
  30920. {
  30921. #if defined(OPENSSL_ALL)
  30922. WOLFSSL_EVP_PKEY* pkey;
  30923. printf(testingFmt, "wolfSSL_EVP_PKEY_get0_EC_KEY");
  30924. AssertNotNull(pkey = wolfSSL_EVP_PKEY_new());
  30925. AssertNull(wolfSSL_EVP_PKEY_get0_EC_KEY(pkey));
  30926. EVP_PKEY_free(pkey);
  30927. printf(resultFmt, passed);
  30928. #endif
  30929. }
  30930. static void test_wolfSSL_EVP_X_STATE(void)
  30931. {
  30932. #if defined(OPENSSL_ALL) && !defined(NO_DES3) && !defined(NO_RC4)
  30933. byte key[DES3_KEY_SIZE] = {0};
  30934. byte iv[DES_IV_SIZE] = {0};
  30935. EVP_CIPHER_CTX *ctx;
  30936. const EVP_CIPHER *init;
  30937. printf(testingFmt, "wolfSSL_EVP_X_STATE");
  30938. /* Bad test cases */
  30939. ctx = EVP_CIPHER_CTX_new();
  30940. init = EVP_des_ede3_cbc();
  30941. wolfSSL_EVP_CIPHER_CTX_init(ctx);
  30942. AssertIntEQ(EVP_CipherInit(ctx, init, key, iv, 1), WOLFSSL_SUCCESS);
  30943. AssertNull(wolfSSL_EVP_X_STATE(NULL));
  30944. AssertNull(wolfSSL_EVP_X_STATE(ctx));
  30945. EVP_CIPHER_CTX_free(ctx);
  30946. /* Good test case */
  30947. ctx = EVP_CIPHER_CTX_new();
  30948. init = wolfSSL_EVP_rc4();
  30949. wolfSSL_EVP_CIPHER_CTX_init(ctx);
  30950. AssertIntEQ(EVP_CipherInit(ctx, init, key, iv, 1), WOLFSSL_SUCCESS);
  30951. AssertNotNull(wolfSSL_EVP_X_STATE(ctx));
  30952. EVP_CIPHER_CTX_free(ctx);
  30953. printf(resultFmt, passed);
  30954. #endif
  30955. }
  30956. static void test_wolfSSL_EVP_X_STATE_LEN(void)
  30957. {
  30958. #if defined(OPENSSL_ALL) && !defined(NO_DES3) && !defined(NO_RC4)
  30959. byte key[DES3_KEY_SIZE] = {0};
  30960. byte iv[DES_IV_SIZE] = {0};
  30961. EVP_CIPHER_CTX *ctx;
  30962. const EVP_CIPHER *init;
  30963. printf(testingFmt, "wolfSSL_EVP_X_STATE_LEN");
  30964. /* Bad test cases */
  30965. ctx = EVP_CIPHER_CTX_new();
  30966. init = EVP_des_ede3_cbc();
  30967. wolfSSL_EVP_CIPHER_CTX_init(ctx);
  30968. AssertIntEQ(EVP_CipherInit(ctx, init, key, iv, 1), WOLFSSL_SUCCESS);
  30969. AssertIntEQ(wolfSSL_EVP_X_STATE_LEN(NULL), 0);
  30970. AssertIntEQ(wolfSSL_EVP_X_STATE_LEN(ctx), 0);
  30971. EVP_CIPHER_CTX_free(ctx);
  30972. /* Good test case */
  30973. ctx = EVP_CIPHER_CTX_new();
  30974. init = wolfSSL_EVP_rc4();
  30975. wolfSSL_EVP_CIPHER_CTX_init(ctx);
  30976. AssertIntEQ(EVP_CipherInit(ctx, init, key, iv, 1), WOLFSSL_SUCCESS);
  30977. AssertIntEQ(wolfSSL_EVP_X_STATE_LEN(ctx), sizeof(Arc4));
  30978. EVP_CIPHER_CTX_free(ctx);
  30979. printf(resultFmt, passed);
  30980. #endif
  30981. }
  30982. static void test_wolfSSL_EVP_CIPHER_block_size(void)
  30983. {
  30984. #if defined(OPENSSL_ALL)
  30985. #ifdef HAVE_AES_CBC
  30986. #ifdef WOLFSSL_AES_128
  30987. AssertIntEQ(EVP_CIPHER_block_size(EVP_aes_128_cbc()), AES_BLOCK_SIZE);
  30988. #endif
  30989. #ifdef WOLFSSL_AES_192
  30990. AssertIntEQ(EVP_CIPHER_block_size(EVP_aes_192_cbc()), AES_BLOCK_SIZE);
  30991. #endif
  30992. #ifdef WOLFSSL_AES_256
  30993. AssertIntEQ(EVP_CIPHER_block_size(EVP_aes_256_cbc()), AES_BLOCK_SIZE);
  30994. #endif
  30995. #endif
  30996. #ifdef HAVE_AES_GCM
  30997. #ifdef WOLFSSL_AES_128
  30998. AssertIntEQ(EVP_CIPHER_block_size(EVP_aes_128_gcm()), 1);
  30999. #endif
  31000. #ifdef WOLFSSL_AES_192
  31001. AssertIntEQ(EVP_CIPHER_block_size(EVP_aes_192_gcm()), 1);
  31002. #endif
  31003. #ifdef WOLFSSL_AES_256
  31004. AssertIntEQ(EVP_CIPHER_block_size(EVP_aes_256_gcm()), 1);
  31005. #endif
  31006. #endif
  31007. #ifdef WOLFSSL_AES_COUNTER
  31008. #ifdef WOLFSSL_AES_128
  31009. AssertIntEQ(EVP_CIPHER_block_size(EVP_aes_128_ctr()), 1);
  31010. #endif
  31011. #ifdef WOLFSSL_AES_192
  31012. AssertIntEQ(EVP_CIPHER_block_size(EVP_aes_192_ctr()), 1);
  31013. #endif
  31014. #ifdef WOLFSSL_AES_256
  31015. AssertIntEQ(EVP_CIPHER_block_size(EVP_aes_256_ctr()), 1);
  31016. #endif
  31017. #endif
  31018. #ifdef HAVE_AES_ECB
  31019. #ifdef WOLFSSL_AES_128
  31020. AssertIntEQ(EVP_CIPHER_block_size(EVP_aes_128_ecb()), AES_BLOCK_SIZE);
  31021. #endif
  31022. #ifdef WOLFSSL_AES_192
  31023. AssertIntEQ(EVP_CIPHER_block_size(EVP_aes_192_ecb()), AES_BLOCK_SIZE);
  31024. #endif
  31025. #ifdef WOLFSSL_AES_256
  31026. AssertIntEQ(EVP_CIPHER_block_size(EVP_aes_256_ecb()), AES_BLOCK_SIZE);
  31027. #endif
  31028. #endif
  31029. #ifdef WOLFSSL_AES_OFB
  31030. #ifdef WOLFSSL_AES_128
  31031. AssertIntEQ(EVP_CIPHER_block_size(EVP_aes_128_ofb()), 1);
  31032. #endif
  31033. #ifdef WOLFSSL_AES_192
  31034. AssertIntEQ(EVP_CIPHER_block_size(EVP_aes_192_ofb()), 1);
  31035. #endif
  31036. #ifdef WOLFSSL_AES_256
  31037. AssertIntEQ(EVP_CIPHER_block_size(EVP_aes_256_ofb()), 1);
  31038. #endif
  31039. #endif
  31040. #ifndef NO_RC4
  31041. AssertIntEQ(EVP_CIPHER_block_size(wolfSSL_EVP_rc4()), 1);
  31042. #endif
  31043. #endif /* OPENSSL_ALL */
  31044. }
  31045. static void test_wolfSSL_EVP_CIPHER_iv_length(void)
  31046. {
  31047. #if defined(OPENSSL_ALL)
  31048. int i, enumlen;
  31049. int enumArray[] = {
  31050. #ifdef HAVE_AES_CBC
  31051. NID_aes_128_cbc,
  31052. #endif
  31053. #ifdef WOLFSSL_AES_192
  31054. NID_aes_192_cbc,
  31055. #endif
  31056. #ifdef WOLFSSL_AES_256
  31057. NID_aes_256_cbc,
  31058. #endif
  31059. #if (!defined(HAVE_FIPS) && !defined(HAVE_SELFTEST)) || \
  31060. (defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION > 2))
  31061. #ifdef HAVE_AESGCM
  31062. #ifdef WOLFSSL_AES_128
  31063. NID_aes_128_gcm,
  31064. #endif
  31065. #ifdef WOLFSSL_AES_192
  31066. NID_aes_192_gcm,
  31067. #endif
  31068. #ifdef WOLFSSL_AES_256
  31069. NID_aes_256_gcm,
  31070. #endif
  31071. #endif /* HAVE_AESGCM */
  31072. #endif /* (HAVE_FIPS && !HAVE_SELFTEST) || HAVE_FIPS_VERSION > 2 */
  31073. #ifdef WOLFSSL_AES_COUNTER
  31074. #ifdef WOLFSSL_AES_128
  31075. NID_aes_128_ctr,
  31076. #endif
  31077. #ifdef WOLFSSL_AES_192
  31078. NID_aes_192_ctr,
  31079. #endif
  31080. #ifdef WOLFSSL_AES_256
  31081. NID_aes_256_ctr,
  31082. #endif
  31083. #endif
  31084. #ifndef NO_DES3
  31085. NID_des_cbc,
  31086. NID_des_ede3_cbc,
  31087. #endif
  31088. #ifdef HAVE_IDEA
  31089. NID_idea_cbc,
  31090. #endif
  31091. };
  31092. int iv_lengths[] = {
  31093. #ifdef HAVE_AES_CBC
  31094. AES_BLOCK_SIZE,
  31095. #endif
  31096. #ifdef WOLFSSL_AES_192
  31097. AES_BLOCK_SIZE,
  31098. #endif
  31099. #ifdef WOLFSSL_AES_256
  31100. AES_BLOCK_SIZE,
  31101. #endif
  31102. #if (!defined(HAVE_FIPS) && !defined(HAVE_SELFTEST)) || \
  31103. (defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION > 2))
  31104. #ifdef HAVE_AESGCM
  31105. #ifdef WOLFSSL_AES_128
  31106. GCM_NONCE_MID_SZ,
  31107. #endif
  31108. #ifdef WOLFSSL_AES_192
  31109. GCM_NONCE_MID_SZ,
  31110. #endif
  31111. #ifdef WOLFSSL_AES_256
  31112. GCM_NONCE_MID_SZ,
  31113. #endif
  31114. #endif /* HAVE_AESGCM */
  31115. #endif /* (HAVE_FIPS && !HAVE_SELFTEST) || HAVE_FIPS_VERSION > 2 */
  31116. #ifdef WOLFSSL_AES_COUNTER
  31117. #ifdef WOLFSSL_AES_128
  31118. AES_BLOCK_SIZE,
  31119. #endif
  31120. #ifdef WOLFSSL_AES_192
  31121. AES_BLOCK_SIZE,
  31122. #endif
  31123. #ifdef WOLFSSL_AES_256
  31124. AES_BLOCK_SIZE,
  31125. #endif
  31126. #endif
  31127. #ifndef NO_DES3
  31128. DES_BLOCK_SIZE,
  31129. DES_BLOCK_SIZE,
  31130. #endif
  31131. #ifdef HAVE_IDEA
  31132. IDEA_BLOCK_SIZE,
  31133. #endif
  31134. };
  31135. printf(testingFmt, "wolfSSL_EVP_CIPHER_iv_length");
  31136. enumlen = (sizeof(enumArray)/sizeof(int));
  31137. for(i = 0; i < enumlen; i++)
  31138. {
  31139. const EVP_CIPHER *c = wolfSSL_EVP_get_cipherbynid(enumArray[i]);
  31140. AssertIntEQ(wolfSSL_EVP_CIPHER_iv_length(c), iv_lengths[i]);
  31141. }
  31142. printf(resultFmt, passed);
  31143. #endif
  31144. }
  31145. static void test_wolfSSL_EVP_SignInit_ex(void)
  31146. {
  31147. #if defined(OPENSSL_ALL)
  31148. WOLFSSL_EVP_MD_CTX mdCtx;
  31149. WOLFSSL_ENGINE* e = 0;
  31150. const EVP_MD* md;
  31151. md = "SHA256";
  31152. printf(testingFmt, "wolfSSL_EVP_SignInit_ex");
  31153. wolfSSL_EVP_MD_CTX_init(&mdCtx);
  31154. AssertIntEQ(wolfSSL_EVP_SignInit_ex(&mdCtx, md, e), WOLFSSL_SUCCESS);
  31155. AssertIntEQ(wolfSSL_EVP_MD_CTX_cleanup(&mdCtx), 1);
  31156. printf(resultFmt, passed);
  31157. #endif
  31158. }
  31159. static void test_wolfSSL_EVP_DigestFinal_ex(void)
  31160. {
  31161. #if defined(OPENSSL_ALL) && !defined(NO_SHA256)
  31162. WOLFSSL_EVP_MD_CTX mdCtx;
  31163. unsigned int s = 0;
  31164. unsigned char md[WC_SHA256_DIGEST_SIZE];
  31165. unsigned char md2[WC_SHA256_DIGEST_SIZE];
  31166. printf(testingFmt, "wolfSSL_EVP_DigestFinal_ex");
  31167. /* Bad Case */
  31168. #if !defined(HAVE_FIPS) || (defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION > 2))
  31169. wolfSSL_EVP_MD_CTX_init(&mdCtx);
  31170. AssertIntEQ(wolfSSL_EVP_DigestFinal_ex(&mdCtx, md, &s), 0);
  31171. AssertIntEQ(wolfSSL_EVP_MD_CTX_cleanup(&mdCtx), 0);
  31172. #else
  31173. wolfSSL_EVP_MD_CTX_init(&mdCtx);
  31174. AssertIntEQ(wolfSSL_EVP_DigestFinal_ex(&mdCtx, md, &s), WOLFSSL_SUCCESS);
  31175. AssertIntEQ(wolfSSL_EVP_MD_CTX_cleanup(&mdCtx), WOLFSSL_SUCCESS);
  31176. #endif
  31177. /* Good Case */
  31178. wolfSSL_EVP_MD_CTX_init(&mdCtx);
  31179. AssertIntEQ(wolfSSL_EVP_DigestInit(&mdCtx, "SHA256"), WOLFSSL_SUCCESS);
  31180. AssertIntEQ(wolfSSL_EVP_DigestFinal_ex(&mdCtx, md2, &s), WOLFSSL_SUCCESS);
  31181. AssertIntEQ(wolfSSL_EVP_MD_CTX_cleanup(&mdCtx), WOLFSSL_SUCCESS);
  31182. printf(resultFmt, passed);
  31183. #endif
  31184. }
  31185. static void test_wolfSSL_EVP_PKEY_assign_DH(void)
  31186. {
  31187. #if defined(OPENSSL_ALL) && !defined(NO_DH) && \
  31188. !defined(HAVE_FIPS) || (defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION > 2))
  31189. FILE* f = NULL;
  31190. unsigned char buf[4096];
  31191. const unsigned char* pt = buf;
  31192. const char* params1 = "./certs/dh2048.der";
  31193. long len = 0;
  31194. WOLFSSL_DH* dh = NULL;
  31195. WOLFSSL_EVP_PKEY* pkey;
  31196. XMEMSET(buf, 0, sizeof(buf));
  31197. f = XFOPEN(params1, "rb");
  31198. AssertTrue(f != XBADFILE);
  31199. len = (long)XFREAD(buf, 1, sizeof(buf), f);
  31200. XFCLOSE(f);
  31201. printf(testingFmt, "wolfSSL_EVP_PKEY_assign_DH");
  31202. AssertNotNull(dh = wolfSSL_d2i_DHparams(NULL, &pt, len));
  31203. AssertIntEQ(DH_generate_key(dh), WOLFSSL_SUCCESS);
  31204. AssertNotNull(pkey = wolfSSL_EVP_PKEY_new());
  31205. /* Bad cases */
  31206. AssertIntEQ(wolfSSL_EVP_PKEY_assign_DH(NULL, dh), WOLFSSL_FAILURE);
  31207. AssertIntEQ(wolfSSL_EVP_PKEY_assign_DH(pkey, NULL), WOLFSSL_FAILURE);
  31208. AssertIntEQ(wolfSSL_EVP_PKEY_assign_DH(NULL, NULL), WOLFSSL_FAILURE);
  31209. /* Good case */
  31210. AssertIntEQ(wolfSSL_EVP_PKEY_assign_DH(pkey, dh), WOLFSSL_SUCCESS);
  31211. EVP_PKEY_free(pkey);
  31212. printf(resultFmt, passed);
  31213. #endif
  31214. }
  31215. static void test_wolfSSL_EVP_BytesToKey(void)
  31216. {
  31217. #if defined(OPENSSL_ALL) && !defined(NO_DES3)
  31218. byte key[AES_BLOCK_SIZE] = {0};
  31219. byte iv[AES_BLOCK_SIZE] = {0};
  31220. int sz = 5;
  31221. int count = 0;
  31222. const EVP_MD* md;
  31223. md = "SHA256";
  31224. const EVP_CIPHER *type;
  31225. const unsigned char *salt = (unsigned char *)"salt1234";
  31226. const byte data[] = {
  31227. 0x48,0x65,0x6c,0x6c,0x6f,0x20,0x57,0x6f,
  31228. 0x72,0x6c,0x64
  31229. };
  31230. type = wolfSSL_EVP_get_cipherbynid(NID_aes_128_cbc);
  31231. printf(testingFmt, "wolfSSL_EVP_BytesToKey");
  31232. /* Bad cases */
  31233. AssertIntEQ(wolfSSL_EVP_BytesToKey(NULL, md, salt, data, sz, count, key, iv),
  31234. 0);
  31235. AssertIntEQ(wolfSSL_EVP_BytesToKey(type, md, salt, NULL, sz, count, key, iv),
  31236. 16);
  31237. md = "2";
  31238. AssertIntEQ(wolfSSL_EVP_BytesToKey(type, md, salt, data, sz, count, key, iv),
  31239. WOLFSSL_FAILURE);
  31240. /* Good case */
  31241. md = "SHA256";
  31242. AssertIntEQ(wolfSSL_EVP_BytesToKey(type, md, salt, data, sz, count, key, iv),
  31243. 16);
  31244. printf(resultFmt, passed);
  31245. #endif
  31246. }
  31247. static void test_IncCtr(void)
  31248. {
  31249. #if defined(OPENSSL_ALL) && defined(HAVE_AESGCM) && !defined(NO_DES3)
  31250. byte key[DES3_KEY_SIZE] = {0};
  31251. byte iv[DES_IV_SIZE] = {0};
  31252. int type = EVP_CTRL_GCM_IV_GEN;
  31253. int arg = 0;
  31254. void *ptr;
  31255. ptr = NULL;
  31256. printf(testingFmt, "IncCtr");
  31257. EVP_CIPHER_CTX *ctx = EVP_CIPHER_CTX_new();
  31258. const EVP_CIPHER *init = EVP_des_ede3_cbc();
  31259. AssertNotNull(ctx);
  31260. wolfSSL_EVP_CIPHER_CTX_init(ctx);
  31261. AssertIntEQ(EVP_CipherInit(ctx, init, key, iv, 1), WOLFSSL_SUCCESS);
  31262. ctx->cipher.aes.keylen = 128;
  31263. AssertIntEQ(wolfSSL_EVP_CIPHER_CTX_ctrl(ctx, type, arg, ptr), 0);
  31264. EVP_CIPHER_CTX_free(ctx);
  31265. printf(resultFmt, passed);
  31266. #endif
  31267. }
  31268. static void test_wolfSSL_OBJ_ln(void)
  31269. {
  31270. const int nid_set[] = {
  31271. NID_commonName,
  31272. NID_serialNumber,
  31273. NID_countryName,
  31274. NID_localityName,
  31275. NID_stateOrProvinceName,
  31276. NID_organizationName,
  31277. NID_organizationalUnitName,
  31278. NID_domainComponent,
  31279. NID_businessCategory,
  31280. NID_jurisdictionCountryName,
  31281. NID_jurisdictionStateOrProvinceName,
  31282. NID_emailAddress
  31283. };
  31284. const char* ln_set[] = {
  31285. "commonName",
  31286. "serialNumber",
  31287. "countryName",
  31288. "localityName",
  31289. "stateOrProvinceName",
  31290. "organizationName",
  31291. "organizationalUnitName",
  31292. "domainComponent",
  31293. "businessCategory",
  31294. "jurisdictionCountryName",
  31295. "jurisdictionStateOrProvinceName",
  31296. "emailAddress",
  31297. };
  31298. size_t i = 0, maxIdx = sizeof(ln_set)/sizeof(char*);
  31299. printf(testingFmt, "wolfSSL_OBJ_ln");
  31300. AssertIntEQ(OBJ_ln2nid(NULL), NID_undef);
  31301. #ifdef HAVE_ECC
  31302. #if !defined(HAVE_FIPS) || (defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION>2))
  31303. {
  31304. size_t nCurves = 27;
  31305. EC_builtin_curve r[nCurves];
  31306. nCurves = EC_get_builtin_curves(r,nCurves);
  31307. for (i = 0; i < nCurves; i++) {
  31308. /* skip ECC_CURVE_INVALID */
  31309. if (r[i].nid != ECC_CURVE_INVALID) {
  31310. AssertIntEQ(OBJ_ln2nid(r[i].comment), r[i].nid);
  31311. AssertStrEQ(OBJ_nid2ln(r[i].nid), r[i].comment);
  31312. }
  31313. }
  31314. }
  31315. #endif
  31316. #endif
  31317. for (i = 0; i < maxIdx; i++) {
  31318. AssertIntEQ(OBJ_ln2nid(ln_set[i]), nid_set[i]);
  31319. AssertStrEQ(OBJ_nid2ln(nid_set[i]), ln_set[i]);
  31320. }
  31321. printf(resultFmt, passed);
  31322. }
  31323. static void test_wolfSSL_OBJ_sn(void)
  31324. {
  31325. int i = 0, maxIdx = 7;
  31326. const int nid_set[] = {NID_commonName,NID_countryName,NID_localityName,
  31327. NID_stateOrProvinceName,NID_organizationName,
  31328. NID_organizationalUnitName,NID_emailAddress};
  31329. const char* sn_open_set[] = {"CN","C","L","ST","O","OU","emailAddress"};
  31330. const char* sn_wolf_set[] = {WOLFSSL_COMMON_NAME,WOLFSSL_COUNTRY_NAME,
  31331. WOLFSSL_LOCALITY_NAME, WOLFSSL_STATE_NAME,
  31332. WOLFSSL_ORG_NAME, WOLFSSL_ORGUNIT_NAME,
  31333. WOLFSSL_EMAIL_ADDR};
  31334. printf(testingFmt, "wolfSSL_OBJ_sn");
  31335. AssertIntEQ(wolfSSL_OBJ_sn2nid(NULL), NID_undef);
  31336. for (i = 0; i < maxIdx; i++) {
  31337. AssertIntEQ(wolfSSL_OBJ_sn2nid(sn_wolf_set[i]), nid_set[i]);
  31338. AssertStrEQ(wolfSSL_OBJ_nid2sn(nid_set[i]), sn_open_set[i]);
  31339. }
  31340. printf(resultFmt, passed);
  31341. }
  31342. static unsigned long TXT_DB_hash(const WOLFSSL_STRING *s)
  31343. {
  31344. return lh_strhash(s[3]);
  31345. }
  31346. static int TXT_DB_cmp(const WOLFSSL_STRING *a, const WOLFSSL_STRING *b)
  31347. {
  31348. return XSTRCMP(a[3], b[3]);
  31349. }
  31350. static void test_wolfSSL_TXT_DB(void)
  31351. {
  31352. #if !defined(NO_FILESYSTEM)
  31353. BIO *bio;
  31354. TXT_DB *db = NULL;
  31355. const int columns = 6;
  31356. const char *fields[6] = {
  31357. "V",
  31358. "320926161116Z",
  31359. "",
  31360. "12BD",
  31361. "unknown",
  31362. "/CN=rsa doe",
  31363. };
  31364. char** fields_copy;
  31365. printf(testingFmt, "wolfSSL_TXT_DB");
  31366. /* Test read */
  31367. AssertNotNull(bio = BIO_new(BIO_s_file()));
  31368. AssertIntGT(BIO_read_filename(bio, "./tests/TXT_DB.txt"), 0);
  31369. AssertNotNull(db = TXT_DB_read(bio, columns));
  31370. AssertNotNull(fields_copy = (char**)XMALLOC(sizeof(fields), NULL,
  31371. DYNAMIC_TYPE_OPENSSL));
  31372. XMEMCPY(fields_copy, fields, sizeof(fields));
  31373. AssertIntEQ(TXT_DB_insert(db, fields_copy), 1);
  31374. BIO_free(bio);
  31375. /* Test write */
  31376. AssertNotNull(bio = BIO_new(BIO_s_mem()));
  31377. AssertIntEQ(TXT_DB_write(bio, db), 1484);
  31378. BIO_free(bio);
  31379. /* Test index */
  31380. AssertIntEQ(TXT_DB_create_index(db, 3, NULL, (wolf_sk_hash_cb)TXT_DB_hash,
  31381. (wolf_sk_compare_cb)TXT_DB_cmp), 1);
  31382. AssertNotNull(TXT_DB_get_by_index(db, 3, (WOLFSSL_STRING*)fields));
  31383. fields[3] = "12DA";
  31384. AssertNotNull(TXT_DB_get_by_index(db, 3, (WOLFSSL_STRING*)fields));
  31385. fields[3] = "FFFF";
  31386. AssertNull(TXT_DB_get_by_index(db, 3, (WOLFSSL_STRING*)fields));
  31387. fields[3] = "";
  31388. AssertNull(TXT_DB_get_by_index(db, 3, (WOLFSSL_STRING*)fields));
  31389. TXT_DB_free(db);
  31390. printf(resultFmt, passed);
  31391. #endif
  31392. }
  31393. static void test_wolfSSL_NCONF(void)
  31394. {
  31395. #if !defined(NO_FILESYSTEM)
  31396. const char* confFile = "./tests/NCONF_test.cnf";
  31397. CONF* conf = NULL;
  31398. long eline = 0;
  31399. long num = 0;
  31400. printf(testingFmt, "wolfSSL_NCONF");
  31401. AssertNotNull(conf = NCONF_new(NULL));
  31402. AssertIntEQ(NCONF_load(conf, confFile, &eline), 1);
  31403. AssertIntEQ(NCONF_get_number(conf, NULL, "port", &num), 1);
  31404. AssertIntEQ(num, 1234);
  31405. AssertIntEQ(NCONF_get_number(conf, "section2", "port", &num), 1);
  31406. AssertIntEQ(num, 4321);
  31407. AssertStrEQ(NCONF_get_string(conf, NULL, "dir"), "./test-dir");
  31408. AssertStrEQ(NCONF_get_string(conf, "section1", "file1_copy"),
  31409. "./test-dir/file1");
  31410. AssertStrEQ(NCONF_get_string(conf, "section2", "file_list"),
  31411. "./test-dir/file1:./test-dir/file2:./section1:file2");
  31412. NCONF_free(conf);
  31413. printf(resultFmt, passed);
  31414. #endif
  31415. }
  31416. #endif /* OPENSSL_ALL */
  31417. static void test_wolfSSL_EC_KEY_set_group(void)
  31418. {
  31419. #if defined(HAVE_ECC) && !defined(NO_ECC256) && !defined(NO_ECC_SECP) && \
  31420. defined(OPENSSL_EXTRA)
  31421. EC_KEY *key = NULL;
  31422. EC_GROUP *group = NULL;
  31423. const EC_GROUP *group2 = NULL;
  31424. printf(testingFmt, "wolfSSL_EC_KEY_dup()");
  31425. AssertNotNull(group = EC_GROUP_new_by_curve_name(NID_X9_62_prime256v1));
  31426. AssertNotNull(key = EC_KEY_new());
  31427. AssertIntEQ(EC_KEY_set_group(key, group), WOLFSSL_SUCCESS);
  31428. AssertNotNull(group2 = EC_KEY_get0_group(key));
  31429. AssertIntEQ(EC_GROUP_cmp(group2, group, NULL), 0);
  31430. EC_GROUP_free(group);
  31431. EC_KEY_free(key);
  31432. printf(resultFmt, passed);
  31433. #endif
  31434. }
  31435. static void test_wolfSSL_X509V3_EXT_get(void) {
  31436. #if !defined(NO_FILESYSTEM) && defined (OPENSSL_ALL)
  31437. FILE* f;
  31438. int numOfExt =0;
  31439. int extNid = 0;
  31440. int i = 0;
  31441. WOLFSSL_X509* x509;
  31442. WOLFSSL_X509_EXTENSION* ext;
  31443. const WOLFSSL_v3_ext_method* method;
  31444. AssertNotNull(f = fopen("./certs/server-cert.pem", "rb"));
  31445. AssertNotNull(x509 = wolfSSL_PEM_read_X509(f, NULL, NULL, NULL));
  31446. fclose(f);
  31447. printf(testingFmt, "wolfSSL_X509V3_EXT_get() return struct and nid test");
  31448. AssertIntEQ((numOfExt = wolfSSL_X509_get_ext_count(x509)), 5);
  31449. for (i = 0; i < numOfExt; i++) {
  31450. AssertNotNull(ext = wolfSSL_X509_get_ext(x509, i));
  31451. AssertNotNull(extNid = ext->obj->nid);
  31452. AssertNotNull(method = wolfSSL_X509V3_EXT_get(ext));
  31453. AssertIntEQ(method->ext_nid, extNid);
  31454. }
  31455. printf(resultFmt, "passed");
  31456. printf(testingFmt, "wolfSSL_X509V3_EXT_get() NULL argument test");
  31457. AssertNull(method = wolfSSL_X509V3_EXT_get(NULL));
  31458. printf(resultFmt, "passed");
  31459. wolfSSL_X509_free(x509);
  31460. #endif
  31461. }
  31462. static void test_wolfSSL_X509V3_EXT(void) {
  31463. #if !defined(NO_FILESYSTEM) && defined (OPENSSL_ALL)
  31464. FILE* f;
  31465. int numOfExt = 0, nid = 0, i = 0, expected, actual;
  31466. char* str;
  31467. unsigned char* data;
  31468. const WOLFSSL_v3_ext_method* method;
  31469. WOLFSSL_X509* x509;
  31470. WOLFSSL_X509_EXTENSION* ext;
  31471. WOLFSSL_X509_EXTENSION* ext2;
  31472. WOLFSSL_ASN1_OBJECT *obj, *adObj;
  31473. WOLFSSL_ASN1_STRING* asn1str;
  31474. WOLFSSL_AUTHORITY_KEYID* aKeyId;
  31475. WOLFSSL_AUTHORITY_INFO_ACCESS* aia;
  31476. WOLFSSL_BASIC_CONSTRAINTS* bc;
  31477. WOLFSSL_ACCESS_DESCRIPTION* ad;
  31478. WOLFSSL_GENERAL_NAME* gn;
  31479. printf(testingFmt, "wolfSSL_X509V3_EXT_d2i()");
  31480. /* Check NULL argument */
  31481. AssertNull(wolfSSL_X509V3_EXT_d2i(NULL));
  31482. /* Using OCSP cert with X509V3 extensions */
  31483. AssertNotNull(f = fopen("./certs/ocsp/root-ca-cert.pem", "rb"));
  31484. AssertNotNull(x509 = wolfSSL_PEM_read_X509(f, NULL, NULL, NULL));
  31485. fclose(f);
  31486. AssertIntEQ((numOfExt = wolfSSL_X509_get_ext_count(x509)), 5);
  31487. /* Basic Constraints */
  31488. AssertNotNull(ext = wolfSSL_X509_get_ext(x509, i));
  31489. AssertNotNull(obj = wolfSSL_X509_EXTENSION_get_object(ext));
  31490. AssertIntEQ((nid = wolfSSL_OBJ_obj2nid(obj)), NID_basic_constraints);
  31491. AssertNotNull(bc = (WOLFSSL_BASIC_CONSTRAINTS*)wolfSSL_X509V3_EXT_d2i(ext));
  31492. AssertIntEQ(bc->ca, 1);
  31493. AssertNull(bc->pathlen);
  31494. wolfSSL_BASIC_CONSTRAINTS_free(bc);
  31495. i++;
  31496. /* Subject Key Identifier */
  31497. AssertNotNull(ext = wolfSSL_X509_get_ext(x509, i));
  31498. AssertNotNull(obj = wolfSSL_X509_EXTENSION_get_object(ext));
  31499. AssertIntEQ((nid = wolfSSL_OBJ_obj2nid(obj)), NID_subject_key_identifier);
  31500. AssertNotNull(asn1str = (WOLFSSL_ASN1_STRING*)wolfSSL_X509V3_EXT_d2i(ext));
  31501. AssertNotNull(ext2 = wolfSSL_X509V3_EXT_i2d(NID_subject_key_identifier, 0,
  31502. asn1str));
  31503. X509_EXTENSION_free(ext2);
  31504. AssertNotNull(method = wolfSSL_X509V3_EXT_get(ext));
  31505. AssertNotNull(method->i2s);
  31506. AssertNotNull(str = method->i2s((WOLFSSL_v3_ext_method*)method, asn1str));
  31507. wolfSSL_ASN1_STRING_free(asn1str);
  31508. actual = strcmp(str,
  31509. "73:B0:1C:A4:2F:82:CB:CF:47:A5:38:D7:B0:04:82:3A:7E:72:15:21");
  31510. AssertIntEQ(actual, 0);
  31511. XFREE(str, NULL, DYNAMIC_TYPE_TMP_BUFFER);
  31512. i++;
  31513. /* Authority Key Identifier */
  31514. AssertNotNull(ext = wolfSSL_X509_get_ext(x509, i));
  31515. AssertNotNull(obj = wolfSSL_X509_EXTENSION_get_object(ext));
  31516. AssertIntEQ((nid = wolfSSL_OBJ_obj2nid(obj)), NID_authority_key_identifier);
  31517. AssertNotNull(aKeyId =
  31518. (WOLFSSL_AUTHORITY_KEYID*)wolfSSL_X509V3_EXT_d2i(ext));
  31519. AssertNotNull(method = wolfSSL_X509V3_EXT_get(ext));
  31520. AssertNotNull(asn1str = aKeyId->keyid);
  31521. AssertNotNull(str =
  31522. wolfSSL_i2s_ASN1_STRING((WOLFSSL_v3_ext_method*)method, asn1str));
  31523. actual = strcmp(str,
  31524. "73:B0:1C:A4:2F:82:CB:CF:47:A5:38:D7:B0:04:82:3A:7E:72:15:21");
  31525. AssertIntEQ(actual, 0);
  31526. XFREE(str, NULL, DYNAMIC_TYPE_TMP_BUFFER);
  31527. wolfSSL_AUTHORITY_KEYID_free(aKeyId);
  31528. i++;
  31529. /* Key Usage */
  31530. AssertNotNull(ext = wolfSSL_X509_get_ext(x509, i));
  31531. AssertNotNull(obj = wolfSSL_X509_EXTENSION_get_object(ext));
  31532. AssertIntEQ((nid = wolfSSL_OBJ_obj2nid(obj)), NID_key_usage);
  31533. AssertNotNull(asn1str = (WOLFSSL_ASN1_STRING*)wolfSSL_X509V3_EXT_d2i(ext));
  31534. AssertNotNull(data = wolfSSL_ASN1_STRING_data(asn1str));
  31535. expected = KEYUSE_KEY_CERT_SIGN | KEYUSE_CRL_SIGN;
  31536. #ifdef BIG_ENDIAN_ORDER
  31537. actual = data[1];
  31538. #else
  31539. actual = data[0];
  31540. #endif
  31541. AssertIntEQ(actual, expected);
  31542. wolfSSL_ASN1_STRING_free(asn1str);
  31543. #if 1
  31544. i++;
  31545. /* Authority Info Access */
  31546. AssertNotNull(ext = wolfSSL_X509_get_ext(x509, i));
  31547. AssertNotNull(obj = wolfSSL_X509_EXTENSION_get_object(ext));
  31548. AssertIntEQ((nid = wolfSSL_OBJ_obj2nid(obj)), NID_info_access);
  31549. AssertNotNull(aia =
  31550. (WOLFSSL_AUTHORITY_INFO_ACCESS*)wolfSSL_X509V3_EXT_d2i(ext));
  31551. AssertIntEQ(wolfSSL_sk_num(aia), 1); /* Only one URI entry for this cert */
  31552. /* URI entry is an ACCESS_DESCRIPTION type */
  31553. AssertNotNull(ad = (WOLFSSL_ACCESS_DESCRIPTION*)wolfSSL_sk_value(aia, 0));
  31554. AssertNotNull(adObj = ad->method);
  31555. /* Make sure nid is OCSP */
  31556. AssertIntEQ(wolfSSL_OBJ_obj2nid(adObj), AIA_OCSP_OID);
  31557. /* GENERAL_NAME stores URI as an ASN1_STRING */
  31558. AssertNotNull(gn = ad->location);
  31559. AssertIntEQ(gn->type, GEN_URI); /* Type should always be GEN_URI */
  31560. AssertNotNull(asn1str = gn->d.uniformResourceIdentifier);
  31561. AssertIntEQ(wolfSSL_ASN1_STRING_length(asn1str), 22);
  31562. str = (char*)wolfSSL_ASN1_STRING_data(asn1str);
  31563. actual = strcmp(str, "http://127.0.0.1:22220");
  31564. AssertIntEQ(actual, 0);
  31565. wolfSSL_sk_ACCESS_DESCRIPTION_pop_free(aia, NULL);
  31566. XFREE(ad, NULL, DYNAMIC_TYPE_X509_EXT);
  31567. #else
  31568. (void) aia; (void) ad; (void) adObj; (void) gn;
  31569. #endif
  31570. wolfSSL_X509_free(x509);
  31571. printf(resultFmt, "passed");
  31572. #endif
  31573. }
  31574. static void test_wolfSSL_X509_get_ext(void){
  31575. #if !defined(NO_FILESYSTEM) && defined (OPENSSL_ALL)
  31576. int ret = 0;
  31577. FILE* f;
  31578. WOLFSSL_X509* x509;
  31579. WOLFSSL_X509_EXTENSION* foundExtension;
  31580. AssertNotNull(f = fopen("./certs/server-cert.pem", "rb"));
  31581. AssertNotNull(x509 = wolfSSL_PEM_read_X509(f, NULL, NULL, NULL));
  31582. fclose(f);
  31583. AssertIntEQ((ret = wolfSSL_X509_get_ext_count(x509)), 5);
  31584. printf(testingFmt, "wolfSSL_X509_get_ext() valid input");
  31585. AssertNotNull(foundExtension = wolfSSL_X509_get_ext(x509, 0));
  31586. printf(resultFmt, "passed");
  31587. printf(testingFmt, "wolfSSL_X509_get_ext() valid x509, idx out of bounds");
  31588. AssertNull(foundExtension = wolfSSL_X509_get_ext(x509, -1));
  31589. AssertNull(foundExtension = wolfSSL_X509_get_ext(x509, 100));
  31590. printf(resultFmt, "passed");
  31591. printf(testingFmt, "wolfSSL_X509_get_ext() NULL x509, idx out of bounds");
  31592. AssertNull(foundExtension = wolfSSL_X509_get_ext(NULL, -1));
  31593. AssertNull(foundExtension = wolfSSL_X509_get_ext(NULL, 100));
  31594. printf(resultFmt, "passed");
  31595. printf(testingFmt, "wolfSSL_X509_get_ext() NULL x509, valid idx");
  31596. AssertNull(foundExtension = wolfSSL_X509_get_ext(NULL, 0));
  31597. printf(resultFmt, "passed");
  31598. wolfSSL_X509_free(x509);
  31599. #endif
  31600. }
  31601. static void test_wolfSSL_X509_get_ext_by_NID(void)
  31602. {
  31603. #if defined(OPENSSL_ALL)
  31604. int rc;
  31605. FILE* f;
  31606. WOLFSSL_X509* x509;
  31607. AssertNotNull(f = fopen("./certs/server-cert.pem", "rb"));
  31608. AssertNotNull(x509 = wolfSSL_PEM_read_X509(f, NULL, NULL, NULL));
  31609. fclose(f);
  31610. rc = wolfSSL_X509_get_ext_by_NID(x509, NID_basic_constraints, -1);
  31611. AssertIntGE(rc, 0);
  31612. /* Start search from last location (should fail) */
  31613. rc = wolfSSL_X509_get_ext_by_NID(x509, NID_basic_constraints, rc);
  31614. AssertIntGE(rc, -1);
  31615. rc = wolfSSL_X509_get_ext_by_NID(x509, NID_basic_constraints, -2);
  31616. AssertIntGE(rc, -1);
  31617. rc = wolfSSL_X509_get_ext_by_NID(NULL, NID_basic_constraints, -1);
  31618. AssertIntEQ(rc, -1);
  31619. rc = wolfSSL_X509_get_ext_by_NID(x509, NID_undef, -1);
  31620. AssertIntEQ(rc, -1);
  31621. wolfSSL_X509_free(x509);
  31622. #endif
  31623. }
  31624. static void test_wolfSSL_X509_EXTENSION_new(void)
  31625. {
  31626. #if defined (OPENSSL_ALL)
  31627. WOLFSSL_X509_EXTENSION* ext;
  31628. AssertNotNull(ext = wolfSSL_X509_EXTENSION_new());
  31629. AssertNotNull(ext->obj = wolfSSL_ASN1_OBJECT_new());
  31630. ext->obj->nid = WOLFSSL_SUCCESS;
  31631. AssertIntEQ(WOLFSSL_SUCCESS, ext->obj->nid);
  31632. wolfSSL_X509_EXTENSION_free(ext);
  31633. #endif
  31634. }
  31635. static void test_wolfSSL_X509_EXTENSION_get_object(void)
  31636. {
  31637. #if !defined(NO_FILESYSTEM) && defined (OPENSSL_ALL)
  31638. WOLFSSL_X509* x509;
  31639. WOLFSSL_X509_EXTENSION* ext;
  31640. WOLFSSL_ASN1_OBJECT* o;
  31641. FILE* file;
  31642. int nid = 0;
  31643. AssertNotNull(file = fopen("./certs/server-cert.pem", "rb"));
  31644. AssertNotNull(x509 = wolfSSL_PEM_read_X509(file, NULL, NULL, NULL));
  31645. fclose(file);
  31646. printf(testingFmt, "wolfSSL_X509_EXTENSION_get_object() testing ext idx 0");
  31647. AssertNotNull(ext = wolfSSL_X509_get_ext(x509, 0));
  31648. AssertNotNull(o = wolfSSL_X509_EXTENSION_get_object(ext));
  31649. AssertIntEQ(o->nid, 128);
  31650. nid = o->nid;
  31651. printf(resultFmt, nid == 128 ? passed : failed);
  31652. printf(testingFmt, "wolfSSL_X509_EXTENSION_get_object() NULL argument");
  31653. AssertNull(o = wolfSSL_X509_EXTENSION_get_object(NULL));
  31654. printf(resultFmt, passed);
  31655. wolfSSL_X509_free(x509);
  31656. #endif
  31657. }
  31658. static void test_wolfSSL_X509_EXTENSION_get_data(void)
  31659. {
  31660. #if !defined(NO_FILESYSTEM) && defined (OPENSSL_ALL)
  31661. WOLFSSL_X509* x509;
  31662. WOLFSSL_X509_EXTENSION* ext;
  31663. WOLFSSL_ASN1_STRING* str;
  31664. FILE* file;
  31665. printf(testingFmt, "wolfSSL_X509_EXTENSION_get_data");
  31666. AssertNotNull(file = fopen("./certs/server-cert.pem", "rb"));
  31667. AssertNotNull(x509 = wolfSSL_PEM_read_X509(file, NULL, NULL, NULL));
  31668. fclose(file);
  31669. AssertNotNull(ext = wolfSSL_X509_get_ext(x509, 0));
  31670. AssertNotNull(str = wolfSSL_X509_EXTENSION_get_data(ext));
  31671. printf(resultFmt, passed);
  31672. wolfSSL_X509_free(x509);
  31673. #endif
  31674. }
  31675. static void test_wolfSSL_X509_EXTENSION_get_critical(void)
  31676. {
  31677. #if !defined(NO_FILESYSTEM) && defined (OPENSSL_ALL)
  31678. WOLFSSL_X509* x509;
  31679. WOLFSSL_X509_EXTENSION* ext;
  31680. FILE* file;
  31681. int crit;
  31682. printf(testingFmt, "wolfSSL_X509_EXTENSION_get_critical");
  31683. AssertNotNull(file = fopen("./certs/server-cert.pem", "rb"));
  31684. AssertNotNull(x509 = wolfSSL_PEM_read_X509(file, NULL, NULL, NULL));
  31685. fclose(file);
  31686. AssertNotNull(ext = wolfSSL_X509_get_ext(x509, 0));
  31687. crit = wolfSSL_X509_EXTENSION_get_critical(ext);
  31688. AssertIntEQ(crit, 0);
  31689. printf(resultFmt, passed);
  31690. wolfSSL_X509_free(x509);
  31691. #endif
  31692. }
  31693. static void test_wolfSSL_X509V3_EXT_print(void)
  31694. {
  31695. #if !defined(NO_FILESYSTEM) && defined (OPENSSL_ALL) && !defined(NO_BIO)
  31696. printf(testingFmt, "wolfSSL_X509V3_EXT_print");
  31697. {
  31698. FILE* f;
  31699. WOLFSSL_X509* x509;
  31700. X509_EXTENSION * ext = NULL;
  31701. int loc;
  31702. BIO *bio = NULL;
  31703. AssertNotNull(f = fopen(svrCertFile, "rb"));
  31704. AssertNotNull(x509 = wolfSSL_PEM_read_X509(f, NULL, NULL, NULL));
  31705. fclose(f);
  31706. AssertNotNull(bio = wolfSSL_BIO_new(BIO_s_mem()));
  31707. loc = wolfSSL_X509_get_ext_by_NID(x509, NID_basic_constraints, -1);
  31708. AssertIntGT(loc, -1);
  31709. AssertNotNull(ext = wolfSSL_X509_get_ext(x509, loc));
  31710. AssertIntEQ(wolfSSL_X509V3_EXT_print(bio, ext, 0, 0), WOLFSSL_SUCCESS);
  31711. loc = wolfSSL_X509_get_ext_by_NID(x509, NID_subject_key_identifier, -1);
  31712. AssertIntGT(loc, -1);
  31713. AssertNotNull(ext = wolfSSL_X509_get_ext(x509, loc));
  31714. AssertIntEQ(wolfSSL_X509V3_EXT_print(bio, ext, 0, 0), WOLFSSL_SUCCESS);
  31715. loc = wolfSSL_X509_get_ext_by_NID(x509, NID_authority_key_identifier, -1);
  31716. AssertIntGT(loc, -1);
  31717. AssertNotNull(ext = wolfSSL_X509_get_ext(x509, loc));
  31718. AssertIntEQ(wolfSSL_X509V3_EXT_print(bio, ext, 0, 0), WOLFSSL_SUCCESS);
  31719. wolfSSL_BIO_free(bio);
  31720. wolfSSL_X509_free(x509);
  31721. }
  31722. {
  31723. X509 *x509;
  31724. BIO *bio;
  31725. X509_EXTENSION *ext;
  31726. unsigned int i;
  31727. unsigned int idx;
  31728. /* Some NIDs to test with */
  31729. int nids[] = {
  31730. /* NID_key_usage, currently X509_get_ext returns this as a bit
  31731. * string, which messes up X509V3_EXT_print */
  31732. /* NID_ext_key_usage, */
  31733. NID_subject_alt_name,
  31734. };
  31735. int* n;
  31736. AssertNotNull(bio = BIO_new_fp(stdout, BIO_NOCLOSE));
  31737. AssertNotNull(x509 = wolfSSL_X509_load_certificate_file(cliCertFileExt,
  31738. WOLFSSL_FILETYPE_PEM));
  31739. printf("\nPrinting extension values:\n");
  31740. for (i = 0, n = nids; i<(sizeof(nids)/sizeof(int)); i++, n++) {
  31741. /* X509_get_ext_by_NID should return 3 for now. If that changes then
  31742. * update the index */
  31743. AssertIntEQ((idx = X509_get_ext_by_NID(x509, *n, -1)), 3);
  31744. AssertNotNull(ext = X509_get_ext(x509, idx));
  31745. AssertIntEQ(X509V3_EXT_print(bio, ext, 0, 0), 1);
  31746. printf("\n");
  31747. }
  31748. BIO_free(bio);
  31749. X509_free(x509);
  31750. }
  31751. printf(resultFmt, passed);
  31752. #endif
  31753. }
  31754. static void test_wolfSSL_X509_cmp(void)
  31755. {
  31756. #if defined(OPENSSL_ALL)
  31757. FILE* file1;
  31758. FILE* file2;
  31759. WOLFSSL_X509* cert1;
  31760. WOLFSSL_X509* cert2;
  31761. int ret = 0;
  31762. AssertNotNull(file1=fopen("./certs/server-cert.pem", "rb"));
  31763. AssertNotNull(file2=fopen("./certs/3072/client-cert.pem", "rb"));
  31764. AssertNotNull(cert1 = wolfSSL_PEM_read_X509(file1, NULL, NULL, NULL));
  31765. AssertNotNull(cert2 = wolfSSL_PEM_read_X509(file2, NULL, NULL, NULL));
  31766. fclose(file1);
  31767. fclose(file2);
  31768. printf(testingFmt, "wolfSSL_X509_cmp() testing matching certs");
  31769. ret = wolfSSL_X509_cmp(cert1, cert1);
  31770. AssertIntEQ(0, wolfSSL_X509_cmp(cert1, cert1));
  31771. printf(resultFmt, ret == 0 ? passed : failed);
  31772. printf(testingFmt, "wolfSSL_X509_cmp() testing mismatched certs");
  31773. ret = wolfSSL_X509_cmp(cert1, cert2);
  31774. AssertIntEQ(-1, wolfSSL_X509_cmp(cert1, cert2));
  31775. printf(resultFmt, ret == -1 ? passed : failed);
  31776. printf(testingFmt, "wolfSSL_X509_cmp() testing NULL, valid args");
  31777. ret = wolfSSL_X509_cmp(NULL, cert2);
  31778. AssertIntEQ(BAD_FUNC_ARG, wolfSSL_X509_cmp(NULL, cert2));
  31779. printf(resultFmt, ret == BAD_FUNC_ARG ? passed : failed);
  31780. printf(testingFmt, "wolfSSL_X509_cmp() testing valid, NULL args");
  31781. ret = wolfSSL_X509_cmp(cert1, NULL);
  31782. AssertIntEQ(BAD_FUNC_ARG, wolfSSL_X509_cmp(cert1, NULL));
  31783. printf(resultFmt, ret == BAD_FUNC_ARG ? passed : failed);
  31784. printf(testingFmt, "wolfSSL_X509_cmp() testing NULL, NULL args");
  31785. ret = wolfSSL_X509_cmp(NULL, NULL);
  31786. AssertIntEQ(BAD_FUNC_ARG, wolfSSL_X509_cmp(NULL, NULL));
  31787. printf(resultFmt, ret == BAD_FUNC_ARG ? passed : failed);
  31788. wolfSSL_X509_free(cert1);
  31789. wolfSSL_X509_free(cert2);
  31790. #endif
  31791. }
  31792. static void test_wolfSSL_PKEY_up_ref(void)
  31793. {
  31794. #if defined(OPENSSL_ALL)
  31795. EVP_PKEY* pkey;
  31796. printf(testingFmt, "wolfSSL_PKEY_up_ref()");
  31797. pkey = EVP_PKEY_new();
  31798. AssertIntEQ(EVP_PKEY_up_ref(NULL), 0);
  31799. AssertIntEQ(EVP_PKEY_up_ref(pkey), 1);
  31800. EVP_PKEY_free(pkey);
  31801. AssertIntEQ(EVP_PKEY_up_ref(pkey), 1);
  31802. EVP_PKEY_free(pkey);
  31803. EVP_PKEY_free(pkey);
  31804. printf(resultFmt, "passed");
  31805. #endif
  31806. }
  31807. static void test_wolfSSL_i2d_PrivateKey(void)
  31808. {
  31809. #if (!defined(NO_RSA) || defined(HAVE_ECC)) && defined(OPENSSL_EXTRA) && !defined(NO_ASN) && !defined(NO_PWDBASED)
  31810. printf(testingFmt, "wolfSSL_i2d_PrivateKey()");
  31811. #if !defined(NO_RSA) && defined(USE_CERT_BUFFERS_2048)
  31812. {
  31813. EVP_PKEY* pkey;
  31814. const unsigned char* server_key = (const unsigned char*)server_key_der_2048;
  31815. unsigned char buf[FOURK_BUF];
  31816. unsigned char* pt = NULL;
  31817. int bufSz;
  31818. AssertNotNull(pkey = d2i_PrivateKey(EVP_PKEY_RSA, NULL, &server_key,
  31819. (long)sizeof_server_key_der_2048));
  31820. AssertIntEQ(i2d_PrivateKey(pkey, NULL), 1193);
  31821. pt = buf;
  31822. AssertIntEQ((bufSz = i2d_PrivateKey(pkey, &pt)), 1193);
  31823. AssertIntNE((pt - buf), 0);
  31824. AssertIntEQ(XMEMCMP(buf, server_key_der_2048, bufSz), 0);
  31825. EVP_PKEY_free(pkey);
  31826. }
  31827. #endif
  31828. #if defined(OPENSSL_EXTRA) && defined(HAVE_ECC) && defined(USE_CERT_BUFFERS_256)
  31829. {
  31830. EVP_PKEY* pkey;
  31831. const unsigned char* client_key =
  31832. (const unsigned char*)ecc_clikey_der_256;
  31833. unsigned char buf[FOURK_BUF];
  31834. unsigned char* pt = NULL;
  31835. int bufSz;
  31836. AssertNotNull((pkey = d2i_PrivateKey(EVP_PKEY_EC, NULL, &client_key,
  31837. sizeof_ecc_clikey_der_256)));
  31838. AssertIntEQ(i2d_PrivateKey(pkey, NULL), 121);
  31839. pt = buf;
  31840. AssertIntEQ((bufSz = i2d_PrivateKey(pkey, &pt)), 121);
  31841. AssertIntNE((pt - buf), 0);
  31842. AssertIntEQ(XMEMCMP(buf, ecc_clikey_der_256, bufSz), 0);
  31843. EVP_PKEY_free(pkey);
  31844. }
  31845. #endif
  31846. printf(resultFmt, "passed");
  31847. #endif
  31848. }
  31849. static void test_wolfSSL_OCSP_id_get0_info(void)
  31850. {
  31851. #if defined(OPENSSL_ALL) && defined(HAVE_OCSP) && !defined(NO_FILESYSTEM)
  31852. X509* cert;
  31853. X509* issuer;
  31854. OCSP_CERTID* id;
  31855. ASN1_STRING* name = NULL;
  31856. ASN1_OBJECT* pmd = NULL;
  31857. ASN1_STRING* keyHash = NULL;
  31858. ASN1_INTEGER* serial = NULL;
  31859. ASN1_INTEGER* x509Int;
  31860. printf(testingFmt, "wolfSSL_OCSP_id_get0_info()");
  31861. AssertNotNull(cert =
  31862. wolfSSL_X509_load_certificate_file(svrCertFile, SSL_FILETYPE_PEM));
  31863. AssertNotNull(issuer =
  31864. wolfSSL_X509_load_certificate_file(caCertFile, SSL_FILETYPE_PEM));
  31865. id = OCSP_cert_to_id(NULL, cert, issuer);
  31866. AssertNotNull(id);
  31867. AssertIntEQ(OCSP_id_get0_info(NULL, NULL, NULL, NULL, NULL), 0);
  31868. AssertIntEQ(OCSP_id_get0_info(NULL, NULL, NULL, NULL, id), 1);
  31869. /* name, pmd, keyHash not supported yet, expect failure if not NULL */
  31870. AssertIntEQ(OCSP_id_get0_info(&name, NULL, NULL, NULL, id), 0);
  31871. AssertIntEQ(OCSP_id_get0_info(NULL, &pmd, NULL, NULL, id), 0);
  31872. AssertIntEQ(OCSP_id_get0_info(NULL, NULL, &keyHash, NULL, id), 0);
  31873. AssertIntEQ(OCSP_id_get0_info(NULL, NULL, NULL, &serial, id), 1);
  31874. AssertNotNull(serial);
  31875. /* compare serial number to one in cert, should be equal */
  31876. x509Int = X509_get_serialNumber(cert);
  31877. AssertNotNull(x509Int);
  31878. AssertIntEQ(x509Int->dataMax, serial->dataMax);
  31879. AssertIntEQ(XMEMCMP(x509Int->data, serial->data, serial->dataMax), 0);
  31880. OCSP_CERTID_free(id);
  31881. X509_free(cert); /* free's x509Int */
  31882. X509_free(issuer);
  31883. printf(resultFmt, "passed");
  31884. #endif
  31885. }
  31886. static void test_wolfSSL_i2d_OCSP_CERTID(void)
  31887. {
  31888. #if defined(OPENSSL_ALL) && defined(HAVE_OCSP)
  31889. WOLFSSL_OCSP_CERTID certId;
  31890. byte* targetBuffer;
  31891. byte* beginTargetBuffer;
  31892. /* OCSP CertID bytes taken from PCAP */
  31893. byte rawCertId[] = {
  31894. 0x30, 0x49, 0x30, 0x09, 0x06, 0x05, 0x2b, 0x0e, 0x03, 0x02, 0x1a, 0x05,
  31895. 0x00, 0x04, 0x14, 0x80, 0x51, 0x06, 0x01, 0x32, 0xad, 0x9a, 0xc2, 0x7d,
  31896. 0x51, 0x87, 0xa0, 0xe8, 0x87, 0xfb, 0x01, 0x62, 0x01, 0x55, 0xee, 0x04,
  31897. 0x14, 0x03, 0xde, 0x50, 0x35, 0x56, 0xd1, 0x4c, 0xbb, 0x66, 0xf0, 0xa3,
  31898. 0xe2, 0x1b, 0x1b, 0xc3, 0x97, 0xb2, 0x3d, 0xd1, 0x55, 0x02, 0x10, 0x01,
  31899. 0xfd, 0xa3, 0xeb, 0x6e, 0xca, 0x75, 0xc8, 0x88, 0x43, 0x8b, 0x72, 0x4b,
  31900. 0xcf, 0xbc, 0x91
  31901. };
  31902. int ret, i;
  31903. printf(testingFmt, "wolfSSL_i2d_OCSP_CERTID()");
  31904. XMEMSET(&certId, 0, sizeof(WOLFSSL_OCSP_CERTID));
  31905. certId.rawCertId = rawCertId;
  31906. certId.rawCertIdSize = sizeof(rawCertId);
  31907. targetBuffer = (byte*)XMALLOC(sizeof(rawCertId), NULL, DYNAMIC_TYPE_TMP_BUFFER);
  31908. beginTargetBuffer = targetBuffer;
  31909. ret = wolfSSL_i2d_OCSP_CERTID(&certId, &targetBuffer);
  31910. /* If target buffer is not null, function increments targetBuffer to point
  31911. just past the end of the encoded data. */
  31912. AssertPtrEq(targetBuffer, (beginTargetBuffer + sizeof(rawCertId)));
  31913. /* Function returns the size of the encoded data. */
  31914. AssertIntEQ(ret, sizeof(rawCertId));
  31915. for (i = 0; i < ret; ++i)
  31916. {
  31917. AssertIntEQ(beginTargetBuffer[i], rawCertId[i]);
  31918. }
  31919. XFREE(beginTargetBuffer, NULL, DYNAMIC_TYPE_TMP_BUFFER);
  31920. targetBuffer = NULL;
  31921. ret = wolfSSL_i2d_OCSP_CERTID(&certId, &targetBuffer);
  31922. /* If target buffer is null, function allocates memory for a buffer and
  31923. copies the encoded data into it. targetBuffer then points to the start of
  31924. this newly allocate buffer. */
  31925. AssertIntEQ(ret, sizeof(rawCertId));
  31926. for (i = 0; i < ret; ++i)
  31927. {
  31928. AssertIntEQ(targetBuffer[i], rawCertId[i]);
  31929. }
  31930. XFREE(targetBuffer, NULL, DYNAMIC_TYPE_OPENSSL);
  31931. printf(resultFmt, passed);
  31932. #endif
  31933. }
  31934. static void test_wolfSSL_OCSP_SINGLERESP_get0_id(void)
  31935. {
  31936. #if defined(OPENSSL_ALL) && defined(HAVE_OCSP)
  31937. WOLFSSL_OCSP_SINGLERESP single;
  31938. const WOLFSSL_OCSP_CERTID* certId;
  31939. XMEMSET(&single, 0, sizeof(single));
  31940. certId = wolfSSL_OCSP_SINGLERESP_get0_id(&single);
  31941. printf(testingFmt, "wolfSSL_OCSP_SINGLERESP_get0_id()");
  31942. AssertPtrEq(&single, certId);
  31943. printf(resultFmt, passed);
  31944. #endif
  31945. }
  31946. static void test_wolfSSL_OCSP_single_get0_status(void)
  31947. {
  31948. #if defined(OPENSSL_ALL) && defined(HAVE_OCSP)
  31949. WOLFSSL_OCSP_SINGLERESP single;
  31950. CertStatus certStatus;
  31951. WOLFSSL_ASN1_TIME* thisDate;
  31952. WOLFSSL_ASN1_TIME* nextDate;
  31953. int ret, i;
  31954. printf(testingFmt, "wolfSSL_OCSP_single_get0_status()");
  31955. XMEMSET(&single, 0, sizeof(WOLFSSL_OCSP_SINGLERESP));
  31956. XMEMSET(&certStatus, 0, sizeof(CertStatus));
  31957. /* Fill the date fields with some dummy data. */
  31958. for (i = 0; i < CTC_DATE_SIZE; ++i) {
  31959. certStatus.thisDateParsed.data[i] = i;
  31960. certStatus.nextDateParsed.data[i] = i;
  31961. }
  31962. certStatus.status = CERT_GOOD;
  31963. single.status = &certStatus;
  31964. ret = wolfSSL_OCSP_single_get0_status(&single, NULL, NULL, &thisDate,
  31965. &nextDate);
  31966. AssertIntEQ(ret, CERT_GOOD);
  31967. AssertPtrEq(thisDate, &certStatus.thisDateParsed);
  31968. AssertPtrEq(nextDate, &certStatus.nextDateParsed);
  31969. printf(resultFmt, passed);
  31970. #endif
  31971. }
  31972. static void test_wolfSSL_OCSP_resp_count(void)
  31973. {
  31974. #if defined(OPENSSL_ALL) && defined(HAVE_OCSP)
  31975. WOLFSSL_OCSP_BASICRESP basicResp;
  31976. WOLFSSL_OCSP_SINGLERESP singleRespOne;
  31977. WOLFSSL_OCSP_SINGLERESP singleRespTwo;
  31978. int count;
  31979. printf(testingFmt, "wolfSSL_OCSP_resp_count()");
  31980. XMEMSET(&basicResp, 0, sizeof(WOLFSSL_OCSP_BASICRESP));
  31981. XMEMSET(&singleRespOne, 0, sizeof(WOLFSSL_OCSP_SINGLERESP));
  31982. XMEMSET(&singleRespTwo, 0, sizeof(WOLFSSL_OCSP_SINGLERESP));
  31983. count = wolfSSL_OCSP_resp_count(&basicResp);
  31984. AssertIntEQ(count, 0);
  31985. basicResp.single = &singleRespOne;
  31986. count = wolfSSL_OCSP_resp_count(&basicResp);
  31987. AssertIntEQ(count, 1);
  31988. singleRespOne.next = &singleRespTwo;
  31989. count = wolfSSL_OCSP_resp_count(&basicResp);
  31990. AssertIntEQ(count, 2);
  31991. printf(resultFmt, passed);
  31992. #endif
  31993. }
  31994. static void test_wolfSSL_OCSP_resp_get0(void)
  31995. {
  31996. #if defined(OPENSSL_ALL) && defined(HAVE_OCSP)
  31997. WOLFSSL_OCSP_BASICRESP basicResp;
  31998. WOLFSSL_OCSP_SINGLERESP singleRespOne;
  31999. WOLFSSL_OCSP_SINGLERESP singleRespTwo;
  32000. WOLFSSL_OCSP_SINGLERESP* ret;
  32001. printf(testingFmt, "wolfSSL_OCSP_resp_get0()");
  32002. XMEMSET(&basicResp, 0, sizeof(WOLFSSL_OCSP_BASICRESP));
  32003. XMEMSET(&singleRespOne, 0, sizeof(WOLFSSL_OCSP_SINGLERESP));
  32004. XMEMSET(&singleRespTwo, 0, sizeof(WOLFSSL_OCSP_SINGLERESP));
  32005. basicResp.single = &singleRespOne;
  32006. singleRespOne.next = &singleRespTwo;
  32007. ret = wolfSSL_OCSP_resp_get0(&basicResp, 0);
  32008. AssertPtrEq(ret, &singleRespOne);
  32009. ret = wolfSSL_OCSP_resp_get0(&basicResp, 1);
  32010. AssertPtrEq(ret, &singleRespTwo);
  32011. printf(resultFmt, passed);
  32012. #endif
  32013. }
  32014. static void test_wolfSSL_EVP_PKEY_derive(void)
  32015. {
  32016. #if defined(OPENSSL_ALL) && !defined(NO_DH)
  32017. printf(testingFmt, "wolfSSL_EVP_PKEY_derive()");
  32018. #if !defined(HAVE_FIPS) || (defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION>2))
  32019. EVP_PKEY_CTX *ctx;
  32020. unsigned char *skey;
  32021. size_t skeylen;
  32022. EVP_PKEY *pkey, *peerkey;
  32023. const unsigned char* key;
  32024. #ifndef NO_DH
  32025. /* DH */
  32026. key = dh_key_der_2048;
  32027. AssertNotNull((pkey = d2i_PrivateKey(EVP_PKEY_DH, NULL, &key,
  32028. sizeof_dh_key_der_2048)));
  32029. AssertIntEQ(DH_generate_key(EVP_PKEY_get0_DH(pkey)), 1);
  32030. key = dh_key_der_2048;
  32031. AssertNotNull((peerkey = d2i_PrivateKey(EVP_PKEY_DH, NULL, &key,
  32032. sizeof_dh_key_der_2048)));
  32033. AssertIntEQ(DH_generate_key(EVP_PKEY_get0_DH(peerkey)), 1);
  32034. AssertNotNull(ctx = EVP_PKEY_CTX_new(pkey, NULL));
  32035. AssertIntEQ(EVP_PKEY_derive_init(ctx), 1);
  32036. AssertIntEQ(EVP_PKEY_derive_set_peer(ctx, peerkey), 1);
  32037. AssertIntEQ(EVP_PKEY_derive(ctx, NULL, &skeylen), 1);
  32038. AssertNotNull(skey = (unsigned char*)XMALLOC(skeylen, NULL, DYNAMIC_TYPE_OPENSSL));
  32039. AssertIntEQ(EVP_PKEY_derive(ctx, skey, &skeylen), 1);
  32040. EVP_PKEY_CTX_free(ctx);
  32041. EVP_PKEY_free(peerkey);
  32042. EVP_PKEY_free(pkey);
  32043. XFREE(skey, NULL, DYNAMIC_TYPE_OPENSSL);
  32044. #endif
  32045. #ifdef HAVE_ECC
  32046. /* ECDH */
  32047. key = ecc_clikey_der_256;
  32048. AssertNotNull((pkey = d2i_PrivateKey(EVP_PKEY_EC, NULL, &key,
  32049. sizeof_ecc_clikey_der_256)));
  32050. key = ecc_clikeypub_der_256;
  32051. AssertNotNull((peerkey = d2i_PUBKEY(NULL, &key,
  32052. sizeof_ecc_clikeypub_der_256)));
  32053. AssertNotNull(ctx = EVP_PKEY_CTX_new(pkey, NULL));
  32054. AssertIntEQ(EVP_PKEY_derive_init(ctx), 1);
  32055. AssertIntEQ(EVP_PKEY_derive_set_peer(ctx, peerkey), 1);
  32056. AssertIntEQ(EVP_PKEY_derive(ctx, NULL, &skeylen), 1);
  32057. AssertNotNull(skey = (unsigned char*)XMALLOC(skeylen, NULL, DYNAMIC_TYPE_OPENSSL));
  32058. AssertIntEQ(EVP_PKEY_derive(ctx, skey, &skeylen), 1);
  32059. EVP_PKEY_CTX_free(ctx);
  32060. EVP_PKEY_free(peerkey);
  32061. EVP_PKEY_free(pkey);
  32062. XFREE(skey, NULL, DYNAMIC_TYPE_OPENSSL);
  32063. #endif /* HAVE_ECC */
  32064. #endif /* !HAVE_FIPS || HAVE_FIPS_VERSION > 2 */
  32065. printf(resultFmt, "passed");
  32066. #endif /* OPENSSL_ALL */
  32067. }
  32068. #ifndef NO_RSA
  32069. static void test_wolfSSL_RSA_padding_add_PKCS1_PSS(void)
  32070. {
  32071. #if defined(OPENSSL_ALL) && defined(WC_RSA_PSS) && !defined(WC_NO_RNG)
  32072. #if !defined(HAVE_FIPS) || (defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION>2))
  32073. RSA *rsa;
  32074. const unsigned char *derBuf = client_key_der_2048;
  32075. unsigned char em[256] = {0}; /* len = 2048/8 */
  32076. /* Random data simulating a hash */
  32077. const unsigned char mHash[WC_SHA256_DIGEST_SIZE] = {
  32078. 0x28, 0x6e, 0xfd, 0xf8, 0x76, 0xc7, 0x00, 0x3d, 0x91, 0x4e, 0x59, 0xe4,
  32079. 0x8e, 0xb7, 0x40, 0x7b, 0xd1, 0x0c, 0x98, 0x4b, 0xe3, 0x3d, 0xb3, 0xeb,
  32080. 0x6f, 0x8a, 0x3c, 0x42, 0xab, 0x21, 0xad, 0x28
  32081. };
  32082. AssertNotNull(d2i_RSAPrivateKey(&rsa, &derBuf, sizeof_client_key_der_2048));
  32083. AssertIntEQ(RSA_padding_add_PKCS1_PSS(rsa, em, mHash, EVP_sha256(), -1), 1);
  32084. AssertIntEQ(RSA_verify_PKCS1_PSS(rsa, mHash, EVP_sha256(), em, -1), 1);
  32085. RSA_free(rsa);
  32086. #endif /* !HAVE_FIPS || HAVE_FIPS_VERSION > 2 */
  32087. #endif /* OPENSSL_ALL && WC_RSA_PSS && !WC_NO_RNG*/
  32088. }
  32089. #endif
  32090. static void test_wolfSSL_EC_get_builtin_curves(void)
  32091. {
  32092. #if defined(HAVE_ECC) && (defined(OPENSSL_EXTRA) || defined(OPENSSL_ALL))
  32093. #if !defined(HAVE_FIPS) || (defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION>2))
  32094. EC_builtin_curve* curves = NULL;
  32095. size_t crv_len = 0;
  32096. size_t i = 0;
  32097. printf(testingFmt, "wolfSSL_EC_get_builtin_curves");
  32098. AssertIntGT((crv_len = EC_get_builtin_curves(NULL, 0)), 0);
  32099. AssertNotNull(curves = (EC_builtin_curve*)
  32100. XMALLOC(sizeof(EC_builtin_curve)*crv_len, NULL,
  32101. DYNAMIC_TYPE_TMP_BUFFER));
  32102. AssertIntEQ(EC_get_builtin_curves(curves, crv_len), crv_len);
  32103. for (i = 0; i < crv_len; i++)
  32104. {
  32105. if (curves[i].comment != NULL)
  32106. AssertStrEQ(OBJ_nid2sn(curves[i].nid), curves[i].comment);
  32107. }
  32108. XFREE(curves, NULL, DYNAMIC_TYPE_TMP_BUFFER);
  32109. printf(resultFmt, passed);
  32110. #endif /* !HAVE_FIPS || HAVE_FIPS_VERSION > 2 */
  32111. #endif /* defined(HAVE_ECC) || defined(OPENSSL_EXTRA) || defined(OPENSSL_ALL) */
  32112. }
  32113. static void test_no_op_functions(void)
  32114. {
  32115. #if defined(OPENSSL_EXTRA)
  32116. printf(testingFmt, "no_op_functions()");
  32117. /* this makes sure wolfSSL can compile and run these no-op functions */
  32118. SSL_load_error_strings();
  32119. ENGINE_load_builtin_engines();
  32120. OpenSSL_add_all_ciphers();
  32121. AssertIntEQ(CRYPTO_malloc_init(), 0);
  32122. printf(resultFmt, passed);
  32123. #endif
  32124. }
  32125. static void test_wolfSSL_CRYPTO_memcmp(void)
  32126. {
  32127. #ifdef OPENSSL_EXTRA
  32128. char a[] = "wolfSSL (formerly CyaSSL) is a small, fast, portable "
  32129. "implementation of TLS/SSL for embedded devices to the cloud.";
  32130. char b[] = "wolfSSL (formerly CyaSSL) is a small, fast, portable "
  32131. "implementation of TLS/SSL for embedded devices to the cloud.";
  32132. char c[] = "wolfSSL (formerly CyaSSL) is a small, fast, portable "
  32133. "implementation of TLS/SSL for embedded devices to the cloud!";
  32134. AssertIntEQ(CRYPTO_memcmp(a, b, sizeof(a)), 0);
  32135. AssertIntNE(CRYPTO_memcmp(a, c, sizeof(a)), 0);
  32136. #endif
  32137. }
  32138. /*----------------------------------------------------------------------------*
  32139. | wolfCrypt ASN
  32140. *----------------------------------------------------------------------------*/
  32141. static void test_wc_GetPkcs8TraditionalOffset(void)
  32142. {
  32143. #if !defined(NO_ASN) && !defined(NO_FILESYSTEM) && defined(HAVE_PKCS8)
  32144. int length, derSz;
  32145. word32 inOutIdx;
  32146. const char* path = "./certs/server-keyPkcs8.der";
  32147. XFILE file;
  32148. byte der[2048];
  32149. printf(testingFmt, "wc_GetPkcs8TraditionalOffset");
  32150. file = XFOPEN(path, "rb");
  32151. AssertTrue(file != XBADFILE);
  32152. derSz = (int)XFREAD(der, 1, sizeof(der), file);
  32153. XFCLOSE(file);
  32154. /* valid case */
  32155. inOutIdx = 0;
  32156. length = wc_GetPkcs8TraditionalOffset(der, &inOutIdx, derSz);
  32157. AssertIntGT(length, 0);
  32158. /* inOutIdx > sz */
  32159. inOutIdx = 4000;
  32160. length = wc_GetPkcs8TraditionalOffset(der, &inOutIdx, derSz);
  32161. AssertIntEQ(length, BAD_FUNC_ARG);
  32162. /* null input */
  32163. inOutIdx = 0;
  32164. length = wc_GetPkcs8TraditionalOffset(NULL, &inOutIdx, 0);
  32165. AssertIntEQ(length, BAD_FUNC_ARG);
  32166. /* invalid input, fill buffer with 1's */
  32167. XMEMSET(der, 1, sizeof(der));
  32168. inOutIdx = 0;
  32169. length = wc_GetPkcs8TraditionalOffset(der, &inOutIdx, derSz);
  32170. AssertIntEQ(length, ASN_PARSE_E);
  32171. printf(resultFmt, passed);
  32172. #endif /* NO_ASN */
  32173. }
  32174. static void test_wc_SetSubjectRaw(void)
  32175. {
  32176. #if !defined(NO_ASN) && !defined(NO_FILESYSTEM) && defined(OPENSSL_EXTRA) && \
  32177. defined(WOLFSSL_CERT_GEN) && defined(WOLFSSL_CERT_EXT) && !defined(NO_RSA)
  32178. const char* joiCertFile = "./certs/test/cert-ext-joi.pem";
  32179. WOLFSSL_X509* x509;
  32180. int peerCertSz;
  32181. const byte* peerCertBuf;
  32182. Cert forgedCert;
  32183. printf(testingFmt, "test_wc_SetSubjectRaw()");
  32184. AssertNotNull(x509 = wolfSSL_X509_load_certificate_file(joiCertFile, WOLFSSL_FILETYPE_PEM));
  32185. AssertNotNull(peerCertBuf = wolfSSL_X509_get_der(x509, &peerCertSz));
  32186. AssertIntEQ(0, wc_InitCert(&forgedCert));
  32187. AssertIntEQ(0, wc_SetSubjectRaw(&forgedCert, peerCertBuf, peerCertSz));
  32188. wolfSSL_FreeX509(x509);
  32189. printf(resultFmt, passed);
  32190. #endif
  32191. }
  32192. static void test_wc_GetSubjectRaw(void)
  32193. {
  32194. #if !defined(NO_ASN) && !defined(NO_FILESYSTEM) && defined(OPENSSL_EXTRA) && \
  32195. defined(WOLFSSL_CERT_GEN) && defined(WOLFSSL_CERT_EXT)
  32196. Cert cert;
  32197. byte *subjectRaw;
  32198. printf(testingFmt, "test_wc_GetSubjectRaw()");
  32199. AssertIntEQ(0, wc_InitCert(&cert));
  32200. AssertIntEQ(0, wc_GetSubjectRaw(&subjectRaw, &cert));
  32201. printf(resultFmt, passed);
  32202. #endif
  32203. }
  32204. static void test_wc_SetIssuerRaw(void)
  32205. {
  32206. #if !defined(NO_ASN) && !defined(NO_FILESYSTEM) && defined(OPENSSL_EXTRA) && \
  32207. defined(WOLFSSL_CERT_GEN) && defined(WOLFSSL_CERT_EXT) && !defined(NO_RSA)
  32208. const char* joiCertFile = "./certs/test/cert-ext-joi.pem";
  32209. WOLFSSL_X509* x509;
  32210. int peerCertSz;
  32211. const byte* peerCertBuf;
  32212. Cert forgedCert;
  32213. printf(testingFmt, "test_wc_SetIssuerRaw()");
  32214. AssertNotNull(x509 = wolfSSL_X509_load_certificate_file(joiCertFile, WOLFSSL_FILETYPE_PEM));
  32215. AssertNotNull(peerCertBuf = wolfSSL_X509_get_der(x509, &peerCertSz));
  32216. AssertIntEQ(0, wc_InitCert(&forgedCert));
  32217. AssertIntEQ(0, wc_SetIssuerRaw(&forgedCert, peerCertBuf, peerCertSz));
  32218. wolfSSL_FreeX509(x509);
  32219. printf(resultFmt, passed);
  32220. #endif
  32221. }
  32222. static void test_wc_SetIssueBuffer(void)
  32223. {
  32224. #if !defined(NO_ASN) && !defined(NO_FILESYSTEM) && defined(OPENSSL_EXTRA) && \
  32225. defined(WOLFSSL_CERT_GEN) && defined(WOLFSSL_CERT_EXT) && !defined(NO_RSA)
  32226. const char* joiCertFile = "./certs/test/cert-ext-joi.pem";
  32227. WOLFSSL_X509* x509;
  32228. int peerCertSz;
  32229. const byte* peerCertBuf;
  32230. Cert forgedCert;
  32231. printf(testingFmt, "test_wc_SetIssuerBuffer()");
  32232. AssertNotNull(x509 = wolfSSL_X509_load_certificate_file(joiCertFile, WOLFSSL_FILETYPE_PEM));
  32233. AssertNotNull(peerCertBuf = wolfSSL_X509_get_der(x509, &peerCertSz));
  32234. AssertIntEQ(0, wc_InitCert(&forgedCert));
  32235. AssertIntEQ(0, wc_SetIssuerBuffer(&forgedCert, peerCertBuf, peerCertSz));
  32236. wolfSSL_FreeX509(x509);
  32237. printf(resultFmt, passed);
  32238. #endif
  32239. }
  32240. /*
  32241. * Testing wc_SetSubjectKeyId
  32242. */
  32243. static void test_wc_SetSubjectKeyId(void)
  32244. {
  32245. #if !defined(NO_ASN) && !defined(NO_FILESYSTEM) && defined(OPENSSL_EXTRA) && \
  32246. defined(WOLFSSL_CERT_GEN) && defined(WOLFSSL_CERT_EXT)
  32247. Cert cert;
  32248. const char* file = "certs/ecc-client-keyPub.pem";
  32249. printf(testingFmt, "wc_SetSubjectKeyId()");
  32250. AssertIntEQ(0, wc_InitCert(&cert));
  32251. AssertIntEQ(0, wc_SetSubjectKeyId(&cert, file));
  32252. AssertIntEQ(BAD_FUNC_ARG, wc_SetSubjectKeyId(NULL, file));
  32253. AssertIntGT(0, wc_SetSubjectKeyId(&cert, "badfile.name"));
  32254. printf(resultFmt, passed);
  32255. #endif
  32256. } /* END test_wc_SetSubjectKeyId */
  32257. /*
  32258. * Testing wc_SetSubject
  32259. */
  32260. static void test_wc_SetSubject(void)
  32261. {
  32262. #if !defined(NO_ASN) && !defined(NO_FILESYSTEM) && defined(OPENSSL_EXTRA) && \
  32263. defined(WOLFSSL_CERT_GEN) && defined(WOLFSSL_CERT_EXT)
  32264. Cert cert;
  32265. const char* file = "./certs/ca-ecc-cert.pem";
  32266. printf(testingFmt, "wc_SetSubject()");
  32267. AssertIntEQ(0, wc_InitCert(&cert));
  32268. AssertIntEQ(0, wc_SetSubject(&cert, file));
  32269. AssertIntEQ(BAD_FUNC_ARG, wc_SetSubject(NULL, file));
  32270. AssertIntGT(0, wc_SetSubject(&cert, "badfile.name"));
  32271. printf(resultFmt, passed);
  32272. #endif
  32273. } /* END test_wc_SetSubject */
  32274. static void test_CheckCertSignature(void)
  32275. {
  32276. #if !defined(NO_CERTS) && defined(WOLFSSL_SMALL_CERT_VERIFY)
  32277. WOLFSSL_CERT_MANAGER* cm = NULL;
  32278. #if !defined(NO_FILESYSTEM) && (!defined(NO_RSA) || defined(HAVE_ECC))
  32279. FILE* fp;
  32280. byte cert[4096];
  32281. int certSz;
  32282. #endif
  32283. AssertIntEQ(BAD_FUNC_ARG, CheckCertSignature(NULL, 0, NULL, NULL));
  32284. AssertNotNull(cm = wolfSSL_CertManagerNew_ex(NULL));
  32285. AssertIntEQ(BAD_FUNC_ARG, CheckCertSignature(NULL, 0, NULL, cm));
  32286. #ifndef NO_RSA
  32287. #ifdef USE_CERT_BUFFERS_1024
  32288. AssertIntEQ(ASN_NO_SIGNER_E, CheckCertSignature(server_cert_der_1024,
  32289. sizeof_server_cert_der_1024, NULL, cm));
  32290. AssertIntEQ(WOLFSSL_SUCCESS, wolfSSL_CertManagerLoadCABuffer(cm,
  32291. ca_cert_der_1024, sizeof_ca_cert_der_1024,
  32292. WOLFSSL_FILETYPE_ASN1));
  32293. AssertIntEQ(0, CheckCertSignature(server_cert_der_1024,
  32294. sizeof_server_cert_der_1024, NULL, cm));
  32295. #elif defined(USE_CERT_BUFFERS_2048)
  32296. AssertIntEQ(ASN_NO_SIGNER_E, CheckCertSignature(server_cert_der_2048,
  32297. sizeof_server_cert_der_2048, NULL, cm));
  32298. AssertIntEQ(WOLFSSL_SUCCESS, wolfSSL_CertManagerLoadCABuffer(cm,
  32299. ca_cert_der_2048, sizeof_ca_cert_der_2048,
  32300. WOLFSSL_FILETYPE_ASN1));
  32301. AssertIntEQ(0, CheckCertSignature(server_cert_der_2048,
  32302. sizeof_server_cert_der_2048, NULL, cm));
  32303. #endif
  32304. #endif
  32305. #if defined(HAVE_ECC) && defined(USE_CERT_BUFFERS_256)
  32306. AssertIntEQ(ASN_NO_SIGNER_E, CheckCertSignature(serv_ecc_der_256,
  32307. sizeof_serv_ecc_der_256, NULL, cm));
  32308. AssertIntEQ(WOLFSSL_SUCCESS, wolfSSL_CertManagerLoadCABuffer(cm,
  32309. ca_ecc_cert_der_256, sizeof_ca_ecc_cert_der_256,
  32310. WOLFSSL_FILETYPE_ASN1));
  32311. AssertIntEQ(0, CheckCertSignature(serv_ecc_der_256, sizeof_serv_ecc_der_256,
  32312. NULL, cm));
  32313. #endif
  32314. #if !defined(NO_FILESYSTEM)
  32315. wolfSSL_CertManagerFree(cm);
  32316. AssertNotNull(cm = wolfSSL_CertManagerNew_ex(NULL));
  32317. #ifndef NO_RSA
  32318. AssertNotNull(fp = XFOPEN("./certs/server-cert.der", "rb"));
  32319. AssertIntGT((certSz = (int)XFREAD(cert, 1, sizeof(cert), fp)), 0);
  32320. XFCLOSE(fp);
  32321. AssertIntEQ(ASN_NO_SIGNER_E, CheckCertSignature(cert, certSz, NULL, cm));
  32322. AssertIntEQ(WOLFSSL_SUCCESS, wolfSSL_CertManagerLoadCA(cm,
  32323. "./certs/ca-cert.pem", NULL));
  32324. AssertIntEQ(0, CheckCertSignature(cert, certSz, NULL, cm));
  32325. #endif
  32326. #ifdef HAVE_ECC
  32327. AssertNotNull(fp = XFOPEN("./certs/server-ecc.der", "rb"));
  32328. AssertIntGT((certSz = (int)XFREAD(cert, 1, sizeof(cert), fp)), 0);
  32329. XFCLOSE(fp);
  32330. AssertIntEQ(ASN_NO_SIGNER_E, CheckCertSignature(cert, certSz, NULL, cm));
  32331. AssertIntEQ(WOLFSSL_SUCCESS, wolfSSL_CertManagerLoadCA(cm,
  32332. "./certs/ca-ecc-cert.pem", NULL));
  32333. AssertIntEQ(0, CheckCertSignature(cert, certSz, NULL, cm));
  32334. #endif
  32335. #endif
  32336. #if !defined(NO_FILESYSTEM) && (!defined(NO_RSA) || defined(HAVE_ECC))
  32337. (void)fp;
  32338. (void)cert;
  32339. (void)certSz;
  32340. #endif
  32341. wolfSSL_CertManagerFree(cm);
  32342. #endif
  32343. }
  32344. /*----------------------------------------------------------------------------*
  32345. | wolfCrypt ECC
  32346. *----------------------------------------------------------------------------*/
  32347. static void test_wc_ecc_get_curve_size_from_name(void)
  32348. {
  32349. #ifdef HAVE_ECC
  32350. int ret;
  32351. printf(testingFmt, "wc_ecc_get_curve_size_from_name");
  32352. #if !defined(NO_ECC256) && !defined(NO_ECC_SECP)
  32353. ret = wc_ecc_get_curve_size_from_name("SECP256R1");
  32354. AssertIntEQ(ret, 32);
  32355. #endif
  32356. /* invalid case */
  32357. ret = wc_ecc_get_curve_size_from_name("BADCURVE");
  32358. AssertIntEQ(ret, -1);
  32359. /* NULL input */
  32360. ret = wc_ecc_get_curve_size_from_name(NULL);
  32361. AssertIntEQ(ret, BAD_FUNC_ARG);
  32362. printf(resultFmt, passed);
  32363. #endif /* HAVE_ECC */
  32364. }
  32365. static void test_wc_ecc_get_curve_id_from_name(void)
  32366. {
  32367. #ifdef HAVE_ECC
  32368. int id;
  32369. printf(testingFmt, "wc_ecc_get_curve_id_from_name");
  32370. #if !defined(NO_ECC256) && !defined(NO_ECC_SECP)
  32371. id = wc_ecc_get_curve_id_from_name("SECP256R1");
  32372. AssertIntEQ(id, ECC_SECP256R1);
  32373. #endif
  32374. /* invalid case */
  32375. id = wc_ecc_get_curve_id_from_name("BADCURVE");
  32376. AssertIntEQ(id, -1);
  32377. /* NULL input */
  32378. id = wc_ecc_get_curve_id_from_name(NULL);
  32379. AssertIntEQ(id, BAD_FUNC_ARG);
  32380. printf(resultFmt, passed);
  32381. #endif /* HAVE_ECC */
  32382. }
  32383. #if defined(OPENSSL_EXTRA) && defined(HAVE_ECC) && \
  32384. !defined(HAVE_SELFTEST) && \
  32385. !(defined(HAVE_FIPS) || defined(HAVE_FIPS_VERSION))
  32386. static void test_wc_ecc_get_curve_id_from_dp_params(void)
  32387. {
  32388. int id;
  32389. #if !defined(NO_ECC256) && !defined(NO_ECC_SECP)
  32390. int curve_id;
  32391. ecc_key* key;
  32392. const ecc_set_type* params;
  32393. int ret;
  32394. #endif
  32395. WOLFSSL_EC_KEY *ecKey = NULL;
  32396. printf(testingFmt, "wc_ecc_get_curve_id_from_dp_params");
  32397. #if !defined(NO_ECC256) && !defined(NO_ECC_SECP)
  32398. id = wc_ecc_get_curve_id_from_name("SECP256R1");
  32399. AssertIntEQ(id, ECC_SECP256R1);
  32400. ecKey = EC_KEY_new_by_curve_name(NID_X9_62_prime256v1);
  32401. AssertNotNull(ecKey);
  32402. ret = EC_KEY_generate_key(ecKey);
  32403. if (ret == 0) {
  32404. /* normal test */
  32405. key = (ecc_key*)ecKey->internal;
  32406. params = key->dp;
  32407. curve_id = wc_ecc_get_curve_id_from_dp_params(params);
  32408. AssertIntEQ(curve_id, id);
  32409. }
  32410. #endif
  32411. /* invalid case, NULL input*/
  32412. id = wc_ecc_get_curve_id_from_dp_params(NULL);
  32413. AssertIntEQ(id, BAD_FUNC_ARG);
  32414. wolfSSL_EC_KEY_free(ecKey);
  32415. printf(resultFmt, passed);
  32416. }
  32417. #endif /* defined(OPENSSL_EXTRA) && defined(HAVE_ECC) */
  32418. static void test_wc_ecc_get_curve_id_from_params(void)
  32419. {
  32420. #ifdef HAVE_ECC
  32421. int id;
  32422. const byte prime[] =
  32423. {
  32424. 0xFF,0xFF,0xFF,0xFF,0x00,0x00,0x00,0x01,
  32425. 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
  32426. 0x00,0x00,0x00,0x00,0xFF,0xFF,0xFF,0xFF,
  32427. 0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF
  32428. };
  32429. const byte primeInvalid[] =
  32430. {
  32431. 0xFF,0xFF,0xFF,0xFF,0x00,0x00,0x00,0x01,
  32432. 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
  32433. 0x00,0x00,0x00,0x00,0xFF,0xFF,0xFF,0xFF,
  32434. 0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0x01,0x01
  32435. };
  32436. const byte Af[] =
  32437. {
  32438. 0xFF,0xFF,0xFF,0xFF,0x00,0x00,0x00,0x01,
  32439. 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
  32440. 0x00,0x00,0x00,0x00,0xFF,0xFF,0xFF,0xFF,
  32441. 0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFC
  32442. };
  32443. const byte Bf[] =
  32444. {
  32445. 0x5A,0xC6,0x35,0xD8,0xAA,0x3A,0x93,0xE7,
  32446. 0xB3,0xEB,0xBD,0x55,0x76,0x98,0x86,0xBC,
  32447. 0x65,0x1D,0x06,0xB0,0xCC,0x53,0xB0,0xF6,
  32448. 0x3B,0xCE,0x3C,0x3E,0x27,0xD2,0x60,0x4B
  32449. };
  32450. const byte order[] =
  32451. {
  32452. 0xFF,0xFF,0xFF,0xFF,0x00,0x00,0x00,0x00,
  32453. 0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,
  32454. 0xBC,0xE6,0xFA,0xAD,0xA7,0x17,0x9E,0x84,
  32455. 0xF3,0xB9,0xCA,0xC2,0xFC,0x63,0x25,0x51
  32456. };
  32457. const byte Gx[] =
  32458. {
  32459. 0x6B,0x17,0xD1,0xF2,0xE1,0x2C,0x42,0x47,
  32460. 0xF8,0xBC,0xE6,0xE5,0x63,0xA4,0x40,0xF2,
  32461. 0x77,0x03,0x7D,0x81,0x2D,0xEB,0x33,0xA0,
  32462. 0xF4,0xA1,0x39,0x45,0xD8,0x98,0xC2,0x96
  32463. };
  32464. const byte Gy[] =
  32465. {
  32466. 0x4F,0xE3,0x42,0xE2,0xFE,0x1A,0x7F,0x9B,
  32467. 0x8E,0xE7,0xEB,0x4A,0x7C,0x0F,0x9E,0x16,
  32468. 0x2B,0xCE,0x33,0x57,0x6B,0x31,0x5E,0xCE,
  32469. 0xCB,0xB6,0x40,0x68,0x37,0xBF,0x51,0xF5
  32470. };
  32471. int cofactor = 1;
  32472. int fieldSize = 256;
  32473. printf(testingFmt, "wc_ecc_get_curve_id_from_params");
  32474. #if !defined(NO_ECC256) && !defined(NO_ECC_SECP)
  32475. id = wc_ecc_get_curve_id_from_params(fieldSize, prime, sizeof(prime),
  32476. Af, sizeof(Af), Bf, sizeof(Bf), order, sizeof(order),
  32477. Gx, sizeof(Gx), Gy, sizeof(Gy), cofactor);
  32478. AssertIntEQ(id, ECC_SECP256R1);
  32479. #endif
  32480. /* invalid case, fieldSize = 0 */
  32481. id = wc_ecc_get_curve_id_from_params(0, prime, sizeof(prime),
  32482. Af, sizeof(Af), Bf, sizeof(Bf), order, sizeof(order),
  32483. Gx, sizeof(Gx), Gy, sizeof(Gy), cofactor);
  32484. AssertIntEQ(id, ECC_CURVE_INVALID);
  32485. /* invalid case, NULL prime */
  32486. id = wc_ecc_get_curve_id_from_params(fieldSize, NULL, sizeof(prime),
  32487. Af, sizeof(Af), Bf, sizeof(Bf), order, sizeof(order),
  32488. Gx, sizeof(Gx), Gy, sizeof(Gy), cofactor);
  32489. AssertIntEQ(id, BAD_FUNC_ARG);
  32490. /* invalid case, invalid prime */
  32491. id = wc_ecc_get_curve_id_from_params(fieldSize,
  32492. primeInvalid, sizeof(primeInvalid),
  32493. Af, sizeof(Af), Bf, sizeof(Bf), order, sizeof(order),
  32494. Gx, sizeof(Gx), Gy, sizeof(Gy), cofactor);
  32495. AssertIntEQ(id, ECC_CURVE_INVALID);
  32496. printf(resultFmt, passed);
  32497. #endif
  32498. }
  32499. static void test_wolfSSL_EVP_PKEY_encrypt(void)
  32500. {
  32501. #if defined(OPENSSL_EXTRA) && !defined(NO_RSA) && defined(WOLFSSL_KEY_GEN) && \
  32502. !defined(HAVE_FAST_RSA)
  32503. WOLFSSL_RSA* rsa = NULL;
  32504. WOLFSSL_EVP_PKEY* pkey = NULL;
  32505. WOLFSSL_EVP_PKEY_CTX* ctx = NULL;
  32506. const char* in = "What is easy to do is easy not to do.";
  32507. size_t inlen = XSTRLEN(in);
  32508. size_t outEncLen = 0;
  32509. byte* outEnc = NULL;
  32510. byte* outDec = NULL;
  32511. size_t outDecLen = 0;
  32512. size_t rsaKeySz = 2048/8; /* Bytes */
  32513. #ifdef WC_RSA_NO_PADDING
  32514. byte* inTmp = NULL;
  32515. byte* outEncTmp = NULL;
  32516. byte* outDecTmp = NULL;
  32517. #endif
  32518. printf(testingFmt, "wolfSSL_EVP_PKEY_encrypt()");
  32519. AssertNotNull(outEnc = (byte*)XMALLOC(rsaKeySz, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER));
  32520. XMEMSET(outEnc, 0, rsaKeySz);
  32521. AssertNotNull(outDec = (byte*)XMALLOC(rsaKeySz, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER));
  32522. XMEMSET(outDec, 0, rsaKeySz);
  32523. AssertNotNull(rsa = RSA_generate_key(2048, 3, NULL, NULL));
  32524. AssertNotNull(pkey = wolfSSL_EVP_PKEY_new());
  32525. AssertIntEQ(EVP_PKEY_assign_RSA(pkey, rsa), WOLFSSL_SUCCESS);
  32526. AssertNotNull(ctx = EVP_PKEY_CTX_new(pkey, NULL));
  32527. AssertIntEQ(EVP_PKEY_encrypt_init(ctx), WOLFSSL_SUCCESS);
  32528. AssertIntEQ(EVP_PKEY_CTX_set_rsa_padding(ctx, RSA_PKCS1_PADDING),
  32529. WOLFSSL_SUCCESS);
  32530. /* Test pkey references count is decremented. pkey shouldn't be destroyed
  32531. since ctx uses it.*/
  32532. AssertIntEQ(pkey->references, 2);
  32533. EVP_PKEY_free(pkey);
  32534. AssertIntEQ(pkey->references, 1);
  32535. /* Encrypt data */
  32536. AssertIntEQ(EVP_PKEY_encrypt(ctx, outEnc, &outEncLen,
  32537. (const unsigned char*)in, inlen), WOLFSSL_SUCCESS);
  32538. /* Decrypt data */
  32539. AssertIntEQ(EVP_PKEY_decrypt_init(ctx), WOLFSSL_SUCCESS);
  32540. AssertIntEQ(EVP_PKEY_decrypt(ctx, outDec, &outDecLen, outEnc, outEncLen),
  32541. WOLFSSL_SUCCESS);
  32542. AssertIntEQ(XMEMCMP(in, outDec, outDecLen), 0);
  32543. #ifdef WC_RSA_NO_PADDING
  32544. /* The input length must be the same size as the RSA key.*/
  32545. AssertNotNull(inTmp = (byte*)XMALLOC(rsaKeySz, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER));
  32546. XMEMSET(inTmp, 9, rsaKeySz);
  32547. AssertNotNull(outEncTmp = (byte*)XMALLOC(rsaKeySz, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER));
  32548. XMEMSET(outEncTmp, 0, rsaKeySz);
  32549. AssertNotNull(outDecTmp = (byte*)XMALLOC(rsaKeySz, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER));
  32550. XMEMSET(outDecTmp, 0, rsaKeySz);
  32551. AssertIntEQ(EVP_PKEY_encrypt_init(ctx), WOLFSSL_SUCCESS);
  32552. AssertIntEQ(EVP_PKEY_CTX_set_rsa_padding(ctx, RSA_NO_PADDING),
  32553. WOLFSSL_SUCCESS);
  32554. AssertIntEQ(EVP_PKEY_encrypt(ctx, outEncTmp, &outEncLen, inTmp, rsaKeySz),
  32555. WOLFSSL_SUCCESS);
  32556. AssertIntEQ(EVP_PKEY_decrypt_init(ctx), WOLFSSL_SUCCESS);
  32557. AssertIntEQ(EVP_PKEY_decrypt(ctx, outDecTmp, &outDecLen, outEncTmp, outEncLen),
  32558. WOLFSSL_SUCCESS);
  32559. AssertIntEQ(XMEMCMP(inTmp, outDecTmp, outDecLen), 0);
  32560. #endif
  32561. EVP_PKEY_CTX_free(ctx);
  32562. XFREE(outEnc, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  32563. XFREE(outDec, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  32564. #ifdef WC_RSA_NO_PADDING
  32565. XFREE(inTmp, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  32566. XFREE(outEncTmp, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  32567. XFREE(outDecTmp, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  32568. #endif
  32569. printf(resultFmt, passed);
  32570. #endif
  32571. }
  32572. static void test_wolfSSL_EVP_PKEY_sign(void)
  32573. {
  32574. #if defined(OPENSSL_EXTRA) && !defined(NO_RSA) && defined(WOLFSSL_KEY_GEN) && \
  32575. !defined(HAVE_FAST_RSA) && !defined(HAVE_SELFTEST)
  32576. #if !defined(HAVE_FIPS) || (defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION>2))
  32577. WOLFSSL_RSA* rsa = NULL;
  32578. WOLFSSL_EVP_PKEY* pkey = NULL;
  32579. WOLFSSL_EVP_PKEY_CTX* ctx = NULL;
  32580. const char* in = "What is easy to do is easy not to do.";
  32581. size_t inlen = XSTRLEN(in);
  32582. byte hash[SHA256_DIGEST_LENGTH] = {0};
  32583. SHA256_CTX c;
  32584. byte* sig = NULL;
  32585. byte* sigVerify = NULL;
  32586. size_t siglen = 0;
  32587. size_t rsaKeySz = 2048/8; /* Bytes */
  32588. printf(testingFmt, "wolfSSL_EVP_PKEY_sign()");
  32589. sig = (byte*)XMALLOC(rsaKeySz, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  32590. AssertNotNull(sig);
  32591. XMEMSET(sig, 0, rsaKeySz);
  32592. AssertNotNull(sigVerify = (byte*)XMALLOC(rsaKeySz, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER));
  32593. XMEMSET(sigVerify, 0, rsaKeySz);
  32594. /* Generate hash */
  32595. SHA256_Init(&c);
  32596. SHA256_Update(&c, in, inlen);
  32597. SHA256_Final(hash, &c);
  32598. #ifdef WOLFSSL_SMALL_STACK_CACHE
  32599. /* workaround for small stack cache case */
  32600. wc_Sha256Free((wc_Sha256*)&c);
  32601. #endif
  32602. AssertNotNull(rsa = RSA_generate_key(2048, 3, NULL, NULL));
  32603. AssertNotNull(pkey = wolfSSL_EVP_PKEY_new());
  32604. AssertIntEQ(EVP_PKEY_assign_RSA(pkey, rsa), WOLFSSL_SUCCESS);
  32605. AssertNotNull(ctx = EVP_PKEY_CTX_new(pkey, NULL));
  32606. AssertIntEQ(EVP_PKEY_sign_init(ctx), WOLFSSL_SUCCESS);
  32607. AssertIntEQ(EVP_PKEY_CTX_set_rsa_padding(ctx, RSA_PKCS1_PADDING),
  32608. WOLFSSL_SUCCESS);
  32609. /* Sign data */
  32610. AssertIntEQ(EVP_PKEY_sign(ctx, sig, &siglen, hash, SHA256_DIGEST_LENGTH),
  32611. WOLFSSL_SUCCESS);
  32612. /* Verify signature.
  32613. EVP_PKEY_verify() doesn't exist yet, so use RSA_public_decrypt(). */
  32614. AssertIntEQ(RSA_public_decrypt((int)siglen, sig, sigVerify,
  32615. rsa, RSA_PKCS1_PADDING), SHA256_DIGEST_LENGTH);
  32616. AssertIntEQ(XMEMCMP(hash, sigVerify, SHA256_DIGEST_LENGTH), 0);
  32617. /* error cases */
  32618. AssertIntNE(EVP_PKEY_sign_init(NULL), WOLFSSL_SUCCESS);
  32619. ctx->pkey->type = EVP_PKEY_RSA;
  32620. AssertIntEQ(EVP_PKEY_sign_init(ctx), WOLFSSL_SUCCESS);
  32621. AssertIntNE(EVP_PKEY_sign(NULL, sig, &siglen, (byte*)in, inlen),
  32622. WOLFSSL_SUCCESS);
  32623. AssertIntEQ(EVP_PKEY_sign(ctx, sig, &siglen, (byte*)in, inlen),
  32624. WOLFSSL_SUCCESS);
  32625. EVP_PKEY_free(pkey);
  32626. EVP_PKEY_CTX_free(ctx);
  32627. XFREE(sig, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  32628. XFREE(sigVerify, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  32629. #endif /* !HAVE_FIPS || HAVE_FIPS_VERSION > 2 */
  32630. printf(resultFmt, passed);
  32631. #endif
  32632. }
  32633. static void test_EVP_PKEY_rsa(void)
  32634. {
  32635. #if defined(OPENSSL_EXTRA) && !defined(NO_RSA)
  32636. WOLFSSL_RSA* rsa;
  32637. WOLFSSL_EVP_PKEY* pkey;
  32638. AssertNotNull(rsa = wolfSSL_RSA_new());
  32639. AssertNotNull(pkey = wolfSSL_EVP_PKEY_new());
  32640. AssertIntEQ(EVP_PKEY_assign_RSA(NULL, rsa), WOLFSSL_FAILURE);
  32641. AssertIntEQ(EVP_PKEY_assign_RSA(pkey, NULL), WOLFSSL_FAILURE);
  32642. AssertIntEQ(EVP_PKEY_assign_RSA(pkey, rsa), WOLFSSL_SUCCESS);
  32643. AssertPtrEq(EVP_PKEY_get0_RSA(pkey), rsa);
  32644. wolfSSL_EVP_PKEY_free(pkey);
  32645. printf(resultFmt, passed);
  32646. #endif
  32647. }
  32648. static void test_EVP_PKEY_ec(void)
  32649. {
  32650. #if defined(OPENSSL_EXTRA) && defined(HAVE_ECC)
  32651. #if !defined(HAVE_FIPS) || (defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION>2))
  32652. WOLFSSL_EC_KEY* ecKey;
  32653. WOLFSSL_EVP_PKEY* pkey;
  32654. AssertNotNull(ecKey = wolfSSL_EC_KEY_new());
  32655. AssertNotNull(pkey = wolfSSL_EVP_PKEY_new());
  32656. AssertIntEQ(EVP_PKEY_assign_EC_KEY(NULL, ecKey), WOLFSSL_FAILURE);
  32657. AssertIntEQ(EVP_PKEY_assign_EC_KEY(pkey, NULL), WOLFSSL_FAILURE);
  32658. /* Should fail since ecKey is empty */
  32659. AssertIntEQ(EVP_PKEY_assign_EC_KEY(pkey, ecKey), WOLFSSL_FAILURE);
  32660. AssertIntEQ(wolfSSL_EC_KEY_generate_key(ecKey), 1);
  32661. AssertIntEQ(EVP_PKEY_assign_EC_KEY(pkey, ecKey), WOLFSSL_SUCCESS);
  32662. wolfSSL_EVP_PKEY_free(pkey);
  32663. printf(resultFmt, passed);
  32664. #endif
  32665. #endif
  32666. }
  32667. static void test_EVP_PKEY_cmp(void)
  32668. {
  32669. #if defined(OPENSSL_EXTRA)
  32670. EVP_PKEY *a, *b;
  32671. const unsigned char *in;
  32672. printf(testingFmt, "wolfSSL_EVP_PKEY_cmp()");
  32673. #if !defined(NO_RSA) && defined(USE_CERT_BUFFERS_2048)
  32674. in = client_key_der_2048;
  32675. AssertNotNull(a = wolfSSL_d2i_PrivateKey(EVP_PKEY_RSA, NULL,
  32676. &in, (long)sizeof_client_key_der_2048));
  32677. in = client_key_der_2048;
  32678. AssertNotNull(b = wolfSSL_d2i_PrivateKey(EVP_PKEY_RSA, NULL,
  32679. &in, (long)sizeof_client_key_der_2048));
  32680. /* Test success case RSA */
  32681. #if defined(WOLFSSL_ERROR_CODE_OPENSSL)
  32682. AssertIntEQ(EVP_PKEY_cmp(a, b), 1);
  32683. #else
  32684. AssertIntEQ(EVP_PKEY_cmp(a, b), 0);
  32685. #endif /* WOLFSSL_ERROR_CODE_OPENSSL */
  32686. EVP_PKEY_free(b);
  32687. EVP_PKEY_free(a);
  32688. #endif
  32689. #if defined(HAVE_ECC) && defined(USE_CERT_BUFFERS_256)
  32690. in = ecc_clikey_der_256;
  32691. AssertNotNull(a = wolfSSL_d2i_PrivateKey(EVP_PKEY_EC, NULL,
  32692. &in, (long)sizeof_ecc_clikey_der_256));
  32693. in = ecc_clikey_der_256;
  32694. AssertNotNull(b = wolfSSL_d2i_PrivateKey(EVP_PKEY_EC, NULL,
  32695. &in, (long)sizeof_ecc_clikey_der_256));
  32696. /* Test success case ECC */
  32697. #if defined(WOLFSSL_ERROR_CODE_OPENSSL)
  32698. AssertIntEQ(EVP_PKEY_cmp(a, b), 1);
  32699. #else
  32700. AssertIntEQ(EVP_PKEY_cmp(a, b), 0);
  32701. #endif /* WOLFSSL_ERROR_CODE_OPENSSL */
  32702. EVP_PKEY_free(b);
  32703. EVP_PKEY_free(a);
  32704. #endif
  32705. /* Test failure cases */
  32706. #if !defined(NO_RSA) && defined(USE_CERT_BUFFERS_2048) && \
  32707. defined(HAVE_ECC) && defined(USE_CERT_BUFFERS_256)
  32708. in = client_key_der_2048;
  32709. AssertNotNull(a = wolfSSL_d2i_PrivateKey(EVP_PKEY_RSA, NULL,
  32710. &in, (long)sizeof_client_key_der_2048));
  32711. in = ecc_clikey_der_256;
  32712. AssertNotNull(b = wolfSSL_d2i_PrivateKey(EVP_PKEY_EC, NULL,
  32713. &in, (long)sizeof_ecc_clikey_der_256));
  32714. #if defined(WOLFSSL_ERROR_CODE_OPENSSL)
  32715. AssertIntEQ(EVP_PKEY_cmp(a, b), -1);
  32716. #else
  32717. AssertIntNE(EVP_PKEY_cmp(a, b), 0);
  32718. #endif /* WOLFSSL_ERROR_CODE_OPENSSL */
  32719. EVP_PKEY_free(b);
  32720. EVP_PKEY_free(a);
  32721. #endif
  32722. /* invalid or empty failure cases */
  32723. a = EVP_PKEY_new();
  32724. b = EVP_PKEY_new();
  32725. #if defined(WOLFSSL_ERROR_CODE_OPENSSL)
  32726. AssertIntEQ(EVP_PKEY_cmp(NULL, NULL), 0);
  32727. AssertIntEQ(EVP_PKEY_cmp(a, NULL), 0);
  32728. AssertIntEQ(EVP_PKEY_cmp(NULL, b), 0);
  32729. AssertIntEQ(EVP_PKEY_cmp(a, b), 0);
  32730. #else
  32731. AssertIntNE(EVP_PKEY_cmp(NULL, NULL), 0);
  32732. AssertIntNE(EVP_PKEY_cmp(a, NULL), 0);
  32733. AssertIntNE(EVP_PKEY_cmp(NULL, b), 0);
  32734. AssertIntNE(EVP_PKEY_cmp(a, b), 0);
  32735. #endif
  32736. EVP_PKEY_free(b);
  32737. EVP_PKEY_free(a);
  32738. (void)in;
  32739. printf(resultFmt, passed);
  32740. #endif
  32741. }
  32742. static void test_ERR_load_crypto_strings(void)
  32743. {
  32744. #if defined(OPENSSL_ALL)
  32745. ERR_load_crypto_strings();
  32746. printf(resultFmt, passed);
  32747. #endif
  32748. }
  32749. #if defined(OPENSSL_ALL) && !defined(NO_CERTS)
  32750. static void free_x509(X509* x)
  32751. {
  32752. AssertIntEQ((x == (X509*)1 || x == (X509*)2), 1);
  32753. }
  32754. #endif
  32755. static void test_sk_X509(void)
  32756. {
  32757. #if defined(OPENSSL_ALL) && !defined(NO_CERTS)
  32758. STACK_OF(X509)* s;
  32759. AssertNotNull(s = sk_X509_new());
  32760. AssertIntEQ(sk_X509_num(s), 0);
  32761. sk_X509_free(s);
  32762. AssertNotNull(s = sk_X509_new_null());
  32763. AssertIntEQ(sk_X509_num(s), 0);
  32764. sk_X509_free(s);
  32765. AssertNotNull(s = sk_X509_new());
  32766. sk_X509_push(s, (X509*)1);
  32767. AssertIntEQ(sk_X509_num(s), 1);
  32768. AssertIntEQ((sk_X509_value(s, 0) == (X509*)1), 1);
  32769. sk_X509_push(s, (X509*)2);
  32770. AssertIntEQ(sk_X509_num(s), 2);
  32771. AssertIntEQ((sk_X509_value(s, 0) == (X509*)2), 1);
  32772. AssertIntEQ((sk_X509_value(s, 1) == (X509*)1), 1);
  32773. sk_X509_push(s, (X509*)2);
  32774. sk_X509_pop_free(s, free_x509);
  32775. printf(resultFmt, passed);
  32776. #endif
  32777. }
  32778. static void test_X509_get_signature_nid(void)
  32779. {
  32780. #if defined(OPENSSL_EXTRA) && !defined(NO_FILESYSTEM) && !defined(NO_RSA)
  32781. X509* x509;
  32782. AssertIntEQ(X509_get_signature_nid(NULL), 0);
  32783. AssertNotNull(x509 = wolfSSL_X509_load_certificate_file(svrCertFile,
  32784. SSL_FILETYPE_PEM));
  32785. AssertIntEQ(X509_get_signature_nid(x509), CTC_SHA256wRSA);
  32786. X509_free(x509);
  32787. printf(resultFmt, passed);
  32788. #endif
  32789. }
  32790. static void test_X509_REQ(void)
  32791. {
  32792. #if defined(OPENSSL_ALL) && !defined(NO_CERTS) && defined(WOLFSSL_CERT_GEN) && \
  32793. defined(WOLFSSL_CERT_REQ)
  32794. X509_NAME* name;
  32795. #if !defined(NO_RSA) || defined(HAVE_ECC)
  32796. X509_REQ* req;
  32797. EVP_PKEY* priv;
  32798. EVP_PKEY* pub;
  32799. unsigned char* der = NULL;
  32800. #endif
  32801. #ifndef NO_RSA
  32802. EVP_MD_CTX *mctx = NULL;
  32803. EVP_PKEY_CTX *pkctx = NULL;
  32804. #ifdef USE_CERT_BUFFERS_1024
  32805. const unsigned char* rsaPriv = (const unsigned char*)client_key_der_1024;
  32806. const unsigned char* rsaPub = (unsigned char*)client_keypub_der_1024;
  32807. #elif defined(USE_CERT_BUFFERS_2048)
  32808. const unsigned char* rsaPriv = (const unsigned char*)client_key_der_2048;
  32809. const unsigned char* rsaPub = (unsigned char*)client_keypub_der_2048;
  32810. #endif
  32811. #endif
  32812. #ifdef HAVE_ECC
  32813. const unsigned char* ecPriv = (const unsigned char*)ecc_clikey_der_256;
  32814. const unsigned char* ecPub = (unsigned char*)ecc_clikeypub_der_256;
  32815. int len;
  32816. #endif
  32817. AssertNotNull(name = X509_NAME_new());
  32818. AssertIntEQ(X509_NAME_add_entry_by_txt(name, "commonName", MBSTRING_UTF8,
  32819. (byte*)"wolfssl.com", 11, 0, 1),
  32820. WOLFSSL_SUCCESS);
  32821. AssertIntEQ(X509_NAME_add_entry_by_txt(name, "emailAddress", MBSTRING_UTF8,
  32822. (byte*)"support@wolfssl.com", 19, -1,
  32823. 1), WOLFSSL_SUCCESS);
  32824. #ifndef NO_RSA
  32825. AssertNotNull(priv = d2i_PrivateKey(EVP_PKEY_RSA, NULL, &rsaPriv,
  32826. (long)sizeof_client_key_der_2048));
  32827. AssertNotNull(pub = d2i_PUBKEY(NULL, &rsaPub,
  32828. (long)sizeof_client_keypub_der_2048));
  32829. AssertNotNull(req = X509_REQ_new());
  32830. AssertIntEQ(X509_REQ_set_subject_name(NULL, name), WOLFSSL_FAILURE);
  32831. AssertIntEQ(X509_REQ_set_subject_name(req, NULL), WOLFSSL_FAILURE);
  32832. AssertIntEQ(X509_REQ_set_subject_name(req, name), WOLFSSL_SUCCESS);
  32833. AssertIntEQ(X509_REQ_set_pubkey(NULL, pub), WOLFSSL_FAILURE);
  32834. AssertIntEQ(X509_REQ_set_pubkey(req, NULL), WOLFSSL_FAILURE);
  32835. AssertIntEQ(X509_REQ_set_pubkey(req, pub), WOLFSSL_SUCCESS);
  32836. AssertIntEQ(X509_REQ_sign(NULL, priv, EVP_sha256()), WOLFSSL_FAILURE);
  32837. AssertIntEQ(X509_REQ_sign(req, NULL, EVP_sha256()), WOLFSSL_FAILURE);
  32838. AssertIntEQ(X509_REQ_sign(req, priv, NULL), WOLFSSL_FAILURE);
  32839. AssertIntEQ(X509_REQ_sign(req, priv, EVP_sha256()), WOLFSSL_SUCCESS);
  32840. AssertIntEQ(i2d_X509_REQ(req, &der), 643);
  32841. XFREE(der, NULL, DYNAMIC_TYPE_OPENSSL);
  32842. der = NULL;
  32843. mctx = EVP_MD_CTX_new();
  32844. AssertIntEQ(EVP_DigestSignInit(mctx, &pkctx, EVP_sha256(), NULL, priv), WOLFSSL_SUCCESS);
  32845. AssertIntEQ(X509_REQ_sign_ctx(req, mctx), WOLFSSL_SUCCESS);
  32846. EVP_MD_CTX_free(mctx);
  32847. X509_REQ_free(NULL);
  32848. X509_REQ_free(req);
  32849. EVP_PKEY_free(pub);
  32850. EVP_PKEY_free(priv);
  32851. #endif
  32852. #ifdef HAVE_ECC
  32853. AssertNotNull(priv = wolfSSL_d2i_PrivateKey(EVP_PKEY_EC, NULL, &ecPriv,
  32854. sizeof_ecc_clikey_der_256));
  32855. AssertNotNull(pub = wolfSSL_d2i_PUBKEY(NULL, &ecPub,
  32856. sizeof_ecc_clikeypub_der_256));
  32857. AssertNotNull(req = X509_REQ_new());
  32858. AssertIntEQ(X509_REQ_set_subject_name(req, name), WOLFSSL_SUCCESS);
  32859. AssertIntEQ(X509_REQ_set_pubkey(req, pub), WOLFSSL_SUCCESS);
  32860. AssertIntEQ(X509_REQ_sign(req, priv, EVP_sha256()), WOLFSSL_SUCCESS);
  32861. /* Signature is random and may be shorter or longer. */
  32862. AssertIntGE((len = i2d_X509_REQ(req, &der)), 245);
  32863. AssertIntLE(len, 253);
  32864. XFREE(der, NULL, DYNAMIC_TYPE_OPENSSL);
  32865. X509_REQ_free(req);
  32866. EVP_PKEY_free(pub);
  32867. EVP_PKEY_free(priv);
  32868. #ifdef FP_ECC
  32869. wc_ecc_fp_free();
  32870. #endif
  32871. #endif /* HAVE_ECC */
  32872. X509_NAME_free(name);
  32873. printf(resultFmt, passed);
  32874. #endif
  32875. }
  32876. static void test_wolfssl_PKCS7(void)
  32877. {
  32878. #if defined(OPENSSL_ALL) && defined(HAVE_PKCS7)
  32879. PKCS7* pkcs7;
  32880. byte data[FOURK_BUF];
  32881. word32 len = sizeof(data);
  32882. const byte* p = data;
  32883. byte content[] = "Test data to encode.";
  32884. #if !defined(NO_RSA) & defined(USE_CERT_BUFFERS_2048)
  32885. BIO* bio;
  32886. byte key[sizeof_client_key_der_2048];
  32887. word32 keySz = (word32)sizeof(key);
  32888. #endif
  32889. AssertIntGT((len = CreatePKCS7SignedData(data, len, content,
  32890. (word32)sizeof(content),
  32891. 0, 0)), 0);
  32892. AssertNull(pkcs7 = d2i_PKCS7(NULL, NULL, len));
  32893. AssertNull(pkcs7 = d2i_PKCS7(NULL, &p, 0));
  32894. AssertNotNull(pkcs7 = d2i_PKCS7(NULL, &p, len));
  32895. AssertIntEQ(wolfSSL_PKCS7_verify(NULL, NULL, NULL, NULL, NULL,
  32896. PKCS7_NOVERIFY), WOLFSSL_FAILURE);
  32897. PKCS7_free(pkcs7);
  32898. /* fail case, without PKCS7_NOVERIFY */
  32899. p = data;
  32900. AssertNotNull(pkcs7 = d2i_PKCS7(NULL, &p, len));
  32901. AssertIntEQ(wolfSSL_PKCS7_verify(pkcs7, NULL, NULL, NULL, NULL,
  32902. 0), WOLFSSL_FAILURE);
  32903. PKCS7_free(pkcs7);
  32904. /* success case, with PKCS7_NOVERIFY */
  32905. p = data;
  32906. AssertNotNull(pkcs7 = d2i_PKCS7(NULL, &p, len));
  32907. AssertIntEQ(wolfSSL_PKCS7_verify(pkcs7, NULL, NULL, NULL, NULL,
  32908. PKCS7_NOVERIFY), WOLFSSL_SUCCESS);
  32909. #if !defined(NO_RSA) & defined(USE_CERT_BUFFERS_2048)
  32910. /* test i2d */
  32911. XMEMCPY(key, client_key_der_2048, keySz);
  32912. pkcs7->privateKey = key;
  32913. pkcs7->privateKeySz = (word32)sizeof(key);
  32914. pkcs7->encryptOID = RSAk;
  32915. pkcs7->hashOID = SHAh;
  32916. AssertNotNull(bio = BIO_new(BIO_s_mem()));
  32917. AssertIntEQ(i2d_PKCS7_bio(bio, pkcs7), 1);
  32918. BIO_free(bio);
  32919. #endif
  32920. PKCS7_free(NULL);
  32921. PKCS7_free(pkcs7);
  32922. printf(resultFmt, passed);
  32923. #endif
  32924. }
  32925. static void test_wolfSSL_PKCS7_SIGNED_new(void)
  32926. {
  32927. #if defined(OPENSSL_ALL) && defined(HAVE_PKCS7)
  32928. PKCS7_SIGNED* pkcs7;
  32929. printf(testingFmt, "wolfSSL_PKCS7_SIGNED_new()");
  32930. pkcs7 = PKCS7_SIGNED_new();
  32931. AssertNotNull(pkcs7);
  32932. AssertIntEQ(pkcs7->contentOID, SIGNED_DATA);
  32933. PKCS7_SIGNED_free(pkcs7);
  32934. printf(resultFmt, passed);
  32935. #endif
  32936. }
  32937. #ifndef NO_BIO
  32938. static void test_wolfSSL_PEM_write_bio_PKCS7(void)
  32939. {
  32940. #if defined(OPENSSL_ALL) && defined(HAVE_PKCS7) && !defined(NO_FILESYSTEM)
  32941. PKCS7* pkcs7 = NULL;
  32942. BIO* bio = NULL;
  32943. const byte* cert_buf = NULL;
  32944. int ret = 0;
  32945. WC_RNG rng;
  32946. const byte data[] = { /* Hello World */
  32947. 0x48,0x65,0x6c,0x6c,0x6f,0x20,0x57,0x6f,
  32948. 0x72,0x6c,0x64
  32949. };
  32950. #ifndef NO_RSA
  32951. #if defined(USE_CERT_BUFFERS_2048)
  32952. byte key[sizeof_client_key_der_2048];
  32953. byte cert[sizeof_client_cert_der_2048];
  32954. word32 keySz = (word32)sizeof(key);
  32955. word32 certSz = (word32)sizeof(cert);
  32956. XMEMSET(key, 0, keySz);
  32957. XMEMSET(cert, 0, certSz);
  32958. XMEMCPY(key, client_key_der_2048, keySz);
  32959. XMEMCPY(cert, client_cert_der_2048, certSz);
  32960. #elif defined(USE_CERT_BUFFERS_1024)
  32961. byte key[sizeof_client_key_der_1024];
  32962. byte cert[sizeof_client_cert_der_1024];
  32963. word32 keySz = (word32)sizeof(key);
  32964. word32 certSz = (word32)sizeof(cert);
  32965. XMEMSET(key, 0, keySz);
  32966. XMEMSET(cert, 0, certSz);
  32967. XMEMCPY(key, client_key_der_1024, keySz);
  32968. XMEMCPY(cert, client_cert_der_1024, certSz);
  32969. #else
  32970. unsigned char cert[ONEK_BUF];
  32971. unsigned char key[ONEK_BUF];
  32972. XFILE fp;
  32973. int certSz;
  32974. int keySz;
  32975. fp = XFOPEN("./certs/1024/client-cert.der", "rb");
  32976. AssertTrue((fp != XBADFILE));
  32977. certSz = (int)XFREAD(cert, 1, sizeof_client_cert_der_1024, fp);
  32978. XFCLOSE(fp);
  32979. fp = XFOPEN("./certs/1024/client-key.der", "rb");
  32980. AssertTrue(fp != XBADFILE);
  32981. keySz = (int)XFREAD(key, 1, sizeof_client_key_der_1024, fp);
  32982. XFCLOSE(fp);
  32983. #endif
  32984. #elif defined(HAVE_ECC)
  32985. #if defined(USE_CERT_BUFFERS_256)
  32986. unsigned char cert[sizeof_cliecc_cert_der_256];
  32987. unsigned char key[sizeof_ecc_clikey_der_256];
  32988. int certSz = (int)sizeof(cert);
  32989. int keySz = (int)sizeof(key);
  32990. XMEMSET(cert, 0, certSz);
  32991. XMEMSET(key, 0, keySz);
  32992. XMEMCPY(cert, cliecc_cert_der_256, sizeof_cliecc_cert_der_256);
  32993. XMEMCPY(key, ecc_clikey_der_256, sizeof_ecc_clikey_der_256);
  32994. #else
  32995. unsigned char cert[ONEK_BUF];
  32996. unsigned char key[ONEK_BUF];
  32997. XFILE fp;
  32998. int certSz, keySz;
  32999. fp = XFOPEN("./certs/client-ecc-cert.der", "rb");
  33000. AssertTrue(fp != XBADFILE);
  33001. certSz = (int)XFREAD(cert, 1, sizeof_cliecc_cert_der_256, fp);
  33002. XFCLOSE(fp);
  33003. fp = XFOPEN("./certs/client-ecc-key.der", "rb");
  33004. AssertTrue(fp != XBADFILE);
  33005. keySz = (int)XFREAD(key, 1, sizeof_ecc_clikey_der_256, fp);
  33006. XFCLOSE(fp);
  33007. #endif
  33008. #else
  33009. #error PKCS7 requires ECC or RSA
  33010. #endif
  33011. printf(testingFmt, "wolfSSL_PEM_write_bio_PKCS7()");
  33012. AssertNotNull(pkcs7 = wc_PKCS7_New(HEAP_HINT, devId));
  33013. /* initialize with DER encoded cert */
  33014. AssertIntEQ(wc_PKCS7_InitWithCert(pkcs7, (byte*)cert, (word32)certSz), 0);
  33015. /* init rng */
  33016. AssertIntEQ(wc_InitRng(&rng), 0);
  33017. pkcs7->rng = &rng;
  33018. pkcs7->content = (byte*)data; /* not used for ex */
  33019. pkcs7->contentSz = (word32)sizeof(data);
  33020. pkcs7->contentOID = SIGNED_DATA;
  33021. pkcs7->privateKey = key;
  33022. pkcs7->privateKeySz = (word32)sizeof(key);
  33023. pkcs7->encryptOID = RSAk;
  33024. pkcs7->hashOID = SHAh;
  33025. pkcs7->signedAttribs = NULL;
  33026. pkcs7->signedAttribsSz = 0;
  33027. #ifndef NO_BIO
  33028. AssertNotNull(bio = BIO_new(BIO_s_mem()));
  33029. /* Write PKCS#7 PEM to BIO, the function converts the DER to PEM cert*/
  33030. AssertIntEQ(PEM_write_bio_PKCS7(bio, pkcs7), WOLFSSL_SUCCESS);
  33031. /* Read PKCS#7 PEM from BIO */
  33032. ret = wolfSSL_BIO_get_mem_data(bio, &cert_buf);
  33033. AssertIntGE(ret, 0);
  33034. BIO_free(bio);
  33035. #endif
  33036. wc_PKCS7_Free(pkcs7);
  33037. wc_FreeRng(&rng);
  33038. printf(resultFmt, passed);
  33039. #endif
  33040. }
  33041. #ifdef HAVE_SMIME
  33042. static void test_wolfSSL_SMIME_read_PKCS7(void)
  33043. {
  33044. #if defined(OPENSSL_ALL) && defined(HAVE_PKCS7) && !defined(NO_FILESYSTEM)
  33045. PKCS7* pkcs7 = NULL;
  33046. BIO* bio = NULL;
  33047. BIO* bcont = NULL;
  33048. XFILE smimeTestFile = XFOPEN("./certs/test/smime-test.p7s", "r");
  33049. printf(testingFmt, "wolfSSL_SMIME_read_PKCS7()");
  33050. bio = wolfSSL_BIO_new(wolfSSL_BIO_s_file());
  33051. AssertNotNull(bio);
  33052. AssertIntEQ(wolfSSL_BIO_set_fp(bio, smimeTestFile, BIO_CLOSE), SSL_SUCCESS);
  33053. pkcs7 = wolfSSL_SMIME_read_PKCS7(bio, &bcont);
  33054. AssertNotNull(pkcs7);
  33055. AssertIntEQ(wolfSSL_PKCS7_verify(pkcs7, NULL, NULL, bcont, NULL, PKCS7_NOVERIFY), SSL_SUCCESS);
  33056. XFCLOSE(smimeTestFile);
  33057. if (bcont) BIO_free(bcont);
  33058. wolfSSL_PKCS7_free(pkcs7);
  33059. smimeTestFile = XFOPEN("./certs/test/smime-test-multipart.p7s", "r");
  33060. AssertIntEQ(wolfSSL_BIO_set_fp(bio, smimeTestFile, BIO_CLOSE), SSL_SUCCESS);
  33061. pkcs7 = wolfSSL_SMIME_read_PKCS7(bio, &bcont);
  33062. AssertNotNull(pkcs7);
  33063. AssertIntEQ(wolfSSL_PKCS7_verify(pkcs7, NULL, NULL, bcont, NULL, PKCS7_NOVERIFY), SSL_SUCCESS);
  33064. XFCLOSE(smimeTestFile);
  33065. if (bcont) BIO_free(bcont);
  33066. wolfSSL_PKCS7_free(pkcs7);
  33067. smimeTestFile = XFOPEN("./certs/test/smime-test-multipart-badsig.p7s", "r");
  33068. AssertIntEQ(wolfSSL_BIO_set_fp(bio, smimeTestFile, BIO_CLOSE), SSL_SUCCESS);
  33069. pkcs7 = wolfSSL_SMIME_read_PKCS7(bio, &bcont);
  33070. AssertNull(pkcs7);
  33071. AssertIntEQ(wolfSSL_PKCS7_verify(pkcs7, NULL, NULL, bcont, NULL, PKCS7_NOVERIFY), SSL_FAILURE);
  33072. BIO_free(bio);
  33073. if (bcont) BIO_free(bcont);
  33074. wolfSSL_PKCS7_free(pkcs7);
  33075. printf(resultFmt, passed);
  33076. #endif
  33077. }
  33078. #endif /* HAVE_SMIME*/
  33079. #endif /* !NO_BIO */
  33080. /*----------------------------------------------------------------------------*
  33081. | Certificate Failure Checks
  33082. *----------------------------------------------------------------------------*/
  33083. #if !defined(NO_CERTS) && (!defined(NO_WOLFSSL_CLIENT) || \
  33084. !defined(WOLFSSL_NO_CLIENT_AUTH))
  33085. /* Use the Cert Manager(CM) API to generate the error ASN_SIG_CONFIRM_E */
  33086. static int verify_sig_cm(const char* ca, byte* cert_buf, size_t cert_sz,
  33087. int type)
  33088. {
  33089. int ret;
  33090. WOLFSSL_CERT_MANAGER* cm = NULL;
  33091. switch (type) {
  33092. case TESTING_RSA:
  33093. #ifdef NO_RSA
  33094. printf("RSA disabled, skipping test\n");
  33095. return ASN_SIG_CONFIRM_E;
  33096. #else
  33097. break;
  33098. #endif
  33099. case TESTING_ECC:
  33100. #ifndef HAVE_ECC
  33101. printf("ECC disabled, skipping test\n");
  33102. return ASN_SIG_CONFIRM_E;
  33103. #else
  33104. break;
  33105. #endif
  33106. default:
  33107. printf("Bad function argument\n");
  33108. return BAD_FUNC_ARG;
  33109. }
  33110. cm = wolfSSL_CertManagerNew();
  33111. if (cm == NULL) {
  33112. printf("wolfSSL_CertManagerNew failed\n");
  33113. return -1;
  33114. }
  33115. #ifndef NO_FILESYSTEM
  33116. ret = wolfSSL_CertManagerLoadCA(cm, ca, 0);
  33117. if (ret != WOLFSSL_SUCCESS) {
  33118. printf("wolfSSL_CertManagerLoadCA failed\n");
  33119. wolfSSL_CertManagerFree(cm);
  33120. return ret;
  33121. }
  33122. #else
  33123. (void)ca;
  33124. #endif
  33125. ret = wolfSSL_CertManagerVerifyBuffer(cm, cert_buf, cert_sz, WOLFSSL_FILETYPE_ASN1);
  33126. /* Let AssertIntEQ handle return code */
  33127. wolfSSL_CertManagerFree(cm);
  33128. return ret;
  33129. }
  33130. static int test_RsaSigFailure_cm(void)
  33131. {
  33132. int ret = 0;
  33133. const char* ca_cert = "./certs/ca-cert.pem";
  33134. const char* server_cert = "./certs/server-cert.der";
  33135. byte* cert_buf = NULL;
  33136. size_t cert_sz = 0;
  33137. ret = load_file(server_cert, &cert_buf, &cert_sz);
  33138. if (ret == 0) {
  33139. /* corrupt DER - invert last byte, which is signature */
  33140. cert_buf[cert_sz-1] = ~cert_buf[cert_sz-1];
  33141. /* test bad cert */
  33142. ret = verify_sig_cm(ca_cert, cert_buf, cert_sz, TESTING_RSA);
  33143. }
  33144. printf("Signature failure test: RSA: Ret %d\n", ret);
  33145. if (cert_buf)
  33146. free(cert_buf);
  33147. return ret;
  33148. }
  33149. static int test_EccSigFailure_cm(void)
  33150. {
  33151. int ret = 0;
  33152. /* self-signed ECC cert, so use server cert as CA */
  33153. const char* ca_cert = "./certs/ca-ecc-cert.pem";
  33154. const char* server_cert = "./certs/server-ecc.der";
  33155. byte* cert_buf = NULL;
  33156. size_t cert_sz = 0;
  33157. ret = load_file(server_cert, &cert_buf, &cert_sz);
  33158. if (ret == 0) {
  33159. /* corrupt DER - invert last byte, which is signature */
  33160. cert_buf[cert_sz-1] = ~cert_buf[cert_sz-1];
  33161. /* test bad cert */
  33162. ret = verify_sig_cm(ca_cert, cert_buf, cert_sz, TESTING_ECC);
  33163. }
  33164. printf("Signature failure test: ECC: Ret %d\n", ret);
  33165. if (cert_buf)
  33166. free(cert_buf);
  33167. #ifdef FP_ECC
  33168. wc_ecc_fp_free();
  33169. #endif
  33170. return ret;
  33171. }
  33172. #endif /* NO_CERTS */
  33173. #ifdef WOLFSSL_TLS13
  33174. #if defined(WOLFSSL_SEND_HRR_COOKIE) && !defined(NO_WOLFSSL_SERVER)
  33175. static byte fixedKey[WC_SHA384_DIGEST_SIZE] = { 0, };
  33176. #endif
  33177. #ifdef WOLFSSL_EARLY_DATA
  33178. static const char earlyData[] = "Early Data";
  33179. static char earlyDataBuffer[1];
  33180. #endif
  33181. static int test_tls13_apis(void)
  33182. {
  33183. int ret = 0;
  33184. #ifndef WOLFSSL_NO_TLS12
  33185. #ifndef NO_WOLFSSL_CLIENT
  33186. WOLFSSL_CTX* clientTls12Ctx;
  33187. WOLFSSL* clientTls12Ssl;
  33188. #endif
  33189. #ifndef NO_WOLFSSL_SERVER
  33190. WOLFSSL_CTX* serverTls12Ctx;
  33191. WOLFSSL* serverTls12Ssl;
  33192. #endif
  33193. #endif
  33194. #ifndef NO_WOLFSSL_CLIENT
  33195. WOLFSSL_CTX* clientCtx;
  33196. WOLFSSL* clientSsl;
  33197. #endif
  33198. #ifndef NO_WOLFSSL_SERVER
  33199. WOLFSSL_CTX* serverCtx;
  33200. WOLFSSL* serverSsl;
  33201. #ifndef NO_CERTS
  33202. const char* ourCert = svrCertFile;
  33203. const char* ourKey = svrKeyFile;
  33204. #endif
  33205. #endif
  33206. int required;
  33207. #ifdef WOLFSSL_EARLY_DATA
  33208. int outSz;
  33209. #endif
  33210. #if defined(HAVE_ECC) && defined(HAVE_SUPPORTED_CURVES)
  33211. int groups[2] = { WOLFSSL_ECC_X25519, WOLFSSL_ECC_X448 };
  33212. int numGroups = 2;
  33213. #endif
  33214. #if defined(OPENSSL_EXTRA) && defined(HAVE_ECC)
  33215. char groupList[] =
  33216. #ifndef NO_ECC_SECP
  33217. #if (defined(HAVE_ECC521) || defined(HAVE_ALL_CURVES)) && ECC_MIN_KEY_SZ <= 521
  33218. "P-521:"
  33219. #endif
  33220. #if (defined(HAVE_ECC384) || defined(HAVE_ALL_CURVES)) && ECC_MIN_KEY_SZ <= 384
  33221. "P-384:"
  33222. #endif
  33223. #if (!defined(NO_ECC256) || defined(HAVE_ALL_CURVES)) && ECC_MIN_KEY_SZ <= 256
  33224. "P-256"
  33225. #endif
  33226. "";
  33227. #endif /* !defined(NO_ECC_SECP) */
  33228. #endif /* defined(OPENSSL_EXTRA) && defined(HAVE_ECC) */
  33229. #ifndef WOLFSSL_NO_TLS12
  33230. #ifndef NO_WOLFSSL_CLIENT
  33231. clientTls12Ctx = wolfSSL_CTX_new(wolfTLSv1_2_client_method());
  33232. clientTls12Ssl = wolfSSL_new(clientTls12Ctx);
  33233. #endif
  33234. #ifndef NO_WOLFSSL_SERVER
  33235. serverTls12Ctx = wolfSSL_CTX_new(wolfTLSv1_2_server_method());
  33236. #ifndef NO_CERTS
  33237. wolfSSL_CTX_use_certificate_chain_file(serverTls12Ctx, ourCert);
  33238. wolfSSL_CTX_use_PrivateKey_file(serverTls12Ctx, ourKey, WOLFSSL_FILETYPE_PEM);
  33239. #endif
  33240. serverTls12Ssl = wolfSSL_new(serverTls12Ctx);
  33241. #endif
  33242. #endif
  33243. #ifndef NO_WOLFSSL_CLIENT
  33244. clientCtx = wolfSSL_CTX_new(wolfTLSv1_3_client_method());
  33245. clientSsl = wolfSSL_new(clientCtx);
  33246. #endif
  33247. #ifndef NO_WOLFSSL_SERVER
  33248. serverCtx = wolfSSL_CTX_new(wolfTLSv1_3_server_method());
  33249. #ifndef NO_CERTS
  33250. wolfSSL_CTX_use_certificate_chain_file(serverCtx, ourCert);
  33251. wolfSSL_CTX_use_PrivateKey_file(serverCtx, ourKey, WOLFSSL_FILETYPE_PEM);
  33252. #endif
  33253. serverSsl = wolfSSL_new(serverCtx);
  33254. #endif
  33255. #ifdef WOLFSSL_SEND_HRR_COOKIE
  33256. AssertIntEQ(wolfSSL_send_hrr_cookie(NULL, NULL, 0), BAD_FUNC_ARG);
  33257. #ifndef NO_WOLFSSL_CLIENT
  33258. AssertIntEQ(wolfSSL_send_hrr_cookie(clientSsl, NULL, 0), SIDE_ERROR);
  33259. #endif
  33260. #ifndef NO_WOLFSSL_SERVER
  33261. #ifndef WOLFSSL_NO_TLS12
  33262. AssertIntEQ(wolfSSL_send_hrr_cookie(serverTls12Ssl, NULL, 0), BAD_FUNC_ARG);
  33263. #endif
  33264. AssertIntEQ(wolfSSL_send_hrr_cookie(serverSsl, NULL, 0), WOLFSSL_SUCCESS);
  33265. AssertIntEQ(wolfSSL_send_hrr_cookie(serverSsl, fixedKey, sizeof(fixedKey)),
  33266. WOLFSSL_SUCCESS);
  33267. #endif
  33268. #endif
  33269. #ifdef HAVE_SUPPORTED_CURVES
  33270. #ifdef HAVE_ECC
  33271. AssertIntEQ(wolfSSL_UseKeyShare(NULL, WOLFSSL_ECC_SECP256R1), BAD_FUNC_ARG);
  33272. #ifndef NO_WOLFSSL_SERVER
  33273. AssertIntEQ(wolfSSL_UseKeyShare(serverSsl, WOLFSSL_ECC_SECP256R1),
  33274. WOLFSSL_SUCCESS);
  33275. #endif
  33276. #ifndef NO_WOLFSSL_CLIENT
  33277. #ifndef WOLFSSL_NO_TLS12
  33278. AssertIntEQ(wolfSSL_UseKeyShare(clientTls12Ssl, WOLFSSL_ECC_SECP256R1),
  33279. WOLFSSL_SUCCESS);
  33280. #endif
  33281. AssertIntEQ(wolfSSL_UseKeyShare(clientSsl, WOLFSSL_ECC_SECP256R1),
  33282. WOLFSSL_SUCCESS);
  33283. #endif
  33284. #elif defined(HAVE_CURVE25519)
  33285. AssertIntEQ(wolfSSL_UseKeyShare(NULL, WOLFSSL_ECC_X25519), BAD_FUNC_ARG);
  33286. #ifndef NO_WOLFSSL_SERVER
  33287. AssertIntEQ(wolfSSL_UseKeyShare(serverSsl, WOLFSSL_ECC_X25519),
  33288. WOLFSSL_SUCCESS);
  33289. #endif
  33290. #ifndef NO_WOLFSSL_CLIENT
  33291. #ifndef WOLFSSL_NO_TLS12
  33292. AssertIntEQ(wolfSSL_UseKeyShare(clientTls12Ssl, WOLFSSL_ECC_X25519),
  33293. WOLFSSL_SUCCESS);
  33294. #endif
  33295. AssertIntEQ(wolfSSL_UseKeyShare(clientSsl, WOLFSSL_ECC_X25519),
  33296. WOLFSSL_SUCCESS);
  33297. #endif
  33298. #elif defined(HAVE_CURVE448)
  33299. AssertIntEQ(wolfSSL_UseKeyShare(NULL, WOLFSSL_ECC_X448), BAD_FUNC_ARG);
  33300. #ifndef NO_WOLFSSL_SERVER
  33301. AssertIntEQ(wolfSSL_UseKeyShare(serverSsl, WOLFSSL_ECC_X448),
  33302. WOLFSSL_SUCCESS);
  33303. #endif
  33304. #ifndef NO_WOLFSSL_CLIENT
  33305. #ifndef WOLFSSL_NO_TLS12
  33306. AssertIntEQ(wolfSSL_UseKeyShare(clientTls12Ssl, WOLFSSL_ECC_X448),
  33307. WOLFSSL_SUCCESS);
  33308. #endif
  33309. AssertIntEQ(wolfSSL_UseKeyShare(clientSsl, WOLFSSL_ECC_X448),
  33310. WOLFSSL_SUCCESS);
  33311. #endif
  33312. #else
  33313. AssertIntEQ(wolfSSL_UseKeyShare(NULL, WOLFSSL_ECC_SECP256R1), BAD_FUNC_ARG);
  33314. #ifndef NO_WOLFSSL_CLIENT
  33315. #ifndef WOLFSSL_NO_TLS12
  33316. AssertIntEQ(wolfSSL_UseKeyShare(clientTls12Ssl, WOLFSSL_ECC_SECP256R1),
  33317. NOT_COMPILED_IN);
  33318. #endif
  33319. AssertIntEQ(wolfSSL_UseKeyShare(clientSsl, WOLFSSL_ECC_SECP256R1),
  33320. NOT_COMPILED_IN);
  33321. #endif
  33322. #endif
  33323. AssertIntEQ(wolfSSL_NoKeyShares(NULL), BAD_FUNC_ARG);
  33324. #ifndef NO_WOLFSSL_SERVER
  33325. AssertIntEQ(wolfSSL_NoKeyShares(serverSsl), SIDE_ERROR);
  33326. #endif
  33327. #ifndef NO_WOLFSSL_CLIENT
  33328. #ifndef WOLFSSL_NO_TLS12
  33329. AssertIntEQ(wolfSSL_NoKeyShares(clientTls12Ssl), WOLFSSL_SUCCESS);
  33330. #endif
  33331. AssertIntEQ(wolfSSL_NoKeyShares(clientSsl), WOLFSSL_SUCCESS);
  33332. #endif
  33333. #endif /* HAVE_SUPPORTED_CURVES */
  33334. AssertIntEQ(wolfSSL_CTX_no_ticket_TLSv13(NULL), BAD_FUNC_ARG);
  33335. #ifndef NO_WOLFSSL_CLIENT
  33336. AssertIntEQ(wolfSSL_CTX_no_ticket_TLSv13(clientCtx), SIDE_ERROR);
  33337. #endif
  33338. #ifndef NO_WOLFSSL_SERVER
  33339. #ifndef WOLFSSL_NO_TLS12
  33340. AssertIntEQ(wolfSSL_CTX_no_ticket_TLSv13(serverTls12Ctx), BAD_FUNC_ARG);
  33341. #endif
  33342. AssertIntEQ(wolfSSL_CTX_no_ticket_TLSv13(serverCtx), 0);
  33343. #endif
  33344. AssertIntEQ(wolfSSL_no_ticket_TLSv13(NULL), BAD_FUNC_ARG);
  33345. #ifndef NO_WOLFSSL_CLIENT
  33346. AssertIntEQ(wolfSSL_no_ticket_TLSv13(clientSsl), SIDE_ERROR);
  33347. #endif
  33348. #ifndef NO_WOLFSSL_SERVER
  33349. #ifndef WOLFSSL_NO_TLS12
  33350. AssertIntEQ(wolfSSL_no_ticket_TLSv13(serverTls12Ssl), BAD_FUNC_ARG);
  33351. #endif
  33352. AssertIntEQ(wolfSSL_no_ticket_TLSv13(serverSsl), 0);
  33353. #endif
  33354. AssertIntEQ(wolfSSL_CTX_no_dhe_psk(NULL), BAD_FUNC_ARG);
  33355. #ifndef NO_WOLFSSL_CLIENT
  33356. #ifndef WOLFSSL_NO_TLS12
  33357. AssertIntEQ(wolfSSL_CTX_no_dhe_psk(clientTls12Ctx), BAD_FUNC_ARG);
  33358. #endif
  33359. AssertIntEQ(wolfSSL_CTX_no_dhe_psk(clientCtx), 0);
  33360. #endif
  33361. #ifndef NO_WOLFSSL_SERVER
  33362. AssertIntEQ(wolfSSL_CTX_no_dhe_psk(serverCtx), 0);
  33363. #endif
  33364. AssertIntEQ(wolfSSL_no_dhe_psk(NULL), BAD_FUNC_ARG);
  33365. #ifndef NO_WOLFSSL_CLIENT
  33366. #ifndef WOLFSSL_NO_TLS12
  33367. AssertIntEQ(wolfSSL_no_dhe_psk(clientTls12Ssl), BAD_FUNC_ARG);
  33368. #endif
  33369. AssertIntEQ(wolfSSL_no_dhe_psk(clientSsl), 0);
  33370. #endif
  33371. #ifndef NO_WOLFSSL_SERVER
  33372. AssertIntEQ(wolfSSL_no_dhe_psk(serverSsl), 0);
  33373. #endif
  33374. AssertIntEQ(wolfSSL_update_keys(NULL), BAD_FUNC_ARG);
  33375. #ifndef NO_WOLFSSL_CLIENT
  33376. #ifndef WOLFSSL_NO_TLS12
  33377. AssertIntEQ(wolfSSL_update_keys(clientTls12Ssl), BAD_FUNC_ARG);
  33378. #endif
  33379. AssertIntEQ(wolfSSL_update_keys(clientSsl), BUILD_MSG_ERROR);
  33380. #endif
  33381. #ifndef NO_WOLFSSL_SERVER
  33382. AssertIntEQ(wolfSSL_update_keys(serverSsl), BUILD_MSG_ERROR);
  33383. #endif
  33384. AssertIntEQ(wolfSSL_key_update_response(NULL, NULL), BAD_FUNC_ARG);
  33385. AssertIntEQ(wolfSSL_key_update_response(NULL, &required), BAD_FUNC_ARG);
  33386. #ifndef NO_WOLFSSL_CLIENT
  33387. #ifndef WOLFSSL_NO_TLS12
  33388. AssertIntEQ(wolfSSL_key_update_response(clientTls12Ssl, &required),
  33389. BAD_FUNC_ARG);
  33390. #endif
  33391. AssertIntEQ(wolfSSL_key_update_response(clientSsl, NULL), BAD_FUNC_ARG);
  33392. #endif
  33393. #ifndef NO_WOLFSSL_SERVER
  33394. AssertIntEQ(wolfSSL_key_update_response(serverSsl, NULL), BAD_FUNC_ARG);
  33395. #endif
  33396. #if !defined(NO_CERTS) && defined(WOLFSSL_POST_HANDSHAKE_AUTH)
  33397. AssertIntEQ(wolfSSL_CTX_allow_post_handshake_auth(NULL), BAD_FUNC_ARG);
  33398. #ifndef NO_WOLFSSL_SERVER
  33399. AssertIntEQ(wolfSSL_CTX_allow_post_handshake_auth(serverCtx), SIDE_ERROR);
  33400. #endif
  33401. #ifndef NO_WOLFSSL_CLIENT
  33402. #ifndef WOLFSSL_NO_TLS12
  33403. AssertIntEQ(wolfSSL_CTX_allow_post_handshake_auth(clientTls12Ctx),
  33404. BAD_FUNC_ARG);
  33405. #endif
  33406. AssertIntEQ(wolfSSL_CTX_allow_post_handshake_auth(clientCtx), 0);
  33407. #endif
  33408. AssertIntEQ(wolfSSL_allow_post_handshake_auth(NULL), BAD_FUNC_ARG);
  33409. #ifndef NO_WOLFSSL_SERVER
  33410. AssertIntEQ(wolfSSL_allow_post_handshake_auth(serverSsl), SIDE_ERROR);
  33411. #endif
  33412. #ifndef NO_WOLFSSL_CLIENT
  33413. #ifndef WOLFSSL_NO_TLS12
  33414. AssertIntEQ(wolfSSL_allow_post_handshake_auth(clientTls12Ssl),
  33415. BAD_FUNC_ARG);
  33416. #endif
  33417. AssertIntEQ(wolfSSL_allow_post_handshake_auth(clientSsl), 0);
  33418. #endif
  33419. AssertIntEQ(wolfSSL_request_certificate(NULL), BAD_FUNC_ARG);
  33420. #ifndef NO_WOLFSSL_CLIENT
  33421. AssertIntEQ(wolfSSL_request_certificate(clientSsl), SIDE_ERROR);
  33422. #endif
  33423. #ifndef NO_WOLFSSL_SERVER
  33424. #ifndef WOLFSSL_NO_TLS12
  33425. AssertIntEQ(wolfSSL_request_certificate(serverTls12Ssl),
  33426. BAD_FUNC_ARG);
  33427. #endif
  33428. AssertIntEQ(wolfSSL_request_certificate(serverSsl), NOT_READY_ERROR);
  33429. #endif
  33430. #endif
  33431. #ifdef HAVE_ECC
  33432. #ifndef WOLFSSL_NO_SERVER_GROUPS_EXT
  33433. AssertIntEQ(wolfSSL_preferred_group(NULL), BAD_FUNC_ARG);
  33434. #ifndef NO_WOLFSSL_SERVER
  33435. AssertIntEQ(wolfSSL_preferred_group(serverSsl), SIDE_ERROR);
  33436. #endif
  33437. #ifndef NO_WOLFSSL_CLIENT
  33438. #ifndef WOLFSSL_NO_TLS12
  33439. AssertIntEQ(wolfSSL_preferred_group(clientTls12Ssl), BAD_FUNC_ARG);
  33440. #endif
  33441. AssertIntEQ(wolfSSL_preferred_group(clientSsl), NOT_READY_ERROR);
  33442. #endif
  33443. #endif
  33444. #ifdef HAVE_SUPPORTED_CURVES
  33445. AssertIntEQ(wolfSSL_CTX_set_groups(NULL, NULL, 0), BAD_FUNC_ARG);
  33446. #ifndef NO_WOLFSSL_CLIENT
  33447. AssertIntEQ(wolfSSL_CTX_set_groups(clientCtx, NULL, 0), BAD_FUNC_ARG);
  33448. #endif
  33449. AssertIntEQ(wolfSSL_CTX_set_groups(NULL, groups, numGroups), BAD_FUNC_ARG);
  33450. #ifndef NO_WOLFSSL_CLIENT
  33451. #ifndef WOLFSSL_NO_TLS12
  33452. AssertIntEQ(wolfSSL_CTX_set_groups(clientTls12Ctx, groups, numGroups),
  33453. BAD_FUNC_ARG);
  33454. #endif
  33455. AssertIntEQ(wolfSSL_CTX_set_groups(clientCtx, groups,
  33456. WOLFSSL_MAX_GROUP_COUNT + 1),
  33457. BAD_FUNC_ARG);
  33458. AssertIntEQ(wolfSSL_CTX_set_groups(clientCtx, groups, numGroups),
  33459. WOLFSSL_SUCCESS);
  33460. #endif
  33461. #ifndef NO_WOLFSSL_SERVER
  33462. AssertIntEQ(wolfSSL_CTX_set_groups(serverCtx, groups, numGroups),
  33463. WOLFSSL_SUCCESS);
  33464. #endif
  33465. AssertIntEQ(wolfSSL_set_groups(NULL, NULL, 0), BAD_FUNC_ARG);
  33466. #ifndef NO_WOLFSSL_CLIENT
  33467. AssertIntEQ(wolfSSL_set_groups(clientSsl, NULL, 0), BAD_FUNC_ARG);
  33468. #endif
  33469. AssertIntEQ(wolfSSL_set_groups(NULL, groups, numGroups), BAD_FUNC_ARG);
  33470. #ifndef NO_WOLFSSL_CLIENT
  33471. #ifndef WOLFSSL_NO_TLS12
  33472. AssertIntEQ(wolfSSL_set_groups(clientTls12Ssl, groups, numGroups),
  33473. BAD_FUNC_ARG);
  33474. #endif
  33475. AssertIntEQ(wolfSSL_set_groups(clientSsl, groups,
  33476. WOLFSSL_MAX_GROUP_COUNT + 1), BAD_FUNC_ARG);
  33477. AssertIntEQ(wolfSSL_set_groups(clientSsl, groups, numGroups),
  33478. WOLFSSL_SUCCESS);
  33479. #endif
  33480. #ifndef NO_WOLFSSL_SERVER
  33481. AssertIntEQ(wolfSSL_set_groups(serverSsl, groups, numGroups),
  33482. WOLFSSL_SUCCESS);
  33483. #endif
  33484. #ifdef OPENSSL_EXTRA
  33485. AssertIntEQ(wolfSSL_CTX_set1_groups_list(NULL, NULL), WOLFSSL_FAILURE);
  33486. #ifndef NO_WOLFSSL_CLIENT
  33487. AssertIntEQ(wolfSSL_CTX_set1_groups_list(clientCtx, NULL), WOLFSSL_FAILURE);
  33488. #endif
  33489. AssertIntEQ(wolfSSL_CTX_set1_groups_list(NULL, groupList), WOLFSSL_FAILURE);
  33490. #ifndef NO_WOLFSSL_CLIENT
  33491. #ifndef WOLFSSL_NO_TLS12
  33492. AssertIntEQ(wolfSSL_CTX_set1_groups_list(clientTls12Ctx, groupList),
  33493. WOLFSSL_FAILURE);
  33494. #endif
  33495. AssertIntEQ(wolfSSL_CTX_set1_groups_list(clientCtx, groupList),
  33496. WOLFSSL_SUCCESS);
  33497. #endif
  33498. #ifndef NO_WOLFSSL_SERVER
  33499. AssertIntEQ(wolfSSL_CTX_set1_groups_list(serverCtx, groupList),
  33500. WOLFSSL_SUCCESS);
  33501. #endif
  33502. AssertIntEQ(wolfSSL_set1_groups_list(NULL, NULL), WOLFSSL_FAILURE);
  33503. #ifndef NO_WOLFSSL_CLIENT
  33504. AssertIntEQ(wolfSSL_set1_groups_list(clientSsl, NULL), WOLFSSL_FAILURE);
  33505. #endif
  33506. AssertIntEQ(wolfSSL_set1_groups_list(NULL, groupList), WOLFSSL_FAILURE);
  33507. #ifndef NO_WOLFSSL_CLIENT
  33508. #ifndef WOLFSSL_NO_TLS12
  33509. AssertIntEQ(wolfSSL_set1_groups_list(clientTls12Ssl, groupList),
  33510. WOLFSSL_FAILURE);
  33511. #endif
  33512. AssertIntEQ(wolfSSL_set1_groups_list(clientSsl, groupList),
  33513. WOLFSSL_SUCCESS);
  33514. #endif
  33515. #ifndef NO_WOLFSSL_SERVER
  33516. AssertIntEQ(wolfSSL_set1_groups_list(serverSsl, groupList),
  33517. WOLFSSL_SUCCESS);
  33518. #endif
  33519. #endif /* OPENSSL_EXTRA */
  33520. #endif /* HAVE_SUPPORTED_CURVES */
  33521. #endif /* HAVE_ECC */
  33522. #ifdef WOLFSSL_EARLY_DATA
  33523. AssertIntEQ(wolfSSL_CTX_set_max_early_data(NULL, 0), BAD_FUNC_ARG);
  33524. #ifndef NO_WOLFSSL_CLIENT
  33525. AssertIntEQ(wolfSSL_CTX_set_max_early_data(clientCtx, 0), SIDE_ERROR);
  33526. #endif
  33527. #ifndef NO_WOLFSSL_SERVER
  33528. #ifndef WOLFSSL_NO_TLS12
  33529. AssertIntEQ(wolfSSL_CTX_set_max_early_data(serverTls12Ctx, 0),
  33530. BAD_FUNC_ARG);
  33531. #endif
  33532. AssertIntEQ(wolfSSL_CTX_set_max_early_data(serverCtx, 0), 0);
  33533. #endif
  33534. AssertIntEQ(wolfSSL_set_max_early_data(NULL, 0), BAD_FUNC_ARG);
  33535. #ifndef NO_WOLFSSL_CLIENT
  33536. AssertIntEQ(wolfSSL_set_max_early_data(clientSsl, 0), SIDE_ERROR);
  33537. #endif
  33538. #ifndef NO_WOLFSSL_SERVER
  33539. #ifndef WOLFSSL_NO_TLS12
  33540. AssertIntEQ(wolfSSL_set_max_early_data(serverTls12Ssl, 0), BAD_FUNC_ARG);
  33541. #endif
  33542. AssertIntEQ(wolfSSL_set_max_early_data(serverSsl, 0), 0);
  33543. #endif
  33544. AssertIntEQ(wolfSSL_write_early_data(NULL, earlyData, sizeof(earlyData),
  33545. &outSz), BAD_FUNC_ARG);
  33546. #ifndef NO_WOLFSSL_CLIENT
  33547. AssertIntEQ(wolfSSL_write_early_data(clientSsl, NULL, sizeof(earlyData),
  33548. &outSz), BAD_FUNC_ARG);
  33549. AssertIntEQ(wolfSSL_write_early_data(clientSsl, earlyData, -1, &outSz),
  33550. BAD_FUNC_ARG);
  33551. AssertIntEQ(wolfSSL_write_early_data(clientSsl, earlyData,
  33552. sizeof(earlyData), NULL),
  33553. BAD_FUNC_ARG);
  33554. #endif
  33555. #ifndef NO_WOLFSSL_SERVER
  33556. AssertIntEQ(wolfSSL_write_early_data(serverSsl, earlyData,
  33557. sizeof(earlyData), &outSz),
  33558. SIDE_ERROR);
  33559. #endif
  33560. #ifndef NO_WOLFSSL_CLIENT
  33561. #ifndef WOLFSSL_NO_TLS12
  33562. AssertIntEQ(wolfSSL_write_early_data(clientTls12Ssl, earlyData,
  33563. sizeof(earlyData), &outSz),
  33564. BAD_FUNC_ARG);
  33565. #endif
  33566. AssertIntEQ(wolfSSL_write_early_data(clientSsl, earlyData,
  33567. sizeof(earlyData), &outSz),
  33568. WOLFSSL_FATAL_ERROR);
  33569. #endif
  33570. AssertIntEQ(wolfSSL_read_early_data(NULL, earlyDataBuffer,
  33571. sizeof(earlyDataBuffer), &outSz),
  33572. BAD_FUNC_ARG);
  33573. #ifndef NO_WOLFSSL_SERVER
  33574. AssertIntEQ(wolfSSL_read_early_data(serverSsl, NULL,
  33575. sizeof(earlyDataBuffer), &outSz),
  33576. BAD_FUNC_ARG);
  33577. AssertIntEQ(wolfSSL_read_early_data(serverSsl, earlyDataBuffer, -1, &outSz),
  33578. BAD_FUNC_ARG);
  33579. AssertIntEQ(wolfSSL_read_early_data(serverSsl, earlyDataBuffer,
  33580. sizeof(earlyDataBuffer), NULL),
  33581. BAD_FUNC_ARG);
  33582. #endif
  33583. #ifndef NO_WOLFSSL_CLIENT
  33584. AssertIntEQ(wolfSSL_read_early_data(clientSsl, earlyDataBuffer,
  33585. sizeof(earlyDataBuffer), &outSz),
  33586. SIDE_ERROR);
  33587. #endif
  33588. #ifndef NO_WOLFSSL_SERVER
  33589. #ifndef WOLFSSL_NO_TLS12
  33590. AssertIntEQ(wolfSSL_read_early_data(serverTls12Ssl, earlyDataBuffer,
  33591. sizeof(earlyDataBuffer), &outSz),
  33592. BAD_FUNC_ARG);
  33593. #endif
  33594. AssertIntEQ(wolfSSL_read_early_data(serverSsl, earlyDataBuffer,
  33595. sizeof(earlyDataBuffer), &outSz),
  33596. WOLFSSL_FATAL_ERROR);
  33597. #endif
  33598. #endif
  33599. #ifndef NO_WOLFSSL_SERVER
  33600. wolfSSL_free(serverSsl);
  33601. wolfSSL_CTX_free(serverCtx);
  33602. #endif
  33603. #ifndef NO_WOLFSSL_CLIENT
  33604. wolfSSL_free(clientSsl);
  33605. wolfSSL_CTX_free(clientCtx);
  33606. #endif
  33607. #ifndef WOLFSSL_NO_TLS12
  33608. #ifndef NO_WOLFSSL_SERVER
  33609. wolfSSL_free(serverTls12Ssl);
  33610. wolfSSL_CTX_free(serverTls12Ctx);
  33611. #endif
  33612. #ifndef NO_WOLFSSL_CLIENT
  33613. wolfSSL_free(clientTls12Ssl);
  33614. wolfSSL_CTX_free(clientTls12Ctx);
  33615. #endif
  33616. #endif
  33617. return ret;
  33618. }
  33619. #endif
  33620. #ifdef HAVE_PK_CALLBACKS
  33621. #if !defined(NO_FILESYSTEM) && !defined(NO_CERTS) && !defined(NO_RSA) && \
  33622. !defined(NO_WOLFSSL_CLIENT) && !defined(NO_DH) && !defined(NO_AES) && \
  33623. defined(HAVE_IO_TESTS_DEPENDENCIES) && !defined(SINGLE_THREADED)
  33624. static int my_DhCallback(WOLFSSL* ssl, struct DhKey* key,
  33625. const unsigned char* priv, unsigned int privSz,
  33626. const unsigned char* pubKeyDer, unsigned int pubKeySz,
  33627. unsigned char* out, unsigned int* outlen,
  33628. void* ctx)
  33629. {
  33630. /* Test fail when context associated with WOLFSSL is NULL */
  33631. if (ctx == NULL) {
  33632. return -1;
  33633. }
  33634. (void)ssl;
  33635. /* return 0 on success */
  33636. return wc_DhAgree(key, out, outlen, priv, privSz, pubKeyDer, pubKeySz);
  33637. };
  33638. static void test_dh_ctx_setup(WOLFSSL_CTX* ctx) {
  33639. wolfSSL_CTX_SetDhAgreeCb(ctx, my_DhCallback);
  33640. #ifdef WOLFSSL_AES_128
  33641. AssertIntEQ(wolfSSL_CTX_set_cipher_list(ctx, "DHE-RSA-AES128-SHA256"),
  33642. WOLFSSL_SUCCESS);
  33643. #endif
  33644. #ifdef WOLFSSL_AES_256
  33645. AssertIntEQ(wolfSSL_CTX_set_cipher_list(ctx, "DHE-RSA-AES256-SHA256"),
  33646. WOLFSSL_SUCCESS);
  33647. #endif
  33648. }
  33649. static void test_dh_ssl_setup(WOLFSSL* ssl)
  33650. {
  33651. static int dh_test_ctx = 1;
  33652. int ret;
  33653. wolfSSL_SetDhAgreeCtx(ssl, &dh_test_ctx);
  33654. AssertIntEQ(*((int*)wolfSSL_GetDhAgreeCtx(ssl)), dh_test_ctx);
  33655. ret = wolfSSL_SetTmpDH_file(ssl, dhParamFile, WOLFSSL_FILETYPE_PEM);
  33656. if (ret != WOLFSSL_SUCCESS && ret != SIDE_ERROR) {
  33657. AssertIntEQ(ret, WOLFSSL_SUCCESS);
  33658. }
  33659. }
  33660. static void test_dh_ssl_setup_fail(WOLFSSL* ssl)
  33661. {
  33662. int ret;
  33663. wolfSSL_SetDhAgreeCtx(ssl, NULL);
  33664. AssertNull(wolfSSL_GetDhAgreeCtx(ssl));
  33665. ret = wolfSSL_SetTmpDH_file(ssl, dhParamFile, WOLFSSL_FILETYPE_PEM);
  33666. if (ret != WOLFSSL_SUCCESS && ret != SIDE_ERROR) {
  33667. AssertIntEQ(ret, WOLFSSL_SUCCESS);
  33668. }
  33669. }
  33670. #endif
  33671. static void test_DhCallbacks(void)
  33672. {
  33673. #if !defined(NO_FILESYSTEM) && !defined(NO_CERTS) && !defined(NO_RSA) && \
  33674. !defined(NO_WOLFSSL_CLIENT) && !defined(NO_DH) && !defined(NO_AES) && \
  33675. defined(HAVE_IO_TESTS_DEPENDENCIES) && !defined(SINGLE_THREADED)
  33676. WOLFSSL_CTX *ctx;
  33677. WOLFSSL *ssl;
  33678. tcp_ready ready;
  33679. func_args server_args;
  33680. func_args client_args;
  33681. THREAD_TYPE serverThread;
  33682. callback_functions func_cb_client;
  33683. callback_functions func_cb_server;
  33684. int test;
  33685. printf(testingFmt, "test_DhCallbacks");
  33686. #ifndef NO_WOLFSSL_CLIENT
  33687. AssertNotNull(ctx = wolfSSL_CTX_new(wolfSSLv23_client_method()));
  33688. #else
  33689. AssertNotNull(ctx = wolfSSL_CTX_new(wolfSSLv23_server_method()));
  33690. #endif
  33691. AssertIntEQ(wolfSSL_CTX_set_cipher_list(NULL, "NONE"), WOLFSSL_FAILURE);
  33692. wolfSSL_CTX_SetDhAgreeCb(ctx, &my_DhCallback);
  33693. /* load client ca cert */
  33694. AssertIntEQ(wolfSSL_CTX_load_verify_locations(ctx, caCertFile, 0),
  33695. WOLFSSL_SUCCESS);
  33696. /* test with NULL arguments */
  33697. wolfSSL_SetDhAgreeCtx(NULL, &test);
  33698. AssertNull(wolfSSL_GetDhAgreeCtx(NULL));
  33699. /* test success case */
  33700. test = 1;
  33701. AssertNotNull(ssl = wolfSSL_new(ctx));
  33702. wolfSSL_SetDhAgreeCtx(ssl, &test);
  33703. AssertIntEQ(*((int*)wolfSSL_GetDhAgreeCtx(ssl)), test);
  33704. wolfSSL_free(ssl);
  33705. wolfSSL_CTX_free(ctx);
  33706. /* test a connection where callback is used */
  33707. #ifdef WOLFSSL_TIRTOS
  33708. fdOpenSession(Task_self());
  33709. #endif
  33710. XMEMSET(&server_args, 0, sizeof(func_args));
  33711. XMEMSET(&client_args, 0, sizeof(func_args));
  33712. XMEMSET(&func_cb_client, 0, sizeof(callback_functions));
  33713. XMEMSET(&func_cb_server, 0, sizeof(callback_functions));
  33714. StartTCP();
  33715. InitTcpReady(&ready);
  33716. #if defined(USE_WINDOWS_API)
  33717. /* use RNG to get random port if using windows */
  33718. ready.port = GetRandomPort();
  33719. #endif
  33720. server_args.signal = &ready;
  33721. client_args.signal = &ready;
  33722. server_args.return_code = TEST_FAIL;
  33723. client_args.return_code = TEST_FAIL;
  33724. /* set callbacks to use DH functions */
  33725. func_cb_client.ctx_ready = &test_dh_ctx_setup;
  33726. func_cb_client.ssl_ready = &test_dh_ssl_setup;
  33727. #ifndef WOLFSSL_NO_TLS12
  33728. func_cb_client.method = wolfTLSv1_2_client_method;
  33729. #else
  33730. func_cb_client.method = wolfTLSv1_3_client_method;
  33731. #endif
  33732. client_args.callbacks = &func_cb_client;
  33733. func_cb_server.ctx_ready = &test_dh_ctx_setup;
  33734. func_cb_server.ssl_ready = &test_dh_ssl_setup;
  33735. #ifndef WOLFSSL_NO_TLS12
  33736. func_cb_server.method = wolfTLSv1_2_server_method;
  33737. #else
  33738. func_cb_server.method = wolfTLSv1_3_server_method;
  33739. #endif
  33740. server_args.callbacks = &func_cb_server;
  33741. start_thread(test_server_nofail, &server_args, &serverThread);
  33742. wait_tcp_ready(&server_args);
  33743. test_client_nofail(&client_args, NULL);
  33744. join_thread(serverThread);
  33745. AssertTrue(client_args.return_code);
  33746. AssertTrue(server_args.return_code);
  33747. FreeTcpReady(&ready);
  33748. #ifdef WOLFSSL_TIRTOS
  33749. fdOpenSession(Task_self());
  33750. #endif
  33751. /* now set user ctx to not be 1 so that the callback returns fail case */
  33752. #ifdef WOLFSSL_TIRTOS
  33753. fdOpenSession(Task_self());
  33754. #endif
  33755. XMEMSET(&server_args, 0, sizeof(func_args));
  33756. XMEMSET(&client_args, 0, sizeof(func_args));
  33757. XMEMSET(&func_cb_client, 0, sizeof(callback_functions));
  33758. XMEMSET(&func_cb_server, 0, sizeof(callback_functions));
  33759. StartTCP();
  33760. InitTcpReady(&ready);
  33761. #if defined(USE_WINDOWS_API)
  33762. /* use RNG to get random port if using windows */
  33763. ready.port = GetRandomPort();
  33764. #endif
  33765. server_args.signal = &ready;
  33766. client_args.signal = &ready;
  33767. server_args.return_code = TEST_FAIL;
  33768. client_args.return_code = TEST_FAIL;
  33769. /* set callbacks to use DH functions */
  33770. func_cb_client.ctx_ready = &test_dh_ctx_setup;
  33771. func_cb_client.ssl_ready = &test_dh_ssl_setup_fail;
  33772. #ifndef WOLFSSL_NO_TLS12
  33773. func_cb_client.method = wolfTLSv1_2_client_method;
  33774. #else
  33775. func_cb_client.method = wolfTLSv1_3_client_method;
  33776. #endif
  33777. client_args.callbacks = &func_cb_client;
  33778. func_cb_server.ctx_ready = &test_dh_ctx_setup;
  33779. func_cb_server.ssl_ready = &test_dh_ssl_setup_fail;
  33780. #ifndef WOLFSSL_NO_TLS12
  33781. func_cb_server.method = wolfTLSv1_2_server_method;
  33782. #else
  33783. func_cb_server.method = wolfTLSv1_3_server_method;
  33784. #endif
  33785. server_args.callbacks = &func_cb_server;
  33786. start_thread(test_server_nofail, &server_args, &serverThread);
  33787. wait_tcp_ready(&server_args);
  33788. test_client_nofail(&client_args, NULL);
  33789. join_thread(serverThread);
  33790. AssertIntEQ(client_args.return_code, TEST_FAIL);
  33791. AssertIntEQ(server_args.return_code, TEST_FAIL);
  33792. FreeTcpReady(&ready);
  33793. #ifdef WOLFSSL_TIRTOS
  33794. fdOpenSession(Task_self());
  33795. #endif
  33796. printf(resultFmt, passed);
  33797. #endif
  33798. }
  33799. #endif /* HAVE_PK_CALLBACKS */
  33800. #ifdef HAVE_HASHDRBG
  33801. #ifdef TEST_RESEED_INTERVAL
  33802. static int test_wc_RNG_GenerateBlock_Reseed(void)
  33803. {
  33804. int i, ret;
  33805. WC_RNG rng;
  33806. byte key[32];
  33807. ret = wc_InitRng(&rng);
  33808. if (ret == 0) {
  33809. for(i = 0; i < WC_RESEED_INTERVAL + 10; i++) {
  33810. ret = wc_RNG_GenerateBlock(&rng, key, sizeof(key));
  33811. if (ret != 0) {
  33812. break;
  33813. }
  33814. }
  33815. }
  33816. wc_FreeRng(&rng);
  33817. return ret;
  33818. }
  33819. #endif /* TEST_RESEED_INTERVAL */
  33820. static int test_wc_RNG_GenerateBlock(void)
  33821. {
  33822. int i, ret;
  33823. WC_RNG rng;
  33824. byte key[32];
  33825. ret = wc_InitRng(&rng);
  33826. if (ret == 0) {
  33827. for(i = 0; i < 10; i++) {
  33828. ret = wc_RNG_GenerateBlock(&rng, key, sizeof(key));
  33829. if (ret != 0) {
  33830. break;
  33831. }
  33832. }
  33833. }
  33834. wc_FreeRng(&rng);
  33835. (void)rng; /* for WC_NO_RNG case */
  33836. (void)key;
  33837. return ret;
  33838. }
  33839. #endif
  33840. /*
  33841. * Testing get_rand_digit
  33842. */
  33843. static int test_get_rand_digit (void)
  33844. {
  33845. int ret = 0;
  33846. #if !defined(WC_NO_RNG) && defined(WOLFSSL_PUBLIC_MP)
  33847. WC_RNG rng;
  33848. mp_digit d;
  33849. printf(testingFmt, "get_rand_digit()");
  33850. ret = wc_InitRng(&rng);
  33851. if (ret == 0) {
  33852. ret = get_rand_digit(&rng, &d);
  33853. }
  33854. if (ret == 0) {
  33855. ret = get_rand_digit(NULL, NULL);
  33856. if (ret == BAD_FUNC_ARG) {
  33857. ret = 0;
  33858. }
  33859. }
  33860. if (ret == 0) {
  33861. ret = get_rand_digit(NULL, &d);
  33862. if (ret == BAD_FUNC_ARG) {
  33863. ret = 0;
  33864. }
  33865. }
  33866. if (ret == 0) {
  33867. ret = get_rand_digit(&rng, NULL);
  33868. if (ret == BAD_FUNC_ARG) {
  33869. ret = 0;
  33870. }
  33871. }
  33872. if (ret == 0) {
  33873. ret = wc_FreeRng(&rng);
  33874. }
  33875. printf(resultFmt, ret == 0 ? passed : failed);
  33876. #endif
  33877. return ret;
  33878. }/* End test_get_rand_digit*/
  33879. /*
  33880. * Testing get_digit_count
  33881. */
  33882. static int test_get_digit_count (void)
  33883. {
  33884. int ret = 0;
  33885. #if !defined(WOLFSSL_SP_MATH) && defined(WOLFSSL_PUBLIC_MP)
  33886. mp_int a;
  33887. printf(testingFmt, "get_digit_count()");
  33888. if (mp_init(&a) != MP_OKAY) {
  33889. ret = -1;
  33890. }
  33891. if (ret == 0) {
  33892. ret = get_digit_count(NULL);
  33893. }
  33894. if (ret == 0) {
  33895. ret = get_digit_count(&a);
  33896. }
  33897. printf(resultFmt, ret == 0 ? passed : failed);
  33898. mp_clear(&a);
  33899. #endif
  33900. return ret;
  33901. }/* End test_get_digit_count*/
  33902. /*
  33903. * Testing mp_cond_copy
  33904. */
  33905. static int test_mp_cond_copy (void)
  33906. {
  33907. int ret = 0;
  33908. #if defined(WOLFSSL_PUBLIC_MP)
  33909. mp_int a;
  33910. mp_int b;
  33911. int copy = 0;
  33912. printf(testingFmt, "mp_cond_copy()");
  33913. if (mp_init(&a) != MP_OKAY) {
  33914. ret = -1;
  33915. }
  33916. if (ret == 0) {
  33917. if (mp_init(&b) != MP_OKAY) {
  33918. ret = -1;
  33919. }
  33920. }
  33921. if (ret == 0) {
  33922. ret = mp_cond_copy(NULL, copy, NULL);
  33923. if (ret == BAD_FUNC_ARG) {
  33924. ret = 0;
  33925. }
  33926. }
  33927. if (ret == 0) {
  33928. ret = mp_cond_copy(NULL, copy, &b);
  33929. if (ret == BAD_FUNC_ARG) {
  33930. ret = 0;
  33931. }
  33932. }
  33933. if (ret == 0) {
  33934. ret = mp_cond_copy(&a, copy, NULL);
  33935. if (ret == BAD_FUNC_ARG) {
  33936. ret = 0;
  33937. }
  33938. }
  33939. if (ret == 0) {
  33940. ret = mp_cond_copy(&a, copy, &b);
  33941. }
  33942. printf(resultFmt, ret == 0 ? passed : failed);
  33943. mp_clear(&a);
  33944. mp_clear(&b);
  33945. #endif
  33946. return ret;
  33947. }/* End test_mp_cond_copy*/
  33948. /*
  33949. * Testing mp_rand
  33950. */
  33951. static int test_mp_rand (void)
  33952. {
  33953. int ret = 0;
  33954. #if defined(WC_RSA_BLINDING) && defined(WOLFSSL_PUBLIC_MP)
  33955. mp_int a;
  33956. int digits = 1;
  33957. WC_RNG rng;
  33958. printf(testingFmt, "mp_rand()");
  33959. if (mp_init(&a) != MP_OKAY) {
  33960. ret = -1;
  33961. }
  33962. if (ret == 0) {
  33963. ret = wc_InitRng(&rng);
  33964. }
  33965. if (ret == 0) {
  33966. ret = mp_rand(&a, digits, NULL);
  33967. if (ret == MISSING_RNG_E) {
  33968. ret = 0;
  33969. }
  33970. }
  33971. if (ret == 0) {
  33972. ret = mp_rand(NULL, digits, &rng);
  33973. if (ret == BAD_FUNC_ARG) {
  33974. ret = 0;
  33975. }
  33976. }
  33977. if (ret == 0) {
  33978. ret = mp_rand(&a, 0, &rng);
  33979. if (ret == BAD_FUNC_ARG) {
  33980. ret = 0;
  33981. }
  33982. }
  33983. if (ret == 0) {
  33984. ret = mp_rand(&a, digits, &rng);
  33985. }
  33986. printf(resultFmt, ret == 0 ? passed : failed);
  33987. mp_clear(&a);
  33988. wc_FreeRng(&rng);
  33989. #endif
  33990. return ret;
  33991. }/* End test_mp_rand*/
  33992. /*
  33993. * Testing get_digit
  33994. */
  33995. static int test_get_digit (void)
  33996. {
  33997. int ret = 0;
  33998. #if defined(WOLFSSL_PUBLIC_MP)
  33999. mp_int a;
  34000. int n = 0;
  34001. printf(testingFmt, "get_digit()");
  34002. if (mp_init(&a) != MP_OKAY) {
  34003. ret = -1;
  34004. }
  34005. if (ret == 0) {
  34006. if (get_digit(NULL, n) != 0) { /* Should not hit this */
  34007. ret = -1;
  34008. }
  34009. }
  34010. if (ret == 0) {
  34011. if (get_digit(NULL, n) == 0) { /* Should hit this */
  34012. ret = 0;
  34013. }
  34014. }
  34015. if (ret == 0) {
  34016. if (get_digit(&a, n) != 0) { /* Should not hit this */
  34017. ret = -1;
  34018. }
  34019. }
  34020. if (ret == 0) {
  34021. if (get_digit(&a, n) == 0) { /* Should hit this */
  34022. ret = 0;
  34023. }
  34024. }
  34025. printf(resultFmt, ret == 0 ? passed : failed);
  34026. mp_clear(&a);
  34027. #endif
  34028. return ret;
  34029. }/* End test_get_digit*/
  34030. /*
  34031. * Testing wc_export_int
  34032. */
  34033. static int test_wc_export_int (void)
  34034. {
  34035. int ret = 0;
  34036. #if defined(WOLFSSL_PUBLIC_MP)
  34037. mp_int mp;
  34038. byte buf[256];
  34039. word32 keySz = (word32)sizeof(buf);
  34040. word32 len = (word32)sizeof(buf);
  34041. int encType = WC_TYPE_UNSIGNED_BIN;
  34042. printf(testingFmt, "wc_export_int()");
  34043. if (mp_init(&mp) != MP_OKAY) {
  34044. ret = -1;
  34045. }
  34046. if (ret == 0) {
  34047. ret = wc_export_int(NULL, buf, &len, keySz, encType);
  34048. if (ret == BAD_FUNC_ARG) {
  34049. ret = 0;
  34050. }
  34051. }
  34052. len = sizeof(buf)-1;
  34053. if (ret == 0) {
  34054. ret = wc_export_int(&mp, buf, &len, keySz, encType);
  34055. if (ret == BUFFER_E) {
  34056. ret = 0;
  34057. }
  34058. }
  34059. len = sizeof(buf);
  34060. if (ret == 0) {
  34061. ret = wc_export_int(&mp, buf, &len, keySz, WC_TYPE_HEX_STR);
  34062. }
  34063. if (ret == 0) {
  34064. ret = wc_export_int(&mp, buf, &len, keySz, encType);
  34065. }
  34066. printf(resultFmt, ret == 0 ? passed : failed);
  34067. mp_clear(&mp);
  34068. #endif
  34069. return ret;
  34070. }/* End test_wc_export_int*/
  34071. static int test_wc_InitRngNonce(void)
  34072. {
  34073. int ret=0;
  34074. #if !defined(WC_NO_RNG) && !defined(HAVE_SELFTEST) && \
  34075. (!defined(HAVE_FIPS) || (defined(HAVE_FIPS_VERSION) && HAVE_FIPS_VERSION >= 2))
  34076. WC_RNG rng;
  34077. byte nonce[] = "\x0D\x74\xDB\x42\xA9\x10\x77\xDE"
  34078. "\x45\xAC\x13\x7A\xE1\x48\xAF\x16";
  34079. word32 nonceSz = sizeof(nonce);
  34080. printf(testingFmt, "wc_InitRngNonce()");
  34081. if (ret == 0){
  34082. ret = wc_InitRngNonce(&rng, nonce, nonceSz);
  34083. }
  34084. wc_FreeRng(&rng);
  34085. printf(resultFmt, ret == 0 ? passed : failed);
  34086. #endif
  34087. return ret;
  34088. }/* End test_wc_InitRngNonce*/
  34089. /*
  34090. * Testing wc_InitRngNonce_ex
  34091. */
  34092. static int test_wc_InitRngNonce_ex(void)
  34093. {
  34094. int ret=0;
  34095. #if !defined(WC_NO_RNG) && !defined(HAVE_SELFTEST) && \
  34096. (!defined(HAVE_FIPS) || (defined(HAVE_FIPS_VERSION) && HAVE_FIPS_VERSION >= 2))
  34097. WC_RNG rng;
  34098. byte nonce[] = "\x0D\x74\xDB\x42\xA9\x10\x77\xDE"
  34099. "\x45\xAC\x13\x7A\xE1\x48\xAF\x16";
  34100. word32 nonceSz = sizeof(nonce);
  34101. printf(testingFmt, "wc_InitRngNonce_ex()");
  34102. if (ret == 0){
  34103. ret = wc_InitRngNonce_ex(&rng, nonce, nonceSz, HEAP_HINT, devId);
  34104. }
  34105. wc_FreeRng(&rng);
  34106. printf(resultFmt, ret == 0 ? passed : failed);
  34107. #endif
  34108. return ret;
  34109. }/*End test_wc_InitRngNonce_ex*/
  34110. static void test_wolfSSL_X509_CRL(void)
  34111. {
  34112. #if defined(OPENSSL_EXTRA) && defined(HAVE_CRL)
  34113. X509_CRL *crl;
  34114. char pem[][100] = {
  34115. "./certs/crl/crl.pem",
  34116. "./certs/crl/crl2.pem",
  34117. "./certs/crl/caEccCrl.pem",
  34118. "./certs/crl/eccCliCRL.pem",
  34119. "./certs/crl/eccSrvCRL.pem",
  34120. ""
  34121. };
  34122. #ifndef NO_BIO
  34123. BIO *bio;
  34124. #endif
  34125. #ifdef HAVE_TEST_d2i_X509_CRL_fp
  34126. char der[][100] = {
  34127. "./certs/crl/crl.der",
  34128. "./certs/crl/crl2.der",
  34129. ""};
  34130. #endif
  34131. XFILE fp;
  34132. int i;
  34133. printf(testingFmt, "test_wolfSSL_X509_CRL");
  34134. for (i = 0; pem[i][0] != '\0'; i++)
  34135. {
  34136. fp = XFOPEN(pem[i], "rb");
  34137. AssertTrue((fp != XBADFILE));
  34138. AssertNotNull(crl = (X509_CRL *)PEM_read_X509_CRL(fp, (X509_CRL **)NULL, NULL, NULL));
  34139. AssertNotNull(crl);
  34140. X509_CRL_free(crl);
  34141. XFCLOSE(fp);
  34142. fp = XFOPEN(pem[i], "rb");
  34143. AssertTrue((fp != XBADFILE));
  34144. AssertNotNull((X509_CRL *)PEM_read_X509_CRL(fp, (X509_CRL **)&crl, NULL, NULL));
  34145. AssertNotNull(crl);
  34146. X509_CRL_free(crl);
  34147. XFCLOSE(fp);
  34148. }
  34149. #ifndef NO_BIO
  34150. for (i = 0; pem[i][0] != '\0'; i++)
  34151. {
  34152. AssertNotNull(bio = BIO_new_file(pem[i], "rb"));
  34153. AssertNotNull(crl = PEM_read_bio_X509_CRL(bio, NULL, NULL, NULL));
  34154. X509_CRL_free(crl);
  34155. BIO_free(bio);
  34156. }
  34157. #endif
  34158. #ifdef HAVE_TEST_d2i_X509_CRL_fp
  34159. for(i = 0; der[i][0] != '\0'; i++){
  34160. fp = XFOPEN(der[i], "rb");
  34161. AssertTrue((fp != XBADFILE));
  34162. AssertNotNull(crl = (X509_CRL *)d2i_X509_CRL_fp((fp, X509_CRL **)NULL));
  34163. AssertNotNull(crl);
  34164. X509_CRL_free(crl);
  34165. XFCLOSE(fp);
  34166. fp = XFOPEN(der[i], "rb");
  34167. AssertTrue((fp != XBADFILE));
  34168. AssertNotNull((X509_CRL *)d2i_X509_CRL_fp(fp, (X509_CRL **)&crl));
  34169. AssertNotNull(crl);
  34170. X509_CRL_free(crl);
  34171. XFCLOSE(fp);
  34172. }
  34173. #endif
  34174. printf(resultFmt, passed);
  34175. #endif
  34176. return;
  34177. }
  34178. static void test_wolfSSL_X509_load_crl_file(void)
  34179. {
  34180. #if defined(OPENSSL_EXTRA) && defined(HAVE_CRL) && !defined(NO_FILESYSTEM)
  34181. int i;
  34182. char pem[][100] = {
  34183. "./certs/crl/crl.pem",
  34184. "./certs/crl/crl2.pem",
  34185. "./certs/crl/caEccCrl.pem",
  34186. "./certs/crl/eccCliCRL.pem",
  34187. "./certs/crl/eccSrvCRL.pem",
  34188. ""
  34189. };
  34190. char der[][100] = {
  34191. "./certs/crl/crl.der",
  34192. "./certs/crl/crl2.der",
  34193. ""
  34194. };
  34195. WOLFSSL_X509_STORE* store;
  34196. WOLFSSL_X509_LOOKUP* lookup;
  34197. printf(testingFmt, "wolfSSL_X509_load_crl_file");
  34198. AssertNotNull(store = wolfSSL_X509_STORE_new());
  34199. AssertNotNull(lookup = X509_STORE_add_lookup(store, X509_LOOKUP_file()));
  34200. AssertIntEQ(X509_LOOKUP_load_file(lookup, "certs/ca-cert.pem",
  34201. X509_FILETYPE_PEM), 1);
  34202. AssertIntEQ(X509_LOOKUP_load_file(lookup, "certs/server-revoked-cert.pem",
  34203. X509_FILETYPE_PEM), 1);
  34204. if (store) {
  34205. AssertIntEQ(wolfSSL_CertManagerVerify(store->cm, svrCertFile,
  34206. WOLFSSL_FILETYPE_PEM), 1);
  34207. /* since store hasn't yet known the revoked cert*/
  34208. AssertIntEQ(wolfSSL_CertManagerVerify(store->cm, "certs/server-revoked-cert.pem",
  34209. WOLFSSL_FILETYPE_PEM), 1);
  34210. }
  34211. for (i = 0; pem[i][0] != '\0'; i++)
  34212. {
  34213. AssertIntEQ(X509_load_crl_file(lookup, pem[i], WOLFSSL_FILETYPE_PEM), 1);
  34214. }
  34215. if (store) {
  34216. /* since store knows crl list */
  34217. AssertIntEQ(wolfSSL_CertManagerVerify(store->cm, "certs/server-revoked-cert.pem",
  34218. WOLFSSL_FILETYPE_PEM ), CRL_CERT_REVOKED);
  34219. }
  34220. /* once feeing store */
  34221. X509_STORE_free(store);
  34222. store = NULL;
  34223. AssertNotNull(store = wolfSSL_X509_STORE_new());
  34224. AssertNotNull(lookup = X509_STORE_add_lookup(store, X509_LOOKUP_file()));
  34225. AssertIntEQ(X509_LOOKUP_load_file(lookup, "certs/ca-cert.pem",
  34226. X509_FILETYPE_PEM), 1);
  34227. AssertIntEQ(X509_LOOKUP_load_file(lookup, "certs/server-revoked-cert.pem",
  34228. X509_FILETYPE_PEM), 1);
  34229. if (store) {
  34230. AssertIntEQ(wolfSSL_CertManagerVerify(store->cm, svrCertFile,
  34231. WOLFSSL_FILETYPE_PEM), 1);
  34232. /* since store hasn't yet known the revoked cert*/
  34233. AssertIntEQ(wolfSSL_CertManagerVerify(store->cm, "certs/server-revoked-cert.pem",
  34234. WOLFSSL_FILETYPE_PEM), 1);
  34235. }
  34236. for (i = 0; der[i][0] != '\0'; i++)
  34237. {
  34238. AssertIntEQ(X509_load_crl_file(lookup, der[i], WOLFSSL_FILETYPE_ASN1), 1);
  34239. }
  34240. if (store) {
  34241. /* since store knows crl list */
  34242. AssertIntEQ(wolfSSL_CertManagerVerify(store->cm, "certs/server-revoked-cert.pem",
  34243. WOLFSSL_FILETYPE_PEM ), CRL_CERT_REVOKED);
  34244. }
  34245. X509_STORE_free(store);
  34246. store = NULL;
  34247. printf(resultFmt, passed);
  34248. #endif
  34249. }
  34250. static void test_wolfSSL_d2i_X509_REQ(void)
  34251. {
  34252. #if defined(WOLFSSL_CERT_REQ) && (defined(OPENSSL_ALL) || defined(OPENSSL_EXTRA))
  34253. /* ./certs/csr.signed.der, ./certs/csr.ext.der, and ./certs/csr.attr.der were
  34254. * generated by libest
  34255. * ./certs/csr.attr.der contains sample attributes
  34256. * ./certs/csr.ext.der contains sample extensions */
  34257. const char* csrFile = "./certs/csr.signed.der";
  34258. const char* csrPopFile = "./certs/csr.attr.der";
  34259. const char* csrExtFile = "./certs/csr.ext.der";
  34260. /* ./certs/csr.dsa.pem is generated using
  34261. * openssl req -newkey dsa:certs/dsaparams.pem \
  34262. * -keyout certs/csr.dsa.key.pem -keyform PEM -out certs/csr.dsa.pem \
  34263. * -outform PEM
  34264. * with the passphrase "wolfSSL"
  34265. */
  34266. #if !defined(NO_DSA) && !defined(HAVE_SELFTEST)
  34267. const char* csrDsaFile = "./certs/csr.dsa.pem";
  34268. #endif
  34269. BIO* bio = NULL;
  34270. X509* req = NULL;
  34271. EVP_PKEY *pub_key = NULL;
  34272. {
  34273. AssertNotNull(bio = BIO_new_file(csrFile, "rb"));
  34274. AssertNotNull(d2i_X509_REQ_bio(bio, &req));
  34275. /*
  34276. * Extract the public key from the CSR
  34277. */
  34278. AssertNotNull(pub_key = X509_REQ_get_pubkey(req));
  34279. /*
  34280. * Verify the signature in the CSR
  34281. */
  34282. AssertIntEQ(X509_REQ_verify(req, pub_key), 1);
  34283. X509_free(req);
  34284. BIO_free(bio);
  34285. EVP_PKEY_free(pub_key);
  34286. }
  34287. {
  34288. #ifdef OPENSSL_ALL
  34289. X509_ATTRIBUTE* attr;
  34290. ASN1_TYPE *at;
  34291. #endif
  34292. AssertNotNull(bio = BIO_new_file(csrPopFile, "rb"));
  34293. AssertNotNull(d2i_X509_REQ_bio(bio, &req));
  34294. /*
  34295. * Extract the public key from the CSR
  34296. */
  34297. AssertNotNull(pub_key = X509_REQ_get_pubkey(req));
  34298. /*
  34299. * Verify the signature in the CSR
  34300. */
  34301. AssertIntEQ(X509_REQ_verify(req, pub_key), 1);
  34302. #ifdef OPENSSL_ALL
  34303. /*
  34304. * Obtain the challenge password from the CSR
  34305. */
  34306. AssertIntEQ(X509_REQ_get_attr_by_NID(req, NID_pkcs9_challengePassword, -1),
  34307. NID_pkcs9_challengePassword);
  34308. AssertNotNull(attr = X509_REQ_get_attr(req, NID_pkcs9_challengePassword));
  34309. AssertNotNull(at = X509_ATTRIBUTE_get0_type(attr, 0));
  34310. AssertNotNull(at->value.asn1_string);
  34311. AssertStrEQ((char*)ASN1_STRING_data(at->value.asn1_string), "2xIE+qqp/rhyTXP+");
  34312. AssertIntEQ(X509_get_ext_by_NID(req, NID_subject_alt_name, -1), -1);
  34313. #endif
  34314. X509_free(req);
  34315. BIO_free(bio);
  34316. EVP_PKEY_free(pub_key);
  34317. }
  34318. {
  34319. #ifdef OPENSSL_ALL
  34320. X509_ATTRIBUTE* attr;
  34321. ASN1_TYPE *at;
  34322. STACK_OF(X509_EXTENSION) *exts = NULL;
  34323. #endif
  34324. AssertNotNull(bio = BIO_new_file(csrExtFile, "rb"));
  34325. /* This CSR contains an Extension Request attribute so
  34326. * we test extension parsing in a CSR attribute here. */
  34327. AssertNotNull(d2i_X509_REQ_bio(bio, &req));
  34328. /*
  34329. * Extract the public key from the CSR
  34330. */
  34331. AssertNotNull(pub_key = X509_REQ_get_pubkey(req));
  34332. /*
  34333. * Verify the signature in the CSR
  34334. */
  34335. AssertIntEQ(X509_REQ_verify(req, pub_key), 1);
  34336. #ifdef OPENSSL_ALL
  34337. AssertNotNull(exts = (STACK_OF(X509_EXTENSION)*)X509_REQ_get_extensions(req));
  34338. AssertIntEQ(sk_X509_EXTENSION_num(exts), 2);
  34339. sk_X509_EXTENSION_pop_free(exts, X509_EXTENSION_free);
  34340. /*
  34341. * Obtain the challenge password from the CSR
  34342. */
  34343. AssertIntEQ(X509_REQ_get_attr_by_NID(req, NID_pkcs9_challengePassword, -1),
  34344. NID_pkcs9_challengePassword);
  34345. AssertNotNull(attr = X509_REQ_get_attr(req, NID_pkcs9_challengePassword));
  34346. AssertNotNull(at = X509_ATTRIBUTE_get0_type(attr, 0));
  34347. AssertNotNull(at->value.asn1_string);
  34348. AssertStrEQ((char*)ASN1_STRING_data(at->value.asn1_string), "IGCu/xNL4/0/wOgo");
  34349. AssertIntGE(X509_get_ext_by_NID(req, NID_key_usage, -1), 0);
  34350. AssertIntGE(X509_get_ext_by_NID(req, NID_subject_alt_name, -1), 0);
  34351. #endif
  34352. X509_free(req);
  34353. BIO_free(bio);
  34354. EVP_PKEY_free(pub_key);
  34355. }
  34356. #if !defined(NO_DSA) && !defined(HAVE_SELFTEST)
  34357. {
  34358. AssertNotNull(bio = BIO_new_file(csrDsaFile, "rb"));
  34359. AssertNotNull(PEM_read_bio_X509_REQ(bio, &req, NULL, NULL));
  34360. /*
  34361. * Extract the public key from the CSR
  34362. */
  34363. AssertNotNull(pub_key = X509_REQ_get_pubkey(req));
  34364. /*
  34365. * Verify the signature in the CSR
  34366. */
  34367. AssertIntEQ(X509_REQ_verify(req, pub_key), 1);
  34368. X509_free(req);
  34369. BIO_free(bio);
  34370. EVP_PKEY_free(pub_key);
  34371. }
  34372. #endif /* !NO_DSA && !HAVE_SELFTEST */
  34373. #endif /* WOLFSSL_CERT_REQ && (OPENSSL_ALL || OPENSSL_EXTRA) */
  34374. }
  34375. static void test_wolfSSL_PEM_read_X509(void)
  34376. {
  34377. #if defined(OPENSSL_EXTRA) && defined(HAVE_CRL) && !defined(NO_FILESYSTEM) && \
  34378. !defined(NO_RSA)
  34379. X509 *x509 = NULL;
  34380. XFILE fp;
  34381. printf(testingFmt, "wolfSSL_PEM_read_X509");
  34382. fp = XFOPEN(svrCertFile, "rb");
  34383. AssertTrue((fp != XBADFILE));
  34384. AssertNotNull(x509 = (X509 *)PEM_read_X509(fp, (X509 **)NULL, NULL, NULL));
  34385. X509_free(x509);
  34386. XFCLOSE(fp);
  34387. printf(resultFmt, passed);
  34388. #endif
  34389. }
  34390. static void test_wolfSSL_PEM_read(void)
  34391. {
  34392. #if defined(OPENSSL_EXTRA) && !defined(NO_FILESYSTEM) && !defined(NO_BIO)
  34393. const char* filename = "./certs/server-keyEnc.pem";
  34394. XFILE fp;
  34395. char* name = NULL;
  34396. char* header = NULL;
  34397. byte* data = NULL;
  34398. long len;
  34399. EVP_CIPHER_INFO cipher;
  34400. WOLFSSL_BIO* bio;
  34401. byte* fileData;
  34402. size_t fileDataSz;
  34403. byte* out;
  34404. printf(testingFmt, "wolfSSL_PEM_read");
  34405. fp = XFOPEN(filename, "rb");
  34406. AssertTrue((fp != XBADFILE));
  34407. /* Fail cases. */
  34408. AssertIntEQ(PEM_read(fp, NULL, &header, &data, &len), WOLFSSL_FAILURE);
  34409. AssertIntEQ(PEM_read(fp, &name, NULL, &data, &len), WOLFSSL_FAILURE);
  34410. AssertIntEQ(PEM_read(fp, &name, &header, NULL, &len), WOLFSSL_FAILURE);
  34411. AssertIntEQ(PEM_read(fp, &name, &header, &data, NULL), WOLFSSL_FAILURE);
  34412. AssertIntEQ(PEM_read(fp, &name, &header, &data, &len), WOLFSSL_SUCCESS);
  34413. AssertIntEQ(XSTRNCMP(name, "RSA PRIVATE KEY", 15), 0);
  34414. AssertIntGT(XSTRLEN(header), 0);
  34415. AssertIntGT(len, 0);
  34416. AssertIntEQ(XFSEEK(fp, 0, SEEK_END), 0);
  34417. AssertIntGT((fileDataSz = XFTELL(fp)), 0);
  34418. AssertIntEQ(XFSEEK(fp, 0, SEEK_SET), 0);
  34419. AssertNotNull(fileData = (unsigned char*)XMALLOC(fileDataSz, NULL,
  34420. DYNAMIC_TYPE_TMP_BUFFER));
  34421. AssertIntEQ(XFREAD(fileData, 1, fileDataSz, fp), fileDataSz);
  34422. XFCLOSE(fp);
  34423. AssertNotNull(bio = wolfSSL_BIO_new(wolfSSL_BIO_s_mem()));
  34424. /* Fail cases. */
  34425. AssertIntEQ(PEM_write_bio(NULL, name, header, data, len), 0);
  34426. AssertIntEQ(PEM_write_bio(bio, NULL, header, data, len), 0);
  34427. AssertIntEQ(PEM_write_bio(bio, name, NULL, data, len), 0);
  34428. AssertIntEQ(PEM_write_bio(bio, name, header, NULL, len), 0);
  34429. AssertIntEQ(PEM_write_bio(bio, name, header, data, len), fileDataSz);
  34430. AssertIntEQ(wolfSSL_BIO_get_mem_data(bio, &out), fileDataSz);
  34431. AssertIntEQ(XMEMCMP(out, fileData, fileDataSz), 0);
  34432. /* Fail cases. */
  34433. AssertIntEQ(PEM_get_EVP_CIPHER_INFO(NULL, &cipher), WOLFSSL_FAILURE);
  34434. AssertIntEQ(PEM_get_EVP_CIPHER_INFO(header, NULL), WOLFSSL_FAILURE);
  34435. AssertIntEQ(PEM_get_EVP_CIPHER_INFO((char*)"", &cipher), WOLFSSL_FAILURE);
  34436. #ifndef NO_DES3
  34437. AssertIntEQ(PEM_get_EVP_CIPHER_INFO(header, &cipher), WOLFSSL_SUCCESS);
  34438. #endif
  34439. /* Fail cases. */
  34440. AssertIntEQ(PEM_do_header(&cipher, NULL, &len, PasswordCallBack,
  34441. (void*)"yassl123"), WOLFSSL_FAILURE);
  34442. AssertIntEQ(PEM_do_header(&cipher, data, NULL, PasswordCallBack,
  34443. (void*)"yassl123"), WOLFSSL_FAILURE);
  34444. AssertIntEQ(PEM_do_header(&cipher, data, &len, NULL,
  34445. (void*)"yassl123"), WOLFSSL_FAILURE);
  34446. #if !defined(NO_DES3) && !defined(NO_MD5)
  34447. AssertIntEQ(PEM_do_header(&cipher, data, &len, PasswordCallBack,
  34448. (void*)"yassl123"), WOLFSSL_SUCCESS);
  34449. #endif
  34450. BIO_free(bio);
  34451. XFREE(fileData, NULL, DYNAMIC_TYPE_TMP_BUFFER);
  34452. XFREE(name, NULL, DYNAMIC_TYPE_TMP_BUFFER);
  34453. XFREE(header, NULL, DYNAMIC_TYPE_TMP_BUFFER);
  34454. XFREE(data, NULL, DYNAMIC_TYPE_TMP_BUFFER);
  34455. name = NULL;
  34456. header = NULL;
  34457. data = NULL;
  34458. fp = XFOPEN(svrKeyFile, "rb");
  34459. AssertTrue((fp != XBADFILE));
  34460. AssertIntEQ(PEM_read(fp, &name, &header, &data, &len), WOLFSSL_SUCCESS);
  34461. AssertIntEQ(XSTRNCMP(name, "RSA PRIVATE KEY", 15), 0);
  34462. AssertIntEQ(XSTRLEN(header), 0);
  34463. AssertIntGT(len, 0);
  34464. AssertIntEQ(XFSEEK(fp, 0, SEEK_END), 0);
  34465. AssertIntGT((fileDataSz = XFTELL(fp)), 0);
  34466. AssertIntEQ(XFSEEK(fp, 0, SEEK_SET), 0);
  34467. AssertNotNull(fileData = (unsigned char*)XMALLOC(fileDataSz, NULL,
  34468. DYNAMIC_TYPE_TMP_BUFFER));
  34469. AssertIntEQ(XFREAD(fileData, 1, fileDataSz, fp), fileDataSz);
  34470. XFCLOSE(fp);
  34471. AssertNotNull(bio = wolfSSL_BIO_new(wolfSSL_BIO_s_mem()));
  34472. AssertIntEQ(PEM_write_bio(bio, name, header, data, len), fileDataSz);
  34473. AssertIntEQ(wolfSSL_BIO_get_mem_data(bio, &out), fileDataSz);
  34474. AssertIntEQ(XMEMCMP(out, fileData, fileDataSz), 0);
  34475. BIO_free(bio);
  34476. XFREE(fileData, NULL, DYNAMIC_TYPE_TMP_BUFFER);
  34477. XFREE(name, NULL, DYNAMIC_TYPE_TMP_BUFFER);
  34478. XFREE(header, NULL, DYNAMIC_TYPE_TMP_BUFFER);
  34479. XFREE(data, NULL, DYNAMIC_TYPE_TMP_BUFFER);
  34480. printf(resultFmt, passed);
  34481. #endif
  34482. }
  34483. static void test_wolfssl_EVP_aes_gcm_AAD_2_parts(void)
  34484. {
  34485. #if defined(OPENSSL_EXTRA) && !defined(NO_AES) && defined(HAVE_AESGCM) && \
  34486. !defined(HAVE_SELFTEST) && !defined(HAVE_FIPS)
  34487. const byte iv[12] = { 0 };
  34488. const byte key[16] = { 0 };
  34489. const byte cleartext[16] = { 0 };
  34490. const byte aad[] = {
  34491. 0x01, 0x10, 0x00, 0x2a, 0x08, 0x00, 0x04, 0x00,
  34492. 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x08,
  34493. 0x00, 0x00, 0xdc, 0x4d, 0xad, 0x6b, 0x06, 0x93,
  34494. 0x4f
  34495. };
  34496. byte out1Part[16];
  34497. byte outTag1Part[16];
  34498. byte out2Part[16];
  34499. byte outTag2Part[16];
  34500. byte decryptBuf[16];
  34501. int len;
  34502. int tlen;
  34503. EVP_CIPHER_CTX* ctx = NULL;
  34504. printf(testingFmt, "wolfssl_EVP_aes_gcm_AAD_2_parts");
  34505. /* ENCRYPT */
  34506. /* Send AAD and data in 1 part */
  34507. AssertNotNull(ctx = EVP_CIPHER_CTX_new());
  34508. tlen = 0;
  34509. AssertIntEQ(EVP_EncryptInit_ex(ctx, EVP_aes_128_gcm(), NULL, NULL, NULL),
  34510. 1);
  34511. AssertIntEQ(EVP_EncryptInit_ex(ctx, NULL, NULL, key, iv), 1);
  34512. AssertIntEQ(EVP_EncryptUpdate(ctx, NULL, &len, aad, sizeof(aad)), 1);
  34513. AssertIntEQ(EVP_EncryptUpdate(ctx, out1Part, &len, cleartext,
  34514. sizeof(cleartext)), 1);
  34515. tlen += len;
  34516. AssertIntEQ(EVP_EncryptFinal_ex(ctx, out1Part, &len), 1);
  34517. tlen += len;
  34518. AssertIntEQ(tlen, sizeof(cleartext));
  34519. AssertIntEQ(EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_GET_TAG, 16,
  34520. outTag1Part), 1);
  34521. EVP_CIPHER_CTX_free(ctx);
  34522. /* DECRYPT */
  34523. /* Send AAD and data in 1 part */
  34524. AssertNotNull(ctx = EVP_CIPHER_CTX_new());
  34525. tlen = 0;
  34526. AssertIntEQ(EVP_DecryptInit_ex(ctx, EVP_aes_128_gcm(), NULL, NULL, NULL),
  34527. 1);
  34528. AssertIntEQ(EVP_DecryptInit_ex(ctx, NULL, NULL, key, iv), 1);
  34529. AssertIntEQ(EVP_DecryptUpdate(ctx, NULL, &len, aad, sizeof(aad)), 1);
  34530. AssertIntEQ(EVP_DecryptUpdate(ctx, decryptBuf, &len, out1Part,
  34531. sizeof(cleartext)), 1);
  34532. tlen += len;
  34533. AssertIntEQ(EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_SET_TAG, 16,
  34534. outTag1Part), 1);
  34535. AssertIntEQ(EVP_DecryptFinal_ex(ctx, decryptBuf, &len), 1);
  34536. tlen += len;
  34537. AssertIntEQ(tlen, sizeof(cleartext));
  34538. EVP_CIPHER_CTX_free(ctx);
  34539. AssertIntEQ(XMEMCMP(decryptBuf, cleartext, len), 0);
  34540. /* ENCRYPT */
  34541. /* Send AAD and data in 2 parts */
  34542. AssertNotNull(ctx = EVP_CIPHER_CTX_new());
  34543. tlen = 0;
  34544. AssertIntEQ(EVP_EncryptInit_ex(ctx, EVP_aes_128_gcm(), NULL, NULL, NULL),
  34545. 1);
  34546. AssertIntEQ(EVP_EncryptInit_ex(ctx, NULL, NULL, key, iv), 1);
  34547. AssertIntEQ(EVP_EncryptUpdate(ctx, NULL, &len, aad, 1), 1);
  34548. AssertIntEQ(EVP_EncryptUpdate(ctx, NULL, &len, aad + 1, sizeof(aad) - 1),
  34549. 1);
  34550. AssertIntEQ(EVP_EncryptUpdate(ctx, out2Part, &len, cleartext, 1), 1);
  34551. tlen += len;
  34552. AssertIntEQ(EVP_EncryptUpdate(ctx, out2Part + tlen, &len, cleartext + 1,
  34553. sizeof(cleartext) - 1), 1);
  34554. tlen += len;
  34555. AssertIntEQ(EVP_EncryptFinal_ex(ctx, out2Part + tlen, &len), 1);
  34556. tlen += len;
  34557. AssertIntEQ(tlen, sizeof(cleartext));
  34558. AssertIntEQ(EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_GET_TAG, 16,
  34559. outTag2Part), 1);
  34560. AssertIntEQ(XMEMCMP(out1Part, out2Part, sizeof(out1Part)), 0);
  34561. AssertIntEQ(XMEMCMP(outTag1Part, outTag2Part, sizeof(outTag1Part)), 0);
  34562. EVP_CIPHER_CTX_free(ctx);
  34563. /* DECRYPT */
  34564. /* Send AAD and data in 2 parts */
  34565. AssertNotNull(ctx = EVP_CIPHER_CTX_new());
  34566. tlen = 0;
  34567. AssertIntEQ(EVP_DecryptInit_ex(ctx, EVP_aes_128_gcm(), NULL, NULL, NULL),
  34568. 1);
  34569. AssertIntEQ(EVP_DecryptInit_ex(ctx, NULL, NULL, key, iv), 1);
  34570. AssertIntEQ(EVP_DecryptUpdate(ctx, NULL, &len, aad, 1), 1);
  34571. AssertIntEQ(EVP_DecryptUpdate(ctx, NULL, &len, aad + 1, sizeof(aad) - 1),
  34572. 1);
  34573. AssertIntEQ(EVP_DecryptUpdate(ctx, decryptBuf, &len, out1Part, 1), 1);
  34574. tlen += len;
  34575. AssertIntEQ(EVP_DecryptUpdate(ctx, decryptBuf + tlen, &len, out1Part + 1,
  34576. sizeof(cleartext) - 1), 1);
  34577. tlen += len;
  34578. AssertIntEQ(EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_SET_TAG, 16,
  34579. outTag1Part), 1);
  34580. AssertIntEQ(EVP_DecryptFinal_ex(ctx, decryptBuf + tlen, &len), 1);
  34581. tlen += len;
  34582. AssertIntEQ(tlen, sizeof(cleartext));
  34583. AssertIntEQ(XMEMCMP(decryptBuf, cleartext, len), 0);
  34584. /* Test AAD re-use */
  34585. EVP_CIPHER_CTX_free(ctx);
  34586. printf(resultFmt, passed);
  34587. #endif
  34588. }
  34589. #if defined(OPENSSL_EXTRA) && !defined(NO_AES) && defined(HAVE_AESGCM) && \
  34590. !defined(HAVE_SELFTEST) && !defined(HAVE_FIPS)
  34591. static void test_wolfssl_EVP_aes_gcm_zeroLen(void)
  34592. {
  34593. /* Zero length plain text */
  34594. byte key[] = {
  34595. 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
  34596. 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
  34597. 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
  34598. 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00
  34599. }; /* align */
  34600. byte iv[] = {
  34601. 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00
  34602. }; /* align */
  34603. byte plaintxt[0];
  34604. int ivSz = 12;
  34605. int plaintxtSz = 0;
  34606. unsigned char tag[16];
  34607. unsigned char tag_kat[] =
  34608. {0x53,0x0f,0x8a,0xfb,0xc7,0x45,0x36,0xb9,
  34609. 0xa9,0x63,0xb4,0xf1,0xc4,0xcb,0x73,0x8b};
  34610. byte ciphertxt[AES_BLOCK_SIZE * 4] = {0};
  34611. byte decryptedtxt[AES_BLOCK_SIZE * 4] = {0};
  34612. int ciphertxtSz = 0;
  34613. int decryptedtxtSz = 0;
  34614. int len = 0;
  34615. EVP_CIPHER_CTX *en = EVP_CIPHER_CTX_new();
  34616. EVP_CIPHER_CTX *de = EVP_CIPHER_CTX_new();
  34617. AssertIntEQ(1, EVP_EncryptInit_ex(en, EVP_aes_256_gcm(), NULL, key, iv));
  34618. AssertIntEQ(1, EVP_CIPHER_CTX_ctrl(en, EVP_CTRL_GCM_SET_IVLEN, ivSz, NULL));
  34619. AssertIntEQ(1, EVP_EncryptUpdate(en, ciphertxt, &ciphertxtSz , plaintxt,
  34620. plaintxtSz));
  34621. AssertIntEQ(1, EVP_EncryptFinal_ex(en, ciphertxt, &len));
  34622. ciphertxtSz += len;
  34623. AssertIntEQ(1, EVP_CIPHER_CTX_ctrl(en, EVP_CTRL_GCM_GET_TAG, 16, tag));
  34624. AssertIntEQ(1, EVP_CIPHER_CTX_cleanup(en));
  34625. AssertIntEQ(0, ciphertxtSz);
  34626. AssertIntEQ(0, XMEMCMP(tag, tag_kat, sizeof(tag)));
  34627. EVP_CIPHER_CTX_init(de);
  34628. AssertIntEQ(1, EVP_DecryptInit_ex(de, EVP_aes_256_gcm(), NULL, key, iv));
  34629. AssertIntEQ(1, EVP_CIPHER_CTX_ctrl(de, EVP_CTRL_GCM_SET_IVLEN, ivSz, NULL));
  34630. AssertIntEQ(1, EVP_DecryptUpdate(de, NULL, &len, ciphertxt, len));
  34631. decryptedtxtSz = len;
  34632. AssertIntEQ(1, EVP_CIPHER_CTX_ctrl(de, EVP_CTRL_GCM_SET_TAG, 16, tag));
  34633. AssertIntEQ(1, EVP_DecryptFinal_ex(de, decryptedtxt, &len));
  34634. decryptedtxtSz += len;
  34635. AssertIntEQ(0, decryptedtxtSz);
  34636. EVP_CIPHER_CTX_free(en);
  34637. EVP_CIPHER_CTX_free(de);
  34638. }
  34639. #endif
  34640. static void test_wolfssl_EVP_aes_gcm(void)
  34641. {
  34642. #if defined(OPENSSL_EXTRA) && !defined(NO_AES) && defined(HAVE_AESGCM) && \
  34643. !defined(HAVE_SELFTEST) && !defined(HAVE_FIPS)
  34644. /* A 256 bit key, AES_128 will use the first 128 bit*/
  34645. byte *key = (byte*)"01234567890123456789012345678901";
  34646. /* A 128 bit IV */
  34647. byte *iv = (byte*)"0123456789012345";
  34648. int ivSz = AES_BLOCK_SIZE;
  34649. /* Message to be encrypted */
  34650. byte *plaintxt = (byte*)"for things to change you have to change";
  34651. /* Additional non-confidential data */
  34652. byte *aad = (byte*)"Don't spend major time on minor things.";
  34653. unsigned char tag[AES_BLOCK_SIZE] = {0};
  34654. int plaintxtSz = (int)XSTRLEN((char*)plaintxt);
  34655. int aadSz = (int)XSTRLEN((char*)aad);
  34656. byte ciphertxt[AES_BLOCK_SIZE * 4] = {0};
  34657. byte decryptedtxt[AES_BLOCK_SIZE * 4] = {0};
  34658. int ciphertxtSz = 0;
  34659. int decryptedtxtSz = 0;
  34660. int len = 0;
  34661. int i = 0;
  34662. EVP_CIPHER_CTX en[2];
  34663. EVP_CIPHER_CTX de[2];
  34664. printf(testingFmt, "wolfssl_EVP_aes_gcm");
  34665. for (i = 0; i < 2; i++) {
  34666. EVP_CIPHER_CTX_init(&en[i]);
  34667. if (i == 0) {
  34668. /* Default uses 96-bits IV length */
  34669. #ifdef WOLFSSL_AES_128
  34670. AssertIntEQ(1, EVP_EncryptInit_ex(&en[i], EVP_aes_128_gcm(), NULL, key, iv));
  34671. #elif defined(WOLFSSL_AES_192)
  34672. AssertIntEQ(1, EVP_EncryptInit_ex(&en[i], EVP_aes_192_gcm(), NULL, key, iv));
  34673. #elif defined(WOLFSSL_AES_256)
  34674. AssertIntEQ(1, EVP_EncryptInit_ex(&en[i], EVP_aes_256_gcm(), NULL, key, iv));
  34675. #endif
  34676. }
  34677. else {
  34678. #ifdef WOLFSSL_AES_128
  34679. AssertIntEQ(1, EVP_EncryptInit_ex(&en[i], EVP_aes_128_gcm(), NULL, NULL, NULL));
  34680. #elif defined(WOLFSSL_AES_192)
  34681. AssertIntEQ(1, EVP_EncryptInit_ex(&en[i], EVP_aes_192_gcm(), NULL, NULL, NULL));
  34682. #elif defined(WOLFSSL_AES_256)
  34683. AssertIntEQ(1, EVP_EncryptInit_ex(&en[i], EVP_aes_256_gcm(), NULL, NULL, NULL));
  34684. #endif
  34685. /* non-default must to set the IV length first */
  34686. AssertIntEQ(1, EVP_CIPHER_CTX_ctrl(&en[i], EVP_CTRL_GCM_SET_IVLEN, ivSz, NULL));
  34687. AssertIntEQ(1, EVP_EncryptInit_ex(&en[i], NULL, NULL, key, iv));
  34688. }
  34689. AssertIntEQ(1, EVP_EncryptUpdate(&en[i], NULL, &len, aad, aadSz));
  34690. AssertIntEQ(1, EVP_EncryptUpdate(&en[i], ciphertxt, &len, plaintxt, plaintxtSz));
  34691. ciphertxtSz = len;
  34692. AssertIntEQ(1, EVP_EncryptFinal_ex(&en[i], ciphertxt, &len));
  34693. ciphertxtSz += len;
  34694. AssertIntEQ(1, EVP_CIPHER_CTX_ctrl(&en[i], EVP_CTRL_GCM_GET_TAG, AES_BLOCK_SIZE, tag));
  34695. AssertIntEQ(wolfSSL_EVP_CIPHER_CTX_cleanup(&en[i]), 1);
  34696. EVP_CIPHER_CTX_init(&de[i]);
  34697. if (i == 0) {
  34698. /* Default uses 96-bits IV length */
  34699. #ifdef WOLFSSL_AES_128
  34700. AssertIntEQ(1, EVP_DecryptInit_ex(&de[i], EVP_aes_128_gcm(), NULL, key, iv));
  34701. #elif defined(WOLFSSL_AES_192)
  34702. AssertIntEQ(1, EVP_DecryptInit_ex(&de[i], EVP_aes_192_gcm(), NULL, key, iv));
  34703. #elif defined(WOLFSSL_AES_256)
  34704. AssertIntEQ(1, EVP_DecryptInit_ex(&de[i], EVP_aes_256_gcm(), NULL, key, iv));
  34705. #endif
  34706. }
  34707. else {
  34708. #ifdef WOLFSSL_AES_128
  34709. AssertIntEQ(1, EVP_DecryptInit_ex(&de[i], EVP_aes_128_gcm(), NULL, NULL, NULL));
  34710. #elif defined(WOLFSSL_AES_192)
  34711. AssertIntEQ(1, EVP_DecryptInit_ex(&de[i], EVP_aes_192_gcm(), NULL, NULL, NULL));
  34712. #elif defined(WOLFSSL_AES_256)
  34713. AssertIntEQ(1, EVP_DecryptInit_ex(&de[i], EVP_aes_256_gcm(), NULL, NULL, NULL));
  34714. #endif
  34715. /* non-default must to set the IV length first */
  34716. AssertIntEQ(1, EVP_CIPHER_CTX_ctrl(&de[i], EVP_CTRL_GCM_SET_IVLEN, ivSz, NULL));
  34717. AssertIntEQ(1, EVP_DecryptInit_ex(&de[i], NULL, NULL, key, iv));
  34718. }
  34719. AssertIntEQ(1, EVP_DecryptUpdate(&de[i], NULL, &len, aad, aadSz));
  34720. AssertIntEQ(1, EVP_DecryptUpdate(&de[i], decryptedtxt, &len, ciphertxt, ciphertxtSz));
  34721. decryptedtxtSz = len;
  34722. AssertIntEQ(1, EVP_CIPHER_CTX_ctrl(&de[i], EVP_CTRL_GCM_SET_TAG, AES_BLOCK_SIZE, tag));
  34723. AssertIntEQ(1, EVP_DecryptFinal_ex(&de[i], decryptedtxt, &len));
  34724. decryptedtxtSz += len;
  34725. AssertIntEQ(ciphertxtSz, decryptedtxtSz);
  34726. AssertIntEQ(0, XMEMCMP(plaintxt, decryptedtxt, decryptedtxtSz));
  34727. /* modify tag*/
  34728. tag[AES_BLOCK_SIZE-1]+=0xBB;
  34729. AssertIntEQ(1, EVP_DecryptUpdate(&de[i], NULL, &len, aad, aadSz));
  34730. AssertIntEQ(1, EVP_CIPHER_CTX_ctrl(&de[i], EVP_CTRL_GCM_SET_TAG, AES_BLOCK_SIZE, tag));
  34731. /* fail due to wrong tag */
  34732. AssertIntEQ(1, EVP_DecryptUpdate(&de[i], decryptedtxt, &len, ciphertxt, ciphertxtSz));
  34733. AssertIntEQ(0, EVP_DecryptFinal_ex(&de[i], decryptedtxt, &len));
  34734. AssertIntEQ(0, len);
  34735. AssertIntEQ(wolfSSL_EVP_CIPHER_CTX_cleanup(&de[i]), 1);
  34736. }
  34737. test_wolfssl_EVP_aes_gcm_zeroLen();
  34738. printf(resultFmt, passed);
  34739. #endif /* OPENSSL_EXTRA && !NO_AES && HAVE_AESGCM */
  34740. }
  34741. #ifndef NO_BIO
  34742. static void test_wolfSSL_PEM_X509_INFO_read_bio(void)
  34743. {
  34744. #if defined(OPENSSL_ALL) && !defined(NO_FILESYSTEM)
  34745. BIO* bio;
  34746. X509_INFO* info;
  34747. STACK_OF(X509_INFO)* sk;
  34748. char* subject;
  34749. char exp1[] = "/C=US/ST=Montana/L=Bozeman/O=Sawtooth/OU=Consulting/CN=www.wolfssl.com/emailAddress=info@wolfssl.com";
  34750. char exp2[] = "/C=US/ST=Montana/L=Bozeman/O=wolfSSL/OU=Support/CN=www.wolfssl.com/emailAddress=info@wolfssl.com";
  34751. printf(testingFmt, "wolfSSL_PEM_X509_INFO_read_bio");
  34752. AssertNotNull(bio = BIO_new(BIO_s_file()));
  34753. AssertIntGT(BIO_read_filename(bio, svrCertFile), 0);
  34754. AssertNotNull(sk = PEM_X509_INFO_read_bio(bio, NULL, NULL, NULL));
  34755. AssertIntEQ(sk_X509_INFO_num(sk), 2);
  34756. /* using dereference to maintain testing for Apache port*/
  34757. AssertNotNull(info = sk_X509_INFO_pop(sk));
  34758. AssertNotNull(info->x_pkey);
  34759. AssertNotNull(info->x_pkey->dec_pkey);
  34760. AssertIntEQ(EVP_PKEY_bits(info->x_pkey->dec_pkey), 2048);
  34761. AssertNotNull(subject =
  34762. X509_NAME_oneline(X509_get_subject_name(info->x509), 0, 0));
  34763. AssertIntEQ(0, XSTRNCMP(subject, exp1, sizeof(exp1)));
  34764. XFREE(subject, 0, DYNAMIC_TYPE_OPENSSL);
  34765. X509_INFO_free(info);
  34766. AssertNotNull(info = sk_X509_INFO_pop(sk));
  34767. AssertNotNull(subject =
  34768. X509_NAME_oneline(X509_get_subject_name(info->x509), 0, 0));
  34769. AssertIntEQ(0, XSTRNCMP(subject, exp2, sizeof(exp2)));
  34770. XFREE(subject, 0, DYNAMIC_TYPE_OPENSSL);
  34771. X509_INFO_free(info);
  34772. AssertNull(info = sk_X509_INFO_pop(sk));
  34773. sk_X509_INFO_pop_free(sk, X509_INFO_free);
  34774. BIO_free(bio);
  34775. printf(resultFmt, passed);
  34776. #endif
  34777. }
  34778. #endif /* !NO_BIO */
  34779. static void test_wolfSSL_X509_NAME_ENTRY_get_object(void)
  34780. {
  34781. #if defined(OPENSSL_EXTRA) && !defined(NO_FILESYSTEM) && !defined(NO_RSA)
  34782. X509 *x509;
  34783. X509_NAME* name;
  34784. int idx = 0;
  34785. X509_NAME_ENTRY *ne;
  34786. ASN1_OBJECT *object = NULL;
  34787. printf(testingFmt, "wolfSSL_X509_NAME_ENTRY_get_object");
  34788. x509 = wolfSSL_X509_load_certificate_file(cliCertFile, WOLFSSL_FILETYPE_PEM);
  34789. AssertNotNull(x509);
  34790. name = X509_get_subject_name(x509);
  34791. idx = X509_NAME_get_index_by_NID(name, NID_commonName, -1);
  34792. AssertIntGE(idx, 0);
  34793. ne = X509_NAME_get_entry(name, idx);
  34794. AssertNotNull(ne);
  34795. AssertNotNull(object = X509_NAME_ENTRY_get_object(ne));
  34796. X509_free(x509);
  34797. printf(resultFmt, passed);
  34798. #endif
  34799. }
  34800. static void test_wolfSSL_ASN1_INTEGER_set(void)
  34801. {
  34802. #if defined(OPENSSL_EXTRA) && !defined(NO_ASN)
  34803. ASN1_INTEGER *a;
  34804. long val;
  34805. int ret;
  34806. printf(testingFmt, "wolfSSL_ASN1_INTEGER_set");
  34807. a = wolfSSL_ASN1_INTEGER_new();
  34808. val = 0;
  34809. ret = ASN1_INTEGER_set(NULL, val);
  34810. AssertIntEQ(ret, 0);
  34811. wolfSSL_ASN1_INTEGER_free(a);
  34812. /* 0 */
  34813. a = wolfSSL_ASN1_INTEGER_new();
  34814. val = 0;
  34815. ret = ASN1_INTEGER_set(a, val);
  34816. AssertIntEQ(ret, 1);
  34817. wolfSSL_ASN1_INTEGER_free(a);
  34818. /* 40 */
  34819. a = wolfSSL_ASN1_INTEGER_new();
  34820. val = 40;
  34821. ret = ASN1_INTEGER_set(a, val);
  34822. AssertIntEQ(ret, 1);
  34823. wolfSSL_ASN1_INTEGER_free(a);
  34824. /* -40 */
  34825. a = wolfSSL_ASN1_INTEGER_new();
  34826. val = -40;
  34827. ret = ASN1_INTEGER_set(a, val);
  34828. AssertIntEQ(ret, 1);
  34829. AssertIntEQ(a->negative, 1);
  34830. wolfSSL_ASN1_INTEGER_free(a);
  34831. /* 128 */
  34832. a = wolfSSL_ASN1_INTEGER_new();
  34833. val = 128;
  34834. ret = ASN1_INTEGER_set(a, val);
  34835. AssertIntEQ(ret, 1);
  34836. wolfSSL_ASN1_INTEGER_free(a);
  34837. /* -128 */
  34838. a = wolfSSL_ASN1_INTEGER_new();
  34839. val = -128;
  34840. ret = ASN1_INTEGER_set(a, val);
  34841. AssertIntEQ(ret, 1);
  34842. AssertIntEQ(a->negative, 1);
  34843. wolfSSL_ASN1_INTEGER_free(a);
  34844. /* 200 */
  34845. a = wolfSSL_ASN1_INTEGER_new();
  34846. val = 200;
  34847. ret = ASN1_INTEGER_set(a, val);
  34848. AssertIntEQ(ret, 1);
  34849. wolfSSL_ASN1_INTEGER_free(a);
  34850. #ifndef TIME_T_NOT_64BIT
  34851. /* int max (2147483647) */
  34852. a = wolfSSL_ASN1_INTEGER_new();
  34853. val = 2147483647;
  34854. ret = ASN1_INTEGER_set(a, val);
  34855. AssertIntEQ(ret, 1);
  34856. wolfSSL_ASN1_INTEGER_free(a);
  34857. /* int min (-2147483648) */
  34858. a = wolfSSL_ASN1_INTEGER_new();
  34859. val = -2147483647 - 1;
  34860. ret = ASN1_INTEGER_set(a, val);
  34861. AssertIntEQ(a->negative, 1);
  34862. AssertIntEQ(ret, 1);
  34863. wolfSSL_ASN1_INTEGER_free(a);
  34864. #endif
  34865. printf(resultFmt, passed);
  34866. #endif
  34867. }
  34868. /* Testing code used in dpp.c in hostap */
  34869. #if defined(OPENSSL_ALL) && defined(HAVE_ECC) && defined(USE_CERT_BUFFERS_256)
  34870. typedef struct {
  34871. /* AlgorithmIdentifier ecPublicKey with optional parameters present
  34872. * as an OID identifying the curve */
  34873. X509_ALGOR *alg;
  34874. /* Compressed format public key per ANSI X9.63 */
  34875. ASN1_BIT_STRING *pub_key;
  34876. } DPP_BOOTSTRAPPING_KEY;
  34877. ASN1_SEQUENCE(DPP_BOOTSTRAPPING_KEY) = {
  34878. ASN1_SIMPLE(DPP_BOOTSTRAPPING_KEY, alg, X509_ALGOR),
  34879. ASN1_SIMPLE(DPP_BOOTSTRAPPING_KEY, pub_key, ASN1_BIT_STRING)
  34880. } ASN1_SEQUENCE_END(DPP_BOOTSTRAPPING_KEY);
  34881. IMPLEMENT_ASN1_FUNCTIONS(DPP_BOOTSTRAPPING_KEY);
  34882. #endif
  34883. static void test_wolfSSL_IMPLEMENT_ASN1_FUNCTIONS(void)
  34884. {
  34885. /* Testing code used in dpp.c in hostap */
  34886. #if defined(OPENSSL_ALL) && defined(HAVE_ECC) && defined(USE_CERT_BUFFERS_256)
  34887. #if !defined(HAVE_FIPS) || (defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION>2))
  34888. EC_KEY *eckey;
  34889. EVP_PKEY *key;
  34890. size_t len;
  34891. unsigned char *der = NULL;
  34892. DPP_BOOTSTRAPPING_KEY *bootstrap = NULL;
  34893. const unsigned char *in = ecc_clikey_der_256;
  34894. const EC_GROUP *group;
  34895. const EC_POINT *point;
  34896. int nid;
  34897. AssertNotNull(bootstrap = DPP_BOOTSTRAPPING_KEY_new());
  34898. AssertNotNull(key = d2i_PrivateKey(EVP_PKEY_EC, NULL, &in,
  34899. (long)sizeof_ecc_clikey_der_256));
  34900. AssertNotNull(eckey = EVP_PKEY_get1_EC_KEY(key));
  34901. AssertNotNull(group = EC_KEY_get0_group(eckey));
  34902. AssertNotNull(point = EC_KEY_get0_public_key(eckey));
  34903. nid = EC_GROUP_get_curve_name(group);
  34904. AssertIntEQ(X509_ALGOR_set0(bootstrap->alg, OBJ_nid2obj(EVP_PKEY_EC),
  34905. V_ASN1_OBJECT, OBJ_nid2obj(nid)), 1);
  34906. #ifdef HAVE_COMP_KEY
  34907. AssertIntGT((len = EC_POINT_point2oct(group, point, POINT_CONVERSION_COMPRESSED,
  34908. NULL, 0, NULL)), 0);
  34909. #else
  34910. AssertIntGT((len = EC_POINT_point2oct(group, point, POINT_CONVERSION_UNCOMPRESSED,
  34911. NULL, 0, NULL)), 0);
  34912. #endif
  34913. AssertNotNull(der = (unsigned char*)XMALLOC(len, NULL, DYNAMIC_TYPE_ASN1));
  34914. #ifdef HAVE_COMP_KEY
  34915. AssertIntEQ(EC_POINT_point2oct(group, point, POINT_CONVERSION_COMPRESSED,
  34916. der, len, NULL), len);
  34917. #else
  34918. AssertIntEQ(EC_POINT_point2oct(group, point, POINT_CONVERSION_UNCOMPRESSED,
  34919. der, len, NULL), len);
  34920. #endif
  34921. bootstrap->pub_key->data = der;
  34922. bootstrap->pub_key->length = (int)len;
  34923. /* Not actually used */
  34924. bootstrap->pub_key->flags &= ~(ASN1_STRING_FLAG_BITS_LEFT | 0x07);
  34925. bootstrap->pub_key->flags |= ASN1_STRING_FLAG_BITS_LEFT;
  34926. der = NULL;
  34927. AssertIntGT(i2d_DPP_BOOTSTRAPPING_KEY(bootstrap, &der), 0);
  34928. XFREE(der, NULL, DYNAMIC_TYPE_ASN1);
  34929. EVP_PKEY_free(key);
  34930. EC_KEY_free(eckey);
  34931. DPP_BOOTSTRAPPING_KEY_free(bootstrap);
  34932. #endif /* !HAVE_FIPS || HAVE_FIPS_VERSION > 2 */
  34933. #endif /* WOLFSSL_WPAS && HAVE_ECC && USE_CERT_BUFFERS_256 */
  34934. }
  34935. static void test_wolfSSL_i2c_ASN1_INTEGER(void)
  34936. {
  34937. #if defined(OPENSSL_EXTRA) && !defined(NO_ASN)
  34938. ASN1_INTEGER *a;
  34939. unsigned char *pp,*tpp;
  34940. int ret;
  34941. printf(testingFmt, "wolfSSL_i2c_ASN1_INTEGER");
  34942. a = wolfSSL_ASN1_INTEGER_new();
  34943. /* 40 */
  34944. a->intData[0] = ASN_INTEGER;
  34945. a->intData[1] = 1;
  34946. a->intData[2] = 40;
  34947. ret = i2c_ASN1_INTEGER(a, NULL);
  34948. AssertIntEQ(ret, 1);
  34949. AssertNotNull(pp = (unsigned char*)XMALLOC(ret + 1, NULL,
  34950. DYNAMIC_TYPE_TMP_BUFFER));
  34951. tpp = pp;
  34952. XMEMSET(pp, 0, ret + 1);
  34953. i2c_ASN1_INTEGER(a, &pp);
  34954. pp--;
  34955. AssertIntEQ(*pp, 40);
  34956. XFREE(tpp, NULL, DYNAMIC_TYPE_TMP_BUFFER);
  34957. /* 128 */
  34958. a->intData[0] = ASN_INTEGER;
  34959. a->intData[1] = 1;
  34960. a->intData[2] = 128;
  34961. ret = wolfSSL_i2c_ASN1_INTEGER(a, NULL);
  34962. AssertIntEQ(ret, 2);
  34963. AssertNotNull(pp = (unsigned char*)XMALLOC(ret + 1, NULL,
  34964. DYNAMIC_TYPE_TMP_BUFFER));
  34965. tpp = pp;
  34966. XMEMSET(pp, 0, ret + 1);
  34967. wolfSSL_i2c_ASN1_INTEGER(a, &pp);
  34968. pp--;
  34969. AssertIntEQ(*(pp--), 128);
  34970. AssertIntEQ(*pp, 0);
  34971. XFREE(tpp, NULL, DYNAMIC_TYPE_TMP_BUFFER);
  34972. /* -40 */
  34973. a->intData[0] = ASN_INTEGER;
  34974. a->intData[1] = 1;
  34975. a->intData[2] = 40;
  34976. a->negative = 1;
  34977. ret = wolfSSL_i2c_ASN1_INTEGER(a, NULL);
  34978. AssertIntEQ(ret, 1);
  34979. AssertNotNull(pp = (unsigned char*)XMALLOC(ret + 1, NULL,
  34980. DYNAMIC_TYPE_TMP_BUFFER));
  34981. tpp = pp;
  34982. XMEMSET(pp, 0, ret + 1);
  34983. wolfSSL_i2c_ASN1_INTEGER(a, &pp);
  34984. pp--;
  34985. AssertIntEQ(*pp, 216);
  34986. XFREE(tpp, NULL, DYNAMIC_TYPE_TMP_BUFFER);
  34987. /* -128 */
  34988. a->intData[0] = ASN_INTEGER;
  34989. a->intData[1] = 1;
  34990. a->intData[2] = 128;
  34991. a->negative = 1;
  34992. ret = wolfSSL_i2c_ASN1_INTEGER(a, NULL);
  34993. AssertIntEQ(ret, 1);
  34994. AssertNotNull(pp = (unsigned char*)XMALLOC(ret + 1, NULL,
  34995. DYNAMIC_TYPE_TMP_BUFFER));
  34996. tpp = pp;
  34997. XMEMSET(pp, 0, ret + 1);
  34998. wolfSSL_i2c_ASN1_INTEGER(a, &pp);
  34999. pp--;
  35000. AssertIntEQ(*pp, 128);
  35001. XFREE(tpp, NULL, DYNAMIC_TYPE_TMP_BUFFER);
  35002. /* -200 */
  35003. a->intData[0] = ASN_INTEGER;
  35004. a->intData[1] = 1;
  35005. a->intData[2] = 200;
  35006. a->negative = 1;
  35007. ret = wolfSSL_i2c_ASN1_INTEGER(a, NULL);
  35008. AssertIntEQ(ret, 2);
  35009. AssertNotNull(pp = (unsigned char*)XMALLOC(ret + 1, NULL,
  35010. DYNAMIC_TYPE_TMP_BUFFER));
  35011. tpp = pp;
  35012. XMEMSET(pp, 0, ret + 1);
  35013. wolfSSL_i2c_ASN1_INTEGER(a, &pp);
  35014. pp--;
  35015. AssertIntEQ(*(pp--), 56);
  35016. AssertIntEQ(*pp, 255);
  35017. XFREE(tpp, NULL, DYNAMIC_TYPE_TMP_BUFFER);
  35018. wolfSSL_ASN1_INTEGER_free(a);
  35019. printf(resultFmt, passed);
  35020. #endif /* OPENSSL_EXTRA && !NO_ASN */
  35021. }
  35022. #ifndef NO_INLINE
  35023. #define WOLFSSL_MISC_INCLUDED
  35024. #include <wolfcrypt/src/misc.c>
  35025. #else
  35026. #include <wolfssl/wolfcrypt/misc.h>
  35027. #endif
  35028. static int test_ForceZero(void)
  35029. {
  35030. unsigned char data[32];
  35031. unsigned int i, j, len;
  35032. /* Test case with 0 length */
  35033. ForceZero(data, 0);
  35034. /* Test ForceZero */
  35035. for (i = 0; i < sizeof(data); i++) {
  35036. for (len = 1; len < sizeof(data) - i; len++) {
  35037. for (j = 0; j < sizeof(data); j++)
  35038. data[j] = j + 1;
  35039. ForceZero(data + i, len);
  35040. for (j = 0; j < sizeof(data); j++) {
  35041. if (j < i || j >= i + len) {
  35042. if (data[j] == 0x00)
  35043. return -10200;
  35044. }
  35045. else if (data[j] != 0x00)
  35046. return -10201;
  35047. }
  35048. }
  35049. }
  35050. return 0;
  35051. }
  35052. #ifndef NO_BIO
  35053. static void test_wolfSSL_X509_print(void)
  35054. {
  35055. #if defined(OPENSSL_EXTRA) && !defined(NO_FILESYSTEM) && \
  35056. !defined(NO_RSA) && !defined(HAVE_FAST_RSA) && defined(XSNPRINTF)
  35057. X509 *x509;
  35058. BIO *bio;
  35059. #if defined(OPENSSL_ALL) && !defined(NO_WOLFSSL_DIR)
  35060. const X509_ALGOR *cert_sig_alg;
  35061. #endif
  35062. printf(testingFmt, "wolfSSL_X509_print");
  35063. x509 = X509_load_certificate_file(svrCertFile, WOLFSSL_FILETYPE_PEM);
  35064. AssertNotNull(x509);
  35065. /* print to memory */
  35066. AssertNotNull(bio = BIO_new(BIO_s_mem()));
  35067. AssertIntEQ(X509_print(bio, x509), SSL_SUCCESS);
  35068. #if defined(WOLFSSL_QT)
  35069. AssertIntEQ(BIO_get_mem_data(bio, NULL), 3113);
  35070. #else
  35071. AssertIntEQ(BIO_get_mem_data(bio, NULL), 3103);
  35072. #endif
  35073. BIO_free(bio);
  35074. AssertNotNull(bio = BIO_new_fd(STDOUT_FILENO, BIO_NOCLOSE));
  35075. #if defined(OPENSSL_ALL) && !defined(NO_WOLFSSL_DIR)
  35076. /* Print signature */
  35077. AssertNotNull(cert_sig_alg = X509_get0_tbs_sigalg(x509));
  35078. AssertIntEQ(X509_signature_print(bio, cert_sig_alg, NULL), SSL_SUCCESS);
  35079. #endif
  35080. /* print to stdout */
  35081. #if !defined(NO_WOLFSSL_DIR)
  35082. AssertIntEQ(X509_print(bio, x509), SSL_SUCCESS);
  35083. #endif
  35084. /* print again */
  35085. AssertIntEQ(X509_print_fp(stdout, x509), SSL_SUCCESS);
  35086. X509_free(x509);
  35087. BIO_free(bio);
  35088. printf(resultFmt, passed);
  35089. #endif
  35090. }
  35091. static void test_wolfSSL_RSA_print(void)
  35092. {
  35093. #if defined(OPENSSL_EXTRA) && !defined(NO_FILESYSTEM) && \
  35094. !defined(NO_RSA) && !defined(HAVE_FAST_RSA) && defined(WOLFSSL_KEY_GEN) && \
  35095. !defined(HAVE_FAST_RSA) && !defined(NO_BIO)
  35096. BIO *bio;
  35097. WOLFSSL_RSA* rsa = NULL;
  35098. printf(testingFmt, "wolfSSL_RSA_print");
  35099. AssertNotNull(rsa = RSA_generate_key(2048, 3, NULL, NULL));
  35100. AssertNotNull(bio = BIO_new_fd(STDOUT_FILENO, BIO_NOCLOSE));
  35101. AssertIntEQ(RSA_print(bio, rsa, 0), SSL_SUCCESS);
  35102. BIO_free(bio);
  35103. wolfSSL_RSA_free(rsa);
  35104. printf(resultFmt, passed);
  35105. #endif
  35106. }
  35107. static void test_wolfSSL_BIO_get_len(void)
  35108. {
  35109. #if defined(OPENSSL_EXTRA) && !defined(NO_BIO)
  35110. BIO *bio;
  35111. const char txt[] = "Some example text to push to the BIO.";
  35112. printf(testingFmt, "wolfSSL_BIO_get_len");
  35113. AssertNotNull(bio = wolfSSL_BIO_new(wolfSSL_BIO_s_mem()));
  35114. AssertIntEQ(wolfSSL_BIO_write(bio, txt, sizeof(txt)), sizeof(txt));
  35115. AssertIntEQ(wolfSSL_BIO_get_len(bio), sizeof(txt));
  35116. BIO_free(bio);
  35117. printf(resultFmt, passed);
  35118. #endif
  35119. }
  35120. static void test_wolfSSL_ASN1_STRING_print(void){
  35121. #if defined(OPENSSL_ALL) && !defined(NO_ASN) && !defined(NO_CERTS)
  35122. ASN1_STRING* asnStr = NULL;
  35123. const char HELLO_DATA[]= \
  35124. {'H','e','l','l','o',' ','w','o','l','f','S','S','L','!'};
  35125. const unsigned int MAX_UNPRINTABLE_CHAR = 32;
  35126. const unsigned int MAX_BUF = 255;
  35127. const int LF = 10, CR = 13;
  35128. unsigned char unprintableData[MAX_UNPRINTABLE_CHAR + sizeof(HELLO_DATA)];
  35129. unsigned char expected[sizeof(unprintableData)+1];
  35130. unsigned char rbuf[MAX_BUF];
  35131. BIO *bio;
  35132. int p_len, i;
  35133. printf(testingFmt, "wolfSSL_ASN1_STRING_print()");
  35134. /* setup */
  35135. for (i = 0; i < (int)sizeof(HELLO_DATA); i++) {
  35136. unprintableData[i] = HELLO_DATA[i];
  35137. expected[i] = HELLO_DATA[i];
  35138. }
  35139. for (i = 0; i < (int)MAX_UNPRINTABLE_CHAR; i++) {
  35140. unprintableData[sizeof(HELLO_DATA)+i] = i;
  35141. if (i == LF || i == CR)
  35142. expected[sizeof(HELLO_DATA)+i] = i;
  35143. else
  35144. expected[sizeof(HELLO_DATA)+i] = '.';
  35145. }
  35146. unprintableData[sizeof(unprintableData)-1] = '\0';
  35147. expected[sizeof(expected)-1] = '\0';
  35148. XMEMSET(rbuf, 0, MAX_BUF);
  35149. bio = BIO_new(BIO_s_mem());
  35150. BIO_set_write_buf_size(bio, MAX_BUF);
  35151. asnStr = ASN1_STRING_type_new(V_ASN1_OCTET_STRING);
  35152. ASN1_STRING_set(asnStr,(const void*)unprintableData,
  35153. (int)sizeof(unprintableData));
  35154. /* test */
  35155. p_len = wolfSSL_ASN1_STRING_print(bio, asnStr);
  35156. AssertIntEQ(p_len, 46);
  35157. BIO_read(bio, (void*)rbuf, 46);
  35158. AssertStrEQ((char*)rbuf, (const char*)expected);
  35159. BIO_free(bio);
  35160. ASN1_STRING_free(asnStr);
  35161. printf(resultFmt, passed);
  35162. #endif /* OPENSSL_EXTRA && !NO_ASN && !NO_CERTS */
  35163. }
  35164. #endif /* !NO_BIO */
  35165. static void test_wolfSSL_ASN1_get_object(void)
  35166. {
  35167. #if defined(OPENSSL_EXTRA) && defined(HAVE_ECC) && defined(USE_CERT_BUFFERS_256)
  35168. const unsigned char* derBuf = cliecc_cert_der_256;
  35169. int len = sizeof_cliecc_cert_der_256;
  35170. long asnLen = 0;
  35171. int tag = 0, cls = 0;
  35172. ASN1_OBJECT *a;
  35173. printf(testingFmt, "wolfSSL_ASN1_get_object()");
  35174. /* Read a couple TLV triplets and make sure they match the expected values */
  35175. AssertIntEQ(ASN1_get_object(&derBuf, &asnLen, &tag, &cls, len) & 0x80, 0);
  35176. AssertIntEQ(asnLen, 841);
  35177. AssertIntEQ(tag, 0x10);
  35178. AssertIntEQ(cls, 0);
  35179. AssertIntEQ(ASN1_get_object(&derBuf, &asnLen, &tag, &cls,
  35180. len - (derBuf - cliecc_cert_der_256)) & 0x80, 0);
  35181. AssertIntEQ(asnLen, 750);
  35182. AssertIntEQ(tag, 0x10);
  35183. AssertIntEQ(cls, 0);
  35184. AssertIntEQ(ASN1_get_object(&derBuf, &asnLen, &tag, &cls,
  35185. len - (derBuf - cliecc_cert_der_256)) & 0x80, 0);
  35186. AssertIntEQ(asnLen, 3);
  35187. AssertIntEQ(tag, 0);
  35188. AssertIntEQ(cls, 0x80);
  35189. AssertIntEQ(ASN1_get_object(&derBuf, &asnLen, &tag, &cls,
  35190. len - (derBuf - cliecc_cert_der_256)) & 0x80, 0);
  35191. AssertIntEQ(asnLen, 1);
  35192. AssertIntEQ(tag, 0x2);
  35193. AssertIntEQ(cls, 0);
  35194. derBuf += asnLen;
  35195. AssertIntEQ(ASN1_get_object(&derBuf, &asnLen, &tag, &cls,
  35196. len - (derBuf - cliecc_cert_der_256)) & 0x80, 0);
  35197. AssertIntEQ(asnLen, 9);
  35198. AssertIntEQ(tag, 0x2);
  35199. AssertIntEQ(cls, 0);
  35200. derBuf += asnLen;
  35201. AssertIntEQ(ASN1_get_object(&derBuf, &asnLen, &tag, &cls,
  35202. len - (derBuf - cliecc_cert_der_256)) & 0x80, 0);
  35203. AssertIntEQ(asnLen, 10);
  35204. AssertIntEQ(tag, 0x10);
  35205. AssertIntEQ(cls, 0);
  35206. /* Read an ASN OBJECT */
  35207. AssertNotNull(d2i_ASN1_OBJECT(&a, &derBuf, len));
  35208. ASN1_OBJECT_free(a);
  35209. printf(resultFmt, passed);
  35210. #endif /* OPENSSL_EXTRA && HAVE_ECC && USE_CERT_BUFFERS_256 */
  35211. }
  35212. static void test_wolfSSL_RSA_verify(void)
  35213. {
  35214. #if defined(OPENSSL_EXTRA) && !defined(NO_RSA) && !defined(HAVE_FAST_RSA) && \
  35215. !defined(NO_FILESYSTEM) && defined(HAVE_CRL)
  35216. #ifndef NO_BIO
  35217. XFILE fp;
  35218. RSA *pKey, *pubKey;
  35219. X509 *cert;
  35220. const char *text = "Hello wolfSSL !";
  35221. unsigned char hash[SHA256_DIGEST_LENGTH];
  35222. unsigned char signature[2048/8];
  35223. unsigned int signatureLength;
  35224. byte *buf;
  35225. BIO *bio;
  35226. SHA256_CTX c;
  35227. EVP_PKEY *evpPkey, *evpPubkey;
  35228. size_t sz;
  35229. printf(testingFmt, "wolfSSL_RSA_verify");
  35230. /* generate hash */
  35231. SHA256_Init(&c);
  35232. SHA256_Update(&c, text, strlen(text));
  35233. SHA256_Final(hash, &c);
  35234. #ifdef WOLFSSL_SMALL_STACK_CACHE
  35235. /* workaround for small stack cache case */
  35236. wc_Sha256Free((wc_Sha256*)&c);
  35237. #endif
  35238. /* read privete key file */
  35239. fp = XFOPEN(svrKeyFile, "rb");
  35240. AssertTrue((fp != XBADFILE));
  35241. XFSEEK(fp, 0, XSEEK_END);
  35242. sz = XFTELL(fp);
  35243. XREWIND(fp);
  35244. AssertNotNull(buf = (byte*)XMALLOC(sz, NULL, DYNAMIC_TYPE_FILE));
  35245. AssertIntEQ(XFREAD(buf, 1, sz, fp), sz);
  35246. XFCLOSE(fp);
  35247. /* read private key and sign hash data */
  35248. AssertNotNull(bio = BIO_new_mem_buf(buf, (int)sz));
  35249. AssertNotNull(evpPkey = PEM_read_bio_PrivateKey(bio, NULL, NULL, NULL));
  35250. AssertNotNull(pKey = EVP_PKEY_get1_RSA(evpPkey));
  35251. AssertIntEQ(RSA_sign(NID_sha256, hash, SHA256_DIGEST_LENGTH,
  35252. signature, &signatureLength, pKey), SSL_SUCCESS);
  35253. /* read public key and verify signed data */
  35254. fp = XFOPEN(svrCertFile,"rb");
  35255. AssertTrue((fp != XBADFILE));
  35256. cert = PEM_read_X509(fp, 0, 0, 0 );
  35257. XFCLOSE(fp);
  35258. evpPubkey = X509_get_pubkey(cert);
  35259. pubKey = EVP_PKEY_get1_RSA(evpPubkey);
  35260. AssertIntEQ(RSA_verify(NID_sha256, hash, SHA256_DIGEST_LENGTH, signature,
  35261. signatureLength, pubKey), SSL_SUCCESS);
  35262. RSA_free(pKey);
  35263. EVP_PKEY_free(evpPkey);
  35264. RSA_free(pubKey);
  35265. EVP_PKEY_free(evpPubkey);
  35266. X509_free(cert);
  35267. BIO_free(bio);
  35268. XFREE(buf, NULL, DYNAMIC_TYPE_FILE);
  35269. printf(resultFmt, passed);
  35270. #endif
  35271. #endif
  35272. }
  35273. #if defined(OPENSSL_EXTRA) && !defined(NO_CERTS) && \
  35274. defined(WOLFSSL_CERT_GEN) && defined(WOLFSSL_CERT_REQ)
  35275. static void test_openssl_make_self_signed_certificate(EVP_PKEY* pkey)
  35276. {
  35277. X509* x509 = NULL;
  35278. BIGNUM* serial_number = NULL;
  35279. X509_NAME* name = NULL;
  35280. time_t epoch_off = 0;
  35281. ASN1_INTEGER* asn1_serial_number;
  35282. long not_before, not_after;
  35283. AssertNotNull(x509 = X509_new());
  35284. AssertIntNE(X509_set_pubkey(x509, pkey), 0);
  35285. AssertNotNull(serial_number = BN_new());
  35286. AssertIntNE(BN_pseudo_rand(serial_number, 64, 0, 0), 0);
  35287. AssertNotNull(asn1_serial_number = X509_get_serialNumber(x509));
  35288. AssertNotNull(BN_to_ASN1_INTEGER(serial_number, asn1_serial_number));
  35289. /* version 3 */
  35290. AssertIntNE(X509_set_version(x509, 2L), 0);
  35291. AssertNotNull(name = X509_NAME_new());
  35292. AssertIntNE(X509_NAME_add_entry_by_NID(name, NID_commonName, MBSTRING_UTF8,
  35293. (unsigned char*)"www.wolfssl.com", -1, -1, 0), 0);
  35294. AssertIntNE(X509_set_subject_name(x509, name), 0);
  35295. AssertIntNE(X509_set_issuer_name(x509, name), 0);
  35296. not_before = (long)XTIME(NULL);
  35297. not_after = not_before + (365 * 24 * 60 * 60);
  35298. AssertNotNull(X509_time_adj(X509_get_notBefore(x509), not_before, &epoch_off));
  35299. AssertNotNull(X509_time_adj(X509_get_notAfter(x509), not_after, &epoch_off));
  35300. AssertIntNE(X509_sign(x509, pkey, EVP_sha256()), 0);
  35301. BN_free(serial_number);
  35302. X509_NAME_free(name);
  35303. X509_free(x509);
  35304. }
  35305. #endif
  35306. static void test_openssl_generate_key_and_cert(void)
  35307. {
  35308. #if defined(OPENSSL_EXTRA)
  35309. #if !defined(NO_RSA)
  35310. {
  35311. EVP_PKEY* pkey = EVP_PKEY_new();
  35312. int key_length = 2048;
  35313. BIGNUM* exponent = BN_new();
  35314. RSA* rsa = RSA_new();
  35315. AssertNotNull(pkey);
  35316. AssertNotNull(exponent);
  35317. AssertNotNull(rsa);
  35318. AssertIntNE(BN_set_word(exponent, WC_RSA_EXPONENT), 0);
  35319. #ifndef WOLFSSL_KEY_GEN
  35320. AssertIntEQ(RSA_generate_key_ex(rsa, key_length, exponent, NULL), WOLFSSL_FAILURE);
  35321. #if defined(USE_CERT_BUFFERS_1024)
  35322. AssertIntNE(wolfSSL_RSA_LoadDer_ex(rsa, server_key_der_1024,
  35323. sizeof_server_key_der_1024, WOLFSSL_RSA_LOAD_PRIVATE), 0);
  35324. key_length = 1024;
  35325. #elif defined(USE_CERT_BUFFERS_2048)
  35326. AssertIntNE(wolfSSL_RSA_LoadDer_ex(rsa, server_key_der_2048,
  35327. sizeof_server_key_der_2048, WOLFSSL_RSA_LOAD_PRIVATE), 0);
  35328. #else
  35329. RSA_free(rsa);
  35330. rsa = NULL;
  35331. #endif
  35332. #else
  35333. AssertIntNE(RSA_generate_key_ex(rsa, key_length, exponent, NULL), 0);
  35334. #endif
  35335. if (rsa) {
  35336. AssertIntNE(EVP_PKEY_assign_RSA(pkey, rsa), 0);
  35337. BN_free(exponent);
  35338. #if !defined(NO_CERTS) && defined(WOLFSSL_CERT_GEN) && defined(WOLFSSL_CERT_REQ)
  35339. test_openssl_make_self_signed_certificate(pkey);
  35340. #endif
  35341. }
  35342. EVP_PKEY_free(pkey);
  35343. }
  35344. #endif /* !NO_RSA */
  35345. #ifdef HAVE_ECC
  35346. {
  35347. EVP_PKEY* pkey = EVP_PKEY_new();
  35348. EC_KEY* ec_key = EC_KEY_new_by_curve_name(NID_X9_62_prime256v1);
  35349. AssertNotNull(pkey);
  35350. AssertNotNull(ec_key);
  35351. #ifndef NO_WOLFSSL_STUB
  35352. EC_KEY_set_asn1_flag(ec_key, OPENSSL_EC_NAMED_CURVE);
  35353. #endif
  35354. AssertIntNE(EC_KEY_generate_key(ec_key), 0);
  35355. AssertIntNE(EVP_PKEY_assign_EC_KEY(pkey, ec_key), 0);
  35356. #if !defined(NO_CERTS) && defined(WOLFSSL_CERT_GEN) && defined(WOLFSSL_CERT_REQ)
  35357. test_openssl_make_self_signed_certificate(pkey);
  35358. #endif
  35359. EVP_PKEY_free(pkey);
  35360. }
  35361. #endif /* HAVE_ECC */
  35362. #endif /* OPENSSL_EXTRA */
  35363. }
  35364. static void test_stubs_are_stubs(void)
  35365. {
  35366. #if defined(OPENSSL_EXTRA) && !defined(NO_WOLFSSL_STUB)
  35367. WOLFSSL_CTX* ctx = NULL;
  35368. WOLFSSL_CTX* ctxN = NULL;
  35369. #ifndef NO_WOLFSSL_CLIENT
  35370. ctx = wolfSSL_CTX_new(wolfSSLv23_client_method());
  35371. AssertNotNull(ctx);
  35372. #elif !defined(NO_WOLFSSL_SERVER)
  35373. ctx = wolfSSL_CTX_new(wolfSSLv23_server_method());
  35374. AssertNotNull(ctx);
  35375. #else
  35376. return;
  35377. #endif
  35378. #define CHECKZERO_RET(x, y, z) AssertIntEQ((int) x(y), 0); \
  35379. AssertIntEQ((int) x(z), 0)
  35380. /* test logic, all stubs return same result regardless of ctx being NULL
  35381. * as there are no sanity checks, it's just a stub! If at some
  35382. * point a stub is not a stub it should begin to return BAD_FUNC_ARG
  35383. * if invalid inputs are supplied. Test calling both
  35384. * with and without valid inputs, if a stub functionality remains unchanged.
  35385. */
  35386. CHECKZERO_RET(wolfSSL_CTX_sess_accept, ctx, ctxN);
  35387. CHECKZERO_RET(wolfSSL_CTX_sess_connect, ctx, ctxN);
  35388. CHECKZERO_RET(wolfSSL_CTX_sess_accept_good, ctx, ctxN);
  35389. CHECKZERO_RET(wolfSSL_CTX_sess_connect_good, ctx, ctxN);
  35390. CHECKZERO_RET(wolfSSL_CTX_sess_accept_renegotiate, ctx, ctxN);
  35391. CHECKZERO_RET(wolfSSL_CTX_sess_connect_renegotiate, ctx, ctxN);
  35392. CHECKZERO_RET(wolfSSL_CTX_sess_hits, ctx, ctxN);
  35393. CHECKZERO_RET(wolfSSL_CTX_sess_cb_hits, ctx, ctxN);
  35394. CHECKZERO_RET(wolfSSL_CTX_sess_cache_full, ctx, ctxN);
  35395. CHECKZERO_RET(wolfSSL_CTX_sess_misses, ctx, ctxN);
  35396. CHECKZERO_RET(wolfSSL_CTX_sess_timeouts, ctx, ctxN);
  35397. wolfSSL_CTX_free(ctx);
  35398. ctx = NULL;
  35399. #endif /* OPENSSL_EXTRA && !NO_WOLFSSL_STUB */
  35400. }
  35401. static void test_CONF_modules_xxx(void)
  35402. {
  35403. #if defined(OPENSSL_EXTRA)
  35404. CONF_modules_free();
  35405. AssertTrue(1); /* to confirm previous call gives no harm */
  35406. CONF_modules_unload(0);
  35407. AssertTrue(1);
  35408. CONF_modules_unload(1);
  35409. AssertTrue(1);
  35410. CONF_modules_unload(-1);
  35411. AssertTrue(1);
  35412. #endif /* OPENSSL_EXTRA */
  35413. }
  35414. static void test_CRYPTO_set_dynlock_xxx(void)
  35415. {
  35416. #if defined(OPENSSL_EXTRA)
  35417. printf(testingFmt, "CRYPTO_set_dynlock_xxx()");
  35418. CRYPTO_set_dynlock_create_callback(
  35419. (struct CRYPTO_dynlock_value *(*)(const char*, int))NULL);
  35420. CRYPTO_set_dynlock_create_callback(
  35421. (struct CRYPTO_dynlock_value *(*)(const char*, int))1);
  35422. CRYPTO_set_dynlock_destroy_callback(
  35423. (void (*)(struct CRYPTO_dynlock_value*, const char*, int))NULL);
  35424. CRYPTO_set_dynlock_destroy_callback(
  35425. (void (*)(struct CRYPTO_dynlock_value*, const char*, int))1);
  35426. CRYPTO_set_dynlock_lock_callback(
  35427. (void (*)(int, struct CRYPTO_dynlock_value *, const char*, int))NULL);
  35428. CRYPTO_set_dynlock_lock_callback(
  35429. (void (*)(int, struct CRYPTO_dynlock_value *, const char*, int))1);
  35430. AssertTrue(1); /* to confirm previous call gives no harm */
  35431. printf(resultFmt, passed);
  35432. #endif /* OPENSSL_EXTRA */
  35433. }
  35434. static void test_CRYPTO_THREADID_xxx(void)
  35435. {
  35436. #if defined(OPENSSL_EXTRA)
  35437. printf(testingFmt, "CRYPTO_THREADID_xxx()");
  35438. CRYPTO_THREADID_current((CRYPTO_THREADID*)NULL);
  35439. CRYPTO_THREADID_current((CRYPTO_THREADID*)1);
  35440. AssertIntEQ(CRYPTO_THREADID_hash((const CRYPTO_THREADID*)NULL), 0);
  35441. printf(resultFmt, passed);
  35442. #endif /* OPENSSL_EXTRA */
  35443. }
  35444. static void test_ENGINE_cleanup(void)
  35445. {
  35446. #if defined(OPENSSL_EXTRA)
  35447. printf(testingFmt, "ENGINE_cleanup()");
  35448. ENGINE_cleanup();
  35449. AssertTrue(1); /* to confirm previous call gives no harm */
  35450. printf(resultFmt, passed);
  35451. #endif /* OPENSSL_EXTRA */
  35452. }
  35453. static void test_wolfSSL_CTX_LoadCRL(void)
  35454. {
  35455. #ifdef HAVE_CRL
  35456. WOLFSSL_CTX* ctx = NULL;
  35457. const char* badPath = "dummypath";
  35458. const char* validPath = "./certs/crl";
  35459. int derType = WOLFSSL_FILETYPE_ASN1;
  35460. int rawType = WOLFSSL_FILETYPE_RAW;
  35461. int pemType = WOLFSSL_FILETYPE_PEM;
  35462. int monitor = WOLFSSL_CRL_MONITOR;
  35463. #define FAIL_T1(x, y, z, p, d) AssertIntEQ((int) x(y, z, p, d), \
  35464. BAD_FUNC_ARG)
  35465. #define SUCC_T(x, y, z, p, d) AssertIntEQ((int) x(y, z, p, d), \
  35466. WOLFSSL_SUCCESS)
  35467. FAIL_T1(wolfSSL_CTX_LoadCRL, ctx, validPath, pemType, monitor);
  35468. #ifndef NO_WOLFSSL_CLIENT
  35469. AssertNotNull(ctx = wolfSSL_CTX_new(wolfSSLv23_client_method()));
  35470. #elif !defined(NO_WOLFSSL_SERVER)
  35471. AssertNotNull(ctx = wolfSSL_CTX_new(wolfSSLv23_server_method()));
  35472. #else
  35473. return;
  35474. #endif
  35475. SUCC_T (wolfSSL_CTX_LoadCRL, ctx, validPath, pemType, monitor);
  35476. SUCC_T (wolfSSL_CTX_LoadCRL, ctx, badPath, pemType, monitor);
  35477. SUCC_T (wolfSSL_CTX_LoadCRL, ctx, badPath, derType, monitor);
  35478. SUCC_T (wolfSSL_CTX_LoadCRL, ctx, badPath, rawType, monitor);
  35479. wolfSSL_CTX_free(ctx);
  35480. ctx = NULL;
  35481. #endif
  35482. }
  35483. static void test_SetTmpEC_DHE_Sz(void)
  35484. {
  35485. #if defined(HAVE_ECC) && !defined(NO_WOLFSSL_CLIENT)
  35486. WOLFSSL_CTX *ctx;
  35487. WOLFSSL *ssl;
  35488. ctx = wolfSSL_CTX_new(wolfSSLv23_client_method());
  35489. AssertNotNull(ctx);
  35490. AssertIntEQ(WOLFSSL_SUCCESS, wolfSSL_CTX_SetTmpEC_DHE_Sz(ctx, 32));
  35491. ssl = wolfSSL_new(ctx);
  35492. AssertNotNull(ssl);
  35493. AssertIntEQ(WOLFSSL_SUCCESS, wolfSSL_SetTmpEC_DHE_Sz(ssl, 32));
  35494. wolfSSL_free(ssl);
  35495. wolfSSL_CTX_free(ctx);
  35496. #endif
  35497. }
  35498. static void test_wolfSSL_dtls_set_mtu(void)
  35499. {
  35500. #if (defined(WOLFSSL_DTLS_MTU) || defined(WOLFSSL_SCTP)) && \
  35501. defined(WOLFSSL_DTLS)
  35502. WOLFSSL_CTX* ctx = NULL;
  35503. WOLFSSL* ssl = NULL;
  35504. const char* testCertFile;
  35505. const char* testKeyFile;
  35506. AssertNotNull(ctx = wolfSSL_CTX_new(wolfDTLSv1_2_server_method()));
  35507. #ifndef NO_RSA
  35508. testCertFile = svrCertFile;
  35509. testKeyFile = svrKeyFile;
  35510. #elif defined(HAVE_ECC)
  35511. testCertFile = eccCertFile;
  35512. testKeyFile = eccKeyFile;
  35513. #endif
  35514. if (testCertFile != NULL && testKeyFile != NULL) {
  35515. AssertTrue(wolfSSL_CTX_use_certificate_file(ctx, testCertFile,
  35516. WOLFSSL_FILETYPE_PEM));
  35517. AssertTrue(wolfSSL_CTX_use_PrivateKey_file(ctx, testKeyFile,
  35518. WOLFSSL_FILETYPE_PEM));
  35519. }
  35520. AssertNotNull(ssl = wolfSSL_new(ctx));
  35521. AssertIntEQ(wolfSSL_CTX_dtls_set_mtu(NULL, 1488), BAD_FUNC_ARG);
  35522. AssertIntEQ(wolfSSL_dtls_set_mtu(NULL, 1488), BAD_FUNC_ARG);
  35523. AssertIntEQ(wolfSSL_CTX_dtls_set_mtu(ctx, 20000), BAD_FUNC_ARG);
  35524. AssertIntEQ(wolfSSL_dtls_set_mtu(ssl, 20000), WOLFSSL_FAILURE);
  35525. AssertIntEQ(wolfSSL_get_error(ssl, WOLFSSL_FAILURE), BAD_FUNC_ARG);
  35526. AssertIntEQ(wolfSSL_CTX_dtls_set_mtu(ctx, 1488), WOLFSSL_SUCCESS);
  35527. AssertIntEQ(wolfSSL_dtls_set_mtu(ssl, 1488), WOLFSSL_SUCCESS);
  35528. wolfSSL_free(ssl);
  35529. wolfSSL_CTX_free(ctx);
  35530. printf(testingFmt, "wolfSSL_dtls_set_mtu()");
  35531. printf(resultFmt, passed);
  35532. #endif
  35533. }
  35534. #if !defined(NO_RSA) && !defined(NO_SHA) && !defined(NO_FILESYSTEM) && \
  35535. !defined(NO_CERTS) && (!defined(NO_WOLFSSL_CLIENT) || \
  35536. !defined(WOLFSSL_NO_CLIENT_AUTH))
  35537. static int load_ca_into_cm(WOLFSSL_CERT_MANAGER* cm, char* certA)
  35538. {
  35539. int ret;
  35540. if ((ret = wolfSSL_CertManagerLoadCA(cm, certA, 0)) != WOLFSSL_SUCCESS) {
  35541. printf("loading cert %s failed\n", certA);
  35542. printf("Error: (%d): %s\n", ret, wolfSSL_ERR_reason_error_string(ret));
  35543. return -1;
  35544. }
  35545. return 0;
  35546. }
  35547. static int verify_cert_with_cm(WOLFSSL_CERT_MANAGER* cm, char* certA)
  35548. {
  35549. int ret;
  35550. if ((ret = wolfSSL_CertManagerVerify(cm, certA, WOLFSSL_FILETYPE_PEM))
  35551. != WOLFSSL_SUCCESS) {
  35552. printf("could not verify the cert: %s\n", certA);
  35553. printf("Error: (%d): %s\n", ret, wolfSSL_ERR_reason_error_string(ret));
  35554. return -1;
  35555. } else {
  35556. printf("successfully verified: %s\n", certA);
  35557. }
  35558. return 0;
  35559. }
  35560. #define LOAD_ONE_CA(a, b, c, d) \
  35561. do { \
  35562. a = load_ca_into_cm(c, d); \
  35563. if (a != 0) \
  35564. return b; \
  35565. else \
  35566. b--; \
  35567. } while(0)
  35568. #define VERIFY_ONE_CERT(a, b, c, d) \
  35569. do { \
  35570. a = verify_cert_with_cm(c, d); \
  35571. if (a != 0) \
  35572. return b; \
  35573. else \
  35574. b--; \
  35575. } while(0)
  35576. static int test_chainG(WOLFSSL_CERT_MANAGER* cm)
  35577. {
  35578. int ret;
  35579. int i = -1;
  35580. /* Chain G is a valid chain per RFC 5280 section 4.2.1.9 */
  35581. char chainGArr[9][50] = {"certs/ca-cert.pem",
  35582. "certs/test-pathlen/chainG-ICA7-pathlen100.pem",
  35583. "certs/test-pathlen/chainG-ICA6-pathlen10.pem",
  35584. "certs/test-pathlen/chainG-ICA5-pathlen20.pem",
  35585. "certs/test-pathlen/chainG-ICA4-pathlen5.pem",
  35586. "certs/test-pathlen/chainG-ICA3-pathlen99.pem",
  35587. "certs/test-pathlen/chainG-ICA2-pathlen1.pem",
  35588. "certs/test-pathlen/chainG-ICA1-pathlen0.pem",
  35589. "certs/test-pathlen/chainG-entity.pem"};
  35590. LOAD_ONE_CA(ret, i, cm, chainGArr[0]); /* if failure, i = -1 here */
  35591. LOAD_ONE_CA(ret, i, cm, chainGArr[1]); /* if failure, i = -2 here */
  35592. LOAD_ONE_CA(ret, i, cm, chainGArr[2]); /* if failure, i = -3 here */
  35593. LOAD_ONE_CA(ret, i, cm, chainGArr[3]); /* if failure, i = -4 here */
  35594. LOAD_ONE_CA(ret, i, cm, chainGArr[4]); /* if failure, i = -5 here */
  35595. LOAD_ONE_CA(ret, i, cm, chainGArr[5]); /* if failure, i = -6 here */
  35596. LOAD_ONE_CA(ret, i, cm, chainGArr[6]); /* if failure, i = -7 here */
  35597. LOAD_ONE_CA(ret, i, cm, chainGArr[7]); /* if failure, i = -8 here */
  35598. VERIFY_ONE_CERT(ret, i, cm, chainGArr[1]); /* if failure, i = -9 here */
  35599. VERIFY_ONE_CERT(ret, i, cm, chainGArr[2]); /* if failure, i = -10 here */
  35600. VERIFY_ONE_CERT(ret, i, cm, chainGArr[3]); /* if failure, i = -11 here */
  35601. VERIFY_ONE_CERT(ret, i, cm, chainGArr[4]); /* if failure, i = -12 here */
  35602. VERIFY_ONE_CERT(ret, i, cm, chainGArr[5]); /* if failure, i = -13 here */
  35603. VERIFY_ONE_CERT(ret, i, cm, chainGArr[6]); /* if failure, i = -14 here */
  35604. VERIFY_ONE_CERT(ret, i, cm, chainGArr[7]); /* if failure, i = -15 here */
  35605. VERIFY_ONE_CERT(ret, i, cm, chainGArr[8]); /* if failure, i = -16 here */
  35606. /* test validating the entity twice, should have no effect on pathLen since
  35607. * entity/leaf cert */
  35608. VERIFY_ONE_CERT(ret, i, cm, chainGArr[8]); /* if failure, i = -17 here */
  35609. return ret;
  35610. }
  35611. static int test_chainH(WOLFSSL_CERT_MANAGER* cm)
  35612. {
  35613. int ret;
  35614. int i = -1;
  35615. /* Chain H is NOT a valid chain per RFC5280 section 4.2.1.9:
  35616. * ICA4-pathlen of 2 signing ICA3-pathlen of 2 (reduce max path len to 2)
  35617. * ICA3-pathlen of 2 signing ICA2-pathlen of 2 (reduce max path len to 1)
  35618. * ICA2-pathlen of 2 signing ICA1-pathlen of 0 (reduce max path len to 0)
  35619. * ICA1-pathlen of 0 signing entity (pathlen is already 0, ERROR)
  35620. * Test should successfully verify ICA4, ICA3, ICA2 and then fail on ICA1
  35621. */
  35622. char chainHArr[6][50] = {"certs/ca-cert.pem",
  35623. "certs/test-pathlen/chainH-ICA4-pathlen2.pem",
  35624. "certs/test-pathlen/chainH-ICA3-pathlen2.pem",
  35625. "certs/test-pathlen/chainH-ICA2-pathlen2.pem",
  35626. "certs/test-pathlen/chainH-ICA1-pathlen0.pem",
  35627. "certs/test-pathlen/chainH-entity.pem"};
  35628. LOAD_ONE_CA(ret, i, cm, chainHArr[0]); /* if failure, i = -1 here */
  35629. LOAD_ONE_CA(ret, i, cm, chainHArr[1]); /* if failure, i = -2 here */
  35630. LOAD_ONE_CA(ret, i, cm, chainHArr[2]); /* if failure, i = -3 here */
  35631. LOAD_ONE_CA(ret, i, cm, chainHArr[3]); /* if failure, i = -4 here */
  35632. LOAD_ONE_CA(ret, i, cm, chainHArr[4]); /* if failure, i = -5 here */
  35633. VERIFY_ONE_CERT(ret, i, cm, chainHArr[1]); /* if failure, i = -6 here */
  35634. VERIFY_ONE_CERT(ret, i, cm, chainHArr[2]); /* if failure, i = -7 here */
  35635. VERIFY_ONE_CERT(ret, i, cm, chainHArr[3]); /* if failure, i = -8 here */
  35636. VERIFY_ONE_CERT(ret, i, cm, chainHArr[4]); /* if failure, i = -9 here */
  35637. VERIFY_ONE_CERT(ret, i, cm, chainHArr[5]); /* if failure, i = -10 here */
  35638. return ret;
  35639. }
  35640. static int test_chainI(WOLFSSL_CERT_MANAGER* cm)
  35641. {
  35642. int ret;
  35643. int i = -1;
  35644. /* Chain I is a valid chain per RFC5280 section 4.2.1.9:
  35645. * ICA3-pathlen of 2 signing ICA2 without a pathlen (reduce maxPathLen to 2)
  35646. * ICA2-no_pathlen signing ICA1-no_pathlen (reduce maxPathLen to 1)
  35647. * ICA1-no_pathlen signing entity (reduce maxPathLen to 0)
  35648. * Test should successfully verify ICA4, ICA3, ICA2 and then fail on ICA1
  35649. */
  35650. char chainIArr[5][50] = {"certs/ca-cert.pem",
  35651. "certs/test-pathlen/chainI-ICA3-pathlen2.pem",
  35652. "certs/test-pathlen/chainI-ICA2-no_pathlen.pem",
  35653. "certs/test-pathlen/chainI-ICA1-no_pathlen.pem",
  35654. "certs/test-pathlen/chainI-entity.pem"};
  35655. LOAD_ONE_CA(ret, i, cm, chainIArr[0]); /* if failure, i = -1 here */
  35656. LOAD_ONE_CA(ret, i, cm, chainIArr[1]); /* if failure, i = -2 here */
  35657. LOAD_ONE_CA(ret, i, cm, chainIArr[2]); /* if failure, i = -3 here */
  35658. LOAD_ONE_CA(ret, i, cm, chainIArr[3]); /* if failure, i = -4 here */
  35659. VERIFY_ONE_CERT(ret, i, cm, chainIArr[1]); /* if failure, i = -5 here */
  35660. VERIFY_ONE_CERT(ret, i, cm, chainIArr[2]); /* if failure, i = -6 here */
  35661. VERIFY_ONE_CERT(ret, i, cm, chainIArr[3]); /* if failure, i = -7 here */
  35662. VERIFY_ONE_CERT(ret, i, cm, chainIArr[4]); /* if failure, i = -8 here */
  35663. return ret;
  35664. }
  35665. static int test_chainJ(WOLFSSL_CERT_MANAGER* cm)
  35666. {
  35667. int ret;
  35668. int i = -1;
  35669. /* Chain J is NOT a valid chain per RFC5280 section 4.2.1.9:
  35670. * ICA4-pathlen of 2 signing ICA3 without a pathlen (reduce maxPathLen to 2)
  35671. * ICA3-pathlen of 2 signing ICA2 without a pathlen (reduce maxPathLen to 1)
  35672. * ICA2-no_pathlen signing ICA1-no_pathlen (reduce maxPathLen to 0)
  35673. * ICA1-no_pathlen signing entity (ERROR, pathlen zero and non-leaf cert)
  35674. */
  35675. char chainJArr[6][50] = {"certs/ca-cert.pem",
  35676. "certs/test-pathlen/chainJ-ICA4-pathlen2.pem",
  35677. "certs/test-pathlen/chainJ-ICA3-no_pathlen.pem",
  35678. "certs/test-pathlen/chainJ-ICA2-no_pathlen.pem",
  35679. "certs/test-pathlen/chainJ-ICA1-no_pathlen.pem",
  35680. "certs/test-pathlen/chainJ-entity.pem"};
  35681. LOAD_ONE_CA(ret, i, cm, chainJArr[0]); /* if failure, i = -1 here */
  35682. LOAD_ONE_CA(ret, i, cm, chainJArr[1]); /* if failure, i = -2 here */
  35683. LOAD_ONE_CA(ret, i, cm, chainJArr[2]); /* if failure, i = -3 here */
  35684. LOAD_ONE_CA(ret, i, cm, chainJArr[3]); /* if failure, i = -4 here */
  35685. LOAD_ONE_CA(ret, i, cm, chainJArr[4]); /* if failure, i = -5 here */
  35686. VERIFY_ONE_CERT(ret, i, cm, chainJArr[1]); /* if failure, i = -6 here */
  35687. VERIFY_ONE_CERT(ret, i, cm, chainJArr[2]); /* if failure, i = -7 here */
  35688. VERIFY_ONE_CERT(ret, i, cm, chainJArr[3]); /* if failure, i = -8 here */
  35689. VERIFY_ONE_CERT(ret, i, cm, chainJArr[4]); /* if failure, i = -9 here */
  35690. VERIFY_ONE_CERT(ret, i, cm, chainJArr[5]); /* if failure, i = -10 here */
  35691. return ret;
  35692. }
  35693. static int test_various_pathlen_chains(void)
  35694. {
  35695. int ret;
  35696. WOLFSSL_CERT_MANAGER* cm;
  35697. /* Test chain G (large chain with varying pathLens) */
  35698. if ((cm = wolfSSL_CertManagerNew()) == NULL) {
  35699. printf("cert manager new failed\n");
  35700. return -1;
  35701. }
  35702. AssertIntEQ(test_chainG(cm), 0);
  35703. ret = wolfSSL_CertManagerUnloadCAs(cm);
  35704. if (ret != WOLFSSL_SUCCESS)
  35705. return -1;
  35706. wolfSSL_CertManagerFree(cm);
  35707. /* end test chain G */
  35708. /* Test chain H (5 chain with same pathLens) */
  35709. if ((cm = wolfSSL_CertManagerNew()) == NULL) {
  35710. printf("cert manager new failed\n");
  35711. return -1;
  35712. }
  35713. AssertIntLT(test_chainH(cm), 0);
  35714. wolfSSL_CertManagerUnloadCAs(cm);
  35715. wolfSSL_CertManagerFree(cm);
  35716. if ((cm = wolfSSL_CertManagerNew()) == NULL) {
  35717. printf("cert manager new failed\n");
  35718. return -1;
  35719. }
  35720. ret = wolfSSL_CertManagerUnloadCAs(cm);
  35721. if (ret != WOLFSSL_SUCCESS)
  35722. return -1;
  35723. wolfSSL_CertManagerFree(cm);
  35724. /* end test chain H */
  35725. /* Test chain I (only first ICA has pathLen set and it's set to 2,
  35726. * followed by 2 ICA's, should pass) */
  35727. if ((cm = wolfSSL_CertManagerNew()) == NULL) {
  35728. printf("cert manager new failed\n");
  35729. return -1;
  35730. }
  35731. AssertIntEQ(test_chainI(cm), 0);
  35732. wolfSSL_CertManagerUnloadCAs(cm);
  35733. wolfSSL_CertManagerFree(cm);
  35734. if ((cm = wolfSSL_CertManagerNew()) == NULL) {
  35735. printf("cert manager new failed\n");
  35736. return -1;
  35737. }
  35738. ret = wolfSSL_CertManagerUnloadCAs(cm);
  35739. if (ret != WOLFSSL_SUCCESS)
  35740. return -1;
  35741. wolfSSL_CertManagerFree(cm);
  35742. /* Test chain J (Again only first ICA has pathLen set and it's set to 2,
  35743. * this time followed by 3 ICA's, should fail */
  35744. if ((cm = wolfSSL_CertManagerNew()) == NULL) {
  35745. printf("cert manager new failed\n");
  35746. return -1;
  35747. }
  35748. AssertIntLT(test_chainJ(cm), 0);
  35749. wolfSSL_CertManagerUnloadCAs(cm);
  35750. wolfSSL_CertManagerFree(cm);
  35751. if ((cm = wolfSSL_CertManagerNew()) == NULL) {
  35752. printf("cert manager new failed\n");
  35753. return -1;
  35754. }
  35755. ret = wolfSSL_CertManagerUnloadCAs(cm);
  35756. wolfSSL_CertManagerFree(cm);
  35757. return ret;
  35758. }
  35759. #endif /* !NO_RSA && !NO_SHA && !NO_FILESYSTEM && !NO_CERTS */
  35760. #ifdef HAVE_KEYING_MATERIAL
  35761. static int test_export_keying_material_cb(WOLFSSL_CTX *ctx, WOLFSSL *ssl)
  35762. {
  35763. byte ekm[100] = {0};
  35764. (void)ctx;
  35765. /* Succes Cases */
  35766. AssertIntEQ(wolfSSL_export_keying_material(ssl, ekm, sizeof(ekm),
  35767. "Test label", XSTR_SIZEOF("Test label"), NULL, 0, 0), 1);
  35768. AssertIntEQ(wolfSSL_export_keying_material(ssl, ekm, sizeof(ekm),
  35769. "Test label", XSTR_SIZEOF("Test label"), NULL, 0, 1), 1);
  35770. /* Use some random context */
  35771. AssertIntEQ(wolfSSL_export_keying_material(ssl, ekm, sizeof(ekm),
  35772. "Test label", XSTR_SIZEOF("Test label"), ekm, 10, 1), 1);
  35773. /* Failure cases */
  35774. AssertIntEQ(wolfSSL_export_keying_material(ssl, ekm, sizeof(ekm),
  35775. "client finished", XSTR_SIZEOF("client finished"), NULL, 0, 0), 0);
  35776. AssertIntEQ(wolfSSL_export_keying_material(ssl, ekm, sizeof(ekm),
  35777. "server finished", XSTR_SIZEOF("server finished"), NULL, 0, 0), 0);
  35778. AssertIntEQ(wolfSSL_export_keying_material(ssl, ekm, sizeof(ekm),
  35779. "master secret", XSTR_SIZEOF("master secret"), NULL, 0, 0), 0);
  35780. AssertIntEQ(wolfSSL_export_keying_material(ssl, ekm, sizeof(ekm),
  35781. "extended master secret", XSTR_SIZEOF("extended master secret"), NULL, 0, 0), 0);
  35782. AssertIntEQ(wolfSSL_export_keying_material(ssl, ekm, sizeof(ekm),
  35783. "key expansion", XSTR_SIZEOF("key expansion"), NULL, 0, 0), 0);
  35784. return 0;
  35785. }
  35786. static void test_export_keying_material_ssl_cb(WOLFSSL* ssl)
  35787. {
  35788. wolfSSL_KeepArrays(ssl);
  35789. }
  35790. static void test_export_keying_material(void)
  35791. {
  35792. #ifndef SINGLE_THREADED
  35793. tcp_ready ready;
  35794. callback_functions clientCb;
  35795. func_args client_args;
  35796. func_args server_args;
  35797. THREAD_TYPE serverThread;
  35798. XMEMSET(&client_args, 0, sizeof(func_args));
  35799. XMEMSET(&server_args, 0, sizeof(func_args));
  35800. XMEMSET(&clientCb, 0, sizeof(callback_functions));
  35801. #ifdef WOLFSSL_TIRTOS
  35802. fdOpenSession(Task_self());
  35803. #endif
  35804. StartTCP();
  35805. InitTcpReady(&ready);
  35806. #if defined(USE_WINDOWS_API)
  35807. /* use RNG to get random port if using windows */
  35808. ready.port = GetRandomPort();
  35809. #endif
  35810. server_args.signal = &ready;
  35811. client_args.signal = &ready;
  35812. clientCb.ssl_ready = test_export_keying_material_ssl_cb;
  35813. client_args.callbacks = &clientCb;
  35814. start_thread(test_server_nofail, &server_args, &serverThread);
  35815. wait_tcp_ready(&server_args);
  35816. test_client_nofail(&client_args, (void*)test_export_keying_material_cb);
  35817. join_thread(serverThread);
  35818. AssertTrue(client_args.return_code);
  35819. AssertTrue(server_args.return_code);
  35820. FreeTcpReady(&ready);
  35821. #ifdef WOLFSSL_TIRTOS
  35822. fdOpenSession(Task_self());
  35823. #endif
  35824. #endif /* !SINGLE_THREADED */
  35825. }
  35826. #endif /* HAVE_KEYING_MATERIAL */
  35827. static int test_wolfSSL_THREADID_hash(void)
  35828. {
  35829. int ret = 0;
  35830. WOLFSSL_CRYPTO_THREADID id;
  35831. unsigned long res;
  35832. #if defined(OPENSSL_EXTRA)
  35833. printf(testingFmt, "wolfSSL_THREADID_hash");
  35834. res = wolfSSL_THREADID_hash(NULL);
  35835. AssertTrue( res == 0UL);
  35836. res = wolfSSL_THREADID_hash(&id);
  35837. AssertTrue( res == 0UL);
  35838. printf(resultFmt, passed);
  35839. #endif /* OPENSSL_EXTRA */
  35840. (void)id;
  35841. (void)res;
  35842. return ret;
  35843. }
  35844. static int test_wolfSSL_CTX_set_ecdh_auto(void)
  35845. {
  35846. int ret = 0;
  35847. WOLFSSL_CTX* ctx = NULL;
  35848. #if defined(OPENSSL_EXTRA)
  35849. printf(testingFmt, "SSL_CTX_set_ecdh_auto");
  35850. AssertIntEQ( SSL_CTX_set_ecdh_auto(NULL,0),1);
  35851. AssertIntEQ( SSL_CTX_set_ecdh_auto(NULL,1),1);
  35852. AssertIntEQ( SSL_CTX_set_ecdh_auto(ctx,0),1);
  35853. AssertIntEQ( SSL_CTX_set_ecdh_auto(ctx,1),1);
  35854. printf(resultFmt, passed);
  35855. #endif /* OPENSSL_EXTRA */
  35856. (void)ctx;
  35857. return ret;
  35858. }
  35859. static void test_wolfSSL_CTX_get_min_proto_version(void)
  35860. {
  35861. #if defined(OPENSSL_EXTRA) || defined(OPENSSL_ALL)
  35862. WOLFSSL_CTX *ctx;
  35863. printf(testingFmt, "wolfSSL_CTX_get_min_proto_version()");
  35864. #ifndef NO_OLD_TLS
  35865. #ifdef WOLFSSL_ALLOW_SSLV3
  35866. #ifdef NO_WOLFSSL_SERVER
  35867. AssertNotNull(ctx = wolfSSL_CTX_new(wolfSSLv23_client_method()));
  35868. #else
  35869. AssertNotNull(ctx = wolfSSL_CTX_new(wolfSSLv23_server_method()));
  35870. #endif
  35871. AssertIntEQ(wolfSSL_CTX_set_min_proto_version(ctx, SSL3_VERSION), WOLFSSL_SUCCESS);
  35872. AssertIntEQ(wolfSSL_CTX_get_min_proto_version(ctx), SSL3_VERSION);
  35873. wolfSSL_CTX_free(ctx);
  35874. #endif
  35875. #ifdef WOLFSSL_ALLOW_TLSV10
  35876. #ifdef NO_WOLFSSL_SERVER
  35877. AssertNotNull(ctx = wolfSSL_CTX_new(wolfTLSv1_client_method()));
  35878. #else
  35879. AssertNotNull(ctx = wolfSSL_CTX_new(wolfTLSv1_server_method()));
  35880. #endif
  35881. AssertIntEQ(wolfSSL_CTX_set_min_proto_version(ctx, TLS1_VERSION), WOLFSSL_SUCCESS);
  35882. AssertIntEQ(wolfSSL_CTX_get_min_proto_version(ctx), TLS1_VERSION);
  35883. wolfSSL_CTX_free(ctx);
  35884. #endif
  35885. #ifdef NO_WOLFSSL_SERVER
  35886. AssertNotNull(ctx = wolfSSL_CTX_new(wolfTLSv1_1_client_method()));
  35887. #else
  35888. AssertNotNull(ctx = wolfSSL_CTX_new(wolfTLSv1_1_server_method()));
  35889. #endif
  35890. AssertIntEQ(wolfSSL_CTX_set_min_proto_version(ctx, TLS1_1_VERSION), WOLFSSL_SUCCESS);
  35891. AssertIntEQ(wolfSSL_CTX_get_min_proto_version(ctx), TLS1_1_VERSION);
  35892. wolfSSL_CTX_free(ctx);
  35893. #endif
  35894. #ifndef WOLFSSL_NO_TLS12
  35895. #ifdef NO_WOLFSSL_SERVER
  35896. AssertNotNull(ctx = wolfSSL_CTX_new(wolfTLSv1_2_client_method()));
  35897. #else
  35898. AssertNotNull(ctx = wolfSSL_CTX_new(wolfTLSv1_2_server_method()));
  35899. #endif
  35900. AssertIntEQ(wolfSSL_CTX_set_min_proto_version(ctx, TLS1_2_VERSION), WOLFSSL_SUCCESS);
  35901. AssertIntEQ(wolfSSL_CTX_get_min_proto_version(ctx), TLS1_2_VERSION);
  35902. wolfSSL_CTX_free(ctx);
  35903. #endif
  35904. #ifdef WOLFSSL_TLS13
  35905. #ifdef NO_WOLFSSL_SERVER
  35906. AssertNotNull(ctx = wolfSSL_CTX_new(wolfTLSv1_3_client_method()));
  35907. #else
  35908. AssertNotNull(ctx = wolfSSL_CTX_new(wolfTLSv1_3_server_method()));
  35909. #endif
  35910. AssertIntEQ(wolfSSL_CTX_set_min_proto_version(ctx, TLS1_3_VERSION), WOLFSSL_SUCCESS);
  35911. AssertIntEQ(wolfSSL_CTX_get_min_proto_version(ctx), TLS1_3_VERSION);
  35912. wolfSSL_CTX_free(ctx);
  35913. #endif
  35914. printf(resultFmt, passed);
  35915. #endif /* defined(OPENSSL_EXTRA) || defined(OPENSSL_ALL) */
  35916. }
  35917. /*----------------------------------------------------------------------------*
  35918. | Main
  35919. *----------------------------------------------------------------------------*/
  35920. void ApiTest(void)
  35921. {
  35922. printf("\n-----------------Porting tests------------------\n");
  35923. AssertTrue(test_fileAccess());
  35924. printf(" Begin API Tests\n");
  35925. AssertIntEQ(test_wolfSSL_Init(), WOLFSSL_SUCCESS);
  35926. /* wolfcrypt initialization tests */
  35927. test_wolfSSL_Method_Allocators();
  35928. #ifndef NO_WOLFSSL_SERVER
  35929. test_wolfSSL_CTX_new(wolfSSLv23_server_method());
  35930. #endif
  35931. #if (!defined(NO_WOLFSSL_CLIENT) || !defined(NO_WOLFSSL_SERVER)) && \
  35932. (!defined(NO_RSA) || defined(HAVE_ECC))
  35933. test_for_double_Free();
  35934. #endif
  35935. test_wolfSSL_CTX_use_certificate_file();
  35936. AssertIntEQ(test_wolfSSL_CTX_use_certificate_buffer(), WOLFSSL_SUCCESS);
  35937. test_wolfSSL_CTX_use_PrivateKey_file();
  35938. test_wolfSSL_CTX_load_verify_locations();
  35939. test_wolfSSL_CertManagerLoadCABuffer();
  35940. test_wolfSSL_CertManagerGetCerts();
  35941. test_wolfSSL_CertManagerSetVerify();
  35942. test_wolfSSL_CertManagerNameConstraint();
  35943. test_wolfSSL_CertManagerNameConstraint2();
  35944. test_wolfSSL_CertManagerCRL();
  35945. test_wolfSSL_CTX_load_verify_locations_ex();
  35946. test_wolfSSL_CTX_load_verify_buffer_ex();
  35947. test_wolfSSL_CTX_load_verify_chain_buffer_format();
  35948. test_wolfSSL_CTX_use_certificate_chain_file_format();
  35949. test_wolfSSL_CTX_trust_peer_cert();
  35950. test_wolfSSL_CTX_SetTmpDH_file();
  35951. test_wolfSSL_CTX_SetTmpDH_buffer();
  35952. test_wolfSSL_CTX_SetMinMaxDhKey_Sz();
  35953. test_wolfSSL_CTX_der_load_verify_locations();
  35954. test_wolfSSL_CTX_enable_disable();
  35955. test_wolfSSL_CTX_ticket_API();
  35956. test_server_wolfSSL_new();
  35957. test_client_wolfSSL_new();
  35958. test_wolfSSL_SetTmpDH_file();
  35959. test_wolfSSL_SetTmpDH_buffer();
  35960. test_wolfSSL_SetMinMaxDhKey_Sz();
  35961. test_SetTmpEC_DHE_Sz();
  35962. test_wolfSSL_dtls_set_mtu();
  35963. #if !defined(NO_WOLFSSL_CLIENT) && !defined(NO_WOLFSSL_SERVER) && \
  35964. defined(HAVE_IO_TESTS_DEPENDENCIES)
  35965. test_wolfSSL_read_write();
  35966. #if defined(OPENSSL_EXTRA) && !defined(NO_SESSION_CACHE) && !defined(WOLFSSL_TLS13)
  35967. test_wolfSSL_reuse_WOLFSSLobj();
  35968. #endif
  35969. test_wolfSSL_dtls_export();
  35970. #endif
  35971. AssertIntEQ(test_wolfSSL_SetMinVersion(), WOLFSSL_SUCCESS);
  35972. AssertIntEQ(test_wolfSSL_CTX_SetMinVersion(), WOLFSSL_SUCCESS);
  35973. /* TLS extensions tests */
  35974. #ifdef HAVE_IO_TESTS_DEPENDENCIES
  35975. test_wolfSSL_UseSNI();
  35976. #endif
  35977. test_wolfSSL_UseTrustedCA();
  35978. test_wolfSSL_UseMaxFragment();
  35979. test_wolfSSL_UseTruncatedHMAC();
  35980. test_wolfSSL_UseSupportedCurve();
  35981. test_wolfSSL_UseALPN();
  35982. test_wolfSSL_DisableExtendedMasterSecret();
  35983. test_wolfSSL_wolfSSL_UseSecureRenegotiation();
  35984. /* X509 tests */
  35985. test_wolfSSL_X509_NAME_get_entry();
  35986. test_wolfSSL_PKCS12();
  35987. test_wolfSSL_no_password_cb();
  35988. test_wolfSSL_PKCS8();
  35989. test_wolfSSL_PKCS8_ED25519();
  35990. test_wolfSSL_PKCS8_ED448();
  35991. test_wolfSSL_PKCS5();
  35992. test_wolfSSL_URI();
  35993. test_wolfSSL_TBS();
  35994. test_wolfSSL_X509_verify();
  35995. test_wolfSSL_X509_TLS_version();
  35996. test_wc_PemToDer();
  35997. test_wc_AllocDer();
  35998. test_wc_CertPemToDer();
  35999. test_wc_PubKeyPemToDer();
  36000. test_wc_PemPubKeyToDer();
  36001. /*OCSP Stapling. */
  36002. AssertIntEQ(test_wolfSSL_UseOCSPStapling(), WOLFSSL_SUCCESS);
  36003. AssertIntEQ(test_wolfSSL_UseOCSPStaplingV2(), WOLFSSL_SUCCESS);
  36004. /* Multicast */
  36005. test_wolfSSL_mcast();
  36006. /* compatibility tests */
  36007. test_wolfSSL_lhash();
  36008. test_wolfSSL_X509_NAME();
  36009. #ifndef NO_BIO
  36010. test_wolfSSL_X509_INFO();
  36011. #endif
  36012. test_wolfSSL_X509_subject_name_hash();
  36013. test_wolfSSL_X509_issuer_name_hash();
  36014. test_wolfSSL_X509_check_host();
  36015. test_wolfSSL_DES();
  36016. test_wolfSSL_certs();
  36017. test_wolfSSL_X509_check_private_key();
  36018. test_wolfSSL_ASN1_TIME_print();
  36019. test_wolfSSL_ASN1_UTCTIME_print();
  36020. test_wolfSSL_ASN1_GENERALIZEDTIME_free();
  36021. test_wolfSSL_private_keys();
  36022. test_wolfSSL_PEM_PrivateKey();
  36023. #ifndef NO_BIO
  36024. test_wolfSSL_PEM_bio_RSAKey();
  36025. test_wolfSSL_PEM_bio_DSAKey();
  36026. test_wolfSSL_PEM_bio_ECKey();
  36027. test_wolfSSL_PEM_RSAPrivateKey();
  36028. test_wolfSSL_PEM_PUBKEY();
  36029. #endif
  36030. test_DSA_do_sign_verify();
  36031. test_wolfSSL_tmp_dh();
  36032. test_wolfSSL_ctrl();
  36033. test_wolfSSL_EVP_MD_size();
  36034. test_wolfSSL_EVP_Digest();
  36035. test_wolfSSL_EVP_PKEY_new_mac_key();
  36036. test_wolfSSL_EVP_MD_hmac_signing();
  36037. test_wolfSSL_EVP_MD_rsa_signing();
  36038. test_wolfSSL_EVP_MD_ecc_signing();
  36039. test_wolfSSL_CTX_add_extra_chain_cert();
  36040. #if !defined(NO_WOLFSSL_CLIENT) && !defined(NO_WOLFSSL_SERVER)
  36041. test_wolfSSL_ERR_peek_last_error_line();
  36042. #endif
  36043. #ifndef NO_BIO
  36044. test_wolfSSL_ERR_print_errors_cb();
  36045. AssertFalse(test_wolfSSL_GetLoggingCb());
  36046. AssertFalse(test_WOLFSSL_ERROR_MSG());
  36047. AssertFalse(test_wc_ERR_remove_state());
  36048. AssertFalse(test_wc_ERR_print_errors_fp());
  36049. #endif
  36050. test_wolfSSL_set_options();
  36051. test_wolfSSL_sk_SSL_CIPHER();
  36052. test_wolfSSL_PKCS7_certs();
  36053. test_wolfSSL_X509_STORE_CTX();
  36054. test_wolfSSL_X509_STORE_CTX_get0_current_issuer();
  36055. test_wolfSSL_msgCb();
  36056. test_wolfSSL_either_side();
  36057. test_wolfSSL_DTLS_either_side();
  36058. test_generate_cookie();
  36059. test_wolfSSL_X509_STORE_set_flags();
  36060. test_wolfSSL_X509_LOOKUP_load_file();
  36061. test_wolfSSL_X509_Name_canon();
  36062. test_wolfSSL_X509_LOOKUP_ctrl_file();
  36063. test_wolfSSL_X509_LOOKUP_ctrl_hash_dir();
  36064. test_wolfSSL_X509_NID();
  36065. test_wolfSSL_X509_STORE_CTX_set_time();
  36066. test_wolfSSL_get0_param();
  36067. test_wolfSSL_X509_VERIFY_PARAM_set1_host();
  36068. test_wolfSSL_X509_STORE_CTX_get0_store();
  36069. test_wolfSSL_X509_STORE();
  36070. test_wolfSSL_X509_STORE_load_locations();
  36071. test_wolfSSL_X509_load_crl_file();
  36072. test_wolfSSL_BN();
  36073. test_wolfSSL_CTX_get0_set1_param();
  36074. #ifndef NO_BIO
  36075. test_wolfSSL_PEM_read_bio();
  36076. test_wolfSSL_BIO();
  36077. #endif
  36078. test_wolfSSL_ASN1_STRING();
  36079. test_wolfSSL_ASN1_BIT_STRING();
  36080. test_wolfSSL_a2i_ASN1_INTEGER();
  36081. test_wolfSSL_X509();
  36082. test_wolfSSL_X509_VERIFY_PARAM();
  36083. test_wolfSSL_X509_sign();
  36084. test_wolfSSL_X509_sign2();
  36085. test_wolfSSL_X509_get0_tbs_sigalg();
  36086. test_wolfSSL_X509_ALGOR_get0();
  36087. test_wolfSSL_X509_get_X509_PUBKEY();
  36088. test_wolfSSL_X509_PUBKEY();
  36089. test_wolfSSL_RAND();
  36090. test_wolfSSL_BUF();
  36091. test_wolfSSL_set_tlsext_status_type();
  36092. test_wolfSSL_ASN1_TIME_adj();
  36093. test_wolfSSL_X509_cmp_time();
  36094. test_wolfSSL_X509_time_adj();
  36095. test_wolfSSL_CTX_set_client_CA_list();
  36096. test_wolfSSL_CTX_add_client_CA();
  36097. test_wolfSSL_CTX_set_srp_username();
  36098. test_wolfSSL_CTX_set_srp_password();
  36099. test_wolfSSL_CTX_set_ecdh_auto();
  36100. test_wolfSSL_THREADID_hash();
  36101. test_wolfSSL_RAND_set_rand_method();
  36102. test_wolfSSL_RAND_bytes();
  36103. test_wolfSSL_BN_rand();
  36104. test_wolfSSL_pseudo_rand();
  36105. test_wolfSSL_PKCS8_Compat();
  36106. test_wolfSSL_PKCS8_d2i();
  36107. test_error_queue_per_thread();
  36108. test_wolfSSL_ERR_put_error();
  36109. #ifndef NO_BIO
  36110. test_wolfSSL_ERR_print_errors();
  36111. #endif
  36112. test_wolfSSL_HMAC();
  36113. test_wolfSSL_OBJ();
  36114. test_wolfSSL_i2a_ASN1_OBJECT();
  36115. test_wolfSSL_OBJ_cmp();
  36116. test_wolfSSL_OBJ_txt2nid();
  36117. test_wolfSSL_OBJ_txt2obj();
  36118. test_wolfSSL_X509_NAME_ENTRY();
  36119. test_wolfSSL_X509_set_name();
  36120. test_wolfSSL_X509_set_notAfter();
  36121. test_wolfSSL_X509_set_notBefore();
  36122. test_wolfSSL_X509_set_version();
  36123. #ifndef NO_BIO
  36124. test_wolfSSL_BIO_gets();
  36125. test_wolfSSL_BIO_puts();
  36126. test_wolfSSL_BIO_should_retry();
  36127. test_wolfSSL_d2i_PUBKEY();
  36128. test_wolfSSL_BIO_write();
  36129. test_wolfSSL_BIO_connect();
  36130. test_wolfSSL_BIO_printf();
  36131. test_wolfSSL_BIO_f_md();
  36132. #endif
  36133. test_wolfSSL_SESSION();
  36134. test_wolfSSL_ticket_keys();
  36135. test_wolfSSL_DES_ecb_encrypt();
  36136. test_wolfSSL_sk_GENERAL_NAME();
  36137. test_wolfSSL_MD4();
  36138. test_wolfSSL_RSA();
  36139. test_wolfSSL_RSA_DER();
  36140. test_wolfSSL_RSA_get0_key();
  36141. test_wolfSSL_RSA_meth();
  36142. test_wolfSSL_verify_mode();
  36143. test_wolfSSL_verify_depth();
  36144. test_wolfSSL_HMAC_CTX();
  36145. test_wolfSSL_msg_callback();
  36146. test_wolfSSL_SHA();
  36147. test_wolfSSL_DH_1536_prime();
  36148. test_wolfSSL_PEM_write_DHparams();
  36149. test_wolfSSL_AES_ecb_encrypt();
  36150. test_wolfSSL_MD5();
  36151. test_wolfSSL_MD5_Transform();
  36152. test_wolfSSL_SHA_Transform();
  36153. test_wolfSSL_SHA256();
  36154. test_wolfSSL_SHA256_Transform();
  36155. test_wolfSSL_SHA224();
  36156. test_wolfSSL_SHA512_Transform();
  36157. test_wolfSSL_X509_get_serialNumber();
  36158. test_wolfSSL_X509_CRL();
  36159. test_wolfSSL_d2i_X509_REQ();
  36160. test_wolfSSL_PEM_read_X509();
  36161. test_wolfSSL_PEM_read();
  36162. #ifndef NO_BIO
  36163. test_wolfSSL_PEM_X509_INFO_read_bio();
  36164. test_wolfSSL_PEM_read_bio_ECPKParameters();
  36165. #endif
  36166. test_wolfSSL_X509_NAME_ENTRY_get_object();
  36167. test_wolfSSL_OpenSSL_add_all_algorithms();
  36168. test_wolfSSL_ASN1_STRING_print_ex();
  36169. test_wolfSSL_ASN1_TIME_to_generalizedtime();
  36170. test_wolfSSL_ASN1_INTEGER_set();
  36171. test_wolfSSL_IMPLEMENT_ASN1_FUNCTIONS();
  36172. test_wolfSSL_i2c_ASN1_INTEGER();
  36173. test_wolfSSL_X509_check_ca();
  36174. test_wolfSSL_X509_check_ip_asc();
  36175. test_wolfSSL_DC_cert();
  36176. test_wolfSSL_DES_ncbc();
  36177. test_wolfSSL_AES_cbc_encrypt();
  36178. test_wolfssl_EVP_aes_gcm_AAD_2_parts();
  36179. test_wolfssl_EVP_aes_gcm();
  36180. test_wolfSSL_PKEY_up_ref();
  36181. test_wolfSSL_i2d_PrivateKey();
  36182. test_wolfSSL_OCSP_id_get0_info();
  36183. test_wolfSSL_i2d_OCSP_CERTID();
  36184. test_wolfSSL_OCSP_SINGLERESP_get0_id();
  36185. test_wolfSSL_OCSP_single_get0_status();
  36186. test_wolfSSL_OCSP_resp_count();
  36187. test_wolfSSL_OCSP_resp_get0();
  36188. test_wolfSSL_EVP_PKEY_derive();
  36189. #ifndef NO_RSA
  36190. test_wolfSSL_RSA_padding_add_PKCS1_PSS();
  36191. #endif
  36192. test_CONF_modules_xxx();
  36193. test_CRYPTO_set_dynlock_xxx();
  36194. test_CRYPTO_THREADID_xxx();
  36195. test_ENGINE_cleanup();
  36196. test_wolfSSL_EC_KEY_set_group();
  36197. #if defined(OPENSSL_ALL)
  36198. test_wolfSSL_X509_PUBKEY_get();
  36199. test_wolfSSL_sk_CIPHER_description();
  36200. test_wolfSSL_get_ciphers_compat();
  36201. test_wolfSSL_d2i_DHparams();
  36202. test_wolfSSL_i2d_DHparams();
  36203. test_wolfSSL_ASN1_STRING_to_UTF8();
  36204. test_wolfSSL_ASN1_UNIVERSALSTRING_to_string();
  36205. test_wolfSSL_EC_KEY_dup();
  36206. test_wolfSSL_EVP_PKEY_set1_get1_DSA();
  36207. test_wolfSSL_EVP_PKEY_set1_get1_EC_KEY();
  36208. test_wolfSSL_EVP_PKEY_set1_get1_DH();
  36209. test_wolfSSL_CTX_ctrl();
  36210. test_wolfSSL_DH_check();
  36211. test_wolfSSL_EVP_PKEY_assign();
  36212. test_wolfSSL_EVP_PKEY_base_id();
  36213. test_wolfSSL_EVP_PKEY_id();
  36214. test_wolfSSL_EVP_PKEY_keygen();
  36215. test_wolfSSL_EVP_PKEY_keygen_init();
  36216. test_wolfSSL_EVP_PKEY_missing_parameters();
  36217. test_wolfSSL_EVP_PKEY_CTX_set_rsa_keygen_bits();
  36218. test_wolfSSL_EVP_CIPHER_CTX_iv_length();
  36219. test_wolfSSL_EVP_CIPHER_CTX_key_length();
  36220. test_wolfSSL_EVP_CIPHER_CTX_set_key_length();
  36221. test_wolfSSL_EVP_CIPHER_CTX_set_iv();
  36222. test_wolfSSL_EVP_PKEY_CTX_new_id();
  36223. test_wolfSSL_EVP_rc4();
  36224. test_wolfSSL_EVP_enc_null();
  36225. test_wolfSSL_EVP_rc2_cbc();
  36226. test_wolfSSL_EVP_mdc2();
  36227. test_wolfSSL_EVP_md4();
  36228. test_wolfSSL_EVP_aes_256_gcm();
  36229. test_wolfSSL_EVP_aes_192_gcm();
  36230. test_wolfSSL_EVP_ripemd160();
  36231. test_wolfSSL_EVP_get_digestbynid();
  36232. test_wolfSSL_EVP_PKEY_get0_EC_KEY();
  36233. test_wolfSSL_EVP_X_STATE();
  36234. test_wolfSSL_EVP_X_STATE_LEN();
  36235. test_wolfSSL_EVP_CIPHER_block_size();
  36236. test_wolfSSL_EVP_CIPHER_iv_length();
  36237. test_wolfSSL_EVP_SignInit_ex();
  36238. test_wolfSSL_EVP_DigestFinal_ex();
  36239. test_wolfSSL_EVP_PKEY_assign_DH();
  36240. test_wolfSSL_EVP_BytesToKey();
  36241. test_IncCtr();
  36242. test_wolfSSL_OBJ_ln();
  36243. test_wolfSSL_OBJ_sn();
  36244. test_wolfSSL_TXT_DB();
  36245. test_wolfSSL_NCONF();
  36246. #endif /* OPENSSL_ALL */
  36247. #if (defined(OPENSSL_ALL) || defined(WOLFSSL_ASIO)) && !defined(NO_RSA)
  36248. AssertIntEQ(test_wolfSSL_CTX_use_certificate_ASN1(), WOLFSSL_SUCCESS);
  36249. #ifndef NO_BIO
  36250. test_wolfSSL_d2i_PrivateKeys_bio();
  36251. #endif
  36252. #endif /* OPENSSL_ALL || WOLFSSL_ASIO */
  36253. test_wolfSSL_X509_CA_num();
  36254. test_wolfSSL_X509_get_version();
  36255. #ifndef NO_BIO
  36256. test_wolfSSL_X509_print();
  36257. test_wolfSSL_BIO_get_len();
  36258. #endif
  36259. test_wolfSSL_RSA_verify();
  36260. test_wolfSSL_X509V3_EXT_get();
  36261. test_wolfSSL_X509V3_EXT();
  36262. test_wolfSSL_X509_get_ext();
  36263. test_wolfSSL_X509_get_ext_by_NID();
  36264. test_wolfSSL_X509_get_ext_count();
  36265. test_wolfSSL_X509_EXTENSION_new();
  36266. test_wolfSSL_X509_EXTENSION_get_object();
  36267. test_wolfSSL_X509_EXTENSION_get_data();
  36268. test_wolfSSL_X509_EXTENSION_get_critical();
  36269. test_wolfSSL_X509V3_EXT_print();
  36270. test_wolfSSL_X509_cmp();
  36271. #ifndef NO_BIO
  36272. test_wolfSSL_RSA_print();
  36273. test_wolfSSL_ASN1_STRING_print();
  36274. #endif
  36275. test_wolfSSL_ASN1_get_object();
  36276. test_openssl_generate_key_and_cert();
  36277. test_wolfSSL_EC_get_builtin_curves();
  36278. test_wolfSSL_CRYPTO_memcmp();
  36279. /* test the no op functions for compatibility */
  36280. test_no_op_functions();
  36281. /* OpenSSL EVP_PKEY API tests */
  36282. test_EVP_PKEY_rsa();
  36283. test_wolfSSL_EVP_PKEY_encrypt();
  36284. test_wolfSSL_EVP_PKEY_sign();
  36285. test_EVP_PKEY_ec();
  36286. test_EVP_PKEY_cmp();
  36287. /* OpenSSL error API tests */
  36288. test_ERR_load_crypto_strings();
  36289. /* OpenSSL sk_X509 API test */
  36290. test_sk_X509();
  36291. /* OpenSSL X509 API test */
  36292. test_X509_get_signature_nid();
  36293. /* OpenSSL X509 REQ API test */
  36294. test_X509_REQ();
  36295. /* OpenSSL PKCS7 API test */
  36296. test_wolfssl_PKCS7();
  36297. test_wolfSSL_PKCS7_SIGNED_new();
  36298. #ifndef NO_BIO
  36299. test_wolfSSL_PEM_write_bio_PKCS7();
  36300. #ifdef HAVE_SMIME
  36301. test_wolfSSL_SMIME_read_PKCS7();
  36302. #endif
  36303. #endif
  36304. /* wolfCrypt ASN tests */
  36305. test_wc_GetPkcs8TraditionalOffset();
  36306. test_wc_SetSubjectRaw();
  36307. test_wc_GetSubjectRaw();
  36308. test_wc_SetIssuerRaw();
  36309. test_wc_SetIssueBuffer();
  36310. test_wc_SetSubjectKeyId();
  36311. test_wc_SetSubject();
  36312. test_CheckCertSignature();
  36313. /* wolfCrypt ECC tests */
  36314. test_wc_ecc_get_curve_size_from_name();
  36315. test_wc_ecc_get_curve_id_from_name();
  36316. test_wc_ecc_get_curve_id_from_params();
  36317. #ifdef WOLFSSL_TLS13
  36318. /* TLS v1.3 API tests */
  36319. test_tls13_apis();
  36320. #endif
  36321. #if !defined(NO_CERTS) && (!defined(NO_WOLFSSL_CLIENT) || \
  36322. !defined(WOLFSSL_NO_CLIENT_AUTH))
  36323. /* Use the Cert Manager(CM) API to generate the error ASN_SIG_CONFIRM_E */
  36324. /* Bad certificate signature tests */
  36325. AssertIntEQ(test_EccSigFailure_cm(), ASN_SIG_CONFIRM_E);
  36326. AssertIntEQ(test_RsaSigFailure_cm(), ASN_SIG_CONFIRM_E);
  36327. #endif /* NO_CERTS */
  36328. #ifdef HAVE_PK_CALLBACKS
  36329. /* public key callback tests */
  36330. test_DhCallbacks();
  36331. #endif
  36332. #ifdef HAVE_KEYING_MATERIAL
  36333. test_export_keying_material();
  36334. #endif /* HAVE_KEYING_MATERIAL */
  36335. test_wolfSSL_CTX_get_min_proto_version();
  36336. /*wolfcrypt */
  36337. printf("\n-----------------wolfcrypt unit tests------------------\n");
  36338. AssertFalse(test_wolfCrypt_Init());
  36339. AssertFalse(test_wc_InitMd5());
  36340. AssertFalse(test_wc_Md5Update());
  36341. AssertFalse(test_wc_Md5Final());
  36342. AssertFalse(test_wc_InitSha());
  36343. AssertFalse(test_wc_ShaUpdate());
  36344. AssertFalse(test_wc_ShaFinal());
  36345. AssertFalse(test_wc_InitSha256());
  36346. AssertFalse(test_wc_Sha256Update());
  36347. AssertFalse(test_wc_Sha256Final());
  36348. AssertFalse(test_wc_Sha256FinalRaw());
  36349. AssertFalse(test_wc_Sha256GetFlags());
  36350. AssertFalse(test_wc_Sha256Free());
  36351. AssertFalse(test_wc_Sha256GetHash());
  36352. AssertFalse(test_wc_Sha256Copy());
  36353. AssertFalse(test_wc_InitSha512());
  36354. AssertFalse(test_wc_Sha512Update());
  36355. AssertFalse(test_wc_Sha512Final());
  36356. AssertFalse(test_wc_Sha512GetFlags());
  36357. AssertFalse(test_wc_Sha512FinalRaw());
  36358. AssertFalse(test_wc_Sha512Free());
  36359. AssertFalse(test_wc_Sha512GetHash());
  36360. AssertFalse(test_wc_Sha512Copy());
  36361. AssertFalse(test_wc_InitSha384());
  36362. AssertFalse(test_wc_Sha384Update());
  36363. AssertFalse(test_wc_Sha384Final());
  36364. AssertFalse(test_wc_Sha384GetFlags());
  36365. AssertFalse(test_wc_Sha384FinalRaw());
  36366. AssertFalse(test_wc_Sha384Free());
  36367. AssertFalse(test_wc_Sha384GetHash());
  36368. AssertFalse(test_wc_Sha384Copy());
  36369. AssertFalse(test_wc_InitSha224());
  36370. AssertFalse(test_wc_Sha224Update());
  36371. AssertFalse(test_wc_Sha224Final());
  36372. AssertFalse(test_wc_Sha224SetFlags());
  36373. AssertFalse(test_wc_Sha224GetFlags());
  36374. AssertFalse(test_wc_Sha224Free());
  36375. AssertFalse(test_wc_Sha224GetHash());
  36376. AssertFalse(test_wc_Sha224Copy());
  36377. AssertFalse(test_wc_InitBlake2b());
  36378. AssertFalse(test_wc_InitBlake2b_WithKey());
  36379. AssertFalse(test_wc_InitBlake2s_WithKey());
  36380. AssertFalse(test_wc_InitRipeMd());
  36381. AssertFalse(test_wc_RipeMdUpdate());
  36382. AssertFalse(test_wc_RipeMdFinal());
  36383. AssertIntEQ(test_wc_InitSha3(), 0);
  36384. AssertIntEQ(testing_wc_Sha3_Update(), 0);
  36385. AssertIntEQ(test_wc_Sha3_224_Final(), 0);
  36386. AssertIntEQ(test_wc_Sha3_256_Final(), 0);
  36387. AssertIntEQ(test_wc_Sha3_384_Final(), 0);
  36388. AssertIntEQ(test_wc_Sha3_512_Final(), 0);
  36389. AssertIntEQ(test_wc_Sha3_224_Copy(), 0);
  36390. AssertIntEQ(test_wc_Sha3_256_Copy(), 0);
  36391. AssertIntEQ(test_wc_Sha3_384_Copy(), 0);
  36392. AssertIntEQ(test_wc_Sha3_512_Copy(), 0);
  36393. AssertIntEQ(test_wc_Sha3_GetFlags(), 0);
  36394. AssertIntEQ(test_wc_InitShake256(), 0);
  36395. AssertIntEQ(testing_wc_Shake256_Update(), 0);
  36396. AssertIntEQ(test_wc_Shake256_Final(), 0);
  36397. AssertIntEQ(test_wc_Shake256_Copy(), 0);
  36398. AssertIntEQ(test_wc_Shake256Hash(), 0);
  36399. AssertFalse(test_wc_Md5HmacSetKey());
  36400. AssertFalse(test_wc_Md5HmacUpdate());
  36401. AssertFalse(test_wc_Md5HmacFinal());
  36402. AssertFalse(test_wc_ShaHmacSetKey());
  36403. AssertFalse(test_wc_ShaHmacUpdate());
  36404. AssertFalse(test_wc_ShaHmacFinal());
  36405. AssertFalse(test_wc_Sha224HmacSetKey());
  36406. AssertFalse(test_wc_Sha224HmacUpdate());
  36407. AssertFalse(test_wc_Sha224HmacFinal());
  36408. AssertFalse(test_wc_Sha256HmacSetKey());
  36409. AssertFalse(test_wc_Sha256HmacUpdate());
  36410. AssertFalse(test_wc_Sha256HmacFinal());
  36411. AssertFalse(test_wc_Sha384HmacSetKey());
  36412. AssertFalse(test_wc_Sha384HmacUpdate());
  36413. AssertFalse(test_wc_Sha384HmacFinal());
  36414. AssertIntEQ(test_wc_HashInit(), 0);
  36415. AssertIntEQ(test_wc_HashSetFlags(), 0);
  36416. AssertIntEQ(test_wc_HashGetFlags(), 0);
  36417. AssertIntEQ(test_wc_InitCmac(), 0);
  36418. AssertIntEQ(test_wc_CmacUpdate(), 0);
  36419. AssertIntEQ(test_wc_CmacFinal(), 0);
  36420. AssertIntEQ(test_wc_AesCmacGenerate(), 0);
  36421. AssertIntEQ(test_wc_AesGcmStream(), 0);
  36422. AssertIntEQ(test_wc_Des3_SetIV(), 0);
  36423. AssertIntEQ(test_wc_Des3_SetKey(), 0);
  36424. AssertIntEQ(test_wc_Des3_CbcEncryptDecrypt(), 0);
  36425. AssertIntEQ(test_wc_Des3_CbcEncryptDecryptWithKey(), 0);
  36426. AssertIntEQ(test_wc_Des3_EcbEncrypt(), 0);
  36427. AssertIntEQ(test_wc_IdeaSetKey(), 0);
  36428. AssertIntEQ(test_wc_IdeaSetIV(), 0);
  36429. AssertIntEQ(test_wc_IdeaCipher(), 0);
  36430. AssertIntEQ(test_wc_IdeaCbcEncyptDecrypt(), 0);
  36431. AssertIntEQ(test_wc_Chacha_SetKey(), 0);
  36432. AssertIntEQ(test_wc_Chacha_Process(), 0);
  36433. AssertIntEQ(test_wc_ChaCha20Poly1305_aead(), 0);
  36434. AssertIntEQ(test_wc_Poly1305SetKey(), 0);
  36435. AssertIntEQ(test_wc_CamelliaSetKey(), 0);
  36436. AssertIntEQ(test_wc_CamelliaSetIV(), 0);
  36437. AssertIntEQ(test_wc_CamelliaEncryptDecryptDirect(), 0);
  36438. AssertIntEQ(test_wc_CamelliaCbcEncryptDecrypt(), 0);
  36439. AssertIntEQ(test_wc_RabbitSetKey(), 0);
  36440. AssertIntEQ(test_wc_RabbitProcess(), 0);
  36441. AssertIntEQ(test_wc_Arc4SetKey(), 0);
  36442. AssertIntEQ(test_wc_Arc4Process(), 0);
  36443. AssertIntEQ(test_wc_Rc2SetKey(), 0);
  36444. AssertIntEQ(test_wc_Rc2SetIV(), 0);
  36445. AssertIntEQ(test_wc_Rc2EcbEncryptDecrypt(), 0);
  36446. AssertIntEQ(test_wc_Rc2CbcEncryptDecrypt(), 0);
  36447. AssertIntEQ(test_wc_AesSetKey(), 0);
  36448. AssertIntEQ(test_wc_AesSetIV(), 0);
  36449. AssertIntEQ(test_wc_AesCbcEncryptDecrypt(), 0);
  36450. AssertIntEQ(test_wc_AesCtrEncryptDecrypt(), 0);
  36451. AssertIntEQ(test_wc_AesGcmSetKey(), 0);
  36452. AssertIntEQ(test_wc_AesGcmEncryptDecrypt(), 0);
  36453. AssertIntEQ(test_wc_GmacSetKey(), 0);
  36454. AssertIntEQ(test_wc_GmacUpdate(), 0);
  36455. AssertIntEQ(test_wc_InitRsaKey(), 0);
  36456. AssertIntEQ(test_wc_RsaPrivateKeyDecode(), 0);
  36457. AssertIntEQ(test_wc_RsaPublicKeyDecode(), 0);
  36458. AssertIntEQ(test_wc_RsaPublicKeyDecodeRaw(), 0);
  36459. AssertIntEQ(test_wc_MakeRsaKey(), 0);
  36460. AssertIntEQ(test_wc_SetKeyUsage (), 0);
  36461. AssertIntEQ(test_wc_CheckProbablePrime (), 0);
  36462. AssertIntEQ(test_wc_RsaPSS_Verify (), 0);
  36463. AssertIntEQ(test_wc_RsaPSS_VerifyCheck (), 0);
  36464. AssertIntEQ(test_wc_RsaPSS_VerifyCheckInline (), 0);
  36465. AssertIntEQ(test_wc_SetMutexCb(), 0);
  36466. AssertIntEQ(test_wc_LockMutex_ex(), 0);
  36467. AssertIntEQ(test_wc_RsaKeyToDer(), 0);
  36468. AssertIntEQ(test_wc_RsaKeyToPublicDer(), 0);
  36469. AssertIntEQ(test_wc_RsaPublicEncryptDecrypt(), 0);
  36470. AssertIntEQ(test_wc_RsaPublicEncryptDecrypt_ex(), 0);
  36471. AssertIntEQ(test_wc_RsaEncryptSize(), 0);
  36472. AssertIntEQ(test_wc_RsaSSL_SignVerify(), 0);
  36473. AssertIntEQ(test_wc_RsaFlattenPublicKey(), 0);
  36474. AssertIntEQ(test_RsaDecryptBoundsCheck(), 0);
  36475. AssertIntEQ(test_wc_AesCcmSetKey(), 0);
  36476. AssertIntEQ(test_wc_AesCcmEncryptDecrypt(), 0);
  36477. AssertIntEQ(test_wc_Hc128_SetKey(), 0);
  36478. AssertIntEQ(test_wc_Hc128_Process(), 0);
  36479. AssertIntEQ(test_wc_InitDsaKey(), 0);
  36480. AssertIntEQ(test_wc_DsaSignVerify(), 0);
  36481. AssertIntEQ(test_wc_DsaPublicPrivateKeyDecode(), 0);
  36482. AssertIntEQ(test_wc_MakeDsaKey(), 0);
  36483. AssertIntEQ(test_wc_DsaKeyToDer(), 0);
  36484. AssertIntEQ(test_wc_DsaKeyToPublicDer(), 0);
  36485. AssertIntEQ(test_wc_DsaImportParamsRaw(), 0);
  36486. AssertIntEQ(test_wc_DsaImportParamsRawCheck(), 0);
  36487. AssertIntEQ(test_wc_DsaExportParamsRaw(), 0);
  36488. AssertIntEQ(test_wc_DsaExportKeyRaw(), 0);
  36489. AssertIntEQ(test_wc_SignatureGetSize_ecc(), 0);
  36490. AssertIntEQ(test_wc_SignatureGetSize_rsa(), 0);
  36491. wolfCrypt_Cleanup();
  36492. #ifdef OPENSSL_EXTRA
  36493. /*wolfSSL_EVP_get_cipherbynid test*/
  36494. test_wolfSSL_EVP_get_cipherbynid();
  36495. test_wolfSSL_EVP_CIPHER_CTX();
  36496. #if !defined(HAVE_FIPS) || (defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION>2))
  36497. test_wolfSSL_EC();
  36498. #endif
  36499. test_wolfSSL_ECDSA_SIG();
  36500. test_ECDSA_size_sign();
  36501. test_ED25519();
  36502. test_ED448();
  36503. test_EC_i2d();
  36504. #endif
  36505. #if defined(OPENSSL_EXTRA) && defined(HAVE_ECC) && \
  36506. !defined(HAVE_SELFTEST) && \
  36507. !(defined(HAVE_FIPS) || defined(HAVE_FIPS_VERSION))
  36508. test_wc_ecc_get_curve_id_from_dp_params();
  36509. #endif
  36510. #ifdef HAVE_HASHDRBG
  36511. #ifdef TEST_RESEED_INTERVAL
  36512. AssertIntEQ(test_wc_RNG_GenerateBlock_Reseed(), 0);
  36513. #endif
  36514. AssertIntEQ(test_wc_RNG_GenerateBlock(), 0);
  36515. #endif
  36516. AssertIntEQ(test_get_rand_digit(), 0);
  36517. AssertIntEQ(test_get_digit_count(), 0);
  36518. AssertIntEQ(test_mp_cond_copy(), 0);
  36519. AssertIntEQ(test_mp_rand(), 0);
  36520. AssertIntEQ(test_get_digit(), 0);
  36521. AssertIntEQ(test_wc_export_int(), 0);
  36522. AssertIntEQ(test_wc_InitRngNonce(), 0);
  36523. AssertIntEQ(test_wc_InitRngNonce_ex(), 0);
  36524. AssertIntEQ(test_wc_ed25519_make_key(), 0);
  36525. AssertIntEQ(test_wc_ed25519_init(), 0);
  36526. AssertIntEQ(test_wc_ed25519_sign_msg(), 0);
  36527. AssertIntEQ(test_wc_ed25519_import_public(), 0);
  36528. AssertIntEQ(test_wc_ed25519_import_private_key(), 0);
  36529. AssertIntEQ(test_wc_ed25519_export(), 0);
  36530. AssertIntEQ(test_wc_ed25519_size(), 0);
  36531. AssertIntEQ(test_wc_ed25519_exportKey(), 0);
  36532. AssertIntEQ(test_wc_Ed25519PublicKeyToDer(), 0);
  36533. AssertIntEQ(test_wc_curve25519_init(), 0);
  36534. AssertIntEQ(test_wc_curve25519_size(), 0);
  36535. AssertIntEQ(test_wc_curve25519_export_key_raw(), 0);
  36536. AssertIntEQ(test_wc_curve25519_export_key_raw_ex(), 0);
  36537. AssertIntEQ(test_wc_curve25519_size (), 0);
  36538. AssertIntEQ(test_wc_curve25519_make_key (), 0);
  36539. AssertIntEQ(test_wc_curve25519_shared_secret_ex (), 0);
  36540. AssertIntEQ(test_wc_curve25519_make_pub (), 0);
  36541. AssertIntEQ(test_wc_curve25519_export_public_ex (), 0);
  36542. AssertIntEQ(test_wc_curve25519_export_private_raw_ex (), 0);
  36543. AssertIntEQ(test_wc_curve25519_import_private_raw_ex (), 0);
  36544. AssertIntEQ(test_wc_curve25519_import_private (), 0);
  36545. AssertIntEQ(test_wc_ed448_make_key(), 0);
  36546. AssertIntEQ(test_wc_ed448_init(), 0);
  36547. AssertIntEQ(test_wc_ed448_sign_msg(), 0);
  36548. AssertIntEQ(test_wc_ed448_import_public(), 0);
  36549. AssertIntEQ(test_wc_ed448_import_private_key(), 0);
  36550. AssertIntEQ(test_wc_ed448_export(), 0);
  36551. AssertIntEQ(test_wc_ed448_size(), 0);
  36552. AssertIntEQ(test_wc_ed448_exportKey(), 0);
  36553. AssertIntEQ(test_wc_Ed448PublicKeyToDer(), 0);
  36554. AssertIntEQ(test_wc_curve448_make_key (), 0);
  36555. AssertIntEQ(test_wc_curve448_shared_secret_ex (), 0);
  36556. AssertIntEQ(test_wc_curve448_export_public_ex (), 0);
  36557. AssertIntEQ(test_wc_curve448_export_private_raw_ex (), 0);
  36558. AssertIntEQ(test_wc_curve448_export_key_raw (), 0);
  36559. AssertIntEQ(test_wc_curve448_import_private_raw_ex (), 0);
  36560. AssertIntEQ(test_wc_curve448_import_private (), 0);
  36561. AssertIntEQ(test_wc_curve448_init(), 0);
  36562. AssertIntEQ(test_wc_curve448_size (), 0);
  36563. AssertIntEQ(test_wc_ecc_make_key(), 0);
  36564. AssertIntEQ(test_wc_ecc_init(), 0);
  36565. AssertIntEQ(test_wc_ecc_check_key(), 0);
  36566. AssertIntEQ(test_wc_ecc_get_generator(), 0);
  36567. AssertIntEQ(test_wc_ecc_size(), 0);
  36568. test_wc_ecc_params();
  36569. AssertIntEQ(test_wc_ecc_signVerify_hash(), 0);
  36570. AssertIntEQ(test_wc_ecc_shared_secret(), 0);
  36571. AssertIntEQ(test_wc_ecc_export_x963(), 0);
  36572. AssertIntEQ(test_wc_ecc_export_x963_ex(), 0);
  36573. AssertIntEQ(test_wc_ecc_import_x963(), 0);
  36574. AssertIntEQ(ecc_import_private_key(), 0);
  36575. AssertIntEQ(test_wc_ecc_export_private_only(), 0);
  36576. AssertIntEQ(test_wc_ecc_rs_to_sig(), 0);
  36577. AssertIntEQ(test_wc_ecc_import_raw(), 0);
  36578. AssertIntEQ(test_wc_ecc_import_unsigned(), 0);
  36579. AssertIntEQ(test_wc_ecc_sig_size(), 0);
  36580. AssertIntEQ(test_wc_ecc_ctx_new(), 0);
  36581. AssertIntEQ(test_wc_ecc_ctx_reset(), 0);
  36582. AssertIntEQ(test_wc_ecc_ctx_set_peer_salt(), 0);
  36583. AssertIntEQ(test_wc_ecc_ctx_set_info(), 0);
  36584. AssertIntEQ(test_wc_ecc_encryptDecrypt(), 0);
  36585. AssertIntEQ(test_wc_ecc_del_point(), 0);
  36586. AssertIntEQ(test_wc_ecc_pointFns(), 0);
  36587. AssertIntEQ(test_wc_ecc_shared_secret_ssh(), 0);
  36588. AssertIntEQ(test_wc_ecc_verify_hash_ex(), 0);
  36589. AssertIntEQ(test_wc_ecc_mulmod(), 0);
  36590. AssertIntEQ(test_wc_ecc_is_valid_idx(), 0);
  36591. AssertIntEQ(test_wc_ecc_get_curve_id_from_oid(), 0);
  36592. AssertIntEQ(test_wc_ecc_sig_size_calc(), 0);
  36593. AssertIntEQ(test_ToTraditional(), 0);
  36594. AssertIntEQ(test_wc_EccPrivateKeyToDer(), 0);
  36595. AssertIntEQ(test_wc_Ed25519KeyToDer(), 0);
  36596. AssertIntEQ(test_wc_Ed25519PrivateKeyToDer(), 0);
  36597. AssertIntEQ(test_wc_Ed448KeyToDer(), 0);
  36598. AssertIntEQ(test_wc_Ed448PrivateKeyToDer(), 0);
  36599. AssertIntEQ(test_wc_SetAuthKeyIdFromPublicKey_ex(), 0);
  36600. AssertIntEQ(test_wc_SetSubjectBuffer(), 0);
  36601. AssertIntEQ(test_wc_SetSubjectKeyIdFromPublicKey_ex(), 0);
  36602. test_wc_PKCS7_New();
  36603. test_wc_PKCS7_Init();
  36604. test_wc_PKCS7_InitWithCert();
  36605. test_wc_PKCS7_EncodeData();
  36606. test_wc_PKCS7_EncodeSignedData();
  36607. test_wc_PKCS7_EncodeSignedData_ex();
  36608. test_wc_PKCS7_VerifySignedData();
  36609. test_wc_PKCS7_EncodeDecodeEnvelopedData();
  36610. test_wc_PKCS7_EncodeEncryptedData();
  36611. test_wc_PKCS7_Degenerate();
  36612. test_wc_PKCS7_BER();
  36613. test_PKCS7_signed_enveloped();
  36614. test_wc_PKCS7_NoDefaultSignedAttribs();
  36615. test_wc_PKCS7_SetOriEncryptCtx();
  36616. test_wc_PKCS7_SetOriDecryptCtx();
  36617. test_wc_PKCS7_DecodeCompressedData();
  36618. test_wc_i2d_PKCS12();
  36619. test_wolfSSL_CTX_LoadCRL();
  36620. AssertIntEQ(test_ForceZero(), 0);
  36621. AssertIntEQ(test_wolfSSL_Cleanup(), WOLFSSL_SUCCESS);
  36622. #if !defined(NO_RSA) && !defined(NO_SHA) && !defined(NO_FILESYSTEM) && \
  36623. !defined(NO_CERTS) && (!defined(NO_WOLFSSL_CLIENT) || \
  36624. !defined(WOLFSSL_NO_CLIENT_AUTH))
  36625. AssertIntEQ(test_various_pathlen_chains(), WOLFSSL_SUCCESS);
  36626. #endif
  36627. /* If at some point a stub get implemented this test should fail indicating
  36628. * a need to implement a new test case
  36629. */
  36630. test_stubs_are_stubs();
  36631. #if defined(HAVE_ECC) && defined(FP_ECC) && defined(HAVE_THREAD_LS) \
  36632. && (defined(NO_MAIN_DRIVER) || defined(HAVE_STACK_SIZE))
  36633. wc_ecc_fp_free(); /* free per thread cache */
  36634. #endif
  36635. wolfSSL_Cleanup();
  36636. (void)devId;
  36637. printf(" End API Tests\n");
  36638. }