123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422423424425426427428429430431432433434435436437438439440441442443444445446447448449450451452453454455456457458459460461462463464465466467468469470471472473474475476477478479480481482483484485486487488489490491492493494495496497498499500501502503504505506507508509510511512513514515516517518519520521522523524525526527528529530531532533534535536537538539540541542543544545546547548549550551552553554555556557558559560561562563564565566567568569570571572573574575576577578579580581582583584585586587588589590591592593594595596597598599600601602603604605606607608609610611612613614615616617618619620621622623624625626627628629630631632633634635636637638639640641642643644645646647648649650651652653654655656657658659660661662663664665666667668669670671672673674675676677678679680681682683684685686687688689690691692693694695696697698699700701702703704705706707708709710711712713714715716717718719720721722723724725726727728729730731732733734735736737738739740741742743744745746747748749750751752753754755756757758759760761762763764765766767768769770771772773774775776777778779780781782783784785786787788789790791792793794795796797798799800801802803804805806807808809810811812813814815816817818819820821822823824825826827828829830831832833834835836837838839840841842843844845846847848849850851852853854855856857858859860861862863864865866867868869870871872873874875876877878879880881882883884885886887888889890891892893894895896897898899900901902903904905906907908909910911912913914915916917918919920921922923924925926927928929930931932933934935936937938939940941942943944945946947948949950951952953954955956957958959960961962963964965966967968969970971972973974975976977978979980981982983984985986987988989990991992993994995996997998999100010011002100310041005100610071008100910101011101210131014101510161017101810191020102110221023102410251026102710281029103010311032103310341035103610371038103910401041104210431044104510461047104810491050105110521053105410551056105710581059106010611062106310641065106610671068106910701071107210731074107510761077107810791080108110821083108410851086108710881089109010911092109310941095109610971098109911001101110211031104110511061107110811091110111111121113111411151116111711181119112011211122112311241125112611271128112911301131113211331134113511361137113811391140114111421143114411451146114711481149115011511152115311541155115611571158115911601161116211631164116511661167116811691170117111721173117411751176117711781179118011811182118311841185118611871188118911901191119211931194119511961197119811991200120112021203120412051206120712081209121012111212121312141215121612171218121912201221122212231224122512261227122812291230123112321233123412351236123712381239124012411242124312441245124612471248124912501251125212531254125512561257125812591260126112621263126412651266126712681269127012711272127312741275127612771278127912801281128212831284128512861287128812891290129112921293129412951296129712981299130013011302130313041305130613071308130913101311131213131314131513161317131813191320132113221323132413251326132713281329133013311332133313341335133613371338133913401341134213431344134513461347134813491350135113521353135413551356135713581359136013611362136313641365136613671368136913701371137213731374137513761377137813791380138113821383138413851386138713881389139013911392139313941395139613971398139914001401140214031404140514061407140814091410141114121413141414151416141714181419142014211422142314241425142614271428142914301431143214331434143514361437143814391440144114421443144414451446144714481449145014511452145314541455145614571458145914601461146214631464146514661467146814691470147114721473147414751476147714781479148014811482148314841485148614871488148914901491149214931494149514961497149814991500150115021503150415051506150715081509151015111512151315141515151615171518151915201521152215231524152515261527152815291530153115321533153415351536153715381539154015411542154315441545154615471548154915501551155215531554155515561557155815591560156115621563156415651566156715681569157015711572157315741575157615771578157915801581158215831584158515861587158815891590159115921593159415951596159715981599160016011602160316041605160616071608160916101611161216131614161516161617161816191620162116221623162416251626162716281629163016311632163316341635163616371638163916401641164216431644164516461647164816491650165116521653165416551656165716581659166016611662166316641665166616671668166916701671167216731674167516761677167816791680168116821683168416851686168716881689169016911692169316941695169616971698169917001701170217031704170517061707170817091710171117121713171417151716171717181719172017211722172317241725172617271728172917301731173217331734173517361737173817391740174117421743174417451746174717481749175017511752175317541755175617571758175917601761176217631764176517661767176817691770177117721773177417751776177717781779178017811782178317841785178617871788178917901791179217931794179517961797179817991800180118021803180418051806180718081809181018111812181318141815181618171818181918201821182218231824182518261827182818291830183118321833183418351836183718381839184018411842184318441845184618471848184918501851185218531854185518561857185818591860186118621863186418651866186718681869187018711872187318741875187618771878187918801881188218831884188518861887188818891890189118921893189418951896189718981899190019011902190319041905190619071908190919101911191219131914191519161917191819191920192119221923192419251926192719281929193019311932193319341935193619371938193919401941194219431944194519461947194819491950195119521953195419551956195719581959196019611962196319641965196619671968196919701971197219731974197519761977197819791980198119821983198419851986198719881989199019911992199319941995199619971998199920002001200220032004200520062007200820092010201120122013201420152016201720182019202020212022202320242025202620272028202920302031203220332034203520362037203820392040204120422043204420452046204720482049205020512052205320542055205620572058205920602061206220632064206520662067206820692070207120722073207420752076207720782079208020812082208320842085208620872088208920902091209220932094209520962097209820992100210121022103210421052106210721082109211021112112211321142115211621172118211921202121212221232124212521262127212821292130213121322133213421352136213721382139214021412142214321442145214621472148214921502151215221532154215521562157215821592160216121622163216421652166216721682169217021712172217321742175217621772178217921802181218221832184218521862187218821892190219121922193219421952196219721982199220022012202220322042205220622072208220922102211221222132214221522162217221822192220222122222223222422252226222722282229223022312232223322342235223622372238223922402241224222432244224522462247224822492250225122522253225422552256225722582259226022612262226322642265226622672268226922702271227222732274227522762277227822792280228122822283228422852286228722882289229022912292229322942295229622972298229923002301230223032304230523062307230823092310231123122313231423152316231723182319232023212322232323242325232623272328232923302331233223332334233523362337233823392340234123422343234423452346234723482349235023512352235323542355235623572358235923602361236223632364236523662367236823692370237123722373237423752376237723782379238023812382238323842385238623872388238923902391239223932394239523962397239823992400240124022403240424052406240724082409241024112412241324142415241624172418241924202421242224232424242524262427242824292430243124322433243424352436243724382439244024412442244324442445244624472448244924502451245224532454245524562457245824592460246124622463246424652466246724682469247024712472247324742475247624772478247924802481248224832484248524862487248824892490249124922493249424952496249724982499250025012502250325042505250625072508250925102511251225132514251525162517251825192520252125222523252425252526252725282529253025312532253325342535253625372538253925402541254225432544254525462547254825492550255125522553255425552556255725582559256025612562256325642565256625672568256925702571257225732574257525762577257825792580258125822583258425852586258725882589259025912592259325942595259625972598259926002601260226032604260526062607260826092610261126122613261426152616261726182619262026212622262326242625262626272628262926302631263226332634263526362637263826392640264126422643264426452646264726482649265026512652265326542655265626572658265926602661266226632664266526662667266826692670267126722673267426752676267726782679268026812682268326842685268626872688268926902691269226932694269526962697269826992700270127022703270427052706270727082709271027112712271327142715271627172718271927202721272227232724272527262727272827292730273127322733273427352736273727382739274027412742274327442745274627472748274927502751275227532754275527562757275827592760276127622763276427652766276727682769277027712772277327742775277627772778277927802781278227832784278527862787278827892790279127922793279427952796279727982799280028012802280328042805280628072808280928102811281228132814281528162817281828192820282128222823282428252826282728282829283028312832283328342835283628372838283928402841284228432844284528462847284828492850285128522853285428552856285728582859286028612862286328642865286628672868286928702871287228732874287528762877287828792880288128822883288428852886288728882889289028912892289328942895289628972898289929002901290229032904290529062907290829092910291129122913291429152916291729182919292029212922292329242925292629272928292929302931293229332934293529362937293829392940294129422943294429452946294729482949295029512952295329542955295629572958295929602961296229632964296529662967296829692970297129722973297429752976297729782979298029812982298329842985298629872988298929902991299229932994299529962997299829993000300130023003300430053006300730083009301030113012301330143015301630173018301930203021302230233024302530263027302830293030303130323033303430353036303730383039304030413042304330443045304630473048304930503051305230533054305530563057305830593060306130623063306430653066306730683069307030713072307330743075307630773078307930803081308230833084308530863087308830893090309130923093309430953096309730983099310031013102310331043105310631073108310931103111311231133114311531163117311831193120312131223123312431253126312731283129313031313132313331343135313631373138313931403141314231433144314531463147314831493150315131523153315431553156315731583159316031613162316331643165316631673168316931703171317231733174317531763177317831793180318131823183318431853186318731883189319031913192319331943195319631973198319932003201320232033204320532063207320832093210321132123213321432153216321732183219322032213222322332243225322632273228322932303231323232333234323532363237323832393240324132423243324432453246324732483249325032513252325332543255325632573258325932603261326232633264326532663267326832693270327132723273327432753276327732783279328032813282328332843285328632873288328932903291329232933294329532963297329832993300330133023303330433053306330733083309331033113312331333143315331633173318331933203321332233233324332533263327332833293330333133323333333433353336333733383339334033413342334333443345334633473348334933503351335233533354335533563357335833593360336133623363336433653366336733683369337033713372337333743375337633773378337933803381338233833384338533863387338833893390339133923393339433953396339733983399340034013402340334043405340634073408340934103411341234133414341534163417341834193420342134223423342434253426342734283429343034313432343334343435343634373438343934403441344234433444344534463447344834493450345134523453345434553456345734583459346034613462346334643465346634673468346934703471347234733474347534763477347834793480348134823483348434853486348734883489349034913492349334943495349634973498349935003501350235033504350535063507350835093510351135123513351435153516351735183519352035213522352335243525352635273528352935303531353235333534353535363537353835393540354135423543354435453546354735483549355035513552355335543555355635573558355935603561356235633564356535663567356835693570357135723573357435753576357735783579358035813582358335843585358635873588358935903591359235933594359535963597359835993600360136023603360436053606360736083609361036113612361336143615361636173618361936203621362236233624362536263627362836293630363136323633363436353636363736383639364036413642364336443645364636473648364936503651365236533654365536563657365836593660366136623663366436653666366736683669367036713672367336743675367636773678367936803681368236833684368536863687368836893690369136923693369436953696369736983699370037013702370337043705370637073708370937103711371237133714371537163717371837193720372137223723372437253726372737283729373037313732373337343735373637373738373937403741374237433744374537463747374837493750375137523753375437553756375737583759376037613762376337643765376637673768376937703771377237733774377537763777377837793780378137823783378437853786378737883789379037913792379337943795379637973798379938003801380238033804380538063807380838093810381138123813381438153816381738183819382038213822382338243825382638273828382938303831383238333834383538363837383838393840384138423843384438453846384738483849385038513852385338543855385638573858385938603861386238633864386538663867386838693870387138723873387438753876387738783879388038813882388338843885388638873888388938903891389238933894389538963897389838993900390139023903390439053906390739083909391039113912391339143915391639173918391939203921392239233924392539263927392839293930393139323933393439353936393739383939394039413942394339443945394639473948394939503951395239533954395539563957395839593960396139623963396439653966396739683969397039713972397339743975397639773978397939803981398239833984398539863987398839893990399139923993399439953996399739983999400040014002400340044005400640074008400940104011401240134014401540164017401840194020402140224023402440254026402740284029403040314032403340344035403640374038403940404041404240434044404540464047404840494050405140524053405440554056405740584059406040614062406340644065406640674068406940704071407240734074407540764077407840794080408140824083408440854086408740884089409040914092409340944095409640974098409941004101410241034104410541064107410841094110411141124113411441154116411741184119412041214122412341244125412641274128412941304131413241334134413541364137413841394140414141424143414441454146414741484149415041514152415341544155415641574158415941604161416241634164416541664167416841694170417141724173417441754176417741784179418041814182418341844185418641874188418941904191419241934194419541964197419841994200420142024203420442054206420742084209421042114212421342144215421642174218421942204221422242234224422542264227422842294230423142324233423442354236423742384239424042414242424342444245424642474248424942504251425242534254425542564257425842594260426142624263426442654266426742684269427042714272427342744275427642774278427942804281428242834284428542864287428842894290429142924293429442954296429742984299430043014302430343044305430643074308430943104311431243134314431543164317431843194320432143224323432443254326432743284329433043314332433343344335433643374338433943404341434243434344434543464347434843494350435143524353435443554356435743584359436043614362436343644365436643674368436943704371437243734374437543764377437843794380438143824383438443854386438743884389439043914392439343944395439643974398439944004401440244034404440544064407440844094410441144124413441444154416441744184419442044214422442344244425442644274428442944304431443244334434443544364437443844394440444144424443444444454446444744484449445044514452445344544455445644574458445944604461446244634464446544664467446844694470447144724473447444754476447744784479448044814482448344844485448644874488448944904491449244934494449544964497449844994500450145024503450445054506450745084509451045114512451345144515451645174518451945204521452245234524452545264527452845294530453145324533453445354536453745384539454045414542454345444545454645474548454945504551455245534554455545564557455845594560456145624563456445654566456745684569457045714572457345744575457645774578457945804581458245834584458545864587458845894590459145924593459445954596459745984599460046014602460346044605460646074608460946104611461246134614461546164617461846194620462146224623462446254626462746284629463046314632463346344635463646374638463946404641464246434644464546464647464846494650465146524653465446554656465746584659466046614662466346644665466646674668466946704671467246734674467546764677467846794680468146824683468446854686468746884689469046914692469346944695469646974698469947004701470247034704470547064707470847094710471147124713471447154716471747184719472047214722472347244725472647274728472947304731473247334734473547364737473847394740474147424743474447454746474747484749475047514752475347544755475647574758475947604761476247634764476547664767476847694770477147724773477447754776477747784779478047814782478347844785478647874788478947904791479247934794479547964797479847994800480148024803480448054806480748084809481048114812481348144815481648174818481948204821482248234824482548264827482848294830483148324833483448354836483748384839484048414842484348444845484648474848484948504851485248534854485548564857485848594860486148624863486448654866486748684869487048714872487348744875487648774878487948804881488248834884488548864887488848894890489148924893489448954896489748984899490049014902490349044905490649074908490949104911491249134914491549164917491849194920492149224923492449254926492749284929493049314932493349344935493649374938493949404941494249434944494549464947494849494950495149524953495449554956495749584959496049614962496349644965496649674968496949704971497249734974497549764977497849794980498149824983498449854986498749884989499049914992499349944995499649974998499950005001500250035004500550065007500850095010501150125013501450155016501750185019502050215022502350245025502650275028502950305031503250335034503550365037503850395040504150425043504450455046504750485049505050515052505350545055505650575058505950605061506250635064506550665067506850695070507150725073507450755076507750785079508050815082508350845085508650875088508950905091509250935094509550965097509850995100510151025103510451055106510751085109511051115112511351145115511651175118511951205121512251235124512551265127512851295130513151325133513451355136513751385139514051415142514351445145514651475148514951505151515251535154515551565157515851595160516151625163516451655166516751685169517051715172517351745175517651775178517951805181518251835184518551865187518851895190519151925193519451955196519751985199520052015202520352045205520652075208520952105211521252135214521552165217521852195220522152225223522452255226522752285229523052315232523352345235523652375238523952405241524252435244524552465247524852495250525152525253525452555256525752585259526052615262526352645265526652675268526952705271527252735274527552765277527852795280528152825283528452855286528752885289529052915292529352945295529652975298529953005301530253035304530553065307530853095310531153125313531453155316531753185319532053215322532353245325532653275328532953305331533253335334533553365337533853395340534153425343534453455346534753485349535053515352535353545355535653575358535953605361536253635364536553665367536853695370537153725373537453755376537753785379538053815382538353845385538653875388538953905391539253935394539553965397539853995400540154025403540454055406540754085409541054115412541354145415541654175418541954205421542254235424542554265427542854295430543154325433543454355436543754385439544054415442544354445445544654475448544954505451545254535454545554565457545854595460546154625463546454655466546754685469547054715472547354745475547654775478547954805481548254835484548554865487548854895490549154925493549454955496549754985499550055015502550355045505550655075508550955105511551255135514551555165517551855195520552155225523552455255526552755285529553055315532553355345535553655375538553955405541554255435544554555465547554855495550555155525553555455555556555755585559556055615562556355645565556655675568556955705571557255735574557555765577557855795580558155825583558455855586558755885589559055915592559355945595559655975598559956005601560256035604560556065607560856095610561156125613561456155616561756185619562056215622562356245625562656275628562956305631563256335634563556365637563856395640564156425643564456455646564756485649565056515652565356545655565656575658565956605661566256635664566556665667566856695670567156725673567456755676567756785679568056815682568356845685568656875688568956905691569256935694569556965697569856995700570157025703570457055706570757085709571057115712571357145715571657175718571957205721572257235724572557265727572857295730573157325733573457355736573757385739574057415742574357445745574657475748574957505751575257535754575557565757575857595760576157625763576457655766576757685769577057715772577357745775577657775778577957805781578257835784578557865787578857895790579157925793579457955796579757985799580058015802580358045805580658075808580958105811581258135814581558165817581858195820582158225823582458255826582758285829583058315832583358345835583658375838583958405841584258435844584558465847584858495850585158525853585458555856585758585859586058615862586358645865586658675868586958705871587258735874587558765877587858795880588158825883588458855886588758885889589058915892589358945895589658975898589959005901590259035904590559065907590859095910591159125913591459155916591759185919592059215922592359245925592659275928592959305931593259335934593559365937593859395940594159425943594459455946594759485949595059515952595359545955595659575958595959605961596259635964596559665967596859695970597159725973597459755976597759785979598059815982598359845985598659875988598959905991599259935994599559965997599859996000600160026003600460056006600760086009601060116012601360146015601660176018601960206021602260236024602560266027602860296030603160326033603460356036603760386039604060416042604360446045604660476048604960506051605260536054605560566057605860596060606160626063606460656066606760686069607060716072607360746075607660776078607960806081608260836084608560866087608860896090609160926093609460956096609760986099610061016102610361046105610661076108610961106111611261136114611561166117611861196120612161226123612461256126612761286129613061316132613361346135613661376138613961406141614261436144614561466147614861496150615161526153615461556156615761586159616061616162616361646165616661676168616961706171617261736174617561766177617861796180618161826183618461856186618761886189619061916192619361946195619661976198619962006201620262036204620562066207620862096210621162126213621462156216621762186219622062216222622362246225622662276228622962306231623262336234623562366237623862396240624162426243624462456246624762486249625062516252625362546255625662576258625962606261626262636264626562666267626862696270627162726273627462756276627762786279628062816282628362846285628662876288628962906291629262936294629562966297629862996300630163026303630463056306630763086309631063116312631363146315631663176318631963206321632263236324632563266327632863296330633163326333633463356336633763386339634063416342634363446345634663476348634963506351635263536354635563566357635863596360636163626363636463656366636763686369637063716372637363746375637663776378637963806381638263836384638563866387638863896390639163926393639463956396639763986399640064016402640364046405640664076408640964106411641264136414641564166417641864196420642164226423642464256426642764286429643064316432643364346435643664376438643964406441644264436444644564466447644864496450645164526453645464556456645764586459646064616462646364646465646664676468646964706471647264736474647564766477647864796480648164826483648464856486648764886489649064916492649364946495649664976498649965006501650265036504650565066507650865096510651165126513651465156516651765186519652065216522652365246525652665276528652965306531653265336534653565366537653865396540654165426543654465456546654765486549655065516552655365546555655665576558655965606561656265636564656565666567656865696570657165726573657465756576657765786579658065816582658365846585658665876588658965906591659265936594659565966597659865996600660166026603660466056606660766086609661066116612661366146615661666176618661966206621662266236624662566266627662866296630663166326633663466356636663766386639664066416642664366446645664666476648664966506651665266536654665566566657665866596660666166626663666466656666666766686669667066716672667366746675667666776678667966806681668266836684668566866687668866896690669166926693669466956696669766986699670067016702670367046705670667076708670967106711671267136714671567166717671867196720672167226723672467256726672767286729673067316732673367346735673667376738673967406741674267436744674567466747674867496750675167526753675467556756675767586759676067616762676367646765676667676768676967706771677267736774677567766777677867796780678167826783678467856786678767886789679067916792679367946795679667976798679968006801680268036804680568066807680868096810681168126813681468156816681768186819682068216822682368246825682668276828682968306831683268336834683568366837683868396840684168426843684468456846684768486849685068516852685368546855685668576858685968606861686268636864686568666867686868696870687168726873687468756876687768786879688068816882688368846885688668876888688968906891689268936894689568966897689868996900690169026903690469056906690769086909691069116912691369146915691669176918691969206921692269236924692569266927692869296930693169326933693469356936693769386939694069416942694369446945694669476948694969506951695269536954695569566957695869596960696169626963696469656966696769686969697069716972697369746975697669776978697969806981698269836984698569866987698869896990699169926993699469956996699769986999700070017002700370047005700670077008700970107011701270137014701570167017701870197020702170227023702470257026702770287029703070317032703370347035703670377038703970407041704270437044704570467047704870497050705170527053705470557056705770587059706070617062706370647065706670677068706970707071707270737074707570767077707870797080708170827083708470857086708770887089709070917092709370947095709670977098709971007101710271037104710571067107710871097110711171127113711471157116711771187119712071217122712371247125712671277128712971307131713271337134713571367137713871397140714171427143714471457146714771487149715071517152715371547155715671577158715971607161716271637164716571667167716871697170717171727173717471757176717771787179718071817182718371847185718671877188718971907191719271937194719571967197719871997200720172027203720472057206720772087209721072117212721372147215721672177218721972207221722272237224722572267227722872297230723172327233723472357236723772387239724072417242724372447245724672477248724972507251725272537254725572567257725872597260726172627263726472657266726772687269727072717272727372747275727672777278727972807281728272837284728572867287728872897290729172927293729472957296729772987299730073017302730373047305730673077308730973107311731273137314731573167317731873197320732173227323732473257326732773287329733073317332733373347335733673377338733973407341734273437344734573467347734873497350735173527353735473557356735773587359736073617362736373647365736673677368736973707371737273737374737573767377737873797380738173827383738473857386738773887389739073917392739373947395739673977398739974007401740274037404740574067407740874097410741174127413741474157416741774187419742074217422742374247425742674277428742974307431743274337434743574367437743874397440744174427443744474457446744774487449745074517452745374547455745674577458745974607461746274637464746574667467746874697470747174727473747474757476747774787479748074817482748374847485748674877488748974907491749274937494749574967497749874997500750175027503750475057506750775087509751075117512751375147515751675177518751975207521752275237524752575267527752875297530753175327533753475357536753775387539754075417542754375447545754675477548754975507551755275537554755575567557755875597560756175627563756475657566756775687569757075717572757375747575757675777578757975807581758275837584758575867587758875897590759175927593759475957596759775987599760076017602760376047605760676077608760976107611761276137614761576167617761876197620762176227623762476257626762776287629763076317632763376347635763676377638763976407641764276437644764576467647764876497650765176527653765476557656765776587659766076617662766376647665766676677668766976707671767276737674767576767677767876797680768176827683768476857686768776887689769076917692769376947695769676977698769977007701770277037704770577067707770877097710771177127713771477157716771777187719772077217722772377247725772677277728772977307731773277337734773577367737773877397740774177427743774477457746774777487749775077517752775377547755775677577758775977607761776277637764776577667767776877697770777177727773777477757776777777787779778077817782778377847785778677877788778977907791779277937794779577967797779877997800780178027803780478057806780778087809781078117812781378147815781678177818781978207821782278237824782578267827782878297830783178327833783478357836783778387839784078417842784378447845784678477848784978507851785278537854785578567857785878597860786178627863786478657866786778687869787078717872787378747875787678777878787978807881788278837884788578867887788878897890789178927893789478957896789778987899790079017902790379047905790679077908790979107911791279137914791579167917791879197920792179227923792479257926792779287929793079317932793379347935793679377938793979407941794279437944794579467947794879497950795179527953795479557956795779587959796079617962796379647965796679677968796979707971797279737974797579767977797879797980798179827983798479857986798779887989799079917992799379947995799679977998799980008001800280038004800580068007800880098010801180128013801480158016801780188019802080218022802380248025802680278028802980308031803280338034803580368037803880398040804180428043804480458046804780488049805080518052805380548055805680578058805980608061806280638064806580668067806880698070807180728073807480758076807780788079808080818082808380848085808680878088808980908091809280938094809580968097809880998100810181028103810481058106810781088109811081118112811381148115811681178118811981208121812281238124812581268127812881298130813181328133813481358136813781388139814081418142814381448145814681478148814981508151815281538154815581568157815881598160816181628163816481658166816781688169817081718172817381748175817681778178817981808181818281838184818581868187818881898190819181928193819481958196819781988199820082018202820382048205820682078208820982108211821282138214821582168217821882198220822182228223822482258226822782288229823082318232823382348235823682378238823982408241824282438244824582468247824882498250825182528253825482558256825782588259826082618262826382648265826682678268826982708271827282738274827582768277827882798280828182828283828482858286828782888289829082918292829382948295829682978298829983008301830283038304830583068307830883098310831183128313831483158316831783188319832083218322832383248325832683278328832983308331833283338334833583368337833883398340834183428343834483458346834783488349835083518352835383548355835683578358835983608361836283638364836583668367836883698370837183728373837483758376837783788379838083818382838383848385838683878388838983908391839283938394839583968397839883998400840184028403840484058406840784088409841084118412841384148415841684178418841984208421842284238424842584268427842884298430843184328433843484358436843784388439844084418442844384448445844684478448844984508451845284538454845584568457845884598460846184628463846484658466846784688469847084718472847384748475847684778478847984808481848284838484848584868487848884898490849184928493849484958496849784988499850085018502850385048505850685078508850985108511851285138514851585168517851885198520852185228523852485258526852785288529853085318532853385348535853685378538853985408541854285438544854585468547854885498550855185528553855485558556855785588559856085618562856385648565856685678568856985708571857285738574857585768577857885798580858185828583858485858586858785888589859085918592859385948595859685978598859986008601860286038604860586068607860886098610861186128613861486158616861786188619862086218622862386248625862686278628862986308631863286338634863586368637863886398640864186428643864486458646864786488649865086518652865386548655865686578658865986608661866286638664866586668667866886698670867186728673867486758676867786788679868086818682868386848685868686878688868986908691869286938694869586968697869886998700870187028703870487058706870787088709871087118712871387148715871687178718871987208721872287238724872587268727872887298730873187328733873487358736873787388739874087418742874387448745874687478748874987508751875287538754875587568757875887598760876187628763876487658766876787688769877087718772877387748775877687778778877987808781878287838784878587868787878887898790879187928793879487958796879787988799880088018802880388048805880688078808880988108811881288138814881588168817881888198820882188228823882488258826882788288829883088318832883388348835883688378838883988408841884288438844884588468847884888498850885188528853885488558856885788588859886088618862886388648865886688678868886988708871887288738874887588768877887888798880888188828883888488858886888788888889889088918892889388948895889688978898889989008901890289038904890589068907890889098910891189128913891489158916891789188919892089218922892389248925892689278928892989308931893289338934893589368937893889398940894189428943894489458946894789488949895089518952895389548955895689578958895989608961896289638964896589668967896889698970897189728973897489758976897789788979898089818982898389848985898689878988898989908991899289938994899589968997899889999000900190029003900490059006900790089009901090119012901390149015901690179018901990209021902290239024902590269027902890299030903190329033903490359036903790389039904090419042904390449045904690479048904990509051905290539054905590569057905890599060906190629063906490659066906790689069907090719072907390749075907690779078907990809081908290839084908590869087908890899090909190929093909490959096909790989099910091019102910391049105910691079108910991109111911291139114911591169117911891199120912191229123912491259126912791289129913091319132913391349135913691379138913991409141914291439144914591469147914891499150915191529153915491559156915791589159916091619162916391649165916691679168916991709171917291739174917591769177917891799180918191829183918491859186918791889189919091919192919391949195919691979198919992009201920292039204920592069207920892099210921192129213921492159216921792189219922092219222922392249225922692279228922992309231923292339234923592369237923892399240924192429243924492459246924792489249925092519252925392549255925692579258925992609261926292639264926592669267926892699270927192729273927492759276927792789279928092819282928392849285928692879288928992909291929292939294929592969297929892999300930193029303930493059306930793089309931093119312931393149315931693179318931993209321932293239324932593269327932893299330933193329333933493359336933793389339934093419342934393449345934693479348934993509351935293539354935593569357935893599360936193629363936493659366936793689369937093719372937393749375937693779378937993809381938293839384938593869387938893899390939193929393939493959396939793989399940094019402940394049405940694079408940994109411941294139414941594169417941894199420942194229423942494259426942794289429943094319432943394349435943694379438943994409441944294439444944594469447944894499450945194529453945494559456945794589459946094619462946394649465946694679468946994709471947294739474947594769477947894799480948194829483948494859486948794889489949094919492949394949495949694979498949995009501950295039504950595069507950895099510951195129513951495159516951795189519952095219522952395249525952695279528952995309531953295339534953595369537953895399540954195429543954495459546954795489549955095519552955395549555955695579558955995609561956295639564956595669567956895699570957195729573957495759576957795789579958095819582958395849585958695879588958995909591959295939594959595969597959895999600960196029603960496059606960796089609961096119612961396149615961696179618961996209621962296239624962596269627962896299630963196329633963496359636963796389639964096419642964396449645964696479648964996509651965296539654965596569657965896599660966196629663966496659666966796689669967096719672967396749675967696779678967996809681968296839684968596869687968896899690969196929693969496959696969796989699970097019702970397049705970697079708970997109711971297139714971597169717971897199720972197229723972497259726972797289729973097319732973397349735973697379738973997409741974297439744974597469747974897499750975197529753975497559756975797589759976097619762976397649765976697679768976997709771977297739774977597769777977897799780978197829783978497859786978797889789979097919792979397949795979697979798979998009801980298039804980598069807980898099810981198129813981498159816981798189819982098219822982398249825982698279828982998309831983298339834983598369837983898399840984198429843984498459846984798489849985098519852985398549855985698579858985998609861986298639864986598669867986898699870987198729873987498759876987798789879988098819882988398849885988698879888988998909891989298939894989598969897989898999900990199029903990499059906990799089909991099119912991399149915991699179918991999209921992299239924992599269927992899299930993199329933993499359936993799389939994099419942994399449945994699479948994999509951995299539954995599569957995899599960996199629963996499659966996799689969997099719972997399749975997699779978997999809981998299839984998599869987998899899990999199929993999499959996999799989999100001000110002100031000410005100061000710008100091001010011100121001310014100151001610017100181001910020100211002210023100241002510026100271002810029100301003110032100331003410035100361003710038100391004010041100421004310044100451004610047100481004910050100511005210053100541005510056100571005810059100601006110062100631006410065100661006710068100691007010071100721007310074100751007610077100781007910080100811008210083100841008510086100871008810089100901009110092100931009410095100961009710098100991010010101101021010310104101051010610107101081010910110101111011210113101141011510116101171011810119101201012110122101231012410125101261012710128101291013010131101321013310134101351013610137101381013910140101411014210143101441014510146101471014810149101501015110152101531015410155101561015710158101591016010161101621016310164101651016610167101681016910170101711017210173101741017510176101771017810179101801018110182101831018410185101861018710188101891019010191101921019310194101951019610197101981019910200102011020210203102041020510206102071020810209102101021110212102131021410215102161021710218102191022010221102221022310224102251022610227102281022910230102311023210233102341023510236102371023810239102401024110242102431024410245102461024710248102491025010251102521025310254102551025610257102581025910260102611026210263102641026510266102671026810269102701027110272102731027410275102761027710278102791028010281102821028310284102851028610287102881028910290102911029210293102941029510296102971029810299103001030110302103031030410305103061030710308103091031010311103121031310314103151031610317103181031910320103211032210323103241032510326103271032810329103301033110332103331033410335103361033710338103391034010341103421034310344103451034610347103481034910350103511035210353103541035510356103571035810359103601036110362103631036410365103661036710368103691037010371103721037310374103751037610377103781037910380103811038210383103841038510386103871038810389103901039110392103931039410395103961039710398103991040010401104021040310404104051040610407104081040910410104111041210413104141041510416104171041810419104201042110422104231042410425104261042710428104291043010431104321043310434104351043610437104381043910440104411044210443104441044510446104471044810449104501045110452104531045410455104561045710458104591046010461104621046310464104651046610467104681046910470104711047210473104741047510476104771047810479104801048110482104831048410485104861048710488104891049010491104921049310494104951049610497104981049910500105011050210503105041050510506105071050810509105101051110512105131051410515105161051710518105191052010521105221052310524105251052610527105281052910530105311053210533105341053510536105371053810539105401054110542105431054410545105461054710548105491055010551105521055310554105551055610557105581055910560105611056210563105641056510566105671056810569105701057110572105731057410575105761057710578105791058010581105821058310584105851058610587105881058910590105911059210593105941059510596105971059810599106001060110602106031060410605106061060710608106091061010611106121061310614106151061610617106181061910620106211062210623106241062510626106271062810629106301063110632106331063410635106361063710638106391064010641106421064310644106451064610647106481064910650106511065210653106541065510656106571065810659106601066110662106631066410665106661066710668106691067010671106721067310674106751067610677106781067910680106811068210683106841068510686106871068810689106901069110692106931069410695106961069710698106991070010701107021070310704107051070610707107081070910710107111071210713107141071510716107171071810719107201072110722107231072410725107261072710728107291073010731107321073310734107351073610737107381073910740107411074210743107441074510746107471074810749107501075110752107531075410755107561075710758107591076010761107621076310764107651076610767107681076910770107711077210773107741077510776107771077810779107801078110782107831078410785107861078710788107891079010791107921079310794107951079610797107981079910800108011080210803108041080510806108071080810809108101081110812108131081410815108161081710818108191082010821108221082310824108251082610827108281082910830108311083210833108341083510836108371083810839108401084110842108431084410845108461084710848108491085010851108521085310854108551085610857108581085910860108611086210863108641086510866108671086810869108701087110872108731087410875108761087710878108791088010881108821088310884108851088610887108881088910890108911089210893108941089510896108971089810899109001090110902109031090410905109061090710908109091091010911109121091310914109151091610917109181091910920109211092210923109241092510926109271092810929109301093110932109331093410935109361093710938109391094010941109421094310944109451094610947109481094910950109511095210953109541095510956109571095810959109601096110962109631096410965109661096710968109691097010971109721097310974109751097610977109781097910980109811098210983109841098510986109871098810989109901099110992109931099410995109961099710998109991100011001110021100311004110051100611007110081100911010110111101211013110141101511016110171101811019110201102111022110231102411025110261102711028110291103011031110321103311034110351103611037110381103911040110411104211043110441104511046110471104811049110501105111052110531105411055110561105711058110591106011061110621106311064110651106611067110681106911070110711107211073110741107511076110771107811079110801108111082110831108411085110861108711088110891109011091110921109311094110951109611097110981109911100111011110211103111041110511106111071110811109111101111111112111131111411115111161111711118111191112011121111221112311124111251112611127111281112911130111311113211133111341113511136111371113811139111401114111142111431114411145111461114711148111491115011151111521115311154111551115611157111581115911160111611116211163111641116511166111671116811169111701117111172111731117411175111761117711178111791118011181111821118311184111851118611187111881118911190111911119211193111941119511196111971119811199112001120111202112031120411205112061120711208112091121011211112121121311214112151121611217112181121911220112211122211223112241122511226112271122811229112301123111232112331123411235112361123711238112391124011241112421124311244112451124611247112481124911250112511125211253112541125511256112571125811259112601126111262112631126411265112661126711268112691127011271112721127311274112751127611277112781127911280112811128211283112841128511286112871128811289112901129111292112931129411295112961129711298112991130011301113021130311304113051130611307113081130911310113111131211313113141131511316113171131811319113201132111322113231132411325113261132711328113291133011331113321133311334113351133611337113381133911340113411134211343113441134511346113471134811349113501135111352113531135411355113561135711358113591136011361113621136311364113651136611367113681136911370113711137211373113741137511376113771137811379113801138111382113831138411385113861138711388113891139011391113921139311394113951139611397113981139911400114011140211403114041140511406114071140811409114101141111412114131141411415114161141711418114191142011421114221142311424114251142611427114281142911430114311143211433114341143511436114371143811439114401144111442114431144411445114461144711448114491145011451114521145311454114551145611457114581145911460114611146211463114641146511466114671146811469114701147111472114731147411475114761147711478114791148011481114821148311484114851148611487114881148911490114911149211493114941149511496114971149811499115001150111502115031150411505115061150711508115091151011511115121151311514115151151611517115181151911520115211152211523115241152511526115271152811529115301153111532115331153411535115361153711538115391154011541115421154311544115451154611547115481154911550115511155211553115541155511556115571155811559115601156111562115631156411565115661156711568115691157011571115721157311574115751157611577115781157911580115811158211583115841158511586115871158811589115901159111592115931159411595115961159711598115991160011601116021160311604116051160611607116081160911610116111161211613116141161511616116171161811619116201162111622116231162411625116261162711628116291163011631116321163311634116351163611637116381163911640116411164211643116441164511646116471164811649116501165111652116531165411655116561165711658116591166011661116621166311664116651166611667116681166911670116711167211673116741167511676116771167811679116801168111682116831168411685116861168711688116891169011691116921169311694116951169611697116981169911700117011170211703117041170511706117071170811709117101171111712117131171411715117161171711718117191172011721117221172311724117251172611727117281172911730117311173211733117341173511736117371173811739117401174111742117431174411745117461174711748117491175011751117521175311754117551175611757117581175911760117611176211763117641176511766117671176811769117701177111772117731177411775117761177711778117791178011781117821178311784117851178611787117881178911790117911179211793117941179511796117971179811799118001180111802118031180411805118061180711808118091181011811118121181311814118151181611817118181181911820118211182211823118241182511826118271182811829118301183111832118331183411835118361183711838118391184011841118421184311844118451184611847118481184911850118511185211853118541185511856118571185811859118601186111862118631186411865118661186711868118691187011871118721187311874118751187611877118781187911880118811188211883118841188511886118871188811889118901189111892118931189411895118961189711898118991190011901119021190311904119051190611907119081190911910119111191211913119141191511916119171191811919119201192111922119231192411925119261192711928119291193011931119321193311934119351193611937119381193911940119411194211943119441194511946119471194811949119501195111952119531195411955119561195711958119591196011961119621196311964119651196611967119681196911970119711197211973119741197511976119771197811979119801198111982119831198411985119861198711988119891199011991119921199311994119951199611997119981199912000120011200212003120041200512006120071200812009120101201112012120131201412015120161201712018120191202012021120221202312024120251202612027120281202912030120311203212033120341203512036120371203812039120401204112042120431204412045120461204712048120491205012051120521205312054120551205612057120581205912060120611206212063120641206512066120671206812069120701207112072120731207412075120761207712078120791208012081120821208312084120851208612087120881208912090120911209212093120941209512096120971209812099121001210112102121031210412105121061210712108121091211012111121121211312114121151211612117121181211912120121211212212123121241212512126121271212812129121301213112132121331213412135121361213712138121391214012141121421214312144121451214612147121481214912150121511215212153121541215512156121571215812159121601216112162121631216412165121661216712168121691217012171121721217312174121751217612177121781217912180121811218212183121841218512186121871218812189121901219112192121931219412195121961219712198121991220012201122021220312204122051220612207122081220912210122111221212213122141221512216122171221812219122201222112222122231222412225122261222712228122291223012231122321223312234122351223612237122381223912240122411224212243122441224512246122471224812249122501225112252122531225412255122561225712258122591226012261122621226312264122651226612267122681226912270122711227212273122741227512276122771227812279122801228112282122831228412285122861228712288122891229012291122921229312294122951229612297122981229912300123011230212303123041230512306123071230812309123101231112312123131231412315123161231712318123191232012321123221232312324123251232612327123281232912330123311233212333123341233512336123371233812339123401234112342123431234412345123461234712348123491235012351123521235312354123551235612357123581235912360123611236212363123641236512366123671236812369123701237112372123731237412375123761237712378123791238012381123821238312384123851238612387123881238912390123911239212393123941239512396123971239812399124001240112402124031240412405124061240712408124091241012411124121241312414124151241612417124181241912420124211242212423124241242512426124271242812429124301243112432124331243412435124361243712438124391244012441124421244312444124451244612447124481244912450124511245212453124541245512456124571245812459124601246112462124631246412465124661246712468124691247012471124721247312474124751247612477124781247912480124811248212483124841248512486124871248812489124901249112492124931249412495124961249712498124991250012501125021250312504125051250612507125081250912510125111251212513125141251512516125171251812519125201252112522125231252412525125261252712528125291253012531125321253312534125351253612537125381253912540125411254212543125441254512546125471254812549125501255112552125531255412555125561255712558125591256012561125621256312564125651256612567125681256912570125711257212573125741257512576125771257812579125801258112582125831258412585125861258712588125891259012591125921259312594125951259612597125981259912600126011260212603126041260512606126071260812609126101261112612126131261412615126161261712618126191262012621126221262312624126251262612627126281262912630126311263212633126341263512636126371263812639126401264112642126431264412645126461264712648126491265012651126521265312654126551265612657126581265912660126611266212663126641266512666126671266812669126701267112672126731267412675126761267712678126791268012681126821268312684126851268612687126881268912690126911269212693126941269512696126971269812699127001270112702127031270412705127061270712708127091271012711127121271312714127151271612717127181271912720127211272212723127241272512726127271272812729127301273112732127331273412735127361273712738127391274012741127421274312744127451274612747127481274912750127511275212753127541275512756127571275812759127601276112762127631276412765127661276712768127691277012771127721277312774127751277612777127781277912780127811278212783127841278512786127871278812789127901279112792127931279412795127961279712798127991280012801128021280312804128051280612807128081280912810128111281212813128141281512816128171281812819128201282112822128231282412825128261282712828128291283012831128321283312834128351283612837128381283912840128411284212843128441284512846128471284812849128501285112852128531285412855128561285712858128591286012861128621286312864128651286612867128681286912870128711287212873128741287512876128771287812879128801288112882128831288412885128861288712888128891289012891128921289312894128951289612897128981289912900129011290212903129041290512906129071290812909129101291112912129131291412915129161291712918129191292012921129221292312924129251292612927129281292912930129311293212933129341293512936129371293812939129401294112942129431294412945129461294712948129491295012951129521295312954129551295612957129581295912960129611296212963129641296512966129671296812969129701297112972129731297412975129761297712978129791298012981129821298312984129851298612987129881298912990129911299212993129941299512996129971299812999130001300113002130031300413005130061300713008130091301013011130121301313014130151301613017130181301913020130211302213023130241302513026130271302813029130301303113032130331303413035130361303713038130391304013041130421304313044130451304613047130481304913050130511305213053130541305513056130571305813059130601306113062130631306413065130661306713068130691307013071130721307313074130751307613077130781307913080130811308213083130841308513086130871308813089130901309113092130931309413095130961309713098130991310013101131021310313104131051310613107131081310913110131111311213113131141311513116131171311813119131201312113122131231312413125131261312713128131291313013131131321313313134131351313613137131381313913140131411314213143131441314513146131471314813149131501315113152131531315413155131561315713158131591316013161131621316313164131651316613167131681316913170131711317213173131741317513176131771317813179131801318113182131831318413185131861318713188131891319013191131921319313194131951319613197131981319913200132011320213203132041320513206132071320813209132101321113212132131321413215132161321713218132191322013221132221322313224132251322613227132281322913230132311323213233132341323513236132371323813239132401324113242132431324413245132461324713248132491325013251132521325313254132551325613257132581325913260132611326213263132641326513266132671326813269132701327113272132731327413275132761327713278132791328013281132821328313284132851328613287132881328913290132911329213293132941329513296132971329813299133001330113302133031330413305133061330713308133091331013311133121331313314133151331613317133181331913320133211332213323133241332513326133271332813329133301333113332133331333413335133361333713338133391334013341133421334313344133451334613347133481334913350133511335213353133541335513356133571335813359133601336113362133631336413365133661336713368133691337013371133721337313374133751337613377133781337913380133811338213383133841338513386133871338813389133901339113392133931339413395133961339713398133991340013401134021340313404134051340613407134081340913410134111341213413134141341513416134171341813419134201342113422134231342413425134261342713428134291343013431134321343313434134351343613437134381343913440134411344213443134441344513446134471344813449134501345113452134531345413455134561345713458134591346013461134621346313464134651346613467134681346913470134711347213473134741347513476134771347813479134801348113482134831348413485134861348713488134891349013491134921349313494134951349613497134981349913500135011350213503135041350513506135071350813509135101351113512135131351413515135161351713518135191352013521135221352313524135251352613527135281352913530135311353213533135341353513536135371353813539135401354113542135431354413545135461354713548135491355013551135521355313554135551355613557135581355913560135611356213563135641356513566135671356813569135701357113572135731357413575135761357713578135791358013581135821358313584135851358613587135881358913590135911359213593135941359513596135971359813599136001360113602136031360413605136061360713608136091361013611136121361313614136151361613617136181361913620136211362213623136241362513626136271362813629136301363113632136331363413635136361363713638136391364013641136421364313644136451364613647136481364913650136511365213653136541365513656136571365813659136601366113662136631366413665136661366713668136691367013671136721367313674136751367613677136781367913680136811368213683136841368513686136871368813689136901369113692136931369413695136961369713698136991370013701137021370313704137051370613707137081370913710137111371213713137141371513716137171371813719137201372113722137231372413725137261372713728137291373013731137321373313734137351373613737137381373913740137411374213743137441374513746137471374813749137501375113752137531375413755137561375713758137591376013761137621376313764137651376613767137681376913770137711377213773137741377513776137771377813779137801378113782137831378413785137861378713788137891379013791137921379313794137951379613797137981379913800138011380213803138041380513806138071380813809138101381113812138131381413815138161381713818138191382013821138221382313824138251382613827138281382913830138311383213833138341383513836138371383813839138401384113842138431384413845138461384713848138491385013851138521385313854138551385613857138581385913860138611386213863138641386513866138671386813869138701387113872138731387413875138761387713878138791388013881138821388313884138851388613887138881388913890138911389213893138941389513896138971389813899139001390113902139031390413905139061390713908139091391013911139121391313914139151391613917139181391913920139211392213923139241392513926139271392813929139301393113932139331393413935139361393713938139391394013941139421394313944139451394613947139481394913950139511395213953139541395513956139571395813959139601396113962139631396413965139661396713968139691397013971139721397313974139751397613977139781397913980139811398213983139841398513986139871398813989139901399113992139931399413995139961399713998139991400014001140021400314004140051400614007140081400914010140111401214013140141401514016140171401814019140201402114022140231402414025140261402714028140291403014031140321403314034140351403614037140381403914040140411404214043140441404514046140471404814049140501405114052140531405414055140561405714058140591406014061140621406314064140651406614067140681406914070140711407214073140741407514076140771407814079140801408114082140831408414085140861408714088140891409014091140921409314094140951409614097140981409914100141011410214103141041410514106141071410814109141101411114112141131411414115141161411714118141191412014121141221412314124141251412614127141281412914130141311413214133141341413514136141371413814139141401414114142141431414414145141461414714148141491415014151141521415314154141551415614157141581415914160141611416214163141641416514166141671416814169141701417114172141731417414175141761417714178141791418014181141821418314184141851418614187141881418914190141911419214193141941419514196141971419814199142001420114202142031420414205142061420714208142091421014211142121421314214142151421614217142181421914220142211422214223142241422514226142271422814229142301423114232142331423414235142361423714238142391424014241142421424314244142451424614247142481424914250142511425214253142541425514256142571425814259142601426114262142631426414265142661426714268142691427014271142721427314274142751427614277142781427914280142811428214283142841428514286142871428814289142901429114292142931429414295142961429714298142991430014301143021430314304143051430614307143081430914310143111431214313143141431514316143171431814319143201432114322143231432414325143261432714328143291433014331143321433314334143351433614337143381433914340143411434214343143441434514346143471434814349143501435114352143531435414355143561435714358143591436014361143621436314364143651436614367143681436914370143711437214373143741437514376143771437814379143801438114382143831438414385143861438714388143891439014391143921439314394143951439614397143981439914400144011440214403144041440514406144071440814409144101441114412144131441414415144161441714418144191442014421144221442314424144251442614427144281442914430144311443214433144341443514436144371443814439144401444114442144431444414445144461444714448144491445014451144521445314454144551445614457144581445914460144611446214463144641446514466144671446814469144701447114472144731447414475144761447714478144791448014481144821448314484144851448614487144881448914490144911449214493144941449514496144971449814499145001450114502145031450414505145061450714508145091451014511145121451314514145151451614517145181451914520145211452214523145241452514526145271452814529145301453114532145331453414535145361453714538145391454014541145421454314544145451454614547145481454914550145511455214553145541455514556145571455814559145601456114562145631456414565145661456714568145691457014571145721457314574145751457614577145781457914580145811458214583145841458514586145871458814589145901459114592145931459414595145961459714598145991460014601146021460314604146051460614607146081460914610146111461214613146141461514616146171461814619146201462114622146231462414625146261462714628146291463014631146321463314634146351463614637146381463914640146411464214643146441464514646146471464814649146501465114652146531465414655146561465714658146591466014661146621466314664146651466614667146681466914670146711467214673146741467514676146771467814679146801468114682146831468414685146861468714688146891469014691146921469314694146951469614697146981469914700147011470214703147041470514706147071470814709147101471114712147131471414715147161471714718147191472014721147221472314724147251472614727147281472914730147311473214733147341473514736147371473814739147401474114742147431474414745147461474714748147491475014751147521475314754147551475614757147581475914760147611476214763147641476514766147671476814769147701477114772147731477414775147761477714778147791478014781147821478314784147851478614787147881478914790147911479214793147941479514796147971479814799148001480114802148031480414805148061480714808148091481014811148121481314814148151481614817148181481914820148211482214823148241482514826148271482814829148301483114832148331483414835148361483714838148391484014841148421484314844148451484614847148481484914850148511485214853148541485514856148571485814859148601486114862148631486414865148661486714868148691487014871148721487314874148751487614877148781487914880148811488214883148841488514886148871488814889148901489114892148931489414895148961489714898148991490014901149021490314904149051490614907149081490914910149111491214913149141491514916149171491814919149201492114922149231492414925149261492714928149291493014931149321493314934149351493614937149381493914940149411494214943149441494514946149471494814949149501495114952149531495414955149561495714958149591496014961149621496314964149651496614967149681496914970149711497214973149741497514976149771497814979149801498114982149831498414985149861498714988149891499014991149921499314994149951499614997149981499915000150011500215003150041500515006150071500815009150101501115012150131501415015150161501715018150191502015021150221502315024150251502615027150281502915030150311503215033150341503515036150371503815039150401504115042150431504415045150461504715048150491505015051150521505315054150551505615057150581505915060150611506215063150641506515066150671506815069150701507115072150731507415075150761507715078150791508015081150821508315084150851508615087150881508915090150911509215093150941509515096150971509815099151001510115102151031510415105151061510715108151091511015111151121511315114151151511615117151181511915120151211512215123151241512515126151271512815129151301513115132151331513415135151361513715138151391514015141151421514315144151451514615147151481514915150151511515215153151541515515156151571515815159151601516115162151631516415165151661516715168151691517015171151721517315174151751517615177151781517915180151811518215183151841518515186151871518815189151901519115192151931519415195151961519715198151991520015201152021520315204152051520615207152081520915210152111521215213152141521515216152171521815219152201522115222152231522415225152261522715228152291523015231152321523315234152351523615237152381523915240152411524215243152441524515246152471524815249152501525115252152531525415255152561525715258152591526015261152621526315264152651526615267152681526915270152711527215273152741527515276152771527815279152801528115282152831528415285152861528715288152891529015291152921529315294152951529615297152981529915300153011530215303153041530515306153071530815309153101531115312153131531415315153161531715318153191532015321153221532315324153251532615327153281532915330153311533215333153341533515336153371533815339153401534115342153431534415345153461534715348153491535015351153521535315354153551535615357153581535915360153611536215363153641536515366153671536815369153701537115372153731537415375153761537715378153791538015381153821538315384153851538615387153881538915390153911539215393153941539515396153971539815399154001540115402154031540415405154061540715408154091541015411154121541315414154151541615417154181541915420154211542215423154241542515426154271542815429154301543115432154331543415435154361543715438154391544015441154421544315444154451544615447154481544915450154511545215453154541545515456154571545815459154601546115462154631546415465154661546715468154691547015471154721547315474154751547615477154781547915480154811548215483154841548515486154871548815489154901549115492154931549415495154961549715498154991550015501155021550315504155051550615507155081550915510155111551215513155141551515516155171551815519155201552115522155231552415525155261552715528155291553015531155321553315534155351553615537155381553915540155411554215543155441554515546155471554815549155501555115552155531555415555155561555715558155591556015561155621556315564155651556615567155681556915570155711557215573155741557515576155771557815579155801558115582155831558415585155861558715588155891559015591155921559315594155951559615597155981559915600156011560215603156041560515606156071560815609156101561115612156131561415615156161561715618156191562015621156221562315624156251562615627156281562915630156311563215633156341563515636156371563815639156401564115642156431564415645156461564715648156491565015651156521565315654156551565615657156581565915660156611566215663156641566515666156671566815669156701567115672156731567415675156761567715678156791568015681156821568315684156851568615687156881568915690156911569215693156941569515696156971569815699157001570115702157031570415705157061570715708157091571015711157121571315714157151571615717157181571915720157211572215723157241572515726157271572815729157301573115732157331573415735157361573715738157391574015741157421574315744157451574615747157481574915750157511575215753157541575515756157571575815759157601576115762157631576415765157661576715768157691577015771157721577315774157751577615777157781577915780157811578215783157841578515786157871578815789157901579115792157931579415795157961579715798157991580015801158021580315804158051580615807158081580915810158111581215813158141581515816158171581815819158201582115822158231582415825158261582715828158291583015831158321583315834158351583615837158381583915840158411584215843158441584515846158471584815849158501585115852158531585415855158561585715858158591586015861158621586315864158651586615867158681586915870158711587215873158741587515876158771587815879158801588115882158831588415885158861588715888158891589015891158921589315894158951589615897158981589915900159011590215903159041590515906159071590815909159101591115912159131591415915159161591715918159191592015921159221592315924159251592615927159281592915930159311593215933159341593515936159371593815939159401594115942159431594415945159461594715948159491595015951159521595315954159551595615957159581595915960159611596215963159641596515966159671596815969159701597115972159731597415975159761597715978159791598015981159821598315984159851598615987159881598915990159911599215993159941599515996159971599815999160001600116002160031600416005160061600716008160091601016011160121601316014160151601616017160181601916020160211602216023160241602516026160271602816029160301603116032160331603416035160361603716038160391604016041160421604316044160451604616047160481604916050160511605216053160541605516056160571605816059160601606116062160631606416065160661606716068160691607016071160721607316074160751607616077160781607916080160811608216083160841608516086160871608816089160901609116092160931609416095160961609716098160991610016101161021610316104161051610616107161081610916110161111611216113161141611516116161171611816119161201612116122161231612416125161261612716128161291613016131161321613316134161351613616137161381613916140161411614216143161441614516146161471614816149161501615116152161531615416155161561615716158161591616016161161621616316164161651616616167161681616916170161711617216173161741617516176161771617816179161801618116182161831618416185161861618716188161891619016191161921619316194161951619616197161981619916200162011620216203162041620516206162071620816209162101621116212162131621416215162161621716218162191622016221162221622316224162251622616227162281622916230162311623216233162341623516236162371623816239162401624116242162431624416245162461624716248162491625016251162521625316254162551625616257162581625916260162611626216263162641626516266162671626816269162701627116272162731627416275162761627716278162791628016281162821628316284162851628616287162881628916290162911629216293162941629516296162971629816299163001630116302163031630416305163061630716308163091631016311163121631316314163151631616317163181631916320163211632216323163241632516326163271632816329163301633116332163331633416335163361633716338163391634016341163421634316344163451634616347163481634916350163511635216353163541635516356163571635816359163601636116362163631636416365163661636716368163691637016371163721637316374163751637616377163781637916380163811638216383163841638516386163871638816389163901639116392163931639416395163961639716398163991640016401164021640316404164051640616407164081640916410164111641216413164141641516416164171641816419164201642116422164231642416425164261642716428164291643016431164321643316434164351643616437164381643916440164411644216443164441644516446164471644816449164501645116452164531645416455164561645716458164591646016461164621646316464164651646616467164681646916470164711647216473164741647516476164771647816479164801648116482164831648416485164861648716488164891649016491164921649316494164951649616497164981649916500165011650216503165041650516506165071650816509165101651116512165131651416515165161651716518165191652016521165221652316524165251652616527165281652916530165311653216533165341653516536165371653816539165401654116542165431654416545165461654716548165491655016551165521655316554165551655616557165581655916560165611656216563165641656516566165671656816569165701657116572165731657416575165761657716578165791658016581165821658316584165851658616587165881658916590165911659216593165941659516596165971659816599166001660116602166031660416605166061660716608166091661016611166121661316614166151661616617166181661916620166211662216623166241662516626166271662816629166301663116632166331663416635166361663716638166391664016641166421664316644166451664616647166481664916650166511665216653166541665516656166571665816659166601666116662166631666416665166661666716668166691667016671166721667316674166751667616677166781667916680166811668216683166841668516686166871668816689166901669116692166931669416695166961669716698166991670016701167021670316704167051670616707167081670916710167111671216713167141671516716167171671816719167201672116722167231672416725167261672716728167291673016731167321673316734167351673616737167381673916740167411674216743167441674516746167471674816749167501675116752167531675416755167561675716758167591676016761167621676316764167651676616767167681676916770167711677216773167741677516776167771677816779167801678116782167831678416785167861678716788167891679016791167921679316794167951679616797167981679916800168011680216803168041680516806168071680816809168101681116812168131681416815168161681716818168191682016821168221682316824168251682616827168281682916830168311683216833168341683516836168371683816839168401684116842168431684416845168461684716848168491685016851168521685316854168551685616857168581685916860168611686216863168641686516866168671686816869168701687116872168731687416875168761687716878168791688016881168821688316884168851688616887168881688916890168911689216893168941689516896168971689816899169001690116902169031690416905169061690716908169091691016911169121691316914169151691616917169181691916920169211692216923169241692516926169271692816929169301693116932169331693416935169361693716938169391694016941169421694316944169451694616947169481694916950169511695216953169541695516956169571695816959169601696116962169631696416965169661696716968169691697016971169721697316974169751697616977169781697916980169811698216983169841698516986169871698816989169901699116992169931699416995169961699716998169991700017001170021700317004170051700617007170081700917010170111701217013170141701517016170171701817019170201702117022170231702417025170261702717028170291703017031170321703317034170351703617037170381703917040170411704217043170441704517046170471704817049170501705117052170531705417055170561705717058170591706017061170621706317064170651706617067170681706917070170711707217073170741707517076170771707817079170801708117082170831708417085170861708717088170891709017091170921709317094170951709617097170981709917100171011710217103171041710517106171071710817109171101711117112171131711417115171161711717118171191712017121171221712317124171251712617127171281712917130171311713217133171341713517136171371713817139171401714117142171431714417145171461714717148171491715017151171521715317154171551715617157171581715917160171611716217163171641716517166171671716817169171701717117172171731717417175171761717717178171791718017181171821718317184171851718617187171881718917190171911719217193171941719517196171971719817199172001720117202172031720417205172061720717208172091721017211172121721317214172151721617217172181721917220172211722217223172241722517226172271722817229172301723117232172331723417235172361723717238172391724017241172421724317244172451724617247172481724917250172511725217253172541725517256172571725817259172601726117262172631726417265172661726717268172691727017271172721727317274172751727617277172781727917280172811728217283172841728517286172871728817289172901729117292172931729417295172961729717298172991730017301173021730317304173051730617307173081730917310173111731217313173141731517316173171731817319173201732117322173231732417325173261732717328173291733017331173321733317334173351733617337173381733917340173411734217343173441734517346173471734817349173501735117352173531735417355173561735717358173591736017361173621736317364173651736617367173681736917370173711737217373173741737517376173771737817379173801738117382173831738417385173861738717388173891739017391173921739317394173951739617397173981739917400174011740217403174041740517406174071740817409174101741117412174131741417415174161741717418174191742017421174221742317424174251742617427174281742917430174311743217433174341743517436174371743817439174401744117442174431744417445174461744717448174491745017451174521745317454174551745617457174581745917460174611746217463174641746517466174671746817469174701747117472174731747417475174761747717478174791748017481174821748317484174851748617487174881748917490174911749217493174941749517496174971749817499175001750117502175031750417505175061750717508175091751017511175121751317514175151751617517175181751917520175211752217523175241752517526175271752817529175301753117532175331753417535175361753717538175391754017541175421754317544175451754617547175481754917550175511755217553175541755517556175571755817559175601756117562175631756417565175661756717568175691757017571175721757317574175751757617577175781757917580175811758217583175841758517586175871758817589175901759117592175931759417595175961759717598175991760017601176021760317604176051760617607176081760917610176111761217613176141761517616176171761817619176201762117622176231762417625176261762717628176291763017631176321763317634176351763617637176381763917640176411764217643176441764517646176471764817649176501765117652176531765417655176561765717658176591766017661176621766317664176651766617667176681766917670176711767217673176741767517676176771767817679176801768117682176831768417685176861768717688176891769017691176921769317694176951769617697176981769917700177011770217703177041770517706177071770817709177101771117712177131771417715177161771717718177191772017721177221772317724177251772617727177281772917730177311773217733177341773517736177371773817739177401774117742177431774417745177461774717748177491775017751177521775317754177551775617757177581775917760177611776217763177641776517766177671776817769177701777117772177731777417775177761777717778177791778017781177821778317784177851778617787177881778917790177911779217793177941779517796177971779817799178001780117802178031780417805178061780717808178091781017811178121781317814178151781617817178181781917820178211782217823178241782517826178271782817829178301783117832178331783417835178361783717838178391784017841178421784317844178451784617847178481784917850178511785217853178541785517856178571785817859178601786117862178631786417865178661786717868178691787017871178721787317874178751787617877178781787917880178811788217883178841788517886178871788817889178901789117892178931789417895178961789717898178991790017901179021790317904179051790617907179081790917910179111791217913179141791517916179171791817919179201792117922179231792417925179261792717928179291793017931179321793317934179351793617937179381793917940179411794217943179441794517946179471794817949179501795117952179531795417955179561795717958179591796017961179621796317964179651796617967179681796917970179711797217973179741797517976179771797817979179801798117982179831798417985179861798717988179891799017991179921799317994179951799617997179981799918000180011800218003180041800518006180071800818009180101801118012180131801418015180161801718018180191802018021180221802318024180251802618027180281802918030180311803218033180341803518036180371803818039180401804118042180431804418045180461804718048180491805018051180521805318054180551805618057180581805918060180611806218063180641806518066180671806818069180701807118072180731807418075180761807718078180791808018081180821808318084180851808618087180881808918090180911809218093180941809518096180971809818099181001810118102181031810418105181061810718108181091811018111181121811318114181151811618117181181811918120181211812218123181241812518126181271812818129181301813118132181331813418135181361813718138181391814018141181421814318144181451814618147181481814918150181511815218153181541815518156181571815818159181601816118162181631816418165181661816718168181691817018171181721817318174181751817618177181781817918180181811818218183181841818518186181871818818189181901819118192181931819418195181961819718198181991820018201182021820318204182051820618207182081820918210182111821218213182141821518216182171821818219182201822118222182231822418225182261822718228182291823018231182321823318234182351823618237182381823918240182411824218243182441824518246182471824818249182501825118252182531825418255182561825718258182591826018261182621826318264182651826618267182681826918270182711827218273182741827518276182771827818279182801828118282182831828418285182861828718288182891829018291182921829318294182951829618297182981829918300183011830218303183041830518306183071830818309183101831118312183131831418315183161831718318183191832018321183221832318324183251832618327183281832918330183311833218333183341833518336183371833818339183401834118342183431834418345183461834718348183491835018351183521835318354183551835618357183581835918360183611836218363183641836518366183671836818369183701837118372183731837418375183761837718378183791838018381183821838318384183851838618387183881838918390183911839218393183941839518396183971839818399184001840118402184031840418405184061840718408184091841018411184121841318414184151841618417184181841918420184211842218423184241842518426184271842818429184301843118432184331843418435184361843718438184391844018441184421844318444184451844618447184481844918450184511845218453184541845518456184571845818459184601846118462184631846418465184661846718468184691847018471184721847318474184751847618477184781847918480184811848218483184841848518486184871848818489184901849118492184931849418495184961849718498184991850018501185021850318504185051850618507185081850918510185111851218513185141851518516185171851818519185201852118522185231852418525185261852718528185291853018531185321853318534185351853618537185381853918540185411854218543185441854518546185471854818549185501855118552185531855418555185561855718558185591856018561185621856318564185651856618567185681856918570185711857218573185741857518576185771857818579185801858118582185831858418585185861858718588185891859018591185921859318594185951859618597185981859918600186011860218603186041860518606186071860818609186101861118612186131861418615186161861718618186191862018621186221862318624186251862618627186281862918630186311863218633186341863518636186371863818639186401864118642186431864418645186461864718648186491865018651186521865318654186551865618657186581865918660186611866218663186641866518666186671866818669186701867118672186731867418675186761867718678186791868018681186821868318684186851868618687186881868918690186911869218693186941869518696186971869818699187001870118702187031870418705187061870718708187091871018711187121871318714187151871618717187181871918720187211872218723187241872518726187271872818729187301873118732187331873418735187361873718738187391874018741187421874318744187451874618747187481874918750187511875218753187541875518756187571875818759187601876118762187631876418765187661876718768187691877018771187721877318774187751877618777187781877918780187811878218783187841878518786187871878818789187901879118792187931879418795187961879718798187991880018801188021880318804188051880618807188081880918810188111881218813188141881518816188171881818819188201882118822188231882418825188261882718828188291883018831188321883318834188351883618837188381883918840188411884218843188441884518846188471884818849188501885118852188531885418855188561885718858188591886018861188621886318864188651886618867188681886918870188711887218873188741887518876188771887818879188801888118882188831888418885188861888718888188891889018891188921889318894188951889618897188981889918900189011890218903189041890518906189071890818909189101891118912189131891418915189161891718918189191892018921189221892318924189251892618927189281892918930189311893218933189341893518936189371893818939189401894118942189431894418945189461894718948189491895018951189521895318954189551895618957189581895918960189611896218963189641896518966189671896818969189701897118972189731897418975189761897718978189791898018981189821898318984189851898618987189881898918990189911899218993189941899518996189971899818999190001900119002190031900419005190061900719008190091901019011190121901319014190151901619017190181901919020190211902219023190241902519026190271902819029190301903119032190331903419035190361903719038190391904019041190421904319044190451904619047190481904919050190511905219053190541905519056190571905819059190601906119062190631906419065190661906719068190691907019071190721907319074190751907619077190781907919080190811908219083190841908519086190871908819089190901909119092190931909419095190961909719098190991910019101191021910319104191051910619107191081910919110191111911219113191141911519116191171911819119191201912119122191231912419125191261912719128191291913019131191321913319134191351913619137191381913919140191411914219143191441914519146191471914819149191501915119152191531915419155191561915719158191591916019161191621916319164191651916619167191681916919170191711917219173191741917519176191771917819179191801918119182191831918419185191861918719188191891919019191191921919319194191951919619197191981919919200192011920219203192041920519206192071920819209192101921119212192131921419215192161921719218192191922019221192221922319224192251922619227192281922919230192311923219233192341923519236192371923819239192401924119242192431924419245192461924719248192491925019251192521925319254192551925619257192581925919260192611926219263192641926519266192671926819269192701927119272192731927419275192761927719278192791928019281192821928319284192851928619287192881928919290192911929219293192941929519296192971929819299193001930119302193031930419305193061930719308193091931019311193121931319314193151931619317193181931919320193211932219323193241932519326193271932819329193301933119332193331933419335193361933719338193391934019341193421934319344193451934619347193481934919350193511935219353193541935519356193571935819359193601936119362193631936419365193661936719368193691937019371193721937319374193751937619377193781937919380193811938219383193841938519386193871938819389193901939119392193931939419395193961939719398193991940019401194021940319404194051940619407194081940919410194111941219413194141941519416194171941819419194201942119422194231942419425194261942719428194291943019431194321943319434194351943619437194381943919440194411944219443194441944519446194471944819449194501945119452194531945419455194561945719458194591946019461194621946319464194651946619467194681946919470194711947219473194741947519476194771947819479194801948119482194831948419485194861948719488194891949019491194921949319494194951949619497194981949919500195011950219503195041950519506195071950819509195101951119512195131951419515195161951719518195191952019521195221952319524195251952619527195281952919530195311953219533195341953519536195371953819539195401954119542195431954419545195461954719548195491955019551195521955319554195551955619557195581955919560195611956219563195641956519566195671956819569195701957119572195731957419575195761957719578195791958019581195821958319584195851958619587195881958919590195911959219593195941959519596195971959819599196001960119602196031960419605196061960719608196091961019611196121961319614196151961619617196181961919620196211962219623196241962519626196271962819629196301963119632196331963419635196361963719638196391964019641196421964319644196451964619647196481964919650196511965219653196541965519656196571965819659196601966119662196631966419665196661966719668196691967019671196721967319674196751967619677196781967919680196811968219683196841968519686196871968819689196901969119692196931969419695196961969719698196991970019701197021970319704197051970619707197081970919710197111971219713197141971519716197171971819719197201972119722197231972419725197261972719728197291973019731197321973319734197351973619737197381973919740197411974219743197441974519746197471974819749197501975119752197531975419755197561975719758197591976019761197621976319764197651976619767197681976919770197711977219773197741977519776197771977819779197801978119782197831978419785197861978719788197891979019791197921979319794197951979619797197981979919800198011980219803198041980519806198071980819809198101981119812198131981419815198161981719818198191982019821198221982319824198251982619827198281982919830198311983219833198341983519836198371983819839198401984119842198431984419845198461984719848198491985019851198521985319854198551985619857198581985919860198611986219863198641986519866198671986819869198701987119872198731987419875198761987719878198791988019881198821988319884198851988619887198881988919890198911989219893198941989519896198971989819899199001990119902199031990419905199061990719908199091991019911199121991319914199151991619917199181991919920199211992219923199241992519926199271992819929199301993119932199331993419935199361993719938199391994019941199421994319944199451994619947199481994919950199511995219953199541995519956199571995819959199601996119962199631996419965199661996719968199691997019971199721997319974199751997619977199781997919980199811998219983199841998519986199871998819989199901999119992199931999419995199961999719998199992000020001200022000320004200052000620007200082000920010200112001220013200142001520016200172001820019200202002120022200232002420025200262002720028200292003020031200322003320034200352003620037200382003920040200412004220043200442004520046200472004820049200502005120052200532005420055200562005720058200592006020061200622006320064200652006620067200682006920070200712007220073200742007520076200772007820079200802008120082200832008420085200862008720088200892009020091200922009320094200952009620097200982009920100201012010220103201042010520106201072010820109201102011120112201132011420115201162011720118201192012020121201222012320124201252012620127201282012920130201312013220133201342013520136201372013820139201402014120142201432014420145201462014720148201492015020151201522015320154201552015620157201582015920160201612016220163201642016520166201672016820169201702017120172201732017420175201762017720178201792018020181201822018320184201852018620187201882018920190201912019220193201942019520196201972019820199202002020120202202032020420205202062020720208202092021020211202122021320214202152021620217202182021920220202212022220223202242022520226202272022820229202302023120232202332023420235202362023720238202392024020241202422024320244202452024620247202482024920250202512025220253202542025520256202572025820259202602026120262202632026420265202662026720268202692027020271202722027320274202752027620277202782027920280202812028220283202842028520286202872028820289202902029120292202932029420295202962029720298202992030020301203022030320304203052030620307203082030920310203112031220313203142031520316203172031820319203202032120322203232032420325203262032720328203292033020331203322033320334203352033620337203382033920340203412034220343203442034520346203472034820349203502035120352203532035420355203562035720358203592036020361203622036320364203652036620367203682036920370203712037220373203742037520376203772037820379203802038120382203832038420385203862038720388203892039020391203922039320394203952039620397203982039920400204012040220403204042040520406204072040820409204102041120412204132041420415204162041720418204192042020421204222042320424204252042620427204282042920430204312043220433204342043520436204372043820439204402044120442204432044420445204462044720448204492045020451204522045320454204552045620457204582045920460204612046220463204642046520466204672046820469204702047120472204732047420475204762047720478204792048020481204822048320484204852048620487204882048920490204912049220493204942049520496204972049820499205002050120502205032050420505205062050720508205092051020511205122051320514205152051620517205182051920520205212052220523205242052520526205272052820529205302053120532205332053420535205362053720538205392054020541205422054320544205452054620547205482054920550205512055220553205542055520556205572055820559205602056120562205632056420565205662056720568205692057020571205722057320574205752057620577205782057920580205812058220583205842058520586205872058820589205902059120592205932059420595205962059720598205992060020601206022060320604206052060620607206082060920610206112061220613206142061520616206172061820619206202062120622206232062420625206262062720628206292063020631206322063320634206352063620637206382063920640206412064220643206442064520646206472064820649206502065120652206532065420655206562065720658206592066020661206622066320664206652066620667206682066920670206712067220673206742067520676206772067820679206802068120682206832068420685206862068720688206892069020691206922069320694206952069620697206982069920700207012070220703207042070520706207072070820709207102071120712207132071420715207162071720718207192072020721207222072320724207252072620727207282072920730207312073220733207342073520736207372073820739207402074120742207432074420745207462074720748207492075020751207522075320754207552075620757207582075920760207612076220763207642076520766207672076820769207702077120772207732077420775207762077720778207792078020781207822078320784207852078620787207882078920790207912079220793207942079520796207972079820799208002080120802208032080420805208062080720808208092081020811208122081320814208152081620817208182081920820208212082220823208242082520826208272082820829208302083120832208332083420835208362083720838208392084020841208422084320844208452084620847208482084920850208512085220853208542085520856208572085820859208602086120862208632086420865208662086720868208692087020871208722087320874208752087620877208782087920880208812088220883208842088520886208872088820889208902089120892208932089420895208962089720898208992090020901209022090320904209052090620907209082090920910209112091220913209142091520916209172091820919209202092120922209232092420925209262092720928209292093020931209322093320934209352093620937209382093920940209412094220943209442094520946209472094820949209502095120952209532095420955209562095720958209592096020961209622096320964209652096620967209682096920970209712097220973209742097520976209772097820979209802098120982209832098420985209862098720988209892099020991209922099320994209952099620997209982099921000210012100221003210042100521006210072100821009210102101121012210132101421015210162101721018210192102021021210222102321024210252102621027210282102921030210312103221033210342103521036210372103821039210402104121042210432104421045210462104721048210492105021051210522105321054210552105621057210582105921060210612106221063210642106521066210672106821069210702107121072210732107421075210762107721078210792108021081210822108321084210852108621087210882108921090210912109221093210942109521096210972109821099211002110121102211032110421105211062110721108211092111021111211122111321114211152111621117211182111921120211212112221123211242112521126211272112821129211302113121132211332113421135211362113721138211392114021141211422114321144211452114621147211482114921150211512115221153211542115521156211572115821159211602116121162211632116421165211662116721168211692117021171211722117321174211752117621177211782117921180211812118221183211842118521186211872118821189211902119121192211932119421195211962119721198211992120021201212022120321204212052120621207212082120921210212112121221213212142121521216212172121821219212202122121222212232122421225212262122721228212292123021231212322123321234212352123621237212382123921240212412124221243212442124521246212472124821249212502125121252212532125421255212562125721258212592126021261212622126321264212652126621267212682126921270212712127221273212742127521276212772127821279212802128121282212832128421285212862128721288212892129021291212922129321294212952129621297212982129921300213012130221303213042130521306213072130821309213102131121312213132131421315213162131721318213192132021321213222132321324213252132621327213282132921330213312133221333213342133521336213372133821339213402134121342213432134421345213462134721348213492135021351213522135321354213552135621357213582135921360213612136221363213642136521366213672136821369213702137121372213732137421375213762137721378213792138021381213822138321384213852138621387213882138921390213912139221393213942139521396213972139821399214002140121402214032140421405214062140721408214092141021411214122141321414214152141621417214182141921420214212142221423214242142521426214272142821429214302143121432214332143421435214362143721438214392144021441214422144321444214452144621447214482144921450214512145221453214542145521456214572145821459214602146121462214632146421465214662146721468214692147021471214722147321474214752147621477214782147921480214812148221483214842148521486214872148821489214902149121492214932149421495214962149721498214992150021501215022150321504215052150621507215082150921510215112151221513215142151521516215172151821519215202152121522215232152421525215262152721528215292153021531215322153321534215352153621537215382153921540215412154221543215442154521546215472154821549215502155121552215532155421555215562155721558215592156021561215622156321564215652156621567215682156921570215712157221573215742157521576215772157821579215802158121582215832158421585215862158721588215892159021591215922159321594215952159621597215982159921600216012160221603216042160521606216072160821609216102161121612216132161421615216162161721618216192162021621216222162321624216252162621627216282162921630216312163221633216342163521636216372163821639216402164121642216432164421645216462164721648216492165021651216522165321654216552165621657216582165921660216612166221663216642166521666216672166821669216702167121672216732167421675216762167721678216792168021681216822168321684216852168621687216882168921690216912169221693216942169521696216972169821699217002170121702217032170421705217062170721708217092171021711217122171321714217152171621717217182171921720217212172221723217242172521726217272172821729217302173121732217332173421735217362173721738217392174021741217422174321744217452174621747217482174921750217512175221753217542175521756217572175821759217602176121762217632176421765217662176721768217692177021771217722177321774217752177621777217782177921780217812178221783217842178521786217872178821789217902179121792217932179421795217962179721798217992180021801218022180321804218052180621807218082180921810218112181221813218142181521816218172181821819218202182121822218232182421825218262182721828218292183021831218322183321834218352183621837218382183921840218412184221843218442184521846218472184821849218502185121852218532185421855218562185721858218592186021861218622186321864218652186621867218682186921870218712187221873218742187521876218772187821879218802188121882218832188421885218862188721888218892189021891218922189321894218952189621897218982189921900219012190221903219042190521906219072190821909219102191121912219132191421915219162191721918219192192021921219222192321924219252192621927219282192921930219312193221933219342193521936219372193821939219402194121942219432194421945219462194721948219492195021951219522195321954219552195621957219582195921960219612196221963219642196521966219672196821969219702197121972219732197421975219762197721978219792198021981219822198321984219852198621987219882198921990219912199221993219942199521996219972199821999220002200122002220032200422005220062200722008220092201022011220122201322014220152201622017220182201922020220212202222023220242202522026220272202822029220302203122032220332203422035220362203722038220392204022041220422204322044220452204622047220482204922050220512205222053220542205522056220572205822059220602206122062220632206422065220662206722068220692207022071220722207322074220752207622077220782207922080220812208222083220842208522086220872208822089220902209122092220932209422095220962209722098220992210022101221022210322104221052210622107221082210922110221112211222113221142211522116221172211822119221202212122122221232212422125221262212722128221292213022131221322213322134221352213622137221382213922140221412214222143221442214522146221472214822149221502215122152221532215422155221562215722158221592216022161221622216322164221652216622167221682216922170221712217222173221742217522176221772217822179221802218122182221832218422185221862218722188221892219022191221922219322194221952219622197221982219922200222012220222203222042220522206222072220822209222102221122212222132221422215222162221722218222192222022221222222222322224222252222622227222282222922230222312223222233222342223522236222372223822239222402224122242222432224422245222462224722248222492225022251222522225322254222552225622257222582225922260222612226222263222642226522266222672226822269222702227122272222732227422275222762227722278222792228022281222822228322284222852228622287222882228922290222912229222293222942229522296222972229822299223002230122302223032230422305223062230722308223092231022311223122231322314223152231622317223182231922320223212232222323223242232522326223272232822329223302233122332223332233422335223362233722338223392234022341223422234322344223452234622347223482234922350223512235222353223542235522356223572235822359223602236122362223632236422365223662236722368223692237022371223722237322374223752237622377223782237922380223812238222383223842238522386223872238822389223902239122392223932239422395223962239722398223992240022401224022240322404224052240622407224082240922410224112241222413224142241522416224172241822419224202242122422224232242422425224262242722428224292243022431224322243322434224352243622437224382243922440224412244222443224442244522446224472244822449224502245122452224532245422455224562245722458224592246022461224622246322464224652246622467224682246922470224712247222473224742247522476224772247822479224802248122482224832248422485224862248722488224892249022491224922249322494224952249622497224982249922500225012250222503225042250522506225072250822509225102251122512225132251422515225162251722518225192252022521225222252322524225252252622527225282252922530225312253222533225342253522536225372253822539225402254122542225432254422545225462254722548225492255022551225522255322554225552255622557225582255922560225612256222563225642256522566225672256822569225702257122572225732257422575225762257722578225792258022581225822258322584225852258622587225882258922590225912259222593225942259522596225972259822599226002260122602226032260422605226062260722608226092261022611226122261322614226152261622617226182261922620226212262222623226242262522626226272262822629226302263122632226332263422635226362263722638226392264022641226422264322644226452264622647226482264922650226512265222653226542265522656226572265822659226602266122662226632266422665226662266722668226692267022671226722267322674226752267622677226782267922680226812268222683226842268522686226872268822689226902269122692226932269422695226962269722698226992270022701227022270322704227052270622707227082270922710227112271222713227142271522716227172271822719227202272122722227232272422725227262272722728227292273022731227322273322734227352273622737227382273922740227412274222743227442274522746227472274822749227502275122752227532275422755227562275722758227592276022761227622276322764227652276622767227682276922770227712277222773227742277522776227772277822779227802278122782227832278422785227862278722788227892279022791227922279322794227952279622797227982279922800228012280222803228042280522806228072280822809228102281122812228132281422815228162281722818228192282022821228222282322824228252282622827228282282922830228312283222833228342283522836228372283822839228402284122842228432284422845228462284722848228492285022851228522285322854228552285622857228582285922860228612286222863228642286522866228672286822869228702287122872228732287422875228762287722878228792288022881228822288322884228852288622887228882288922890228912289222893228942289522896228972289822899229002290122902229032290422905229062290722908229092291022911229122291322914229152291622917229182291922920229212292222923229242292522926229272292822929229302293122932229332293422935229362293722938229392294022941229422294322944229452294622947229482294922950229512295222953229542295522956229572295822959229602296122962229632296422965229662296722968229692297022971229722297322974229752297622977229782297922980229812298222983229842298522986229872298822989229902299122992229932299422995229962299722998229992300023001230022300323004230052300623007230082300923010230112301223013230142301523016230172301823019230202302123022230232302423025230262302723028230292303023031230322303323034230352303623037230382303923040230412304223043230442304523046230472304823049230502305123052230532305423055230562305723058230592306023061230622306323064230652306623067230682306923070230712307223073230742307523076230772307823079230802308123082230832308423085230862308723088230892309023091230922309323094230952309623097230982309923100231012310223103231042310523106231072310823109231102311123112231132311423115231162311723118231192312023121231222312323124231252312623127231282312923130231312313223133231342313523136231372313823139231402314123142231432314423145231462314723148231492315023151231522315323154231552315623157231582315923160231612316223163231642316523166231672316823169231702317123172231732317423175231762317723178231792318023181231822318323184231852318623187231882318923190231912319223193231942319523196231972319823199232002320123202232032320423205232062320723208232092321023211232122321323214232152321623217232182321923220232212322223223232242322523226232272322823229232302323123232232332323423235232362323723238232392324023241232422324323244232452324623247232482324923250232512325223253232542325523256232572325823259232602326123262232632326423265232662326723268232692327023271232722327323274232752327623277232782327923280232812328223283232842328523286232872328823289232902329123292232932329423295232962329723298232992330023301233022330323304233052330623307233082330923310233112331223313233142331523316233172331823319233202332123322233232332423325233262332723328233292333023331233322333323334233352333623337233382333923340233412334223343233442334523346233472334823349233502335123352233532335423355233562335723358233592336023361233622336323364233652336623367233682336923370233712337223373233742337523376233772337823379233802338123382233832338423385233862338723388233892339023391233922339323394233952339623397233982339923400234012340223403234042340523406234072340823409234102341123412234132341423415234162341723418234192342023421234222342323424234252342623427234282342923430234312343223433234342343523436234372343823439234402344123442234432344423445234462344723448234492345023451234522345323454234552345623457234582345923460234612346223463234642346523466234672346823469234702347123472234732347423475234762347723478234792348023481234822348323484234852348623487234882348923490234912349223493234942349523496234972349823499235002350123502235032350423505235062350723508235092351023511235122351323514235152351623517235182351923520235212352223523235242352523526235272352823529235302353123532235332353423535235362353723538235392354023541235422354323544235452354623547235482354923550235512355223553235542355523556235572355823559235602356123562235632356423565235662356723568235692357023571235722357323574235752357623577235782357923580235812358223583235842358523586235872358823589235902359123592235932359423595235962359723598235992360023601236022360323604236052360623607236082360923610236112361223613236142361523616236172361823619236202362123622236232362423625236262362723628236292363023631236322363323634236352363623637236382363923640236412364223643236442364523646236472364823649236502365123652236532365423655236562365723658236592366023661236622366323664236652366623667236682366923670236712367223673236742367523676236772367823679236802368123682236832368423685236862368723688236892369023691236922369323694236952369623697236982369923700237012370223703237042370523706237072370823709237102371123712237132371423715237162371723718237192372023721237222372323724237252372623727237282372923730237312373223733237342373523736237372373823739237402374123742237432374423745237462374723748237492375023751237522375323754237552375623757237582375923760237612376223763237642376523766237672376823769237702377123772237732377423775237762377723778237792378023781237822378323784237852378623787237882378923790237912379223793237942379523796237972379823799238002380123802238032380423805238062380723808238092381023811238122381323814238152381623817238182381923820238212382223823238242382523826238272382823829238302383123832238332383423835238362383723838238392384023841238422384323844238452384623847238482384923850238512385223853238542385523856238572385823859238602386123862238632386423865238662386723868238692387023871238722387323874238752387623877238782387923880238812388223883238842388523886238872388823889238902389123892238932389423895238962389723898238992390023901239022390323904239052390623907239082390923910239112391223913239142391523916239172391823919239202392123922239232392423925239262392723928239292393023931239322393323934239352393623937239382393923940239412394223943239442394523946239472394823949239502395123952239532395423955239562395723958239592396023961239622396323964239652396623967239682396923970239712397223973239742397523976239772397823979239802398123982239832398423985239862398723988239892399023991239922399323994239952399623997239982399924000240012400224003240042400524006240072400824009240102401124012240132401424015240162401724018240192402024021240222402324024240252402624027240282402924030240312403224033240342403524036240372403824039240402404124042240432404424045240462404724048240492405024051240522405324054240552405624057240582405924060240612406224063240642406524066240672406824069240702407124072240732407424075240762407724078240792408024081240822408324084240852408624087240882408924090240912409224093240942409524096240972409824099241002410124102241032410424105241062410724108241092411024111241122411324114241152411624117241182411924120241212412224123241242412524126241272412824129241302413124132241332413424135241362413724138241392414024141241422414324144241452414624147241482414924150241512415224153241542415524156241572415824159241602416124162241632416424165241662416724168241692417024171241722417324174241752417624177241782417924180241812418224183241842418524186241872418824189241902419124192241932419424195241962419724198241992420024201242022420324204242052420624207242082420924210242112421224213242142421524216242172421824219242202422124222242232422424225242262422724228242292423024231242322423324234242352423624237242382423924240242412424224243242442424524246242472424824249242502425124252242532425424255242562425724258242592426024261242622426324264242652426624267242682426924270242712427224273242742427524276242772427824279242802428124282242832428424285242862428724288242892429024291242922429324294242952429624297242982429924300243012430224303243042430524306243072430824309243102431124312243132431424315243162431724318243192432024321243222432324324243252432624327243282432924330243312433224333243342433524336243372433824339243402434124342243432434424345243462434724348243492435024351243522435324354243552435624357243582435924360243612436224363243642436524366243672436824369243702437124372243732437424375243762437724378243792438024381243822438324384243852438624387243882438924390243912439224393243942439524396243972439824399244002440124402244032440424405244062440724408244092441024411244122441324414244152441624417244182441924420244212442224423244242442524426244272442824429244302443124432244332443424435244362443724438244392444024441244422444324444244452444624447244482444924450244512445224453244542445524456244572445824459244602446124462244632446424465244662446724468244692447024471244722447324474244752447624477244782447924480244812448224483244842448524486244872448824489244902449124492244932449424495244962449724498244992450024501245022450324504245052450624507245082450924510245112451224513245142451524516245172451824519245202452124522245232452424525245262452724528245292453024531245322453324534245352453624537245382453924540245412454224543245442454524546245472454824549245502455124552245532455424555245562455724558245592456024561245622456324564245652456624567245682456924570245712457224573245742457524576245772457824579245802458124582245832458424585245862458724588245892459024591245922459324594245952459624597245982459924600246012460224603246042460524606246072460824609246102461124612246132461424615246162461724618246192462024621246222462324624246252462624627246282462924630246312463224633246342463524636246372463824639246402464124642246432464424645246462464724648246492465024651246522465324654246552465624657246582465924660246612466224663246642466524666246672466824669246702467124672246732467424675246762467724678246792468024681246822468324684246852468624687246882468924690246912469224693246942469524696246972469824699247002470124702247032470424705247062470724708247092471024711247122471324714247152471624717247182471924720247212472224723247242472524726247272472824729247302473124732247332473424735247362473724738247392474024741247422474324744247452474624747247482474924750247512475224753247542475524756247572475824759247602476124762247632476424765247662476724768247692477024771247722477324774247752477624777247782477924780247812478224783247842478524786247872478824789247902479124792247932479424795247962479724798247992480024801248022480324804248052480624807248082480924810248112481224813248142481524816248172481824819248202482124822248232482424825248262482724828248292483024831248322483324834248352483624837248382483924840248412484224843248442484524846248472484824849248502485124852248532485424855248562485724858248592486024861248622486324864248652486624867248682486924870248712487224873248742487524876248772487824879248802488124882248832488424885248862488724888248892489024891248922489324894248952489624897248982489924900249012490224903249042490524906249072490824909249102491124912249132491424915249162491724918249192492024921249222492324924249252492624927249282492924930249312493224933249342493524936249372493824939249402494124942249432494424945249462494724948249492495024951249522495324954249552495624957249582495924960249612496224963249642496524966249672496824969249702497124972249732497424975249762497724978249792498024981249822498324984249852498624987249882498924990249912499224993249942499524996249972499824999250002500125002250032500425005250062500725008250092501025011250122501325014250152501625017250182501925020250212502225023250242502525026250272502825029250302503125032250332503425035250362503725038250392504025041250422504325044250452504625047250482504925050250512505225053250542505525056250572505825059250602506125062250632506425065250662506725068250692507025071250722507325074250752507625077250782507925080250812508225083250842508525086250872508825089250902509125092250932509425095250962509725098250992510025101251022510325104251052510625107251082510925110251112511225113251142511525116251172511825119251202512125122251232512425125251262512725128251292513025131251322513325134251352513625137251382513925140251412514225143251442514525146251472514825149251502515125152251532515425155251562515725158251592516025161251622516325164251652516625167251682516925170251712517225173251742517525176251772517825179251802518125182251832518425185251862518725188251892519025191251922519325194251952519625197251982519925200252012520225203252042520525206252072520825209252102521125212252132521425215252162521725218252192522025221252222522325224252252522625227252282522925230252312523225233252342523525236252372523825239252402524125242252432524425245252462524725248252492525025251252522525325254252552525625257252582525925260252612526225263252642526525266252672526825269252702527125272252732527425275252762527725278252792528025281252822528325284252852528625287252882528925290252912529225293252942529525296252972529825299253002530125302253032530425305253062530725308253092531025311253122531325314253152531625317253182531925320253212532225323253242532525326253272532825329253302533125332253332533425335253362533725338253392534025341253422534325344253452534625347253482534925350253512535225353253542535525356253572535825359253602536125362253632536425365253662536725368253692537025371253722537325374253752537625377253782537925380253812538225383253842538525386253872538825389253902539125392253932539425395253962539725398253992540025401254022540325404254052540625407254082540925410254112541225413254142541525416254172541825419254202542125422254232542425425254262542725428254292543025431254322543325434254352543625437254382543925440254412544225443254442544525446254472544825449254502545125452254532545425455254562545725458254592546025461254622546325464254652546625467254682546925470254712547225473254742547525476254772547825479254802548125482254832548425485254862548725488254892549025491254922549325494254952549625497254982549925500255012550225503255042550525506255072550825509255102551125512255132551425515255162551725518255192552025521255222552325524255252552625527255282552925530255312553225533255342553525536255372553825539255402554125542255432554425545255462554725548255492555025551255522555325554255552555625557255582555925560255612556225563255642556525566255672556825569255702557125572255732557425575255762557725578255792558025581255822558325584255852558625587255882558925590255912559225593255942559525596255972559825599256002560125602256032560425605256062560725608256092561025611256122561325614256152561625617256182561925620256212562225623256242562525626256272562825629256302563125632256332563425635256362563725638256392564025641256422564325644256452564625647256482564925650256512565225653256542565525656256572565825659256602566125662256632566425665256662566725668256692567025671256722567325674256752567625677256782567925680256812568225683256842568525686256872568825689256902569125692256932569425695256962569725698256992570025701257022570325704257052570625707257082570925710257112571225713257142571525716257172571825719257202572125722257232572425725257262572725728257292573025731257322573325734257352573625737257382573925740257412574225743257442574525746257472574825749257502575125752257532575425755257562575725758257592576025761257622576325764257652576625767257682576925770257712577225773257742577525776257772577825779257802578125782257832578425785257862578725788257892579025791257922579325794257952579625797257982579925800258012580225803258042580525806258072580825809258102581125812258132581425815258162581725818258192582025821258222582325824258252582625827258282582925830258312583225833258342583525836258372583825839258402584125842258432584425845258462584725848258492585025851258522585325854258552585625857258582585925860258612586225863258642586525866258672586825869258702587125872258732587425875258762587725878258792588025881258822588325884258852588625887258882588925890258912589225893258942589525896258972589825899259002590125902259032590425905259062590725908259092591025911259122591325914259152591625917259182591925920259212592225923259242592525926259272592825929259302593125932259332593425935259362593725938259392594025941259422594325944259452594625947259482594925950259512595225953259542595525956259572595825959259602596125962259632596425965259662596725968259692597025971259722597325974259752597625977259782597925980259812598225983259842598525986259872598825989259902599125992259932599425995259962599725998259992600026001260022600326004260052600626007260082600926010260112601226013260142601526016260172601826019260202602126022260232602426025260262602726028260292603026031260322603326034260352603626037260382603926040260412604226043260442604526046260472604826049260502605126052260532605426055260562605726058260592606026061260622606326064260652606626067260682606926070260712607226073260742607526076260772607826079260802608126082260832608426085260862608726088260892609026091260922609326094260952609626097260982609926100261012610226103261042610526106261072610826109261102611126112261132611426115261162611726118261192612026121261222612326124261252612626127261282612926130261312613226133261342613526136261372613826139261402614126142261432614426145261462614726148261492615026151261522615326154261552615626157261582615926160261612616226163261642616526166261672616826169261702617126172261732617426175261762617726178261792618026181261822618326184261852618626187261882618926190261912619226193261942619526196261972619826199262002620126202262032620426205262062620726208262092621026211262122621326214262152621626217262182621926220262212622226223262242622526226262272622826229262302623126232262332623426235262362623726238262392624026241262422624326244262452624626247262482624926250262512625226253262542625526256262572625826259262602626126262262632626426265262662626726268262692627026271262722627326274262752627626277262782627926280262812628226283262842628526286262872628826289262902629126292262932629426295262962629726298262992630026301263022630326304263052630626307263082630926310263112631226313263142631526316263172631826319263202632126322263232632426325263262632726328263292633026331263322633326334263352633626337263382633926340263412634226343263442634526346263472634826349263502635126352263532635426355263562635726358263592636026361263622636326364263652636626367263682636926370263712637226373263742637526376263772637826379263802638126382263832638426385263862638726388263892639026391263922639326394263952639626397263982639926400264012640226403264042640526406264072640826409264102641126412264132641426415264162641726418264192642026421264222642326424264252642626427264282642926430264312643226433264342643526436264372643826439264402644126442264432644426445264462644726448264492645026451264522645326454264552645626457264582645926460264612646226463264642646526466264672646826469264702647126472264732647426475264762647726478264792648026481264822648326484264852648626487264882648926490264912649226493264942649526496264972649826499265002650126502265032650426505265062650726508265092651026511265122651326514265152651626517265182651926520265212652226523265242652526526265272652826529265302653126532265332653426535265362653726538265392654026541265422654326544265452654626547265482654926550265512655226553265542655526556265572655826559265602656126562265632656426565265662656726568265692657026571265722657326574265752657626577265782657926580265812658226583265842658526586265872658826589265902659126592265932659426595265962659726598265992660026601266022660326604266052660626607266082660926610266112661226613266142661526616266172661826619266202662126622266232662426625266262662726628266292663026631266322663326634266352663626637266382663926640266412664226643266442664526646266472664826649266502665126652266532665426655266562665726658266592666026661266622666326664266652666626667266682666926670266712667226673266742667526676266772667826679266802668126682266832668426685266862668726688266892669026691266922669326694266952669626697266982669926700267012670226703267042670526706267072670826709267102671126712267132671426715267162671726718267192672026721267222672326724267252672626727267282672926730267312673226733267342673526736267372673826739267402674126742267432674426745267462674726748267492675026751267522675326754267552675626757267582675926760267612676226763267642676526766267672676826769267702677126772267732677426775267762677726778267792678026781267822678326784267852678626787267882678926790267912679226793267942679526796267972679826799268002680126802268032680426805268062680726808268092681026811268122681326814268152681626817268182681926820268212682226823268242682526826268272682826829268302683126832268332683426835268362683726838268392684026841268422684326844268452684626847268482684926850268512685226853268542685526856268572685826859268602686126862268632686426865268662686726868268692687026871268722687326874268752687626877268782687926880268812688226883268842688526886268872688826889268902689126892268932689426895268962689726898268992690026901269022690326904269052690626907269082690926910269112691226913269142691526916269172691826919269202692126922269232692426925269262692726928269292693026931269322693326934269352693626937269382693926940269412694226943269442694526946269472694826949269502695126952269532695426955269562695726958269592696026961269622696326964269652696626967269682696926970269712697226973269742697526976269772697826979269802698126982269832698426985269862698726988269892699026991269922699326994269952699626997269982699927000270012700227003270042700527006270072700827009270102701127012270132701427015270162701727018270192702027021270222702327024270252702627027270282702927030270312703227033270342703527036270372703827039270402704127042270432704427045270462704727048270492705027051270522705327054270552705627057270582705927060270612706227063270642706527066270672706827069270702707127072270732707427075270762707727078270792708027081270822708327084270852708627087270882708927090270912709227093270942709527096270972709827099271002710127102271032710427105271062710727108271092711027111271122711327114271152711627117271182711927120271212712227123271242712527126271272712827129271302713127132271332713427135271362713727138271392714027141271422714327144271452714627147271482714927150271512715227153271542715527156271572715827159271602716127162271632716427165271662716727168271692717027171271722717327174271752717627177271782717927180271812718227183271842718527186271872718827189271902719127192271932719427195271962719727198271992720027201272022720327204272052720627207272082720927210272112721227213272142721527216272172721827219272202722127222272232722427225272262722727228272292723027231272322723327234272352723627237272382723927240272412724227243272442724527246272472724827249272502725127252272532725427255272562725727258272592726027261272622726327264272652726627267272682726927270272712727227273272742727527276272772727827279272802728127282272832728427285272862728727288272892729027291272922729327294272952729627297272982729927300273012730227303273042730527306273072730827309273102731127312273132731427315273162731727318273192732027321273222732327324273252732627327273282732927330273312733227333273342733527336273372733827339273402734127342273432734427345273462734727348273492735027351273522735327354273552735627357273582735927360273612736227363273642736527366273672736827369273702737127372273732737427375273762737727378273792738027381273822738327384273852738627387273882738927390273912739227393273942739527396273972739827399274002740127402274032740427405274062740727408274092741027411274122741327414274152741627417274182741927420274212742227423274242742527426274272742827429274302743127432274332743427435274362743727438274392744027441274422744327444274452744627447274482744927450274512745227453274542745527456274572745827459274602746127462274632746427465274662746727468274692747027471274722747327474274752747627477274782747927480274812748227483274842748527486274872748827489274902749127492274932749427495274962749727498274992750027501275022750327504275052750627507275082750927510275112751227513275142751527516275172751827519275202752127522275232752427525275262752727528275292753027531275322753327534275352753627537275382753927540275412754227543275442754527546275472754827549275502755127552275532755427555275562755727558275592756027561275622756327564275652756627567275682756927570275712757227573275742757527576275772757827579275802758127582275832758427585275862758727588275892759027591275922759327594275952759627597275982759927600276012760227603276042760527606276072760827609276102761127612276132761427615276162761727618276192762027621276222762327624276252762627627276282762927630276312763227633276342763527636276372763827639276402764127642276432764427645276462764727648276492765027651276522765327654276552765627657276582765927660276612766227663276642766527666276672766827669276702767127672276732767427675276762767727678276792768027681276822768327684276852768627687276882768927690276912769227693276942769527696276972769827699277002770127702277032770427705277062770727708277092771027711277122771327714277152771627717277182771927720277212772227723277242772527726277272772827729277302773127732277332773427735277362773727738277392774027741277422774327744277452774627747277482774927750277512775227753277542775527756277572775827759277602776127762277632776427765277662776727768277692777027771277722777327774277752777627777277782777927780277812778227783277842778527786277872778827789277902779127792277932779427795277962779727798277992780027801278022780327804278052780627807278082780927810278112781227813278142781527816278172781827819278202782127822278232782427825278262782727828278292783027831278322783327834278352783627837278382783927840278412784227843278442784527846278472784827849278502785127852278532785427855278562785727858278592786027861278622786327864278652786627867278682786927870278712787227873278742787527876278772787827879278802788127882278832788427885278862788727888278892789027891278922789327894278952789627897278982789927900279012790227903279042790527906279072790827909279102791127912279132791427915279162791727918279192792027921279222792327924279252792627927279282792927930279312793227933279342793527936279372793827939279402794127942279432794427945279462794727948279492795027951279522795327954279552795627957279582795927960279612796227963279642796527966279672796827969279702797127972279732797427975279762797727978279792798027981279822798327984279852798627987279882798927990279912799227993279942799527996279972799827999280002800128002280032800428005280062800728008280092801028011280122801328014280152801628017280182801928020280212802228023280242802528026280272802828029280302803128032280332803428035280362803728038280392804028041280422804328044280452804628047280482804928050280512805228053280542805528056280572805828059280602806128062280632806428065280662806728068280692807028071280722807328074280752807628077280782807928080280812808228083280842808528086280872808828089280902809128092280932809428095280962809728098280992810028101281022810328104281052810628107281082810928110281112811228113281142811528116281172811828119281202812128122281232812428125281262812728128281292813028131281322813328134281352813628137281382813928140281412814228143281442814528146281472814828149281502815128152281532815428155281562815728158281592816028161281622816328164281652816628167281682816928170281712817228173281742817528176281772817828179281802818128182281832818428185281862818728188281892819028191281922819328194281952819628197281982819928200282012820228203282042820528206282072820828209282102821128212282132821428215282162821728218282192822028221282222822328224282252822628227282282822928230282312823228233282342823528236282372823828239282402824128242282432824428245282462824728248282492825028251282522825328254282552825628257282582825928260282612826228263282642826528266282672826828269282702827128272282732827428275282762827728278282792828028281282822828328284282852828628287282882828928290282912829228293282942829528296282972829828299283002830128302283032830428305283062830728308283092831028311283122831328314283152831628317283182831928320283212832228323283242832528326283272832828329283302833128332283332833428335283362833728338283392834028341283422834328344283452834628347283482834928350283512835228353283542835528356283572835828359283602836128362283632836428365283662836728368283692837028371283722837328374283752837628377283782837928380283812838228383283842838528386283872838828389283902839128392283932839428395283962839728398283992840028401284022840328404284052840628407284082840928410284112841228413284142841528416284172841828419284202842128422284232842428425284262842728428284292843028431284322843328434284352843628437284382843928440284412844228443284442844528446284472844828449284502845128452284532845428455284562845728458284592846028461284622846328464284652846628467284682846928470284712847228473284742847528476284772847828479284802848128482284832848428485284862848728488284892849028491284922849328494284952849628497284982849928500285012850228503285042850528506285072850828509285102851128512285132851428515285162851728518285192852028521285222852328524285252852628527285282852928530285312853228533285342853528536285372853828539285402854128542285432854428545285462854728548285492855028551285522855328554285552855628557285582855928560285612856228563285642856528566285672856828569285702857128572285732857428575285762857728578285792858028581285822858328584285852858628587285882858928590285912859228593285942859528596285972859828599286002860128602286032860428605286062860728608286092861028611286122861328614286152861628617286182861928620286212862228623286242862528626286272862828629286302863128632286332863428635286362863728638286392864028641286422864328644286452864628647286482864928650286512865228653286542865528656286572865828659286602866128662286632866428665286662866728668286692867028671286722867328674286752867628677286782867928680286812868228683286842868528686286872868828689286902869128692286932869428695286962869728698286992870028701287022870328704287052870628707287082870928710287112871228713287142871528716287172871828719287202872128722287232872428725287262872728728287292873028731287322873328734287352873628737287382873928740287412874228743287442874528746287472874828749287502875128752287532875428755287562875728758287592876028761287622876328764287652876628767287682876928770287712877228773287742877528776287772877828779287802878128782287832878428785287862878728788287892879028791287922879328794287952879628797287982879928800288012880228803288042880528806288072880828809288102881128812288132881428815288162881728818288192882028821288222882328824288252882628827288282882928830288312883228833288342883528836288372883828839288402884128842288432884428845288462884728848288492885028851288522885328854288552885628857288582885928860288612886228863288642886528866288672886828869288702887128872288732887428875288762887728878288792888028881288822888328884288852888628887288882888928890288912889228893288942889528896288972889828899289002890128902289032890428905289062890728908289092891028911289122891328914289152891628917289182891928920289212892228923289242892528926289272892828929289302893128932289332893428935289362893728938289392894028941289422894328944289452894628947289482894928950289512895228953289542895528956289572895828959289602896128962289632896428965289662896728968289692897028971289722897328974289752897628977289782897928980289812898228983289842898528986289872898828989289902899128992289932899428995289962899728998289992900029001290022900329004290052900629007290082900929010290112901229013290142901529016290172901829019290202902129022290232902429025290262902729028290292903029031290322903329034290352903629037290382903929040290412904229043290442904529046290472904829049290502905129052290532905429055290562905729058290592906029061290622906329064290652906629067290682906929070290712907229073290742907529076290772907829079290802908129082290832908429085290862908729088290892909029091290922909329094290952909629097290982909929100291012910229103291042910529106291072910829109291102911129112291132911429115291162911729118291192912029121291222912329124291252912629127291282912929130291312913229133291342913529136291372913829139291402914129142291432914429145291462914729148291492915029151291522915329154291552915629157291582915929160291612916229163291642916529166291672916829169291702917129172291732917429175291762917729178291792918029181291822918329184291852918629187291882918929190291912919229193291942919529196291972919829199292002920129202292032920429205292062920729208292092921029211292122921329214292152921629217292182921929220292212922229223292242922529226292272922829229292302923129232292332923429235292362923729238292392924029241292422924329244292452924629247292482924929250292512925229253292542925529256292572925829259292602926129262292632926429265292662926729268292692927029271292722927329274292752927629277292782927929280292812928229283292842928529286292872928829289292902929129292292932929429295292962929729298292992930029301293022930329304293052930629307293082930929310293112931229313293142931529316293172931829319293202932129322293232932429325293262932729328293292933029331293322933329334293352933629337293382933929340293412934229343293442934529346293472934829349293502935129352293532935429355293562935729358293592936029361293622936329364293652936629367293682936929370293712937229373293742937529376293772937829379293802938129382293832938429385293862938729388293892939029391293922939329394293952939629397293982939929400294012940229403294042940529406294072940829409294102941129412294132941429415294162941729418294192942029421294222942329424294252942629427294282942929430294312943229433294342943529436294372943829439294402944129442294432944429445294462944729448294492945029451294522945329454294552945629457294582945929460294612946229463294642946529466294672946829469294702947129472294732947429475294762947729478294792948029481294822948329484294852948629487294882948929490294912949229493294942949529496294972949829499295002950129502295032950429505295062950729508295092951029511295122951329514295152951629517295182951929520295212952229523295242952529526295272952829529295302953129532295332953429535295362953729538295392954029541295422954329544295452954629547295482954929550295512955229553295542955529556295572955829559295602956129562295632956429565295662956729568295692957029571295722957329574295752957629577295782957929580295812958229583295842958529586295872958829589295902959129592295932959429595295962959729598295992960029601296022960329604296052960629607296082960929610296112961229613296142961529616296172961829619296202962129622296232962429625296262962729628296292963029631296322963329634296352963629637296382963929640296412964229643296442964529646296472964829649296502965129652296532965429655296562965729658296592966029661296622966329664296652966629667296682966929670296712967229673296742967529676296772967829679296802968129682296832968429685296862968729688296892969029691296922969329694296952969629697296982969929700297012970229703297042970529706297072970829709297102971129712297132971429715297162971729718297192972029721297222972329724297252972629727297282972929730297312973229733297342973529736297372973829739297402974129742297432974429745297462974729748297492975029751297522975329754297552975629757297582975929760297612976229763297642976529766297672976829769297702977129772297732977429775297762977729778297792978029781297822978329784297852978629787297882978929790297912979229793297942979529796297972979829799298002980129802298032980429805298062980729808298092981029811298122981329814298152981629817298182981929820298212982229823298242982529826298272982829829298302983129832298332983429835298362983729838298392984029841298422984329844298452984629847298482984929850298512985229853298542985529856298572985829859298602986129862298632986429865298662986729868298692987029871298722987329874298752987629877298782987929880298812988229883298842988529886298872988829889298902989129892298932989429895298962989729898298992990029901299022990329904299052990629907299082990929910299112991229913299142991529916299172991829919299202992129922299232992429925299262992729928299292993029931299322993329934299352993629937299382993929940299412994229943299442994529946299472994829949299502995129952299532995429955299562995729958299592996029961299622996329964299652996629967299682996929970299712997229973299742997529976299772997829979299802998129982299832998429985299862998729988299892999029991299922999329994299952999629997299982999930000300013000230003300043000530006300073000830009300103001130012300133001430015300163001730018300193002030021300223002330024300253002630027300283002930030300313003230033300343003530036300373003830039300403004130042300433004430045300463004730048300493005030051300523005330054300553005630057300583005930060300613006230063300643006530066300673006830069300703007130072300733007430075300763007730078300793008030081300823008330084300853008630087300883008930090300913009230093300943009530096300973009830099301003010130102301033010430105301063010730108301093011030111301123011330114301153011630117301183011930120301213012230123301243012530126301273012830129301303013130132301333013430135301363013730138301393014030141301423014330144301453014630147301483014930150301513015230153301543015530156301573015830159301603016130162301633016430165301663016730168301693017030171301723017330174301753017630177301783017930180301813018230183301843018530186301873018830189301903019130192301933019430195301963019730198301993020030201302023020330204302053020630207302083020930210302113021230213302143021530216302173021830219302203022130222302233022430225302263022730228302293023030231302323023330234302353023630237302383023930240302413024230243302443024530246302473024830249302503025130252302533025430255302563025730258302593026030261302623026330264302653026630267302683026930270302713027230273302743027530276302773027830279302803028130282302833028430285302863028730288302893029030291302923029330294302953029630297302983029930300303013030230303303043030530306303073030830309303103031130312303133031430315303163031730318303193032030321303223032330324303253032630327303283032930330303313033230333303343033530336303373033830339303403034130342303433034430345303463034730348303493035030351303523035330354303553035630357303583035930360303613036230363303643036530366303673036830369303703037130372303733037430375303763037730378303793038030381303823038330384303853038630387303883038930390303913039230393303943039530396303973039830399304003040130402304033040430405304063040730408304093041030411304123041330414304153041630417304183041930420304213042230423304243042530426304273042830429304303043130432304333043430435304363043730438304393044030441304423044330444304453044630447304483044930450304513045230453304543045530456304573045830459304603046130462304633046430465304663046730468304693047030471304723047330474304753047630477304783047930480304813048230483304843048530486304873048830489304903049130492304933049430495304963049730498304993050030501305023050330504305053050630507305083050930510305113051230513305143051530516305173051830519305203052130522305233052430525305263052730528305293053030531305323053330534305353053630537305383053930540305413054230543305443054530546305473054830549305503055130552305533055430555305563055730558305593056030561305623056330564305653056630567305683056930570305713057230573305743057530576305773057830579305803058130582305833058430585305863058730588305893059030591305923059330594305953059630597305983059930600306013060230603306043060530606306073060830609306103061130612306133061430615306163061730618306193062030621306223062330624306253062630627306283062930630306313063230633306343063530636306373063830639306403064130642306433064430645306463064730648306493065030651306523065330654306553065630657306583065930660306613066230663306643066530666306673066830669306703067130672306733067430675306763067730678306793068030681306823068330684306853068630687306883068930690306913069230693306943069530696306973069830699307003070130702307033070430705307063070730708307093071030711307123071330714307153071630717307183071930720307213072230723307243072530726307273072830729307303073130732307333073430735307363073730738307393074030741307423074330744307453074630747307483074930750307513075230753307543075530756307573075830759307603076130762307633076430765307663076730768307693077030771307723077330774307753077630777307783077930780307813078230783307843078530786307873078830789307903079130792307933079430795307963079730798307993080030801308023080330804308053080630807308083080930810308113081230813308143081530816308173081830819308203082130822308233082430825308263082730828308293083030831308323083330834308353083630837308383083930840308413084230843308443084530846308473084830849308503085130852308533085430855308563085730858308593086030861308623086330864308653086630867308683086930870308713087230873308743087530876308773087830879308803088130882308833088430885308863088730888308893089030891308923089330894308953089630897308983089930900309013090230903309043090530906309073090830909309103091130912309133091430915309163091730918309193092030921309223092330924309253092630927309283092930930309313093230933309343093530936309373093830939309403094130942309433094430945309463094730948309493095030951309523095330954309553095630957309583095930960309613096230963309643096530966309673096830969309703097130972309733097430975309763097730978309793098030981309823098330984309853098630987309883098930990309913099230993309943099530996309973099830999310003100131002310033100431005310063100731008310093101031011310123101331014310153101631017310183101931020310213102231023310243102531026310273102831029310303103131032310333103431035310363103731038310393104031041310423104331044310453104631047310483104931050310513105231053310543105531056310573105831059310603106131062310633106431065310663106731068310693107031071310723107331074310753107631077310783107931080310813108231083310843108531086310873108831089310903109131092310933109431095310963109731098310993110031101311023110331104311053110631107311083110931110311113111231113311143111531116311173111831119311203112131122311233112431125311263112731128311293113031131311323113331134311353113631137311383113931140311413114231143311443114531146311473114831149311503115131152311533115431155311563115731158311593116031161311623116331164311653116631167311683116931170311713117231173311743117531176311773117831179311803118131182311833118431185311863118731188311893119031191311923119331194311953119631197311983119931200312013120231203312043120531206312073120831209312103121131212312133121431215312163121731218312193122031221312223122331224312253122631227312283122931230312313123231233312343123531236312373123831239312403124131242312433124431245312463124731248312493125031251312523125331254312553125631257312583125931260312613126231263312643126531266312673126831269312703127131272312733127431275312763127731278312793128031281312823128331284312853128631287312883128931290312913129231293312943129531296312973129831299313003130131302313033130431305313063130731308313093131031311313123131331314313153131631317313183131931320313213132231323313243132531326313273132831329313303133131332313333133431335313363133731338313393134031341313423134331344313453134631347313483134931350313513135231353313543135531356313573135831359313603136131362313633136431365313663136731368313693137031371313723137331374313753137631377313783137931380313813138231383313843138531386313873138831389313903139131392313933139431395313963139731398313993140031401314023140331404314053140631407314083140931410314113141231413314143141531416314173141831419314203142131422314233142431425314263142731428314293143031431314323143331434314353143631437314383143931440314413144231443314443144531446314473144831449314503145131452314533145431455314563145731458314593146031461314623146331464314653146631467314683146931470314713147231473314743147531476314773147831479314803148131482314833148431485314863148731488314893149031491314923149331494314953149631497314983149931500315013150231503315043150531506315073150831509315103151131512315133151431515315163151731518315193152031521315223152331524315253152631527315283152931530315313153231533315343153531536315373153831539315403154131542315433154431545315463154731548315493155031551315523155331554315553155631557315583155931560315613156231563315643156531566315673156831569315703157131572315733157431575315763157731578315793158031581315823158331584315853158631587315883158931590315913159231593315943159531596315973159831599316003160131602316033160431605316063160731608316093161031611316123161331614316153161631617316183161931620316213162231623316243162531626316273162831629316303163131632316333163431635316363163731638316393164031641316423164331644316453164631647316483164931650316513165231653316543165531656316573165831659316603166131662316633166431665316663166731668316693167031671316723167331674316753167631677316783167931680316813168231683316843168531686316873168831689316903169131692316933169431695316963169731698316993170031701317023170331704317053170631707317083170931710317113171231713317143171531716317173171831719317203172131722317233172431725317263172731728317293173031731317323173331734317353173631737317383173931740317413174231743317443174531746317473174831749317503175131752317533175431755317563175731758317593176031761317623176331764317653176631767317683176931770317713177231773317743177531776317773177831779317803178131782317833178431785317863178731788317893179031791317923179331794317953179631797317983179931800318013180231803318043180531806318073180831809318103181131812318133181431815318163181731818318193182031821318223182331824318253182631827318283182931830318313183231833318343183531836318373183831839318403184131842318433184431845318463184731848318493185031851318523185331854318553185631857318583185931860318613186231863318643186531866318673186831869318703187131872318733187431875318763187731878318793188031881318823188331884318853188631887318883188931890318913189231893318943189531896318973189831899319003190131902319033190431905319063190731908319093191031911319123191331914319153191631917319183191931920319213192231923319243192531926319273192831929319303193131932319333193431935319363193731938319393194031941319423194331944319453194631947319483194931950319513195231953319543195531956319573195831959319603196131962319633196431965319663196731968319693197031971319723197331974319753197631977319783197931980319813198231983319843198531986319873198831989319903199131992319933199431995319963199731998319993200032001320023200332004320053200632007320083200932010320113201232013320143201532016320173201832019320203202132022320233202432025320263202732028320293203032031320323203332034320353203632037320383203932040320413204232043320443204532046320473204832049320503205132052320533205432055320563205732058320593206032061320623206332064320653206632067320683206932070320713207232073320743207532076320773207832079320803208132082320833208432085320863208732088320893209032091320923209332094320953209632097320983209932100321013210232103321043210532106321073210832109321103211132112321133211432115321163211732118321193212032121321223212332124321253212632127321283212932130321313213232133321343213532136321373213832139321403214132142321433214432145321463214732148321493215032151321523215332154321553215632157321583215932160321613216232163321643216532166321673216832169321703217132172321733217432175321763217732178321793218032181321823218332184321853218632187321883218932190321913219232193321943219532196321973219832199322003220132202322033220432205322063220732208322093221032211322123221332214322153221632217322183221932220322213222232223322243222532226322273222832229322303223132232322333223432235322363223732238322393224032241322423224332244322453224632247322483224932250322513225232253322543225532256322573225832259322603226132262322633226432265322663226732268322693227032271322723227332274322753227632277322783227932280322813228232283322843228532286322873228832289322903229132292322933229432295322963229732298322993230032301323023230332304323053230632307323083230932310323113231232313323143231532316323173231832319323203232132322323233232432325323263232732328323293233032331323323233332334323353233632337323383233932340323413234232343323443234532346323473234832349323503235132352323533235432355323563235732358323593236032361323623236332364323653236632367323683236932370323713237232373323743237532376323773237832379323803238132382323833238432385323863238732388323893239032391323923239332394323953239632397323983239932400324013240232403324043240532406324073240832409324103241132412324133241432415324163241732418324193242032421324223242332424324253242632427324283242932430324313243232433324343243532436324373243832439324403244132442324433244432445324463244732448324493245032451324523245332454324553245632457324583245932460324613246232463324643246532466324673246832469324703247132472324733247432475324763247732478324793248032481324823248332484324853248632487324883248932490324913249232493324943249532496324973249832499325003250132502325033250432505325063250732508325093251032511325123251332514325153251632517325183251932520325213252232523325243252532526325273252832529325303253132532325333253432535325363253732538325393254032541325423254332544325453254632547325483254932550325513255232553325543255532556325573255832559325603256132562325633256432565325663256732568325693257032571325723257332574325753257632577325783257932580325813258232583325843258532586325873258832589325903259132592325933259432595325963259732598325993260032601326023260332604326053260632607326083260932610326113261232613326143261532616326173261832619326203262132622326233262432625326263262732628326293263032631326323263332634326353263632637326383263932640326413264232643326443264532646326473264832649326503265132652326533265432655326563265732658326593266032661326623266332664326653266632667326683266932670326713267232673326743267532676326773267832679326803268132682326833268432685326863268732688326893269032691326923269332694326953269632697326983269932700327013270232703327043270532706327073270832709327103271132712327133271432715327163271732718327193272032721327223272332724327253272632727327283272932730327313273232733327343273532736327373273832739327403274132742327433274432745327463274732748327493275032751327523275332754327553275632757327583275932760327613276232763327643276532766327673276832769327703277132772327733277432775327763277732778327793278032781327823278332784327853278632787327883278932790327913279232793327943279532796327973279832799328003280132802328033280432805328063280732808328093281032811328123281332814328153281632817328183281932820328213282232823328243282532826328273282832829328303283132832328333283432835328363283732838328393284032841328423284332844328453284632847328483284932850328513285232853328543285532856328573285832859328603286132862328633286432865328663286732868328693287032871328723287332874328753287632877328783287932880328813288232883328843288532886328873288832889328903289132892328933289432895328963289732898328993290032901329023290332904329053290632907329083290932910329113291232913329143291532916329173291832919329203292132922329233292432925329263292732928329293293032931329323293332934329353293632937329383293932940329413294232943329443294532946329473294832949329503295132952329533295432955329563295732958329593296032961329623296332964329653296632967329683296932970329713297232973329743297532976329773297832979329803298132982329833298432985329863298732988329893299032991329923299332994329953299632997329983299933000330013300233003330043300533006330073300833009330103301133012330133301433015330163301733018330193302033021330223302333024330253302633027330283302933030330313303233033330343303533036330373303833039330403304133042330433304433045330463304733048330493305033051330523305333054330553305633057330583305933060330613306233063330643306533066330673306833069330703307133072330733307433075330763307733078330793308033081330823308333084330853308633087330883308933090330913309233093330943309533096330973309833099331003310133102331033310433105331063310733108331093311033111331123311333114331153311633117331183311933120331213312233123331243312533126331273312833129331303313133132331333313433135331363313733138331393314033141331423314333144331453314633147331483314933150331513315233153331543315533156331573315833159331603316133162331633316433165331663316733168331693317033171331723317333174331753317633177331783317933180331813318233183331843318533186331873318833189331903319133192331933319433195331963319733198331993320033201332023320333204332053320633207332083320933210332113321233213332143321533216332173321833219332203322133222332233322433225332263322733228332293323033231332323323333234332353323633237332383323933240332413324233243332443324533246332473324833249332503325133252332533325433255332563325733258332593326033261332623326333264332653326633267332683326933270332713327233273332743327533276332773327833279332803328133282332833328433285332863328733288332893329033291332923329333294332953329633297332983329933300333013330233303333043330533306333073330833309333103331133312333133331433315333163331733318333193332033321333223332333324333253332633327333283332933330333313333233333333343333533336333373333833339333403334133342333433334433345333463334733348333493335033351333523335333354333553335633357333583335933360333613336233363333643336533366333673336833369333703337133372333733337433375333763337733378333793338033381333823338333384333853338633387333883338933390333913339233393333943339533396333973339833399334003340133402334033340433405334063340733408334093341033411334123341333414334153341633417334183341933420334213342233423334243342533426334273342833429334303343133432334333343433435334363343733438334393344033441334423344333444334453344633447334483344933450334513345233453334543345533456334573345833459334603346133462334633346433465334663346733468334693347033471334723347333474334753347633477334783347933480334813348233483334843348533486334873348833489334903349133492334933349433495334963349733498334993350033501335023350333504335053350633507335083350933510335113351233513335143351533516335173351833519335203352133522335233352433525335263352733528335293353033531335323353333534335353353633537335383353933540335413354233543335443354533546335473354833549335503355133552335533355433555335563355733558335593356033561335623356333564335653356633567335683356933570335713357233573335743357533576335773357833579335803358133582335833358433585335863358733588335893359033591335923359333594335953359633597335983359933600336013360233603336043360533606336073360833609336103361133612336133361433615336163361733618336193362033621336223362333624336253362633627336283362933630336313363233633336343363533636336373363833639336403364133642336433364433645336463364733648336493365033651336523365333654336553365633657336583365933660336613366233663336643366533666336673366833669336703367133672336733367433675336763367733678336793368033681336823368333684336853368633687336883368933690336913369233693336943369533696336973369833699337003370133702337033370433705337063370733708337093371033711337123371333714337153371633717337183371933720337213372233723337243372533726337273372833729337303373133732337333373433735337363373733738337393374033741337423374333744337453374633747337483374933750337513375233753337543375533756337573375833759337603376133762337633376433765337663376733768337693377033771337723377333774337753377633777337783377933780337813378233783337843378533786337873378833789337903379133792337933379433795337963379733798337993380033801338023380333804338053380633807338083380933810338113381233813338143381533816338173381833819338203382133822338233382433825338263382733828338293383033831338323383333834338353383633837338383383933840338413384233843338443384533846338473384833849338503385133852338533385433855338563385733858338593386033861338623386333864338653386633867338683386933870338713387233873338743387533876338773387833879338803388133882338833388433885338863388733888338893389033891338923389333894338953389633897338983389933900339013390233903339043390533906339073390833909339103391133912339133391433915339163391733918339193392033921339223392333924339253392633927339283392933930339313393233933339343393533936339373393833939339403394133942339433394433945339463394733948339493395033951339523395333954339553395633957339583395933960339613396233963339643396533966339673396833969339703397133972339733397433975339763397733978339793398033981339823398333984339853398633987339883398933990339913399233993339943399533996339973399833999340003400134002340033400434005340063400734008340093401034011340123401334014340153401634017340183401934020340213402234023340243402534026340273402834029340303403134032340333403434035340363403734038340393404034041340423404334044340453404634047340483404934050340513405234053340543405534056340573405834059340603406134062340633406434065340663406734068340693407034071340723407334074340753407634077340783407934080340813408234083340843408534086340873408834089340903409134092340933409434095340963409734098340993410034101341023410334104341053410634107341083410934110341113411234113341143411534116341173411834119341203412134122341233412434125341263412734128341293413034131341323413334134341353413634137341383413934140341413414234143341443414534146341473414834149341503415134152341533415434155341563415734158341593416034161341623416334164341653416634167341683416934170341713417234173341743417534176341773417834179341803418134182341833418434185341863418734188341893419034191341923419334194341953419634197341983419934200342013420234203342043420534206342073420834209342103421134212342133421434215342163421734218342193422034221342223422334224342253422634227342283422934230342313423234233342343423534236342373423834239342403424134242342433424434245342463424734248342493425034251342523425334254342553425634257342583425934260342613426234263342643426534266342673426834269342703427134272342733427434275342763427734278342793428034281342823428334284342853428634287342883428934290342913429234293342943429534296342973429834299343003430134302343033430434305343063430734308343093431034311343123431334314343153431634317343183431934320343213432234323343243432534326343273432834329343303433134332343333433434335343363433734338343393434034341343423434334344343453434634347343483434934350343513435234353343543435534356343573435834359343603436134362343633436434365343663436734368343693437034371343723437334374343753437634377343783437934380343813438234383343843438534386343873438834389343903439134392343933439434395343963439734398343993440034401344023440334404344053440634407344083440934410344113441234413344143441534416344173441834419344203442134422344233442434425344263442734428344293443034431344323443334434344353443634437344383443934440344413444234443344443444534446344473444834449344503445134452344533445434455344563445734458344593446034461344623446334464344653446634467344683446934470344713447234473344743447534476344773447834479344803448134482344833448434485344863448734488344893449034491344923449334494344953449634497344983449934500345013450234503345043450534506345073450834509345103451134512345133451434515345163451734518345193452034521345223452334524345253452634527345283452934530345313453234533345343453534536345373453834539345403454134542345433454434545345463454734548345493455034551345523455334554345553455634557345583455934560345613456234563345643456534566345673456834569345703457134572345733457434575345763457734578345793458034581345823458334584345853458634587345883458934590345913459234593345943459534596345973459834599346003460134602346033460434605346063460734608346093461034611346123461334614346153461634617346183461934620346213462234623346243462534626346273462834629346303463134632346333463434635346363463734638346393464034641346423464334644346453464634647346483464934650346513465234653346543465534656346573465834659346603466134662346633466434665346663466734668346693467034671346723467334674346753467634677346783467934680346813468234683346843468534686346873468834689346903469134692346933469434695346963469734698346993470034701347023470334704347053470634707347083470934710347113471234713347143471534716347173471834719347203472134722347233472434725347263472734728347293473034731347323473334734347353473634737347383473934740347413474234743347443474534746347473474834749347503475134752347533475434755347563475734758347593476034761347623476334764347653476634767347683476934770347713477234773347743477534776347773477834779347803478134782347833478434785347863478734788347893479034791347923479334794347953479634797347983479934800348013480234803348043480534806348073480834809348103481134812348133481434815348163481734818348193482034821348223482334824348253482634827348283482934830348313483234833348343483534836348373483834839348403484134842348433484434845348463484734848348493485034851348523485334854348553485634857348583485934860348613486234863348643486534866348673486834869348703487134872348733487434875348763487734878348793488034881348823488334884348853488634887348883488934890348913489234893348943489534896348973489834899349003490134902349033490434905349063490734908349093491034911349123491334914349153491634917349183491934920349213492234923349243492534926349273492834929349303493134932349333493434935349363493734938349393494034941349423494334944349453494634947349483494934950349513495234953349543495534956349573495834959349603496134962349633496434965349663496734968349693497034971349723497334974349753497634977349783497934980349813498234983349843498534986349873498834989349903499134992349933499434995349963499734998349993500035001350023500335004350053500635007350083500935010350113501235013350143501535016350173501835019350203502135022350233502435025350263502735028350293503035031350323503335034350353503635037350383503935040350413504235043350443504535046350473504835049350503505135052350533505435055350563505735058350593506035061350623506335064350653506635067350683506935070350713507235073350743507535076350773507835079350803508135082350833508435085350863508735088350893509035091350923509335094350953509635097350983509935100351013510235103351043510535106351073510835109351103511135112351133511435115351163511735118351193512035121351223512335124351253512635127351283512935130351313513235133351343513535136351373513835139351403514135142351433514435145351463514735148351493515035151351523515335154351553515635157351583515935160351613516235163351643516535166351673516835169351703517135172351733517435175351763517735178351793518035181351823518335184351853518635187351883518935190351913519235193351943519535196351973519835199352003520135202352033520435205352063520735208352093521035211352123521335214352153521635217352183521935220352213522235223352243522535226352273522835229352303523135232352333523435235352363523735238352393524035241352423524335244352453524635247352483524935250352513525235253352543525535256352573525835259352603526135262352633526435265352663526735268352693527035271352723527335274352753527635277352783527935280352813528235283352843528535286352873528835289352903529135292352933529435295352963529735298352993530035301353023530335304353053530635307353083530935310353113531235313353143531535316353173531835319353203532135322353233532435325353263532735328353293533035331353323533335334353353533635337353383533935340353413534235343353443534535346353473534835349353503535135352353533535435355353563535735358353593536035361353623536335364353653536635367353683536935370353713537235373353743537535376353773537835379353803538135382353833538435385353863538735388353893539035391353923539335394353953539635397353983539935400354013540235403354043540535406354073540835409354103541135412354133541435415354163541735418354193542035421354223542335424354253542635427354283542935430354313543235433354343543535436354373543835439354403544135442354433544435445354463544735448354493545035451354523545335454354553545635457354583545935460354613546235463354643546535466354673546835469354703547135472354733547435475354763547735478354793548035481354823548335484354853548635487354883548935490354913549235493354943549535496354973549835499355003550135502355033550435505355063550735508355093551035511355123551335514355153551635517355183551935520355213552235523355243552535526355273552835529355303553135532355333553435535355363553735538355393554035541355423554335544355453554635547355483554935550355513555235553355543555535556355573555835559355603556135562355633556435565355663556735568355693557035571355723557335574355753557635577355783557935580355813558235583355843558535586355873558835589355903559135592355933559435595355963559735598355993560035601356023560335604356053560635607356083560935610356113561235613356143561535616356173561835619356203562135622356233562435625356263562735628356293563035631356323563335634356353563635637356383563935640356413564235643356443564535646356473564835649356503565135652356533565435655356563565735658356593566035661356623566335664356653566635667356683566935670356713567235673356743567535676356773567835679356803568135682356833568435685356863568735688356893569035691356923569335694356953569635697356983569935700357013570235703357043570535706357073570835709357103571135712357133571435715357163571735718357193572035721357223572335724357253572635727357283572935730357313573235733357343573535736357373573835739357403574135742357433574435745357463574735748357493575035751357523575335754357553575635757357583575935760357613576235763357643576535766357673576835769357703577135772357733577435775357763577735778357793578035781357823578335784357853578635787357883578935790357913579235793357943579535796357973579835799358003580135802358033580435805358063580735808358093581035811358123581335814358153581635817358183581935820358213582235823358243582535826358273582835829358303583135832358333583435835358363583735838358393584035841358423584335844358453584635847358483584935850358513585235853358543585535856358573585835859358603586135862358633586435865358663586735868358693587035871358723587335874358753587635877358783587935880358813588235883358843588535886358873588835889358903589135892358933589435895358963589735898358993590035901359023590335904359053590635907359083590935910359113591235913359143591535916359173591835919359203592135922359233592435925359263592735928359293593035931359323593335934359353593635937359383593935940359413594235943359443594535946359473594835949359503595135952359533595435955359563595735958359593596035961359623596335964359653596635967359683596935970359713597235973359743597535976359773597835979359803598135982359833598435985359863598735988359893599035991359923599335994359953599635997359983599936000360013600236003360043600536006360073600836009360103601136012360133601436015360163601736018360193602036021360223602336024360253602636027360283602936030360313603236033360343603536036360373603836039360403604136042360433604436045360463604736048360493605036051360523605336054360553605636057360583605936060360613606236063360643606536066360673606836069360703607136072360733607436075360763607736078360793608036081360823608336084360853608636087360883608936090360913609236093360943609536096360973609836099361003610136102361033610436105361063610736108361093611036111361123611336114361153611636117361183611936120361213612236123361243612536126361273612836129361303613136132361333613436135361363613736138361393614036141361423614336144361453614636147361483614936150361513615236153361543615536156361573615836159361603616136162361633616436165361663616736168361693617036171361723617336174361753617636177361783617936180361813618236183361843618536186361873618836189361903619136192361933619436195361963619736198361993620036201362023620336204362053620636207362083620936210362113621236213362143621536216362173621836219362203622136222362233622436225362263622736228362293623036231362323623336234362353623636237362383623936240362413624236243362443624536246362473624836249362503625136252362533625436255362563625736258362593626036261362623626336264362653626636267362683626936270362713627236273362743627536276362773627836279362803628136282362833628436285362863628736288362893629036291362923629336294362953629636297362983629936300363013630236303363043630536306363073630836309363103631136312363133631436315363163631736318363193632036321363223632336324363253632636327363283632936330363313633236333363343633536336363373633836339363403634136342363433634436345363463634736348363493635036351363523635336354363553635636357363583635936360363613636236363363643636536366363673636836369363703637136372363733637436375363763637736378363793638036381363823638336384363853638636387363883638936390363913639236393363943639536396363973639836399364003640136402364033640436405364063640736408364093641036411364123641336414364153641636417364183641936420364213642236423364243642536426364273642836429364303643136432364333643436435364363643736438364393644036441364423644336444364453644636447364483644936450364513645236453364543645536456364573645836459364603646136462364633646436465364663646736468364693647036471364723647336474364753647636477364783647936480364813648236483364843648536486364873648836489364903649136492364933649436495364963649736498364993650036501365023650336504365053650636507365083650936510365113651236513365143651536516365173651836519365203652136522365233652436525365263652736528365293653036531365323653336534365353653636537365383653936540365413654236543365443654536546365473654836549365503655136552365533655436555365563655736558365593656036561365623656336564365653656636567365683656936570365713657236573365743657536576365773657836579365803658136582365833658436585365863658736588365893659036591365923659336594365953659636597365983659936600366013660236603366043660536606366073660836609366103661136612366133661436615366163661736618366193662036621366223662336624366253662636627366283662936630366313663236633366343663536636366373663836639366403664136642366433664436645366463664736648366493665036651366523665336654366553665636657366583665936660366613666236663366643666536666366673666836669366703667136672366733667436675366763667736678366793668036681366823668336684366853668636687366883668936690366913669236693366943669536696366973669836699367003670136702367033670436705367063670736708367093671036711367123671336714367153671636717367183671936720367213672236723367243672536726367273672836729367303673136732367333673436735367363673736738367393674036741367423674336744367453674636747367483674936750367513675236753367543675536756367573675836759367603676136762367633676436765367663676736768367693677036771367723677336774367753677636777367783677936780367813678236783367843678536786367873678836789367903679136792367933679436795367963679736798367993680036801368023680336804368053680636807368083680936810368113681236813368143681536816368173681836819368203682136822368233682436825368263682736828368293683036831368323683336834368353683636837368383683936840368413684236843368443684536846368473684836849368503685136852368533685436855368563685736858368593686036861368623686336864368653686636867368683686936870368713687236873368743687536876368773687836879368803688136882368833688436885368863688736888368893689036891368923689336894368953689636897368983689936900369013690236903369043690536906369073690836909369103691136912369133691436915369163691736918369193692036921369223692336924369253692636927369283692936930369313693236933369343693536936 |
- /* test.c
- *
- * Copyright (C) 2006-2021 wolfSSL Inc.
- *
- * This file is part of wolfSSL.
- *
- * wolfSSL is free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License as published by
- * the Free Software Foundation; either version 2 of the License, or
- * (at your option) any later version.
- *
- * wolfSSL is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
- * along with this program; if not, write to the Free Software
- * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
- */
- #ifdef HAVE_CONFIG_H
- #include <config.h>
- #endif
- #ifndef WOLFSSL_USER_SETTINGS
- #include <wolfssl/options.h>
- #endif
- #include <wolfssl/wolfcrypt/settings.h>
- #include <wolfssl/version.h>
- #include <wolfssl/wolfcrypt/wc_port.h>
- #ifndef NO_CRYPT_TEST
- #if defined(HAVE_STACK_SIZE) && !defined(HAVE_WOLFCRYPT_TEST_OPTIONS)
- #define HAVE_WOLFCRYPT_TEST_OPTIONS
- #endif
- #ifdef HAVE_WOLFCRYPT_TEST_OPTIONS
- #include <wolfssl/ssl.h>
- #define err_sys err_sys_remap /* remap err_sys */
- #include <wolfssl/test.h>
- #undef err_sys
- #endif
- #if defined(WC_ECC_NONBLOCK) && defined(WOLFSSL_PUBLIC_MP) && \
- defined(HAVE_ECC_SIGN) && defined(HAVE_ECC_VERIFY)
- #include <stdint.h>
- #endif
- #if defined(HAVE_STACK_SIZE_VERBOSE)
- #ifdef WOLFSSL_TEST_MAX_RELATIVE_STACK_BYTES
- static ssize_t max_relative_stack = WOLFSSL_TEST_MAX_RELATIVE_STACK_BYTES;
- #else
- static ssize_t max_relative_stack = -1;
- #endif
- #else
- #define STACK_SIZE_CHECKPOINT_WITH_MAX_CHECK(max, ...) (__VA_ARGS__, 0)
- #define STACK_SIZE_INIT()
- #endif
- #ifdef WOLFSSL_TRACK_MEMORY_VERBOSE
- #ifdef WOLFSSL_TEST_MAX_RELATIVE_HEAP_ALLOCS
- static ssize_t max_relative_heap_allocs = WOLFSSL_TEST_MAX_RELATIVE_HEAP_ALLOCS;
- #else
- static ssize_t max_relative_heap_allocs = -1;
- #endif
- #ifdef WOLFSSL_TEST_MAX_RELATIVE_HEAP_BYTES
- static ssize_t max_relative_heap_bytes = WOLFSSL_TEST_MAX_RELATIVE_HEAP_BYTES;
- #else
- static ssize_t max_relative_heap_bytes = -1;
- #endif
- #define PRINT_HEAP_CHECKPOINT() { \
- const ssize_t _rha = wolfCrypt_heap_peakAllocs_checkpoint() - heap_baselineAllocs; \
- const ssize_t _rhb = wolfCrypt_heap_peakBytes_checkpoint() - heap_baselineBytes; \
- printf(" relative heap peak usage: %ld alloc%s, %ld bytes\n", \
- _rha, \
- _rha == 1 ? "" : "s", \
- _rhb); \
- if ((max_relative_heap_allocs > 0) && (_rha > max_relative_heap_allocs)) \
- return err_sys("heap allocs exceed designated max.", -1); \
- if ((max_relative_heap_bytes > 0) && (_rhb > max_relative_heap_bytes)) \
- return err_sys("heap bytes exceed designated max.", -1); \
- heap_baselineAllocs = wolfCrypt_heap_peakAllocs_checkpoint(); \
- heap_baselineBytes = wolfCrypt_heap_peakBytes_checkpoint(); \
- }
- #else
- #define PRINT_HEAP_CHECKPOINT()
- #endif
- #ifdef __GNUC__
- _Pragma("GCC diagnostic ignored \"-Wunused-function\"");
- #endif
- #ifdef USE_FLAT_TEST_H
- #ifdef HAVE_CONFIG_H
- #include "test_paths.h"
- #endif
- #include "test.h"
- #else
- #ifdef HAVE_CONFIG_H
- #include "wolfcrypt/test/test_paths.h"
- #endif
- #include "wolfcrypt/test/test.h"
- #endif
- /* printf mappings */
- #if defined(FREESCALE_MQX) || defined(FREESCALE_KSDK_MQX)
- #include <mqx.h>
- #include <stdlib.h>
- /* see wc_port.h for fio.h and nio.h includes */
- #elif defined(FREESCALE_KSDK_BM)
- #include "fsl_debug_console.h"
- #undef printf
- #define printf PRINTF
- #elif defined(WOLFSSL_APACHE_MYNEWT)
- #include <assert.h>
- #include <string.h>
- #include "sysinit/sysinit.h"
- #include "os/os.h"
- #ifdef ARCH_sim
- #include "mcu/mcu_sim.h"
- #endif
- #include "os/os_time.h"
- #elif defined(WOLFSSL_ESPIDF)
- #include <time.h>
- #include <sys/time.h>
- #elif defined(WOLFSSL_ZEPHYR)
- #include <stdio.h>
- #define printf printk
- #elif defined(MICRIUM)
- #include <os.h>
- #if (OS_VERSION < 50000)
- #include <bsp_ser.h>
- void BSP_Ser_Printf (CPU_CHAR* format, ...);
- #undef printf
- #define printf BSP_Ser_Printf
- #else
- #include <stdio.h>
- #endif
- #elif defined(WOLFSSL_PB)
- #include <stdarg.h>
- int wolfssl_pb_print(const char*, ...);
- #undef printf
- #define printf wolfssl_pb_print
- #elif defined(WOLFSSL_TELIT_M2MB)
- #include "wolfssl/wolfcrypt/wc_port.h" /* for m2mb headers */
- #include "m2m_log.h" /* for M2M_LOG_INFO - not standard API */
- /* remap printf */
- #undef printf
- #define printf M2M_LOG_INFO
- /* OS requires occasional sleep() */
- #ifndef TEST_SLEEP_MS
- #define TEST_SLEEP_MS 50
- #endif
- #define TEST_SLEEP() m2mb_os_taskSleep(M2MB_OS_MS2TICKS(TEST_SLEEP_MS))
- /* don't use file system for these tests, since ./certs dir isn't loaded */
- #undef NO_FILESYSTEM
- #define NO_FILESYSTEM
- #elif defined(THREADX) && !defined(WOLFSSL_WICED) && !defined(THREADX_NO_DC_PRINTF)
- /* since just testing, use THREADX log printf instead */
- int dc_log_printf(char*, ...);
- #undef printf
- #define printf dc_log_printf
- #elif defined(ANDROID)
- #ifdef XMALLOC_USER
- #include <stdlib.h> /* we're using malloc / free direct here */
- #endif
- #ifndef STRING_USER
- #include <stdio.h>
- #endif
- #include <android/log.h>
- #define printf(...) \
- __android_log_print(ANDROID_LOG_DEBUG, "TAG", __VA_ARGS__)
- #define fprintf(fp, ...) \
- __android_log_print(ANDROID_LOG_DEBUG, "TAG", __VA_ARGS__)
- #else
- #ifdef XMALLOC_USER
- #include <stdlib.h> /* we're using malloc / free direct here */
- #endif
- #if !defined(STRING_USER) && !defined(WOLFSSL_LINUXKM)
- #include <stdio.h>
- #endif
- #if defined(WOLFSSL_LINUXKM) && !defined(DEBUG_WOLFSSL_VERBOSE)
- #undef printf
- #define printf(...) ({})
- #endif
- /* enable way for customer to override test/bench printf */
- #ifdef XPRINTF
- #undef printf
- #define printf XPRINTF
- #endif
- #endif
- #include <wolfssl/wolfcrypt/memory.h>
- #include <wolfssl/wolfcrypt/wc_port.h>
- #include <wolfssl/wolfcrypt/logging.h>
- #include <wolfssl/wolfcrypt/types.h>
- #include <wolfssl/wolfcrypt/asn.h>
- #include <wolfssl/wolfcrypt/md2.h>
- #include <wolfssl/wolfcrypt/md5.h>
- #include <wolfssl/wolfcrypt/md4.h>
- #include <wolfssl/wolfcrypt/sha.h>
- #include <wolfssl/wolfcrypt/sha256.h>
- #include <wolfssl/wolfcrypt/sha512.h>
- #include <wolfssl/wolfcrypt/rc2.h>
- #include <wolfssl/wolfcrypt/arc4.h>
- #if defined(WC_NO_RNG)
- #include <wolfssl/wolfcrypt/integer.h>
- #else
- #include <wolfssl/wolfcrypt/random.h>
- #endif
- #include <wolfssl/wolfcrypt/coding.h>
- #include <wolfssl/wolfcrypt/signature.h>
- #include <wolfssl/wolfcrypt/rsa.h>
- #include <wolfssl/wolfcrypt/des3.h>
- #include <wolfssl/wolfcrypt/aes.h>
- #include <wolfssl/wolfcrypt/wc_encrypt.h>
- #include <wolfssl/wolfcrypt/cmac.h>
- #include <wolfssl/wolfcrypt/poly1305.h>
- #include <wolfssl/wolfcrypt/camellia.h>
- #include <wolfssl/wolfcrypt/hmac.h>
- #include <wolfssl/wolfcrypt/dh.h>
- #include <wolfssl/wolfcrypt/dsa.h>
- #include <wolfssl/wolfcrypt/srp.h>
- #include <wolfssl/wolfcrypt/idea.h>
- #include <wolfssl/wolfcrypt/hc128.h>
- #include <wolfssl/wolfcrypt/rabbit.h>
- #include <wolfssl/wolfcrypt/chacha.h>
- #include <wolfssl/wolfcrypt/chacha20_poly1305.h>
- #include <wolfssl/wolfcrypt/pwdbased.h>
- #include <wolfssl/wolfcrypt/ripemd.h>
- #include <wolfssl/wolfcrypt/error-crypt.h>
- #ifdef HAVE_ECC
- #include <wolfssl/wolfcrypt/ecc.h>
- #endif
- #ifdef HAVE_CURVE25519
- #include <wolfssl/wolfcrypt/curve25519.h>
- #endif
- #ifdef HAVE_ED25519
- #include <wolfssl/wolfcrypt/ed25519.h>
- #endif
- #ifdef HAVE_CURVE448
- #include <wolfssl/wolfcrypt/curve448.h>
- #endif
- #ifdef HAVE_ED448
- #include <wolfssl/wolfcrypt/ed448.h>
- #endif
- #ifdef WOLFCRYPT_HAVE_ECCSI
- #include <wolfssl/wolfcrypt/eccsi.h>
- #endif
- #ifdef WOLFCRYPT_HAVE_SAKKE
- #include <wolfssl/wolfcrypt/sakke.h>
- #endif
- #if defined(HAVE_BLAKE2) || defined(HAVE_BLAKE2S)
- #include <wolfssl/wolfcrypt/blake2.h>
- #endif
- #ifdef WOLFSSL_SHA3
- #include <wolfssl/wolfcrypt/sha3.h>
- #endif
- #ifdef HAVE_LIBZ
- #include <wolfssl/wolfcrypt/compress.h>
- #endif
- #ifdef HAVE_PKCS7
- #include <wolfssl/wolfcrypt/pkcs7.h>
- #endif
- #ifdef HAVE_FIPS
- #include <wolfssl/wolfcrypt/fips_test.h>
- #endif
- #ifdef HAVE_SELFTEST
- #include <wolfssl/wolfcrypt/selftest.h>
- #endif
- #ifdef WOLFSSL_ASYNC_CRYPT
- #include <wolfssl/wolfcrypt/async.h>
- #endif
- #if defined(OPENSSL_EXTRA) || defined(DEBUG_WOLFSSL_VERBOSE)
- #include <wolfssl/wolfcrypt/logging.h>
- #endif
- #ifdef WOLFSSL_IMX6_CAAM_BLOB
- #include <wolfssl/wolfcrypt/port/caam/wolfcaam.h>
- #endif
- #ifdef WOLF_CRYPTO_CB
- #include <wolfssl/wolfcrypt/cryptocb.h>
- #ifdef HAVE_INTEL_QA_SYNC
- #include <wolfssl/wolfcrypt/port/intel/quickassist_sync.h>
- #endif
- #ifdef HAVE_CAVIUM_OCTEON_SYNC
- #include <wolfssl/wolfcrypt/port/cavium/cavium_octeon_sync.h>
- #endif
- #endif
- #ifdef _MSC_VER
- /* 4996 warning to use MS extensions e.g., strcpy_s instead of strncpy */
- #pragma warning(disable: 4996)
- #endif
- #ifdef OPENSSL_EXTRA
- #ifndef WOLFCRYPT_ONLY
- #include <wolfssl/openssl/evp.h>
- #endif
- #include <wolfssl/openssl/rand.h>
- #include <wolfssl/openssl/hmac.h>
- #include <wolfssl/openssl/aes.h>
- #include <wolfssl/openssl/des.h>
- #endif
- #if defined(NO_FILESYSTEM) || defined(WC_NO_RNG)
- #if !defined(USE_CERT_BUFFERS_1024) && !defined(USE_CERT_BUFFERS_2048) && \
- !defined(USE_CERT_BUFFERS_3072) && !defined(USE_CERT_BUFFERS_4096)
- #define USE_CERT_BUFFERS_2048
- #endif
- #if !defined(USE_CERT_BUFFERS_256)
- #define USE_CERT_BUFFERS_256
- #endif
- #endif
- #if defined(WOLFSSL_CERT_GEN) && (defined(HAVE_ECC384) || defined(HAVE_ALL_CURVES))
- #define ENABLE_ECC384_CERT_GEN_TEST
- #endif
- #include <wolfssl/certs_test.h>
- #ifdef HAVE_NTRU
- #include "libntruencrypt/ntru_crypto.h"
- #endif
- #ifdef WOLFSSL_STATIC_MEMORY
- static WOLFSSL_HEAP_HINT* HEAP_HINT;
- #else
- #define HEAP_HINT NULL
- #endif /* WOLFSSL_STATIC_MEMORY */
- /* these cases do not have intermediate hashing support */
- #if (defined(WOLFSSL_AFALG_XILINX_SHA3) && !defined(WOLFSSL_AFALG_HASH_KEEP)) \
- && !defined(WOLFSSL_XILINX_CRYPT)
- #define NO_INTM_HASH_TEST
- #endif
- #if defined(WOLFSSL_CERT_GEN) && defined(WOLFSSL_MULTI_ATTRIB)
- static void initDefaultName(void);
- #endif
- /* for async devices */
- #ifdef WOLFSSL_QNX_CAAM
- static int devId = WOLFSSL_CAAM_DEVID;
- #else
- static int devId = INVALID_DEVID;
- #endif
- #ifdef HAVE_WNR
- const char* wnrConfigFile = "wnr-example.conf";
- #endif
- #define TEST_STRING "Everyone gets Friday off."
- #define TEST_STRING_SZ 25
- typedef struct testVector {
- const char* input;
- const char* output;
- size_t inLen;
- size_t outLen;
- } testVector;
- #ifndef WOLFSSL_TEST_SUBROUTINE
- #define WOLFSSL_TEST_SUBROUTINE
- #endif
- WOLFSSL_TEST_SUBROUTINE int error_test(void);
- WOLFSSL_TEST_SUBROUTINE int base64_test(void);
- WOLFSSL_TEST_SUBROUTINE int base16_test(void);
- WOLFSSL_TEST_SUBROUTINE int asn_test(void);
- WOLFSSL_TEST_SUBROUTINE int md2_test(void);
- WOLFSSL_TEST_SUBROUTINE int md5_test(void);
- WOLFSSL_TEST_SUBROUTINE int md4_test(void);
- WOLFSSL_TEST_SUBROUTINE int sha_test(void);
- WOLFSSL_TEST_SUBROUTINE int sha224_test(void);
- WOLFSSL_TEST_SUBROUTINE int sha256_test(void);
- WOLFSSL_TEST_SUBROUTINE int sha512_test(void);
- WOLFSSL_TEST_SUBROUTINE int sha384_test(void);
- WOLFSSL_TEST_SUBROUTINE int sha3_test(void);
- WOLFSSL_TEST_SUBROUTINE int shake256_test(void);
- WOLFSSL_TEST_SUBROUTINE int hash_test(void);
- WOLFSSL_TEST_SUBROUTINE int hmac_md5_test(void);
- WOLFSSL_TEST_SUBROUTINE int hmac_sha_test(void);
- WOLFSSL_TEST_SUBROUTINE int hmac_sha224_test(void);
- WOLFSSL_TEST_SUBROUTINE int hmac_sha256_test(void);
- WOLFSSL_TEST_SUBROUTINE int hmac_sha384_test(void);
- WOLFSSL_TEST_SUBROUTINE int hmac_sha512_test(void);
- WOLFSSL_TEST_SUBROUTINE int hmac_sha3_test(void);
- /* WOLFSSL_TEST_SUBROUTINE */ static int hkdf_test(void);
- WOLFSSL_TEST_SUBROUTINE int x963kdf_test(void);
- WOLFSSL_TEST_SUBROUTINE int arc4_test(void);
- WOLFSSL_TEST_SUBROUTINE int rc2_test(void);
- WOLFSSL_TEST_SUBROUTINE int hc128_test(void);
- WOLFSSL_TEST_SUBROUTINE int rabbit_test(void);
- WOLFSSL_TEST_SUBROUTINE int chacha_test(void);
- WOLFSSL_TEST_SUBROUTINE int XChaCha_test(void);
- WOLFSSL_TEST_SUBROUTINE int chacha20_poly1305_aead_test(void);
- WOLFSSL_TEST_SUBROUTINE int XChaCha20Poly1305_test(void);
- WOLFSSL_TEST_SUBROUTINE int des_test(void);
- WOLFSSL_TEST_SUBROUTINE int des3_test(void);
- WOLFSSL_TEST_SUBROUTINE int aes_test(void);
- WOLFSSL_TEST_SUBROUTINE int aes192_test(void);
- WOLFSSL_TEST_SUBROUTINE int aes256_test(void);
- WOLFSSL_TEST_SUBROUTINE int aesofb_test(void);
- WOLFSSL_TEST_SUBROUTINE int cmac_test(void);
- WOLFSSL_TEST_SUBROUTINE int poly1305_test(void);
- WOLFSSL_TEST_SUBROUTINE int aesgcm_test(void);
- WOLFSSL_TEST_SUBROUTINE int aesgcm_default_test(void);
- WOLFSSL_TEST_SUBROUTINE int gmac_test(void);
- WOLFSSL_TEST_SUBROUTINE int aesccm_test(void);
- WOLFSSL_TEST_SUBROUTINE int aeskeywrap_test(void);
- WOLFSSL_TEST_SUBROUTINE int camellia_test(void);
- WOLFSSL_TEST_SUBROUTINE int rsa_no_pad_test(void);
- WOLFSSL_TEST_SUBROUTINE int rsa_test(void);
- WOLFSSL_TEST_SUBROUTINE int dh_test(void);
- WOLFSSL_TEST_SUBROUTINE int dsa_test(void);
- WOLFSSL_TEST_SUBROUTINE int srp_test(void);
- #ifndef WC_NO_RNG
- WOLFSSL_TEST_SUBROUTINE int random_test(void);
- #endif /* WC_NO_RNG */
- WOLFSSL_TEST_SUBROUTINE int pwdbased_test(void);
- WOLFSSL_TEST_SUBROUTINE int ripemd_test(void);
- #if defined(OPENSSL_EXTRA) && !defined(WOLFCRYPT_ONLY)
- WOLFSSL_TEST_SUBROUTINE int openssl_test(void); /* test mini api */
- WOLFSSL_TEST_SUBROUTINE int openssl_pkey0_test(void);
- WOLFSSL_TEST_SUBROUTINE int openssl_pkey1_test(void);
- WOLFSSL_TEST_SUBROUTINE int openSSL_evpMD_test(void);
- WOLFSSL_TEST_SUBROUTINE int openssl_evpSig_test(void);
- #endif
- WOLFSSL_TEST_SUBROUTINE int pbkdf1_test(void);
- WOLFSSL_TEST_SUBROUTINE int pkcs12_test(void);
- WOLFSSL_TEST_SUBROUTINE int pbkdf2_test(void);
- WOLFSSL_TEST_SUBROUTINE int scrypt_test(void);
- #ifdef HAVE_ECC
- WOLFSSL_TEST_SUBROUTINE int ecc_test(void);
- #ifdef HAVE_ECC_ENCRYPT
- WOLFSSL_TEST_SUBROUTINE int ecc_encrypt_test(void);
- #endif
- #if defined(USE_CERT_BUFFERS_256) && !defined(WOLFSSL_ATECC508A) && \
- !defined(WOLFSSL_ATECC608A) && !defined(NO_ECC256) && \
- defined(HAVE_ECC_VERIFY) && defined(HAVE_ECC_SIGN)
- /* skip for ATECC508/608A, cannot import private key buffers */
- WOLFSSL_TEST_SUBROUTINE int ecc_test_buffers(void);
- #endif
- #endif
- #ifdef HAVE_CURVE25519
- WOLFSSL_TEST_SUBROUTINE int curve25519_test(void);
- #endif
- #ifdef HAVE_ED25519
- WOLFSSL_TEST_SUBROUTINE int ed25519_test(void);
- #endif
- #ifdef HAVE_CURVE448
- WOLFSSL_TEST_SUBROUTINE int curve448_test(void);
- #endif
- #ifdef HAVE_ED448
- WOLFSSL_TEST_SUBROUTINE int ed448_test(void);
- #endif
- #ifdef WOLFCRYPT_HAVE_ECCSI
- WOLFSSL_TEST_SUBROUTINE int eccsi_test(void);
- #endif
- #ifdef WOLFCRYPT_HAVE_SAKKE
- WOLFSSL_TEST_SUBROUTINE int sakke_test(void);
- #endif
- #ifdef HAVE_BLAKE2
- WOLFSSL_TEST_SUBROUTINE int blake2b_test(void);
- #endif
- #ifdef HAVE_BLAKE2S
- WOLFSSL_TEST_SUBROUTINE int blake2s_test(void);
- #endif
- #ifdef HAVE_LIBZ
- WOLFSSL_TEST_SUBROUTINE int compress_test(void);
- #endif
- #ifdef HAVE_PKCS7
- #ifndef NO_PKCS7_ENCRYPTED_DATA
- WOLFSSL_TEST_SUBROUTINE int pkcs7encrypted_test(void);
- #endif
- #if defined(HAVE_LIBZ) && !defined(NO_PKCS7_COMPRESSED_DATA)
- WOLFSSL_TEST_SUBROUTINE int pkcs7compressed_test(void);
- #endif
- WOLFSSL_TEST_SUBROUTINE int pkcs7signed_test(void);
- WOLFSSL_TEST_SUBROUTINE int pkcs7enveloped_test(void);
- #if defined(HAVE_AESGCM) || defined(HAVE_AESCCM)
- WOLFSSL_TEST_SUBROUTINE int pkcs7authenveloped_test(void);
- #endif
- #ifndef NO_AES
- WOLFSSL_TEST_SUBROUTINE int pkcs7callback_test(byte* cert, word32 certSz, byte* key,
- word32 keySz);
- #endif
- #endif
- #if !defined(NO_ASN_TIME) && !defined(NO_RSA) && defined(WOLFSSL_TEST_CERT) && \
- !defined(NO_FILESYSTEM)
- WOLFSSL_TEST_SUBROUTINE int cert_test(void);
- #endif
- #if defined(WOLFSSL_CERT_EXT) && defined(WOLFSSL_TEST_CERT) && \
- !defined(NO_FILESYSTEM)
- WOLFSSL_TEST_SUBROUTINE int certext_test(void);
- #endif
- #if defined(WOLFSSL_CERT_GEN_CACHE) && defined(WOLFSSL_TEST_CERT) && \
- defined(WOLFSSL_CERT_EXT) && defined(WOLFSSL_CERT_GEN)
- WOLFSSL_TEST_SUBROUTINE int decodedCertCache_test(void);
- #endif
- #ifdef HAVE_IDEA
- WOLFSSL_TEST_SUBROUTINE int idea_test(void);
- #endif
- WOLFSSL_TEST_SUBROUTINE int memory_test(void);
- #ifdef HAVE_VALGRIND
- WOLFSSL_TEST_SUBROUTINE int mp_test(void);
- #endif
- #if defined(WOLFSSL_PUBLIC_MP) && defined(WOLFSSL_KEY_GEN)
- WOLFSSL_TEST_SUBROUTINE int prime_test(void);
- #endif
- #ifdef ASN_BER_TO_DER
- WOLFSSL_TEST_SUBROUTINE int berder_test(void);
- #endif
- WOLFSSL_TEST_SUBROUTINE int logging_test(void);
- WOLFSSL_TEST_SUBROUTINE int mutex_test(void);
- #if defined(USE_WOLFSSL_MEMORY) && !defined(FREERTOS)
- WOLFSSL_TEST_SUBROUTINE int memcb_test(void);
- #endif
- #ifdef WOLFSSL_IMX6_CAAM_BLOB
- WOLFSSL_TEST_SUBROUTINE int blob_test(void);
- #endif
- #ifdef WOLF_CRYPTO_CB
- WOLFSSL_TEST_SUBROUTINE int cryptocb_test(void);
- #endif
- #ifdef WOLFSSL_CERT_PIV
- WOLFSSL_TEST_SUBROUTINE int certpiv_test(void);
- #endif
- /* General big buffer size for many tests. */
- #define FOURK_BUF 4096
- #define ERROR_OUT(err, eLabel) do { ret = (err); goto eLabel; } while (0)
- #ifdef HAVE_STACK_SIZE
- static THREAD_RETURN err_sys(const char* msg, int es)
- #else
- static int err_sys(const char* msg, int es)
- #endif
- {
- (void)msg;
- (void)es;
- #ifdef WOLFSSL_LINUXKM
- lkm_printf("%s error = %d\n", msg, es);
- EXIT_TEST(es);
- #else
- printf("%s error = %d\n", msg, es);
- EXIT_TEST(-1);
- #endif
- }
- #ifndef HAVE_WOLFCRYPT_TEST_OPTIONS
- /* func_args from test.h, so don't have to pull in other stuff */
- typedef struct func_args {
- int argc;
- char** argv;
- int return_code;
- } func_args;
- #endif /* !HAVE_WOLFCRYPT_TEST_OPTIONS */
- #ifdef HAVE_FIPS
- static void myFipsCb(int ok, int err, const char* hash)
- {
- printf("in my Fips callback, ok = %d, err = %d\n", ok, err);
- printf("message = %s\n", wc_GetErrorString(err));
- printf("hash = %s\n", hash);
- if (err == IN_CORE_FIPS_E) {
- printf("In core integrity hash check failure, copy above hash\n");
- printf("into verifyCore[] in fips_test.c and rebuild\n");
- }
- }
- #endif /* HAVE_FIPS */
- #ifdef WOLFSSL_STATIC_MEMORY
- #ifdef BENCH_EMBEDDED
- static byte gTestMemory[14000];
- #elif defined(WOLFSSL_CERT_EXT)
- static byte gTestMemory[140000];
- #elif defined(USE_FAST_MATH) && !defined(ALT_ECC_SIZE)
- static byte gTestMemory[160000];
- #else
- static byte gTestMemory[80000];
- #endif
- #endif
- #ifdef WOLFSSL_PB
- static int wolfssl_pb_print(const char* msg, ...)
- {
- int ret;
- va_list args;
- char tmpBuf[80];
- va_start(args, msg);
- ret = vsprint(tmpBuf, msg, args);
- va_end(args);
- fnDumpStringToSystemLog(tmpBuf);
- return ret;
- }
- #endif /* WOLFSSL_PB */
- /* optional macro to add sleep between tests */
- #ifdef TEST_SLEEP
- #include <stdarg.h> /* for var args */
- static WC_INLINE void test_pass(const char* fmt, ...)
- {
- va_list args;
- va_start(args, fmt);
- STACK_SIZE_CHECKPOINT_WITH_MAX_CHECK(max_relative_stack, vprintf(fmt, args));
- va_end(args);
- PRINT_HEAP_CHECKPOINT();
- TEST_SLEEP();
- }
- #else
- /* redirect to printf */
- #define test_pass(...) { \
- if (STACK_SIZE_CHECKPOINT_WITH_MAX_CHECK \
- (max_relative_stack, printf(__VA_ARGS__)) < 0) { \
- return err_sys("post-test check failed", -1); \
- } \
- PRINT_HEAP_CHECKPOINT(); \
- }
- /* stub the sleep macro */
- #define TEST_SLEEP()
- #endif
- #ifdef HAVE_STACK_SIZE
- THREAD_RETURN WOLFSSL_THREAD wolfcrypt_test(void* args)
- #else
- int wolfcrypt_test(void* args)
- #endif
- {
- int ret;
- #ifdef WOLFSSL_TRACK_MEMORY_VERBOSE
- long heap_baselineAllocs, heap_baselineBytes;
- #endif
- STACK_SIZE_INIT();
- #ifdef WOLFSSL_TRACK_MEMORY_VERBOSE
- (void)wolfCrypt_heap_peakAllocs_checkpoint();
- heap_baselineAllocs = wolfCrypt_heap_peakAllocs_checkpoint();
- (void)wolfCrypt_heap_peakBytes_checkpoint();
- heap_baselineBytes = wolfCrypt_heap_peakBytes_checkpoint();
- #endif
- printf("------------------------------------------------------------------------------\n");
- printf(" wolfSSL version %s\n", LIBWOLFSSL_VERSION_STRING);
- printf("------------------------------------------------------------------------------\n");
- if (args) {
- #ifdef HAVE_WOLFCRYPT_TEST_OPTIONS
- int ch;
- #endif
- ((func_args*)args)->return_code = -1; /* error state */
- #ifdef HAVE_WOLFCRYPT_TEST_OPTIONS
- while ((ch = mygetopt(((func_args*)args)->argc, ((func_args*)args)->argv, "s:m:a:h")) != -1) {
- switch(ch) {
- case 's':
- #ifdef HAVE_STACK_SIZE_VERBOSE
- max_relative_stack = (ssize_t)atoi(myoptarg);
- break;
- #else
- return err_sys("-s (max relative stack bytes) requires HAVE_STACK_SIZE_VERBOSE (--enable-stacksize=verbose).", -1);
- #endif
- case 'm':
- #ifdef WOLFSSL_TRACK_MEMORY_VERBOSE
- max_relative_heap_bytes = (ssize_t)atoi(myoptarg);
- break;
- #else
- return err_sys("-m (max relative heap memory bytes) requires WOLFSSL_TRACK_MEMORY_VERBOSE (--enable-trackmemory=verbose).", -1);
- #endif
- case 'a':
- #ifdef WOLFSSL_TRACK_MEMORY_VERBOSE
- max_relative_heap_allocs = (ssize_t)atoi(myoptarg);
- break;
- #else
- return err_sys("-a (max relative heap allocs) requires WOLFSSL_TRACK_MEMORY_VERBOSE (--enable-trackmemory=verbose).", -1);
- #endif
- case 'h':
- return err_sys("\
- options: [-s max_relative_stack_bytes] [-m max_relative_heap_memory_bytes]\n\
- [-a max_relative_heap_allocs] [-h]\n", 0);
- default:
- return err_sys("unknown test option. try -h.", -1);
- }
- }
- #endif
- }
- #ifdef WOLFSSL_STATIC_MEMORY
- if (wc_LoadStaticMemory(&HEAP_HINT, gTestMemory, sizeof(gTestMemory),
- WOLFMEM_GENERAL, 1) != 0) {
- printf("unable to load static memory.\n");
- return(EXIT_FAILURE);
- }
- #endif
- #if defined(DEBUG_WOLFSSL) && !defined(HAVE_VALGRIND)
- wolfSSL_Debugging_ON();
- #endif
- #if defined(OPENSSL_EXTRA) || defined(DEBUG_WOLFSSL_VERBOSE)
- wc_SetLoggingHeap(HEAP_HINT);
- #endif
- #ifdef HAVE_FIPS
- wolfCrypt_SetCb_fips(myFipsCb);
- #endif
- #if !defined(NO_BIG_INT)
- if (CheckCtcSettings() != 1) {
- printf("Sizeof mismatch (build) %x != (run) %x\n",
- CTC_SETTINGS, CheckRunTimeSettings());
- return err_sys("Build vs runtime math mismatch\n", -1000);
- }
- #if defined(USE_FAST_MATH) && \
- (!defined(NO_RSA) || !defined(NO_DH) || defined(HAVE_ECC))
- if (CheckFastMathSettings() != 1)
- return err_sys("Build vs runtime fastmath FP_MAX_BITS mismatch\n",
- -1001);
- #endif /* USE_FAST_MATH */
- #endif /* !NO_BIG_INT */
- #if defined(WOLFSSL_CERT_GEN) && defined(WOLFSSL_MULTI_ATTRIB)
- initDefaultName();
- #endif
- #ifdef WOLFSSL_ASYNC_CRYPT
- ret = wolfAsync_DevOpen(&devId);
- if (ret < 0) {
- printf("Async device open failed\nRunning without async\n");
- }
- #else
- (void)devId;
- #endif /* WOLFSSL_ASYNC_CRYPT */
- #ifdef WOLF_CRYPTO_CB
- #ifdef HAVE_INTEL_QA_SYNC
- devId = wc_CryptoCb_InitIntelQa();
- if (INVALID_DEVID == devId) {
- printf("Couldn't init the Intel QA\n");
- }
- #endif
- #ifdef HAVE_CAVIUM_OCTEON_SYNC
- devId = wc_CryptoCb_InitOcteon();
- if (INVALID_DEVID == devId) {
- printf("Couldn't init the Cavium Octeon\n");
- }
- #endif
- #endif
- #ifdef HAVE_SELFTEST
- if ( (ret = wolfCrypt_SelfTest()) != 0)
- return err_sys("CAVP selftest failed!\n", ret);
- else
- test_pass("CAVP selftest passed!\n");
- #endif
- if ( (ret = error_test()) != 0)
- return err_sys("error test failed!\n", ret);
- else
- test_pass("error test passed!\n");
- if ( (ret = memory_test()) != 0)
- return err_sys("MEMORY test failed!\n", ret);
- else
- test_pass("MEMORY test passed!\n");
- #ifndef NO_CODING
- if ( (ret = base64_test()) != 0)
- return err_sys("base64 test failed!\n", ret);
- else
- test_pass("base64 test passed!\n");
- #ifdef WOLFSSL_BASE16
- if ( (ret = base16_test()) != 0)
- return err_sys("base16 test failed!\n", ret);
- else
- test_pass("base16 test passed!\n");
- #endif
- #endif /* !NO_CODING */
- #ifndef NO_ASN
- if ( (ret = asn_test()) != 0)
- return err_sys("asn test failed!\n", ret);
- else
- test_pass("asn test passed!\n");
- #endif
- #ifndef WC_NO_RNG
- if ( (ret = random_test()) != 0)
- return err_sys("RANDOM test failed!\n", ret);
- else
- test_pass("RANDOM test passed!\n");
- #endif /* WC_NO_RNG */
- #ifndef NO_MD5
- if ( (ret = md5_test()) != 0)
- return err_sys("MD5 test failed!\n", ret);
- else
- test_pass("MD5 test passed!\n");
- #endif
- #ifdef WOLFSSL_MD2
- if ( (ret = md2_test()) != 0)
- return err_sys("MD2 test failed!\n", ret);
- else
- test_pass("MD2 test passed!\n");
- #endif
- #ifndef NO_MD4
- if ( (ret = md4_test()) != 0)
- return err_sys("MD4 test failed!\n", ret);
- else
- test_pass("MD4 test passed!\n");
- #endif
- #ifndef NO_SHA
- if ( (ret = sha_test()) != 0)
- return err_sys("SHA test failed!\n", ret);
- else
- test_pass("SHA test passed!\n");
- #endif
- #ifdef WOLFSSL_SHA224
- if ( (ret = sha224_test()) != 0)
- return err_sys("SHA-224 test failed!\n", ret);
- else
- test_pass("SHA-224 test passed!\n");
- #endif
- #ifndef NO_SHA256
- if ( (ret = sha256_test()) != 0)
- return err_sys("SHA-256 test failed!\n", ret);
- else
- test_pass("SHA-256 test passed!\n");
- #endif
- #ifdef WOLFSSL_SHA384
- if ( (ret = sha384_test()) != 0)
- return err_sys("SHA-384 test failed!\n", ret);
- else
- test_pass("SHA-384 test passed!\n");
- #endif
- #ifdef WOLFSSL_SHA512
- if ( (ret = sha512_test()) != 0)
- return err_sys("SHA-512 test failed!\n", ret);
- else
- test_pass("SHA-512 test passed!\n");
- #endif
- #ifdef WOLFSSL_SHA3
- if ( (ret = sha3_test()) != 0)
- return err_sys("SHA-3 test failed!\n", ret);
- else
- test_pass("SHA-3 test passed!\n");
- #endif
- #ifdef WOLFSSL_SHAKE256
- if ( (ret = shake256_test()) != 0)
- return err_sys("SHAKE256 test failed!\n", ret);
- else
- test_pass("SHAKE256 test passed!\n");
- #endif
- #ifndef NO_HASH_WRAPPER
- if ( (ret = hash_test()) != 0)
- return err_sys("Hash test failed!\n", ret);
- else
- test_pass("Hash test passed!\n");
- #endif
- #ifdef WOLFSSL_RIPEMD
- if ( (ret = ripemd_test()) != 0)
- return err_sys("RIPEMD test failed!\n", ret);
- else
- test_pass("RIPEMD test passed!\n");
- #endif
- #ifdef HAVE_BLAKE2
- if ( (ret = blake2b_test()) != 0)
- return err_sys("BLAKE2b test failed!\n", ret);
- else
- test_pass("BLAKE2b test passed!\n");
- #endif
- #ifdef HAVE_BLAKE2S
- if ( (ret = blake2s_test()) != 0)
- return err_sys("BLAKE2s test failed!\n", ret);
- else
- test_pass("BLAKE2s test passed!\n");
- #endif
- #ifndef NO_HMAC
- #ifndef NO_MD5
- if ( (ret = hmac_md5_test()) != 0)
- return err_sys("HMAC-MD5 test failed!\n", ret);
- else
- test_pass("HMAC-MD5 test passed!\n");
- #endif
- #ifndef NO_SHA
- if ( (ret = hmac_sha_test()) != 0)
- return err_sys("HMAC-SHA test failed!\n", ret);
- else
- test_pass("HMAC-SHA test passed!\n");
- #endif
- #ifdef WOLFSSL_SHA224
- if ( (ret = hmac_sha224_test()) != 0)
- return err_sys("HMAC-SHA224 test failed!\n", ret);
- else
- test_pass("HMAC-SHA224 test passed!\n");
- #endif
- #ifndef NO_SHA256
- if ( (ret = hmac_sha256_test()) != 0)
- return err_sys("HMAC-SHA256 test failed!\n", ret);
- else
- test_pass("HMAC-SHA256 test passed!\n");
- #endif
- #ifdef WOLFSSL_SHA384
- if ( (ret = hmac_sha384_test()) != 0)
- return err_sys("HMAC-SHA384 test failed!\n", ret);
- else
- test_pass("HMAC-SHA384 test passed!\n");
- #endif
- #ifdef WOLFSSL_SHA512
- if ( (ret = hmac_sha512_test()) != 0)
- return err_sys("HMAC-SHA512 test failed!\n", ret);
- else
- test_pass("HMAC-SHA512 test passed!\n");
- #endif
- #if !defined(NO_HMAC) && defined(WOLFSSL_SHA3) && \
- !defined(WOLFSSL_NOSHA3_224) && !defined(WOLFSSL_NOSHA3_256) && \
- !defined(WOLFSSL_NOSHA3_384) && !defined(WOLFSSL_NOSHA3_512)
- if ( (ret = hmac_sha3_test()) != 0)
- return err_sys("HMAC-SHA3 test failed!\n", ret);
- else
- test_pass("HMAC-SHA3 test passed!\n");
- #endif
- #ifdef HAVE_HKDF
- if ( (ret = hkdf_test()) != 0)
- return err_sys("HMAC-KDF test failed!\n", ret);
- else
- test_pass("HMAC-KDF test passed!\n");
- #endif
- #endif /* !NO_HMAC */
- #if defined(HAVE_X963_KDF) && defined(HAVE_ECC)
- if ( (ret = x963kdf_test()) != 0)
- return err_sys("X963-KDF test failed!\n", ret);
- else
- test_pass("X963-KDF test passed!\n");
- #endif
- #if defined(HAVE_AESGCM) && defined(WOLFSSL_AES_128) && \
- !defined(WOLFSSL_AFALG_XILINX_AES) && !defined(WOLFSSL_XILINX_CRYPT)
- if ( (ret = gmac_test()) != 0)
- return err_sys("GMAC test failed!\n", ret);
- else
- test_pass("GMAC test passed!\n");
- #endif
- #ifdef WC_RC2
- if ( (ret = rc2_test()) != 0)
- return err_sys("RC2 test failed!\n", ret);
- else
- test_pass("RC2 test passed!\n");
- #endif
- #ifndef NO_RC4
- if ( (ret = arc4_test()) != 0)
- return err_sys("ARC4 test failed!\n", ret);
- else
- test_pass("ARC4 test passed!\n");
- #endif
- #ifndef NO_HC128
- if ( (ret = hc128_test()) != 0)
- return err_sys("HC-128 test failed!\n", ret);
- else
- test_pass("HC-128 test passed!\n");
- #endif
- #ifndef NO_RABBIT
- if ( (ret = rabbit_test()) != 0)
- return err_sys("Rabbit test failed!\n", ret);
- else
- test_pass("Rabbit test passed!\n");
- #endif
- #ifdef HAVE_CHACHA
- if ( (ret = chacha_test()) != 0)
- return err_sys("Chacha test failed!\n", ret);
- else
- test_pass("Chacha test passed!\n");
- #endif
- #ifdef HAVE_XCHACHA
- if ( (ret = XChaCha_test()) != 0)
- return err_sys("XChacha test failed!\n", ret);
- else
- test_pass("XChacha test passed!\n");
- #endif
- #ifdef HAVE_POLY1305
- if ( (ret = poly1305_test()) != 0)
- return err_sys("POLY1305 test failed!\n", ret);
- else
- test_pass("POLY1305 test passed!\n");
- #endif
- #if defined(HAVE_CHACHA) && defined(HAVE_POLY1305)
- if ( (ret = chacha20_poly1305_aead_test()) != 0)
- return err_sys("ChaCha20-Poly1305 AEAD test failed!\n", ret);
- else
- test_pass("ChaCha20-Poly1305 AEAD test passed!\n");
- #endif
- #if defined(HAVE_XCHACHA) && defined(HAVE_POLY1305)
- if ( (ret = XChaCha20Poly1305_test()) != 0)
- return err_sys("XChaCha20-Poly1305 AEAD test failed!\n", ret);
- else
- test_pass("XChaCha20-Poly1305 AEAD test passed!\n");
- #endif
- #ifndef NO_DES3
- if ( (ret = des_test()) != 0)
- return err_sys("DES test failed!\n", ret);
- else
- test_pass("DES test passed!\n");
- #endif
- #ifndef NO_DES3
- if ( (ret = des3_test()) != 0)
- return err_sys("DES3 test failed!\n", ret);
- else
- test_pass("DES3 test passed!\n");
- #endif
- #ifndef NO_AES
- if ( (ret = aes_test()) != 0)
- return err_sys("AES test failed!\n", ret);
- else
- test_pass("AES test passed!\n");
- #ifdef WOLFSSL_AES_192
- if ( (ret = aes192_test()) != 0)
- return err_sys("AES192 test failed!\n", ret);
- else
- test_pass("AES192 test passed!\n");
- #endif
- #ifdef WOLFSSL_AES_256
- if ( (ret = aes256_test()) != 0)
- return err_sys("AES256 test failed!\n", ret);
- else
- test_pass("AES256 test passed!\n");
- #endif
- #ifdef WOLFSSL_AES_OFB
- if ( (ret = aesofb_test()) != 0)
- return err_sys("AES-OFB test failed!\n", ret);
- else
- test_pass("AESOFB test passed!\n");
- #endif
- #ifdef HAVE_AESGCM
- #if !defined(WOLFSSL_AFALG) && !defined(WOLFSSL_DEVCRYPTO)
- if ( (ret = aesgcm_test()) != 0)
- return err_sys("AES-GCM test failed!\n", ret);
- #endif
- #if !defined(WOLFSSL_AFALG_XILINX_AES) && !defined(WOLFSSL_XILINX_CRYPT) && \
- !(defined(WOLF_CRYPTO_CB) && \
- (defined(HAVE_INTEL_QA_SYNC) || defined(HAVE_CAVIUM_OCTEON_SYNC)))
- if ((ret = aesgcm_default_test()) != 0) {
- return err_sys("AES-GCM test failed!\n", ret);
- }
- #endif
- test_pass("AES-GCM test passed!\n");
- #endif
- #if defined(HAVE_AESCCM) && defined(WOLFSSL_AES_128)
- if ( (ret = aesccm_test()) != 0)
- return err_sys("AES-CCM test failed!\n", ret);
- else
- test_pass("AES-CCM test passed!\n");
- #endif
- #ifdef HAVE_AES_KEYWRAP
- if ( (ret = aeskeywrap_test()) != 0)
- return err_sys("AES Key Wrap test failed!\n", ret);
- else
- test_pass("AES Key Wrap test passed!\n");
- #endif
- #endif
- #ifdef HAVE_CAMELLIA
- if ( (ret = camellia_test()) != 0)
- return err_sys("CAMELLIA test failed!\n", ret);
- else
- test_pass("CAMELLIA test passed!\n");
- #endif
- #ifdef HAVE_IDEA
- if ( (ret = idea_test()) != 0)
- return err_sys("IDEA test failed!\n", ret);
- else
- test_pass("IDEA test passed!\n");
- #endif
- #ifndef NO_RSA
- #ifdef WC_RSA_NO_PADDING
- if ( (ret = rsa_no_pad_test()) != 0)
- return err_sys("RSA NOPAD test failed!\n", ret);
- else
- test_pass("RSA NOPAD test passed!\n");
- #endif
- if ( (ret = rsa_test()) != 0)
- return err_sys("RSA test failed!\n", ret);
- else
- test_pass("RSA test passed!\n");
- #endif
- #ifndef NO_DH
- if ( (ret = dh_test()) != 0)
- return err_sys("DH test failed!\n", ret);
- else
- test_pass("DH test passed!\n");
- #endif
- #ifndef NO_DSA
- if ( (ret = dsa_test()) != 0)
- return err_sys("DSA test failed!\n", ret);
- else
- test_pass("DSA test passed!\n");
- #endif
- #ifdef WOLFCRYPT_HAVE_SRP
- if ( (ret = srp_test()) != 0)
- return err_sys("SRP test failed!\n", ret);
- else
- test_pass("SRP test passed!\n");
- #endif
- #ifndef NO_PWDBASED
- if ( (ret = pwdbased_test()) != 0)
- return err_sys("PWDBASED test failed!\n", ret);
- else
- test_pass("PWDBASED test passed!\n");
- #endif
- #if defined(OPENSSL_EXTRA) && !defined(WOLFCRYPT_ONLY)
- if ( (ret = openssl_test()) != 0)
- return err_sys("OPENSSL test failed!\n", ret);
- else
- test_pass("OPENSSL test passed!\n");
- if ( (ret = openSSL_evpMD_test()) != 0)
- return err_sys("OPENSSL (EVP MD) test failed!\n", ret);
- else
- test_pass("OPENSSL (EVP MD) passed!\n");
- if ( (ret = openssl_pkey0_test()) != 0)
- return err_sys("OPENSSL (PKEY0) test failed!\n", ret);
- else
- test_pass("OPENSSL (PKEY0) passed!\n");
- if ( (ret = openssl_pkey1_test()) != 0)
- return err_sys("OPENSSL (PKEY1) test failed!\n", ret);
- else
- test_pass("OPENSSL (PKEY1) passed!\n");
- if ( (ret = openssl_evpSig_test()) != 0)
- return err_sys("OPENSSL (EVP Sign/Verify) test failed!\n", ret);
- else
- test_pass("OPENSSL (EVP Sign/Verify) passed!\n");
- #endif
- #ifdef HAVE_ECC
- if ( (ret = ecc_test()) != 0)
- return err_sys("ECC test failed!\n", ret);
- else
- test_pass("ECC test passed!\n");
- #if defined(HAVE_ECC_ENCRYPT) && defined(WOLFSSL_AES_128)
- if ( (ret = ecc_encrypt_test()) != 0)
- return err_sys("ECC Enc test failed!\n", ret);
- else
- test_pass("ECC Enc test passed!\n");
- #endif
- #if defined(USE_CERT_BUFFERS_256) && !defined(WOLFSSL_ATECC508A) && \
- !defined(WOLFSSL_ATECC608A) && !defined(NO_ECC256) && \
- defined(HAVE_ECC_VERIFY) && defined(HAVE_ECC_SIGN)
- /* skip for ATECC508/608A, cannot import private key buffers */
- if ( (ret = ecc_test_buffers()) != 0)
- return err_sys("ECC buffer test failed!\n", ret);
- else
- test_pass("ECC buffer test passed!\n");
- #endif
- #endif
- #if !defined(NO_ASN_TIME) && !defined(NO_RSA) && defined(WOLFSSL_TEST_CERT) && \
- !defined(NO_FILESYSTEM)
- if ( (ret = cert_test()) != 0)
- return err_sys("CERT test failed!\n", ret);
- else
- test_pass("CERT test passed!\n");
- #endif
- #if defined(WOLFSSL_CERT_EXT) && defined(WOLFSSL_TEST_CERT) && \
- !defined(NO_FILESYSTEM)
- if ( (ret = certext_test()) != 0)
- return err_sys("CERT EXT test failed!\n", ret);
- else
- test_pass("CERT EXT test passed!\n");
- #endif
- #if defined(WOLFSSL_CERT_GEN_CACHE) && defined(WOLFSSL_TEST_CERT) && \
- defined(WOLFSSL_CERT_EXT) && defined(WOLFSSL_CERT_GEN)
- if ( (ret = decodedCertCache_test()) != 0)
- return err_sys("DECODED CERT CACHE test failed!\n", ret);
- else
- test_pass("DECODED CERT CACHE test passed!\n");
- #endif
- #ifdef HAVE_CURVE25519
- if ( (ret = curve25519_test()) != 0)
- return err_sys("CURVE25519 test failed!\n", ret);
- else
- test_pass("CURVE25519 test passed!\n");
- #endif
- #ifdef HAVE_ED25519
- if ( (ret = ed25519_test()) != 0)
- return err_sys("ED25519 test failed!\n", ret);
- else
- test_pass("ED25519 test passed!\n");
- #endif
- #ifdef HAVE_CURVE448
- if ( (ret = curve448_test()) != 0)
- return err_sys("CURVE448 test failed!\n", ret);
- else
- test_pass("CURVE448 test passed!\n");
- #endif
- #ifdef HAVE_ED448
- if ( (ret = ed448_test()) != 0)
- return err_sys("ED448 test failed!\n", ret);
- else
- test_pass("ED448 test passed!\n");
- #endif
- #ifdef WOLFCRYPT_HAVE_ECCSI
- if ( (ret = eccsi_test()) != 0)
- return err_sys("ECCSI test failed!\n", ret);
- else
- test_pass("ECCSI test passed!\n");
- #endif
- #ifdef WOLFCRYPT_HAVE_SAKKE
- if ( (ret = sakke_test()) != 0)
- return err_sys("SAKKE test failed!\n", ret);
- else
- test_pass("SAKKE test passed!\n");
- #endif
- #if defined(WOLFSSL_CMAC) && !defined(NO_AES)
- if ( (ret = cmac_test()) != 0)
- return err_sys("CMAC test failed!\n", ret);
- else
- test_pass("CMAC test passed!\n");
- #endif
- #ifdef HAVE_LIBZ
- if ( (ret = compress_test()) != 0)
- return err_sys("COMPRESS test failed!\n", ret);
- else
- test_pass("COMPRESS test passed!\n");
- #endif
- #ifdef HAVE_PKCS7
- #ifndef NO_PKCS7_ENCRYPTED_DATA
- if ( (ret = pkcs7encrypted_test()) != 0)
- return err_sys("PKCS7encrypted test failed!\n", ret);
- else
- test_pass("PKCS7encrypted test passed!\n");
- #endif
- #if defined(HAVE_LIBZ) && !defined(NO_PKCS7_COMPRESSED_DATA)
- if ( (ret = pkcs7compressed_test()) != 0)
- return err_sys("PKCS7compressed test failed!\n", ret);
- else
- test_pass("PKCS7compressed test passed!\n");
- #endif
- if ( (ret = pkcs7signed_test()) != 0)
- return err_sys("PKCS7signed test failed!\n", ret);
- else
- test_pass("PKCS7signed test passed!\n");
- if ( (ret = pkcs7enveloped_test()) != 0)
- return err_sys("PKCS7enveloped test failed!\n", ret);
- else
- test_pass("PKCS7enveloped test passed!\n");
- #if defined(HAVE_AESGCM) || defined(HAVE_AESCCM)
- if ( (ret = pkcs7authenveloped_test()) != 0)
- return err_sys("PKCS7authenveloped test failed!\n", ret);
- else
- test_pass("PKCS7authenveloped test passed!\n");
- #endif
- #endif
- #ifdef HAVE_VALGRIND
- if ( (ret = mp_test()) != 0)
- return err_sys("mp test failed!\n", ret);
- else
- test_pass("mp test passed!\n");
- #endif
- #if defined(WOLFSSL_PUBLIC_MP) && defined(WOLFSSL_KEY_GEN)
- if ( (ret = prime_test()) != 0)
- return err_sys("prime test failed!\n", ret);
- else
- test_pass("prime test passed!\n");
- #endif
- #if defined(ASN_BER_TO_DER) && \
- (defined(WOLFSSL_TEST_CERT) || defined(OPENSSL_EXTRA) || \
- defined(OPENSSL_EXTRA_X509_SMALL))
- if ( (ret = berder_test()) != 0)
- return err_sys("ber-der test failed!\n", ret);
- else
- test_pass("ber-der test passed!\n");
- #endif
- if ( (ret = logging_test()) != 0)
- return err_sys("logging test failed!\n", ret);
- else
- test_pass("logging test passed!\n");
- if ( (ret = mutex_test()) != 0)
- return err_sys("mutex test failed!\n", ret);
- else
- test_pass("mutex test passed!\n");
- #if defined(USE_WOLFSSL_MEMORY) && !defined(FREERTOS)
- if ( (ret = memcb_test()) != 0)
- return err_sys("memcb test failed!\n", ret);
- else
- test_pass("memcb test passed!\n");
- #endif
- #ifdef WOLFSSL_IMX6_CAAM_BLOB
- if ( (ret = blob_test()) != 0)
- return err_sys("blob test failed!\n", ret);
- else
- test_pass("blob test passed!\n");
- #endif
- #if defined(WOLF_CRYPTO_CB) && \
- !(defined(HAVE_INTEL_QAT_SYNC) || defined(HAVE_CAVIUM_OCTEON_SYNC) || \
- defined(WOLFSSL_QNX_CAAM))
- if ( (ret = cryptocb_test()) != 0)
- return err_sys("crypto callback test failed!\n", ret);
- else
- test_pass("crypto callback test passed!\n");
- #endif
- #ifdef WOLFSSL_CERT_PIV
- if ( (ret = certpiv_test()) != 0)
- return err_sys("cert piv test failed!\n", ret);
- else
- test_pass("cert piv test passed!\n");
- #endif
- #ifdef WOLF_CRYPTO_CB
- #ifdef HAVE_INTEL_QA_SYNC
- wc_CryptoCb_CleanupIntelQa(&devId);
- #endif
- #ifdef HAVE_CAVIUM_OCTEON_SYNC
- wc_CryptoCb_CleanupOcteon(&devId);
- #endif
- #endif
- #ifdef WOLFSSL_ASYNC_CRYPT
- wolfAsync_DevClose(&devId);
- #endif
- /* cleanup the thread if fixed point cache is enabled and have thread local */
- #if defined(HAVE_THREAD_LS) && defined(HAVE_ECC) && defined(FP_ECC)
- wc_ecc_fp_free();
- #endif
- if (args)
- ((func_args*)args)->return_code = ret;
- test_pass("Test complete\n");
- EXIT_TEST(ret);
- }
- #ifndef NO_MAIN_DRIVER
- /* so overall tests can pull in test function */
- #ifdef WOLFSSL_ESPIDF
- void app_main( )
- #else
- #ifdef HAVE_WOLFCRYPT_TEST_OPTIONS
- int myoptind = 0;
- char* myoptarg = NULL;
- #endif
- int main(int argc, char** argv)
- #endif
- {
- int ret;
- func_args args;
- #ifdef WOLFSSL_ESPIDF
- /* set dummy wallclock time. */
- struct timeval utctime;
- struct timezone tz;
- utctime.tv_sec = 1521725159; /* dummy time: 2018-03-22T13:25:59+00:00 */
- utctime.tv_usec = 0;
- tz.tz_minuteswest = 0;
- tz.tz_dsttime = 0;
- settimeofday(&utctime, &tz);
- #endif
- #ifdef WOLFSSL_APACHE_MYNEWT
- #ifdef ARCH_sim
- mcu_sim_parse_args(argc, argv);
- #endif
- sysinit();
- /* set dummy wallclock time. */
- struct os_timeval utctime;
- struct os_timezone tz;
- utctime.tv_sec = 1521725159; /* dummy time: 2018-03-22T13:25:59+00:00 */
- utctime.tv_usec = 0;
- tz.tz_minuteswest = 0;
- tz.tz_dsttime = 0;
- os_settimeofday(&utctime, &tz);
- #endif
- #ifdef HAVE_WNR
- if (wc_InitNetRandom(wnrConfigFile, NULL, 5000) != 0) {
- err_sys("Whitewood netRandom global config failed", -1001);
- return -1002;
- }
- #endif
- #ifndef WOLFSSL_ESPIDF
- args.argc = argc;
- args.argv = argv;
- #endif
- if ((ret = wolfCrypt_Init()) != 0) {
- printf("wolfCrypt_Init failed %d\n", ret);
- err_sys("Error with wolfCrypt_Init!\n", -1003);
- }
- #ifdef HAVE_STACK_SIZE
- StackSizeCheck(&args, wolfcrypt_test);
- #else
- wolfcrypt_test(&args);
- #endif
- if ((ret = wolfCrypt_Cleanup()) != 0) {
- printf("wolfCrypt_Cleanup failed %d\n", ret);
- err_sys("Error with wolfCrypt_Cleanup!\n", -1004);
- }
- #ifdef HAVE_WNR
- if (wc_FreeNetRandom() < 0)
- err_sys("Failed to free netRandom context", -1005);
- #endif /* HAVE_WNR */
- #ifndef WOLFSSL_ESPIDF
- return args.return_code;
- #endif
- }
- #endif /* NO_MAIN_DRIVER */
- /* helper to save DER, convert to PEM and save PEM */
- #if !defined(NO_ASN) && (defined(HAVE_ECC) || !defined(NO_DSA) || \
- (!defined(NO_RSA) && (defined(WOLFSSL_KEY_GEN) || defined(WOLFSSL_CERT_GEN))))
- #if !defined(NO_FILESYSTEM) && !defined(NO_WRITE_TEMP_FILES)
- #define SaveDerAndPem(d, dSz, fD, fP, pT, eB) _SaveDerAndPem(d, dSz, fD, fP, pT, eB)
- #else
- #define SaveDerAndPem(d, dSz, fD, fP, pT, eB) _SaveDerAndPem(d, dSz, NULL, NULL, pT, eB)
- #endif
- static int _SaveDerAndPem(const byte* der, int derSz,
- const char* fileDer, const char* filePem, int pemType, int errBase)
- {
- #if !defined(NO_FILESYSTEM) && !defined(NO_WRITE_TEMP_FILES)
- int ret;
- XFILE derFile;
- derFile = XFOPEN(fileDer, "wb");
- if (!derFile) {
- return errBase + 0;
- }
- ret = (int)XFWRITE(der, 1, derSz, derFile);
- XFCLOSE(derFile);
- if (ret != derSz) {
- return errBase + 1;
- }
- #endif
- #ifdef WOLFSSL_DER_TO_PEM
- if (filePem) {
- #if !defined(NO_FILESYSTEM) && !defined(NO_WRITE_TEMP_FILES)
- XFILE pemFile;
- #endif
- byte* pem;
- int pemSz;
- /* calculate PEM size */
- pemSz = wc_DerToPem(der, derSz, NULL, 0, pemType);
- if (pemSz < 0) {
- return pemSz;
- }
- pem = (byte*)XMALLOC(pemSz, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- if (pem == NULL) {
- return MEMORY_E;
- }
- /* Convert to PEM */
- pemSz = wc_DerToPem(der, derSz, pem, pemSz, pemType);
- if (pemSz < 0) {
- XFREE(pem, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- return errBase + 2;
- }
- #if !defined(NO_FILESYSTEM) && !defined(NO_WRITE_TEMP_FILES)
- pemFile = XFOPEN(filePem, "wb");
- if (!pemFile) {
- XFREE(pem, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- return errBase + 3;
- }
- ret = (int)XFWRITE(pem, 1, pemSz, pemFile);
- XFCLOSE(pemFile);
- if (ret != pemSz) {
- XFREE(pem, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- return errBase + 4;
- }
- #endif
- XFREE(pem, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- }
- #endif /* WOLFSSL_DER_TO_PEM */
- /* suppress unused variable warnings */
- (void)der;
- (void)derSz;
- (void)filePem;
- (void)fileDer;
- (void)pemType;
- (void)errBase;
- return 0;
- }
- #endif /* WOLFSSL_KEY_GEN || WOLFSSL_CERT_GEN */
- WOLFSSL_TEST_SUBROUTINE int error_test(void)
- {
- const char* errStr;
- char out[WOLFSSL_MAX_ERROR_SZ];
- const char* unknownStr = wc_GetErrorString(0);
- #ifdef NO_ERROR_STRINGS
- /* Ensure a valid error code's string matches an invalid code's.
- * The string is that error strings are not available.
- */
- errStr = wc_GetErrorString(OPEN_RAN_E);
- wc_ErrorString(OPEN_RAN_E, out);
- if (XSTRNCMP(errStr, unknownStr, XSTRLEN(unknownStr)) != 0)
- return -1100;
- if (XSTRNCMP(out, unknownStr, XSTRLEN(unknownStr)) != 0)
- return -1101;
- #else
- int i;
- int j = 0;
- /* Values that are not or no longer error codes. */
- int missing[] = { -122, -123, -124, -127, -128, -129,
- -163, -164, -165, -166, -167, -168, -169,
- -179, -233,
- 0 };
- /* Check that all errors have a string and it's the same through the two
- * APIs. Check that the values that are not errors map to the unknown
- * string.
- */
- for (i = MAX_CODE_E-1; i >= WC_LAST_E; i--) {
- errStr = wc_GetErrorString(i);
- wc_ErrorString(i, out);
- if (i != missing[j]) {
- if (XSTRNCMP(errStr, unknownStr, XSTRLEN(unknownStr)) == 0)
- return -1102;
- if (XSTRNCMP(out, unknownStr, XSTRLEN(unknownStr)) == 0)
- return -1103;
- if (XSTRNCMP(errStr, out, XSTRLEN(errStr)) != 0)
- return -1104;
- if (XSTRLEN(errStr) >= WOLFSSL_MAX_ERROR_SZ)
- return -1105;
- }
- else {
- j++;
- if (XSTRNCMP(errStr, unknownStr, XSTRLEN(unknownStr)) != 0)
- return -1106;
- if (XSTRNCMP(out, unknownStr, XSTRLEN(unknownStr)) != 0)
- return -1107;
- }
- }
- /* Check if the next possible value has been given a string. */
- errStr = wc_GetErrorString(i);
- wc_ErrorString(i, out);
- if (XSTRNCMP(errStr, unknownStr, XSTRLEN(unknownStr)) != 0)
- return -1108;
- if (XSTRNCMP(out, unknownStr, XSTRLEN(unknownStr)) != 0)
- return -1109;
- #endif
- return 0;
- }
- #ifndef NO_CODING
- WOLFSSL_TEST_SUBROUTINE int base64_test(void)
- {
- int ret;
- WOLFSSL_SMALL_STACK_STATIC const byte good[] = "A+Gd\0\0\0";
- WOLFSSL_SMALL_STACK_STATIC const byte goodEnd[] = "A+Gd \r\n";
- byte out[128];
- word32 outLen;
- #ifdef WOLFSSL_BASE64_ENCODE
- byte data[3];
- word32 dataLen;
- byte longData[79] = { 0 };
- WOLFSSL_SMALL_STACK_STATIC const byte symbols[] = "+/A=";
- #endif
- WOLFSSL_SMALL_STACK_STATIC const byte badSmall[] = "AAA Gdj=";
- WOLFSSL_SMALL_STACK_STATIC const byte badLarge[] = "AAA~Gdj=";
- WOLFSSL_SMALL_STACK_STATIC const byte badEOL[] = "A+Gd AA";
- WOLFSSL_SMALL_STACK_STATIC const byte badPadding[] = "AA=A";
- WOLFSSL_SMALL_STACK_STATIC const byte badChar[] = ",-.:;<=>?@[\\]^_`";
- byte goodChar[] =
- "ABCDEFGHIJKLMNOPQRSTUVWXYZ"
- "abcdefghijklmnopqrstuvwxyz"
- "0123456789+/;";
- byte charTest[] = "A+Gd\0\0\0";
- int i;
- /* Good Base64 encodings. */
- outLen = sizeof(out);
- ret = Base64_Decode(good, sizeof(good), out, &outLen);
- if (ret != 0)
- return -1200;
- outLen = sizeof(out);
- ret = Base64_Decode(goodEnd, sizeof(goodEnd), out, &outLen);
- if (ret != 0)
- return -1201;
- outLen = sizeof(goodChar);
- ret = Base64_Decode(goodChar, sizeof(goodChar), goodChar, &outLen);
- if (ret != 0)
- return -1235;
- if (outLen != 64 / 4 * 3)
- return -1236;
- /* Bad parameters. */
- outLen = 1;
- ret = Base64_Decode(good, sizeof(good), out, &outLen);
- if (ret != BAD_FUNC_ARG)
- return -1202;
- outLen = sizeof(out);
- ret = Base64_Decode(badEOL, sizeof(badEOL), out, &outLen);
- if (ret != ASN_INPUT_E)
- return -1203;
- outLen = sizeof(out);
- ret = Base64_Decode(badPadding, sizeof(badPadding), out, &outLen);
- if (ret != ASN_INPUT_E)
- return -1203;
- /* Bad character at each offset 0-3. */
- for (i = 0; i < 4; i++) {
- outLen = sizeof(out);
- ret = Base64_Decode(badSmall + i, 4, out, &outLen);
- if (ret != ASN_INPUT_E)
- return -1204 - i;
- ret = Base64_Decode(badLarge + i, 4, out, &outLen);
- if (ret != ASN_INPUT_E)
- return -1214 - i;
- }
- /* Invalid character less than 0x2b */
- for (i = 1; i < 0x2b; i++) {
- outLen = sizeof(out);
- charTest[0] = i;
- ret = Base64_Decode(charTest, sizeof(charTest), out, &outLen);
- if (ret != ASN_INPUT_E)
- return -1240 - i;
- }
- /* Bad characters in range 0x2b - 0x7a. */
- for (i = 0; i < (int)sizeof(badChar) - 1; i++) {
- outLen = sizeof(out);
- charTest[0] = badChar[i];
- ret = Base64_Decode(charTest, sizeof(charTest), out, &outLen);
- if (ret != ASN_INPUT_E)
- return -1270 - i;
- }
- /* Invalid character greater than 0x7a */
- for (i = 0x7b; i < 0x100; i++) {
- outLen = sizeof(out);
- charTest[0] = i;
- ret = Base64_Decode(charTest, sizeof(charTest), out, &outLen);
- if (ret != ASN_INPUT_E)
- return -1290 - i;
- }
-
- #ifdef WOLFSSL_BASE64_ENCODE
- /* Decode and encode all symbols - non-alphanumeric. */
- dataLen = sizeof(data);
- ret = Base64_Decode(symbols, sizeof(symbols), data, &dataLen);
- if (ret != 0)
- return -1224;
- outLen = sizeof(out);
- ret = Base64_Encode(data, dataLen, NULL, &outLen);
- if (ret != LENGTH_ONLY_E)
- return -1225;
- outLen = sizeof(out);
- ret = Base64_Encode(data, dataLen, out, &outLen);
- if (ret != 0)
- return -1226;
- outLen = 7;
- ret = Base64_EncodeEsc(data, dataLen, out, &outLen);
- if (ret != BUFFER_E)
- return -1227;
- outLen = sizeof(out);
- ret = Base64_EncodeEsc(data, dataLen, NULL, &outLen);
- if (ret != LENGTH_ONLY_E)
- return -1228;
- outLen = sizeof(out);
- ret = Base64_EncodeEsc(data, dataLen, out, &outLen);
- if (ret != 0)
- return -1229;
- outLen = sizeof(out);
- ret = Base64_Encode_NoNl(data, dataLen, out, &outLen);
- if (ret != 0)
- return -1230;
- /* Data that results in an encoding longer than one line. */
- outLen = sizeof(out);
- dataLen = sizeof(longData);
- ret = Base64_Encode(longData, dataLen, out, &outLen);
- if (ret != 0)
- return -1231;
- outLen = sizeof(out);
- ret = Base64_EncodeEsc(longData, dataLen, out, &outLen);
- if (ret != 0)
- return -1232;
- outLen = sizeof(out);
- ret = Base64_Encode_NoNl(longData, dataLen, out, &outLen);
- if (ret != 0)
- return -1233;
- #endif
- return 0;
- }
- #ifdef WOLFSSL_BASE16
- WOLFSSL_TEST_SUBROUTINE int base16_test(void)
- {
- int ret;
- WOLFSSL_SMALL_STACK_STATIC const byte testData[] = "SomeDataToEncode\n";
- WOLFSSL_SMALL_STACK_STATIC const byte encodedTestData[] = "536F6D6544617461546F456E636F64650A00";
- byte encoded[40];
- word32 encodedLen;
- byte plain[40];
- word32 len;
- /* length returned includes null termination */
- encodedLen = sizeof(encoded);
- ret = Base16_Encode(testData, sizeof(testData), encoded, &encodedLen);
- if (ret != 0)
- return -1300;
- len = (word32)XSTRLEN((char*)encoded);
- if (len != encodedLen - 1)
- return -1301;
- len = sizeof(plain);
- ret = Base16_Decode(encoded, encodedLen - 1, plain, &len);
- if (ret != 0)
- return -1302;
- if (len != sizeof(testData) || XMEMCMP(testData, plain, len) != 0)
- return -1303;
- if (encodedLen != sizeof(encodedTestData) ||
- XMEMCMP(encoded, encodedTestData, encodedLen) != 0) {
- return -1304;
- }
- return 0;
- }
- #endif /* WOLFSSL_BASE16 */
- #endif /* !NO_CODING */
- #ifndef NO_ASN
- WOLFSSL_TEST_SUBROUTINE int asn_test(void)
- {
- int ret;
- /* ASN1 encoded date buffer */
- WOLFSSL_SMALL_STACK_STATIC const byte dateBuf[] = {0x17, 0x0d, 0x31, 0x36, 0x30, 0x38, 0x31, 0x31,
- 0x32, 0x30, 0x30, 0x37, 0x33, 0x37, 0x5a};
- byte format;
- int length;
- const byte* datePart;
- #ifndef NO_ASN_TIME
- struct tm timearg;
- time_t now;
- #endif
- ret = wc_GetDateInfo(dateBuf, (int)sizeof(dateBuf), &datePart, &format,
- &length);
- if (ret != 0)
- return -1400;
- #ifndef NO_ASN_TIME
- /* Parameter Validation tests. */
- if (wc_GetTime(NULL, sizeof(now)) != BAD_FUNC_ARG)
- return -1401;
- if (wc_GetTime(&now, 0) != BUFFER_E)
- return -1402;
- now = 0;
- if (wc_GetTime(&now, sizeof(now)) != 0) {
- return -1403;
- }
- if (now == 0) {
- printf("RTC/Time not set!\n");
- return -1404;
- }
- ret = wc_GetDateAsCalendarTime(datePart, length, format, &timearg);
- if (ret != 0)
- return -1405;
- #endif /* !NO_ASN_TIME */
- return 0;
- }
- #endif /* !NO_ASN */
- #ifdef WOLFSSL_MD2
- WOLFSSL_TEST_SUBROUTINE int md2_test(void)
- {
- Md2 md2;
- byte hash[MD2_DIGEST_SIZE];
- testVector a, b, c, d, e, f, g;
- testVector test_md2[7];
- int times = sizeof(test_md2) / sizeof(testVector), i;
- a.input = "";
- a.output = "\x83\x50\xe5\xa3\xe2\x4c\x15\x3d\xf2\x27\x5c\x9f\x80\x69"
- "\x27\x73";
- a.inLen = XSTRLEN(a.input);
- a.outLen = MD2_DIGEST_SIZE;
- b.input = "a";
- b.output = "\x32\xec\x01\xec\x4a\x6d\xac\x72\xc0\xab\x96\xfb\x34\xc0"
- "\xb5\xd1";
- b.inLen = XSTRLEN(b.input);
- b.outLen = MD2_DIGEST_SIZE;
- c.input = "abc";
- c.output = "\xda\x85\x3b\x0d\x3f\x88\xd9\x9b\x30\x28\x3a\x69\xe6\xde"
- "\xd6\xbb";
- c.inLen = XSTRLEN(c.input);
- c.outLen = MD2_DIGEST_SIZE;
- d.input = "message digest";
- d.output = "\xab\x4f\x49\x6b\xfb\x2a\x53\x0b\x21\x9f\xf3\x30\x31\xfe"
- "\x06\xb0";
- d.inLen = XSTRLEN(d.input);
- d.outLen = MD2_DIGEST_SIZE;
- e.input = "abcdefghijklmnopqrstuvwxyz";
- e.output = "\x4e\x8d\xdf\xf3\x65\x02\x92\xab\x5a\x41\x08\xc3\xaa\x47"
- "\x94\x0b";
- e.inLen = XSTRLEN(e.input);
- e.outLen = MD2_DIGEST_SIZE;
- f.input = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz012345"
- "6789";
- f.output = "\xda\x33\xde\xf2\xa4\x2d\xf1\x39\x75\x35\x28\x46\xc3\x03"
- "\x38\xcd";
- f.inLen = XSTRLEN(f.input);
- f.outLen = MD2_DIGEST_SIZE;
- g.input = "1234567890123456789012345678901234567890123456789012345678"
- "9012345678901234567890";
- g.output = "\xd5\x97\x6f\x79\xd8\x3d\x3a\x0d\xc9\x80\x6c\x3c\x66\xf3"
- "\xef\xd8";
- g.inLen = XSTRLEN(g.input);
- g.outLen = MD2_DIGEST_SIZE;
- test_md2[0] = a;
- test_md2[1] = b;
- test_md2[2] = c;
- test_md2[3] = d;
- test_md2[4] = e;
- test_md2[5] = f;
- test_md2[6] = g;
- wc_InitMd2(&md2);
- for (i = 0; i < times; ++i) {
- wc_Md2Update(&md2, (byte*)test_md2[i].input, (word32)test_md2[i].inLen);
- wc_Md2Final(&md2, hash);
- if (XMEMCMP(hash, test_md2[i].output, MD2_DIGEST_SIZE) != 0)
- return -1500 - i;
- }
- return 0;
- }
- #endif
- #ifndef NO_MD5
- WOLFSSL_TEST_SUBROUTINE int md5_test(void)
- {
- int ret = 0;
- wc_Md5 md5, md5Copy;
- byte hash[WC_MD5_DIGEST_SIZE];
- byte hashcopy[WC_MD5_DIGEST_SIZE];
- testVector a, b, c, d, e, f;
- testVector test_md5[6];
- int times = sizeof(test_md5) / sizeof(testVector), i;
- a.input = "";
- a.output = "\xd4\x1d\x8c\xd9\x8f\x00\xb2\x04\xe9\x80\x09\x98\xec\xf8\x42"
- "\x7e";
- a.inLen = XSTRLEN(a.input);
- a.outLen = WC_MD5_DIGEST_SIZE;
- b.input = "abc";
- b.output = "\x90\x01\x50\x98\x3c\xd2\x4f\xb0\xd6\x96\x3f\x7d\x28\xe1\x7f"
- "\x72";
- b.inLen = XSTRLEN(b.input);
- b.outLen = WC_MD5_DIGEST_SIZE;
- c.input = "message digest";
- c.output = "\xf9\x6b\x69\x7d\x7c\xb7\x93\x8d\x52\x5a\x2f\x31\xaa\xf1\x61"
- "\xd0";
- c.inLen = XSTRLEN(c.input);
- c.outLen = WC_MD5_DIGEST_SIZE;
- d.input = "abcdefghijklmnopqrstuvwxyz";
- d.output = "\xc3\xfc\xd3\xd7\x61\x92\xe4\x00\x7d\xfb\x49\x6c\xca\x67\xe1"
- "\x3b";
- d.inLen = XSTRLEN(d.input);
- d.outLen = WC_MD5_DIGEST_SIZE;
- e.input = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz012345"
- "6789";
- e.output = "\xd1\x74\xab\x98\xd2\x77\xd9\xf5\xa5\x61\x1c\x2c\x9f\x41\x9d"
- "\x9f";
- e.inLen = XSTRLEN(e.input);
- e.outLen = WC_MD5_DIGEST_SIZE;
- f.input = "1234567890123456789012345678901234567890123456789012345678"
- "9012345678901234567890";
- f.output = "\x57\xed\xf4\xa2\x2b\xe3\xc9\x55\xac\x49\xda\x2e\x21\x07\xb6"
- "\x7a";
- f.inLen = XSTRLEN(f.input);
- f.outLen = WC_MD5_DIGEST_SIZE;
- test_md5[0] = a;
- test_md5[1] = b;
- test_md5[2] = c;
- test_md5[3] = d;
- test_md5[4] = e;
- test_md5[5] = f;
- ret = wc_InitMd5_ex(&md5, HEAP_HINT, devId);
- if (ret != 0)
- return -1600;
- ret = wc_InitMd5_ex(&md5Copy, HEAP_HINT, devId);
- if (ret != 0) {
- wc_Md5Free(&md5);
- return -1601;
- }
- for (i = 0; i < times; ++i) {
- ret = wc_Md5Update(&md5, (byte*)test_md5[i].input,
- (word32)test_md5[i].inLen);
- if (ret != 0)
- ERROR_OUT(-1602 - i, exit);
- ret = wc_Md5GetHash(&md5, hashcopy);
- if (ret != 0)
- ERROR_OUT(-1603 - i, exit);
- ret = wc_Md5Copy(&md5, &md5Copy);
- if (ret != 0)
- ERROR_OUT(-1604 - i, exit);
- ret = wc_Md5Final(&md5, hash);
- if (ret != 0)
- ERROR_OUT(-1605 - i, exit);
- wc_Md5Free(&md5Copy);
- if (XMEMCMP(hash, test_md5[i].output, WC_MD5_DIGEST_SIZE) != 0)
- ERROR_OUT(-1606 - i, exit);
- if (XMEMCMP(hash, hashcopy, WC_MD5_DIGEST_SIZE) != 0)
- ERROR_OUT(-1607 - i, exit);
- }
- /* BEGIN LARGE HASH TEST */ {
- byte large_input[1024];
- const char* large_digest =
- "\x44\xd0\x88\xce\xf1\x36\xd1\x78\xe9\xc8\xba\x84\xc3\xfd\xf6\xca";
- for (i = 0; i < (int)sizeof(large_input); i++) {
- large_input[i] = (byte)(i & 0xFF);
- }
- times = 100;
- #ifdef WOLFSSL_PIC32MZ_HASH
- wc_Md5SizeSet(&md5, times * sizeof(large_input));
- #endif
- for (i = 0; i < times; ++i) {
- ret = wc_Md5Update(&md5, (byte*)large_input,
- (word32)sizeof(large_input));
- if (ret != 0)
- ERROR_OUT(-1608, exit);
- }
- ret = wc_Md5Final(&md5, hash);
- if (ret != 0)
- ERROR_OUT(-1609, exit);
- if (XMEMCMP(hash, large_digest, WC_MD5_DIGEST_SIZE) != 0)
- ERROR_OUT(-1610, exit);
- } /* END LARGE HASH TEST */
- exit:
- wc_Md5Free(&md5);
- wc_Md5Free(&md5Copy);
- return ret;
- }
- #endif /* NO_MD5 */
- #ifndef NO_MD4
- WOLFSSL_TEST_SUBROUTINE int md4_test(void)
- {
- Md4 md4;
- byte hash[MD4_DIGEST_SIZE];
- testVector a, b, c, d, e, f, g;
- testVector test_md4[7];
- int times = sizeof(test_md4) / sizeof(testVector), i;
- a.input = "";
- a.output = "\x31\xd6\xcf\xe0\xd1\x6a\xe9\x31\xb7\x3c\x59\xd7\xe0\xc0\x89"
- "\xc0";
- a.inLen = XSTRLEN(a.input);
- a.outLen = MD4_DIGEST_SIZE;
- b.input = "a";
- b.output = "\xbd\xe5\x2c\xb3\x1d\xe3\x3e\x46\x24\x5e\x05\xfb\xdb\xd6\xfb"
- "\x24";
- b.inLen = XSTRLEN(b.input);
- b.outLen = MD4_DIGEST_SIZE;
- c.input = "abc";
- c.output = "\xa4\x48\x01\x7a\xaf\x21\xd8\x52\x5f\xc1\x0a\xe8\x7a\xa6\x72"
- "\x9d";
- c.inLen = XSTRLEN(c.input);
- c.outLen = MD4_DIGEST_SIZE;
- d.input = "message digest";
- d.output = "\xd9\x13\x0a\x81\x64\x54\x9f\xe8\x18\x87\x48\x06\xe1\xc7\x01"
- "\x4b";
- d.inLen = XSTRLEN(d.input);
- d.outLen = MD4_DIGEST_SIZE;
- e.input = "abcdefghijklmnopqrstuvwxyz";
- e.output = "\xd7\x9e\x1c\x30\x8a\xa5\xbb\xcd\xee\xa8\xed\x63\xdf\x41\x2d"
- "\xa9";
- e.inLen = XSTRLEN(e.input);
- e.outLen = MD4_DIGEST_SIZE;
- f.input = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz012345"
- "6789";
- f.output = "\x04\x3f\x85\x82\xf2\x41\xdb\x35\x1c\xe6\x27\xe1\x53\xe7\xf0"
- "\xe4";
- f.inLen = XSTRLEN(f.input);
- f.outLen = MD4_DIGEST_SIZE;
- g.input = "1234567890123456789012345678901234567890123456789012345678"
- "9012345678901234567890";
- g.output = "\xe3\x3b\x4d\xdc\x9c\x38\xf2\x19\x9c\x3e\x7b\x16\x4f\xcc\x05"
- "\x36";
- g.inLen = XSTRLEN(g.input);
- g.outLen = MD4_DIGEST_SIZE;
- test_md4[0] = a;
- test_md4[1] = b;
- test_md4[2] = c;
- test_md4[3] = d;
- test_md4[4] = e;
- test_md4[5] = f;
- test_md4[6] = g;
- wc_InitMd4(&md4);
- for (i = 0; i < times; ++i) {
- wc_Md4Update(&md4, (byte*)test_md4[i].input, (word32)test_md4[i].inLen);
- wc_Md4Final(&md4, hash);
- if (XMEMCMP(hash, test_md4[i].output, MD4_DIGEST_SIZE) != 0)
- return -1700 - i;
- }
- return 0;
- }
- #endif /* NO_MD4 */
- #ifndef NO_SHA
- WOLFSSL_TEST_SUBROUTINE int sha_test(void)
- {
- int ret = 0;
- wc_Sha sha, shaCopy;
- byte hash[WC_SHA_DIGEST_SIZE];
- byte hashcopy[WC_SHA_DIGEST_SIZE];
- testVector a, b, c, d, e;
- testVector test_sha[5];
- int times = sizeof(test_sha) / sizeof(struct testVector), i;
- a.input = "";
- a.output = "\xda\x39\xa3\xee\x5e\x6b\x4b\x0d\x32\x55\xbf\xef\x95\x60\x18"
- "\x90\xaf\xd8\x07\x09";
- a.inLen = XSTRLEN(a.input);
- a.outLen = WC_SHA_DIGEST_SIZE;
- b.input = "abc";
- b.output = "\xA9\x99\x3E\x36\x47\x06\x81\x6A\xBA\x3E\x25\x71\x78\x50\xC2"
- "\x6C\x9C\xD0\xD8\x9D";
- b.inLen = XSTRLEN(b.input);
- b.outLen = WC_SHA_DIGEST_SIZE;
- c.input = "abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq";
- c.output = "\x84\x98\x3E\x44\x1C\x3B\xD2\x6E\xBA\xAE\x4A\xA1\xF9\x51\x29"
- "\xE5\xE5\x46\x70\xF1";
- c.inLen = XSTRLEN(c.input);
- c.outLen = WC_SHA_DIGEST_SIZE;
- d.input = "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
- "aaaaaa";
- d.output = "\x00\x98\xBA\x82\x4B\x5C\x16\x42\x7B\xD7\xA1\x12\x2A\x5A\x44"
- "\x2A\x25\xEC\x64\x4D";
- d.inLen = XSTRLEN(d.input);
- d.outLen = WC_SHA_DIGEST_SIZE;
- e.input = "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
- "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
- "aaaaaaaaaa";
- e.output = "\xAD\x5B\x3F\xDB\xCB\x52\x67\x78\xC2\x83\x9D\x2F\x15\x1E\xA7"
- "\x53\x99\x5E\x26\xA0";
- e.inLen = XSTRLEN(e.input);
- e.outLen = WC_SHA_DIGEST_SIZE;
- test_sha[0] = a;
- test_sha[1] = b;
- test_sha[2] = c;
- test_sha[3] = d;
- test_sha[4] = e;
- ret = wc_InitSha_ex(&sha, HEAP_HINT, devId);
- if (ret != 0)
- return -1800;
- ret = wc_InitSha_ex(&shaCopy, HEAP_HINT, devId);
- if (ret != 0) {
- wc_ShaFree(&sha);
- return -1801;
- }
- for (i = 0; i < times; ++i) {
- ret = wc_ShaUpdate(&sha, (byte*)test_sha[i].input,
- (word32)test_sha[i].inLen);
- if (ret != 0)
- ERROR_OUT(-1802 - i, exit);
- ret = wc_ShaGetHash(&sha, hashcopy);
- if (ret != 0)
- ERROR_OUT(-1803 - i, exit);
- ret = wc_ShaCopy(&sha, &shaCopy);
- if (ret != 0)
- ERROR_OUT(-1804 - i, exit);
- ret = wc_ShaFinal(&sha, hash);
- if (ret != 0)
- ERROR_OUT(-1805 - i, exit);
- wc_ShaFree(&shaCopy);
- if (XMEMCMP(hash, test_sha[i].output, WC_SHA_DIGEST_SIZE) != 0)
- ERROR_OUT(-1806 - i, exit);
- if (XMEMCMP(hash, hashcopy, WC_SHA_DIGEST_SIZE) != 0)
- ERROR_OUT(-1807 - i, exit);
- }
- /* BEGIN LARGE HASH TEST */ {
- byte large_input[1024];
- #ifdef WOLFSSL_RENESAS_TSIP
- const char* large_digest =
- "\x1d\x6a\x5a\xf6\xe5\x7c\x86\xce\x7f\x7c\xaf\xd5\xdb\x08\xcd\x59"
- "\x15\x8c\x6d\xb6";
- #else
- const char* large_digest =
- "\x8b\x77\x02\x48\x39\xe8\xdb\xd3\x9a\xf4\x05\x24\x66\x12\x2d\x9e"
- "\xc5\xd9\x0a\xac";
- #endif
- for (i = 0; i < (int)sizeof(large_input); i++) {
- large_input[i] = (byte)(i & 0xFF);
- }
- #ifdef WOLFSSL_RENESAS_TSIP
- times = 20;
- #else
- times = 100;
- #endif
- #ifdef WOLFSSL_PIC32MZ_HASH
- wc_ShaSizeSet(&sha, times * sizeof(large_input));
- #endif
- for (i = 0; i < times; ++i) {
- ret = wc_ShaUpdate(&sha, (byte*)large_input,
- (word32)sizeof(large_input));
- if (ret != 0)
- ERROR_OUT(-1808, exit);
- }
- ret = wc_ShaFinal(&sha, hash);
- if (ret != 0)
- ERROR_OUT(-1809, exit);
- if (XMEMCMP(hash, large_digest, WC_SHA_DIGEST_SIZE) != 0)
- ERROR_OUT(-1810, exit);
- } /* END LARGE HASH TEST */
- exit:
- wc_ShaFree(&sha);
- wc_ShaFree(&shaCopy);
- return ret;
- }
- #endif /* NO_SHA */
- #ifdef WOLFSSL_RIPEMD
- WOLFSSL_TEST_SUBROUTINE int ripemd_test(void)
- {
- RipeMd ripemd;
- int ret;
- byte hash[RIPEMD_DIGEST_SIZE];
- testVector a, b, c, d;
- testVector test_ripemd[4];
- int times = sizeof(test_ripemd) / sizeof(struct testVector), i;
- a.input = "abc";
- a.output = "\x8e\xb2\x08\xf7\xe0\x5d\x98\x7a\x9b\x04\x4a\x8e\x98\xc6"
- "\xb0\x87\xf1\x5a\x0b\xfc";
- a.inLen = XSTRLEN(a.input);
- a.outLen = RIPEMD_DIGEST_SIZE;
- b.input = "message digest";
- b.output = "\x5d\x06\x89\xef\x49\xd2\xfa\xe5\x72\xb8\x81\xb1\x23\xa8"
- "\x5f\xfa\x21\x59\x5f\x36";
- b.inLen = XSTRLEN(b.input);
- b.outLen = RIPEMD_DIGEST_SIZE;
- c.input = "abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq";
- c.output = "\x12\xa0\x53\x38\x4a\x9c\x0c\x88\xe4\x05\xa0\x6c\x27\xdc"
- "\xf4\x9a\xda\x62\xeb\x2b";
- c.inLen = XSTRLEN(c.input);
- c.outLen = RIPEMD_DIGEST_SIZE;
- d.input = "12345678901234567890123456789012345678901234567890123456"
- "789012345678901234567890";
- d.output = "\x9b\x75\x2e\x45\x57\x3d\x4b\x39\xf4\xdb\xd3\x32\x3c\xab"
- "\x82\xbf\x63\x32\x6b\xfb";
- d.inLen = XSTRLEN(d.input);
- d.outLen = RIPEMD_DIGEST_SIZE;
- test_ripemd[0] = a;
- test_ripemd[1] = b;
- test_ripemd[2] = c;
- test_ripemd[3] = d;
- ret = wc_InitRipeMd(&ripemd);
- if (ret != 0) {
- return -1900;
- }
- for (i = 0; i < times; ++i) {
- ret = wc_RipeMdUpdate(&ripemd, (byte*)test_ripemd[i].input,
- (word32)test_ripemd[i].inLen);
- if (ret != 0) {
- return -1901 - i;
- }
- ret = wc_RipeMdFinal(&ripemd, hash);
- if (ret != 0) {
- return -1911 - i;
- }
- if (XMEMCMP(hash, test_ripemd[i].output, RIPEMD_DIGEST_SIZE) != 0)
- return -1921 - i;
- }
- return 0;
- }
- #endif /* WOLFSSL_RIPEMD */
- #ifdef HAVE_BLAKE2
- #define BLAKE2B_TESTS 3
- static const byte blake2b_vec[BLAKE2B_TESTS][BLAKE2B_OUTBYTES] =
- {
- {
- 0x78, 0x6A, 0x02, 0xF7, 0x42, 0x01, 0x59, 0x03,
- 0xC6, 0xC6, 0xFD, 0x85, 0x25, 0x52, 0xD2, 0x72,
- 0x91, 0x2F, 0x47, 0x40, 0xE1, 0x58, 0x47, 0x61,
- 0x8A, 0x86, 0xE2, 0x17, 0xF7, 0x1F, 0x54, 0x19,
- 0xD2, 0x5E, 0x10, 0x31, 0xAF, 0xEE, 0x58, 0x53,
- 0x13, 0x89, 0x64, 0x44, 0x93, 0x4E, 0xB0, 0x4B,
- 0x90, 0x3A, 0x68, 0x5B, 0x14, 0x48, 0xB7, 0x55,
- 0xD5, 0x6F, 0x70, 0x1A, 0xFE, 0x9B, 0xE2, 0xCE
- },
- {
- 0x2F, 0xA3, 0xF6, 0x86, 0xDF, 0x87, 0x69, 0x95,
- 0x16, 0x7E, 0x7C, 0x2E, 0x5D, 0x74, 0xC4, 0xC7,
- 0xB6, 0xE4, 0x8F, 0x80, 0x68, 0xFE, 0x0E, 0x44,
- 0x20, 0x83, 0x44, 0xD4, 0x80, 0xF7, 0x90, 0x4C,
- 0x36, 0x96, 0x3E, 0x44, 0x11, 0x5F, 0xE3, 0xEB,
- 0x2A, 0x3A, 0xC8, 0x69, 0x4C, 0x28, 0xBC, 0xB4,
- 0xF5, 0xA0, 0xF3, 0x27, 0x6F, 0x2E, 0x79, 0x48,
- 0x7D, 0x82, 0x19, 0x05, 0x7A, 0x50, 0x6E, 0x4B
- },
- {
- 0x1C, 0x08, 0x79, 0x8D, 0xC6, 0x41, 0xAB, 0xA9,
- 0xDE, 0xE4, 0x35, 0xE2, 0x25, 0x19, 0xA4, 0x72,
- 0x9A, 0x09, 0xB2, 0xBF, 0xE0, 0xFF, 0x00, 0xEF,
- 0x2D, 0xCD, 0x8E, 0xD6, 0xF8, 0xA0, 0x7D, 0x15,
- 0xEA, 0xF4, 0xAE, 0xE5, 0x2B, 0xBF, 0x18, 0xAB,
- 0x56, 0x08, 0xA6, 0x19, 0x0F, 0x70, 0xB9, 0x04,
- 0x86, 0xC8, 0xA7, 0xD4, 0x87, 0x37, 0x10, 0xB1,
- 0x11, 0x5D, 0x3D, 0xEB, 0xBB, 0x43, 0x27, 0xB5
- }
- };
- WOLFSSL_TEST_SUBROUTINE int blake2b_test(void)
- {
- Blake2b b2b;
- byte digest[64];
- byte input[64];
- int i, ret;
- for (i = 0; i < (int)sizeof(input); i++)
- input[i] = (byte)i;
- for (i = 0; i < BLAKE2B_TESTS; i++) {
- ret = wc_InitBlake2b(&b2b, 64);
- if (ret != 0)
- return -2000 - i;
- ret = wc_Blake2bUpdate(&b2b, input, i);
- if (ret != 0)
- return -2010 - 1;
- ret = wc_Blake2bFinal(&b2b, digest, 64);
- if (ret != 0)
- return -2020 - i;
- if (XMEMCMP(digest, blake2b_vec[i], 64) != 0) {
- return -2030 - i;
- }
- }
- return 0;
- }
- #endif /* HAVE_BLAKE2 */
- #ifdef HAVE_BLAKE2S
- #define BLAKE2S_TESTS 3
- static const byte blake2s_vec[BLAKE2S_TESTS][BLAKE2S_OUTBYTES] =
- {
- {
- 0x69, 0x21, 0x7a, 0x30, 0x79, 0x90, 0x80, 0x94,
- 0xe1, 0x11, 0x21, 0xd0, 0x42, 0x35, 0x4a, 0x7c,
- 0x1f, 0x55, 0xb6, 0x48, 0x2c, 0xa1, 0xa5, 0x1e,
- 0x1b, 0x25, 0x0d, 0xfd, 0x1e, 0xd0, 0xee, 0xf9,
- },
- {
- 0xe3, 0x4d, 0x74, 0xdb, 0xaf, 0x4f, 0xf4, 0xc6,
- 0xab, 0xd8, 0x71, 0xcc, 0x22, 0x04, 0x51, 0xd2,
- 0xea, 0x26, 0x48, 0x84, 0x6c, 0x77, 0x57, 0xfb,
- 0xaa, 0xc8, 0x2f, 0xe5, 0x1a, 0xd6, 0x4b, 0xea,
- },
- {
- 0xdd, 0xad, 0x9a, 0xb1, 0x5d, 0xac, 0x45, 0x49,
- 0xba, 0x42, 0xf4, 0x9d, 0x26, 0x24, 0x96, 0xbe,
- 0xf6, 0xc0, 0xba, 0xe1, 0xdd, 0x34, 0x2a, 0x88,
- 0x08, 0xf8, 0xea, 0x26, 0x7c, 0x6e, 0x21, 0x0c,
- }
- };
- WOLFSSL_TEST_SUBROUTINE int blake2s_test(void)
- {
- Blake2s b2s;
- byte digest[32];
- byte input[64];
- int i, ret;
- for (i = 0; i < (int)sizeof(input); i++)
- input[i] = (byte)i;
- for (i = 0; i < BLAKE2S_TESTS; i++) {
- ret = wc_InitBlake2s(&b2s, 32);
- if (ret != 0)
- return -2100 - i;
- ret = wc_Blake2sUpdate(&b2s, input, i);
- if (ret != 0)
- return -2110 - 1;
- ret = wc_Blake2sFinal(&b2s, digest, 32);
- if (ret != 0)
- return -2120 - i;
- if (XMEMCMP(digest, blake2s_vec[i], 32) != 0) {
- return -2130 - i;
- }
- }
- return 0;
- }
- #endif /* HAVE_BLAKE2S */
- #ifdef WOLFSSL_SHA224
- WOLFSSL_TEST_SUBROUTINE int sha224_test(void)
- {
- wc_Sha224 sha, shaCopy;
- byte hash[WC_SHA224_DIGEST_SIZE];
- byte hashcopy[WC_SHA224_DIGEST_SIZE];
- int ret = 0;
- testVector a, b, c;
- testVector test_sha[3];
- int times = sizeof(test_sha) / sizeof(struct testVector), i;
- a.input = "";
- a.output = "\xd1\x4a\x02\x8c\x2a\x3a\x2b\xc9\x47\x61\x02\xbb\x28\x82\x34"
- "\xc4\x15\xa2\xb0\x1f\x82\x8e\xa6\x2a\xc5\xb3\xe4\x2f";
- a.inLen = XSTRLEN(a.input);
- a.outLen = WC_SHA224_DIGEST_SIZE;
- b.input = "abc";
- b.output = "\x23\x09\x7d\x22\x34\x05\xd8\x22\x86\x42\xa4\x77\xbd\xa2\x55"
- "\xb3\x2a\xad\xbc\xe4\xbd\xa0\xb3\xf7\xe3\x6c\x9d\xa7";
- b.inLen = XSTRLEN(b.input);
- b.outLen = WC_SHA224_DIGEST_SIZE;
- c.input = "abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq";
- c.output = "\x75\x38\x8b\x16\x51\x27\x76\xcc\x5d\xba\x5d\xa1\xfd\x89\x01"
- "\x50\xb0\xc6\x45\x5c\xb4\xf5\x8b\x19\x52\x52\x25\x25";
- c.inLen = XSTRLEN(c.input);
- c.outLen = WC_SHA224_DIGEST_SIZE;
- test_sha[0] = a;
- test_sha[1] = b;
- test_sha[2] = c;
- ret = wc_InitSha224_ex(&sha, HEAP_HINT, devId);
- if (ret != 0)
- return -2200;
- ret = wc_InitSha224_ex(&shaCopy, HEAP_HINT, devId);
- if (ret != 0) {
- wc_Sha224Free(&sha);
- return -2201;
- }
- for (i = 0; i < times; ++i) {
- ret = wc_Sha224Update(&sha, (byte*)test_sha[i].input,
- (word32)test_sha[i].inLen);
- if (ret != 0)
- ERROR_OUT(-2202 - i, exit);
- ret = wc_Sha224GetHash(&sha, hashcopy);
- if (ret != 0)
- ERROR_OUT(-2203 - i, exit);
- ret = wc_Sha224Copy(&sha, &shaCopy);
- if (ret != 0)
- ERROR_OUT(-2204 - i, exit);
- ret = wc_Sha224Final(&sha, hash);
- if (ret != 0)
- ERROR_OUT(-2205 - i, exit);
- wc_Sha224Free(&shaCopy);
- if (XMEMCMP(hash, test_sha[i].output, WC_SHA224_DIGEST_SIZE) != 0)
- ERROR_OUT(-2206 - i, exit);
- if (XMEMCMP(hash, hashcopy, WC_SHA224_DIGEST_SIZE) != 0)
- ERROR_OUT(-2207 - i, exit);
- }
- exit:
- wc_Sha224Free(&sha);
- wc_Sha224Free(&shaCopy);
- return ret;
- }
- #endif
- #ifndef NO_SHA256
- WOLFSSL_TEST_SUBROUTINE int sha256_test(void)
- {
- wc_Sha256 sha, shaCopy;
- byte hash[WC_SHA256_DIGEST_SIZE];
- byte hashcopy[WC_SHA256_DIGEST_SIZE];
- int ret = 0;
- testVector a, b, c;
- testVector test_sha[3];
- int times = sizeof(test_sha) / sizeof(struct testVector), i;
- a.input = "";
- a.output = "\xe3\xb0\xc4\x42\x98\xfc\x1c\x14\x9a\xfb\xf4\xc8\x99\x6f\xb9"
- "\x24\x27\xae\x41\xe4\x64\x9b\x93\x4c\xa4\x95\x99\x1b\x78\x52"
- "\xb8\x55";
- a.inLen = XSTRLEN(a.input);
- a.outLen = WC_SHA256_DIGEST_SIZE;
- b.input = "abc";
- b.output = "\xBA\x78\x16\xBF\x8F\x01\xCF\xEA\x41\x41\x40\xDE\x5D\xAE\x22"
- "\x23\xB0\x03\x61\xA3\x96\x17\x7A\x9C\xB4\x10\xFF\x61\xF2\x00"
- "\x15\xAD";
- b.inLen = XSTRLEN(b.input);
- b.outLen = WC_SHA256_DIGEST_SIZE;
- c.input = "abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq";
- c.output = "\x24\x8D\x6A\x61\xD2\x06\x38\xB8\xE5\xC0\x26\x93\x0C\x3E\x60"
- "\x39\xA3\x3C\xE4\x59\x64\xFF\x21\x67\xF6\xEC\xED\xD4\x19\xDB"
- "\x06\xC1";
- c.inLen = XSTRLEN(c.input);
- c.outLen = WC_SHA256_DIGEST_SIZE;
- test_sha[0] = a;
- test_sha[1] = b;
- test_sha[2] = c;
- ret = wc_InitSha256_ex(&sha, HEAP_HINT, devId);
- if (ret != 0)
- return -2300;
- ret = wc_InitSha256_ex(&shaCopy, HEAP_HINT, devId);
- if (ret != 0) {
- wc_Sha256Free(&sha);
- return -2301;
- }
- for (i = 0; i < times; ++i) {
- ret = wc_Sha256Update(&sha, (byte*)test_sha[i].input,
- (word32)test_sha[i].inLen);
- if (ret != 0) {
- ERROR_OUT(-2302 - i, exit);
- }
- ret = wc_Sha256GetHash(&sha, hashcopy);
- if (ret != 0)
- ERROR_OUT(-2303 - i, exit);
- ret = wc_Sha256Copy(&sha, &shaCopy);
- if (ret != 0)
- ERROR_OUT(-2304 - i, exit);
- ret = wc_Sha256Final(&sha, hash);
- if (ret != 0)
- ERROR_OUT(-2305 - i, exit);
- wc_Sha256Free(&shaCopy);
- if (XMEMCMP(hash, test_sha[i].output, WC_SHA256_DIGEST_SIZE) != 0)
- ERROR_OUT(-2306 - i, exit);
- if (XMEMCMP(hash, hashcopy, WC_SHA256_DIGEST_SIZE) != 0)
- ERROR_OUT(-2307 - i, exit);
- }
- /* BEGIN LARGE HASH TEST */ {
- byte large_input[1024];
- #ifdef WOLFSSL_RENESAS_TSIP_CRYPT
- const char* large_digest =
- "\xa4\x75\x9e\x7a\xa2\x03\x38\x32\x88\x66\xa2\xea\x17\xea\xf8\xc7"
- "\xfe\x4e\xc6\xbb\xe3\xbb\x71\xce\xe7\xdf\x7c\x04\x61\xb3\xc2\x2f";
- #else
- const char* large_digest =
- "\x27\x78\x3e\x87\x96\x3a\x4e\xfb\x68\x29\xb5\x31\xc9\xba\x57\xb4"
- "\x4f\x45\x79\x7f\x67\x70\xbd\x63\x7f\xbf\x0d\x80\x7c\xbd\xba\xe0";
- #endif
- for (i = 0; i < (int)sizeof(large_input); i++) {
- large_input[i] = (byte)(i & 0xFF);
- }
- #ifdef WOLFSSL_RENESAS_TSIP
- times = 20;
- #else
- times = 100;
- #endif
- #ifdef WOLFSSL_PIC32MZ_HASH
- wc_Sha256SizeSet(&sha, times * sizeof(large_input));
- #endif
- for (i = 0; i < times; ++i) {
- ret = wc_Sha256Update(&sha, (byte*)large_input,
- (word32)sizeof(large_input));
- if (ret != 0)
- ERROR_OUT(-2308, exit);
- }
- ret = wc_Sha256Final(&sha, hash);
- if (ret != 0)
- ERROR_OUT(-2309, exit);
- if (XMEMCMP(hash, large_digest, WC_SHA256_DIGEST_SIZE) != 0)
- ERROR_OUT(-2310, exit);
- } /* END LARGE HASH TEST */
- exit:
- wc_Sha256Free(&sha);
- wc_Sha256Free(&shaCopy);
- return ret;
- }
- #endif
- #ifdef WOLFSSL_SHA512
- WOLFSSL_TEST_SUBROUTINE int sha512_test(void)
- {
- wc_Sha512 sha, shaCopy;
- byte hash[WC_SHA512_DIGEST_SIZE];
- byte hashcopy[WC_SHA512_DIGEST_SIZE];
- int ret = 0;
- testVector a, b, c;
- testVector test_sha[3];
- int times = sizeof(test_sha) / sizeof(struct testVector), i;
- a.input = "";
- a.output = "\xcf\x83\xe1\x35\x7e\xef\xb8\xbd\xf1\x54\x28\x50\xd6\x6d\x80"
- "\x07\xd6\x20\xe4\x05\x0b\x57\x15\xdc\x83\xf4\xa9\x21\xd3\x6c"
- "\xe9\xce\x47\xd0\xd1\x3c\x5d\x85\xf2\xb0\xff\x83\x18\xd2\x87"
- "\x7e\xec\x2f\x63\xb9\x31\xbd\x47\x41\x7a\x81\xa5\x38\x32\x7a"
- "\xf9\x27\xda\x3e";
- a.inLen = XSTRLEN(a.input);
- a.outLen = WC_SHA512_DIGEST_SIZE;
- b.input = "abc";
- b.output = "\xdd\xaf\x35\xa1\x93\x61\x7a\xba\xcc\x41\x73\x49\xae\x20\x41"
- "\x31\x12\xe6\xfa\x4e\x89\xa9\x7e\xa2\x0a\x9e\xee\xe6\x4b\x55"
- "\xd3\x9a\x21\x92\x99\x2a\x27\x4f\xc1\xa8\x36\xba\x3c\x23\xa3"
- "\xfe\xeb\xbd\x45\x4d\x44\x23\x64\x3c\xe8\x0e\x2a\x9a\xc9\x4f"
- "\xa5\x4c\xa4\x9f";
- b.inLen = XSTRLEN(b.input);
- b.outLen = WC_SHA512_DIGEST_SIZE;
- c.input = "abcdefghbcdefghicdefghijdefghijkefghijklfghijklmghijklmnhi"
- "jklmnoijklmnopjklmnopqklmnopqrlmnopqrsmnopqrstnopqrstu";
- c.output = "\x8e\x95\x9b\x75\xda\xe3\x13\xda\x8c\xf4\xf7\x28\x14\xfc\x14"
- "\x3f\x8f\x77\x79\xc6\xeb\x9f\x7f\xa1\x72\x99\xae\xad\xb6\x88"
- "\x90\x18\x50\x1d\x28\x9e\x49\x00\xf7\xe4\x33\x1b\x99\xde\xc4"
- "\xb5\x43\x3a\xc7\xd3\x29\xee\xb6\xdd\x26\x54\x5e\x96\xe5\x5b"
- "\x87\x4b\xe9\x09";
- c.inLen = XSTRLEN(c.input);
- c.outLen = WC_SHA512_DIGEST_SIZE;
- test_sha[0] = a;
- test_sha[1] = b;
- test_sha[2] = c;
- ret = wc_InitSha512_ex(&sha, HEAP_HINT, devId);
- if (ret != 0)
- return -2400;
- ret = wc_InitSha512_ex(&shaCopy, HEAP_HINT, devId);
- if (ret != 0) {
- wc_Sha512Free(&sha);
- return -2401;
- }
- for (i = 0; i < times; ++i) {
- ret = wc_Sha512Update(&sha, (byte*)test_sha[i].input,
- (word32)test_sha[i].inLen);
- if (ret != 0)
- ERROR_OUT(-2402 - i, exit);
- ret = wc_Sha512GetHash(&sha, hashcopy);
- if (ret != 0)
- ERROR_OUT(-2403 - i, exit);
- ret = wc_Sha512Copy(&sha, &shaCopy);
- if (ret != 0)
- ERROR_OUT(-2404 - i, exit);
- ret = wc_Sha512Final(&sha, hash);
- if (ret != 0)
- ERROR_OUT(-2405 - i, exit);
- wc_Sha512Free(&shaCopy);
- if (XMEMCMP(hash, test_sha[i].output, WC_SHA512_DIGEST_SIZE) != 0)
- ERROR_OUT(-2406 - i, exit);
- if (XMEMCMP(hash, hashcopy, WC_SHA512_DIGEST_SIZE) != 0)
- ERROR_OUT(-2407 - i, exit);
- }
- /* BEGIN LARGE HASH TEST */ {
- byte large_input[1024];
- const char* large_digest =
- "\x5a\x1f\x73\x90\xbd\x8c\xe4\x63\x54\xce\xa0\x9b\xef\x32\x78\x2d"
- "\x2e\xe7\x0d\x5e\x2f\x9d\x15\x1b\xdd\x2d\xde\x65\x0c\x7b\xfa\x83"
- "\x5e\x80\x02\x13\x84\xb8\x3f\xff\x71\x62\xb5\x09\x89\x63\xe1\xdc"
- "\xa5\xdc\xfc\xfa\x9d\x1a\x4d\xc0\xfa\x3a\x14\xf6\x01\x51\x90\xa4";
- for (i = 0; i < (int)sizeof(large_input); i++) {
- large_input[i] = (byte)(i & 0xFF);
- }
- times = 100;
- for (i = 0; i < times; ++i) {
- ret = wc_Sha512Update(&sha, (byte*)large_input,
- (word32)sizeof(large_input));
- if (ret != 0)
- ERROR_OUT(-2408, exit);
- }
- ret = wc_Sha512Final(&sha, hash);
- if (ret != 0)
- ERROR_OUT(-2409, exit);
- if (XMEMCMP(hash, large_digest, WC_SHA512_DIGEST_SIZE) != 0)
- ERROR_OUT(-2410, exit);
- } /* END LARGE HASH TEST */
- exit:
- wc_Sha512Free(&sha);
- wc_Sha512Free(&shaCopy);
- return ret;
- }
- #endif
- #ifdef WOLFSSL_SHA384
- WOLFSSL_TEST_SUBROUTINE int sha384_test(void)
- {
- wc_Sha384 sha, shaCopy;
- byte hash[WC_SHA384_DIGEST_SIZE];
- byte hashcopy[WC_SHA384_DIGEST_SIZE];
- int ret = 0;
- testVector a, b, c;
- testVector test_sha[3];
- int times = sizeof(test_sha) / sizeof(struct testVector), i;
- a.input = "";
- a.output = "\x38\xb0\x60\xa7\x51\xac\x96\x38\x4c\xd9\x32\x7e\xb1\xb1\xe3"
- "\x6a\x21\xfd\xb7\x11\x14\xbe\x07\x43\x4c\x0c\xc7\xbf\x63\xf6"
- "\xe1\xda\x27\x4e\xde\xbf\xe7\x6f\x65\xfb\xd5\x1a\xd2\xf1\x48"
- "\x98\xb9\x5b";
- a.inLen = XSTRLEN(a.input);
- a.outLen = WC_SHA384_DIGEST_SIZE;
- b.input = "abc";
- b.output = "\xcb\x00\x75\x3f\x45\xa3\x5e\x8b\xb5\xa0\x3d\x69\x9a\xc6\x50"
- "\x07\x27\x2c\x32\xab\x0e\xde\xd1\x63\x1a\x8b\x60\x5a\x43\xff"
- "\x5b\xed\x80\x86\x07\x2b\xa1\xe7\xcc\x23\x58\xba\xec\xa1\x34"
- "\xc8\x25\xa7";
- b.inLen = XSTRLEN(b.input);
- b.outLen = WC_SHA384_DIGEST_SIZE;
- c.input = "abcdefghbcdefghicdefghijdefghijkefghijklfghijklmghijklmnhi"
- "jklmnoijklmnopjklmnopqklmnopqrlmnopqrsmnopqrstnopqrstu";
- c.output = "\x09\x33\x0c\x33\xf7\x11\x47\xe8\x3d\x19\x2f\xc7\x82\xcd\x1b"
- "\x47\x53\x11\x1b\x17\x3b\x3b\x05\xd2\x2f\xa0\x80\x86\xe3\xb0"
- "\xf7\x12\xfc\xc7\xc7\x1a\x55\x7e\x2d\xb9\x66\xc3\xe9\xfa\x91"
- "\x74\x60\x39";
- c.inLen = XSTRLEN(c.input);
- c.outLen = WC_SHA384_DIGEST_SIZE;
- test_sha[0] = a;
- test_sha[1] = b;
- test_sha[2] = c;
- ret = wc_InitSha384_ex(&sha, HEAP_HINT, devId);
- if (ret != 0)
- return -2500;
- ret = wc_InitSha384_ex(&shaCopy, HEAP_HINT, devId);
- if (ret != 0) {
- wc_Sha384Free(&sha);
- return -2501;
- }
- for (i = 0; i < times; ++i) {
- ret = wc_Sha384Update(&sha, (byte*)test_sha[i].input,
- (word32)test_sha[i].inLen);
- if (ret != 0)
- ERROR_OUT(-2502 - i, exit);
- ret = wc_Sha384GetHash(&sha, hashcopy);
- if (ret != 0)
- ERROR_OUT(-2503 - i, exit);
- ret = wc_Sha384Copy(&sha, &shaCopy);
- if (ret != 0)
- ERROR_OUT(-2504 - i, exit);
- ret = wc_Sha384Final(&sha, hash);
- if (ret != 0)
- ERROR_OUT(-2505 - i, exit);
- wc_Sha384Free(&shaCopy);
- if (XMEMCMP(hash, test_sha[i].output, WC_SHA384_DIGEST_SIZE) != 0)
- ERROR_OUT(-2506 - i, exit);
- if (XMEMCMP(hash, hashcopy, WC_SHA384_DIGEST_SIZE) != 0)
- ERROR_OUT(-2507 - i, exit);
- }
- /* BEGIN LARGE HASH TEST */ {
- byte large_input[1024];
- const char* large_digest =
- "\x37\x01\xdb\xff\x1e\x40\x4f\xe1\xe2\xea\x0b\x40\xbb\x3b\x39\x9a"
- "\xcc\xe8\x44\x8e\x7e\xe5\x64\xb5\x6b\x7f\x56\x64\xa7\x2b\x84\xe3"
- "\xc5\xd7\x79\x03\x25\x90\xf7\xa4\x58\xcb\x97\xa8\x8b\xb1\xa4\x81";
- for (i = 0; i < (int)sizeof(large_input); i++) {
- large_input[i] = (byte)(i & 0xFF);
- }
- times = 100;
- for (i = 0; i < times; ++i) {
- ret = wc_Sha384Update(&sha, (byte*)large_input,
- (word32)sizeof(large_input));
- if (ret != 0)
- ERROR_OUT(-2508, exit);
- }
- ret = wc_Sha384Final(&sha, hash);
- if (ret != 0)
- ERROR_OUT(-2509, exit);
- if (XMEMCMP(hash, large_digest, WC_SHA384_DIGEST_SIZE) != 0)
- ERROR_OUT(-2510, exit);
- } /* END LARGE HASH TEST */
- exit:
- wc_Sha384Free(&sha);
- wc_Sha384Free(&shaCopy);
- return ret;
- }
- #endif /* WOLFSSL_SHA384 */
- #ifdef WOLFSSL_SHA3
- #ifndef WOLFSSL_NOSHA3_224
- static int sha3_224_test(void)
- {
- wc_Sha3 sha;
- byte hash[WC_SHA3_224_DIGEST_SIZE];
- byte hashcopy[WC_SHA3_224_DIGEST_SIZE];
- testVector a, b, c;
- testVector test_sha[3];
- int ret = 0;
- int times = sizeof(test_sha) / sizeof(struct testVector), i;
- a.input = "";
- a.output = "\x6b\x4e\x03\x42\x36\x67\xdb\xb7\x3b\x6e\x15\x45\x4f\x0e\xb1"
- "\xab\xd4\x59\x7f\x9a\x1b\x07\x8e\x3f\x5b\x5a\x6b\xc7";
- a.inLen = XSTRLEN(a.input);
- a.outLen = WC_SHA3_224_DIGEST_SIZE;
- b.input = "abc";
- b.output = "\xe6\x42\x82\x4c\x3f\x8c\xf2\x4a\xd0\x92\x34\xee\x7d\x3c\x76"
- "\x6f\xc9\xa3\xa5\x16\x8d\x0c\x94\xad\x73\xb4\x6f\xdf";
- b.inLen = XSTRLEN(b.input);
- b.outLen = WC_SHA3_224_DIGEST_SIZE;
- c.input = "abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq";
- c.output = "\x8a\x24\x10\x8b\x15\x4a\xda\x21\xc9\xfd\x55\x74\x49\x44\x79"
- "\xba\x5c\x7e\x7a\xb7\x6e\xf2\x64\xea\xd0\xfc\xce\x33";
- c.inLen = XSTRLEN(c.input);
- c.outLen = WC_SHA3_224_DIGEST_SIZE;
- test_sha[0] = a;
- test_sha[1] = b;
- test_sha[2] = c;
- ret = wc_InitSha3_224(&sha, HEAP_HINT, devId);
- if (ret != 0)
- return -2600;
- for (i = 0; i < times; ++i) {
- ret = wc_Sha3_224_Update(&sha, (byte*)test_sha[i].input,
- (word32)test_sha[i].inLen);
- if (ret != 0)
- ERROR_OUT(-2601 - i, exit);
- ret = wc_Sha3_224_GetHash(&sha, hashcopy);
- if (ret != 0)
- ERROR_OUT(-2602 - i, exit);
- ret = wc_Sha3_224_Final(&sha, hash);
- if (ret != 0)
- ERROR_OUT(-2603 - i, exit);
- if (XMEMCMP(hash, test_sha[i].output, WC_SHA3_224_DIGEST_SIZE) != 0)
- ERROR_OUT(-2604 - i, exit);
- if (XMEMCMP(hash, hashcopy, WC_SHA3_224_DIGEST_SIZE) != 0)
- ERROR_OUT(-2605 - i, exit);
- }
- /* BEGIN LARGE HASH TEST */ {
- byte large_input[1024];
- const char* large_digest =
- "\x13\xe5\xd3\x98\x7b\x94\xda\x41\x12\xc7\x1e\x92\x3a\x19"
- "\x21\x20\x86\x6f\x24\xbf\x0a\x31\xbc\xfd\xd6\x70\x36\xf3";
- for (i = 0; i < (int)sizeof(large_input); i++) {
- large_input[i] = (byte)(i & 0xFF);
- }
- times = 100;
- for (i = 0; i < times; ++i) {
- ret = wc_Sha3_224_Update(&sha, (byte*)large_input,
- (word32)sizeof(large_input));
- if (ret != 0)
- ERROR_OUT(-2606, exit);
- }
- ret = wc_Sha3_224_Final(&sha, hash);
- if (ret != 0)
- ERROR_OUT(-2607, exit);
- if (XMEMCMP(hash, large_digest, WC_SHA3_224_DIGEST_SIZE) != 0)
- ERROR_OUT(-2608, exit);
- } /* END LARGE HASH TEST */
- exit:
- wc_Sha3_224_Free(&sha);
- return ret;
- }
- #endif /* WOLFSSL_NOSHA3_224 */
- #ifndef WOLFSSL_NOSHA3_256
- static int sha3_256_test(void)
- {
- wc_Sha3 sha;
- byte hash[WC_SHA3_256_DIGEST_SIZE];
- byte hashcopy[WC_SHA3_256_DIGEST_SIZE];
- testVector a, b, c;
- testVector test_sha[3];
- int ret = 0;
- int times = sizeof(test_sha) / sizeof(struct testVector), i;
- byte large_input[1024];
- const char* large_digest =
- "\xdc\x90\xc0\xb1\x25\xdb\x2c\x34\x81\xa3\xff\xbc\x1e\x2e\x87\xeb"
- "\x6d\x70\x85\x61\xe0\xe9\x63\x61\xff\xe5\x84\x4b\x1f\x68\x05\x15";
- #if defined(WOLFSSL_HASH_FLAGS) && !defined(WOLFSSL_ASYNC_CRYPT)
- /* test vector with hash of empty string */
- const char* Keccak256EmptyOut =
- "\xc5\xd2\x46\x01\x86\xf7\x23\x3c\x92\x7e\x7d\xb2\xdc\xc7\x03\xc0"
- "\xe5\x00\xb6\x53\xca\x82\x27\x3b\x7b\xfa\xd8\x04\x5d\x85\xa4\x70";
- #endif
- a.input = "";
- a.output = "\xa7\xff\xc6\xf8\xbf\x1e\xd7\x66\x51\xc1\x47\x56\xa0\x61\xd6"
- "\x62\xf5\x80\xff\x4d\xe4\x3b\x49\xfa\x82\xd8\x0a\x4b\x80\xf8"
- "\x43\x4a";
- a.inLen = XSTRLEN(a.input);
- a.outLen = WC_SHA3_256_DIGEST_SIZE;
- b.input = "abc";
- b.output = "\x3a\x98\x5d\xa7\x4f\xe2\x25\xb2\x04\x5c\x17\x2d\x6b\xd3\x90"
- "\xbd\x85\x5f\x08\x6e\x3e\x9d\x52\x5b\x46\xbf\xe2\x45\x11\x43"
- "\x15\x32";
- b.inLen = XSTRLEN(b.input);
- b.outLen = WC_SHA3_256_DIGEST_SIZE;
- c.input = "abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq";
- c.output = "\x41\xc0\xdb\xa2\xa9\xd6\x24\x08\x49\x10\x03\x76\xa8\x23\x5e"
- "\x2c\x82\xe1\xb9\x99\x8a\x99\x9e\x21\xdb\x32\xdd\x97\x49\x6d"
- "\x33\x76";
- c.inLen = XSTRLEN(c.input);
- c.outLen = WC_SHA3_256_DIGEST_SIZE;
- test_sha[0] = a;
- test_sha[1] = b;
- test_sha[2] = c;
- ret = wc_InitSha3_256(&sha, HEAP_HINT, devId);
- if (ret != 0)
- return -2700;
- for (i = 0; i < times; ++i) {
- ret = wc_Sha3_256_Update(&sha, (byte*)test_sha[i].input,
- (word32)test_sha[i].inLen);
- if (ret != 0)
- ERROR_OUT(-2701 - i, exit);
- ret = wc_Sha3_256_GetHash(&sha, hashcopy);
- if (ret != 0)
- ERROR_OUT(-2702 - i, exit);
- ret = wc_Sha3_256_Final(&sha, hash);
- if (ret != 0)
- ERROR_OUT(-2703 - i, exit);
- if (XMEMCMP(hash, test_sha[i].output, WC_SHA3_256_DIGEST_SIZE) != 0)
- ERROR_OUT(-2704 - i, exit);
- if (XMEMCMP(hash, hashcopy, WC_SHA3_256_DIGEST_SIZE) != 0)
- ERROR_OUT(-2705 - i, exit);
- }
- /* BEGIN LARGE HASH TEST */ {
- for (i = 0; i < (int)sizeof(large_input); i++) {
- large_input[i] = (byte)(i & 0xFF);
- }
- times = 100;
- for (i = 0; i < times; ++i) {
- ret = wc_Sha3_256_Update(&sha, (byte*)large_input,
- (word32)sizeof(large_input));
- if (ret != 0)
- ERROR_OUT(-2706, exit);
- }
- ret = wc_Sha3_256_Final(&sha, hash);
- if (ret != 0)
- ERROR_OUT(-2707, exit);
- if (XMEMCMP(hash, large_digest, WC_SHA3_256_DIGEST_SIZE) != 0)
- ERROR_OUT(-2708, exit);
- } /* END LARGE HASH TEST */
- /* this is a software only variant of SHA3 not supported by external hardware devices */
- #if defined(WOLFSSL_HASH_FLAGS) && !defined(WOLFSSL_ASYNC_CRYPT)
- /* Test for Keccak256 */
- ret = wc_Sha3_SetFlags(&sha, WC_HASH_SHA3_KECCAK256);
- if (ret != 0) {
- ERROR_OUT(-2709, exit);
- }
- ret = wc_Sha3_256_Update(&sha, (byte*)"", 0);
- if (ret != 0) {
- ERROR_OUT(-2710, exit);
- }
- ret = wc_Sha3_256_Final(&sha, hash);
- if (ret != 0) {
- ERROR_OUT(-2711, exit);
- }
- if (XMEMCMP(hash, Keccak256EmptyOut, WC_SHA3_256_DIGEST_SIZE) != 0) {
- ERROR_OUT(-2712, exit);
- }
- #endif /* WOLFSSL_HASH_FLAGS && !WOLFSSL_ASYNC_CRYPT */
- exit:
- wc_Sha3_256_Free(&sha);
- return ret;
- }
- #endif /* WOLFSSL_NOSHA3_256 */
- #ifndef WOLFSSL_NOSHA3_384
- static int sha3_384_test(void)
- {
- wc_Sha3 sha;
- byte hash[WC_SHA3_384_DIGEST_SIZE];
- #ifndef NO_INTM_HASH_TEST
- byte hashcopy[WC_SHA3_384_DIGEST_SIZE];
- #endif
- testVector a, b, c;
- testVector test_sha[3];
- int ret;
- int times = sizeof(test_sha) / sizeof(struct testVector), i;
- a.input = "";
- a.output = "\x0c\x63\xa7\x5b\x84\x5e\x4f\x7d\x01\x10\x7d\x85\x2e\x4c\x24"
- "\x85\xc5\x1a\x50\xaa\xaa\x94\xfc\x61\x99\x5e\x71\xbb\xee\x98"
- "\x3a\x2a\xc3\x71\x38\x31\x26\x4a\xdb\x47\xfb\x6b\xd1\xe0\x58"
- "\xd5\xf0\x04";
- a.inLen = XSTRLEN(a.input);
- a.outLen = WC_SHA3_384_DIGEST_SIZE;
- #if defined(WOLFSSL_AFALG_XILINX_SHA3) || defined(WOLFSSL_XILINX_CRYPT)
- /* NIST test vector with a length that is a multiple of 4 */
- b.input = "\x7d\x80\xb1\x60\xc4\xb5\x36\xa3\xbe\xb7\x99\x80\x59\x93\x44"
- "\x04\x7c\x5f\x82\xa1\xdf\xc3\xee\xd4";
- b.output = "\x04\x1c\xc5\x86\x1b\xa3\x34\x56\x3c\x61\xd4\xef\x97\x10\xd4"
- "\x89\x6c\x31\x1c\x92\xed\xbe\x0d\x7c\xd5\x3e\x80\x3b\xf2\xf4"
- "\xeb\x60\x57\x23\x55\x70\x77\x0c\xe8\x7c\x55\x20\xd7\xec\x14"
- "\x19\x87\x22";
- b.inLen = XSTRLEN(b.input);
- b.outLen = WC_SHA3_384_DIGEST_SIZE;
- #else
- b.input = "abc";
- b.output = "\xec\x01\x49\x82\x88\x51\x6f\xc9\x26\x45\x9f\x58\xe2\xc6\xad"
- "\x8d\xf9\xb4\x73\xcb\x0f\xc0\x8c\x25\x96\xda\x7c\xf0\xe4\x9b"
- "\xe4\xb2\x98\xd8\x8c\xea\x92\x7a\xc7\xf5\x39\xf1\xed\xf2\x28"
- "\x37\x6d\x25";
- b.inLen = XSTRLEN(b.input);
- b.outLen = WC_SHA3_384_DIGEST_SIZE;
- #endif
- c.input = "abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq";
- c.output = "\x99\x1c\x66\x57\x55\xeb\x3a\x4b\x6b\xbd\xfb\x75\xc7\x8a\x49"
- "\x2e\x8c\x56\xa2\x2c\x5c\x4d\x7e\x42\x9b\xfd\xbc\x32\xb9\xd4"
- "\xad\x5a\xa0\x4a\x1f\x07\x6e\x62\xfe\xa1\x9e\xef\x51\xac\xd0"
- "\x65\x7c\x22";
- c.inLen = XSTRLEN(c.input);
- c.outLen = WC_SHA3_384_DIGEST_SIZE;
- #ifdef WOLFSSL_XILINX_CRYPT
- test_sha[0] = b; /* hardware acc. can not handle "" string */
- #else
- test_sha[0] = a;
- #endif
- test_sha[1] = b;
- test_sha[2] = c;
- ret = wc_InitSha3_384(&sha, HEAP_HINT, devId);
- if (ret != 0)
- return -2800;
- for (i = 0; i < times; ++i) {
- ret = wc_Sha3_384_Update(&sha, (byte*)test_sha[i].input,
- (word32)test_sha[i].inLen);
- if (ret != 0)
- ERROR_OUT(-2801 - i, exit);
- #ifndef NO_INTM_HASH_TEST
- ret = wc_Sha3_384_GetHash(&sha, hashcopy);
- if (ret != 0)
- ERROR_OUT(-2802 - i, exit);
- #endif
- ret = wc_Sha3_384_Final(&sha, hash);
- if (ret != 0)
- ERROR_OUT(-2803 - i, exit);
- if (XMEMCMP(hash, test_sha[i].output, WC_SHA3_384_DIGEST_SIZE) != 0)
- ERROR_OUT(-2804 - i, exit);
- #ifndef NO_INTM_HASH_TEST
- if (XMEMCMP(hash, hashcopy, WC_SHA3_384_DIGEST_SIZE) != 0)
- ERROR_OUT(-2805 - i, exit);
- #endif
- }
- /* BEGIN LARGE HASH TEST */ {
- byte large_input[1024];
- const char* large_digest =
- "\x30\x44\xec\x17\xef\x47\x9f\x55\x36\x11\xd6\x3f\x8a\x31\x5a\x71"
- "\x8a\x71\xa7\x1d\x8e\x84\xe8\x6c\x24\x02\x2f\x7a\x08\x4e\xea\xd7"
- "\x42\x36\x5d\xa8\xc2\xb7\x42\xad\xec\x19\xfb\xca\xc6\x64\xb3\xa4";
- for (i = 0; i < (int)sizeof(large_input); i++) {
- large_input[i] = (byte)(i & 0xFF);
- }
- times = 100;
- for (i = 0; i < times; ++i) {
- ret = wc_Sha3_384_Update(&sha, (byte*)large_input,
- (word32)sizeof(large_input));
- if (ret != 0)
- ERROR_OUT(-2806, exit);
- }
- ret = wc_Sha3_384_Final(&sha, hash);
- if (ret != 0)
- ERROR_OUT(-2807, exit);
- if (XMEMCMP(hash, large_digest, WC_SHA3_384_DIGEST_SIZE) != 0)
- ERROR_OUT(-2808, exit);
- } /* END LARGE HASH TEST */
- exit:
- wc_Sha3_384_Free(&sha);
- return ret;
- }
- #endif /* WOLFSSL_NOSHA3_384 */
- #ifndef WOLFSSL_NOSHA3_512
- static int sha3_512_test(void)
- {
- wc_Sha3 sha;
- byte hash[WC_SHA3_512_DIGEST_SIZE];
- byte hashcopy[WC_SHA3_512_DIGEST_SIZE];
- testVector a, b, c;
- testVector test_sha[3];
- int ret;
- int times = sizeof(test_sha) / sizeof(struct testVector), i;
- a.input = "";
- a.output = "\xa6\x9f\x73\xcc\xa2\x3a\x9a\xc5\xc8\xb5\x67\xdc\x18\x5a\x75"
- "\x6e\x97\xc9\x82\x16\x4f\xe2\x58\x59\xe0\xd1\xdc\xc1\x47\x5c"
- "\x80\xa6\x15\xb2\x12\x3a\xf1\xf5\xf9\x4c\x11\xe3\xe9\x40\x2c"
- "\x3a\xc5\x58\xf5\x00\x19\x9d\x95\xb6\xd3\xe3\x01\x75\x85\x86"
- "\x28\x1d\xcd\x26";
- a.inLen = XSTRLEN(a.input);
- a.outLen = WC_SHA3_512_DIGEST_SIZE;
- b.input = "abc";
- b.output = "\xb7\x51\x85\x0b\x1a\x57\x16\x8a\x56\x93\xcd\x92\x4b\x6b\x09"
- "\x6e\x08\xf6\x21\x82\x74\x44\xf7\x0d\x88\x4f\x5d\x02\x40\xd2"
- "\x71\x2e\x10\xe1\x16\xe9\x19\x2a\xf3\xc9\x1a\x7e\xc5\x76\x47"
- "\xe3\x93\x40\x57\x34\x0b\x4c\xf4\x08\xd5\xa5\x65\x92\xf8\x27"
- "\x4e\xec\x53\xf0";
- b.inLen = XSTRLEN(b.input);
- b.outLen = WC_SHA3_512_DIGEST_SIZE;
- c.input = "abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq";
- c.output = "\x04\xa3\x71\xe8\x4e\xcf\xb5\xb8\xb7\x7c\xb4\x86\x10\xfc\xa8"
- "\x18\x2d\xd4\x57\xce\x6f\x32\x6a\x0f\xd3\xd7\xec\x2f\x1e\x91"
- "\x63\x6d\xee\x69\x1f\xbe\x0c\x98\x53\x02\xba\x1b\x0d\x8d\xc7"
- "\x8c\x08\x63\x46\xb5\x33\xb4\x9c\x03\x0d\x99\xa2\x7d\xaf\x11"
- "\x39\xd6\xe7\x5e";
- c.inLen = XSTRLEN(c.input);
- c.outLen = WC_SHA3_512_DIGEST_SIZE;
- test_sha[0] = a;
- test_sha[1] = b;
- test_sha[2] = c;
- ret = wc_InitSha3_512(&sha, HEAP_HINT, devId);
- if (ret != 0)
- return -2900;
- for (i = 0; i < times; ++i) {
- ret = wc_Sha3_512_Update(&sha, (byte*)test_sha[i].input,
- (word32)test_sha[i].inLen);
- if (ret != 0)
- ERROR_OUT(-2901 - i, exit);
- ret = wc_Sha3_512_GetHash(&sha, hashcopy);
- if (ret != 0)
- ERROR_OUT(-2902 - i, exit);
- ret = wc_Sha3_512_Final(&sha, hash);
- if (ret != 0)
- ERROR_OUT(-2903 - i, exit);
- if (XMEMCMP(hash, test_sha[i].output, WC_SHA3_512_DIGEST_SIZE) != 0)
- ERROR_OUT(-2904 - i, exit);
- if (XMEMCMP(hash, hashcopy, WC_SHA3_512_DIGEST_SIZE) != 0)
- ERROR_OUT(-2905 - i, exit);
- }
- /* BEGIN LARGE HASH TEST */ {
- byte large_input[1024];
- const char* large_digest =
- "\x9c\x13\x26\xb6\x26\xb2\x94\x31\xbc\xf4\x34\xe9\x6f\xf2\xd6\x29"
- "\x9a\xd0\x9b\x32\x63\x2f\x18\xa7\x5f\x23\xc9\x60\xc2\x32\x0c\xbc"
- "\x57\x77\x33\xf1\x83\x81\x8a\xd3\x15\x7c\x93\xdc\x80\x9f\xed\x61"
- "\x41\xa7\x5b\xfd\x32\x0e\x38\x15\xb0\x46\x3b\x7a\x4f\xfd\x44\x88";
- for (i = 0; i < (int)sizeof(large_input); i++) {
- large_input[i] = (byte)(i & 0xFF);
- }
- times = 100;
- for (i = 0; i < times; ++i) {
- ret = wc_Sha3_512_Update(&sha, (byte*)large_input,
- (word32)sizeof(large_input));
- if (ret != 0)
- ERROR_OUT(-2906, exit);
- }
- ret = wc_Sha3_512_Final(&sha, hash);
- if (ret != 0)
- ERROR_OUT(-2907, exit);
- if (XMEMCMP(hash, large_digest, WC_SHA3_512_DIGEST_SIZE) != 0)
- ERROR_OUT(-2908, exit);
- } /* END LARGE HASH TEST */
- exit:
- wc_Sha3_512_Free(&sha);
- return ret;
- }
- #endif /* WOLFSSL_NOSHA3_512 */
- WOLFSSL_TEST_SUBROUTINE int sha3_test(void)
- {
- int ret;
- (void)ret;
- #ifndef WOLFSSL_NOSHA3_224
- if ((ret = sha3_224_test()) != 0)
- return ret;
- #endif
- #ifndef WOLFSSL_NOSHA3_256
- if ((ret = sha3_256_test()) != 0)
- return ret;
- #endif
- #ifndef WOLFSSL_NOSHA3_384
- if ((ret = sha3_384_test()) != 0)
- return ret;
- #endif
- #ifndef WOLFSSL_NOSHA3_512
- if ((ret = sha3_512_test()) != 0)
- return ret;
- #endif
- return 0;
- }
- #endif /* WOLFSSL_SHA3 */
- #ifdef WOLFSSL_SHAKE256
- WOLFSSL_TEST_SUBROUTINE int shake256_test(void)
- {
- #ifndef WOLFSSL_NO_SHAKE256
- wc_Shake sha;
- byte hash[250];
- testVector a, b, c, d, e;
- testVector test_sha[5];
- int ret = 0;
- int times = sizeof(test_sha) / sizeof(struct testVector), i;
- byte large_input[1024];
- const char* large_digest =
- "\x90\x32\x4a\xcc\xd1\xdf\xb8\x0b\x79\x1f\xb8\xc8\x5b\x54\xc8\xe7"
- "\x45\xf5\x60\x6b\x38\x26\xb2\x0a\xee\x38\x01\xf3\xd9\xfa\x96\x9f"
- "\x6a\xd7\x15\xdf\xb6\xc2\xf4\x20\x33\x44\x55\xe8\x2a\x09\x2b\x68"
- "\x2e\x18\x65\x5e\x65\x93\x28\xbc\xb1\x9e\xe2\xb1\x92\xea\x98\xac"
- "\x21\xef\x4c\xe1\xb4\xb7\xbe\x81\x5c\x1d\xd3\xb7\x17\xe5\xbb\xc5"
- "\x8c\x68\xb7\xfb\xac\x55\x8a\x9b\x4d\x91\xe4\x9f\x72\xbb\x6e\x38"
- "\xaf\x21\x7d\x21\xaa\x98\x4e\x75\xc4\xb4\x1c\x7c\x50\x45\x54\xf9"
- "\xea\x26";
- a.input = "";
- a.output = "\x46\xb9\xdd\x2b\x0b\xa8\x8d\x13\x23\x3b\x3f\xeb\x74\x3e\xeb"
- "\x24\x3f\xcd\x52\xea\x62\xb8\x1b\x82\xb5\x0c\x27\x64\x6e\xd5"
- "\x76\x2f\xd7\x5d\xc4\xdd\xd8\xc0\xf2\x00\xcb\x05\x01\x9d\x67"
- "\xb5\x92\xf6\xfc\x82\x1c\x49\x47\x9a\xb4\x86\x40\x29\x2e\xac"
- "\xb3\xb7\xc4\xbe\x14\x1e\x96\x61\x6f\xb1\x39\x57\x69\x2c\xc7"
- "\xed\xd0\xb4\x5a\xe3\xdc\x07\x22\x3c\x8e\x92\x93\x7b\xef\x84"
- "\xbc\x0e\xab\x86\x28\x53\x34\x9e\xc7\x55\x46\xf5\x8f\xb7\xc2"
- "\x77\x5c\x38\x46\x2c\x50\x10\xd8\x46";
- a.inLen = XSTRLEN(a.input);
- a.outLen = 114;
- b.input = "abc";
- b.output = "\x48\x33\x66\x60\x13\x60\xa8\x77\x1c\x68\x63\x08\x0c\xc4\x11"
- "\x4d\x8d\xb4\x45\x30\xf8\xf1\xe1\xee\x4f\x94\xea\x37\xe7\x8b"
- "\x57\x39\xd5\xa1\x5b\xef\x18\x6a\x53\x86\xc7\x57\x44\xc0\x52"
- "\x7e\x1f\xaa\x9f\x87\x26\xe4\x62\xa1\x2a\x4f\xeb\x06\xbd\x88"
- "\x01\xe7\x51\xe4\x13\x85\x14\x12\x04\xf3\x29\x97\x9f\xd3\x04"
- "\x7a\x13\xc5\x65\x77\x24\xad\xa6\x4d\x24\x70\x15\x7b\x3c\xdc"
- "\x28\x86\x20\x94\x4d\x78\xdb\xcd\xdb\xd9\x12\x99\x3f\x09\x13"
- "\xf1\x64\xfb\x2c\xe9\x51\x31\xa2\xd0";
- b.inLen = XSTRLEN(b.input);
- b.outLen = 114;
- c.input = "abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq";
- c.output = "\x4d\x8c\x2d\xd2\x43\x5a\x01\x28\xee\xfb\xb8\xc3\x6f\x6f\x87"
- "\x13\x3a\x79\x11\xe1\x8d\x97\x9e\xe1\xae\x6b\xe5\xd4\xfd\x2e"
- "\x33\x29\x40\xd8\x68\x8a\x4e\x6a\x59\xaa\x80\x60\xf1\xf9\xbc"
- "\x99\x6c\x05\xac\xa3\xc6\x96\xa8\xb6\x62\x79\xdc\x67\x2c\x74"
- "\x0b\xb2\x24\xec\x37\xa9\x2b\x65\xdb\x05\x39\xc0\x20\x34\x55"
- "\xf5\x1d\x97\xcc\xe4\xcf\xc4\x91\x27\xd7\x26\x0a\xfc\x67\x3a"
- "\xf2\x08\xba\xf1\x9b\xe2\x12\x33\xf3\xde\xbe\x78\xd0\x67\x60"
- "\xcf\xa5\x51\xee\x1e\x07\x91\x41\xd4";
- c.inLen = XSTRLEN(c.input);
- c.outLen = 114;
- /* Taken from NIST CAVP test vectors - full rate output. */
- d.input = "\xdc\x88\x6d\xf3\xf6\x9c\x49\x51\x3d\xe3\x62\x7e\x94\x81\xdb"
- "\x58\x71\xe8\xee\x88\xeb\x9f\x99\x61\x15\x41\x93\x0a\x8b\xc8"
- "\x85\xe0";
- d.output = "\x00\x64\x8a\xfb\xc5\xe6\x51\x64\x9d\xb1\xfd\x82\x93\x6b\x00"
- "\xdb\xbc\x12\x2f\xb4\xc8\x77\x86\x0d\x38\x5c\x49\x50\xd5\x6d"
- "\xe7\xe0\x96\xd6\x13\xd7\xa3\xf2\x7e\xd8\xf2\x63\x34\xb0\xcc"
- "\xc1\x40\x7b\x41\xdc\xcb\x23\xdf\xaa\x52\x98\x18\xd1\x12\x5c"
- "\xd5\x34\x80\x92\x52\x43\x66\xb8\x5f\xab\xb9\x7c\x6c\xd1\xe6"
- "\x06\x6f\x45\x9b\xcc\x56\x6d\xa8\x7e\xc9\xb7\xba\x36\x79\x2d"
- "\x11\x8a\xc3\x9a\x4c\xce\xf6\x19\x2b\xbf\x3a\x54\xaf\x18\xe5"
- "\x7b\x0c\x14\x61\x01\xf6\xae\xaa\x82\x2b\xc4\xb4\xc9\x70\x8b"
- "\x09\xf0\xb3\xba\xb4\x1b\xcc\xe9\x64\xd9\x99\xd1\x10\x7b\xd7"
- "\xc2";
- d.inLen = 32;
- d.outLen = 136;
- /* Taken from NIST CAVP test vectors - more than one output block. */
- e.input = "\x8d\x80\x01\xe2\xc0\x96\xf1\xb8\x8e\x7c\x92\x24\xa0\x86\xef"
- "\xd4\x79\x7f\xbf\x74\xa8\x03\x3a\x2d\x42\x2a\x2b\x6b\x8f\x67"
- "\x47\xe4";
- e.output = "\x2e\x97\x5f\x6a\x8a\x14\xf0\x70\x4d\x51\xb1\x36\x67\xd8\x19"
- "\x5c\x21\x9f\x71\xe6\x34\x56\x96\xc4\x9f\xa4\xb9\xd0\x8e\x92"
- "\x25\xd3\xd3\x93\x93\x42\x51\x52\xc9\x7e\x71\xdd\x24\x60\x1c"
- "\x11\xab\xcf\xa0\xf1\x2f\x53\xc6\x80\xbd\x3a\xe7\x57\xb8\x13"
- "\x4a\x9c\x10\xd4\x29\x61\x58\x69\x21\x7f\xdd\x58\x85\xc4\xdb"
- "\x17\x49\x85\x70\x3a\x6d\x6d\xe9\x4a\x66\x7e\xac\x30\x23\x44"
- "\x3a\x83\x37\xae\x1b\xc6\x01\xb7\x6d\x7d\x38\xec\x3c\x34\x46"
- "\x31\x05\xf0\xd3\x94\x9d\x78\xe5\x62\xa0\x39\xe4\x46\x95\x48"
- "\xb6\x09\x39\x5d\xe5\xa4\xfd\x43\xc4\x6c\xa9\xfd\x6e\xe2\x9a"
- "\xda\x5e\xfc\x07\xd8\x4d\x55\x32\x49\x45\x0d\xab\x4a\x49\xc4"
- "\x83\xde\xd2\x50\xc9\x33\x8f\x85\xcd\x93\x7a\xe6\x6b\xb4\x36"
- "\xf3\xb4\x02\x6e\x85\x9f\xda\x1c\xa5\x71\x43\x2f\x3b\xfc\x09"
- "\xe7\xc0\x3c\xa4\xd1\x83\xb7\x41\x11\x1c\xa0\x48\x3d\x0e\xda"
- "\xbc\x03\xfe\xb2\x3b\x17\xee\x48\xe8\x44\xba\x24\x08\xd9\xdc"
- "\xfd\x01\x39\xd2\xe8\xc7\x31\x01\x25\xae\xe8\x01\xc6\x1a\xb7"
- "\x90\x0d\x1e\xfc\x47\xc0\x78\x28\x17\x66\xf3\x61\xc5\xe6\x11"
- "\x13\x46\x23\x5e\x1d\xc3\x83\x25\x66\x6c";
- e.inLen = 32;
- e.outLen = 250;
- test_sha[0] = a;
- test_sha[1] = b;
- test_sha[2] = c;
- test_sha[3] = d;
- test_sha[4] = e;
- ret = wc_InitShake256(&sha, HEAP_HINT, devId);
- if (ret != 0)
- return -3100;
- for (i = 0; i < times; ++i) {
- ret = wc_Shake256_Update(&sha, (byte*)test_sha[i].input,
- (word32)test_sha[i].inLen);
- if (ret != 0)
- ERROR_OUT(-3101 - i, exit);
- ret = wc_Shake256_Final(&sha, hash, (word32)test_sha[i].outLen);
- if (ret != 0)
- ERROR_OUT(-3102 - i, exit);
- if (XMEMCMP(hash, test_sha[i].output, test_sha[i].outLen) != 0)
- ERROR_OUT(-3103 - i, exit);
- }
- /* BEGIN LARGE HASH TEST */ {
- for (i = 0; i < (int)sizeof(large_input); i++) {
- large_input[i] = (byte)(i & 0xFF);
- }
- times = 100;
- for (i = 0; i < times; ++i) {
- ret = wc_Shake256_Update(&sha, (byte*)large_input,
- (word32)sizeof(large_input));
- if (ret != 0)
- ERROR_OUT(-3104, exit);
- }
- ret = wc_Shake256_Final(&sha, hash, (word32)sizeof(hash));
- if (ret != 0)
- ERROR_OUT(-3105, exit);
- if (XMEMCMP(hash, large_digest, 114) != 0)
- ERROR_OUT(-3106, exit);
- } /* END LARGE HASH TEST */
- exit:
- wc_Shake256_Free(&sha);
- return ret;
- #else
- return 0;
- #endif
- }
- #endif
- #ifndef NO_HASH_WRAPPER
- WOLFSSL_TEST_SUBROUTINE int hash_test(void)
- {
- wc_HashAlg hash;
- int ret, exp_ret;
- int i, j;
- int digestSz;
- byte data[] = "0123456789abcdef0123456789abcdef0123456";
- byte out[WC_MAX_DIGEST_SIZE];
- byte hashOut[WC_MAX_DIGEST_SIZE];
- #if !defined(NO_ASN) || !defined(NO_DH) || defined(HAVE_ECC)
- enum wc_HashType hashType;
- #endif
- enum wc_HashType typesGood[] = { WC_HASH_TYPE_MD5, WC_HASH_TYPE_SHA,
- WC_HASH_TYPE_SHA224, WC_HASH_TYPE_SHA256,
- WC_HASH_TYPE_SHA384, WC_HASH_TYPE_SHA512,
- WC_HASH_TYPE_SHA3_224,
- WC_HASH_TYPE_SHA3_256,
- WC_HASH_TYPE_SHA3_384,
- WC_HASH_TYPE_SHA3_512 };
- enum wc_HashType typesNoImpl[] = {
- #ifdef NO_MD5
- WC_HASH_TYPE_MD5,
- #endif
- #ifdef NO_SHA
- WC_HASH_TYPE_SHA,
- #endif
- #ifndef WOLFSSL_SHA224
- WC_HASH_TYPE_SHA224,
- #endif
- #ifdef NO_SHA256
- WC_HASH_TYPE_SHA256,
- #endif
- #ifndef WOLFSSL_SHA384
- WC_HASH_TYPE_SHA384,
- #endif
- #ifndef WOLFSSL_SHA512
- WC_HASH_TYPE_SHA512,
- #endif
- #if !defined(WOLFSSL_SHA3) || defined(WOLFSSL_NOSHA3_224)
- WC_HASH_TYPE_SHA3_224,
- #endif
- #if !defined(WOLFSSL_SHA3) || defined(WOLFSSL_NOSHA3_256)
- WC_HASH_TYPE_SHA3_256,
- #endif
- #if !defined(WOLFSSL_SHA3) || defined(WOLFSSL_NOSHA3_384)
- WC_HASH_TYPE_SHA3_384,
- #endif
- #if !defined(WOLFSSL_SHA3) || defined(WOLFSSL_NOSHA3_512)
- WC_HASH_TYPE_SHA3_512,
- #endif
- WC_HASH_TYPE_NONE
- };
- enum wc_HashType typesBad[] = { WC_HASH_TYPE_NONE, WC_HASH_TYPE_MD5_SHA,
- WC_HASH_TYPE_MD2, WC_HASH_TYPE_MD4 };
- enum wc_HashType typesHashBad[] = { WC_HASH_TYPE_MD2, WC_HASH_TYPE_MD4,
- WC_HASH_TYPE_BLAKE2B,
- WC_HASH_TYPE_NONE };
- /* Parameter Validation testing. */
- ret = wc_HashInit(NULL, WC_HASH_TYPE_SHA256);
- if (ret != BAD_FUNC_ARG)
- return -3200;
- ret = wc_HashUpdate(NULL, WC_HASH_TYPE_SHA256, NULL, sizeof(data));
- if (ret != BAD_FUNC_ARG)
- return -3201;
- ret = wc_HashUpdate(&hash, WC_HASH_TYPE_SHA256, NULL, sizeof(data));
- if (ret != BAD_FUNC_ARG)
- return -3202;
- ret = wc_HashUpdate(NULL, WC_HASH_TYPE_SHA256, data, sizeof(data));
- if (ret != BAD_FUNC_ARG)
- return -3203;
- ret = wc_HashFinal(NULL, WC_HASH_TYPE_SHA256, NULL);
- if (ret != BAD_FUNC_ARG)
- return -3204;
- ret = wc_HashFinal(&hash, WC_HASH_TYPE_SHA256, NULL);
- if (ret != BAD_FUNC_ARG)
- return -3205;
- ret = wc_HashFinal(NULL, WC_HASH_TYPE_SHA256, out);
- if (ret != BAD_FUNC_ARG)
- return -3206;
- /* Try invalid hash algorithms. */
- for (i = 0; i < (int)(sizeof(typesBad)/sizeof(*typesBad)); i++) {
- ret = wc_HashInit(&hash, typesBad[i]);
- if (ret != BAD_FUNC_ARG)
- return -3207 - i;
- ret = wc_HashUpdate(&hash, typesBad[i], data, sizeof(data));
- if (ret != BAD_FUNC_ARG)
- return -3217 - i;
- ret = wc_HashFinal(&hash, typesBad[i], out);
- if (ret != BAD_FUNC_ARG)
- return -3227 - i;
- wc_HashFree(&hash, typesBad[i]);
- }
- /* Try valid hash algorithms. */
- for (i = 0, j = 0; i < (int)(sizeof(typesGood)/sizeof(*typesGood)); i++) {
- exp_ret = 0;
- if (typesGood[i] == typesNoImpl[j]) {
- /* Recognized but no implementation compiled in. */
- exp_ret = HASH_TYPE_E;
- j++;
- }
- ret = wc_HashInit(&hash, typesGood[i]);
- if (ret != exp_ret)
- return -3237 - i;
- ret = wc_HashUpdate(&hash, typesGood[i], data, sizeof(data));
- if (ret != exp_ret)
- return -3247 - i;
- ret = wc_HashFinal(&hash, typesGood[i], out);
- if (ret != exp_ret)
- return -3257 - i;
- wc_HashFree(&hash, typesGood[i]);
- digestSz = wc_HashGetDigestSize(typesGood[i]);
- if (exp_ret < 0 && digestSz != exp_ret)
- return -3267 - i;
- if (exp_ret == 0 && digestSz < 0)
- return -3277 - i;
- if (exp_ret == 0) {
- ret = wc_Hash(typesGood[i], data, sizeof(data), hashOut,
- digestSz - 1);
- if (ret != BUFFER_E)
- return -3287 - i;
- }
- ret = wc_Hash(typesGood[i], data, sizeof(data), hashOut, digestSz);
- if (ret != exp_ret)
- return -3297 - i;
- if (exp_ret == 0 && XMEMCMP(out, hashOut, digestSz) != 0)
- return -3307 -i;
- ret = wc_HashGetBlockSize(typesGood[i]);
- if (exp_ret < 0 && ret != exp_ret)
- return -3308 - i;
- if (exp_ret == 0 && ret < 0)
- return -3318 - i;
- #if !defined(NO_ASN) || !defined(NO_DH) || defined(HAVE_ECC)
- ret = wc_HashGetOID(typesGood[i]);
- if (ret == BAD_FUNC_ARG ||
- (exp_ret == 0 && ret == HASH_TYPE_E) ||
- (exp_ret != 0 && ret != HASH_TYPE_E)) {
- return -3328 - i;
- }
- hashType = wc_OidGetHash(ret);
- if (exp_ret == 0 && hashType != typesGood[i])
- return -3338 - i;
- #endif /* !defined(NO_ASN) || !defined(NO_DH) || defined(HAVE_ECC) */
- }
- for (i = 0; i < (int)(sizeof(typesHashBad)/sizeof(*typesHashBad)); i++) {
- ret = wc_Hash(typesHashBad[i], data, sizeof(data), out, sizeof(out));
- if (ret != BAD_FUNC_ARG && ret != BUFFER_E)
- return -3348 - i;
- }
- #if !defined(NO_ASN) || !defined(NO_DH) || defined(HAVE_ECC)
- ret = wc_HashGetOID(WC_HASH_TYPE_MD2);
- #ifdef WOLFSSL_MD2
- if (ret == HASH_TYPE_E || ret == BAD_FUNC_ARG)
- return -3358;
- #else
- if (ret != HASH_TYPE_E)
- return -3359;
- #endif
- hashType = wc_OidGetHash(646); /* Md2h */
- #ifdef WOLFSSL_MD2
- if (hashType != WC_HASH_TYPE_MD2)
- return -3360;
- #else
- if (hashType != WC_HASH_TYPE_NONE)
- return -3361;
- #endif
- ret = wc_HashGetOID(WC_HASH_TYPE_MD5_SHA);
- #ifndef NO_MD5
- if (ret == HASH_TYPE_E || ret == BAD_FUNC_ARG)
- return -3362;
- #else
- if (ret != HASH_TYPE_E)
- return -3363;
- #endif
- ret = wc_HashGetOID(WC_HASH_TYPE_MD4);
- if (ret != BAD_FUNC_ARG)
- return -3364;
- ret = wc_HashGetOID(WC_HASH_TYPE_NONE);
- if (ret != BAD_FUNC_ARG)
- return -3365;
- hashType = wc_OidGetHash(0);
- if (hashType != WC_HASH_TYPE_NONE)
- return -3366;
- #endif /* !defined(NO_ASN) || !defined(NO_DH) || defined(HAVE_ECC) */
- ret = wc_HashGetBlockSize(WC_HASH_TYPE_MD2);
- #ifdef WOLFSSL_MD2
- if (ret == HASH_TYPE_E || ret == BAD_FUNC_ARG)
- return -3367;
- #else
- if (ret != HASH_TYPE_E)
- return -3368;
- #endif
- ret = wc_HashGetDigestSize(WC_HASH_TYPE_MD2);
- #ifdef WOLFSSL_MD2
- if (ret == HASH_TYPE_E || ret == BAD_FUNC_ARG)
- return -3369;
- #else
- if (ret != HASH_TYPE_E)
- return -3370;
- #endif
- ret = wc_HashGetBlockSize(WC_HASH_TYPE_MD4);
- #ifndef NO_MD4
- if (ret == HASH_TYPE_E || ret == BAD_FUNC_ARG)
- return -3371;
- #else
- if (ret != HASH_TYPE_E)
- return -3372;
- #endif
- ret = wc_HashGetDigestSize(WC_HASH_TYPE_MD4);
- #ifndef NO_MD4
- if (ret == HASH_TYPE_E || ret == BAD_FUNC_ARG)
- return -3373;
- #else
- if (ret != HASH_TYPE_E)
- return -3374;
- #endif
- ret = wc_HashGetBlockSize(WC_HASH_TYPE_MD5_SHA);
- #if !defined(NO_MD5) && !defined(NO_SHA)
- if (ret == HASH_TYPE_E || ret == BAD_FUNC_ARG)
- return -3375;
- #else
- if (ret != HASH_TYPE_E)
- return -3376;
- #endif
- ret = wc_HashGetBlockSize(WC_HASH_TYPE_BLAKE2B);
- #if defined(HAVE_BLAKE2) || defined(HAVE_BLAKE2S)
- if (ret == HASH_TYPE_E || ret == BAD_FUNC_ARG)
- return -3377;
- #else
- if (ret != HASH_TYPE_E)
- return -3378;
- #endif
- ret = wc_HashGetDigestSize(WC_HASH_TYPE_BLAKE2B);
- #if defined(HAVE_BLAKE2) || defined(HAVE_BLAKE2S)
- if (ret == HASH_TYPE_E || ret == BAD_FUNC_ARG)
- return -3379;
- #else
- if (ret != HASH_TYPE_E)
- return -3380;
- #endif
- ret = wc_HashGetBlockSize(WC_HASH_TYPE_NONE);
- if (ret != BAD_FUNC_ARG)
- return -3381;
- ret = wc_HashGetDigestSize(WC_HASH_TYPE_NONE);
- if (ret != BAD_FUNC_ARG)
- return -3382;
- #if !defined(NO_CERTS) && !defined(NO_ASN)
- #if defined(WOLFSSL_MD2) && !defined(HAVE_SELFTEST) && !defined(HAVE_FIPS)
- ret = wc_GetCTC_HashOID(MD2);
- if (ret == 0)
- return -3383;
- #endif
- #ifndef NO_MD5
- ret = wc_GetCTC_HashOID(WC_MD5);
- if (ret == 0)
- return -3384;
- #endif
- #ifndef NO_SHA
- ret = wc_GetCTC_HashOID(WC_SHA);
- if (ret == 0)
- return -3385;
- #endif
- #ifdef WOLFSSL_SHA224
- ret = wc_GetCTC_HashOID(WC_SHA224);
- if (ret == 0)
- return -3386;
- #endif
- #ifndef NO_SHA256
- ret = wc_GetCTC_HashOID(WC_SHA256);
- if (ret == 0)
- return -3387;
- #endif
- #ifdef WOLFSSL_SHA384
- ret = wc_GetCTC_HashOID(WC_SHA384);
- if (ret == 0)
- return -3388;
- #endif
- #ifdef WOLFSSL_SHA512
- ret = wc_GetCTC_HashOID(WC_SHA512);
- if (ret == 0)
- return -3389;
- #endif
- ret = wc_GetCTC_HashOID(-1);
- if (ret != 0)
- return -3390;
- #endif
- return 0;
- }
- #endif /* !NO_HASH_WRAPPER */
- #if !defined(NO_HMAC) && !defined(NO_MD5)
- WOLFSSL_TEST_SUBROUTINE int hmac_md5_test(void)
- {
- Hmac hmac;
- byte hash[WC_MD5_DIGEST_SIZE];
- const char* keys[]=
- {
- "\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b",
- "Jefe",
- "\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA"
- };
- testVector a, b, c;
- testVector test_hmac[3];
- int ret;
- int times = sizeof(test_hmac) / sizeof(testVector), i;
- a.input = "Hi There";
- a.output = "\x92\x94\x72\x7a\x36\x38\xbb\x1c\x13\xf4\x8e\xf8\x15\x8b\xfc"
- "\x9d";
- a.inLen = XSTRLEN(a.input);
- a.outLen = WC_MD5_DIGEST_SIZE;
- b.input = "what do ya want for nothing?";
- b.output = "\x75\x0c\x78\x3e\x6a\xb0\xb5\x03\xea\xa8\x6e\x31\x0a\x5d\xb7"
- "\x38";
- b.inLen = XSTRLEN(b.input);
- b.outLen = WC_MD5_DIGEST_SIZE;
- c.input = "\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD"
- "\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD"
- "\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD"
- "\xDD\xDD\xDD\xDD\xDD\xDD";
- c.output = "\x56\xbe\x34\x52\x1d\x14\x4c\x88\xdb\xb8\xc7\x33\xf0\xe8\xb3"
- "\xf6";
- c.inLen = XSTRLEN(c.input);
- c.outLen = WC_MD5_DIGEST_SIZE;
- test_hmac[0] = a;
- test_hmac[1] = b;
- test_hmac[2] = c;
- for (i = 0; i < times; ++i) {
- #if defined(HAVE_FIPS) || defined(HAVE_CAVIUM)
- if (i == 1) {
- continue; /* cavium can't handle short keys, fips not allowed */
- }
- #endif
- if (wc_HmacInit(&hmac, HEAP_HINT, devId) != 0) {
- return -3400;
- }
- ret = wc_HmacSetKey(&hmac, WC_MD5, (byte*)keys[i],
- (word32)XSTRLEN(keys[i]));
- if (ret != 0)
- return -3401;
- ret = wc_HmacUpdate(&hmac, (byte*)test_hmac[i].input,
- (word32)test_hmac[i].inLen);
- if (ret != 0)
- return -3402;
- ret = wc_HmacFinal(&hmac, hash);
- if (ret != 0)
- return -3403;
- if (XMEMCMP(hash, test_hmac[i].output, WC_MD5_DIGEST_SIZE) != 0)
- return -3404 - i;
- wc_HmacFree(&hmac);
- }
- #ifndef HAVE_FIPS
- if (wc_HmacSizeByType(WC_MD5) != WC_MD5_DIGEST_SIZE)
- return -3414;
- #endif
- return 0;
- }
- #endif /* NO_HMAC && NO_MD5 */
- #if !defined(NO_HMAC) && !defined(NO_SHA)
- WOLFSSL_TEST_SUBROUTINE int hmac_sha_test(void)
- {
- Hmac hmac;
- byte hash[WC_SHA_DIGEST_SIZE];
- const char* keys[]=
- {
- "\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b"
- "\x0b\x0b\x0b",
- "Jefe",
- "\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA"
- "\xAA\xAA\xAA"
- };
- testVector a, b, c;
- testVector test_hmac[3];
- int ret;
- int times = sizeof(test_hmac) / sizeof(testVector), i;
- a.input = "Hi There";
- a.output = "\xb6\x17\x31\x86\x55\x05\x72\x64\xe2\x8b\xc0\xb6\xfb\x37\x8c"
- "\x8e\xf1\x46\xbe\x00";
- a.inLen = XSTRLEN(a.input);
- a.outLen = WC_SHA_DIGEST_SIZE;
- b.input = "what do ya want for nothing?";
- b.output = "\xef\xfc\xdf\x6a\xe5\xeb\x2f\xa2\xd2\x74\x16\xd5\xf1\x84\xdf"
- "\x9c\x25\x9a\x7c\x79";
- b.inLen = XSTRLEN(b.input);
- b.outLen = WC_SHA_DIGEST_SIZE;
- c.input = "\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD"
- "\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD"
- "\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD"
- "\xDD\xDD\xDD\xDD\xDD\xDD";
- c.output = "\x12\x5d\x73\x42\xb9\xac\x11\xcd\x91\xa3\x9a\xf4\x8a\xa1\x7b"
- "\x4f\x63\xf1\x75\xd3";
- c.inLen = XSTRLEN(c.input);
- c.outLen = WC_SHA_DIGEST_SIZE;
- test_hmac[0] = a;
- test_hmac[1] = b;
- test_hmac[2] = c;
- for (i = 0; i < times; ++i) {
- #if defined(HAVE_FIPS) || defined(HAVE_CAVIUM)
- if (i == 1)
- continue; /* cavium can't handle short keys, fips not allowed */
- #endif
- if (wc_HmacInit(&hmac, HEAP_HINT, devId) != 0)
- return -3500;
- ret = wc_HmacSetKey(&hmac, WC_SHA, (byte*)keys[i],
- (word32)XSTRLEN(keys[i]));
- if (ret != 0)
- return -3501;
- ret = wc_HmacUpdate(&hmac, (byte*)test_hmac[i].input,
- (word32)test_hmac[i].inLen);
- if (ret != 0)
- return -3502;
- ret = wc_HmacFinal(&hmac, hash);
- if (ret != 0)
- return -3503;
- if (XMEMCMP(hash, test_hmac[i].output, WC_SHA_DIGEST_SIZE) != 0)
- return -3504 - i;
- wc_HmacFree(&hmac);
- }
- #ifndef HAVE_FIPS
- if (wc_HmacSizeByType(WC_SHA) != WC_SHA_DIGEST_SIZE)
- return -3514;
- #endif
- return 0;
- }
- #endif
- #if !defined(NO_HMAC) && defined(WOLFSSL_SHA224)
- WOLFSSL_TEST_SUBROUTINE int hmac_sha224_test(void)
- {
- Hmac hmac;
- byte hash[WC_SHA224_DIGEST_SIZE];
- const char* keys[]=
- {
- "\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b"
- "\x0b\x0b\x0b",
- "Jefe",
- "\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA"
- "\xAA\xAA\xAA",
- "\x01\x02\x03\x04\x05\x06\x07\x08\x01\x02\x03\x04\x05\x06\x07\x08"
- "\x01\x02\x03\x04\x05\x06\x07\x08\x01\x02\x03\x04\x05\x06\x07\x08"
- "\x01\x02\x03\x04\x05\x06\x07\x08\x01\x02\x03\x04\x05\x06\x07\x08"
- "\x01\x02\x03\x04\x05\x06\x07\x08\x01\x02\x03\x04\x05\x06\x07\x08"
- "\x01\x02\x03\x04\x05\x06\x07\x08\x01\x02\x03\x04\x05\x06\x07\x08"
- };
- testVector a, b, c, d;
- testVector test_hmac[4];
- int ret;
- int times = sizeof(test_hmac) / sizeof(testVector), i;
- a.input = "Hi There";
- a.output = "\x89\x6f\xb1\x12\x8a\xbb\xdf\x19\x68\x32\x10\x7c\xd4\x9d\xf3"
- "\x3f\x47\xb4\xb1\x16\x99\x12\xba\x4f\x53\x68\x4b\x22";
- a.inLen = XSTRLEN(a.input);
- a.outLen = WC_SHA224_DIGEST_SIZE;
- b.input = "what do ya want for nothing?";
- b.output = "\xa3\x0e\x01\x09\x8b\xc6\xdb\xbf\x45\x69\x0f\x3a\x7e\x9e\x6d"
- "\x0f\x8b\xbe\xa2\xa3\x9e\x61\x48\x00\x8f\xd0\x5e\x44";
- b.inLen = XSTRLEN(b.input);
- b.outLen = WC_SHA224_DIGEST_SIZE;
- c.input = "\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD"
- "\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD"
- "\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD"
- "\xDD\xDD\xDD\xDD\xDD\xDD";
- c.output = "\x7f\xb3\xcb\x35\x88\xc6\xc1\xf6\xff\xa9\x69\x4d\x7d\x6a\xd2"
- "\x64\x93\x65\xb0\xc1\xf6\x5d\x69\xd1\xec\x83\x33\xea";
- c.inLen = XSTRLEN(c.input);
- c.outLen = WC_SHA224_DIGEST_SIZE;
- d.input = "Big Key Input";
- d.output = "\xe7\x4e\x2b\x8a\xa9\xf0\x37\x2f\xed\xae\x70\x0c\x49\x47\xf1"
- "\x46\x54\xa7\x32\x6b\x55\x01\x87\xd2\xc8\x02\x0e\x3a";
- d.inLen = XSTRLEN(d.input);
- d.outLen = WC_SHA224_DIGEST_SIZE;
- test_hmac[0] = a;
- test_hmac[1] = b;
- test_hmac[2] = c;
- test_hmac[3] = d;
- for (i = 0; i < times; ++i) {
- #if defined(HAVE_FIPS) || defined(HAVE_CAVIUM)
- if (i == 1)
- continue; /* cavium can't handle short keys, fips not allowed */
- #endif
- if (wc_HmacInit(&hmac, HEAP_HINT, devId) != 0)
- return -3600;
- ret = wc_HmacSetKey(&hmac, WC_SHA224, (byte*)keys[i],
- (word32)XSTRLEN(keys[i]));
- if (ret != 0)
- return -3601;
- ret = wc_HmacUpdate(&hmac, (byte*)test_hmac[i].input,
- (word32)test_hmac[i].inLen);
- if (ret != 0)
- return -3602;
- ret = wc_HmacFinal(&hmac, hash);
- if (ret != 0)
- return -3603;
- if (XMEMCMP(hash, test_hmac[i].output, WC_SHA224_DIGEST_SIZE) != 0)
- return -3604 - i;
- wc_HmacFree(&hmac);
- }
- #ifndef HAVE_FIPS
- if (wc_HmacSizeByType(WC_SHA224) != WC_SHA224_DIGEST_SIZE)
- return -3614;
- #endif
- return 0;
- }
- #endif
- #if !defined(NO_HMAC) && !defined(NO_SHA256)
- WOLFSSL_TEST_SUBROUTINE int hmac_sha256_test(void)
- {
- Hmac hmac;
- byte hash[WC_SHA256_DIGEST_SIZE];
- const char* keys[]=
- {
- "\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b"
- "\x0b\x0b\x0b",
- "Jefe",
- "\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA"
- "\xAA\xAA\xAA",
- "\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA"
- "\xAA\xAA\xAA",
- };
- testVector a, b, c, d;
- testVector test_hmac[4];
- int ret;
- int times = sizeof(test_hmac) / sizeof(testVector), i;
- a.input = "Hi There";
- a.output = "\xb0\x34\x4c\x61\xd8\xdb\x38\x53\x5c\xa8\xaf\xce\xaf\x0b\xf1"
- "\x2b\x88\x1d\xc2\x00\xc9\x83\x3d\xa7\x26\xe9\x37\x6c\x2e\x32"
- "\xcf\xf7";
- a.inLen = XSTRLEN(a.input);
- a.outLen = WC_SHA256_DIGEST_SIZE;
- b.input = "what do ya want for nothing?";
- b.output = "\x5b\xdc\xc1\x46\xbf\x60\x75\x4e\x6a\x04\x24\x26\x08\x95\x75"
- "\xc7\x5a\x00\x3f\x08\x9d\x27\x39\x83\x9d\xec\x58\xb9\x64\xec"
- "\x38\x43";
- b.inLen = XSTRLEN(b.input);
- b.outLen = WC_SHA256_DIGEST_SIZE;
- c.input = "\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD"
- "\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD"
- "\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD"
- "\xDD\xDD\xDD\xDD\xDD\xDD";
- c.output = "\x77\x3e\xa9\x1e\x36\x80\x0e\x46\x85\x4d\xb8\xeb\xd0\x91\x81"
- "\xa7\x29\x59\x09\x8b\x3e\xf8\xc1\x22\xd9\x63\x55\x14\xce\xd5"
- "\x65\xfe";
- c.inLen = XSTRLEN(c.input);
- c.outLen = WC_SHA256_DIGEST_SIZE;
- d.input = 0;
- d.output = "\x86\xe5\x4f\xd4\x48\x72\x5d\x7e\x5d\xcf\xe2\x23\x53\xc8\x28"
- "\xaf\x48\x78\x1e\xb4\x8c\xae\x81\x06\xa7\xe1\xd4\x98\x94\x9f"
- "\x3e\x46";
- d.inLen = 0;
- d.outLen = WC_SHA256_DIGEST_SIZE;
- test_hmac[0] = a;
- test_hmac[1] = b;
- test_hmac[2] = c;
- test_hmac[3] = d;
- for (i = 0; i < times; ++i) {
- #if defined(HAVE_FIPS) || defined(HAVE_CAVIUM)
- if (i == 1)
- continue; /* cavium can't handle short keys, fips not allowed */
- #endif
- #if defined(HAVE_INTEL_QA) || defined(HAVE_CAVIUM)
- if (i == 3)
- continue; /* QuickAssist can't handle empty HMAC */
- #endif
- if (wc_HmacInit(&hmac, HEAP_HINT, devId) != 0)
- return -3700 - i;
- ret = wc_HmacSetKey(&hmac, WC_SHA256, (byte*)keys[i],
- (word32)XSTRLEN(keys[i]));
- if (ret != 0)
- return -3710 - i;
- if (test_hmac[i].input != NULL) {
- ret = wc_HmacUpdate(&hmac, (byte*)test_hmac[i].input,
- (word32)test_hmac[i].inLen);
- if (ret != 0)
- return -3720 - i;
- }
- ret = wc_HmacFinal(&hmac, hash);
- if (ret != 0)
- return -3730 - i;
- if (XMEMCMP(hash, test_hmac[i].output, WC_SHA256_DIGEST_SIZE) != 0)
- return -3740 - i;
- wc_HmacFree(&hmac);
- }
- #ifndef HAVE_FIPS
- if (wc_HmacSizeByType(WC_SHA256) != WC_SHA256_DIGEST_SIZE)
- return -3750;
- if (wc_HmacSizeByType(20) != BAD_FUNC_ARG)
- return -3751;
- #endif
- if (wolfSSL_GetHmacMaxSize() != WC_MAX_DIGEST_SIZE)
- return -3752;
- return 0;
- }
- #endif
- #if !defined(NO_HMAC) && defined(WOLFSSL_SHA384)
- WOLFSSL_TEST_SUBROUTINE int hmac_sha384_test(void)
- {
- Hmac hmac;
- byte hash[WC_SHA384_DIGEST_SIZE];
- const char* keys[]=
- {
- "\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b"
- "\x0b\x0b\x0b",
- "Jefe",
- "\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA"
- "\xAA\xAA\xAA",
- "\x01\x02\x03\x04\x05\x06\x07\x08\x01\x02\x03\x04\x05\x06\x07\x08"
- "\x01\x02\x03\x04\x05\x06\x07\x08\x01\x02\x03\x04\x05\x06\x07\x08"
- "\x01\x02\x03\x04\x05\x06\x07\x08\x01\x02\x03\x04\x05\x06\x07\x08"
- "\x01\x02\x03\x04\x05\x06\x07\x08\x01\x02\x03\x04\x05\x06\x07\x08"
- "\x01\x02\x03\x04\x05\x06\x07\x08\x01\x02\x03\x04\x05\x06\x07\x08"
- "\x01\x02\x03\x04\x05\x06\x07\x08\x01\x02\x03\x04\x05\x06\x07\x08"
- "\x01\x02\x03\x04\x05\x06\x07\x08\x01\x02\x03\x04\x05\x06\x07\x08"
- "\x01\x02\x03\x04\x05\x06\x07\x08\x01\x02\x03\x04\x05\x06\x07\x08"
- "\x01\x02\x03\x04\x05\x06\x07\x08\x01\x02\x03\x04\x05\x06\x07\x08"
- };
- testVector a, b, c, d;
- testVector test_hmac[4];
- int ret;
- int times = sizeof(test_hmac) / sizeof(testVector), i;
- a.input = "Hi There";
- a.output = "\xaf\xd0\x39\x44\xd8\x48\x95\x62\x6b\x08\x25\xf4\xab\x46\x90"
- "\x7f\x15\xf9\xda\xdb\xe4\x10\x1e\xc6\x82\xaa\x03\x4c\x7c\xeb"
- "\xc5\x9c\xfa\xea\x9e\xa9\x07\x6e\xde\x7f\x4a\xf1\x52\xe8\xb2"
- "\xfa\x9c\xb6";
- a.inLen = XSTRLEN(a.input);
- a.outLen = WC_SHA384_DIGEST_SIZE;
- b.input = "what do ya want for nothing?";
- b.output = "\xaf\x45\xd2\xe3\x76\x48\x40\x31\x61\x7f\x78\xd2\xb5\x8a\x6b"
- "\x1b\x9c\x7e\xf4\x64\xf5\xa0\x1b\x47\xe4\x2e\xc3\x73\x63\x22"
- "\x44\x5e\x8e\x22\x40\xca\x5e\x69\xe2\xc7\x8b\x32\x39\xec\xfa"
- "\xb2\x16\x49";
- b.inLen = XSTRLEN(b.input);
- b.outLen = WC_SHA384_DIGEST_SIZE;
- c.input = "\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD"
- "\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD"
- "\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD"
- "\xDD\xDD\xDD\xDD\xDD\xDD";
- c.output = "\x88\x06\x26\x08\xd3\xe6\xad\x8a\x0a\xa2\xac\xe0\x14\xc8\xa8"
- "\x6f\x0a\xa6\x35\xd9\x47\xac\x9f\xeb\xe8\x3e\xf4\xe5\x59\x66"
- "\x14\x4b\x2a\x5a\xb3\x9d\xc1\x38\x14\xb9\x4e\x3a\xb6\xe1\x01"
- "\xa3\x4f\x27";
- c.inLen = XSTRLEN(c.input);
- c.outLen = WC_SHA384_DIGEST_SIZE;
- d.input = "Big Key Input";
- d.output = "\xd2\x3d\x29\x6e\xf5\x1e\x23\x23\x49\x18\xb3\xbf\x4c\x38\x7b"
- "\x31\x21\x17\xbb\x09\x73\x27\xf8\x12\x9d\xe9\xc6\x5d\xf9\x54"
- "\xd6\x38\x5a\x68\x53\x14\xee\xe0\xa6\x4f\x36\x7e\xb2\xf3\x1a"
- "\x57\x41\x69";
- d.inLen = XSTRLEN(d.input);
- d.outLen = WC_SHA384_DIGEST_SIZE;
- test_hmac[0] = a;
- test_hmac[1] = b;
- test_hmac[2] = c;
- test_hmac[3] = d;
- for (i = 0; i < times; ++i) {
- #if defined(HAVE_FIPS)
- if (i == 1)
- continue; /* fips not allowed */
- #endif
- if (wc_HmacInit(&hmac, HEAP_HINT, devId) != 0)
- return -3800;
- ret = wc_HmacSetKey(&hmac, WC_SHA384, (byte*)keys[i],
- (word32)XSTRLEN(keys[i]));
- if (ret != 0)
- return -3801;
- ret = wc_HmacUpdate(&hmac, (byte*)test_hmac[i].input,
- (word32)test_hmac[i].inLen);
- if (ret != 0)
- return -3802;
- ret = wc_HmacFinal(&hmac, hash);
- if (ret != 0)
- return -3803;
- if (XMEMCMP(hash, test_hmac[i].output, WC_SHA384_DIGEST_SIZE) != 0)
- return -3804 - i;
- wc_HmacFree(&hmac);
- }
- #ifndef HAVE_FIPS
- if (wc_HmacSizeByType(WC_SHA384) != WC_SHA384_DIGEST_SIZE)
- return -3814;
- #endif
- return 0;
- }
- #endif
- #if !defined(NO_HMAC) && defined(WOLFSSL_SHA512)
- WOLFSSL_TEST_SUBROUTINE int hmac_sha512_test(void)
- {
- Hmac hmac;
- byte hash[WC_SHA512_DIGEST_SIZE];
- const char* keys[]=
- {
- "\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b"
- "\x0b\x0b\x0b",
- "Jefe",
- "\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA"
- "\xAA\xAA\xAA",
- "\x01\x02\x03\x04\x05\x06\x07\x08\x01\x02\x03\x04\x05\x06\x07\x08"
- "\x01\x02\x03\x04\x05\x06\x07\x08\x01\x02\x03\x04\x05\x06\x07\x08"
- "\x01\x02\x03\x04\x05\x06\x07\x08\x01\x02\x03\x04\x05\x06\x07\x08"
- "\x01\x02\x03\x04\x05\x06\x07\x08\x01\x02\x03\x04\x05\x06\x07\x08"
- "\x01\x02\x03\x04\x05\x06\x07\x08\x01\x02\x03\x04\x05\x06\x07\x08"
- "\x01\x02\x03\x04\x05\x06\x07\x08\x01\x02\x03\x04\x05\x06\x07\x08"
- "\x01\x02\x03\x04\x05\x06\x07\x08\x01\x02\x03\x04\x05\x06\x07\x08"
- "\x01\x02\x03\x04\x05\x06\x07\x08\x01\x02\x03\x04\x05\x06\x07\x08"
- "\x01\x02\x03\x04\x05\x06\x07\x08\x01\x02\x03\x04\x05\x06\x07\x08"
- };
- testVector a, b, c, d;
- testVector test_hmac[4];
- int ret;
- int times = sizeof(test_hmac) / sizeof(testVector), i;
- a.input = "Hi There";
- a.output = "\x87\xaa\x7c\xde\xa5\xef\x61\x9d\x4f\xf0\xb4\x24\x1a\x1d\x6c"
- "\xb0\x23\x79\xf4\xe2\xce\x4e\xc2\x78\x7a\xd0\xb3\x05\x45\xe1"
- "\x7c\xde\xda\xa8\x33\xb7\xd6\xb8\xa7\x02\x03\x8b\x27\x4e\xae"
- "\xa3\xf4\xe4\xbe\x9d\x91\x4e\xeb\x61\xf1\x70\x2e\x69\x6c\x20"
- "\x3a\x12\x68\x54";
- a.inLen = XSTRLEN(a.input);
- a.outLen = WC_SHA512_DIGEST_SIZE;
- b.input = "what do ya want for nothing?";
- b.output = "\x16\x4b\x7a\x7b\xfc\xf8\x19\xe2\xe3\x95\xfb\xe7\x3b\x56\xe0"
- "\xa3\x87\xbd\x64\x22\x2e\x83\x1f\xd6\x10\x27\x0c\xd7\xea\x25"
- "\x05\x54\x97\x58\xbf\x75\xc0\x5a\x99\x4a\x6d\x03\x4f\x65\xf8"
- "\xf0\xe6\xfd\xca\xea\xb1\xa3\x4d\x4a\x6b\x4b\x63\x6e\x07\x0a"
- "\x38\xbc\xe7\x37";
- b.inLen = XSTRLEN(b.input);
- b.outLen = WC_SHA512_DIGEST_SIZE;
- c.input = "\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD"
- "\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD"
- "\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD"
- "\xDD\xDD\xDD\xDD\xDD\xDD";
- c.output = "\xfa\x73\xb0\x08\x9d\x56\xa2\x84\xef\xb0\xf0\x75\x6c\x89\x0b"
- "\xe9\xb1\xb5\xdb\xdd\x8e\xe8\x1a\x36\x55\xf8\x3e\x33\xb2\x27"
- "\x9d\x39\xbf\x3e\x84\x82\x79\xa7\x22\xc8\x06\xb4\x85\xa4\x7e"
- "\x67\xc8\x07\xb9\x46\xa3\x37\xbe\xe8\x94\x26\x74\x27\x88\x59"
- "\xe1\x32\x92\xfb";
- c.inLen = XSTRLEN(c.input);
- c.outLen = WC_SHA512_DIGEST_SIZE;
- d.input = "Big Key Input";
- d.output = "\x3f\xa9\xc9\xe1\xbd\xbb\x04\x55\x1f\xef\xcc\x92\x33\x08\xeb"
- "\xcf\xc1\x9a\x5b\x5b\xc0\x7c\x86\x84\xae\x8c\x40\xaf\xb1\x27"
- "\x87\x38\x92\x04\xa8\xed\xd7\xd7\x07\xa9\x85\xa0\xc2\xcd\x30"
- "\xc0\x56\x14\x49\xbc\x2f\x69\x15\x6a\x97\xd8\x79\x2f\xb3\x3b"
- "\x1e\x18\xfe\xfa";
- d.inLen = XSTRLEN(d.input);
- d.outLen = WC_SHA512_DIGEST_SIZE;
- test_hmac[0] = a;
- test_hmac[1] = b;
- test_hmac[2] = c;
- test_hmac[3] = d;
- for (i = 0; i < times; ++i) {
- #if defined(HAVE_FIPS)
- if (i == 1)
- continue; /* fips not allowed */
- #endif
- if (wc_HmacInit(&hmac, HEAP_HINT, devId) != 0)
- return -3900;
- ret = wc_HmacSetKey(&hmac, WC_SHA512, (byte*)keys[i],
- (word32)XSTRLEN(keys[i]));
- if (ret != 0)
- return -3901;
- ret = wc_HmacUpdate(&hmac, (byte*)test_hmac[i].input,
- (word32)test_hmac[i].inLen);
- if (ret != 0)
- return -3902;
- ret = wc_HmacFinal(&hmac, hash);
- if (ret != 0)
- return -3903;
- if (XMEMCMP(hash, test_hmac[i].output, WC_SHA512_DIGEST_SIZE) != 0)
- return -3904 - i;
- wc_HmacFree(&hmac);
- }
- #ifndef HAVE_FIPS
- if (wc_HmacSizeByType(WC_SHA512) != WC_SHA512_DIGEST_SIZE)
- return -3914;
- #endif
- return 0;
- }
- #endif
- #if !defined(NO_HMAC) && defined(WOLFSSL_SHA3) && \
- !defined(WOLFSSL_NOSHA3_224) && !defined(WOLFSSL_NOSHA3_256) && \
- !defined(WOLFSSL_NOSHA3_384) && !defined(WOLFSSL_NOSHA3_512)
- WOLFSSL_TEST_SUBROUTINE int hmac_sha3_test(void)
- {
- Hmac hmac;
- byte hash[WC_SHA3_512_DIGEST_SIZE];
- const char* key[4] =
- {
- "Jefe",
- "\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b"
- "\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b",
- "\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa"
- "\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa",
- "\x01\x02\x03\x04\x05\x06\x07\x08\x01\x02\x03\x04\x05\x06\x07\x08"
- "\x01\x02\x03\x04\x05\x06\x07\x08\x01\x02\x03\x04\x05\x06\x07\x08"
- "\x01\x02\x03\x04\x05\x06\x07\x08\x01\x02\x03\x04\x05\x06\x07\x08"
- "\x01\x02\x03\x04\x05\x06\x07\x08\x01\x02\x03\x04\x05\x06\x07\x08"
- "\x01\x02\x03\x04\x05\x06\x07\x08\x01\x02\x03\x04\x05\x06\x07\x08"
- "\x01\x02\x03\x04\x05\x06\x07\x08\x01\x02\x03\x04\x05\x06\x07\x08"
- "\x01\x02\x03\x04\x05\x06\x07\x08\x01\x02\x03\x04\x05\x06\x07\x08"
- "\x01\x02\x03\x04\x05\x06\x07\x08\x01\x02\x03\x04\x05\x06\x07\x08"
- "\x01\x02\x03\x04\x05\x06\x07\x08\x01\x02\x03\x04\x05\x06\x07\x08"
- "\x01\x02\x03\x04\x05\x06\x07\x08\x01\x02\x03\x04\x05\x06\x07\x08"
- };
- const char* input[4] =
- {
- "what do ya want for nothing?",
- "Hi There",
- "\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd"
- "\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd"
- "\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd"
- "\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd"
- "\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd",
- "Big Key Input"
- };
- const int hashType[4] =
- {
- WC_SHA3_224, WC_SHA3_256, WC_SHA3_384, WC_SHA3_512
- };
- const int hashSz[4] =
- {
- WC_SHA3_224_DIGEST_SIZE, WC_SHA3_256_DIGEST_SIZE,
- WC_SHA3_384_DIGEST_SIZE, WC_SHA3_512_DIGEST_SIZE
- };
- const char* output[16] =
- {
- /* key = jefe, input = what do ya want for nothing? */
- /* HMAC-SHA3-224 */
- "\x7f\xdb\x8d\xd8\x8b\xd2\xf6\x0d\x1b\x79\x86\x34\xad\x38\x68\x11"
- "\xc2\xcf\xc8\x5b\xfa\xf5\xd5\x2b\xba\xce\x5e\x66",
- /* HMAC-SHA3-256 */
- "\xc7\xd4\x07\x2e\x78\x88\x77\xae\x35\x96\xbb\xb0\xda\x73\xb8\x87"
- "\xc9\x17\x1f\x93\x09\x5b\x29\x4a\xe8\x57\xfb\xe2\x64\x5e\x1b\xa5",
- /* HMAC-SHA3-384 */
- "\xf1\x10\x1f\x8c\xbf\x97\x66\xfd\x67\x64\xd2\xed\x61\x90\x3f\x21"
- "\xca\x9b\x18\xf5\x7c\xf3\xe1\xa2\x3c\xa1\x35\x08\xa9\x32\x43\xce"
- "\x48\xc0\x45\xdc\x00\x7f\x26\xa2\x1b\x3f\x5e\x0e\x9d\xf4\xc2\x0a",
- /* HMAC-SHA3-512 */
- "\x5a\x4b\xfe\xab\x61\x66\x42\x7c\x7a\x36\x47\xb7\x47\x29\x2b\x83"
- "\x84\x53\x7c\xdb\x89\xaf\xb3\xbf\x56\x65\xe4\xc5\xe7\x09\x35\x0b"
- "\x28\x7b\xae\xc9\x21\xfd\x7c\xa0\xee\x7a\x0c\x31\xd0\x22\xa9\x5e"
- "\x1f\xc9\x2b\xa9\xd7\x7d\xf8\x83\x96\x02\x75\xbe\xb4\xe6\x20\x24",
- /* key = 0b..., input = Hi There */
- /* HMAC-SHA3-224 */
- "\x3b\x16\x54\x6b\xbc\x7b\xe2\x70\x6a\x03\x1d\xca\xfd\x56\x37\x3d"
- "\x98\x84\x36\x76\x41\xd8\xc5\x9a\xf3\xc8\x60\xf7",
- /* HMAC-SHA3-256 */
- "\xba\x85\x19\x23\x10\xdf\xfa\x96\xe2\xa3\xa4\x0e\x69\x77\x43\x51"
- "\x14\x0b\xb7\x18\x5e\x12\x02\xcd\xcc\x91\x75\x89\xf9\x5e\x16\xbb",
- /* HMAC-SHA3-384 */
- "\x68\xd2\xdc\xf7\xfd\x4d\xdd\x0a\x22\x40\xc8\xa4\x37\x30\x5f\x61"
- "\xfb\x73\x34\xcf\xb5\xd0\x22\x6e\x1b\xc2\x7d\xc1\x0a\x2e\x72\x3a"
- "\x20\xd3\x70\xb4\x77\x43\x13\x0e\x26\xac\x7e\x3d\x53\x28\x86\xbd",
- /* HMAC-SHA3-512 */
- "\xeb\x3f\xbd\x4b\x2e\xaa\xb8\xf5\xc5\x04\xbd\x3a\x41\x46\x5a\xac"
- "\xec\x15\x77\x0a\x7c\xab\xac\x53\x1e\x48\x2f\x86\x0b\x5e\xc7\xba"
- "\x47\xcc\xb2\xc6\xf2\xaf\xce\x8f\x88\xd2\x2b\x6d\xc6\x13\x80\xf2"
- "\x3a\x66\x8f\xd3\x88\x8b\xb8\x05\x37\xc0\xa0\xb8\x64\x07\x68\x9e",
- /* key = aa..., output = dd... */
- /* HMAC-SHA3-224 */
- "\x67\x6c\xfc\x7d\x16\x15\x36\x38\x78\x03\x90\x69\x2b\xe1\x42\xd2"
- "\xdf\x7c\xe9\x24\xb9\x09\xc0\xc0\x8d\xbf\xdc\x1a",
- /* HMAC-SHA3-256 */
- "\x84\xec\x79\x12\x4a\x27\x10\x78\x65\xce\xdd\x8b\xd8\x2d\xa9\x96"
- "\x5e\x5e\xd8\xc3\x7b\x0a\xc9\x80\x05\xa7\xf3\x9e\xd5\x8a\x42\x07",
- /* HMAC-SHA3-384 */
- "\x27\x5c\xd0\xe6\x61\xbb\x8b\x15\x1c\x64\xd2\x88\xf1\xf7\x82\xfb"
- "\x91\xa8\xab\xd5\x68\x58\xd7\x2b\xab\xb2\xd4\x76\xf0\x45\x83\x73"
- "\xb4\x1b\x6a\xb5\xbf\x17\x4b\xec\x42\x2e\x53\xfc\x31\x35\xac\x6e",
- /* HMAC-SHA3-512 */
- "\x30\x9e\x99\xf9\xec\x07\x5e\xc6\xc6\xd4\x75\xed\xa1\x18\x06\x87"
- "\xfc\xf1\x53\x11\x95\x80\x2a\x99\xb5\x67\x74\x49\xa8\x62\x51\x82"
- "\x85\x1c\xb3\x32\xaf\xb6\xa8\x9c\x41\x13\x25\xfb\xcb\xcd\x42\xaf"
- "\xcb\x7b\x6e\x5a\xab\x7e\xa4\x2c\x66\x0f\x97\xfd\x85\x84\xbf\x03",
- /* key = big key, input = Big Key Input */
- /* HMAC-SHA3-224 */
- "\x29\xe0\x5e\x46\xc4\xa4\x5e\x46\x74\xbf\xd7\x2d\x1a\xd8\x66\xdb"
- "\x2d\x0d\x10\x4e\x2b\xfa\xad\x53\x7d\x15\x69\x8b",
- /* HMAC-SHA3-256 */
- "\xb5\x5b\x8d\x64\xb6\x9c\x21\xd0\xbf\x20\x5c\xa2\xf7\xb9\xb1\x4e"
- "\x88\x21\x61\x2c\x66\xc3\x91\xae\x6c\x95\x16\x85\x83\xe6\xf4\x9b",
- /* HMAC-SHA3-384 */
- "\xaa\x91\xb3\xa6\x2f\x56\xa1\xbe\x8c\x3e\x74\x38\xdb\x58\xd9\xd3"
- "\x34\xde\xa0\x60\x6d\x8d\x46\xe0\xec\xa9\xf6\x06\x35\x14\xe6\xed"
- "\x83\xe6\x7c\x77\x24\x6c\x11\xb5\x90\x82\xb5\x75\xda\x7b\x83\x2d",
- /* HMAC-SHA3-512 */
- "\x1c\xc3\xa9\x24\x4a\x4a\x3f\xbd\xc7\x20\x00\x16\x9b\x79\x47\x03"
- "\x78\x75\x2c\xb5\xf1\x2e\x62\x7c\xbe\xef\x4e\x8f\x0b\x11\x2b\x32"
- "\xa0\xee\xc9\xd0\x4d\x64\x64\x0b\x37\xf4\xdd\x66\xf7\x8b\xb3\xad"
- "\x52\x52\x6b\x65\x12\xde\x0d\x7c\xc0\x8b\x60\x01\x6c\x37\xd7\xa8"
- };
- int i = 0, iMax = sizeof(input) / sizeof(input[0]),
- j, jMax = sizeof(hashType) / sizeof(hashType[0]),
- ret;
- #ifdef HAVE_FIPS
- /* FIPS requires a minimum length for HMAC keys, and "Jefe" is too
- * short. Skip it in FIPS builds. */
- i = 1;
- #endif
- for (; i < iMax; i++) {
- for (j = 0; j < jMax; j++) {
- if (wc_HmacInit(&hmac, HEAP_HINT, devId) != 0)
- return -4000;
- ret = wc_HmacSetKey(&hmac, hashType[j], (byte*)key[i],
- (word32)XSTRLEN(key[i]));
- if (ret != 0)
- return -4001;
- ret = wc_HmacUpdate(&hmac, (byte*)input[i],
- (word32)XSTRLEN(input[i]));
- if (ret != 0)
- return -4002;
- ret = wc_HmacFinal(&hmac, hash);
- if (ret != 0)
- return -4003;
- if (XMEMCMP(hash, output[(i*jMax) + j], hashSz[j]) != 0)
- return -4004;
- wc_HmacFree(&hmac);
- if (i > 0)
- continue;
- #ifndef HAVE_FIPS
- ret = wc_HmacSizeByType(hashType[j]);
- if (ret != hashSz[j])
- return -4005;
- #endif
- }
- }
- return 0;
- }
- #endif
- #ifdef WC_RC2
- typedef struct rc2TestVector {
- const char* input;
- const char* output;
- const char* key; /* Key, variable up to 128 bytes */
- const char* iv; /* IV, 8-bytes */
- int inLen;
- int outLen;
- int keyLen;
- int effectiveKeyBits; /* Up to 1024 bits supported */
- } rc2TestVector;
- static int rc2_ecb_test(void)
- {
- int ret = 0;
- byte cipher[RC2_BLOCK_SIZE];
- byte plain[RC2_BLOCK_SIZE];
- rc2TestVector a, b, c, d, e, f, g, h;
- rc2TestVector test_rc2[8];
- int times = sizeof(test_rc2) / sizeof(rc2TestVector), i;
- a.input = "\x00\x00\x00\x00\x00\x00\x00\x00";
- a.output = "\xeb\xb7\x73\xf9\x93\x27\x8e\xff";
- a.key = "\x00\x00\x00\x00\x00\x00\x00\x00";
- a.inLen = RC2_BLOCK_SIZE;
- a.outLen = RC2_BLOCK_SIZE;
- a.keyLen = 8;
- a.effectiveKeyBits = 63;
- b.input = "\xff\xff\xff\xff\xff\xff\xff\xff";
- b.output = "\x27\x8b\x27\xe4\x2e\x2f\x0d\x49";
- b.key = "\xff\xff\xff\xff\xff\xff\xff\xff";
- b.inLen = RC2_BLOCK_SIZE;
- b.outLen = RC2_BLOCK_SIZE;
- b.keyLen = 8;
- b.effectiveKeyBits = 64;
- c.input = "\x10\x00\x00\x00\x00\x00\x00\x01";
- c.output = "\x30\x64\x9e\xdf\x9b\xe7\xd2\xc2";
- c.key = "\x30\x00\x00\x00\x00\x00\x00\x00";
- c.inLen = RC2_BLOCK_SIZE;
- c.outLen = RC2_BLOCK_SIZE;
- c.keyLen = 8;
- c.effectiveKeyBits = 64;
- d.input = "\x00\x00\x00\x00\x00\x00\x00\x00";
- d.output = "\x61\xa8\xa2\x44\xad\xac\xcc\xf0";
- d.key = "\x88";
- d.inLen = RC2_BLOCK_SIZE;
- d.outLen = RC2_BLOCK_SIZE;
- d.keyLen = 1;
- d.effectiveKeyBits = 64;
- e.input = "\x00\x00\x00\x00\x00\x00\x00\x00";
- e.output = "\x6c\xcf\x43\x08\x97\x4c\x26\x7f";
- e.key = "\x88\xbc\xa9\x0e\x90\x87\x5a";
- e.inLen = RC2_BLOCK_SIZE;
- e.outLen = RC2_BLOCK_SIZE;
- e.keyLen = 7;
- e.effectiveKeyBits = 64;
- f.input = "\x00\x00\x00\x00\x00\x00\x00\x00";
- f.output = "\x1a\x80\x7d\x27\x2b\xbe\x5d\xb1";
- f.key = "\x88\xbc\xa9\x0e\x90\x87\x5a\x7f"
- "\x0f\x79\xc3\x84\x62\x7b\xaf\xb2";
- f.inLen = RC2_BLOCK_SIZE;
- f.outLen = RC2_BLOCK_SIZE;
- f.keyLen = 16;
- f.effectiveKeyBits = 64;
- g.input = "\x00\x00\x00\x00\x00\x00\x00\x00";
- g.output = "\x22\x69\x55\x2a\xb0\xf8\x5c\xa6";
- g.key = "\x88\xbc\xa9\x0e\x90\x87\x5a\x7f"
- "\x0f\x79\xc3\x84\x62\x7b\xaf\xb2";
- g.inLen = RC2_BLOCK_SIZE;
- g.outLen = RC2_BLOCK_SIZE;
- g.keyLen = 16;
- g.effectiveKeyBits = 128;
- h.input = "\x00\x00\x00\x00\x00\x00\x00\x00";
- h.output = "\x5b\x78\xd3\xa4\x3d\xff\xf1\xf1";
- h.key = "\x88\xbc\xa9\x0e\x90\x87\x5a\x7f"
- "\x0f\x79\xc3\x84\x62\x7b\xaf\xb2"
- "\x16\xf8\x0a\x6f\x85\x92\x05\x84"
- "\xc4\x2f\xce\xb0\xbe\x25\x5d\xaf"
- "\x1e";
- h.inLen = RC2_BLOCK_SIZE;
- h.outLen = RC2_BLOCK_SIZE;
- h.keyLen = 33;
- h.effectiveKeyBits = 129;
- test_rc2[0] = a;
- test_rc2[1] = b;
- test_rc2[2] = c;
- test_rc2[3] = d;
- test_rc2[4] = e;
- test_rc2[5] = f;
- test_rc2[6] = g;
- test_rc2[7] = h;
- for (i = 0; i < times; ++i) {
- Rc2 enc;
- XMEMSET(cipher, 0, RC2_BLOCK_SIZE);
- XMEMSET(plain, 0, RC2_BLOCK_SIZE);
- ret = wc_Rc2SetKey(&enc, (byte*)test_rc2[i].key, test_rc2[i].keyLen,
- NULL, test_rc2[i].effectiveKeyBits);
- if (ret != 0) {
- return -4100;
- }
- /* ECB encrypt */
- ret = wc_Rc2EcbEncrypt(&enc, cipher, (byte*)test_rc2[i].input,
- (word32)test_rc2[i].outLen);
- if (ret != 0) {
- return -4101;
- }
- if (XMEMCMP(cipher, test_rc2[i].output, test_rc2[i].outLen)) {
- return -4102;
- }
- /* ECB decrypt */
- ret = wc_Rc2EcbDecrypt(&enc, plain, cipher, RC2_BLOCK_SIZE);
- if (ret != 0) {
- return -4103;
- }
- if (XMEMCMP(plain, test_rc2[i].input, RC2_BLOCK_SIZE)) {
- return -4104;
- }
- }
- return 0;
- }
- static int rc2_cbc_test(void)
- {
- int ret = 0;
- byte cipher[128];
- byte plain[128];
- rc2TestVector a, b, c, d, e, f, g, h, i;
- rc2TestVector test_rc2[9];
- int times = sizeof(test_rc2) / sizeof(rc2TestVector), j;
- /* key length = 7, effective key bits = 63 */
- a.input = "\x00\x00\x00\x00\x00\x00\x00\x00"
- "\x00\x00\x00\x00\x00\x00\x00\x00";
- a.output = "\xEB\xB7\x73\xF9\x93\x27\x8E\xFF"
- "\xF0\x51\x77\x8B\x65\xDB\x13\x57";
- a.key = "\x00\x00\x00\x00\x00\x00\x00\x00";
- a.iv = "\x00\x00\x00\x00\x00\x00\x00\x00";
- a.inLen = RC2_BLOCK_SIZE*2;
- a.outLen = RC2_BLOCK_SIZE*2;
- a.keyLen = 8;
- a.effectiveKeyBits = 63;
- /* key length = 8, effective key bits = 64, all 0xFF */
- b.input = "\xff\xff\xff\xff\xff\xff\xff\xff"
- "\xff\xff\xff\xff\xff\xff\xff\xff";
- b.output = "\xA3\xA1\x12\x65\x4F\x81\xC5\xCD"
- "\xB6\x94\x3E\xEA\x3E\x8B\x9D\x1F";
- b.key = "\xff\xff\xff\xff\xff\xff\xff\xff";
- b.iv = "\xff\xff\xff\xff\xff\xff\xff\xff";
- b.inLen = RC2_BLOCK_SIZE*2;
- b.outLen = RC2_BLOCK_SIZE*2;
- b.keyLen = 8;
- b.effectiveKeyBits = 64;
- /* key length = 8, effective key bits = 64 */
- c.input = "\x10\x00\x00\x00\x00\x00\x00\x01"
- "\x10\x00\x00\x00\x00\x00\x00\x01";
- c.output = "\x30\x64\x9e\xdf\x9b\xe7\xd2\xc2";
- c.output = "\xB5\x70\x14\xA2\x5F\x40\xE3\x6D"
- "\x81\x99\x8D\xE0\xB5\xD5\x3A\x05";
- c.key = "\x30\x00\x00\x00\x00\x00\x00\x00";
- c.iv = "\x30\x00\x00\x00\x00\x00\x00\x00";
- c.inLen = RC2_BLOCK_SIZE*2;
- c.outLen = RC2_BLOCK_SIZE*2;
- c.keyLen = 8;
- c.effectiveKeyBits = 64;
- /* key length = 1, effective key bits = 64 */
- d.input = "\x00\x00\x00\x00\x00\x00\x00\x00"
- "\x00\x00\x00\x00\x00\x00\x00\x00";
- d.output = "\x61\xA8\xA2\x44\xAD\xAC\xCC\xF0"
- "\x6D\x19\xE8\xF1\xFC\xE7\x38\x87";
- d.key = "\x88";
- d.iv = "\x00\x00\x00\x00\x00\x00\x00\x00";
- d.inLen = RC2_BLOCK_SIZE*2;
- d.outLen = RC2_BLOCK_SIZE*2;
- d.keyLen = 1;
- d.effectiveKeyBits = 64;
- /* key length = 7, effective key bits = 64 */
- e.input = "\x00\x00\x00\x00\x00\x00\x00\x00"
- "\x00\x00\x00\x00\x00\x00\x00\x00";
- e.output = "\x6C\xCF\x43\x08\x97\x4C\x26\x7F"
- "\xCC\x3C\x53\x57\x7C\xA1\xA4\x4B";
- e.key = "\x88\xbc\xa9\x0e\x90\x87\x5a";
- e.iv = "\x00\x00\x00\x00\x00\x00\x00\x00";
- e.inLen = RC2_BLOCK_SIZE*2;
- e.outLen = RC2_BLOCK_SIZE*2;
- e.keyLen = 7;
- e.effectiveKeyBits = 64;
- /* key length = 16, effective key bits = 64 */
- f.input = "\x00\x00\x00\x00\x00\x00\x00\x00"
- "\x00\x00\x00\x00\x00\x00\x00\x00";
- f.output = "\x1A\x80\x7D\x27\x2B\xBE\x5D\xB1"
- "\x64\xEF\xE1\xC3\xB8\xAD\xFB\xBA";
- f.key = "\x88\xbc\xa9\x0e\x90\x87\x5a\x7f"
- "\x0f\x79\xc3\x84\x62\x7b\xaf\xb2";
- f.iv = "\x00\x00\x00\x00\x00\x00\x00\x00";
- f.inLen = RC2_BLOCK_SIZE*2;
- f.outLen = RC2_BLOCK_SIZE*2;
- f.keyLen = 16;
- f.effectiveKeyBits = 64;
- /* key length = 16, effective bits = 128 */
- g.input = "\x00\x00\x00\x00\x00\x00\x00\x00"
- "\x00\x00\x00\x00\x00\x00\x00\x00";
- g.output = "\x22\x69\x55\x2A\xB0\xF8\x5C\xA6"
- "\x53\x6E\xFD\x2D\x89\xE1\x2A\x73";
- g.key = "\x88\xbc\xa9\x0e\x90\x87\x5a\x7f"
- "\x0f\x79\xc3\x84\x62\x7b\xaf\xb2";
- g.iv = "\x00\x00\x00\x00\x00\x00\x00\x00";
- g.inLen = RC2_BLOCK_SIZE*2;
- g.outLen = RC2_BLOCK_SIZE*2;
- g.keyLen = 16;
- g.effectiveKeyBits = 128;
- /* key length = 33, effective bits = 129 */
- h.input = "\x00\x00\x00\x00\x00\x00\x00\x00"
- "\x00\x00\x00\x00\x00\x00\x00\x00";
- h.output = "\x5B\x78\xD3\xA4\x3D\xFF\xF1\xF1"
- "\x45\x30\xA8\xD5\xC7\x7C\x46\x19";
- h.key = "\x88\xbc\xa9\x0e\x90\x87\x5a\x7f"
- "\x0f\x79\xc3\x84\x62\x7b\xaf\xb2"
- "\x16\xf8\x0a\x6f\x85\x92\x05\x84"
- "\xc4\x2f\xce\xb0\xbe\x25\x5d\xaf"
- "\x1e";
- h.iv = "\x00\x00\x00\x00\x00\x00\x00\x00";
- h.inLen = RC2_BLOCK_SIZE*2;
- h.outLen = RC2_BLOCK_SIZE*2;
- h.keyLen = 33;
- h.effectiveKeyBits = 129;
- /* key length = 10, effective bits = 40 */
- i.input = "\x11\x22\x33\x44\x55\x66\x77\x88"
- "\x99\xAA\xBB\xCC\xDD\xEE\xFF\x00"
- "\x11\x22\x33\x44\x55\x66\x77\x88"
- "\x99\xAA\xBB\xCC\xDD\xEE\xFF\x00";
- i.output = "\x71\x2D\x11\x99\xC9\xA0\x78\x4F"
- "\xCD\xF1\x1E\x3D\xFD\x21\x7E\xDB"
- "\xB2\x6E\x0D\xA4\x72\xBC\x31\x51"
- "\x48\xEF\x4E\x68\x3B\xDC\xCD\x7D";
- i.key = "\x26\x1E\x57\x8E\xC9\x62\xBF\xB8"
- "\x3E\x96";
- i.iv = "\x01\x02\x03\x04\x05\x06\x07\x08";
- i.inLen = RC2_BLOCK_SIZE*4;
- i.outLen = RC2_BLOCK_SIZE*4;
- i.keyLen = 10;
- i.effectiveKeyBits = 40;
- test_rc2[0] = a;
- test_rc2[1] = b;
- test_rc2[2] = c;
- test_rc2[3] = d;
- test_rc2[4] = e;
- test_rc2[5] = f;
- test_rc2[6] = g;
- test_rc2[7] = h;
- test_rc2[8] = i;
- for (j = 0; j < times; ++j) {
- Rc2 rc2;
- XMEMSET(cipher, 0, sizeof(cipher));
- XMEMSET(plain, 0, sizeof(plain));
- ret = wc_Rc2SetKey(&rc2, (byte*)test_rc2[j].key, test_rc2[j].keyLen,
- (byte*)test_rc2[j].iv, test_rc2[j].effectiveKeyBits);
- if (ret != 0) {
- return -4200;
- }
- ret = wc_Rc2CbcEncrypt(&rc2, cipher, (byte*)test_rc2[j].input,
- test_rc2[j].inLen);
- if (ret != 0) {
- return -4201;
- }
- if (XMEMCMP(cipher, (byte*)test_rc2[j].output, test_rc2[j].outLen)) {
- return -4202;
- }
- /* reset IV for decrypt, since overriden by encrypt operation */
- ret = wc_Rc2SetIV(&rc2, (byte*)test_rc2[j].iv);
- if (ret != 0) {
- return -4203;
- }
- ret = wc_Rc2CbcDecrypt(&rc2, plain, cipher, test_rc2[j].outLen);
- if (ret != 0) {
- return -4204;
- }
- if (XMEMCMP(plain, (byte*)test_rc2[j].input, test_rc2[j].inLen)) {
- return -4205;
- }
- }
- return 0;
- }
- WOLFSSL_TEST_SUBROUTINE int rc2_test(void)
- {
- int ret = 0;
- ret = rc2_ecb_test();
- if (ret != 0) {
- return ret;
- }
- return rc2_cbc_test();
- }
- #endif
- #ifndef NO_RC4
- WOLFSSL_TEST_SUBROUTINE int arc4_test(void)
- {
- byte cipher[16];
- byte plain[16];
- const char* keys[] =
- {
- "\x01\x23\x45\x67\x89\xab\xcd\xef",
- "\x01\x23\x45\x67\x89\xab\xcd\xef",
- "\x00\x00\x00\x00\x00\x00\x00\x00",
- "\xef\x01\x23\x45"
- };
- testVector a, b, c, d;
- testVector test_arc4[4];
- int times = sizeof(test_arc4) / sizeof(testVector), i;
- a.input = "\x01\x23\x45\x67\x89\xab\xcd\xef";
- a.output = "\x75\xb7\x87\x80\x99\xe0\xc5\x96";
- a.inLen = 8;
- a.outLen = 8;
- b.input = "\x00\x00\x00\x00\x00\x00\x00\x00";
- b.output = "\x74\x94\xc2\xe7\x10\x4b\x08\x79";
- b.inLen = 8;
- b.outLen = 8;
- c.input = "\x00\x00\x00\x00\x00\x00\x00\x00";
- c.output = "\xde\x18\x89\x41\xa3\x37\x5d\x3a";
- c.inLen = 8;
- c.outLen = 8;
- d.input = "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00";
- d.output = "\xd6\xa1\x41\xa7\xec\x3c\x38\xdf\xbd\x61";
- d.inLen = 10;
- d.outLen = 10;
- test_arc4[0] = a;
- test_arc4[1] = b;
- test_arc4[2] = c;
- test_arc4[3] = d;
- for (i = 0; i < times; ++i) {
- Arc4 enc;
- Arc4 dec;
- int keylen = 8; /* XSTRLEN with key 0x00 not good */
- if (i == 3)
- keylen = 4;
- if (wc_Arc4Init(&enc, HEAP_HINT, devId) != 0)
- return -4400;
- if (wc_Arc4Init(&dec, HEAP_HINT, devId) != 0)
- return -4401;
- wc_Arc4SetKey(&enc, (byte*)keys[i], keylen);
- wc_Arc4SetKey(&dec, (byte*)keys[i], keylen);
- wc_Arc4Process(&enc, cipher, (byte*)test_arc4[i].input,
- (word32)test_arc4[i].outLen);
- wc_Arc4Process(&dec, plain, cipher, (word32)test_arc4[i].outLen);
- if (XMEMCMP(plain, test_arc4[i].input, test_arc4[i].outLen))
- return -4402 - i;
- if (XMEMCMP(cipher, test_arc4[i].output, test_arc4[i].outLen))
- return -4412 - i;
- wc_Arc4Free(&enc);
- wc_Arc4Free(&dec);
- }
- return 0;
- }
- #endif
- WOLFSSL_TEST_SUBROUTINE int hc128_test(void)
- {
- #ifdef HAVE_HC128
- byte cipher[16];
- byte plain[16];
- const char* keys[] =
- {
- "\x80\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00",
- "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00",
- "\x00\x53\xA6\xF9\x4C\x9F\xF2\x45\x98\xEB\x3E\x91\xE4\x37\x8A\xDD",
- "\x0F\x62\xB5\x08\x5B\xAE\x01\x54\xA7\xFA\x4D\xA0\xF3\x46\x99\xEC"
- };
- const char* ivs[] =
- {
- "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00",
- "\x80\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00",
- "\x0D\x74\xDB\x42\xA9\x10\x77\xDE\x45\xAC\x13\x7A\xE1\x48\xAF\x16",
- "\x28\x8F\xF6\x5D\xC4\x2B\x92\xF9\x60\xC7\x2E\x95\xFC\x63\xCA\x31"
- };
- testVector a, b, c, d;
- testVector test_hc128[4];
- int times = sizeof(test_hc128) / sizeof(testVector), i;
- int ret = 0;
- #if !defined(WOLFSSL_SMALL_STACK) || defined(WOLFSSL_NO_MALLOC)
- HC128 enc[1], dec[1];
- #else
- HC128 *enc = (HC128 *)XMALLOC(sizeof *enc, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- HC128 *dec = (HC128 *)XMALLOC(sizeof *enc, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- if ((! enc) || (! dec)) {
- ERROR_OUT(-4500, out);
- }
- #endif
- a.input = "\x00\x00\x00\x00\x00\x00\x00\x00";
- a.output = "\x37\x86\x02\xB9\x8F\x32\xA7\x48";
- a.inLen = 8;
- a.outLen = 8;
- b.input = "\x00\x00\x00\x00\x00\x00\x00\x00";
- b.output = "\x33\x7F\x86\x11\xC6\xED\x61\x5F";
- b.inLen = 8;
- b.outLen = 8;
- c.input = "\x00\x00\x00\x00\x00\x00\x00\x00";
- c.output = "\x2E\x1E\xD1\x2A\x85\x51\xC0\x5A";
- c.inLen = 8;
- c.outLen = 8;
- d.input = "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00";
- d.output = "\x1C\xD8\xAE\xDD\xFE\x52\xE2\x17\xE8\x35\xD0\xB7\xE8\x4E\x29";
- d.inLen = 15;
- d.outLen = 15;
- test_hc128[0] = a;
- test_hc128[1] = b;
- test_hc128[2] = c;
- test_hc128[3] = d;
- for (i = 0; i < times; ++i) {
- /* align keys/ivs in plain/cipher buffers */
- XMEMCPY(plain, keys[i], 16);
- XMEMCPY(cipher, ivs[i], 16);
- wc_Hc128_SetKey(enc, plain, cipher);
- wc_Hc128_SetKey(dec, plain, cipher);
- /* align input */
- XMEMCPY(plain, test_hc128[i].input, test_hc128[i].outLen);
- if (wc_Hc128_Process(enc, cipher, plain,
- (word32)test_hc128[i].outLen) != 0) {
- ret = -4501;
- goto out;
- }
- if (wc_Hc128_Process(dec, plain, cipher,
- (word32)test_hc128[i].outLen) != 0) {
- ret = -4502;
- goto out;
- }
- if (XMEMCMP(plain, test_hc128[i].input, test_hc128[i].outLen)) {
- ret = -4503 - i;
- goto out;
- }
- if (XMEMCMP(cipher, test_hc128[i].output, test_hc128[i].outLen)) {
- ret = -4513 - i;
- goto out;
- }
- }
- out:
- #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
- if (enc)
- XFREE(enc, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- if (dec)
- XFREE(dec, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- #endif
- return ret;
- #else
- return 0;
- #endif /* HAVE_HC128 */
- }
- #ifndef NO_RABBIT
- WOLFSSL_TEST_SUBROUTINE int rabbit_test(void)
- {
- byte cipher[16];
- byte plain[16];
- const char* keys[] =
- {
- "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00",
- "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00",
- "\xAC\xC3\x51\xDC\xF1\x62\xFC\x3B\xFE\x36\x3D\x2E\x29\x13\x28\x91"
- };
- const char* ivs[] =
- {
- "\x00\x00\x00\x00\x00\x00\x00\x00",
- "\x59\x7E\x26\xC1\x75\xF5\x73\xC3",
- 0
- };
- testVector a, b, c;
- testVector test_rabbit[3];
- int times = sizeof(test_rabbit) / sizeof(testVector), i;
- a.input = "\x00\x00\x00\x00\x00\x00\x00\x00";
- a.output = "\xED\xB7\x05\x67\x37\x5D\xCD\x7C";
- a.inLen = 8;
- a.outLen = 8;
- b.input = "\x00\x00\x00\x00\x00\x00\x00\x00";
- b.output = "\x6D\x7D\x01\x22\x92\xCC\xDC\xE0";
- b.inLen = 8;
- b.outLen = 8;
- c.input = "\x00\x00\x00\x00\x00\x00\x00\x00";
- c.output = "\x04\xCE\xCA\x7A\x1A\x86\x6E\x77";
- c.inLen = 8;
- c.outLen = 8;
- test_rabbit[0] = a;
- test_rabbit[1] = b;
- test_rabbit[2] = c;
- for (i = 0; i < times; ++i) {
- Rabbit enc;
- Rabbit dec;
- byte* iv;
- /* align keys/ivs in plain/cipher buffers */
- XMEMCPY(plain, keys[i], 16);
- if (ivs[i]) {
- XMEMCPY(cipher, ivs[i], 8);
- iv = cipher;
- } else
- iv = NULL;
- wc_RabbitSetKey(&enc, plain, iv);
- wc_RabbitSetKey(&dec, plain, iv);
- /* align input */
- XMEMCPY(plain, test_rabbit[i].input, test_rabbit[i].outLen);
- wc_RabbitProcess(&enc, cipher, plain, (word32)test_rabbit[i].outLen);
- wc_RabbitProcess(&dec, plain, cipher, (word32)test_rabbit[i].outLen);
- if (XMEMCMP(plain, test_rabbit[i].input, test_rabbit[i].outLen))
- return -4600 - i;
- if (XMEMCMP(cipher, test_rabbit[i].output, test_rabbit[i].outLen))
- return -4610 - i;
- }
- return 0;
- }
- #endif /* NO_RABBIT */
- #ifdef HAVE_CHACHA
- WOLFSSL_TEST_SUBROUTINE int chacha_test(void)
- {
- ChaCha enc;
- ChaCha dec;
- byte cipher[128];
- byte plain[128];
- byte sliver[64];
- byte input[] = {0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0};
- word32 keySz = 32;
- int ret = 0;
- int i;
- int times = 4;
- WOLFSSL_SMALL_STACK_STATIC const byte key1[] =
- {
- 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
- 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
- 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
- 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00
- };
- WOLFSSL_SMALL_STACK_STATIC const byte key2[] =
- {
- 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
- 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
- 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
- 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x01
- };
- WOLFSSL_SMALL_STACK_STATIC const byte key3[] =
- {
- 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
- 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
- 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
- 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00
- };
- /* 128 bit key */
- WOLFSSL_SMALL_STACK_STATIC const byte key4[] =
- {
- 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
- 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00
- };
- const byte* keys[] = {key1, key2, key3, key4};
- WOLFSSL_SMALL_STACK_STATIC const byte ivs1[] = {0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00};
- WOLFSSL_SMALL_STACK_STATIC const byte ivs2[] = {0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00};
- WOLFSSL_SMALL_STACK_STATIC const byte ivs3[] = {0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x01,0x00,0x00,0x00,0x00};
- WOLFSSL_SMALL_STACK_STATIC const byte ivs4[] = {0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00};
- const byte* ivs[] = {ivs1, ivs2, ivs3, ivs4};
- #ifndef BENCH_EMBEDDED
- WOLFSSL_SMALL_STACK_STATIC const byte cipher_big_result[] = {
- 0x06, 0xa6, 0x5d, 0x31, 0x21, 0x6c, 0xdb, 0x37, 0x48, 0x7c, 0x01, 0x9d,
- 0x72, 0xdf, 0x0a, 0x5b, 0x64, 0x74, 0x20, 0xba, 0x9e, 0xe0, 0x26, 0x7a,
- 0xbf, 0xdf, 0x83, 0x34, 0x3b, 0x4f, 0x94, 0x3f, 0x37, 0x89, 0xaf, 0x00,
- 0xdf, 0x0f, 0x2e, 0x75, 0x16, 0x41, 0xf6, 0x7a, 0x86, 0x94, 0x9d, 0x32,
- 0x56, 0xf0, 0x79, 0x71, 0x68, 0x6f, 0xa6, 0x6b, 0xc6, 0x59, 0x49, 0xf6,
- 0x10, 0x34, 0x03, 0x03, 0x16, 0x53, 0x9a, 0x98, 0x2a, 0x46, 0xde, 0x17,
- 0x06, 0x65, 0x70, 0xca, 0x0a, 0x1f, 0xab, 0x80, 0x26, 0x96, 0x3f, 0x3e,
- 0x7a, 0x3c, 0xa8, 0x87, 0xbb, 0x65, 0xdd, 0x5e, 0x07, 0x7b, 0x34, 0xe0,
- 0x56, 0xda, 0x32, 0x13, 0x30, 0xc9, 0x0c, 0xd7, 0xba, 0xe4, 0x1f, 0xa6,
- 0x91, 0x4f, 0x72, 0x9f, 0xd9, 0x5c, 0x62, 0x7d, 0xa6, 0xc2, 0xbc, 0x87,
- 0xae, 0x64, 0x11, 0x94, 0x3b, 0xbc, 0x6c, 0x23, 0xbd, 0x7d, 0x00, 0xb4,
- 0x99, 0xf2, 0x68, 0xb5, 0x59, 0x70, 0x93, 0xad, 0x69, 0xd0, 0xb1, 0x28,
- 0x70, 0x92, 0xeb, 0xec, 0x39, 0x80, 0x82, 0xde, 0x44, 0xe2, 0x8a, 0x26,
- 0xb3, 0xe9, 0x45, 0xcf, 0x83, 0x76, 0x9f, 0x6a, 0xa0, 0x46, 0x4a, 0x3d,
- 0x26, 0x56, 0xaf, 0x49, 0x41, 0x26, 0x1b, 0x6a, 0x41, 0x37, 0x65, 0x91,
- 0x72, 0xc4, 0xe7, 0x3c, 0x17, 0x31, 0xae, 0x2e, 0x2b, 0x31, 0x45, 0xe4,
- 0x93, 0xd3, 0x10, 0xaa, 0xc5, 0x62, 0xd5, 0x11, 0x4b, 0x57, 0x1d, 0xad,
- 0x48, 0x06, 0xd0, 0x0d, 0x98, 0xa5, 0xc6, 0x5b, 0xd0, 0x9e, 0x22, 0xc0,
- 0x00, 0x32, 0x5a, 0xf5, 0x1c, 0x89, 0x6d, 0x54, 0x97, 0x55, 0x6b, 0x46,
- 0xc5, 0xc7, 0xc4, 0x48, 0x9c, 0xbf, 0x47, 0xdc, 0x03, 0xc4, 0x1b, 0xcb,
- 0x65, 0xa6, 0x91, 0x9d, 0x6d, 0xf1, 0xb0, 0x7a, 0x4d, 0x3b, 0x03, 0x95,
- 0xf4, 0x8b, 0x0b, 0xae, 0x39, 0xff, 0x3f, 0xf6, 0xc0, 0x14, 0x18, 0x8a,
- 0xe5, 0x19, 0xbd, 0xc1, 0xb4, 0x05, 0x4e, 0x29, 0x2f, 0x0b, 0x33, 0x76,
- 0x28, 0x16, 0xa4, 0xa6, 0x93, 0x04, 0xb5, 0x55, 0x6b, 0x89, 0x3d, 0xa5,
- 0x0f, 0xd3, 0xad, 0xfa, 0xd9, 0xfd, 0x05, 0x5d, 0x48, 0x94, 0x25, 0x5a,
- 0x2c, 0x9a, 0x94, 0x80, 0xb0, 0xe7, 0xcb, 0x4d, 0x77, 0xbf, 0xca, 0xd8,
- 0x55, 0x48, 0xbd, 0x66, 0xb1, 0x85, 0x81, 0xb1, 0x37, 0x79, 0xab, 0x52,
- 0x08, 0x14, 0x12, 0xac, 0xcd, 0x45, 0x4d, 0x53, 0x6b, 0xca, 0x96, 0xc7,
- 0x3b, 0x2f, 0x73, 0xb1, 0x5a, 0x23, 0xbd, 0x65, 0xd5, 0xea, 0x17, 0xb3,
- 0xdc, 0xa1, 0x17, 0x1b, 0x2d, 0xb3, 0x9c, 0xd0, 0xdb, 0x41, 0x77, 0xef,
- 0x93, 0x20, 0x52, 0x3e, 0x9d, 0xf5, 0xbf, 0x33, 0xf7, 0x52, 0xc1, 0x90,
- 0xa0, 0x15, 0x17, 0xce, 0xf7, 0xf7, 0xd0, 0x3a, 0x3b, 0xd1, 0x72, 0x56,
- 0x31, 0x81, 0xae, 0x60, 0xab, 0x40, 0xc1, 0xd1, 0x28, 0x77, 0x53, 0xac,
- 0x9f, 0x11, 0x0a, 0x88, 0x36, 0x4b, 0xda, 0x57, 0xa7, 0x28, 0x5c, 0x85,
- 0xd3, 0x85, 0x9b, 0x79, 0xad, 0x05, 0x1c, 0x37, 0x14, 0x5e, 0x0d, 0xd0,
- 0x23, 0x03, 0x42, 0x1d, 0x48, 0x5d, 0xc5, 0x3c, 0x5a, 0x08, 0xa9, 0x0d,
- 0x6e, 0x82, 0x7c, 0x2e, 0x3c, 0x41, 0xcc, 0x96, 0x8e, 0xad, 0xee, 0x2a,
- 0x61, 0x0b, 0x16, 0x0f, 0xa9, 0x24, 0x40, 0x85, 0xbc, 0x9f, 0x28, 0x8d,
- 0xe6, 0x68, 0x4d, 0x8f, 0x30, 0x48, 0xd9, 0x73, 0x73, 0x6c, 0x9a, 0x7f,
- 0x67, 0xf7, 0xde, 0x4c, 0x0a, 0x8b, 0xe4, 0xb3, 0x08, 0x2a, 0x52, 0xda,
- 0x54, 0xee, 0xcd, 0xb5, 0x62, 0x4a, 0x26, 0x20, 0xfb, 0x40, 0xbb, 0x39,
- 0x3a, 0x0f, 0x09, 0xe8, 0x00, 0xd1, 0x24, 0x97, 0x60, 0xe9, 0x83, 0x83,
- 0xfe, 0x9f, 0x9c, 0x15, 0xcf, 0x69, 0x03, 0x9f, 0x03, 0xe1, 0xe8, 0x6e,
- 0xbd, 0x87, 0x58, 0x68, 0xee, 0xec, 0xd8, 0x29, 0x46, 0x23, 0x49, 0x92,
- 0x72, 0x95, 0x5b, 0x49, 0xca, 0xe0, 0x45, 0x59, 0xb2, 0xca, 0xf4, 0xfc,
- 0xb7, 0x59, 0x37, 0x49, 0x28, 0xbc, 0xf3, 0xd7, 0x61, 0xbc, 0x4b, 0xf3,
- 0xa9, 0x4b, 0x2f, 0x05, 0xa8, 0x01, 0xa5, 0xdc, 0x00, 0x6e, 0x01, 0xb6,
- 0x45, 0x3c, 0xd5, 0x49, 0x7d, 0x5c, 0x25, 0xe8, 0x31, 0x87, 0xb2, 0xb9,
- 0xbf, 0xb3, 0x01, 0x62, 0x0c, 0xd0, 0x48, 0x77, 0xa2, 0x34, 0x0f, 0x16,
- 0x22, 0x28, 0xee, 0x54, 0x08, 0x93, 0x3b, 0xe4, 0xde, 0x7e, 0x63, 0xf7,
- 0x97, 0x16, 0x5d, 0x71, 0x58, 0xc2, 0x2e, 0xf2, 0x36, 0xa6, 0x12, 0x65,
- 0x94, 0x17, 0xac, 0x66, 0x23, 0x7e, 0xc6, 0x72, 0x79, 0x24, 0xce, 0x8f,
- 0x55, 0x19, 0x97, 0x44, 0xfc, 0x55, 0xec, 0x85, 0x26, 0x27, 0xdb, 0x38,
- 0xb1, 0x42, 0x0a, 0xdd, 0x05, 0x99, 0x28, 0xeb, 0x03, 0x6c, 0x9a, 0xe9,
- 0x17, 0xf6, 0x2c, 0xb0, 0xfe, 0xe7, 0xa4, 0xa7, 0x31, 0xda, 0x4d, 0xb0,
- 0x29, 0xdb, 0xdd, 0x8d, 0x12, 0x13, 0x9c, 0xb4, 0xcc, 0x83, 0x97, 0xfb,
- 0x1a, 0xdc, 0x08, 0xd6, 0x30, 0x62, 0xe8, 0xeb, 0x8b, 0x61, 0xcb, 0x1d,
- 0x06, 0xe3, 0xa5, 0x4d, 0x35, 0xdb, 0x59, 0xa8, 0x2d, 0x87, 0x27, 0x44,
- 0x6f, 0xc0, 0x38, 0x97, 0xe4, 0x85, 0x00, 0x02, 0x09, 0xf6, 0x69, 0x3a,
- 0xcf, 0x08, 0x1b, 0x21, 0xbb, 0x79, 0xb1, 0xa1, 0x34, 0x09, 0xe0, 0x80,
- 0xca, 0xb0, 0x78, 0x8a, 0x11, 0x97, 0xd4, 0x07, 0xbe, 0x1b, 0x6a, 0x5d,
- 0xdb, 0xd6, 0x1f, 0x76, 0x6b, 0x16, 0xf0, 0x58, 0x84, 0x5f, 0x59, 0xce,
- 0x62, 0x34, 0xc3, 0xdf, 0x94, 0xb8, 0x2f, 0x84, 0x68, 0xf0, 0xb8, 0x51,
- 0xd9, 0x6d, 0x8e, 0x4a, 0x1d, 0xe6, 0x5c, 0xd8, 0x86, 0x25, 0xe3, 0x24,
- 0xfd, 0x21, 0x61, 0x13, 0x48, 0x3e, 0xf6, 0x7d, 0xa6, 0x71, 0x9b, 0xd2,
- 0x6e, 0xe6, 0xd2, 0x08, 0x94, 0x62, 0x6c, 0x98, 0xfe, 0x2f, 0x9c, 0x88,
- 0x7e, 0x78, 0x15, 0x02, 0x00, 0xf0, 0xba, 0x24, 0x91, 0xf2, 0xdc, 0x47,
- 0x51, 0x4d, 0x15, 0x5e, 0x91, 0x5f, 0x57, 0x5b, 0x1d, 0x35, 0x24, 0x45,
- 0x75, 0x9b, 0x88, 0x75, 0xf1, 0x2f, 0x85, 0xe7, 0x89, 0xd1, 0x01, 0xb4,
- 0xc8, 0x18, 0xb7, 0x97, 0xef, 0x4b, 0x90, 0xf4, 0xbf, 0x10, 0x27, 0x3c,
- 0x60, 0xff, 0xc4, 0x94, 0x20, 0x2f, 0x93, 0x4b, 0x4d, 0xe3, 0x80, 0xf7,
- 0x2c, 0x71, 0xd9, 0xe3, 0x68, 0xb4, 0x77, 0x2b, 0xc7, 0x0d, 0x39, 0x92,
- 0xef, 0x91, 0x0d, 0xb2, 0x11, 0x50, 0x0e, 0xe8, 0xad, 0x3b, 0xf6, 0xb5,
- 0xc6, 0x14, 0x4d, 0x33, 0x53, 0xa7, 0x60, 0x15, 0xc7, 0x27, 0x51, 0xdc,
- 0x54, 0x29, 0xa7, 0x0d, 0x6a, 0x7b, 0x72, 0x13, 0xad, 0x7d, 0x41, 0x19,
- 0x4e, 0x42, 0x49, 0xcc, 0x42, 0xe4, 0xbd, 0x99, 0x13, 0xd9, 0x7f, 0xf3,
- 0x38, 0xa4, 0xb6, 0x33, 0xed, 0x07, 0x48, 0x7e, 0x8e, 0x82, 0xfe, 0x3a,
- 0x9d, 0x75, 0x93, 0xba, 0x25, 0x4e, 0x37, 0x3c, 0x0c, 0xd5, 0x69, 0xa9,
- 0x2d, 0x9e, 0xfd, 0xe8, 0xbb, 0xf5, 0x0c, 0xe2, 0x86, 0xb9, 0x5e, 0x6f,
- 0x28, 0xe4, 0x19, 0xb3, 0x0b, 0xa4, 0x86, 0xd7, 0x24, 0xd0, 0xb8, 0x89,
- 0x7b, 0x76, 0xec, 0x05, 0x10, 0x5b, 0x68, 0xe9, 0x58, 0x66, 0xa3, 0xc5,
- 0xb6, 0x63, 0x20, 0x0e, 0x0e, 0xea, 0x3d, 0x61, 0x5e, 0xda, 0x3d, 0x3c,
- 0xf9, 0xfd, 0xed, 0xa9, 0xdb, 0x52, 0x94, 0x8a, 0x00, 0xca, 0x3c, 0x8d,
- 0x66, 0x8f, 0xb0, 0xf0, 0x5a, 0xca, 0x3f, 0x63, 0x71, 0xbf, 0xca, 0x99,
- 0x37, 0x9b, 0x75, 0x97, 0x89, 0x10, 0x6e, 0xcf, 0xf2, 0xf5, 0xe3, 0xd5,
- 0x45, 0x9b, 0xad, 0x10, 0x71, 0x6c, 0x5f, 0x6f, 0x7f, 0x22, 0x77, 0x18,
- 0x2f, 0xf9, 0x99, 0xc5, 0x69, 0x58, 0x03, 0x12, 0x86, 0x82, 0x3e, 0xbf,
- 0xc2, 0x12, 0x35, 0x43, 0xa3, 0xd9, 0x18, 0x4f, 0x41, 0x11, 0x6b, 0xf3,
- 0x67, 0xaf, 0x3d, 0x78, 0xe4, 0x22, 0x2d, 0xb3, 0x48, 0x43, 0x31, 0x1d,
- 0xef, 0xa8, 0xba, 0x49, 0x8e, 0xa9, 0xa7, 0xb6, 0x18, 0x77, 0x84, 0xca,
- 0xbd, 0xa2, 0x02, 0x1b, 0x6a, 0xf8, 0x5f, 0xda, 0xff, 0xcf, 0x01, 0x6a,
- 0x86, 0x69, 0xa9, 0xe9, 0xcb, 0x60, 0x1e, 0x15, 0xdc, 0x8f, 0x5d, 0x39,
- 0xb5, 0xce, 0x55, 0x5f, 0x47, 0x97, 0xb1, 0x19, 0x6e, 0x21, 0xd6, 0x13,
- 0x39, 0xb2, 0x24, 0xe0, 0x62, 0x82, 0x9f, 0xed, 0x12, 0x81, 0xed, 0xee,
- 0xab, 0xd0, 0x2f, 0x19, 0x89, 0x3f, 0x57, 0x2e, 0xc2, 0xe2, 0x67, 0xe8,
- 0xae, 0x03, 0x56, 0xba, 0xd4, 0xd0, 0xa4, 0x89, 0x03, 0x06, 0x5b, 0xcc,
- 0xf2, 0x22, 0xb8, 0x0e, 0x76, 0x79, 0x4a, 0x42, 0x1d, 0x37, 0x51, 0x5a,
- 0xaa, 0x46, 0x6c, 0x2a, 0xdd, 0x66, 0xfe, 0xc6, 0x68, 0xc3, 0x38, 0xa2,
- 0xae, 0x5b, 0x98, 0x24, 0x5d, 0x43, 0x05, 0x82, 0x38, 0x12, 0xd3, 0xd1,
- 0x75, 0x2d, 0x4f, 0x61, 0xbd, 0xb9, 0x10, 0x87, 0x44, 0x2a, 0x78, 0x07,
- 0xff, 0xf4, 0x0f, 0xa1, 0xf3, 0x68, 0x9f, 0xbe, 0xae, 0xa2, 0x91, 0xf0,
- 0xc7, 0x55, 0x7a, 0x52, 0xd5, 0xa3, 0x8d, 0x6f, 0xe4, 0x90, 0x5c, 0xf3,
- 0x5f, 0xce, 0x3d, 0x23, 0xf9, 0x8e, 0xae, 0x14, 0xfb, 0x82, 0x9a, 0xa3,
- 0x04, 0x5f, 0xbf, 0xad, 0x3e, 0xf2, 0x97, 0x0a, 0x60, 0x40, 0x70, 0x19,
- 0x72, 0xad, 0x66, 0xfb, 0x78, 0x1b, 0x84, 0x6c, 0x98, 0xbc, 0x8c, 0xf8,
- 0x4f, 0xcb, 0xb5, 0xf6, 0xaf, 0x7a, 0xb7, 0x93, 0xef, 0x67, 0x48, 0x02,
- 0x2c, 0xcb, 0xe6, 0x77, 0x0f, 0x7b, 0xc1, 0xee, 0xc5, 0xb6, 0x2d, 0x7e,
- 0x62, 0xa0, 0xc0, 0xa7, 0xa5, 0x80, 0x31, 0x92, 0x50, 0xa1, 0x28, 0x22,
- 0x95, 0x03, 0x17, 0xd1, 0x0f, 0xf6, 0x08, 0xe5, 0xec
- };
- #define CHACHA_BIG_TEST_SIZE 1305
- #ifndef WOLFSSL_SMALL_STACK
- byte cipher_big[CHACHA_BIG_TEST_SIZE] = {0};
- byte plain_big[CHACHA_BIG_TEST_SIZE] = {0};
- byte input_big[CHACHA_BIG_TEST_SIZE] = {0};
- #else
- byte* cipher_big;
- byte* plain_big;
- byte* input_big;
- #endif /* WOLFSSL_SMALL_STACK */
- int block_size;
- #endif /* BENCH_EMBEDDED */
- byte a[] = {0x76,0xb8,0xe0,0xad,0xa0,0xf1,0x3d,0x90};
- byte b[] = {0x45,0x40,0xf0,0x5a,0x9f,0x1f,0xb2,0x96};
- byte c[] = {0xde,0x9c,0xba,0x7b,0xf3,0xd6,0x9e,0xf5};
- byte d[] = {0x89,0x67,0x09,0x52,0x60,0x83,0x64,0xfd};
- byte* test_chacha[4];
- test_chacha[0] = a;
- test_chacha[1] = b;
- test_chacha[2] = c;
- test_chacha[3] = d;
- #ifndef BENCH_EMBEDDED
- #ifdef WOLFSSL_SMALL_STACK
- cipher_big = (byte*)XMALLOC(CHACHA_BIG_TEST_SIZE, HEAP_HINT,
- DYNAMIC_TYPE_TMP_BUFFER);
- if (cipher_big == NULL) {
- return MEMORY_E;
- }
- plain_big = (byte*)XMALLOC(CHACHA_BIG_TEST_SIZE, HEAP_HINT,
- DYNAMIC_TYPE_TMP_BUFFER);
- if (plain_big == NULL) {
- return MEMORY_E;
- }
- input_big = (byte*)XMALLOC(CHACHA_BIG_TEST_SIZE, HEAP_HINT,
- DYNAMIC_TYPE_TMP_BUFFER);
- if (input_big == NULL) {
- return MEMORY_E;
- }
- XMEMSET(cipher_big, 0, CHACHA_BIG_TEST_SIZE);
- XMEMSET(plain_big, 0, CHACHA_BIG_TEST_SIZE);
- XMEMSET(input_big, 0, CHACHA_BIG_TEST_SIZE);
- #endif /* WOLFSSL_SMALL_STACK */
- #endif /* BENCH_EMBEDDED */
- for (i = 0; i < times; ++i) {
- if (i < 3) {
- keySz = 32;
- }
- else {
- keySz = 16;
- }
- XMEMCPY(plain, keys[i], keySz);
- XMEMSET(cipher, 0, 32);
- XMEMCPY(cipher + 4, ivs[i], 8);
- ret |= wc_Chacha_SetKey(&enc, keys[i], keySz);
- ret |= wc_Chacha_SetKey(&dec, keys[i], keySz);
- if (ret != 0)
- return ret;
- ret |= wc_Chacha_SetIV(&enc, cipher, 0);
- ret |= wc_Chacha_SetIV(&dec, cipher, 0);
- if (ret != 0)
- return ret;
- XMEMCPY(plain, input, 8);
- ret |= wc_Chacha_Process(&enc, cipher, plain, (word32)8);
- ret |= wc_Chacha_Process(&dec, plain, cipher, (word32)8);
- if (ret != 0)
- return ret;
- if (XMEMCMP(test_chacha[i], cipher, 8))
- return -4700 - i;
- if (XMEMCMP(plain, input, 8))
- return -4710 - i;
- }
- /* test of starting at a different counter
- encrypts all of the information and decrypts starting at 2nd chunk */
- XMEMSET(plain, 0, sizeof(plain));
- XMEMSET(sliver, 1, sizeof(sliver)); /* set as 1's to not match plain */
- XMEMSET(cipher, 0, sizeof(cipher));
- XMEMCPY(cipher + 4, ivs[0], 8);
- ret |= wc_Chacha_SetKey(&enc, keys[0], keySz);
- ret |= wc_Chacha_SetKey(&dec, keys[0], keySz);
- if (ret != 0)
- return ret;
- ret |= wc_Chacha_SetIV(&enc, cipher, 0);
- ret |= wc_Chacha_SetIV(&dec, cipher, 1);
- if (ret != 0)
- return ret;
- ret |= wc_Chacha_Process(&enc, cipher, plain, sizeof(plain));
- ret |= wc_Chacha_Process(&dec, sliver, cipher + 64, sizeof(sliver));
- if (ret != 0)
- return ret;
- if (XMEMCMP(plain + 64, sliver, 64))
- return -4720;
- #ifndef BENCH_EMBEDDED
- /* test of encrypting more data */
- keySz = 32;
- ret |= wc_Chacha_SetKey(&enc, keys[0], keySz);
- ret |= wc_Chacha_SetKey(&dec, keys[0], keySz);
- if (ret != 0)
- return ret;
- ret |= wc_Chacha_SetIV(&enc, ivs[2], 0);
- ret |= wc_Chacha_SetIV(&dec, ivs[2], 0);
- if (ret != 0)
- return ret;
- ret |= wc_Chacha_Process(&enc, cipher_big, plain_big, CHACHA_BIG_TEST_SIZE);
- ret |= wc_Chacha_Process(&dec, plain_big, cipher_big,
- CHACHA_BIG_TEST_SIZE);
- if (ret != 0)
- return ret;
- if (XMEMCMP(plain_big, input_big, CHACHA_BIG_TEST_SIZE))
- return -4721;
- if (XMEMCMP(cipher_big, cipher_big_result, CHACHA_BIG_TEST_SIZE))
- return -4722;
- for (i = 0; i < 18; ++i) {
- /* this will test all paths */
- // block sizes: 1 2 3 4 7 8 15 16 31 32 63 64 127 128 255 256 511 512
- block_size = (2 << (i%9)) - (i<9?1:0);
- keySz = 32;
- ret |= wc_Chacha_SetKey(&enc, keys[0], keySz);
- ret |= wc_Chacha_SetKey(&dec, keys[0], keySz);
- if (ret != 0)
- return ret;
- ret |= wc_Chacha_SetIV(&enc, ivs[2], 0);
- ret |= wc_Chacha_SetIV(&dec, ivs[2], 0);
- if (ret != 0)
- return ret;
- ret |= wc_Chacha_Process(&enc, cipher_big, plain_big, block_size);
- ret |= wc_Chacha_Process(&dec, plain_big, cipher_big, block_size);
- if (ret != 0)
- return ret;
- if (XMEMCMP(plain_big, input_big, block_size))
- return -4723-i;
- if (XMEMCMP(cipher_big, cipher_big_result, block_size))
- return -4724-i;
- }
- /* Streaming test */
- for (i = 1; i <= (int)CHACHA_CHUNK_BYTES + 1; i++) {
- int j, rem;
- ret = wc_Chacha_SetKey(&enc, keys[0], keySz);
- if (ret != 0)
- return -4725;
- ret = wc_Chacha_SetKey(&dec, keys[0], keySz);
- if (ret != 0)
- return -4726;
- ret = wc_Chacha_SetIV(&enc, ivs[2], 0);
- if (ret != 0)
- return -4727;
- ret = wc_Chacha_SetIV(&dec, ivs[2], 0);
- if (ret != 0)
- return -4728;
- for (j = 0; j < CHACHA_BIG_TEST_SIZE - i; j+= i) {
- ret = wc_Chacha_Process(&enc, cipher_big + j, plain_big + j, i);
- if (ret != 0)
- return -4729;
- ret = wc_Chacha_Process(&dec, plain_big + j, cipher_big + j, i);
- if (ret != 0)
- return -4730;
- }
- rem = CHACHA_BIG_TEST_SIZE - j;
- ret = wc_Chacha_Process(&enc, cipher_big + j, plain_big + j, rem);
- if (ret != 0)
- return -4731;
- ret = wc_Chacha_Process(&dec, plain_big + j, cipher_big + j, rem);
- if (ret != 0)
- return -4732;
- if (XMEMCMP(plain_big, input_big, CHACHA_BIG_TEST_SIZE))
- return -4733;
- if (XMEMCMP(cipher_big, cipher_big_result, CHACHA_BIG_TEST_SIZE))
- return -4734;
- }
- #ifdef WOLFSSL_SMALL_STACK
- XFREE(cipher_big, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- XFREE(plain_big, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- XFREE(input_big, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- #endif /* WOLFSSL_SMALL_STACK */
- #endif /* BENCH_EMBEDDED */
- return 0;
- }
- #endif /* HAVE_CHACHA */
- #ifdef HAVE_POLY1305
- WOLFSSL_TEST_SUBROUTINE int poly1305_test(void)
- {
- int ret = 0;
- int i;
- byte tag[16];
- Poly1305 enc;
- WOLFSSL_SMALL_STACK_STATIC const byte msg1[] =
- {
- 0x43,0x72,0x79,0x70,0x74,0x6f,0x67,0x72,
- 0x61,0x70,0x68,0x69,0x63,0x20,0x46,0x6f,
- 0x72,0x75,0x6d,0x20,0x52,0x65,0x73,0x65,
- 0x61,0x72,0x63,0x68,0x20,0x47,0x72,0x6f,
- 0x75,0x70
- };
- WOLFSSL_SMALL_STACK_STATIC const byte msg2[] =
- {
- 0x48,0x65,0x6c,0x6c,0x6f,0x20,0x77,0x6f,0x72,
- 0x6c,0x64,0x21
- };
- WOLFSSL_SMALL_STACK_STATIC const byte msg3[] =
- {
- 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
- 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
- 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
- 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00
- };
- WOLFSSL_SMALL_STACK_STATIC const byte msg4[] =
- {
- 0xd3,0x1a,0x8d,0x34,0x64,0x8e,0x60,0xdb,
- 0x7b,0x86,0xaf,0xbc,0x53,0xef,0x7e,0xc2,
- 0xa4,0xad,0xed,0x51,0x29,0x6e,0x08,0xfe,
- 0xa9,0xe2,0xb5,0xa7,0x36,0xee,0x62,0xd6,
- 0x3d,0xbe,0xa4,0x5e,0x8c,0xa9,0x67,0x12,
- 0x82,0xfa,0xfb,0x69,0xda,0x92,0x72,0x8b,
- 0x1a,0x71,0xde,0x0a,0x9e,0x06,0x0b,0x29,
- 0x05,0xd6,0xa5,0xb6,0x7e,0xcd,0x3b,0x36,
- 0x92,0xdd,0xbd,0x7f,0x2d,0x77,0x8b,0x8c,
- 0x98,0x03,0xae,0xe3,0x28,0x09,0x1b,0x58,
- 0xfa,0xb3,0x24,0xe4,0xfa,0xd6,0x75,0x94,
- 0x55,0x85,0x80,0x8b,0x48,0x31,0xd7,0xbc,
- 0x3f,0xf4,0xde,0xf0,0x8e,0x4b,0x7a,0x9d,
- 0xe5,0x76,0xd2,0x65,0x86,0xce,0xc6,0x4b,
- 0x61,0x16
- };
- WOLFSSL_SMALL_STACK_STATIC const byte msg5[] =
- {
- 0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,
- 0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,
- };
- WOLFSSL_SMALL_STACK_STATIC const byte msg6[] =
- {
- 0xd3,0x1a,0x8d,0x34,0x64,0x8e,0x60,0xdb,
- 0x7b,0x86,0xaf,0xbc,0x53,0xef,0x7e,0xc2,
- 0xa4,0xad,0xed,0x51,0x29,0x6e,0x08,0xfe,
- 0xa9,0xe2,0xb5,0xa7,0x36,0xee,0x62,0xd6,
- 0x3d,0xbe,0xa4,0x5e,0x8c,0xa9,0x67,0x12,
- 0x82,0xfa,0xfb,0x69,0xda,0x92,0x72,0x8b,
- 0xfa,0xb3,0x24,0xe4,0xfa,0xd6,0x75,0x94,
- 0x1a,0x71,0xde,0x0a,0x9e,0x06,0x0b,0x29,
- 0xa9,0xe2,0xb5,0xa7,0x36,0xee,0x62,0xd6,
- 0x3d,0xbe,0xa4,0x5e,0x8c,0xa9,0x67,0x12,
- 0xfa,0xb3,0x24,0xe4,0xfa,0xd6,0x75,0x94,
- 0x05,0xd6,0xa5,0xb6,0x7e,0xcd,0x3b,0x36,
- 0x92,0xdd,0xbd,0x7f,0x2d,0x77,0x8b,0x8c,
- 0x7b,0x86,0xaf,0xbc,0x53,0xef,0x7e,0xc2,
- 0x98,0x03,0xae,0xe3,0x28,0x09,0x1b,0x58,
- 0xfa,0xb3,0x24,0xe4,0xfa,0xd6,0x75,0x94,
- 0x55,0x85,0x80,0x8b,0x48,0x31,0xd7,0xbc,
- 0x3f,0xf4,0xde,0xf0,0x8e,0x4b,0x7a,0x9d,
- 0xe5,0x76,0xd2,0x65,0x86,0xce,0xc6,0x4b,
- 0x61,0x16
- };
- byte additional[] =
- {
- 0x50,0x51,0x52,0x53,0xc0,0xc1,0xc2,0xc3,
- 0xc4,0xc5,0xc6,0xc7
- };
- WOLFSSL_SMALL_STACK_STATIC const byte correct0[] =
- {
- 0x01,0x03,0x80,0x8a,0xfb,0x0d,0xb2,0xfd,
- 0x4a,0xbf,0xf6,0xaf,0x41,0x49,0xf5,0x1b
- };
- WOLFSSL_SMALL_STACK_STATIC const byte correct1[] =
- {
- 0xa8,0x06,0x1d,0xc1,0x30,0x51,0x36,0xc6,
- 0xc2,0x2b,0x8b,0xaf,0x0c,0x01,0x27,0xa9
- };
- WOLFSSL_SMALL_STACK_STATIC const byte correct2[] =
- {
- 0xa6,0xf7,0x45,0x00,0x8f,0x81,0xc9,0x16,
- 0xa2,0x0d,0xcc,0x74,0xee,0xf2,0xb2,0xf0
- };
- WOLFSSL_SMALL_STACK_STATIC const byte correct3[] =
- {
- 0x49,0xec,0x78,0x09,0x0e,0x48,0x1e,0xc6,
- 0xc2,0x6b,0x33,0xb9,0x1c,0xcc,0x03,0x07
- };
- WOLFSSL_SMALL_STACK_STATIC const byte correct4[] =
- {
- 0x1a,0xe1,0x0b,0x59,0x4f,0x09,0xe2,0x6a,
- 0x7e,0x90,0x2e,0xcb,0xd0,0x60,0x06,0x91
- };
- WOLFSSL_SMALL_STACK_STATIC const byte correct5[] =
- {
- 0x03,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
- 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
- };
- WOLFSSL_SMALL_STACK_STATIC const byte correct6[] =
- {
- 0xea,0x11,0x5c,0x4f,0xd0,0xc0,0x10,0xae,
- 0xf7,0xdf,0xda,0x77,0xa2,0xe9,0xaf,0xca
- };
- WOLFSSL_SMALL_STACK_STATIC const byte key[] = {
- 0x85,0xd6,0xbe,0x78,0x57,0x55,0x6d,0x33,
- 0x7f,0x44,0x52,0xfe,0x42,0xd5,0x06,0xa8,
- 0x01,0x03,0x80,0x8a,0xfb,0x0d,0xb2,0xfd,
- 0x4a,0xbf,0xf6,0xaf,0x41,0x49,0xf5,0x1b
- };
- WOLFSSL_SMALL_STACK_STATIC const byte key2[] = {
- 0x74,0x68,0x69,0x73,0x20,0x69,0x73,0x20,
- 0x33,0x32,0x2d,0x62,0x79,0x74,0x65,0x20,
- 0x6b,0x65,0x79,0x20,0x66,0x6f,0x72,0x20,
- 0x50,0x6f,0x6c,0x79,0x31,0x33,0x30,0x35
- };
- WOLFSSL_SMALL_STACK_STATIC const byte key4[] = {
- 0x7b,0xac,0x2b,0x25,0x2d,0xb4,0x47,0xaf,
- 0x09,0xb6,0x7a,0x55,0xa4,0xe9,0x55,0x84,
- 0x0a,0xe1,0xd6,0x73,0x10,0x75,0xd9,0xeb,
- 0x2a,0x93,0x75,0x78,0x3e,0xd5,0x53,0xff
- };
- WOLFSSL_SMALL_STACK_STATIC const byte key5[] = {
- 0x02,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
- 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
- 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
- 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00
- };
- const byte* msgs[] = {NULL, msg1, msg2, msg3, msg5, msg6};
- word32 szm[] = {0, sizeof(msg1), sizeof(msg2),
- sizeof(msg3), sizeof(msg5), sizeof(msg6)};
- const byte* keys[] = {key, key, key2, key2, key5, key};
- const byte* tests[] = {correct0, correct1, correct2, correct3, correct5,
- correct6};
- for (i = 0; i < 6; i++) {
- ret = wc_Poly1305SetKey(&enc, keys[i], 32);
- if (ret != 0)
- return -4800 - i;
- ret = wc_Poly1305Update(&enc, msgs[i], szm[i]);
- if (ret != 0)
- return -4810 - i;
- ret = wc_Poly1305Final(&enc, tag);
- if (ret != 0)
- return -4820 - i;
- if (XMEMCMP(tag, tests[i], sizeof(tag)))
- return -4830 - i;
- }
- /* Check TLS MAC function from 2.8.2 https://tools.ietf.org/html/rfc7539 */
- XMEMSET(tag, 0, sizeof(tag));
- ret = wc_Poly1305SetKey(&enc, key4, sizeof(key4));
- if (ret != 0)
- return -4840;
- ret = wc_Poly1305_MAC(&enc, additional, sizeof(additional),
- (byte*)msg4, sizeof(msg4), tag, sizeof(tag));
- if (ret != 0)
- return -4841;
- if (XMEMCMP(tag, correct4, sizeof(tag)))
- return -4842;
- /* Check fail of TLS MAC function if altering additional data */
- XMEMSET(tag, 0, sizeof(tag));
- additional[0]++;
- ret = wc_Poly1305_MAC(&enc, additional, sizeof(additional),
- (byte*)msg4, sizeof(msg4), tag, sizeof(tag));
- if (ret != 0)
- return -4843;
- if (XMEMCMP(tag, correct4, sizeof(tag)) == 0)
- return -4844;
- return 0;
- }
- #endif /* HAVE_POLY1305 */
- #if defined(HAVE_CHACHA) && defined(HAVE_POLY1305)
- WOLFSSL_TEST_SUBROUTINE int chacha20_poly1305_aead_test(void)
- {
- /* Test #1 from Section 2.8.2 of draft-irtf-cfrg-chacha20-poly1305-10 */
- /* https://tools.ietf.org/html/draft-irtf-cfrg-chacha20-poly1305-10 */
- WOLFSSL_SMALL_STACK_STATIC const byte key1[] = {
- 0x80, 0x81, 0x82, 0x83, 0x84, 0x85, 0x86, 0x87,
- 0x88, 0x89, 0x8a, 0x8b, 0x8c, 0x8d, 0x8e, 0x8f,
- 0x90, 0x91, 0x92, 0x93, 0x94, 0x95, 0x96, 0x97,
- 0x98, 0x99, 0x9a, 0x9b, 0x9c, 0x9d, 0x9e, 0x9f
- };
- WOLFSSL_SMALL_STACK_STATIC const byte plaintext1[] = {
- 0x4c, 0x61, 0x64, 0x69, 0x65, 0x73, 0x20, 0x61,
- 0x6e, 0x64, 0x20, 0x47, 0x65, 0x6e, 0x74, 0x6c,
- 0x65, 0x6d, 0x65, 0x6e, 0x20, 0x6f, 0x66, 0x20,
- 0x74, 0x68, 0x65, 0x20, 0x63, 0x6c, 0x61, 0x73,
- 0x73, 0x20, 0x6f, 0x66, 0x20, 0x27, 0x39, 0x39,
- 0x3a, 0x20, 0x49, 0x66, 0x20, 0x49, 0x20, 0x63,
- 0x6f, 0x75, 0x6c, 0x64, 0x20, 0x6f, 0x66, 0x66,
- 0x65, 0x72, 0x20, 0x79, 0x6f, 0x75, 0x20, 0x6f,
- 0x6e, 0x6c, 0x79, 0x20, 0x6f, 0x6e, 0x65, 0x20,
- 0x74, 0x69, 0x70, 0x20, 0x66, 0x6f, 0x72, 0x20,
- 0x74, 0x68, 0x65, 0x20, 0x66, 0x75, 0x74, 0x75,
- 0x72, 0x65, 0x2c, 0x20, 0x73, 0x75, 0x6e, 0x73,
- 0x63, 0x72, 0x65, 0x65, 0x6e, 0x20, 0x77, 0x6f,
- 0x75, 0x6c, 0x64, 0x20, 0x62, 0x65, 0x20, 0x69,
- 0x74, 0x2e
- };
- WOLFSSL_SMALL_STACK_STATIC const byte iv1[] = {
- 0x07, 0x00, 0x00, 0x00, 0x40, 0x41, 0x42, 0x43,
- 0x44, 0x45, 0x46, 0x47
- };
- WOLFSSL_SMALL_STACK_STATIC const byte aad1[] = { /* additional data */
- 0x50, 0x51, 0x52, 0x53, 0xc0, 0xc1, 0xc2, 0xc3,
- 0xc4, 0xc5, 0xc6, 0xc7
- };
- WOLFSSL_SMALL_STACK_STATIC const byte cipher1[] = { /* expected output from operation */
- 0xd3, 0x1a, 0x8d, 0x34, 0x64, 0x8e, 0x60, 0xdb,
- 0x7b, 0x86, 0xaf, 0xbc, 0x53, 0xef, 0x7e, 0xc2,
- 0xa4, 0xad, 0xed, 0x51, 0x29, 0x6e, 0x08, 0xfe,
- 0xa9, 0xe2, 0xb5, 0xa7, 0x36, 0xee, 0x62, 0xd6,
- 0x3d, 0xbe, 0xa4, 0x5e, 0x8c, 0xa9, 0x67, 0x12,
- 0x82, 0xfa, 0xfb, 0x69, 0xda, 0x92, 0x72, 0x8b,
- 0x1a, 0x71, 0xde, 0x0a, 0x9e, 0x06, 0x0b, 0x29,
- 0x05, 0xd6, 0xa5, 0xb6, 0x7e, 0xcd, 0x3b, 0x36,
- 0x92, 0xdd, 0xbd, 0x7f, 0x2d, 0x77, 0x8b, 0x8c,
- 0x98, 0x03, 0xae, 0xe3, 0x28, 0x09, 0x1b, 0x58,
- 0xfa, 0xb3, 0x24, 0xe4, 0xfa, 0xd6, 0x75, 0x94,
- 0x55, 0x85, 0x80, 0x8b, 0x48, 0x31, 0xd7, 0xbc,
- 0x3f, 0xf4, 0xde, 0xf0, 0x8e, 0x4b, 0x7a, 0x9d,
- 0xe5, 0x76, 0xd2, 0x65, 0x86, 0xce, 0xc6, 0x4b,
- 0x61, 0x16
- };
- WOLFSSL_SMALL_STACK_STATIC const byte authTag1[] = { /* expected output from operation */
- 0x1a, 0xe1, 0x0b, 0x59, 0x4f, 0x09, 0xe2, 0x6a,
- 0x7e, 0x90, 0x2e, 0xcb, 0xd0, 0x60, 0x06, 0x91
- };
- /* Test #2 from Appendix A.2 in draft-irtf-cfrg-chacha20-poly1305-10 */
- /* https://tools.ietf.org/html/draft-irtf-cfrg-chacha20-poly1305-10 */
- WOLFSSL_SMALL_STACK_STATIC const byte key2[] = {
- 0x1c, 0x92, 0x40, 0xa5, 0xeb, 0x55, 0xd3, 0x8a,
- 0xf3, 0x33, 0x88, 0x86, 0x04, 0xf6, 0xb5, 0xf0,
- 0x47, 0x39, 0x17, 0xc1, 0x40, 0x2b, 0x80, 0x09,
- 0x9d, 0xca, 0x5c, 0xbc, 0x20, 0x70, 0x75, 0xc0
- };
- WOLFSSL_SMALL_STACK_STATIC const byte plaintext2[] = {
- 0x49, 0x6e, 0x74, 0x65, 0x72, 0x6e, 0x65, 0x74,
- 0x2d, 0x44, 0x72, 0x61, 0x66, 0x74, 0x73, 0x20,
- 0x61, 0x72, 0x65, 0x20, 0x64, 0x72, 0x61, 0x66,
- 0x74, 0x20, 0x64, 0x6f, 0x63, 0x75, 0x6d, 0x65,
- 0x6e, 0x74, 0x73, 0x20, 0x76, 0x61, 0x6c, 0x69,
- 0x64, 0x20, 0x66, 0x6f, 0x72, 0x20, 0x61, 0x20,
- 0x6d, 0x61, 0x78, 0x69, 0x6d, 0x75, 0x6d, 0x20,
- 0x6f, 0x66, 0x20, 0x73, 0x69, 0x78, 0x20, 0x6d,
- 0x6f, 0x6e, 0x74, 0x68, 0x73, 0x20, 0x61, 0x6e,
- 0x64, 0x20, 0x6d, 0x61, 0x79, 0x20, 0x62, 0x65,
- 0x20, 0x75, 0x70, 0x64, 0x61, 0x74, 0x65, 0x64,
- 0x2c, 0x20, 0x72, 0x65, 0x70, 0x6c, 0x61, 0x63,
- 0x65, 0x64, 0x2c, 0x20, 0x6f, 0x72, 0x20, 0x6f,
- 0x62, 0x73, 0x6f, 0x6c, 0x65, 0x74, 0x65, 0x64,
- 0x20, 0x62, 0x79, 0x20, 0x6f, 0x74, 0x68, 0x65,
- 0x72, 0x20, 0x64, 0x6f, 0x63, 0x75, 0x6d, 0x65,
- 0x6e, 0x74, 0x73, 0x20, 0x61, 0x74, 0x20, 0x61,
- 0x6e, 0x79, 0x20, 0x74, 0x69, 0x6d, 0x65, 0x2e,
- 0x20, 0x49, 0x74, 0x20, 0x69, 0x73, 0x20, 0x69,
- 0x6e, 0x61, 0x70, 0x70, 0x72, 0x6f, 0x70, 0x72,
- 0x69, 0x61, 0x74, 0x65, 0x20, 0x74, 0x6f, 0x20,
- 0x75, 0x73, 0x65, 0x20, 0x49, 0x6e, 0x74, 0x65,
- 0x72, 0x6e, 0x65, 0x74, 0x2d, 0x44, 0x72, 0x61,
- 0x66, 0x74, 0x73, 0x20, 0x61, 0x73, 0x20, 0x72,
- 0x65, 0x66, 0x65, 0x72, 0x65, 0x6e, 0x63, 0x65,
- 0x20, 0x6d, 0x61, 0x74, 0x65, 0x72, 0x69, 0x61,
- 0x6c, 0x20, 0x6f, 0x72, 0x20, 0x74, 0x6f, 0x20,
- 0x63, 0x69, 0x74, 0x65, 0x20, 0x74, 0x68, 0x65,
- 0x6d, 0x20, 0x6f, 0x74, 0x68, 0x65, 0x72, 0x20,
- 0x74, 0x68, 0x61, 0x6e, 0x20, 0x61, 0x73, 0x20,
- 0x2f, 0xe2, 0x80, 0x9c, 0x77, 0x6f, 0x72, 0x6b,
- 0x20, 0x69, 0x6e, 0x20, 0x70, 0x72, 0x6f, 0x67,
- 0x72, 0x65, 0x73, 0x73, 0x2e, 0x2f, 0xe2, 0x80,
- 0x9d
- };
- WOLFSSL_SMALL_STACK_STATIC const byte iv2[] = {
- 0x00, 0x00, 0x00, 0x00, 0x01, 0x02, 0x03, 0x04,
- 0x05, 0x06, 0x07, 0x08
- };
- WOLFSSL_SMALL_STACK_STATIC const byte aad2[] = { /* additional data */
- 0xf3, 0x33, 0x88, 0x86, 0x00, 0x00, 0x00, 0x00,
- 0x00, 0x00, 0x4e, 0x91
- };
- WOLFSSL_SMALL_STACK_STATIC const byte cipher2[] = { /* expected output from operation */
- 0x64, 0xa0, 0x86, 0x15, 0x75, 0x86, 0x1a, 0xf4,
- 0x60, 0xf0, 0x62, 0xc7, 0x9b, 0xe6, 0x43, 0xbd,
- 0x5e, 0x80, 0x5c, 0xfd, 0x34, 0x5c, 0xf3, 0x89,
- 0xf1, 0x08, 0x67, 0x0a, 0xc7, 0x6c, 0x8c, 0xb2,
- 0x4c, 0x6c, 0xfc, 0x18, 0x75, 0x5d, 0x43, 0xee,
- 0xa0, 0x9e, 0xe9, 0x4e, 0x38, 0x2d, 0x26, 0xb0,
- 0xbd, 0xb7, 0xb7, 0x3c, 0x32, 0x1b, 0x01, 0x00,
- 0xd4, 0xf0, 0x3b, 0x7f, 0x35, 0x58, 0x94, 0xcf,
- 0x33, 0x2f, 0x83, 0x0e, 0x71, 0x0b, 0x97, 0xce,
- 0x98, 0xc8, 0xa8, 0x4a, 0xbd, 0x0b, 0x94, 0x81,
- 0x14, 0xad, 0x17, 0x6e, 0x00, 0x8d, 0x33, 0xbd,
- 0x60, 0xf9, 0x82, 0xb1, 0xff, 0x37, 0xc8, 0x55,
- 0x97, 0x97, 0xa0, 0x6e, 0xf4, 0xf0, 0xef, 0x61,
- 0xc1, 0x86, 0x32, 0x4e, 0x2b, 0x35, 0x06, 0x38,
- 0x36, 0x06, 0x90, 0x7b, 0x6a, 0x7c, 0x02, 0xb0,
- 0xf9, 0xf6, 0x15, 0x7b, 0x53, 0xc8, 0x67, 0xe4,
- 0xb9, 0x16, 0x6c, 0x76, 0x7b, 0x80, 0x4d, 0x46,
- 0xa5, 0x9b, 0x52, 0x16, 0xcd, 0xe7, 0xa4, 0xe9,
- 0x90, 0x40, 0xc5, 0xa4, 0x04, 0x33, 0x22, 0x5e,
- 0xe2, 0x82, 0xa1, 0xb0, 0xa0, 0x6c, 0x52, 0x3e,
- 0xaf, 0x45, 0x34, 0xd7, 0xf8, 0x3f, 0xa1, 0x15,
- 0x5b, 0x00, 0x47, 0x71, 0x8c, 0xbc, 0x54, 0x6a,
- 0x0d, 0x07, 0x2b, 0x04, 0xb3, 0x56, 0x4e, 0xea,
- 0x1b, 0x42, 0x22, 0x73, 0xf5, 0x48, 0x27, 0x1a,
- 0x0b, 0xb2, 0x31, 0x60, 0x53, 0xfa, 0x76, 0x99,
- 0x19, 0x55, 0xeb, 0xd6, 0x31, 0x59, 0x43, 0x4e,
- 0xce, 0xbb, 0x4e, 0x46, 0x6d, 0xae, 0x5a, 0x10,
- 0x73, 0xa6, 0x72, 0x76, 0x27, 0x09, 0x7a, 0x10,
- 0x49, 0xe6, 0x17, 0xd9, 0x1d, 0x36, 0x10, 0x94,
- 0xfa, 0x68, 0xf0, 0xff, 0x77, 0x98, 0x71, 0x30,
- 0x30, 0x5b, 0xea, 0xba, 0x2e, 0xda, 0x04, 0xdf,
- 0x99, 0x7b, 0x71, 0x4d, 0x6c, 0x6f, 0x2c, 0x29,
- 0xa6, 0xad, 0x5c, 0xb4, 0x02, 0x2b, 0x02, 0x70,
- 0x9b
- };
- WOLFSSL_SMALL_STACK_STATIC const byte authTag2[] = { /* expected output from operation */
- 0xee, 0xad, 0x9d, 0x67, 0x89, 0x0c, 0xbb, 0x22,
- 0x39, 0x23, 0x36, 0xfe, 0xa1, 0x85, 0x1f, 0x38
- };
- byte generatedCiphertext[265]; /* max plaintext2/cipher2 */
- byte generatedPlaintext[265]; /* max plaintext2/cipher2 */
- byte generatedAuthTag[CHACHA20_POLY1305_AEAD_AUTHTAG_SIZE];
- int err;
- ChaChaPoly_Aead aead;
- #if !defined(USE_INTEL_CHACHA_SPEEDUP) && !defined(WOLFSSL_ARMASM)
- #define TEST_SMALL_CHACHA_CHUNKS 32
- #else
- #define TEST_SMALL_CHACHA_CHUNKS 64
- #endif
- #ifdef TEST_SMALL_CHACHA_CHUNKS
- word32 testLen;
- #endif
- XMEMSET(generatedCiphertext, 0, sizeof(generatedCiphertext));
- XMEMSET(generatedAuthTag, 0, sizeof(generatedAuthTag));
- XMEMSET(generatedPlaintext, 0, sizeof(generatedPlaintext));
- /* Parameter Validation testing */
- /* Encrypt */
- err = wc_ChaCha20Poly1305_Encrypt(NULL, iv1, aad1, sizeof(aad1), plaintext1,
- sizeof(plaintext1), generatedCiphertext, generatedAuthTag);
- if (err != BAD_FUNC_ARG)
- return -4900;
- err = wc_ChaCha20Poly1305_Encrypt(key1, NULL, aad1, sizeof(aad1),
- plaintext1, sizeof(plaintext1), generatedCiphertext,
- generatedAuthTag);
- if (err != BAD_FUNC_ARG)
- return -4901;
- err = wc_ChaCha20Poly1305_Encrypt(key1, iv1, aad1, sizeof(aad1), NULL,
- sizeof(plaintext1), generatedCiphertext, generatedAuthTag);
- if (err != BAD_FUNC_ARG)
- return -4902;
- err = wc_ChaCha20Poly1305_Encrypt(key1, iv1, aad1, sizeof(aad1), plaintext1,
- sizeof(plaintext1), NULL, generatedAuthTag);
- if (err != BAD_FUNC_ARG)
- return -4903;
- err = wc_ChaCha20Poly1305_Encrypt(key1, iv1, aad1, sizeof(aad1), plaintext1,
- sizeof(plaintext1), generatedCiphertext, NULL);
- if (err != BAD_FUNC_ARG)
- return -4904;
- err = wc_ChaCha20Poly1305_Encrypt(key1, iv1, aad1, sizeof(aad1), plaintext1,
- 0, generatedCiphertext, generatedAuthTag);
- if (err != BAD_FUNC_ARG)
- return -4905;
- /* Decrypt */
- err = wc_ChaCha20Poly1305_Decrypt(NULL, iv2, aad2, sizeof(aad2), cipher2,
- sizeof(cipher2), authTag2, generatedPlaintext);
- if (err != BAD_FUNC_ARG)
- return -4906;
- err = wc_ChaCha20Poly1305_Decrypt(key2, NULL, aad2, sizeof(aad2), cipher2,
- sizeof(cipher2), authTag2, generatedPlaintext);
- if (err != BAD_FUNC_ARG)
- return -4907;
- err = wc_ChaCha20Poly1305_Decrypt(key2, iv2, aad2, sizeof(aad2), NULL,
- sizeof(cipher2), authTag2, generatedPlaintext);
- if (err != BAD_FUNC_ARG)
- return -4908;
- err = wc_ChaCha20Poly1305_Decrypt(key2, iv2, aad2, sizeof(aad2), cipher2,
- sizeof(cipher2), NULL, generatedPlaintext);
- if (err != BAD_FUNC_ARG)
- return -4909;
- err = wc_ChaCha20Poly1305_Decrypt(key2, iv2, aad2, sizeof(aad2), cipher2,
- sizeof(cipher2), authTag2, NULL);
- if (err != BAD_FUNC_ARG)
- return -4910;
- err = wc_ChaCha20Poly1305_Decrypt(key2, iv2, aad2, sizeof(aad2), cipher2,
- 0, authTag2, generatedPlaintext);
- if (err != BAD_FUNC_ARG)
- return -4911;
- /* Test #1 */
- err = wc_ChaCha20Poly1305_Encrypt(key1, iv1,
- aad1, sizeof(aad1),
- plaintext1, sizeof(plaintext1),
- generatedCiphertext, generatedAuthTag);
- if (err) {
- return err;
- }
- /* -- Check the ciphertext and authtag */
- if (XMEMCMP(generatedCiphertext, cipher1, sizeof(cipher1))) {
- return -4912;
- }
- if (XMEMCMP(generatedAuthTag, authTag1, sizeof(authTag1))) {
- return -4913;
- }
- /* -- Verify decryption works */
- err = wc_ChaCha20Poly1305_Decrypt(key1, iv1,
- aad1, sizeof(aad1),
- cipher1, sizeof(cipher1),
- authTag1, generatedPlaintext);
- if (err) {
- return err;
- }
- if (XMEMCMP(generatedPlaintext, plaintext1, sizeof(plaintext1))) {
- return -4914;
- }
- XMEMSET(generatedCiphertext, 0, sizeof(generatedCiphertext));
- XMEMSET(generatedAuthTag, 0, sizeof(generatedAuthTag));
- XMEMSET(generatedPlaintext, 0, sizeof(generatedPlaintext));
- /* Test #2 */
- err = wc_ChaCha20Poly1305_Encrypt(key2, iv2,
- aad2, sizeof(aad2),
- plaintext2, sizeof(plaintext2),
- generatedCiphertext, generatedAuthTag);
- if (err) {
- return err;
- }
- /* -- Check the ciphertext and authtag */
- if (XMEMCMP(generatedCiphertext, cipher2, sizeof(cipher2))) {
- return -4915;
- }
- if (XMEMCMP(generatedAuthTag, authTag2, sizeof(authTag2))) {
- return -4916;
- }
- /* -- Verify decryption works */
- err = wc_ChaCha20Poly1305_Decrypt(key2, iv2,
- aad2, sizeof(aad2),
- cipher2, sizeof(cipher2),
- authTag2, generatedPlaintext);
- if (err) {
- return err;
- }
- if (XMEMCMP(generatedPlaintext, plaintext2, sizeof(plaintext2))) {
- return -4917;
- }
- /* AEAD init/update/final - bad argument tests */
- err = wc_ChaCha20Poly1305_Init(NULL, key1, iv1,
- CHACHA20_POLY1305_AEAD_DECRYPT);
- if (err != BAD_FUNC_ARG)
- return -4918;
- err = wc_ChaCha20Poly1305_Init(&aead, NULL, iv1,
- CHACHA20_POLY1305_AEAD_DECRYPT);
- if (err != BAD_FUNC_ARG)
- return -4919;
- err = wc_ChaCha20Poly1305_Init(&aead, key1, NULL,
- CHACHA20_POLY1305_AEAD_DECRYPT);
- if (err != BAD_FUNC_ARG)
- return -4920;
- err = wc_ChaCha20Poly1305_UpdateAad(NULL, aad1, sizeof(aad1));
- if (err != BAD_FUNC_ARG)
- return -4921;
- err = wc_ChaCha20Poly1305_UpdateAad(&aead, NULL, sizeof(aad1));
- if (err != BAD_FUNC_ARG)
- return -4922;
- err = wc_ChaCha20Poly1305_UpdateData(NULL, generatedPlaintext,
- generatedPlaintext, sizeof(plaintext1));
- if (err != BAD_FUNC_ARG)
- return -4923;
- err = wc_ChaCha20Poly1305_UpdateData(&aead, generatedPlaintext, NULL,
- sizeof(plaintext1));
- if (err != BAD_FUNC_ARG)
- return -4924;
- err = wc_ChaCha20Poly1305_UpdateData(&aead, NULL, generatedPlaintext,
- sizeof(plaintext1));
- if (err != BAD_FUNC_ARG)
- return -4925;
- err = wc_ChaCha20Poly1305_Final(NULL, generatedAuthTag);
- if (err != BAD_FUNC_ARG)
- return -4926;
- err = wc_ChaCha20Poly1305_Final(&aead, NULL);
- if (err != BAD_FUNC_ARG)
- return -4927;
- /* AEAD init/update/final - bad state tests */
- /* clear struct - make valgrind happy to resolve
- "Conditional jump or move depends on uninitialised value(s)".
- The enum is "int" size and aead.state is "byte" */
- /* The wc_ChaCha20Poly1305_Init function does this normally */
- XMEMSET(&aead, 0, sizeof(aead));
- aead.state = CHACHA20_POLY1305_STATE_INIT;
- err = wc_ChaCha20Poly1305_UpdateAad(&aead, aad1, sizeof(aad1));
- if (err != BAD_STATE_E)
- return -4928;
- aead.state = CHACHA20_POLY1305_STATE_DATA;
- err = wc_ChaCha20Poly1305_UpdateAad(&aead, aad1, sizeof(aad1));
- if (err != BAD_STATE_E)
- return -4929;
- aead.state = CHACHA20_POLY1305_STATE_INIT;
- err = wc_ChaCha20Poly1305_UpdateData(&aead, generatedPlaintext,
- generatedPlaintext, sizeof(plaintext1));
- if (err != BAD_STATE_E)
- return -4930;
- aead.state = CHACHA20_POLY1305_STATE_INIT;
- err = wc_ChaCha20Poly1305_Final(&aead, generatedAuthTag);
- if (err != BAD_STATE_E)
- return -4931;
- aead.state = CHACHA20_POLY1305_STATE_READY;
- err = wc_ChaCha20Poly1305_Final(&aead, generatedAuthTag);
- if (err != BAD_STATE_E)
- return -4932;
- XMEMSET(generatedCiphertext, 0, sizeof(generatedCiphertext));
- XMEMSET(generatedAuthTag, 0, sizeof(generatedAuthTag));
- XMEMSET(generatedPlaintext, 0, sizeof(generatedPlaintext));
- /* Test 1 - Encrypt */
- err = wc_ChaCha20Poly1305_Init(&aead, key1, iv1,
- CHACHA20_POLY1305_AEAD_ENCRYPT);
- if (err != 0)
- return -4933;
- err = wc_ChaCha20Poly1305_UpdateAad(&aead, aad1, sizeof(aad1));
- if (err != 0)
- return -4934;
- #ifdef TEST_SMALL_CHACHA_CHUNKS
- /* test doing data in smaller chunks */
- for (testLen=0; testLen<sizeof(plaintext1); ) {
- word32 dataLen = sizeof(plaintext1) - testLen;
- if (dataLen > TEST_SMALL_CHACHA_CHUNKS)
- dataLen = TEST_SMALL_CHACHA_CHUNKS;
- err = wc_ChaCha20Poly1305_UpdateData(&aead, &plaintext1[testLen],
- &generatedCiphertext[testLen], dataLen);
- if (err != 0)
- return -4935;
- testLen += dataLen;
- }
- #else
- err = wc_ChaCha20Poly1305_UpdateData(&aead, plaintext1,
- generatedCiphertext, sizeof(plaintext1));
- #endif
- err = wc_ChaCha20Poly1305_Final(&aead, generatedAuthTag);
- if (err != 0)
- return -4936;
- err = wc_ChaCha20Poly1305_CheckTag(generatedAuthTag, authTag1);
- if (err != 0)
- return -4937;
- if (XMEMCMP(generatedCiphertext, cipher1, sizeof(cipher1))) {
- return -4938;
- }
- /* Test 1 - Decrypt */
- err = wc_ChaCha20Poly1305_Init(&aead, key1, iv1,
- CHACHA20_POLY1305_AEAD_DECRYPT);
- if (err != 0)
- return -4939;
- err = wc_ChaCha20Poly1305_UpdateAad(&aead, aad1, sizeof(aad1));
- if (err != 0)
- return -4940;
- #ifdef TEST_SMALL_CHACHA_CHUNKS
- /* test doing data in smaller chunks */
- for (testLen=0; testLen<sizeof(plaintext1); ) {
- word32 dataLen = sizeof(plaintext1) - testLen;
- if (dataLen > TEST_SMALL_CHACHA_CHUNKS)
- dataLen = TEST_SMALL_CHACHA_CHUNKS;
- err = wc_ChaCha20Poly1305_UpdateData(&aead,
- &generatedCiphertext[testLen], &generatedPlaintext[testLen],
- dataLen);
- if (err != 0)
- return -4941;
- testLen += dataLen;
- }
- #else
- err = wc_ChaCha20Poly1305_UpdateData(&aead, generatedCiphertext,
- generatedPlaintext, sizeof(cipher1));
- #endif
- err = wc_ChaCha20Poly1305_Final(&aead, generatedAuthTag);
- if (err != 0)
- return -4942;
- err = wc_ChaCha20Poly1305_CheckTag(generatedAuthTag, authTag1);
- if (err != 0)
- return -4943;
- if (XMEMCMP(generatedPlaintext, plaintext1, sizeof(plaintext1))) {
- return -4944;
- }
- XMEMSET(generatedCiphertext, 0, sizeof(generatedCiphertext));
- XMEMSET(generatedAuthTag, 0, sizeof(generatedAuthTag));
- XMEMSET(generatedPlaintext, 0, sizeof(generatedPlaintext));
- /* Test 2 - Encrypt */
- err = wc_ChaCha20Poly1305_Init(&aead, key2, iv2,
- CHACHA20_POLY1305_AEAD_ENCRYPT);
- if (err != 0)
- return -4945;
- err = wc_ChaCha20Poly1305_UpdateAad(&aead, aad2, sizeof(aad2));
- if (err != 0)
- return -4946;
- #ifdef TEST_SMALL_CHACHA_CHUNKS
- /* test doing data in smaller chunks */
- for (testLen=0; testLen<sizeof(plaintext2); ) {
- word32 dataLen = sizeof(plaintext2) - testLen;
- if (dataLen > TEST_SMALL_CHACHA_CHUNKS)
- dataLen = TEST_SMALL_CHACHA_CHUNKS;
- err = wc_ChaCha20Poly1305_UpdateData(&aead, &plaintext2[testLen],
- &generatedCiphertext[testLen], dataLen);
- if (err != 0)
- return -4947;
- testLen += dataLen;
- }
- #else
- err = wc_ChaCha20Poly1305_UpdateData(&aead, plaintext2, generatedCiphertext,
- sizeof(plaintext2));
- #endif
- err = wc_ChaCha20Poly1305_Final(&aead, generatedAuthTag);
- if (err != 0)
- return -4948;
- err = wc_ChaCha20Poly1305_CheckTag(generatedAuthTag, authTag2);
- if (err != 0)
- return -4949;
- if (XMEMCMP(generatedCiphertext, cipher2, sizeof(cipher2))) {
- return -4950;
- }
- /* Test 2 - Decrypt */
- err = wc_ChaCha20Poly1305_Init(&aead, key2, iv2,
- CHACHA20_POLY1305_AEAD_DECRYPT);
- if (err != 0)
- return -4951;
- err = wc_ChaCha20Poly1305_UpdateAad(&aead, aad2, sizeof(aad2));
- if (err != 0)
- return -4952;
- #ifdef TEST_SMALL_CHACHA_CHUNKS
- /* test doing data in smaller chunks */
- for (testLen=0; testLen<sizeof(plaintext2); ) {
- word32 dataLen = sizeof(plaintext2) - testLen;
- if (dataLen > TEST_SMALL_CHACHA_CHUNKS)
- dataLen = TEST_SMALL_CHACHA_CHUNKS;
- err = wc_ChaCha20Poly1305_UpdateData(&aead,
- &generatedCiphertext[testLen], &generatedPlaintext[testLen],
- dataLen);
- if (err != 0)
- return -4953;
- testLen += dataLen;
- }
- #else
- err = wc_ChaCha20Poly1305_UpdateData(&aead, generatedCiphertext,
- generatedPlaintext, sizeof(cipher2));
- #endif
- err = wc_ChaCha20Poly1305_Final(&aead, generatedAuthTag);
- if (err != 0)
- return -4954;
- err = wc_ChaCha20Poly1305_CheckTag(generatedAuthTag, authTag2);
- if (err != 0)
- return -4955;
- if (XMEMCMP(generatedPlaintext, plaintext2, sizeof(plaintext2))) {
- return -4956;
- }
- return err;
- }
- #endif /* HAVE_CHACHA && HAVE_POLY1305 */
- #ifndef NO_DES3
- WOLFSSL_TEST_SUBROUTINE int des_test(void)
- {
- WOLFSSL_SMALL_STACK_STATIC const byte vector[] = { /* "now is the time for all " w/o trailing 0 */
- 0x6e,0x6f,0x77,0x20,0x69,0x73,0x20,0x74,
- 0x68,0x65,0x20,0x74,0x69,0x6d,0x65,0x20,
- 0x66,0x6f,0x72,0x20,0x61,0x6c,0x6c,0x20
- };
- byte plain[24];
- byte cipher[24];
- Des enc;
- Des dec;
- WOLFSSL_SMALL_STACK_STATIC const byte key[] =
- {
- 0x01,0x23,0x45,0x67,0x89,0xab,0xcd,0xef
- };
- WOLFSSL_SMALL_STACK_STATIC const byte iv[] =
- {
- 0x12,0x34,0x56,0x78,0x90,0xab,0xcd,0xef
- };
- WOLFSSL_SMALL_STACK_STATIC const byte verify[] =
- {
- 0x8b,0x7c,0x52,0xb0,0x01,0x2b,0x6c,0xb8,
- 0x4f,0x0f,0xeb,0xf3,0xfb,0x5f,0x86,0x73,
- 0x15,0x85,0xb3,0x22,0x4b,0x86,0x2b,0x4b
- };
- int ret;
- ret = wc_Des_SetKey(&enc, key, iv, DES_ENCRYPTION);
- if (ret != 0)
- return -5000;
- ret = wc_Des_CbcEncrypt(&enc, cipher, vector, sizeof(vector));
- if (ret != 0)
- return -5001;
- ret = wc_Des_SetKey(&dec, key, iv, DES_DECRYPTION);
- if (ret != 0)
- return -5002;
- ret = wc_Des_CbcDecrypt(&dec, plain, cipher, sizeof(cipher));
- if (ret != 0)
- return -5003;
- if (XMEMCMP(plain, vector, sizeof(plain)))
- return -5004;
- if (XMEMCMP(cipher, verify, sizeof(cipher)))
- return -5005;
- ret = wc_Des_CbcEncryptWithKey(cipher, vector, sizeof(vector), key, iv);
- if (ret != 0)
- return -5006;
- #if defined(WOLFSSL_ENCRYPTED_KEYS) && !defined(NO_SHA)
- {
- EncryptedInfo info;
- XMEMSET(&info, 0, sizeof(EncryptedInfo));
- XMEMCPY(info.iv, iv, sizeof(iv));
- info.ivSz = sizeof(iv);
- info.keySz = sizeof(key);
- info.cipherType = WC_CIPHER_DES;
- ret = wc_BufferKeyEncrypt(&info, cipher, sizeof(cipher), key,
- sizeof(key), WC_HASH_TYPE_SHA);
- if (ret != 0)
- return -5007;
- /* Test invalid info ptr */
- ret = wc_BufferKeyEncrypt(NULL, cipher, sizeof(cipher), key,
- sizeof(key), WC_HASH_TYPE_SHA);
- if (ret != BAD_FUNC_ARG)
- return -5008;
- #ifndef NO_PWDBASED
- /* Test invalid hash type - only applies to wc_PBKDF1 call */
- ret = wc_BufferKeyEncrypt(&info, cipher, sizeof(cipher), key,
- sizeof(key), WC_HASH_TYPE_NONE);
- if (ret == 0)
- return -5009;
- #endif /* !NO_PWDBASED */
- }
- #endif
- return 0;
- }
- #endif /* !NO_DES3 */
- #ifndef NO_DES3
- WOLFSSL_TEST_SUBROUTINE int des3_test(void)
- {
- WOLFSSL_SMALL_STACK_STATIC const byte vector[] = { /* "Now is the time for all " w/o trailing 0 */
- 0x4e,0x6f,0x77,0x20,0x69,0x73,0x20,0x74,
- 0x68,0x65,0x20,0x74,0x69,0x6d,0x65,0x20,
- 0x66,0x6f,0x72,0x20,0x61,0x6c,0x6c,0x20
- };
- byte plain[24];
- byte cipher[24];
- Des3 enc;
- Des3 dec;
- WOLFSSL_SMALL_STACK_STATIC const byte key3[] =
- {
- 0x01,0x23,0x45,0x67,0x89,0xab,0xcd,0xef,
- 0xfe,0xde,0xba,0x98,0x76,0x54,0x32,0x10,
- 0x89,0xab,0xcd,0xef,0x01,0x23,0x45,0x67
- };
- WOLFSSL_SMALL_STACK_STATIC const byte iv3[] =
- {
- 0x12,0x34,0x56,0x78,0x90,0xab,0xcd,0xef,
- 0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01,
- 0x11,0x21,0x31,0x41,0x51,0x61,0x71,0x81
- };
- WOLFSSL_SMALL_STACK_STATIC const byte verify3[] =
- {
- 0x43,0xa0,0x29,0x7e,0xd1,0x84,0xf8,0x0e,
- 0x89,0x64,0x84,0x32,0x12,0xd5,0x08,0x98,
- 0x18,0x94,0x15,0x74,0x87,0x12,0x7d,0xb0
- };
- int ret;
- if (wc_Des3Init(&enc, HEAP_HINT, devId) != 0)
- return -5100;
- if (wc_Des3Init(&dec, HEAP_HINT, devId) != 0)
- return -5101;
- ret = wc_Des3_SetKey(&enc, key3, iv3, DES_ENCRYPTION);
- if (ret != 0)
- return -5102;
- ret = wc_Des3_SetKey(&dec, key3, iv3, DES_DECRYPTION);
- if (ret != 0)
- return -5103;
- ret = wc_Des3_CbcEncrypt(&enc, cipher, vector, sizeof(vector));
- #if defined(WOLFSSL_ASYNC_CRYPT)
- ret = wc_AsyncWait(ret, &enc.asyncDev, WC_ASYNC_FLAG_NONE);
- #endif
- if (ret != 0)
- return -5104;
- ret = wc_Des3_CbcDecrypt(&dec, plain, cipher, sizeof(cipher));
- #if defined(WOLFSSL_ASYNC_CRYPT)
- ret = wc_AsyncWait(ret, &dec.asyncDev, WC_ASYNC_FLAG_NONE);
- #endif
- if (ret != 0)
- return -5105;
- if (XMEMCMP(plain, vector, sizeof(plain)))
- return -5106;
- if (XMEMCMP(cipher, verify3, sizeof(cipher)))
- return -5107;
- #if defined(OPENSSL_EXTRA) && !defined(WOLFCRYPT_ONLY)
- /* test the same vectors with using compatibility layer */
- {
- DES_key_schedule ks1;
- DES_key_schedule ks2;
- DES_key_schedule ks3;
- DES_cblock iv4;
- XMEMCPY(ks1, key3, sizeof(DES_key_schedule));
- XMEMCPY(ks2, key3 + 8, sizeof(DES_key_schedule));
- XMEMCPY(ks3, key3 + 16, sizeof(DES_key_schedule));
- XMEMCPY(iv4, iv3, sizeof(DES_cblock));
- XMEMSET(plain, 0, sizeof(plain));
- XMEMSET(cipher, 0, sizeof(cipher));
- DES_ede3_cbc_encrypt(vector, cipher, sizeof(vector), &ks1, &ks2, &ks3,
- &iv4, DES_ENCRYPT);
- DES_ede3_cbc_encrypt(cipher, plain, sizeof(cipher), &ks1, &ks2, &ks3,
- &iv4, DES_DECRYPT);
- if (XMEMCMP(plain, vector, sizeof(plain)))
- return -5108;
- if (XMEMCMP(cipher, verify3, sizeof(cipher)))
- return -5109;
- }
- #endif /* OPENSSL_EXTRA */
- wc_Des3Free(&enc);
- wc_Des3Free(&dec);
- #if defined(WOLFSSL_ENCRYPTED_KEYS) && !defined(NO_SHA)
- {
- EncryptedInfo info;
- XMEMSET(&info, 0, sizeof(EncryptedInfo));
- XMEMCPY(info.iv, iv3, sizeof(iv3));
- info.ivSz = sizeof(iv3);
- info.keySz = sizeof(key3);
- info.cipherType = WC_CIPHER_DES3;
- ret = wc_BufferKeyEncrypt(&info, cipher, sizeof(cipher), key3,
- sizeof(key3), WC_HASH_TYPE_SHA);
- if (ret != 0)
- return -5110;
- }
- #endif
- return 0;
- }
- #endif /* NO_DES3 */
- #ifndef NO_AES
- #if defined(WOLFSSL_AES_OFB) || defined(WOLFSSL_AES_CFB) || \
- defined(WOLFSSL_AES_XTS)
- #if defined(OPENSSL_EXTRA) && !defined(HAVE_SELFTEST) && !defined(HAVE_FIPS)
- /* pass in the function, key, iv, plain text and expected and this function
- * tests that the encryption and decryption is successful */
- static int EVP_test(const WOLFSSL_EVP_CIPHER* type, const byte* key,
- const byte* iv, const byte* plain, int plainSz,
- const byte* expected, int expectedSz)
- {
- #ifdef WOLFSSL_SMALL_STACK
- EVP_CIPHER_CTX *ctx = NULL;
- #else
- EVP_CIPHER_CTX ctx[1];
- #endif
- int idx, ret = 0, cipherSz;
- byte* cipher;
- #ifdef WOLFSSL_SMALL_STACK
- if ((ctx = wolfSSL_EVP_CIPHER_CTX_new()) == NULL)
- return MEMORY_E;
- #endif
- cipher = (byte*)XMALLOC(plainSz, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- if (cipher == NULL) {
- ret = -5120;
- goto EVP_TEST_END;
- }
- /* test encrypt */
- EVP_CIPHER_CTX_init(ctx);
- if (EVP_CipherInit(ctx, type, key, iv, 1) == 0) {
- ret = -5121;
- goto EVP_TEST_END;
- }
- if (EVP_CipherUpdate(ctx, cipher, &idx, plain, expectedSz) == 0) {
- ret = -5122;
- goto EVP_TEST_END;
- }
- cipherSz = idx;
- if (EVP_CipherFinal(ctx, cipher + cipherSz, &idx) == 0) {
- ret = -5123;
- goto EVP_TEST_END;
- }
- cipherSz += idx;
- if (XMEMCMP(cipher, expected, plainSz)) {
- ret = -5124;
- goto EVP_TEST_END;
- }
- /* test decrypt */
- EVP_CIPHER_CTX_init(ctx);
- if (EVP_CipherInit(ctx, type, key, iv, 0) == 0) {
- ret = -5125;
- goto EVP_TEST_END;
- }
- if (EVP_CipherUpdate(ctx, cipher, &idx, cipher, expectedSz) == 0) {
- ret = -5126;
- goto EVP_TEST_END;
- }
- cipherSz = idx;
- if (EVP_CipherFinal(ctx, cipher + cipherSz, &idx) == 0) {
- ret = -5127;
- goto EVP_TEST_END;
- }
- cipherSz += idx;
- if ((expectedSz != cipherSz) || XMEMCMP(plain, cipher, plainSz)) {
- ret = -5128;
- goto EVP_TEST_END;
- }
- EVP_TEST_END:
- if (cipher)
- XFREE(cipher, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- (void)cipherSz;
- #ifdef WOLFSSL_SMALL_STACK
- wolfSSL_EVP_CIPHER_CTX_free(ctx);
- #endif
- return ret;
- }
- #endif /* OPENSSL_EXTRA */
- #endif /* WOLFSSL_AES_OFB || WOLFSSL_AES_CFB */
- #ifdef WOLFSSL_AES_OFB
- /* test vector from https://csrc.nist.gov/Projects/cryptographic-algorithm-validation-program/Block-Ciphers */
- WOLFSSL_TEST_SUBROUTINE int aesofb_test(void)
- {
- #ifdef WOLFSSL_AES_256
- WOLFSSL_SMALL_STACK_STATIC const byte key1[] =
- {
- 0xc4,0xc7,0xfa,0xd6,0x53,0x5c,0xb8,0x71,
- 0x4a,0x5c,0x40,0x77,0x9a,0x8b,0xa1,0xd2,
- 0x53,0x3e,0x23,0xb4,0xb2,0x58,0x73,0x2a,
- 0x5b,0x78,0x01,0xf4,0xe3,0x71,0xa7,0x94
- };
- WOLFSSL_SMALL_STACK_STATIC const byte iv1[] =
- {
- 0x5e,0xb9,0x33,0x13,0xb8,0x71,0xff,0x16,
- 0xb9,0x8a,0x9b,0xcb,0x43,0x33,0x0d,0x6f
- };
- WOLFSSL_SMALL_STACK_STATIC const byte plain1[] =
- {
- 0x6d,0x0b,0xb0,0x79,0x63,0x84,0x71,0xe9,
- 0x39,0xd4,0x53,0x14,0x86,0xc1,0x4c,0x25,
- 0x9a,0xee,0xc6,0xf3,0xc0,0x0d,0xfd,0xd6,
- 0xc0,0x50,0xa8,0xba,0xa8,0x20,0xdb,0x71,
- 0xcc,0x12,0x2c,0x4e,0x0c,0x17,0x15,0xef,
- 0x55,0xf3,0x99,0x5a,0x6b,0xf0,0x2a,0x4c
- };
- WOLFSSL_SMALL_STACK_STATIC const byte cipher1[] =
- {
- 0x0f,0x54,0x61,0x71,0x59,0xd0,0x3f,0xfc,
- 0x1b,0xfa,0xfb,0x60,0x29,0x30,0xd7,0x00,
- 0xf4,0xa4,0xa8,0xe6,0xdd,0x93,0x94,0x46,
- 0x64,0xd2,0x19,0xc4,0xc5,0x4d,0xde,0x1b,
- 0x04,0x53,0xe1,0x73,0xf5,0x18,0x74,0xae,
- 0xfd,0x64,0xa2,0xe1,0xe2,0x76,0x13,0xb0
- };
- #endif /* WOLFSSL_AES_256 */
- #ifdef WOLFSSL_AES_128
- WOLFSSL_SMALL_STACK_STATIC const byte key2[] =
- {
- 0x10,0xa5,0x88,0x69,0xd7,0x4b,0xe5,0xa3,
- 0x74,0xcf,0x86,0x7c,0xfb,0x47,0x38,0x59
- };
- WOLFSSL_SMALL_STACK_STATIC const byte iv2[] =
- {
- 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
- 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00
- };
- WOLFSSL_SMALL_STACK_STATIC const byte plain2[] =
- {
- 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
- 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00
- };
- WOLFSSL_SMALL_STACK_STATIC const byte cipher2[] =
- {
- 0x6d,0x25,0x1e,0x69,0x44,0xb0,0x51,0xe0,
- 0x4e,0xaa,0x6f,0xb4,0xdb,0xf7,0x84,0x65
- };
- #endif /* WOLFSSL_AES_128 */
- #ifdef WOLFSSL_AES_192
- WOLFSSL_SMALL_STACK_STATIC const byte key3[] = {
- 0xd0,0x77,0xa0,0x3b,0xd8,0xa3,0x89,0x73,
- 0x92,0x8c,0xca,0xfe,0x4a,0x9d,0x2f,0x45,
- 0x51,0x30,0xbd,0x0a,0xf5,0xae,0x46,0xa9
- };
- WOLFSSL_SMALL_STACK_STATIC const byte iv3[] =
- {
- 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
- 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00
- };
- WOLFSSL_SMALL_STACK_STATIC const byte cipher3[] =
- {
- 0xab,0xc7,0x86,0xfb,0x1e,0xdb,0x50,0x45,
- 0x80,0xc4,0xd8,0x82,0xef,0x29,0xa0,0xc7
- };
- WOLFSSL_SMALL_STACK_STATIC const byte plain3[] =
- {
- 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
- 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00
- };
- #endif /* WOLFSSL_AES_192 */
- #ifdef WOLFSSL_SMALL_STACK
- Aes *enc = NULL;
- #else
- Aes enc[1];
- #endif
- byte cipher[AES_BLOCK_SIZE * 4];
- #ifdef HAVE_AES_DECRYPT
- #ifdef WOLFSSL_SMALL_STACK
- Aes *dec = NULL;
- #else
- Aes dec[1];
- #endif
- byte plain [AES_BLOCK_SIZE * 4];
- #endif
- int ret = 0;
- #ifdef WOLFSSL_SMALL_STACK
- if ((enc = (Aes *)XMALLOC(sizeof *enc, HEAP_HINT, DYNAMIC_TYPE_AES)) == NULL)
- ERROR_OUT(-1, out);
- #ifdef HAVE_AES_DECRYPT
- if ((dec = (Aes *)XMALLOC(sizeof *dec, HEAP_HINT, DYNAMIC_TYPE_AES)) == NULL)
- ERROR_OUT(-1, out);
- #endif
- #endif
- XMEMSET(enc, 0, sizeof *enc);
- #ifdef HAVE_AES_DECRYPT
- XMEMSET(dec, 0, sizeof *dec);
- #endif
- #ifdef WOLFSSL_AES_128
- /* 128 key size test */
- #if defined(OPENSSL_EXTRA) && !defined(HAVE_SELFTEST) && !defined(HAVE_FIPS)
- ret = EVP_test(EVP_aes_128_ofb(), key2, iv2, plain2, sizeof(plain2),
- cipher2, sizeof(cipher2));
- if (ret != 0) {
- goto out;
- }
- #endif
- ret = wc_AesSetKey(enc, key2, sizeof(key2), iv2, AES_ENCRYPTION);
- if (ret != 0)
- ERROR_OUT(-5129, out);
- #ifdef HAVE_AES_DECRYPT
- /* decrypt uses AES_ENCRYPTION */
- ret = wc_AesSetKey(dec, key2, sizeof(key2), iv2, AES_ENCRYPTION);
- if (ret != 0)
- ERROR_OUT(-5130, out);
- #endif
- XMEMSET(cipher, 0, sizeof(cipher));
- ret = wc_AesOfbEncrypt(enc, cipher, plain2, AES_BLOCK_SIZE);
- if (ret != 0)
- ERROR_OUT(-5131, out);
- if (XMEMCMP(cipher, cipher2, AES_BLOCK_SIZE))
- ERROR_OUT(-5132, out);
- #ifdef HAVE_AES_DECRYPT
- ret = wc_AesOfbDecrypt(dec, plain, cipher2, AES_BLOCK_SIZE);
- if (ret != 0)
- ERROR_OUT(-5133, out);
- if (XMEMCMP(plain, plain2, AES_BLOCK_SIZE))
- ERROR_OUT(-5134, out);
- #endif /* HAVE_AES_DECRYPT */
- #endif /* WOLFSSL_AES_128 */
- #ifdef WOLFSSL_AES_192
- /* 192 key size test */
- #if defined(OPENSSL_EXTRA) && !defined(HAVE_SELFTEST) && !defined(HAVE_FIPS)
- ret = EVP_test(EVP_aes_192_ofb(), key3, iv3, plain3, sizeof(plain3),
- cipher3, sizeof(cipher3));
- if (ret != 0) {
- goto out;
- }
- #endif
- ret = wc_AesSetKey(enc, key3, sizeof(key3), iv3, AES_ENCRYPTION);
- if (ret != 0)
- ERROR_OUT(-5135, out);
- #ifdef HAVE_AES_DECRYPT
- /* decrypt uses AES_ENCRYPTION */
- ret = wc_AesSetKey(dec, key3, sizeof(key3), iv3, AES_ENCRYPTION);
- if (ret != 0)
- ERROR_OUT(-5136, out);
- #endif
- XMEMSET(cipher, 0, sizeof(cipher));
- ret = wc_AesOfbEncrypt(enc, cipher, plain3, AES_BLOCK_SIZE);
- if (ret != 0)
- ERROR_OUT(-5137, out);
- if (XMEMCMP(cipher, cipher3, AES_BLOCK_SIZE))
- ERROR_OUT(-5138, out);
- #ifdef HAVE_AES_DECRYPT
- ret = wc_AesOfbDecrypt(dec, plain, cipher3, AES_BLOCK_SIZE);
- if (ret != 0)
- ERROR_OUT(-5139, out);
- if (XMEMCMP(plain, plain3, AES_BLOCK_SIZE))
- ERROR_OUT(-5140, out);
- #endif /* HAVE_AES_DECRYPT */
- #endif /* WOLFSSL_AES_192 */
- #ifdef WOLFSSL_AES_256
- /* 256 key size test */
- #if defined(OPENSSL_EXTRA) && !defined(HAVE_SELFTEST) && !defined(HAVE_FIPS)
- ret = EVP_test(EVP_aes_256_ofb(), key1, iv1, plain1, sizeof(plain1),
- cipher1, sizeof(cipher1));
- if (ret != 0) {
- goto out;
- }
- #endif
- ret = wc_AesSetKey(enc, key1, sizeof(key1), iv1, AES_ENCRYPTION);
- if (ret != 0)
- ERROR_OUT(-5141, out);
- #ifdef HAVE_AES_DECRYPT
- /* decrypt uses AES_ENCRYPTION */
- ret = wc_AesSetKey(dec, key1, sizeof(key1), iv1, AES_ENCRYPTION);
- if (ret != 0)
- ERROR_OUT(-5142, out);
- #endif
- XMEMSET(cipher, 0, sizeof(cipher));
- ret = wc_AesOfbEncrypt(enc, cipher, plain1, AES_BLOCK_SIZE);
- if (ret != 0)
- ERROR_OUT(-5143, out);
- if (XMEMCMP(cipher, cipher1, AES_BLOCK_SIZE))
- ERROR_OUT(-5144, out);
- ret = wc_AesOfbEncrypt(enc, cipher + AES_BLOCK_SIZE,
- plain1 + AES_BLOCK_SIZE, AES_BLOCK_SIZE);
- if (ret != 0)
- ERROR_OUT(-5145, out);
- if (XMEMCMP(cipher + AES_BLOCK_SIZE, cipher1 + AES_BLOCK_SIZE,
- AES_BLOCK_SIZE))
- ERROR_OUT(-5146, out);
- #ifdef HAVE_AES_DECRYPT
- ret = wc_AesOfbDecrypt(dec, plain, cipher1, AES_BLOCK_SIZE);
- if (ret != 0)
- ERROR_OUT(-5147, out);
- if (XMEMCMP(plain, plain1, AES_BLOCK_SIZE))
- ERROR_OUT(-5148, out);
- ret = wc_AesOfbDecrypt(dec, plain + AES_BLOCK_SIZE,
- cipher1 + AES_BLOCK_SIZE, AES_BLOCK_SIZE);
- if (ret != 0)
- ERROR_OUT(-5149, out);
- if (XMEMCMP(plain + AES_BLOCK_SIZE, plain1 + AES_BLOCK_SIZE,
- AES_BLOCK_SIZE))
- ERROR_OUT(-5150, out);
- #endif /* HAVE_AES_DECRYPT */
- /* multiple blocks at once */
- ret = wc_AesSetKey(enc, key1, sizeof(key1), iv1, AES_ENCRYPTION);
- if (ret != 0)
- ERROR_OUT(-5151, out);
- #ifdef HAVE_AES_DECRYPT
- /* decrypt uses AES_ENCRYPTION */
- ret = wc_AesSetKey(dec, key1, sizeof(key1), iv1, AES_ENCRYPTION);
- if (ret != 0)
- ERROR_OUT(-5152, out);
- #endif
- XMEMSET(cipher, 0, sizeof(cipher));
- ret = wc_AesOfbEncrypt(enc, cipher, plain1, AES_BLOCK_SIZE * 3);
- if (ret != 0)
- ERROR_OUT(-5153, out);
- if (XMEMCMP(cipher, cipher1, AES_BLOCK_SIZE * 3))
- ERROR_OUT(-5154, out);
- #ifdef HAVE_AES_DECRYPT
- ret = wc_AesOfbDecrypt(dec, plain, cipher1, AES_BLOCK_SIZE * 3);
- if (ret != 0)
- ERROR_OUT(-5155, out);
- if (XMEMCMP(plain, plain1, AES_BLOCK_SIZE * 3))
- ERROR_OUT(-5156, out);
- #endif /* HAVE_AES_DECRYPT */
- /* inline decrypt/encrypt*/
- ret = wc_AesSetKey(enc, key1, sizeof(key1), iv1, AES_ENCRYPTION);
- if (ret != 0)
- ERROR_OUT(-5157, out);
- #ifdef HAVE_AES_DECRYPT
- /* decrypt uses AES_ENCRYPTION */
- ret = wc_AesSetKey(dec, key1, sizeof(key1), iv1, AES_ENCRYPTION);
- if (ret != 0)
- ERROR_OUT(-5158, out);
- #endif
- XMEMCPY(cipher, plain1, AES_BLOCK_SIZE * 2);
- ret = wc_AesOfbEncrypt(enc, cipher, cipher, AES_BLOCK_SIZE * 2);
- if (ret != 0)
- ERROR_OUT(-5159, out);
- if (XMEMCMP(cipher, cipher1, AES_BLOCK_SIZE * 2))
- ERROR_OUT(-5160, out);
- #ifdef HAVE_AES_DECRYPT
- ret = wc_AesOfbDecrypt(dec, cipher, cipher, AES_BLOCK_SIZE * 2);
- if (ret != 0)
- ERROR_OUT(-5161, out);
- if (XMEMCMP(cipher, plain1, AES_BLOCK_SIZE * 2))
- ERROR_OUT(-5162, out);
- #endif /* HAVE_AES_DECRYPT */
- /* 256 key size test leftover support */
- ret = wc_AesSetKey(enc, key1, sizeof(key1), iv1, AES_ENCRYPTION);
- if (ret != 0)
- ERROR_OUT(-5163, out);
- #ifdef HAVE_AES_DECRYPT
- /* decrypt uses AES_ENCRYPTION */
- ret = wc_AesSetKey(dec, key1, sizeof(key1), iv1, AES_ENCRYPTION);
- if (ret != 0)
- ERROR_OUT(-5164, out);
- #endif
- XMEMSET(cipher, 0, sizeof(cipher));
- ret = wc_AesOfbEncrypt(enc, cipher, plain1, 3);
- if (ret != 0)
- ERROR_OUT(-5165, out);
- if (XMEMCMP(cipher, cipher1, 3))
- ERROR_OUT(-5166, out);
- ret = wc_AesOfbEncrypt(enc, cipher + 3, plain1 + 3, AES_BLOCK_SIZE);
- if (ret != 0)
- ERROR_OUT(-5167, out);
- if (XMEMCMP(cipher + 3, cipher1 + 3, AES_BLOCK_SIZE))
- ERROR_OUT(-5168, out);
- #ifdef HAVE_AES_DECRYPT
- ret = wc_AesOfbDecrypt(dec, plain, cipher1, 6);
- if (ret != 0)
- ERROR_OUT(-5169, out);
- if (XMEMCMP(plain, plain1, 6))
- ERROR_OUT(-5170, out);
- ret = wc_AesOfbDecrypt(dec, plain + 6, cipher1 + 6, AES_BLOCK_SIZE);
- if (ret != 0)
- ERROR_OUT(-5171, out);
- if (XMEMCMP(plain + 6, plain1 + 6, AES_BLOCK_SIZE))
- ERROR_OUT(-5172, out);
- #endif /* HAVE_AES_DECRYPT */
- out:
- #ifdef WOLFSSL_SMALL_STACK
- if (enc)
- XFREE(enc, HEAP_HINT, DYNAMIC_TYPE_AES);
- #ifdef HAVE_AES_DECRYPT
- if (dec)
- XFREE(dec, HEAP_HINT, DYNAMIC_TYPE_AES);
- #endif
- #endif
- #endif /* WOLFSSL_AES_256 */
- return ret;
- }
- #endif /* WOLFSSL_AES_OFB */
- #if defined(WOLFSSL_AES_CFB)
- /* Test cases from NIST SP 800-38A, Recommendation for Block Cipher Modes of Operation Methods an*/
- static int aescfb_test(void)
- {
- #ifdef WOLFSSL_SMALL_STACK
- Aes *enc = NULL;
- #else
- Aes enc[1];
- #endif
- int enc_inited = 0;
- byte cipher[AES_BLOCK_SIZE * 4];
- #ifdef HAVE_AES_DECRYPT
- #ifdef WOLFSSL_SMALL_STACK
- Aes *dec = NULL;
- #else
- Aes dec[1];
- #endif
- int dec_inited = 0;
- byte plain [AES_BLOCK_SIZE * 4];
- #endif
- int ret = 0;
- WOLFSSL_SMALL_STACK_STATIC const byte iv[] = {
- 0x00,0x01,0x02,0x03,0x04,0x05,0x06,0x07,
- 0x08,0x09,0x0a,0x0b,0x0c,0x0d,0x0e,0x0f
- };
- #ifdef WOLFSSL_AES_128
- WOLFSSL_SMALL_STACK_STATIC const byte key1[] =
- {
- 0x2b,0x7e,0x15,0x16,0x28,0xae,0xd2,0xa6,
- 0xab,0xf7,0x15,0x88,0x09,0xcf,0x4f,0x3c
- };
- WOLFSSL_SMALL_STACK_STATIC const byte cipher1[] =
- {
- 0x3b,0x3f,0xd9,0x2e,0xb7,0x2d,0xad,0x20,
- 0x33,0x34,0x49,0xf8,0xe8,0x3c,0xfb,0x4a,
- 0xc8,0xa6,0x45,0x37,0xa0,0xb3,0xa9,0x3f,
- 0xcd,0xe3,0xcd,0xad,0x9f,0x1c,0xe5,0x8b,
- 0x26,0x75,0x1f,0x67,0xa3,0xcb,0xb1,0x40,
- 0xb1,0x80,0x8c,0xf1,0x87,0xa4,0xf4,0xdf
- };
- WOLFSSL_SMALL_STACK_STATIC const byte msg1[] =
- {
- 0x6b,0xc1,0xbe,0xe2,0x2e,0x40,0x9f,0x96,
- 0xe9,0x3d,0x7e,0x11,0x73,0x93,0x17,0x2a,
- 0xae,0x2d,0x8a,0x57,0x1e,0x03,0xac,0x9c,
- 0x9e,0xb7,0x6f,0xac,0x45,0xaf,0x8e,0x51,
- 0x30,0xc8,0x1c,0x46,0xa3,0x5c,0xe4,0x11,
- 0xe5,0xfb,0xc1,0x19,0x1a,0x0a,0x52,0xef
- };
- #endif /* WOLFSSL_AES_128 */
- #ifdef WOLFSSL_AES_192
- /* 192 size key test */
- WOLFSSL_SMALL_STACK_STATIC const byte key2[] =
- {
- 0x8e,0x73,0xb0,0xf7,0xda,0x0e,0x64,0x52,
- 0xc8,0x10,0xf3,0x2b,0x80,0x90,0x79,0xe5,
- 0x62,0xf8,0xea,0xd2,0x52,0x2c,0x6b,0x7b
- };
- WOLFSSL_SMALL_STACK_STATIC const byte cipher2[] =
- {
- 0xcd,0xc8,0x0d,0x6f,0xdd,0xf1,0x8c,0xab,
- 0x34,0xc2,0x59,0x09,0xc9,0x9a,0x41,0x74,
- 0x67,0xce,0x7f,0x7f,0x81,0x17,0x36,0x21,
- 0x96,0x1a,0x2b,0x70,0x17,0x1d,0x3d,0x7a,
- 0x2e,0x1e,0x8a,0x1d,0xd5,0x9b,0x88,0xb1,
- 0xc8,0xe6,0x0f,0xed,0x1e,0xfa,0xc4,0xc9,
- 0xc0,0x5f,0x9f,0x9c,0xa9,0x83,0x4f,0xa0,
- 0x42,0xae,0x8f,0xba,0x58,0x4b,0x09,0xff
- };
- WOLFSSL_SMALL_STACK_STATIC const byte msg2[] =
- {
- 0x6b,0xc1,0xbe,0xe2,0x2e,0x40,0x9f,0x96,
- 0xe9,0x3d,0x7e,0x11,0x73,0x93,0x17,0x2a,
- 0xae,0x2d,0x8a,0x57,0x1e,0x03,0xac,0x9c,
- 0x9e,0xb7,0x6f,0xac,0x45,0xaf,0x8e,0x51,
- 0x30,0xc8,0x1c,0x46,0xa3,0x5c,0xe4,0x11,
- 0xe5,0xfb,0xc1,0x19,0x1a,0x0a,0x52,0xef,
- 0xf6,0x9f,0x24,0x45,0xdf,0x4f,0x9b,0x17,
- 0xad,0x2b,0x41,0x7b,0xe6,0x6c,0x37,0x10
- };
- #endif /* WOLFSSL_AES_192 */
- #ifdef WOLFSSL_AES_256
- /* 256 size key simple test */
- WOLFSSL_SMALL_STACK_STATIC const byte key3[] =
- {
- 0x60,0x3d,0xeb,0x10,0x15,0xca,0x71,0xbe,
- 0x2b,0x73,0xae,0xf0,0x85,0x7d,0x77,0x81,
- 0x1f,0x35,0x2c,0x07,0x3b,0x61,0x08,0xd7,
- 0x2d,0x98,0x10,0xa3,0x09,0x14,0xdf,0xf4
- };
- WOLFSSL_SMALL_STACK_STATIC const byte cipher3[] =
- {
- 0xdc,0x7e,0x84,0xbf,0xda,0x79,0x16,0x4b,
- 0x7e,0xcd,0x84,0x86,0x98,0x5d,0x38,0x60,
- 0x39,0xff,0xed,0x14,0x3b,0x28,0xb1,0xc8,
- 0x32,0x11,0x3c,0x63,0x31,0xe5,0x40,0x7b,
- 0xdf,0x10,0x13,0x24,0x15,0xe5,0x4b,0x92,
- 0xa1,0x3e,0xd0,0xa8,0x26,0x7a,0xe2,0xf9,
- 0x75,0xa3,0x85,0x74,0x1a,0xb9,0xce,0xf8,
- 0x20,0x31,0x62,0x3d,0x55,0xb1,0xe4,0x71
- };
- WOLFSSL_SMALL_STACK_STATIC const byte msg3[] =
- {
- 0x6b,0xc1,0xbe,0xe2,0x2e,0x40,0x9f,0x96,
- 0xe9,0x3d,0x7e,0x11,0x73,0x93,0x17,0x2a,
- 0xae,0x2d,0x8a,0x57,0x1e,0x03,0xac,0x9c,
- 0x9e,0xb7,0x6f,0xac,0x45,0xaf,0x8e,0x51,
- 0x30,0xc8,0x1c,0x46,0xa3,0x5c,0xe4,0x11,
- 0xe5,0xfb,0xc1,0x19,0x1a,0x0a,0x52,0xef,
- 0xf6,0x9f,0x24,0x45,0xdf,0x4f,0x9b,0x17,
- 0xad,0x2b,0x41,0x7b,0xe6,0x6c,0x37,0x10
- };
- #endif /* WOLFSSL_AES_256 */
- #ifdef WOLFSSL_SMALL_STACK
- if ((enc = (Aes *)XMALLOC(sizeof *enc, HEAP_HINT, DYNAMIC_TYPE_AES)) == NULL)
- ERROR_OUT(-1, out);
- #ifdef HAVE_AES_DECRYPT
- if ((dec = (Aes *)XMALLOC(sizeof *dec, HEAP_HINT, DYNAMIC_TYPE_AES)) == NULL)
- ERROR_OUT(-1, out);
- #endif
- #endif
- if (wc_AesInit(enc, HEAP_HINT, devId) != 0)
- ERROR_OUT(-5173, out);
- else
- enc_inited = 1;
- #ifdef HAVE_AES_DECRYPT
- if (wc_AesInit(dec, HEAP_HINT, devId) != 0)
- ERROR_OUT(-5174, out);
- else
- dec_inited = 1;
- #endif
- #ifdef WOLFSSL_AES_128
- /* 128 key tests */
- #if defined(OPENSSL_EXTRA) && !defined(HAVE_SELFTEST) && !defined(HAVE_FIPS)
- ret = EVP_test(EVP_aes_128_cfb128(), key1, iv, msg1, sizeof(msg1),
- cipher1, sizeof(cipher1));
- if (ret != 0) {
- return ret;
- }
- #endif
- ret = wc_AesSetKey(enc, key1, AES_BLOCK_SIZE, iv, AES_ENCRYPTION);
- if (ret != 0)
- ERROR_OUT(-5175, out);
- #ifdef HAVE_AES_DECRYPT
- /* decrypt uses AES_ENCRYPTION */
- ret = wc_AesSetKey(dec, key1, AES_BLOCK_SIZE, iv, AES_ENCRYPTION);
- if (ret != 0)
- ERROR_OUT(-5176, out);
- #endif
- XMEMSET(cipher, 0, sizeof(cipher));
- ret = wc_AesCfbEncrypt(enc, cipher, msg1, AES_BLOCK_SIZE * 2);
- if (ret != 0)
- ERROR_OUT(-5177, out);
- if (XMEMCMP(cipher, cipher1, AES_BLOCK_SIZE * 2))
- ERROR_OUT(-5178, out);
- /* test restarting encryption process */
- ret = wc_AesCfbEncrypt(enc, cipher + (AES_BLOCK_SIZE * 2),
- msg1 + (AES_BLOCK_SIZE * 2), AES_BLOCK_SIZE);
- if (ret != 0)
- ERROR_OUT(-5179, out);
- if (XMEMCMP(cipher + (AES_BLOCK_SIZE * 2),
- cipher1 + (AES_BLOCK_SIZE * 2), AES_BLOCK_SIZE))
- ERROR_OUT(-5180, out);
- #ifdef HAVE_AES_DECRYPT
- ret = wc_AesCfbDecrypt(dec, plain, cipher, AES_BLOCK_SIZE * 3);
- if (ret != 0)
- ERROR_OUT(-5181, out);
- if (XMEMCMP(plain, msg1, AES_BLOCK_SIZE * 3))
- ERROR_OUT(-5182, out);
- #endif /* HAVE_AES_DECRYPT */
- #endif /* WOLFSSL_AES_128 */
- #ifdef WOLFSSL_AES_192
- /* 192 key size test */
- #if defined(OPENSSL_EXTRA) && !defined(HAVE_SELFTEST) && !defined(HAVE_FIPS)
- ret = EVP_test(EVP_aes_192_cfb128(), key2, iv, msg2, sizeof(msg2),
- cipher2, sizeof(cipher2));
- if (ret != 0) {
- return ret;
- }
- #endif
- ret = wc_AesSetKey(enc, key2, sizeof(key2), iv, AES_ENCRYPTION);
- if (ret != 0)
- ERROR_OUT(-5183, out);
- #ifdef HAVE_AES_DECRYPT
- /* decrypt uses AES_ENCRYPTION */
- ret = wc_AesSetKey(dec, key2, sizeof(key2), iv, AES_ENCRYPTION);
- if (ret != 0)
- ERROR_OUT(-5184, out);
- #endif
- XMEMSET(cipher, 0, sizeof(cipher));
- ret = wc_AesCfbEncrypt(enc, cipher, msg2, AES_BLOCK_SIZE * 4);
- if (ret != 0)
- ERROR_OUT(-5185, out);
- if (XMEMCMP(cipher, cipher2, AES_BLOCK_SIZE * 4))
- ERROR_OUT(-5186, out);
- #ifdef HAVE_AES_DECRYPT
- ret = wc_AesCfbDecrypt(dec, plain, cipher, AES_BLOCK_SIZE * 4);
- if (ret != 0)
- ERROR_OUT(-5187, out);
- if (XMEMCMP(plain, msg2, AES_BLOCK_SIZE * 4))
- ERROR_OUT(-5188, out);
- #endif /* HAVE_AES_DECRYPT */
- #endif /* WOLFSSL_AES_192 */
- #ifdef WOLFSSL_AES_256
- /* 256 key size test */
- #if defined(OPENSSL_EXTRA) && !defined(HAVE_SELFTEST) && !defined(HAVE_FIPS)
- ret = EVP_test(EVP_aes_256_cfb128(), key3, iv, msg3, sizeof(msg3),
- cipher3, sizeof(cipher3));
- if (ret != 0) {
- return ret;
- }
- #endif
- ret = wc_AesSetKey(enc, key3, sizeof(key3), iv, AES_ENCRYPTION);
- if (ret != 0)
- ERROR_OUT(-5189, out);
- #ifdef HAVE_AES_DECRYPT
- /* decrypt uses AES_ENCRYPTION */
- ret = wc_AesSetKey(dec, key3, sizeof(key3), iv, AES_ENCRYPTION);
- if (ret != 0)
- ERROR_OUT(-5190, out);
- #endif
- /* test with data left overs, magic lengths are checking near edges */
- XMEMSET(cipher, 0, sizeof(cipher));
- ret = wc_AesCfbEncrypt(enc, cipher, msg3, 4);
- if (ret != 0)
- ERROR_OUT(-5191, out);
- if (XMEMCMP(cipher, cipher3, 4))
- ERROR_OUT(-5192, out);
- ret = wc_AesCfbEncrypt(enc, cipher + 4, msg3 + 4, 27);
- if (ret != 0)
- ERROR_OUT(-5193, out);
- if (XMEMCMP(cipher + 4, cipher3 + 4, 27))
- ERROR_OUT(-5194, out);
- ret = wc_AesCfbEncrypt(enc, cipher + 31, msg3 + 31,
- (AES_BLOCK_SIZE * 4) - 31);
- if (ret != 0)
- ERROR_OUT(-5195, out);
- if (XMEMCMP(cipher, cipher3, AES_BLOCK_SIZE * 4))
- ERROR_OUT(-5196, out);
- #ifdef HAVE_AES_DECRYPT
- ret = wc_AesCfbDecrypt(dec, plain, cipher, 4);
- if (ret != 0)
- ERROR_OUT(-5197, out);
- if (XMEMCMP(plain, msg3, 4))
- ERROR_OUT(-5198, out);
- ret = wc_AesCfbDecrypt(dec, plain + 4, cipher + 4, 4);
- if (ret != 0)
- ERROR_OUT(-5199, out);
- ret = wc_AesCfbDecrypt(dec, plain + 8, cipher + 8, 23);
- if (ret != 0)
- ERROR_OUT(-5200, out);
- if (XMEMCMP(plain + 4, msg3 + 4, 27))
- ERROR_OUT(-5201, out);
- ret = wc_AesCfbDecrypt(dec, plain + 31, cipher + 31,
- (AES_BLOCK_SIZE * 4) - 31);
- if (ret != 0)
- ERROR_OUT(-5202, out);
- if (XMEMCMP(plain, msg3, AES_BLOCK_SIZE * 4))
- ERROR_OUT(-5203, out);
- #endif /* HAVE_AES_DECRYPT */
- #endif /* WOLFSSL_AES_256 */
- out:
- if (enc_inited)
- wc_AesFree(enc);
- if (dec_inited)
- wc_AesFree(dec);
- #ifdef WOLFSSL_SMALL_STACK
- if (enc)
- XFREE(enc, HEAP_HINT, DYNAMIC_TYPE_AES);
- #ifdef HAVE_AES_DECRYPT
- if (dec)
- XFREE(dec, HEAP_HINT, DYNAMIC_TYPE_AES);
- #endif
- #endif
- return ret;
- }
- #if !defined(HAVE_SELFTEST) && !defined(HAVE_FIPS)
- static int aescfb1_test(void)
- {
- #ifdef WOLFSSL_SMALL_STACK
- Aes *enc = NULL;
- #else
- Aes enc[1];
- #endif
- int enc_inited = 0;
- byte cipher[AES_BLOCK_SIZE];
- #ifdef HAVE_AES_DECRYPT
- #ifdef WOLFSSL_SMALL_STACK
- Aes *dec = NULL;
- #else
- Aes dec[1];
- #endif
- int dec_inited = 0;
- byte plain [AES_BLOCK_SIZE];
- #endif
- int ret = 0;
- #ifdef WOLFSSL_AES_128
- WOLFSSL_SMALL_STACK_STATIC const byte iv[] = {
- 0x4d,0xbb,0xdc,0xaa,0x59,0xf3,0x63,0xc9,
- 0x2a,0x3b,0x98,0x43,0xad,0x20,0xe2,0xb7
- };
- WOLFSSL_SMALL_STACK_STATIC const byte key1[] =
- {
- 0xcd,0xef,0x9d,0x06,0x61,0xba,0xe4,0x73,
- 0x8d,0x1a,0x58,0xa2,0xa6,0x22,0x8b,0x66
- };
- WOLFSSL_SMALL_STACK_STATIC const byte cipher1[] =
- {
- 0x00
- };
- WOLFSSL_SMALL_STACK_STATIC const byte msg1[] =
- {
- 0xC0
- };
- #endif /* WOLFSSL_AES_128 */
- #ifdef WOLFSSL_AES_192
- WOLFSSL_SMALL_STACK_STATIC const byte iv2[] = {
- 0x57,0xc6,0x89,0x7c,0x99,0x52,0x28,0x13,
- 0xbf,0x67,0x9c,0xe1,0x13,0x70,0xaf,0x5e
- };
- WOLFSSL_SMALL_STACK_STATIC const byte key2[] =
- {
- 0xba,0xa1,0x58,0xa1,0x6b,0x50,0x4a,0x10,
- 0x8e,0xd4,0x33,0x2e,0xe7,0xf2,0x9b,0xf6,
- 0xd1,0xac,0x46,0xa8,0xde,0x5a,0xfe,0x7a
- };
- WOLFSSL_SMALL_STACK_STATIC const byte cipher2[] =
- {
- 0x30
- };
- WOLFSSL_SMALL_STACK_STATIC const byte msg2[] =
- {
- 0x80
- };
- #endif /* WOLFSSL_AES_192 */
- #ifdef WOLFSSL_AES_256
- WOLFSSL_SMALL_STACK_STATIC const byte iv3[] = {
- 0x63,0x2e,0x9f,0x83,0x1f,0xa3,0x80,0x5e,
- 0x52,0x02,0xbc,0xe0,0x6d,0x04,0xf9,0xa0
- };
- WOLFSSL_SMALL_STACK_STATIC const byte key3[] =
- {
- 0xf6,0xfa,0xe4,0xf1,0x5d,0x91,0xfc,0x50,
- 0x88,0x78,0x4f,0x84,0xa5,0x37,0x12,0x7e,
- 0x32,0x63,0x55,0x9c,0x62,0x73,0x88,0x20,
- 0xc2,0xcf,0x3d,0xe1,0x1c,0x2a,0x30,0x40
- };
- WOLFSSL_SMALL_STACK_STATIC const byte cipher3[] =
- {
- 0xF7, 0x00
- };
- WOLFSSL_SMALL_STACK_STATIC const byte msg3[] =
- {
- 0x41, 0xC0
- };
- #endif /* WOLFSSL_AES_256 */
- #ifdef WOLFSSL_SMALL_STACK
- if ((enc = (Aes *)XMALLOC(sizeof *enc, HEAP_HINT, DYNAMIC_TYPE_AES)) == NULL)
- ERROR_OUT(-1, out);
- #ifdef HAVE_AES_DECRYPT
- if ((dec = (Aes *)XMALLOC(sizeof *dec, HEAP_HINT, DYNAMIC_TYPE_AES)) == NULL)
- ERROR_OUT(-1, out);
- #endif
- #endif
- if (wc_AesInit(enc, HEAP_HINT, devId) != 0)
- ERROR_OUT(-5204, out);
- else
- enc_inited = 1;
- #ifdef HAVE_AES_DECRYPT
- if (wc_AesInit(dec, HEAP_HINT, devId) != 0)
- ERROR_OUT(-5205, out);
- else
- dec_inited = 1;
- #endif
- #ifdef WOLFSSL_AES_128
- /* 128 key tests */
- ret = wc_AesSetKey(enc, key1, AES_BLOCK_SIZE, iv, AES_ENCRYPTION);
- if (ret != 0)
- ERROR_OUT(-5206, out);
- #ifdef HAVE_AES_DECRYPT
- /* decrypt uses AES_ENCRYPTION */
- ret = wc_AesSetKey(dec, key1, AES_BLOCK_SIZE, iv, AES_ENCRYPTION);
- if (ret != 0)
- ERROR_OUT(-5207, out);
- #endif
- XMEMSET(cipher, 0, sizeof(cipher));
- ret = wc_AesCfb1Encrypt(enc, cipher, msg1, 2);
- if (ret != 0)
- ERROR_OUT(-5208, out);
- if (cipher[0] != cipher1[0])
- ERROR_OUT(-5209, out);
- #ifdef HAVE_AES_DECRYPT
- ret = wc_AesCfb1Decrypt(dec, plain, cipher, 2);
- if (ret != 0)
- ERROR_OUT(-5210, out);
- if (plain[0] != msg1[0])
- ERROR_OUT(-5211, out);
- #endif /* HAVE_AES_DECRYPT */
- #ifdef OPENSSL_EXTRA
- ret = wc_AesSetKey(enc, key1, AES_BLOCK_SIZE, iv, AES_ENCRYPTION);
- if (ret != 0)
- ERROR_OUT(-5212, out);
- XMEMSET(cipher, 0, sizeof(cipher));
- ret = wc_AesCfb1Encrypt(enc, cipher, msg1,
- sizeof(msg1) * WOLFSSL_BIT_SIZE);
- if (ret != 0)
- ERROR_OUT(-5213, out);
- ret = EVP_test(EVP_aes_128_cfb1(), key1, iv, msg1, sizeof(msg1),
- cipher, sizeof(msg1));
- if (ret != 0) {
- goto out;
- }
- #endif
- #endif /* WOLFSSL_AES_128 */
- #ifdef WOLFSSL_AES_192
- /* 192 key tests */
- ret = wc_AesSetKey(enc, key2, sizeof(key2), iv2, AES_ENCRYPTION);
- if (ret != 0)
- ERROR_OUT(-5214, out);
- XMEMSET(cipher, 0, sizeof(cipher));
- ret = wc_AesCfb1Encrypt(enc, cipher, msg2, 4);
- if (ret != 0)
- ERROR_OUT(-5215, out);
- if (XMEMCMP(cipher, cipher2, sizeof(cipher2)) != 0)
- ERROR_OUT(-5216, out);
- #ifdef OPENSSL_EXTRA
- ret = wc_AesSetKey(enc, key2, sizeof(key2), iv2, AES_ENCRYPTION);
- if (ret != 0)
- ERROR_OUT(-5217, out);
- XMEMSET(cipher, 0, sizeof(cipher));
- ret = wc_AesCfb1Encrypt(enc, cipher, msg2,
- sizeof(msg2) * WOLFSSL_BIT_SIZE);
- if (ret != 0)
- ERROR_OUT(-5218, out);
- ret = EVP_test(EVP_aes_192_cfb1(), key2, iv2, msg2, sizeof(msg2),
- cipher, sizeof(msg2));
- if (ret != 0) {
- goto out;
- }
- #endif
- #endif /* WOLFSSL_AES_192 */
- #ifdef WOLFSSL_AES_256
- /* 256 key tests */
- ret = wc_AesSetKey(enc, key3, sizeof(key3), iv3, AES_ENCRYPTION);
- if (ret != 0)
- ERROR_OUT(-5219, out);
- XMEMSET(cipher, 0, sizeof(cipher));
- ret = wc_AesCfb1Encrypt(enc, cipher, msg3, 10);
- if (ret != 0)
- ERROR_OUT(-5220, out);
- if (XMEMCMP(cipher, cipher3, sizeof(cipher3)) != 0)
- ERROR_OUT(-5221, out);
- #ifdef OPENSSL_EXTRA
- ret = wc_AesSetKey(enc, key3, sizeof(key3), iv3, AES_ENCRYPTION);
- if (ret != 0)
- ERROR_OUT(-5222, out);
- XMEMSET(cipher, 0, sizeof(cipher));
- ret = wc_AesCfb1Encrypt(enc, cipher, msg3,
- sizeof(msg3) * WOLFSSL_BIT_SIZE);
- if (ret != 0)
- ERROR_OUT(-5223, out);
- ret = EVP_test(EVP_aes_256_cfb1(), key3, iv3, msg3, sizeof(msg3),
- cipher, sizeof(msg3));
- if (ret != 0) {
- goto out;
- }
- #endif
- out:
- if (enc_inited)
- wc_AesFree(enc);
- #ifdef HAVE_AES_DECRYPT
- if (dec_inited)
- wc_AesFree(dec);
- #endif
- #ifdef WOLFSSL_SMALL_STACK
- if (enc)
- XFREE(enc, HEAP_HINT, DYNAMIC_TYPE_AES);
- #ifdef HAVE_AES_DECRYPT
- if (dec)
- XFREE(dec, HEAP_HINT, DYNAMIC_TYPE_AES);
- #endif
- #endif
- #endif /* WOLFSSL_AES_256 */
- return ret;
- }
- static int aescfb8_test(void)
- {
- #ifdef WOLFSSL_SMALL_STACK
- Aes *enc = NULL;
- #else
- Aes enc[1];
- #endif
- int enc_inited = 0;
- byte cipher[AES_BLOCK_SIZE];
- #ifdef HAVE_AES_DECRYPT
- #ifdef WOLFSSL_SMALL_STACK
- Aes *dec = NULL;
- #else
- Aes dec[1];
- #endif
- int dec_inited = 0;
- byte plain [AES_BLOCK_SIZE];
- #endif
- int ret = 0;
- #ifdef WOLFSSL_AES_128
- WOLFSSL_SMALL_STACK_STATIC const byte iv[] = {
- 0xf4,0x75,0xc6,0x49,0x91,0xb2,0x0e,0xae,
- 0xe1,0x83,0xa2,0x26,0x29,0xe2,0x1e,0x22
- };
- WOLFSSL_SMALL_STACK_STATIC const byte key1[] =
- {
- 0xc8,0xfe,0x9b,0xf7,0x7b,0x93,0x0f,0x46,
- 0xd2,0x07,0x8b,0x8c,0x0e,0x65,0x7c,0xd4
- };
- WOLFSSL_SMALL_STACK_STATIC const byte cipher1[] =
- {
- 0xd2,0x76,0x91
- };
- WOLFSSL_SMALL_STACK_STATIC const byte msg1[] =
- {
- 0xc9,0x06,0x35
- };
- #endif /* WOLFSSL_AES_128 */
- #ifdef WOLFSSL_AES_192
- WOLFSSL_SMALL_STACK_STATIC const byte iv2[] = {
- 0x0a,0x02,0x84,0x6b,0x62,0xab,0xb6,0x93,
- 0xef,0x31,0xd7,0x54,0x84,0x2e,0xed,0x29
- };
- WOLFSSL_SMALL_STACK_STATIC const byte key2[] =
- {
- 0xba,0xf0,0x8b,0x76,0x31,0x7a,0x65,0xc5,
- 0xf0,0x7a,0xe6,0xf5,0x7e,0xb0,0xe6,0x54,
- 0x88,0x65,0x93,0x24,0xd2,0x97,0x09,0xe3
- };
- WOLFSSL_SMALL_STACK_STATIC const byte cipher2[] =
- {
- 0x72,0x9c,0x0b,0x6d,0xeb,0x75,0xfa,0x6e,
- 0xb5,0xe8
- };
- WOLFSSL_SMALL_STACK_STATIC const byte msg2[] =
- {
- 0x98,0x95,0x93,0x24,0x02,0x39,0x3d,0xc3,
- 0x3a,0x60
- };
- #endif
- #ifdef WOLFSSL_AES_256
- WOLFSSL_SMALL_STACK_STATIC const byte iv3[] = {
- 0x33,0x8c,0x55,0x2f,0xf1,0xec,0xa1,0x44,
- 0x08,0xe0,0x5d,0x8c,0xf9,0xf3,0xb3,0x1b
- };
- WOLFSSL_SMALL_STACK_STATIC const byte key3[] =
- {
- 0x06,0x48,0x74,0x09,0x2f,0x7a,0x13,0xcc,
- 0x44,0x62,0x24,0x7a,0xd4,0x23,0xd0,0xe9,
- 0x6e,0xdf,0x42,0xe8,0xb6,0x7a,0x5a,0x23,
- 0xb7,0xa0,0xa6,0x47,0x7b,0x09,0x8e,0x66
- };
- WOLFSSL_SMALL_STACK_STATIC const byte cipher3[] =
- {
- 0x1c,0xff,0x95
- };
- WOLFSSL_SMALL_STACK_STATIC const byte msg3[] =
- {
- 0xb9,0x74,0xfa
- };
- #endif
- #ifdef WOLFSSL_SMALL_STACK
- if ((enc = (Aes *)XMALLOC(sizeof *enc, HEAP_HINT, DYNAMIC_TYPE_AES)) == NULL)
- ERROR_OUT(-5238, out);
- #ifdef HAVE_AES_DECRYPT
- if ((dec = (Aes *)XMALLOC(sizeof *dec, HEAP_HINT, DYNAMIC_TYPE_AES)) == NULL)
- ERROR_OUT(-5239, out);
- #endif
- #endif
- if (wc_AesInit(enc, HEAP_HINT, devId) != 0)
- ERROR_OUT(-5224, out);
- else
- enc_inited = 1;
- #ifdef HAVE_AES_DECRYPT
- if (wc_AesInit(dec, HEAP_HINT, devId) != 0)
- ERROR_OUT(-5225, out);
- else
- dec_inited = 1;
- #endif
- #ifdef WOLFSSL_AES_128
- /* 128 key tests */
- #ifdef OPENSSL_EXTRA
- ret = EVP_test(EVP_aes_128_cfb8(), key1, iv, msg1, sizeof(msg1),
- cipher1, sizeof(cipher1));
- if (ret != 0) {
- return ret;
- }
- #endif
- ret = wc_AesSetKey(enc, key1, AES_BLOCK_SIZE, iv, AES_ENCRYPTION);
- if (ret != 0)
- ERROR_OUT(-5226, out);
- #ifdef HAVE_AES_DECRYPT
- /* decrypt uses AES_ENCRYPTION */
- ret = wc_AesSetKey(dec, key1, AES_BLOCK_SIZE, iv, AES_ENCRYPTION);
- if (ret != 0)
- ERROR_OUT(-5227, out);
- #endif
- XMEMSET(cipher, 0, sizeof(cipher));
- ret = wc_AesCfb8Encrypt(enc, cipher, msg1, sizeof(msg1));
- if (ret != 0)
- ERROR_OUT(-5228, out);
- if (XMEMCMP(cipher, cipher1, sizeof(cipher1)) != 0)
- ERROR_OUT(-5229, out);
- #ifdef HAVE_AES_DECRYPT
- ret = wc_AesCfb8Decrypt(dec, plain, cipher, sizeof(msg1));
- if (ret != 0)
- ERROR_OUT(-5230, out);
- if (XMEMCMP(plain, msg1, sizeof(msg1)) != 0)
- ERROR_OUT(-5231, out);
- #endif /* HAVE_AES_DECRYPT */
- #endif /* WOLFSSL_AES_128 */
- #ifdef WOLFSSL_AES_192
- /* 192 key tests */
- ret = wc_AesSetKey(enc, key2, sizeof(key2), iv2, AES_ENCRYPTION);
- if (ret != 0)
- ERROR_OUT(-5232, out);
- XMEMSET(cipher, 0, sizeof(cipher));
- ret = wc_AesCfb8Encrypt(enc, cipher, msg2, sizeof(msg2));
- if (ret != 0)
- ERROR_OUT(-5233, out);
- if (XMEMCMP(cipher, cipher2, sizeof(msg2)) != 0)
- ERROR_OUT(-5234, out);
- #ifdef OPENSSL_EXTRA
- ret = EVP_test(EVP_aes_192_cfb8(), key2, iv2, msg2, sizeof(msg2),
- cipher2, sizeof(msg2));
- if (ret != 0) {
- return ret;
- }
- #endif
- #endif /* WOLFSSL_AES_192 */
- #ifdef WOLFSSL_AES_256
- /* 256 key tests */
- ret = wc_AesSetKey(enc, key3, sizeof(key3), iv3, AES_ENCRYPTION);
- if (ret != 0)
- ERROR_OUT(-5235, out);
- XMEMSET(cipher, 0, sizeof(cipher));
- ret = wc_AesCfb8Encrypt(enc, cipher, msg3, sizeof(msg3));
- if (ret != 0)
- ERROR_OUT(-5236, out);
- if (XMEMCMP(cipher, cipher3, sizeof(cipher3)) != 0)
- ERROR_OUT(-5237, out);
- #ifdef OPENSSL_EXTRA
- ret = EVP_test(EVP_aes_256_cfb8(), key3, iv3, msg3, sizeof(msg3),
- cipher3, sizeof(msg3));
- if (ret != 0) {
- goto out;
- }
- #endif
- out:
- if (enc_inited)
- wc_AesFree(enc);
- #ifdef HAVE_AES_DECRYPT
- if (dec_inited)
- wc_AesFree(dec);
- #endif
- #ifdef WOLFSSL_SMALL_STACK
- if (enc)
- XFREE(enc, HEAP_HINT, DYNAMIC_TYPE_AES);
- #ifdef HAVE_AES_DECRYPT
- if (dec)
- XFREE(dec, HEAP_HINT, DYNAMIC_TYPE_AES);
- #endif
- #endif
- #endif /* WOLFSSL_AES_256 */
- return ret;
- }
- #endif /* !HAVE_SELFTEST && !HAVE_FIPS */
- #endif /* WOLFSSL_AES_CFB */
- static int aes_key_size_test(void)
- {
- int ret;
- #ifdef WOLFSSL_SMALL_STACK
- Aes *aes;
- #else
- Aes aes[1];
- #endif
- byte key16[] = { 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37,
- 0x38, 0x39, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66 };
- #ifndef WOLFSSL_CRYPTOCELL
- byte key24[] = { 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37,
- 0x38, 0x39, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66,
- 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37 };
- #endif
- byte key32[] = { 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37,
- 0x38, 0x39, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66,
- 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37,
- 0x38, 0x39, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66 };
- byte iv[] = "1234567890abcdef";
- #ifndef HAVE_FIPS
- word32 keySize;
- #endif
- #ifdef WOLFSSL_SMALL_STACK
- if ((aes = (Aes *)XMALLOC(sizeof *aes, HEAP_HINT, DYNAMIC_TYPE_AES)) == NULL)
- return -5315;
- #endif
- #if !defined(HAVE_FIPS) || \
- defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION >= 2)
- /* w/ FIPS v1 (cert 2425) wc_AesInit just returns 0 always as it's not
- * supported with that FIPS version */
- ret = wc_AesInit(NULL, HEAP_HINT, devId);
- if (ret != BAD_FUNC_ARG)
- ERROR_OUT(-5300, out);
- #endif
- ret = wc_AesInit(aes, HEAP_HINT, devId);
- /* 0 check OK for FIPSv1 */
- if (ret != 0)
- ERROR_OUT(-5301, out);
- #ifndef HAVE_FIPS
- /* Parameter Validation testing. */
- ret = wc_AesGetKeySize(NULL, NULL);
- if (ret != BAD_FUNC_ARG)
- ERROR_OUT(-5302, out);
- ret = wc_AesGetKeySize(aes, NULL);
- if (ret != BAD_FUNC_ARG)
- ERROR_OUT(-5303, out);
- ret = wc_AesGetKeySize(NULL, &keySize);
- if (ret != BAD_FUNC_ARG)
- ERROR_OUT(-5304, out);
- /* Crashes in FIPS */
- ret = wc_AesSetKey(NULL, key16, sizeof(key16), iv, AES_ENCRYPTION);
- if (ret != BAD_FUNC_ARG)
- ERROR_OUT(-5305, out);
- #endif
- /* NULL IV indicates to use all zeros IV. */
- ret = wc_AesSetKey(aes, key16, sizeof(key16), NULL, AES_ENCRYPTION);
- #ifdef WOLFSSL_AES_128
- if (ret != 0)
- #else
- if (ret != BAD_FUNC_ARG)
- #endif
- ERROR_OUT(-5306, out);
- ret = wc_AesSetKey(aes, key32, sizeof(key32) - 1, iv, AES_ENCRYPTION);
- if (ret != BAD_FUNC_ARG)
- ERROR_OUT(-5307, out);
- /* CryptoCell handles rounds internally */
- #if !defined(HAVE_FIPS) && !defined(WOLFSSL_CRYPTOCELL)
- /* Force invalid rounds */
- aes->rounds = 16;
- ret = wc_AesGetKeySize(aes, &keySize);
- if (ret != BAD_FUNC_ARG)
- ERROR_OUT(-5308, out);
- #endif
- ret = wc_AesSetKey(aes, key16, sizeof(key16), iv, AES_ENCRYPTION);
- #ifdef WOLFSSL_AES_128
- if (ret != 0)
- #else
- if (ret != BAD_FUNC_ARG)
- #endif
- ERROR_OUT(-5309, out);
- #if !defined(HAVE_FIPS) && defined(WOLFSSL_AES_128)
- ret = wc_AesGetKeySize(aes, &keySize);
- if (ret != 0 || keySize != sizeof(key16))
- ERROR_OUT(-5310, out);
- #endif
- #ifndef WOLFSSL_CRYPTOCELL
- /* Cryptocell only supports AES-128 key size */
- ret = wc_AesSetKey(aes, key24, sizeof(key24), iv, AES_ENCRYPTION);
- #ifdef WOLFSSL_AES_192
- if (ret != 0)
- #else
- if (ret != BAD_FUNC_ARG)
- #endif
- ERROR_OUT(-5311, out);
- #if !defined(HAVE_FIPS) && defined(WOLFSSL_AES_192)
- ret = wc_AesGetKeySize(aes, &keySize);
- if (ret != 0 || keySize != sizeof(key24))
- ERROR_OUT(-5312, out);
- #endif
- ret = wc_AesSetKey(aes, key32, sizeof(key32), iv, AES_ENCRYPTION);
- #ifdef WOLFSSL_AES_256
- if (ret != 0)
- #else
- if (ret != BAD_FUNC_ARG)
- #endif
- ERROR_OUT(-5313, out);
- #if !defined(HAVE_FIPS) && defined(WOLFSSL_AES_256)
- ret = wc_AesGetKeySize(aes, &keySize);
- if (ret != 0 || keySize != sizeof(key32))
- ERROR_OUT(-5314, out);
- #endif
- #endif /* !WOLFSSL_CRYPTOCELL */
- out:
- #ifdef WOLFSSL_SMALL_STACK
- XFREE(aes, HEAP_HINT, DYNAMIC_TYPE_AES);
- #endif
- return ret;
- }
- #if defined(WOLFSSL_AES_XTS)
- /* test vectors from http://csrc.nist.gov/groups/STM/cavp/block-cipher-modes.html */
- #ifdef WOLFSSL_AES_128
- static int aes_xts_128_test(void)
- {
- #ifdef WOLFSSL_SMALL_STACK
- XtsAes *aes = NULL;
- #else
- XtsAes aes[1];
- #endif
- int aes_inited = 0;
- int ret = 0;
- unsigned char buf[AES_BLOCK_SIZE * 2];
- unsigned char cipher[AES_BLOCK_SIZE * 2];
- /* 128 key tests */
- WOLFSSL_SMALL_STACK_STATIC unsigned char k1[] = {
- 0xa1, 0xb9, 0x0c, 0xba, 0x3f, 0x06, 0xac, 0x35,
- 0x3b, 0x2c, 0x34, 0x38, 0x76, 0x08, 0x17, 0x62,
- 0x09, 0x09, 0x23, 0x02, 0x6e, 0x91, 0x77, 0x18,
- 0x15, 0xf2, 0x9d, 0xab, 0x01, 0x93, 0x2f, 0x2f
- };
- WOLFSSL_SMALL_STACK_STATIC unsigned char i1[] = {
- 0x4f, 0xae, 0xf7, 0x11, 0x7c, 0xda, 0x59, 0xc6,
- 0x6e, 0x4b, 0x92, 0x01, 0x3e, 0x76, 0x8a, 0xd5
- };
- WOLFSSL_SMALL_STACK_STATIC unsigned char p1[] = {
- 0xeb, 0xab, 0xce, 0x95, 0xb1, 0x4d, 0x3c, 0x8d,
- 0x6f, 0xb3, 0x50, 0x39, 0x07, 0x90, 0x31, 0x1c
- };
- /* plain text test of partial block is not from NIST test vector list */
- WOLFSSL_SMALL_STACK_STATIC unsigned char pp[] = {
- 0xeb, 0xab, 0xce, 0x95, 0xb1, 0x4d, 0x3c, 0x8d,
- 0x6f, 0xb3, 0x50, 0x39, 0x07, 0x90, 0x31, 0x1c,
- 0x6e, 0x4b, 0x92, 0x01, 0x3e, 0x76, 0x8a, 0xd5
- };
- WOLFSSL_SMALL_STACK_STATIC unsigned char c1[] = {
- 0x77, 0x8a, 0xe8, 0xb4, 0x3c, 0xb9, 0x8d, 0x5a,
- 0x82, 0x50, 0x81, 0xd5, 0xbe, 0x47, 0x1c, 0x63
- };
- WOLFSSL_SMALL_STACK_STATIC unsigned char k2[] = {
- 0x39, 0x25, 0x79, 0x05, 0xdf, 0xcc, 0x77, 0x76,
- 0x6c, 0x87, 0x0a, 0x80, 0x6a, 0x60, 0xe3, 0xc0,
- 0x93, 0xd1, 0x2a, 0xcf, 0xcb, 0x51, 0x42, 0xfa,
- 0x09, 0x69, 0x89, 0x62, 0x5b, 0x60, 0xdb, 0x16
- };
- WOLFSSL_SMALL_STACK_STATIC unsigned char i2[] = {
- 0x5c, 0xf7, 0x9d, 0xb6, 0xc5, 0xcd, 0x99, 0x1a,
- 0x1c, 0x78, 0x81, 0x42, 0x24, 0x95, 0x1e, 0x84
- };
- WOLFSSL_SMALL_STACK_STATIC unsigned char p2[] = {
- 0xbd, 0xc5, 0x46, 0x8f, 0xbc, 0x8d, 0x50, 0xa1,
- 0x0d, 0x1c, 0x85, 0x7f, 0x79, 0x1c, 0x5c, 0xba,
- 0xb3, 0x81, 0x0d, 0x0d, 0x73, 0xcf, 0x8f, 0x20,
- 0x46, 0xb1, 0xd1, 0x9e, 0x7d, 0x5d, 0x8a, 0x56
- };
- WOLFSSL_SMALL_STACK_STATIC unsigned char c2[] = {
- 0xd6, 0xbe, 0x04, 0x6d, 0x41, 0xf2, 0x3b, 0x5e,
- 0xd7, 0x0b, 0x6b, 0x3d, 0x5c, 0x8e, 0x66, 0x23,
- 0x2b, 0xe6, 0xb8, 0x07, 0xd4, 0xdc, 0xc6, 0x0e,
- 0xff, 0x8d, 0xbc, 0x1d, 0x9f, 0x7f, 0xc8, 0x22
- };
- #ifdef WOLFSSL_SMALL_STACK
- if ((aes = (XtsAes *)XMALLOC(sizeof *aes, HEAP_HINT, DYNAMIC_TYPE_AES)) == NULL)
- ERROR_OUT(-5417, out);
- #endif
- #if defined(OPENSSL_EXTRA) && !defined(HAVE_SELFTEST) && !defined(HAVE_FIPS)
- ret = EVP_test(EVP_aes_128_xts(), k2, i2, p2, sizeof(p2), c2, sizeof(c2));
- if (ret != 0) {
- printf("EVP_aes_128_xts failed!\n");
- goto out;
- }
- #endif
- XMEMSET(buf, 0, sizeof(buf));
- if (wc_AesXtsSetKey(aes, k2, sizeof(k2), AES_ENCRYPTION,
- HEAP_HINT, devId) != 0)
- ERROR_OUT(-5400, out);
- else
- aes_inited = 1;
- ret = wc_AesXtsEncrypt(aes, buf, p2, sizeof(p2), i2, sizeof(i2));
- #if defined(WOLFSSL_ASYNC_CRYPT)
- ret = wc_AsyncWait(ret, &aes->aes.asyncDev, WC_ASYNC_FLAG_NONE);
- #endif
- if (ret != 0)
- ERROR_OUT(-5401, out);
- if (XMEMCMP(c2, buf, sizeof(c2)))
- ERROR_OUT(-5402, out);
- XMEMSET(buf, 0, sizeof(buf));
- if (wc_AesXtsSetKey(aes, k1, sizeof(k1), AES_ENCRYPTION,
- HEAP_HINT, devId) != 0)
- ERROR_OUT(-5403, out);
- ret = wc_AesXtsEncrypt(aes, buf, p1, sizeof(p1), i1, sizeof(i1));
- #if defined(WOLFSSL_ASYNC_CRYPT)
- ret = wc_AsyncWait(ret, &aes->aes.asyncDev, WC_ASYNC_FLAG_NONE);
- #endif
- if (ret != 0)
- ERROR_OUT(-5404, out);
- if (XMEMCMP(c1, buf, AES_BLOCK_SIZE))
- ERROR_OUT(-5405, out);
- /* partial block encryption test */
- XMEMSET(cipher, 0, sizeof(cipher));
- ret = wc_AesXtsEncrypt(aes, cipher, pp, sizeof(pp), i1, sizeof(i1));
- #if defined(WOLFSSL_ASYNC_CRYPT)
- ret = wc_AsyncWait(ret, &aes->aes.asyncDev, WC_ASYNC_FLAG_NONE);
- #endif
- if (ret != 0)
- ERROR_OUT(-5406, out);
- wc_AesXtsFree(aes);
- /* partial block decrypt test */
- XMEMSET(buf, 0, sizeof(buf));
- if (wc_AesXtsSetKey(aes, k1, sizeof(k1), AES_DECRYPTION,
- HEAP_HINT, devId) != 0)
- ERROR_OUT(-5407, out);
- ret = wc_AesXtsDecrypt(aes, buf, cipher, sizeof(pp), i1, sizeof(i1));
- #if defined(WOLFSSL_ASYNC_CRYPT)
- ret = wc_AsyncWait(ret, &aes->aes.asyncDev, WC_ASYNC_FLAG_NONE);
- #endif
- if (ret != 0)
- ERROR_OUT(-5408, out);
- if (XMEMCMP(pp, buf, sizeof(pp)))
- ERROR_OUT(-5409, out);
- /* NIST decrypt test vector */
- XMEMSET(buf, 0, sizeof(buf));
- ret = wc_AesXtsDecrypt(aes, buf, c1, sizeof(c1), i1, sizeof(i1));
- #if defined(WOLFSSL_ASYNC_CRYPT)
- ret = wc_AsyncWait(ret, &aes->aes.asyncDev, WC_ASYNC_FLAG_NONE);
- #endif
- if (ret != 0)
- ERROR_OUT(-5410, out);
- if (XMEMCMP(p1, buf, AES_BLOCK_SIZE))
- ERROR_OUT(-5411, out);
- /* fail case with decrypting using wrong key */
- XMEMSET(buf, 0, sizeof(buf));
- ret = wc_AesXtsDecrypt(aes, buf, c2, sizeof(c2), i2, sizeof(i2));
- #if defined(WOLFSSL_ASYNC_CRYPT)
- ret = wc_AsyncWait(ret, &aes->aes.asyncDev, WC_ASYNC_FLAG_NONE);
- #endif
- if (ret != 0)
- ERROR_OUT(-5412, out);
- if (XMEMCMP(p2, buf, sizeof(p2)) == 0) /* fail case with wrong key */
- ERROR_OUT(-5413, out);
- /* set correct key and retest */
- XMEMSET(buf, 0, sizeof(buf));
- if (wc_AesXtsSetKey(aes, k2, sizeof(k2), AES_DECRYPTION,
- HEAP_HINT, devId) != 0)
- ERROR_OUT(-5414, out);
- ret = wc_AesXtsDecrypt(aes, buf, c2, sizeof(c2), i2, sizeof(i2));
- #if defined(WOLFSSL_ASYNC_CRYPT)
- ret = wc_AsyncWait(ret, &aes->aes.asyncDev, WC_ASYNC_FLAG_NONE);
- #endif
- if (ret != 0)
- ERROR_OUT(-5415, out);
- if (XMEMCMP(p2, buf, sizeof(p2)))
- ERROR_OUT(-5416, out);
- out:
- if (aes_inited)
- wc_AesXtsFree(aes);
- #ifdef WOLFSSL_SMALL_STACK
- if (aes)
- XFREE(aes, HEAP_HINT, DYNAMIC_TYPE_AES);
- #endif
- return ret;
- }
- #endif /* WOLFSSL_AES_128 */
- #ifdef WOLFSSL_AES_256
- static int aes_xts_256_test(void)
- {
- #ifdef WOLFSSL_SMALL_STACK
- XtsAes *aes = NULL;
- #else
- XtsAes aes[1];
- #endif
- int aes_inited = 0;
- int ret = 0;
- unsigned char buf[AES_BLOCK_SIZE * 3];
- unsigned char cipher[AES_BLOCK_SIZE * 3];
- /* 256 key tests */
- WOLFSSL_SMALL_STACK_STATIC unsigned char k1[] = {
- 0x1e, 0xa6, 0x61, 0xc5, 0x8d, 0x94, 0x3a, 0x0e,
- 0x48, 0x01, 0xe4, 0x2f, 0x4b, 0x09, 0x47, 0x14,
- 0x9e, 0x7f, 0x9f, 0x8e, 0x3e, 0x68, 0xd0, 0xc7,
- 0x50, 0x52, 0x10, 0xbd, 0x31, 0x1a, 0x0e, 0x7c,
- 0xd6, 0xe1, 0x3f, 0xfd, 0xf2, 0x41, 0x8d, 0x8d,
- 0x19, 0x11, 0xc0, 0x04, 0xcd, 0xa5, 0x8d, 0xa3,
- 0xd6, 0x19, 0xb7, 0xe2, 0xb9, 0x14, 0x1e, 0x58,
- 0x31, 0x8e, 0xea, 0x39, 0x2c, 0xf4, 0x1b, 0x08
- };
- WOLFSSL_SMALL_STACK_STATIC unsigned char i1[] = {
- 0xad, 0xf8, 0xd9, 0x26, 0x27, 0x46, 0x4a, 0xd2,
- 0xf0, 0x42, 0x8e, 0x84, 0xa9, 0xf8, 0x75, 0x64
- };
- WOLFSSL_SMALL_STACK_STATIC unsigned char p1[] = {
- 0x2e, 0xed, 0xea, 0x52, 0xcd, 0x82, 0x15, 0xe1,
- 0xac, 0xc6, 0x47, 0xe8, 0x10, 0xbb, 0xc3, 0x64,
- 0x2e, 0x87, 0x28, 0x7f, 0x8d, 0x2e, 0x57, 0xe3,
- 0x6c, 0x0a, 0x24, 0xfb, 0xc1, 0x2a, 0x20, 0x2e
- };
- /* plain text test of partial block is not from NIST test vector list */
- WOLFSSL_SMALL_STACK_STATIC unsigned char pp[] = {
- 0xeb, 0xab, 0xce, 0x95, 0xb1, 0x4d, 0x3c, 0x8d,
- 0x6f, 0xb3, 0x50, 0x39, 0x07, 0x90, 0x31, 0x1c,
- 0x6e, 0x4b, 0x92, 0x01, 0x3e, 0x76, 0x8a, 0xd5
- };
- WOLFSSL_SMALL_STACK_STATIC unsigned char c1[] = {
- 0xcb, 0xaa, 0xd0, 0xe2, 0xf6, 0xce, 0xa3, 0xf5,
- 0x0b, 0x37, 0xf9, 0x34, 0xd4, 0x6a, 0x9b, 0x13,
- 0x0b, 0x9d, 0x54, 0xf0, 0x7e, 0x34, 0xf3, 0x6a,
- 0xf7, 0x93, 0xe8, 0x6f, 0x73, 0xc6, 0xd7, 0xdb
- };
- WOLFSSL_SMALL_STACK_STATIC unsigned char k2[] = {
- 0xad, 0x50, 0x4b, 0x85, 0xd7, 0x51, 0xbf, 0xba,
- 0x69, 0x13, 0xb4, 0xcc, 0x79, 0xb6, 0x5a, 0x62,
- 0xf7, 0xf3, 0x9d, 0x36, 0x0f, 0x35, 0xb5, 0xec,
- 0x4a, 0x7e, 0x95, 0xbd, 0x9b, 0xa5, 0xf2, 0xec,
- 0xc1, 0xd7, 0x7e, 0xa3, 0xc3, 0x74, 0xbd, 0x4b,
- 0x13, 0x1b, 0x07, 0x83, 0x87, 0xdd, 0x55, 0x5a,
- 0xb5, 0xb0, 0xc7, 0xe5, 0x2d, 0xb5, 0x06, 0x12,
- 0xd2, 0xb5, 0x3a, 0xcb, 0x47, 0x8a, 0x53, 0xb4
- };
- WOLFSSL_SMALL_STACK_STATIC unsigned char i2[] = {
- 0xe6, 0x42, 0x19, 0xed, 0xe0, 0xe1, 0xc2, 0xa0,
- 0x0e, 0xf5, 0x58, 0x6a, 0xc4, 0x9b, 0xeb, 0x6f
- };
- WOLFSSL_SMALL_STACK_STATIC unsigned char p2[] = {
- 0x24, 0xcb, 0x76, 0x22, 0x55, 0xb5, 0xa8, 0x00,
- 0xf4, 0x6e, 0x80, 0x60, 0x56, 0x9e, 0x05, 0x53,
- 0xbc, 0xfe, 0x86, 0x55, 0x3b, 0xca, 0xd5, 0x89,
- 0xc7, 0x54, 0x1a, 0x73, 0xac, 0xc3, 0x9a, 0xbd,
- 0x53, 0xc4, 0x07, 0x76, 0xd8, 0xe8, 0x22, 0x61,
- 0x9e, 0xa9, 0xad, 0x77, 0xa0, 0x13, 0x4c, 0xfc
- };
- WOLFSSL_SMALL_STACK_STATIC unsigned char c2[] = {
- 0xa3, 0xc6, 0xf3, 0xf3, 0x82, 0x79, 0x5b, 0x10,
- 0x87, 0xd7, 0x02, 0x50, 0xdb, 0x2c, 0xd3, 0xb1,
- 0xa1, 0x62, 0xa8, 0xb6, 0xdc, 0x12, 0x60, 0x61,
- 0xc1, 0x0a, 0x84, 0xa5, 0x85, 0x3f, 0x3a, 0x89,
- 0xe6, 0x6c, 0xdb, 0xb7, 0x9a, 0xb4, 0x28, 0x9b,
- 0xc3, 0xea, 0xd8, 0x10, 0xe9, 0xc0, 0xaf, 0x92
- };
- #ifdef WOLFSSL_SMALL_STACK
- if ((aes = (XtsAes *)XMALLOC(sizeof *aes, HEAP_HINT, DYNAMIC_TYPE_AES)) == NULL)
- ERROR_OUT(-5515, out);
- #endif
- #if defined(OPENSSL_EXTRA) && !defined(HAVE_SELFTEST) && !defined(HAVE_FIPS)
- ret = EVP_test(EVP_aes_256_xts(), k2, i2, p2, sizeof(p2), c2, sizeof(c2));
- if (ret != 0) {
- printf("EVP_aes_256_xts failed\n");
- goto out;
- }
- #endif
- XMEMSET(buf, 0, sizeof(buf));
- if (wc_AesXtsSetKey(aes, k2, sizeof(k2), AES_ENCRYPTION,
- HEAP_HINT, devId) != 0)
- ERROR_OUT(-5500, out);
- else
- aes_inited = 1;
- ret = wc_AesXtsEncrypt(aes, buf, p2, sizeof(p2), i2, sizeof(i2));
- #if defined(WOLFSSL_ASYNC_CRYPT)
- ret = wc_AsyncWait(ret, &aes->aes.asyncDev, WC_ASYNC_FLAG_NONE);
- #endif
- if (ret != 0)
- ERROR_OUT(-5501, out);
- if (XMEMCMP(c2, buf, sizeof(c2)))
- ERROR_OUT(-5502, out);
- XMEMSET(buf, 0, sizeof(buf));
- if (wc_AesXtsSetKey(aes, k1, sizeof(k1), AES_ENCRYPTION,
- HEAP_HINT, devId) != 0)
- ERROR_OUT(-5503, out);
- ret = wc_AesXtsEncrypt(aes, buf, p1, sizeof(p1), i1, sizeof(i1));
- #if defined(WOLFSSL_ASYNC_CRYPT)
- ret = wc_AsyncWait(ret, &aes->aes.asyncDev, WC_ASYNC_FLAG_NONE);
- #endif
- if (ret != 0)
- ERROR_OUT(-5504, out);
- if (XMEMCMP(c1, buf, AES_BLOCK_SIZE))
- ERROR_OUT(-5505, out);
- /* partial block encryption test */
- XMEMSET(cipher, 0, sizeof(cipher));
- ret = wc_AesXtsEncrypt(aes, cipher, pp, sizeof(pp), i1, sizeof(i1));
- #if defined(WOLFSSL_ASYNC_CRYPT)
- ret = wc_AsyncWait(ret, &aes->aes.asyncDev, WC_ASYNC_FLAG_NONE);
- #endif
- if (ret != 0)
- ERROR_OUT(-5506, out);
- wc_AesXtsFree(aes);
- /* partial block decrypt test */
- XMEMSET(buf, 0, sizeof(buf));
- if (wc_AesXtsSetKey(aes, k1, sizeof(k1), AES_DECRYPTION,
- HEAP_HINT, devId) != 0)
- ERROR_OUT(-5507, out);
- ret = wc_AesXtsDecrypt(aes, buf, cipher, sizeof(pp), i1, sizeof(i1));
- #if defined(WOLFSSL_ASYNC_CRYPT)
- ret = wc_AsyncWait(ret, &aes->aes.asyncDev, WC_ASYNC_FLAG_NONE);
- #endif
- if (ret != 0)
- ERROR_OUT(-5508, out);
- if (XMEMCMP(pp, buf, sizeof(pp)))
- ERROR_OUT(-5509, out);
- /* NIST decrypt test vector */
- XMEMSET(buf, 0, sizeof(buf));
- ret = wc_AesXtsDecrypt(aes, buf, c1, sizeof(c1), i1, sizeof(i1));
- #if defined(WOLFSSL_ASYNC_CRYPT)
- ret = wc_AsyncWait(ret, &aes->aes.asyncDev, WC_ASYNC_FLAG_NONE);
- #endif
- if (ret != 0)
- ERROR_OUT(-5510, out);
- if (XMEMCMP(p1, buf, AES_BLOCK_SIZE))
- ERROR_OUT(-5511, out);
- XMEMSET(buf, 0, sizeof(buf));
- if (wc_AesXtsSetKey(aes, k2, sizeof(k2), AES_DECRYPTION,
- HEAP_HINT, devId) != 0)
- ERROR_OUT(-5512, out);
- ret = wc_AesXtsDecrypt(aes, buf, c2, sizeof(c2), i2, sizeof(i2));
- #if defined(WOLFSSL_ASYNC_CRYPT)
- ret = wc_AsyncWait(ret, &aes->aes.asyncDev, WC_ASYNC_FLAG_NONE);
- #endif
- if (ret != 0)
- ERROR_OUT(-5513, out);
- if (XMEMCMP(p2, buf, sizeof(p2)))
- ERROR_OUT(-5514, out);
- out:
- if (aes_inited)
- wc_AesXtsFree(aes);
- #ifdef WOLFSSL_SMALL_STACK
- if (aes)
- XFREE(aes, HEAP_HINT, DYNAMIC_TYPE_AES);
- #endif
- return ret;
- }
- #endif /* WOLFSSL_AES_256 */
- #if defined(WOLFSSL_AES_128) && defined(WOLFSSL_AES_256)
- /* both 128 and 256 bit key test */
- static int aes_xts_sector_test(void)
- {
- #ifdef WOLFSSL_SMALL_STACK
- XtsAes *aes = NULL;
- #else
- XtsAes aes[1];
- #endif
- int aes_inited = 0;
- int ret = 0;
- unsigned char buf[AES_BLOCK_SIZE * 2];
- /* 128 key tests */
- WOLFSSL_SMALL_STACK_STATIC unsigned char k1[] = {
- 0xa3, 0xe4, 0x0d, 0x5b, 0xd4, 0xb6, 0xbb, 0xed,
- 0xb2, 0xd1, 0x8c, 0x70, 0x0a, 0xd2, 0xdb, 0x22,
- 0x10, 0xc8, 0x11, 0x90, 0x64, 0x6d, 0x67, 0x3c,
- 0xbc, 0xa5, 0x3f, 0x13, 0x3e, 0xab, 0x37, 0x3c
- };
- WOLFSSL_SMALL_STACK_STATIC unsigned char p1[] = {
- 0x20, 0xe0, 0x71, 0x94, 0x05, 0x99, 0x3f, 0x09,
- 0xa6, 0x6a, 0xe5, 0xbb, 0x50, 0x0e, 0x56, 0x2c
- };
- WOLFSSL_SMALL_STACK_STATIC unsigned char c1[] = {
- 0x74, 0x62, 0x35, 0x51, 0x21, 0x02, 0x16, 0xac,
- 0x92, 0x6b, 0x96, 0x50, 0xb6, 0xd3, 0xfa, 0x52
- };
- word64 s1 = 141;
- /* 256 key tests */
- WOLFSSL_SMALL_STACK_STATIC unsigned char k2[] = {
- 0xef, 0x01, 0x0c, 0xa1, 0xa3, 0x66, 0x3e, 0x32,
- 0x53, 0x43, 0x49, 0xbc, 0x0b, 0xae, 0x62, 0x23,
- 0x2a, 0x15, 0x73, 0x34, 0x85, 0x68, 0xfb, 0x9e,
- 0xf4, 0x17, 0x68, 0xa7, 0x67, 0x4f, 0x50, 0x7a,
- 0x72, 0x7f, 0x98, 0x75, 0x53, 0x97, 0xd0, 0xe0,
- 0xaa, 0x32, 0xf8, 0x30, 0x33, 0x8c, 0xc7, 0xa9,
- 0x26, 0xc7, 0x73, 0xf0, 0x9e, 0x57, 0xb3, 0x57,
- 0xcd, 0x15, 0x6a, 0xfb, 0xca, 0x46, 0xe1, 0xa0
- };
- WOLFSSL_SMALL_STACK_STATIC unsigned char p2[] = {
- 0xed, 0x98, 0xe0, 0x17, 0x70, 0xa8, 0x53, 0xb4,
- 0x9d, 0xb9, 0xe6, 0xaa, 0xf8, 0x8f, 0x0a, 0x41,
- 0xb9, 0xb5, 0x6e, 0x91, 0xa5, 0xa2, 0xb1, 0x1d,
- 0x40, 0x52, 0x92, 0x54, 0xf5, 0x52, 0x3e, 0x75
- };
- WOLFSSL_SMALL_STACK_STATIC unsigned char c2[] = {
- 0xca, 0x20, 0xc5, 0x5e, 0x8d, 0xc1, 0x49, 0x68,
- 0x7d, 0x25, 0x41, 0xde, 0x39, 0xc3, 0xdf, 0x63,
- 0x00, 0xbb, 0x5a, 0x16, 0x3c, 0x10, 0xce, 0xd3,
- 0x66, 0x6b, 0x13, 0x57, 0xdb, 0x8b, 0xd3, 0x9d
- };
- word64 s2 = 187;
- #ifdef WOLFSSL_SMALL_STACK
- if ((aes = (XtsAes *)XMALLOC(sizeof *aes, HEAP_HINT, DYNAMIC_TYPE_AES)) == NULL)
- ERROR_OUT(-5612, out);
- #endif
- XMEMSET(buf, 0, sizeof(buf));
- if (wc_AesXtsSetKey(aes, k1, sizeof(k1), AES_ENCRYPTION,
- HEAP_HINT, devId) != 0)
- ERROR_OUT(-5600, out);
- else
- aes_inited = 1;
- ret = wc_AesXtsEncryptSector(aes, buf, p1, sizeof(p1), s1);
- #if defined(WOLFSSL_ASYNC_CRYPT)
- ret = wc_AsyncWait(ret, &aes->aes.asyncDev, WC_ASYNC_FLAG_NONE);
- #endif
- if (ret != 0)
- ERROR_OUT(-5601, out);
- if (XMEMCMP(c1, buf, AES_BLOCK_SIZE))
- ERROR_OUT(-5602, out);
- /* decrypt test */
- XMEMSET(buf, 0, sizeof(buf));
- if (wc_AesXtsSetKey(aes, k1, sizeof(k1), AES_DECRYPTION,
- HEAP_HINT, devId) != 0)
- ERROR_OUT(-5603, out);
- ret = wc_AesXtsDecryptSector(aes, buf, c1, sizeof(c1), s1);
- #if defined(WOLFSSL_ASYNC_CRYPT)
- ret = wc_AsyncWait(ret, &aes->aes.asyncDev, WC_ASYNC_FLAG_NONE);
- #endif
- if (ret != 0)
- ERROR_OUT(-5604, out);
- if (XMEMCMP(p1, buf, AES_BLOCK_SIZE))
- ERROR_OUT(-5605, out);
- wc_AesXtsFree(aes);
- /* 256 bit key tests */
- XMEMSET(buf, 0, sizeof(buf));
- if (wc_AesXtsSetKey(aes, k2, sizeof(k2), AES_ENCRYPTION,
- HEAP_HINT, devId) != 0)
- ERROR_OUT(-5606, out);
- ret = wc_AesXtsEncryptSector(aes, buf, p2, sizeof(p2), s2);
- #if defined(WOLFSSL_ASYNC_CRYPT)
- ret = wc_AsyncWait(ret, &aes->aes.asyncDev, WC_ASYNC_FLAG_NONE);
- #endif
- if (ret != 0)
- ERROR_OUT(-5607, out);
- if (XMEMCMP(c2, buf, sizeof(c2)))
- ERROR_OUT(-5608, out);
- /* decrypt test */
- XMEMSET(buf, 0, sizeof(buf));
- if (wc_AesXtsSetKey(aes, k2, sizeof(k2), AES_DECRYPTION,
- HEAP_HINT, devId) != 0)
- ERROR_OUT(-5609, out);
- ret = wc_AesXtsDecryptSector(aes, buf, c2, sizeof(c2), s2);
- #if defined(WOLFSSL_ASYNC_CRYPT)
- ret = wc_AsyncWait(ret, &aes->aes.asyncDev, WC_ASYNC_FLAG_NONE);
- #endif
- if (ret != 0)
- ERROR_OUT(-5610, out);
- if (XMEMCMP(p2, buf, sizeof(p2)))
- ERROR_OUT(-5611, out);
- out:
- if (aes_inited)
- wc_AesXtsFree(aes);
- #ifdef WOLFSSL_SMALL_STACK
- if (aes)
- XFREE(aes, HEAP_HINT, DYNAMIC_TYPE_AES);
- #endif
- return ret;
- }
- #endif /* WOLFSSL_AES_128 && WOLFSSL_AES_256 */
- #ifdef WOLFSSL_AES_128
- /* testing of bad arguments */
- static int aes_xts_args_test(void)
- {
- #ifdef WOLFSSL_SMALL_STACK
- XtsAes *aes = NULL;
- #else
- XtsAes aes[1];
- #endif
- int aes_inited = 0;
- int ret;
- unsigned char buf[AES_BLOCK_SIZE * 2];
- /* 128 key tests */
- WOLFSSL_SMALL_STACK_STATIC unsigned char k1[] = {
- 0xa3, 0xe4, 0x0d, 0x5b, 0xd4, 0xb6, 0xbb, 0xed,
- 0xb2, 0xd1, 0x8c, 0x70, 0x0a, 0xd2, 0xdb, 0x22,
- 0x10, 0xc8, 0x11, 0x90, 0x64, 0x6d, 0x67, 0x3c,
- 0xbc, 0xa5, 0x3f, 0x13, 0x3e, 0xab, 0x37, 0x3c
- };
- WOLFSSL_SMALL_STACK_STATIC unsigned char p1[] = {
- 0x20, 0xe0, 0x71, 0x94, 0x05, 0x99, 0x3f, 0x09,
- 0xa6, 0x6a, 0xe5, 0xbb, 0x50, 0x0e, 0x56, 0x2c
- };
- WOLFSSL_SMALL_STACK_STATIC unsigned char c1[] = {
- 0x74, 0x62, 0x35, 0x51, 0x21, 0x02, 0x16, 0xac,
- 0x92, 0x6b, 0x96, 0x50, 0xb6, 0xd3, 0xfa, 0x52
- };
- word64 s1 = 141;
- #ifdef WOLFSSL_SMALL_STACK
- if ((aes = (XtsAes *)XMALLOC(sizeof *aes, HEAP_HINT, DYNAMIC_TYPE_AES)) == NULL)
- ERROR_OUT(-5708, out);
- #endif
- if (wc_AesXtsSetKey(NULL, k1, sizeof(k1), AES_ENCRYPTION,
- HEAP_HINT, devId) == 0)
- ERROR_OUT(-5700, out);
- if (wc_AesXtsSetKey(aes, NULL, sizeof(k1), AES_ENCRYPTION,
- HEAP_HINT, devId) == 0)
- ERROR_OUT(-5701, out);
- /* encryption operations */
- if (wc_AesXtsSetKey(aes, k1, sizeof(k1), AES_ENCRYPTION,
- HEAP_HINT, devId) != 0)
- ERROR_OUT(-5702, out);
- else
- aes_inited = 1;
- ret = wc_AesXtsEncryptSector(NULL, buf, p1, sizeof(p1), s1);
- #if defined(WOLFSSL_ASYNC_CRYPT)
- ret = wc_AsyncWait(ret, &aes->aes.asyncDev, WC_ASYNC_FLAG_NONE);
- #endif
- if (ret == 0)
- ERROR_OUT(-5703, out);
- ret = wc_AesXtsEncryptSector(aes, NULL, p1, sizeof(p1), s1);
- #if defined(WOLFSSL_ASYNC_CRYPT)
- ret = wc_AsyncWait(ret, &aes->aes.asyncDev, WC_ASYNC_FLAG_NONE);
- #endif
- if (ret == 0)
- ERROR_OUT(-5704, out);
- wc_AesXtsFree(aes);
- /* decryption operations */
- if (wc_AesXtsSetKey(aes, k1, sizeof(k1), AES_DECRYPTION,
- HEAP_HINT, devId) != 0)
- ERROR_OUT(-5705, out);
- ret = wc_AesXtsDecryptSector(NULL, buf, c1, sizeof(c1), s1);
- #if defined(WOLFSSL_ASYNC_CRYPT)
- ret = wc_AsyncWait(ret, &aes->aes.asyncDev, WC_ASYNC_FLAG_NONE);
- #endif
- if (ret == 0)
- ERROR_OUT(-5706, out);
- ret = wc_AesXtsDecryptSector(aes, NULL, c1, sizeof(c1), s1);
- #if defined(WOLFSSL_ASYNC_CRYPT)
- ret = wc_AsyncWait(ret, &aes->aes.asyncDev, WC_ASYNC_FLAG_NONE);
- #endif
- if (ret == 0)
- ERROR_OUT(-5707, out);
- ret = 0;
- out:
- if (aes_inited)
- wc_AesXtsFree(aes);
- #ifdef WOLFSSL_SMALL_STACK
- if (aes)
- XFREE(aes, HEAP_HINT, DYNAMIC_TYPE_AES);
- #endif
- return ret;
- }
- #endif /* WOLFSSL_AES_128 */
- #endif /* WOLFSSL_AES_XTS */
- #if defined(HAVE_AES_CBC) && defined(WOLFSSL_AES_128)
- static int aes_cbc_test(void)
- {
- byte cipher[AES_BLOCK_SIZE];
- byte plain[AES_BLOCK_SIZE];
- int ret;
- WOLFSSL_SMALL_STACK_STATIC const byte msg[] = { /* "Now is the time for all " w/o trailing 0 */
- 0x6e,0x6f,0x77,0x20,0x69,0x73,0x20,0x74,
- 0x68,0x65,0x20,0x74,0x69,0x6d,0x65,0x20,
- 0x66,0x6f,0x72,0x20,0x61,0x6c,0x6c,0x20
- };
- byte key[] = "0123456789abcdef "; /* align */
- byte iv[] = "1234567890abcdef "; /* align */
- XMEMSET(cipher, 0, AES_BLOCK_SIZE);
- XMEMSET(plain, 0, AES_BLOCK_SIZE);
- /* Parameter Validation testing. */
- ret = wc_AesCbcEncryptWithKey(cipher, msg, AES_BLOCK_SIZE, key, 17, NULL);
- if (ret != BAD_FUNC_ARG)
- return -5800;
- #ifdef HAVE_AES_DECRYPT
- ret = wc_AesCbcDecryptWithKey(plain, cipher, AES_BLOCK_SIZE, key, 17, NULL);
- if (ret != BAD_FUNC_ARG)
- return -5801;
- #endif
- ret = wc_AesCbcEncryptWithKey(cipher, msg, AES_BLOCK_SIZE, key,
- AES_BLOCK_SIZE, iv);
- if (ret != 0)
- return -5802;
- #ifdef HAVE_AES_DECRYPT
- ret = wc_AesCbcDecryptWithKey(plain, cipher, AES_BLOCK_SIZE, key,
- AES_BLOCK_SIZE, iv);
- if (ret != 0)
- return -5803;
- if (XMEMCMP(plain, msg, AES_BLOCK_SIZE) != 0)
- return -5804;
- #endif /* HAVE_AES_DECRYPT */
- (void)plain;
- return 0;
- }
- #endif
- WOLFSSL_TEST_SUBROUTINE int aes_test(void)
- {
- #if defined(HAVE_AES_CBC) || defined(WOLFSSL_AES_COUNTER) || defined(WOLFSSL_AES_DIRECT)
- #ifdef WOLFSSL_SMALL_STACK
- Aes *enc = (Aes *)XMALLOC(sizeof *enc, HEAP_HINT, DYNAMIC_TYPE_AES);
- #else
- Aes enc[1];
- #endif
- byte cipher[AES_BLOCK_SIZE * 4];
- #if defined(HAVE_AES_DECRYPT) || defined(WOLFSSL_AES_COUNTER) || defined(WOLFSSL_AES_DIRECT)
- #ifdef WOLFSSL_SMALL_STACK
- Aes *dec = (Aes *)XMALLOC(sizeof *dec, HEAP_HINT, DYNAMIC_TYPE_AES);
- #else
- Aes dec[1];
- #endif
- byte plain [AES_BLOCK_SIZE * 4];
- #endif
- #endif /* HAVE_AES_CBC || WOLFSSL_AES_COUNTER */
- int ret = 0;
- #ifdef HAVE_AES_CBC
- #ifdef WOLFSSL_AES_128
- WOLFSSL_SMALL_STACK_STATIC const byte msg[] = { /* "Now is the time for all " w/o trailing 0 */
- 0x6e,0x6f,0x77,0x20,0x69,0x73,0x20,0x74,
- 0x68,0x65,0x20,0x74,0x69,0x6d,0x65,0x20,
- 0x66,0x6f,0x72,0x20,0x61,0x6c,0x6c,0x20
- };
- WOLFSSL_SMALL_STACK_STATIC const byte verify[] =
- {
- 0x95,0x94,0x92,0x57,0x5f,0x42,0x81,0x53,
- 0x2c,0xcc,0x9d,0x46,0x77,0xa2,0x33,0xcb
- };
- WOLFSSL_SMALL_STACK_STATIC const byte key[] = "0123456789abcdef "; /* align */
- WOLFSSL_SMALL_STACK_STATIC const byte iv[] = "1234567890abcdef "; /* align */
- #ifdef WOLFSSL_SMALL_STACK
- #if defined(HAVE_AES_CBC) || defined(WOLFSSL_AES_COUNTER) || defined(WOLFSSL_AES_DIRECT)
- if (enc == NULL)
- ERROR_OUT(-5948, out);
- #endif
- #if defined(HAVE_AES_DECRYPT) || defined(WOLFSSL_AES_COUNTER) || defined(WOLFSSL_AES_DIRECT)
- if (dec == NULL)
- ERROR_OUT(-5949, out);
- #endif
- #endif
- if (wc_AesInit(enc, HEAP_HINT, devId) != 0)
- ERROR_OUT(-5900, out); /* note this error code is used programmatically in cleanup. */
- #if defined(HAVE_AES_DECRYPT) || defined(WOLFSSL_AES_COUNTER)
- if (wc_AesInit(dec, HEAP_HINT, devId) != 0)
- ERROR_OUT(-5901, out); /* note this error code is used programmatically in cleanup. */
- #endif
- ret = wc_AesSetKey(enc, key, AES_BLOCK_SIZE, iv, AES_ENCRYPTION);
- if (ret != 0)
- ERROR_OUT(-5902, out);
- #if defined(HAVE_AES_DECRYPT) || defined(WOLFSSL_AES_COUNTER)
- ret = wc_AesSetKey(dec, key, AES_BLOCK_SIZE, iv, AES_DECRYPTION);
- if (ret != 0)
- ERROR_OUT(-5903, out);
- #endif
- XMEMSET(cipher, 0, AES_BLOCK_SIZE * 4);
- ret = wc_AesCbcEncrypt(enc, cipher, msg, AES_BLOCK_SIZE);
- #if defined(WOLFSSL_ASYNC_CRYPT)
- ret = wc_AsyncWait(ret, &enc->asyncDev, WC_ASYNC_FLAG_NONE);
- #endif
- if (ret != 0)
- ERROR_OUT(-5904, out);
- #ifdef HAVE_AES_DECRYPT
- XMEMSET(plain, 0, AES_BLOCK_SIZE * 4);
- ret = wc_AesCbcDecrypt(dec, plain, cipher, AES_BLOCK_SIZE);
- #if defined(WOLFSSL_ASYNC_CRYPT)
- ret = wc_AsyncWait(ret, &dec->asyncDev, WC_ASYNC_FLAG_NONE);
- #endif
- if (ret != 0)
- ERROR_OUT(-5905, out);
- if (XMEMCMP(plain, msg, AES_BLOCK_SIZE))
- ERROR_OUT(-5906, out);
- #endif /* HAVE_AES_DECRYPT */
- if (XMEMCMP(cipher, verify, AES_BLOCK_SIZE))
- ERROR_OUT(-5907, out);
- #endif /* WOLFSSL_AES_128 */
- #if defined(WOLFSSL_AESNI) && defined(HAVE_AES_DECRYPT)
- {
- WOLFSSL_SMALL_STACK_STATIC const byte bigMsg[] = {
- /* "All work and no play makes Jack a dull boy. " */
- 0x41,0x6c,0x6c,0x20,0x77,0x6f,0x72,0x6b,
- 0x20,0x61,0x6e,0x64,0x20,0x6e,0x6f,0x20,
- 0x70,0x6c,0x61,0x79,0x20,0x6d,0x61,0x6b,
- 0x65,0x73,0x20,0x4a,0x61,0x63,0x6b,0x20,
- 0x61,0x20,0x64,0x75,0x6c,0x6c,0x20,0x62,
- 0x6f,0x79,0x2e,0x20,0x41,0x6c,0x6c,0x20,
- 0x77,0x6f,0x72,0x6b,0x20,0x61,0x6e,0x64,
- 0x20,0x6e,0x6f,0x20,0x70,0x6c,0x61,0x79,
- 0x20,0x6d,0x61,0x6b,0x65,0x73,0x20,0x4a,
- 0x61,0x63,0x6b,0x20,0x61,0x20,0x64,0x75,
- 0x6c,0x6c,0x20,0x62,0x6f,0x79,0x2e,0x20,
- 0x41,0x6c,0x6c,0x20,0x77,0x6f,0x72,0x6b,
- 0x20,0x61,0x6e,0x64,0x20,0x6e,0x6f,0x20,
- 0x70,0x6c,0x61,0x79,0x20,0x6d,0x61,0x6b,
- 0x65,0x73,0x20,0x4a,0x61,0x63,0x6b,0x20,
- 0x61,0x20,0x64,0x75,0x6c,0x6c,0x20,0x62,
- 0x6f,0x79,0x2e,0x20,0x41,0x6c,0x6c,0x20,
- 0x77,0x6f,0x72,0x6b,0x20,0x61,0x6e,0x64,
- 0x20,0x6e,0x6f,0x20,0x70,0x6c,0x61,0x79,
- 0x20,0x6d,0x61,0x6b,0x65,0x73,0x20,0x4a,
- 0x61,0x63,0x6b,0x20,0x61,0x20,0x64,0x75,
- 0x6c,0x6c,0x20,0x62,0x6f,0x79,0x2e,0x20,
- 0x41,0x6c,0x6c,0x20,0x77,0x6f,0x72,0x6b,
- 0x20,0x61,0x6e,0x64,0x20,0x6e,0x6f,0x20,
- 0x70,0x6c,0x61,0x79,0x20,0x6d,0x61,0x6b,
- 0x65,0x73,0x20,0x4a,0x61,0x63,0x6b,0x20,
- 0x61,0x20,0x64,0x75,0x6c,0x6c,0x20,0x62,
- 0x6f,0x79,0x2e,0x20,0x41,0x6c,0x6c,0x20,
- 0x77,0x6f,0x72,0x6b,0x20,0x61,0x6e,0x64,
- 0x20,0x6e,0x6f,0x20,0x70,0x6c,0x61,0x79,
- 0x20,0x6d,0x61,0x6b,0x65,0x73,0x20,0x4a,
- 0x61,0x63,0x6b,0x20,0x61,0x20,0x64,0x75,
- 0x6c,0x6c,0x20,0x62,0x6f,0x79,0x2e,0x20,
- 0x41,0x6c,0x6c,0x20,0x77,0x6f,0x72,0x6b,
- 0x20,0x61,0x6e,0x64,0x20,0x6e,0x6f,0x20,
- 0x70,0x6c,0x61,0x79,0x20,0x6d,0x61,0x6b,
- 0x65,0x73,0x20,0x4a,0x61,0x63,0x6b,0x20,
- 0x61,0x20,0x64,0x75,0x6c,0x6c,0x20,0x62,
- 0x6f,0x79,0x2e,0x20,0x41,0x6c,0x6c,0x20,
- 0x77,0x6f,0x72,0x6b,0x20,0x61,0x6e,0x64,
- 0x20,0x6e,0x6f,0x20,0x70,0x6c,0x61,0x79,
- 0x20,0x6d,0x61,0x6b,0x65,0x73,0x20,0x4a,
- 0x61,0x63,0x6b,0x20,0x61,0x20,0x64,0x75,
- 0x6c,0x6c,0x20,0x62,0x6f,0x79,0x2e,0x20,
- 0x41,0x6c,0x6c,0x20,0x77,0x6f,0x72,0x6b,
- 0x20,0x61,0x6e,0x64,0x20,0x6e,0x6f,0x20,
- 0x70,0x6c,0x61,0x79,0x20,0x6d,0x61,0x6b,
- 0x65,0x73,0x20,0x4a,0x61,0x63,0x6b,0x20
- };
- WOLFSSL_SMALL_STACK_STATIC const byte bigKey[] = "0123456789abcdeffedcba9876543210";
- word32 keySz, msgSz;
- #ifdef WOLFSSL_SMALL_STACK
- byte *bigCipher = (byte *)XMALLOC(sizeof(bigMsg), HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- byte *bigPlain = (byte *)XMALLOC(sizeof(bigMsg), HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- if ((bigCipher == NULL) ||
- (bigPlain == NULL)) {
- if (bigCipher != NULL)
- XFREE(bigCipher, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- ERROR_OUT(-5947, out);
- }
- #else
- byte bigCipher[sizeof(bigMsg)];
- byte bigPlain[sizeof(bigMsg)];
- #endif
- /* Iterate from one AES_BLOCK_SIZE of bigMsg through the whole
- * message by AES_BLOCK_SIZE for each size of AES key. */
- for (keySz = 16; keySz <= 32; keySz += 8) {
- for (msgSz = AES_BLOCK_SIZE;
- msgSz <= sizeof(bigMsg);
- msgSz += AES_BLOCK_SIZE) {
- XMEMSET(bigCipher, 0, sizeof(bigMsg));
- XMEMSET(bigPlain, 0, sizeof(bigMsg));
- ret = wc_AesSetKey(enc, bigKey, keySz, iv, AES_ENCRYPTION);
- if (ret != 0) {
- ret = -5908;
- break;
- }
- ret = wc_AesSetKey(dec, bigKey, keySz, iv, AES_DECRYPTION);
- if (ret != 0) {
- ret = -5909;
- break;
- }
- ret = wc_AesCbcEncrypt(enc, bigCipher, bigMsg, msgSz);
- #if defined(WOLFSSL_ASYNC_CRYPT)
- ret = wc_AsyncWait(ret, &enc->asyncDev, WC_ASYNC_FLAG_NONE);
- #endif
- if (ret != 0) {
- ret = -5910;
- break;
- }
- ret = wc_AesCbcDecrypt(dec, bigPlain, bigCipher, msgSz);
- #if defined(WOLFSSL_ASYNC_CRYPT)
- ret = wc_AsyncWait(ret, &dec->asyncDev, WC_ASYNC_FLAG_NONE);
- #endif
- if (ret != 0) {
- ret = -5911;
- break;
- }
- if (XMEMCMP(bigPlain, bigMsg, msgSz)) {
- ret = -5912;
- break;
- }
- }
- if (ret != 0)
- break;
- }
- #ifdef WOLFSSL_SMALL_STACK
- XFREE(bigCipher, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- XFREE(bigPlain, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- #endif
- if (ret != 0)
- goto out;
- }
- #endif /* WOLFSSL_AESNI && HAVE_AES_DECRYPT */
- /* Test of AES IV state with encrypt/decrypt */
- #ifdef WOLFSSL_AES_128
- {
- /* Test Vector from "NIST Special Publication 800-38A, 2001 Edition"
- * https://nvlpubs.nist.gov/nistpubs/legacy/sp/nistspecialpublication800-38a.pdf
- */
- WOLFSSL_SMALL_STACK_STATIC const byte msg2[] =
- {
- 0x6b, 0xc1, 0xbe, 0xe2, 0x2e, 0x40, 0x9f, 0x96,
- 0xe9, 0x3d, 0x7e, 0x11, 0x73, 0x93, 0x17, 0x2a,
- 0xae, 0x2d, 0x8a, 0x57, 0x1e, 0x03, 0xac, 0x9c,
- 0x9e, 0xb7, 0x6f, 0xac, 0x45, 0xaf, 0x8e, 0x51
- };
- WOLFSSL_SMALL_STACK_STATIC const byte verify2[] =
- {
- 0x76, 0x49, 0xab, 0xac, 0x81, 0x19, 0xb2, 0x46,
- 0xce, 0xe9, 0x8e, 0x9b, 0x12, 0xe9, 0x19, 0x7d,
- 0x50, 0x86, 0xcb, 0x9b, 0x50, 0x72, 0x19, 0xee,
- 0x95, 0xdb, 0x11, 0x3a, 0x91, 0x76, 0x78, 0xb2
- };
- WOLFSSL_SMALL_STACK_STATIC const byte key2[] = {
- 0x2b, 0x7e, 0x15, 0x16, 0x28, 0xae, 0xd2, 0xa6,
- 0xab, 0xf7, 0x15, 0x88, 0x09, 0xcf, 0x4f, 0x3c
- };
- WOLFSSL_SMALL_STACK_STATIC const byte iv2[] = {
- 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
- 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f
- };
- ret = wc_AesSetKey(enc, key2, sizeof(key2), iv2, AES_ENCRYPTION);
- if (ret != 0)
- ERROR_OUT(-5913, out);
- XMEMSET(cipher, 0, AES_BLOCK_SIZE * 2);
- ret = wc_AesCbcEncrypt(enc, cipher, msg2, AES_BLOCK_SIZE);
- #if defined(WOLFSSL_ASYNC_CRYPT)
- ret = wc_AsyncWait(ret, &enc->asyncDev, WC_ASYNC_FLAG_NONE);
- #endif
- if (ret != 0)
- ERROR_OUT(-5914, out);
- if (XMEMCMP(cipher, verify2, AES_BLOCK_SIZE))
- ERROR_OUT(-5915, out);
- ret = wc_AesCbcEncrypt(enc, cipher + AES_BLOCK_SIZE,
- msg2 + AES_BLOCK_SIZE, AES_BLOCK_SIZE);
- #if defined(WOLFSSL_ASYNC_CRYPT)
- ret = wc_AsyncWait(ret, &enc->asyncDev, WC_ASYNC_FLAG_NONE);
- #endif
- if (ret != 0)
- ERROR_OUT(-5916, out);
- if (XMEMCMP(cipher + AES_BLOCK_SIZE, verify2 + AES_BLOCK_SIZE,
- AES_BLOCK_SIZE))
- ERROR_OUT(-5917, out);
- #if defined(HAVE_AES_DECRYPT)
- ret = wc_AesSetKey(dec, key2, sizeof(key2), iv2, AES_DECRYPTION);
- if (ret != 0)
- ERROR_OUT(-5918, out);
- XMEMSET(plain, 0, AES_BLOCK_SIZE * 2);
- ret = wc_AesCbcDecrypt(dec, plain, verify2, AES_BLOCK_SIZE);
- #if defined(WOLFSSL_ASYNC_CRYPT)
- ret = wc_AsyncWait(ret, &dec->asyncDev, WC_ASYNC_FLAG_NONE);
- #endif
- if (ret != 0)
- ERROR_OUT(-5919, out);
- if (XMEMCMP(plain, msg2, AES_BLOCK_SIZE))
- ERROR_OUT(-5920, out);
- ret = wc_AesCbcDecrypt(dec, plain + AES_BLOCK_SIZE,
- verify2 + AES_BLOCK_SIZE, AES_BLOCK_SIZE);
- #if defined(WOLFSSL_ASYNC_CRYPT)
- ret = wc_AsyncWait(ret, &dec->asyncDev, WC_ASYNC_FLAG_NONE);
- #endif
- if (ret != 0)
- ERROR_OUT(-5921, out);
- if (XMEMCMP(plain + AES_BLOCK_SIZE, msg2 + AES_BLOCK_SIZE,
- AES_BLOCK_SIZE))
- ERROR_OUT(-5922, out);
- #endif /* HAVE_AES_DECRYPT */
- }
- #endif /* WOLFSSL_AES_128 */
- #endif /* HAVE_AES_CBC */
- #ifdef WOLFSSL_AES_COUNTER
- {
- /* test vectors from "Recommendation for Block Cipher Modes of
- * Operation" NIST Special Publication 800-38A */
- WOLFSSL_SMALL_STACK_STATIC const byte ctrIv[] =
- {
- 0xf0,0xf1,0xf2,0xf3,0xf4,0xf5,0xf6,0xf7,
- 0xf8,0xf9,0xfa,0xfb,0xfc,0xfd,0xfe,0xff
- };
- WOLFSSL_SMALL_STACK_STATIC const byte ctrPlain[] =
- {
- 0x6b,0xc1,0xbe,0xe2,0x2e,0x40,0x9f,0x96,
- 0xe9,0x3d,0x7e,0x11,0x73,0x93,0x17,0x2a,
- 0xae,0x2d,0x8a,0x57,0x1e,0x03,0xac,0x9c,
- 0x9e,0xb7,0x6f,0xac,0x45,0xaf,0x8e,0x51,
- 0x30,0xc8,0x1c,0x46,0xa3,0x5c,0xe4,0x11,
- 0xe5,0xfb,0xc1,0x19,0x1a,0x0a,0x52,0xef,
- 0xf6,0x9f,0x24,0x45,0xdf,0x4f,0x9b,0x17,
- 0xad,0x2b,0x41,0x7b,0xe6,0x6c,0x37,0x10
- };
- #ifdef WOLFSSL_AES_128
- WOLFSSL_SMALL_STACK_STATIC const byte oddCipher[] =
- {
- 0xb9,0xd7,0xcb,0x08,0xb0,0xe1,0x7b,0xa0,
- 0xc2
- };
- WOLFSSL_SMALL_STACK_STATIC const byte ctr128Key[] =
- {
- 0x2b,0x7e,0x15,0x16,0x28,0xae,0xd2,0xa6,
- 0xab,0xf7,0x15,0x88,0x09,0xcf,0x4f,0x3c
- };
- WOLFSSL_SMALL_STACK_STATIC const byte ctr128Cipher[] =
- {
- 0x87,0x4d,0x61,0x91,0xb6,0x20,0xe3,0x26,
- 0x1b,0xef,0x68,0x64,0x99,0x0d,0xb6,0xce,
- 0x98,0x06,0xf6,0x6b,0x79,0x70,0xfd,0xff,
- 0x86,0x17,0x18,0x7b,0xb9,0xff,0xfd,0xff,
- 0x5a,0xe4,0xdf,0x3e,0xdb,0xd5,0xd3,0x5e,
- 0x5b,0x4f,0x09,0x02,0x0d,0xb0,0x3e,0xab,
- 0x1e,0x03,0x1d,0xda,0x2f,0xbe,0x03,0xd1,
- 0x79,0x21,0x70,0xa0,0xf3,0x00,0x9c,0xee
- };
- #endif /* WOLFSSL_AES_128 */
- #ifdef WOLFSSL_AES_192
- WOLFSSL_SMALL_STACK_STATIC const byte ctr192Key[] =
- {
- 0x8e,0x73,0xb0,0xf7,0xda,0x0e,0x64,0x52,
- 0xc8,0x10,0xf3,0x2b,0x80,0x90,0x79,0xe5,
- 0x62,0xf8,0xea,0xd2,0x52,0x2c,0x6b,0x7b
- };
- WOLFSSL_SMALL_STACK_STATIC const byte ctr192Cipher[] =
- {
- 0x1a,0xbc,0x93,0x24,0x17,0x52,0x1c,0xa2,
- 0x4f,0x2b,0x04,0x59,0xfe,0x7e,0x6e,0x0b,
- 0x09,0x03,0x39,0xec,0x0a,0xa6,0xfa,0xef,
- 0xd5,0xcc,0xc2,0xc6,0xf4,0xce,0x8e,0x94,
- 0x1e,0x36,0xb2,0x6b,0xd1,0xeb,0xc6,0x70,
- 0xd1,0xbd,0x1d,0x66,0x56,0x20,0xab,0xf7,
- 0x4f,0x78,0xa7,0xf6,0xd2,0x98,0x09,0x58,
- 0x5a,0x97,0xda,0xec,0x58,0xc6,0xb0,0x50
- };
- #endif
- #ifdef WOLFSSL_AES_256
- WOLFSSL_SMALL_STACK_STATIC const byte ctr256Key[] =
- {
- 0x60,0x3d,0xeb,0x10,0x15,0xca,0x71,0xbe,
- 0x2b,0x73,0xae,0xf0,0x85,0x7d,0x77,0x81,
- 0x1f,0x35,0x2c,0x07,0x3b,0x61,0x08,0xd7,
- 0x2d,0x98,0x10,0xa3,0x09,0x14,0xdf,0xf4
- };
- WOLFSSL_SMALL_STACK_STATIC const byte ctr256Cipher[] =
- {
- 0x60,0x1e,0xc3,0x13,0x77,0x57,0x89,0xa5,
- 0xb7,0xa7,0xf5,0x04,0xbb,0xf3,0xd2,0x28,
- 0xf4,0x43,0xe3,0xca,0x4d,0x62,0xb5,0x9a,
- 0xca,0x84,0xe9,0x90,0xca,0xca,0xf5,0xc5,
- 0x2b,0x09,0x30,0xda,0xa2,0x3d,0xe9,0x4c,
- 0xe8,0x70,0x17,0xba,0x2d,0x84,0x98,0x8d,
- 0xdf,0xc9,0xc5,0x8d,0xb6,0x7a,0xad,0xa6,
- 0x13,0xc2,0xdd,0x08,0x45,0x79,0x41,0xa6
- };
- #endif
- #ifdef WOLFSSL_AES_128
- wc_AesSetKeyDirect(enc, ctr128Key, sizeof(ctr128Key),
- ctrIv, AES_ENCRYPTION);
- /* Ctr only uses encrypt, even on key setup */
- wc_AesSetKeyDirect(dec, ctr128Key, sizeof(ctr128Key),
- ctrIv, AES_ENCRYPTION);
- ret = wc_AesCtrEncrypt(enc, cipher, ctrPlain, sizeof(ctrPlain));
- if (ret != 0) {
- ERROR_OUT(-5923, out);
- }
- ret = wc_AesCtrEncrypt(dec, plain, cipher, sizeof(ctrPlain));
- if (ret != 0) {
- ERROR_OUT(-5924, out);
- }
- if (XMEMCMP(plain, ctrPlain, sizeof(ctrPlain)))
- ERROR_OUT(-5925, out);
- if (XMEMCMP(cipher, ctr128Cipher, sizeof(ctr128Cipher)))
- ERROR_OUT(-5926, out);
- /* let's try with just 9 bytes, non block size test */
- wc_AesSetKeyDirect(enc, ctr128Key, AES_BLOCK_SIZE,
- ctrIv, AES_ENCRYPTION);
- /* Ctr only uses encrypt, even on key setup */
- wc_AesSetKeyDirect(dec, ctr128Key, AES_BLOCK_SIZE,
- ctrIv, AES_ENCRYPTION);
- ret = wc_AesCtrEncrypt(enc, cipher, ctrPlain, sizeof(oddCipher));
- if (ret != 0) {
- ERROR_OUT(-5927, out);
- }
- ret = wc_AesCtrEncrypt(dec, plain, cipher, sizeof(oddCipher));
- if (ret != 0) {
- ERROR_OUT(-5928, out);
- }
- if (XMEMCMP(plain, ctrPlain, sizeof(oddCipher)))
- ERROR_OUT(-5929, out);
- if (XMEMCMP(cipher, ctr128Cipher, sizeof(oddCipher)))
- ERROR_OUT(-5930, out);
- /* and an additional 9 bytes to reuse tmp left buffer */
- ret = wc_AesCtrEncrypt(enc, cipher, ctrPlain, sizeof(oddCipher));
- if (ret != 0) {
- ERROR_OUT(-5931, out);
- }
- ret = wc_AesCtrEncrypt(dec, plain, cipher, sizeof(oddCipher));
- if (ret != 0) {
- ERROR_OUT(-5932, out);
- }
- if (XMEMCMP(plain, ctrPlain, sizeof(oddCipher)))
- ERROR_OUT(-5933, out);
- if (XMEMCMP(cipher, oddCipher, sizeof(oddCipher)))
- ERROR_OUT(-5934, out);
- #endif /* WOLFSSL_AES_128 */
- #ifdef WOLFSSL_AES_192
- /* 192 bit key */
- wc_AesSetKeyDirect(enc, ctr192Key, sizeof(ctr192Key),
- ctrIv, AES_ENCRYPTION);
- /* Ctr only uses encrypt, even on key setup */
- wc_AesSetKeyDirect(dec, ctr192Key, sizeof(ctr192Key),
- ctrIv, AES_ENCRYPTION);
- XMEMSET(plain, 0, sizeof(plain));
- ret = wc_AesCtrEncrypt(enc, plain, ctr192Cipher, sizeof(ctr192Cipher));
- if (ret != 0) {
- ERROR_OUT(-5935, out);
- }
- if (XMEMCMP(plain, ctrPlain, sizeof(ctr192Cipher)))
- ERROR_OUT(-5936, out);
- ret = wc_AesCtrEncrypt(dec, cipher, ctrPlain, sizeof(ctrPlain));
- if (ret != 0) {
- ERROR_OUT(-5937, out);
- }
- if (XMEMCMP(ctr192Cipher, cipher, sizeof(ctr192Cipher)))
- ERROR_OUT(-5938, out);
- #endif /* WOLFSSL_AES_192 */
- #ifdef WOLFSSL_AES_256
- /* 256 bit key */
- wc_AesSetKeyDirect(enc, ctr256Key, sizeof(ctr256Key),
- ctrIv, AES_ENCRYPTION);
- /* Ctr only uses encrypt, even on key setup */
- wc_AesSetKeyDirect(dec, ctr256Key, sizeof(ctr256Key),
- ctrIv, AES_ENCRYPTION);
- XMEMSET(plain, 0, sizeof(plain));
- ret = wc_AesCtrEncrypt(enc, plain, ctr256Cipher, sizeof(ctr256Cipher));
- if (ret != 0) {
- ERROR_OUT(-5939, out);
- }
- if (XMEMCMP(plain, ctrPlain, sizeof(ctrPlain)))
- ERROR_OUT(-5940, out);
- ret = wc_AesCtrEncrypt(dec, cipher, ctrPlain, sizeof(ctrPlain));
- if (ret != 0) {
- ERROR_OUT(-5941, out);
- }
- if (XMEMCMP(ctr256Cipher, cipher, sizeof(ctr256Cipher)))
- ERROR_OUT(-5942, out);
- #endif /* WOLFSSL_AES_256 */
- }
- #endif /* WOLFSSL_AES_COUNTER */
- #if defined(WOLFSSL_AES_DIRECT) && defined(WOLFSSL_AES_256)
- {
- WOLFSSL_SMALL_STACK_STATIC const byte niPlain[] =
- {
- 0x6b,0xc1,0xbe,0xe2,0x2e,0x40,0x9f,0x96,
- 0xe9,0x3d,0x7e,0x11,0x73,0x93,0x17,0x2a
- };
- WOLFSSL_SMALL_STACK_STATIC const byte niCipher[] =
- {
- 0xf3,0xee,0xd1,0xbd,0xb5,0xd2,0xa0,0x3c,
- 0x06,0x4b,0x5a,0x7e,0x3d,0xb1,0x81,0xf8
- };
- WOLFSSL_SMALL_STACK_STATIC const byte niKey[] =
- {
- 0x60,0x3d,0xeb,0x10,0x15,0xca,0x71,0xbe,
- 0x2b,0x73,0xae,0xf0,0x85,0x7d,0x77,0x81,
- 0x1f,0x35,0x2c,0x07,0x3b,0x61,0x08,0xd7,
- 0x2d,0x98,0x10,0xa3,0x09,0x14,0xdf,0xf4
- };
- XMEMSET(cipher, 0, AES_BLOCK_SIZE);
- ret = wc_AesSetKey(enc, niKey, sizeof(niKey), cipher, AES_ENCRYPTION);
- if (ret != 0)
- ERROR_OUT(-5943, out);
- wc_AesEncryptDirect(enc, cipher, niPlain);
- if (XMEMCMP(cipher, niCipher, AES_BLOCK_SIZE) != 0)
- ERROR_OUT(-5944, out);
- XMEMSET(plain, 0, AES_BLOCK_SIZE);
- ret = wc_AesSetKey(dec, niKey, sizeof(niKey), plain, AES_DECRYPTION);
- if (ret != 0)
- ERROR_OUT(-5945, out);
- wc_AesDecryptDirect(dec, plain, niCipher);
- if (XMEMCMP(plain, niPlain, AES_BLOCK_SIZE) != 0)
- ERROR_OUT(-5946, out);
- }
- #endif /* WOLFSSL_AES_DIRECT && WOLFSSL_AES_256 */
- ret = aes_key_size_test();
- if (ret != 0)
- goto out;
- #if defined(HAVE_AES_CBC) && defined(WOLFSSL_AES_128)
- ret = aes_cbc_test();
- if (ret != 0)
- goto out;
- #endif
- #if defined(WOLFSSL_AES_XTS)
- #ifdef WOLFSSL_AES_128
- ret = aes_xts_128_test();
- if (ret != 0)
- goto out;
- #endif
- #ifdef WOLFSSL_AES_256
- ret = aes_xts_256_test();
- if (ret != 0)
- goto out;
- #endif
- #if defined(WOLFSSL_AES_128) && defined(WOLFSSL_AES_256)
- ret = aes_xts_sector_test();
- if (ret != 0)
- goto out;
- #endif
- #ifdef WOLFSSL_AES_128
- ret = aes_xts_args_test();
- if (ret != 0)
- goto out;
- #endif
- #endif
- #if defined(WOLFSSL_AES_CFB)
- ret = aescfb_test();
- if (ret != 0)
- goto out;
- #if !defined(HAVE_SELFTEST) && !defined(HAVE_FIPS)
- ret = aescfb1_test();
- if (ret != 0)
- goto out;
- ret = aescfb8_test();
- if (ret != 0)
- goto out;
- #endif
- #endif
- out:
- #if defined(HAVE_AES_CBC) || defined(WOLFSSL_AES_COUNTER)
- #ifdef WOLFSSL_SMALL_STACK
- if (enc) {
- if (ret != -5900) /* note this must match ERRROR_OUT() code
- * for wc_AesInit(enc, ...) failure above.
- */
- wc_AesFree(enc);
- XFREE(enc, HEAP_HINT, DYNAMIC_TYPE_AES);
- }
- #else
- if (ret != -5900)
- wc_AesFree(enc);
- #endif
- (void)cipher;
- #if defined(HAVE_AES_DECRYPT) || defined(WOLFSSL_AES_COUNTER)
- #ifdef WOLFSSL_SMALL_STACK
- if (dec) {
- if ((ret != -5900) && (ret != -5901))
- /* note these codes must match the ERRROR_OUT() codes for
- * wc_AesInit() failures above.
- */
- wc_AesFree(dec);
- XFREE(dec, HEAP_HINT, DYNAMIC_TYPE_AES);
- }
- #else
- if ((ret != -5900) && (ret != -5901))
- wc_AesFree(dec);
- #endif
- (void)plain;
- #endif
- #endif
- return ret;
- }
- #ifdef WOLFSSL_AES_192
- WOLFSSL_TEST_SUBROUTINE int aes192_test(void)
- {
- #ifdef HAVE_AES_CBC
- #ifdef WOLFSSL_SMALL_STACK
- Aes *enc = NULL;
- #else
- Aes enc[1];
- #endif
- byte cipher[AES_BLOCK_SIZE];
- #ifdef HAVE_AES_DECRYPT
- #ifdef WOLFSSL_SMALL_STACK
- Aes *dec = NULL;
- #else
- Aes dec[1];
- #endif
- byte plain[AES_BLOCK_SIZE];
- #endif
- #endif /* HAVE_AES_CBC */
- int ret = 0;
- #ifdef HAVE_AES_CBC
- /* Test vectors from NIST Special Publication 800-38A, 2001 Edition
- * Appendix F.2.3 */
- WOLFSSL_SMALL_STACK_STATIC const byte msg[] = {
- 0x6b,0xc1,0xbe,0xe2,0x2e,0x40,0x9f,0x96,
- 0xe9,0x3d,0x7e,0x11,0x73,0x93,0x17,0x2a
- };
- WOLFSSL_SMALL_STACK_STATIC const byte verify[] =
- {
- 0x4f,0x02,0x1d,0xb2,0x43,0xbc,0x63,0x3d,
- 0x71,0x78,0x18,0x3a,0x9f,0xa0,0x71,0xe8
- };
- WOLFSSL_SMALL_STACK_STATIC byte key[] = {
- 0x8e,0x73,0xb0,0xf7,0xda,0x0e,0x64,0x52,
- 0xc8,0x10,0xf3,0x2b,0x80,0x90,0x79,0xe5,
- 0x62,0xf8,0xea,0xd2,0x52,0x2c,0x6b,0x7b
- };
- WOLFSSL_SMALL_STACK_STATIC byte iv[] = {
- 0x00,0x01,0x02,0x03,0x04,0x05,0x06,0x07,
- 0x08,0x09,0x0A,0x0B,0x0C,0x0D,0x0E,0x0F
- };
- #ifdef WOLFSSL_SMALL_STACK
- if ((enc = (Aes *)XMALLOC(sizeof *enc, HEAP_HINT, DYNAMIC_TYPE_AES)) == NULL)
- ERROR_OUT(-6008, out);
- #ifdef HAVE_AES_DECRYPT
- if ((dec = (Aes *)XMALLOC(sizeof *dec, HEAP_HINT, DYNAMIC_TYPE_AES)) == NULL)
- ERROR_OUT(-6009, out);
- #endif
- #endif
- if (wc_AesInit(enc, HEAP_HINT, devId) != 0)
- ERROR_OUT(-6000, out);
- #ifdef HAVE_AES_DECRYPT
- if (wc_AesInit(dec, HEAP_HINT, devId) != 0)
- ERROR_OUT(-6001, out);
- #endif
- ret = wc_AesSetKey(enc, key, (int) sizeof(key), iv, AES_ENCRYPTION);
- if (ret != 0)
- ERROR_OUT(-6002, out);
- #ifdef HAVE_AES_DECRYPT
- ret = wc_AesSetKey(dec, key, (int) sizeof(key), iv, AES_DECRYPTION);
- if (ret != 0)
- ERROR_OUT(-6003, out);
- #endif
- XMEMSET(cipher, 0, AES_BLOCK_SIZE);
- ret = wc_AesCbcEncrypt(enc, cipher, msg, (int) sizeof(msg));
- #if defined(WOLFSSL_ASYNC_CRYPT)
- ret = wc_AsyncWait(ret, &enc->asyncDev, WC_ASYNC_FLAG_NONE);
- #endif
- if (ret != 0)
- ERROR_OUT(-6004, out);
- #ifdef HAVE_AES_DECRYPT
- XMEMSET(plain, 0, AES_BLOCK_SIZE);
- ret = wc_AesCbcDecrypt(dec, plain, cipher, (int) sizeof(cipher));
- #if defined(WOLFSSL_ASYNC_CRYPT)
- ret = wc_AsyncWait(ret, &dec->asyncDev, WC_ASYNC_FLAG_NONE);
- #endif
- if (ret != 0)
- ERROR_OUT(-6005, out);
- if (XMEMCMP(plain, msg, (int) sizeof(plain))) {
- ERROR_OUT(-6006, out);
- }
- #endif
- if (XMEMCMP(cipher, verify, (int) sizeof(cipher)))
- ERROR_OUT(-6007, out);
- wc_AesFree(enc);
- #ifdef HAVE_AES_DECRYPT
- wc_AesFree(dec);
- #endif
- out:
- #ifdef WOLFSSL_SMALL_STACK
- if (enc)
- XFREE(enc, HEAP_HINT, DYNAMIC_TYPE_AES);
- #ifdef HAVE_AES_DECRYPT
- if (dec)
- XFREE(dec, HEAP_HINT, DYNAMIC_TYPE_AES);
- #endif
- #endif
- #endif /* HAVE_AES_CBC */
- return ret;
- }
- #endif /* WOLFSSL_AES_192 */
- #ifdef WOLFSSL_AES_256
- WOLFSSL_TEST_SUBROUTINE int aes256_test(void)
- {
- #ifdef HAVE_AES_CBC
- #ifdef WOLFSSL_SMALL_STACK
- Aes *enc = NULL;
- #else
- Aes enc[1];
- #endif
- byte cipher[AES_BLOCK_SIZE];
- #ifdef HAVE_AES_DECRYPT
- #ifdef WOLFSSL_SMALL_STACK
- Aes *dec = NULL;
- #else
- Aes dec[1];
- #endif
- byte plain[AES_BLOCK_SIZE];
- #endif
- #endif /* HAVE_AES_CBC */
- int ret = 0;
- #ifdef HAVE_AES_CBC
- /* Test vectors from NIST Special Publication 800-38A, 2001 Edition,
- * Appendix F.2.5 */
- WOLFSSL_SMALL_STACK_STATIC const byte msg[] = {
- 0x6b,0xc1,0xbe,0xe2,0x2e,0x40,0x9f,0x96,
- 0xe9,0x3d,0x7e,0x11,0x73,0x93,0x17,0x2a
- };
- WOLFSSL_SMALL_STACK_STATIC const byte verify[] =
- {
- 0xf5,0x8c,0x4c,0x04,0xd6,0xe5,0xf1,0xba,
- 0x77,0x9e,0xab,0xfb,0x5f,0x7b,0xfb,0xd6
- };
- WOLFSSL_SMALL_STACK_STATIC byte key[] = {
- 0x60,0x3d,0xeb,0x10,0x15,0xca,0x71,0xbe,
- 0x2b,0x73,0xae,0xf0,0x85,0x7d,0x77,0x81,
- 0x1f,0x35,0x2c,0x07,0x3b,0x61,0x08,0xd7,
- 0x2d,0x98,0x10,0xa3,0x09,0x14,0xdf,0xf4
- };
- WOLFSSL_SMALL_STACK_STATIC byte iv[] = {
- 0x00,0x01,0x02,0x03,0x04,0x05,0x06,0x07,
- 0x08,0x09,0x0A,0x0B,0x0C,0x0D,0x0E,0x0F
- };
- #ifdef WOLFSSL_SMALL_STACK
- if ((enc = (Aes *)XMALLOC(sizeof *enc, HEAP_HINT, DYNAMIC_TYPE_AES)) == NULL)
- ERROR_OUT(-6108, out);
- #ifdef HAVE_AES_DECRYPT
- if ((dec = (Aes *)XMALLOC(sizeof *dec, HEAP_HINT, DYNAMIC_TYPE_AES)) == NULL)
- ERROR_OUT(-6109, out);
- #endif
- #endif
- if (wc_AesInit(enc, HEAP_HINT, devId) != 0)
- ERROR_OUT(-6100, out);
- #ifdef HAVE_AES_DECRYPT
- if (wc_AesInit(dec, HEAP_HINT, devId) != 0)
- ERROR_OUT(-6101, out);
- #endif
- ret = wc_AesSetKey(enc, key, (int) sizeof(key), iv, AES_ENCRYPTION);
- if (ret != 0)
- ERROR_OUT(-6102, out);
- #ifdef HAVE_AES_DECRYPT
- ret = wc_AesSetKey(dec, key, (int) sizeof(key), iv, AES_DECRYPTION);
- if (ret != 0)
- ERROR_OUT(-6103, out);
- #endif
- XMEMSET(cipher, 0, AES_BLOCK_SIZE);
- ret = wc_AesCbcEncrypt(enc, cipher, msg, (int) sizeof(msg));
- #if defined(WOLFSSL_ASYNC_CRYPT)
- ret = wc_AsyncWait(ret, &enc->asyncDev, WC_ASYNC_FLAG_NONE);
- #endif
- if (ret != 0)
- ERROR_OUT(-6104, out);
- #ifdef HAVE_AES_DECRYPT
- XMEMSET(plain, 0, AES_BLOCK_SIZE);
- ret = wc_AesCbcDecrypt(dec, plain, cipher, (int) sizeof(cipher));
- #if defined(WOLFSSL_ASYNC_CRYPT)
- ret = wc_AsyncWait(ret, &dec->asyncDev, WC_ASYNC_FLAG_NONE);
- #endif
- if (ret != 0)
- ERROR_OUT(-6105, out);
- if (XMEMCMP(plain, msg, (int) sizeof(plain))) {
- ERROR_OUT(-6106, out);
- }
- #endif
- if (XMEMCMP(cipher, verify, (int) sizeof(cipher)))
- ERROR_OUT(-6107, out);
- wc_AesFree(enc);
- #ifdef HAVE_AES_DECRYPT
- wc_AesFree(dec);
- #endif
- out:
- #ifdef WOLFSSL_SMALL_STACK
- if (enc)
- XFREE(enc, HEAP_HINT, DYNAMIC_TYPE_AES);
- #ifdef HAVE_AES_DECRYPT
- if (dec)
- XFREE(dec, HEAP_HINT, DYNAMIC_TYPE_AES);
- #endif
- #endif
- #endif /* HAVE_AES_CBC */
- return ret;
- }
- #endif /* WOLFSSL_AES_256 */
- #ifdef HAVE_AESGCM
- static int aesgcm_default_test_helper(byte* key, int keySz, byte* iv, int ivSz,
- byte* plain, int plainSz, byte* cipher, int cipherSz,
- byte* aad, int aadSz, byte* tag, int tagSz)
- {
- int ret, enc_inited = 0, dec_inited = 0;
- #ifdef WOLFSSL_SMALL_STACK
- Aes *enc = NULL;
- Aes *dec = NULL;
- #else
- Aes enc[1];
- Aes dec[1];
- #endif
- byte resultT[AES_BLOCK_SIZE];
- byte resultP[AES_BLOCK_SIZE * 3];
- byte resultC[AES_BLOCK_SIZE * 3];
- int result;
- #ifdef WOLFSSL_SMALL_STACK
- if ((enc = (Aes *)XMALLOC(sizeof *enc, HEAP_HINT, DYNAMIC_TYPE_AES)) == NULL)
- ERROR_OUT(-6118, out);
- if ((dec = (Aes *)XMALLOC(sizeof *dec, HEAP_HINT, DYNAMIC_TYPE_AES)) == NULL)
- ERROR_OUT(-6119, out);
- #endif
- XMEMSET(resultT, 0, sizeof(resultT));
- XMEMSET(resultC, 0, sizeof(resultC));
- XMEMSET(resultP, 0, sizeof(resultP));
- if (wc_AesInit(enc, HEAP_HINT, devId) != 0)
- ERROR_OUT(-6110, out);
- else
- enc_inited = 1;
- if (wc_AesInit(dec, HEAP_HINT, devId) != 0)
- ERROR_OUT(-6111, out);
- else
- dec_inited = 1;
- result = wc_AesGcmSetKey(enc, key, keySz);
- if (result != 0)
- ERROR_OUT(-6112, out);
- /* AES-GCM encrypt and decrypt both use AES encrypt internally */
- result = wc_AesGcmEncrypt(enc, resultC, plain, plainSz, iv, ivSz,
- resultT, tagSz, aad, aadSz);
- #if defined(WOLFSSL_ASYNC_CRYPT)
- result = wc_AsyncWait(result, &enc->asyncDev, WC_ASYNC_FLAG_NONE);
- #endif
- if (result != 0)
- ERROR_OUT(-6113, out);
- if (cipher != NULL) {
- if (XMEMCMP(cipher, resultC, cipherSz))
- ERROR_OUT(-6114, out);
- }
- if (XMEMCMP(tag, resultT, tagSz))
- ERROR_OUT(-6115, out);
- #ifdef HAVE_AES_DECRYPT
- result = wc_AesGcmSetKey(dec, key, keySz);
- if (result != 0)
- ERROR_OUT(-6116, out);
- result = wc_AesGcmDecrypt(dec, resultP, resultC, cipherSz,
- iv, ivSz, resultT, tagSz, aad, aadSz);
- #if defined(WOLFSSL_ASYNC_CRYPT)
- result = wc_AsyncWait(result, &dec->asyncDev, WC_ASYNC_FLAG_NONE);
- #endif
- if (result != 0)
- ERROR_OUT(-6117, out);
- if (plain != NULL) {
- if (XMEMCMP(plain, resultP, plainSz))
- ERROR_OUT(-6118, out);
- }
- #endif /* HAVE_AES_DECRYPT */
- ret = 0;
- out:
- if (enc_inited)
- wc_AesFree(enc);
- if (dec_inited)
- wc_AesFree(dec);
- #ifdef WOLFSSL_SMALL_STACK
- if (enc)
- XFREE(enc, HEAP_HINT, DYNAMIC_TYPE_AES);
- if (dec)
- XFREE(dec, HEAP_HINT, DYNAMIC_TYPE_AES);
- #endif
- return ret;
- }
- /* tests that only use 12 byte IV and 16 or less byte AAD
- * test vectors are from NIST SP 800-38D
- * https://csrc.nist.gov/Projects/Cryptographic-Algorithm-Validation-Program/CAVP-TESTING-BLOCK-CIPHER-MODES*/
- WOLFSSL_TEST_SUBROUTINE int aesgcm_default_test(void)
- {
- byte key1[] = {
- 0x29, 0x8e, 0xfa, 0x1c, 0xcf, 0x29, 0xcf, 0x62,
- 0xae, 0x68, 0x24, 0xbf, 0xc1, 0x95, 0x57, 0xfc
- };
- byte iv1[] = {
- 0x6f, 0x58, 0xa9, 0x3f, 0xe1, 0xd2, 0x07, 0xfa,
- 0xe4, 0xed, 0x2f, 0x6d
- };
- ALIGN64 byte plain1[] = {
- 0xcc, 0x38, 0xbc, 0xcd, 0x6b, 0xc5, 0x36, 0xad,
- 0x91, 0x9b, 0x13, 0x95, 0xf5, 0xd6, 0x38, 0x01,
- 0xf9, 0x9f, 0x80, 0x68, 0xd6, 0x5c, 0xa5, 0xac,
- 0x63, 0x87, 0x2d, 0xaf, 0x16, 0xb9, 0x39, 0x01
- };
- byte aad1[] = {
- 0x02, 0x1f, 0xaf, 0xd2, 0x38, 0x46, 0x39, 0x73,
- 0xff, 0xe8, 0x02, 0x56, 0xe5, 0xb1, 0xc6, 0xb1
- };
- ALIGN64 byte cipher1[] = {
- 0xdf, 0xce, 0x4e, 0x9c, 0xd2, 0x91, 0x10, 0x3d,
- 0x7f, 0xe4, 0xe6, 0x33, 0x51, 0xd9, 0xe7, 0x9d,
- 0x3d, 0xfd, 0x39, 0x1e, 0x32, 0x67, 0x10, 0x46,
- 0x58, 0x21, 0x2d, 0xa9, 0x65, 0x21, 0xb7, 0xdb
- };
- byte tag1[] = {
- 0x54, 0x24, 0x65, 0xef, 0x59, 0x93, 0x16, 0xf7,
- 0x3a, 0x7a, 0x56, 0x05, 0x09, 0xa2, 0xd9, 0xf2
- };
- byte key2[] = {
- 0x01, 0x6d, 0xbb, 0x38, 0xda, 0xa7, 0x6d, 0xfe,
- 0x7d, 0xa3, 0x84, 0xeb, 0xf1, 0x24, 0x03, 0x64
- };
- byte iv2[] = {
- 0x07, 0x93, 0xef, 0x3a, 0xda, 0x78, 0x2f, 0x78,
- 0xc9, 0x8a, 0xff, 0xe3
- };
- ALIGN64 byte plain2[] = {
- 0x4b, 0x34, 0xa9, 0xec, 0x57, 0x63, 0x52, 0x4b,
- 0x19, 0x1d, 0x56, 0x16, 0xc5, 0x47, 0xf6, 0xb7
- };
- ALIGN64 byte cipher2[] = {
- 0x60, 0x9a, 0xa3, 0xf4, 0x54, 0x1b, 0xc0, 0xfe,
- 0x99, 0x31, 0xda, 0xad, 0x2e, 0xe1, 0x5d, 0x0c
- };
- byte tag2[] = {
- 0x33, 0xaf, 0xec, 0x59, 0xc4, 0x5b, 0xaf, 0x68,
- 0x9a, 0x5e, 0x1b, 0x13, 0xae, 0x42, 0x36, 0x19
- };
- byte key3[] = {
- 0xb0, 0x1e, 0x45, 0xcc, 0x30, 0x88, 0xaa, 0xba,
- 0x9f, 0xa4, 0x3d, 0x81, 0xd4, 0x81, 0x82, 0x3f
- };
- byte iv3[] = {
- 0x5a, 0x2c, 0x4a, 0x66, 0x46, 0x87, 0x13, 0x45,
- 0x6a, 0x4b, 0xd5, 0xe1
- };
- byte tag3[] = {
- 0x01, 0x42, 0x80, 0xf9, 0x44, 0xf5, 0x3c, 0x68,
- 0x11, 0x64, 0xb2, 0xff
- };
- int ret;
- ret = aesgcm_default_test_helper(key1, sizeof(key1), iv1, sizeof(iv1),
- plain1, sizeof(plain1), cipher1, sizeof(cipher1),
- aad1, sizeof(aad1), tag1, sizeof(tag1));
- if (ret != 0) {
- return ret;
- }
- ret = aesgcm_default_test_helper(key2, sizeof(key2), iv2, sizeof(iv2),
- plain2, sizeof(plain2), cipher2, sizeof(cipher2),
- NULL, 0, tag2, sizeof(tag2));
- if (ret != 0) {
- return ret;
- }
- ret = aesgcm_default_test_helper(key3, sizeof(key3), iv3, sizeof(iv3),
- NULL, 0, NULL, 0,
- NULL, 0, tag3, sizeof(tag3));
- if (ret != 0) {
- return ret;
- }
- return 0;
- }
- WOLFSSL_TEST_SUBROUTINE int aesgcm_test(void)
- {
- #ifdef WOLFSSL_SMALL_STACK
- Aes *enc = NULL;
- Aes *dec = NULL;
- #else
- Aes enc[1];
- Aes dec[1];
- #endif
- /*
- * This is Test Case 16 from the document Galois/
- * Counter Mode of Operation (GCM) by McGrew and
- * Viega.
- */
- WOLFSSL_SMALL_STACK_STATIC const byte p[] =
- {
- 0xd9, 0x31, 0x32, 0x25, 0xf8, 0x84, 0x06, 0xe5,
- 0xa5, 0x59, 0x09, 0xc5, 0xaf, 0xf5, 0x26, 0x9a,
- 0x86, 0xa7, 0xa9, 0x53, 0x15, 0x34, 0xf7, 0xda,
- 0x2e, 0x4c, 0x30, 0x3d, 0x8a, 0x31, 0x8a, 0x72,
- 0x1c, 0x3c, 0x0c, 0x95, 0x95, 0x68, 0x09, 0x53,
- 0x2f, 0xcf, 0x0e, 0x24, 0x49, 0xa6, 0xb5, 0x25,
- 0xb1, 0x6a, 0xed, 0xf5, 0xaa, 0x0d, 0xe6, 0x57,
- 0xba, 0x63, 0x7b, 0x39
- };
- #if defined(WOLFSSL_AES_256)
- WOLFSSL_SMALL_STACK_STATIC const byte a[] =
- {
- 0xfe, 0xed, 0xfa, 0xce, 0xde, 0xad, 0xbe, 0xef,
- 0xfe, 0xed, 0xfa, 0xce, 0xde, 0xad, 0xbe, 0xef,
- 0xab, 0xad, 0xda, 0xd2
- };
- #endif
- #ifdef WOLFSSL_AES_256
- WOLFSSL_SMALL_STACK_STATIC const byte k1[] =
- {
- 0xfe, 0xff, 0xe9, 0x92, 0x86, 0x65, 0x73, 0x1c,
- 0x6d, 0x6a, 0x8f, 0x94, 0x67, 0x30, 0x83, 0x08,
- 0xfe, 0xff, 0xe9, 0x92, 0x86, 0x65, 0x73, 0x1c,
- 0x6d, 0x6a, 0x8f, 0x94, 0x67, 0x30, 0x83, 0x08
- };
- WOLFSSL_SMALL_STACK_STATIC const byte iv1[] =
- {
- 0xca, 0xfe, 0xba, 0xbe, 0xfa, 0xce, 0xdb, 0xad,
- 0xde, 0xca, 0xf8, 0x88
- };
- WOLFSSL_SMALL_STACK_STATIC const byte c1[] =
- {
- 0x52, 0x2d, 0xc1, 0xf0, 0x99, 0x56, 0x7d, 0x07,
- 0xf4, 0x7f, 0x37, 0xa3, 0x2a, 0x84, 0x42, 0x7d,
- 0x64, 0x3a, 0x8c, 0xdc, 0xbf, 0xe5, 0xc0, 0xc9,
- 0x75, 0x98, 0xa2, 0xbd, 0x25, 0x55, 0xd1, 0xaa,
- 0x8c, 0xb0, 0x8e, 0x48, 0x59, 0x0d, 0xbb, 0x3d,
- 0xa7, 0xb0, 0x8b, 0x10, 0x56, 0x82, 0x88, 0x38,
- 0xc5, 0xf6, 0x1e, 0x63, 0x93, 0xba, 0x7a, 0x0a,
- 0xbc, 0xc9, 0xf6, 0x62
- };
- #endif /* WOLFSSL_AES_256 */
- WOLFSSL_SMALL_STACK_STATIC const byte t1[] =
- {
- 0x76, 0xfc, 0x6e, 0xce, 0x0f, 0x4e, 0x17, 0x68,
- 0xcd, 0xdf, 0x88, 0x53, 0xbb, 0x2d, 0x55, 0x1b
- };
- /* FIPS, QAT and PIC32MZ HW Crypto only support 12-byte IV */
- #if !defined(HAVE_FIPS) && \
- !defined(WOLFSSL_PIC32MZ_CRYPT) && \
- !defined(FREESCALE_LTC) && !defined(FREESCALE_MMCAU) && \
- !defined(WOLFSSL_XILINX_CRYPT) && !defined(WOLFSSL_AFALG_XILINX_AES) && \
- !defined(WOLFSSL_SILABS_SE_ACCEL) && \
- !(defined(WOLF_CRYPTO_CB) && \
- (defined(HAVE_INTEL_QA_SYNC) || defined(HAVE_CAVIUM_OCTEON_SYNC)))
- #define ENABLE_NON_12BYTE_IV_TEST
- #ifdef WOLFSSL_AES_192
- /* Test Case 12, uses same plaintext and AAD data. */
- WOLFSSL_SMALL_STACK_STATIC const byte k2[] =
- {
- 0xfe, 0xff, 0xe9, 0x92, 0x86, 0x65, 0x73, 0x1c,
- 0x6d, 0x6a, 0x8f, 0x94, 0x67, 0x30, 0x83, 0x08,
- 0xfe, 0xff, 0xe9, 0x92, 0x86, 0x65, 0x73, 0x1c
- };
- WOLFSSL_SMALL_STACK_STATIC const byte iv2[] =
- {
- 0x93, 0x13, 0x22, 0x5d, 0xf8, 0x84, 0x06, 0xe5,
- 0x55, 0x90, 0x9c, 0x5a, 0xff, 0x52, 0x69, 0xaa,
- 0x6a, 0x7a, 0x95, 0x38, 0x53, 0x4f, 0x7d, 0xa1,
- 0xe4, 0xc3, 0x03, 0xd2, 0xa3, 0x18, 0xa7, 0x28,
- 0xc3, 0xc0, 0xc9, 0x51, 0x56, 0x80, 0x95, 0x39,
- 0xfc, 0xf0, 0xe2, 0x42, 0x9a, 0x6b, 0x52, 0x54,
- 0x16, 0xae, 0xdb, 0xf5, 0xa0, 0xde, 0x6a, 0x57,
- 0xa6, 0x37, 0xb3, 0x9b
- };
- WOLFSSL_SMALL_STACK_STATIC const byte c2[] =
- {
- 0xd2, 0x7e, 0x88, 0x68, 0x1c, 0xe3, 0x24, 0x3c,
- 0x48, 0x30, 0x16, 0x5a, 0x8f, 0xdc, 0xf9, 0xff,
- 0x1d, 0xe9, 0xa1, 0xd8, 0xe6, 0xb4, 0x47, 0xef,
- 0x6e, 0xf7, 0xb7, 0x98, 0x28, 0x66, 0x6e, 0x45,
- 0x81, 0xe7, 0x90, 0x12, 0xaf, 0x34, 0xdd, 0xd9,
- 0xe2, 0xf0, 0x37, 0x58, 0x9b, 0x29, 0x2d, 0xb3,
- 0xe6, 0x7c, 0x03, 0x67, 0x45, 0xfa, 0x22, 0xe7,
- 0xe9, 0xb7, 0x37, 0x3b
- };
- WOLFSSL_SMALL_STACK_STATIC const byte t2[] =
- {
- 0xdc, 0xf5, 0x66, 0xff, 0x29, 0x1c, 0x25, 0xbb,
- 0xb8, 0x56, 0x8f, 0xc3, 0xd3, 0x76, 0xa6, 0xd9
- };
- #endif /* WOLFSSL_AES_192 */
- #ifdef WOLFSSL_AES_128
- /* The following is an interesting test case from the example
- * FIPS test vectors for AES-GCM. IVlen = 1 byte */
- WOLFSSL_SMALL_STACK_STATIC const byte p3[] =
- {
- 0x57, 0xce, 0x45, 0x1f, 0xa5, 0xe2, 0x35, 0xa5,
- 0x8e, 0x1a, 0xa2, 0x3b, 0x77, 0xcb, 0xaf, 0xe2
- };
- WOLFSSL_SMALL_STACK_STATIC const byte k3[] =
- {
- 0xbb, 0x01, 0xd7, 0x03, 0x81, 0x1c, 0x10, 0x1a,
- 0x35, 0xe0, 0xff, 0xd2, 0x91, 0xba, 0xf2, 0x4b
- };
- WOLFSSL_SMALL_STACK_STATIC const byte iv3[] =
- {
- 0xca
- };
- WOLFSSL_SMALL_STACK_STATIC const byte c3[] =
- {
- 0x6b, 0x5f, 0xb3, 0x9d, 0xc1, 0xc5, 0x7a, 0x4f,
- 0xf3, 0x51, 0x4d, 0xc2, 0xd5, 0xf0, 0xd0, 0x07
- };
- WOLFSSL_SMALL_STACK_STATIC const byte a3[] =
- {
- 0x40, 0xfc, 0xdc, 0xd7, 0x4a, 0xd7, 0x8b, 0xf1,
- 0x3e, 0x7c, 0x60, 0x55, 0x50, 0x51, 0xdd, 0x54
- };
- WOLFSSL_SMALL_STACK_STATIC const byte t3[] =
- {
- 0x06, 0x90, 0xed, 0x01, 0x34, 0xdd, 0xc6, 0x95,
- 0x31, 0x2e, 0x2a, 0xf9, 0x57, 0x7a, 0x1e, 0xa6
- };
- #endif /* WOLFSSL_AES_128 */
- #ifdef WOLFSSL_AES_256
- int ivlen;
- #endif
- #endif
- byte resultT[sizeof(t1)];
- byte resultP[sizeof(p) + AES_BLOCK_SIZE];
- byte resultC[sizeof(p) + AES_BLOCK_SIZE];
- int result = 0;
- int ret;
- #ifdef WOLFSSL_AES_256
- int alen;
- #if !defined(WOLFSSL_AFALG_XILINX_AES) && !defined(WOLFSSL_XILINX_CRYPT)
- int plen;
- #endif
- #endif
- #if !defined(BENCH_EMBEDDED) && !defined(HAVE_CAVIUM)
- #if !defined(BENCH_AESGCM_LARGE)
- #define BENCH_AESGCM_LARGE 1024
- #endif
- byte *large_input = (byte *)XMALLOC(BENCH_AESGCM_LARGE, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- byte *large_output = (byte *)XMALLOC(BENCH_AESGCM_LARGE + AES_BLOCK_SIZE, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- byte *large_outdec = (byte *)XMALLOC(BENCH_AESGCM_LARGE, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- if ((! large_input) || (! large_output) || (! large_outdec))
- ERROR_OUT(MEMORY_E, out);
- XMEMSET(large_input, 0, BENCH_AESGCM_LARGE);
- XMEMSET(large_output, 0, BENCH_AESGCM_LARGE + AES_BLOCK_SIZE);
- XMEMSET(large_outdec, 0, BENCH_AESGCM_LARGE);
- #endif
- #ifdef WOLFSSL_SMALL_STACK
- if ((enc = (Aes *)XMALLOC(sizeof *enc, HEAP_HINT, DYNAMIC_TYPE_AES)) == NULL)
- ERROR_OUT(-6342, out);
- if ((dec = (Aes *)XMALLOC(sizeof *dec, HEAP_HINT, DYNAMIC_TYPE_AES)) == NULL)
- ERROR_OUT(-6343, out);
- #endif
- (void)result;
- XMEMSET(resultT, 0, sizeof(resultT));
- XMEMSET(resultC, 0, sizeof(resultC));
- XMEMSET(resultP, 0, sizeof(resultP));
- if (wc_AesInit(enc, HEAP_HINT, devId) != 0) {
- ERROR_OUT(-6300, out);
- }
- if (wc_AesInit(dec, HEAP_HINT, devId) != 0) {
- ERROR_OUT(-6301, out);
- }
- #ifdef WOLFSSL_AES_256
- result = wc_AesGcmSetKey(enc, k1, sizeof(k1));
- if (result != 0)
- ERROR_OUT(-6302, out);
- /* AES-GCM encrypt and decrypt both use AES encrypt internally */
- result = wc_AesGcmEncrypt(enc, resultC, p, sizeof(p), iv1, sizeof(iv1),
- resultT, sizeof(resultT), a, sizeof(a));
- #if defined(WOLFSSL_ASYNC_CRYPT)
- result = wc_AsyncWait(result, &enc->asyncDev, WC_ASYNC_FLAG_NONE);
- #endif
- if (result != 0)
- ERROR_OUT(-6303, out);
- if (XMEMCMP(c1, resultC, sizeof(c1)))
- ERROR_OUT(-6304, out);
- if (XMEMCMP(t1, resultT, sizeof(resultT)))
- ERROR_OUT(-6305, out);
- #ifdef HAVE_AES_DECRYPT
- result = wc_AesGcmSetKey(dec, k1, sizeof(k1));
- if (result != 0)
- ERROR_OUT(-6306, out);
- result = wc_AesGcmDecrypt(dec, resultP, resultC, sizeof(c1),
- iv1, sizeof(iv1), resultT, sizeof(resultT), a, sizeof(a));
- #if defined(WOLFSSL_ASYNC_CRYPT)
- result = wc_AsyncWait(result, &dec->asyncDev, WC_ASYNC_FLAG_NONE);
- #endif
- if (result != 0)
- ERROR_OUT(-6307, out);
- if (XMEMCMP(p, resultP, sizeof(p)))
- ERROR_OUT(-6308, out);
- #endif /* HAVE_AES_DECRYPT */
- /* Large buffer test */
- #ifdef BENCH_AESGCM_LARGE
- /* setup test buffer */
- for (alen=0; alen<BENCH_AESGCM_LARGE; alen++)
- large_input[alen] = (byte)alen;
- /* AES-GCM encrypt and decrypt both use AES encrypt internally */
- result = wc_AesGcmEncrypt(enc, large_output, large_input,
- BENCH_AESGCM_LARGE, iv1, sizeof(iv1),
- resultT, sizeof(resultT), a, sizeof(a));
- #if defined(WOLFSSL_ASYNC_CRYPT)
- result = wc_AsyncWait(result, &enc->asyncDev, WC_ASYNC_FLAG_NONE);
- #endif
- if (result != 0)
- ERROR_OUT(-6309, out);
- #ifdef HAVE_AES_DECRYPT
- result = wc_AesGcmDecrypt(dec, large_outdec, large_output,
- BENCH_AESGCM_LARGE, iv1, sizeof(iv1), resultT,
- sizeof(resultT), a, sizeof(a));
- #if defined(WOLFSSL_ASYNC_CRYPT)
- result = wc_AsyncWait(result, &dec->asyncDev, WC_ASYNC_FLAG_NONE);
- #endif
- if (result != 0)
- ERROR_OUT(-6310, out);
- if (XMEMCMP(large_input, large_outdec, BENCH_AESGCM_LARGE))
- ERROR_OUT(-6311, out);
- #endif /* HAVE_AES_DECRYPT */
- #endif /* BENCH_AESGCM_LARGE */
- #if defined(ENABLE_NON_12BYTE_IV_TEST) && defined(WOLFSSL_AES_256)
- /* Variable IV length test */
- for (ivlen=1; ivlen<(int)sizeof(k1); ivlen++) {
- /* AES-GCM encrypt and decrypt both use AES encrypt internally */
- result = wc_AesGcmEncrypt(enc, resultC, p, sizeof(p), k1,
- (word32)ivlen, resultT, sizeof(resultT), a, sizeof(a));
- #if defined(WOLFSSL_ASYNC_CRYPT)
- result = wc_AsyncWait(result, &enc->asyncDev, WC_ASYNC_FLAG_NONE);
- #endif
- if (result != 0)
- ERROR_OUT(-6312, out);
- #ifdef HAVE_AES_DECRYPT
- result = wc_AesGcmDecrypt(dec, resultP, resultC, sizeof(c1), k1,
- (word32)ivlen, resultT, sizeof(resultT), a, sizeof(a));
- #if defined(WOLFSSL_ASYNC_CRYPT)
- result = wc_AsyncWait(result, &dec->asyncDev, WC_ASYNC_FLAG_NONE);
- #endif
- if (result != 0)
- ERROR_OUT(-6313, out);
- #endif /* HAVE_AES_DECRYPT */
- }
- #endif
- #if !(defined(WOLF_CRYPTO_CB) && defined(HAVE_INTEL_QA_SYNC))
- /* Variable authenticated data length test */
- for (alen=0; alen<(int)sizeof(p); alen++) {
- /* AES-GCM encrypt and decrypt both use AES encrypt internally */
- result = wc_AesGcmEncrypt(enc, resultC, p, sizeof(p), iv1,
- sizeof(iv1), resultT, sizeof(resultT), p, (word32)alen);
- #if defined(WOLFSSL_ASYNC_CRYPT)
- result = wc_AsyncWait(result, &enc->asyncDev, WC_ASYNC_FLAG_NONE);
- #endif
- if (result != 0)
- ERROR_OUT(-6314, out);
- #ifdef HAVE_AES_DECRYPT
- result = wc_AesGcmDecrypt(dec, resultP, resultC, sizeof(c1), iv1,
- sizeof(iv1), resultT, sizeof(resultT), p, (word32)alen);
- #if defined(WOLFSSL_ASYNC_CRYPT)
- result = wc_AsyncWait(result, &dec->asyncDev, WC_ASYNC_FLAG_NONE);
- #endif
- if (result != 0)
- ERROR_OUT(-6315, out);
- #endif /* HAVE_AES_DECRYPT */
- }
- #endif
- #if !defined(WOLFSSL_AFALG_XILINX_AES) && !defined(WOLFSSL_XILINX_CRYPT)
- #ifdef BENCH_AESGCM_LARGE
- /* Variable plain text length test */
- for (plen=1; plen<BENCH_AESGCM_LARGE; plen++) {
- /* AES-GCM encrypt and decrypt both use AES encrypt internally */
- result = wc_AesGcmEncrypt(enc, large_output, large_input,
- plen, iv1, sizeof(iv1), resultT,
- sizeof(resultT), a, sizeof(a));
- #if defined(WOLFSSL_ASYNC_CRYPT)
- result = wc_AsyncWait(result, &enc->asyncDev, WC_ASYNC_FLAG_NONE);
- #endif
- if (result != 0)
- ERROR_OUT(-6316, out);
- #ifdef HAVE_AES_DECRYPT
- result = wc_AesGcmDecrypt(dec, large_outdec, large_output,
- plen, iv1, sizeof(iv1), resultT,
- sizeof(resultT), a, sizeof(a));
- #if defined(WOLFSSL_ASYNC_CRYPT)
- result = wc_AsyncWait(result, &dec->asyncDev, WC_ASYNC_FLAG_NONE);
- #endif
- if (result != 0)
- ERROR_OUT(-6317, out);
- #endif /* HAVE_AES_DECRYPT */
- }
- #else /* BENCH_AESGCM_LARGE */
- /* Variable plain text length test */
- for (plen=1; plen<(int)sizeof(p); plen++) {
- /* AES-GCM encrypt and decrypt both use AES encrypt internally */
- result = wc_AesGcmEncrypt(enc, resultC, p, (word32)plen, iv1,
- sizeof(iv1), resultT, sizeof(resultT), a, sizeof(a));
- #if defined(WOLFSSL_ASYNC_CRYPT)
- result = wc_AsyncWait(result, &enc->asyncDev, WC_ASYNC_FLAG_NONE);
- #endif
- if (result != 0)
- ERROR_OUT(-6318, out);
- #ifdef HAVE_AES_DECRYPT
- result = wc_AesGcmDecrypt(dec, resultP, resultC, (word32)plen, iv1,
- sizeof(iv1), resultT, sizeof(resultT), a, sizeof(a));
- #if defined(WOLFSSL_ASYNC_CRYPT)
- result = wc_AsyncWait(result, &dec->asyncDev, WC_ASYNC_FLAG_NONE);
- #endif
- if (result != 0)
- ERROR_OUT(-6319, out);
- #endif /* HAVE_AES_DECRYPT */
- }
- #endif /* BENCH_AESGCM_LARGE */
- #endif
- #endif /* WOLFSSL_AES_256 */
- /* test with IV != 12 bytes */
- #ifdef ENABLE_NON_12BYTE_IV_TEST
- XMEMSET(resultT, 0, sizeof(resultT));
- XMEMSET(resultC, 0, sizeof(resultC));
- XMEMSET(resultP, 0, sizeof(resultP));
- #ifdef WOLFSSL_AES_192
- wc_AesGcmSetKey(enc, k2, sizeof(k2));
- /* AES-GCM encrypt and decrypt both use AES encrypt internally */
- result = wc_AesGcmEncrypt(enc, resultC, p, sizeof(p), iv2, sizeof(iv2),
- resultT, sizeof(resultT), a, sizeof(a));
- #if defined(WOLFSSL_ASYNC_CRYPT)
- result = wc_AsyncWait(result, &enc->asyncDev, WC_ASYNC_FLAG_NONE);
- #endif
- if (result != 0)
- ERROR_OUT(-6320, out);
- if (XMEMCMP(c2, resultC, sizeof(c2)))
- ERROR_OUT(-6321, out);
- if (XMEMCMP(t2, resultT, sizeof(resultT)))
- ERROR_OUT(-6322, out);
- #ifdef HAVE_AES_DECRYPT
- result = wc_AesGcmDecrypt(enc, resultP, resultC, sizeof(c1),
- iv2, sizeof(iv2), resultT, sizeof(resultT), a, sizeof(a));
- #if defined(WOLFSSL_ASYNC_CRYPT)
- result = wc_AsyncWait(result, &enc->asyncDev, WC_ASYNC_FLAG_NONE);
- #endif
- if (result != 0)
- ERROR_OUT(-6323, out);
- if (XMEMCMP(p, resultP, sizeof(p)))
- ERROR_OUT(-6324, out);
- #endif /* HAVE_AES_DECRYPT */
- XMEMSET(resultT, 0, sizeof(resultT));
- XMEMSET(resultC, 0, sizeof(resultC));
- XMEMSET(resultP, 0, sizeof(resultP));
- #endif /* WOLFSSL_AES_192 */
- #ifdef WOLFSSL_AES_128
- wc_AesGcmSetKey(enc, k3, sizeof(k3));
- /* AES-GCM encrypt and decrypt both use AES encrypt internally */
- result = wc_AesGcmEncrypt(enc, resultC, p3, sizeof(p3), iv3, sizeof(iv3),
- resultT, sizeof(t3), a3, sizeof(a3));
- #if defined(WOLFSSL_ASYNC_CRYPT)
- result = wc_AsyncWait(result, &enc->asyncDev, WC_ASYNC_FLAG_NONE);
- #endif
- if (result != 0)
- ERROR_OUT(-6325, out);
- if (XMEMCMP(c3, resultC, sizeof(c3)))
- ERROR_OUT(-6326, out);
- if (XMEMCMP(t3, resultT, sizeof(t3)))
- ERROR_OUT(-6327, out);
- #ifdef HAVE_AES_DECRYPT
- result = wc_AesGcmDecrypt(enc, resultP, resultC, sizeof(c3),
- iv3, sizeof(iv3), resultT, sizeof(t3), a3, sizeof(a3));
- #if defined(WOLFSSL_ASYNC_CRYPT)
- result = wc_AsyncWait(result, &enc->asyncDev, WC_ASYNC_FLAG_NONE);
- #endif
- if (result != 0)
- ERROR_OUT(-6328, out);
- if (XMEMCMP(p3, resultP, sizeof(p3)))
- ERROR_OUT(-6329, out);
- #endif /* HAVE_AES_DECRYPT */
- #endif /* WOLFSSL_AES_128 */
- #endif /* ENABLE_NON_12BYTE_IV_TEST */
- #if defined(WOLFSSL_AES_256) && !defined(WOLFSSL_AFALG_XILINX_AES) && \
- !defined(WOLFSSL_XILINX_CRYPT) && \
- !(defined(WOLF_CRYPTO_CB) && \
- defined(HAVE_INTEL_QA_SYNC) || defined(HAVE_CAVIUM_OCTEON_SYNC))
- XMEMSET(resultT, 0, sizeof(resultT));
- XMEMSET(resultC, 0, sizeof(resultC));
- XMEMSET(resultP, 0, sizeof(resultP));
- wc_AesGcmSetKey(enc, k1, sizeof(k1));
- /* AES-GCM encrypt and decrypt both use AES encrypt internally */
- result = wc_AesGcmEncrypt(enc, resultC, p, sizeof(p), iv1, sizeof(iv1),
- resultT + 1, sizeof(resultT) - 1, a, sizeof(a));
- #if defined(WOLFSSL_ASYNC_CRYPT)
- result = wc_AsyncWait(result, &enc->asyncDev, WC_ASYNC_FLAG_NONE);
- #endif
- if (result != 0)
- ERROR_OUT(-6330, out);
- if (XMEMCMP(c1, resultC, sizeof(c1)))
- ERROR_OUT(-6331, out);
- if (XMEMCMP(t1, resultT + 1, sizeof(resultT) - 1))
- ERROR_OUT(-6332, out);
- #ifdef HAVE_AES_DECRYPT
- result = wc_AesGcmDecrypt(enc, resultP, resultC, sizeof(p),
- iv1, sizeof(iv1), resultT + 1, sizeof(resultT) - 1, a, sizeof(a));
- #if defined(WOLFSSL_ASYNC_CRYPT)
- result = wc_AsyncWait(result, &enc->asyncDev, WC_ASYNC_FLAG_NONE);
- #endif
- if (result != 0)
- ERROR_OUT(-6333, out);
- if (XMEMCMP(p, resultP, sizeof(p)))
- ERROR_OUT(-6334, out);
- #endif /* HAVE_AES_DECRYPT */
- #endif /* WOLFSSL_AES_256 */
- #if !defined(HAVE_FIPS) || \
- (defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION >= 2))
- /* Test encrypt with internally generated IV */
- #if defined(WOLFSSL_AES_256) && !(defined(WC_NO_RNG) || defined(HAVE_SELFTEST)) \
- && !(defined(WOLF_CRYPTO_CB) && defined(HAVE_CAVIUM_OCTEON_SYNC))
- {
- WC_RNG rng;
- byte randIV[12];
- result = wc_InitRng_ex(&rng, HEAP_HINT, devId);
- if (result != 0)
- ERROR_OUT(-6335, out);
- XMEMSET(randIV, 0, sizeof(randIV));
- XMEMSET(resultT, 0, sizeof(resultT));
- XMEMSET(resultC, 0, sizeof(resultC));
- XMEMSET(resultP, 0, sizeof(resultP));
- wc_AesGcmSetKey(enc, k1, sizeof(k1));
- result = wc_AesGcmSetIV(enc, sizeof(randIV), NULL, 0, &rng);
- if (result != 0)
- ERROR_OUT(-6336, out);
- result = wc_AesGcmEncrypt_ex(enc,
- resultC, p, sizeof(p),
- randIV, sizeof(randIV),
- resultT, sizeof(resultT),
- a, sizeof(a));
- #if defined(WOLFSSL_ASYNC_CRYPT)
- result = wc_AsyncWait(result, &enc->asyncDev, WC_ASYNC_FLAG_NONE);
- #endif
- if (result != 0)
- ERROR_OUT(-6337, out);
- /* Check the IV has been set. */
- {
- word32 i, ivSum = 0;
- for (i = 0; i < sizeof(randIV); i++)
- ivSum += randIV[i];
- if (ivSum == 0)
- ERROR_OUT(-6338, out);
- }
- #ifdef HAVE_AES_DECRYPT
- wc_AesGcmSetKey(dec, k1, sizeof(k1));
- result = wc_AesGcmSetIV(dec, sizeof(randIV), NULL, 0, &rng);
- if (result != 0)
- ERROR_OUT(-6339, out);
- result = wc_AesGcmDecrypt(dec,
- resultP, resultC, sizeof(c1),
- randIV, sizeof(randIV),
- resultT, sizeof(resultT),
- a, sizeof(a));
- #if defined(WOLFSSL_ASYNC_CRYPT)
- result = wc_AsyncWait(result, &dec->asyncDev, WC_ASYNC_FLAG_NONE);
- #endif
- if (result != 0)
- ERROR_OUT(-6340, out);
- if (XMEMCMP(p, resultP, sizeof(p)))
- ERROR_OUT(-6341, out);
- #endif /* HAVE_AES_DECRYPT */
- wc_FreeRng(&rng);
- }
- #endif /* WOLFSSL_AES_256 && !(WC_NO_RNG || HAVE_SELFTEST) */
- #endif /* HAVE_FIPS_VERSION >= 2 */
- #if !defined(WOLFSSL_AFALG_XILINX_AES) && !defined(WOLFSSL_XILINX_CRYPT)
- #ifdef WOLFSSL_AES_256
- #ifdef WOLFSSL_AESGCM_STREAM
- result = wc_AesGcmEncryptInit(enc, k1, sizeof(k1), iv1, sizeof(iv1));
- if (result != 0)
- ERROR_OUT(-6360, out);
- result = wc_AesGcmEncryptUpdate(enc, resultC, p, sizeof(p), a, sizeof(a));
- if (result != 0)
- ERROR_OUT(-6361, out);
- result = wc_AesGcmEncryptFinal(enc, resultT, sizeof(resultT));
- if (result != 0)
- ERROR_OUT(-6362, out);
- if (XMEMCMP(resultC, c1, sizeof(c1)) != 0)
- ERROR_OUT(-6363, out);
- if (XMEMCMP(resultT, t1, sizeof(t1)) != 0)
- ERROR_OUT(-6364, out);
- #ifdef HAVE_AES_DECRYPT
- result = wc_AesGcmDecryptInit(enc, k1, sizeof(k1), iv1, sizeof(iv1));
- if (result != 0)
- ERROR_OUT(-6370, out);
- result = wc_AesGcmDecryptUpdate(enc, resultP, c1, sizeof(c1), a, sizeof(a));
- if (result != 0)
- ERROR_OUT(-6371, out);
- result = wc_AesGcmDecryptFinal(enc, t1, sizeof(t1));
- if (result != 0)
- ERROR_OUT(-6372, out);
- if (XMEMCMP(resultP, p, sizeof(p)) != 0)
- ERROR_OUT(-6373, out);
- #endif
- /* alen is the size to pass in with each update. */
- for (alen = 1; alen < AES_BLOCK_SIZE + 1; alen++) {
- result = wc_AesGcmEncryptInit(enc, k1, sizeof(k1), iv1, sizeof(iv1));
- if (result != 0)
- ERROR_OUT(-6380, out);
- /* plen is the offset into AAD to update with. */
- for (plen = 0; plen < (int)sizeof(a); plen += alen) {
- int len = sizeof(a) - plen;
- if (len > alen) len = alen;
- result = wc_AesGcmEncryptUpdate(enc, NULL, NULL, 0, a + plen, len);
- if (result != 0)
- ERROR_OUT(-6381, out);
- }
- /* plen is the offset into plaintext to update with. */
- for (plen = 0; plen < (int)sizeof(p); plen += alen) {
- int len = sizeof(p) - plen;
- if (len > alen) len = alen;
- result = wc_AesGcmEncryptUpdate(enc, resultC + plen, p + plen, len,
- NULL, 0);
- if (result != 0)
- ERROR_OUT(-6382, out);
- }
- result = wc_AesGcmEncryptFinal(enc, resultT, sizeof(resultT));
- if (result != 0)
- ERROR_OUT(-6383, out);
- if (XMEMCMP(resultC, c1, sizeof(c1)) != 0)
- ERROR_OUT(-6384, out);
- if (XMEMCMP(resultT, t1, sizeof(t1)) != 0)
- ERROR_OUT(-6385, out);
- }
- #ifdef HAVE_AES_DECRYPT
- for (alen = 1; alen < AES_BLOCK_SIZE + 1; alen++) {
- result = wc_AesGcmDecryptInit(enc, k1, sizeof(k1), iv1, sizeof(iv1));
- if (result != 0)
- ERROR_OUT(-6390, out);
- /* plen is the offset into AAD to update with. */
- for (plen = 0; plen < (int)sizeof(a); plen += alen) {
- int len = sizeof(a) - plen;
- if (len > alen) len = alen;
- result = wc_AesGcmDecryptUpdate(enc, NULL, NULL, 0, a + plen, len);
- if (result != 0)
- ERROR_OUT(-6391, out);
- }
- /* plen is the offset into cipher text to update with. */
- for (plen = 0; plen < (int)sizeof(c1); plen += alen) {
- int len = sizeof(c1) - plen;
- if (len > alen) len = alen;
- result = wc_AesGcmDecryptUpdate(enc, resultP + plen, c1 + plen, len,
- NULL, 0);
- if (result != 0)
- ERROR_OUT(-6392, out);
- }
- result = wc_AesGcmDecryptFinal(enc, t1, sizeof(t1));
- if (result != 0)
- ERROR_OUT(-6393, out);
- if (XMEMCMP(resultP, p, sizeof(p)) != 0)
- ERROR_OUT(-6394, out);
- }
- #endif /* HAVE_AES_DECRYPT */
- #endif /* WOLFSSL_AESGCM_STREAM */
- #endif /* WOLFSSL_AES_256 */
- #endif /* !WOLFSSL_AFALG_XILINX_AES && !WOLFSSL_XILINX_CRYPT */
- wc_AesFree(enc);
- wc_AesFree(dec);
- ret = 0;
- out:
- #if !defined(BENCH_EMBEDDED) && !defined(HAVE_CAVIUM)
- if (large_input)
- XFREE(large_input, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- if (large_output)
- XFREE(large_output, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- if (large_outdec)
- XFREE(large_outdec, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- #endif
- #ifdef WOLFSSL_SMALL_STACK
- if (enc)
- XFREE(enc, HEAP_HINT, DYNAMIC_TYPE_AES);
- if (dec)
- XFREE(dec, HEAP_HINT, DYNAMIC_TYPE_AES);
- #endif
- return ret;
- }
- #ifdef WOLFSSL_AES_128
- WOLFSSL_TEST_SUBROUTINE int gmac_test(void)
- {
- int ret;
- #ifdef WOLFSSL_SMALL_STACK
- Gmac *gmac;
- #else
- Gmac gmac[1];
- #endif
- WOLFSSL_SMALL_STACK_STATIC const byte k1[] =
- {
- 0x89, 0xc9, 0x49, 0xe9, 0xc8, 0x04, 0xaf, 0x01,
- 0x4d, 0x56, 0x04, 0xb3, 0x94, 0x59, 0xf2, 0xc8
- };
- WOLFSSL_SMALL_STACK_STATIC const byte iv1[] =
- {
- 0xd1, 0xb1, 0x04, 0xc8, 0x15, 0xbf, 0x1e, 0x94,
- 0xe2, 0x8c, 0x8f, 0x16
- };
- WOLFSSL_SMALL_STACK_STATIC const byte a1[] =
- {
- 0x82, 0xad, 0xcd, 0x63, 0x8d, 0x3f, 0xa9, 0xd9,
- 0xf3, 0xe8, 0x41, 0x00, 0xd6, 0x1e, 0x07, 0x77
- };
- WOLFSSL_SMALL_STACK_STATIC const byte t1[] =
- {
- 0x88, 0xdb, 0x9d, 0x62, 0x17, 0x2e, 0xd0, 0x43,
- 0xaa, 0x10, 0xf1, 0x6d, 0x22, 0x7d, 0xc4, 0x1b
- };
- #if (!defined(HAVE_FIPS) || \
- (defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION >= 2)))
- /* FIPS builds only allow 16-byte auth tags. */
- /* This sample uses a 15-byte auth tag. */
- WOLFSSL_SMALL_STACK_STATIC const byte k2[] =
- {
- 0x40, 0xf7, 0xec, 0xb2, 0x52, 0x6d, 0xaa, 0xd4,
- 0x74, 0x25, 0x1d, 0xf4, 0x88, 0x9e, 0xf6, 0x5b
- };
- WOLFSSL_SMALL_STACK_STATIC const byte iv2[] =
- {
- 0xee, 0x9c, 0x6e, 0x06, 0x15, 0x45, 0x45, 0x03,
- 0x1a, 0x60, 0x24, 0xa7
- };
- WOLFSSL_SMALL_STACK_STATIC const byte a2[] =
- {
- 0x94, 0x81, 0x2c, 0x87, 0x07, 0x4e, 0x15, 0x18,
- 0x34, 0xb8, 0x35, 0xaf, 0x1c, 0xa5, 0x7e, 0x56
- };
- WOLFSSL_SMALL_STACK_STATIC const byte t2[] =
- {
- 0xc6, 0x81, 0x79, 0x8e, 0x3d, 0xda, 0xb0, 0x9f,
- 0x8d, 0x83, 0xb0, 0xbb, 0x14, 0xb6, 0x91
- };
- #endif
- byte tag[16];
- #ifdef WOLFSSL_SMALL_STACK
- if ((gmac = (Gmac *)XMALLOC(sizeof *gmac, HEAP_HINT, DYNAMIC_TYPE_AES)) == NULL)
- return -6409;
- #endif
- XMEMSET(gmac, 0, sizeof *gmac); /* clear context */
- (void)wc_AesInit((Aes*)gmac, HEAP_HINT, INVALID_DEVID); /* Make sure devId updated */
- XMEMSET(tag, 0, sizeof(tag));
- wc_GmacSetKey(gmac, k1, sizeof(k1));
- wc_GmacUpdate(gmac, iv1, sizeof(iv1), a1, sizeof(a1), tag, sizeof(t1));
- if (XMEMCMP(t1, tag, sizeof(t1)) != 0)
- ERROR_OUT(-6400, out);
- #if (!defined(HAVE_FIPS) || \
- (defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION >= 2)) )
- XMEMSET(tag, 0, sizeof(tag));
- wc_GmacSetKey(gmac, k2, sizeof(k2));
- wc_GmacUpdate(gmac, iv2, sizeof(iv2), a2, sizeof(a2), tag, sizeof(t2));
- if (XMEMCMP(t2, tag, sizeof(t2)) != 0)
- ERROR_OUT(-6401, out);
- #if !defined(WC_NO_RNG) && !defined(HAVE_SELFTEST) && !defined(NO_AES_DECRYPT)
- {
- WOLFSSL_SMALL_STACK_STATIC const byte badT[] =
- {
- 0xde, 0xad, 0xbe, 0xef, 0x17, 0x2e, 0xd0, 0x43,
- 0xaa, 0x10, 0xf1, 0x6d, 0x22, 0x7d, 0xc4, 0x1b
- };
- WC_RNG rng;
- byte iv[12];
- #ifndef HAVE_FIPS
- if (wc_InitRng_ex(&rng, HEAP_HINT, devId) != 0)
- ERROR_OUT(-6402, out);
- #else
- if (wc_InitRng(&rng) != 0)
- ERROR_OUT(-6403, out);
- #endif
- if (wc_GmacVerify(k1, sizeof(k1), iv1, sizeof(iv1), a1, sizeof(a1),
- t1, sizeof(t1)) != 0)
- ERROR_OUT(-6404, out);
- if (wc_GmacVerify(k1, sizeof(k1), iv1, sizeof(iv1), a1, sizeof(a1),
- badT, sizeof(badT)) != AES_GCM_AUTH_E)
- ERROR_OUT(-6405, out);
- if (wc_GmacVerify(k2, sizeof(k2), iv2, sizeof(iv2), a2, sizeof(a2),
- t2, sizeof(t2)) != 0)
- ERROR_OUT(-6406, out);
- XMEMSET(tag, 0, sizeof(tag));
- XMEMSET(iv, 0, sizeof(iv));
- if (wc_Gmac(k1, sizeof(k1), iv, sizeof(iv), a1, sizeof(a1),
- tag, sizeof(tag), &rng) != 0)
- ERROR_OUT(-6407, out);
- if (wc_GmacVerify(k1, sizeof(k1), iv, sizeof(iv), a1, sizeof(a1),
- tag, sizeof(tag)) != 0)
- ERROR_OUT(-6408, out);
- wc_FreeRng(&rng);
- }
- #endif /* !WC_NO_RNG && !HAVE_SELFTEST && !NO_AES_DECRYPT */
- #endif /* HAVE_FIPS */
- ret = 0;
- out:
- #ifdef WOLFSSL_SMALL_STACK
- XFREE(gmac, HEAP_HINT, DYNAMIC_TYPE_AES);
- #endif
- return ret;
- }
- #endif /* WOLFSSL_AES_128 */
- #endif /* HAVE_AESGCM */
- #if defined(HAVE_AESCCM) && defined(WOLFSSL_AES_128)
- WOLFSSL_TEST_SUBROUTINE int aesccm_test(void)
- {
- int ret;
- #ifdef WOLFSSL_SMALL_STACK
- Aes *enc;
- #else
- Aes enc[1];
- #endif
- /* key */
- WOLFSSL_SMALL_STACK_STATIC const byte k[] =
- {
- 0xc0, 0xc1, 0xc2, 0xc3, 0xc4, 0xc5, 0xc6, 0xc7,
- 0xc8, 0xc9, 0xca, 0xcb, 0xcc, 0xcd, 0xce, 0xcf
- };
- /* nonce */
- WOLFSSL_SMALL_STACK_STATIC const byte iv[] =
- {
- 0x00, 0x00, 0x00, 0x03, 0x02, 0x01, 0x00, 0xa0,
- 0xa1, 0xa2, 0xa3, 0xa4, 0xa5
- };
- /* plaintext */
- WOLFSSL_SMALL_STACK_STATIC const byte p[] =
- {
- 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f,
- 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17,
- 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e
- };
- /* plaintext - long */
- WOLFSSL_SMALL_STACK_STATIC const byte pl[] =
- {
- 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f,
- 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17,
- 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f,
- 0x20, 0x21, 0x22, 0x23, 0x24, 0x25, 0x26, 0x27,
- 0x28, 0x29, 0x2a, 0x2b, 0x2c, 0x2d, 0x2e, 0x2f,
- 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37,
- 0x38, 0x39, 0x3a, 0x3b, 0x3c, 0x3d, 0x3e, 0x3f,
- 0x40, 0x41, 0x42, 0x43, 0x44, 0x45, 0x46, 0x47,
- 0x48, 0x49, 0x4a, 0x4b, 0x4c, 0x4d, 0x4e, 0x4f,
- 0x50
- };
- WOLFSSL_SMALL_STACK_STATIC const byte a[] =
- {
- 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07
- };
- /* ciphertext */
- WOLFSSL_SMALL_STACK_STATIC const byte c[] =
- {
- 0x58, 0x8c, 0x97, 0x9a, 0x61, 0xc6, 0x63, 0xd2,
- 0xf0, 0x66, 0xd0, 0xc2, 0xc0, 0xf9, 0x89, 0x80,
- 0x6d, 0x5f, 0x6b, 0x61, 0xda, 0xc3, 0x84
- };
- /* tag - authentication */
- WOLFSSL_SMALL_STACK_STATIC const byte t[] =
- {
- 0x17, 0xe8, 0xd1, 0x2c, 0xfd, 0xf9, 0x26, 0xe0
- };
- /* ciphertext - long */
- WOLFSSL_SMALL_STACK_STATIC const byte cl[] =
- {
- 0x58, 0x8c, 0x97, 0x9a, 0x61, 0xc6, 0x63, 0xd2,
- 0xf0, 0x66, 0xd0, 0xc2, 0xc0, 0xf9, 0x89, 0x80,
- 0x6d, 0x5f, 0x6b, 0x61, 0xda, 0xc3, 0x84, 0xe0,
- 0x44, 0x2d, 0xbe, 0x25, 0xfa, 0x48, 0x2b, 0xa8,
- 0x36, 0x0b, 0xbf, 0x01, 0xc0, 0x12, 0x45, 0xa4,
- 0x82, 0x9f, 0x20, 0x6c, 0xc3, 0xd6, 0xae, 0x5b,
- 0x54, 0x8d, 0xd0, 0xb1, 0x69, 0x2c, 0xec, 0x5e,
- 0x95, 0xa5, 0x6b, 0x48, 0xc3, 0xc6, 0xc8, 0x9e,
- 0xc7, 0x92, 0x98, 0x9d, 0x26, 0x7d, 0x2a, 0x10,
- 0x0b
- };
- /* tag - authentication - long */
- WOLFSSL_SMALL_STACK_STATIC const byte tl[] =
- {
- 0x89, 0xd8, 0xd2, 0x02, 0xc5, 0xcf, 0xae, 0xf4
- };
- /* tag - authentication - empty plaintext */
- WOLFSSL_SMALL_STACK_STATIC const byte t_empty[] =
- {
- 0xe4, 0x28, 0x8a, 0xc3, 0x78, 0x00, 0x0f, 0xf5
- };
- byte t2[sizeof(t)];
- byte p2[sizeof(p)];
- byte c2[sizeof(c)];
- byte iv2[sizeof(iv)];
- byte pl2[sizeof(pl)];
- byte cl2[sizeof(cl)];
- byte tl2[sizeof(tl)];
- byte t_empty2[sizeof(t_empty)];
- int result;
- #ifdef WOLFSSL_SMALL_STACK
- if ((enc = (Aes *)XMALLOC(sizeof *enc, HEAP_HINT, DYNAMIC_TYPE_AES)) == NULL)
- return -6521;
- #endif
- XMEMSET(enc, 0, sizeof *enc); /* clear context */
- XMEMSET(t2, 0, sizeof(t2));
- XMEMSET(c2, 0, sizeof(c2));
- XMEMSET(p2, 0, sizeof(p2));
- result = wc_AesCcmSetKey(enc, k, sizeof(k));
- if (result != 0)
- ERROR_OUT(-6500, out);
- /* AES-CCM encrypt and decrypt both use AES encrypt internally */
- result = wc_AesCcmEncrypt(enc, c2, p, sizeof(c2), iv, sizeof(iv),
- t2, sizeof(t2), a, sizeof(a));
- if (result != 0)
- ERROR_OUT(-6501, out);
- if (XMEMCMP(c, c2, sizeof(c2)))
- ERROR_OUT(-6502, out);
- if (XMEMCMP(t, t2, sizeof(t2)))
- ERROR_OUT(-6503, out);
- result = wc_AesCcmDecrypt(enc, p2, c2, sizeof(p2), iv, sizeof(iv),
- t2, sizeof(t2), a, sizeof(a));
- if (result != 0)
- ERROR_OUT(-6504, out);
- if (XMEMCMP(p, p2, sizeof(p2)))
- ERROR_OUT(-6505, out);
- /* Test the authentication failure */
- t2[0]++; /* Corrupt the authentication tag. */
- result = wc_AesCcmDecrypt(enc, p2, c, sizeof(p2), iv, sizeof(iv),
- t2, sizeof(t2), a, sizeof(a));
- if (result == 0)
- ERROR_OUT(-6506, out);
- /* Clear c2 to compare against p2. p2 should be set to zero in case of
- * authentication fail. */
- XMEMSET(c2, 0, sizeof(c2));
- if (XMEMCMP(p2, c2, sizeof(p2)))
- ERROR_OUT(-6507, out);
- XMEMSET(enc, 0, sizeof(Aes)); /* clear context */
- XMEMSET(t2, 0, sizeof(t2));
- XMEMSET(c2, 0, sizeof(c2));
- XMEMSET(p2, 0, sizeof(p2));
- XMEMSET(iv2, 0, sizeof(iv2));
- #ifndef HAVE_SELFTEST
- /* selftest build does not have wc_AesCcmSetNonce() or
- * wc_AesCcmEncrypt_ex() */
- if (wc_AesCcmSetKey(enc, k, sizeof(k)) != 0)
- ERROR_OUT(-6508, out);
- if (wc_AesCcmSetNonce(enc, iv, sizeof(iv)) != 0)
- ERROR_OUT(-6509, out);
- if (wc_AesCcmEncrypt_ex(enc, c2, p, sizeof(c2), iv2, sizeof(iv2),
- t2, sizeof(t2), a, sizeof(a)) != 0)
- ERROR_OUT(-6510, out);
- if (XMEMCMP(iv, iv2, sizeof(iv2)))
- ERROR_OUT(-6511, out);
- if (XMEMCMP(c, c2, sizeof(c2)))
- ERROR_OUT(-6512, out);
- if (XMEMCMP(t, t2, sizeof(t2)))
- ERROR_OUT(-6513, out);
- #endif
- #if !defined(HAVE_FIPS) && !defined(HAVE_SELFTEST)
- /* test fail on invalid IV sizes */
- result = wc_AesCcmSetKey(enc, k, sizeof(k));
- if (result != 0)
- ERROR_OUT(-6514, out);
- /* AES-CCM encrypt and decrypt both use AES encrypt internally */
- result = wc_AesCcmEncrypt(enc, c2, p, sizeof(c2), iv, sizeof(iv),
- t2, 1, a, sizeof(a));
- if (result == 0) {
- ERROR_OUT(-6515, out);
- }
- #endif
- /* AES-CCM encrypt and decrypt both use AES encrypt internally */
- result = wc_AesCcmEncrypt(enc, cl2, pl, sizeof(cl2), iv, sizeof(iv),
- tl2, sizeof(tl2), a, sizeof(a));
- if (result != 0)
- ERROR_OUT(-6516, out);
- if (XMEMCMP(cl, cl2, sizeof(cl2)))
- ERROR_OUT(-6517, out);
- if (XMEMCMP(tl, tl2, sizeof(tl2)))
- ERROR_OUT(-6518, out);
- result = wc_AesCcmDecrypt(enc, pl2, cl2, sizeof(pl2), iv, sizeof(iv),
- tl2, sizeof(tl2), a, sizeof(a));
- if (result != 0)
- ERROR_OUT(-6519, out);
- if (XMEMCMP(pl, pl2, sizeof(pl2)))
- ERROR_OUT(-6520, out);
- /* test empty message as null input or output with nonzero inSz. */
- result = wc_AesCcmEncrypt(enc, pl2 /* out */, NULL /* in */, 1 /* inSz */,
- iv, sizeof(iv), t_empty2, sizeof(t_empty2),
- a, sizeof(a));
- if (result != BAD_FUNC_ARG)
- ERROR_OUT(-6527, out);
- result = wc_AesCcmEncrypt(enc, NULL /* out */, (const byte *)"" /* in */, 1 /* inSz */,
- iv, sizeof(iv), t_empty2, sizeof(t_empty2),
- a, sizeof(a));
- if (result != BAD_FUNC_ARG)
- ERROR_OUT(-6528, out);
- result = wc_AesCcmDecrypt(enc, pl2, NULL /* in */, 1 /* inSz */,
- iv, sizeof(iv), t_empty2, sizeof(t_empty2), a,
- sizeof(a));
- if (result != BAD_FUNC_ARG)
- ERROR_OUT(-6529, out);
- result = wc_AesCcmDecrypt(enc, NULL /* out */, (const byte *)"" /* in */, 1 /* inSz */,
- iv, sizeof(iv), t_empty2, sizeof(t_empty2), a,
- sizeof(a));
- if (result != BAD_FUNC_ARG)
- ERROR_OUT(-6530, out);
- /* test empty message as null input and output with zero inSz --
- * must either succeed, or fail early with BAD_FUNC_ARG.
- */
- result = wc_AesCcmEncrypt(enc, NULL /* out */, NULL /* in */, 0 /* inSz */,
- iv, sizeof(iv), t_empty2, sizeof(t_empty2),
- a, sizeof(a));
- if (result != BAD_FUNC_ARG) {
- if (result != 0)
- ERROR_OUT(-6521, out);
- if (XMEMCMP(t_empty, t_empty2, sizeof(t_empty2)))
- ERROR_OUT(-6522, out);
- result = wc_AesCcmDecrypt(enc, NULL /* out */, NULL /* in */,
- 0 /* inSz */, iv, sizeof(iv), t_empty2,
- sizeof(t_empty2), a, sizeof(a));
- if (result != 0)
- ERROR_OUT(-6523, out);
- }
- /* test empty message as zero-length string -- must work. */
- result = wc_AesCcmEncrypt(enc, pl2, (const byte *)"", 0 /* inSz */, iv,
- sizeof(iv), t_empty2, sizeof(t_empty2), a,
- sizeof(a));
- if (result != 0)
- ERROR_OUT(-6524, out);
- if (XMEMCMP(t_empty, t_empty2, sizeof(t_empty2)))
- ERROR_OUT(-6525, out);
- result = wc_AesCcmDecrypt(enc, pl2, (const byte *)"", 0 /* inSz */,
- iv, sizeof(iv), t_empty2, sizeof(t_empty2), a,
- sizeof(a));
- if (result != 0)
- ERROR_OUT(-6526, out);
- ret = 0;
- out:
- #ifdef WOLFSSL_SMALL_STACK
- XFREE(enc, HEAP_HINT, DYNAMIC_TYPE_AES);
- #endif
- return ret;
- }
- #endif /* HAVE_AESCCM WOLFSSL_AES_128 */
- #ifdef HAVE_AES_KEYWRAP
- #define MAX_KEYWRAP_TEST_OUTLEN 40
- #define MAX_KEYWRAP_TEST_PLAINLEN 32
- typedef struct keywrapVector {
- const byte* kek;
- const byte* data;
- const byte* verify;
- word32 kekLen;
- word32 dataLen;
- word32 verifyLen;
- } keywrapVector;
- WOLFSSL_TEST_SUBROUTINE int aeskeywrap_test(void)
- {
- int wrapSz, plainSz, testSz, i;
- /* test vectors from RFC 3394 (kek, data, verify) */
- #ifdef WOLFSSL_AES_128
- /* Wrap 128 bits of Key Data with a 128-bit KEK */
- WOLFSSL_SMALL_STACK_STATIC const byte k1[] = {
- 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
- 0x08, 0x09, 0x0A, 0x0B, 0x0C, 0x0D, 0x0E, 0x0F
- };
- WOLFSSL_SMALL_STACK_STATIC const byte d1[] = {
- 0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77,
- 0x88, 0x99, 0xAA, 0xBB, 0xCC, 0xDD, 0xEE, 0xFF
- };
- WOLFSSL_SMALL_STACK_STATIC const byte v1[] = {
- 0x1F, 0xA6, 0x8B, 0x0A, 0x81, 0x12, 0xB4, 0x47,
- 0xAE, 0xF3, 0x4B, 0xD8, 0xFB, 0x5A, 0x7B, 0x82,
- 0x9D, 0x3E, 0x86, 0x23, 0x71, 0xD2, 0xCF, 0xE5
- };
- #endif /* WOLFSSL_AES_128 */
- #ifdef WOLFSSL_AES_192
- /* Wrap 128 bits of Key Data with a 192-bit KEK */
- WOLFSSL_SMALL_STACK_STATIC const byte k2[] = {
- 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
- 0x08, 0x09, 0x0A, 0x0B, 0x0C, 0x0D, 0x0E, 0x0F,
- 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17
- };
- WOLFSSL_SMALL_STACK_STATIC const byte d2[] = {
- 0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77,
- 0x88, 0x99, 0xAA, 0xBB, 0xCC, 0xDD, 0xEE, 0xFF
- };
- WOLFSSL_SMALL_STACK_STATIC const byte v2[] = {
- 0x96, 0x77, 0x8B, 0x25, 0xAE, 0x6C, 0xA4, 0x35,
- 0xF9, 0x2B, 0x5B, 0x97, 0xC0, 0x50, 0xAE, 0xD2,
- 0x46, 0x8A, 0xB8, 0xA1, 0x7A, 0xD8, 0x4E, 0x5D
- };
- #endif
- #ifdef WOLFSSL_AES_256
- /* Wrap 128 bits of Key Data with a 256-bit KEK */
- WOLFSSL_SMALL_STACK_STATIC const byte k3[] = {
- 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
- 0x08, 0x09, 0x0A, 0x0B, 0x0C, 0x0D, 0x0E, 0x0F,
- 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17,
- 0x18, 0x19, 0x1A, 0x1B, 0x1C, 0x1D, 0x1E, 0x1F
- };
- WOLFSSL_SMALL_STACK_STATIC const byte d3[] = {
- 0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77,
- 0x88, 0x99, 0xAA, 0xBB, 0xCC, 0xDD, 0xEE, 0xFF
- };
- WOLFSSL_SMALL_STACK_STATIC const byte v3[] = {
- 0x64, 0xE8, 0xC3, 0xF9, 0xCE, 0x0F, 0x5B, 0xA2,
- 0x63, 0xE9, 0x77, 0x79, 0x05, 0x81, 0x8A, 0x2A,
- 0x93, 0xC8, 0x19, 0x1E, 0x7D, 0x6E, 0x8A, 0xE7
- };
- #endif
- #ifdef WOLFSSL_AES_192
- /* Wrap 192 bits of Key Data with a 192-bit KEK */
- WOLFSSL_SMALL_STACK_STATIC const byte k4[] = {
- 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
- 0x08, 0x09, 0x0A, 0x0B, 0x0C, 0x0D, 0x0E, 0x0F,
- 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17
- };
- WOLFSSL_SMALL_STACK_STATIC const byte d4[] = {
- 0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77,
- 0x88, 0x99, 0xAA, 0xBB, 0xCC, 0xDD, 0xEE, 0xFF,
- 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07
- };
- WOLFSSL_SMALL_STACK_STATIC const byte v4[] = {
- 0x03, 0x1D, 0x33, 0x26, 0x4E, 0x15, 0xD3, 0x32,
- 0x68, 0xF2, 0x4E, 0xC2, 0x60, 0x74, 0x3E, 0xDC,
- 0xE1, 0xC6, 0xC7, 0xDD, 0xEE, 0x72, 0x5A, 0x93,
- 0x6B, 0xA8, 0x14, 0x91, 0x5C, 0x67, 0x62, 0xD2
- };
- #endif
- #ifdef WOLFSSL_AES_256
- /* Wrap 192 bits of Key Data with a 256-bit KEK */
- WOLFSSL_SMALL_STACK_STATIC const byte k5[] = {
- 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
- 0x08, 0x09, 0x0A, 0x0B, 0x0C, 0x0D, 0x0E, 0x0F,
- 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17,
- 0x18, 0x19, 0x1A, 0x1B, 0x1C, 0x1D, 0x1E, 0x1F
- };
- WOLFSSL_SMALL_STACK_STATIC const byte d5[] = {
- 0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77,
- 0x88, 0x99, 0xAA, 0xBB, 0xCC, 0xDD, 0xEE, 0xFF,
- 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07
- };
- WOLFSSL_SMALL_STACK_STATIC const byte v5[] = {
- 0xA8, 0xF9, 0xBC, 0x16, 0x12, 0xC6, 0x8B, 0x3F,
- 0xF6, 0xE6, 0xF4, 0xFB, 0xE3, 0x0E, 0x71, 0xE4,
- 0x76, 0x9C, 0x8B, 0x80, 0xA3, 0x2C, 0xB8, 0x95,
- 0x8C, 0xD5, 0xD1, 0x7D, 0x6B, 0x25, 0x4D, 0xA1
- };
- /* Wrap 256 bits of Key Data with a 256-bit KEK */
- WOLFSSL_SMALL_STACK_STATIC const byte k6[] = {
- 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
- 0x08, 0x09, 0x0A, 0x0B, 0x0C, 0x0D, 0x0E, 0x0F,
- 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17,
- 0x18, 0x19, 0x1A, 0x1B, 0x1C, 0x1D, 0x1E, 0x1F
- };
- WOLFSSL_SMALL_STACK_STATIC const byte d6[] = {
- 0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77,
- 0x88, 0x99, 0xAA, 0xBB, 0xCC, 0xDD, 0xEE, 0xFF,
- 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
- 0x08, 0x09, 0x0A, 0x0B, 0x0C, 0x0D, 0x0E, 0x0F
- };
- WOLFSSL_SMALL_STACK_STATIC const byte v6[] = {
- 0x28, 0xC9, 0xF4, 0x04, 0xC4, 0xB8, 0x10, 0xF4,
- 0xCB, 0xCC, 0xB3, 0x5C, 0xFB, 0x87, 0xF8, 0x26,
- 0x3F, 0x57, 0x86, 0xE2, 0xD8, 0x0E, 0xD3, 0x26,
- 0xCB, 0xC7, 0xF0, 0xE7, 0x1A, 0x99, 0xF4, 0x3B,
- 0xFB, 0x98, 0x8B, 0x9B, 0x7A, 0x02, 0xDD, 0x21
- };
- #endif /* WOLFSSL_AES_256 */
- byte output[MAX_KEYWRAP_TEST_OUTLEN];
- byte plain [MAX_KEYWRAP_TEST_PLAINLEN];
- const keywrapVector test_wrap[] =
- {
- #ifdef WOLFSSL_AES_128
- {k1, d1, v1, sizeof(k1), sizeof(d1), sizeof(v1)},
- #endif
- #ifdef WOLFSSL_AES_192
- {k2, d2, v2, sizeof(k2), sizeof(d2), sizeof(v2)},
- #endif
- #ifdef WOLFSSL_AES_256
- {k3, d3, v3, sizeof(k3), sizeof(d3), sizeof(v3)},
- #endif
- #ifdef WOLFSSL_AES_192
- {k4, d4, v4, sizeof(k4), sizeof(d4), sizeof(v4)},
- #endif
- #ifdef WOLFSSL_AES_256
- {k5, d5, v5, sizeof(k5), sizeof(d5), sizeof(v5)},
- {k6, d6, v6, sizeof(k6), sizeof(d6), sizeof(v6)}
- #endif
- };
- testSz = sizeof(test_wrap) / sizeof(keywrapVector);
- XMEMSET(output, 0, sizeof(output));
- XMEMSET(plain, 0, sizeof(plain));
- for (i = 0; i < testSz; i++) {
- wrapSz = wc_AesKeyWrap(test_wrap[i].kek, test_wrap[i].kekLen,
- test_wrap[i].data, test_wrap[i].dataLen,
- output, sizeof(output), NULL);
- if ( (wrapSz < 0) || (wrapSz != (int)test_wrap[i].verifyLen) )
- return -6600;
- if (XMEMCMP(output, test_wrap[i].verify, test_wrap[i].verifyLen) != 0)
- return -6601;
- plainSz = wc_AesKeyUnWrap((byte*)test_wrap[i].kek, test_wrap[i].kekLen,
- output, wrapSz,
- plain, sizeof(plain), NULL);
- if ( (plainSz < 0) || (plainSz != (int)test_wrap[i].dataLen) )
- return -6602;
- if (XMEMCMP(plain, test_wrap[i].data, test_wrap[i].dataLen) != 0)
- return -6603 - i;
- }
- return 0;
- }
- #endif /* HAVE_AES_KEYWRAP */
- #endif /* NO_AES */
- #ifdef HAVE_CAMELLIA
- enum {
- CAM_ECB_ENC, CAM_ECB_DEC, CAM_CBC_ENC, CAM_CBC_DEC
- };
- typedef struct {
- int type;
- const byte* plaintext;
- const byte* iv;
- const byte* ciphertext;
- const byte* key;
- word32 keySz;
- int errorCode;
- } test_vector_t;
- WOLFSSL_TEST_SUBROUTINE int camellia_test(void)
- {
- /* Camellia ECB Test Plaintext */
- WOLFSSL_SMALL_STACK_STATIC const byte pte[] =
- {
- 0x01, 0x23, 0x45, 0x67, 0x89, 0xab, 0xcd, 0xef,
- 0xfe, 0xdc, 0xba, 0x98, 0x76, 0x54, 0x32, 0x10
- };
- /* Camellia ECB Test Initialization Vector */
- WOLFSSL_SMALL_STACK_STATIC const byte ive[] = {0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0};
- /* Test 1: Camellia ECB 128-bit key */
- WOLFSSL_SMALL_STACK_STATIC const byte k1[] =
- {
- 0x01, 0x23, 0x45, 0x67, 0x89, 0xab, 0xcd, 0xef,
- 0xfe, 0xdc, 0xba, 0x98, 0x76, 0x54, 0x32, 0x10
- };
- WOLFSSL_SMALL_STACK_STATIC const byte c1[] =
- {
- 0x67, 0x67, 0x31, 0x38, 0x54, 0x96, 0x69, 0x73,
- 0x08, 0x57, 0x06, 0x56, 0x48, 0xea, 0xbe, 0x43
- };
- /* Test 2: Camellia ECB 192-bit key */
- WOLFSSL_SMALL_STACK_STATIC const byte k2[] =
- {
- 0x01, 0x23, 0x45, 0x67, 0x89, 0xab, 0xcd, 0xef,
- 0xfe, 0xdc, 0xba, 0x98, 0x76, 0x54, 0x32, 0x10,
- 0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77
- };
- WOLFSSL_SMALL_STACK_STATIC const byte c2[] =
- {
- 0xb4, 0x99, 0x34, 0x01, 0xb3, 0xe9, 0x96, 0xf8,
- 0x4e, 0xe5, 0xce, 0xe7, 0xd7, 0x9b, 0x09, 0xb9
- };
- /* Test 3: Camellia ECB 256-bit key */
- WOLFSSL_SMALL_STACK_STATIC const byte k3[] =
- {
- 0x01, 0x23, 0x45, 0x67, 0x89, 0xab, 0xcd, 0xef,
- 0xfe, 0xdc, 0xba, 0x98, 0x76, 0x54, 0x32, 0x10,
- 0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77,
- 0x88, 0x99, 0xaa, 0xbb, 0xcc, 0xdd, 0xee, 0xff
- };
- WOLFSSL_SMALL_STACK_STATIC const byte c3[] =
- {
- 0x9a, 0xcc, 0x23, 0x7d, 0xff, 0x16, 0xd7, 0x6c,
- 0x20, 0xef, 0x7c, 0x91, 0x9e, 0x3a, 0x75, 0x09
- };
- /* Camellia CBC Test Plaintext */
- WOLFSSL_SMALL_STACK_STATIC const byte ptc[] =
- {
- 0x6B, 0xC1, 0xBE, 0xE2, 0x2E, 0x40, 0x9F, 0x96,
- 0xE9, 0x3D, 0x7E, 0x11, 0x73, 0x93, 0x17, 0x2A
- };
- /* Camellia CBC Test Initialization Vector */
- WOLFSSL_SMALL_STACK_STATIC const byte ivc[] =
- {
- 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
- 0x08, 0x09, 0x0A, 0x0B, 0x0C, 0x0D, 0x0E, 0x0F
- };
- /* Test 4: Camellia-CBC 128-bit key */
- WOLFSSL_SMALL_STACK_STATIC const byte k4[] =
- {
- 0x2B, 0x7E, 0x15, 0x16, 0x28, 0xAE, 0xD2, 0xA6,
- 0xAB, 0xF7, 0x15, 0x88, 0x09, 0xCF, 0x4F, 0x3C
- };
- WOLFSSL_SMALL_STACK_STATIC const byte c4[] =
- {
- 0x16, 0x07, 0xCF, 0x49, 0x4B, 0x36, 0xBB, 0xF0,
- 0x0D, 0xAE, 0xB0, 0xB5, 0x03, 0xC8, 0x31, 0xAB
- };
- /* Test 5: Camellia-CBC 192-bit key */
- WOLFSSL_SMALL_STACK_STATIC const byte k5[] =
- {
- 0x8E, 0x73, 0xB0, 0xF7, 0xDA, 0x0E, 0x64, 0x52,
- 0xC8, 0x10, 0xF3, 0x2B, 0x80, 0x90, 0x79, 0xE5,
- 0x62, 0xF8, 0xEA, 0xD2, 0x52, 0x2C, 0x6B, 0x7B
- };
- WOLFSSL_SMALL_STACK_STATIC const byte c5[] =
- {
- 0x2A, 0x48, 0x30, 0xAB, 0x5A, 0xC4, 0xA1, 0xA2,
- 0x40, 0x59, 0x55, 0xFD, 0x21, 0x95, 0xCF, 0x93
- };
- /* Test 6: CBC 256-bit key */
- WOLFSSL_SMALL_STACK_STATIC const byte k6[] =
- {
- 0x60, 0x3D, 0xEB, 0x10, 0x15, 0xCA, 0x71, 0xBE,
- 0x2B, 0x73, 0xAE, 0xF0, 0x85, 0x7D, 0x77, 0x81,
- 0x1F, 0x35, 0x2C, 0x07, 0x3B, 0x61, 0x08, 0xD7,
- 0x2D, 0x98, 0x10, 0xA3, 0x09, 0x14, 0xDF, 0xF4
- };
- WOLFSSL_SMALL_STACK_STATIC const byte c6[] =
- {
- 0xE6, 0xCF, 0xA3, 0x5F, 0xC0, 0x2B, 0x13, 0x4A,
- 0x4D, 0x2C, 0x0B, 0x67, 0x37, 0xAC, 0x3E, 0xDA
- };
- byte out[CAMELLIA_BLOCK_SIZE];
- Camellia cam;
- int i, testsSz, ret;
- WOLFSSL_SMALL_STACK_STATIC const test_vector_t testVectors[] =
- {
- {CAM_ECB_ENC, pte, ive, c1, k1, sizeof(k1), -114},
- {CAM_ECB_ENC, pte, ive, c2, k2, sizeof(k2), -115},
- {CAM_ECB_ENC, pte, ive, c3, k3, sizeof(k3), -116},
- {CAM_ECB_DEC, pte, ive, c1, k1, sizeof(k1), -117},
- {CAM_ECB_DEC, pte, ive, c2, k2, sizeof(k2), -118},
- {CAM_ECB_DEC, pte, ive, c3, k3, sizeof(k3), -119},
- {CAM_CBC_ENC, ptc, ivc, c4, k4, sizeof(k4), -120},
- {CAM_CBC_ENC, ptc, ivc, c5, k5, sizeof(k5), -121},
- {CAM_CBC_ENC, ptc, ivc, c6, k6, sizeof(k6), -122},
- {CAM_CBC_DEC, ptc, ivc, c4, k4, sizeof(k4), -123},
- {CAM_CBC_DEC, ptc, ivc, c5, k5, sizeof(k5), -124},
- {CAM_CBC_DEC, ptc, ivc, c6, k6, sizeof(k6), -125}
- };
- testsSz = sizeof(testVectors)/sizeof(test_vector_t);
- for (i = 0; i < testsSz; i++) {
- if (wc_CamelliaSetKey(&cam, testVectors[i].key, testVectors[i].keySz,
- testVectors[i].iv) != 0)
- return testVectors[i].errorCode;
- switch (testVectors[i].type) {
- case CAM_ECB_ENC:
- ret = wc_CamelliaEncryptDirect(&cam, out,
- testVectors[i].plaintext);
- if (ret != 0 || XMEMCMP(out, testVectors[i].ciphertext,
- CAMELLIA_BLOCK_SIZE))
- return testVectors[i].errorCode;
- break;
- case CAM_ECB_DEC:
- ret = wc_CamelliaDecryptDirect(&cam, out,
- testVectors[i].ciphertext);
- if (ret != 0 || XMEMCMP(out, testVectors[i].plaintext,
- CAMELLIA_BLOCK_SIZE))
- return testVectors[i].errorCode;
- break;
- case CAM_CBC_ENC:
- ret = wc_CamelliaCbcEncrypt(&cam, out, testVectors[i].plaintext,
- CAMELLIA_BLOCK_SIZE);
- if (ret != 0 || XMEMCMP(out, testVectors[i].ciphertext,
- CAMELLIA_BLOCK_SIZE))
- return testVectors[i].errorCode;
- break;
- case CAM_CBC_DEC:
- ret = wc_CamelliaCbcDecrypt(&cam, out,
- testVectors[i].ciphertext, CAMELLIA_BLOCK_SIZE);
- if (ret != 0 || XMEMCMP(out, testVectors[i].plaintext,
- CAMELLIA_BLOCK_SIZE))
- return testVectors[i].errorCode;
- break;
- default:
- break;
- }
- }
- /* Setting the IV and checking it was actually set. */
- ret = wc_CamelliaSetIV(&cam, ivc);
- if (ret != 0 || XMEMCMP(cam.reg, ivc, CAMELLIA_BLOCK_SIZE))
- return -6700;
- /* Setting the IV to NULL should be same as all zeros IV */
- if (wc_CamelliaSetIV(&cam, NULL) != 0 ||
- XMEMCMP(cam.reg, ive, CAMELLIA_BLOCK_SIZE))
- return -6701;
- /* First parameter should never be null */
- if (wc_CamelliaSetIV(NULL, NULL) == 0)
- return -6702;
- /* First parameter should never be null, check it fails */
- if (wc_CamelliaSetKey(NULL, k1, sizeof(k1), NULL) == 0)
- return -6703;
- /* Key should have a size of 16, 24, or 32 */
- if (wc_CamelliaSetKey(&cam, k1, 0, NULL) == 0)
- return -6704;
- return 0;
- }
- #endif /* HAVE_CAMELLIA */
- #ifdef HAVE_IDEA
- WOLFSSL_TEST_SUBROUTINE int idea_test(void)
- {
- int ret;
- word16 i, j;
- Idea idea;
- byte data[IDEA_BLOCK_SIZE];
- /* Project NESSIE test vectors */
- #define IDEA_NB_TESTS 6
- #define IDEA_NB_TESTS_EXTRA 4
- WOLFSSL_SMALL_STACK_STATIC const byte v_key[IDEA_NB_TESTS][IDEA_KEY_SIZE] = {
- { 0x37, 0x37, 0x37, 0x37, 0x37, 0x37, 0x37, 0x37,
- 0x37, 0x37, 0x37, 0x37, 0x37, 0x37, 0x37, 0x37 },
- { 0x57, 0x57, 0x57, 0x57, 0x57, 0x57, 0x57, 0x57,
- 0x57, 0x57, 0x57, 0x57, 0x57, 0x57, 0x57, 0x57 },
- { 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
- 0x08, 0x09, 0x0A, 0x0B, 0x0C, 0x0D, 0x0E, 0x0F },
- { 0x2B, 0xD6, 0x45, 0x9F, 0x82, 0xC5, 0xB3, 0x00,
- 0x95, 0x2C, 0x49, 0x10, 0x48, 0x81, 0xFF, 0x48 },
- { 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
- 0x08, 0x09, 0x0A, 0x0B, 0x0C, 0x0D, 0x0E, 0x0F },
- { 0x2B, 0xD6, 0x45, 0x9F, 0x82, 0xC5, 0xB3, 0x00,
- 0x95, 0x2C, 0x49, 0x10, 0x48, 0x81, 0xFF, 0x48 },
- };
- WOLFSSL_SMALL_STACK_STATIC const byte v1_plain[IDEA_NB_TESTS][IDEA_BLOCK_SIZE] = {
- { 0x37, 0x37, 0x37, 0x37, 0x37, 0x37, 0x37, 0x37 },
- { 0x57, 0x57, 0x57, 0x57, 0x57, 0x57, 0x57, 0x57 },
- { 0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77 },
- { 0xEA, 0x02, 0x47, 0x14, 0xAD, 0x5C, 0x4D, 0x84 },
- { 0xDB, 0x2D, 0x4A, 0x92, 0xAA, 0x68, 0x27, 0x3F },
- { 0xF1, 0x29, 0xA6, 0x60, 0x1E, 0xF6, 0x2A, 0x47 },
- };
- WOLFSSL_SMALL_STACK_STATIC const byte v1_cipher[IDEA_NB_TESTS][IDEA_BLOCK_SIZE] = {
- { 0x54, 0xCF, 0x21, 0xE3, 0x89, 0xD8, 0x73, 0xEC },
- { 0x85, 0x52, 0x4D, 0x41, 0x0E, 0xB4, 0x28, 0xAE },
- { 0xF5, 0x26, 0xAB, 0x9A, 0x62, 0xC0, 0xD2, 0x58 },
- { 0xC8, 0xFB, 0x51, 0xD3, 0x51, 0x66, 0x27, 0xA8 },
- { 0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77 },
- { 0xEA, 0x02, 0x47, 0x14, 0xAD, 0x5C, 0x4D, 0x84 },
- };
- WOLFSSL_SMALL_STACK_STATIC const byte v1_cipher_100[IDEA_NB_TESTS_EXTRA][IDEA_BLOCK_SIZE] = {
- { 0x12, 0x46, 0x2F, 0xD0, 0xFB, 0x3A, 0x63, 0x39 },
- { 0x15, 0x61, 0xE8, 0xC9, 0x04, 0x54, 0x8B, 0xE9 },
- { 0x42, 0x12, 0x2A, 0x94, 0xB0, 0xF6, 0xD2, 0x43 },
- { 0x53, 0x4D, 0xCD, 0x48, 0xDD, 0xD5, 0xF5, 0x9C },
- };
- WOLFSSL_SMALL_STACK_STATIC const byte v1_cipher_1000[IDEA_NB_TESTS_EXTRA][IDEA_BLOCK_SIZE] = {
- { 0x44, 0x1B, 0x38, 0x5C, 0x77, 0x29, 0x75, 0x34 },
- { 0xF0, 0x4E, 0x58, 0x88, 0x44, 0x99, 0x22, 0x2D },
- { 0xB3, 0x5F, 0x93, 0x7F, 0x6A, 0xA0, 0xCD, 0x1F },
- { 0x9A, 0xEA, 0x46, 0x8F, 0x42, 0x9B, 0xBA, 0x15 },
- };
- /* CBC test */
- const char *message = "International Data Encryption Algorithm";
- byte msg_enc[40], msg_dec[40];
- for (i = 0; i < IDEA_NB_TESTS; i++) {
- /* Set encryption key */
- XMEMSET(&idea, 0, sizeof(Idea));
- ret = wc_IdeaSetKey(&idea, v_key[i], IDEA_KEY_SIZE,
- NULL, IDEA_ENCRYPTION);
- if (ret != 0) {
- printf("wc_IdeaSetKey (enc) failed\n");
- return -6800;
- }
- /* Data encryption */
- ret = wc_IdeaCipher(&idea, data, v1_plain[i]);
- if (ret != 0 || XMEMCMP(&v1_cipher[i], data, IDEA_BLOCK_SIZE)) {
- printf("Bad encryption\n");
- return -6801;
- }
- /* Set decryption key */
- XMEMSET(&idea, 0, sizeof(Idea));
- ret = wc_IdeaSetKey(&idea, v_key[i], IDEA_KEY_SIZE,
- NULL, IDEA_DECRYPTION);
- if (ret != 0) {
- printf("wc_IdeaSetKey (dec) failed\n");
- return -6802;
- }
- /* Data decryption */
- ret = wc_IdeaCipher(&idea, data, data);
- if (ret != 0 || XMEMCMP(v1_plain[i], data, IDEA_BLOCK_SIZE)) {
- printf("Bad decryption\n");
- return -6803;
- }
- /* Set encryption key */
- XMEMSET(&idea, 0, sizeof(Idea));
- ret = wc_IdeaSetKey(&idea, v_key[i], IDEA_KEY_SIZE,
- v_key[i], IDEA_ENCRYPTION);
- if (ret != 0) {
- printf("wc_IdeaSetKey (enc) failed\n");
- return -6804;
- }
- XMEMSET(msg_enc, 0, sizeof(msg_enc));
- ret = wc_IdeaCbcEncrypt(&idea, msg_enc, (byte *)message,
- (word32)XSTRLEN(message)+1);
- if (ret != 0) {
- printf("wc_IdeaCbcEncrypt failed\n");
- return -6805;
- }
- /* Set decryption key */
- XMEMSET(&idea, 0, sizeof(Idea));
- ret = wc_IdeaSetKey(&idea, v_key[i], IDEA_KEY_SIZE,
- v_key[i], IDEA_DECRYPTION);
- if (ret != 0) {
- printf("wc_IdeaSetKey (dec) failed\n");
- return -6806;
- }
- XMEMSET(msg_dec, 0, sizeof(msg_dec));
- ret = wc_IdeaCbcDecrypt(&idea, msg_dec, msg_enc,
- (word32)XSTRLEN(message)+1);
- if (ret != 0) {
- printf("wc_IdeaCbcDecrypt failed\n");
- return -6807;
- }
- if (XMEMCMP(message, msg_dec, (word32)XSTRLEN(message))) {
- printf("Bad CBC decryption\n");
- return -6808;
- }
- }
- for (i = 0; i < IDEA_NB_TESTS_EXTRA; i++) {
- /* Set encryption key */
- XMEMSET(&idea, 0, sizeof(Idea));
- ret = wc_IdeaSetKey(&idea, v_key[i], IDEA_KEY_SIZE,
- NULL, IDEA_ENCRYPTION);
- if (ret != 0) {
- printf("wc_IdeaSetKey (enc) failed\n");
- return -6809;
- }
- /* 100 times data encryption */
- XMEMCPY(data, v1_plain[i], IDEA_BLOCK_SIZE);
- for (j = 0; j < 100; j++) {
- ret = wc_IdeaCipher(&idea, data, data);
- if (ret != 0) {
- return -6810;
- }
- }
- if (XMEMCMP(v1_cipher_100[i], data, IDEA_BLOCK_SIZE)) {
- printf("Bad encryption (100 times)\n");
- return -6811;
- }
- /* 1000 times data encryption */
- XMEMCPY(data, v1_plain[i], IDEA_BLOCK_SIZE);
- for (j = 0; j < 1000; j++) {
- ret = wc_IdeaCipher(&idea, data, data);
- if (ret != 0) {
- return -6812;
- }
- }
- if (XMEMCMP(v1_cipher_1000[i], data, IDEA_BLOCK_SIZE)) {
- printf("Bad encryption (100 times)\n");
- return -6813;
- }
- }
- #ifndef WC_NO_RNG
- /* random test for CBC */
- {
- WC_RNG rng;
- byte key[IDEA_KEY_SIZE], iv[IDEA_BLOCK_SIZE],
- rnd[1000], enc[1000], dec[1000];
- /* random values */
- #ifndef HAVE_FIPS
- ret = wc_InitRng_ex(&rng, HEAP_HINT, devId);
- #else
- ret = wc_InitRng(&rng);
- #endif
- if (ret != 0)
- return -6814;
- for (i = 0; i < 1000; i++) {
- /* random key */
- ret = wc_RNG_GenerateBlock(&rng, key, sizeof(key));
- if (ret != 0)
- return -6815;
- /* random iv */
- ret = wc_RNG_GenerateBlock(&rng, iv, sizeof(iv));
- if (ret != 0)
- return -6816;
- /* random data */
- ret = wc_RNG_GenerateBlock(&rng, rnd, sizeof(rnd));
- if (ret != 0)
- return -6817;
- /* Set encryption key */
- XMEMSET(&idea, 0, sizeof(Idea));
- ret = wc_IdeaSetKey(&idea, key, IDEA_KEY_SIZE, iv, IDEA_ENCRYPTION);
- if (ret != 0) {
- printf("wc_IdeaSetKey (enc) failed\n");
- return -6818;
- }
- /* Data encryption */
- XMEMSET(enc, 0, sizeof(enc));
- ret = wc_IdeaCbcEncrypt(&idea, enc, rnd, sizeof(rnd));
- if (ret != 0) {
- printf("wc_IdeaCbcEncrypt failed\n");
- return -6819;
- }
- /* Set decryption key */
- XMEMSET(&idea, 0, sizeof(Idea));
- ret = wc_IdeaSetKey(&idea, key, IDEA_KEY_SIZE, iv, IDEA_DECRYPTION);
- if (ret != 0) {
- printf("wc_IdeaSetKey (enc) failed\n");
- return -6820;
- }
- /* Data decryption */
- XMEMSET(dec, 0, sizeof(dec));
- ret = wc_IdeaCbcDecrypt(&idea, dec, enc, sizeof(enc));
- if (ret != 0) {
- printf("wc_IdeaCbcDecrypt failed\n");
- return -6821;
- }
- if (XMEMCMP(rnd, dec, sizeof(rnd))) {
- printf("Bad CBC decryption\n");
- return -6822;
- }
- }
- wc_FreeRng(&rng);
- }
- #endif /* WC_NO_RNG */
- return 0;
- }
- #endif /* HAVE_IDEA */
- #ifdef HAVE_XCHACHA
- WOLFSSL_TEST_SUBROUTINE int XChaCha_test(void) {
- int ret = -6830;
- WOLFSSL_SMALL_STACK_STATIC const byte Plaintext[] = {
- 0x54, 0x68, 0x65, 0x20, 0x64, 0x68, 0x6f, 0x6c, 0x65, 0x20, 0x28, 0x70, 0x72, 0x6f, 0x6e, 0x6f, /* The dhole (prono */
- 0x75, 0x6e, 0x63, 0x65, 0x64, 0x20, 0x22, 0x64, 0x6f, 0x6c, 0x65, 0x22, 0x29, 0x20, 0x69, 0x73, /* unced "dole") is */
- 0x20, 0x61, 0x6c, 0x73, 0x6f, 0x20, 0x6b, 0x6e, 0x6f, 0x77, 0x6e, 0x20, 0x61, 0x73, 0x20, 0x74, /* also known as t */
- 0x68, 0x65, 0x20, 0x41, 0x73, 0x69, 0x61, 0x74, 0x69, 0x63, 0x20, 0x77, 0x69, 0x6c, 0x64, 0x20, /* he Asiatic wild */
- 0x64, 0x6f, 0x67, 0x2c, 0x20, 0x72, 0x65, 0x64, 0x20, 0x64, 0x6f, 0x67, 0x2c, 0x20, 0x61, 0x6e, /* dog, red dog, an */
- 0x64, 0x20, 0x77, 0x68, 0x69, 0x73, 0x74, 0x6c, 0x69, 0x6e, 0x67, 0x20, 0x64, 0x6f, 0x67, 0x2e, /* d whistling dog. */
- 0x20, 0x49, 0x74, 0x20, 0x69, 0x73, 0x20, 0x61, 0x62, 0x6f, 0x75, 0x74, 0x20, 0x74, 0x68, 0x65, /* It is about the */
- 0x20, 0x73, 0x69, 0x7a, 0x65, 0x20, 0x6f, 0x66, 0x20, 0x61, 0x20, 0x47, 0x65, 0x72, 0x6d, 0x61, /* size of a Germa */
- 0x6e, 0x20, 0x73, 0x68, 0x65, 0x70, 0x68, 0x65, 0x72, 0x64, 0x20, 0x62, 0x75, 0x74, 0x20, 0x6c, /* n shepherd but l */
- 0x6f, 0x6f, 0x6b, 0x73, 0x20, 0x6d, 0x6f, 0x72, 0x65, 0x20, 0x6c, 0x69, 0x6b, 0x65, 0x20, 0x61, /* ooks more like a */
- 0x20, 0x6c, 0x6f, 0x6e, 0x67, 0x2d, 0x6c, 0x65, 0x67, 0x67, 0x65, 0x64, 0x20, 0x66, 0x6f, 0x78, /* long-legged fox */
- 0x2e, 0x20, 0x54, 0x68, 0x69, 0x73, 0x20, 0x68, 0x69, 0x67, 0x68, 0x6c, 0x79, 0x20, 0x65, 0x6c, /* . This highly el */
- 0x75, 0x73, 0x69, 0x76, 0x65, 0x20, 0x61, 0x6e, 0x64, 0x20, 0x73, 0x6b, 0x69, 0x6c, 0x6c, 0x65, /* usive and skille */
- 0x64, 0x20, 0x6a, 0x75, 0x6d, 0x70, 0x65, 0x72, 0x20, 0x69, 0x73, 0x20, 0x63, 0x6c, 0x61, 0x73, /* d jumper is clas */
- 0x73, 0x69, 0x66, 0x69, 0x65, 0x64, 0x20, 0x77, 0x69, 0x74, 0x68, 0x20, 0x77, 0x6f, 0x6c, 0x76, /* sified with wolv */
- 0x65, 0x73, 0x2c, 0x20, 0x63, 0x6f, 0x79, 0x6f, 0x74, 0x65, 0x73, 0x2c, 0x20, 0x6a, 0x61, 0x63, /* es, coyotes, jac */
- 0x6b, 0x61, 0x6c, 0x73, 0x2c, 0x20, 0x61, 0x6e, 0x64, 0x20, 0x66, 0x6f, 0x78, 0x65, 0x73, 0x20, /* kals, and foxes */
- 0x69, 0x6e, 0x20, 0x74, 0x68, 0x65, 0x20, 0x74, 0x61, 0x78, 0x6f, 0x6e, 0x6f, 0x6d, 0x69, 0x63, /* in the taxonomic */
- 0x20, 0x66, 0x61, 0x6d, 0x69, 0x6c, 0x79, 0x20, 0x43, 0x61, 0x6e, 0x69, 0x64, 0x61, 0x65, 0x2e /* family Canidae. */
- };
- WOLFSSL_SMALL_STACK_STATIC const byte Key[] = {
- 0x80, 0x81, 0x82, 0x83, 0x84, 0x85, 0x86, 0x87, 0x88, 0x89, 0x8a, 0x8b, 0x8c, 0x8d, 0x8e, 0x8f,
- 0x90, 0x91, 0x92, 0x93, 0x94, 0x95, 0x96, 0x97, 0x98, 0x99, 0x9a, 0x9b, 0x9c, 0x9d, 0x9e, 0x9f
- };
- WOLFSSL_SMALL_STACK_STATIC const byte IV[] = {
- 0x40, 0x41, 0x42, 0x43, 0x44, 0x45, 0x46, 0x47, 0x48, 0x49, 0x4a, 0x4b, 0x4c, 0x4d, 0x4e, 0x4f, /* @ABCDEFGHIJKLMNO */
- 0x50, 0x51, 0x52, 0x53, 0x54, 0x55, 0x56, 0x58 }; /* PQRSTUVW */
- WOLFSSL_SMALL_STACK_STATIC const byte Ciphertext[] = {
- 0x45, 0x59, 0xab, 0xba, 0x4e, 0x48, 0xc1, 0x61, 0x02, 0xe8, 0xbb, 0x2c, 0x05, 0xe6, 0x94, 0x7f,
- 0x50, 0xa7, 0x86, 0xde, 0x16, 0x2f, 0x9b, 0x0b, 0x7e, 0x59, 0x2a, 0x9b, 0x53, 0xd0, 0xd4, 0xe9,
- 0x8d, 0x8d, 0x64, 0x10, 0xd5, 0x40, 0xa1, 0xa6, 0x37, 0x5b, 0x26, 0xd8, 0x0d, 0xac, 0xe4, 0xfa,
- 0xb5, 0x23, 0x84, 0xc7, 0x31, 0xac, 0xbf, 0x16, 0xa5, 0x92, 0x3c, 0x0c, 0x48, 0xd3, 0x57, 0x5d,
- 0x4d, 0x0d, 0x2c, 0x67, 0x3b, 0x66, 0x6f, 0xaa, 0x73, 0x10, 0x61, 0x27, 0x77, 0x01, 0x09, 0x3a,
- 0x6b, 0xf7, 0xa1, 0x58, 0xa8, 0x86, 0x42, 0x92, 0xa4, 0x1c, 0x48, 0xe3, 0xa9, 0xb4, 0xc0, 0xda,
- 0xec, 0xe0, 0xf8, 0xd9, 0x8d, 0x0d, 0x7e, 0x05, 0xb3, 0x7a, 0x30, 0x7b, 0xbb, 0x66, 0x33, 0x31,
- 0x64, 0xec, 0x9e, 0x1b, 0x24, 0xea, 0x0d, 0x6c, 0x3f, 0xfd, 0xdc, 0xec, 0x4f, 0x68, 0xe7, 0x44,
- 0x30, 0x56, 0x19, 0x3a, 0x03, 0xc8, 0x10, 0xe1, 0x13, 0x44, 0xca, 0x06, 0xd8, 0xed, 0x8a, 0x2b,
- 0xfb, 0x1e, 0x8d, 0x48, 0xcf, 0xa6, 0xbc, 0x0e, 0xb4, 0xe2, 0x46, 0x4b, 0x74, 0x81, 0x42, 0x40,
- 0x7c, 0x9f, 0x43, 0x1a, 0xee, 0x76, 0x99, 0x60, 0xe1, 0x5b, 0xa8, 0xb9, 0x68, 0x90, 0x46, 0x6e,
- 0xf2, 0x45, 0x75, 0x99, 0x85, 0x23, 0x85, 0xc6, 0x61, 0xf7, 0x52, 0xce, 0x20, 0xf9, 0xda, 0x0c,
- 0x09, 0xab, 0x6b, 0x19, 0xdf, 0x74, 0xe7, 0x6a, 0x95, 0x96, 0x74, 0x46, 0xf8, 0xd0, 0xfd, 0x41,
- 0x5e, 0x7b, 0xee, 0x2a, 0x12, 0xa1, 0x14, 0xc2, 0x0e, 0xb5, 0x29, 0x2a, 0xe7, 0xa3, 0x49, 0xae,
- 0x57, 0x78, 0x20, 0xd5, 0x52, 0x0a, 0x1f, 0x3f, 0xb6, 0x2a, 0x17, 0xce, 0x6a, 0x7e, 0x68, 0xfa,
- 0x7c, 0x79, 0x11, 0x1d, 0x88, 0x60, 0x92, 0x0b, 0xc0, 0x48, 0xef, 0x43, 0xfe, 0x84, 0x48, 0x6c,
- 0xcb, 0x87, 0xc2, 0x5f, 0x0a, 0xe0, 0x45, 0xf0, 0xcc, 0xe1, 0xe7, 0x98, 0x9a, 0x9a, 0xa2, 0x20,
- 0xa2, 0x8b, 0xdd, 0x48, 0x27, 0xe7, 0x51, 0xa2, 0x4a, 0x6d, 0x5c, 0x62, 0xd7, 0x90, 0xa6, 0x63,
- 0x93, 0xb9, 0x31, 0x11, 0xc1, 0xa5, 0x5d, 0xd7, 0x42, 0x1a, 0x10, 0x18, 0x49, 0x74, 0xc7, 0xc5
- };
- #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
- struct ChaCha *chacha = (struct ChaCha *)XMALLOC(sizeof *chacha, HEAP_HINT, DYNAMIC_TYPE_CIPHER);
- byte *buf1 = (byte *)XMALLOC(sizeof Plaintext, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- byte *buf2 = (byte *)XMALLOC(sizeof Plaintext, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- if ((chacha == NULL) || (buf1 == NULL) || (buf2 == NULL))
- ERROR_OUT(MEMORY_E, out);
- #else
- struct ChaCha chacha[1];
- byte buf1[sizeof Plaintext];
- byte buf2[sizeof Plaintext];
- #endif
- ret = wc_XChacha_SetKey(chacha, Key, sizeof Key, IV, sizeof IV, 0);
- if (ret < 0)
- ERROR_OUT(-6831, out);
- ret = wc_Chacha_Process(chacha, buf1, Plaintext, sizeof Plaintext);
- if (ret < 0)
- ERROR_OUT(-6832, out);
- if (XMEMCMP(buf1, Ciphertext, sizeof Plaintext))
- ERROR_OUT(-6833, out);
- ret = wc_XChacha_SetKey(chacha, Key, sizeof Key, IV, sizeof IV, 0);
- if (ret < 0)
- ERROR_OUT(-6834, out);
- ret = wc_Chacha_Process(chacha, buf2, buf1, sizeof Plaintext);
- if (ret < 0)
- ERROR_OUT(-6835, out);
- if (XMEMCMP(buf2, Plaintext, sizeof Plaintext))
- ERROR_OUT(-6836, out);
- out:
- #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
- if (chacha)
- XFREE(chacha, HEAP_HINT, DYNAMIC_TYPE_CIPHER);
- if (buf1)
- XFREE(buf1, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- if (buf2)
- XFREE(buf2, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- #endif
- return ret;
- }
- #endif /* HAVE_XCHACHA */
- #if defined(HAVE_XCHACHA) && defined(HAVE_POLY1305)
- WOLFSSL_TEST_SUBROUTINE int XChaCha20Poly1305_test(void) {
- int ret;
- WOLFSSL_SMALL_STACK_STATIC const byte Plaintext[] = {
- 0x4c, 0x61, 0x64, 0x69, 0x65, 0x73, 0x20, 0x61, 0x6e, 0x64, 0x20, 0x47, 0x65, 0x6e, 0x74, 0x6c, /* Ladies and Gentl */
- 0x65, 0x6d, 0x65, 0x6e, 0x20, 0x6f, 0x66, 0x20, 0x74, 0x68, 0x65, 0x20, 0x63, 0x6c, 0x61, 0x73, /* emen of the clas */
- 0x73, 0x20, 0x6f, 0x66, 0x20, 0x27, 0x39, 0x39, 0x3a, 0x20, 0x49, 0x66, 0x20, 0x49, 0x20, 0x63, /* s of '99: If I c */
- 0x6f, 0x75, 0x6c, 0x64, 0x20, 0x6f, 0x66, 0x66, 0x65, 0x72, 0x20, 0x79, 0x6f, 0x75, 0x20, 0x6f, /* ould offer you o */
- 0x6e, 0x6c, 0x79, 0x20, 0x6f, 0x6e, 0x65, 0x20, 0x74, 0x69, 0x70, 0x20, 0x66, 0x6f, 0x72, 0x20, /* nly one tip for */
- 0x74, 0x68, 0x65, 0x20, 0x66, 0x75, 0x74, 0x75, 0x72, 0x65, 0x2c, 0x20, 0x73, 0x75, 0x6e, 0x73, /* the future, suns */
- 0x63, 0x72, 0x65, 0x65, 0x6e, 0x20, 0x77, 0x6f, 0x75, 0x6c, 0x64, 0x20, 0x62, 0x65, 0x20, 0x69, /* creen would be i */
- 0x74, 0x2e }; /* t. */
- WOLFSSL_SMALL_STACK_STATIC const byte AAD[] = { 0x50, 0x51, 0x52, 0x53, 0xc0, 0xc1, 0xc2, 0xc3, 0xc4, 0xc5, 0xc6, 0xc7 }; /* PQRS........ */
- WOLFSSL_SMALL_STACK_STATIC const byte Key[] = {
- 0x80, 0x81, 0x82, 0x83, 0x84, 0x85, 0x86, 0x87, 0x88, 0x89, 0x8a, 0x8b, 0x8c, 0x8d, 0x8e, 0x8f,
- 0x90, 0x91, 0x92, 0x93, 0x94, 0x95, 0x96, 0x97, 0x98, 0x99, 0x9a, 0x9b, 0x9c, 0x9d, 0x9e, 0x9f
- };
- WOLFSSL_SMALL_STACK_STATIC const byte IV[] = {
- 0x40, 0x41, 0x42, 0x43, 0x44, 0x45, 0x46, 0x47, 0x48, 0x49, 0x4a, 0x4b, 0x4c, 0x4d, 0x4e, 0x4f, /* @ABCDEFGHIJKLMNO */
- 0x50, 0x51, 0x52, 0x53, 0x54, 0x55, 0x56, 0x57 }; /* PQRSTUVW */
- WOLFSSL_SMALL_STACK_STATIC const byte Ciphertext[] = {
- 0xbd, 0x6d, 0x17, 0x9d, 0x3e, 0x83, 0xd4, 0x3b, 0x95, 0x76, 0x57, 0x94, 0x93, 0xc0, 0xe9, 0x39,
- 0x57, 0x2a, 0x17, 0x00, 0x25, 0x2b, 0xfa, 0xcc, 0xbe, 0xd2, 0x90, 0x2c, 0x21, 0x39, 0x6c, 0xbb,
- 0x73, 0x1c, 0x7f, 0x1b, 0x0b, 0x4a, 0xa6, 0x44, 0x0b, 0xf3, 0xa8, 0x2f, 0x4e, 0xda, 0x7e, 0x39,
- 0xae, 0x64, 0xc6, 0x70, 0x8c, 0x54, 0xc2, 0x16, 0xcb, 0x96, 0xb7, 0x2e, 0x12, 0x13, 0xb4, 0x52,
- 0x2f, 0x8c, 0x9b, 0xa4, 0x0d, 0xb5, 0xd9, 0x45, 0xb1, 0x1b, 0x69, 0xb9, 0x82, 0xc1, 0xbb, 0x9e,
- 0x3f, 0x3f, 0xac, 0x2b, 0xc3, 0x69, 0x48, 0x8f, 0x76, 0xb2, 0x38, 0x35, 0x65, 0xd3, 0xff, 0xf9,
- 0x21, 0xf9, 0x66, 0x4c, 0x97, 0x63, 0x7d, 0xa9, 0x76, 0x88, 0x12, 0xf6, 0x15, 0xc6, 0x8b, 0x13,
- 0xb5, 0x2e };
- WOLFSSL_SMALL_STACK_STATIC const byte Tag[] = {
- 0xc0, 0x87, 0x59, 0x24, 0xc1, 0xc7, 0x98, 0x79, 0x47, 0xde, 0xaf, 0xd8, 0x78, 0x0a, 0xcf, 0x49
- };
- #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
- byte *buf1 = (byte *)XMALLOC(sizeof Ciphertext + sizeof Tag, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- byte *buf2 = (byte *)XMALLOC(sizeof Plaintext, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- #else
- byte buf1[sizeof Ciphertext + sizeof Tag];
- byte buf2[sizeof Plaintext];
- #endif
- ret = wc_XChaCha20Poly1305_Encrypt(buf1, sizeof Ciphertext + sizeof Tag,
- Plaintext, sizeof Plaintext,
- AAD, sizeof AAD,
- IV, sizeof IV,
- Key, sizeof Key);
- if (ret < 0)
- ERROR_OUT(-6840, out);
- if (XMEMCMP(buf1, Ciphertext, sizeof Plaintext))
- ERROR_OUT(-6841, out);
- if (XMEMCMP(buf1 + sizeof Plaintext, Tag, CHACHA20_POLY1305_AEAD_AUTHTAG_SIZE))
- ERROR_OUT(-6842, out);
- ret = wc_XChaCha20Poly1305_Decrypt(buf2, sizeof Plaintext,
- buf1, sizeof Plaintext + sizeof Tag,
- AAD, sizeof AAD,
- IV, sizeof IV,
- Key, sizeof Key);
- if (ret < 0)
- ERROR_OUT(-6843, out);
- if (XMEMCMP(buf2, Plaintext, sizeof Plaintext))
- ERROR_OUT(-6844, out);
- out:
- #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
- XFREE(buf1, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- XFREE(buf2, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- #endif
- return ret;
- }
- #endif /* defined(HAVE_XCHACHA) && defined(HAVE_POLY1305) */
- #ifndef WC_NO_RNG
- static int _rng_test(WC_RNG* rng, int errorOffset)
- {
- byte block[32];
- int ret, i;
- XMEMSET(block, 0, sizeof(block));
- ret = wc_RNG_GenerateBlock(rng, block, sizeof(block));
- if (ret != 0) {
- ret = -6850;
- goto exit;
- }
- /* Check for 0's */
- for (i=0; i<(int)sizeof(block); i++) {
- if (block[i] == 0) {
- ret++;
- }
- }
- /* All zeros count check */
- if (ret >= (int)sizeof(block)) {
- ret = -6851;
- goto exit;
- }
- ret = wc_RNG_GenerateByte(rng, block);
- if (ret != 0) {
- ret = -6852;
- goto exit;
- }
- /* Parameter validation testing. */
- ret = wc_RNG_GenerateBlock(NULL, block, sizeof(block));
- if (ret != BAD_FUNC_ARG) {
- ret = -6853;
- goto exit;
- }
- ret = wc_RNG_GenerateBlock(rng, NULL, sizeof(block));
- if (ret != BAD_FUNC_ARG) {
- ret = -6854;
- goto exit;
- }
- ret = wc_RNG_GenerateByte(NULL, block);
- if (ret != BAD_FUNC_ARG) {
- ret = -6855;
- goto exit;
- }
- ret = wc_RNG_GenerateByte(rng, NULL);
- if (ret != BAD_FUNC_ARG) {
- ret = -6856;
- goto exit;
- }
- ret = 0;
- exit:
- if (ret != 0)
- ret += errorOffset;
- return ret;
- }
- static int random_rng_test(void)
- {
- WC_RNG localRng;
- WC_RNG* rng;
- int ret;
- rng = &localRng;
- /* Test stack based RNG. */
- #ifndef HAVE_FIPS
- ret = wc_InitRng_ex(rng, HEAP_HINT, devId);
- #else
- ret = wc_InitRng(rng);
- #endif
- if (ret != 0) return -6900;
- ret = _rng_test(rng, -6300);
- /* Make sure and free RNG */
- wc_FreeRng(rng);
- if (ret != 0) return ret;
- #if !defined(HAVE_FIPS) && !defined(HAVE_SELFTEST) && !defined(WOLFSSL_NO_MALLOC)
- {
- byte nonce[8] = { 0 };
- /* Test dynamic RNG. */
- rng = wc_rng_new(nonce, (word32)sizeof(nonce), HEAP_HINT);
- if (rng == NULL) return -6901;
- ret = _rng_test(rng, -6310);
- wc_rng_free(rng);
- }
- #endif
- return ret;
- }
- #if defined(HAVE_HASHDRBG) && !defined(CUSTOM_RAND_GENERATE_BLOCK)
- WOLFSSL_TEST_SUBROUTINE int random_test(void)
- {
- WOLFSSL_SMALL_STACK_STATIC const byte test1Entropy[] =
- {
- 0xa6, 0x5a, 0xd0, 0xf3, 0x45, 0xdb, 0x4e, 0x0e, 0xff, 0xe8, 0x75, 0xc3,
- 0xa2, 0xe7, 0x1f, 0x42, 0xc7, 0x12, 0x9d, 0x62, 0x0f, 0xf5, 0xc1, 0x19,
- 0xa9, 0xef, 0x55, 0xf0, 0x51, 0x85, 0xe0, 0xfb, 0x85, 0x81, 0xf9, 0x31,
- 0x75, 0x17, 0x27, 0x6e, 0x06, 0xe9, 0x60, 0x7d, 0xdb, 0xcb, 0xcc, 0x2e
- };
- WOLFSSL_SMALL_STACK_STATIC const byte test1Output[] =
- {
- 0xd3, 0xe1, 0x60, 0xc3, 0x5b, 0x99, 0xf3, 0x40, 0xb2, 0x62, 0x82, 0x64,
- 0xd1, 0x75, 0x10, 0x60, 0xe0, 0x04, 0x5d, 0xa3, 0x83, 0xff, 0x57, 0xa5,
- 0x7d, 0x73, 0xa6, 0x73, 0xd2, 0xb8, 0xd8, 0x0d, 0xaa, 0xf6, 0xa6, 0xc3,
- 0x5a, 0x91, 0xbb, 0x45, 0x79, 0xd7, 0x3f, 0xd0, 0xc8, 0xfe, 0xd1, 0x11,
- 0xb0, 0x39, 0x13, 0x06, 0x82, 0x8a, 0xdf, 0xed, 0x52, 0x8f, 0x01, 0x81,
- 0x21, 0xb3, 0xfe, 0xbd, 0xc3, 0x43, 0xe7, 0x97, 0xb8, 0x7d, 0xbb, 0x63,
- 0xdb, 0x13, 0x33, 0xde, 0xd9, 0xd1, 0xec, 0xe1, 0x77, 0xcf, 0xa6, 0xb7,
- 0x1f, 0xe8, 0xab, 0x1d, 0xa4, 0x66, 0x24, 0xed, 0x64, 0x15, 0xe5, 0x1c,
- 0xcd, 0xe2, 0xc7, 0xca, 0x86, 0xe2, 0x83, 0x99, 0x0e, 0xea, 0xeb, 0x91,
- 0x12, 0x04, 0x15, 0x52, 0x8b, 0x22, 0x95, 0x91, 0x02, 0x81, 0xb0, 0x2d,
- 0xd4, 0x31, 0xf4, 0xc9, 0xf7, 0x04, 0x27, 0xdf
- };
- WOLFSSL_SMALL_STACK_STATIC const byte test2EntropyA[] =
- {
- 0x63, 0x36, 0x33, 0x77, 0xe4, 0x1e, 0x86, 0x46, 0x8d, 0xeb, 0x0a, 0xb4,
- 0xa8, 0xed, 0x68, 0x3f, 0x6a, 0x13, 0x4e, 0x47, 0xe0, 0x14, 0xc7, 0x00,
- 0x45, 0x4e, 0x81, 0xe9, 0x53, 0x58, 0xa5, 0x69, 0x80, 0x8a, 0xa3, 0x8f,
- 0x2a, 0x72, 0xa6, 0x23, 0x59, 0x91, 0x5a, 0x9f, 0x8a, 0x04, 0xca, 0x68
- };
- WOLFSSL_SMALL_STACK_STATIC const byte test2EntropyB[] =
- {
- 0xe6, 0x2b, 0x8a, 0x8e, 0xe8, 0xf1, 0x41, 0xb6, 0x98, 0x05, 0x66, 0xe3,
- 0xbf, 0xe3, 0xc0, 0x49, 0x03, 0xda, 0xd4, 0xac, 0x2c, 0xdf, 0x9f, 0x22,
- 0x80, 0x01, 0x0a, 0x67, 0x39, 0xbc, 0x83, 0xd3
- };
- WOLFSSL_SMALL_STACK_STATIC const byte test2Output[] =
- {
- 0x04, 0xee, 0xc6, 0x3b, 0xb2, 0x31, 0xdf, 0x2c, 0x63, 0x0a, 0x1a, 0xfb,
- 0xe7, 0x24, 0x94, 0x9d, 0x00, 0x5a, 0x58, 0x78, 0x51, 0xe1, 0xaa, 0x79,
- 0x5e, 0x47, 0x73, 0x47, 0xc8, 0xb0, 0x56, 0x62, 0x1c, 0x18, 0xbd, 0xdc,
- 0xdd, 0x8d, 0x99, 0xfc, 0x5f, 0xc2, 0xb9, 0x20, 0x53, 0xd8, 0xcf, 0xac,
- 0xfb, 0x0b, 0xb8, 0x83, 0x12, 0x05, 0xfa, 0xd1, 0xdd, 0xd6, 0xc0, 0x71,
- 0x31, 0x8a, 0x60, 0x18, 0xf0, 0x3b, 0x73, 0xf5, 0xed, 0xe4, 0xd4, 0xd0,
- 0x71, 0xf9, 0xde, 0x03, 0xfd, 0x7a, 0xea, 0x10, 0x5d, 0x92, 0x99, 0xb8,
- 0xaf, 0x99, 0xaa, 0x07, 0x5b, 0xdb, 0x4d, 0xb9, 0xaa, 0x28, 0xc1, 0x8d,
- 0x17, 0x4b, 0x56, 0xee, 0x2a, 0x01, 0x4d, 0x09, 0x88, 0x96, 0xff, 0x22,
- 0x82, 0xc9, 0x55, 0xa8, 0x19, 0x69, 0xe0, 0x69, 0xfa, 0x8c, 0xe0, 0x07,
- 0xa1, 0x80, 0x18, 0x3a, 0x07, 0xdf, 0xae, 0x17
- };
- byte output[WC_SHA256_DIGEST_SIZE * 4];
- int ret;
- ret = wc_RNG_HealthTest(0, test1Entropy, sizeof(test1Entropy), NULL, 0,
- output, sizeof(output));
- if (ret != 0)
- return -7000;
- if (XMEMCMP(test1Output, output, sizeof(output)) != 0)
- return -7001;
- ret = wc_RNG_HealthTest(1, test2EntropyA, sizeof(test2EntropyA),
- test2EntropyB, sizeof(test2EntropyB),
- output, sizeof(output));
- if (ret != 0)
- return -7002;
- if (XMEMCMP(test2Output, output, sizeof(output)) != 0)
- return -7003;
- /* Basic RNG generate block test */
- if ((ret = random_rng_test()) != 0)
- return ret;
- /* Test the seed check function. */
- #if !(defined(HAVE_FIPS) || defined(HAVE_SELFTEST)) || \
- (defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION >= 2))
- {
- word32 i, outputSz;
- /* Repeat the same byte over and over. Should fail. */
- outputSz = sizeof(output);
- XMEMSET(output, 1, outputSz);
- ret = wc_RNG_TestSeed(output, outputSz);
- if (ret == 0)
- return -7004;
- /* Every byte of the entropy scratch is different,
- * entropy is a single byte that shouldn't match. */
- outputSz = (sizeof(word32) * 2) + 1;
- for (i = 0; i < outputSz; i++)
- output[i] = (byte)i;
- ret = wc_RNG_TestSeed(output, outputSz);
- if (ret != 0)
- return -7005;
- outputSz = sizeof(output);
- for (i = 0; i < outputSz; i++)
- output[i] = (byte)i;
- ret = wc_RNG_TestSeed(output, outputSz);
- if (ret != 0)
- return -7006;
- }
- #endif
- return 0;
- }
- #else
- WOLFSSL_TEST_SUBROUTINE int random_test(void)
- {
- /* Basic RNG generate block test */
- return random_rng_test();
- }
- #endif /* HAVE_HASHDRBG && !CUSTOM_RAND_GENERATE_BLOCK */
- #endif /* WC_NO_RNG */
- #ifndef MEM_TEST_SZ
- #define MEM_TEST_SZ 1024
- #endif
- #if defined(WOLFSSL_STATIC_MEMORY) || !defined(WOLFSSL_NO_MALLOC)
- static int simple_mem_test(int sz)
- {
- int ret = 0;
- byte* b;
- int i;
- b = (byte*)XMALLOC(sz, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- if (b == NULL) {
- return -7110;
- }
- /* utilize memory */
- for (i = 0; i < sz; i++) {
- b[i] = (byte)i;
- }
- /* read back and verify */
- for (i = 0; i < sz; i++) {
- if (b[i] != (byte)i) {
- ret = -7111;
- break;
- }
- }
- XFREE(b, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- return ret;
- }
- #endif
- WOLFSSL_TEST_SUBROUTINE int memory_test(void)
- {
- int ret = 0;
- #if !defined(USE_FAST_MATH) && !defined(WOLFSSL_NO_MALLOC)
- byte* b = NULL;
- #endif
- #if defined(COMPLEX_MEM_TEST) || defined(WOLFSSL_STATIC_MEMORY)
- int i;
- #endif
- #ifdef WOLFSSL_STATIC_MEMORY
- word32 size[] = { WOLFMEM_BUCKETS };
- word32 dist[] = { WOLFMEM_DIST };
- byte buffer[30000]; /* make large enough to involve many bucket sizes */
- int pad = -(int)((wolfssl_word)buffer) & (WOLFSSL_STATIC_ALIGN - 1);
- /* pad to account for if head of buffer is not at set memory
- * alignment when tests are ran */
- #endif
- #ifdef WOLFSSL_STATIC_MEMORY
- /* check macro settings */
- if (sizeof(size)/sizeof(word32) != WOLFMEM_MAX_BUCKETS) {
- return -7200;
- }
- if (sizeof(dist)/sizeof(word32) != WOLFMEM_MAX_BUCKETS) {
- return -7201;
- }
- for (i = 0; i < WOLFMEM_MAX_BUCKETS; i++) {
- if ((size[i] % WOLFSSL_STATIC_ALIGN) != 0) {
- /* each element in array should be divisible by alignment size */
- return -7202;
- }
- }
- for (i = 1; i < WOLFMEM_MAX_BUCKETS; i++) {
- if (size[i - 1] >= size[i]) {
- return -7203; /* sizes should be in increasing order */
- }
- }
- /* check that padding size returned is possible */
- if (wolfSSL_MemoryPaddingSz() < WOLFSSL_STATIC_ALIGN) {
- return -7204; /* no room for wc_Memory struct */
- }
- if (wolfSSL_MemoryPaddingSz() < 0) {
- return -7205;
- }
- if (wolfSSL_MemoryPaddingSz() % WOLFSSL_STATIC_ALIGN != 0) {
- return -7206; /* not aligned! */
- }
- /* check function to return optimum buffer size (rounded down) */
- ret = wolfSSL_StaticBufferSz(buffer, sizeof(buffer), WOLFMEM_GENERAL);
- if ((ret - pad) % WOLFSSL_STATIC_ALIGN != 0) {
- return -7207; /* not aligned! */
- }
- if (ret < 0) {
- return -7208;
- }
- if ((unsigned int)ret > sizeof(buffer)) {
- return -7209; /* did not round down as expected */
- }
- if (ret != wolfSSL_StaticBufferSz(buffer, ret, WOLFMEM_GENERAL)) {
- return -7210; /* return value changed when using suggested value */
- }
- ret = wolfSSL_MemoryPaddingSz();
- ret += pad; /* add space that is going to be needed if buffer not aligned */
- if (wolfSSL_StaticBufferSz(buffer, size[0] + ret + 1, WOLFMEM_GENERAL) !=
- (ret + (int)size[0])) {
- return -7211; /* did not round down to nearest bucket value */
- }
- ret = wolfSSL_StaticBufferSz(buffer, sizeof(buffer), WOLFMEM_IO_POOL);
- if ((ret - pad) < 0) {
- return -7212;
- }
- if (((ret - pad) % (WOLFMEM_IO_SZ + wolfSSL_MemoryPaddingSz())) != 0) {
- return -7213; /* not even chunks of memory for IO size */
- }
- if (((ret - pad) % WOLFSSL_STATIC_ALIGN) != 0) {
- return -7214; /* memory not aligned */
- }
- /* check for passing bad or unknown arguments to functions */
- if (wolfSSL_StaticBufferSz(NULL, 1, WOLFMEM_GENERAL) > 0) {
- return -7215;
- }
- if (wolfSSL_StaticBufferSz(buffer, 1, WOLFMEM_GENERAL) != 0) {
- return -7216; /* should round to 0 since struct + bucket will not fit */
- }
- (void)dist; /* avoid static analysis warning of variable not used */
- #endif
- #if defined(WOLFSSL_STATIC_MEMORY) || !defined(WOLFSSL_NO_MALLOC)
- /* simple test */
- ret = simple_mem_test(MEM_TEST_SZ);
- if (ret != 0)
- return ret;
- #endif
- #ifdef COMPLEX_MEM_TEST
- /* test various size blocks */
- for (i = 1; i < MEM_TEST_SZ; i*=2) {
- ret = simple_mem_test(i);
- if (ret != 0)
- return ret;
- }
- #endif
- #if !defined(USE_FAST_MATH) && !defined(WOLFSSL_NO_MALLOC)
- /* realloc test */
- b = (byte*)XMALLOC(MEM_TEST_SZ, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- if (b) {
- b = (byte*)XREALLOC(b, MEM_TEST_SZ+sizeof(word32), HEAP_HINT,
- DYNAMIC_TYPE_TMP_BUFFER);
- }
- if (b == NULL) {
- return -7217;
- }
- XFREE(b, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- #endif
- return ret;
- }
- #ifdef HAVE_NTRU
- byte GetEntropy(ENTROPY_CMD cmd, byte* out);
- byte GetEntropy(ENTROPY_CMD cmd, byte* out)
- {
- static WC_RNG rng;
- if (cmd == INIT)
- return (wc_InitRng(&rng) == 0) ? 1 : 0;
- if (out == NULL)
- return 0;
- if (cmd == GET_BYTE_OF_ENTROPY)
- return (wc_RNG_GenerateBlock(&rng, out, 1) == 0) ? 1 : 0;
- if (cmd == GET_NUM_BYTES_PER_BYTE_OF_ENTROPY) {
- *out = 1;
- return 1;
- }
- return 0;
- }
- #endif /* HAVE_NTRU */
- #ifndef NO_FILESYSTEM
- /* Cert Paths */
- #ifdef FREESCALE_MQX
- #define CERT_PREFIX "a:\\"
- #define CERT_PATH_SEP "\\"
- #elif defined(WOLFSSL_uTKERNEL2)
- #define CERT_PREFIX "/uda/"
- #define CERT_PATH_SEP "/"
- #elif defined(_WIN32_WCE)
- #define CERT_PREFIX "\\windows\\"
- #define CERT_PATH_SEP "\\"
- #endif
- #ifndef CERT_PREFIX
- #define CERT_PREFIX "./"
- #endif
- #ifndef CERT_PATH_SEP
- #define CERT_PATH_SEP "/"
- #endif
- #ifndef CERT_WRITE_TEMP_DIR
- #define CERT_WRITE_TEMP_DIR CERT_PREFIX
- #endif
- #define CERT_ROOT CERT_PREFIX "certs" CERT_PATH_SEP
- /* Generated Test Certs */
- #if !defined(USE_CERT_BUFFERS_1024) && !defined(USE_CERT_BUFFERS_2048) && \
- !defined(USE_CERT_BUFFERS_3072) && !defined(USE_CERT_BUFFERS_4096)
- #if !defined(NO_RSA) && !defined(NO_ASN)
- static const char* clientKey = CERT_ROOT "client-key.der";
- static const char* clientCert = CERT_ROOT "client-cert.der";
- #ifdef WOLFSSL_CERT_EXT
- static const char* clientKeyPub = CERT_ROOT "client-keyPub.der";
- #endif
- #endif /* !NO_RSA && !NO_ASN */
- #endif
- #if !defined(USE_CERT_BUFFERS_1024) && !defined(USE_CERT_BUFFERS_2048)
- #if !defined(NO_RSA) && !defined(NO_ASN)
- #if defined(WOLFSSL_CERT_GEN) || defined(HAVE_PKCS7)
- static const char* rsaCaKeyFile = CERT_ROOT "ca-key.der";
- #ifdef WOLFSSL_CERT_GEN
- static const char* rsaCaCertFile = CERT_ROOT "ca-cert.pem";
- #endif
- #if defined(WOLFSSL_ALT_NAMES) || defined(HAVE_PKCS7)
- static const char* rsaCaCertDerFile = CERT_ROOT "ca-cert.der";
- #endif
- #ifdef HAVE_PKCS7
- static const char* rsaServerCertDerFile =
- CERT_ROOT "server-cert.der";
- static const char* rsaServerKeyDerFile =
- CERT_ROOT "server-key.der";
- #endif
- #endif
- #endif /* !NO_RSA && !NO_ASN */
- #endif /* !USE_CERT_BUFFER_* */
- #if !defined(USE_CERT_BUFFERS_1024) && !defined(USE_CERT_BUFFERS_2048) && \
- !defined(USE_CERT_BUFFERS_3072) && !defined(USE_CERT_BUFFERS_4096) && \
- !defined(NO_ASN)
- #ifndef NO_DH
- static const char* dhParamsFile = CERT_ROOT "dh2048.der";
- #if defined(WOLFSSL_DH_EXTRA) && (!defined(HAVE_FIPS) || \
- (defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION > 2)))
- static const char* dhKeyFile = CERT_ROOT "statickeys/dh-ffdhe2048.der";
- #endif
- #endif
- #ifndef NO_DSA
- static const char* dsaKey = CERT_ROOT "dsa2048.der";
- #endif
- #endif /* !USE_CERT_BUFFER_* */
- #if !defined(USE_CERT_BUFFERS_256) && !defined(NO_ECC256)
- #ifdef HAVE_ECC
- /* cert files to be used in rsa cert gen test, check if RSA enabled */
- #ifdef HAVE_ECC_KEY_IMPORT
- static const char* eccKeyDerFile = CERT_ROOT "ecc-key.der";
- #endif
- #endif
- #if !defined(USE_CERT_BUFFERS_256) && !defined(NO_ASN)
- #if defined(HAVE_ECC) && defined(WOLFSSL_CERT_GEN)
- #ifndef NO_RSA
- /* eccKeyPubFile is used in a test that requires RSA. */
- static const char* eccKeyPubFile = CERT_ROOT "ecc-keyPub.der";
- #endif
- static const char* eccCaKeyFile = CERT_ROOT "ca-ecc-key.der";
- static const char* eccCaCertFile = CERT_ROOT "ca-ecc-cert.pem";
- #ifdef ENABLE_ECC384_CERT_GEN_TEST
- static const char* eccCaKey384File =
- CERT_ROOT "ca-ecc384-key.der";
- static const char* eccCaCert384File =
- CERT_ROOT "ca-ecc384-cert.pem";
- #endif
- #endif
- #if defined(HAVE_PKCS7) && defined(HAVE_ECC)
- static const char* eccClientKey = CERT_ROOT "ecc-client-key.der";
- static const char* eccClientCert = CERT_ROOT "client-ecc-cert.der";
- #endif
- #endif /* HAVE_ECC */
- #ifdef HAVE_ED25519
- #ifdef WOLFSSL_TEST_CERT
- static const char* serverEd25519Cert =
- CERT_ROOT "ed25519/server-ed25519.der";
- static const char* caEd25519Cert =
- CERT_ROOT "ed25519/ca-ed25519.der";
- #endif
- #endif
- #ifdef HAVE_ED448
- #ifdef WOLFSSL_TEST_CERT
- static const char* serverEd448Cert =
- CERT_ROOT "ed448/server-ed448.der";
- static const char* caEd448Cert = CERT_ROOT "ed448/ca-ed448.der";
- #endif
- #endif
- #endif /* !USE_CERT_BUFFER_* */
- #ifndef NO_WRITE_TEMP_FILES
- #ifdef HAVE_ECC
- #ifdef WOLFSSL_CERT_GEN
- static const char* certEccPemFile = CERT_WRITE_TEMP_DIR "certecc.pem";
- #endif
- #if defined(WOLFSSL_CERT_GEN) && !defined(NO_RSA)
- static const char* certEccRsaPemFile = CERT_WRITE_TEMP_DIR "certeccrsa.pem";
- static const char* certEccRsaDerFile = CERT_WRITE_TEMP_DIR "certeccrsa.der";
- #endif
- #if defined(HAVE_ECC_KEY_EXPORT) && !defined(WC_NO_RNG)
- static const char* eccCaKeyPemFile = CERT_WRITE_TEMP_DIR "ecc-key.pem";
- static const char* eccPubKeyDerFile = CERT_WRITE_TEMP_DIR "ecc-public-key.der";
- static const char* eccCaKeyTempFile = CERT_WRITE_TEMP_DIR "ecc-key.der";
- #if defined(HAVE_PKCS8) && !defined(WC_NO_RNG)
- static const char* eccPkcs8KeyDerFile = CERT_WRITE_TEMP_DIR "ecc-key-pkcs8.der";
- #endif
- #endif /* HAVE_ECC_KEY_EXPORT */
- #if defined(WOLFSSL_CERT_GEN) || \
- (defined(WOLFSSL_CERT_EXT) && defined(WOLFSSL_TEST_CERT))
- static const char* certEccDerFile = CERT_WRITE_TEMP_DIR "certecc.der";
- #endif
- #endif /* HAVE_ECC */
- #ifndef NO_RSA
- #if defined(WOLFSSL_CERT_GEN) || \
- (defined(WOLFSSL_CERT_EXT) && defined(WOLFSSL_TEST_CERT))
- static const char* otherCertDerFile = CERT_WRITE_TEMP_DIR "othercert.der";
- static const char* certDerFile = CERT_WRITE_TEMP_DIR "cert.der";
- #endif
- #ifdef WOLFSSL_CERT_GEN
- static const char* otherCertPemFile = CERT_WRITE_TEMP_DIR "othercert.pem";
- static const char* certPemFile = CERT_WRITE_TEMP_DIR "cert.pem";
- #endif
- #ifdef WOLFSSL_CERT_REQ
- static const char* certReqDerFile = CERT_WRITE_TEMP_DIR "certreq.der";
- static const char* certReqPemFile = CERT_WRITE_TEMP_DIR "certreq.pem";
- #endif
- #endif /* !NO_RSA */
- #if !defined(NO_RSA) || !defined(NO_DSA)
- #ifdef WOLFSSL_KEY_GEN
- static const char* keyDerFile = CERT_WRITE_TEMP_DIR "key.der";
- static const char* keyPemFile = CERT_WRITE_TEMP_DIR "key.pem";
- #endif
- #endif
- #endif /* !NO_WRITE_TEMP_FILES */
- #endif /* !NO_FILESYSTEM */
- #if defined(WOLFSSL_CERT_GEN) && (!defined(NO_RSA) || defined(HAVE_ECC)) || \
- (defined(WOLFSSL_TEST_CERT) && (defined(HAVE_ED25519) || defined(HAVE_ED448)))
- #ifdef WOLFSSL_MULTI_ATTRIB
- static CertName certDefaultName;
- static void initDefaultName(void)
- {
- XMEMCPY(certDefaultName.country, "US", sizeof("US"));
- certDefaultName.countryEnc = CTC_PRINTABLE;
- XMEMCPY(certDefaultName.state, "Oregon", sizeof("Oregon"));
- certDefaultName.stateEnc = CTC_UTF8;
- XMEMCPY(certDefaultName.locality, "Portland", sizeof("Portland"));
- certDefaultName.localityEnc = CTC_UTF8;
- XMEMCPY(certDefaultName.sur, "Test", sizeof("Test"));
- certDefaultName.surEnc = CTC_UTF8;
- XMEMCPY(certDefaultName.org, "wolfSSL", sizeof("wolfSSL"));
- certDefaultName.orgEnc = CTC_UTF8;
- XMEMCPY(certDefaultName.unit, "Development", sizeof("Development"));
- certDefaultName.unitEnc = CTC_UTF8;
- XMEMCPY(certDefaultName.commonName, "www.wolfssl.com", sizeof("www.wolfssl.com"));
- certDefaultName.commonNameEnc = CTC_UTF8;
- XMEMCPY(certDefaultName.serialDev, "wolfSSL12345", sizeof("wolfSSL12345"));
- certDefaultName.serialDevEnc = CTC_PRINTABLE;
- #ifdef WOLFSSL_CERT_EXT
- XMEMCPY(certDefaultName.busCat, "Private Organization", sizeof("Private Organization"));
- certDefaultName.busCatEnc = CTC_UTF8;
- #endif
- XMEMCPY(certDefaultName.email, "info@wolfssl.com", sizeof("info@wolfssl.com"));
- #ifdef WOLFSSL_TEST_CERT
- {
- NameAttrib* n;
- /* test having additional OUs and setting DC */
- n = &certDefaultName.name[0];
- n->id = ASN_ORGUNIT_NAME;
- n->type = CTC_UTF8;
- n->sz = sizeof("Development-2");
- XMEMCPY(n->value, "Development-2", sizeof("Development-2"));
- #if CTC_MAX_ATTRIB > 3
- n = &certDefaultName.name[1];
- n->id = ASN_DOMAIN_COMPONENT;
- n->type = CTC_UTF8;
- n->sz = sizeof("com");
- XMEMCPY(n->value, "com", sizeof("com"));
- n = &certDefaultName.name[2];
- n->id = ASN_DOMAIN_COMPONENT;
- n->type = CTC_UTF8;
- n->sz = sizeof("wolfssl");
- XMEMCPY(n->value, "wolfssl", sizeof("wolfssl"));
- #endif
- }
- #endif /* WOLFSSL_TEST_CERT */
- }
- #else
- static const CertName certDefaultName = {
- "US", CTC_PRINTABLE, /* country */
- "Oregon", CTC_UTF8, /* state */
- "Portland", CTC_UTF8, /* locality */
- "Test", CTC_UTF8, /* sur */
- "wolfSSL", CTC_UTF8, /* org */
- "Development", CTC_UTF8, /* unit */
- "www.wolfssl.com", CTC_UTF8, /* commonName */
- "wolfSSL12345", CTC_PRINTABLE, /* serial number of device */
- #ifdef WOLFSSL_CERT_EXT
- "Private Organization", CTC_UTF8, /* businessCategory */
- "US", CTC_PRINTABLE, /* jurisdiction country */
- "Oregon", CTC_PRINTABLE, /* jurisdiction state */
- #endif
- "info@wolfssl.com" /* email */
- };
- #endif /* WOLFSSL_MULTI_ATTRIB */
- #ifdef WOLFSSL_CERT_EXT
- #if ((defined(HAVE_ED25519) || defined(HAVE_ED448)) && \
- defined(WOLFSSL_TEST_CERT)) || defined(HAVE_ECC)
- WOLFSSL_SMALL_STACK_STATIC const char certKeyUsage[] =
- "digitalSignature,nonRepudiation";
- #endif
- #if (defined(WOLFSSL_CERT_REQ) || defined(HAVE_NTRU)) && !defined(NO_RSA)
- WOLFSSL_SMALL_STACK_STATIC const char certKeyUsage2[] =
- "digitalSignature,nonRepudiation,keyEncipherment,keyAgreement";
- #endif
- #endif /* WOLFSSL_CERT_EXT */
- #endif /* WOLFSSL_CERT_GEN */
- #ifndef NO_RSA
- #if !defined(NO_ASN_TIME) && !defined(NO_RSA) && defined(WOLFSSL_TEST_CERT) && \
- !defined(NO_FILESYSTEM)
- static byte minSerial[] = { 0x02, 0x01, 0x01 };
- static byte minName[] = { 0x30, 0x00 };
- static byte nameBad[] = {
- 0x30, 0x08,
- 0x31, 0x06,
- 0x30, 0x04,
- 0x06, 0x02,
- 0x55, 0x04,
- };
- static byte minDates[] = {
- 0x30, 0x1e,
- 0x17, 0x0d,
- 0x31, 0x38, 0x30, 0x34, 0x31, 0x33, 0x31, 0x35,
- 0x32, 0x33, 0x31, 0x30, 0x5a,
- 0x17, 0x0d,
- 0x32, 0x31, 0x30, 0x31, 0x30, 0x37, 0x31, 0x35,
- 0x32, 0x33, 0x31, 0x30, 0x5a
- };
- static byte minPubKey[] = {
- 0x30, 0x1b,
- 0x30, 0x0d,
- 0x06, 0x09,
- 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01,
- 0x01,
- 0x05, 0x00,
- 0x03, 0x0b,
- 0x00, 0x30, 0x08,
- 0x02, 0x01,
- 0x03,
- 0x02, 0x03,
- 0x01, 0x00, 0x01
- };
- static byte minSigAlg[] = {
- 0x30, 0x0d,
- 0x06, 0x09,
- 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01,
- 0x0b,
- 0x05, 0x00
- };
- static byte minSig[] = {
- 0x03, 0x01,
- 0x00
- };
- static int add_seq(byte* certData, int offset, byte* data, byte length)
- {
- XMEMMOVE(certData + offset + 2, data, length);
- certData[offset++] = 0x30;
- certData[offset++] = length;
- return offset + length;
- }
- static int add_data(byte* certData, int offset, byte* data, byte length)
- {
- XMEMCPY(certData + offset, data, length);
- return offset + length;
- }
- static int cert_asn1_test(void)
- {
- int ret;
- int len[3];
- DecodedCert cert;
- byte certData[106];
- byte* badCert = NULL;
- len[2] = add_data(certData, 0, minSerial, (byte)sizeof(minSerial));
- len[2] = add_data(certData, len[2], minSigAlg, (byte)sizeof(minSigAlg));
- len[2] = add_data(certData, len[2], minName, (byte)sizeof(minName));
- len[2] = add_data(certData, len[2], minDates, (byte)sizeof(minDates));
- len[2] = add_data(certData, len[2], minName, (byte)sizeof(minName));
- len[2] = add_data(certData, len[2], minPubKey, (byte)sizeof(minPubKey));
- len[1] = add_seq(certData, 0, certData, len[2]);
- len[1] = add_data(certData, len[1], minSigAlg, (byte)sizeof(minSigAlg));
- len[1] = add_data(certData, len[1], minSig, (byte)sizeof(minSig));
- len[0] = add_seq(certData, 0, certData, len[1]);
- /* Minimal good certificate */
- InitDecodedCert(&cert, certData, len[0], 0);
- ret = ParseCert(&cert, CERT_TYPE, NO_VERIFY, NULL);
- FreeDecodedCert(&cert);
- if (ret != 0) {
- ERROR_OUT(-7300, done);
- }
- /* Bad issuer name */
- len[2] = add_data(certData, 0, minSerial, (byte)sizeof(minSerial));
- len[2] = add_data(certData, len[2], minSigAlg, (byte)sizeof(minSigAlg));
- len[2] = add_data(certData, len[2], nameBad, (byte)sizeof(nameBad));
- len[1] = add_seq(certData, 0, certData, len[2]);
- len[0] = add_seq(certData, 0, certData, len[1]);
- /* Put data into allocated buffer to allow access error checking. */
- badCert = (byte*)XMALLOC(len[0], HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- XMEMCPY(badCert, certData, len[0]);
- InitDecodedCert(&cert, badCert, len[0], 0);
- ret = ParseCert(&cert, CERT_TYPE, NO_VERIFY, NULL);
- FreeDecodedCert(&cert);
- if (ret != ASN_PARSE_E) {
- ERROR_OUT(-7301, done);
- }
- XFREE(badCert, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- badCert = NULL;
- ret = 0;
- done:
- if (badCert != NULL)
- XFREE(badCert, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- return ret;
- }
- WOLFSSL_TEST_SUBROUTINE int cert_test(void)
- {
- #if !defined(NO_FILESYSTEM)
- DecodedCert cert;
- byte* tmp;
- size_t bytes;
- XFILE file;
- int ret;
- tmp = (byte*)XMALLOC(FOURK_BUF, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- if (tmp == NULL)
- return -7400;
- /* Certificate with Name Constraints extension. */
- #ifdef FREESCALE_MQX
- file = XFOPEN(".\\certs\\test\\cert-ext-nc.der", "rb");
- #else
- file = XFOPEN("./certs/test/cert-ext-nc.der", "rb");
- #endif
- if (!file) {
- ERROR_OUT(-7401, done);
- }
- bytes = XFREAD(tmp, 1, FOURK_BUF, file);
- XFCLOSE(file);
- InitDecodedCert(&cert, tmp, (word32)bytes, 0);
- ret = ParseCert(&cert, CERT_TYPE, NO_VERIFY, NULL);
- if (ret != 0) {
- ERROR_OUT(-7402, done);
- }
- FreeDecodedCert(&cert);
- /* Certificate with Inhibit Any Policy extension. */
- #ifdef FREESCALE_MQX
- file = XFOPEN(".\\certs\\test\\cert-ext-ia.der", "rb");
- #else
- file = XFOPEN("./certs/test/cert-ext-ia.der", "rb");
- #endif
- if (!file) {
- ERROR_OUT(-7403, done);
- }
- bytes = XFREAD(tmp, 1, FOURK_BUF, file);
- XFCLOSE(file);
- InitDecodedCert(&cert, tmp, (word32)bytes, 0);
- ret = ParseCert(&cert, CERT_TYPE, NO_VERIFY, NULL);
- if (ret != 0) {
- ERROR_OUT(-7404, done);
- }
- FreeDecodedCert(&cert);
- /* Certificate with Netscape Certificate Type extension. */
- #ifdef FREESCALE_MQX
- file = XFOPEN(".\\certs\\test\\cert-ext-nct.der", "rb");
- #else
- file = XFOPEN("./certs/test/cert-ext-nct.der", "rb");
- #endif
- if (!file) {
- ERROR_OUT(-7405, done);
- }
- bytes = XFREAD(tmp, 1, FOURK_BUF, file);
- XFCLOSE(file);
- InitDecodedCert(&cert, tmp, (word32)bytes, 0);
- ret = ParseCert(&cert, CERT_TYPE, NO_VERIFY, NULL);
- #ifndef IGNORE_NETSCAPE_CERT_TYPE
- if (ret != 0) {
- ERROR_OUT(-7406, done);
- }
- #else
- if (ret != ASN_CRIT_EXT_E) {
- ERROR_OUT(-7407, done);
- }
- ret = 0;
- #endif
- done:
- FreeDecodedCert(&cert);
- XFREE(tmp, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- #endif /* !NO_FILESYSTEM */
- if (ret == 0)
- ret = cert_asn1_test();
- return ret;
- }
- #endif /* WOLFSSL_TEST_CERT */
- #if defined(WOLFSSL_CERT_EXT) && defined(WOLFSSL_TEST_CERT) && \
- !defined(NO_FILESYSTEM)
- WOLFSSL_TEST_SUBROUTINE int certext_test(void)
- {
- DecodedCert cert;
- byte* tmp;
- size_t bytes;
- XFILE file;
- int ret;
- /* created from rsa_test : othercert.der */
- byte skid_rsa[] = "\x33\xD8\x45\x66\xD7\x68\x87\x18\x7E\x54"
- "\x0D\x70\x27\x91\xC7\x26\xD7\x85\x65\xC0";
- /* created from rsa_test : othercert.der */
- byte akid_rsa[] = "\x27\x8E\x67\x11\x74\xC3\x26\x1D\x3F\xED"
- "\x33\x63\xB3\xA4\xD8\x1D\x30\xE5\xE8\xD5";
- #ifdef HAVE_ECC
- /* created from ecc_test_cert_gen : certecc.der */
- #ifdef ENABLE_ECC384_CERT_GEN_TEST
- /* Authority key id from ./certs/ca-ecc384-cert.pem */
- byte akid_ecc[] = "\xAB\xE0\xC3\x26\x4C\x18\xD4\x72\xBB\xD2"
- "\x84\x8C\x9C\x0A\x05\x92\x80\x12\x53\x52";
- #else
- /* Authority key id from ./certs/ca-ecc-cert.pem */
- byte akid_ecc[] = "\x56\x8E\x9A\xC3\xF0\x42\xDE\x18\xB9\x45"
- "\x55\x6E\xF9\x93\xCF\xEA\xC3\xF3\xA5\x21";
- #endif
- #endif /* HAVE_ECC */
- /* created from rsa_test : cert.der */
- byte kid_ca[] = "\x33\xD8\x45\x66\xD7\x68\x87\x18\x7E\x54"
- "\x0D\x70\x27\x91\xC7\x26\xD7\x85\x65\xC0";
- tmp = (byte*)XMALLOC(FOURK_BUF, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- if (tmp == NULL)
- return -7500;
- /* load othercert.der (Cert signed by an authority) */
- file = XFOPEN(otherCertDerFile, "rb");
- if (!file) {
- XFREE(tmp, HEAP_HINT ,DYNAMIC_TYPE_TMP_BUFFER);
- return -7501;
- }
- bytes = XFREAD(tmp, 1, FOURK_BUF, file);
- XFCLOSE(file);
- InitDecodedCert(&cert, tmp, (word32)bytes, 0);
- ret = ParseCert(&cert, CERT_TYPE, NO_VERIFY, 0);
- if (ret != 0)
- return -7502;
- /* check the SKID from a RSA certificate */
- if (XMEMCMP(skid_rsa, cert.extSubjKeyId, sizeof(cert.extSubjKeyId)))
- return -7503;
- /* check the AKID from an RSA certificate */
- if (XMEMCMP(akid_rsa, cert.extAuthKeyId, sizeof(cert.extAuthKeyId)))
- return -7504;
- /* check the Key Usage from an RSA certificate */
- if (!cert.extKeyUsageSet)
- return -7505;
- if (cert.extKeyUsage != (KEYUSE_KEY_ENCIPHER|KEYUSE_KEY_AGREE))
- return -7506;
- /* check the CA Basic Constraints from an RSA certificate */
- if (cert.isCA)
- return -7507;
- #ifndef WOLFSSL_SEP /* test only if not using SEP policies */
- /* check the Certificate Policies Id */
- if (cert.extCertPoliciesNb != 1)
- return -7508;
- if (strncmp(cert.extCertPolicies[0], "2.16.840.1.101.3.4.1.42", 23))
- return -7509;
- #endif
- FreeDecodedCert(&cert);
- #ifdef HAVE_ECC
- /* load certecc.der (Cert signed by our ECC CA test in ecc_test_cert_gen) */
- file = XFOPEN(certEccDerFile, "rb");
- if (!file) {
- XFREE(tmp, HEAP_HINT ,DYNAMIC_TYPE_TMP_BUFFER);
- return -7510;
- }
- bytes = XFREAD(tmp, 1, FOURK_BUF, file);
- XFCLOSE(file);
- InitDecodedCert(&cert, tmp, (word32)bytes, 0);
- ret = ParseCert(&cert, CERT_TYPE, NO_VERIFY, 0);
- if (ret != 0)
- return -7511;
- /* check the SKID from a ECC certificate - generated dynamically */
- /* check the AKID from an ECC certificate */
- if (XMEMCMP(akid_ecc, cert.extAuthKeyId, sizeof(cert.extAuthKeyId)))
- return -7512;
- /* check the Key Usage from an ECC certificate */
- if (!cert.extKeyUsageSet)
- return -7513;
- if (cert.extKeyUsage != (KEYUSE_DIGITAL_SIG|KEYUSE_CONTENT_COMMIT))
- return -7514;
- /* check the CA Basic Constraints from an ECC certificate */
- if (cert.isCA)
- return -7515;
- #ifndef WOLFSSL_SEP /* test only if not using SEP policies */
- /* check the Certificate Policies Id */
- if (cert.extCertPoliciesNb != 2)
- return -7516;
- if (strncmp(cert.extCertPolicies[0], "2.4.589440.587.101.2.1.9632587.1", 32))
- return -7517;
- if (strncmp(cert.extCertPolicies[1], "1.2.13025.489.1.113549", 22))
- return -7518;
- #endif
- FreeDecodedCert(&cert);
- #endif /* HAVE_ECC */
- /* load cert.der (self signed certificate) */
- file = XFOPEN(certDerFile, "rb");
- if (!file) {
- XFREE(tmp, HEAP_HINT ,DYNAMIC_TYPE_TMP_BUFFER);
- return -7519;
- }
- bytes = XFREAD(tmp, 1, FOURK_BUF, file);
- XFCLOSE(file);
- InitDecodedCert(&cert, tmp, (word32)bytes, 0);
- ret = ParseCert(&cert, CERT_TYPE, NO_VERIFY, 0);
- if (ret != 0)
- return -7520;
- /* check the SKID from a CA certificate */
- if (XMEMCMP(kid_ca, cert.extSubjKeyId, sizeof(cert.extSubjKeyId)))
- return -7521;
- /* check the AKID from an CA certificate */
- if (XMEMCMP(kid_ca, cert.extAuthKeyId, sizeof(cert.extAuthKeyId)))
- return -7522;
- /* check the Key Usage from CA certificate */
- if (!cert.extKeyUsageSet)
- return -7523;
- if (cert.extKeyUsage != (KEYUSE_KEY_CERT_SIGN|KEYUSE_CRL_SIGN))
- return -7524;
- /* check the CA Basic Constraints CA certificate */
- if (!cert.isCA)
- return -7525;
- #ifndef WOLFSSL_SEP /* test only if not using SEP policies */
- /* check the Certificate Policies Id */
- if (cert.extCertPoliciesNb != 2)
- return -7526;
- if (strncmp(cert.extCertPolicies[0], "2.16.840.1.101.3.4.1.42", 23))
- return -7527;
- if (strncmp(cert.extCertPolicies[1], "1.2.840.113549.1.9.16.6.5", 25))
- return -7528;
- #endif
- FreeDecodedCert(&cert);
- XFREE(tmp, HEAP_HINT ,DYNAMIC_TYPE_TMP_BUFFER);
- return 0;
- }
- #endif /* WOLFSSL_CERT_EXT && WOLFSSL_TEST_CERT */
- #if defined(WOLFSSL_CERT_GEN_CACHE) && defined(WOLFSSL_TEST_CERT) && \
- defined(WOLFSSL_CERT_EXT) && defined(WOLFSSL_CERT_GEN)
- WOLFSSL_TEST_SUBROUTINE int decodedCertCache_test(void)
- {
- int ret = 0;
- Cert cert;
- FILE* file;
- byte* der;
- word32 derSz;
- derSz = FOURK_BUF;
- der = (byte *)XMALLOC(FOURK_BUF, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- if (der == NULL)
- ret = -7600;
- if (ret == 0) {
- /* load cert.der */
- file = XFOPEN(certDerFile, "rb");
- if (file != NULL) {
- derSz = (word32)XFREAD(der, 1, FOURK_BUF, file);
- XFCLOSE(file);
- }
- else
- ret = -7601;
- }
- if (ret == 0) {
- if (wc_InitCert(&cert)) {
- ret = -7602;
- }
- }
- if (ret == 0) {
- ret = wc_SetSubjectBuffer(&cert, der, derSz);
- }
- if (ret == 0) {
- if(wc_SetSubjectBuffer(NULL, der, derSz) != BAD_FUNC_ARG)
- ret = -7603;
- }
- if (ret == 0) {
- if (wc_SetSubjectRaw(&cert, der, derSz) != 0)
- ret = -7604;
- }
- if (ret == 0) {
- if(wc_SetSubjectRaw(NULL, der, derSz) != BAD_FUNC_ARG)
- ret = -7605;
- }
- if (ret == 0) {
- if(wc_SetIssuerBuffer(&cert, der, derSz) != 0)
- ret = -7606;
- }
- if (ret == 0) {
- if(wc_SetIssuerBuffer(NULL, der, derSz) != BAD_FUNC_ARG)
- ret = -7607;
- }
- if (ret == 0) {
- if(wc_SetIssuerRaw(&cert, der, derSz) != 0)
- ret = -7608;
- }
- if (ret == 0) {
- if(wc_SetIssuerRaw(NULL, der, derSz) != BAD_FUNC_ARG)
- ret = -7609;
- }
- #ifdef WOLFSSL_ALT_NAMES
- if (ret == 0) {
- if(wc_SetAltNamesBuffer(&cert, der, derSz) != 0)
- ret = -7610;
- }
- if (ret == 0) {
- if(wc_SetAltNamesBuffer(NULL, der, derSz) != BAD_FUNC_ARG)
- ret = -7611;
- }
- if (ret == 0) {
- if(wc_SetDatesBuffer(&cert, der, derSz) != 0)
- ret = -7612;
- }
- if (ret == 0) {
- if(wc_SetDatesBuffer(NULL, der, derSz) != BAD_FUNC_ARG)
- ret = -7613;
- }
- #endif
- if (ret == 0) {
- if(wc_SetAuthKeyIdFromCert(&cert, der, derSz) != 0)
- ret = -7614;
- }
- if (ret == 0) {
- if(wc_SetAuthKeyIdFromCert(NULL, der, derSz) != BAD_FUNC_ARG)
- ret = -7615;
- }
- wc_SetCert_Free(&cert);
- if (ret == 0) {
- if(cert.decodedCert != NULL)
- ret = -7616;
- }
- XFREE(der, HEAP_HINT ,DYNAMIC_TYPE_TMP_BUFFER);
- return ret;
- }
- #endif /* defined(WOLFSSL_CERT_GEN_CACHE) && defined(WOLFSSL_TEST_CERT) &&
- defined(WOLFSSL_CERT_EXT) && defined(WOLFSSL_CERT_GEN) */
- #define RSA_TEST_BYTES 512 /* up to 4096-bit key */
- #if !defined(NO_ASN) && !defined(WOLFSSL_RSA_PUBLIC_ONLY) && \
- !defined(WOLFSSL_RSA_VERIFY_ONLY)
- static int rsa_flatten_test(RsaKey* key)
- {
- int ret;
- byte e[RSA_TEST_BYTES];
- byte n[RSA_TEST_BYTES];
- word32 eSz = sizeof(e);
- word32 nSz = sizeof(n);
- /* Parameter Validation testing. */
- ret = wc_RsaFlattenPublicKey(NULL, e, &eSz, n, &nSz);
- #ifdef HAVE_USER_RSA
- /* Implementation using IPP Libraries returns:
- * -101 = USER_CRYPTO_ERROR
- */
- if (ret == 0)
- #else
- if (ret != BAD_FUNC_ARG)
- #endif
- return -7620;
- ret = wc_RsaFlattenPublicKey(key, NULL, &eSz, n, &nSz);
- #ifdef HAVE_USER_RSA
- /* Implementation using IPP Libraries returns:
- * -101 = USER_CRYPTO_ERROR
- */
- if (ret == 0)
- #else
- if (ret != BAD_FUNC_ARG)
- #endif
- return -7621;
- ret = wc_RsaFlattenPublicKey(key, e, NULL, n, &nSz);
- #ifdef HAVE_USER_RSA
- /* Implementation using IPP Libraries returns:
- * -101 = USER_CRYPTO_ERROR
- */
- if (ret == 0)
- #else
- if (ret != BAD_FUNC_ARG)
- #endif
- return -7622;
- ret = wc_RsaFlattenPublicKey(key, e, &eSz, NULL, &nSz);
- #ifdef HAVE_USER_RSA
- /* Implementation using IPP Libraries returns:
- * -101 = USER_CRYPTO_ERROR
- */
- if (ret == 0)
- #else
- if (ret != BAD_FUNC_ARG)
- #endif
- return -7623;
- ret = wc_RsaFlattenPublicKey(key, e, &eSz, n, NULL);
- #ifdef HAVE_USER_RSA
- /* Implementation using IPP Libraries returns:
- * -101 = USER_CRYPTO_ERROR
- */
- if (ret == 0)
- #else
- if (ret != BAD_FUNC_ARG)
- #endif
- return -7624;
- ret = wc_RsaFlattenPublicKey(key, e, &eSz, n, &nSz);
- if (ret != 0)
- return -7625;
- eSz = 0;
- ret = wc_RsaFlattenPublicKey(key, e, &eSz, n, &nSz);
- #ifdef HAVE_USER_RSA
- /* Implementation using IPP Libraries returns:
- * -101 = USER_CRYPTO_ERROR
- */
- if (ret == 0)
- #elif defined(HAVE_FIPS) && \
- (!defined(HAVE_FIPS_VERSION) || (HAVE_FIPS_VERSION < 2))
- if (ret != 0)
- #else
- if (ret != RSA_BUFFER_E)
- #endif
- return -7626;
- eSz = sizeof(e);
- nSz = 0;
- ret = wc_RsaFlattenPublicKey(key, e, &eSz, n, &nSz);
- #ifdef HAVE_USER_RSA
- /* Implementation using IPP Libraries returns:
- * -101 = USER_CRYPTO_ERROR
- */
- if (ret == 0)
- #else
- if (ret != RSA_BUFFER_E)
- #endif
- return -7627;
- return 0;
- }
- #endif /* NO_ASN */
- #if !defined(HAVE_FIPS) && !defined(HAVE_USER_RSA) && !defined(NO_ASN) \
- && !defined(WOLFSSL_RSA_VERIFY_ONLY)
- static int rsa_export_key_test(RsaKey* key)
- {
- int ret;
- byte e[3];
- word32 eSz = sizeof(e);
- byte n[RSA_TEST_BYTES];
- word32 nSz = sizeof(n);
- byte d[RSA_TEST_BYTES];
- word32 dSz = sizeof(d);
- byte p[RSA_TEST_BYTES/2];
- word32 pSz = sizeof(p);
- byte q[RSA_TEST_BYTES/2];
- word32 qSz = sizeof(q);
- word32 zero = 0;
- ret = wc_RsaExportKey(NULL, e, &eSz, n, &nSz, d, &dSz, p, &pSz, q, &qSz);
- if (ret != BAD_FUNC_ARG)
- return -7630;
- ret = wc_RsaExportKey(key, NULL, &eSz, n, &nSz, d, &dSz, p, &pSz, q, &qSz);
- if (ret != BAD_FUNC_ARG)
- return -7631;
- ret = wc_RsaExportKey(key, e, NULL, n, &nSz, d, &dSz, p, &pSz, q, &qSz);
- if (ret != BAD_FUNC_ARG)
- return -7632;
- ret = wc_RsaExportKey(key, e, &eSz, NULL, &nSz, d, &dSz, p, &pSz, q, &qSz);
- if (ret != BAD_FUNC_ARG)
- return -7633;
- ret = wc_RsaExportKey(key, e, &eSz, n, NULL, d, &dSz, p, &pSz, q, &qSz);
- if (ret != BAD_FUNC_ARG)
- return -7634;
- ret = wc_RsaExportKey(key, e, &eSz, n, &nSz, NULL, &dSz, p, &pSz, q, &qSz);
- if (ret != BAD_FUNC_ARG)
- return -7635;
- ret = wc_RsaExportKey(key, e, &eSz, n, &nSz, d, NULL, p, &pSz, q, &qSz);
- if (ret != BAD_FUNC_ARG)
- return -7636;
- ret = wc_RsaExportKey(key, e, &eSz, n, &nSz, d, &dSz, NULL, &pSz, q, &qSz);
- if (ret != BAD_FUNC_ARG)
- return -7637;
- ret = wc_RsaExportKey(key, e, &eSz, n, &nSz, d, &dSz, p, NULL, q, &qSz);
- if (ret != BAD_FUNC_ARG)
- return -7638;
- ret = wc_RsaExportKey(key, e, &eSz, n, &nSz, d, &dSz, p, &pSz, NULL, &qSz);
- if (ret != BAD_FUNC_ARG)
- return -7639;
- ret = wc_RsaExportKey(key, e, &eSz, n, &nSz, d, &dSz, p, &pSz, q, NULL);
- if (ret != BAD_FUNC_ARG)
- return -7640;
- ret = wc_RsaExportKey(key, e, &zero, n, &nSz, d, &dSz, p, &pSz, q, &qSz);
- if (ret != RSA_BUFFER_E)
- return -7641;
- ret = wc_RsaExportKey(key, e, &eSz, n, &zero, d, &dSz, p, &pSz, q, &qSz);
- if (ret != RSA_BUFFER_E)
- return -7642;
- #ifndef WOLFSSL_RSA_PUBLIC_ONLY
- ret = wc_RsaExportKey(key, e, &eSz, n, &nSz, d, &zero, p, &pSz, q, &qSz);
- if (ret != RSA_BUFFER_E)
- return -7643;
- ret = wc_RsaExportKey(key, e, &eSz, n, &nSz, d, &dSz, p, &zero, q, &qSz);
- if (ret != RSA_BUFFER_E)
- return -7644;
- ret = wc_RsaExportKey(key, e, &eSz, n, &nSz, d, &dSz, p, &pSz, q, &zero);
- if (ret != RSA_BUFFER_E)
- return -7645;
- #endif /* WOLFSSL_RSA_PUBLIC_ONLY */
- ret = wc_RsaExportKey(key, e, &eSz, n, &nSz, d, &dSz, p, &pSz, q, &qSz);
- if (ret != 0)
- return -7646;
- return 0;
- }
- #endif /* !HAVE_FIPS && !USER_RSA && !NO_ASN */
- #ifndef NO_SIG_WRAPPER
- static int rsa_sig_test(RsaKey* key, word32 keyLen, int modLen, WC_RNG* rng)
- {
- int ret;
- word32 sigSz;
- WOLFSSL_SMALL_STACK_STATIC const byte in[] = TEST_STRING;
- WOLFSSL_SMALL_STACK_STATIC const byte hash[] = {
- 0xf2, 0x02, 0x95, 0x65, 0xcb, 0xf6, 0x2a, 0x59,
- 0x39, 0x2c, 0x05, 0xff, 0x0e, 0x29, 0xaf, 0xfe,
- 0x47, 0x33, 0x8c, 0x99, 0x8d, 0x58, 0x64, 0x83,
- 0xa6, 0x58, 0x0a, 0x33, 0x0b, 0x84, 0x5f, 0x5f
- };
- WOLFSSL_SMALL_STACK_STATIC const byte hashEnc[] = {
- 0x30, 0x31, 0x30, 0x0d, 0x06, 0x09, 0x60, 0x86,
- 0x48, 0x01, 0x65, 0x03, 0x04, 0x02, 0x01, 0x05,
- 0x00, 0x04, 0x20,
- 0xf2, 0x02, 0x95, 0x65, 0xcb, 0xf6, 0x2a, 0x59,
- 0x39, 0x2c, 0x05, 0xff, 0x0e, 0x29, 0xaf, 0xfe,
- 0x47, 0x33, 0x8c, 0x99, 0x8d, 0x58, 0x64, 0x83,
- 0xa6, 0x58, 0x0a, 0x33, 0x0b, 0x84, 0x5f, 0x5f
- };
- word32 inLen = (word32)XSTRLEN((char*)in);
- byte out[RSA_TEST_BYTES];
- /* Parameter Validation testing. */
- ret = wc_SignatureGetSize(WC_SIGNATURE_TYPE_NONE, key, keyLen);
- if (ret != BAD_FUNC_ARG)
- return -7650;
- ret = wc_SignatureGetSize(WC_SIGNATURE_TYPE_RSA, key, 0);
- if (ret != BAD_FUNC_ARG)
- return -7651;
- sigSz = (word32)modLen;
- ret = wc_SignatureGenerate(WC_HASH_TYPE_SHA256, WC_SIGNATURE_TYPE_RSA, NULL,
- inLen, out, &sigSz, key, keyLen, rng);
- if (ret != BAD_FUNC_ARG)
- return -7652;
- ret = wc_SignatureGenerate(WC_HASH_TYPE_SHA256, WC_SIGNATURE_TYPE_RSA, in,
- 0, out, &sigSz, key, keyLen, rng);
- if (ret != BAD_FUNC_ARG)
- return -7653;
- ret = wc_SignatureGenerate(WC_HASH_TYPE_SHA256, WC_SIGNATURE_TYPE_RSA, in,
- inLen, NULL, &sigSz, key, keyLen, rng);
- if (ret != BAD_FUNC_ARG)
- return -7654;
- ret = wc_SignatureGenerate(WC_HASH_TYPE_SHA256, WC_SIGNATURE_TYPE_RSA, in,
- inLen, out, NULL, key, keyLen, rng);
- if (ret != BAD_FUNC_ARG)
- return -7655;
- ret = wc_SignatureGenerate(WC_HASH_TYPE_SHA256, WC_SIGNATURE_TYPE_RSA, in,
- inLen, out, &sigSz, NULL, keyLen, rng);
- if (ret != BAD_FUNC_ARG)
- return -7656;
- ret = wc_SignatureGenerate(WC_HASH_TYPE_SHA256, WC_SIGNATURE_TYPE_RSA, in,
- inLen, out, &sigSz, key, 0, rng);
- if (ret != BAD_FUNC_ARG)
- return -7657;
- ret = wc_SignatureGenerate(WC_HASH_TYPE_SHA256, WC_SIGNATURE_TYPE_RSA, in,
- inLen, out, &sigSz, key, keyLen, NULL);
- #ifdef HAVE_USER_RSA
- /* Implementation using IPP Libraries returns:
- * -101 = USER_CRYPTO_ERROR
- */
- if (ret == 0)
- #elif defined(WOLFSSL_AFALG_XILINX_RSA) || defined(WOLFSSL_XILINX_CRYPT)
- /* blinding / rng handled with hardware acceleration */
- if (ret != 0)
- #elif defined(WOLFSSL_ASYNC_CRYPT) || defined(WOLF_CRYPTO_CB)
- /* async may not require RNG */
- if (ret != 0 && ret != MISSING_RNG_E)
- #elif defined(HAVE_FIPS) || !defined(WC_RSA_BLINDING)
- /* FIPS140 implementation does not do blinding */
- if (ret != 0)
- #elif defined(WOLFSSL_RSA_PUBLIC_ONLY) || defined(WOLFSSL_RSA_VERIFY_ONLY)
- if (ret != SIG_TYPE_E)
- #elif defined(WOLFSSL_CRYPTOCELL)
- /* RNG is handled with the cryptocell */
- if (ret != 0)
- #else
- if (ret != MISSING_RNG_E)
- #endif
- return -7658;
- sigSz = 0;
- ret = wc_SignatureGenerate(WC_HASH_TYPE_SHA256, WC_SIGNATURE_TYPE_RSA, in,
- inLen, out, &sigSz, key, keyLen, rng);
- if (ret != BAD_FUNC_ARG)
- return -7659;
- ret = wc_SignatureVerify(WC_HASH_TYPE_SHA256, WC_SIGNATURE_TYPE_RSA, NULL,
- inLen, out, (word32)modLen, key, keyLen);
- if (ret != BAD_FUNC_ARG)
- return -7660;
- ret = wc_SignatureVerify(WC_HASH_TYPE_SHA256, WC_SIGNATURE_TYPE_RSA, in,
- 0, out, (word32)modLen, key, keyLen);
- if (ret != BAD_FUNC_ARG)
- return -7661;
- ret = wc_SignatureVerify(WC_HASH_TYPE_SHA256, WC_SIGNATURE_TYPE_RSA, in,
- inLen, NULL, (word32)modLen, key, keyLen);
- if (ret != BAD_FUNC_ARG)
- return -7662;
- ret = wc_SignatureVerify(WC_HASH_TYPE_SHA256, WC_SIGNATURE_TYPE_RSA, in,
- inLen, out, 0, key, keyLen);
- if (ret != BAD_FUNC_ARG)
- return -7663;
- ret = wc_SignatureVerify(WC_HASH_TYPE_SHA256, WC_SIGNATURE_TYPE_RSA, in,
- inLen, out, (word32)modLen, NULL, keyLen);
- if (ret != BAD_FUNC_ARG)
- return -7664;
- ret = wc_SignatureVerify(WC_HASH_TYPE_SHA256, WC_SIGNATURE_TYPE_RSA, in,
- inLen, out, (word32)modLen, key, 0);
- if (ret != BAD_FUNC_ARG)
- return -7665;
- #ifndef HAVE_ECC
- ret = wc_SignatureGetSize(WC_SIGNATURE_TYPE_ECC, key, keyLen);
- if (ret != SIG_TYPE_E)
- return -7666;
- #endif
- /* Use APIs. */
- ret = wc_SignatureGetSize(WC_SIGNATURE_TYPE_RSA, key, keyLen);
- if (ret != modLen)
- return -7667;
- ret = wc_SignatureGetSize(WC_SIGNATURE_TYPE_RSA_W_ENC, key, keyLen);
- if (ret != modLen)
- return -7668;
- sigSz = (word32)ret;
- #if !defined(WOLFSSL_RSA_PUBLIC_ONLY) && !defined(WOLFSSL_RSA_VERIFY_ONLY)
- XMEMSET(out, 0, sizeof(out));
- ret = wc_SignatureGenerate(WC_HASH_TYPE_SHA256, WC_SIGNATURE_TYPE_RSA, in,
- inLen, out, &sigSz, key, keyLen, rng);
- if (ret != 0)
- return -7669;
- ret = wc_SignatureVerify(WC_HASH_TYPE_SHA256, WC_SIGNATURE_TYPE_RSA, in,
- inLen, out, (word32)modLen, key, keyLen);
- if (ret != 0)
- return -7670;
- sigSz = (word32)sizeof(out);
- ret = wc_SignatureGenerate(WC_HASH_TYPE_SHA256, WC_SIGNATURE_TYPE_RSA_W_ENC,
- in, inLen, out, &sigSz, key, keyLen, rng);
- if (ret != 0)
- return -7671;
- ret = wc_SignatureVerify(WC_HASH_TYPE_SHA256, WC_SIGNATURE_TYPE_RSA_W_ENC,
- in, inLen, out, (word32)modLen, key, keyLen);
- if (ret != 0)
- return -7672;
- /* Wrong signature type. */
- ret = wc_SignatureVerify(WC_HASH_TYPE_SHA256, WC_SIGNATURE_TYPE_RSA, in,
- inLen, out, (word32)modLen, key, keyLen);
- if (ret == 0)
- return -7673;
- /* check hash functions */
- sigSz = (word32)sizeof(out);
- ret = wc_SignatureGenerateHash(WC_HASH_TYPE_SHA256, WC_SIGNATURE_TYPE_RSA,
- hash, (int)sizeof(hash), out, &sigSz, key, keyLen, rng);
- if (ret != 0)
- return -7674;
- ret = wc_SignatureVerifyHash(WC_HASH_TYPE_SHA256, WC_SIGNATURE_TYPE_RSA,
- hash, (int)sizeof(hash), out, (word32)modLen, key, keyLen);
- if (ret != 0)
- return -7675;
- sigSz = (word32)sizeof(out);
- ret = wc_SignatureGenerateHash(WC_HASH_TYPE_SHA256, WC_SIGNATURE_TYPE_RSA_W_ENC,
- hashEnc, (int)sizeof(hashEnc), out, &sigSz, key, keyLen, rng);
- if (ret != 0)
- return -7676;
- ret = wc_SignatureVerifyHash(WC_HASH_TYPE_SHA256, WC_SIGNATURE_TYPE_RSA_W_ENC,
- hashEnc, (int)sizeof(hashEnc), out, (word32)modLen, key, keyLen);
- if (ret != 0)
- return -7677;
- #else
- (void)hash;
- (void)hashEnc;
- #endif /* !WOLFSSL_RSA_PUBLIC_ONLY && !WOLFSSL_RSA_VERIFY_ONLY */
- return 0;
- }
- #endif /* !NO_SIG_WRAPPER */
- #ifdef WC_RSA_NONBLOCK
- static int rsa_nb_test(RsaKey* key, const byte* in, word32 inLen, byte* out,
- word32 outSz, byte* plain, word32 plainSz, WC_RNG* rng)
- {
- int ret = 0, count;
- int signSz = 0;
- RsaNb nb;
- byte* inlinePlain = NULL;
- /* Enable non-blocking RSA mode - provide context */
- ret = wc_RsaSetNonBlock(key, &nb);
- if (ret != 0)
- return ret;
- #ifdef WC_RSA_NONBLOCK_TIME
- /* Enable time based RSA blocking. 8 microseconds max (3.1GHz) */
- ret = wc_RsaSetNonBlockTime(key, 8, 3100);
- if (ret != 0)
- return ret;
- #endif
- count = 0;
- do {
- ret = wc_RsaSSL_Sign(in, inLen, out, outSz, key, rng);
- count++; /* track number of would blocks */
- if (ret == FP_WOULDBLOCK) {
- /* do "other" work here */
- }
- } while (ret == FP_WOULDBLOCK);
- if (ret < 0) {
- return ret;
- }
- #ifdef DEBUG_WOLFSSL
- printf("RSA non-block sign: %d times\n", count);
- #endif
- signSz = ret;
- /* Test non-blocking verify */
- XMEMSET(plain, 0, plainSz);
- count = 0;
- do {
- ret = wc_RsaSSL_Verify(out, (word32)signSz, plain, plainSz, key);
- count++; /* track number of would blocks */
- if (ret == FP_WOULDBLOCK) {
- /* do "other" work here */
- }
- } while (ret == FP_WOULDBLOCK);
- if (ret < 0) {
- return ret;
- }
- #ifdef DEBUG_WOLFSSL
- printf("RSA non-block verify: %d times\n", count);
- #endif
- if (signSz == ret && XMEMCMP(plain, in, (size_t)ret)) {
- return SIG_VERIFY_E;
- }
- /* Test inline non-blocking verify */
- count = 0;
- do {
- ret = wc_RsaSSL_VerifyInline(out, (word32)signSz, &inlinePlain, key);
- count++; /* track number of would blocks */
- if (ret == FP_WOULDBLOCK) {
- /* do "other" work here */
- }
- } while (ret == FP_WOULDBLOCK);
- if (ret < 0) {
- return ret;
- }
- #ifdef DEBUG_WOLFSSL
- printf("RSA non-block inline verify: %d times\n", count);
- #endif
- if (signSz == ret && XMEMCMP(inlinePlain, in, (size_t)ret)) {
- return SIG_VERIFY_E;
- }
- /* Disabling non-block RSA mode */
- ret = wc_RsaSetNonBlock(key, NULL);
- (void)count;
- return 0;
- }
- #endif
- #if !defined(HAVE_USER_RSA) && !defined(NO_ASN)
- static int rsa_decode_test(RsaKey* keyPub)
- {
- int ret;
- word32 inSz;
- word32 inOutIdx;
- WOLFSSL_SMALL_STACK_STATIC const byte n[2] = { 0x00, 0x23 };
- WOLFSSL_SMALL_STACK_STATIC const byte e[2] = { 0x00, 0x03 };
- WOLFSSL_SMALL_STACK_STATIC const byte good[] = { 0x30, 0x06, 0x02, 0x01, 0x23, 0x02, 0x1,
- 0x03 };
- WOLFSSL_SMALL_STACK_STATIC const byte goodAlgId[] = { 0x30, 0x0f, 0x30, 0x0d, 0x06, 0x00,
- 0x03, 0x09, 0x00, 0x30, 0x06, 0x02, 0x01, 0x23, 0x02, 0x1, 0x03 };
- WOLFSSL_SMALL_STACK_STATIC const byte goodAlgIdNull[] = { 0x30, 0x11, 0x30, 0x0f, 0x06, 0x00,
- 0x05, 0x00, 0x03, 0x09, 0x00, 0x30, 0x06, 0x02, 0x01, 0x23,
- 0x02, 0x1, 0x03 };
- WOLFSSL_SMALL_STACK_STATIC const byte badAlgIdNull[] = { 0x30, 0x12, 0x30, 0x10, 0x06, 0x00,
- 0x05, 0x01, 0x00, 0x03, 0x09, 0x00, 0x30, 0x06, 0x02, 0x01, 0x23,
- 0x02, 0x1, 0x03 };
- WOLFSSL_SMALL_STACK_STATIC const byte badNotBitString[] = { 0x30, 0x0f, 0x30, 0x0d, 0x06, 0x00,
- 0x04, 0x09, 0x00, 0x30, 0x06, 0x02, 0x01, 0x23, 0x02, 0x1, 0x03 };
- WOLFSSL_SMALL_STACK_STATIC const byte badBitStringLen[] = { 0x30, 0x0f, 0x30, 0x0d, 0x06, 0x00,
- 0x03, 0x0a, 0x00, 0x30, 0x06, 0x02, 0x01, 0x23, 0x02, 0x1, 0x03 };
- WOLFSSL_SMALL_STACK_STATIC const byte badNoSeq[] = { 0x30, 0x0d, 0x30, 0x0b, 0x06, 0x00, 0x03,
- 0x07, 0x00, 0x02, 0x01, 0x23, 0x02, 0x1, 0x03 };
- WOLFSSL_SMALL_STACK_STATIC const byte badNoObj[] = {
- 0x30, 0x0f, 0x30, 0x0d, 0x05, 0x00, 0x03, 0x09, 0x00, 0x30, 0x06,
- 0x02, 0x01, 0x23, 0x02, 0x1, 0x03 };
- WOLFSSL_SMALL_STACK_STATIC const byte badIntN[] = { 0x30, 0x06, 0x02, 0x05, 0x23, 0x02, 0x1,
- 0x03 };
- WOLFSSL_SMALL_STACK_STATIC const byte badNotIntE[] = { 0x30, 0x06, 0x02, 0x01, 0x23, 0x04, 0x1,
- 0x03 };
- WOLFSSL_SMALL_STACK_STATIC const byte badLength[] = { 0x30, 0x04, 0x02, 0x01, 0x23, 0x02, 0x1,
- 0x03 };
- WOLFSSL_SMALL_STACK_STATIC const byte badBitStrNoZero[] = { 0x30, 0x0e, 0x30, 0x0c, 0x06, 0x00,
- 0x03, 0x08, 0x30, 0x06, 0x02, 0x01, 0x23, 0x02, 0x1, 0x03 };
- ret = wc_InitRsaKey(keyPub, NULL);
- if (ret != 0)
- return -7690;
- /* Parameter Validation testing. */
- ret = wc_RsaPublicKeyDecodeRaw(NULL, sizeof(n), e, sizeof(e), keyPub);
- if (ret != BAD_FUNC_ARG) {
- ret = -7691;
- goto done;
- }
- ret = wc_RsaPublicKeyDecodeRaw(n, sizeof(n), NULL, sizeof(e), keyPub);
- if (ret != BAD_FUNC_ARG) {
- ret = -7692;
- goto done;
- }
- ret = wc_RsaPublicKeyDecodeRaw(n, sizeof(n), e, sizeof(e), NULL);
- if (ret != BAD_FUNC_ARG) {
- ret = -7693;
- goto done;
- }
- ret = wc_RsaPublicKeyDecodeRaw(n, (word32)-1, e, sizeof(e), keyPub);
- #if !defined(WOLFSSL_SP_MATH) & !defined(WOLFSSL_SP_MATH_ALL)
- if (ret != 0) {
- #else
- if (ret != ASN_GETINT_E) {
- #endif
- ret = -7694;
- goto done;
- }
- wc_FreeRsaKey(keyPub);
- ret = wc_InitRsaKey(keyPub, NULL);
- if (ret != 0)
- return -7695;
- ret = wc_RsaPublicKeyDecodeRaw(n, sizeof(n), e, (word32)-1, keyPub);
- #if !defined(WOLFSSL_SP_MATH) & !defined(WOLFSSL_SP_MATH_ALL)
- if (ret != 0) {
- #else
- if (ret != ASN_GETINT_E) {
- #endif
- ret = -7696;
- goto done;
- }
- wc_FreeRsaKey(keyPub);
- ret = wc_InitRsaKey(keyPub, NULL);
- if (ret != 0)
- return -7697;
- /* Use API. */
- ret = wc_RsaPublicKeyDecodeRaw(n, sizeof(n), e, sizeof(e), keyPub);
- if (ret != 0) {
- ret = -7698;
- goto done;
- }
- wc_FreeRsaKey(keyPub);
- ret = wc_InitRsaKey(keyPub, NULL);
- if (ret != 0)
- return -7699;
- /* Parameter Validation testing. */
- inSz = sizeof(good);
- ret = wc_RsaPublicKeyDecode(NULL, &inOutIdx, keyPub, inSz);
- if (ret != BAD_FUNC_ARG) {
- ret = -7700;
- goto done;
- }
- ret = wc_RsaPublicKeyDecode(good, NULL, keyPub, inSz);
- if (ret != BAD_FUNC_ARG) {
- ret = -7701;
- goto done;
- }
- ret = wc_RsaPublicKeyDecode(good, &inOutIdx, NULL, inSz);
- if (ret != BAD_FUNC_ARG) {
- ret = -7702;
- goto done;
- }
- /* Use good data and offset to bad data. */
- inOutIdx = 2;
- inSz = sizeof(good) - inOutIdx;
- ret = wc_RsaPublicKeyDecode(good, &inOutIdx, keyPub, inSz);
- if (ret != ASN_PARSE_E) {
- ret = -7703;
- goto done;
- }
- inOutIdx = 2;
- inSz = sizeof(goodAlgId) - inOutIdx;
- ret = wc_RsaPublicKeyDecode(goodAlgId, &inOutIdx, keyPub, inSz);
- if (ret != ASN_PARSE_E) {
- ret = -7704;
- goto done;
- }
- inOutIdx = 2;
- inSz = sizeof(goodAlgId);
- ret = wc_RsaPublicKeyDecode(goodAlgId, &inOutIdx, keyPub, inSz);
- #ifndef WOLFSSL_NO_DECODE_EXTRA
- if (ret != ASN_PARSE_E)
- #else
- if (ret != ASN_RSA_KEY_E)
- #endif
- {
- ret = -7705;
- goto done;
- }
- /* Try different bad data. */
- inSz = sizeof(badAlgIdNull);
- inOutIdx = 0;
- ret = wc_RsaPublicKeyDecode(badAlgIdNull, &inOutIdx, keyPub, inSz);
- if (ret != ASN_EXPECT_0_E) {
- ret = -7706;
- goto done;
- }
- inSz = sizeof(badNotBitString);
- inOutIdx = 0;
- ret = wc_RsaPublicKeyDecode(badNotBitString, &inOutIdx, keyPub, inSz);
- if (ret != ASN_BITSTR_E) {
- ret = -7707;
- goto done;
- }
- inSz = sizeof(badBitStringLen);
- inOutIdx = 0;
- ret = wc_RsaPublicKeyDecode(badBitStringLen, &inOutIdx, keyPub, inSz);
- if (ret != ASN_PARSE_E) {
- ret = -7708;
- goto done;
- }
- inSz = sizeof(badNoSeq);
- inOutIdx = 0;
- ret = wc_RsaPublicKeyDecode(badNoSeq, &inOutIdx, keyPub, inSz);
- if (ret != ASN_PARSE_E) {
- ret = -7709;
- goto done;
- }
- inSz = sizeof(badNoObj);
- inOutIdx = 0;
- ret = wc_RsaPublicKeyDecode(badNoObj, &inOutIdx, keyPub, inSz);
- if (ret != ASN_PARSE_E) {
- ret = -7710;
- goto done;
- }
- inSz = sizeof(badIntN);
- inOutIdx = 0;
- ret = wc_RsaPublicKeyDecode(badIntN, &inOutIdx, keyPub, inSz);
- if (ret != ASN_RSA_KEY_E) {
- ret = -7711;
- goto done;
- }
- inSz = sizeof(badNotIntE);
- inOutIdx = 0;
- ret = wc_RsaPublicKeyDecode(badNotIntE, &inOutIdx, keyPub, inSz);
- if (ret != ASN_RSA_KEY_E) {
- ret = -7712;
- goto done;
- }
- /* TODO: Shouldn't pass as the sequence length is too small. */
- inSz = sizeof(badLength);
- inOutIdx = 0;
- ret = wc_RsaPublicKeyDecode(badLength, &inOutIdx, keyPub, inSz);
- if (ret != 0) {
- ret = -7713;
- goto done;
- }
- /* TODO: Shouldn't ignore object id's data. */
- wc_FreeRsaKey(keyPub);
- ret = wc_InitRsaKey(keyPub, NULL);
- if (ret != 0)
- return -7714;
- inSz = sizeof(badBitStrNoZero);
- inOutIdx = 0;
- ret = wc_RsaPublicKeyDecode(badBitStrNoZero, &inOutIdx, keyPub, inSz);
- if (ret != ASN_EXPECT_0_E) {
- ret = -7715;
- goto done;
- }
- wc_FreeRsaKey(keyPub);
- ret = wc_InitRsaKey(keyPub, NULL);
- if (ret != 0)
- return -7716;
- /* Valid data cases. */
- inSz = sizeof(good);
- inOutIdx = 0;
- ret = wc_RsaPublicKeyDecode(good, &inOutIdx, keyPub, inSz);
- if (ret != 0) {
- ret = -7717;
- goto done;
- }
- if (inOutIdx != inSz) {
- ret = -7718;
- goto done;
- }
- wc_FreeRsaKey(keyPub);
- ret = wc_InitRsaKey(keyPub, NULL);
- if (ret != 0)
- return -7719;
- inSz = sizeof(goodAlgId);
- inOutIdx = 0;
- ret = wc_RsaPublicKeyDecode(goodAlgId, &inOutIdx, keyPub, inSz);
- if (ret != 0) {
- ret = -7720;
- goto done;
- }
- if (inOutIdx != inSz) {
- ret = -7721;
- goto done;
- }
- wc_FreeRsaKey(keyPub);
- ret = wc_InitRsaKey(keyPub, NULL);
- if (ret != 0)
- return -7722;
- inSz = sizeof(goodAlgIdNull);
- inOutIdx = 0;
- ret = wc_RsaPublicKeyDecode(goodAlgIdNull, &inOutIdx, keyPub, inSz);
- if (ret != 0) {
- ret = -7723;
- goto done;
- }
- if (inOutIdx != inSz) {
- ret = -7724;
- goto done;
- }
- done:
- wc_FreeRsaKey(keyPub);
- return ret;
- }
- #endif
- #if defined(WC_RSA_PSS) && !defined(HAVE_FIPS_VERSION) /* not supported with FIPSv1 */
- /* Need to create known good signatures to test with this. */
- #if !defined(WOLFSSL_RSA_VERIFY_ONLY) && !defined(WOLFSSL_RSA_PUBLIC_ONLY)
- static int rsa_pss_test(WC_RNG* rng, RsaKey* key)
- {
- byte digest[WC_MAX_DIGEST_SIZE];
- int ret = 0;
- const char inStr[] = TEST_STRING;
- word32 inLen = (word32)TEST_STRING_SZ;
- word32 outSz;
- word32 plainSz;
- word32 digestSz;
- int i, j;
- #ifdef RSA_PSS_TEST_WRONG_PARAMS
- int k, l;
- #endif
- int len;
- byte* plain;
- int mgf[] = {
- #ifndef NO_SHA
- WC_MGF1SHA1,
- #endif
- #ifdef WOLFSSL_SHA224
- WC_MGF1SHA224,
- #endif
- WC_MGF1SHA256,
- #ifdef WOLFSSL_SHA384
- WC_MGF1SHA384,
- #endif
- #ifdef WOLFSSL_SHA512
- WC_MGF1SHA512
- #endif
- };
- enum wc_HashType hash[] = {
- #ifndef NO_SHA
- WC_HASH_TYPE_SHA,
- #endif
- #ifdef WOLFSSL_SHA224
- WC_HASH_TYPE_SHA224,
- #endif
- WC_HASH_TYPE_SHA256,
- #ifdef WOLFSSL_SHA384
- WC_HASH_TYPE_SHA384,
- #endif
- #ifdef WOLFSSL_SHA512
- WC_HASH_TYPE_SHA512,
- #endif
- };
- DECLARE_VAR(in, byte, RSA_TEST_BYTES, HEAP_HINT);
- DECLARE_VAR(out, byte, RSA_TEST_BYTES, HEAP_HINT);
- DECLARE_VAR(sig, byte, RSA_TEST_BYTES, HEAP_HINT);
- #ifdef DECLARE_VAR_IS_HEAP_ALLOC
- if (in == NULL || out == NULL || sig == NULL)
- ERROR_OUT(MEMORY_E, exit_rsa_pss);
- #endif
- XMEMCPY(in, inStr, inLen);
- /* Test all combinations of hash and MGF. */
- for (j = 0; j < (int)(sizeof(hash)/sizeof(*hash)); j++) {
- /* Calculate hash of message. */
- ret = wc_Hash(hash[j], in, inLen, digest, sizeof(digest));
- if (ret != 0)
- ERROR_OUT(-7730, exit_rsa_pss);
- digestSz = wc_HashGetDigestSize(hash[j]);
- for (i = 0; i < (int)(sizeof(mgf)/sizeof(*mgf)); i++) {
- outSz = RSA_TEST_BYTES;
- do {
- #if defined(WOLFSSL_ASYNC_CRYPT)
- ret = wc_AsyncWait(ret, &key->asyncDev,
- WC_ASYNC_FLAG_CALL_AGAIN);
- #endif
- if (ret >= 0) {
- ret = wc_RsaPSS_Sign_ex(digest, digestSz, out, outSz,
- hash[j], mgf[i], -1, key, rng);
- }
- } while (ret == WC_PENDING_E);
- if (ret <= 0)
- ERROR_OUT(-7731, exit_rsa_pss);
- outSz = ret;
- XMEMCPY(sig, out, outSz);
- plain = NULL;
- TEST_SLEEP();
- do {
- #if defined(WOLFSSL_ASYNC_CRYPT)
- ret = wc_AsyncWait(ret, &key->asyncDev,
- WC_ASYNC_FLAG_CALL_AGAIN);
- #endif
- if (ret >= 0) {
- ret = wc_RsaPSS_VerifyInline_ex(sig, outSz, &plain, hash[j],
- mgf[i], -1, key);
- }
- } while (ret == WC_PENDING_E);
- if (ret <= 0)
- ERROR_OUT(-7732, exit_rsa_pss);
- plainSz = ret;
- TEST_SLEEP();
- #if defined(HAVE_SELFTEST) && \
- (!defined(HAVE_SELFTEST_VERSION) || (HAVE_SELFTEST_VERSION < 2))
- ret = wc_RsaPSS_CheckPadding_ex(digest, digestSz, plain, plainSz,
- hash[j], -1);
- #else
- ret = wc_RsaPSS_CheckPadding_ex(digest, digestSz, plain, plainSz,
- hash[j], -1, wc_RsaEncryptSize(key)*8);
- #endif
- if (ret != 0)
- ERROR_OUT(-7733, exit_rsa_pss);
- #ifdef RSA_PSS_TEST_WRONG_PARAMS
- for (k = 0; k < (int)(sizeof(mgf)/sizeof(*mgf)); k++) {
- for (l = 0; l < (int)(sizeof(hash)/sizeof(*hash)); l++) {
- if (i == k && j == l)
- continue;
- XMEMCPY(sig, out, outSz);
- do {
- #if defined(WOLFSSL_ASYNC_CRYPT)
- ret = wc_AsyncWait(ret, &key->asyncDev,
- WC_ASYNC_FLAG_CALL_AGAIN);
- #endif
- if (ret >= 0) {
- ret = wc_RsaPSS_VerifyInline_ex(sig, outSz,
- (byte**)&plain, hash[l], mgf[k], -1, key);
- }
- } while (ret == WC_PENDING_E);
- if (ret >= 0)
- ERROR_OUT(-7734, exit_rsa_pss);
- }
- }
- #endif
- }
- }
- /* Test that a salt length of zero works. */
- digestSz = wc_HashGetDigestSize(hash[0]);
- outSz = RSA_TEST_BYTES;
- do {
- #if defined(WOLFSSL_ASYNC_CRYPT)
- ret = wc_AsyncWait(ret, &key->asyncDev,
- WC_ASYNC_FLAG_CALL_AGAIN);
- #endif
- if (ret >= 0) {
- ret = wc_RsaPSS_Sign_ex(digest, digestSz, out, outSz, hash[0],
- mgf[0], 0, key, rng);
- }
- } while (ret == WC_PENDING_E);
- if (ret <= 0)
- ERROR_OUT(-7735, exit_rsa_pss);
- outSz = ret;
- TEST_SLEEP();
- do {
- #if defined(WOLFSSL_ASYNC_CRYPT)
- ret = wc_AsyncWait(ret, &key->asyncDev,
- WC_ASYNC_FLAG_CALL_AGAIN);
- #endif
- if (ret >= 0) {
- ret = wc_RsaPSS_Verify_ex(out, outSz, sig, outSz, hash[0], mgf[0],
- 0, key);
- }
- } while (ret == WC_PENDING_E);
- if (ret <= 0)
- ERROR_OUT(-7736, exit_rsa_pss);
- plainSz = ret;
- TEST_SLEEP();
- do {
- #if defined(WOLFSSL_ASYNC_CRYPT)
- ret = wc_AsyncWait(ret, &key->asyncDev,
- WC_ASYNC_FLAG_CALL_AGAIN);
- #endif
- if (ret >= 0) {
- #if defined(HAVE_SELFTEST) && \
- (!defined(HAVE_SELFTEST_VERSION) || (HAVE_SELFTEST_VERSION < 2))
- ret = wc_RsaPSS_CheckPadding_ex(digest, digestSz, sig, plainSz,
- hash[0], 0);
- #else
- ret = wc_RsaPSS_CheckPadding_ex(digest, digestSz, sig, plainSz,
- hash[0], 0, 0);
- #endif
- }
- } while (ret == WC_PENDING_E);
- if (ret != 0)
- ERROR_OUT(-7737, exit_rsa_pss);
- XMEMCPY(sig, out, outSz);
- plain = NULL;
- do {
- #if defined(WOLFSSL_ASYNC_CRYPT)
- ret = wc_AsyncWait(ret, &key->asyncDev,
- WC_ASYNC_FLAG_CALL_AGAIN);
- #endif
- if (ret >= 0) {
- ret = wc_RsaPSS_VerifyInline_ex(sig, outSz, &plain, hash[0], mgf[0],
- 0, key);
- }
- } while (ret == WC_PENDING_E);
- if (ret <= 0)
- ERROR_OUT(-7738, exit_rsa_pss);
- plainSz = ret;
- TEST_SLEEP();
- #if defined(HAVE_SELFTEST) && \
- (!defined(HAVE_SELFTEST_VERSION) || (HAVE_SELFTEST_VERSION < 2))
- ret = wc_RsaPSS_CheckPadding_ex(digest, digestSz, plain, plainSz, hash[0],
- 0);
- #else
- ret = wc_RsaPSS_CheckPadding_ex(digest, digestSz, plain, plainSz, hash[0],
- 0, 0);
- #endif
- if (ret != 0)
- ERROR_OUT(-7739, exit_rsa_pss);
- /* Test bad salt lengths in various APIs. */
- digestSz = wc_HashGetDigestSize(hash[0]);
- outSz = RSA_TEST_BYTES;
- #ifndef WOLFSSL_PSS_SALT_LEN_DISCOVER
- len = -2;
- #else
- len = -3;
- #endif
- do {
- #if defined(WOLFSSL_ASYNC_CRYPT)
- ret = wc_AsyncWait(ret, &key->asyncDev,
- WC_ASYNC_FLAG_CALL_AGAIN);
- #endif
- if (ret >= 0) {
- ret = wc_RsaPSS_Sign_ex(digest, digestSz, out, outSz, hash[0],
- mgf[0], len, key, rng);
- }
- } while (ret == WC_PENDING_E);
- if (ret != PSS_SALTLEN_E)
- ERROR_OUT(-7740, exit_rsa_pss);
- do {
- #if defined(WOLFSSL_ASYNC_CRYPT)
- ret = wc_AsyncWait(ret, &key->asyncDev,
- WC_ASYNC_FLAG_CALL_AGAIN);
- #endif
- if (ret >= 0) {
- ret = wc_RsaPSS_Sign_ex(digest, digestSz, out, outSz, hash[0],
- mgf[0], digestSz + 1, key, rng);
- }
- } while (ret == WC_PENDING_E);
- if (ret != PSS_SALTLEN_E)
- ERROR_OUT(-7741, exit_rsa_pss);
- TEST_SLEEP();
- do {
- #if defined(WOLFSSL_ASYNC_CRYPT)
- ret = wc_AsyncWait(ret, &key->asyncDev,
- WC_ASYNC_FLAG_CALL_AGAIN);
- #endif
- if (ret >= 0) {
- ret = wc_RsaPSS_VerifyInline_ex(sig, outSz, &plain, hash[0],
- mgf[0], -2, key);
- }
- } while (ret == WC_PENDING_E);
- if (ret != PSS_SALTLEN_E)
- ERROR_OUT(-7742, exit_rsa_pss);
- TEST_SLEEP();
- do {
- #if defined(WOLFSSL_ASYNC_CRYPT)
- ret = wc_AsyncWait(ret, &key->asyncDev,
- WC_ASYNC_FLAG_CALL_AGAIN);
- #endif
- if (ret >= 0) {
- ret = wc_RsaPSS_VerifyInline_ex(sig, outSz, &plain, hash[0], mgf[0],
- digestSz + 1, key);
- }
- } while (ret == WC_PENDING_E);
- if (ret != PSS_SALTLEN_E)
- ERROR_OUT(-7743, exit_rsa_pss);
- TEST_SLEEP();
- #ifndef WOLFSSL_PSS_SALT_LEN_DISCOVER
- len = -2;
- #else
- len = -3;
- #endif
- #if defined(HAVE_SELFTEST) && \
- (!defined(HAVE_SELFTEST_VERSION) || (HAVE_SELFTEST_VERSION < 2))
- ret = wc_RsaPSS_CheckPadding_ex(digest, digestSz, plain, plainSz, hash[0],
- len);
- #else
- ret = wc_RsaPSS_CheckPadding_ex(digest, digestSz, plain, plainSz, hash[0],
- len, 0);
- #endif
- if (ret != PSS_SALTLEN_E)
- ERROR_OUT(-7744, exit_rsa_pss);
- #ifndef WOLFSSL_PSS_LONG_SALT
- len = digestSz + 1;
- #else
- len = plainSz - digestSz - 1;
- #endif
- #if defined(HAVE_SELFTEST) && \
- (!defined(HAVE_SELFTEST_VERSION) || (HAVE_SELFTEST_VERSION < 2))
- ret = wc_RsaPSS_CheckPadding_ex(digest, digestSz, plain, plainSz, hash[0],
- len);
- #else
- ret = wc_RsaPSS_CheckPadding_ex(digest, digestSz, plain, plainSz, hash[0],
- len, 0);
- #endif
- if (ret != PSS_SALTLEN_E)
- ERROR_OUT(-7745, exit_rsa_pss);
- ret = 0;
- exit_rsa_pss:
- FREE_VAR(sig, HEAP_HINT);
- FREE_VAR(in, HEAP_HINT);
- FREE_VAR(out, HEAP_HINT);
- return ret;
- }
- #endif /* !WOLFSSL_RSA_VERIFY_ONLY && !WOLFSSL_RSA_PUBLIC_ONLY */
- #endif
- #ifdef WC_RSA_NO_PADDING
- WOLFSSL_TEST_SUBROUTINE int rsa_no_pad_test(void)
- {
- WC_RNG rng;
- byte* tmp = NULL;
- size_t bytes;
- int ret;
- word32 inLen = 0;
- word32 idx = 0;
- word32 outSz = RSA_TEST_BYTES;
- word32 plainSz = RSA_TEST_BYTES;
- #if !defined(USE_CERT_BUFFERS_1024) && !defined(USE_CERT_BUFFERS_2048) && \
- !defined(USE_CERT_BUFFERS_3072) && !defined(USE_CERT_BUFFERS_4096) && \
- !defined(NO_FILESYSTEM)
- XFILE file;
- #endif
- DECLARE_VAR(key, RsaKey, 1, HEAP_HINT);
- DECLARE_VAR(out, byte, RSA_TEST_BYTES, HEAP_HINT);
- DECLARE_VAR(plain, byte, RSA_TEST_BYTES, HEAP_HINT);
- #ifdef DECLARE_VAR_IS_HEAP_ALLOC
- if (key == NULL || out == NULL || plain == NULL)
- ERROR_OUT(MEMORY_E, exit_rsa_nopadding);
- #endif
- /* initialize stack structures */
- XMEMSET(&rng, 0, sizeof(rng));
- XMEMSET(key, 0, sizeof(RsaKey));
- #ifdef USE_CERT_BUFFERS_1024
- bytes = (size_t)sizeof_client_key_der_1024;
- if (bytes < (size_t)sizeof_client_cert_der_1024)
- bytes = (size_t)sizeof_client_cert_der_1024;
- #elif defined(USE_CERT_BUFFERS_2048)
- bytes = (size_t)sizeof_client_key_der_2048;
- if (bytes < (size_t)sizeof_client_cert_der_2048)
- bytes = (size_t)sizeof_client_cert_der_2048;
- #else
- bytes = FOURK_BUF;
- #endif
- tmp = (byte*)XMALLOC(bytes, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- if (tmp == NULL
- #ifdef WOLFSSL_ASYNC_CRYPT
- || out == NULL || plain == NULL
- #endif
- ) {
- ERROR_OUT(-7800, exit_rsa_nopadding);
- }
- #ifdef USE_CERT_BUFFERS_1024
- XMEMCPY(tmp, client_key_der_1024, (size_t)sizeof_client_key_der_1024);
- #elif defined(USE_CERT_BUFFERS_2048)
- XMEMCPY(tmp, client_key_der_2048, (size_t)sizeof_client_key_der_2048);
- #elif defined(USE_CERT_BUFFERS_3072)
- XMEMCPY(tmp, client_key_der_3072, (size_t)sizeof_client_key_der_3072);
- #elif defined(USE_CERT_BUFFERS_4096)
- XMEMCPY(tmp, client_key_der_4096, (size_t)sizeof_client_key_der_4096);
- #elif !defined(NO_FILESYSTEM)
- file = XFOPEN(clientKey, "rb");
- if (!file) {
- err_sys("can't open clientKey, Please run from wolfSSL home dir", -40);
- ERROR_OUT(-7801, exit_rsa_nopadding);
- }
- bytes = XFREAD(tmp, 1, FOURK_BUF, file);
- XFCLOSE(file);
- #else
- /* No key to use. */
- ERROR_OUT(-7802, exit_rsa_nopadding);
- #endif /* USE_CERT_BUFFERS */
- ret = wc_InitRsaKey_ex(key, HEAP_HINT, devId);
- if (ret != 0) {
- ERROR_OUT(-7803, exit_rsa_nopadding);
- }
- ret = wc_RsaPrivateKeyDecode(tmp, &idx, key, (word32)bytes);
- if (ret != 0) {
- ERROR_OUT(-7804, exit_rsa_nopadding);
- }
- /* after loading in key use tmp as the test buffer */
- #ifndef HAVE_FIPS
- ret = wc_InitRng_ex(&rng, HEAP_HINT, devId);
- #else
- ret = wc_InitRng(&rng);
- #endif
- if (ret != 0) {
- ERROR_OUT(-7805, exit_rsa_nopadding);
- }
- #ifndef WOLFSSL_RSA_VERIFY_ONLY
- inLen = wc_RsaEncryptSize(key);
- outSz = inLen;
- plainSz = inLen;
- XMEMSET(tmp, 7, inLen);
- do {
- #if defined(WOLFSSL_ASYNC_CRYPT)
- ret = wc_AsyncWait(ret, &key->asyncDev, WC_ASYNC_FLAG_CALL_AGAIN);
- #endif
- if (ret >= 0) {
- ret = wc_RsaDirect(tmp, inLen, out, &outSz, key,
- RSA_PRIVATE_ENCRYPT, &rng);
- }
- } while (ret == WC_PENDING_E);
- if (ret <= 0) {
- ERROR_OUT(-7806, exit_rsa_nopadding);
- }
- /* encrypted result should not be the same as input */
- if (XMEMCMP(out, tmp, inLen) == 0) {
- ERROR_OUT(-7807, exit_rsa_nopadding);
- }
- TEST_SLEEP();
- /* decrypt with public key and compare result */
- do {
- #if defined(WOLFSSL_ASYNC_CRYPT)
- ret = wc_AsyncWait(ret, &key->asyncDev, WC_ASYNC_FLAG_CALL_AGAIN);
- #endif
- if (ret >= 0) {
- ret = wc_RsaDirect(out, outSz, plain, &plainSz, key,
- RSA_PUBLIC_DECRYPT, &rng);
- }
- } while (ret == WC_PENDING_E);
- if (ret <= 0) {
- ERROR_OUT(-7808, exit_rsa_nopadding);
- }
- if (XMEMCMP(plain, tmp, inLen) != 0) {
- ERROR_OUT(-7809, exit_rsa_nopadding);
- }
- TEST_SLEEP();
- #endif
- #ifdef WC_RSA_BLINDING
- ret = wc_RsaSetRNG(NULL, &rng);
- if (ret != BAD_FUNC_ARG) {
- ERROR_OUT(-7810, exit_rsa_nopadding);
- }
- ret = wc_RsaSetRNG(key, &rng);
- if (ret < 0) {
- ERROR_OUT(-7811, exit_rsa_nopadding);
- }
- #endif
- /* test encrypt and decrypt using WC_RSA_NO_PAD */
- #ifndef WOLFSSL_RSA_VERIFY_ONLY
- do {
- #if defined(WOLFSSL_ASYNC_CRYPT)
- ret = wc_AsyncWait(ret, &key->asyncDev, WC_ASYNC_FLAG_CALL_AGAIN);
- #endif
- if (ret >= 0) {
- ret = wc_RsaPublicEncrypt_ex(tmp, inLen, out, (int)outSz, key, &rng,
- WC_RSA_NO_PAD, WC_HASH_TYPE_NONE, WC_MGF1NONE, NULL, 0);
- }
- } while (ret == WC_PENDING_E);
- if (ret < 0) {
- ERROR_OUT(-7812, exit_rsa_nopadding);
- }
- TEST_SLEEP();
- #endif /* WOLFSSL_RSA_VERIFY_ONLY */
- #ifndef WOLFSSL_RSA_PUBLIC_ONLY
- do {
- #if defined(WOLFSSL_ASYNC_CRYPT)
- ret = wc_AsyncWait(ret, &key->asyncDev, WC_ASYNC_FLAG_CALL_AGAIN);
- #endif
- if (ret >= 0) {
- ret = wc_RsaPrivateDecrypt_ex(out, outSz, plain, (int)plainSz, key,
- WC_RSA_NO_PAD, WC_HASH_TYPE_NONE, WC_MGF1NONE, NULL, 0);
- }
- } while (ret == WC_PENDING_E);
- if (ret < 0) {
- ERROR_OUT(-7813, exit_rsa_nopadding);
- }
- if (XMEMCMP(plain, tmp, inLen) != 0) {
- ERROR_OUT(-7814, exit_rsa_nopadding);
- }
- TEST_SLEEP();
- #endif /* WOLFSSL_RSA_PUBLIC_ONLY */
- /* test some bad arguments */
- ret = wc_RsaDirect(out, outSz, plain, &plainSz, key, -1,
- &rng);
- if (ret != BAD_FUNC_ARG) {
- ERROR_OUT(-7815, exit_rsa_nopadding);
- }
- ret = wc_RsaDirect(out, outSz, plain, &plainSz, NULL, RSA_PUBLIC_DECRYPT,
- &rng);
- if (ret != BAD_FUNC_ARG) {
- ERROR_OUT(-7816, exit_rsa_nopadding);
- }
- ret = wc_RsaDirect(out, outSz, NULL, &plainSz, key, RSA_PUBLIC_DECRYPT,
- &rng);
- if (ret != LENGTH_ONLY_E || plainSz != inLen) {
- ERROR_OUT(-7817, exit_rsa_nopadding);
- }
- ret = wc_RsaDirect(out, outSz - 10, plain, &plainSz, key,
- RSA_PUBLIC_DECRYPT, &rng);
- if (ret != BAD_FUNC_ARG) {
- ERROR_OUT(-7818, exit_rsa_nopadding);
- }
- /* if making it to this point of code without hitting an ERROR_OUT then
- * all tests have passed */
- ret = 0;
- exit_rsa_nopadding:
- wc_FreeRsaKey(key);
- XFREE(tmp, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- FREE_VAR(key, HEAP_HINT);
- FREE_VAR(out, HEAP_HINT);
- FREE_VAR(plain, HEAP_HINT);
- wc_FreeRng(&rng);
- return ret;
- }
- #endif /* WC_RSA_NO_PADDING */
- #if defined(WOLFSSL_HAVE_SP_RSA) && defined(USE_FAST_MATH)
- static int rsa_even_mod_test(WC_RNG* rng, RsaKey* key)
- {
- byte* tmp = NULL;
- size_t bytes;
- int ret;
- word32 inLen = 0;
- #ifndef NO_ASN
- word32 idx = 0;
- #endif
- word32 outSz = RSA_TEST_BYTES;
- #ifndef WOLFSSL_RSA_PUBLIC_ONLY
- word32 plainSz = RSA_TEST_BYTES;
- #endif
- #if !defined(USE_CERT_BUFFERS_2048) && !defined(USE_CERT_BUFFERS_3072) && \
- !defined(USE_CERT_BUFFERS_4096) && !defined(NO_FILESYSTEM)
- XFILE file;
- #endif
- DECLARE_VAR(out, byte, RSA_TEST_BYTES, HEAP_HINT);
- #ifndef WOLFSSL_RSA_PUBLIC_ONLY
- DECLARE_VAR(plain, byte, RSA_TEST_BYTES, HEAP_HINT);
- #endif
- #ifdef DECLARE_VAR_IS_HEAP_ALLOC
- if (out == NULL
- #ifndef WOLFSSL_RSA_PUBLIC_ONLY
- || plain == NULL
- #endif
- ) {
- ERROR_OUT(MEMORY_E, exit_rsa_even_mod);
- }
- #endif
- #if defined(USE_CERT_BUFFERS_2048)
- bytes = (size_t)sizeof_client_key_der_2048;
- if (bytes < (size_t)sizeof_client_cert_der_2048)
- bytes = (size_t)sizeof_client_cert_der_2048;
- #else
- bytes = FOURK_BUF;
- #endif
- tmp = (byte*)XMALLOC(bytes, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- if (tmp == NULL
- #ifdef WOLFSSL_ASYNC_CRYPT
- || out == NULL || plain == NULL
- #endif
- ) {
- ERROR_OUT(-7800, exit_rsa_even_mod);
- }
- #if defined(USE_CERT_BUFFERS_2048)
- XMEMCPY(tmp, client_key_der_2048, (size_t)sizeof_client_key_der_2048);
- #elif defined(USE_CERT_BUFFERS_3072)
- XMEMCPY(tmp, client_key_der_3072, (size_t)sizeof_client_key_der_3072);
- #elif defined(USE_CERT_BUFFERS_4096)
- XMEMCPY(tmp, client_key_der_4096, (size_t)sizeof_client_key_der_4096);
- #elif !defined(NO_FILESYSTEM)
- file = XFOPEN(clientKey, "rb");
- if (!file) {
- err_sys("can't open ./certs/client-key.der, "
- "Please run from wolfSSL home dir", -40);
- ERROR_OUT(-7801, exit_rsa_even_mod);
- }
- bytes = XFREAD(tmp, 1, FOURK_BUF, file);
- XFCLOSE(file);
- #else
- /* No key to use. */
- ERROR_OUT(-7802, exit_rsa_even_mod);
- #endif /* USE_CERT_BUFFERS */
- #ifndef NO_ASN
- ret = wc_RsaPrivateKeyDecode(tmp, &idx, key, (word32)bytes);
- if (ret != 0) {
- ERROR_OUT(-7804, exit_rsa_even_mod);
- }
- #else
- #ifdef USE_CERT_BUFFERS_2048
- ret = mp_read_unsigned_bin(&key->n, &tmp[12], 256);
- if (ret != 0) {
- ERROR_OUT(-7804, exit_rsa_even_mod);
- }
- ret = mp_set_int(&key->e, WC_RSA_EXPONENT);
- if (ret != 0) {
- ERROR_OUT(-7804, exit_rsa_even_mod);
- }
- #ifndef NO_SIG_WRAPPER
- modLen = 2048;
- #endif
- #else
- #error Not supported yet!
- #endif
- #endif
- key->n.dp[0] &= (mp_digit)-2;
- if (ret != 0) {
- ERROR_OUT(-7804, exit_rsa_even_mod);
- }
- /* after loading in key use tmp as the test buffer */
- #if !defined(WOLFSSL_RSA_VERIFY_ONLY) && !defined(WOLFSSL_RSA_PUBLIC_ONLY)
- inLen = 32;
- outSz = wc_RsaEncryptSize(key);
- XMEMSET(tmp, 7, plainSz);
- ret = wc_RsaSSL_Sign(tmp, inLen, out, outSz, key, rng);
- if (ret != MP_VAL && ret != MP_EXPTMOD_E && ret != MP_INVMOD_E) {
- ERROR_OUT(-7806, exit_rsa_even_mod);
- }
- ret = wc_RsaSSL_Verify(out, outSz, tmp, inLen, key);
- if (ret != MP_VAL && ret != MP_EXPTMOD_E) {
- ERROR_OUT(-7808, exit_rsa_even_mod);
- }
- #endif
- #ifdef WC_RSA_BLINDING
- ret = wc_RsaSetRNG(key, rng);
- if (ret < 0) {
- ERROR_OUT(-7811, exit_rsa_even_mod);
- }
- #endif
- /* test encrypt and decrypt using WC_RSA_NO_PAD */
- #if !defined(WOLFSSL_RSA_VERIFY_ONLY) && !defined(WOLFSSL_RSA_PUBLIC_ONLY)
- ret = wc_RsaPublicEncrypt(tmp, inLen, out, (int)outSz, key, rng);
- if (ret != MP_VAL && ret != MP_EXPTMOD_E) {
- ERROR_OUT(-7812, exit_rsa_even_mod);
- }
- #endif /* WOLFSSL_RSA_VERIFY_ONLY */
- #ifndef WOLFSSL_RSA_PUBLIC_ONLY
- ret = wc_RsaPrivateDecrypt(out, outSz, plain, (int)plainSz, key);
- if (ret != MP_VAL && ret != MP_EXPTMOD_E && ret != MP_INVMOD_E) {
- ERROR_OUT(-7813, exit_rsa_even_mod);
- }
- #endif /* WOLFSSL_RSA_PUBLIC_ONLY */
- /* if making it to this point of code without hitting an ERROR_OUT then
- * all tests have passed */
- ret = 0;
- exit_rsa_even_mod:
- XFREE(tmp, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- FREE_VAR(out, HEAP_HINT);
- #ifndef WOLFSSL_RSA_PUBLIC_ONLY
- FREE_VAR(plain, HEAP_HINT);
- #endif
- (void)out;
- (void)outSz;
- (void)plain;
- (void)plainSz;
- (void)inLen;
- (void)rng;
- return ret;
- }
- #endif /* WOLFSSL_HAVE_SP_RSA */
- #ifdef WOLFSSL_CERT_GEN
- static int rsa_certgen_test(RsaKey* key, RsaKey* keypub, WC_RNG* rng, byte* tmp)
- {
- #ifdef WOLFSSL_SMALL_STACK
- RsaKey *caKey = (RsaKey *)XMALLOC(sizeof *caKey, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- #ifdef WOLFSSL_TEST_CERT
- DecodedCert *decode = (DecodedCert *)XMALLOC(sizeof *decode, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- #endif
- #else
- RsaKey caKey[1];
- #ifdef WOLFSSL_TEST_CERT
- DecodedCert decode[1];
- #endif
- #endif
- byte* der = NULL;
- int ret;
- Cert* myCert = NULL;
- int certSz;
- size_t bytes3;
- word32 idx3 = 0;
- #if !defined(USE_CERT_BUFFERS_1024) && !defined(USE_CERT_BUFFERS_2048)
- XFILE file3;
- #endif
- #if defined(WOLFSSL_ALT_NAMES) && !defined(NO_ASN_TIME)
- struct tm beforeTime;
- struct tm afterTime;
- #endif
- const byte mySerial[8] = {1,2,3,4,5,6,7,8};
- (void)keypub;
- #ifdef WOLFSSL_SMALL_STACK
- if (caKey == NULL)
- ERROR_OUT(MEMORY_E, exit_rsa);
- #ifdef WOLFSSL_TEST_CERT
- if (decode == NULL)
- ERROR_OUT(MEMORY_E, exit_rsa);
- #endif
- #endif
- XMEMSET(caKey, 0, sizeof *caKey);
- der = (byte*)XMALLOC(FOURK_BUF, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- if (der == NULL) {
- ERROR_OUT(-7820, exit_rsa);
- }
- myCert = (Cert*)XMALLOC(sizeof(Cert), HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- if (myCert == NULL) {
- ERROR_OUT(-7821, exit_rsa);
- }
- /* self signed */
- if (wc_InitCert(myCert)) {
- ERROR_OUT(-7822, exit_rsa);
- }
- XMEMCPY(&myCert->subject, &certDefaultName, sizeof(CertName));
- XMEMCPY(myCert->serial, mySerial, sizeof(mySerial));
- myCert->serialSz = (int)sizeof(mySerial);
- myCert->isCA = 1;
- #ifndef NO_SHA256
- myCert->sigType = CTC_SHA256wRSA;
- #else
- myCert->sigType = CTC_SHAwRSA;
- #endif
- #ifdef WOLFSSL_CERT_EXT
- /* add Policies */
- XSTRNCPY(myCert->certPolicies[0], "2.16.840.1.101.3.4.1.42",
- CTC_MAX_CERTPOL_SZ);
- XSTRNCPY(myCert->certPolicies[1], "1.2.840.113549.1.9.16.6.5",
- CTC_MAX_CERTPOL_SZ);
- myCert->certPoliciesNb = 2;
- /* add SKID from the Public Key */
- if (wc_SetSubjectKeyIdFromPublicKey(myCert, keypub, NULL) != 0) {
- ERROR_OUT(-7823, exit_rsa);
- }
- /* add AKID from the Public Key */
- if (wc_SetAuthKeyIdFromPublicKey(myCert, keypub, NULL) != 0) {
- ERROR_OUT(-7824, exit_rsa);
- }
- /* add Key Usage */
- if (wc_SetKeyUsage(myCert,"cRLSign,keyCertSign") != 0) {
- ERROR_OUT(-7825, exit_rsa);
- }
- #ifdef WOLFSSL_EKU_OID
- {
- const char unique[] = "2.16.840.1.111111.100.1.10.1";
- if (wc_SetExtKeyUsageOID(myCert, unique, sizeof(unique), 0,
- HEAP_HINT) != 0) {
- ERROR_OUT(-7826, exit_rsa);
- }
- }
- #endif /* WOLFSSL_EKU_OID */
- #endif /* WOLFSSL_CERT_EXT */
- ret = 0;
- do {
- #if defined(WOLFSSL_ASYNC_CRYPT)
- ret = wc_AsyncWait(ret, &key->asyncDev, WC_ASYNC_FLAG_CALL_AGAIN);
- #endif
- if (ret >= 0) {
- ret = wc_MakeSelfCert(myCert, der, FOURK_BUF, key, rng);
- }
- } while (ret == WC_PENDING_E);
- if (ret < 0) {
- ERROR_OUT(-7827, exit_rsa);
- }
- certSz = ret;
- #ifdef WOLFSSL_TEST_CERT
- InitDecodedCert(decode, der, certSz, HEAP_HINT);
- ret = ParseCert(decode, CERT_TYPE, NO_VERIFY, 0);
- if (ret != 0) {
- FreeDecodedCert(decode);
- ERROR_OUT(-7828, exit_rsa);
- }
- FreeDecodedCert(decode);
- #endif
- ret = SaveDerAndPem(der, certSz, certDerFile, certPemFile,
- CERT_TYPE, -5578);
- if (ret != 0) {
- goto exit_rsa;
- }
- /* Setup Certificate */
- if (wc_InitCert(myCert)) {
- ERROR_OUT(-7829, exit_rsa);
- }
- #ifdef WOLFSSL_ALT_NAMES
- /* Get CA Cert for testing */
- #ifdef USE_CERT_BUFFERS_1024
- XMEMCPY(tmp, ca_cert_der_1024, sizeof_ca_cert_der_1024);
- bytes3 = sizeof_ca_cert_der_1024;
- #elif defined(USE_CERT_BUFFERS_2048)
- XMEMCPY(tmp, ca_cert_der_2048, sizeof_ca_cert_der_2048);
- bytes3 = sizeof_ca_cert_der_2048;
- #else
- file3 = XFOPEN(rsaCaCertDerFile, "rb");
- if (!file3) {
- ERROR_OUT(-7830, exit_rsa);
- }
- bytes3 = XFREAD(tmp, 1, FOURK_BUF, file3);
- XFCLOSE(file3);
- #endif /* USE_CERT_BUFFERS */
- #if !defined(NO_FILESYSTEM) && !defined(USE_CERT_BUFFERS_1024) && \
- !defined(USE_CERT_BUFFERS_2048) && !defined(NO_ASN)
- ret = wc_SetAltNames(myCert, rsaCaCertFile);
- if (ret != 0) {
- ERROR_OUT(-7831, exit_rsa);
- }
- #endif
- /* get alt names from der */
- ret = wc_SetAltNamesBuffer(myCert, tmp, (int)bytes3);
- if (ret != 0) {
- ERROR_OUT(-7832, exit_rsa);
- }
- /* get dates from der */
- ret = wc_SetDatesBuffer(myCert, tmp, (int)bytes3);
- if (ret != 0) {
- ERROR_OUT(-7833, exit_rsa);
- }
- #ifndef NO_ASN_TIME
- ret = wc_GetCertDates(myCert, &beforeTime, &afterTime);
- if (ret < 0) {
- ERROR_OUT(-7834, exit_rsa);
- }
- #endif
- #endif /* WOLFSSL_ALT_NAMES */
- /* Get CA Key */
- #ifdef USE_CERT_BUFFERS_1024
- XMEMCPY(tmp, ca_key_der_1024, sizeof_ca_key_der_1024);
- bytes3 = sizeof_ca_key_der_1024;
- #elif defined(USE_CERT_BUFFERS_2048)
- XMEMCPY(tmp, ca_key_der_2048, sizeof_ca_key_der_2048);
- bytes3 = sizeof_ca_key_der_2048;
- #else
- file3 = XFOPEN(rsaCaKeyFile, "rb");
- if (!file3) {
- ERROR_OUT(-7835, exit_rsa);
- }
- bytes3 = XFREAD(tmp, 1, FOURK_BUF, file3);
- XFCLOSE(file3);
- #endif /* USE_CERT_BUFFERS */
- ret = wc_InitRsaKey(caKey, HEAP_HINT);
- if (ret != 0) {
- ERROR_OUT(-7836, exit_rsa);
- }
- ret = wc_RsaPrivateKeyDecode(tmp, &idx3, caKey, (word32)bytes3);
- if (ret != 0) {
- ERROR_OUT(-7837, exit_rsa);
- }
- #ifndef NO_SHA256
- myCert->sigType = CTC_SHA256wRSA;
- #else
- myCert->sigType = CTC_SHAwRSA;
- #endif
- XMEMCPY(&myCert->subject, &certDefaultName, sizeof(CertName));
- #ifdef WOLFSSL_CERT_EXT
- /* add Policies */
- XSTRNCPY(myCert->certPolicies[0], "2.16.840.1.101.3.4.1.42",
- CTC_MAX_CERTPOL_SZ);
- myCert->certPoliciesNb =1;
- /* add SKID from the Public Key */
- if (wc_SetSubjectKeyIdFromPublicKey(myCert, key, NULL) != 0) {
- ERROR_OUT(-7838, exit_rsa);
- }
- /* add AKID from the CA certificate */
- #if defined(USE_CERT_BUFFERS_2048)
- ret = wc_SetAuthKeyIdFromCert(myCert, ca_cert_der_2048,
- sizeof_ca_cert_der_2048);
- #elif defined(USE_CERT_BUFFERS_1024)
- ret = wc_SetAuthKeyIdFromCert(myCert, ca_cert_der_1024,
- sizeof_ca_cert_der_1024);
- #else
- ret = wc_SetAuthKeyId(myCert, rsaCaCertFile);
- #endif
- if (ret != 0) {
- ERROR_OUT(-7839, exit_rsa);
- }
- /* add Key Usage */
- if (wc_SetKeyUsage(myCert,"keyEncipherment,keyAgreement") != 0) {
- ERROR_OUT(-7840, exit_rsa);
- }
- #endif /* WOLFSSL_CERT_EXT */
- #if defined(USE_CERT_BUFFERS_2048)
- ret = wc_SetIssuerBuffer(myCert, ca_cert_der_2048,
- sizeof_ca_cert_der_2048);
- #elif defined(USE_CERT_BUFFERS_1024)
- ret = wc_SetIssuerBuffer(myCert, ca_cert_der_1024,
- sizeof_ca_cert_der_1024);
- #else
- ret = wc_SetIssuer(myCert, rsaCaCertFile);
- #endif
- if (ret < 0) {
- ERROR_OUT(-7841, exit_rsa);
- }
- certSz = wc_MakeCert(myCert, der, FOURK_BUF, key, NULL, rng);
- if (certSz < 0) {
- ERROR_OUT(-7842, exit_rsa);
- }
- ret = 0;
- do {
- #if defined(WOLFSSL_ASYNC_CRYPT)
- ret = wc_AsyncWait(ret, &caKey->asyncDev, WC_ASYNC_FLAG_CALL_AGAIN);
- #endif
- if (ret >= 0) {
- ret = wc_SignCert(myCert->bodySz, myCert->sigType, der, FOURK_BUF,
- caKey, NULL, rng);
- }
- } while (ret == WC_PENDING_E);
- if (ret < 0) {
- ERROR_OUT(-7843, exit_rsa);
- }
- certSz = ret;
- #ifdef WOLFSSL_TEST_CERT
- InitDecodedCert(decode, der, certSz, HEAP_HINT);
- ret = ParseCert(decode, CERT_TYPE, NO_VERIFY, 0);
- if (ret != 0) {
- FreeDecodedCert(decode);
- ERROR_OUT(-7844, exit_rsa);
- }
- FreeDecodedCert(decode);
- #endif
- ret = SaveDerAndPem(der, certSz, otherCertDerFile, otherCertPemFile,
- CERT_TYPE, -5598);
- if (ret != 0) {
- goto exit_rsa;
- }
- exit_rsa:
- #ifdef WOLFSSL_SMALL_STACK
- if (caKey != NULL) {
- wc_FreeRsaKey(caKey);
- XFREE(caKey, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- }
- #ifdef WOLFSSL_TEST_CERT
- if (decode != NULL)
- XFREE(decode, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- #endif
- #else
- wc_FreeRsaKey(caKey);
- #endif
- XFREE(myCert, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- XFREE(der, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- return ret;
- }
- #endif
- #if !defined(NO_RSA) && defined(HAVE_ECC) && defined(WOLFSSL_CERT_GEN)
- /* Make Cert / Sign example for ECC cert and RSA CA */
- static int rsa_ecc_certgen_test(WC_RNG* rng, byte* tmp)
- {
- #ifdef WOLFSSL_SMALL_STACK
- RsaKey *caKey = (RsaKey *)XMALLOC(sizeof *caKey, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- ecc_key *caEccKey = (ecc_key *)XMALLOC(sizeof *caEccKey, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- ecc_key *caEccKeyPub = (ecc_key *)XMALLOC(sizeof *caEccKeyPub, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- #ifdef WOLFSSL_TEST_CERT
- DecodedCert *decode = (DecodedCert *)XMALLOC(sizeof *decode, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- #endif
- #else
- RsaKey caKey[1];
- ecc_key caEccKey[1];
- ecc_key caEccKeyPub[1];
- #ifdef WOLFSSL_TEST_CERT
- DecodedCert decode[1];
- #endif
- #endif
- byte* der = NULL;
- Cert* myCert = NULL;
- int certSz;
- size_t bytes3;
- word32 idx3 = 0;
- #if (!defined(USE_CERT_BUFFERS_1024) && !defined(USE_CERT_BUFFERS_2048)) \
- || !defined(USE_CERT_BUFFERS_256)
- XFILE file3;
- #endif
- int ret;
- #ifdef WOLFSSL_SMALL_STACK
- if ((caKey == NULL) || (caEccKey == NULL) || (caEccKeyPub == NULL)
- #ifdef WOLFSSL_TEST_CERT
- || (decode == NULL)
- #endif
- )
- ERROR_OUT(MEMORY_E, exit_rsa);
- #endif
- XMEMSET(caKey, 0, sizeof *caKey);
- XMEMSET(caEccKey, 0, sizeof *caEccKey);
- XMEMSET(caEccKeyPub, 0, sizeof *caEccKeyPub);
- der = (byte*)XMALLOC(FOURK_BUF, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- if (der == NULL) {
- ERROR_OUT(-7850, exit_rsa);
- }
- myCert = (Cert*)XMALLOC(sizeof(Cert), HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- if (myCert == NULL) {
- ERROR_OUT(-7851, exit_rsa);
- }
- /* Get CA Key */
- #ifdef USE_CERT_BUFFERS_1024
- XMEMCPY(tmp, ca_key_der_1024, sizeof_ca_key_der_1024);
- bytes3 = sizeof_ca_key_der_1024;
- #elif defined(USE_CERT_BUFFERS_2048)
- XMEMCPY(tmp, ca_key_der_2048, sizeof_ca_key_der_2048);
- bytes3 = sizeof_ca_key_der_2048;
- #else
- file3 = XFOPEN(rsaCaKeyFile, "rb");
- if (!file3) {
- ERROR_OUT(-7852, exit_rsa);
- }
- bytes3 = XFREAD(tmp, 1, FOURK_BUF, file3);
- XFCLOSE(file3);
- #endif /* USE_CERT_BUFFERS */
- ret = wc_InitRsaKey(caKey, HEAP_HINT);
- if (ret != 0) {
- ERROR_OUT(-7853, exit_rsa);
- }
- ret = wc_RsaPrivateKeyDecode(tmp, &idx3, caKey, (word32)bytes3);
- if (ret != 0) {
- ERROR_OUT(-7854, exit_rsa);
- }
- /* Get Cert Key */
- #ifdef USE_CERT_BUFFERS_256
- XMEMCPY(tmp, ecc_key_pub_der_256, sizeof_ecc_key_pub_der_256);
- bytes3 = sizeof_ecc_key_pub_der_256;
- #else
- file3 = XFOPEN(eccKeyPubFile, "rb");
- if (!file3) {
- ERROR_OUT(-7855, exit_rsa);
- }
- bytes3 = XFREAD(tmp, 1, FOURK_BUF, file3);
- XFCLOSE(file3);
- #endif
- ret = wc_ecc_init_ex(caEccKeyPub, HEAP_HINT, devId);
- if (ret != 0) {
- ERROR_OUT(-7856, exit_rsa);
- }
- idx3 = 0;
- ret = wc_EccPublicKeyDecode(tmp, &idx3, caEccKeyPub, (word32)bytes3);
- if (ret != 0) {
- ERROR_OUT(-7857, exit_rsa);
- }
- /* Setup Certificate */
- if (wc_InitCert(myCert)) {
- ERROR_OUT(-7858, exit_rsa);
- }
- #ifndef NO_SHA256
- myCert->sigType = CTC_SHA256wRSA;
- #else
- myCert->sigType = CTC_SHAwRSA;
- #endif
- XMEMCPY(&myCert->subject, &certDefaultName, sizeof(CertName));
- #ifdef WOLFSSL_CERT_EXT
- /* add Policies */
- XSTRNCPY(myCert->certPolicies[0], "2.4.589440.587.101.2.1.9632587.1",
- CTC_MAX_CERTPOL_SZ);
- XSTRNCPY(myCert->certPolicies[1], "1.2.13025.489.1.113549",
- CTC_MAX_CERTPOL_SZ);
- myCert->certPoliciesNb = 2;
- /* add SKID from the Public Key */
- if (wc_SetSubjectKeyIdFromPublicKey(myCert, NULL, caEccKeyPub) != 0) {
- ERROR_OUT(-7859, exit_rsa);
- }
- /* add AKID from the CA certificate */
- #if defined(USE_CERT_BUFFERS_2048)
- ret = wc_SetAuthKeyIdFromCert(myCert, ca_cert_der_2048,
- sizeof_ca_cert_der_2048);
- #elif defined(USE_CERT_BUFFERS_1024)
- ret = wc_SetAuthKeyIdFromCert(myCert, ca_cert_der_1024,
- sizeof_ca_cert_der_1024);
- #else
- ret = wc_SetAuthKeyId(myCert, rsaCaCertFile);
- #endif
- if (ret != 0) {
- ERROR_OUT(-7860, exit_rsa);
- }
- /* add Key Usage */
- if (wc_SetKeyUsage(myCert, certKeyUsage) != 0) {
- ERROR_OUT(-7861, exit_rsa);
- }
- #endif /* WOLFSSL_CERT_EXT */
- #if defined(USE_CERT_BUFFERS_2048)
- ret = wc_SetIssuerBuffer(myCert, ca_cert_der_2048,
- sizeof_ca_cert_der_2048);
- #elif defined(USE_CERT_BUFFERS_1024)
- ret = wc_SetIssuerBuffer(myCert, ca_cert_der_1024,
- sizeof_ca_cert_der_1024);
- #else
- ret = wc_SetIssuer(myCert, rsaCaCertFile);
- #endif
- if (ret < 0) {
- ERROR_OUT(-7862, exit_rsa);
- }
- certSz = wc_MakeCert(myCert, der, FOURK_BUF, NULL, caEccKeyPub, rng);
- if (certSz < 0) {
- ERROR_OUT(-7863, exit_rsa);
- }
- ret = 0;
- do {
- #if defined(WOLFSSL_ASYNC_CRYPT)
- ret = wc_AsyncWait(ret, &caEccKey->asyncDev, WC_ASYNC_FLAG_CALL_AGAIN);
- #endif
- if (ret >= 0) {
- ret = wc_SignCert(myCert->bodySz, myCert->sigType, der,
- FOURK_BUF, caKey, NULL, rng);
- }
- } while (ret == WC_PENDING_E);
- if (ret < 0) {
- ERROR_OUT(-7864, exit_rsa);
- }
- certSz = ret;
- #ifdef WOLFSSL_TEST_CERT
- InitDecodedCert(decode, der, certSz, 0);
- ret = ParseCert(decode, CERT_TYPE, NO_VERIFY, 0);
- if (ret != 0) {
- FreeDecodedCert(decode);
- ERROR_OUT(-7865, exit_rsa);
- }
- FreeDecodedCert(decode);
- #endif
- ret = SaveDerAndPem(der, certSz, certEccRsaDerFile, certEccRsaPemFile,
- CERT_TYPE, -5616);
- if (ret != 0) {
- goto exit_rsa;
- }
- exit_rsa:
- #ifdef WOLFSSL_SMALL_STACK
- if (caKey != NULL) {
- wc_FreeRsaKey(caKey);
- XFREE(caKey, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- }
- if (caEccKey != NULL) {
- wc_ecc_free(caEccKey);
- XFREE(caEccKey, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- }
- if (caEccKeyPub != NULL) {
- wc_ecc_free(caEccKeyPub);
- XFREE(caEccKeyPub, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- }
- #ifdef WOLFSSL_TEST_CERT
- if (decode != NULL)
- XFREE(decode, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- #endif
- #else
- wc_FreeRsaKey(caKey);
- wc_ecc_free(caEccKey);
- wc_ecc_free(caEccKeyPub);
- #endif
- XFREE(myCert, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- myCert = NULL;
- XFREE(der, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- der = NULL;
- if (ret >= 0)
- ret = 0;
- return ret;
- }
- #endif /* !NO_RSA && HAVE_ECC && WOLFSSL_CERT_GEN */
- #ifdef WOLFSSL_KEY_GEN
- static int rsa_keygen_test(WC_RNG* rng)
- {
- #ifdef WOLFSSL_SMALL_STACK
- RsaKey *genKey = (RsaKey *)XMALLOC(sizeof *genKey, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- #else
- RsaKey genKey[1];
- #endif
- int ret;
- byte* der = NULL;
- #ifndef WOLFSSL_CRYPTOCELL
- word32 idx = 0;
- #endif
- int derSz = 0;
- #if !defined(WOLFSSL_SP_MATH) && !defined(HAVE_FIPS)
- int keySz = 1024;
- #else
- int keySz = 2048;
- #endif
- #ifdef WOLFSSL_SMALL_STACK
- if (! genKey)
- ERROR_OUT(MEMORY_E, exit_rsa);
- #endif
- XMEMSET(genKey, 0, sizeof *genKey);
- ret = wc_InitRsaKey_ex(genKey, HEAP_HINT, devId);
- if (ret != 0) {
- ERROR_OUT(-7870, exit_rsa);
- }
- ret = wc_MakeRsaKey(genKey, keySz, WC_RSA_EXPONENT, rng);
- #if defined(WOLFSSL_ASYNC_CRYPT)
- ret = wc_AsyncWait(ret, &genKey->asyncDev, WC_ASYNC_FLAG_NONE);
- #endif
- if (ret != 0) {
- ERROR_OUT(-7871, exit_rsa);
- }
- TEST_SLEEP();
- /* If not using old FIPS, or not using FAST or USER RSA... */
- #if !defined(HAVE_FAST_RSA) && !defined(HAVE_USER_RSA) && \
- (!defined(HAVE_FIPS) || \
- (defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION >= 2))) && \
- !defined(HAVE_SELFTEST) && !defined(HAVE_INTEL_QA)
- ret = wc_CheckRsaKey(genKey);
- if (ret != 0) {
- ERROR_OUT(-7872, exit_rsa);
- }
- #endif
- der = (byte*)XMALLOC(FOURK_BUF, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- if (der == NULL) {
- ERROR_OUT(-7873, exit_rsa);
- }
- derSz = wc_RsaKeyToDer(genKey, der, FOURK_BUF);
- if (derSz < 0) {
- ERROR_OUT(-7874, exit_rsa);
- }
- ret = SaveDerAndPem(der, derSz, keyDerFile, keyPemFile,
- PRIVATEKEY_TYPE, -5555);
- if (ret != 0) {
- goto exit_rsa;
- }
- wc_FreeRsaKey(genKey);
- ret = wc_InitRsaKey(genKey, HEAP_HINT);
- if (ret != 0) {
- ERROR_OUT(-7875, exit_rsa);
- }
- #ifndef WOLFSSL_CRYPTOCELL
- idx = 0;
- /* The private key part of the key gen pairs from cryptocell can't be exported */
- ret = wc_RsaPrivateKeyDecode(der, &idx, genKey, derSz);
- if (ret != 0) {
- ERROR_OUT(-7876, exit_rsa);
- }
- #endif /* WOLFSSL_CRYPTOCELL */
- exit_rsa:
- #ifdef WOLFSSL_SMALL_STACK
- if (genKey) {
- wc_FreeRsaKey(genKey);
- XFREE(genKey, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- }
- #else
- wc_FreeRsaKey(genKey);
- #endif
- if (der != NULL) {
- XFREE(der, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- der = NULL;
- }
- return ret;
- }
- #endif
- WOLFSSL_TEST_SUBROUTINE int rsa_test(void)
- {
- int ret;
- byte* tmp = NULL;
- byte* der = NULL;
- size_t bytes;
- WC_RNG rng;
- #ifdef WOLFSSL_SMALL_STACK
- RsaKey *key = (RsaKey *)XMALLOC(sizeof *key, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- #else
- RsaKey key[1];
- #endif
- #if defined(WOLFSSL_CERT_EXT) || defined(WOLFSSL_CERT_GEN)
- #ifdef WOLFSSL_SMALL_STACK
- RsaKey *keypub = (RsaKey *)XMALLOC(sizeof *keypub, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- #else
- RsaKey keypub[1];
- #endif
- #endif
- #if defined(HAVE_NTRU)
- #ifdef WOLFSSL_SMALL_STACK
- RsaKey *caKey = (RsaKey *)XMALLOC(sizeof *caKey, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- #else
- RsaKey caKey[1];
- #endif
- #endif
- word32 idx = 0;
- const char inStr[] = TEST_STRING;
- const word32 inLen = (word32)TEST_STRING_SZ;
- const word32 outSz = RSA_TEST_BYTES;
- const word32 plainSz = RSA_TEST_BYTES;
- byte* res = NULL;
- #ifndef NO_SIG_WRAPPER
- int modLen;
- #endif
- #if !defined(USE_CERT_BUFFERS_1024) && !defined(USE_CERT_BUFFERS_2048) && \
- !defined(USE_CERT_BUFFERS_3072) && !defined(USE_CERT_BUFFERS_4096) && \
- !defined(NO_FILESYSTEM)
- XFILE file;
- XFILE file2;
- #endif
- #ifdef WOLFSSL_TEST_CERT
- #ifdef WOLFSSL_SMALL_STACK
- DecodedCert *cert = (DecodedCert *)XMALLOC(sizeof *cert, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- #else
- DecodedCert cert[1];
- #endif
- #endif
- DECLARE_VAR(in, byte, TEST_STRING_SZ, HEAP_HINT);
- DECLARE_VAR(out, byte, RSA_TEST_BYTES, HEAP_HINT);
- DECLARE_VAR(plain, byte, RSA_TEST_BYTES, HEAP_HINT);
- #ifdef DECLARE_VAR_IS_HEAP_ALLOC
- if (in == NULL || out == NULL || plain == NULL)
- ERROR_OUT(MEMORY_E, exit_rsa);
- #endif
- XMEMCPY(in, inStr, inLen);
- #ifdef WOLFSSL_SMALL_STACK
- if (key == NULL)
- ERROR_OUT(MEMORY_E, exit_rsa);
- #if defined(WOLFSSL_CERT_EXT) || defined(WOLFSSL_CERT_GEN)
- if (keypub == NULL)
- ERROR_OUT(MEMORY_E, exit_rsa);
- #endif
- #if defined(HAVE_NTRU)
- if (caKey == NULL)
- ERROR_OUT(MEMORY_E, exit_rsa);
- #endif
- #ifdef WOLFSSL_TEST_CERT
- if (cert == NULL)
- ERROR_OUT(MEMORY_E, exit_rsa);
- #endif
- #endif /* WOLFSSL_SMALL_STACK */
- /* initialize stack structures */
- XMEMSET(&rng, 0, sizeof(rng));
- XMEMSET(key, 0, sizeof *key);
- #if defined(WOLFSSL_CERT_EXT) || defined(WOLFSSL_CERT_GEN)
- XMEMSET(keypub, 0, sizeof *keypub);
- #endif
- #if defined(HAVE_NTRU)
- XMEMSET(caKey, 0, sizeof *caKey);
- #endif
- #if !defined(HAVE_USER_RSA) && !defined(NO_ASN)
- ret = rsa_decode_test(key);
- if (ret != 0)
- ERROR_OUT(ret, exit_rsa);
- #endif
- #ifdef USE_CERT_BUFFERS_1024
- bytes = (size_t)sizeof_client_key_der_1024;
- if (bytes < (size_t)sizeof_client_cert_der_1024)
- bytes = (size_t)sizeof_client_cert_der_1024;
- #elif defined(USE_CERT_BUFFERS_2048)
- bytes = (size_t)sizeof_client_key_der_2048;
- if (bytes < (size_t)sizeof_client_cert_der_2048)
- bytes = (size_t)sizeof_client_cert_der_2048;
- #elif defined(USE_CERT_BUFFERS_3072)
- bytes = (size_t)sizeof_client_key_der_3072;
- if (bytes < (size_t)sizeof_client_cert_der_3072)
- bytes = (size_t)sizeof_client_cert_der_3072;
- #elif defined(USE_CERT_BUFFERS_4096)
- bytes = (size_t)sizeof_client_key_der_4096;
- if (bytes < (size_t)sizeof_client_cert_der_4096)
- bytes = (size_t)sizeof_client_cert_der_4096;
- #else
- bytes = FOURK_BUF;
- #endif
- tmp = (byte*)XMALLOC(bytes, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- if (tmp == NULL)
- ERROR_OUT(-7900, exit_rsa);
- #ifdef USE_CERT_BUFFERS_1024
- XMEMCPY(tmp, client_key_der_1024, (size_t)sizeof_client_key_der_1024);
- #elif defined(USE_CERT_BUFFERS_2048)
- XMEMCPY(tmp, client_key_der_2048, (size_t)sizeof_client_key_der_2048);
- #elif defined(USE_CERT_BUFFERS_3072)
- XMEMCPY(tmp, client_key_der_3072, (size_t)sizeof_client_key_der_3072);
- #elif defined(USE_CERT_BUFFERS_4096)
- XMEMCPY(tmp, client_key_der_4096, (size_t)sizeof_client_key_der_4096);
- #elif !defined(NO_FILESYSTEM)
- file = XFOPEN(clientKey, "rb");
- if (!file) {
- err_sys("can't open ./certs/client-key.der, "
- "Please run from wolfSSL home dir", -40);
- ERROR_OUT(-7901, exit_rsa);
- }
- bytes = XFREAD(tmp, 1, FOURK_BUF, file);
- XFCLOSE(file);
- #else
- /* No key to use. */
- ERROR_OUT(-7902, exit_rsa);
- #endif /* USE_CERT_BUFFERS */
- ret = wc_InitRsaKey_ex(key, HEAP_HINT, devId);
- if (ret != 0) {
- ERROR_OUT(-7903, exit_rsa);
- }
- #ifndef NO_ASN
- ret = wc_RsaPrivateKeyDecode(tmp, &idx, key, (word32)bytes);
- if (ret != 0) {
- ERROR_OUT(-7904, exit_rsa);
- }
- #ifndef NO_SIG_WRAPPER
- modLen = wc_RsaEncryptSize(key);
- #endif
- #else
- #ifdef USE_CERT_BUFFERS_2048
- ret = mp_read_unsigned_bin(&key->n, &tmp[12], 256);
- if (ret != 0) {
- ERROR_OUT(-7905, exit_rsa);
- }
- ret = mp_set_int(&key->e, WC_RSA_EXPONENT);
- if (ret != 0) {
- ERROR_OUT(-7906, exit_rsa);
- }
- #ifndef NO_SIG_WRAPPER
- modLen = 2048;
- #endif
- #else
- #error Not supported yet!
- #endif
- #endif
- #ifndef WC_NO_RNG
- #ifndef HAVE_FIPS
- ret = wc_InitRng_ex(&rng, HEAP_HINT, devId);
- #else
- ret = wc_InitRng(&rng);
- #endif
- if (ret != 0) {
- ERROR_OUT(-7907, exit_rsa);
- }
- #endif
- #ifndef NO_SIG_WRAPPER
- ret = rsa_sig_test(key, sizeof *key, modLen, &rng);
- if (ret != 0)
- goto exit_rsa;
- #endif
- #ifdef WC_RSA_NONBLOCK
- ret = rsa_nb_test(key, in, inLen, out, outSz, plain, plainSz, &rng);
- if (ret != 0)
- goto exit_rsa;
- #endif
- #if !defined(WOLFSSL_RSA_VERIFY_ONLY) && !defined(WOLFSSL_RSA_PUBLIC_ONLY) && \
- !defined(WC_NO_RNG)
- do {
- #if defined(WOLFSSL_ASYNC_CRYPT)
- ret = wc_AsyncWait(ret, &key->asyncDev, WC_ASYNC_FLAG_CALL_AGAIN);
- #endif
- if (ret >= 0) {
- ret = wc_RsaPublicEncrypt(in, inLen, out, outSz, key, &rng);
- }
- } while (ret == WC_PENDING_E);
- if (ret < 0) {
- ERROR_OUT(-7908, exit_rsa);
- }
- TEST_SLEEP();
- #ifdef WC_RSA_BLINDING
- {
- int tmpret = ret;
- ret = wc_RsaSetRNG(key, &rng);
- if (ret < 0) {
- ERROR_OUT(-7909, exit_rsa);
- }
- ret = tmpret;
- }
- #endif
- idx = (word32)ret; /* save off encrypted length */
- do {
- #if defined(WOLFSSL_ASYNC_CRYPT)
- ret = wc_AsyncWait(ret, &key->asyncDev, WC_ASYNC_FLAG_CALL_AGAIN);
- #endif
- if (ret >= 0) {
- ret = wc_RsaPrivateDecrypt(out, idx, plain, plainSz, key);
- }
- } while (ret == WC_PENDING_E);
- if (ret < 0) {
- ERROR_OUT(-7910, exit_rsa);
- }
- if (XMEMCMP(plain, in, inLen)) {
- ERROR_OUT(-7911, exit_rsa);
- }
- TEST_SLEEP();
- do {
- #if defined(WOLFSSL_ASYNC_CRYPT)
- ret = wc_AsyncWait(ret, &key->asyncDev, WC_ASYNC_FLAG_CALL_AGAIN);
- #endif
- if (ret >= 0) {
- ret = wc_RsaPrivateDecryptInline(out, idx, &res, key);
- }
- } while (ret == WC_PENDING_E);
- if (ret < 0) {
- ERROR_OUT(-7912, exit_rsa);
- }
- if (ret != (int)inLen) {
- ERROR_OUT(-7913, exit_rsa);
- }
- if (XMEMCMP(res, in, inLen)) {
- ERROR_OUT(-7914, exit_rsa);
- }
- TEST_SLEEP();
- do {
- #if defined(WOLFSSL_ASYNC_CRYPT)
- ret = wc_AsyncWait(ret, &key->asyncDev, WC_ASYNC_FLAG_CALL_AGAIN);
- #endif
- if (ret >= 0) {
- ret = wc_RsaSSL_Sign(in, inLen, out, outSz, key, &rng);
- }
- } while (ret == WC_PENDING_E);
- if (ret < 0) {
- ERROR_OUT(-7915, exit_rsa);
- }
- TEST_SLEEP();
- #elif defined(WOLFSSL_PUBLIC_MP)
- {
- static byte signature_2048[] = {
- 0x07, 0x6f, 0xc9, 0x85, 0x73, 0x9e, 0x21, 0x79,
- 0x47, 0xf1, 0xa3, 0xd7, 0xf4, 0x27, 0x29, 0xbe,
- 0x99, 0x5d, 0xac, 0xb2, 0x10, 0x3f, 0x95, 0xda,
- 0x89, 0x23, 0xb8, 0x96, 0x13, 0x57, 0x72, 0x30,
- 0xa1, 0xfe, 0x5a, 0x68, 0x9c, 0x99, 0x9d, 0x1e,
- 0x05, 0xa4, 0x80, 0xb0, 0xbb, 0xd9, 0xd9, 0xa1,
- 0x69, 0x97, 0x74, 0xb3, 0x41, 0x21, 0x3b, 0x47,
- 0xf5, 0x51, 0xb1, 0xfb, 0xc7, 0xaa, 0xcc, 0xdc,
- 0xcd, 0x76, 0xa0, 0x28, 0x4d, 0x27, 0x14, 0xa4,
- 0xb9, 0x41, 0x68, 0x7c, 0xb3, 0x66, 0xe6, 0x6f,
- 0x40, 0x76, 0xe4, 0x12, 0xfd, 0xae, 0x29, 0xb5,
- 0x63, 0x60, 0x87, 0xce, 0x49, 0x6b, 0xf3, 0x05,
- 0x9a, 0x14, 0xb5, 0xcc, 0xcd, 0xf7, 0x30, 0x95,
- 0xd2, 0x72, 0x52, 0x1d, 0x5b, 0x7e, 0xef, 0x4a,
- 0x02, 0x96, 0x21, 0x6c, 0x55, 0xa5, 0x15, 0xb1,
- 0x57, 0x63, 0x2c, 0xa3, 0x8e, 0x9d, 0x3d, 0x45,
- 0xcc, 0xb8, 0xe6, 0xa1, 0xc8, 0x59, 0xcd, 0xf5,
- 0xdc, 0x0a, 0x51, 0xb6, 0x9d, 0xfb, 0xf4, 0x6b,
- 0xfd, 0x32, 0x71, 0x6e, 0xcf, 0xcb, 0xb3, 0xd9,
- 0xe0, 0x4a, 0x77, 0x34, 0xd6, 0x61, 0xf5, 0x7c,
- 0xf9, 0xa9, 0xa4, 0xb0, 0x8e, 0x3b, 0xd6, 0x04,
- 0xe0, 0xde, 0x2b, 0x5b, 0x5a, 0xbf, 0xd9, 0xef,
- 0x8d, 0xa3, 0xf5, 0xb1, 0x67, 0xf3, 0xb9, 0x72,
- 0x0a, 0x37, 0x12, 0x35, 0x6c, 0x8e, 0x10, 0x8b,
- 0x38, 0x06, 0x16, 0x4b, 0x20, 0x20, 0x13, 0x00,
- 0x2e, 0x6d, 0xc2, 0x59, 0x23, 0x67, 0x4a, 0x6d,
- 0xa1, 0x46, 0x8b, 0xee, 0xcf, 0x44, 0xb4, 0x3e,
- 0x56, 0x75, 0x00, 0x68, 0xb5, 0x7d, 0x0f, 0x20,
- 0x79, 0x5d, 0x7f, 0x12, 0x15, 0x32, 0x89, 0x61,
- 0x6b, 0x29, 0xb7, 0x52, 0xf5, 0x25, 0xd8, 0x98,
- 0xe8, 0x6f, 0xf9, 0x22, 0xb4, 0xbb, 0xe5, 0xff,
- 0xd0, 0x92, 0x86, 0x9a, 0x88, 0xa2, 0xaf, 0x6b
- };
- ret = sizeof(signature_2048);
- XMEMCPY(out, signature_2048, ret);
- }
- #endif
- #if !defined(WC_NO_RNG) && !defined(WC_NO_RSA_OAEP) && \
- ((!defined(WOLFSSL_RSA_VERIFY_ONLY) && !defined(WOLFSSL_RSA_PUBLIC_ONLY)) || \
- defined(WOLFSSL_PUBLIC_MP))
- idx = (word32)ret;
- XMEMSET(plain, 0, plainSz);
- do {
- #if defined(WOLFSSL_ASYNC_CRYPT)
- ret = wc_AsyncWait(ret, &key->asyncDev, WC_ASYNC_FLAG_CALL_AGAIN);
- #endif
- if (ret >= 0) {
- #ifndef WOLFSSL_RSA_VERIFY_INLINE
- #if defined(WOLFSSL_CRYPTOCELL)
- /*
- Cryptocell requires the input data and signature byte array to verify.
- first argument must be the input data
- second argument must be the length of input data
- third argument must be the signature byte array or the output from
- wc_RsaSSL_Sign()
- fourth argument must be the length of the signature byte array
- */
- ret = wc_RsaSSL_Verify(in, inLen, out, outSz, key);
- #else
- ret = wc_RsaSSL_Verify(out, idx, plain, plainSz, key);
- #endif /* WOLFSSL_CRYPTOCELL */
- #else
- byte* dec = NULL;
- ret = wc_RsaSSL_VerifyInline(out, idx, &dec, key);
- if (ret > 0) {
- XMEMCPY(plain, dec, ret);
- }
- #endif
- }
- } while (ret == WC_PENDING_E);
- if (ret < 0) {
- ERROR_OUT(-7916, exit_rsa);
- }
- if (XMEMCMP(plain, in, (size_t)ret)) {
- ERROR_OUT(-7917, exit_rsa);
- }
- TEST_SLEEP();
- #endif
- #ifndef WOLFSSL_RSA_VERIFY_ONLY
- #if !defined(WC_NO_RSA_OAEP) && !defined(WC_NO_RNG)
- /* OAEP padding testing */
- #if !defined(HAVE_FAST_RSA) && !defined(HAVE_USER_RSA) && \
- (!defined(HAVE_FIPS) || \
- (defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION >= 2)))
- #ifndef NO_SHA
- XMEMSET(plain, 0, plainSz);
- do {
- #if defined(WOLFSSL_ASYNC_CRYPT)
- ret = wc_AsyncWait(ret, &key->asyncDev, WC_ASYNC_FLAG_CALL_AGAIN);
- #endif
- if (ret >= 0) {
- ret = wc_RsaPublicEncrypt_ex(in, inLen, out, outSz, key, &rng,
- WC_RSA_OAEP_PAD, WC_HASH_TYPE_SHA, WC_MGF1SHA1, NULL, 0);
- }
- } while (ret == WC_PENDING_E);
- if (ret < 0) {
- ERROR_OUT(-7918, exit_rsa);
- }
- TEST_SLEEP();
- #ifndef WOLFSSL_RSA_PUBLIC_ONLY
- idx = (word32)ret;
- do {
- #if defined(WOLFSSL_ASYNC_CRYPT)
- ret = wc_AsyncWait(ret, &key->asyncDev, WC_ASYNC_FLAG_CALL_AGAIN);
- #endif
- if (ret >= 0) {
- ret = wc_RsaPrivateDecrypt_ex(out, idx, plain, plainSz, key,
- WC_RSA_OAEP_PAD, WC_HASH_TYPE_SHA, WC_MGF1SHA1, NULL, 0);
- }
- } while (ret == WC_PENDING_E);
- if (ret < 0) {
- ERROR_OUT(-7919, exit_rsa);
- }
- if (XMEMCMP(plain, in, inLen)) {
- ERROR_OUT(-7920, exit_rsa);
- }
- TEST_SLEEP();
- #endif /* NO_SHA */
- #endif
- #ifndef NO_SHA256
- XMEMSET(plain, 0, plainSz);
- #ifndef WOLFSSL_RSA_VERIFY_ONLY
- do {
- #if defined(WOLFSSL_ASYNC_CRYPT)
- ret = wc_AsyncWait(ret, &key->asyncDev, WC_ASYNC_FLAG_CALL_AGAIN);
- #endif
- if (ret >= 0) {
- ret = wc_RsaPublicEncrypt_ex(in, inLen, out, outSz, key, &rng,
- WC_RSA_OAEP_PAD, WC_HASH_TYPE_SHA256, WC_MGF1SHA256, NULL, 0);
- }
- } while (ret == WC_PENDING_E);
- if (ret < 0) {
- ERROR_OUT(-7921, exit_rsa);
- }
- TEST_SLEEP();
- #endif /* WOLFSSL_RSA_VERIFY_ONLY */
- idx = (word32)ret;
- #ifndef WOLFSSL_RSA_PUBLIC_ONLY
- do {
- #if defined(WOLFSSL_ASYNC_CRYPT)
- ret = wc_AsyncWait(ret, &key->asyncDev, WC_ASYNC_FLAG_CALL_AGAIN);
- #endif
- if (ret >= 0) {
- ret = wc_RsaPrivateDecrypt_ex(out, idx, plain, plainSz, key,
- WC_RSA_OAEP_PAD, WC_HASH_TYPE_SHA256, WC_MGF1SHA256, NULL, 0);
- }
- } while (ret == WC_PENDING_E);
- if (ret < 0) {
- ERROR_OUT(-7922, exit_rsa);
- }
- if (XMEMCMP(plain, in, inLen)) {
- ERROR_OUT(-7923, exit_rsa);
- }
- TEST_SLEEP();
- #endif /* WOLFSSL_RSA_PUBLIC_ONLY */
- #ifndef WOLFSSL_RSA_PUBLIC_ONLY
- do {
- #if defined(WOLFSSL_ASYNC_CRYPT)
- ret = wc_AsyncWait(ret, &key->asyncDev, WC_ASYNC_FLAG_CALL_AGAIN);
- #endif
- if (ret >= 0) {
- ret = wc_RsaPrivateDecryptInline_ex(out, idx, &res, key,
- WC_RSA_OAEP_PAD, WC_HASH_TYPE_SHA256, WC_MGF1SHA256, NULL, 0);
- }
- } while (ret == WC_PENDING_E);
- if (ret < 0) {
- ERROR_OUT(-7924, exit_rsa);
- }
- if (ret != (int)inLen) {
- ERROR_OUT(-7925, exit_rsa);
- }
- if (XMEMCMP(res, in, inLen)) {
- ERROR_OUT(-7926, exit_rsa);
- }
- TEST_SLEEP();
- #endif /* WOLFSSL_RSA_PUBLIC_ONLY */
- /* check fails if not using the same optional label */
- XMEMSET(plain, 0, plainSz);
- #ifndef WOLFSSL_RSA_VERIFY_ONLY
- do {
- #if defined(WOLFSSL_ASYNC_CRYPT)
- ret = wc_AsyncWait(ret, &key->asyncDev, WC_ASYNC_FLAG_CALL_AGAIN);
- #endif
- if (ret >= 0) {
- ret = wc_RsaPublicEncrypt_ex(in, inLen, out, outSz, key, &rng,
- WC_RSA_OAEP_PAD, WC_HASH_TYPE_SHA256, WC_MGF1SHA256, NULL, 0);
- }
- } while (ret == WC_PENDING_E);
- if (ret < 0) {
- ERROR_OUT(-7927, exit_rsa);
- }
- TEST_SLEEP();
- #endif /* WOLFSSL_RSA_VERIFY_ONLY */
- /* TODO: investigate why Cavium Nitrox doesn't detect decrypt error here */
- #if !defined(HAVE_CAVIUM) && !defined(WOLFSSL_RSA_PUBLIC_ONLY) && \
- !defined(WOLFSSL_CRYPTOCELL)
- /* label is unused in cryptocell so it won't detect decrypt error due to label */
- idx = (word32)ret;
- do {
- #if defined(WOLFSSL_ASYNC_CRYPT)
- ret = wc_AsyncWait(ret, &key->asyncDev, WC_ASYNC_FLAG_CALL_AGAIN);
- #endif
- if (ret >= 0) {
- ret = wc_RsaPrivateDecrypt_ex(out, idx, plain, plainSz, key,
- WC_RSA_OAEP_PAD, WC_HASH_TYPE_SHA256, WC_MGF1SHA256, in, inLen);
- }
- } while (ret == WC_PENDING_E);
- if (ret > 0) { /* in this case decrypt should fail */
- ERROR_OUT(-7928, exit_rsa);
- }
- ret = 0;
- TEST_SLEEP();
- #endif /* !HAVE_CAVIUM */
- /* check using optional label with encrypt/decrypt */
- XMEMSET(plain, 0, plainSz);
- #ifndef WOLFSSL_RSA_VERIFY_ONLY
- do {
- #if defined(WOLFSSL_ASYNC_CRYPT)
- ret = wc_AsyncWait(ret, &key->asyncDev, WC_ASYNC_FLAG_CALL_AGAIN);
- #endif
- if (ret >= 0) {
- ret = wc_RsaPublicEncrypt_ex(in, inLen, out, outSz, key, &rng,
- WC_RSA_OAEP_PAD, WC_HASH_TYPE_SHA256, WC_MGF1SHA256, in, inLen);
- }
- } while (ret == WC_PENDING_E);
- if (ret < 0) {
- ERROR_OUT(-7929, exit_rsa);
- }
- TEST_SLEEP();
- #endif /* WOLFSSL_RSA_VERIFY_ONLY */
- idx = (word32)ret;
- #ifndef WOLFSSL_RSA_PUBLIC_ONLY
- do {
- #if defined(WOLFSSL_ASYNC_CRYPT)
- ret = wc_AsyncWait(ret, &key->asyncDev, WC_ASYNC_FLAG_CALL_AGAIN);
- #endif
- if (ret >= 0) {
- ret = wc_RsaPrivateDecrypt_ex(out, idx, plain, plainSz, key,
- WC_RSA_OAEP_PAD, WC_HASH_TYPE_SHA256, WC_MGF1SHA256, in, inLen);
- }
- } while (ret == WC_PENDING_E);
- if (ret < 0) {
- ERROR_OUT(-7930, exit_rsa);
- }
- if (XMEMCMP(plain, in, inLen)) {
- ERROR_OUT(-7931, exit_rsa);
- }
- TEST_SLEEP();
- #endif /* WOLFSSL_RSA_PUBLIC_ONLY */
- #ifndef WOLFSSL_RSA_VERIFY_ONLY
- #ifndef NO_SHA
- /* check fail using mismatch hash algorithms */
- XMEMSET(plain, 0, plainSz);
- do {
- #if defined(WOLFSSL_ASYNC_CRYPT)
- ret = wc_AsyncWait(ret, &key->asyncDev, WC_ASYNC_FLAG_CALL_AGAIN);
- #endif
- if (ret >= 0) {
- ret = wc_RsaPublicEncrypt_ex(in, inLen, out, outSz, key, &rng,
- WC_RSA_OAEP_PAD, WC_HASH_TYPE_SHA, WC_MGF1SHA1, in, inLen);
- }
- } while (ret == WC_PENDING_E);
- if (ret < 0) {
- ERROR_OUT(-7932, exit_rsa);
- }
- TEST_SLEEP();
- /* TODO: investigate why Cavium Nitrox doesn't detect decrypt error here */
- #if !defined(HAVE_CAVIUM) && !defined(WOLFSSL_RSA_PUBLIC_ONLY) && \
- !defined(WOLFSSL_CRYPTOCELL)
- idx = (word32)ret;
- do {
- #if defined(WOLFSSL_ASYNC_CRYPT)
- ret = wc_AsyncWait(ret, &key->asyncDev, WC_ASYNC_FLAG_CALL_AGAIN);
- #endif
- if (ret >= 0) {
- ret = wc_RsaPrivateDecrypt_ex(out, idx, plain, plainSz, key,
- WC_RSA_OAEP_PAD, WC_HASH_TYPE_SHA256, WC_MGF1SHA256,
- in, inLen);
- }
- } while (ret == WC_PENDING_E);
- if (ret > 0) { /* should fail */
- ERROR_OUT(-7933, exit_rsa);
- }
- ret = 0;
- TEST_SLEEP();
- #endif /* !HAVE_CAVIUM */
- #endif /* NO_SHA */
- #endif /* WOLFSSL_RSA_VERIFY_ONLY */
- #endif /* NO_SHA256 */
- #ifdef WOLFSSL_SHA512
- /* Check valid RSA key size is used while using hash length of SHA512
- If key size is less than (hash length * 2) + 2 then is invalid use
- and test, since OAEP padding requires this.
- BAD_FUNC_ARG is returned when this case is not met */
- if (wc_RsaEncryptSize(key) > ((int)WC_SHA512_DIGEST_SIZE * 2) + 2) {
- XMEMSET(plain, 0, plainSz);
- do {
- #if defined(WOLFSSL_ASYNC_CRYPT)
- ret = wc_AsyncWait(ret, &key->asyncDev, WC_ASYNC_FLAG_CALL_AGAIN);
- #endif
- if (ret >= 0) {
- ret = wc_RsaPublicEncrypt_ex(in, inLen, out, outSz, key, &rng,
- WC_RSA_OAEP_PAD, WC_HASH_TYPE_SHA512, WC_MGF1SHA512, NULL, 0);
- }
- } while (ret == WC_PENDING_E);
- if (ret < 0) {
- ERROR_OUT(-7934, exit_rsa);
- }
- TEST_SLEEP();
- idx = ret;
- #ifndef WOLFSSL_RSA_PUBLIC_ONLY
- do {
- #if defined(WOLFSSL_ASYNC_CRYPT)
- ret = wc_AsyncWait(ret, &key->asyncDev, WC_ASYNC_FLAG_CALL_AGAIN);
- #endif
- if (ret >= 0) {
- ret = wc_RsaPrivateDecrypt_ex(out, idx, plain, plainSz, key,
- WC_RSA_OAEP_PAD, WC_HASH_TYPE_SHA512, WC_MGF1SHA512, NULL, 0);
- }
- } while (ret == WC_PENDING_E);
- if (ret < 0) {
- ERROR_OUT(-7935, exit_rsa);
- }
- if (XMEMCMP(plain, in, inLen)) {
- ERROR_OUT(-7936, exit_rsa);
- }
- TEST_SLEEP();
- #endif /* WOLFSSL_RSA_PUBLIC_ONLY */
- }
- #endif /* WOLFSSL_SHA512 */
- /* check using pkcsv15 padding with _ex API */
- XMEMSET(plain, 0, plainSz);
- do {
- #if defined(WOLFSSL_ASYNC_CRYPT)
- ret = wc_AsyncWait(ret, &key->asyncDev, WC_ASYNC_FLAG_CALL_AGAIN);
- #endif
- if (ret >= 0) {
- ret = wc_RsaPublicEncrypt_ex(in, inLen, out, outSz, key, &rng,
- WC_RSA_PKCSV15_PAD, WC_HASH_TYPE_NONE, 0, NULL, 0);
- }
- } while (ret == WC_PENDING_E);
- if (ret < 0) {
- ERROR_OUT(-7937, exit_rsa);
- }
- TEST_SLEEP();
- idx = (word32)ret;
- #ifndef WOLFSSL_RSA_PUBLIC_ONLY
- do {
- #if defined(WOLFSSL_ASYNC_CRYPT)
- ret = wc_AsyncWait(ret, &key->asyncDev, WC_ASYNC_FLAG_CALL_AGAIN);
- #endif
- if (ret >= 0) {
- ret = wc_RsaPrivateDecrypt_ex(out, idx, plain, plainSz, key,
- WC_RSA_PKCSV15_PAD, WC_HASH_TYPE_NONE, 0, NULL, 0);
- }
- } while (ret == WC_PENDING_E);
- if (ret < 0) {
- ERROR_OUT(-7938, exit_rsa);
- }
- if (XMEMCMP(plain, in, inLen)) {
- ERROR_OUT(-7939, exit_rsa);
- }
- TEST_SLEEP();
- #endif /* WOLFSSL_RSA_PUBLIC_ONLY */
- #endif /* !HAVE_FAST_RSA && !HAVE_FIPS */
- #endif /* WC_NO_RSA_OAEP && !WC_NO_RNG */
- #endif /* WOLFSSL_RSA_VERIFY_ONLY */
- #if !defined(HAVE_FIPS) && !defined(HAVE_USER_RSA) && !defined(NO_ASN) \
- && !defined(WOLFSSL_RSA_VERIFY_ONLY)
- ret = rsa_export_key_test(key);
- if (ret != 0)
- return ret;
- #endif
- #if !defined(NO_ASN) && !defined(WOLFSSL_RSA_PUBLIC_ONLY) && \
- !defined(WOLFSSL_RSA_VERIFY_ONLY)
- ret = rsa_flatten_test(key);
- if (ret != 0)
- return ret;
- #endif
- #if defined(WOLFSSL_MDK_ARM)
- #define sizeof(s) XSTRLEN((char *)(s))
- #endif
- #ifdef USE_CERT_BUFFERS_1024
- XMEMCPY(tmp, client_cert_der_1024, (size_t)sizeof_client_cert_der_1024);
- bytes = (size_t)sizeof_client_cert_der_1024;
- #elif defined(USE_CERT_BUFFERS_2048)
- XMEMCPY(tmp, client_cert_der_2048, (size_t)sizeof_client_cert_der_2048);
- bytes = (size_t)sizeof_client_cert_der_2048;
- #elif defined(USE_CERT_BUFFERS_3072)
- XMEMCPY(tmp, client_cert_der_3072, (size_t)sizeof_client_cert_der_3072);
- bytes = (size_t)sizeof_client_cert_der_3072;
- #elif defined(USE_CERT_BUFFERS_4096)
- XMEMCPY(tmp, client_cert_der_4096, (size_t)sizeof_client_cert_der_4096);
- bytes = (size_t)sizeof_client_cert_der_4096;
- #elif !defined(NO_FILESYSTEM)
- file2 = XFOPEN(clientCert, "rb");
- if (!file2) {
- ERROR_OUT(-7940, exit_rsa);
- }
- bytes = XFREAD(tmp, 1, FOURK_BUF, file2);
- XFCLOSE(file2);
- #else
- /* No certificate to use. */
- ERROR_OUT(-7941, exit_rsa);
- #endif
- #ifdef sizeof
- #undef sizeof
- #endif
- #ifdef WOLFSSL_TEST_CERT
- InitDecodedCert(cert, tmp, (word32)bytes, 0);
- ret = ParseCert(cert, CERT_TYPE, NO_VERIFY, 0);
- if (ret != 0) {
- FreeDecodedCert(cert);
- ERROR_OUT(-7942, exit_rsa);
- }
- FreeDecodedCert(cert);
- #endif
- #ifdef WOLFSSL_CERT_EXT
- #ifdef USE_CERT_BUFFERS_1024
- XMEMCPY(tmp, client_keypub_der_1024, sizeof_client_keypub_der_1024);
- bytes = sizeof_client_keypub_der_1024;
- #elif defined(USE_CERT_BUFFERS_2048)
- XMEMCPY(tmp, client_keypub_der_2048, sizeof_client_keypub_der_2048);
- bytes = sizeof_client_keypub_der_2048;
- #elif defined(USE_CERT_BUFFERS_3072)
- XMEMCPY(tmp, client_keypub_der_3072, sizeof_client_keypub_der_3072);
- bytes = sizeof_client_keypub_der_3072;
- #elif defined(USE_CERT_BUFFERS_4096)
- XMEMCPY(tmp, client_keypub_der_4096, sizeof_client_keypub_der_4096);
- bytes = sizeof_client_keypub_der_4096;
- #else
- file = XFOPEN(clientKeyPub, "rb");
- if (!file) {
- err_sys("can't open ./certs/client-keyPub.der, "
- "Please run from wolfSSL home dir", -40);
- ERROR_OUT(-7943, exit_rsa);
- }
- bytes = XFREAD(tmp, 1, FOURK_BUF, file);
- XFCLOSE(file);
- #endif /* USE_CERT_BUFFERS */
- ret = wc_InitRsaKey(keypub, HEAP_HINT);
- if (ret != 0) {
- ERROR_OUT(-7944, exit_rsa);
- }
- idx = 0;
- ret = wc_RsaPublicKeyDecode(tmp, &idx, keypub, (word32)bytes);
- if (ret != 0) {
- ERROR_OUT(-7945, exit_rsa);
- }
- #endif /* WOLFSSL_CERT_EXT */
- #ifdef WOLFSSL_KEY_GEN
- ret = rsa_keygen_test(&rng);
- if (ret != 0)
- goto exit_rsa;
- #endif
- #ifdef WOLFSSL_CERT_GEN
- /* Make Cert / Sign example for RSA cert and RSA CA */
- ret = rsa_certgen_test(key, keypub, &rng, tmp);
- if (ret != 0)
- goto exit_rsa;
- #if !defined(NO_RSA) && defined(HAVE_ECC)
- ret = rsa_ecc_certgen_test(&rng, tmp);
- if (ret != 0)
- goto exit_rsa;
- #endif
- #ifdef HAVE_NTRU
- {
- Cert myCert;
- #if !defined(USE_CERT_BUFFERS_1024) && !defined(USE_CERT_BUFFERS_2048)
- XFILE caFile;
- #endif
- #if !defined(NO_FILESYSTEM) && !defined(NO_WRITE_TEMP_FILES)
- XFILE ntruPrivFile;
- #endif
- int certSz;
- word32 idx3 = 0;
- #ifdef WOLFSSL_TEST_CERT
- DecodedCert decode;
- #endif
- byte public_key[557]; /* sized for EES401EP2 */
- word16 public_key_len; /* no. of octets in public key */
- byte private_key[607]; /* sized for EES401EP2 */
- word16 private_key_len; /* no. of octets in private key */
- DRBG_HANDLE drbg;
- static uint8_t const pers_str[] = {
- 'C', 'y', 'a', 'S', 'S', 'L', ' ', 't', 'e', 's', 't'
- };
- word32 rc = ntru_crypto_drbg_instantiate(112, pers_str,
- sizeof(pers_str), GetEntropy, &drbg);
- if (rc != DRBG_OK) {
- ERROR_OUT(-7946, exit_rsa);
- }
- rc = ntru_crypto_ntru_encrypt_keygen(drbg, NTRU_EES401EP2,
- &public_key_len, NULL,
- &private_key_len, NULL);
- if (rc != NTRU_OK) {
- ERROR_OUT(-7947, exit_rsa);
- }
- rc = ntru_crypto_ntru_encrypt_keygen(drbg, NTRU_EES401EP2,
- &public_key_len, public_key,
- &private_key_len, private_key);
- if (rc != NTRU_OK) {
- ERROR_OUT(-7948, exit_rsa);
- }
- rc = ntru_crypto_drbg_uninstantiate(drbg);
- if (rc != NTRU_OK) {
- ERROR_OUT(-7949, exit_rsa);
- }
- #ifdef USE_CERT_BUFFERS_1024
- XMEMCPY(tmp, ca_key_der_1024, sizeof_ca_key_der_1024);
- bytes = sizeof_ca_key_der_1024;
- #elif defined(USE_CERT_BUFFERS_2048)
- XMEMCPY(tmp, ca_key_der_2048, sizeof_ca_key_der_2048);
- bytes = sizeof_ca_key_der_2048;
- #else
- caFile = XFOPEN(rsaCaKeyFile, "rb");
- if (!caFile) {
- ERROR_OUT(-7950, exit_rsa);
- }
- bytes = XFREAD(tmp, 1, FOURK_BUF, caFile);
- XFCLOSE(caFile);
- #endif /* USE_CERT_BUFFERS */
- ret = wc_InitRsaKey(caKey, HEAP_HINT);
- if (ret != 0) {
- ERROR_OUT(-7951, exit_rsa);
- }
- ret = wc_RsaPrivateKeyDecode(tmp, &idx3, caKey, (word32)bytes);
- if (ret != 0) {
- ERROR_OUT(-7952, exit_rsa);
- }
- if (wc_InitCert(&myCert)) {
- ERROR_OUT(-7953, exit_rsa);
- }
- XMEMCPY(&myCert.subject, &certDefaultName, sizeof(CertName));
- myCert.daysValid = 1000;
- #ifdef WOLFSSL_CERT_EXT
- /* add SKID from the Public Key */
- if (wc_SetSubjectKeyIdFromNtruPublicKey(&myCert, public_key,
- public_key_len) != 0) {
- ERROR_OUT(-7954, exit_rsa);
- }
- /* add AKID from the CA certificate */
- #if defined(USE_CERT_BUFFERS_2048)
- ret = wc_SetAuthKeyIdFromCert(&myCert, ca_cert_der_2048,
- sizeof_ca_cert_der_2048);
- #elif defined(USE_CERT_BUFFERS_1024)
- ret = wc_SetAuthKeyIdFromCert(&myCert, ca_cert_der_1024,
- sizeof_ca_cert_der_1024);
- #else
- ret = wc_SetAuthKeyId(&myCert, rsaCaCertFile);
- #endif
- if (ret != 0) {
- ERROR_OUT(-7955, exit_rsa);
- }
- /* add Key Usage */
- if (wc_SetKeyUsage(&myCert, certKeyUsage2) != 0) {
- ERROR_OUT(-7956, exit_rsa);
- }
- #endif /* WOLFSSL_CERT_EXT */
- #if defined(USE_CERT_BUFFERS_2048)
- ret = wc_SetIssuerBuffer(&myCert, ca_cert_der_2048,
- sizeof_ca_cert_der_2048);
- #elif defined(USE_CERT_BUFFERS_1024)
- ret = wc_SetIssuerBuffer(&myCert, ca_cert_der_1024,
- sizeof_ca_cert_der_1024);
- #else
- ret = wc_SetIssuer(&myCert, rsaCaCertFile);
- #endif
- if (ret < 0) {
- ERROR_OUT(-7957, exit_rsa);
- }
- der = (byte*)XMALLOC(FOURK_BUF, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- if (der == NULL) {
- ERROR_OUT(-7958, exit_rsa);
- }
- certSz = wc_MakeNtruCert(&myCert, der, FOURK_BUF, public_key,
- public_key_len, &rng);
- if (certSz < 0) {
- ERROR_OUT(-7959, exit_rsa);
- }
- ret = 0;
- do {
- #if defined(WOLFSSL_ASYNC_CRYPT)
- ret = wc_AsyncWait(ret, &caKey->asyncDev, WC_ASYNC_FLAG_CALL_AGAIN);
- #endif
- if (ret >= 0) {
- ret = wc_SignCert(myCert.bodySz, myCert.sigType, der, FOURK_BUF,
- caKey, NULL, &rng);
- }
- } while (ret == WC_PENDING_E);
- wc_FreeRsaKey(caKey);
- if (ret < 0) {
- ERROR_OUT(-7960, exit_rsa);
- }
- certSz = ret;
- #ifdef WOLFSSL_TEST_CERT
- InitDecodedCert(&decode, der, certSz, HEAP_HINT);
- ret = ParseCert(&decode, CERT_TYPE, NO_VERIFY, 0);
- if (ret != 0) {
- FreeDecodedCert(&decode);
- ERROR_OUT(-7961, exit_rsa);
- }
- FreeDecodedCert(&decode);
- #endif
- ret = SaveDerAndPem(der, certSz, "./ntru-cert.der", "./ntru-cert.pem",
- CERT_TYPE, -5637);
- if (ret != 0) {
- goto exit_rsa;
- }
- #if !defined(NO_FILESYSTEM) && !defined(NO_WRITE_TEMP_FILES)
- ntruPrivFile = XFOPEN("./ntru-key.raw", "wb");
- if (!ntruPrivFile) {
- ERROR_OUT(-7962, exit_rsa);
- }
- ret = (int)XFWRITE(private_key, 1, private_key_len, ntruPrivFile);
- XFCLOSE(ntruPrivFile);
- if (ret != private_key_len) {
- ERROR_OUT(-7963, exit_rsa);
- }
- #endif
- XFREE(der, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- der = NULL;
- }
- #endif /* HAVE_NTRU */
- #ifdef WOLFSSL_CERT_REQ
- {
- Cert *req;
- int derSz;
- req = (Cert *)XMALLOC(sizeof *req, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- if (! req)
- ERROR_OUT(MEMORY_E, exit_rsa);
- der = (byte*)XMALLOC(FOURK_BUF, HEAP_HINT,DYNAMIC_TYPE_TMP_BUFFER);
- if (der == NULL) {
- ERROR_OUT(-7964, exit_rsa);
- }
- if (wc_InitCert(req)) {
- ERROR_OUT(-7965, exit_rsa);
- }
- req->version = 0;
- req->isCA = 1;
- XSTRNCPY(req->challengePw, "wolf123", CTC_NAME_SIZE);
- XMEMCPY(&req->subject, &certDefaultName, sizeof(CertName));
- #ifndef NO_SHA256
- req->sigType = CTC_SHA256wRSA;
- #else
- req->sigType = CTC_SHAwRSA;
- #endif
- #ifdef WOLFSSL_CERT_EXT
- /* add SKID from the Public Key */
- if (wc_SetSubjectKeyIdFromPublicKey(req, keypub, NULL) != 0) {
- ERROR_OUT(-7966, exit_rsa);
- }
- /* add Key Usage */
- if (wc_SetKeyUsage(req, certKeyUsage2) != 0) {
- ERROR_OUT(-7967, exit_rsa);
- }
- /* add Extended Key Usage */
- if (wc_SetExtKeyUsage(req, "serverAuth,clientAuth,codeSigning,"
- "emailProtection,timeStamping,OCSPSigning") != 0) {
- ERROR_OUT(-7968, exit_rsa);
- }
- #ifdef WOLFSSL_EKU_OID
- {
- WOLFSSL_SMALL_STACK_STATIC const char unique[] = "2.16.840.1.111111.100.1.10.1";
- if (wc_SetExtKeyUsageOID(req, unique, sizeof(unique), 0,
- HEAP_HINT) != 0) {
- ERROR_OUT(-7969, exit_rsa);
- }
- }
- #endif /* WOLFSSL_EKU_OID */
- #endif /* WOLFSSL_CERT_EXT */
- derSz = wc_MakeCertReq(req, der, FOURK_BUF, key, NULL);
- if (derSz < 0) {
- ERROR_OUT(-7970, exit_rsa);
- }
- #ifdef WOLFSSL_CERT_EXT
- /* Try again with "any" flag set, will override all others */
- if (wc_SetExtKeyUsage(req, "any") != 0) {
- ERROR_OUT(-7971, exit_rsa);
- }
- derSz = wc_MakeCertReq(req, der, FOURK_BUF, key, NULL);
- if (derSz < 0) {
- ERROR_OUT(-7972, exit_rsa);
- }
- #endif /* WOLFSSL_CERT_EXT */
- ret = 0;
- do {
- #if defined(WOLFSSL_ASYNC_CRYPT)
- ret = wc_AsyncWait(ret, &key->asyncDev, WC_ASYNC_FLAG_CALL_AGAIN);
- #endif
- if (ret >= 0) {
- ret = wc_SignCert(req->bodySz, req->sigType, der, FOURK_BUF,
- key, NULL, &rng);
- }
- } while (ret == WC_PENDING_E);
- if (ret < 0) {
- ERROR_OUT(-7973, exit_rsa);
- }
- derSz = ret;
- ret = SaveDerAndPem(der, derSz, certReqDerFile, certReqPemFile,
- CERTREQ_TYPE, -5650);
- if (ret != 0) {
- goto exit_rsa;
- }
- derSz = wc_MakeCertReq_ex(req, der, FOURK_BUF, RSA_TYPE, key);
- if (derSz < 0) {
- ERROR_OUT(-7974, exit_rsa);
- }
- XFREE(der, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- XFREE(req, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- der = NULL;
- }
- #endif /* WOLFSSL_CERT_REQ */
- #endif /* WOLFSSL_CERT_GEN */
- #if defined(WC_RSA_PSS) && !defined(HAVE_FIPS_VERSION) /* not supported with FIPSv1 */
- /* Need to create known good signatures to test with this. */
- #if !defined(WOLFSSL_RSA_VERIFY_ONLY) && !defined(WOLFSSL_RSA_PUBLIC_ONLY)
- ret = rsa_pss_test(&rng, key);
- if (ret != 0)
- goto exit_rsa;
- #endif
- #endif
- #if defined(WOLFSSL_HAVE_SP_RSA) && defined(USE_FAST_MATH)
- #ifdef WOLFSSL_SMALL_STACK
- /* New key to be loaded in rsa_even_mod_test(). */
- if (key != NULL)
- #endif
- wc_FreeRsaKey(key);
- /* New key to be loaded in rsa_even_mod_test(). */
- ret = rsa_even_mod_test(&rng, key);
- #endif
- exit_rsa:
- #ifdef WOLFSSL_SMALL_STACK
- if (key != NULL) {
- wc_FreeRsaKey(key);
- XFREE(key, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- }
- #if defined(WOLFSSL_CERT_EXT) || defined(WOLFSSL_CERT_GEN)
- if (keypub != NULL) {
- wc_FreeRsaKey(keypub);
- XFREE(keypub, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- }
- #endif
- #if defined(HAVE_NTRU)
- if (caKey != NULL) {
- wc_FreeRsaKey(caKey);
- XFREE(caKey, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- }
- #endif
- #ifdef WOLFSSL_TEST_CERT
- if (cert != NULL)
- XFREE(cert, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- #endif
- #else
- wc_FreeRsaKey(key);
- #if defined(WOLFSSL_CERT_EXT) || defined(WOLFSSL_CERT_GEN)
- wc_FreeRsaKey(keypub);
- #endif
- #if defined(HAVE_NTRU)
- wc_FreeRsaKey(caKey);
- #endif
- #endif /* WOLFSSL_SMALL_STACK */
- XFREE(der, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- XFREE(tmp, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- wc_FreeRng(&rng);
- FREE_VAR(in, HEAP_HINT);
- FREE_VAR(out, HEAP_HINT);
- FREE_VAR(plain, HEAP_HINT);
- (void)res;
- (void)bytes;
- (void)in;
- (void)out;
- (void)plain;
- (void)inLen;
- (void)outSz;
- (void)plainSz;
- /* ret can be greater then 0 with certgen but all negative values should
- * be returned and treated as an error */
- if (ret >= 0) {
- return 0;
- }
- else {
- return ret;
- }
- }
- #endif /* !NO_RSA */
- #ifndef NO_DH
- static int dh_fips_generate_test(WC_RNG *rng)
- {
- int ret = 0;
- #ifdef WOLFSSL_SMALL_STACK
- DhKey *key = (DhKey *)XMALLOC(sizeof *key, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);;
- #else
- DhKey key[1];
- #endif
- WOLFSSL_SMALL_STACK_STATIC const byte p[] = {
- 0xc5, 0x7c, 0xa2, 0x4f, 0x4b, 0xd6, 0x8c, 0x3c,
- 0xda, 0xc7, 0xba, 0xaa, 0xea, 0x2e, 0x5c, 0x1e,
- 0x18, 0xb2, 0x7b, 0x8c, 0x55, 0x65, 0x9f, 0xea,
- 0xe0, 0xa1, 0x36, 0x53, 0x2b, 0x36, 0xe0, 0x4e,
- 0x3e, 0x64, 0xa9, 0xe4, 0xfc, 0x8f, 0x32, 0x62,
- 0x97, 0xe4, 0xbe, 0xf7, 0xc1, 0xde, 0x07, 0x5a,
- 0x89, 0x28, 0xf3, 0xfe, 0x4f, 0xfe, 0x68, 0xbc,
- 0xfb, 0x0a, 0x7c, 0xa4, 0xb3, 0x14, 0x48, 0x89,
- 0x9f, 0xaf, 0xb8, 0x43, 0xe2, 0xa0, 0x62, 0x5c,
- 0xb4, 0x88, 0x3f, 0x06, 0x50, 0x11, 0xfe, 0x65,
- 0x8d, 0x49, 0xd2, 0xf5, 0x4b, 0x74, 0x79, 0xdb,
- 0x06, 0x62, 0x92, 0x89, 0xed, 0xda, 0xcb, 0x87,
- 0x37, 0x16, 0xd2, 0xa1, 0x7a, 0xe8, 0xde, 0x92,
- 0xee, 0x3e, 0x41, 0x4a, 0x91, 0x5e, 0xed, 0xf3,
- 0x6c, 0x6b, 0x7e, 0xfd, 0x15, 0x92, 0x18, 0xfc,
- 0xa7, 0xac, 0x42, 0x85, 0x57, 0xe9, 0xdc, 0xda,
- 0x55, 0xc9, 0x8b, 0x28, 0x9e, 0xc1, 0xc4, 0x46,
- 0x4d, 0x88, 0xed, 0x62, 0x8e, 0xdb, 0x3f, 0xb9,
- 0xd7, 0xc8, 0xe3, 0xcf, 0xb8, 0x34, 0x2c, 0xd2,
- 0x6f, 0x28, 0x06, 0x41, 0xe3, 0x66, 0x8c, 0xfc,
- 0x72, 0xff, 0x26, 0x3b, 0x6b, 0x6c, 0x6f, 0x73,
- 0xde, 0xf2, 0x90, 0x29, 0xe0, 0x61, 0x32, 0xc4,
- 0x12, 0x74, 0x09, 0x52, 0xec, 0xf3, 0x1b, 0xa6,
- 0x45, 0x98, 0xac, 0xf9, 0x1c, 0x65, 0x8e, 0x3a,
- 0x91, 0x84, 0x4b, 0x23, 0x8a, 0xb2, 0x3c, 0xc9,
- 0xfa, 0xea, 0xf1, 0x38, 0xce, 0xd8, 0x05, 0xe0,
- 0xfa, 0x44, 0x68, 0x1f, 0xeb, 0xd9, 0x57, 0xb8,
- 0x4a, 0x97, 0x5b, 0x88, 0xc5, 0xf1, 0xbb, 0xb0,
- 0x49, 0xc3, 0x91, 0x7c, 0xd3, 0x13, 0xb9, 0x47,
- 0xbb, 0x91, 0x8f, 0xe5, 0x26, 0x07, 0xab, 0xa9,
- 0xc5, 0xd0, 0x3d, 0x95, 0x41, 0x26, 0x92, 0x9d,
- 0x13, 0x67, 0xf2, 0x7e, 0x11, 0x88, 0xdc, 0x2d
- };
- WOLFSSL_SMALL_STACK_STATIC const byte g[] = {
- 0x4a, 0x1a, 0xf3, 0xa4, 0x92, 0xe9, 0xee, 0x74,
- 0x6e, 0x57, 0xd5, 0x8c, 0x2c, 0x5b, 0x41, 0x41,
- 0x5e, 0xd4, 0x55, 0x19, 0xdc, 0xd9, 0x32, 0x91,
- 0xf7, 0xfd, 0xc2, 0x57, 0xff, 0x03, 0x14, 0xdb,
- 0xf1, 0xb7, 0x60, 0x0c, 0x43, 0x59, 0x3f, 0xff,
- 0xac, 0xf1, 0x80, 0x9a, 0x15, 0x6f, 0xd8, 0x6e,
- 0xb7, 0x85, 0x18, 0xc8, 0xec, 0x4e, 0x59, 0x4a,
- 0xe2, 0x91, 0x43, 0x4c, 0xeb, 0x95, 0xb6, 0x2e,
- 0x9a, 0xea, 0x53, 0x68, 0x80, 0x64, 0x69, 0x40,
- 0xf9, 0xec, 0xbd, 0x85, 0x89, 0x26, 0x97, 0x67,
- 0xaf, 0xb0, 0xad, 0x00, 0x1b, 0xd4, 0xfd, 0x94,
- 0xd3, 0xe9, 0x92, 0xb1, 0xb4, 0xbc, 0x5a, 0xaa,
- 0x92, 0x80, 0x89, 0x3b, 0x39, 0x05, 0x6c, 0x22,
- 0x26, 0xfe, 0x5a, 0x28, 0x6c, 0x37, 0x50, 0x5a,
- 0x38, 0x99, 0xcf, 0xf3, 0xc1, 0x96, 0x45, 0xdc,
- 0x01, 0xcb, 0x20, 0x87, 0xa5, 0x00, 0x8c, 0xf5,
- 0x4d, 0xc2, 0xef, 0xb8, 0x9b, 0xd1, 0x87, 0xbe,
- 0xed, 0xd5, 0x0a, 0x29, 0x15, 0x34, 0x59, 0x4c,
- 0x3a, 0x05, 0x22, 0x05, 0x44, 0x4f, 0x9f, 0xc8,
- 0x47, 0x12, 0x24, 0x8e, 0xa8, 0x79, 0xe4, 0x67,
- 0xba, 0x4d, 0x5b, 0x75, 0x56, 0x95, 0xeb, 0xe8,
- 0x8a, 0xfa, 0x8e, 0x01, 0x8c, 0x1b, 0x74, 0x63,
- 0xd9, 0x2f, 0xf7, 0xd3, 0x44, 0x8f, 0xa8, 0xf5,
- 0xaf, 0x6c, 0x4f, 0xdb, 0xe7, 0xc9, 0x6c, 0x71,
- 0x22, 0xa3, 0x1d, 0xf1, 0x40, 0xb2, 0xe0, 0x9a,
- 0xb6, 0x72, 0xc9, 0xc0, 0x13, 0x16, 0xa2, 0x4a,
- 0xe1, 0x92, 0xc7, 0x54, 0x23, 0xab, 0x9d, 0xa1,
- 0xa1, 0xe5, 0x0b, 0xed, 0xba, 0xe8, 0x84, 0x37,
- 0xb2, 0xe7, 0xfe, 0x32, 0x8d, 0xfa, 0x1c, 0x53,
- 0x77, 0x97, 0xc7, 0xf3, 0x48, 0xc9, 0xdb, 0x2d,
- 0x75, 0x52, 0x9d, 0x42, 0x51, 0x78, 0x62, 0x68,
- 0x05, 0x45, 0x15, 0xf8, 0xa2, 0x4e, 0xf3, 0x0b
- };
- WOLFSSL_SMALL_STACK_STATIC const byte q[] = {
- 0xe0, 0x35, 0x37, 0xaf, 0xb2, 0x50, 0x91, 0x8e,
- 0xf2, 0x62, 0x2b, 0xd9, 0x9f, 0x6c, 0x11, 0x75,
- 0xec, 0x24, 0x5d, 0x78, 0x59, 0xe7, 0x8d, 0xb5,
- 0x40, 0x52, 0xed, 0x41
- };
- WOLFSSL_SMALL_STACK_STATIC const byte q0[] = {
- 0x00,
- 0xe0, 0x35, 0x37, 0xaf, 0xb2, 0x50, 0x91, 0x8e,
- 0xf2, 0x62, 0x2b, 0xd9, 0x9f, 0x6c, 0x11, 0x75,
- 0xec, 0x24, 0x5d, 0x78, 0x59, 0xe7, 0x8d, 0xb5,
- 0x40, 0x52, 0xed, 0x41
- };
- byte priv[256];
- byte pub[256];
- word32 privSz = sizeof(priv);
- word32 pubSz = sizeof(pub);
- #ifdef WOLFSSL_SMALL_STACK
- if (key == NULL)
- ERROR_OUT(MEMORY_E, exit_gen_test);
- #endif
- /* Parameter Validation testing. */
- ret = wc_DhGenerateKeyPair(NULL, rng, priv, &privSz, pub, &pubSz);
- if (ret != BAD_FUNC_ARG)
- ERROR_OUT(-7980, exit_gen_test);
- ret = wc_DhGenerateKeyPair(key, NULL, priv, &privSz, pub, &pubSz);
- if (ret != BAD_FUNC_ARG)
- ERROR_OUT(-7981, exit_gen_test);
- ret = wc_DhGenerateKeyPair(key, rng, NULL, &privSz, pub, &pubSz);
- if (ret != BAD_FUNC_ARG)
- ERROR_OUT(-7982, exit_gen_test);
- ret = wc_DhGenerateKeyPair(key, rng, priv, NULL, pub, &pubSz);
- if (ret != BAD_FUNC_ARG)
- ERROR_OUT(-7983, exit_gen_test);
- ret = wc_DhGenerateKeyPair(key, rng, priv, &privSz, NULL, &pubSz);
- if (ret != BAD_FUNC_ARG)
- ERROR_OUT(-7984, exit_gen_test);
- ret = wc_DhGenerateKeyPair(key, rng, priv, &privSz, pub, NULL);
- if (ret != BAD_FUNC_ARG)
- ERROR_OUT(-7985, exit_gen_test);
- ret = wc_InitDhKey_ex(key, HEAP_HINT, devId);
- if (ret != 0)
- ERROR_OUT(-7986, exit_gen_test);
- ret = wc_DhSetKey_ex(key, p, sizeof(p), g, sizeof(g), q0, sizeof(q0));
- if (ret != 0) {
- ERROR_OUT(-7987, exit_gen_test);
- }
- wc_FreeDhKey(key);
- ret = wc_InitDhKey_ex(key, HEAP_HINT, devId);
- if (ret != 0)
- ERROR_OUT(-7988, exit_gen_test);
- ret = wc_DhSetKey_ex(key, p, sizeof(p), g, sizeof(g), q, sizeof(q));
- if (ret != 0) {
- ERROR_OUT(-7989, exit_gen_test);
- }
- /* Use API. */
- ret = wc_DhGenerateKeyPair(key, rng, priv, &privSz, pub, &pubSz);
- #if defined(WOLFSSL_ASYNC_CRYPT)
- ret = wc_AsyncWait(ret, &key->asyncDev, WC_ASYNC_FLAG_NONE);
- #endif
- if (ret != 0) {
- ERROR_OUT(-7990, exit_gen_test);
- }
- ret = wc_DhCheckPubKey_ex(key, pub, pubSz, q0, sizeof(q0));
- if (ret != 0) {
- ERROR_OUT(-7991, exit_gen_test);
- }
- wc_FreeDhKey(key);
- ret = wc_InitDhKey_ex(key, HEAP_HINT, devId);
- if (ret != 0)
- ERROR_OUT(-7992, exit_gen_test);
- ret = wc_DhSetKey(key, p, sizeof(p), g, sizeof(g));
- if (ret != 0) {
- ERROR_OUT(-7993, exit_gen_test);
- }
- ret = wc_DhCheckPubKey_ex(key, pub, pubSz, q, sizeof(q));
- if (ret != 0) {
- ERROR_OUT(-7994, exit_gen_test);
- }
- #ifndef HAVE_SELFTEST
- ret = wc_DhCheckKeyPair(key, pub, pubSz, priv, privSz);
- if (ret != 0) {
- ERROR_OUT(-7995, exit_gen_test);
- }
- /* Taint the public key so the check fails. */
- pub[0]++;
- ret = wc_DhCheckKeyPair(key, pub, pubSz, priv, privSz);
- if (ret != MP_CMP_E) {
- ERROR_OUT(-7996, exit_gen_test);
- }
- #ifdef WOLFSSL_KEY_GEN
- wc_FreeDhKey(key);
- ret = wc_InitDhKey_ex(key, HEAP_HINT, devId);
- if (ret != 0)
- ERROR_OUT(-7997, exit_gen_test);
- ret = wc_DhGenerateParams(rng, 2048, key);
- if (ret != 0) {
- ERROR_OUT(-7998, exit_gen_test);
- }
- privSz = sizeof(priv);
- pubSz = sizeof(pub);
- ret = wc_DhGenerateKeyPair(key, rng, priv, &privSz, pub, &pubSz);
- #if defined(WOLFSSL_ASYNC_CRYPT)
- ret = wc_AsyncWait(ret, &key->asyncDev, WC_ASYNC_FLAG_NONE);
- #endif
- if (ret != 0) {
- ERROR_OUT(-7999, exit_gen_test);
- }
- #endif /* WOLFSSL_KEY_GEN */
- #endif /* HAVE_SELFTEST */
- ret = 0;
- exit_gen_test:
- #ifdef WOLFSSL_SMALL_STACK
- if (key) {
- wc_FreeDhKey(key);
- XFREE(key, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- }
- #else
- wc_FreeDhKey(key);
- #endif
- return ret;
- }
- static int dh_generate_test(WC_RNG *rng)
- {
- int ret = 0;
- DhKey smallKey;
- byte p[2] = { 0, 5 };
- byte g[2] = { 0, 2 };
- #if !defined(WOLFSSL_SP_MATH)
- #ifdef WOLFSSL_DH_CONST
- /* the table for constant DH lookup will round to the lowest byte size 21 */
- byte priv[21];
- byte pub[21];
- #else
- byte priv[2];
- byte pub[2];
- #endif
- word32 privSz = sizeof(priv);
- word32 pubSz = sizeof(pub);
- #endif
- ret = wc_InitDhKey_ex(&smallKey, HEAP_HINT, devId);
- if (ret != 0)
- return -8010;
- /* Parameter Validation testing. */
- ret = wc_InitDhKey_ex(NULL, HEAP_HINT, devId);
- if (ret != BAD_FUNC_ARG)
- return -8011;
- wc_FreeDhKey(NULL);
- ret = wc_DhSetKey(NULL, p, sizeof(p), g, sizeof(g));
- if (ret != BAD_FUNC_ARG) {
- ERROR_OUT(-8012, exit_gen_test);
- }
- ret = wc_DhSetKey(&smallKey, NULL, sizeof(p), g, sizeof(g));
- if (ret != BAD_FUNC_ARG) {
- ERROR_OUT(-8013, exit_gen_test);
- }
- ret = wc_DhSetKey(&smallKey, p, 0, g, sizeof(g));
- if (ret != BAD_FUNC_ARG) {
- ERROR_OUT(-8014, exit_gen_test);
- }
- ret = wc_DhSetKey(&smallKey, p, sizeof(p), NULL, sizeof(g));
- if (ret != BAD_FUNC_ARG) {
- ERROR_OUT(-8015, exit_gen_test);
- }
- ret = wc_DhSetKey(&smallKey, p, sizeof(p), g, 0);
- if (ret != BAD_FUNC_ARG) {
- ERROR_OUT(-8016, exit_gen_test);
- }
- ret = wc_DhSetKey(&smallKey, p, sizeof(p), g, sizeof(g));
- if (ret != 0) {
- ERROR_OUT(-8017, exit_gen_test);
- }
- #if !defined(WOLFSSL_SP_MATH)
- /* Use API. */
- ret = wc_DhGenerateKeyPair(&smallKey, rng, priv, &privSz, pub, &pubSz);
- #if defined(WOLFSSL_ASYNC_CRYPT)
- ret = wc_AsyncWait(ret, &smallKey.asyncDev, WC_ASYNC_FLAG_NONE);
- #endif
- if (ret != 0) {
- ret = -8018;
- }
- #else
- (void)rng;
- ret = 0;
- #endif
- exit_gen_test:
- wc_FreeDhKey(&smallKey);
- return ret;
- }
- #if !defined(HAVE_FIPS) && !defined(HAVE_SELFTEST)
- typedef struct dh_pubvalue_test {
- const byte* data;
- word32 len;
- } dh_pubvalue_test;
- static int dh_test_check_pubvalue(void)
- {
- int ret;
- word32 i;
- WOLFSSL_SMALL_STACK_STATIC const byte prime[] = {0x01, 0x00, 0x01};
- WOLFSSL_SMALL_STACK_STATIC const byte pubValZero[] = { 0x00 };
- WOLFSSL_SMALL_STACK_STATIC const byte pubValZeroLong[] = { 0x00, 0x00, 0x00 };
- WOLFSSL_SMALL_STACK_STATIC const byte pubValOne[] = { 0x01 };
- WOLFSSL_SMALL_STACK_STATIC const byte pubValOneLong[] = { 0x00, 0x00, 0x01 };
- WOLFSSL_SMALL_STACK_STATIC const byte pubValPrimeMinusOne[] = { 0x01, 0x00, 0x00 };
- WOLFSSL_SMALL_STACK_STATIC const byte pubValPrimeLong[] = {0x00, 0x01, 0x00, 0x01};
- WOLFSSL_SMALL_STACK_STATIC const byte pubValPrimePlusOne[] = { 0x01, 0x00, 0x02 };
- WOLFSSL_SMALL_STACK_STATIC const byte pubValTooBig0[] = { 0x02, 0x00, 0x01 };
- WOLFSSL_SMALL_STACK_STATIC const byte pubValTooBig1[] = { 0x01, 0x01, 0x01 };
- WOLFSSL_SMALL_STACK_STATIC const byte pubValTooLong[] = { 0x01, 0x00, 0x00, 0x01 };
- const dh_pubvalue_test dh_pubval_fail[] = {
- { prime, sizeof(prime) },
- { pubValZero, sizeof(pubValZero) },
- { pubValZeroLong, sizeof(pubValZeroLong) },
- { pubValOne, sizeof(pubValOne) },
- { pubValOneLong, sizeof(pubValOneLong) },
- { pubValPrimeMinusOne, sizeof(pubValPrimeMinusOne) },
- { pubValPrimeLong, sizeof(pubValPrimeLong) },
- { pubValPrimePlusOne, sizeof(pubValPrimePlusOne) },
- { pubValTooBig0, sizeof(pubValTooBig0) },
- { pubValTooBig1, sizeof(pubValTooBig1) },
- { pubValTooLong, sizeof(pubValTooLong) },
- };
- WOLFSSL_SMALL_STACK_STATIC const byte pubValTwo[] = { 0x02 };
- WOLFSSL_SMALL_STACK_STATIC const byte pubValTwoLong[] = { 0x00, 0x00, 0x02 };
- WOLFSSL_SMALL_STACK_STATIC const byte pubValGood[] = { 0x12, 0x34 };
- WOLFSSL_SMALL_STACK_STATIC const byte pubValGoodLen[] = { 0x00, 0x12, 0x34 };
- WOLFSSL_SMALL_STACK_STATIC const byte pubValGoodLong[] = { 0x00, 0x00, 0x12, 0x34 };
- const dh_pubvalue_test dh_pubval_pass[] = {
- { pubValTwo, sizeof(pubValTwo) },
- { pubValTwoLong, sizeof(pubValTwoLong) },
- { pubValGood, sizeof(pubValGood) },
- { pubValGoodLen, sizeof(pubValGoodLen) },
- { pubValGoodLong, sizeof(pubValGoodLong) },
- };
- for (i = 0; i < sizeof(dh_pubval_fail) / sizeof(*dh_pubval_fail); i++) {
- ret = wc_DhCheckPubValue(prime, sizeof(prime), dh_pubval_fail[i].data,
- dh_pubval_fail[i].len);
- if (ret != MP_VAL)
- return -8020 - (int)i;
- }
- for (i = 0; i < sizeof(dh_pubval_pass) / sizeof(*dh_pubval_pass); i++) {
- ret = wc_DhCheckPubValue(prime, sizeof(prime), dh_pubval_pass[i].data,
- dh_pubval_pass[i].len);
- if (ret != 0)
- return -8030 - (int)i;
- }
- return 0;
- }
- #endif
- #if defined(HAVE_FFDHE)
- #ifdef HAVE_FFDHE_3072
- #define FFDHE_KEY_SIZE (3072/8)
- #else
- #define FFDHE_KEY_SIZE (2048/8)
- #endif
- #ifndef WC_NO_RNG
- static int dh_ffdhe_test(WC_RNG *rng, const DhParams* params)
- {
- int ret;
- word32 privSz, pubSz, privSz2, pubSz2;
- #ifdef WOLFSSL_SMALL_STACK
- byte *priv = (byte *)XMALLOC(FFDHE_KEY_SIZE, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- byte *pub = (byte *)XMALLOC(FFDHE_KEY_SIZE, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- byte *priv2 = (byte *)XMALLOC(FFDHE_KEY_SIZE, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- byte *pub2 = (byte *)XMALLOC(FFDHE_KEY_SIZE, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- byte *agree = (byte *)XMALLOC(FFDHE_KEY_SIZE, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- byte *agree2 = (byte *)XMALLOC(FFDHE_KEY_SIZE, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- DhKey *key = (DhKey *)XMALLOC(sizeof *key, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- DhKey *key2 = (DhKey *)XMALLOC(sizeof *key2, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- #else
- byte priv[FFDHE_KEY_SIZE];
- byte pub[FFDHE_KEY_SIZE];
- byte priv2[FFDHE_KEY_SIZE];
- byte pub2[FFDHE_KEY_SIZE];
- byte agree[FFDHE_KEY_SIZE];
- byte agree2[FFDHE_KEY_SIZE];
- DhKey key[1];
- DhKey key2[1];
- #endif
- word32 agreeSz = FFDHE_KEY_SIZE;
- word32 agreeSz2 = FFDHE_KEY_SIZE;
- #ifdef WOLFSSL_SMALL_STACK
- if ((priv == NULL) ||
- (pub == NULL) ||
- (priv2 == NULL) ||
- (pub2 == NULL) ||
- (agree == NULL) ||
- (agree2 == NULL) ||
- (key == NULL) ||
- (key2 == NULL))
- ERROR_OUT(-8050, done);
- #endif
- pubSz = FFDHE_KEY_SIZE;
- pubSz2 = FFDHE_KEY_SIZE;
- privSz = FFDHE_KEY_SIZE;
- privSz2 = FFDHE_KEY_SIZE;
- XMEMSET(key, 0, sizeof *key);
- XMEMSET(key2, 0, sizeof *key2);
- ret = wc_InitDhKey_ex(key, HEAP_HINT, devId);
- if (ret != 0) {
- ERROR_OUT(-8051, done);
- }
- ret = wc_InitDhKey_ex(key2, HEAP_HINT, devId);
- if (ret != 0) {
- ERROR_OUT(-8052, done);
- }
- ret = wc_DhSetKey(key, params->p, params->p_len, params->g, params->g_len);
- if (ret != 0) {
- ERROR_OUT(-8053, done);
- }
- ret = wc_DhSetKey(key2, params->p, params->p_len, params->g,
- params->g_len);
- if (ret != 0) {
- ERROR_OUT(-8054, done);
- }
- ret = wc_DhGenerateKeyPair(key, rng, priv, &privSz, pub, &pubSz);
- #if defined(WOLFSSL_ASYNC_CRYPT)
- ret = wc_AsyncWait(ret, &key->asyncDev, WC_ASYNC_FLAG_NONE);
- #endif
- if (ret != 0) {
- ERROR_OUT(-8055, done);
- }
- ret = wc_DhGenerateKeyPair(key2, rng, priv2, &privSz2, pub2, &pubSz2);
- #if defined(WOLFSSL_ASYNC_CRYPT)
- ret = wc_AsyncWait(ret, &key2->asyncDev, WC_ASYNC_FLAG_NONE);
- #endif
- if (ret != 0) {
- ERROR_OUT(-8056, done);
- }
- ret = wc_DhAgree(key, agree, &agreeSz, priv, privSz, pub2, pubSz2);
- #if defined(WOLFSSL_ASYNC_CRYPT)
- ret = wc_AsyncWait(ret, &key->asyncDev, WC_ASYNC_FLAG_NONE);
- #endif
- if (ret != 0) {
- ERROR_OUT(-8057, done);
- }
- ret = wc_DhAgree(key2, agree2, &agreeSz2, priv2, privSz2, pub, pubSz);
- #if defined(WOLFSSL_ASYNC_CRYPT)
- ret = wc_AsyncWait(ret, &key2->asyncDev, WC_ASYNC_FLAG_NONE);
- #endif
- if (ret != 0) {
- ERROR_OUT(-8058, done);
- }
- if (agreeSz != agreeSz2 || XMEMCMP(agree, agree2, agreeSz)) {
- ERROR_OUT(-8059, done);
- }
- #if defined(WOLFSSL_HAVE_SP_DH) && defined(USE_FAST_MATH)
- /* Make p even */
- key->p.dp[0] &= (mp_digit)-2;
- if (ret != 0) {
- ERROR_OUT(-8058, done);
- }
- ret = wc_DhGenerateKeyPair(key, rng, priv, &privSz, pub, &pubSz);
- if (ret != MP_VAL && ret != MP_EXPTMOD_E) {
- ERROR_OUT(-8058, done);
- }
- ret = wc_DhAgree(key, agree, &agreeSz, priv, privSz, pub2, pubSz2);
- if (ret != MP_VAL && ret != MP_EXPTMOD_E) {
- ERROR_OUT(-8057, done);
- }
- ret = wc_DhCheckKeyPair(key, pub, pubSz, priv, privSz);
- if (ret != MP_VAL && ret != MP_EXPTMOD_E) {
- ERROR_OUT(-8057, done);
- }
- /* Getting here means success - set ret to 0. */
- ret = 0;
- #endif
- done:
- #ifdef WOLFSSL_SMALL_STACK
- if (priv)
- XFREE(priv, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- if (pub)
- XFREE(pub, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- if (priv2)
- XFREE(priv2, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- if (pub2)
- XFREE(pub2, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- if (agree)
- XFREE(agree, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- if (agree2)
- XFREE(agree2, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- if (key) {
- wc_FreeDhKey(key);
- XFREE(key, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- }
- if (key2) {
- wc_FreeDhKey(key2);
- XFREE(key2, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- }
- #else
- wc_FreeDhKey(key);
- wc_FreeDhKey(key2);
- #endif
- return ret;
- }
- #endif /* !WC_NO_RNG */
- #endif /* HAVE_FFDHE */
- WOLFSSL_TEST_SUBROUTINE int dh_test(void)
- {
- int ret;
- word32 bytes;
- word32 idx = 0, privSz, pubSz, privSz2, pubSz2;
- #ifndef WC_NO_RNG
- WC_RNG rng;
- #endif
- int keyInit = 0;
- #define DH_TEST_TMP_SIZE 1024
- #if !defined(USE_CERT_BUFFERS_3072) && !defined(USE_CERT_BUFFERS_4096)
- #define DH_TEST_BUF_SIZE 256
- #else
- #define DH_TEST_BUF_SIZE 512
- #endif
- #ifndef WC_NO_RNG
- word32 agreeSz = DH_TEST_BUF_SIZE;
- word32 agreeSz2 = DH_TEST_BUF_SIZE;
- #endif
- #ifdef WOLFSSL_SMALL_STACK
- DhKey *key = (DhKey *)XMALLOC(sizeof *key, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- DhKey *key2 = (DhKey *)XMALLOC(sizeof *key2, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- byte *tmp = (byte *)XMALLOC(DH_TEST_TMP_SIZE, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- #else
- DhKey key[1];
- DhKey key2[1];
- byte tmp[DH_TEST_TMP_SIZE];
- #endif
- #ifndef WC_NO_RNG
- #ifdef WOLFSSL_SMALL_STACK
- byte *priv = (byte *)XMALLOC(DH_TEST_BUF_SIZE, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- byte *pub = (byte *)XMALLOC(DH_TEST_BUF_SIZE, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- byte *priv2 = (byte *)XMALLOC(DH_TEST_BUF_SIZE, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- byte *pub2 = (byte *)XMALLOC(DH_TEST_BUF_SIZE, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- byte *agree = (byte *)XMALLOC(DH_TEST_BUF_SIZE, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- byte *agree2 = (byte *)XMALLOC(DH_TEST_BUF_SIZE, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- if (priv == NULL || pub == NULL || priv2 == NULL || pub2 == NULL ||
- agree == NULL || agree2 == NULL) {
- ERROR_OUT(-8100, done);
- }
- #else
- byte priv[DH_TEST_BUF_SIZE];
- byte pub[DH_TEST_BUF_SIZE];
- byte priv2[DH_TEST_BUF_SIZE];
- byte pub2[DH_TEST_BUF_SIZE];
- byte agree[DH_TEST_BUF_SIZE];
- byte agree2[DH_TEST_BUF_SIZE];
- #endif
- #endif /* !WC_NO_RNG */
- #ifdef WOLFSSL_SMALL_STACK
- if (key == NULL || key2 == NULL || tmp == NULL) {
- ERROR_OUT(-8100, done);
- }
- #endif
- #ifdef USE_CERT_BUFFERS_1024
- XMEMCPY(tmp, dh_key_der_1024, (size_t)sizeof_dh_key_der_1024);
- bytes = (size_t)sizeof_dh_key_der_1024;
- #elif defined(USE_CERT_BUFFERS_2048)
- XMEMCPY(tmp, dh_key_der_2048, (size_t)sizeof_dh_key_der_2048);
- bytes = (size_t)sizeof_dh_key_der_2048;
- #elif defined(USE_CERT_BUFFERS_3072)
- XMEMCPY(tmp, dh_key_der_3072, (size_t)sizeof_dh_key_der_3072);
- bytes = (size_t)sizeof_dh_key_der_3072;
- #elif defined(USE_CERT_BUFFERS_4096)
- XMEMCPY(tmp, dh_key_der_4096, (size_t)sizeof_dh_key_der_4096);
- bytes = (size_t)sizeof_dh_key_der_4096;
- #elif defined(NO_ASN)
- /* don't use file, no DER parsing */
- #elif !defined(NO_FILESYSTEM)
- {
- XFILE file = XFOPEN(dhParamsFile, "rb");
- if (! file)
- ERROR_OUT(-8101, done);
- bytes = (word32) XFREAD(tmp, 1, DH_TEST_TMP_SIZE, file);
- XFCLOSE(file);
- }
- #else
- /* No DH key to use. */
- ERROR_OUT(-8102, done);
- #endif /* USE_CERT_BUFFERS */
- (void)idx;
- (void)tmp;
- (void)bytes;
- pubSz = DH_TEST_BUF_SIZE;
- pubSz2 = DH_TEST_BUF_SIZE;
- privSz = DH_TEST_BUF_SIZE;
- privSz2 = DH_TEST_BUF_SIZE;
- #ifndef WC_NO_RNG
- XMEMSET(&rng, 0, sizeof(rng));
- #endif
- /* Use API for coverage. */
- ret = wc_InitDhKey(key);
- if (ret != 0) {
- ERROR_OUT(-8103, done);
- }
- wc_FreeDhKey(key);
- ret = wc_InitDhKey_ex(key, HEAP_HINT, devId);
- if (ret != 0) {
- ERROR_OUT(-8104, done);
- }
- keyInit = 1;
- ret = wc_InitDhKey_ex(key2, HEAP_HINT, devId);
- if (ret != 0) {
- ERROR_OUT(-8105, done);
- }
- #ifdef NO_ASN
- ret = wc_DhSetKey(key, dh_p, sizeof(dh_p), dh_g, sizeof(dh_g));
- if (ret != 0) {
- ERROR_OUT(-8106, done);
- }
- ret = wc_DhSetKey(key2, dh_p, sizeof(dh_p), dh_g, sizeof(dh_g));
- if (ret != 0) {
- ERROR_OUT(-8107, done);
- }
- #else
- ret = wc_DhKeyDecode(tmp, &idx, key, bytes);
- if (ret != 0) {
- ERROR_OUT(-8108, done);
- }
- idx = 0;
- ret = wc_DhKeyDecode(tmp, &idx, key2, bytes);
- if (ret != 0) {
- ERROR_OUT(-8109, done);
- }
- #endif
- #ifndef WC_NO_RNG
- #ifndef HAVE_FIPS
- ret = wc_InitRng_ex(&rng, HEAP_HINT, devId);
- #else
- ret = wc_InitRng(&rng);
- #endif
- if (ret != 0) {
- ERROR_OUT(-8110, done);
- }
- ret = wc_DhGenerateKeyPair(key, &rng, priv, &privSz, pub, &pubSz);
- #if defined(WOLFSSL_ASYNC_CRYPT)
- ret = wc_AsyncWait(ret, &key->asyncDev, WC_ASYNC_FLAG_NONE);
- #endif
- if (ret != 0) {
- ERROR_OUT(-8111, done);
- }
- ret = wc_DhGenerateKeyPair(key2, &rng, priv2, &privSz2, pub2, &pubSz2);
- #if defined(WOLFSSL_ASYNC_CRYPT)
- ret = wc_AsyncWait(ret, &key2->asyncDev, WC_ASYNC_FLAG_NONE);
- #endif
- if (ret != 0) {
- ERROR_OUT(-8112, done);
- }
- ret = wc_DhAgree(key, agree, &agreeSz, priv, privSz, pub2, pubSz2);
- #if defined(WOLFSSL_ASYNC_CRYPT)
- ret = wc_AsyncWait(ret, &key->asyncDev, WC_ASYNC_FLAG_NONE);
- #endif
- if (ret != 0) {
- ERROR_OUT(-8113, done);
- }
- ret = wc_DhAgree(key2, agree2, &agreeSz2, priv2, privSz2, pub, pubSz);
- #if defined(WOLFSSL_ASYNC_CRYPT)
- ret = wc_AsyncWait(ret, &key2->asyncDev, WC_ASYNC_FLAG_NONE);
- #endif
- if (ret != 0) {
- ERROR_OUT(-8114, done);
- }
- if (agreeSz != agreeSz2 || XMEMCMP(agree, agree2, agreeSz)) {
- ERROR_OUT(-8115, done);
- }
- #endif /* !WC_NO_RNG */
- #if defined(WOLFSSL_KEY_GEN) && !defined(HAVE_FIPS) && !defined(HAVE_SELFTEST)
- if (wc_DhCheckPrivKey(NULL, NULL, 0) != BAD_FUNC_ARG)
- ERROR_OUT(-8116, done);
- if (wc_DhCheckPrivKey(key, priv, privSz) != 0)
- ERROR_OUT(-8117, done);
- if (wc_DhExportParamsRaw(NULL, NULL, NULL, NULL, NULL, NULL, NULL) != BAD_FUNC_ARG)
- ERROR_OUT(-8118, done);
- {
- word32 pSz, qSz, gSz;
- if (wc_DhExportParamsRaw(key, NULL, &pSz, NULL, &qSz, NULL, &gSz) != LENGTH_ONLY_E)
- ERROR_OUT(-8119, done);
- }
- #endif
- /* Test DH key import / export */
- #if defined(WOLFSSL_DH_EXTRA) && !defined(NO_FILESYSTEM) && \
- (!defined(HAVE_FIPS) || \
- (defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION > 2)))
- wc_FreeDhKey(key);
- ret = wc_InitDhKey_ex(key, HEAP_HINT, devId);
- if (ret != 0) {
- ERROR_OUT(-8120, done);
- }
- #if !defined(NO_ASN) && !defined(NO_FILESYSTEM)
- {
- XFILE file = XFOPEN(dhKeyFile, "rb");
- if (!file)
- ERROR_OUT(-8121, done);
- bytes = (word32)XFREAD(tmp, 1, DH_TEST_TMP_SIZE, file);
- XFCLOSE(file);
- }
- idx = 0;
- ret = wc_DhKeyDecode(tmp, &idx, key, bytes);
- if (ret != 0) {
- ERROR_OUT(-8122, done);
- }
- #else
- ret = wc_DhSetKey(key, dh_p, sizeof(dh_p), dh_g, sizeof(dh_g));
- if (ret != 0) {
- ERROR_OUT(-8123, done);
- }
- #endif
- privSz = DH_TEST_BUF_SIZE;
- pubSz = DH_TEST_BUF_SIZE;
- ret = wc_DhExportKeyPair(key, priv, &privSz, pub, &pubSz);
- if (ret != 0) {
- ERROR_OUT(-8124, done);
- }
- ret = wc_DhImportKeyPair(key2, priv, privSz, pub, pubSz);
- if (ret != 0) {
- ERROR_OUT(-8125, done);
- }
- #endif /* WOLFSSL_DH_EXTRA */
- #ifndef WC_NO_RNG
- ret = dh_generate_test(&rng);
- if (ret != 0)
- ERROR_OUT(-8126, done);
- ret = dh_fips_generate_test(&rng);
- if (ret != 0)
- ERROR_OUT(-8127, done);
- #endif /* !WC_NO_RNG */
- #if !defined(HAVE_FIPS) && !defined(HAVE_SELFTEST)
- ret = dh_test_check_pubvalue();
- if (ret != 0)
- ERROR_OUT(-8128, done);
- #endif
- #ifndef WC_NO_RNG
- /* Specialized code for key gen when using FFDHE-2048 and FFDHE-3072. */
- #ifdef HAVE_FFDHE_2048
- ret = dh_ffdhe_test(&rng, wc_Dh_ffdhe2048_Get());
- if (ret != 0)
- ERROR_OUT(-8129, done);
- #endif
- #ifdef HAVE_FFDHE_3072
- ret = dh_ffdhe_test(&rng, wc_Dh_ffdhe3072_Get());
- if (ret != 0)
- ERROR_OUT(-8130, done);
- #endif
- #endif /* !WC_NO_RNG */
- wc_FreeDhKey(key);
- keyInit = 0;
- #if !defined(HAVE_FIPS) && !defined(HAVE_SELFTEST) && \
- !defined(WOLFSSL_OLD_PRIME_CHECK) && !defined(WC_NO_RNG)
- /* Test Check Key */
- ret = wc_DhSetCheckKey(key, dh_p, sizeof(dh_p), dh_g, sizeof(dh_g),
- NULL, 0, 0, &rng);
- if (ret != 0)
- ERROR_OUT(-8131, done);
- keyInit = 1; /* DhSetCheckKey also initializes the key, free it */
- #endif
- done:
- #ifndef WC_NO_RNG
- wc_FreeRng(&rng);
- #endif
- #ifdef WOLFSSL_SMALL_STACK
- if (key) {
- if (keyInit)
- wc_FreeDhKey(key);
- XFREE(key, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- }
- if (key2) {
- wc_FreeDhKey(key2);
- XFREE(key2, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- }
- if (tmp)
- XFREE(tmp, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- if (priv)
- XFREE(priv, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- if (pub)
- XFREE(pub, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- if (priv2)
- XFREE(priv2, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- if (pub2)
- XFREE(pub2, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- if (agree)
- XFREE(agree, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- if (agree2)
- XFREE(agree2, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- #else
- if (keyInit)
- wc_FreeDhKey(key);
- wc_FreeDhKey(key2);
- #endif
- (void)privSz;
- (void)pubSz;
- (void)pubSz2;
- (void)privSz2;
- return ret;
- #undef DH_TEST_BUF_SIZE
- #undef DH_TEST_TMP_SIZE
- }
- #endif /* NO_DH */
- #ifndef NO_DSA
- WOLFSSL_TEST_SUBROUTINE int dsa_test(void)
- {
- int ret = 0, answer;
- word32 bytes;
- word32 idx = 0;
- WC_RNG rng;
- wc_Sha sha;
- byte hash[WC_SHA_DIGEST_SIZE];
- byte signature[40];
- #ifdef WOLFSSL_KEY_GEN
- byte* der = 0;
- #endif
- #define DSA_TEST_TMP_SIZE 1024
- #ifdef WOLFSSL_SMALL_STACK
- byte *tmp = (byte *)XMALLOC(DSA_TEST_TMP_SIZE, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- DsaKey *key = (DsaKey *)XMALLOC(sizeof *key, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- #ifdef WOLFSSL_KEY_GEN
- DsaKey *derIn = (DsaKey *)XMALLOC(sizeof *derIn, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- DsaKey *genKey = (DsaKey *)XMALLOC(sizeof *genKey, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- #endif
- if ((tmp == NULL) ||
- (key == NULL)
- #ifdef WOLFSSL_KEY_GEN
- || (derIn == NULL)
- || (genKey == NULL)
- #endif
- ) {
- ret = -8216;
- goto out;
- }
- #else
- byte tmp[1024];
- DsaKey key[1];
- #ifdef WOLFSSL_KEY_GEN
- DsaKey derIn[1];
- DsaKey genKey[1];
- #endif
- #endif
- #ifdef USE_CERT_BUFFERS_1024
- XMEMCPY(tmp, dsa_key_der_1024, sizeof_dsa_key_der_1024);
- bytes = sizeof_dsa_key_der_1024;
- #elif defined(USE_CERT_BUFFERS_2048)
- XMEMCPY(tmp, dsa_key_der_2048, sizeof_dsa_key_der_2048);
- bytes = sizeof_dsa_key_der_2048;
- #else
- {
- XFILE file = XFOPEN(dsaKey, "rb");
- if (!file)
- ERROR_OUT(-8200, out);
- bytes = (word32) XFREAD(tmp, 1, DSA_TEST_TMP_SIZE, file);
- XFCLOSE(file);
- }
- #endif /* USE_CERT_BUFFERS */
- ret = wc_InitSha_ex(&sha, HEAP_HINT, devId);
- if (ret != 0)
- ERROR_OUT(-8201, out);
- wc_ShaUpdate(&sha, tmp, bytes);
- wc_ShaFinal(&sha, hash);
- wc_ShaFree(&sha);
- ret = wc_InitDsaKey(key);
- if (ret != 0)
- ERROR_OUT(-8202, out);
- ret = wc_DsaPrivateKeyDecode(tmp, &idx, key, bytes);
- if (ret != 0)
- ERROR_OUT(-8203, out);
- #ifndef HAVE_FIPS
- ret = wc_InitRng_ex(&rng, HEAP_HINT, devId);
- #else
- ret = wc_InitRng(&rng);
- #endif
- if (ret != 0)
- ERROR_OUT(-8204, out);
- ret = wc_DsaSign(hash, signature, key, &rng);
- if (ret != 0)
- ERROR_OUT(-8205, out);
- ret = wc_DsaVerify(hash, signature, key, &answer);
- if (ret != 0)
- ERROR_OUT(-8206, out);
- if (answer != 1)
- ERROR_OUT(-8207, out);
- wc_FreeDsaKey(key);
- #ifdef WOLFSSL_KEY_GEN
- {
- int derSz = 0;
- ret = wc_InitDsaKey(genKey);
- if (ret != 0)
- ERROR_OUT(-8208, out);
- ret = wc_MakeDsaParameters(&rng, 1024, genKey);
- if (ret != 0) {
- wc_FreeDsaKey(genKey);
- ERROR_OUT(-8209, out);
- }
- ret = wc_MakeDsaKey(&rng, genKey);
- if (ret != 0) {
- wc_FreeDsaKey(genKey);
- ERROR_OUT(-8210, out);
- }
- der = (byte*)XMALLOC(FOURK_BUF, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- if (der == NULL) {
- wc_FreeDsaKey(genKey);
- ERROR_OUT(-8211, out);
- }
- derSz = wc_DsaKeyToDer(genKey, der, FOURK_BUF);
- if (derSz < 0) {
- XFREE(der, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- ERROR_OUT(-8212, out);
- }
- ret = SaveDerAndPem(der, derSz, keyDerFile, keyPemFile,
- DSA_PRIVATEKEY_TYPE, -5814);
- if (ret != 0) {
- XFREE(der, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- wc_FreeDsaKey(genKey);
- goto out;
- }
- ret = wc_InitDsaKey(derIn);
- if (ret != 0) {
- XFREE(der, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- wc_FreeDsaKey(genKey);
- ERROR_OUT(-8213, out);
- }
- idx = 0;
- ret = wc_DsaPrivateKeyDecode(der, &idx, derIn, derSz);
- if (ret != 0) {
- XFREE(der, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- wc_FreeDsaKey(derIn);
- wc_FreeDsaKey(genKey);
- ERROR_OUT(-8214, out);
- }
- }
- #endif /* WOLFSSL_KEY_GEN */
- out:
- #ifdef WOLFSSL_SMALL_STACK
- if (key) {
- #endif
- if (wc_InitDsaKey_h(key, NULL) != 0)
- ret = -8215;
- #ifdef WOLFSSL_SMALL_STACK
- }
- #endif
- #ifdef WOLFSSL_KEY_GEN
- if (der)
- XFREE(der, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- #endif
- #ifdef WOLFSSL_SMALL_STACK
- if (tmp)
- XFREE(tmp, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- if (key)
- XFREE(key, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- #ifdef WOLFSSL_KEY_GEN
- if (derIn) {
- wc_FreeDsaKey(derIn);
- XFREE(derIn, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- }
- if (genKey) {
- wc_FreeDsaKey(genKey);
- XFREE(genKey, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- }
- #endif
- #else /* !WOLFSSL_SMALL_STACK */
- #ifdef WOLFSSL_KEY_GEN
- wc_FreeDsaKey(derIn);
- wc_FreeDsaKey(genKey);
- #endif
- #endif
- wc_FreeRng(&rng);
- return ret;
- }
- #endif /* NO_DSA */
- #ifdef WOLFCRYPT_HAVE_SRP
- static int generate_random_salt(byte *buf, word32 size)
- {
- int ret = -8220;
- WC_RNG rng;
- if(NULL == buf || !size)
- return -8221;
- if (buf && size && wc_InitRng_ex(&rng, HEAP_HINT, devId) == 0) {
- ret = wc_RNG_GenerateBlock(&rng, (byte *)buf, size);
- wc_FreeRng(&rng);
- }
- return ret;
- }
- WOLFSSL_TEST_SUBROUTINE int srp_test(void)
- {
- int r;
- byte clientPubKey[80]; /* A */
- byte serverPubKey[80]; /* B */
- word32 clientPubKeySz = 80;
- word32 serverPubKeySz = 80;
- byte username[] = "user";
- word32 usernameSz = 4;
- byte password[] = "password";
- word32 passwordSz = 8;
- WOLFSSL_SMALL_STACK_STATIC const byte N[] = {
- 0xC9, 0x4D, 0x67, 0xEB, 0x5B, 0x1A, 0x23, 0x46, 0xE8, 0xAB, 0x42, 0x2F,
- 0xC6, 0xA0, 0xED, 0xAE, 0xDA, 0x8C, 0x7F, 0x89, 0x4C, 0x9E, 0xEE, 0xC4,
- 0x2F, 0x9E, 0xD2, 0x50, 0xFD, 0x7F, 0x00, 0x46, 0xE5, 0xAF, 0x2C, 0xF7,
- 0x3D, 0x6B, 0x2F, 0xA2, 0x6B, 0xB0, 0x80, 0x33, 0xDA, 0x4D, 0xE3, 0x22,
- 0xE1, 0x44, 0xE7, 0xA8, 0xE9, 0xB1, 0x2A, 0x0E, 0x46, 0x37, 0xF6, 0x37,
- 0x1F, 0x34, 0xA2, 0x07, 0x1C, 0x4B, 0x38, 0x36, 0xCB, 0xEE, 0xAB, 0x15,
- 0x03, 0x44, 0x60, 0xFA, 0xA7, 0xAD, 0xF4, 0x83
- };
- WOLFSSL_SMALL_STACK_STATIC const byte g[] = {
- 0x02
- };
- byte salt[10];
- byte verifier[80];
- word32 v_size = sizeof(verifier);
- word32 clientProofSz = SRP_MAX_DIGEST_SIZE;
- word32 serverProofSz = SRP_MAX_DIGEST_SIZE;
- #ifdef WOLFSSL_SMALL_STACK
- Srp *cli = (Srp *)XMALLOC(sizeof *cli, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- Srp *srv = (Srp *)XMALLOC(sizeof *srv, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- byte *clientProof = (byte *)XMALLOC(SRP_MAX_DIGEST_SIZE, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); /* M1 */
- byte *serverProof = (byte *)XMALLOC(SRP_MAX_DIGEST_SIZE, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); /* M2 */
- if ((cli == NULL) ||
- (srv == NULL) ||
- (clientProof == NULL) ||
- (serverProof == NULL)) {
- r = -8222;
- goto out;
- }
- #else
- Srp cli[1], srv[1];
- byte clientProof[SRP_MAX_DIGEST_SIZE]; /* M1 */
- byte serverProof[SRP_MAX_DIGEST_SIZE]; /* M2 */
- #endif
- /* set as 0's so if second init on srv not called SrpTerm is not on
- * garbage values */
- XMEMSET(srv, 0, sizeof *srv);
- XMEMSET(cli, 0, sizeof *cli);
- /* generating random salt */
- r = generate_random_salt(salt, sizeof(salt));
- /* client knows username and password. */
- /* server knows N, g, salt and verifier. */
- if (!r) r = wc_SrpInit(cli, SRP_TYPE_SHA, SRP_CLIENT_SIDE);
- if (!r) r = wc_SrpSetUsername(cli, username, usernameSz);
- /* loading N, g and salt in advance to generate the verifier. */
- if (!r) r = wc_SrpSetParams(cli, N, sizeof(N),
- g, sizeof(g),
- salt, sizeof(salt));
- if (!r) r = wc_SrpSetPassword(cli, password, passwordSz);
- if (!r) r = wc_SrpGetVerifier(cli, verifier, &v_size);
- /* client sends username to server */
- if (!r) r = wc_SrpInit(srv, SRP_TYPE_SHA, SRP_SERVER_SIDE);
- if (!r) r = wc_SrpSetUsername(srv, username, usernameSz);
- if (!r) r = wc_SrpSetParams(srv, N, sizeof(N),
- g, sizeof(g),
- salt, sizeof(salt));
- if (!r) r = wc_SrpSetVerifier(srv, verifier, v_size);
- if (!r) r = wc_SrpGetPublic(srv, serverPubKey, &serverPubKeySz);
- /* server sends N, g, salt and B to client */
- if (!r) r = wc_SrpGetPublic(cli, clientPubKey, &clientPubKeySz);
- if (!r) r = wc_SrpComputeKey(cli, clientPubKey, clientPubKeySz,
- serverPubKey, serverPubKeySz);
- if (!r) r = wc_SrpGetProof(cli, clientProof, &clientProofSz);
- /* client sends A and M1 to server */
- if (!r) r = wc_SrpComputeKey(srv, clientPubKey, clientPubKeySz,
- serverPubKey, serverPubKeySz);
- if (!r) r = wc_SrpVerifyPeersProof(srv, clientProof, clientProofSz);
- if (!r) r = wc_SrpGetProof(srv, serverProof, &serverProofSz);
- /* server sends M2 to client */
- if (!r) r = wc_SrpVerifyPeersProof(cli, serverProof, serverProofSz);
- wc_SrpTerm(cli);
- wc_SrpTerm(srv);
- #ifdef WOLFSSL_SMALL_STACK
- out:
- if (cli)
- XFREE(cli, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- if (srv)
- XFREE(srv, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- if (clientProof)
- XFREE(clientProof, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- if (serverProof)
- XFREE(serverProof, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- #endif
- return r;
- }
- #endif /* WOLFCRYPT_HAVE_SRP */
- #if defined(OPENSSL_EXTRA) && !defined(WOLFCRYPT_ONLY)
- #if !defined(NO_AES) && !defined(WOLFCRYPT_ONLY)
- static int openssl_aes_test(void)
- {
- #ifdef HAVE_AES_CBC
- #ifdef WOLFSSL_AES_128
- {
- /* EVP_CipherUpdate test */
- WOLFSSL_SMALL_STACK_STATIC const byte cbcPlain[] =
- {
- 0x6b,0xc1,0xbe,0xe2,0x2e,0x40,0x9f,0x96,
- 0xe9,0x3d,0x7e,0x11,0x73,0x93,0x17,0x2a,
- 0xae,0x2d,0x8a,0x57,0x1e,0x03,0xac,0x9c,
- 0x9e,0xb7,0x6f,0xac,0x45,0xaf,0x8e,0x51,
- 0x30,0xc8,0x1c,0x46,0xa3,0x5c,0xe4,0x11,
- 0xe5,0xfb,0xc1,0x19,0x1a,0x0a,0x52,0xef,
- 0xf6,0x9f,0x24,0x45,0xdf,0x4f,0x9b,0x17,
- 0xad,0x2b,0x41,0x7b,0xe6,0x6c,0x37,0x10
- };
- WOLFSSL_SMALL_STACK_STATIC const byte key[] =
- "0123456789abcdef "; /* align */
- WOLFSSL_SMALL_STACK_STATIC const byte iv[] =
- "1234567890abcdef "; /* align */
- byte cipher[AES_BLOCK_SIZE * 4];
- byte plain [AES_BLOCK_SIZE * 4];
- #ifdef WOLFSSL_SMALL_STACK
- EVP_CIPHER_CTX *en = wolfSSL_EVP_CIPHER_CTX_new();
- EVP_CIPHER_CTX *de = wolfSSL_EVP_CIPHER_CTX_new();
- #else
- EVP_CIPHER_CTX en[1];
- EVP_CIPHER_CTX de[1];
- #endif
- int outlen ;
- int total = 0;
- int i;
- #ifdef WOLFSSL_SMALL_STACK
- if ((en == NULL) || (de == NULL))
- return MEMORY_E;
- #endif
- EVP_CIPHER_CTX_init(en);
- if (EVP_CipherInit(en, EVP_aes_128_cbc(),
- (unsigned char*)key, (unsigned char*)iv, 1) == 0)
- return -8400;
- if (EVP_CipherUpdate(en, (byte*)cipher, &outlen,
- (byte*)cbcPlain, 9) == 0)
- return -8401;
- if (outlen != 0)
- return -8402;
- total += outlen;
- if (EVP_CipherUpdate(en, (byte*)&cipher[total], &outlen,
- (byte*)&cbcPlain[9] , 9) == 0)
- return -8403;
- if (outlen != 16)
- return -8404;
- total += outlen;
- if (EVP_CipherFinal(en, (byte*)&cipher[total], &outlen) == 0)
- return -8405;
- if (outlen != 16)
- return -8406;
- total += outlen;
- if (total != 32)
- return 3408;
- total = 0;
- EVP_CIPHER_CTX_init(de);
- if (EVP_CipherInit(de, EVP_aes_128_cbc(),
- (unsigned char*)key, (unsigned char*)iv, 0) == 0)
- return -8407;
- if (EVP_CipherUpdate(de, (byte*)plain, &outlen, (byte*)cipher, 6) == 0)
- return -8408;
- if (outlen != 0)
- return -8409;
- total += outlen;
- if (EVP_CipherUpdate(de, (byte*)&plain[total], &outlen,
- (byte*)&cipher[6], 12) == 0)
- return -8410;
- if (outlen != 0)
- total += outlen;
- if (EVP_CipherUpdate(de, (byte*)&plain[total], &outlen,
- (byte*)&cipher[6+12], 14) == 0)
- return -8411;
- if (outlen != 16)
- return -8412;
- total += outlen;
- if (EVP_CipherFinal(de, (byte*)&plain[total], &outlen) == 0)
- return -8413;
- if (outlen != 2)
- return -8414;
- total += outlen;
- if (total != 18)
- return 3427;
- if (XMEMCMP(plain, cbcPlain, 18))
- return -8415;
- /* test with encrypting/decrypting more than 16 bytes at once */
- total = 0;
- EVP_CIPHER_CTX_init(en);
- if (EVP_CipherInit(en, EVP_aes_128_cbc(),
- (unsigned char*)key, (unsigned char*)iv, 1) == 0)
- return -8416;
- if (EVP_CipherUpdate(en, (byte*)cipher, &outlen,
- (byte*)cbcPlain, 17) == 0)
- return -8417;
- if (outlen != 16)
- return -8418;
- total += outlen;
- if (EVP_CipherUpdate(en, (byte*)&cipher[total], &outlen,
- (byte*)&cbcPlain[17] , 1) == 0)
- return -8419;
- if (outlen != 0)
- return -8420;
- total += outlen;
- if (EVP_CipherFinal(en, (byte*)&cipher[total], &outlen) == 0)
- return -8421;
- if (outlen != 16)
- return -8422;
- total += outlen;
- if (total != 32)
- return -8423;
- total = 0;
- EVP_CIPHER_CTX_init(de);
- if (EVP_CipherInit(de, EVP_aes_128_cbc(),
- (unsigned char*)key, (unsigned char*)iv, 0) == 0)
- return -8424;
- if (EVP_CipherUpdate(de, (byte*)plain, &outlen, (byte*)cipher, 17) == 0)
- return -8425;
- if (outlen != 16)
- return -8426;
- total += outlen;
- /* final call on non block size should fail */
- if (EVP_CipherFinal(de, (byte*)&plain[total], &outlen) != 0)
- return -8427;
- if (EVP_CipherUpdate(de, (byte*)&plain[total], &outlen,
- (byte*)&cipher[17], 1) == 0)
- return -8428;
- if (outlen != 0)
- total += outlen;
- if (EVP_CipherUpdate(de, (byte*)&plain[total], &outlen,
- (byte*)&cipher[17+1], 14) == 0)
- return -8429;
- if (outlen != 0)
- return -8430;
- total += outlen;
- if (EVP_CipherFinal(de, (byte*)&plain[total], &outlen) == 0)
- return -8431;
- if (outlen != 2)
- return -8432;
- total += outlen;
- if (total != 18)
- return -8433;
- if (XMEMCMP(plain, cbcPlain, 18))
- return -8434;
- /* test byte by byte decrypt */
- for (i = 0; i < AES_BLOCK_SIZE * 3; i++) {
- plain[i] = i;
- }
- total = 0;
- EVP_CIPHER_CTX_init(en);
- if (EVP_CipherInit(en, EVP_aes_128_cbc(),
- (unsigned char*)key, (unsigned char*)iv, 1) == 0)
- return -8435;
- if (EVP_CipherUpdate(en, (byte*)cipher, &outlen,
- (byte*)plain, AES_BLOCK_SIZE * 3) == 0)
- return -8436;
- if (outlen != AES_BLOCK_SIZE * 3)
- return -8437;
- total += outlen;
- if (EVP_CipherFinal(en, (byte*)&cipher[total], &outlen) == 0)
- return -8438;
- if (outlen != AES_BLOCK_SIZE)
- return -8439;
- total += outlen;
- if (total != sizeof(plain))
- return -8440;
- total = 0;
- EVP_CIPHER_CTX_init(de);
- if (EVP_CipherInit(de, EVP_aes_128_cbc(),
- (unsigned char*)key, (unsigned char*)iv, 0) == 0)
- return -8441;
- for (i = 0; i < AES_BLOCK_SIZE * 4; i++) {
- if (EVP_CipherUpdate(de, (byte*)plain + total, &outlen,
- (byte*)cipher + i, 1) == 0)
- return -8442;
- if (outlen > 0) {
- int j;
- total += outlen;
- for (j = 0; j < total; j++) {
- if (plain[j] != j) {
- return -8443;
- }
- }
- }
- }
- if (EVP_CipherFinal(de, (byte*)&plain[total], &outlen) == 0)
- return -8444;
- total += outlen;
- if (total != AES_BLOCK_SIZE * 3) {
- return -8445;
- }
- for (i = 0; i < AES_BLOCK_SIZE * 3; i++) {
- if (plain[i] != i) {
- return -8446;
- }
- }
- #ifdef WOLFSSL_SMALL_STACK
- wolfSSL_EVP_CIPHER_CTX_free(en);
- wolfSSL_EVP_CIPHER_CTX_free(de);
- #endif
- }
- /* set buffers to be exact size to catch potential over read/write */
- {
- /* EVP_CipherUpdate test */
- WOLFSSL_SMALL_STACK_STATIC const byte cbcPlain[] =
- {
- 0x6b,0xc1,0xbe,0xe2,0x2e,0x40,0x9f,0x96,
- 0xe9,0x3d,0x7e,0x11,0x73,0x93,0x17,0x2a,
- 0xae,0x2d,0x8a,0x57,0x1e,0x03,0xac,0x9c,
- 0x9e,0xb7,0x6f,0xac,0x45,0xaf,0x8e,0x51,
- 0x30,0xc8,0x1c,0x46,0xa3,0x5c,0xe4,0x11,
- 0xe5,0xfb,0xc1,0x19,0x1a,0x0a,0x52,0xef,
- 0xf6,0x9f,0x24,0x45,0xdf,0x4f,0x9b,0x17,
- 0xad,0x2b,0x41,0x7b,0xe6,0x6c,0x37,0x10
- };
- WOLFSSL_SMALL_STACK_STATIC const byte key[] =
- "0123456789abcdef "; /* align */
- WOLFSSL_SMALL_STACK_STATIC const byte iv[] =
- "1234567890abcdef "; /* align */
- #define EVP_TEST_BUF_SZ 18
- #define EVP_TEST_BUF_PAD 32
- byte cipher[EVP_TEST_BUF_SZ];
- byte plain [EVP_TEST_BUF_SZ];
- byte padded[EVP_TEST_BUF_PAD];
- #ifdef WOLFSSL_SMALL_STACK
- EVP_CIPHER_CTX *en = wolfSSL_EVP_CIPHER_CTX_new();
- EVP_CIPHER_CTX *de = wolfSSL_EVP_CIPHER_CTX_new();
- #else
- EVP_CIPHER_CTX en[1];
- EVP_CIPHER_CTX de[1];
- #endif
- int outlen ;
- int total = 0;
- #ifdef WOLFSSL_SMALL_STACK
- if ((en == NULL) || (de == NULL))
- return MEMORY_E;
- #endif
- EVP_CIPHER_CTX_init(en);
- if (EVP_CipherInit(en, EVP_aes_128_cbc(),
- (unsigned char*)key, (unsigned char*)iv, 1) == 0)
- return -8447;
- if (EVP_CIPHER_CTX_set_padding(en, 0) != 1)
- return -8448;
- if (EVP_CipherUpdate(en, (byte*)cipher, &outlen,
- (byte*)cbcPlain, EVP_TEST_BUF_SZ) == 0)
- return -8449;
- if (outlen != 16)
- return -8450;
- total += outlen;
- /* should fail here */
- if (EVP_CipherFinal(en, (byte*)&cipher[total], &outlen) != 0)
- return -8451;
- /* turn padding back on and do successful encrypt */
- total = 0;
- EVP_CIPHER_CTX_init(en);
- if (EVP_CipherInit(en, EVP_aes_128_cbc(),
- (unsigned char*)key, (unsigned char*)iv, 1) == 0)
- return -8452;
- if (EVP_CIPHER_CTX_set_padding(en, 1) != 1)
- return -8453;
- if (EVP_CipherUpdate(en, (byte*)padded, &outlen,
- (byte*)cbcPlain, EVP_TEST_BUF_SZ) == 0)
- return -8454;
- if (outlen != 16)
- return -8455;
- total += outlen;
- if (EVP_CipherFinal(en, (byte*)&padded[total], &outlen) == 0)
- return -8456;
- total += outlen;
- if (total != 32)
- return -8457;
- XMEMCPY(cipher, padded, EVP_TEST_BUF_SZ);
- /* test out of bounds read on buffers w/o padding during decryption */
- total = 0;
- EVP_CIPHER_CTX_init(de);
- if (EVP_CipherInit(de, EVP_aes_128_cbc(),
- (unsigned char*)key, (unsigned char*)iv, 0) == 0)
- return -8458;
- if (EVP_CIPHER_CTX_set_padding(de, 0) != 1)
- return -8459;
- if (EVP_CipherUpdate(de, (byte*)plain, &outlen, (byte*)cipher,
- EVP_TEST_BUF_SZ) == 0)
- return -8460;
- if (outlen != 16)
- return -8461;
- total += outlen;
- /* should fail since not using padding */
- if (EVP_CipherFinal(de, (byte*)&plain[total], &outlen) != 0)
- return -8462;
- total = 0;
- EVP_CIPHER_CTX_init(de);
- if (EVP_CipherInit(de, EVP_aes_128_cbc(),
- (unsigned char*)key, (unsigned char*)iv, 0) == 0)
- return -8463;
- if (EVP_CIPHER_CTX_set_padding(de, 1) != 1)
- return -8464;
- if (EVP_CipherUpdate(de, (byte*)padded, &outlen, (byte*)padded,
- EVP_TEST_BUF_PAD) == 0)
- return -8465;
- if (outlen != 16)
- return -8466;
- total += outlen;
- if (EVP_CipherFinal(de, (byte*)&padded[total], &outlen) == 0)
- return -8467;
- if (XMEMCMP(padded, cbcPlain, EVP_TEST_BUF_SZ))
- return -8468;
- #ifdef WOLFSSL_SMALL_STACK
- wolfSSL_EVP_CIPHER_CTX_free(en);
- wolfSSL_EVP_CIPHER_CTX_free(de);
- #endif
- }
- { /* evp_cipher test: EVP_aes_128_cbc */
- #ifdef WOLFSSL_SMALL_STACK
- EVP_CIPHER_CTX *ctx = wolfSSL_EVP_CIPHER_CTX_new();
- #else
- EVP_CIPHER_CTX ctx[1];
- #endif
- WOLFSSL_SMALL_STACK_STATIC const byte msg[] = { /* "Now is the time for all " w/o trailing 0 */
- 0x6e,0x6f,0x77,0x20,0x69,0x73,0x20,0x74,
- 0x68,0x65,0x20,0x74,0x69,0x6d,0x65,0x20,
- 0x66,0x6f,0x72,0x20,0x61,0x6c,0x6c,0x20
- };
- WOLFSSL_SMALL_STACK_STATIC const byte verify[] =
- {
- 0x95,0x94,0x92,0x57,0x5f,0x42,0x81,0x53,
- 0x2c,0xcc,0x9d,0x46,0x77,0xa2,0x33,0xcb
- };
- WOLFSSL_SMALL_STACK_STATIC const byte key[] =
- "0123456789abcdef "; /* align */
- WOLFSSL_SMALL_STACK_STATIC const byte iv[] =
- "1234567890abcdef "; /* align */
- byte cipher[AES_BLOCK_SIZE * 4];
- byte plain [AES_BLOCK_SIZE * 4];
- #ifdef WOLFSSL_SMALL_STACK
- if (ctx == NULL)
- return MEMORY_E;
- #endif
- EVP_CIPHER_CTX_init(ctx);
- if (EVP_CipherInit(ctx, EVP_aes_128_cbc(), key, iv, 1) == 0)
- return -8469;
- if (EVP_Cipher(ctx, cipher, (byte*)msg, 16) != 16)
- return -8470;
- if (XMEMCMP(cipher, verify, AES_BLOCK_SIZE))
- return -8471;
- EVP_CIPHER_CTX_init(ctx);
- if (EVP_CipherInit(ctx, EVP_aes_128_cbc(), key, iv, 0) == 0)
- return -8472;
- if (EVP_Cipher(ctx, plain, cipher, 16) != 16)
- return -8473;
- if (XMEMCMP(plain, msg, AES_BLOCK_SIZE))
- return -8474;
- #ifdef WOLFSSL_SMALL_STACK
- wolfSSL_EVP_CIPHER_CTX_free(ctx);
- #endif
- } /* end evp_cipher test: EVP_aes_128_cbc*/
- #endif /* WOLFSSL_AES_128 */
- #endif /* HAVE_AES_CBC */
- #if defined(HAVE_AES_ECB) && defined(WOLFSSL_AES_256)
- { /* evp_cipher test: EVP_aes_256_ecb*/
- #ifdef WOLFSSL_SMALL_STACK
- EVP_CIPHER_CTX *ctx = wolfSSL_EVP_CIPHER_CTX_new();
- #else
- EVP_CIPHER_CTX ctx[1];
- #endif
- WOLFSSL_SMALL_STACK_STATIC const byte msg[] =
- {
- 0x6b,0xc1,0xbe,0xe2,0x2e,0x40,0x9f,0x96,
- 0xe9,0x3d,0x7e,0x11,0x73,0x93,0x17,0x2a
- };
- WOLFSSL_SMALL_STACK_STATIC const byte verify[] =
- {
- 0xf3,0xee,0xd1,0xbd,0xb5,0xd2,0xa0,0x3c,
- 0x06,0x4b,0x5a,0x7e,0x3d,0xb1,0x81,0xf8
- };
- WOLFSSL_SMALL_STACK_STATIC const byte key[] =
- {
- 0x60,0x3d,0xeb,0x10,0x15,0xca,0x71,0xbe,
- 0x2b,0x73,0xae,0xf0,0x85,0x7d,0x77,0x81,
- 0x1f,0x35,0x2c,0x07,0x3b,0x61,0x08,0xd7,
- 0x2d,0x98,0x10,0xa3,0x09,0x14,0xdf,0xf4
- };
- byte cipher[AES_BLOCK_SIZE * 4];
- byte plain [AES_BLOCK_SIZE * 4];
- #ifdef WOLFSSL_SMALL_STACK
- if (ctx == NULL)
- return MEMORY_E;
- #endif
- EVP_CIPHER_CTX_init(ctx);
- if (EVP_CipherInit(ctx, EVP_aes_256_ecb(), (unsigned char*)key, NULL, 1) == 0)
- return -8475;
- if (EVP_Cipher(ctx, cipher, (byte*)msg, 16) != 16)
- return -8476;
- if (XMEMCMP(cipher, verify, AES_BLOCK_SIZE))
- return -8477;
- EVP_CIPHER_CTX_init(ctx);
- if (EVP_CipherInit(ctx, EVP_aes_256_ecb(), (unsigned char*)key, NULL, 0) == 0)
- return -8478;
- if (EVP_Cipher(ctx, plain, cipher, 16) != 16)
- return -8479;
- if (XMEMCMP(plain, msg, AES_BLOCK_SIZE))
- return -8480;
- #ifdef WOLFSSL_SMALL_STACK
- wolfSSL_EVP_CIPHER_CTX_free(ctx);
- #endif
- } /* end evp_cipher test */
- #endif /* HAVE_AES_ECB && WOLFSSL_AES_256 */
- #if defined(WOLFSSL_AES_DIRECT) && defined(WOLFSSL_AES_256)
- /* enable HAVE_AES_DECRYPT for AES_encrypt/decrypt */
- {
- /* Test: AES_encrypt/decrypt/set Key */
- #ifdef WOLFSSL_SMALL_STACK
- AES_KEY *enc = (AES_KEY *)XMALLOC(sizeof *enc, HEAP_HINT, DYNAMIC_TYPE_AES);
- #ifdef HAVE_AES_DECRYPT
- AES_KEY *dec = (AES_KEY *)XMALLOC(sizeof *dec, HEAP_HINT, DYNAMIC_TYPE_AES);
- #endif
- #else
- AES_KEY enc[1];
- #ifdef HAVE_AES_DECRYPT
- AES_KEY dec[1];
- #endif
- #endif
- WOLFSSL_SMALL_STACK_STATIC const byte msg[] =
- {
- 0x6b,0xc1,0xbe,0xe2,0x2e,0x40,0x9f,0x96,
- 0xe9,0x3d,0x7e,0x11,0x73,0x93,0x17,0x2a
- };
- WOLFSSL_SMALL_STACK_STATIC const byte verify[] =
- {
- 0xf3,0xee,0xd1,0xbd,0xb5,0xd2,0xa0,0x3c,
- 0x06,0x4b,0x5a,0x7e,0x3d,0xb1,0x81,0xf8
- };
- WOLFSSL_SMALL_STACK_STATIC const byte key[] =
- {
- 0x60,0x3d,0xeb,0x10,0x15,0xca,0x71,0xbe,
- 0x2b,0x73,0xae,0xf0,0x85,0x7d,0x77,0x81,
- 0x1f,0x35,0x2c,0x07,0x3b,0x61,0x08,0xd7,
- 0x2d,0x98,0x10,0xa3,0x09,0x14,0xdf,0xf4
- };
- byte plain[sizeof(msg)];
- byte cipher[sizeof(msg)];
- #ifdef WOLFSSL_SMALL_STACK
- if (enc == NULL)
- return MEMORY_E;
- #ifdef HAVE_AES_DECRYPT
- if (dec == NULL)
- return MEMORY_E;
- #endif
- #endif
- AES_set_encrypt_key(key, sizeof(key)*8, enc);
- AES_set_decrypt_key(key, sizeof(key)*8, dec);
- AES_encrypt(msg, cipher, enc);
- #ifdef HAVE_AES_DECRYPT
- AES_decrypt(cipher, plain, dec);
- if (XMEMCMP(plain, msg, AES_BLOCK_SIZE))
- return -8481;
- #endif /* HAVE_AES_DECRYPT */
- if (XMEMCMP(cipher, verify, AES_BLOCK_SIZE))
- return -8482;
- #ifdef WOLFSSL_SMALL_STACK
- XFREE(enc, HEAP_HINT, DYNAMIC_TYPE_AES);
- #ifdef HAVE_AES_DECRYPT
- XFREE(dec, HEAP_HINT, DYNAMIC_TYPE_AES);
- #endif
- #endif
- }
- #endif /* WOLFSSL_AES_DIRECT && WOLFSSL_AES_256 */
- /* EVP_Cipher with EVP_aes_xxx_ctr() */
- #ifdef WOLFSSL_AES_COUNTER
- {
- byte plainBuff [64];
- byte cipherBuff[64];
- #ifdef WOLFSSL_AES_128
- WOLFSSL_SMALL_STACK_STATIC const byte ctrKey[] =
- {
- 0x2b,0x7e,0x15,0x16,0x28,0xae,0xd2,0xa6,
- 0xab,0xf7,0x15,0x88,0x09,0xcf,0x4f,0x3c
- };
- WOLFSSL_SMALL_STACK_STATIC const byte ctrIv[] =
- {
- 0xf0,0xf1,0xf2,0xf3,0xf4,0xf5,0xf6,0xf7,
- 0xf8,0xf9,0xfa,0xfb,0xfc,0xfd,0xfe,0xff
- };
- WOLFSSL_SMALL_STACK_STATIC const byte ctrPlain[] =
- {
- 0x6b,0xc1,0xbe,0xe2,0x2e,0x40,0x9f,0x96,
- 0xe9,0x3d,0x7e,0x11,0x73,0x93,0x17,0x2a,
- 0xae,0x2d,0x8a,0x57,0x1e,0x03,0xac,0x9c,
- 0x9e,0xb7,0x6f,0xac,0x45,0xaf,0x8e,0x51,
- 0x30,0xc8,0x1c,0x46,0xa3,0x5c,0xe4,0x11,
- 0xe5,0xfb,0xc1,0x19,0x1a,0x0a,0x52,0xef,
- 0xf6,0x9f,0x24,0x45,0xdf,0x4f,0x9b,0x17,
- 0xad,0x2b,0x41,0x7b,0xe6,0x6c,0x37,0x10
- };
- WOLFSSL_SMALL_STACK_STATIC const byte ctrCipher[] =
- {
- 0x87,0x4d,0x61,0x91,0xb6,0x20,0xe3,0x26,
- 0x1b,0xef,0x68,0x64,0x99,0x0d,0xb6,0xce,
- 0x98,0x06,0xf6,0x6b,0x79,0x70,0xfd,0xff,
- 0x86,0x17,0x18,0x7b,0xb9,0xff,0xfd,0xff,
- 0x5a,0xe4,0xdf,0x3e,0xdb,0xd5,0xd3,0x5e,
- 0x5b,0x4f,0x09,0x02,0x0d,0xb0,0x3e,0xab,
- 0x1e,0x03,0x1d,0xda,0x2f,0xbe,0x03,0xd1,
- 0x79,0x21,0x70,0xa0,0xf3,0x00,0x9c,0xee
- };
- WOLFSSL_SMALL_STACK_STATIC const byte oddCipher[] =
- {
- 0xb9,0xd7,0xcb,0x08,0xb0,0xe1,0x7b,0xa0,
- 0xc2
- };
- #endif
- /* test vector from "Recommendation for Block Cipher Modes of Operation"
- * NIST Special Publication 800-38A */
- #ifdef WOLFSSL_AES_192
- WOLFSSL_SMALL_STACK_STATIC const byte ctr192Key[] =
- {
- 0x8e,0x73,0xb0,0xf7,0xda,0x0e,0x64,0x52,
- 0xc8,0x10,0xf3,0x2b,0x80,0x90,0x79,0xe5,
- 0x62,0xf8,0xea,0xd2,0x52,0x2c,0x6b,0x7b
- };
- WOLFSSL_SMALL_STACK_STATIC const byte ctr192Iv[] =
- {
- 0xf0,0xf1,0xf2,0xf3,0xf4,0xf5,0xf6,0xf7,
- 0xf8,0xf9,0xfa,0xfb,0xfc,0xfd,0xfe,0xff
- };
- WOLFSSL_SMALL_STACK_STATIC const byte ctr192Plain[] =
- {
- 0x6b,0xc1,0xbe,0xe2,0x2e,0x40,0x9f,0x96,
- 0xe9,0x3d,0x7e,0x11,0x73,0x93,0x17,0x2a
- };
- WOLFSSL_SMALL_STACK_STATIC const byte ctr192Cipher[] =
- {
- 0x1a,0xbc,0x93,0x24,0x17,0x52,0x1c,0xa2,
- 0x4f,0x2b,0x04,0x59,0xfe,0x7e,0x6e,0x0b
- };
- #endif /* WOLFSSL_AES_192 */
- #ifdef WOLFSSL_AES_256
- /* test vector from "Recommendation for Block Cipher Modes of Operation"
- * NIST Special Publication 800-38A */
- WOLFSSL_SMALL_STACK_STATIC const byte ctr256Key[] =
- {
- 0x60,0x3d,0xeb,0x10,0x15,0xca,0x71,0xbe,
- 0x2b,0x73,0xae,0xf0,0x85,0x7d,0x77,0x81,
- 0x1f,0x35,0x2c,0x07,0x3b,0x61,0x08,0xd7,
- 0x2d,0x98,0x10,0xa3,0x09,0x14,0xdf,0xf4
- };
- WOLFSSL_SMALL_STACK_STATIC const byte ctr256Iv[] =
- {
- 0xf0,0xf1,0xf2,0xf3,0xf4,0xf5,0xf6,0xf7,
- 0xf8,0xf9,0xfa,0xfb,0xfc,0xfd,0xfe,0xff
- };
- WOLFSSL_SMALL_STACK_STATIC const byte ctr256Plain[] =
- {
- 0x6b,0xc1,0xbe,0xe2,0x2e,0x40,0x9f,0x96,
- 0xe9,0x3d,0x7e,0x11,0x73,0x93,0x17,0x2a
- };
- WOLFSSL_SMALL_STACK_STATIC const byte ctr256Cipher[] =
- {
- 0x60,0x1e,0xc3,0x13,0x77,0x57,0x89,0xa5,
- 0xb7,0xa7,0xf5,0x04,0xbb,0xf3,0xd2,0x28
- };
- #endif /* WOLFSSL_AES_256 */
- #ifdef WOLFSSL_SMALL_STACK
- EVP_CIPHER_CTX *en = wolfSSL_EVP_CIPHER_CTX_new();
- EVP_CIPHER_CTX *de = wolfSSL_EVP_CIPHER_CTX_new();
- #else
- EVP_CIPHER_CTX en[1];
- EVP_CIPHER_CTX de[1];
- #endif
- #ifdef WOLFSSL_AES_128
- #ifndef WOLFSSL_SMALL_STACK
- EVP_CIPHER_CTX *p_en;
- EVP_CIPHER_CTX *p_de;
- #endif
- #ifdef WOLFSSL_SMALL_STACK
- if ((en == NULL) || (de == NULL))
- return MEMORY_E;
- #endif
- EVP_CIPHER_CTX_init(en);
- if (EVP_CipherInit(en, EVP_aes_128_ctr(),
- (unsigned char*)ctrKey, (unsigned char*)ctrIv, 0) == 0)
- return -8483;
- if (EVP_Cipher(en, (byte*)cipherBuff, (byte*)ctrPlain,
- AES_BLOCK_SIZE*4) != AES_BLOCK_SIZE*4)
- return -8484;
- EVP_CIPHER_CTX_init(de);
- if (EVP_CipherInit(de, EVP_aes_128_ctr(),
- (unsigned char*)ctrKey, (unsigned char*)ctrIv, 0) == 0)
- return -8485;
- if (EVP_Cipher(de, (byte*)plainBuff, (byte*)cipherBuff,
- AES_BLOCK_SIZE*4) != AES_BLOCK_SIZE*4)
- return -8486;
- if (XMEMCMP(cipherBuff, ctrCipher, AES_BLOCK_SIZE*4))
- return -8487;
- if (XMEMCMP(plainBuff, ctrPlain, AES_BLOCK_SIZE*4))
- return -8488;
- #ifndef WOLFSSL_SMALL_STACK
- p_en = wolfSSL_EVP_CIPHER_CTX_new();
- if (p_en == NULL)
- return -8489;
- p_de = wolfSSL_EVP_CIPHER_CTX_new();
- if (p_de == NULL)
- return -8490;
- if (EVP_CipherInit(p_en, EVP_aes_128_ctr(),
- (unsigned char*)ctrKey, (unsigned char*)ctrIv, 0) == 0)
- return -8491;
- if (EVP_Cipher(p_en, (byte*)cipherBuff, (byte*)ctrPlain,
- AES_BLOCK_SIZE*4) != AES_BLOCK_SIZE*4)
- return -8492;
- if (EVP_CipherInit(p_de, EVP_aes_128_ctr(),
- (unsigned char*)ctrKey, (unsigned char*)ctrIv, 0) == 0)
- return -8493;
- if (EVP_Cipher(p_de, (byte*)plainBuff, (byte*)cipherBuff,
- AES_BLOCK_SIZE*4) != AES_BLOCK_SIZE*4)
- return -8494;
- wolfSSL_EVP_CIPHER_CTX_free(p_en);
- wolfSSL_EVP_CIPHER_CTX_free(p_de);
- #endif /* !WOLFSSL_SMALL_STACK */
- if (XMEMCMP(cipherBuff, ctrCipher, AES_BLOCK_SIZE*4))
- return -8495;
- if (XMEMCMP(plainBuff, ctrPlain, AES_BLOCK_SIZE*4))
- return -8496;
- EVP_CIPHER_CTX_init(en);
- if (EVP_CipherInit(en, EVP_aes_128_ctr(),
- (unsigned char*)ctrKey, (unsigned char*)ctrIv, 0) == 0)
- return -8497;
- if (EVP_Cipher(en, (byte*)cipherBuff, (byte*)ctrPlain, 9) != 9)
- return -8498;
- EVP_CIPHER_CTX_init(de);
- if (EVP_CipherInit(de, EVP_aes_128_ctr(),
- (unsigned char*)ctrKey, (unsigned char*)ctrIv, 0) == 0)
- return -8499;
- if (EVP_Cipher(de, (byte*)plainBuff, (byte*)cipherBuff, 9) != 9)
- return -8500;
- if (XMEMCMP(plainBuff, ctrPlain, 9))
- return -8501;
- if (XMEMCMP(cipherBuff, ctrCipher, 9))
- return -8502;
- if (EVP_Cipher(en, (byte*)cipherBuff, (byte*)ctrPlain, 9) != 9)
- return -8503;
- if (EVP_Cipher(de, (byte*)plainBuff, (byte*)cipherBuff, 9) != 9)
- return -8504;
- if (XMEMCMP(plainBuff, ctrPlain, 9))
- return -8505;
- if (XMEMCMP(cipherBuff, oddCipher, 9))
- return -8506;
- #endif /* WOLFSSL_AES_128 */
- #ifdef WOLFSSL_AES_192
- EVP_CIPHER_CTX_init(en);
- if (EVP_CipherInit(en, EVP_aes_192_ctr(),
- (unsigned char*)ctr192Key, (unsigned char*)ctr192Iv, 0) == 0)
- return -8507;
- if (EVP_Cipher(en, (byte*)cipherBuff, (byte*)ctr192Plain,
- AES_BLOCK_SIZE) != AES_BLOCK_SIZE)
- return -8508;
- EVP_CIPHER_CTX_init(de);
- if (EVP_CipherInit(de, EVP_aes_192_ctr(),
- (unsigned char*)ctr192Key, (unsigned char*)ctr192Iv, 0) == 0)
- return -8509;
- XMEMSET(plainBuff, 0, sizeof(plainBuff));
- if (EVP_Cipher(de, (byte*)plainBuff, (byte*)cipherBuff,
- AES_BLOCK_SIZE) != AES_BLOCK_SIZE)
- return -8510;
- if (XMEMCMP(plainBuff, ctr192Plain, sizeof(ctr192Plain)))
- return -8511;
- if (XMEMCMP(ctr192Cipher, cipherBuff, sizeof(ctr192Cipher)))
- return -8512;
- #endif /* WOLFSSL_AES_192 */
- #ifdef WOLFSSL_AES_256
- EVP_CIPHER_CTX_init(en);
- if (EVP_CipherInit(en, EVP_aes_256_ctr(),
- (unsigned char*)ctr256Key, (unsigned char*)ctr256Iv, 0) == 0)
- return -8513;
- if (EVP_Cipher(en, (byte*)cipherBuff, (byte*)ctr256Plain,
- AES_BLOCK_SIZE) != AES_BLOCK_SIZE)
- return -8514;
- EVP_CIPHER_CTX_init(de);
- if (EVP_CipherInit(de, EVP_aes_256_ctr(),
- (unsigned char*)ctr256Key, (unsigned char*)ctr256Iv, 0) == 0)
- return -8515;
- XMEMSET(plainBuff, 0, sizeof(plainBuff));
- if (EVP_Cipher(de, (byte*)plainBuff, (byte*)cipherBuff,
- AES_BLOCK_SIZE) != AES_BLOCK_SIZE)
- return -8516;
- if (XMEMCMP(plainBuff, ctr256Plain, sizeof(ctr256Plain)))
- return -8517;
- if (XMEMCMP(ctr256Cipher, cipherBuff, sizeof(ctr256Cipher)))
- return -8518;
- #ifdef WOLFSSL_SMALL_STACK
- wolfSSL_EVP_CIPHER_CTX_free(en);
- wolfSSL_EVP_CIPHER_CTX_free(de);
- #endif
- #endif /* WOLFSSL_AES_256 */
- }
- #endif /* HAVE_AES_COUNTER */
- #if defined(WOLFSSL_AES_CFB) && defined(WOLFSSL_AES_128)
- {
- #ifdef WOLFSSL_SMALL_STACK
- AES_KEY *enc = (AES_KEY *)XMALLOC(sizeof *enc, HEAP_HINT, DYNAMIC_TYPE_AES);
- AES_KEY *dec = (AES_KEY *)XMALLOC(sizeof *dec, HEAP_HINT, DYNAMIC_TYPE_AES);
- #else
- AES_KEY enc[1];
- AES_KEY dec[1];
- #endif
- WOLFSSL_SMALL_STACK_STATIC const byte setIv[] = {
- 0x00,0x01,0x02,0x03,0x04,0x05,0x06,0x07,
- 0x08,0x09,0x0a,0x0b,0x0c,0x0d,0x0e,0x0f
- };
- WOLFSSL_SMALL_STACK_STATIC const byte key[] =
- {
- 0x2b,0x7e,0x15,0x16,0x28,0xae,0xd2,0xa6,
- 0xab,0xf7,0x15,0x88,0x09,0xcf,0x4f,0x3c
- };
- WOLFSSL_SMALL_STACK_STATIC const byte cipher1[] =
- {
- 0x3b,0x3f,0xd9,0x2e,0xb7,0x2d,0xad,0x20,
- 0x33,0x34,0x49,0xf8,0xe8,0x3c,0xfb,0x4a,
- 0xc8,0xa6,0x45,0x37,0xa0,0xb3,0xa9,0x3f,
- 0xcd,0xe3,0xcd,0xad,0x9f,0x1c,0xe5,0x8b
- };
- WOLFSSL_SMALL_STACK_STATIC const byte msg[] =
- {
- 0x6b,0xc1,0xbe,0xe2,0x2e,0x40,0x9f,0x96,
- 0xe9,0x3d,0x7e,0x11,0x73,0x93,0x17,0x2a,
- 0xae,0x2d,0x8a,0x57,0x1e,0x03,0xac,0x9c,
- 0x9e,0xb7,0x6f,0xac,0x45,0xaf,0x8e,0x51
- };
- byte cipher[AES_BLOCK_SIZE * 2];
- byte iv[AES_BLOCK_SIZE]; /* iv buffer is updeated by API */
- int num = 0;
- #ifdef WOLFSSL_SMALL_STACK
- if ((enc == NULL) || (dec == NULL))
- return MEMORY_E;
- #endif
- XMEMCPY(iv, setIv, sizeof(setIv));
- wolfSSL_AES_set_encrypt_key(key, sizeof(key) * 8, enc);
- wolfSSL_AES_set_encrypt_key(key, sizeof(key) * 8, dec);
- wolfSSL_AES_cfb128_encrypt(msg, cipher, AES_BLOCK_SIZE - 1, enc, iv,
- &num, AES_ENCRYPT);
- if (XMEMCMP(cipher, cipher1, AES_BLOCK_SIZE - 1))
- return -8519;
- if (num != 15) /* should have used 15 of the 16 bytes */
- return -8520;
- wolfSSL_AES_cfb128_encrypt(msg + AES_BLOCK_SIZE - 1,
- cipher + AES_BLOCK_SIZE - 1, AES_BLOCK_SIZE + 1, enc, iv,
- &num, AES_ENCRYPT);
- if (XMEMCMP(cipher, cipher1, AES_BLOCK_SIZE * 2))
- return -8521;
- if (num != 0)
- return -8522;
- #ifdef WOLFSSL_SMALL_STACK
- XFREE(enc, HEAP_HINT, DYNAMIC_TYPE_AES);
- XFREE(dec, HEAP_HINT, DYNAMIC_TYPE_AES);
- #endif
- }
- #endif /* WOLFSSL_AES_CFB && WOLFSSL_AES_128 */
- return 0;
- }
- #endif /* !defined(NO_AES) && !defined(WOLFCRYPT_ONLY) */
- WOLFSSL_TEST_SUBROUTINE int openssl_test(void)
- {
- int ret;
- EVP_MD_CTX md_ctx;
- testVector a, b, c, d, e, f;
- byte hash[WC_SHA256_DIGEST_SIZE*2]; /* max size */
- a.inLen = 0;
- b.inLen = c.inLen = d.inLen = e.inLen = f.inLen = a.inLen;
- (void)a;
- (void)b;
- (void)c;
- (void)d;
- (void)e;
- (void)f;
- /* test malloc / free , 10 is an arbitrary amount of memory chosen */
- {
- byte* p;
- p = (byte*)CRYPTO_malloc(10);
- if (p == NULL) {
- return -8600;
- }
- XMEMSET(p, 0, 10);
- CRYPTO_free(p);
- }
- #ifndef NO_MD5
- a.input = "1234567890123456789012345678901234567890123456789012345678"
- "9012345678901234567890";
- a.output = "\x57\xed\xf4\xa2\x2b\xe3\xc9\x55\xac\x49\xda\x2e\x21\x07\xb6"
- "\x7a";
- a.inLen = XSTRLEN(a.input);
- a.outLen = WC_MD5_DIGEST_SIZE;
- EVP_MD_CTX_init(&md_ctx);
- ret = EVP_DigestInit(&md_ctx, EVP_md5());
- if (ret == WOLFSSL_SUCCESS) {
- ret = EVP_DigestUpdate(&md_ctx, a.input, (unsigned long)a.inLen);
- if (ret == WOLFSSL_SUCCESS)
- ret = EVP_DigestFinal(&md_ctx, hash, 0);
- }
- EVP_MD_CTX_cleanup(&md_ctx);
- if (ret != WOLFSSL_SUCCESS ||
- XMEMCMP(hash, a.output, WC_MD5_DIGEST_SIZE) != 0) {
- return -8601;
- }
- #endif /* NO_MD5 */
- #ifndef NO_SHA
- b.input = "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
- "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
- "aaaaaaaaaa";
- b.output = "\xAD\x5B\x3F\xDB\xCB\x52\x67\x78\xC2\x83\x9D\x2F\x15\x1E\xA7"
- "\x53\x99\x5E\x26\xA0";
- b.inLen = XSTRLEN(b.input);
- b.outLen = WC_SHA_DIGEST_SIZE;
- EVP_MD_CTX_init(&md_ctx);
- ret = EVP_DigestInit(&md_ctx, EVP_sha1());
- if (ret == WOLFSSL_SUCCESS) {
- ret = EVP_DigestUpdate(&md_ctx, b.input, (unsigned long)b.inLen);
- if (ret == WOLFSSL_SUCCESS)
- ret = EVP_DigestFinal(&md_ctx, hash, 0);
- }
- EVP_MD_CTX_cleanup(&md_ctx);
- if (ret != WOLFSSL_SUCCESS ||
- XMEMCMP(hash, b.output, WC_SHA_DIGEST_SIZE) != 0) {
- return -8602;
- }
- #endif /* NO_SHA */
- #ifdef WOLFSSL_SHA224
- e.input = "abcdefghbcdefghicdefghijdefghijkefghijklfghijklmghijklmnhi"
- "jklmnoijklmnopjklmnopqklmnopqrlmnopqrsmnopqrstnopqrstu";
- e.output = "\xc9\x7c\xa9\xa5\x59\x85\x0c\xe9\x7a\x04\xa9\x6d\xef\x6d\x99"
- "\xa9\xe0\xe0\xe2\xab\x14\xe6\xb8\xdf\x26\x5f\xc0\xb3";
- e.inLen = XSTRLEN(e.input);
- e.outLen = WC_SHA224_DIGEST_SIZE;
- EVP_MD_CTX_init(&md_ctx);
- ret = EVP_DigestInit(&md_ctx, EVP_sha224());
- if (ret == WOLFSSL_SUCCESS) {
- ret = EVP_DigestUpdate(&md_ctx, e.input, (unsigned long)e.inLen);
- if (ret == WOLFSSL_SUCCESS)
- ret = EVP_DigestFinal(&md_ctx, hash, 0);
- }
- EVP_MD_CTX_cleanup(&md_ctx);
- if (ret != WOLFSSL_SUCCESS ||
- XMEMCMP(hash, e.output, WC_SHA224_DIGEST_SIZE) != 0) {
- return -8603;
- }
- #endif /* WOLFSSL_SHA224 */
- #ifndef NO_SHA256
- d.input = "abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq";
- d.output = "\x24\x8D\x6A\x61\xD2\x06\x38\xB8\xE5\xC0\x26\x93\x0C\x3E\x60"
- "\x39\xA3\x3C\xE4\x59\x64\xFF\x21\x67\xF6\xEC\xED\xD4\x19\xDB"
- "\x06\xC1";
- d.inLen = XSTRLEN(d.input);
- d.outLen = WC_SHA256_DIGEST_SIZE;
- EVP_MD_CTX_init(&md_ctx);
- ret = EVP_DigestInit(&md_ctx, EVP_sha256());
- if (ret == WOLFSSL_SUCCESS) {
- ret = EVP_DigestUpdate(&md_ctx, d.input, (unsigned long)d.inLen);
- if (ret == WOLFSSL_SUCCESS)
- ret = EVP_DigestFinal(&md_ctx, hash, 0);
- }
- EVP_MD_CTX_cleanup(&md_ctx);
- if (ret != WOLFSSL_SUCCESS ||
- XMEMCMP(hash, d.output, WC_SHA256_DIGEST_SIZE) != 0) {
- return -8604;
- }
- #endif /* !NO_SHA256 */
- #ifdef WOLFSSL_SHA384
- e.input = "abcdefghbcdefghicdefghijdefghijkefghijklfghijklmghijklmnhi"
- "jklmnoijklmnopjklmnopqklmnopqrlmnopqrsmnopqrstnopqrstu";
- e.output = "\x09\x33\x0c\x33\xf7\x11\x47\xe8\x3d\x19\x2f\xc7\x82\xcd\x1b"
- "\x47\x53\x11\x1b\x17\x3b\x3b\x05\xd2\x2f\xa0\x80\x86\xe3\xb0"
- "\xf7\x12\xfc\xc7\xc7\x1a\x55\x7e\x2d\xb9\x66\xc3\xe9\xfa\x91"
- "\x74\x60\x39";
- e.inLen = XSTRLEN(e.input);
- e.outLen = WC_SHA384_DIGEST_SIZE;
- EVP_MD_CTX_init(&md_ctx);
- ret = EVP_DigestInit(&md_ctx, EVP_sha384());
- if (ret == WOLFSSL_SUCCESS) {
- ret = EVP_DigestUpdate(&md_ctx, e.input, (unsigned long)e.inLen);
- if (ret == WOLFSSL_SUCCESS)
- ret = EVP_DigestFinal(&md_ctx, hash, 0);
- }
- EVP_MD_CTX_cleanup(&md_ctx);
- if (ret != WOLFSSL_SUCCESS ||
- XMEMCMP(hash, e.output, WC_SHA384_DIGEST_SIZE) != 0) {
- return -8605;
- }
- #endif /* WOLFSSL_SHA384 */
- #ifdef WOLFSSL_SHA512
- f.input = "abcdefghbcdefghicdefghijdefghijkefghijklfghijklmghijklmnhi"
- "jklmnoijklmnopjklmnopqklmnopqrlmnopqrsmnopqrstnopqrstu";
- f.output = "\x8e\x95\x9b\x75\xda\xe3\x13\xda\x8c\xf4\xf7\x28\x14\xfc\x14"
- "\x3f\x8f\x77\x79\xc6\xeb\x9f\x7f\xa1\x72\x99\xae\xad\xb6\x88"
- "\x90\x18\x50\x1d\x28\x9e\x49\x00\xf7\xe4\x33\x1b\x99\xde\xc4"
- "\xb5\x43\x3a\xc7\xd3\x29\xee\xb6\xdd\x26\x54\x5e\x96\xe5\x5b"
- "\x87\x4b\xe9\x09";
- f.inLen = XSTRLEN(f.input);
- f.outLen = WC_SHA512_DIGEST_SIZE;
- EVP_MD_CTX_init(&md_ctx);
- ret = EVP_DigestInit(&md_ctx, EVP_sha512());
- if (ret == WOLFSSL_SUCCESS) {
- ret = EVP_DigestUpdate(&md_ctx, f.input, (unsigned long)f.inLen);
- if (ret == WOLFSSL_SUCCESS)
- ret = EVP_DigestFinal(&md_ctx, hash, 0);
- }
- EVP_MD_CTX_cleanup(&md_ctx);
- if (ret != WOLFSSL_SUCCESS ||
- XMEMCMP(hash, f.output, WC_SHA512_DIGEST_SIZE) != 0) {
- return -8606;
- }
- #endif /* WOLFSSL_SHA512 */
- #ifdef WOLFSSL_SHA3
- #ifndef WOLFSSL_NOSHA3_224
- e.input = "abcdefghbcdefghicdefghijdefghijkefghijklfghijklmghijklmnhi"
- "jklmnoijklmnopjklmnopqklmnopqrlmnopqrsmnopqrstnopqrstu";
- e.output = "\x54\x3e\x68\x68\xe1\x66\x6c\x1a\x64\x36\x30\xdf\x77\x36\x7a"
- "\xe5\xa6\x2a\x85\x07\x0a\x51\xc1\x4c\xbf\x66\x5c\xbc";
- e.inLen = XSTRLEN(e.input);
- e.outLen = WC_SHA3_224_DIGEST_SIZE;
- EVP_MD_CTX_init(&md_ctx);
- ret = EVP_DigestInit(&md_ctx, EVP_sha3_224());
- if (ret == WOLFSSL_SUCCESS) {
- ret = EVP_DigestUpdate(&md_ctx, e.input, (unsigned long)e.inLen);
- if (ret == WOLFSSL_SUCCESS)
- ret = EVP_DigestFinal(&md_ctx, hash, 0);
- }
- EVP_MD_CTX_cleanup(&md_ctx);
- if (ret != WOLFSSL_SUCCESS ||
- XMEMCMP(hash, e.output, WC_SHA3_224_DIGEST_SIZE) != 0) {
- return -8607;
- }
- #endif /* WOLFSSL_NOSHA3_224 */
- #ifndef WOLFSSL_NOSHA3_256
- d.input = "abcdefghbcdefghicdefghijdefghijkefghijklfghijklmghijklmnhi"
- "jklmnoijklmnopjklmnopqklmnopqrlmnopqrsmnopqrstnopqrstu";
- d.output = "\x91\x6f\x60\x61\xfe\x87\x97\x41\xca\x64\x69\xb4\x39\x71\xdf"
- "\xdb\x28\xb1\xa3\x2d\xc3\x6c\xb3\x25\x4e\x81\x2b\xe2\x7a\xad"
- "\x1d\x18";
- d.inLen = XSTRLEN(d.input);
- d.outLen = WC_SHA3_256_DIGEST_SIZE;
- EVP_MD_CTX_init(&md_ctx);
- ret = EVP_DigestInit(&md_ctx, EVP_sha3_256());
- if (ret == WOLFSSL_SUCCESS) {
- ret = EVP_DigestUpdate(&md_ctx, d.input, (unsigned long)d.inLen);
- if (ret == WOLFSSL_SUCCESS)
- ret = EVP_DigestFinal(&md_ctx, hash, 0);
- }
- EVP_MD_CTX_cleanup(&md_ctx);
- if (ret != WOLFSSL_SUCCESS ||
- XMEMCMP(hash, d.output, WC_SHA3_256_DIGEST_SIZE) != 0) {
- return -8608;
- }
- #endif /* WOLFSSL_NOSHA3_256 */
- e.input = "abcdefghbcdefghicdefghijdefghijkefghijklfghijklmghijklmnhi"
- "jklmnoijklmnopjklmnopqklmnopqrlmnopqrsmnopqrstnopqrstu";
- e.output = "\x79\x40\x7d\x3b\x59\x16\xb5\x9c\x3e\x30\xb0\x98\x22\x97\x47"
- "\x91\xc3\x13\xfb\x9e\xcc\x84\x9e\x40\x6f\x23\x59\x2d\x04\xf6"
- "\x25\xdc\x8c\x70\x9b\x98\xb4\x3b\x38\x52\xb3\x37\x21\x61\x79"
- "\xaa\x7f\xc7";
- e.inLen = XSTRLEN(e.input);
- e.outLen = WC_SHA3_384_DIGEST_SIZE;
- EVP_MD_CTX_init(&md_ctx);
- ret = EVP_DigestInit(&md_ctx, EVP_sha3_384());
- if (ret == WOLFSSL_SUCCESS) {
- ret = EVP_DigestUpdate(&md_ctx, e.input, (unsigned long)e.inLen);
- if (ret == WOLFSSL_SUCCESS)
- ret = EVP_DigestFinal(&md_ctx, hash, 0);
- }
- EVP_MD_CTX_cleanup(&md_ctx);
- if (ret != WOLFSSL_SUCCESS ||
- XMEMCMP(hash, e.output, WC_SHA3_384_DIGEST_SIZE) != 0) {
- return -8609;
- }
- #ifndef WOLFSSL_NOSHA3_512
- f.input = "abcdefghbcdefghicdefghijdefghijkefghijklfghijklmghijklmnhi"
- "jklmnoijklmnopjklmnopqklmnopqrlmnopqrsmnopqrstnopqrstu";
- f.output = "\xaf\xeb\xb2\xef\x54\x2e\x65\x79\xc5\x0c\xad\x06\xd2\xe5\x78"
- "\xf9\xf8\xdd\x68\x81\xd7\xdc\x82\x4d\x26\x36\x0f\xee\xbf\x18"
- "\xa4\xfa\x73\xe3\x26\x11\x22\x94\x8e\xfc\xfd\x49\x2e\x74\xe8"
- "\x2e\x21\x89\xed\x0f\xb4\x40\xd1\x87\xf3\x82\x27\x0c\xb4\x55"
- "\xf2\x1d\xd1\x85";
- f.inLen = XSTRLEN(f.input);
- f.outLen = WC_SHA3_512_DIGEST_SIZE;
- EVP_MD_CTX_init(&md_ctx);
- ret = EVP_DigestInit(&md_ctx, EVP_sha3_512());
- if (ret == WOLFSSL_SUCCESS) {
- ret = EVP_DigestUpdate(&md_ctx, f.input, (unsigned long)f.inLen);
- if (ret == WOLFSSL_SUCCESS)
- ret = EVP_DigestFinal(&md_ctx, hash, 0);
- }
- EVP_MD_CTX_cleanup(&md_ctx);
- if (ret != WOLFSSL_SUCCESS ||
- XMEMCMP(hash, f.output, WC_SHA3_512_DIGEST_SIZE) != 0) {
- return -8610;
- }
- #endif /* WOLFSSL_NOSHA3_512 */
- #endif /* WOLFSSL_SHA3 */
- #ifndef WC_NO_RNG
- if (RAND_bytes(hash, sizeof(hash)) != WOLFSSL_SUCCESS)
- return -8611;
- #endif
- #ifndef NO_MD5
- c.input = "what do ya want for nothing?";
- c.output = "\x55\x78\xe8\x48\x4b\xcc\x93\x80\x93\xec\x53\xaf\x22\xd6\x14"
- "\x76";
- c.inLen = XSTRLEN(c.input);
- c.outLen = WC_MD5_DIGEST_SIZE;
- if (HMAC(EVP_md5(), "JefeJefeJefeJefe", 16, (byte*)c.input, (int)c.inLen,
- hash, 0) == NULL ||
- XMEMCMP(hash, c.output, WC_MD5_DIGEST_SIZE) != 0)
- {
- return -8612;
- }
- #endif /* NO_MD5 */
- #ifndef NO_DES3
- { /* des test */
- WOLFSSL_SMALL_STACK_STATIC const byte vector[] = { /* "now is the time for all " w/o trailing 0 */
- 0x6e,0x6f,0x77,0x20,0x69,0x73,0x20,0x74,
- 0x68,0x65,0x20,0x74,0x69,0x6d,0x65,0x20,
- 0x66,0x6f,0x72,0x20,0x61,0x6c,0x6c,0x20
- };
- byte plain[24];
- byte cipher[24];
- const_DES_cblock key = {
- 0x01,0x23,0x45,0x67,0x89,0xab,0xcd,0xef
- };
- DES_cblock iv = {
- 0x12,0x34,0x56,0x78,0x90,0xab,0xcd,0xef
- };
- DES_key_schedule sched;
- WOLFSSL_SMALL_STACK_STATIC const byte verify[] = {
- 0x8b,0x7c,0x52,0xb0,0x01,0x2b,0x6c,0xb8,
- 0x4f,0x0f,0xeb,0xf3,0xfb,0x5f,0x86,0x73,
- 0x15,0x85,0xb3,0x22,0x4b,0x86,0x2b,0x4b
- };
- DES_key_sched(&key, &sched);
- DES_cbc_encrypt(vector, cipher, sizeof(vector), &sched, &iv, DES_ENCRYPT);
- DES_cbc_encrypt(cipher, plain, sizeof(vector), &sched, &iv, DES_DECRYPT);
- if (XMEMCMP(plain, vector, sizeof(vector)) != 0)
- return -8613;
- if (XMEMCMP(cipher, verify, sizeof(verify)) != 0)
- return -8614;
- /* test changing iv */
- DES_ncbc_encrypt(vector, cipher, 8, &sched, &iv, DES_ENCRYPT);
- DES_ncbc_encrypt(vector + 8, cipher + 8, 16, &sched, &iv, DES_ENCRYPT);
- if (XMEMCMP(cipher, verify, sizeof(verify)) != 0)
- return -8615;
- } /* end des test */
- #endif /* NO_DES3 */
- #if !defined(NO_AES) && !defined(WOLFCRYPT_ONLY)
- if (openssl_aes_test() != 0) {
- return -8616;
- }
- #if defined(WOLFSSL_AES_128) && defined(HAVE_AES_CBC)
- { /* evp_cipher test: EVP_aes_128_cbc */
- #ifdef WOLFSSL_SMALL_STACK
- EVP_CIPHER_CTX *ctx = wolfSSL_EVP_CIPHER_CTX_new();
- #else
- EVP_CIPHER_CTX ctx[1];
- #endif
- int idx, cipherSz, plainSz;
- WOLFSSL_SMALL_STACK_STATIC const byte msg[] = { /* "Now is the time for all " w/o trailing 0 */
- 0x6e,0x6f,0x77,0x20,0x69,0x73,0x20,0x74,
- 0x68,0x65,0x20,0x74,0x69,0x6d,0x65,0x20,
- 0x66,0x6f,0x72,0x20,0x61,0x6c,0x6c,0x20
- };
- WOLFSSL_SMALL_STACK_STATIC const byte verify[] = {
- 0x95,0x94,0x92,0x57,0x5f,0x42,0x81,0x53,
- 0x2c,0xcc,0x9d,0x46,0x77,0xa2,0x33,0xcb,
- 0x3b,0x5d,0x41,0x97,0x94,0x25,0xa4,0xb4,
- 0xae,0x7b,0x34,0xd0,0x3f,0x0c,0xbc,0x06
- };
- WOLFSSL_SMALL_STACK_STATIC const byte verify2[] = {
- 0x95,0x94,0x92,0x57,0x5f,0x42,0x81,0x53,
- 0x2c,0xcc,0x9d,0x46,0x77,0xa2,0x33,0xcb,
- 0x7d,0x37,0x7b,0x0b,0x44,0xaa,0xb5,0xf0,
- 0x5f,0x34,0xb4,0xde,0xb5,0xbd,0x2a,0xbb
- };
- WOLFSSL_SMALL_STACK_STATIC const byte key[] =
- "0123456789abcdef "; /* align */
- WOLFSSL_SMALL_STACK_STATIC const byte iv[] =
- "1234567890abcdef "; /* align */
- byte cipher[AES_BLOCK_SIZE * 4];
- byte plain [AES_BLOCK_SIZE * 4];
- #ifdef WOLFSSL_SMALL_STACK
- if (ctx == NULL)
- return MEMORY_E;
- #endif
- cipherSz = 0;
- EVP_CIPHER_CTX_init(ctx);
- ret = EVP_CipherInit(ctx, EVP_aes_128_cbc(), key, iv, 1);
- if (ret == WOLFSSL_SUCCESS) {
- ret = EVP_CipherUpdate(ctx, cipher, &idx, (byte*)msg, sizeof(msg));
- if (ret == WOLFSSL_SUCCESS)
- cipherSz += idx;
- }
- if (ret == WOLFSSL_SUCCESS) {
- ret = EVP_CipherFinal(ctx, cipher + cipherSz, &idx);
- if (ret == WOLFSSL_SUCCESS)
- cipherSz += idx;
- }
- EVP_CIPHER_CTX_cleanup(ctx);
- if (ret != WOLFSSL_SUCCESS)
- return -8617;
- if (cipherSz != (int)sizeof(verify) || XMEMCMP(cipher, verify, cipherSz))
- return -8618;
- /* check partial decrypt (not enough padding for full block) */
- plainSz = 0;
- EVP_CIPHER_CTX_init(ctx);
- ret = EVP_CipherInit(ctx, EVP_aes_128_cbc(), key, iv, 0);
- if (ret == WOLFSSL_SUCCESS) {
- ret = EVP_CipherUpdate(ctx, plain, &idx, cipher, 1);
- if (ret == WOLFSSL_SUCCESS)
- plainSz += idx;
- }
- if (ret == WOLFSSL_SUCCESS) {
- /* this test should fail... not enough padding for full block */
- ret = EVP_CipherFinal(ctx, plain + plainSz, &idx);
- if (plainSz == 0 && ret != WOLFSSL_SUCCESS)
- ret = WOLFSSL_SUCCESS;
- else
- ret = -8619;
- }
- else
- ret = -8620;
- EVP_CIPHER_CTX_cleanup(ctx);
- if (ret != WOLFSSL_SUCCESS)
- return ret;
- plainSz = 0;
- EVP_CIPHER_CTX_init(ctx);
- ret = EVP_CipherInit(ctx, EVP_aes_128_cbc(), key, iv, 0);
- if (ret == WOLFSSL_SUCCESS) {
- ret = EVP_CipherUpdate(ctx, plain, &idx, cipher, cipherSz);
- if (ret == WOLFSSL_SUCCESS)
- plainSz += idx;
- }
- if (ret == WOLFSSL_SUCCESS) {
- ret = EVP_CipherFinal(ctx, plain + plainSz, &idx);
- if (ret == WOLFSSL_SUCCESS)
- plainSz += idx;
- }
- EVP_CIPHER_CTX_cleanup(ctx);
- if (ret != WOLFSSL_SUCCESS)
- return -8621;
- if (plainSz != (int)sizeof(msg) || XMEMCMP(plain, msg, sizeof(msg)))
- return -8622;
- cipherSz = 0;
- EVP_CIPHER_CTX_init(ctx);
- ret = EVP_CipherInit(ctx, EVP_aes_128_cbc(), key, iv, 1);
- if (ret == WOLFSSL_SUCCESS) {
- ret = EVP_CipherUpdate(ctx, cipher, &idx, msg, AES_BLOCK_SIZE);
- if (ret == WOLFSSL_SUCCESS)
- cipherSz += idx;
- }
- if (ret == WOLFSSL_SUCCESS) {
- ret = EVP_CipherFinal(ctx, cipher + cipherSz, &idx);
- if (ret == WOLFSSL_SUCCESS)
- cipherSz += idx;
- }
- EVP_CIPHER_CTX_cleanup(ctx);
- if (ret != WOLFSSL_SUCCESS)
- return -8623;
- if (cipherSz != (int)sizeof(verify2) || XMEMCMP(cipher, verify2, cipherSz))
- return -8624;
- #ifdef WOLFSSL_SMALL_STACK
- wolfSSL_EVP_CIPHER_CTX_free(ctx);
- #endif
- } /* end evp_cipher test: EVP_aes_128_cbc*/
- #endif /* WOLFSSL_AES_128 && HAVE_AES_CBC */
- #if defined(HAVE_AES_ECB) && defined(WOLFSSL_AES_256)
- { /* evp_cipher test: EVP_aes_256_ecb*/
- #ifdef WOLFSSL_SMALL_STACK
- EVP_CIPHER_CTX *ctx = wolfSSL_EVP_CIPHER_CTX_new();
- #else
- EVP_CIPHER_CTX ctx[1];
- #endif
- WOLFSSL_SMALL_STACK_STATIC const byte msg[] = {
- 0x6b,0xc1,0xbe,0xe2,0x2e,0x40,0x9f,0x96,
- 0xe9,0x3d,0x7e,0x11,0x73,0x93,0x17,0x2a
- };
- WOLFSSL_SMALL_STACK_STATIC const byte verify[] = {
- 0xf3,0xee,0xd1,0xbd,0xb5,0xd2,0xa0,0x3c,
- 0x06,0x4b,0x5a,0x7e,0x3d,0xb1,0x81,0xf8
- };
- WOLFSSL_SMALL_STACK_STATIC const byte key[] = {
- 0x60,0x3d,0xeb,0x10,0x15,0xca,0x71,0xbe,
- 0x2b,0x73,0xae,0xf0,0x85,0x7d,0x77,0x81,
- 0x1f,0x35,0x2c,0x07,0x3b,0x61,0x08,0xd7,
- 0x2d,0x98,0x10,0xa3,0x09,0x14,0xdf,0xf4
- };
- byte cipher[AES_BLOCK_SIZE * 4];
- byte plain [AES_BLOCK_SIZE * 4];
- #ifdef WOLFSSL_SMALL_STACK
- if (ctx == NULL)
- return MEMORY_E;
- #endif
- EVP_CIPHER_CTX_init(ctx);
- ret = EVP_CipherInit(ctx, EVP_aes_256_ecb(), (unsigned char*)key, NULL, 1);
- if (ret == WOLFSSL_SUCCESS)
- ret = EVP_Cipher(ctx, cipher, (byte*)msg, 16);
- EVP_CIPHER_CTX_cleanup(ctx);
- if (ret != 16)
- return -8625;
- if (XMEMCMP(cipher, verify, AES_BLOCK_SIZE))
- return -8626;
- EVP_CIPHER_CTX_init(ctx);
- ret = EVP_CipherInit(ctx, EVP_aes_256_ecb(), (unsigned char*)key, NULL, 0);
- if (ret == WOLFSSL_SUCCESS)
- ret = EVP_Cipher(ctx, plain, cipher, 16);
- EVP_CIPHER_CTX_cleanup(ctx);
- if (ret != 16)
- return -8627;
- if (XMEMCMP(plain, msg, AES_BLOCK_SIZE))
- return -8628;
- #ifdef WOLFSSL_SMALL_STACK
- wolfSSL_EVP_CIPHER_CTX_free(ctx);
- #endif
- } /* end evp_cipher test */
- #endif /* HAVE_AES_ECB && WOLFSSL_AES_128 */
- #define OPENSSL_TEST_ERROR (-10000)
- #if defined(WOLFSSL_AES_DIRECT) && defined(WOLFSSL_AES_256)
- /* enable HAVE_AES_DECRYPT for AES_encrypt/decrypt */
- {
- /* Test: AES_encrypt/decrypt/set Key */
- #ifdef WOLFSSL_SMALL_STACK
- AES_KEY *enc = (AES_KEY *)XMALLOC(sizeof *enc, HEAP_HINT, DYNAMIC_TYPE_AES);
- #ifdef HAVE_AES_DECRYPT
- AES_KEY *dec = (AES_KEY *)XMALLOC(sizeof *dec, HEAP_HINT, DYNAMIC_TYPE_AES);
- #endif
- #else
- AES_KEY enc[1];
- #ifdef HAVE_AES_DECRYPT
- AES_KEY dec[1];
- #endif
- #endif
- WOLFSSL_SMALL_STACK_STATIC const byte msg[] =
- {
- 0x6b,0xc1,0xbe,0xe2,0x2e,0x40,0x9f,0x96,
- 0xe9,0x3d,0x7e,0x11,0x73,0x93,0x17,0x2a
- };
- WOLFSSL_SMALL_STACK_STATIC const byte verify[] =
- {
- 0xf3,0xee,0xd1,0xbd,0xb5,0xd2,0xa0,0x3c,
- 0x06,0x4b,0x5a,0x7e,0x3d,0xb1,0x81,0xf8
- };
- WOLFSSL_SMALL_STACK_STATIC const byte key[] =
- {
- 0x60,0x3d,0xeb,0x10,0x15,0xca,0x71,0xbe,
- 0x2b,0x73,0xae,0xf0,0x85,0x7d,0x77,0x81,
- 0x1f,0x35,0x2c,0x07,0x3b,0x61,0x08,0xd7,
- 0x2d,0x98,0x10,0xa3,0x09,0x14,0xdf,0xf4
- };
- byte plain[sizeof(msg)];
- byte cipher[sizeof(msg)];
- printf("openSSL extra test\n") ;
- #ifdef WOLFSSL_SMALL_STACK
- if (enc == NULL)
- return MEMORY_E;
- #ifdef HAVE_AES_DECRYPT
- if (dec == NULL)
- return MEMORY_E;
- #endif
- #endif
- AES_set_encrypt_key(key, sizeof(key)*8, enc);
- AES_set_decrypt_key(key, sizeof(key)*8, dec);
- AES_encrypt(msg, cipher, enc);
- #ifdef HAVE_AES_DECRYPT
- AES_decrypt(cipher, plain, dec);
- if (XMEMCMP(plain, msg, AES_BLOCK_SIZE))
- return OPENSSL_TEST_ERROR-60;
- #endif /* HAVE_AES_DECRYPT */
- if (XMEMCMP(cipher, verify, AES_BLOCK_SIZE))
- return OPENSSL_TEST_ERROR-61;
- #ifdef WOLFSSL_SMALL_STACK
- XFREE(enc, HEAP_HINT, DYNAMIC_TYPE_AES);
- #ifdef HAVE_AES_DECRYPT
- XFREE(dec, HEAP_HINT, DYNAMIC_TYPE_AES);
- #endif
- #endif
- }
- #endif /* WOLFSSL_AES_DIRECT && WOLFSSL_AES_256 */
- /* EVP_Cipher with EVP_aes_xxx_ctr() */
- #ifdef WOLFSSL_AES_COUNTER
- {
- byte plainBuff [64];
- byte cipherBuff[64];
- #ifdef WOLFSSL_AES_128
- WOLFSSL_SMALL_STACK_STATIC const byte ctrKey[] =
- {
- 0x2b,0x7e,0x15,0x16,0x28,0xae,0xd2,0xa6,
- 0xab,0xf7,0x15,0x88,0x09,0xcf,0x4f,0x3c
- };
- WOLFSSL_SMALL_STACK_STATIC const byte ctrIv[] =
- {
- 0xf0,0xf1,0xf2,0xf3,0xf4,0xf5,0xf6,0xf7,
- 0xf8,0xf9,0xfa,0xfb,0xfc,0xfd,0xfe,0xff
- };
- WOLFSSL_SMALL_STACK_STATIC const byte ctrPlain[] =
- {
- 0x6b,0xc1,0xbe,0xe2,0x2e,0x40,0x9f,0x96,
- 0xe9,0x3d,0x7e,0x11,0x73,0x93,0x17,0x2a,
- 0xae,0x2d,0x8a,0x57,0x1e,0x03,0xac,0x9c,
- 0x9e,0xb7,0x6f,0xac,0x45,0xaf,0x8e,0x51,
- 0x30,0xc8,0x1c,0x46,0xa3,0x5c,0xe4,0x11,
- 0xe5,0xfb,0xc1,0x19,0x1a,0x0a,0x52,0xef,
- 0xf6,0x9f,0x24,0x45,0xdf,0x4f,0x9b,0x17,
- 0xad,0x2b,0x41,0x7b,0xe6,0x6c,0x37,0x10
- };
- WOLFSSL_SMALL_STACK_STATIC const byte ctrCipher[] =
- {
- 0x87,0x4d,0x61,0x91,0xb6,0x20,0xe3,0x26,
- 0x1b,0xef,0x68,0x64,0x99,0x0d,0xb6,0xce,
- 0x98,0x06,0xf6,0x6b,0x79,0x70,0xfd,0xff,
- 0x86,0x17,0x18,0x7b,0xb9,0xff,0xfd,0xff,
- 0x5a,0xe4,0xdf,0x3e,0xdb,0xd5,0xd3,0x5e,
- 0x5b,0x4f,0x09,0x02,0x0d,0xb0,0x3e,0xab,
- 0x1e,0x03,0x1d,0xda,0x2f,0xbe,0x03,0xd1,
- 0x79,0x21,0x70,0xa0,0xf3,0x00,0x9c,0xee
- };
- WOLFSSL_SMALL_STACK_STATIC const byte oddCipher[] =
- {
- 0xb9,0xd7,0xcb,0x08,0xb0,0xe1,0x7b,0xa0,
- 0xc2
- };
- #endif /* WOLFSSL_AES_128 */
- #ifdef WOLFSSL_AES_192
- /* test vector from "Recommendation for Block Cipher Modes of Operation"
- * NIST Special Publication 800-38A */
- WOLFSSL_SMALL_STACK_STATIC const byte ctr192Key[] =
- {
- 0x8e,0x73,0xb0,0xf7,0xda,0x0e,0x64,0x52,
- 0xc8,0x10,0xf3,0x2b,0x80,0x90,0x79,0xe5,
- 0x62,0xf8,0xea,0xd2,0x52,0x2c,0x6b,0x7b
- };
- WOLFSSL_SMALL_STACK_STATIC const byte ctr192Iv[] =
- {
- 0xf0,0xf1,0xf2,0xf3,0xf4,0xf5,0xf6,0xf7,
- 0xf8,0xf9,0xfa,0xfb,0xfc,0xfd,0xfe,0xff
- };
- WOLFSSL_SMALL_STACK_STATIC const byte ctr192Plain[] =
- {
- 0x6b,0xc1,0xbe,0xe2,0x2e,0x40,0x9f,0x96,
- 0xe9,0x3d,0x7e,0x11,0x73,0x93,0x17,0x2a
- };
- WOLFSSL_SMALL_STACK_STATIC const byte ctr192Cipher[] =
- {
- 0x1a,0xbc,0x93,0x24,0x17,0x52,0x1c,0xa2,
- 0x4f,0x2b,0x04,0x59,0xfe,0x7e,0x6e,0x0b
- };
- #endif /* WOLFSSL_AES_192 */
- #ifdef WOLFSSL_AES_256
- /* test vector from "Recommendation for Block Cipher Modes of Operation"
- * NIST Special Publication 800-38A */
- WOLFSSL_SMALL_STACK_STATIC const byte ctr256Key[] =
- {
- 0x60,0x3d,0xeb,0x10,0x15,0xca,0x71,0xbe,
- 0x2b,0x73,0xae,0xf0,0x85,0x7d,0x77,0x81,
- 0x1f,0x35,0x2c,0x07,0x3b,0x61,0x08,0xd7,
- 0x2d,0x98,0x10,0xa3,0x09,0x14,0xdf,0xf4
- };
- WOLFSSL_SMALL_STACK_STATIC const byte ctr256Iv[] =
- {
- 0xf0,0xf1,0xf2,0xf3,0xf4,0xf5,0xf6,0xf7,
- 0xf8,0xf9,0xfa,0xfb,0xfc,0xfd,0xfe,0xff
- };
- WOLFSSL_SMALL_STACK_STATIC const byte ctr256Plain[] =
- {
- 0x6b,0xc1,0xbe,0xe2,0x2e,0x40,0x9f,0x96,
- 0xe9,0x3d,0x7e,0x11,0x73,0x93,0x17,0x2a
- };
- WOLFSSL_SMALL_STACK_STATIC const byte ctr256Cipher[] =
- {
- 0x60,0x1e,0xc3,0x13,0x77,0x57,0x89,0xa5,
- 0xb7,0xa7,0xf5,0x04,0xbb,0xf3,0xd2,0x28
- };
- #endif /* WOLFSSL_AES_256 */
- #ifdef WOLFSSL_SMALL_STACK
- EVP_CIPHER_CTX *en = wolfSSL_EVP_CIPHER_CTX_new();
- EVP_CIPHER_CTX *de = wolfSSL_EVP_CIPHER_CTX_new();
- if ((en == NULL) || (de == NULL))
- return MEMORY_E;
- #else
- EVP_CIPHER_CTX en[1];
- EVP_CIPHER_CTX de[1];
- #endif
- #ifdef WOLFSSL_AES_128
- #ifndef WOLFSSL_SMALL_STACK
- EVP_CIPHER_CTX *p_en;
- EVP_CIPHER_CTX *p_de;
- #endif
- EVP_CIPHER_CTX_init(en);
- if (EVP_CipherInit(en, EVP_aes_128_ctr(),
- (unsigned char*)ctrKey, (unsigned char*)ctrIv, 0) == 0)
- return -8629;
- if (EVP_Cipher(en, (byte*)cipherBuff, (byte*)ctrPlain,
- AES_BLOCK_SIZE*4) != AES_BLOCK_SIZE*4)
- return -8630;
- EVP_CIPHER_CTX_init(de);
- if (EVP_CipherInit(de, EVP_aes_128_ctr(),
- (unsigned char*)ctrKey, (unsigned char*)ctrIv, 0) == 0)
- return -8631;
- if (EVP_Cipher(de, (byte*)plainBuff, (byte*)cipherBuff,
- AES_BLOCK_SIZE*4) != AES_BLOCK_SIZE*4)
- return -8632;
- if (XMEMCMP(cipherBuff, ctrCipher, AES_BLOCK_SIZE*4))
- return -8633;
- if (XMEMCMP(plainBuff, ctrPlain, AES_BLOCK_SIZE*4))
- return -8634;
- #ifndef WOLFSSL_SMALL_STACK
- p_en = wolfSSL_EVP_CIPHER_CTX_new();
- if(p_en == NULL)return -8635;
- p_de = wolfSSL_EVP_CIPHER_CTX_new();
- if(p_de == NULL)return -8636;
- if (EVP_CipherInit(p_en, EVP_aes_128_ctr(),
- (unsigned char*)ctrKey, (unsigned char*)ctrIv, 0) == 0)
- return -8637;
- if (EVP_Cipher(p_en, (byte*)cipherBuff, (byte*)ctrPlain,
- AES_BLOCK_SIZE*4) != AES_BLOCK_SIZE*4)
- return -8638;
- if (EVP_CipherInit(p_de, EVP_aes_128_ctr(),
- (unsigned char*)ctrKey, (unsigned char*)ctrIv, 0) == 0)
- return -8639;
- if (EVP_Cipher(p_de, (byte*)plainBuff, (byte*)cipherBuff,
- AES_BLOCK_SIZE*4) != AES_BLOCK_SIZE*4)
- return -8640;
- wolfSSL_EVP_CIPHER_CTX_free(p_en);
- wolfSSL_EVP_CIPHER_CTX_free(p_de);
- #endif /* !WOLFSSL_SMALL_STACK */
- if (XMEMCMP(cipherBuff, ctrCipher, AES_BLOCK_SIZE*4))
- return -8641;
- if (XMEMCMP(plainBuff, ctrPlain, AES_BLOCK_SIZE*4))
- return -8642;
- EVP_CIPHER_CTX_init(en);
- if (EVP_CipherInit(en, EVP_aes_128_ctr(),
- (unsigned char*)ctrKey, (unsigned char*)ctrIv, 0) == 0)
- return -8643;
- if (EVP_Cipher(en, (byte*)cipherBuff, (byte*)ctrPlain, 9) != 9)
- return -8644;
- EVP_CIPHER_CTX_init(de);
- if (EVP_CipherInit(de, EVP_aes_128_ctr(),
- (unsigned char*)ctrKey, (unsigned char*)ctrIv, 0) == 0)
- return -8645;
- if (EVP_Cipher(de, (byte*)plainBuff, (byte*)cipherBuff, 9) != 9)
- return -8646;
- if (XMEMCMP(plainBuff, ctrPlain, 9))
- return -8647;
- if (XMEMCMP(cipherBuff, ctrCipher, 9))
- return -8648;
- if (EVP_Cipher(en, (byte*)cipherBuff, (byte*)ctrPlain, 9) != 9)
- return -8649;
- if (EVP_Cipher(de, (byte*)plainBuff, (byte*)cipherBuff, 9) != 9)
- return -8650;
- if (XMEMCMP(plainBuff, ctrPlain, 9))
- return -8651;
- if (XMEMCMP(cipherBuff, oddCipher, 9))
- return -8652;
- #endif /* WOLFSSL_AES_128 */
- #ifdef WOLFSSL_AES_192
- EVP_CIPHER_CTX_init(en);
- if (EVP_CipherInit(en, EVP_aes_192_ctr(),
- (unsigned char*)ctr192Key, (unsigned char*)ctr192Iv, 0) == 0)
- return -8653;
- if (EVP_Cipher(en, (byte*)cipherBuff, (byte*)ctr192Plain,
- AES_BLOCK_SIZE) != AES_BLOCK_SIZE)
- return -8654;
- EVP_CIPHER_CTX_init(de);
- if (EVP_CipherInit(de, EVP_aes_192_ctr(),
- (unsigned char*)ctr192Key, (unsigned char*)ctr192Iv, 0) == 0)
- return -8655;
- XMEMSET(plainBuff, 0, sizeof(plainBuff));
- if (EVP_Cipher(de, (byte*)plainBuff, (byte*)cipherBuff,
- AES_BLOCK_SIZE) != AES_BLOCK_SIZE)
- return -8656;
- if (XMEMCMP(plainBuff, ctr192Plain, sizeof(ctr192Plain)))
- return -8657;
- if (XMEMCMP(ctr192Cipher, cipherBuff, sizeof(ctr192Cipher)))
- return -8658;
- #endif /* WOLFSSL_AES_192 */
- #ifdef WOLFSSL_AES_256
- EVP_CIPHER_CTX_init(en);
- if (EVP_CipherInit(en, EVP_aes_256_ctr(),
- (unsigned char*)ctr256Key, (unsigned char*)ctr256Iv, 0) == 0)
- return -8659;
- if (EVP_Cipher(en, (byte*)cipherBuff, (byte*)ctr256Plain,
- AES_BLOCK_SIZE) != AES_BLOCK_SIZE)
- return -8660;
- EVP_CIPHER_CTX_init(de);
- if (EVP_CipherInit(de, EVP_aes_256_ctr(),
- (unsigned char*)ctr256Key, (unsigned char*)ctr256Iv, 0) == 0)
- return -8661;
- XMEMSET(plainBuff, 0, sizeof(plainBuff));
- if (EVP_Cipher(de, (byte*)plainBuff, (byte*)cipherBuff,
- AES_BLOCK_SIZE) != AES_BLOCK_SIZE)
- return -8662;
- if (XMEMCMP(plainBuff, ctr256Plain, sizeof(ctr256Plain)))
- return -8663;
- if (XMEMCMP(ctr256Cipher, cipherBuff, sizeof(ctr256Cipher)))
- return -8664;
- #endif /* WOLFSSL_AES_256 */
- #ifdef WOLFSSL_SMALL_STACK
- wolfSSL_EVP_CIPHER_CTX_free(en);
- wolfSSL_EVP_CIPHER_CTX_free(de);
- #endif
- }
- #endif /* HAVE_AES_COUNTER */
- #if defined(HAVE_AES_CBC) && defined(WOLFSSL_AES_128)
- {
- /* EVP_CipherUpdate test */
- WOLFSSL_SMALL_STACK_STATIC const byte cbcPlain[] =
- {
- 0x6b,0xc1,0xbe,0xe2,0x2e,0x40,0x9f,0x96,
- 0xe9,0x3d,0x7e,0x11,0x73,0x93,0x17,0x2a,
- 0xae,0x2d,0x8a,0x57,0x1e,0x03,0xac,0x9c,
- 0x9e,0xb7,0x6f,0xac,0x45,0xaf,0x8e,0x51,
- 0x30,0xc8,0x1c,0x46,0xa3,0x5c,0xe4,0x11,
- 0xe5,0xfb,0xc1,0x19,0x1a,0x0a,0x52,0xef,
- 0xf6,0x9f,0x24,0x45,0xdf,0x4f,0x9b,0x17,
- 0xad,0x2b,0x41,0x7b,0xe6,0x6c,0x37,0x10
- };
- byte key[] = "0123456789abcdef "; /* align */
- byte iv[] = "1234567890abcdef "; /* align */
- byte cipher[AES_BLOCK_SIZE * 4];
- byte plain [AES_BLOCK_SIZE * 4];
- #ifdef WOLFSSL_SMALL_STACK
- EVP_CIPHER_CTX *en = wolfSSL_EVP_CIPHER_CTX_new();
- EVP_CIPHER_CTX *de = wolfSSL_EVP_CIPHER_CTX_new();
- #else
- EVP_CIPHER_CTX en[1];
- EVP_CIPHER_CTX de[1];
- #endif
- int outlen ;
- int total = 0;
- #ifdef WOLFSSL_SMALL_STACK
- if ((en == NULL) || (de == NULL))
- return MEMORY_E;
- #endif
- EVP_CIPHER_CTX_init(en);
- if (EVP_CipherInit(en, EVP_aes_128_cbc(),
- (unsigned char*)key, (unsigned char*)iv, 1) == 0)
- return -8665;
- /* openSSL compatibility, if(inlen == 0)return 1; */
- if (EVP_CipherUpdate(en, (byte*)cipher, &outlen,
- (byte*)cbcPlain, 0) != 1)
- return -8666;
- EVP_CIPHER_CTX_init(en);
- if (EVP_CipherInit(en, EVP_aes_128_cbc(),
- (unsigned char*)key, (unsigned char*)iv, 1) == 0)
- return -8667;
- if (EVP_CipherUpdate(en, (byte*)cipher, &outlen,
- (byte*)cbcPlain, 9) == 0)
- return -8668;
- if(outlen != 0)
- return -8669;
- total += outlen;
- if (EVP_CipherUpdate(en, (byte*)&cipher[total], &outlen,
- (byte*)&cbcPlain[9] , 9) == 0)
- return -8670;
- if(outlen != 16)
- return -8671;
- total += outlen;
- if (EVP_CipherFinal(en, (byte*)&cipher[total], &outlen) == 0)
- return -8672;
- if(outlen != 16)
- return -8673;
- total += outlen;
- if(total != 32)
- return -8674;
- total = 0;
- EVP_CIPHER_CTX_init(de);
- if (EVP_CipherInit(de, EVP_aes_128_cbc(),
- (unsigned char*)key, (unsigned char*)iv, 0) == 0)
- return -8675;
- if (EVP_CipherUpdate(de, (byte*)plain, &outlen, (byte*)cipher, 6) == 0)
- return -8676;
- if(outlen != 0)
- return -8677;
- total += outlen;
- if (EVP_CipherUpdate(de, (byte*)&plain[total], &outlen,
- (byte*)&cipher[6], 12) == 0)
- return -8678;
- if(outlen != 0)
- total += outlen;
- if (EVP_CipherUpdate(de, (byte*)&plain[total], &outlen,
- (byte*)&cipher[6+12], 14) == 0)
- return -8679;
- if(outlen != 16)
- return -8680;
- total += outlen;
- if (EVP_CipherFinal(de, (byte*)&plain[total], &outlen) == 0)
- return -8681;
- if(outlen != 2)
- return -8682;
- total += outlen;
- if(total != 18)
- return -8683;
- if (XMEMCMP(plain, cbcPlain, 18))
- return -8684;
- total = 0;
- EVP_CIPHER_CTX_init(en);
- if (EVP_EncryptInit(en, EVP_aes_128_cbc(),
- (unsigned char*)key, (unsigned char*)iv) == 0)
- return -8685;
- if (EVP_CipherUpdate(en, (byte*)cipher, &outlen, (byte*)cbcPlain, 9) == 0)
- return -8686;
- if(outlen != 0)
- return -8687;
- total += outlen;
- if (EVP_CipherUpdate(en, (byte*)&cipher[total], &outlen, (byte*)&cbcPlain[9] , 9) == 0)
- return -8688;
- if(outlen != 16)
- return -8689;
- total += outlen;
- if (EVP_EncryptFinal(en, (byte*)&cipher[total], &outlen) == 0)
- return -8690;
- if(outlen != 16)
- return -8691;
- total += outlen;
- if(total != 32)
- return 3438;
- total = 0;
- EVP_CIPHER_CTX_init(de);
- if (EVP_DecryptInit(de, EVP_aes_128_cbc(),
- (unsigned char*)key, (unsigned char*)iv) == 0)
- return -8692;
- if (EVP_CipherUpdate(de, (byte*)plain, &outlen, (byte*)cipher, 6) == 0)
- return -8693;
- if(outlen != 0)
- return -8694;
- total += outlen;
- if (EVP_CipherUpdate(de, (byte*)&plain[total], &outlen, (byte*)&cipher[6], 12) == 0)
- return -8695;
- if(outlen != 0)
- total += outlen;
- if (EVP_CipherUpdate(de, (byte*)&plain[total], &outlen, (byte*)&cipher[6+12], 14) == 0)
- return -8696;
- if(outlen != 16)
- return -8697;
- total += outlen;
- if (EVP_DecryptFinal(de, (byte*)&plain[total], &outlen) == 0)
- return -8698;
- if(outlen != 2)
- return -8699;
- total += outlen;
- if(total != 18)
- return 3447;
- if (XMEMCMP(plain, cbcPlain, 18))
- return -8700;
- if (EVP_CIPHER_key_length(NULL) != 0)
- return -8701;
- if (EVP_CIPHER_key_length(EVP_aes_128_cbc()) != 16)
- return -8702;
- if (EVP_CIPHER_CTX_mode(NULL) != 0)
- return -8703;
- if (EVP_CIPHER_CTX_mode(en) != (en->flags & WOLFSSL_EVP_CIPH_MODE))
- return -8704;
- EVP_CIPHER_CTX_init(en);
- if (EVP_CipherInit_ex(en, EVP_aes_128_cbc(), NULL,
- (unsigned char*)key, (unsigned char*)iv, 0) == 0)
- return -8705;
- EVP_CIPHER_CTX_init(en);
- if (EVP_EncryptInit_ex(en, EVP_aes_128_cbc(), NULL,
- (unsigned char*)key, (unsigned char*)iv) == 0)
- return -8706;
- if (wolfSSL_EVP_EncryptFinal_ex(NULL, NULL, NULL) != WOLFSSL_FAILURE)
- return -8707;
- if (wolfSSL_EVP_EncryptFinal(NULL, NULL, NULL) != WOLFSSL_FAILURE)
- return -8708;
- EVP_CIPHER_CTX_init(de);
- if (EVP_DecryptInit_ex(de, EVP_aes_128_cbc(), NULL,
- (unsigned char*)key, (unsigned char*)iv) == 0)
- return -8709;
- if (wolfSSL_EVP_DecryptFinal(NULL, NULL, NULL) != WOLFSSL_FAILURE)
- return -8710;
- if (wolfSSL_EVP_DecryptFinal_ex(NULL, NULL, NULL) != WOLFSSL_FAILURE)
- return -8711;
- if (EVP_CIPHER_CTX_block_size(NULL) != BAD_FUNC_ARG)
- return -8712;
- EVP_CIPHER_CTX_init(en);
- EVP_EncryptInit_ex(en, EVP_aes_128_cbc(), NULL,
- (unsigned char*)key, (unsigned char*)iv);
- if (EVP_CIPHER_CTX_block_size(en) != en->block_size)
- return -8713;
- if (EVP_CIPHER_block_size(NULL) != BAD_FUNC_ARG)
- return -8714;
- if (EVP_CIPHER_block_size(EVP_aes_128_cbc()) != AES_BLOCK_SIZE)
- return -8715;
- if (WOLFSSL_EVP_CIPHER_mode(NULL) != 0)
- return -8716;
- if (EVP_CIPHER_flags(EVP_aes_128_cbc()) != WOLFSSL_EVP_CIPH_CBC_MODE)
- return -8717;
- EVP_CIPHER_CTX_clear_flags(en, 0xFFFFFFFF);
- EVP_CIPHER_CTX_set_flags(en, 42);
- if (en->flags != 42)
- return -8718;
- if (EVP_CIPHER_CTX_set_padding(NULL, 0) != BAD_FUNC_ARG)
- return -8719;
- if (EVP_CIPHER_CTX_set_padding(en, 0) != WOLFSSL_SUCCESS)
- return -8720;
- if (EVP_CIPHER_CTX_set_padding(en, 1) != WOLFSSL_SUCCESS)
- return -8721;
- #ifdef WOLFSSL_SMALL_STACK
- wolfSSL_EVP_CIPHER_CTX_free(en);
- wolfSSL_EVP_CIPHER_CTX_free(de);
- #endif
- }
- #endif /* WOLFSSL_AES_128 && HAVE_AES_CBC */
- #endif /* ifndef NO_AES */
- return 0;
- }
- WOLFSSL_TEST_SUBROUTINE int openSSL_evpMD_test(void)
- {
- int ret = 0;
- #if !defined(NO_SHA256) && !defined(NO_SHA)
- WOLFSSL_EVP_MD_CTX* ctx;
- WOLFSSL_EVP_MD_CTX* ctx2;
- ctx = EVP_MD_CTX_create();
- ctx2 = EVP_MD_CTX_create();
- ret = EVP_DigestInit(ctx, EVP_sha256());
- if (ret != SSL_SUCCESS) {
- ret = -8800;
- goto openSSL_evpMD_test_done;
- }
- ret = EVP_MD_CTX_copy(ctx2, ctx);
- if (ret != SSL_SUCCESS) {
- ret = -8801;
- goto openSSL_evpMD_test_done;
- }
- if (EVP_MD_type(EVP_sha256()) != EVP_MD_CTX_type(ctx2)) {
- ret = -8802;
- goto openSSL_evpMD_test_done;
- }
- ret = EVP_DigestInit(ctx, EVP_sha1());
- if (ret != SSL_SUCCESS) {
- ret = -8803;
- goto openSSL_evpMD_test_done;
- }
- if (EVP_MD_type(EVP_sha256()) != EVP_MD_CTX_type(ctx2)) {
- ret = -8804;
- goto openSSL_evpMD_test_done;
- }
- ret = EVP_MD_CTX_copy_ex(ctx2, ctx);
- if (ret != SSL_SUCCESS) {
- ret = -8805;
- goto openSSL_evpMD_test_done;
- }
- if (EVP_MD_type(EVP_sha256()) == EVP_MD_CTX_type(ctx2)) {
- ret = -8806;
- goto openSSL_evpMD_test_done;
- }
- if (EVP_MD_type(EVP_sha1()) != EVP_MD_CTX_type(ctx2)) {
- ret = -8807;
- goto openSSL_evpMD_test_done;
- }
- if (EVP_DigestInit_ex(ctx, EVP_sha1(), NULL) != SSL_SUCCESS) {
- ret = -8808;
- goto openSSL_evpMD_test_done;
- }
- if (EVP_add_digest(NULL) != 0) {
- ret = -8809;
- goto openSSL_evpMD_test_done;
- }
- if (wolfSSL_EVP_add_cipher(NULL) != 0) {
- ret = -8810;
- goto openSSL_evpMD_test_done;
- }
- ret = 0; /* got to success state without jumping to end with a fail */
- openSSL_evpMD_test_done:
- EVP_MD_CTX_destroy(ctx);
- EVP_MD_CTX_destroy(ctx2);
- #endif /* NO_SHA256 */
- return ret;
- }
- #ifdef DEBUG_SIGN
- static void show(const char *title, const char *p, unsigned int s) {
- char* i;
- printf("%s: ", title);
- for (i = p;
- i < p + s;
- printf("%c", *i), i++);
- printf("\n");
- }
- #else
- #define show(a,b,c)
- #endif
- #define FOURK_BUFF 4096
- #define ERR_BASE_PKEY -5000
- WOLFSSL_TEST_SUBROUTINE int openssl_pkey0_test(void)
- {
- int ret = 0;
- #if !defined(NO_RSA) && !defined(HAVE_USER_RSA) && !defined(NO_SHA)
- byte* prvTmp;
- byte* pubTmp;
- int prvBytes;
- int pubBytes;
- RSA *prvRsa = NULL;
- RSA *pubRsa = NULL;
- EVP_PKEY *prvPkey = NULL;
- EVP_PKEY *pubPkey = NULL;
- EVP_PKEY_CTX *enc = NULL;
- EVP_PKEY_CTX *dec = NULL;
- byte in[] = TEST_STRING;
- byte out[256];
- size_t outlen;
- size_t keySz;
- byte plain[256];
- #if !defined(USE_CERT_BUFFERS_1024) && !defined(USE_CERT_BUFFERS_2048)
- XFILE keyFile;
- XFILE keypubFile;
- char cliKey[] = "./certs/client-key.der";
- char cliKeypub[] = "./certs/client-keyPub.der";
- #endif
- prvTmp = (byte*)XMALLOC(FOURK_BUFF, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- if (prvTmp == NULL)
- return ERR_BASE_PKEY-1;
- pubTmp = (byte*)XMALLOC(FOURK_BUFF, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- if (pubTmp == NULL) {
- XFREE(prvTmp, HEAP_HINT ,DYNAMIC_TYPE_TMP_BUFFER);
- return ERR_BASE_PKEY-2;
- }
- #ifdef USE_CERT_BUFFERS_1024
- XMEMCPY(prvTmp, client_key_der_1024, sizeof_client_key_der_1024);
- prvBytes = sizeof_client_key_der_1024;
- XMEMCPY(pubTmp, client_keypub_der_1024, sizeof_client_keypub_der_1024);
- pubBytes = sizeof_client_keypub_der_1024;
- #elif defined(USE_CERT_BUFFERS_2048)
- XMEMCPY(prvTmp, client_key_der_2048, sizeof_client_key_der_2048);
- prvBytes = sizeof_client_key_der_2048;
- XMEMCPY(pubTmp, client_keypub_der_2048, sizeof_client_keypub_der_2048);
- pubBytes = sizeof_client_keypub_der_2048;
- #else
- keyFile = XFOPEN(cliKey, "rb");
- if (!keyFile) {
- XFREE(prvTmp, HEAP_HINT ,DYNAMIC_TYPE_TMP_BUFFER);
- XFREE(pubTmp, HEAP_HINT ,DYNAMIC_TYPE_TMP_BUFFER);
- err_sys("can't open ./certs/client-key.der, "
- "Please run from wolfSSL home dir", ERR_BASE_PKEY-3);
- return ERR_BASE_PKEY-3;
- }
- prvBytes = (int)XFREAD(prvTmp, 1, (int)FOURK_BUFF, keyFile);
- XFCLOSE(keyFile);
- keypubFile = XFOPEN(cliKeypub, "rb");
- if (!keypubFile) {
- XFREE(prvTmp, HEAP_HINT ,DYNAMIC_TYPE_TMP_BUFFER);
- XFREE(pubTmp, HEAP_HINT ,DYNAMIC_TYPE_TMP_BUFFER);
- err_sys("can't open ./certs/client-cert.der, "
- "Please run from wolfSSL home dir", -4);
- return ERR_BASE_PKEY-4;
- }
- pubBytes = (int)XFREAD(pubTmp, 1, (int)FOURK_BUFF, keypubFile);
- XFCLOSE(keypubFile);
- #endif /* USE_CERT_BUFFERS */
- prvRsa = wolfSSL_RSA_new();
- pubRsa = wolfSSL_RSA_new();
- if((prvRsa == NULL) || (pubRsa == NULL)){
- printf("error with RSA_new\n");
- ret = ERR_BASE_PKEY-10;
- goto openssl_pkey0_test_done;
- }
- ret = wolfSSL_RSA_LoadDer_ex(prvRsa, prvTmp, prvBytes, WOLFSSL_RSA_LOAD_PRIVATE);
- if(ret != SSL_SUCCESS){
- printf("error with RSA_LoadDer_ex\n");
- ret = ERR_BASE_PKEY-11;
- goto openssl_pkey0_test_done;
- }
- ret = wolfSSL_RSA_LoadDer_ex(pubRsa, pubTmp, pubBytes, WOLFSSL_RSA_LOAD_PUBLIC);
- if(ret != SSL_SUCCESS){
- printf("error with RSA_LoadDer_ex\n");
- ret = ERR_BASE_PKEY-12;
- goto openssl_pkey0_test_done;
- }
- keySz = (size_t)RSA_size(pubRsa);
- prvPkey = wolfSSL_EVP_PKEY_new();
- pubPkey = wolfSSL_EVP_PKEY_new();
- if((prvPkey == NULL) || (pubPkey == NULL)){
- printf("error with PKEY_new\n");
- ret = ERR_BASE_PKEY-13;
- goto openssl_pkey0_test_done;
- }
- ret = wolfSSL_EVP_PKEY_set1_RSA(prvPkey, prvRsa);
- ret += wolfSSL_EVP_PKEY_set1_RSA(pubPkey, pubRsa);
- if(ret != 2){
- printf("error with PKEY_set1_RSA\n");
- ret = ERR_BASE_PKEY-14;
- goto openssl_pkey0_test_done;
- }
- dec = EVP_PKEY_CTX_new(prvPkey, NULL);
- enc = EVP_PKEY_CTX_new(pubPkey, NULL);
- if((dec == NULL)||(enc==NULL)){
- printf("error with EVP_PKEY_CTX_new\n");
- ret = ERR_BASE_PKEY-15;
- goto openssl_pkey0_test_done;
- }
- ret = EVP_PKEY_decrypt_init(dec);
- if (ret != 1) {
- printf("error with decrypt init\n");
- ret = ERR_BASE_PKEY-16;
- goto openssl_pkey0_test_done;
- }
- ret = EVP_PKEY_encrypt_init(enc);
- if (ret != 1) {
- printf("error with encrypt init\n");
- ret = ERR_BASE_PKEY-17;
- goto openssl_pkey0_test_done;
- }
- XMEMSET(out, 0, sizeof(out));
- ret = EVP_PKEY_encrypt(enc, out, &outlen, in, sizeof(in));
- if (ret != 1) {
- printf("error encrypting msg\n");
- ret = ERR_BASE_PKEY-18;
- goto openssl_pkey0_test_done;
- }
- show("encrypted msg", out, outlen);
- XMEMSET(plain, 0, sizeof(plain));
- ret = EVP_PKEY_decrypt(dec, plain, &outlen, out, keySz);
- if (ret != 1) {
- printf("error decrypting msg\n");
- ret = ERR_BASE_PKEY-19;
- goto openssl_pkey0_test_done;
- }
- show("decrypted msg", plain, outlen);
- /* RSA_PKCS1_OAEP_PADDING test */
- ret = EVP_PKEY_decrypt_init(dec);
- if (ret != 1) {
- printf("error with decrypt init\n");
- ret = ERR_BASE_PKEY-30;
- goto openssl_pkey0_test_done;
- }
- ret = EVP_PKEY_encrypt_init(enc);
- if (ret != 1) {
- printf("error with encrypt init\n");
- ret = ERR_BASE_PKEY-31;
- goto openssl_pkey0_test_done;
- }
- if (EVP_PKEY_CTX_set_rsa_padding(dec, RSA_PKCS1_PADDING) <= 0) {
- printf("first set rsa padding error\n");
- ret = ERR_BASE_PKEY-32;
- goto openssl_pkey0_test_done;
- }
- #ifndef HAVE_FIPS
- if (EVP_PKEY_CTX_set_rsa_padding(dec, RSA_PKCS1_OAEP_PADDING) <= 0){
- printf("second set rsa padding error\n");
- ret = ERR_BASE_PKEY-33;
- goto openssl_pkey0_test_done;
- }
- if (EVP_PKEY_CTX_set_rsa_padding(enc, RSA_PKCS1_OAEP_PADDING) <= 0) {
- printf("third set rsa padding error\n");
- ret = ERR_BASE_PKEY-34;
- goto openssl_pkey0_test_done;
- }
- #endif
- XMEMSET(out, 0, sizeof(out));
- ret = EVP_PKEY_encrypt(enc, out, &outlen, in, sizeof(in));
- if (ret != 1) {
- printf("error encrypting msg\n");
- ret = ERR_BASE_PKEY-35;
- goto openssl_pkey0_test_done;
- }
- show("encrypted msg", out, outlen);
- XMEMSET(plain, 0, sizeof(plain));
- ret = EVP_PKEY_decrypt(dec, plain, &outlen, out, keySz);
- if (ret != 1) {
- printf("error decrypting msg\n");
- ret = ERR_BASE_PKEY-36;
- goto openssl_pkey0_test_done;
- }
- show("decrypted msg", plain, outlen);
- ret = 0; /* made it to this point without error then set success */
- openssl_pkey0_test_done:
- wolfSSL_RSA_free(prvRsa);
- wolfSSL_RSA_free(pubRsa);
- EVP_PKEY_free(pubPkey);
- EVP_PKEY_free(prvPkey);
- EVP_PKEY_CTX_free(dec);
- EVP_PKEY_CTX_free(enc);
- XFREE(prvTmp, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- XFREE(pubTmp, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- #endif /* NO_RSA */
- return ret;
- }
- WOLFSSL_TEST_SUBROUTINE int openssl_pkey1_test(void)
- {
- int ret = 0;
- #if !defined(NO_FILESYSTEM) && !defined(NO_RSA) && !defined(HAVE_USER_RSA) && \
- !defined(NO_SHA)
- EVP_PKEY_CTX* dec = NULL;
- EVP_PKEY_CTX* enc = NULL;
- EVP_PKEY* pubKey = NULL;
- EVP_PKEY* prvKey = NULL;
- X509* x509 = NULL;
- WOLFSSL_SMALL_STACK_STATIC const unsigned char msg[] = "sugar slapped";
- const unsigned char* clikey;
- long cliKeySz;
- size_t outlen;
- int keyLenBits = 2048;
- #ifdef WOLFSSL_SMALL_STACK
- unsigned char *tmp = (unsigned char *)XMALLOC(FOURK_BUF, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- unsigned char *cipher = (unsigned char *)XMALLOC(RSA_TEST_BYTES, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- unsigned char *plain = (unsigned char *)XMALLOC(RSA_TEST_BYTES, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- if ((tmp == NULL) ||
- (cipher == NULL) ||
- (plain == NULL)) {
- ret = -9015;
- goto openssl_pkey1_test_done;
- }
- #else
- unsigned char tmp[FOURK_BUF];
- unsigned char cipher[RSA_TEST_BYTES];
- unsigned char plain[RSA_TEST_BYTES];
- #endif
- #if defined(USE_CERT_BUFFERS_1024)
- XMEMCPY(tmp, client_key_der_1024, sizeof_client_key_der_1024);
- cliKeySz = (long)sizeof_client_key_der_1024;
- x509 = wolfSSL_X509_load_certificate_buffer(client_cert_der_1024,
- sizeof_client_cert_der_1024, SSL_FILETYPE_ASN1);
- keyLenBits = 1024;
- #elif defined(USE_CERT_BUFFERS_2048)
- XMEMCPY(tmp, client_key_der_2048, sizeof_client_key_der_2048);
- cliKeySz = (long)sizeof_client_key_der_2048;
- x509 = wolfSSL_X509_load_certificate_buffer(client_cert_der_2048,
- sizeof_client_cert_der_2048, SSL_FILETYPE_ASN1);
- #elif defined(USE_CERT_BUFFERS_3072)
- XMEMCPY(tmp, client_key_der_3072, sizeof_client_key_der_3072);
- cliKeySz = (long)sizeof_client_key_der_3072;
- x509 = wolfSSL_X509_load_certificate_buffer(client_cert_der_3072,
- sizeof_client_cert_der_3072, SSL_FILETYPE_ASN1);
- keyLenBits = 3072;
- #elif defined(USE_CERT_BUFFERS_4096)
- XMEMCPY(tmp, client_key_der_4096, sizeof_client_key_der_4096);
- cliKeySz = (long)sizeof_client_key_der_4096;
- x509 = wolfSSL_X509_load_certificate_buffer(client_cert_der_4096,
- sizeof_client_cert_der_4096, SSL_FILETYPE_ASN1);
- keyLenBits = 4096;
- #else
- XFILE f;
- f = XFOPEN(clientKey, "rb");
- if (!f) {
- err_sys("can't open ./certs/client-key.der, "
- "Please run from wolfSSL home dir", -41);
- ret = -9000;
- goto openssl_pkey1_test_done;
- }
- cliKeySz = (long)XFREAD(tmp, 1, FOURK_BUF, f);
- XFCLOSE(f);
- /* using existing wolfSSL api to get public and private key */
- x509 = wolfSSL_X509_load_certificate_file(clientCert, SSL_FILETYPE_ASN1);
- #endif /* USE_CERT_BUFFERS */
- clikey = tmp;
- if ((prvKey = EVP_PKEY_new()) == NULL) {
- ret = -9001;
- goto openssl_pkey1_test_done;
- }
- EVP_PKEY_free(prvKey);
- prvKey = NULL;
- if (x509 == NULL) {
- ret = -9002;
- goto openssl_pkey1_test_done;
- }
- pubKey = X509_get_pubkey(x509);
- if (pubKey == NULL) {
- ret = -9003;
- goto openssl_pkey1_test_done;
- }
- prvKey = d2i_PrivateKey(EVP_PKEY_RSA, NULL, &clikey, cliKeySz);
- if (prvKey == NULL) {
- ret = -9004;
- goto openssl_pkey1_test_done;
- }
- /* phase 2 API to create EVP_PKEY_CTX and encrypt/decrypt */
- if (EVP_PKEY_bits(prvKey) != keyLenBits) {
- ret = -9005;
- goto openssl_pkey1_test_done;
- }
- if (EVP_PKEY_size(prvKey) != keyLenBits/8) {
- ret = -9006;
- goto openssl_pkey1_test_done;
- }
- dec = EVP_PKEY_CTX_new(prvKey, NULL);
- enc = EVP_PKEY_CTX_new(pubKey, NULL);
- if (dec == NULL || enc == NULL) {
- ret = -9007;
- goto openssl_pkey1_test_done;
- }
- if (EVP_PKEY_decrypt_init(dec) != 1) {
- ret = -9008;
- goto openssl_pkey1_test_done;
- }
- if (EVP_PKEY_encrypt_init(enc) != 1) {
- ret = -9009;
- goto openssl_pkey1_test_done;
- }
- if (EVP_PKEY_CTX_set_rsa_padding(dec, RSA_PKCS1_PADDING) <= 0) {
- ret = -9010;
- goto openssl_pkey1_test_done;
- }
- #ifndef HAVE_FIPS
- if (EVP_PKEY_CTX_set_rsa_padding(dec, RSA_PKCS1_OAEP_PADDING) <= 0){
- ret = -9011;
- goto openssl_pkey1_test_done;
- }
- if (EVP_PKEY_CTX_set_rsa_padding(enc, RSA_PKCS1_OAEP_PADDING) <= 0) {
- ret = -9012;
- goto openssl_pkey1_test_done;
- }
- #endif
- XMEMSET(cipher, 0, RSA_TEST_BYTES);
- outlen = keyLenBits/8;
- if (EVP_PKEY_encrypt(enc, cipher, &outlen, msg, sizeof(msg)) < 0) {
- ret = -9013;
- goto openssl_pkey1_test_done;
- }
- XMEMSET(plain, 0, RSA_TEST_BYTES);
- if (EVP_PKEY_decrypt(dec, plain, &outlen, cipher, outlen) != 1) {
- ret = -9014;
- goto openssl_pkey1_test_done;
- }
- openssl_pkey1_test_done:
- if (pubKey != NULL) {
- EVP_PKEY_free(pubKey);
- }
- if (prvKey != NULL) {
- EVP_PKEY_free(prvKey);
- }
- if (dec != NULL) {
- EVP_PKEY_CTX_free(dec);
- }
- if (enc != NULL) {
- EVP_PKEY_CTX_free(enc);
- }
- if (x509 != NULL) {
- X509_free(x509);
- }
- #ifdef WOLFSSL_SMALL_STACK
- if (tmp != NULL)
- XFREE(tmp, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- if (cipher != NULL)
- XFREE(cipher, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- if (plain != NULL)
- XFREE(plain, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- #endif
- #endif
- return ret;
- }
- #define ERR_BASE_EVPSIG -5100
- WOLFSSL_TEST_SUBROUTINE int openssl_evpSig_test(void)
- {
- #if !defined(NO_RSA) && !defined(NO_SHA) && !defined(HAVE_USER_RSA)
- byte* prvTmp;
- byte* pubTmp;
- int prvBytes;
- int pubBytes;
- RSA *prvRsa;
- RSA *pubRsa;
- EVP_PKEY *prvPkey;
- EVP_PKEY *pubPkey;
- EVP_MD_CTX* sign;
- EVP_MD_CTX* verf;
- char msg[] = "see spot run";
- unsigned char sig[256];
- unsigned int sigSz;
- const void* pt;
- unsigned int count;
- int ret, ret1, ret2;
- #if !defined(USE_CERT_BUFFERS_1024) && !defined(USE_CERT_BUFFERS_2048)
- XFILE keyFile;
- XFILE keypubFile;
- char cliKey[] = "./certs/client-key.der";
- char cliKeypub[] = "./certs/client-keyPub.der";
- #endif
- prvTmp = (byte*)XMALLOC(FOURK_BUFF, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- if (prvTmp == NULL)
- return ERR_BASE_EVPSIG-1;
- pubTmp = (byte*)XMALLOC(FOURK_BUFF, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- if (pubTmp == NULL) {
- XFREE(prvTmp, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- return ERR_BASE_EVPSIG-2;
- }
- #ifdef USE_CERT_BUFFERS_1024
- XMEMCPY(prvTmp, client_key_der_1024, sizeof_client_key_der_1024);
- prvBytes = sizeof_client_key_der_1024;
- XMEMCPY(pubTmp, client_keypub_der_1024, sizeof_client_keypub_der_1024);
- pubBytes = sizeof_client_keypub_der_1024;
- #elif defined(USE_CERT_BUFFERS_2048)
- XMEMCPY(prvTmp, client_key_der_2048, sizeof_client_key_der_2048);
- prvBytes = sizeof_client_key_der_2048;
- XMEMCPY(pubTmp, client_keypub_der_2048, sizeof_client_keypub_der_2048);
- pubBytes = sizeof_client_keypub_der_2048;
- #else
- keyFile = XFOPEN(cliKey, "rb");
- if (!keyFile) {
- XFREE(pubTmp, HEAP_HINT ,DYNAMIC_TYPE_TMP_BUFFER);
- XFREE(prvTmp, HEAP_HINT ,DYNAMIC_TYPE_TMP_BUFFER);
- err_sys("can't open ./certs/client-key.der, "
- "Please run from wolfSSL home dir", -40);
- return ERR_BASE_EVPSIG-3;
- }
- prvBytes = (int)XFREAD(prvTmp, 1, (int)FOURK_BUFF, keyFile);
- XFCLOSE(keyFile);
- keypubFile = XFOPEN(cliKeypub, "rb");
- if (!keypubFile) {
- XFREE(pubTmp, HEAP_HINT ,DYNAMIC_TYPE_TMP_BUFFER);
- XFREE(prvTmp, HEAP_HINT ,DYNAMIC_TYPE_TMP_BUFFER);
- err_sys("can't open ./certs/client-cert.der, "
- "Please run from wolfSSL home dir", -41);
- return ERR_BASE_EVPSIG-4;
- }
- pubBytes = (int)XFREAD(pubTmp, 1, (int)FOURK_BUFF, keypubFile);
- XFCLOSE(keypubFile);
- #endif /* USE_CERT_BUFFERS */
- prvRsa = wolfSSL_RSA_new();
- pubRsa = wolfSSL_RSA_new();
- if((prvRsa == NULL) || (pubRsa == NULL)){
- XFREE(pubTmp, HEAP_HINT ,DYNAMIC_TYPE_TMP_BUFFER);
- XFREE(prvTmp, HEAP_HINT ,DYNAMIC_TYPE_TMP_BUFFER);
- err_sys("ERROR with RSA_new", -9100);
- return ERR_BASE_EVPSIG-5;
- }
- ret1 = wolfSSL_RSA_LoadDer_ex(prvRsa, prvTmp, prvBytes, WOLFSSL_RSA_LOAD_PRIVATE);
- ret2 = wolfSSL_RSA_LoadDer_ex(pubRsa, pubTmp, pubBytes, WOLFSSL_RSA_LOAD_PUBLIC);
- if((ret1 != SSL_SUCCESS) || (ret2 != SSL_SUCCESS)){
- printf("error with RSA_LoadDer_ex\n");
- return ERR_BASE_EVPSIG-6;
- }
- prvPkey = wolfSSL_EVP_PKEY_new();
- pubPkey = wolfSSL_EVP_PKEY_new();
- if((prvPkey == NULL) || (pubPkey == NULL)){
- XFREE(pubTmp, HEAP_HINT ,DYNAMIC_TYPE_TMP_BUFFER);
- XFREE(prvTmp, HEAP_HINT ,DYNAMIC_TYPE_TMP_BUFFER);
- printf("error with KEY_new\n");
- return ERR_BASE_EVPSIG-7;
- }
- ret1 = wolfSSL_EVP_PKEY_set1_RSA(prvPkey, prvRsa);
- ret2 = wolfSSL_EVP_PKEY_set1_RSA(pubPkey, pubRsa);
- if((ret1 != 1) || (ret2 != 1)){
- XFREE(pubTmp, HEAP_HINT ,DYNAMIC_TYPE_TMP_BUFFER);
- XFREE(prvTmp, HEAP_HINT ,DYNAMIC_TYPE_TMP_BUFFER);
- printf("error with EVP_PKEY_set1_RSA\n");
- return ERR_BASE_EVPSIG-8;
- }
- /****************** sign and verify *******************/
- sign = EVP_MD_CTX_create();
- verf = EVP_MD_CTX_create();
- if((sign == NULL)||(verf == NULL)){
- printf("error with EVP_MD_CTX_create\n");
- EVP_MD_CTX_destroy(sign);
- EVP_MD_CTX_destroy(verf);
- return ERR_BASE_EVPSIG-10;
- }
- ret = EVP_SignInit(sign, EVP_sha1());
- if (ret != SSL_SUCCESS){
- printf("error with EVP_SignInit\n");
- EVP_MD_CTX_destroy(sign);
- EVP_MD_CTX_destroy(verf);
- return ERR_BASE_EVPSIG-11;
- }
- count = sizeof(msg);
- show("message = ", (char *)msg, count);
- /* sign */
- XMEMSET(sig, 0, sizeof(sig));
- pt = (const void*)msg;
- ret1 = EVP_SignUpdate(sign, pt, count);
- ret2 = EVP_SignFinal(sign, sig, &sigSz, prvPkey);
- if((ret1 != SSL_SUCCESS) || (ret2 != SSL_SUCCESS)){
- XFREE(pubTmp, HEAP_HINT ,DYNAMIC_TYPE_TMP_BUFFER);
- XFREE(prvTmp, HEAP_HINT ,DYNAMIC_TYPE_TMP_BUFFER);
- EVP_MD_CTX_destroy(sign);
- EVP_MD_CTX_destroy(verf);
- printf("error with EVP_MD_CTX_create\n");
- return ERR_BASE_EVPSIG-12;
- }
- show("signature = ", (char *)sig, sigSz);
- /* verify */
- pt = (const void*)msg;
- ret1 = EVP_VerifyInit(verf, EVP_sha1());
- ret2 = EVP_VerifyUpdate(verf, pt, count);
- if((ret1 != SSL_SUCCESS) || (ret2 != SSL_SUCCESS)){
- XFREE(pubTmp, HEAP_HINT ,DYNAMIC_TYPE_TMP_BUFFER);
- XFREE(prvTmp, HEAP_HINT ,DYNAMIC_TYPE_TMP_BUFFER);
- EVP_MD_CTX_destroy(sign);
- EVP_MD_CTX_destroy(verf);
- printf("error with EVP_Verify\n");
- return ERR_BASE_EVPSIG-13;
- }
- if (EVP_VerifyFinal(verf, sig, sigSz, pubPkey) != 1) {
- XFREE(pubTmp, HEAP_HINT ,DYNAMIC_TYPE_TMP_BUFFER);
- XFREE(prvTmp, HEAP_HINT ,DYNAMIC_TYPE_TMP_BUFFER);
- EVP_MD_CTX_destroy(sign);
- EVP_MD_CTX_destroy(verf);
- printf("error with EVP_VerifyFinal\n");
- return ERR_BASE_EVPSIG-14;
- }
- /* expect fail without update */
- EVP_VerifyInit(verf, EVP_sha1());
- if (EVP_VerifyFinal(verf, sig, sigSz, pubPkey) == 1) {
- XFREE(pubTmp, HEAP_HINT ,DYNAMIC_TYPE_TMP_BUFFER);
- XFREE(prvTmp, HEAP_HINT ,DYNAMIC_TYPE_TMP_BUFFER);
- EVP_MD_CTX_destroy(sign);
- EVP_MD_CTX_destroy(verf);
- printf("EVP_VerifyInit without update not detected\n");
- return ERR_BASE_EVPSIG-15;
- }
- XFREE(pubTmp, HEAP_HINT ,DYNAMIC_TYPE_TMP_BUFFER);
- XFREE(prvTmp, HEAP_HINT ,DYNAMIC_TYPE_TMP_BUFFER);
- EVP_MD_CTX_destroy(sign);
- EVP_MD_CTX_destroy(verf);
- wolfSSL_RSA_free(prvRsa);
- wolfSSL_RSA_free(pubRsa);
- EVP_PKEY_free(pubPkey);
- EVP_PKEY_free(prvPkey);
- #endif /* NO_RSA */
- return 0;
- }
- #endif /* OPENSSL_EXTRA */
- #ifndef NO_PWDBASED
- #ifdef HAVE_SCRYPT
- /* Test vectors taken from RFC 7914: scrypt PBKDF - Section 12. */
- WOLFSSL_TEST_SUBROUTINE int scrypt_test(void)
- {
- #ifdef HAVE_FIPS
- /* RFC 7914 test vector keys are too short for FIPS. */
- #else
- int ret;
- byte derived[64];
- WOLFSSL_SMALL_STACK_STATIC const byte verify1[] = {
- 0x77, 0xd6, 0x57, 0x62, 0x38, 0x65, 0x7b, 0x20,
- 0x3b, 0x19, 0xca, 0x42, 0xc1, 0x8a, 0x04, 0x97,
- 0xf1, 0x6b, 0x48, 0x44, 0xe3, 0x07, 0x4a, 0xe8,
- 0xdf, 0xdf, 0xfa, 0x3f, 0xed, 0xe2, 0x14, 0x42,
- 0xfc, 0xd0, 0x06, 0x9d, 0xed, 0x09, 0x48, 0xf8,
- 0x32, 0x6a, 0x75, 0x3a, 0x0f, 0xc8, 0x1f, 0x17,
- 0xe8, 0xd3, 0xe0, 0xfb, 0x2e, 0x0d, 0x36, 0x28,
- 0xcf, 0x35, 0xe2, 0x0c, 0x38, 0xd1, 0x89, 0x06
- };
- WOLFSSL_SMALL_STACK_STATIC const byte verify2[] = {
- 0xfd, 0xba, 0xbe, 0x1c, 0x9d, 0x34, 0x72, 0x00,
- 0x78, 0x56, 0xe7, 0x19, 0x0d, 0x01, 0xe9, 0xfe,
- 0x7c, 0x6a, 0xd7, 0xcb, 0xc8, 0x23, 0x78, 0x30,
- 0xe7, 0x73, 0x76, 0x63, 0x4b, 0x37, 0x31, 0x62,
- 0x2e, 0xaf, 0x30, 0xd9, 0x2e, 0x22, 0xa3, 0x88,
- 0x6f, 0xf1, 0x09, 0x27, 0x9d, 0x98, 0x30, 0xda,
- 0xc7, 0x27, 0xaf, 0xb9, 0x4a, 0x83, 0xee, 0x6d,
- 0x83, 0x60, 0xcb, 0xdf, 0xa2, 0xcc, 0x06, 0x40
- };
- #if !defined(BENCH_EMBEDDED) && !defined(WOLFSSL_LINUXKM) && !defined(HAVE_INTEL_QA)
- WOLFSSL_SMALL_STACK_STATIC const byte verify3[] = {
- 0x70, 0x23, 0xbd, 0xcb, 0x3a, 0xfd, 0x73, 0x48,
- 0x46, 0x1c, 0x06, 0xcd, 0x81, 0xfd, 0x38, 0xeb,
- 0xfd, 0xa8, 0xfb, 0xba, 0x90, 0x4f, 0x8e, 0x3e,
- 0xa9, 0xb5, 0x43, 0xf6, 0x54, 0x5d, 0xa1, 0xf2,
- 0xd5, 0x43, 0x29, 0x55, 0x61, 0x3f, 0x0f, 0xcf,
- 0x62, 0xd4, 0x97, 0x05, 0x24, 0x2a, 0x9a, 0xf9,
- 0xe6, 0x1e, 0x85, 0xdc, 0x0d, 0x65, 0x1e, 0x40,
- 0xdf, 0xcf, 0x01, 0x7b, 0x45, 0x57, 0x58, 0x87
- };
- #endif
- #ifdef SCRYPT_TEST_ALL
- /* Test case is very slow.
- * Use for confirmation after code change or new platform.
- */
- WOLFSSL_SMALL_STACK_STATIC const byte verify4[] = {
- 0x21, 0x01, 0xcb, 0x9b, 0x6a, 0x51, 0x1a, 0xae,
- 0xad, 0xdb, 0xbe, 0x09, 0xcf, 0x70, 0xf8, 0x81,
- 0xec, 0x56, 0x8d, 0x57, 0x4a, 0x2f, 0xfd, 0x4d,
- 0xab, 0xe5, 0xee, 0x98, 0x20, 0xad, 0xaa, 0x47,
- 0x8e, 0x56, 0xfd, 0x8f, 0x4b, 0xa5, 0xd0, 0x9f,
- 0xfa, 0x1c, 0x6d, 0x92, 0x7c, 0x40, 0xf4, 0xc3,
- 0x37, 0x30, 0x40, 0x49, 0xe8, 0xa9, 0x52, 0xfb,
- 0xcb, 0xf4, 0x5c, 0x6f, 0xa7, 0x7a, 0x41, 0xa4
- };
- #endif
- ret = wc_scrypt(derived, NULL, 0, NULL, 0, 4, 1, 1, sizeof(verify1));
- if (ret != 0)
- return -9200;
- if (XMEMCMP(derived, verify1, sizeof(verify1)) != 0)
- return -9201;
- ret = wc_scrypt(derived, (byte*)"password", 8, (byte*)"NaCl", 4, 10, 8, 16,
- sizeof(verify2));
- if (ret != 0)
- return -9202;
- if (XMEMCMP(derived, verify2, sizeof(verify2)) != 0)
- return -9203;
- /* Don't run these test on embedded, since they use large mallocs */
- #if !defined(BENCH_EMBEDDED) && !defined(WOLFSSL_LINUXKM) && !defined(HAVE_INTEL_QA)
- ret = wc_scrypt(derived, (byte*)"pleaseletmein", 13,
- (byte*)"SodiumChloride", 14, 14, 8, 1, sizeof(verify3));
- if (ret != 0)
- return -9204;
- if (XMEMCMP(derived, verify3, sizeof(verify3)) != 0)
- return -9205;
- #ifdef SCRYPT_TEST_ALL
- ret = wc_scrypt(derived, (byte*)"pleaseletmein", 13,
- (byte*)"SodiumChloride", 14, 20, 8, 1, sizeof(verify4));
- if (ret != 0)
- return -9206;
- if (XMEMCMP(derived, verify4, sizeof(verify4)) != 0)
- return -9207;
- #endif
- #endif /* !BENCH_EMBEDDED && !defined(WOLFSSL_LINUXKM) && !HAVE_INTEL_QA */
- ret = wc_scrypt_ex(derived, (byte*)"password", 8, (byte*)"NaCl", 4, 1<<10,
- 8, 16, sizeof(verify2));
- if (ret != 0)
- return -9208;
- if (XMEMCMP(derived, verify2, sizeof(verify2)) != 0)
- return -9209;
- #endif /* !HAVE_FIPS */
- return 0;
- }
- #endif
- #ifdef HAVE_PKCS12
- WOLFSSL_TEST_SUBROUTINE int pkcs12_test(void)
- {
- WOLFSSL_SMALL_STACK_STATIC const byte passwd[] = { 0x00, 0x73, 0x00, 0x6d, 0x00, 0x65, 0x00, 0x67,
- 0x00, 0x00 };
- WOLFSSL_SMALL_STACK_STATIC const byte salt[] = { 0x0a, 0x58, 0xCF, 0x64, 0x53, 0x0d, 0x82, 0x3f };
- WOLFSSL_SMALL_STACK_STATIC const byte passwd2[] = { 0x00, 0x71, 0x00, 0x75, 0x00, 0x65, 0x00, 0x65,
- 0x00, 0x67, 0x00, 0x00 };
- WOLFSSL_SMALL_STACK_STATIC const byte salt2[] = { 0x16, 0x82, 0xC0, 0xfC, 0x5b, 0x3f, 0x7e, 0xc5 };
- byte derived[64];
- WOLFSSL_SMALL_STACK_STATIC const byte verify[] = {
- 0x27, 0xE9, 0x0D, 0x7E, 0xD5, 0xA1, 0xC4, 0x11,
- 0xBA, 0x87, 0x8B, 0xC0, 0x90, 0xF5, 0xCE, 0xBE,
- 0x5E, 0x9D, 0x5F, 0xE3, 0xD6, 0x2B, 0x73, 0xAA
- };
- WOLFSSL_SMALL_STACK_STATIC const byte verify2[] = {
- 0x90, 0x1B, 0x49, 0x70, 0xF0, 0x94, 0xF0, 0xF8,
- 0x45, 0xC0, 0xF3, 0xF3, 0x13, 0x59, 0x18, 0x6A,
- 0x35, 0xE3, 0x67, 0xFE, 0xD3, 0x21, 0xFD, 0x7C
- };
- int id = 1;
- int kLen = 24;
- int iterations = 1;
- int ret = wc_PKCS12_PBKDF(derived, passwd, sizeof(passwd), salt, 8,
- iterations, kLen, WC_SHA256, id);
- if (ret < 0)
- return -9300;
- if (XMEMCMP(derived, verify, kLen) != 0)
- return -9301;
- iterations = 1000;
- ret = wc_PKCS12_PBKDF(derived, passwd2, sizeof(passwd2), salt2, 8,
- iterations, kLen, WC_SHA256, id);
- if (ret < 0)
- return -9302;
- ret = wc_PKCS12_PBKDF_ex(derived, passwd2, sizeof(passwd2), salt2, 8,
- iterations, kLen, WC_SHA256, id, HEAP_HINT);
- if (ret < 0)
- return -9303;
- if (XMEMCMP(derived, verify2, 24) != 0)
- return -9304;
- return 0;
- }
- #endif /* HAVE_PKCS12 */
- #if defined(HAVE_PBKDF2) && !defined(NO_SHA256)
- WOLFSSL_TEST_SUBROUTINE int pbkdf2_test(void)
- {
- char passwd[] = "passwordpassword";
- WOLFSSL_SMALL_STACK_STATIC const byte salt[] = { 0x78, 0x57, 0x8E, 0x5a, 0x5d, 0x63, 0xcb, 0x06 };
- int iterations = 2048;
- int kLen = 24;
- byte derived[64];
- WOLFSSL_SMALL_STACK_STATIC const byte verify[] = {
- 0x43, 0x6d, 0xb5, 0xe8, 0xd0, 0xfb, 0x3f, 0x35, 0x42, 0x48, 0x39, 0xbc,
- 0x2d, 0xd4, 0xf9, 0x37, 0xd4, 0x95, 0x16, 0xa7, 0x2a, 0x9a, 0x21, 0xd1
- };
- int ret = wc_PBKDF2_ex(derived, (byte*)passwd, (int)XSTRLEN(passwd), salt,
- (int)sizeof(salt), iterations, kLen, WC_SHA256, HEAP_HINT, devId);
- if (ret != 0)
- return ret;
- if (XMEMCMP(derived, verify, sizeof(verify)) != 0)
- return -9400;
- return 0;
- }
- #endif /* HAVE_PBKDF2 && !NO_SHA256 */
- #if defined(HAVE_PBKDF1) && !defined(NO_SHA)
- WOLFSSL_TEST_SUBROUTINE int pbkdf1_test(void)
- {
- char passwd[] = "password";
- WOLFSSL_SMALL_STACK_STATIC const byte salt[] = { 0x78, 0x57, 0x8E, 0x5a, 0x5d, 0x63, 0xcb, 0x06 };
- int iterations = 1000;
- int kLen = 16;
- byte derived[16];
- WOLFSSL_SMALL_STACK_STATIC const byte verify[] = {
- 0xDC, 0x19, 0x84, 0x7E, 0x05, 0xC6, 0x4D, 0x2F,
- 0xAF, 0x10, 0xEB, 0xFB, 0x4A, 0x3D, 0x2A, 0x20
- };
- int ret = wc_PBKDF1_ex(derived, kLen, NULL, 0, (byte*)passwd,
- (int)XSTRLEN(passwd), salt, (int)sizeof(salt), iterations, WC_SHA,
- HEAP_HINT);
- if (ret != 0)
- return ret;
- if (XMEMCMP(derived, verify, sizeof(verify)) != 0)
- return -9500;
- return 0;
- }
- #endif /* HAVE_PBKDF2 && !NO_SHA */
- WOLFSSL_TEST_SUBROUTINE int pwdbased_test(void)
- {
- int ret = 0;
- #if defined(HAVE_PBKDF1) && !defined(NO_SHA)
- ret = pbkdf1_test();
- if (ret != 0)
- return ret;
- #endif
- #if defined(HAVE_PBKDF2) && !defined(NO_SHA256)
- ret = pbkdf2_test();
- if (ret != 0)
- return ret;
- #endif
- #ifdef HAVE_PKCS12
- ret = pkcs12_test();
- if (ret != 0)
- return ret;
- #endif
- #ifdef HAVE_SCRYPT
- ret = scrypt_test();
- if (ret != 0)
- return ret;
- #endif
- return ret;
- }
- #endif /* NO_PWDBASED */
- #if defined(HAVE_HKDF) && (!defined(NO_SHA) || !defined(NO_SHA256))
- /* WOLFSSL_TEST_SUBROUTINE */ static int hkdf_test(void)
- {
- int ret;
- int L = 42;
- byte okm1[42];
- byte ikm1[22] = { 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b,
- 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b,
- 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b };
- byte salt1[13] ={ 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
- 0x08, 0x09, 0x0a, 0x0b, 0x0c };
- byte info1[10] ={ 0xf0, 0xf1, 0xf2, 0xf3, 0xf4, 0xf5, 0xf6, 0xf7,
- 0xf8, 0xf9 };
- byte res1[42] = { 0x0a, 0xc1, 0xaf, 0x70, 0x02, 0xb3, 0xd7, 0x61,
- 0xd1, 0xe5, 0x52, 0x98, 0xda, 0x9d, 0x05, 0x06,
- 0xb9, 0xae, 0x52, 0x05, 0x72, 0x20, 0xa3, 0x06,
- 0xe0, 0x7b, 0x6b, 0x87, 0xe8, 0xdf, 0x21, 0xd0,
- 0xea, 0x00, 0x03, 0x3d, 0xe0, 0x39, 0x84, 0xd3,
- 0x49, 0x18 };
- byte res2[42] = { 0x08, 0x5a, 0x01, 0xea, 0x1b, 0x10, 0xf3, 0x69,
- 0x33, 0x06, 0x8b, 0x56, 0xef, 0xa5, 0xad, 0x81,
- 0xa4, 0xf1, 0x4b, 0x82, 0x2f, 0x5b, 0x09, 0x15,
- 0x68, 0xa9, 0xcd, 0xd4, 0xf1, 0x55, 0xfd, 0xa2,
- 0xc2, 0x2e, 0x42, 0x24, 0x78, 0xd3, 0x05, 0xf3,
- 0xf8, 0x96 };
- byte res3[42] = { 0x8d, 0xa4, 0xe7, 0x75, 0xa5, 0x63, 0xc1, 0x8f,
- 0x71, 0x5f, 0x80, 0x2a, 0x06, 0x3c, 0x5a, 0x31,
- 0xb8, 0xa1, 0x1f, 0x5c, 0x5e, 0xe1, 0x87, 0x9e,
- 0xc3, 0x45, 0x4e, 0x5f, 0x3c, 0x73, 0x8d, 0x2d,
- 0x9d, 0x20, 0x13, 0x95, 0xfa, 0xa4, 0xb6, 0x1a,
- 0x96, 0xc8 };
- byte res4[42] = { 0x3c, 0xb2, 0x5f, 0x25, 0xfa, 0xac, 0xd5, 0x7a,
- 0x90, 0x43, 0x4f, 0x64, 0xd0, 0x36, 0x2f, 0x2a,
- 0x2d, 0x2d, 0x0a, 0x90, 0xcf, 0x1a, 0x5a, 0x4c,
- 0x5d, 0xb0, 0x2d, 0x56, 0xec, 0xc4, 0xc5, 0xbf,
- 0x34, 0x00, 0x72, 0x08, 0xd5, 0xb8, 0x87, 0x18,
- 0x58, 0x65 };
- (void)res1;
- (void)res2;
- (void)res3;
- (void)res4;
- (void)salt1;
- (void)info1;
- #ifndef NO_SHA
- ret = wc_HKDF(WC_SHA, ikm1, 22, NULL, 0, NULL, 0, okm1, L);
- if (ret != 0)
- return -9700;
- if (XMEMCMP(okm1, res1, L) != 0)
- return -9701;
- #ifndef HAVE_FIPS
- /* fips can't have key size under 14 bytes, salt is key too */
- ret = wc_HKDF(WC_SHA, ikm1, 11, salt1, 13, info1, 10, okm1, L);
- if (ret != 0)
- return -9702;
- if (XMEMCMP(okm1, res2, L) != 0)
- return -9703;
- #endif /* HAVE_FIPS */
- #endif /* NO_SHA */
- #ifndef NO_SHA256
- ret = wc_HKDF(WC_SHA256, ikm1, 22, NULL, 0, NULL, 0, okm1, L);
- if (ret != 0)
- return -9704;
- if (XMEMCMP(okm1, res3, L) != 0)
- return -9705;
- #ifndef HAVE_FIPS
- /* fips can't have key size under 14 bytes, salt is key too */
- ret = wc_HKDF(WC_SHA256, ikm1, 22, salt1, 13, info1, 10, okm1, L);
- if (ret != 0)
- return -9706;
- if (XMEMCMP(okm1, res4, L) != 0)
- return -9707;
- #endif /* HAVE_FIPS */
- #endif /* NO_SHA256 */
- return 0;
- }
- #endif /* HAVE_HKDF */
- #if defined(HAVE_ECC) && defined(HAVE_X963_KDF)
- WOLFSSL_TEST_SUBROUTINE int x963kdf_test(void)
- {
- int ret;
- byte kek[128];
- #ifndef NO_SHA
- /* SHA-1, COUNT = 0
- * shared secret length: 192
- * SharedInfo length: 0
- * key data length: 128
- */
- WOLFSSL_SMALL_STACK_STATIC const byte Z[] = {
- 0x1c, 0x7d, 0x7b, 0x5f, 0x05, 0x97, 0xb0, 0x3d,
- 0x06, 0xa0, 0x18, 0x46, 0x6e, 0xd1, 0xa9, 0x3e,
- 0x30, 0xed, 0x4b, 0x04, 0xdc, 0x64, 0xcc, 0xdd
- };
- WOLFSSL_SMALL_STACK_STATIC const byte verify[] = {
- 0xbf, 0x71, 0xdf, 0xfd, 0x8f, 0x4d, 0x99, 0x22,
- 0x39, 0x36, 0xbe, 0xb4, 0x6f, 0xee, 0x8c, 0xcc
- };
- #endif
- #ifndef NO_SHA256
- /* SHA-256, COUNT = 3
- * shared secret length: 192
- * SharedInfo length: 0
- * key data length: 128
- */
- WOLFSSL_SMALL_STACK_STATIC const byte Z2[] = {
- 0xd3, 0x8b, 0xdb, 0xe5, 0xc4, 0xfc, 0x16, 0x4c,
- 0xdd, 0x96, 0x7f, 0x63, 0xc0, 0x4f, 0xe0, 0x7b,
- 0x60, 0xcd, 0xe8, 0x81, 0xc2, 0x46, 0x43, 0x8c
- };
- WOLFSSL_SMALL_STACK_STATIC const byte verify2[] = {
- 0x5e, 0x67, 0x4d, 0xb9, 0x71, 0xba, 0xc2, 0x0a,
- 0x80, 0xba, 0xd0, 0xd4, 0x51, 0x4d, 0xc4, 0x84
- };
- #endif
- #ifdef WOLFSSL_SHA512
- /* SHA-512, COUNT = 0
- * shared secret length: 192
- * SharedInfo length: 0
- * key data length: 128
- */
- WOLFSSL_SMALL_STACK_STATIC const byte Z3[] = {
- 0x87, 0xfc, 0x0d, 0x8c, 0x44, 0x77, 0x48, 0x5b,
- 0xb5, 0x74, 0xf5, 0xfc, 0xea, 0x26, 0x4b, 0x30,
- 0x88, 0x5d, 0xc8, 0xd9, 0x0a, 0xd8, 0x27, 0x82
- };
- WOLFSSL_SMALL_STACK_STATIC const byte verify3[] = {
- 0x94, 0x76, 0x65, 0xfb, 0xb9, 0x15, 0x21, 0x53,
- 0xef, 0x46, 0x02, 0x38, 0x50, 0x6a, 0x02, 0x45
- };
- /* SHA-512, COUNT = 0
- * shared secret length: 521
- * SharedInfo length: 128
- * key data length: 1024
- */
- WOLFSSL_SMALL_STACK_STATIC const byte Z4[] = {
- 0x00, 0xaa, 0x5b, 0xb7, 0x9b, 0x33, 0xe3, 0x89,
- 0xfa, 0x58, 0xce, 0xad, 0xc0, 0x47, 0x19, 0x7f,
- 0x14, 0xe7, 0x37, 0x12, 0xf4, 0x52, 0xca, 0xa9,
- 0xfc, 0x4c, 0x9a, 0xdb, 0x36, 0x93, 0x48, 0xb8,
- 0x15, 0x07, 0x39, 0x2f, 0x1a, 0x86, 0xdd, 0xfd,
- 0xb7, 0xc4, 0xff, 0x82, 0x31, 0xc4, 0xbd, 0x0f,
- 0x44, 0xe4, 0x4a, 0x1b, 0x55, 0xb1, 0x40, 0x47,
- 0x47, 0xa9, 0xe2, 0xe7, 0x53, 0xf5, 0x5e, 0xf0,
- 0x5a, 0x2d
- };
- WOLFSSL_SMALL_STACK_STATIC const byte info4[] = {
- 0xe3, 0xb5, 0xb4, 0xc1, 0xb0, 0xd5, 0xcf, 0x1d,
- 0x2b, 0x3a, 0x2f, 0x99, 0x37, 0x89, 0x5d, 0x31
- };
- WOLFSSL_SMALL_STACK_STATIC const byte verify4[] = {
- 0x44, 0x63, 0xf8, 0x69, 0xf3, 0xcc, 0x18, 0x76,
- 0x9b, 0x52, 0x26, 0x4b, 0x01, 0x12, 0xb5, 0x85,
- 0x8f, 0x7a, 0xd3, 0x2a, 0x5a, 0x2d, 0x96, 0xd8,
- 0xcf, 0xfa, 0xbf, 0x7f, 0xa7, 0x33, 0x63, 0x3d,
- 0x6e, 0x4d, 0xd2, 0xa5, 0x99, 0xac, 0xce, 0xb3,
- 0xea, 0x54, 0xa6, 0x21, 0x7c, 0xe0, 0xb5, 0x0e,
- 0xef, 0x4f, 0x6b, 0x40, 0xa5, 0xc3, 0x02, 0x50,
- 0xa5, 0xa8, 0xee, 0xee, 0x20, 0x80, 0x02, 0x26,
- 0x70, 0x89, 0xdb, 0xf3, 0x51, 0xf3, 0xf5, 0x02,
- 0x2a, 0xa9, 0x63, 0x8b, 0xf1, 0xee, 0x41, 0x9d,
- 0xea, 0x9c, 0x4f, 0xf7, 0x45, 0xa2, 0x5a, 0xc2,
- 0x7b, 0xda, 0x33, 0xca, 0x08, 0xbd, 0x56, 0xdd,
- 0x1a, 0x59, 0xb4, 0x10, 0x6c, 0xf2, 0xdb, 0xbc,
- 0x0a, 0xb2, 0xaa, 0x8e, 0x2e, 0xfa, 0x7b, 0x17,
- 0x90, 0x2d, 0x34, 0x27, 0x69, 0x51, 0xce, 0xcc,
- 0xab, 0x87, 0xf9, 0x66, 0x1c, 0x3e, 0x88, 0x16
- };
- #endif
- #ifndef NO_SHA
- ret = wc_X963_KDF(WC_HASH_TYPE_SHA, Z, sizeof(Z), NULL, 0,
- kek, sizeof(verify));
- if (ret != 0)
- return -9800;
- if (XMEMCMP(verify, kek, sizeof(verify)) != 0)
- return -9801;
- #endif
- #ifndef NO_SHA256
- ret = wc_X963_KDF(WC_HASH_TYPE_SHA256, Z2, sizeof(Z2), NULL, 0,
- kek, sizeof(verify2));
- if (ret != 0)
- return -9802;
- if (XMEMCMP(verify2, kek, sizeof(verify2)) != 0)
- return -9803;
- #endif
- #ifdef WOLFSSL_SHA512
- ret = wc_X963_KDF(WC_HASH_TYPE_SHA512, Z3, sizeof(Z3), NULL, 0,
- kek, sizeof(verify3));
- if (ret != 0)
- return -9804;
- if (XMEMCMP(verify3, kek, sizeof(verify3)) != 0)
- return -9805;
- ret = wc_X963_KDF(WC_HASH_TYPE_SHA512, Z4, sizeof(Z4), info4,
- sizeof(info4), kek, sizeof(verify4));
- if (ret != 0)
- return -9806;
- if (XMEMCMP(verify4, kek, sizeof(verify4)) != 0)
- return -9807;
- #endif
- return 0;
- }
- #endif /* HAVE_X963_KDF */
- #ifdef HAVE_ECC
- /* size to use for ECC key gen tests */
- #ifndef ECC_KEYGEN_SIZE
- #ifndef NO_ECC256
- #define ECC_KEYGEN_SIZE 32
- #elif defined(HAVE_ECC384)
- #define ECC_KEYGEN_SIZE 48
- #elif defined(HAVE_ECC224)
- #define ECC_KEYGEN_SIZE 28
- #elif defined(HAVE_ECC521)
- #define ECC_KEYGEN_SIZE 66
- #else
- #error No ECC keygen size defined for test
- #endif
- #endif
- #ifdef BENCH_EMBEDDED
- #define ECC_SHARED_SIZE 128
- #else
- #define ECC_SHARED_SIZE MAX_ECC_BYTES
- #endif
- #define ECC_DIGEST_SIZE MAX_ECC_BYTES
- #define ECC_SIG_SIZE ECC_MAX_SIG_SIZE
- #ifndef NO_ECC_VECTOR_TEST
- #if (defined(HAVE_ECC192) || defined(HAVE_ECC224) ||\
- !defined(NO_ECC256) || defined(HAVE_ECC384) ||\
- defined(HAVE_ECC521) || defined(HAVE_ALL_CURVES))
- #define HAVE_ECC_VECTOR_TEST
- #endif
- #endif
- #ifdef HAVE_ECC_VECTOR_TEST
- typedef struct eccVector {
- const char* msg; /* SHA-1 Encoded Message */
- const char* Qx;
- const char* Qy;
- const char* d; /* Private Key */
- const char* R;
- const char* S;
- const char* curveName;
- word32 msgLen;
- word32 keySize;
- #ifndef NO_ASN
- const byte* r;
- word32 rSz;
- const byte* s;
- word32 sSz;
- #endif
- } eccVector;
- static int ecc_test_vector_item(const eccVector* vector)
- {
- int ret = 0, verify = 0;
- word32 sigSz;
- #ifdef WOLFSSL_SMALL_STACK
- ecc_key *userA = (ecc_key *)XMALLOC(sizeof *userA, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- #else
- ecc_key userA[1];
- #endif
- DECLARE_VAR(sig, byte, ECC_SIG_SIZE, HEAP_HINT);
- #if !defined(NO_ASN) && !defined(HAVE_SELFTEST)
- word32 sigRawSz, rSz = MAX_ECC_BYTES, sSz = MAX_ECC_BYTES;
- DECLARE_VAR(sigRaw, byte, ECC_SIG_SIZE, HEAP_HINT);
- DECLARE_VAR(r, byte, MAX_ECC_BYTES, HEAP_HINT);
- DECLARE_VAR(s, byte, MAX_ECC_BYTES, HEAP_HINT);
- #endif
- #ifdef DECLARE_VAR_IS_HEAP_ALLOC
- if (sig == NULL)
- ERROR_OUT(MEMORY_E, done);
- #if !defined(NO_ASN) && !defined(HAVE_SELFTEST)
- if (sigRaw == NULL || r == NULL || s == NULL)
- ERROR_OUT(MEMORY_E, done);
- #endif
- #endif
- #ifdef WOLFSSL_SMALL_STACK
- if (userA == NULL)
- ERROR_OUT(MEMORY_E, done);
- #endif
- ret = wc_ecc_init_ex(userA, HEAP_HINT, devId);
- if (ret != 0)
- goto done;
- ret = wc_ecc_import_raw(userA, vector->Qx, vector->Qy,
- vector->d, vector->curveName);
- if (ret != 0)
- goto done;
- XMEMSET(sig, 0, ECC_SIG_SIZE);
- sigSz = ECC_SIG_SIZE;
- ret = wc_ecc_rs_to_sig(vector->R, vector->S, sig, &sigSz);
- if (ret != 0)
- goto done;
- #if !defined(NO_ASN) && !defined(HAVE_SELFTEST)
- XMEMSET(sigRaw, 0, ECC_SIG_SIZE);
- sigRawSz = ECC_SIG_SIZE;
- ret = wc_ecc_rs_raw_to_sig(vector->r, vector->rSz, vector->s, vector->sSz,
- sigRaw, &sigRawSz);
- if (ret != 0)
- goto done;
- if (sigSz != sigRawSz || XMEMCMP(sig, sigRaw, sigSz) != 0) {
- ret = -9810;
- goto done;
- }
- ret = wc_ecc_sig_to_rs(sig, sigSz, r, &rSz, s, &sSz);
- if (ret != 0)
- goto done;
- if (rSz != vector->rSz || XMEMCMP(r, vector->r, rSz) != 0 ||
- sSz != vector->sSz || XMEMCMP(s, vector->s, sSz) != 0) {
- ret = -9811;
- goto done;
- }
- #endif
- do {
- #if defined(WOLFSSL_ASYNC_CRYPT)
- ret = wc_AsyncWait(ret, &userA->asyncDev, WC_ASYNC_FLAG_CALL_AGAIN);
- #endif
- if (ret == 0)
- ret = wc_ecc_verify_hash(sig, sigSz, (byte*)vector->msg,
- vector->msgLen, &verify, userA);
- } while (ret == WC_PENDING_E);
- if (ret != 0)
- goto done;
- TEST_SLEEP();
- if (verify != 1)
- ret = -9812;
- done:
- #ifdef WOLFSSL_SMALL_STACK
- if (userA != NULL) {
- wc_ecc_free(userA);
- XFREE(userA, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- }
- #else
- wc_ecc_free(userA);
- #endif
- #if !defined(NO_ASN) && !defined(HAVE_SELFTEST)
- FREE_VAR(sigRaw, HEAP_HINT);
- FREE_VAR(r, HEAP_HINT);
- FREE_VAR(s, HEAP_HINT);
- #endif
- FREE_VAR(sig, HEAP_HINT);
- return ret;
- }
- static int ecc_test_vector(int keySize)
- {
- int ret;
- eccVector vec;
- XMEMSET(&vec, 0, sizeof(vec));
- vec.keySize = (word32)keySize;
- switch(keySize) {
- #if defined(HAVE_ECC112) || defined(HAVE_ALL_CURVES)
- case 14:
- return 0;
- #endif /* HAVE_ECC112 */
- #if defined(HAVE_ECC128) || defined(HAVE_ALL_CURVES)
- case 16:
- return 0;
- #endif /* HAVE_ECC128 */
- #if defined(HAVE_ECC160) || defined(HAVE_ALL_CURVES)
- case 20:
- return 0;
- #endif /* HAVE_ECC160 */
- #if defined(HAVE_ECC192) || defined(HAVE_ALL_CURVES)
- case 24:
- /* first [P-192,SHA-1] vector from FIPS 186-3 NIST vectors */
- #if 1
- vec.msg = "\x60\x80\x79\x42\x3f\x12\x42\x1d\xe6\x16\xb7\x49\x3e\xbe\x55\x1c\xf4\xd6\x5b\x92";
- vec.msgLen = 20;
- #else
- /* This is the raw message prior to SHA-1 */
- vec.msg =
- "\xeb\xf7\x48\xd7\x48\xeb\xbc\xa7\xd2\x9f\xb4\x73\x69\x8a\x6e\x6b"
- "\x4f\xb1\x0c\x86\x5d\x4a\xf0\x24\xcc\x39\xae\x3d\xf3\x46\x4b\xa4"
- "\xf1\xd6\xd4\x0f\x32\xbf\x96\x18\xa9\x1b\xb5\x98\x6f\xa1\xa2\xaf"
- "\x04\x8a\x0e\x14\xdc\x51\xe5\x26\x7e\xb0\x5e\x12\x7d\x68\x9d\x0a"
- "\xc6\xf1\xa7\xf1\x56\xce\x06\x63\x16\xb9\x71\xcc\x7a\x11\xd0\xfd"
- "\x7a\x20\x93\xe2\x7c\xf2\xd0\x87\x27\xa4\xe6\x74\x8c\xc3\x2f\xd5"
- "\x9c\x78\x10\xc5\xb9\x01\x9d\xf2\x1c\xdc\xc0\xbc\xa4\x32\xc0\xa3"
- "\xee\xd0\x78\x53\x87\x50\x88\x77\x11\x43\x59\xce\xe4\xa0\x71\xcf";
- vec.msgLen = 128;
- #endif
- vec.Qx = "07008ea40b08dbe76432096e80a2494c94982d2d5bcf98e6";
- vec.Qy = "76fab681d00b414ea636ba215de26d98c41bd7f2e4d65477";
- vec.d = "e14f37b3d1374ff8b03f41b9b3fdd2f0ebccf275d660d7f3";
- vec.R = "6994d962bdd0d793ffddf855ec5bf2f91a9698b46258a63e";
- vec.S = "02ba6465a234903744ab02bc8521405b73cf5fc00e1a9f41";
- vec.curveName = "SECP192R1";
- #ifndef NO_ASN
- vec.r = (byte*)"\x69\x94\xd9\x62\xbd\xd0\xd7\x93\xff\xdd\xf8\x55"
- "\xec\x5b\xf2\xf9\x1a\x96\x98\xb4\x62\x58\xa6\x3e";
- vec.rSz = 24;
- vec.s = (byte*)"\x02\xba\x64\x65\xa2\x34\x90\x37\x44\xab\x02\xbc"
- "\x85\x21\x40\x5b\x73\xcf\x5f\xc0\x0e\x1a\x9f\x41";
- vec.sSz = 24;
- #endif
- break;
- #endif /* HAVE_ECC192 */
- #if defined(HAVE_ECC224) || defined(HAVE_ALL_CURVES)
- case 28:
- /* first [P-224,SHA-1] vector from FIPS 186-3 NIST vectors */
- #if 1
- vec.msg = "\xb9\xa3\xb8\x6d\xb0\xba\x99\xfd\xc6\xd2\x94\x6b\xfe\xbe\x9c\xe8\x3f\x10\x74\xfc";
- vec.msgLen = 20;
- #else
- /* This is the raw message prior to SHA-1 */
- vec.msg =
- "\x36\xc8\xb2\x29\x86\x48\x7f\x67\x7c\x18\xd0\x97\x2a\x9e\x20\x47"
- "\xb3\xaf\xa5\x9e\xc1\x62\x76\x4e\xc3\x0b\x5b\x69\xe0\x63\x0f\x99"
- "\x0d\x4e\x05\xc2\x73\xb0\xe5\xa9\xd4\x28\x27\xb6\x95\xfc\x2d\x64"
- "\xd9\x13\x8b\x1c\xf4\xc1\x21\x55\x89\x4c\x42\x13\x21\xa7\xbb\x97"
- "\x0b\xdc\xe0\xfb\xf0\xd2\xae\x85\x61\xaa\xd8\x71\x7f\x2e\x46\xdf"
- "\xe3\xff\x8d\xea\xb4\xd7\x93\x23\x56\x03\x2c\x15\x13\x0d\x59\x9e"
- "\x26\xc1\x0f\x2f\xec\x96\x30\x31\xac\x69\x38\xa1\x8d\x66\x45\x38"
- "\xb9\x4d\xac\x55\x34\xef\x7b\x59\x94\x24\xd6\x9b\xe1\xf7\x1c\x20";
- vec.msgLen = 128;
- #endif
- vec.Qx = "8a4dca35136c4b70e588e23554637ae251077d1365a6ba5db9585de7";
- vec.Qy = "ad3dee06de0be8279d4af435d7245f14f3b4f82eb578e519ee0057b1";
- vec.d = "97c4b796e1639dd1035b708fc00dc7ba1682cec44a1002a1a820619f";
- vec.R = "147b33758321e722a0360a4719738af848449e2c1d08defebc1671a7";
- vec.S = "24fc7ed7f1352ca3872aa0916191289e2e04d454935d50fe6af3ad5b";
- vec.curveName = "SECP224R1";
- #ifndef NO_ASN
- vec.r = (byte*)"\x14\x7b\x33\x75\x83\x21\xe7\x22\xa0\x36\x0a\x47"
- "\x19\x73\x8a\xf8\x48\x44\x9e\x2c\x1d\x08\xde\xfe"
- "\xbc\x16\x71\xa7";
- vec.rSz = 28;
- vec.s = (byte*)"\x24\xfc\x7e\xd7\xf1\x35\x2c\xa3\x87\x2a\xa0\x91"
- "\x61\x91\x28\x9e\x2e\x04\xd4\x54\x93\x5d\x50\xfe"
- "\x6a\xf3\xad\x5b";
- vec.sSz = 28;
- #endif
- break;
- #endif /* HAVE_ECC224 */
- #if defined(HAVE_ECC239) || defined(HAVE_ALL_CURVES)
- case 30:
- return 0;
- #endif /* HAVE_ECC239 */
- #if !defined(NO_ECC256) || defined(HAVE_ALL_CURVES)
- case 32:
- /* first [P-256,SHA-1] vector from FIPS 186-3 NIST vectors */
- #if 1
- vec.msg = "\xa3\xf9\x1a\xe2\x1b\xa6\xb3\x03\x98\x64\x47\x2f\x18\x41\x44\xc6\xaf\x62\xcd\x0e";
- vec.msgLen = 20;
- #else
- /* This is the raw message prior to SHA-1 */
- vec.msg =
- "\xa2\x4b\x21\x76\x2e\x6e\xdb\x15\x3c\xc1\x14\x38\xdb\x0e\x92\xcd"
- "\xf5\x2b\x86\xb0\x6c\xa9\x70\x16\x06\x27\x59\xc7\x0d\x36\xd1\x56"
- "\x2c\xc9\x63\x0d\x7f\xc7\xc7\x74\xb2\x8b\x54\xe3\x1e\xf5\x58\x72"
- "\xb2\xa6\x5d\xf1\xd7\xec\x26\xde\xbb\x33\xe7\xd9\x27\xef\xcc\xf4"
- "\x6b\x63\xde\x52\xa4\xf4\x31\xea\xca\x59\xb0\x5d\x2e\xde\xc4\x84"
- "\x5f\xff\xc0\xee\x15\x03\x94\xd6\x1f\x3d\xfe\xcb\xcd\xbf\x6f\x5a"
- "\x73\x38\xd0\xbe\x3f\x2a\x77\x34\x51\x98\x3e\xba\xeb\x48\xf6\x73"
- "\x8f\xc8\x95\xdf\x35\x7e\x1a\x48\xa6\x53\xbb\x35\x5a\x31\xa1\xb4"
- vec.msgLen = 128;
- #endif
- vec.Qx = "fa2737fb93488d19caef11ae7faf6b7f4bcd67b286e3fc54e8a65c2b74aeccb0";
- vec.Qy = "d4ccd6dae698208aa8c3a6f39e45510d03be09b2f124bfc067856c324f9b4d09";
- vec.d = "be34baa8d040a3b991f9075b56ba292f755b90e4b6dc10dad36715c33cfdac25";
- vec.R = "2b826f5d44e2d0b6de531ad96b51e8f0c56fdfead3c236892e4d84eacfc3b75c";
- vec.S = "a2248b62c03db35a7cd63e8a120a3521a89d3d2f61ff99035a2148ae32e3a248";
- #ifndef NO_ASN
- vec.r = (byte*)"\x2b\x82\x6f\x5d\x44\xe2\xd0\xb6\xde\x53\x1a\xd9"
- "\x6b\x51\xe8\xf0\xc5\x6f\xdf\xea\xd3\xc2\x36\x89"
- "\x2e\x4d\x84\xea\xcf\xc3\xb7\x5c";
- vec.rSz = 32;
- vec.s = (byte*)"\xa2\x24\x8b\x62\xc0\x3d\xb3\x5a\x7c\xd6\x3e\x8a"
- "\x12\x0a\x35\x21\xa8\x9d\x3d\x2f\x61\xff\x99\x03"
- "\x5a\x21\x48\xae\x32\xe3\xa2\x48";
- vec.sSz = 32;
- #endif
- vec.curveName = "SECP256R1";
- break;
- #endif /* !NO_ECC256 */
- #if defined(HAVE_ECC320) || defined(HAVE_ALL_CURVES)
- case 40:
- return 0;
- #endif /* HAVE_ECC320 */
- #if defined(HAVE_ECC384) || defined(HAVE_ALL_CURVES)
- case 48:
- /* first [P-384,SHA-1] vector from FIPS 186-3 NIST vectors */
- #if 1
- vec.msg = "\x9b\x9f\x8c\x95\x35\xa5\xca\x26\x60\x5d\xb7\xf2\xfa\x57\x3b\xdf\xc3\x2e\xab\x8b";
- vec.msgLen = 20;
- #else
- /* This is the raw message prior to SHA-1 */
- vec.msg =
- "\xab\xe1\x0a\xce\x13\xe7\xe1\xd9\x18\x6c\x48\xf7\x88\x9d\x51\x47"
- "\x3d\x3a\x09\x61\x98\x4b\xc8\x72\xdf\x70\x8e\xcc\x3e\xd3\xb8\x16"
- "\x9d\x01\xe3\xd9\x6f\xc4\xf1\xd5\xea\x00\xa0\x36\x92\xbc\xc5\xcf"
- "\xfd\x53\x78\x7c\x88\xb9\x34\xaf\x40\x4c\x03\x9d\x32\x89\xb5\xba"
- "\xc5\xae\x7d\xb1\x49\x68\x75\xb5\xdc\x73\xc3\x09\xf9\x25\xc1\x3d"
- "\x1c\x01\xab\xda\xaf\xeb\xcd\xac\x2c\xee\x43\x39\x39\xce\x8d\x4a"
- "\x0a\x5d\x57\xbb\x70\x5f\x3b\xf6\xec\x08\x47\x95\x11\xd4\xb4\xa3"
- "\x21\x1f\x61\x64\x9a\xd6\x27\x43\x14\xbf\x0d\x43\x8a\x81\xe0\x60"
- vec.msgLen = 128;
- #endif
- vec.Qx = "e55fee6c49d8d523f5ce7bf9c0425ce4ff650708b7de5cfb095901523979a7f042602db30854735369813b5c3f5ef868";
- vec.Qy = "28f59cc5dc509892a988d38a8e2519de3d0c4fd0fbdb0993e38f18506c17606c5e24249246f1ce94983a5361c5be983e";
- vec.d = "a492ce8fa90084c227e1a32f7974d39e9ff67a7e8705ec3419b35fb607582bebd461e0b1520ac76ec2dd4e9b63ebae71";
- vec.R = "6820b8585204648aed63bdff47f6d9acebdea62944774a7d14f0e14aa0b9a5b99545b2daee6b3c74ebf606667a3f39b7";
- vec.S = "491af1d0cccd56ddd520b233775d0bc6b40a6255cc55207d8e9356741f23c96c14714221078dbd5c17f4fdd89b32a907";
- vec.curveName = "SECP384R1";
- #ifndef NO_ASN
- vec.r = (byte*)"\x68\x20\xb8\x58\x52\x04\x64\x8a\xed\x63\xbd\xff"
- "\x47\xf6\xd9\xac\xeb\xde\xa6\x29\x44\x77\x4a\x7d"
- "\x14\xf0\xe1\x4a\xa0\xb9\xa5\xb9\x95\x45\xb2\xda"
- "\xee\x6b\x3c\x74\xeb\xf6\x06\x66\x7a\x3f\x39\xb7";
- vec.rSz = 48;
- vec.s = (byte*)"\x49\x1a\xf1\xd0\xcc\xcd\x56\xdd\xd5\x20\xb2\x33"
- "\x77\x5d\x0b\xc6\xb4\x0a\x62\x55\xcc\x55\x20\x7d"
- "\x8e\x93\x56\x74\x1f\x23\xc9\x6c\x14\x71\x42\x21"
- "\x07\x8d\xbd\x5c\x17\xf4\xfd\xd8\x9b\x32\xa9\x07";
- vec.sSz = 48;
- #endif
- break;
- #endif /* HAVE_ECC384 */
- #if defined(HAVE_ECC512) || defined(HAVE_ALL_CURVES)
- case 64:
- return 0;
- #endif /* HAVE_ECC512 */
- #if defined(HAVE_ECC521) || defined(HAVE_ALL_CURVES)
- case 66:
- /* first [P-521,SHA-1] vector from FIPS 186-3 NIST vectors */
- #if 1
- vec.msg = "\x1b\xf7\x03\x9c\xca\x23\x94\x27\x3f\x11\xa1\xd4\x8d\xcc\xb4\x46\x6f\x31\x61\xdf";
- vec.msgLen = 20;
- #else
- /* This is the raw message prior to SHA-1 */
- vec.msg =
- "\x50\x3f\x79\x39\x34\x0a\xc7\x23\xcd\x4a\x2f\x4e\x6c\xcc\x27\x33"
- "\x38\x3a\xca\x2f\xba\x90\x02\x19\x9d\x9e\x1f\x94\x8b\xe0\x41\x21"
- "\x07\xa3\xfd\xd5\x14\xd9\x0c\xd4\xf3\x7c\xc3\xac\x62\xef\x00\x3a"
- "\x2d\xb1\xd9\x65\x7a\xb7\x7f\xe7\x55\xbf\x71\xfa\x59\xe4\xd9\x6e"
- "\xa7\x2a\xe7\xbf\x9d\xe8\x7d\x79\x34\x3b\xc1\xa4\xbb\x14\x4d\x16"
- "\x28\xd1\xe9\xe9\xc8\xed\x80\x8b\x96\x2c\x54\xe5\xf9\x6d\x53\xda"
- "\x14\x7a\x96\x38\xf9\x4a\x91\x75\xd8\xed\x61\x05\x5f\x0b\xa5\x73"
- "\xa8\x2b\xb7\xe0\x18\xee\xda\xc4\xea\x7b\x36\x2e\xc8\x9c\x38\x2b"
- vec.msgLen = 128;
- #endif
- vec.Qx = "12fbcaeffa6a51f3ee4d3d2b51c5dec6d7c726ca353fc014ea2bf7cfbb9b910d32cbfa6a00fe39b6cdb8946f22775398b2e233c0cf144d78c8a7742b5c7a3bb5d23";
- vec.Qy = "09cdef823dd7bf9a79e8cceacd2e4527c231d0ae5967af0958e931d7ddccf2805a3e618dc3039fec9febbd33052fe4c0fee98f033106064982d88f4e03549d4a64d";
- vec.d = "1bd56bd106118eda246155bd43b42b8e13f0a6e25dd3bb376026fab4dc92b6157bc6dfec2d15dd3d0cf2a39aa68494042af48ba9601118da82c6f2108a3a203ad74";
- vec.R = "0bd117b4807710898f9dd7778056485777668f0e78e6ddf5b000356121eb7a220e9493c7f9a57c077947f89ac45d5acb6661bbcd17abb3faea149ba0aa3bb1521be";
- vec.S = "019cd2c5c3f9870ecdeb9b323abdf3a98cd5e231d85c6ddc5b71ab190739f7f226e6b134ba1d5889ddeb2751dabd97911dff90c34684cdbe7bb669b6c3d22f2480c";
- vec.curveName = "SECP521R1";
- #ifndef NO_ASN
- vec.r = (byte*)"\xbd\x11\x7b\x48\x07\x71\x08\x98\xf9\xdd\x77\x78"
- "\x05\x64\x85\x77\x76\x68\xf0\xe7\x8e\x6d\xdf\x5b"
- "\x00\x03\x56\x12\x1e\xb7\xa2\x20\xe9\x49\x3c\x7f"
- "\x9a\x57\xc0\x77\x94\x7f\x89\xac\x45\xd5\xac\xb6"
- "\x66\x1b\xbc\xd1\x7a\xbb\x3f\xae\xa1\x49\xba\x0a"
- "\xa3\xbb\x15\x21\xbe";
- vec.rSz = 65;
- vec.s = (byte*)"\x19\xcd\x2c\x5c\x3f\x98\x70\xec\xde\xb9\xb3\x23"
- "\xab\xdf\x3a\x98\xcd\x5e\x23\x1d\x85\xc6\xdd\xc5"
- "\xb7\x1a\xb1\x90\x73\x9f\x7f\x22\x6e\x6b\x13\x4b"
- "\xa1\xd5\x88\x9d\xde\xb2\x75\x1d\xab\xd9\x79\x11"
- "\xdf\xf9\x0c\x34\x68\x4c\xdb\xe7\xbb\x66\x9b\x6c"
- "\x3d\x22\xf2\x48\x0c";
- vec.sSz = 65;
- #endif
- break;
- #endif /* HAVE_ECC521 */
- default:
- return NOT_COMPILED_IN; /* Invalid key size / Not supported */
- }; /* Switch */
- ret = ecc_test_vector_item(&vec);
- if (ret < 0) {
- return ret;
- }
- return 0;
- }
- #if defined(HAVE_ECC_SIGN) && defined(WOLFSSL_ECDSA_SET_K)
- static int ecc_test_sign_vectors(WC_RNG* rng)
- {
- int ret;
- ecc_key key;
- byte sig[72];
- word32 sigSz;
- unsigned char hash[32] = "test wolfSSL deterministic sign";
- const char* dIUT = "7d7dc5f71eb29ddaf80d6214632eeae03d9058af1fb6d22ed80badb62bc1a534";
- const char* QIUTx = "ead218590119e8876b29146ff89ca61770c4edbbf97d38ce385ed281d8a6b230";
- const char* QIUTy = "28af61281fd35e2fa7002523acc85a429cb06ee6648325389f59edfce1405141";
- const byte k[1] = { 0x02 };
- const byte expSig[71] = {
- 0x30, 0x45, 0x02, 0x20, 0x7c, 0xf2, 0x7b, 0x18,
- 0x8d, 0x03, 0x4f, 0x7e, 0x8a, 0x52, 0x38, 0x03,
- 0x04, 0xb5, 0x1a, 0xc3, 0xc0, 0x89, 0x69, 0xe2,
- 0x77, 0xf2, 0x1b, 0x35, 0xa6, 0x0b, 0x48, 0xfc,
- 0x47, 0x66, 0x99, 0x78, 0x02, 0x21, 0x00, 0xa8,
- 0x43, 0xa0, 0xce, 0x6c, 0x5e, 0x17, 0x8a, 0x53,
- 0x4d, 0xaf, 0xd2, 0x95, 0x78, 0x9f, 0x84, 0x4f,
- 0x94, 0xb8, 0x75, 0xa3, 0x19, 0xa5, 0xd4, 0xdf,
- 0xe1, 0xd4, 0x5e, 0x9d, 0x97, 0xfe, 0x81
- };
- ret = wc_ecc_init_ex(&key, HEAP_HINT, devId);
- if (ret != 0) {
- return ret;
- }
- ret = wc_ecc_import_raw(&key, QIUTx, QIUTy, dIUT, "SECP256R1");
- if (ret != 0) {
- goto done;
- }
- ret = wc_ecc_sign_set_k(k, sizeof(k), &key);
- if (ret != 0) {
- goto done;
- }
- sigSz = sizeof(sig);
- do {
- #if defined(WOLFSSL_ASYNC_CRYPT)
- ret = wc_AsyncWait(ret, &key.asyncDev, WC_ASYNC_FLAG_CALL_AGAIN);
- #endif
- if (ret == 0)
- ret = wc_ecc_sign_hash(hash, sizeof(hash), sig, &sigSz, rng, &key);
- } while (ret == WC_PENDING_E);
- if (ret != 0) {
- goto done;
- }
- TEST_SLEEP();
- if (sigSz != sizeof(expSig)) {
- ret = -9830;
- goto done;
- }
- if (XMEMCMP(sig, expSig, sigSz) != 0) {
- ret = -9831;
- goto done;
- }
- sigSz = sizeof(sig);
- do {
- #if defined(WOLFSSL_ASYNC_CRYPT)
- ret = wc_AsyncWait(ret, &key.asyncDev, WC_ASYNC_FLAG_CALL_AGAIN);
- #endif
- if (ret == 0)
- ret = wc_ecc_sign_hash(hash, sizeof(hash), sig, &sigSz, rng, &key);
- } while (ret == WC_PENDING_E);
- if (ret != 0) {
- goto done;
- }
- TEST_SLEEP();
- done:
- wc_ecc_free(&key);
- return ret;
- }
- #endif
- #ifdef HAVE_ECC_CDH
- static int ecc_test_cdh_vectors(WC_RNG* rng)
- {
- int ret;
- #ifdef WOLFSSL_SMALL_STACK
- ecc_key *pub_key = (ecc_key *)XMALLOC(sizeof *pub_key, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- ecc_key *priv_key = (ecc_key *)XMALLOC(sizeof *priv_key, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- #else
- ecc_key pub_key[1], priv_key[1];
- #endif
- byte sharedA[32] = {0}, sharedB[32] = {0};
- word32 x, z;
- WOLFSSL_SMALL_STACK_STATIC const char* QCAVSx = "700c48f77f56584c5cc632ca65640db91b6bacce3a4df6b42ce7cc838833d287";
- WOLFSSL_SMALL_STACK_STATIC const char* QCAVSy = "db71e509e3fd9b060ddb20ba5c51dcc5948d46fbf640dfe0441782cab85fa4ac";
- WOLFSSL_SMALL_STACK_STATIC const char* dIUT = "7d7dc5f71eb29ddaf80d6214632eeae03d9058af1fb6d22ed80badb62bc1a534";
- WOLFSSL_SMALL_STACK_STATIC const char* QIUTx = "ead218590119e8876b29146ff89ca61770c4edbbf97d38ce385ed281d8a6b230";
- WOLFSSL_SMALL_STACK_STATIC const char* QIUTy = "28af61281fd35e2fa7002523acc85a429cb06ee6648325389f59edfce1405141";
- WOLFSSL_SMALL_STACK_STATIC const char* ZIUT = "46fc62106420ff012e54a434fbdd2d25ccc5852060561e68040dd7778997bd7b";
- #ifdef WOLFSSL_SMALL_STACK
- if ((pub_key == NULL) ||
- (priv_key == NULL)) {
- ret = MEMORY_E;
- goto done;
- }
- #endif
- XMEMSET(pub_key, 0, sizeof *pub_key);
- XMEMSET(priv_key, 0, sizeof *priv_key);
- /* setup private and public keys */
- ret = wc_ecc_init_ex(pub_key, HEAP_HINT, devId);
- if (ret != 0)
- goto done;
- ret = wc_ecc_init_ex(priv_key, HEAP_HINT, devId);
- if (ret != 0)
- goto done;
- wc_ecc_set_flags(pub_key, WC_ECC_FLAG_COFACTOR);
- wc_ecc_set_flags(priv_key, WC_ECC_FLAG_COFACTOR);
- ret = wc_ecc_import_raw(pub_key, QCAVSx, QCAVSy, NULL, "SECP256R1");
- if (ret != 0)
- goto done;
- ret = wc_ecc_import_raw(priv_key, QIUTx, QIUTy, dIUT, "SECP256R1");
- if (ret != 0)
- goto done;
- #if defined(ECC_TIMING_RESISTANT) && (!defined(HAVE_FIPS) || \
- (!defined(HAVE_FIPS_VERSION) || (HAVE_FIPS_VERSION != 2))) && \
- !defined(HAVE_SELFTEST)
- ret = wc_ecc_set_rng(priv_key, rng);
- if (ret != 0)
- goto done;
- #else
- (void)rng;
- #endif
- /* compute ECC Cofactor shared secret */
- x = sizeof(sharedA);
- do {
- #if defined(WOLFSSL_ASYNC_CRYPT)
- ret = wc_AsyncWait(ret, &priv_key->asyncDev, WC_ASYNC_FLAG_CALL_AGAIN);
- #endif
- if (ret == 0)
- ret = wc_ecc_shared_secret(priv_key, pub_key, sharedA, &x);
- } while (ret == WC_PENDING_E);
- if (ret != 0) {
- goto done;
- }
- TEST_SLEEP();
- /* read in expected Z */
- z = sizeof(sharedB);
- ret = Base16_Decode((const byte*)ZIUT, (word32)XSTRLEN(ZIUT), sharedB, &z);
- if (ret != 0)
- goto done;
- /* compare results */
- if (x != z || XMEMCMP(sharedA, sharedB, x)) {
- ERROR_OUT(-9840, done);
- }
- done:
- #ifdef WOLFSSL_SMALL_STACK
- if (priv_key) {
- wc_ecc_free(priv_key);
- XFREE(priv_key, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- }
- if (pub_key) {
- wc_ecc_free(pub_key);
- XFREE(pub_key, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- }
- #else
- wc_ecc_free(priv_key);
- wc_ecc_free(pub_key);
- #endif
- return ret;
- }
- #endif /* HAVE_ECC_CDH */
- #endif /* HAVE_ECC_VECTOR_TEST */
- #ifdef HAVE_ECC_KEY_IMPORT
- /* returns 0 on success */
- static int ecc_test_make_pub(WC_RNG* rng)
- {
- #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
- ecc_key *key = (ecc_key *)XMALLOC(sizeof *key, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- #if defined(HAVE_ECC_DHE) && defined(HAVE_ECC_KEY_EXPORT)
- ecc_key *pub = (ecc_key *)XMALLOC(sizeof *pub, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- #endif
- byte *exportBuf = (byte *)XMALLOC(ECC_BUFSIZE, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- byte *tmp = (byte *)XMALLOC(ECC_BUFSIZE, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- #else
- ecc_key key[1];
- #if defined(HAVE_ECC_DHE) && defined(HAVE_ECC_KEY_EXPORT) && !defined(WC_NO_RNG)
- ecc_key pub[1];
- #endif
- byte exportBuf[ECC_BUFSIZE];
- byte tmp[ECC_BUFSIZE];
- #endif
- const byte* msg = (const byte*)"test wolfSSL ECC public gen";
- #if defined(HAVE_ECC_KEY_EXPORT)
- word32 x;
- #endif
- word32 tmpSz;
- int ret = 0;
- ecc_point* pubPoint = NULL;
- #ifdef HAVE_ECC_VERIFY
- int verify = 0;
- #endif
- #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
- if ((key == NULL) ||
- #if defined(HAVE_ECC_DHE) && defined(HAVE_ECC_KEY_EXPORT)
- (pub == NULL) ||
- #endif
- (exportBuf == NULL) ||
- (tmp == NULL))
- ERROR_OUT(MEMORY_E, done);
- #endif
- (void)msg;
- (void)verify;
- (void)exportBuf;
- (void)rng;
- wc_ecc_init_ex(key, HEAP_HINT, devId);
- #ifndef NO_ECC256
- #ifdef USE_CERT_BUFFERS_256
- XMEMCPY(tmp, ecc_key_der_256, (size_t)sizeof_ecc_key_der_256);
- tmpSz = (size_t)sizeof_ecc_key_der_256;
- #else
- {
- XFILE file = XFOPEN(eccKeyDerFile, "rb");
- if (!file) {
- ERROR_OUT(-9850, done);
- }
- tmpSz = (word32)XFREAD(tmp, 1, ECC_BUFSIZE, file);
- XFCLOSE(file);
- }
- #endif /* USE_CERT_BUFFERS_256 */
- /* import private only then test with */
- ret = wc_ecc_import_private_key(tmp, tmpSz, NULL, 0, NULL);
- if (ret == 0) {
- ERROR_OUT(-9851, done);
- }
- ret = wc_ecc_import_private_key(NULL, tmpSz, NULL, 0, key);
- if (ret == 0) {
- ERROR_OUT(-9852, done);
- }
- x = 0;
- ret = wc_EccPrivateKeyDecode(tmp, &x, key, tmpSz);
- if (ret != 0) {
- ERROR_OUT(-9853, done);
- }
- #ifdef HAVE_ECC_KEY_EXPORT
- x = ECC_BUFSIZE;
- ret = wc_ecc_export_private_only(key, exportBuf, &x);
- if (ret != 0) {
- ERROR_OUT(-9854, done);
- }
- /* make private only key */
- wc_ecc_free(key);
- wc_ecc_init_ex(key, HEAP_HINT, devId);
- ret = wc_ecc_import_private_key(exportBuf, x, NULL, 0, key);
- if (ret != 0) {
- ERROR_OUT(-9855, done);
- }
- x = ECC_BUFSIZE;
- ret = wc_ecc_export_x963_ex(key, exportBuf, &x, 0);
- if (ret == 0) {
- ERROR_OUT(-9856, done);
- }
- #endif /* HAVE_ECC_KEY_EXPORT */
- ret = wc_ecc_make_pub(NULL, NULL);
- if (ret == 0) {
- ERROR_OUT(-9857, done);
- }
- TEST_SLEEP();
- #ifndef WOLFSSL_NO_MALLOC
- pubPoint = wc_ecc_new_point_h(HEAP_HINT);
- if (pubPoint == NULL) {
- ERROR_OUT(-9858, done);
- }
- ret = wc_ecc_make_pub(key, pubPoint);
- if (ret != 0) {
- ERROR_OUT(-9859, done);
- }
- TEST_SLEEP();
- #ifdef HAVE_ECC_KEY_EXPORT
- /* export should still fail, is private only key */
- x = ECC_BUFSIZE;
- ret = wc_ecc_export_x963_ex(key, exportBuf, &x, 0);
- if (ret == 0) {
- ERROR_OUT(-9860, done);
- }
- #endif /* HAVE_ECC_KEY_EXPORT */
- #endif /* !WOLFSSL_NO_MALLOC */
- #endif /* !NO_ECC256 */
- /* create a new key since above test for loading key is not supported */
- #if defined(WOLFSSL_CRYPTOCELL) || defined(NO_ECC256) || \
- defined(WOLFSSL_QNX_CAAM)
- ret = wc_ecc_make_key(rng, ECC_KEYGEN_SIZE, key);
- if (ret != 0) {
- ERROR_OUT(-9861, done);
- }
- #endif
- #if defined(HAVE_ECC_SIGN) && (!defined(ECC_TIMING_RESISTANT) || \
- (defined(ECC_TIMING_RESISTANT) && !defined(WC_NO_RNG)))
- tmpSz = ECC_BUFSIZE;
- ret = 0;
- do {
- #if defined(WOLFSSL_ASYNC_CRYPT)
- ret = wc_AsyncWait(ret, &key->asyncDev, WC_ASYNC_FLAG_CALL_AGAIN);
- #endif
- if (ret == 0)
- ret = wc_ecc_sign_hash(msg, (word32)XSTRLEN((const char* )msg), tmp, &tmpSz, rng, key);
- } while (ret == WC_PENDING_E);
- if (ret != 0) {
- ERROR_OUT(-9862, done);
- }
- TEST_SLEEP();
- #ifdef HAVE_ECC_VERIFY
- /* try verify with private only key */
- ret = 0;
- do {
- #if defined(WOLFSSL_ASYNC_CRYPT)
- ret = wc_AsyncWait(ret, &key->asyncDev, WC_ASYNC_FLAG_CALL_AGAIN);
- #endif
- if (ret == 0)
- ret = wc_ecc_verify_hash(tmp, tmpSz, msg, (word32)XSTRLEN((const char* )msg), &verify, key);
- } while (ret == WC_PENDING_E);
- if (ret != 0) {
- ERROR_OUT(-9863, done);
- }
- if (verify != 1) {
- ERROR_OUT(-9864, done);
- }
- TEST_SLEEP();
- #ifdef HAVE_ECC_KEY_EXPORT
- /* exporting the public part should now work */
- x = ECC_BUFSIZE;
- ret = wc_ecc_export_x963_ex(key, exportBuf, &x, 0);
- if (ret != 0) {
- ERROR_OUT(-9865, done);
- }
- #endif /* HAVE_ECC_KEY_EXPORT */
- #endif /* HAVE_ECC_VERIFY */
- #endif /* HAVE_ECC_SIGN */
- #if defined(HAVE_ECC_DHE) && defined(HAVE_ECC_KEY_EXPORT) && !defined(WC_NO_RNG)
- /* now test private only key with creating a shared secret */
- x = ECC_BUFSIZE;
- ret = wc_ecc_export_private_only(key, exportBuf, &x);
- if (ret != 0) {
- ERROR_OUT(-9866, done);
- }
- #ifndef WOLFSSL_QNX_CAAM
- /* make private only key */
- wc_ecc_free(key);
- wc_ecc_init_ex(key, HEAP_HINT, devId);
- ret = wc_ecc_import_private_key(exportBuf, x, NULL, 0, key);
- if (ret != 0) {
- ERROR_OUT(-9867, done);
- }
- /* check that public export fails with private only key */
- x = ECC_BUFSIZE;
- ret = wc_ecc_export_x963_ex(key, exportBuf, &x, 0);
- if (ret == 0) {
- ERROR_OUT(-9868, done);
- }
- #endif /* WOLFSSL_QNX_CAAM */
- /* make public key for shared secret */
- wc_ecc_init_ex(pub, HEAP_HINT, devId);
- ret = wc_ecc_make_key(rng, ECC_KEYGEN_SIZE, pub);
- #if defined(WOLFSSL_ASYNC_CRYPT)
- ret = wc_AsyncWait(ret, &pub->asyncDev, WC_ASYNC_FLAG_NONE);
- #endif
- if (ret != 0) {
- ERROR_OUT(-9869, done);
- }
- TEST_SLEEP();
- #if defined(ECC_TIMING_RESISTANT) && (!defined(HAVE_FIPS) || \
- (!defined(HAVE_FIPS_VERSION) || (HAVE_FIPS_VERSION != 2))) && \
- !defined(HAVE_SELFTEST)
- ret = wc_ecc_set_rng(key, rng);
- if (ret != 0)
- goto done;
- #endif
- x = ECC_BUFSIZE;
- do {
- #if defined(WOLFSSL_ASYNC_CRYPT)
- ret = wc_AsyncWait(ret, &key->asyncDev, WC_ASYNC_FLAG_CALL_AGAIN);
- #endif
- if (ret == 0) {
- ret = wc_ecc_shared_secret(key, pub, exportBuf, &x);
- }
- } while (ret == WC_PENDING_E);
- wc_ecc_free(pub);
- if (ret != 0) {
- ERROR_OUT(-9870, done);
- }
- TEST_SLEEP();
- #endif /* HAVE_ECC_DHE && HAVE_ECC_KEY_EXPORT && !WC_NO_RNG */
- ret = 0;
- done:
- wc_ecc_del_point_h(pubPoint, HEAP_HINT);
- #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
- if (key != NULL) {
- wc_ecc_free(key);
- XFREE(key, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- }
- #if defined(HAVE_ECC_DHE) && defined(HAVE_ECC_KEY_EXPORT)
- if (pub != NULL)
- XFREE(pub, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- #endif
- if (exportBuf != NULL)
- XFREE(exportBuf, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- if (tmp != NULL)
- XFREE(tmp, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- #else
- wc_ecc_free(key);
- #endif
- return ret;
- }
- #if defined(HAVE_ECC_KEY_EXPORT) && !defined(NO_ASN_CRYPT) && !defined(WC_NO_RNG)
- static int ecc_test_key_decode(WC_RNG* rng, int keySize)
- {
- int ret;
- #ifdef WOLFSSL_SMALL_STACK
- ecc_key *eccKey = (ecc_key *)XMALLOC(sizeof *eccKey, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- byte *tmpBuf = (byte *)XMALLOC(ECC_BUFSIZE, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- #else
- ecc_key eccKey[1];
- byte tmpBuf[ECC_BUFSIZE];
- #endif
- word32 tmpSz;
- word32 idx;
- #ifdef WOLFSSL_SMALL_STACK
- if ((eccKey == NULL) || (tmpBuf == NULL))
- ERROR_OUT(MEMORY_E, done);
- #endif
- ret = wc_ecc_init(eccKey);
- if (ret != 0) {
- goto done;
- }
- ret = wc_ecc_make_key(rng, keySize, eccKey);
- #if defined(WOLFSSL_ASYNC_CRYPT)
- ret = wc_AsyncWait(ret, &eccKey->asyncDev, WC_ASYNC_FLAG_NONE);
- #endif
- if (ret != 0) {
- goto done;
- }
- tmpSz = ECC_BUFSIZE;
- ret = wc_EccKeyToDer(eccKey, tmpBuf, tmpSz);
- wc_ecc_free(eccKey);
- if (ret < 0) {
- goto done;
- }
- tmpSz = ret;
- ret = wc_ecc_init(eccKey);
- if (ret != 0) {
- goto done;
- }
- idx = 0;
- ret = wc_EccPrivateKeyDecode(tmpBuf, &idx, eccKey, tmpSz);
- if (ret != 0) {
- goto done;
- }
- wc_ecc_free(eccKey);
- ret = wc_ecc_init(eccKey);
- if (ret != 0) {
- goto done;
- }
- idx = 0;
- ret = wc_EccPublicKeyDecode(tmpBuf, &idx, eccKey, tmpSz);
- if (ret != 0) {
- goto done;
- }
- ret = 0;
- done:
- #ifdef WOLFSSL_SMALL_STACK
- if (eccKey != NULL) {
- wc_ecc_free(eccKey);
- XFREE(eccKey, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- }
- if (tmpBuf != NULL)
- XFREE(tmpBuf, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- #else
- wc_ecc_free(eccKey);
- #endif
- return ret;
- }
- #endif /* HAVE_ECC_KEY_EXPORT && !NO_ASN_CRYPT */
- #endif /* HAVE_ECC_KEY_IMPORT */
- #if defined(HAVE_ECC_KEY_EXPORT) && !defined(NO_ASN_CRYPT) && !defined(WC_NO_RNG)
- static int ecc_test_key_gen(WC_RNG* rng, int keySize)
- {
- int ret = 0;
- int derSz;
- #ifdef HAVE_PKCS8
- word32 pkcs8Sz;
- #endif
- #ifdef WOLFSSL_SMALL_STACK
- byte *der = (byte *)XMALLOC(ECC_BUFSIZE, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- ecc_key *userA = (ecc_key *)XMALLOC(sizeof *userA, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- #else
- byte der[ECC_BUFSIZE];
- ecc_key userA[1];
- #endif
- #ifdef WOLFSSL_SMALL_STACK
- if ((der == NULL) || (userA == NULL))
- ERROR_OUT(MEMORY_E, done);
- #endif
- ret = wc_ecc_init_ex(userA, HEAP_HINT, devId);
- if (ret != 0)
- goto done;
- ret = wc_ecc_make_key(rng, keySize, userA);
- #if defined(WOLFSSL_ASYNC_CRYPT)
- ret = wc_AsyncWait(ret, &userA->asyncDev, WC_ASYNC_FLAG_NONE);
- #endif
- if (ret != 0)
- goto done;
- TEST_SLEEP();
- ret = wc_ecc_check_key(userA);
- if (ret != 0)
- goto done;
- TEST_SLEEP();
- derSz = wc_EccKeyToDer(userA, der, ECC_BUFSIZE);
- if (derSz < 0) {
- ERROR_OUT(derSz, done);
- }
- ret = SaveDerAndPem(der, derSz, eccCaKeyTempFile, eccCaKeyPemFile,
- ECC_PRIVATEKEY_TYPE, -8347);
- if (ret != 0) {
- goto done;
- }
- /* test export of public key */
- derSz = wc_EccPublicKeyToDer(userA, der, ECC_BUFSIZE, 1);
- if (derSz < 0) {
- ERROR_OUT(derSz, done);
- }
- if (derSz == 0) {
- ERROR_OUT(-9890, done);
- }
- ret = SaveDerAndPem(der, derSz, eccPubKeyDerFile, NULL, 0, -8348);
- if (ret != 0) {
- goto done;
- }
- #ifdef HAVE_PKCS8
- /* test export of PKCS#8 unencrypted private key */
- pkcs8Sz = FOURK_BUF;
- derSz = wc_EccPrivateKeyToPKCS8(userA, der, &pkcs8Sz);
- if (derSz < 0) {
- ERROR_OUT(derSz, done);
- }
- if (derSz == 0) {
- ERROR_OUT(-9891, done);
- }
- ret = SaveDerAndPem(der, derSz, eccPkcs8KeyDerFile, NULL, 0, -8349);
- if (ret != 0) {
- goto done;
- }
- #endif /* HAVE_PKCS8 */
- done:
- #ifdef WOLFSSL_SMALL_STACK
- if (der != NULL)
- XFREE(der, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- if (userA != NULL) {
- wc_ecc_free(userA);
- XFREE(userA, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- }
- #else
- wc_ecc_free(userA);
- #endif
- return ret;
- }
- #endif /* HAVE_ECC_KEY_EXPORT && !NO_ASN_CRYPT */
- static int ecc_test_curve_size(WC_RNG* rng, int keySize, int testVerifyCount,
- int curve_id, const ecc_set_type* dp)
- {
- #if (defined(HAVE_ECC_DHE) || defined(HAVE_ECC_CDH)) && !defined(WC_NO_RNG) && \
- !defined(WOLFSSL_ATECC508A) && !defined(WOLFSSL_ATECC608A)
- DECLARE_VAR(sharedA, byte, ECC_SHARED_SIZE, HEAP_HINT);
- DECLARE_VAR(sharedB, byte, ECC_SHARED_SIZE, HEAP_HINT);
- #endif
- #ifdef HAVE_ECC_KEY_EXPORT
- #define ECC_KEY_EXPORT_BUF_SIZE (MAX_ECC_BYTES * 2 + 32)
- DECLARE_VAR(exportBuf, byte, ECC_KEY_EXPORT_BUF_SIZE, HEAP_HINT);
- #endif
- word32 x = 0;
- #if (defined(HAVE_ECC_DHE) || defined(HAVE_ECC_CDH)) && !defined(WC_NO_RNG) && \
- !defined(WOLFSSL_ATECC508A) && !defined(WOLFSSL_ATECC608A)
- word32 y;
- #endif
- #ifdef HAVE_ECC_SIGN
- DECLARE_VAR(sig, byte, ECC_SIG_SIZE, HEAP_HINT);
- DECLARE_VAR(digest, byte, ECC_DIGEST_SIZE, HEAP_HINT);
- int i;
- #ifdef HAVE_ECC_VERIFY
- int verify;
- #endif /* HAVE_ECC_VERIFY */
- #endif /* HAVE_ECC_SIGN */
- int ret;
- #ifdef WOLFSSL_SMALL_STACK
- ecc_key *userA = (ecc_key *)XMALLOC(sizeof *userA, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- ecc_key *userB = (ecc_key *)XMALLOC(sizeof *userB, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- ecc_key *pubKey = (ecc_key *)XMALLOC(sizeof *pubKey, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- #else
- ecc_key userA[1];
- ecc_key userB[1];
- ecc_key pubKey[1];
- #endif
- #ifndef WC_NO_RNG
- int curveSize;
- #endif
- #ifdef DECLARE_VAR_IS_HEAP_ALLOC
- #if (defined(HAVE_ECC_DHE) || defined(HAVE_ECC_CDH)) && !defined(WC_NO_RNG) && \
- !defined(WOLFSSL_ATECC508A) && !defined(WOLFSSL_ATECC608A)
- if (sharedA == NULL || sharedB == NULL)
- ERROR_OUT(-9900, done);
- #endif
- #ifdef HAVE_ECC_KEY_EXPORT
- if (exportBuf == NULL)
- ERROR_OUT(-9901, done);
- #endif
- #ifdef HAVE_ECC_SIGN
- if (sig == NULL || digest == NULL)
- ERROR_OUT(-9902, done);
- #endif
- #endif /* WOLFSSL_SMALL_STACK */
- (void)testVerifyCount;
- (void)dp;
- (void)x;
- #ifdef WOLFSSL_SMALL_STACK
- if ((userA == NULL) ||
- (userB == NULL) ||
- (pubKey == NULL))
- ERROR_OUT(-9903, done);
- #endif
- XMEMSET(userA, 0, sizeof *userA);
- XMEMSET(userB, 0, sizeof *userB);
- XMEMSET(pubKey, 0, sizeof *pubKey);
- ret = wc_ecc_init_ex(userA, HEAP_HINT, devId);
- if (ret != 0)
- ERROR_OUT(-9904, done);
- ret = wc_ecc_init_ex(userB, HEAP_HINT, devId);
- if (ret != 0)
- ERROR_OUT(-9905, done);
- ret = wc_ecc_init_ex(pubKey, HEAP_HINT, devId);
- if (ret != 0)
- ERROR_OUT(-9906, done);
- #ifdef WOLFSSL_CUSTOM_CURVES
- if (dp != NULL) {
- ret = wc_ecc_set_custom_curve(userA, dp);
- if (ret != 0)
- ERROR_OUT(-9907, done);
- ret = wc_ecc_set_custom_curve(userB, dp);
- if (ret != 0)
- ERROR_OUT(-9908, done);
- }
- #endif
- #ifndef WC_NO_RNG
- ret = wc_ecc_make_key_ex(rng, keySize, userA, curve_id);
- #if defined(WOLFSSL_ASYNC_CRYPT)
- ret = wc_AsyncWait(ret, &userA->asyncDev, WC_ASYNC_FLAG_NONE);
- #endif
- if (ret != 0)
- ERROR_OUT(-9910, done);
- TEST_SLEEP();
- if (wc_ecc_get_curve_idx(curve_id) != -1) {
- curveSize = wc_ecc_get_curve_size_from_id(userA->dp->id);
- if (curveSize != userA->dp->size)
- ERROR_OUT(-9911, done);
- }
- ret = wc_ecc_check_key(userA);
- if (ret != 0)
- ERROR_OUT(-9912, done);
- TEST_SLEEP();
- /* ATECC508/608 configuration may not support more than one ECDH key */
- #if !defined(WOLFSSL_ATECC508A) && !defined(WOLFSSL_ATECC608A)
- ret = wc_ecc_make_key_ex(rng, keySize, userB, curve_id);
- #if defined(WOLFSSL_ASYNC_CRYPT)
- ret = wc_AsyncWait(ret, &userB->asyncDev, WC_ASYNC_FLAG_NONE);
- #endif
- if (ret != 0)
- ERROR_OUT(-9914, done);
- TEST_SLEEP();
- /* only perform the below tests if the key size matches */
- if (dp == NULL && keySize > 0 && wc_ecc_size(userA) != keySize)
- ERROR_OUT(ECC_CURVE_OID_E, done);
- #ifdef HAVE_ECC_DHE
- #if defined(ECC_TIMING_RESISTANT) && (!defined(HAVE_FIPS) || \
- (!defined(HAVE_FIPS_VERSION) || (HAVE_FIPS_VERSION != 2))) && \
- !defined(HAVE_SELFTEST)
- ret = wc_ecc_set_rng(userA, rng);
- if (ret != 0)
- ERROR_OUT(-9915, done);
- ret = wc_ecc_set_rng(userB, rng);
- if (ret != 0)
- ERROR_OUT(-9916, done);
- #endif
- x = ECC_SHARED_SIZE;
- do {
- #if defined(WOLFSSL_ASYNC_CRYPT)
- ret = wc_AsyncWait(ret, &userA->asyncDev, WC_ASYNC_FLAG_CALL_AGAIN);
- #endif
- if (ret == 0)
- ret = wc_ecc_shared_secret(userA, userB, sharedA, &x);
- } while (ret == WC_PENDING_E);
- if (ret != 0) {
- ERROR_OUT(-9917, done);
- }
- TEST_SLEEP();
- y = ECC_SHARED_SIZE;
- do {
- #if defined(WOLFSSL_ASYNC_CRYPT)
- ret = wc_AsyncWait(ret, &userB->asyncDev, WC_ASYNC_FLAG_CALL_AGAIN);
- #endif
- if (ret == 0)
- ret = wc_ecc_shared_secret(userB, userA, sharedB, &y);
- } while (ret == WC_PENDING_E);
- if (ret != 0)
- ERROR_OUT(-9918, done);
- if (y != x)
- ERROR_OUT(-9919, done);
- if (XMEMCMP(sharedA, sharedB, x))
- ERROR_OUT(-9920, done);
- TEST_SLEEP();
- #endif /* HAVE_ECC_DHE */
- #ifdef HAVE_ECC_CDH
- /* add cofactor flag */
- wc_ecc_set_flags(userA, WC_ECC_FLAG_COFACTOR);
- wc_ecc_set_flags(userB, WC_ECC_FLAG_COFACTOR);
- x = ECC_SHARED_SIZE;
- do {
- #if defined(WOLFSSL_ASYNC_CRYPT)
- ret = wc_AsyncWait(ret, &userA->asyncDev, WC_ASYNC_FLAG_CALL_AGAIN);
- #endif
- if (ret == 0)
- ret = wc_ecc_shared_secret(userA, userB, sharedA, &x);
- } while (ret == WC_PENDING_E);
- if (ret != 0)
- ERROR_OUT(-9921, done);
- TEST_SLEEP();
- y = ECC_SHARED_SIZE;
- do {
- #if defined(WOLFSSL_ASYNC_CRYPT)
- ret = wc_AsyncWait(ret, &userB->asyncDev, WC_ASYNC_FLAG_CALL_AGAIN);
- #endif
- if (ret == 0)
- ret = wc_ecc_shared_secret(userB, userA, sharedB, &y);
- } while (ret == WC_PENDING_E);
- if (ret != 0)
- ERROR_OUT(-9922, done);
- if (y != x)
- ERROR_OUT(-9923, done);
- if (XMEMCMP(sharedA, sharedB, x))
- ERROR_OUT(-9924, done);
- TEST_SLEEP();
- /* remove cofactor flag */
- wc_ecc_set_flags(userA, 0);
- wc_ecc_set_flags(userB, 0);
- #endif /* HAVE_ECC_CDH */
- #endif /* !WOLFSSL_ATECC508A && WOLFSSL_ATECC608A */
- #ifdef HAVE_ECC_KEY_EXPORT
- x = ECC_KEY_EXPORT_BUF_SIZE;
- ret = wc_ecc_export_x963_ex(userA, exportBuf, &x, 0);
- if (ret != 0)
- ERROR_OUT(-9925, done);
- #ifdef HAVE_ECC_KEY_IMPORT
- #ifdef WOLFSSL_CUSTOM_CURVES
- if (dp != NULL) {
- ret = wc_ecc_set_custom_curve(pubKey, dp);
- if (ret != 0)
- ERROR_OUT(-9926, done);
- }
- #endif
- ret = wc_ecc_import_x963_ex(exportBuf, x, pubKey, curve_id);
- if (ret != 0)
- ERROR_OUT(-9927, done);
- #if !defined(WOLFSSL_ATECC508A) && !defined(WOLFSSL_ATECC608A)
- #ifdef HAVE_ECC_DHE
- y = ECC_SHARED_SIZE;
- do {
- #if defined(WOLFSSL_ASYNC_CRYPT)
- ret = wc_AsyncWait(ret, &userB->asyncDev, WC_ASYNC_FLAG_CALL_AGAIN);
- #endif
- if (ret == 0)
- ret = wc_ecc_shared_secret(userB, pubKey, sharedB, &y);
- } while (ret == WC_PENDING_E);
- if (ret != 0)
- ERROR_OUT(-9928, done);
- if (XMEMCMP(sharedA, sharedB, y))
- ERROR_OUT(-9929, done);
- TEST_SLEEP();
- #endif /* HAVE_ECC_DHE */
- #ifdef HAVE_COMP_KEY
- /* try compressed export / import too */
- x = ECC_KEY_EXPORT_BUF_SIZE;
- ret = wc_ecc_export_x963_ex(userA, exportBuf, &x, 1);
- if (ret != 0)
- ERROR_OUT(-9930, done);
- wc_ecc_free(pubKey);
- ret = wc_ecc_init_ex(pubKey, HEAP_HINT, devId);
- if (ret != 0)
- ERROR_OUT(-9931, done);
- #ifdef WOLFSSL_CUSTOM_CURVES
- if (dp != NULL) {
- ret = wc_ecc_set_custom_curve(pubKey, dp);
- if (ret != 0)
- ERROR_OUT(-9932, done);
- }
- #endif
- ret = wc_ecc_import_x963_ex(exportBuf, x, pubKey, curve_id);
- if (ret != 0)
- ERROR_OUT(-9933, done);
- #ifdef HAVE_ECC_DHE
- y = ECC_SHARED_SIZE;
- do {
- #if defined(WOLFSSL_ASYNC_CRYPT)
- ret = wc_AsyncWait(ret, &userB->asyncDev, WC_ASYNC_FLAG_CALL_AGAIN);
- #endif
- if (ret == 0)
- ret = wc_ecc_shared_secret(userB, pubKey, sharedB, &y);
- } while (ret == WC_PENDING_E);
- if (ret != 0)
- ERROR_OUT(-9934, done);
- if (XMEMCMP(sharedA, sharedB, y))
- ERROR_OUT(-9935, done);
- TEST_SLEEP();
- #endif /* HAVE_ECC_DHE */
- #endif /* HAVE_COMP_KEY */
- #endif /* !WOLFSSL_ATECC508A && !WOLFSSL_ATECC608A */
- #endif /* !WC_NO_RNG */
- #endif /* HAVE_ECC_KEY_IMPORT */
- #endif /* HAVE_ECC_KEY_EXPORT */
- #if !defined(ECC_TIMING_RESISTANT) || (defined(ECC_TIMING_RESISTANT) && !defined(WC_NO_RNG))
- #ifdef HAVE_ECC_SIGN
- /* ECC w/out Shamir has issue with all 0 digest */
- /* WC_BIGINT doesn't have 0 len well on hardware */
- /* Cryptocell has issues with all 0 digest */
- #if defined(ECC_SHAMIR) && !defined(WOLFSSL_ASYNC_CRYPT) && \
- !defined(WOLFSSL_CRYPTOCELL)
- /* test DSA sign hash with zeros */
- for (i = 0; i < (int)ECC_DIGEST_SIZE; i++) {
- digest[i] = 0;
- }
- x = ECC_SIG_SIZE;
- do {
- #if defined(WOLFSSL_ASYNC_CRYPT)
- ret = wc_AsyncWait(ret, &userA->asyncDev, WC_ASYNC_FLAG_CALL_AGAIN);
- #endif
- if (ret == 0)
- ret = wc_ecc_sign_hash(digest, ECC_DIGEST_SIZE, sig, &x, rng,
- userA);
- } while (ret == WC_PENDING_E);
- if (ret != 0)
- ERROR_OUT(-9936, done);
- TEST_SLEEP();
- #ifdef HAVE_ECC_VERIFY
- for (i=0; i<testVerifyCount; i++) {
- verify = 0;
- do {
- #if defined(WOLFSSL_ASYNC_CRYPT)
- ret = wc_AsyncWait(ret, &userA->asyncDev, WC_ASYNC_FLAG_CALL_AGAIN);
- #endif
- if (ret == 0)
- ret = wc_ecc_verify_hash(sig, x, digest, ECC_DIGEST_SIZE,
- &verify, userA);
- } while (ret == WC_PENDING_E);
- if (ret != 0)
- ERROR_OUT(-9937, done);
- if (verify != 1)
- ERROR_OUT(-9938, done);
- TEST_SLEEP();
- }
- #endif /* HAVE_ECC_VERIFY */
- #endif /* ECC_SHAMIR && !WOLFSSL_ASYNC_CRYPT && !WOLFSSL_CRYPTOCELL */
- /* test DSA sign hash with sequence (0,1,2,3,4,...) */
- for (i = 0; i < (int)ECC_DIGEST_SIZE; i++) {
- digest[i] = (byte)i;
- }
- x = ECC_SIG_SIZE;
- do {
- #if defined(WOLFSSL_ASYNC_CRYPT)
- ret = wc_AsyncWait(ret, &userA->asyncDev, WC_ASYNC_FLAG_CALL_AGAIN);
- #endif
- if (ret == 0)
- ret = wc_ecc_sign_hash(digest, ECC_DIGEST_SIZE, sig, &x, rng,
- userA);
- } while (ret == WC_PENDING_E);
- if (ret != 0)
- ERROR_OUT(-9939, done);
- TEST_SLEEP();
- #ifdef HAVE_ECC_VERIFY
- for (i=0; i<testVerifyCount; i++) {
- verify = 0;
- do {
- #if defined(WOLFSSL_ASYNC_CRYPT)
- ret = wc_AsyncWait(ret, &userA->asyncDev, WC_ASYNC_FLAG_CALL_AGAIN);
- #endif
- if (ret == 0)
- ret = wc_ecc_verify_hash(sig, x, digest, ECC_DIGEST_SIZE,
- &verify, userA);
- } while (ret == WC_PENDING_E);
- if (ret != 0)
- ERROR_OUT(-9940, done);
- if (verify != 1)
- ERROR_OUT(-9941, done);
- TEST_SLEEP();
- }
- #endif /* HAVE_ECC_VERIFY */
- #endif /* HAVE_ECC_SIGN */
- #endif /* !ECC_TIMING_RESISTANT || (ECC_TIMING_RESISTANT && !WC_NO_RNG) */
- #if defined(HAVE_ECC_KEY_EXPORT) && !defined(WC_NO_RNG) && \
- !defined(WOLFSSL_ATECC508) && !defined(WOLFSSL_ATECC608A)
- x = ECC_KEY_EXPORT_BUF_SIZE;
- ret = wc_ecc_export_private_only(userA, exportBuf, &x);
- if (ret != 0)
- ERROR_OUT(-9942, done);
- #else
- (void)exportBuf;
- #endif /* HAVE_ECC_KEY_EXPORT */
- done:
- #ifdef WOLFSSL_SMALL_STACK
- if (userA != NULL) {
- wc_ecc_free(userA);
- XFREE(userA, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- }
- if (userB != NULL) {
- wc_ecc_free(userB);
- XFREE(userB, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- }
- if (pubKey != NULL) {
- wc_ecc_free(pubKey);
- XFREE(pubKey, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- }
- #else
- wc_ecc_free(pubKey);
- wc_ecc_free(userB);
- wc_ecc_free(userA);
- #endif
- #if defined(HAVE_ECC_DHE) || defined(HAVE_ECC_CDH)
- FREE_VAR(sharedA, HEAP_HINT);
- FREE_VAR(sharedB, HEAP_HINT);
- #endif
- #ifdef HAVE_ECC_KEY_EXPORT
- FREE_VAR(exportBuf, HEAP_HINT);
- #endif
- #ifdef HAVE_ECC_SIGN
- FREE_VAR(sig, HEAP_HINT);
- FREE_VAR(digest, HEAP_HINT);
- #endif
- (void)keySize;
- (void)curve_id;
- (void)rng;
- return ret;
- }
- #undef ECC_TEST_VERIFY_COUNT
- #define ECC_TEST_VERIFY_COUNT 2
- static int ecc_test_curve(WC_RNG* rng, int keySize)
- {
- int ret;
- ret = ecc_test_curve_size(rng, keySize, ECC_TEST_VERIFY_COUNT,
- ECC_CURVE_DEF, NULL);
- if (ret < 0) {
- if (ret == ECC_CURVE_OID_E) {
- /* ignore error for curves not found */
- /* some curve sizes are only available with:
- HAVE_ECC_SECPR2, HAVE_ECC_SECPR3, HAVE_ECC_BRAINPOOL
- and HAVE_ECC_KOBLITZ */
- }
- else {
- printf("ecc_test_curve_size %d failed!: %d\n", keySize, ret);
- return ret;
- }
- }
- #ifdef HAVE_ECC_VECTOR_TEST
- ret = ecc_test_vector(keySize);
- if (ret < 0) {
- printf("ecc_test_vector %d failed!: %d\n", keySize, ret);
- return ret;
- }
- #endif
- #if defined(HAVE_ECC_KEY_IMPORT) && defined(HAVE_ECC_KEY_EXPORT) && \
- !defined(NO_ASN_CRYPT) && !defined(WC_NO_RNG)
- ret = ecc_test_key_decode(rng, keySize);
- if (ret < 0) {
- if (ret == ECC_CURVE_OID_E) {
- /* ignore error for curves not found */
- }
- else {
- printf("ecc_test_key_decode %d failed!: %d\n", keySize, ret);
- return ret;
- }
- }
- #endif
- #if defined(HAVE_ECC_KEY_EXPORT) && !defined(NO_ASN_CRYPT) && !defined(WC_NO_RNG)
- ret = ecc_test_key_gen(rng, keySize);
- if (ret < 0) {
- if (ret == ECC_CURVE_OID_E) {
- /* ignore error for curves not found */
- }
- else {
- printf("ecc_test_key_gen %d failed!: %d\n", keySize, ret);
- return ret;
- }
- }
- #endif
- return 0;
- }
- #if (!defined(NO_ECC256) || defined(HAVE_ALL_CURVES)) && ECC_MIN_KEY_SZ <= 256
- #if !defined(WOLFSSL_ATECC508A) && !defined(WOLFSSL_ATECC608A) && \
- defined(HAVE_ECC_KEY_IMPORT) && defined(HAVE_ECC_KEY_EXPORT) && \
- !defined(WOLFSSL_NO_MALLOC)
- static int ecc_point_test(void)
- {
- int ret;
- ecc_point* point;
- ecc_point* point2;
- #ifdef HAVE_COMP_KEY
- ecc_point* point3;
- ecc_point* point4;
- #endif
- word32 outLen;
- byte out[65];
- byte der[] = { 0x04, /* = Uncompressed */
- 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08,
- 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08,
- 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08,
- 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08,
- 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08,
- 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08,
- 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08,
- 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08 };
- #ifdef HAVE_COMP_KEY
- byte derComp0[] = { 0x02, /* = Compressed, y even */
- 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08,
- 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08,
- 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08,
- 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08 };
- byte derComp1[] = { 0x03, /* = Compressed, y odd */
- 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08,
- 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08,
- 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08,
- 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08 };
- #endif
- byte altDer[] = { 0x04, /* = Uncompressed */
- 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
- 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
- 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
- 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
- 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
- 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
- 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
- 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07 };
- int curve_idx = wc_ecc_get_curve_idx(ECC_SECP256R1);
- /* if curve P256 is not enabled then test should not fail */
- if (curve_idx == ECC_CURVE_INVALID)
- return 0;
- outLen = sizeof(out);
- point = wc_ecc_new_point();
- if (point == NULL)
- return -10000;
- point2 = wc_ecc_new_point();
- if (point2 == NULL) {
- wc_ecc_del_point(point);
- return -10001;
- }
- #ifdef HAVE_COMP_KEY
- point3 = wc_ecc_new_point();
- if (point3 == NULL) {
- wc_ecc_del_point(point2);
- wc_ecc_del_point(point);
- return -10002;
- }
- point4 = wc_ecc_new_point();
- if (point4 == NULL) {
- wc_ecc_del_point(point3);
- wc_ecc_del_point(point2);
- wc_ecc_del_point(point);
- return -10003;
- }
- #endif
- /* Parameter Validation testing. */
- wc_ecc_del_point(NULL);
- ret = wc_ecc_import_point_der(NULL, sizeof(der), curve_idx, point);
- if (ret != ECC_BAD_ARG_E) {
- ret = -10004;
- goto done;
- }
- ret = wc_ecc_import_point_der(der, sizeof(der), ECC_CURVE_INVALID, point);
- if (ret != ECC_BAD_ARG_E) {
- ret = -10005;
- goto done;
- }
- ret = wc_ecc_import_point_der(der, sizeof(der), curve_idx, NULL);
- if (ret != ECC_BAD_ARG_E) {
- ret = -10006;
- goto done;
- }
- ret = wc_ecc_export_point_der(-1, point, out, &outLen);
- if (ret != ECC_BAD_ARG_E) {
- ret = -10007;
- goto done;
- }
- ret = wc_ecc_export_point_der(curve_idx, NULL, out, &outLen);
- if (ret != ECC_BAD_ARG_E) {
- ret = -10008;
- goto done;
- }
- ret = wc_ecc_export_point_der(curve_idx, point, NULL, &outLen);
- if (ret != LENGTH_ONLY_E || outLen != sizeof(out)) {
- ret = -10009;
- goto done;
- }
- ret = wc_ecc_export_point_der(curve_idx, point, out, NULL);
- if (ret != ECC_BAD_ARG_E) {
- ret = -10010;
- goto done;
- }
- outLen = 0;
- ret = wc_ecc_export_point_der(curve_idx, point, out, &outLen);
- if (ret != BUFFER_E) {
- ret = -10011;
- goto done;
- }
- ret = wc_ecc_copy_point(NULL, NULL);
- if (ret != ECC_BAD_ARG_E) {
- ret = -10012;
- goto done;
- }
- ret = wc_ecc_copy_point(NULL, point2);
- if (ret != ECC_BAD_ARG_E) {
- ret = -10013;
- goto done;
- }
- ret = wc_ecc_copy_point(point, NULL);
- if (ret != ECC_BAD_ARG_E) {
- ret = -10014;
- goto done;
- }
- ret = wc_ecc_cmp_point(NULL, NULL);
- if (ret != BAD_FUNC_ARG) {
- ret = -10015;
- goto done;
- }
- ret = wc_ecc_cmp_point(NULL, point2);
- if (ret != BAD_FUNC_ARG) {
- ret = -10016;
- goto done;
- }
- ret = wc_ecc_cmp_point(point, NULL);
- if (ret != BAD_FUNC_ARG) {
- ret = -10017;
- goto done;
- }
- /* Use API. */
- ret = wc_ecc_import_point_der(der, sizeof(der), curve_idx, point);
- if (ret != 0) {
- ret = -10018;
- goto done;
- }
- outLen = sizeof(out);
- ret = wc_ecc_export_point_der(curve_idx, point, out, &outLen);
- if (ret != 0) {
- ret = -10019;
- goto done;
- }
- if (outLen != sizeof(der)) {
- ret = -10020;
- goto done;
- }
- if (XMEMCMP(out, der, outLen) != 0) {
- ret = -10021;
- goto done;
- }
- ret = wc_ecc_copy_point(point2, point);
- if (ret != MP_OKAY) {
- ret = -10022;
- goto done;
- }
- ret = wc_ecc_cmp_point(point2, point);
- if (ret != MP_EQ) {
- ret = -10023;
- goto done;
- }
- ret = wc_ecc_import_point_der(altDer, sizeof(altDer), curve_idx, point2);
- if (ret != 0) {
- ret = -10024;
- goto done;
- }
- ret = wc_ecc_cmp_point(point2, point);
- if (ret != MP_GT) {
- ret = -10025;
- goto done;
- }
- #ifdef HAVE_COMP_KEY
- ret = wc_ecc_import_point_der(derComp0, sizeof(derComp0)*2-1, curve_idx, point3);
- if (ret != 0) {
- ret = -10026;
- goto done;
- }
- #if !defined(HAVE_FIPS) && !defined(HAVE_SELFTEST) || \
- (defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION > 2))
- ret = wc_ecc_import_point_der_ex(derComp0, sizeof(derComp0), curve_idx, point4, 0);
- if (ret != 0) {
- ret = -10027;
- goto done;
- }
- #endif
- ret = wc_ecc_cmp_point(point3, point4);
- if (ret != MP_EQ) {
- ret = -10028;
- goto done;
- }
- ret = wc_ecc_import_point_der(derComp1, sizeof(derComp1)*2-1, curve_idx, point3);
- if (ret != 0) {
- ret = -10029;
- goto done;
- }
- #if !defined(HAVE_FIPS) && !defined(HAVE_SELFTEST) || \
- (defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION > 2))
- ret = wc_ecc_import_point_der_ex(derComp1, sizeof(derComp1), curve_idx, point4, 0);
- if (ret != 0) {
- ret = -10030;
- goto done;
- }
- #endif
- ret = wc_ecc_cmp_point(point3, point4);
- if (ret != MP_EQ) {
- ret = -10031;
- goto done;
- }
- #endif
- done:
- #ifdef HAVE_COMP_KEY
- wc_ecc_del_point(point4);
- wc_ecc_del_point(point3);
- #endif
- wc_ecc_del_point(point2);
- wc_ecc_del_point(point);
- return ret;
- }
- #endif /* !WOLFSSL_ATECC508A && HAVE_ECC_KEY_IMPORT && HAVE_ECC_KEY_EXPORT */
- #ifndef NO_SIG_WRAPPER
- static int ecc_sig_test(WC_RNG* rng, ecc_key* key)
- {
- int ret;
- word32 sigSz;
- int size;
- byte out[ECC_MAX_SIG_SIZE];
- byte in[] = TEST_STRING;
- WOLFSSL_SMALL_STACK_STATIC const byte hash[] = {
- 0xf2, 0x02, 0x95, 0x65, 0xcb, 0xf6, 0x2a, 0x59,
- 0x39, 0x2c, 0x05, 0xff, 0x0e, 0x29, 0xaf, 0xfe,
- 0x47, 0x33, 0x8c, 0x99, 0x8d, 0x58, 0x64, 0x83,
- 0xa6, 0x58, 0x0a, 0x33, 0x0b, 0x84, 0x5f, 0x5f
- };
- word32 inLen = (word32)XSTRLEN((char*)in);
- size = wc_ecc_sig_size(key);
- ret = wc_SignatureGetSize(WC_SIGNATURE_TYPE_ECC, key, sizeof(*key));
- if (ret != size)
- return -10040;
- sigSz = (word32)ret;
- ret = wc_SignatureGenerate(WC_HASH_TYPE_SHA256, WC_SIGNATURE_TYPE_ECC, in,
- inLen, out, &sigSz, key, sizeof(*key), rng);
- if (ret != 0)
- return -10041;
- TEST_SLEEP();
- ret = wc_SignatureVerify(WC_HASH_TYPE_SHA256, WC_SIGNATURE_TYPE_ECC, in,
- inLen, out, sigSz, key, sizeof(*key));
- if (ret != 0)
- return -10042;
- TEST_SLEEP();
- sigSz = (word32)sizeof(out);
- ret = wc_SignatureGenerateHash(WC_HASH_TYPE_SHA256, WC_SIGNATURE_TYPE_ECC,
- hash, (int)sizeof(hash), out, &sigSz, key, sizeof(*key), rng);
- if (ret != 0)
- return -10043;
- TEST_SLEEP();
- ret = wc_SignatureVerifyHash(WC_HASH_TYPE_SHA256, WC_SIGNATURE_TYPE_ECC,
- hash, (int)sizeof(hash), out, sigSz, key, sizeof(*key));
- if (ret != 0)
- return -10044;
- TEST_SLEEP();
- return 0;
- }
- #endif
- #if defined(HAVE_ECC_KEY_IMPORT) && defined(HAVE_ECC_KEY_EXPORT) && \
- !defined(WOLFSSL_ATECC508A) && !defined(WOLFSSL_ATECC608A) && \
- !defined(WOLFSSL_QNX_CAAM)
- static int ecc_exp_imp_test(ecc_key* key)
- {
- int ret;
- int curve_id;
- #ifdef WOLFSSL_SMALL_STACK
- ecc_key *keyImp = (ecc_key *)XMALLOC(sizeof *keyImp, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);;
- #else
- ecc_key keyImp[1];
- #endif
- byte priv[32];
- word32 privLen;
- byte pub[65];
- word32 pubLen, pubLenX, pubLenY;
- const char qx[] = "7a4e287890a1a47ad3457e52f2f76a83"
- "ce46cbc947616d0cbaa82323818a793d";
- const char qy[] = "eec4084f5b29ebf29c44cce3b3059610"
- "922f8b30ea6e8811742ac7238fe87308";
- const char d[] = "8c14b793cb19137e323a6d2e2a870bca"
- "2e7a493ec1153b3a95feb8a4873f8d08";
- #ifdef WOLFSSL_SMALL_STACK
- if (keyImp == NULL)
- ERROR_OUT(-10050, done);
- #endif
- wc_ecc_init_ex(keyImp, HEAP_HINT, devId);
- privLen = sizeof(priv);
- ret = wc_ecc_export_private_only(key, priv, &privLen);
- if (ret != 0) {
- ret = -10051;
- goto done;
- }
- pubLen = sizeof(pub);
- ret = wc_ecc_export_point_der(key->idx, &key->pubkey, pub, &pubLen);
- if (ret != 0) {
- ret = -10052;
- goto done;
- }
- ret = wc_ecc_import_private_key(priv, privLen, pub, pubLen, keyImp);
- if (ret != 0) {
- ret = -10053;
- goto done;
- }
- wc_ecc_free(keyImp);
- wc_ecc_init_ex(keyImp, HEAP_HINT, devId);
- ret = wc_ecc_import_raw_ex(keyImp, qx, qy, d, ECC_SECP256R1);
- if (ret != 0) {
- ret = -10054;
- goto done;
- }
- wc_ecc_free(keyImp);
- wc_ecc_init_ex(keyImp, HEAP_HINT, devId);
- curve_id = wc_ecc_get_curve_id(key->idx);
- if (curve_id < 0) {
- ret = -10055;
- goto done;
- }
- /* test import private only */
- ret = wc_ecc_import_private_key_ex(priv, privLen, NULL, 0, keyImp,
- curve_id);
- if (ret != 0) {
- ret = -10056;
- goto done;
- }
- wc_ecc_free(keyImp);
- wc_ecc_init_ex(keyImp, HEAP_HINT, devId);
- /* test export public raw */
- pubLenX = pubLenY = 32;
- ret = wc_ecc_export_public_raw(key, pub, &pubLenX, &pub[32], &pubLenY);
- if (ret != 0) {
- ret = -10057;
- goto done;
- }
- #ifndef HAVE_SELFTEST
- /* test import of public */
- ret = wc_ecc_import_unsigned(keyImp, pub, &pub[32], NULL, ECC_SECP256R1);
- if (ret != 0) {
- ret = -10058;
- goto done;
- }
- #endif
- wc_ecc_free(keyImp);
- wc_ecc_init_ex(keyImp, HEAP_HINT, devId);
- /* test export private and public raw */
- pubLenX = pubLenY = privLen = 32;
- ret = wc_ecc_export_private_raw(key, pub, &pubLenX, &pub[32], &pubLenY,
- priv, &privLen);
- if (ret != 0) {
- ret = -10059;
- goto done;
- }
- #ifndef HAVE_SELFTEST
- /* test import of private and public */
- ret = wc_ecc_import_unsigned(keyImp, pub, &pub[32], priv, ECC_SECP256R1);
- if (ret != 0) {
- ret = -10060;
- goto done;
- }
- #endif
- done:
- #ifdef WOLFSSL_SMALL_STACK
- if (keyImp != NULL) {
- wc_ecc_free(keyImp);
- XFREE(keyImp, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- }
- #else
- wc_ecc_free(keyImp);
- #endif
- return ret;
- }
- #endif /* HAVE_ECC_KEY_IMPORT && HAVE_ECC_KEY_EXPORT */
- #if !defined(WOLFSSL_ATECC508A) && !defined(WOLFSSL_ATECC608A) && \
- !defined(WOLFSSL_CRYPTOCELL) && !defined(WOLFSSL_QNX_CAAM)
- #if defined(HAVE_ECC_KEY_IMPORT) && !defined(WOLFSSL_VALIDATE_ECC_IMPORT)
- static int ecc_mulmod_test(ecc_key* key1)
- {
- int ret;
- #ifdef WOLFSSL_SMALL_STACK
- ecc_key *key2 = (ecc_key *)XMALLOC(sizeof *key2, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- ecc_key *key3 = (ecc_key *)XMALLOC(sizeof *key3, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- #else
- ecc_key key2[1];
- ecc_key key3[1];
- #endif
- #ifdef WOLFSSL_SMALL_STACK
- if ((key2 == NULL) || (key3 == NULL))
- ERROR_OUT(MEMORY_E, done);
- #endif
- wc_ecc_init_ex(key2, HEAP_HINT, devId);
- wc_ecc_init_ex(key3, HEAP_HINT, devId);
- /* TODO: Use test data, test with WOLFSSL_VALIDATE_ECC_IMPORT. */
- /* Need base point (Gx,Gy) and parameter A - load them as the public and
- * private key in key2.
- */
- ret = wc_ecc_import_raw_ex(key2, key1->dp->Gx, key1->dp->Gy, key1->dp->Af,
- ECC_SECP256R1);
- if (ret != 0)
- goto done;
- /* Need a point (Gx,Gy) and prime - load them as the public and private key
- * in key3.
- */
- ret = wc_ecc_import_raw_ex(key3, key1->dp->Gx, key1->dp->Gy,
- key1->dp->prime, ECC_SECP256R1);
- if (ret != 0)
- goto done;
- ret = wc_ecc_mulmod(&key1->k, &key2->pubkey, &key3->pubkey, &key2->k, &key3->k,
- 1);
- if (ret != 0) {
- ret = -10070;
- goto done;
- }
- done:
- #ifdef WOLFSSL_SMALL_STACK
- if (key2 != NULL) {
- wc_ecc_free(key2);
- XFREE(key2, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- }
- if (key3 != NULL) {
- wc_ecc_free(key3);
- XFREE(key3, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- }
- #else
- wc_ecc_free(key3);
- wc_ecc_free(key2);
- #endif
- return ret;
- }
- #endif
- #if defined(HAVE_ECC_DHE) && !defined(WC_NO_RNG)
- static int ecc_ssh_test(ecc_key* key, WC_RNG* rng)
- {
- int ret;
- byte out[128];
- word32 outLen = sizeof(out);
- /* Parameter Validation testing. */
- ret = wc_ecc_shared_secret_ssh(NULL, &key->pubkey, out, &outLen);
- if (ret != BAD_FUNC_ARG)
- return -10080;
- ret = wc_ecc_shared_secret_ssh(key, NULL, out, &outLen);
- if (ret != BAD_FUNC_ARG)
- return -10081;
- ret = wc_ecc_shared_secret_ssh(key, &key->pubkey, NULL, &outLen);
- if (ret != BAD_FUNC_ARG)
- return -10082;
- ret = wc_ecc_shared_secret_ssh(key, &key->pubkey, out, NULL);
- if (ret != BAD_FUNC_ARG)
- return -10083;
- #if defined(ECC_TIMING_RESISTANT) && (!defined(HAVE_FIPS) || \
- (!defined(HAVE_FIPS_VERSION) || (HAVE_FIPS_VERSION != 2))) && \
- !defined(HAVE_SELFTEST)
- ret = wc_ecc_set_rng(key, rng);
- if (ret != 0)
- return -10084;
- #else
- (void)rng;
- #endif
- /* Use API. */
- ret = 0;
- do {
- #if defined(WOLFSSL_ASYNC_CRYPT)
- ret = wc_AsyncWait(ret, &key->asyncDev, WC_ASYNC_FLAG_CALL_AGAIN);
- #endif
- if (ret == 0)
- ret = wc_ecc_shared_secret_ssh(key, &key->pubkey, out, &outLen);
- } while (ret == WC_PENDING_E);
- if (ret != 0)
- return -10085;
- TEST_SLEEP();
- return 0;
- }
- #endif /* HAVE_ECC_DHE && !WC_NO_RNG */
- #endif
- static int ecc_def_curve_test(WC_RNG *rng)
- {
- int ret;
- #ifdef WOLFSSL_SMALL_STACK
- ecc_key *key = (ecc_key *)XMALLOC(sizeof *key, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- #else
- ecc_key key[1];
- #endif
- #ifdef WC_NO_RNG
- word32 idx = 0;
- #endif
- #ifdef WOLFSSL_SMALL_STACK
- if (key == NULL)
- ERROR_OUT(MEMORY_E, done);
- #endif
- wc_ecc_init_ex(key, HEAP_HINT, devId);
- /* Use API */
- ret = wc_ecc_set_flags(NULL, 0);
- if (ret != BAD_FUNC_ARG) {
- ret = -10090;
- goto done;
- }
- ret = wc_ecc_set_flags(key, 0);
- if (ret != 0) {
- ret = -10091;
- goto done;
- }
- #ifndef WC_NO_RNG
- ret = wc_ecc_make_key(rng, ECC_KEYGEN_SIZE, key);
- #if defined(WOLFSSL_ASYNC_CRYPT)
- ret = wc_AsyncWait(ret, &key->asyncDev, WC_ASYNC_FLAG_NONE);
- #endif
- #else
- /* use test ECC key */
- ret = wc_EccPrivateKeyDecode(ecc_key_der_256, &idx, key,
- (word32)sizeof_ecc_key_der_256);
- (void)rng;
- #endif
- if (ret != 0) {
- ret = -10092;
- goto done;
- }
- TEST_SLEEP();
- #ifndef NO_SIG_WRAPPER
- ret = ecc_sig_test(rng, key);
- if (ret < 0)
- goto done;
- #endif
- #if defined(HAVE_ECC_KEY_IMPORT) && defined(HAVE_ECC_KEY_EXPORT) && \
- !defined(WOLFSSL_ATECC508A) && !defined(WOLFSSL_ATECC608A) && \
- !defined(WOLFSSL_QNX_CAAM)
- ret = ecc_exp_imp_test(key);
- if (ret < 0)
- goto done;
- #endif
- #if !defined(WOLFSSL_ATECC508A) && !defined(WOLFSSL_ATECC608A) && \
- !defined(WOLFSSL_CRYPTOCELL) && !defined(WOLFSSL_QNX_CAAM)
- #if defined(HAVE_ECC_KEY_IMPORT) && !defined(WOLFSSL_VALIDATE_ECC_IMPORT)
- ret = ecc_mulmod_test(key);
- if (ret < 0)
- goto done;
- #endif
- #if defined(HAVE_ECC_DHE) && !defined(WC_NO_RNG)
- ret = ecc_ssh_test(key, rng);
- if (ret < 0)
- goto done;
- #endif
- #endif /* WOLFSSL_ATECC508A */
- done:
- #ifdef WOLFSSL_SMALL_STACK
- if (key != NULL) {
- wc_ecc_free(key);
- XFREE(key, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- }
- #else
- wc_ecc_free(key);
- #endif
- return ret;
- }
- #endif /* !NO_ECC256 || HAVE_ALL_CURVES */
- #ifdef WOLFSSL_CERT_EXT
- static int ecc_decode_test(void)
- {
- int ret;
- word32 inSz;
- word32 inOutIdx;
- #ifdef WOLFSSL_SMALL_STACK
- ecc_key *key = (ecc_key *)XMALLOC(sizeof *key, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- #else
- ecc_key key[1];
- #endif
- /* SECP256R1 OID: 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x03, 0x01, 0x07 */
- /* This is ecc_clikeypub_der_256. */
- WOLFSSL_SMALL_STACK_STATIC const byte good[] = {
- 0x30, 0x59, 0x30, 0x13, 0x06, 0x07, 0x2a, 0x86, 0x48, 0xce,
- 0x3d, 0x02, 0x01, 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d,
- 0x03, 0x01, 0x07, 0x03, 0x42, 0x00, 0x04, 0x55, 0xbf, 0xf4,
- 0x0f, 0x44, 0x50, 0x9a, 0x3d, 0xce, 0x9b, 0xb7, 0xf0, 0xc5,
- 0x4d, 0xf5, 0x70, 0x7b, 0xd4, 0xec, 0x24, 0x8e, 0x19, 0x80,
- 0xec, 0x5a, 0x4c, 0xa2, 0x24, 0x03, 0x62, 0x2c, 0x9b, 0xda,
- 0xef, 0xa2, 0x35, 0x12, 0x43, 0x84, 0x76, 0x16, 0xc6, 0x56,
- 0x95, 0x06, 0xcc, 0x01, 0xa9, 0xbd, 0xf6, 0x75, 0x1a, 0x42,
- 0xf7, 0xbd, 0xa9, 0xb2, 0x36, 0x22, 0x5f, 0xc7, 0x5d, 0x7f,
- 0xb4 };
- WOLFSSL_SMALL_STACK_STATIC const byte badNoObjId[] = { 0x30, 0x08, 0x30, 0x06, 0x03, 0x04,
- 0x00, 0x04, 0x01, 0x01 };
- WOLFSSL_SMALL_STACK_STATIC const byte badOneObjId[] = { 0x30, 0x0a, 0x30, 0x08, 0x06, 0x00,
- 0x03, 0x04, 0x00, 0x04, 0x01, 0x01 };
- WOLFSSL_SMALL_STACK_STATIC const byte badObjId1Len[] = { 0x30, 0x0c, 0x30, 0x0a, 0x06, 0x09,
- 0x06, 0x00, 0x03, 0x04, 0x00, 0x04, 0x01, 0x01 };
- WOLFSSL_SMALL_STACK_STATIC const byte badObj2d1Len[] = { 0x30, 0x0c, 0x30, 0x0a, 0x06, 0x00,
- 0x06, 0x07, 0x03, 0x04, 0x00, 0x04, 0x01, 0x01 };
- WOLFSSL_SMALL_STACK_STATIC const byte badNotBitStr[] = { 0x30, 0x14, 0x30, 0x0b, 0x06, 0x00,
- 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x03, 0x01, 0x07,
- 0x04, 0x04, 0x00, 0x04, 0x01, 0x01 };
- WOLFSSL_SMALL_STACK_STATIC const byte badBitStrLen[] = { 0x30, 0x14, 0x30, 0x0b, 0x06, 0x00,
- 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x03, 0x01, 0x07,
- 0x03, 0x05, 0x00, 0x04, 0x01, 0x01 };
- WOLFSSL_SMALL_STACK_STATIC const byte badNoBitStrZero[] = { 0x30, 0x13, 0x30, 0x0a, 0x06, 0x00,
- 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x03, 0x01, 0x07,
- 0x03, 0x03, 0x04, 0x01, 0x01 };
- WOLFSSL_SMALL_STACK_STATIC const byte badPoint[] = { 0x30, 0x12, 0x30, 0x09, 0x06, 0x00,
- 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x03, 0x01, 0x07,
- 0x03, 0x03, 0x00, 0x04, 0x01 };
- #ifdef WOLFSSL_SMALL_STACK
- if (key == NULL)
- ERROR_OUT(MEMORY_E, done);
- #endif
- XMEMSET(key, 0, sizeof *key);
- wc_ecc_init_ex(key, HEAP_HINT, devId);
- inSz = sizeof(good);
- ret = wc_EccPublicKeyDecode(NULL, &inOutIdx, key, inSz);
- if (ret != BAD_FUNC_ARG) {
- ret = -10100;
- goto done;
- }
- ret = wc_EccPublicKeyDecode(good, NULL, key, inSz);
- if (ret != BAD_FUNC_ARG) {
- ret = -10101;
- goto done;
- }
- ret = wc_EccPublicKeyDecode(good, &inOutIdx, NULL, inSz);
- if (ret != BAD_FUNC_ARG) {
- ret = -10102;
- goto done;
- }
- ret = wc_EccPublicKeyDecode(good, &inOutIdx, key, 0);
- if (ret != BAD_FUNC_ARG) {
- ret = -10103;
- goto done;
- }
- /* Change offset to produce bad input data. */
- inOutIdx = 2;
- inSz = sizeof(good) - inOutIdx;
- ret = wc_EccPublicKeyDecode(good, &inOutIdx, key, inSz);
- if (ret != ASN_PARSE_E) {
- ret = -10104;
- goto done;
- }
- inOutIdx = 4;
- inSz = sizeof(good) - inOutIdx;
- ret = wc_EccPublicKeyDecode(good, &inOutIdx, key, inSz);
- if (ret != ASN_PARSE_E) {
- ret = -10105;
- goto done;
- }
- /* Bad data. */
- inSz = sizeof(badNoObjId);
- inOutIdx = 0;
- ret = wc_EccPublicKeyDecode(badNoObjId, &inOutIdx, key, inSz);
- if (ret != ASN_OBJECT_ID_E) {
- ret = -10106;
- goto done;
- }
- inSz = sizeof(badOneObjId);
- inOutIdx = 0;
- ret = wc_EccPublicKeyDecode(badOneObjId, &inOutIdx, key, inSz);
- if (ret != ASN_OBJECT_ID_E) {
- ret = -10107;
- goto done;
- }
- inSz = sizeof(badObjId1Len);
- inOutIdx = 0;
- ret = wc_EccPublicKeyDecode(badObjId1Len, &inOutIdx, key, inSz);
- if (ret != ASN_PARSE_E) {
- ret = -10108;
- goto done;
- }
- inSz = sizeof(badObj2d1Len);
- inOutIdx = 0;
- ret = wc_EccPublicKeyDecode(badObj2d1Len, &inOutIdx, key, inSz);
- if (ret != ASN_PARSE_E) {
- ret = -10109;
- goto done;
- }
- inSz = sizeof(badNotBitStr);
- inOutIdx = 0;
- ret = wc_EccPublicKeyDecode(badNotBitStr, &inOutIdx, key, inSz);
- if (ret != ASN_BITSTR_E) {
- ret = -10110;
- goto done;
- }
- inSz = sizeof(badBitStrLen);
- inOutIdx = 0;
- ret = wc_EccPublicKeyDecode(badBitStrLen, &inOutIdx, key, inSz);
- if (ret != ASN_PARSE_E) {
- ret = -10111;
- goto done;
- }
- inSz = sizeof(badNoBitStrZero);
- inOutIdx = 0;
- ret = wc_EccPublicKeyDecode(badNoBitStrZero, &inOutIdx, key, inSz);
- if (ret != ASN_EXPECT_0_E) {
- ret = -10112;
- goto done;
- }
- inSz = sizeof(badPoint);
- inOutIdx = 0;
- ret = wc_EccPublicKeyDecode(badPoint, &inOutIdx, key, inSz);
- if (ret != ASN_ECC_KEY_E) {
- ret = -10113;
- goto done;
- }
- inSz = sizeof(good);
- inOutIdx = 0;
- ret = wc_EccPublicKeyDecode(good, &inOutIdx, key, inSz);
- if (ret != 0) {
- ret = -10114;
- goto done;
- }
- done:
- #ifdef WOLFSSL_SMALL_STACK
- if (key != NULL) {
- wc_ecc_free(key);
- XFREE(key, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- }
- #else
- wc_ecc_free(key);
- #endif
- return ret;
- }
- #endif /* WOLFSSL_CERT_EXT */
- #ifdef WOLFSSL_CUSTOM_CURVES
- static const byte eccKeyExplicitCurve[] = {
- 0x30, 0x81, 0xf5, 0x30, 0x81, 0xae, 0x06, 0x07,
- 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x02, 0x01, 0x30,
- 0x81, 0xa2, 0x02, 0x01, 0x01, 0x30, 0x2c, 0x06,
- 0x07, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x01, 0x01,
- 0x02, 0x21, 0x00, 0xff, 0xff, 0xff, 0xff, 0xff,
- 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
- 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
- 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xfe, 0xff,
- 0xff, 0xfc, 0x2f, 0x30, 0x06, 0x04, 0x01, 0x00,
- 0x04, 0x01, 0x07, 0x04, 0x41, 0x04, 0x79, 0xbe,
- 0x66, 0x7e, 0xf9, 0xdc, 0xbb, 0xac, 0x55, 0xa0,
- 0x62, 0x95, 0xce, 0x87, 0x0b, 0x07, 0x02, 0x9b,
- 0xfc, 0xdb, 0x2d, 0xce, 0x28, 0xd9, 0x59, 0xf2,
- 0x81, 0x5b, 0x16, 0xf8, 0x17, 0x98, 0x48, 0x3a,
- 0xda, 0x77, 0x26, 0xa3, 0xc4, 0x65, 0x5d, 0xa4,
- 0xfb, 0xfc, 0x0e, 0x11, 0x08, 0xa8, 0xfd, 0x17,
- 0xb4, 0x48, 0xa6, 0x85, 0x54, 0x19, 0x9c, 0x47,
- 0xd0, 0x8f, 0xfb, 0x10, 0xd4, 0xb8, 0x02, 0x21,
- 0x00, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
- 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
- 0xfe, 0xba, 0xae, 0xdc, 0xe6, 0xaf, 0x48, 0xa0,
- 0x3b, 0xbf, 0xd2, 0x5e, 0x8c, 0xd0, 0x36, 0x41,
- 0x41, 0x02, 0x01, 0x01, 0x03, 0x42, 0x00, 0x04,
- 0x3c, 0x4c, 0xc9, 0x5e, 0x2e, 0xa2, 0x3d, 0x49,
- 0xcc, 0x5b, 0xff, 0x4f, 0xc9, 0x2e, 0x1d, 0x4a,
- 0xc6, 0x21, 0xf6, 0xf3, 0xe6, 0x0b, 0x4f, 0xa9,
- 0x9d, 0x74, 0x99, 0xdd, 0x97, 0xc7, 0x6e, 0xbe,
- 0x14, 0x2b, 0x39, 0x9d, 0x63, 0xc7, 0x97, 0x0d,
- 0x45, 0x25, 0x40, 0x30, 0x77, 0x05, 0x76, 0x88,
- 0x38, 0x96, 0x29, 0x7d, 0x9c, 0xe1, 0x50, 0xbe,
- 0xac, 0xf0, 0x1d, 0x86, 0xf4, 0x2f, 0x65, 0x0b
- };
- static int ecc_test_custom_curves(WC_RNG* rng)
- {
- int ret;
- word32 inOutIdx;
- #ifdef WOLFSSL_SMALL_STACK
- ecc_key *key = (ecc_key *)XMALLOC(sizeof *key, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- #else
- ecc_key key[1];
- #endif
- /* test use of custom curve - using BRAINPOOLP256R1 for test */
- #ifndef WOLFSSL_ECC_CURVE_STATIC
- WOLFSSL_SMALL_STACK_STATIC const ecc_oid_t ecc_oid_brainpoolp256r1[] = {
- 0x2B,0x24,0x03,0x03,0x02,0x08,0x01,0x01,0x07
- };
- #define ecc_oid_brainpoolp256r1_sz \
- (sizeof(ecc_oid_brainpoolp256r1) / sizeof(ecc_oid_t))
- #else
- #define ecc_oid_brainpoolp256r1 { \
- 0x2B,0x24,0x03,0x03,0x02,0x08,0x01,0x01,0x07 \
- }
- #define ecc_oid_brainpoolp256r1_sz 9
- #endif
- #define ecc_oid_brainpoolp256r1_sum 104
- WOLFSSL_SMALL_STACK_STATIC const ecc_set_type ecc_dp_brainpool256r1 = {
- 32, /* size/bytes */
- ECC_CURVE_CUSTOM, /* ID */
- "BRAINPOOLP256R1", /* curve name */
- "A9FB57DBA1EEA9BC3E660A909D838D726E3BF623D52620282013481D1F6E5377", /* prime */
- "7D5A0975FC2C3057EEF67530417AFFE7FB8055C126DC5C6CE94A4B44F330B5D9", /* A */
- "26DC5C6CE94A4B44F330B5D9BBD77CBF958416295CF7E1CE6BCCDC18FF8C07B6", /* B */
- "A9FB57DBA1EEA9BC3E660A909D838D718C397AA3B561A6F7901E0E82974856A7", /* order */
- "8BD2AEB9CB7E57CB2C4B482FFC81B7AFB9DE27E1E3BD23C23A4453BD9ACE3262", /* Gx */
- "547EF835C3DAC4FD97F8461A14611DC9C27745132DED8E545C1D54C72F046997", /* Gy */
- ecc_oid_brainpoolp256r1, /* oid/oidSz */
- ecc_oid_brainpoolp256r1_sz,
- ecc_oid_brainpoolp256r1_sum, /* oid sum */
- 1, /* cofactor */
- };
- #ifdef WOLFSSL_SMALL_STACK
- if (! key) {
- ret = MEMORY_E;
- goto done;
- }
- #endif
- XMEMSET(key, 0, sizeof *key);
- ret = ecc_test_curve_size(rng, 0, ECC_TEST_VERIFY_COUNT, ECC_CURVE_DEF,
- &ecc_dp_brainpool256r1);
- if (ret != 0) {
- printf("ECC test for custom curve failed! %d\n", ret);
- goto done;
- }
- #if defined(HAVE_ECC_BRAINPOOL) || defined(HAVE_ECC_KOBLITZ)
- {
- int curve_id;
- #ifdef HAVE_ECC_BRAINPOOL
- curve_id = ECC_BRAINPOOLP256R1;
- #else
- curve_id = ECC_SECP256K1;
- #endif
- /* Test and demonstrate use of non-SECP curve */
- ret = ecc_test_curve_size(rng, 0, ECC_TEST_VERIFY_COUNT, curve_id, NULL);
- if (ret < 0) {
- printf("ECC test for curve_id %d failed! %d\n", curve_id, ret);
- goto done;
- }
- }
- #endif
- ret = wc_ecc_init_ex(key, HEAP_HINT, devId);
- if (ret != 0) {
- ret = -10120;
- goto done;
- }
- inOutIdx = 0;
- ret = wc_EccPublicKeyDecode(eccKeyExplicitCurve, &inOutIdx, key,
- sizeof(eccKeyExplicitCurve));
- if (ret != 0)
- ret = -10121;
- done:
- #ifdef WOLFSSL_SMALL_STACK
- if (key) {
- wc_ecc_free(key);
- XFREE(key, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- }
- #else
- wc_ecc_free(key);
- #endif
- return ret;
- }
- #endif /* WOLFSSL_CUSTOM_CURVES */
- #ifdef WOLFSSL_CERT_GEN
- /* Make Cert / Sign example for ECC cert and ECC CA */
- static int ecc_test_cert_gen(WC_RNG* rng)
- {
- int ret;
- #ifdef WOLFSSL_SMALL_STACK
- Cert *myCert = (Cert *)XMALLOC(sizeof *myCert, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- #ifdef WOLFSSL_TEST_CERT
- DecodedCert *decode = (DecodedCert *)XMALLOC(sizeof *decode, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- #endif
- ecc_key *caEccKey = (ecc_key *)XMALLOC(sizeof *caEccKey, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- ecc_key *certPubKey = (ecc_key *)XMALLOC(sizeof *certPubKey, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- #else
- Cert myCert[1];
- #ifdef WOLFSSL_TEST_CERT
- DecodedCert decode[1];
- #endif
- ecc_key caEccKey[1];
- ecc_key certPubKey[1];
- #endif
- int certSz;
- size_t bytes;
- word32 idx = 0;
- #ifndef USE_CERT_BUFFERS_256
- XFILE file;
- #endif
- #ifdef WOLFSSL_SMALL_STACK
- byte* der = NULL;
- #else
- byte der[FOURK_BUF];
- #endif
- #ifdef WOLFSSL_SMALL_STACK
- if ((myCert == NULL)
- #ifdef WOLFSSL_TEST_CERT
- || (decode == NULL)
- #endif
- || (caEccKey == NULL) || (certPubKey == NULL))
- ERROR_OUT(MEMORY_E, exit);
- #endif
- XMEMSET(caEccKey, 0, sizeof *caEccKey);
- XMEMSET(certPubKey, 0, sizeof *certPubKey);
- #ifdef WOLFSSL_SMALL_STACK
- der = (byte*)XMALLOC(FOURK_BUF, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- if (der == NULL) {
- ERROR_OUT(-10130, exit);
- }
- #endif
- /* Get cert private key */
- #ifdef ENABLE_ECC384_CERT_GEN_TEST
- /* Get Cert Key 384 */
- #ifdef USE_CERT_BUFFERS_256
- XMEMCPY(der, ca_ecc_key_der_384, sizeof_ca_ecc_key_der_384);
- bytes = sizeof_ca_ecc_key_der_384;
- #else
- file = XFOPEN(eccCaKey384File, "rb");
- if (!file) {
- ERROR_OUT(-10131, exit);
- }
- bytes = XFREAD(der, 1, FOURK_BUF, file);
- XFCLOSE(file);
- (void)eccCaKeyFile;
- #endif /* USE_CERT_BUFFERS_256 */
- #else
- #ifdef USE_CERT_BUFFERS_256
- XMEMCPY(der, ca_ecc_key_der_256, sizeof_ca_ecc_key_der_256);
- bytes = sizeof_ca_ecc_key_der_256;
- #else
- file = XFOPEN(eccCaKeyFile, "rb");
- if (!file) {
- ERROR_OUT(-10132, exit);
- }
- bytes = XFREAD(der, 1, FOURK_BUF, file);
- XFCLOSE(file);
- #ifdef ENABLE_ECC384_CERT_GEN_TEST
- (void)eccCaKey384File;
- #endif
- #endif /* USE_CERT_BUFFERS_256 */
- #endif /* ENABLE_ECC384_CERT_GEN_TEST */
- /* Get CA Key */
- ret = wc_ecc_init_ex(caEccKey, HEAP_HINT, devId);
- if (ret != 0) {
- ERROR_OUT(-10133, exit);
- }
- ret = wc_EccPrivateKeyDecode(der, &idx, caEccKey, (word32)bytes);
- if (ret != 0) {
- ERROR_OUT(-10134, exit);
- }
- /* Make a public key */
- ret = wc_ecc_init_ex(certPubKey, HEAP_HINT, devId);
- if (ret != 0) {
- ERROR_OUT(-10135, exit);
- }
- ret = wc_ecc_make_key(rng, ECC_KEYGEN_SIZE, certPubKey);
- #if defined(WOLFSSL_ASYNC_CRYPT)
- ret = wc_AsyncWait(ret, &certPubKey->asyncDev, WC_ASYNC_FLAG_NONE);
- #endif
- if (ret != 0) {
- ERROR_OUT(-10136, exit);
- }
- TEST_SLEEP();
- /* Setup Certificate */
- if (wc_InitCert(myCert)) {
- ERROR_OUT(-10137, exit);
- }
- #ifndef NO_SHA256
- myCert->sigType = CTC_SHA256wECDSA;
- #else
- myCert->sigType = CTC_SHAwECDSA;
- #endif
- XMEMCPY(&myCert->subject, &certDefaultName, sizeof(CertName));
- #ifdef WOLFSSL_CERT_EXT
- /* add Policies */
- XSTRNCPY(myCert->certPolicies[0], "2.4.589440.587.101.2.1.9632587.1",
- CTC_MAX_CERTPOL_SZ);
- XSTRNCPY(myCert->certPolicies[1], "1.2.13025.489.1.113549",
- CTC_MAX_CERTPOL_SZ);
- myCert->certPoliciesNb = 2;
- /* add SKID from the Public Key */
- if (wc_SetSubjectKeyIdFromPublicKey(myCert, NULL, certPubKey) != 0) {
- ERROR_OUT(-10138, exit);
- }
- /* add AKID from the Public Key */
- if (wc_SetAuthKeyIdFromPublicKey(myCert, NULL, caEccKey) != 0) {
- ERROR_OUT(-10139, exit);
- }
- /* add Key Usage */
- if (wc_SetKeyUsage(myCert, certKeyUsage) != 0) {
- ERROR_OUT(-10140, exit);
- }
- #endif /* WOLFSSL_CERT_EXT */
- #ifdef ENABLE_ECC384_CERT_GEN_TEST
- #if defined(USE_CERT_BUFFERS_256)
- ret = wc_SetIssuerBuffer(myCert, ca_ecc_cert_der_384,
- sizeof_ca_ecc_cert_der_384);
- #else
- ret = wc_SetIssuer(myCert, eccCaCert384File);
- (void)eccCaCertFile;
- #endif
- #else
- #if defined(USE_CERT_BUFFERS_256)
- ret = wc_SetIssuerBuffer(myCert, ca_ecc_cert_der_256,
- sizeof_ca_ecc_cert_der_256);
- #else
- ret = wc_SetIssuer(myCert, eccCaCertFile);
- #ifdef ENABLE_ECC384_CERT_GEN_TEST
- (void)eccCaCert384File;
- #endif
- #endif
- #endif /* ENABLE_ECC384_CERT_GEN_TEST */
- if (ret < 0) {
- ERROR_OUT(-10141, exit);
- }
- certSz = wc_MakeCert(myCert, der, FOURK_BUF, NULL, certPubKey, rng);
- if (certSz < 0) {
- ERROR_OUT(-10142, exit);
- }
- ret = 0;
- do {
- #if defined(WOLFSSL_ASYNC_CRYPT)
- ret = wc_AsyncWait(ret, &caEccKey->asyncDev, WC_ASYNC_FLAG_CALL_AGAIN);
- #endif
- if (ret >= 0) {
- ret = wc_SignCert(myCert->bodySz, myCert->sigType, der,
- FOURK_BUF, NULL, caEccKey, rng);
- }
- } while (ret == WC_PENDING_E);
- if (ret < 0) {
- ERROR_OUT(-10143, exit);
- }
- certSz = ret;
- TEST_SLEEP();
- #ifdef WOLFSSL_TEST_CERT
- InitDecodedCert(decode, der, certSz, 0);
- ret = ParseCert(decode, CERT_TYPE, NO_VERIFY, 0);
- if (ret != 0) {
- FreeDecodedCert(decode);
- ERROR_OUT(-10144, exit);
- }
- FreeDecodedCert(decode);
- #endif
- ret = SaveDerAndPem(der, certSz, certEccDerFile, certEccPemFile,
- CERT_TYPE, -6735);
- if (ret != 0) {
- goto exit;
- }
- exit:
- #ifdef WOLFSSL_SMALL_STACK
- XFREE(der, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- #endif
- #ifdef WOLFSSL_SMALL_STACK
- if (myCert != NULL)
- XFREE(myCert, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- #ifdef WOLFSSL_TEST_CERT
- if (decode != NULL)
- XFREE(decode, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- #endif
- if (caEccKey != NULL) {
- wc_ecc_free(caEccKey);
- XFREE(caEccKey, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- }
- if (certPubKey != NULL) {
- wc_ecc_free(certPubKey);
- XFREE(certPubKey, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- }
- #else
- wc_ecc_free(certPubKey);
- wc_ecc_free(caEccKey);
- #endif
- return ret;
- }
- #endif /* WOLFSSL_CERT_GEN */
- #if !defined(HAVE_FIPS) && !defined(HAVE_SELFTEST) && !defined(WOLFSSL_NO_MALLOC)
- /* Test for the wc_ecc_key_new() and wc_ecc_key_free() functions. */
- static int ecc_test_allocator(WC_RNG* rng)
- {
- int ret = 0;
- ecc_key* key;
- #ifdef WC_NO_RNG
- word32 idx = 0;
- #endif
- key = wc_ecc_key_new(HEAP_HINT);
- if (key == NULL) {
- ERROR_OUT(-10150, exit);
- }
- #ifndef WC_NO_RNG
- ret = wc_ecc_make_key(rng, ECC_KEYGEN_SIZE, key);
- if (ret != 0) {
- ERROR_OUT(-10151, exit);
- }
- #else
- /* use test ECC key */
- ret = wc_EccPrivateKeyDecode(ecc_key_der_256, &idx, key,
- (word32)sizeof_ecc_key_der_256);
- (void)rng;
- #endif
- exit:
- wc_ecc_key_free(key);
- return ret;
- }
- #endif
- /* ECC Non-blocking tests for Sign and Verify */
- /* Requires SP math and supports P384 or P256 */
- /* ./configure --enable-ecc=nonblock --enable-sp=yes,nonblock CFLAGS="-DWOLFSSL_PUBLIC_MP" */
- #if defined(WC_ECC_NONBLOCK) && defined(WOLFSSL_PUBLIC_MP) && \
- defined(HAVE_ECC_SIGN) && defined(HAVE_ECC_VERIFY)
- /* Test Data - Random */
- static const uint8_t kMsg[] = {
- 0x69, 0xbc, 0x9f, 0xce, 0x68, 0x17, 0xc2, 0x10, 0xea, 0xfc, 0x10, 0x65, 0x67, 0x52, 0xed, 0x78,
- 0x6e, 0xb8, 0x83, 0x9c, 0x9a, 0xb4, 0x56, 0x0d, 0xc1, 0x0d, 0x1f, 0x78, 0x6e, 0x75, 0xd7, 0xbe,
- 0x92, 0x6b, 0x12, 0xf6, 0x76, 0x60, 0x8e, 0xb1, 0xf4, 0x19, 0x0c, 0x81, 0xe7, 0x54, 0x5e, 0xbc,
- 0xe0, 0xae, 0xc2, 0x7d, 0x1b, 0xc4, 0x6e, 0xec, 0xb1, 0x99, 0x6c, 0xbf, 0x0e, 0x38, 0xa8, 0x01,
- 0xa6, 0x9a, 0x48, 0x12, 0xe4, 0xc9, 0x3b, 0xf0, 0x63, 0x46, 0x15, 0xb4, 0x61, 0xa8, 0x1a, 0x60,
- 0x71, 0x87, 0x98, 0xd7, 0x6f, 0x98, 0x7b, 0x2d, 0xb9, 0x19, 0x1b, 0x21, 0x9c, 0x70, 0x58, 0xe8,
- 0x0d, 0x0f, 0xe9, 0x2d, 0x9a, 0x9a, 0xf1, 0x55, 0xa0, 0x4c, 0xd3, 0x07, 0xbd, 0x97, 0x48, 0xec,
- 0x88, 0x0a, 0xaf, 0xb3, 0x80, 0x78, 0xa4, 0x59, 0x43, 0x57, 0xd3, 0xa7, 0x01, 0x66, 0x0e, 0xfc
- };
- /* ECC Private Key "d" */
- static const uint8_t kPrivKey[] = {
- #ifdef HAVE_ECC384
- /* SECP384R1 */
- /* d */
- 0xa4, 0xe5, 0x06, 0xe8, 0x06, 0x16, 0x3e, 0xab,
- 0x89, 0xf8, 0x60, 0x43, 0xc0, 0x60, 0x25, 0xdb,
- 0xba, 0x7b, 0xfe, 0x19, 0x35, 0x08, 0x55, 0x65,
- 0x76, 0xe2, 0xdc, 0xe0, 0x01, 0x8b, 0x6b, 0x68,
- 0xdf, 0xcf, 0x6f, 0x80, 0x12, 0xce, 0x79, 0x37,
- 0xeb, 0x2b, 0x9c, 0x7b, 0xc4, 0x68, 0x1c, 0x74
- #else
- /* SECP256R1 */
- /* d */
- 0x1e, 0xe7, 0x70, 0x07, 0xd3, 0x30, 0x94, 0x39,
- 0x28, 0x90, 0xdf, 0x23, 0x88, 0x2c, 0x4a, 0x34,
- 0x15, 0xdb, 0x4c, 0x43, 0xcd, 0xfa, 0xe5, 0x1f,
- 0x3d, 0x4c, 0x37, 0xfe, 0x59, 0x3b, 0x96, 0xd8
- #endif
- };
- /* ECC public key Qx/Qy */
- static const uint8_t kPubKey[] = {
- #ifdef HAVE_ECC384
- /* SECP384R1 */
- /* Qx */
- 0xea, 0xcf, 0x93, 0x4f, 0x2c, 0x09, 0xbb, 0x39,
- 0x14, 0x0f, 0x56, 0x64, 0xc3, 0x40, 0xb4, 0xdf,
- 0x0e, 0x63, 0xae, 0xe5, 0x71, 0x4b, 0x00, 0xcc,
- 0x04, 0x97, 0xff, 0xe1, 0xe9, 0x38, 0x96, 0xbb,
- 0x5f, 0x91, 0xb2, 0x6a, 0xcc, 0xb5, 0x39, 0x5f,
- 0x8f, 0x70, 0x59, 0xf1, 0x01, 0xf6, 0x5a, 0x2b,
- /* Qy */
- 0x01, 0x6c, 0x68, 0x0b, 0xcf, 0x55, 0x25, 0xaf,
- 0x6d, 0x98, 0x48, 0x0a, 0xa8, 0x74, 0xc9, 0xa9,
- 0x17, 0xa0, 0x0c, 0xc3, 0xfb, 0xd3, 0x23, 0x68,
- 0xfe, 0x04, 0x3c, 0x63, 0x50, 0x88, 0x3b, 0xb9,
- 0x4f, 0x7c, 0x67, 0x34, 0xf7, 0x3b, 0xa9, 0x73,
- 0xe7, 0x1b, 0xc3, 0x51, 0x5e, 0x22, 0x18, 0xec
- #else
- /* SECP256R1 */
- /* Qx */
- 0x96, 0x93, 0x1c, 0x53, 0x0b, 0x43, 0x6c, 0x42,
- 0x0c, 0x52, 0x90, 0xe4, 0xa7, 0xec, 0x98, 0xb1,
- 0xaf, 0xd4, 0x14, 0x49, 0xd8, 0xc1, 0x42, 0x82,
- 0x04, 0x78, 0xd1, 0x90, 0xae, 0xa0, 0x6c, 0x07,
- /* Qy */
- 0xf2, 0x3a, 0xb5, 0x10, 0x32, 0x8d, 0xce, 0x9e,
- 0x76, 0xa0, 0xd2, 0x8c, 0xf3, 0xfc, 0xa9, 0x94,
- 0x43, 0x24, 0xe6, 0x82, 0x00, 0x40, 0xc6, 0xdb,
- 0x1c, 0x2f, 0xcd, 0x38, 0x4b, 0x60, 0xdd, 0x61
- #endif
- };
- /* ECC Curve */
- #ifdef HAVE_ECC384
- /* SECP384R1 */
- #define ECC_CURVE_SZ 48
- #define ECC_CURVE_ID ECC_SECP384R1
- #else
- /* SECP256R1 */
- #define ECC_CURVE_SZ 32
- #define ECC_CURVE_ID ECC_SECP256R1
- #endif
- /* Hash Algorithm */
- #if defined(HAVE_ECC384) && defined(WOLFSSL_SHA3)
- #define HASH_DIGEST_SZ WC_SHA3_384_DIGEST_SIZE
- #define HASH_SHA_VER 3
- #define CRYPTO_HASH_FN crypto_sha3_384
- #elif defined(HAVE_ECC384) && defined(WOLFSSL_SHA384)
- #define HASH_DIGEST_SZ WC_SHA384_DIGEST_SIZE
- #define HASH_SHA_VER 2
- #define CRYPTO_HASH_FN crypto_sha2_384
- #elif !defined(NO_SHA256)
- #define HASH_DIGEST_SZ WC_SHA256_DIGEST_SIZE
- #define HASH_SHA_VER 2
- #define CRYPTO_HASH_FN crypto_sha2_256
- #else
- #error test configuration not supported
- #endif
- #if defined(HAVE_ECC384) && defined(WOLFSSL_SHA3)
- /* helper to perform hashing block by block */
- static int crypto_sha3_384(const uint8_t *buf, uint32_t len, uint8_t *hash,
- uint32_t hashSz, uint32_t blkSz)
- {
- int ret;
- uint32_t i = 0, chunk;
- wc_Sha3 sha3;
- /* validate arguments */
- if ((buf == NULL && len > 0) || hash == NULL ||
- hashSz < WC_SHA3_384_DIGEST_SIZE || blkSz == 0)
- {
- return BAD_FUNC_ARG;
- }
- /* Init Sha3_384 structure */
- ret = wc_InitSha3_384(&sha3, NULL, INVALID_DEVID);
- if (ret != 0) {
- return ret;
- }
- while (i < len) {
- chunk = blkSz;
- if ((chunk + i) > len)
- chunk = len - i;
- /* Perform chunked update */
- ret = wc_Sha3_384_Update(&sha3, (buf + i), chunk);
- if (ret != 0) {
- break;
- }
- i += chunk;
- }
- if (ret == 0) {
- /* Get final digest result */
- ret = wc_Sha3_384_Final(&sha3, hash);
- }
- return ret;
- }
- #elif defined(HAVE_ECC384) && defined(WOLFSSL_SHA384)
- /* helper to perform hashing block by block */
- static int crypto_sha2_384(const uint8_t *buf, uint32_t len, uint8_t *hash,
- uint32_t hashSz, uint32_t blkSz)
- {
- int ret;
- uint32_t i = 0, chunk;
- wc_Sha384 sha384;
- /* validate arguments */
- if ((buf == NULL && len > 0) || hash == NULL ||
- hashSz < WC_SHA384_DIGEST_SIZE || blkSz == 0)
- {
- return BAD_FUNC_ARG;
- }
- /* Init Sha384 structure */
- ret = wc_InitSha384(&sha384);
- if (ret != 0) {
- return ret;
- }
- while (i < len) {
- chunk = blkSz;
- if ((chunk + i) > len)
- chunk = len - i;
- /* Perform chunked update */
- ret = wc_Sha384Update(&sha384, (buf + i), chunk);
- if (ret != 0) {
- break;
- }
- i += chunk;
- }
- if (ret == 0) {
- /* Get final digest result */
- ret = wc_Sha384Final(&sha384, hash);
- }
- return ret;
- }
- #elif !defined(NO_SHA256)
- /* helper to perform hashing block by block */
- static int crypto_sha2_256(const uint8_t *buf, uint32_t len, uint8_t *hash,
- uint32_t hashSz, uint32_t blkSz)
- {
- int ret;
- uint32_t i = 0, chunk;
- wc_Sha256 sha256;
- /* validate arguments */
- if ((buf == NULL && len > 0) || hash == NULL ||
- hashSz < WC_SHA256_DIGEST_SIZE || blkSz == 0)
- {
- return BAD_FUNC_ARG;
- }
- /* Init Sha256 structure */
- ret = wc_InitSha256(&sha256);
- if (ret != 0) {
- return ret;
- }
- while (i < len) {
- chunk = blkSz;
- if ((chunk + i) > len)
- chunk = len - i;
- /* Perform chunked update */
- ret = wc_Sha256Update(&sha256, (buf + i), chunk);
- if (ret != 0) {
- break;
- }
- i += chunk;
- }
- if (ret == 0) {
- /* Get final digest result */
- ret = wc_Sha256Final(&sha256, hash);
- }
- return ret;
- }
- #endif
- /* perform verify of signature and hash using public key */
- /* key is public Qx + public Qy */
- /* sig is r + s */
- static int crypto_ecc_verify(const uint8_t *key, uint32_t keySz,
- const uint8_t *hash, uint32_t hashSz, const uint8_t *sig, uint32_t sigSz,
- uint32_t curveSz, int curveId)
- {
- int ret, verify_res = 0, count = 0;
- mp_int r, s;
- ecc_key ecc;
- ecc_nb_ctx_t nb_ctx;
- /* validate arguments */
- if (key == NULL || hash == NULL || sig == NULL || curveSz == 0 ||
- hashSz == 0 || keySz < (curveSz*2) || sigSz < (curveSz*2))
- {
- return BAD_FUNC_ARG;
- }
- /* Setup the ECC key */
- ret = wc_ecc_init(&ecc);
- if (ret < 0) {
- return ret;
- }
- ret = wc_ecc_set_nonblock(&ecc, &nb_ctx);
- if (ret != MP_OKAY) {
- wc_ecc_free(&ecc);
- return ret;
- }
- /* Setup the signature r/s variables */
- ret = mp_init(&r);
- if (ret != MP_OKAY) {
- wc_ecc_free(&ecc);
- return ret;
- }
- ret = mp_init(&s);
- if (ret != MP_OKAY) {
- mp_clear(&r);
- wc_ecc_free(&ecc);
- return ret;
- }
- /* Import public key x/y */
- ret = wc_ecc_import_unsigned(
- &ecc,
- (byte*)key, /* Public "x" Coordinate */
- (byte*)(key + curveSz), /* Public "y" Coordinate */
- NULL, /* Private "d" (optional) */
- curveId /* ECC Curve Id */
- );
- /* Make sure it was a public key imported */
- if (ret == 0 && ecc.type != ECC_PUBLICKEY) {
- ret = ECC_BAD_ARG_E;
- }
- /* Import signature r/s */
- if (ret == 0) {
- ret = mp_read_unsigned_bin(&r, sig, curveSz);
- }
- if (ret == 0) {
- ret = mp_read_unsigned_bin(&s, sig + curveSz, curveSz);
- }
- /* Verify ECC Signature */
- if (ret == 0) {
- do {
- ret = wc_ecc_verify_hash_ex(
- &r, &s, /* r/s as mp_int */
- hash, hashSz, /* computed hash digest */
- &verify_res, /* verification result 1=success */
- &ecc
- );
- count++;
- /* This is where real-time work could be called */
- } while (ret == FP_WOULDBLOCK);
- #ifdef DEBUG_WOLFSSL
- printf("ECC non-block verify: %d times\n", count);
- #endif
- }
- /* check verify result */
- if (ret == 0 && verify_res == 0) {
- ret = SIG_VERIFY_E;
- }
- mp_clear(&r);
- mp_clear(&s);
- wc_ecc_free(&ecc);
- (void)count;
- return ret;
- }
- /* perform signature operation against hash using private key */
- static int crypto_ecc_sign(const uint8_t *key, uint32_t keySz,
- const uint8_t *hash, uint32_t hashSz, uint8_t *sig, uint32_t* sigSz,
- uint32_t curveSz, int curveId, WC_RNG* rng)
- {
- int ret, count = 0;
- mp_int r, s;
- ecc_key ecc;
- ecc_nb_ctx_t nb_ctx;
- /* validate arguments */
- if (key == NULL || hash == NULL || sig == NULL || sigSz == NULL ||
- curveSz == 0 || hashSz == 0 || keySz < curveSz || *sigSz < (curveSz*2))
- {
- return BAD_FUNC_ARG;
- }
- /* Initialize signature result */
- memset(sig, 0, curveSz*2);
- /* Setup the ECC key */
- ret = wc_ecc_init(&ecc);
- if (ret < 0) {
- return ret;
- }
- ret = wc_ecc_set_nonblock(&ecc, &nb_ctx);
- if (ret != MP_OKAY) {
- wc_ecc_free(&ecc);
- return ret;
- }
- /* Setup the signature r/s variables */
- ret = mp_init(&r);
- if (ret != MP_OKAY) {
- wc_ecc_free(&ecc);
- return ret;
- }
- ret = mp_init(&s);
- if (ret != MP_OKAY) {
- mp_clear(&r);
- wc_ecc_free(&ecc);
- return ret;
- }
- /* Import private key "k" */
- ret = wc_ecc_import_private_key_ex(
- key, keySz, /* private key "d" */
- NULL, 0, /* public (optional) */
- &ecc,
- curveId /* ECC Curve Id */
- );
- if (ret == 0) {
- do {
- /* Verify ECC Signature */
- ret = wc_ecc_sign_hash_ex(
- hash, hashSz, /* computed hash digest */
- rng, &ecc, /* random and key context */
- &r, &s /* r/s as mp_int */
- );
- count++;
- /* This is where real-time work could be called */
- } while (ret == FP_WOULDBLOCK);
- #ifdef DEBUG_WOLFSSL
- printf("ECC non-block sign: %d times\n", count);
- #endif
- }
- if (ret == 0) {
- /* export r/s */
- mp_to_unsigned_bin_len(&r, sig, curveSz);
- mp_to_unsigned_bin_len(&s, sig + curveSz, curveSz);
- }
- mp_clear(&r);
- mp_clear(&s);
- wc_ecc_free(&ecc);
- (void)count;
- return ret;
- }
- static int ecc_test_nonblock(WC_RNG* rng)
- {
- int ret;
- uint8_t hash[HASH_DIGEST_SZ];
- uint8_t sig[ECC_CURVE_SZ*2];
- uint32_t sigSz = sizeof(sig);
- ret = CRYPTO_HASH_FN(
- kMsg, sizeof(kMsg), /* input message */
- hash, sizeof(hash), /* hash digest result */
- 32 /* configurable block / chunk size */
- );
- if (ret == 0) {
- /* Sign hash using private key */
- /* Note: result of an ECC sign varies for each call even with same
- private key and hash. This is because a new random public key is
- used for each operation. */
- ret = crypto_ecc_sign(
- kPrivKey, sizeof(kPrivKey), /* private key */
- hash, sizeof(hash), /* computed hash digest */
- sig, &sigSz, /* signature r/s */
- ECC_CURVE_SZ, /* curve size in bytes */
- ECC_CURVE_ID, /* curve id */
- rng
- );
- }
- if (ret == 0) {
- /* Verify generated signature is valid */
- ret = crypto_ecc_verify(
- kPubKey, sizeof(kPubKey), /* public key point x/y */
- hash, sizeof(hash), /* computed hash digest */
- sig, sigSz, /* signature r/s */
- ECC_CURVE_SZ, /* curve size in bytes */
- ECC_CURVE_ID /* curve id */
- );
- }
- return ret;
- }
- #endif /* WC_ECC_NONBLOCK && WOLFSSL_PUBLIC_MP && HAVE_ECC_SIGN && HAVE_ECC_VERIFY */
- WOLFSSL_TEST_SUBROUTINE int ecc_test(void)
- {
- int ret;
- WC_RNG rng;
- #ifdef WOLFSSL_CERT_EXT
- ret = ecc_decode_test();
- if (ret < 0)
- return ret;
- #endif
- #ifndef HAVE_FIPS
- ret = wc_InitRng_ex(&rng, HEAP_HINT, devId);
- #else
- ret = wc_InitRng(&rng);
- #endif
- #ifndef WC_NO_RNG
- if (ret != 0)
- return -10300;
- #endif
- #if (defined(HAVE_ECC112) || defined(HAVE_ALL_CURVES)) && ECC_MIN_KEY_SZ <= 112
- ret = ecc_test_curve(&rng, 14);
- if (ret < 0) {
- goto done;
- }
- #endif /* HAVE_ECC112 */
- #if (defined(HAVE_ECC128) || defined(HAVE_ALL_CURVES)) && ECC_MIN_KEY_SZ <= 128
- ret = ecc_test_curve(&rng, 16);
- if (ret < 0) {
- goto done;
- }
- #endif /* HAVE_ECC128 */
- #if (defined(HAVE_ECC160) || defined(HAVE_ALL_CURVES)) && ECC_MIN_KEY_SZ <= 160
- ret = ecc_test_curve(&rng, 20);
- if (ret < 0) {
- goto done;
- }
- #endif /* HAVE_ECC160 */
- #if (defined(HAVE_ECC192) || defined(HAVE_ALL_CURVES)) && ECC_MIN_KEY_SZ <= 192
- ret = ecc_test_curve(&rng, 24);
- if (ret < 0) {
- goto done;
- }
- #endif /* HAVE_ECC192 */
- #if (defined(HAVE_ECC224) || defined(HAVE_ALL_CURVES)) && ECC_MIN_KEY_SZ <= 224
- ret = ecc_test_curve(&rng, 28);
- if (ret < 0) {
- goto done;
- }
- #endif /* HAVE_ECC224 */
- #if (defined(HAVE_ECC239) || defined(HAVE_ALL_CURVES)) && ECC_MIN_KEY_SZ <= 239
- ret = ecc_test_curve(&rng, 30);
- if (ret < 0) {
- goto done;
- }
- #endif /* HAVE_ECC239 */
- #if (!defined(NO_ECC256) || defined(HAVE_ALL_CURVES)) && ECC_MIN_KEY_SZ <= 256
- ret = ecc_test_curve(&rng, 32);
- if (ret < 0) {
- goto done;
- }
- #if !defined(WOLFSSL_ATECC508A) && !defined(WOLFSSL_ATECC608A) && \
- defined(HAVE_ECC_KEY_IMPORT) && defined(HAVE_ECC_KEY_EXPORT) && \
- !defined(WOLFSSL_NO_MALLOC)
- ret = ecc_point_test();
- if (ret < 0) {
- goto done;
- }
- #endif
- ret = ecc_def_curve_test(&rng);
- if (ret < 0) {
- goto done;
- }
- #endif /* !NO_ECC256 */
- #if (defined(HAVE_ECC320) || defined(HAVE_ALL_CURVES)) && ECC_MIN_KEY_SZ <= 320
- ret = ecc_test_curve(&rng, 40);
- if (ret < 0) {
- goto done;
- }
- #endif /* HAVE_ECC320 */
- #if (defined(HAVE_ECC384) || defined(HAVE_ALL_CURVES)) && ECC_MIN_KEY_SZ <= 384
- ret = ecc_test_curve(&rng, 48);
- if (ret < 0) {
- goto done;
- }
- #endif /* HAVE_ECC384 */
- #if (defined(HAVE_ECC512) || defined(HAVE_ALL_CURVES)) && ECC_MIN_KEY_SZ <= 512
- ret = ecc_test_curve(&rng, 64);
- if (ret < 0) {
- goto done;
- }
- #endif /* HAVE_ECC512 */
- #if (defined(HAVE_ECC521) || defined(HAVE_ALL_CURVES)) && ECC_MIN_KEY_SZ <= 521
- ret = ecc_test_curve(&rng, 66);
- if (ret < 0) {
- goto done;
- }
- #endif /* HAVE_ECC521 */
- #if defined(WOLFSSL_CUSTOM_CURVES)
- ret = ecc_test_custom_curves(&rng);
- if (ret != 0) {
- goto done;
- }
- #endif
- #if defined(HAVE_ECC_SIGN) && defined(WOLFSSL_ECDSA_SET_K)
- ret = ecc_test_sign_vectors(&rng);
- if (ret != 0) {
- printf("ecc_test_sign_vectors failed! %d\n", ret);
- goto done;
- }
- #endif
- #ifdef HAVE_ECC_CDH
- ret = ecc_test_cdh_vectors(&rng);
- if (ret != 0) {
- printf("ecc_test_cdh_vectors failed! %d\n", ret);
- goto done;
- }
- #endif
- #if !defined(WOLFSSL_ATECC508A) && !defined(WOLFSSL_ATECC608A) && \
- !defined(WOLFSSL_STM32_PKA) && !defined(WOLFSSL_SILABS_SE_ACCEL)
- ret = ecc_test_make_pub(&rng);
- if (ret != 0) {
- printf("ecc_test_make_pub failed!: %d\n", ret);
- goto done;
- }
- #elif defined(HAVE_ECC_KEY_IMPORT)
- (void) ecc_test_make_pub;/* for compiler warning */
- #endif
- #ifdef WOLFSSL_CERT_GEN
- ret = ecc_test_cert_gen(&rng);
- if (ret != 0) {
- printf("ecc_test_cert_gen failed!: %d\n", ret);
- goto done;
- }
- #endif
- #if !defined(HAVE_FIPS) && !defined(HAVE_SELFTEST) && !defined(WOLFSSL_NO_MALLOC)
- ret = ecc_test_allocator(&rng);
- if (ret != 0) {
- printf("ecc_test_allocator failed!: %d\n", ret);
- goto done;
- }
- #endif
- #if defined(WC_ECC_NONBLOCK) && defined(WOLFSSL_PUBLIC_MP) && \
- defined(HAVE_ECC_SIGN) && defined(HAVE_ECC_VERIFY)
- ret = ecc_test_nonblock(&rng);
- if (ret != 0) {
- printf("ecc_test_nonblock failed!: %d\n", ret);
- goto done;
- }
- #endif
- done:
- wc_FreeRng(&rng);
- return ret;
- }
- #if defined(HAVE_ECC_ENCRYPT) && defined(WOLFSSL_AES_128)
- WOLFSSL_TEST_SUBROUTINE int ecc_encrypt_test(void)
- {
- WC_RNG rng;
- int ret = 0;
- #ifdef WOLFSSL_SMALL_STACK
- ecc_key *userA = (ecc_key *)XMALLOC(sizeof *userA, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER),
- *userB = (ecc_key *)XMALLOC(sizeof *userB, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- #else
- ecc_key userA[1], userB[1];
- #endif
- byte msg[48];
- byte plain[48];
- byte out[80];
- word32 outSz = sizeof(out);
- word32 plainSz = sizeof(plain);
- int i;
- ecEncCtx* cliCtx = NULL;
- ecEncCtx* srvCtx = NULL;
- byte cliSalt[EXCHANGE_SALT_SZ];
- byte srvSalt[EXCHANGE_SALT_SZ];
- const byte* tmpSalt;
- byte msg2[48];
- byte plain2[48];
- byte out2[80];
- word32 outSz2 = sizeof(out2);
- word32 plainSz2 = sizeof(plain2);
- #ifndef HAVE_FIPS
- ret = wc_InitRng_ex(&rng, HEAP_HINT, devId);
- #else
- ret = wc_InitRng(&rng);
- #endif
- if (ret != 0)
- return -10400;
- #ifdef WOLFSSL_SMALL_STACK
- if ((userA == NULL) ||
- (userB == NULL))
- ERROR_OUT(MEMORY_E, done);
- #endif
- XMEMSET(userA, 0, sizeof *userA);
- XMEMSET(userB, 0, sizeof *userB);
- ret = wc_ecc_init_ex(userA, HEAP_HINT, devId);
- if (ret != 0)
- goto done;
- ret = wc_ecc_init_ex(userB, HEAP_HINT, devId);
- if (ret != 0)
- goto done;
- ret = wc_ecc_make_key(&rng, ECC_KEYGEN_SIZE, userA);
- #if defined(WOLFSSL_ASYNC_CRYPT)
- ret = wc_AsyncWait(ret, &userA->asyncDev, WC_ASYNC_FLAG_NONE);
- #endif
- if (ret != 0){
- ret = -10401; goto done;
- }
- ret = wc_ecc_make_key(&rng, ECC_KEYGEN_SIZE, userB);
- #if defined(WOLFSSL_ASYNC_CRYPT)
- ret = wc_AsyncWait(ret, &userB->asyncDev, WC_ASYNC_FLAG_NONE);
- #endif
- if (ret != 0){
- ret = -10402; goto done;
- }
- /* set message to incrementing 0,1,2,etc... */
- for (i = 0; i < (int)sizeof(msg); i++)
- msg[i] = i;
- #if defined(ECC_TIMING_RESISTANT) && (!defined(HAVE_FIPS) || \
- (!defined(HAVE_FIPS_VERSION) || (HAVE_FIPS_VERSION != 2))) && \
- !defined(HAVE_SELFTEST)
- ret = wc_ecc_set_rng(userA, &rng);
- if (ret != 0) {
- ret = -10403; goto done;
- }
- ret = wc_ecc_set_rng(userB, &rng);
- if (ret != 0) {
- ret = -10404; goto done;
- }
- #endif
- /* encrypt msg to B */
- ret = wc_ecc_encrypt(userA, userB, msg, sizeof(msg), out, &outSz, NULL);
- if (ret != 0) {
- ret = -10405; goto done;
- }
- /* decrypt msg from A */
- ret = wc_ecc_decrypt(userB, userA, out, outSz, plain, &plainSz, NULL);
- if (ret != 0) {
- ret = -10406; goto done;
- }
- if (XMEMCMP(plain, msg, sizeof(msg)) != 0) {
- ret = -10407; goto done;
- }
- /* let's verify message exchange works, A is client, B is server */
- cliCtx = wc_ecc_ctx_new(REQ_RESP_CLIENT, &rng);
- srvCtx = wc_ecc_ctx_new(REQ_RESP_SERVER, &rng);
- if (cliCtx == NULL || srvCtx == NULL) {
- ret = -10408; goto done;
- }
- /* get salt to send to peer */
- tmpSalt = wc_ecc_ctx_get_own_salt(cliCtx);
- if (tmpSalt == NULL) {
- ret = -10409; goto done;
- }
- XMEMCPY(cliSalt, tmpSalt, EXCHANGE_SALT_SZ);
- tmpSalt = wc_ecc_ctx_get_own_salt(srvCtx);
- if (tmpSalt == NULL) {
- ret = -10410; goto done;
- }
- XMEMCPY(srvSalt, tmpSalt, EXCHANGE_SALT_SZ);
- /* in actual use, we'd get the peer's salt over the transport */
- ret = wc_ecc_ctx_set_peer_salt(cliCtx, srvSalt);
- if (ret != 0)
- goto done;
- ret = wc_ecc_ctx_set_peer_salt(srvCtx, cliSalt);
- if (ret != 0)
- goto done;
- ret = wc_ecc_ctx_set_info(cliCtx, (byte*)"wolfSSL MSGE", 11);
- if (ret != 0)
- goto done;
- ret = wc_ecc_ctx_set_info(srvCtx, (byte*)"wolfSSL MSGE", 11);
- if (ret != 0)
- goto done;
- /* get encrypted msg (request) to send to B */
- outSz = sizeof(out);
- ret = wc_ecc_encrypt(userA, userB, msg, sizeof(msg), out, &outSz,cliCtx);
- if (ret != 0)
- goto done;
- /* B decrypts msg (request) from A */
- plainSz = sizeof(plain);
- ret = wc_ecc_decrypt(userB, userA, out, outSz, plain, &plainSz, srvCtx);
- if (ret != 0)
- goto done;
- if (XMEMCMP(plain, msg, sizeof(msg)) != 0) {
- ret = -10411; goto done;
- }
- /* msg2 (response) from B to A */
- for (i = 0; i < (int)sizeof(msg2); i++)
- msg2[i] = i + sizeof(msg2);
- /* get encrypted msg (response) to send to B */
- ret = wc_ecc_encrypt(userB, userA, msg2, sizeof(msg2), out2,
- &outSz2, srvCtx);
- if (ret != 0)
- goto done;
- /* A decrypts msg (response) from B */
- ret = wc_ecc_decrypt(userA, userB, out2, outSz2, plain2, &plainSz2,
- cliCtx);
- if (ret != 0)
- goto done;
- if (XMEMCMP(plain2, msg2, sizeof(msg2)) != 0) {
- ret = -10412; goto done;
- }
- done:
- /* cleanup */
- wc_ecc_ctx_free(srvCtx);
- wc_ecc_ctx_free(cliCtx);
- #ifdef WOLFSSL_SMALL_STACK
- if (userA != NULL) {
- wc_ecc_free(userA);
- XFREE(userA, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- }
- if (userB != NULL) {
- wc_ecc_free(userB);
- XFREE(userB, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- }
- #else
- wc_ecc_free(userB);
- wc_ecc_free(userA);
- #endif
- wc_FreeRng(&rng);
- return ret;
- }
- #endif /* HAVE_ECC_ENCRYPT */
- #if defined(USE_CERT_BUFFERS_256) && !defined(WOLFSSL_ATECC508A) && \
- !defined(WOLFSSL_ATECC608A) && !defined(NO_ECC256) && \
- defined(HAVE_ECC_VERIFY) && defined(HAVE_ECC_SIGN)
- WOLFSSL_TEST_SUBROUTINE int ecc_test_buffers(void)
- {
- size_t bytes;
- #ifdef WOLFSSL_SMALL_STACK
- ecc_key *cliKey = (ecc_key *)XMALLOC(sizeof *cliKey, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- ecc_key *servKey = (ecc_key *)XMALLOC(sizeof *servKey, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- #else
- ecc_key cliKey[1];
- ecc_key servKey[1];
- #endif
- WC_RNG rng;
- word32 idx = 0;
- int ret;
- /* pad our test message to 32 bytes so evenly divisible by AES_BLOCK_SZ */
- byte in[] = "Everyone gets Friday off. ecc p";
- word32 inLen = (word32)XSTRLEN((char*)in);
- byte out[256];
- byte plain[256];
- int verify = 0;
- word32 x;
- #ifdef WOLFSSL_SMALL_STACK
- if ((cliKey == NULL) || (servKey == NULL))
- ERROR_OUT(MEMORY_E, done);
- #endif
- ret = wc_ecc_init_ex(cliKey, HEAP_HINT, devId);
- if (ret != 0)
- ERROR_OUT(-10420, done);
- ret = wc_ecc_init_ex(servKey, HEAP_HINT, devId);
- if (ret != 0)
- ERROR_OUT(-10421, done);
- bytes = (size_t)sizeof_ecc_clikey_der_256;
- /* place client key into ecc_key struct cliKey */
- ret = wc_EccPrivateKeyDecode(ecc_clikey_der_256, &idx, cliKey,
- (word32)bytes);
- if (ret != 0)
- ERROR_OUT(-10422, done);
- idx = 0;
- bytes = (size_t)sizeof_ecc_key_der_256;
- /* place server key into ecc_key struct servKey */
- ret = wc_EccPrivateKeyDecode(ecc_key_der_256, &idx, servKey,
- (word32)bytes);
- if (ret != 0)
- ERROR_OUT(-10423, done);
- #ifndef WC_NO_RNG
- #ifndef HAVE_FIPS
- ret = wc_InitRng_ex(&rng, HEAP_HINT, devId);
- #else
- ret = wc_InitRng(&rng);
- #endif
- if (ret != 0)
- ERROR_OUT(-10424, done);
- #if defined(ECC_TIMING_RESISTANT) && (!defined(HAVE_FIPS) || \
- (!defined(HAVE_FIPS_VERSION) || (HAVE_FIPS_VERSION != 2))) && \
- !defined(HAVE_SELFTEST)
- ret = wc_ecc_set_rng(cliKey, &rng);
- if (ret != 0) {
- ERROR_OUT(-10425, done);
- }
- #endif
- #endif /* !WC_NO_RNG */
- #if defined(HAVE_ECC_ENCRYPT) && defined(HAVE_HKDF)
- {
- word32 y;
- /* test encrypt and decrypt if they're available */
- x = sizeof(out);
- ret = wc_ecc_encrypt(cliKey, servKey, in, sizeof(in), out, &x, NULL);
- if (ret < 0)
- ERROR_OUT(-10426, done);
- y = sizeof(plain);
- ret = wc_ecc_decrypt(cliKey, servKey, out, x, plain, &y, NULL);
- if (ret < 0)
- ERROR_OUT(-10427, done);
- if (XMEMCMP(plain, in, inLen))
- ERROR_OUT(-10428, done);
- }
- #endif
- x = sizeof(out);
- do {
- #if defined(WOLFSSL_ASYNC_CRYPT)
- ret = wc_AsyncWait(ret, cliKey.asyncDev, WC_ASYNC_FLAG_CALL_AGAIN);
- #endif
- if (ret == 0)
- ret = wc_ecc_sign_hash(in, inLen, out, &x, &rng, cliKey);
- } while (ret == WC_PENDING_E);
- if (ret < 0)
- ERROR_OUT(-10429, done);
- TEST_SLEEP();
- XMEMSET(plain, 0, sizeof(plain));
- do {
- #if defined(WOLFSSL_ASYNC_CRYPT)
- ret = wc_AsyncWait(ret, cliKey.asyncDev, WC_ASYNC_FLAG_CALL_AGAIN);
- #endif
- if (ret == 0)
- ret = wc_ecc_verify_hash(out, x, in, inLen, &verify,
- cliKey);
- } while (ret == WC_PENDING_E);
- if (ret < 0)
- ERROR_OUT(-10430, done);
- if (verify != 1)
- ERROR_OUT(-10431, done);
- TEST_SLEEP();
- #ifdef WOLFSSL_CERT_EXT
- idx = 0;
- bytes = sizeof_ecc_clikeypub_der_256;
- ret = wc_EccPublicKeyDecode(ecc_clikeypub_der_256, &idx, cliKey,
- (word32) bytes);
- if (ret != 0)
- ERROR_OUT(-10432, done);
- #endif
- ret = 0;
- done:
- #ifdef WOLFSSL_SMALL_STACK
- if (cliKey != NULL) {
- wc_ecc_free(cliKey);
- XFREE(cliKey, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- }
- if (servKey != NULL) {
- wc_ecc_free(servKey);
- XFREE(servKey, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- }
- #else
- wc_ecc_free(cliKey);
- wc_ecc_free(servKey);
- #endif
- wc_FreeRng(&rng);
- return ret;
- }
- #endif /* USE_CERT_BUFFERS_256 && !WOLFSSL_ATECCX08A && !NO_ECC256 */
- #endif /* HAVE_ECC */
- #ifdef HAVE_CURVE25519
- #if defined(HAVE_CURVE25519_SHARED_SECRET) && \
- defined(HAVE_CURVE25519_KEY_IMPORT)
- #ifdef CURVE25519_OVERFLOW_ALL_TESTS
- #define X25519_TEST_CNT 5
- #else
- #define X25519_TEST_CNT 1
- #endif
- static int curve25519_overflow_test(void)
- {
- /* secret key for party a */
- byte sa[X25519_TEST_CNT][32] = {
- {
- 0x8d,0xaf,0x6e,0x7a,0xc1,0xeb,0x8d,0x30,
- 0x99,0x86,0xd3,0x90,0x47,0x96,0x21,0x3c,
- 0x3a,0x75,0xc0,0x7b,0x75,0x01,0x75,0xa3,
- 0x81,0x4b,0xff,0x5a,0xbc,0x96,0x87,0x28
- },
- #ifdef CURVE25519_OVERFLOW_ALL_TESTS
- {
- 0x9d,0x63,0x5f,0xce,0xe2,0xe8,0xd7,0xfb,
- 0x68,0x77,0x0e,0x44,0xd1,0xad,0x87,0x2b,
- 0xf4,0x65,0x06,0xb7,0xbb,0xdb,0xbe,0x6e,
- 0x02,0x43,0x24,0xc7,0x3d,0x7b,0x88,0x60
- },
- {
- 0x63,0xbf,0x76,0xa9,0x73,0xa0,0x09,0xb9,
- 0xcc,0xc9,0x4d,0x47,0x2d,0x14,0x0e,0x52,
- 0xa3,0x84,0x55,0xb8,0x7c,0xdb,0xce,0xb1,
- 0xe4,0x5b,0x8a,0xb9,0x30,0xf1,0xa4,0xa0
- },
- {
- 0x63,0xbf,0x76,0xa9,0x73,0xa0,0x09,0xb9,
- 0xcc,0xc9,0x4d,0x47,0x2d,0x14,0x0e,0x52,
- 0xa3,0x84,0x55,0xb8,0x7c,0xdb,0xce,0xb1,
- 0xe4,0x5b,0x8a,0xb9,0x30,0xf1,0xa4,0xa0
- },
- {
- 0x63,0xbf,0x76,0xa9,0x73,0xa0,0x09,0xb9,
- 0xcc,0xc9,0x4d,0x47,0x2d,0x14,0x0e,0x52,
- 0xa3,0x84,0x55,0xb8,0x7c,0xdb,0xce,0xb1,
- 0xe4,0x5b,0x8a,0xb9,0x30,0xf1,0xa4,0xa0
- }
- #endif
- };
- /* public key for party b */
- byte pb[X25519_TEST_CNT][32] = {
- {
- 0x7f,0xff,0xff,0xff,0xff,0xff,0xff,0xff,
- 0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,
- 0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,
- 0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xf0
- },
- #ifdef CURVE25519_OVERFLOW_ALL_TESTS
- {
- /* 0xff first byte in original - invalid! */
- 0x7f,0xff,0xff,0xff,0xff,0xff,0xff,0xff,
- 0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,
- 0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,
- 0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xf0
- },
- {
- 0x36,0x1a,0x74,0x87,0x28,0x59,0xe0,0xb6,
- 0xe4,0x2b,0x17,0x9b,0x16,0xb0,0x3b,0xf8,
- 0xb8,0x9f,0x2a,0x8f,0xc5,0x33,0x68,0x4f,
- 0xde,0x4d,0xd8,0x80,0x63,0xe7,0xb4,0x0a
- },
- {
- 0x00,0x80,0x38,0x59,0x19,0x3a,0x66,0x12,
- 0xfd,0xa1,0xec,0x1c,0x40,0x84,0x40,0xbd,
- 0x64,0x10,0x8b,0x53,0x81,0x21,0x03,0x2d,
- 0x7d,0x33,0xb4,0x01,0x57,0x0d,0xe1,0x89
- },
- {
- 0x1d,0xf8,0xf8,0x33,0x89,0x6c,0xb7,0xba,
- 0x94,0x73,0xfa,0xc2,0x36,0xac,0xbe,0x49,
- 0xaf,0x85,0x3e,0x93,0x5f,0xae,0xb2,0xc0,
- 0xc8,0x80,0x8f,0x4a,0xaa,0xd3,0x55,0x2b
- }
- #endif
- };
- /* expected shared key */
- byte ss[X25519_TEST_CNT][32] = {
- {
- 0x5c,0x4c,0x85,0x5f,0xfb,0x20,0x38,0xcc,
- 0x55,0x16,0x5b,0x8a,0xa7,0xed,0x57,0x6e,
- 0x35,0xaa,0x71,0x67,0x85,0x1f,0xb6,0x28,
- 0x17,0x07,0x7b,0xda,0x76,0xdd,0xe0,0xb4
- },
- #ifdef CURVE25519_OVERFLOW_ALL_TESTS
- {
- 0x33,0xf6,0xc1,0x34,0x62,0x92,0x06,0x02,
- 0x95,0xdb,0x91,0x4c,0x5d,0x52,0x54,0xc7,
- 0xd2,0x5b,0x24,0xb5,0x4f,0x33,0x59,0x79,
- 0x9f,0x6d,0x7e,0x4a,0x4c,0x30,0xd6,0x38
- },
- {
- 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
- 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
- 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
- 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x02
- },
- {
- 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
- 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
- 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
- 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x09
- },
- {
- 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
- 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
- 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
- 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x10
- }
- #endif
- };
- int i;
- word32 y;
- byte shared[32];
- curve25519_key userA;
- wc_curve25519_init(&userA);
- for (i = 0; i < X25519_TEST_CNT; i++) {
- if (wc_curve25519_import_private_raw(sa[i], sizeof(sa[i]), pb[i],
- sizeof(pb[i]), &userA) != 0)
- return -10500 - i;
- /* test against known test vector */
- XMEMSET(shared, 0, sizeof(shared));
- y = sizeof(shared);
- if (wc_curve25519_shared_secret(&userA, &userA, shared, &y) != 0)
- return -10510 - i;
- if (XMEMCMP(ss[i], shared, y))
- return -10520 - i;
- }
- return 0;
- }
- /* Test the wc_curve25519_check_public API.
- *
- * returns 0 on success and -ve on failure.
- */
- static int curve25519_check_public_test(void)
- {
- /* Little-endian values that will fail */
- byte fail_le[][CURVE25519_KEYSIZE] = {
- {
- 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
- 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
- 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
- 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00
- },
- {
- 0x01,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
- 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
- 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
- 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00
- },
- {
- 0x01,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
- 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
- 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
- 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x81
- },
- };
- /* Big-endian values that will fail */
- byte fail_be[][CURVE25519_KEYSIZE] = {
- {
- 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
- 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
- 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
- 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00
- },
- {
- 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
- 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
- 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
- 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x01
- },
- {
- 0x81,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
- 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
- 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
- 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x01
- },
- };
- /* Good or valid public value */
- byte good[CURVE25519_KEYSIZE] = {
- 0x01,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
- 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
- 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
- 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x01
- };
- int i;
- /* Parameter checks */
- /* NULL pointer */
- if (wc_curve25519_check_public(NULL, 0, EC25519_LITTLE_ENDIAN) !=
- BAD_FUNC_ARG) {
- return -10600;
- }
- if (wc_curve25519_check_public(NULL, 0, EC25519_BIG_ENDIAN) !=
- BAD_FUNC_ARG) {
- return -10601;
- }
- /* Length of 0 treated differently to other invalid lengths for TLS */
- if (wc_curve25519_check_public(good, 0, EC25519_LITTLE_ENDIAN) != BUFFER_E)
- return -10602;
- if (wc_curve25519_check_public(good, 0, EC25519_BIG_ENDIAN) != BUFFER_E)
- return -10603;
- /* Length not CURVE25519_KEYSIZE */
- for (i = 1; i < CURVE25519_KEYSIZE + 2; i++) {
- if (i == CURVE25519_KEYSIZE)
- continue;
- if (wc_curve25519_check_public(good, i, EC25519_LITTLE_ENDIAN) !=
- ECC_BAD_ARG_E) {
- return -10604 - i;
- }
- if (wc_curve25519_check_public(good, i, EC25519_BIG_ENDIAN) !=
- ECC_BAD_ARG_E) {
- return -10614 - i;
- }
- }
- /* Little-endian fail cases */
- for (i = 0; i < (int)(sizeof(fail_le) / sizeof(*fail_le)); i++) {
- if (wc_curve25519_check_public(fail_le[i], CURVE25519_KEYSIZE,
- EC25519_LITTLE_ENDIAN) == 0) {
- return -10624 - i;
- }
- }
- /* Big-endian fail cases */
- for (i = 0; i < (int)(sizeof(fail_be) / sizeof(*fail_be)); i++) {
- if (wc_curve25519_check_public(fail_be[i], CURVE25519_KEYSIZE,
- EC25519_BIG_ENDIAN) == 0) {
- return -10634 - i;
- }
- }
- /* Check a valid public value works! */
- if (wc_curve25519_check_public(good, CURVE25519_KEYSIZE,
- EC25519_LITTLE_ENDIAN) != 0) {
- return -10644;
- }
- if (wc_curve25519_check_public(good, CURVE25519_KEYSIZE,
- EC25519_BIG_ENDIAN) != 0) {
- return -10645;
- }
- return 0;
- }
- #endif /* HAVE_CURVE25519_SHARED_SECRET && HAVE_CURVE25519_KEY_IMPORT */
- WOLFSSL_TEST_SUBROUTINE int curve25519_test(void)
- {
- WC_RNG rng;
- int ret;
- #ifdef HAVE_CURVE25519_SHARED_SECRET
- byte sharedA[32];
- byte sharedB[32];
- word32 y;
- #endif
- #ifdef HAVE_CURVE25519_KEY_EXPORT
- byte exportBuf[32];
- #endif
- word32 x = 0;
- curve25519_key userA, userB, pubKey;
- #if defined(HAVE_CURVE25519_SHARED_SECRET) && \
- defined(HAVE_CURVE25519_KEY_IMPORT)
- /* test vectors from
- https://tools.ietf.org/html/draft-josefsson-tls-curve25519-03
- */
- /* secret key for party a */
- byte sa[] = {
- 0x5A,0xC9,0x9F,0x33,0x63,0x2E,0x5A,0x76,
- 0x8D,0xE7,0xE8,0x1B,0xF8,0x54,0xC2,0x7C,
- 0x46,0xE3,0xFB,0xF2,0xAB,0xBA,0xCD,0x29,
- 0xEC,0x4A,0xFF,0x51,0x73,0x69,0xC6,0x60
- };
- /* public key for party a */
- byte pa[] = {
- 0x05,0x7E,0x23,0xEA,0x9F,0x1C,0xBE,0x8A,
- 0x27,0x16,0x8F,0x6E,0x69,0x6A,0x79,0x1D,
- 0xE6,0x1D,0xD3,0xAF,0x7A,0xCD,0x4E,0xEA,
- 0xCC,0x6E,0x7B,0xA5,0x14,0xFD,0xA8,0x63
- };
- /* secret key for party b */
- byte sb[] = {
- 0x47,0xDC,0x3D,0x21,0x41,0x74,0x82,0x0E,
- 0x11,0x54,0xB4,0x9B,0xC6,0xCD,0xB2,0xAB,
- 0xD4,0x5E,0xE9,0x58,0x17,0x05,0x5D,0x25,
- 0x5A,0xA3,0x58,0x31,0xB7,0x0D,0x32,0x60
- };
- /* public key for party b */
- byte pb[] = {
- 0x6E,0xB8,0x9D,0xA9,0x19,0x89,0xAE,0x37,
- 0xC7,0xEA,0xC7,0x61,0x8D,0x9E,0x5C,0x49,
- 0x51,0xDB,0xA1,0xD7,0x3C,0x28,0x5A,0xE1,
- 0xCD,0x26,0xA8,0x55,0x02,0x0E,0xEF,0x04
- };
- /* expected shared key */
- byte ss[] = {
- 0x61,0x45,0x0C,0xD9,0x8E,0x36,0x01,0x6B,
- 0x58,0x77,0x6A,0x89,0x7A,0x9F,0x0A,0xEF,
- 0x73,0x8B,0x99,0xF0,0x94,0x68,0xB8,0xD6,
- 0xB8,0x51,0x11,0x84,0xD5,0x34,0x94,0xAB
- };
- #endif /* HAVE_CURVE25519_SHARED_SECRET */
- (void)x;
- #ifndef HAVE_FIPS
- ret = wc_InitRng_ex(&rng, HEAP_HINT, devId);
- #else
- ret = wc_InitRng(&rng);
- #endif
- if (ret != 0)
- return -10700;
- wc_curve25519_init(&userA);
- wc_curve25519_init(&userB);
- wc_curve25519_init(&pubKey);
- /* make curve25519 keys */
- if (wc_curve25519_make_key(&rng, 32, &userA) != 0)
- return -10701;
- if (wc_curve25519_make_key(&rng, 32, &userB) != 0)
- return -10702;
- #ifdef HAVE_CURVE25519_SHARED_SECRET
- /* find shared secret key */
- x = sizeof(sharedA);
- if (wc_curve25519_shared_secret(&userA, &userB, sharedA, &x) != 0)
- return -10703;
- y = sizeof(sharedB);
- if (wc_curve25519_shared_secret(&userB, &userA, sharedB, &y) != 0)
- return -10704;
- /* compare shared secret keys to test they are the same */
- if (y != x)
- return -10705;
- if (XMEMCMP(sharedA, sharedB, x))
- return -10706;
- #endif
- #ifdef HAVE_CURVE25519_KEY_EXPORT
- /* export a public key and import it for another user */
- x = sizeof(exportBuf);
- if (wc_curve25519_export_public(&userA, exportBuf, &x) != 0)
- return -10707;
- #ifdef HAVE_CURVE25519_KEY_IMPORT
- if (wc_curve25519_import_public(exportBuf, x, &pubKey) != 0)
- return -10708;
- #endif
- #endif
- #if defined(HAVE_CURVE25519_SHARED_SECRET) && \
- defined(HAVE_CURVE25519_KEY_IMPORT)
- /* test shared key after importing a public key */
- XMEMSET(sharedB, 0, sizeof(sharedB));
- y = sizeof(sharedB);
- if (wc_curve25519_shared_secret(&userB, &pubKey, sharedB, &y) != 0)
- return -10709;
- if (XMEMCMP(sharedA, sharedB, y))
- return -10710;
- /* import RFC test vectors and compare shared key */
- if (wc_curve25519_import_private_raw(sa, sizeof(sa), pa, sizeof(pa), &userA)
- != 0)
- return -10711;
- if (wc_curve25519_import_private_raw(sb, sizeof(sb), pb, sizeof(pb), &userB)
- != 0)
- return -10712;
- /* test against known test vector */
- XMEMSET(sharedB, 0, sizeof(sharedB));
- y = sizeof(sharedB);
- if (wc_curve25519_shared_secret(&userA, &userB, sharedB, &y) != 0)
- return -10713;
- if (XMEMCMP(ss, sharedB, y))
- return -10714;
- /* test swapping roles of keys and generating same shared key */
- XMEMSET(sharedB, 0, sizeof(sharedB));
- y = sizeof(sharedB);
- if (wc_curve25519_shared_secret(&userB, &userA, sharedB, &y) != 0)
- return -10715;
- if (XMEMCMP(ss, sharedB, y))
- return -10716;
- /* test with 1 generated key and 1 from known test vector */
- if (wc_curve25519_import_private_raw(sa, sizeof(sa), pa, sizeof(pa), &userA)
- != 0)
- return -10717;
- if (wc_curve25519_make_key(&rng, 32, &userB) != 0)
- return -10718;
- x = sizeof(sharedA);
- if (wc_curve25519_shared_secret(&userA, &userB, sharedA, &x) != 0)
- return -10719;
- y = sizeof(sharedB);
- if (wc_curve25519_shared_secret(&userB, &userA, sharedB, &y) != 0)
- return -10720;
- /* compare shared secret keys to test they are the same */
- if (y != x)
- return -10721;
- if (XMEMCMP(sharedA, sharedB, x))
- return -10722;
- ret = curve25519_overflow_test();
- if (ret != 0)
- return ret;
- ret = curve25519_check_public_test();
- if (ret != 0)
- return ret;
- #endif /* HAVE_CURVE25519_SHARED_SECRET && HAVE_CURVE25519_KEY_IMPORT */
- /* clean up keys when done */
- wc_curve25519_free(&pubKey);
- wc_curve25519_free(&userB);
- wc_curve25519_free(&userA);
- wc_FreeRng(&rng);
- return 0;
- }
- #endif /* HAVE_CURVE25519 */
- #ifdef HAVE_ED25519
- #ifdef WOLFSSL_TEST_CERT
- static int ed25519_test_cert(void)
- {
- DecodedCert cert[2];
- DecodedCert* serverCert = NULL;
- DecodedCert* caCert = NULL;
- #ifdef HAVE_ED25519_VERIFY
- ed25519_key key;
- ed25519_key* pubKey = NULL;
- int verify;
- #endif /* HAVE_ED25519_VERIFY */
- int ret;
- byte* tmp;
- size_t bytes;
- XFILE file;
- tmp = (byte *)XMALLOC(FOURK_BUF, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- if (tmp == NULL) {
- ERROR_OUT(-10730, done);
- }
- #ifdef USE_CERT_BUFFERS_256
- XMEMCPY(tmp, ca_ed25519_cert, sizeof_ca_ed25519_cert);
- bytes = sizeof_ca_ed25519_cert;
- #elif !defined(NO_FILESYSTEM)
- file = XFOPEN(caEd25519Cert, "rb");
- if (file == NULL) {
- ERROR_OUT(-10731, done);
- }
- bytes = XFREAD(tmp, 1, FOURK_BUF, file);
- XFCLOSE(file);
- #else
- /* No certificate to use. */
- ERROR_OUT(-10732, done);
- #endif
- InitDecodedCert(&cert[0], tmp, (word32)bytes, 0);
- caCert = &cert[0];
- ret = ParseCert(caCert, CERT_TYPE, NO_VERIFY, NULL);
- if (ret != 0) {
- ERROR_OUT(-10733, done);
- }
- #ifdef USE_CERT_BUFFERS_256
- XMEMCPY(tmp, server_ed25519_cert, sizeof_server_ed25519_cert);
- bytes = sizeof_server_ed25519_cert;
- #elif !defined(NO_FILESYSTEM)
- file = XFOPEN(serverEd25519Cert, "rb");
- if (file == NULL) {
- ERROR_OUT(-10734, done);
- }
- bytes = XFREAD(tmp, 1, FOURK_BUF, file);
- XFCLOSE(file);
- #else
- /* No certificate to use. */
- ERROR_OUT(-10735, done);
- #endif
- InitDecodedCert(&cert[1], tmp, (word32)bytes, 0);
- serverCert = &cert[1];
- ret = ParseCert(serverCert, CERT_TYPE, NO_VERIFY, NULL);
- if (ret != 0) {
- ERROR_OUT(-10736, done);
- }
- #ifdef HAVE_ED25519_VERIFY
- ret = wc_ed25519_init(&key);
- if (ret < 0) {
- ERROR_OUT(-10737, done);
- }
- pubKey = &key;
- ret = wc_ed25519_import_public(caCert->publicKey, caCert->pubKeySize,
- pubKey);
- if (ret < 0) {
- ERROR_OUT(-10738, done);
- }
- if (wc_ed25519_verify_msg(serverCert->signature, serverCert->sigLength,
- serverCert->source + serverCert->certBegin,
- serverCert->sigIndex - serverCert->certBegin,
- &verify, pubKey) < 0 || verify != 1) {
- ERROR_OUT(-10739, done);
- }
- #endif /* HAVE_ED25519_VERIFY */
- done:
- if (tmp != NULL)
- XFREE(tmp, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- #ifdef HAVE_ED25519_VERIFY
- wc_ed25519_free(pubKey);
- #endif /* HAVE_ED25519_VERIFY */
- if (caCert != NULL)
- FreeDecodedCert(caCert);
- if (serverCert != NULL)
- FreeDecodedCert(serverCert);
- return ret;
- }
- static int ed25519_test_make_cert(void)
- {
- WC_RNG rng;
- Cert cert;
- DecodedCert decode;
- ed25519_key key;
- ed25519_key* privKey = NULL;
- int ret = 0;
- byte* tmp = NULL;
- wc_InitCert(&cert);
- #ifndef HAVE_FIPS
- ret = wc_InitRng_ex(&rng, HEAP_HINT, devId);
- #else
- ret = wc_InitRng(&rng);
- #endif
- if (ret != 0)
- return -10750;
- wc_ed25519_init(&key);
- privKey = &key;
- wc_ed25519_make_key(&rng, ED25519_KEY_SIZE, privKey);
- cert.daysValid = 365 * 2;
- cert.selfSigned = 1;
- XMEMCPY(&cert.issuer, &certDefaultName, sizeof(CertName));
- XMEMCPY(&cert.subject, &certDefaultName, sizeof(CertName));
- cert.isCA = 0;
- #ifdef WOLFSSL_CERT_EXT
- ret = wc_SetKeyUsage(&cert, certKeyUsage);
- if (ret < 0) {
- ERROR_OUT(-10751, done);
- }
- ret = wc_SetSubjectKeyIdFromPublicKey_ex(&cert, ED25519_TYPE, privKey);
- if (ret < 0) {
- ERROR_OUT(-10752, done);
- }
- ret = wc_SetAuthKeyIdFromPublicKey_ex(&cert, ED25519_TYPE, privKey);
- if (ret < 0) {
- ERROR_OUT(-10753, done);
- }
- #endif
- tmp = (byte *)XMALLOC(FOURK_BUF, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- if (tmp == NULL) {
- ERROR_OUT(-10754, done);
- }
- cert.sigType = CTC_ED25519;
- ret = wc_MakeCert_ex(&cert, tmp, FOURK_BUF, ED25519_TYPE, privKey, &rng);
- if (ret < 0) {
- ERROR_OUT(-10755, done);
- }
- ret = wc_SignCert_ex(cert.bodySz, cert.sigType, tmp, FOURK_BUF,
- ED25519_TYPE, privKey, &rng);
- if (ret < 0) {
- ERROR_OUT(-10756, done);
- }
- InitDecodedCert(&decode, tmp, ret, HEAP_HINT);
- ret = ParseCert(&decode, CERT_TYPE, NO_VERIFY, 0);
- FreeDecodedCert(&decode);
- if (ret != 0) {
- ERROR_OUT(-10757, done);
- }
- done:
- if (tmp != NULL)
- XFREE(tmp, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- wc_ed25519_free(privKey);
- wc_FreeRng(&rng);
- return ret;
- }
- #endif /* WOLFSSL_TEST_CERT */
- #if defined(HAVE_ED25519_SIGN) && defined(HAVE_ED25519_KEY_EXPORT) && \
- defined(HAVE_ED25519_KEY_IMPORT)
- static int ed25519ctx_test(void)
- {
- byte out[ED25519_SIG_SIZE];
- word32 outlen;
- #ifdef HAVE_ED25519_VERIFY
- int verify;
- #endif /* HAVE_ED25519_VERIFY */
- ed25519_key key;
- WOLFSSL_SMALL_STACK_STATIC const byte sKeyCtx[] = {
- 0x03,0x05,0x33,0x4e,0x38,0x1a,0xf7,0x8f,
- 0x14,0x1c,0xb6,0x66,0xf6,0x19,0x9f,0x57,
- 0xbc,0x34,0x95,0x33,0x5a,0x25,0x6a,0x95,
- 0xbd,0x2a,0x55,0xbf,0x54,0x66,0x63,0xf6
- };
- WOLFSSL_SMALL_STACK_STATIC const byte pKeyCtx[] = {
- 0xdf,0xc9,0x42,0x5e,0x4f,0x96,0x8f,0x7f,
- 0x0c,0x29,0xf0,0x25,0x9c,0xf5,0xf9,0xae,
- 0xd6,0x85,0x1c,0x2b,0xb4,0xad,0x8b,0xfb,
- 0x86,0x0c,0xfe,0xe0,0xab,0x24,0x82,0x92
- };
- WOLFSSL_SMALL_STACK_STATIC const byte sigCtx1[] = {
- 0x55,0xa4,0xcc,0x2f,0x70,0xa5,0x4e,0x04,
- 0x28,0x8c,0x5f,0x4c,0xd1,0xe4,0x5a,0x7b,
- 0xb5,0x20,0xb3,0x62,0x92,0x91,0x18,0x76,
- 0xca,0xda,0x73,0x23,0x19,0x8d,0xd8,0x7a,
- 0x8b,0x36,0x95,0x0b,0x95,0x13,0x00,0x22,
- 0x90,0x7a,0x7f,0xb7,0xc4,0xe9,0xb2,0xd5,
- 0xf6,0xcc,0xa6,0x85,0xa5,0x87,0xb4,0xb2,
- 0x1f,0x4b,0x88,0x8e,0x4e,0x7e,0xdb,0x0d
- };
- WOLFSSL_SMALL_STACK_STATIC const byte sigCtx2[] = {
- 0xcc,0x5e,0x63,0xa2,0x7e,0x94,0xaf,0xd3,
- 0x41,0x83,0x38,0xd2,0x48,0x6f,0xa9,0x2a,
- 0xf9,0x91,0x7c,0x2d,0x98,0x9e,0x06,0xe5,
- 0x02,0x77,0x72,0x1c,0x34,0x38,0x18,0xb4,
- 0x21,0x96,0xbc,0x29,0x2e,0x68,0xf3,0x4d,
- 0x85,0x9b,0xbe,0xad,0x17,0x9f,0x54,0x54,
- 0x2d,0x4b,0x04,0xdc,0xfb,0xfa,0x4a,0x68,
- 0x4e,0x39,0x50,0xfb,0x1c,0xcd,0x8d,0x0d
- };
- WOLFSSL_SMALL_STACK_STATIC const byte msgCtx[] = {
- 0xf7,0x26,0x93,0x6d,0x19,0xc8,0x00,0x49,
- 0x4e,0x3f,0xda,0xff,0x20,0xb2,0x76,0xa8
- };
- WOLFSSL_SMALL_STACK_STATIC const byte contextCtx[] = {
- 0x66,0x6f,0x6f
- };
- outlen = sizeof(out);
- XMEMSET(out, 0, sizeof(out));
- if (wc_ed25519_import_private_key(sKeyCtx, ED25519_KEY_SIZE, pKeyCtx,
- sizeof(pKeyCtx), &key) != 0)
- return -10800;
- if (wc_ed25519ctx_sign_msg(msgCtx, sizeof(msgCtx), out, &outlen, &key,
- contextCtx, sizeof(contextCtx)) != 0)
- return -10801;
- if (XMEMCMP(out, sigCtx1, 64))
- return -10802;
- #if defined(HAVE_ED25519_VERIFY)
- /* test verify on good msg */
- if (wc_ed25519ctx_verify_msg(out, outlen, msgCtx, sizeof(msgCtx), &verify,
- &key, contextCtx, sizeof(contextCtx)) != 0 ||
- verify != 1)
- return -10803;
- #endif
- if (wc_ed25519ctx_sign_msg(msgCtx, sizeof(msgCtx), out, &outlen, &key, NULL,
- 0) != 0)
- return -10804;
- if (XMEMCMP(out, sigCtx2, 64))
- return -10805;
- #if defined(HAVE_ED25519_VERIFY)
- /* test verify on good msg */
- if (wc_ed25519ctx_verify_msg(out, outlen, msgCtx, sizeof(msgCtx), &verify,
- &key, NULL, 0) != 0 || verify != 1)
- return -10806;
- #endif
- wc_ed25519_free(&key);
- return 0;
- }
- static int ed25519ph_test(void)
- {
- byte out[ED25519_SIG_SIZE];
- word32 outlen;
- #ifdef HAVE_ED25519_VERIFY
- int verify;
- #endif /* HAVE_ED25519_VERIFY */
- ed25519_key key;
- WOLFSSL_SMALL_STACK_STATIC const byte sKeyPh[] = {
- 0x83,0x3f,0xe6,0x24,0x09,0x23,0x7b,0x9d,
- 0x62,0xec,0x77,0x58,0x75,0x20,0x91,0x1e,
- 0x9a,0x75,0x9c,0xec,0x1d,0x19,0x75,0x5b,
- 0x7d,0xa9,0x01,0xb9,0x6d,0xca,0x3d,0x42
- };
- WOLFSSL_SMALL_STACK_STATIC const byte pKeyPh[] = {
- 0xec,0x17,0x2b,0x93,0xad,0x5e,0x56,0x3b,
- 0xf4,0x93,0x2c,0x70,0xe1,0x24,0x50,0x34,
- 0xc3,0x54,0x67,0xef,0x2e,0xfd,0x4d,0x64,
- 0xeb,0xf8,0x19,0x68,0x34,0x67,0xe2,0xbf
- };
- WOLFSSL_SMALL_STACK_STATIC const byte sigPh1[] = {
- 0x98,0xa7,0x02,0x22,0xf0,0xb8,0x12,0x1a,
- 0xa9,0xd3,0x0f,0x81,0x3d,0x68,0x3f,0x80,
- 0x9e,0x46,0x2b,0x46,0x9c,0x7f,0xf8,0x76,
- 0x39,0x49,0x9b,0xb9,0x4e,0x6d,0xae,0x41,
- 0x31,0xf8,0x50,0x42,0x46,0x3c,0x2a,0x35,
- 0x5a,0x20,0x03,0xd0,0x62,0xad,0xf5,0xaa,
- 0xa1,0x0b,0x8c,0x61,0xe6,0x36,0x06,0x2a,
- 0xaa,0xd1,0x1c,0x2a,0x26,0x08,0x34,0x06
- };
- WOLFSSL_SMALL_STACK_STATIC const byte sigPh2[] = {
- 0xe0,0x39,0x70,0x2b,0x4c,0x25,0x95,0xa6,
- 0xa5,0x41,0xac,0x85,0x09,0x23,0x6e,0x29,
- 0x90,0x47,0x47,0x95,0x33,0x0c,0x9b,0x34,
- 0xa7,0x5f,0x58,0xa6,0x60,0x12,0x9e,0x08,
- 0xfd,0x73,0x69,0x43,0xfb,0x19,0x43,0xa5,
- 0x57,0x20,0xb9,0xe0,0x95,0x7b,0x1e,0xd6,
- 0x73,0x48,0x16,0x61,0x9f,0x13,0x88,0xf4,
- 0x3f,0x73,0xe6,0xe3,0xba,0xa8,0x1c,0x0e
- };
- WOLFSSL_SMALL_STACK_STATIC const byte msgPh[] = {
- 0x61,0x62,0x63
- };
- /* SHA-512 hash of msgPh */
- WOLFSSL_SMALL_STACK_STATIC const byte hashPh[] = {
- 0xdd,0xaf,0x35,0xa1,0x93,0x61,0x7a,0xba,
- 0xcc,0x41,0x73,0x49,0xae,0x20,0x41,0x31,
- 0x12,0xe6,0xfa,0x4e,0x89,0xa9,0x7e,0xa2,
- 0x0a,0x9e,0xee,0xe6,0x4b,0x55,0xd3,0x9a,
- 0x21,0x92,0x99,0x2a,0x27,0x4f,0xc1,0xa8,
- 0x36,0xba,0x3c,0x23,0xa3,0xfe,0xeb,0xbd,
- 0x45,0x4d,0x44,0x23,0x64,0x3c,0xe8,0x0e,
- 0x2a,0x9a,0xc9,0x4f,0xa5,0x4c,0xa4,0x9f
- };
- WOLFSSL_SMALL_STACK_STATIC const byte contextPh2[] = {
- 0x66,0x6f,0x6f
- };
- outlen = sizeof(out);
- XMEMSET(out, 0, sizeof(out));
- if (wc_ed25519_import_private_key(sKeyPh, ED25519_KEY_SIZE, pKeyPh,
- sizeof(pKeyPh), &key) != 0) {
- return -10900;
- }
- if (wc_ed25519ph_sign_msg(msgPh, sizeof(msgPh), out, &outlen, &key, NULL,
- 0) != 0) {
- return -10901;
- }
- if (XMEMCMP(out, sigPh1, 64))
- return -10902;
- #if defined(HAVE_ED25519_VERIFY)
- /* test verify on good msg */
- if (wc_ed25519ph_verify_msg(out, outlen, msgPh, sizeof(msgPh), &verify,
- &key, NULL, 0) != 0 ||
- verify != 1) {
- return -10903;
- }
- #endif
- if (wc_ed25519ph_sign_msg(msgPh, sizeof(msgPh), out, &outlen, &key,
- contextPh2, sizeof(contextPh2)) != 0) {
- return -10904;
- }
- if (XMEMCMP(out, sigPh2, 64))
- return -10905;
- #if defined(HAVE_ED25519_VERIFY)
- /* test verify on good msg */
- if (wc_ed25519ph_verify_msg(out, outlen, msgPh, sizeof(msgPh), &verify,
- &key, contextPh2, sizeof(contextPh2)) != 0 ||
- verify != 1) {
- return -10906;
- }
- #endif
- if (wc_ed25519ph_sign_hash(hashPh, sizeof(hashPh), out, &outlen, &key, NULL,
- 0) != 0) {
- return -10907;
- }
- if (XMEMCMP(out, sigPh1, 64))
- return -10908;
- #if defined(HAVE_ED25519_VERIFY)
- if (wc_ed25519ph_verify_hash(out, outlen, hashPh, sizeof(hashPh), &verify,
- &key, NULL, 0) != 0 ||
- verify != 1) {
- return -10909;
- }
- #endif
- if (wc_ed25519ph_sign_hash(hashPh, sizeof(hashPh), out, &outlen, &key,
- contextPh2, sizeof(contextPh2)) != 0) {
- return -10910;
- }
- if (XMEMCMP(out, sigPh2, 64))
- return -10911;
- #if defined(HAVE_ED25519_VERIFY)
- if (wc_ed25519ph_verify_hash(out, outlen, hashPh, sizeof(hashPh), &verify,
- &key, contextPh2, sizeof(contextPh2)) != 0 ||
- verify != 1) {
- return -10912;
- }
- #endif
- wc_ed25519_free(&key);
- return 0;
- }
- #endif /* HAVE_ED25519_SIGN && HAVE_ED25519_KEY_EXPORT && HAVE_ED25519_KEY_IMPORT */
- WOLFSSL_TEST_SUBROUTINE int ed25519_test(void)
- {
- int ret;
- WC_RNG rng;
- #if defined(HAVE_ED25519_SIGN) && defined(HAVE_ED25519_KEY_EXPORT) &&\
- defined(HAVE_ED25519_KEY_IMPORT)
- byte out[ED25519_SIG_SIZE];
- byte exportPKey[ED25519_KEY_SIZE];
- byte exportSKey[ED25519_KEY_SIZE];
- word32 exportPSz;
- word32 exportSSz;
- int i;
- word32 outlen;
- #ifdef HAVE_ED25519_VERIFY
- int verify;
- #endif /* HAVE_ED25519_VERIFY */
- #endif /* HAVE_ED25519_SIGN && HAVE_ED25519_KEY_EXPORT && HAVE_ED25519_KEY_IMPORT */
- word32 keySz, sigSz;
- ed25519_key key;
- ed25519_key key2;
- #if defined(HAVE_ED25519_SIGN) && defined(HAVE_ED25519_KEY_EXPORT) && \
- defined(HAVE_ED25519_KEY_IMPORT)
- /* test vectors from
- https://tools.ietf.org/html/draft-josefsson-eddsa-ed25519-02
- */
- WOLFSSL_SMALL_STACK_STATIC const byte sKey1[] = {
- 0x9d,0x61,0xb1,0x9d,0xef,0xfd,0x5a,0x60,
- 0xba,0x84,0x4a,0xf4,0x92,0xec,0x2c,0xc4,
- 0x44,0x49,0xc5,0x69,0x7b,0x32,0x69,0x19,
- 0x70,0x3b,0xac,0x03,0x1c,0xae,0x7f,0x60
- };
- WOLFSSL_SMALL_STACK_STATIC const byte sKey2[] = {
- 0x4c,0xcd,0x08,0x9b,0x28,0xff,0x96,0xda,
- 0x9d,0xb6,0xc3,0x46,0xec,0x11,0x4e,0x0f,
- 0x5b,0x8a,0x31,0x9f,0x35,0xab,0xa6,0x24,
- 0xda,0x8c,0xf6,0xed,0x4f,0xb8,0xa6,0xfb
- };
- WOLFSSL_SMALL_STACK_STATIC const byte sKey3[] = {
- 0xc5,0xaa,0x8d,0xf4,0x3f,0x9f,0x83,0x7b,
- 0xed,0xb7,0x44,0x2f,0x31,0xdc,0xb7,0xb1,
- 0x66,0xd3,0x85,0x35,0x07,0x6f,0x09,0x4b,
- 0x85,0xce,0x3a,0x2e,0x0b,0x44,0x58,0xf7
- };
- /* uncompressed test */
- WOLFSSL_SMALL_STACK_STATIC const byte sKey4[] = {
- 0x9d,0x61,0xb1,0x9d,0xef,0xfd,0x5a,0x60,
- 0xba,0x84,0x4a,0xf4,0x92,0xec,0x2c,0xc4,
- 0x44,0x49,0xc5,0x69,0x7b,0x32,0x69,0x19,
- 0x70,0x3b,0xac,0x03,0x1c,0xae,0x7f,0x60
- };
- /* compressed prefix test */
- WOLFSSL_SMALL_STACK_STATIC const byte sKey5[] = {
- 0x9d,0x61,0xb1,0x9d,0xef,0xfd,0x5a,0x60,
- 0xba,0x84,0x4a,0xf4,0x92,0xec,0x2c,0xc4,
- 0x44,0x49,0xc5,0x69,0x7b,0x32,0x69,0x19,
- 0x70,0x3b,0xac,0x03,0x1c,0xae,0x7f,0x60
- };
- WOLFSSL_SMALL_STACK_STATIC const byte sKey6[] = {
- 0xf5,0xe5,0x76,0x7c,0xf1,0x53,0x31,0x95,
- 0x17,0x63,0x0f,0x22,0x68,0x76,0xb8,0x6c,
- 0x81,0x60,0xcc,0x58,0x3b,0xc0,0x13,0x74,
- 0x4c,0x6b,0xf2,0x55,0xf5,0xcc,0x0e,0xe5
- };
- WOLFSSL_SMALL_STACK_STATIC const byte* sKeys[] = {sKey1, sKey2, sKey3, sKey4, sKey5, sKey6};
- WOLFSSL_SMALL_STACK_STATIC const byte pKey1[] = {
- 0xd7,0x5a,0x98,0x01,0x82,0xb1,0x0a,0xb7,
- 0xd5,0x4b,0xfe,0xd3,0xc9,0x64,0x07,0x3a,
- 0x0e,0xe1,0x72,0xf3,0xda,0xa6,0x23,0x25,
- 0xaf,0x02,0x1a,0x68,0xf7,0x07,0x51,0x1a
- };
- WOLFSSL_SMALL_STACK_STATIC const byte pKey2[] = {
- 0x3d,0x40,0x17,0xc3,0xe8,0x43,0x89,0x5a,
- 0x92,0xb7,0x0a,0xa7,0x4d,0x1b,0x7e,0xbc,
- 0x9c,0x98,0x2c,0xcf,0x2e,0xc4,0x96,0x8c,
- 0xc0,0xcd,0x55,0xf1,0x2a,0xf4,0x66,0x0c
- };
- WOLFSSL_SMALL_STACK_STATIC const byte pKey3[] = {
- 0xfc,0x51,0xcd,0x8e,0x62,0x18,0xa1,0xa3,
- 0x8d,0xa4,0x7e,0xd0,0x02,0x30,0xf0,0x58,
- 0x08,0x16,0xed,0x13,0xba,0x33,0x03,0xac,
- 0x5d,0xeb,0x91,0x15,0x48,0x90,0x80,0x25
- };
- /* uncompressed test */
- WOLFSSL_SMALL_STACK_STATIC const byte pKey4[] = {
- 0x04,0x55,0xd0,0xe0,0x9a,0x2b,0x9d,0x34,
- 0x29,0x22,0x97,0xe0,0x8d,0x60,0xd0,0xf6,
- 0x20,0xc5,0x13,0xd4,0x72,0x53,0x18,0x7c,
- 0x24,0xb1,0x27,0x86,0xbd,0x77,0x76,0x45,
- 0xce,0x1a,0x51,0x07,0xf7,0x68,0x1a,0x02,
- 0xaf,0x25,0x23,0xa6,0xda,0xf3,0x72,0xe1,
- 0x0e,0x3a,0x07,0x64,0xc9,0xd3,0xfe,0x4b,
- 0xd5,0xb7,0x0a,0xb1,0x82,0x01,0x98,0x5a,
- 0xd7
- };
- /* compressed prefix */
- WOLFSSL_SMALL_STACK_STATIC const byte pKey5[] = {
- 0x40,0xd7,0x5a,0x98,0x01,0x82,0xb1,0x0a,0xb7,
- 0xd5,0x4b,0xfe,0xd3,0xc9,0x64,0x07,0x3a,
- 0x0e,0xe1,0x72,0xf3,0xda,0xa6,0x23,0x25,
- 0xaf,0x02,0x1a,0x68,0xf7,0x07,0x51,0x1a
- };
- WOLFSSL_SMALL_STACK_STATIC const byte pKey6[] = {
- 0x27,0x81,0x17,0xfc,0x14,0x4c,0x72,0x34,
- 0x0f,0x67,0xd0,0xf2,0x31,0x6e,0x83,0x86,
- 0xce,0xff,0xbf,0x2b,0x24,0x28,0xc9,0xc5,
- 0x1f,0xef,0x7c,0x59,0x7f,0x1d,0x42,0x6e
- };
- WOLFSSL_SMALL_STACK_STATIC const byte* pKeys[] = {pKey1, pKey2, pKey3, pKey4, pKey5, pKey6};
- WOLFSSL_SMALL_STACK_STATIC const byte pKeySz[] = {sizeof(pKey1), sizeof(pKey2), sizeof(pKey3),
- sizeof(pKey4), sizeof(pKey5), sizeof(pKey6)};
- WOLFSSL_SMALL_STACK_STATIC const byte sig1[] = {
- 0xe5,0x56,0x43,0x00,0xc3,0x60,0xac,0x72,
- 0x90,0x86,0xe2,0xcc,0x80,0x6e,0x82,0x8a,
- 0x84,0x87,0x7f,0x1e,0xb8,0xe5,0xd9,0x74,
- 0xd8,0x73,0xe0,0x65,0x22,0x49,0x01,0x55,
- 0x5f,0xb8,0x82,0x15,0x90,0xa3,0x3b,0xac,
- 0xc6,0x1e,0x39,0x70,0x1c,0xf9,0xb4,0x6b,
- 0xd2,0x5b,0xf5,0xf0,0x59,0x5b,0xbe,0x24,
- 0x65,0x51,0x41,0x43,0x8e,0x7a,0x10,0x0b
- };
- WOLFSSL_SMALL_STACK_STATIC const byte sig2[] = {
- 0x92,0xa0,0x09,0xa9,0xf0,0xd4,0xca,0xb8,
- 0x72,0x0e,0x82,0x0b,0x5f,0x64,0x25,0x40,
- 0xa2,0xb2,0x7b,0x54,0x16,0x50,0x3f,0x8f,
- 0xb3,0x76,0x22,0x23,0xeb,0xdb,0x69,0xda,
- 0x08,0x5a,0xc1,0xe4,0x3e,0x15,0x99,0x6e,
- 0x45,0x8f,0x36,0x13,0xd0,0xf1,0x1d,0x8c,
- 0x38,0x7b,0x2e,0xae,0xb4,0x30,0x2a,0xee,
- 0xb0,0x0d,0x29,0x16,0x12,0xbb,0x0c,0x00
- };
- WOLFSSL_SMALL_STACK_STATIC const byte sig3[] = {
- 0x62,0x91,0xd6,0x57,0xde,0xec,0x24,0x02,
- 0x48,0x27,0xe6,0x9c,0x3a,0xbe,0x01,0xa3,
- 0x0c,0xe5,0x48,0xa2,0x84,0x74,0x3a,0x44,
- 0x5e,0x36,0x80,0xd7,0xdb,0x5a,0xc3,0xac,
- 0x18,0xff,0x9b,0x53,0x8d,0x16,0xf2,0x90,
- 0xae,0x67,0xf7,0x60,0x98,0x4d,0xc6,0x59,
- 0x4a,0x7c,0x15,0xe9,0x71,0x6e,0xd2,0x8d,
- 0xc0,0x27,0xbe,0xce,0xea,0x1e,0xc4,0x0a
- };
- /* uncompressed test */
- WOLFSSL_SMALL_STACK_STATIC const byte sig4[] = {
- 0xe5,0x56,0x43,0x00,0xc3,0x60,0xac,0x72,
- 0x90,0x86,0xe2,0xcc,0x80,0x6e,0x82,0x8a,
- 0x84,0x87,0x7f,0x1e,0xb8,0xe5,0xd9,0x74,
- 0xd8,0x73,0xe0,0x65,0x22,0x49,0x01,0x55,
- 0x5f,0xb8,0x82,0x15,0x90,0xa3,0x3b,0xac,
- 0xc6,0x1e,0x39,0x70,0x1c,0xf9,0xb4,0x6b,
- 0xd2,0x5b,0xf5,0xf0,0x59,0x5b,0xbe,0x24,
- 0x65,0x51,0x41,0x43,0x8e,0x7a,0x10,0x0b
- };
- /* compressed prefix */
- WOLFSSL_SMALL_STACK_STATIC const byte sig5[] = {
- 0xe5,0x56,0x43,0x00,0xc3,0x60,0xac,0x72,
- 0x90,0x86,0xe2,0xcc,0x80,0x6e,0x82,0x8a,
- 0x84,0x87,0x7f,0x1e,0xb8,0xe5,0xd9,0x74,
- 0xd8,0x73,0xe0,0x65,0x22,0x49,0x01,0x55,
- 0x5f,0xb8,0x82,0x15,0x90,0xa3,0x3b,0xac,
- 0xc6,0x1e,0x39,0x70,0x1c,0xf9,0xb4,0x6b,
- 0xd2,0x5b,0xf5,0xf0,0x59,0x5b,0xbe,0x24,
- 0x65,0x51,0x41,0x43,0x8e,0x7a,0x10,0x0b
- };
- WOLFSSL_SMALL_STACK_STATIC const byte sig6[] = {
- 0x0a,0xab,0x4c,0x90,0x05,0x01,0xb3,0xe2,
- 0x4d,0x7c,0xdf,0x46,0x63,0x32,0x6a,0x3a,
- 0x87,0xdf,0x5e,0x48,0x43,0xb2,0xcb,0xdb,
- 0x67,0xcb,0xf6,0xe4,0x60,0xfe,0xc3,0x50,
- 0xaa,0x53,0x71,0xb1,0x50,0x8f,0x9f,0x45,
- 0x28,0xec,0xea,0x23,0xc4,0x36,0xd9,0x4b,
- 0x5e,0x8f,0xcd,0x4f,0x68,0x1e,0x30,0xa6,
- 0xac,0x00,0xa9,0x70,0x4a,0x18,0x8a,0x03
- };
- WOLFSSL_SMALL_STACK_STATIC const byte* sigs[] = {sig1, sig2, sig3, sig4, sig5, sig6};
- WOLFSSL_SMALL_STACK_STATIC const byte msg1[] = {0x0 };
- WOLFSSL_SMALL_STACK_STATIC const byte msg2[] = {0x72};
- WOLFSSL_SMALL_STACK_STATIC const byte msg3[] = {0xAF,0x82};
- /* test of a 1024 byte long message */
- WOLFSSL_SMALL_STACK_STATIC const byte msg4[] = {
- 0x08,0xb8,0xb2,0xb7,0x33,0x42,0x42,0x43,
- 0x76,0x0f,0xe4,0x26,0xa4,0xb5,0x49,0x08,
- 0x63,0x21,0x10,0xa6,0x6c,0x2f,0x65,0x91,
- 0xea,0xbd,0x33,0x45,0xe3,0xe4,0xeb,0x98,
- 0xfa,0x6e,0x26,0x4b,0xf0,0x9e,0xfe,0x12,
- 0xee,0x50,0xf8,0xf5,0x4e,0x9f,0x77,0xb1,
- 0xe3,0x55,0xf6,0xc5,0x05,0x44,0xe2,0x3f,
- 0xb1,0x43,0x3d,0xdf,0x73,0xbe,0x84,0xd8,
- 0x79,0xde,0x7c,0x00,0x46,0xdc,0x49,0x96,
- 0xd9,0xe7,0x73,0xf4,0xbc,0x9e,0xfe,0x57,
- 0x38,0x82,0x9a,0xdb,0x26,0xc8,0x1b,0x37,
- 0xc9,0x3a,0x1b,0x27,0x0b,0x20,0x32,0x9d,
- 0x65,0x86,0x75,0xfc,0x6e,0xa5,0x34,0xe0,
- 0x81,0x0a,0x44,0x32,0x82,0x6b,0xf5,0x8c,
- 0x94,0x1e,0xfb,0x65,0xd5,0x7a,0x33,0x8b,
- 0xbd,0x2e,0x26,0x64,0x0f,0x89,0xff,0xbc,
- 0x1a,0x85,0x8e,0xfc,0xb8,0x55,0x0e,0xe3,
- 0xa5,0xe1,0x99,0x8b,0xd1,0x77,0xe9,0x3a,
- 0x73,0x63,0xc3,0x44,0xfe,0x6b,0x19,0x9e,
- 0xe5,0xd0,0x2e,0x82,0xd5,0x22,0xc4,0xfe,
- 0xba,0x15,0x45,0x2f,0x80,0x28,0x8a,0x82,
- 0x1a,0x57,0x91,0x16,0xec,0x6d,0xad,0x2b,
- 0x3b,0x31,0x0d,0xa9,0x03,0x40,0x1a,0xa6,
- 0x21,0x00,0xab,0x5d,0x1a,0x36,0x55,0x3e,
- 0x06,0x20,0x3b,0x33,0x89,0x0c,0xc9,0xb8,
- 0x32,0xf7,0x9e,0xf8,0x05,0x60,0xcc,0xb9,
- 0xa3,0x9c,0xe7,0x67,0x96,0x7e,0xd6,0x28,
- 0xc6,0xad,0x57,0x3c,0xb1,0x16,0xdb,0xef,
- 0xef,0xd7,0x54,0x99,0xda,0x96,0xbd,0x68,
- 0xa8,0xa9,0x7b,0x92,0x8a,0x8b,0xbc,0x10,
- 0x3b,0x66,0x21,0xfc,0xde,0x2b,0xec,0xa1,
- 0x23,0x1d,0x20,0x6b,0xe6,0xcd,0x9e,0xc7,
- 0xaf,0xf6,0xf6,0xc9,0x4f,0xcd,0x72,0x04,
- 0xed,0x34,0x55,0xc6,0x8c,0x83,0xf4,0xa4,
- 0x1d,0xa4,0xaf,0x2b,0x74,0xef,0x5c,0x53,
- 0xf1,0xd8,0xac,0x70,0xbd,0xcb,0x7e,0xd1,
- 0x85,0xce,0x81,0xbd,0x84,0x35,0x9d,0x44,
- 0x25,0x4d,0x95,0x62,0x9e,0x98,0x55,0xa9,
- 0x4a,0x7c,0x19,0x58,0xd1,0xf8,0xad,0xa5,
- 0xd0,0x53,0x2e,0xd8,0xa5,0xaa,0x3f,0xb2,
- 0xd1,0x7b,0xa7,0x0e,0xb6,0x24,0x8e,0x59,
- 0x4e,0x1a,0x22,0x97,0xac,0xbb,0xb3,0x9d,
- 0x50,0x2f,0x1a,0x8c,0x6e,0xb6,0xf1,0xce,
- 0x22,0xb3,0xde,0x1a,0x1f,0x40,0xcc,0x24,
- 0x55,0x41,0x19,0xa8,0x31,0xa9,0xaa,0xd6,
- 0x07,0x9c,0xad,0x88,0x42,0x5d,0xe6,0xbd,
- 0xe1,0xa9,0x18,0x7e,0xbb,0x60,0x92,0xcf,
- 0x67,0xbf,0x2b,0x13,0xfd,0x65,0xf2,0x70,
- 0x88,0xd7,0x8b,0x7e,0x88,0x3c,0x87,0x59,
- 0xd2,0xc4,0xf5,0xc6,0x5a,0xdb,0x75,0x53,
- 0x87,0x8a,0xd5,0x75,0xf9,0xfa,0xd8,0x78,
- 0xe8,0x0a,0x0c,0x9b,0xa6,0x3b,0xcb,0xcc,
- 0x27,0x32,0xe6,0x94,0x85,0xbb,0xc9,0xc9,
- 0x0b,0xfb,0xd6,0x24,0x81,0xd9,0x08,0x9b,
- 0xec,0xcf,0x80,0xcf,0xe2,0xdf,0x16,0xa2,
- 0xcf,0x65,0xbd,0x92,0xdd,0x59,0x7b,0x07,
- 0x07,0xe0,0x91,0x7a,0xf4,0x8b,0xbb,0x75,
- 0xfe,0xd4,0x13,0xd2,0x38,0xf5,0x55,0x5a,
- 0x7a,0x56,0x9d,0x80,0xc3,0x41,0x4a,0x8d,
- 0x08,0x59,0xdc,0x65,0xa4,0x61,0x28,0xba,
- 0xb2,0x7a,0xf8,0x7a,0x71,0x31,0x4f,0x31,
- 0x8c,0x78,0x2b,0x23,0xeb,0xfe,0x80,0x8b,
- 0x82,0xb0,0xce,0x26,0x40,0x1d,0x2e,0x22,
- 0xf0,0x4d,0x83,0xd1,0x25,0x5d,0xc5,0x1a,
- 0xdd,0xd3,0xb7,0x5a,0x2b,0x1a,0xe0,0x78,
- 0x45,0x04,0xdf,0x54,0x3a,0xf8,0x96,0x9b,
- 0xe3,0xea,0x70,0x82,0xff,0x7f,0xc9,0x88,
- 0x8c,0x14,0x4d,0xa2,0xaf,0x58,0x42,0x9e,
- 0xc9,0x60,0x31,0xdb,0xca,0xd3,0xda,0xd9,
- 0xaf,0x0d,0xcb,0xaa,0xaf,0x26,0x8c,0xb8,
- 0xfc,0xff,0xea,0xd9,0x4f,0x3c,0x7c,0xa4,
- 0x95,0xe0,0x56,0xa9,0xb4,0x7a,0xcd,0xb7,
- 0x51,0xfb,0x73,0xe6,0x66,0xc6,0xc6,0x55,
- 0xad,0xe8,0x29,0x72,0x97,0xd0,0x7a,0xd1,
- 0xba,0x5e,0x43,0xf1,0xbc,0xa3,0x23,0x01,
- 0x65,0x13,0x39,0xe2,0x29,0x04,0xcc,0x8c,
- 0x42,0xf5,0x8c,0x30,0xc0,0x4a,0xaf,0xdb,
- 0x03,0x8d,0xda,0x08,0x47,0xdd,0x98,0x8d,
- 0xcd,0xa6,0xf3,0xbf,0xd1,0x5c,0x4b,0x4c,
- 0x45,0x25,0x00,0x4a,0xa0,0x6e,0xef,0xf8,
- 0xca,0x61,0x78,0x3a,0xac,0xec,0x57,0xfb,
- 0x3d,0x1f,0x92,0xb0,0xfe,0x2f,0xd1,0xa8,
- 0x5f,0x67,0x24,0x51,0x7b,0x65,0xe6,0x14,
- 0xad,0x68,0x08,0xd6,0xf6,0xee,0x34,0xdf,
- 0xf7,0x31,0x0f,0xdc,0x82,0xae,0xbf,0xd9,
- 0x04,0xb0,0x1e,0x1d,0xc5,0x4b,0x29,0x27,
- 0x09,0x4b,0x2d,0xb6,0x8d,0x6f,0x90,0x3b,
- 0x68,0x40,0x1a,0xde,0xbf,0x5a,0x7e,0x08,
- 0xd7,0x8f,0xf4,0xef,0x5d,0x63,0x65,0x3a,
- 0x65,0x04,0x0c,0xf9,0xbf,0xd4,0xac,0xa7,
- 0x98,0x4a,0x74,0xd3,0x71,0x45,0x98,0x67,
- 0x80,0xfc,0x0b,0x16,0xac,0x45,0x16,0x49,
- 0xde,0x61,0x88,0xa7,0xdb,0xdf,0x19,0x1f,
- 0x64,0xb5,0xfc,0x5e,0x2a,0xb4,0x7b,0x57,
- 0xf7,0xf7,0x27,0x6c,0xd4,0x19,0xc1,0x7a,
- 0x3c,0xa8,0xe1,0xb9,0x39,0xae,0x49,0xe4,
- 0x88,0xac,0xba,0x6b,0x96,0x56,0x10,0xb5,
- 0x48,0x01,0x09,0xc8,0xb1,0x7b,0x80,0xe1,
- 0xb7,0xb7,0x50,0xdf,0xc7,0x59,0x8d,0x5d,
- 0x50,0x11,0xfd,0x2d,0xcc,0x56,0x00,0xa3,
- 0x2e,0xf5,0xb5,0x2a,0x1e,0xcc,0x82,0x0e,
- 0x30,0x8a,0xa3,0x42,0x72,0x1a,0xac,0x09,
- 0x43,0xbf,0x66,0x86,0xb6,0x4b,0x25,0x79,
- 0x37,0x65,0x04,0xcc,0xc4,0x93,0xd9,0x7e,
- 0x6a,0xed,0x3f,0xb0,0xf9,0xcd,0x71,0xa4,
- 0x3d,0xd4,0x97,0xf0,0x1f,0x17,0xc0,0xe2,
- 0xcb,0x37,0x97,0xaa,0x2a,0x2f,0x25,0x66,
- 0x56,0x16,0x8e,0x6c,0x49,0x6a,0xfc,0x5f,
- 0xb9,0x32,0x46,0xf6,0xb1,0x11,0x63,0x98,
- 0xa3,0x46,0xf1,0xa6,0x41,0xf3,0xb0,0x41,
- 0xe9,0x89,0xf7,0x91,0x4f,0x90,0xcc,0x2c,
- 0x7f,0xff,0x35,0x78,0x76,0xe5,0x06,0xb5,
- 0x0d,0x33,0x4b,0xa7,0x7c,0x22,0x5b,0xc3,
- 0x07,0xba,0x53,0x71,0x52,0xf3,0xf1,0x61,
- 0x0e,0x4e,0xaf,0xe5,0x95,0xf6,0xd9,0xd9,
- 0x0d,0x11,0xfa,0xa9,0x33,0xa1,0x5e,0xf1,
- 0x36,0x95,0x46,0x86,0x8a,0x7f,0x3a,0x45,
- 0xa9,0x67,0x68,0xd4,0x0f,0xd9,0xd0,0x34,
- 0x12,0xc0,0x91,0xc6,0x31,0x5c,0xf4,0xfd,
- 0xe7,0xcb,0x68,0x60,0x69,0x37,0x38,0x0d,
- 0xb2,0xea,0xaa,0x70,0x7b,0x4c,0x41,0x85,
- 0xc3,0x2e,0xdd,0xcd,0xd3,0x06,0x70,0x5e,
- 0x4d,0xc1,0xff,0xc8,0x72,0xee,0xee,0x47,
- 0x5a,0x64,0xdf,0xac,0x86,0xab,0xa4,0x1c,
- 0x06,0x18,0x98,0x3f,0x87,0x41,0xc5,0xef,
- 0x68,0xd3,0xa1,0x01,0xe8,0xa3,0xb8,0xca,
- 0xc6,0x0c,0x90,0x5c,0x15,0xfc,0x91,0x08,
- 0x40,0xb9,0x4c,0x00,0xa0,0xb9,0xd0
- };
- WOLFSSL_SMALL_STACK_STATIC const byte* msgs[] = {msg1, msg2, msg3, msg1, msg1, msg4};
- WOLFSSL_SMALL_STACK_STATIC const word16 msgSz[] = {0 /*sizeof(msg1)*/,
- sizeof(msg2),
- sizeof(msg3),
- 0 /*sizeof(msg1)*/,
- 0 /*sizeof(msg1)*/,
- sizeof(msg4)
- };
- #ifndef NO_ASN
- static byte privateEd25519[] = {
- 0x30,0x2e,0x02,0x01,0x00,0x30,0x05,0x06,
- 0x03,0x2b,0x65,0x70,0x04,0x22,0x04,0x20,
- 0x9d,0x61,0xb1,0x9d,0xef,0xfd,0x5a,0x60,
- 0xba,0x84,0x4a,0xf4,0x92,0xec,0x2c,0xc4,
- 0x44,0x49,0xc5,0x69,0x7b,0x32,0x69,0x19,
- 0x70,0x3b,0xac,0x03,0x1c,0xae,0x7f,0x60
- };
- static byte publicEd25519[] = {
- 0x30,0x2a,0x30,0x05,0x06,0x03,0x2b,0x65,
- 0x70,0x03,0x21,0x00,0xd7,0x5a,0x98,0x01,
- 0x82,0xb1,0x0a,0xb7,0xd5,0x4b,0xfe,0xd3,
- 0xc9,0x64,0x07,0x3a,0x0e,0xe1,0x72,0xf3,
- 0xda,0xa6,0x23,0x25,0xaf,0x02,0x1a,0x68,
- 0xf7,0x07,0x51,0x1a
- };
- static byte privPubEd25519[] = {
- 0x30,0x52,0x02,0x01,0x00,0x30,0x05,0x06,
- 0x03,0x2b,0x65,0x70,0x04,0x22,0x04,0x20,
- 0x9d,0x61,0xb1,0x9d,0xef,0xfd,0x5a,0x60,
- 0xba,0x84,0x4a,0xf4,0x92,0xec,0x2c,0xc4,
- 0x44,0x49,0xc5,0x69,0x7b,0x32,0x69,0x19,
- 0x70,0x3b,0xac,0x03,0x1c,0xae,0x7f,0x60,
- 0xa1,0x22,0x04,0x20,0xd7,0x5a,0x98,0x01,
- 0x82,0xb1,0x0a,0xb7,0xd5,0x4b,0xfe,0xd3,
- 0xc9,0x64,0x07,0x3a,0x0e,0xe1,0x72,0xf3,
- 0xda,0xa6,0x23,0x25,0xaf,0x02,0x1a,0x68,
- 0xf7,0x07,0x51,0x1a
- };
- word32 idx;
- ed25519_key key3;
- #endif /* NO_ASN */
- #endif /* HAVE_ED25519_SIGN && HAVE_ED25519_KEY_EXPORT && HAVE_ED25519_KEY_IMPORT */
- /* create ed25519 keys */
- #ifndef HAVE_FIPS
- ret = wc_InitRng_ex(&rng, HEAP_HINT, devId);
- #else
- ret = wc_InitRng(&rng);
- #endif
- if (ret != 0)
- return -11000;
- wc_ed25519_init(&key);
- wc_ed25519_init(&key2);
- #ifndef NO_ASN
- wc_ed25519_init(&key3);
- #endif
- wc_ed25519_make_key(&rng, ED25519_KEY_SIZE, &key);
- wc_ed25519_make_key(&rng, ED25519_KEY_SIZE, &key2);
- /* helper functions for signature and key size */
- keySz = wc_ed25519_size(&key);
- sigSz = wc_ed25519_sig_size(&key);
- #if defined(HAVE_ED25519_SIGN) && defined(HAVE_ED25519_KEY_EXPORT) &&\
- defined(HAVE_ED25519_KEY_IMPORT)
- for (i = 0; i < 6; i++) {
- outlen = sizeof(out);
- XMEMSET(out, 0, sizeof(out));
- if (wc_ed25519_import_private_key(sKeys[i], ED25519_KEY_SIZE, pKeys[i],
- pKeySz[i], &key) != 0)
- return -11001 - i;
- if (wc_ed25519_sign_msg(msgs[i], msgSz[i], out, &outlen, &key) != 0)
- return -11011 - i;
- if (XMEMCMP(out, sigs[i], 64))
- return -11021 - i;
- #if defined(HAVE_ED25519_VERIFY)
- /* test verify on good msg */
- if (wc_ed25519_verify_msg(out, outlen, msgs[i], msgSz[i], &verify,
- &key) != 0 || verify != 1)
- return -11031 - i;
- /* test verify on bad msg */
- out[outlen-1] = out[outlen-1] + 1;
- if (wc_ed25519_verify_msg(out, outlen, msgs[i], msgSz[i], &verify,
- &key) == 0 || verify == 1)
- return -11041 - i;
- #endif /* HAVE_ED25519_VERIFY */
- /* test api for import/exporting keys */
- exportPSz = sizeof(exportPKey);
- exportSSz = sizeof(exportSKey);
- if (wc_ed25519_export_public(&key, exportPKey, &exportPSz) != 0)
- return -11051 - i;
- if (wc_ed25519_import_public(exportPKey, exportPSz, &key2) != 0)
- return -11061 - i;
- if (wc_ed25519_export_private_only(&key, exportSKey, &exportSSz) != 0)
- return -11071 - i;
- if (wc_ed25519_import_private_key(exportSKey, exportSSz,
- exportPKey, exportPSz, &key2) != 0)
- return -11081 - i;
- /* clear "out" buffer and test sign with imported keys */
- outlen = sizeof(out);
- XMEMSET(out, 0, sizeof(out));
- if (wc_ed25519_sign_msg(msgs[i], msgSz[i], out, &outlen, &key2) != 0)
- return -11091 - i;
- #if defined(HAVE_ED25519_VERIFY)
- if (wc_ed25519_verify_msg(out, outlen, msgs[i], msgSz[i], &verify,
- &key2) != 0 || verify != 1)
- return -11101 - i;
- if (XMEMCMP(out, sigs[i], 64))
- return -11111 - i;
- #endif /* HAVE_ED25519_VERIFY */
- }
- ret = ed25519ctx_test();
- if (ret != 0)
- return ret;
- ret = ed25519ph_test();
- if (ret != 0)
- return ret;
- #ifndef NO_ASN
- /* Try ASN.1 encoded private-only key and public key. */
- idx = 0;
- if (wc_Ed25519PrivateKeyDecode(privateEd25519, &idx, &key3,
- sizeof(privateEd25519)) != 0)
- return -11121 - i;
- if (wc_ed25519_sign_msg(msgs[0], msgSz[0], out, &outlen, &key3)
- != BAD_FUNC_ARG)
- return -11131 - i;
- idx = 0;
- if (wc_Ed25519PublicKeyDecode(publicEd25519, &idx, &key3,
- sizeof(publicEd25519)) != 0)
- return -11141 - i;
- if (wc_ed25519_sign_msg(msgs[0], msgSz[0], out, &outlen, &key3) != 0)
- return -11151 - i;
- if (XMEMCMP(out, sigs[0], 64))
- return -11161 - i;
- #if defined(HAVE_ED25519_VERIFY)
- /* test verify on good msg */
- if (wc_ed25519_verify_msg(out, outlen, msgs[0], msgSz[0], &verify, &key3)
- != 0 || verify != 1)
- return -11171 - i;
- #endif /* HAVE_ED25519_VERIFY */
- wc_ed25519_free(&key3);
- wc_ed25519_init(&key3);
- idx = 0;
- if (wc_Ed25519PrivateKeyDecode(privPubEd25519, &idx, &key3,
- sizeof(privPubEd25519)) != 0)
- return -11181 - i;
- if (wc_ed25519_sign_msg(msgs[0], msgSz[0], out, &outlen, &key3) != 0)
- return -11191 - i;
- if (XMEMCMP(out, sigs[0], 64))
- return -11201 - i;
- wc_ed25519_free(&key3);
- #endif /* NO_ASN */
- #endif /* HAVE_ED25519_SIGN && HAVE_ED25519_KEY_EXPORT && HAVE_ED25519_KEY_IMPORT */
- /* clean up keys when done */
- wc_ed25519_free(&key);
- wc_ed25519_free(&key2);
- #if defined(HAVE_HASHDRBG) || defined(NO_RC4)
- wc_FreeRng(&rng);
- #endif
- /* hush warnings of unused keySz and sigSz */
- (void)keySz;
- (void)sigSz;
- #ifdef WOLFSSL_TEST_CERT
- ret = ed25519_test_cert();
- if (ret < 0)
- return ret;
- #ifdef WOLFSSL_CERT_GEN
- ret = ed25519_test_make_cert();
- if (ret < 0)
- return ret;
- #endif /* WOLFSSL_CERT_GEN */
- #endif /* WOLFSSL_TEST_CERT */
- return 0;
- }
- #endif /* HAVE_ED25519 */
- #ifdef HAVE_CURVE448
- #if defined(HAVE_CURVE448_SHARED_SECRET) && \
- defined(HAVE_CURVE448_KEY_IMPORT)
- /* Test the wc_curve448_check_public API.
- *
- * returns 0 on success and -ve on failure.
- */
- static int curve448_check_public_test(void)
- {
- /* Little-endian values that will fail */
- byte fail_le[][CURVE448_KEY_SIZE] = {
- {
- 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
- 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
- 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
- 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
- 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
- 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
- 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00
- },
- {
- 0x01,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
- 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
- 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
- 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
- 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
- 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
- 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00
- },
- };
- /* Big-endian values that will fail */
- byte fail_be[][CURVE448_KEY_SIZE] = {
- {
- 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
- 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
- 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
- 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
- 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
- 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
- 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00
- },
- {
- 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
- 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
- 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
- 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
- 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
- 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
- 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x01
- },
- };
- /* Good or valid public value */
- byte good[CURVE448_KEY_SIZE] = {
- 0x01,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
- 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
- 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
- 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
- 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
- 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
- 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x01
- };
- int i;
- /* Parameter checks */
- /* NULL pointer */
- if (wc_curve448_check_public(NULL, 0, EC448_LITTLE_ENDIAN) !=
- BAD_FUNC_ARG) {
- return -11300;
- }
- if (wc_curve448_check_public(NULL, 0, EC448_BIG_ENDIAN) != BAD_FUNC_ARG) {
- return -11301;
- }
- /* Length of 0 treated differently to other invalid lengths for TLS */
- if (wc_curve448_check_public(good, 0, EC448_LITTLE_ENDIAN) != BUFFER_E)
- return -11302;
- if (wc_curve448_check_public(good, 0, EC448_BIG_ENDIAN) != BUFFER_E)
- return -11303;
- /* Length not CURVE448_KEY_SIZE */
- for (i = 1; i < CURVE448_KEY_SIZE + 2; i++) {
- if (i == CURVE448_KEY_SIZE)
- continue;
- if (wc_curve448_check_public(good, i, EC448_LITTLE_ENDIAN) !=
- ECC_BAD_ARG_E) {
- return -11304 - i;
- }
- if (wc_curve448_check_public(good, i, EC448_BIG_ENDIAN) !=
- ECC_BAD_ARG_E) {
- return -11314 - i;
- }
- }
- /* Little-endian fail cases */
- for (i = 0; i < (int)(sizeof(fail_le) / sizeof(*fail_le)); i++) {
- if (wc_curve448_check_public(fail_le[i], CURVE448_KEY_SIZE,
- EC448_LITTLE_ENDIAN) == 0) {
- return -11324 - i;
- }
- }
- /* Big-endian fail cases */
- for (i = 0; i < (int)(sizeof(fail_be) / sizeof(*fail_be)); i++) {
- if (wc_curve448_check_public(fail_be[i], CURVE448_KEY_SIZE,
- EC448_BIG_ENDIAN) == 0) {
- return -11334 - i;
- }
- }
- /* Check a valid public value works! */
- if (wc_curve448_check_public(good, CURVE448_KEY_SIZE,
- EC448_LITTLE_ENDIAN) != 0) {
- return -11344;
- }
- if (wc_curve448_check_public(good, CURVE448_KEY_SIZE,
- EC448_BIG_ENDIAN) != 0) {
- return -11345;
- }
- return 0;
- }
- #endif /* HAVE_CURVE448_SHARED_SECRET && HAVE_CURVE448_KEY_IMPORT */
- WOLFSSL_TEST_SUBROUTINE int curve448_test(void)
- {
- WC_RNG rng;
- int ret;
- #ifdef HAVE_CURVE448_SHARED_SECRET
- byte sharedA[CURVE448_KEY_SIZE];
- byte sharedB[CURVE448_KEY_SIZE];
- word32 y;
- #endif
- #ifdef HAVE_CURVE448_KEY_EXPORT
- byte exportBuf[CURVE448_KEY_SIZE];
- #endif
- word32 x;
- curve448_key userA, userB, pubKey;
- #if defined(HAVE_CURVE448_SHARED_SECRET) && \
- defined(HAVE_CURVE448_KEY_IMPORT)
- /* test vectors from
- https://www.rfc-editor.org/rfc/rfc7748.html
- */
- /* secret key for party a */
- byte sa[] = {
- 0x6b, 0x72, 0x98, 0xa5, 0xc0, 0xd8, 0xc2, 0x9a,
- 0x1d, 0xab, 0x27, 0xf1, 0xa6, 0x82, 0x63, 0x00,
- 0x91, 0x73, 0x89, 0x44, 0x97, 0x41, 0xa9, 0x74,
- 0xf5, 0xba, 0xc9, 0xd9, 0x8d, 0xc2, 0x98, 0xd4,
- 0x65, 0x55, 0xbc, 0xe8, 0xba, 0xe8, 0x9e, 0xee,
- 0xd4, 0x00, 0x58, 0x4b, 0xb0, 0x46, 0xcf, 0x75,
- 0x57, 0x9f, 0x51, 0xd1, 0x25, 0x49, 0x8f, 0x9a,
- };
- /* public key for party a */
- byte pa[] = {
- 0xa0, 0x1f, 0xc4, 0x32, 0xe5, 0x80, 0x7f, 0x17,
- 0x53, 0x0d, 0x12, 0x88, 0xda, 0x12, 0x5b, 0x0c,
- 0xd4, 0x53, 0xd9, 0x41, 0x72, 0x64, 0x36, 0xc8,
- 0xbb, 0xd9, 0xc5, 0x22, 0x2c, 0x3d, 0xa7, 0xfa,
- 0x63, 0x9c, 0xe0, 0x3d, 0xb8, 0xd2, 0x3b, 0x27,
- 0x4a, 0x07, 0x21, 0xa1, 0xae, 0xd5, 0x22, 0x7d,
- 0xe6, 0xe3, 0xb7, 0x31, 0xcc, 0xf7, 0x08, 0x9b,
- };
- /* secret key for party b */
- byte sb[] = {
- 0x2d, 0x99, 0x73, 0x51, 0xb6, 0x10, 0x6f, 0x36,
- 0xb0, 0xd1, 0x09, 0x1b, 0x92, 0x9c, 0x4c, 0x37,
- 0x21, 0x3e, 0x0d, 0x2b, 0x97, 0xe8, 0x5e, 0xbb,
- 0x20, 0xc1, 0x27, 0x69, 0x1d, 0x0d, 0xad, 0x8f,
- 0x1d, 0x81, 0x75, 0xb0, 0x72, 0x37, 0x45, 0xe6,
- 0x39, 0xa3, 0xcb, 0x70, 0x44, 0x29, 0x0b, 0x99,
- 0xe0, 0xe2, 0xa0, 0xc2, 0x7a, 0x6a, 0x30, 0x1c,
- };
- /* public key for party b */
- byte pb[] = {
- 0x09, 0x36, 0xf3, 0x7b, 0xc6, 0xc1, 0xbd, 0x07,
- 0xae, 0x3d, 0xec, 0x7a, 0xb5, 0xdc, 0x06, 0xa7,
- 0x3c, 0xa1, 0x32, 0x42, 0xfb, 0x34, 0x3e, 0xfc,
- 0x72, 0xb9, 0xd8, 0x27, 0x30, 0xb4, 0x45, 0xf3,
- 0xd4, 0xb0, 0xbd, 0x07, 0x71, 0x62, 0xa4, 0x6d,
- 0xcf, 0xec, 0x6f, 0x9b, 0x59, 0x0b, 0xfc, 0xbc,
- 0xf5, 0x20, 0xcd, 0xb0, 0x29, 0xa8, 0xb7, 0x3e,
- };
- /* expected shared key */
- byte ss[] = {
- 0x9d, 0x87, 0x4a, 0x51, 0x37, 0x50, 0x9a, 0x44,
- 0x9a, 0xd5, 0x85, 0x30, 0x40, 0x24, 0x1c, 0x52,
- 0x36, 0x39, 0x54, 0x35, 0xc3, 0x64, 0x24, 0xfd,
- 0x56, 0x0b, 0x0c, 0xb6, 0x2b, 0x28, 0x1d, 0x28,
- 0x52, 0x75, 0xa7, 0x40, 0xce, 0x32, 0xa2, 0x2d,
- 0xd1, 0x74, 0x0f, 0x4a, 0xa9, 0x16, 0x1c, 0xec,
- 0x95, 0xcc, 0xc6, 0x1a, 0x18, 0xf4, 0xff, 0x07,
- };
- #endif /* HAVE_CURVE448_SHARED_SECRET */
- (void)x;
- #ifndef HAVE_FIPS
- ret = wc_InitRng_ex(&rng, HEAP_HINT, devId);
- #else
- ret = wc_InitRng(&rng);
- #endif
- if (ret != 0)
- return -11400;
- wc_curve448_init(&userA);
- wc_curve448_init(&userB);
- wc_curve448_init(&pubKey);
- /* make curve448 keys */
- if (wc_curve448_make_key(&rng, CURVE448_KEY_SIZE, &userA) != 0)
- return -11401;
- if (wc_curve448_make_key(&rng, CURVE448_KEY_SIZE, &userB) != 0)
- return -11402;
- #ifdef HAVE_CURVE448_SHARED_SECRET
- /* find shared secret key */
- x = sizeof(sharedA);
- if (wc_curve448_shared_secret(&userA, &userB, sharedA, &x) != 0)
- return -11403;
- y = sizeof(sharedB);
- if (wc_curve448_shared_secret(&userB, &userA, sharedB, &y) != 0)
- return -11404;
- /* compare shared secret keys to test they are the same */
- if (y != x)
- return -11405;
- if (XMEMCMP(sharedA, sharedB, x))
- return -11406;
- #endif
- #ifdef HAVE_CURVE448_KEY_EXPORT
- /* export a public key and import it for another user */
- x = sizeof(exportBuf);
- if (wc_curve448_export_public(&userA, exportBuf, &x) != 0)
- return -11407;
- #ifdef HAVE_CURVE448_KEY_IMPORT
- if (wc_curve448_import_public(exportBuf, x, &pubKey) != 0)
- return -11408;
- #endif
- #endif
- #if defined(HAVE_CURVE448_SHARED_SECRET) && \
- defined(HAVE_CURVE448_KEY_IMPORT)
- /* test shared key after importing a public key */
- XMEMSET(sharedB, 0, sizeof(sharedB));
- y = sizeof(sharedB);
- if (wc_curve448_shared_secret(&userB, &pubKey, sharedB, &y) != 0)
- return -11409;
- if (XMEMCMP(sharedA, sharedB, y))
- return -11410;
- /* import RFC test vectors and compare shared key */
- if (wc_curve448_import_private_raw(sa, sizeof(sa), pa, sizeof(pa), &userA)
- != 0)
- return -11411;
- if (wc_curve448_import_private_raw(sb, sizeof(sb), pb, sizeof(pb), &userB)
- != 0)
- return -11412;
- /* test against known test vector */
- XMEMSET(sharedB, 0, sizeof(sharedB));
- y = sizeof(sharedB);
- if (wc_curve448_shared_secret(&userA, &userB, sharedB, &y) != 0)
- return -11413;
- if (XMEMCMP(ss, sharedB, y))
- return -11414;
- /* test swapping roles of keys and generating same shared key */
- XMEMSET(sharedB, 0, sizeof(sharedB));
- y = sizeof(sharedB);
- if (wc_curve448_shared_secret(&userB, &userA, sharedB, &y) != 0)
- return -11415;
- if (XMEMCMP(ss, sharedB, y))
- return -11416;
- /* test with 1 generated key and 1 from known test vector */
- if (wc_curve448_import_private_raw(sa, sizeof(sa), pa, sizeof(pa), &userA)
- != 0)
- return -11417;
- if (wc_curve448_make_key(&rng, 56, &userB) != 0)
- return -11418;
- x = sizeof(sharedA);
- if (wc_curve448_shared_secret(&userA, &userB, sharedA, &x) != 0)
- return -11419;
- y = sizeof(sharedB);
- if (wc_curve448_shared_secret(&userB, &userA, sharedB, &y) != 0)
- return -11420;
- /* compare shared secret keys to test they are the same */
- if (y != x)
- return -11421;
- if (XMEMCMP(sharedA, sharedB, x))
- return -11422;
- ret = curve448_check_public_test();
- if (ret != 0)
- return ret;
- #endif /* HAVE_CURVE448_SHARED_SECRET && HAVE_CURVE448_KEY_IMPORT */
- /* clean up keys when done */
- wc_curve448_free(&pubKey);
- wc_curve448_free(&userB);
- wc_curve448_free(&userA);
- wc_FreeRng(&rng);
- return 0;
- }
- #endif /* HAVE_CURVE448 */
- #ifdef HAVE_ED448
- #ifdef WOLFSSL_TEST_CERT
- static int ed448_test_cert(void)
- {
- DecodedCert cert[2];
- DecodedCert* serverCert = NULL;
- DecodedCert* caCert = NULL;
- #ifdef HAVE_ED448_VERIFY
- ed448_key key;
- ed448_key* pubKey = NULL;
- int verify;
- #endif /* HAVE_ED448_VERIFY */
- int ret;
- byte* tmp;
- size_t bytes;
- XFILE file;
- tmp = (byte *)XMALLOC(FOURK_BUF, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- if (tmp == NULL) {
- ERROR_OUT(-11430, done);
- }
- #ifdef USE_CERT_BUFFERS_256
- XMEMCPY(tmp, ca_ed448_cert, sizeof_ca_ed448_cert);
- bytes = sizeof_ca_ed448_cert;
- #elif !defined(NO_FILESYSTEM)
- file = XFOPEN(caEd448Cert, "rb");
- if (file == NULL) {
- ERROR_OUT(-11431, done);
- }
- bytes = XFREAD(tmp, 1, FOURK_BUF, file);
- XFCLOSE(file);
- #else
- /* No certificate to use. */
- ERROR_OUT(-11432, done);
- #endif
- InitDecodedCert(&cert[0], tmp, (word32)bytes, 0);
- caCert = &cert[0];
- ret = ParseCert(caCert, CERT_TYPE, NO_VERIFY, NULL);
- if (ret != 0) {
- ERROR_OUT(-11433, done);
- }
- #ifdef USE_CERT_BUFFERS_256
- XMEMCPY(tmp, server_ed448_cert, sizeof_server_ed448_cert);
- bytes = sizeof_server_ed448_cert;
- #elif !defined(NO_FILESYSTEM)
- file = XFOPEN(serverEd448Cert, "rb");
- if (file == NULL) {
- ERROR_OUT(-11434, done);
- }
- bytes = XFREAD(tmp, 1, FOURK_BUF, file);
- XFCLOSE(file);
- #else
- /* No certificate to use. */
- ERROR_OUT(-11435, done);
- #endif
- InitDecodedCert(&cert[1], tmp, (word32)bytes, 0);
- serverCert = &cert[1];
- ret = ParseCert(serverCert, CERT_TYPE, NO_VERIFY, NULL);
- if (ret != 0) {
- ERROR_OUT(-11436, done);
- }
- #ifdef HAVE_ED448_VERIFY
- ret = wc_ed448_init(&key);
- if (ret < 0) {
- ERROR_OUT(-11437, done);
- }
- pubKey = &key;
- ret = wc_ed448_import_public(caCert->publicKey, caCert->pubKeySize, pubKey);
- if (ret < 0) {
- ERROR_OUT(-11438, done);
- }
- if (wc_ed448_verify_msg(serverCert->signature, serverCert->sigLength,
- serverCert->source + serverCert->certBegin,
- serverCert->sigIndex - serverCert->certBegin,
- &verify, pubKey, NULL, 0) < 0 || verify != 1) {
- ERROR_OUT(-11439, done);
- }
- #endif /* HAVE_ED448_VERIFY */
- done:
- if (tmp != NULL)
- XFREE(tmp, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- #ifdef HAVE_ED448_VERIFY
- wc_ed448_free(pubKey);
- #endif /* HAVE_ED448_VERIFY */
- if (caCert != NULL)
- FreeDecodedCert(caCert);
- if (serverCert != NULL)
- FreeDecodedCert(serverCert);
- return ret;
- }
- static int ed448_test_make_cert(void)
- {
- WC_RNG rng;
- Cert cert;
- DecodedCert decode;
- ed448_key key;
- ed448_key* privKey = NULL;
- int ret = 0;
- byte* tmp = NULL;
- wc_InitCert(&cert);
- #ifndef HAVE_FIPS
- ret = wc_InitRng_ex(&rng, HEAP_HINT, devId);
- #else
- ret = wc_InitRng(&rng);
- #endif
- if (ret != 0)
- return -11450;
- wc_ed448_init(&key);
- privKey = &key;
- wc_ed448_make_key(&rng, ED448_KEY_SIZE, privKey);
- cert.daysValid = 365 * 2;
- cert.selfSigned = 1;
- XMEMCPY(&cert.issuer, &certDefaultName, sizeof(CertName));
- XMEMCPY(&cert.subject, &certDefaultName, sizeof(CertName));
- cert.isCA = 0;
- #ifdef WOLFSSL_CERT_EXT
- ret = wc_SetKeyUsage(&cert, certKeyUsage);
- if (ret < 0) {
- ERROR_OUT(-11451, done);
- }
- ret = wc_SetSubjectKeyIdFromPublicKey_ex(&cert, ED448_TYPE, privKey);
- if (ret < 0) {
- ERROR_OUT(-11452, done);
- }
- ret = wc_SetAuthKeyIdFromPublicKey_ex(&cert, ED448_TYPE, privKey);
- if (ret < 0) {
- ERROR_OUT(-11453, done);
- }
- #endif
- tmp = (byte *)XMALLOC(FOURK_BUF, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- if (tmp == NULL) {
- ERROR_OUT(-11454, done);
- }
- cert.sigType = CTC_ED448;
- ret = wc_MakeCert_ex(&cert, tmp, FOURK_BUF, ED448_TYPE, privKey, &rng);
- if (ret < 0) {
- ERROR_OUT(-11455, done);
- }
- ret = wc_SignCert_ex(cert.bodySz, cert.sigType, tmp, FOURK_BUF, ED448_TYPE,
- privKey, &rng);
- if (ret < 0) {
- ERROR_OUT(-11456, done);
- }
- InitDecodedCert(&decode, tmp, ret, HEAP_HINT);
- ret = ParseCert(&decode, CERT_TYPE, NO_VERIFY, 0);
- FreeDecodedCert(&decode);
- if (ret != 0) {
- ERROR_OUT(-11457, done);
- }
- done:
- if (tmp != NULL)
- XFREE(tmp, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- wc_ed448_free(privKey);
- wc_FreeRng(&rng);
- return ret;
- }
- #endif /* WOLFSSL_TEST_CERT */
- #if defined(HAVE_ED448_SIGN) && defined(HAVE_ED448_KEY_EXPORT) && \
- defined(HAVE_ED448_KEY_IMPORT)
- static int ed448_ctx_test(void)
- {
- byte out[ED448_SIG_SIZE];
- word32 outlen;
- #ifdef HAVE_ED448_VERIFY
- int verify;
- #endif /* HAVE_ED448_VERIFY */
- ed448_key key;
- WOLFSSL_SMALL_STACK_STATIC const byte sKeyCtx[] = {
- 0xc4, 0xea, 0xb0, 0x5d, 0x35, 0x70, 0x07, 0xc6,
- 0x32, 0xf3, 0xdb, 0xb4, 0x84, 0x89, 0x92, 0x4d,
- 0x55, 0x2b, 0x08, 0xfe, 0x0c, 0x35, 0x3a, 0x0d,
- 0x4a, 0x1f, 0x00, 0xac, 0xda, 0x2c, 0x46, 0x3a,
- 0xfb, 0xea, 0x67, 0xc5, 0xe8, 0xd2, 0x87, 0x7c,
- 0x5e, 0x3b, 0xc3, 0x97, 0xa6, 0x59, 0x94, 0x9e,
- 0xf8, 0x02, 0x1e, 0x95, 0x4e, 0x0a, 0x12, 0x27,
- 0x4e
- };
- WOLFSSL_SMALL_STACK_STATIC const byte pKeyCtx[] = {
- 0x43, 0xba, 0x28, 0xf4, 0x30, 0xcd, 0xff, 0x45,
- 0x6a, 0xe5, 0x31, 0x54, 0x5f, 0x7e, 0xcd, 0x0a,
- 0xc8, 0x34, 0xa5, 0x5d, 0x93, 0x58, 0xc0, 0x37,
- 0x2b, 0xfa, 0x0c, 0x6c, 0x67, 0x98, 0xc0, 0x86,
- 0x6a, 0xea, 0x01, 0xeb, 0x00, 0x74, 0x28, 0x02,
- 0xb8, 0x43, 0x8e, 0xa4, 0xcb, 0x82, 0x16, 0x9c,
- 0x23, 0x51, 0x60, 0x62, 0x7b, 0x4c, 0x3a, 0x94,
- 0x80
- };
- WOLFSSL_SMALL_STACK_STATIC const byte sigCtx[] = {
- 0xd4, 0xf8, 0xf6, 0x13, 0x17, 0x70, 0xdd, 0x46,
- 0xf4, 0x08, 0x67, 0xd6, 0xfd, 0x5d, 0x50, 0x55,
- 0xde, 0x43, 0x54, 0x1f, 0x8c, 0x5e, 0x35, 0xab,
- 0xbc, 0xd0, 0x01, 0xb3, 0x2a, 0x89, 0xf7, 0xd2,
- 0x15, 0x1f, 0x76, 0x47, 0xf1, 0x1d, 0x8c, 0xa2,
- 0xae, 0x27, 0x9f, 0xb8, 0x42, 0xd6, 0x07, 0x21,
- 0x7f, 0xce, 0x6e, 0x04, 0x2f, 0x68, 0x15, 0xea,
- 0x00, 0x0c, 0x85, 0x74, 0x1d, 0xe5, 0xc8, 0xda,
- 0x11, 0x44, 0xa6, 0xa1, 0xab, 0xa7, 0xf9, 0x6d,
- 0xe4, 0x25, 0x05, 0xd7, 0xa7, 0x29, 0x85, 0x24,
- 0xfd, 0xa5, 0x38, 0xfc, 0xcb, 0xbb, 0x75, 0x4f,
- 0x57, 0x8c, 0x1c, 0xad, 0x10, 0xd5, 0x4d, 0x0d,
- 0x54, 0x28, 0x40, 0x7e, 0x85, 0xdc, 0xbc, 0x98,
- 0xa4, 0x91, 0x55, 0xc1, 0x37, 0x64, 0xe6, 0x6c,
- 0x3c, 0x00
- };
- WOLFSSL_SMALL_STACK_STATIC const byte msgCtx[] = {
- 0x03
- };
- WOLFSSL_SMALL_STACK_STATIC const byte contextCtx[] = {
- 0x66,0x6f,0x6f
- };
- outlen = sizeof(out);
- XMEMSET(out, 0, sizeof(out));
- if (wc_ed448_import_private_key(sKeyCtx, ED448_KEY_SIZE, pKeyCtx,
- sizeof(pKeyCtx), &key) != 0)
- return -11500;
- if (wc_ed448_sign_msg(msgCtx, sizeof(msgCtx), out, &outlen, &key,
- contextCtx, sizeof(contextCtx)) != 0)
- return -11501;
- if (XMEMCMP(out, sigCtx, sizeof(sigCtx)))
- return -11502;
- #if defined(HAVE_ED448_VERIFY)
- /* test verify on good msg */
- if (wc_ed448_verify_msg(out, outlen, msgCtx, sizeof(msgCtx), &verify, &key,
- contextCtx, sizeof(contextCtx)) != 0 || verify != 1)
- return -11503;
- #endif
- wc_ed448_free(&key);
- return 0;
- }
- static int ed448ph_test(void)
- {
- byte out[ED448_SIG_SIZE];
- word32 outlen;
- #ifdef HAVE_ED448_VERIFY
- int verify;
- #endif /* HAVE_ED448_VERIFY */
- ed448_key key;
- WOLFSSL_SMALL_STACK_STATIC const byte sKeyPh[] = {
- 0x83, 0x3f, 0xe6, 0x24, 0x09, 0x23, 0x7b, 0x9d,
- 0x62, 0xec, 0x77, 0x58, 0x75, 0x20, 0x91, 0x1e,
- 0x9a, 0x75, 0x9c, 0xec, 0x1d, 0x19, 0x75, 0x5b,
- 0x7d, 0xa9, 0x01, 0xb9, 0x6d, 0xca, 0x3d, 0x42,
- 0xef, 0x78, 0x22, 0xe0, 0xd5, 0x10, 0x41, 0x27,
- 0xdc, 0x05, 0xd6, 0xdb, 0xef, 0xde, 0x69, 0xe3,
- 0xab, 0x2c, 0xec, 0x7c, 0x86, 0x7c, 0x6e, 0x2c,
- 0x49
- };
- WOLFSSL_SMALL_STACK_STATIC const byte pKeyPh[] = {
- 0x25, 0x9b, 0x71, 0xc1, 0x9f, 0x83, 0xef, 0x77,
- 0xa7, 0xab, 0xd2, 0x65, 0x24, 0xcb, 0xdb, 0x31,
- 0x61, 0xb5, 0x90, 0xa4, 0x8f, 0x7d, 0x17, 0xde,
- 0x3e, 0xe0, 0xba, 0x9c, 0x52, 0xbe, 0xb7, 0x43,
- 0xc0, 0x94, 0x28, 0xa1, 0x31, 0xd6, 0xb1, 0xb5,
- 0x73, 0x03, 0xd9, 0x0d, 0x81, 0x32, 0xc2, 0x76,
- 0xd5, 0xed, 0x3d, 0x5d, 0x01, 0xc0, 0xf5, 0x38,
- 0x80
- };
- WOLFSSL_SMALL_STACK_STATIC const byte sigPh1[] = {
- 0x82, 0x2f, 0x69, 0x01, 0xf7, 0x48, 0x0f, 0x3d,
- 0x5f, 0x56, 0x2c, 0x59, 0x29, 0x94, 0xd9, 0x69,
- 0x36, 0x02, 0x87, 0x56, 0x14, 0x48, 0x32, 0x56,
- 0x50, 0x56, 0x00, 0xbb, 0xc2, 0x81, 0xae, 0x38,
- 0x1f, 0x54, 0xd6, 0xbc, 0xe2, 0xea, 0x91, 0x15,
- 0x74, 0x93, 0x2f, 0x52, 0xa4, 0xe6, 0xca, 0xdd,
- 0x78, 0x76, 0x93, 0x75, 0xec, 0x3f, 0xfd, 0x1b,
- 0x80, 0x1a, 0x0d, 0x9b, 0x3f, 0x40, 0x30, 0xcd,
- 0x43, 0x39, 0x64, 0xb6, 0x45, 0x7e, 0xa3, 0x94,
- 0x76, 0x51, 0x12, 0x14, 0xf9, 0x74, 0x69, 0xb5,
- 0x7d, 0xd3, 0x2d, 0xbc, 0x56, 0x0a, 0x9a, 0x94,
- 0xd0, 0x0b, 0xff, 0x07, 0x62, 0x04, 0x64, 0xa3,
- 0xad, 0x20, 0x3d, 0xf7, 0xdc, 0x7c, 0xe3, 0x60,
- 0xc3, 0xcd, 0x36, 0x96, 0xd9, 0xd9, 0xfa, 0xb9,
- 0x0f, 0x00
- };
- WOLFSSL_SMALL_STACK_STATIC const byte sigPh2[] = {
- 0xc3, 0x22, 0x99, 0xd4, 0x6e, 0xc8, 0xff, 0x02,
- 0xb5, 0x45, 0x40, 0x98, 0x28, 0x14, 0xdc, 0xe9,
- 0xa0, 0x58, 0x12, 0xf8, 0x19, 0x62, 0xb6, 0x49,
- 0xd5, 0x28, 0x09, 0x59, 0x16, 0xa2, 0xaa, 0x48,
- 0x10, 0x65, 0xb1, 0x58, 0x04, 0x23, 0xef, 0x92,
- 0x7e, 0xcf, 0x0a, 0xf5, 0x88, 0x8f, 0x90, 0xda,
- 0x0f, 0x6a, 0x9a, 0x85, 0xad, 0x5d, 0xc3, 0xf2,
- 0x80, 0xd9, 0x12, 0x24, 0xba, 0x99, 0x11, 0xa3,
- 0x65, 0x3d, 0x00, 0xe4, 0x84, 0xe2, 0xce, 0x23,
- 0x25, 0x21, 0x48, 0x1c, 0x86, 0x58, 0xdf, 0x30,
- 0x4b, 0xb7, 0x74, 0x5a, 0x73, 0x51, 0x4c, 0xdb,
- 0x9b, 0xf3, 0xe1, 0x57, 0x84, 0xab, 0x71, 0x28,
- 0x4f, 0x8d, 0x07, 0x04, 0xa6, 0x08, 0xc5, 0x4a,
- 0x6b, 0x62, 0xd9, 0x7b, 0xeb, 0x51, 0x1d, 0x13,
- 0x21, 0x00
- };
- WOLFSSL_SMALL_STACK_STATIC const byte msgPh[] = {
- 0x61,0x62,0x63
- };
- /* SHA-512 hash of msgPh */
- WOLFSSL_SMALL_STACK_STATIC const byte hashPh[] = {
- 0x48, 0x33, 0x66, 0x60, 0x13, 0x60, 0xa8, 0x77,
- 0x1c, 0x68, 0x63, 0x08, 0x0c, 0xc4, 0x11, 0x4d,
- 0x8d, 0xb4, 0x45, 0x30, 0xf8, 0xf1, 0xe1, 0xee,
- 0x4f, 0x94, 0xea, 0x37, 0xe7, 0x8b, 0x57, 0x39,
- 0xd5, 0xa1, 0x5b, 0xef, 0x18, 0x6a, 0x53, 0x86,
- 0xc7, 0x57, 0x44, 0xc0, 0x52, 0x7e, 0x1f, 0xaa,
- 0x9f, 0x87, 0x26, 0xe4, 0x62, 0xa1, 0x2a, 0x4f,
- 0xeb, 0x06, 0xbd, 0x88, 0x01, 0xe7, 0x51, 0xe4
- };
- WOLFSSL_SMALL_STACK_STATIC const byte contextPh2[] = {
- 0x66,0x6f,0x6f
- };
- outlen = sizeof(out);
- XMEMSET(out, 0, sizeof(out));
- if (wc_ed448_import_private_key(sKeyPh, ED448_KEY_SIZE, pKeyPh,
- sizeof(pKeyPh), &key) != 0) {
- return -11600;
- }
- if (wc_ed448ph_sign_msg(msgPh, sizeof(msgPh), out, &outlen, &key, NULL,
- 0) != 0) {
- return -11601;
- }
- if (XMEMCMP(out, sigPh1, sizeof(sigPh1)))
- return -11602;
- #if defined(HAVE_ED448_VERIFY)
- /* test verify on good msg */
- if (wc_ed448ph_verify_msg(out, outlen, msgPh, sizeof(msgPh), &verify, &key,
- NULL, 0) != 0 || verify != 1) {
- return -11603;
- }
- #endif
- if (wc_ed448ph_sign_msg(msgPh, sizeof(msgPh), out, &outlen, &key,
- contextPh2, sizeof(contextPh2)) != 0) {
- return -11604;
- }
- if (XMEMCMP(out, sigPh2, sizeof(sigPh2)))
- return -11605;
- #if defined(HAVE_ED448_VERIFY)
- /* test verify on good msg */
- if (wc_ed448ph_verify_msg(out, outlen, msgPh, sizeof(msgPh), &verify, &key,
- contextPh2, sizeof(contextPh2)) != 0 ||
- verify != 1) {
- return -11606;
- }
- #endif
- if (wc_ed448ph_sign_hash(hashPh, sizeof(hashPh), out, &outlen, &key, NULL,
- 0) != 0) {
- return -11607;
- }
- if (XMEMCMP(out, sigPh1, sizeof(sigPh1)))
- return -11608;
- #if defined(HAVE_ED448_VERIFY)
- if (wc_ed448ph_verify_hash(out, outlen, hashPh, sizeof(hashPh), &verify,
- &key, NULL, 0) != 0 || verify != 1) {
- return -11609;
- }
- #endif
- if (wc_ed448ph_sign_hash(hashPh, sizeof(hashPh), out, &outlen, &key,
- contextPh2, sizeof(contextPh2)) != 0) {
- return -11610;
- }
- if (XMEMCMP(out, sigPh2, sizeof(sigPh2)))
- return -11611;
- #if defined(HAVE_ED448_VERIFY)
- if (wc_ed448ph_verify_hash(out, outlen, hashPh, sizeof(hashPh), &verify,
- &key, contextPh2, sizeof(contextPh2)) != 0 ||
- verify != 1) {
- return -11612;
- }
- #endif
- wc_ed448_free(&key);
- return 0;
- }
- #endif /* HAVE_ED448_SIGN && HAVE_ED448_KEY_EXPORT && HAVE_ED448_KEY_IMPORT */
- WOLFSSL_TEST_SUBROUTINE int ed448_test(void)
- {
- int ret;
- WC_RNG rng;
- #if defined(HAVE_ED448_SIGN) && defined(HAVE_ED448_KEY_EXPORT) &&\
- defined(HAVE_ED448_KEY_IMPORT)
- byte out[ED448_SIG_SIZE];
- byte exportPKey[ED448_KEY_SIZE];
- byte exportSKey[ED448_KEY_SIZE];
- word32 exportPSz;
- word32 exportSSz;
- int i;
- word32 outlen;
- #ifdef HAVE_ED448_VERIFY
- int verify;
- #endif /* HAVE_ED448_VERIFY */
- #endif /* HAVE_ED448_SIGN && HAVE_ED448_KEY_EXPORT && HAVE_ED448_KEY_IMPORT */
- word32 keySz, sigSz;
- ed448_key key;
- ed448_key key2;
- #if defined(HAVE_ED448_SIGN) && defined(HAVE_ED448_KEY_EXPORT) && \
- defined(HAVE_ED448_KEY_IMPORT)
- /* test vectors from
- https://tools.ietf.org/html/rfc8032
- */
- WOLFSSL_SMALL_STACK_STATIC const byte sKey1[] = {
- 0x6c, 0x82, 0xa5, 0x62, 0xcb, 0x80, 0x8d, 0x10,
- 0xd6, 0x32, 0xbe, 0x89, 0xc8, 0x51, 0x3e, 0xbf,
- 0x6c, 0x92, 0x9f, 0x34, 0xdd, 0xfa, 0x8c, 0x9f,
- 0x63, 0xc9, 0x96, 0x0e, 0xf6, 0xe3, 0x48, 0xa3,
- 0x52, 0x8c, 0x8a, 0x3f, 0xcc, 0x2f, 0x04, 0x4e,
- 0x39, 0xa3, 0xfc, 0x5b, 0x94, 0x49, 0x2f, 0x8f,
- 0x03, 0x2e, 0x75, 0x49, 0xa2, 0x00, 0x98, 0xf9,
- 0x5b
- };
- WOLFSSL_SMALL_STACK_STATIC const byte sKey2[] = {
- 0xc4, 0xea, 0xb0, 0x5d, 0x35, 0x70, 0x07, 0xc6,
- 0x32, 0xf3, 0xdb, 0xb4, 0x84, 0x89, 0x92, 0x4d,
- 0x55, 0x2b, 0x08, 0xfe, 0x0c, 0x35, 0x3a, 0x0d,
- 0x4a, 0x1f, 0x00, 0xac, 0xda, 0x2c, 0x46, 0x3a,
- 0xfb, 0xea, 0x67, 0xc5, 0xe8, 0xd2, 0x87, 0x7c,
- 0x5e, 0x3b, 0xc3, 0x97, 0xa6, 0x59, 0x94, 0x9e,
- 0xf8, 0x02, 0x1e, 0x95, 0x4e, 0x0a, 0x12, 0x27,
- 0x4e
- };
- WOLFSSL_SMALL_STACK_STATIC const byte sKey3[] = {
- 0x25, 0x8c, 0xdd, 0x4a, 0xda, 0x32, 0xed, 0x9c,
- 0x9f, 0xf5, 0x4e, 0x63, 0x75, 0x6a, 0xe5, 0x82,
- 0xfb, 0x8f, 0xab, 0x2a, 0xc7, 0x21, 0xf2, 0xc8,
- 0xe6, 0x76, 0xa7, 0x27, 0x68, 0x51, 0x3d, 0x93,
- 0x9f, 0x63, 0xdd, 0xdb, 0x55, 0x60, 0x91, 0x33,
- 0xf2, 0x9a, 0xdf, 0x86, 0xec, 0x99, 0x29, 0xdc,
- 0xcb, 0x52, 0xc1, 0xc5, 0xfd, 0x2f, 0xf7, 0xe2,
- 0x1b
- };
- /* uncompressed test */
- WOLFSSL_SMALL_STACK_STATIC const byte sKey4[] = {
- 0x6c, 0x82, 0xa5, 0x62, 0xcb, 0x80, 0x8d, 0x10,
- 0xd6, 0x32, 0xbe, 0x89, 0xc8, 0x51, 0x3e, 0xbf,
- 0x6c, 0x92, 0x9f, 0x34, 0xdd, 0xfa, 0x8c, 0x9f,
- 0x63, 0xc9, 0x96, 0x0e, 0xf6, 0xe3, 0x48, 0xa3,
- 0x52, 0x8c, 0x8a, 0x3f, 0xcc, 0x2f, 0x04, 0x4e,
- 0x39, 0xa3, 0xfc, 0x5b, 0x94, 0x49, 0x2f, 0x8f,
- 0x03, 0x2e, 0x75, 0x49, 0xa2, 0x00, 0x98, 0xf9,
- 0x5b
- };
- /* compressed prefix test */
- WOLFSSL_SMALL_STACK_STATIC const byte sKey5[] = {
- 0x6c, 0x82, 0xa5, 0x62, 0xcb, 0x80, 0x8d, 0x10,
- 0xd6, 0x32, 0xbe, 0x89, 0xc8, 0x51, 0x3e, 0xbf,
- 0x6c, 0x92, 0x9f, 0x34, 0xdd, 0xfa, 0x8c, 0x9f,
- 0x63, 0xc9, 0x96, 0x0e, 0xf6, 0xe3, 0x48, 0xa3,
- 0x52, 0x8c, 0x8a, 0x3f, 0xcc, 0x2f, 0x04, 0x4e,
- 0x39, 0xa3, 0xfc, 0x5b, 0x94, 0x49, 0x2f, 0x8f,
- 0x03, 0x2e, 0x75, 0x49, 0xa2, 0x00, 0x98, 0xf9,
- 0x5b
- };
- WOLFSSL_SMALL_STACK_STATIC const byte sKey6[] = {
- 0x87, 0x2d, 0x09, 0x37, 0x80, 0xf5, 0xd3, 0x73,
- 0x0d, 0xf7, 0xc2, 0x12, 0x66, 0x4b, 0x37, 0xb8,
- 0xa0, 0xf2, 0x4f, 0x56, 0x81, 0x0d, 0xaa, 0x83,
- 0x82, 0xcd, 0x4f, 0xa3, 0xf7, 0x76, 0x34, 0xec,
- 0x44, 0xdc, 0x54, 0xf1, 0xc2, 0xed, 0x9b, 0xea,
- 0x86, 0xfa, 0xfb, 0x76, 0x32, 0xd8, 0xbe, 0x19,
- 0x9e, 0xa1, 0x65, 0xf5, 0xad, 0x55, 0xdd, 0x9c,
- 0xe8
- };
- WOLFSSL_SMALL_STACK_STATIC const byte* sKeys[] = {sKey1, sKey2, sKey3, sKey4, sKey5, sKey6};
- WOLFSSL_SMALL_STACK_STATIC const byte pKey1[] = {
- 0x5f, 0xd7, 0x44, 0x9b, 0x59, 0xb4, 0x61, 0xfd,
- 0x2c, 0xe7, 0x87, 0xec, 0x61, 0x6a, 0xd4, 0x6a,
- 0x1d, 0xa1, 0x34, 0x24, 0x85, 0xa7, 0x0e, 0x1f,
- 0x8a, 0x0e, 0xa7, 0x5d, 0x80, 0xe9, 0x67, 0x78,
- 0xed, 0xf1, 0x24, 0x76, 0x9b, 0x46, 0xc7, 0x06,
- 0x1b, 0xd6, 0x78, 0x3d, 0xf1, 0xe5, 0x0f, 0x6c,
- 0xd1, 0xfa, 0x1a, 0xbe, 0xaf, 0xe8, 0x25, 0x61,
- 0x80
- };
- WOLFSSL_SMALL_STACK_STATIC const byte pKey2[] = {
- 0x43, 0xba, 0x28, 0xf4, 0x30, 0xcd, 0xff, 0x45,
- 0x6a, 0xe5, 0x31, 0x54, 0x5f, 0x7e, 0xcd, 0x0a,
- 0xc8, 0x34, 0xa5, 0x5d, 0x93, 0x58, 0xc0, 0x37,
- 0x2b, 0xfa, 0x0c, 0x6c, 0x67, 0x98, 0xc0, 0x86,
- 0x6a, 0xea, 0x01, 0xeb, 0x00, 0x74, 0x28, 0x02,
- 0xb8, 0x43, 0x8e, 0xa4, 0xcb, 0x82, 0x16, 0x9c,
- 0x23, 0x51, 0x60, 0x62, 0x7b, 0x4c, 0x3a, 0x94,
- 0x80
- };
- WOLFSSL_SMALL_STACK_STATIC const byte pKey3[] = {
- 0x3b, 0xa1, 0x6d, 0xa0, 0xc6, 0xf2, 0xcc, 0x1f,
- 0x30, 0x18, 0x77, 0x40, 0x75, 0x6f, 0x5e, 0x79,
- 0x8d, 0x6b, 0xc5, 0xfc, 0x01, 0x5d, 0x7c, 0x63,
- 0xcc, 0x95, 0x10, 0xee, 0x3f, 0xd4, 0x4a, 0xdc,
- 0x24, 0xd8, 0xe9, 0x68, 0xb6, 0xe4, 0x6e, 0x6f,
- 0x94, 0xd1, 0x9b, 0x94, 0x53, 0x61, 0x72, 0x6b,
- 0xd7, 0x5e, 0x14, 0x9e, 0xf0, 0x98, 0x17, 0xf5,
- 0x80
- };
- /* uncompressed test */
- WOLFSSL_SMALL_STACK_STATIC const byte pKey4[] = {
- 0x5f, 0xd7, 0x44, 0x9b, 0x59, 0xb4, 0x61, 0xfd,
- 0x2c, 0xe7, 0x87, 0xec, 0x61, 0x6a, 0xd4, 0x6a,
- 0x1d, 0xa1, 0x34, 0x24, 0x85, 0xa7, 0x0e, 0x1f,
- 0x8a, 0x0e, 0xa7, 0x5d, 0x80, 0xe9, 0x67, 0x78,
- 0xed, 0xf1, 0x24, 0x76, 0x9b, 0x46, 0xc7, 0x06,
- 0x1b, 0xd6, 0x78, 0x3d, 0xf1, 0xe5, 0x0f, 0x6c,
- 0xd1, 0xfa, 0x1a, 0xbe, 0xaf, 0xe8, 0x25, 0x61,
- 0x80
- };
- /* compressed prefix */
- WOLFSSL_SMALL_STACK_STATIC const byte pKey5[] = {
- 0x5f, 0xd7, 0x44, 0x9b, 0x59, 0xb4, 0x61, 0xfd,
- 0x2c, 0xe7, 0x87, 0xec, 0x61, 0x6a, 0xd4, 0x6a,
- 0x1d, 0xa1, 0x34, 0x24, 0x85, 0xa7, 0x0e, 0x1f,
- 0x8a, 0x0e, 0xa7, 0x5d, 0x80, 0xe9, 0x67, 0x78,
- 0xed, 0xf1, 0x24, 0x76, 0x9b, 0x46, 0xc7, 0x06,
- 0x1b, 0xd6, 0x78, 0x3d, 0xf1, 0xe5, 0x0f, 0x6c,
- 0xd1, 0xfa, 0x1a, 0xbe, 0xaf, 0xe8, 0x25, 0x61,
- 0x80
- };
- WOLFSSL_SMALL_STACK_STATIC const byte pKey6[] = {
- 0xa8, 0x1b, 0x2e, 0x8a, 0x70, 0xa5, 0xac, 0x94,
- 0xff, 0xdb, 0xcc, 0x9b, 0xad, 0xfc, 0x3f, 0xeb,
- 0x08, 0x01, 0xf2, 0x58, 0x57, 0x8b, 0xb1, 0x14,
- 0xad, 0x44, 0xec, 0xe1, 0xec, 0x0e, 0x79, 0x9d,
- 0xa0, 0x8e, 0xff, 0xb8, 0x1c, 0x5d, 0x68, 0x5c,
- 0x0c, 0x56, 0xf6, 0x4e, 0xec, 0xae, 0xf8, 0xcd,
- 0xf1, 0x1c, 0xc3, 0x87, 0x37, 0x83, 0x8c, 0xf4,
- 0x00
- };
- WOLFSSL_SMALL_STACK_STATIC const byte* pKeys[] = {pKey1, pKey2, pKey3, pKey4, pKey5, pKey6};
- WOLFSSL_SMALL_STACK_STATIC const byte pKeySz[] = {sizeof(pKey1), sizeof(pKey2), sizeof(pKey3),
- sizeof(pKey4), sizeof(pKey5), sizeof(pKey6)};
- WOLFSSL_SMALL_STACK_STATIC const byte sig1[] = {
- 0x53, 0x3a, 0x37, 0xf6, 0xbb, 0xe4, 0x57, 0x25,
- 0x1f, 0x02, 0x3c, 0x0d, 0x88, 0xf9, 0x76, 0xae,
- 0x2d, 0xfb, 0x50, 0x4a, 0x84, 0x3e, 0x34, 0xd2,
- 0x07, 0x4f, 0xd8, 0x23, 0xd4, 0x1a, 0x59, 0x1f,
- 0x2b, 0x23, 0x3f, 0x03, 0x4f, 0x62, 0x82, 0x81,
- 0xf2, 0xfd, 0x7a, 0x22, 0xdd, 0xd4, 0x7d, 0x78,
- 0x28, 0xc5, 0x9b, 0xd0, 0xa2, 0x1b, 0xfd, 0x39,
- 0x80, 0xff, 0x0d, 0x20, 0x28, 0xd4, 0xb1, 0x8a,
- 0x9d, 0xf6, 0x3e, 0x00, 0x6c, 0x5d, 0x1c, 0x2d,
- 0x34, 0x5b, 0x92, 0x5d, 0x8d, 0xc0, 0x0b, 0x41,
- 0x04, 0x85, 0x2d, 0xb9, 0x9a, 0xc5, 0xc7, 0xcd,
- 0xda, 0x85, 0x30, 0xa1, 0x13, 0xa0, 0xf4, 0xdb,
- 0xb6, 0x11, 0x49, 0xf0, 0x5a, 0x73, 0x63, 0x26,
- 0x8c, 0x71, 0xd9, 0x58, 0x08, 0xff, 0x2e, 0x65,
- 0x26, 0x00
- };
- WOLFSSL_SMALL_STACK_STATIC const byte sig2[] = {
- 0x26, 0xb8, 0xf9, 0x17, 0x27, 0xbd, 0x62, 0x89,
- 0x7a, 0xf1, 0x5e, 0x41, 0xeb, 0x43, 0xc3, 0x77,
- 0xef, 0xb9, 0xc6, 0x10, 0xd4, 0x8f, 0x23, 0x35,
- 0xcb, 0x0b, 0xd0, 0x08, 0x78, 0x10, 0xf4, 0x35,
- 0x25, 0x41, 0xb1, 0x43, 0xc4, 0xb9, 0x81, 0xb7,
- 0xe1, 0x8f, 0x62, 0xde, 0x8c, 0xcd, 0xf6, 0x33,
- 0xfc, 0x1b, 0xf0, 0x37, 0xab, 0x7c, 0xd7, 0x79,
- 0x80, 0x5e, 0x0d, 0xbc, 0xc0, 0xaa, 0xe1, 0xcb,
- 0xce, 0xe1, 0xaf, 0xb2, 0xe0, 0x27, 0xdf, 0x36,
- 0xbc, 0x04, 0xdc, 0xec, 0xbf, 0x15, 0x43, 0x36,
- 0xc1, 0x9f, 0x0a, 0xf7, 0xe0, 0xa6, 0x47, 0x29,
- 0x05, 0xe7, 0x99, 0xf1, 0x95, 0x3d, 0x2a, 0x0f,
- 0xf3, 0x34, 0x8a, 0xb2, 0x1a, 0xa4, 0xad, 0xaf,
- 0xd1, 0xd2, 0x34, 0x44, 0x1c, 0xf8, 0x07, 0xc0,
- 0x3a, 0x00
- };
- WOLFSSL_SMALL_STACK_STATIC const byte sig3[] = {
- 0x7e, 0xee, 0xab, 0x7c, 0x4e, 0x50, 0xfb, 0x79,
- 0x9b, 0x41, 0x8e, 0xe5, 0xe3, 0x19, 0x7f, 0xf6,
- 0xbf, 0x15, 0xd4, 0x3a, 0x14, 0xc3, 0x43, 0x89,
- 0xb5, 0x9d, 0xd1, 0xa7, 0xb1, 0xb8, 0x5b, 0x4a,
- 0xe9, 0x04, 0x38, 0xac, 0xa6, 0x34, 0xbe, 0xa4,
- 0x5e, 0x3a, 0x26, 0x95, 0xf1, 0x27, 0x0f, 0x07,
- 0xfd, 0xcd, 0xf7, 0xc6, 0x2b, 0x8e, 0xfe, 0xaf,
- 0x00, 0xb4, 0x5c, 0x2c, 0x96, 0xba, 0x45, 0x7e,
- 0xb1, 0xa8, 0xbf, 0x07, 0x5a, 0x3d, 0xb2, 0x8e,
- 0x5c, 0x24, 0xf6, 0xb9, 0x23, 0xed, 0x4a, 0xd7,
- 0x47, 0xc3, 0xc9, 0xe0, 0x3c, 0x70, 0x79, 0xef,
- 0xb8, 0x7c, 0xb1, 0x10, 0xd3, 0xa9, 0x98, 0x61,
- 0xe7, 0x20, 0x03, 0xcb, 0xae, 0x6d, 0x6b, 0x8b,
- 0x82, 0x7e, 0x4e, 0x6c, 0x14, 0x30, 0x64, 0xff,
- 0x3c, 0x00
- };
- /* uncompressed test */
- WOLFSSL_SMALL_STACK_STATIC const byte sig4[] = {
- 0x53, 0x3a, 0x37, 0xf6, 0xbb, 0xe4, 0x57, 0x25,
- 0x1f, 0x02, 0x3c, 0x0d, 0x88, 0xf9, 0x76, 0xae,
- 0x2d, 0xfb, 0x50, 0x4a, 0x84, 0x3e, 0x34, 0xd2,
- 0x07, 0x4f, 0xd8, 0x23, 0xd4, 0x1a, 0x59, 0x1f,
- 0x2b, 0x23, 0x3f, 0x03, 0x4f, 0x62, 0x82, 0x81,
- 0xf2, 0xfd, 0x7a, 0x22, 0xdd, 0xd4, 0x7d, 0x78,
- 0x28, 0xc5, 0x9b, 0xd0, 0xa2, 0x1b, 0xfd, 0x39,
- 0x80, 0xff, 0x0d, 0x20, 0x28, 0xd4, 0xb1, 0x8a,
- 0x9d, 0xf6, 0x3e, 0x00, 0x6c, 0x5d, 0x1c, 0x2d,
- 0x34, 0x5b, 0x92, 0x5d, 0x8d, 0xc0, 0x0b, 0x41,
- 0x04, 0x85, 0x2d, 0xb9, 0x9a, 0xc5, 0xc7, 0xcd,
- 0xda, 0x85, 0x30, 0xa1, 0x13, 0xa0, 0xf4, 0xdb,
- 0xb6, 0x11, 0x49, 0xf0, 0x5a, 0x73, 0x63, 0x26,
- 0x8c, 0x71, 0xd9, 0x58, 0x08, 0xff, 0x2e, 0x65,
- 0x26, 0x00
- };
- /* compressed prefix */
- WOLFSSL_SMALL_STACK_STATIC const byte sig5[] = {
- 0x53, 0x3a, 0x37, 0xf6, 0xbb, 0xe4, 0x57, 0x25,
- 0x1f, 0x02, 0x3c, 0x0d, 0x88, 0xf9, 0x76, 0xae,
- 0x2d, 0xfb, 0x50, 0x4a, 0x84, 0x3e, 0x34, 0xd2,
- 0x07, 0x4f, 0xd8, 0x23, 0xd4, 0x1a, 0x59, 0x1f,
- 0x2b, 0x23, 0x3f, 0x03, 0x4f, 0x62, 0x82, 0x81,
- 0xf2, 0xfd, 0x7a, 0x22, 0xdd, 0xd4, 0x7d, 0x78,
- 0x28, 0xc5, 0x9b, 0xd0, 0xa2, 0x1b, 0xfd, 0x39,
- 0x80, 0xff, 0x0d, 0x20, 0x28, 0xd4, 0xb1, 0x8a,
- 0x9d, 0xf6, 0x3e, 0x00, 0x6c, 0x5d, 0x1c, 0x2d,
- 0x34, 0x5b, 0x92, 0x5d, 0x8d, 0xc0, 0x0b, 0x41,
- 0x04, 0x85, 0x2d, 0xb9, 0x9a, 0xc5, 0xc7, 0xcd,
- 0xda, 0x85, 0x30, 0xa1, 0x13, 0xa0, 0xf4, 0xdb,
- 0xb6, 0x11, 0x49, 0xf0, 0x5a, 0x73, 0x63, 0x26,
- 0x8c, 0x71, 0xd9, 0x58, 0x08, 0xff, 0x2e, 0x65,
- 0x26, 0x00
- };
- WOLFSSL_SMALL_STACK_STATIC const byte sig6[] = {
- 0xe3, 0x01, 0x34, 0x5a, 0x41, 0xa3, 0x9a, 0x4d,
- 0x72, 0xff, 0xf8, 0xdf, 0x69, 0xc9, 0x80, 0x75,
- 0xa0, 0xcc, 0x08, 0x2b, 0x80, 0x2f, 0xc9, 0xb2,
- 0xb6, 0xbc, 0x50, 0x3f, 0x92, 0x6b, 0x65, 0xbd,
- 0xdf, 0x7f, 0x4c, 0x8f, 0x1c, 0xb4, 0x9f, 0x63,
- 0x96, 0xaf, 0xc8, 0xa7, 0x0a, 0xbe, 0x6d, 0x8a,
- 0xef, 0x0d, 0xb4, 0x78, 0xd4, 0xc6, 0xb2, 0x97,
- 0x00, 0x76, 0xc6, 0xa0, 0x48, 0x4f, 0xe7, 0x6d,
- 0x76, 0xb3, 0xa9, 0x76, 0x25, 0xd7, 0x9f, 0x1c,
- 0xe2, 0x40, 0xe7, 0xc5, 0x76, 0x75, 0x0d, 0x29,
- 0x55, 0x28, 0x28, 0x6f, 0x71, 0x9b, 0x41, 0x3d,
- 0xe9, 0xad, 0xa3, 0xe8, 0xeb, 0x78, 0xed, 0x57,
- 0x36, 0x03, 0xce, 0x30, 0xd8, 0xbb, 0x76, 0x17,
- 0x85, 0xdc, 0x30, 0xdb, 0xc3, 0x20, 0x86, 0x9e,
- 0x1a, 0x00
- };
- WOLFSSL_SMALL_STACK_STATIC const byte* sigs[] = {sig1, sig2, sig3, sig4, sig5, sig6};
- #define SIGSZ sizeof(sig1)
- WOLFSSL_SMALL_STACK_STATIC const byte msg1[] = { };
- WOLFSSL_SMALL_STACK_STATIC const byte msg2[] = { 0x03 };
- WOLFSSL_SMALL_STACK_STATIC const byte msg3[] = { 0x64, 0xa6, 0x5f, 0x3c, 0xde, 0xdc, 0xdd,
- 0x66, 0x81, 0x1e, 0x29, 0x15 };
- /* test of a 1023 byte long message */
- WOLFSSL_SMALL_STACK_STATIC const byte msg4[] = {
- 0x6d, 0xdf, 0x80, 0x2e, 0x1a, 0xae, 0x49, 0x86,
- 0x93, 0x5f, 0x7f, 0x98, 0x1b, 0xa3, 0xf0, 0x35,
- 0x1d, 0x62, 0x73, 0xc0, 0xa0, 0xc2, 0x2c, 0x9c,
- 0x0e, 0x83, 0x39, 0x16, 0x8e, 0x67, 0x54, 0x12,
- 0xa3, 0xde, 0xbf, 0xaf, 0x43, 0x5e, 0xd6, 0x51,
- 0x55, 0x80, 0x07, 0xdb, 0x43, 0x84, 0xb6, 0x50,
- 0xfc, 0xc0, 0x7e, 0x3b, 0x58, 0x6a, 0x27, 0xa4,
- 0xf7, 0xa0, 0x0a, 0xc8, 0xa6, 0xfe, 0xc2, 0xcd,
- 0x86, 0xae, 0x4b, 0xf1, 0x57, 0x0c, 0x41, 0xe6,
- 0xa4, 0x0c, 0x93, 0x1d, 0xb2, 0x7b, 0x2f, 0xaa,
- 0x15, 0xa8, 0xce, 0xdd, 0x52, 0xcf, 0xf7, 0x36,
- 0x2c, 0x4e, 0x6e, 0x23, 0xda, 0xec, 0x0f, 0xbc,
- 0x3a, 0x79, 0xb6, 0x80, 0x6e, 0x31, 0x6e, 0xfc,
- 0xc7, 0xb6, 0x81, 0x19, 0xbf, 0x46, 0xbc, 0x76,
- 0xa2, 0x60, 0x67, 0xa5, 0x3f, 0x29, 0x6d, 0xaf,
- 0xdb, 0xdc, 0x11, 0xc7, 0x7f, 0x77, 0x77, 0xe9,
- 0x72, 0x66, 0x0c, 0xf4, 0xb6, 0xa9, 0xb3, 0x69,
- 0xa6, 0x66, 0x5f, 0x02, 0xe0, 0xcc, 0x9b, 0x6e,
- 0xdf, 0xad, 0x13, 0x6b, 0x4f, 0xab, 0xe7, 0x23,
- 0xd2, 0x81, 0x3d, 0xb3, 0x13, 0x6c, 0xfd, 0xe9,
- 0xb6, 0xd0, 0x44, 0x32, 0x2f, 0xee, 0x29, 0x47,
- 0x95, 0x2e, 0x03, 0x1b, 0x73, 0xab, 0x5c, 0x60,
- 0x33, 0x49, 0xb3, 0x07, 0xbd, 0xc2, 0x7b, 0xc6,
- 0xcb, 0x8b, 0x8b, 0xbd, 0x7b, 0xd3, 0x23, 0x21,
- 0x9b, 0x80, 0x33, 0xa5, 0x81, 0xb5, 0x9e, 0xad,
- 0xeb, 0xb0, 0x9b, 0x3c, 0x4f, 0x3d, 0x22, 0x77,
- 0xd4, 0xf0, 0x34, 0x36, 0x24, 0xac, 0xc8, 0x17,
- 0x80, 0x47, 0x28, 0xb2, 0x5a, 0xb7, 0x97, 0x17,
- 0x2b, 0x4c, 0x5c, 0x21, 0xa2, 0x2f, 0x9c, 0x78,
- 0x39, 0xd6, 0x43, 0x00, 0x23, 0x2e, 0xb6, 0x6e,
- 0x53, 0xf3, 0x1c, 0x72, 0x3f, 0xa3, 0x7f, 0xe3,
- 0x87, 0xc7, 0xd3, 0xe5, 0x0b, 0xdf, 0x98, 0x13,
- 0xa3, 0x0e, 0x5b, 0xb1, 0x2c, 0xf4, 0xcd, 0x93,
- 0x0c, 0x40, 0xcf, 0xb4, 0xe1, 0xfc, 0x62, 0x25,
- 0x92, 0xa4, 0x95, 0x88, 0x79, 0x44, 0x94, 0xd5,
- 0x6d, 0x24, 0xea, 0x4b, 0x40, 0xc8, 0x9f, 0xc0,
- 0x59, 0x6c, 0xc9, 0xeb, 0xb9, 0x61, 0xc8, 0xcb,
- 0x10, 0xad, 0xde, 0x97, 0x6a, 0x5d, 0x60, 0x2b,
- 0x1c, 0x3f, 0x85, 0xb9, 0xb9, 0xa0, 0x01, 0xed,
- 0x3c, 0x6a, 0x4d, 0x3b, 0x14, 0x37, 0xf5, 0x20,
- 0x96, 0xcd, 0x19, 0x56, 0xd0, 0x42, 0xa5, 0x97,
- 0xd5, 0x61, 0xa5, 0x96, 0xec, 0xd3, 0xd1, 0x73,
- 0x5a, 0x8d, 0x57, 0x0e, 0xa0, 0xec, 0x27, 0x22,
- 0x5a, 0x2c, 0x4a, 0xaf, 0xf2, 0x63, 0x06, 0xd1,
- 0x52, 0x6c, 0x1a, 0xf3, 0xca, 0x6d, 0x9c, 0xf5,
- 0xa2, 0xc9, 0x8f, 0x47, 0xe1, 0xc4, 0x6d, 0xb9,
- 0xa3, 0x32, 0x34, 0xcf, 0xd4, 0xd8, 0x1f, 0x2c,
- 0x98, 0x53, 0x8a, 0x09, 0xeb, 0xe7, 0x69, 0x98,
- 0xd0, 0xd8, 0xfd, 0x25, 0x99, 0x7c, 0x7d, 0x25,
- 0x5c, 0x6d, 0x66, 0xec, 0xe6, 0xfa, 0x56, 0xf1,
- 0x11, 0x44, 0x95, 0x0f, 0x02, 0x77, 0x95, 0xe6,
- 0x53, 0x00, 0x8f, 0x4b, 0xd7, 0xca, 0x2d, 0xee,
- 0x85, 0xd8, 0xe9, 0x0f, 0x3d, 0xc3, 0x15, 0x13,
- 0x0c, 0xe2, 0xa0, 0x03, 0x75, 0xa3, 0x18, 0xc7,
- 0xc3, 0xd9, 0x7b, 0xe2, 0xc8, 0xce, 0x5b, 0x6d,
- 0xb4, 0x1a, 0x62, 0x54, 0xff, 0x26, 0x4f, 0xa6,
- 0x15, 0x5b, 0xae, 0xe3, 0xb0, 0x77, 0x3c, 0x0f,
- 0x49, 0x7c, 0x57, 0x3f, 0x19, 0xbb, 0x4f, 0x42,
- 0x40, 0x28, 0x1f, 0x0b, 0x1f, 0x4f, 0x7b, 0xe8,
- 0x57, 0xa4, 0xe5, 0x9d, 0x41, 0x6c, 0x06, 0xb4,
- 0xc5, 0x0f, 0xa0, 0x9e, 0x18, 0x10, 0xdd, 0xc6,
- 0xb1, 0x46, 0x7b, 0xae, 0xac, 0x5a, 0x36, 0x68,
- 0xd1, 0x1b, 0x6e, 0xca, 0xa9, 0x01, 0x44, 0x00,
- 0x16, 0xf3, 0x89, 0xf8, 0x0a, 0xcc, 0x4d, 0xb9,
- 0x77, 0x02, 0x5e, 0x7f, 0x59, 0x24, 0x38, 0x8c,
- 0x7e, 0x34, 0x0a, 0x73, 0x2e, 0x55, 0x44, 0x40,
- 0xe7, 0x65, 0x70, 0xf8, 0xdd, 0x71, 0xb7, 0xd6,
- 0x40, 0xb3, 0x45, 0x0d, 0x1f, 0xd5, 0xf0, 0x41,
- 0x0a, 0x18, 0xf9, 0xa3, 0x49, 0x4f, 0x70, 0x7c,
- 0x71, 0x7b, 0x79, 0xb4, 0xbf, 0x75, 0xc9, 0x84,
- 0x00, 0xb0, 0x96, 0xb2, 0x16, 0x53, 0xb5, 0xd2,
- 0x17, 0xcf, 0x35, 0x65, 0xc9, 0x59, 0x74, 0x56,
- 0xf7, 0x07, 0x03, 0x49, 0x7a, 0x07, 0x87, 0x63,
- 0x82, 0x9b, 0xc0, 0x1b, 0xb1, 0xcb, 0xc8, 0xfa,
- 0x04, 0xea, 0xdc, 0x9a, 0x6e, 0x3f, 0x66, 0x99,
- 0x58, 0x7a, 0x9e, 0x75, 0xc9, 0x4e, 0x5b, 0xab,
- 0x00, 0x36, 0xe0, 0xb2, 0xe7, 0x11, 0x39, 0x2c,
- 0xff, 0x00, 0x47, 0xd0, 0xd6, 0xb0, 0x5b, 0xd2,
- 0xa5, 0x88, 0xbc, 0x10, 0x97, 0x18, 0x95, 0x42,
- 0x59, 0xf1, 0xd8, 0x66, 0x78, 0xa5, 0x79, 0xa3,
- 0x12, 0x0f, 0x19, 0xcf, 0xb2, 0x96, 0x3f, 0x17,
- 0x7a, 0xeb, 0x70, 0xf2, 0xd4, 0x84, 0x48, 0x26,
- 0x26, 0x2e, 0x51, 0xb8, 0x02, 0x71, 0x27, 0x20,
- 0x68, 0xef, 0x5b, 0x38, 0x56, 0xfa, 0x85, 0x35,
- 0xaa, 0x2a, 0x88, 0xb2, 0xd4, 0x1f, 0x2a, 0x0e,
- 0x2f, 0xda, 0x76, 0x24, 0xc2, 0x85, 0x02, 0x72,
- 0xac, 0x4a, 0x2f, 0x56, 0x1f, 0x8f, 0x2f, 0x7a,
- 0x31, 0x8b, 0xfd, 0x5c, 0xaf, 0x96, 0x96, 0x14,
- 0x9e, 0x4a, 0xc8, 0x24, 0xad, 0x34, 0x60, 0x53,
- 0x8f, 0xdc, 0x25, 0x42, 0x1b, 0xee, 0xc2, 0xcc,
- 0x68, 0x18, 0x16, 0x2d, 0x06, 0xbb, 0xed, 0x0c,
- 0x40, 0xa3, 0x87, 0x19, 0x23, 0x49, 0xdb, 0x67,
- 0xa1, 0x18, 0xba, 0xda, 0x6c, 0xd5, 0xab, 0x01,
- 0x40, 0xee, 0x27, 0x32, 0x04, 0xf6, 0x28, 0xaa,
- 0xd1, 0xc1, 0x35, 0xf7, 0x70, 0x27, 0x9a, 0x65,
- 0x1e, 0x24, 0xd8, 0xc1, 0x4d, 0x75, 0xa6, 0x05,
- 0x9d, 0x76, 0xb9, 0x6a, 0x6f, 0xd8, 0x57, 0xde,
- 0xf5, 0xe0, 0xb3, 0x54, 0xb2, 0x7a, 0xb9, 0x37,
- 0xa5, 0x81, 0x5d, 0x16, 0xb5, 0xfa, 0xe4, 0x07,
- 0xff, 0x18, 0x22, 0x2c, 0x6d, 0x1e, 0xd2, 0x63,
- 0xbe, 0x68, 0xc9, 0x5f, 0x32, 0xd9, 0x08, 0xbd,
- 0x89, 0x5c, 0xd7, 0x62, 0x07, 0xae, 0x72, 0x64,
- 0x87, 0x56, 0x7f, 0x9a, 0x67, 0xda, 0xd7, 0x9a,
- 0xbe, 0xc3, 0x16, 0xf6, 0x83, 0xb1, 0x7f, 0x2d,
- 0x02, 0xbf, 0x07, 0xe0, 0xac, 0x8b, 0x5b, 0xc6,
- 0x16, 0x2c, 0xf9, 0x46, 0x97, 0xb3, 0xc2, 0x7c,
- 0xd1, 0xfe, 0xa4, 0x9b, 0x27, 0xf2, 0x3b, 0xa2,
- 0x90, 0x18, 0x71, 0x96, 0x25, 0x06, 0x52, 0x0c,
- 0x39, 0x2d, 0xa8, 0xb6, 0xad, 0x0d, 0x99, 0xf7,
- 0x01, 0x3f, 0xbc, 0x06, 0xc2, 0xc1, 0x7a, 0x56,
- 0x95, 0x00, 0xc8, 0xa7, 0x69, 0x64, 0x81, 0xc1,
- 0xcd, 0x33, 0xe9, 0xb1, 0x4e, 0x40, 0xb8, 0x2e,
- 0x79, 0xa5, 0xf5, 0xdb, 0x82, 0x57, 0x1b, 0xa9,
- 0x7b, 0xae, 0x3a, 0xd3, 0xe0, 0x47, 0x95, 0x15,
- 0xbb, 0x0e, 0x2b, 0x0f, 0x3b, 0xfc, 0xd1, 0xfd,
- 0x33, 0x03, 0x4e, 0xfc, 0x62, 0x45, 0xed, 0xdd,
- 0x7e, 0xe2, 0x08, 0x6d, 0xda, 0xe2, 0x60, 0x0d,
- 0x8c, 0xa7, 0x3e, 0x21, 0x4e, 0x8c, 0x2b, 0x0b,
- 0xdb, 0x2b, 0x04, 0x7c, 0x6a, 0x46, 0x4a, 0x56,
- 0x2e, 0xd7, 0x7b, 0x73, 0xd2, 0xd8, 0x41, 0xc4,
- 0xb3, 0x49, 0x73, 0x55, 0x12, 0x57, 0x71, 0x3b,
- 0x75, 0x36, 0x32, 0xef, 0xba, 0x34, 0x81, 0x69,
- 0xab, 0xc9, 0x0a, 0x68, 0xf4, 0x26, 0x11, 0xa4,
- 0x01, 0x26, 0xd7, 0xcb, 0x21, 0xb5, 0x86, 0x95,
- 0x56, 0x81, 0x86, 0xf7, 0xe5, 0x69, 0xd2, 0xff,
- 0x0f, 0x9e, 0x74, 0x5d, 0x04, 0x87, 0xdd, 0x2e,
- 0xb9, 0x97, 0xca, 0xfc, 0x5a, 0xbf, 0x9d, 0xd1,
- 0x02, 0xe6, 0x2f, 0xf6, 0x6c, 0xba, 0x87
- };
- WOLFSSL_SMALL_STACK_STATIC const byte* msgs[] = {msg1, msg2, msg3, msg1, msg1, msg4};
- WOLFSSL_SMALL_STACK_STATIC const word16 msgSz[] = {0 /*sizeof(msg1)*/,
- sizeof(msg2),
- sizeof(msg3),
- 0 /*sizeof(msg1)*/,
- 0 /*sizeof(msg1)*/,
- sizeof(msg4)
- };
- #ifndef NO_ASN
- static byte privateEd448[] = {
- 0x30, 0x47, 0x02, 0x01, 0x00, 0x30, 0x05, 0x06,
- 0x03, 0x2b, 0x65, 0x71, 0x04, 0x3b, 0x04, 0x39,
- 0x6c, 0x82, 0xa5, 0x62, 0xcb, 0x80, 0x8d, 0x10,
- 0xd6, 0x32, 0xbe, 0x89, 0xc8, 0x51, 0x3e, 0xbf,
- 0x6c, 0x92, 0x9f, 0x34, 0xdd, 0xfa, 0x8c, 0x9f,
- 0x63, 0xc9, 0x96, 0x0e, 0xf6, 0xe3, 0x48, 0xa3,
- 0x52, 0x8c, 0x8a, 0x3f, 0xcc, 0x2f, 0x04, 0x4e,
- 0x39, 0xa3, 0xfc, 0x5b, 0x94, 0x49, 0x2f, 0x8f,
- 0x03, 0x2e, 0x75, 0x49, 0xa2, 0x00, 0x98, 0xf9,
- 0x5b
- };
- static byte publicEd448[] = {
- 0x30, 0x43, 0x30, 0x05, 0x06, 0x03, 0x2b, 0x65,
- 0x71, 0x03, 0x3a, 0x00, 0x5f, 0xd7, 0x44, 0x9b,
- 0x59, 0xb4, 0x61, 0xfd, 0x2c, 0xe7, 0x87, 0xec,
- 0x61, 0x6a, 0xd4, 0x6a, 0x1d, 0xa1, 0x34, 0x24,
- 0x85, 0xa7, 0x0e, 0x1f, 0x8a, 0x0e, 0xa7, 0x5d,
- 0x80, 0xe9, 0x67, 0x78, 0xed, 0xf1, 0x24, 0x76,
- 0x9b, 0x46, 0xc7, 0x06, 0x1b, 0xd6, 0x78, 0x3d,
- 0xf1, 0xe5, 0x0f, 0x6c, 0xd1, 0xfa, 0x1a, 0xbe,
- 0xaf, 0xe8, 0x25, 0x61, 0x80
- };
- static byte privPubEd448[] = {
- 0x30, 0x81, 0x84, 0x02, 0x01, 0x00, 0x30, 0x05,
- 0x06, 0x03, 0x2b, 0x65, 0x71, 0x04, 0x3b, 0x04,
- 0x39, 0x6c, 0x82, 0xa5, 0x62, 0xcb, 0x80, 0x8d,
- 0x10, 0xd6, 0x32, 0xbe, 0x89, 0xc8, 0x51, 0x3e,
- 0xbf, 0x6c, 0x92, 0x9f, 0x34, 0xdd, 0xfa, 0x8c,
- 0x9f, 0x63, 0xc9, 0x96, 0x0e, 0xf6, 0xe3, 0x48,
- 0xa3, 0x52, 0x8c, 0x8a, 0x3f, 0xcc, 0x2f, 0x04,
- 0x4e, 0x39, 0xa3, 0xfc, 0x5b, 0x94, 0x49, 0x2f,
- 0x8f, 0x03, 0x2e, 0x75, 0x49, 0xa2, 0x00, 0x98,
- 0xf9, 0x5b, 0xa1, 0x3b, 0x04, 0x39, 0x5f, 0xd7,
- 0x44, 0x9b, 0x59, 0xb4, 0x61, 0xfd, 0x2c, 0xe7,
- 0x87, 0xec, 0x61, 0x6a, 0xd4, 0x6a, 0x1d, 0xa1,
- 0x34, 0x24, 0x85, 0xa7, 0x0e, 0x1f, 0x8a, 0x0e,
- 0xa7, 0x5d, 0x80, 0xe9, 0x67, 0x78, 0xed, 0xf1,
- 0x24, 0x76, 0x9b, 0x46, 0xc7, 0x06, 0x1b, 0xd6,
- 0x78, 0x3d, 0xf1, 0xe5, 0x0f, 0x6c, 0xd1, 0xfa,
- 0x1a, 0xbe, 0xaf, 0xe8, 0x25, 0x61, 0x80
- };
- word32 idx;
- ed448_key key3;
- #endif /* NO_ASN */
- #endif /* HAVE_ED448_SIGN && HAVE_ED448_KEY_EXPORT && HAVE_ED448_KEY_IMPORT */
- /* create ed448 keys */
- #ifndef HAVE_FIPS
- ret = wc_InitRng_ex(&rng, HEAP_HINT, devId);
- #else
- ret = wc_InitRng(&rng);
- #endif
- if (ret != 0)
- return -11700;
- wc_ed448_init(&key);
- wc_ed448_init(&key2);
- #ifndef NO_ASN
- wc_ed448_init(&key3);
- #endif
- wc_ed448_make_key(&rng, ED448_KEY_SIZE, &key);
- wc_ed448_make_key(&rng, ED448_KEY_SIZE, &key2);
- /* helper functions for signature and key size */
- keySz = wc_ed448_size(&key);
- sigSz = wc_ed448_sig_size(&key);
- #if defined(HAVE_ED448_SIGN) && defined(HAVE_ED448_KEY_EXPORT) &&\
- defined(HAVE_ED448_KEY_IMPORT)
- for (i = 0; i < 6; i++) {
- outlen = sizeof(out);
- XMEMSET(out, 0, sizeof(out));
- if (wc_ed448_import_private_key(sKeys[i], ED448_KEY_SIZE, pKeys[i],
- pKeySz[i], &key) != 0)
- return -11701 - i;
- if (wc_ed448_sign_msg(msgs[i], msgSz[i], out, &outlen, &key, NULL,
- 0) != 0) {
- return -11711 - i;
- }
- if (XMEMCMP(out, sigs[i], 114))
- return -11721 - i;
- #if defined(HAVE_ED448_VERIFY)
- /* test verify on good msg */
- if (wc_ed448_verify_msg(out, outlen, msgs[i], msgSz[i], &verify, &key,
- NULL, 0) != 0 || verify != 1) {
- return -11731 - i;
- }
- /* test verify on bad msg */
- out[outlen-2] = out[outlen-2] + 1;
- if (wc_ed448_verify_msg(out, outlen, msgs[i], msgSz[i], &verify, &key,
- NULL, 0) == 0 || verify == 1) {
- return -11741 - i;
- }
- #endif /* HAVE_ED448_VERIFY */
- /* test api for import/exporting keys */
- exportPSz = sizeof(exportPKey);
- exportSSz = sizeof(exportSKey);
- if (wc_ed448_export_public(&key, exportPKey, &exportPSz) != 0)
- return -11751 - i;
- if (wc_ed448_import_public(exportPKey, exportPSz, &key2) != 0)
- return -11761 - i;
- if (wc_ed448_export_private_only(&key, exportSKey, &exportSSz) != 0)
- return -11771 - i;
- if (wc_ed448_import_private_key(exportSKey, exportSSz,
- exportPKey, exportPSz, &key2) != 0)
- return -11781 - i;
- /* clear "out" buffer and test sign with imported keys */
- outlen = sizeof(out);
- XMEMSET(out, 0, sizeof(out));
- if (wc_ed448_sign_msg(msgs[i], msgSz[i], out, &outlen, &key2, NULL,
- 0) != 0) {
- return -11791 - i;
- }
- #if defined(HAVE_ED448_VERIFY)
- if (wc_ed448_verify_msg(out, outlen, msgs[i], msgSz[i], &verify, &key2,
- NULL, 0) != 0 || verify != 1)
- return -11801 - i;
- if (XMEMCMP(out, sigs[i], SIGSZ))
- return -11811 - i;
- #endif /* HAVE_ED448_VERIFY */
- }
- ret = ed448_ctx_test();
- if (ret != 0)
- return ret;
- ret = ed448ph_test();
- if (ret != 0)
- return ret;
- #ifndef NO_ASN
- /* Try ASN.1 encoded private-only key and public key. */
- idx = 0;
- if (wc_Ed448PrivateKeyDecode(privateEd448, &idx, &key3,
- sizeof(privateEd448)) != 0)
- return -11821 - i;
- if (wc_ed448_sign_msg(msgs[0], msgSz[0], out, &outlen, &key3, NULL, 0)
- != BAD_FUNC_ARG)
- return -11831 - i;
- idx = 0;
- if (wc_Ed448PublicKeyDecode(publicEd448, &idx, &key3,
- sizeof(publicEd448)) != 0)
- return -11841 - i;
- if (wc_ed448_sign_msg(msgs[0], msgSz[0], out, &outlen, &key3, NULL, 0) != 0)
- return -11851 - i;
- if (XMEMCMP(out, sigs[0], SIGSZ))
- return -11861 - i;
- #if defined(HAVE_ED448_VERIFY)
- /* test verify on good msg */
- if (wc_ed448_verify_msg(out, outlen, msgs[0], msgSz[0], &verify, &key3,
- NULL, 0) != 0 || verify != 1)
- return -11871 - i;
- #endif /* HAVE_ED448_VERIFY */
- wc_ed448_free(&key3);
- wc_ed448_init(&key3);
- idx = 0;
- if (wc_Ed448PrivateKeyDecode(privPubEd448, &idx, &key3,
- sizeof(privPubEd448)) != 0)
- return -11881 - i;
- if (wc_ed448_sign_msg(msgs[0], msgSz[0], out, &outlen, &key3, NULL, 0) != 0)
- return -11891 - i;
- if (XMEMCMP(out, sigs[0], SIGSZ))
- return -11901 - i;
- wc_ed448_free(&key3);
- #endif /* NO_ASN */
- #endif /* HAVE_ED448_SIGN && HAVE_ED448_KEY_EXPORT && HAVE_ED448_KEY_IMPORT */
- /* clean up keys when done */
- wc_ed448_free(&key);
- wc_ed448_free(&key2);
- #if defined(HAVE_HASHDRBG) || defined(NO_RC4)
- wc_FreeRng(&rng);
- #endif
- /* hush warnings of unused keySz and sigSz */
- (void)keySz;
- (void)sigSz;
- #ifdef WOLFSSL_TEST_CERT
- ret = ed448_test_cert();
- if (ret < 0)
- return ret;
- #ifdef WOLFSSL_CERT_GEN
- ret = ed448_test_make_cert();
- if (ret < 0)
- return ret;
- #endif /* WOLFSSL_CERT_GEN */
- #endif /* WOLFSSL_TEST_CERT */
- return 0;
- }
- #endif /* HAVE_ED448 */
- #ifdef WOLFCRYPT_HAVE_ECCSI
- static int eccsi_api_test(WC_RNG* rng, EccsiKey* key, mp_int* ssk,
- ecc_point* pvt)
- {
- int ret;
- byte id[1] = { 0x00 };
- int valid;
- word32 sz;
- byte data[256];
- byte hash[WC_MAX_DIGEST_SIZE];
- byte hashSz;
- byte sig[257];
- word32 sigSz;
- ret = wc_InitEccsiKey_ex(NULL, 32, ECC_SECP256R1, HEAP_HINT, INVALID_DEVID);
- if (ret != BAD_FUNC_ARG)
- return -10023;
- ret = wc_InitEccsiKey_ex(NULL, 32, ECC_SECP256R1, HEAP_HINT, INVALID_DEVID);
- if (ret != BAD_FUNC_ARG)
- return -10024;
- ret = wc_InitEccsiKey(NULL, NULL, INVALID_DEVID);
- if (ret != BAD_FUNC_ARG)
- return -10025;
- ret = wc_InitEccsiKey(NULL, HEAP_HINT, INVALID_DEVID);
- if (ret != BAD_FUNC_ARG)
- return -10026;
- wc_FreeEccsiKey(NULL);
- /* Create a valid key. */
- ret = wc_InitEccsiKey(key, NULL, INVALID_DEVID);
- if (ret != 0)
- return -10027;
- ret = wc_MakeEccsiKey(NULL, NULL);
- if (ret != BAD_FUNC_ARG)
- return -10028;
- ret = wc_MakeEccsiKey(key, NULL);
- if (ret != BAD_FUNC_ARG)
- return -10029;
- ret = wc_MakeEccsiKey(NULL, rng);
- if (ret != BAD_FUNC_ARG)
- return -10030;
- ret = wc_MakeEccsiPair(NULL, NULL, WC_HASH_TYPE_SHA256, NULL, 1, NULL,
- NULL);
- if (ret != BAD_FUNC_ARG)
- return -10031;
- ret = wc_MakeEccsiPair(key, rng, WC_HASH_TYPE_SHA256, id, 1, ssk, NULL);
- if (ret != BAD_FUNC_ARG)
- return -10032;
- ret = wc_MakeEccsiPair(key, rng, WC_HASH_TYPE_SHA256, id, 1, NULL, pvt);
- if (ret != BAD_FUNC_ARG)
- return -10033;
- ret = wc_MakeEccsiPair(key, rng, WC_HASH_TYPE_SHA256, NULL, 1, ssk, pvt);
- if (ret != BAD_FUNC_ARG)
- return -10034;
- ret = wc_MakeEccsiPair(key, NULL, WC_HASH_TYPE_SHA256, id, 1, ssk, pvt);
- if (ret != BAD_FUNC_ARG)
- return -10035;
- ret = wc_MakeEccsiPair(NULL, rng, WC_HASH_TYPE_SHA256, id, 1, ssk, pvt);
- if (ret != BAD_FUNC_ARG)
- return -10036;
- /* No key set */
- ret = wc_MakeEccsiPair(key, rng, WC_HASH_TYPE_SHA256, id, 1, ssk, pvt);
- if (ret != BAD_STATE_E)
- return -10037;
- ret = wc_ValidateEccsiPair(NULL, WC_HASH_TYPE_SHA256, NULL, 1, NULL, NULL,
- NULL);
- if (ret != BAD_FUNC_ARG)
- return -10038;
- ret = wc_ValidateEccsiPair(key, WC_HASH_TYPE_SHA256, id, 1, ssk, pvt,
- NULL);
- if (ret != BAD_FUNC_ARG)
- return -10039;
- ret = wc_ValidateEccsiPair(key, WC_HASH_TYPE_SHA256, id, 1, ssk, NULL,
- &valid);
- if (ret != BAD_FUNC_ARG)
- return -10040;
- ret = wc_ValidateEccsiPair(key, WC_HASH_TYPE_SHA256, id, 1, NULL, pvt,
- &valid);
- if (ret != BAD_FUNC_ARG)
- return -10041;
- ret = wc_ValidateEccsiPair(key, WC_HASH_TYPE_SHA256, NULL, 1, ssk, pvt,
- &valid);
- if (ret != BAD_FUNC_ARG)
- return -10042;
- ret = wc_ValidateEccsiPair(NULL, WC_HASH_TYPE_SHA256, id, 1, ssk, pvt,
- &valid);
- if (ret != BAD_FUNC_ARG)
- return -10043;
- /* No key set */
- ret = wc_ValidateEccsiPair(key, WC_HASH_TYPE_SHA256, id, 1, ssk, pvt,
- &valid);
- if (ret != BAD_STATE_E)
- return -10044;
- ret = wc_ValidateEccsiPvt(NULL, NULL, NULL);
- if (ret != BAD_FUNC_ARG)
- return -10045;
- ret = wc_ValidateEccsiPvt(key, NULL, NULL);
- if (ret != BAD_FUNC_ARG)
- return -10046;
- ret = wc_ValidateEccsiPvt(NULL, pvt, NULL);
- if (ret != BAD_FUNC_ARG)
- return -10047;
- ret = wc_ValidateEccsiPvt(NULL, NULL, &valid);
- if (ret != BAD_FUNC_ARG)
- return -10048;
- ret = wc_ValidateEccsiPvt(key, pvt, NULL);
- if (ret != BAD_FUNC_ARG)
- return -10049;
- ret = wc_ValidateEccsiPvt(key, NULL, &valid);
- if (ret != BAD_FUNC_ARG)
- return -10050;
- ret = wc_ValidateEccsiPvt(NULL, pvt, &valid);
- if (ret != BAD_FUNC_ARG)
- return -10051;
- ret = wc_EncodeEccsiPair(NULL, NULL, NULL, data, NULL);
- if (ret != BAD_FUNC_ARG)
- return -10052;
- ret = wc_EncodeEccsiPair(key, ssk, pvt, data, NULL);
- if (ret != BAD_FUNC_ARG)
- return -10053;
- ret = wc_EncodeEccsiPair(key, ssk, NULL, data, &sz);
- if (ret != BAD_FUNC_ARG)
- return -10054;
- ret = wc_EncodeEccsiPair(key, NULL, pvt, data, &sz);
- if (ret != BAD_FUNC_ARG)
- return -10055;
- ret = wc_EncodeEccsiPair(NULL, ssk, pvt, data, &sz);
- if (ret != BAD_FUNC_ARG)
- return -10056;
- /* No key created so no curve information. */
- ret = wc_EncodeEccsiPair(key, ssk, pvt, NULL, &sz);
- if (ret != LENGTH_ONLY_E)
- return -10057;
- ret = wc_EncodeEccsiSsk(NULL, NULL, data, NULL);
- if (ret != BAD_FUNC_ARG)
- return -10058;
- ret = wc_EncodeEccsiSsk(key, ssk, data, NULL);
- if (ret != BAD_FUNC_ARG)
- return -10059;
- ret = wc_EncodeEccsiSsk(key, NULL, data, &sz);
- if (ret != BAD_FUNC_ARG)
- return -10060;
- ret = wc_EncodeEccsiSsk(NULL, ssk, data, &sz);
- if (ret != BAD_FUNC_ARG)
- return -10061;
- ret = wc_EncodeEccsiPvt(NULL, NULL, data, NULL, 1);
- if (ret != BAD_FUNC_ARG)
- return -10058;
- ret = wc_EncodeEccsiPvt(key, pvt, data, NULL, 1);
- if (ret != BAD_FUNC_ARG)
- return -10059;
- ret = wc_EncodeEccsiPvt(key, NULL, data, &sz, 1);
- if (ret != BAD_FUNC_ARG)
- return -10060;
- ret = wc_EncodeEccsiPvt(NULL, pvt, data, &sz, 1);
- if (ret != BAD_FUNC_ARG)
- return -10061;
- ret = wc_DecodeEccsiPair(NULL, NULL, 0, NULL, NULL);
- if (ret != BAD_FUNC_ARG)
- return -10062;
- ret = wc_DecodeEccsiPair(key, data, 0, ssk, NULL);
- if (ret != BAD_FUNC_ARG)
- return -10063;
- ret = wc_DecodeEccsiPair(key, data, 0, NULL, pvt);
- if (ret != BAD_FUNC_ARG)
- return -10064;
- ret = wc_DecodeEccsiPair(key, NULL, 0, ssk, pvt);
- if (ret != BAD_FUNC_ARG)
- return -10065;
- ret = wc_DecodeEccsiPair(NULL, data, 0, ssk, pvt);
- if (ret != BAD_FUNC_ARG)
- return -10066;
- ret = wc_DecodeEccsiSsk(NULL, NULL, 0, NULL);
- if (ret != BAD_FUNC_ARG)
- return -10067;
- ret = wc_DecodeEccsiSsk(key, data, 0, NULL);
- if (ret != BAD_FUNC_ARG)
- return -10068;
- ret = wc_DecodeEccsiSsk(key, NULL, 0, ssk);
- if (ret != BAD_FUNC_ARG)
- return -10069;
- ret = wc_DecodeEccsiSsk(NULL, data, 0, ssk);
- if (ret != BAD_FUNC_ARG)
- return -10070;
- ret = wc_DecodeEccsiPvt(NULL, NULL, 0, NULL);
- if (ret != BAD_FUNC_ARG)
- return -10067;
- ret = wc_DecodeEccsiPvt(key, data, 0, NULL);
- if (ret != BAD_FUNC_ARG)
- return -10068;
- ret = wc_DecodeEccsiPvt(key, NULL, 0, pvt);
- if (ret != BAD_FUNC_ARG)
- return -10069;
- ret = wc_DecodeEccsiPvt(NULL, data, 0, pvt);
- if (ret != BAD_FUNC_ARG)
- return -10070;
- ret = wc_DecodeEccsiPvtFromSig(NULL, NULL, 0, NULL);
- if (ret != BAD_FUNC_ARG)
- return -10067;
- ret = wc_DecodeEccsiPvtFromSig(key, data, 0, NULL);
- if (ret != BAD_FUNC_ARG)
- return -10068;
- ret = wc_DecodeEccsiPvtFromSig(key, NULL, 0, pvt);
- if (ret != BAD_FUNC_ARG)
- return -10069;
- ret = wc_DecodeEccsiPvtFromSig(NULL, data, 0, pvt);
- if (ret != BAD_FUNC_ARG)
- return -10070;
- ret = wc_ExportEccsiKey(NULL, data, NULL);
- if (ret != BAD_FUNC_ARG)
- return -10071;
- ret = wc_ExportEccsiKey(key, data, NULL);
- if (ret != BAD_FUNC_ARG)
- return -10072;
- ret = wc_ExportEccsiKey(NULL, data, &sz);
- if (ret != BAD_FUNC_ARG)
- return -10073;
- /* No key to export */
- ret = wc_ExportEccsiKey(key, NULL, &sz);
- if (ret != BAD_STATE_E)
- return -10074;
- ret = wc_ImportEccsiKey(NULL, NULL, 0);
- if (ret != BAD_FUNC_ARG)
- return -10075;
- ret = wc_ImportEccsiKey(key, NULL, 0);
- if (ret != BAD_FUNC_ARG)
- return -10076;
- ret = wc_ImportEccsiKey(NULL, data, 0);
- if (ret != BAD_FUNC_ARG)
- return -10077;
- ret = wc_ExportEccsiPrivateKey(NULL, data, NULL);
- if (ret != BAD_FUNC_ARG)
- return -10071;
- ret = wc_ExportEccsiPrivateKey(key, data, NULL);
- if (ret != BAD_FUNC_ARG)
- return -10072;
- ret = wc_ExportEccsiPrivateKey(NULL, data, &sz);
- if (ret != BAD_FUNC_ARG)
- return -10073;
- /* No key to export */
- ret = wc_ExportEccsiPrivateKey(key, NULL, &sz);
- if (ret != BAD_STATE_E)
- return -10074;
- ret = wc_ImportEccsiPrivateKey(NULL, NULL, 0);
- if (ret != BAD_FUNC_ARG)
- return -10075;
- ret = wc_ImportEccsiPrivateKey(key, NULL, 0);
- if (ret != BAD_FUNC_ARG)
- return -10076;
- ret = wc_ImportEccsiPrivateKey(NULL, data, 0);
- if (ret != BAD_FUNC_ARG)
- return -10077;
- ret = wc_ExportEccsiPublicKey(NULL, data, NULL, 1);
- if (ret != BAD_FUNC_ARG)
- return -10078;
- ret = wc_ExportEccsiPublicKey(key, data, NULL, 1);
- if (ret != BAD_FUNC_ARG)
- return -10079;
- ret = wc_ExportEccsiPublicKey(NULL, data, &sz, 1);
- if (ret != BAD_FUNC_ARG)
- return -10080;
- /* No key to export */
- ret = wc_ExportEccsiPublicKey(key, data, &sz, 1);
- if (ret != BAD_STATE_E)
- return -10081;
- ret = wc_ImportEccsiPublicKey(NULL, NULL, 0, 1);
- if (ret != BAD_FUNC_ARG)
- return -10082;
- ret = wc_ImportEccsiPublicKey(key, NULL, 0, 1);
- if (ret != BAD_FUNC_ARG)
- return -10083;
- ret = wc_ImportEccsiPublicKey(NULL, data, 0, 1);
- if (ret != BAD_FUNC_ARG)
- return -10084;
- ret = wc_HashEccsiId(NULL, WC_HASH_TYPE_SHA256, NULL, 1, NULL, NULL, NULL);
- if (ret != BAD_FUNC_ARG)
- return -10085;
- ret = wc_HashEccsiId(key, WC_HASH_TYPE_SHA256, id, 1, pvt, hash, NULL);
- if (ret != BAD_FUNC_ARG)
- return -10086;
- ret = wc_HashEccsiId(key, WC_HASH_TYPE_SHA256, id, 1, pvt, NULL, &hashSz);
- if (ret != BAD_FUNC_ARG)
- return -10087;
- ret = wc_HashEccsiId(key, WC_HASH_TYPE_SHA256, id, 1, NULL, hash, &hashSz);
- if (ret != BAD_FUNC_ARG)
- return -10088;
- ret = wc_HashEccsiId(key, WC_HASH_TYPE_SHA256, NULL, 1, pvt, hash,
- &hashSz);
- if (ret != BAD_FUNC_ARG)
- return -10089;
- ret = wc_HashEccsiId(NULL, WC_HASH_TYPE_SHA256, id, 1, pvt, hash, &hashSz);
- if (ret != BAD_FUNC_ARG)
- return -10090;
- ret = wc_HashEccsiId(key, WC_HASH_TYPE_SHA256, id, 1, pvt, hash, &hashSz);
- if (ret != BAD_STATE_E)
- return -10091;
- ret = wc_SetEccsiHash(NULL, NULL, 1);
- if (ret != BAD_FUNC_ARG)
- return -10090;
- ret = wc_SetEccsiHash(key, NULL, 1);
- if (ret != BAD_FUNC_ARG)
- return -10090;
- ret = wc_SetEccsiHash(NULL, hash, 1);
- if (ret != BAD_FUNC_ARG)
- return -10090;
- ret = wc_SetEccsiPair(NULL, NULL, NULL);
- if (ret != BAD_FUNC_ARG)
- return -10090;
- ret = wc_SetEccsiPair(key, NULL, NULL);
- if (ret != BAD_FUNC_ARG)
- return -10090;
- ret = wc_SetEccsiPair(NULL, ssk, NULL);
- if (ret != BAD_FUNC_ARG)
- return -10090;
- ret = wc_SetEccsiPair(NULL, NULL, pvt);
- if (ret != BAD_FUNC_ARG)
- return -10090;
- ret = wc_SetEccsiPair(key, ssk, NULL);
- if (ret != BAD_FUNC_ARG)
- return -10090;
- ret = wc_SetEccsiPair(key, NULL, pvt);
- if (ret != BAD_FUNC_ARG)
- return -10090;
- ret = wc_SetEccsiPair(NULL, ssk, pvt);
- if (ret != BAD_FUNC_ARG)
- return -10090;
- ret = wc_SignEccsiHash(NULL, NULL, WC_HASH_TYPE_SHA256, NULL, 0, sig, NULL);
- if (ret != BAD_FUNC_ARG)
- return -10092;
- ret = wc_SignEccsiHash(key, rng, WC_HASH_TYPE_SHA256, data, 0, sig, NULL);
- if (ret != BAD_FUNC_ARG)
- return -10093;
- ret = wc_SignEccsiHash(key, rng, WC_HASH_TYPE_SHA256, NULL, 0, sig,
- &sigSz);
- if (ret != BAD_FUNC_ARG)
- return -10096;
- ret = wc_SignEccsiHash(key, NULL, WC_HASH_TYPE_SHA256, data, 0, sig,
- &sigSz);
- if (ret != BAD_FUNC_ARG)
- return -10098;
- ret = wc_SignEccsiHash(NULL, rng, WC_HASH_TYPE_SHA256, data, 0, sig,
- &sigSz);
- if (ret != BAD_FUNC_ARG)
- return -10099;
- /* Key not set. */
- ret = wc_SignEccsiHash(key, rng, WC_HASH_TYPE_SHA256, data, 0, NULL,
- &sigSz);
- if (ret != BAD_STATE_E)
- return -10100;
- ret = wc_VerifyEccsiHash(NULL, WC_HASH_TYPE_SHA256, NULL, 0, NULL, 0, NULL);
- if (ret != BAD_FUNC_ARG)
- return -10101;
- ret = wc_VerifyEccsiHash(key, WC_HASH_TYPE_SHA256, NULL, 0, NULL, 0, NULL);
- if (ret != BAD_FUNC_ARG)
- return -10101;
- ret = wc_VerifyEccsiHash(NULL, WC_HASH_TYPE_SHA256, data, 0, NULL, 0, NULL);
- if (ret != BAD_FUNC_ARG)
- return -10101;
- ret = wc_VerifyEccsiHash(NULL, WC_HASH_TYPE_SHA256, NULL, 0, sig, 0, NULL);
- if (ret != BAD_FUNC_ARG)
- return -10101;
- ret = wc_VerifyEccsiHash(NULL, WC_HASH_TYPE_SHA256, NULL, 0, NULL, 0,
- &valid);
- if (ret != BAD_FUNC_ARG)
- return -10101;
- ret = wc_VerifyEccsiHash(key, WC_HASH_TYPE_SHA256, data, 0, sig, 0, NULL);
- if (ret != BAD_FUNC_ARG)
- return -10102;
- ret = wc_VerifyEccsiHash(key, WC_HASH_TYPE_SHA256, data, 0, NULL, 0,
- &valid);
- if (ret != BAD_FUNC_ARG)
- return -10103;
- ret = wc_VerifyEccsiHash(key, WC_HASH_TYPE_SHA256, NULL, 0, sig, 0,
- &valid);
- if (ret != BAD_FUNC_ARG)
- return -10104;
- ret = wc_VerifyEccsiHash(NULL, WC_HASH_TYPE_SHA256, data, 0, sig, 0,
- &valid);
- if (ret != BAD_FUNC_ARG)
- return -10106;
- ret = wc_VerifyEccsiHash(key, WC_HASH_TYPE_SHA256, data, 0, sig, 0,
- &valid);
- if (ret != BAD_STATE_E)
- return -10106;
- ret = wc_SetEccsiPair(key, ssk, pvt);
- if (ret != 0)
- return -10107;
- /* Identity hash not set. */
- ret = wc_SignEccsiHash(key, rng, WC_HASH_TYPE_SHA256, data, 0, NULL,
- &sigSz);
- if (ret != BAD_STATE_E)
- return -10108;
- wc_FreeEccsiKey(key);
- return 0;
- }
- /* RFC 6507: Appendix A */
- static int eccsi_kat_verify_test(EccsiKey* key, ecc_point* pvt)
- {
- int ret;
- int verified;
- const byte msg[] = { 0x6D, 0x65, 0x73, 0x73, 0x61, 0x67, 0x65, 0x00 };
- word32 msgSz = sizeof(msg);
- byte hash[WC_SHA256_DIGEST_SIZE];
- byte hashSz = WC_SHA256_DIGEST_SIZE;
- static const byte id[] = {
- 0x32, 0x30, 0x31, 0x31, 0x2D, 0x30, 0x32, 0x00,
- 0x74, 0x65, 0x6C, 0x3A, 0x2B, 0x34, 0x34, 0x37,
- 0x37, 0x30, 0x30, 0x39, 0x30, 0x30, 0x31, 0x32,
- 0x33, 0x00
- };
- word32 idSz = sizeof(id);
- static const byte sig[] = {
- 0x26, 0x9D, 0x4C, 0x8F, 0xDE, 0xB6, 0x6A, 0x74,
- 0xE4, 0xEF, 0x8C, 0x0D, 0x5D, 0xCC, 0x59, 0x7D,
- 0xDF, 0xE6, 0x02, 0x9C, 0x2A, 0xFF, 0xC4, 0x93,
- 0x60, 0x08, 0xCD, 0x2C, 0xC1, 0x04, 0x5D, 0x81,
- 0xE0, 0x9B, 0x52, 0x8D, 0x0E, 0xF8, 0xD6, 0xDF,
- 0x1A, 0xA3, 0xEC, 0xBF, 0x80, 0x11, 0x0C, 0xFC,
- 0xEC, 0x9F, 0xC6, 0x82, 0x52, 0xCE, 0xBB, 0x67,
- 0x9F, 0x41, 0x34, 0x84, 0x69, 0x40, 0xCC, 0xFD,
- 0x04,
- 0x75, 0x8A, 0x14, 0x27, 0x79, 0xBE, 0x89, 0xE8,
- 0x29, 0xE7, 0x19, 0x84, 0xCB, 0x40, 0xEF, 0x75,
- 0x8C, 0xC4, 0xAD, 0x77, 0x5F, 0xC5, 0xB9, 0xA3,
- 0xE1, 0xC8, 0xED, 0x52, 0xF6, 0xFA, 0x36, 0xD9,
- 0xA7, 0x9D, 0x24, 0x76, 0x92, 0xF4, 0xED, 0xA3,
- 0xA6, 0xBD, 0xAB, 0x77, 0xD6, 0xAA, 0x64, 0x74,
- 0xA4, 0x64, 0xAE, 0x49, 0x34, 0x66, 0x3C, 0x52,
- 0x65, 0xBA, 0x70, 0x18, 0xBA, 0x09, 0x1F, 0x79
- };
- word32 sigSz = sizeof(sig);
- static const byte pubData[] = {
- 0x50, 0xD4, 0x67, 0x0B, 0xDE, 0x75, 0x24, 0x4F,
- 0x28, 0xD2, 0x83, 0x8A, 0x0D, 0x25, 0x55, 0x8A,
- 0x7A, 0x72, 0x68, 0x6D, 0x45, 0x22, 0xD4, 0xC8,
- 0x27, 0x3F, 0xB6, 0x44, 0x2A, 0xEB, 0xFA, 0x93,
- 0xDB, 0xDD, 0x37, 0x55, 0x1A, 0xFD, 0x26, 0x3B,
- 0x5D, 0xFD, 0x61, 0x7F, 0x39, 0x60, 0xC6, 0x5A,
- 0x8C, 0x29, 0x88, 0x50, 0xFF, 0x99, 0xF2, 0x03,
- 0x66, 0xDC, 0xE7, 0xD4, 0x36, 0x72, 0x17, 0xF4
- };
- static const byte expHash[] = {
- 0x49, 0x0f, 0x3f, 0xeb, 0xbc, 0x1c, 0x90, 0x2f,
- 0x62, 0x89, 0x72, 0x3d, 0x7f, 0x8c, 0xbf, 0x79,
- 0xdb, 0x88, 0x93, 0x08, 0x49, 0xd1, 0x9f, 0x38,
- 0xf0, 0x29, 0x5b, 0x5c, 0x27, 0x6c, 0x14, 0xd1
- };
- ret = wc_ImportEccsiPublicKey(key, pubData, sizeof(pubData), 0);
- if (ret != 0)
- return -10108;
- ret = wc_DecodeEccsiPvtFromSig(key, sig, sigSz, pvt);
- if (ret != 0)
- return -10109;
- ret = wc_HashEccsiId(key, WC_HASH_TYPE_SHA256, id, idSz, pvt, hash,
- &hashSz);
- if (ret != 0)
- return -10112;
- if (hashSz != sizeof(expHash))
- return -10113;
- if (XMEMCMP(hash, expHash, hashSz) != 0)
- return -10114;
- ret = wc_SetEccsiHash(key, hash, hashSz);
- if (ret != 0)
- return -10112;
- ret = wc_VerifyEccsiHash(key, WC_HASH_TYPE_SHA256, msg, msgSz, sig, sigSz,
- &verified);
- if (ret != 0)
- return -10115;
- if (!verified)
- return -10116;
- return 0;
- }
- static int eccsi_enc_dec_pair_test(EccsiKey* priv, mp_int* ssk, ecc_point* pvt)
- {
- int ret;
- byte data[32 * 3];
- word32 sz;
- mp_int decSsk;
- ecc_point* decPvt = NULL;
- ret = mp_init(&decSsk);
- if (ret != 0)
- return -10117;
- decPvt = wc_ecc_new_point();
- if (decPvt == NULL)
- return -10118;
- ret = wc_EncodeEccsiPair(priv, ssk, pvt, NULL, &sz);
- if (ret != LENGTH_ONLY_E)
- return -10119;
- if (sz != 32 * 3)
- return -10120;
- ret = wc_EncodeEccsiPair(priv, ssk, pvt, data, &sz);
- if (ret != 0)
- return -10121;
- if (sz != 32* 3)
- return -10122;
- ret = wc_DecodeEccsiPair(priv, data, sz, &decSsk, decPvt);
- if (ret != 0)
- return -10123;
- if (mp_cmp(ssk, &decSsk) != MP_EQ)
- return -10124;
- if (wc_ecc_cmp_point(pvt, decPvt) != MP_EQ)
- return -10125;
- ret = wc_EncodeEccsiSsk(priv, ssk, NULL, &sz);
- if (ret != LENGTH_ONLY_E)
- return -10119;
- if (sz != 32)
- return -10120;
- ret = wc_EncodeEccsiSsk(priv, ssk, data, &sz);
- if (ret != 0)
- return -10121;
- if (sz != 32)
- return -10122;
- ret = wc_DecodeEccsiSsk(priv, data, sz, &decSsk);
- if (ret != 0)
- return -10123;
- if (mp_cmp(ssk, &decSsk) != MP_EQ)
- return -10124;
- ret = wc_EncodeEccsiPvt(priv, pvt, NULL, &sz, 1);
- if (ret != LENGTH_ONLY_E)
- return -10126;
- if (sz != 32 * 2)
- return -10127;
- ret = wc_EncodeEccsiPvt(priv, pvt, data, &sz, 1);
- if (ret != 0)
- return -10128;
- if (sz != 32 * 2)
- return -10129;
- ret = wc_DecodeEccsiPvt(priv, data, sz, decPvt);
- if (ret != 0)
- return -10130;
- if (wc_ecc_cmp_point(pvt, decPvt) != MP_EQ)
- return -10131;
- sz = sizeof(data);
- ret = wc_EncodeEccsiPvt(priv, pvt, data, &sz, 0);
- if (ret != 0)
- return -10128;
- if (sz != 32 * 2 + 1)
- return -10129;
- ret = wc_DecodeEccsiPvt(priv, data, sz, decPvt);
- if (ret != 0)
- return -10130;
- if (wc_ecc_cmp_point(pvt, decPvt) != MP_EQ)
- return -10131;
- wc_ecc_del_point(decPvt);
- mp_free(&decSsk);
- return 0;
- }
- static int eccsi_imp_exp_key_test(EccsiKey* priv)
- {
- int ret;
- byte data[32 * 3];
- byte out[32 * 3];
- word32 sz;
- ret = wc_ExportEccsiKey(priv, NULL, &sz);
- if (ret != LENGTH_ONLY_E)
- return -10132;
- if (sz != 32 * 3)
- return -10133;
- ret = wc_ExportEccsiKey(priv, data, &sz);
- if (ret != 0)
- return -10134;
- ret = wc_ImportEccsiKey(priv, data, sz);
- if (ret != 0)
- return -10135;
- ret = wc_ExportEccsiKey(priv, NULL, &sz);
- if (ret != LENGTH_ONLY_E)
- return -10132;
- if (sz != 32 * 3)
- return -10143;
- ret = wc_ExportEccsiKey(priv, out, &sz);
- if (ret != 0)
- return -10144;
- if (sz != 32 * 3)
- return -10145;
- if (XMEMCMP(data, out, sz) != 0)
- return -10146;
- ret = wc_ExportEccsiPrivateKey(priv, NULL, &sz);
- if (ret != LENGTH_ONLY_E)
- return -10156;
- if (sz != 32)
- return -10157;
- ret = wc_ExportEccsiPrivateKey(priv, data, &sz);
- if (ret != 0)
- return -10158;
- ret = wc_ImportEccsiPrivateKey(priv, data, sz);
- if (ret != 0)
- return -10159;
- ret = wc_ExportEccsiPrivateKey(priv, NULL, &sz);
- if (ret != LENGTH_ONLY_E)
- return -10152;
- if (sz != 32)
- return -10163;
- ret = wc_ExportEccsiPrivateKey(priv, out, &sz);
- if (ret != 0)
- return -10164;
- if (sz != 32)
- return -10165;
- if (XMEMCMP(data, out, sz) != 0)
- return -10166;
- return 0;
- }
- static int eccsi_imp_exp_pubkey_test(EccsiKey* key1, EccsiKey* key2)
- {
- int ret;
- byte data[32 * 2 + 1];
- byte pubData[32 * 2 + 1];
- word32 sz;
- ret = wc_ExportEccsiPublicKey(key1, NULL, &sz, 1);
- if (ret != LENGTH_ONLY_E)
- return -10136;
- if (sz != 32 * 2)
- return -10137;
- ret = wc_ExportEccsiPublicKey(key1, data, &sz, 1);
- if (ret != 0)
- return -10138;
- ret = wc_ImportEccsiPublicKey(key2, data, sz, 1);
- if (ret != 0)
- return -10139;
- sz = sizeof(pubData);
- ret = wc_ExportEccsiPublicKey(key2, pubData, &sz, 1);
- if (ret != 0)
- return -10140;
- if (sz != 32 * 2)
- return -10141;
- if (XMEMCMP(data, pubData, sz) != 0)
- return -10142;
- sz = sizeof(pubData);
- ret = wc_ExportEccsiPublicKey(key2, pubData, &sz, 0);
- if (ret != 0)
- return -10140;
- if (sz != 32 * 2 + 1)
- return -10141;
- if (pubData[0] != 0x04)
- return -10140;
- if (XMEMCMP(pubData + 1, data, sz - 1) != 0)
- return -10142;
- ret = wc_ImportEccsiPublicKey(key2, pubData, sz, 0);
- if (ret != 0)
- return -10139;
- return 0;
- }
- static int eccsi_make_key_test(EccsiKey* priv, EccsiKey* pub, WC_RNG* rng,
- mp_int* ssk, ecc_point* pvt)
- {
- int ret;
- char mail[] = "test@wolfssl.com";
- byte* id = (byte*)mail;
- word32 idSz = (word32) XSTRLEN(mail);
- int valid;
- ret = wc_MakeEccsiKey(priv, rng);
- if (ret != 0)
- return -10143;
- ret = eccsi_imp_exp_key_test(priv);
- if (ret < 0)
- return ret;
- ret = eccsi_imp_exp_pubkey_test(priv, pub);
- if (ret < 0)
- return ret;
- ret = wc_MakeEccsiPair(priv, rng, WC_HASH_TYPE_SHA256, id, idSz, ssk, pvt);
- if (ret != 0)
- return -10144;
- ret = wc_ValidateEccsiPair(pub, WC_HASH_TYPE_SHA256, id, idSz, ssk, pvt,
- &valid);
- if (ret != 0)
- return -10145;
- if (!valid)
- return -10146;
- ret = eccsi_enc_dec_pair_test(priv, ssk, pvt);
- if (ret != 0)
- return ret;
- return 0;
- }
- static int eccsi_sign_verify_test(EccsiKey* priv, EccsiKey* pub, WC_RNG* rng,
- mp_int* ssk, ecc_point* pvt)
- {
- int ret;
- byte hashPriv[WC_MAX_DIGEST_SIZE];
- byte hashPub[WC_MAX_DIGEST_SIZE];
- byte hashSz;
- byte sig[144];
- word32 sigSz;
- int verified, valid;
- char mail[] = "test@wolfssl.com";
- byte* id = (byte*)mail;
- word32 idSz = (word32) XSTRLEN(mail);
- byte msg[] = { 0x00 };
- word32 msgSz = sizeof(msg);
- ret = wc_HashEccsiId(priv, WC_HASH_TYPE_SHA256, id, idSz, pvt, hashPriv,
- &hashSz);
- if (ret != 0)
- return -10147;
- if (hashSz != 32)
- return -10148;
- ret = wc_HashEccsiId(priv, WC_HASH_TYPE_SHA256, id, idSz, pvt, hashPub,
- &hashSz);
- if (ret != 0)
- return -10149;
- if (hashSz != 32)
- return -10150;
- if (XMEMCMP(hashPriv, hashPub, hashSz) != 0)
- return -10151;
- ret = wc_SetEccsiHash(priv, hashPriv, hashSz);
- if (ret != 0)
- return -10149;
- ret = wc_SetEccsiPair(priv, ssk, pvt);
- if (ret != 0)
- return -10149;
- ret = wc_SignEccsiHash(priv, rng, WC_HASH_TYPE_SHA256, msg, msgSz, NULL,
- &sigSz);
- if (ret != LENGTH_ONLY_E)
- return -10152;
- if (sigSz != 129)
- return -10153;
- ret = wc_SignEccsiHash(priv, rng, WC_HASH_TYPE_SHA256, msg, msgSz, sig,
- &sigSz);
- if (ret != 0)
- return -10154;
- ret = wc_SetEccsiHash(pub, hashPub, hashSz);
- if (ret != 0)
- return -10149;
- ret = wc_VerifyEccsiHash(pub, WC_HASH_TYPE_SHA256, msg, msgSz, sig, sigSz,
- &verified);
- if (ret != 0)
- return -10155;
- if (!verified)
- return -10156;
- /* Check that changing HS results in verification failure. */
- hashPub[0] ^= 0x80;
- ret = wc_SetEccsiHash(pub, hashPub, hashSz);
- if (ret != 0)
- return -10149;
- ret = wc_VerifyEccsiHash(pub, WC_HASH_TYPE_SHA256, msg, msgSz, sig, sigSz,
- &verified);
- if (ret != 0)
- return -10157;
- if (verified)
- return -10158;
- hashPub[0] ^= 0x80;
- ret = wc_SetEccsiHash(pub, hashPub, hashSz);
- if (ret != 0)
- return -10149;
- /* Check that changing msg results in verification failure. */
- msg[0] ^= 0x80;
- ret = wc_VerifyEccsiHash(pub, WC_HASH_TYPE_SHA256, msg, msgSz, sig, sigSz,
- &verified);
- if (ret != 0)
- return -10159;
- if (verified)
- return -10160;
- msg[0] ^= 0x80;
- /* Check that changing signature results in verification failure. */
- sig[0] ^= 0x80;
- ret = wc_VerifyEccsiHash(pub, WC_HASH_TYPE_SHA256, msg, msgSz, sig, sigSz,
- &verified);
- if (ret != 0)
- return -10161;
- if (verified)
- return -10162;
- sig[0] ^= 0x80;
- /* Check that key state hasn't been invalidated. */
- ret = wc_VerifyEccsiHash(pub, WC_HASH_TYPE_SHA256, msg, msgSz, sig, sigSz,
- &verified);
- if (ret != 0)
- return -10163;
- if (!verified)
- return -10164;
- /* Check that verifying with the private key works. */
- ret = wc_VerifyEccsiHash(priv, WC_HASH_TYPE_SHA256, msg, msgSz, sig, sigSz,
- &verified);
- if (ret != 0)
- return -10165;
- if (!verified)
- return -10166;
- /* Check that the KPAK is converted from montogmery form. */
- ret = eccsi_imp_exp_key_test(priv);
- if (ret != 0)
- return ret;
- /* Check that KPAK can converted to Montogmery form again. */
- ret = wc_VerifyEccsiHash(priv, WC_HASH_TYPE_SHA256, msg, msgSz, sig, sigSz,
- &verified);
- if (ret != 0)
- return -10167;
- if (!verified)
- return -10168;
- /* Check that the KPAK is converted from montogmery form. */
- ret = wc_ValidateEccsiPair(pub, WC_HASH_TYPE_SHA256, id, idSz, ssk, pvt,
- &valid);
- if (ret != 0)
- return -10169;
- if (!valid)
- return -10170;
- /* Check that KPAK can converted to Montogmery form again. */
- ret = wc_VerifyEccsiHash(priv, WC_HASH_TYPE_SHA256, msg, msgSz, sig, sigSz,
- &verified);
- if (ret != 0)
- return -10171;
- if (!verified)
- return -10172;
- /* Check that the KPAK is converted from montogmery form. */
- ret = eccsi_imp_exp_pubkey_test(priv, pub);
- if (ret != 0)
- return ret;
- return 0;
- }
- int eccsi_test(void)
- {
- int ret = 0;
- WC_RNG rng;
- EccsiKey* priv = NULL;
- EccsiKey* pub = NULL;
- mp_int* ssk = NULL;
- ecc_point* pvt = NULL;
- priv = (EccsiKey*)XMALLOC(sizeof(EccsiKey), HEAP_HINT,
- DYNAMIC_TYPE_TMP_BUFFER);
- if (priv == NULL) {
- ret = -10205;
- }
- if (ret == 0) {
- pub = (EccsiKey*)XMALLOC(sizeof(EccsiKey), HEAP_HINT,
- DYNAMIC_TYPE_TMP_BUFFER);
- if (pub == NULL) {
- ret = -10206;
- }
- }
- if (ret == 0) {
- ssk = (mp_int*)XMALLOC(sizeof(mp_int), HEAP_HINT,
- DYNAMIC_TYPE_TMP_BUFFER);
- if (ssk == NULL) {
- ret = -10207;
- }
- }
- if (ret == 0) {
- #ifndef HAVE_FIPS
- ret = wc_InitRng_ex(&rng, HEAP_HINT, devId);
- #else
- ret = wc_InitRng(&rng);
- #endif
- if (ret != 0)
- ret = -10200;
- }
- if (ret == 0) {
- pvt = wc_ecc_new_point();
- if (pvt == NULL)
- ret = -10201;
- }
- if (ret == 0) {
- ret = mp_init(ssk);
- if (ret != 0)
- ret = -10202;
- }
- if (ret == 0) {
- ret = eccsi_api_test(&rng, priv, ssk, pvt);
- }
- if (ret == 0) {
- ret = wc_InitEccsiKey(pub, HEAP_HINT, INVALID_DEVID);
- if (ret != 0)
- ret = -10203;
- }
- if (ret == 0) {
- ret = wc_InitEccsiKey(priv, HEAP_HINT, INVALID_DEVID);
- if (ret != 0)
- ret = -10204;
- }
- if (ret == 0) {
- ret = eccsi_kat_verify_test(pub, pvt);
- }
- if (ret == 0) {
- ret = eccsi_make_key_test(priv, pub, &rng, ssk, pvt);
- }
- if (ret == 0) {
- ret = eccsi_sign_verify_test(priv, pub, &rng, ssk, pvt);
- }
- wc_FreeEccsiKey(priv);
- wc_FreeEccsiKey(pub);
- mp_free(ssk);
- wc_ecc_del_point(pvt);
- if (ret != -10200)
- wc_FreeRng(&rng);
- if (ssk != NULL)
- XFREE(ssk, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- if (pub != NULL)
- XFREE(pub, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- if (priv != NULL)
- XFREE(priv, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- return ret;
- }
- #endif /* WOLFCRYPT_HAVE_ECCSI */
- #ifdef WOLFCRYPT_HAVE_SAKKE
- static int sakke_api_test(WC_RNG* rng, SakkeKey* key, ecc_point* rsk)
- {
- int ret;
- byte id[1] = { 0x00 };
- int valid;
- byte data[256];
- word32 sz;
- byte auth[257];
- word16 authSz;
- byte ssv[256];
- word16 ssvSz;
- word32 len;
- ret = wc_InitSakkeKey_ex(NULL, 128, ECC_SAKKE_1, NULL, INVALID_DEVID);
- if (ret != BAD_FUNC_ARG)
- return -10205;
- ret = wc_InitSakkeKey_ex(NULL, 128, ECC_SAKKE_1, HEAP_HINT, INVALID_DEVID);
- if (ret != BAD_FUNC_ARG)
- return -10206;
- wc_FreeSakkeKey(NULL);
- XMEMSET(key, 0, sizeof(*key));
- wc_FreeSakkeKey(key);
- ret = wc_InitSakkeKey_ex(key, 128, ECC_SAKKE_1, HEAP_HINT, INVALID_DEVID);
- if (ret != 0)
- return -10207;
- ret = wc_MakeSakkeKey(NULL, NULL);
- if (ret != BAD_FUNC_ARG)
- return -10208;
- ret = wc_MakeSakkeKey(key, NULL);
- if (ret != BAD_FUNC_ARG)
- return -10209;
- ret = wc_MakeSakkeKey(NULL, rng);
- if (ret != BAD_FUNC_ARG)
- return -10210;
- ret = wc_MakeSakkePublicKey(NULL, NULL);
- if (ret != BAD_FUNC_ARG)
- return -10211;
- ret = wc_MakeSakkePublicKey(key, NULL);
- if (ret != BAD_FUNC_ARG)
- return -10212;
- ret = wc_MakeSakkePublicKey(NULL, rsk);
- if (ret != BAD_FUNC_ARG)
- return -10213;
- ret = wc_MakeSakkeRsk(NULL, NULL, 1, NULL);
- if (ret != BAD_FUNC_ARG)
- return -10214;
- ret = wc_MakeSakkeRsk(key, id, 1, NULL);
- if (ret != BAD_FUNC_ARG)
- return -10215;
- ret = wc_MakeSakkeRsk(key, NULL, 1, rsk);
- if (ret != BAD_FUNC_ARG)
- return -10216;
- ret = wc_MakeSakkeRsk(NULL, id, 1, rsk);
- if (ret != BAD_FUNC_ARG)
- return -10217;
- ret = wc_ValidateSakkeRsk(NULL, NULL, 1, NULL, NULL);
- if (ret != BAD_FUNC_ARG)
- return -10218;
- ret = wc_ValidateSakkeRsk(key, id, 1, rsk, NULL);
- if (ret != BAD_FUNC_ARG)
- return -10219;
- ret = wc_ValidateSakkeRsk(NULL, id, 1, rsk, &valid);
- if (ret != BAD_FUNC_ARG)
- return -10220;
- ret = wc_ExportSakkeKey(NULL, NULL, NULL);
- if (ret != BAD_FUNC_ARG)
- return -10221;
- ret = wc_ExportSakkeKey(key, data, NULL);
- if (ret != BAD_FUNC_ARG)
- return -10222;
- ret = wc_ExportSakkeKey(NULL, data, &sz);
- if (ret != BAD_FUNC_ARG)
- return -10223;
- ret = wc_ImportSakkeKey(NULL, NULL, 1);
- if (ret != BAD_FUNC_ARG)
- return -10224;
- ret = wc_ImportSakkeKey(key, NULL, 1);
- if (ret != BAD_FUNC_ARG)
- return -10225;
- ret = wc_ImportSakkeKey(NULL, data, 1);
- if (ret != BAD_FUNC_ARG)
- return -10226;
- ret = wc_ExportSakkePrivateKey(NULL, NULL, NULL);
- if (ret != BAD_FUNC_ARG)
- return -10227;
- ret = wc_ExportSakkePrivateKey(key, data, NULL);
- if (ret != BAD_FUNC_ARG)
- return -10228;
- ret = wc_ExportSakkePrivateKey(NULL, data, &sz);
- if (ret != BAD_FUNC_ARG)
- return -10229;
- ret = wc_ImportSakkePrivateKey(NULL, NULL, 1);
- if (ret != BAD_FUNC_ARG)
- return -10230;
- ret = wc_ImportSakkePrivateKey(key, NULL, 1);
- if (ret != BAD_FUNC_ARG)
- return -10231;
- ret = wc_ImportSakkePrivateKey(NULL, data, 1);
- if (ret != BAD_FUNC_ARG)
- return -10232;
- sz = sizeof(data);
- ret = wc_EncodeSakkeRsk(NULL, NULL, data, NULL, 1);
- if (ret != BAD_FUNC_ARG)
- return -10233;
- ret = wc_EncodeSakkeRsk(key, rsk, data, NULL, 1);
- if (ret != BAD_FUNC_ARG)
- return -10234;
- ret = wc_EncodeSakkeRsk(key, NULL, data, &sz, 1);
- if (ret != BAD_FUNC_ARG)
- return -10235;
- ret = wc_EncodeSakkeRsk(NULL, rsk, data, &sz, 1);
- if (ret != BAD_FUNC_ARG)
- return -10236;
- ret = wc_DecodeSakkeRsk(NULL, NULL, sz, NULL);
- if (ret != BAD_FUNC_ARG)
- return -10237;
- ret = wc_DecodeSakkeRsk(key, data, sz, NULL);
- if (ret != BAD_FUNC_ARG)
- return -10238;
- ret = wc_DecodeSakkeRsk(key, NULL, sz, rsk);
- if (ret != BAD_FUNC_ARG)
- return -10239;
- ret = wc_DecodeSakkeRsk(NULL, data, sz, rsk);
- if (ret != BAD_FUNC_ARG)
- return -10240;
- ret = wc_ImportSakkeRsk(NULL, NULL, sz);
- if (ret != BAD_FUNC_ARG)
- return -10237;
- ret = wc_ImportSakkeRsk(key, NULL, sz);
- if (ret != BAD_FUNC_ARG)
- return -10237;
- ret = wc_ImportSakkeRsk(NULL, data, sz);
- if (ret != BAD_FUNC_ARG)
- return -10237;
- ret = wc_ImportSakkeRsk(key, data, 1);
- if (ret != BUFFER_E)
- return -10237;
- ret = wc_GenerateSakkeRskTable(NULL, NULL, data, NULL);
- if (ret != BAD_FUNC_ARG)
- return -10241;
- ret = wc_GenerateSakkeRskTable(key, NULL, data, NULL);
- if (ret != BAD_FUNC_ARG)
- return -10242;
- ret = wc_GenerateSakkeRskTable(NULL, rsk, data, NULL);
- if (ret != BAD_FUNC_ARG)
- return -10243;
- ret = wc_GenerateSakkeRskTable(NULL, NULL, data, &len);
- if (ret != BAD_FUNC_ARG)
- return -10244;
- ret = wc_GenerateSakkeRskTable(key, rsk, data, NULL);
- if (ret != BAD_FUNC_ARG)
- return -10245;
- ret = wc_GenerateSakkeRskTable(key, NULL, data, &len);
- if (ret != BAD_FUNC_ARG)
- return -10246;
- ret = wc_GenerateSakkeRskTable(NULL, rsk, data, &len);
- if (ret != BAD_FUNC_ARG)
- return -10247;
- ret = wc_GenerateSakkeRskTable(key, rsk, NULL, &len);
- if (ret != LENGTH_ONLY_E)
- return -10248;
- len--;
- ret = wc_GenerateSakkeRskTable(key, rsk, data, &len);
- if (ret != BUFFER_E)
- return -10249;
- ret = wc_ExportSakkePublicKey(NULL, data, NULL, 1);
- if (ret != BAD_FUNC_ARG)
- return -10250;
- ret = wc_ExportSakkePublicKey(key, data, NULL, 1);
- if (ret != BAD_FUNC_ARG)
- return -10251;
- ret = wc_ExportSakkePublicKey(NULL, data, &sz, 1);
- if (ret != BAD_FUNC_ARG)
- return -10252;
- ret = wc_ImportSakkePublicKey(NULL, NULL, sz, 1);
- if (ret != BAD_FUNC_ARG)
- return -10253;
- ret = wc_ImportSakkePublicKey(key, NULL, sz, 1);
- if (ret != BAD_FUNC_ARG)
- return -10254;
- ret = wc_ImportSakkePublicKey(NULL, data, sz, 1);
- if (ret != BAD_FUNC_ARG)
- return -10255;
- ret = wc_GetSakkeAuthSize(NULL, NULL);
- if (ret != BAD_FUNC_ARG)
- return -10256;
- ret = wc_GetSakkeAuthSize(key, NULL);
- if (ret != BAD_FUNC_ARG)
- return -10257;
- ret = wc_GetSakkeAuthSize(NULL, &authSz);
- if (ret != BAD_FUNC_ARG)
- return -10258;
- ret = wc_MakeSakkePointI(NULL, NULL, SAKKE_ID_MAX_SIZE + 1);
- if (ret != BAD_FUNC_ARG)
- return -10259;
- ret = wc_MakeSakkePointI(key, NULL, SAKKE_ID_MAX_SIZE + 1);
- if (ret != BAD_FUNC_ARG)
- return -10260;
- ret = wc_MakeSakkePointI(NULL, id, 1);
- if (ret != BAD_FUNC_ARG)
- return -10261;
- ret = wc_MakeSakkePointI(NULL, NULL, 1);
- if (ret != BAD_FUNC_ARG)
- return -10262;
- ret = wc_MakeSakkePointI(key, id, SAKKE_ID_MAX_SIZE + 1);
- if (ret != BAD_FUNC_ARG)
- return -10263;
- ret = wc_MakeSakkePointI(key, NULL, 1);
- if (ret != BAD_FUNC_ARG)
- return -10264;
- ret = wc_MakeSakkePointI(NULL, id, 1);
- if (ret != BAD_FUNC_ARG)
- return -10265;
- ret = wc_GenerateSakkePointITable(NULL, data, NULL);
- if (ret != BAD_FUNC_ARG)
- return -10266;
- ret = wc_GenerateSakkePointITable(key, data, NULL);
- if (ret != BAD_FUNC_ARG)
- return -10267;
- ret = wc_GenerateSakkePointITable(NULL, data, &len);
- if (ret != BAD_FUNC_ARG)
- return -10268;
- ret = wc_GenerateSakkePointITable(key, NULL, &len);
- if (ret != LENGTH_ONLY_E)
- return -10269;
- len--;
- ret = wc_GenerateSakkePointITable(key, data, &len);
- if (ret != BUFFER_E)
- return -10270;
- ret = wc_SetSakkePointITable(NULL, NULL, 1);
- if (ret != BAD_FUNC_ARG)
- return -10271;
- ret = wc_SetSakkePointITable(key, NULL, 1);
- if (ret != BAD_FUNC_ARG)
- return -10272;
- ret = wc_SetSakkePointITable(NULL, data, 1);
- if (ret != BAD_FUNC_ARG)
- return -10273;
- ret = wc_SetSakkePointITable(key, data, 1);
- if (ret != BUFFER_E)
- return -10274;
- ret = wc_ClearSakkePointITable(NULL);
- if (ret != BAD_FUNC_ARG)
- return -10275;
- ret = wc_GetSakkePointI(NULL, data, NULL);
- if (ret != BAD_FUNC_ARG)
- return -10276;
- ret = wc_GetSakkePointI(key, data, NULL);
- if (ret != BAD_FUNC_ARG)
- return -10277;
- ret = wc_GetSakkePointI(NULL, data, &sz);
- if (ret != BAD_FUNC_ARG)
- return -10278;
- sz = 1;
- ret = wc_GetSakkePointI(key, data, &sz);
- if (ret != BUFFER_E)
- return -10279;
- sz = 256;
- ret = wc_SetSakkePointI(NULL, NULL, 1, NULL, sz);
- if (ret != BAD_FUNC_ARG)
- return -10280;
- ret = wc_SetSakkePointI(key, NULL, 1, NULL, sz);
- if (ret != BAD_FUNC_ARG)
- return -10281;
- ret = wc_SetSakkePointI(NULL, id, 1, NULL, sz);
- if (ret != BAD_FUNC_ARG)
- return -10282;
- ret = wc_SetSakkePointI(NULL, NULL, 1, data, sz);
- if (ret != BAD_FUNC_ARG)
- return -10283;
- ret = wc_SetSakkePointI(key, id, 1, NULL, sz);
- if (ret != BAD_FUNC_ARG)
- return -10284;
- ret = wc_SetSakkePointI(key, NULL, 1, data, sz);
- if (ret != BAD_FUNC_ARG)
- return -10285;
- ret = wc_SetSakkePointI(NULL, id, 1, data, sz);
- if (ret != BAD_FUNC_ARG)
- return -10286;
- ret = wc_SetSakkePointI(key, id, SAKKE_ID_MAX_SIZE + 1, data, sz);
- if (ret != BUFFER_E)
- return -10287;
- ret = wc_SetSakkePointI(key, id, 1, data, sz - 1);
- if (ret != BUFFER_E)
- return -10288;
- ret = wc_SetSakkeIdentity(NULL, NULL, 1);
- if (ret != BAD_FUNC_ARG)
- return -10286;
- ret = wc_SetSakkeIdentity(key, NULL, 1);
- if (ret != BAD_FUNC_ARG)
- return -10286;
- ret = wc_SetSakkeIdentity(NULL, id, 1);
- if (ret != BAD_FUNC_ARG)
- return -10286;
- ssvSz = sizeof(ssv);
- ret = wc_MakeSakkeEncapsulatedSSV(NULL, WC_HASH_TYPE_SHA256, NULL, ssvSz,
- auth, NULL);
- if (ret != BAD_FUNC_ARG)
- return -10289;
- ret = wc_MakeSakkeEncapsulatedSSV(key, WC_HASH_TYPE_SHA256, NULL, ssvSz,
- auth, NULL);
- if (ret != BAD_FUNC_ARG)
- return -10290;
- ret = wc_MakeSakkeEncapsulatedSSV(NULL, WC_HASH_TYPE_SHA256, ssv, ssvSz,
- auth, NULL);
- if (ret != BAD_FUNC_ARG)
- return -10291;
- ret = wc_MakeSakkeEncapsulatedSSV(NULL, WC_HASH_TYPE_SHA256, NULL, ssvSz,
- auth, &authSz);
- if (ret != BAD_FUNC_ARG)
- return -10292;
- ret = wc_MakeSakkeEncapsulatedSSV(key, WC_HASH_TYPE_SHA256, ssv, ssvSz,
- auth, NULL);
- if (ret != BAD_FUNC_ARG)
- return -10293;
- ret = wc_MakeSakkeEncapsulatedSSV(key, WC_HASH_TYPE_SHA256, NULL, ssvSz,
- auth, &authSz);
- if (ret != BAD_FUNC_ARG)
- return -10294;
- ret = wc_MakeSakkeEncapsulatedSSV(NULL, WC_HASH_TYPE_SHA256, ssv, ssvSz,
- auth, &authSz);
- if (ret != BAD_FUNC_ARG)
- return -10295;
- ret = wc_MakeSakkeEncapsulatedSSV(key, WC_HASH_TYPE_SHA256, ssv, ssvSz,
- auth, &authSz);
- if (ret != BAD_STATE_E)
- return -10295;
- ret = wc_GenerateSakkeSSV(NULL, NULL, data, NULL);
- if (ret != BAD_FUNC_ARG)
- return -10296;
- ret = wc_GenerateSakkeSSV(key, rng, data, NULL);
- if (ret != BAD_FUNC_ARG)
- return -10297;
- ret = wc_GenerateSakkeSSV(key, NULL, data, &ssvSz);
- if (ret != BAD_FUNC_ARG)
- return -10298;
- ret = wc_GenerateSakkeSSV(NULL, rng, data, &ssvSz);
- if (ret != BAD_FUNC_ARG)
- return -10299;
- ret = wc_SetSakkeRsk(NULL, NULL, data, 1);
- if (ret != BAD_FUNC_ARG)
- return -10286;
- ret = wc_SetSakkeRsk(key, NULL, data, 1);
- if (ret != BAD_FUNC_ARG)
- return -10286;
- ret = wc_SetSakkeRsk(NULL, rsk, data, 1);
- if (ret != BAD_FUNC_ARG)
- return -10286;
- ssvSz = sizeof(ssv);
- authSz = sizeof(auth);
- ret = wc_DeriveSakkeSSV(NULL, WC_HASH_TYPE_SHA256, NULL, ssvSz, NULL,
- authSz);
- if (ret != BAD_FUNC_ARG)
- return -10300;
- ret = wc_DeriveSakkeSSV(key, WC_HASH_TYPE_SHA256, NULL, ssvSz, NULL,
- authSz);
- if (ret != BAD_FUNC_ARG)
- return -10300;
- ret = wc_DeriveSakkeSSV(NULL, WC_HASH_TYPE_SHA256, ssv, ssvSz, NULL,
- authSz);
- if (ret != BAD_FUNC_ARG)
- return -10300;
- ret = wc_DeriveSakkeSSV(NULL, WC_HASH_TYPE_SHA256, NULL, ssvSz, auth,
- authSz);
- if (ret != BAD_FUNC_ARG)
- return -10300;
- ret = wc_DeriveSakkeSSV(key, WC_HASH_TYPE_SHA256, ssv, ssvSz, NULL,
- authSz);
- if (ret != BAD_FUNC_ARG)
- return -10300;
- ret = wc_DeriveSakkeSSV(key, WC_HASH_TYPE_SHA256, NULL, ssvSz, auth,
- authSz);
- if (ret != BAD_FUNC_ARG)
- return -10300;
- ret = wc_DeriveSakkeSSV(NULL, WC_HASH_TYPE_SHA256, ssv, ssvSz, auth,
- authSz);
- if (ret != BAD_FUNC_ARG)
- return -10300;
- ret = wc_DeriveSakkeSSV(key, WC_HASH_TYPE_SHA256, ssv, ssvSz, auth,
- authSz);
- if (ret != BAD_STATE_E)
- return -10300;
- ret = wc_SetSakkeIdentity(key, id, 1);
- if (ret != 0)
- return -10286;
- ret = wc_DeriveSakkeSSV(key, WC_HASH_TYPE_SHA256, ssv, ssvSz, auth,
- authSz);
- if (ret != BAD_STATE_E)
- return -10300;
- ret = wc_SetSakkeIdentity(key, id, 0);
- if (ret != 0)
- return -10286;
- ret = wc_SetSakkeRsk(key, rsk, data, 1);
- if (ret != 0)
- return -10286;
- ret = wc_DeriveSakkeSSV(key, WC_HASH_TYPE_SHA256, ssv, ssvSz, auth,
- authSz);
- if (ret != BAD_STATE_E)
- return -10300;
- wc_FreeSakkeKey(key);
- return 0;
- }
- static int sakke_kat_derive_test(SakkeKey* key, ecc_point* rsk)
- {
- static const byte pubData[] = {
- 0x59, 0x58, 0xEF, 0x1B, 0x16, 0x79, 0xBF, 0x09,
- 0x9B, 0x3A, 0x03, 0x0D, 0xF2, 0x55, 0xAA, 0x6A,
- 0x23, 0xC1, 0xD8, 0xF1, 0x43, 0xD4, 0xD2, 0x3F,
- 0x75, 0x3E, 0x69, 0xBD, 0x27, 0xA8, 0x32, 0xF3,
- 0x8C, 0xB4, 0xAD, 0x53, 0xDD, 0xEF, 0x42, 0x60,
- 0xB0, 0xFE, 0x8B, 0xB4, 0x5C, 0x4C, 0x1F, 0xF5,
- 0x10, 0xEF, 0xFE, 0x30, 0x03, 0x67, 0xA3, 0x7B,
- 0x61, 0xF7, 0x01, 0xD9, 0x14, 0xAE, 0xF0, 0x97,
- 0x24, 0x82, 0x5F, 0xA0, 0x70, 0x7D, 0x61, 0xA6,
- 0xDF, 0xF4, 0xFB, 0xD7, 0x27, 0x35, 0x66, 0xCD,
- 0xDE, 0x35, 0x2A, 0x0B, 0x04, 0xB7, 0xC1, 0x6A,
- 0x78, 0x30, 0x9B, 0xE6, 0x40, 0x69, 0x7D, 0xE7,
- 0x47, 0x61, 0x3A, 0x5F, 0xC1, 0x95, 0xE8, 0xB9,
- 0xF3, 0x28, 0x85, 0x2A, 0x57, 0x9D, 0xB8, 0xF9,
- 0x9B, 0x1D, 0x00, 0x34, 0x47, 0x9E, 0xA9, 0xC5,
- 0x59, 0x5F, 0x47, 0xC4, 0xB2, 0xF5, 0x4F, 0xF2,
- 0x15, 0x08, 0xD3, 0x75, 0x14, 0xDC, 0xF7, 0xA8,
- 0xE1, 0x43, 0xA6, 0x05, 0x8C, 0x09, 0xA6, 0xBF,
- 0x2C, 0x98, 0x58, 0xCA, 0x37, 0xC2, 0x58, 0x06,
- 0x5A, 0xE6, 0xBF, 0x75, 0x32, 0xBC, 0x8B, 0x5B,
- 0x63, 0x38, 0x38, 0x66, 0xE0, 0x75, 0x3C, 0x5A,
- 0xC0, 0xE7, 0x27, 0x09, 0xF8, 0x44, 0x5F, 0x2E,
- 0x61, 0x78, 0xE0, 0x65, 0x85, 0x7E, 0x0E, 0xDA,
- 0x10, 0xF6, 0x82, 0x06, 0xB6, 0x35, 0x05, 0xED,
- 0x87, 0xE5, 0x34, 0xFB, 0x28, 0x31, 0xFF, 0x95,
- 0x7F, 0xB7, 0xDC, 0x61, 0x9D, 0xAE, 0x61, 0x30,
- 0x1E, 0xEA, 0xCC, 0x2F, 0xDA, 0x36, 0x80, 0xEA,
- 0x49, 0x99, 0x25, 0x8A, 0x83, 0x3C, 0xEA, 0x8F,
- 0xC6, 0x7C, 0x6D, 0x19, 0x48, 0x7F, 0xB4, 0x49,
- 0x05, 0x9F, 0x26, 0xCC, 0x8A, 0xAB, 0x65, 0x5A,
- 0xB5, 0x8B, 0x7C, 0xC7, 0x96, 0xE2, 0x4E, 0x9A,
- 0x39, 0x40, 0x95, 0x75, 0x4F, 0x5F, 0x8B, 0xAE
- };
- static const byte rskData[] = {
- 0x93, 0xAF, 0x67, 0xE5, 0x00, 0x7B, 0xA6, 0xE6,
- 0xA8, 0x0D, 0xA7, 0x93, 0xDA, 0x30, 0x0F, 0xA4,
- 0xB5, 0x2D, 0x0A, 0x74, 0xE2, 0x5E, 0x6E, 0x7B,
- 0x2B, 0x3D, 0x6E, 0xE9, 0xD1, 0x8A, 0x9B, 0x5C,
- 0x50, 0x23, 0x59, 0x7B, 0xD8, 0x2D, 0x80, 0x62,
- 0xD3, 0x40, 0x19, 0x56, 0x3B, 0xA1, 0xD2, 0x5C,
- 0x0D, 0xC5, 0x6B, 0x7B, 0x97, 0x9D, 0x74, 0xAA,
- 0x50, 0xF2, 0x9F, 0xBF, 0x11, 0xCC, 0x2C, 0x93,
- 0xF5, 0xDF, 0xCA, 0x61, 0x5E, 0x60, 0x92, 0x79,
- 0xF6, 0x17, 0x5C, 0xEA, 0xDB, 0x00, 0xB5, 0x8C,
- 0x6B, 0xEE, 0x1E, 0x7A, 0x2A, 0x47, 0xC4, 0xF0,
- 0xC4, 0x56, 0xF0, 0x52, 0x59, 0xA6, 0xFA, 0x94,
- 0xA6, 0x34, 0xA4, 0x0D, 0xAE, 0x1D, 0xF5, 0x93,
- 0xD4, 0xFE, 0xCF, 0x68, 0x8D, 0x5F, 0xC6, 0x78,
- 0xBE, 0x7E, 0xFC, 0x6D, 0xF3, 0xD6, 0x83, 0x53,
- 0x25, 0xB8, 0x3B, 0x2C, 0x6E, 0x69, 0x03, 0x6B,
- 0x15, 0x5F, 0x0A, 0x27, 0x24, 0x10, 0x94, 0xB0,
- 0x4B, 0xFB, 0x0B, 0xDF, 0xAC, 0x6C, 0x67, 0x0A,
- 0x65, 0xC3, 0x25, 0xD3, 0x9A, 0x06, 0x9F, 0x03,
- 0x65, 0x9D, 0x44, 0xCA, 0x27, 0xD3, 0xBE, 0x8D,
- 0xF3, 0x11, 0x17, 0x2B, 0x55, 0x41, 0x60, 0x18,
- 0x1C, 0xBE, 0x94, 0xA2, 0xA7, 0x83, 0x32, 0x0C,
- 0xED, 0x59, 0x0B, 0xC4, 0x26, 0x44, 0x70, 0x2C,
- 0xF3, 0x71, 0x27, 0x1E, 0x49, 0x6B, 0xF2, 0x0F,
- 0x58, 0x8B, 0x78, 0xA1, 0xBC, 0x01, 0xEC, 0xBB,
- 0x65, 0x59, 0x93, 0x4B, 0xDD, 0x2F, 0xB6, 0x5D,
- 0x28, 0x84, 0x31, 0x8A, 0x33, 0xD1, 0xA4, 0x2A,
- 0xDF, 0x5E, 0x33, 0xCC, 0x58, 0x00, 0x28, 0x0B,
- 0x28, 0x35, 0x64, 0x97, 0xF8, 0x71, 0x35, 0xBA,
- 0xB9, 0x61, 0x2A, 0x17, 0x26, 0x04, 0x24, 0x40,
- 0x9A, 0xC1, 0x5F, 0xEE, 0x99, 0x6B, 0x74, 0x4C,
- 0x33, 0x21, 0x51, 0x23, 0x5D, 0xEC, 0xB0, 0xF5
- };
- static const byte id[] = {
- 0x32, 0x30, 0x31, 0x31, 0x2D, 0x30, 0x32, 0x00,
- 0x74, 0x65, 0x6C, 0x3A, 0x2B, 0x34, 0x34, 0x37,
- 0x37, 0x30, 0x30, 0x39, 0x30, 0x30, 0x31, 0x32,
- 0x33, 0x00
- };
- static const byte ssv[] = {
- 0x12, 0x34, 0x56, 0x78, 0x9A, 0xBC, 0xDE, 0xF0,
- 0x12, 0x34, 0x56, 0x78, 0x9A, 0xBC, 0xDE, 0xF0
- };
- static const byte auth[] = {
- 0x04,
- 0x44, 0xE8, 0xAD, 0x44, 0xAB, 0x85, 0x92, 0xA6,
- 0xA5, 0xA3, 0xDD, 0xCA, 0x5C, 0xF8, 0x96, 0xC7,
- 0x18, 0x04, 0x36, 0x06, 0xA0, 0x1D, 0x65, 0x0D,
- 0xEF, 0x37, 0xA0, 0x1F, 0x37, 0xC2, 0x28, 0xC3,
- 0x32, 0xFC, 0x31, 0x73, 0x54, 0xE2, 0xC2, 0x74,
- 0xD4, 0xDA, 0xF8, 0xAD, 0x00, 0x10, 0x54, 0xC7,
- 0x6C, 0xE5, 0x79, 0x71, 0xC6, 0xF4, 0x48, 0x6D,
- 0x57, 0x23, 0x04, 0x32, 0x61, 0xC5, 0x06, 0xEB,
- 0xF5, 0xBE, 0x43, 0x8F, 0x53, 0xDE, 0x04, 0xF0,
- 0x67, 0xC7, 0x76, 0xE0, 0xDD, 0x3B, 0x71, 0xA6,
- 0x29, 0x01, 0x33, 0x28, 0x37, 0x25, 0xA5, 0x32,
- 0xF2, 0x1A, 0xF1, 0x45, 0x12, 0x6D, 0xC1, 0xD7,
- 0x77, 0xEC, 0xC2, 0x7B, 0xE5, 0x08, 0x35, 0xBD,
- 0x28, 0x09, 0x8B, 0x8A, 0x73, 0xD9, 0xF8, 0x01,
- 0xD8, 0x93, 0x79, 0x3A, 0x41, 0xFF, 0x5C, 0x49,
- 0xB8, 0x7E, 0x79, 0xF2, 0xBE, 0x4D, 0x56, 0xCE,
- 0x55, 0x7E, 0x13, 0x4A, 0xD8, 0x5B, 0xB1, 0xD4,
- 0xB9, 0xCE, 0x4F, 0x8B, 0xE4, 0xB0, 0x8A, 0x12,
- 0xBA, 0xBF, 0x55, 0xB1, 0xD6, 0xF1, 0xD7, 0xA6,
- 0x38, 0x01, 0x9E, 0xA2, 0x8E, 0x15, 0xAB, 0x1C,
- 0x9F, 0x76, 0x37, 0x5F, 0xDD, 0x12, 0x10, 0xD4,
- 0xF4, 0x35, 0x1B, 0x9A, 0x00, 0x94, 0x86, 0xB7,
- 0xF3, 0xED, 0x46, 0xC9, 0x65, 0xDE, 0xD2, 0xD8,
- 0x0D, 0xAD, 0xE4, 0xF3, 0x8C, 0x67, 0x21, 0xD5,
- 0x2C, 0x3A, 0xD1, 0x03, 0xA1, 0x0E, 0xBD, 0x29,
- 0x59, 0x24, 0x8B, 0x4E, 0xF0, 0x06, 0x83, 0x6B,
- 0xF0, 0x97, 0x44, 0x8E, 0x61, 0x07, 0xC9, 0xED,
- 0xEE, 0x9F, 0xB7, 0x04, 0x82, 0x3D, 0xF1, 0x99,
- 0xF8, 0x32, 0xC9, 0x05, 0xAE, 0x45, 0xF8, 0xA2,
- 0x47, 0xA0, 0x72, 0xD8, 0xEF, 0x72, 0x9E, 0xAB,
- 0xC5, 0xE2, 0x75, 0x74, 0xB0, 0x77, 0x39, 0xB3,
- 0x4B, 0xE7, 0x4A, 0x53, 0x2F, 0x74, 0x7B, 0x86
- };
- byte encSsv[] = {
- 0x89, 0xE0, 0xBC, 0x66, 0x1A, 0xA1, 0xE9, 0x16,
- 0x38, 0xE6, 0xAC, 0xC8, 0x4E, 0x49, 0x65, 0x07
- };
- int ret;
- int valid;
- byte pubKey[sizeof(pubData) + 1];
- word32 sz = sizeof(pubKey);
- byte tmpSsv[sizeof(encSsv)];
- byte* iTable = NULL;
- word32 iTableLen;
- byte* table = NULL;
- word32 len;
- ret = wc_ImportSakkePublicKey(key, pubData, sizeof(pubData), 0);
- if (ret != 0)
- return -10315;
- ret = wc_DecodeSakkeRsk(key, rskData, sizeof(rskData), rsk);
- if (ret != 0)
- return -10316;
- ret = wc_ValidateSakkeRsk(key, id, sizeof(id), rsk, &valid);
- if (ret != 0)
- return -10317;
- if (valid != 1)
- return -10318;
- ret = wc_SetSakkeRsk(key, rsk, NULL, 0);
- if (ret != 0)
- return -10319;
- ret = wc_SetSakkeIdentity(key, id, sizeof(id));
- if (ret != 0)
- return -10319;
- XMEMCPY(tmpSsv, encSsv, sizeof(encSsv));
- ret = wc_DeriveSakkeSSV(key, WC_HASH_TYPE_SHA256, tmpSsv, sizeof(tmpSsv),
- auth, sizeof(auth));
- if (ret != 0)
- return -10322;
- if (XMEMCMP(tmpSsv, ssv, sizeof(ssv)) != 0)
- return -10320;
- ret = wc_MakeSakkePointI(key, id, sizeof(id));
- if (ret != 0)
- return -10321;
- iTableLen = 0;
- ret = wc_GenerateSakkePointITable(key, NULL, &iTableLen);
- if (ret != LENGTH_ONLY_E)
- return -10322;
- if (iTableLen != 0) {
- iTable = (byte*)XMALLOC(iTableLen, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- if (iTable == NULL)
- return -10323;
- ret = wc_GenerateSakkePointITable(key, iTable, &iTableLen);
- if (ret != 0)
- return -10324;
- }
- len = 0;
- ret = wc_GenerateSakkeRskTable(key, rsk, NULL, &len);
- if (ret != LENGTH_ONLY_E)
- return -10325;
- if (len > 0) {
- table = (byte*)XMALLOC(len, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- if (table == NULL)
- return -10326;
- ret = wc_GenerateSakkeRskTable(key, rsk, table, &len);
- if (ret != 0)
- return -10327;
- }
- ret = wc_SetSakkeRsk(key, rsk, table, len);
- if (ret != 0)
- return -10319;
- XMEMCPY(tmpSsv, encSsv, sizeof(encSsv));
- ret = wc_DeriveSakkeSSV(key, WC_HASH_TYPE_SHA256, tmpSsv, sizeof(tmpSsv),
- auth, sizeof(auth));
- if (ret != 0)
- return -10328;
- if (XMEMCMP(tmpSsv, ssv, sizeof(ssv)) != 0)
- return -10329;
- /* Don't reference table that is about to be freed. */
- ret = wc_ClearSakkePointITable(key);
- if (ret != 0)
- return -10330;
- /* Dispose of tables */
- if (iTable != NULL)
- XFREE(iTable, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- if (table != NULL)
- XFREE(table, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- /* Make sure the key public key is exportable - convert to Montgomery form
- * in Validation.
- */
- ret = wc_ExportSakkePublicKey(key, pubKey, &sz, 1);
- if (ret != 0)
- return -10331;
- if (sz != sizeof(pubData))
- return -10332;
- if (XMEMCMP(pubKey, pubData, sizeof(pubData)) != 0)
- return -10333;
- sz = sizeof(pubData) + 1;
- ret = wc_ExportSakkePublicKey(key, pubKey, &sz, 0);
- if (ret != 0)
- return -10334;
- if (sz != sizeof(pubData) + 1)
- return -10335;
- if (pubKey[0] != 0x04)
- return -10336;
- if (XMEMCMP(pubKey + 1, pubData, sizeof(pubData)) != 0)
- return -10337;
- return 0;
- }
- static int sakke_kat_encapsulate_test(SakkeKey* key)
- {
- static const byte pubData[] = {
- 0x59, 0x58, 0xEF, 0x1B, 0x16, 0x79, 0xBF, 0x09,
- 0x9B, 0x3A, 0x03, 0x0D, 0xF2, 0x55, 0xAA, 0x6A,
- 0x23, 0xC1, 0xD8, 0xF1, 0x43, 0xD4, 0xD2, 0x3F,
- 0x75, 0x3E, 0x69, 0xBD, 0x27, 0xA8, 0x32, 0xF3,
- 0x8C, 0xB4, 0xAD, 0x53, 0xDD, 0xEF, 0x42, 0x60,
- 0xB0, 0xFE, 0x8B, 0xB4, 0x5C, 0x4C, 0x1F, 0xF5,
- 0x10, 0xEF, 0xFE, 0x30, 0x03, 0x67, 0xA3, 0x7B,
- 0x61, 0xF7, 0x01, 0xD9, 0x14, 0xAE, 0xF0, 0x97,
- 0x24, 0x82, 0x5F, 0xA0, 0x70, 0x7D, 0x61, 0xA6,
- 0xDF, 0xF4, 0xFB, 0xD7, 0x27, 0x35, 0x66, 0xCD,
- 0xDE, 0x35, 0x2A, 0x0B, 0x04, 0xB7, 0xC1, 0x6A,
- 0x78, 0x30, 0x9B, 0xE6, 0x40, 0x69, 0x7D, 0xE7,
- 0x47, 0x61, 0x3A, 0x5F, 0xC1, 0x95, 0xE8, 0xB9,
- 0xF3, 0x28, 0x85, 0x2A, 0x57, 0x9D, 0xB8, 0xF9,
- 0x9B, 0x1D, 0x00, 0x34, 0x47, 0x9E, 0xA9, 0xC5,
- 0x59, 0x5F, 0x47, 0xC4, 0xB2, 0xF5, 0x4F, 0xF2,
- 0x15, 0x08, 0xD3, 0x75, 0x14, 0xDC, 0xF7, 0xA8,
- 0xE1, 0x43, 0xA6, 0x05, 0x8C, 0x09, 0xA6, 0xBF,
- 0x2C, 0x98, 0x58, 0xCA, 0x37, 0xC2, 0x58, 0x06,
- 0x5A, 0xE6, 0xBF, 0x75, 0x32, 0xBC, 0x8B, 0x5B,
- 0x63, 0x38, 0x38, 0x66, 0xE0, 0x75, 0x3C, 0x5A,
- 0xC0, 0xE7, 0x27, 0x09, 0xF8, 0x44, 0x5F, 0x2E,
- 0x61, 0x78, 0xE0, 0x65, 0x85, 0x7E, 0x0E, 0xDA,
- 0x10, 0xF6, 0x82, 0x06, 0xB6, 0x35, 0x05, 0xED,
- 0x87, 0xE5, 0x34, 0xFB, 0x28, 0x31, 0xFF, 0x95,
- 0x7F, 0xB7, 0xDC, 0x61, 0x9D, 0xAE, 0x61, 0x30,
- 0x1E, 0xEA, 0xCC, 0x2F, 0xDA, 0x36, 0x80, 0xEA,
- 0x49, 0x99, 0x25, 0x8A, 0x83, 0x3C, 0xEA, 0x8F,
- 0xC6, 0x7C, 0x6D, 0x19, 0x48, 0x7F, 0xB4, 0x49,
- 0x05, 0x9F, 0x26, 0xCC, 0x8A, 0xAB, 0x65, 0x5A,
- 0xB5, 0x8B, 0x7C, 0xC7, 0x96, 0xE2, 0x4E, 0x9A,
- 0x39, 0x40, 0x95, 0x75, 0x4F, 0x5F, 0x8B, 0xAE
- };
- static const byte id[] = {
- 0x32, 0x30, 0x31, 0x31, 0x2D, 0x30, 0x32, 0x00,
- 0x74, 0x65, 0x6C, 0x3A, 0x2B, 0x34, 0x34, 0x37,
- 0x37, 0x30, 0x30, 0x39, 0x30, 0x30, 0x31, 0x32,
- 0x33, 0x00
- };
- static word32 idSz = sizeof(id);
- byte ssv[] = {
- 0x12, 0x34, 0x56, 0x78, 0x9A, 0xBC, 0xDE, 0xF0,
- 0x12, 0x34, 0x56, 0x78, 0x9A, 0xBC, 0xDE, 0xF0
- };
- static word16 ssvSz = sizeof(ssv);
- static const byte expAuth[] = {
- 0x04,
- 0x44, 0xE8, 0xAD, 0x44, 0xAB, 0x85, 0x92, 0xA6,
- 0xA5, 0xA3, 0xDD, 0xCA, 0x5C, 0xF8, 0x96, 0xC7,
- 0x18, 0x04, 0x36, 0x06, 0xA0, 0x1D, 0x65, 0x0D,
- 0xEF, 0x37, 0xA0, 0x1F, 0x37, 0xC2, 0x28, 0xC3,
- 0x32, 0xFC, 0x31, 0x73, 0x54, 0xE2, 0xC2, 0x74,
- 0xD4, 0xDA, 0xF8, 0xAD, 0x00, 0x10, 0x54, 0xC7,
- 0x6C, 0xE5, 0x79, 0x71, 0xC6, 0xF4, 0x48, 0x6D,
- 0x57, 0x23, 0x04, 0x32, 0x61, 0xC5, 0x06, 0xEB,
- 0xF5, 0xBE, 0x43, 0x8F, 0x53, 0xDE, 0x04, 0xF0,
- 0x67, 0xC7, 0x76, 0xE0, 0xDD, 0x3B, 0x71, 0xA6,
- 0x29, 0x01, 0x33, 0x28, 0x37, 0x25, 0xA5, 0x32,
- 0xF2, 0x1A, 0xF1, 0x45, 0x12, 0x6D, 0xC1, 0xD7,
- 0x77, 0xEC, 0xC2, 0x7B, 0xE5, 0x08, 0x35, 0xBD,
- 0x28, 0x09, 0x8B, 0x8A, 0x73, 0xD9, 0xF8, 0x01,
- 0xD8, 0x93, 0x79, 0x3A, 0x41, 0xFF, 0x5C, 0x49,
- 0xB8, 0x7E, 0x79, 0xF2, 0xBE, 0x4D, 0x56, 0xCE,
- 0x55, 0x7E, 0x13, 0x4A, 0xD8, 0x5B, 0xB1, 0xD4,
- 0xB9, 0xCE, 0x4F, 0x8B, 0xE4, 0xB0, 0x8A, 0x12,
- 0xBA, 0xBF, 0x55, 0xB1, 0xD6, 0xF1, 0xD7, 0xA6,
- 0x38, 0x01, 0x9E, 0xA2, 0x8E, 0x15, 0xAB, 0x1C,
- 0x9F, 0x76, 0x37, 0x5F, 0xDD, 0x12, 0x10, 0xD4,
- 0xF4, 0x35, 0x1B, 0x9A, 0x00, 0x94, 0x86, 0xB7,
- 0xF3, 0xED, 0x46, 0xC9, 0x65, 0xDE, 0xD2, 0xD8,
- 0x0D, 0xAD, 0xE4, 0xF3, 0x8C, 0x67, 0x21, 0xD5,
- 0x2C, 0x3A, 0xD1, 0x03, 0xA1, 0x0E, 0xBD, 0x29,
- 0x59, 0x24, 0x8B, 0x4E, 0xF0, 0x06, 0x83, 0x6B,
- 0xF0, 0x97, 0x44, 0x8E, 0x61, 0x07, 0xC9, 0xED,
- 0xEE, 0x9F, 0xB7, 0x04, 0x82, 0x3D, 0xF1, 0x99,
- 0xF8, 0x32, 0xC9, 0x05, 0xAE, 0x45, 0xF8, 0xA2,
- 0x47, 0xA0, 0x72, 0xD8, 0xEF, 0x72, 0x9E, 0xAB,
- 0xC5, 0xE2, 0x75, 0x74, 0xB0, 0x77, 0x39, 0xB3,
- 0x4B, 0xE7, 0x4A, 0x53, 0x2F, 0x74, 0x7B, 0x86
- };
- static const byte encSsv[] = {
- 0x89, 0xE0, 0xBC, 0x66, 0x1A, 0xA1, 0xE9, 0x16,
- 0x38, 0xE6, 0xAC, 0xC8, 0x4E, 0x49, 0x65, 0x07
- };
- int ret;
- byte auth[257];
- word16 authSz = sizeof(auth);
- ret = wc_ImportSakkePublicKey(key, pubData, sizeof(pubData), 0);
- if (ret != 0)
- return -10334;
- ret = wc_SetSakkeIdentity(key, id, idSz);
- if (ret != 0)
- return -10335;
- ret = wc_MakeSakkeEncapsulatedSSV(key, WC_HASH_TYPE_SHA256, ssv, ssvSz,
- auth, &authSz);
- if (ret != 0)
- return -10336;
- if (authSz != 257)
- return -10337;
- if (XMEMCMP(ssv, encSsv, ssvSz) != 0)
- return -10338;
- if (XMEMCMP(auth, expAuth, authSz) != 0)
- return -10339;
- return 0;
- }
- static int sakke_make_key_test(SakkeKey* priv, SakkeKey* pub, SakkeKey* key,
- WC_RNG* rng, ecc_point* rsk)
- {
- int ret;
- byte data[440];
- byte pubData[257];
- word32 sz;
- char mail[] = "test@wolfssl.com";
- byte* id = (byte*)mail;
- word32 idSz = (word32)XSTRLEN(mail);
- int valid;
- ecc_point* pubKey = rsk;
- ret = wc_InitSakkeKey_ex(key, 128, ECC_SAKKE_1, NULL, INVALID_DEVID);
- if (ret != 0)
- return -10339;
- ret = wc_MakeSakkeKey(priv, rng);
- if (ret != 0)
- return -10340;
- ret = wc_ExportSakkeKey(priv, NULL, &sz);
- if (ret != LENGTH_ONLY_E)
- return -10341;
- if (sz != 384)
- return -10342;
- sz--;
- ret = wc_ExportSakkeKey(priv, data, &sz);
- if (ret == 0)
- return -10343;
- sz++;
- ret = wc_ExportSakkeKey(priv, data, &sz);
- if (ret != 0)
- return -10344;
- if (sz != 384)
- return -10345;
- ret = wc_ImportSakkeKey(key, data, sz - 1);
- if (ret == 0)
- return -10346;
- ret = wc_ImportSakkeKey(key, data, sz);
- if (ret != 0)
- return -10347;
- wc_FreeSakkeKey(key);
- ret = wc_InitSakkeKey_ex(key, 128, ECC_SAKKE_1, NULL, INVALID_DEVID);
- if (ret != 0)
- return -10348;
- ret = wc_ExportSakkePrivateKey(priv, NULL, &sz);
- if (ret != LENGTH_ONLY_E)
- return -10349;
- if (sz != 128)
- return -10350;
- sz--;
- ret = wc_ExportSakkePrivateKey(priv, data, &sz);
- if (ret == 0)
- return -10351;
- sz++;
- ret = wc_ExportSakkePrivateKey(priv, data, &sz);
- if (ret != 0)
- return -10352;
- if (sz != 128)
- return -10353;
- ret = wc_ImportSakkePrivateKey(key, data, sz - 1);
- if (ret == 0)
- return -10354;
- ret = wc_ImportSakkePrivateKey(key, data, sz);
- if (ret != 0)
- return -10355;
- ret = wc_MakeSakkePublicKey(key, pubKey);
- if (ret != 0)
- return -10356;
- ret = wc_ExportSakkePublicKey(priv, NULL, &sz, 1);
- if (ret != LENGTH_ONLY_E)
- return -10357;
- if (sz != 256)
- return -10358;
- sz--;
- ret = wc_ExportSakkePublicKey(priv, data, &sz, 1);
- if (ret == 0)
- return -10359;
- sz++;
- ret = wc_ExportSakkePublicKey(priv, data, &sz, 1);
- if (ret != 0)
- return -10360;
- if (sz != 256)
- return -10361;
- ret = wc_ImportSakkePublicKey(pub, data, sz - 1, 1);
- if (ret == 0)
- return -10362;
- ret = wc_ImportSakkePublicKey(pub, data, sz, 1);
- if (ret != 0)
- return -10363;
- ret = wc_ExportSakkePublicKey(pub, pubData, &sz, 1);
- if (ret != 0)
- return -10364;
- if (sz != 256)
- return -10365;
- if (XMEMCMP(data, pubData, sz) != 0)
- return -10366;
- ret = wc_MakeSakkeRsk(priv, id, idSz, rsk);
- if (ret != 0)
- return -10367;
- ret = wc_ValidateSakkeRsk(priv, id, idSz, rsk, &valid);
- if (ret != 0)
- return -10368;
- if (valid != 1)
- return -10369;
- ret = wc_ValidateSakkeRsk(pub, id, idSz, rsk, &valid);
- if (ret != 0)
- return -10370;
- if (valid != 1)
- return -10371;
- sz = sizeof(data);
- ret = wc_EncodeSakkeRsk(priv, rsk, data, &sz, 1);
- if (ret != 0)
- return -10372;
- if (sz != 256)
- return -10373;
- ret = wc_DecodeSakkeRsk(priv, data, sz, rsk);
- if (ret != 0)
- return -10374;
- sz = sizeof(pubData);
- ret = wc_EncodeSakkeRsk(priv, rsk, pubData, &sz, 0);
- if (ret != 0)
- return -10375;
- if (sz != sizeof(pubData))
- return -10376;
- ret = wc_DecodeSakkeRsk(priv, pubData, sz, rsk);
- if (ret != 0)
- return -10377;
- wc_FreeSakkeKey(key);
- return 0;
- }
- static int sakke_op_test(SakkeKey* priv, SakkeKey* pub, WC_RNG* rng,
- ecc_point* rsk)
- {
- int ret;
- byte ssv[16];
- word16 ssvSz;
- byte auth[257];
- word16 authSz;
- char mail[] = "test@wolfssl.com";
- byte* id = (byte*)mail;
- word32 idSz = (word32)XSTRLEN(mail);
- byte pointI[256];
- word32 sz;
- ret = wc_GenerateSakkeSSV(pub, rng, NULL, &ssvSz);
- if (ret != LENGTH_ONLY_E)
- return -10375;
- if (ssvSz != 16)
- return -10376;
- ssvSz += 128;
- ret = wc_GenerateSakkeSSV(pub, rng, ssv, &ssvSz);
- if (ret == 0)
- return -10377;
- ssvSz -= 128;
- ret = wc_GenerateSakkeSSV(pub, rng, ssv, &ssvSz);
- if (ret != 0)
- return -10378;
- if (ssvSz != 16)
- return -10379;
- ret = wc_GetSakkeAuthSize(pub, &authSz);
- if (ret != 0)
- return -10380;
- ret = wc_SetSakkeIdentity(pub, id, idSz);
- if (ret != 0)
- return -10380;
- ret = wc_MakeSakkeEncapsulatedSSV(pub, WC_HASH_TYPE_SHA256, ssv, ssvSz,
- NULL, &authSz);
- if (ret != LENGTH_ONLY_E)
- return -10381;
- if (authSz != 257)
- return -10382;
- authSz--;
- ret = wc_MakeSakkeEncapsulatedSSV(pub, WC_HASH_TYPE_SHA256, ssv, ssvSz,
- auth, &authSz);
- if (ret == 0)
- return -10383;
- authSz++;
- ret = wc_MakeSakkeEncapsulatedSSV(pub, WC_HASH_TYPE_SHA256, ssv, ssvSz,
- auth, &authSz);
- if (ret != 0)
- return -10384;
- if (authSz != 257)
- return -10385;
- ret = wc_GetSakkePointI(pub, NULL, &sz);
- if (ret != LENGTH_ONLY_E)
- return -10386;
- if (sz != 256)
- return -10387;
- ret = wc_GetSakkePointI(pub, pointI, &sz);
- if (ret != 0)
- return -10388;
- if (sz != 256)
- return -10389;
- /* Bogus identity - make it check and regenerate I. */
- ret = wc_MakeSakkePointI(pub, ssv, ssvSz);
- if (ret != 0)
- return -10391;
- ret = wc_MakeSakkeEncapsulatedSSV(pub, WC_HASH_TYPE_SHA256, ssv, ssvSz,
- auth, &authSz);
- if (ret != 0)
- return -10392;
- if (authSz != 257)
- return -10393;
- ret = wc_SetSakkeRsk(priv, rsk, NULL, 0);
- if (ret != 0)
- return -10392;
- ret = wc_SetSakkeIdentity(priv, id, idSz);
- if (ret != 0)
- return -10392;
- authSz--;
- ret = wc_DeriveSakkeSSV(priv, WC_HASH_TYPE_SHA256, ssv, ssvSz, auth,
- authSz);
- if (ret == 0)
- return -10394;
- authSz++;
- ret = wc_DeriveSakkeSSV(priv, WC_HASH_TYPE_SHA256, ssv, ssvSz, auth,
- authSz);
- if (ret != 0)
- return -10395;
- ssv[0] ^= 0x80;
- ret = wc_DeriveSakkeSSV(priv, WC_HASH_TYPE_SHA256, ssv, ssvSz, auth,
- authSz);
- if (ret != SAKKE_VERIFY_FAIL_E)
- return -10396;
- ssv[0] ^= 0x80;
- /* Bogus identity - make it check and regenerate I. */
- ret = wc_MakeSakkePointI(pub, ssv, idSz);
- if (ret != 0)
- return -10397;
- ret = wc_DeriveSakkeSSV(priv, WC_HASH_TYPE_SHA256, ssv, ssvSz, auth,
- authSz);
- if (ret != 0)
- return -10398;
- return 0;
- }
- int sakke_test(void)
- {
- int ret = 0;
- WC_RNG rng;
- SakkeKey* priv = NULL;
- SakkeKey* pub = NULL;
- SakkeKey* key = NULL;
- ecc_point* rsk = NULL;
- priv = (SakkeKey*)XMALLOC(sizeof(SakkeKey), HEAP_HINT,
- DYNAMIC_TYPE_TMP_BUFFER);
- if (priv == NULL) {
- ret = -10404;
- }
- if (ret == 0) {
- pub = (SakkeKey*)XMALLOC(sizeof(SakkeKey), HEAP_HINT,
- DYNAMIC_TYPE_TMP_BUFFER);
- if (pub == NULL) {
- ret = -10405;
- }
- }
- if (ret == 0) {
- key = (SakkeKey*)XMALLOC(sizeof(SakkeKey), HEAP_HINT,
- DYNAMIC_TYPE_TMP_BUFFER);
- if (key == NULL) {
- ret = -10406;
- }
- }
- if (ret == 0) {
- #ifndef HAVE_FIPS
- ret = wc_InitRng_ex(&rng, HEAP_HINT, devId);
- #else
- ret = wc_InitRng(&rng);
- #endif
- if (ret != 0)
- ret = -10400;
- }
- if (ret == 0) {
- rsk = wc_ecc_new_point();
- if (rsk == NULL)
- ret = -10401;
- }
- if (ret == 0) {
- ret = wc_InitSakkeKey(pub, HEAP_HINT, INVALID_DEVID);
- if (ret != 0)
- ret = -10402;
- }
- if (ret == 0) {
- ret = wc_InitSakkeKey(priv, HEAP_HINT, INVALID_DEVID);
- if (ret != 0)
- ret = -10403;
- }
- if (ret == 0) {
- ret = sakke_api_test(&rng, key, rsk);
- }
- if (ret == 0) {
- ret = sakke_kat_derive_test(pub, rsk);
- }
- if (ret == 0) {
- ret = sakke_kat_encapsulate_test(pub);
- }
- if (ret == 0) {
- ret = sakke_make_key_test(priv, pub, key, &rng, rsk);
- }
- if (ret == 0) {
- ret = sakke_op_test(priv, pub, &rng, rsk);
- }
- wc_FreeSakkeKey(priv);
- wc_FreeSakkeKey(pub);
- wc_ecc_forcezero_point(rsk);
- wc_ecc_del_point(rsk);
- if (ret != -10400)
- wc_FreeRng(&rng);
- if (key != NULL)
- XFREE(key, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- if (pub != NULL)
- XFREE(pub, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- if (priv != NULL)
- XFREE(priv, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- return ret;
- }
- #endif /* WOLFCRYPT_HAVE_SAKKE */
- #if defined(WOLFSSL_CMAC) && !defined(NO_AES)
- typedef struct CMAC_Test_Case {
- int type;
- int partial;
- const byte* m;
- word32 mSz;
- const byte* k;
- word32 kSz;
- const byte* t;
- word32 tSz;
- } CMAC_Test_Case;
- WOLFSSL_TEST_SUBROUTINE int cmac_test(void)
- {
- #ifdef WOLFSSL_AES_128
- WOLFSSL_SMALL_STACK_STATIC const byte k128[] =
- {
- 0x2b, 0x7e, 0x15, 0x16, 0x28, 0xae, 0xd2, 0xa6,
- 0xab, 0xf7, 0x15, 0x88, 0x09, 0xcf, 0x4f, 0x3c
- };
- #define KLEN_128 (sizeof(k128))
- #endif
- #ifdef WOLFSSL_AES_192
- WOLFSSL_SMALL_STACK_STATIC const byte k192[] =
- {
- 0x8e, 0x73, 0xb0, 0xf7, 0xda, 0x0e, 0x64, 0x52,
- 0xc8, 0x10, 0xf3, 0x2b, 0x80, 0x90, 0x79, 0xe5,
- 0x62, 0xf8, 0xea, 0xd2, 0x52, 0x2c, 0x6b, 0x7b
- };
- #define KLEN_192 (sizeof(k192))
- #endif
- #ifdef WOLFSSL_AES_256
- WOLFSSL_SMALL_STACK_STATIC const byte k256[] =
- {
- 0x60, 0x3d, 0xeb, 0x10, 0x15, 0xca, 0x71, 0xbe,
- 0x2b, 0x73, 0xae, 0xf0, 0x85, 0x7d, 0x77, 0x81,
- 0x1f, 0x35, 0x2c, 0x07, 0x3b, 0x61, 0x08, 0xd7,
- 0x2d, 0x98, 0x10, 0xa3, 0x09, 0x14, 0xdf, 0xf4
- };
- #define KLEN_256 (sizeof(k256))
- #endif
- WOLFSSL_SMALL_STACK_STATIC const byte m[] =
- {
- 0x6b, 0xc1, 0xbe, 0xe2, 0x2e, 0x40, 0x9f, 0x96,
- 0xe9, 0x3d, 0x7e, 0x11, 0x73, 0x93, 0x17, 0x2a,
- 0xae, 0x2d, 0x8a, 0x57, 0x1e, 0x03, 0xac, 0x9c,
- 0x9e, 0xb7, 0x6f, 0xac, 0x45, 0xaf, 0x8e, 0x51,
- 0x30, 0xc8, 0x1c, 0x46, 0xa3, 0x5c, 0xe4, 0x11,
- 0xe5, 0xfb, 0xc1, 0x19, 0x1a, 0x0a, 0x52, 0xef,
- 0xf6, 0x9f, 0x24, 0x45, 0xdf, 0x4f, 0x9b, 0x17,
- 0xad, 0x2b, 0x41, 0x7b, 0xe6, 0x6c, 0x37, 0x10
- };
- #define MLEN_0 (0)
- #define MLEN_128 (128/8)
- #define MLEN_320 (320/8)
- #define MLEN_319 (MLEN_320 - 1)
- #define MLEN_512 (512/8)
- #ifdef WOLFSSL_AES_128
- WOLFSSL_SMALL_STACK_STATIC const byte t128_0[] =
- {
- 0xbb, 0x1d, 0x69, 0x29, 0xe9, 0x59, 0x37, 0x28,
- 0x7f, 0xa3, 0x7d, 0x12, 0x9b, 0x75, 0x67, 0x46
- };
- WOLFSSL_SMALL_STACK_STATIC const byte t128_128[] =
- {
- 0x07, 0x0a, 0x16, 0xb4, 0x6b, 0x4d, 0x41, 0x44,
- 0xf7, 0x9b, 0xdd, 0x9d, 0xd0, 0x4a, 0x28, 0x7c
- };
- WOLFSSL_SMALL_STACK_STATIC const byte t128_319[] =
- {
- 0x2c, 0x17, 0x84, 0x4c, 0x93, 0x1c, 0x07, 0x95,
- 0x15, 0x92, 0x73, 0x0a, 0x34, 0xd0, 0xd9, 0xd2
- };
- WOLFSSL_SMALL_STACK_STATIC const byte t128_320[] =
- {
- 0xdf, 0xa6, 0x67, 0x47, 0xde, 0x9a, 0xe6, 0x30,
- 0x30, 0xca, 0x32, 0x61, 0x14, 0x97, 0xc8, 0x27
- };
- WOLFSSL_SMALL_STACK_STATIC const byte t128_512[] =
- {
- 0x51, 0xf0, 0xbe, 0xbf, 0x7e, 0x3b, 0x9d, 0x92,
- 0xfc, 0x49, 0x74, 0x17, 0x79, 0x36, 0x3c, 0xfe
- };
- #endif
- #ifdef WOLFSSL_AES_192
- WOLFSSL_SMALL_STACK_STATIC const byte t192_0[] =
- {
- 0xd1, 0x7d, 0xdf, 0x46, 0xad, 0xaa, 0xcd, 0xe5,
- 0x31, 0xca, 0xc4, 0x83, 0xde, 0x7a, 0x93, 0x67
- };
- WOLFSSL_SMALL_STACK_STATIC const byte t192_128[] =
- {
- 0x9e, 0x99, 0xa7, 0xbf, 0x31, 0xe7, 0x10, 0x90,
- 0x06, 0x62, 0xf6, 0x5e, 0x61, 0x7c, 0x51, 0x84
- };
- WOLFSSL_SMALL_STACK_STATIC const byte t192_320[] =
- {
- 0x8a, 0x1d, 0xe5, 0xbe, 0x2e, 0xb3, 0x1a, 0xad,
- 0x08, 0x9a, 0x82, 0xe6, 0xee, 0x90, 0x8b, 0x0e
- };
- WOLFSSL_SMALL_STACK_STATIC const byte t192_512[] =
- {
- 0xa1, 0xd5, 0xdf, 0x0e, 0xed, 0x79, 0x0f, 0x79,
- 0x4d, 0x77, 0x58, 0x96, 0x59, 0xf3, 0x9a, 0x11
- };
- #endif
- #ifdef WOLFSSL_AES_256
- WOLFSSL_SMALL_STACK_STATIC const byte t256_0[] =
- {
- 0x02, 0x89, 0x62, 0xf6, 0x1b, 0x7b, 0xf8, 0x9e,
- 0xfc, 0x6b, 0x55, 0x1f, 0x46, 0x67, 0xd9, 0x83
- };
- WOLFSSL_SMALL_STACK_STATIC const byte t256_128[] =
- {
- 0x28, 0xa7, 0x02, 0x3f, 0x45, 0x2e, 0x8f, 0x82,
- 0xbd, 0x4b, 0xf2, 0x8d, 0x8c, 0x37, 0xc3, 0x5c
- };
- WOLFSSL_SMALL_STACK_STATIC const byte t256_320[] =
- {
- 0xaa, 0xf3, 0xd8, 0xf1, 0xde, 0x56, 0x40, 0xc2,
- 0x32, 0xf5, 0xb1, 0x69, 0xb9, 0xc9, 0x11, 0xe6
- };
- WOLFSSL_SMALL_STACK_STATIC const byte t256_512[] =
- {
- 0xe1, 0x99, 0x21, 0x90, 0x54, 0x9f, 0x6e, 0xd5,
- 0x69, 0x6a, 0x2c, 0x05, 0x6c, 0x31, 0x54, 0x10
- };
- #endif
- const CMAC_Test_Case testCases[] =
- {
- #ifdef WOLFSSL_AES_128
- {WC_CMAC_AES, 0, m, MLEN_0, k128, KLEN_128, t128_0, AES_BLOCK_SIZE},
- {WC_CMAC_AES, 0, m, MLEN_128, k128, KLEN_128, t128_128, AES_BLOCK_SIZE},
- {WC_CMAC_AES, 0, m, MLEN_320, k128, KLEN_128, t128_320, AES_BLOCK_SIZE},
- {WC_CMAC_AES, 0, m, MLEN_512, k128, KLEN_128, t128_512, AES_BLOCK_SIZE},
- {WC_CMAC_AES, 5, m, MLEN_512, k128, KLEN_128, t128_512, AES_BLOCK_SIZE},
- #endif
- #ifdef WOLFSSL_AES_192
- {WC_CMAC_AES, 0, m, MLEN_0, k192, KLEN_192, t192_0, AES_BLOCK_SIZE},
- {WC_CMAC_AES, 0, m, MLEN_128, k192, KLEN_192, t192_128, AES_BLOCK_SIZE},
- {WC_CMAC_AES, 0, m, MLEN_320, k192, KLEN_192, t192_320, AES_BLOCK_SIZE},
- {WC_CMAC_AES, 0, m, MLEN_512, k192, KLEN_192, t192_512, AES_BLOCK_SIZE},
- #endif
- #ifdef WOLFSSL_AES_256
- {WC_CMAC_AES, 0, m, MLEN_0, k256, KLEN_256, t256_0, AES_BLOCK_SIZE},
- {WC_CMAC_AES, 0, m, MLEN_128, k256, KLEN_256, t256_128, AES_BLOCK_SIZE},
- {WC_CMAC_AES, 0, m, MLEN_320, k256, KLEN_256, t256_320, AES_BLOCK_SIZE},
- {WC_CMAC_AES, 0, m, MLEN_512, k256, KLEN_256, t256_512, AES_BLOCK_SIZE},
- #endif
- #ifdef WOLFSSL_AES_128
- {WC_CMAC_AES, 0, m, MLEN_319, k128, KLEN_128, t128_319, AES_BLOCK_SIZE}
- #endif
- };
- #ifdef WOLFSSL_SMALL_STACK
- Cmac *cmac;
- #else
- Cmac cmac[1];
- #endif
- byte tag[AES_BLOCK_SIZE];
- const CMAC_Test_Case* tc;
- word32 i, tagSz;
- int ret;
- #ifdef WOLFSSL_SMALL_STACK
- if ((cmac = (Cmac *)XMALLOC(sizeof *cmac, HEAP_HINT, DYNAMIC_TYPE_CMAC)) == NULL)
- ERROR_OUT(-12009, out);
- #endif
- for (i = 0, tc = testCases;
- i < sizeof(testCases)/sizeof(CMAC_Test_Case);
- i++, tc++) {
- XMEMSET(tag, 0, sizeof(tag));
- tagSz = AES_BLOCK_SIZE;
- #if !defined(HAVE_FIPS) || \
- defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION >= 3)
- if (wc_InitCmac_ex(cmac, tc->k, tc->kSz, tc->type, NULL, HEAP_HINT, devId) != 0)
- #else
- if (wc_InitCmac(cmac, tc->k, tc->kSz, tc->type, NULL) != 0)
- #endif
- {
- ERROR_OUT(-12000, out);
- }
- if (tc->partial) {
- if (wc_CmacUpdate(cmac, tc->m,
- tc->mSz/2 - tc->partial) != 0)
- ERROR_OUT(-12001, out);
- if (wc_CmacUpdate(cmac, tc->m + tc->mSz/2 - tc->partial,
- tc->mSz/2 + tc->partial) != 0)
- ERROR_OUT(-12002, out);
- }
- else {
- if (wc_CmacUpdate(cmac, tc->m, tc->mSz) != 0)
- ERROR_OUT(-12003, out);
- }
- if (wc_CmacFinal(cmac, tag, &tagSz) != 0)
- ERROR_OUT(-12004, out);
- if (XMEMCMP(tag, tc->t, AES_BLOCK_SIZE) != 0)
- ERROR_OUT(-12005, out);
- XMEMSET(tag, 0, sizeof(tag));
- tagSz = sizeof(tag);
- if (wc_AesCmacGenerate(tag, &tagSz, tc->m, tc->mSz,
- tc->k, tc->kSz) != 0)
- ERROR_OUT(-12006, out);
- if (XMEMCMP(tag, tc->t, AES_BLOCK_SIZE) != 0)
- ERROR_OUT(-12007, out);
- if (wc_AesCmacVerify(tc->t, tc->tSz, tc->m, tc->mSz,
- tc->k, tc->kSz) != 0)
- ERROR_OUT(-12008, out);
- }
- ret = 0;
- out:
- #ifdef WOLFSSL_SMALL_STACK
- if (cmac)
- XFREE(cmac, HEAP_HINT, DYNAMIC_TYPE_CMAC);
- #endif
- return ret;
- }
- #endif /* NO_AES && WOLFSSL_CMAC */
- #ifdef HAVE_LIBZ
- static const byte sample_text[] =
- "Biodiesel cupidatat marfa, cliche aute put a bird on it incididunt elit\n"
- "polaroid. Sunt tattooed bespoke reprehenderit. Sint twee organic id\n"
- "marfa. Commodo veniam ad esse gastropub. 3 wolf moon sartorial vero,\n"
- "plaid delectus biodiesel squid +1 vice. Post-ironic keffiyeh leggings\n"
- "selfies cray fap hoodie, forage anim. Carles cupidatat shoreditch, VHS\n"
- "small batch meggings kogi dolore food truck bespoke gastropub.\n"
- "\n"
- "Terry richardson adipisicing actually typewriter tumblr, twee whatever\n"
- "four loko you probably haven't heard of them high life. Messenger bag\n"
- "whatever tattooed deep v mlkshk. Brooklyn pinterest assumenda chillwave\n"
- "et, banksy ullamco messenger bag umami pariatur direct trade forage.\n"
- "Typewriter culpa try-hard, pariatur sint brooklyn meggings. Gentrify\n"
- "food truck next level, tousled irony non semiotics PBR ethical anim cred\n"
- "readymade. Mumblecore brunch lomo odd future, portland organic terry\n"
- "richardson elit leggings adipisicing ennui raw denim banjo hella. Godard\n"
- "mixtape polaroid, pork belly readymade organic cray typewriter helvetica\n"
- "four loko whatever street art yr farm-to-table.\n"
- "\n"
- "Vinyl keytar vice tofu. Locavore you probably haven't heard of them pug\n"
- "pickled, hella tonx labore truffaut DIY mlkshk elit cosby sweater sint\n"
- "et mumblecore. Elit swag semiotics, reprehenderit DIY sartorial nisi ugh\n"
- "nesciunt pug pork belly wayfarers selfies delectus. Ethical hoodie\n"
- "seitan fingerstache kale chips. Terry richardson artisan williamsburg,\n"
- "eiusmod fanny pack irony tonx ennui lo-fi incididunt tofu YOLO\n"
- "readymade. 8-bit sed ethnic beard officia. Pour-over iphone DIY butcher,\n"
- "ethnic art party qui letterpress nisi proident jean shorts mlkshk\n"
- "locavore.\n"
- "\n"
- "Narwhal flexitarian letterpress, do gluten-free voluptate next level\n"
- "banh mi tonx incididunt carles DIY. Odd future nulla 8-bit beard ut\n"
- "cillum pickled velit, YOLO officia you probably haven't heard of them\n"
- "trust fund gastropub. Nisi adipisicing tattooed, Austin mlkshk 90's\n"
- "small batch american apparel. Put a bird on it cosby sweater before they\n"
- "sold out pork belly kogi hella. Street art mollit sustainable polaroid,\n"
- "DIY ethnic ea pug beard dreamcatcher cosby sweater magna scenester nisi.\n"
- "Sed pork belly skateboard mollit, labore proident eiusmod. Sriracha\n"
- "excepteur cosby sweater, anim deserunt laborum eu aliquip ethical et\n"
- "neutra PBR selvage.\n"
- "\n"
- "Raw denim pork belly truffaut, irony plaid sustainable put a bird on it\n"
- "next level jean shorts exercitation. Hashtag keytar whatever, nihil\n"
- "authentic aliquip disrupt laborum. Tattooed selfies deserunt trust fund\n"
- "wayfarers. 3 wolf moon synth church-key sartorial, gastropub leggings\n"
- "tattooed. Labore high life commodo, meggings raw denim fingerstache pug\n"
- "trust fund leggings seitan forage. Nostrud ullamco duis, reprehenderit\n"
- "incididunt flannel sustainable helvetica pork belly pug banksy you\n"
- "probably haven't heard of them nesciunt farm-to-table. Disrupt nostrud\n"
- "mollit magna, sriracha sartorial helvetica.\n"
- "\n"
- "Nulla kogi reprehenderit, skateboard sustainable duis adipisicing viral\n"
- "ad fanny pack salvia. Fanny pack trust fund you probably haven't heard\n"
- "of them YOLO vice nihil. Keffiyeh cray lo-fi pinterest cardigan aliqua,\n"
- "reprehenderit aute. Culpa tousled williamsburg, marfa lomo actually anim\n"
- "skateboard. Iphone aliqua ugh, semiotics pariatur vero readymade\n"
- "organic. Marfa squid nulla, in laborum disrupt laboris irure gastropub.\n"
- "Veniam sunt food truck leggings, sint vinyl fap.\n"
- "\n"
- "Hella dolore pork belly, truffaut carles you probably haven't heard of\n"
- "them PBR helvetica in sapiente. Fashion axe ugh bushwick american\n"
- "apparel. Fingerstache sed iphone, jean shorts blue bottle nisi bushwick\n"
- "flexitarian officia veniam plaid bespoke fap YOLO lo-fi. Blog\n"
- "letterpress mumblecore, food truck id cray brooklyn cillum ad sed.\n"
- "Assumenda chambray wayfarers vinyl mixtape sustainable. VHS vinyl\n"
- "delectus, culpa williamsburg polaroid cliche swag church-key synth kogi\n"
- "magna pop-up literally. Swag thundercats ennui shoreditch vegan\n"
- "pitchfork neutra truffaut etsy, sed single-origin coffee craft beer.\n"
- "\n"
- "Odio letterpress brooklyn elit. Nulla single-origin coffee in occaecat\n"
- "meggings. Irony meggings 8-bit, chillwave lo-fi adipisicing cred\n"
- "dreamcatcher veniam. Put a bird on it irony umami, trust fund bushwick\n"
- "locavore kale chips. Sriracha swag thundercats, chillwave disrupt\n"
- "tousled beard mollit mustache leggings portland next level. Nihil esse\n"
- "est, skateboard art party etsy thundercats sed dreamcatcher ut iphone\n"
- "swag consectetur et. Irure skateboard banjo, nulla deserunt messenger\n"
- "bag dolor terry richardson sapiente.\n";
- static const byte sample_text_gz[] = {
- 0x1F, 0x8B, 0x08, 0x08, 0xC5, 0x49, 0xB5, 0x5B, 0x00, 0x03, 0x63, 0x69, 0x70,
- 0x68, 0x65, 0x72, 0x74, 0x65, 0x78, 0x74, 0x2E, 0x74, 0x78, 0x74, 0x00, 0x8D,
- 0x58, 0xCB, 0x92, 0xE4, 0xB6, 0x11, 0xBC, 0xE3, 0x2B, 0xEA, 0xA6, 0x83, 0xD9,
- 0x1D, 0x72, 0xF8, 0x22, 0x1F, 0xB5, 0x96, 0xA5, 0xDD, 0x90, 0xBC, 0xAB, 0xD0,
- 0x28, 0x36, 0x42, 0x47, 0x90, 0x2C, 0x36, 0xA1, 0x06, 0x09, 0x0A, 0x8F, 0xEE,
- 0xE1, 0xDF, 0x3B, 0x0B, 0xE0, 0x73, 0x2C, 0x4B, 0xBA, 0xCD, 0xCE, 0x80, 0x78,
- 0x64, 0x65, 0x65, 0x66, 0xED, 0x3B, 0xE3, 0x5A, 0xC3, 0x81, 0x2D, 0x35, 0x69,
- 0x32, 0xAD, 0x8E, 0x3A, 0xD2, 0xA0, 0x7D, 0xA7, 0x2B, 0x6A, 0xAC, 0x69, 0x7A,
- 0x26, 0x9D, 0x22, 0xD3, 0x94, 0x22, 0x69, 0xAA, 0x8D, 0x6F, 0xC9, 0x8D, 0x64,
- 0x22, 0x99, 0xB1, 0x31, 0xAD, 0x69, 0xD3, 0x18, 0x89, 0xAD, 0x89, 0x6A, 0x72,
- 0x56, 0x7B, 0x67, 0xDA, 0x2B, 0xBD, 0xC8, 0xEF, 0xB0, 0x4D, 0x74, 0x8E, 0x5B,
- 0xAA, 0x39, 0x4C, 0xEE, 0xCE, 0xE4, 0x79, 0xF2, 0xDC, 0xF3, 0xD8, 0xB2, 0x37,
- 0x11, 0x8B, 0x8C, 0x2C, 0x7A, 0x32, 0x93, 0xF3, 0x37, 0x3D, 0x9A, 0x86, 0x4C,
- 0xAB, 0xF2, 0xB9, 0x57, 0xFA, 0x97, 0x1B, 0x06, 0xD7, 0x3A, 0x7A, 0xF0, 0x68,
- 0xF4, 0x40, 0xBA, 0x25, 0x0E, 0x81, 0xE9, 0xA6, 0x43, 0xF4, 0x6E, 0x4A, 0xF5,
- 0x95, 0xFE, 0x41, 0x4F, 0x67, 0x3B, 0x1A, 0x1C, 0xEE, 0x12, 0xB4, 0x8F, 0xCE,
- 0x1B, 0x6D, 0xB1, 0xDE, 0xBB, 0x4A, 0x4D, 0x56, 0x9B, 0x96, 0x5A, 0xB6, 0xDC,
- 0xC4, 0x14, 0x70, 0xE5, 0xF5, 0x7D, 0xE1, 0xB7, 0x84, 0x3F, 0xFC, 0xED, 0xEF,
- 0xF4, 0x30, 0x0D, 0x5F, 0xE9, 0x47, 0x17, 0xE2, 0xC5, 0x78, 0x27, 0x67, 0xDF,
- 0xB9, 0xEB, 0xCC, 0xCC, 0x3D, 0x59, 0xBE, 0xDD, 0xCC, 0x78, 0x0B, 0x0A, 0x1F,
- 0x74, 0xF8, 0x8C, 0x1A, 0xAF, 0x67, 0xEA, 0xF4, 0x44, 0xBD, 0x93, 0x7D, 0x2A,
- 0xEA, 0x9C, 0xD7, 0x37, 0x80, 0x32, 0x9A, 0x01, 0x37, 0xD5, 0xDE, 0xCA, 0xA2,
- 0x0D, 0xB9, 0xD0, 0x3B, 0xCF, 0xAD, 0x89, 0x4D, 0x5F, 0xD1, 0xE7, 0xF7, 0x2F,
- 0x2A, 0x0C, 0xDA, 0x5A, 0xAA, 0x35, 0x7E, 0x41, 0xC3, 0xB2, 0x37, 0xDD, 0xDD,
- 0xCD, 0x50, 0xEB, 0x2C, 0x96, 0x62, 0x3B, 0xD7, 0x52, 0xF4, 0xA9, 0xB9, 0x6F,
- 0x48, 0xED, 0xEF, 0x54, 0xEA, 0x67, 0xF6, 0x7E, 0x26, 0x8F, 0x3A, 0x68, 0xDF,
- 0x06, 0xBC, 0x56, 0xB7, 0x66, 0x32, 0xC1, 0x34, 0xD8, 0x88, 0x34, 0x1E, 0x88,
- 0xED, 0x67, 0x8A, 0xF3, 0xC4, 0x4F, 0xC0, 0xCA, 0x9E, 0x62, 0x1A, 0x6A, 0xEB,
- 0xAB, 0x02, 0xED, 0xB3, 0xD7, 0x91, 0x81, 0x8A, 0xEA, 0x5C, 0xF2, 0x64, 0xDD,
- 0xDD, 0xD1, 0xEC, 0x12, 0x4D, 0xDE, 0xD5, 0xBA, 0xC6, 0x77, 0xBD, 0x06, 0xC4,
- 0x5F, 0x44, 0xEA, 0x59, 0x4B, 0x5D, 0x3B, 0x8A, 0x3D, 0x0F, 0xD4, 0x9B, 0x1B,
- 0x80, 0x30, 0x1D, 0x30, 0xFA, 0x8F, 0x00, 0x3F, 0xDE, 0xB0, 0x6F, 0xAD, 0x6F,
- 0x6A, 0xDD, 0x6E, 0x2F, 0x6E, 0xCB, 0x3C, 0xD1, 0x83, 0x06, 0x7B, 0x0F, 0xFD,
- 0xFD, 0x4A, 0xEF, 0xBC, 0x73, 0x77, 0x3B, 0x8F, 0x34, 0xA1, 0xBA, 0xEC, 0x39,
- 0x80, 0x33, 0x21, 0xA4, 0x01, 0x55, 0xD7, 0xD4, 0xF4, 0xC6, 0xDA, 0x27, 0x4E,
- 0x54, 0x1C, 0x2B, 0xEC, 0x37, 0xDE, 0xC3, 0x4C, 0xC9, 0x5A, 0x3D, 0x34, 0x0E,
- 0xD8, 0x1C, 0x0E, 0xA2, 0x34, 0xE8, 0xC1, 0xD0, 0xA4, 0x51, 0xD5, 0x88, 0x8B,
- 0xB7, 0xC6, 0xA3, 0x96, 0x40, 0x49, 0xB7, 0xBC, 0xE0, 0x7F, 0x55, 0x3F, 0xEF,
- 0x6F, 0x6E, 0x92, 0x9D, 0x34, 0xFE, 0x3C, 0x5F, 0x04, 0xA5, 0x6A, 0xFF, 0x30,
- 0x08, 0xC9, 0xEA, 0xF5, 0x52, 0x2B, 0xFE, 0x57, 0xFA, 0x8E, 0xC7, 0xE8, 0x4D,
- 0x37, 0xAB, 0x03, 0xFA, 0x23, 0xBF, 0x46, 0x94, 0xFF, 0xC1, 0x16, 0xE0, 0xB9,
- 0x14, 0x2C, 0x9E, 0x27, 0xEC, 0x98, 0x69, 0x14, 0x92, 0xF1, 0x60, 0x5C, 0x34,
- 0x4D, 0xA0, 0x1F, 0xDF, 0xFD, 0x44, 0x1C, 0x7B, 0xD3, 0x80, 0x70, 0x42, 0x02,
- 0x30, 0x84, 0x5B, 0xE5, 0x59, 0xB7, 0xF3, 0x80, 0xFB, 0x01, 0x33, 0xA9, 0x00,
- 0x37, 0x52, 0xDC, 0xDA, 0xA7, 0x11, 0x85, 0xB7, 0x6E, 0x70, 0xE4, 0xDA, 0x96,
- 0xBA, 0x84, 0x5B, 0x81, 0x43, 0x93, 0xF3, 0xD1, 0xEA, 0xB1, 0xDD, 0xB8, 0x1F,
- 0xA5, 0xCC, 0xEA, 0x50, 0x66, 0x69, 0xA9, 0x8D, 0x8C, 0xA7, 0xA2, 0xF3, 0x38,
- 0x26, 0x43, 0x5E, 0x3F, 0x01, 0xBE, 0x1C, 0x0F, 0x20, 0x7F, 0x75, 0xA8, 0x20,
- 0x80, 0xC4, 0xC3, 0x5C, 0x8B, 0x0D, 0xD4, 0x60, 0x5E, 0xA3, 0x9E, 0xD0, 0xB4,
- 0x4B, 0x4F, 0xE6, 0x13, 0x85, 0x60, 0x42, 0x96, 0xED, 0xAA, 0xDB, 0xE9, 0x99,
- 0xE3, 0x07, 0x0E, 0x61, 0xB3, 0x07, 0xE3, 0xB1, 0xFA, 0xC0, 0x9B, 0xAD, 0xF6,
- 0xE0, 0x26, 0x33, 0xEA, 0xEA, 0x23, 0xCD, 0x1E, 0x9D, 0xE1, 0x87, 0x4B, 0x74,
- 0x97, 0x08, 0x3E, 0xA1, 0x28, 0xEA, 0xB3, 0x19, 0x67, 0x8B, 0x76, 0x9A, 0xA3,
- 0xF6, 0xB9, 0xCF, 0x80, 0x65, 0x97, 0xAE, 0xF4, 0x83, 0x6B, 0xF4, 0x43, 0x20,
- 0xF9, 0x0B, 0xFC, 0x9B, 0xD2, 0x4D, 0x4D, 0xA6, 0xB9, 0xA3, 0x02, 0x55, 0x79,
- 0x18, 0x36, 0x19, 0x5F, 0xC9, 0xEA, 0x5A, 0x76, 0x40, 0xB9, 0xBA, 0x0E, 0x9A,
- 0x44, 0xDF, 0x7C, 0xF8, 0x65, 0x61, 0x5E, 0x81, 0xAB, 0x71, 0xA1, 0x9E, 0x29,
- 0x3C, 0x59, 0xCB, 0x23, 0xA4, 0xF6, 0x60, 0x1A, 0x0D, 0x5B, 0x39, 0xAE, 0xF4,
- 0x6F, 0x59, 0x16, 0x9E, 0x60, 0xD8, 0x56, 0xCF, 0xEA, 0x2C, 0x4C, 0x79, 0xD3,
- 0x5D, 0x51, 0x46, 0xA0, 0x4E, 0xE9, 0xD6, 0xAB, 0x91, 0x43, 0x63, 0x44, 0xD7,
- 0x70, 0xB9, 0x23, 0x98, 0x4F, 0x3D, 0x03, 0x02, 0xF6, 0x81, 0x56, 0xC1, 0x58,
- 0x85, 0x07, 0xA7, 0x2D, 0x2C, 0x29, 0xCA, 0x01, 0x45, 0x31, 0x51, 0x8F, 0xD4,
- 0x19, 0xA1, 0x79, 0x88, 0x5A, 0xA4, 0xF5, 0xAE, 0x2D, 0x4B, 0x63, 0x4C, 0x58,
- 0xFE, 0xBF, 0xAD, 0xEE, 0xA3, 0x09, 0xF8, 0xE2, 0x89, 0xBE, 0x81, 0x0E, 0x86,
- 0x3A, 0xF9, 0x5B, 0xA5, 0xD8, 0xA4, 0x00, 0x75, 0x04, 0xF2, 0x23, 0xB8, 0x39,
- 0x69, 0x50, 0xB7, 0xD0, 0x34, 0x63, 0x54, 0xD8, 0x61, 0xDD, 0xA5, 0x33, 0x47,
- 0x85, 0x96, 0x22, 0xD0, 0x2F, 0x9F, 0x7E, 0xF8, 0x74, 0x24, 0xEA, 0x57, 0x97,
- 0x5A, 0xE0, 0x00, 0xCF, 0xC1, 0x67, 0xE1, 0x41, 0xBD, 0x94, 0xA1, 0x03, 0xD3,
- 0xB4, 0x08, 0x64, 0xF2, 0x17, 0x27, 0x35, 0x37, 0x53, 0xEF, 0x46, 0xCE, 0xD8,
- 0xD4, 0x09, 0x52, 0xC6, 0x1E, 0xF7, 0x28, 0xDF, 0x08, 0x0F, 0xD0, 0x6F, 0x71,
- 0xA6, 0xDF, 0xE4, 0x60, 0x8E, 0xC0, 0x1E, 0x78, 0x86, 0x50, 0xB0, 0x9B, 0x84,
- 0x7E, 0xE8, 0x36, 0xFA, 0x95, 0xF1, 0x12, 0x51, 0xC7, 0x18, 0x96, 0xA2, 0x29,
- 0xBB, 0x70, 0x02, 0xB4, 0xF9, 0xA8, 0x3D, 0x08, 0x66, 0xA9, 0xB3, 0xFC, 0x0A,
- 0x94, 0x80, 0xFD, 0x78, 0xDC, 0xAB, 0x82, 0x5A, 0xD2, 0xCD, 0xC2, 0x87, 0xC6,
- 0x4B, 0x07, 0xFA, 0xD1, 0xC3, 0xD9, 0x34, 0x41, 0x85, 0xF8, 0xD0, 0xB6, 0x0A,
- 0x9D, 0x00, 0x91, 0x35, 0x05, 0x88, 0xC3, 0xE3, 0x9B, 0x22, 0xD2, 0xB8, 0xFD,
- 0x95, 0x3E, 0x6D, 0x5D, 0x48, 0xA3, 0x68, 0xCF, 0x02, 0x42, 0x79, 0x79, 0x8A,
- 0xAA, 0x01, 0xD6, 0x09, 0x14, 0x2C, 0xF4, 0x83, 0xA3, 0x80, 0x31, 0x55, 0x46,
- 0x6E, 0xC5, 0xE5, 0x2F, 0x30, 0x58, 0x81, 0xA2, 0x90, 0xBE, 0x2E, 0xA1, 0xC3,
- 0x0F, 0xA6, 0xF5, 0x51, 0x00, 0x39, 0xB6, 0xF2, 0x2A, 0xA3, 0x15, 0x7D, 0x8D,
- 0xF5, 0x66, 0x5C, 0xD9, 0xFC, 0xCF, 0x2F, 0xBF, 0x08, 0x27, 0xE7, 0xD0, 0x03,
- 0xB8, 0xD9, 0x00, 0x13, 0x3D, 0x01, 0x6B, 0xB6, 0xA8, 0xCD, 0x5B, 0x3B, 0x3E,
- 0x93, 0xBF, 0xE6, 0x2E, 0xB7, 0x4A, 0xCF, 0xB3, 0x0A, 0xCE, 0x62, 0x11, 0xD6,
- 0x1F, 0x68, 0x9B, 0x1D, 0x68, 0xD1, 0x8C, 0x97, 0xBD, 0xA1, 0x07, 0x67, 0x73,
- 0x87, 0xE0, 0x36, 0xDA, 0x8C, 0xD2, 0xD2, 0xBB, 0x84, 0x28, 0xA9, 0xFE, 0x52,
- 0x74, 0xD6, 0xB9, 0x0F, 0x0A, 0x6A, 0x2D, 0x28, 0x35, 0x34, 0x3A, 0xD3, 0xE2,
- 0xCD, 0x35, 0x06, 0x7D, 0x1B, 0x35, 0x85, 0x86, 0xD1, 0x3E, 0xF2, 0x6F, 0xA1,
- 0xC4, 0x55, 0xBD, 0x00, 0xD8, 0xC3, 0x5D, 0xC2, 0x1D, 0x6B, 0x6B, 0x27, 0x5B,
- 0x95, 0xF3, 0xAB, 0xB5, 0xD3, 0x37, 0xF2, 0x2C, 0x9C, 0xC7, 0x5D, 0xBD, 0xF1,
- 0x68, 0x1C, 0xAD, 0xF8, 0xB5, 0xE1, 0x29, 0x72, 0x7A, 0x73, 0x62, 0x55, 0x24,
- 0xB9, 0x85, 0xDF, 0x7B, 0x29, 0x7D, 0xDE, 0x08, 0xF5, 0xE4, 0x44, 0xDA, 0x1A,
- 0x30, 0x74, 0xDA, 0xB4, 0x9B, 0x23, 0x9A, 0x3A, 0xC1, 0x53, 0xB2, 0xA2, 0xA3,
- 0x7B, 0x1F, 0xD9, 0x56, 0xD4, 0x4F, 0x9B, 0xB2, 0x1E, 0xEE, 0xB8, 0x6A, 0x4E,
- 0xB5, 0xF4, 0x5A, 0xC9, 0x18, 0x27, 0x9C, 0xDE, 0x14, 0x44, 0xED, 0xC4, 0x3C,
- 0x71, 0x9F, 0x5F, 0xD9, 0x37, 0xA0, 0x78, 0x34, 0x6E, 0xBC, 0xD2, 0x7B, 0x1D,
- 0xFA, 0x08, 0x39, 0x5A, 0x04, 0x73, 0x15, 0xD9, 0x0A, 0x48, 0xC1, 0x2D, 0x15,
- 0x4E, 0x84, 0x30, 0x45, 0x69, 0xB3, 0xE5, 0xF6, 0xAD, 0x09, 0x1E, 0xCC, 0x5F,
- 0x1F, 0x06, 0xD5, 0x58, 0xAD, 0x78, 0xD7, 0x9F, 0xE5, 0xED, 0x3B, 0x09, 0xD5,
- 0xA6, 0x52, 0x6F, 0x92, 0xD3, 0x3C, 0xC6, 0x1E, 0xF2, 0x93, 0x7C, 0xD3, 0x5F,
- 0x70, 0x85, 0x5D, 0xF8, 0xAA, 0x9D, 0xB7, 0x7B, 0x24, 0x5A, 0xE9, 0x0A, 0x35,
- 0x2F, 0xF5, 0xD9, 0x82, 0x02, 0x8A, 0x90, 0x13, 0x5B, 0xB5, 0x67, 0x9C, 0xDD,
- 0xA0, 0x4E, 0x82, 0x27, 0xDA, 0x7E, 0xE8, 0x8E, 0xCD, 0xE1, 0x56, 0x71, 0x2C,
- 0xE6, 0x4E, 0x1F, 0x91, 0xCD, 0x7C, 0x6A, 0xB7, 0x78, 0xD0, 0x26, 0xF3, 0x56,
- 0xA9, 0xD5, 0xA1, 0xC3, 0x3B, 0x98, 0xE9, 0x28, 0x09, 0xEF, 0x50, 0x90, 0xCD,
- 0xC4, 0x8E, 0x75, 0xCC, 0xAC, 0x2D, 0xC9, 0x03, 0x6D, 0xAC, 0xFE, 0xC4, 0x88,
- 0x36, 0xD1, 0x3F, 0xBB, 0x1C, 0x7D, 0xB3, 0x14, 0x61, 0x2C, 0xB7, 0x54, 0x4B,
- 0xDB, 0x64, 0xB6, 0x57, 0x14, 0x16, 0x8E, 0x1E, 0x6C, 0x64, 0xBB, 0x8B, 0x48,
- 0x5D, 0x96, 0x9D, 0xDC, 0x80, 0xA7, 0xF7, 0x54, 0xC7, 0x46, 0x38, 0x3E, 0x44,
- 0xDE, 0x7E, 0x92, 0x8D, 0x07, 0xF6, 0x07, 0x37, 0x4E, 0x16, 0x10, 0xB4, 0x7D,
- 0x88, 0x66, 0x7F, 0xBB, 0xFF, 0xEA, 0x00, 0xF3, 0xFF, 0x97, 0x2C, 0xB5, 0xBE,
- 0x35, 0x4B, 0x5C, 0x36, 0xEC, 0x4C, 0xBD, 0x2B, 0x7D, 0xBF, 0x46, 0xE2, 0x9C,
- 0x0E, 0x8A, 0xA3, 0xEC, 0xB1, 0x0E, 0x9A, 0xDA, 0x9A, 0x9B, 0x28, 0x92, 0x10,
- 0x53, 0x57, 0xEA, 0xEC, 0xA2, 0x32, 0x32, 0x20, 0x1D, 0x97, 0x5C, 0xB6, 0x84,
- 0xA9, 0x93, 0x8D, 0x95, 0x11, 0xA3, 0x24, 0xA3, 0x2D, 0xC6, 0x4A, 0xEF, 0xAA,
- 0x1D, 0x85, 0x2B, 0x7D, 0x28, 0xBE, 0x53, 0xCE, 0x10, 0x1F, 0xAE, 0x0E, 0x41,
- 0x6C, 0x4B, 0x79, 0x12, 0xFB, 0xF7, 0x54, 0xA3, 0x96, 0x54, 0x83, 0x20, 0x96,
- 0x8F, 0x28, 0xA9, 0x3F, 0x8B, 0x3D, 0xBA, 0x77, 0xDC, 0x24, 0xE1, 0xD4, 0x49,
- 0x40, 0xD8, 0x78, 0x31, 0x85, 0x43, 0xF6, 0xFE, 0x5C, 0xA6, 0x8F, 0x90, 0x09,
- 0xB0, 0xE7, 0xC4, 0x95, 0xB2, 0x55, 0x49, 0x97, 0x8F, 0x1C, 0x78, 0x30, 0x20,
- 0xA0, 0xB4, 0xEF, 0x73, 0x56, 0x59, 0x82, 0xFD, 0xCE, 0xBA, 0x6A, 0x8F, 0x2C,
- 0x8B, 0x15, 0xFD, 0xA1, 0x85, 0xA8, 0x5C, 0x0F, 0x11, 0xA5, 0x9D, 0xC2, 0x46,
- 0xC6, 0x9C, 0xC9, 0x40, 0x0B, 0x58, 0x6A, 0x1C, 0x7A, 0x23, 0xF9, 0xE0, 0x95,
- 0x05, 0x13, 0x58, 0x72, 0xE8, 0x9F, 0x30, 0xAC, 0xCD, 0x26, 0xD4, 0x66, 0x13,
- 0xDF, 0x1E, 0x7B, 0x4F, 0x9C, 0xBE, 0x38, 0x79, 0x75, 0x92, 0xA4, 0xDA, 0x26,
- 0x44, 0x55, 0x17, 0xA3, 0xE5, 0x62, 0xDA, 0xEB, 0x86, 0xEA, 0x68, 0xC7, 0xAB,
- 0xFD, 0x2D, 0x43, 0x59, 0x51, 0xC0, 0x75, 0x64, 0x91, 0x01, 0x29, 0x33, 0x28,
- 0xF3, 0x04, 0x83, 0x80, 0x75, 0x37, 0x75, 0x0C, 0x03, 0x7B, 0x0A, 0xAB, 0x8E,
- 0x60, 0x62, 0x8B, 0x4C, 0xAF, 0x2D, 0xA3, 0x2F, 0xFE, 0xAB, 0x45, 0xCF, 0xDA,
- 0xAB, 0xFA, 0xFA, 0x30, 0x3D, 0xE8, 0xA1, 0x96, 0xA5, 0x7B, 0xE2, 0x2A, 0xD0,
- 0xAF, 0x59, 0xF7, 0xD0, 0x32, 0x57, 0x19, 0xBD, 0xCA, 0x9F, 0xD5, 0x1A, 0xC7,
- 0xAA, 0x65, 0x4A, 0x38, 0xB2, 0x70, 0x33, 0xB7, 0x75, 0xD2, 0xCD, 0xD1, 0xF0,
- 0xA8, 0x87, 0x59, 0x20, 0xA5, 0x57, 0x55, 0xB1, 0xB2, 0xC9, 0x4D, 0x97, 0x34,
- 0x41, 0xF3, 0xF0, 0x30, 0xA1, 0x2C, 0x1C, 0x49, 0x3E, 0x89, 0x7D, 0x12, 0xE2,
- 0xC3, 0x04, 0xC3, 0x92, 0xC0, 0xF6, 0x39, 0x10, 0x80, 0x81, 0x8F, 0x08, 0xB4,
- 0xF8, 0xB9, 0x13, 0x4E, 0x2C, 0xAE, 0xB3, 0x71, 0x82, 0x63, 0x98, 0xAB, 0x5C,
- 0x1C, 0x10, 0xEA, 0x66, 0xF9, 0x02, 0x3A, 0x82, 0x61, 0xD0, 0xD4, 0xAE, 0x43,
- 0xD4, 0x01, 0x3E, 0x9D, 0x04, 0x14, 0xF6, 0x60, 0xD8, 0xA7, 0xD6, 0xB8, 0x53,
- 0xC8, 0xDA, 0x80, 0x93, 0xA0, 0x02, 0xDD, 0xCC, 0xE2, 0xF2, 0xBB, 0xFB, 0xE0,
- 0x27, 0xD7, 0x34, 0x9A, 0x71, 0x49, 0xB5, 0x4F, 0x42, 0x1F, 0xB2, 0x9D, 0x6D,
- 0xAA, 0x9D, 0xD3, 0x50, 0xB5, 0x8F, 0x6A, 0x4B, 0xDF, 0x1F, 0xD5, 0x27, 0x8F,
- 0x3B, 0x27, 0xCF, 0x2F, 0x8C, 0xF8, 0x9D, 0x4C, 0x52, 0xBC, 0x32, 0x0F, 0x73,
- 0xD5, 0x51, 0x8E, 0x36, 0x7E, 0xAD, 0x09, 0xF0, 0x94, 0x83, 0x5F, 0x36, 0xFD,
- 0x7C, 0x03, 0xED, 0xF1, 0x5E, 0x4B, 0xF7, 0xAA, 0x55, 0x5C, 0x4A, 0x14, 0x59,
- 0x85, 0x38, 0x2D, 0x8C, 0xDF, 0xEC, 0x65, 0x1B, 0xB8, 0x76, 0x57, 0x96, 0x3C,
- 0x86, 0xED, 0xF2, 0x7F, 0x2D, 0x28, 0x48, 0xDA, 0x49, 0x7F, 0xF7, 0x54, 0x2B,
- 0xD5, 0x39, 0xD5, 0x57, 0x0A, 0x75, 0x7A, 0x3E, 0x5E, 0x5D, 0xBA, 0x4A, 0x15,
- 0xFA, 0xB8, 0x31, 0x80, 0x71, 0x2C, 0xCA, 0xC4, 0x51, 0x10, 0x16, 0x5D, 0x39,
- 0xEC, 0x9D, 0x07, 0xB6, 0x6A, 0x89, 0x9F, 0x9B, 0x5B, 0x6F, 0x03, 0xB0, 0x92,
- 0x01, 0x38, 0x6B, 0x48, 0x99, 0x0A, 0x8F, 0x13, 0xC1, 0xA6, 0x01, 0xEA, 0xBF,
- 0x6F, 0x86, 0x43, 0x51, 0xB6, 0x11, 0x00, 0x00
- };
- WOLFSSL_TEST_SUBROUTINE int compress_test(void)
- {
- int ret = 0;
- word32 dSz = sizeof(sample_text);
- word32 cSz = (dSz + (word32)(dSz * 0.001) + 12);
- byte *c;
- byte *d;
- c = (byte *)XMALLOC(cSz * sizeof(byte), HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- d = (byte *)XMALLOC(dSz * sizeof(byte), HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- if (c == NULL || d == NULL) {
- ERROR_OUT(-12100, exit);
- }
- /* follow calloc and initialize to 0 */
- XMEMSET(c, 0, cSz);
- XMEMSET(d, 0, dSz);
- if ((ret = wc_Compress(c, cSz, sample_text, dSz, 0)) < 0) {
- ERROR_OUT(-12101, exit);
- }
- cSz = (word32)ret;
- if ((ret = wc_DeCompress(d, dSz, c, cSz)) != (int)dSz) {
- ERROR_OUT(-12102, exit);
- }
- if (XMEMCMP(d, sample_text, dSz) != 0) {
- ERROR_OUT(-12103, exit);
- }
- /* GZIP tests */
- cSz = (dSz + (word32)(dSz * 0.001) + 12); /* reset cSz */
- XMEMSET(c, 0, cSz);
- XMEMSET(d, 0, dSz);
- ret = wc_Compress_ex(c, cSz, sample_text, dSz, 0, LIBZ_WINBITS_GZIP);
- if (ret < 0) {
- ERROR_OUT(-12104, exit);
- }
- cSz = (word32)ret;
- ret = wc_DeCompress_ex(d, dSz, c, cSz, LIBZ_WINBITS_GZIP);
- if (ret < 0) {
- ERROR_OUT(-12105, exit);
- }
- if (XMEMCMP(d, sample_text, dSz) != 0) {
- ERROR_OUT(-12106, exit);
- }
- /* Try with gzip generated output */
- XMEMSET(d, 0, dSz);
- ret = wc_DeCompress_ex(d, dSz, sample_text_gz, sizeof(sample_text_gz),
- LIBZ_WINBITS_GZIP);
- if (ret < 0) {
- ERROR_OUT(-12107, exit);
- }
- dSz = (word32)ret;
- if (XMEMCMP(d, sample_text, dSz) != 0) {
- ERROR_OUT(-12108, exit);
- }
- ret = 0; /* success */
- exit:
- if (c) XFREE(c, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- if (d) XFREE(d, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- return ret;
- }
- #endif /* HAVE_LIBZ */
- #ifdef HAVE_PKCS7
- /* External Debugging/Testing Note:
- *
- * PKCS#7 test functions can output generated PKCS#7/CMS bundles for
- * additional testing. To dump bundles to files DER encoded files, please
- * define:
- *
- * #define PKCS7_OUTPUT_TEST_BUNDLES
- */
- /* Loads certs and keys for use with PKCS7 tests, from either files
- * or buffers.
- *
- * rsaClientCertBuf - output buffer for RSA client cert
- * rsaClientCertBufSz - IN/OUT size of output buffer, size of RSA client cert
- * rsaClientPrivKeyBuf - output buffer for RSA client private key
- * rsaClientPrivKeyBufSz - IN/OUT size of output buffer, size of RSA client key
- *
- * rsaServerCertBuf - output buffer for RSA server cert
- * rsaServerCertBufSz - IN/OUT size of output buffer, size of RSA server cert
- * rsaServerPrivKeyBuf - output buffer for RSA server private key
- * rsaServerPrivKeyBufSz - IN/OUT size of output buffer, size of RSA server key
- *
- * rsaCaCertBuf - output buffer for RSA CA cert
- * rsaCaCertBufSz - IN/OUT size of output buffer, size of RSA ca cert
- * rsaCaPrivKeyBuf - output buffer for RSA CA private key
- * rsaCaPrivKeyBufSz - IN/OUT size of output buffer, size of RSA CA key
- *
- * eccClientCertBuf - output buffer for ECC cert
- * eccClientCertBufSz - IN/OUT size of output buffer, size of ECC cert
- * eccClientPrivKeyBuf - output buffer for ECC private key
- * eccClientPrivKeyBufSz - IN/OUT size of output buffer, size of ECC private key
- *
- * Returns 0 on success, negative on error
- */
- static int pkcs7_load_certs_keys(
- byte* rsaClientCertBuf, word32* rsaClientCertBufSz,
- byte* rsaClientPrivKeyBuf, word32* rsaClientPrivKeyBufSz,
- byte* rsaServerCertBuf, word32* rsaServerCertBufSz,
- byte* rsaServerPrivKeyBuf, word32* rsaServerPrivKeyBufSz,
- byte* rsaCaCertBuf, word32* rsaCaCertBufSz,
- byte* rsaCaPrivKeyBuf, word32* rsaCaPrivKeyBufSz,
- byte* eccClientCertBuf, word32* eccClientCertBufSz,
- byte* eccClientPrivKeyBuf, word32* eccClientPrivKeyBufSz)
- {
- #ifndef NO_FILESYSTEM
- XFILE certFile;
- XFILE keyFile;
- (void)certFile;
- (void)keyFile;
- #endif
- #ifndef NO_RSA
- if (rsaClientCertBuf == NULL || rsaClientCertBufSz == NULL ||
- rsaClientPrivKeyBuf == NULL || rsaClientPrivKeyBufSz == NULL)
- return BAD_FUNC_ARG;
- #endif
- #ifdef HAVE_ECC
- if (eccClientCertBuf == NULL || eccClientCertBufSz == NULL ||
- eccClientPrivKeyBuf == NULL || eccClientPrivKeyBufSz == NULL)
- return BAD_FUNC_ARG;
- #endif
- /* RSA */
- #ifndef NO_RSA
- #ifdef USE_CERT_BUFFERS_1024
- if (*rsaClientCertBufSz < (word32)sizeof_client_cert_der_1024)
- return -12110;
- XMEMCPY(rsaClientCertBuf, client_cert_der_1024,
- sizeof_client_cert_der_1024);
- *rsaClientCertBufSz = sizeof_client_cert_der_1024;
- if (rsaServerCertBuf != NULL) {
- if (*rsaServerCertBufSz < (word32)sizeof_server_cert_der_1024)
- return -12111;
- XMEMCPY(rsaServerCertBuf, server_cert_der_1024,
- sizeof_server_cert_der_1024);
- *rsaServerCertBufSz = sizeof_server_cert_der_1024;
- }
- if (rsaCaCertBuf != NULL) {
- if (*rsaCaCertBufSz < (word32)sizeof_ca_cert_der_1024)
- return -12112;
- XMEMCPY(rsaCaCertBuf, ca_cert_der_1024, sizeof_ca_cert_der_1024);
- *rsaCaCertBufSz = sizeof_ca_cert_der_1024;
- }
- #elif defined(USE_CERT_BUFFERS_2048)
- if (*rsaClientCertBufSz < (word32)sizeof_client_cert_der_2048)
- return -12113;
- XMEMCPY(rsaClientCertBuf, client_cert_der_2048,
- sizeof_client_cert_der_2048);
- *rsaClientCertBufSz = sizeof_client_cert_der_2048;
- if (rsaServerCertBuf != NULL) {
- if (*rsaServerCertBufSz < (word32)sizeof_server_cert_der_2048)
- return -12114;
- XMEMCPY(rsaServerCertBuf, server_cert_der_2048,
- sizeof_server_cert_der_2048);
- *rsaServerCertBufSz = sizeof_server_cert_der_2048;
- }
- if (rsaCaCertBuf != NULL) {
- if (*rsaCaCertBufSz < (word32)sizeof_ca_cert_der_2048)
- return -12115;
- XMEMCPY(rsaCaCertBuf, ca_cert_der_2048, sizeof_ca_cert_der_2048);
- *rsaCaCertBufSz = sizeof_ca_cert_der_2048;
- }
- #else
- certFile = XFOPEN(clientCert, "rb");
- if (!certFile)
- return -12116;
- *rsaClientCertBufSz = (word32)XFREAD(rsaClientCertBuf, 1,
- *rsaClientCertBufSz, certFile);
- XFCLOSE(certFile);
- if (rsaServerCertBuf != NULL) {
- certFile = XFOPEN(rsaServerCertDerFile, "rb");
- if (!certFile)
- return -12117;
- *rsaServerCertBufSz = (word32)XFREAD(rsaServerCertBuf, 1,
- *rsaServerCertBufSz, certFile);
- XFCLOSE(certFile);
- }
- if (rsaCaCertBuf != NULL) {
- certFile = XFOPEN(rsaCaCertDerFile, "rb");
- if (!certFile)
- return -12118;
- *rsaCaCertBufSz = (word32)XFREAD(rsaCaCertBuf, 1, *rsaCaCertBufSz,
- certFile);
- XFCLOSE(certFile);
- }
- #endif
- #ifdef USE_CERT_BUFFERS_1024
- if (*rsaClientPrivKeyBufSz < (word32)sizeof_client_key_der_1024)
- return -12119;
- XMEMCPY(rsaClientPrivKeyBuf, client_key_der_1024,
- sizeof_client_key_der_1024);
- *rsaClientPrivKeyBufSz = sizeof_client_key_der_1024;
- if (rsaServerPrivKeyBuf != NULL) {
- if (*rsaServerPrivKeyBufSz < (word32)sizeof_server_key_der_1024)
- return -12120;
- XMEMCPY(rsaServerPrivKeyBuf, server_key_der_1024,
- sizeof_server_key_der_1024);
- *rsaServerPrivKeyBufSz = sizeof_server_key_der_1024;
- }
- if (rsaCaPrivKeyBuf != NULL) {
- if (*rsaCaPrivKeyBufSz < (word32)sizeof_ca_key_der_1024)
- return -12121;
- XMEMCPY(rsaCaPrivKeyBuf, ca_key_der_1024, sizeof_ca_key_der_1024);
- *rsaCaPrivKeyBufSz = sizeof_ca_key_der_1024;
- }
- #elif defined(USE_CERT_BUFFERS_2048)
- if (*rsaClientPrivKeyBufSz < (word32)sizeof_client_key_der_2048)
- return -12122;
- XMEMCPY(rsaClientPrivKeyBuf, client_key_der_2048,
- sizeof_client_key_der_2048);
- *rsaClientPrivKeyBufSz = sizeof_client_key_der_2048;
- if (rsaServerPrivKeyBuf != NULL) {
- if (*rsaServerPrivKeyBufSz < (word32)sizeof_server_key_der_2048)
- return -12123;
- XMEMCPY(rsaServerPrivKeyBuf, server_key_der_2048,
- sizeof_server_key_der_2048);
- *rsaServerPrivKeyBufSz = sizeof_server_key_der_2048;
- }
- if (rsaCaPrivKeyBuf != NULL) {
- if (*rsaCaPrivKeyBufSz < (word32)sizeof_ca_key_der_2048)
- return -12124;
- XMEMCPY(rsaCaPrivKeyBuf, ca_key_der_2048, sizeof_ca_key_der_2048);
- *rsaCaPrivKeyBufSz = sizeof_ca_key_der_2048;
- }
- #else
- keyFile = XFOPEN(clientKey, "rb");
- if (!keyFile)
- return -12125;
- *rsaClientPrivKeyBufSz = (word32)XFREAD(rsaClientPrivKeyBuf, 1,
- *rsaClientPrivKeyBufSz, keyFile);
- XFCLOSE(keyFile);
- if (rsaServerPrivKeyBuf != NULL) {
- keyFile = XFOPEN(rsaServerKeyDerFile, "rb");
- if (!keyFile)
- return -12126;
- *rsaServerPrivKeyBufSz = (word32)XFREAD(rsaServerPrivKeyBuf, 1,
- *rsaServerPrivKeyBufSz, keyFile);
- XFCLOSE(keyFile);
- }
- if (rsaCaPrivKeyBuf != NULL) {
- keyFile = XFOPEN(rsaCaKeyFile, "rb");
- if (!keyFile)
- return -12127;
- *rsaCaPrivKeyBufSz = (word32)XFREAD(rsaCaPrivKeyBuf, 1,
- *rsaCaPrivKeyBufSz, keyFile);
- XFCLOSE(keyFile);
- }
- #endif /* USE_CERT_BUFFERS */
- #endif /* NO_RSA */
- /* ECC */
- #ifdef HAVE_ECC
- #ifdef USE_CERT_BUFFERS_256
- if (*eccClientCertBufSz < (word32)sizeof_cliecc_cert_der_256)
- return -12128;
- XMEMCPY(eccClientCertBuf, cliecc_cert_der_256, sizeof_cliecc_cert_der_256);
- *eccClientCertBufSz = sizeof_cliecc_cert_der_256;
- #else
- certFile = XFOPEN(eccClientCert, "rb");
- if (!certFile)
- return -12129;
- *eccClientCertBufSz = (word32)XFREAD(eccClientCertBuf, 1,
- *eccClientCertBufSz, certFile);
- XFCLOSE(certFile);
- #endif /* USE_CERT_BUFFERS_256 */
- #ifdef USE_CERT_BUFFERS_256
- if (*eccClientPrivKeyBufSz < (word32)sizeof_ecc_clikey_der_256)
- return -12130;
- XMEMCPY(eccClientPrivKeyBuf, ecc_clikey_der_256, sizeof_ecc_clikey_der_256);
- *eccClientPrivKeyBufSz = sizeof_ecc_clikey_der_256;
- #else
- keyFile = XFOPEN(eccClientKey, "rb");
- if (!keyFile)
- return -12131;
- *eccClientPrivKeyBufSz = (word32)XFREAD(eccClientPrivKeyBuf, 1,
- *eccClientPrivKeyBufSz, keyFile);
- XFCLOSE(keyFile);
- #endif /* USE_CERT_BUFFERS_256 */
- #endif /* HAVE_ECC */
- #ifdef NO_RSA
- (void)rsaClientCertBuf;
- (void)rsaClientCertBufSz;
- (void)rsaClientPrivKeyBuf;
- (void)rsaClientPrivKeyBufSz;
- (void)rsaServerCertBuf;
- (void)rsaServerCertBufSz;
- (void)rsaServerPrivKeyBuf;
- (void)rsaServerPrivKeyBufSz;
- (void)rsaCaCertBuf;
- (void)rsaCaCertBufSz;
- (void)rsaCaPrivKeyBuf;
- (void)rsaCaPrivKeyBufSz;
- #endif
- #ifndef HAVE_ECC
- (void)eccClientCertBuf;
- (void)eccClientCertBufSz;
- (void)eccClientPrivKeyBuf;
- (void)eccClientPrivKeyBufSz;
- #endif
- #ifndef NO_FILESYSTEM
- (void)certFile;
- (void)keyFile;
- #endif
- return 0;
- }
- typedef struct {
- const byte* content;
- word32 contentSz;
- int contentOID;
- int encryptOID;
- int keyWrapOID;
- int keyAgreeOID;
- byte* cert;
- size_t certSz;
- byte* privateKey;
- word32 privateKeySz;
- byte* optionalUkm;
- word32 optionalUkmSz;
- int ktriOptions; /* KTRI options flags */
- int kariOptions; /* KARI options flags */
- /* KEKRI specific */
- byte* secretKey; /* key, only for kekri RecipientInfo types */
- word32 secretKeySz; /* size of secretKey, bytes */
- byte* secretKeyId; /* key identifier */
- word32 secretKeyIdSz; /* size of key identifier, bytes */
- void* timePtr; /* time_t pointer */
- byte* otherAttrOID; /* OPTIONAL, other attribute OID */
- word32 otherAttrOIDSz; /* size of otherAttrOID, bytes */
- byte* otherAttr; /* OPTIONAL, other attribute, ASN.1 encoded */
- word32 otherAttrSz; /* size of otherAttr, bytes */
- int kekriOptions; /* KEKRI options flags */
- /* PWRI specific */
- char* password;
- word32 passwordSz;
- byte* salt;
- word32 saltSz;
- int kdfOID;
- int hashOID;
- int kdfIterations;
- int pwriOptions; /* PWRI options flags */
- /* ORI specific */
- int isOri;
- int oriOptions; /* ORI options flags */
- const char* outFileName;
- } pkcs7EnvelopedVector;
- static const byte asnDataOid[] = {
- 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x07, 0x01
- };
- /* ORI encrypt callback, responsible for encrypting content-encryption key (CEK)
- * and giving wolfCrypt the value for oriOID and oriValue to place in
- * OtherRecipientInfo.
- *
- * Returns 0 on success, negative upon error. */
- static int myOriEncryptCb(PKCS7* pkcs7, byte* cek, word32 cekSz, byte* oriType,
- word32* oriTypeSz, byte* oriValue, word32* oriValueSz,
- void* ctx)
- {
- int i;
- /* make sure buffers are large enough */
- if ((*oriValueSz < (2 + cekSz)) || (*oriTypeSz < sizeof(oriType)))
- return -12140;
- /* our simple encryption algorithm will be take the bitwise complement */
- oriValue[0] = 0x04; /*ASN OCTET STRING */
- oriValue[1] = (byte)cekSz; /* length */
- for (i = 0; i < (int)cekSz; i++) {
- oriValue[2 + i] = ~cek[i];
- }
- *oriValueSz = 2 + cekSz;
- /* set oriType to ASN.1 encoded data OID */
- XMEMCPY(oriType, asnDataOid, sizeof(asnDataOid));
- *oriTypeSz = sizeof(asnDataOid);
- (void)pkcs7;
- (void)ctx;
- return 0;
- }
- /* ORI decrypt callback, responsible for providing a decrypted content
- * encryption key (CEK) placed into decryptedKey and size placed into
- * decryptedKeySz. oriOID and oriValue are given to the callback to help
- * in decrypting the encrypted CEK.
- *
- * Returns 0 on success, negative upon error. */
- static int myOriDecryptCb(PKCS7* pkcs7, byte* oriType, word32 oriTypeSz,
- byte* oriValue, word32 oriValueSz, byte* decryptedKey,
- word32* decryptedKeySz, void* ctx)
- {
- int i;
- /* make sure oriType matches what we expect */
- if (oriTypeSz != sizeof(asnDataOid))
- return -12150;
- if (XMEMCMP(oriType, asnDataOid, sizeof(asnDataOid)) != 0)
- return -12151;
- /* make sure decrypted buffer is large enough */
- if (*decryptedKeySz < oriValueSz)
- return -12152;
- /* decrypt encrypted CEK using simple bitwise complement,
- only for example */
- for (i = 0; i < (int)oriValueSz - 2; i++) {
- decryptedKey[i] = ~oriValue[2 + i];
- }
- *decryptedKeySz = oriValueSz - 2;
- (void)pkcs7;
- (void)ctx;
- return 0;
- }
- #ifndef NO_AES
- /* returns 0 on success */
- static int myDecryptionFunc(PKCS7* pkcs7, int encryptOID, byte* iv, int ivSz,
- byte* aad, word32 aadSz, byte* authTag, word32 authTagSz,
- byte* in, int inSz, byte* out, void* usrCtx)
- {
- int keyId = -1, ret, keySz;
- word32 keyIdSz = 8;
- const byte* key;
- byte keyIdRaw[8];
- #ifdef WOLFSSL_SMALL_STACK
- Aes *aes;
- #else
- Aes aes[1];
- #endif
- /* looking for KEY ID
- * fwDecryptKeyID OID "1.2.840.113549.1.9.16.2.37
- */
- WOLFSSL_SMALL_STACK_STATIC const unsigned char OID[] = {
- /* 0x06, 0x0B do not pass in tag and length */
- 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D,
- 0x01, 0x09, 0x10, 0x02, 0x25
- };
- WOLFSSL_SMALL_STACK_STATIC const byte defKey[] = {
- 0x01,0x02,0x03,0x04,0x05,0x06,0x07,0x08,
- 0x01,0x02,0x03,0x04,0x05,0x06,0x07,0x08,
- 0x01,0x02,0x03,0x04,0x05,0x06,0x07,0x08,
- 0x01,0x02,0x03,0x04,0x05,0x06,0x07,0x08
- };
- WOLFSSL_SMALL_STACK_STATIC const byte altKey[] = {
- 0x01,0x02,0x03,0x04,0x05,0x06,0x07,0x08,
- 0x01,0x02,0x03,0x04,0x05,0x06,0x07,0x08
- };
- /* test user context passed in */
- if (usrCtx == NULL || *(int*)usrCtx != 1) {
- return -12160;
- }
- #ifdef WOLFSSL_SMALL_STACK
- if ((aes = (Aes *)XMALLOC(sizeof *aes, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER)) == NULL)
- return -12164;
- #endif
- /* if needing to find keyIdSz can call with NULL */
- ret = wc_PKCS7_GetAttributeValue(pkcs7, OID, sizeof(OID), NULL,
- &keyIdSz);
- if (ret != LENGTH_ONLY_E) {
- printf("Unexpected error %d when getting keyIdSz\n", ret);
- printf("Possibly no KEY ID attribute set\n");
- ERROR_OUT(-12161, out);
- }
- else {
- XMEMSET(keyIdRaw, 0, sizeof(keyIdRaw));
- ret = wc_PKCS7_GetAttributeValue(pkcs7, OID, sizeof(OID), keyIdRaw,
- &keyIdSz);
- if (ret < 0) {
- goto out;
- }
- if (keyIdSz < 3) {
- printf("keyIdSz is smaller than expected\n");
- ERROR_OUT(-12162, out);
- }
- if (keyIdSz > 2 + sizeof(int)) {
- printf("example case was only expecting a keyId of int size\n");
- ERROR_OUT(-12163, out);
- }
- /* keyIdRaw[0] OCTET TAG */
- /* keyIdRaw[1] Length */
- #ifdef BIG_ENDIAN_ORDER
- if (keyIdRaw[1] == 0x01) {
- keyId = 1;
- }
- #else
- keyId = *(int*)(keyIdRaw + 2);
- #endif
- }
- /* Use keyID here if found to select key and decrypt in HSM or in this
- * example just select key and do software decryption */
- if (keyId == 1) {
- key = altKey;
- keySz = sizeof(altKey);
- }
- else {
- key = defKey;
- keySz = sizeof(defKey);
- }
- switch (encryptOID) {
- case AES256CBCb:
- if ((keySz != 32 ) || (ivSz != AES_BLOCK_SIZE))
- ERROR_OUT(BAD_FUNC_ARG, out);
- break;
- case AES128CBCb:
- if ((keySz != 16 ) || (ivSz != AES_BLOCK_SIZE))
- ERROR_OUT(BAD_FUNC_ARG, out);
- break;
- default:
- printf("Unsupported content cipher type for example");
- ERROR_OUT(ALGO_ID_E, out);
- };
- ret = wc_AesInit(aes, HEAP_HINT, INVALID_DEVID);
- if (ret == 0) {
- ret = wc_AesSetKey(aes, key, keySz, iv, AES_DECRYPTION);
- if (ret == 0)
- ret = wc_AesCbcDecrypt(aes, out, in, inSz);
- wc_AesFree(aes);
- }
- out:
- #ifdef WOLFSSL_SMALL_STACK
- XFREE(aes, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- #endif
- (void)aad;
- (void)aadSz;
- (void)authTag;
- (void)authTagSz;
- return ret;
- }
- #endif /* NO_AES */
- #define PKCS7_BUF_SIZE 2048
- static int pkcs7enveloped_run_vectors(byte* rsaCert, word32 rsaCertSz,
- byte* rsaPrivKey, word32 rsaPrivKeySz,
- byte* eccCert, word32 eccCertSz,
- byte* eccPrivKey, word32 eccPrivKeySz)
- {
- int ret = 0, testSz, i;
- int envelopedSz, decodedSz;
- byte *enveloped;
- byte *decoded;
- PKCS7* pkcs7;
- #ifdef ECC_TIMING_RESISTANT
- WC_RNG rng;
- #endif
- #ifdef PKCS7_OUTPUT_TEST_BUNDLES
- XFILE pkcs7File;
- #endif
- WOLFSSL_SMALL_STACK_STATIC const byte data[] = { /* Hello World */
- 0x48,0x65,0x6c,0x6c,0x6f,0x20,0x57,0x6f,
- 0x72,0x6c,0x64
- };
- #if !defined(NO_AES) && defined(WOLFSSL_AES_256) && defined(HAVE_ECC) && \
- defined(WOLFSSL_SHA512)
- byte optionalUkm[] = {
- 0x00,0x01,0x02,0x03,0x04,0x05,0x06,0x07
- };
- #endif /* NO_AES */
- #if !defined(NO_AES) && !defined(NO_SHA) && defined(WOLFSSL_AES_128)
- /* encryption key for kekri recipient types */
- byte secretKey[] = {
- 0x00,0x01,0x02,0x03,0x04,0x05,0x06,0x07,
- 0x00,0x01,0x02,0x03,0x04,0x05,0x06,0x07
- };
- /* encryption key identifier */
- byte secretKeyId[] = {
- 0x02,0x02,0x03,0x04
- };
- #endif
- #if !defined(NO_PWDBASED) && !defined(NO_AES) && \
- !defined(NO_SHA) && defined(WOLFSSL_AES_128)
- #ifndef HAVE_FIPS
- char password[] = "password"; /* NOTE: Password is too short for FIPS */
- #else
- char password[] = "passwordFIPS_MODE";
- #endif
- byte salt[] = {
- 0x12, 0x34, 0x56, 0x78, 0x78, 0x56, 0x34, 0x12
- };
- #endif
- const pkcs7EnvelopedVector testVectors[] =
- {
- /* key transport key encryption technique */
- #ifndef NO_RSA
- #ifndef NO_DES3
- {data, (word32)sizeof(data), DATA, DES3b, 0, 0, rsaCert, rsaCertSz,
- rsaPrivKey, rsaPrivKeySz, NULL, 0, 0, 0, NULL, 0, NULL, 0, NULL, NULL,
- 0, NULL, 0, 0, NULL, 0, NULL, 0, 0, 0, 0, 0, 0, 0,
- "pkcs7envelopedDataDES3.der"},
- #endif
- #ifndef NO_AES
- #ifdef WOLFSSL_AES_128
- {data, (word32)sizeof(data), DATA, AES128CBCb, 0, 0, rsaCert, rsaCertSz,
- rsaPrivKey, rsaPrivKeySz, NULL, 0, 0, 0, NULL, 0, NULL, 0, NULL, NULL,
- 0, NULL, 0, 0, NULL, 0, NULL, 0, 0, 0, 0, 0, 0, 0,
- "pkcs7envelopedDataAES128CBC.der"},
- #endif
- #ifdef WOLFSSL_AES_192
- {data, (word32)sizeof(data), DATA, AES192CBCb, 0, 0, rsaCert, rsaCertSz,
- rsaPrivKey, rsaPrivKeySz, NULL, 0, 0, 0, NULL, 0, NULL, 0, NULL, NULL,
- 0, NULL, 0, 0, NULL, 0, NULL, 0, 0, 0, 0, 0, 0, 0,
- "pkcs7envelopedDataAES192CBC.der"},
- #endif
- #ifdef WOLFSSL_AES_256
- {data, (word32)sizeof(data), DATA, AES256CBCb, 0, 0, rsaCert, rsaCertSz,
- rsaPrivKey, rsaPrivKeySz, NULL, 0, 0, 0, NULL, 0, NULL, 0, NULL, NULL,
- 0, NULL, 0, 0, NULL, 0, NULL, 0, 0, 0, 0, 0, 0, 0,
- "pkcs7envelopedDataAES256CBC.der"},
- /* explicitly using SKID for SubjectKeyIdentifier */
- {data, (word32)sizeof(data), DATA, AES256CBCb, 0, 0, rsaCert, rsaCertSz,
- rsaPrivKey, rsaPrivKeySz, NULL, 0, CMS_SKID, 0, NULL, 0, NULL, 0, NULL,
- NULL, 0, NULL, 0, 0, NULL, 0, NULL, 0, 0, 0, 0, 0, 0, 0,
- "pkcs7envelopedDataAES256CBC_SKID.der"},
- /* explicitly using IssuerAndSerialNumber for SubjectKeyIdentifier */
- {data, (word32)sizeof(data), DATA, AES256CBCb, 0, 0, rsaCert, rsaCertSz,
- rsaPrivKey, rsaPrivKeySz, NULL, 0, CMS_ISSUER_AND_SERIAL_NUMBER, 0,
- NULL, 0, NULL, 0, NULL, NULL, 0, NULL, 0, 0, NULL, 0, NULL, 0, 0, 0,
- 0, 0, 0, 0, "pkcs7envelopedDataAES256CBC_IANDS.der"},
- #endif
- #endif /* NO_AES */
- #endif
- /* key agreement key encryption technique*/
- #ifdef HAVE_ECC
- #ifndef NO_AES
- #if !defined(NO_SHA) && defined(WOLFSSL_AES_128)
- {data, (word32)sizeof(data), DATA, AES128CBCb, AES128_WRAP,
- dhSinglePass_stdDH_sha1kdf_scheme, eccCert, eccCertSz, eccPrivKey,
- eccPrivKeySz, NULL, 0, 0, 0, NULL, 0, NULL, 0, NULL, NULL, 0, NULL, 0,
- 0, NULL, 0, NULL, 0, 0, 0, 0, 0, 0, 0,
- "pkcs7envelopedDataAES128CBC_ECDH_SHA1KDF.der"},
- #endif
- #if !defined(NO_SHA256) && defined(WOLFSSL_AES_256)
- {data, (word32)sizeof(data), DATA, AES256CBCb, AES256_WRAP,
- dhSinglePass_stdDH_sha256kdf_scheme, eccCert, eccCertSz, eccPrivKey,
- eccPrivKeySz, NULL, 0, 0, 0, NULL, 0, NULL, 0, NULL, NULL, 0, NULL, 0,
- 0, NULL, 0, NULL, 0, 0, 0, 0, 0, 0, 0,
- "pkcs7envelopedDataAES256CBC_ECDH_SHA256KDF.der"},
- #endif /* NO_SHA256 && WOLFSSL_AES_256 */
- #if defined(WOLFSSL_SHA512) && defined(WOLFSSL_AES_256)
- {data, (word32)sizeof(data), DATA, AES256CBCb, AES256_WRAP,
- dhSinglePass_stdDH_sha512kdf_scheme, eccCert, eccCertSz, eccPrivKey,
- eccPrivKeySz, NULL, 0, 0, 0, NULL, 0, NULL, 0, NULL, NULL, 0, NULL, 0,
- 0, NULL, 0, NULL, 0, 0, 0, 0, 0, 0, 0,
- "pkcs7envelopedDataAES256CBC_ECDH_SHA512KDF.der"},
- /* with optional user keying material (ukm) */
- {data, (word32)sizeof(data), DATA, AES256CBCb, AES256_WRAP,
- dhSinglePass_stdDH_sha512kdf_scheme, eccCert, eccCertSz, eccPrivKey,
- eccPrivKeySz, optionalUkm, sizeof(optionalUkm), 0, 0, NULL, 0,
- NULL, 0, NULL, NULL, 0, NULL, 0, 0, NULL, 0, NULL, 0, 0, 0, 0, 0, 0, 0,
- "pkcs7envelopedDataAES256CBC_ECDH_SHA512KDF_ukm.der"},
- #endif /* WOLFSSL_SHA512 && WOLFSSL_AES_256 */
- #endif /* NO_AES */
- #endif
- /* kekri (KEKRecipientInfo) recipient types */
- #ifndef NO_AES
- #if !defined(NO_SHA) && defined(WOLFSSL_AES_128)
- {data, (word32)sizeof(data), DATA, AES128CBCb, AES128_WRAP, 0,
- NULL, 0, NULL, 0, NULL, 0, 0, 0, secretKey, sizeof(secretKey),
- secretKeyId, sizeof(secretKeyId), NULL, NULL, 0, NULL, 0,
- 0, NULL, 0, NULL, 0, 0, 0, 0, 0, 0, 0,
- "pkcs7envelopedDataAES128CBC_KEKRI.der"},
- #endif
- #endif
- /* pwri (PasswordRecipientInfo) recipient types */
- #if !defined(NO_PWDBASED) && !defined(NO_AES)
- #if !defined(NO_SHA) && defined(WOLFSSL_AES_128)
- {data, (word32)sizeof(data), DATA, AES128CBCb, 0, 0,
- NULL, 0, NULL, 0, NULL, 0, 0, 0, NULL, 0,
- NULL, 0, NULL, NULL, 0, NULL, 0, 0, password,
- (word32)XSTRLEN(password), salt, sizeof(salt), PBKDF2_OID, WC_SHA, 5,
- 0, 0, 0, "pkcs7envelopedDataAES128CBC_PWRI.der"},
- #endif
- #endif
- #if !defined(NO_AES) && !defined(NO_AES_128)
- /* ori (OtherRecipientInfo) recipient types */
- {data, (word32)sizeof(data), DATA, AES128CBCb, 0, 0, NULL, 0, NULL, 0,
- NULL, 0, 0, 0, NULL, 0, NULL, 0, NULL, NULL, 0, NULL, 0, 0, NULL, 0,
- NULL, 0, 0, 0, 0, 0, 1, 0, "pkcs7envelopedDataAES128CBC_ORI.der"},
- #endif
- };
- enveloped = (byte *)XMALLOC(PKCS7_BUF_SIZE, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- decoded = (byte *)XMALLOC(PKCS7_BUF_SIZE, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- if ((! enveloped) || (! decoded)) {
- ERROR_OUT(-12170, out);
- }
- testSz = sizeof(testVectors) / sizeof(pkcs7EnvelopedVector);
- #ifdef ECC_TIMING_RESISTANT
- #ifndef HAVE_FIPS
- ret = wc_InitRng_ex(&rng, HEAP_HINT, devId);
- #else
- ret = wc_InitRng(&rng);
- #endif
- if (ret != 0) {
- ERROR_OUT(-12171, out);
- }
- #endif
- for (i = 0; i < testSz; i++) {
- pkcs7 = wc_PKCS7_New(HEAP_HINT,
- #ifdef WOLFSSL_ASYNC_CRYPT
- INVALID_DEVID /* async PKCS7 is not supported */
- #else
- devId
- #endif
- );
- if (pkcs7 == NULL) {
- ERROR_OUT(-12172, out);
- }
- if (testVectors[i].secretKey != NULL) {
- /* KEKRI recipient type */
- ret = wc_PKCS7_Init(pkcs7, pkcs7->heap, pkcs7->devId);
- if (ret != 0) {
- ERROR_OUT(-12173, out);
- }
- pkcs7->content = (byte*)testVectors[i].content;
- pkcs7->contentSz = testVectors[i].contentSz;
- pkcs7->contentOID = testVectors[i].contentOID;
- pkcs7->encryptOID = testVectors[i].encryptOID;
- pkcs7->ukm = testVectors[i].optionalUkm;
- pkcs7->ukmSz = testVectors[i].optionalUkmSz;
- ret = wc_PKCS7_AddRecipient_KEKRI(pkcs7, testVectors[i].keyWrapOID,
- testVectors[i].secretKey, testVectors[i].secretKeySz,
- testVectors[i].secretKeyId, testVectors[i].secretKeyIdSz,
- testVectors[i].timePtr, testVectors[i].otherAttrOID,
- testVectors[i].otherAttrOIDSz, testVectors[i].otherAttr,
- testVectors[i].otherAttrSz, testVectors[i].kekriOptions);
- if (ret < 0) {
- wc_PKCS7_Free(pkcs7);
- ERROR_OUT(-12174, out);
- }
- /* set key, for decryption */
- ret = wc_PKCS7_SetKey(pkcs7, testVectors[i].secretKey,
- testVectors[i].secretKeySz);
- if (ret != 0) {
- wc_PKCS7_Free(pkcs7);
- ERROR_OUT(-12175, out);
- }
- } else if (testVectors[i].password != NULL) {
- #ifndef NO_PWDBASED
- /* PWRI recipient type */
- ret = wc_PKCS7_Init(pkcs7, pkcs7->heap, pkcs7->devId);
- if (ret != 0) {
- ERROR_OUT(-12176, out);
- }
- pkcs7->content = (byte*)testVectors[i].content;
- pkcs7->contentSz = testVectors[i].contentSz;
- pkcs7->contentOID = testVectors[i].contentOID;
- pkcs7->encryptOID = testVectors[i].encryptOID;
- pkcs7->ukm = testVectors[i].optionalUkm;
- pkcs7->ukmSz = testVectors[i].optionalUkmSz;
- ret = wc_PKCS7_AddRecipient_PWRI(pkcs7,
- (byte*)testVectors[i].password,
- testVectors[i].passwordSz, testVectors[i].salt,
- testVectors[i].saltSz, testVectors[i].kdfOID,
- testVectors[i].hashOID, testVectors[i].kdfIterations,
- testVectors[i].encryptOID, testVectors[i].pwriOptions);
- if (ret < 0) {
- wc_PKCS7_Free(pkcs7);
- ERROR_OUT(-12177, out);
- }
- /* set password, for decryption */
- ret = wc_PKCS7_SetPassword(pkcs7, (byte*)testVectors[i].password,
- testVectors[i].passwordSz);
- if (ret < 0) {
- wc_PKCS7_Free(pkcs7);
- ERROR_OUT(-12178, out);
- }
- #endif /* NO_PWDBASED */
- } else if (testVectors[i].isOri == 1) {
- /* ORI recipient type */
- ret = wc_PKCS7_Init(pkcs7, pkcs7->heap, pkcs7->devId);
- if (ret != 0) {
- ERROR_OUT(-12179, out);
- }
- pkcs7->content = (byte*)testVectors[i].content;
- pkcs7->contentSz = testVectors[i].contentSz;
- pkcs7->contentOID = testVectors[i].contentOID;
- pkcs7->encryptOID = testVectors[i].encryptOID;
- ret = wc_PKCS7_AddRecipient_ORI(pkcs7, myOriEncryptCb,
- testVectors[i].oriOptions);
- if (ret < 0) {
- wc_PKCS7_Free(pkcs7);
- ERROR_OUT(-12180, out);
- }
- /* set decrypt callback for decryption */
- ret = wc_PKCS7_SetOriDecryptCb(pkcs7, myOriDecryptCb);
- if (ret < 0) {
- wc_PKCS7_Free(pkcs7);
- ERROR_OUT(-12181, out);
- }
- } else {
- /* KTRI or KARI recipient types */
- ret = wc_PKCS7_Init(pkcs7, pkcs7->heap, pkcs7->devId);
- if (ret != 0) {
- ERROR_OUT(-12182, out);
- }
- ret = wc_PKCS7_InitWithCert(pkcs7, testVectors[i].cert,
- (word32)testVectors[i].certSz);
- if (ret != 0) {
- wc_PKCS7_Free(pkcs7);
- ERROR_OUT(-12183, out);
- }
- pkcs7->keyWrapOID = testVectors[i].keyWrapOID;
- pkcs7->keyAgreeOID = testVectors[i].keyAgreeOID;
- pkcs7->privateKey = testVectors[i].privateKey;
- pkcs7->privateKeySz = testVectors[i].privateKeySz;
- pkcs7->content = (byte*)testVectors[i].content;
- pkcs7->contentSz = testVectors[i].contentSz;
- pkcs7->contentOID = testVectors[i].contentOID;
- pkcs7->encryptOID = testVectors[i].encryptOID;
- pkcs7->ukm = testVectors[i].optionalUkm;
- pkcs7->ukmSz = testVectors[i].optionalUkmSz;
- /* set SubjectIdentifier type for KTRI types */
- if (testVectors[i].ktriOptions & CMS_SKID) {
- ret = wc_PKCS7_SetSignerIdentifierType(pkcs7, CMS_SKID);
- if (ret != 0) {
- wc_PKCS7_Free(pkcs7);
- ERROR_OUT(-12184, out);
- }
- } else if (testVectors[i].ktriOptions &
- CMS_ISSUER_AND_SERIAL_NUMBER) {
- ret = wc_PKCS7_SetSignerIdentifierType(pkcs7,
- CMS_ISSUER_AND_SERIAL_NUMBER);
- if (ret != 0) {
- wc_PKCS7_Free(pkcs7);
- ERROR_OUT(-12185, out);
- }
- }
- }
- #ifdef ECC_TIMING_RESISTANT
- pkcs7->rng = &rng;
- #endif
- /* encode envelopedData */
- envelopedSz = wc_PKCS7_EncodeEnvelopedData(pkcs7, enveloped,
- PKCS7_BUF_SIZE);
- if (envelopedSz <= 0) {
- wc_PKCS7_Free(pkcs7);
- ERROR_OUT(-12186, out);
- }
- /* decode envelopedData */
- decodedSz = wc_PKCS7_DecodeEnvelopedData(pkcs7, enveloped, envelopedSz,
- decoded, PKCS7_BUF_SIZE);
- if (decodedSz <= 0) {
- wc_PKCS7_Free(pkcs7);
- ERROR_OUT(-12187, out);
- }
- /* test decode result */
- if (XMEMCMP(decoded, data, sizeof(data)) != 0){
- wc_PKCS7_Free(pkcs7);
- ERROR_OUT(-12188, out);
- }
- #ifndef NO_PKCS7_STREAM
- { /* test reading byte by byte */
- int z;
- for (z = 0; z < envelopedSz; z++) {
- decodedSz = wc_PKCS7_DecodeEnvelopedData(pkcs7, enveloped + z, 1,
- decoded, PKCS7_BUF_SIZE);
- if (decodedSz <= 0 && decodedSz != WC_PKCS7_WANT_READ_E) {
- printf("unexpected error %d\n", decodedSz);
- ERROR_OUT(-12189, out);
- }
- }
- /* test decode result */
- if (XMEMCMP(decoded, data, sizeof(data)) != 0) {
- printf("stream read compare failed\n");
- wc_PKCS7_Free(pkcs7);
- ERROR_OUT(-12190, out);
- }
- }
- #endif
- #ifdef PKCS7_OUTPUT_TEST_BUNDLES
- /* output pkcs7 envelopedData for external testing */
- pkcs7File = XFOPEN(testVectors[i].outFileName, "wb");
- if (!pkcs7File) {
- wc_PKCS7_Free(pkcs7);
- ERROR_OUT(-12191, out);
- }
- ret = (int)XFWRITE(enveloped, 1, envelopedSz, pkcs7File);
- XFCLOSE(pkcs7File);
- if (ret != envelopedSz) {
- wc_PKCS7_Free(pkcs7);
- ERROR_OUT(-12192, out);
- } else {
- /* reset ret to 0 for success */
- ret = 0;
- }
- #endif /* PKCS7_OUTPUT_TEST_BUNDLES */
- wc_PKCS7_Free(pkcs7);
- pkcs7 = NULL;
- }
- #ifdef ECC_TIMING_RESISTANT
- wc_FreeRng(&rng);
- #endif
- (void)eccCert;
- (void)eccCertSz;
- (void)eccPrivKey;
- (void)eccPrivKeySz;
- (void)rsaCert;
- (void)rsaCertSz;
- (void)rsaPrivKey;
- (void)rsaPrivKeySz;
- out:
- if (enveloped)
- XFREE(enveloped, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- if (decoded)
- XFREE(decoded, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- return ret;
- }
- WOLFSSL_TEST_SUBROUTINE int pkcs7enveloped_test(void)
- {
- int ret = 0;
- byte* rsaCert = NULL;
- byte* rsaPrivKey = NULL;
- word32 rsaCertSz = 0;
- word32 rsaPrivKeySz = 0;
- byte* eccCert = NULL;
- byte* eccPrivKey = NULL;
- word32 eccCertSz = 0;
- word32 eccPrivKeySz = 0;
- #ifndef NO_RSA
- /* read client RSA cert and key in DER format */
- rsaCert = (byte*)XMALLOC(FOURK_BUF, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- if (rsaCert == NULL)
- return -12200;
- rsaPrivKey = (byte*)XMALLOC(FOURK_BUF, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- if (rsaPrivKey == NULL) {
- XFREE(rsaCert, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- return -12201;
- }
- rsaCertSz = FOURK_BUF;
- rsaPrivKeySz = FOURK_BUF;
- #endif /* NO_RSA */
- #ifdef HAVE_ECC
- /* read client ECC cert and key in DER format */
- eccCert = (byte*)XMALLOC(FOURK_BUF, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- if (eccCert == NULL) {
- #ifndef NO_RSA
- XFREE(rsaCert, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- XFREE(rsaPrivKey, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- #endif
- return -12202;
- }
- eccPrivKey =(byte*)XMALLOC(FOURK_BUF, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- if (eccPrivKey == NULL) {
- #ifndef NO_RSA
- XFREE(rsaCert, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- XFREE(rsaPrivKey, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- #endif
- XFREE(eccCert, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- return -12203;
- }
- eccCertSz = FOURK_BUF;
- eccPrivKeySz = FOURK_BUF;
- #endif /* HAVE_ECC */
- ret = pkcs7_load_certs_keys(rsaCert, &rsaCertSz, rsaPrivKey,
- &rsaPrivKeySz, NULL, NULL, NULL, NULL,
- NULL, NULL, NULL, NULL, eccCert, &eccCertSz,
- eccPrivKey, &eccPrivKeySz);
- if (ret < 0) {
- #ifndef NO_RSA
- XFREE(rsaCert, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- XFREE(rsaPrivKey, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- #endif
- #ifdef HAVE_ECC
- XFREE(eccCert, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- XFREE(eccPrivKey, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- #endif
- return -12204;
- }
- ret = pkcs7enveloped_run_vectors(rsaCert, (word32)rsaCertSz,
- rsaPrivKey, (word32)rsaPrivKeySz,
- eccCert, (word32)eccCertSz,
- eccPrivKey, (word32)eccPrivKeySz);
- #ifndef NO_RSA
- XFREE(rsaCert, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- XFREE(rsaPrivKey, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- #endif
- #ifdef HAVE_ECC
- XFREE(eccCert, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- XFREE(eccPrivKey, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- #endif
- return ret;
- }
- #if defined(HAVE_AESGCM) || defined(HAVE_AESCCM)
- typedef struct {
- const byte* content;
- word32 contentSz;
- int contentOID;
- int encryptOID;
- int keyWrapOID;
- int keyAgreeOID;
- byte* cert;
- size_t certSz;
- byte* privateKey;
- word32 privateKeySz;
- PKCS7Attrib* authAttribs;
- word32 authAttribsSz;
- PKCS7Attrib* unauthAttribs;
- word32 unauthAttribsSz;
- /* KARI / KTRI specific */
- byte* optionalUkm;
- word32 optionalUkmSz;
- int ktriOptions; /* KTRI options flags */
- int kariOptions; /* KARI options flags */
- /* KEKRI specific */
- byte* secretKey; /* key, only for kekri RecipientInfo types */
- word32 secretKeySz; /* size of secretKey, bytes */
- byte* secretKeyId; /* key identifier */
- word32 secretKeyIdSz; /* size of key identifier, bytes */
- void* timePtr; /* time_t pointer */
- byte* otherAttrOID; /* OPTIONAL, other attribute OID */
- word32 otherAttrOIDSz; /* size of otherAttrOID, bytes */
- byte* otherAttr; /* OPTIONAL, other attribute, ASN.1 encoded */
- word32 otherAttrSz; /* size of otherAttr, bytes */
- int kekriOptions; /* KEKRI options flags */
- /* PWRI specific */
- char* password; /* password */
- word32 passwordSz; /* password size, bytes */
- byte* salt; /* KDF salt */
- word32 saltSz; /* KDF salt size, bytes */
- int kdfOID; /* KDF OID */
- int hashOID; /* KDF hash algorithm OID */
- int kdfIterations; /* KDF iterations */
- int kekEncryptOID; /* KEK encryption algorithm OID */
- int pwriOptions; /* PWRI options flags */
- /* ORI specific */
- int isOri;
- int oriOptions; /* ORI options flags */
- const char* outFileName;
- } pkcs7AuthEnvelopedVector;
- static int pkcs7authenveloped_run_vectors(byte* rsaCert, word32 rsaCertSz,
- byte* rsaPrivKey, word32 rsaPrivKeySz,
- byte* eccCert, word32 eccCertSz,
- byte* eccPrivKey, word32 eccPrivKeySz)
- {
- int ret = 0, testSz = 0, i;
- int envelopedSz, decodedSz;
- byte *enveloped = NULL;
- byte *decoded = NULL;
- WC_RNG rng;
- PKCS7* pkcs7;
- #ifdef PKCS7_OUTPUT_TEST_BUNDLES
- XFILE pkcs7File;
- #endif
- WOLFSSL_SMALL_STACK_STATIC const byte data[] = { /* Hello World */
- 0x48,0x65,0x6c,0x6c,0x6f,0x20,0x57,0x6f,
- 0x72,0x6c,0x64
- };
- byte senderNonce[PKCS7_NONCE_SZ + 2];
- #ifdef HAVE_ECC
- WOLFSSL_SMALL_STACK_STATIC const byte senderNonceOid[] =
- { 0x06, 0x0a, 0x60, 0x86, 0x48, 0x01, 0x86, 0xF8, 0x45, 0x01,
- 0x09, 0x05 };
- PKCS7Attrib attribs[] =
- {
- { senderNonceOid, sizeof(senderNonceOid), senderNonce,
- sizeof(senderNonce) }
- };
- #endif
- #if !defined(NO_AES) && defined(WOLFSSL_AES_256) && defined(HAVE_ECC) && \
- defined(WOLFSSL_SHA512)
- WOLFSSL_SMALL_STACK_STATIC const byte optionalUkm[] = {
- 0x00,0x01,0x02,0x03,0x04,0x05,0x06,0x07
- };
- #endif /* NO_AES */
- #if !defined(NO_AES) && !defined(NO_SHA) && defined(WOLFSSL_AES_128)
- /* encryption key for kekri recipient types */
- WOLFSSL_SMALL_STACK_STATIC const byte secretKey[] = {
- 0x00,0x01,0x02,0x03,0x04,0x05,0x06,0x07,
- 0x00,0x01,0x02,0x03,0x04,0x05,0x06,0x07
- };
- /* encryption key identifier */
- WOLFSSL_SMALL_STACK_STATIC const byte secretKeyId[] = {
- 0x02,0x02,0x03,0x04
- };
- #endif
- #if !defined(NO_PWDBASED) && !defined(NO_AES) && defined(HAVE_AESGCM) && \
- !defined(NO_SHA) && defined(WOLFSSL_AES_128)
- #ifndef HAVE_FIPS
- WOLFSSL_SMALL_STACK_STATIC const char password[] = "password";
- #else
- WOLFSSL_SMALL_STACK_STATIC const char password[] = "passwordFIPS_MODE";
- #endif
- WOLFSSL_SMALL_STACK_STATIC const byte salt[] = {
- 0x12, 0x34, 0x56, 0x78, 0x78, 0x56, 0x34, 0x12
- };
- #endif
- pkcs7AuthEnvelopedVector *testVectors = NULL;
- {
- #define ADD_PKCS7_TEST_VEC(...) { \
- const pkcs7AuthEnvelopedVector vec = __VA_ARGS__; \
- testVectors = (pkcs7AuthEnvelopedVector *) \
- XREALLOC(testVectors, \
- sizeof *testVectors * (testSz + 1), \
- HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); \
- if (testVectors == NULL) \
- ERROR_OUT(-12233, out); \
- XMEMCPY(&testVectors[testSz++], &vec, sizeof *testVectors); \
- }
- /* key transport key encryption technique */
- #ifndef NO_RSA
- #if !defined(NO_AES) && defined(HAVE_AESGCM)
- #ifdef WOLFSSL_AES_128
- ADD_PKCS7_TEST_VEC(
- {data, (word32)sizeof(data), DATA, AES128GCMb, 0, 0, rsaCert, rsaCertSz,
- rsaPrivKey, rsaPrivKeySz, NULL, 0, NULL, 0, NULL, 0, 0, 0, NULL, 0,
- NULL, 0, NULL, NULL, 0, NULL, 0, 0, NULL, 0, NULL, 0, 0, 0, 0, 0, 0,
- 0, 0, "pkcs7authEnvelopedDataAES128GCM.der"});
- #endif
- #ifdef WOLFSSL_AES_192
- ADD_PKCS7_TEST_VEC(
- {data, (word32)sizeof(data), DATA, AES192GCMb, 0, 0, rsaCert, rsaCertSz,
- rsaPrivKey, rsaPrivKeySz, NULL, 0, NULL, 0, NULL, 0, 0, 0, NULL, 0,
- NULL, 0, NULL, NULL, 0, NULL, 0, 0, NULL, 0, NULL, 0, 0, 0, 0, 0, 0,
- 0, 0, "pkcs7authEnvelopedDataAES192GCM.der"});
- #endif
- #ifdef WOLFSSL_AES_256
- ADD_PKCS7_TEST_VEC(
- {data, (word32)sizeof(data), DATA, AES256GCMb, 0, 0, rsaCert, rsaCertSz,
- rsaPrivKey, rsaPrivKeySz, NULL, 0, NULL, 0, NULL, 0, 0, 0, NULL, 0,
- NULL, 0, NULL, NULL, 0, NULL, 0, 0, NULL, 0, NULL, 0, 0, 0, 0, 0, 0,
- 0, 0, "pkcs7authEnvelopedDataAES256GCM.der"});
- /* test with contentType set to FirmwarePkgData */
- ADD_PKCS7_TEST_VEC(
- {data, (word32)sizeof(data), FIRMWARE_PKG_DATA, AES256GCMb, 0, 0,
- rsaCert, rsaCertSz, rsaPrivKey, rsaPrivKeySz, NULL, 0, NULL, 0, NULL,
- 0, 0, 0, NULL, 0, NULL, 0, NULL, NULL, 0, NULL, 0, 0, NULL, 0, NULL,
- 0, 0, 0, 0, 0, 0, 0, 0,
- "pkcs7authEnvelopedDataAES256GCM_firmwarePkgData.der"});
- /* explicitly using SKID for SubjectKeyIdentifier */
- ADD_PKCS7_TEST_VEC(
- {data, (word32)sizeof(data), DATA, AES256GCMb, 0, 0, rsaCert, rsaCertSz,
- rsaPrivKey, rsaPrivKeySz, NULL, 0, NULL, 0, NULL, 0, CMS_SKID, 0,
- NULL, 0, NULL, 0, NULL, NULL, 0, NULL, 0, 0, NULL, 0, NULL, 0, 0, 0,
- 0, 0, 0, 0, 0, "pkcs7authEnvelopedDataAES256GCM_SKID.der"});
- /* explicitly using IssuerAndSerialNumber for SubjectKeyIdentifier */
- ADD_PKCS7_TEST_VEC(
- {data, (word32)sizeof(data), DATA, AES256GCMb, 0, 0, rsaCert, rsaCertSz,
- rsaPrivKey, rsaPrivKeySz, NULL, 0, NULL, 0, NULL, 0,
- CMS_ISSUER_AND_SERIAL_NUMBER, 0, NULL, 0, NULL, 0, NULL, NULL, 0,
- NULL, 0, 0, NULL, 0, NULL, 0, 0, 0, 0, 0, 0, 0, 0,
- "pkcs7authEnvelopedDataAES256GCM_IANDS.der"});
- #endif
- #endif /* NO_AES */
- #endif
- /* key agreement key encryption technique*/
- #ifdef HAVE_ECC
- #if !defined(NO_AES) && defined(HAVE_AESGCM)
- #if !defined(NO_SHA) && defined(WOLFSSL_AES_128)
- ADD_PKCS7_TEST_VEC(
- {data, (word32)sizeof(data), DATA, AES128GCMb, AES128_WRAP,
- dhSinglePass_stdDH_sha1kdf_scheme, eccCert, eccCertSz, eccPrivKey,
- eccPrivKeySz, NULL, 0, NULL, 0, NULL, 0, 0, 0, NULL, 0, NULL, 0,
- NULL, NULL, 0, NULL, 0, 0, NULL, 0, NULL, 0, 0, 0, 0, 0, 0, 0, 0,
- "pkcs7authEnvelopedDataAES128GCM_ECDH_SHA1KDF.der"});
- #endif
- #if !defined(NO_SHA256) && defined(WOLFSSL_AES_256)
- ADD_PKCS7_TEST_VEC(
- {data, (word32)sizeof(data), DATA, AES256GCMb, AES256_WRAP,
- dhSinglePass_stdDH_sha256kdf_scheme, eccCert, eccCertSz, eccPrivKey,
- eccPrivKeySz, NULL, 0, NULL, 0, NULL, 0, 0, 0, NULL, 0, NULL, 0,
- NULL, NULL, 0, NULL, 0, 0, NULL, 0, NULL, 0, 0, 0, 0, 0, 0, 0, 0,
- "pkcs7authEnvelopedDataAES256GCM_ECDH_SHA256KDF.der"});
- /* with authenticated attributes */
- ADD_PKCS7_TEST_VEC(
- {data, (word32)sizeof(data), DATA, AES256GCMb, AES256_WRAP,
- dhSinglePass_stdDH_sha256kdf_scheme, eccCert, eccCertSz, eccPrivKey,
- eccPrivKeySz, attribs, (sizeof(attribs) / sizeof(PKCS7Attrib)),
- NULL, 0, NULL, 0, 0, 0, NULL, 0,
- NULL, 0, NULL, NULL, 0, NULL, 0, 0, NULL, 0, NULL, 0, 0, 0, 0, 0,
- 0, 0, 0,
- "pkcs7authEnvelopedDataAES256GCM_ECDH_SHA256KDF_authAttribs.der"});
- /* with unauthenticated attributes */
- ADD_PKCS7_TEST_VEC(
- {data, (word32)sizeof(data), DATA, AES256GCMb, AES256_WRAP,
- dhSinglePass_stdDH_sha256kdf_scheme, eccCert, eccCertSz, eccPrivKey,
- eccPrivKeySz, NULL, 0, attribs,
- (sizeof(attribs) / sizeof(PKCS7Attrib)), NULL, 0, 0, 0, NULL, 0,
- NULL, 0, NULL, NULL, 0, NULL, 0, 0, NULL, 0, NULL, 0, 0, 0, 0, 0,
- 0, 0, 0,
- "pkcs7authEnvelopedDataAES256GCM_ECDH_SHA256KDF_unauthAttribs.der"});
- /* with authenticated AND unauthenticated attributes */
- ADD_PKCS7_TEST_VEC(
- {data, (word32)sizeof(data), DATA, AES256GCMb, AES256_WRAP,
- dhSinglePass_stdDH_sha256kdf_scheme, eccCert, eccCertSz, eccPrivKey,
- eccPrivKeySz, attribs, (sizeof(attribs) / sizeof(PKCS7Attrib)),
- attribs, (sizeof(attribs) / sizeof(PKCS7Attrib)), NULL, 0, 0, 0,
- NULL, 0, NULL, 0, NULL, NULL, 0, NULL, 0, 0, NULL, 0, NULL, 0, 0,
- 0, 0, 0, 0, 0, 0,
- "pkcs7authEnvelopedDataAES256GCM_ECDH_SHA256KDF_bothAttribs.der"});
- /* with authenticated AND unauthenticated attributes AND
- * contentType of FirmwarePkgData */
- ADD_PKCS7_TEST_VEC(
- {data, (word32)sizeof(data), FIRMWARE_PKG_DATA, AES256GCMb, AES256_WRAP,
- dhSinglePass_stdDH_sha256kdf_scheme, eccCert, eccCertSz, eccPrivKey,
- eccPrivKeySz, attribs, (sizeof(attribs) / sizeof(PKCS7Attrib)),
- attribs, (sizeof(attribs) / sizeof(PKCS7Attrib)), NULL, 0, 0, 0,
- NULL, 0, NULL, 0, NULL, NULL, 0, NULL, 0, 0, NULL, 0, NULL, 0, 0,
- 0, 0, 0, 0, 0, 0,
- "pkcs7authEnvelopedDataAES256GCM_ECDH_SHA256KDF_fw_bothAttribs.der"});
- #endif /* NO_SHA256 && WOLFSSL_AES_256 */
- #if defined(WOLFSSL_SHA512) && defined(WOLFSSL_AES_256)
- ADD_PKCS7_TEST_VEC(
- {data, (word32)sizeof(data), DATA, AES256GCMb, AES256_WRAP,
- dhSinglePass_stdDH_sha512kdf_scheme, eccCert, eccCertSz, eccPrivKey,
- eccPrivKeySz, NULL, 0, NULL, 0, NULL, 0, 0, 0, NULL, 0, NULL, 0, NULL,
- NULL, 0, NULL, 0, 0, NULL, 0, NULL, 0, 0, 0, 0, 0, 0, 0, 0,
- "pkcs7authEnvelopedDataAES256GCM_ECDH_SHA512KDF.der"});
- /* with optional user keying material (ukm) */
- ADD_PKCS7_TEST_VEC(
- {data, (word32)sizeof(data), DATA, AES256GCMb, AES256_WRAP,
- dhSinglePass_stdDH_sha512kdf_scheme, eccCert, eccCertSz, eccPrivKey,
- eccPrivKeySz, NULL, 0, NULL, 0, (byte *)optionalUkm, sizeof(optionalUkm), 0,
- 0, NULL, 0, NULL, 0, NULL, NULL, 0, NULL, 0, 0, NULL, 0, NULL, 0, 0,
- 0, 0, 0, 0, 0, 0,
- "pkcs7authEnvelopedDataAES256GCM_ECDH_SHA512KDF_ukm.der"});
- #endif /* WOLFSSL_SHA512 && WOLFSSL_AES_256 */
- #endif /* NO_AES */
- #endif
- /* kekri (KEKRecipientInfo) recipient types */
- #if !defined(NO_AES) && defined(HAVE_AESGCM)
- #if !defined(NO_SHA) && defined(WOLFSSL_AES_128)
- ADD_PKCS7_TEST_VEC(
- {data, (word32)sizeof(data), DATA, AES128GCMb, AES128_WRAP, 0,
- NULL, 0, NULL, 0, NULL, 0, NULL, 0, NULL, 0, 0, 0,
- (byte *)secretKey, sizeof(secretKey), (byte *)secretKeyId, sizeof(secretKeyId),
- NULL, NULL, 0, NULL, 0, 0, NULL, 0, NULL, 0, 0, 0, 0, 0, 0, 0, 0,
- "pkcs7authEnvelopedDataAES128GCM_KEKRI.der"});
- #endif
- #endif
- /* pwri (PasswordRecipientInfo) recipient types */
- #if !defined(NO_PWDBASED) && !defined(NO_AES) && defined(HAVE_AESGCM)
- #if !defined(NO_SHA) && defined(WOLFSSL_AES_128)
- ADD_PKCS7_TEST_VEC(
- {data, (word32)sizeof(data), DATA, AES128GCMb, 0, 0,
- NULL, 0, NULL, 0, NULL, 0, NULL, 0, NULL, 0, 0, 0, NULL, 0,
- NULL, 0, NULL, NULL, 0, NULL, 0, 0, (char *)password,
- (word32)XSTRLEN(password), (byte *)salt, sizeof(salt), PBKDF2_OID, WC_SHA, 5,
- AES128CBCb, 0, 0, 0, "pkcs7authEnvelopedDataAES128GCM_PWRI.der"});
- #endif
- #endif
- #if !defined(NO_AES) && defined(HAVE_AESGCM)
- #ifdef WOLFSSL_AES_128
- /* ori (OtherRecipientInfo) recipient types */
- ADD_PKCS7_TEST_VEC(
- {data, (word32)sizeof(data), DATA, AES128GCMb, 0, 0, NULL, 0, NULL, 0,
- NULL, 0, NULL, 0, NULL, 0, 0, 0, NULL, 0, NULL, 0, NULL, NULL, 0,
- NULL, 0, 0, NULL, 0, NULL, 0, 0, 0, 0, 0, 0, 1, 0,
- "pkcs7authEnvelopedDataAES128GCM_ORI.der"});
- #endif
- #endif
- }
- enveloped = (byte *)XMALLOC(PKCS7_BUF_SIZE, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- decoded = (byte *)XMALLOC(PKCS7_BUF_SIZE, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- if ((! enveloped) || (! decoded)) {
- ERROR_OUT(-12210, out);
- }
- /* generate senderNonce */
- {
- #ifndef HAVE_FIPS
- ret = wc_InitRng_ex(&rng, HEAP_HINT, devId);
- #else
- ret = wc_InitRng(&rng);
- #endif
- if (ret != 0) {
- ERROR_OUT(-12211, out);
- }
- senderNonce[0] = 0x04;
- senderNonce[1] = PKCS7_NONCE_SZ;
- ret = wc_RNG_GenerateBlock(&rng, &senderNonce[2], PKCS7_NONCE_SZ);
- if (ret != 0) {
- wc_FreeRng(&rng);
- ERROR_OUT(-12212, out);
- }
- }
- for (i = 0; i < testSz; i++) {
- pkcs7 = wc_PKCS7_New(HEAP_HINT,
- #ifdef WOLFSSL_ASYNC_CRYPT
- INVALID_DEVID /* async PKCS7 is not supported */
- #else
- devId
- #endif
- );
- if (pkcs7 == NULL) {
- ERROR_OUT(-12213, out);
- }
- if (testVectors[i].secretKey != NULL) {
- /* KEKRI recipient type */
- ret = wc_PKCS7_Init(pkcs7, pkcs7->heap, pkcs7->devId);
- if (ret != 0) {
- ERROR_OUT(-12214, out);
- }
- pkcs7->content = (byte*)testVectors[i].content;
- pkcs7->contentSz = testVectors[i].contentSz;
- pkcs7->contentOID = testVectors[i].contentOID;
- pkcs7->encryptOID = testVectors[i].encryptOID;
- pkcs7->ukm = testVectors[i].optionalUkm;
- pkcs7->ukmSz = testVectors[i].optionalUkmSz;
- pkcs7->authAttribs = testVectors[i].authAttribs;
- pkcs7->authAttribsSz = testVectors[i].authAttribsSz;
- pkcs7->unauthAttribs = testVectors[i].unauthAttribs;
- pkcs7->unauthAttribsSz = testVectors[i].unauthAttribsSz;
- ret = wc_PKCS7_AddRecipient_KEKRI(pkcs7, testVectors[i].keyWrapOID,
- testVectors[i].secretKey, testVectors[i].secretKeySz,
- testVectors[i].secretKeyId, testVectors[i].secretKeyIdSz,
- testVectors[i].timePtr, testVectors[i].otherAttrOID,
- testVectors[i].otherAttrOIDSz, testVectors[i].otherAttr,
- testVectors[i].otherAttrSz, testVectors[i].kekriOptions);
- if (ret < 0) {
- wc_PKCS7_Free(pkcs7);
- ERROR_OUT(-12215, out);
- }
- /* set key, for decryption */
- ret = wc_PKCS7_SetKey(pkcs7, testVectors[i].secretKey,
- testVectors[i].secretKeySz);
- if (ret != 0) {
- wc_PKCS7_Free(pkcs7);
- ERROR_OUT(-12216, out);
- }
- } else if (testVectors[i].password != NULL) {
- #ifndef NO_PWDBASED
- /* PWRI recipient type */
- ret = wc_PKCS7_Init(pkcs7, pkcs7->heap, pkcs7->devId);
- if (ret != 0) {
- ERROR_OUT(-12217, out);
- }
- pkcs7->content = (byte*)testVectors[i].content;
- pkcs7->contentSz = testVectors[i].contentSz;
- pkcs7->contentOID = testVectors[i].contentOID;
- pkcs7->encryptOID = testVectors[i].encryptOID;
- pkcs7->ukm = testVectors[i].optionalUkm;
- pkcs7->ukmSz = testVectors[i].optionalUkmSz;
- pkcs7->authAttribs = testVectors[i].authAttribs;
- pkcs7->authAttribsSz = testVectors[i].authAttribsSz;
- pkcs7->unauthAttribs = testVectors[i].unauthAttribs;
- pkcs7->unauthAttribsSz = testVectors[i].unauthAttribsSz;
- ret = wc_PKCS7_AddRecipient_PWRI(pkcs7,
- (byte*)testVectors[i].password,
- testVectors[i].passwordSz, testVectors[i].salt,
- testVectors[i].saltSz, testVectors[i].kdfOID,
- testVectors[i].hashOID, testVectors[i].kdfIterations,
- testVectors[i].kekEncryptOID, testVectors[i].pwriOptions);
- if (ret < 0) {
- wc_PKCS7_Free(pkcs7);
- ERROR_OUT(-12218, out);
- }
- /* set password, for decryption */
- ret = wc_PKCS7_SetPassword(pkcs7, (byte*)testVectors[i].password,
- testVectors[i].passwordSz);
- if (ret < 0) {
- wc_PKCS7_Free(pkcs7);
- ERROR_OUT(-12219, out);
- }
- #endif /* NO_PWDBASED */
- } else if (testVectors[i].isOri == 1) {
- /* ORI recipient type */
- ret = wc_PKCS7_Init(pkcs7, pkcs7->heap, pkcs7->devId);
- if (ret != 0) {
- ERROR_OUT(-12220, out);
- }
- pkcs7->content = (byte*)testVectors[i].content;
- pkcs7->contentSz = testVectors[i].contentSz;
- pkcs7->contentOID = testVectors[i].contentOID;
- pkcs7->encryptOID = testVectors[i].encryptOID;
- pkcs7->authAttribs = testVectors[i].authAttribs;
- pkcs7->authAttribsSz = testVectors[i].authAttribsSz;
- pkcs7->unauthAttribs = testVectors[i].unauthAttribs;
- pkcs7->unauthAttribsSz = testVectors[i].unauthAttribsSz;
- ret = wc_PKCS7_AddRecipient_ORI(pkcs7, myOriEncryptCb,
- testVectors[i].oriOptions);
- if (ret < 0) {
- wc_PKCS7_Free(pkcs7);
- ERROR_OUT(-12221, out);
- }
- /* set decrypt callback for decryption */
- ret = wc_PKCS7_SetOriDecryptCb(pkcs7, myOriDecryptCb);
- if (ret < 0) {
- wc_PKCS7_Free(pkcs7);
- ERROR_OUT(-12222, out);
- }
- } else {
- /* KTRI or KARI recipient types */
- ret = wc_PKCS7_InitWithCert(pkcs7, testVectors[i].cert,
- (word32)testVectors[i].certSz);
- if (ret != 0) {
- wc_PKCS7_Free(pkcs7);
- ERROR_OUT(-12223, out);
- }
- pkcs7->keyWrapOID = testVectors[i].keyWrapOID;
- pkcs7->keyAgreeOID = testVectors[i].keyAgreeOID;
- pkcs7->privateKey = testVectors[i].privateKey;
- pkcs7->privateKeySz = testVectors[i].privateKeySz;
- pkcs7->content = (byte*)testVectors[i].content;
- pkcs7->contentSz = testVectors[i].contentSz;
- pkcs7->contentOID = testVectors[i].contentOID;
- pkcs7->encryptOID = testVectors[i].encryptOID;
- pkcs7->ukm = testVectors[i].optionalUkm;
- pkcs7->ukmSz = testVectors[i].optionalUkmSz;
- pkcs7->authAttribs = testVectors[i].authAttribs;
- pkcs7->authAttribsSz = testVectors[i].authAttribsSz;
- pkcs7->unauthAttribs = testVectors[i].unauthAttribs;
- pkcs7->unauthAttribsSz = testVectors[i].unauthAttribsSz;
- /* set SubjectIdentifier type for KTRI types */
- if (testVectors[i].ktriOptions & CMS_SKID) {
- ret = wc_PKCS7_SetSignerIdentifierType(pkcs7, CMS_SKID);
- if (ret != 0) {
- wc_PKCS7_Free(pkcs7);
- ERROR_OUT(-12224, out);
- }
- } else if (testVectors[i].ktriOptions &
- CMS_ISSUER_AND_SERIAL_NUMBER) {
- ret = wc_PKCS7_SetSignerIdentifierType(pkcs7,
- CMS_ISSUER_AND_SERIAL_NUMBER);
- if (ret != 0) {
- wc_PKCS7_Free(pkcs7);
- ERROR_OUT(-12225, out);
- }
- }
- }
- #ifdef ECC_TIMING_RESISTANT
- pkcs7->rng = &rng;
- #endif
- /* encode envelopedData */
- envelopedSz = wc_PKCS7_EncodeAuthEnvelopedData(pkcs7, enveloped,
- PKCS7_BUF_SIZE);
- if (envelopedSz <= 0) {
- wc_PKCS7_Free(pkcs7);
- ERROR_OUT(-12226, out);
- }
- #ifndef NO_PKCS7_STREAM
- { /* test reading byte by byte */
- int z;
- for (z = 0; z < envelopedSz; z++) {
- decodedSz = wc_PKCS7_DecodeAuthEnvelopedData(pkcs7,
- enveloped + z, 1, decoded, PKCS7_BUF_SIZE);
- if (decodedSz <= 0 && decodedSz != WC_PKCS7_WANT_READ_E) {
- printf("unexpected error %d\n", decodedSz);
- ERROR_OUT(-12227, out);
- }
- }
- /* test decode result */
- if (XMEMCMP(decoded, data, sizeof(data)) != 0) {
- printf("stream read compare failed\n");
- wc_PKCS7_Free(pkcs7);
- ERROR_OUT(-12228, out);
- }
- }
- #endif
- /* decode envelopedData */
- decodedSz = wc_PKCS7_DecodeAuthEnvelopedData(pkcs7, enveloped,
- envelopedSz, decoded,
- PKCS7_BUF_SIZE);
- if (decodedSz <= 0) {
- wc_PKCS7_Free(pkcs7);
- ERROR_OUT(-12229, out);
- }
- /* test decode result */
- if (XMEMCMP(decoded, data, sizeof(data)) != 0){
- wc_PKCS7_Free(pkcs7);
- ERROR_OUT(-12230, out);
- }
- #ifdef PKCS7_OUTPUT_TEST_BUNDLES
- /* output pkcs7 envelopedData for external testing */
- pkcs7File = XFOPEN(testVectors[i].outFileName, "wb");
- if (!pkcs7File) {
- wc_PKCS7_Free(pkcs7);
- ERROR_OUT(-12231, out);
- }
- ret = (int)XFWRITE(enveloped, 1, envelopedSz, pkcs7File);
- XFCLOSE(pkcs7File);
- if (ret != envelopedSz) {
- wc_PKCS7_Free(pkcs7);
- ERROR_OUT(-12232, out);
- } else {
- /* reset ret to 0 for success */
- ret = 0;
- }
- #endif /* PKCS7_OUTPUT_TEST_BUNDLES */
- wc_PKCS7_Free(pkcs7);
- pkcs7 = NULL;
- }
- wc_FreeRng(&rng);
- #if !defined(HAVE_ECC) || defined(NO_AES)
- (void)eccCert;
- (void)eccCertSz;
- (void)eccPrivKey;
- (void)eccPrivKeySz;
- (void)secretKey;
- (void)secretKeyId;
- #endif
- #ifdef NO_RSA
- (void)rsaCert;
- (void)rsaCertSz;
- (void)rsaPrivKey;
- (void)rsaPrivKeySz;
- #endif
- out:
- if (testVectors)
- XFREE(testVectors, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- if (enveloped)
- XFREE(enveloped, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- if (decoded)
- XFREE(decoded, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- return ret;
- }
- WOLFSSL_TEST_SUBROUTINE int pkcs7authenveloped_test(void)
- {
- int ret = 0;
- byte* rsaCert = NULL;
- byte* rsaPrivKey = NULL;
- word32 rsaCertSz = 0;
- word32 rsaPrivKeySz = 0;
- byte* eccCert = NULL;
- byte* eccPrivKey = NULL;
- word32 eccCertSz = 0;
- word32 eccPrivKeySz = 0;
- #ifndef NO_RSA
- /* read client RSA cert and key in DER format */
- rsaCert = (byte*)XMALLOC(FOURK_BUF, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- if (rsaCert == NULL)
- return -12300;
- rsaPrivKey = (byte*)XMALLOC(FOURK_BUF, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- if (rsaPrivKey == NULL) {
- XFREE(rsaCert, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- return -12301;
- }
- rsaCertSz = FOURK_BUF;
- rsaPrivKeySz = FOURK_BUF;
- #endif /* NO_RSA */
- #ifdef HAVE_ECC
- /* read client ECC cert and key in DER format */
- eccCert = (byte*)XMALLOC(FOURK_BUF, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- if (eccCert == NULL) {
- #ifndef NO_RSA
- XFREE(rsaCert, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- XFREE(rsaPrivKey, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- #endif
- return -12302;
- }
- eccPrivKey =(byte*)XMALLOC(FOURK_BUF, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- if (eccPrivKey == NULL) {
- #ifndef NO_RSA
- XFREE(rsaCert, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- XFREE(rsaPrivKey, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- #endif
- XFREE(eccCert, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- return -12303;
- }
- eccCertSz = FOURK_BUF;
- eccPrivKeySz = FOURK_BUF;
- #endif /* HAVE_ECC */
- ret = pkcs7_load_certs_keys(rsaCert, &rsaCertSz, rsaPrivKey,
- &rsaPrivKeySz, NULL, NULL, NULL, NULL,
- NULL, NULL, NULL, NULL, eccCert, &eccCertSz,
- eccPrivKey, &eccPrivKeySz);
- if (ret < 0) {
- #ifndef NO_RSA
- XFREE(rsaCert, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- XFREE(rsaPrivKey, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- #endif
- #ifdef HAVE_ECC
- XFREE(eccCert, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- XFREE(eccPrivKey, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- #endif
- return -12304;
- }
- ret = pkcs7authenveloped_run_vectors(rsaCert, (word32)rsaCertSz,
- rsaPrivKey, (word32)rsaPrivKeySz,
- eccCert, (word32)eccCertSz,
- eccPrivKey, (word32)eccPrivKeySz);
- #ifndef NO_RSA
- XFREE(rsaCert, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- XFREE(rsaPrivKey, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- #endif
- #ifdef HAVE_ECC
- XFREE(eccCert, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- XFREE(eccPrivKey, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- #endif
- return ret;
- }
- #endif /* HAVE_AESGCM || HAVE_AESCCM */
- #ifndef NO_AES
- static const byte p7DefKey[] = {
- 0x01,0x02,0x03,0x04,0x05,0x06,0x07,0x08,
- 0x01,0x02,0x03,0x04,0x05,0x06,0x07,0x08,
- 0x01,0x02,0x03,0x04,0x05,0x06,0x07,0x08,
- 0x01,0x02,0x03,0x04,0x05,0x06,0x07,0x08
- };
- static const byte p7AltKey[] = {
- 0x01,0x02,0x03,0x04,0x05,0x06,0x07,0x08,
- 0x01,0x02,0x03,0x04,0x05,0x06,0x07,0x08
- };
- static int myCEKwrapFunc(PKCS7* pkcs7, byte* cek, word32 cekSz, byte* keyId,
- word32 keyIdSz, byte* orginKey, word32 orginKeySz,
- byte* out, word32 outSz, int keyWrapAlgo, int type, int direction)
- {
- int ret;
- if (cek == NULL || out == NULL)
- return BAD_FUNC_ARG;
- /* test case sanity checks */
- if (keyIdSz != 1) {
- return -12310;
- }
- if (keyId[0] != 0x00) {
- return -12311;
- }
- if (type != (int)PKCS7_KEKRI) {
- return -12312;
- }
- switch (keyWrapAlgo) {
- case AES256_WRAP:
- ret = wc_AesKeyUnWrap(p7DefKey, sizeof(p7DefKey), cek, cekSz,
- out, outSz, NULL);
- if (ret <= 0)
- return ret;
- break;
- default:
- WOLFSSL_MSG("Unsupported key wrap algorithm in example");
- return BAD_KEYWRAP_ALG_E;
- };
- (void)pkcs7;
- (void)direction;
- (void)orginKey; /* used with KAKRI */
- (void)orginKeySz;
- return ret;
- }
- /* returns key size on success */
- static int getFirmwareKey(PKCS7* pkcs7, byte* key, word32 keySz)
- {
- int ret;
- word32 atrSz;
- byte atr[256];
- /* Additionally can look for fwWrappedFirmwareKey
- * 1.2.840.113529.1.9.16.1.16 */
- const unsigned char fwWrappedFirmwareKey[] = {
- /* 0x06, 0x0B */
- 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D,
- 0x01, 0x09, 0x10, 0x02, 0x27
- };
- /* find keyID in fwWrappedFirmwareKey */
- ret = wc_PKCS7_GetAttributeValue(pkcs7, fwWrappedFirmwareKey,
- sizeof(fwWrappedFirmwareKey), NULL, &atrSz);
- if (ret == LENGTH_ONLY_E) {
- XMEMSET(atr, 0, sizeof(atr));
- ret = wc_PKCS7_GetAttributeValue(pkcs7, fwWrappedFirmwareKey,
- sizeof(fwWrappedFirmwareKey), atr, &atrSz);
- /* keyIdRaw[0] OCTET TAG */
- /* keyIdRaw[1] Length */
- if (ret > 0) {
- PKCS7* envPkcs7;
- envPkcs7 = wc_PKCS7_New(NULL, 0);
- if (envPkcs7 == NULL) {
- return MEMORY_E;
- }
- wc_PKCS7_Init(envPkcs7, NULL, 0);
- ret = wc_PKCS7_SetWrapCEKCb(envPkcs7, myCEKwrapFunc);
- if (ret == 0) {
- /* expecting FIRMWARE_PKG_DATA content */
- envPkcs7->contentOID = FIRMWARE_PKG_DATA;
- ret = wc_PKCS7_DecodeEnvelopedData(envPkcs7, atr, atrSz,
- key, keySz);
- }
- wc_PKCS7_Free(envPkcs7);
- }
- }
- return ret;
- }
- /* create a KEKRI enveloped data
- * return size on success */
- static int envelopedData_encrypt(byte* in, word32 inSz, byte* out,
- word32 outSz)
- {
- int ret;
- PKCS7* pkcs7;
- WOLFSSL_SMALL_STACK_STATIC const byte keyId[] = { 0x00 };
- pkcs7 = wc_PKCS7_New(NULL, INVALID_DEVID);
- if (pkcs7 == NULL)
- return -12330;
- pkcs7->content = in;
- pkcs7->contentSz = inSz;
- pkcs7->contentOID = FIRMWARE_PKG_DATA;
- pkcs7->encryptOID = AES256CBCb;
- pkcs7->ukm = NULL;
- pkcs7->ukmSz = 0;
- /* add recipient (KEKRI type) */
- ret = wc_PKCS7_AddRecipient_KEKRI(pkcs7, AES256_WRAP, (byte*)p7DefKey,
- sizeof(p7DefKey), (byte*)keyId,
- sizeof(keyId), NULL, NULL, 0, NULL, 0, 0);
- if (ret < 0) {
- printf("wc_PKCS7_AddRecipient_KEKRI() failed, ret = %d\n", ret);
- wc_PKCS7_Free(pkcs7);
- return -12331;
- }
- /* encode envelopedData, returns size */
- ret = wc_PKCS7_EncodeEnvelopedData(pkcs7, out, outSz);
- if (ret <= 0) {
- printf("wc_PKCS7_EncodeEnvelopedData() failed, ret = %d\n", ret);
- wc_PKCS7_Free(pkcs7);
- return -12332;
- }
- wc_PKCS7_Free(pkcs7);
- return ret;
- }
- /*
- * keyHint is the KeyID to be set in the fwDecryptKeyID attribute
- * returns size of buffer output on success
- */
- static int generateBundle(byte* out, word32 *outSz, const byte* encryptKey,
- word32 encryptKeySz, byte keyHint, byte* cert, word32 certSz,
- byte* key, word32 keySz)
- {
- int ret, attribNum = 1;
- PKCS7* pkcs7;
- /* KEY ID
- * fwDecryptKeyID OID 1.2.840.113549.1.9.16.2.37
- */
- const unsigned char fwDecryptKeyID[] = {
- 0x06, 0x0B,
- 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D,
- 0x01, 0x09, 0x10, 0x02, 0x25
- };
- /* fwWrappedFirmwareKey 1.2.840.113529.1.9.16.1.16 */
- const unsigned char fwWrappedFirmwareKey[] = {
- 0x06, 0x0B, 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D,
- 0x01, 0x09, 0x10, 0x02, 0x27
- };
- byte keyID[] = { 0x04, 0x01, 0x00 };
- byte env[256];
- char data[] = "Test of wolfSSL PKCS7 decrypt callback";
- PKCS7Attrib attribs[] =
- {
- { fwDecryptKeyID, sizeof(fwDecryptKeyID), keyID, sizeof(keyID) },
- { fwWrappedFirmwareKey, sizeof(fwWrappedFirmwareKey), env, 0 }
- };
- keyID[2] = keyHint;
- /* If using keyHint 0 then create a bundle with fwWrappedFirmwareKey */
- if (keyHint == 0) {
- ret = envelopedData_encrypt((byte*)p7DefKey, sizeof(p7DefKey), env,
- sizeof(env));
- if (ret <= 0) {
- return ret;
- }
- attribs[1].valueSz = ret;
- attribNum++;
- }
- /* init PKCS7 */
- pkcs7 = wc_PKCS7_New(NULL, INVALID_DEVID);
- if (pkcs7 == NULL)
- return -12340;
- ret = wc_PKCS7_InitWithCert(pkcs7, cert, certSz);
- if (ret != 0) {
- printf("ERROR: wc_PKCS7_InitWithCert() failed, ret = %d\n", ret);
- wc_PKCS7_Free(pkcs7);
- return -12341;
- }
- ret = wc_PKCS7_SetSignerIdentifierType(pkcs7, CMS_SKID);
- if (ret != 0) {
- wc_PKCS7_Free(pkcs7);
- return -12342;
- }
- /* encode Signed Encrypted FirmwarePkgData */
- if (encryptKeySz == 16) {
- ret = wc_PKCS7_EncodeSignedEncryptedFPD(pkcs7, (byte*)encryptKey,
- encryptKeySz, key, keySz, AES128CBCb, RSAk, SHA256h,
- (byte*)data, sizeof(data), NULL, 0,
- attribs, attribNum, out, *outSz);
- }
- else {
- ret = wc_PKCS7_EncodeSignedEncryptedFPD(pkcs7, (byte*)encryptKey,
- encryptKeySz, key, keySz, AES256CBCb, RSAk, SHA256h,
- (byte*)data, sizeof(data), NULL, 0,
- attribs, attribNum, out, *outSz);
- }
- if (ret <= 0) {
- printf("ERROR: wc_PKCS7_EncodeSignedEncryptedFPD() failed, "
- "ret = %d\n", ret);
- wc_PKCS7_Free(pkcs7);
- return -12343;
- } else {
- *outSz = ret;
- }
- wc_PKCS7_Free(pkcs7);
- return ret;
- }
- /* test verification and decryption of PKCS7 bundle
- * return 0 on success
- */
- static int verifyBundle(byte* derBuf, word32 derSz, int keyHint)
- {
- int ret = 0;
- int usrCtx = 1; /* test value to pass as user context to callback */
- PKCS7* pkcs7;
- byte* sid;
- word32 sidSz;
- byte key[256];
- word32 keySz = sizeof(key);
- byte decoded[FOURK_BUF/2];
- int decodedSz = FOURK_BUF/2;
- WOLFSSL_SMALL_STACK_STATIC const byte expectedSid[] = {
- 0x33, 0xD8, 0x45, 0x66, 0xD7, 0x68, 0x87, 0x18,
- 0x7E, 0x54, 0x0D, 0x70, 0x27, 0x91, 0xC7, 0x26,
- 0xD7, 0x85, 0x65, 0xC0
- };
- pkcs7 = wc_PKCS7_New(HEAP_HINT, INVALID_DEVID);
- if (pkcs7 == NULL) {
- return MEMORY_E;
- }
- /* Test verify */
- ret = wc_PKCS7_Init(pkcs7, HEAP_HINT, INVALID_DEVID);
- if (ret != 0) {
- wc_PKCS7_Free(pkcs7);
- return ret;
- }
- ret = wc_PKCS7_InitWithCert(pkcs7, NULL, 0);
- if (ret != 0) {
- wc_PKCS7_Free(pkcs7);
- return ret;
- }
- ret = wc_PKCS7_VerifySignedData(pkcs7, derBuf, derSz);
- if (ret != 0) {
- wc_PKCS7_Free(pkcs7);
- return ret;
- }
- /* Get size of SID and print it out */
- ret = wc_PKCS7_GetSignerSID(pkcs7, NULL, &sidSz);
- if (ret != LENGTH_ONLY_E) {
- wc_PKCS7_Free(pkcs7);
- return ret;
- }
- sid = (byte*)XMALLOC(sidSz, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- if (sid == NULL) {
- wc_PKCS7_Free(pkcs7);
- return ret;
- }
- ret = wc_PKCS7_GetSignerSID(pkcs7, sid, &sidSz);
- if (ret != 0) {
- wc_PKCS7_Free(pkcs7);
- XFREE(sid, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- return ret;
- }
- ret = XMEMCMP(sid, expectedSid, sidSz);
- XFREE(sid, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- if (ret != 0) {
- wc_PKCS7_Free(pkcs7);
- return ret;
- }
- /* get expected fwWrappedFirmwareKey */
- if (keyHint == 0) {
- ret = getFirmwareKey(pkcs7, key, keySz);
- if (ret < 0) {
- wc_PKCS7_Free(pkcs7);
- return ret;
- }
- pkcs7->encryptionKey = key;
- pkcs7->encryptionKeySz = ret;
- }
- else {
- decodedSz = PKCS7_BUF_SIZE;
- ret = wc_PKCS7_SetDecodeEncryptedCb(pkcs7, myDecryptionFunc);
- if (ret != 0) {
- wc_PKCS7_Free(pkcs7);
- return ret;
- }
- ret = wc_PKCS7_SetDecodeEncryptedCtx(pkcs7, (void*)&usrCtx);
- if (ret != 0) {
- wc_PKCS7_Free(pkcs7);
- return ret;
- }
- }
- decodedSz = wc_PKCS7_DecodeEncryptedData(pkcs7, pkcs7->content,
- pkcs7->contentSz, decoded, decodedSz);
- if (decodedSz < 0) {
- ret = decodedSz;
- wc_PKCS7_Free(pkcs7);
- return ret;
- }
- wc_PKCS7_Free(pkcs7);
- return 0;
- }
- WOLFSSL_TEST_SUBROUTINE int pkcs7callback_test(byte* cert, word32 certSz, byte* key, word32 keySz)
- {
- int ret = 0;
- word32 derSz;
- byte *derBuf = (byte *)XMALLOC(FOURK_BUF, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- if (! derBuf)
- ERROR_OUT(-12360, out);
- /* Doing default generation and verify */
- derSz = FOURK_BUF;
- ret = generateBundle(derBuf, &derSz, p7DefKey, sizeof(p7DefKey), 0, cert,
- certSz, key, keySz);
- if (ret <= 0) {
- ERROR_OUT(-12361, out);
- }
- ret = verifyBundle(derBuf, derSz, 0);
- if (ret != 0) {
- ERROR_OUT(-12362, out);
- }
- /* test choosing other key with keyID */
- derSz = FOURK_BUF;
- ret = generateBundle(derBuf, &derSz, p7AltKey, sizeof(p7AltKey), 1,
- cert, certSz, key, keySz);
- if (ret <= 0) {
- ERROR_OUT(-12363, out);
- }
- ret = verifyBundle(derBuf, derSz, 1);
- if (ret != 0) {
- ERROR_OUT(-12364, out);
- }
- /* test fail case with wrong keyID */
- derSz = FOURK_BUF;
- ret = generateBundle(derBuf, &derSz, p7DefKey, sizeof(p7DefKey), 1,
- cert, certSz, key, keySz);
- if (ret <= 0) {
- ERROR_OUT(-12365, out);
- }
- ret = verifyBundle(derBuf, derSz, 1);
- if (ret == 0) {
- ERROR_OUT(-12366, out);
- }
- ret = 0;
- out:
- if (derBuf)
- XFREE(derBuf, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- return ret;
- }
- #endif /* NO_AES */
- #ifndef NO_PKCS7_ENCRYPTED_DATA
- typedef struct {
- const byte* content;
- word32 contentSz;
- int contentOID;
- int encryptOID;
- byte* encryptionKey;
- word32 encryptionKeySz;
- PKCS7Attrib* attribs;
- word32 attribsSz;
- const char* outFileName;
- } pkcs7EncryptedVector;
- WOLFSSL_TEST_SUBROUTINE int pkcs7encrypted_test(void)
- {
- int ret = 0;
- int i, testSz;
- int encryptedSz, decodedSz, attribIdx;
- PKCS7* pkcs7;
- byte *encrypted;
- byte *decoded;
- #ifdef PKCS7_OUTPUT_TEST_BUNDLES
- XFILE pkcs7File;
- #endif
- PKCS7Attrib* expectedAttrib;
- PKCS7DecodedAttrib* decodedAttrib;
- WOLFSSL_SMALL_STACK_STATIC const byte data[] = { /* Hello World */
- 0x48,0x65,0x6c,0x6c,0x6f,0x20,0x57,0x6f,
- 0x72,0x6c,0x64
- };
- #ifndef NO_DES3
- byte desKey[] = {
- 0x01,0x23,0x45,0x67,0x89,0xab,0xcd,0xef
- };
- byte des3Key[] = {
- 0x01,0x23,0x45,0x67,0x89,0xab,0xcd,0xef,
- 0xfe,0xde,0xba,0x98,0x76,0x54,0x32,0x10,
- 0x89,0xab,0xcd,0xef,0x01,0x23,0x45,0x67
- };
- #endif
- #ifndef NO_AES
- #ifdef WOLFSSL_AES_128
- byte aes128Key[] = {
- 0x01,0x02,0x03,0x04,0x05,0x06,0x07,0x08,
- 0x01,0x02,0x03,0x04,0x05,0x06,0x07,0x08
- };
- #endif
- #ifdef WOLFSSL_AES_192
- byte aes192Key[] = {
- 0x01,0x02,0x03,0x04,0x05,0x06,0x07,0x08,
- 0x01,0x02,0x03,0x04,0x05,0x06,0x07,0x08,
- 0x01,0x02,0x03,0x04,0x05,0x06,0x07,0x08
- };
- #endif
- #ifdef WOLFSSL_AES_256
- byte aes256Key[] = {
- 0x01,0x02,0x03,0x04,0x05,0x06,0x07,0x08,
- 0x01,0x02,0x03,0x04,0x05,0x06,0x07,0x08,
- 0x01,0x02,0x03,0x04,0x05,0x06,0x07,0x08,
- 0x01,0x02,0x03,0x04,0x05,0x06,0x07,0x08
- };
- #endif
- #ifdef WOLFSSL_AES_256
- /* Attribute example from RFC 4134, Section 7.2
- * OID = 1.2.5555
- * OCTET STRING = 'This is a test General ASN Attribute, number 1.' */
- static byte genAttrOid[] = { 0x06, 0x03, 0x2a, 0xab, 0x33 };
- static byte genAttr[] = { 0x04, 47,
- 0x54, 0x68, 0x69, 0x73, 0x20, 0x69, 0x73, 0x20,
- 0x61, 0x20, 0x74, 0x65, 0x73, 0x74, 0x20, 0x47,
- 0x65, 0x6e, 0x65, 0x72, 0x61, 0x6c, 0x20, 0x41,
- 0x53, 0x4e, 0x20, 0x41, 0x74, 0x74, 0x72, 0x69,
- 0x62, 0x75, 0x74, 0x65, 0x2c, 0x20, 0x6e, 0x75,
- 0x6d, 0x62, 0x65, 0x72, 0x20, 0x31, 0x2e };
- static byte genAttrOid2[] = { 0x06, 0x03, 0x2a, 0xab, 0x34 };
- static byte genAttr2[] = { 0x04, 47,
- 0x54, 0x68, 0x69, 0x73, 0x20, 0x69, 0x73, 0x20,
- 0x61, 0x20, 0x74, 0x65, 0x73, 0x74, 0x20, 0x47,
- 0x65, 0x6e, 0x65, 0x72, 0x61, 0x6c, 0x20, 0x41,
- 0x53, 0x4e, 0x20, 0x41, 0x74, 0x74, 0x72, 0x69,
- 0x62, 0x75, 0x74, 0x65, 0x2c, 0x20, 0x6e, 0x75,
- 0x6d, 0x62, 0x65, 0x72, 0x20, 0x32, 0x2e };
- PKCS7Attrib attribs[] =
- {
- { genAttrOid, sizeof(genAttrOid), genAttr, sizeof(genAttr) }
- };
- PKCS7Attrib multiAttribs[] =
- {
- { genAttrOid, sizeof(genAttrOid), genAttr, sizeof(genAttr) },
- { genAttrOid2, sizeof(genAttrOid2), genAttr2, sizeof(genAttr2) }
- };
- #endif
- #endif /* NO_AES */
- const pkcs7EncryptedVector testVectors[] =
- {
- #ifndef NO_DES3
- {data, (word32)sizeof(data), DATA, DES3b, des3Key, sizeof(des3Key),
- NULL, 0, "pkcs7encryptedDataDES3.der"},
- {data, (word32)sizeof(data), DATA, DESb, desKey, sizeof(desKey),
- NULL, 0, "pkcs7encryptedDataDES.der"},
- #endif /* NO_DES3 */
- #ifndef NO_AES
- #ifdef WOLFSSL_AES_128
- {data, (word32)sizeof(data), DATA, AES128CBCb, aes128Key,
- sizeof(aes128Key), NULL, 0, "pkcs7encryptedDataAES128CBC.der"},
- #endif
- #ifdef WOLFSSL_AES_192
- {data, (word32)sizeof(data), DATA, AES192CBCb, aes192Key,
- sizeof(aes192Key), NULL, 0, "pkcs7encryptedDataAES192CBC.der"},
- #endif
- #ifdef WOLFSSL_AES_256
- {data, (word32)sizeof(data), DATA, AES256CBCb, aes256Key,
- sizeof(aes256Key), NULL, 0, "pkcs7encryptedDataAES256CBC.der"},
- /* test with optional unprotected attributes */
- {data, (word32)sizeof(data), DATA, AES256CBCb, aes256Key,
- sizeof(aes256Key), attribs, (sizeof(attribs)/sizeof(PKCS7Attrib)),
- "pkcs7encryptedDataAES256CBC_attribs.der"},
- /* test with multiple optional unprotected attributes */
- {data, (word32)sizeof(data), DATA, AES256CBCb, aes256Key,
- sizeof(aes256Key), multiAttribs,
- (sizeof(multiAttribs)/sizeof(PKCS7Attrib)),
- "pkcs7encryptedDataAES256CBC_multi_attribs.der"},
- /* test with contentType set to FirmwarePkgData */
- {data, (word32)sizeof(data), FIRMWARE_PKG_DATA, AES256CBCb, aes256Key,
- sizeof(aes256Key), NULL, 0,
- "pkcs7encryptedDataAES256CBC_firmwarePkgData.der"},
- #endif
- #endif /* NO_AES */
- };
- encrypted = (byte *)XMALLOC(PKCS7_BUF_SIZE, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- decoded = (byte *)XMALLOC(PKCS7_BUF_SIZE, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- if ((! encrypted) || (! decoded)) {
- ERROR_OUT(MEMORY_E, out);
- }
- testSz = sizeof(testVectors) / sizeof(pkcs7EncryptedVector);
- for (i = 0; i < testSz; i++) {
- pkcs7 = wc_PKCS7_New(HEAP_HINT, devId);
- if (pkcs7 == NULL) {
- ERROR_OUT(-12400, out);
- }
- pkcs7->content = (byte*)testVectors[i].content;
- pkcs7->contentSz = testVectors[i].contentSz;
- pkcs7->contentOID = testVectors[i].contentOID;
- pkcs7->encryptOID = testVectors[i].encryptOID;
- pkcs7->encryptionKey = testVectors[i].encryptionKey;
- pkcs7->encryptionKeySz = testVectors[i].encryptionKeySz;
- pkcs7->unprotectedAttribs = testVectors[i].attribs;
- pkcs7->unprotectedAttribsSz = testVectors[i].attribsSz;
- /* encode encryptedData */
- encryptedSz = wc_PKCS7_EncodeEncryptedData(pkcs7, encrypted,
- PKCS7_BUF_SIZE);
- if (encryptedSz <= 0) {
- wc_PKCS7_Free(pkcs7);
- ERROR_OUT(-12401, out);
- }
- /* decode encryptedData */
- #ifndef NO_PKCS7_STREAM
- { /* test reading byte by byte */
- int z;
- for (z = 0; z < encryptedSz; z++) {
- decodedSz = wc_PKCS7_DecodeEncryptedData(pkcs7, encrypted + z, 1,
- decoded, PKCS7_BUF_SIZE);
- if (decodedSz <= 0 && decodedSz != WC_PKCS7_WANT_READ_E) {
- printf("unexpected error %d\n", decodedSz);
- ERROR_OUT(-12402, out);
- }
- }
- /* test decode result */
- if (XMEMCMP(decoded, data, sizeof(data)) != 0) {
- printf("stream read failed\n");
- wc_PKCS7_Free(pkcs7);
- ERROR_OUT(-12403, out);
- }
- }
- #endif
- decodedSz = wc_PKCS7_DecodeEncryptedData(pkcs7, encrypted, encryptedSz,
- decoded, PKCS7_BUF_SIZE);
- if (decodedSz <= 0){
- wc_PKCS7_Free(pkcs7);
- ERROR_OUT(-12404, out);
- }
- /* test decode result */
- if (XMEMCMP(decoded, data, sizeof(data)) != 0) {
- wc_PKCS7_Free(pkcs7);
- ERROR_OUT(-12405, out);
- }
- /* verify decoded unprotected attributes */
- if (pkcs7->decodedAttrib != NULL) {
- decodedAttrib = pkcs7->decodedAttrib;
- attribIdx = 1;
- while (decodedAttrib != NULL) {
- /* expected attribute, stored list is reversed */
- expectedAttrib = &(pkcs7->unprotectedAttribs
- [pkcs7->unprotectedAttribsSz - attribIdx]);
- /* verify oid */
- if (XMEMCMP(decodedAttrib->oid, expectedAttrib->oid,
- decodedAttrib->oidSz) != 0) {
- wc_PKCS7_Free(pkcs7);
- ERROR_OUT(-12406, out);
- }
- /* verify value */
- if (XMEMCMP(decodedAttrib->value, expectedAttrib->value,
- decodedAttrib->valueSz) != 0) {
- wc_PKCS7_Free(pkcs7);
- ERROR_OUT(-12407, out);
- }
- decodedAttrib = decodedAttrib->next;
- attribIdx++;
- }
- }
- #ifdef PKCS7_OUTPUT_TEST_BUNDLES
- /* output pkcs7 envelopedData for external testing */
- pkcs7File = XFOPEN(testVectors[i].outFileName, "wb");
- if (!pkcs7File) {
- wc_PKCS7_Free(pkcs7);
- ERROR_OUT(-12408, out);
- }
- ret = (int)XFWRITE(encrypted, encryptedSz, 1, pkcs7File);
- XFCLOSE(pkcs7File);
- if (ret > 0)
- ret = 0;
- #endif
- wc_PKCS7_Free(pkcs7);
- }
- out:
- if (encrypted)
- XFREE(encrypted, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- if (decoded)
- XFREE(decoded, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- return ret;
- }
- #endif /* NO_PKCS7_ENCRYPTED_DATA */
- #if defined(HAVE_LIBZ) && !defined(NO_PKCS7_COMPRESSED_DATA)
- typedef struct {
- const byte* content;
- word32 contentSz;
- int contentOID;
- const char* outFileName;
- } pkcs7CompressedVector;
- WOLFSSL_TEST_SUBROUTINE int pkcs7compressed_test(void)
- {
- int ret = 0;
- int i, testSz;
- int compressedSz, decodedSz;
- PKCS7* pkcs7;
- #ifdef WOLFSSL_SMALL_STACK
- byte *compressed;
- byte *decoded;
- #else
- byte compressed[PKCS7_BUF_SIZE];
- byte decoded[PKCS7_BUF_SIZE];
- #endif
- #ifdef PKCS7_OUTPUT_TEST_BUNDLES
- XFILE pkcs7File;
- #endif
- WOLFSSL_SMALL_STACK_STATIC const byte data[] = { /* Hello World */
- 0x48,0x65,0x6c,0x6c,0x6f,0x20,0x57,0x6f,
- 0x72,0x6c,0x64
- };
- const pkcs7CompressedVector testVectors[] =
- {
- {data, (word32)sizeof(data), DATA,
- "pkcs7compressedData_data_zlib.der"},
- {data, (word32)sizeof(data), FIRMWARE_PKG_DATA,
- "pkcs7compressedData_firmwarePkgData_zlib.der"},
- };
- #ifdef WOLFSSL_SMALL_STACK
- compressed = (byte *)XMALLOC(PKCS7_BUF_SIZE, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- decoded = (byte *)XMALLOC(PKCS7_BUF_SIZE, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- if ((! compressed) || (! decoded)) {
- ERROR_OUT(MEMORY_E, out);
- }
- #endif
- testSz = sizeof(testVectors) / sizeof(pkcs7CompressedVector);
- for (i = 0; i < testSz; i++) {
- pkcs7 = wc_PKCS7_New(HEAP_HINT, devId);
- if (pkcs7 == NULL) {
- ERROR_OUT(-12500, out);
- }
- pkcs7->content = (byte*)testVectors[i].content;
- pkcs7->contentSz = testVectors[i].contentSz;
- pkcs7->contentOID = testVectors[i].contentOID;
- /* encode compressedData */
- compressedSz = wc_PKCS7_EncodeCompressedData(pkcs7, compressed,
- PKCS7_BUF_SIZE);
- if (compressedSz <= 0) {
- wc_PKCS7_Free(pkcs7);
- ERROR_OUT(-12501, out);
- }
- /* decode compressedData */
- decodedSz = wc_PKCS7_DecodeCompressedData(pkcs7, compressed,
- compressedSz, decoded,
- PKCS7_BUF_SIZE);
- if (decodedSz <= 0){
- wc_PKCS7_Free(pkcs7);
- ERROR_OUT(-12502, out);
- }
- /* test decode result */
- if (XMEMCMP(decoded, testVectors[i].content,
- testVectors[i].contentSz) != 0) {
- wc_PKCS7_Free(pkcs7);
- ERROR_OUT(-12503, out);
- }
- /* make sure content type is the same */
- if (testVectors[i].contentOID != pkcs7->contentOID) {
- ERROR_OUT(-12504, out);
- }
- #ifdef PKCS7_OUTPUT_TEST_BUNDLES
- /* output pkcs7 compressedData for external testing */
- pkcs7File = XFOPEN(testVectors[i].outFileName, "wb");
- if (!pkcs7File) {
- wc_PKCS7_Free(pkcs7);
- ERROR_OUT(-12505, out);
- }
- ret = (int)XFWRITE(compressed, compressedSz, 1, pkcs7File);
- XFCLOSE(pkcs7File);
- if (ret > 0)
- ret = 0;
- #endif
- wc_PKCS7_Free(pkcs7);
- }
- out:
- #ifdef WOLFSSL_SMALL_STACK
- if (compressed)
- XFREE(compressed, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- if (decoded)
- XFREE(decoded, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- #endif
- return ret;
- } /* pkcs7compressed_test() */
- #undef PKCS7_BUF_SIZE
- #endif /* HAVE_LIBZ */
- typedef struct {
- const byte* content;
- word32 contentSz;
- int hashOID;
- int signOID;
- byte* privateKey;
- word32 privateKeySz;
- byte* cert;
- size_t certSz;
- byte* caCert;
- size_t caCertSz;
- PKCS7Attrib* signedAttribs;
- word32 signedAttribsSz;
- const char* outFileName;
- int contentOID;
- byte* contentType;
- word32 contentTypeSz;
- int sidType;
- int encryptOID; /* for single-shot encrypt alg OID */
- int encCompFlag; /* for single-shot. 1 = enc, 2 = comp, 3 = both*/
- byte* encryptKey; /* for single-shot, encryptedData */
- word32 encryptKeySz; /* for single-shot, encryptedData */
- PKCS7Attrib* unprotectedAttribs; /* for single-shot, encryptedData */
- word32 unprotectedAttribsSz; /* for single-shot, encryptedData */
- word16 detachedSignature; /* generate detached signature (0:1) */
- } pkcs7SignedVector;
- static int pkcs7signed_run_vectors(
- byte* rsaClientCertBuf, word32 rsaClientCertBufSz,
- byte* rsaClientPrivKeyBuf, word32 rsaClientPrivKeyBufSz,
- byte* rsaServerCertBuf, word32 rsaServerCertBufSz,
- byte* rsaServerPrivKeyBuf, word32 rsaServerPrivKeyBufSz,
- byte* rsaCaCertBuf, word32 rsaCaCertBufSz,
- byte* rsaCaPrivKeyBuf, word32 rsaCaPrivKeyBufSz,
- byte* eccClientCertBuf, word32 eccClientCertBufSz,
- byte* eccClientPrivKeyBuf, word32 eccClientPrivKeyBufSz)
- {
- int ret, testSz, i;
- int encodedSz;
- byte* out;
- word32 outSz;
- WC_RNG rng;
- PKCS7* pkcs7;
- #ifdef PKCS7_OUTPUT_TEST_BUNDLES
- XFILE file;
- #endif
- WOLFSSL_SMALL_STACK_STATIC const byte data[] = { /* Hello World */
- 0x48,0x65,0x6c,0x6c,0x6f,0x20,0x57,0x6f,
- 0x72,0x6c,0x64
- };
- static byte transIdOid[] =
- { 0x06, 0x0a, 0x60, 0x86, 0x48, 0x01, 0x86, 0xF8, 0x45, 0x01,
- 0x09, 0x07 };
- static byte messageTypeOid[] =
- { 0x06, 0x0a, 0x60, 0x86, 0x48, 0x01, 0x86, 0xF8, 0x45, 0x01,
- 0x09, 0x02 };
- static byte senderNonceOid[] =
- { 0x06, 0x0a, 0x60, 0x86, 0x48, 0x01, 0x86, 0xF8, 0x45, 0x01,
- 0x09, 0x05 };
- #ifndef NO_SHA
- static byte transId[(WC_SHA_DIGEST_SIZE + 1) * 2 + 1];
- #else
- static byte transId[(WC_SHA256_DIGEST_SIZE + 1) * 2 + 1];
- #endif
- static byte messageType[] = { 0x13, 2, '1', '9' };
- static byte senderNonce[PKCS7_NONCE_SZ + 2];
- static PKCS7Attrib attribs[] =
- {
- { transIdOid, sizeof(transIdOid), transId,
- sizeof(transId) - 1 }, /* take off the null */
- { messageTypeOid, sizeof(messageTypeOid), messageType,
- sizeof(messageType) },
- { senderNonceOid, sizeof(senderNonceOid), senderNonce,
- sizeof(senderNonce) }
- };
- /* for testing custom contentType, FirmwarePkgData */
- static byte customContentType[] = { 0x06, 0x0B, 0x2A, 0x86,
- 0x48, 0x86, 0xF7, 0x0D,
- 0x01, 0x09, 0x10, 0x01, 0x10 };
- const pkcs7SignedVector testVectors[] =
- {
- #ifndef NO_RSA
- #ifndef NO_SHA
- /* RSA with SHA */
- {data, (word32)sizeof(data), SHAh, RSAk, rsaClientPrivKeyBuf,
- rsaClientPrivKeyBufSz, rsaClientCertBuf, rsaClientCertBufSz, NULL, 0,
- attribs, (sizeof(attribs)/sizeof(PKCS7Attrib)),
- "pkcs7signedData_RSA_SHA.der", 0, NULL, 0, 0, 0, 0, NULL, 0, NULL,
- 0, 0},
- /* RSA with SHA, no signed attributes */
- {data, (word32)sizeof(data), SHAh, RSAk, rsaClientPrivKeyBuf,
- rsaClientPrivKeyBufSz, rsaClientCertBuf, rsaClientCertBufSz,
- NULL, 0, NULL, 0,
- "pkcs7signedData_RSA_SHA_noattr.der", 0, NULL, 0, 0, 0, 0, NULL, 0,
- NULL, 0, 0},
- #endif
- #ifdef WOLFSSL_SHA224
- /* RSA with SHA224 */
- {data, (word32)sizeof(data), SHA224h, RSAk, rsaClientPrivKeyBuf,
- rsaClientPrivKeyBufSz, rsaClientCertBuf, rsaClientCertBufSz, NULL, 0,
- attribs, (sizeof(attribs)/sizeof(PKCS7Attrib)),
- "pkcs7signedData_RSA_SHA224.der", 0, NULL, 0, 0, 0, 0, NULL, 0,
- NULL, 0, 0},
- #endif
- #ifndef NO_SHA256
- /* RSA with SHA256 */
- {data, (word32)sizeof(data), SHA256h, RSAk, rsaClientPrivKeyBuf,
- rsaClientPrivKeyBufSz, rsaClientCertBuf, rsaClientCertBufSz, NULL, 0,
- attribs, (sizeof(attribs)/sizeof(PKCS7Attrib)),
- "pkcs7signedData_RSA_SHA256.der", 0, NULL, 0, 0, 0, 0, NULL, 0,
- NULL, 0, 0},
- /* RSA with SHA256, detached signature */
- {data, (word32)sizeof(data), SHA256h, RSAk, rsaClientPrivKeyBuf,
- rsaClientPrivKeyBufSz, rsaClientCertBuf, rsaClientCertBufSz, NULL, 0,
- attribs, (sizeof(attribs)/sizeof(PKCS7Attrib)),
- "pkcs7signedData_RSA_SHA256_detachedSig.der", 0, NULL, 0, 0, 0, 0,
- NULL, 0, NULL, 0, 1},
- /* RSA with SHA256 and SubjectKeyIdentifier in SignerIdentifier */
- {data, (word32)sizeof(data), SHA256h, RSAk, rsaClientPrivKeyBuf,
- rsaClientPrivKeyBufSz, rsaClientCertBuf, rsaClientCertBufSz, NULL, 0,
- attribs, (sizeof(attribs)/sizeof(PKCS7Attrib)),
- "pkcs7signedData_RSA_SHA256_SKID.der", 0, NULL, 0, CMS_SKID, 0, 0,
- NULL, 0, NULL, 0, 0},
- /* RSA with SHA256 and custom contentType */
- {data, (word32)sizeof(data), SHA256h, RSAk, rsaClientPrivKeyBuf,
- rsaClientPrivKeyBufSz, rsaClientCertBuf, rsaClientCertBufSz, NULL, 0,
- attribs, (sizeof(attribs)/sizeof(PKCS7Attrib)),
- "pkcs7signedData_RSA_SHA256_custom_contentType.der", 0,
- customContentType, sizeof(customContentType), 0, 0, 0, NULL, 0,
- NULL, 0, 0},
- /* RSA with SHA256 and FirmwarePkgData contentType */
- {data, (word32)sizeof(data), SHA256h, RSAk, rsaClientPrivKeyBuf,
- rsaClientPrivKeyBufSz, rsaClientCertBuf, rsaClientCertBufSz, NULL, 0,
- attribs, (sizeof(attribs)/sizeof(PKCS7Attrib)),
- "pkcs7signedData_RSA_SHA256_firmwarePkgData.der",
- FIRMWARE_PKG_DATA, NULL, 0, 0, 0, 0, NULL, 0, NULL, 0, 0},
- /* RSA with SHA256 using server cert and ca cert */
- {data, (word32)sizeof(data), SHA256h, RSAk, rsaServerPrivKeyBuf,
- rsaServerPrivKeyBufSz, rsaServerCertBuf, rsaServerCertBufSz,
- rsaCaCertBuf, rsaCaCertBufSz,
- attribs, (sizeof(attribs)/sizeof(PKCS7Attrib)),
- "pkcs7signedData_RSA_SHA256_with_ca_cert.der", 0, NULL, 0, 0, 0, 0,
- NULL, 0, NULL, 0, 0},
- #endif
- #if defined(WOLFSSL_SHA384)
- /* RSA with SHA384 */
- {data, (word32)sizeof(data), SHA384h, RSAk, rsaClientPrivKeyBuf,
- rsaClientPrivKeyBufSz, rsaClientCertBuf, rsaClientCertBufSz, NULL, 0,
- attribs, (sizeof(attribs)/sizeof(PKCS7Attrib)),
- "pkcs7signedData_RSA_SHA384.der", 0, NULL, 0, 0, 0, 0, NULL, 0,
- NULL, 0, 0},
- #endif
- #if defined(WOLFSSL_SHA512)
- /* RSA with SHA512 */
- {data, (word32)sizeof(data), SHA512h, RSAk, rsaClientPrivKeyBuf,
- rsaClientPrivKeyBufSz, rsaClientCertBuf, rsaClientCertBufSz, NULL, 0,
- attribs, (sizeof(attribs)/sizeof(PKCS7Attrib)),
- "pkcs7signedData_RSA_SHA512.der", 0, NULL, 0, 0, 0, 0, NULL, 0,
- NULL, 0, 0},
- #endif
- #endif /* NO_RSA */
- #ifdef HAVE_ECC
- #ifndef NO_SHA
- /* ECDSA with SHA */
- {data, (word32)sizeof(data), SHAh, ECDSAk, eccClientPrivKeyBuf,
- eccClientPrivKeyBufSz, eccClientCertBuf, eccClientCertBufSz, NULL, 0,
- attribs, (sizeof(attribs)/sizeof(PKCS7Attrib)),
- "pkcs7signedData_ECDSA_SHA.der", 0, NULL, 0, 0, 0, 0, NULL, 0,
- NULL, 0, 0},
- /* ECDSA with SHA, no signed attributes */
- {data, (word32)sizeof(data), SHAh, ECDSAk, eccClientPrivKeyBuf,
- eccClientPrivKeyBufSz, eccClientCertBuf, eccClientCertBufSz,
- NULL, 0, NULL, 0,
- "pkcs7signedData_ECDSA_SHA_noattr.der", 0, NULL, 0, 0, 0, 0, NULL, 0,
- NULL, 0, 0},
- #endif
- #ifdef WOLFSSL_SHA224
- /* ECDSA with SHA224 */
- {data, (word32)sizeof(data), SHA224h, ECDSAk, eccClientPrivKeyBuf,
- eccClientPrivKeyBufSz, eccClientCertBuf, eccClientCertBufSz, NULL, 0,
- attribs, (sizeof(attribs)/sizeof(PKCS7Attrib)),
- "pkcs7signedData_ECDSA_SHA224.der", 0, NULL, 0, 0, 0, 0, NULL, 0,
- NULL, 0, 0},
- #endif
- #ifndef NO_SHA256
- /* ECDSA with SHA256 */
- {data, (word32)sizeof(data), SHA256h, ECDSAk, eccClientPrivKeyBuf,
- eccClientPrivKeyBufSz, eccClientCertBuf, eccClientCertBufSz, NULL, 0,
- attribs, (sizeof(attribs)/sizeof(PKCS7Attrib)),
- "pkcs7signedData_ECDSA_SHA256.der", 0, NULL, 0, 0, 0, 0, NULL, 0,
- NULL, 0, 0},
- /* ECDSA with SHA256 and SubjectKeyIdentifier in SigherIdentifier */
- {data, (word32)sizeof(data), SHA256h, ECDSAk, eccClientPrivKeyBuf,
- eccClientPrivKeyBufSz, eccClientCertBuf, eccClientCertBufSz, NULL, 0,
- attribs, (sizeof(attribs)/sizeof(PKCS7Attrib)),
- "pkcs7signedData_ECDSA_SHA256_SKID.der", 0, NULL, 0, CMS_SKID, 0, 0,
- NULL, 0, NULL, 0, 0},
- /* ECDSA with SHA256 and custom contentType */
- {data, (word32)sizeof(data), SHA256h, ECDSAk, eccClientPrivKeyBuf,
- eccClientPrivKeyBufSz, eccClientCertBuf, eccClientCertBufSz, NULL, 0,
- attribs, (sizeof(attribs)/sizeof(PKCS7Attrib)),
- "pkcs7signedData_ECDSA_SHA256_custom_contentType.der", 0,
- customContentType, sizeof(customContentType), 0, 0, 0, NULL, 0,
- NULL, 0, 0},
- /* ECDSA with SHA256 and FirmwarePkgData contentType */
- {data, (word32)sizeof(data), SHA256h, ECDSAk, eccClientPrivKeyBuf,
- eccClientPrivKeyBufSz, eccClientCertBuf, eccClientCertBufSz, NULL, 0,
- attribs, (sizeof(attribs)/sizeof(PKCS7Attrib)),
- "pkcs7signedData_ECDSA_SHA256_firmwarePkgData.der",
- FIRMWARE_PKG_DATA, NULL, 0, 0, 0, 0, NULL, 0, NULL, 0, 0},
- #endif
- #ifdef WOLFSSL_SHA384
- /* ECDSA with SHA384 */
- {data, (word32)sizeof(data), SHA384h, ECDSAk, eccClientPrivKeyBuf,
- eccClientPrivKeyBufSz, eccClientCertBuf, eccClientCertBufSz, NULL, 0,
- attribs, (sizeof(attribs)/sizeof(PKCS7Attrib)),
- "pkcs7signedData_ECDSA_SHA384.der", 0, NULL, 0, 0, 0, 0, NULL, 0,
- NULL, 0, 0},
- #endif
- #ifdef WOLFSSL_SHA512
- /* ECDSA with SHA512 */
- {data, (word32)sizeof(data), SHA512h, ECDSAk, eccClientPrivKeyBuf,
- eccClientPrivKeyBufSz, eccClientCertBuf, eccClientCertBufSz, NULL, 0,
- attribs, (sizeof(attribs)/sizeof(PKCS7Attrib)),
- "pkcs7signedData_ECDSA_SHA512.der", 0, NULL, 0, 0, 0, 0, NULL, 0,
- NULL, 0, 0},
- #endif
- #endif /* HAVE_ECC */
- };
- testSz = sizeof(testVectors) / sizeof(pkcs7SignedVector);
- outSz = FOURK_BUF;
- out = (byte*)XMALLOC(outSz, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- if (out == NULL)
- return -12510;
- XMEMSET(out, 0, outSz);
- ret = wc_PKCS7_PadData((byte*)data, sizeof(data), out, outSz, 16);
- if (ret < 0) {
- XFREE(out, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- return -12511;
- }
- #ifndef HAVE_FIPS
- ret = wc_InitRng_ex(&rng, HEAP_HINT, devId);
- #else
- ret = wc_InitRng(&rng);
- #endif
- if (ret != 0) {
- XFREE(out, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- return -12512;
- }
- for (i = 0; i < testSz; i++) {
- pkcs7 = wc_PKCS7_New(HEAP_HINT, devId);
- if (pkcs7 == NULL)
- return -12513;
- ret = wc_PKCS7_InitWithCert(pkcs7, testVectors[i].cert,
- (word32)testVectors[i].certSz);
- if (ret != 0) {
- XFREE(out, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- wc_PKCS7_Free(pkcs7);
- return -12514;
- }
- /* load CA certificate, if present */
- if (testVectors[i].caCert != NULL) {
- ret = wc_PKCS7_AddCertificate(pkcs7, testVectors[i].caCert,
- (word32)testVectors[i].caCertSz);
- if (ret != 0) {
- XFREE(out, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- wc_PKCS7_Free(pkcs7);
- return -12515;
- }
- }
- pkcs7->rng = &rng;
- pkcs7->content = (byte*)testVectors[i].content;
- pkcs7->contentSz = testVectors[i].contentSz;
- pkcs7->contentOID = testVectors[i].contentOID;
- pkcs7->hashOID = testVectors[i].hashOID;
- pkcs7->encryptOID = testVectors[i].signOID;
- pkcs7->privateKey = testVectors[i].privateKey;
- pkcs7->privateKeySz = testVectors[i].privateKeySz;
- pkcs7->signedAttribs = testVectors[i].signedAttribs;
- pkcs7->signedAttribsSz = testVectors[i].signedAttribsSz;
- /* optional custom contentType, default is DATA,
- overrides contentOID if set */
- if (testVectors[i].contentType != NULL) {
- ret = wc_PKCS7_SetContentType(pkcs7, testVectors[i].contentType,
- testVectors[i].contentTypeSz);
- if (ret != 0) {
- XFREE(out, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- wc_PKCS7_Free(pkcs7);
- return -12516;
- }
- }
- /* set SignerIdentifier to use SubjectKeyIdentifier if desired,
- default is IssuerAndSerialNumber */
- if (testVectors[i].sidType == CMS_SKID) {
- ret = wc_PKCS7_SetSignerIdentifierType(pkcs7, CMS_SKID);
- if (ret != 0) {
- XFREE(out, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- wc_PKCS7_Free(pkcs7);
- return -12517;
- }
- }
- /* generate senderNonce */
- {
- senderNonce[0] = 0x04;
- senderNonce[1] = PKCS7_NONCE_SZ;
- ret = wc_RNG_GenerateBlock(&rng, &senderNonce[2], PKCS7_NONCE_SZ);
- if (ret != 0) {
- XFREE(out, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- wc_PKCS7_Free(pkcs7);
- return -12518;
- }
- }
- /* generate transactionID (used with SCEP) */
- {
- #ifndef NO_SHA
- wc_Sha sha;
- byte digest[WC_SHA_DIGEST_SIZE];
- #else
- wc_Sha256 sha;
- byte digest[WC_SHA256_DIGEST_SIZE];
- #endif
- int j,k;
- transId[0] = 0x13;
- transId[1] = sizeof(digest) * 2;
- #ifndef NO_SHA
- ret = wc_InitSha_ex(&sha, HEAP_HINT, devId);
- if (ret != 0) {
- XFREE(out, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- wc_PKCS7_Free(pkcs7);
- return -12519;
- }
- wc_ShaUpdate(&sha, pkcs7->publicKey, pkcs7->publicKeySz);
- wc_ShaFinal(&sha, digest);
- wc_ShaFree(&sha);
- #else
- ret = wc_InitSha256_ex(&sha, HEAP_HINT, devId);
- if (ret != 0) {
- XFREE(out, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- wc_PKCS7_Free(pkcs7);
- return -12520;
- }
- wc_Sha256Update(&sha, pkcs7->publicKey, pkcs7->publicKeySz);
- wc_Sha256Final(&sha, digest);
- wc_Sha256Free(&sha);
- #endif
- for (j = 0, k = 2; j < (int)sizeof(digest); j++, k += 2) {
- XSNPRINTF((char*)&transId[k], 3, "%02x", digest[j]);
- }
- }
- /* enable detached signature generation, if set */
- if (testVectors[i].detachedSignature == 1) {
- ret = wc_PKCS7_SetDetached(pkcs7, 1);
- if (ret != 0) {
- XFREE(out, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- wc_PKCS7_Free(pkcs7);
- return -12521;
- }
- }
- encodedSz = wc_PKCS7_EncodeSignedData(pkcs7, out, outSz);
- if (encodedSz < 0) {
- XFREE(out, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- wc_PKCS7_Free(pkcs7);
- return -12522;
- }
- #ifdef PKCS7_OUTPUT_TEST_BUNDLES
- /* write PKCS#7 to output file for more testing */
- file = XFOPEN(testVectors[i].outFileName, "wb");
- if (!file) {
- XFREE(out, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- wc_PKCS7_Free(pkcs7);
- return -12523;
- }
- ret = (int)XFWRITE(out, 1, encodedSz, file);
- XFCLOSE(file);
- if (ret != (int)encodedSz) {
- XFREE(out, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- wc_PKCS7_Free(pkcs7);
- return -12524;
- }
- #endif /* PKCS7_OUTPUT_TEST_BUNDLES */
- wc_PKCS7_Free(pkcs7);
- pkcs7 = wc_PKCS7_New(HEAP_HINT, devId);
- if (pkcs7 == NULL)
- return -12525;
- wc_PKCS7_InitWithCert(pkcs7, NULL, 0);
- if (testVectors[i].detachedSignature == 1) {
- /* set content for verifying detached signatures */
- pkcs7->content = (byte*)testVectors[i].content;
- pkcs7->contentSz = testVectors[i].contentSz;
- }
- ret = wc_PKCS7_VerifySignedData(pkcs7, out, outSz);
- if (ret < 0) {
- XFREE(out, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- wc_PKCS7_Free(pkcs7);
- return -12526;
- }
- /* verify contentType extracted successfully for custom content types */
- if (testVectors[i].contentTypeSz > 0) {
- if (pkcs7->contentTypeSz != testVectors[i].contentTypeSz) {
- return -12527;
- } else if (XMEMCMP(pkcs7->contentType, testVectors[i].contentType,
- pkcs7->contentTypeSz) != 0) {
- return -12528;
- }
- }
- if (pkcs7->singleCert == NULL || pkcs7->singleCertSz == 0) {
- XFREE(out, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- wc_PKCS7_Free(pkcs7);
- return -12529;
- }
- {
- /* check getting signed attributes */
- #ifndef NO_SHA
- byte buf[(WC_SHA_DIGEST_SIZE + 1) * 2 + 1];
- #else
- byte buf[(WC_SHA256_DIGEST_SIZE + 1) * 2 + 1];
- #endif
- byte* oidPt = transIdOid + 2; /* skip object id tag and size */
- int oidSz = (int)sizeof(transIdOid) - 2;
- int bufSz = 0;
- if (testVectors[i].signedAttribs != NULL &&
- wc_PKCS7_GetAttributeValue(pkcs7, oidPt, oidSz,
- NULL, (word32*)&bufSz) != LENGTH_ONLY_E) {
- XFREE(out, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- wc_PKCS7_Free(pkcs7);
- return -12530;
- }
- if (bufSz > (int)sizeof(buf)) {
- XFREE(out, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- wc_PKCS7_Free(pkcs7);
- return -12531;
- }
- bufSz = wc_PKCS7_GetAttributeValue(pkcs7, oidPt, oidSz,
- buf, (word32*)&bufSz);
- if ((testVectors[i].signedAttribs != NULL && bufSz < 0) ||
- (testVectors[i].signedAttribs == NULL && bufSz > 0)) {
- XFREE(out, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- wc_PKCS7_Free(pkcs7);
- return -12532;
- }
- }
- #ifdef PKCS7_OUTPUT_TEST_BUNDLES
- file = XFOPEN("./pkcs7cert.der", "wb");
- if (!file) {
- XFREE(out, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- wc_PKCS7_Free(pkcs7);
- return -12533;
- }
- ret = (int)XFWRITE(pkcs7->singleCert, 1, pkcs7->singleCertSz, file);
- XFCLOSE(file);
- #endif /* PKCS7_OUTPUT_TEST_BUNDLES */
- wc_PKCS7_Free(pkcs7);
- }
- XFREE(out, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- wc_FreeRng(&rng);
- if (ret > 0)
- return 0;
- (void)rsaClientCertBuf;
- (void)rsaClientCertBufSz;
- (void)rsaClientPrivKeyBuf;
- (void)rsaClientPrivKeyBufSz;
- (void)rsaServerCertBuf;
- (void)rsaServerCertBufSz;
- (void)rsaServerPrivKeyBuf;
- (void)rsaServerPrivKeyBufSz;
- (void)rsaCaCertBuf;
- (void)rsaCaCertBufSz;
- (void)rsaCaPrivKeyBuf;
- (void)rsaCaPrivKeyBufSz;
- (void)eccClientCertBuf;
- (void)eccClientCertBufSz;
- (void)eccClientPrivKeyBuf;
- (void)eccClientPrivKeyBufSz;
- return ret;
- }
- static int pkcs7signed_run_SingleShotVectors(
- byte* rsaClientCertBuf, word32 rsaClientCertBufSz,
- byte* rsaClientPrivKeyBuf, word32 rsaClientPrivKeyBufSz,
- byte* rsaServerCertBuf, word32 rsaServerCertBufSz,
- byte* rsaServerPrivKeyBuf, word32 rsaServerPrivKeyBufSz,
- byte* rsaCaCertBuf, word32 rsaCaCertBufSz,
- byte* rsaCaPrivKeyBuf, word32 rsaCaPrivKeyBufSz,
- byte* eccClientCertBuf, word32 eccClientCertBufSz,
- byte* eccClientPrivKeyBuf, word32 eccClientPrivKeyBufSz)
- {
- int ret, testSz, i;
- int encodedSz;
- byte* out;
- word32 outSz;
- WC_RNG rng;
- PKCS7* pkcs7;
- #ifdef PKCS7_OUTPUT_TEST_BUNDLES
- XFILE file;
- #endif
- WOLFSSL_SMALL_STACK_STATIC const byte data[] = { /* Hello World */
- 0x48,0x65,0x6c,0x6c,0x6f,0x20,0x57,0x6f,
- 0x72,0x6c,0x64
- };
- #if defined(WOLFSSL_AES_256) && !defined(NO_PKCS7_ENCRYPTED_DATA)
- static byte aes256Key[] = {
- 0x01,0x02,0x03,0x04,0x05,0x06,0x07,0x08,
- 0x01,0x02,0x03,0x04,0x05,0x06,0x07,0x08,
- 0x01,0x02,0x03,0x04,0x05,0x06,0x07,0x08,
- 0x01,0x02,0x03,0x04,0x05,0x06,0x07,0x08
- };
- #endif
- static byte messageTypeOid[] =
- { 0x06, 0x0a, 0x60, 0x86, 0x48, 0x01, 0x86, 0xF8, 0x45, 0x01,
- 0x09, 0x02 };
- static byte messageType[] = { 0x13, 2, '1', '9' };
- PKCS7Attrib attribs[] =
- {
- { messageTypeOid, sizeof(messageTypeOid), messageType,
- sizeof(messageType) },
- };
- const pkcs7SignedVector testVectors[] =
- {
- #ifndef NO_RSA
- #ifndef NO_SHA256
- /* Signed FirmwarePkgData, RSA, SHA256, no attribs */
- {data, (word32)sizeof(data), SHA256h, RSAk, rsaClientPrivKeyBuf,
- rsaClientPrivKeyBufSz, rsaClientCertBuf, rsaClientCertBufSz, NULL, 0,
- NULL, 0,
- "pkcs7signedFirmwarePkgData_RSA_SHA256_noattr.der", 0, NULL, 0, 0,
- 0, 0, NULL, 0, NULL, 0, 0},
- /* Signed FirmwarePkgData, RSA, SHA256, attrs */
- {data, (word32)sizeof(data), SHA256h, RSAk, rsaClientPrivKeyBuf,
- rsaClientPrivKeyBufSz, rsaClientCertBuf, rsaClientCertBufSz, NULL, 0,
- attribs, (sizeof(attribs)/sizeof(PKCS7Attrib)),
- "pkcs7signedFirmwarePkgData_RSA_SHA256.der", 0, NULL, 0, 0, 0, 0,
- NULL, 0, NULL, 0, 0},
- /* Signed FirmwarePkgData, RSA, SHA256, SubjectKeyIdentifier, attrs */
- {data, (word32)sizeof(data), SHA256h, RSAk, rsaClientPrivKeyBuf,
- rsaClientPrivKeyBufSz, rsaClientCertBuf, rsaClientCertBufSz, NULL, 0,
- attribs, (sizeof(attribs)/sizeof(PKCS7Attrib)),
- "pkcs7signedFirmwarePkgData_RSA_SHA256_SKID.der", 0, NULL,
- 0, CMS_SKID, 0, 0, NULL, 0, NULL, 0, 0},
- /* Signed FirmwraePkgData, RSA, SHA256, server cert and ca cert, attr */
- {data, (word32)sizeof(data), SHA256h, RSAk, rsaServerPrivKeyBuf,
- rsaServerPrivKeyBufSz, rsaServerCertBuf, rsaServerCertBufSz,
- rsaCaCertBuf, rsaCaCertBufSz,
- attribs, (sizeof(attribs)/sizeof(PKCS7Attrib)),
- "pkcs7signedFirmwarePkgData_RSA_SHA256_with_ca_cert.der", 0, NULL,
- 0, 0, 0, 0, NULL, 0, NULL, 0, 0},
- #if defined(WOLFSSL_AES_256) && !defined(NO_PKCS7_ENCRYPTED_DATA)
- /* Signed Encrypted FirmwarePkgData, RSA, SHA256, no attribs */
- {data, (word32)sizeof(data), SHA256h, RSAk, rsaClientPrivKeyBuf,
- rsaClientPrivKeyBufSz, rsaClientCertBuf, rsaClientCertBufSz, NULL, 0,
- NULL, 0,
- "pkcs7signedEncryptedFirmwarePkgData_RSA_SHA256_noattr.der", 0,
- NULL, 0, 0, AES256CBCb, 1, aes256Key, sizeof(aes256Key), NULL, 0, 0},
- /* Signed Encrypted FirmwarePkgData, RSA, SHA256, attribs */
- {data, (word32)sizeof(data), SHA256h, RSAk, rsaClientPrivKeyBuf,
- rsaClientPrivKeyBufSz, rsaClientCertBuf, rsaClientCertBufSz, NULL, 0,
- attribs, (sizeof(attribs)/sizeof(PKCS7Attrib)),
- "pkcs7signedEncryptedFirmwarePkgData_RSA_SHA256.der", 0,
- NULL, 0, 0, AES256CBCb, 1, aes256Key, sizeof(aes256Key),
- attribs, (sizeof(attribs)/sizeof(PKCS7Attrib)), 0},
- #endif /* WOLFSSL_AES_256 && !NO_PKCS7_ENCRYPTED_DATA */
- #if defined(HAVE_LIBZ) && !defined(NO_PKCS7_COMPRESSED_DATA)
- /* Signed Compressed FirmwarePkgData, RSA, SHA256, no attribs */
- {data, (word32)sizeof(data), SHA256h, RSAk, rsaClientPrivKeyBuf,
- rsaClientPrivKeyBufSz, rsaClientCertBuf, rsaClientCertBufSz, NULL, 0,
- NULL, 0,
- "pkcs7signedCompressedFirmwarePkgData_RSA_SHA256_noattr.der", 0,
- NULL, 0, 0, 0, 2, NULL, 0, NULL, 0, 0},
- /* Signed Compressed FirmwarePkgData, RSA, SHA256, attribs */
- {data, (word32)sizeof(data), SHA256h, RSAk, rsaClientPrivKeyBuf,
- rsaClientPrivKeyBufSz, rsaClientCertBuf, rsaClientCertBufSz, NULL, 0,
- attribs, (sizeof(attribs)/sizeof(PKCS7Attrib)),
- "pkcs7signedCompressedFirmwarePkgData_RSA_SHA256.der", 0,
- NULL, 0, 0, 0, 2, NULL, 0, NULL, 0, 0},
- #ifndef NO_PKCS7_ENCRYPTED_DATA
- /* Signed Encrypted Compressed FirmwarePkgData, RSA, SHA256,
- no attribs */
- {data, (word32)sizeof(data), SHA256h, RSAk, rsaClientPrivKeyBuf,
- rsaClientPrivKeyBufSz, rsaClientCertBuf, rsaClientCertBufSz, NULL, 0,
- NULL, 0,
- "pkcs7signedEncryptedCompressedFirmwarePkgData_RSA_SHA256_noattr.der",
- 0, NULL, 0, 0, AES256CBCb, 3, aes256Key, sizeof(aes256Key), NULL,
- 0, 0},
- /* Signed Encrypted Compressed FirmwarePkgData, RSA, SHA256,
- attribs */
- {data, (word32)sizeof(data), SHA256h, RSAk, rsaClientPrivKeyBuf,
- rsaClientPrivKeyBufSz, rsaClientCertBuf, rsaClientCertBufSz, NULL, 0,
- attribs, (sizeof(attribs)/sizeof(PKCS7Attrib)),
- "pkcs7signedEncryptedCompressedFirmwarePkgData_RSA_SHA256.der",
- 0, NULL, 0, 0, AES256CBCb, 3, aes256Key, sizeof(aes256Key),
- attribs, (sizeof(attribs)/sizeof(PKCS7Attrib)), 0},
- #endif /* !NO_PKCS7_ENCRYPTED_DATA */
- #endif /* HAVE_LIBZ && !NO_PKCS7_COMPRESSED_DATA */
- #endif /* NO_SHA256 */
- #endif /* NO_RSA */
- #ifdef HAVE_ECC
- #ifndef NO_SHA256
- /* Signed FirmwarePkgData, ECDSA, SHA256, no attribs */
- {data, (word32)sizeof(data), SHA256h, ECDSAk, eccClientPrivKeyBuf,
- eccClientPrivKeyBufSz, eccClientCertBuf, eccClientCertBufSz, NULL, 0,
- NULL, 0,
- "pkcs7signedFirmwarePkgData_ECDSA_SHA256_noattr.der", 0, NULL,
- 0, 0, 0, 0, NULL, 0, NULL, 0, 0},
- /* Signed FirmwarePkgData, ECDSA, SHA256, attribs */
- {data, (word32)sizeof(data), SHA256h, ECDSAk, eccClientPrivKeyBuf,
- eccClientPrivKeyBufSz, eccClientCertBuf, eccClientCertBufSz, NULL, 0,
- attribs, (sizeof(attribs)/sizeof(PKCS7Attrib)),
- "pkcs7signedFirmwarePkgData_ECDSA_SHA256.der", 0, NULL,
- 0, 0, 0, 0, NULL, 0, NULL, 0, 0},
- /* Signed FirmwarePkgData, ECDSA, SHA256, SubjectKeyIdentifier, attr */
- {data, (word32)sizeof(data), SHA256h, ECDSAk, eccClientPrivKeyBuf,
- eccClientPrivKeyBufSz, eccClientCertBuf, eccClientCertBufSz, NULL, 0,
- attribs, (sizeof(attribs)/sizeof(PKCS7Attrib)),
- "pkcs7signedFirmwarePkgData_ECDSA_SHA256_SKID.der", 0, NULL,
- 0, CMS_SKID, 0, 0, NULL, 0, NULL, 0, 0},
- #if defined(WOLFSSL_AES_256) && !defined(NO_PKCS7_ENCRYPTED_DATA)
- /* Signed Encrypted FirmwarePkgData, ECDSA, SHA256, no attribs */
- {data, (word32)sizeof(data), SHA256h, ECDSAk, eccClientPrivKeyBuf,
- eccClientPrivKeyBufSz, eccClientCertBuf, eccClientCertBufSz, NULL, 0,
- NULL, 0,
- "pkcs7signedEncryptedFirmwarePkgData_ECDSA_SHA256_noattr.der", 0, NULL,
- 0, 0, AES256CBCb, 1, aes256Key, sizeof(aes256Key), NULL, 0, 0},
- /* Signed Encrypted FirmwarePkgData, ECDSA, SHA256, attribs */
- {data, (word32)sizeof(data), SHA256h, ECDSAk, eccClientPrivKeyBuf,
- eccClientPrivKeyBufSz, eccClientCertBuf, eccClientCertBufSz, NULL, 0,
- attribs, (sizeof(attribs)/sizeof(PKCS7Attrib)),
- "pkcs7signedEncryptedFirmwarePkgData_ECDSA_SHA256.der", 0, NULL,
- 0, 0, AES256CBCb, 1, aes256Key, sizeof(aes256Key),
- attribs, (sizeof(attribs)/sizeof(PKCS7Attrib)), 0},
- #endif /* WOLFSSL_AES_256 && !NO_PKCS7_ENCRYPTED_DATA */
- #if defined(HAVE_LIBZ) && !defined(NO_PKCS7_COMPRESSED_DATA)
- /* Signed Compressed FirmwarePkgData, ECDSA, SHA256, no attribs */
- {data, (word32)sizeof(data), SHA256h, ECDSAk, eccClientPrivKeyBuf,
- eccClientPrivKeyBufSz, eccClientCertBuf, eccClientCertBufSz, NULL, 0,
- NULL, 0,
- "pkcs7signedCompressedFirmwarePkgData_ECDSA_SHA256_noattr.der", 0, NULL,
- 0, 0, 0, 2, NULL, 0, NULL, 0, 0},
- /* Signed Compressed FirmwarePkgData, ECDSA, SHA256, attrib */
- {data, (word32)sizeof(data), SHA256h, ECDSAk, eccClientPrivKeyBuf,
- eccClientPrivKeyBufSz, eccClientCertBuf, eccClientCertBufSz, NULL, 0,
- attribs, (sizeof(attribs)/sizeof(PKCS7Attrib)),
- "pkcs7signedCompressedFirmwarePkgData_ECDSA_SHA256.der", 0, NULL,
- 0, 0, 0, 2, NULL, 0, NULL, 0, 0},
- #ifndef NO_PKCS7_ENCRYPTED_DATA
- /* Signed Encrypted Compressed FirmwarePkgData, ECDSA, SHA256,
- no attribs */
- {data, (word32)sizeof(data), SHA256h, ECDSAk, eccClientPrivKeyBuf,
- eccClientPrivKeyBufSz, eccClientCertBuf, eccClientCertBufSz, NULL, 0,
- NULL, 0,
- "pkcs7signedEncryptedCompressedFirmwarePkgData_ECDSA_SHA256_noattr.der",
- 0, NULL, 0, 0, AES256CBCb, 3, aes256Key, sizeof(aes256Key), NULL,
- 0, 0},
- /* Signed Encrypted Compressed FirmwarePkgData, ECDSA, SHA256,
- attribs */
- {data, (word32)sizeof(data), SHA256h, ECDSAk, eccClientPrivKeyBuf,
- eccClientPrivKeyBufSz, eccClientCertBuf, eccClientCertBufSz, NULL, 0,
- attribs, (sizeof(attribs)/sizeof(PKCS7Attrib)),
- "pkcs7signedEncryptedCompressedFirmwarePkgData_ECDSA_SHA256.der",
- 0, NULL, 0, 0, AES256CBCb, 3, aes256Key, sizeof(aes256Key),
- attribs, (sizeof(attribs)/sizeof(PKCS7Attrib)), 0},
- #endif /* !NO_PKCS7_ENCRYPTED_DATA */
- #endif /* HAVE_LIBZ && !NO_PKCS7_COMPRESSED_DATA */
- #endif /* NO_SHA256 */
- #endif /* HAVE_ECC */
- };
- testSz = sizeof(testVectors) / sizeof(pkcs7SignedVector);
- outSz = FOURK_BUF;
- out = (byte*)XMALLOC(outSz, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- if (out == NULL)
- return -12540;
- XMEMSET(out, 0, outSz);
- ret = wc_PKCS7_PadData((byte*)data, sizeof(data), out, outSz, 16);
- if (ret < 0) {
- XFREE(out, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- return -12541;
- }
- #ifndef HAVE_FIPS
- ret = wc_InitRng_ex(&rng, HEAP_HINT, devId);
- #else
- ret = wc_InitRng(&rng);
- #endif
- if (ret != 0) {
- XFREE(out, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- return -12542;
- }
- for (i = 0; i < testSz; i++) {
- pkcs7 = wc_PKCS7_New(HEAP_HINT, devId);
- if (pkcs7 == NULL)
- return -12543;
- ret = wc_PKCS7_InitWithCert(pkcs7, testVectors[i].cert,
- (word32)testVectors[i].certSz);
- if (ret != 0) {
- XFREE(out, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- wc_PKCS7_Free(pkcs7);
- return -12544;
- }
- /* load CA certificate, if present */
- if (testVectors[i].caCert != NULL) {
- ret = wc_PKCS7_AddCertificate(pkcs7, testVectors[i].caCert,
- (word32)testVectors[i].caCertSz);
- if (ret != 0) {
- XFREE(out, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- wc_PKCS7_Free(pkcs7);
- return -12545;
- }
- }
- /* set SignerIdentifier to use SubjectKeyIdentifier if desired,
- default is IssuerAndSerialNumber */
- if (testVectors[i].sidType == CMS_SKID) {
- ret = wc_PKCS7_SetSignerIdentifierType(pkcs7, CMS_SKID);
- if (ret != 0) {
- XFREE(out, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- wc_PKCS7_Free(pkcs7);
- return -12546;
- }
- }
- if (testVectors[i].encCompFlag == 0) {
- /* encode Signed FirmwarePkgData */
- encodedSz = wc_PKCS7_EncodeSignedFPD(pkcs7,
- testVectors[i].privateKey, testVectors[i].privateKeySz,
- testVectors[i].signOID, testVectors[i].hashOID,
- (byte*)testVectors[i].content, testVectors[i].contentSz,
- testVectors[i].signedAttribs,
- testVectors[i].signedAttribsSz, out, outSz);
- if (encodedSz < 0) {
- XFREE(out, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- wc_PKCS7_Free(pkcs7);
- return -12547;
- }
- #ifndef NO_PKCS7_ENCRYPTED_DATA
- } else if (testVectors[i].encCompFlag == 1) {
- /* encode Signed Encrypted FirmwarePkgData */
- encodedSz = wc_PKCS7_EncodeSignedEncryptedFPD(pkcs7,
- testVectors[i].encryptKey, testVectors[i].encryptKeySz,
- testVectors[i].privateKey, testVectors[i].privateKeySz,
- testVectors[i].encryptOID, testVectors[i].signOID,
- testVectors[i].hashOID, (byte*)testVectors[i].content,
- testVectors[i].contentSz, testVectors[i].unprotectedAttribs,
- testVectors[i].unprotectedAttribsSz,
- testVectors[i].signedAttribs,
- testVectors[i].signedAttribsSz, out, outSz);
- if (encodedSz <= 0) {
- XFREE(out, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- wc_PKCS7_Free(pkcs7);
- return -12548;
- }
- #endif
- #if defined(HAVE_LIBZ) && !defined(NO_PKCS7_COMPRESSED_DATA)
- } else if (testVectors[i].encCompFlag == 2) {
- /* encode Signed Compressed FirmwarePkgData */
- encodedSz = wc_PKCS7_EncodeSignedCompressedFPD(pkcs7,
- testVectors[i].privateKey, testVectors[i].privateKeySz,
- testVectors[i].signOID, testVectors[i].hashOID,
- (byte*)testVectors[i].content, testVectors[i].contentSz,
- testVectors[i].signedAttribs,
- testVectors[i].signedAttribsSz, out, outSz);
- if (encodedSz <= 0) {
- XFREE(out, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- wc_PKCS7_Free(pkcs7);
- return -12549;
- }
- #ifndef NO_PKCS7_ENCRYPTED_DATA
- } else if (testVectors[i].encCompFlag == 3) {
- /* encode Signed Encrypted Compressed FirmwarePkgData */
- encodedSz = wc_PKCS7_EncodeSignedEncryptedCompressedFPD(pkcs7,
- testVectors[i].encryptKey, testVectors[i].encryptKeySz,
- testVectors[i].privateKey, testVectors[i].privateKeySz,
- testVectors[i].encryptOID, testVectors[i].signOID,
- testVectors[i].hashOID, (byte*)testVectors[i].content,
- testVectors[i].contentSz, testVectors[i].unprotectedAttribs,
- testVectors[i].unprotectedAttribsSz,
- testVectors[i].signedAttribs,
- testVectors[i].signedAttribsSz, out, outSz);
- if (encodedSz <= 0) {
- XFREE(out, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- wc_PKCS7_Free(pkcs7);
- return -12550;
- }
- #endif /* NO_PKCS7_ENCRYPTED_DATA */
- #endif /* HAVE_LIBZ && !NO_PKCS7_COMPRESSED_DATA */
- } else {
- /* unsupported SignedData single-shot combination */
- XFREE(out, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- wc_PKCS7_Free(pkcs7);
- return -12551;
- }
- #ifdef PKCS7_OUTPUT_TEST_BUNDLES
- /* write PKCS#7 to output file for more testing */
- file = XFOPEN(testVectors[i].outFileName, "wb");
- if (!file) {
- XFREE(out, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- wc_PKCS7_Free(pkcs7);
- return -12552;
- }
- ret = (int)XFWRITE(out, 1, encodedSz, file);
- XFCLOSE(file);
- if (ret != (int)encodedSz) {
- XFREE(out, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- wc_PKCS7_Free(pkcs7);
- return -12553;
- }
- #endif /* PKCS7_OUTPUT_TEST_BUNDLES */
- wc_PKCS7_Free(pkcs7);
- pkcs7 = wc_PKCS7_New(HEAP_HINT, devId);
- if (pkcs7 == NULL)
- return -12554;
- wc_PKCS7_InitWithCert(pkcs7, NULL, 0);
- ret = wc_PKCS7_VerifySignedData(pkcs7, out, outSz);
- if (ret < 0) {
- XFREE(out, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- wc_PKCS7_Free(pkcs7);
- return -12555;
- }
- #ifndef NO_PKCS7_STREAM
- {
- word32 z;
- for (z = 0; z < outSz && ret != 0; z++) {
- ret = wc_PKCS7_VerifySignedData(pkcs7, out + z, 1);
- if (ret < 0 && ret != WC_PKCS7_WANT_READ_E) {
- XFREE(out, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- wc_PKCS7_Free(pkcs7);
- printf("unexpected error %d\n", ret);
- return -12556;
- }
- }
- }
- #endif
- if (pkcs7->singleCert == NULL || pkcs7->singleCertSz == 0) {
- XFREE(out, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- wc_PKCS7_Free(pkcs7);
- return -12557;
- }
- if (testVectors[i].encCompFlag == 0) {
- /* verify decoded content matches expected */
- if ((pkcs7->contentSz != testVectors[i].contentSz) ||
- XMEMCMP(pkcs7->content, testVectors[i].content,
- pkcs7->contentSz)) {
- XFREE(out, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- wc_PKCS7_Free(pkcs7);
- return -12558;
- }
- }
- #ifndef NO_PKCS7_ENCRYPTED_DATA
- else if (testVectors[i].encCompFlag == 1) {
- /* decrypt inner encryptedData */
- pkcs7->encryptionKey = testVectors[i].encryptKey;
- pkcs7->encryptionKeySz = testVectors[i].encryptKeySz;
- ret = wc_PKCS7_DecodeEncryptedData(pkcs7, pkcs7->content,
- pkcs7->contentSz, out, outSz);
- if (ret < 0) {
- XFREE(out, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- wc_PKCS7_Free(pkcs7);
- return -12559;
- }
- /* compare decrypted to expected */
- if (((word32)ret != testVectors[i].contentSz) ||
- XMEMCMP(out, testVectors[i].content, ret)) {
- XFREE(out, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- wc_PKCS7_Free(pkcs7);
- return -12560;
- }
- }
- #endif
- #if defined(HAVE_LIBZ) && !defined(NO_PKCS7_COMPRESSED_DATA)
- else if (testVectors[i].encCompFlag == 2) {
- /* decompress inner compressedData */
- ret = wc_PKCS7_DecodeCompressedData(pkcs7, pkcs7->content,
- pkcs7->contentSz, out, outSz);
- if (ret < 0) {
- XFREE(out, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- wc_PKCS7_Free(pkcs7);
- return -12561;
- }
- /* compare decompressed to expected */
- if (((word32)ret != testVectors[i].contentSz) ||
- XMEMCMP(out, testVectors[i].content, ret)) {
- XFREE(out, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- wc_PKCS7_Free(pkcs7);
- return -12562;
- }
- }
- #ifndef NO_PKCS7_ENCRYPTED_DATA
- else if (testVectors[i].encCompFlag == 3) {
- byte* encryptedTmp;
- int encryptedTmpSz;
- encryptedTmpSz = FOURK_BUF;
- encryptedTmp = (byte*)XMALLOC(encryptedTmpSz, HEAP_HINT,
- DYNAMIC_TYPE_TMP_BUFFER);
- if (encryptedTmp == NULL) {
- XFREE(out, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- wc_PKCS7_Free(pkcs7);
- return -12563;
- }
- XMEMSET(encryptedTmp, 0, encryptedTmpSz);
- /* decrypt inner encryptedData */
- pkcs7->encryptionKey = testVectors[i].encryptKey;
- pkcs7->encryptionKeySz = testVectors[i].encryptKeySz;
- encryptedTmpSz = wc_PKCS7_DecodeEncryptedData(pkcs7, pkcs7->content,
- pkcs7->contentSz, encryptedTmp,
- encryptedTmpSz);
- if (encryptedTmpSz < 0) {
- XFREE(encryptedTmp, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- XFREE(out, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- wc_PKCS7_Free(pkcs7);
- return -12564;
- }
- /* decompress inner compressedData */
- ret = wc_PKCS7_DecodeCompressedData(pkcs7, encryptedTmp,
- encryptedTmpSz, out, outSz);
- if (ret < 0) {
- XFREE(encryptedTmp, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- XFREE(out, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- wc_PKCS7_Free(pkcs7);
- return -12565;
- }
- XFREE(encryptedTmp, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- /* compare decompressed to expected */
- if (((word32)ret != testVectors[i].contentSz) ||
- XMEMCMP(out, testVectors[i].content, ret)) {
- XFREE(out, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- wc_PKCS7_Free(pkcs7);
- return -12566;
- }
- }
- #endif /* NO_PKCS7_ENCRYPTED_DATA */
- #endif /* HAVE_LIBZ && !NO_PKCS7_COMPRESSED_DATA */
- wc_PKCS7_Free(pkcs7);
- }
- XFREE(out, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- wc_FreeRng(&rng);
- if (ret > 0)
- return 0;
- (void)eccClientCertBuf;
- (void)eccClientCertBufSz;
- (void)eccClientPrivKeyBuf;
- (void)eccClientPrivKeyBufSz;
- (void)rsaClientCertBuf;
- (void)rsaClientCertBufSz;
- (void)rsaClientPrivKeyBuf;
- (void)rsaClientPrivKeyBufSz;
- (void)rsaServerCertBuf;
- (void)rsaServerCertBufSz;
- (void)rsaServerPrivKeyBuf;
- (void)rsaServerPrivKeyBufSz;
- (void)rsaCaCertBuf;
- (void)rsaCaCertBufSz;
- (void)rsaCaPrivKeyBuf;
- (void)rsaCaPrivKeyBufSz;
- return ret;
- }
- WOLFSSL_TEST_SUBROUTINE int pkcs7signed_test(void)
- {
- int ret = 0;
- byte* rsaClientCertBuf = NULL;
- byte* rsaServerCertBuf = NULL;
- byte* rsaCaCertBuf = NULL;
- byte* eccClientCertBuf = NULL;
- byte* rsaClientPrivKeyBuf = NULL;
- byte* rsaServerPrivKeyBuf = NULL;
- byte* rsaCaPrivKeyBuf = NULL;
- byte* eccClientPrivKeyBuf = NULL;
- word32 rsaClientCertBufSz = 0;
- word32 rsaServerCertBufSz = 0;
- word32 rsaCaCertBufSz = 0;
- word32 eccClientCertBufSz = 0;
- word32 rsaClientPrivKeyBufSz = 0;
- word32 rsaServerPrivKeyBufSz = 0;
- word32 rsaCaPrivKeyBufSz = 0;
- word32 eccClientPrivKeyBufSz = 0;
- #ifndef NO_RSA
- /* read client RSA cert and key in DER format */
- rsaClientCertBuf = (byte*)XMALLOC(FOURK_BUF, HEAP_HINT,
- DYNAMIC_TYPE_TMP_BUFFER);
- if (rsaClientCertBuf == NULL)
- ret = -12600;
- rsaClientPrivKeyBuf = (byte*)XMALLOC(FOURK_BUF, HEAP_HINT,
- DYNAMIC_TYPE_TMP_BUFFER);
- if (ret == 0 && rsaClientPrivKeyBuf == NULL) {
- ret = -12601;
- }
- rsaClientCertBufSz = FOURK_BUF;
- rsaClientPrivKeyBufSz = FOURK_BUF;
- /* read server RSA cert and key in DER format */
- rsaServerCertBuf = (byte*)XMALLOC(FOURK_BUF, HEAP_HINT,
- DYNAMIC_TYPE_TMP_BUFFER);
- if (ret == 0 && rsaServerCertBuf == NULL)
- ret = -12602;
- rsaServerPrivKeyBuf = (byte*)XMALLOC(FOURK_BUF, HEAP_HINT,
- DYNAMIC_TYPE_TMP_BUFFER);
- if (ret == 0 && rsaServerPrivKeyBuf == NULL) {
- ret = -12603;
- }
- rsaServerCertBufSz = FOURK_BUF;
- rsaServerPrivKeyBufSz = FOURK_BUF;
- /* read CA RSA cert and key in DER format, for use with server cert */
- rsaCaCertBuf = (byte*)XMALLOC(FOURK_BUF, HEAP_HINT,
- DYNAMIC_TYPE_TMP_BUFFER);
- if (ret == 0 && rsaCaCertBuf == NULL)
- ret = -12604;
- rsaCaPrivKeyBuf = (byte*)XMALLOC(FOURK_BUF, HEAP_HINT,
- DYNAMIC_TYPE_TMP_BUFFER);
- if (ret == 0 && rsaCaPrivKeyBuf == NULL) {
- ret = -12605;
- }
- rsaCaCertBufSz = FOURK_BUF;
- rsaCaPrivKeyBufSz = FOURK_BUF;
- #endif /* NO_RSA */
- #ifdef HAVE_ECC
- /* read client ECC cert and key in DER format */
- eccClientCertBuf = (byte*)XMALLOC(FOURK_BUF, HEAP_HINT,
- DYNAMIC_TYPE_TMP_BUFFER);
- if (ret == 0 && eccClientCertBuf == NULL) {
- ret = -12606;
- }
- eccClientPrivKeyBuf =(byte*)XMALLOC(FOURK_BUF, HEAP_HINT,
- DYNAMIC_TYPE_TMP_BUFFER);
- if (ret == 0 && eccClientPrivKeyBuf == NULL) {
- ret = -12607;
- }
- eccClientCertBufSz = FOURK_BUF;
- eccClientPrivKeyBufSz = FOURK_BUF;
- #endif /* HAVE_ECC */
- if (ret >= 0)
- ret = pkcs7_load_certs_keys(rsaClientCertBuf, &rsaClientCertBufSz,
- rsaClientPrivKeyBuf, &rsaClientPrivKeyBufSz,
- rsaServerCertBuf, &rsaServerCertBufSz,
- rsaServerPrivKeyBuf, &rsaServerPrivKeyBufSz,
- rsaCaCertBuf, &rsaCaCertBufSz,
- rsaCaPrivKeyBuf, &rsaCaPrivKeyBufSz,
- eccClientCertBuf, &eccClientCertBufSz,
- eccClientPrivKeyBuf, &eccClientPrivKeyBufSz);
- if (ret < 0) {
- ret = -12608;
- }
- if (ret >= 0)
- ret = pkcs7signed_run_vectors(rsaClientCertBuf, (word32)rsaClientCertBufSz,
- rsaClientPrivKeyBuf, (word32)rsaClientPrivKeyBufSz,
- rsaServerCertBuf, (word32)rsaServerCertBufSz,
- rsaServerPrivKeyBuf, (word32)rsaServerPrivKeyBufSz,
- rsaCaCertBuf, (word32)rsaCaCertBufSz,
- rsaCaPrivKeyBuf, (word32)rsaCaPrivKeyBufSz,
- eccClientCertBuf, (word32)eccClientCertBufSz,
- eccClientPrivKeyBuf, (word32)eccClientPrivKeyBufSz);
- if (ret >= 0)
- ret = pkcs7signed_run_SingleShotVectors(
- rsaClientCertBuf, (word32)rsaClientCertBufSz,
- rsaClientPrivKeyBuf, (word32)rsaClientPrivKeyBufSz,
- rsaServerCertBuf, (word32)rsaServerCertBufSz,
- rsaServerPrivKeyBuf, (word32)rsaServerPrivKeyBufSz,
- rsaCaCertBuf, (word32)rsaCaCertBufSz,
- rsaCaPrivKeyBuf, (word32)rsaCaPrivKeyBufSz,
- eccClientCertBuf, (word32)eccClientCertBufSz,
- eccClientPrivKeyBuf, (word32)eccClientPrivKeyBufSz);
- #ifndef NO_AES
- if (ret >= 0)
- ret = pkcs7callback_test(
- rsaClientCertBuf, (word32)rsaClientCertBufSz,
- rsaClientPrivKeyBuf, (word32)rsaClientPrivKeyBufSz);
- #endif
- XFREE(rsaClientCertBuf, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- XFREE(rsaClientPrivKeyBuf, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- XFREE(rsaServerCertBuf, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- XFREE(rsaServerPrivKeyBuf, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- XFREE(rsaCaCertBuf, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- XFREE(rsaCaPrivKeyBuf, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- XFREE(eccClientCertBuf, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- XFREE(eccClientPrivKeyBuf, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- return ret;
- }
- #endif /* HAVE_PKCS7 */
- #ifdef HAVE_VALGRIND
- /* Need a static build to have access to symbols. */
- /* Maximum number of bytes in a number to test. */
- #define MP_MAX_TEST_BYTE_LEN 32
- static int randNum(mp_int* n, int len, WC_RNG* rng, void* heap)
- {
- byte d[MP_MAX_TEST_BYTE_LEN];
- int ret;
- (void)heap;
- do {
- ret = wc_RNG_GenerateBlock(rng, d, len);
- if (ret != 0)
- return ret;
- ret = mp_read_unsigned_bin(n, d, len);
- if (ret != 0)
- return ret;
- } while (mp_iszero(n));
- return 0;
- }
- #if defined(WOLFSSL_SP_MATH_ALL) || !defined(USE_FAST_MATH)
- static int mp_test_div_3(mp_int* a, mp_int* r, WC_RNG* rng)
- {
- int i, j;
- mp_digit rem;
- mp_digit rem2;
- for (i = 0; i < 10; i++) {
- for (j = 1; j < 10; j++) {
- if (randNum(a, j, rng, NULL) != 0)
- return -12620;
- if (mp_div_3(a, r, &rem) != 0)
- return -12621;
- if (mp_mul_d(r, 3, r) != 0)
- return -12622;
- if (mp_add_d(r, rem, r) != 0)
- return -12623;
- if (mp_cmp(r, a) != MP_EQ)
- return -12624;
- }
- }
- if (mp_div_3(a, r, &rem) != 0)
- return -12625;
- if (mp_div_3(a, a, NULL) != 0)
- return -12626;
- if (mp_cmp(r, a) != MP_EQ)
- return -12627;
- #if defined(WOLFSSL_SP_MATH_ALL)
- if (mp_div_d(a, 10, r, &rem) != 0)
- return -12628;
- if (mp_div_d(a, 10, a, NULL) != 0)
- return -12629;
- if (mp_cmp(r, a) != MP_EQ)
- return -12630;
- if (mp_div_d(a, 12, r, &rem) != 0)
- return -12631;
- if (mp_div_d(a, 12, a, NULL) != 0)
- return -12632;
- if (mp_cmp(r, a) != MP_EQ)
- return -12633;
- if (mp_div_d(a, (mp_digit)1 << (DIGIT_BIT / 2), r, &rem) != 0)
- return -12634;
- if (mp_div_d(a, (mp_digit)1 << (DIGIT_BIT / 2), NULL, &rem2) != 0)
- return -12635;
- if (mp_div_d(a, (mp_digit)1 << (DIGIT_BIT / 2), a, NULL) != 0)
- return -12636;
- if (mp_cmp(r, a) != MP_EQ)
- return -12637;
- if (rem != rem2)
- return -12638;
- #else
- (void)rem2;
- #endif
- return 0;
- }
- #endif /* WOLFSSL_SP_MATH || !USE_FAST_MATH */
- #if defined(WOLFSSL_SP_MATH_ALL) || (!defined WOLFSSL_SP_MATH && \
- (defined(WOLFSSL_KEY_GEN) || defined(HAVE_COMP_KEY)))
- static int mp_test_radix_10(mp_int* a, mp_int* r, WC_RNG* rng)
- {
- int ret;
- int i, j;
- int size;
- char str[30];
- WOLFSSL_SMALL_STACK_STATIC const char* badStr1 = "A";
- WOLFSSL_SMALL_STACK_STATIC const char* badStr2 = "a";
- WOLFSSL_SMALL_STACK_STATIC const char* badStr3 = " ";
- WOLFSSL_SMALL_STACK_STATIC const char* zeros = "000";
- WOLFSSL_SMALL_STACK_STATIC const char* empty = "";
- for (i = 0; i < 10; i++) {
- for (j = 2; j < 12; j++) {
- if (randNum(a, j, rng, NULL) != 0)
- return -12640;
- if (mp_radix_size(a, MP_RADIX_DEC, &size) != MP_OKAY)
- return -12641;
- mp_toradix(a, str, MP_RADIX_DEC);
- if ((int)XSTRLEN(str) != size - 1)
- return -12642;
- mp_read_radix(r, str, MP_RADIX_DEC);
- if (mp_cmp(a, r) != MP_EQ)
- return -12643;
- }
- }
- if (mp_read_radix(r, badStr1, MP_RADIX_DEC) != MP_VAL)
- return -12644;
- if (mp_read_radix(r, badStr2, MP_RADIX_DEC) != MP_VAL)
- return -12645;
- if (mp_read_radix(r, badStr3, MP_RADIX_DEC) != MP_VAL)
- return -12646;
- if (mp_read_radix(r, zeros, MP_RADIX_DEC) != MP_OKAY)
- return -12647;
- if (!mp_iszero(r))
- return -12648;
- mp_set(r, 1);
- if (mp_read_radix(r, empty, MP_RADIX_DEC) != MP_OKAY)
- return -12649;
- if (!mp_iszero(r))
- return -12650;
- mp_zero(a);
- ret = mp_radix_size(a, MP_RADIX_DEC, &size);
- if (ret != 0)
- return -12651;
- if (size != 2)
- return -12652;
- ret = mp_toradix(a, str, MP_RADIX_DEC);
- if (ret != 0)
- return -12653;
- if ((int)XSTRLEN(str) != size - 1)
- return -12654;
- ret = mp_read_radix(r, str, MP_RADIX_DEC);
- if (ret != 0)
- return -12655;
- if (!mp_iszero(r))
- return -12656;
- return 0;
- }
- #endif
- #if defined(WOLFSSL_SP_MATH_ALL) || defined(HAVE_ECC)
- static int mp_test_radix_16(mp_int* a, mp_int* r, WC_RNG* rng)
- {
- int ret;
- int i, j;
- int size;
- char str[30];
- #if defined(WOLFSSL_SP_MATH) || defined(USE_FAST_MATH)
- static char longStr[2 * sizeof(a->dp) + 2];
- #endif
- WOLFSSL_SMALL_STACK_STATIC const char* badStr1 = " ";
- WOLFSSL_SMALL_STACK_STATIC const char* badStr2 = "}";
- WOLFSSL_SMALL_STACK_STATIC const char* empty = "";
- for (i = 0; i < 10; i++) {
- for (j = 2; j < 12; j++) {
- if (randNum(a, j, rng, NULL) != 0)
- return -12660;
- mp_radix_size(a, MP_RADIX_HEX, &size);
- mp_toradix(a, str, MP_RADIX_HEX);
- if ((int)XSTRLEN(str) != size - 1)
- return -12661;
- mp_read_radix(r, str, MP_RADIX_HEX);
- if (mp_cmp(a, r) != MP_EQ)
- return -12662;
- }
- }
- if (mp_read_radix(r, badStr1, MP_RADIX_HEX) != MP_VAL)
- return -12663;
- if (mp_read_radix(r, badStr2, MP_RADIX_HEX) != MP_VAL)
- return -12664;
- mp_set(r, 1);
- if (mp_read_radix(r, empty, MP_RADIX_HEX) != MP_OKAY)
- return -12665;
- if (!mp_iszero(r))
- return -12666;
- #if defined(WOLFSSL_SP_MATH) || defined(USE_FAST_MATH)
- /* Fixed MP data size - string can be too long. */
- longStr[0] = '8';
- XMEMSET(longStr+1, '0', sizeof(longStr) - 2);
- longStr[sizeof(longStr)-1] = '\0';
- if (mp_read_radix(r, longStr, MP_RADIX_HEX) != MP_VAL)
- return -12667;
- #endif
- mp_zero(a);
- ret = mp_radix_size(a, MP_RADIX_HEX, &size);
- if (ret != 0)
- return -12668;
- #ifndef WC_DISABLE_RADIX_ZERO_PAD
- if (size != 3)
- #else
- if (size != 2)
- #endif
- return -12669;
- ret = mp_toradix(a, str, MP_RADIX_HEX);
- if (ret != 0)
- return -12670;
- if ((int)XSTRLEN(str) != size - 1)
- return -12671;
- ret = mp_read_radix(r, str, MP_RADIX_HEX);
- if (ret != 0)
- return -12672;
- if (!mp_iszero(r))
- return -12673;
- #ifdef WOLFSSL_SP_MATH
- ret = mp_toradix(a, str, 8);
- if (ret != MP_VAL)
- return -12674;
- ret = mp_radix_size(a, 8, &size);
- if (ret != MP_VAL)
- return -12675;
- #endif
- return 0;
- }
- #endif
- static int mp_test_shift(mp_int* a, mp_int* r1, WC_RNG* rng)
- {
- int i;
- if (randNum(a, 4, rng, NULL) != 0)
- return -12680;
- for (i = 0; i < 4; i++) {
- mp_copy(r1, a);
- if (mp_lshd(r1, i) != MP_OKAY)
- return -12681;
- mp_rshd(r1, i);
- if (mp_cmp(a, r1) != MP_EQ)
- return -12682;
- }
- for (i = 0; i < DIGIT_BIT+1; i++) {
- if (mp_mul_2d(a, i, r1) != MP_OKAY)
- return -12683;
- mp_rshb(r1, i);
- if (mp_cmp(a, r1) != MP_EQ)
- return -12684;
- }
- return 0;
- }
- static int mp_test_add_sub_d(mp_int* a, mp_int* r1)
- {
- int i, j;
- for (i = 0; i <= DIGIT_BIT * 2; i++) {
- mp_zero(a);
- mp_set_bit(a, i);
- if (a->used != (i + DIGIT_BIT) / DIGIT_BIT)
- return -12690;
- for (j = 0; j < i && j < DIGIT_BIT; j++) {
- mp_zero(r1);
- mp_set_bit(r1, i);
- if (mp_sub_d(r1, (mp_digit)1 << j, r1) != MP_OKAY)
- return -12691;
- if (mp_add_d(r1, (mp_digit)1 << j, r1) != MP_OKAY)
- return -12692;
- if (mp_cmp(a, r1) != MP_EQ)
- return -12693;
- }
- }
- mp_zero(r1);
- if (mp_add_d(r1, 1, r1) != MP_OKAY)
- return -12694;
- if (r1->used != 1)
- return -12695;
- if (mp_sub_d(r1, 1, r1) != MP_OKAY)
- return -12696;
- if (r1->used != 0)
- return -12697;
- #ifdef WOLFSSL_SP_MATH
- if (mp_set(r1, 1) != MP_OKAY)
- return -12698;
- if (mp_mul_2d(r1, SP_INT_MAX_BITS - 1, r1) != MP_OKAY)
- return -12699;
- if (mp_sub_d(r1, 1, r1) != MP_OKAY)
- return -12700;
- if (mp_mul_2d(r1, 1, r1) != MP_OKAY)
- return -12701;
- if (mp_add_d(r1, 1, r1) != MP_OKAY)
- return -12702;
- if (mp_add_d(r1, 1, r1) == MP_OKAY)
- return -12703;
- #endif
- return 0;
- }
- static int mp_test_read_to_bin(mp_int* a)
- {
- WOLFSSL_SMALL_STACK_STATIC const byte in[16] = {
- 0x91, 0xa2, 0xb3, 0xc4, 0xd5, 0xe6, 0xf7, 0x08,
- 0x93, 0xa4, 0xb4, 0xc5, 0xd6, 0xe7, 0xf8, 0x09
- };
- byte out[24];
- int i, j, k;
- const byte* p;
- int ret;
- for (i = 0; i < (int)sizeof(in); i++) {
- p = in + sizeof(in) - i;
- ret = mp_read_unsigned_bin(a, p, i);
- if (ret != 0)
- return -12710;
- for (j = i; j < (int)sizeof(out); j++) {
- XMEMSET(out, 0xff, sizeof(out));
- ret = mp_to_unsigned_bin_len(a, out, j);
- if (ret != 0)
- return -12711;
- for (k = 0; k < j - i; k++) {
- if (out[k] != 0)
- return -12712;
- }
- for (; k < j; k++) {
- if (out[k] != p[k - (j - i)])
- return -12713;
- }
- }
- }
- ret = mp_read_unsigned_bin(a, NULL, 0);
- if (ret != 0)
- return -12714;
- if (!mp_iszero(a))
- return -12715;
- return 0;
- }
- #if defined(WOLFSSL_SP_MATH) || defined(WOLFSSL_SP_MATH_ALL)
- static int mp_test_set_int(mp_int* a)
- {
- #if SP_ULONG_BITS == 64
- unsigned long n = 0xfedcba9876543210UL;
- byte exp[8] = { 0xfe, 0xdc, 0xba, 0x98, 0x76, 0x54, 0x32, 0x10 };
- byte out[8] = { 0 };
- #elif SP_ULONG_BITS == 32
- unsigned long n = 0xfedcba98UL;
- byte exp[4] = { 0xfe, 0xdc, 0xba, 0x98 };
- byte out[4] = { 0 };
- #elif SP_ULONG_BITS == 16
- unsigned long n = 0xfedc;
- byte exp[2] = { 0xfe, 0xdc };
- byte out[2] = { 0 };
- #elif SP_ULONG_BITS == 8
- unsigned long n = 0xfe;
- byte exp[1] = { 0xfe };
- byte out[1] = { 0 };
- #endif
- int ret;
- ret = mp_set_int(a, n);
- if (ret != 0)
- return -12720;
- ret = mp_unsigned_bin_size(a);
- if (ret != sizeof(exp))
- return -12721;
- ret = mp_to_unsigned_bin(a, out);
- if (ret != 0)
- return -12722;
- if (XMEMCMP(exp, out, sizeof(exp)) != 0)
- return -12723;
- return 0;
- }
- #endif
- #if defined(WOLFSSL_SP_MATH) || defined(WOLFSSL_SP_MATH_ALL)
- static int mp_test_param(mp_int* a, mp_int* b, mp_int* r, WC_RNG* rng)
- {
- byte buffer[16];
- #if defined(HAVE_ECC) || defined(WOLFSSL_SP_MATH_ALL)
- char hexStr[] = "abcdef0123456789";
- #ifndef WOLFSSL_SP_INT_NEGATIVE
- char negStr[] = "-1234";
- #endif
- #endif
- #if !defined(WOLFSSL_SP_MATH_ALL) || defined(WOLFSSL_KEY_GEN) || \
- defined(HAVE_COMP_KEY)
- char decStr[] = "0987654321";
- #endif
- int ret;
- #ifdef WOLFSSL_SP_MATH_ALL
- mp_digit rho;
- int size;
- #endif
- #if defined(WOLFSSL_SP_MATH_ALL) || defined(WOLFSSL_HAVE_SP_DH)
- int result;
- #endif
- #if (defined(HAVE_ECC) && defined(HAVE_COMP_KEY)) || \
- (defined(OPENSSL_EXTRA) && defined(WOLFSSL_KEY_GEN))
- mp_digit rd;
- #endif
- (void)rng;
- (void)r;
- ret = mp_init(NULL);
- if (ret != MP_VAL)
- return -12730;
- #if !defined(WOLFSSL_RSA_PUBLIC_ONLY) || (!defined(NO_DH) || defined(HAVE_ECC))
- ret = mp_init_multi(NULL, NULL, NULL, NULL, NULL, NULL);
- if (ret != MP_OKAY)
- return -12731;
- #endif
- mp_free(NULL);
- #if !defined(WOLFSSL_RSA_VERIFY_ONLY) || !defined(NO_DH) || defined(HAVE_ECC)
- ret = mp_grow(NULL, 1);
- if (ret != MP_VAL)
- return -12732;
- #ifdef WOLFSSL_SP_MATH
- ret = mp_grow(a, SP_INT_DIGITS + 1);
- if (ret != MP_MEM)
- return -12733;
- #endif
- #endif
- mp_clear(NULL);
- ret = mp_abs(NULL, NULL);
- if (ret != MP_VAL)
- return -12734;
- ret = mp_abs(a, NULL);
- if (ret != MP_VAL)
- return -12735;
- ret = mp_abs(NULL, b);
- if (ret != MP_VAL)
- return -12736;
- ret = mp_unsigned_bin_size(NULL);
- if (ret != 0)
- return -12737;
- ret = mp_read_unsigned_bin(NULL, NULL, sizeof(buffer));
- if (ret != MP_VAL)
- return -12738;
- ret = mp_read_unsigned_bin(NULL, buffer, sizeof(buffer));
- if (ret != MP_VAL)
- return -12739;
- ret = mp_read_unsigned_bin(a, NULL, sizeof(buffer));
- if (ret != MP_VAL)
- return -12740;
- ret = mp_read_unsigned_bin(a, buffer,
- (SP_INT_DIGITS - 1) * SP_WORD_SIZEOF + 1);
- if (ret != MP_VAL)
- return -12741;
- #if defined(HAVE_ECC) || defined(WOLFSSL_SP_MATH_ALL)
- ret = mp_read_radix(NULL, NULL, 16);
- if (ret != MP_VAL)
- return -12742;
- ret = mp_read_radix(a, NULL, 16);
- if (ret != MP_VAL)
- return -12743;
- ret = mp_read_radix(NULL, hexStr, 16);
- if (ret != MP_VAL)
- return -12744;
- #ifndef WOLFSSL_SP_INT_NEGATIVE
- ret = mp_read_radix(a, negStr, 16);
- if (ret != MP_VAL)
- return -12745;
- #ifdef WOLFSSL_SP_MATH_ALL
- ret = mp_read_radix(a, negStr, 10);
- if (ret != MP_VAL)
- return -12746;
- #endif /* WOLFSSL_SP_MATH_ALL */
- #endif /* WOLFSSL_SP_INT_NEGATIVE */
- #endif
- #ifndef WOLFSSL_SP_MATH_ALL
- /* Radix 10 only supported with ALL. */
- ret = mp_read_radix(a, decStr, 10);
- if (ret != MP_VAL)
- return -12747;
- #endif
- /* Radix 8 not supported SP_INT. */
- ret = mp_read_radix(a, "0123", 8);
- if (ret != MP_VAL)
- return -12748;
- ret = mp_count_bits(NULL);
- if (ret != 0)
- return -12749;
- ret = mp_is_bit_set(NULL, 0);
- if (ret != 0)
- return -12750;
- ret = mp_leading_bit(NULL);
- if (ret != 0)
- return -12751;
- mp_zero(a);
- ret = mp_leading_bit(a);
- if (ret != 0)
- return -12752;
- #if defined(WOLFSSL_SP_MATH_ALL) || defined(WOLFSSL_HAVE_SP_DH) || \
- defined(HAVE_ECC) || defined(WOLFSSL_KEY_GEN) || defined(OPENSSL_EXTRA) || \
- !defined(NO_RSA)
- ret = mp_set_bit(NULL, 1);
- if (ret != MP_VAL)
- return -12753;
- #endif
- #if !defined(NO_DH) || defined(HAVE_ECC) || defined(WC_RSA_BLINDING) || \
- !defined(WOLFSSL_RSA_VERIFY_ONLY)
- ret = mp_to_unsigned_bin(NULL, NULL);
- if (ret != MP_VAL)
- return -12754;
- ret = mp_to_unsigned_bin(a, NULL);
- if (ret != MP_VAL)
- return -12755;
- ret = mp_to_unsigned_bin(NULL, buffer);
- if (ret != MP_VAL)
- return -12756;
- #endif
- ret = mp_to_unsigned_bin_len(NULL, NULL, 1);
- if (ret != MP_VAL)
- return -12757;
- ret = mp_to_unsigned_bin_len(a, NULL, 1);
- if (ret != MP_VAL)
- return -12758;
- ret = mp_to_unsigned_bin_len(NULL, buffer, 1);
- if (ret != MP_VAL)
- return -12759;
- #ifdef WOLFSSL_SP_MATH_ALL
- ret = mp_to_unsigned_bin_at_pos(0, NULL, NULL);
- if (ret != MP_VAL)
- return -12760;
- ret = mp_to_unsigned_bin_at_pos(0, a, NULL);
- if (ret != MP_VAL)
- return -12761;
- ret = mp_to_unsigned_bin_at_pos(0, NULL, buffer);
- if (ret != MP_VAL)
- return -12762;
- ret = mp_to_unsigned_bin_at_pos(0, a, buffer);
- if (ret != MP_OKAY)
- return -12763;
- #endif
- #if !defined(WOLFSSL_RSA_VERIFY_ONLY) || (!defined(NO_DH) || defined(HAVE_ECC))
- ret = mp_copy(NULL, NULL);
- if (ret != MP_VAL)
- return -12764;
- ret = mp_copy(a, NULL);
- if (ret != MP_VAL)
- return -12765;
- ret = mp_copy(NULL, b);
- if (ret != MP_VAL)
- return -12766;
- #endif
- #if defined(WOLFSSL_KEY_GEN)
- ret = sp_2expt(NULL, 1);
- if (ret != MP_VAL)
- return -12767;
- #endif
- ret = mp_set(NULL, 0);
- if (ret != MP_VAL)
- return -12768;
- ret = mp_cmp_d(NULL, 0);
- if (ret != MP_LT)
- return -12769;
- ret = mp_cmp(NULL, NULL);
- if (ret != MP_EQ)
- return -12770;
- ret = mp_cmp(a, NULL);
- if (ret != MP_GT)
- return -12771;
- ret = mp_cmp(NULL, b);
- if (ret != MP_LT)
- return -12772;
- #if !defined(NO_DH) || defined(HAVE_ECC) || !defined(WOLFSSL_RSA_VERIFY_ONLY)
- mp_rshd(NULL, 1);
- #endif
- mp_zero(NULL);
- #if !defined(NO_DH) || defined(HAVE_ECC) || defined(WC_RSA_BLINDING) || \
- !defined(WOLFSSL_RSA_VERIFY_ONLY)
- ret = mp_lshd(NULL, 0);
- if (ret != MP_VAL)
- return -12773;
- ret = mp_lshd(a, SP_INT_DIGITS + 1);
- if (ret != MP_VAL)
- return -12774;
- #endif
- #if defined(WOLFSSL_SP_MATH_ALL)
- ret = mp_div(NULL, NULL, a, b);
- if (ret != MP_VAL)
- return -12775;
- ret = mp_div(a, NULL, a, b);
- if (ret != MP_VAL)
- return -12776;
- ret = mp_div(NULL, b, a, b);
- if (ret != MP_VAL)
- return -12777;
- ret = mp_div(a, b, NULL, NULL);
- if (ret != MP_VAL)
- return -12778;
- #endif
- #if defined(WOLFSSL_SP_MATH_ALL) || !defined(NO_DH) || defined(HAVE_ECC) || \
- (!defined(NO_RSA) && !defined(WOLFSSL_RSA_VERIFY_ONLY))
- ret = mp_mod(NULL, NULL, NULL);
- if (ret != MP_VAL)
- return -12779;
- ret = mp_mod(a, NULL, NULL);
- if (ret != MP_VAL)
- return -12780;
- ret = mp_mod(NULL, b, NULL);
- if (ret != MP_VAL)
- return -12781;
- ret = mp_mod(NULL, NULL, r);
- if (ret != MP_VAL)
- return -12782;
- ret = mp_mod(a, b, NULL);
- if (ret != MP_VAL)
- return -12783;
- ret = mp_mod(a, NULL, r);
- if (ret != MP_VAL)
- return -12784;
- ret = mp_mod(NULL, b, r);
- if (ret != MP_VAL)
- return -12785;
- #endif
- #if !defined(NO_RSA) || defined(WOLFSSL_SP_MATH_ALL)
- ret = mp_set_int(NULL, 0);
- if (ret != MP_VAL)
- return -12786;
- #endif
- #if !defined(NO_RSA) || !defined(NO_DSA) || !defined(NO_DH) || \
- (defined(HAVE_ECC) && defined(HAVE_COMP_KEY)) || defined(OPENSSL_EXTRA)
- ret = mp_exptmod_ex(NULL, NULL, 1, NULL, NULL);
- if (ret != MP_VAL)
- return 9950;
- ret = mp_exptmod_ex(a, NULL, 1, NULL, NULL);
- if (ret != MP_VAL)
- return 9951;
- ret = mp_exptmod_ex(NULL, a, 1, NULL, NULL);
- if (ret != MP_VAL)
- return 9952;
- ret = mp_exptmod_ex(NULL, NULL, 1, a, NULL);
- if (ret != MP_VAL)
- return 9953;
- ret = mp_exptmod_ex(NULL, NULL, 1, NULL, a);
- if (ret != MP_VAL)
- return 9954;
- ret = mp_exptmod_ex(a, a, 1, a, NULL);
- if (ret != MP_VAL)
- return 9955;
- ret = mp_exptmod_ex(a, a, 1, NULL, a);
- if (ret != MP_VAL)
- return 9956;
- ret = mp_exptmod_ex(a, NULL, 1, a, a);
- if (ret != MP_VAL)
- return 9957;
- ret = mp_exptmod_ex(NULL, a, 1, a, a);
- if (ret != MP_VAL)
- return 9958;
- ret = mp_exptmod_nct(NULL, NULL, NULL, NULL);
- if (ret != MP_VAL)
- return 9960;
- ret = mp_exptmod_nct(a, NULL, NULL, NULL);
- if (ret != MP_VAL)
- return 9961;
- ret = mp_exptmod_nct(NULL, a, NULL, NULL);
- if (ret != MP_VAL)
- return 9962;
- ret = mp_exptmod_nct(NULL, NULL, a, NULL);
- if (ret != MP_VAL)
- return 9963;
- ret = mp_exptmod_nct(NULL, NULL, NULL, a);
- if (ret != MP_VAL)
- return 9964;
- ret = mp_exptmod_nct(a, a, a, NULL);
- if (ret != MP_VAL)
- return 9965;
- ret = mp_exptmod_nct(a, a, NULL, a);
- if (ret != MP_VAL)
- return 9966;
- ret = mp_exptmod_nct(a, NULL, a, a);
- if (ret != MP_VAL)
- return 9967;
- ret = mp_exptmod_nct(NULL, a, a, a);
- if (ret != MP_VAL)
- return 9968;
- #endif
- #if defined(WOLFSSL_KEY_GEN) && (!defined(NO_DH) || !defined(NO_DSA)) && \
- !defined(WC_NO_RNG)
- ret = mp_rand_prime(NULL, 32, NULL, NULL);
- if (ret != MP_VAL)
- return -12787;
- ret = mp_rand_prime(a, 32, NULL, NULL);
- if (ret != MP_VAL)
- return -12788;
- ret = mp_rand_prime(NULL, 32, rng, NULL);
- if (ret != MP_VAL)
- return -12789;
- ret = mp_rand_prime(a, 0, rng, NULL);
- if (ret != MP_VAL)
- return -9969;
- #endif
- #if defined(WOLFSSL_SP_MATH_ALL) && !defined(WOLFSSL_RSA_VERIFY_ONLY)
- ret = mp_mul(NULL, NULL, NULL);
- if (ret != MP_VAL)
- return -12790;
- ret = mp_mul(a, NULL, NULL);
- if (ret != MP_VAL)
- return -12791;
- ret = mp_mul(NULL, b, NULL);
- if (ret != MP_VAL)
- return -12792;
- ret = mp_mul(NULL, NULL, r);
- if (ret != MP_VAL)
- return -12793;
- ret = mp_mul(a, b, NULL);
- if (ret != MP_VAL)
- return -12794;
- ret = mp_mul(a, NULL, r);
- if (ret != MP_VAL)
- return -12795;
- ret = mp_mul(NULL, b, r);
- if (ret != MP_VAL)
- return -12796;
- #endif
- #if defined(WOLFSSL_SP_MATH_ALL) || defined(WOLFSSL_HAVE_SP_DH) || \
- defined(HAVE_ECC) || (!defined(NO_RSA) && !defined(WOLFSSL_RSA_VERIFY_ONLY))
- ret = mp_sqr(NULL, NULL);
- if (ret != MP_VAL)
- return -12797;
- ret = mp_sqr(a, NULL);
- if (ret != MP_VAL)
- return -12798;
- ret = mp_sqr(NULL, r);
- if (ret != MP_VAL)
- return -12799;
- #endif
- #if !defined(WOLFSSL_RSA_VERIFY_ONLY)
- ret = mp_sqrmod(NULL, NULL, NULL);
- if (ret != MP_VAL)
- return -12800;
- ret = mp_sqrmod(a, NULL, NULL);
- if (ret != MP_VAL)
- return -12801;
- ret = mp_sqrmod(NULL, a, NULL);
- if (ret != MP_VAL)
- return -12802;
- ret = mp_sqrmod(NULL, NULL, a);
- if (ret != MP_VAL)
- return -12803;
- ret = mp_sqrmod(a, b, NULL);
- if (ret != MP_VAL)
- return -12804;
- ret = mp_sqrmod(a, NULL, b);
- if (ret != MP_VAL)
- return -12805;
- ret = mp_sqrmod(NULL, a, b);
- if (ret != MP_VAL)
- return -12806;
- ret = mp_mulmod(NULL, NULL, NULL, NULL);
- if (ret != MP_VAL)
- return -12807;
- ret = mp_mulmod(a, NULL, NULL, NULL);
- if (ret != MP_VAL)
- return -12808;
- ret = mp_mulmod(NULL, a, NULL, NULL);
- if (ret != MP_VAL)
- return -12809;
- ret = mp_mulmod(NULL, NULL, a, NULL);
- if (ret != MP_VAL)
- return -12810;
- ret = mp_mulmod(NULL, NULL, NULL, a);
- if (ret != MP_VAL)
- return -12811;
- ret = mp_mulmod(a, b, b, NULL);
- if (ret != MP_VAL)
- return -12812;
- ret = mp_mulmod(a, b, NULL, a);
- if (ret != MP_VAL)
- return -12813;
- ret = mp_mulmod(a, NULL, b, a);
- if (ret != MP_VAL)
- return -12814;
- ret = mp_mulmod(NULL, b, b, a);
- if (ret != MP_VAL)
- return -12815;
- #endif
- #if !defined(NO_PWDBASED) || defined(WOLFSSL_KEY_GEN) || !defined(NO_DH) || \
- !defined(NO_RSA) || !defined(NO_DSA)
- ret = mp_add_d(NULL, 1, NULL);
- if (ret != MP_VAL)
- return -12816;
- ret = mp_add_d(a, 1, NULL);
- if (ret != MP_VAL)
- return -12817;
- ret = mp_add_d(NULL, 1, b);
- if (ret != MP_VAL)
- return -12818;
- #endif
- #if (!defined(NO_RSA) && !defined(WOLFSSL_RSA_VERIFY_ONLY)) || \
- !defined(NO_DH) || defined(HAVE_ECC) || !defined(NO_DSA)
- ret = mp_sub_d(NULL, 1, NULL);
- if (ret != MP_VAL)
- return -12819;
- ret = mp_sub_d(a, 1, NULL);
- if (ret != MP_VAL)
- return -12820;
- ret = mp_sub_d(NULL, 1, b);
- if (ret != MP_VAL)
- return -12821;
- #endif
- #if defined(WOLFSSL_SP_MATH_ALL) || defined(WOLFSSL_HAVE_SP_DH) || \
- (defined(HAVE_ECC) && defined(FP_ECC))
- ret = mp_div_d(NULL, 0, NULL, NULL);
- if (ret != MP_VAL)
- return -12822;
- ret = mp_div_d(a, 0, NULL, NULL);
- if (ret != MP_VAL)
- return -12823;
- ret = mp_div_d(NULL, 1, NULL, NULL);
- if (ret != MP_VAL)
- return -12824;
- #endif
- #if (defined(HAVE_ECC) && defined(HAVE_COMP_KEY)) || \
- (defined(OPENSSL_EXTRA) && defined(WOLFSSL_KEY_GEN))
- ret = mp_mod_d(NULL, 0, NULL);
- if (ret != MP_VAL)
- return -12825;
- ret = mp_mod_d(a, 0, NULL);
- if (ret != MP_VAL)
- return -12826;
- ret = mp_mod_d(NULL, 0, &rd);
- if (ret != MP_VAL)
- return -12827;
- #endif
- #if defined(WOLFSSL_SP_MATH_ALL) && !defined(NO_RSA) && defined(WOLFSSL_KEY_GEN)
- ret = mp_gcd(NULL, NULL, NULL);
- if (ret != MP_VAL)
- return -12828;
- ret = mp_gcd(a, NULL, NULL);
- if (ret != MP_VAL)
- return -12829;
- ret = mp_gcd(NULL, a, NULL);
- if (ret != MP_VAL)
- return -12830;
- ret = mp_gcd(NULL, NULL, a);
- if (ret != MP_VAL)
- return -12831;
- ret = mp_gcd(a, b, NULL);
- if (ret != MP_VAL)
- return -12832;
- ret = mp_gcd(a, NULL, b);
- if (ret != MP_VAL)
- return -12833;
- ret = mp_gcd(NULL, a, b);
- if (ret != MP_VAL)
- return -12834;
- #endif
- #ifdef HAVE_ECC
- ret = mp_div_2_mod_ct(NULL, NULL, NULL);
- if (ret != MP_VAL)
- return -12835;
- ret = mp_div_2_mod_ct(a, NULL, NULL);
- if (ret != MP_VAL)
- return -12836;
- ret = mp_div_2_mod_ct(NULL, b, NULL);
- if (ret != MP_VAL)
- return -12837;
- ret = mp_div_2_mod_ct(NULL, NULL, a);
- if (ret != MP_VAL)
- return -12838;
- ret = mp_div_2_mod_ct(a, b, NULL);
- if (ret != MP_VAL)
- return -12839;
- ret = mp_div_2_mod_ct(a, b, NULL);
- if (ret != MP_VAL)
- return -12840;
- ret = mp_div_2_mod_ct(NULL, b, a);
- if (ret != MP_VAL)
- return -12841;
- ret = mp_div_2(NULL, NULL);
- if (ret != MP_VAL)
- return -12842;
- ret = mp_div_2(a, NULL);
- if (ret != MP_VAL)
- return -12843;
- ret = mp_div_2(NULL, a);
- if (ret != MP_VAL)
- return -12844;
- #endif
- #if (!defined(NO_RSA) && !defined(WOLFSSL_RSA_VERIFY_ONLY)) || \
- defined(HAVE_ECC) || !defined(NO_DSA) || defined(OPENSSL_EXTRA)
- ret = mp_invmod(NULL, NULL, NULL);
- if (ret != MP_VAL)
- return -12845;
- ret = mp_invmod(a, NULL, NULL);
- if (ret != MP_VAL)
- return -12846;
- ret = mp_invmod(NULL, b, NULL);
- if (ret != MP_VAL)
- return -12847;
- ret = mp_invmod(NULL, NULL, a);
- if (ret != MP_VAL)
- return -12848;
- ret = mp_invmod(a, b, NULL);
- if (ret != MP_VAL)
- return -12849;
- ret = mp_invmod(a, NULL, a);
- if (ret != MP_VAL)
- return -12850;
- ret = mp_invmod(NULL, b, a);
- if (ret != MP_VAL)
- return -12851;
- #endif
- #ifdef HAVE_ECC
- ret = mp_invmod_mont_ct(NULL, NULL, NULL, 1);
- if (ret != MP_VAL)
- return -12852;
- ret = mp_invmod_mont_ct(a, NULL, NULL, 1);
- if (ret != MP_VAL)
- return -12853;
- ret = mp_invmod_mont_ct(NULL, b, NULL, 1);
- if (ret != MP_VAL)
- return -12854;
- ret = mp_invmod_mont_ct(NULL, NULL, a, 1);
- if (ret != MP_VAL)
- return -12855;
- ret = mp_invmod_mont_ct(a, b, NULL, 1);
- if (ret != MP_VAL)
- return -12856;
- ret = mp_invmod_mont_ct(a, NULL, a, 1);
- if (ret != MP_VAL)
- return -12857;
- ret = mp_invmod_mont_ct(NULL, b, a, 1);
- if (ret != MP_VAL)
- return -12858;
- #endif
- #if defined(WOLFSSL_SP_MATH_ALL) && !defined(NO_RSA) && defined(WOLFSSL_KEY_GEN)
- ret = mp_lcm(NULL, NULL, NULL);
- if (ret != MP_VAL)
- return -12859;
- ret = mp_lcm(a, NULL, NULL);
- if (ret != MP_VAL)
- return -12860;
- ret = mp_lcm(NULL, b, NULL);
- if (ret != MP_VAL)
- return -12861;
- ret = mp_lcm(NULL, NULL, a);
- if (ret != MP_VAL)
- return -12862;
- ret = mp_lcm(a, b, NULL);
- if (ret != MP_VAL)
- return -12863;
- ret = mp_lcm(a, NULL, a);
- if (ret != MP_VAL)
- return -12864;
- ret = mp_lcm(NULL, b, a);
- if (ret != MP_VAL)
- return -12865;
- #endif
- #if defined(WOLFSSL_SP_MATH_ALL) || defined(WOLFSSL_HAVE_SP_DH)
- ret = mp_exptmod_ex(NULL, NULL, 1, NULL, NULL);
- if (ret != MP_VAL)
- return -12866;
- ret = mp_exptmod_ex(a, NULL, 1, NULL, NULL);
- if (ret != MP_VAL)
- return -12867;
- ret = mp_exptmod_ex(NULL, b, 1, NULL, NULL);
- if (ret != MP_VAL)
- return -12868;
- ret = mp_exptmod_ex(NULL, NULL, 1, b, NULL);
- if (ret != MP_VAL)
- return -12869;
- ret = mp_exptmod_ex(NULL, NULL, 1, NULL, a);
- if (ret != MP_VAL)
- return -12870;
- ret = mp_exptmod_ex(a, b, 1, b, NULL);
- if (ret != MP_VAL)
- return -12871;
- ret = mp_exptmod_ex(a, b, 1, NULL, a);
- if (ret != MP_VAL)
- return -12872;
- ret = mp_exptmod_ex(a, NULL, 1, b, a);
- if (ret != MP_VAL)
- return -12873;
- ret = mp_exptmod_ex(NULL, b, 1, b, a);
- if (ret != MP_VAL)
- return -12874;
- ret = mp_exptmod(NULL, NULL, NULL, NULL);
- if (ret != MP_VAL)
- return -12875;
- ret = mp_exptmod(a, NULL, NULL, NULL);
- if (ret != MP_VAL)
- return -12876;
- ret = mp_exptmod(NULL, b, NULL, NULL);
- if (ret != MP_VAL)
- return -12877;
- ret = mp_exptmod(NULL, NULL, b, NULL);
- if (ret != MP_VAL)
- return -12878;
- ret = mp_exptmod(NULL, NULL, NULL, a);
- if (ret != MP_VAL)
- return -12879;
- ret = mp_exptmod(a, b, b, NULL);
- if (ret != MP_VAL)
- return -12880;
- ret = mp_exptmod(a, b, NULL, a);
- if (ret != MP_VAL)
- return -12881;
- ret = mp_exptmod(a, NULL, b, a);
- if (ret != MP_VAL)
- return -12882;
- ret = mp_exptmod(NULL, b, b, a);
- if (ret != MP_VAL)
- return -12883;
- ret = mp_exptmod_nct(NULL, NULL, NULL, NULL);
- if (ret != MP_VAL)
- return -12884;
- ret = mp_exptmod_nct(a, NULL, NULL, NULL);
- if (ret != MP_VAL)
- return -12885;
- ret = mp_exptmod_nct(NULL, b, NULL, NULL);
- if (ret != MP_VAL)
- return -12886;
- ret = mp_exptmod_nct(NULL, NULL, b, NULL);
- if (ret != MP_VAL)
- return -12887;
- ret = mp_exptmod_nct(NULL, NULL, NULL, a);
- if (ret != MP_VAL)
- return -12888;
- ret = mp_exptmod_nct(a, b, b, NULL);
- if (ret != MP_VAL)
- return -12889;
- ret = mp_exptmod_nct(a, b, NULL, a);
- if (ret != MP_VAL)
- return -12890;
- ret = mp_exptmod_nct(a, NULL, b, a);
- if (ret != MP_VAL)
- return -12891;
- ret = mp_exptmod_nct(NULL, b, b, a);
- if (ret != MP_VAL)
- return -12892;
- #endif
- #if defined(HAVE_ECC) && defined(HAVE_COMP_KEY)
- ret = mp_cnt_lsb(NULL);
- if (ret != 0)
- return -12893;
- #endif
- #if defined(WOLFSSL_SP_MATH_ALL) || defined(WOLFSSL_HAVE_SP_DH)
- ret = mp_prime_is_prime(NULL, 1, NULL);
- if (ret != MP_VAL)
- return -12894;
- ret = mp_prime_is_prime(a, 1, NULL);
- if (ret != MP_VAL)
- return -12895;
- ret = mp_prime_is_prime(NULL, 1, &result);
- if (ret != MP_VAL)
- return -12896;
- ret = mp_prime_is_prime(a, 0, &result);
- if (ret != MP_VAL)
- return -12897;
- ret = mp_prime_is_prime(a, 1024, &result);
- if (ret != MP_VAL)
- return -12898;
- ret = mp_prime_is_prime_ex(NULL, 1, NULL, NULL);
- if (ret != MP_VAL)
- return -12899;
- ret = mp_prime_is_prime_ex(a, 1, NULL, NULL);
- if (ret != MP_VAL)
- return -12900;
- ret = mp_prime_is_prime_ex(NULL, 1, &result, NULL);
- if (ret != MP_VAL)
- return -12901;
- ret = mp_prime_is_prime_ex(NULL, 1, NULL, rng);
- if (ret != MP_VAL)
- return -12902;
- ret = mp_prime_is_prime_ex(a, 1, &result, NULL);
- if (ret != MP_VAL)
- return -12903;
- ret = mp_prime_is_prime_ex(a, 1, NULL, rng);
- if (ret != MP_VAL)
- return -12904;
- ret = mp_prime_is_prime_ex(NULL, 1, &result, rng);
- if (ret != MP_VAL)
- return -12905;
- #endif
- #if defined(WOLFSSL_SP_MATH_ALL) || !defined(NO_DH) || !defined(NO_DSA)
- ret = mp_exch(NULL, NULL);
- if (ret != MP_VAL)
- return -12906;
- ret = mp_exch(a, NULL);
- if (ret != MP_VAL)
- return -12907;
- ret = mp_exch(NULL, b);
- if (ret != MP_VAL)
- return -12908;
- #endif
- #if (defined(WOLFSSL_KEY_GEN) && !defined(NO_RSA)) || \
- defined(WOLFSSL_SP_MATH_ALL)
- ret = mp_mul_d(NULL, 1, NULL);
- if (ret != MP_VAL)
- return -12909;
- ret = mp_mul_d(a, 1, NULL);
- if (ret != MP_VAL)
- return -12910;
- ret = mp_mul_d(NULL, 1, b);
- if (ret != MP_VAL)
- return -12911;
- #endif
- #if !defined(WOLFSSL_RSA_VERIFY_ONLY)
- ret = mp_add(NULL, NULL, NULL);
- if (ret != MP_VAL)
- return -12912;
- ret = mp_add(a, NULL, NULL);
- if (ret != MP_VAL)
- return -12913;
- ret = mp_add(NULL, b, NULL);
- if (ret != MP_VAL)
- return -12914;
- ret = mp_add(NULL, NULL, r);
- if (ret != MP_VAL)
- return -12915;
- ret = mp_add(a, b, NULL);
- if (ret != MP_VAL)
- return -12916;
- ret = mp_add(a, NULL, r);
- if (ret != MP_VAL)
- return -12917;
- ret = mp_add(NULL, b, r);
- if (ret != MP_VAL)
- return -12918;
- #endif
- #if defined(WOLFSSL_SP_MATH_ALL) || !defined(NO_DH) || defined(HAVE_ECC) || \
- (!defined(NO_RSA) && !defined(WOLFSSL_RSA_VERIFY_ONLY))
- ret = mp_sub(NULL, NULL, NULL);
- if (ret != MP_VAL)
- return -12919;
- ret = mp_sub(a, NULL, NULL);
- if (ret != MP_VAL)
- return -12920;
- ret = mp_sub(NULL, b, NULL);
- if (ret != MP_VAL)
- return -12921;
- ret = mp_sub(NULL, NULL, r);
- if (ret != MP_VAL)
- return -12922;
- ret = mp_sub(a, b, NULL);
- if (ret != MP_VAL)
- return -12923;
- ret = mp_sub(a, NULL, r);
- if (ret != MP_VAL)
- return -12924;
- ret = mp_sub(NULL, b, r);
- if (ret != MP_VAL)
- return -12925;
- #endif
- #if defined(WOLFSSL_SP_MATH_ALL) || (!defined(WOLFSSL_SP_MATH) && \
- defined(WOLFSSL_CUSTOM_CURVES))
- ret = mp_addmod(NULL, NULL, NULL, NULL);
- if (ret != MP_VAL)
- return -12926;
- ret = mp_addmod(a, NULL, NULL, NULL);
- if (ret != MP_VAL)
- return -12927;
- ret = mp_addmod(NULL, b, NULL, NULL);
- if (ret != MP_VAL)
- return -12928;
- ret = mp_addmod(NULL, NULL, b, NULL);
- if (ret != MP_VAL)
- return -12929;
- ret = mp_addmod(NULL, NULL, NULL, a);
- if (ret != MP_VAL)
- return -12930;
- ret = mp_addmod(a, b, b, NULL);
- if (ret != MP_VAL)
- return -12931;
- ret = mp_addmod(a, b, NULL, a);
- if (ret != MP_VAL)
- return -12932;
- ret = mp_addmod(a, NULL, b, a);
- if (ret != MP_VAL)
- return -12933;
- ret = mp_addmod(NULL, b, b, a);
- if (ret != MP_VAL)
- return -12934;
- #endif
- #ifdef WOLFSSL_SP_MATH_ALL
- ret = mp_submod(NULL, NULL, NULL, NULL);
- if (ret != MP_VAL)
- return -12935;
- ret = mp_submod(a, NULL, NULL, NULL);
- if (ret != MP_VAL)
- return -12936;
- ret = mp_submod(NULL, b, NULL, NULL);
- if (ret != MP_VAL)
- return -12937;
- ret = mp_submod(NULL, NULL, b, NULL);
- if (ret != MP_VAL)
- return -12938;
- ret = mp_submod(NULL, NULL, NULL, a);
- if (ret != MP_VAL)
- return -12939;
- ret = mp_submod(a, b, b, NULL);
- if (ret != MP_VAL)
- return -12940;
- ret = mp_submod(a, b, NULL, a);
- if (ret != MP_VAL)
- return -12941;
- ret = mp_submod(a, NULL, b, a);
- if (ret != MP_VAL)
- return -12942;
- ret = mp_submod(NULL, b, b, a);
- if (ret != MP_VAL)
- return -12943;
- #endif
- #ifdef WOLFSSL_SP_MATH_ALL
- ret = mp_div_2d(NULL, 1, a, b);
- if (ret != MP_VAL)
- return -12944;
- ret = mp_mod_2d(NULL, 1, NULL);
- if (ret != MP_VAL)
- return -12945;
- ret = mp_mod_2d(a, 1, NULL);
- if (ret != MP_VAL)
- return -12946;
- ret = mp_mod_2d(NULL, 1, b);
- if (ret != MP_VAL)
- return -12947;
- ret = mp_mul_2d(NULL, 1, NULL);
- if (ret != MP_VAL)
- return -12948;
- ret = mp_mul_2d(a, 1, NULL);
- if (ret != MP_VAL)
- return -12949;
- ret = mp_mul_2d(NULL, 1, b);
- if (ret != MP_VAL)
- return -12950;
- #endif
- #if defined(WOLFSSL_SP_MATH_ALL) || defined(WOLFSSL_HAVE_SP_DH) || \
- defined(HAVE_ECC) || (!defined(NO_RSA) && !defined(WOLFSSL_RSA_VERIFY_ONLY))
- ret = mp_montgomery_reduce(NULL, NULL, 1);
- if (ret != MP_VAL)
- return -12951;
- ret = mp_montgomery_reduce(a, NULL, 1);
- if (ret != MP_VAL)
- return -12952;
- ret = mp_montgomery_reduce(NULL, b, 1);
- if (ret != MP_VAL)
- return -12953;
- mp_zero(b);
- ret = mp_montgomery_reduce(a, b, 1);
- if (ret != MP_VAL)
- return -12954;
- #endif
- #ifdef WOLFSSL_SP_MATH_ALL
- ret = mp_montgomery_setup(NULL, NULL);
- if (ret != MP_VAL)
- return -12955;
- ret = mp_montgomery_setup(a, NULL);
- if (ret != MP_VAL)
- return -12956;
- ret = mp_montgomery_setup(NULL, &rho);
- if (ret != MP_VAL)
- return -12957;
- ret = mp_montgomery_calc_normalization(NULL, NULL);
- if (ret != MP_VAL)
- return -12958;
- ret = mp_montgomery_calc_normalization(a, NULL);
- if (ret != MP_VAL)
- return -12959;
- ret = mp_montgomery_calc_normalization(NULL, b);
- if (ret != MP_VAL)
- return -12960;
- #endif
- ret = mp_unsigned_bin_size(NULL);
- if (ret != 0)
- return -12961;
- #if defined(WC_MP_TO_RADIX) || defined(WOLFSSL_SP_MATH_ALL)
- ret = mp_tohex(NULL, NULL);
- if (ret != MP_VAL)
- return -12962;
- ret = mp_tohex(a, NULL);
- if (ret != MP_VAL)
- return -12963;
- ret = mp_tohex(NULL, hexStr);
- if (ret != MP_VAL)
- return -12964;
- #endif
- #if defined(WOLFSSL_KEY_GEN) || defined(HAVE_COMP_KEY)
- ret = mp_todecimal(NULL, NULL);
- if (ret != MP_VAL)
- return -12965;
- ret = mp_todecimal(a, NULL);
- if (ret != MP_VAL)
- return -12966;
- ret = mp_todecimal(NULL, decStr);
- if (ret != MP_VAL)
- return -12967;
- #endif
- #ifdef WOLFSSL_SP_MATH_ALL
- ret = mp_toradix(NULL, NULL, MP_RADIX_HEX);
- if (ret != MP_VAL)
- return -12968;
- ret = mp_toradix(a, NULL, MP_RADIX_HEX);
- if (ret != MP_VAL)
- return -12969;
- ret = mp_toradix(NULL, hexStr, MP_RADIX_HEX);
- if (ret != MP_VAL)
- return -12970;
- ret = mp_toradix(a, hexStr, 3);
- if (ret != MP_VAL)
- return -12971;
- ret = mp_radix_size(NULL, MP_RADIX_HEX, NULL);
- if (ret != MP_VAL)
- return -12972;
- ret = mp_radix_size(a, MP_RADIX_HEX, NULL);
- if (ret != MP_VAL)
- return -12973;
- ret = mp_radix_size(NULL, MP_RADIX_HEX, &size);
- if (ret != MP_VAL)
- return -12974;
- ret = mp_radix_size(a, 3, &size);
- if (ret != MP_VAL)
- return -12975;
- #endif
- return 0;
- }
- #endif
- #if !defined(WOLFSSL_SP_MATH) || defined(WOLFSSL_SP_MATH_ALL)
- static int mp_test_set_is_bit(mp_int* a)
- {
- int i, j;
- mp_zero(a);
- for (i = 0; i <= DIGIT_BIT * 2; i++) {
- if (mp_is_bit_set(a, i))
- return -12980;
- for (j = 0; j < i; j++) {
- if (!mp_is_bit_set(a, j))
- return -12981;
- }
- if (mp_set_bit(a, i) != 0)
- return -12982;
- if (!mp_is_bit_set(a, i))
- return -12983;
- }
- mp_zero(a);
- for (i = 0; i <= DIGIT_BIT * 2; i++) {
- if (mp_is_bit_set(a, i))
- return -12984;
- }
- for (i = 0; i <= DIGIT_BIT * 2; i++) {
- mp_zero(a);
- if (mp_set_bit(a, i) != 0)
- return -12985;
- for (j = 0; j < i; j++) {
- if (mp_is_bit_set(a, j))
- return -12986;
- }
- if (!mp_is_bit_set(a, i))
- return -12987;
- }
- #ifdef WOLFSSL_KEY_GEN
- for (i = 0; i < DIGIT_BIT * 2; i++) {
- mp_set(a, 1);
- if (mp_2expt(a, i) != 0)
- return -12988;
- for (j = 0; j < i; j++) {
- if (mp_is_bit_set(a, j))
- return -12989;
- }
- if (!mp_is_bit_set(a, i))
- return -12990;
- }
- #endif
- #ifdef WOLFSSL_SP_MATH
- mp_zero(a);
- for (j = 1; j <= 3; j++) {
- i = SP_INT_MAX_BITS - j;
- if (mp_is_bit_set(a, i))
- return -12991;
- if (mp_set_bit(a, i) != 0)
- return -12992;
- if (!mp_is_bit_set(a, i))
- return -12993;
- #ifdef WOLFSSL_KEY_GEN
- if (mp_2expt(a, i) != 0)
- return -12994;
- if (!mp_is_bit_set(a, i))
- return -12995;
- #endif
- }
- mp_zero(a);
- for (j = 0; j <= 3; j++) {
- i = SP_INT_MAX_BITS + j;
- if (mp_is_bit_set(a, i))
- return -12996;
- if (mp_set_bit(a, i) != MP_VAL)
- return -12997;
- #ifdef WOLFSSL_KEY_GEN
- if (mp_2expt(a, i) != MP_VAL)
- return -12998;
- #endif
- }
- #endif
- return 0;
- }
- #endif /* !WOLFSSL_SP_MATH || WOLFSSL_SP_MATH_ALL */
- static int mp_test_cmp(mp_int* a, mp_int* b)
- {
- int ret;
- mp_zero(a);
- mp_zero(b);
- ret = mp_cmp_d(a, 0);
- if (ret != MP_EQ)
- return -13000;
- ret = mp_cmp_d(a, 1);
- if (ret != MP_LT)
- return -13001;
- ret = mp_cmp(a, b);
- if (ret != MP_EQ)
- return -13002;
- mp_set(a, 1);
- ret = mp_cmp_d(a, 0);
- if (ret != MP_GT)
- return -13003;
- ret = mp_cmp_d(a, 1);
- if (ret != MP_EQ)
- return -13004;
- ret = mp_cmp_d(a, 2);
- if (ret != MP_LT)
- return -13005;
- ret = mp_cmp(a, b);
- if (ret != MP_GT)
- return -13006;
- mp_read_radix(b, "1234567890123456789", MP_RADIX_HEX);
- ret = mp_cmp_d(b, -1);
- if (ret != MP_GT)
- return -13007;
- ret = mp_cmp(a, b);
- if (ret != MP_LT)
- return -13008;
- ret = mp_cmp(b, a);
- if (ret != MP_GT)
- return -13009;
- ret = mp_cmp(b, b);
- if (ret != MP_EQ)
- return -13010;
- return 0;
- }
- #if !defined(NO_DH) || defined(HAVE_ECC) || !defined(WOLFSSL_RSA_VERIFY_ONLY)
- static int mp_test_shbd(mp_int* a, mp_int* b, WC_RNG* rng)
- {
- int ret;
- int i, j, k;
- for (i = 0; i < 10; i++) {
- for (j = 1; j < (DIGIT_BIT + 7) / 8 * 3; j++) {
- ret = randNum(a, j, rng, NULL);
- if (ret != MP_OKAY)
- return -13020;
- mp_copy(a, b);
- for (k = 0; k <= DIGIT_BIT * 2; k++) {
- ret = mp_mul_2d(a, k, a);
- if (ret != MP_OKAY)
- return -13021;
- mp_rshb(a, k);
- if (mp_cmp(a, b) != MP_EQ)
- return -13022;
- }
- }
- }
- for (i = 0; i < 10; i++) {
- for (j = 1; j < (DIGIT_BIT + 7) / 8 * 3; j++) {
- ret = randNum(a, j, rng, NULL);
- if (ret != MP_OKAY)
- return -13023;
- mp_copy(a, b);
- for (k = 0; k < 10; k++) {
- ret = mp_lshd(a, k);
- if (ret != MP_OKAY)
- return -13024;
- mp_rshd(a, k);
- if (mp_cmp(a, b) != MP_EQ)
- return -13025;
- }
- }
- }
- mp_zero(a);
- mp_rshd(a, 1);
- if (!mp_iszero(a))
- return -13026;
- mp_set(a, 1);
- mp_rshd(a, 1);
- if (!mp_iszero(a))
- return -13027;
- mp_set(a, 1);
- mp_rshd(a, 2);
- if (!mp_iszero(a))
- return -13028;
- return 0;
- }
- #endif
- static int mp_test_div(mp_int* a, mp_int* d, mp_int* r, mp_int* rem,
- WC_RNG* rng)
- {
- int ret;
- int i, j, k;
- mp_zero(a);
- mp_zero(d);
- ret = mp_div(a, d, r, rem);
- if (ret != MP_VAL)
- return -13030;
- mp_set(d, 1);
- ret = mp_div(a, d, r, rem);
- if (ret != MP_OKAY)
- return -13031;
- if (!mp_iszero(r))
- return -13032;
- if (!mp_iszero(rem))
- return -13033;
- mp_set(a, 1);
- ret = mp_div(a, d, r, rem);
- if (ret != MP_OKAY)
- return -13034;
- if (!mp_isone(r))
- return -13035;
- if (!mp_iszero(rem))
- return -13036;
- for (i = 0; i < 100; i++) {
- for (j = 1; j < (DIGIT_BIT + 7) / 8 * 2; j++) {
- ret = randNum(d, j, rng, NULL);
- if (ret != MP_OKAY)
- return -13037;
- for (k = 1; k < (DIGIT_BIT + 7) / 8 * 2 + 1; k++) {
- ret = randNum(a, k, rng, NULL);
- if (ret != MP_OKAY)
- return -13038;
- ret = mp_div(a, d, NULL, rem);
- if (ret != MP_OKAY)
- return -13039;
- ret = mp_div(a, d, r, NULL);
- if (ret != MP_OKAY)
- return -13040;
- ret = mp_div(a, d, r, rem);
- if (ret != MP_OKAY)
- return -13041;
- mp_mul(r, d, r);
- mp_add(r, rem, r);
- if (mp_cmp(r, a) != MP_EQ)
- return -13042;
- }
- }
- }
- ret = randNum(d, (DIGIT_BIT + 7) / 8 * 2, rng, NULL);
- if (ret != MP_OKAY)
- return -13043;
- mp_add(d, d, a);
- mp_set(rem, 1);
- mp_div(a, d, NULL, rem);
- if (ret != MP_OKAY)
- return -13044;
- if (!mp_iszero(rem))
- return -13045;
- mp_set(r, 1);
- mp_div(a, d, r, NULL);
- if (ret != MP_OKAY)
- return -13046;
- if (mp_cmp_d(r, 2) != MP_EQ)
- return -13047;
- mp_set(r, 1);
- mp_set(rem, 1);
- mp_div(a, d, r, rem);
- if (ret != MP_OKAY)
- return -13048;
- if (mp_cmp_d(r, 2) != MP_EQ)
- return -13049;
- if (!mp_iszero(rem))
- return -13050;
- mp_set(a, 0xfe);
- mp_lshd(a, 3);
- mp_add_d(a, 0xff, a);
- mp_set(d, 0xfe);
- mp_lshd(d, 2);
- ret = mp_div(a, d, r, rem);
- if (ret != MP_OKAY)
- return -13051;
- mp_mul(r, d, d);
- mp_add(rem, d, d);
- if (mp_cmp(a, d) != MP_EQ)
- return -13052;
- /* Force (hi | lo) / d to be (d | 0) / d which will would not fit in
- * a digit. So mp_div must detect and handle.
- * For example: 0x800000 / 0x8001, DIGIT_BIT = 8
- */
- mp_set(a, 1);
- mp_mul_2d(a, DIGIT_BIT * 3 - 1, a);
- mp_set(d, 1);
- mp_mul_2d(d, DIGIT_BIT * 2 - 1, d);
- mp_add_d(d, 1, d);
- ret = mp_div(a, d, r, rem);
- if (ret != MP_OKAY)
- return -13053;
- return 0;
- }
- #if defined(WOLFSSL_KEY_GEN) && (!defined(NO_DH) || !defined(NO_DSA)) && \
- !defined(WC_NO_RNG)
- static int mp_test_prime(mp_int* a, WC_RNG* rng)
- {
- int ret;
- int res;
- ret = mp_rand_prime(a, 1, rng, NULL);
- #if defined(WOLFSSL_SP_MATH) || defined(WOLFSSL_SP_MATH_ALL)
- if (ret != 0)
- #else
- if (ret != MP_VAL)
- #endif
- return -13060;
- ret = mp_rand_prime(a, -5, rng, NULL);
- if (ret != 0)
- return -13061;
- ret = mp_prime_is_prime(a, 1, &res);
- if (ret != MP_OKAY)
- return -13062;
- if (res != MP_YES)
- return -13063;
- ret = mp_prime_is_prime(a, 0, &res);
- if (ret != MP_VAL)
- return -13064;
- ret = mp_prime_is_prime(a, -1, &res);
- if (ret != MP_VAL)
- return -13065;
- ret = mp_prime_is_prime(a, 257, &res);
- if (ret != MP_VAL)
- return -13066;
- mp_set(a, 1);
- ret = mp_prime_is_prime(a, 1, &res);
- if (ret != MP_OKAY)
- return -13067;
- if (res != MP_NO)
- return -13068;
- ret = mp_prime_is_prime_ex(a, 1, &res, rng);
- if (ret != MP_OKAY)
- return -13069;
- if (res != MP_NO)
- return -13070;
- mp_set(a, 2);
- ret = mp_prime_is_prime(a, 1, &res);
- if (ret != MP_OKAY)
- return -13071;
- if (res != MP_YES)
- return -13072;
- ret = mp_prime_is_prime_ex(a, 1, &res, rng);
- if (ret != MP_OKAY)
- return -13073;
- if (res != MP_YES)
- return -13074;
- mp_set(a, 0xfb);
- ret = mp_prime_is_prime(a, 1, &res);
- if (ret != MP_OKAY)
- return -13075;
- if (res != MP_YES)
- return -13076;
- ret = mp_prime_is_prime_ex(a, 1, &res, rng);
- if (ret != MP_OKAY)
- return -13077;
- if (res != MP_YES)
- return -13078;
- mp_set(a, 0x6);
- ret = mp_prime_is_prime(a, 1, &res);
- if (ret != MP_OKAY)
- return -13079;
- if (res != MP_NO)
- return -13080;
- ret = mp_prime_is_prime_ex(a, 1, &res, rng);
- if (ret != MP_OKAY)
- return -13081;
- if (res != MP_NO)
- return -13082;
- mp_set_int(a, 0x655 * 0x65b);
- ret = mp_prime_is_prime(a, 10, &res);
- if (ret != MP_OKAY)
- return -13083;
- if (res != MP_NO)
- return -13084;
- ret = mp_prime_is_prime_ex(a, 10, &res, rng);
- if (ret != MP_OKAY)
- return -13085;
- if (res != MP_NO)
- return -13086;
- return 0;
- }
- #endif
- #if defined(WOLFSSL_KEY_GEN) && (!defined(WOLFSSL_SP_MATH_ALL) || \
- !defined(NO_RSA))
- static int mp_test_lcm_gcd(mp_int* a, mp_int* b, mp_int* r, mp_int* exp,
- WC_RNG* rng)
- {
- int ret;
- int i;
- WOLFSSL_SMALL_STACK_STATIC const int kat[][3] = {
- { 1, 1, 1 }, { 2, 1, 2 }, { 1, 2, 2 }, { 2, 4, 4 }, { 4, 2, 4 },
- { 12, 56, 168 }, { 56, 12, 168 }
- };
- (void)exp;
- mp_set(a, 0);
- mp_set(b, 1);
- ret = mp_lcm(a, a, r);
- if (ret != MP_VAL)
- return -13090;
- ret = mp_lcm(a, b, r);
- if (ret != MP_VAL)
- return -13091;
- ret = mp_lcm(b, a, r);
- if (ret != MP_VAL)
- return -13092;
- for (i = 0; i < (int)(sizeof(kat) / sizeof(*kat)); i++) {
- mp_set(a, kat[i][0]);
- mp_set(b, kat[i][1]);
- ret = mp_lcm(a, b, r);
- if (ret != MP_OKAY)
- return -13093;
- mp_set(exp, kat[i][2]);
- if (mp_cmp(r, exp) != MP_EQ)
- return -13094;
- }
- (void)rng;
- #if defined(WOLFSSL_KEY_GEN) && (!defined(NO_DH) || !defined(NO_DSA)) && \
- !defined(WC_NO_RNG)
- if (mp_rand_prime(a, 20, rng, NULL) != MP_OKAY)
- return -13095;
- if (mp_rand_prime(b, 20, rng, NULL) != MP_OKAY)
- return -13096;
- if (mp_mul(a, b, exp) != MP_OKAY)
- return -13097;
- ret = mp_lcm(a, b, r);
- if (ret != MP_OKAY)
- return -13098;
- if (mp_cmp(r, exp) != MP_EQ)
- return -13099;
- ret = mp_lcm(b, a, r);
- if (ret != MP_OKAY)
- return -13100;
- if (mp_cmp(r, exp) != MP_EQ)
- return -13101;
- #endif
- mp_set(a, 11);
- mp_zero(b);
- ret = mp_gcd(a, b, r);
- if (ret != MP_OKAY)
- return -13102;
- if (mp_cmp_d(r, 11) != MP_EQ)
- return -13103;
- ret = mp_gcd(b, a, r);
- if (ret != MP_OKAY)
- return -13104;
- if (mp_cmp_d(r, 11) != MP_EQ)
- return -13105;
- ret = mp_gcd(b, b, r);
- if (ret != MP_VAL)
- return -13106;
- return 0;
- }
- #endif
- #if (!defined(WOLFSSL_SP_MATH) && !defined(USE_FAST_MATH)) || \
- defined(WOLFSSL_SP_MATH_ALL)
- static int mp_test_mod_2d(mp_int* a, mp_int* r, mp_int* t, WC_RNG* rng)
- {
- int ret;
- int i;
- int j;
- mp_set(a, 10);
- ret = mp_mod_2d(a, 0, r);
- if (ret != MP_OKAY)
- return -13110;
- if (!mp_iszero(r))
- return -13111;
- ret = mp_mod_2d(a, 1, r);
- if (ret != MP_OKAY)
- return -13112;
- if (!mp_iszero(r))
- return -13113;
- ret = mp_mod_2d(a, 2, r);
- if (ret != MP_OKAY)
- return -13114;
- if (mp_cmp_d(r, 2))
- return -13115;
- for (i = 2; i < 20; i++) {
- ret = randNum(a, i, rng, NULL);
- if (ret != 0)
- return -13116;
- for (j = 1; j <= mp_count_bits(a); j++) {
- /* Get top part */
- ret = mp_div_2d(a, j, t, NULL);
- if (ret != 0)
- return -13117;
- ret = mp_mul_2d(t, j, t);
- if (ret != 0)
- return -13118;
- /* Get bottom part */
- ret = mp_mod_2d(a, j, r);
- if (ret != 0)
- return -13119;
- /* Reassemble */
- ret = mp_add(t, r, r);
- if (ret != 0)
- return -13120;
- if (mp_cmp(a, r) != MP_EQ)
- return -13121;
- }
- }
- return 0;
- }
- #endif
- #if (defined(HAVE_ECC) && defined(HAVE_COMP_KEY)) || \
- (defined(OPENSSL_EXTRA) && defined(WOLFSSL_KEY_GEN))
- static int mp_test_mod_d(mp_int* a)
- {
- int ret;
- mp_digit r;
- if (mp_set(a, 1) != MP_OKAY)
- return -13130;
- ret = mp_mod_d(a, 0, &r);
- if (ret != MP_VAL)
- return -13131;
- mp_zero(a);
- ret = mp_mod_d(a, 1, &r);
- if (ret != MP_OKAY)
- return -13132;
- ret = mp_mod_d(a, 3, &r);
- if (ret != MP_OKAY)
- return -13133;
- ret = mp_mod_d(a, 5, &r);
- if (ret != MP_OKAY)
- return -13134;
- return 0;
- }
- #endif
- static int mp_test_mul_sqr(mp_int* a, mp_int* b, mp_int* r1, mp_int* r2,
- WC_RNG* rng)
- {
- int ret;
- int i;
- for (i = 1; i < 16; i++) {
- ret = randNum(a, i, rng, NULL);
- if (ret != 0)
- return -13140;
- ret = mp_mul(a, a, r1);
- if (ret != 0)
- return -13141;
- ret = mp_sqr(a, r2);
- if (ret != 0)
- return -13142;
- if (mp_cmp(r1, r2) != MP_EQ)
- return -13143;
- }
- ret = mp_set(b, 0);
- if (ret != MP_OKAY)
- return -13144;
- ret = mp_mul(a, b, r1);
- if (ret != MP_OKAY)
- return -13145;
- if (!mp_iszero(r1))
- return -13146;
- ret = mp_sqr(b, r1);
- if (ret != MP_OKAY)
- return -13147;
- if (!mp_iszero(r1))
- return -13148;
- #ifdef WOLFSSL_SP_MATH
- ret = mp_set(a, 1);
- if (ret != MP_OKAY)
- return -13149;
- i = (SP_INT_DIGITS + 1) / 2;
- ret = mp_mul_2d(a, i * SP_WORD_SIZE - 1, a);
- if (ret != MP_OKAY)
- return -13150;
- ret = mp_set(b, 1);
- if (ret != MP_OKAY)
- return -13151;
- ret = mp_mul_2d(b, (SP_INT_DIGITS - 1 - i) * SP_WORD_SIZE - 1, b);
- if (ret != MP_OKAY)
- return -13152;
- ret = mp_mul(a, b, r1);
- if (ret != MP_OKAY)
- return -13153;
- ret = mp_mul(a, a, r1);
- if (ret == MP_OKAY)
- return -13154;
- ret = mp_sqr(a, r1);
- if (ret == MP_OKAY)
- return -13155;
- ret = mp_sqr(b, r1);
- if (ret != MP_OKAY)
- return -13156;
- #if defined(WOLFSSL_SP_MATH_ALL) || defined(WOLFSSL_HAVE_SP_DH) || \
- (defined(HAVE_ECC) && defined(FP_ECC))
- ret = mp_mulmod(a, b, b, r1);
- if (ret != MP_OKAY)
- return -13157;
- ret = mp_mulmod(a, a, b, r1);
- if (ret == MP_OKAY)
- return -13158;
- #if defined(HAVE_ECC) && (defined(ECC_SHAMIR) || defined(FP_ECC))
- ret = mp_sqrmod(a, b, r1);
- if (ret == MP_OKAY)
- return -13159;
- ret = mp_sqrmod(b, a, r1);
- if (ret != MP_OKAY)
- return -13160;
- #endif /* HAVE_ECC && (ECC_SHAMIR || FP_ECC) */
- #endif /* WOLFSSL_SP_MATH_ALL || WOLFSSL_HAVE_SP_DH || (HAVE_ECC && FP_ECC) */
- #endif /* WOLFSSL_SP_MATH */
- return 0;
- }
- #if !defined(NO_RSA) || defined(HAVE_ECC) || !defined(NO_DSA) || \
- defined(OPENSSL_EXTRA)
- static int mp_test_invmod(mp_int* a, mp_int* m, mp_int* r)
- {
- int ret;
- mp_set(a, 0);
- mp_set(m, 1);
- ret = mp_invmod(a, m, r);
- if (ret != MP_VAL)
- return -13170;
- ret = mp_invmod(m, a, r);
- if (ret != MP_VAL)
- return -13171;
- mp_set(a, 2);
- mp_set(m, 4);
- ret = mp_invmod(a, m, r);
- if (ret != MP_VAL)
- return -13172;
- mp_set(a, 1);
- mp_set(m, 4);
- ret = mp_invmod(a, m, r);
- if (ret != MP_OKAY)
- return -13173;
- if (!mp_isone(r))
- return -13174;
- mp_set(a, 3);
- mp_set(m, 4);
- ret = mp_invmod(a, m, r);
- if (ret != MP_OKAY)
- return -13175;
- mp_set(a, 3);
- mp_set(m, 5);
- ret = mp_invmod(a, m, r);
- if (ret != MP_OKAY)
- return -13176;
- #if !defined(WOLFSSL_SP_MATH) || defined(WOLFSSL_SP_INT_NEGATIVE)
- mp_read_radix(a, "-3", 16);
- ret = mp_invmod(a, m, r);
- if (ret != MP_OKAY)
- return -13177;
- #endif
- #if defined(WOLFSSL_SP_MATH) || defined(WOLFSSL_SP_MATH_ALL)
- #ifdef HAVE_ECC
- mp_set(a, 0);
- mp_set(m, 3);
- ret = mp_invmod_mont_ct(a, m, r, 1);
- if (ret != MP_VAL)
- return -13178;
- mp_set(a, 1);
- mp_set(m, 0);
- ret = mp_invmod_mont_ct(a, m, r, 1);
- if (ret != MP_VAL)
- return -13179;
- mp_set(a, 1);
- mp_set(m, 1);
- ret = mp_invmod_mont_ct(a, m, r, 1);
- if (ret != MP_VAL)
- return -13180;
- mp_set(a, 1);
- mp_set(m, 2);
- ret = mp_invmod_mont_ct(a, m, r, 1);
- if (ret != MP_VAL)
- return -13181;
- mp_set(a, 1);
- mp_set(m, 3);
- ret = mp_invmod_mont_ct(a, m, r, 1);
- if (ret != MP_OKAY)
- return -13182;
- #endif
- #endif
- return 0;
- }
- #endif /* !NO_RSA || HAVE_ECC || !NO_DSA || OPENSSL_EXTRA */
- #if !defined(NO_RSA) || !defined(NO_DSA) || !defined(NO_DH) || \
- (defined(HAVE_ECC) && defined(HAVE_COMP_KEY)) || defined(OPENSSL_EXTRA)
- static int mp_test_exptmod(mp_int* b, mp_int* e, mp_int* m, mp_int* r)
- {
- int ret;
- mp_set(b, 0x2);
- mp_set(e, 0x3);
- mp_set(m, 0x0);
- ret = mp_exptmod_ex(b, e, 1, m, r);
- if (ret != MP_VAL)
- return -13190;
- ret = mp_exptmod_nct(b, e, m, r);
- if (ret != MP_VAL)
- return -13191;
- mp_set(b, 0x2);
- mp_set(e, 0x3);
- mp_set(m, 0x1);
- ret = mp_exptmod_ex(b, e, 1, m, r);
- if (ret != MP_OKAY)
- return -13192;
- if (!mp_iszero(r))
- return -13193;
- ret = mp_exptmod_nct(b, e, m, r);
- if (ret != MP_OKAY)
- return -13194;
- if (!mp_iszero(r))
- return -13195;
- mp_set(b, 0x2);
- mp_set(e, 0x0);
- mp_set(m, 0x7);
- ret = mp_exptmod_ex(b, e, 1, m, r);
- if (ret != MP_OKAY)
- return -13196;
- if (!mp_isone(r))
- return -13197;
- ret = mp_exptmod_nct(b, e, m, r);
- if (ret != MP_OKAY)
- return -13198;
- if (!mp_isone(r))
- return -13199;
- mp_set(b, 0x0);
- mp_set(e, 0x3);
- mp_set(m, 0x7);
- ret = mp_exptmod_ex(b, e, 1, m, r);
- if (ret != MP_OKAY)
- return -13200;
- if (!mp_iszero(r))
- return -13201;
- ret = mp_exptmod_nct(b, e, m, r);
- if (ret != MP_OKAY)
- return -13202;
- if (!mp_iszero(r))
- return -13203;
- mp_set(b, 0x10);
- mp_set(e, 0x3);
- mp_set(m, 0x7);
- ret = mp_exptmod_ex(b, e, 1, m, r);
- if (ret != MP_OKAY)
- return -13204;
- ret = mp_exptmod_nct(b, e, m, r);
- if (ret != MP_OKAY)
- return -13205;
- mp_set(b, 0x7);
- mp_set(e, 0x3);
- mp_set(m, 0x7);
- ret = mp_exptmod_ex(b, e, 1, m, r);
- if (ret != MP_OKAY)
- return -13206;
- if (!mp_iszero(r))
- return -13207;
- ret = mp_exptmod_nct(b, e, m, r);
- if (ret != MP_OKAY)
- return -13208;
- if (!mp_iszero(r))
- return -13209;
- mp_set(b, 0x01);
- mp_mul_2d(b, DIGIT_BIT, b);
- mp_add_d(b, 1, b);
- mp_set(e, 0x3);
- mp_copy(b, m);
- ret = mp_exptmod_ex(b, e, 1, m, r);
- if (ret != MP_OKAY)
- return -13210;
- if (!mp_iszero(r))
- return -13211;
- ret = mp_exptmod_nct(b, e, m, r);
- if (ret != MP_OKAY)
- return -13212;
- if (!mp_iszero(r))
- return -13213;
- mp_set(b, 0x2);
- mp_set(e, 0x3);
- mp_set(m, 0x7);
- ret = mp_exptmod_ex(b, e, 1, m, r);
- if (ret != MP_OKAY)
- return -13214;
- ret = mp_exptmod_nct(b, e, m, r);
- if (ret != MP_OKAY)
- return -13215;
- #ifdef WOLFSSL_SP_MATH
- mp_set(b, 0x2);
- mp_set(e, 0x3);
- mp_set(m, 0x01);
- mp_mul_2d(m, SP_WORD_SIZE * SP_INT_DIGITS / 2, m);
- mp_add_d(m, 0x01, m);
- ret = mp_exptmod_ex(b, e, 1, m, r);
- if (ret != MP_VAL)
- return -13216;
- ret = mp_exptmod_nct(b, e, m, r);
- if (ret != MP_VAL)
- return -13217;
- #endif
- return 0;
- }
- #endif /* !NO_RSA || !NO_DSA || !NO_DH || (HAVE_ECC && HAVE_COMP_KEY) ||
- * OPENSSL_EXTRA */
- #if defined(WOLFSSL_SP_MATH_ALL) || defined(WOLFSSL_HAVE_SP_DH) || \
- defined(HAVE_ECC) || (!defined(NO_RSA) && !defined(WOLFSSL_RSA_VERIFY_ONLY))
- static int mp_test_mont(mp_int* a, mp_int* m, mp_int* n, mp_int* r, WC_RNG* rng)
- {
- int ret;
- mp_digit mp;
- static int exp[] = { 7, 8, 16, 27, 32, 64,
- 127, 128, 255, 256,
- 383, 384, 2033, 2048
- };
- static mp_digit sub[] = { 0x01, 0x05, 0x0f, 0x27, 0x05, 0x3b,
- 0x01, 0x9f, 0x13, 0xbd,
- 0x1f, 0x13d, 0x45, 0x615
- };
- int i;
- int j;
- for (i = 0; i < (int)(sizeof(exp) / sizeof(*exp)); i++) {
- if (exp[i] >= DIGIT_BIT)
- continue;
-
- mp_zero(m);
- ret = mp_set_bit(m, exp[i]);
- if (ret != MP_OKAY)
- return -13220;
- ret = mp_sub_d(m, sub[i], m);
- if (ret != MP_OKAY)
- return -13221;
- ret = mp_montgomery_setup(m, &mp);
- if (ret != MP_OKAY)
- return -13222;
- ret = mp_montgomery_calc_normalization(n, m);
- if (ret != MP_OKAY)
- return -13223;
- for (j = 0; j < 10; j++) {
- ret = randNum(a, (exp[i] + DIGIT_BIT - 1) / DIGIT_BIT, rng, NULL);
- if (ret != 0)
- return -13224;
- ret = mp_mod(a, m, a);
- if (ret != 0)
- return -13225;
- /* r = a * a */
- ret = mp_sqrmod(a, m, r);
- if (ret != MP_OKAY)
- return -13226;
- /* Convert to Montgomery form = a*n */
- ret = mp_mulmod(a, n, m, a);
- if (ret != MP_OKAY)
- return -13227;
- /* a*a mod m == ((a*n) * (a*n)) / n / n */
- ret = mp_sqr(a, a);
- if (ret != MP_OKAY)
- return -13228;
- ret = mp_montgomery_reduce(a, m, mp);
- if (ret != MP_OKAY)
- return -13229;
- ret = mp_montgomery_reduce(a, m, mp);
- if (ret != MP_OKAY)
- return -13230;
- if (mp_cmp(a, r) != MP_EQ)
- return -13231;
- }
- }
- return 0;
- }
- #endif
- WOLFSSL_TEST_SUBROUTINE int mp_test(void)
- {
- WC_RNG rng;
- int ret;
- #if defined(HAVE_ECC) || defined(WOLFSSL_KEY_GEN)
- int i, j, k;
- mp_digit d;
- #endif
- mp_int a, b, r1, r2, p;
- ret = mp_init_multi(&a, &b, &r1, &r2, NULL, NULL);
- if (ret != 0)
- return -13300;
- #ifdef WOLFSSL_SP_MATH_ALL
- mp_init_copy(&p, &a);
- #else
- ret = mp_init(&p);
- if (ret != 0)
- return -13301;
- #endif
- #ifndef HAVE_FIPS
- ret = wc_InitRng_ex(&rng, HEAP_HINT, devId);
- #else
- ret = wc_InitRng(&rng);
- #endif
- if (ret != 0)
- goto done;
- #if defined(HAVE_ECC) || defined(WOLFSSL_KEY_GEN)
- mp_set_int(&a, 0);
- if (a.used != 0 || a.dp[0] != 0)
- return -13302;
- for (j = 1; j <= MP_MAX_TEST_BYTE_LEN; j++) {
- for (i = 0; i < 4 * j; i++) {
- /* New values to use. */
- ret = randNum(&p, j, &rng, NULL);
- if (ret != 0)
- return -13303;
- ret = randNum(&a, j, &rng, NULL);
- if (ret != 0)
- return -13304;
- ret = randNum(&b, j, &rng, NULL);
- if (ret != 0)
- return -13305;
- ret = wc_RNG_GenerateBlock(&rng, (byte*)&d, sizeof(d));
- if (ret != 0)
- return -13306;
- d &= MP_MASK;
- #if !defined(WOLFSSL_SP_MATH) || (defined(HAVE_ECC) && \
- (defined(ECC_SHAMIR) || defined(FP_ECC)))
- /* Ensure sqrmod produce same result as mulmod. */
- ret = mp_sqrmod(&a, &p, &r1);
- if (ret != 0)
- return -13307;
- ret = mp_mulmod(&a, &a, &p, &r2);
- if (ret != 0)
- return -13308;
- if (mp_cmp(&r1, &r2) != 0)
- return -13309;
- #endif
- #if defined(WOLFSSL_SP_MATH) || (defined(WOLFSSL_SP_MATH_ALL) && \
- !defined(WOLFSSL_SP_INT_NEGATIVE))
- ret = mp_addmod(&a, &b, &p, &r1);
- if (ret != 0)
- return -13310;
- ret = mp_submod(&r1, &b, &p, &r2);
- if (ret != 0)
- return -13311;
- ret = mp_mod(&a, &p, &r1);
- if (ret != 0)
- return -13312;
- if (mp_cmp(&r1, &r2) != MP_EQ)
- return -13313;
- #else
- /* Ensure add with mod produce same result as sub with mod. */
- ret = mp_addmod(&a, &b, &p, &r1);
- if (ret != 0)
- return -13314;
- b.sign ^= 1;
- ret = mp_submod(&a, &b, &p, &r2);
- if (ret != 0)
- return -13315;
- if (mp_cmp(&r1, &r2) != 0)
- return -13316;
- #endif
- /* Ensure add digit produce same result as sub digit. */
- ret = mp_add_d(&a, d, &r1);
- if (ret != 0)
- return -13317;
- ret = mp_sub_d(&r1, d, &r2);
- if (ret != 0)
- return -13318;
- if (mp_cmp(&a, &r2) != 0)
- return -13319;
- /* Invert - if p is even it will use the slow impl.
- * - if p and a are even it will fail.
- */
- ret = mp_invmod(&a, &p, &r1);
- if (ret != 0 && ret != MP_VAL)
- return -13320;
- ret = 0;
- /* Shift up and down number all bits in a digit. */
- for (k = 0; k < DIGIT_BIT; k++) {
- mp_mul_2d(&a, k, &r1);
- mp_div_2d(&r1, k, &r2, &p);
- if (mp_cmp(&a, &r2) != 0)
- return -13321;
- if (!mp_iszero(&p))
- return -13322;
- mp_rshb(&r1, k);
- if (mp_cmp(&a, &r1) != 0)
- return -13323;
- }
- }
- }
- #if DIGIT_BIT >= 32
- /* Check that setting a 32-bit digit works. */
- d &= 0xffffffffU;
- mp_set_int(&a, d);
- if (a.used != 1 || a.dp[0] != d)
- return -13324;
- #endif
- /* Check setting a bit and testing a bit works. */
- for (i = 0; i < MP_MAX_TEST_BYTE_LEN * 8; i++) {
- mp_zero(&a);
- mp_set_bit(&a, i);
- if (!mp_is_bit_set(&a, i))
- return -13325;
- }
- #endif
- #if defined(HAVE_ECC) && defined(HAVE_COMP_KEY)
- mp_zero(&a);
- i = mp_cnt_lsb(&a);
- if (i != 0)
- return -13326;
- mp_set(&a, 1);
- i = mp_cnt_lsb(&a);
- if (i != 0)
- return -13327;
- #endif
- #if defined(WOLFSSL_SP_MATH) || defined(WOLFSSL_SP_MATH_ALL)
- if ((ret = mp_test_param(&a, &b, &r1, &rng)) != 0)
- return ret;
- #endif
- #if defined(WOLFSSL_SP_MATH_ALL) || !defined(USE_FAST_MATH)
- if ((ret = mp_test_div_3(&a, &r1, &rng)) != 0)
- return ret;
- #endif
- #if defined(WOLFSSL_SP_MATH_ALL) || (!defined WOLFSSL_SP_MATH && \
- (defined(WOLFSSL_KEY_GEN) || defined(HAVE_COMP_KEY)))
- if ((ret = mp_test_radix_10(&a, &r1, &rng)) != 0)
- return ret;
- #endif
- #if defined(WOLFSSL_SP_MATH_ALL) || defined(HAVE_ECC)
- if ((ret = mp_test_radix_16(&a, &r1, &rng)) != 0)
- return ret;
- #endif
- if ((ret = mp_test_shift(&a, &r1, &rng)) != 0)
- return ret;
- if ((ret = mp_test_add_sub_d(&a, &r1)) != 0)
- return ret;
- if ((ret = mp_test_read_to_bin(&a)) != 0)
- return ret;
- #if defined(WOLFSSL_SP_MATH) || defined(WOLFSSL_SP_MATH_ALL)
- if ((ret = mp_test_set_int(&a)) != 0)
- return ret;
- #endif
- if ((ret = mp_test_cmp(&a, &r1)) != 0)
- return ret;
- #if !defined(NO_DH) || defined(HAVE_ECC) || !defined(WOLFSSL_RSA_VERIFY_ONLY)
- if ((ret = mp_test_shbd(&a, &b, &rng)) != 0)
- return ret;
- #endif
- #if !defined(WOLFSSL_SP_MATH) || defined(WOLFSSL_SP_MATH_ALL)
- if ((ret = mp_test_set_is_bit(&a)) != 0)
- return ret;
- #endif
- if ((ret = mp_test_div(&a, &b, &r1, &r2, &rng)) != 0)
- return ret;
- #if defined(WOLFSSL_KEY_GEN) && (!defined(NO_DH) || !defined(NO_DSA)) && \
- !defined(WC_NO_RNG)
- if ((ret = mp_test_prime(&a, &rng)) != 0)
- return ret;
- #endif
- #if defined(WOLFSSL_KEY_GEN) && (!defined(WOLFSSL_SP_MATH_ALL) || \
- !defined(NO_RSA))
- if ((ret = mp_test_lcm_gcd(&a, &b, &r1, &r2, &rng)) != 0)
- return ret;
- #endif
- #if (!defined(WOLFSSL_SP_MATH) && !defined(USE_FAST_MATH)) || \
- defined(WOLFSSL_SP_MATH_ALL)
- if ((ret = mp_test_mod_2d(&a, &r1, &p, &rng)) != 0)
- return ret;
- #endif
- #if (defined(HAVE_ECC) && defined(HAVE_COMP_KEY)) || \
- (defined(OPENSSL_EXTRA) && defined(WOLFSSL_KEY_GEN))
- if ((ret = mp_test_mod_d(&a)) != 0)
- return ret;
- #endif
- if ((ret = mp_test_mul_sqr(&a, &b, &r1, &r2, &rng)) != 0)
- return ret;
- #if !defined(NO_RSA) || defined(HAVE_ECC) || !defined(NO_DSA) || \
- defined(OPENSSL_EXTRA)
- if ((ret = mp_test_invmod(&a, &b, &r1)) != 0)
- return ret;
- #endif
- #if !defined(NO_RSA) || !defined(NO_DSA) || !defined(NO_DH) || \
- (defined(HAVE_ECC) && defined(HAVE_COMP_KEY)) || defined(OPENSSL_EXTRA)
- if ((ret = mp_test_exptmod(&a, &b, &r1, &r2)) != 0)
- return ret;
- #endif
- #if defined(WOLFSSL_SP_MATH_ALL) || defined(WOLFSSL_HAVE_SP_DH) || \
- defined(HAVE_ECC) || (!defined(NO_RSA) && !defined(WOLFSSL_RSA_VERIFY_ONLY))
- if ((ret = mp_test_mont(&a, &b, &r1, &r2, &rng)) != 0)
- return ret;
- #endif
- done:
- mp_clear(&p);
- mp_clear(&r2);
- mp_clear(&r1);
- mp_clear(&b);
- mp_clear(&a);
- wc_FreeRng(&rng);
- return ret;
- }
- #endif
- #if defined(WOLFSSL_PUBLIC_MP) && defined(WOLFSSL_KEY_GEN)
- typedef struct pairs_t {
- const unsigned char* coeff;
- int coeffSz;
- int exp;
- } pairs_t;
- /*
- n =p1p2p3, where pi = ki(p1−1)+1 with (k2,k3) = (173,293)
- p1 = 2^192 * 0x000000000000e24fd4f6d6363200bf2323ec46285cac1d3a
- + 2^0 * 0x0b2488b0c29d96c5e67f8bec15b54b189ae5636efe89b45b
- */
- static const unsigned char c192a[] =
- {
- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0xe2, 0x4f,
- 0xd4, 0xf6, 0xd6, 0x36, 0x32, 0x00, 0xbf, 0x23,
- 0x23, 0xec, 0x46, 0x28, 0x5c, 0xac, 0x1d, 0x3a
- };
- static const unsigned char c0a[] =
- {
- 0x0b, 0x24, 0x88, 0xb0, 0xc2, 0x9d, 0x96, 0xc5,
- 0xe6, 0x7f, 0x8b, 0xec, 0x15, 0xb5, 0x4b, 0x18,
- 0x9a, 0xe5, 0x63, 0x6e, 0xfe, 0x89, 0xb4, 0x5b
- };
- static const pairs_t ecPairsA[] =
- {
- {c192a, sizeof(c192a), 192},
- {c0a, sizeof(c0a), 0}
- };
- static const int kA[] = {173, 293};
- static const unsigned char controlPrime[] = {
- 0xe1, 0x76, 0x45, 0x80, 0x59, 0xb6, 0xd3, 0x49,
- 0xdf, 0x0a, 0xef, 0x12, 0xd6, 0x0f, 0xf0, 0xb7,
- 0xcb, 0x2a, 0x37, 0xbf, 0xa7, 0xf8, 0xb5, 0x4d,
- 0xf5, 0x31, 0x35, 0xad, 0xe4, 0xa3, 0x94, 0xa1,
- 0xdb, 0xf1, 0x96, 0xad, 0xb5, 0x05, 0x64, 0x85,
- 0x83, 0xfc, 0x1b, 0x5b, 0x29, 0xaa, 0xbe, 0xf8,
- 0x26, 0x3f, 0x76, 0x7e, 0xad, 0x1c, 0xf0, 0xcb,
- 0xd7, 0x26, 0xb4, 0x1b, 0x05, 0x8e, 0x56, 0x86,
- 0x7e, 0x08, 0x62, 0x21, 0xc1, 0x86, 0xd6, 0x47,
- 0x79, 0x3e, 0xb7, 0x5d, 0xa4, 0xc6, 0x3a, 0xd7,
- 0xb1, 0x74, 0x20, 0xf6, 0x50, 0x97, 0x41, 0x04,
- 0x53, 0xed, 0x3f, 0x26, 0xd6, 0x6f, 0x91, 0xfa,
- 0x68, 0x26, 0xec, 0x2a, 0xdc, 0x9a, 0xf1, 0xe7,
- 0xdc, 0xfb, 0x73, 0xf0, 0x79, 0x43, 0x1b, 0x21,
- 0xa3, 0x59, 0x04, 0x63, 0x52, 0x07, 0xc9, 0xd7,
- 0xe6, 0xd1, 0x1b, 0x5d, 0x5e, 0x96, 0xfa, 0x53
- };
- static const unsigned char testOne[] = { 1 };
- static int GenerateNextP(mp_int* p1, mp_int* p2, int k)
- {
- int ret;
- mp_int ki;
- ret = mp_init(&ki);
- if (ret == 0)
- ret = mp_set(&ki, k);
- if (ret == 0)
- ret = mp_sub_d(p1, 1, p2);
- if (ret == 0)
- ret = mp_mul(p2, &ki, p2);
- if (ret == 0)
- ret = mp_add_d(p2, 1, p2);
- mp_clear(&ki);
- return ret;
- }
- static int GenerateP(mp_int* p1, mp_int* p2, mp_int* p3,
- const pairs_t* ecPairs, int ecPairsSz,
- const int* k)
- {
- mp_int x,y;
- int ret, i;
- ret = mp_init(&x);
- if (ret == 0) {
- ret = mp_init(&y);
- if (ret != 0) {
- mp_clear(&x);
- return MP_MEM;
- }
- }
- for (i = 0; ret == 0 && i < ecPairsSz; i++) {
- ret = mp_read_unsigned_bin(&x, ecPairs[i].coeff, ecPairs[i].coeffSz);
- /* p1 = 2^exp */
- if (ret == 0)
- ret = mp_2expt(&y, ecPairs[i].exp);
- /* p1 = p1 * m */
- if (ret == 0)
- ret = mp_mul(&x, &y, &x);
- /* p1 += */
- if (ret == 0)
- ret = mp_add(p1, &x, p1);
- mp_zero(&x);
- mp_zero(&y);
- }
- mp_clear(&x);
- mp_clear(&y);
- if (ret == 0)
- ret = GenerateNextP(p1, p2, k[0]);
- if (ret == 0)
- ret = GenerateNextP(p1, p3, k[1]);
- return ret;
- }
- WOLFSSL_TEST_SUBROUTINE int prime_test(void)
- {
- #ifdef WOLFSSL_SMALL_STACK
- mp_int *n = (mp_int *)XMALLOC(sizeof *n, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER),
- *p1 = (mp_int *)XMALLOC(sizeof *p1, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER),
- *p2 = (mp_int *)XMALLOC(sizeof *p2, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER),
- *p3 = (mp_int *)XMALLOC(sizeof *p3, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- #else
- mp_int n[1],
- p1[1],
- p2[1],
- p3[1];
- #endif
- int ret, isPrime = 0;
- WC_RNG rng;
- #ifdef WOLFSSL_SMALL_STACK
- if ((n == NULL) ||
- (p1 == NULL) ||
- (p2 == NULL) ||
- (p3 == NULL))
- ERROR_OUT(MEMORY_E, out);
- #endif
- ret = wc_InitRng(&rng);
- if (ret == 0)
- ret = mp_init_multi(n, p1, p2, p3, NULL, NULL);
- if (ret == 0)
- ret = GenerateP(p1, p2, p3,
- ecPairsA, sizeof(ecPairsA) / sizeof(ecPairsA[0]), kA);
- if (ret == 0)
- ret = mp_mul(p1, p2, n);
- if (ret == 0)
- ret = mp_mul(n, p3, n);
- if (ret != 0)
- ERROR_OUT(-13400, out);
- /* Check the old prime test using the number that false positives.
- * This test result should indicate as not prime. */
- ret = mp_prime_is_prime(n, 40, &isPrime);
- if (ret != 0)
- ERROR_OUT(-13401, out);
- if (isPrime)
- ERROR_OUT(-13402, out);
- /* This test result should fail. It should indicate the value as prime. */
- ret = mp_prime_is_prime(n, 8, &isPrime);
- if (ret != 0)
- ERROR_OUT(-13403, out);
- if (!isPrime)
- ERROR_OUT(-13404, out);
- /* This test result should indicate the value as not prime. */
- ret = mp_prime_is_prime_ex(n, 8, &isPrime, &rng);
- if (ret != 0)
- ERROR_OUT(-13405, out);
- if (isPrime)
- ERROR_OUT(-13406, out);
- ret = mp_read_unsigned_bin(n, controlPrime, sizeof(controlPrime));
- if (ret != 0)
- ERROR_OUT(-13407, out);
- /* This test result should indicate the value as prime. */
- ret = mp_prime_is_prime_ex(n, 8, &isPrime, &rng);
- if (ret != 0)
- ERROR_OUT(-13408, out);
- if (!isPrime)
- ERROR_OUT(-13409, out);
- /* This test result should indicate the value as prime. */
- isPrime = -1;
- ret = mp_prime_is_prime(n, 8, &isPrime);
- if (ret != 0)
- ERROR_OUT(-13410, out);
- if (!isPrime)
- ERROR_OUT(-13411, out);
- ret = mp_read_unsigned_bin(n, testOne, sizeof(testOne));
- if (ret != 0)
- ERROR_OUT(-13412, out);
- /* This test result should indicate the value as not prime. */
- ret = mp_prime_is_prime_ex(n, 8, &isPrime, &rng);
- if (ret != 0)
- ERROR_OUT(-13413, out);
- if (isPrime)
- ERROR_OUT(-13414, out);
- ret = mp_prime_is_prime(n, 8, &isPrime);
- if (ret != 0)
- ERROR_OUT(-13415, out);
- if (isPrime)
- ERROR_OUT(-13416, out);
- ret = 0;
- out:
- #ifdef WOLFSSL_SMALL_STACK
- if (n != NULL) {
- mp_clear(n);
- XFREE(n, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- }
- if (p1 != NULL) {
- mp_clear(p1);
- XFREE(p1, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- }
- if (p2 != NULL) {
- mp_clear(p2);
- XFREE(p2, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- }
- if (p3 != NULL) {
- mp_clear(p3);
- XFREE(p3, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- }
- #else
- mp_clear(p3);
- mp_clear(p2);
- mp_clear(p1);
- mp_clear(n);
- #endif
- wc_FreeRng(&rng);
- return ret;
- }
- #endif /* WOLFSSL_PUBLIC_MP */
- #if defined(ASN_BER_TO_DER) && \
- (defined(WOLFSSL_TEST_CERT) || defined(OPENSSL_EXTRA) || \
- defined(OPENSSL_EXTRA_X509_SMALL))
- /* wc_BerToDer is only public facing in the case of test cert or opensslextra */
- typedef struct berDerTestData {
- const byte *in;
- word32 inSz;
- const byte *out;
- word32 outSz;
- } berDerTestData;
- WOLFSSL_TEST_SUBROUTINE int berder_test(void)
- {
- int ret;
- int i;
- word32 len = 0, l;
- byte out[32];
- WOLFSSL_SMALL_STACK_STATIC const byte good1_in[] = { 0x30, 0x80, 0x00, 0x00 };
- WOLFSSL_SMALL_STACK_STATIC const byte good1_out[] = { 0x30, 0x00 };
- WOLFSSL_SMALL_STACK_STATIC const byte good2_in[] = { 0x30, 0x80, 0x02, 0x01, 0x01, 0x00, 0x00 };
- WOLFSSL_SMALL_STACK_STATIC const byte good2_out[] = { 0x30, 0x03, 0x02, 0x01, 0x01 };
- WOLFSSL_SMALL_STACK_STATIC const byte good3_in[] = {
- 0x24, 0x80, 0x04, 0x01, 0x01, 0x00, 0x00
- };
- WOLFSSL_SMALL_STACK_STATIC const byte good3_out[] = { 0x04, 0x1, 0x01 };
- WOLFSSL_SMALL_STACK_STATIC const byte good4_in[] = {
- 0x30, 0x80,
- 0x02, 0x01, 0x01,
- 0x30, 0x80,
- 0x24, 0x80,
- 0x04, 0x01, 0x01,
- 0x04, 0x02, 0x02, 0x03,
- 0x00, 0x00,
- 0x06, 0x01, 0x01,
- 0x00, 0x00,
- 0x31, 0x80,
- 0x06, 0x01, 0x01,
- 0x00, 0x00,
- 0x00, 0x00,
- };
- WOLFSSL_SMALL_STACK_STATIC const byte good4_out[] = {
- 0x30, 0x12,
- 0x02, 0x01, 0x01,
- 0x30, 0x08,
- 0x04, 0x03, 0x01, 0x02, 0x03,
- 0x06, 0x01, 0x01,
- 0x31, 0x03,
- 0x06, 0x01, 0x01
- };
- WOLFSSL_SMALL_STACK_STATIC const byte good5_in[] = { 0x30, 0x03, 0x02, 0x01, 0x01 };
- berDerTestData testData[] = {
- { good1_in, sizeof(good1_in), good1_out, sizeof(good1_out) },
- { good2_in, sizeof(good2_in), good2_out, sizeof(good2_out) },
- { good3_in, sizeof(good3_in), good3_out, sizeof(good3_out) },
- { good4_in, sizeof(good4_in), good4_out, sizeof(good4_out) },
- { good5_in, sizeof(good5_in), good5_in , sizeof(good5_in ) },
- };
- for (i = 0; i < (int)(sizeof(testData) / sizeof(*testData)); i++) {
- ret = wc_BerToDer(testData[i].in, testData[i].inSz, NULL, &len);
- if (ret != LENGTH_ONLY_E)
- return -13500 - i;
- if (len != testData[i].outSz)
- return -13510 - i;
- len = testData[i].outSz;
- ret = wc_BerToDer(testData[i].in, testData[i].inSz, out, &len);
- if (ret != 0)
- return -13520 - i;
- if (XMEMCMP(out, testData[i].out, len) != 0)
- return -13530 - i;
- for (l = 1; l < testData[i].inSz; l++) {
- ret = wc_BerToDer(testData[i].in, l, NULL, &len);
- if (ret != ASN_PARSE_E)
- return -13540;
- len = testData[i].outSz;
- ret = wc_BerToDer(testData[i].in, l, out, &len);
- if (ret != ASN_PARSE_E)
- return -13541;
- }
- for (l = 0; l < testData[i].outSz-1; l++) {
- ret = wc_BerToDer(testData[i].in, testData[i].inSz, out, &l);
- if (ret != BUFFER_E)
- return -13542;
- }
- }
- ret = wc_BerToDer(NULL, 4, NULL, NULL);
- if (ret != BAD_FUNC_ARG)
- return -13543;
- ret = wc_BerToDer(out, 4, NULL, NULL);
- if (ret != BAD_FUNC_ARG)
- return -13544;
- ret = wc_BerToDer(NULL, 4, NULL, &len);
- if (ret != BAD_FUNC_ARG)
- return -13545;
- ret = wc_BerToDer(NULL, 4, out, NULL);
- if (ret != BAD_FUNC_ARG)
- return -13546;
- ret = wc_BerToDer(out, 4, out, NULL);
- if (ret != BAD_FUNC_ARG)
- return -13547;
- ret = wc_BerToDer(NULL, 4, out, &len);
- if (ret != BAD_FUNC_ARG)
- return -13548;
- for (l = 1; l < sizeof(good4_out); l++) {
- len = l;
- ret = wc_BerToDer(good4_in, sizeof(good4_in), out, &len);
- if (ret != BUFFER_E)
- return -13549;
- }
- return 0;
- }
- #endif
- #ifdef DEBUG_WOLFSSL
- static THREAD_LS_T int log_cnt = 0;
- static void my_Logging_cb(const int logLevel, const char *const logMessage)
- {
- (void)logLevel;
- (void)logMessage;
- log_cnt++;
- }
- #endif /* DEBUG_WOLFSSL */
- WOLFSSL_TEST_SUBROUTINE int logging_test(void)
- {
- #ifdef DEBUG_WOLFSSL
- const char* msg = "Testing, testing. 1, 2, 3, 4 ...";
- byte a[8] = { 1, 2, 3, 4, 5, 6, 7, 8 };
- byte b[256];
- int i;
- for (i = 0; i < (int)sizeof(b); i++)
- b[i] = i;
- if (wolfSSL_Debugging_ON() != 0)
- return -13600;
- if (wolfSSL_SetLoggingCb(my_Logging_cb) != 0)
- return -13601;
- WOLFSSL_MSG(msg);
- WOLFSSL_BUFFER(a, sizeof(a));
- WOLFSSL_BUFFER(b, sizeof(b));
- WOLFSSL_BUFFER(NULL, 0);
- WOLFSSL_ERROR(MEMORY_E);
- WOLFSSL_ERROR_MSG(msg);
- /* turn off logs */
- wolfSSL_Debugging_OFF();
- /* capture log count */
- i = log_cnt;
- /* validate no logs are output when disabled */
- WOLFSSL_MSG(msg);
- WOLFSSL_BUFFER(a, sizeof(a));
- WOLFSSL_BUFFER(b, sizeof(b));
- WOLFSSL_BUFFER(NULL, 0);
- WOLFSSL_ERROR(MEMORY_E);
- WOLFSSL_ERROR_MSG(msg);
- /* check the logs were disabled */
- if (i != log_cnt)
- return -13602;
- /* restore callback and leave logging enabled */
- wolfSSL_SetLoggingCb(NULL);
- wolfSSL_Debugging_ON();
- /* suppress unused args */
- (void)a;
- (void)b;
- #else
- if (wolfSSL_Debugging_ON() != NOT_COMPILED_IN)
- return -13603;
- wolfSSL_Debugging_OFF();
- if (wolfSSL_SetLoggingCb(NULL) != NOT_COMPILED_IN)
- return -13604;
- #endif /* DEBUG_WOLFSSL */
- return 0;
- }
- WOLFSSL_TEST_SUBROUTINE int mutex_test(void)
- {
- #ifdef WOLFSSL_PTHREADS
- wolfSSL_Mutex m;
- #endif
- #if !defined(WOLFSSL_NO_MALLOC) && !defined(WOLFSSL_USER_MUTEX)
- wolfSSL_Mutex *mm = wc_InitAndAllocMutex();
- if (mm == NULL)
- return -13700;
- wc_FreeMutex(mm);
- XFREE(mm, HEAP_HINT, DYNAMIC_TYPE_MUTEX);
- #endif
- /* Can optionally enable advanced pthread tests using "ENABLE_PTHREAD_LOCKFREE_TESTS" */
- #ifdef WOLFSSL_PTHREADS
- if (wc_InitMutex(&m) != 0)
- return -13701;
- if (wc_LockMutex(&m) != 0)
- return -13702;
- #if !defined(WOLFSSL_SOLARIS) && defined(ENABLE_PTHREAD_LOCKFREE_TESTS)
- /* trying to free a locked mutex is not portable behavior with pthread */
- /* Attempting to destroy a locked mutex results in undefined behavior */
- if (wc_FreeMutex(&m) != BAD_MUTEX_E)
- return -13703;
- #endif
- if (wc_UnLockMutex(&m) != 0)
- return -13704;
- if (wc_FreeMutex(&m) != 0)
- return -13705;
- #if !defined(WOLFSSL_SOLARIS) && defined(ENABLE_PTHREAD_LOCKFREE_TESTS)
- /* Trying to use a pthread after free'ing is not portable behavior */
- if (wc_LockMutex(&m) != BAD_MUTEX_E)
- return -13706;
- if (wc_UnLockMutex(&m) != BAD_MUTEX_E)
- return -13707;
- #endif
- #endif
- return 0;
- }
- #if defined(USE_WOLFSSL_MEMORY) && !defined(FREERTOS)
- #ifndef WOLFSSL_NO_MALLOC
- static int malloc_cnt = 0;
- static int realloc_cnt = 0;
- static int free_cnt = 0;
- static void *my_Malloc_cb(size_t size)
- {
- malloc_cnt++;
- #ifndef WOLFSSL_NO_MALLOC
- return malloc(size);
- #else
- WOLFSSL_MSG("No malloc available");
- (void)size;
- return NULL;
- #endif
- }
- static void my_Free_cb(void *ptr)
- {
- free_cnt++;
- #ifndef WOLFSSL_NO_MALLOC
- free(ptr);
- #else
- WOLFSSL_MSG("No free available");
- (void)ptr;
- #endif
- }
- static void *my_Realloc_cb(void *ptr, size_t size)
- {
- realloc_cnt++;
- #ifndef WOLFSSL_NO_MALLOC
- return realloc(ptr, size);
- #else
- WOLFSSL_MSG("No realloc available");
- (void)ptr;
- (void)size;
- return NULL;
- #endif
- }
- #endif /* !WOLFSSL_NO_MALLOC */
- WOLFSSL_TEST_SUBROUTINE int memcb_test(void)
- {
- int ret = 0;
- #if !defined(WOLFSSL_NO_MALLOC) && !defined(WOLFSSL_LINUXKM)
- byte* b = NULL;
- #endif
- wolfSSL_Malloc_cb mc;
- wolfSSL_Free_cb fc;
- wolfSSL_Realloc_cb rc;
- /* Save existing memory callbacks */
- if (wolfSSL_GetAllocators(&mc, &fc, &rc) != 0)
- return -13800;
- #if !defined(WOLFSSL_NO_MALLOC) && !defined(WOLFSSL_LINUXKM)
- /* test realloc */
- b = (byte*)XREALLOC(b, 1024, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- if (b == NULL) {
- ERROR_OUT(-13801, exit_memcb);
- }
- XFREE(b, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- b = NULL;
- /* Use API. */
- if (wolfSSL_SetAllocators((wolfSSL_Malloc_cb)(void*)&my_Malloc_cb,
- (wolfSSL_Free_cb)(void*)&my_Free_cb,
- (wolfSSL_Realloc_cb)(void*)&my_Realloc_cb) != 0) {
- ERROR_OUT(-13802, exit_memcb);
- }
- b = (byte*)XMALLOC(1024, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- b = (byte*)XREALLOC(b, 1024, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- XFREE(b, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
- #ifndef WOLFSSL_STATIC_MEMORY
- if (malloc_cnt != 1 || free_cnt != 1 || realloc_cnt != 1)
- #else
- if (malloc_cnt != 0 || free_cnt != 0 || realloc_cnt != 0)
- #endif
- ret = -13803;
- #endif /* !WOLFSSL_NO_MALLOC */
- #if !defined(WOLFSSL_NO_MALLOC) && !defined(WOLFSSL_LINUXKM)
- exit_memcb:
- #endif
- /* restore memory callbacks */
- wolfSSL_SetAllocators(mc, fc, rc);
- return ret;
- }
- #endif /* USE_WOLFSSL_MEMORY && !WOLFSSL_NO_MALLOC */
- #ifdef WOLFSSL_IMX6_CAAM_BLOB
- WOLFSSL_TEST_SUBROUTINE int blob_test(void)
- {
- int ret = 0;
- byte out[112];
- byte blob[112];
- word32 outSz;
- WOLFSSL_SMALL_STACK_STATIC const byte iv[] =
- {
- 0xf0,0xf1,0xf2,0xf3,0xf4,0xf5,0xf6,0xf7,
- 0xf8,0xf9,0xfa,0xfb,0xfc,0xfd,0xfe,0xff
- };
- WOLFSSL_SMALL_STACK_STATIC const byte text[] =
- {
- 0x6b,0xc1,0xbe,0xe2,0x2e,0x40,0x9f,0x96,
- 0xe9,0x3d,0x7e,0x11,0x73,0x93,0x17,0x2a,
- 0xae,0x2d,0x8a,0x57,0x1e,0x03,0xac,0x9c,
- 0x9e,0xb7,0x6f,0xac,0x45,0xaf,0x8e,0x51,
- 0x30,0xc8,0x1c,0x46,0xa3,0x5c,0xe4,0x11,
- 0xe5,0xfb,0xc1,0x19,0x1a,0x0a,0x52,0xef,
- 0xf6,0x9f,0x24,0x45,0xdf,0x4f,0x9b,0x17,
- 0xad,0x2b,0x41,0x7b,0xe6,0x6c,0x37,0x10
- };
- XMEMSET(blob, 0, sizeof(blob));
- XMEMSET(out, 0, sizeof(out));
- outSz = sizeof(blob);
- ret = wc_caamCreateBlob((byte*)iv, sizeof(iv), blob, &outSz);
- if (ret != 0) {
- ERROR_OUT(-13900, exit_blob);
- }
- blob[outSz - 2] += 1;
- ret = wc_caamOpenBlob(blob, outSz, out, &outSz);
- if (ret == 0) { /* should fail with altered blob */
- ERROR_OUT(-13901, exit_blob);
- }
- XMEMSET(blob, 0, sizeof(blob));
- outSz = sizeof(blob);
- ret = wc_caamCreateBlob((byte*)iv, sizeof(iv), blob, &outSz);
- if (ret != 0) {
- ERROR_OUT(-13902, exit_blob);
- }
- ret = wc_caamOpenBlob(blob, outSz, out, &outSz);
- if (ret != 0) {
- ERROR_OUT(-13903, exit_blob);
- }
- if (XMEMCMP(out, iv, sizeof(iv))) {
- ERROR_OUT(-13904, exit_blob);
- }
- XMEMSET(blob, 0, sizeof(blob));
- outSz = sizeof(blob);
- ret = wc_caamCreateBlob((byte*)text, sizeof(text), blob, &outSz);
- if (ret != 0) {
- ERROR_OUT(-13905, exit_blob);
- }
- ret = wc_caamOpenBlob(blob, outSz, out, &outSz);
- if (ret != 0) {
- ERROR_OUT(-13906, exit_blob);
- }
- if (XMEMCMP(out, text, sizeof(text))) {
- ERROR_OUT(-13907, exit_blob);
- }
- exit_blob:
- return ret;
- }
- #endif /* WOLFSSL_IMX6_CAAM_BLOB */
- #ifdef WOLF_CRYPTO_CB
- /* Example custom context for crypto callback */
- typedef struct {
- int exampleVar; /* example, not used */
- } myCryptoDevCtx;
- /* Example crypto dev callback function that calls software version */
- static int myCryptoDevCb(int devIdArg, wc_CryptoInfo* info, void* ctx)
- {
- int ret = NOT_COMPILED_IN; /* return this to bypass HW and use SW */
- myCryptoDevCtx* myCtx = (myCryptoDevCtx*)ctx;
- if (info == NULL)
- return BAD_FUNC_ARG;
- #ifdef DEBUG_WOLFSSL
- printf("CryptoDevCb: Algo Type %d\n", info->algo_type);
- #endif
- if (info->algo_type == WC_ALGO_TYPE_RNG) {
- #ifndef WC_NO_RNG
- /* set devId to invalid, so software is used */
- info->rng.rng->devId = INVALID_DEVID;
- ret = wc_RNG_GenerateBlock(info->rng.rng,
- info->rng.out, info->rng.sz);
- /* reset devId */
- info->rng.rng->devId = devIdArg;
- #endif
- }
- else if (info->algo_type == WC_ALGO_TYPE_SEED) {
- #ifndef WC_NO_RNG
- static byte seed[sizeof(word32)] = { 0x00, 0x00, 0x00, 0x01 };
- word32* seedWord32 = (word32*)seed;
- word32 len;
- /* wc_GenerateSeed is a local symbol so we need to fake the entropy. */
- while (info->seed.sz > 0) {
- len = (word32)sizeof(seed);
- if (info->seed.sz < len)
- len = info->seed.sz;
- XMEMCPY(info->seed.seed, seed, sizeof(seed));
- info->seed.seed += len;
- info->seed.sz -= len;
- (*seedWord32)++;
- }
- ret = 0;
- #endif
- }
- else if (info->algo_type == WC_ALGO_TYPE_PK) {
- #ifdef DEBUG_WOLFSSL
- printf("CryptoDevCb: Pk Type %d\n", info->pk.type);
- #endif
- #ifndef NO_RSA
- if (info->pk.type == WC_PK_TYPE_RSA) {
- /* set devId to invalid, so software is used */
- info->pk.rsa.key->devId = INVALID_DEVID;
- switch (info->pk.rsa.type) {
- case RSA_PUBLIC_ENCRYPT:
- case RSA_PUBLIC_DECRYPT:
- /* perform software based RSA public op */
- ret = wc_RsaFunction(
- info->pk.rsa.in, info->pk.rsa.inLen,
- info->pk.rsa.out, info->pk.rsa.outLen,
- info->pk.rsa.type, info->pk.rsa.key, info->pk.rsa.rng);
- break;
- case RSA_PRIVATE_ENCRYPT:
- case RSA_PRIVATE_DECRYPT:
- /* perform software based RSA private op */
- ret = wc_RsaFunction(
- info->pk.rsa.in, info->pk.rsa.inLen,
- info->pk.rsa.out, info->pk.rsa.outLen,
- info->pk.rsa.type, info->pk.rsa.key, info->pk.rsa.rng);
- break;
- }
- /* reset devId */
- info->pk.rsa.key->devId = devIdArg;
- }
- #ifdef WOLFSSL_KEY_GEN
- else if (info->pk.type == WC_PK_TYPE_RSA_KEYGEN) {
- info->pk.rsakg.key->devId = INVALID_DEVID;
- ret = wc_MakeRsaKey(info->pk.rsakg.key, info->pk.rsakg.size,
- info->pk.rsakg.e, info->pk.rsakg.rng);
- /* reset devId */
- info->pk.rsakg.key->devId = devIdArg;
- }
- #endif
- #endif /* !NO_RSA */
- #ifdef HAVE_ECC
- if (info->pk.type == WC_PK_TYPE_EC_KEYGEN) {
- /* set devId to invalid, so software is used */
- info->pk.eckg.key->devId = INVALID_DEVID;
- ret = wc_ecc_make_key_ex(info->pk.eckg.rng, info->pk.eckg.size,
- info->pk.eckg.key, info->pk.eckg.curveId);
- /* reset devId */
- info->pk.eckg.key->devId = devIdArg;
- }
- else if (info->pk.type == WC_PK_TYPE_ECDSA_SIGN) {
- /* set devId to invalid, so software is used */
- info->pk.eccsign.key->devId = INVALID_DEVID;
- ret = wc_ecc_sign_hash(
- info->pk.eccsign.in, info->pk.eccsign.inlen,
- info->pk.eccsign.out, info->pk.eccsign.outlen,
- info->pk.eccsign.rng, info->pk.eccsign.key);
- /* reset devId */
- info->pk.eccsign.key->devId = devIdArg;
- }
- else if (info->pk.type == WC_PK_TYPE_ECDSA_VERIFY) {
- /* set devId to invalid, so software is used */
- info->pk.eccverify.key->devId = INVALID_DEVID;
- ret = wc_ecc_verify_hash(
- info->pk.eccverify.sig, info->pk.eccverify.siglen,
- info->pk.eccverify.hash, info->pk.eccverify.hashlen,
- info->pk.eccverify.res, info->pk.eccverify.key);
- /* reset devId */
- info->pk.eccverify.key->devId = devIdArg;
- }
- else if (info->pk.type == WC_PK_TYPE_ECDH) {
- /* set devId to invalid, so software is used */
- info->pk.ecdh.private_key->devId = INVALID_DEVID;
- ret = wc_ecc_shared_secret(
- info->pk.ecdh.private_key, info->pk.ecdh.public_key,
- info->pk.ecdh.out, info->pk.ecdh.outlen);
- /* reset devId */
- info->pk.ecdh.private_key->devId = devIdArg;
- }
- #endif /* HAVE_ECC */
- }
- else if (info->algo_type == WC_ALGO_TYPE_CIPHER) {
- #if !defined(NO_AES) || !defined(NO_DES3)
- #ifdef HAVE_AESGCM
- if (info->cipher.type == WC_CIPHER_AES_GCM) {
- if (info->cipher.enc) {
- /* set devId to invalid, so software is used */
- info->cipher.aesgcm_enc.aes->devId = INVALID_DEVID;
- ret = wc_AesGcmEncrypt(
- info->cipher.aesgcm_enc.aes,
- info->cipher.aesgcm_enc.out,
- info->cipher.aesgcm_enc.in,
- info->cipher.aesgcm_enc.sz,
- info->cipher.aesgcm_enc.iv,
- info->cipher.aesgcm_enc.ivSz,
- info->cipher.aesgcm_enc.authTag,
- info->cipher.aesgcm_enc.authTagSz,
- info->cipher.aesgcm_enc.authIn,
- info->cipher.aesgcm_enc.authInSz);
- /* reset devId */
- info->cipher.aesgcm_enc.aes->devId = devIdArg;
- }
- else {
- /* set devId to invalid, so software is used */
- info->cipher.aesgcm_dec.aes->devId = INVALID_DEVID;
- ret = wc_AesGcmDecrypt(
- info->cipher.aesgcm_dec.aes,
- info->cipher.aesgcm_dec.out,
- info->cipher.aesgcm_dec.in,
- info->cipher.aesgcm_dec.sz,
- info->cipher.aesgcm_dec.iv,
- info->cipher.aesgcm_dec.ivSz,
- info->cipher.aesgcm_dec.authTag,
- info->cipher.aesgcm_dec.authTagSz,
- info->cipher.aesgcm_dec.authIn,
- info->cipher.aesgcm_dec.authInSz);
- /* reset devId */
- info->cipher.aesgcm_dec.aes->devId = devIdArg;
- }
- }
- #endif /* HAVE_AESGCM */
- #ifdef HAVE_AES_CBC
- if (info->cipher.type == WC_CIPHER_AES_CBC) {
- if (info->cipher.enc) {
- /* set devId to invalid, so software is used */
- info->cipher.aescbc.aes->devId = INVALID_DEVID;
- ret = wc_AesCbcEncrypt(
- info->cipher.aescbc.aes,
- info->cipher.aescbc.out,
- info->cipher.aescbc.in,
- info->cipher.aescbc.sz);
- /* reset devId */
- info->cipher.aescbc.aes->devId = devIdArg;
- }
- else {
- /* set devId to invalid, so software is used */
- info->cipher.aescbc.aes->devId = INVALID_DEVID;
- ret = wc_AesCbcDecrypt(
- info->cipher.aescbc.aes,
- info->cipher.aescbc.out,
- info->cipher.aescbc.in,
- info->cipher.aescbc.sz);
- /* reset devId */
- info->cipher.aescbc.aes->devId = devIdArg;
- }
- }
- #endif /* HAVE_AES_CBC */
- #ifndef NO_DES3
- if (info->cipher.type == WC_CIPHER_DES3) {
- if (info->cipher.enc) {
- /* set devId to invalid, so software is used */
- info->cipher.des3.des->devId = INVALID_DEVID;
- ret = wc_Des3_CbcEncrypt(
- info->cipher.des3.des,
- info->cipher.des3.out,
- info->cipher.des3.in,
- info->cipher.des3.sz);
- /* reset devId */
- info->cipher.des3.des->devId = devIdArg;
- }
- else {
- /* set devId to invalid, so software is used */
- info->cipher.des3.des->devId = INVALID_DEVID;
- ret = wc_Des3_CbcDecrypt(
- info->cipher.des3.des,
- info->cipher.des3.out,
- info->cipher.des3.in,
- info->cipher.des3.sz);
- /* reset devId */
- info->cipher.des3.des->devId = devIdArg;
- }
- }
- #endif /* !NO_DES3 */
- #endif /* !NO_AES || !NO_DES3 */
- }
- #if !defined(NO_SHA) || !defined(NO_SHA256)
- else if (info->algo_type == WC_ALGO_TYPE_HASH) {
- #if !defined(NO_SHA)
- if (info->hash.type == WC_HASH_TYPE_SHA) {
- if (info->hash.sha1 == NULL)
- return NOT_COMPILED_IN;
- /* set devId to invalid, so software is used */
- info->hash.sha1->devId = INVALID_DEVID;
- if (info->hash.in != NULL) {
- ret = wc_ShaUpdate(
- info->hash.sha1,
- info->hash.in,
- info->hash.inSz);
- }
- if (info->hash.digest != NULL) {
- ret = wc_ShaFinal(
- info->hash.sha1,
- info->hash.digest);
- }
- /* reset devId */
- info->hash.sha1->devId = devIdArg;
- }
- else
- #endif
- #if !defined(NO_SHA256)
- if (info->hash.type == WC_HASH_TYPE_SHA256) {
- if (info->hash.sha256 == NULL)
- return NOT_COMPILED_IN;
- /* set devId to invalid, so software is used */
- info->hash.sha256->devId = INVALID_DEVID;
- if (info->hash.in != NULL) {
- ret = wc_Sha256Update(
- info->hash.sha256,
- info->hash.in,
- info->hash.inSz);
- }
- if (info->hash.digest != NULL) {
- ret = wc_Sha256Final(
- info->hash.sha256,
- info->hash.digest);
- }
- /* reset devId */
- info->hash.sha256->devId = devIdArg;
- }
- else
- #endif
- {
- }
- }
- #endif /* !NO_SHA || !NO_SHA256 */
- #ifndef NO_HMAC
- else if (info->algo_type == WC_ALGO_TYPE_HMAC) {
- if (info->hmac.hmac == NULL)
- return NOT_COMPILED_IN;
- /* set devId to invalid, so software is used */
- info->hmac.hmac->devId = INVALID_DEVID;
- if (info->hash.in != NULL) {
- ret = wc_HmacUpdate(
- info->hmac.hmac,
- info->hmac.in,
- info->hmac.inSz);
- }
- else if (info->hash.digest != NULL) {
- ret = wc_HmacFinal(
- info->hmac.hmac,
- info->hmac.digest);
- }
- /* reset devId */
- info->hmac.hmac->devId = devIdArg;
- }
- #endif
- (void)devIdArg;
- (void)myCtx;
- return ret;
- }
- WOLFSSL_TEST_SUBROUTINE int cryptocb_test(void)
- {
- int ret = 0;
- myCryptoDevCtx myCtx;
- /* example data for callback */
- myCtx.exampleVar = 1;
- /* set devId to something other than INVALID_DEVID */
- devId = 1;
- ret = wc_CryptoCb_RegisterDevice(devId, myCryptoDevCb, &myCtx);
- #ifndef WC_NO_RNG
- if (ret == 0)
- ret = random_test();
- #endif /* WC_NO_RNG */
- #ifndef NO_RSA
- if (ret == 0)
- ret = rsa_test();
- #endif
- #ifdef HAVE_ECC
- if (ret == 0)
- ret = ecc_test();
- #endif
- #ifndef NO_AES
- #ifdef HAVE_AESGCM
- if (ret == 0)
- ret = aesgcm_test();
- #endif
- #ifdef HAVE_AES_CBC
- if (ret == 0)
- ret = aes_test();
- #endif
- #endif /* !NO_AES */
- #ifndef NO_DES3
- if (ret == 0)
- ret = des3_test();
- #endif /* !NO_DES3 */
- #if !defined(NO_SHA) || !defined(NO_SHA256)
- #ifndef NO_SHA
- if (ret == 0)
- ret = sha_test();
- #endif
- #ifndef NO_SHA256
- if (ret == 0)
- ret = sha256_test();
- #endif
- #endif
- #ifndef NO_HMAC
- #ifndef NO_SHA
- if (ret == 0)
- ret = hmac_sha_test();
- #endif
- #ifndef NO_SHA256
- if (ret == 0)
- ret = hmac_sha256_test();
- #endif
- #endif
- #ifndef NO_PWDBASED
- #if defined(HAVE_PBKDF2) && !defined(NO_SHA256)
- if (ret == 0)
- ret = pbkdf2_test();
- #endif
- #endif
- #if defined(WOLFSSL_CMAC) && !defined(NO_AES)
- if (ret == 0)
- ret = cmac_test();
- #endif
- /* reset devId */
- devId = INVALID_DEVID;
- return ret;
- }
- #endif /* WOLF_CRYPTO_CB */
- #ifdef WOLFSSL_CERT_PIV
- WOLFSSL_TEST_SUBROUTINE int certpiv_test(void)
- {
- int ret;
- wc_CertPIV piv;
- /* Template for Identiv PIV cert, nonce and signature */
- WOLFSSL_SMALL_STACK_STATIC const byte pivCertIdentiv[] = {
- 0x0A, 0x0D,
- 0x53, 0x04, /* NIST PIV Cert */
- 0x70, 0x02, /* Certificate */
- 0x30, 0x00,
- 0x71, 0x01, 0x00, /* Cert Info */
- 0xFE, 0x00, /* Error Detection */
- 0x0B, 0x01, 0x00, /* Nonce */
- 0x0C, 0x01, 0x00, /* Signed Nonce */
- };
- WOLFSSL_SMALL_STACK_STATIC const byte pivCert[] = {
- 0x53, 0x04, /* NIST PIV Cert */
- 0x70, 0x02, /* Certificate */
- 0x30, 0x00,
- 0x71, 0x01, 0x00, /* Cert Info */
- 0xFE, 0x00, /* Error Detection */
- };
- /* Test with identiv 0x0A, 0x0B and 0x0C markers */
- ret = wc_ParseCertPIV(&piv, pivCertIdentiv, sizeof(pivCertIdentiv));
- if (ret == 0) {
- /* Test with NIST PIV format */
- ret = wc_ParseCertPIV(&piv, pivCert, sizeof(pivCert));
- }
- return ret;
- }
- #endif /* WOLFSSL_CERT_PIV */
- #undef ERROR_OUT
- #else
- #ifndef NO_MAIN_DRIVER
- int main() { return 0; }
- #endif
- #endif /* NO_CRYPT_TEST */
|