test.c 1.1 MB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422423424425426427428429430431432433434435436437438439440441442443444445446447448449450451452453454455456457458459460461462463464465466467468469470471472473474475476477478479480481482483484485486487488489490491492493494495496497498499500501502503504505506507508509510511512513514515516517518519520521522523524525526527528529530531532533534535536537538539540541542543544545546547548549550551552553554555556557558559560561562563564565566567568569570571572573574575576577578579580581582583584585586587588589590591592593594595596597598599600601602603604605606607608609610611612613614615616617618619620621622623624625626627628629630631632633634635636637638639640641642643644645646647648649650651652653654655656657658659660661662663664665666667668669670671672673674675676677678679680681682683684685686687688689690691692693694695696697698699700701702703704705706707708709710711712713714715716717718719720721722723724725726727728729730731732733734735736737738739740741742743744745746747748749750751752753754755756757758759760761762763764765766767768769770771772773774775776777778779780781782783784785786787788789790791792793794795796797798799800801802803804805806807808809810811812813814815816817818819820821822823824825826827828829830831832833834835836837838839840841842843844845846847848849850851852853854855856857858859860861862863864865866867868869870871872873874875876877878879880881882883884885886887888889890891892893894895896897898899900901902903904905906907908909910911912913914915916917918919920921922923924925926927928929930931932933934935936937938939940941942943944945946947948949950951952953954955956957958959960961962963964965966967968969970971972973974975976977978979980981982983984985986987988989990991992993994995996997998999100010011002100310041005100610071008100910101011101210131014101510161017101810191020102110221023102410251026102710281029103010311032103310341035103610371038103910401041104210431044104510461047104810491050105110521053105410551056105710581059106010611062106310641065106610671068106910701071107210731074107510761077107810791080108110821083108410851086108710881089109010911092109310941095109610971098109911001101110211031104110511061107110811091110111111121113111411151116111711181119112011211122112311241125112611271128112911301131113211331134113511361137113811391140114111421143114411451146114711481149115011511152115311541155115611571158115911601161116211631164116511661167116811691170117111721173117411751176117711781179118011811182118311841185118611871188118911901191119211931194119511961197119811991200120112021203120412051206120712081209121012111212121312141215121612171218121912201221122212231224122512261227122812291230123112321233123412351236123712381239124012411242124312441245124612471248124912501251125212531254125512561257125812591260126112621263126412651266126712681269127012711272127312741275127612771278127912801281128212831284128512861287128812891290129112921293129412951296129712981299130013011302130313041305130613071308130913101311131213131314131513161317131813191320132113221323132413251326132713281329133013311332133313341335133613371338133913401341134213431344134513461347134813491350135113521353135413551356135713581359136013611362136313641365136613671368136913701371137213731374137513761377137813791380138113821383138413851386138713881389139013911392139313941395139613971398139914001401140214031404140514061407140814091410141114121413141414151416141714181419142014211422142314241425142614271428142914301431143214331434143514361437143814391440144114421443144414451446144714481449145014511452145314541455145614571458145914601461146214631464146514661467146814691470147114721473147414751476147714781479148014811482148314841485148614871488148914901491149214931494149514961497149814991500150115021503150415051506150715081509151015111512151315141515151615171518151915201521152215231524152515261527152815291530153115321533153415351536153715381539154015411542154315441545154615471548154915501551155215531554155515561557155815591560156115621563156415651566156715681569157015711572157315741575157615771578157915801581158215831584158515861587158815891590159115921593159415951596159715981599160016011602160316041605160616071608160916101611161216131614161516161617161816191620162116221623162416251626162716281629163016311632163316341635163616371638163916401641164216431644164516461647164816491650165116521653165416551656165716581659166016611662166316641665166616671668166916701671167216731674167516761677167816791680168116821683168416851686168716881689169016911692169316941695169616971698169917001701170217031704170517061707170817091710171117121713171417151716171717181719172017211722172317241725172617271728172917301731173217331734173517361737173817391740174117421743174417451746174717481749175017511752175317541755175617571758175917601761176217631764176517661767176817691770177117721773177417751776177717781779178017811782178317841785178617871788178917901791179217931794179517961797179817991800180118021803180418051806180718081809181018111812181318141815181618171818181918201821182218231824182518261827182818291830183118321833183418351836183718381839184018411842184318441845184618471848184918501851185218531854185518561857185818591860186118621863186418651866186718681869187018711872187318741875187618771878187918801881188218831884188518861887188818891890189118921893189418951896189718981899190019011902190319041905190619071908190919101911191219131914191519161917191819191920192119221923192419251926192719281929193019311932193319341935193619371938193919401941194219431944194519461947194819491950195119521953195419551956195719581959196019611962196319641965196619671968196919701971197219731974197519761977197819791980198119821983198419851986198719881989199019911992199319941995199619971998199920002001200220032004200520062007200820092010201120122013201420152016201720182019202020212022202320242025202620272028202920302031203220332034203520362037203820392040204120422043204420452046204720482049205020512052205320542055205620572058205920602061206220632064206520662067206820692070207120722073207420752076207720782079208020812082208320842085208620872088208920902091209220932094209520962097209820992100210121022103210421052106210721082109211021112112211321142115211621172118211921202121212221232124212521262127212821292130213121322133213421352136213721382139214021412142214321442145214621472148214921502151215221532154215521562157215821592160216121622163216421652166216721682169217021712172217321742175217621772178217921802181218221832184218521862187218821892190219121922193219421952196219721982199220022012202220322042205220622072208220922102211221222132214221522162217221822192220222122222223222422252226222722282229223022312232223322342235223622372238223922402241224222432244224522462247224822492250225122522253225422552256225722582259226022612262226322642265226622672268226922702271227222732274227522762277227822792280228122822283228422852286228722882289229022912292229322942295229622972298229923002301230223032304230523062307230823092310231123122313231423152316231723182319232023212322232323242325232623272328232923302331233223332334233523362337233823392340234123422343234423452346234723482349235023512352235323542355235623572358235923602361236223632364236523662367236823692370237123722373237423752376237723782379238023812382238323842385238623872388238923902391239223932394239523962397239823992400240124022403240424052406240724082409241024112412241324142415241624172418241924202421242224232424242524262427242824292430243124322433243424352436243724382439244024412442244324442445244624472448244924502451245224532454245524562457245824592460246124622463246424652466246724682469247024712472247324742475247624772478247924802481248224832484248524862487248824892490249124922493249424952496249724982499250025012502250325042505250625072508250925102511251225132514251525162517251825192520252125222523252425252526252725282529253025312532253325342535253625372538253925402541254225432544254525462547254825492550255125522553255425552556255725582559256025612562256325642565256625672568256925702571257225732574257525762577257825792580258125822583258425852586258725882589259025912592259325942595259625972598259926002601260226032604260526062607260826092610261126122613261426152616261726182619262026212622262326242625262626272628262926302631263226332634263526362637263826392640264126422643264426452646264726482649265026512652265326542655265626572658265926602661266226632664266526662667266826692670267126722673267426752676267726782679268026812682268326842685268626872688268926902691269226932694269526962697269826992700270127022703270427052706270727082709271027112712271327142715271627172718271927202721272227232724272527262727272827292730273127322733273427352736273727382739274027412742274327442745274627472748274927502751275227532754275527562757275827592760276127622763276427652766276727682769277027712772277327742775277627772778277927802781278227832784278527862787278827892790279127922793279427952796279727982799280028012802280328042805280628072808280928102811281228132814281528162817281828192820282128222823282428252826282728282829283028312832283328342835283628372838283928402841284228432844284528462847284828492850285128522853285428552856285728582859286028612862286328642865286628672868286928702871287228732874287528762877287828792880288128822883288428852886288728882889289028912892289328942895289628972898289929002901290229032904290529062907290829092910291129122913291429152916291729182919292029212922292329242925292629272928292929302931293229332934293529362937293829392940294129422943294429452946294729482949295029512952295329542955295629572958295929602961296229632964296529662967296829692970297129722973297429752976297729782979298029812982298329842985298629872988298929902991299229932994299529962997299829993000300130023003300430053006300730083009301030113012301330143015301630173018301930203021302230233024302530263027302830293030303130323033303430353036303730383039304030413042304330443045304630473048304930503051305230533054305530563057305830593060306130623063306430653066306730683069307030713072307330743075307630773078307930803081308230833084308530863087308830893090309130923093309430953096309730983099310031013102310331043105310631073108310931103111311231133114311531163117311831193120312131223123312431253126312731283129313031313132313331343135313631373138313931403141314231433144314531463147314831493150315131523153315431553156315731583159316031613162316331643165316631673168316931703171317231733174317531763177317831793180318131823183318431853186318731883189319031913192319331943195319631973198319932003201320232033204320532063207320832093210321132123213321432153216321732183219322032213222322332243225322632273228322932303231323232333234323532363237323832393240324132423243324432453246324732483249325032513252325332543255325632573258325932603261326232633264326532663267326832693270327132723273327432753276327732783279328032813282328332843285328632873288328932903291329232933294329532963297329832993300330133023303330433053306330733083309331033113312331333143315331633173318331933203321332233233324332533263327332833293330333133323333333433353336333733383339334033413342334333443345334633473348334933503351335233533354335533563357335833593360336133623363336433653366336733683369337033713372337333743375337633773378337933803381338233833384338533863387338833893390339133923393339433953396339733983399340034013402340334043405340634073408340934103411341234133414341534163417341834193420342134223423342434253426342734283429343034313432343334343435343634373438343934403441344234433444344534463447344834493450345134523453345434553456345734583459346034613462346334643465346634673468346934703471347234733474347534763477347834793480348134823483348434853486348734883489349034913492349334943495349634973498349935003501350235033504350535063507350835093510351135123513351435153516351735183519352035213522352335243525352635273528352935303531353235333534353535363537353835393540354135423543354435453546354735483549355035513552355335543555355635573558355935603561356235633564356535663567356835693570357135723573357435753576357735783579358035813582358335843585358635873588358935903591359235933594359535963597359835993600360136023603360436053606360736083609361036113612361336143615361636173618361936203621362236233624362536263627362836293630363136323633363436353636363736383639364036413642364336443645364636473648364936503651365236533654365536563657365836593660366136623663366436653666366736683669367036713672367336743675367636773678367936803681368236833684368536863687368836893690369136923693369436953696369736983699370037013702370337043705370637073708370937103711371237133714371537163717371837193720372137223723372437253726372737283729373037313732373337343735373637373738373937403741374237433744374537463747374837493750375137523753375437553756375737583759376037613762376337643765376637673768376937703771377237733774377537763777377837793780378137823783378437853786378737883789379037913792379337943795379637973798379938003801380238033804380538063807380838093810381138123813381438153816381738183819382038213822382338243825382638273828382938303831383238333834383538363837383838393840384138423843384438453846384738483849385038513852385338543855385638573858385938603861386238633864386538663867386838693870387138723873387438753876387738783879388038813882388338843885388638873888388938903891389238933894389538963897389838993900390139023903390439053906390739083909391039113912391339143915391639173918391939203921392239233924392539263927392839293930393139323933393439353936393739383939394039413942394339443945394639473948394939503951395239533954395539563957395839593960396139623963396439653966396739683969397039713972397339743975397639773978397939803981398239833984398539863987398839893990399139923993399439953996399739983999400040014002400340044005400640074008400940104011401240134014401540164017401840194020402140224023402440254026402740284029403040314032403340344035403640374038403940404041404240434044404540464047404840494050405140524053405440554056405740584059406040614062406340644065406640674068406940704071407240734074407540764077407840794080408140824083408440854086408740884089409040914092409340944095409640974098409941004101410241034104410541064107410841094110411141124113411441154116411741184119412041214122412341244125412641274128412941304131413241334134413541364137413841394140414141424143414441454146414741484149415041514152415341544155415641574158415941604161416241634164416541664167416841694170417141724173417441754176417741784179418041814182418341844185418641874188418941904191419241934194419541964197419841994200420142024203420442054206420742084209421042114212421342144215421642174218421942204221422242234224422542264227422842294230423142324233423442354236423742384239424042414242424342444245424642474248424942504251425242534254425542564257425842594260426142624263426442654266426742684269427042714272427342744275427642774278427942804281428242834284428542864287428842894290429142924293429442954296429742984299430043014302430343044305430643074308430943104311431243134314431543164317431843194320432143224323432443254326432743284329433043314332433343344335433643374338433943404341434243434344434543464347434843494350435143524353435443554356435743584359436043614362436343644365436643674368436943704371437243734374437543764377437843794380438143824383438443854386438743884389439043914392439343944395439643974398439944004401440244034404440544064407440844094410441144124413441444154416441744184419442044214422442344244425442644274428442944304431443244334434443544364437443844394440444144424443444444454446444744484449445044514452445344544455445644574458445944604461446244634464446544664467446844694470447144724473447444754476447744784479448044814482448344844485448644874488448944904491449244934494449544964497449844994500450145024503450445054506450745084509451045114512451345144515451645174518451945204521452245234524452545264527452845294530453145324533453445354536453745384539454045414542454345444545454645474548454945504551455245534554455545564557455845594560456145624563456445654566456745684569457045714572457345744575457645774578457945804581458245834584458545864587458845894590459145924593459445954596459745984599460046014602460346044605460646074608460946104611461246134614461546164617461846194620462146224623462446254626462746284629463046314632463346344635463646374638463946404641464246434644464546464647464846494650465146524653465446554656465746584659466046614662466346644665466646674668466946704671467246734674467546764677467846794680468146824683468446854686468746884689469046914692469346944695469646974698469947004701470247034704470547064707470847094710471147124713471447154716471747184719472047214722472347244725472647274728472947304731473247334734473547364737473847394740474147424743474447454746474747484749475047514752475347544755475647574758475947604761476247634764476547664767476847694770477147724773477447754776477747784779478047814782478347844785478647874788478947904791479247934794479547964797479847994800480148024803480448054806480748084809481048114812481348144815481648174818481948204821482248234824482548264827482848294830483148324833483448354836483748384839484048414842484348444845484648474848484948504851485248534854485548564857485848594860486148624863486448654866486748684869487048714872487348744875487648774878487948804881488248834884488548864887488848894890489148924893489448954896489748984899490049014902490349044905490649074908490949104911491249134914491549164917491849194920492149224923492449254926492749284929493049314932493349344935493649374938493949404941494249434944494549464947494849494950495149524953495449554956495749584959496049614962496349644965496649674968496949704971497249734974497549764977497849794980498149824983498449854986498749884989499049914992499349944995499649974998499950005001500250035004500550065007500850095010501150125013501450155016501750185019502050215022502350245025502650275028502950305031503250335034503550365037503850395040504150425043504450455046504750485049505050515052505350545055505650575058505950605061506250635064506550665067506850695070507150725073507450755076507750785079508050815082508350845085508650875088508950905091509250935094509550965097509850995100510151025103510451055106510751085109511051115112511351145115511651175118511951205121512251235124512551265127512851295130513151325133513451355136513751385139514051415142514351445145514651475148514951505151515251535154515551565157515851595160516151625163516451655166516751685169517051715172517351745175517651775178517951805181518251835184518551865187518851895190519151925193519451955196519751985199520052015202520352045205520652075208520952105211521252135214521552165217521852195220522152225223522452255226522752285229523052315232523352345235523652375238523952405241524252435244524552465247524852495250525152525253525452555256525752585259526052615262526352645265526652675268526952705271527252735274527552765277527852795280528152825283528452855286528752885289529052915292529352945295529652975298529953005301530253035304530553065307530853095310531153125313531453155316531753185319532053215322532353245325532653275328532953305331533253335334533553365337533853395340534153425343534453455346534753485349535053515352535353545355535653575358535953605361536253635364536553665367536853695370537153725373537453755376537753785379538053815382538353845385538653875388538953905391539253935394539553965397539853995400540154025403540454055406540754085409541054115412541354145415541654175418541954205421542254235424542554265427542854295430543154325433543454355436543754385439544054415442544354445445544654475448544954505451545254535454545554565457545854595460546154625463546454655466546754685469547054715472547354745475547654775478547954805481548254835484548554865487548854895490549154925493549454955496549754985499550055015502550355045505550655075508550955105511551255135514551555165517551855195520552155225523552455255526552755285529553055315532553355345535553655375538553955405541554255435544554555465547554855495550555155525553555455555556555755585559556055615562556355645565556655675568556955705571557255735574557555765577557855795580558155825583558455855586558755885589559055915592559355945595559655975598559956005601560256035604560556065607560856095610561156125613561456155616561756185619562056215622562356245625562656275628562956305631563256335634563556365637563856395640564156425643564456455646564756485649565056515652565356545655565656575658565956605661566256635664566556665667566856695670567156725673567456755676567756785679568056815682568356845685568656875688568956905691569256935694569556965697569856995700570157025703570457055706570757085709571057115712571357145715571657175718571957205721572257235724572557265727572857295730573157325733573457355736573757385739574057415742574357445745574657475748574957505751575257535754575557565757575857595760576157625763576457655766576757685769577057715772577357745775577657775778577957805781578257835784578557865787578857895790579157925793579457955796579757985799580058015802580358045805580658075808580958105811581258135814581558165817581858195820582158225823582458255826582758285829583058315832583358345835583658375838583958405841584258435844584558465847584858495850585158525853585458555856585758585859586058615862586358645865586658675868586958705871587258735874587558765877587858795880588158825883588458855886588758885889589058915892589358945895589658975898589959005901590259035904590559065907590859095910591159125913591459155916591759185919592059215922592359245925592659275928592959305931593259335934593559365937593859395940594159425943594459455946594759485949595059515952595359545955595659575958595959605961596259635964596559665967596859695970597159725973597459755976597759785979598059815982598359845985598659875988598959905991599259935994599559965997599859996000600160026003600460056006600760086009601060116012601360146015601660176018601960206021602260236024602560266027602860296030603160326033603460356036603760386039604060416042604360446045604660476048604960506051605260536054605560566057605860596060606160626063606460656066606760686069607060716072607360746075607660776078607960806081608260836084608560866087608860896090609160926093609460956096609760986099610061016102610361046105610661076108610961106111611261136114611561166117611861196120612161226123612461256126612761286129613061316132613361346135613661376138613961406141614261436144614561466147614861496150615161526153615461556156615761586159616061616162616361646165616661676168616961706171617261736174617561766177617861796180618161826183618461856186618761886189619061916192619361946195619661976198619962006201620262036204620562066207620862096210621162126213621462156216621762186219622062216222622362246225622662276228622962306231623262336234623562366237623862396240624162426243624462456246624762486249625062516252625362546255625662576258625962606261626262636264626562666267626862696270627162726273627462756276627762786279628062816282628362846285628662876288628962906291629262936294629562966297629862996300630163026303630463056306630763086309631063116312631363146315631663176318631963206321632263236324632563266327632863296330633163326333633463356336633763386339634063416342634363446345634663476348634963506351635263536354635563566357635863596360636163626363636463656366636763686369637063716372637363746375637663776378637963806381638263836384638563866387638863896390639163926393639463956396639763986399640064016402640364046405640664076408640964106411641264136414641564166417641864196420642164226423642464256426642764286429643064316432643364346435643664376438643964406441644264436444644564466447644864496450645164526453645464556456645764586459646064616462646364646465646664676468646964706471647264736474647564766477647864796480648164826483648464856486648764886489649064916492649364946495649664976498649965006501650265036504650565066507650865096510651165126513651465156516651765186519652065216522652365246525652665276528652965306531653265336534653565366537653865396540654165426543654465456546654765486549655065516552655365546555655665576558655965606561656265636564656565666567656865696570657165726573657465756576657765786579658065816582658365846585658665876588658965906591659265936594659565966597659865996600660166026603660466056606660766086609661066116612661366146615661666176618661966206621662266236624662566266627662866296630663166326633663466356636663766386639664066416642664366446645664666476648664966506651665266536654665566566657665866596660666166626663666466656666666766686669667066716672667366746675667666776678667966806681668266836684668566866687668866896690669166926693669466956696669766986699670067016702670367046705670667076708670967106711671267136714671567166717671867196720672167226723672467256726672767286729673067316732673367346735673667376738673967406741674267436744674567466747674867496750675167526753675467556756675767586759676067616762676367646765676667676768676967706771677267736774677567766777677867796780678167826783678467856786678767886789679067916792679367946795679667976798679968006801680268036804680568066807680868096810681168126813681468156816681768186819682068216822682368246825682668276828682968306831683268336834683568366837683868396840684168426843684468456846684768486849685068516852685368546855685668576858685968606861686268636864686568666867686868696870687168726873687468756876687768786879688068816882688368846885688668876888688968906891689268936894689568966897689868996900690169026903690469056906690769086909691069116912691369146915691669176918691969206921692269236924692569266927692869296930693169326933693469356936693769386939694069416942694369446945694669476948694969506951695269536954695569566957695869596960696169626963696469656966696769686969697069716972697369746975697669776978697969806981698269836984698569866987698869896990699169926993699469956996699769986999700070017002700370047005700670077008700970107011701270137014701570167017701870197020702170227023702470257026702770287029703070317032703370347035703670377038703970407041704270437044704570467047704870497050705170527053705470557056705770587059706070617062706370647065706670677068706970707071707270737074707570767077707870797080708170827083708470857086708770887089709070917092709370947095709670977098709971007101710271037104710571067107710871097110711171127113711471157116711771187119712071217122712371247125712671277128712971307131713271337134713571367137713871397140714171427143714471457146714771487149715071517152715371547155715671577158715971607161716271637164716571667167716871697170717171727173717471757176717771787179718071817182718371847185718671877188718971907191719271937194719571967197719871997200720172027203720472057206720772087209721072117212721372147215721672177218721972207221722272237224722572267227722872297230723172327233723472357236723772387239724072417242724372447245724672477248724972507251725272537254725572567257725872597260726172627263726472657266726772687269727072717272727372747275727672777278727972807281728272837284728572867287728872897290729172927293729472957296729772987299730073017302730373047305730673077308730973107311731273137314731573167317731873197320732173227323732473257326732773287329733073317332733373347335733673377338733973407341734273437344734573467347734873497350735173527353735473557356735773587359736073617362736373647365736673677368736973707371737273737374737573767377737873797380738173827383738473857386738773887389739073917392739373947395739673977398739974007401740274037404740574067407740874097410741174127413741474157416741774187419742074217422742374247425742674277428742974307431743274337434743574367437743874397440744174427443744474457446744774487449745074517452745374547455745674577458745974607461746274637464746574667467746874697470747174727473747474757476747774787479748074817482748374847485748674877488748974907491749274937494749574967497749874997500750175027503750475057506750775087509751075117512751375147515751675177518751975207521752275237524752575267527752875297530753175327533753475357536753775387539754075417542754375447545754675477548754975507551755275537554755575567557755875597560756175627563756475657566756775687569757075717572757375747575757675777578757975807581758275837584758575867587758875897590759175927593759475957596759775987599760076017602760376047605760676077608760976107611761276137614761576167617761876197620762176227623762476257626762776287629763076317632763376347635763676377638763976407641764276437644764576467647764876497650765176527653765476557656765776587659766076617662766376647665766676677668766976707671767276737674767576767677767876797680768176827683768476857686768776887689769076917692769376947695769676977698769977007701770277037704770577067707770877097710771177127713771477157716771777187719772077217722772377247725772677277728772977307731773277337734773577367737773877397740774177427743774477457746774777487749775077517752775377547755775677577758775977607761776277637764776577667767776877697770777177727773777477757776777777787779778077817782778377847785778677877788778977907791779277937794779577967797779877997800780178027803780478057806780778087809781078117812781378147815781678177818781978207821782278237824782578267827782878297830783178327833783478357836783778387839784078417842784378447845784678477848784978507851785278537854785578567857785878597860786178627863786478657866786778687869787078717872787378747875787678777878787978807881788278837884788578867887788878897890789178927893789478957896789778987899790079017902790379047905790679077908790979107911791279137914791579167917791879197920792179227923792479257926792779287929793079317932793379347935793679377938793979407941794279437944794579467947794879497950795179527953795479557956795779587959796079617962796379647965796679677968796979707971797279737974797579767977797879797980798179827983798479857986798779887989799079917992799379947995799679977998799980008001800280038004800580068007800880098010801180128013801480158016801780188019802080218022802380248025802680278028802980308031803280338034803580368037803880398040804180428043804480458046804780488049805080518052805380548055805680578058805980608061806280638064806580668067806880698070807180728073807480758076807780788079808080818082808380848085808680878088808980908091809280938094809580968097809880998100810181028103810481058106810781088109811081118112811381148115811681178118811981208121812281238124812581268127812881298130813181328133813481358136813781388139814081418142814381448145814681478148814981508151815281538154815581568157815881598160816181628163816481658166816781688169817081718172817381748175817681778178817981808181818281838184818581868187818881898190819181928193819481958196819781988199820082018202820382048205820682078208820982108211821282138214821582168217821882198220822182228223822482258226822782288229823082318232823382348235823682378238823982408241824282438244824582468247824882498250825182528253825482558256825782588259826082618262826382648265826682678268826982708271827282738274827582768277827882798280828182828283828482858286828782888289829082918292829382948295829682978298829983008301830283038304830583068307830883098310831183128313831483158316831783188319832083218322832383248325832683278328832983308331833283338334833583368337833883398340834183428343834483458346834783488349835083518352835383548355835683578358835983608361836283638364836583668367836883698370837183728373837483758376837783788379838083818382838383848385838683878388838983908391839283938394839583968397839883998400840184028403840484058406840784088409841084118412841384148415841684178418841984208421842284238424842584268427842884298430843184328433843484358436843784388439844084418442844384448445844684478448844984508451845284538454845584568457845884598460846184628463846484658466846784688469847084718472847384748475847684778478847984808481848284838484848584868487848884898490849184928493849484958496849784988499850085018502850385048505850685078508850985108511851285138514851585168517851885198520852185228523852485258526852785288529853085318532853385348535853685378538853985408541854285438544854585468547854885498550855185528553855485558556855785588559856085618562856385648565856685678568856985708571857285738574857585768577857885798580858185828583858485858586858785888589859085918592859385948595859685978598859986008601860286038604860586068607860886098610861186128613861486158616861786188619862086218622862386248625862686278628862986308631863286338634863586368637863886398640864186428643864486458646864786488649865086518652865386548655865686578658865986608661866286638664866586668667866886698670867186728673867486758676867786788679868086818682868386848685868686878688868986908691869286938694869586968697869886998700870187028703870487058706870787088709871087118712871387148715871687178718871987208721872287238724872587268727872887298730873187328733873487358736873787388739874087418742874387448745874687478748874987508751875287538754875587568757875887598760876187628763876487658766876787688769877087718772877387748775877687778778877987808781878287838784878587868787878887898790879187928793879487958796879787988799880088018802880388048805880688078808880988108811881288138814881588168817881888198820882188228823882488258826882788288829883088318832883388348835883688378838883988408841884288438844884588468847884888498850885188528853885488558856885788588859886088618862886388648865886688678868886988708871887288738874887588768877887888798880888188828883888488858886888788888889889088918892889388948895889688978898889989008901890289038904890589068907890889098910891189128913891489158916891789188919892089218922892389248925892689278928892989308931893289338934893589368937893889398940894189428943894489458946894789488949895089518952895389548955895689578958895989608961896289638964896589668967896889698970897189728973897489758976897789788979898089818982898389848985898689878988898989908991899289938994899589968997899889999000900190029003900490059006900790089009901090119012901390149015901690179018901990209021902290239024902590269027902890299030903190329033903490359036903790389039904090419042904390449045904690479048904990509051905290539054905590569057905890599060906190629063906490659066906790689069907090719072907390749075907690779078907990809081908290839084908590869087908890899090909190929093909490959096909790989099910091019102910391049105910691079108910991109111911291139114911591169117911891199120912191229123912491259126912791289129913091319132913391349135913691379138913991409141914291439144914591469147914891499150915191529153915491559156915791589159916091619162916391649165916691679168916991709171917291739174917591769177917891799180918191829183918491859186918791889189919091919192919391949195919691979198919992009201920292039204920592069207920892099210921192129213921492159216921792189219922092219222922392249225922692279228922992309231923292339234923592369237923892399240924192429243924492459246924792489249925092519252925392549255925692579258925992609261926292639264926592669267926892699270927192729273927492759276927792789279928092819282928392849285928692879288928992909291929292939294929592969297929892999300930193029303930493059306930793089309931093119312931393149315931693179318931993209321932293239324932593269327932893299330933193329333933493359336933793389339934093419342934393449345934693479348934993509351935293539354935593569357935893599360936193629363936493659366936793689369937093719372937393749375937693779378937993809381938293839384938593869387938893899390939193929393939493959396939793989399940094019402940394049405940694079408940994109411941294139414941594169417941894199420942194229423942494259426942794289429943094319432943394349435943694379438943994409441944294439444944594469447944894499450945194529453945494559456945794589459946094619462946394649465946694679468946994709471947294739474947594769477947894799480948194829483948494859486948794889489949094919492949394949495949694979498949995009501950295039504950595069507950895099510951195129513951495159516951795189519952095219522952395249525952695279528952995309531953295339534953595369537953895399540954195429543954495459546954795489549955095519552955395549555955695579558955995609561956295639564956595669567956895699570957195729573957495759576957795789579958095819582958395849585958695879588958995909591959295939594959595969597959895999600960196029603960496059606960796089609961096119612961396149615961696179618961996209621962296239624962596269627962896299630963196329633963496359636963796389639964096419642964396449645964696479648964996509651965296539654965596569657965896599660966196629663966496659666966796689669967096719672967396749675967696779678967996809681968296839684968596869687968896899690969196929693969496959696969796989699970097019702970397049705970697079708970997109711971297139714971597169717971897199720972197229723972497259726972797289729973097319732973397349735973697379738973997409741974297439744974597469747974897499750975197529753975497559756975797589759976097619762976397649765976697679768976997709771977297739774977597769777977897799780978197829783978497859786978797889789979097919792979397949795979697979798979998009801980298039804980598069807980898099810981198129813981498159816981798189819982098219822982398249825982698279828982998309831983298339834983598369837983898399840984198429843984498459846984798489849985098519852985398549855985698579858985998609861986298639864986598669867986898699870987198729873987498759876987798789879988098819882988398849885988698879888988998909891989298939894989598969897989898999900990199029903990499059906990799089909991099119912991399149915991699179918991999209921992299239924992599269927992899299930993199329933993499359936993799389939994099419942994399449945994699479948994999509951995299539954995599569957995899599960996199629963996499659966996799689969997099719972997399749975997699779978997999809981998299839984998599869987998899899990999199929993999499959996999799989999100001000110002100031000410005100061000710008100091001010011100121001310014100151001610017100181001910020100211002210023100241002510026100271002810029100301003110032100331003410035100361003710038100391004010041100421004310044100451004610047100481004910050100511005210053100541005510056100571005810059100601006110062100631006410065100661006710068100691007010071100721007310074100751007610077100781007910080100811008210083100841008510086100871008810089100901009110092100931009410095100961009710098100991010010101101021010310104101051010610107101081010910110101111011210113101141011510116101171011810119101201012110122101231012410125101261012710128101291013010131101321013310134101351013610137101381013910140101411014210143101441014510146101471014810149101501015110152101531015410155101561015710158101591016010161101621016310164101651016610167101681016910170101711017210173101741017510176101771017810179101801018110182101831018410185101861018710188101891019010191101921019310194101951019610197101981019910200102011020210203102041020510206102071020810209102101021110212102131021410215102161021710218102191022010221102221022310224102251022610227102281022910230102311023210233102341023510236102371023810239102401024110242102431024410245102461024710248102491025010251102521025310254102551025610257102581025910260102611026210263102641026510266102671026810269102701027110272102731027410275102761027710278102791028010281102821028310284102851028610287102881028910290102911029210293102941029510296102971029810299103001030110302103031030410305103061030710308103091031010311103121031310314103151031610317103181031910320103211032210323103241032510326103271032810329103301033110332103331033410335103361033710338103391034010341103421034310344103451034610347103481034910350103511035210353103541035510356103571035810359103601036110362103631036410365103661036710368103691037010371103721037310374103751037610377103781037910380103811038210383103841038510386103871038810389103901039110392103931039410395103961039710398103991040010401104021040310404104051040610407104081040910410104111041210413104141041510416104171041810419104201042110422104231042410425104261042710428104291043010431104321043310434104351043610437104381043910440104411044210443104441044510446104471044810449104501045110452104531045410455104561045710458104591046010461104621046310464104651046610467104681046910470104711047210473104741047510476104771047810479104801048110482104831048410485104861048710488104891049010491104921049310494104951049610497104981049910500105011050210503105041050510506105071050810509105101051110512105131051410515105161051710518105191052010521105221052310524105251052610527105281052910530105311053210533105341053510536105371053810539105401054110542105431054410545105461054710548105491055010551105521055310554105551055610557105581055910560105611056210563105641056510566105671056810569105701057110572105731057410575105761057710578105791058010581105821058310584105851058610587105881058910590105911059210593105941059510596105971059810599106001060110602106031060410605106061060710608106091061010611106121061310614106151061610617106181061910620106211062210623106241062510626106271062810629106301063110632106331063410635106361063710638106391064010641106421064310644106451064610647106481064910650106511065210653106541065510656106571065810659106601066110662106631066410665106661066710668106691067010671106721067310674106751067610677106781067910680106811068210683106841068510686106871068810689106901069110692106931069410695106961069710698106991070010701107021070310704107051070610707107081070910710107111071210713107141071510716107171071810719107201072110722107231072410725107261072710728107291073010731107321073310734107351073610737107381073910740107411074210743107441074510746107471074810749107501075110752107531075410755107561075710758107591076010761107621076310764107651076610767107681076910770107711077210773107741077510776107771077810779107801078110782107831078410785107861078710788107891079010791107921079310794107951079610797107981079910800108011080210803108041080510806108071080810809108101081110812108131081410815108161081710818108191082010821108221082310824108251082610827108281082910830108311083210833108341083510836108371083810839108401084110842108431084410845108461084710848108491085010851108521085310854108551085610857108581085910860108611086210863108641086510866108671086810869108701087110872108731087410875108761087710878108791088010881108821088310884108851088610887108881088910890108911089210893108941089510896108971089810899109001090110902109031090410905109061090710908109091091010911109121091310914109151091610917109181091910920109211092210923109241092510926109271092810929109301093110932109331093410935109361093710938109391094010941109421094310944109451094610947109481094910950109511095210953109541095510956109571095810959109601096110962109631096410965109661096710968109691097010971109721097310974109751097610977109781097910980109811098210983109841098510986109871098810989109901099110992109931099410995109961099710998109991100011001110021100311004110051100611007110081100911010110111101211013110141101511016110171101811019110201102111022110231102411025110261102711028110291103011031110321103311034110351103611037110381103911040110411104211043110441104511046110471104811049110501105111052110531105411055110561105711058110591106011061110621106311064110651106611067110681106911070110711107211073110741107511076110771107811079110801108111082110831108411085110861108711088110891109011091110921109311094110951109611097110981109911100111011110211103111041110511106111071110811109111101111111112111131111411115111161111711118111191112011121111221112311124111251112611127111281112911130111311113211133111341113511136111371113811139111401114111142111431114411145111461114711148111491115011151111521115311154111551115611157111581115911160111611116211163111641116511166111671116811169111701117111172111731117411175111761117711178111791118011181111821118311184111851118611187111881118911190111911119211193111941119511196111971119811199112001120111202112031120411205112061120711208112091121011211112121121311214112151121611217112181121911220112211122211223112241122511226112271122811229112301123111232112331123411235112361123711238112391124011241112421124311244112451124611247112481124911250112511125211253112541125511256112571125811259112601126111262112631126411265112661126711268112691127011271112721127311274112751127611277112781127911280112811128211283112841128511286112871128811289112901129111292112931129411295112961129711298112991130011301113021130311304113051130611307113081130911310113111131211313113141131511316113171131811319113201132111322113231132411325113261132711328113291133011331113321133311334113351133611337113381133911340113411134211343113441134511346113471134811349113501135111352113531135411355113561135711358113591136011361113621136311364113651136611367113681136911370113711137211373113741137511376113771137811379113801138111382113831138411385113861138711388113891139011391113921139311394113951139611397113981139911400114011140211403114041140511406114071140811409114101141111412114131141411415114161141711418114191142011421114221142311424114251142611427114281142911430114311143211433114341143511436114371143811439114401144111442114431144411445114461144711448114491145011451114521145311454114551145611457114581145911460114611146211463114641146511466114671146811469114701147111472114731147411475114761147711478114791148011481114821148311484114851148611487114881148911490114911149211493114941149511496114971149811499115001150111502115031150411505115061150711508115091151011511115121151311514115151151611517115181151911520115211152211523115241152511526115271152811529115301153111532115331153411535115361153711538115391154011541115421154311544115451154611547115481154911550115511155211553115541155511556115571155811559115601156111562115631156411565115661156711568115691157011571115721157311574115751157611577115781157911580115811158211583115841158511586115871158811589115901159111592115931159411595115961159711598115991160011601116021160311604116051160611607116081160911610116111161211613116141161511616116171161811619116201162111622116231162411625116261162711628116291163011631116321163311634116351163611637116381163911640116411164211643116441164511646116471164811649116501165111652116531165411655116561165711658116591166011661116621166311664116651166611667116681166911670116711167211673116741167511676116771167811679116801168111682116831168411685116861168711688116891169011691116921169311694116951169611697116981169911700117011170211703117041170511706117071170811709117101171111712117131171411715117161171711718117191172011721117221172311724117251172611727117281172911730117311173211733117341173511736117371173811739117401174111742117431174411745117461174711748117491175011751117521175311754117551175611757117581175911760117611176211763117641176511766117671176811769117701177111772117731177411775117761177711778117791178011781117821178311784117851178611787117881178911790117911179211793117941179511796117971179811799118001180111802118031180411805118061180711808118091181011811118121181311814118151181611817118181181911820118211182211823118241182511826118271182811829118301183111832118331183411835118361183711838118391184011841118421184311844118451184611847118481184911850118511185211853118541185511856118571185811859118601186111862118631186411865118661186711868118691187011871118721187311874118751187611877118781187911880118811188211883118841188511886118871188811889118901189111892118931189411895118961189711898118991190011901119021190311904119051190611907119081190911910119111191211913119141191511916119171191811919119201192111922119231192411925119261192711928119291193011931119321193311934119351193611937119381193911940119411194211943119441194511946119471194811949119501195111952119531195411955119561195711958119591196011961119621196311964119651196611967119681196911970119711197211973119741197511976119771197811979119801198111982119831198411985119861198711988119891199011991119921199311994119951199611997119981199912000120011200212003120041200512006120071200812009120101201112012120131201412015120161201712018120191202012021120221202312024120251202612027120281202912030120311203212033120341203512036120371203812039120401204112042120431204412045120461204712048120491205012051120521205312054120551205612057120581205912060120611206212063120641206512066120671206812069120701207112072120731207412075120761207712078120791208012081120821208312084120851208612087120881208912090120911209212093120941209512096120971209812099121001210112102121031210412105121061210712108121091211012111121121211312114121151211612117121181211912120121211212212123121241212512126121271212812129121301213112132121331213412135121361213712138121391214012141121421214312144121451214612147121481214912150121511215212153121541215512156121571215812159121601216112162121631216412165121661216712168121691217012171121721217312174121751217612177121781217912180121811218212183121841218512186121871218812189121901219112192121931219412195121961219712198121991220012201122021220312204122051220612207122081220912210122111221212213122141221512216122171221812219122201222112222122231222412225122261222712228122291223012231122321223312234122351223612237122381223912240122411224212243122441224512246122471224812249122501225112252122531225412255122561225712258122591226012261122621226312264122651226612267122681226912270122711227212273122741227512276122771227812279122801228112282122831228412285122861228712288122891229012291122921229312294122951229612297122981229912300123011230212303123041230512306123071230812309123101231112312123131231412315123161231712318123191232012321123221232312324123251232612327123281232912330123311233212333123341233512336123371233812339123401234112342123431234412345123461234712348123491235012351123521235312354123551235612357123581235912360123611236212363123641236512366123671236812369123701237112372123731237412375123761237712378123791238012381123821238312384123851238612387123881238912390123911239212393123941239512396123971239812399124001240112402124031240412405124061240712408124091241012411124121241312414124151241612417124181241912420124211242212423124241242512426124271242812429124301243112432124331243412435124361243712438124391244012441124421244312444124451244612447124481244912450124511245212453124541245512456124571245812459124601246112462124631246412465124661246712468124691247012471124721247312474124751247612477124781247912480124811248212483124841248512486124871248812489124901249112492124931249412495124961249712498124991250012501125021250312504125051250612507125081250912510125111251212513125141251512516125171251812519125201252112522125231252412525125261252712528125291253012531125321253312534125351253612537125381253912540125411254212543125441254512546125471254812549125501255112552125531255412555125561255712558125591256012561125621256312564125651256612567125681256912570125711257212573125741257512576125771257812579125801258112582125831258412585125861258712588125891259012591125921259312594125951259612597125981259912600126011260212603126041260512606126071260812609126101261112612126131261412615126161261712618126191262012621126221262312624126251262612627126281262912630126311263212633126341263512636126371263812639126401264112642126431264412645126461264712648126491265012651126521265312654126551265612657126581265912660126611266212663126641266512666126671266812669126701267112672126731267412675126761267712678126791268012681126821268312684126851268612687126881268912690126911269212693126941269512696126971269812699127001270112702127031270412705127061270712708127091271012711127121271312714127151271612717127181271912720127211272212723127241272512726127271272812729127301273112732127331273412735127361273712738127391274012741127421274312744127451274612747127481274912750127511275212753127541275512756127571275812759127601276112762127631276412765127661276712768127691277012771127721277312774127751277612777127781277912780127811278212783127841278512786127871278812789127901279112792127931279412795127961279712798127991280012801128021280312804128051280612807128081280912810128111281212813128141281512816128171281812819128201282112822128231282412825128261282712828128291283012831128321283312834128351283612837128381283912840128411284212843128441284512846128471284812849128501285112852128531285412855128561285712858128591286012861128621286312864128651286612867128681286912870128711287212873128741287512876128771287812879128801288112882128831288412885128861288712888128891289012891128921289312894128951289612897128981289912900129011290212903129041290512906129071290812909129101291112912129131291412915129161291712918129191292012921129221292312924129251292612927129281292912930129311293212933129341293512936129371293812939129401294112942129431294412945129461294712948129491295012951129521295312954129551295612957129581295912960129611296212963129641296512966129671296812969129701297112972129731297412975129761297712978129791298012981129821298312984129851298612987129881298912990129911299212993129941299512996129971299812999130001300113002130031300413005130061300713008130091301013011130121301313014130151301613017130181301913020130211302213023130241302513026130271302813029130301303113032130331303413035130361303713038130391304013041130421304313044130451304613047130481304913050130511305213053130541305513056130571305813059130601306113062130631306413065130661306713068130691307013071130721307313074130751307613077130781307913080130811308213083130841308513086130871308813089130901309113092130931309413095130961309713098130991310013101131021310313104131051310613107131081310913110131111311213113131141311513116131171311813119131201312113122131231312413125131261312713128131291313013131131321313313134131351313613137131381313913140131411314213143131441314513146131471314813149131501315113152131531315413155131561315713158131591316013161131621316313164131651316613167131681316913170131711317213173131741317513176131771317813179131801318113182131831318413185131861318713188131891319013191131921319313194131951319613197131981319913200132011320213203132041320513206132071320813209132101321113212132131321413215132161321713218132191322013221132221322313224132251322613227132281322913230132311323213233132341323513236132371323813239132401324113242132431324413245132461324713248132491325013251132521325313254132551325613257132581325913260132611326213263132641326513266132671326813269132701327113272132731327413275132761327713278132791328013281132821328313284132851328613287132881328913290132911329213293132941329513296132971329813299133001330113302133031330413305133061330713308133091331013311133121331313314133151331613317133181331913320133211332213323133241332513326133271332813329133301333113332133331333413335133361333713338133391334013341133421334313344133451334613347133481334913350133511335213353133541335513356133571335813359133601336113362133631336413365133661336713368133691337013371133721337313374133751337613377133781337913380133811338213383133841338513386133871338813389133901339113392133931339413395133961339713398133991340013401134021340313404134051340613407134081340913410134111341213413134141341513416134171341813419134201342113422134231342413425134261342713428134291343013431134321343313434134351343613437134381343913440134411344213443134441344513446134471344813449134501345113452134531345413455134561345713458134591346013461134621346313464134651346613467134681346913470134711347213473134741347513476134771347813479134801348113482134831348413485134861348713488134891349013491134921349313494134951349613497134981349913500135011350213503135041350513506135071350813509135101351113512135131351413515135161351713518135191352013521135221352313524135251352613527135281352913530135311353213533135341353513536135371353813539135401354113542135431354413545135461354713548135491355013551135521355313554135551355613557135581355913560135611356213563135641356513566135671356813569135701357113572135731357413575135761357713578135791358013581135821358313584135851358613587135881358913590135911359213593135941359513596135971359813599136001360113602136031360413605136061360713608136091361013611136121361313614136151361613617136181361913620136211362213623136241362513626136271362813629136301363113632136331363413635136361363713638136391364013641136421364313644136451364613647136481364913650136511365213653136541365513656136571365813659136601366113662136631366413665136661366713668136691367013671136721367313674136751367613677136781367913680136811368213683136841368513686136871368813689136901369113692136931369413695136961369713698136991370013701137021370313704137051370613707137081370913710137111371213713137141371513716137171371813719137201372113722137231372413725137261372713728137291373013731137321373313734137351373613737137381373913740137411374213743137441374513746137471374813749137501375113752137531375413755137561375713758137591376013761137621376313764137651376613767137681376913770137711377213773137741377513776137771377813779137801378113782137831378413785137861378713788137891379013791137921379313794137951379613797137981379913800138011380213803138041380513806138071380813809138101381113812138131381413815138161381713818138191382013821138221382313824138251382613827138281382913830138311383213833138341383513836138371383813839138401384113842138431384413845138461384713848138491385013851138521385313854138551385613857138581385913860138611386213863138641386513866138671386813869138701387113872138731387413875138761387713878138791388013881138821388313884138851388613887138881388913890138911389213893138941389513896138971389813899139001390113902139031390413905139061390713908139091391013911139121391313914139151391613917139181391913920139211392213923139241392513926139271392813929139301393113932139331393413935139361393713938139391394013941139421394313944139451394613947139481394913950139511395213953139541395513956139571395813959139601396113962139631396413965139661396713968139691397013971139721397313974139751397613977139781397913980139811398213983139841398513986139871398813989139901399113992139931399413995139961399713998139991400014001140021400314004140051400614007140081400914010140111401214013140141401514016140171401814019140201402114022140231402414025140261402714028140291403014031140321403314034140351403614037140381403914040140411404214043140441404514046140471404814049140501405114052140531405414055140561405714058140591406014061140621406314064140651406614067140681406914070140711407214073140741407514076140771407814079140801408114082140831408414085140861408714088140891409014091140921409314094140951409614097140981409914100141011410214103141041410514106141071410814109141101411114112141131411414115141161411714118141191412014121141221412314124141251412614127141281412914130141311413214133141341413514136141371413814139141401414114142141431414414145141461414714148141491415014151141521415314154141551415614157141581415914160141611416214163141641416514166141671416814169141701417114172141731417414175141761417714178141791418014181141821418314184141851418614187141881418914190141911419214193141941419514196141971419814199142001420114202142031420414205142061420714208142091421014211142121421314214142151421614217142181421914220142211422214223142241422514226142271422814229142301423114232142331423414235142361423714238142391424014241142421424314244142451424614247142481424914250142511425214253142541425514256142571425814259142601426114262142631426414265142661426714268142691427014271142721427314274142751427614277142781427914280142811428214283142841428514286142871428814289142901429114292142931429414295142961429714298142991430014301143021430314304143051430614307143081430914310143111431214313143141431514316143171431814319143201432114322143231432414325143261432714328143291433014331143321433314334143351433614337143381433914340143411434214343143441434514346143471434814349143501435114352143531435414355143561435714358143591436014361143621436314364143651436614367143681436914370143711437214373143741437514376143771437814379143801438114382143831438414385143861438714388143891439014391143921439314394143951439614397143981439914400144011440214403144041440514406144071440814409144101441114412144131441414415144161441714418144191442014421144221442314424144251442614427144281442914430144311443214433144341443514436144371443814439144401444114442144431444414445144461444714448144491445014451144521445314454144551445614457144581445914460144611446214463144641446514466144671446814469144701447114472144731447414475144761447714478144791448014481144821448314484144851448614487144881448914490144911449214493144941449514496144971449814499145001450114502145031450414505145061450714508145091451014511145121451314514145151451614517145181451914520145211452214523145241452514526145271452814529145301453114532145331453414535145361453714538145391454014541145421454314544145451454614547145481454914550145511455214553145541455514556145571455814559145601456114562145631456414565145661456714568145691457014571145721457314574145751457614577145781457914580145811458214583145841458514586145871458814589145901459114592145931459414595145961459714598145991460014601146021460314604146051460614607146081460914610146111461214613146141461514616146171461814619146201462114622146231462414625146261462714628146291463014631146321463314634146351463614637146381463914640146411464214643146441464514646146471464814649146501465114652146531465414655146561465714658146591466014661146621466314664146651466614667146681466914670146711467214673146741467514676146771467814679146801468114682146831468414685146861468714688146891469014691146921469314694146951469614697146981469914700147011470214703147041470514706147071470814709147101471114712147131471414715147161471714718147191472014721147221472314724147251472614727147281472914730147311473214733147341473514736147371473814739147401474114742147431474414745147461474714748147491475014751147521475314754147551475614757147581475914760147611476214763147641476514766147671476814769147701477114772147731477414775147761477714778147791478014781147821478314784147851478614787147881478914790147911479214793147941479514796147971479814799148001480114802148031480414805148061480714808148091481014811148121481314814148151481614817148181481914820148211482214823148241482514826148271482814829148301483114832148331483414835148361483714838148391484014841148421484314844148451484614847148481484914850148511485214853148541485514856148571485814859148601486114862148631486414865148661486714868148691487014871148721487314874148751487614877148781487914880148811488214883148841488514886148871488814889148901489114892148931489414895148961489714898148991490014901149021490314904149051490614907149081490914910149111491214913149141491514916149171491814919149201492114922149231492414925149261492714928149291493014931149321493314934149351493614937149381493914940149411494214943149441494514946149471494814949149501495114952149531495414955149561495714958149591496014961149621496314964149651496614967149681496914970149711497214973149741497514976149771497814979149801498114982149831498414985149861498714988149891499014991149921499314994149951499614997149981499915000150011500215003150041500515006150071500815009150101501115012150131501415015150161501715018150191502015021150221502315024150251502615027150281502915030150311503215033150341503515036150371503815039150401504115042150431504415045150461504715048150491505015051150521505315054150551505615057150581505915060150611506215063150641506515066150671506815069150701507115072150731507415075150761507715078150791508015081150821508315084150851508615087150881508915090150911509215093150941509515096150971509815099151001510115102151031510415105151061510715108151091511015111151121511315114151151511615117151181511915120151211512215123151241512515126151271512815129151301513115132151331513415135151361513715138151391514015141151421514315144151451514615147151481514915150151511515215153151541515515156151571515815159151601516115162151631516415165151661516715168151691517015171151721517315174151751517615177151781517915180151811518215183151841518515186151871518815189151901519115192151931519415195151961519715198151991520015201152021520315204152051520615207152081520915210152111521215213152141521515216152171521815219152201522115222152231522415225152261522715228152291523015231152321523315234152351523615237152381523915240152411524215243152441524515246152471524815249152501525115252152531525415255152561525715258152591526015261152621526315264152651526615267152681526915270152711527215273152741527515276152771527815279152801528115282152831528415285152861528715288152891529015291152921529315294152951529615297152981529915300153011530215303153041530515306153071530815309153101531115312153131531415315153161531715318153191532015321153221532315324153251532615327153281532915330153311533215333153341533515336153371533815339153401534115342153431534415345153461534715348153491535015351153521535315354153551535615357153581535915360153611536215363153641536515366153671536815369153701537115372153731537415375153761537715378153791538015381153821538315384153851538615387153881538915390153911539215393153941539515396153971539815399154001540115402154031540415405154061540715408154091541015411154121541315414154151541615417154181541915420154211542215423154241542515426154271542815429154301543115432154331543415435154361543715438154391544015441154421544315444154451544615447154481544915450154511545215453154541545515456154571545815459154601546115462154631546415465154661546715468154691547015471154721547315474154751547615477154781547915480154811548215483154841548515486154871548815489154901549115492154931549415495154961549715498154991550015501155021550315504155051550615507155081550915510155111551215513155141551515516155171551815519155201552115522155231552415525155261552715528155291553015531155321553315534155351553615537155381553915540155411554215543155441554515546155471554815549155501555115552155531555415555155561555715558155591556015561155621556315564155651556615567155681556915570155711557215573155741557515576155771557815579155801558115582155831558415585155861558715588155891559015591155921559315594155951559615597155981559915600156011560215603156041560515606156071560815609156101561115612156131561415615156161561715618156191562015621156221562315624156251562615627156281562915630156311563215633156341563515636156371563815639156401564115642156431564415645156461564715648156491565015651156521565315654156551565615657156581565915660156611566215663156641566515666156671566815669156701567115672156731567415675156761567715678156791568015681156821568315684156851568615687156881568915690156911569215693156941569515696156971569815699157001570115702157031570415705157061570715708157091571015711157121571315714157151571615717157181571915720157211572215723157241572515726157271572815729157301573115732157331573415735157361573715738157391574015741157421574315744157451574615747157481574915750157511575215753157541575515756157571575815759157601576115762157631576415765157661576715768157691577015771157721577315774157751577615777157781577915780157811578215783157841578515786157871578815789157901579115792157931579415795157961579715798157991580015801158021580315804158051580615807158081580915810158111581215813158141581515816158171581815819158201582115822158231582415825158261582715828158291583015831158321583315834158351583615837158381583915840158411584215843158441584515846158471584815849158501585115852158531585415855158561585715858158591586015861158621586315864158651586615867158681586915870158711587215873158741587515876158771587815879158801588115882158831588415885158861588715888158891589015891158921589315894158951589615897158981589915900159011590215903159041590515906159071590815909159101591115912159131591415915159161591715918159191592015921159221592315924159251592615927159281592915930159311593215933159341593515936159371593815939159401594115942159431594415945159461594715948159491595015951159521595315954159551595615957159581595915960159611596215963159641596515966159671596815969159701597115972159731597415975159761597715978159791598015981159821598315984159851598615987159881598915990159911599215993159941599515996159971599815999160001600116002160031600416005160061600716008160091601016011160121601316014160151601616017160181601916020160211602216023160241602516026160271602816029160301603116032160331603416035160361603716038160391604016041160421604316044160451604616047160481604916050160511605216053160541605516056160571605816059160601606116062160631606416065160661606716068160691607016071160721607316074160751607616077160781607916080160811608216083160841608516086160871608816089160901609116092160931609416095160961609716098160991610016101161021610316104161051610616107161081610916110161111611216113161141611516116161171611816119161201612116122161231612416125161261612716128161291613016131161321613316134161351613616137161381613916140161411614216143161441614516146161471614816149161501615116152161531615416155161561615716158161591616016161161621616316164161651616616167161681616916170161711617216173161741617516176161771617816179161801618116182161831618416185161861618716188161891619016191161921619316194161951619616197161981619916200162011620216203162041620516206162071620816209162101621116212162131621416215162161621716218162191622016221162221622316224162251622616227162281622916230162311623216233162341623516236162371623816239162401624116242162431624416245162461624716248162491625016251162521625316254162551625616257162581625916260162611626216263162641626516266162671626816269162701627116272162731627416275162761627716278162791628016281162821628316284162851628616287162881628916290162911629216293162941629516296162971629816299163001630116302163031630416305163061630716308163091631016311163121631316314163151631616317163181631916320163211632216323163241632516326163271632816329163301633116332163331633416335163361633716338163391634016341163421634316344163451634616347163481634916350163511635216353163541635516356163571635816359163601636116362163631636416365163661636716368163691637016371163721637316374163751637616377163781637916380163811638216383163841638516386163871638816389163901639116392163931639416395163961639716398163991640016401164021640316404164051640616407164081640916410164111641216413164141641516416164171641816419164201642116422164231642416425164261642716428164291643016431164321643316434164351643616437164381643916440164411644216443164441644516446164471644816449164501645116452164531645416455164561645716458164591646016461164621646316464164651646616467164681646916470164711647216473164741647516476164771647816479164801648116482164831648416485164861648716488164891649016491164921649316494164951649616497164981649916500165011650216503165041650516506165071650816509165101651116512165131651416515165161651716518165191652016521165221652316524165251652616527165281652916530165311653216533165341653516536165371653816539165401654116542165431654416545165461654716548165491655016551165521655316554165551655616557165581655916560165611656216563165641656516566165671656816569165701657116572165731657416575165761657716578165791658016581165821658316584165851658616587165881658916590165911659216593165941659516596165971659816599166001660116602166031660416605166061660716608166091661016611166121661316614166151661616617166181661916620166211662216623166241662516626166271662816629166301663116632166331663416635166361663716638166391664016641166421664316644166451664616647166481664916650166511665216653166541665516656166571665816659166601666116662166631666416665166661666716668166691667016671166721667316674166751667616677166781667916680166811668216683166841668516686166871668816689166901669116692166931669416695166961669716698166991670016701167021670316704167051670616707167081670916710167111671216713167141671516716167171671816719167201672116722167231672416725167261672716728167291673016731167321673316734167351673616737167381673916740167411674216743167441674516746167471674816749167501675116752167531675416755167561675716758167591676016761167621676316764167651676616767167681676916770167711677216773167741677516776167771677816779167801678116782167831678416785167861678716788167891679016791167921679316794167951679616797167981679916800168011680216803168041680516806168071680816809168101681116812168131681416815168161681716818168191682016821168221682316824168251682616827168281682916830168311683216833168341683516836168371683816839168401684116842168431684416845168461684716848168491685016851168521685316854168551685616857168581685916860168611686216863168641686516866168671686816869168701687116872168731687416875168761687716878168791688016881168821688316884168851688616887168881688916890168911689216893168941689516896168971689816899169001690116902169031690416905169061690716908169091691016911169121691316914169151691616917169181691916920169211692216923169241692516926169271692816929169301693116932169331693416935169361693716938169391694016941169421694316944169451694616947169481694916950169511695216953169541695516956169571695816959169601696116962169631696416965169661696716968169691697016971169721697316974169751697616977169781697916980169811698216983169841698516986169871698816989169901699116992169931699416995169961699716998169991700017001170021700317004170051700617007170081700917010170111701217013170141701517016170171701817019170201702117022170231702417025170261702717028170291703017031170321703317034170351703617037170381703917040170411704217043170441704517046170471704817049170501705117052170531705417055170561705717058170591706017061170621706317064170651706617067170681706917070170711707217073170741707517076170771707817079170801708117082170831708417085170861708717088170891709017091170921709317094170951709617097170981709917100171011710217103171041710517106171071710817109171101711117112171131711417115171161711717118171191712017121171221712317124171251712617127171281712917130171311713217133171341713517136171371713817139171401714117142171431714417145171461714717148171491715017151171521715317154171551715617157171581715917160171611716217163171641716517166171671716817169171701717117172171731717417175171761717717178171791718017181171821718317184171851718617187171881718917190171911719217193171941719517196171971719817199172001720117202172031720417205172061720717208172091721017211172121721317214172151721617217172181721917220172211722217223172241722517226172271722817229172301723117232172331723417235172361723717238172391724017241172421724317244172451724617247172481724917250172511725217253172541725517256172571725817259172601726117262172631726417265172661726717268172691727017271172721727317274172751727617277172781727917280172811728217283172841728517286172871728817289172901729117292172931729417295172961729717298172991730017301173021730317304173051730617307173081730917310173111731217313173141731517316173171731817319173201732117322173231732417325173261732717328173291733017331173321733317334173351733617337173381733917340173411734217343173441734517346173471734817349173501735117352173531735417355173561735717358173591736017361173621736317364173651736617367173681736917370173711737217373173741737517376173771737817379173801738117382173831738417385173861738717388173891739017391173921739317394173951739617397173981739917400174011740217403174041740517406174071740817409174101741117412174131741417415174161741717418174191742017421174221742317424174251742617427174281742917430174311743217433174341743517436174371743817439174401744117442174431744417445174461744717448174491745017451174521745317454174551745617457174581745917460174611746217463174641746517466174671746817469174701747117472174731747417475174761747717478174791748017481174821748317484174851748617487174881748917490174911749217493174941749517496174971749817499175001750117502175031750417505175061750717508175091751017511175121751317514175151751617517175181751917520175211752217523175241752517526175271752817529175301753117532175331753417535175361753717538175391754017541175421754317544175451754617547175481754917550175511755217553175541755517556175571755817559175601756117562175631756417565175661756717568175691757017571175721757317574175751757617577175781757917580175811758217583175841758517586175871758817589175901759117592175931759417595175961759717598175991760017601176021760317604176051760617607176081760917610176111761217613176141761517616176171761817619176201762117622176231762417625176261762717628176291763017631176321763317634176351763617637176381763917640176411764217643176441764517646176471764817649176501765117652176531765417655176561765717658176591766017661176621766317664176651766617667176681766917670176711767217673176741767517676176771767817679176801768117682176831768417685176861768717688176891769017691176921769317694176951769617697176981769917700177011770217703177041770517706177071770817709177101771117712177131771417715177161771717718177191772017721177221772317724177251772617727177281772917730177311773217733177341773517736177371773817739177401774117742177431774417745177461774717748177491775017751177521775317754177551775617757177581775917760177611776217763177641776517766177671776817769177701777117772177731777417775177761777717778177791778017781177821778317784177851778617787177881778917790177911779217793177941779517796177971779817799178001780117802178031780417805178061780717808178091781017811178121781317814178151781617817178181781917820178211782217823178241782517826178271782817829178301783117832178331783417835178361783717838178391784017841178421784317844178451784617847178481784917850178511785217853178541785517856178571785817859178601786117862178631786417865178661786717868178691787017871178721787317874178751787617877178781787917880178811788217883178841788517886178871788817889178901789117892178931789417895178961789717898178991790017901179021790317904179051790617907179081790917910179111791217913179141791517916179171791817919179201792117922179231792417925179261792717928179291793017931179321793317934179351793617937179381793917940179411794217943179441794517946179471794817949179501795117952179531795417955179561795717958179591796017961179621796317964179651796617967179681796917970179711797217973179741797517976179771797817979179801798117982179831798417985179861798717988179891799017991179921799317994179951799617997179981799918000180011800218003180041800518006180071800818009180101801118012180131801418015180161801718018180191802018021180221802318024180251802618027180281802918030180311803218033180341803518036180371803818039180401804118042180431804418045180461804718048180491805018051180521805318054180551805618057180581805918060180611806218063180641806518066180671806818069180701807118072180731807418075180761807718078180791808018081180821808318084180851808618087180881808918090180911809218093180941809518096180971809818099181001810118102181031810418105181061810718108181091811018111181121811318114181151811618117181181811918120181211812218123181241812518126181271812818129181301813118132181331813418135181361813718138181391814018141181421814318144181451814618147181481814918150181511815218153181541815518156181571815818159181601816118162181631816418165181661816718168181691817018171181721817318174181751817618177181781817918180181811818218183181841818518186181871818818189181901819118192181931819418195181961819718198181991820018201182021820318204182051820618207182081820918210182111821218213182141821518216182171821818219182201822118222182231822418225182261822718228182291823018231182321823318234182351823618237182381823918240182411824218243182441824518246182471824818249182501825118252182531825418255182561825718258182591826018261182621826318264182651826618267182681826918270182711827218273182741827518276182771827818279182801828118282182831828418285182861828718288182891829018291182921829318294182951829618297182981829918300183011830218303183041830518306183071830818309183101831118312183131831418315183161831718318183191832018321183221832318324183251832618327183281832918330183311833218333183341833518336183371833818339183401834118342183431834418345183461834718348183491835018351183521835318354183551835618357183581835918360183611836218363183641836518366183671836818369183701837118372183731837418375183761837718378183791838018381183821838318384183851838618387183881838918390183911839218393183941839518396183971839818399184001840118402184031840418405184061840718408184091841018411184121841318414184151841618417184181841918420184211842218423184241842518426184271842818429184301843118432184331843418435184361843718438184391844018441184421844318444184451844618447184481844918450184511845218453184541845518456184571845818459184601846118462184631846418465184661846718468184691847018471184721847318474184751847618477184781847918480184811848218483184841848518486184871848818489184901849118492184931849418495184961849718498184991850018501185021850318504185051850618507185081850918510185111851218513185141851518516185171851818519185201852118522185231852418525185261852718528185291853018531185321853318534185351853618537185381853918540185411854218543185441854518546185471854818549185501855118552185531855418555185561855718558185591856018561185621856318564185651856618567185681856918570185711857218573185741857518576185771857818579185801858118582185831858418585185861858718588185891859018591185921859318594185951859618597185981859918600186011860218603186041860518606186071860818609186101861118612186131861418615186161861718618186191862018621186221862318624186251862618627186281862918630186311863218633186341863518636186371863818639186401864118642186431864418645186461864718648186491865018651186521865318654186551865618657186581865918660186611866218663186641866518666186671866818669186701867118672186731867418675186761867718678186791868018681186821868318684186851868618687186881868918690186911869218693186941869518696186971869818699187001870118702187031870418705187061870718708187091871018711187121871318714187151871618717187181871918720187211872218723187241872518726187271872818729187301873118732187331873418735187361873718738187391874018741187421874318744187451874618747187481874918750187511875218753187541875518756187571875818759187601876118762187631876418765187661876718768187691877018771187721877318774187751877618777187781877918780187811878218783187841878518786187871878818789187901879118792187931879418795187961879718798187991880018801188021880318804188051880618807188081880918810188111881218813188141881518816188171881818819188201882118822188231882418825188261882718828188291883018831188321883318834188351883618837188381883918840188411884218843188441884518846188471884818849188501885118852188531885418855188561885718858188591886018861188621886318864188651886618867188681886918870188711887218873188741887518876188771887818879188801888118882188831888418885188861888718888188891889018891188921889318894188951889618897188981889918900189011890218903189041890518906189071890818909189101891118912189131891418915189161891718918189191892018921189221892318924189251892618927189281892918930189311893218933189341893518936189371893818939189401894118942189431894418945189461894718948189491895018951189521895318954189551895618957189581895918960189611896218963189641896518966189671896818969189701897118972189731897418975189761897718978189791898018981189821898318984189851898618987189881898918990189911899218993189941899518996189971899818999190001900119002190031900419005190061900719008190091901019011190121901319014190151901619017190181901919020190211902219023190241902519026190271902819029190301903119032190331903419035190361903719038190391904019041190421904319044190451904619047190481904919050190511905219053190541905519056190571905819059190601906119062190631906419065190661906719068190691907019071190721907319074190751907619077190781907919080190811908219083190841908519086190871908819089190901909119092190931909419095190961909719098190991910019101191021910319104191051910619107191081910919110191111911219113191141911519116191171911819119191201912119122191231912419125191261912719128191291913019131191321913319134191351913619137191381913919140191411914219143191441914519146191471914819149191501915119152191531915419155191561915719158191591916019161191621916319164191651916619167191681916919170191711917219173191741917519176191771917819179191801918119182191831918419185191861918719188191891919019191191921919319194191951919619197191981919919200192011920219203192041920519206192071920819209192101921119212192131921419215192161921719218192191922019221192221922319224192251922619227192281922919230192311923219233192341923519236192371923819239192401924119242192431924419245192461924719248192491925019251192521925319254192551925619257192581925919260192611926219263192641926519266192671926819269192701927119272192731927419275192761927719278192791928019281192821928319284192851928619287192881928919290192911929219293192941929519296192971929819299193001930119302193031930419305193061930719308193091931019311193121931319314193151931619317193181931919320193211932219323193241932519326193271932819329193301933119332193331933419335193361933719338193391934019341193421934319344193451934619347193481934919350193511935219353193541935519356193571935819359193601936119362193631936419365193661936719368193691937019371193721937319374193751937619377193781937919380193811938219383193841938519386193871938819389193901939119392193931939419395193961939719398193991940019401194021940319404194051940619407194081940919410194111941219413194141941519416194171941819419194201942119422194231942419425194261942719428194291943019431194321943319434194351943619437194381943919440194411944219443194441944519446194471944819449194501945119452194531945419455194561945719458194591946019461194621946319464194651946619467194681946919470194711947219473194741947519476194771947819479194801948119482194831948419485194861948719488194891949019491194921949319494194951949619497194981949919500195011950219503195041950519506195071950819509195101951119512195131951419515195161951719518195191952019521195221952319524195251952619527195281952919530195311953219533195341953519536195371953819539195401954119542195431954419545195461954719548195491955019551195521955319554195551955619557195581955919560195611956219563195641956519566195671956819569195701957119572195731957419575195761957719578195791958019581195821958319584195851958619587195881958919590195911959219593195941959519596195971959819599196001960119602196031960419605196061960719608196091961019611196121961319614196151961619617196181961919620196211962219623196241962519626196271962819629196301963119632196331963419635196361963719638196391964019641196421964319644196451964619647196481964919650196511965219653196541965519656196571965819659196601966119662196631966419665196661966719668196691967019671196721967319674196751967619677196781967919680196811968219683196841968519686196871968819689196901969119692196931969419695196961969719698196991970019701197021970319704197051970619707197081970919710197111971219713197141971519716197171971819719197201972119722197231972419725197261972719728197291973019731197321973319734197351973619737197381973919740197411974219743197441974519746197471974819749197501975119752197531975419755197561975719758197591976019761197621976319764197651976619767197681976919770197711977219773197741977519776197771977819779197801978119782197831978419785197861978719788197891979019791197921979319794197951979619797197981979919800198011980219803198041980519806198071980819809198101981119812198131981419815198161981719818198191982019821198221982319824198251982619827198281982919830198311983219833198341983519836198371983819839198401984119842198431984419845198461984719848198491985019851198521985319854198551985619857198581985919860198611986219863198641986519866198671986819869198701987119872198731987419875198761987719878198791988019881198821988319884198851988619887198881988919890198911989219893198941989519896198971989819899199001990119902199031990419905199061990719908199091991019911199121991319914199151991619917199181991919920199211992219923199241992519926199271992819929199301993119932199331993419935199361993719938199391994019941199421994319944199451994619947199481994919950199511995219953199541995519956199571995819959199601996119962199631996419965199661996719968199691997019971199721997319974199751997619977199781997919980199811998219983199841998519986199871998819989199901999119992199931999419995199961999719998199992000020001200022000320004200052000620007200082000920010200112001220013200142001520016200172001820019200202002120022200232002420025200262002720028200292003020031200322003320034200352003620037200382003920040200412004220043200442004520046200472004820049200502005120052200532005420055200562005720058200592006020061200622006320064200652006620067200682006920070200712007220073200742007520076200772007820079200802008120082200832008420085200862008720088200892009020091200922009320094200952009620097200982009920100201012010220103201042010520106201072010820109201102011120112201132011420115201162011720118201192012020121201222012320124201252012620127201282012920130201312013220133201342013520136201372013820139201402014120142201432014420145201462014720148201492015020151201522015320154201552015620157201582015920160201612016220163201642016520166201672016820169201702017120172201732017420175201762017720178201792018020181201822018320184201852018620187201882018920190201912019220193201942019520196201972019820199202002020120202202032020420205202062020720208202092021020211202122021320214202152021620217202182021920220202212022220223202242022520226202272022820229202302023120232202332023420235202362023720238202392024020241202422024320244202452024620247202482024920250202512025220253202542025520256202572025820259202602026120262202632026420265202662026720268202692027020271202722027320274202752027620277202782027920280202812028220283202842028520286202872028820289202902029120292202932029420295202962029720298202992030020301203022030320304203052030620307203082030920310203112031220313203142031520316203172031820319203202032120322203232032420325203262032720328203292033020331203322033320334203352033620337203382033920340203412034220343203442034520346203472034820349203502035120352203532035420355203562035720358203592036020361203622036320364203652036620367203682036920370203712037220373203742037520376203772037820379203802038120382203832038420385203862038720388203892039020391203922039320394203952039620397203982039920400204012040220403204042040520406204072040820409204102041120412204132041420415204162041720418204192042020421204222042320424204252042620427204282042920430204312043220433204342043520436204372043820439204402044120442204432044420445204462044720448204492045020451204522045320454204552045620457204582045920460204612046220463204642046520466204672046820469204702047120472204732047420475204762047720478204792048020481204822048320484204852048620487204882048920490204912049220493204942049520496204972049820499205002050120502205032050420505205062050720508205092051020511205122051320514205152051620517205182051920520205212052220523205242052520526205272052820529205302053120532205332053420535205362053720538205392054020541205422054320544205452054620547205482054920550205512055220553205542055520556205572055820559205602056120562205632056420565205662056720568205692057020571205722057320574205752057620577205782057920580205812058220583205842058520586205872058820589205902059120592205932059420595205962059720598205992060020601206022060320604206052060620607206082060920610206112061220613206142061520616206172061820619206202062120622206232062420625206262062720628206292063020631206322063320634206352063620637206382063920640206412064220643206442064520646206472064820649206502065120652206532065420655206562065720658206592066020661206622066320664206652066620667206682066920670206712067220673206742067520676206772067820679206802068120682206832068420685206862068720688206892069020691206922069320694206952069620697206982069920700207012070220703207042070520706207072070820709207102071120712207132071420715207162071720718207192072020721207222072320724207252072620727207282072920730207312073220733207342073520736207372073820739207402074120742207432074420745207462074720748207492075020751207522075320754207552075620757207582075920760207612076220763207642076520766207672076820769207702077120772207732077420775207762077720778207792078020781207822078320784207852078620787207882078920790207912079220793207942079520796207972079820799208002080120802208032080420805208062080720808208092081020811208122081320814208152081620817208182081920820208212082220823208242082520826208272082820829208302083120832208332083420835208362083720838208392084020841208422084320844208452084620847208482084920850208512085220853208542085520856208572085820859208602086120862208632086420865208662086720868208692087020871208722087320874208752087620877208782087920880208812088220883208842088520886208872088820889208902089120892208932089420895208962089720898208992090020901209022090320904209052090620907209082090920910209112091220913209142091520916209172091820919209202092120922209232092420925209262092720928209292093020931209322093320934209352093620937209382093920940209412094220943209442094520946209472094820949209502095120952209532095420955209562095720958209592096020961209622096320964209652096620967209682096920970209712097220973209742097520976209772097820979209802098120982209832098420985209862098720988209892099020991209922099320994209952099620997209982099921000210012100221003210042100521006210072100821009210102101121012210132101421015210162101721018210192102021021210222102321024210252102621027210282102921030210312103221033210342103521036210372103821039210402104121042210432104421045210462104721048210492105021051210522105321054210552105621057210582105921060210612106221063210642106521066210672106821069210702107121072210732107421075210762107721078210792108021081210822108321084210852108621087210882108921090210912109221093210942109521096210972109821099211002110121102211032110421105211062110721108211092111021111211122111321114211152111621117211182111921120211212112221123211242112521126211272112821129211302113121132211332113421135211362113721138211392114021141211422114321144211452114621147211482114921150211512115221153211542115521156211572115821159211602116121162211632116421165211662116721168211692117021171211722117321174211752117621177211782117921180211812118221183211842118521186211872118821189211902119121192211932119421195211962119721198211992120021201212022120321204212052120621207212082120921210212112121221213212142121521216212172121821219212202122121222212232122421225212262122721228212292123021231212322123321234212352123621237212382123921240212412124221243212442124521246212472124821249212502125121252212532125421255212562125721258212592126021261212622126321264212652126621267212682126921270212712127221273212742127521276212772127821279212802128121282212832128421285212862128721288212892129021291212922129321294212952129621297212982129921300213012130221303213042130521306213072130821309213102131121312213132131421315213162131721318213192132021321213222132321324213252132621327213282132921330213312133221333213342133521336213372133821339213402134121342213432134421345213462134721348213492135021351213522135321354213552135621357213582135921360213612136221363213642136521366213672136821369213702137121372213732137421375213762137721378213792138021381213822138321384213852138621387213882138921390213912139221393213942139521396213972139821399214002140121402214032140421405214062140721408214092141021411214122141321414214152141621417214182141921420214212142221423214242142521426214272142821429214302143121432214332143421435214362143721438214392144021441214422144321444214452144621447214482144921450214512145221453214542145521456214572145821459214602146121462214632146421465214662146721468214692147021471214722147321474214752147621477214782147921480214812148221483214842148521486214872148821489214902149121492214932149421495214962149721498214992150021501215022150321504215052150621507215082150921510215112151221513215142151521516215172151821519215202152121522215232152421525215262152721528215292153021531215322153321534215352153621537215382153921540215412154221543215442154521546215472154821549215502155121552215532155421555215562155721558215592156021561215622156321564215652156621567215682156921570215712157221573215742157521576215772157821579215802158121582215832158421585215862158721588215892159021591215922159321594215952159621597215982159921600216012160221603216042160521606216072160821609216102161121612216132161421615216162161721618216192162021621216222162321624216252162621627216282162921630216312163221633216342163521636216372163821639216402164121642216432164421645216462164721648216492165021651216522165321654216552165621657216582165921660216612166221663216642166521666216672166821669216702167121672216732167421675216762167721678216792168021681216822168321684216852168621687216882168921690216912169221693216942169521696216972169821699217002170121702217032170421705217062170721708217092171021711217122171321714217152171621717217182171921720217212172221723217242172521726217272172821729217302173121732217332173421735217362173721738217392174021741217422174321744217452174621747217482174921750217512175221753217542175521756217572175821759217602176121762217632176421765217662176721768217692177021771217722177321774217752177621777217782177921780217812178221783217842178521786217872178821789217902179121792217932179421795217962179721798217992180021801218022180321804218052180621807218082180921810218112181221813218142181521816218172181821819218202182121822218232182421825218262182721828218292183021831218322183321834218352183621837218382183921840218412184221843218442184521846218472184821849218502185121852218532185421855218562185721858218592186021861218622186321864218652186621867218682186921870218712187221873218742187521876218772187821879218802188121882218832188421885218862188721888218892189021891218922189321894218952189621897218982189921900219012190221903219042190521906219072190821909219102191121912219132191421915219162191721918219192192021921219222192321924219252192621927219282192921930219312193221933219342193521936219372193821939219402194121942219432194421945219462194721948219492195021951219522195321954219552195621957219582195921960219612196221963219642196521966219672196821969219702197121972219732197421975219762197721978219792198021981219822198321984219852198621987219882198921990219912199221993219942199521996219972199821999220002200122002220032200422005220062200722008220092201022011220122201322014220152201622017220182201922020220212202222023220242202522026220272202822029220302203122032220332203422035220362203722038220392204022041220422204322044220452204622047220482204922050220512205222053220542205522056220572205822059220602206122062220632206422065220662206722068220692207022071220722207322074220752207622077220782207922080220812208222083220842208522086220872208822089220902209122092220932209422095220962209722098220992210022101221022210322104221052210622107221082210922110221112211222113221142211522116221172211822119221202212122122221232212422125221262212722128221292213022131221322213322134221352213622137221382213922140221412214222143221442214522146221472214822149221502215122152221532215422155221562215722158221592216022161221622216322164221652216622167221682216922170221712217222173221742217522176221772217822179221802218122182221832218422185221862218722188221892219022191221922219322194221952219622197221982219922200222012220222203222042220522206222072220822209222102221122212222132221422215222162221722218222192222022221222222222322224222252222622227222282222922230222312223222233222342223522236222372223822239222402224122242222432224422245222462224722248222492225022251222522225322254222552225622257222582225922260222612226222263222642226522266222672226822269222702227122272222732227422275222762227722278222792228022281222822228322284222852228622287222882228922290222912229222293222942229522296222972229822299223002230122302223032230422305223062230722308223092231022311223122231322314223152231622317223182231922320223212232222323223242232522326223272232822329223302233122332223332233422335223362233722338223392234022341223422234322344223452234622347223482234922350223512235222353223542235522356223572235822359223602236122362223632236422365223662236722368223692237022371223722237322374223752237622377223782237922380223812238222383223842238522386223872238822389223902239122392223932239422395223962239722398223992240022401224022240322404224052240622407224082240922410224112241222413224142241522416224172241822419224202242122422224232242422425224262242722428224292243022431224322243322434224352243622437224382243922440224412244222443224442244522446224472244822449224502245122452224532245422455224562245722458224592246022461224622246322464224652246622467224682246922470224712247222473224742247522476224772247822479224802248122482224832248422485224862248722488224892249022491224922249322494224952249622497224982249922500225012250222503225042250522506225072250822509225102251122512225132251422515225162251722518225192252022521225222252322524225252252622527225282252922530225312253222533225342253522536225372253822539225402254122542225432254422545225462254722548225492255022551225522255322554225552255622557225582255922560225612256222563225642256522566225672256822569225702257122572225732257422575225762257722578225792258022581225822258322584225852258622587225882258922590225912259222593225942259522596225972259822599226002260122602226032260422605226062260722608226092261022611226122261322614226152261622617226182261922620226212262222623226242262522626226272262822629226302263122632226332263422635226362263722638226392264022641226422264322644226452264622647226482264922650226512265222653226542265522656226572265822659226602266122662226632266422665226662266722668226692267022671226722267322674226752267622677226782267922680226812268222683226842268522686226872268822689226902269122692226932269422695226962269722698226992270022701227022270322704227052270622707227082270922710227112271222713227142271522716227172271822719227202272122722227232272422725227262272722728227292273022731227322273322734227352273622737227382273922740227412274222743227442274522746227472274822749227502275122752227532275422755227562275722758227592276022761227622276322764227652276622767227682276922770227712277222773227742277522776227772277822779227802278122782227832278422785227862278722788227892279022791227922279322794227952279622797227982279922800228012280222803228042280522806228072280822809228102281122812228132281422815228162281722818228192282022821228222282322824228252282622827228282282922830228312283222833228342283522836228372283822839228402284122842228432284422845228462284722848228492285022851228522285322854228552285622857228582285922860228612286222863228642286522866228672286822869228702287122872228732287422875228762287722878228792288022881228822288322884228852288622887228882288922890228912289222893228942289522896228972289822899229002290122902229032290422905229062290722908229092291022911229122291322914229152291622917229182291922920229212292222923229242292522926229272292822929229302293122932229332293422935229362293722938229392294022941229422294322944229452294622947229482294922950229512295222953229542295522956229572295822959229602296122962229632296422965229662296722968229692297022971229722297322974229752297622977229782297922980229812298222983229842298522986229872298822989229902299122992229932299422995229962299722998229992300023001230022300323004230052300623007230082300923010230112301223013230142301523016230172301823019230202302123022230232302423025230262302723028230292303023031230322303323034230352303623037230382303923040230412304223043230442304523046230472304823049230502305123052230532305423055230562305723058230592306023061230622306323064230652306623067230682306923070230712307223073230742307523076230772307823079230802308123082230832308423085230862308723088230892309023091230922309323094230952309623097230982309923100231012310223103231042310523106231072310823109231102311123112231132311423115231162311723118231192312023121231222312323124231252312623127231282312923130231312313223133231342313523136231372313823139231402314123142231432314423145231462314723148231492315023151231522315323154231552315623157231582315923160231612316223163231642316523166231672316823169231702317123172231732317423175231762317723178231792318023181231822318323184231852318623187231882318923190231912319223193231942319523196231972319823199232002320123202232032320423205232062320723208232092321023211232122321323214232152321623217232182321923220232212322223223232242322523226232272322823229232302323123232232332323423235232362323723238232392324023241232422324323244232452324623247232482324923250232512325223253232542325523256232572325823259232602326123262232632326423265232662326723268232692327023271232722327323274232752327623277232782327923280232812328223283232842328523286232872328823289232902329123292232932329423295232962329723298232992330023301233022330323304233052330623307233082330923310233112331223313233142331523316233172331823319233202332123322233232332423325233262332723328233292333023331233322333323334233352333623337233382333923340233412334223343233442334523346233472334823349233502335123352233532335423355233562335723358233592336023361233622336323364233652336623367233682336923370233712337223373233742337523376233772337823379233802338123382233832338423385233862338723388233892339023391233922339323394233952339623397233982339923400234012340223403234042340523406234072340823409234102341123412234132341423415234162341723418234192342023421234222342323424234252342623427234282342923430234312343223433234342343523436234372343823439234402344123442234432344423445234462344723448234492345023451234522345323454234552345623457234582345923460234612346223463234642346523466234672346823469234702347123472234732347423475234762347723478234792348023481234822348323484234852348623487234882348923490234912349223493234942349523496234972349823499235002350123502235032350423505235062350723508235092351023511235122351323514235152351623517235182351923520235212352223523235242352523526235272352823529235302353123532235332353423535235362353723538235392354023541235422354323544235452354623547235482354923550235512355223553235542355523556235572355823559235602356123562235632356423565235662356723568235692357023571235722357323574235752357623577235782357923580235812358223583235842358523586235872358823589235902359123592235932359423595235962359723598235992360023601236022360323604236052360623607236082360923610236112361223613236142361523616236172361823619236202362123622236232362423625236262362723628236292363023631236322363323634236352363623637236382363923640236412364223643236442364523646236472364823649236502365123652236532365423655236562365723658236592366023661236622366323664236652366623667236682366923670236712367223673236742367523676236772367823679236802368123682236832368423685236862368723688236892369023691236922369323694236952369623697236982369923700237012370223703237042370523706237072370823709237102371123712237132371423715237162371723718237192372023721237222372323724237252372623727237282372923730237312373223733237342373523736237372373823739237402374123742237432374423745237462374723748237492375023751237522375323754237552375623757237582375923760237612376223763237642376523766237672376823769237702377123772237732377423775237762377723778237792378023781237822378323784237852378623787237882378923790237912379223793237942379523796237972379823799238002380123802238032380423805238062380723808238092381023811238122381323814238152381623817238182381923820238212382223823238242382523826238272382823829238302383123832238332383423835238362383723838238392384023841238422384323844238452384623847238482384923850238512385223853238542385523856238572385823859238602386123862238632386423865238662386723868238692387023871238722387323874238752387623877238782387923880238812388223883238842388523886238872388823889238902389123892238932389423895238962389723898238992390023901239022390323904239052390623907239082390923910239112391223913239142391523916239172391823919239202392123922239232392423925239262392723928239292393023931239322393323934239352393623937239382393923940239412394223943239442394523946239472394823949239502395123952239532395423955239562395723958239592396023961239622396323964239652396623967239682396923970239712397223973239742397523976239772397823979239802398123982239832398423985239862398723988239892399023991239922399323994239952399623997239982399924000240012400224003240042400524006240072400824009240102401124012240132401424015240162401724018240192402024021240222402324024240252402624027240282402924030240312403224033240342403524036240372403824039240402404124042240432404424045240462404724048240492405024051240522405324054240552405624057240582405924060240612406224063240642406524066240672406824069240702407124072240732407424075240762407724078240792408024081240822408324084240852408624087240882408924090240912409224093240942409524096240972409824099241002410124102241032410424105241062410724108241092411024111241122411324114241152411624117241182411924120241212412224123241242412524126241272412824129241302413124132241332413424135241362413724138241392414024141241422414324144241452414624147241482414924150241512415224153241542415524156241572415824159241602416124162241632416424165241662416724168241692417024171241722417324174241752417624177241782417924180241812418224183241842418524186241872418824189241902419124192241932419424195241962419724198241992420024201242022420324204242052420624207242082420924210242112421224213242142421524216242172421824219242202422124222242232422424225242262422724228242292423024231242322423324234242352423624237242382423924240242412424224243242442424524246242472424824249242502425124252242532425424255242562425724258242592426024261242622426324264242652426624267242682426924270242712427224273242742427524276242772427824279242802428124282242832428424285242862428724288242892429024291242922429324294242952429624297242982429924300243012430224303243042430524306243072430824309243102431124312243132431424315243162431724318243192432024321243222432324324243252432624327243282432924330243312433224333243342433524336243372433824339243402434124342243432434424345243462434724348243492435024351243522435324354243552435624357243582435924360243612436224363243642436524366243672436824369243702437124372243732437424375243762437724378243792438024381243822438324384243852438624387243882438924390243912439224393243942439524396243972439824399244002440124402244032440424405244062440724408244092441024411244122441324414244152441624417244182441924420244212442224423244242442524426244272442824429244302443124432244332443424435244362443724438244392444024441244422444324444244452444624447244482444924450244512445224453244542445524456244572445824459244602446124462244632446424465244662446724468244692447024471244722447324474244752447624477244782447924480244812448224483244842448524486244872448824489244902449124492244932449424495244962449724498244992450024501245022450324504245052450624507245082450924510245112451224513245142451524516245172451824519245202452124522245232452424525245262452724528245292453024531245322453324534245352453624537245382453924540245412454224543245442454524546245472454824549245502455124552245532455424555245562455724558245592456024561245622456324564245652456624567245682456924570245712457224573245742457524576245772457824579245802458124582245832458424585245862458724588245892459024591245922459324594245952459624597245982459924600246012460224603246042460524606246072460824609246102461124612246132461424615246162461724618246192462024621246222462324624246252462624627246282462924630246312463224633246342463524636246372463824639246402464124642246432464424645246462464724648246492465024651246522465324654246552465624657246582465924660246612466224663246642466524666246672466824669246702467124672246732467424675246762467724678246792468024681246822468324684246852468624687246882468924690246912469224693246942469524696246972469824699247002470124702247032470424705247062470724708247092471024711247122471324714247152471624717247182471924720247212472224723247242472524726247272472824729247302473124732247332473424735247362473724738247392474024741247422474324744247452474624747247482474924750247512475224753247542475524756247572475824759247602476124762247632476424765247662476724768247692477024771247722477324774247752477624777247782477924780247812478224783247842478524786247872478824789247902479124792247932479424795247962479724798247992480024801248022480324804248052480624807248082480924810248112481224813248142481524816248172481824819248202482124822248232482424825248262482724828248292483024831248322483324834248352483624837248382483924840248412484224843248442484524846248472484824849248502485124852248532485424855248562485724858248592486024861248622486324864248652486624867248682486924870248712487224873248742487524876248772487824879248802488124882248832488424885248862488724888248892489024891248922489324894248952489624897248982489924900249012490224903249042490524906249072490824909249102491124912249132491424915249162491724918249192492024921249222492324924249252492624927249282492924930249312493224933249342493524936249372493824939249402494124942249432494424945249462494724948249492495024951249522495324954249552495624957249582495924960249612496224963249642496524966249672496824969249702497124972249732497424975249762497724978249792498024981249822498324984249852498624987249882498924990249912499224993249942499524996249972499824999250002500125002250032500425005250062500725008250092501025011250122501325014250152501625017250182501925020250212502225023250242502525026250272502825029250302503125032250332503425035250362503725038250392504025041250422504325044250452504625047250482504925050250512505225053250542505525056250572505825059250602506125062250632506425065250662506725068250692507025071250722507325074250752507625077250782507925080250812508225083250842508525086250872508825089250902509125092250932509425095250962509725098250992510025101251022510325104251052510625107251082510925110251112511225113251142511525116251172511825119251202512125122251232512425125251262512725128251292513025131251322513325134251352513625137251382513925140251412514225143251442514525146251472514825149251502515125152251532515425155251562515725158251592516025161251622516325164251652516625167251682516925170251712517225173251742517525176251772517825179251802518125182251832518425185251862518725188251892519025191251922519325194251952519625197251982519925200252012520225203252042520525206252072520825209252102521125212252132521425215252162521725218252192522025221252222522325224252252522625227252282522925230252312523225233252342523525236252372523825239252402524125242252432524425245252462524725248252492525025251252522525325254252552525625257252582525925260252612526225263252642526525266252672526825269252702527125272252732527425275252762527725278252792528025281252822528325284252852528625287252882528925290252912529225293252942529525296252972529825299253002530125302253032530425305253062530725308253092531025311253122531325314253152531625317253182531925320253212532225323253242532525326253272532825329253302533125332253332533425335253362533725338253392534025341253422534325344253452534625347253482534925350253512535225353253542535525356253572535825359253602536125362253632536425365253662536725368253692537025371253722537325374253752537625377253782537925380253812538225383253842538525386253872538825389253902539125392253932539425395253962539725398253992540025401254022540325404254052540625407254082540925410254112541225413254142541525416254172541825419254202542125422254232542425425254262542725428254292543025431254322543325434254352543625437254382543925440254412544225443254442544525446254472544825449254502545125452254532545425455254562545725458254592546025461254622546325464254652546625467254682546925470254712547225473254742547525476254772547825479254802548125482254832548425485254862548725488254892549025491254922549325494254952549625497254982549925500255012550225503255042550525506255072550825509255102551125512255132551425515255162551725518255192552025521255222552325524255252552625527255282552925530255312553225533255342553525536255372553825539255402554125542255432554425545255462554725548255492555025551255522555325554255552555625557255582555925560255612556225563255642556525566255672556825569255702557125572255732557425575255762557725578255792558025581255822558325584255852558625587255882558925590255912559225593255942559525596255972559825599256002560125602256032560425605256062560725608256092561025611256122561325614256152561625617256182561925620256212562225623256242562525626256272562825629256302563125632256332563425635256362563725638256392564025641256422564325644256452564625647256482564925650256512565225653256542565525656256572565825659256602566125662256632566425665256662566725668256692567025671256722567325674256752567625677256782567925680256812568225683256842568525686256872568825689256902569125692256932569425695256962569725698256992570025701257022570325704257052570625707257082570925710257112571225713257142571525716257172571825719257202572125722257232572425725257262572725728257292573025731257322573325734257352573625737257382573925740257412574225743257442574525746257472574825749257502575125752257532575425755257562575725758257592576025761257622576325764257652576625767257682576925770257712577225773257742577525776257772577825779257802578125782257832578425785257862578725788257892579025791257922579325794257952579625797257982579925800258012580225803258042580525806258072580825809258102581125812258132581425815258162581725818258192582025821258222582325824258252582625827258282582925830258312583225833258342583525836258372583825839258402584125842258432584425845258462584725848258492585025851258522585325854258552585625857258582585925860258612586225863258642586525866258672586825869258702587125872258732587425875258762587725878258792588025881258822588325884258852588625887258882588925890258912589225893258942589525896258972589825899259002590125902259032590425905259062590725908259092591025911259122591325914259152591625917259182591925920259212592225923259242592525926259272592825929259302593125932259332593425935259362593725938259392594025941259422594325944259452594625947259482594925950259512595225953259542595525956259572595825959259602596125962259632596425965259662596725968259692597025971259722597325974259752597625977259782597925980259812598225983259842598525986259872598825989259902599125992259932599425995259962599725998259992600026001260022600326004260052600626007260082600926010260112601226013260142601526016260172601826019260202602126022260232602426025260262602726028260292603026031260322603326034260352603626037260382603926040260412604226043260442604526046260472604826049260502605126052260532605426055260562605726058260592606026061260622606326064260652606626067260682606926070260712607226073260742607526076260772607826079260802608126082260832608426085260862608726088260892609026091260922609326094260952609626097260982609926100261012610226103261042610526106261072610826109261102611126112261132611426115261162611726118261192612026121261222612326124261252612626127261282612926130261312613226133261342613526136261372613826139261402614126142261432614426145261462614726148261492615026151261522615326154261552615626157261582615926160261612616226163261642616526166261672616826169261702617126172261732617426175261762617726178261792618026181261822618326184261852618626187261882618926190261912619226193261942619526196261972619826199262002620126202262032620426205262062620726208262092621026211262122621326214262152621626217262182621926220262212622226223262242622526226262272622826229262302623126232262332623426235262362623726238262392624026241262422624326244262452624626247262482624926250262512625226253262542625526256262572625826259262602626126262262632626426265262662626726268262692627026271262722627326274262752627626277262782627926280262812628226283262842628526286262872628826289262902629126292262932629426295262962629726298262992630026301263022630326304263052630626307263082630926310263112631226313263142631526316263172631826319263202632126322263232632426325263262632726328263292633026331263322633326334263352633626337263382633926340263412634226343263442634526346263472634826349263502635126352263532635426355263562635726358263592636026361263622636326364263652636626367263682636926370263712637226373263742637526376263772637826379263802638126382263832638426385263862638726388263892639026391263922639326394263952639626397263982639926400264012640226403264042640526406264072640826409264102641126412264132641426415264162641726418264192642026421264222642326424264252642626427264282642926430264312643226433264342643526436264372643826439264402644126442264432644426445264462644726448264492645026451264522645326454264552645626457264582645926460264612646226463264642646526466264672646826469264702647126472264732647426475264762647726478264792648026481264822648326484264852648626487264882648926490264912649226493264942649526496264972649826499265002650126502265032650426505265062650726508265092651026511265122651326514265152651626517265182651926520265212652226523265242652526526265272652826529265302653126532265332653426535265362653726538265392654026541265422654326544265452654626547265482654926550265512655226553265542655526556265572655826559265602656126562265632656426565265662656726568265692657026571265722657326574265752657626577265782657926580265812658226583265842658526586265872658826589265902659126592265932659426595265962659726598265992660026601266022660326604266052660626607266082660926610266112661226613266142661526616266172661826619266202662126622266232662426625266262662726628266292663026631266322663326634266352663626637266382663926640266412664226643266442664526646266472664826649266502665126652266532665426655266562665726658266592666026661266622666326664266652666626667266682666926670266712667226673266742667526676266772667826679266802668126682266832668426685266862668726688266892669026691266922669326694266952669626697266982669926700267012670226703267042670526706267072670826709267102671126712267132671426715267162671726718267192672026721267222672326724267252672626727267282672926730267312673226733267342673526736267372673826739267402674126742267432674426745267462674726748267492675026751267522675326754267552675626757267582675926760267612676226763267642676526766267672676826769267702677126772267732677426775267762677726778267792678026781267822678326784267852678626787267882678926790267912679226793267942679526796267972679826799268002680126802268032680426805268062680726808268092681026811268122681326814268152681626817268182681926820268212682226823268242682526826268272682826829268302683126832268332683426835268362683726838268392684026841268422684326844268452684626847268482684926850268512685226853268542685526856268572685826859268602686126862268632686426865268662686726868268692687026871268722687326874268752687626877268782687926880268812688226883268842688526886268872688826889268902689126892268932689426895268962689726898268992690026901269022690326904269052690626907269082690926910269112691226913269142691526916269172691826919269202692126922269232692426925269262692726928269292693026931269322693326934269352693626937269382693926940269412694226943269442694526946269472694826949269502695126952269532695426955269562695726958269592696026961269622696326964269652696626967269682696926970269712697226973269742697526976269772697826979269802698126982269832698426985269862698726988269892699026991269922699326994269952699626997269982699927000270012700227003270042700527006270072700827009270102701127012270132701427015270162701727018270192702027021270222702327024270252702627027270282702927030270312703227033270342703527036270372703827039270402704127042270432704427045270462704727048270492705027051270522705327054270552705627057270582705927060270612706227063270642706527066270672706827069270702707127072270732707427075270762707727078270792708027081270822708327084270852708627087270882708927090270912709227093270942709527096270972709827099271002710127102271032710427105271062710727108271092711027111271122711327114271152711627117271182711927120271212712227123271242712527126271272712827129271302713127132271332713427135271362713727138271392714027141271422714327144271452714627147271482714927150271512715227153271542715527156271572715827159271602716127162271632716427165271662716727168271692717027171271722717327174271752717627177271782717927180271812718227183271842718527186271872718827189271902719127192271932719427195271962719727198271992720027201272022720327204272052720627207272082720927210272112721227213272142721527216272172721827219272202722127222272232722427225272262722727228272292723027231272322723327234272352723627237272382723927240272412724227243272442724527246272472724827249272502725127252272532725427255272562725727258272592726027261272622726327264272652726627267272682726927270272712727227273272742727527276272772727827279272802728127282272832728427285272862728727288272892729027291272922729327294272952729627297272982729927300273012730227303273042730527306273072730827309273102731127312273132731427315273162731727318273192732027321273222732327324273252732627327273282732927330273312733227333273342733527336273372733827339273402734127342273432734427345273462734727348273492735027351273522735327354273552735627357273582735927360273612736227363273642736527366273672736827369273702737127372273732737427375273762737727378273792738027381273822738327384273852738627387273882738927390273912739227393273942739527396273972739827399274002740127402274032740427405274062740727408274092741027411274122741327414274152741627417274182741927420274212742227423274242742527426274272742827429274302743127432274332743427435274362743727438274392744027441274422744327444274452744627447274482744927450274512745227453274542745527456274572745827459274602746127462274632746427465274662746727468274692747027471274722747327474274752747627477274782747927480274812748227483274842748527486274872748827489274902749127492274932749427495274962749727498274992750027501275022750327504275052750627507275082750927510275112751227513275142751527516275172751827519275202752127522275232752427525275262752727528275292753027531275322753327534275352753627537275382753927540275412754227543275442754527546275472754827549275502755127552275532755427555275562755727558275592756027561275622756327564275652756627567275682756927570275712757227573275742757527576275772757827579275802758127582275832758427585275862758727588275892759027591275922759327594275952759627597275982759927600276012760227603276042760527606276072760827609276102761127612276132761427615276162761727618276192762027621276222762327624276252762627627276282762927630276312763227633276342763527636276372763827639276402764127642276432764427645276462764727648276492765027651276522765327654276552765627657276582765927660276612766227663276642766527666276672766827669276702767127672276732767427675276762767727678276792768027681276822768327684276852768627687276882768927690276912769227693276942769527696276972769827699277002770127702277032770427705277062770727708277092771027711277122771327714277152771627717277182771927720277212772227723277242772527726277272772827729277302773127732277332773427735277362773727738277392774027741277422774327744277452774627747277482774927750277512775227753277542775527756277572775827759277602776127762277632776427765277662776727768277692777027771277722777327774277752777627777277782777927780277812778227783277842778527786277872778827789277902779127792277932779427795277962779727798277992780027801278022780327804278052780627807278082780927810278112781227813278142781527816278172781827819278202782127822278232782427825278262782727828278292783027831278322783327834278352783627837278382783927840278412784227843278442784527846278472784827849278502785127852278532785427855278562785727858278592786027861278622786327864278652786627867278682786927870278712787227873278742787527876278772787827879278802788127882278832788427885278862788727888278892789027891278922789327894278952789627897278982789927900279012790227903279042790527906279072790827909279102791127912279132791427915279162791727918279192792027921279222792327924279252792627927279282792927930279312793227933279342793527936279372793827939279402794127942279432794427945279462794727948279492795027951279522795327954279552795627957279582795927960279612796227963279642796527966279672796827969279702797127972279732797427975279762797727978279792798027981279822798327984279852798627987279882798927990279912799227993279942799527996279972799827999280002800128002280032800428005280062800728008280092801028011280122801328014280152801628017280182801928020280212802228023280242802528026280272802828029280302803128032280332803428035280362803728038280392804028041280422804328044280452804628047280482804928050280512805228053280542805528056280572805828059280602806128062280632806428065280662806728068280692807028071280722807328074280752807628077280782807928080280812808228083280842808528086280872808828089280902809128092280932809428095280962809728098280992810028101281022810328104281052810628107281082810928110281112811228113281142811528116281172811828119281202812128122281232812428125281262812728128281292813028131281322813328134281352813628137281382813928140281412814228143281442814528146281472814828149281502815128152281532815428155281562815728158281592816028161281622816328164281652816628167281682816928170281712817228173281742817528176281772817828179281802818128182281832818428185281862818728188281892819028191281922819328194281952819628197281982819928200282012820228203282042820528206282072820828209282102821128212282132821428215282162821728218282192822028221282222822328224282252822628227282282822928230282312823228233282342823528236282372823828239282402824128242282432824428245282462824728248282492825028251282522825328254282552825628257282582825928260282612826228263282642826528266282672826828269282702827128272282732827428275282762827728278282792828028281282822828328284282852828628287282882828928290282912829228293282942829528296282972829828299283002830128302283032830428305283062830728308283092831028311283122831328314283152831628317283182831928320283212832228323283242832528326283272832828329283302833128332283332833428335283362833728338283392834028341283422834328344283452834628347283482834928350283512835228353283542835528356283572835828359283602836128362283632836428365283662836728368283692837028371283722837328374283752837628377283782837928380283812838228383283842838528386283872838828389283902839128392283932839428395283962839728398283992840028401284022840328404284052840628407284082840928410284112841228413284142841528416284172841828419284202842128422284232842428425284262842728428284292843028431284322843328434284352843628437284382843928440284412844228443284442844528446284472844828449284502845128452284532845428455284562845728458284592846028461284622846328464284652846628467284682846928470284712847228473284742847528476284772847828479284802848128482284832848428485284862848728488284892849028491284922849328494284952849628497284982849928500285012850228503285042850528506285072850828509285102851128512285132851428515285162851728518285192852028521285222852328524285252852628527285282852928530285312853228533285342853528536285372853828539285402854128542285432854428545285462854728548285492855028551285522855328554285552855628557285582855928560285612856228563285642856528566285672856828569285702857128572285732857428575285762857728578285792858028581285822858328584285852858628587285882858928590285912859228593285942859528596285972859828599286002860128602286032860428605286062860728608286092861028611286122861328614286152861628617286182861928620286212862228623286242862528626286272862828629286302863128632286332863428635286362863728638286392864028641286422864328644286452864628647286482864928650286512865228653286542865528656286572865828659286602866128662286632866428665286662866728668286692867028671286722867328674286752867628677286782867928680286812868228683286842868528686286872868828689286902869128692286932869428695286962869728698286992870028701287022870328704287052870628707287082870928710287112871228713287142871528716287172871828719287202872128722287232872428725287262872728728287292873028731287322873328734287352873628737287382873928740287412874228743287442874528746287472874828749287502875128752287532875428755287562875728758287592876028761287622876328764287652876628767287682876928770287712877228773287742877528776287772877828779287802878128782287832878428785287862878728788287892879028791287922879328794287952879628797287982879928800288012880228803288042880528806288072880828809288102881128812288132881428815288162881728818288192882028821288222882328824288252882628827288282882928830288312883228833288342883528836288372883828839288402884128842288432884428845288462884728848288492885028851288522885328854288552885628857288582885928860288612886228863288642886528866288672886828869288702887128872288732887428875288762887728878288792888028881288822888328884288852888628887288882888928890288912889228893288942889528896288972889828899289002890128902289032890428905289062890728908289092891028911289122891328914289152891628917289182891928920289212892228923289242892528926289272892828929289302893128932289332893428935289362893728938289392894028941289422894328944289452894628947289482894928950289512895228953289542895528956289572895828959289602896128962289632896428965289662896728968289692897028971289722897328974289752897628977289782897928980289812898228983289842898528986289872898828989289902899128992289932899428995289962899728998289992900029001290022900329004290052900629007290082900929010290112901229013290142901529016290172901829019290202902129022290232902429025290262902729028290292903029031290322903329034290352903629037290382903929040290412904229043290442904529046290472904829049290502905129052290532905429055290562905729058290592906029061290622906329064290652906629067290682906929070290712907229073290742907529076290772907829079290802908129082290832908429085290862908729088290892909029091290922909329094290952909629097290982909929100291012910229103291042910529106291072910829109291102911129112291132911429115291162911729118291192912029121291222912329124291252912629127291282912929130291312913229133291342913529136291372913829139291402914129142291432914429145291462914729148291492915029151291522915329154291552915629157291582915929160291612916229163291642916529166291672916829169291702917129172291732917429175291762917729178291792918029181291822918329184291852918629187291882918929190291912919229193291942919529196291972919829199292002920129202292032920429205292062920729208292092921029211292122921329214292152921629217292182921929220292212922229223292242922529226292272922829229292302923129232292332923429235292362923729238292392924029241292422924329244292452924629247292482924929250292512925229253292542925529256292572925829259292602926129262292632926429265292662926729268292692927029271292722927329274292752927629277292782927929280292812928229283292842928529286292872928829289292902929129292292932929429295292962929729298292992930029301293022930329304293052930629307293082930929310293112931229313293142931529316293172931829319293202932129322293232932429325293262932729328293292933029331293322933329334293352933629337293382933929340293412934229343293442934529346293472934829349293502935129352293532935429355293562935729358293592936029361293622936329364293652936629367293682936929370293712937229373293742937529376293772937829379293802938129382293832938429385293862938729388293892939029391293922939329394293952939629397293982939929400294012940229403294042940529406294072940829409294102941129412294132941429415294162941729418294192942029421294222942329424294252942629427294282942929430294312943229433294342943529436294372943829439294402944129442294432944429445294462944729448294492945029451294522945329454294552945629457294582945929460294612946229463294642946529466294672946829469294702947129472294732947429475294762947729478294792948029481294822948329484294852948629487294882948929490294912949229493294942949529496294972949829499295002950129502295032950429505295062950729508295092951029511295122951329514295152951629517295182951929520295212952229523295242952529526295272952829529295302953129532295332953429535295362953729538295392954029541295422954329544295452954629547295482954929550295512955229553295542955529556295572955829559295602956129562295632956429565295662956729568295692957029571295722957329574295752957629577295782957929580295812958229583295842958529586295872958829589295902959129592295932959429595295962959729598295992960029601296022960329604296052960629607296082960929610296112961229613296142961529616296172961829619296202962129622296232962429625296262962729628296292963029631296322963329634296352963629637296382963929640296412964229643296442964529646296472964829649296502965129652296532965429655296562965729658296592966029661296622966329664296652966629667296682966929670296712967229673296742967529676296772967829679296802968129682296832968429685296862968729688296892969029691296922969329694296952969629697296982969929700297012970229703297042970529706297072970829709297102971129712297132971429715297162971729718297192972029721297222972329724297252972629727297282972929730297312973229733297342973529736297372973829739297402974129742297432974429745297462974729748297492975029751297522975329754297552975629757297582975929760297612976229763297642976529766297672976829769297702977129772297732977429775297762977729778297792978029781297822978329784297852978629787297882978929790297912979229793297942979529796297972979829799298002980129802298032980429805298062980729808298092981029811298122981329814298152981629817298182981929820298212982229823298242982529826298272982829829298302983129832298332983429835298362983729838298392984029841298422984329844298452984629847298482984929850298512985229853298542985529856298572985829859298602986129862298632986429865298662986729868298692987029871298722987329874298752987629877298782987929880298812988229883298842988529886298872988829889298902989129892298932989429895298962989729898298992990029901299022990329904299052990629907299082990929910299112991229913299142991529916299172991829919299202992129922299232992429925299262992729928299292993029931299322993329934299352993629937299382993929940299412994229943299442994529946299472994829949299502995129952299532995429955299562995729958299592996029961299622996329964299652996629967299682996929970299712997229973299742997529976299772997829979299802998129982299832998429985299862998729988299892999029991299922999329994299952999629997299982999930000300013000230003300043000530006300073000830009300103001130012300133001430015300163001730018300193002030021300223002330024300253002630027300283002930030300313003230033300343003530036300373003830039300403004130042300433004430045300463004730048300493005030051300523005330054300553005630057300583005930060300613006230063300643006530066300673006830069300703007130072300733007430075300763007730078300793008030081300823008330084300853008630087300883008930090300913009230093300943009530096300973009830099301003010130102301033010430105301063010730108301093011030111301123011330114301153011630117301183011930120301213012230123301243012530126301273012830129301303013130132301333013430135301363013730138301393014030141301423014330144301453014630147301483014930150301513015230153301543015530156301573015830159301603016130162301633016430165301663016730168301693017030171301723017330174301753017630177301783017930180301813018230183301843018530186301873018830189301903019130192301933019430195301963019730198301993020030201302023020330204302053020630207302083020930210302113021230213302143021530216302173021830219302203022130222302233022430225302263022730228302293023030231302323023330234302353023630237302383023930240302413024230243302443024530246302473024830249302503025130252302533025430255302563025730258302593026030261302623026330264302653026630267302683026930270302713027230273302743027530276302773027830279302803028130282302833028430285302863028730288302893029030291302923029330294302953029630297302983029930300303013030230303303043030530306303073030830309303103031130312303133031430315303163031730318303193032030321303223032330324303253032630327303283032930330303313033230333303343033530336303373033830339303403034130342303433034430345303463034730348303493035030351303523035330354303553035630357303583035930360303613036230363303643036530366303673036830369303703037130372303733037430375303763037730378303793038030381303823038330384303853038630387303883038930390303913039230393303943039530396303973039830399304003040130402304033040430405304063040730408304093041030411304123041330414304153041630417304183041930420304213042230423304243042530426304273042830429304303043130432304333043430435304363043730438304393044030441304423044330444304453044630447304483044930450304513045230453304543045530456304573045830459304603046130462304633046430465304663046730468304693047030471304723047330474304753047630477304783047930480304813048230483304843048530486304873048830489304903049130492304933049430495304963049730498304993050030501305023050330504305053050630507305083050930510305113051230513305143051530516305173051830519305203052130522305233052430525305263052730528305293053030531305323053330534305353053630537305383053930540305413054230543305443054530546305473054830549305503055130552305533055430555305563055730558305593056030561305623056330564305653056630567305683056930570305713057230573305743057530576305773057830579305803058130582305833058430585305863058730588305893059030591305923059330594305953059630597305983059930600306013060230603306043060530606306073060830609306103061130612306133061430615306163061730618306193062030621306223062330624306253062630627306283062930630306313063230633306343063530636306373063830639306403064130642306433064430645306463064730648306493065030651306523065330654306553065630657306583065930660306613066230663306643066530666306673066830669306703067130672306733067430675306763067730678306793068030681306823068330684306853068630687306883068930690306913069230693306943069530696306973069830699307003070130702307033070430705307063070730708307093071030711307123071330714307153071630717307183071930720307213072230723307243072530726307273072830729307303073130732307333073430735307363073730738307393074030741307423074330744307453074630747307483074930750307513075230753307543075530756307573075830759307603076130762307633076430765307663076730768307693077030771307723077330774307753077630777307783077930780307813078230783307843078530786307873078830789307903079130792307933079430795307963079730798307993080030801308023080330804308053080630807308083080930810308113081230813308143081530816308173081830819308203082130822308233082430825308263082730828308293083030831308323083330834308353083630837308383083930840308413084230843308443084530846308473084830849308503085130852308533085430855308563085730858308593086030861308623086330864308653086630867308683086930870308713087230873308743087530876308773087830879308803088130882308833088430885308863088730888308893089030891308923089330894308953089630897308983089930900309013090230903309043090530906309073090830909309103091130912309133091430915309163091730918309193092030921309223092330924309253092630927309283092930930309313093230933309343093530936309373093830939309403094130942309433094430945309463094730948309493095030951309523095330954309553095630957309583095930960309613096230963309643096530966309673096830969309703097130972309733097430975309763097730978309793098030981309823098330984309853098630987309883098930990309913099230993309943099530996309973099830999310003100131002310033100431005310063100731008310093101031011310123101331014310153101631017310183101931020310213102231023310243102531026310273102831029310303103131032310333103431035310363103731038310393104031041310423104331044310453104631047310483104931050310513105231053310543105531056310573105831059310603106131062310633106431065310663106731068310693107031071310723107331074310753107631077310783107931080310813108231083310843108531086310873108831089310903109131092310933109431095310963109731098310993110031101311023110331104311053110631107311083110931110311113111231113311143111531116311173111831119311203112131122311233112431125311263112731128311293113031131311323113331134311353113631137311383113931140311413114231143311443114531146311473114831149311503115131152311533115431155311563115731158311593116031161311623116331164311653116631167311683116931170311713117231173311743117531176311773117831179311803118131182311833118431185311863118731188311893119031191311923119331194311953119631197311983119931200312013120231203312043120531206312073120831209312103121131212312133121431215312163121731218312193122031221312223122331224312253122631227312283122931230312313123231233312343123531236312373123831239312403124131242312433124431245312463124731248312493125031251312523125331254312553125631257312583125931260312613126231263312643126531266312673126831269312703127131272312733127431275312763127731278312793128031281312823128331284312853128631287312883128931290312913129231293312943129531296312973129831299313003130131302313033130431305313063130731308313093131031311313123131331314313153131631317313183131931320313213132231323313243132531326313273132831329313303133131332313333133431335313363133731338313393134031341313423134331344313453134631347313483134931350313513135231353313543135531356313573135831359313603136131362313633136431365313663136731368313693137031371313723137331374313753137631377313783137931380313813138231383313843138531386313873138831389313903139131392313933139431395313963139731398313993140031401314023140331404314053140631407314083140931410314113141231413314143141531416314173141831419314203142131422314233142431425314263142731428314293143031431314323143331434314353143631437314383143931440314413144231443314443144531446314473144831449314503145131452314533145431455314563145731458314593146031461314623146331464314653146631467314683146931470314713147231473314743147531476314773147831479314803148131482314833148431485314863148731488314893149031491314923149331494314953149631497314983149931500315013150231503315043150531506315073150831509315103151131512315133151431515315163151731518315193152031521315223152331524315253152631527315283152931530315313153231533315343153531536315373153831539315403154131542315433154431545315463154731548315493155031551315523155331554315553155631557315583155931560315613156231563315643156531566315673156831569315703157131572315733157431575315763157731578315793158031581315823158331584315853158631587315883158931590315913159231593315943159531596315973159831599316003160131602316033160431605316063160731608316093161031611316123161331614316153161631617316183161931620316213162231623316243162531626316273162831629316303163131632316333163431635316363163731638316393164031641316423164331644316453164631647316483164931650316513165231653316543165531656316573165831659316603166131662316633166431665316663166731668316693167031671316723167331674316753167631677316783167931680316813168231683316843168531686316873168831689316903169131692316933169431695316963169731698316993170031701317023170331704317053170631707317083170931710317113171231713317143171531716317173171831719317203172131722317233172431725317263172731728317293173031731317323173331734317353173631737317383173931740317413174231743317443174531746317473174831749317503175131752317533175431755317563175731758317593176031761317623176331764317653176631767317683176931770317713177231773317743177531776317773177831779317803178131782317833178431785317863178731788317893179031791317923179331794317953179631797317983179931800318013180231803318043180531806318073180831809318103181131812318133181431815318163181731818318193182031821318223182331824318253182631827318283182931830318313183231833318343183531836318373183831839318403184131842318433184431845318463184731848318493185031851318523185331854318553185631857318583185931860318613186231863318643186531866318673186831869318703187131872318733187431875318763187731878318793188031881318823188331884318853188631887318883188931890318913189231893318943189531896318973189831899319003190131902319033190431905319063190731908319093191031911319123191331914319153191631917319183191931920319213192231923319243192531926319273192831929319303193131932319333193431935319363193731938319393194031941319423194331944319453194631947319483194931950319513195231953319543195531956319573195831959319603196131962319633196431965319663196731968319693197031971319723197331974319753197631977319783197931980319813198231983319843198531986319873198831989319903199131992319933199431995319963199731998319993200032001320023200332004320053200632007320083200932010320113201232013320143201532016320173201832019320203202132022320233202432025320263202732028320293203032031320323203332034320353203632037320383203932040320413204232043320443204532046320473204832049320503205132052320533205432055320563205732058320593206032061320623206332064320653206632067320683206932070320713207232073320743207532076320773207832079320803208132082320833208432085320863208732088320893209032091320923209332094320953209632097320983209932100321013210232103321043210532106321073210832109321103211132112321133211432115321163211732118321193212032121321223212332124321253212632127321283212932130321313213232133321343213532136321373213832139321403214132142321433214432145321463214732148321493215032151321523215332154321553215632157321583215932160321613216232163321643216532166321673216832169321703217132172321733217432175321763217732178321793218032181321823218332184321853218632187321883218932190321913219232193321943219532196321973219832199322003220132202322033220432205322063220732208322093221032211322123221332214322153221632217322183221932220322213222232223322243222532226322273222832229322303223132232322333223432235322363223732238322393224032241322423224332244322453224632247322483224932250322513225232253322543225532256322573225832259322603226132262322633226432265322663226732268322693227032271322723227332274322753227632277322783227932280322813228232283322843228532286322873228832289322903229132292322933229432295322963229732298322993230032301323023230332304323053230632307323083230932310323113231232313323143231532316323173231832319323203232132322323233232432325323263232732328323293233032331323323233332334323353233632337323383233932340323413234232343323443234532346323473234832349323503235132352323533235432355323563235732358323593236032361323623236332364323653236632367323683236932370323713237232373323743237532376323773237832379323803238132382323833238432385323863238732388323893239032391323923239332394323953239632397323983239932400324013240232403324043240532406324073240832409324103241132412324133241432415324163241732418324193242032421324223242332424324253242632427324283242932430324313243232433324343243532436324373243832439324403244132442324433244432445324463244732448324493245032451324523245332454324553245632457324583245932460324613246232463324643246532466324673246832469324703247132472324733247432475324763247732478324793248032481324823248332484324853248632487324883248932490324913249232493324943249532496324973249832499325003250132502325033250432505325063250732508325093251032511325123251332514325153251632517325183251932520325213252232523325243252532526325273252832529325303253132532325333253432535325363253732538325393254032541325423254332544325453254632547325483254932550325513255232553325543255532556325573255832559325603256132562325633256432565325663256732568325693257032571325723257332574325753257632577325783257932580325813258232583325843258532586325873258832589325903259132592325933259432595325963259732598325993260032601326023260332604326053260632607326083260932610326113261232613326143261532616326173261832619326203262132622326233262432625326263262732628326293263032631326323263332634326353263632637326383263932640326413264232643326443264532646326473264832649326503265132652326533265432655326563265732658326593266032661326623266332664326653266632667326683266932670326713267232673326743267532676326773267832679326803268132682326833268432685326863268732688326893269032691326923269332694326953269632697326983269932700327013270232703327043270532706327073270832709327103271132712327133271432715327163271732718327193272032721327223272332724327253272632727327283272932730327313273232733327343273532736327373273832739327403274132742327433274432745327463274732748327493275032751327523275332754327553275632757327583275932760327613276232763327643276532766327673276832769327703277132772327733277432775327763277732778327793278032781327823278332784327853278632787327883278932790327913279232793327943279532796327973279832799328003280132802328033280432805328063280732808328093281032811328123281332814328153281632817328183281932820328213282232823328243282532826328273282832829328303283132832328333283432835328363283732838328393284032841328423284332844328453284632847328483284932850328513285232853328543285532856328573285832859328603286132862328633286432865328663286732868328693287032871328723287332874328753287632877328783287932880328813288232883328843288532886328873288832889328903289132892328933289432895328963289732898328993290032901329023290332904329053290632907329083290932910329113291232913329143291532916329173291832919329203292132922329233292432925329263292732928329293293032931329323293332934329353293632937329383293932940329413294232943329443294532946329473294832949329503295132952329533295432955329563295732958329593296032961329623296332964329653296632967329683296932970329713297232973329743297532976329773297832979329803298132982329833298432985329863298732988329893299032991329923299332994329953299632997329983299933000330013300233003330043300533006330073300833009330103301133012330133301433015330163301733018330193302033021330223302333024330253302633027330283302933030330313303233033330343303533036330373303833039330403304133042330433304433045330463304733048330493305033051330523305333054330553305633057330583305933060330613306233063330643306533066330673306833069330703307133072330733307433075330763307733078330793308033081330823308333084330853308633087330883308933090330913309233093330943309533096330973309833099331003310133102331033310433105331063310733108331093311033111331123311333114331153311633117331183311933120331213312233123331243312533126331273312833129331303313133132331333313433135331363313733138331393314033141331423314333144331453314633147331483314933150331513315233153331543315533156331573315833159331603316133162331633316433165331663316733168331693317033171331723317333174331753317633177331783317933180331813318233183331843318533186331873318833189331903319133192331933319433195331963319733198331993320033201332023320333204332053320633207332083320933210332113321233213332143321533216332173321833219332203322133222332233322433225332263322733228332293323033231332323323333234332353323633237332383323933240332413324233243332443324533246332473324833249332503325133252332533325433255332563325733258332593326033261332623326333264332653326633267332683326933270332713327233273332743327533276332773327833279332803328133282332833328433285332863328733288332893329033291332923329333294332953329633297332983329933300333013330233303333043330533306333073330833309333103331133312333133331433315333163331733318333193332033321333223332333324333253332633327333283332933330333313333233333333343333533336333373333833339333403334133342333433334433345333463334733348333493335033351333523335333354333553335633357333583335933360333613336233363333643336533366333673336833369333703337133372333733337433375333763337733378333793338033381333823338333384333853338633387333883338933390333913339233393333943339533396333973339833399334003340133402334033340433405334063340733408334093341033411334123341333414334153341633417334183341933420334213342233423334243342533426334273342833429334303343133432334333343433435334363343733438334393344033441334423344333444334453344633447334483344933450334513345233453334543345533456334573345833459334603346133462334633346433465334663346733468334693347033471334723347333474334753347633477334783347933480334813348233483334843348533486334873348833489334903349133492334933349433495334963349733498334993350033501335023350333504335053350633507335083350933510335113351233513335143351533516335173351833519335203352133522335233352433525335263352733528335293353033531335323353333534335353353633537335383353933540335413354233543335443354533546335473354833549335503355133552335533355433555335563355733558335593356033561335623356333564335653356633567335683356933570335713357233573335743357533576335773357833579335803358133582335833358433585335863358733588335893359033591335923359333594335953359633597335983359933600336013360233603336043360533606336073360833609336103361133612336133361433615336163361733618336193362033621336223362333624336253362633627336283362933630336313363233633336343363533636336373363833639336403364133642336433364433645336463364733648336493365033651336523365333654336553365633657336583365933660336613366233663336643366533666336673366833669336703367133672336733367433675336763367733678336793368033681336823368333684336853368633687336883368933690336913369233693336943369533696336973369833699337003370133702337033370433705337063370733708337093371033711337123371333714337153371633717337183371933720337213372233723337243372533726337273372833729337303373133732337333373433735337363373733738337393374033741337423374333744337453374633747337483374933750337513375233753337543375533756337573375833759337603376133762337633376433765337663376733768337693377033771337723377333774337753377633777337783377933780337813378233783337843378533786337873378833789337903379133792337933379433795337963379733798337993380033801338023380333804338053380633807338083380933810338113381233813338143381533816338173381833819338203382133822338233382433825338263382733828338293383033831338323383333834338353383633837338383383933840338413384233843338443384533846338473384833849338503385133852338533385433855338563385733858338593386033861338623386333864338653386633867338683386933870338713387233873338743387533876338773387833879338803388133882338833388433885338863388733888338893389033891338923389333894338953389633897338983389933900339013390233903339043390533906339073390833909339103391133912339133391433915339163391733918339193392033921339223392333924339253392633927339283392933930339313393233933339343393533936339373393833939339403394133942339433394433945339463394733948339493395033951339523395333954339553395633957339583395933960339613396233963339643396533966339673396833969339703397133972339733397433975339763397733978339793398033981339823398333984339853398633987339883398933990339913399233993339943399533996339973399833999340003400134002340033400434005340063400734008340093401034011340123401334014340153401634017340183401934020340213402234023340243402534026340273402834029340303403134032340333403434035340363403734038340393404034041340423404334044340453404634047340483404934050340513405234053340543405534056340573405834059340603406134062340633406434065340663406734068340693407034071340723407334074340753407634077340783407934080340813408234083340843408534086340873408834089340903409134092340933409434095340963409734098340993410034101341023410334104341053410634107341083410934110341113411234113341143411534116341173411834119341203412134122341233412434125341263412734128341293413034131341323413334134341353413634137341383413934140341413414234143341443414534146341473414834149341503415134152341533415434155341563415734158341593416034161341623416334164341653416634167341683416934170341713417234173341743417534176341773417834179341803418134182341833418434185341863418734188341893419034191341923419334194341953419634197341983419934200342013420234203342043420534206342073420834209342103421134212342133421434215342163421734218342193422034221342223422334224342253422634227342283422934230342313423234233342343423534236342373423834239342403424134242342433424434245342463424734248342493425034251342523425334254342553425634257342583425934260342613426234263342643426534266342673426834269342703427134272342733427434275342763427734278342793428034281342823428334284342853428634287342883428934290342913429234293342943429534296342973429834299343003430134302343033430434305343063430734308343093431034311343123431334314343153431634317343183431934320343213432234323343243432534326343273432834329343303433134332343333433434335343363433734338343393434034341343423434334344343453434634347343483434934350343513435234353343543435534356343573435834359343603436134362343633436434365343663436734368343693437034371343723437334374343753437634377343783437934380343813438234383343843438534386343873438834389343903439134392343933439434395343963439734398343993440034401344023440334404344053440634407344083440934410344113441234413344143441534416344173441834419344203442134422344233442434425344263442734428344293443034431344323443334434344353443634437344383443934440344413444234443344443444534446344473444834449344503445134452344533445434455344563445734458344593446034461344623446334464344653446634467344683446934470344713447234473344743447534476344773447834479344803448134482344833448434485344863448734488344893449034491344923449334494344953449634497344983449934500345013450234503345043450534506345073450834509345103451134512345133451434515345163451734518345193452034521345223452334524345253452634527345283452934530345313453234533345343453534536345373453834539345403454134542345433454434545345463454734548345493455034551345523455334554345553455634557345583455934560345613456234563345643456534566345673456834569345703457134572345733457434575345763457734578345793458034581345823458334584345853458634587345883458934590345913459234593345943459534596345973459834599346003460134602346033460434605346063460734608346093461034611346123461334614346153461634617346183461934620346213462234623346243462534626346273462834629346303463134632346333463434635346363463734638346393464034641346423464334644346453464634647346483464934650346513465234653346543465534656346573465834659346603466134662346633466434665346663466734668346693467034671346723467334674346753467634677346783467934680346813468234683346843468534686346873468834689346903469134692346933469434695346963469734698346993470034701347023470334704347053470634707347083470934710347113471234713347143471534716347173471834719347203472134722347233472434725347263472734728347293473034731347323473334734347353473634737347383473934740347413474234743347443474534746347473474834749347503475134752347533475434755347563475734758347593476034761347623476334764347653476634767347683476934770347713477234773347743477534776347773477834779347803478134782347833478434785347863478734788347893479034791347923479334794347953479634797347983479934800348013480234803348043480534806348073480834809348103481134812348133481434815348163481734818348193482034821348223482334824348253482634827348283482934830348313483234833348343483534836348373483834839348403484134842348433484434845348463484734848348493485034851348523485334854348553485634857348583485934860348613486234863348643486534866348673486834869348703487134872348733487434875348763487734878348793488034881348823488334884348853488634887348883488934890348913489234893348943489534896348973489834899349003490134902349033490434905349063490734908349093491034911349123491334914349153491634917349183491934920349213492234923349243492534926349273492834929349303493134932349333493434935349363493734938349393494034941349423494334944349453494634947349483494934950349513495234953349543495534956349573495834959349603496134962349633496434965349663496734968349693497034971349723497334974349753497634977349783497934980349813498234983349843498534986349873498834989349903499134992349933499434995349963499734998349993500035001350023500335004350053500635007350083500935010350113501235013350143501535016350173501835019350203502135022350233502435025350263502735028350293503035031350323503335034350353503635037350383503935040350413504235043350443504535046350473504835049350503505135052350533505435055350563505735058350593506035061350623506335064350653506635067350683506935070350713507235073350743507535076350773507835079350803508135082350833508435085350863508735088350893509035091350923509335094350953509635097350983509935100351013510235103351043510535106351073510835109351103511135112351133511435115351163511735118351193512035121351223512335124351253512635127351283512935130351313513235133351343513535136351373513835139351403514135142351433514435145351463514735148351493515035151351523515335154351553515635157351583515935160351613516235163351643516535166351673516835169351703517135172351733517435175351763517735178351793518035181351823518335184351853518635187351883518935190351913519235193351943519535196351973519835199352003520135202352033520435205352063520735208352093521035211352123521335214352153521635217352183521935220352213522235223352243522535226352273522835229352303523135232352333523435235352363523735238352393524035241352423524335244352453524635247352483524935250352513525235253352543525535256352573525835259352603526135262352633526435265352663526735268352693527035271352723527335274352753527635277352783527935280352813528235283352843528535286352873528835289352903529135292352933529435295352963529735298352993530035301353023530335304353053530635307353083530935310353113531235313353143531535316353173531835319353203532135322353233532435325353263532735328353293533035331353323533335334353353533635337353383533935340353413534235343353443534535346353473534835349353503535135352353533535435355353563535735358353593536035361353623536335364353653536635367353683536935370353713537235373353743537535376353773537835379353803538135382353833538435385353863538735388353893539035391353923539335394353953539635397353983539935400354013540235403354043540535406354073540835409354103541135412354133541435415354163541735418354193542035421354223542335424354253542635427354283542935430354313543235433354343543535436354373543835439354403544135442354433544435445354463544735448354493545035451354523545335454354553545635457354583545935460354613546235463354643546535466354673546835469354703547135472354733547435475354763547735478354793548035481354823548335484354853548635487354883548935490354913549235493354943549535496354973549835499355003550135502355033550435505355063550735508355093551035511355123551335514355153551635517355183551935520355213552235523355243552535526355273552835529355303553135532355333553435535355363553735538355393554035541355423554335544355453554635547355483554935550355513555235553355543555535556355573555835559355603556135562355633556435565355663556735568355693557035571355723557335574355753557635577355783557935580355813558235583355843558535586355873558835589355903559135592355933559435595355963559735598355993560035601356023560335604356053560635607356083560935610356113561235613356143561535616356173561835619356203562135622356233562435625356263562735628356293563035631356323563335634356353563635637356383563935640356413564235643356443564535646356473564835649356503565135652356533565435655356563565735658356593566035661356623566335664356653566635667356683566935670356713567235673356743567535676356773567835679356803568135682356833568435685356863568735688356893569035691356923569335694356953569635697356983569935700357013570235703357043570535706357073570835709357103571135712357133571435715357163571735718357193572035721357223572335724357253572635727357283572935730357313573235733357343573535736357373573835739357403574135742357433574435745357463574735748357493575035751357523575335754357553575635757357583575935760357613576235763357643576535766357673576835769357703577135772357733577435775357763577735778357793578035781357823578335784357853578635787357883578935790357913579235793357943579535796357973579835799358003580135802358033580435805358063580735808358093581035811358123581335814358153581635817358183581935820358213582235823358243582535826358273582835829358303583135832358333583435835358363583735838358393584035841358423584335844358453584635847358483584935850358513585235853358543585535856358573585835859358603586135862358633586435865358663586735868358693587035871358723587335874358753587635877358783587935880358813588235883358843588535886358873588835889358903589135892358933589435895358963589735898358993590035901359023590335904359053590635907359083590935910359113591235913359143591535916359173591835919359203592135922359233592435925359263592735928359293593035931359323593335934359353593635937359383593935940359413594235943359443594535946359473594835949359503595135952359533595435955359563595735958359593596035961359623596335964359653596635967359683596935970359713597235973359743597535976359773597835979359803598135982359833598435985359863598735988359893599035991359923599335994359953599635997359983599936000360013600236003360043600536006360073600836009360103601136012360133601436015360163601736018360193602036021360223602336024360253602636027360283602936030360313603236033360343603536036360373603836039360403604136042360433604436045360463604736048360493605036051360523605336054360553605636057360583605936060360613606236063360643606536066360673606836069360703607136072360733607436075360763607736078360793608036081360823608336084360853608636087360883608936090360913609236093360943609536096360973609836099361003610136102361033610436105361063610736108361093611036111361123611336114361153611636117361183611936120361213612236123361243612536126361273612836129361303613136132361333613436135361363613736138361393614036141361423614336144361453614636147361483614936150361513615236153361543615536156361573615836159361603616136162361633616436165361663616736168361693617036171361723617336174361753617636177361783617936180361813618236183361843618536186361873618836189361903619136192361933619436195361963619736198361993620036201362023620336204362053620636207362083620936210362113621236213362143621536216362173621836219362203622136222362233622436225362263622736228362293623036231362323623336234362353623636237362383623936240362413624236243362443624536246362473624836249362503625136252362533625436255362563625736258362593626036261362623626336264362653626636267362683626936270362713627236273362743627536276362773627836279362803628136282362833628436285362863628736288362893629036291362923629336294362953629636297362983629936300363013630236303363043630536306363073630836309363103631136312363133631436315363163631736318363193632036321363223632336324363253632636327363283632936330363313633236333363343633536336363373633836339363403634136342363433634436345363463634736348363493635036351363523635336354363553635636357363583635936360363613636236363363643636536366363673636836369363703637136372363733637436375363763637736378363793638036381363823638336384363853638636387363883638936390363913639236393363943639536396363973639836399364003640136402364033640436405364063640736408364093641036411364123641336414364153641636417364183641936420364213642236423364243642536426364273642836429364303643136432364333643436435364363643736438364393644036441364423644336444364453644636447364483644936450364513645236453364543645536456364573645836459364603646136462364633646436465364663646736468364693647036471364723647336474364753647636477364783647936480364813648236483364843648536486364873648836489364903649136492364933649436495364963649736498364993650036501365023650336504365053650636507365083650936510365113651236513365143651536516365173651836519365203652136522365233652436525365263652736528365293653036531365323653336534365353653636537365383653936540365413654236543365443654536546365473654836549365503655136552365533655436555365563655736558365593656036561365623656336564365653656636567365683656936570365713657236573365743657536576365773657836579365803658136582365833658436585365863658736588365893659036591365923659336594365953659636597365983659936600366013660236603366043660536606366073660836609366103661136612366133661436615366163661736618366193662036621366223662336624366253662636627366283662936630366313663236633366343663536636366373663836639366403664136642366433664436645366463664736648366493665036651366523665336654366553665636657366583665936660366613666236663366643666536666366673666836669366703667136672366733667436675366763667736678366793668036681366823668336684366853668636687366883668936690366913669236693366943669536696366973669836699367003670136702367033670436705367063670736708367093671036711367123671336714367153671636717367183671936720367213672236723367243672536726367273672836729367303673136732367333673436735367363673736738367393674036741367423674336744367453674636747367483674936750367513675236753367543675536756367573675836759367603676136762367633676436765367663676736768367693677036771367723677336774367753677636777367783677936780367813678236783367843678536786367873678836789367903679136792367933679436795367963679736798367993680036801368023680336804368053680636807368083680936810368113681236813368143681536816368173681836819368203682136822368233682436825368263682736828368293683036831368323683336834368353683636837368383683936840368413684236843368443684536846368473684836849368503685136852368533685436855368563685736858368593686036861368623686336864368653686636867368683686936870368713687236873368743687536876368773687836879368803688136882368833688436885368863688736888368893689036891368923689336894368953689636897368983689936900369013690236903369043690536906369073690836909369103691136912369133691436915369163691736918369193692036921369223692336924369253692636927369283692936930369313693236933369343693536936
  1. /* test.c
  2. *
  3. * Copyright (C) 2006-2021 wolfSSL Inc.
  4. *
  5. * This file is part of wolfSSL.
  6. *
  7. * wolfSSL is free software; you can redistribute it and/or modify
  8. * it under the terms of the GNU General Public License as published by
  9. * the Free Software Foundation; either version 2 of the License, or
  10. * (at your option) any later version.
  11. *
  12. * wolfSSL is distributed in the hope that it will be useful,
  13. * but WITHOUT ANY WARRANTY; without even the implied warranty of
  14. * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
  15. * GNU General Public License for more details.
  16. *
  17. * You should have received a copy of the GNU General Public License
  18. * along with this program; if not, write to the Free Software
  19. * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
  20. */
  21. #ifdef HAVE_CONFIG_H
  22. #include <config.h>
  23. #endif
  24. #ifndef WOLFSSL_USER_SETTINGS
  25. #include <wolfssl/options.h>
  26. #endif
  27. #include <wolfssl/wolfcrypt/settings.h>
  28. #include <wolfssl/version.h>
  29. #include <wolfssl/wolfcrypt/wc_port.h>
  30. #ifndef NO_CRYPT_TEST
  31. #if defined(HAVE_STACK_SIZE) && !defined(HAVE_WOLFCRYPT_TEST_OPTIONS)
  32. #define HAVE_WOLFCRYPT_TEST_OPTIONS
  33. #endif
  34. #ifdef HAVE_WOLFCRYPT_TEST_OPTIONS
  35. #include <wolfssl/ssl.h>
  36. #define err_sys err_sys_remap /* remap err_sys */
  37. #include <wolfssl/test.h>
  38. #undef err_sys
  39. #endif
  40. #if defined(WC_ECC_NONBLOCK) && defined(WOLFSSL_PUBLIC_MP) && \
  41. defined(HAVE_ECC_SIGN) && defined(HAVE_ECC_VERIFY)
  42. #include <stdint.h>
  43. #endif
  44. #if defined(HAVE_STACK_SIZE_VERBOSE)
  45. #ifdef WOLFSSL_TEST_MAX_RELATIVE_STACK_BYTES
  46. static ssize_t max_relative_stack = WOLFSSL_TEST_MAX_RELATIVE_STACK_BYTES;
  47. #else
  48. static ssize_t max_relative_stack = -1;
  49. #endif
  50. #else
  51. #define STACK_SIZE_CHECKPOINT_WITH_MAX_CHECK(max, ...) (__VA_ARGS__, 0)
  52. #define STACK_SIZE_INIT()
  53. #endif
  54. #ifdef WOLFSSL_TRACK_MEMORY_VERBOSE
  55. #ifdef WOLFSSL_TEST_MAX_RELATIVE_HEAP_ALLOCS
  56. static ssize_t max_relative_heap_allocs = WOLFSSL_TEST_MAX_RELATIVE_HEAP_ALLOCS;
  57. #else
  58. static ssize_t max_relative_heap_allocs = -1;
  59. #endif
  60. #ifdef WOLFSSL_TEST_MAX_RELATIVE_HEAP_BYTES
  61. static ssize_t max_relative_heap_bytes = WOLFSSL_TEST_MAX_RELATIVE_HEAP_BYTES;
  62. #else
  63. static ssize_t max_relative_heap_bytes = -1;
  64. #endif
  65. #define PRINT_HEAP_CHECKPOINT() { \
  66. const ssize_t _rha = wolfCrypt_heap_peakAllocs_checkpoint() - heap_baselineAllocs; \
  67. const ssize_t _rhb = wolfCrypt_heap_peakBytes_checkpoint() - heap_baselineBytes; \
  68. printf(" relative heap peak usage: %ld alloc%s, %ld bytes\n", \
  69. _rha, \
  70. _rha == 1 ? "" : "s", \
  71. _rhb); \
  72. if ((max_relative_heap_allocs > 0) && (_rha > max_relative_heap_allocs)) \
  73. return err_sys("heap allocs exceed designated max.", -1); \
  74. if ((max_relative_heap_bytes > 0) && (_rhb > max_relative_heap_bytes)) \
  75. return err_sys("heap bytes exceed designated max.", -1); \
  76. heap_baselineAllocs = wolfCrypt_heap_peakAllocs_checkpoint(); \
  77. heap_baselineBytes = wolfCrypt_heap_peakBytes_checkpoint(); \
  78. }
  79. #else
  80. #define PRINT_HEAP_CHECKPOINT()
  81. #endif
  82. #ifdef __GNUC__
  83. _Pragma("GCC diagnostic ignored \"-Wunused-function\"");
  84. #endif
  85. #ifdef USE_FLAT_TEST_H
  86. #ifdef HAVE_CONFIG_H
  87. #include "test_paths.h"
  88. #endif
  89. #include "test.h"
  90. #else
  91. #ifdef HAVE_CONFIG_H
  92. #include "wolfcrypt/test/test_paths.h"
  93. #endif
  94. #include "wolfcrypt/test/test.h"
  95. #endif
  96. /* printf mappings */
  97. #if defined(FREESCALE_MQX) || defined(FREESCALE_KSDK_MQX)
  98. #include <mqx.h>
  99. #include <stdlib.h>
  100. /* see wc_port.h for fio.h and nio.h includes */
  101. #elif defined(FREESCALE_KSDK_BM)
  102. #include "fsl_debug_console.h"
  103. #undef printf
  104. #define printf PRINTF
  105. #elif defined(WOLFSSL_APACHE_MYNEWT)
  106. #include <assert.h>
  107. #include <string.h>
  108. #include "sysinit/sysinit.h"
  109. #include "os/os.h"
  110. #ifdef ARCH_sim
  111. #include "mcu/mcu_sim.h"
  112. #endif
  113. #include "os/os_time.h"
  114. #elif defined(WOLFSSL_ESPIDF)
  115. #include <time.h>
  116. #include <sys/time.h>
  117. #elif defined(WOLFSSL_ZEPHYR)
  118. #include <stdio.h>
  119. #define printf printk
  120. #elif defined(MICRIUM)
  121. #include <os.h>
  122. #if (OS_VERSION < 50000)
  123. #include <bsp_ser.h>
  124. void BSP_Ser_Printf (CPU_CHAR* format, ...);
  125. #undef printf
  126. #define printf BSP_Ser_Printf
  127. #else
  128. #include <stdio.h>
  129. #endif
  130. #elif defined(WOLFSSL_PB)
  131. #include <stdarg.h>
  132. int wolfssl_pb_print(const char*, ...);
  133. #undef printf
  134. #define printf wolfssl_pb_print
  135. #elif defined(WOLFSSL_TELIT_M2MB)
  136. #include "wolfssl/wolfcrypt/wc_port.h" /* for m2mb headers */
  137. #include "m2m_log.h" /* for M2M_LOG_INFO - not standard API */
  138. /* remap printf */
  139. #undef printf
  140. #define printf M2M_LOG_INFO
  141. /* OS requires occasional sleep() */
  142. #ifndef TEST_SLEEP_MS
  143. #define TEST_SLEEP_MS 50
  144. #endif
  145. #define TEST_SLEEP() m2mb_os_taskSleep(M2MB_OS_MS2TICKS(TEST_SLEEP_MS))
  146. /* don't use file system for these tests, since ./certs dir isn't loaded */
  147. #undef NO_FILESYSTEM
  148. #define NO_FILESYSTEM
  149. #elif defined(THREADX) && !defined(WOLFSSL_WICED) && !defined(THREADX_NO_DC_PRINTF)
  150. /* since just testing, use THREADX log printf instead */
  151. int dc_log_printf(char*, ...);
  152. #undef printf
  153. #define printf dc_log_printf
  154. #elif defined(ANDROID)
  155. #ifdef XMALLOC_USER
  156. #include <stdlib.h> /* we're using malloc / free direct here */
  157. #endif
  158. #ifndef STRING_USER
  159. #include <stdio.h>
  160. #endif
  161. #include <android/log.h>
  162. #define printf(...) \
  163. __android_log_print(ANDROID_LOG_DEBUG, "TAG", __VA_ARGS__)
  164. #define fprintf(fp, ...) \
  165. __android_log_print(ANDROID_LOG_DEBUG, "TAG", __VA_ARGS__)
  166. #else
  167. #ifdef XMALLOC_USER
  168. #include <stdlib.h> /* we're using malloc / free direct here */
  169. #endif
  170. #if !defined(STRING_USER) && !defined(WOLFSSL_LINUXKM)
  171. #include <stdio.h>
  172. #endif
  173. #if defined(WOLFSSL_LINUXKM) && !defined(DEBUG_WOLFSSL_VERBOSE)
  174. #undef printf
  175. #define printf(...) ({})
  176. #endif
  177. /* enable way for customer to override test/bench printf */
  178. #ifdef XPRINTF
  179. #undef printf
  180. #define printf XPRINTF
  181. #endif
  182. #endif
  183. #include <wolfssl/wolfcrypt/memory.h>
  184. #include <wolfssl/wolfcrypt/wc_port.h>
  185. #include <wolfssl/wolfcrypt/logging.h>
  186. #include <wolfssl/wolfcrypt/types.h>
  187. #include <wolfssl/wolfcrypt/asn.h>
  188. #include <wolfssl/wolfcrypt/md2.h>
  189. #include <wolfssl/wolfcrypt/md5.h>
  190. #include <wolfssl/wolfcrypt/md4.h>
  191. #include <wolfssl/wolfcrypt/sha.h>
  192. #include <wolfssl/wolfcrypt/sha256.h>
  193. #include <wolfssl/wolfcrypt/sha512.h>
  194. #include <wolfssl/wolfcrypt/rc2.h>
  195. #include <wolfssl/wolfcrypt/arc4.h>
  196. #if defined(WC_NO_RNG)
  197. #include <wolfssl/wolfcrypt/integer.h>
  198. #else
  199. #include <wolfssl/wolfcrypt/random.h>
  200. #endif
  201. #include <wolfssl/wolfcrypt/coding.h>
  202. #include <wolfssl/wolfcrypt/signature.h>
  203. #include <wolfssl/wolfcrypt/rsa.h>
  204. #include <wolfssl/wolfcrypt/des3.h>
  205. #include <wolfssl/wolfcrypt/aes.h>
  206. #include <wolfssl/wolfcrypt/wc_encrypt.h>
  207. #include <wolfssl/wolfcrypt/cmac.h>
  208. #include <wolfssl/wolfcrypt/poly1305.h>
  209. #include <wolfssl/wolfcrypt/camellia.h>
  210. #include <wolfssl/wolfcrypt/hmac.h>
  211. #include <wolfssl/wolfcrypt/dh.h>
  212. #include <wolfssl/wolfcrypt/dsa.h>
  213. #include <wolfssl/wolfcrypt/srp.h>
  214. #include <wolfssl/wolfcrypt/idea.h>
  215. #include <wolfssl/wolfcrypt/hc128.h>
  216. #include <wolfssl/wolfcrypt/rabbit.h>
  217. #include <wolfssl/wolfcrypt/chacha.h>
  218. #include <wolfssl/wolfcrypt/chacha20_poly1305.h>
  219. #include <wolfssl/wolfcrypt/pwdbased.h>
  220. #include <wolfssl/wolfcrypt/ripemd.h>
  221. #include <wolfssl/wolfcrypt/error-crypt.h>
  222. #ifdef HAVE_ECC
  223. #include <wolfssl/wolfcrypt/ecc.h>
  224. #endif
  225. #ifdef HAVE_CURVE25519
  226. #include <wolfssl/wolfcrypt/curve25519.h>
  227. #endif
  228. #ifdef HAVE_ED25519
  229. #include <wolfssl/wolfcrypt/ed25519.h>
  230. #endif
  231. #ifdef HAVE_CURVE448
  232. #include <wolfssl/wolfcrypt/curve448.h>
  233. #endif
  234. #ifdef HAVE_ED448
  235. #include <wolfssl/wolfcrypt/ed448.h>
  236. #endif
  237. #ifdef WOLFCRYPT_HAVE_ECCSI
  238. #include <wolfssl/wolfcrypt/eccsi.h>
  239. #endif
  240. #ifdef WOLFCRYPT_HAVE_SAKKE
  241. #include <wolfssl/wolfcrypt/sakke.h>
  242. #endif
  243. #if defined(HAVE_BLAKE2) || defined(HAVE_BLAKE2S)
  244. #include <wolfssl/wolfcrypt/blake2.h>
  245. #endif
  246. #ifdef WOLFSSL_SHA3
  247. #include <wolfssl/wolfcrypt/sha3.h>
  248. #endif
  249. #ifdef HAVE_LIBZ
  250. #include <wolfssl/wolfcrypt/compress.h>
  251. #endif
  252. #ifdef HAVE_PKCS7
  253. #include <wolfssl/wolfcrypt/pkcs7.h>
  254. #endif
  255. #ifdef HAVE_FIPS
  256. #include <wolfssl/wolfcrypt/fips_test.h>
  257. #endif
  258. #ifdef HAVE_SELFTEST
  259. #include <wolfssl/wolfcrypt/selftest.h>
  260. #endif
  261. #ifdef WOLFSSL_ASYNC_CRYPT
  262. #include <wolfssl/wolfcrypt/async.h>
  263. #endif
  264. #if defined(OPENSSL_EXTRA) || defined(DEBUG_WOLFSSL_VERBOSE)
  265. #include <wolfssl/wolfcrypt/logging.h>
  266. #endif
  267. #ifdef WOLFSSL_IMX6_CAAM_BLOB
  268. #include <wolfssl/wolfcrypt/port/caam/wolfcaam.h>
  269. #endif
  270. #ifdef WOLF_CRYPTO_CB
  271. #include <wolfssl/wolfcrypt/cryptocb.h>
  272. #ifdef HAVE_INTEL_QA_SYNC
  273. #include <wolfssl/wolfcrypt/port/intel/quickassist_sync.h>
  274. #endif
  275. #ifdef HAVE_CAVIUM_OCTEON_SYNC
  276. #include <wolfssl/wolfcrypt/port/cavium/cavium_octeon_sync.h>
  277. #endif
  278. #endif
  279. #ifdef _MSC_VER
  280. /* 4996 warning to use MS extensions e.g., strcpy_s instead of strncpy */
  281. #pragma warning(disable: 4996)
  282. #endif
  283. #ifdef OPENSSL_EXTRA
  284. #ifndef WOLFCRYPT_ONLY
  285. #include <wolfssl/openssl/evp.h>
  286. #endif
  287. #include <wolfssl/openssl/rand.h>
  288. #include <wolfssl/openssl/hmac.h>
  289. #include <wolfssl/openssl/aes.h>
  290. #include <wolfssl/openssl/des.h>
  291. #endif
  292. #if defined(NO_FILESYSTEM) || defined(WC_NO_RNG)
  293. #if !defined(USE_CERT_BUFFERS_1024) && !defined(USE_CERT_BUFFERS_2048) && \
  294. !defined(USE_CERT_BUFFERS_3072) && !defined(USE_CERT_BUFFERS_4096)
  295. #define USE_CERT_BUFFERS_2048
  296. #endif
  297. #if !defined(USE_CERT_BUFFERS_256)
  298. #define USE_CERT_BUFFERS_256
  299. #endif
  300. #endif
  301. #if defined(WOLFSSL_CERT_GEN) && (defined(HAVE_ECC384) || defined(HAVE_ALL_CURVES))
  302. #define ENABLE_ECC384_CERT_GEN_TEST
  303. #endif
  304. #include <wolfssl/certs_test.h>
  305. #ifdef HAVE_NTRU
  306. #include "libntruencrypt/ntru_crypto.h"
  307. #endif
  308. #ifdef WOLFSSL_STATIC_MEMORY
  309. static WOLFSSL_HEAP_HINT* HEAP_HINT;
  310. #else
  311. #define HEAP_HINT NULL
  312. #endif /* WOLFSSL_STATIC_MEMORY */
  313. /* these cases do not have intermediate hashing support */
  314. #if (defined(WOLFSSL_AFALG_XILINX_SHA3) && !defined(WOLFSSL_AFALG_HASH_KEEP)) \
  315. && !defined(WOLFSSL_XILINX_CRYPT)
  316. #define NO_INTM_HASH_TEST
  317. #endif
  318. #if defined(WOLFSSL_CERT_GEN) && defined(WOLFSSL_MULTI_ATTRIB)
  319. static void initDefaultName(void);
  320. #endif
  321. /* for async devices */
  322. #ifdef WOLFSSL_QNX_CAAM
  323. static int devId = WOLFSSL_CAAM_DEVID;
  324. #else
  325. static int devId = INVALID_DEVID;
  326. #endif
  327. #ifdef HAVE_WNR
  328. const char* wnrConfigFile = "wnr-example.conf";
  329. #endif
  330. #define TEST_STRING "Everyone gets Friday off."
  331. #define TEST_STRING_SZ 25
  332. typedef struct testVector {
  333. const char* input;
  334. const char* output;
  335. size_t inLen;
  336. size_t outLen;
  337. } testVector;
  338. #ifndef WOLFSSL_TEST_SUBROUTINE
  339. #define WOLFSSL_TEST_SUBROUTINE
  340. #endif
  341. WOLFSSL_TEST_SUBROUTINE int error_test(void);
  342. WOLFSSL_TEST_SUBROUTINE int base64_test(void);
  343. WOLFSSL_TEST_SUBROUTINE int base16_test(void);
  344. WOLFSSL_TEST_SUBROUTINE int asn_test(void);
  345. WOLFSSL_TEST_SUBROUTINE int md2_test(void);
  346. WOLFSSL_TEST_SUBROUTINE int md5_test(void);
  347. WOLFSSL_TEST_SUBROUTINE int md4_test(void);
  348. WOLFSSL_TEST_SUBROUTINE int sha_test(void);
  349. WOLFSSL_TEST_SUBROUTINE int sha224_test(void);
  350. WOLFSSL_TEST_SUBROUTINE int sha256_test(void);
  351. WOLFSSL_TEST_SUBROUTINE int sha512_test(void);
  352. WOLFSSL_TEST_SUBROUTINE int sha384_test(void);
  353. WOLFSSL_TEST_SUBROUTINE int sha3_test(void);
  354. WOLFSSL_TEST_SUBROUTINE int shake256_test(void);
  355. WOLFSSL_TEST_SUBROUTINE int hash_test(void);
  356. WOLFSSL_TEST_SUBROUTINE int hmac_md5_test(void);
  357. WOLFSSL_TEST_SUBROUTINE int hmac_sha_test(void);
  358. WOLFSSL_TEST_SUBROUTINE int hmac_sha224_test(void);
  359. WOLFSSL_TEST_SUBROUTINE int hmac_sha256_test(void);
  360. WOLFSSL_TEST_SUBROUTINE int hmac_sha384_test(void);
  361. WOLFSSL_TEST_SUBROUTINE int hmac_sha512_test(void);
  362. WOLFSSL_TEST_SUBROUTINE int hmac_sha3_test(void);
  363. /* WOLFSSL_TEST_SUBROUTINE */ static int hkdf_test(void);
  364. WOLFSSL_TEST_SUBROUTINE int x963kdf_test(void);
  365. WOLFSSL_TEST_SUBROUTINE int arc4_test(void);
  366. WOLFSSL_TEST_SUBROUTINE int rc2_test(void);
  367. WOLFSSL_TEST_SUBROUTINE int hc128_test(void);
  368. WOLFSSL_TEST_SUBROUTINE int rabbit_test(void);
  369. WOLFSSL_TEST_SUBROUTINE int chacha_test(void);
  370. WOLFSSL_TEST_SUBROUTINE int XChaCha_test(void);
  371. WOLFSSL_TEST_SUBROUTINE int chacha20_poly1305_aead_test(void);
  372. WOLFSSL_TEST_SUBROUTINE int XChaCha20Poly1305_test(void);
  373. WOLFSSL_TEST_SUBROUTINE int des_test(void);
  374. WOLFSSL_TEST_SUBROUTINE int des3_test(void);
  375. WOLFSSL_TEST_SUBROUTINE int aes_test(void);
  376. WOLFSSL_TEST_SUBROUTINE int aes192_test(void);
  377. WOLFSSL_TEST_SUBROUTINE int aes256_test(void);
  378. WOLFSSL_TEST_SUBROUTINE int aesofb_test(void);
  379. WOLFSSL_TEST_SUBROUTINE int cmac_test(void);
  380. WOLFSSL_TEST_SUBROUTINE int poly1305_test(void);
  381. WOLFSSL_TEST_SUBROUTINE int aesgcm_test(void);
  382. WOLFSSL_TEST_SUBROUTINE int aesgcm_default_test(void);
  383. WOLFSSL_TEST_SUBROUTINE int gmac_test(void);
  384. WOLFSSL_TEST_SUBROUTINE int aesccm_test(void);
  385. WOLFSSL_TEST_SUBROUTINE int aeskeywrap_test(void);
  386. WOLFSSL_TEST_SUBROUTINE int camellia_test(void);
  387. WOLFSSL_TEST_SUBROUTINE int rsa_no_pad_test(void);
  388. WOLFSSL_TEST_SUBROUTINE int rsa_test(void);
  389. WOLFSSL_TEST_SUBROUTINE int dh_test(void);
  390. WOLFSSL_TEST_SUBROUTINE int dsa_test(void);
  391. WOLFSSL_TEST_SUBROUTINE int srp_test(void);
  392. #ifndef WC_NO_RNG
  393. WOLFSSL_TEST_SUBROUTINE int random_test(void);
  394. #endif /* WC_NO_RNG */
  395. WOLFSSL_TEST_SUBROUTINE int pwdbased_test(void);
  396. WOLFSSL_TEST_SUBROUTINE int ripemd_test(void);
  397. #if defined(OPENSSL_EXTRA) && !defined(WOLFCRYPT_ONLY)
  398. WOLFSSL_TEST_SUBROUTINE int openssl_test(void); /* test mini api */
  399. WOLFSSL_TEST_SUBROUTINE int openssl_pkey0_test(void);
  400. WOLFSSL_TEST_SUBROUTINE int openssl_pkey1_test(void);
  401. WOLFSSL_TEST_SUBROUTINE int openSSL_evpMD_test(void);
  402. WOLFSSL_TEST_SUBROUTINE int openssl_evpSig_test(void);
  403. #endif
  404. WOLFSSL_TEST_SUBROUTINE int pbkdf1_test(void);
  405. WOLFSSL_TEST_SUBROUTINE int pkcs12_test(void);
  406. WOLFSSL_TEST_SUBROUTINE int pbkdf2_test(void);
  407. WOLFSSL_TEST_SUBROUTINE int scrypt_test(void);
  408. #ifdef HAVE_ECC
  409. WOLFSSL_TEST_SUBROUTINE int ecc_test(void);
  410. #ifdef HAVE_ECC_ENCRYPT
  411. WOLFSSL_TEST_SUBROUTINE int ecc_encrypt_test(void);
  412. #endif
  413. #if defined(USE_CERT_BUFFERS_256) && !defined(WOLFSSL_ATECC508A) && \
  414. !defined(WOLFSSL_ATECC608A) && !defined(NO_ECC256) && \
  415. defined(HAVE_ECC_VERIFY) && defined(HAVE_ECC_SIGN)
  416. /* skip for ATECC508/608A, cannot import private key buffers */
  417. WOLFSSL_TEST_SUBROUTINE int ecc_test_buffers(void);
  418. #endif
  419. #endif
  420. #ifdef HAVE_CURVE25519
  421. WOLFSSL_TEST_SUBROUTINE int curve25519_test(void);
  422. #endif
  423. #ifdef HAVE_ED25519
  424. WOLFSSL_TEST_SUBROUTINE int ed25519_test(void);
  425. #endif
  426. #ifdef HAVE_CURVE448
  427. WOLFSSL_TEST_SUBROUTINE int curve448_test(void);
  428. #endif
  429. #ifdef HAVE_ED448
  430. WOLFSSL_TEST_SUBROUTINE int ed448_test(void);
  431. #endif
  432. #ifdef WOLFCRYPT_HAVE_ECCSI
  433. WOLFSSL_TEST_SUBROUTINE int eccsi_test(void);
  434. #endif
  435. #ifdef WOLFCRYPT_HAVE_SAKKE
  436. WOLFSSL_TEST_SUBROUTINE int sakke_test(void);
  437. #endif
  438. #ifdef HAVE_BLAKE2
  439. WOLFSSL_TEST_SUBROUTINE int blake2b_test(void);
  440. #endif
  441. #ifdef HAVE_BLAKE2S
  442. WOLFSSL_TEST_SUBROUTINE int blake2s_test(void);
  443. #endif
  444. #ifdef HAVE_LIBZ
  445. WOLFSSL_TEST_SUBROUTINE int compress_test(void);
  446. #endif
  447. #ifdef HAVE_PKCS7
  448. #ifndef NO_PKCS7_ENCRYPTED_DATA
  449. WOLFSSL_TEST_SUBROUTINE int pkcs7encrypted_test(void);
  450. #endif
  451. #if defined(HAVE_LIBZ) && !defined(NO_PKCS7_COMPRESSED_DATA)
  452. WOLFSSL_TEST_SUBROUTINE int pkcs7compressed_test(void);
  453. #endif
  454. WOLFSSL_TEST_SUBROUTINE int pkcs7signed_test(void);
  455. WOLFSSL_TEST_SUBROUTINE int pkcs7enveloped_test(void);
  456. #if defined(HAVE_AESGCM) || defined(HAVE_AESCCM)
  457. WOLFSSL_TEST_SUBROUTINE int pkcs7authenveloped_test(void);
  458. #endif
  459. #ifndef NO_AES
  460. WOLFSSL_TEST_SUBROUTINE int pkcs7callback_test(byte* cert, word32 certSz, byte* key,
  461. word32 keySz);
  462. #endif
  463. #endif
  464. #if !defined(NO_ASN_TIME) && !defined(NO_RSA) && defined(WOLFSSL_TEST_CERT) && \
  465. !defined(NO_FILESYSTEM)
  466. WOLFSSL_TEST_SUBROUTINE int cert_test(void);
  467. #endif
  468. #if defined(WOLFSSL_CERT_EXT) && defined(WOLFSSL_TEST_CERT) && \
  469. !defined(NO_FILESYSTEM)
  470. WOLFSSL_TEST_SUBROUTINE int certext_test(void);
  471. #endif
  472. #if defined(WOLFSSL_CERT_GEN_CACHE) && defined(WOLFSSL_TEST_CERT) && \
  473. defined(WOLFSSL_CERT_EXT) && defined(WOLFSSL_CERT_GEN)
  474. WOLFSSL_TEST_SUBROUTINE int decodedCertCache_test(void);
  475. #endif
  476. #ifdef HAVE_IDEA
  477. WOLFSSL_TEST_SUBROUTINE int idea_test(void);
  478. #endif
  479. WOLFSSL_TEST_SUBROUTINE int memory_test(void);
  480. #ifdef HAVE_VALGRIND
  481. WOLFSSL_TEST_SUBROUTINE int mp_test(void);
  482. #endif
  483. #if defined(WOLFSSL_PUBLIC_MP) && defined(WOLFSSL_KEY_GEN)
  484. WOLFSSL_TEST_SUBROUTINE int prime_test(void);
  485. #endif
  486. #ifdef ASN_BER_TO_DER
  487. WOLFSSL_TEST_SUBROUTINE int berder_test(void);
  488. #endif
  489. WOLFSSL_TEST_SUBROUTINE int logging_test(void);
  490. WOLFSSL_TEST_SUBROUTINE int mutex_test(void);
  491. #if defined(USE_WOLFSSL_MEMORY) && !defined(FREERTOS)
  492. WOLFSSL_TEST_SUBROUTINE int memcb_test(void);
  493. #endif
  494. #ifdef WOLFSSL_IMX6_CAAM_BLOB
  495. WOLFSSL_TEST_SUBROUTINE int blob_test(void);
  496. #endif
  497. #ifdef WOLF_CRYPTO_CB
  498. WOLFSSL_TEST_SUBROUTINE int cryptocb_test(void);
  499. #endif
  500. #ifdef WOLFSSL_CERT_PIV
  501. WOLFSSL_TEST_SUBROUTINE int certpiv_test(void);
  502. #endif
  503. /* General big buffer size for many tests. */
  504. #define FOURK_BUF 4096
  505. #define ERROR_OUT(err, eLabel) do { ret = (err); goto eLabel; } while (0)
  506. #ifdef HAVE_STACK_SIZE
  507. static THREAD_RETURN err_sys(const char* msg, int es)
  508. #else
  509. static int err_sys(const char* msg, int es)
  510. #endif
  511. {
  512. (void)msg;
  513. (void)es;
  514. #ifdef WOLFSSL_LINUXKM
  515. lkm_printf("%s error = %d\n", msg, es);
  516. EXIT_TEST(es);
  517. #else
  518. printf("%s error = %d\n", msg, es);
  519. EXIT_TEST(-1);
  520. #endif
  521. }
  522. #ifndef HAVE_WOLFCRYPT_TEST_OPTIONS
  523. /* func_args from test.h, so don't have to pull in other stuff */
  524. typedef struct func_args {
  525. int argc;
  526. char** argv;
  527. int return_code;
  528. } func_args;
  529. #endif /* !HAVE_WOLFCRYPT_TEST_OPTIONS */
  530. #ifdef HAVE_FIPS
  531. static void myFipsCb(int ok, int err, const char* hash)
  532. {
  533. printf("in my Fips callback, ok = %d, err = %d\n", ok, err);
  534. printf("message = %s\n", wc_GetErrorString(err));
  535. printf("hash = %s\n", hash);
  536. if (err == IN_CORE_FIPS_E) {
  537. printf("In core integrity hash check failure, copy above hash\n");
  538. printf("into verifyCore[] in fips_test.c and rebuild\n");
  539. }
  540. }
  541. #endif /* HAVE_FIPS */
  542. #ifdef WOLFSSL_STATIC_MEMORY
  543. #ifdef BENCH_EMBEDDED
  544. static byte gTestMemory[14000];
  545. #elif defined(WOLFSSL_CERT_EXT)
  546. static byte gTestMemory[140000];
  547. #elif defined(USE_FAST_MATH) && !defined(ALT_ECC_SIZE)
  548. static byte gTestMemory[160000];
  549. #else
  550. static byte gTestMemory[80000];
  551. #endif
  552. #endif
  553. #ifdef WOLFSSL_PB
  554. static int wolfssl_pb_print(const char* msg, ...)
  555. {
  556. int ret;
  557. va_list args;
  558. char tmpBuf[80];
  559. va_start(args, msg);
  560. ret = vsprint(tmpBuf, msg, args);
  561. va_end(args);
  562. fnDumpStringToSystemLog(tmpBuf);
  563. return ret;
  564. }
  565. #endif /* WOLFSSL_PB */
  566. /* optional macro to add sleep between tests */
  567. #ifdef TEST_SLEEP
  568. #include <stdarg.h> /* for var args */
  569. static WC_INLINE void test_pass(const char* fmt, ...)
  570. {
  571. va_list args;
  572. va_start(args, fmt);
  573. STACK_SIZE_CHECKPOINT_WITH_MAX_CHECK(max_relative_stack, vprintf(fmt, args));
  574. va_end(args);
  575. PRINT_HEAP_CHECKPOINT();
  576. TEST_SLEEP();
  577. }
  578. #else
  579. /* redirect to printf */
  580. #define test_pass(...) { \
  581. if (STACK_SIZE_CHECKPOINT_WITH_MAX_CHECK \
  582. (max_relative_stack, printf(__VA_ARGS__)) < 0) { \
  583. return err_sys("post-test check failed", -1); \
  584. } \
  585. PRINT_HEAP_CHECKPOINT(); \
  586. }
  587. /* stub the sleep macro */
  588. #define TEST_SLEEP()
  589. #endif
  590. #ifdef HAVE_STACK_SIZE
  591. THREAD_RETURN WOLFSSL_THREAD wolfcrypt_test(void* args)
  592. #else
  593. int wolfcrypt_test(void* args)
  594. #endif
  595. {
  596. int ret;
  597. #ifdef WOLFSSL_TRACK_MEMORY_VERBOSE
  598. long heap_baselineAllocs, heap_baselineBytes;
  599. #endif
  600. STACK_SIZE_INIT();
  601. #ifdef WOLFSSL_TRACK_MEMORY_VERBOSE
  602. (void)wolfCrypt_heap_peakAllocs_checkpoint();
  603. heap_baselineAllocs = wolfCrypt_heap_peakAllocs_checkpoint();
  604. (void)wolfCrypt_heap_peakBytes_checkpoint();
  605. heap_baselineBytes = wolfCrypt_heap_peakBytes_checkpoint();
  606. #endif
  607. printf("------------------------------------------------------------------------------\n");
  608. printf(" wolfSSL version %s\n", LIBWOLFSSL_VERSION_STRING);
  609. printf("------------------------------------------------------------------------------\n");
  610. if (args) {
  611. #ifdef HAVE_WOLFCRYPT_TEST_OPTIONS
  612. int ch;
  613. #endif
  614. ((func_args*)args)->return_code = -1; /* error state */
  615. #ifdef HAVE_WOLFCRYPT_TEST_OPTIONS
  616. while ((ch = mygetopt(((func_args*)args)->argc, ((func_args*)args)->argv, "s:m:a:h")) != -1) {
  617. switch(ch) {
  618. case 's':
  619. #ifdef HAVE_STACK_SIZE_VERBOSE
  620. max_relative_stack = (ssize_t)atoi(myoptarg);
  621. break;
  622. #else
  623. return err_sys("-s (max relative stack bytes) requires HAVE_STACK_SIZE_VERBOSE (--enable-stacksize=verbose).", -1);
  624. #endif
  625. case 'm':
  626. #ifdef WOLFSSL_TRACK_MEMORY_VERBOSE
  627. max_relative_heap_bytes = (ssize_t)atoi(myoptarg);
  628. break;
  629. #else
  630. return err_sys("-m (max relative heap memory bytes) requires WOLFSSL_TRACK_MEMORY_VERBOSE (--enable-trackmemory=verbose).", -1);
  631. #endif
  632. case 'a':
  633. #ifdef WOLFSSL_TRACK_MEMORY_VERBOSE
  634. max_relative_heap_allocs = (ssize_t)atoi(myoptarg);
  635. break;
  636. #else
  637. return err_sys("-a (max relative heap allocs) requires WOLFSSL_TRACK_MEMORY_VERBOSE (--enable-trackmemory=verbose).", -1);
  638. #endif
  639. case 'h':
  640. return err_sys("\
  641. options: [-s max_relative_stack_bytes] [-m max_relative_heap_memory_bytes]\n\
  642. [-a max_relative_heap_allocs] [-h]\n", 0);
  643. default:
  644. return err_sys("unknown test option. try -h.", -1);
  645. }
  646. }
  647. #endif
  648. }
  649. #ifdef WOLFSSL_STATIC_MEMORY
  650. if (wc_LoadStaticMemory(&HEAP_HINT, gTestMemory, sizeof(gTestMemory),
  651. WOLFMEM_GENERAL, 1) != 0) {
  652. printf("unable to load static memory.\n");
  653. return(EXIT_FAILURE);
  654. }
  655. #endif
  656. #if defined(DEBUG_WOLFSSL) && !defined(HAVE_VALGRIND)
  657. wolfSSL_Debugging_ON();
  658. #endif
  659. #if defined(OPENSSL_EXTRA) || defined(DEBUG_WOLFSSL_VERBOSE)
  660. wc_SetLoggingHeap(HEAP_HINT);
  661. #endif
  662. #ifdef HAVE_FIPS
  663. wolfCrypt_SetCb_fips(myFipsCb);
  664. #endif
  665. #if !defined(NO_BIG_INT)
  666. if (CheckCtcSettings() != 1) {
  667. printf("Sizeof mismatch (build) %x != (run) %x\n",
  668. CTC_SETTINGS, CheckRunTimeSettings());
  669. return err_sys("Build vs runtime math mismatch\n", -1000);
  670. }
  671. #if defined(USE_FAST_MATH) && \
  672. (!defined(NO_RSA) || !defined(NO_DH) || defined(HAVE_ECC))
  673. if (CheckFastMathSettings() != 1)
  674. return err_sys("Build vs runtime fastmath FP_MAX_BITS mismatch\n",
  675. -1001);
  676. #endif /* USE_FAST_MATH */
  677. #endif /* !NO_BIG_INT */
  678. #if defined(WOLFSSL_CERT_GEN) && defined(WOLFSSL_MULTI_ATTRIB)
  679. initDefaultName();
  680. #endif
  681. #ifdef WOLFSSL_ASYNC_CRYPT
  682. ret = wolfAsync_DevOpen(&devId);
  683. if (ret < 0) {
  684. printf("Async device open failed\nRunning without async\n");
  685. }
  686. #else
  687. (void)devId;
  688. #endif /* WOLFSSL_ASYNC_CRYPT */
  689. #ifdef WOLF_CRYPTO_CB
  690. #ifdef HAVE_INTEL_QA_SYNC
  691. devId = wc_CryptoCb_InitIntelQa();
  692. if (INVALID_DEVID == devId) {
  693. printf("Couldn't init the Intel QA\n");
  694. }
  695. #endif
  696. #ifdef HAVE_CAVIUM_OCTEON_SYNC
  697. devId = wc_CryptoCb_InitOcteon();
  698. if (INVALID_DEVID == devId) {
  699. printf("Couldn't init the Cavium Octeon\n");
  700. }
  701. #endif
  702. #endif
  703. #ifdef HAVE_SELFTEST
  704. if ( (ret = wolfCrypt_SelfTest()) != 0)
  705. return err_sys("CAVP selftest failed!\n", ret);
  706. else
  707. test_pass("CAVP selftest passed!\n");
  708. #endif
  709. if ( (ret = error_test()) != 0)
  710. return err_sys("error test failed!\n", ret);
  711. else
  712. test_pass("error test passed!\n");
  713. if ( (ret = memory_test()) != 0)
  714. return err_sys("MEMORY test failed!\n", ret);
  715. else
  716. test_pass("MEMORY test passed!\n");
  717. #ifndef NO_CODING
  718. if ( (ret = base64_test()) != 0)
  719. return err_sys("base64 test failed!\n", ret);
  720. else
  721. test_pass("base64 test passed!\n");
  722. #ifdef WOLFSSL_BASE16
  723. if ( (ret = base16_test()) != 0)
  724. return err_sys("base16 test failed!\n", ret);
  725. else
  726. test_pass("base16 test passed!\n");
  727. #endif
  728. #endif /* !NO_CODING */
  729. #ifndef NO_ASN
  730. if ( (ret = asn_test()) != 0)
  731. return err_sys("asn test failed!\n", ret);
  732. else
  733. test_pass("asn test passed!\n");
  734. #endif
  735. #ifndef WC_NO_RNG
  736. if ( (ret = random_test()) != 0)
  737. return err_sys("RANDOM test failed!\n", ret);
  738. else
  739. test_pass("RANDOM test passed!\n");
  740. #endif /* WC_NO_RNG */
  741. #ifndef NO_MD5
  742. if ( (ret = md5_test()) != 0)
  743. return err_sys("MD5 test failed!\n", ret);
  744. else
  745. test_pass("MD5 test passed!\n");
  746. #endif
  747. #ifdef WOLFSSL_MD2
  748. if ( (ret = md2_test()) != 0)
  749. return err_sys("MD2 test failed!\n", ret);
  750. else
  751. test_pass("MD2 test passed!\n");
  752. #endif
  753. #ifndef NO_MD4
  754. if ( (ret = md4_test()) != 0)
  755. return err_sys("MD4 test failed!\n", ret);
  756. else
  757. test_pass("MD4 test passed!\n");
  758. #endif
  759. #ifndef NO_SHA
  760. if ( (ret = sha_test()) != 0)
  761. return err_sys("SHA test failed!\n", ret);
  762. else
  763. test_pass("SHA test passed!\n");
  764. #endif
  765. #ifdef WOLFSSL_SHA224
  766. if ( (ret = sha224_test()) != 0)
  767. return err_sys("SHA-224 test failed!\n", ret);
  768. else
  769. test_pass("SHA-224 test passed!\n");
  770. #endif
  771. #ifndef NO_SHA256
  772. if ( (ret = sha256_test()) != 0)
  773. return err_sys("SHA-256 test failed!\n", ret);
  774. else
  775. test_pass("SHA-256 test passed!\n");
  776. #endif
  777. #ifdef WOLFSSL_SHA384
  778. if ( (ret = sha384_test()) != 0)
  779. return err_sys("SHA-384 test failed!\n", ret);
  780. else
  781. test_pass("SHA-384 test passed!\n");
  782. #endif
  783. #ifdef WOLFSSL_SHA512
  784. if ( (ret = sha512_test()) != 0)
  785. return err_sys("SHA-512 test failed!\n", ret);
  786. else
  787. test_pass("SHA-512 test passed!\n");
  788. #endif
  789. #ifdef WOLFSSL_SHA3
  790. if ( (ret = sha3_test()) != 0)
  791. return err_sys("SHA-3 test failed!\n", ret);
  792. else
  793. test_pass("SHA-3 test passed!\n");
  794. #endif
  795. #ifdef WOLFSSL_SHAKE256
  796. if ( (ret = shake256_test()) != 0)
  797. return err_sys("SHAKE256 test failed!\n", ret);
  798. else
  799. test_pass("SHAKE256 test passed!\n");
  800. #endif
  801. #ifndef NO_HASH_WRAPPER
  802. if ( (ret = hash_test()) != 0)
  803. return err_sys("Hash test failed!\n", ret);
  804. else
  805. test_pass("Hash test passed!\n");
  806. #endif
  807. #ifdef WOLFSSL_RIPEMD
  808. if ( (ret = ripemd_test()) != 0)
  809. return err_sys("RIPEMD test failed!\n", ret);
  810. else
  811. test_pass("RIPEMD test passed!\n");
  812. #endif
  813. #ifdef HAVE_BLAKE2
  814. if ( (ret = blake2b_test()) != 0)
  815. return err_sys("BLAKE2b test failed!\n", ret);
  816. else
  817. test_pass("BLAKE2b test passed!\n");
  818. #endif
  819. #ifdef HAVE_BLAKE2S
  820. if ( (ret = blake2s_test()) != 0)
  821. return err_sys("BLAKE2s test failed!\n", ret);
  822. else
  823. test_pass("BLAKE2s test passed!\n");
  824. #endif
  825. #ifndef NO_HMAC
  826. #ifndef NO_MD5
  827. if ( (ret = hmac_md5_test()) != 0)
  828. return err_sys("HMAC-MD5 test failed!\n", ret);
  829. else
  830. test_pass("HMAC-MD5 test passed!\n");
  831. #endif
  832. #ifndef NO_SHA
  833. if ( (ret = hmac_sha_test()) != 0)
  834. return err_sys("HMAC-SHA test failed!\n", ret);
  835. else
  836. test_pass("HMAC-SHA test passed!\n");
  837. #endif
  838. #ifdef WOLFSSL_SHA224
  839. if ( (ret = hmac_sha224_test()) != 0)
  840. return err_sys("HMAC-SHA224 test failed!\n", ret);
  841. else
  842. test_pass("HMAC-SHA224 test passed!\n");
  843. #endif
  844. #ifndef NO_SHA256
  845. if ( (ret = hmac_sha256_test()) != 0)
  846. return err_sys("HMAC-SHA256 test failed!\n", ret);
  847. else
  848. test_pass("HMAC-SHA256 test passed!\n");
  849. #endif
  850. #ifdef WOLFSSL_SHA384
  851. if ( (ret = hmac_sha384_test()) != 0)
  852. return err_sys("HMAC-SHA384 test failed!\n", ret);
  853. else
  854. test_pass("HMAC-SHA384 test passed!\n");
  855. #endif
  856. #ifdef WOLFSSL_SHA512
  857. if ( (ret = hmac_sha512_test()) != 0)
  858. return err_sys("HMAC-SHA512 test failed!\n", ret);
  859. else
  860. test_pass("HMAC-SHA512 test passed!\n");
  861. #endif
  862. #if !defined(NO_HMAC) && defined(WOLFSSL_SHA3) && \
  863. !defined(WOLFSSL_NOSHA3_224) && !defined(WOLFSSL_NOSHA3_256) && \
  864. !defined(WOLFSSL_NOSHA3_384) && !defined(WOLFSSL_NOSHA3_512)
  865. if ( (ret = hmac_sha3_test()) != 0)
  866. return err_sys("HMAC-SHA3 test failed!\n", ret);
  867. else
  868. test_pass("HMAC-SHA3 test passed!\n");
  869. #endif
  870. #ifdef HAVE_HKDF
  871. if ( (ret = hkdf_test()) != 0)
  872. return err_sys("HMAC-KDF test failed!\n", ret);
  873. else
  874. test_pass("HMAC-KDF test passed!\n");
  875. #endif
  876. #endif /* !NO_HMAC */
  877. #if defined(HAVE_X963_KDF) && defined(HAVE_ECC)
  878. if ( (ret = x963kdf_test()) != 0)
  879. return err_sys("X963-KDF test failed!\n", ret);
  880. else
  881. test_pass("X963-KDF test passed!\n");
  882. #endif
  883. #if defined(HAVE_AESGCM) && defined(WOLFSSL_AES_128) && \
  884. !defined(WOLFSSL_AFALG_XILINX_AES) && !defined(WOLFSSL_XILINX_CRYPT)
  885. if ( (ret = gmac_test()) != 0)
  886. return err_sys("GMAC test failed!\n", ret);
  887. else
  888. test_pass("GMAC test passed!\n");
  889. #endif
  890. #ifdef WC_RC2
  891. if ( (ret = rc2_test()) != 0)
  892. return err_sys("RC2 test failed!\n", ret);
  893. else
  894. test_pass("RC2 test passed!\n");
  895. #endif
  896. #ifndef NO_RC4
  897. if ( (ret = arc4_test()) != 0)
  898. return err_sys("ARC4 test failed!\n", ret);
  899. else
  900. test_pass("ARC4 test passed!\n");
  901. #endif
  902. #ifndef NO_HC128
  903. if ( (ret = hc128_test()) != 0)
  904. return err_sys("HC-128 test failed!\n", ret);
  905. else
  906. test_pass("HC-128 test passed!\n");
  907. #endif
  908. #ifndef NO_RABBIT
  909. if ( (ret = rabbit_test()) != 0)
  910. return err_sys("Rabbit test failed!\n", ret);
  911. else
  912. test_pass("Rabbit test passed!\n");
  913. #endif
  914. #ifdef HAVE_CHACHA
  915. if ( (ret = chacha_test()) != 0)
  916. return err_sys("Chacha test failed!\n", ret);
  917. else
  918. test_pass("Chacha test passed!\n");
  919. #endif
  920. #ifdef HAVE_XCHACHA
  921. if ( (ret = XChaCha_test()) != 0)
  922. return err_sys("XChacha test failed!\n", ret);
  923. else
  924. test_pass("XChacha test passed!\n");
  925. #endif
  926. #ifdef HAVE_POLY1305
  927. if ( (ret = poly1305_test()) != 0)
  928. return err_sys("POLY1305 test failed!\n", ret);
  929. else
  930. test_pass("POLY1305 test passed!\n");
  931. #endif
  932. #if defined(HAVE_CHACHA) && defined(HAVE_POLY1305)
  933. if ( (ret = chacha20_poly1305_aead_test()) != 0)
  934. return err_sys("ChaCha20-Poly1305 AEAD test failed!\n", ret);
  935. else
  936. test_pass("ChaCha20-Poly1305 AEAD test passed!\n");
  937. #endif
  938. #if defined(HAVE_XCHACHA) && defined(HAVE_POLY1305)
  939. if ( (ret = XChaCha20Poly1305_test()) != 0)
  940. return err_sys("XChaCha20-Poly1305 AEAD test failed!\n", ret);
  941. else
  942. test_pass("XChaCha20-Poly1305 AEAD test passed!\n");
  943. #endif
  944. #ifndef NO_DES3
  945. if ( (ret = des_test()) != 0)
  946. return err_sys("DES test failed!\n", ret);
  947. else
  948. test_pass("DES test passed!\n");
  949. #endif
  950. #ifndef NO_DES3
  951. if ( (ret = des3_test()) != 0)
  952. return err_sys("DES3 test failed!\n", ret);
  953. else
  954. test_pass("DES3 test passed!\n");
  955. #endif
  956. #ifndef NO_AES
  957. if ( (ret = aes_test()) != 0)
  958. return err_sys("AES test failed!\n", ret);
  959. else
  960. test_pass("AES test passed!\n");
  961. #ifdef WOLFSSL_AES_192
  962. if ( (ret = aes192_test()) != 0)
  963. return err_sys("AES192 test failed!\n", ret);
  964. else
  965. test_pass("AES192 test passed!\n");
  966. #endif
  967. #ifdef WOLFSSL_AES_256
  968. if ( (ret = aes256_test()) != 0)
  969. return err_sys("AES256 test failed!\n", ret);
  970. else
  971. test_pass("AES256 test passed!\n");
  972. #endif
  973. #ifdef WOLFSSL_AES_OFB
  974. if ( (ret = aesofb_test()) != 0)
  975. return err_sys("AES-OFB test failed!\n", ret);
  976. else
  977. test_pass("AESOFB test passed!\n");
  978. #endif
  979. #ifdef HAVE_AESGCM
  980. #if !defined(WOLFSSL_AFALG) && !defined(WOLFSSL_DEVCRYPTO)
  981. if ( (ret = aesgcm_test()) != 0)
  982. return err_sys("AES-GCM test failed!\n", ret);
  983. #endif
  984. #if !defined(WOLFSSL_AFALG_XILINX_AES) && !defined(WOLFSSL_XILINX_CRYPT) && \
  985. !(defined(WOLF_CRYPTO_CB) && \
  986. (defined(HAVE_INTEL_QA_SYNC) || defined(HAVE_CAVIUM_OCTEON_SYNC)))
  987. if ((ret = aesgcm_default_test()) != 0) {
  988. return err_sys("AES-GCM test failed!\n", ret);
  989. }
  990. #endif
  991. test_pass("AES-GCM test passed!\n");
  992. #endif
  993. #if defined(HAVE_AESCCM) && defined(WOLFSSL_AES_128)
  994. if ( (ret = aesccm_test()) != 0)
  995. return err_sys("AES-CCM test failed!\n", ret);
  996. else
  997. test_pass("AES-CCM test passed!\n");
  998. #endif
  999. #ifdef HAVE_AES_KEYWRAP
  1000. if ( (ret = aeskeywrap_test()) != 0)
  1001. return err_sys("AES Key Wrap test failed!\n", ret);
  1002. else
  1003. test_pass("AES Key Wrap test passed!\n");
  1004. #endif
  1005. #endif
  1006. #ifdef HAVE_CAMELLIA
  1007. if ( (ret = camellia_test()) != 0)
  1008. return err_sys("CAMELLIA test failed!\n", ret);
  1009. else
  1010. test_pass("CAMELLIA test passed!\n");
  1011. #endif
  1012. #ifdef HAVE_IDEA
  1013. if ( (ret = idea_test()) != 0)
  1014. return err_sys("IDEA test failed!\n", ret);
  1015. else
  1016. test_pass("IDEA test passed!\n");
  1017. #endif
  1018. #ifndef NO_RSA
  1019. #ifdef WC_RSA_NO_PADDING
  1020. if ( (ret = rsa_no_pad_test()) != 0)
  1021. return err_sys("RSA NOPAD test failed!\n", ret);
  1022. else
  1023. test_pass("RSA NOPAD test passed!\n");
  1024. #endif
  1025. if ( (ret = rsa_test()) != 0)
  1026. return err_sys("RSA test failed!\n", ret);
  1027. else
  1028. test_pass("RSA test passed!\n");
  1029. #endif
  1030. #ifndef NO_DH
  1031. if ( (ret = dh_test()) != 0)
  1032. return err_sys("DH test failed!\n", ret);
  1033. else
  1034. test_pass("DH test passed!\n");
  1035. #endif
  1036. #ifndef NO_DSA
  1037. if ( (ret = dsa_test()) != 0)
  1038. return err_sys("DSA test failed!\n", ret);
  1039. else
  1040. test_pass("DSA test passed!\n");
  1041. #endif
  1042. #ifdef WOLFCRYPT_HAVE_SRP
  1043. if ( (ret = srp_test()) != 0)
  1044. return err_sys("SRP test failed!\n", ret);
  1045. else
  1046. test_pass("SRP test passed!\n");
  1047. #endif
  1048. #ifndef NO_PWDBASED
  1049. if ( (ret = pwdbased_test()) != 0)
  1050. return err_sys("PWDBASED test failed!\n", ret);
  1051. else
  1052. test_pass("PWDBASED test passed!\n");
  1053. #endif
  1054. #if defined(OPENSSL_EXTRA) && !defined(WOLFCRYPT_ONLY)
  1055. if ( (ret = openssl_test()) != 0)
  1056. return err_sys("OPENSSL test failed!\n", ret);
  1057. else
  1058. test_pass("OPENSSL test passed!\n");
  1059. if ( (ret = openSSL_evpMD_test()) != 0)
  1060. return err_sys("OPENSSL (EVP MD) test failed!\n", ret);
  1061. else
  1062. test_pass("OPENSSL (EVP MD) passed!\n");
  1063. if ( (ret = openssl_pkey0_test()) != 0)
  1064. return err_sys("OPENSSL (PKEY0) test failed!\n", ret);
  1065. else
  1066. test_pass("OPENSSL (PKEY0) passed!\n");
  1067. if ( (ret = openssl_pkey1_test()) != 0)
  1068. return err_sys("OPENSSL (PKEY1) test failed!\n", ret);
  1069. else
  1070. test_pass("OPENSSL (PKEY1) passed!\n");
  1071. if ( (ret = openssl_evpSig_test()) != 0)
  1072. return err_sys("OPENSSL (EVP Sign/Verify) test failed!\n", ret);
  1073. else
  1074. test_pass("OPENSSL (EVP Sign/Verify) passed!\n");
  1075. #endif
  1076. #ifdef HAVE_ECC
  1077. if ( (ret = ecc_test()) != 0)
  1078. return err_sys("ECC test failed!\n", ret);
  1079. else
  1080. test_pass("ECC test passed!\n");
  1081. #if defined(HAVE_ECC_ENCRYPT) && defined(WOLFSSL_AES_128)
  1082. if ( (ret = ecc_encrypt_test()) != 0)
  1083. return err_sys("ECC Enc test failed!\n", ret);
  1084. else
  1085. test_pass("ECC Enc test passed!\n");
  1086. #endif
  1087. #if defined(USE_CERT_BUFFERS_256) && !defined(WOLFSSL_ATECC508A) && \
  1088. !defined(WOLFSSL_ATECC608A) && !defined(NO_ECC256) && \
  1089. defined(HAVE_ECC_VERIFY) && defined(HAVE_ECC_SIGN)
  1090. /* skip for ATECC508/608A, cannot import private key buffers */
  1091. if ( (ret = ecc_test_buffers()) != 0)
  1092. return err_sys("ECC buffer test failed!\n", ret);
  1093. else
  1094. test_pass("ECC buffer test passed!\n");
  1095. #endif
  1096. #endif
  1097. #if !defined(NO_ASN_TIME) && !defined(NO_RSA) && defined(WOLFSSL_TEST_CERT) && \
  1098. !defined(NO_FILESYSTEM)
  1099. if ( (ret = cert_test()) != 0)
  1100. return err_sys("CERT test failed!\n", ret);
  1101. else
  1102. test_pass("CERT test passed!\n");
  1103. #endif
  1104. #if defined(WOLFSSL_CERT_EXT) && defined(WOLFSSL_TEST_CERT) && \
  1105. !defined(NO_FILESYSTEM)
  1106. if ( (ret = certext_test()) != 0)
  1107. return err_sys("CERT EXT test failed!\n", ret);
  1108. else
  1109. test_pass("CERT EXT test passed!\n");
  1110. #endif
  1111. #if defined(WOLFSSL_CERT_GEN_CACHE) && defined(WOLFSSL_TEST_CERT) && \
  1112. defined(WOLFSSL_CERT_EXT) && defined(WOLFSSL_CERT_GEN)
  1113. if ( (ret = decodedCertCache_test()) != 0)
  1114. return err_sys("DECODED CERT CACHE test failed!\n", ret);
  1115. else
  1116. test_pass("DECODED CERT CACHE test passed!\n");
  1117. #endif
  1118. #ifdef HAVE_CURVE25519
  1119. if ( (ret = curve25519_test()) != 0)
  1120. return err_sys("CURVE25519 test failed!\n", ret);
  1121. else
  1122. test_pass("CURVE25519 test passed!\n");
  1123. #endif
  1124. #ifdef HAVE_ED25519
  1125. if ( (ret = ed25519_test()) != 0)
  1126. return err_sys("ED25519 test failed!\n", ret);
  1127. else
  1128. test_pass("ED25519 test passed!\n");
  1129. #endif
  1130. #ifdef HAVE_CURVE448
  1131. if ( (ret = curve448_test()) != 0)
  1132. return err_sys("CURVE448 test failed!\n", ret);
  1133. else
  1134. test_pass("CURVE448 test passed!\n");
  1135. #endif
  1136. #ifdef HAVE_ED448
  1137. if ( (ret = ed448_test()) != 0)
  1138. return err_sys("ED448 test failed!\n", ret);
  1139. else
  1140. test_pass("ED448 test passed!\n");
  1141. #endif
  1142. #ifdef WOLFCRYPT_HAVE_ECCSI
  1143. if ( (ret = eccsi_test()) != 0)
  1144. return err_sys("ECCSI test failed!\n", ret);
  1145. else
  1146. test_pass("ECCSI test passed!\n");
  1147. #endif
  1148. #ifdef WOLFCRYPT_HAVE_SAKKE
  1149. if ( (ret = sakke_test()) != 0)
  1150. return err_sys("SAKKE test failed!\n", ret);
  1151. else
  1152. test_pass("SAKKE test passed!\n");
  1153. #endif
  1154. #if defined(WOLFSSL_CMAC) && !defined(NO_AES)
  1155. if ( (ret = cmac_test()) != 0)
  1156. return err_sys("CMAC test failed!\n", ret);
  1157. else
  1158. test_pass("CMAC test passed!\n");
  1159. #endif
  1160. #ifdef HAVE_LIBZ
  1161. if ( (ret = compress_test()) != 0)
  1162. return err_sys("COMPRESS test failed!\n", ret);
  1163. else
  1164. test_pass("COMPRESS test passed!\n");
  1165. #endif
  1166. #ifdef HAVE_PKCS7
  1167. #ifndef NO_PKCS7_ENCRYPTED_DATA
  1168. if ( (ret = pkcs7encrypted_test()) != 0)
  1169. return err_sys("PKCS7encrypted test failed!\n", ret);
  1170. else
  1171. test_pass("PKCS7encrypted test passed!\n");
  1172. #endif
  1173. #if defined(HAVE_LIBZ) && !defined(NO_PKCS7_COMPRESSED_DATA)
  1174. if ( (ret = pkcs7compressed_test()) != 0)
  1175. return err_sys("PKCS7compressed test failed!\n", ret);
  1176. else
  1177. test_pass("PKCS7compressed test passed!\n");
  1178. #endif
  1179. if ( (ret = pkcs7signed_test()) != 0)
  1180. return err_sys("PKCS7signed test failed!\n", ret);
  1181. else
  1182. test_pass("PKCS7signed test passed!\n");
  1183. if ( (ret = pkcs7enveloped_test()) != 0)
  1184. return err_sys("PKCS7enveloped test failed!\n", ret);
  1185. else
  1186. test_pass("PKCS7enveloped test passed!\n");
  1187. #if defined(HAVE_AESGCM) || defined(HAVE_AESCCM)
  1188. if ( (ret = pkcs7authenveloped_test()) != 0)
  1189. return err_sys("PKCS7authenveloped test failed!\n", ret);
  1190. else
  1191. test_pass("PKCS7authenveloped test passed!\n");
  1192. #endif
  1193. #endif
  1194. #ifdef HAVE_VALGRIND
  1195. if ( (ret = mp_test()) != 0)
  1196. return err_sys("mp test failed!\n", ret);
  1197. else
  1198. test_pass("mp test passed!\n");
  1199. #endif
  1200. #if defined(WOLFSSL_PUBLIC_MP) && defined(WOLFSSL_KEY_GEN)
  1201. if ( (ret = prime_test()) != 0)
  1202. return err_sys("prime test failed!\n", ret);
  1203. else
  1204. test_pass("prime test passed!\n");
  1205. #endif
  1206. #if defined(ASN_BER_TO_DER) && \
  1207. (defined(WOLFSSL_TEST_CERT) || defined(OPENSSL_EXTRA) || \
  1208. defined(OPENSSL_EXTRA_X509_SMALL))
  1209. if ( (ret = berder_test()) != 0)
  1210. return err_sys("ber-der test failed!\n", ret);
  1211. else
  1212. test_pass("ber-der test passed!\n");
  1213. #endif
  1214. if ( (ret = logging_test()) != 0)
  1215. return err_sys("logging test failed!\n", ret);
  1216. else
  1217. test_pass("logging test passed!\n");
  1218. if ( (ret = mutex_test()) != 0)
  1219. return err_sys("mutex test failed!\n", ret);
  1220. else
  1221. test_pass("mutex test passed!\n");
  1222. #if defined(USE_WOLFSSL_MEMORY) && !defined(FREERTOS)
  1223. if ( (ret = memcb_test()) != 0)
  1224. return err_sys("memcb test failed!\n", ret);
  1225. else
  1226. test_pass("memcb test passed!\n");
  1227. #endif
  1228. #ifdef WOLFSSL_IMX6_CAAM_BLOB
  1229. if ( (ret = blob_test()) != 0)
  1230. return err_sys("blob test failed!\n", ret);
  1231. else
  1232. test_pass("blob test passed!\n");
  1233. #endif
  1234. #if defined(WOLF_CRYPTO_CB) && \
  1235. !(defined(HAVE_INTEL_QAT_SYNC) || defined(HAVE_CAVIUM_OCTEON_SYNC) || \
  1236. defined(WOLFSSL_QNX_CAAM))
  1237. if ( (ret = cryptocb_test()) != 0)
  1238. return err_sys("crypto callback test failed!\n", ret);
  1239. else
  1240. test_pass("crypto callback test passed!\n");
  1241. #endif
  1242. #ifdef WOLFSSL_CERT_PIV
  1243. if ( (ret = certpiv_test()) != 0)
  1244. return err_sys("cert piv test failed!\n", ret);
  1245. else
  1246. test_pass("cert piv test passed!\n");
  1247. #endif
  1248. #ifdef WOLF_CRYPTO_CB
  1249. #ifdef HAVE_INTEL_QA_SYNC
  1250. wc_CryptoCb_CleanupIntelQa(&devId);
  1251. #endif
  1252. #ifdef HAVE_CAVIUM_OCTEON_SYNC
  1253. wc_CryptoCb_CleanupOcteon(&devId);
  1254. #endif
  1255. #endif
  1256. #ifdef WOLFSSL_ASYNC_CRYPT
  1257. wolfAsync_DevClose(&devId);
  1258. #endif
  1259. /* cleanup the thread if fixed point cache is enabled and have thread local */
  1260. #if defined(HAVE_THREAD_LS) && defined(HAVE_ECC) && defined(FP_ECC)
  1261. wc_ecc_fp_free();
  1262. #endif
  1263. if (args)
  1264. ((func_args*)args)->return_code = ret;
  1265. test_pass("Test complete\n");
  1266. EXIT_TEST(ret);
  1267. }
  1268. #ifndef NO_MAIN_DRIVER
  1269. /* so overall tests can pull in test function */
  1270. #ifdef WOLFSSL_ESPIDF
  1271. void app_main( )
  1272. #else
  1273. #ifdef HAVE_WOLFCRYPT_TEST_OPTIONS
  1274. int myoptind = 0;
  1275. char* myoptarg = NULL;
  1276. #endif
  1277. int main(int argc, char** argv)
  1278. #endif
  1279. {
  1280. int ret;
  1281. func_args args;
  1282. #ifdef WOLFSSL_ESPIDF
  1283. /* set dummy wallclock time. */
  1284. struct timeval utctime;
  1285. struct timezone tz;
  1286. utctime.tv_sec = 1521725159; /* dummy time: 2018-03-22T13:25:59+00:00 */
  1287. utctime.tv_usec = 0;
  1288. tz.tz_minuteswest = 0;
  1289. tz.tz_dsttime = 0;
  1290. settimeofday(&utctime, &tz);
  1291. #endif
  1292. #ifdef WOLFSSL_APACHE_MYNEWT
  1293. #ifdef ARCH_sim
  1294. mcu_sim_parse_args(argc, argv);
  1295. #endif
  1296. sysinit();
  1297. /* set dummy wallclock time. */
  1298. struct os_timeval utctime;
  1299. struct os_timezone tz;
  1300. utctime.tv_sec = 1521725159; /* dummy time: 2018-03-22T13:25:59+00:00 */
  1301. utctime.tv_usec = 0;
  1302. tz.tz_minuteswest = 0;
  1303. tz.tz_dsttime = 0;
  1304. os_settimeofday(&utctime, &tz);
  1305. #endif
  1306. #ifdef HAVE_WNR
  1307. if (wc_InitNetRandom(wnrConfigFile, NULL, 5000) != 0) {
  1308. err_sys("Whitewood netRandom global config failed", -1001);
  1309. return -1002;
  1310. }
  1311. #endif
  1312. #ifndef WOLFSSL_ESPIDF
  1313. args.argc = argc;
  1314. args.argv = argv;
  1315. #endif
  1316. if ((ret = wolfCrypt_Init()) != 0) {
  1317. printf("wolfCrypt_Init failed %d\n", ret);
  1318. err_sys("Error with wolfCrypt_Init!\n", -1003);
  1319. }
  1320. #ifdef HAVE_STACK_SIZE
  1321. StackSizeCheck(&args, wolfcrypt_test);
  1322. #else
  1323. wolfcrypt_test(&args);
  1324. #endif
  1325. if ((ret = wolfCrypt_Cleanup()) != 0) {
  1326. printf("wolfCrypt_Cleanup failed %d\n", ret);
  1327. err_sys("Error with wolfCrypt_Cleanup!\n", -1004);
  1328. }
  1329. #ifdef HAVE_WNR
  1330. if (wc_FreeNetRandom() < 0)
  1331. err_sys("Failed to free netRandom context", -1005);
  1332. #endif /* HAVE_WNR */
  1333. #ifndef WOLFSSL_ESPIDF
  1334. return args.return_code;
  1335. #endif
  1336. }
  1337. #endif /* NO_MAIN_DRIVER */
  1338. /* helper to save DER, convert to PEM and save PEM */
  1339. #if !defined(NO_ASN) && (defined(HAVE_ECC) || !defined(NO_DSA) || \
  1340. (!defined(NO_RSA) && (defined(WOLFSSL_KEY_GEN) || defined(WOLFSSL_CERT_GEN))))
  1341. #if !defined(NO_FILESYSTEM) && !defined(NO_WRITE_TEMP_FILES)
  1342. #define SaveDerAndPem(d, dSz, fD, fP, pT, eB) _SaveDerAndPem(d, dSz, fD, fP, pT, eB)
  1343. #else
  1344. #define SaveDerAndPem(d, dSz, fD, fP, pT, eB) _SaveDerAndPem(d, dSz, NULL, NULL, pT, eB)
  1345. #endif
  1346. static int _SaveDerAndPem(const byte* der, int derSz,
  1347. const char* fileDer, const char* filePem, int pemType, int errBase)
  1348. {
  1349. #if !defined(NO_FILESYSTEM) && !defined(NO_WRITE_TEMP_FILES)
  1350. int ret;
  1351. XFILE derFile;
  1352. derFile = XFOPEN(fileDer, "wb");
  1353. if (!derFile) {
  1354. return errBase + 0;
  1355. }
  1356. ret = (int)XFWRITE(der, 1, derSz, derFile);
  1357. XFCLOSE(derFile);
  1358. if (ret != derSz) {
  1359. return errBase + 1;
  1360. }
  1361. #endif
  1362. #ifdef WOLFSSL_DER_TO_PEM
  1363. if (filePem) {
  1364. #if !defined(NO_FILESYSTEM) && !defined(NO_WRITE_TEMP_FILES)
  1365. XFILE pemFile;
  1366. #endif
  1367. byte* pem;
  1368. int pemSz;
  1369. /* calculate PEM size */
  1370. pemSz = wc_DerToPem(der, derSz, NULL, 0, pemType);
  1371. if (pemSz < 0) {
  1372. return pemSz;
  1373. }
  1374. pem = (byte*)XMALLOC(pemSz, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  1375. if (pem == NULL) {
  1376. return MEMORY_E;
  1377. }
  1378. /* Convert to PEM */
  1379. pemSz = wc_DerToPem(der, derSz, pem, pemSz, pemType);
  1380. if (pemSz < 0) {
  1381. XFREE(pem, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  1382. return errBase + 2;
  1383. }
  1384. #if !defined(NO_FILESYSTEM) && !defined(NO_WRITE_TEMP_FILES)
  1385. pemFile = XFOPEN(filePem, "wb");
  1386. if (!pemFile) {
  1387. XFREE(pem, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  1388. return errBase + 3;
  1389. }
  1390. ret = (int)XFWRITE(pem, 1, pemSz, pemFile);
  1391. XFCLOSE(pemFile);
  1392. if (ret != pemSz) {
  1393. XFREE(pem, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  1394. return errBase + 4;
  1395. }
  1396. #endif
  1397. XFREE(pem, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  1398. }
  1399. #endif /* WOLFSSL_DER_TO_PEM */
  1400. /* suppress unused variable warnings */
  1401. (void)der;
  1402. (void)derSz;
  1403. (void)filePem;
  1404. (void)fileDer;
  1405. (void)pemType;
  1406. (void)errBase;
  1407. return 0;
  1408. }
  1409. #endif /* WOLFSSL_KEY_GEN || WOLFSSL_CERT_GEN */
  1410. WOLFSSL_TEST_SUBROUTINE int error_test(void)
  1411. {
  1412. const char* errStr;
  1413. char out[WOLFSSL_MAX_ERROR_SZ];
  1414. const char* unknownStr = wc_GetErrorString(0);
  1415. #ifdef NO_ERROR_STRINGS
  1416. /* Ensure a valid error code's string matches an invalid code's.
  1417. * The string is that error strings are not available.
  1418. */
  1419. errStr = wc_GetErrorString(OPEN_RAN_E);
  1420. wc_ErrorString(OPEN_RAN_E, out);
  1421. if (XSTRNCMP(errStr, unknownStr, XSTRLEN(unknownStr)) != 0)
  1422. return -1100;
  1423. if (XSTRNCMP(out, unknownStr, XSTRLEN(unknownStr)) != 0)
  1424. return -1101;
  1425. #else
  1426. int i;
  1427. int j = 0;
  1428. /* Values that are not or no longer error codes. */
  1429. int missing[] = { -122, -123, -124, -127, -128, -129,
  1430. -163, -164, -165, -166, -167, -168, -169,
  1431. -179, -233,
  1432. 0 };
  1433. /* Check that all errors have a string and it's the same through the two
  1434. * APIs. Check that the values that are not errors map to the unknown
  1435. * string.
  1436. */
  1437. for (i = MAX_CODE_E-1; i >= WC_LAST_E; i--) {
  1438. errStr = wc_GetErrorString(i);
  1439. wc_ErrorString(i, out);
  1440. if (i != missing[j]) {
  1441. if (XSTRNCMP(errStr, unknownStr, XSTRLEN(unknownStr)) == 0)
  1442. return -1102;
  1443. if (XSTRNCMP(out, unknownStr, XSTRLEN(unknownStr)) == 0)
  1444. return -1103;
  1445. if (XSTRNCMP(errStr, out, XSTRLEN(errStr)) != 0)
  1446. return -1104;
  1447. if (XSTRLEN(errStr) >= WOLFSSL_MAX_ERROR_SZ)
  1448. return -1105;
  1449. }
  1450. else {
  1451. j++;
  1452. if (XSTRNCMP(errStr, unknownStr, XSTRLEN(unknownStr)) != 0)
  1453. return -1106;
  1454. if (XSTRNCMP(out, unknownStr, XSTRLEN(unknownStr)) != 0)
  1455. return -1107;
  1456. }
  1457. }
  1458. /* Check if the next possible value has been given a string. */
  1459. errStr = wc_GetErrorString(i);
  1460. wc_ErrorString(i, out);
  1461. if (XSTRNCMP(errStr, unknownStr, XSTRLEN(unknownStr)) != 0)
  1462. return -1108;
  1463. if (XSTRNCMP(out, unknownStr, XSTRLEN(unknownStr)) != 0)
  1464. return -1109;
  1465. #endif
  1466. return 0;
  1467. }
  1468. #ifndef NO_CODING
  1469. WOLFSSL_TEST_SUBROUTINE int base64_test(void)
  1470. {
  1471. int ret;
  1472. WOLFSSL_SMALL_STACK_STATIC const byte good[] = "A+Gd\0\0\0";
  1473. WOLFSSL_SMALL_STACK_STATIC const byte goodEnd[] = "A+Gd \r\n";
  1474. byte out[128];
  1475. word32 outLen;
  1476. #ifdef WOLFSSL_BASE64_ENCODE
  1477. byte data[3];
  1478. word32 dataLen;
  1479. byte longData[79] = { 0 };
  1480. WOLFSSL_SMALL_STACK_STATIC const byte symbols[] = "+/A=";
  1481. #endif
  1482. WOLFSSL_SMALL_STACK_STATIC const byte badSmall[] = "AAA Gdj=";
  1483. WOLFSSL_SMALL_STACK_STATIC const byte badLarge[] = "AAA~Gdj=";
  1484. WOLFSSL_SMALL_STACK_STATIC const byte badEOL[] = "A+Gd AA";
  1485. WOLFSSL_SMALL_STACK_STATIC const byte badPadding[] = "AA=A";
  1486. WOLFSSL_SMALL_STACK_STATIC const byte badChar[] = ",-.:;<=>?@[\\]^_`";
  1487. byte goodChar[] =
  1488. "ABCDEFGHIJKLMNOPQRSTUVWXYZ"
  1489. "abcdefghijklmnopqrstuvwxyz"
  1490. "0123456789+/;";
  1491. byte charTest[] = "A+Gd\0\0\0";
  1492. int i;
  1493. /* Good Base64 encodings. */
  1494. outLen = sizeof(out);
  1495. ret = Base64_Decode(good, sizeof(good), out, &outLen);
  1496. if (ret != 0)
  1497. return -1200;
  1498. outLen = sizeof(out);
  1499. ret = Base64_Decode(goodEnd, sizeof(goodEnd), out, &outLen);
  1500. if (ret != 0)
  1501. return -1201;
  1502. outLen = sizeof(goodChar);
  1503. ret = Base64_Decode(goodChar, sizeof(goodChar), goodChar, &outLen);
  1504. if (ret != 0)
  1505. return -1235;
  1506. if (outLen != 64 / 4 * 3)
  1507. return -1236;
  1508. /* Bad parameters. */
  1509. outLen = 1;
  1510. ret = Base64_Decode(good, sizeof(good), out, &outLen);
  1511. if (ret != BAD_FUNC_ARG)
  1512. return -1202;
  1513. outLen = sizeof(out);
  1514. ret = Base64_Decode(badEOL, sizeof(badEOL), out, &outLen);
  1515. if (ret != ASN_INPUT_E)
  1516. return -1203;
  1517. outLen = sizeof(out);
  1518. ret = Base64_Decode(badPadding, sizeof(badPadding), out, &outLen);
  1519. if (ret != ASN_INPUT_E)
  1520. return -1203;
  1521. /* Bad character at each offset 0-3. */
  1522. for (i = 0; i < 4; i++) {
  1523. outLen = sizeof(out);
  1524. ret = Base64_Decode(badSmall + i, 4, out, &outLen);
  1525. if (ret != ASN_INPUT_E)
  1526. return -1204 - i;
  1527. ret = Base64_Decode(badLarge + i, 4, out, &outLen);
  1528. if (ret != ASN_INPUT_E)
  1529. return -1214 - i;
  1530. }
  1531. /* Invalid character less than 0x2b */
  1532. for (i = 1; i < 0x2b; i++) {
  1533. outLen = sizeof(out);
  1534. charTest[0] = i;
  1535. ret = Base64_Decode(charTest, sizeof(charTest), out, &outLen);
  1536. if (ret != ASN_INPUT_E)
  1537. return -1240 - i;
  1538. }
  1539. /* Bad characters in range 0x2b - 0x7a. */
  1540. for (i = 0; i < (int)sizeof(badChar) - 1; i++) {
  1541. outLen = sizeof(out);
  1542. charTest[0] = badChar[i];
  1543. ret = Base64_Decode(charTest, sizeof(charTest), out, &outLen);
  1544. if (ret != ASN_INPUT_E)
  1545. return -1270 - i;
  1546. }
  1547. /* Invalid character greater than 0x7a */
  1548. for (i = 0x7b; i < 0x100; i++) {
  1549. outLen = sizeof(out);
  1550. charTest[0] = i;
  1551. ret = Base64_Decode(charTest, sizeof(charTest), out, &outLen);
  1552. if (ret != ASN_INPUT_E)
  1553. return -1290 - i;
  1554. }
  1555. #ifdef WOLFSSL_BASE64_ENCODE
  1556. /* Decode and encode all symbols - non-alphanumeric. */
  1557. dataLen = sizeof(data);
  1558. ret = Base64_Decode(symbols, sizeof(symbols), data, &dataLen);
  1559. if (ret != 0)
  1560. return -1224;
  1561. outLen = sizeof(out);
  1562. ret = Base64_Encode(data, dataLen, NULL, &outLen);
  1563. if (ret != LENGTH_ONLY_E)
  1564. return -1225;
  1565. outLen = sizeof(out);
  1566. ret = Base64_Encode(data, dataLen, out, &outLen);
  1567. if (ret != 0)
  1568. return -1226;
  1569. outLen = 7;
  1570. ret = Base64_EncodeEsc(data, dataLen, out, &outLen);
  1571. if (ret != BUFFER_E)
  1572. return -1227;
  1573. outLen = sizeof(out);
  1574. ret = Base64_EncodeEsc(data, dataLen, NULL, &outLen);
  1575. if (ret != LENGTH_ONLY_E)
  1576. return -1228;
  1577. outLen = sizeof(out);
  1578. ret = Base64_EncodeEsc(data, dataLen, out, &outLen);
  1579. if (ret != 0)
  1580. return -1229;
  1581. outLen = sizeof(out);
  1582. ret = Base64_Encode_NoNl(data, dataLen, out, &outLen);
  1583. if (ret != 0)
  1584. return -1230;
  1585. /* Data that results in an encoding longer than one line. */
  1586. outLen = sizeof(out);
  1587. dataLen = sizeof(longData);
  1588. ret = Base64_Encode(longData, dataLen, out, &outLen);
  1589. if (ret != 0)
  1590. return -1231;
  1591. outLen = sizeof(out);
  1592. ret = Base64_EncodeEsc(longData, dataLen, out, &outLen);
  1593. if (ret != 0)
  1594. return -1232;
  1595. outLen = sizeof(out);
  1596. ret = Base64_Encode_NoNl(longData, dataLen, out, &outLen);
  1597. if (ret != 0)
  1598. return -1233;
  1599. #endif
  1600. return 0;
  1601. }
  1602. #ifdef WOLFSSL_BASE16
  1603. WOLFSSL_TEST_SUBROUTINE int base16_test(void)
  1604. {
  1605. int ret;
  1606. WOLFSSL_SMALL_STACK_STATIC const byte testData[] = "SomeDataToEncode\n";
  1607. WOLFSSL_SMALL_STACK_STATIC const byte encodedTestData[] = "536F6D6544617461546F456E636F64650A00";
  1608. byte encoded[40];
  1609. word32 encodedLen;
  1610. byte plain[40];
  1611. word32 len;
  1612. /* length returned includes null termination */
  1613. encodedLen = sizeof(encoded);
  1614. ret = Base16_Encode(testData, sizeof(testData), encoded, &encodedLen);
  1615. if (ret != 0)
  1616. return -1300;
  1617. len = (word32)XSTRLEN((char*)encoded);
  1618. if (len != encodedLen - 1)
  1619. return -1301;
  1620. len = sizeof(plain);
  1621. ret = Base16_Decode(encoded, encodedLen - 1, plain, &len);
  1622. if (ret != 0)
  1623. return -1302;
  1624. if (len != sizeof(testData) || XMEMCMP(testData, plain, len) != 0)
  1625. return -1303;
  1626. if (encodedLen != sizeof(encodedTestData) ||
  1627. XMEMCMP(encoded, encodedTestData, encodedLen) != 0) {
  1628. return -1304;
  1629. }
  1630. return 0;
  1631. }
  1632. #endif /* WOLFSSL_BASE16 */
  1633. #endif /* !NO_CODING */
  1634. #ifndef NO_ASN
  1635. WOLFSSL_TEST_SUBROUTINE int asn_test(void)
  1636. {
  1637. int ret;
  1638. /* ASN1 encoded date buffer */
  1639. WOLFSSL_SMALL_STACK_STATIC const byte dateBuf[] = {0x17, 0x0d, 0x31, 0x36, 0x30, 0x38, 0x31, 0x31,
  1640. 0x32, 0x30, 0x30, 0x37, 0x33, 0x37, 0x5a};
  1641. byte format;
  1642. int length;
  1643. const byte* datePart;
  1644. #ifndef NO_ASN_TIME
  1645. struct tm timearg;
  1646. time_t now;
  1647. #endif
  1648. ret = wc_GetDateInfo(dateBuf, (int)sizeof(dateBuf), &datePart, &format,
  1649. &length);
  1650. if (ret != 0)
  1651. return -1400;
  1652. #ifndef NO_ASN_TIME
  1653. /* Parameter Validation tests. */
  1654. if (wc_GetTime(NULL, sizeof(now)) != BAD_FUNC_ARG)
  1655. return -1401;
  1656. if (wc_GetTime(&now, 0) != BUFFER_E)
  1657. return -1402;
  1658. now = 0;
  1659. if (wc_GetTime(&now, sizeof(now)) != 0) {
  1660. return -1403;
  1661. }
  1662. if (now == 0) {
  1663. printf("RTC/Time not set!\n");
  1664. return -1404;
  1665. }
  1666. ret = wc_GetDateAsCalendarTime(datePart, length, format, &timearg);
  1667. if (ret != 0)
  1668. return -1405;
  1669. #endif /* !NO_ASN_TIME */
  1670. return 0;
  1671. }
  1672. #endif /* !NO_ASN */
  1673. #ifdef WOLFSSL_MD2
  1674. WOLFSSL_TEST_SUBROUTINE int md2_test(void)
  1675. {
  1676. Md2 md2;
  1677. byte hash[MD2_DIGEST_SIZE];
  1678. testVector a, b, c, d, e, f, g;
  1679. testVector test_md2[7];
  1680. int times = sizeof(test_md2) / sizeof(testVector), i;
  1681. a.input = "";
  1682. a.output = "\x83\x50\xe5\xa3\xe2\x4c\x15\x3d\xf2\x27\x5c\x9f\x80\x69"
  1683. "\x27\x73";
  1684. a.inLen = XSTRLEN(a.input);
  1685. a.outLen = MD2_DIGEST_SIZE;
  1686. b.input = "a";
  1687. b.output = "\x32\xec\x01\xec\x4a\x6d\xac\x72\xc0\xab\x96\xfb\x34\xc0"
  1688. "\xb5\xd1";
  1689. b.inLen = XSTRLEN(b.input);
  1690. b.outLen = MD2_DIGEST_SIZE;
  1691. c.input = "abc";
  1692. c.output = "\xda\x85\x3b\x0d\x3f\x88\xd9\x9b\x30\x28\x3a\x69\xe6\xde"
  1693. "\xd6\xbb";
  1694. c.inLen = XSTRLEN(c.input);
  1695. c.outLen = MD2_DIGEST_SIZE;
  1696. d.input = "message digest";
  1697. d.output = "\xab\x4f\x49\x6b\xfb\x2a\x53\x0b\x21\x9f\xf3\x30\x31\xfe"
  1698. "\x06\xb0";
  1699. d.inLen = XSTRLEN(d.input);
  1700. d.outLen = MD2_DIGEST_SIZE;
  1701. e.input = "abcdefghijklmnopqrstuvwxyz";
  1702. e.output = "\x4e\x8d\xdf\xf3\x65\x02\x92\xab\x5a\x41\x08\xc3\xaa\x47"
  1703. "\x94\x0b";
  1704. e.inLen = XSTRLEN(e.input);
  1705. e.outLen = MD2_DIGEST_SIZE;
  1706. f.input = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz012345"
  1707. "6789";
  1708. f.output = "\xda\x33\xde\xf2\xa4\x2d\xf1\x39\x75\x35\x28\x46\xc3\x03"
  1709. "\x38\xcd";
  1710. f.inLen = XSTRLEN(f.input);
  1711. f.outLen = MD2_DIGEST_SIZE;
  1712. g.input = "1234567890123456789012345678901234567890123456789012345678"
  1713. "9012345678901234567890";
  1714. g.output = "\xd5\x97\x6f\x79\xd8\x3d\x3a\x0d\xc9\x80\x6c\x3c\x66\xf3"
  1715. "\xef\xd8";
  1716. g.inLen = XSTRLEN(g.input);
  1717. g.outLen = MD2_DIGEST_SIZE;
  1718. test_md2[0] = a;
  1719. test_md2[1] = b;
  1720. test_md2[2] = c;
  1721. test_md2[3] = d;
  1722. test_md2[4] = e;
  1723. test_md2[5] = f;
  1724. test_md2[6] = g;
  1725. wc_InitMd2(&md2);
  1726. for (i = 0; i < times; ++i) {
  1727. wc_Md2Update(&md2, (byte*)test_md2[i].input, (word32)test_md2[i].inLen);
  1728. wc_Md2Final(&md2, hash);
  1729. if (XMEMCMP(hash, test_md2[i].output, MD2_DIGEST_SIZE) != 0)
  1730. return -1500 - i;
  1731. }
  1732. return 0;
  1733. }
  1734. #endif
  1735. #ifndef NO_MD5
  1736. WOLFSSL_TEST_SUBROUTINE int md5_test(void)
  1737. {
  1738. int ret = 0;
  1739. wc_Md5 md5, md5Copy;
  1740. byte hash[WC_MD5_DIGEST_SIZE];
  1741. byte hashcopy[WC_MD5_DIGEST_SIZE];
  1742. testVector a, b, c, d, e, f;
  1743. testVector test_md5[6];
  1744. int times = sizeof(test_md5) / sizeof(testVector), i;
  1745. a.input = "";
  1746. a.output = "\xd4\x1d\x8c\xd9\x8f\x00\xb2\x04\xe9\x80\x09\x98\xec\xf8\x42"
  1747. "\x7e";
  1748. a.inLen = XSTRLEN(a.input);
  1749. a.outLen = WC_MD5_DIGEST_SIZE;
  1750. b.input = "abc";
  1751. b.output = "\x90\x01\x50\x98\x3c\xd2\x4f\xb0\xd6\x96\x3f\x7d\x28\xe1\x7f"
  1752. "\x72";
  1753. b.inLen = XSTRLEN(b.input);
  1754. b.outLen = WC_MD5_DIGEST_SIZE;
  1755. c.input = "message digest";
  1756. c.output = "\xf9\x6b\x69\x7d\x7c\xb7\x93\x8d\x52\x5a\x2f\x31\xaa\xf1\x61"
  1757. "\xd0";
  1758. c.inLen = XSTRLEN(c.input);
  1759. c.outLen = WC_MD5_DIGEST_SIZE;
  1760. d.input = "abcdefghijklmnopqrstuvwxyz";
  1761. d.output = "\xc3\xfc\xd3\xd7\x61\x92\xe4\x00\x7d\xfb\x49\x6c\xca\x67\xe1"
  1762. "\x3b";
  1763. d.inLen = XSTRLEN(d.input);
  1764. d.outLen = WC_MD5_DIGEST_SIZE;
  1765. e.input = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz012345"
  1766. "6789";
  1767. e.output = "\xd1\x74\xab\x98\xd2\x77\xd9\xf5\xa5\x61\x1c\x2c\x9f\x41\x9d"
  1768. "\x9f";
  1769. e.inLen = XSTRLEN(e.input);
  1770. e.outLen = WC_MD5_DIGEST_SIZE;
  1771. f.input = "1234567890123456789012345678901234567890123456789012345678"
  1772. "9012345678901234567890";
  1773. f.output = "\x57\xed\xf4\xa2\x2b\xe3\xc9\x55\xac\x49\xda\x2e\x21\x07\xb6"
  1774. "\x7a";
  1775. f.inLen = XSTRLEN(f.input);
  1776. f.outLen = WC_MD5_DIGEST_SIZE;
  1777. test_md5[0] = a;
  1778. test_md5[1] = b;
  1779. test_md5[2] = c;
  1780. test_md5[3] = d;
  1781. test_md5[4] = e;
  1782. test_md5[5] = f;
  1783. ret = wc_InitMd5_ex(&md5, HEAP_HINT, devId);
  1784. if (ret != 0)
  1785. return -1600;
  1786. ret = wc_InitMd5_ex(&md5Copy, HEAP_HINT, devId);
  1787. if (ret != 0) {
  1788. wc_Md5Free(&md5);
  1789. return -1601;
  1790. }
  1791. for (i = 0; i < times; ++i) {
  1792. ret = wc_Md5Update(&md5, (byte*)test_md5[i].input,
  1793. (word32)test_md5[i].inLen);
  1794. if (ret != 0)
  1795. ERROR_OUT(-1602 - i, exit);
  1796. ret = wc_Md5GetHash(&md5, hashcopy);
  1797. if (ret != 0)
  1798. ERROR_OUT(-1603 - i, exit);
  1799. ret = wc_Md5Copy(&md5, &md5Copy);
  1800. if (ret != 0)
  1801. ERROR_OUT(-1604 - i, exit);
  1802. ret = wc_Md5Final(&md5, hash);
  1803. if (ret != 0)
  1804. ERROR_OUT(-1605 - i, exit);
  1805. wc_Md5Free(&md5Copy);
  1806. if (XMEMCMP(hash, test_md5[i].output, WC_MD5_DIGEST_SIZE) != 0)
  1807. ERROR_OUT(-1606 - i, exit);
  1808. if (XMEMCMP(hash, hashcopy, WC_MD5_DIGEST_SIZE) != 0)
  1809. ERROR_OUT(-1607 - i, exit);
  1810. }
  1811. /* BEGIN LARGE HASH TEST */ {
  1812. byte large_input[1024];
  1813. const char* large_digest =
  1814. "\x44\xd0\x88\xce\xf1\x36\xd1\x78\xe9\xc8\xba\x84\xc3\xfd\xf6\xca";
  1815. for (i = 0; i < (int)sizeof(large_input); i++) {
  1816. large_input[i] = (byte)(i & 0xFF);
  1817. }
  1818. times = 100;
  1819. #ifdef WOLFSSL_PIC32MZ_HASH
  1820. wc_Md5SizeSet(&md5, times * sizeof(large_input));
  1821. #endif
  1822. for (i = 0; i < times; ++i) {
  1823. ret = wc_Md5Update(&md5, (byte*)large_input,
  1824. (word32)sizeof(large_input));
  1825. if (ret != 0)
  1826. ERROR_OUT(-1608, exit);
  1827. }
  1828. ret = wc_Md5Final(&md5, hash);
  1829. if (ret != 0)
  1830. ERROR_OUT(-1609, exit);
  1831. if (XMEMCMP(hash, large_digest, WC_MD5_DIGEST_SIZE) != 0)
  1832. ERROR_OUT(-1610, exit);
  1833. } /* END LARGE HASH TEST */
  1834. exit:
  1835. wc_Md5Free(&md5);
  1836. wc_Md5Free(&md5Copy);
  1837. return ret;
  1838. }
  1839. #endif /* NO_MD5 */
  1840. #ifndef NO_MD4
  1841. WOLFSSL_TEST_SUBROUTINE int md4_test(void)
  1842. {
  1843. Md4 md4;
  1844. byte hash[MD4_DIGEST_SIZE];
  1845. testVector a, b, c, d, e, f, g;
  1846. testVector test_md4[7];
  1847. int times = sizeof(test_md4) / sizeof(testVector), i;
  1848. a.input = "";
  1849. a.output = "\x31\xd6\xcf\xe0\xd1\x6a\xe9\x31\xb7\x3c\x59\xd7\xe0\xc0\x89"
  1850. "\xc0";
  1851. a.inLen = XSTRLEN(a.input);
  1852. a.outLen = MD4_DIGEST_SIZE;
  1853. b.input = "a";
  1854. b.output = "\xbd\xe5\x2c\xb3\x1d\xe3\x3e\x46\x24\x5e\x05\xfb\xdb\xd6\xfb"
  1855. "\x24";
  1856. b.inLen = XSTRLEN(b.input);
  1857. b.outLen = MD4_DIGEST_SIZE;
  1858. c.input = "abc";
  1859. c.output = "\xa4\x48\x01\x7a\xaf\x21\xd8\x52\x5f\xc1\x0a\xe8\x7a\xa6\x72"
  1860. "\x9d";
  1861. c.inLen = XSTRLEN(c.input);
  1862. c.outLen = MD4_DIGEST_SIZE;
  1863. d.input = "message digest";
  1864. d.output = "\xd9\x13\x0a\x81\x64\x54\x9f\xe8\x18\x87\x48\x06\xe1\xc7\x01"
  1865. "\x4b";
  1866. d.inLen = XSTRLEN(d.input);
  1867. d.outLen = MD4_DIGEST_SIZE;
  1868. e.input = "abcdefghijklmnopqrstuvwxyz";
  1869. e.output = "\xd7\x9e\x1c\x30\x8a\xa5\xbb\xcd\xee\xa8\xed\x63\xdf\x41\x2d"
  1870. "\xa9";
  1871. e.inLen = XSTRLEN(e.input);
  1872. e.outLen = MD4_DIGEST_SIZE;
  1873. f.input = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz012345"
  1874. "6789";
  1875. f.output = "\x04\x3f\x85\x82\xf2\x41\xdb\x35\x1c\xe6\x27\xe1\x53\xe7\xf0"
  1876. "\xe4";
  1877. f.inLen = XSTRLEN(f.input);
  1878. f.outLen = MD4_DIGEST_SIZE;
  1879. g.input = "1234567890123456789012345678901234567890123456789012345678"
  1880. "9012345678901234567890";
  1881. g.output = "\xe3\x3b\x4d\xdc\x9c\x38\xf2\x19\x9c\x3e\x7b\x16\x4f\xcc\x05"
  1882. "\x36";
  1883. g.inLen = XSTRLEN(g.input);
  1884. g.outLen = MD4_DIGEST_SIZE;
  1885. test_md4[0] = a;
  1886. test_md4[1] = b;
  1887. test_md4[2] = c;
  1888. test_md4[3] = d;
  1889. test_md4[4] = e;
  1890. test_md4[5] = f;
  1891. test_md4[6] = g;
  1892. wc_InitMd4(&md4);
  1893. for (i = 0; i < times; ++i) {
  1894. wc_Md4Update(&md4, (byte*)test_md4[i].input, (word32)test_md4[i].inLen);
  1895. wc_Md4Final(&md4, hash);
  1896. if (XMEMCMP(hash, test_md4[i].output, MD4_DIGEST_SIZE) != 0)
  1897. return -1700 - i;
  1898. }
  1899. return 0;
  1900. }
  1901. #endif /* NO_MD4 */
  1902. #ifndef NO_SHA
  1903. WOLFSSL_TEST_SUBROUTINE int sha_test(void)
  1904. {
  1905. int ret = 0;
  1906. wc_Sha sha, shaCopy;
  1907. byte hash[WC_SHA_DIGEST_SIZE];
  1908. byte hashcopy[WC_SHA_DIGEST_SIZE];
  1909. testVector a, b, c, d, e;
  1910. testVector test_sha[5];
  1911. int times = sizeof(test_sha) / sizeof(struct testVector), i;
  1912. a.input = "";
  1913. a.output = "\xda\x39\xa3\xee\x5e\x6b\x4b\x0d\x32\x55\xbf\xef\x95\x60\x18"
  1914. "\x90\xaf\xd8\x07\x09";
  1915. a.inLen = XSTRLEN(a.input);
  1916. a.outLen = WC_SHA_DIGEST_SIZE;
  1917. b.input = "abc";
  1918. b.output = "\xA9\x99\x3E\x36\x47\x06\x81\x6A\xBA\x3E\x25\x71\x78\x50\xC2"
  1919. "\x6C\x9C\xD0\xD8\x9D";
  1920. b.inLen = XSTRLEN(b.input);
  1921. b.outLen = WC_SHA_DIGEST_SIZE;
  1922. c.input = "abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq";
  1923. c.output = "\x84\x98\x3E\x44\x1C\x3B\xD2\x6E\xBA\xAE\x4A\xA1\xF9\x51\x29"
  1924. "\xE5\xE5\x46\x70\xF1";
  1925. c.inLen = XSTRLEN(c.input);
  1926. c.outLen = WC_SHA_DIGEST_SIZE;
  1927. d.input = "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
  1928. "aaaaaa";
  1929. d.output = "\x00\x98\xBA\x82\x4B\x5C\x16\x42\x7B\xD7\xA1\x12\x2A\x5A\x44"
  1930. "\x2A\x25\xEC\x64\x4D";
  1931. d.inLen = XSTRLEN(d.input);
  1932. d.outLen = WC_SHA_DIGEST_SIZE;
  1933. e.input = "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
  1934. "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
  1935. "aaaaaaaaaa";
  1936. e.output = "\xAD\x5B\x3F\xDB\xCB\x52\x67\x78\xC2\x83\x9D\x2F\x15\x1E\xA7"
  1937. "\x53\x99\x5E\x26\xA0";
  1938. e.inLen = XSTRLEN(e.input);
  1939. e.outLen = WC_SHA_DIGEST_SIZE;
  1940. test_sha[0] = a;
  1941. test_sha[1] = b;
  1942. test_sha[2] = c;
  1943. test_sha[3] = d;
  1944. test_sha[4] = e;
  1945. ret = wc_InitSha_ex(&sha, HEAP_HINT, devId);
  1946. if (ret != 0)
  1947. return -1800;
  1948. ret = wc_InitSha_ex(&shaCopy, HEAP_HINT, devId);
  1949. if (ret != 0) {
  1950. wc_ShaFree(&sha);
  1951. return -1801;
  1952. }
  1953. for (i = 0; i < times; ++i) {
  1954. ret = wc_ShaUpdate(&sha, (byte*)test_sha[i].input,
  1955. (word32)test_sha[i].inLen);
  1956. if (ret != 0)
  1957. ERROR_OUT(-1802 - i, exit);
  1958. ret = wc_ShaGetHash(&sha, hashcopy);
  1959. if (ret != 0)
  1960. ERROR_OUT(-1803 - i, exit);
  1961. ret = wc_ShaCopy(&sha, &shaCopy);
  1962. if (ret != 0)
  1963. ERROR_OUT(-1804 - i, exit);
  1964. ret = wc_ShaFinal(&sha, hash);
  1965. if (ret != 0)
  1966. ERROR_OUT(-1805 - i, exit);
  1967. wc_ShaFree(&shaCopy);
  1968. if (XMEMCMP(hash, test_sha[i].output, WC_SHA_DIGEST_SIZE) != 0)
  1969. ERROR_OUT(-1806 - i, exit);
  1970. if (XMEMCMP(hash, hashcopy, WC_SHA_DIGEST_SIZE) != 0)
  1971. ERROR_OUT(-1807 - i, exit);
  1972. }
  1973. /* BEGIN LARGE HASH TEST */ {
  1974. byte large_input[1024];
  1975. #ifdef WOLFSSL_RENESAS_TSIP
  1976. const char* large_digest =
  1977. "\x1d\x6a\x5a\xf6\xe5\x7c\x86\xce\x7f\x7c\xaf\xd5\xdb\x08\xcd\x59"
  1978. "\x15\x8c\x6d\xb6";
  1979. #else
  1980. const char* large_digest =
  1981. "\x8b\x77\x02\x48\x39\xe8\xdb\xd3\x9a\xf4\x05\x24\x66\x12\x2d\x9e"
  1982. "\xc5\xd9\x0a\xac";
  1983. #endif
  1984. for (i = 0; i < (int)sizeof(large_input); i++) {
  1985. large_input[i] = (byte)(i & 0xFF);
  1986. }
  1987. #ifdef WOLFSSL_RENESAS_TSIP
  1988. times = 20;
  1989. #else
  1990. times = 100;
  1991. #endif
  1992. #ifdef WOLFSSL_PIC32MZ_HASH
  1993. wc_ShaSizeSet(&sha, times * sizeof(large_input));
  1994. #endif
  1995. for (i = 0; i < times; ++i) {
  1996. ret = wc_ShaUpdate(&sha, (byte*)large_input,
  1997. (word32)sizeof(large_input));
  1998. if (ret != 0)
  1999. ERROR_OUT(-1808, exit);
  2000. }
  2001. ret = wc_ShaFinal(&sha, hash);
  2002. if (ret != 0)
  2003. ERROR_OUT(-1809, exit);
  2004. if (XMEMCMP(hash, large_digest, WC_SHA_DIGEST_SIZE) != 0)
  2005. ERROR_OUT(-1810, exit);
  2006. } /* END LARGE HASH TEST */
  2007. exit:
  2008. wc_ShaFree(&sha);
  2009. wc_ShaFree(&shaCopy);
  2010. return ret;
  2011. }
  2012. #endif /* NO_SHA */
  2013. #ifdef WOLFSSL_RIPEMD
  2014. WOLFSSL_TEST_SUBROUTINE int ripemd_test(void)
  2015. {
  2016. RipeMd ripemd;
  2017. int ret;
  2018. byte hash[RIPEMD_DIGEST_SIZE];
  2019. testVector a, b, c, d;
  2020. testVector test_ripemd[4];
  2021. int times = sizeof(test_ripemd) / sizeof(struct testVector), i;
  2022. a.input = "abc";
  2023. a.output = "\x8e\xb2\x08\xf7\xe0\x5d\x98\x7a\x9b\x04\x4a\x8e\x98\xc6"
  2024. "\xb0\x87\xf1\x5a\x0b\xfc";
  2025. a.inLen = XSTRLEN(a.input);
  2026. a.outLen = RIPEMD_DIGEST_SIZE;
  2027. b.input = "message digest";
  2028. b.output = "\x5d\x06\x89\xef\x49\xd2\xfa\xe5\x72\xb8\x81\xb1\x23\xa8"
  2029. "\x5f\xfa\x21\x59\x5f\x36";
  2030. b.inLen = XSTRLEN(b.input);
  2031. b.outLen = RIPEMD_DIGEST_SIZE;
  2032. c.input = "abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq";
  2033. c.output = "\x12\xa0\x53\x38\x4a\x9c\x0c\x88\xe4\x05\xa0\x6c\x27\xdc"
  2034. "\xf4\x9a\xda\x62\xeb\x2b";
  2035. c.inLen = XSTRLEN(c.input);
  2036. c.outLen = RIPEMD_DIGEST_SIZE;
  2037. d.input = "12345678901234567890123456789012345678901234567890123456"
  2038. "789012345678901234567890";
  2039. d.output = "\x9b\x75\x2e\x45\x57\x3d\x4b\x39\xf4\xdb\xd3\x32\x3c\xab"
  2040. "\x82\xbf\x63\x32\x6b\xfb";
  2041. d.inLen = XSTRLEN(d.input);
  2042. d.outLen = RIPEMD_DIGEST_SIZE;
  2043. test_ripemd[0] = a;
  2044. test_ripemd[1] = b;
  2045. test_ripemd[2] = c;
  2046. test_ripemd[3] = d;
  2047. ret = wc_InitRipeMd(&ripemd);
  2048. if (ret != 0) {
  2049. return -1900;
  2050. }
  2051. for (i = 0; i < times; ++i) {
  2052. ret = wc_RipeMdUpdate(&ripemd, (byte*)test_ripemd[i].input,
  2053. (word32)test_ripemd[i].inLen);
  2054. if (ret != 0) {
  2055. return -1901 - i;
  2056. }
  2057. ret = wc_RipeMdFinal(&ripemd, hash);
  2058. if (ret != 0) {
  2059. return -1911 - i;
  2060. }
  2061. if (XMEMCMP(hash, test_ripemd[i].output, RIPEMD_DIGEST_SIZE) != 0)
  2062. return -1921 - i;
  2063. }
  2064. return 0;
  2065. }
  2066. #endif /* WOLFSSL_RIPEMD */
  2067. #ifdef HAVE_BLAKE2
  2068. #define BLAKE2B_TESTS 3
  2069. static const byte blake2b_vec[BLAKE2B_TESTS][BLAKE2B_OUTBYTES] =
  2070. {
  2071. {
  2072. 0x78, 0x6A, 0x02, 0xF7, 0x42, 0x01, 0x59, 0x03,
  2073. 0xC6, 0xC6, 0xFD, 0x85, 0x25, 0x52, 0xD2, 0x72,
  2074. 0x91, 0x2F, 0x47, 0x40, 0xE1, 0x58, 0x47, 0x61,
  2075. 0x8A, 0x86, 0xE2, 0x17, 0xF7, 0x1F, 0x54, 0x19,
  2076. 0xD2, 0x5E, 0x10, 0x31, 0xAF, 0xEE, 0x58, 0x53,
  2077. 0x13, 0x89, 0x64, 0x44, 0x93, 0x4E, 0xB0, 0x4B,
  2078. 0x90, 0x3A, 0x68, 0x5B, 0x14, 0x48, 0xB7, 0x55,
  2079. 0xD5, 0x6F, 0x70, 0x1A, 0xFE, 0x9B, 0xE2, 0xCE
  2080. },
  2081. {
  2082. 0x2F, 0xA3, 0xF6, 0x86, 0xDF, 0x87, 0x69, 0x95,
  2083. 0x16, 0x7E, 0x7C, 0x2E, 0x5D, 0x74, 0xC4, 0xC7,
  2084. 0xB6, 0xE4, 0x8F, 0x80, 0x68, 0xFE, 0x0E, 0x44,
  2085. 0x20, 0x83, 0x44, 0xD4, 0x80, 0xF7, 0x90, 0x4C,
  2086. 0x36, 0x96, 0x3E, 0x44, 0x11, 0x5F, 0xE3, 0xEB,
  2087. 0x2A, 0x3A, 0xC8, 0x69, 0x4C, 0x28, 0xBC, 0xB4,
  2088. 0xF5, 0xA0, 0xF3, 0x27, 0x6F, 0x2E, 0x79, 0x48,
  2089. 0x7D, 0x82, 0x19, 0x05, 0x7A, 0x50, 0x6E, 0x4B
  2090. },
  2091. {
  2092. 0x1C, 0x08, 0x79, 0x8D, 0xC6, 0x41, 0xAB, 0xA9,
  2093. 0xDE, 0xE4, 0x35, 0xE2, 0x25, 0x19, 0xA4, 0x72,
  2094. 0x9A, 0x09, 0xB2, 0xBF, 0xE0, 0xFF, 0x00, 0xEF,
  2095. 0x2D, 0xCD, 0x8E, 0xD6, 0xF8, 0xA0, 0x7D, 0x15,
  2096. 0xEA, 0xF4, 0xAE, 0xE5, 0x2B, 0xBF, 0x18, 0xAB,
  2097. 0x56, 0x08, 0xA6, 0x19, 0x0F, 0x70, 0xB9, 0x04,
  2098. 0x86, 0xC8, 0xA7, 0xD4, 0x87, 0x37, 0x10, 0xB1,
  2099. 0x11, 0x5D, 0x3D, 0xEB, 0xBB, 0x43, 0x27, 0xB5
  2100. }
  2101. };
  2102. WOLFSSL_TEST_SUBROUTINE int blake2b_test(void)
  2103. {
  2104. Blake2b b2b;
  2105. byte digest[64];
  2106. byte input[64];
  2107. int i, ret;
  2108. for (i = 0; i < (int)sizeof(input); i++)
  2109. input[i] = (byte)i;
  2110. for (i = 0; i < BLAKE2B_TESTS; i++) {
  2111. ret = wc_InitBlake2b(&b2b, 64);
  2112. if (ret != 0)
  2113. return -2000 - i;
  2114. ret = wc_Blake2bUpdate(&b2b, input, i);
  2115. if (ret != 0)
  2116. return -2010 - 1;
  2117. ret = wc_Blake2bFinal(&b2b, digest, 64);
  2118. if (ret != 0)
  2119. return -2020 - i;
  2120. if (XMEMCMP(digest, blake2b_vec[i], 64) != 0) {
  2121. return -2030 - i;
  2122. }
  2123. }
  2124. return 0;
  2125. }
  2126. #endif /* HAVE_BLAKE2 */
  2127. #ifdef HAVE_BLAKE2S
  2128. #define BLAKE2S_TESTS 3
  2129. static const byte blake2s_vec[BLAKE2S_TESTS][BLAKE2S_OUTBYTES] =
  2130. {
  2131. {
  2132. 0x69, 0x21, 0x7a, 0x30, 0x79, 0x90, 0x80, 0x94,
  2133. 0xe1, 0x11, 0x21, 0xd0, 0x42, 0x35, 0x4a, 0x7c,
  2134. 0x1f, 0x55, 0xb6, 0x48, 0x2c, 0xa1, 0xa5, 0x1e,
  2135. 0x1b, 0x25, 0x0d, 0xfd, 0x1e, 0xd0, 0xee, 0xf9,
  2136. },
  2137. {
  2138. 0xe3, 0x4d, 0x74, 0xdb, 0xaf, 0x4f, 0xf4, 0xc6,
  2139. 0xab, 0xd8, 0x71, 0xcc, 0x22, 0x04, 0x51, 0xd2,
  2140. 0xea, 0x26, 0x48, 0x84, 0x6c, 0x77, 0x57, 0xfb,
  2141. 0xaa, 0xc8, 0x2f, 0xe5, 0x1a, 0xd6, 0x4b, 0xea,
  2142. },
  2143. {
  2144. 0xdd, 0xad, 0x9a, 0xb1, 0x5d, 0xac, 0x45, 0x49,
  2145. 0xba, 0x42, 0xf4, 0x9d, 0x26, 0x24, 0x96, 0xbe,
  2146. 0xf6, 0xc0, 0xba, 0xe1, 0xdd, 0x34, 0x2a, 0x88,
  2147. 0x08, 0xf8, 0xea, 0x26, 0x7c, 0x6e, 0x21, 0x0c,
  2148. }
  2149. };
  2150. WOLFSSL_TEST_SUBROUTINE int blake2s_test(void)
  2151. {
  2152. Blake2s b2s;
  2153. byte digest[32];
  2154. byte input[64];
  2155. int i, ret;
  2156. for (i = 0; i < (int)sizeof(input); i++)
  2157. input[i] = (byte)i;
  2158. for (i = 0; i < BLAKE2S_TESTS; i++) {
  2159. ret = wc_InitBlake2s(&b2s, 32);
  2160. if (ret != 0)
  2161. return -2100 - i;
  2162. ret = wc_Blake2sUpdate(&b2s, input, i);
  2163. if (ret != 0)
  2164. return -2110 - 1;
  2165. ret = wc_Blake2sFinal(&b2s, digest, 32);
  2166. if (ret != 0)
  2167. return -2120 - i;
  2168. if (XMEMCMP(digest, blake2s_vec[i], 32) != 0) {
  2169. return -2130 - i;
  2170. }
  2171. }
  2172. return 0;
  2173. }
  2174. #endif /* HAVE_BLAKE2S */
  2175. #ifdef WOLFSSL_SHA224
  2176. WOLFSSL_TEST_SUBROUTINE int sha224_test(void)
  2177. {
  2178. wc_Sha224 sha, shaCopy;
  2179. byte hash[WC_SHA224_DIGEST_SIZE];
  2180. byte hashcopy[WC_SHA224_DIGEST_SIZE];
  2181. int ret = 0;
  2182. testVector a, b, c;
  2183. testVector test_sha[3];
  2184. int times = sizeof(test_sha) / sizeof(struct testVector), i;
  2185. a.input = "";
  2186. a.output = "\xd1\x4a\x02\x8c\x2a\x3a\x2b\xc9\x47\x61\x02\xbb\x28\x82\x34"
  2187. "\xc4\x15\xa2\xb0\x1f\x82\x8e\xa6\x2a\xc5\xb3\xe4\x2f";
  2188. a.inLen = XSTRLEN(a.input);
  2189. a.outLen = WC_SHA224_DIGEST_SIZE;
  2190. b.input = "abc";
  2191. b.output = "\x23\x09\x7d\x22\x34\x05\xd8\x22\x86\x42\xa4\x77\xbd\xa2\x55"
  2192. "\xb3\x2a\xad\xbc\xe4\xbd\xa0\xb3\xf7\xe3\x6c\x9d\xa7";
  2193. b.inLen = XSTRLEN(b.input);
  2194. b.outLen = WC_SHA224_DIGEST_SIZE;
  2195. c.input = "abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq";
  2196. c.output = "\x75\x38\x8b\x16\x51\x27\x76\xcc\x5d\xba\x5d\xa1\xfd\x89\x01"
  2197. "\x50\xb0\xc6\x45\x5c\xb4\xf5\x8b\x19\x52\x52\x25\x25";
  2198. c.inLen = XSTRLEN(c.input);
  2199. c.outLen = WC_SHA224_DIGEST_SIZE;
  2200. test_sha[0] = a;
  2201. test_sha[1] = b;
  2202. test_sha[2] = c;
  2203. ret = wc_InitSha224_ex(&sha, HEAP_HINT, devId);
  2204. if (ret != 0)
  2205. return -2200;
  2206. ret = wc_InitSha224_ex(&shaCopy, HEAP_HINT, devId);
  2207. if (ret != 0) {
  2208. wc_Sha224Free(&sha);
  2209. return -2201;
  2210. }
  2211. for (i = 0; i < times; ++i) {
  2212. ret = wc_Sha224Update(&sha, (byte*)test_sha[i].input,
  2213. (word32)test_sha[i].inLen);
  2214. if (ret != 0)
  2215. ERROR_OUT(-2202 - i, exit);
  2216. ret = wc_Sha224GetHash(&sha, hashcopy);
  2217. if (ret != 0)
  2218. ERROR_OUT(-2203 - i, exit);
  2219. ret = wc_Sha224Copy(&sha, &shaCopy);
  2220. if (ret != 0)
  2221. ERROR_OUT(-2204 - i, exit);
  2222. ret = wc_Sha224Final(&sha, hash);
  2223. if (ret != 0)
  2224. ERROR_OUT(-2205 - i, exit);
  2225. wc_Sha224Free(&shaCopy);
  2226. if (XMEMCMP(hash, test_sha[i].output, WC_SHA224_DIGEST_SIZE) != 0)
  2227. ERROR_OUT(-2206 - i, exit);
  2228. if (XMEMCMP(hash, hashcopy, WC_SHA224_DIGEST_SIZE) != 0)
  2229. ERROR_OUT(-2207 - i, exit);
  2230. }
  2231. exit:
  2232. wc_Sha224Free(&sha);
  2233. wc_Sha224Free(&shaCopy);
  2234. return ret;
  2235. }
  2236. #endif
  2237. #ifndef NO_SHA256
  2238. WOLFSSL_TEST_SUBROUTINE int sha256_test(void)
  2239. {
  2240. wc_Sha256 sha, shaCopy;
  2241. byte hash[WC_SHA256_DIGEST_SIZE];
  2242. byte hashcopy[WC_SHA256_DIGEST_SIZE];
  2243. int ret = 0;
  2244. testVector a, b, c;
  2245. testVector test_sha[3];
  2246. int times = sizeof(test_sha) / sizeof(struct testVector), i;
  2247. a.input = "";
  2248. a.output = "\xe3\xb0\xc4\x42\x98\xfc\x1c\x14\x9a\xfb\xf4\xc8\x99\x6f\xb9"
  2249. "\x24\x27\xae\x41\xe4\x64\x9b\x93\x4c\xa4\x95\x99\x1b\x78\x52"
  2250. "\xb8\x55";
  2251. a.inLen = XSTRLEN(a.input);
  2252. a.outLen = WC_SHA256_DIGEST_SIZE;
  2253. b.input = "abc";
  2254. b.output = "\xBA\x78\x16\xBF\x8F\x01\xCF\xEA\x41\x41\x40\xDE\x5D\xAE\x22"
  2255. "\x23\xB0\x03\x61\xA3\x96\x17\x7A\x9C\xB4\x10\xFF\x61\xF2\x00"
  2256. "\x15\xAD";
  2257. b.inLen = XSTRLEN(b.input);
  2258. b.outLen = WC_SHA256_DIGEST_SIZE;
  2259. c.input = "abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq";
  2260. c.output = "\x24\x8D\x6A\x61\xD2\x06\x38\xB8\xE5\xC0\x26\x93\x0C\x3E\x60"
  2261. "\x39\xA3\x3C\xE4\x59\x64\xFF\x21\x67\xF6\xEC\xED\xD4\x19\xDB"
  2262. "\x06\xC1";
  2263. c.inLen = XSTRLEN(c.input);
  2264. c.outLen = WC_SHA256_DIGEST_SIZE;
  2265. test_sha[0] = a;
  2266. test_sha[1] = b;
  2267. test_sha[2] = c;
  2268. ret = wc_InitSha256_ex(&sha, HEAP_HINT, devId);
  2269. if (ret != 0)
  2270. return -2300;
  2271. ret = wc_InitSha256_ex(&shaCopy, HEAP_HINT, devId);
  2272. if (ret != 0) {
  2273. wc_Sha256Free(&sha);
  2274. return -2301;
  2275. }
  2276. for (i = 0; i < times; ++i) {
  2277. ret = wc_Sha256Update(&sha, (byte*)test_sha[i].input,
  2278. (word32)test_sha[i].inLen);
  2279. if (ret != 0) {
  2280. ERROR_OUT(-2302 - i, exit);
  2281. }
  2282. ret = wc_Sha256GetHash(&sha, hashcopy);
  2283. if (ret != 0)
  2284. ERROR_OUT(-2303 - i, exit);
  2285. ret = wc_Sha256Copy(&sha, &shaCopy);
  2286. if (ret != 0)
  2287. ERROR_OUT(-2304 - i, exit);
  2288. ret = wc_Sha256Final(&sha, hash);
  2289. if (ret != 0)
  2290. ERROR_OUT(-2305 - i, exit);
  2291. wc_Sha256Free(&shaCopy);
  2292. if (XMEMCMP(hash, test_sha[i].output, WC_SHA256_DIGEST_SIZE) != 0)
  2293. ERROR_OUT(-2306 - i, exit);
  2294. if (XMEMCMP(hash, hashcopy, WC_SHA256_DIGEST_SIZE) != 0)
  2295. ERROR_OUT(-2307 - i, exit);
  2296. }
  2297. /* BEGIN LARGE HASH TEST */ {
  2298. byte large_input[1024];
  2299. #ifdef WOLFSSL_RENESAS_TSIP_CRYPT
  2300. const char* large_digest =
  2301. "\xa4\x75\x9e\x7a\xa2\x03\x38\x32\x88\x66\xa2\xea\x17\xea\xf8\xc7"
  2302. "\xfe\x4e\xc6\xbb\xe3\xbb\x71\xce\xe7\xdf\x7c\x04\x61\xb3\xc2\x2f";
  2303. #else
  2304. const char* large_digest =
  2305. "\x27\x78\x3e\x87\x96\x3a\x4e\xfb\x68\x29\xb5\x31\xc9\xba\x57\xb4"
  2306. "\x4f\x45\x79\x7f\x67\x70\xbd\x63\x7f\xbf\x0d\x80\x7c\xbd\xba\xe0";
  2307. #endif
  2308. for (i = 0; i < (int)sizeof(large_input); i++) {
  2309. large_input[i] = (byte)(i & 0xFF);
  2310. }
  2311. #ifdef WOLFSSL_RENESAS_TSIP
  2312. times = 20;
  2313. #else
  2314. times = 100;
  2315. #endif
  2316. #ifdef WOLFSSL_PIC32MZ_HASH
  2317. wc_Sha256SizeSet(&sha, times * sizeof(large_input));
  2318. #endif
  2319. for (i = 0; i < times; ++i) {
  2320. ret = wc_Sha256Update(&sha, (byte*)large_input,
  2321. (word32)sizeof(large_input));
  2322. if (ret != 0)
  2323. ERROR_OUT(-2308, exit);
  2324. }
  2325. ret = wc_Sha256Final(&sha, hash);
  2326. if (ret != 0)
  2327. ERROR_OUT(-2309, exit);
  2328. if (XMEMCMP(hash, large_digest, WC_SHA256_DIGEST_SIZE) != 0)
  2329. ERROR_OUT(-2310, exit);
  2330. } /* END LARGE HASH TEST */
  2331. exit:
  2332. wc_Sha256Free(&sha);
  2333. wc_Sha256Free(&shaCopy);
  2334. return ret;
  2335. }
  2336. #endif
  2337. #ifdef WOLFSSL_SHA512
  2338. WOLFSSL_TEST_SUBROUTINE int sha512_test(void)
  2339. {
  2340. wc_Sha512 sha, shaCopy;
  2341. byte hash[WC_SHA512_DIGEST_SIZE];
  2342. byte hashcopy[WC_SHA512_DIGEST_SIZE];
  2343. int ret = 0;
  2344. testVector a, b, c;
  2345. testVector test_sha[3];
  2346. int times = sizeof(test_sha) / sizeof(struct testVector), i;
  2347. a.input = "";
  2348. a.output = "\xcf\x83\xe1\x35\x7e\xef\xb8\xbd\xf1\x54\x28\x50\xd6\x6d\x80"
  2349. "\x07\xd6\x20\xe4\x05\x0b\x57\x15\xdc\x83\xf4\xa9\x21\xd3\x6c"
  2350. "\xe9\xce\x47\xd0\xd1\x3c\x5d\x85\xf2\xb0\xff\x83\x18\xd2\x87"
  2351. "\x7e\xec\x2f\x63\xb9\x31\xbd\x47\x41\x7a\x81\xa5\x38\x32\x7a"
  2352. "\xf9\x27\xda\x3e";
  2353. a.inLen = XSTRLEN(a.input);
  2354. a.outLen = WC_SHA512_DIGEST_SIZE;
  2355. b.input = "abc";
  2356. b.output = "\xdd\xaf\x35\xa1\x93\x61\x7a\xba\xcc\x41\x73\x49\xae\x20\x41"
  2357. "\x31\x12\xe6\xfa\x4e\x89\xa9\x7e\xa2\x0a\x9e\xee\xe6\x4b\x55"
  2358. "\xd3\x9a\x21\x92\x99\x2a\x27\x4f\xc1\xa8\x36\xba\x3c\x23\xa3"
  2359. "\xfe\xeb\xbd\x45\x4d\x44\x23\x64\x3c\xe8\x0e\x2a\x9a\xc9\x4f"
  2360. "\xa5\x4c\xa4\x9f";
  2361. b.inLen = XSTRLEN(b.input);
  2362. b.outLen = WC_SHA512_DIGEST_SIZE;
  2363. c.input = "abcdefghbcdefghicdefghijdefghijkefghijklfghijklmghijklmnhi"
  2364. "jklmnoijklmnopjklmnopqklmnopqrlmnopqrsmnopqrstnopqrstu";
  2365. c.output = "\x8e\x95\x9b\x75\xda\xe3\x13\xda\x8c\xf4\xf7\x28\x14\xfc\x14"
  2366. "\x3f\x8f\x77\x79\xc6\xeb\x9f\x7f\xa1\x72\x99\xae\xad\xb6\x88"
  2367. "\x90\x18\x50\x1d\x28\x9e\x49\x00\xf7\xe4\x33\x1b\x99\xde\xc4"
  2368. "\xb5\x43\x3a\xc7\xd3\x29\xee\xb6\xdd\x26\x54\x5e\x96\xe5\x5b"
  2369. "\x87\x4b\xe9\x09";
  2370. c.inLen = XSTRLEN(c.input);
  2371. c.outLen = WC_SHA512_DIGEST_SIZE;
  2372. test_sha[0] = a;
  2373. test_sha[1] = b;
  2374. test_sha[2] = c;
  2375. ret = wc_InitSha512_ex(&sha, HEAP_HINT, devId);
  2376. if (ret != 0)
  2377. return -2400;
  2378. ret = wc_InitSha512_ex(&shaCopy, HEAP_HINT, devId);
  2379. if (ret != 0) {
  2380. wc_Sha512Free(&sha);
  2381. return -2401;
  2382. }
  2383. for (i = 0; i < times; ++i) {
  2384. ret = wc_Sha512Update(&sha, (byte*)test_sha[i].input,
  2385. (word32)test_sha[i].inLen);
  2386. if (ret != 0)
  2387. ERROR_OUT(-2402 - i, exit);
  2388. ret = wc_Sha512GetHash(&sha, hashcopy);
  2389. if (ret != 0)
  2390. ERROR_OUT(-2403 - i, exit);
  2391. ret = wc_Sha512Copy(&sha, &shaCopy);
  2392. if (ret != 0)
  2393. ERROR_OUT(-2404 - i, exit);
  2394. ret = wc_Sha512Final(&sha, hash);
  2395. if (ret != 0)
  2396. ERROR_OUT(-2405 - i, exit);
  2397. wc_Sha512Free(&shaCopy);
  2398. if (XMEMCMP(hash, test_sha[i].output, WC_SHA512_DIGEST_SIZE) != 0)
  2399. ERROR_OUT(-2406 - i, exit);
  2400. if (XMEMCMP(hash, hashcopy, WC_SHA512_DIGEST_SIZE) != 0)
  2401. ERROR_OUT(-2407 - i, exit);
  2402. }
  2403. /* BEGIN LARGE HASH TEST */ {
  2404. byte large_input[1024];
  2405. const char* large_digest =
  2406. "\x5a\x1f\x73\x90\xbd\x8c\xe4\x63\x54\xce\xa0\x9b\xef\x32\x78\x2d"
  2407. "\x2e\xe7\x0d\x5e\x2f\x9d\x15\x1b\xdd\x2d\xde\x65\x0c\x7b\xfa\x83"
  2408. "\x5e\x80\x02\x13\x84\xb8\x3f\xff\x71\x62\xb5\x09\x89\x63\xe1\xdc"
  2409. "\xa5\xdc\xfc\xfa\x9d\x1a\x4d\xc0\xfa\x3a\x14\xf6\x01\x51\x90\xa4";
  2410. for (i = 0; i < (int)sizeof(large_input); i++) {
  2411. large_input[i] = (byte)(i & 0xFF);
  2412. }
  2413. times = 100;
  2414. for (i = 0; i < times; ++i) {
  2415. ret = wc_Sha512Update(&sha, (byte*)large_input,
  2416. (word32)sizeof(large_input));
  2417. if (ret != 0)
  2418. ERROR_OUT(-2408, exit);
  2419. }
  2420. ret = wc_Sha512Final(&sha, hash);
  2421. if (ret != 0)
  2422. ERROR_OUT(-2409, exit);
  2423. if (XMEMCMP(hash, large_digest, WC_SHA512_DIGEST_SIZE) != 0)
  2424. ERROR_OUT(-2410, exit);
  2425. } /* END LARGE HASH TEST */
  2426. exit:
  2427. wc_Sha512Free(&sha);
  2428. wc_Sha512Free(&shaCopy);
  2429. return ret;
  2430. }
  2431. #endif
  2432. #ifdef WOLFSSL_SHA384
  2433. WOLFSSL_TEST_SUBROUTINE int sha384_test(void)
  2434. {
  2435. wc_Sha384 sha, shaCopy;
  2436. byte hash[WC_SHA384_DIGEST_SIZE];
  2437. byte hashcopy[WC_SHA384_DIGEST_SIZE];
  2438. int ret = 0;
  2439. testVector a, b, c;
  2440. testVector test_sha[3];
  2441. int times = sizeof(test_sha) / sizeof(struct testVector), i;
  2442. a.input = "";
  2443. a.output = "\x38\xb0\x60\xa7\x51\xac\x96\x38\x4c\xd9\x32\x7e\xb1\xb1\xe3"
  2444. "\x6a\x21\xfd\xb7\x11\x14\xbe\x07\x43\x4c\x0c\xc7\xbf\x63\xf6"
  2445. "\xe1\xda\x27\x4e\xde\xbf\xe7\x6f\x65\xfb\xd5\x1a\xd2\xf1\x48"
  2446. "\x98\xb9\x5b";
  2447. a.inLen = XSTRLEN(a.input);
  2448. a.outLen = WC_SHA384_DIGEST_SIZE;
  2449. b.input = "abc";
  2450. b.output = "\xcb\x00\x75\x3f\x45\xa3\x5e\x8b\xb5\xa0\x3d\x69\x9a\xc6\x50"
  2451. "\x07\x27\x2c\x32\xab\x0e\xde\xd1\x63\x1a\x8b\x60\x5a\x43\xff"
  2452. "\x5b\xed\x80\x86\x07\x2b\xa1\xe7\xcc\x23\x58\xba\xec\xa1\x34"
  2453. "\xc8\x25\xa7";
  2454. b.inLen = XSTRLEN(b.input);
  2455. b.outLen = WC_SHA384_DIGEST_SIZE;
  2456. c.input = "abcdefghbcdefghicdefghijdefghijkefghijklfghijklmghijklmnhi"
  2457. "jklmnoijklmnopjklmnopqklmnopqrlmnopqrsmnopqrstnopqrstu";
  2458. c.output = "\x09\x33\x0c\x33\xf7\x11\x47\xe8\x3d\x19\x2f\xc7\x82\xcd\x1b"
  2459. "\x47\x53\x11\x1b\x17\x3b\x3b\x05\xd2\x2f\xa0\x80\x86\xe3\xb0"
  2460. "\xf7\x12\xfc\xc7\xc7\x1a\x55\x7e\x2d\xb9\x66\xc3\xe9\xfa\x91"
  2461. "\x74\x60\x39";
  2462. c.inLen = XSTRLEN(c.input);
  2463. c.outLen = WC_SHA384_DIGEST_SIZE;
  2464. test_sha[0] = a;
  2465. test_sha[1] = b;
  2466. test_sha[2] = c;
  2467. ret = wc_InitSha384_ex(&sha, HEAP_HINT, devId);
  2468. if (ret != 0)
  2469. return -2500;
  2470. ret = wc_InitSha384_ex(&shaCopy, HEAP_HINT, devId);
  2471. if (ret != 0) {
  2472. wc_Sha384Free(&sha);
  2473. return -2501;
  2474. }
  2475. for (i = 0; i < times; ++i) {
  2476. ret = wc_Sha384Update(&sha, (byte*)test_sha[i].input,
  2477. (word32)test_sha[i].inLen);
  2478. if (ret != 0)
  2479. ERROR_OUT(-2502 - i, exit);
  2480. ret = wc_Sha384GetHash(&sha, hashcopy);
  2481. if (ret != 0)
  2482. ERROR_OUT(-2503 - i, exit);
  2483. ret = wc_Sha384Copy(&sha, &shaCopy);
  2484. if (ret != 0)
  2485. ERROR_OUT(-2504 - i, exit);
  2486. ret = wc_Sha384Final(&sha, hash);
  2487. if (ret != 0)
  2488. ERROR_OUT(-2505 - i, exit);
  2489. wc_Sha384Free(&shaCopy);
  2490. if (XMEMCMP(hash, test_sha[i].output, WC_SHA384_DIGEST_SIZE) != 0)
  2491. ERROR_OUT(-2506 - i, exit);
  2492. if (XMEMCMP(hash, hashcopy, WC_SHA384_DIGEST_SIZE) != 0)
  2493. ERROR_OUT(-2507 - i, exit);
  2494. }
  2495. /* BEGIN LARGE HASH TEST */ {
  2496. byte large_input[1024];
  2497. const char* large_digest =
  2498. "\x37\x01\xdb\xff\x1e\x40\x4f\xe1\xe2\xea\x0b\x40\xbb\x3b\x39\x9a"
  2499. "\xcc\xe8\x44\x8e\x7e\xe5\x64\xb5\x6b\x7f\x56\x64\xa7\x2b\x84\xe3"
  2500. "\xc5\xd7\x79\x03\x25\x90\xf7\xa4\x58\xcb\x97\xa8\x8b\xb1\xa4\x81";
  2501. for (i = 0; i < (int)sizeof(large_input); i++) {
  2502. large_input[i] = (byte)(i & 0xFF);
  2503. }
  2504. times = 100;
  2505. for (i = 0; i < times; ++i) {
  2506. ret = wc_Sha384Update(&sha, (byte*)large_input,
  2507. (word32)sizeof(large_input));
  2508. if (ret != 0)
  2509. ERROR_OUT(-2508, exit);
  2510. }
  2511. ret = wc_Sha384Final(&sha, hash);
  2512. if (ret != 0)
  2513. ERROR_OUT(-2509, exit);
  2514. if (XMEMCMP(hash, large_digest, WC_SHA384_DIGEST_SIZE) != 0)
  2515. ERROR_OUT(-2510, exit);
  2516. } /* END LARGE HASH TEST */
  2517. exit:
  2518. wc_Sha384Free(&sha);
  2519. wc_Sha384Free(&shaCopy);
  2520. return ret;
  2521. }
  2522. #endif /* WOLFSSL_SHA384 */
  2523. #ifdef WOLFSSL_SHA3
  2524. #ifndef WOLFSSL_NOSHA3_224
  2525. static int sha3_224_test(void)
  2526. {
  2527. wc_Sha3 sha;
  2528. byte hash[WC_SHA3_224_DIGEST_SIZE];
  2529. byte hashcopy[WC_SHA3_224_DIGEST_SIZE];
  2530. testVector a, b, c;
  2531. testVector test_sha[3];
  2532. int ret = 0;
  2533. int times = sizeof(test_sha) / sizeof(struct testVector), i;
  2534. a.input = "";
  2535. a.output = "\x6b\x4e\x03\x42\x36\x67\xdb\xb7\x3b\x6e\x15\x45\x4f\x0e\xb1"
  2536. "\xab\xd4\x59\x7f\x9a\x1b\x07\x8e\x3f\x5b\x5a\x6b\xc7";
  2537. a.inLen = XSTRLEN(a.input);
  2538. a.outLen = WC_SHA3_224_DIGEST_SIZE;
  2539. b.input = "abc";
  2540. b.output = "\xe6\x42\x82\x4c\x3f\x8c\xf2\x4a\xd0\x92\x34\xee\x7d\x3c\x76"
  2541. "\x6f\xc9\xa3\xa5\x16\x8d\x0c\x94\xad\x73\xb4\x6f\xdf";
  2542. b.inLen = XSTRLEN(b.input);
  2543. b.outLen = WC_SHA3_224_DIGEST_SIZE;
  2544. c.input = "abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq";
  2545. c.output = "\x8a\x24\x10\x8b\x15\x4a\xda\x21\xc9\xfd\x55\x74\x49\x44\x79"
  2546. "\xba\x5c\x7e\x7a\xb7\x6e\xf2\x64\xea\xd0\xfc\xce\x33";
  2547. c.inLen = XSTRLEN(c.input);
  2548. c.outLen = WC_SHA3_224_DIGEST_SIZE;
  2549. test_sha[0] = a;
  2550. test_sha[1] = b;
  2551. test_sha[2] = c;
  2552. ret = wc_InitSha3_224(&sha, HEAP_HINT, devId);
  2553. if (ret != 0)
  2554. return -2600;
  2555. for (i = 0; i < times; ++i) {
  2556. ret = wc_Sha3_224_Update(&sha, (byte*)test_sha[i].input,
  2557. (word32)test_sha[i].inLen);
  2558. if (ret != 0)
  2559. ERROR_OUT(-2601 - i, exit);
  2560. ret = wc_Sha3_224_GetHash(&sha, hashcopy);
  2561. if (ret != 0)
  2562. ERROR_OUT(-2602 - i, exit);
  2563. ret = wc_Sha3_224_Final(&sha, hash);
  2564. if (ret != 0)
  2565. ERROR_OUT(-2603 - i, exit);
  2566. if (XMEMCMP(hash, test_sha[i].output, WC_SHA3_224_DIGEST_SIZE) != 0)
  2567. ERROR_OUT(-2604 - i, exit);
  2568. if (XMEMCMP(hash, hashcopy, WC_SHA3_224_DIGEST_SIZE) != 0)
  2569. ERROR_OUT(-2605 - i, exit);
  2570. }
  2571. /* BEGIN LARGE HASH TEST */ {
  2572. byte large_input[1024];
  2573. const char* large_digest =
  2574. "\x13\xe5\xd3\x98\x7b\x94\xda\x41\x12\xc7\x1e\x92\x3a\x19"
  2575. "\x21\x20\x86\x6f\x24\xbf\x0a\x31\xbc\xfd\xd6\x70\x36\xf3";
  2576. for (i = 0; i < (int)sizeof(large_input); i++) {
  2577. large_input[i] = (byte)(i & 0xFF);
  2578. }
  2579. times = 100;
  2580. for (i = 0; i < times; ++i) {
  2581. ret = wc_Sha3_224_Update(&sha, (byte*)large_input,
  2582. (word32)sizeof(large_input));
  2583. if (ret != 0)
  2584. ERROR_OUT(-2606, exit);
  2585. }
  2586. ret = wc_Sha3_224_Final(&sha, hash);
  2587. if (ret != 0)
  2588. ERROR_OUT(-2607, exit);
  2589. if (XMEMCMP(hash, large_digest, WC_SHA3_224_DIGEST_SIZE) != 0)
  2590. ERROR_OUT(-2608, exit);
  2591. } /* END LARGE HASH TEST */
  2592. exit:
  2593. wc_Sha3_224_Free(&sha);
  2594. return ret;
  2595. }
  2596. #endif /* WOLFSSL_NOSHA3_224 */
  2597. #ifndef WOLFSSL_NOSHA3_256
  2598. static int sha3_256_test(void)
  2599. {
  2600. wc_Sha3 sha;
  2601. byte hash[WC_SHA3_256_DIGEST_SIZE];
  2602. byte hashcopy[WC_SHA3_256_DIGEST_SIZE];
  2603. testVector a, b, c;
  2604. testVector test_sha[3];
  2605. int ret = 0;
  2606. int times = sizeof(test_sha) / sizeof(struct testVector), i;
  2607. byte large_input[1024];
  2608. const char* large_digest =
  2609. "\xdc\x90\xc0\xb1\x25\xdb\x2c\x34\x81\xa3\xff\xbc\x1e\x2e\x87\xeb"
  2610. "\x6d\x70\x85\x61\xe0\xe9\x63\x61\xff\xe5\x84\x4b\x1f\x68\x05\x15";
  2611. #if defined(WOLFSSL_HASH_FLAGS) && !defined(WOLFSSL_ASYNC_CRYPT)
  2612. /* test vector with hash of empty string */
  2613. const char* Keccak256EmptyOut =
  2614. "\xc5\xd2\x46\x01\x86\xf7\x23\x3c\x92\x7e\x7d\xb2\xdc\xc7\x03\xc0"
  2615. "\xe5\x00\xb6\x53\xca\x82\x27\x3b\x7b\xfa\xd8\x04\x5d\x85\xa4\x70";
  2616. #endif
  2617. a.input = "";
  2618. a.output = "\xa7\xff\xc6\xf8\xbf\x1e\xd7\x66\x51\xc1\x47\x56\xa0\x61\xd6"
  2619. "\x62\xf5\x80\xff\x4d\xe4\x3b\x49\xfa\x82\xd8\x0a\x4b\x80\xf8"
  2620. "\x43\x4a";
  2621. a.inLen = XSTRLEN(a.input);
  2622. a.outLen = WC_SHA3_256_DIGEST_SIZE;
  2623. b.input = "abc";
  2624. b.output = "\x3a\x98\x5d\xa7\x4f\xe2\x25\xb2\x04\x5c\x17\x2d\x6b\xd3\x90"
  2625. "\xbd\x85\x5f\x08\x6e\x3e\x9d\x52\x5b\x46\xbf\xe2\x45\x11\x43"
  2626. "\x15\x32";
  2627. b.inLen = XSTRLEN(b.input);
  2628. b.outLen = WC_SHA3_256_DIGEST_SIZE;
  2629. c.input = "abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq";
  2630. c.output = "\x41\xc0\xdb\xa2\xa9\xd6\x24\x08\x49\x10\x03\x76\xa8\x23\x5e"
  2631. "\x2c\x82\xe1\xb9\x99\x8a\x99\x9e\x21\xdb\x32\xdd\x97\x49\x6d"
  2632. "\x33\x76";
  2633. c.inLen = XSTRLEN(c.input);
  2634. c.outLen = WC_SHA3_256_DIGEST_SIZE;
  2635. test_sha[0] = a;
  2636. test_sha[1] = b;
  2637. test_sha[2] = c;
  2638. ret = wc_InitSha3_256(&sha, HEAP_HINT, devId);
  2639. if (ret != 0)
  2640. return -2700;
  2641. for (i = 0; i < times; ++i) {
  2642. ret = wc_Sha3_256_Update(&sha, (byte*)test_sha[i].input,
  2643. (word32)test_sha[i].inLen);
  2644. if (ret != 0)
  2645. ERROR_OUT(-2701 - i, exit);
  2646. ret = wc_Sha3_256_GetHash(&sha, hashcopy);
  2647. if (ret != 0)
  2648. ERROR_OUT(-2702 - i, exit);
  2649. ret = wc_Sha3_256_Final(&sha, hash);
  2650. if (ret != 0)
  2651. ERROR_OUT(-2703 - i, exit);
  2652. if (XMEMCMP(hash, test_sha[i].output, WC_SHA3_256_DIGEST_SIZE) != 0)
  2653. ERROR_OUT(-2704 - i, exit);
  2654. if (XMEMCMP(hash, hashcopy, WC_SHA3_256_DIGEST_SIZE) != 0)
  2655. ERROR_OUT(-2705 - i, exit);
  2656. }
  2657. /* BEGIN LARGE HASH TEST */ {
  2658. for (i = 0; i < (int)sizeof(large_input); i++) {
  2659. large_input[i] = (byte)(i & 0xFF);
  2660. }
  2661. times = 100;
  2662. for (i = 0; i < times; ++i) {
  2663. ret = wc_Sha3_256_Update(&sha, (byte*)large_input,
  2664. (word32)sizeof(large_input));
  2665. if (ret != 0)
  2666. ERROR_OUT(-2706, exit);
  2667. }
  2668. ret = wc_Sha3_256_Final(&sha, hash);
  2669. if (ret != 0)
  2670. ERROR_OUT(-2707, exit);
  2671. if (XMEMCMP(hash, large_digest, WC_SHA3_256_DIGEST_SIZE) != 0)
  2672. ERROR_OUT(-2708, exit);
  2673. } /* END LARGE HASH TEST */
  2674. /* this is a software only variant of SHA3 not supported by external hardware devices */
  2675. #if defined(WOLFSSL_HASH_FLAGS) && !defined(WOLFSSL_ASYNC_CRYPT)
  2676. /* Test for Keccak256 */
  2677. ret = wc_Sha3_SetFlags(&sha, WC_HASH_SHA3_KECCAK256);
  2678. if (ret != 0) {
  2679. ERROR_OUT(-2709, exit);
  2680. }
  2681. ret = wc_Sha3_256_Update(&sha, (byte*)"", 0);
  2682. if (ret != 0) {
  2683. ERROR_OUT(-2710, exit);
  2684. }
  2685. ret = wc_Sha3_256_Final(&sha, hash);
  2686. if (ret != 0) {
  2687. ERROR_OUT(-2711, exit);
  2688. }
  2689. if (XMEMCMP(hash, Keccak256EmptyOut, WC_SHA3_256_DIGEST_SIZE) != 0) {
  2690. ERROR_OUT(-2712, exit);
  2691. }
  2692. #endif /* WOLFSSL_HASH_FLAGS && !WOLFSSL_ASYNC_CRYPT */
  2693. exit:
  2694. wc_Sha3_256_Free(&sha);
  2695. return ret;
  2696. }
  2697. #endif /* WOLFSSL_NOSHA3_256 */
  2698. #ifndef WOLFSSL_NOSHA3_384
  2699. static int sha3_384_test(void)
  2700. {
  2701. wc_Sha3 sha;
  2702. byte hash[WC_SHA3_384_DIGEST_SIZE];
  2703. #ifndef NO_INTM_HASH_TEST
  2704. byte hashcopy[WC_SHA3_384_DIGEST_SIZE];
  2705. #endif
  2706. testVector a, b, c;
  2707. testVector test_sha[3];
  2708. int ret;
  2709. int times = sizeof(test_sha) / sizeof(struct testVector), i;
  2710. a.input = "";
  2711. a.output = "\x0c\x63\xa7\x5b\x84\x5e\x4f\x7d\x01\x10\x7d\x85\x2e\x4c\x24"
  2712. "\x85\xc5\x1a\x50\xaa\xaa\x94\xfc\x61\x99\x5e\x71\xbb\xee\x98"
  2713. "\x3a\x2a\xc3\x71\x38\x31\x26\x4a\xdb\x47\xfb\x6b\xd1\xe0\x58"
  2714. "\xd5\xf0\x04";
  2715. a.inLen = XSTRLEN(a.input);
  2716. a.outLen = WC_SHA3_384_DIGEST_SIZE;
  2717. #if defined(WOLFSSL_AFALG_XILINX_SHA3) || defined(WOLFSSL_XILINX_CRYPT)
  2718. /* NIST test vector with a length that is a multiple of 4 */
  2719. b.input = "\x7d\x80\xb1\x60\xc4\xb5\x36\xa3\xbe\xb7\x99\x80\x59\x93\x44"
  2720. "\x04\x7c\x5f\x82\xa1\xdf\xc3\xee\xd4";
  2721. b.output = "\x04\x1c\xc5\x86\x1b\xa3\x34\x56\x3c\x61\xd4\xef\x97\x10\xd4"
  2722. "\x89\x6c\x31\x1c\x92\xed\xbe\x0d\x7c\xd5\x3e\x80\x3b\xf2\xf4"
  2723. "\xeb\x60\x57\x23\x55\x70\x77\x0c\xe8\x7c\x55\x20\xd7\xec\x14"
  2724. "\x19\x87\x22";
  2725. b.inLen = XSTRLEN(b.input);
  2726. b.outLen = WC_SHA3_384_DIGEST_SIZE;
  2727. #else
  2728. b.input = "abc";
  2729. b.output = "\xec\x01\x49\x82\x88\x51\x6f\xc9\x26\x45\x9f\x58\xe2\xc6\xad"
  2730. "\x8d\xf9\xb4\x73\xcb\x0f\xc0\x8c\x25\x96\xda\x7c\xf0\xe4\x9b"
  2731. "\xe4\xb2\x98\xd8\x8c\xea\x92\x7a\xc7\xf5\x39\xf1\xed\xf2\x28"
  2732. "\x37\x6d\x25";
  2733. b.inLen = XSTRLEN(b.input);
  2734. b.outLen = WC_SHA3_384_DIGEST_SIZE;
  2735. #endif
  2736. c.input = "abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq";
  2737. c.output = "\x99\x1c\x66\x57\x55\xeb\x3a\x4b\x6b\xbd\xfb\x75\xc7\x8a\x49"
  2738. "\x2e\x8c\x56\xa2\x2c\x5c\x4d\x7e\x42\x9b\xfd\xbc\x32\xb9\xd4"
  2739. "\xad\x5a\xa0\x4a\x1f\x07\x6e\x62\xfe\xa1\x9e\xef\x51\xac\xd0"
  2740. "\x65\x7c\x22";
  2741. c.inLen = XSTRLEN(c.input);
  2742. c.outLen = WC_SHA3_384_DIGEST_SIZE;
  2743. #ifdef WOLFSSL_XILINX_CRYPT
  2744. test_sha[0] = b; /* hardware acc. can not handle "" string */
  2745. #else
  2746. test_sha[0] = a;
  2747. #endif
  2748. test_sha[1] = b;
  2749. test_sha[2] = c;
  2750. ret = wc_InitSha3_384(&sha, HEAP_HINT, devId);
  2751. if (ret != 0)
  2752. return -2800;
  2753. for (i = 0; i < times; ++i) {
  2754. ret = wc_Sha3_384_Update(&sha, (byte*)test_sha[i].input,
  2755. (word32)test_sha[i].inLen);
  2756. if (ret != 0)
  2757. ERROR_OUT(-2801 - i, exit);
  2758. #ifndef NO_INTM_HASH_TEST
  2759. ret = wc_Sha3_384_GetHash(&sha, hashcopy);
  2760. if (ret != 0)
  2761. ERROR_OUT(-2802 - i, exit);
  2762. #endif
  2763. ret = wc_Sha3_384_Final(&sha, hash);
  2764. if (ret != 0)
  2765. ERROR_OUT(-2803 - i, exit);
  2766. if (XMEMCMP(hash, test_sha[i].output, WC_SHA3_384_DIGEST_SIZE) != 0)
  2767. ERROR_OUT(-2804 - i, exit);
  2768. #ifndef NO_INTM_HASH_TEST
  2769. if (XMEMCMP(hash, hashcopy, WC_SHA3_384_DIGEST_SIZE) != 0)
  2770. ERROR_OUT(-2805 - i, exit);
  2771. #endif
  2772. }
  2773. /* BEGIN LARGE HASH TEST */ {
  2774. byte large_input[1024];
  2775. const char* large_digest =
  2776. "\x30\x44\xec\x17\xef\x47\x9f\x55\x36\x11\xd6\x3f\x8a\x31\x5a\x71"
  2777. "\x8a\x71\xa7\x1d\x8e\x84\xe8\x6c\x24\x02\x2f\x7a\x08\x4e\xea\xd7"
  2778. "\x42\x36\x5d\xa8\xc2\xb7\x42\xad\xec\x19\xfb\xca\xc6\x64\xb3\xa4";
  2779. for (i = 0; i < (int)sizeof(large_input); i++) {
  2780. large_input[i] = (byte)(i & 0xFF);
  2781. }
  2782. times = 100;
  2783. for (i = 0; i < times; ++i) {
  2784. ret = wc_Sha3_384_Update(&sha, (byte*)large_input,
  2785. (word32)sizeof(large_input));
  2786. if (ret != 0)
  2787. ERROR_OUT(-2806, exit);
  2788. }
  2789. ret = wc_Sha3_384_Final(&sha, hash);
  2790. if (ret != 0)
  2791. ERROR_OUT(-2807, exit);
  2792. if (XMEMCMP(hash, large_digest, WC_SHA3_384_DIGEST_SIZE) != 0)
  2793. ERROR_OUT(-2808, exit);
  2794. } /* END LARGE HASH TEST */
  2795. exit:
  2796. wc_Sha3_384_Free(&sha);
  2797. return ret;
  2798. }
  2799. #endif /* WOLFSSL_NOSHA3_384 */
  2800. #ifndef WOLFSSL_NOSHA3_512
  2801. static int sha3_512_test(void)
  2802. {
  2803. wc_Sha3 sha;
  2804. byte hash[WC_SHA3_512_DIGEST_SIZE];
  2805. byte hashcopy[WC_SHA3_512_DIGEST_SIZE];
  2806. testVector a, b, c;
  2807. testVector test_sha[3];
  2808. int ret;
  2809. int times = sizeof(test_sha) / sizeof(struct testVector), i;
  2810. a.input = "";
  2811. a.output = "\xa6\x9f\x73\xcc\xa2\x3a\x9a\xc5\xc8\xb5\x67\xdc\x18\x5a\x75"
  2812. "\x6e\x97\xc9\x82\x16\x4f\xe2\x58\x59\xe0\xd1\xdc\xc1\x47\x5c"
  2813. "\x80\xa6\x15\xb2\x12\x3a\xf1\xf5\xf9\x4c\x11\xe3\xe9\x40\x2c"
  2814. "\x3a\xc5\x58\xf5\x00\x19\x9d\x95\xb6\xd3\xe3\x01\x75\x85\x86"
  2815. "\x28\x1d\xcd\x26";
  2816. a.inLen = XSTRLEN(a.input);
  2817. a.outLen = WC_SHA3_512_DIGEST_SIZE;
  2818. b.input = "abc";
  2819. b.output = "\xb7\x51\x85\x0b\x1a\x57\x16\x8a\x56\x93\xcd\x92\x4b\x6b\x09"
  2820. "\x6e\x08\xf6\x21\x82\x74\x44\xf7\x0d\x88\x4f\x5d\x02\x40\xd2"
  2821. "\x71\x2e\x10\xe1\x16\xe9\x19\x2a\xf3\xc9\x1a\x7e\xc5\x76\x47"
  2822. "\xe3\x93\x40\x57\x34\x0b\x4c\xf4\x08\xd5\xa5\x65\x92\xf8\x27"
  2823. "\x4e\xec\x53\xf0";
  2824. b.inLen = XSTRLEN(b.input);
  2825. b.outLen = WC_SHA3_512_DIGEST_SIZE;
  2826. c.input = "abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq";
  2827. c.output = "\x04\xa3\x71\xe8\x4e\xcf\xb5\xb8\xb7\x7c\xb4\x86\x10\xfc\xa8"
  2828. "\x18\x2d\xd4\x57\xce\x6f\x32\x6a\x0f\xd3\xd7\xec\x2f\x1e\x91"
  2829. "\x63\x6d\xee\x69\x1f\xbe\x0c\x98\x53\x02\xba\x1b\x0d\x8d\xc7"
  2830. "\x8c\x08\x63\x46\xb5\x33\xb4\x9c\x03\x0d\x99\xa2\x7d\xaf\x11"
  2831. "\x39\xd6\xe7\x5e";
  2832. c.inLen = XSTRLEN(c.input);
  2833. c.outLen = WC_SHA3_512_DIGEST_SIZE;
  2834. test_sha[0] = a;
  2835. test_sha[1] = b;
  2836. test_sha[2] = c;
  2837. ret = wc_InitSha3_512(&sha, HEAP_HINT, devId);
  2838. if (ret != 0)
  2839. return -2900;
  2840. for (i = 0; i < times; ++i) {
  2841. ret = wc_Sha3_512_Update(&sha, (byte*)test_sha[i].input,
  2842. (word32)test_sha[i].inLen);
  2843. if (ret != 0)
  2844. ERROR_OUT(-2901 - i, exit);
  2845. ret = wc_Sha3_512_GetHash(&sha, hashcopy);
  2846. if (ret != 0)
  2847. ERROR_OUT(-2902 - i, exit);
  2848. ret = wc_Sha3_512_Final(&sha, hash);
  2849. if (ret != 0)
  2850. ERROR_OUT(-2903 - i, exit);
  2851. if (XMEMCMP(hash, test_sha[i].output, WC_SHA3_512_DIGEST_SIZE) != 0)
  2852. ERROR_OUT(-2904 - i, exit);
  2853. if (XMEMCMP(hash, hashcopy, WC_SHA3_512_DIGEST_SIZE) != 0)
  2854. ERROR_OUT(-2905 - i, exit);
  2855. }
  2856. /* BEGIN LARGE HASH TEST */ {
  2857. byte large_input[1024];
  2858. const char* large_digest =
  2859. "\x9c\x13\x26\xb6\x26\xb2\x94\x31\xbc\xf4\x34\xe9\x6f\xf2\xd6\x29"
  2860. "\x9a\xd0\x9b\x32\x63\x2f\x18\xa7\x5f\x23\xc9\x60\xc2\x32\x0c\xbc"
  2861. "\x57\x77\x33\xf1\x83\x81\x8a\xd3\x15\x7c\x93\xdc\x80\x9f\xed\x61"
  2862. "\x41\xa7\x5b\xfd\x32\x0e\x38\x15\xb0\x46\x3b\x7a\x4f\xfd\x44\x88";
  2863. for (i = 0; i < (int)sizeof(large_input); i++) {
  2864. large_input[i] = (byte)(i & 0xFF);
  2865. }
  2866. times = 100;
  2867. for (i = 0; i < times; ++i) {
  2868. ret = wc_Sha3_512_Update(&sha, (byte*)large_input,
  2869. (word32)sizeof(large_input));
  2870. if (ret != 0)
  2871. ERROR_OUT(-2906, exit);
  2872. }
  2873. ret = wc_Sha3_512_Final(&sha, hash);
  2874. if (ret != 0)
  2875. ERROR_OUT(-2907, exit);
  2876. if (XMEMCMP(hash, large_digest, WC_SHA3_512_DIGEST_SIZE) != 0)
  2877. ERROR_OUT(-2908, exit);
  2878. } /* END LARGE HASH TEST */
  2879. exit:
  2880. wc_Sha3_512_Free(&sha);
  2881. return ret;
  2882. }
  2883. #endif /* WOLFSSL_NOSHA3_512 */
  2884. WOLFSSL_TEST_SUBROUTINE int sha3_test(void)
  2885. {
  2886. int ret;
  2887. (void)ret;
  2888. #ifndef WOLFSSL_NOSHA3_224
  2889. if ((ret = sha3_224_test()) != 0)
  2890. return ret;
  2891. #endif
  2892. #ifndef WOLFSSL_NOSHA3_256
  2893. if ((ret = sha3_256_test()) != 0)
  2894. return ret;
  2895. #endif
  2896. #ifndef WOLFSSL_NOSHA3_384
  2897. if ((ret = sha3_384_test()) != 0)
  2898. return ret;
  2899. #endif
  2900. #ifndef WOLFSSL_NOSHA3_512
  2901. if ((ret = sha3_512_test()) != 0)
  2902. return ret;
  2903. #endif
  2904. return 0;
  2905. }
  2906. #endif /* WOLFSSL_SHA3 */
  2907. #ifdef WOLFSSL_SHAKE256
  2908. WOLFSSL_TEST_SUBROUTINE int shake256_test(void)
  2909. {
  2910. #ifndef WOLFSSL_NO_SHAKE256
  2911. wc_Shake sha;
  2912. byte hash[250];
  2913. testVector a, b, c, d, e;
  2914. testVector test_sha[5];
  2915. int ret = 0;
  2916. int times = sizeof(test_sha) / sizeof(struct testVector), i;
  2917. byte large_input[1024];
  2918. const char* large_digest =
  2919. "\x90\x32\x4a\xcc\xd1\xdf\xb8\x0b\x79\x1f\xb8\xc8\x5b\x54\xc8\xe7"
  2920. "\x45\xf5\x60\x6b\x38\x26\xb2\x0a\xee\x38\x01\xf3\xd9\xfa\x96\x9f"
  2921. "\x6a\xd7\x15\xdf\xb6\xc2\xf4\x20\x33\x44\x55\xe8\x2a\x09\x2b\x68"
  2922. "\x2e\x18\x65\x5e\x65\x93\x28\xbc\xb1\x9e\xe2\xb1\x92\xea\x98\xac"
  2923. "\x21\xef\x4c\xe1\xb4\xb7\xbe\x81\x5c\x1d\xd3\xb7\x17\xe5\xbb\xc5"
  2924. "\x8c\x68\xb7\xfb\xac\x55\x8a\x9b\x4d\x91\xe4\x9f\x72\xbb\x6e\x38"
  2925. "\xaf\x21\x7d\x21\xaa\x98\x4e\x75\xc4\xb4\x1c\x7c\x50\x45\x54\xf9"
  2926. "\xea\x26";
  2927. a.input = "";
  2928. a.output = "\x46\xb9\xdd\x2b\x0b\xa8\x8d\x13\x23\x3b\x3f\xeb\x74\x3e\xeb"
  2929. "\x24\x3f\xcd\x52\xea\x62\xb8\x1b\x82\xb5\x0c\x27\x64\x6e\xd5"
  2930. "\x76\x2f\xd7\x5d\xc4\xdd\xd8\xc0\xf2\x00\xcb\x05\x01\x9d\x67"
  2931. "\xb5\x92\xf6\xfc\x82\x1c\x49\x47\x9a\xb4\x86\x40\x29\x2e\xac"
  2932. "\xb3\xb7\xc4\xbe\x14\x1e\x96\x61\x6f\xb1\x39\x57\x69\x2c\xc7"
  2933. "\xed\xd0\xb4\x5a\xe3\xdc\x07\x22\x3c\x8e\x92\x93\x7b\xef\x84"
  2934. "\xbc\x0e\xab\x86\x28\x53\x34\x9e\xc7\x55\x46\xf5\x8f\xb7\xc2"
  2935. "\x77\x5c\x38\x46\x2c\x50\x10\xd8\x46";
  2936. a.inLen = XSTRLEN(a.input);
  2937. a.outLen = 114;
  2938. b.input = "abc";
  2939. b.output = "\x48\x33\x66\x60\x13\x60\xa8\x77\x1c\x68\x63\x08\x0c\xc4\x11"
  2940. "\x4d\x8d\xb4\x45\x30\xf8\xf1\xe1\xee\x4f\x94\xea\x37\xe7\x8b"
  2941. "\x57\x39\xd5\xa1\x5b\xef\x18\x6a\x53\x86\xc7\x57\x44\xc0\x52"
  2942. "\x7e\x1f\xaa\x9f\x87\x26\xe4\x62\xa1\x2a\x4f\xeb\x06\xbd\x88"
  2943. "\x01\xe7\x51\xe4\x13\x85\x14\x12\x04\xf3\x29\x97\x9f\xd3\x04"
  2944. "\x7a\x13\xc5\x65\x77\x24\xad\xa6\x4d\x24\x70\x15\x7b\x3c\xdc"
  2945. "\x28\x86\x20\x94\x4d\x78\xdb\xcd\xdb\xd9\x12\x99\x3f\x09\x13"
  2946. "\xf1\x64\xfb\x2c\xe9\x51\x31\xa2\xd0";
  2947. b.inLen = XSTRLEN(b.input);
  2948. b.outLen = 114;
  2949. c.input = "abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq";
  2950. c.output = "\x4d\x8c\x2d\xd2\x43\x5a\x01\x28\xee\xfb\xb8\xc3\x6f\x6f\x87"
  2951. "\x13\x3a\x79\x11\xe1\x8d\x97\x9e\xe1\xae\x6b\xe5\xd4\xfd\x2e"
  2952. "\x33\x29\x40\xd8\x68\x8a\x4e\x6a\x59\xaa\x80\x60\xf1\xf9\xbc"
  2953. "\x99\x6c\x05\xac\xa3\xc6\x96\xa8\xb6\x62\x79\xdc\x67\x2c\x74"
  2954. "\x0b\xb2\x24\xec\x37\xa9\x2b\x65\xdb\x05\x39\xc0\x20\x34\x55"
  2955. "\xf5\x1d\x97\xcc\xe4\xcf\xc4\x91\x27\xd7\x26\x0a\xfc\x67\x3a"
  2956. "\xf2\x08\xba\xf1\x9b\xe2\x12\x33\xf3\xde\xbe\x78\xd0\x67\x60"
  2957. "\xcf\xa5\x51\xee\x1e\x07\x91\x41\xd4";
  2958. c.inLen = XSTRLEN(c.input);
  2959. c.outLen = 114;
  2960. /* Taken from NIST CAVP test vectors - full rate output. */
  2961. d.input = "\xdc\x88\x6d\xf3\xf6\x9c\x49\x51\x3d\xe3\x62\x7e\x94\x81\xdb"
  2962. "\x58\x71\xe8\xee\x88\xeb\x9f\x99\x61\x15\x41\x93\x0a\x8b\xc8"
  2963. "\x85\xe0";
  2964. d.output = "\x00\x64\x8a\xfb\xc5\xe6\x51\x64\x9d\xb1\xfd\x82\x93\x6b\x00"
  2965. "\xdb\xbc\x12\x2f\xb4\xc8\x77\x86\x0d\x38\x5c\x49\x50\xd5\x6d"
  2966. "\xe7\xe0\x96\xd6\x13\xd7\xa3\xf2\x7e\xd8\xf2\x63\x34\xb0\xcc"
  2967. "\xc1\x40\x7b\x41\xdc\xcb\x23\xdf\xaa\x52\x98\x18\xd1\x12\x5c"
  2968. "\xd5\x34\x80\x92\x52\x43\x66\xb8\x5f\xab\xb9\x7c\x6c\xd1\xe6"
  2969. "\x06\x6f\x45\x9b\xcc\x56\x6d\xa8\x7e\xc9\xb7\xba\x36\x79\x2d"
  2970. "\x11\x8a\xc3\x9a\x4c\xce\xf6\x19\x2b\xbf\x3a\x54\xaf\x18\xe5"
  2971. "\x7b\x0c\x14\x61\x01\xf6\xae\xaa\x82\x2b\xc4\xb4\xc9\x70\x8b"
  2972. "\x09\xf0\xb3\xba\xb4\x1b\xcc\xe9\x64\xd9\x99\xd1\x10\x7b\xd7"
  2973. "\xc2";
  2974. d.inLen = 32;
  2975. d.outLen = 136;
  2976. /* Taken from NIST CAVP test vectors - more than one output block. */
  2977. e.input = "\x8d\x80\x01\xe2\xc0\x96\xf1\xb8\x8e\x7c\x92\x24\xa0\x86\xef"
  2978. "\xd4\x79\x7f\xbf\x74\xa8\x03\x3a\x2d\x42\x2a\x2b\x6b\x8f\x67"
  2979. "\x47\xe4";
  2980. e.output = "\x2e\x97\x5f\x6a\x8a\x14\xf0\x70\x4d\x51\xb1\x36\x67\xd8\x19"
  2981. "\x5c\x21\x9f\x71\xe6\x34\x56\x96\xc4\x9f\xa4\xb9\xd0\x8e\x92"
  2982. "\x25\xd3\xd3\x93\x93\x42\x51\x52\xc9\x7e\x71\xdd\x24\x60\x1c"
  2983. "\x11\xab\xcf\xa0\xf1\x2f\x53\xc6\x80\xbd\x3a\xe7\x57\xb8\x13"
  2984. "\x4a\x9c\x10\xd4\x29\x61\x58\x69\x21\x7f\xdd\x58\x85\xc4\xdb"
  2985. "\x17\x49\x85\x70\x3a\x6d\x6d\xe9\x4a\x66\x7e\xac\x30\x23\x44"
  2986. "\x3a\x83\x37\xae\x1b\xc6\x01\xb7\x6d\x7d\x38\xec\x3c\x34\x46"
  2987. "\x31\x05\xf0\xd3\x94\x9d\x78\xe5\x62\xa0\x39\xe4\x46\x95\x48"
  2988. "\xb6\x09\x39\x5d\xe5\xa4\xfd\x43\xc4\x6c\xa9\xfd\x6e\xe2\x9a"
  2989. "\xda\x5e\xfc\x07\xd8\x4d\x55\x32\x49\x45\x0d\xab\x4a\x49\xc4"
  2990. "\x83\xde\xd2\x50\xc9\x33\x8f\x85\xcd\x93\x7a\xe6\x6b\xb4\x36"
  2991. "\xf3\xb4\x02\x6e\x85\x9f\xda\x1c\xa5\x71\x43\x2f\x3b\xfc\x09"
  2992. "\xe7\xc0\x3c\xa4\xd1\x83\xb7\x41\x11\x1c\xa0\x48\x3d\x0e\xda"
  2993. "\xbc\x03\xfe\xb2\x3b\x17\xee\x48\xe8\x44\xba\x24\x08\xd9\xdc"
  2994. "\xfd\x01\x39\xd2\xe8\xc7\x31\x01\x25\xae\xe8\x01\xc6\x1a\xb7"
  2995. "\x90\x0d\x1e\xfc\x47\xc0\x78\x28\x17\x66\xf3\x61\xc5\xe6\x11"
  2996. "\x13\x46\x23\x5e\x1d\xc3\x83\x25\x66\x6c";
  2997. e.inLen = 32;
  2998. e.outLen = 250;
  2999. test_sha[0] = a;
  3000. test_sha[1] = b;
  3001. test_sha[2] = c;
  3002. test_sha[3] = d;
  3003. test_sha[4] = e;
  3004. ret = wc_InitShake256(&sha, HEAP_HINT, devId);
  3005. if (ret != 0)
  3006. return -3100;
  3007. for (i = 0; i < times; ++i) {
  3008. ret = wc_Shake256_Update(&sha, (byte*)test_sha[i].input,
  3009. (word32)test_sha[i].inLen);
  3010. if (ret != 0)
  3011. ERROR_OUT(-3101 - i, exit);
  3012. ret = wc_Shake256_Final(&sha, hash, (word32)test_sha[i].outLen);
  3013. if (ret != 0)
  3014. ERROR_OUT(-3102 - i, exit);
  3015. if (XMEMCMP(hash, test_sha[i].output, test_sha[i].outLen) != 0)
  3016. ERROR_OUT(-3103 - i, exit);
  3017. }
  3018. /* BEGIN LARGE HASH TEST */ {
  3019. for (i = 0; i < (int)sizeof(large_input); i++) {
  3020. large_input[i] = (byte)(i & 0xFF);
  3021. }
  3022. times = 100;
  3023. for (i = 0; i < times; ++i) {
  3024. ret = wc_Shake256_Update(&sha, (byte*)large_input,
  3025. (word32)sizeof(large_input));
  3026. if (ret != 0)
  3027. ERROR_OUT(-3104, exit);
  3028. }
  3029. ret = wc_Shake256_Final(&sha, hash, (word32)sizeof(hash));
  3030. if (ret != 0)
  3031. ERROR_OUT(-3105, exit);
  3032. if (XMEMCMP(hash, large_digest, 114) != 0)
  3033. ERROR_OUT(-3106, exit);
  3034. } /* END LARGE HASH TEST */
  3035. exit:
  3036. wc_Shake256_Free(&sha);
  3037. return ret;
  3038. #else
  3039. return 0;
  3040. #endif
  3041. }
  3042. #endif
  3043. #ifndef NO_HASH_WRAPPER
  3044. WOLFSSL_TEST_SUBROUTINE int hash_test(void)
  3045. {
  3046. wc_HashAlg hash;
  3047. int ret, exp_ret;
  3048. int i, j;
  3049. int digestSz;
  3050. byte data[] = "0123456789abcdef0123456789abcdef0123456";
  3051. byte out[WC_MAX_DIGEST_SIZE];
  3052. byte hashOut[WC_MAX_DIGEST_SIZE];
  3053. #if !defined(NO_ASN) || !defined(NO_DH) || defined(HAVE_ECC)
  3054. enum wc_HashType hashType;
  3055. #endif
  3056. enum wc_HashType typesGood[] = { WC_HASH_TYPE_MD5, WC_HASH_TYPE_SHA,
  3057. WC_HASH_TYPE_SHA224, WC_HASH_TYPE_SHA256,
  3058. WC_HASH_TYPE_SHA384, WC_HASH_TYPE_SHA512,
  3059. WC_HASH_TYPE_SHA3_224,
  3060. WC_HASH_TYPE_SHA3_256,
  3061. WC_HASH_TYPE_SHA3_384,
  3062. WC_HASH_TYPE_SHA3_512 };
  3063. enum wc_HashType typesNoImpl[] = {
  3064. #ifdef NO_MD5
  3065. WC_HASH_TYPE_MD5,
  3066. #endif
  3067. #ifdef NO_SHA
  3068. WC_HASH_TYPE_SHA,
  3069. #endif
  3070. #ifndef WOLFSSL_SHA224
  3071. WC_HASH_TYPE_SHA224,
  3072. #endif
  3073. #ifdef NO_SHA256
  3074. WC_HASH_TYPE_SHA256,
  3075. #endif
  3076. #ifndef WOLFSSL_SHA384
  3077. WC_HASH_TYPE_SHA384,
  3078. #endif
  3079. #ifndef WOLFSSL_SHA512
  3080. WC_HASH_TYPE_SHA512,
  3081. #endif
  3082. #if !defined(WOLFSSL_SHA3) || defined(WOLFSSL_NOSHA3_224)
  3083. WC_HASH_TYPE_SHA3_224,
  3084. #endif
  3085. #if !defined(WOLFSSL_SHA3) || defined(WOLFSSL_NOSHA3_256)
  3086. WC_HASH_TYPE_SHA3_256,
  3087. #endif
  3088. #if !defined(WOLFSSL_SHA3) || defined(WOLFSSL_NOSHA3_384)
  3089. WC_HASH_TYPE_SHA3_384,
  3090. #endif
  3091. #if !defined(WOLFSSL_SHA3) || defined(WOLFSSL_NOSHA3_512)
  3092. WC_HASH_TYPE_SHA3_512,
  3093. #endif
  3094. WC_HASH_TYPE_NONE
  3095. };
  3096. enum wc_HashType typesBad[] = { WC_HASH_TYPE_NONE, WC_HASH_TYPE_MD5_SHA,
  3097. WC_HASH_TYPE_MD2, WC_HASH_TYPE_MD4 };
  3098. enum wc_HashType typesHashBad[] = { WC_HASH_TYPE_MD2, WC_HASH_TYPE_MD4,
  3099. WC_HASH_TYPE_BLAKE2B,
  3100. WC_HASH_TYPE_NONE };
  3101. /* Parameter Validation testing. */
  3102. ret = wc_HashInit(NULL, WC_HASH_TYPE_SHA256);
  3103. if (ret != BAD_FUNC_ARG)
  3104. return -3200;
  3105. ret = wc_HashUpdate(NULL, WC_HASH_TYPE_SHA256, NULL, sizeof(data));
  3106. if (ret != BAD_FUNC_ARG)
  3107. return -3201;
  3108. ret = wc_HashUpdate(&hash, WC_HASH_TYPE_SHA256, NULL, sizeof(data));
  3109. if (ret != BAD_FUNC_ARG)
  3110. return -3202;
  3111. ret = wc_HashUpdate(NULL, WC_HASH_TYPE_SHA256, data, sizeof(data));
  3112. if (ret != BAD_FUNC_ARG)
  3113. return -3203;
  3114. ret = wc_HashFinal(NULL, WC_HASH_TYPE_SHA256, NULL);
  3115. if (ret != BAD_FUNC_ARG)
  3116. return -3204;
  3117. ret = wc_HashFinal(&hash, WC_HASH_TYPE_SHA256, NULL);
  3118. if (ret != BAD_FUNC_ARG)
  3119. return -3205;
  3120. ret = wc_HashFinal(NULL, WC_HASH_TYPE_SHA256, out);
  3121. if (ret != BAD_FUNC_ARG)
  3122. return -3206;
  3123. /* Try invalid hash algorithms. */
  3124. for (i = 0; i < (int)(sizeof(typesBad)/sizeof(*typesBad)); i++) {
  3125. ret = wc_HashInit(&hash, typesBad[i]);
  3126. if (ret != BAD_FUNC_ARG)
  3127. return -3207 - i;
  3128. ret = wc_HashUpdate(&hash, typesBad[i], data, sizeof(data));
  3129. if (ret != BAD_FUNC_ARG)
  3130. return -3217 - i;
  3131. ret = wc_HashFinal(&hash, typesBad[i], out);
  3132. if (ret != BAD_FUNC_ARG)
  3133. return -3227 - i;
  3134. wc_HashFree(&hash, typesBad[i]);
  3135. }
  3136. /* Try valid hash algorithms. */
  3137. for (i = 0, j = 0; i < (int)(sizeof(typesGood)/sizeof(*typesGood)); i++) {
  3138. exp_ret = 0;
  3139. if (typesGood[i] == typesNoImpl[j]) {
  3140. /* Recognized but no implementation compiled in. */
  3141. exp_ret = HASH_TYPE_E;
  3142. j++;
  3143. }
  3144. ret = wc_HashInit(&hash, typesGood[i]);
  3145. if (ret != exp_ret)
  3146. return -3237 - i;
  3147. ret = wc_HashUpdate(&hash, typesGood[i], data, sizeof(data));
  3148. if (ret != exp_ret)
  3149. return -3247 - i;
  3150. ret = wc_HashFinal(&hash, typesGood[i], out);
  3151. if (ret != exp_ret)
  3152. return -3257 - i;
  3153. wc_HashFree(&hash, typesGood[i]);
  3154. digestSz = wc_HashGetDigestSize(typesGood[i]);
  3155. if (exp_ret < 0 && digestSz != exp_ret)
  3156. return -3267 - i;
  3157. if (exp_ret == 0 && digestSz < 0)
  3158. return -3277 - i;
  3159. if (exp_ret == 0) {
  3160. ret = wc_Hash(typesGood[i], data, sizeof(data), hashOut,
  3161. digestSz - 1);
  3162. if (ret != BUFFER_E)
  3163. return -3287 - i;
  3164. }
  3165. ret = wc_Hash(typesGood[i], data, sizeof(data), hashOut, digestSz);
  3166. if (ret != exp_ret)
  3167. return -3297 - i;
  3168. if (exp_ret == 0 && XMEMCMP(out, hashOut, digestSz) != 0)
  3169. return -3307 -i;
  3170. ret = wc_HashGetBlockSize(typesGood[i]);
  3171. if (exp_ret < 0 && ret != exp_ret)
  3172. return -3308 - i;
  3173. if (exp_ret == 0 && ret < 0)
  3174. return -3318 - i;
  3175. #if !defined(NO_ASN) || !defined(NO_DH) || defined(HAVE_ECC)
  3176. ret = wc_HashGetOID(typesGood[i]);
  3177. if (ret == BAD_FUNC_ARG ||
  3178. (exp_ret == 0 && ret == HASH_TYPE_E) ||
  3179. (exp_ret != 0 && ret != HASH_TYPE_E)) {
  3180. return -3328 - i;
  3181. }
  3182. hashType = wc_OidGetHash(ret);
  3183. if (exp_ret == 0 && hashType != typesGood[i])
  3184. return -3338 - i;
  3185. #endif /* !defined(NO_ASN) || !defined(NO_DH) || defined(HAVE_ECC) */
  3186. }
  3187. for (i = 0; i < (int)(sizeof(typesHashBad)/sizeof(*typesHashBad)); i++) {
  3188. ret = wc_Hash(typesHashBad[i], data, sizeof(data), out, sizeof(out));
  3189. if (ret != BAD_FUNC_ARG && ret != BUFFER_E)
  3190. return -3348 - i;
  3191. }
  3192. #if !defined(NO_ASN) || !defined(NO_DH) || defined(HAVE_ECC)
  3193. ret = wc_HashGetOID(WC_HASH_TYPE_MD2);
  3194. #ifdef WOLFSSL_MD2
  3195. if (ret == HASH_TYPE_E || ret == BAD_FUNC_ARG)
  3196. return -3358;
  3197. #else
  3198. if (ret != HASH_TYPE_E)
  3199. return -3359;
  3200. #endif
  3201. hashType = wc_OidGetHash(646); /* Md2h */
  3202. #ifdef WOLFSSL_MD2
  3203. if (hashType != WC_HASH_TYPE_MD2)
  3204. return -3360;
  3205. #else
  3206. if (hashType != WC_HASH_TYPE_NONE)
  3207. return -3361;
  3208. #endif
  3209. ret = wc_HashGetOID(WC_HASH_TYPE_MD5_SHA);
  3210. #ifndef NO_MD5
  3211. if (ret == HASH_TYPE_E || ret == BAD_FUNC_ARG)
  3212. return -3362;
  3213. #else
  3214. if (ret != HASH_TYPE_E)
  3215. return -3363;
  3216. #endif
  3217. ret = wc_HashGetOID(WC_HASH_TYPE_MD4);
  3218. if (ret != BAD_FUNC_ARG)
  3219. return -3364;
  3220. ret = wc_HashGetOID(WC_HASH_TYPE_NONE);
  3221. if (ret != BAD_FUNC_ARG)
  3222. return -3365;
  3223. hashType = wc_OidGetHash(0);
  3224. if (hashType != WC_HASH_TYPE_NONE)
  3225. return -3366;
  3226. #endif /* !defined(NO_ASN) || !defined(NO_DH) || defined(HAVE_ECC) */
  3227. ret = wc_HashGetBlockSize(WC_HASH_TYPE_MD2);
  3228. #ifdef WOLFSSL_MD2
  3229. if (ret == HASH_TYPE_E || ret == BAD_FUNC_ARG)
  3230. return -3367;
  3231. #else
  3232. if (ret != HASH_TYPE_E)
  3233. return -3368;
  3234. #endif
  3235. ret = wc_HashGetDigestSize(WC_HASH_TYPE_MD2);
  3236. #ifdef WOLFSSL_MD2
  3237. if (ret == HASH_TYPE_E || ret == BAD_FUNC_ARG)
  3238. return -3369;
  3239. #else
  3240. if (ret != HASH_TYPE_E)
  3241. return -3370;
  3242. #endif
  3243. ret = wc_HashGetBlockSize(WC_HASH_TYPE_MD4);
  3244. #ifndef NO_MD4
  3245. if (ret == HASH_TYPE_E || ret == BAD_FUNC_ARG)
  3246. return -3371;
  3247. #else
  3248. if (ret != HASH_TYPE_E)
  3249. return -3372;
  3250. #endif
  3251. ret = wc_HashGetDigestSize(WC_HASH_TYPE_MD4);
  3252. #ifndef NO_MD4
  3253. if (ret == HASH_TYPE_E || ret == BAD_FUNC_ARG)
  3254. return -3373;
  3255. #else
  3256. if (ret != HASH_TYPE_E)
  3257. return -3374;
  3258. #endif
  3259. ret = wc_HashGetBlockSize(WC_HASH_TYPE_MD5_SHA);
  3260. #if !defined(NO_MD5) && !defined(NO_SHA)
  3261. if (ret == HASH_TYPE_E || ret == BAD_FUNC_ARG)
  3262. return -3375;
  3263. #else
  3264. if (ret != HASH_TYPE_E)
  3265. return -3376;
  3266. #endif
  3267. ret = wc_HashGetBlockSize(WC_HASH_TYPE_BLAKE2B);
  3268. #if defined(HAVE_BLAKE2) || defined(HAVE_BLAKE2S)
  3269. if (ret == HASH_TYPE_E || ret == BAD_FUNC_ARG)
  3270. return -3377;
  3271. #else
  3272. if (ret != HASH_TYPE_E)
  3273. return -3378;
  3274. #endif
  3275. ret = wc_HashGetDigestSize(WC_HASH_TYPE_BLAKE2B);
  3276. #if defined(HAVE_BLAKE2) || defined(HAVE_BLAKE2S)
  3277. if (ret == HASH_TYPE_E || ret == BAD_FUNC_ARG)
  3278. return -3379;
  3279. #else
  3280. if (ret != HASH_TYPE_E)
  3281. return -3380;
  3282. #endif
  3283. ret = wc_HashGetBlockSize(WC_HASH_TYPE_NONE);
  3284. if (ret != BAD_FUNC_ARG)
  3285. return -3381;
  3286. ret = wc_HashGetDigestSize(WC_HASH_TYPE_NONE);
  3287. if (ret != BAD_FUNC_ARG)
  3288. return -3382;
  3289. #if !defined(NO_CERTS) && !defined(NO_ASN)
  3290. #if defined(WOLFSSL_MD2) && !defined(HAVE_SELFTEST) && !defined(HAVE_FIPS)
  3291. ret = wc_GetCTC_HashOID(MD2);
  3292. if (ret == 0)
  3293. return -3383;
  3294. #endif
  3295. #ifndef NO_MD5
  3296. ret = wc_GetCTC_HashOID(WC_MD5);
  3297. if (ret == 0)
  3298. return -3384;
  3299. #endif
  3300. #ifndef NO_SHA
  3301. ret = wc_GetCTC_HashOID(WC_SHA);
  3302. if (ret == 0)
  3303. return -3385;
  3304. #endif
  3305. #ifdef WOLFSSL_SHA224
  3306. ret = wc_GetCTC_HashOID(WC_SHA224);
  3307. if (ret == 0)
  3308. return -3386;
  3309. #endif
  3310. #ifndef NO_SHA256
  3311. ret = wc_GetCTC_HashOID(WC_SHA256);
  3312. if (ret == 0)
  3313. return -3387;
  3314. #endif
  3315. #ifdef WOLFSSL_SHA384
  3316. ret = wc_GetCTC_HashOID(WC_SHA384);
  3317. if (ret == 0)
  3318. return -3388;
  3319. #endif
  3320. #ifdef WOLFSSL_SHA512
  3321. ret = wc_GetCTC_HashOID(WC_SHA512);
  3322. if (ret == 0)
  3323. return -3389;
  3324. #endif
  3325. ret = wc_GetCTC_HashOID(-1);
  3326. if (ret != 0)
  3327. return -3390;
  3328. #endif
  3329. return 0;
  3330. }
  3331. #endif /* !NO_HASH_WRAPPER */
  3332. #if !defined(NO_HMAC) && !defined(NO_MD5)
  3333. WOLFSSL_TEST_SUBROUTINE int hmac_md5_test(void)
  3334. {
  3335. Hmac hmac;
  3336. byte hash[WC_MD5_DIGEST_SIZE];
  3337. const char* keys[]=
  3338. {
  3339. "\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b",
  3340. "Jefe",
  3341. "\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA"
  3342. };
  3343. testVector a, b, c;
  3344. testVector test_hmac[3];
  3345. int ret;
  3346. int times = sizeof(test_hmac) / sizeof(testVector), i;
  3347. a.input = "Hi There";
  3348. a.output = "\x92\x94\x72\x7a\x36\x38\xbb\x1c\x13\xf4\x8e\xf8\x15\x8b\xfc"
  3349. "\x9d";
  3350. a.inLen = XSTRLEN(a.input);
  3351. a.outLen = WC_MD5_DIGEST_SIZE;
  3352. b.input = "what do ya want for nothing?";
  3353. b.output = "\x75\x0c\x78\x3e\x6a\xb0\xb5\x03\xea\xa8\x6e\x31\x0a\x5d\xb7"
  3354. "\x38";
  3355. b.inLen = XSTRLEN(b.input);
  3356. b.outLen = WC_MD5_DIGEST_SIZE;
  3357. c.input = "\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD"
  3358. "\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD"
  3359. "\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD"
  3360. "\xDD\xDD\xDD\xDD\xDD\xDD";
  3361. c.output = "\x56\xbe\x34\x52\x1d\x14\x4c\x88\xdb\xb8\xc7\x33\xf0\xe8\xb3"
  3362. "\xf6";
  3363. c.inLen = XSTRLEN(c.input);
  3364. c.outLen = WC_MD5_DIGEST_SIZE;
  3365. test_hmac[0] = a;
  3366. test_hmac[1] = b;
  3367. test_hmac[2] = c;
  3368. for (i = 0; i < times; ++i) {
  3369. #if defined(HAVE_FIPS) || defined(HAVE_CAVIUM)
  3370. if (i == 1) {
  3371. continue; /* cavium can't handle short keys, fips not allowed */
  3372. }
  3373. #endif
  3374. if (wc_HmacInit(&hmac, HEAP_HINT, devId) != 0) {
  3375. return -3400;
  3376. }
  3377. ret = wc_HmacSetKey(&hmac, WC_MD5, (byte*)keys[i],
  3378. (word32)XSTRLEN(keys[i]));
  3379. if (ret != 0)
  3380. return -3401;
  3381. ret = wc_HmacUpdate(&hmac, (byte*)test_hmac[i].input,
  3382. (word32)test_hmac[i].inLen);
  3383. if (ret != 0)
  3384. return -3402;
  3385. ret = wc_HmacFinal(&hmac, hash);
  3386. if (ret != 0)
  3387. return -3403;
  3388. if (XMEMCMP(hash, test_hmac[i].output, WC_MD5_DIGEST_SIZE) != 0)
  3389. return -3404 - i;
  3390. wc_HmacFree(&hmac);
  3391. }
  3392. #ifndef HAVE_FIPS
  3393. if (wc_HmacSizeByType(WC_MD5) != WC_MD5_DIGEST_SIZE)
  3394. return -3414;
  3395. #endif
  3396. return 0;
  3397. }
  3398. #endif /* NO_HMAC && NO_MD5 */
  3399. #if !defined(NO_HMAC) && !defined(NO_SHA)
  3400. WOLFSSL_TEST_SUBROUTINE int hmac_sha_test(void)
  3401. {
  3402. Hmac hmac;
  3403. byte hash[WC_SHA_DIGEST_SIZE];
  3404. const char* keys[]=
  3405. {
  3406. "\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b"
  3407. "\x0b\x0b\x0b",
  3408. "Jefe",
  3409. "\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA"
  3410. "\xAA\xAA\xAA"
  3411. };
  3412. testVector a, b, c;
  3413. testVector test_hmac[3];
  3414. int ret;
  3415. int times = sizeof(test_hmac) / sizeof(testVector), i;
  3416. a.input = "Hi There";
  3417. a.output = "\xb6\x17\x31\x86\x55\x05\x72\x64\xe2\x8b\xc0\xb6\xfb\x37\x8c"
  3418. "\x8e\xf1\x46\xbe\x00";
  3419. a.inLen = XSTRLEN(a.input);
  3420. a.outLen = WC_SHA_DIGEST_SIZE;
  3421. b.input = "what do ya want for nothing?";
  3422. b.output = "\xef\xfc\xdf\x6a\xe5\xeb\x2f\xa2\xd2\x74\x16\xd5\xf1\x84\xdf"
  3423. "\x9c\x25\x9a\x7c\x79";
  3424. b.inLen = XSTRLEN(b.input);
  3425. b.outLen = WC_SHA_DIGEST_SIZE;
  3426. c.input = "\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD"
  3427. "\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD"
  3428. "\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD"
  3429. "\xDD\xDD\xDD\xDD\xDD\xDD";
  3430. c.output = "\x12\x5d\x73\x42\xb9\xac\x11\xcd\x91\xa3\x9a\xf4\x8a\xa1\x7b"
  3431. "\x4f\x63\xf1\x75\xd3";
  3432. c.inLen = XSTRLEN(c.input);
  3433. c.outLen = WC_SHA_DIGEST_SIZE;
  3434. test_hmac[0] = a;
  3435. test_hmac[1] = b;
  3436. test_hmac[2] = c;
  3437. for (i = 0; i < times; ++i) {
  3438. #if defined(HAVE_FIPS) || defined(HAVE_CAVIUM)
  3439. if (i == 1)
  3440. continue; /* cavium can't handle short keys, fips not allowed */
  3441. #endif
  3442. if (wc_HmacInit(&hmac, HEAP_HINT, devId) != 0)
  3443. return -3500;
  3444. ret = wc_HmacSetKey(&hmac, WC_SHA, (byte*)keys[i],
  3445. (word32)XSTRLEN(keys[i]));
  3446. if (ret != 0)
  3447. return -3501;
  3448. ret = wc_HmacUpdate(&hmac, (byte*)test_hmac[i].input,
  3449. (word32)test_hmac[i].inLen);
  3450. if (ret != 0)
  3451. return -3502;
  3452. ret = wc_HmacFinal(&hmac, hash);
  3453. if (ret != 0)
  3454. return -3503;
  3455. if (XMEMCMP(hash, test_hmac[i].output, WC_SHA_DIGEST_SIZE) != 0)
  3456. return -3504 - i;
  3457. wc_HmacFree(&hmac);
  3458. }
  3459. #ifndef HAVE_FIPS
  3460. if (wc_HmacSizeByType(WC_SHA) != WC_SHA_DIGEST_SIZE)
  3461. return -3514;
  3462. #endif
  3463. return 0;
  3464. }
  3465. #endif
  3466. #if !defined(NO_HMAC) && defined(WOLFSSL_SHA224)
  3467. WOLFSSL_TEST_SUBROUTINE int hmac_sha224_test(void)
  3468. {
  3469. Hmac hmac;
  3470. byte hash[WC_SHA224_DIGEST_SIZE];
  3471. const char* keys[]=
  3472. {
  3473. "\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b"
  3474. "\x0b\x0b\x0b",
  3475. "Jefe",
  3476. "\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA"
  3477. "\xAA\xAA\xAA",
  3478. "\x01\x02\x03\x04\x05\x06\x07\x08\x01\x02\x03\x04\x05\x06\x07\x08"
  3479. "\x01\x02\x03\x04\x05\x06\x07\x08\x01\x02\x03\x04\x05\x06\x07\x08"
  3480. "\x01\x02\x03\x04\x05\x06\x07\x08\x01\x02\x03\x04\x05\x06\x07\x08"
  3481. "\x01\x02\x03\x04\x05\x06\x07\x08\x01\x02\x03\x04\x05\x06\x07\x08"
  3482. "\x01\x02\x03\x04\x05\x06\x07\x08\x01\x02\x03\x04\x05\x06\x07\x08"
  3483. };
  3484. testVector a, b, c, d;
  3485. testVector test_hmac[4];
  3486. int ret;
  3487. int times = sizeof(test_hmac) / sizeof(testVector), i;
  3488. a.input = "Hi There";
  3489. a.output = "\x89\x6f\xb1\x12\x8a\xbb\xdf\x19\x68\x32\x10\x7c\xd4\x9d\xf3"
  3490. "\x3f\x47\xb4\xb1\x16\x99\x12\xba\x4f\x53\x68\x4b\x22";
  3491. a.inLen = XSTRLEN(a.input);
  3492. a.outLen = WC_SHA224_DIGEST_SIZE;
  3493. b.input = "what do ya want for nothing?";
  3494. b.output = "\xa3\x0e\x01\x09\x8b\xc6\xdb\xbf\x45\x69\x0f\x3a\x7e\x9e\x6d"
  3495. "\x0f\x8b\xbe\xa2\xa3\x9e\x61\x48\x00\x8f\xd0\x5e\x44";
  3496. b.inLen = XSTRLEN(b.input);
  3497. b.outLen = WC_SHA224_DIGEST_SIZE;
  3498. c.input = "\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD"
  3499. "\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD"
  3500. "\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD"
  3501. "\xDD\xDD\xDD\xDD\xDD\xDD";
  3502. c.output = "\x7f\xb3\xcb\x35\x88\xc6\xc1\xf6\xff\xa9\x69\x4d\x7d\x6a\xd2"
  3503. "\x64\x93\x65\xb0\xc1\xf6\x5d\x69\xd1\xec\x83\x33\xea";
  3504. c.inLen = XSTRLEN(c.input);
  3505. c.outLen = WC_SHA224_DIGEST_SIZE;
  3506. d.input = "Big Key Input";
  3507. d.output = "\xe7\x4e\x2b\x8a\xa9\xf0\x37\x2f\xed\xae\x70\x0c\x49\x47\xf1"
  3508. "\x46\x54\xa7\x32\x6b\x55\x01\x87\xd2\xc8\x02\x0e\x3a";
  3509. d.inLen = XSTRLEN(d.input);
  3510. d.outLen = WC_SHA224_DIGEST_SIZE;
  3511. test_hmac[0] = a;
  3512. test_hmac[1] = b;
  3513. test_hmac[2] = c;
  3514. test_hmac[3] = d;
  3515. for (i = 0; i < times; ++i) {
  3516. #if defined(HAVE_FIPS) || defined(HAVE_CAVIUM)
  3517. if (i == 1)
  3518. continue; /* cavium can't handle short keys, fips not allowed */
  3519. #endif
  3520. if (wc_HmacInit(&hmac, HEAP_HINT, devId) != 0)
  3521. return -3600;
  3522. ret = wc_HmacSetKey(&hmac, WC_SHA224, (byte*)keys[i],
  3523. (word32)XSTRLEN(keys[i]));
  3524. if (ret != 0)
  3525. return -3601;
  3526. ret = wc_HmacUpdate(&hmac, (byte*)test_hmac[i].input,
  3527. (word32)test_hmac[i].inLen);
  3528. if (ret != 0)
  3529. return -3602;
  3530. ret = wc_HmacFinal(&hmac, hash);
  3531. if (ret != 0)
  3532. return -3603;
  3533. if (XMEMCMP(hash, test_hmac[i].output, WC_SHA224_DIGEST_SIZE) != 0)
  3534. return -3604 - i;
  3535. wc_HmacFree(&hmac);
  3536. }
  3537. #ifndef HAVE_FIPS
  3538. if (wc_HmacSizeByType(WC_SHA224) != WC_SHA224_DIGEST_SIZE)
  3539. return -3614;
  3540. #endif
  3541. return 0;
  3542. }
  3543. #endif
  3544. #if !defined(NO_HMAC) && !defined(NO_SHA256)
  3545. WOLFSSL_TEST_SUBROUTINE int hmac_sha256_test(void)
  3546. {
  3547. Hmac hmac;
  3548. byte hash[WC_SHA256_DIGEST_SIZE];
  3549. const char* keys[]=
  3550. {
  3551. "\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b"
  3552. "\x0b\x0b\x0b",
  3553. "Jefe",
  3554. "\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA"
  3555. "\xAA\xAA\xAA",
  3556. "\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA"
  3557. "\xAA\xAA\xAA",
  3558. };
  3559. testVector a, b, c, d;
  3560. testVector test_hmac[4];
  3561. int ret;
  3562. int times = sizeof(test_hmac) / sizeof(testVector), i;
  3563. a.input = "Hi There";
  3564. a.output = "\xb0\x34\x4c\x61\xd8\xdb\x38\x53\x5c\xa8\xaf\xce\xaf\x0b\xf1"
  3565. "\x2b\x88\x1d\xc2\x00\xc9\x83\x3d\xa7\x26\xe9\x37\x6c\x2e\x32"
  3566. "\xcf\xf7";
  3567. a.inLen = XSTRLEN(a.input);
  3568. a.outLen = WC_SHA256_DIGEST_SIZE;
  3569. b.input = "what do ya want for nothing?";
  3570. b.output = "\x5b\xdc\xc1\x46\xbf\x60\x75\x4e\x6a\x04\x24\x26\x08\x95\x75"
  3571. "\xc7\x5a\x00\x3f\x08\x9d\x27\x39\x83\x9d\xec\x58\xb9\x64\xec"
  3572. "\x38\x43";
  3573. b.inLen = XSTRLEN(b.input);
  3574. b.outLen = WC_SHA256_DIGEST_SIZE;
  3575. c.input = "\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD"
  3576. "\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD"
  3577. "\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD"
  3578. "\xDD\xDD\xDD\xDD\xDD\xDD";
  3579. c.output = "\x77\x3e\xa9\x1e\x36\x80\x0e\x46\x85\x4d\xb8\xeb\xd0\x91\x81"
  3580. "\xa7\x29\x59\x09\x8b\x3e\xf8\xc1\x22\xd9\x63\x55\x14\xce\xd5"
  3581. "\x65\xfe";
  3582. c.inLen = XSTRLEN(c.input);
  3583. c.outLen = WC_SHA256_DIGEST_SIZE;
  3584. d.input = 0;
  3585. d.output = "\x86\xe5\x4f\xd4\x48\x72\x5d\x7e\x5d\xcf\xe2\x23\x53\xc8\x28"
  3586. "\xaf\x48\x78\x1e\xb4\x8c\xae\x81\x06\xa7\xe1\xd4\x98\x94\x9f"
  3587. "\x3e\x46";
  3588. d.inLen = 0;
  3589. d.outLen = WC_SHA256_DIGEST_SIZE;
  3590. test_hmac[0] = a;
  3591. test_hmac[1] = b;
  3592. test_hmac[2] = c;
  3593. test_hmac[3] = d;
  3594. for (i = 0; i < times; ++i) {
  3595. #if defined(HAVE_FIPS) || defined(HAVE_CAVIUM)
  3596. if (i == 1)
  3597. continue; /* cavium can't handle short keys, fips not allowed */
  3598. #endif
  3599. #if defined(HAVE_INTEL_QA) || defined(HAVE_CAVIUM)
  3600. if (i == 3)
  3601. continue; /* QuickAssist can't handle empty HMAC */
  3602. #endif
  3603. if (wc_HmacInit(&hmac, HEAP_HINT, devId) != 0)
  3604. return -3700 - i;
  3605. ret = wc_HmacSetKey(&hmac, WC_SHA256, (byte*)keys[i],
  3606. (word32)XSTRLEN(keys[i]));
  3607. if (ret != 0)
  3608. return -3710 - i;
  3609. if (test_hmac[i].input != NULL) {
  3610. ret = wc_HmacUpdate(&hmac, (byte*)test_hmac[i].input,
  3611. (word32)test_hmac[i].inLen);
  3612. if (ret != 0)
  3613. return -3720 - i;
  3614. }
  3615. ret = wc_HmacFinal(&hmac, hash);
  3616. if (ret != 0)
  3617. return -3730 - i;
  3618. if (XMEMCMP(hash, test_hmac[i].output, WC_SHA256_DIGEST_SIZE) != 0)
  3619. return -3740 - i;
  3620. wc_HmacFree(&hmac);
  3621. }
  3622. #ifndef HAVE_FIPS
  3623. if (wc_HmacSizeByType(WC_SHA256) != WC_SHA256_DIGEST_SIZE)
  3624. return -3750;
  3625. if (wc_HmacSizeByType(20) != BAD_FUNC_ARG)
  3626. return -3751;
  3627. #endif
  3628. if (wolfSSL_GetHmacMaxSize() != WC_MAX_DIGEST_SIZE)
  3629. return -3752;
  3630. return 0;
  3631. }
  3632. #endif
  3633. #if !defined(NO_HMAC) && defined(WOLFSSL_SHA384)
  3634. WOLFSSL_TEST_SUBROUTINE int hmac_sha384_test(void)
  3635. {
  3636. Hmac hmac;
  3637. byte hash[WC_SHA384_DIGEST_SIZE];
  3638. const char* keys[]=
  3639. {
  3640. "\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b"
  3641. "\x0b\x0b\x0b",
  3642. "Jefe",
  3643. "\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA"
  3644. "\xAA\xAA\xAA",
  3645. "\x01\x02\x03\x04\x05\x06\x07\x08\x01\x02\x03\x04\x05\x06\x07\x08"
  3646. "\x01\x02\x03\x04\x05\x06\x07\x08\x01\x02\x03\x04\x05\x06\x07\x08"
  3647. "\x01\x02\x03\x04\x05\x06\x07\x08\x01\x02\x03\x04\x05\x06\x07\x08"
  3648. "\x01\x02\x03\x04\x05\x06\x07\x08\x01\x02\x03\x04\x05\x06\x07\x08"
  3649. "\x01\x02\x03\x04\x05\x06\x07\x08\x01\x02\x03\x04\x05\x06\x07\x08"
  3650. "\x01\x02\x03\x04\x05\x06\x07\x08\x01\x02\x03\x04\x05\x06\x07\x08"
  3651. "\x01\x02\x03\x04\x05\x06\x07\x08\x01\x02\x03\x04\x05\x06\x07\x08"
  3652. "\x01\x02\x03\x04\x05\x06\x07\x08\x01\x02\x03\x04\x05\x06\x07\x08"
  3653. "\x01\x02\x03\x04\x05\x06\x07\x08\x01\x02\x03\x04\x05\x06\x07\x08"
  3654. };
  3655. testVector a, b, c, d;
  3656. testVector test_hmac[4];
  3657. int ret;
  3658. int times = sizeof(test_hmac) / sizeof(testVector), i;
  3659. a.input = "Hi There";
  3660. a.output = "\xaf\xd0\x39\x44\xd8\x48\x95\x62\x6b\x08\x25\xf4\xab\x46\x90"
  3661. "\x7f\x15\xf9\xda\xdb\xe4\x10\x1e\xc6\x82\xaa\x03\x4c\x7c\xeb"
  3662. "\xc5\x9c\xfa\xea\x9e\xa9\x07\x6e\xde\x7f\x4a\xf1\x52\xe8\xb2"
  3663. "\xfa\x9c\xb6";
  3664. a.inLen = XSTRLEN(a.input);
  3665. a.outLen = WC_SHA384_DIGEST_SIZE;
  3666. b.input = "what do ya want for nothing?";
  3667. b.output = "\xaf\x45\xd2\xe3\x76\x48\x40\x31\x61\x7f\x78\xd2\xb5\x8a\x6b"
  3668. "\x1b\x9c\x7e\xf4\x64\xf5\xa0\x1b\x47\xe4\x2e\xc3\x73\x63\x22"
  3669. "\x44\x5e\x8e\x22\x40\xca\x5e\x69\xe2\xc7\x8b\x32\x39\xec\xfa"
  3670. "\xb2\x16\x49";
  3671. b.inLen = XSTRLEN(b.input);
  3672. b.outLen = WC_SHA384_DIGEST_SIZE;
  3673. c.input = "\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD"
  3674. "\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD"
  3675. "\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD"
  3676. "\xDD\xDD\xDD\xDD\xDD\xDD";
  3677. c.output = "\x88\x06\x26\x08\xd3\xe6\xad\x8a\x0a\xa2\xac\xe0\x14\xc8\xa8"
  3678. "\x6f\x0a\xa6\x35\xd9\x47\xac\x9f\xeb\xe8\x3e\xf4\xe5\x59\x66"
  3679. "\x14\x4b\x2a\x5a\xb3\x9d\xc1\x38\x14\xb9\x4e\x3a\xb6\xe1\x01"
  3680. "\xa3\x4f\x27";
  3681. c.inLen = XSTRLEN(c.input);
  3682. c.outLen = WC_SHA384_DIGEST_SIZE;
  3683. d.input = "Big Key Input";
  3684. d.output = "\xd2\x3d\x29\x6e\xf5\x1e\x23\x23\x49\x18\xb3\xbf\x4c\x38\x7b"
  3685. "\x31\x21\x17\xbb\x09\x73\x27\xf8\x12\x9d\xe9\xc6\x5d\xf9\x54"
  3686. "\xd6\x38\x5a\x68\x53\x14\xee\xe0\xa6\x4f\x36\x7e\xb2\xf3\x1a"
  3687. "\x57\x41\x69";
  3688. d.inLen = XSTRLEN(d.input);
  3689. d.outLen = WC_SHA384_DIGEST_SIZE;
  3690. test_hmac[0] = a;
  3691. test_hmac[1] = b;
  3692. test_hmac[2] = c;
  3693. test_hmac[3] = d;
  3694. for (i = 0; i < times; ++i) {
  3695. #if defined(HAVE_FIPS)
  3696. if (i == 1)
  3697. continue; /* fips not allowed */
  3698. #endif
  3699. if (wc_HmacInit(&hmac, HEAP_HINT, devId) != 0)
  3700. return -3800;
  3701. ret = wc_HmacSetKey(&hmac, WC_SHA384, (byte*)keys[i],
  3702. (word32)XSTRLEN(keys[i]));
  3703. if (ret != 0)
  3704. return -3801;
  3705. ret = wc_HmacUpdate(&hmac, (byte*)test_hmac[i].input,
  3706. (word32)test_hmac[i].inLen);
  3707. if (ret != 0)
  3708. return -3802;
  3709. ret = wc_HmacFinal(&hmac, hash);
  3710. if (ret != 0)
  3711. return -3803;
  3712. if (XMEMCMP(hash, test_hmac[i].output, WC_SHA384_DIGEST_SIZE) != 0)
  3713. return -3804 - i;
  3714. wc_HmacFree(&hmac);
  3715. }
  3716. #ifndef HAVE_FIPS
  3717. if (wc_HmacSizeByType(WC_SHA384) != WC_SHA384_DIGEST_SIZE)
  3718. return -3814;
  3719. #endif
  3720. return 0;
  3721. }
  3722. #endif
  3723. #if !defined(NO_HMAC) && defined(WOLFSSL_SHA512)
  3724. WOLFSSL_TEST_SUBROUTINE int hmac_sha512_test(void)
  3725. {
  3726. Hmac hmac;
  3727. byte hash[WC_SHA512_DIGEST_SIZE];
  3728. const char* keys[]=
  3729. {
  3730. "\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b"
  3731. "\x0b\x0b\x0b",
  3732. "Jefe",
  3733. "\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA"
  3734. "\xAA\xAA\xAA",
  3735. "\x01\x02\x03\x04\x05\x06\x07\x08\x01\x02\x03\x04\x05\x06\x07\x08"
  3736. "\x01\x02\x03\x04\x05\x06\x07\x08\x01\x02\x03\x04\x05\x06\x07\x08"
  3737. "\x01\x02\x03\x04\x05\x06\x07\x08\x01\x02\x03\x04\x05\x06\x07\x08"
  3738. "\x01\x02\x03\x04\x05\x06\x07\x08\x01\x02\x03\x04\x05\x06\x07\x08"
  3739. "\x01\x02\x03\x04\x05\x06\x07\x08\x01\x02\x03\x04\x05\x06\x07\x08"
  3740. "\x01\x02\x03\x04\x05\x06\x07\x08\x01\x02\x03\x04\x05\x06\x07\x08"
  3741. "\x01\x02\x03\x04\x05\x06\x07\x08\x01\x02\x03\x04\x05\x06\x07\x08"
  3742. "\x01\x02\x03\x04\x05\x06\x07\x08\x01\x02\x03\x04\x05\x06\x07\x08"
  3743. "\x01\x02\x03\x04\x05\x06\x07\x08\x01\x02\x03\x04\x05\x06\x07\x08"
  3744. };
  3745. testVector a, b, c, d;
  3746. testVector test_hmac[4];
  3747. int ret;
  3748. int times = sizeof(test_hmac) / sizeof(testVector), i;
  3749. a.input = "Hi There";
  3750. a.output = "\x87\xaa\x7c\xde\xa5\xef\x61\x9d\x4f\xf0\xb4\x24\x1a\x1d\x6c"
  3751. "\xb0\x23\x79\xf4\xe2\xce\x4e\xc2\x78\x7a\xd0\xb3\x05\x45\xe1"
  3752. "\x7c\xde\xda\xa8\x33\xb7\xd6\xb8\xa7\x02\x03\x8b\x27\x4e\xae"
  3753. "\xa3\xf4\xe4\xbe\x9d\x91\x4e\xeb\x61\xf1\x70\x2e\x69\x6c\x20"
  3754. "\x3a\x12\x68\x54";
  3755. a.inLen = XSTRLEN(a.input);
  3756. a.outLen = WC_SHA512_DIGEST_SIZE;
  3757. b.input = "what do ya want for nothing?";
  3758. b.output = "\x16\x4b\x7a\x7b\xfc\xf8\x19\xe2\xe3\x95\xfb\xe7\x3b\x56\xe0"
  3759. "\xa3\x87\xbd\x64\x22\x2e\x83\x1f\xd6\x10\x27\x0c\xd7\xea\x25"
  3760. "\x05\x54\x97\x58\xbf\x75\xc0\x5a\x99\x4a\x6d\x03\x4f\x65\xf8"
  3761. "\xf0\xe6\xfd\xca\xea\xb1\xa3\x4d\x4a\x6b\x4b\x63\x6e\x07\x0a"
  3762. "\x38\xbc\xe7\x37";
  3763. b.inLen = XSTRLEN(b.input);
  3764. b.outLen = WC_SHA512_DIGEST_SIZE;
  3765. c.input = "\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD"
  3766. "\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD"
  3767. "\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD"
  3768. "\xDD\xDD\xDD\xDD\xDD\xDD";
  3769. c.output = "\xfa\x73\xb0\x08\x9d\x56\xa2\x84\xef\xb0\xf0\x75\x6c\x89\x0b"
  3770. "\xe9\xb1\xb5\xdb\xdd\x8e\xe8\x1a\x36\x55\xf8\x3e\x33\xb2\x27"
  3771. "\x9d\x39\xbf\x3e\x84\x82\x79\xa7\x22\xc8\x06\xb4\x85\xa4\x7e"
  3772. "\x67\xc8\x07\xb9\x46\xa3\x37\xbe\xe8\x94\x26\x74\x27\x88\x59"
  3773. "\xe1\x32\x92\xfb";
  3774. c.inLen = XSTRLEN(c.input);
  3775. c.outLen = WC_SHA512_DIGEST_SIZE;
  3776. d.input = "Big Key Input";
  3777. d.output = "\x3f\xa9\xc9\xe1\xbd\xbb\x04\x55\x1f\xef\xcc\x92\x33\x08\xeb"
  3778. "\xcf\xc1\x9a\x5b\x5b\xc0\x7c\x86\x84\xae\x8c\x40\xaf\xb1\x27"
  3779. "\x87\x38\x92\x04\xa8\xed\xd7\xd7\x07\xa9\x85\xa0\xc2\xcd\x30"
  3780. "\xc0\x56\x14\x49\xbc\x2f\x69\x15\x6a\x97\xd8\x79\x2f\xb3\x3b"
  3781. "\x1e\x18\xfe\xfa";
  3782. d.inLen = XSTRLEN(d.input);
  3783. d.outLen = WC_SHA512_DIGEST_SIZE;
  3784. test_hmac[0] = a;
  3785. test_hmac[1] = b;
  3786. test_hmac[2] = c;
  3787. test_hmac[3] = d;
  3788. for (i = 0; i < times; ++i) {
  3789. #if defined(HAVE_FIPS)
  3790. if (i == 1)
  3791. continue; /* fips not allowed */
  3792. #endif
  3793. if (wc_HmacInit(&hmac, HEAP_HINT, devId) != 0)
  3794. return -3900;
  3795. ret = wc_HmacSetKey(&hmac, WC_SHA512, (byte*)keys[i],
  3796. (word32)XSTRLEN(keys[i]));
  3797. if (ret != 0)
  3798. return -3901;
  3799. ret = wc_HmacUpdate(&hmac, (byte*)test_hmac[i].input,
  3800. (word32)test_hmac[i].inLen);
  3801. if (ret != 0)
  3802. return -3902;
  3803. ret = wc_HmacFinal(&hmac, hash);
  3804. if (ret != 0)
  3805. return -3903;
  3806. if (XMEMCMP(hash, test_hmac[i].output, WC_SHA512_DIGEST_SIZE) != 0)
  3807. return -3904 - i;
  3808. wc_HmacFree(&hmac);
  3809. }
  3810. #ifndef HAVE_FIPS
  3811. if (wc_HmacSizeByType(WC_SHA512) != WC_SHA512_DIGEST_SIZE)
  3812. return -3914;
  3813. #endif
  3814. return 0;
  3815. }
  3816. #endif
  3817. #if !defined(NO_HMAC) && defined(WOLFSSL_SHA3) && \
  3818. !defined(WOLFSSL_NOSHA3_224) && !defined(WOLFSSL_NOSHA3_256) && \
  3819. !defined(WOLFSSL_NOSHA3_384) && !defined(WOLFSSL_NOSHA3_512)
  3820. WOLFSSL_TEST_SUBROUTINE int hmac_sha3_test(void)
  3821. {
  3822. Hmac hmac;
  3823. byte hash[WC_SHA3_512_DIGEST_SIZE];
  3824. const char* key[4] =
  3825. {
  3826. "Jefe",
  3827. "\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b"
  3828. "\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b",
  3829. "\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa"
  3830. "\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa",
  3831. "\x01\x02\x03\x04\x05\x06\x07\x08\x01\x02\x03\x04\x05\x06\x07\x08"
  3832. "\x01\x02\x03\x04\x05\x06\x07\x08\x01\x02\x03\x04\x05\x06\x07\x08"
  3833. "\x01\x02\x03\x04\x05\x06\x07\x08\x01\x02\x03\x04\x05\x06\x07\x08"
  3834. "\x01\x02\x03\x04\x05\x06\x07\x08\x01\x02\x03\x04\x05\x06\x07\x08"
  3835. "\x01\x02\x03\x04\x05\x06\x07\x08\x01\x02\x03\x04\x05\x06\x07\x08"
  3836. "\x01\x02\x03\x04\x05\x06\x07\x08\x01\x02\x03\x04\x05\x06\x07\x08"
  3837. "\x01\x02\x03\x04\x05\x06\x07\x08\x01\x02\x03\x04\x05\x06\x07\x08"
  3838. "\x01\x02\x03\x04\x05\x06\x07\x08\x01\x02\x03\x04\x05\x06\x07\x08"
  3839. "\x01\x02\x03\x04\x05\x06\x07\x08\x01\x02\x03\x04\x05\x06\x07\x08"
  3840. "\x01\x02\x03\x04\x05\x06\x07\x08\x01\x02\x03\x04\x05\x06\x07\x08"
  3841. };
  3842. const char* input[4] =
  3843. {
  3844. "what do ya want for nothing?",
  3845. "Hi There",
  3846. "\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd"
  3847. "\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd"
  3848. "\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd"
  3849. "\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd"
  3850. "\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd",
  3851. "Big Key Input"
  3852. };
  3853. const int hashType[4] =
  3854. {
  3855. WC_SHA3_224, WC_SHA3_256, WC_SHA3_384, WC_SHA3_512
  3856. };
  3857. const int hashSz[4] =
  3858. {
  3859. WC_SHA3_224_DIGEST_SIZE, WC_SHA3_256_DIGEST_SIZE,
  3860. WC_SHA3_384_DIGEST_SIZE, WC_SHA3_512_DIGEST_SIZE
  3861. };
  3862. const char* output[16] =
  3863. {
  3864. /* key = jefe, input = what do ya want for nothing? */
  3865. /* HMAC-SHA3-224 */
  3866. "\x7f\xdb\x8d\xd8\x8b\xd2\xf6\x0d\x1b\x79\x86\x34\xad\x38\x68\x11"
  3867. "\xc2\xcf\xc8\x5b\xfa\xf5\xd5\x2b\xba\xce\x5e\x66",
  3868. /* HMAC-SHA3-256 */
  3869. "\xc7\xd4\x07\x2e\x78\x88\x77\xae\x35\x96\xbb\xb0\xda\x73\xb8\x87"
  3870. "\xc9\x17\x1f\x93\x09\x5b\x29\x4a\xe8\x57\xfb\xe2\x64\x5e\x1b\xa5",
  3871. /* HMAC-SHA3-384 */
  3872. "\xf1\x10\x1f\x8c\xbf\x97\x66\xfd\x67\x64\xd2\xed\x61\x90\x3f\x21"
  3873. "\xca\x9b\x18\xf5\x7c\xf3\xe1\xa2\x3c\xa1\x35\x08\xa9\x32\x43\xce"
  3874. "\x48\xc0\x45\xdc\x00\x7f\x26\xa2\x1b\x3f\x5e\x0e\x9d\xf4\xc2\x0a",
  3875. /* HMAC-SHA3-512 */
  3876. "\x5a\x4b\xfe\xab\x61\x66\x42\x7c\x7a\x36\x47\xb7\x47\x29\x2b\x83"
  3877. "\x84\x53\x7c\xdb\x89\xaf\xb3\xbf\x56\x65\xe4\xc5\xe7\x09\x35\x0b"
  3878. "\x28\x7b\xae\xc9\x21\xfd\x7c\xa0\xee\x7a\x0c\x31\xd0\x22\xa9\x5e"
  3879. "\x1f\xc9\x2b\xa9\xd7\x7d\xf8\x83\x96\x02\x75\xbe\xb4\xe6\x20\x24",
  3880. /* key = 0b..., input = Hi There */
  3881. /* HMAC-SHA3-224 */
  3882. "\x3b\x16\x54\x6b\xbc\x7b\xe2\x70\x6a\x03\x1d\xca\xfd\x56\x37\x3d"
  3883. "\x98\x84\x36\x76\x41\xd8\xc5\x9a\xf3\xc8\x60\xf7",
  3884. /* HMAC-SHA3-256 */
  3885. "\xba\x85\x19\x23\x10\xdf\xfa\x96\xe2\xa3\xa4\x0e\x69\x77\x43\x51"
  3886. "\x14\x0b\xb7\x18\x5e\x12\x02\xcd\xcc\x91\x75\x89\xf9\x5e\x16\xbb",
  3887. /* HMAC-SHA3-384 */
  3888. "\x68\xd2\xdc\xf7\xfd\x4d\xdd\x0a\x22\x40\xc8\xa4\x37\x30\x5f\x61"
  3889. "\xfb\x73\x34\xcf\xb5\xd0\x22\x6e\x1b\xc2\x7d\xc1\x0a\x2e\x72\x3a"
  3890. "\x20\xd3\x70\xb4\x77\x43\x13\x0e\x26\xac\x7e\x3d\x53\x28\x86\xbd",
  3891. /* HMAC-SHA3-512 */
  3892. "\xeb\x3f\xbd\x4b\x2e\xaa\xb8\xf5\xc5\x04\xbd\x3a\x41\x46\x5a\xac"
  3893. "\xec\x15\x77\x0a\x7c\xab\xac\x53\x1e\x48\x2f\x86\x0b\x5e\xc7\xba"
  3894. "\x47\xcc\xb2\xc6\xf2\xaf\xce\x8f\x88\xd2\x2b\x6d\xc6\x13\x80\xf2"
  3895. "\x3a\x66\x8f\xd3\x88\x8b\xb8\x05\x37\xc0\xa0\xb8\x64\x07\x68\x9e",
  3896. /* key = aa..., output = dd... */
  3897. /* HMAC-SHA3-224 */
  3898. "\x67\x6c\xfc\x7d\x16\x15\x36\x38\x78\x03\x90\x69\x2b\xe1\x42\xd2"
  3899. "\xdf\x7c\xe9\x24\xb9\x09\xc0\xc0\x8d\xbf\xdc\x1a",
  3900. /* HMAC-SHA3-256 */
  3901. "\x84\xec\x79\x12\x4a\x27\x10\x78\x65\xce\xdd\x8b\xd8\x2d\xa9\x96"
  3902. "\x5e\x5e\xd8\xc3\x7b\x0a\xc9\x80\x05\xa7\xf3\x9e\xd5\x8a\x42\x07",
  3903. /* HMAC-SHA3-384 */
  3904. "\x27\x5c\xd0\xe6\x61\xbb\x8b\x15\x1c\x64\xd2\x88\xf1\xf7\x82\xfb"
  3905. "\x91\xa8\xab\xd5\x68\x58\xd7\x2b\xab\xb2\xd4\x76\xf0\x45\x83\x73"
  3906. "\xb4\x1b\x6a\xb5\xbf\x17\x4b\xec\x42\x2e\x53\xfc\x31\x35\xac\x6e",
  3907. /* HMAC-SHA3-512 */
  3908. "\x30\x9e\x99\xf9\xec\x07\x5e\xc6\xc6\xd4\x75\xed\xa1\x18\x06\x87"
  3909. "\xfc\xf1\x53\x11\x95\x80\x2a\x99\xb5\x67\x74\x49\xa8\x62\x51\x82"
  3910. "\x85\x1c\xb3\x32\xaf\xb6\xa8\x9c\x41\x13\x25\xfb\xcb\xcd\x42\xaf"
  3911. "\xcb\x7b\x6e\x5a\xab\x7e\xa4\x2c\x66\x0f\x97\xfd\x85\x84\xbf\x03",
  3912. /* key = big key, input = Big Key Input */
  3913. /* HMAC-SHA3-224 */
  3914. "\x29\xe0\x5e\x46\xc4\xa4\x5e\x46\x74\xbf\xd7\x2d\x1a\xd8\x66\xdb"
  3915. "\x2d\x0d\x10\x4e\x2b\xfa\xad\x53\x7d\x15\x69\x8b",
  3916. /* HMAC-SHA3-256 */
  3917. "\xb5\x5b\x8d\x64\xb6\x9c\x21\xd0\xbf\x20\x5c\xa2\xf7\xb9\xb1\x4e"
  3918. "\x88\x21\x61\x2c\x66\xc3\x91\xae\x6c\x95\x16\x85\x83\xe6\xf4\x9b",
  3919. /* HMAC-SHA3-384 */
  3920. "\xaa\x91\xb3\xa6\x2f\x56\xa1\xbe\x8c\x3e\x74\x38\xdb\x58\xd9\xd3"
  3921. "\x34\xde\xa0\x60\x6d\x8d\x46\xe0\xec\xa9\xf6\x06\x35\x14\xe6\xed"
  3922. "\x83\xe6\x7c\x77\x24\x6c\x11\xb5\x90\x82\xb5\x75\xda\x7b\x83\x2d",
  3923. /* HMAC-SHA3-512 */
  3924. "\x1c\xc3\xa9\x24\x4a\x4a\x3f\xbd\xc7\x20\x00\x16\x9b\x79\x47\x03"
  3925. "\x78\x75\x2c\xb5\xf1\x2e\x62\x7c\xbe\xef\x4e\x8f\x0b\x11\x2b\x32"
  3926. "\xa0\xee\xc9\xd0\x4d\x64\x64\x0b\x37\xf4\xdd\x66\xf7\x8b\xb3\xad"
  3927. "\x52\x52\x6b\x65\x12\xde\x0d\x7c\xc0\x8b\x60\x01\x6c\x37\xd7\xa8"
  3928. };
  3929. int i = 0, iMax = sizeof(input) / sizeof(input[0]),
  3930. j, jMax = sizeof(hashType) / sizeof(hashType[0]),
  3931. ret;
  3932. #ifdef HAVE_FIPS
  3933. /* FIPS requires a minimum length for HMAC keys, and "Jefe" is too
  3934. * short. Skip it in FIPS builds. */
  3935. i = 1;
  3936. #endif
  3937. for (; i < iMax; i++) {
  3938. for (j = 0; j < jMax; j++) {
  3939. if (wc_HmacInit(&hmac, HEAP_HINT, devId) != 0)
  3940. return -4000;
  3941. ret = wc_HmacSetKey(&hmac, hashType[j], (byte*)key[i],
  3942. (word32)XSTRLEN(key[i]));
  3943. if (ret != 0)
  3944. return -4001;
  3945. ret = wc_HmacUpdate(&hmac, (byte*)input[i],
  3946. (word32)XSTRLEN(input[i]));
  3947. if (ret != 0)
  3948. return -4002;
  3949. ret = wc_HmacFinal(&hmac, hash);
  3950. if (ret != 0)
  3951. return -4003;
  3952. if (XMEMCMP(hash, output[(i*jMax) + j], hashSz[j]) != 0)
  3953. return -4004;
  3954. wc_HmacFree(&hmac);
  3955. if (i > 0)
  3956. continue;
  3957. #ifndef HAVE_FIPS
  3958. ret = wc_HmacSizeByType(hashType[j]);
  3959. if (ret != hashSz[j])
  3960. return -4005;
  3961. #endif
  3962. }
  3963. }
  3964. return 0;
  3965. }
  3966. #endif
  3967. #ifdef WC_RC2
  3968. typedef struct rc2TestVector {
  3969. const char* input;
  3970. const char* output;
  3971. const char* key; /* Key, variable up to 128 bytes */
  3972. const char* iv; /* IV, 8-bytes */
  3973. int inLen;
  3974. int outLen;
  3975. int keyLen;
  3976. int effectiveKeyBits; /* Up to 1024 bits supported */
  3977. } rc2TestVector;
  3978. static int rc2_ecb_test(void)
  3979. {
  3980. int ret = 0;
  3981. byte cipher[RC2_BLOCK_SIZE];
  3982. byte plain[RC2_BLOCK_SIZE];
  3983. rc2TestVector a, b, c, d, e, f, g, h;
  3984. rc2TestVector test_rc2[8];
  3985. int times = sizeof(test_rc2) / sizeof(rc2TestVector), i;
  3986. a.input = "\x00\x00\x00\x00\x00\x00\x00\x00";
  3987. a.output = "\xeb\xb7\x73\xf9\x93\x27\x8e\xff";
  3988. a.key = "\x00\x00\x00\x00\x00\x00\x00\x00";
  3989. a.inLen = RC2_BLOCK_SIZE;
  3990. a.outLen = RC2_BLOCK_SIZE;
  3991. a.keyLen = 8;
  3992. a.effectiveKeyBits = 63;
  3993. b.input = "\xff\xff\xff\xff\xff\xff\xff\xff";
  3994. b.output = "\x27\x8b\x27\xe4\x2e\x2f\x0d\x49";
  3995. b.key = "\xff\xff\xff\xff\xff\xff\xff\xff";
  3996. b.inLen = RC2_BLOCK_SIZE;
  3997. b.outLen = RC2_BLOCK_SIZE;
  3998. b.keyLen = 8;
  3999. b.effectiveKeyBits = 64;
  4000. c.input = "\x10\x00\x00\x00\x00\x00\x00\x01";
  4001. c.output = "\x30\x64\x9e\xdf\x9b\xe7\xd2\xc2";
  4002. c.key = "\x30\x00\x00\x00\x00\x00\x00\x00";
  4003. c.inLen = RC2_BLOCK_SIZE;
  4004. c.outLen = RC2_BLOCK_SIZE;
  4005. c.keyLen = 8;
  4006. c.effectiveKeyBits = 64;
  4007. d.input = "\x00\x00\x00\x00\x00\x00\x00\x00";
  4008. d.output = "\x61\xa8\xa2\x44\xad\xac\xcc\xf0";
  4009. d.key = "\x88";
  4010. d.inLen = RC2_BLOCK_SIZE;
  4011. d.outLen = RC2_BLOCK_SIZE;
  4012. d.keyLen = 1;
  4013. d.effectiveKeyBits = 64;
  4014. e.input = "\x00\x00\x00\x00\x00\x00\x00\x00";
  4015. e.output = "\x6c\xcf\x43\x08\x97\x4c\x26\x7f";
  4016. e.key = "\x88\xbc\xa9\x0e\x90\x87\x5a";
  4017. e.inLen = RC2_BLOCK_SIZE;
  4018. e.outLen = RC2_BLOCK_SIZE;
  4019. e.keyLen = 7;
  4020. e.effectiveKeyBits = 64;
  4021. f.input = "\x00\x00\x00\x00\x00\x00\x00\x00";
  4022. f.output = "\x1a\x80\x7d\x27\x2b\xbe\x5d\xb1";
  4023. f.key = "\x88\xbc\xa9\x0e\x90\x87\x5a\x7f"
  4024. "\x0f\x79\xc3\x84\x62\x7b\xaf\xb2";
  4025. f.inLen = RC2_BLOCK_SIZE;
  4026. f.outLen = RC2_BLOCK_SIZE;
  4027. f.keyLen = 16;
  4028. f.effectiveKeyBits = 64;
  4029. g.input = "\x00\x00\x00\x00\x00\x00\x00\x00";
  4030. g.output = "\x22\x69\x55\x2a\xb0\xf8\x5c\xa6";
  4031. g.key = "\x88\xbc\xa9\x0e\x90\x87\x5a\x7f"
  4032. "\x0f\x79\xc3\x84\x62\x7b\xaf\xb2";
  4033. g.inLen = RC2_BLOCK_SIZE;
  4034. g.outLen = RC2_BLOCK_SIZE;
  4035. g.keyLen = 16;
  4036. g.effectiveKeyBits = 128;
  4037. h.input = "\x00\x00\x00\x00\x00\x00\x00\x00";
  4038. h.output = "\x5b\x78\xd3\xa4\x3d\xff\xf1\xf1";
  4039. h.key = "\x88\xbc\xa9\x0e\x90\x87\x5a\x7f"
  4040. "\x0f\x79\xc3\x84\x62\x7b\xaf\xb2"
  4041. "\x16\xf8\x0a\x6f\x85\x92\x05\x84"
  4042. "\xc4\x2f\xce\xb0\xbe\x25\x5d\xaf"
  4043. "\x1e";
  4044. h.inLen = RC2_BLOCK_SIZE;
  4045. h.outLen = RC2_BLOCK_SIZE;
  4046. h.keyLen = 33;
  4047. h.effectiveKeyBits = 129;
  4048. test_rc2[0] = a;
  4049. test_rc2[1] = b;
  4050. test_rc2[2] = c;
  4051. test_rc2[3] = d;
  4052. test_rc2[4] = e;
  4053. test_rc2[5] = f;
  4054. test_rc2[6] = g;
  4055. test_rc2[7] = h;
  4056. for (i = 0; i < times; ++i) {
  4057. Rc2 enc;
  4058. XMEMSET(cipher, 0, RC2_BLOCK_SIZE);
  4059. XMEMSET(plain, 0, RC2_BLOCK_SIZE);
  4060. ret = wc_Rc2SetKey(&enc, (byte*)test_rc2[i].key, test_rc2[i].keyLen,
  4061. NULL, test_rc2[i].effectiveKeyBits);
  4062. if (ret != 0) {
  4063. return -4100;
  4064. }
  4065. /* ECB encrypt */
  4066. ret = wc_Rc2EcbEncrypt(&enc, cipher, (byte*)test_rc2[i].input,
  4067. (word32)test_rc2[i].outLen);
  4068. if (ret != 0) {
  4069. return -4101;
  4070. }
  4071. if (XMEMCMP(cipher, test_rc2[i].output, test_rc2[i].outLen)) {
  4072. return -4102;
  4073. }
  4074. /* ECB decrypt */
  4075. ret = wc_Rc2EcbDecrypt(&enc, plain, cipher, RC2_BLOCK_SIZE);
  4076. if (ret != 0) {
  4077. return -4103;
  4078. }
  4079. if (XMEMCMP(plain, test_rc2[i].input, RC2_BLOCK_SIZE)) {
  4080. return -4104;
  4081. }
  4082. }
  4083. return 0;
  4084. }
  4085. static int rc2_cbc_test(void)
  4086. {
  4087. int ret = 0;
  4088. byte cipher[128];
  4089. byte plain[128];
  4090. rc2TestVector a, b, c, d, e, f, g, h, i;
  4091. rc2TestVector test_rc2[9];
  4092. int times = sizeof(test_rc2) / sizeof(rc2TestVector), j;
  4093. /* key length = 7, effective key bits = 63 */
  4094. a.input = "\x00\x00\x00\x00\x00\x00\x00\x00"
  4095. "\x00\x00\x00\x00\x00\x00\x00\x00";
  4096. a.output = "\xEB\xB7\x73\xF9\x93\x27\x8E\xFF"
  4097. "\xF0\x51\x77\x8B\x65\xDB\x13\x57";
  4098. a.key = "\x00\x00\x00\x00\x00\x00\x00\x00";
  4099. a.iv = "\x00\x00\x00\x00\x00\x00\x00\x00";
  4100. a.inLen = RC2_BLOCK_SIZE*2;
  4101. a.outLen = RC2_BLOCK_SIZE*2;
  4102. a.keyLen = 8;
  4103. a.effectiveKeyBits = 63;
  4104. /* key length = 8, effective key bits = 64, all 0xFF */
  4105. b.input = "\xff\xff\xff\xff\xff\xff\xff\xff"
  4106. "\xff\xff\xff\xff\xff\xff\xff\xff";
  4107. b.output = "\xA3\xA1\x12\x65\x4F\x81\xC5\xCD"
  4108. "\xB6\x94\x3E\xEA\x3E\x8B\x9D\x1F";
  4109. b.key = "\xff\xff\xff\xff\xff\xff\xff\xff";
  4110. b.iv = "\xff\xff\xff\xff\xff\xff\xff\xff";
  4111. b.inLen = RC2_BLOCK_SIZE*2;
  4112. b.outLen = RC2_BLOCK_SIZE*2;
  4113. b.keyLen = 8;
  4114. b.effectiveKeyBits = 64;
  4115. /* key length = 8, effective key bits = 64 */
  4116. c.input = "\x10\x00\x00\x00\x00\x00\x00\x01"
  4117. "\x10\x00\x00\x00\x00\x00\x00\x01";
  4118. c.output = "\x30\x64\x9e\xdf\x9b\xe7\xd2\xc2";
  4119. c.output = "\xB5\x70\x14\xA2\x5F\x40\xE3\x6D"
  4120. "\x81\x99\x8D\xE0\xB5\xD5\x3A\x05";
  4121. c.key = "\x30\x00\x00\x00\x00\x00\x00\x00";
  4122. c.iv = "\x30\x00\x00\x00\x00\x00\x00\x00";
  4123. c.inLen = RC2_BLOCK_SIZE*2;
  4124. c.outLen = RC2_BLOCK_SIZE*2;
  4125. c.keyLen = 8;
  4126. c.effectiveKeyBits = 64;
  4127. /* key length = 1, effective key bits = 64 */
  4128. d.input = "\x00\x00\x00\x00\x00\x00\x00\x00"
  4129. "\x00\x00\x00\x00\x00\x00\x00\x00";
  4130. d.output = "\x61\xA8\xA2\x44\xAD\xAC\xCC\xF0"
  4131. "\x6D\x19\xE8\xF1\xFC\xE7\x38\x87";
  4132. d.key = "\x88";
  4133. d.iv = "\x00\x00\x00\x00\x00\x00\x00\x00";
  4134. d.inLen = RC2_BLOCK_SIZE*2;
  4135. d.outLen = RC2_BLOCK_SIZE*2;
  4136. d.keyLen = 1;
  4137. d.effectiveKeyBits = 64;
  4138. /* key length = 7, effective key bits = 64 */
  4139. e.input = "\x00\x00\x00\x00\x00\x00\x00\x00"
  4140. "\x00\x00\x00\x00\x00\x00\x00\x00";
  4141. e.output = "\x6C\xCF\x43\x08\x97\x4C\x26\x7F"
  4142. "\xCC\x3C\x53\x57\x7C\xA1\xA4\x4B";
  4143. e.key = "\x88\xbc\xa9\x0e\x90\x87\x5a";
  4144. e.iv = "\x00\x00\x00\x00\x00\x00\x00\x00";
  4145. e.inLen = RC2_BLOCK_SIZE*2;
  4146. e.outLen = RC2_BLOCK_SIZE*2;
  4147. e.keyLen = 7;
  4148. e.effectiveKeyBits = 64;
  4149. /* key length = 16, effective key bits = 64 */
  4150. f.input = "\x00\x00\x00\x00\x00\x00\x00\x00"
  4151. "\x00\x00\x00\x00\x00\x00\x00\x00";
  4152. f.output = "\x1A\x80\x7D\x27\x2B\xBE\x5D\xB1"
  4153. "\x64\xEF\xE1\xC3\xB8\xAD\xFB\xBA";
  4154. f.key = "\x88\xbc\xa9\x0e\x90\x87\x5a\x7f"
  4155. "\x0f\x79\xc3\x84\x62\x7b\xaf\xb2";
  4156. f.iv = "\x00\x00\x00\x00\x00\x00\x00\x00";
  4157. f.inLen = RC2_BLOCK_SIZE*2;
  4158. f.outLen = RC2_BLOCK_SIZE*2;
  4159. f.keyLen = 16;
  4160. f.effectiveKeyBits = 64;
  4161. /* key length = 16, effective bits = 128 */
  4162. g.input = "\x00\x00\x00\x00\x00\x00\x00\x00"
  4163. "\x00\x00\x00\x00\x00\x00\x00\x00";
  4164. g.output = "\x22\x69\x55\x2A\xB0\xF8\x5C\xA6"
  4165. "\x53\x6E\xFD\x2D\x89\xE1\x2A\x73";
  4166. g.key = "\x88\xbc\xa9\x0e\x90\x87\x5a\x7f"
  4167. "\x0f\x79\xc3\x84\x62\x7b\xaf\xb2";
  4168. g.iv = "\x00\x00\x00\x00\x00\x00\x00\x00";
  4169. g.inLen = RC2_BLOCK_SIZE*2;
  4170. g.outLen = RC2_BLOCK_SIZE*2;
  4171. g.keyLen = 16;
  4172. g.effectiveKeyBits = 128;
  4173. /* key length = 33, effective bits = 129 */
  4174. h.input = "\x00\x00\x00\x00\x00\x00\x00\x00"
  4175. "\x00\x00\x00\x00\x00\x00\x00\x00";
  4176. h.output = "\x5B\x78\xD3\xA4\x3D\xFF\xF1\xF1"
  4177. "\x45\x30\xA8\xD5\xC7\x7C\x46\x19";
  4178. h.key = "\x88\xbc\xa9\x0e\x90\x87\x5a\x7f"
  4179. "\x0f\x79\xc3\x84\x62\x7b\xaf\xb2"
  4180. "\x16\xf8\x0a\x6f\x85\x92\x05\x84"
  4181. "\xc4\x2f\xce\xb0\xbe\x25\x5d\xaf"
  4182. "\x1e";
  4183. h.iv = "\x00\x00\x00\x00\x00\x00\x00\x00";
  4184. h.inLen = RC2_BLOCK_SIZE*2;
  4185. h.outLen = RC2_BLOCK_SIZE*2;
  4186. h.keyLen = 33;
  4187. h.effectiveKeyBits = 129;
  4188. /* key length = 10, effective bits = 40 */
  4189. i.input = "\x11\x22\x33\x44\x55\x66\x77\x88"
  4190. "\x99\xAA\xBB\xCC\xDD\xEE\xFF\x00"
  4191. "\x11\x22\x33\x44\x55\x66\x77\x88"
  4192. "\x99\xAA\xBB\xCC\xDD\xEE\xFF\x00";
  4193. i.output = "\x71\x2D\x11\x99\xC9\xA0\x78\x4F"
  4194. "\xCD\xF1\x1E\x3D\xFD\x21\x7E\xDB"
  4195. "\xB2\x6E\x0D\xA4\x72\xBC\x31\x51"
  4196. "\x48\xEF\x4E\x68\x3B\xDC\xCD\x7D";
  4197. i.key = "\x26\x1E\x57\x8E\xC9\x62\xBF\xB8"
  4198. "\x3E\x96";
  4199. i.iv = "\x01\x02\x03\x04\x05\x06\x07\x08";
  4200. i.inLen = RC2_BLOCK_SIZE*4;
  4201. i.outLen = RC2_BLOCK_SIZE*4;
  4202. i.keyLen = 10;
  4203. i.effectiveKeyBits = 40;
  4204. test_rc2[0] = a;
  4205. test_rc2[1] = b;
  4206. test_rc2[2] = c;
  4207. test_rc2[3] = d;
  4208. test_rc2[4] = e;
  4209. test_rc2[5] = f;
  4210. test_rc2[6] = g;
  4211. test_rc2[7] = h;
  4212. test_rc2[8] = i;
  4213. for (j = 0; j < times; ++j) {
  4214. Rc2 rc2;
  4215. XMEMSET(cipher, 0, sizeof(cipher));
  4216. XMEMSET(plain, 0, sizeof(plain));
  4217. ret = wc_Rc2SetKey(&rc2, (byte*)test_rc2[j].key, test_rc2[j].keyLen,
  4218. (byte*)test_rc2[j].iv, test_rc2[j].effectiveKeyBits);
  4219. if (ret != 0) {
  4220. return -4200;
  4221. }
  4222. ret = wc_Rc2CbcEncrypt(&rc2, cipher, (byte*)test_rc2[j].input,
  4223. test_rc2[j].inLen);
  4224. if (ret != 0) {
  4225. return -4201;
  4226. }
  4227. if (XMEMCMP(cipher, (byte*)test_rc2[j].output, test_rc2[j].outLen)) {
  4228. return -4202;
  4229. }
  4230. /* reset IV for decrypt, since overriden by encrypt operation */
  4231. ret = wc_Rc2SetIV(&rc2, (byte*)test_rc2[j].iv);
  4232. if (ret != 0) {
  4233. return -4203;
  4234. }
  4235. ret = wc_Rc2CbcDecrypt(&rc2, plain, cipher, test_rc2[j].outLen);
  4236. if (ret != 0) {
  4237. return -4204;
  4238. }
  4239. if (XMEMCMP(plain, (byte*)test_rc2[j].input, test_rc2[j].inLen)) {
  4240. return -4205;
  4241. }
  4242. }
  4243. return 0;
  4244. }
  4245. WOLFSSL_TEST_SUBROUTINE int rc2_test(void)
  4246. {
  4247. int ret = 0;
  4248. ret = rc2_ecb_test();
  4249. if (ret != 0) {
  4250. return ret;
  4251. }
  4252. return rc2_cbc_test();
  4253. }
  4254. #endif
  4255. #ifndef NO_RC4
  4256. WOLFSSL_TEST_SUBROUTINE int arc4_test(void)
  4257. {
  4258. byte cipher[16];
  4259. byte plain[16];
  4260. const char* keys[] =
  4261. {
  4262. "\x01\x23\x45\x67\x89\xab\xcd\xef",
  4263. "\x01\x23\x45\x67\x89\xab\xcd\xef",
  4264. "\x00\x00\x00\x00\x00\x00\x00\x00",
  4265. "\xef\x01\x23\x45"
  4266. };
  4267. testVector a, b, c, d;
  4268. testVector test_arc4[4];
  4269. int times = sizeof(test_arc4) / sizeof(testVector), i;
  4270. a.input = "\x01\x23\x45\x67\x89\xab\xcd\xef";
  4271. a.output = "\x75\xb7\x87\x80\x99\xe0\xc5\x96";
  4272. a.inLen = 8;
  4273. a.outLen = 8;
  4274. b.input = "\x00\x00\x00\x00\x00\x00\x00\x00";
  4275. b.output = "\x74\x94\xc2\xe7\x10\x4b\x08\x79";
  4276. b.inLen = 8;
  4277. b.outLen = 8;
  4278. c.input = "\x00\x00\x00\x00\x00\x00\x00\x00";
  4279. c.output = "\xde\x18\x89\x41\xa3\x37\x5d\x3a";
  4280. c.inLen = 8;
  4281. c.outLen = 8;
  4282. d.input = "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00";
  4283. d.output = "\xd6\xa1\x41\xa7\xec\x3c\x38\xdf\xbd\x61";
  4284. d.inLen = 10;
  4285. d.outLen = 10;
  4286. test_arc4[0] = a;
  4287. test_arc4[1] = b;
  4288. test_arc4[2] = c;
  4289. test_arc4[3] = d;
  4290. for (i = 0; i < times; ++i) {
  4291. Arc4 enc;
  4292. Arc4 dec;
  4293. int keylen = 8; /* XSTRLEN with key 0x00 not good */
  4294. if (i == 3)
  4295. keylen = 4;
  4296. if (wc_Arc4Init(&enc, HEAP_HINT, devId) != 0)
  4297. return -4400;
  4298. if (wc_Arc4Init(&dec, HEAP_HINT, devId) != 0)
  4299. return -4401;
  4300. wc_Arc4SetKey(&enc, (byte*)keys[i], keylen);
  4301. wc_Arc4SetKey(&dec, (byte*)keys[i], keylen);
  4302. wc_Arc4Process(&enc, cipher, (byte*)test_arc4[i].input,
  4303. (word32)test_arc4[i].outLen);
  4304. wc_Arc4Process(&dec, plain, cipher, (word32)test_arc4[i].outLen);
  4305. if (XMEMCMP(plain, test_arc4[i].input, test_arc4[i].outLen))
  4306. return -4402 - i;
  4307. if (XMEMCMP(cipher, test_arc4[i].output, test_arc4[i].outLen))
  4308. return -4412 - i;
  4309. wc_Arc4Free(&enc);
  4310. wc_Arc4Free(&dec);
  4311. }
  4312. return 0;
  4313. }
  4314. #endif
  4315. WOLFSSL_TEST_SUBROUTINE int hc128_test(void)
  4316. {
  4317. #ifdef HAVE_HC128
  4318. byte cipher[16];
  4319. byte plain[16];
  4320. const char* keys[] =
  4321. {
  4322. "\x80\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00",
  4323. "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00",
  4324. "\x00\x53\xA6\xF9\x4C\x9F\xF2\x45\x98\xEB\x3E\x91\xE4\x37\x8A\xDD",
  4325. "\x0F\x62\xB5\x08\x5B\xAE\x01\x54\xA7\xFA\x4D\xA0\xF3\x46\x99\xEC"
  4326. };
  4327. const char* ivs[] =
  4328. {
  4329. "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00",
  4330. "\x80\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00",
  4331. "\x0D\x74\xDB\x42\xA9\x10\x77\xDE\x45\xAC\x13\x7A\xE1\x48\xAF\x16",
  4332. "\x28\x8F\xF6\x5D\xC4\x2B\x92\xF9\x60\xC7\x2E\x95\xFC\x63\xCA\x31"
  4333. };
  4334. testVector a, b, c, d;
  4335. testVector test_hc128[4];
  4336. int times = sizeof(test_hc128) / sizeof(testVector), i;
  4337. int ret = 0;
  4338. #if !defined(WOLFSSL_SMALL_STACK) || defined(WOLFSSL_NO_MALLOC)
  4339. HC128 enc[1], dec[1];
  4340. #else
  4341. HC128 *enc = (HC128 *)XMALLOC(sizeof *enc, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  4342. HC128 *dec = (HC128 *)XMALLOC(sizeof *enc, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  4343. if ((! enc) || (! dec)) {
  4344. ERROR_OUT(-4500, out);
  4345. }
  4346. #endif
  4347. a.input = "\x00\x00\x00\x00\x00\x00\x00\x00";
  4348. a.output = "\x37\x86\x02\xB9\x8F\x32\xA7\x48";
  4349. a.inLen = 8;
  4350. a.outLen = 8;
  4351. b.input = "\x00\x00\x00\x00\x00\x00\x00\x00";
  4352. b.output = "\x33\x7F\x86\x11\xC6\xED\x61\x5F";
  4353. b.inLen = 8;
  4354. b.outLen = 8;
  4355. c.input = "\x00\x00\x00\x00\x00\x00\x00\x00";
  4356. c.output = "\x2E\x1E\xD1\x2A\x85\x51\xC0\x5A";
  4357. c.inLen = 8;
  4358. c.outLen = 8;
  4359. d.input = "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00";
  4360. d.output = "\x1C\xD8\xAE\xDD\xFE\x52\xE2\x17\xE8\x35\xD0\xB7\xE8\x4E\x29";
  4361. d.inLen = 15;
  4362. d.outLen = 15;
  4363. test_hc128[0] = a;
  4364. test_hc128[1] = b;
  4365. test_hc128[2] = c;
  4366. test_hc128[3] = d;
  4367. for (i = 0; i < times; ++i) {
  4368. /* align keys/ivs in plain/cipher buffers */
  4369. XMEMCPY(plain, keys[i], 16);
  4370. XMEMCPY(cipher, ivs[i], 16);
  4371. wc_Hc128_SetKey(enc, plain, cipher);
  4372. wc_Hc128_SetKey(dec, plain, cipher);
  4373. /* align input */
  4374. XMEMCPY(plain, test_hc128[i].input, test_hc128[i].outLen);
  4375. if (wc_Hc128_Process(enc, cipher, plain,
  4376. (word32)test_hc128[i].outLen) != 0) {
  4377. ret = -4501;
  4378. goto out;
  4379. }
  4380. if (wc_Hc128_Process(dec, plain, cipher,
  4381. (word32)test_hc128[i].outLen) != 0) {
  4382. ret = -4502;
  4383. goto out;
  4384. }
  4385. if (XMEMCMP(plain, test_hc128[i].input, test_hc128[i].outLen)) {
  4386. ret = -4503 - i;
  4387. goto out;
  4388. }
  4389. if (XMEMCMP(cipher, test_hc128[i].output, test_hc128[i].outLen)) {
  4390. ret = -4513 - i;
  4391. goto out;
  4392. }
  4393. }
  4394. out:
  4395. #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
  4396. if (enc)
  4397. XFREE(enc, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  4398. if (dec)
  4399. XFREE(dec, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  4400. #endif
  4401. return ret;
  4402. #else
  4403. return 0;
  4404. #endif /* HAVE_HC128 */
  4405. }
  4406. #ifndef NO_RABBIT
  4407. WOLFSSL_TEST_SUBROUTINE int rabbit_test(void)
  4408. {
  4409. byte cipher[16];
  4410. byte plain[16];
  4411. const char* keys[] =
  4412. {
  4413. "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00",
  4414. "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00",
  4415. "\xAC\xC3\x51\xDC\xF1\x62\xFC\x3B\xFE\x36\x3D\x2E\x29\x13\x28\x91"
  4416. };
  4417. const char* ivs[] =
  4418. {
  4419. "\x00\x00\x00\x00\x00\x00\x00\x00",
  4420. "\x59\x7E\x26\xC1\x75\xF5\x73\xC3",
  4421. 0
  4422. };
  4423. testVector a, b, c;
  4424. testVector test_rabbit[3];
  4425. int times = sizeof(test_rabbit) / sizeof(testVector), i;
  4426. a.input = "\x00\x00\x00\x00\x00\x00\x00\x00";
  4427. a.output = "\xED\xB7\x05\x67\x37\x5D\xCD\x7C";
  4428. a.inLen = 8;
  4429. a.outLen = 8;
  4430. b.input = "\x00\x00\x00\x00\x00\x00\x00\x00";
  4431. b.output = "\x6D\x7D\x01\x22\x92\xCC\xDC\xE0";
  4432. b.inLen = 8;
  4433. b.outLen = 8;
  4434. c.input = "\x00\x00\x00\x00\x00\x00\x00\x00";
  4435. c.output = "\x04\xCE\xCA\x7A\x1A\x86\x6E\x77";
  4436. c.inLen = 8;
  4437. c.outLen = 8;
  4438. test_rabbit[0] = a;
  4439. test_rabbit[1] = b;
  4440. test_rabbit[2] = c;
  4441. for (i = 0; i < times; ++i) {
  4442. Rabbit enc;
  4443. Rabbit dec;
  4444. byte* iv;
  4445. /* align keys/ivs in plain/cipher buffers */
  4446. XMEMCPY(plain, keys[i], 16);
  4447. if (ivs[i]) {
  4448. XMEMCPY(cipher, ivs[i], 8);
  4449. iv = cipher;
  4450. } else
  4451. iv = NULL;
  4452. wc_RabbitSetKey(&enc, plain, iv);
  4453. wc_RabbitSetKey(&dec, plain, iv);
  4454. /* align input */
  4455. XMEMCPY(plain, test_rabbit[i].input, test_rabbit[i].outLen);
  4456. wc_RabbitProcess(&enc, cipher, plain, (word32)test_rabbit[i].outLen);
  4457. wc_RabbitProcess(&dec, plain, cipher, (word32)test_rabbit[i].outLen);
  4458. if (XMEMCMP(plain, test_rabbit[i].input, test_rabbit[i].outLen))
  4459. return -4600 - i;
  4460. if (XMEMCMP(cipher, test_rabbit[i].output, test_rabbit[i].outLen))
  4461. return -4610 - i;
  4462. }
  4463. return 0;
  4464. }
  4465. #endif /* NO_RABBIT */
  4466. #ifdef HAVE_CHACHA
  4467. WOLFSSL_TEST_SUBROUTINE int chacha_test(void)
  4468. {
  4469. ChaCha enc;
  4470. ChaCha dec;
  4471. byte cipher[128];
  4472. byte plain[128];
  4473. byte sliver[64];
  4474. byte input[] = {0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0};
  4475. word32 keySz = 32;
  4476. int ret = 0;
  4477. int i;
  4478. int times = 4;
  4479. WOLFSSL_SMALL_STACK_STATIC const byte key1[] =
  4480. {
  4481. 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
  4482. 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
  4483. 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
  4484. 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00
  4485. };
  4486. WOLFSSL_SMALL_STACK_STATIC const byte key2[] =
  4487. {
  4488. 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
  4489. 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
  4490. 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
  4491. 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x01
  4492. };
  4493. WOLFSSL_SMALL_STACK_STATIC const byte key3[] =
  4494. {
  4495. 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
  4496. 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
  4497. 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
  4498. 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00
  4499. };
  4500. /* 128 bit key */
  4501. WOLFSSL_SMALL_STACK_STATIC const byte key4[] =
  4502. {
  4503. 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
  4504. 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00
  4505. };
  4506. const byte* keys[] = {key1, key2, key3, key4};
  4507. WOLFSSL_SMALL_STACK_STATIC const byte ivs1[] = {0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00};
  4508. WOLFSSL_SMALL_STACK_STATIC const byte ivs2[] = {0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00};
  4509. WOLFSSL_SMALL_STACK_STATIC const byte ivs3[] = {0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x01,0x00,0x00,0x00,0x00};
  4510. WOLFSSL_SMALL_STACK_STATIC const byte ivs4[] = {0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00};
  4511. const byte* ivs[] = {ivs1, ivs2, ivs3, ivs4};
  4512. #ifndef BENCH_EMBEDDED
  4513. WOLFSSL_SMALL_STACK_STATIC const byte cipher_big_result[] = {
  4514. 0x06, 0xa6, 0x5d, 0x31, 0x21, 0x6c, 0xdb, 0x37, 0x48, 0x7c, 0x01, 0x9d,
  4515. 0x72, 0xdf, 0x0a, 0x5b, 0x64, 0x74, 0x20, 0xba, 0x9e, 0xe0, 0x26, 0x7a,
  4516. 0xbf, 0xdf, 0x83, 0x34, 0x3b, 0x4f, 0x94, 0x3f, 0x37, 0x89, 0xaf, 0x00,
  4517. 0xdf, 0x0f, 0x2e, 0x75, 0x16, 0x41, 0xf6, 0x7a, 0x86, 0x94, 0x9d, 0x32,
  4518. 0x56, 0xf0, 0x79, 0x71, 0x68, 0x6f, 0xa6, 0x6b, 0xc6, 0x59, 0x49, 0xf6,
  4519. 0x10, 0x34, 0x03, 0x03, 0x16, 0x53, 0x9a, 0x98, 0x2a, 0x46, 0xde, 0x17,
  4520. 0x06, 0x65, 0x70, 0xca, 0x0a, 0x1f, 0xab, 0x80, 0x26, 0x96, 0x3f, 0x3e,
  4521. 0x7a, 0x3c, 0xa8, 0x87, 0xbb, 0x65, 0xdd, 0x5e, 0x07, 0x7b, 0x34, 0xe0,
  4522. 0x56, 0xda, 0x32, 0x13, 0x30, 0xc9, 0x0c, 0xd7, 0xba, 0xe4, 0x1f, 0xa6,
  4523. 0x91, 0x4f, 0x72, 0x9f, 0xd9, 0x5c, 0x62, 0x7d, 0xa6, 0xc2, 0xbc, 0x87,
  4524. 0xae, 0x64, 0x11, 0x94, 0x3b, 0xbc, 0x6c, 0x23, 0xbd, 0x7d, 0x00, 0xb4,
  4525. 0x99, 0xf2, 0x68, 0xb5, 0x59, 0x70, 0x93, 0xad, 0x69, 0xd0, 0xb1, 0x28,
  4526. 0x70, 0x92, 0xeb, 0xec, 0x39, 0x80, 0x82, 0xde, 0x44, 0xe2, 0x8a, 0x26,
  4527. 0xb3, 0xe9, 0x45, 0xcf, 0x83, 0x76, 0x9f, 0x6a, 0xa0, 0x46, 0x4a, 0x3d,
  4528. 0x26, 0x56, 0xaf, 0x49, 0x41, 0x26, 0x1b, 0x6a, 0x41, 0x37, 0x65, 0x91,
  4529. 0x72, 0xc4, 0xe7, 0x3c, 0x17, 0x31, 0xae, 0x2e, 0x2b, 0x31, 0x45, 0xe4,
  4530. 0x93, 0xd3, 0x10, 0xaa, 0xc5, 0x62, 0xd5, 0x11, 0x4b, 0x57, 0x1d, 0xad,
  4531. 0x48, 0x06, 0xd0, 0x0d, 0x98, 0xa5, 0xc6, 0x5b, 0xd0, 0x9e, 0x22, 0xc0,
  4532. 0x00, 0x32, 0x5a, 0xf5, 0x1c, 0x89, 0x6d, 0x54, 0x97, 0x55, 0x6b, 0x46,
  4533. 0xc5, 0xc7, 0xc4, 0x48, 0x9c, 0xbf, 0x47, 0xdc, 0x03, 0xc4, 0x1b, 0xcb,
  4534. 0x65, 0xa6, 0x91, 0x9d, 0x6d, 0xf1, 0xb0, 0x7a, 0x4d, 0x3b, 0x03, 0x95,
  4535. 0xf4, 0x8b, 0x0b, 0xae, 0x39, 0xff, 0x3f, 0xf6, 0xc0, 0x14, 0x18, 0x8a,
  4536. 0xe5, 0x19, 0xbd, 0xc1, 0xb4, 0x05, 0x4e, 0x29, 0x2f, 0x0b, 0x33, 0x76,
  4537. 0x28, 0x16, 0xa4, 0xa6, 0x93, 0x04, 0xb5, 0x55, 0x6b, 0x89, 0x3d, 0xa5,
  4538. 0x0f, 0xd3, 0xad, 0xfa, 0xd9, 0xfd, 0x05, 0x5d, 0x48, 0x94, 0x25, 0x5a,
  4539. 0x2c, 0x9a, 0x94, 0x80, 0xb0, 0xe7, 0xcb, 0x4d, 0x77, 0xbf, 0xca, 0xd8,
  4540. 0x55, 0x48, 0xbd, 0x66, 0xb1, 0x85, 0x81, 0xb1, 0x37, 0x79, 0xab, 0x52,
  4541. 0x08, 0x14, 0x12, 0xac, 0xcd, 0x45, 0x4d, 0x53, 0x6b, 0xca, 0x96, 0xc7,
  4542. 0x3b, 0x2f, 0x73, 0xb1, 0x5a, 0x23, 0xbd, 0x65, 0xd5, 0xea, 0x17, 0xb3,
  4543. 0xdc, 0xa1, 0x17, 0x1b, 0x2d, 0xb3, 0x9c, 0xd0, 0xdb, 0x41, 0x77, 0xef,
  4544. 0x93, 0x20, 0x52, 0x3e, 0x9d, 0xf5, 0xbf, 0x33, 0xf7, 0x52, 0xc1, 0x90,
  4545. 0xa0, 0x15, 0x17, 0xce, 0xf7, 0xf7, 0xd0, 0x3a, 0x3b, 0xd1, 0x72, 0x56,
  4546. 0x31, 0x81, 0xae, 0x60, 0xab, 0x40, 0xc1, 0xd1, 0x28, 0x77, 0x53, 0xac,
  4547. 0x9f, 0x11, 0x0a, 0x88, 0x36, 0x4b, 0xda, 0x57, 0xa7, 0x28, 0x5c, 0x85,
  4548. 0xd3, 0x85, 0x9b, 0x79, 0xad, 0x05, 0x1c, 0x37, 0x14, 0x5e, 0x0d, 0xd0,
  4549. 0x23, 0x03, 0x42, 0x1d, 0x48, 0x5d, 0xc5, 0x3c, 0x5a, 0x08, 0xa9, 0x0d,
  4550. 0x6e, 0x82, 0x7c, 0x2e, 0x3c, 0x41, 0xcc, 0x96, 0x8e, 0xad, 0xee, 0x2a,
  4551. 0x61, 0x0b, 0x16, 0x0f, 0xa9, 0x24, 0x40, 0x85, 0xbc, 0x9f, 0x28, 0x8d,
  4552. 0xe6, 0x68, 0x4d, 0x8f, 0x30, 0x48, 0xd9, 0x73, 0x73, 0x6c, 0x9a, 0x7f,
  4553. 0x67, 0xf7, 0xde, 0x4c, 0x0a, 0x8b, 0xe4, 0xb3, 0x08, 0x2a, 0x52, 0xda,
  4554. 0x54, 0xee, 0xcd, 0xb5, 0x62, 0x4a, 0x26, 0x20, 0xfb, 0x40, 0xbb, 0x39,
  4555. 0x3a, 0x0f, 0x09, 0xe8, 0x00, 0xd1, 0x24, 0x97, 0x60, 0xe9, 0x83, 0x83,
  4556. 0xfe, 0x9f, 0x9c, 0x15, 0xcf, 0x69, 0x03, 0x9f, 0x03, 0xe1, 0xe8, 0x6e,
  4557. 0xbd, 0x87, 0x58, 0x68, 0xee, 0xec, 0xd8, 0x29, 0x46, 0x23, 0x49, 0x92,
  4558. 0x72, 0x95, 0x5b, 0x49, 0xca, 0xe0, 0x45, 0x59, 0xb2, 0xca, 0xf4, 0xfc,
  4559. 0xb7, 0x59, 0x37, 0x49, 0x28, 0xbc, 0xf3, 0xd7, 0x61, 0xbc, 0x4b, 0xf3,
  4560. 0xa9, 0x4b, 0x2f, 0x05, 0xa8, 0x01, 0xa5, 0xdc, 0x00, 0x6e, 0x01, 0xb6,
  4561. 0x45, 0x3c, 0xd5, 0x49, 0x7d, 0x5c, 0x25, 0xe8, 0x31, 0x87, 0xb2, 0xb9,
  4562. 0xbf, 0xb3, 0x01, 0x62, 0x0c, 0xd0, 0x48, 0x77, 0xa2, 0x34, 0x0f, 0x16,
  4563. 0x22, 0x28, 0xee, 0x54, 0x08, 0x93, 0x3b, 0xe4, 0xde, 0x7e, 0x63, 0xf7,
  4564. 0x97, 0x16, 0x5d, 0x71, 0x58, 0xc2, 0x2e, 0xf2, 0x36, 0xa6, 0x12, 0x65,
  4565. 0x94, 0x17, 0xac, 0x66, 0x23, 0x7e, 0xc6, 0x72, 0x79, 0x24, 0xce, 0x8f,
  4566. 0x55, 0x19, 0x97, 0x44, 0xfc, 0x55, 0xec, 0x85, 0x26, 0x27, 0xdb, 0x38,
  4567. 0xb1, 0x42, 0x0a, 0xdd, 0x05, 0x99, 0x28, 0xeb, 0x03, 0x6c, 0x9a, 0xe9,
  4568. 0x17, 0xf6, 0x2c, 0xb0, 0xfe, 0xe7, 0xa4, 0xa7, 0x31, 0xda, 0x4d, 0xb0,
  4569. 0x29, 0xdb, 0xdd, 0x8d, 0x12, 0x13, 0x9c, 0xb4, 0xcc, 0x83, 0x97, 0xfb,
  4570. 0x1a, 0xdc, 0x08, 0xd6, 0x30, 0x62, 0xe8, 0xeb, 0x8b, 0x61, 0xcb, 0x1d,
  4571. 0x06, 0xe3, 0xa5, 0x4d, 0x35, 0xdb, 0x59, 0xa8, 0x2d, 0x87, 0x27, 0x44,
  4572. 0x6f, 0xc0, 0x38, 0x97, 0xe4, 0x85, 0x00, 0x02, 0x09, 0xf6, 0x69, 0x3a,
  4573. 0xcf, 0x08, 0x1b, 0x21, 0xbb, 0x79, 0xb1, 0xa1, 0x34, 0x09, 0xe0, 0x80,
  4574. 0xca, 0xb0, 0x78, 0x8a, 0x11, 0x97, 0xd4, 0x07, 0xbe, 0x1b, 0x6a, 0x5d,
  4575. 0xdb, 0xd6, 0x1f, 0x76, 0x6b, 0x16, 0xf0, 0x58, 0x84, 0x5f, 0x59, 0xce,
  4576. 0x62, 0x34, 0xc3, 0xdf, 0x94, 0xb8, 0x2f, 0x84, 0x68, 0xf0, 0xb8, 0x51,
  4577. 0xd9, 0x6d, 0x8e, 0x4a, 0x1d, 0xe6, 0x5c, 0xd8, 0x86, 0x25, 0xe3, 0x24,
  4578. 0xfd, 0x21, 0x61, 0x13, 0x48, 0x3e, 0xf6, 0x7d, 0xa6, 0x71, 0x9b, 0xd2,
  4579. 0x6e, 0xe6, 0xd2, 0x08, 0x94, 0x62, 0x6c, 0x98, 0xfe, 0x2f, 0x9c, 0x88,
  4580. 0x7e, 0x78, 0x15, 0x02, 0x00, 0xf0, 0xba, 0x24, 0x91, 0xf2, 0xdc, 0x47,
  4581. 0x51, 0x4d, 0x15, 0x5e, 0x91, 0x5f, 0x57, 0x5b, 0x1d, 0x35, 0x24, 0x45,
  4582. 0x75, 0x9b, 0x88, 0x75, 0xf1, 0x2f, 0x85, 0xe7, 0x89, 0xd1, 0x01, 0xb4,
  4583. 0xc8, 0x18, 0xb7, 0x97, 0xef, 0x4b, 0x90, 0xf4, 0xbf, 0x10, 0x27, 0x3c,
  4584. 0x60, 0xff, 0xc4, 0x94, 0x20, 0x2f, 0x93, 0x4b, 0x4d, 0xe3, 0x80, 0xf7,
  4585. 0x2c, 0x71, 0xd9, 0xe3, 0x68, 0xb4, 0x77, 0x2b, 0xc7, 0x0d, 0x39, 0x92,
  4586. 0xef, 0x91, 0x0d, 0xb2, 0x11, 0x50, 0x0e, 0xe8, 0xad, 0x3b, 0xf6, 0xb5,
  4587. 0xc6, 0x14, 0x4d, 0x33, 0x53, 0xa7, 0x60, 0x15, 0xc7, 0x27, 0x51, 0xdc,
  4588. 0x54, 0x29, 0xa7, 0x0d, 0x6a, 0x7b, 0x72, 0x13, 0xad, 0x7d, 0x41, 0x19,
  4589. 0x4e, 0x42, 0x49, 0xcc, 0x42, 0xe4, 0xbd, 0x99, 0x13, 0xd9, 0x7f, 0xf3,
  4590. 0x38, 0xa4, 0xb6, 0x33, 0xed, 0x07, 0x48, 0x7e, 0x8e, 0x82, 0xfe, 0x3a,
  4591. 0x9d, 0x75, 0x93, 0xba, 0x25, 0x4e, 0x37, 0x3c, 0x0c, 0xd5, 0x69, 0xa9,
  4592. 0x2d, 0x9e, 0xfd, 0xe8, 0xbb, 0xf5, 0x0c, 0xe2, 0x86, 0xb9, 0x5e, 0x6f,
  4593. 0x28, 0xe4, 0x19, 0xb3, 0x0b, 0xa4, 0x86, 0xd7, 0x24, 0xd0, 0xb8, 0x89,
  4594. 0x7b, 0x76, 0xec, 0x05, 0x10, 0x5b, 0x68, 0xe9, 0x58, 0x66, 0xa3, 0xc5,
  4595. 0xb6, 0x63, 0x20, 0x0e, 0x0e, 0xea, 0x3d, 0x61, 0x5e, 0xda, 0x3d, 0x3c,
  4596. 0xf9, 0xfd, 0xed, 0xa9, 0xdb, 0x52, 0x94, 0x8a, 0x00, 0xca, 0x3c, 0x8d,
  4597. 0x66, 0x8f, 0xb0, 0xf0, 0x5a, 0xca, 0x3f, 0x63, 0x71, 0xbf, 0xca, 0x99,
  4598. 0x37, 0x9b, 0x75, 0x97, 0x89, 0x10, 0x6e, 0xcf, 0xf2, 0xf5, 0xe3, 0xd5,
  4599. 0x45, 0x9b, 0xad, 0x10, 0x71, 0x6c, 0x5f, 0x6f, 0x7f, 0x22, 0x77, 0x18,
  4600. 0x2f, 0xf9, 0x99, 0xc5, 0x69, 0x58, 0x03, 0x12, 0x86, 0x82, 0x3e, 0xbf,
  4601. 0xc2, 0x12, 0x35, 0x43, 0xa3, 0xd9, 0x18, 0x4f, 0x41, 0x11, 0x6b, 0xf3,
  4602. 0x67, 0xaf, 0x3d, 0x78, 0xe4, 0x22, 0x2d, 0xb3, 0x48, 0x43, 0x31, 0x1d,
  4603. 0xef, 0xa8, 0xba, 0x49, 0x8e, 0xa9, 0xa7, 0xb6, 0x18, 0x77, 0x84, 0xca,
  4604. 0xbd, 0xa2, 0x02, 0x1b, 0x6a, 0xf8, 0x5f, 0xda, 0xff, 0xcf, 0x01, 0x6a,
  4605. 0x86, 0x69, 0xa9, 0xe9, 0xcb, 0x60, 0x1e, 0x15, 0xdc, 0x8f, 0x5d, 0x39,
  4606. 0xb5, 0xce, 0x55, 0x5f, 0x47, 0x97, 0xb1, 0x19, 0x6e, 0x21, 0xd6, 0x13,
  4607. 0x39, 0xb2, 0x24, 0xe0, 0x62, 0x82, 0x9f, 0xed, 0x12, 0x81, 0xed, 0xee,
  4608. 0xab, 0xd0, 0x2f, 0x19, 0x89, 0x3f, 0x57, 0x2e, 0xc2, 0xe2, 0x67, 0xe8,
  4609. 0xae, 0x03, 0x56, 0xba, 0xd4, 0xd0, 0xa4, 0x89, 0x03, 0x06, 0x5b, 0xcc,
  4610. 0xf2, 0x22, 0xb8, 0x0e, 0x76, 0x79, 0x4a, 0x42, 0x1d, 0x37, 0x51, 0x5a,
  4611. 0xaa, 0x46, 0x6c, 0x2a, 0xdd, 0x66, 0xfe, 0xc6, 0x68, 0xc3, 0x38, 0xa2,
  4612. 0xae, 0x5b, 0x98, 0x24, 0x5d, 0x43, 0x05, 0x82, 0x38, 0x12, 0xd3, 0xd1,
  4613. 0x75, 0x2d, 0x4f, 0x61, 0xbd, 0xb9, 0x10, 0x87, 0x44, 0x2a, 0x78, 0x07,
  4614. 0xff, 0xf4, 0x0f, 0xa1, 0xf3, 0x68, 0x9f, 0xbe, 0xae, 0xa2, 0x91, 0xf0,
  4615. 0xc7, 0x55, 0x7a, 0x52, 0xd5, 0xa3, 0x8d, 0x6f, 0xe4, 0x90, 0x5c, 0xf3,
  4616. 0x5f, 0xce, 0x3d, 0x23, 0xf9, 0x8e, 0xae, 0x14, 0xfb, 0x82, 0x9a, 0xa3,
  4617. 0x04, 0x5f, 0xbf, 0xad, 0x3e, 0xf2, 0x97, 0x0a, 0x60, 0x40, 0x70, 0x19,
  4618. 0x72, 0xad, 0x66, 0xfb, 0x78, 0x1b, 0x84, 0x6c, 0x98, 0xbc, 0x8c, 0xf8,
  4619. 0x4f, 0xcb, 0xb5, 0xf6, 0xaf, 0x7a, 0xb7, 0x93, 0xef, 0x67, 0x48, 0x02,
  4620. 0x2c, 0xcb, 0xe6, 0x77, 0x0f, 0x7b, 0xc1, 0xee, 0xc5, 0xb6, 0x2d, 0x7e,
  4621. 0x62, 0xa0, 0xc0, 0xa7, 0xa5, 0x80, 0x31, 0x92, 0x50, 0xa1, 0x28, 0x22,
  4622. 0x95, 0x03, 0x17, 0xd1, 0x0f, 0xf6, 0x08, 0xe5, 0xec
  4623. };
  4624. #define CHACHA_BIG_TEST_SIZE 1305
  4625. #ifndef WOLFSSL_SMALL_STACK
  4626. byte cipher_big[CHACHA_BIG_TEST_SIZE] = {0};
  4627. byte plain_big[CHACHA_BIG_TEST_SIZE] = {0};
  4628. byte input_big[CHACHA_BIG_TEST_SIZE] = {0};
  4629. #else
  4630. byte* cipher_big;
  4631. byte* plain_big;
  4632. byte* input_big;
  4633. #endif /* WOLFSSL_SMALL_STACK */
  4634. int block_size;
  4635. #endif /* BENCH_EMBEDDED */
  4636. byte a[] = {0x76,0xb8,0xe0,0xad,0xa0,0xf1,0x3d,0x90};
  4637. byte b[] = {0x45,0x40,0xf0,0x5a,0x9f,0x1f,0xb2,0x96};
  4638. byte c[] = {0xde,0x9c,0xba,0x7b,0xf3,0xd6,0x9e,0xf5};
  4639. byte d[] = {0x89,0x67,0x09,0x52,0x60,0x83,0x64,0xfd};
  4640. byte* test_chacha[4];
  4641. test_chacha[0] = a;
  4642. test_chacha[1] = b;
  4643. test_chacha[2] = c;
  4644. test_chacha[3] = d;
  4645. #ifndef BENCH_EMBEDDED
  4646. #ifdef WOLFSSL_SMALL_STACK
  4647. cipher_big = (byte*)XMALLOC(CHACHA_BIG_TEST_SIZE, HEAP_HINT,
  4648. DYNAMIC_TYPE_TMP_BUFFER);
  4649. if (cipher_big == NULL) {
  4650. return MEMORY_E;
  4651. }
  4652. plain_big = (byte*)XMALLOC(CHACHA_BIG_TEST_SIZE, HEAP_HINT,
  4653. DYNAMIC_TYPE_TMP_BUFFER);
  4654. if (plain_big == NULL) {
  4655. return MEMORY_E;
  4656. }
  4657. input_big = (byte*)XMALLOC(CHACHA_BIG_TEST_SIZE, HEAP_HINT,
  4658. DYNAMIC_TYPE_TMP_BUFFER);
  4659. if (input_big == NULL) {
  4660. return MEMORY_E;
  4661. }
  4662. XMEMSET(cipher_big, 0, CHACHA_BIG_TEST_SIZE);
  4663. XMEMSET(plain_big, 0, CHACHA_BIG_TEST_SIZE);
  4664. XMEMSET(input_big, 0, CHACHA_BIG_TEST_SIZE);
  4665. #endif /* WOLFSSL_SMALL_STACK */
  4666. #endif /* BENCH_EMBEDDED */
  4667. for (i = 0; i < times; ++i) {
  4668. if (i < 3) {
  4669. keySz = 32;
  4670. }
  4671. else {
  4672. keySz = 16;
  4673. }
  4674. XMEMCPY(plain, keys[i], keySz);
  4675. XMEMSET(cipher, 0, 32);
  4676. XMEMCPY(cipher + 4, ivs[i], 8);
  4677. ret |= wc_Chacha_SetKey(&enc, keys[i], keySz);
  4678. ret |= wc_Chacha_SetKey(&dec, keys[i], keySz);
  4679. if (ret != 0)
  4680. return ret;
  4681. ret |= wc_Chacha_SetIV(&enc, cipher, 0);
  4682. ret |= wc_Chacha_SetIV(&dec, cipher, 0);
  4683. if (ret != 0)
  4684. return ret;
  4685. XMEMCPY(plain, input, 8);
  4686. ret |= wc_Chacha_Process(&enc, cipher, plain, (word32)8);
  4687. ret |= wc_Chacha_Process(&dec, plain, cipher, (word32)8);
  4688. if (ret != 0)
  4689. return ret;
  4690. if (XMEMCMP(test_chacha[i], cipher, 8))
  4691. return -4700 - i;
  4692. if (XMEMCMP(plain, input, 8))
  4693. return -4710 - i;
  4694. }
  4695. /* test of starting at a different counter
  4696. encrypts all of the information and decrypts starting at 2nd chunk */
  4697. XMEMSET(plain, 0, sizeof(plain));
  4698. XMEMSET(sliver, 1, sizeof(sliver)); /* set as 1's to not match plain */
  4699. XMEMSET(cipher, 0, sizeof(cipher));
  4700. XMEMCPY(cipher + 4, ivs[0], 8);
  4701. ret |= wc_Chacha_SetKey(&enc, keys[0], keySz);
  4702. ret |= wc_Chacha_SetKey(&dec, keys[0], keySz);
  4703. if (ret != 0)
  4704. return ret;
  4705. ret |= wc_Chacha_SetIV(&enc, cipher, 0);
  4706. ret |= wc_Chacha_SetIV(&dec, cipher, 1);
  4707. if (ret != 0)
  4708. return ret;
  4709. ret |= wc_Chacha_Process(&enc, cipher, plain, sizeof(plain));
  4710. ret |= wc_Chacha_Process(&dec, sliver, cipher + 64, sizeof(sliver));
  4711. if (ret != 0)
  4712. return ret;
  4713. if (XMEMCMP(plain + 64, sliver, 64))
  4714. return -4720;
  4715. #ifndef BENCH_EMBEDDED
  4716. /* test of encrypting more data */
  4717. keySz = 32;
  4718. ret |= wc_Chacha_SetKey(&enc, keys[0], keySz);
  4719. ret |= wc_Chacha_SetKey(&dec, keys[0], keySz);
  4720. if (ret != 0)
  4721. return ret;
  4722. ret |= wc_Chacha_SetIV(&enc, ivs[2], 0);
  4723. ret |= wc_Chacha_SetIV(&dec, ivs[2], 0);
  4724. if (ret != 0)
  4725. return ret;
  4726. ret |= wc_Chacha_Process(&enc, cipher_big, plain_big, CHACHA_BIG_TEST_SIZE);
  4727. ret |= wc_Chacha_Process(&dec, plain_big, cipher_big,
  4728. CHACHA_BIG_TEST_SIZE);
  4729. if (ret != 0)
  4730. return ret;
  4731. if (XMEMCMP(plain_big, input_big, CHACHA_BIG_TEST_SIZE))
  4732. return -4721;
  4733. if (XMEMCMP(cipher_big, cipher_big_result, CHACHA_BIG_TEST_SIZE))
  4734. return -4722;
  4735. for (i = 0; i < 18; ++i) {
  4736. /* this will test all paths */
  4737. // block sizes: 1 2 3 4 7 8 15 16 31 32 63 64 127 128 255 256 511 512
  4738. block_size = (2 << (i%9)) - (i<9?1:0);
  4739. keySz = 32;
  4740. ret |= wc_Chacha_SetKey(&enc, keys[0], keySz);
  4741. ret |= wc_Chacha_SetKey(&dec, keys[0], keySz);
  4742. if (ret != 0)
  4743. return ret;
  4744. ret |= wc_Chacha_SetIV(&enc, ivs[2], 0);
  4745. ret |= wc_Chacha_SetIV(&dec, ivs[2], 0);
  4746. if (ret != 0)
  4747. return ret;
  4748. ret |= wc_Chacha_Process(&enc, cipher_big, plain_big, block_size);
  4749. ret |= wc_Chacha_Process(&dec, plain_big, cipher_big, block_size);
  4750. if (ret != 0)
  4751. return ret;
  4752. if (XMEMCMP(plain_big, input_big, block_size))
  4753. return -4723-i;
  4754. if (XMEMCMP(cipher_big, cipher_big_result, block_size))
  4755. return -4724-i;
  4756. }
  4757. /* Streaming test */
  4758. for (i = 1; i <= (int)CHACHA_CHUNK_BYTES + 1; i++) {
  4759. int j, rem;
  4760. ret = wc_Chacha_SetKey(&enc, keys[0], keySz);
  4761. if (ret != 0)
  4762. return -4725;
  4763. ret = wc_Chacha_SetKey(&dec, keys[0], keySz);
  4764. if (ret != 0)
  4765. return -4726;
  4766. ret = wc_Chacha_SetIV(&enc, ivs[2], 0);
  4767. if (ret != 0)
  4768. return -4727;
  4769. ret = wc_Chacha_SetIV(&dec, ivs[2], 0);
  4770. if (ret != 0)
  4771. return -4728;
  4772. for (j = 0; j < CHACHA_BIG_TEST_SIZE - i; j+= i) {
  4773. ret = wc_Chacha_Process(&enc, cipher_big + j, plain_big + j, i);
  4774. if (ret != 0)
  4775. return -4729;
  4776. ret = wc_Chacha_Process(&dec, plain_big + j, cipher_big + j, i);
  4777. if (ret != 0)
  4778. return -4730;
  4779. }
  4780. rem = CHACHA_BIG_TEST_SIZE - j;
  4781. ret = wc_Chacha_Process(&enc, cipher_big + j, plain_big + j, rem);
  4782. if (ret != 0)
  4783. return -4731;
  4784. ret = wc_Chacha_Process(&dec, plain_big + j, cipher_big + j, rem);
  4785. if (ret != 0)
  4786. return -4732;
  4787. if (XMEMCMP(plain_big, input_big, CHACHA_BIG_TEST_SIZE))
  4788. return -4733;
  4789. if (XMEMCMP(cipher_big, cipher_big_result, CHACHA_BIG_TEST_SIZE))
  4790. return -4734;
  4791. }
  4792. #ifdef WOLFSSL_SMALL_STACK
  4793. XFREE(cipher_big, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  4794. XFREE(plain_big, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  4795. XFREE(input_big, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  4796. #endif /* WOLFSSL_SMALL_STACK */
  4797. #endif /* BENCH_EMBEDDED */
  4798. return 0;
  4799. }
  4800. #endif /* HAVE_CHACHA */
  4801. #ifdef HAVE_POLY1305
  4802. WOLFSSL_TEST_SUBROUTINE int poly1305_test(void)
  4803. {
  4804. int ret = 0;
  4805. int i;
  4806. byte tag[16];
  4807. Poly1305 enc;
  4808. WOLFSSL_SMALL_STACK_STATIC const byte msg1[] =
  4809. {
  4810. 0x43,0x72,0x79,0x70,0x74,0x6f,0x67,0x72,
  4811. 0x61,0x70,0x68,0x69,0x63,0x20,0x46,0x6f,
  4812. 0x72,0x75,0x6d,0x20,0x52,0x65,0x73,0x65,
  4813. 0x61,0x72,0x63,0x68,0x20,0x47,0x72,0x6f,
  4814. 0x75,0x70
  4815. };
  4816. WOLFSSL_SMALL_STACK_STATIC const byte msg2[] =
  4817. {
  4818. 0x48,0x65,0x6c,0x6c,0x6f,0x20,0x77,0x6f,0x72,
  4819. 0x6c,0x64,0x21
  4820. };
  4821. WOLFSSL_SMALL_STACK_STATIC const byte msg3[] =
  4822. {
  4823. 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
  4824. 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
  4825. 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
  4826. 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00
  4827. };
  4828. WOLFSSL_SMALL_STACK_STATIC const byte msg4[] =
  4829. {
  4830. 0xd3,0x1a,0x8d,0x34,0x64,0x8e,0x60,0xdb,
  4831. 0x7b,0x86,0xaf,0xbc,0x53,0xef,0x7e,0xc2,
  4832. 0xa4,0xad,0xed,0x51,0x29,0x6e,0x08,0xfe,
  4833. 0xa9,0xe2,0xb5,0xa7,0x36,0xee,0x62,0xd6,
  4834. 0x3d,0xbe,0xa4,0x5e,0x8c,0xa9,0x67,0x12,
  4835. 0x82,0xfa,0xfb,0x69,0xda,0x92,0x72,0x8b,
  4836. 0x1a,0x71,0xde,0x0a,0x9e,0x06,0x0b,0x29,
  4837. 0x05,0xd6,0xa5,0xb6,0x7e,0xcd,0x3b,0x36,
  4838. 0x92,0xdd,0xbd,0x7f,0x2d,0x77,0x8b,0x8c,
  4839. 0x98,0x03,0xae,0xe3,0x28,0x09,0x1b,0x58,
  4840. 0xfa,0xb3,0x24,0xe4,0xfa,0xd6,0x75,0x94,
  4841. 0x55,0x85,0x80,0x8b,0x48,0x31,0xd7,0xbc,
  4842. 0x3f,0xf4,0xde,0xf0,0x8e,0x4b,0x7a,0x9d,
  4843. 0xe5,0x76,0xd2,0x65,0x86,0xce,0xc6,0x4b,
  4844. 0x61,0x16
  4845. };
  4846. WOLFSSL_SMALL_STACK_STATIC const byte msg5[] =
  4847. {
  4848. 0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,
  4849. 0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,
  4850. };
  4851. WOLFSSL_SMALL_STACK_STATIC const byte msg6[] =
  4852. {
  4853. 0xd3,0x1a,0x8d,0x34,0x64,0x8e,0x60,0xdb,
  4854. 0x7b,0x86,0xaf,0xbc,0x53,0xef,0x7e,0xc2,
  4855. 0xa4,0xad,0xed,0x51,0x29,0x6e,0x08,0xfe,
  4856. 0xa9,0xe2,0xb5,0xa7,0x36,0xee,0x62,0xd6,
  4857. 0x3d,0xbe,0xa4,0x5e,0x8c,0xa9,0x67,0x12,
  4858. 0x82,0xfa,0xfb,0x69,0xda,0x92,0x72,0x8b,
  4859. 0xfa,0xb3,0x24,0xe4,0xfa,0xd6,0x75,0x94,
  4860. 0x1a,0x71,0xde,0x0a,0x9e,0x06,0x0b,0x29,
  4861. 0xa9,0xe2,0xb5,0xa7,0x36,0xee,0x62,0xd6,
  4862. 0x3d,0xbe,0xa4,0x5e,0x8c,0xa9,0x67,0x12,
  4863. 0xfa,0xb3,0x24,0xe4,0xfa,0xd6,0x75,0x94,
  4864. 0x05,0xd6,0xa5,0xb6,0x7e,0xcd,0x3b,0x36,
  4865. 0x92,0xdd,0xbd,0x7f,0x2d,0x77,0x8b,0x8c,
  4866. 0x7b,0x86,0xaf,0xbc,0x53,0xef,0x7e,0xc2,
  4867. 0x98,0x03,0xae,0xe3,0x28,0x09,0x1b,0x58,
  4868. 0xfa,0xb3,0x24,0xe4,0xfa,0xd6,0x75,0x94,
  4869. 0x55,0x85,0x80,0x8b,0x48,0x31,0xd7,0xbc,
  4870. 0x3f,0xf4,0xde,0xf0,0x8e,0x4b,0x7a,0x9d,
  4871. 0xe5,0x76,0xd2,0x65,0x86,0xce,0xc6,0x4b,
  4872. 0x61,0x16
  4873. };
  4874. byte additional[] =
  4875. {
  4876. 0x50,0x51,0x52,0x53,0xc0,0xc1,0xc2,0xc3,
  4877. 0xc4,0xc5,0xc6,0xc7
  4878. };
  4879. WOLFSSL_SMALL_STACK_STATIC const byte correct0[] =
  4880. {
  4881. 0x01,0x03,0x80,0x8a,0xfb,0x0d,0xb2,0xfd,
  4882. 0x4a,0xbf,0xf6,0xaf,0x41,0x49,0xf5,0x1b
  4883. };
  4884. WOLFSSL_SMALL_STACK_STATIC const byte correct1[] =
  4885. {
  4886. 0xa8,0x06,0x1d,0xc1,0x30,0x51,0x36,0xc6,
  4887. 0xc2,0x2b,0x8b,0xaf,0x0c,0x01,0x27,0xa9
  4888. };
  4889. WOLFSSL_SMALL_STACK_STATIC const byte correct2[] =
  4890. {
  4891. 0xa6,0xf7,0x45,0x00,0x8f,0x81,0xc9,0x16,
  4892. 0xa2,0x0d,0xcc,0x74,0xee,0xf2,0xb2,0xf0
  4893. };
  4894. WOLFSSL_SMALL_STACK_STATIC const byte correct3[] =
  4895. {
  4896. 0x49,0xec,0x78,0x09,0x0e,0x48,0x1e,0xc6,
  4897. 0xc2,0x6b,0x33,0xb9,0x1c,0xcc,0x03,0x07
  4898. };
  4899. WOLFSSL_SMALL_STACK_STATIC const byte correct4[] =
  4900. {
  4901. 0x1a,0xe1,0x0b,0x59,0x4f,0x09,0xe2,0x6a,
  4902. 0x7e,0x90,0x2e,0xcb,0xd0,0x60,0x06,0x91
  4903. };
  4904. WOLFSSL_SMALL_STACK_STATIC const byte correct5[] =
  4905. {
  4906. 0x03,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
  4907. 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
  4908. };
  4909. WOLFSSL_SMALL_STACK_STATIC const byte correct6[] =
  4910. {
  4911. 0xea,0x11,0x5c,0x4f,0xd0,0xc0,0x10,0xae,
  4912. 0xf7,0xdf,0xda,0x77,0xa2,0xe9,0xaf,0xca
  4913. };
  4914. WOLFSSL_SMALL_STACK_STATIC const byte key[] = {
  4915. 0x85,0xd6,0xbe,0x78,0x57,0x55,0x6d,0x33,
  4916. 0x7f,0x44,0x52,0xfe,0x42,0xd5,0x06,0xa8,
  4917. 0x01,0x03,0x80,0x8a,0xfb,0x0d,0xb2,0xfd,
  4918. 0x4a,0xbf,0xf6,0xaf,0x41,0x49,0xf5,0x1b
  4919. };
  4920. WOLFSSL_SMALL_STACK_STATIC const byte key2[] = {
  4921. 0x74,0x68,0x69,0x73,0x20,0x69,0x73,0x20,
  4922. 0x33,0x32,0x2d,0x62,0x79,0x74,0x65,0x20,
  4923. 0x6b,0x65,0x79,0x20,0x66,0x6f,0x72,0x20,
  4924. 0x50,0x6f,0x6c,0x79,0x31,0x33,0x30,0x35
  4925. };
  4926. WOLFSSL_SMALL_STACK_STATIC const byte key4[] = {
  4927. 0x7b,0xac,0x2b,0x25,0x2d,0xb4,0x47,0xaf,
  4928. 0x09,0xb6,0x7a,0x55,0xa4,0xe9,0x55,0x84,
  4929. 0x0a,0xe1,0xd6,0x73,0x10,0x75,0xd9,0xeb,
  4930. 0x2a,0x93,0x75,0x78,0x3e,0xd5,0x53,0xff
  4931. };
  4932. WOLFSSL_SMALL_STACK_STATIC const byte key5[] = {
  4933. 0x02,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
  4934. 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
  4935. 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
  4936. 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00
  4937. };
  4938. const byte* msgs[] = {NULL, msg1, msg2, msg3, msg5, msg6};
  4939. word32 szm[] = {0, sizeof(msg1), sizeof(msg2),
  4940. sizeof(msg3), sizeof(msg5), sizeof(msg6)};
  4941. const byte* keys[] = {key, key, key2, key2, key5, key};
  4942. const byte* tests[] = {correct0, correct1, correct2, correct3, correct5,
  4943. correct6};
  4944. for (i = 0; i < 6; i++) {
  4945. ret = wc_Poly1305SetKey(&enc, keys[i], 32);
  4946. if (ret != 0)
  4947. return -4800 - i;
  4948. ret = wc_Poly1305Update(&enc, msgs[i], szm[i]);
  4949. if (ret != 0)
  4950. return -4810 - i;
  4951. ret = wc_Poly1305Final(&enc, tag);
  4952. if (ret != 0)
  4953. return -4820 - i;
  4954. if (XMEMCMP(tag, tests[i], sizeof(tag)))
  4955. return -4830 - i;
  4956. }
  4957. /* Check TLS MAC function from 2.8.2 https://tools.ietf.org/html/rfc7539 */
  4958. XMEMSET(tag, 0, sizeof(tag));
  4959. ret = wc_Poly1305SetKey(&enc, key4, sizeof(key4));
  4960. if (ret != 0)
  4961. return -4840;
  4962. ret = wc_Poly1305_MAC(&enc, additional, sizeof(additional),
  4963. (byte*)msg4, sizeof(msg4), tag, sizeof(tag));
  4964. if (ret != 0)
  4965. return -4841;
  4966. if (XMEMCMP(tag, correct4, sizeof(tag)))
  4967. return -4842;
  4968. /* Check fail of TLS MAC function if altering additional data */
  4969. XMEMSET(tag, 0, sizeof(tag));
  4970. additional[0]++;
  4971. ret = wc_Poly1305_MAC(&enc, additional, sizeof(additional),
  4972. (byte*)msg4, sizeof(msg4), tag, sizeof(tag));
  4973. if (ret != 0)
  4974. return -4843;
  4975. if (XMEMCMP(tag, correct4, sizeof(tag)) == 0)
  4976. return -4844;
  4977. return 0;
  4978. }
  4979. #endif /* HAVE_POLY1305 */
  4980. #if defined(HAVE_CHACHA) && defined(HAVE_POLY1305)
  4981. WOLFSSL_TEST_SUBROUTINE int chacha20_poly1305_aead_test(void)
  4982. {
  4983. /* Test #1 from Section 2.8.2 of draft-irtf-cfrg-chacha20-poly1305-10 */
  4984. /* https://tools.ietf.org/html/draft-irtf-cfrg-chacha20-poly1305-10 */
  4985. WOLFSSL_SMALL_STACK_STATIC const byte key1[] = {
  4986. 0x80, 0x81, 0x82, 0x83, 0x84, 0x85, 0x86, 0x87,
  4987. 0x88, 0x89, 0x8a, 0x8b, 0x8c, 0x8d, 0x8e, 0x8f,
  4988. 0x90, 0x91, 0x92, 0x93, 0x94, 0x95, 0x96, 0x97,
  4989. 0x98, 0x99, 0x9a, 0x9b, 0x9c, 0x9d, 0x9e, 0x9f
  4990. };
  4991. WOLFSSL_SMALL_STACK_STATIC const byte plaintext1[] = {
  4992. 0x4c, 0x61, 0x64, 0x69, 0x65, 0x73, 0x20, 0x61,
  4993. 0x6e, 0x64, 0x20, 0x47, 0x65, 0x6e, 0x74, 0x6c,
  4994. 0x65, 0x6d, 0x65, 0x6e, 0x20, 0x6f, 0x66, 0x20,
  4995. 0x74, 0x68, 0x65, 0x20, 0x63, 0x6c, 0x61, 0x73,
  4996. 0x73, 0x20, 0x6f, 0x66, 0x20, 0x27, 0x39, 0x39,
  4997. 0x3a, 0x20, 0x49, 0x66, 0x20, 0x49, 0x20, 0x63,
  4998. 0x6f, 0x75, 0x6c, 0x64, 0x20, 0x6f, 0x66, 0x66,
  4999. 0x65, 0x72, 0x20, 0x79, 0x6f, 0x75, 0x20, 0x6f,
  5000. 0x6e, 0x6c, 0x79, 0x20, 0x6f, 0x6e, 0x65, 0x20,
  5001. 0x74, 0x69, 0x70, 0x20, 0x66, 0x6f, 0x72, 0x20,
  5002. 0x74, 0x68, 0x65, 0x20, 0x66, 0x75, 0x74, 0x75,
  5003. 0x72, 0x65, 0x2c, 0x20, 0x73, 0x75, 0x6e, 0x73,
  5004. 0x63, 0x72, 0x65, 0x65, 0x6e, 0x20, 0x77, 0x6f,
  5005. 0x75, 0x6c, 0x64, 0x20, 0x62, 0x65, 0x20, 0x69,
  5006. 0x74, 0x2e
  5007. };
  5008. WOLFSSL_SMALL_STACK_STATIC const byte iv1[] = {
  5009. 0x07, 0x00, 0x00, 0x00, 0x40, 0x41, 0x42, 0x43,
  5010. 0x44, 0x45, 0x46, 0x47
  5011. };
  5012. WOLFSSL_SMALL_STACK_STATIC const byte aad1[] = { /* additional data */
  5013. 0x50, 0x51, 0x52, 0x53, 0xc0, 0xc1, 0xc2, 0xc3,
  5014. 0xc4, 0xc5, 0xc6, 0xc7
  5015. };
  5016. WOLFSSL_SMALL_STACK_STATIC const byte cipher1[] = { /* expected output from operation */
  5017. 0xd3, 0x1a, 0x8d, 0x34, 0x64, 0x8e, 0x60, 0xdb,
  5018. 0x7b, 0x86, 0xaf, 0xbc, 0x53, 0xef, 0x7e, 0xc2,
  5019. 0xa4, 0xad, 0xed, 0x51, 0x29, 0x6e, 0x08, 0xfe,
  5020. 0xa9, 0xe2, 0xb5, 0xa7, 0x36, 0xee, 0x62, 0xd6,
  5021. 0x3d, 0xbe, 0xa4, 0x5e, 0x8c, 0xa9, 0x67, 0x12,
  5022. 0x82, 0xfa, 0xfb, 0x69, 0xda, 0x92, 0x72, 0x8b,
  5023. 0x1a, 0x71, 0xde, 0x0a, 0x9e, 0x06, 0x0b, 0x29,
  5024. 0x05, 0xd6, 0xa5, 0xb6, 0x7e, 0xcd, 0x3b, 0x36,
  5025. 0x92, 0xdd, 0xbd, 0x7f, 0x2d, 0x77, 0x8b, 0x8c,
  5026. 0x98, 0x03, 0xae, 0xe3, 0x28, 0x09, 0x1b, 0x58,
  5027. 0xfa, 0xb3, 0x24, 0xe4, 0xfa, 0xd6, 0x75, 0x94,
  5028. 0x55, 0x85, 0x80, 0x8b, 0x48, 0x31, 0xd7, 0xbc,
  5029. 0x3f, 0xf4, 0xde, 0xf0, 0x8e, 0x4b, 0x7a, 0x9d,
  5030. 0xe5, 0x76, 0xd2, 0x65, 0x86, 0xce, 0xc6, 0x4b,
  5031. 0x61, 0x16
  5032. };
  5033. WOLFSSL_SMALL_STACK_STATIC const byte authTag1[] = { /* expected output from operation */
  5034. 0x1a, 0xe1, 0x0b, 0x59, 0x4f, 0x09, 0xe2, 0x6a,
  5035. 0x7e, 0x90, 0x2e, 0xcb, 0xd0, 0x60, 0x06, 0x91
  5036. };
  5037. /* Test #2 from Appendix A.2 in draft-irtf-cfrg-chacha20-poly1305-10 */
  5038. /* https://tools.ietf.org/html/draft-irtf-cfrg-chacha20-poly1305-10 */
  5039. WOLFSSL_SMALL_STACK_STATIC const byte key2[] = {
  5040. 0x1c, 0x92, 0x40, 0xa5, 0xeb, 0x55, 0xd3, 0x8a,
  5041. 0xf3, 0x33, 0x88, 0x86, 0x04, 0xf6, 0xb5, 0xf0,
  5042. 0x47, 0x39, 0x17, 0xc1, 0x40, 0x2b, 0x80, 0x09,
  5043. 0x9d, 0xca, 0x5c, 0xbc, 0x20, 0x70, 0x75, 0xc0
  5044. };
  5045. WOLFSSL_SMALL_STACK_STATIC const byte plaintext2[] = {
  5046. 0x49, 0x6e, 0x74, 0x65, 0x72, 0x6e, 0x65, 0x74,
  5047. 0x2d, 0x44, 0x72, 0x61, 0x66, 0x74, 0x73, 0x20,
  5048. 0x61, 0x72, 0x65, 0x20, 0x64, 0x72, 0x61, 0x66,
  5049. 0x74, 0x20, 0x64, 0x6f, 0x63, 0x75, 0x6d, 0x65,
  5050. 0x6e, 0x74, 0x73, 0x20, 0x76, 0x61, 0x6c, 0x69,
  5051. 0x64, 0x20, 0x66, 0x6f, 0x72, 0x20, 0x61, 0x20,
  5052. 0x6d, 0x61, 0x78, 0x69, 0x6d, 0x75, 0x6d, 0x20,
  5053. 0x6f, 0x66, 0x20, 0x73, 0x69, 0x78, 0x20, 0x6d,
  5054. 0x6f, 0x6e, 0x74, 0x68, 0x73, 0x20, 0x61, 0x6e,
  5055. 0x64, 0x20, 0x6d, 0x61, 0x79, 0x20, 0x62, 0x65,
  5056. 0x20, 0x75, 0x70, 0x64, 0x61, 0x74, 0x65, 0x64,
  5057. 0x2c, 0x20, 0x72, 0x65, 0x70, 0x6c, 0x61, 0x63,
  5058. 0x65, 0x64, 0x2c, 0x20, 0x6f, 0x72, 0x20, 0x6f,
  5059. 0x62, 0x73, 0x6f, 0x6c, 0x65, 0x74, 0x65, 0x64,
  5060. 0x20, 0x62, 0x79, 0x20, 0x6f, 0x74, 0x68, 0x65,
  5061. 0x72, 0x20, 0x64, 0x6f, 0x63, 0x75, 0x6d, 0x65,
  5062. 0x6e, 0x74, 0x73, 0x20, 0x61, 0x74, 0x20, 0x61,
  5063. 0x6e, 0x79, 0x20, 0x74, 0x69, 0x6d, 0x65, 0x2e,
  5064. 0x20, 0x49, 0x74, 0x20, 0x69, 0x73, 0x20, 0x69,
  5065. 0x6e, 0x61, 0x70, 0x70, 0x72, 0x6f, 0x70, 0x72,
  5066. 0x69, 0x61, 0x74, 0x65, 0x20, 0x74, 0x6f, 0x20,
  5067. 0x75, 0x73, 0x65, 0x20, 0x49, 0x6e, 0x74, 0x65,
  5068. 0x72, 0x6e, 0x65, 0x74, 0x2d, 0x44, 0x72, 0x61,
  5069. 0x66, 0x74, 0x73, 0x20, 0x61, 0x73, 0x20, 0x72,
  5070. 0x65, 0x66, 0x65, 0x72, 0x65, 0x6e, 0x63, 0x65,
  5071. 0x20, 0x6d, 0x61, 0x74, 0x65, 0x72, 0x69, 0x61,
  5072. 0x6c, 0x20, 0x6f, 0x72, 0x20, 0x74, 0x6f, 0x20,
  5073. 0x63, 0x69, 0x74, 0x65, 0x20, 0x74, 0x68, 0x65,
  5074. 0x6d, 0x20, 0x6f, 0x74, 0x68, 0x65, 0x72, 0x20,
  5075. 0x74, 0x68, 0x61, 0x6e, 0x20, 0x61, 0x73, 0x20,
  5076. 0x2f, 0xe2, 0x80, 0x9c, 0x77, 0x6f, 0x72, 0x6b,
  5077. 0x20, 0x69, 0x6e, 0x20, 0x70, 0x72, 0x6f, 0x67,
  5078. 0x72, 0x65, 0x73, 0x73, 0x2e, 0x2f, 0xe2, 0x80,
  5079. 0x9d
  5080. };
  5081. WOLFSSL_SMALL_STACK_STATIC const byte iv2[] = {
  5082. 0x00, 0x00, 0x00, 0x00, 0x01, 0x02, 0x03, 0x04,
  5083. 0x05, 0x06, 0x07, 0x08
  5084. };
  5085. WOLFSSL_SMALL_STACK_STATIC const byte aad2[] = { /* additional data */
  5086. 0xf3, 0x33, 0x88, 0x86, 0x00, 0x00, 0x00, 0x00,
  5087. 0x00, 0x00, 0x4e, 0x91
  5088. };
  5089. WOLFSSL_SMALL_STACK_STATIC const byte cipher2[] = { /* expected output from operation */
  5090. 0x64, 0xa0, 0x86, 0x15, 0x75, 0x86, 0x1a, 0xf4,
  5091. 0x60, 0xf0, 0x62, 0xc7, 0x9b, 0xe6, 0x43, 0xbd,
  5092. 0x5e, 0x80, 0x5c, 0xfd, 0x34, 0x5c, 0xf3, 0x89,
  5093. 0xf1, 0x08, 0x67, 0x0a, 0xc7, 0x6c, 0x8c, 0xb2,
  5094. 0x4c, 0x6c, 0xfc, 0x18, 0x75, 0x5d, 0x43, 0xee,
  5095. 0xa0, 0x9e, 0xe9, 0x4e, 0x38, 0x2d, 0x26, 0xb0,
  5096. 0xbd, 0xb7, 0xb7, 0x3c, 0x32, 0x1b, 0x01, 0x00,
  5097. 0xd4, 0xf0, 0x3b, 0x7f, 0x35, 0x58, 0x94, 0xcf,
  5098. 0x33, 0x2f, 0x83, 0x0e, 0x71, 0x0b, 0x97, 0xce,
  5099. 0x98, 0xc8, 0xa8, 0x4a, 0xbd, 0x0b, 0x94, 0x81,
  5100. 0x14, 0xad, 0x17, 0x6e, 0x00, 0x8d, 0x33, 0xbd,
  5101. 0x60, 0xf9, 0x82, 0xb1, 0xff, 0x37, 0xc8, 0x55,
  5102. 0x97, 0x97, 0xa0, 0x6e, 0xf4, 0xf0, 0xef, 0x61,
  5103. 0xc1, 0x86, 0x32, 0x4e, 0x2b, 0x35, 0x06, 0x38,
  5104. 0x36, 0x06, 0x90, 0x7b, 0x6a, 0x7c, 0x02, 0xb0,
  5105. 0xf9, 0xf6, 0x15, 0x7b, 0x53, 0xc8, 0x67, 0xe4,
  5106. 0xb9, 0x16, 0x6c, 0x76, 0x7b, 0x80, 0x4d, 0x46,
  5107. 0xa5, 0x9b, 0x52, 0x16, 0xcd, 0xe7, 0xa4, 0xe9,
  5108. 0x90, 0x40, 0xc5, 0xa4, 0x04, 0x33, 0x22, 0x5e,
  5109. 0xe2, 0x82, 0xa1, 0xb0, 0xa0, 0x6c, 0x52, 0x3e,
  5110. 0xaf, 0x45, 0x34, 0xd7, 0xf8, 0x3f, 0xa1, 0x15,
  5111. 0x5b, 0x00, 0x47, 0x71, 0x8c, 0xbc, 0x54, 0x6a,
  5112. 0x0d, 0x07, 0x2b, 0x04, 0xb3, 0x56, 0x4e, 0xea,
  5113. 0x1b, 0x42, 0x22, 0x73, 0xf5, 0x48, 0x27, 0x1a,
  5114. 0x0b, 0xb2, 0x31, 0x60, 0x53, 0xfa, 0x76, 0x99,
  5115. 0x19, 0x55, 0xeb, 0xd6, 0x31, 0x59, 0x43, 0x4e,
  5116. 0xce, 0xbb, 0x4e, 0x46, 0x6d, 0xae, 0x5a, 0x10,
  5117. 0x73, 0xa6, 0x72, 0x76, 0x27, 0x09, 0x7a, 0x10,
  5118. 0x49, 0xe6, 0x17, 0xd9, 0x1d, 0x36, 0x10, 0x94,
  5119. 0xfa, 0x68, 0xf0, 0xff, 0x77, 0x98, 0x71, 0x30,
  5120. 0x30, 0x5b, 0xea, 0xba, 0x2e, 0xda, 0x04, 0xdf,
  5121. 0x99, 0x7b, 0x71, 0x4d, 0x6c, 0x6f, 0x2c, 0x29,
  5122. 0xa6, 0xad, 0x5c, 0xb4, 0x02, 0x2b, 0x02, 0x70,
  5123. 0x9b
  5124. };
  5125. WOLFSSL_SMALL_STACK_STATIC const byte authTag2[] = { /* expected output from operation */
  5126. 0xee, 0xad, 0x9d, 0x67, 0x89, 0x0c, 0xbb, 0x22,
  5127. 0x39, 0x23, 0x36, 0xfe, 0xa1, 0x85, 0x1f, 0x38
  5128. };
  5129. byte generatedCiphertext[265]; /* max plaintext2/cipher2 */
  5130. byte generatedPlaintext[265]; /* max plaintext2/cipher2 */
  5131. byte generatedAuthTag[CHACHA20_POLY1305_AEAD_AUTHTAG_SIZE];
  5132. int err;
  5133. ChaChaPoly_Aead aead;
  5134. #if !defined(USE_INTEL_CHACHA_SPEEDUP) && !defined(WOLFSSL_ARMASM)
  5135. #define TEST_SMALL_CHACHA_CHUNKS 32
  5136. #else
  5137. #define TEST_SMALL_CHACHA_CHUNKS 64
  5138. #endif
  5139. #ifdef TEST_SMALL_CHACHA_CHUNKS
  5140. word32 testLen;
  5141. #endif
  5142. XMEMSET(generatedCiphertext, 0, sizeof(generatedCiphertext));
  5143. XMEMSET(generatedAuthTag, 0, sizeof(generatedAuthTag));
  5144. XMEMSET(generatedPlaintext, 0, sizeof(generatedPlaintext));
  5145. /* Parameter Validation testing */
  5146. /* Encrypt */
  5147. err = wc_ChaCha20Poly1305_Encrypt(NULL, iv1, aad1, sizeof(aad1), plaintext1,
  5148. sizeof(plaintext1), generatedCiphertext, generatedAuthTag);
  5149. if (err != BAD_FUNC_ARG)
  5150. return -4900;
  5151. err = wc_ChaCha20Poly1305_Encrypt(key1, NULL, aad1, sizeof(aad1),
  5152. plaintext1, sizeof(plaintext1), generatedCiphertext,
  5153. generatedAuthTag);
  5154. if (err != BAD_FUNC_ARG)
  5155. return -4901;
  5156. err = wc_ChaCha20Poly1305_Encrypt(key1, iv1, aad1, sizeof(aad1), NULL,
  5157. sizeof(plaintext1), generatedCiphertext, generatedAuthTag);
  5158. if (err != BAD_FUNC_ARG)
  5159. return -4902;
  5160. err = wc_ChaCha20Poly1305_Encrypt(key1, iv1, aad1, sizeof(aad1), plaintext1,
  5161. sizeof(plaintext1), NULL, generatedAuthTag);
  5162. if (err != BAD_FUNC_ARG)
  5163. return -4903;
  5164. err = wc_ChaCha20Poly1305_Encrypt(key1, iv1, aad1, sizeof(aad1), plaintext1,
  5165. sizeof(plaintext1), generatedCiphertext, NULL);
  5166. if (err != BAD_FUNC_ARG)
  5167. return -4904;
  5168. err = wc_ChaCha20Poly1305_Encrypt(key1, iv1, aad1, sizeof(aad1), plaintext1,
  5169. 0, generatedCiphertext, generatedAuthTag);
  5170. if (err != BAD_FUNC_ARG)
  5171. return -4905;
  5172. /* Decrypt */
  5173. err = wc_ChaCha20Poly1305_Decrypt(NULL, iv2, aad2, sizeof(aad2), cipher2,
  5174. sizeof(cipher2), authTag2, generatedPlaintext);
  5175. if (err != BAD_FUNC_ARG)
  5176. return -4906;
  5177. err = wc_ChaCha20Poly1305_Decrypt(key2, NULL, aad2, sizeof(aad2), cipher2,
  5178. sizeof(cipher2), authTag2, generatedPlaintext);
  5179. if (err != BAD_FUNC_ARG)
  5180. return -4907;
  5181. err = wc_ChaCha20Poly1305_Decrypt(key2, iv2, aad2, sizeof(aad2), NULL,
  5182. sizeof(cipher2), authTag2, generatedPlaintext);
  5183. if (err != BAD_FUNC_ARG)
  5184. return -4908;
  5185. err = wc_ChaCha20Poly1305_Decrypt(key2, iv2, aad2, sizeof(aad2), cipher2,
  5186. sizeof(cipher2), NULL, generatedPlaintext);
  5187. if (err != BAD_FUNC_ARG)
  5188. return -4909;
  5189. err = wc_ChaCha20Poly1305_Decrypt(key2, iv2, aad2, sizeof(aad2), cipher2,
  5190. sizeof(cipher2), authTag2, NULL);
  5191. if (err != BAD_FUNC_ARG)
  5192. return -4910;
  5193. err = wc_ChaCha20Poly1305_Decrypt(key2, iv2, aad2, sizeof(aad2), cipher2,
  5194. 0, authTag2, generatedPlaintext);
  5195. if (err != BAD_FUNC_ARG)
  5196. return -4911;
  5197. /* Test #1 */
  5198. err = wc_ChaCha20Poly1305_Encrypt(key1, iv1,
  5199. aad1, sizeof(aad1),
  5200. plaintext1, sizeof(plaintext1),
  5201. generatedCiphertext, generatedAuthTag);
  5202. if (err) {
  5203. return err;
  5204. }
  5205. /* -- Check the ciphertext and authtag */
  5206. if (XMEMCMP(generatedCiphertext, cipher1, sizeof(cipher1))) {
  5207. return -4912;
  5208. }
  5209. if (XMEMCMP(generatedAuthTag, authTag1, sizeof(authTag1))) {
  5210. return -4913;
  5211. }
  5212. /* -- Verify decryption works */
  5213. err = wc_ChaCha20Poly1305_Decrypt(key1, iv1,
  5214. aad1, sizeof(aad1),
  5215. cipher1, sizeof(cipher1),
  5216. authTag1, generatedPlaintext);
  5217. if (err) {
  5218. return err;
  5219. }
  5220. if (XMEMCMP(generatedPlaintext, plaintext1, sizeof(plaintext1))) {
  5221. return -4914;
  5222. }
  5223. XMEMSET(generatedCiphertext, 0, sizeof(generatedCiphertext));
  5224. XMEMSET(generatedAuthTag, 0, sizeof(generatedAuthTag));
  5225. XMEMSET(generatedPlaintext, 0, sizeof(generatedPlaintext));
  5226. /* Test #2 */
  5227. err = wc_ChaCha20Poly1305_Encrypt(key2, iv2,
  5228. aad2, sizeof(aad2),
  5229. plaintext2, sizeof(plaintext2),
  5230. generatedCiphertext, generatedAuthTag);
  5231. if (err) {
  5232. return err;
  5233. }
  5234. /* -- Check the ciphertext and authtag */
  5235. if (XMEMCMP(generatedCiphertext, cipher2, sizeof(cipher2))) {
  5236. return -4915;
  5237. }
  5238. if (XMEMCMP(generatedAuthTag, authTag2, sizeof(authTag2))) {
  5239. return -4916;
  5240. }
  5241. /* -- Verify decryption works */
  5242. err = wc_ChaCha20Poly1305_Decrypt(key2, iv2,
  5243. aad2, sizeof(aad2),
  5244. cipher2, sizeof(cipher2),
  5245. authTag2, generatedPlaintext);
  5246. if (err) {
  5247. return err;
  5248. }
  5249. if (XMEMCMP(generatedPlaintext, plaintext2, sizeof(plaintext2))) {
  5250. return -4917;
  5251. }
  5252. /* AEAD init/update/final - bad argument tests */
  5253. err = wc_ChaCha20Poly1305_Init(NULL, key1, iv1,
  5254. CHACHA20_POLY1305_AEAD_DECRYPT);
  5255. if (err != BAD_FUNC_ARG)
  5256. return -4918;
  5257. err = wc_ChaCha20Poly1305_Init(&aead, NULL, iv1,
  5258. CHACHA20_POLY1305_AEAD_DECRYPT);
  5259. if (err != BAD_FUNC_ARG)
  5260. return -4919;
  5261. err = wc_ChaCha20Poly1305_Init(&aead, key1, NULL,
  5262. CHACHA20_POLY1305_AEAD_DECRYPT);
  5263. if (err != BAD_FUNC_ARG)
  5264. return -4920;
  5265. err = wc_ChaCha20Poly1305_UpdateAad(NULL, aad1, sizeof(aad1));
  5266. if (err != BAD_FUNC_ARG)
  5267. return -4921;
  5268. err = wc_ChaCha20Poly1305_UpdateAad(&aead, NULL, sizeof(aad1));
  5269. if (err != BAD_FUNC_ARG)
  5270. return -4922;
  5271. err = wc_ChaCha20Poly1305_UpdateData(NULL, generatedPlaintext,
  5272. generatedPlaintext, sizeof(plaintext1));
  5273. if (err != BAD_FUNC_ARG)
  5274. return -4923;
  5275. err = wc_ChaCha20Poly1305_UpdateData(&aead, generatedPlaintext, NULL,
  5276. sizeof(plaintext1));
  5277. if (err != BAD_FUNC_ARG)
  5278. return -4924;
  5279. err = wc_ChaCha20Poly1305_UpdateData(&aead, NULL, generatedPlaintext,
  5280. sizeof(plaintext1));
  5281. if (err != BAD_FUNC_ARG)
  5282. return -4925;
  5283. err = wc_ChaCha20Poly1305_Final(NULL, generatedAuthTag);
  5284. if (err != BAD_FUNC_ARG)
  5285. return -4926;
  5286. err = wc_ChaCha20Poly1305_Final(&aead, NULL);
  5287. if (err != BAD_FUNC_ARG)
  5288. return -4927;
  5289. /* AEAD init/update/final - bad state tests */
  5290. /* clear struct - make valgrind happy to resolve
  5291. "Conditional jump or move depends on uninitialised value(s)".
  5292. The enum is "int" size and aead.state is "byte" */
  5293. /* The wc_ChaCha20Poly1305_Init function does this normally */
  5294. XMEMSET(&aead, 0, sizeof(aead));
  5295. aead.state = CHACHA20_POLY1305_STATE_INIT;
  5296. err = wc_ChaCha20Poly1305_UpdateAad(&aead, aad1, sizeof(aad1));
  5297. if (err != BAD_STATE_E)
  5298. return -4928;
  5299. aead.state = CHACHA20_POLY1305_STATE_DATA;
  5300. err = wc_ChaCha20Poly1305_UpdateAad(&aead, aad1, sizeof(aad1));
  5301. if (err != BAD_STATE_E)
  5302. return -4929;
  5303. aead.state = CHACHA20_POLY1305_STATE_INIT;
  5304. err = wc_ChaCha20Poly1305_UpdateData(&aead, generatedPlaintext,
  5305. generatedPlaintext, sizeof(plaintext1));
  5306. if (err != BAD_STATE_E)
  5307. return -4930;
  5308. aead.state = CHACHA20_POLY1305_STATE_INIT;
  5309. err = wc_ChaCha20Poly1305_Final(&aead, generatedAuthTag);
  5310. if (err != BAD_STATE_E)
  5311. return -4931;
  5312. aead.state = CHACHA20_POLY1305_STATE_READY;
  5313. err = wc_ChaCha20Poly1305_Final(&aead, generatedAuthTag);
  5314. if (err != BAD_STATE_E)
  5315. return -4932;
  5316. XMEMSET(generatedCiphertext, 0, sizeof(generatedCiphertext));
  5317. XMEMSET(generatedAuthTag, 0, sizeof(generatedAuthTag));
  5318. XMEMSET(generatedPlaintext, 0, sizeof(generatedPlaintext));
  5319. /* Test 1 - Encrypt */
  5320. err = wc_ChaCha20Poly1305_Init(&aead, key1, iv1,
  5321. CHACHA20_POLY1305_AEAD_ENCRYPT);
  5322. if (err != 0)
  5323. return -4933;
  5324. err = wc_ChaCha20Poly1305_UpdateAad(&aead, aad1, sizeof(aad1));
  5325. if (err != 0)
  5326. return -4934;
  5327. #ifdef TEST_SMALL_CHACHA_CHUNKS
  5328. /* test doing data in smaller chunks */
  5329. for (testLen=0; testLen<sizeof(plaintext1); ) {
  5330. word32 dataLen = sizeof(plaintext1) - testLen;
  5331. if (dataLen > TEST_SMALL_CHACHA_CHUNKS)
  5332. dataLen = TEST_SMALL_CHACHA_CHUNKS;
  5333. err = wc_ChaCha20Poly1305_UpdateData(&aead, &plaintext1[testLen],
  5334. &generatedCiphertext[testLen], dataLen);
  5335. if (err != 0)
  5336. return -4935;
  5337. testLen += dataLen;
  5338. }
  5339. #else
  5340. err = wc_ChaCha20Poly1305_UpdateData(&aead, plaintext1,
  5341. generatedCiphertext, sizeof(plaintext1));
  5342. #endif
  5343. err = wc_ChaCha20Poly1305_Final(&aead, generatedAuthTag);
  5344. if (err != 0)
  5345. return -4936;
  5346. err = wc_ChaCha20Poly1305_CheckTag(generatedAuthTag, authTag1);
  5347. if (err != 0)
  5348. return -4937;
  5349. if (XMEMCMP(generatedCiphertext, cipher1, sizeof(cipher1))) {
  5350. return -4938;
  5351. }
  5352. /* Test 1 - Decrypt */
  5353. err = wc_ChaCha20Poly1305_Init(&aead, key1, iv1,
  5354. CHACHA20_POLY1305_AEAD_DECRYPT);
  5355. if (err != 0)
  5356. return -4939;
  5357. err = wc_ChaCha20Poly1305_UpdateAad(&aead, aad1, sizeof(aad1));
  5358. if (err != 0)
  5359. return -4940;
  5360. #ifdef TEST_SMALL_CHACHA_CHUNKS
  5361. /* test doing data in smaller chunks */
  5362. for (testLen=0; testLen<sizeof(plaintext1); ) {
  5363. word32 dataLen = sizeof(plaintext1) - testLen;
  5364. if (dataLen > TEST_SMALL_CHACHA_CHUNKS)
  5365. dataLen = TEST_SMALL_CHACHA_CHUNKS;
  5366. err = wc_ChaCha20Poly1305_UpdateData(&aead,
  5367. &generatedCiphertext[testLen], &generatedPlaintext[testLen],
  5368. dataLen);
  5369. if (err != 0)
  5370. return -4941;
  5371. testLen += dataLen;
  5372. }
  5373. #else
  5374. err = wc_ChaCha20Poly1305_UpdateData(&aead, generatedCiphertext,
  5375. generatedPlaintext, sizeof(cipher1));
  5376. #endif
  5377. err = wc_ChaCha20Poly1305_Final(&aead, generatedAuthTag);
  5378. if (err != 0)
  5379. return -4942;
  5380. err = wc_ChaCha20Poly1305_CheckTag(generatedAuthTag, authTag1);
  5381. if (err != 0)
  5382. return -4943;
  5383. if (XMEMCMP(generatedPlaintext, plaintext1, sizeof(plaintext1))) {
  5384. return -4944;
  5385. }
  5386. XMEMSET(generatedCiphertext, 0, sizeof(generatedCiphertext));
  5387. XMEMSET(generatedAuthTag, 0, sizeof(generatedAuthTag));
  5388. XMEMSET(generatedPlaintext, 0, sizeof(generatedPlaintext));
  5389. /* Test 2 - Encrypt */
  5390. err = wc_ChaCha20Poly1305_Init(&aead, key2, iv2,
  5391. CHACHA20_POLY1305_AEAD_ENCRYPT);
  5392. if (err != 0)
  5393. return -4945;
  5394. err = wc_ChaCha20Poly1305_UpdateAad(&aead, aad2, sizeof(aad2));
  5395. if (err != 0)
  5396. return -4946;
  5397. #ifdef TEST_SMALL_CHACHA_CHUNKS
  5398. /* test doing data in smaller chunks */
  5399. for (testLen=0; testLen<sizeof(plaintext2); ) {
  5400. word32 dataLen = sizeof(plaintext2) - testLen;
  5401. if (dataLen > TEST_SMALL_CHACHA_CHUNKS)
  5402. dataLen = TEST_SMALL_CHACHA_CHUNKS;
  5403. err = wc_ChaCha20Poly1305_UpdateData(&aead, &plaintext2[testLen],
  5404. &generatedCiphertext[testLen], dataLen);
  5405. if (err != 0)
  5406. return -4947;
  5407. testLen += dataLen;
  5408. }
  5409. #else
  5410. err = wc_ChaCha20Poly1305_UpdateData(&aead, plaintext2, generatedCiphertext,
  5411. sizeof(plaintext2));
  5412. #endif
  5413. err = wc_ChaCha20Poly1305_Final(&aead, generatedAuthTag);
  5414. if (err != 0)
  5415. return -4948;
  5416. err = wc_ChaCha20Poly1305_CheckTag(generatedAuthTag, authTag2);
  5417. if (err != 0)
  5418. return -4949;
  5419. if (XMEMCMP(generatedCiphertext, cipher2, sizeof(cipher2))) {
  5420. return -4950;
  5421. }
  5422. /* Test 2 - Decrypt */
  5423. err = wc_ChaCha20Poly1305_Init(&aead, key2, iv2,
  5424. CHACHA20_POLY1305_AEAD_DECRYPT);
  5425. if (err != 0)
  5426. return -4951;
  5427. err = wc_ChaCha20Poly1305_UpdateAad(&aead, aad2, sizeof(aad2));
  5428. if (err != 0)
  5429. return -4952;
  5430. #ifdef TEST_SMALL_CHACHA_CHUNKS
  5431. /* test doing data in smaller chunks */
  5432. for (testLen=0; testLen<sizeof(plaintext2); ) {
  5433. word32 dataLen = sizeof(plaintext2) - testLen;
  5434. if (dataLen > TEST_SMALL_CHACHA_CHUNKS)
  5435. dataLen = TEST_SMALL_CHACHA_CHUNKS;
  5436. err = wc_ChaCha20Poly1305_UpdateData(&aead,
  5437. &generatedCiphertext[testLen], &generatedPlaintext[testLen],
  5438. dataLen);
  5439. if (err != 0)
  5440. return -4953;
  5441. testLen += dataLen;
  5442. }
  5443. #else
  5444. err = wc_ChaCha20Poly1305_UpdateData(&aead, generatedCiphertext,
  5445. generatedPlaintext, sizeof(cipher2));
  5446. #endif
  5447. err = wc_ChaCha20Poly1305_Final(&aead, generatedAuthTag);
  5448. if (err != 0)
  5449. return -4954;
  5450. err = wc_ChaCha20Poly1305_CheckTag(generatedAuthTag, authTag2);
  5451. if (err != 0)
  5452. return -4955;
  5453. if (XMEMCMP(generatedPlaintext, plaintext2, sizeof(plaintext2))) {
  5454. return -4956;
  5455. }
  5456. return err;
  5457. }
  5458. #endif /* HAVE_CHACHA && HAVE_POLY1305 */
  5459. #ifndef NO_DES3
  5460. WOLFSSL_TEST_SUBROUTINE int des_test(void)
  5461. {
  5462. WOLFSSL_SMALL_STACK_STATIC const byte vector[] = { /* "now is the time for all " w/o trailing 0 */
  5463. 0x6e,0x6f,0x77,0x20,0x69,0x73,0x20,0x74,
  5464. 0x68,0x65,0x20,0x74,0x69,0x6d,0x65,0x20,
  5465. 0x66,0x6f,0x72,0x20,0x61,0x6c,0x6c,0x20
  5466. };
  5467. byte plain[24];
  5468. byte cipher[24];
  5469. Des enc;
  5470. Des dec;
  5471. WOLFSSL_SMALL_STACK_STATIC const byte key[] =
  5472. {
  5473. 0x01,0x23,0x45,0x67,0x89,0xab,0xcd,0xef
  5474. };
  5475. WOLFSSL_SMALL_STACK_STATIC const byte iv[] =
  5476. {
  5477. 0x12,0x34,0x56,0x78,0x90,0xab,0xcd,0xef
  5478. };
  5479. WOLFSSL_SMALL_STACK_STATIC const byte verify[] =
  5480. {
  5481. 0x8b,0x7c,0x52,0xb0,0x01,0x2b,0x6c,0xb8,
  5482. 0x4f,0x0f,0xeb,0xf3,0xfb,0x5f,0x86,0x73,
  5483. 0x15,0x85,0xb3,0x22,0x4b,0x86,0x2b,0x4b
  5484. };
  5485. int ret;
  5486. ret = wc_Des_SetKey(&enc, key, iv, DES_ENCRYPTION);
  5487. if (ret != 0)
  5488. return -5000;
  5489. ret = wc_Des_CbcEncrypt(&enc, cipher, vector, sizeof(vector));
  5490. if (ret != 0)
  5491. return -5001;
  5492. ret = wc_Des_SetKey(&dec, key, iv, DES_DECRYPTION);
  5493. if (ret != 0)
  5494. return -5002;
  5495. ret = wc_Des_CbcDecrypt(&dec, plain, cipher, sizeof(cipher));
  5496. if (ret != 0)
  5497. return -5003;
  5498. if (XMEMCMP(plain, vector, sizeof(plain)))
  5499. return -5004;
  5500. if (XMEMCMP(cipher, verify, sizeof(cipher)))
  5501. return -5005;
  5502. ret = wc_Des_CbcEncryptWithKey(cipher, vector, sizeof(vector), key, iv);
  5503. if (ret != 0)
  5504. return -5006;
  5505. #if defined(WOLFSSL_ENCRYPTED_KEYS) && !defined(NO_SHA)
  5506. {
  5507. EncryptedInfo info;
  5508. XMEMSET(&info, 0, sizeof(EncryptedInfo));
  5509. XMEMCPY(info.iv, iv, sizeof(iv));
  5510. info.ivSz = sizeof(iv);
  5511. info.keySz = sizeof(key);
  5512. info.cipherType = WC_CIPHER_DES;
  5513. ret = wc_BufferKeyEncrypt(&info, cipher, sizeof(cipher), key,
  5514. sizeof(key), WC_HASH_TYPE_SHA);
  5515. if (ret != 0)
  5516. return -5007;
  5517. /* Test invalid info ptr */
  5518. ret = wc_BufferKeyEncrypt(NULL, cipher, sizeof(cipher), key,
  5519. sizeof(key), WC_HASH_TYPE_SHA);
  5520. if (ret != BAD_FUNC_ARG)
  5521. return -5008;
  5522. #ifndef NO_PWDBASED
  5523. /* Test invalid hash type - only applies to wc_PBKDF1 call */
  5524. ret = wc_BufferKeyEncrypt(&info, cipher, sizeof(cipher), key,
  5525. sizeof(key), WC_HASH_TYPE_NONE);
  5526. if (ret == 0)
  5527. return -5009;
  5528. #endif /* !NO_PWDBASED */
  5529. }
  5530. #endif
  5531. return 0;
  5532. }
  5533. #endif /* !NO_DES3 */
  5534. #ifndef NO_DES3
  5535. WOLFSSL_TEST_SUBROUTINE int des3_test(void)
  5536. {
  5537. WOLFSSL_SMALL_STACK_STATIC const byte vector[] = { /* "Now is the time for all " w/o trailing 0 */
  5538. 0x4e,0x6f,0x77,0x20,0x69,0x73,0x20,0x74,
  5539. 0x68,0x65,0x20,0x74,0x69,0x6d,0x65,0x20,
  5540. 0x66,0x6f,0x72,0x20,0x61,0x6c,0x6c,0x20
  5541. };
  5542. byte plain[24];
  5543. byte cipher[24];
  5544. Des3 enc;
  5545. Des3 dec;
  5546. WOLFSSL_SMALL_STACK_STATIC const byte key3[] =
  5547. {
  5548. 0x01,0x23,0x45,0x67,0x89,0xab,0xcd,0xef,
  5549. 0xfe,0xde,0xba,0x98,0x76,0x54,0x32,0x10,
  5550. 0x89,0xab,0xcd,0xef,0x01,0x23,0x45,0x67
  5551. };
  5552. WOLFSSL_SMALL_STACK_STATIC const byte iv3[] =
  5553. {
  5554. 0x12,0x34,0x56,0x78,0x90,0xab,0xcd,0xef,
  5555. 0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01,
  5556. 0x11,0x21,0x31,0x41,0x51,0x61,0x71,0x81
  5557. };
  5558. WOLFSSL_SMALL_STACK_STATIC const byte verify3[] =
  5559. {
  5560. 0x43,0xa0,0x29,0x7e,0xd1,0x84,0xf8,0x0e,
  5561. 0x89,0x64,0x84,0x32,0x12,0xd5,0x08,0x98,
  5562. 0x18,0x94,0x15,0x74,0x87,0x12,0x7d,0xb0
  5563. };
  5564. int ret;
  5565. if (wc_Des3Init(&enc, HEAP_HINT, devId) != 0)
  5566. return -5100;
  5567. if (wc_Des3Init(&dec, HEAP_HINT, devId) != 0)
  5568. return -5101;
  5569. ret = wc_Des3_SetKey(&enc, key3, iv3, DES_ENCRYPTION);
  5570. if (ret != 0)
  5571. return -5102;
  5572. ret = wc_Des3_SetKey(&dec, key3, iv3, DES_DECRYPTION);
  5573. if (ret != 0)
  5574. return -5103;
  5575. ret = wc_Des3_CbcEncrypt(&enc, cipher, vector, sizeof(vector));
  5576. #if defined(WOLFSSL_ASYNC_CRYPT)
  5577. ret = wc_AsyncWait(ret, &enc.asyncDev, WC_ASYNC_FLAG_NONE);
  5578. #endif
  5579. if (ret != 0)
  5580. return -5104;
  5581. ret = wc_Des3_CbcDecrypt(&dec, plain, cipher, sizeof(cipher));
  5582. #if defined(WOLFSSL_ASYNC_CRYPT)
  5583. ret = wc_AsyncWait(ret, &dec.asyncDev, WC_ASYNC_FLAG_NONE);
  5584. #endif
  5585. if (ret != 0)
  5586. return -5105;
  5587. if (XMEMCMP(plain, vector, sizeof(plain)))
  5588. return -5106;
  5589. if (XMEMCMP(cipher, verify3, sizeof(cipher)))
  5590. return -5107;
  5591. #if defined(OPENSSL_EXTRA) && !defined(WOLFCRYPT_ONLY)
  5592. /* test the same vectors with using compatibility layer */
  5593. {
  5594. DES_key_schedule ks1;
  5595. DES_key_schedule ks2;
  5596. DES_key_schedule ks3;
  5597. DES_cblock iv4;
  5598. XMEMCPY(ks1, key3, sizeof(DES_key_schedule));
  5599. XMEMCPY(ks2, key3 + 8, sizeof(DES_key_schedule));
  5600. XMEMCPY(ks3, key3 + 16, sizeof(DES_key_schedule));
  5601. XMEMCPY(iv4, iv3, sizeof(DES_cblock));
  5602. XMEMSET(plain, 0, sizeof(plain));
  5603. XMEMSET(cipher, 0, sizeof(cipher));
  5604. DES_ede3_cbc_encrypt(vector, cipher, sizeof(vector), &ks1, &ks2, &ks3,
  5605. &iv4, DES_ENCRYPT);
  5606. DES_ede3_cbc_encrypt(cipher, plain, sizeof(cipher), &ks1, &ks2, &ks3,
  5607. &iv4, DES_DECRYPT);
  5608. if (XMEMCMP(plain, vector, sizeof(plain)))
  5609. return -5108;
  5610. if (XMEMCMP(cipher, verify3, sizeof(cipher)))
  5611. return -5109;
  5612. }
  5613. #endif /* OPENSSL_EXTRA */
  5614. wc_Des3Free(&enc);
  5615. wc_Des3Free(&dec);
  5616. #if defined(WOLFSSL_ENCRYPTED_KEYS) && !defined(NO_SHA)
  5617. {
  5618. EncryptedInfo info;
  5619. XMEMSET(&info, 0, sizeof(EncryptedInfo));
  5620. XMEMCPY(info.iv, iv3, sizeof(iv3));
  5621. info.ivSz = sizeof(iv3);
  5622. info.keySz = sizeof(key3);
  5623. info.cipherType = WC_CIPHER_DES3;
  5624. ret = wc_BufferKeyEncrypt(&info, cipher, sizeof(cipher), key3,
  5625. sizeof(key3), WC_HASH_TYPE_SHA);
  5626. if (ret != 0)
  5627. return -5110;
  5628. }
  5629. #endif
  5630. return 0;
  5631. }
  5632. #endif /* NO_DES3 */
  5633. #ifndef NO_AES
  5634. #if defined(WOLFSSL_AES_OFB) || defined(WOLFSSL_AES_CFB) || \
  5635. defined(WOLFSSL_AES_XTS)
  5636. #if defined(OPENSSL_EXTRA) && !defined(HAVE_SELFTEST) && !defined(HAVE_FIPS)
  5637. /* pass in the function, key, iv, plain text and expected and this function
  5638. * tests that the encryption and decryption is successful */
  5639. static int EVP_test(const WOLFSSL_EVP_CIPHER* type, const byte* key,
  5640. const byte* iv, const byte* plain, int plainSz,
  5641. const byte* expected, int expectedSz)
  5642. {
  5643. #ifdef WOLFSSL_SMALL_STACK
  5644. EVP_CIPHER_CTX *ctx = NULL;
  5645. #else
  5646. EVP_CIPHER_CTX ctx[1];
  5647. #endif
  5648. int idx, ret = 0, cipherSz;
  5649. byte* cipher;
  5650. #ifdef WOLFSSL_SMALL_STACK
  5651. if ((ctx = wolfSSL_EVP_CIPHER_CTX_new()) == NULL)
  5652. return MEMORY_E;
  5653. #endif
  5654. cipher = (byte*)XMALLOC(plainSz, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  5655. if (cipher == NULL) {
  5656. ret = -5120;
  5657. goto EVP_TEST_END;
  5658. }
  5659. /* test encrypt */
  5660. EVP_CIPHER_CTX_init(ctx);
  5661. if (EVP_CipherInit(ctx, type, key, iv, 1) == 0) {
  5662. ret = -5121;
  5663. goto EVP_TEST_END;
  5664. }
  5665. if (EVP_CipherUpdate(ctx, cipher, &idx, plain, expectedSz) == 0) {
  5666. ret = -5122;
  5667. goto EVP_TEST_END;
  5668. }
  5669. cipherSz = idx;
  5670. if (EVP_CipherFinal(ctx, cipher + cipherSz, &idx) == 0) {
  5671. ret = -5123;
  5672. goto EVP_TEST_END;
  5673. }
  5674. cipherSz += idx;
  5675. if (XMEMCMP(cipher, expected, plainSz)) {
  5676. ret = -5124;
  5677. goto EVP_TEST_END;
  5678. }
  5679. /* test decrypt */
  5680. EVP_CIPHER_CTX_init(ctx);
  5681. if (EVP_CipherInit(ctx, type, key, iv, 0) == 0) {
  5682. ret = -5125;
  5683. goto EVP_TEST_END;
  5684. }
  5685. if (EVP_CipherUpdate(ctx, cipher, &idx, cipher, expectedSz) == 0) {
  5686. ret = -5126;
  5687. goto EVP_TEST_END;
  5688. }
  5689. cipherSz = idx;
  5690. if (EVP_CipherFinal(ctx, cipher + cipherSz, &idx) == 0) {
  5691. ret = -5127;
  5692. goto EVP_TEST_END;
  5693. }
  5694. cipherSz += idx;
  5695. if ((expectedSz != cipherSz) || XMEMCMP(plain, cipher, plainSz)) {
  5696. ret = -5128;
  5697. goto EVP_TEST_END;
  5698. }
  5699. EVP_TEST_END:
  5700. if (cipher)
  5701. XFREE(cipher, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  5702. (void)cipherSz;
  5703. #ifdef WOLFSSL_SMALL_STACK
  5704. wolfSSL_EVP_CIPHER_CTX_free(ctx);
  5705. #endif
  5706. return ret;
  5707. }
  5708. #endif /* OPENSSL_EXTRA */
  5709. #endif /* WOLFSSL_AES_OFB || WOLFSSL_AES_CFB */
  5710. #ifdef WOLFSSL_AES_OFB
  5711. /* test vector from https://csrc.nist.gov/Projects/cryptographic-algorithm-validation-program/Block-Ciphers */
  5712. WOLFSSL_TEST_SUBROUTINE int aesofb_test(void)
  5713. {
  5714. #ifdef WOLFSSL_AES_256
  5715. WOLFSSL_SMALL_STACK_STATIC const byte key1[] =
  5716. {
  5717. 0xc4,0xc7,0xfa,0xd6,0x53,0x5c,0xb8,0x71,
  5718. 0x4a,0x5c,0x40,0x77,0x9a,0x8b,0xa1,0xd2,
  5719. 0x53,0x3e,0x23,0xb4,0xb2,0x58,0x73,0x2a,
  5720. 0x5b,0x78,0x01,0xf4,0xe3,0x71,0xa7,0x94
  5721. };
  5722. WOLFSSL_SMALL_STACK_STATIC const byte iv1[] =
  5723. {
  5724. 0x5e,0xb9,0x33,0x13,0xb8,0x71,0xff,0x16,
  5725. 0xb9,0x8a,0x9b,0xcb,0x43,0x33,0x0d,0x6f
  5726. };
  5727. WOLFSSL_SMALL_STACK_STATIC const byte plain1[] =
  5728. {
  5729. 0x6d,0x0b,0xb0,0x79,0x63,0x84,0x71,0xe9,
  5730. 0x39,0xd4,0x53,0x14,0x86,0xc1,0x4c,0x25,
  5731. 0x9a,0xee,0xc6,0xf3,0xc0,0x0d,0xfd,0xd6,
  5732. 0xc0,0x50,0xa8,0xba,0xa8,0x20,0xdb,0x71,
  5733. 0xcc,0x12,0x2c,0x4e,0x0c,0x17,0x15,0xef,
  5734. 0x55,0xf3,0x99,0x5a,0x6b,0xf0,0x2a,0x4c
  5735. };
  5736. WOLFSSL_SMALL_STACK_STATIC const byte cipher1[] =
  5737. {
  5738. 0x0f,0x54,0x61,0x71,0x59,0xd0,0x3f,0xfc,
  5739. 0x1b,0xfa,0xfb,0x60,0x29,0x30,0xd7,0x00,
  5740. 0xf4,0xa4,0xa8,0xe6,0xdd,0x93,0x94,0x46,
  5741. 0x64,0xd2,0x19,0xc4,0xc5,0x4d,0xde,0x1b,
  5742. 0x04,0x53,0xe1,0x73,0xf5,0x18,0x74,0xae,
  5743. 0xfd,0x64,0xa2,0xe1,0xe2,0x76,0x13,0xb0
  5744. };
  5745. #endif /* WOLFSSL_AES_256 */
  5746. #ifdef WOLFSSL_AES_128
  5747. WOLFSSL_SMALL_STACK_STATIC const byte key2[] =
  5748. {
  5749. 0x10,0xa5,0x88,0x69,0xd7,0x4b,0xe5,0xa3,
  5750. 0x74,0xcf,0x86,0x7c,0xfb,0x47,0x38,0x59
  5751. };
  5752. WOLFSSL_SMALL_STACK_STATIC const byte iv2[] =
  5753. {
  5754. 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
  5755. 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00
  5756. };
  5757. WOLFSSL_SMALL_STACK_STATIC const byte plain2[] =
  5758. {
  5759. 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
  5760. 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00
  5761. };
  5762. WOLFSSL_SMALL_STACK_STATIC const byte cipher2[] =
  5763. {
  5764. 0x6d,0x25,0x1e,0x69,0x44,0xb0,0x51,0xe0,
  5765. 0x4e,0xaa,0x6f,0xb4,0xdb,0xf7,0x84,0x65
  5766. };
  5767. #endif /* WOLFSSL_AES_128 */
  5768. #ifdef WOLFSSL_AES_192
  5769. WOLFSSL_SMALL_STACK_STATIC const byte key3[] = {
  5770. 0xd0,0x77,0xa0,0x3b,0xd8,0xa3,0x89,0x73,
  5771. 0x92,0x8c,0xca,0xfe,0x4a,0x9d,0x2f,0x45,
  5772. 0x51,0x30,0xbd,0x0a,0xf5,0xae,0x46,0xa9
  5773. };
  5774. WOLFSSL_SMALL_STACK_STATIC const byte iv3[] =
  5775. {
  5776. 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
  5777. 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00
  5778. };
  5779. WOLFSSL_SMALL_STACK_STATIC const byte cipher3[] =
  5780. {
  5781. 0xab,0xc7,0x86,0xfb,0x1e,0xdb,0x50,0x45,
  5782. 0x80,0xc4,0xd8,0x82,0xef,0x29,0xa0,0xc7
  5783. };
  5784. WOLFSSL_SMALL_STACK_STATIC const byte plain3[] =
  5785. {
  5786. 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
  5787. 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00
  5788. };
  5789. #endif /* WOLFSSL_AES_192 */
  5790. #ifdef WOLFSSL_SMALL_STACK
  5791. Aes *enc = NULL;
  5792. #else
  5793. Aes enc[1];
  5794. #endif
  5795. byte cipher[AES_BLOCK_SIZE * 4];
  5796. #ifdef HAVE_AES_DECRYPT
  5797. #ifdef WOLFSSL_SMALL_STACK
  5798. Aes *dec = NULL;
  5799. #else
  5800. Aes dec[1];
  5801. #endif
  5802. byte plain [AES_BLOCK_SIZE * 4];
  5803. #endif
  5804. int ret = 0;
  5805. #ifdef WOLFSSL_SMALL_STACK
  5806. if ((enc = (Aes *)XMALLOC(sizeof *enc, HEAP_HINT, DYNAMIC_TYPE_AES)) == NULL)
  5807. ERROR_OUT(-1, out);
  5808. #ifdef HAVE_AES_DECRYPT
  5809. if ((dec = (Aes *)XMALLOC(sizeof *dec, HEAP_HINT, DYNAMIC_TYPE_AES)) == NULL)
  5810. ERROR_OUT(-1, out);
  5811. #endif
  5812. #endif
  5813. XMEMSET(enc, 0, sizeof *enc);
  5814. #ifdef HAVE_AES_DECRYPT
  5815. XMEMSET(dec, 0, sizeof *dec);
  5816. #endif
  5817. #ifdef WOLFSSL_AES_128
  5818. /* 128 key size test */
  5819. #if defined(OPENSSL_EXTRA) && !defined(HAVE_SELFTEST) && !defined(HAVE_FIPS)
  5820. ret = EVP_test(EVP_aes_128_ofb(), key2, iv2, plain2, sizeof(plain2),
  5821. cipher2, sizeof(cipher2));
  5822. if (ret != 0) {
  5823. goto out;
  5824. }
  5825. #endif
  5826. ret = wc_AesSetKey(enc, key2, sizeof(key2), iv2, AES_ENCRYPTION);
  5827. if (ret != 0)
  5828. ERROR_OUT(-5129, out);
  5829. #ifdef HAVE_AES_DECRYPT
  5830. /* decrypt uses AES_ENCRYPTION */
  5831. ret = wc_AesSetKey(dec, key2, sizeof(key2), iv2, AES_ENCRYPTION);
  5832. if (ret != 0)
  5833. ERROR_OUT(-5130, out);
  5834. #endif
  5835. XMEMSET(cipher, 0, sizeof(cipher));
  5836. ret = wc_AesOfbEncrypt(enc, cipher, plain2, AES_BLOCK_SIZE);
  5837. if (ret != 0)
  5838. ERROR_OUT(-5131, out);
  5839. if (XMEMCMP(cipher, cipher2, AES_BLOCK_SIZE))
  5840. ERROR_OUT(-5132, out);
  5841. #ifdef HAVE_AES_DECRYPT
  5842. ret = wc_AesOfbDecrypt(dec, plain, cipher2, AES_BLOCK_SIZE);
  5843. if (ret != 0)
  5844. ERROR_OUT(-5133, out);
  5845. if (XMEMCMP(plain, plain2, AES_BLOCK_SIZE))
  5846. ERROR_OUT(-5134, out);
  5847. #endif /* HAVE_AES_DECRYPT */
  5848. #endif /* WOLFSSL_AES_128 */
  5849. #ifdef WOLFSSL_AES_192
  5850. /* 192 key size test */
  5851. #if defined(OPENSSL_EXTRA) && !defined(HAVE_SELFTEST) && !defined(HAVE_FIPS)
  5852. ret = EVP_test(EVP_aes_192_ofb(), key3, iv3, plain3, sizeof(plain3),
  5853. cipher3, sizeof(cipher3));
  5854. if (ret != 0) {
  5855. goto out;
  5856. }
  5857. #endif
  5858. ret = wc_AesSetKey(enc, key3, sizeof(key3), iv3, AES_ENCRYPTION);
  5859. if (ret != 0)
  5860. ERROR_OUT(-5135, out);
  5861. #ifdef HAVE_AES_DECRYPT
  5862. /* decrypt uses AES_ENCRYPTION */
  5863. ret = wc_AesSetKey(dec, key3, sizeof(key3), iv3, AES_ENCRYPTION);
  5864. if (ret != 0)
  5865. ERROR_OUT(-5136, out);
  5866. #endif
  5867. XMEMSET(cipher, 0, sizeof(cipher));
  5868. ret = wc_AesOfbEncrypt(enc, cipher, plain3, AES_BLOCK_SIZE);
  5869. if (ret != 0)
  5870. ERROR_OUT(-5137, out);
  5871. if (XMEMCMP(cipher, cipher3, AES_BLOCK_SIZE))
  5872. ERROR_OUT(-5138, out);
  5873. #ifdef HAVE_AES_DECRYPT
  5874. ret = wc_AesOfbDecrypt(dec, plain, cipher3, AES_BLOCK_SIZE);
  5875. if (ret != 0)
  5876. ERROR_OUT(-5139, out);
  5877. if (XMEMCMP(plain, plain3, AES_BLOCK_SIZE))
  5878. ERROR_OUT(-5140, out);
  5879. #endif /* HAVE_AES_DECRYPT */
  5880. #endif /* WOLFSSL_AES_192 */
  5881. #ifdef WOLFSSL_AES_256
  5882. /* 256 key size test */
  5883. #if defined(OPENSSL_EXTRA) && !defined(HAVE_SELFTEST) && !defined(HAVE_FIPS)
  5884. ret = EVP_test(EVP_aes_256_ofb(), key1, iv1, plain1, sizeof(plain1),
  5885. cipher1, sizeof(cipher1));
  5886. if (ret != 0) {
  5887. goto out;
  5888. }
  5889. #endif
  5890. ret = wc_AesSetKey(enc, key1, sizeof(key1), iv1, AES_ENCRYPTION);
  5891. if (ret != 0)
  5892. ERROR_OUT(-5141, out);
  5893. #ifdef HAVE_AES_DECRYPT
  5894. /* decrypt uses AES_ENCRYPTION */
  5895. ret = wc_AesSetKey(dec, key1, sizeof(key1), iv1, AES_ENCRYPTION);
  5896. if (ret != 0)
  5897. ERROR_OUT(-5142, out);
  5898. #endif
  5899. XMEMSET(cipher, 0, sizeof(cipher));
  5900. ret = wc_AesOfbEncrypt(enc, cipher, plain1, AES_BLOCK_SIZE);
  5901. if (ret != 0)
  5902. ERROR_OUT(-5143, out);
  5903. if (XMEMCMP(cipher, cipher1, AES_BLOCK_SIZE))
  5904. ERROR_OUT(-5144, out);
  5905. ret = wc_AesOfbEncrypt(enc, cipher + AES_BLOCK_SIZE,
  5906. plain1 + AES_BLOCK_SIZE, AES_BLOCK_SIZE);
  5907. if (ret != 0)
  5908. ERROR_OUT(-5145, out);
  5909. if (XMEMCMP(cipher + AES_BLOCK_SIZE, cipher1 + AES_BLOCK_SIZE,
  5910. AES_BLOCK_SIZE))
  5911. ERROR_OUT(-5146, out);
  5912. #ifdef HAVE_AES_DECRYPT
  5913. ret = wc_AesOfbDecrypt(dec, plain, cipher1, AES_BLOCK_SIZE);
  5914. if (ret != 0)
  5915. ERROR_OUT(-5147, out);
  5916. if (XMEMCMP(plain, plain1, AES_BLOCK_SIZE))
  5917. ERROR_OUT(-5148, out);
  5918. ret = wc_AesOfbDecrypt(dec, plain + AES_BLOCK_SIZE,
  5919. cipher1 + AES_BLOCK_SIZE, AES_BLOCK_SIZE);
  5920. if (ret != 0)
  5921. ERROR_OUT(-5149, out);
  5922. if (XMEMCMP(plain + AES_BLOCK_SIZE, plain1 + AES_BLOCK_SIZE,
  5923. AES_BLOCK_SIZE))
  5924. ERROR_OUT(-5150, out);
  5925. #endif /* HAVE_AES_DECRYPT */
  5926. /* multiple blocks at once */
  5927. ret = wc_AesSetKey(enc, key1, sizeof(key1), iv1, AES_ENCRYPTION);
  5928. if (ret != 0)
  5929. ERROR_OUT(-5151, out);
  5930. #ifdef HAVE_AES_DECRYPT
  5931. /* decrypt uses AES_ENCRYPTION */
  5932. ret = wc_AesSetKey(dec, key1, sizeof(key1), iv1, AES_ENCRYPTION);
  5933. if (ret != 0)
  5934. ERROR_OUT(-5152, out);
  5935. #endif
  5936. XMEMSET(cipher, 0, sizeof(cipher));
  5937. ret = wc_AesOfbEncrypt(enc, cipher, plain1, AES_BLOCK_SIZE * 3);
  5938. if (ret != 0)
  5939. ERROR_OUT(-5153, out);
  5940. if (XMEMCMP(cipher, cipher1, AES_BLOCK_SIZE * 3))
  5941. ERROR_OUT(-5154, out);
  5942. #ifdef HAVE_AES_DECRYPT
  5943. ret = wc_AesOfbDecrypt(dec, plain, cipher1, AES_BLOCK_SIZE * 3);
  5944. if (ret != 0)
  5945. ERROR_OUT(-5155, out);
  5946. if (XMEMCMP(plain, plain1, AES_BLOCK_SIZE * 3))
  5947. ERROR_OUT(-5156, out);
  5948. #endif /* HAVE_AES_DECRYPT */
  5949. /* inline decrypt/encrypt*/
  5950. ret = wc_AesSetKey(enc, key1, sizeof(key1), iv1, AES_ENCRYPTION);
  5951. if (ret != 0)
  5952. ERROR_OUT(-5157, out);
  5953. #ifdef HAVE_AES_DECRYPT
  5954. /* decrypt uses AES_ENCRYPTION */
  5955. ret = wc_AesSetKey(dec, key1, sizeof(key1), iv1, AES_ENCRYPTION);
  5956. if (ret != 0)
  5957. ERROR_OUT(-5158, out);
  5958. #endif
  5959. XMEMCPY(cipher, plain1, AES_BLOCK_SIZE * 2);
  5960. ret = wc_AesOfbEncrypt(enc, cipher, cipher, AES_BLOCK_SIZE * 2);
  5961. if (ret != 0)
  5962. ERROR_OUT(-5159, out);
  5963. if (XMEMCMP(cipher, cipher1, AES_BLOCK_SIZE * 2))
  5964. ERROR_OUT(-5160, out);
  5965. #ifdef HAVE_AES_DECRYPT
  5966. ret = wc_AesOfbDecrypt(dec, cipher, cipher, AES_BLOCK_SIZE * 2);
  5967. if (ret != 0)
  5968. ERROR_OUT(-5161, out);
  5969. if (XMEMCMP(cipher, plain1, AES_BLOCK_SIZE * 2))
  5970. ERROR_OUT(-5162, out);
  5971. #endif /* HAVE_AES_DECRYPT */
  5972. /* 256 key size test leftover support */
  5973. ret = wc_AesSetKey(enc, key1, sizeof(key1), iv1, AES_ENCRYPTION);
  5974. if (ret != 0)
  5975. ERROR_OUT(-5163, out);
  5976. #ifdef HAVE_AES_DECRYPT
  5977. /* decrypt uses AES_ENCRYPTION */
  5978. ret = wc_AesSetKey(dec, key1, sizeof(key1), iv1, AES_ENCRYPTION);
  5979. if (ret != 0)
  5980. ERROR_OUT(-5164, out);
  5981. #endif
  5982. XMEMSET(cipher, 0, sizeof(cipher));
  5983. ret = wc_AesOfbEncrypt(enc, cipher, plain1, 3);
  5984. if (ret != 0)
  5985. ERROR_OUT(-5165, out);
  5986. if (XMEMCMP(cipher, cipher1, 3))
  5987. ERROR_OUT(-5166, out);
  5988. ret = wc_AesOfbEncrypt(enc, cipher + 3, plain1 + 3, AES_BLOCK_SIZE);
  5989. if (ret != 0)
  5990. ERROR_OUT(-5167, out);
  5991. if (XMEMCMP(cipher + 3, cipher1 + 3, AES_BLOCK_SIZE))
  5992. ERROR_OUT(-5168, out);
  5993. #ifdef HAVE_AES_DECRYPT
  5994. ret = wc_AesOfbDecrypt(dec, plain, cipher1, 6);
  5995. if (ret != 0)
  5996. ERROR_OUT(-5169, out);
  5997. if (XMEMCMP(plain, plain1, 6))
  5998. ERROR_OUT(-5170, out);
  5999. ret = wc_AesOfbDecrypt(dec, plain + 6, cipher1 + 6, AES_BLOCK_SIZE);
  6000. if (ret != 0)
  6001. ERROR_OUT(-5171, out);
  6002. if (XMEMCMP(plain + 6, plain1 + 6, AES_BLOCK_SIZE))
  6003. ERROR_OUT(-5172, out);
  6004. #endif /* HAVE_AES_DECRYPT */
  6005. out:
  6006. #ifdef WOLFSSL_SMALL_STACK
  6007. if (enc)
  6008. XFREE(enc, HEAP_HINT, DYNAMIC_TYPE_AES);
  6009. #ifdef HAVE_AES_DECRYPT
  6010. if (dec)
  6011. XFREE(dec, HEAP_HINT, DYNAMIC_TYPE_AES);
  6012. #endif
  6013. #endif
  6014. #endif /* WOLFSSL_AES_256 */
  6015. return ret;
  6016. }
  6017. #endif /* WOLFSSL_AES_OFB */
  6018. #if defined(WOLFSSL_AES_CFB)
  6019. /* Test cases from NIST SP 800-38A, Recommendation for Block Cipher Modes of Operation Methods an*/
  6020. static int aescfb_test(void)
  6021. {
  6022. #ifdef WOLFSSL_SMALL_STACK
  6023. Aes *enc = NULL;
  6024. #else
  6025. Aes enc[1];
  6026. #endif
  6027. int enc_inited = 0;
  6028. byte cipher[AES_BLOCK_SIZE * 4];
  6029. #ifdef HAVE_AES_DECRYPT
  6030. #ifdef WOLFSSL_SMALL_STACK
  6031. Aes *dec = NULL;
  6032. #else
  6033. Aes dec[1];
  6034. #endif
  6035. int dec_inited = 0;
  6036. byte plain [AES_BLOCK_SIZE * 4];
  6037. #endif
  6038. int ret = 0;
  6039. WOLFSSL_SMALL_STACK_STATIC const byte iv[] = {
  6040. 0x00,0x01,0x02,0x03,0x04,0x05,0x06,0x07,
  6041. 0x08,0x09,0x0a,0x0b,0x0c,0x0d,0x0e,0x0f
  6042. };
  6043. #ifdef WOLFSSL_AES_128
  6044. WOLFSSL_SMALL_STACK_STATIC const byte key1[] =
  6045. {
  6046. 0x2b,0x7e,0x15,0x16,0x28,0xae,0xd2,0xa6,
  6047. 0xab,0xf7,0x15,0x88,0x09,0xcf,0x4f,0x3c
  6048. };
  6049. WOLFSSL_SMALL_STACK_STATIC const byte cipher1[] =
  6050. {
  6051. 0x3b,0x3f,0xd9,0x2e,0xb7,0x2d,0xad,0x20,
  6052. 0x33,0x34,0x49,0xf8,0xe8,0x3c,0xfb,0x4a,
  6053. 0xc8,0xa6,0x45,0x37,0xa0,0xb3,0xa9,0x3f,
  6054. 0xcd,0xe3,0xcd,0xad,0x9f,0x1c,0xe5,0x8b,
  6055. 0x26,0x75,0x1f,0x67,0xa3,0xcb,0xb1,0x40,
  6056. 0xb1,0x80,0x8c,0xf1,0x87,0xa4,0xf4,0xdf
  6057. };
  6058. WOLFSSL_SMALL_STACK_STATIC const byte msg1[] =
  6059. {
  6060. 0x6b,0xc1,0xbe,0xe2,0x2e,0x40,0x9f,0x96,
  6061. 0xe9,0x3d,0x7e,0x11,0x73,0x93,0x17,0x2a,
  6062. 0xae,0x2d,0x8a,0x57,0x1e,0x03,0xac,0x9c,
  6063. 0x9e,0xb7,0x6f,0xac,0x45,0xaf,0x8e,0x51,
  6064. 0x30,0xc8,0x1c,0x46,0xa3,0x5c,0xe4,0x11,
  6065. 0xe5,0xfb,0xc1,0x19,0x1a,0x0a,0x52,0xef
  6066. };
  6067. #endif /* WOLFSSL_AES_128 */
  6068. #ifdef WOLFSSL_AES_192
  6069. /* 192 size key test */
  6070. WOLFSSL_SMALL_STACK_STATIC const byte key2[] =
  6071. {
  6072. 0x8e,0x73,0xb0,0xf7,0xda,0x0e,0x64,0x52,
  6073. 0xc8,0x10,0xf3,0x2b,0x80,0x90,0x79,0xe5,
  6074. 0x62,0xf8,0xea,0xd2,0x52,0x2c,0x6b,0x7b
  6075. };
  6076. WOLFSSL_SMALL_STACK_STATIC const byte cipher2[] =
  6077. {
  6078. 0xcd,0xc8,0x0d,0x6f,0xdd,0xf1,0x8c,0xab,
  6079. 0x34,0xc2,0x59,0x09,0xc9,0x9a,0x41,0x74,
  6080. 0x67,0xce,0x7f,0x7f,0x81,0x17,0x36,0x21,
  6081. 0x96,0x1a,0x2b,0x70,0x17,0x1d,0x3d,0x7a,
  6082. 0x2e,0x1e,0x8a,0x1d,0xd5,0x9b,0x88,0xb1,
  6083. 0xc8,0xe6,0x0f,0xed,0x1e,0xfa,0xc4,0xc9,
  6084. 0xc0,0x5f,0x9f,0x9c,0xa9,0x83,0x4f,0xa0,
  6085. 0x42,0xae,0x8f,0xba,0x58,0x4b,0x09,0xff
  6086. };
  6087. WOLFSSL_SMALL_STACK_STATIC const byte msg2[] =
  6088. {
  6089. 0x6b,0xc1,0xbe,0xe2,0x2e,0x40,0x9f,0x96,
  6090. 0xe9,0x3d,0x7e,0x11,0x73,0x93,0x17,0x2a,
  6091. 0xae,0x2d,0x8a,0x57,0x1e,0x03,0xac,0x9c,
  6092. 0x9e,0xb7,0x6f,0xac,0x45,0xaf,0x8e,0x51,
  6093. 0x30,0xc8,0x1c,0x46,0xa3,0x5c,0xe4,0x11,
  6094. 0xe5,0xfb,0xc1,0x19,0x1a,0x0a,0x52,0xef,
  6095. 0xf6,0x9f,0x24,0x45,0xdf,0x4f,0x9b,0x17,
  6096. 0xad,0x2b,0x41,0x7b,0xe6,0x6c,0x37,0x10
  6097. };
  6098. #endif /* WOLFSSL_AES_192 */
  6099. #ifdef WOLFSSL_AES_256
  6100. /* 256 size key simple test */
  6101. WOLFSSL_SMALL_STACK_STATIC const byte key3[] =
  6102. {
  6103. 0x60,0x3d,0xeb,0x10,0x15,0xca,0x71,0xbe,
  6104. 0x2b,0x73,0xae,0xf0,0x85,0x7d,0x77,0x81,
  6105. 0x1f,0x35,0x2c,0x07,0x3b,0x61,0x08,0xd7,
  6106. 0x2d,0x98,0x10,0xa3,0x09,0x14,0xdf,0xf4
  6107. };
  6108. WOLFSSL_SMALL_STACK_STATIC const byte cipher3[] =
  6109. {
  6110. 0xdc,0x7e,0x84,0xbf,0xda,0x79,0x16,0x4b,
  6111. 0x7e,0xcd,0x84,0x86,0x98,0x5d,0x38,0x60,
  6112. 0x39,0xff,0xed,0x14,0x3b,0x28,0xb1,0xc8,
  6113. 0x32,0x11,0x3c,0x63,0x31,0xe5,0x40,0x7b,
  6114. 0xdf,0x10,0x13,0x24,0x15,0xe5,0x4b,0x92,
  6115. 0xa1,0x3e,0xd0,0xa8,0x26,0x7a,0xe2,0xf9,
  6116. 0x75,0xa3,0x85,0x74,0x1a,0xb9,0xce,0xf8,
  6117. 0x20,0x31,0x62,0x3d,0x55,0xb1,0xe4,0x71
  6118. };
  6119. WOLFSSL_SMALL_STACK_STATIC const byte msg3[] =
  6120. {
  6121. 0x6b,0xc1,0xbe,0xe2,0x2e,0x40,0x9f,0x96,
  6122. 0xe9,0x3d,0x7e,0x11,0x73,0x93,0x17,0x2a,
  6123. 0xae,0x2d,0x8a,0x57,0x1e,0x03,0xac,0x9c,
  6124. 0x9e,0xb7,0x6f,0xac,0x45,0xaf,0x8e,0x51,
  6125. 0x30,0xc8,0x1c,0x46,0xa3,0x5c,0xe4,0x11,
  6126. 0xe5,0xfb,0xc1,0x19,0x1a,0x0a,0x52,0xef,
  6127. 0xf6,0x9f,0x24,0x45,0xdf,0x4f,0x9b,0x17,
  6128. 0xad,0x2b,0x41,0x7b,0xe6,0x6c,0x37,0x10
  6129. };
  6130. #endif /* WOLFSSL_AES_256 */
  6131. #ifdef WOLFSSL_SMALL_STACK
  6132. if ((enc = (Aes *)XMALLOC(sizeof *enc, HEAP_HINT, DYNAMIC_TYPE_AES)) == NULL)
  6133. ERROR_OUT(-1, out);
  6134. #ifdef HAVE_AES_DECRYPT
  6135. if ((dec = (Aes *)XMALLOC(sizeof *dec, HEAP_HINT, DYNAMIC_TYPE_AES)) == NULL)
  6136. ERROR_OUT(-1, out);
  6137. #endif
  6138. #endif
  6139. if (wc_AesInit(enc, HEAP_HINT, devId) != 0)
  6140. ERROR_OUT(-5173, out);
  6141. else
  6142. enc_inited = 1;
  6143. #ifdef HAVE_AES_DECRYPT
  6144. if (wc_AesInit(dec, HEAP_HINT, devId) != 0)
  6145. ERROR_OUT(-5174, out);
  6146. else
  6147. dec_inited = 1;
  6148. #endif
  6149. #ifdef WOLFSSL_AES_128
  6150. /* 128 key tests */
  6151. #if defined(OPENSSL_EXTRA) && !defined(HAVE_SELFTEST) && !defined(HAVE_FIPS)
  6152. ret = EVP_test(EVP_aes_128_cfb128(), key1, iv, msg1, sizeof(msg1),
  6153. cipher1, sizeof(cipher1));
  6154. if (ret != 0) {
  6155. return ret;
  6156. }
  6157. #endif
  6158. ret = wc_AesSetKey(enc, key1, AES_BLOCK_SIZE, iv, AES_ENCRYPTION);
  6159. if (ret != 0)
  6160. ERROR_OUT(-5175, out);
  6161. #ifdef HAVE_AES_DECRYPT
  6162. /* decrypt uses AES_ENCRYPTION */
  6163. ret = wc_AesSetKey(dec, key1, AES_BLOCK_SIZE, iv, AES_ENCRYPTION);
  6164. if (ret != 0)
  6165. ERROR_OUT(-5176, out);
  6166. #endif
  6167. XMEMSET(cipher, 0, sizeof(cipher));
  6168. ret = wc_AesCfbEncrypt(enc, cipher, msg1, AES_BLOCK_SIZE * 2);
  6169. if (ret != 0)
  6170. ERROR_OUT(-5177, out);
  6171. if (XMEMCMP(cipher, cipher1, AES_BLOCK_SIZE * 2))
  6172. ERROR_OUT(-5178, out);
  6173. /* test restarting encryption process */
  6174. ret = wc_AesCfbEncrypt(enc, cipher + (AES_BLOCK_SIZE * 2),
  6175. msg1 + (AES_BLOCK_SIZE * 2), AES_BLOCK_SIZE);
  6176. if (ret != 0)
  6177. ERROR_OUT(-5179, out);
  6178. if (XMEMCMP(cipher + (AES_BLOCK_SIZE * 2),
  6179. cipher1 + (AES_BLOCK_SIZE * 2), AES_BLOCK_SIZE))
  6180. ERROR_OUT(-5180, out);
  6181. #ifdef HAVE_AES_DECRYPT
  6182. ret = wc_AesCfbDecrypt(dec, plain, cipher, AES_BLOCK_SIZE * 3);
  6183. if (ret != 0)
  6184. ERROR_OUT(-5181, out);
  6185. if (XMEMCMP(plain, msg1, AES_BLOCK_SIZE * 3))
  6186. ERROR_OUT(-5182, out);
  6187. #endif /* HAVE_AES_DECRYPT */
  6188. #endif /* WOLFSSL_AES_128 */
  6189. #ifdef WOLFSSL_AES_192
  6190. /* 192 key size test */
  6191. #if defined(OPENSSL_EXTRA) && !defined(HAVE_SELFTEST) && !defined(HAVE_FIPS)
  6192. ret = EVP_test(EVP_aes_192_cfb128(), key2, iv, msg2, sizeof(msg2),
  6193. cipher2, sizeof(cipher2));
  6194. if (ret != 0) {
  6195. return ret;
  6196. }
  6197. #endif
  6198. ret = wc_AesSetKey(enc, key2, sizeof(key2), iv, AES_ENCRYPTION);
  6199. if (ret != 0)
  6200. ERROR_OUT(-5183, out);
  6201. #ifdef HAVE_AES_DECRYPT
  6202. /* decrypt uses AES_ENCRYPTION */
  6203. ret = wc_AesSetKey(dec, key2, sizeof(key2), iv, AES_ENCRYPTION);
  6204. if (ret != 0)
  6205. ERROR_OUT(-5184, out);
  6206. #endif
  6207. XMEMSET(cipher, 0, sizeof(cipher));
  6208. ret = wc_AesCfbEncrypt(enc, cipher, msg2, AES_BLOCK_SIZE * 4);
  6209. if (ret != 0)
  6210. ERROR_OUT(-5185, out);
  6211. if (XMEMCMP(cipher, cipher2, AES_BLOCK_SIZE * 4))
  6212. ERROR_OUT(-5186, out);
  6213. #ifdef HAVE_AES_DECRYPT
  6214. ret = wc_AesCfbDecrypt(dec, plain, cipher, AES_BLOCK_SIZE * 4);
  6215. if (ret != 0)
  6216. ERROR_OUT(-5187, out);
  6217. if (XMEMCMP(plain, msg2, AES_BLOCK_SIZE * 4))
  6218. ERROR_OUT(-5188, out);
  6219. #endif /* HAVE_AES_DECRYPT */
  6220. #endif /* WOLFSSL_AES_192 */
  6221. #ifdef WOLFSSL_AES_256
  6222. /* 256 key size test */
  6223. #if defined(OPENSSL_EXTRA) && !defined(HAVE_SELFTEST) && !defined(HAVE_FIPS)
  6224. ret = EVP_test(EVP_aes_256_cfb128(), key3, iv, msg3, sizeof(msg3),
  6225. cipher3, sizeof(cipher3));
  6226. if (ret != 0) {
  6227. return ret;
  6228. }
  6229. #endif
  6230. ret = wc_AesSetKey(enc, key3, sizeof(key3), iv, AES_ENCRYPTION);
  6231. if (ret != 0)
  6232. ERROR_OUT(-5189, out);
  6233. #ifdef HAVE_AES_DECRYPT
  6234. /* decrypt uses AES_ENCRYPTION */
  6235. ret = wc_AesSetKey(dec, key3, sizeof(key3), iv, AES_ENCRYPTION);
  6236. if (ret != 0)
  6237. ERROR_OUT(-5190, out);
  6238. #endif
  6239. /* test with data left overs, magic lengths are checking near edges */
  6240. XMEMSET(cipher, 0, sizeof(cipher));
  6241. ret = wc_AesCfbEncrypt(enc, cipher, msg3, 4);
  6242. if (ret != 0)
  6243. ERROR_OUT(-5191, out);
  6244. if (XMEMCMP(cipher, cipher3, 4))
  6245. ERROR_OUT(-5192, out);
  6246. ret = wc_AesCfbEncrypt(enc, cipher + 4, msg3 + 4, 27);
  6247. if (ret != 0)
  6248. ERROR_OUT(-5193, out);
  6249. if (XMEMCMP(cipher + 4, cipher3 + 4, 27))
  6250. ERROR_OUT(-5194, out);
  6251. ret = wc_AesCfbEncrypt(enc, cipher + 31, msg3 + 31,
  6252. (AES_BLOCK_SIZE * 4) - 31);
  6253. if (ret != 0)
  6254. ERROR_OUT(-5195, out);
  6255. if (XMEMCMP(cipher, cipher3, AES_BLOCK_SIZE * 4))
  6256. ERROR_OUT(-5196, out);
  6257. #ifdef HAVE_AES_DECRYPT
  6258. ret = wc_AesCfbDecrypt(dec, plain, cipher, 4);
  6259. if (ret != 0)
  6260. ERROR_OUT(-5197, out);
  6261. if (XMEMCMP(plain, msg3, 4))
  6262. ERROR_OUT(-5198, out);
  6263. ret = wc_AesCfbDecrypt(dec, plain + 4, cipher + 4, 4);
  6264. if (ret != 0)
  6265. ERROR_OUT(-5199, out);
  6266. ret = wc_AesCfbDecrypt(dec, plain + 8, cipher + 8, 23);
  6267. if (ret != 0)
  6268. ERROR_OUT(-5200, out);
  6269. if (XMEMCMP(plain + 4, msg3 + 4, 27))
  6270. ERROR_OUT(-5201, out);
  6271. ret = wc_AesCfbDecrypt(dec, plain + 31, cipher + 31,
  6272. (AES_BLOCK_SIZE * 4) - 31);
  6273. if (ret != 0)
  6274. ERROR_OUT(-5202, out);
  6275. if (XMEMCMP(plain, msg3, AES_BLOCK_SIZE * 4))
  6276. ERROR_OUT(-5203, out);
  6277. #endif /* HAVE_AES_DECRYPT */
  6278. #endif /* WOLFSSL_AES_256 */
  6279. out:
  6280. if (enc_inited)
  6281. wc_AesFree(enc);
  6282. if (dec_inited)
  6283. wc_AesFree(dec);
  6284. #ifdef WOLFSSL_SMALL_STACK
  6285. if (enc)
  6286. XFREE(enc, HEAP_HINT, DYNAMIC_TYPE_AES);
  6287. #ifdef HAVE_AES_DECRYPT
  6288. if (dec)
  6289. XFREE(dec, HEAP_HINT, DYNAMIC_TYPE_AES);
  6290. #endif
  6291. #endif
  6292. return ret;
  6293. }
  6294. #if !defined(HAVE_SELFTEST) && !defined(HAVE_FIPS)
  6295. static int aescfb1_test(void)
  6296. {
  6297. #ifdef WOLFSSL_SMALL_STACK
  6298. Aes *enc = NULL;
  6299. #else
  6300. Aes enc[1];
  6301. #endif
  6302. int enc_inited = 0;
  6303. byte cipher[AES_BLOCK_SIZE];
  6304. #ifdef HAVE_AES_DECRYPT
  6305. #ifdef WOLFSSL_SMALL_STACK
  6306. Aes *dec = NULL;
  6307. #else
  6308. Aes dec[1];
  6309. #endif
  6310. int dec_inited = 0;
  6311. byte plain [AES_BLOCK_SIZE];
  6312. #endif
  6313. int ret = 0;
  6314. #ifdef WOLFSSL_AES_128
  6315. WOLFSSL_SMALL_STACK_STATIC const byte iv[] = {
  6316. 0x4d,0xbb,0xdc,0xaa,0x59,0xf3,0x63,0xc9,
  6317. 0x2a,0x3b,0x98,0x43,0xad,0x20,0xe2,0xb7
  6318. };
  6319. WOLFSSL_SMALL_STACK_STATIC const byte key1[] =
  6320. {
  6321. 0xcd,0xef,0x9d,0x06,0x61,0xba,0xe4,0x73,
  6322. 0x8d,0x1a,0x58,0xa2,0xa6,0x22,0x8b,0x66
  6323. };
  6324. WOLFSSL_SMALL_STACK_STATIC const byte cipher1[] =
  6325. {
  6326. 0x00
  6327. };
  6328. WOLFSSL_SMALL_STACK_STATIC const byte msg1[] =
  6329. {
  6330. 0xC0
  6331. };
  6332. #endif /* WOLFSSL_AES_128 */
  6333. #ifdef WOLFSSL_AES_192
  6334. WOLFSSL_SMALL_STACK_STATIC const byte iv2[] = {
  6335. 0x57,0xc6,0x89,0x7c,0x99,0x52,0x28,0x13,
  6336. 0xbf,0x67,0x9c,0xe1,0x13,0x70,0xaf,0x5e
  6337. };
  6338. WOLFSSL_SMALL_STACK_STATIC const byte key2[] =
  6339. {
  6340. 0xba,0xa1,0x58,0xa1,0x6b,0x50,0x4a,0x10,
  6341. 0x8e,0xd4,0x33,0x2e,0xe7,0xf2,0x9b,0xf6,
  6342. 0xd1,0xac,0x46,0xa8,0xde,0x5a,0xfe,0x7a
  6343. };
  6344. WOLFSSL_SMALL_STACK_STATIC const byte cipher2[] =
  6345. {
  6346. 0x30
  6347. };
  6348. WOLFSSL_SMALL_STACK_STATIC const byte msg2[] =
  6349. {
  6350. 0x80
  6351. };
  6352. #endif /* WOLFSSL_AES_192 */
  6353. #ifdef WOLFSSL_AES_256
  6354. WOLFSSL_SMALL_STACK_STATIC const byte iv3[] = {
  6355. 0x63,0x2e,0x9f,0x83,0x1f,0xa3,0x80,0x5e,
  6356. 0x52,0x02,0xbc,0xe0,0x6d,0x04,0xf9,0xa0
  6357. };
  6358. WOLFSSL_SMALL_STACK_STATIC const byte key3[] =
  6359. {
  6360. 0xf6,0xfa,0xe4,0xf1,0x5d,0x91,0xfc,0x50,
  6361. 0x88,0x78,0x4f,0x84,0xa5,0x37,0x12,0x7e,
  6362. 0x32,0x63,0x55,0x9c,0x62,0x73,0x88,0x20,
  6363. 0xc2,0xcf,0x3d,0xe1,0x1c,0x2a,0x30,0x40
  6364. };
  6365. WOLFSSL_SMALL_STACK_STATIC const byte cipher3[] =
  6366. {
  6367. 0xF7, 0x00
  6368. };
  6369. WOLFSSL_SMALL_STACK_STATIC const byte msg3[] =
  6370. {
  6371. 0x41, 0xC0
  6372. };
  6373. #endif /* WOLFSSL_AES_256 */
  6374. #ifdef WOLFSSL_SMALL_STACK
  6375. if ((enc = (Aes *)XMALLOC(sizeof *enc, HEAP_HINT, DYNAMIC_TYPE_AES)) == NULL)
  6376. ERROR_OUT(-1, out);
  6377. #ifdef HAVE_AES_DECRYPT
  6378. if ((dec = (Aes *)XMALLOC(sizeof *dec, HEAP_HINT, DYNAMIC_TYPE_AES)) == NULL)
  6379. ERROR_OUT(-1, out);
  6380. #endif
  6381. #endif
  6382. if (wc_AesInit(enc, HEAP_HINT, devId) != 0)
  6383. ERROR_OUT(-5204, out);
  6384. else
  6385. enc_inited = 1;
  6386. #ifdef HAVE_AES_DECRYPT
  6387. if (wc_AesInit(dec, HEAP_HINT, devId) != 0)
  6388. ERROR_OUT(-5205, out);
  6389. else
  6390. dec_inited = 1;
  6391. #endif
  6392. #ifdef WOLFSSL_AES_128
  6393. /* 128 key tests */
  6394. ret = wc_AesSetKey(enc, key1, AES_BLOCK_SIZE, iv, AES_ENCRYPTION);
  6395. if (ret != 0)
  6396. ERROR_OUT(-5206, out);
  6397. #ifdef HAVE_AES_DECRYPT
  6398. /* decrypt uses AES_ENCRYPTION */
  6399. ret = wc_AesSetKey(dec, key1, AES_BLOCK_SIZE, iv, AES_ENCRYPTION);
  6400. if (ret != 0)
  6401. ERROR_OUT(-5207, out);
  6402. #endif
  6403. XMEMSET(cipher, 0, sizeof(cipher));
  6404. ret = wc_AesCfb1Encrypt(enc, cipher, msg1, 2);
  6405. if (ret != 0)
  6406. ERROR_OUT(-5208, out);
  6407. if (cipher[0] != cipher1[0])
  6408. ERROR_OUT(-5209, out);
  6409. #ifdef HAVE_AES_DECRYPT
  6410. ret = wc_AesCfb1Decrypt(dec, plain, cipher, 2);
  6411. if (ret != 0)
  6412. ERROR_OUT(-5210, out);
  6413. if (plain[0] != msg1[0])
  6414. ERROR_OUT(-5211, out);
  6415. #endif /* HAVE_AES_DECRYPT */
  6416. #ifdef OPENSSL_EXTRA
  6417. ret = wc_AesSetKey(enc, key1, AES_BLOCK_SIZE, iv, AES_ENCRYPTION);
  6418. if (ret != 0)
  6419. ERROR_OUT(-5212, out);
  6420. XMEMSET(cipher, 0, sizeof(cipher));
  6421. ret = wc_AesCfb1Encrypt(enc, cipher, msg1,
  6422. sizeof(msg1) * WOLFSSL_BIT_SIZE);
  6423. if (ret != 0)
  6424. ERROR_OUT(-5213, out);
  6425. ret = EVP_test(EVP_aes_128_cfb1(), key1, iv, msg1, sizeof(msg1),
  6426. cipher, sizeof(msg1));
  6427. if (ret != 0) {
  6428. goto out;
  6429. }
  6430. #endif
  6431. #endif /* WOLFSSL_AES_128 */
  6432. #ifdef WOLFSSL_AES_192
  6433. /* 192 key tests */
  6434. ret = wc_AesSetKey(enc, key2, sizeof(key2), iv2, AES_ENCRYPTION);
  6435. if (ret != 0)
  6436. ERROR_OUT(-5214, out);
  6437. XMEMSET(cipher, 0, sizeof(cipher));
  6438. ret = wc_AesCfb1Encrypt(enc, cipher, msg2, 4);
  6439. if (ret != 0)
  6440. ERROR_OUT(-5215, out);
  6441. if (XMEMCMP(cipher, cipher2, sizeof(cipher2)) != 0)
  6442. ERROR_OUT(-5216, out);
  6443. #ifdef OPENSSL_EXTRA
  6444. ret = wc_AesSetKey(enc, key2, sizeof(key2), iv2, AES_ENCRYPTION);
  6445. if (ret != 0)
  6446. ERROR_OUT(-5217, out);
  6447. XMEMSET(cipher, 0, sizeof(cipher));
  6448. ret = wc_AesCfb1Encrypt(enc, cipher, msg2,
  6449. sizeof(msg2) * WOLFSSL_BIT_SIZE);
  6450. if (ret != 0)
  6451. ERROR_OUT(-5218, out);
  6452. ret = EVP_test(EVP_aes_192_cfb1(), key2, iv2, msg2, sizeof(msg2),
  6453. cipher, sizeof(msg2));
  6454. if (ret != 0) {
  6455. goto out;
  6456. }
  6457. #endif
  6458. #endif /* WOLFSSL_AES_192 */
  6459. #ifdef WOLFSSL_AES_256
  6460. /* 256 key tests */
  6461. ret = wc_AesSetKey(enc, key3, sizeof(key3), iv3, AES_ENCRYPTION);
  6462. if (ret != 0)
  6463. ERROR_OUT(-5219, out);
  6464. XMEMSET(cipher, 0, sizeof(cipher));
  6465. ret = wc_AesCfb1Encrypt(enc, cipher, msg3, 10);
  6466. if (ret != 0)
  6467. ERROR_OUT(-5220, out);
  6468. if (XMEMCMP(cipher, cipher3, sizeof(cipher3)) != 0)
  6469. ERROR_OUT(-5221, out);
  6470. #ifdef OPENSSL_EXTRA
  6471. ret = wc_AesSetKey(enc, key3, sizeof(key3), iv3, AES_ENCRYPTION);
  6472. if (ret != 0)
  6473. ERROR_OUT(-5222, out);
  6474. XMEMSET(cipher, 0, sizeof(cipher));
  6475. ret = wc_AesCfb1Encrypt(enc, cipher, msg3,
  6476. sizeof(msg3) * WOLFSSL_BIT_SIZE);
  6477. if (ret != 0)
  6478. ERROR_OUT(-5223, out);
  6479. ret = EVP_test(EVP_aes_256_cfb1(), key3, iv3, msg3, sizeof(msg3),
  6480. cipher, sizeof(msg3));
  6481. if (ret != 0) {
  6482. goto out;
  6483. }
  6484. #endif
  6485. out:
  6486. if (enc_inited)
  6487. wc_AesFree(enc);
  6488. #ifdef HAVE_AES_DECRYPT
  6489. if (dec_inited)
  6490. wc_AesFree(dec);
  6491. #endif
  6492. #ifdef WOLFSSL_SMALL_STACK
  6493. if (enc)
  6494. XFREE(enc, HEAP_HINT, DYNAMIC_TYPE_AES);
  6495. #ifdef HAVE_AES_DECRYPT
  6496. if (dec)
  6497. XFREE(dec, HEAP_HINT, DYNAMIC_TYPE_AES);
  6498. #endif
  6499. #endif
  6500. #endif /* WOLFSSL_AES_256 */
  6501. return ret;
  6502. }
  6503. static int aescfb8_test(void)
  6504. {
  6505. #ifdef WOLFSSL_SMALL_STACK
  6506. Aes *enc = NULL;
  6507. #else
  6508. Aes enc[1];
  6509. #endif
  6510. int enc_inited = 0;
  6511. byte cipher[AES_BLOCK_SIZE];
  6512. #ifdef HAVE_AES_DECRYPT
  6513. #ifdef WOLFSSL_SMALL_STACK
  6514. Aes *dec = NULL;
  6515. #else
  6516. Aes dec[1];
  6517. #endif
  6518. int dec_inited = 0;
  6519. byte plain [AES_BLOCK_SIZE];
  6520. #endif
  6521. int ret = 0;
  6522. #ifdef WOLFSSL_AES_128
  6523. WOLFSSL_SMALL_STACK_STATIC const byte iv[] = {
  6524. 0xf4,0x75,0xc6,0x49,0x91,0xb2,0x0e,0xae,
  6525. 0xe1,0x83,0xa2,0x26,0x29,0xe2,0x1e,0x22
  6526. };
  6527. WOLFSSL_SMALL_STACK_STATIC const byte key1[] =
  6528. {
  6529. 0xc8,0xfe,0x9b,0xf7,0x7b,0x93,0x0f,0x46,
  6530. 0xd2,0x07,0x8b,0x8c,0x0e,0x65,0x7c,0xd4
  6531. };
  6532. WOLFSSL_SMALL_STACK_STATIC const byte cipher1[] =
  6533. {
  6534. 0xd2,0x76,0x91
  6535. };
  6536. WOLFSSL_SMALL_STACK_STATIC const byte msg1[] =
  6537. {
  6538. 0xc9,0x06,0x35
  6539. };
  6540. #endif /* WOLFSSL_AES_128 */
  6541. #ifdef WOLFSSL_AES_192
  6542. WOLFSSL_SMALL_STACK_STATIC const byte iv2[] = {
  6543. 0x0a,0x02,0x84,0x6b,0x62,0xab,0xb6,0x93,
  6544. 0xef,0x31,0xd7,0x54,0x84,0x2e,0xed,0x29
  6545. };
  6546. WOLFSSL_SMALL_STACK_STATIC const byte key2[] =
  6547. {
  6548. 0xba,0xf0,0x8b,0x76,0x31,0x7a,0x65,0xc5,
  6549. 0xf0,0x7a,0xe6,0xf5,0x7e,0xb0,0xe6,0x54,
  6550. 0x88,0x65,0x93,0x24,0xd2,0x97,0x09,0xe3
  6551. };
  6552. WOLFSSL_SMALL_STACK_STATIC const byte cipher2[] =
  6553. {
  6554. 0x72,0x9c,0x0b,0x6d,0xeb,0x75,0xfa,0x6e,
  6555. 0xb5,0xe8
  6556. };
  6557. WOLFSSL_SMALL_STACK_STATIC const byte msg2[] =
  6558. {
  6559. 0x98,0x95,0x93,0x24,0x02,0x39,0x3d,0xc3,
  6560. 0x3a,0x60
  6561. };
  6562. #endif
  6563. #ifdef WOLFSSL_AES_256
  6564. WOLFSSL_SMALL_STACK_STATIC const byte iv3[] = {
  6565. 0x33,0x8c,0x55,0x2f,0xf1,0xec,0xa1,0x44,
  6566. 0x08,0xe0,0x5d,0x8c,0xf9,0xf3,0xb3,0x1b
  6567. };
  6568. WOLFSSL_SMALL_STACK_STATIC const byte key3[] =
  6569. {
  6570. 0x06,0x48,0x74,0x09,0x2f,0x7a,0x13,0xcc,
  6571. 0x44,0x62,0x24,0x7a,0xd4,0x23,0xd0,0xe9,
  6572. 0x6e,0xdf,0x42,0xe8,0xb6,0x7a,0x5a,0x23,
  6573. 0xb7,0xa0,0xa6,0x47,0x7b,0x09,0x8e,0x66
  6574. };
  6575. WOLFSSL_SMALL_STACK_STATIC const byte cipher3[] =
  6576. {
  6577. 0x1c,0xff,0x95
  6578. };
  6579. WOLFSSL_SMALL_STACK_STATIC const byte msg3[] =
  6580. {
  6581. 0xb9,0x74,0xfa
  6582. };
  6583. #endif
  6584. #ifdef WOLFSSL_SMALL_STACK
  6585. if ((enc = (Aes *)XMALLOC(sizeof *enc, HEAP_HINT, DYNAMIC_TYPE_AES)) == NULL)
  6586. ERROR_OUT(-5238, out);
  6587. #ifdef HAVE_AES_DECRYPT
  6588. if ((dec = (Aes *)XMALLOC(sizeof *dec, HEAP_HINT, DYNAMIC_TYPE_AES)) == NULL)
  6589. ERROR_OUT(-5239, out);
  6590. #endif
  6591. #endif
  6592. if (wc_AesInit(enc, HEAP_HINT, devId) != 0)
  6593. ERROR_OUT(-5224, out);
  6594. else
  6595. enc_inited = 1;
  6596. #ifdef HAVE_AES_DECRYPT
  6597. if (wc_AesInit(dec, HEAP_HINT, devId) != 0)
  6598. ERROR_OUT(-5225, out);
  6599. else
  6600. dec_inited = 1;
  6601. #endif
  6602. #ifdef WOLFSSL_AES_128
  6603. /* 128 key tests */
  6604. #ifdef OPENSSL_EXTRA
  6605. ret = EVP_test(EVP_aes_128_cfb8(), key1, iv, msg1, sizeof(msg1),
  6606. cipher1, sizeof(cipher1));
  6607. if (ret != 0) {
  6608. return ret;
  6609. }
  6610. #endif
  6611. ret = wc_AesSetKey(enc, key1, AES_BLOCK_SIZE, iv, AES_ENCRYPTION);
  6612. if (ret != 0)
  6613. ERROR_OUT(-5226, out);
  6614. #ifdef HAVE_AES_DECRYPT
  6615. /* decrypt uses AES_ENCRYPTION */
  6616. ret = wc_AesSetKey(dec, key1, AES_BLOCK_SIZE, iv, AES_ENCRYPTION);
  6617. if (ret != 0)
  6618. ERROR_OUT(-5227, out);
  6619. #endif
  6620. XMEMSET(cipher, 0, sizeof(cipher));
  6621. ret = wc_AesCfb8Encrypt(enc, cipher, msg1, sizeof(msg1));
  6622. if (ret != 0)
  6623. ERROR_OUT(-5228, out);
  6624. if (XMEMCMP(cipher, cipher1, sizeof(cipher1)) != 0)
  6625. ERROR_OUT(-5229, out);
  6626. #ifdef HAVE_AES_DECRYPT
  6627. ret = wc_AesCfb8Decrypt(dec, plain, cipher, sizeof(msg1));
  6628. if (ret != 0)
  6629. ERROR_OUT(-5230, out);
  6630. if (XMEMCMP(plain, msg1, sizeof(msg1)) != 0)
  6631. ERROR_OUT(-5231, out);
  6632. #endif /* HAVE_AES_DECRYPT */
  6633. #endif /* WOLFSSL_AES_128 */
  6634. #ifdef WOLFSSL_AES_192
  6635. /* 192 key tests */
  6636. ret = wc_AesSetKey(enc, key2, sizeof(key2), iv2, AES_ENCRYPTION);
  6637. if (ret != 0)
  6638. ERROR_OUT(-5232, out);
  6639. XMEMSET(cipher, 0, sizeof(cipher));
  6640. ret = wc_AesCfb8Encrypt(enc, cipher, msg2, sizeof(msg2));
  6641. if (ret != 0)
  6642. ERROR_OUT(-5233, out);
  6643. if (XMEMCMP(cipher, cipher2, sizeof(msg2)) != 0)
  6644. ERROR_OUT(-5234, out);
  6645. #ifdef OPENSSL_EXTRA
  6646. ret = EVP_test(EVP_aes_192_cfb8(), key2, iv2, msg2, sizeof(msg2),
  6647. cipher2, sizeof(msg2));
  6648. if (ret != 0) {
  6649. return ret;
  6650. }
  6651. #endif
  6652. #endif /* WOLFSSL_AES_192 */
  6653. #ifdef WOLFSSL_AES_256
  6654. /* 256 key tests */
  6655. ret = wc_AesSetKey(enc, key3, sizeof(key3), iv3, AES_ENCRYPTION);
  6656. if (ret != 0)
  6657. ERROR_OUT(-5235, out);
  6658. XMEMSET(cipher, 0, sizeof(cipher));
  6659. ret = wc_AesCfb8Encrypt(enc, cipher, msg3, sizeof(msg3));
  6660. if (ret != 0)
  6661. ERROR_OUT(-5236, out);
  6662. if (XMEMCMP(cipher, cipher3, sizeof(cipher3)) != 0)
  6663. ERROR_OUT(-5237, out);
  6664. #ifdef OPENSSL_EXTRA
  6665. ret = EVP_test(EVP_aes_256_cfb8(), key3, iv3, msg3, sizeof(msg3),
  6666. cipher3, sizeof(msg3));
  6667. if (ret != 0) {
  6668. goto out;
  6669. }
  6670. #endif
  6671. out:
  6672. if (enc_inited)
  6673. wc_AesFree(enc);
  6674. #ifdef HAVE_AES_DECRYPT
  6675. if (dec_inited)
  6676. wc_AesFree(dec);
  6677. #endif
  6678. #ifdef WOLFSSL_SMALL_STACK
  6679. if (enc)
  6680. XFREE(enc, HEAP_HINT, DYNAMIC_TYPE_AES);
  6681. #ifdef HAVE_AES_DECRYPT
  6682. if (dec)
  6683. XFREE(dec, HEAP_HINT, DYNAMIC_TYPE_AES);
  6684. #endif
  6685. #endif
  6686. #endif /* WOLFSSL_AES_256 */
  6687. return ret;
  6688. }
  6689. #endif /* !HAVE_SELFTEST && !HAVE_FIPS */
  6690. #endif /* WOLFSSL_AES_CFB */
  6691. static int aes_key_size_test(void)
  6692. {
  6693. int ret;
  6694. #ifdef WOLFSSL_SMALL_STACK
  6695. Aes *aes;
  6696. #else
  6697. Aes aes[1];
  6698. #endif
  6699. byte key16[] = { 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37,
  6700. 0x38, 0x39, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66 };
  6701. #ifndef WOLFSSL_CRYPTOCELL
  6702. byte key24[] = { 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37,
  6703. 0x38, 0x39, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66,
  6704. 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37 };
  6705. #endif
  6706. byte key32[] = { 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37,
  6707. 0x38, 0x39, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66,
  6708. 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37,
  6709. 0x38, 0x39, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66 };
  6710. byte iv[] = "1234567890abcdef";
  6711. #ifndef HAVE_FIPS
  6712. word32 keySize;
  6713. #endif
  6714. #ifdef WOLFSSL_SMALL_STACK
  6715. if ((aes = (Aes *)XMALLOC(sizeof *aes, HEAP_HINT, DYNAMIC_TYPE_AES)) == NULL)
  6716. return -5315;
  6717. #endif
  6718. #if !defined(HAVE_FIPS) || \
  6719. defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION >= 2)
  6720. /* w/ FIPS v1 (cert 2425) wc_AesInit just returns 0 always as it's not
  6721. * supported with that FIPS version */
  6722. ret = wc_AesInit(NULL, HEAP_HINT, devId);
  6723. if (ret != BAD_FUNC_ARG)
  6724. ERROR_OUT(-5300, out);
  6725. #endif
  6726. ret = wc_AesInit(aes, HEAP_HINT, devId);
  6727. /* 0 check OK for FIPSv1 */
  6728. if (ret != 0)
  6729. ERROR_OUT(-5301, out);
  6730. #ifndef HAVE_FIPS
  6731. /* Parameter Validation testing. */
  6732. ret = wc_AesGetKeySize(NULL, NULL);
  6733. if (ret != BAD_FUNC_ARG)
  6734. ERROR_OUT(-5302, out);
  6735. ret = wc_AesGetKeySize(aes, NULL);
  6736. if (ret != BAD_FUNC_ARG)
  6737. ERROR_OUT(-5303, out);
  6738. ret = wc_AesGetKeySize(NULL, &keySize);
  6739. if (ret != BAD_FUNC_ARG)
  6740. ERROR_OUT(-5304, out);
  6741. /* Crashes in FIPS */
  6742. ret = wc_AesSetKey(NULL, key16, sizeof(key16), iv, AES_ENCRYPTION);
  6743. if (ret != BAD_FUNC_ARG)
  6744. ERROR_OUT(-5305, out);
  6745. #endif
  6746. /* NULL IV indicates to use all zeros IV. */
  6747. ret = wc_AesSetKey(aes, key16, sizeof(key16), NULL, AES_ENCRYPTION);
  6748. #ifdef WOLFSSL_AES_128
  6749. if (ret != 0)
  6750. #else
  6751. if (ret != BAD_FUNC_ARG)
  6752. #endif
  6753. ERROR_OUT(-5306, out);
  6754. ret = wc_AesSetKey(aes, key32, sizeof(key32) - 1, iv, AES_ENCRYPTION);
  6755. if (ret != BAD_FUNC_ARG)
  6756. ERROR_OUT(-5307, out);
  6757. /* CryptoCell handles rounds internally */
  6758. #if !defined(HAVE_FIPS) && !defined(WOLFSSL_CRYPTOCELL)
  6759. /* Force invalid rounds */
  6760. aes->rounds = 16;
  6761. ret = wc_AesGetKeySize(aes, &keySize);
  6762. if (ret != BAD_FUNC_ARG)
  6763. ERROR_OUT(-5308, out);
  6764. #endif
  6765. ret = wc_AesSetKey(aes, key16, sizeof(key16), iv, AES_ENCRYPTION);
  6766. #ifdef WOLFSSL_AES_128
  6767. if (ret != 0)
  6768. #else
  6769. if (ret != BAD_FUNC_ARG)
  6770. #endif
  6771. ERROR_OUT(-5309, out);
  6772. #if !defined(HAVE_FIPS) && defined(WOLFSSL_AES_128)
  6773. ret = wc_AesGetKeySize(aes, &keySize);
  6774. if (ret != 0 || keySize != sizeof(key16))
  6775. ERROR_OUT(-5310, out);
  6776. #endif
  6777. #ifndef WOLFSSL_CRYPTOCELL
  6778. /* Cryptocell only supports AES-128 key size */
  6779. ret = wc_AesSetKey(aes, key24, sizeof(key24), iv, AES_ENCRYPTION);
  6780. #ifdef WOLFSSL_AES_192
  6781. if (ret != 0)
  6782. #else
  6783. if (ret != BAD_FUNC_ARG)
  6784. #endif
  6785. ERROR_OUT(-5311, out);
  6786. #if !defined(HAVE_FIPS) && defined(WOLFSSL_AES_192)
  6787. ret = wc_AesGetKeySize(aes, &keySize);
  6788. if (ret != 0 || keySize != sizeof(key24))
  6789. ERROR_OUT(-5312, out);
  6790. #endif
  6791. ret = wc_AesSetKey(aes, key32, sizeof(key32), iv, AES_ENCRYPTION);
  6792. #ifdef WOLFSSL_AES_256
  6793. if (ret != 0)
  6794. #else
  6795. if (ret != BAD_FUNC_ARG)
  6796. #endif
  6797. ERROR_OUT(-5313, out);
  6798. #if !defined(HAVE_FIPS) && defined(WOLFSSL_AES_256)
  6799. ret = wc_AesGetKeySize(aes, &keySize);
  6800. if (ret != 0 || keySize != sizeof(key32))
  6801. ERROR_OUT(-5314, out);
  6802. #endif
  6803. #endif /* !WOLFSSL_CRYPTOCELL */
  6804. out:
  6805. #ifdef WOLFSSL_SMALL_STACK
  6806. XFREE(aes, HEAP_HINT, DYNAMIC_TYPE_AES);
  6807. #endif
  6808. return ret;
  6809. }
  6810. #if defined(WOLFSSL_AES_XTS)
  6811. /* test vectors from http://csrc.nist.gov/groups/STM/cavp/block-cipher-modes.html */
  6812. #ifdef WOLFSSL_AES_128
  6813. static int aes_xts_128_test(void)
  6814. {
  6815. #ifdef WOLFSSL_SMALL_STACK
  6816. XtsAes *aes = NULL;
  6817. #else
  6818. XtsAes aes[1];
  6819. #endif
  6820. int aes_inited = 0;
  6821. int ret = 0;
  6822. unsigned char buf[AES_BLOCK_SIZE * 2];
  6823. unsigned char cipher[AES_BLOCK_SIZE * 2];
  6824. /* 128 key tests */
  6825. WOLFSSL_SMALL_STACK_STATIC unsigned char k1[] = {
  6826. 0xa1, 0xb9, 0x0c, 0xba, 0x3f, 0x06, 0xac, 0x35,
  6827. 0x3b, 0x2c, 0x34, 0x38, 0x76, 0x08, 0x17, 0x62,
  6828. 0x09, 0x09, 0x23, 0x02, 0x6e, 0x91, 0x77, 0x18,
  6829. 0x15, 0xf2, 0x9d, 0xab, 0x01, 0x93, 0x2f, 0x2f
  6830. };
  6831. WOLFSSL_SMALL_STACK_STATIC unsigned char i1[] = {
  6832. 0x4f, 0xae, 0xf7, 0x11, 0x7c, 0xda, 0x59, 0xc6,
  6833. 0x6e, 0x4b, 0x92, 0x01, 0x3e, 0x76, 0x8a, 0xd5
  6834. };
  6835. WOLFSSL_SMALL_STACK_STATIC unsigned char p1[] = {
  6836. 0xeb, 0xab, 0xce, 0x95, 0xb1, 0x4d, 0x3c, 0x8d,
  6837. 0x6f, 0xb3, 0x50, 0x39, 0x07, 0x90, 0x31, 0x1c
  6838. };
  6839. /* plain text test of partial block is not from NIST test vector list */
  6840. WOLFSSL_SMALL_STACK_STATIC unsigned char pp[] = {
  6841. 0xeb, 0xab, 0xce, 0x95, 0xb1, 0x4d, 0x3c, 0x8d,
  6842. 0x6f, 0xb3, 0x50, 0x39, 0x07, 0x90, 0x31, 0x1c,
  6843. 0x6e, 0x4b, 0x92, 0x01, 0x3e, 0x76, 0x8a, 0xd5
  6844. };
  6845. WOLFSSL_SMALL_STACK_STATIC unsigned char c1[] = {
  6846. 0x77, 0x8a, 0xe8, 0xb4, 0x3c, 0xb9, 0x8d, 0x5a,
  6847. 0x82, 0x50, 0x81, 0xd5, 0xbe, 0x47, 0x1c, 0x63
  6848. };
  6849. WOLFSSL_SMALL_STACK_STATIC unsigned char k2[] = {
  6850. 0x39, 0x25, 0x79, 0x05, 0xdf, 0xcc, 0x77, 0x76,
  6851. 0x6c, 0x87, 0x0a, 0x80, 0x6a, 0x60, 0xe3, 0xc0,
  6852. 0x93, 0xd1, 0x2a, 0xcf, 0xcb, 0x51, 0x42, 0xfa,
  6853. 0x09, 0x69, 0x89, 0x62, 0x5b, 0x60, 0xdb, 0x16
  6854. };
  6855. WOLFSSL_SMALL_STACK_STATIC unsigned char i2[] = {
  6856. 0x5c, 0xf7, 0x9d, 0xb6, 0xc5, 0xcd, 0x99, 0x1a,
  6857. 0x1c, 0x78, 0x81, 0x42, 0x24, 0x95, 0x1e, 0x84
  6858. };
  6859. WOLFSSL_SMALL_STACK_STATIC unsigned char p2[] = {
  6860. 0xbd, 0xc5, 0x46, 0x8f, 0xbc, 0x8d, 0x50, 0xa1,
  6861. 0x0d, 0x1c, 0x85, 0x7f, 0x79, 0x1c, 0x5c, 0xba,
  6862. 0xb3, 0x81, 0x0d, 0x0d, 0x73, 0xcf, 0x8f, 0x20,
  6863. 0x46, 0xb1, 0xd1, 0x9e, 0x7d, 0x5d, 0x8a, 0x56
  6864. };
  6865. WOLFSSL_SMALL_STACK_STATIC unsigned char c2[] = {
  6866. 0xd6, 0xbe, 0x04, 0x6d, 0x41, 0xf2, 0x3b, 0x5e,
  6867. 0xd7, 0x0b, 0x6b, 0x3d, 0x5c, 0x8e, 0x66, 0x23,
  6868. 0x2b, 0xe6, 0xb8, 0x07, 0xd4, 0xdc, 0xc6, 0x0e,
  6869. 0xff, 0x8d, 0xbc, 0x1d, 0x9f, 0x7f, 0xc8, 0x22
  6870. };
  6871. #ifdef WOLFSSL_SMALL_STACK
  6872. if ((aes = (XtsAes *)XMALLOC(sizeof *aes, HEAP_HINT, DYNAMIC_TYPE_AES)) == NULL)
  6873. ERROR_OUT(-5417, out);
  6874. #endif
  6875. #if defined(OPENSSL_EXTRA) && !defined(HAVE_SELFTEST) && !defined(HAVE_FIPS)
  6876. ret = EVP_test(EVP_aes_128_xts(), k2, i2, p2, sizeof(p2), c2, sizeof(c2));
  6877. if (ret != 0) {
  6878. printf("EVP_aes_128_xts failed!\n");
  6879. goto out;
  6880. }
  6881. #endif
  6882. XMEMSET(buf, 0, sizeof(buf));
  6883. if (wc_AesXtsSetKey(aes, k2, sizeof(k2), AES_ENCRYPTION,
  6884. HEAP_HINT, devId) != 0)
  6885. ERROR_OUT(-5400, out);
  6886. else
  6887. aes_inited = 1;
  6888. ret = wc_AesXtsEncrypt(aes, buf, p2, sizeof(p2), i2, sizeof(i2));
  6889. #if defined(WOLFSSL_ASYNC_CRYPT)
  6890. ret = wc_AsyncWait(ret, &aes->aes.asyncDev, WC_ASYNC_FLAG_NONE);
  6891. #endif
  6892. if (ret != 0)
  6893. ERROR_OUT(-5401, out);
  6894. if (XMEMCMP(c2, buf, sizeof(c2)))
  6895. ERROR_OUT(-5402, out);
  6896. XMEMSET(buf, 0, sizeof(buf));
  6897. if (wc_AesXtsSetKey(aes, k1, sizeof(k1), AES_ENCRYPTION,
  6898. HEAP_HINT, devId) != 0)
  6899. ERROR_OUT(-5403, out);
  6900. ret = wc_AesXtsEncrypt(aes, buf, p1, sizeof(p1), i1, sizeof(i1));
  6901. #if defined(WOLFSSL_ASYNC_CRYPT)
  6902. ret = wc_AsyncWait(ret, &aes->aes.asyncDev, WC_ASYNC_FLAG_NONE);
  6903. #endif
  6904. if (ret != 0)
  6905. ERROR_OUT(-5404, out);
  6906. if (XMEMCMP(c1, buf, AES_BLOCK_SIZE))
  6907. ERROR_OUT(-5405, out);
  6908. /* partial block encryption test */
  6909. XMEMSET(cipher, 0, sizeof(cipher));
  6910. ret = wc_AesXtsEncrypt(aes, cipher, pp, sizeof(pp), i1, sizeof(i1));
  6911. #if defined(WOLFSSL_ASYNC_CRYPT)
  6912. ret = wc_AsyncWait(ret, &aes->aes.asyncDev, WC_ASYNC_FLAG_NONE);
  6913. #endif
  6914. if (ret != 0)
  6915. ERROR_OUT(-5406, out);
  6916. wc_AesXtsFree(aes);
  6917. /* partial block decrypt test */
  6918. XMEMSET(buf, 0, sizeof(buf));
  6919. if (wc_AesXtsSetKey(aes, k1, sizeof(k1), AES_DECRYPTION,
  6920. HEAP_HINT, devId) != 0)
  6921. ERROR_OUT(-5407, out);
  6922. ret = wc_AesXtsDecrypt(aes, buf, cipher, sizeof(pp), i1, sizeof(i1));
  6923. #if defined(WOLFSSL_ASYNC_CRYPT)
  6924. ret = wc_AsyncWait(ret, &aes->aes.asyncDev, WC_ASYNC_FLAG_NONE);
  6925. #endif
  6926. if (ret != 0)
  6927. ERROR_OUT(-5408, out);
  6928. if (XMEMCMP(pp, buf, sizeof(pp)))
  6929. ERROR_OUT(-5409, out);
  6930. /* NIST decrypt test vector */
  6931. XMEMSET(buf, 0, sizeof(buf));
  6932. ret = wc_AesXtsDecrypt(aes, buf, c1, sizeof(c1), i1, sizeof(i1));
  6933. #if defined(WOLFSSL_ASYNC_CRYPT)
  6934. ret = wc_AsyncWait(ret, &aes->aes.asyncDev, WC_ASYNC_FLAG_NONE);
  6935. #endif
  6936. if (ret != 0)
  6937. ERROR_OUT(-5410, out);
  6938. if (XMEMCMP(p1, buf, AES_BLOCK_SIZE))
  6939. ERROR_OUT(-5411, out);
  6940. /* fail case with decrypting using wrong key */
  6941. XMEMSET(buf, 0, sizeof(buf));
  6942. ret = wc_AesXtsDecrypt(aes, buf, c2, sizeof(c2), i2, sizeof(i2));
  6943. #if defined(WOLFSSL_ASYNC_CRYPT)
  6944. ret = wc_AsyncWait(ret, &aes->aes.asyncDev, WC_ASYNC_FLAG_NONE);
  6945. #endif
  6946. if (ret != 0)
  6947. ERROR_OUT(-5412, out);
  6948. if (XMEMCMP(p2, buf, sizeof(p2)) == 0) /* fail case with wrong key */
  6949. ERROR_OUT(-5413, out);
  6950. /* set correct key and retest */
  6951. XMEMSET(buf, 0, sizeof(buf));
  6952. if (wc_AesXtsSetKey(aes, k2, sizeof(k2), AES_DECRYPTION,
  6953. HEAP_HINT, devId) != 0)
  6954. ERROR_OUT(-5414, out);
  6955. ret = wc_AesXtsDecrypt(aes, buf, c2, sizeof(c2), i2, sizeof(i2));
  6956. #if defined(WOLFSSL_ASYNC_CRYPT)
  6957. ret = wc_AsyncWait(ret, &aes->aes.asyncDev, WC_ASYNC_FLAG_NONE);
  6958. #endif
  6959. if (ret != 0)
  6960. ERROR_OUT(-5415, out);
  6961. if (XMEMCMP(p2, buf, sizeof(p2)))
  6962. ERROR_OUT(-5416, out);
  6963. out:
  6964. if (aes_inited)
  6965. wc_AesXtsFree(aes);
  6966. #ifdef WOLFSSL_SMALL_STACK
  6967. if (aes)
  6968. XFREE(aes, HEAP_HINT, DYNAMIC_TYPE_AES);
  6969. #endif
  6970. return ret;
  6971. }
  6972. #endif /* WOLFSSL_AES_128 */
  6973. #ifdef WOLFSSL_AES_256
  6974. static int aes_xts_256_test(void)
  6975. {
  6976. #ifdef WOLFSSL_SMALL_STACK
  6977. XtsAes *aes = NULL;
  6978. #else
  6979. XtsAes aes[1];
  6980. #endif
  6981. int aes_inited = 0;
  6982. int ret = 0;
  6983. unsigned char buf[AES_BLOCK_SIZE * 3];
  6984. unsigned char cipher[AES_BLOCK_SIZE * 3];
  6985. /* 256 key tests */
  6986. WOLFSSL_SMALL_STACK_STATIC unsigned char k1[] = {
  6987. 0x1e, 0xa6, 0x61, 0xc5, 0x8d, 0x94, 0x3a, 0x0e,
  6988. 0x48, 0x01, 0xe4, 0x2f, 0x4b, 0x09, 0x47, 0x14,
  6989. 0x9e, 0x7f, 0x9f, 0x8e, 0x3e, 0x68, 0xd0, 0xc7,
  6990. 0x50, 0x52, 0x10, 0xbd, 0x31, 0x1a, 0x0e, 0x7c,
  6991. 0xd6, 0xe1, 0x3f, 0xfd, 0xf2, 0x41, 0x8d, 0x8d,
  6992. 0x19, 0x11, 0xc0, 0x04, 0xcd, 0xa5, 0x8d, 0xa3,
  6993. 0xd6, 0x19, 0xb7, 0xe2, 0xb9, 0x14, 0x1e, 0x58,
  6994. 0x31, 0x8e, 0xea, 0x39, 0x2c, 0xf4, 0x1b, 0x08
  6995. };
  6996. WOLFSSL_SMALL_STACK_STATIC unsigned char i1[] = {
  6997. 0xad, 0xf8, 0xd9, 0x26, 0x27, 0x46, 0x4a, 0xd2,
  6998. 0xf0, 0x42, 0x8e, 0x84, 0xa9, 0xf8, 0x75, 0x64
  6999. };
  7000. WOLFSSL_SMALL_STACK_STATIC unsigned char p1[] = {
  7001. 0x2e, 0xed, 0xea, 0x52, 0xcd, 0x82, 0x15, 0xe1,
  7002. 0xac, 0xc6, 0x47, 0xe8, 0x10, 0xbb, 0xc3, 0x64,
  7003. 0x2e, 0x87, 0x28, 0x7f, 0x8d, 0x2e, 0x57, 0xe3,
  7004. 0x6c, 0x0a, 0x24, 0xfb, 0xc1, 0x2a, 0x20, 0x2e
  7005. };
  7006. /* plain text test of partial block is not from NIST test vector list */
  7007. WOLFSSL_SMALL_STACK_STATIC unsigned char pp[] = {
  7008. 0xeb, 0xab, 0xce, 0x95, 0xb1, 0x4d, 0x3c, 0x8d,
  7009. 0x6f, 0xb3, 0x50, 0x39, 0x07, 0x90, 0x31, 0x1c,
  7010. 0x6e, 0x4b, 0x92, 0x01, 0x3e, 0x76, 0x8a, 0xd5
  7011. };
  7012. WOLFSSL_SMALL_STACK_STATIC unsigned char c1[] = {
  7013. 0xcb, 0xaa, 0xd0, 0xe2, 0xf6, 0xce, 0xa3, 0xf5,
  7014. 0x0b, 0x37, 0xf9, 0x34, 0xd4, 0x6a, 0x9b, 0x13,
  7015. 0x0b, 0x9d, 0x54, 0xf0, 0x7e, 0x34, 0xf3, 0x6a,
  7016. 0xf7, 0x93, 0xe8, 0x6f, 0x73, 0xc6, 0xd7, 0xdb
  7017. };
  7018. WOLFSSL_SMALL_STACK_STATIC unsigned char k2[] = {
  7019. 0xad, 0x50, 0x4b, 0x85, 0xd7, 0x51, 0xbf, 0xba,
  7020. 0x69, 0x13, 0xb4, 0xcc, 0x79, 0xb6, 0x5a, 0x62,
  7021. 0xf7, 0xf3, 0x9d, 0x36, 0x0f, 0x35, 0xb5, 0xec,
  7022. 0x4a, 0x7e, 0x95, 0xbd, 0x9b, 0xa5, 0xf2, 0xec,
  7023. 0xc1, 0xd7, 0x7e, 0xa3, 0xc3, 0x74, 0xbd, 0x4b,
  7024. 0x13, 0x1b, 0x07, 0x83, 0x87, 0xdd, 0x55, 0x5a,
  7025. 0xb5, 0xb0, 0xc7, 0xe5, 0x2d, 0xb5, 0x06, 0x12,
  7026. 0xd2, 0xb5, 0x3a, 0xcb, 0x47, 0x8a, 0x53, 0xb4
  7027. };
  7028. WOLFSSL_SMALL_STACK_STATIC unsigned char i2[] = {
  7029. 0xe6, 0x42, 0x19, 0xed, 0xe0, 0xe1, 0xc2, 0xa0,
  7030. 0x0e, 0xf5, 0x58, 0x6a, 0xc4, 0x9b, 0xeb, 0x6f
  7031. };
  7032. WOLFSSL_SMALL_STACK_STATIC unsigned char p2[] = {
  7033. 0x24, 0xcb, 0x76, 0x22, 0x55, 0xb5, 0xa8, 0x00,
  7034. 0xf4, 0x6e, 0x80, 0x60, 0x56, 0x9e, 0x05, 0x53,
  7035. 0xbc, 0xfe, 0x86, 0x55, 0x3b, 0xca, 0xd5, 0x89,
  7036. 0xc7, 0x54, 0x1a, 0x73, 0xac, 0xc3, 0x9a, 0xbd,
  7037. 0x53, 0xc4, 0x07, 0x76, 0xd8, 0xe8, 0x22, 0x61,
  7038. 0x9e, 0xa9, 0xad, 0x77, 0xa0, 0x13, 0x4c, 0xfc
  7039. };
  7040. WOLFSSL_SMALL_STACK_STATIC unsigned char c2[] = {
  7041. 0xa3, 0xc6, 0xf3, 0xf3, 0x82, 0x79, 0x5b, 0x10,
  7042. 0x87, 0xd7, 0x02, 0x50, 0xdb, 0x2c, 0xd3, 0xb1,
  7043. 0xa1, 0x62, 0xa8, 0xb6, 0xdc, 0x12, 0x60, 0x61,
  7044. 0xc1, 0x0a, 0x84, 0xa5, 0x85, 0x3f, 0x3a, 0x89,
  7045. 0xe6, 0x6c, 0xdb, 0xb7, 0x9a, 0xb4, 0x28, 0x9b,
  7046. 0xc3, 0xea, 0xd8, 0x10, 0xe9, 0xc0, 0xaf, 0x92
  7047. };
  7048. #ifdef WOLFSSL_SMALL_STACK
  7049. if ((aes = (XtsAes *)XMALLOC(sizeof *aes, HEAP_HINT, DYNAMIC_TYPE_AES)) == NULL)
  7050. ERROR_OUT(-5515, out);
  7051. #endif
  7052. #if defined(OPENSSL_EXTRA) && !defined(HAVE_SELFTEST) && !defined(HAVE_FIPS)
  7053. ret = EVP_test(EVP_aes_256_xts(), k2, i2, p2, sizeof(p2), c2, sizeof(c2));
  7054. if (ret != 0) {
  7055. printf("EVP_aes_256_xts failed\n");
  7056. goto out;
  7057. }
  7058. #endif
  7059. XMEMSET(buf, 0, sizeof(buf));
  7060. if (wc_AesXtsSetKey(aes, k2, sizeof(k2), AES_ENCRYPTION,
  7061. HEAP_HINT, devId) != 0)
  7062. ERROR_OUT(-5500, out);
  7063. else
  7064. aes_inited = 1;
  7065. ret = wc_AesXtsEncrypt(aes, buf, p2, sizeof(p2), i2, sizeof(i2));
  7066. #if defined(WOLFSSL_ASYNC_CRYPT)
  7067. ret = wc_AsyncWait(ret, &aes->aes.asyncDev, WC_ASYNC_FLAG_NONE);
  7068. #endif
  7069. if (ret != 0)
  7070. ERROR_OUT(-5501, out);
  7071. if (XMEMCMP(c2, buf, sizeof(c2)))
  7072. ERROR_OUT(-5502, out);
  7073. XMEMSET(buf, 0, sizeof(buf));
  7074. if (wc_AesXtsSetKey(aes, k1, sizeof(k1), AES_ENCRYPTION,
  7075. HEAP_HINT, devId) != 0)
  7076. ERROR_OUT(-5503, out);
  7077. ret = wc_AesXtsEncrypt(aes, buf, p1, sizeof(p1), i1, sizeof(i1));
  7078. #if defined(WOLFSSL_ASYNC_CRYPT)
  7079. ret = wc_AsyncWait(ret, &aes->aes.asyncDev, WC_ASYNC_FLAG_NONE);
  7080. #endif
  7081. if (ret != 0)
  7082. ERROR_OUT(-5504, out);
  7083. if (XMEMCMP(c1, buf, AES_BLOCK_SIZE))
  7084. ERROR_OUT(-5505, out);
  7085. /* partial block encryption test */
  7086. XMEMSET(cipher, 0, sizeof(cipher));
  7087. ret = wc_AesXtsEncrypt(aes, cipher, pp, sizeof(pp), i1, sizeof(i1));
  7088. #if defined(WOLFSSL_ASYNC_CRYPT)
  7089. ret = wc_AsyncWait(ret, &aes->aes.asyncDev, WC_ASYNC_FLAG_NONE);
  7090. #endif
  7091. if (ret != 0)
  7092. ERROR_OUT(-5506, out);
  7093. wc_AesXtsFree(aes);
  7094. /* partial block decrypt test */
  7095. XMEMSET(buf, 0, sizeof(buf));
  7096. if (wc_AesXtsSetKey(aes, k1, sizeof(k1), AES_DECRYPTION,
  7097. HEAP_HINT, devId) != 0)
  7098. ERROR_OUT(-5507, out);
  7099. ret = wc_AesXtsDecrypt(aes, buf, cipher, sizeof(pp), i1, sizeof(i1));
  7100. #if defined(WOLFSSL_ASYNC_CRYPT)
  7101. ret = wc_AsyncWait(ret, &aes->aes.asyncDev, WC_ASYNC_FLAG_NONE);
  7102. #endif
  7103. if (ret != 0)
  7104. ERROR_OUT(-5508, out);
  7105. if (XMEMCMP(pp, buf, sizeof(pp)))
  7106. ERROR_OUT(-5509, out);
  7107. /* NIST decrypt test vector */
  7108. XMEMSET(buf, 0, sizeof(buf));
  7109. ret = wc_AesXtsDecrypt(aes, buf, c1, sizeof(c1), i1, sizeof(i1));
  7110. #if defined(WOLFSSL_ASYNC_CRYPT)
  7111. ret = wc_AsyncWait(ret, &aes->aes.asyncDev, WC_ASYNC_FLAG_NONE);
  7112. #endif
  7113. if (ret != 0)
  7114. ERROR_OUT(-5510, out);
  7115. if (XMEMCMP(p1, buf, AES_BLOCK_SIZE))
  7116. ERROR_OUT(-5511, out);
  7117. XMEMSET(buf, 0, sizeof(buf));
  7118. if (wc_AesXtsSetKey(aes, k2, sizeof(k2), AES_DECRYPTION,
  7119. HEAP_HINT, devId) != 0)
  7120. ERROR_OUT(-5512, out);
  7121. ret = wc_AesXtsDecrypt(aes, buf, c2, sizeof(c2), i2, sizeof(i2));
  7122. #if defined(WOLFSSL_ASYNC_CRYPT)
  7123. ret = wc_AsyncWait(ret, &aes->aes.asyncDev, WC_ASYNC_FLAG_NONE);
  7124. #endif
  7125. if (ret != 0)
  7126. ERROR_OUT(-5513, out);
  7127. if (XMEMCMP(p2, buf, sizeof(p2)))
  7128. ERROR_OUT(-5514, out);
  7129. out:
  7130. if (aes_inited)
  7131. wc_AesXtsFree(aes);
  7132. #ifdef WOLFSSL_SMALL_STACK
  7133. if (aes)
  7134. XFREE(aes, HEAP_HINT, DYNAMIC_TYPE_AES);
  7135. #endif
  7136. return ret;
  7137. }
  7138. #endif /* WOLFSSL_AES_256 */
  7139. #if defined(WOLFSSL_AES_128) && defined(WOLFSSL_AES_256)
  7140. /* both 128 and 256 bit key test */
  7141. static int aes_xts_sector_test(void)
  7142. {
  7143. #ifdef WOLFSSL_SMALL_STACK
  7144. XtsAes *aes = NULL;
  7145. #else
  7146. XtsAes aes[1];
  7147. #endif
  7148. int aes_inited = 0;
  7149. int ret = 0;
  7150. unsigned char buf[AES_BLOCK_SIZE * 2];
  7151. /* 128 key tests */
  7152. WOLFSSL_SMALL_STACK_STATIC unsigned char k1[] = {
  7153. 0xa3, 0xe4, 0x0d, 0x5b, 0xd4, 0xb6, 0xbb, 0xed,
  7154. 0xb2, 0xd1, 0x8c, 0x70, 0x0a, 0xd2, 0xdb, 0x22,
  7155. 0x10, 0xc8, 0x11, 0x90, 0x64, 0x6d, 0x67, 0x3c,
  7156. 0xbc, 0xa5, 0x3f, 0x13, 0x3e, 0xab, 0x37, 0x3c
  7157. };
  7158. WOLFSSL_SMALL_STACK_STATIC unsigned char p1[] = {
  7159. 0x20, 0xe0, 0x71, 0x94, 0x05, 0x99, 0x3f, 0x09,
  7160. 0xa6, 0x6a, 0xe5, 0xbb, 0x50, 0x0e, 0x56, 0x2c
  7161. };
  7162. WOLFSSL_SMALL_STACK_STATIC unsigned char c1[] = {
  7163. 0x74, 0x62, 0x35, 0x51, 0x21, 0x02, 0x16, 0xac,
  7164. 0x92, 0x6b, 0x96, 0x50, 0xb6, 0xd3, 0xfa, 0x52
  7165. };
  7166. word64 s1 = 141;
  7167. /* 256 key tests */
  7168. WOLFSSL_SMALL_STACK_STATIC unsigned char k2[] = {
  7169. 0xef, 0x01, 0x0c, 0xa1, 0xa3, 0x66, 0x3e, 0x32,
  7170. 0x53, 0x43, 0x49, 0xbc, 0x0b, 0xae, 0x62, 0x23,
  7171. 0x2a, 0x15, 0x73, 0x34, 0x85, 0x68, 0xfb, 0x9e,
  7172. 0xf4, 0x17, 0x68, 0xa7, 0x67, 0x4f, 0x50, 0x7a,
  7173. 0x72, 0x7f, 0x98, 0x75, 0x53, 0x97, 0xd0, 0xe0,
  7174. 0xaa, 0x32, 0xf8, 0x30, 0x33, 0x8c, 0xc7, 0xa9,
  7175. 0x26, 0xc7, 0x73, 0xf0, 0x9e, 0x57, 0xb3, 0x57,
  7176. 0xcd, 0x15, 0x6a, 0xfb, 0xca, 0x46, 0xe1, 0xa0
  7177. };
  7178. WOLFSSL_SMALL_STACK_STATIC unsigned char p2[] = {
  7179. 0xed, 0x98, 0xe0, 0x17, 0x70, 0xa8, 0x53, 0xb4,
  7180. 0x9d, 0xb9, 0xe6, 0xaa, 0xf8, 0x8f, 0x0a, 0x41,
  7181. 0xb9, 0xb5, 0x6e, 0x91, 0xa5, 0xa2, 0xb1, 0x1d,
  7182. 0x40, 0x52, 0x92, 0x54, 0xf5, 0x52, 0x3e, 0x75
  7183. };
  7184. WOLFSSL_SMALL_STACK_STATIC unsigned char c2[] = {
  7185. 0xca, 0x20, 0xc5, 0x5e, 0x8d, 0xc1, 0x49, 0x68,
  7186. 0x7d, 0x25, 0x41, 0xde, 0x39, 0xc3, 0xdf, 0x63,
  7187. 0x00, 0xbb, 0x5a, 0x16, 0x3c, 0x10, 0xce, 0xd3,
  7188. 0x66, 0x6b, 0x13, 0x57, 0xdb, 0x8b, 0xd3, 0x9d
  7189. };
  7190. word64 s2 = 187;
  7191. #ifdef WOLFSSL_SMALL_STACK
  7192. if ((aes = (XtsAes *)XMALLOC(sizeof *aes, HEAP_HINT, DYNAMIC_TYPE_AES)) == NULL)
  7193. ERROR_OUT(-5612, out);
  7194. #endif
  7195. XMEMSET(buf, 0, sizeof(buf));
  7196. if (wc_AesXtsSetKey(aes, k1, sizeof(k1), AES_ENCRYPTION,
  7197. HEAP_HINT, devId) != 0)
  7198. ERROR_OUT(-5600, out);
  7199. else
  7200. aes_inited = 1;
  7201. ret = wc_AesXtsEncryptSector(aes, buf, p1, sizeof(p1), s1);
  7202. #if defined(WOLFSSL_ASYNC_CRYPT)
  7203. ret = wc_AsyncWait(ret, &aes->aes.asyncDev, WC_ASYNC_FLAG_NONE);
  7204. #endif
  7205. if (ret != 0)
  7206. ERROR_OUT(-5601, out);
  7207. if (XMEMCMP(c1, buf, AES_BLOCK_SIZE))
  7208. ERROR_OUT(-5602, out);
  7209. /* decrypt test */
  7210. XMEMSET(buf, 0, sizeof(buf));
  7211. if (wc_AesXtsSetKey(aes, k1, sizeof(k1), AES_DECRYPTION,
  7212. HEAP_HINT, devId) != 0)
  7213. ERROR_OUT(-5603, out);
  7214. ret = wc_AesXtsDecryptSector(aes, buf, c1, sizeof(c1), s1);
  7215. #if defined(WOLFSSL_ASYNC_CRYPT)
  7216. ret = wc_AsyncWait(ret, &aes->aes.asyncDev, WC_ASYNC_FLAG_NONE);
  7217. #endif
  7218. if (ret != 0)
  7219. ERROR_OUT(-5604, out);
  7220. if (XMEMCMP(p1, buf, AES_BLOCK_SIZE))
  7221. ERROR_OUT(-5605, out);
  7222. wc_AesXtsFree(aes);
  7223. /* 256 bit key tests */
  7224. XMEMSET(buf, 0, sizeof(buf));
  7225. if (wc_AesXtsSetKey(aes, k2, sizeof(k2), AES_ENCRYPTION,
  7226. HEAP_HINT, devId) != 0)
  7227. ERROR_OUT(-5606, out);
  7228. ret = wc_AesXtsEncryptSector(aes, buf, p2, sizeof(p2), s2);
  7229. #if defined(WOLFSSL_ASYNC_CRYPT)
  7230. ret = wc_AsyncWait(ret, &aes->aes.asyncDev, WC_ASYNC_FLAG_NONE);
  7231. #endif
  7232. if (ret != 0)
  7233. ERROR_OUT(-5607, out);
  7234. if (XMEMCMP(c2, buf, sizeof(c2)))
  7235. ERROR_OUT(-5608, out);
  7236. /* decrypt test */
  7237. XMEMSET(buf, 0, sizeof(buf));
  7238. if (wc_AesXtsSetKey(aes, k2, sizeof(k2), AES_DECRYPTION,
  7239. HEAP_HINT, devId) != 0)
  7240. ERROR_OUT(-5609, out);
  7241. ret = wc_AesXtsDecryptSector(aes, buf, c2, sizeof(c2), s2);
  7242. #if defined(WOLFSSL_ASYNC_CRYPT)
  7243. ret = wc_AsyncWait(ret, &aes->aes.asyncDev, WC_ASYNC_FLAG_NONE);
  7244. #endif
  7245. if (ret != 0)
  7246. ERROR_OUT(-5610, out);
  7247. if (XMEMCMP(p2, buf, sizeof(p2)))
  7248. ERROR_OUT(-5611, out);
  7249. out:
  7250. if (aes_inited)
  7251. wc_AesXtsFree(aes);
  7252. #ifdef WOLFSSL_SMALL_STACK
  7253. if (aes)
  7254. XFREE(aes, HEAP_HINT, DYNAMIC_TYPE_AES);
  7255. #endif
  7256. return ret;
  7257. }
  7258. #endif /* WOLFSSL_AES_128 && WOLFSSL_AES_256 */
  7259. #ifdef WOLFSSL_AES_128
  7260. /* testing of bad arguments */
  7261. static int aes_xts_args_test(void)
  7262. {
  7263. #ifdef WOLFSSL_SMALL_STACK
  7264. XtsAes *aes = NULL;
  7265. #else
  7266. XtsAes aes[1];
  7267. #endif
  7268. int aes_inited = 0;
  7269. int ret;
  7270. unsigned char buf[AES_BLOCK_SIZE * 2];
  7271. /* 128 key tests */
  7272. WOLFSSL_SMALL_STACK_STATIC unsigned char k1[] = {
  7273. 0xa3, 0xe4, 0x0d, 0x5b, 0xd4, 0xb6, 0xbb, 0xed,
  7274. 0xb2, 0xd1, 0x8c, 0x70, 0x0a, 0xd2, 0xdb, 0x22,
  7275. 0x10, 0xc8, 0x11, 0x90, 0x64, 0x6d, 0x67, 0x3c,
  7276. 0xbc, 0xa5, 0x3f, 0x13, 0x3e, 0xab, 0x37, 0x3c
  7277. };
  7278. WOLFSSL_SMALL_STACK_STATIC unsigned char p1[] = {
  7279. 0x20, 0xe0, 0x71, 0x94, 0x05, 0x99, 0x3f, 0x09,
  7280. 0xa6, 0x6a, 0xe5, 0xbb, 0x50, 0x0e, 0x56, 0x2c
  7281. };
  7282. WOLFSSL_SMALL_STACK_STATIC unsigned char c1[] = {
  7283. 0x74, 0x62, 0x35, 0x51, 0x21, 0x02, 0x16, 0xac,
  7284. 0x92, 0x6b, 0x96, 0x50, 0xb6, 0xd3, 0xfa, 0x52
  7285. };
  7286. word64 s1 = 141;
  7287. #ifdef WOLFSSL_SMALL_STACK
  7288. if ((aes = (XtsAes *)XMALLOC(sizeof *aes, HEAP_HINT, DYNAMIC_TYPE_AES)) == NULL)
  7289. ERROR_OUT(-5708, out);
  7290. #endif
  7291. if (wc_AesXtsSetKey(NULL, k1, sizeof(k1), AES_ENCRYPTION,
  7292. HEAP_HINT, devId) == 0)
  7293. ERROR_OUT(-5700, out);
  7294. if (wc_AesXtsSetKey(aes, NULL, sizeof(k1), AES_ENCRYPTION,
  7295. HEAP_HINT, devId) == 0)
  7296. ERROR_OUT(-5701, out);
  7297. /* encryption operations */
  7298. if (wc_AesXtsSetKey(aes, k1, sizeof(k1), AES_ENCRYPTION,
  7299. HEAP_HINT, devId) != 0)
  7300. ERROR_OUT(-5702, out);
  7301. else
  7302. aes_inited = 1;
  7303. ret = wc_AesXtsEncryptSector(NULL, buf, p1, sizeof(p1), s1);
  7304. #if defined(WOLFSSL_ASYNC_CRYPT)
  7305. ret = wc_AsyncWait(ret, &aes->aes.asyncDev, WC_ASYNC_FLAG_NONE);
  7306. #endif
  7307. if (ret == 0)
  7308. ERROR_OUT(-5703, out);
  7309. ret = wc_AesXtsEncryptSector(aes, NULL, p1, sizeof(p1), s1);
  7310. #if defined(WOLFSSL_ASYNC_CRYPT)
  7311. ret = wc_AsyncWait(ret, &aes->aes.asyncDev, WC_ASYNC_FLAG_NONE);
  7312. #endif
  7313. if (ret == 0)
  7314. ERROR_OUT(-5704, out);
  7315. wc_AesXtsFree(aes);
  7316. /* decryption operations */
  7317. if (wc_AesXtsSetKey(aes, k1, sizeof(k1), AES_DECRYPTION,
  7318. HEAP_HINT, devId) != 0)
  7319. ERROR_OUT(-5705, out);
  7320. ret = wc_AesXtsDecryptSector(NULL, buf, c1, sizeof(c1), s1);
  7321. #if defined(WOLFSSL_ASYNC_CRYPT)
  7322. ret = wc_AsyncWait(ret, &aes->aes.asyncDev, WC_ASYNC_FLAG_NONE);
  7323. #endif
  7324. if (ret == 0)
  7325. ERROR_OUT(-5706, out);
  7326. ret = wc_AesXtsDecryptSector(aes, NULL, c1, sizeof(c1), s1);
  7327. #if defined(WOLFSSL_ASYNC_CRYPT)
  7328. ret = wc_AsyncWait(ret, &aes->aes.asyncDev, WC_ASYNC_FLAG_NONE);
  7329. #endif
  7330. if (ret == 0)
  7331. ERROR_OUT(-5707, out);
  7332. ret = 0;
  7333. out:
  7334. if (aes_inited)
  7335. wc_AesXtsFree(aes);
  7336. #ifdef WOLFSSL_SMALL_STACK
  7337. if (aes)
  7338. XFREE(aes, HEAP_HINT, DYNAMIC_TYPE_AES);
  7339. #endif
  7340. return ret;
  7341. }
  7342. #endif /* WOLFSSL_AES_128 */
  7343. #endif /* WOLFSSL_AES_XTS */
  7344. #if defined(HAVE_AES_CBC) && defined(WOLFSSL_AES_128)
  7345. static int aes_cbc_test(void)
  7346. {
  7347. byte cipher[AES_BLOCK_SIZE];
  7348. byte plain[AES_BLOCK_SIZE];
  7349. int ret;
  7350. WOLFSSL_SMALL_STACK_STATIC const byte msg[] = { /* "Now is the time for all " w/o trailing 0 */
  7351. 0x6e,0x6f,0x77,0x20,0x69,0x73,0x20,0x74,
  7352. 0x68,0x65,0x20,0x74,0x69,0x6d,0x65,0x20,
  7353. 0x66,0x6f,0x72,0x20,0x61,0x6c,0x6c,0x20
  7354. };
  7355. byte key[] = "0123456789abcdef "; /* align */
  7356. byte iv[] = "1234567890abcdef "; /* align */
  7357. XMEMSET(cipher, 0, AES_BLOCK_SIZE);
  7358. XMEMSET(plain, 0, AES_BLOCK_SIZE);
  7359. /* Parameter Validation testing. */
  7360. ret = wc_AesCbcEncryptWithKey(cipher, msg, AES_BLOCK_SIZE, key, 17, NULL);
  7361. if (ret != BAD_FUNC_ARG)
  7362. return -5800;
  7363. #ifdef HAVE_AES_DECRYPT
  7364. ret = wc_AesCbcDecryptWithKey(plain, cipher, AES_BLOCK_SIZE, key, 17, NULL);
  7365. if (ret != BAD_FUNC_ARG)
  7366. return -5801;
  7367. #endif
  7368. ret = wc_AesCbcEncryptWithKey(cipher, msg, AES_BLOCK_SIZE, key,
  7369. AES_BLOCK_SIZE, iv);
  7370. if (ret != 0)
  7371. return -5802;
  7372. #ifdef HAVE_AES_DECRYPT
  7373. ret = wc_AesCbcDecryptWithKey(plain, cipher, AES_BLOCK_SIZE, key,
  7374. AES_BLOCK_SIZE, iv);
  7375. if (ret != 0)
  7376. return -5803;
  7377. if (XMEMCMP(plain, msg, AES_BLOCK_SIZE) != 0)
  7378. return -5804;
  7379. #endif /* HAVE_AES_DECRYPT */
  7380. (void)plain;
  7381. return 0;
  7382. }
  7383. #endif
  7384. WOLFSSL_TEST_SUBROUTINE int aes_test(void)
  7385. {
  7386. #if defined(HAVE_AES_CBC) || defined(WOLFSSL_AES_COUNTER) || defined(WOLFSSL_AES_DIRECT)
  7387. #ifdef WOLFSSL_SMALL_STACK
  7388. Aes *enc = (Aes *)XMALLOC(sizeof *enc, HEAP_HINT, DYNAMIC_TYPE_AES);
  7389. #else
  7390. Aes enc[1];
  7391. #endif
  7392. byte cipher[AES_BLOCK_SIZE * 4];
  7393. #if defined(HAVE_AES_DECRYPT) || defined(WOLFSSL_AES_COUNTER) || defined(WOLFSSL_AES_DIRECT)
  7394. #ifdef WOLFSSL_SMALL_STACK
  7395. Aes *dec = (Aes *)XMALLOC(sizeof *dec, HEAP_HINT, DYNAMIC_TYPE_AES);
  7396. #else
  7397. Aes dec[1];
  7398. #endif
  7399. byte plain [AES_BLOCK_SIZE * 4];
  7400. #endif
  7401. #endif /* HAVE_AES_CBC || WOLFSSL_AES_COUNTER */
  7402. int ret = 0;
  7403. #ifdef HAVE_AES_CBC
  7404. #ifdef WOLFSSL_AES_128
  7405. WOLFSSL_SMALL_STACK_STATIC const byte msg[] = { /* "Now is the time for all " w/o trailing 0 */
  7406. 0x6e,0x6f,0x77,0x20,0x69,0x73,0x20,0x74,
  7407. 0x68,0x65,0x20,0x74,0x69,0x6d,0x65,0x20,
  7408. 0x66,0x6f,0x72,0x20,0x61,0x6c,0x6c,0x20
  7409. };
  7410. WOLFSSL_SMALL_STACK_STATIC const byte verify[] =
  7411. {
  7412. 0x95,0x94,0x92,0x57,0x5f,0x42,0x81,0x53,
  7413. 0x2c,0xcc,0x9d,0x46,0x77,0xa2,0x33,0xcb
  7414. };
  7415. WOLFSSL_SMALL_STACK_STATIC const byte key[] = "0123456789abcdef "; /* align */
  7416. WOLFSSL_SMALL_STACK_STATIC const byte iv[] = "1234567890abcdef "; /* align */
  7417. #ifdef WOLFSSL_SMALL_STACK
  7418. #if defined(HAVE_AES_CBC) || defined(WOLFSSL_AES_COUNTER) || defined(WOLFSSL_AES_DIRECT)
  7419. if (enc == NULL)
  7420. ERROR_OUT(-5948, out);
  7421. #endif
  7422. #if defined(HAVE_AES_DECRYPT) || defined(WOLFSSL_AES_COUNTER) || defined(WOLFSSL_AES_DIRECT)
  7423. if (dec == NULL)
  7424. ERROR_OUT(-5949, out);
  7425. #endif
  7426. #endif
  7427. if (wc_AesInit(enc, HEAP_HINT, devId) != 0)
  7428. ERROR_OUT(-5900, out); /* note this error code is used programmatically in cleanup. */
  7429. #if defined(HAVE_AES_DECRYPT) || defined(WOLFSSL_AES_COUNTER)
  7430. if (wc_AesInit(dec, HEAP_HINT, devId) != 0)
  7431. ERROR_OUT(-5901, out); /* note this error code is used programmatically in cleanup. */
  7432. #endif
  7433. ret = wc_AesSetKey(enc, key, AES_BLOCK_SIZE, iv, AES_ENCRYPTION);
  7434. if (ret != 0)
  7435. ERROR_OUT(-5902, out);
  7436. #if defined(HAVE_AES_DECRYPT) || defined(WOLFSSL_AES_COUNTER)
  7437. ret = wc_AesSetKey(dec, key, AES_BLOCK_SIZE, iv, AES_DECRYPTION);
  7438. if (ret != 0)
  7439. ERROR_OUT(-5903, out);
  7440. #endif
  7441. XMEMSET(cipher, 0, AES_BLOCK_SIZE * 4);
  7442. ret = wc_AesCbcEncrypt(enc, cipher, msg, AES_BLOCK_SIZE);
  7443. #if defined(WOLFSSL_ASYNC_CRYPT)
  7444. ret = wc_AsyncWait(ret, &enc->asyncDev, WC_ASYNC_FLAG_NONE);
  7445. #endif
  7446. if (ret != 0)
  7447. ERROR_OUT(-5904, out);
  7448. #ifdef HAVE_AES_DECRYPT
  7449. XMEMSET(plain, 0, AES_BLOCK_SIZE * 4);
  7450. ret = wc_AesCbcDecrypt(dec, plain, cipher, AES_BLOCK_SIZE);
  7451. #if defined(WOLFSSL_ASYNC_CRYPT)
  7452. ret = wc_AsyncWait(ret, &dec->asyncDev, WC_ASYNC_FLAG_NONE);
  7453. #endif
  7454. if (ret != 0)
  7455. ERROR_OUT(-5905, out);
  7456. if (XMEMCMP(plain, msg, AES_BLOCK_SIZE))
  7457. ERROR_OUT(-5906, out);
  7458. #endif /* HAVE_AES_DECRYPT */
  7459. if (XMEMCMP(cipher, verify, AES_BLOCK_SIZE))
  7460. ERROR_OUT(-5907, out);
  7461. #endif /* WOLFSSL_AES_128 */
  7462. #if defined(WOLFSSL_AESNI) && defined(HAVE_AES_DECRYPT)
  7463. {
  7464. WOLFSSL_SMALL_STACK_STATIC const byte bigMsg[] = {
  7465. /* "All work and no play makes Jack a dull boy. " */
  7466. 0x41,0x6c,0x6c,0x20,0x77,0x6f,0x72,0x6b,
  7467. 0x20,0x61,0x6e,0x64,0x20,0x6e,0x6f,0x20,
  7468. 0x70,0x6c,0x61,0x79,0x20,0x6d,0x61,0x6b,
  7469. 0x65,0x73,0x20,0x4a,0x61,0x63,0x6b,0x20,
  7470. 0x61,0x20,0x64,0x75,0x6c,0x6c,0x20,0x62,
  7471. 0x6f,0x79,0x2e,0x20,0x41,0x6c,0x6c,0x20,
  7472. 0x77,0x6f,0x72,0x6b,0x20,0x61,0x6e,0x64,
  7473. 0x20,0x6e,0x6f,0x20,0x70,0x6c,0x61,0x79,
  7474. 0x20,0x6d,0x61,0x6b,0x65,0x73,0x20,0x4a,
  7475. 0x61,0x63,0x6b,0x20,0x61,0x20,0x64,0x75,
  7476. 0x6c,0x6c,0x20,0x62,0x6f,0x79,0x2e,0x20,
  7477. 0x41,0x6c,0x6c,0x20,0x77,0x6f,0x72,0x6b,
  7478. 0x20,0x61,0x6e,0x64,0x20,0x6e,0x6f,0x20,
  7479. 0x70,0x6c,0x61,0x79,0x20,0x6d,0x61,0x6b,
  7480. 0x65,0x73,0x20,0x4a,0x61,0x63,0x6b,0x20,
  7481. 0x61,0x20,0x64,0x75,0x6c,0x6c,0x20,0x62,
  7482. 0x6f,0x79,0x2e,0x20,0x41,0x6c,0x6c,0x20,
  7483. 0x77,0x6f,0x72,0x6b,0x20,0x61,0x6e,0x64,
  7484. 0x20,0x6e,0x6f,0x20,0x70,0x6c,0x61,0x79,
  7485. 0x20,0x6d,0x61,0x6b,0x65,0x73,0x20,0x4a,
  7486. 0x61,0x63,0x6b,0x20,0x61,0x20,0x64,0x75,
  7487. 0x6c,0x6c,0x20,0x62,0x6f,0x79,0x2e,0x20,
  7488. 0x41,0x6c,0x6c,0x20,0x77,0x6f,0x72,0x6b,
  7489. 0x20,0x61,0x6e,0x64,0x20,0x6e,0x6f,0x20,
  7490. 0x70,0x6c,0x61,0x79,0x20,0x6d,0x61,0x6b,
  7491. 0x65,0x73,0x20,0x4a,0x61,0x63,0x6b,0x20,
  7492. 0x61,0x20,0x64,0x75,0x6c,0x6c,0x20,0x62,
  7493. 0x6f,0x79,0x2e,0x20,0x41,0x6c,0x6c,0x20,
  7494. 0x77,0x6f,0x72,0x6b,0x20,0x61,0x6e,0x64,
  7495. 0x20,0x6e,0x6f,0x20,0x70,0x6c,0x61,0x79,
  7496. 0x20,0x6d,0x61,0x6b,0x65,0x73,0x20,0x4a,
  7497. 0x61,0x63,0x6b,0x20,0x61,0x20,0x64,0x75,
  7498. 0x6c,0x6c,0x20,0x62,0x6f,0x79,0x2e,0x20,
  7499. 0x41,0x6c,0x6c,0x20,0x77,0x6f,0x72,0x6b,
  7500. 0x20,0x61,0x6e,0x64,0x20,0x6e,0x6f,0x20,
  7501. 0x70,0x6c,0x61,0x79,0x20,0x6d,0x61,0x6b,
  7502. 0x65,0x73,0x20,0x4a,0x61,0x63,0x6b,0x20,
  7503. 0x61,0x20,0x64,0x75,0x6c,0x6c,0x20,0x62,
  7504. 0x6f,0x79,0x2e,0x20,0x41,0x6c,0x6c,0x20,
  7505. 0x77,0x6f,0x72,0x6b,0x20,0x61,0x6e,0x64,
  7506. 0x20,0x6e,0x6f,0x20,0x70,0x6c,0x61,0x79,
  7507. 0x20,0x6d,0x61,0x6b,0x65,0x73,0x20,0x4a,
  7508. 0x61,0x63,0x6b,0x20,0x61,0x20,0x64,0x75,
  7509. 0x6c,0x6c,0x20,0x62,0x6f,0x79,0x2e,0x20,
  7510. 0x41,0x6c,0x6c,0x20,0x77,0x6f,0x72,0x6b,
  7511. 0x20,0x61,0x6e,0x64,0x20,0x6e,0x6f,0x20,
  7512. 0x70,0x6c,0x61,0x79,0x20,0x6d,0x61,0x6b,
  7513. 0x65,0x73,0x20,0x4a,0x61,0x63,0x6b,0x20
  7514. };
  7515. WOLFSSL_SMALL_STACK_STATIC const byte bigKey[] = "0123456789abcdeffedcba9876543210";
  7516. word32 keySz, msgSz;
  7517. #ifdef WOLFSSL_SMALL_STACK
  7518. byte *bigCipher = (byte *)XMALLOC(sizeof(bigMsg), HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  7519. byte *bigPlain = (byte *)XMALLOC(sizeof(bigMsg), HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  7520. if ((bigCipher == NULL) ||
  7521. (bigPlain == NULL)) {
  7522. if (bigCipher != NULL)
  7523. XFREE(bigCipher, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  7524. ERROR_OUT(-5947, out);
  7525. }
  7526. #else
  7527. byte bigCipher[sizeof(bigMsg)];
  7528. byte bigPlain[sizeof(bigMsg)];
  7529. #endif
  7530. /* Iterate from one AES_BLOCK_SIZE of bigMsg through the whole
  7531. * message by AES_BLOCK_SIZE for each size of AES key. */
  7532. for (keySz = 16; keySz <= 32; keySz += 8) {
  7533. for (msgSz = AES_BLOCK_SIZE;
  7534. msgSz <= sizeof(bigMsg);
  7535. msgSz += AES_BLOCK_SIZE) {
  7536. XMEMSET(bigCipher, 0, sizeof(bigMsg));
  7537. XMEMSET(bigPlain, 0, sizeof(bigMsg));
  7538. ret = wc_AesSetKey(enc, bigKey, keySz, iv, AES_ENCRYPTION);
  7539. if (ret != 0) {
  7540. ret = -5908;
  7541. break;
  7542. }
  7543. ret = wc_AesSetKey(dec, bigKey, keySz, iv, AES_DECRYPTION);
  7544. if (ret != 0) {
  7545. ret = -5909;
  7546. break;
  7547. }
  7548. ret = wc_AesCbcEncrypt(enc, bigCipher, bigMsg, msgSz);
  7549. #if defined(WOLFSSL_ASYNC_CRYPT)
  7550. ret = wc_AsyncWait(ret, &enc->asyncDev, WC_ASYNC_FLAG_NONE);
  7551. #endif
  7552. if (ret != 0) {
  7553. ret = -5910;
  7554. break;
  7555. }
  7556. ret = wc_AesCbcDecrypt(dec, bigPlain, bigCipher, msgSz);
  7557. #if defined(WOLFSSL_ASYNC_CRYPT)
  7558. ret = wc_AsyncWait(ret, &dec->asyncDev, WC_ASYNC_FLAG_NONE);
  7559. #endif
  7560. if (ret != 0) {
  7561. ret = -5911;
  7562. break;
  7563. }
  7564. if (XMEMCMP(bigPlain, bigMsg, msgSz)) {
  7565. ret = -5912;
  7566. break;
  7567. }
  7568. }
  7569. if (ret != 0)
  7570. break;
  7571. }
  7572. #ifdef WOLFSSL_SMALL_STACK
  7573. XFREE(bigCipher, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  7574. XFREE(bigPlain, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  7575. #endif
  7576. if (ret != 0)
  7577. goto out;
  7578. }
  7579. #endif /* WOLFSSL_AESNI && HAVE_AES_DECRYPT */
  7580. /* Test of AES IV state with encrypt/decrypt */
  7581. #ifdef WOLFSSL_AES_128
  7582. {
  7583. /* Test Vector from "NIST Special Publication 800-38A, 2001 Edition"
  7584. * https://nvlpubs.nist.gov/nistpubs/legacy/sp/nistspecialpublication800-38a.pdf
  7585. */
  7586. WOLFSSL_SMALL_STACK_STATIC const byte msg2[] =
  7587. {
  7588. 0x6b, 0xc1, 0xbe, 0xe2, 0x2e, 0x40, 0x9f, 0x96,
  7589. 0xe9, 0x3d, 0x7e, 0x11, 0x73, 0x93, 0x17, 0x2a,
  7590. 0xae, 0x2d, 0x8a, 0x57, 0x1e, 0x03, 0xac, 0x9c,
  7591. 0x9e, 0xb7, 0x6f, 0xac, 0x45, 0xaf, 0x8e, 0x51
  7592. };
  7593. WOLFSSL_SMALL_STACK_STATIC const byte verify2[] =
  7594. {
  7595. 0x76, 0x49, 0xab, 0xac, 0x81, 0x19, 0xb2, 0x46,
  7596. 0xce, 0xe9, 0x8e, 0x9b, 0x12, 0xe9, 0x19, 0x7d,
  7597. 0x50, 0x86, 0xcb, 0x9b, 0x50, 0x72, 0x19, 0xee,
  7598. 0x95, 0xdb, 0x11, 0x3a, 0x91, 0x76, 0x78, 0xb2
  7599. };
  7600. WOLFSSL_SMALL_STACK_STATIC const byte key2[] = {
  7601. 0x2b, 0x7e, 0x15, 0x16, 0x28, 0xae, 0xd2, 0xa6,
  7602. 0xab, 0xf7, 0x15, 0x88, 0x09, 0xcf, 0x4f, 0x3c
  7603. };
  7604. WOLFSSL_SMALL_STACK_STATIC const byte iv2[] = {
  7605. 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
  7606. 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f
  7607. };
  7608. ret = wc_AesSetKey(enc, key2, sizeof(key2), iv2, AES_ENCRYPTION);
  7609. if (ret != 0)
  7610. ERROR_OUT(-5913, out);
  7611. XMEMSET(cipher, 0, AES_BLOCK_SIZE * 2);
  7612. ret = wc_AesCbcEncrypt(enc, cipher, msg2, AES_BLOCK_SIZE);
  7613. #if defined(WOLFSSL_ASYNC_CRYPT)
  7614. ret = wc_AsyncWait(ret, &enc->asyncDev, WC_ASYNC_FLAG_NONE);
  7615. #endif
  7616. if (ret != 0)
  7617. ERROR_OUT(-5914, out);
  7618. if (XMEMCMP(cipher, verify2, AES_BLOCK_SIZE))
  7619. ERROR_OUT(-5915, out);
  7620. ret = wc_AesCbcEncrypt(enc, cipher + AES_BLOCK_SIZE,
  7621. msg2 + AES_BLOCK_SIZE, AES_BLOCK_SIZE);
  7622. #if defined(WOLFSSL_ASYNC_CRYPT)
  7623. ret = wc_AsyncWait(ret, &enc->asyncDev, WC_ASYNC_FLAG_NONE);
  7624. #endif
  7625. if (ret != 0)
  7626. ERROR_OUT(-5916, out);
  7627. if (XMEMCMP(cipher + AES_BLOCK_SIZE, verify2 + AES_BLOCK_SIZE,
  7628. AES_BLOCK_SIZE))
  7629. ERROR_OUT(-5917, out);
  7630. #if defined(HAVE_AES_DECRYPT)
  7631. ret = wc_AesSetKey(dec, key2, sizeof(key2), iv2, AES_DECRYPTION);
  7632. if (ret != 0)
  7633. ERROR_OUT(-5918, out);
  7634. XMEMSET(plain, 0, AES_BLOCK_SIZE * 2);
  7635. ret = wc_AesCbcDecrypt(dec, plain, verify2, AES_BLOCK_SIZE);
  7636. #if defined(WOLFSSL_ASYNC_CRYPT)
  7637. ret = wc_AsyncWait(ret, &dec->asyncDev, WC_ASYNC_FLAG_NONE);
  7638. #endif
  7639. if (ret != 0)
  7640. ERROR_OUT(-5919, out);
  7641. if (XMEMCMP(plain, msg2, AES_BLOCK_SIZE))
  7642. ERROR_OUT(-5920, out);
  7643. ret = wc_AesCbcDecrypt(dec, plain + AES_BLOCK_SIZE,
  7644. verify2 + AES_BLOCK_SIZE, AES_BLOCK_SIZE);
  7645. #if defined(WOLFSSL_ASYNC_CRYPT)
  7646. ret = wc_AsyncWait(ret, &dec->asyncDev, WC_ASYNC_FLAG_NONE);
  7647. #endif
  7648. if (ret != 0)
  7649. ERROR_OUT(-5921, out);
  7650. if (XMEMCMP(plain + AES_BLOCK_SIZE, msg2 + AES_BLOCK_SIZE,
  7651. AES_BLOCK_SIZE))
  7652. ERROR_OUT(-5922, out);
  7653. #endif /* HAVE_AES_DECRYPT */
  7654. }
  7655. #endif /* WOLFSSL_AES_128 */
  7656. #endif /* HAVE_AES_CBC */
  7657. #ifdef WOLFSSL_AES_COUNTER
  7658. {
  7659. /* test vectors from "Recommendation for Block Cipher Modes of
  7660. * Operation" NIST Special Publication 800-38A */
  7661. WOLFSSL_SMALL_STACK_STATIC const byte ctrIv[] =
  7662. {
  7663. 0xf0,0xf1,0xf2,0xf3,0xf4,0xf5,0xf6,0xf7,
  7664. 0xf8,0xf9,0xfa,0xfb,0xfc,0xfd,0xfe,0xff
  7665. };
  7666. WOLFSSL_SMALL_STACK_STATIC const byte ctrPlain[] =
  7667. {
  7668. 0x6b,0xc1,0xbe,0xe2,0x2e,0x40,0x9f,0x96,
  7669. 0xe9,0x3d,0x7e,0x11,0x73,0x93,0x17,0x2a,
  7670. 0xae,0x2d,0x8a,0x57,0x1e,0x03,0xac,0x9c,
  7671. 0x9e,0xb7,0x6f,0xac,0x45,0xaf,0x8e,0x51,
  7672. 0x30,0xc8,0x1c,0x46,0xa3,0x5c,0xe4,0x11,
  7673. 0xe5,0xfb,0xc1,0x19,0x1a,0x0a,0x52,0xef,
  7674. 0xf6,0x9f,0x24,0x45,0xdf,0x4f,0x9b,0x17,
  7675. 0xad,0x2b,0x41,0x7b,0xe6,0x6c,0x37,0x10
  7676. };
  7677. #ifdef WOLFSSL_AES_128
  7678. WOLFSSL_SMALL_STACK_STATIC const byte oddCipher[] =
  7679. {
  7680. 0xb9,0xd7,0xcb,0x08,0xb0,0xe1,0x7b,0xa0,
  7681. 0xc2
  7682. };
  7683. WOLFSSL_SMALL_STACK_STATIC const byte ctr128Key[] =
  7684. {
  7685. 0x2b,0x7e,0x15,0x16,0x28,0xae,0xd2,0xa6,
  7686. 0xab,0xf7,0x15,0x88,0x09,0xcf,0x4f,0x3c
  7687. };
  7688. WOLFSSL_SMALL_STACK_STATIC const byte ctr128Cipher[] =
  7689. {
  7690. 0x87,0x4d,0x61,0x91,0xb6,0x20,0xe3,0x26,
  7691. 0x1b,0xef,0x68,0x64,0x99,0x0d,0xb6,0xce,
  7692. 0x98,0x06,0xf6,0x6b,0x79,0x70,0xfd,0xff,
  7693. 0x86,0x17,0x18,0x7b,0xb9,0xff,0xfd,0xff,
  7694. 0x5a,0xe4,0xdf,0x3e,0xdb,0xd5,0xd3,0x5e,
  7695. 0x5b,0x4f,0x09,0x02,0x0d,0xb0,0x3e,0xab,
  7696. 0x1e,0x03,0x1d,0xda,0x2f,0xbe,0x03,0xd1,
  7697. 0x79,0x21,0x70,0xa0,0xf3,0x00,0x9c,0xee
  7698. };
  7699. #endif /* WOLFSSL_AES_128 */
  7700. #ifdef WOLFSSL_AES_192
  7701. WOLFSSL_SMALL_STACK_STATIC const byte ctr192Key[] =
  7702. {
  7703. 0x8e,0x73,0xb0,0xf7,0xda,0x0e,0x64,0x52,
  7704. 0xc8,0x10,0xf3,0x2b,0x80,0x90,0x79,0xe5,
  7705. 0x62,0xf8,0xea,0xd2,0x52,0x2c,0x6b,0x7b
  7706. };
  7707. WOLFSSL_SMALL_STACK_STATIC const byte ctr192Cipher[] =
  7708. {
  7709. 0x1a,0xbc,0x93,0x24,0x17,0x52,0x1c,0xa2,
  7710. 0x4f,0x2b,0x04,0x59,0xfe,0x7e,0x6e,0x0b,
  7711. 0x09,0x03,0x39,0xec,0x0a,0xa6,0xfa,0xef,
  7712. 0xd5,0xcc,0xc2,0xc6,0xf4,0xce,0x8e,0x94,
  7713. 0x1e,0x36,0xb2,0x6b,0xd1,0xeb,0xc6,0x70,
  7714. 0xd1,0xbd,0x1d,0x66,0x56,0x20,0xab,0xf7,
  7715. 0x4f,0x78,0xa7,0xf6,0xd2,0x98,0x09,0x58,
  7716. 0x5a,0x97,0xda,0xec,0x58,0xc6,0xb0,0x50
  7717. };
  7718. #endif
  7719. #ifdef WOLFSSL_AES_256
  7720. WOLFSSL_SMALL_STACK_STATIC const byte ctr256Key[] =
  7721. {
  7722. 0x60,0x3d,0xeb,0x10,0x15,0xca,0x71,0xbe,
  7723. 0x2b,0x73,0xae,0xf0,0x85,0x7d,0x77,0x81,
  7724. 0x1f,0x35,0x2c,0x07,0x3b,0x61,0x08,0xd7,
  7725. 0x2d,0x98,0x10,0xa3,0x09,0x14,0xdf,0xf4
  7726. };
  7727. WOLFSSL_SMALL_STACK_STATIC const byte ctr256Cipher[] =
  7728. {
  7729. 0x60,0x1e,0xc3,0x13,0x77,0x57,0x89,0xa5,
  7730. 0xb7,0xa7,0xf5,0x04,0xbb,0xf3,0xd2,0x28,
  7731. 0xf4,0x43,0xe3,0xca,0x4d,0x62,0xb5,0x9a,
  7732. 0xca,0x84,0xe9,0x90,0xca,0xca,0xf5,0xc5,
  7733. 0x2b,0x09,0x30,0xda,0xa2,0x3d,0xe9,0x4c,
  7734. 0xe8,0x70,0x17,0xba,0x2d,0x84,0x98,0x8d,
  7735. 0xdf,0xc9,0xc5,0x8d,0xb6,0x7a,0xad,0xa6,
  7736. 0x13,0xc2,0xdd,0x08,0x45,0x79,0x41,0xa6
  7737. };
  7738. #endif
  7739. #ifdef WOLFSSL_AES_128
  7740. wc_AesSetKeyDirect(enc, ctr128Key, sizeof(ctr128Key),
  7741. ctrIv, AES_ENCRYPTION);
  7742. /* Ctr only uses encrypt, even on key setup */
  7743. wc_AesSetKeyDirect(dec, ctr128Key, sizeof(ctr128Key),
  7744. ctrIv, AES_ENCRYPTION);
  7745. ret = wc_AesCtrEncrypt(enc, cipher, ctrPlain, sizeof(ctrPlain));
  7746. if (ret != 0) {
  7747. ERROR_OUT(-5923, out);
  7748. }
  7749. ret = wc_AesCtrEncrypt(dec, plain, cipher, sizeof(ctrPlain));
  7750. if (ret != 0) {
  7751. ERROR_OUT(-5924, out);
  7752. }
  7753. if (XMEMCMP(plain, ctrPlain, sizeof(ctrPlain)))
  7754. ERROR_OUT(-5925, out);
  7755. if (XMEMCMP(cipher, ctr128Cipher, sizeof(ctr128Cipher)))
  7756. ERROR_OUT(-5926, out);
  7757. /* let's try with just 9 bytes, non block size test */
  7758. wc_AesSetKeyDirect(enc, ctr128Key, AES_BLOCK_SIZE,
  7759. ctrIv, AES_ENCRYPTION);
  7760. /* Ctr only uses encrypt, even on key setup */
  7761. wc_AesSetKeyDirect(dec, ctr128Key, AES_BLOCK_SIZE,
  7762. ctrIv, AES_ENCRYPTION);
  7763. ret = wc_AesCtrEncrypt(enc, cipher, ctrPlain, sizeof(oddCipher));
  7764. if (ret != 0) {
  7765. ERROR_OUT(-5927, out);
  7766. }
  7767. ret = wc_AesCtrEncrypt(dec, plain, cipher, sizeof(oddCipher));
  7768. if (ret != 0) {
  7769. ERROR_OUT(-5928, out);
  7770. }
  7771. if (XMEMCMP(plain, ctrPlain, sizeof(oddCipher)))
  7772. ERROR_OUT(-5929, out);
  7773. if (XMEMCMP(cipher, ctr128Cipher, sizeof(oddCipher)))
  7774. ERROR_OUT(-5930, out);
  7775. /* and an additional 9 bytes to reuse tmp left buffer */
  7776. ret = wc_AesCtrEncrypt(enc, cipher, ctrPlain, sizeof(oddCipher));
  7777. if (ret != 0) {
  7778. ERROR_OUT(-5931, out);
  7779. }
  7780. ret = wc_AesCtrEncrypt(dec, plain, cipher, sizeof(oddCipher));
  7781. if (ret != 0) {
  7782. ERROR_OUT(-5932, out);
  7783. }
  7784. if (XMEMCMP(plain, ctrPlain, sizeof(oddCipher)))
  7785. ERROR_OUT(-5933, out);
  7786. if (XMEMCMP(cipher, oddCipher, sizeof(oddCipher)))
  7787. ERROR_OUT(-5934, out);
  7788. #endif /* WOLFSSL_AES_128 */
  7789. #ifdef WOLFSSL_AES_192
  7790. /* 192 bit key */
  7791. wc_AesSetKeyDirect(enc, ctr192Key, sizeof(ctr192Key),
  7792. ctrIv, AES_ENCRYPTION);
  7793. /* Ctr only uses encrypt, even on key setup */
  7794. wc_AesSetKeyDirect(dec, ctr192Key, sizeof(ctr192Key),
  7795. ctrIv, AES_ENCRYPTION);
  7796. XMEMSET(plain, 0, sizeof(plain));
  7797. ret = wc_AesCtrEncrypt(enc, plain, ctr192Cipher, sizeof(ctr192Cipher));
  7798. if (ret != 0) {
  7799. ERROR_OUT(-5935, out);
  7800. }
  7801. if (XMEMCMP(plain, ctrPlain, sizeof(ctr192Cipher)))
  7802. ERROR_OUT(-5936, out);
  7803. ret = wc_AesCtrEncrypt(dec, cipher, ctrPlain, sizeof(ctrPlain));
  7804. if (ret != 0) {
  7805. ERROR_OUT(-5937, out);
  7806. }
  7807. if (XMEMCMP(ctr192Cipher, cipher, sizeof(ctr192Cipher)))
  7808. ERROR_OUT(-5938, out);
  7809. #endif /* WOLFSSL_AES_192 */
  7810. #ifdef WOLFSSL_AES_256
  7811. /* 256 bit key */
  7812. wc_AesSetKeyDirect(enc, ctr256Key, sizeof(ctr256Key),
  7813. ctrIv, AES_ENCRYPTION);
  7814. /* Ctr only uses encrypt, even on key setup */
  7815. wc_AesSetKeyDirect(dec, ctr256Key, sizeof(ctr256Key),
  7816. ctrIv, AES_ENCRYPTION);
  7817. XMEMSET(plain, 0, sizeof(plain));
  7818. ret = wc_AesCtrEncrypt(enc, plain, ctr256Cipher, sizeof(ctr256Cipher));
  7819. if (ret != 0) {
  7820. ERROR_OUT(-5939, out);
  7821. }
  7822. if (XMEMCMP(plain, ctrPlain, sizeof(ctrPlain)))
  7823. ERROR_OUT(-5940, out);
  7824. ret = wc_AesCtrEncrypt(dec, cipher, ctrPlain, sizeof(ctrPlain));
  7825. if (ret != 0) {
  7826. ERROR_OUT(-5941, out);
  7827. }
  7828. if (XMEMCMP(ctr256Cipher, cipher, sizeof(ctr256Cipher)))
  7829. ERROR_OUT(-5942, out);
  7830. #endif /* WOLFSSL_AES_256 */
  7831. }
  7832. #endif /* WOLFSSL_AES_COUNTER */
  7833. #if defined(WOLFSSL_AES_DIRECT) && defined(WOLFSSL_AES_256)
  7834. {
  7835. WOLFSSL_SMALL_STACK_STATIC const byte niPlain[] =
  7836. {
  7837. 0x6b,0xc1,0xbe,0xe2,0x2e,0x40,0x9f,0x96,
  7838. 0xe9,0x3d,0x7e,0x11,0x73,0x93,0x17,0x2a
  7839. };
  7840. WOLFSSL_SMALL_STACK_STATIC const byte niCipher[] =
  7841. {
  7842. 0xf3,0xee,0xd1,0xbd,0xb5,0xd2,0xa0,0x3c,
  7843. 0x06,0x4b,0x5a,0x7e,0x3d,0xb1,0x81,0xf8
  7844. };
  7845. WOLFSSL_SMALL_STACK_STATIC const byte niKey[] =
  7846. {
  7847. 0x60,0x3d,0xeb,0x10,0x15,0xca,0x71,0xbe,
  7848. 0x2b,0x73,0xae,0xf0,0x85,0x7d,0x77,0x81,
  7849. 0x1f,0x35,0x2c,0x07,0x3b,0x61,0x08,0xd7,
  7850. 0x2d,0x98,0x10,0xa3,0x09,0x14,0xdf,0xf4
  7851. };
  7852. XMEMSET(cipher, 0, AES_BLOCK_SIZE);
  7853. ret = wc_AesSetKey(enc, niKey, sizeof(niKey), cipher, AES_ENCRYPTION);
  7854. if (ret != 0)
  7855. ERROR_OUT(-5943, out);
  7856. wc_AesEncryptDirect(enc, cipher, niPlain);
  7857. if (XMEMCMP(cipher, niCipher, AES_BLOCK_SIZE) != 0)
  7858. ERROR_OUT(-5944, out);
  7859. XMEMSET(plain, 0, AES_BLOCK_SIZE);
  7860. ret = wc_AesSetKey(dec, niKey, sizeof(niKey), plain, AES_DECRYPTION);
  7861. if (ret != 0)
  7862. ERROR_OUT(-5945, out);
  7863. wc_AesDecryptDirect(dec, plain, niCipher);
  7864. if (XMEMCMP(plain, niPlain, AES_BLOCK_SIZE) != 0)
  7865. ERROR_OUT(-5946, out);
  7866. }
  7867. #endif /* WOLFSSL_AES_DIRECT && WOLFSSL_AES_256 */
  7868. ret = aes_key_size_test();
  7869. if (ret != 0)
  7870. goto out;
  7871. #if defined(HAVE_AES_CBC) && defined(WOLFSSL_AES_128)
  7872. ret = aes_cbc_test();
  7873. if (ret != 0)
  7874. goto out;
  7875. #endif
  7876. #if defined(WOLFSSL_AES_XTS)
  7877. #ifdef WOLFSSL_AES_128
  7878. ret = aes_xts_128_test();
  7879. if (ret != 0)
  7880. goto out;
  7881. #endif
  7882. #ifdef WOLFSSL_AES_256
  7883. ret = aes_xts_256_test();
  7884. if (ret != 0)
  7885. goto out;
  7886. #endif
  7887. #if defined(WOLFSSL_AES_128) && defined(WOLFSSL_AES_256)
  7888. ret = aes_xts_sector_test();
  7889. if (ret != 0)
  7890. goto out;
  7891. #endif
  7892. #ifdef WOLFSSL_AES_128
  7893. ret = aes_xts_args_test();
  7894. if (ret != 0)
  7895. goto out;
  7896. #endif
  7897. #endif
  7898. #if defined(WOLFSSL_AES_CFB)
  7899. ret = aescfb_test();
  7900. if (ret != 0)
  7901. goto out;
  7902. #if !defined(HAVE_SELFTEST) && !defined(HAVE_FIPS)
  7903. ret = aescfb1_test();
  7904. if (ret != 0)
  7905. goto out;
  7906. ret = aescfb8_test();
  7907. if (ret != 0)
  7908. goto out;
  7909. #endif
  7910. #endif
  7911. out:
  7912. #if defined(HAVE_AES_CBC) || defined(WOLFSSL_AES_COUNTER)
  7913. #ifdef WOLFSSL_SMALL_STACK
  7914. if (enc) {
  7915. if (ret != -5900) /* note this must match ERRROR_OUT() code
  7916. * for wc_AesInit(enc, ...) failure above.
  7917. */
  7918. wc_AesFree(enc);
  7919. XFREE(enc, HEAP_HINT, DYNAMIC_TYPE_AES);
  7920. }
  7921. #else
  7922. if (ret != -5900)
  7923. wc_AesFree(enc);
  7924. #endif
  7925. (void)cipher;
  7926. #if defined(HAVE_AES_DECRYPT) || defined(WOLFSSL_AES_COUNTER)
  7927. #ifdef WOLFSSL_SMALL_STACK
  7928. if (dec) {
  7929. if ((ret != -5900) && (ret != -5901))
  7930. /* note these codes must match the ERRROR_OUT() codes for
  7931. * wc_AesInit() failures above.
  7932. */
  7933. wc_AesFree(dec);
  7934. XFREE(dec, HEAP_HINT, DYNAMIC_TYPE_AES);
  7935. }
  7936. #else
  7937. if ((ret != -5900) && (ret != -5901))
  7938. wc_AesFree(dec);
  7939. #endif
  7940. (void)plain;
  7941. #endif
  7942. #endif
  7943. return ret;
  7944. }
  7945. #ifdef WOLFSSL_AES_192
  7946. WOLFSSL_TEST_SUBROUTINE int aes192_test(void)
  7947. {
  7948. #ifdef HAVE_AES_CBC
  7949. #ifdef WOLFSSL_SMALL_STACK
  7950. Aes *enc = NULL;
  7951. #else
  7952. Aes enc[1];
  7953. #endif
  7954. byte cipher[AES_BLOCK_SIZE];
  7955. #ifdef HAVE_AES_DECRYPT
  7956. #ifdef WOLFSSL_SMALL_STACK
  7957. Aes *dec = NULL;
  7958. #else
  7959. Aes dec[1];
  7960. #endif
  7961. byte plain[AES_BLOCK_SIZE];
  7962. #endif
  7963. #endif /* HAVE_AES_CBC */
  7964. int ret = 0;
  7965. #ifdef HAVE_AES_CBC
  7966. /* Test vectors from NIST Special Publication 800-38A, 2001 Edition
  7967. * Appendix F.2.3 */
  7968. WOLFSSL_SMALL_STACK_STATIC const byte msg[] = {
  7969. 0x6b,0xc1,0xbe,0xe2,0x2e,0x40,0x9f,0x96,
  7970. 0xe9,0x3d,0x7e,0x11,0x73,0x93,0x17,0x2a
  7971. };
  7972. WOLFSSL_SMALL_STACK_STATIC const byte verify[] =
  7973. {
  7974. 0x4f,0x02,0x1d,0xb2,0x43,0xbc,0x63,0x3d,
  7975. 0x71,0x78,0x18,0x3a,0x9f,0xa0,0x71,0xe8
  7976. };
  7977. WOLFSSL_SMALL_STACK_STATIC byte key[] = {
  7978. 0x8e,0x73,0xb0,0xf7,0xda,0x0e,0x64,0x52,
  7979. 0xc8,0x10,0xf3,0x2b,0x80,0x90,0x79,0xe5,
  7980. 0x62,0xf8,0xea,0xd2,0x52,0x2c,0x6b,0x7b
  7981. };
  7982. WOLFSSL_SMALL_STACK_STATIC byte iv[] = {
  7983. 0x00,0x01,0x02,0x03,0x04,0x05,0x06,0x07,
  7984. 0x08,0x09,0x0A,0x0B,0x0C,0x0D,0x0E,0x0F
  7985. };
  7986. #ifdef WOLFSSL_SMALL_STACK
  7987. if ((enc = (Aes *)XMALLOC(sizeof *enc, HEAP_HINT, DYNAMIC_TYPE_AES)) == NULL)
  7988. ERROR_OUT(-6008, out);
  7989. #ifdef HAVE_AES_DECRYPT
  7990. if ((dec = (Aes *)XMALLOC(sizeof *dec, HEAP_HINT, DYNAMIC_TYPE_AES)) == NULL)
  7991. ERROR_OUT(-6009, out);
  7992. #endif
  7993. #endif
  7994. if (wc_AesInit(enc, HEAP_HINT, devId) != 0)
  7995. ERROR_OUT(-6000, out);
  7996. #ifdef HAVE_AES_DECRYPT
  7997. if (wc_AesInit(dec, HEAP_HINT, devId) != 0)
  7998. ERROR_OUT(-6001, out);
  7999. #endif
  8000. ret = wc_AesSetKey(enc, key, (int) sizeof(key), iv, AES_ENCRYPTION);
  8001. if (ret != 0)
  8002. ERROR_OUT(-6002, out);
  8003. #ifdef HAVE_AES_DECRYPT
  8004. ret = wc_AesSetKey(dec, key, (int) sizeof(key), iv, AES_DECRYPTION);
  8005. if (ret != 0)
  8006. ERROR_OUT(-6003, out);
  8007. #endif
  8008. XMEMSET(cipher, 0, AES_BLOCK_SIZE);
  8009. ret = wc_AesCbcEncrypt(enc, cipher, msg, (int) sizeof(msg));
  8010. #if defined(WOLFSSL_ASYNC_CRYPT)
  8011. ret = wc_AsyncWait(ret, &enc->asyncDev, WC_ASYNC_FLAG_NONE);
  8012. #endif
  8013. if (ret != 0)
  8014. ERROR_OUT(-6004, out);
  8015. #ifdef HAVE_AES_DECRYPT
  8016. XMEMSET(plain, 0, AES_BLOCK_SIZE);
  8017. ret = wc_AesCbcDecrypt(dec, plain, cipher, (int) sizeof(cipher));
  8018. #if defined(WOLFSSL_ASYNC_CRYPT)
  8019. ret = wc_AsyncWait(ret, &dec->asyncDev, WC_ASYNC_FLAG_NONE);
  8020. #endif
  8021. if (ret != 0)
  8022. ERROR_OUT(-6005, out);
  8023. if (XMEMCMP(plain, msg, (int) sizeof(plain))) {
  8024. ERROR_OUT(-6006, out);
  8025. }
  8026. #endif
  8027. if (XMEMCMP(cipher, verify, (int) sizeof(cipher)))
  8028. ERROR_OUT(-6007, out);
  8029. wc_AesFree(enc);
  8030. #ifdef HAVE_AES_DECRYPT
  8031. wc_AesFree(dec);
  8032. #endif
  8033. out:
  8034. #ifdef WOLFSSL_SMALL_STACK
  8035. if (enc)
  8036. XFREE(enc, HEAP_HINT, DYNAMIC_TYPE_AES);
  8037. #ifdef HAVE_AES_DECRYPT
  8038. if (dec)
  8039. XFREE(dec, HEAP_HINT, DYNAMIC_TYPE_AES);
  8040. #endif
  8041. #endif
  8042. #endif /* HAVE_AES_CBC */
  8043. return ret;
  8044. }
  8045. #endif /* WOLFSSL_AES_192 */
  8046. #ifdef WOLFSSL_AES_256
  8047. WOLFSSL_TEST_SUBROUTINE int aes256_test(void)
  8048. {
  8049. #ifdef HAVE_AES_CBC
  8050. #ifdef WOLFSSL_SMALL_STACK
  8051. Aes *enc = NULL;
  8052. #else
  8053. Aes enc[1];
  8054. #endif
  8055. byte cipher[AES_BLOCK_SIZE];
  8056. #ifdef HAVE_AES_DECRYPT
  8057. #ifdef WOLFSSL_SMALL_STACK
  8058. Aes *dec = NULL;
  8059. #else
  8060. Aes dec[1];
  8061. #endif
  8062. byte plain[AES_BLOCK_SIZE];
  8063. #endif
  8064. #endif /* HAVE_AES_CBC */
  8065. int ret = 0;
  8066. #ifdef HAVE_AES_CBC
  8067. /* Test vectors from NIST Special Publication 800-38A, 2001 Edition,
  8068. * Appendix F.2.5 */
  8069. WOLFSSL_SMALL_STACK_STATIC const byte msg[] = {
  8070. 0x6b,0xc1,0xbe,0xe2,0x2e,0x40,0x9f,0x96,
  8071. 0xe9,0x3d,0x7e,0x11,0x73,0x93,0x17,0x2a
  8072. };
  8073. WOLFSSL_SMALL_STACK_STATIC const byte verify[] =
  8074. {
  8075. 0xf5,0x8c,0x4c,0x04,0xd6,0xe5,0xf1,0xba,
  8076. 0x77,0x9e,0xab,0xfb,0x5f,0x7b,0xfb,0xd6
  8077. };
  8078. WOLFSSL_SMALL_STACK_STATIC byte key[] = {
  8079. 0x60,0x3d,0xeb,0x10,0x15,0xca,0x71,0xbe,
  8080. 0x2b,0x73,0xae,0xf0,0x85,0x7d,0x77,0x81,
  8081. 0x1f,0x35,0x2c,0x07,0x3b,0x61,0x08,0xd7,
  8082. 0x2d,0x98,0x10,0xa3,0x09,0x14,0xdf,0xf4
  8083. };
  8084. WOLFSSL_SMALL_STACK_STATIC byte iv[] = {
  8085. 0x00,0x01,0x02,0x03,0x04,0x05,0x06,0x07,
  8086. 0x08,0x09,0x0A,0x0B,0x0C,0x0D,0x0E,0x0F
  8087. };
  8088. #ifdef WOLFSSL_SMALL_STACK
  8089. if ((enc = (Aes *)XMALLOC(sizeof *enc, HEAP_HINT, DYNAMIC_TYPE_AES)) == NULL)
  8090. ERROR_OUT(-6108, out);
  8091. #ifdef HAVE_AES_DECRYPT
  8092. if ((dec = (Aes *)XMALLOC(sizeof *dec, HEAP_HINT, DYNAMIC_TYPE_AES)) == NULL)
  8093. ERROR_OUT(-6109, out);
  8094. #endif
  8095. #endif
  8096. if (wc_AesInit(enc, HEAP_HINT, devId) != 0)
  8097. ERROR_OUT(-6100, out);
  8098. #ifdef HAVE_AES_DECRYPT
  8099. if (wc_AesInit(dec, HEAP_HINT, devId) != 0)
  8100. ERROR_OUT(-6101, out);
  8101. #endif
  8102. ret = wc_AesSetKey(enc, key, (int) sizeof(key), iv, AES_ENCRYPTION);
  8103. if (ret != 0)
  8104. ERROR_OUT(-6102, out);
  8105. #ifdef HAVE_AES_DECRYPT
  8106. ret = wc_AesSetKey(dec, key, (int) sizeof(key), iv, AES_DECRYPTION);
  8107. if (ret != 0)
  8108. ERROR_OUT(-6103, out);
  8109. #endif
  8110. XMEMSET(cipher, 0, AES_BLOCK_SIZE);
  8111. ret = wc_AesCbcEncrypt(enc, cipher, msg, (int) sizeof(msg));
  8112. #if defined(WOLFSSL_ASYNC_CRYPT)
  8113. ret = wc_AsyncWait(ret, &enc->asyncDev, WC_ASYNC_FLAG_NONE);
  8114. #endif
  8115. if (ret != 0)
  8116. ERROR_OUT(-6104, out);
  8117. #ifdef HAVE_AES_DECRYPT
  8118. XMEMSET(plain, 0, AES_BLOCK_SIZE);
  8119. ret = wc_AesCbcDecrypt(dec, plain, cipher, (int) sizeof(cipher));
  8120. #if defined(WOLFSSL_ASYNC_CRYPT)
  8121. ret = wc_AsyncWait(ret, &dec->asyncDev, WC_ASYNC_FLAG_NONE);
  8122. #endif
  8123. if (ret != 0)
  8124. ERROR_OUT(-6105, out);
  8125. if (XMEMCMP(plain, msg, (int) sizeof(plain))) {
  8126. ERROR_OUT(-6106, out);
  8127. }
  8128. #endif
  8129. if (XMEMCMP(cipher, verify, (int) sizeof(cipher)))
  8130. ERROR_OUT(-6107, out);
  8131. wc_AesFree(enc);
  8132. #ifdef HAVE_AES_DECRYPT
  8133. wc_AesFree(dec);
  8134. #endif
  8135. out:
  8136. #ifdef WOLFSSL_SMALL_STACK
  8137. if (enc)
  8138. XFREE(enc, HEAP_HINT, DYNAMIC_TYPE_AES);
  8139. #ifdef HAVE_AES_DECRYPT
  8140. if (dec)
  8141. XFREE(dec, HEAP_HINT, DYNAMIC_TYPE_AES);
  8142. #endif
  8143. #endif
  8144. #endif /* HAVE_AES_CBC */
  8145. return ret;
  8146. }
  8147. #endif /* WOLFSSL_AES_256 */
  8148. #ifdef HAVE_AESGCM
  8149. static int aesgcm_default_test_helper(byte* key, int keySz, byte* iv, int ivSz,
  8150. byte* plain, int plainSz, byte* cipher, int cipherSz,
  8151. byte* aad, int aadSz, byte* tag, int tagSz)
  8152. {
  8153. int ret, enc_inited = 0, dec_inited = 0;
  8154. #ifdef WOLFSSL_SMALL_STACK
  8155. Aes *enc = NULL;
  8156. Aes *dec = NULL;
  8157. #else
  8158. Aes enc[1];
  8159. Aes dec[1];
  8160. #endif
  8161. byte resultT[AES_BLOCK_SIZE];
  8162. byte resultP[AES_BLOCK_SIZE * 3];
  8163. byte resultC[AES_BLOCK_SIZE * 3];
  8164. int result;
  8165. #ifdef WOLFSSL_SMALL_STACK
  8166. if ((enc = (Aes *)XMALLOC(sizeof *enc, HEAP_HINT, DYNAMIC_TYPE_AES)) == NULL)
  8167. ERROR_OUT(-6118, out);
  8168. if ((dec = (Aes *)XMALLOC(sizeof *dec, HEAP_HINT, DYNAMIC_TYPE_AES)) == NULL)
  8169. ERROR_OUT(-6119, out);
  8170. #endif
  8171. XMEMSET(resultT, 0, sizeof(resultT));
  8172. XMEMSET(resultC, 0, sizeof(resultC));
  8173. XMEMSET(resultP, 0, sizeof(resultP));
  8174. if (wc_AesInit(enc, HEAP_HINT, devId) != 0)
  8175. ERROR_OUT(-6110, out);
  8176. else
  8177. enc_inited = 1;
  8178. if (wc_AesInit(dec, HEAP_HINT, devId) != 0)
  8179. ERROR_OUT(-6111, out);
  8180. else
  8181. dec_inited = 1;
  8182. result = wc_AesGcmSetKey(enc, key, keySz);
  8183. if (result != 0)
  8184. ERROR_OUT(-6112, out);
  8185. /* AES-GCM encrypt and decrypt both use AES encrypt internally */
  8186. result = wc_AesGcmEncrypt(enc, resultC, plain, plainSz, iv, ivSz,
  8187. resultT, tagSz, aad, aadSz);
  8188. #if defined(WOLFSSL_ASYNC_CRYPT)
  8189. result = wc_AsyncWait(result, &enc->asyncDev, WC_ASYNC_FLAG_NONE);
  8190. #endif
  8191. if (result != 0)
  8192. ERROR_OUT(-6113, out);
  8193. if (cipher != NULL) {
  8194. if (XMEMCMP(cipher, resultC, cipherSz))
  8195. ERROR_OUT(-6114, out);
  8196. }
  8197. if (XMEMCMP(tag, resultT, tagSz))
  8198. ERROR_OUT(-6115, out);
  8199. #ifdef HAVE_AES_DECRYPT
  8200. result = wc_AesGcmSetKey(dec, key, keySz);
  8201. if (result != 0)
  8202. ERROR_OUT(-6116, out);
  8203. result = wc_AesGcmDecrypt(dec, resultP, resultC, cipherSz,
  8204. iv, ivSz, resultT, tagSz, aad, aadSz);
  8205. #if defined(WOLFSSL_ASYNC_CRYPT)
  8206. result = wc_AsyncWait(result, &dec->asyncDev, WC_ASYNC_FLAG_NONE);
  8207. #endif
  8208. if (result != 0)
  8209. ERROR_OUT(-6117, out);
  8210. if (plain != NULL) {
  8211. if (XMEMCMP(plain, resultP, plainSz))
  8212. ERROR_OUT(-6118, out);
  8213. }
  8214. #endif /* HAVE_AES_DECRYPT */
  8215. ret = 0;
  8216. out:
  8217. if (enc_inited)
  8218. wc_AesFree(enc);
  8219. if (dec_inited)
  8220. wc_AesFree(dec);
  8221. #ifdef WOLFSSL_SMALL_STACK
  8222. if (enc)
  8223. XFREE(enc, HEAP_HINT, DYNAMIC_TYPE_AES);
  8224. if (dec)
  8225. XFREE(dec, HEAP_HINT, DYNAMIC_TYPE_AES);
  8226. #endif
  8227. return ret;
  8228. }
  8229. /* tests that only use 12 byte IV and 16 or less byte AAD
  8230. * test vectors are from NIST SP 800-38D
  8231. * https://csrc.nist.gov/Projects/Cryptographic-Algorithm-Validation-Program/CAVP-TESTING-BLOCK-CIPHER-MODES*/
  8232. WOLFSSL_TEST_SUBROUTINE int aesgcm_default_test(void)
  8233. {
  8234. byte key1[] = {
  8235. 0x29, 0x8e, 0xfa, 0x1c, 0xcf, 0x29, 0xcf, 0x62,
  8236. 0xae, 0x68, 0x24, 0xbf, 0xc1, 0x95, 0x57, 0xfc
  8237. };
  8238. byte iv1[] = {
  8239. 0x6f, 0x58, 0xa9, 0x3f, 0xe1, 0xd2, 0x07, 0xfa,
  8240. 0xe4, 0xed, 0x2f, 0x6d
  8241. };
  8242. ALIGN64 byte plain1[] = {
  8243. 0xcc, 0x38, 0xbc, 0xcd, 0x6b, 0xc5, 0x36, 0xad,
  8244. 0x91, 0x9b, 0x13, 0x95, 0xf5, 0xd6, 0x38, 0x01,
  8245. 0xf9, 0x9f, 0x80, 0x68, 0xd6, 0x5c, 0xa5, 0xac,
  8246. 0x63, 0x87, 0x2d, 0xaf, 0x16, 0xb9, 0x39, 0x01
  8247. };
  8248. byte aad1[] = {
  8249. 0x02, 0x1f, 0xaf, 0xd2, 0x38, 0x46, 0x39, 0x73,
  8250. 0xff, 0xe8, 0x02, 0x56, 0xe5, 0xb1, 0xc6, 0xb1
  8251. };
  8252. ALIGN64 byte cipher1[] = {
  8253. 0xdf, 0xce, 0x4e, 0x9c, 0xd2, 0x91, 0x10, 0x3d,
  8254. 0x7f, 0xe4, 0xe6, 0x33, 0x51, 0xd9, 0xe7, 0x9d,
  8255. 0x3d, 0xfd, 0x39, 0x1e, 0x32, 0x67, 0x10, 0x46,
  8256. 0x58, 0x21, 0x2d, 0xa9, 0x65, 0x21, 0xb7, 0xdb
  8257. };
  8258. byte tag1[] = {
  8259. 0x54, 0x24, 0x65, 0xef, 0x59, 0x93, 0x16, 0xf7,
  8260. 0x3a, 0x7a, 0x56, 0x05, 0x09, 0xa2, 0xd9, 0xf2
  8261. };
  8262. byte key2[] = {
  8263. 0x01, 0x6d, 0xbb, 0x38, 0xda, 0xa7, 0x6d, 0xfe,
  8264. 0x7d, 0xa3, 0x84, 0xeb, 0xf1, 0x24, 0x03, 0x64
  8265. };
  8266. byte iv2[] = {
  8267. 0x07, 0x93, 0xef, 0x3a, 0xda, 0x78, 0x2f, 0x78,
  8268. 0xc9, 0x8a, 0xff, 0xe3
  8269. };
  8270. ALIGN64 byte plain2[] = {
  8271. 0x4b, 0x34, 0xa9, 0xec, 0x57, 0x63, 0x52, 0x4b,
  8272. 0x19, 0x1d, 0x56, 0x16, 0xc5, 0x47, 0xf6, 0xb7
  8273. };
  8274. ALIGN64 byte cipher2[] = {
  8275. 0x60, 0x9a, 0xa3, 0xf4, 0x54, 0x1b, 0xc0, 0xfe,
  8276. 0x99, 0x31, 0xda, 0xad, 0x2e, 0xe1, 0x5d, 0x0c
  8277. };
  8278. byte tag2[] = {
  8279. 0x33, 0xaf, 0xec, 0x59, 0xc4, 0x5b, 0xaf, 0x68,
  8280. 0x9a, 0x5e, 0x1b, 0x13, 0xae, 0x42, 0x36, 0x19
  8281. };
  8282. byte key3[] = {
  8283. 0xb0, 0x1e, 0x45, 0xcc, 0x30, 0x88, 0xaa, 0xba,
  8284. 0x9f, 0xa4, 0x3d, 0x81, 0xd4, 0x81, 0x82, 0x3f
  8285. };
  8286. byte iv3[] = {
  8287. 0x5a, 0x2c, 0x4a, 0x66, 0x46, 0x87, 0x13, 0x45,
  8288. 0x6a, 0x4b, 0xd5, 0xe1
  8289. };
  8290. byte tag3[] = {
  8291. 0x01, 0x42, 0x80, 0xf9, 0x44, 0xf5, 0x3c, 0x68,
  8292. 0x11, 0x64, 0xb2, 0xff
  8293. };
  8294. int ret;
  8295. ret = aesgcm_default_test_helper(key1, sizeof(key1), iv1, sizeof(iv1),
  8296. plain1, sizeof(plain1), cipher1, sizeof(cipher1),
  8297. aad1, sizeof(aad1), tag1, sizeof(tag1));
  8298. if (ret != 0) {
  8299. return ret;
  8300. }
  8301. ret = aesgcm_default_test_helper(key2, sizeof(key2), iv2, sizeof(iv2),
  8302. plain2, sizeof(plain2), cipher2, sizeof(cipher2),
  8303. NULL, 0, tag2, sizeof(tag2));
  8304. if (ret != 0) {
  8305. return ret;
  8306. }
  8307. ret = aesgcm_default_test_helper(key3, sizeof(key3), iv3, sizeof(iv3),
  8308. NULL, 0, NULL, 0,
  8309. NULL, 0, tag3, sizeof(tag3));
  8310. if (ret != 0) {
  8311. return ret;
  8312. }
  8313. return 0;
  8314. }
  8315. WOLFSSL_TEST_SUBROUTINE int aesgcm_test(void)
  8316. {
  8317. #ifdef WOLFSSL_SMALL_STACK
  8318. Aes *enc = NULL;
  8319. Aes *dec = NULL;
  8320. #else
  8321. Aes enc[1];
  8322. Aes dec[1];
  8323. #endif
  8324. /*
  8325. * This is Test Case 16 from the document Galois/
  8326. * Counter Mode of Operation (GCM) by McGrew and
  8327. * Viega.
  8328. */
  8329. WOLFSSL_SMALL_STACK_STATIC const byte p[] =
  8330. {
  8331. 0xd9, 0x31, 0x32, 0x25, 0xf8, 0x84, 0x06, 0xe5,
  8332. 0xa5, 0x59, 0x09, 0xc5, 0xaf, 0xf5, 0x26, 0x9a,
  8333. 0x86, 0xa7, 0xa9, 0x53, 0x15, 0x34, 0xf7, 0xda,
  8334. 0x2e, 0x4c, 0x30, 0x3d, 0x8a, 0x31, 0x8a, 0x72,
  8335. 0x1c, 0x3c, 0x0c, 0x95, 0x95, 0x68, 0x09, 0x53,
  8336. 0x2f, 0xcf, 0x0e, 0x24, 0x49, 0xa6, 0xb5, 0x25,
  8337. 0xb1, 0x6a, 0xed, 0xf5, 0xaa, 0x0d, 0xe6, 0x57,
  8338. 0xba, 0x63, 0x7b, 0x39
  8339. };
  8340. #if defined(WOLFSSL_AES_256)
  8341. WOLFSSL_SMALL_STACK_STATIC const byte a[] =
  8342. {
  8343. 0xfe, 0xed, 0xfa, 0xce, 0xde, 0xad, 0xbe, 0xef,
  8344. 0xfe, 0xed, 0xfa, 0xce, 0xde, 0xad, 0xbe, 0xef,
  8345. 0xab, 0xad, 0xda, 0xd2
  8346. };
  8347. #endif
  8348. #ifdef WOLFSSL_AES_256
  8349. WOLFSSL_SMALL_STACK_STATIC const byte k1[] =
  8350. {
  8351. 0xfe, 0xff, 0xe9, 0x92, 0x86, 0x65, 0x73, 0x1c,
  8352. 0x6d, 0x6a, 0x8f, 0x94, 0x67, 0x30, 0x83, 0x08,
  8353. 0xfe, 0xff, 0xe9, 0x92, 0x86, 0x65, 0x73, 0x1c,
  8354. 0x6d, 0x6a, 0x8f, 0x94, 0x67, 0x30, 0x83, 0x08
  8355. };
  8356. WOLFSSL_SMALL_STACK_STATIC const byte iv1[] =
  8357. {
  8358. 0xca, 0xfe, 0xba, 0xbe, 0xfa, 0xce, 0xdb, 0xad,
  8359. 0xde, 0xca, 0xf8, 0x88
  8360. };
  8361. WOLFSSL_SMALL_STACK_STATIC const byte c1[] =
  8362. {
  8363. 0x52, 0x2d, 0xc1, 0xf0, 0x99, 0x56, 0x7d, 0x07,
  8364. 0xf4, 0x7f, 0x37, 0xa3, 0x2a, 0x84, 0x42, 0x7d,
  8365. 0x64, 0x3a, 0x8c, 0xdc, 0xbf, 0xe5, 0xc0, 0xc9,
  8366. 0x75, 0x98, 0xa2, 0xbd, 0x25, 0x55, 0xd1, 0xaa,
  8367. 0x8c, 0xb0, 0x8e, 0x48, 0x59, 0x0d, 0xbb, 0x3d,
  8368. 0xa7, 0xb0, 0x8b, 0x10, 0x56, 0x82, 0x88, 0x38,
  8369. 0xc5, 0xf6, 0x1e, 0x63, 0x93, 0xba, 0x7a, 0x0a,
  8370. 0xbc, 0xc9, 0xf6, 0x62
  8371. };
  8372. #endif /* WOLFSSL_AES_256 */
  8373. WOLFSSL_SMALL_STACK_STATIC const byte t1[] =
  8374. {
  8375. 0x76, 0xfc, 0x6e, 0xce, 0x0f, 0x4e, 0x17, 0x68,
  8376. 0xcd, 0xdf, 0x88, 0x53, 0xbb, 0x2d, 0x55, 0x1b
  8377. };
  8378. /* FIPS, QAT and PIC32MZ HW Crypto only support 12-byte IV */
  8379. #if !defined(HAVE_FIPS) && \
  8380. !defined(WOLFSSL_PIC32MZ_CRYPT) && \
  8381. !defined(FREESCALE_LTC) && !defined(FREESCALE_MMCAU) && \
  8382. !defined(WOLFSSL_XILINX_CRYPT) && !defined(WOLFSSL_AFALG_XILINX_AES) && \
  8383. !defined(WOLFSSL_SILABS_SE_ACCEL) && \
  8384. !(defined(WOLF_CRYPTO_CB) && \
  8385. (defined(HAVE_INTEL_QA_SYNC) || defined(HAVE_CAVIUM_OCTEON_SYNC)))
  8386. #define ENABLE_NON_12BYTE_IV_TEST
  8387. #ifdef WOLFSSL_AES_192
  8388. /* Test Case 12, uses same plaintext and AAD data. */
  8389. WOLFSSL_SMALL_STACK_STATIC const byte k2[] =
  8390. {
  8391. 0xfe, 0xff, 0xe9, 0x92, 0x86, 0x65, 0x73, 0x1c,
  8392. 0x6d, 0x6a, 0x8f, 0x94, 0x67, 0x30, 0x83, 0x08,
  8393. 0xfe, 0xff, 0xe9, 0x92, 0x86, 0x65, 0x73, 0x1c
  8394. };
  8395. WOLFSSL_SMALL_STACK_STATIC const byte iv2[] =
  8396. {
  8397. 0x93, 0x13, 0x22, 0x5d, 0xf8, 0x84, 0x06, 0xe5,
  8398. 0x55, 0x90, 0x9c, 0x5a, 0xff, 0x52, 0x69, 0xaa,
  8399. 0x6a, 0x7a, 0x95, 0x38, 0x53, 0x4f, 0x7d, 0xa1,
  8400. 0xe4, 0xc3, 0x03, 0xd2, 0xa3, 0x18, 0xa7, 0x28,
  8401. 0xc3, 0xc0, 0xc9, 0x51, 0x56, 0x80, 0x95, 0x39,
  8402. 0xfc, 0xf0, 0xe2, 0x42, 0x9a, 0x6b, 0x52, 0x54,
  8403. 0x16, 0xae, 0xdb, 0xf5, 0xa0, 0xde, 0x6a, 0x57,
  8404. 0xa6, 0x37, 0xb3, 0x9b
  8405. };
  8406. WOLFSSL_SMALL_STACK_STATIC const byte c2[] =
  8407. {
  8408. 0xd2, 0x7e, 0x88, 0x68, 0x1c, 0xe3, 0x24, 0x3c,
  8409. 0x48, 0x30, 0x16, 0x5a, 0x8f, 0xdc, 0xf9, 0xff,
  8410. 0x1d, 0xe9, 0xa1, 0xd8, 0xe6, 0xb4, 0x47, 0xef,
  8411. 0x6e, 0xf7, 0xb7, 0x98, 0x28, 0x66, 0x6e, 0x45,
  8412. 0x81, 0xe7, 0x90, 0x12, 0xaf, 0x34, 0xdd, 0xd9,
  8413. 0xe2, 0xf0, 0x37, 0x58, 0x9b, 0x29, 0x2d, 0xb3,
  8414. 0xe6, 0x7c, 0x03, 0x67, 0x45, 0xfa, 0x22, 0xe7,
  8415. 0xe9, 0xb7, 0x37, 0x3b
  8416. };
  8417. WOLFSSL_SMALL_STACK_STATIC const byte t2[] =
  8418. {
  8419. 0xdc, 0xf5, 0x66, 0xff, 0x29, 0x1c, 0x25, 0xbb,
  8420. 0xb8, 0x56, 0x8f, 0xc3, 0xd3, 0x76, 0xa6, 0xd9
  8421. };
  8422. #endif /* WOLFSSL_AES_192 */
  8423. #ifdef WOLFSSL_AES_128
  8424. /* The following is an interesting test case from the example
  8425. * FIPS test vectors for AES-GCM. IVlen = 1 byte */
  8426. WOLFSSL_SMALL_STACK_STATIC const byte p3[] =
  8427. {
  8428. 0x57, 0xce, 0x45, 0x1f, 0xa5, 0xe2, 0x35, 0xa5,
  8429. 0x8e, 0x1a, 0xa2, 0x3b, 0x77, 0xcb, 0xaf, 0xe2
  8430. };
  8431. WOLFSSL_SMALL_STACK_STATIC const byte k3[] =
  8432. {
  8433. 0xbb, 0x01, 0xd7, 0x03, 0x81, 0x1c, 0x10, 0x1a,
  8434. 0x35, 0xe0, 0xff, 0xd2, 0x91, 0xba, 0xf2, 0x4b
  8435. };
  8436. WOLFSSL_SMALL_STACK_STATIC const byte iv3[] =
  8437. {
  8438. 0xca
  8439. };
  8440. WOLFSSL_SMALL_STACK_STATIC const byte c3[] =
  8441. {
  8442. 0x6b, 0x5f, 0xb3, 0x9d, 0xc1, 0xc5, 0x7a, 0x4f,
  8443. 0xf3, 0x51, 0x4d, 0xc2, 0xd5, 0xf0, 0xd0, 0x07
  8444. };
  8445. WOLFSSL_SMALL_STACK_STATIC const byte a3[] =
  8446. {
  8447. 0x40, 0xfc, 0xdc, 0xd7, 0x4a, 0xd7, 0x8b, 0xf1,
  8448. 0x3e, 0x7c, 0x60, 0x55, 0x50, 0x51, 0xdd, 0x54
  8449. };
  8450. WOLFSSL_SMALL_STACK_STATIC const byte t3[] =
  8451. {
  8452. 0x06, 0x90, 0xed, 0x01, 0x34, 0xdd, 0xc6, 0x95,
  8453. 0x31, 0x2e, 0x2a, 0xf9, 0x57, 0x7a, 0x1e, 0xa6
  8454. };
  8455. #endif /* WOLFSSL_AES_128 */
  8456. #ifdef WOLFSSL_AES_256
  8457. int ivlen;
  8458. #endif
  8459. #endif
  8460. byte resultT[sizeof(t1)];
  8461. byte resultP[sizeof(p) + AES_BLOCK_SIZE];
  8462. byte resultC[sizeof(p) + AES_BLOCK_SIZE];
  8463. int result = 0;
  8464. int ret;
  8465. #ifdef WOLFSSL_AES_256
  8466. int alen;
  8467. #if !defined(WOLFSSL_AFALG_XILINX_AES) && !defined(WOLFSSL_XILINX_CRYPT)
  8468. int plen;
  8469. #endif
  8470. #endif
  8471. #if !defined(BENCH_EMBEDDED) && !defined(HAVE_CAVIUM)
  8472. #if !defined(BENCH_AESGCM_LARGE)
  8473. #define BENCH_AESGCM_LARGE 1024
  8474. #endif
  8475. byte *large_input = (byte *)XMALLOC(BENCH_AESGCM_LARGE, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  8476. byte *large_output = (byte *)XMALLOC(BENCH_AESGCM_LARGE + AES_BLOCK_SIZE, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  8477. byte *large_outdec = (byte *)XMALLOC(BENCH_AESGCM_LARGE, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  8478. if ((! large_input) || (! large_output) || (! large_outdec))
  8479. ERROR_OUT(MEMORY_E, out);
  8480. XMEMSET(large_input, 0, BENCH_AESGCM_LARGE);
  8481. XMEMSET(large_output, 0, BENCH_AESGCM_LARGE + AES_BLOCK_SIZE);
  8482. XMEMSET(large_outdec, 0, BENCH_AESGCM_LARGE);
  8483. #endif
  8484. #ifdef WOLFSSL_SMALL_STACK
  8485. if ((enc = (Aes *)XMALLOC(sizeof *enc, HEAP_HINT, DYNAMIC_TYPE_AES)) == NULL)
  8486. ERROR_OUT(-6342, out);
  8487. if ((dec = (Aes *)XMALLOC(sizeof *dec, HEAP_HINT, DYNAMIC_TYPE_AES)) == NULL)
  8488. ERROR_OUT(-6343, out);
  8489. #endif
  8490. (void)result;
  8491. XMEMSET(resultT, 0, sizeof(resultT));
  8492. XMEMSET(resultC, 0, sizeof(resultC));
  8493. XMEMSET(resultP, 0, sizeof(resultP));
  8494. if (wc_AesInit(enc, HEAP_HINT, devId) != 0) {
  8495. ERROR_OUT(-6300, out);
  8496. }
  8497. if (wc_AesInit(dec, HEAP_HINT, devId) != 0) {
  8498. ERROR_OUT(-6301, out);
  8499. }
  8500. #ifdef WOLFSSL_AES_256
  8501. result = wc_AesGcmSetKey(enc, k1, sizeof(k1));
  8502. if (result != 0)
  8503. ERROR_OUT(-6302, out);
  8504. /* AES-GCM encrypt and decrypt both use AES encrypt internally */
  8505. result = wc_AesGcmEncrypt(enc, resultC, p, sizeof(p), iv1, sizeof(iv1),
  8506. resultT, sizeof(resultT), a, sizeof(a));
  8507. #if defined(WOLFSSL_ASYNC_CRYPT)
  8508. result = wc_AsyncWait(result, &enc->asyncDev, WC_ASYNC_FLAG_NONE);
  8509. #endif
  8510. if (result != 0)
  8511. ERROR_OUT(-6303, out);
  8512. if (XMEMCMP(c1, resultC, sizeof(c1)))
  8513. ERROR_OUT(-6304, out);
  8514. if (XMEMCMP(t1, resultT, sizeof(resultT)))
  8515. ERROR_OUT(-6305, out);
  8516. #ifdef HAVE_AES_DECRYPT
  8517. result = wc_AesGcmSetKey(dec, k1, sizeof(k1));
  8518. if (result != 0)
  8519. ERROR_OUT(-6306, out);
  8520. result = wc_AesGcmDecrypt(dec, resultP, resultC, sizeof(c1),
  8521. iv1, sizeof(iv1), resultT, sizeof(resultT), a, sizeof(a));
  8522. #if defined(WOLFSSL_ASYNC_CRYPT)
  8523. result = wc_AsyncWait(result, &dec->asyncDev, WC_ASYNC_FLAG_NONE);
  8524. #endif
  8525. if (result != 0)
  8526. ERROR_OUT(-6307, out);
  8527. if (XMEMCMP(p, resultP, sizeof(p)))
  8528. ERROR_OUT(-6308, out);
  8529. #endif /* HAVE_AES_DECRYPT */
  8530. /* Large buffer test */
  8531. #ifdef BENCH_AESGCM_LARGE
  8532. /* setup test buffer */
  8533. for (alen=0; alen<BENCH_AESGCM_LARGE; alen++)
  8534. large_input[alen] = (byte)alen;
  8535. /* AES-GCM encrypt and decrypt both use AES encrypt internally */
  8536. result = wc_AesGcmEncrypt(enc, large_output, large_input,
  8537. BENCH_AESGCM_LARGE, iv1, sizeof(iv1),
  8538. resultT, sizeof(resultT), a, sizeof(a));
  8539. #if defined(WOLFSSL_ASYNC_CRYPT)
  8540. result = wc_AsyncWait(result, &enc->asyncDev, WC_ASYNC_FLAG_NONE);
  8541. #endif
  8542. if (result != 0)
  8543. ERROR_OUT(-6309, out);
  8544. #ifdef HAVE_AES_DECRYPT
  8545. result = wc_AesGcmDecrypt(dec, large_outdec, large_output,
  8546. BENCH_AESGCM_LARGE, iv1, sizeof(iv1), resultT,
  8547. sizeof(resultT), a, sizeof(a));
  8548. #if defined(WOLFSSL_ASYNC_CRYPT)
  8549. result = wc_AsyncWait(result, &dec->asyncDev, WC_ASYNC_FLAG_NONE);
  8550. #endif
  8551. if (result != 0)
  8552. ERROR_OUT(-6310, out);
  8553. if (XMEMCMP(large_input, large_outdec, BENCH_AESGCM_LARGE))
  8554. ERROR_OUT(-6311, out);
  8555. #endif /* HAVE_AES_DECRYPT */
  8556. #endif /* BENCH_AESGCM_LARGE */
  8557. #if defined(ENABLE_NON_12BYTE_IV_TEST) && defined(WOLFSSL_AES_256)
  8558. /* Variable IV length test */
  8559. for (ivlen=1; ivlen<(int)sizeof(k1); ivlen++) {
  8560. /* AES-GCM encrypt and decrypt both use AES encrypt internally */
  8561. result = wc_AesGcmEncrypt(enc, resultC, p, sizeof(p), k1,
  8562. (word32)ivlen, resultT, sizeof(resultT), a, sizeof(a));
  8563. #if defined(WOLFSSL_ASYNC_CRYPT)
  8564. result = wc_AsyncWait(result, &enc->asyncDev, WC_ASYNC_FLAG_NONE);
  8565. #endif
  8566. if (result != 0)
  8567. ERROR_OUT(-6312, out);
  8568. #ifdef HAVE_AES_DECRYPT
  8569. result = wc_AesGcmDecrypt(dec, resultP, resultC, sizeof(c1), k1,
  8570. (word32)ivlen, resultT, sizeof(resultT), a, sizeof(a));
  8571. #if defined(WOLFSSL_ASYNC_CRYPT)
  8572. result = wc_AsyncWait(result, &dec->asyncDev, WC_ASYNC_FLAG_NONE);
  8573. #endif
  8574. if (result != 0)
  8575. ERROR_OUT(-6313, out);
  8576. #endif /* HAVE_AES_DECRYPT */
  8577. }
  8578. #endif
  8579. #if !(defined(WOLF_CRYPTO_CB) && defined(HAVE_INTEL_QA_SYNC))
  8580. /* Variable authenticated data length test */
  8581. for (alen=0; alen<(int)sizeof(p); alen++) {
  8582. /* AES-GCM encrypt and decrypt both use AES encrypt internally */
  8583. result = wc_AesGcmEncrypt(enc, resultC, p, sizeof(p), iv1,
  8584. sizeof(iv1), resultT, sizeof(resultT), p, (word32)alen);
  8585. #if defined(WOLFSSL_ASYNC_CRYPT)
  8586. result = wc_AsyncWait(result, &enc->asyncDev, WC_ASYNC_FLAG_NONE);
  8587. #endif
  8588. if (result != 0)
  8589. ERROR_OUT(-6314, out);
  8590. #ifdef HAVE_AES_DECRYPT
  8591. result = wc_AesGcmDecrypt(dec, resultP, resultC, sizeof(c1), iv1,
  8592. sizeof(iv1), resultT, sizeof(resultT), p, (word32)alen);
  8593. #if defined(WOLFSSL_ASYNC_CRYPT)
  8594. result = wc_AsyncWait(result, &dec->asyncDev, WC_ASYNC_FLAG_NONE);
  8595. #endif
  8596. if (result != 0)
  8597. ERROR_OUT(-6315, out);
  8598. #endif /* HAVE_AES_DECRYPT */
  8599. }
  8600. #endif
  8601. #if !defined(WOLFSSL_AFALG_XILINX_AES) && !defined(WOLFSSL_XILINX_CRYPT)
  8602. #ifdef BENCH_AESGCM_LARGE
  8603. /* Variable plain text length test */
  8604. for (plen=1; plen<BENCH_AESGCM_LARGE; plen++) {
  8605. /* AES-GCM encrypt and decrypt both use AES encrypt internally */
  8606. result = wc_AesGcmEncrypt(enc, large_output, large_input,
  8607. plen, iv1, sizeof(iv1), resultT,
  8608. sizeof(resultT), a, sizeof(a));
  8609. #if defined(WOLFSSL_ASYNC_CRYPT)
  8610. result = wc_AsyncWait(result, &enc->asyncDev, WC_ASYNC_FLAG_NONE);
  8611. #endif
  8612. if (result != 0)
  8613. ERROR_OUT(-6316, out);
  8614. #ifdef HAVE_AES_DECRYPT
  8615. result = wc_AesGcmDecrypt(dec, large_outdec, large_output,
  8616. plen, iv1, sizeof(iv1), resultT,
  8617. sizeof(resultT), a, sizeof(a));
  8618. #if defined(WOLFSSL_ASYNC_CRYPT)
  8619. result = wc_AsyncWait(result, &dec->asyncDev, WC_ASYNC_FLAG_NONE);
  8620. #endif
  8621. if (result != 0)
  8622. ERROR_OUT(-6317, out);
  8623. #endif /* HAVE_AES_DECRYPT */
  8624. }
  8625. #else /* BENCH_AESGCM_LARGE */
  8626. /* Variable plain text length test */
  8627. for (plen=1; plen<(int)sizeof(p); plen++) {
  8628. /* AES-GCM encrypt and decrypt both use AES encrypt internally */
  8629. result = wc_AesGcmEncrypt(enc, resultC, p, (word32)plen, iv1,
  8630. sizeof(iv1), resultT, sizeof(resultT), a, sizeof(a));
  8631. #if defined(WOLFSSL_ASYNC_CRYPT)
  8632. result = wc_AsyncWait(result, &enc->asyncDev, WC_ASYNC_FLAG_NONE);
  8633. #endif
  8634. if (result != 0)
  8635. ERROR_OUT(-6318, out);
  8636. #ifdef HAVE_AES_DECRYPT
  8637. result = wc_AesGcmDecrypt(dec, resultP, resultC, (word32)plen, iv1,
  8638. sizeof(iv1), resultT, sizeof(resultT), a, sizeof(a));
  8639. #if defined(WOLFSSL_ASYNC_CRYPT)
  8640. result = wc_AsyncWait(result, &dec->asyncDev, WC_ASYNC_FLAG_NONE);
  8641. #endif
  8642. if (result != 0)
  8643. ERROR_OUT(-6319, out);
  8644. #endif /* HAVE_AES_DECRYPT */
  8645. }
  8646. #endif /* BENCH_AESGCM_LARGE */
  8647. #endif
  8648. #endif /* WOLFSSL_AES_256 */
  8649. /* test with IV != 12 bytes */
  8650. #ifdef ENABLE_NON_12BYTE_IV_TEST
  8651. XMEMSET(resultT, 0, sizeof(resultT));
  8652. XMEMSET(resultC, 0, sizeof(resultC));
  8653. XMEMSET(resultP, 0, sizeof(resultP));
  8654. #ifdef WOLFSSL_AES_192
  8655. wc_AesGcmSetKey(enc, k2, sizeof(k2));
  8656. /* AES-GCM encrypt and decrypt both use AES encrypt internally */
  8657. result = wc_AesGcmEncrypt(enc, resultC, p, sizeof(p), iv2, sizeof(iv2),
  8658. resultT, sizeof(resultT), a, sizeof(a));
  8659. #if defined(WOLFSSL_ASYNC_CRYPT)
  8660. result = wc_AsyncWait(result, &enc->asyncDev, WC_ASYNC_FLAG_NONE);
  8661. #endif
  8662. if (result != 0)
  8663. ERROR_OUT(-6320, out);
  8664. if (XMEMCMP(c2, resultC, sizeof(c2)))
  8665. ERROR_OUT(-6321, out);
  8666. if (XMEMCMP(t2, resultT, sizeof(resultT)))
  8667. ERROR_OUT(-6322, out);
  8668. #ifdef HAVE_AES_DECRYPT
  8669. result = wc_AesGcmDecrypt(enc, resultP, resultC, sizeof(c1),
  8670. iv2, sizeof(iv2), resultT, sizeof(resultT), a, sizeof(a));
  8671. #if defined(WOLFSSL_ASYNC_CRYPT)
  8672. result = wc_AsyncWait(result, &enc->asyncDev, WC_ASYNC_FLAG_NONE);
  8673. #endif
  8674. if (result != 0)
  8675. ERROR_OUT(-6323, out);
  8676. if (XMEMCMP(p, resultP, sizeof(p)))
  8677. ERROR_OUT(-6324, out);
  8678. #endif /* HAVE_AES_DECRYPT */
  8679. XMEMSET(resultT, 0, sizeof(resultT));
  8680. XMEMSET(resultC, 0, sizeof(resultC));
  8681. XMEMSET(resultP, 0, sizeof(resultP));
  8682. #endif /* WOLFSSL_AES_192 */
  8683. #ifdef WOLFSSL_AES_128
  8684. wc_AesGcmSetKey(enc, k3, sizeof(k3));
  8685. /* AES-GCM encrypt and decrypt both use AES encrypt internally */
  8686. result = wc_AesGcmEncrypt(enc, resultC, p3, sizeof(p3), iv3, sizeof(iv3),
  8687. resultT, sizeof(t3), a3, sizeof(a3));
  8688. #if defined(WOLFSSL_ASYNC_CRYPT)
  8689. result = wc_AsyncWait(result, &enc->asyncDev, WC_ASYNC_FLAG_NONE);
  8690. #endif
  8691. if (result != 0)
  8692. ERROR_OUT(-6325, out);
  8693. if (XMEMCMP(c3, resultC, sizeof(c3)))
  8694. ERROR_OUT(-6326, out);
  8695. if (XMEMCMP(t3, resultT, sizeof(t3)))
  8696. ERROR_OUT(-6327, out);
  8697. #ifdef HAVE_AES_DECRYPT
  8698. result = wc_AesGcmDecrypt(enc, resultP, resultC, sizeof(c3),
  8699. iv3, sizeof(iv3), resultT, sizeof(t3), a3, sizeof(a3));
  8700. #if defined(WOLFSSL_ASYNC_CRYPT)
  8701. result = wc_AsyncWait(result, &enc->asyncDev, WC_ASYNC_FLAG_NONE);
  8702. #endif
  8703. if (result != 0)
  8704. ERROR_OUT(-6328, out);
  8705. if (XMEMCMP(p3, resultP, sizeof(p3)))
  8706. ERROR_OUT(-6329, out);
  8707. #endif /* HAVE_AES_DECRYPT */
  8708. #endif /* WOLFSSL_AES_128 */
  8709. #endif /* ENABLE_NON_12BYTE_IV_TEST */
  8710. #if defined(WOLFSSL_AES_256) && !defined(WOLFSSL_AFALG_XILINX_AES) && \
  8711. !defined(WOLFSSL_XILINX_CRYPT) && \
  8712. !(defined(WOLF_CRYPTO_CB) && \
  8713. defined(HAVE_INTEL_QA_SYNC) || defined(HAVE_CAVIUM_OCTEON_SYNC))
  8714. XMEMSET(resultT, 0, sizeof(resultT));
  8715. XMEMSET(resultC, 0, sizeof(resultC));
  8716. XMEMSET(resultP, 0, sizeof(resultP));
  8717. wc_AesGcmSetKey(enc, k1, sizeof(k1));
  8718. /* AES-GCM encrypt and decrypt both use AES encrypt internally */
  8719. result = wc_AesGcmEncrypt(enc, resultC, p, sizeof(p), iv1, sizeof(iv1),
  8720. resultT + 1, sizeof(resultT) - 1, a, sizeof(a));
  8721. #if defined(WOLFSSL_ASYNC_CRYPT)
  8722. result = wc_AsyncWait(result, &enc->asyncDev, WC_ASYNC_FLAG_NONE);
  8723. #endif
  8724. if (result != 0)
  8725. ERROR_OUT(-6330, out);
  8726. if (XMEMCMP(c1, resultC, sizeof(c1)))
  8727. ERROR_OUT(-6331, out);
  8728. if (XMEMCMP(t1, resultT + 1, sizeof(resultT) - 1))
  8729. ERROR_OUT(-6332, out);
  8730. #ifdef HAVE_AES_DECRYPT
  8731. result = wc_AesGcmDecrypt(enc, resultP, resultC, sizeof(p),
  8732. iv1, sizeof(iv1), resultT + 1, sizeof(resultT) - 1, a, sizeof(a));
  8733. #if defined(WOLFSSL_ASYNC_CRYPT)
  8734. result = wc_AsyncWait(result, &enc->asyncDev, WC_ASYNC_FLAG_NONE);
  8735. #endif
  8736. if (result != 0)
  8737. ERROR_OUT(-6333, out);
  8738. if (XMEMCMP(p, resultP, sizeof(p)))
  8739. ERROR_OUT(-6334, out);
  8740. #endif /* HAVE_AES_DECRYPT */
  8741. #endif /* WOLFSSL_AES_256 */
  8742. #if !defined(HAVE_FIPS) || \
  8743. (defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION >= 2))
  8744. /* Test encrypt with internally generated IV */
  8745. #if defined(WOLFSSL_AES_256) && !(defined(WC_NO_RNG) || defined(HAVE_SELFTEST)) \
  8746. && !(defined(WOLF_CRYPTO_CB) && defined(HAVE_CAVIUM_OCTEON_SYNC))
  8747. {
  8748. WC_RNG rng;
  8749. byte randIV[12];
  8750. result = wc_InitRng_ex(&rng, HEAP_HINT, devId);
  8751. if (result != 0)
  8752. ERROR_OUT(-6335, out);
  8753. XMEMSET(randIV, 0, sizeof(randIV));
  8754. XMEMSET(resultT, 0, sizeof(resultT));
  8755. XMEMSET(resultC, 0, sizeof(resultC));
  8756. XMEMSET(resultP, 0, sizeof(resultP));
  8757. wc_AesGcmSetKey(enc, k1, sizeof(k1));
  8758. result = wc_AesGcmSetIV(enc, sizeof(randIV), NULL, 0, &rng);
  8759. if (result != 0)
  8760. ERROR_OUT(-6336, out);
  8761. result = wc_AesGcmEncrypt_ex(enc,
  8762. resultC, p, sizeof(p),
  8763. randIV, sizeof(randIV),
  8764. resultT, sizeof(resultT),
  8765. a, sizeof(a));
  8766. #if defined(WOLFSSL_ASYNC_CRYPT)
  8767. result = wc_AsyncWait(result, &enc->asyncDev, WC_ASYNC_FLAG_NONE);
  8768. #endif
  8769. if (result != 0)
  8770. ERROR_OUT(-6337, out);
  8771. /* Check the IV has been set. */
  8772. {
  8773. word32 i, ivSum = 0;
  8774. for (i = 0; i < sizeof(randIV); i++)
  8775. ivSum += randIV[i];
  8776. if (ivSum == 0)
  8777. ERROR_OUT(-6338, out);
  8778. }
  8779. #ifdef HAVE_AES_DECRYPT
  8780. wc_AesGcmSetKey(dec, k1, sizeof(k1));
  8781. result = wc_AesGcmSetIV(dec, sizeof(randIV), NULL, 0, &rng);
  8782. if (result != 0)
  8783. ERROR_OUT(-6339, out);
  8784. result = wc_AesGcmDecrypt(dec,
  8785. resultP, resultC, sizeof(c1),
  8786. randIV, sizeof(randIV),
  8787. resultT, sizeof(resultT),
  8788. a, sizeof(a));
  8789. #if defined(WOLFSSL_ASYNC_CRYPT)
  8790. result = wc_AsyncWait(result, &dec->asyncDev, WC_ASYNC_FLAG_NONE);
  8791. #endif
  8792. if (result != 0)
  8793. ERROR_OUT(-6340, out);
  8794. if (XMEMCMP(p, resultP, sizeof(p)))
  8795. ERROR_OUT(-6341, out);
  8796. #endif /* HAVE_AES_DECRYPT */
  8797. wc_FreeRng(&rng);
  8798. }
  8799. #endif /* WOLFSSL_AES_256 && !(WC_NO_RNG || HAVE_SELFTEST) */
  8800. #endif /* HAVE_FIPS_VERSION >= 2 */
  8801. #if !defined(WOLFSSL_AFALG_XILINX_AES) && !defined(WOLFSSL_XILINX_CRYPT)
  8802. #ifdef WOLFSSL_AES_256
  8803. #ifdef WOLFSSL_AESGCM_STREAM
  8804. result = wc_AesGcmEncryptInit(enc, k1, sizeof(k1), iv1, sizeof(iv1));
  8805. if (result != 0)
  8806. ERROR_OUT(-6360, out);
  8807. result = wc_AesGcmEncryptUpdate(enc, resultC, p, sizeof(p), a, sizeof(a));
  8808. if (result != 0)
  8809. ERROR_OUT(-6361, out);
  8810. result = wc_AesGcmEncryptFinal(enc, resultT, sizeof(resultT));
  8811. if (result != 0)
  8812. ERROR_OUT(-6362, out);
  8813. if (XMEMCMP(resultC, c1, sizeof(c1)) != 0)
  8814. ERROR_OUT(-6363, out);
  8815. if (XMEMCMP(resultT, t1, sizeof(t1)) != 0)
  8816. ERROR_OUT(-6364, out);
  8817. #ifdef HAVE_AES_DECRYPT
  8818. result = wc_AesGcmDecryptInit(enc, k1, sizeof(k1), iv1, sizeof(iv1));
  8819. if (result != 0)
  8820. ERROR_OUT(-6370, out);
  8821. result = wc_AesGcmDecryptUpdate(enc, resultP, c1, sizeof(c1), a, sizeof(a));
  8822. if (result != 0)
  8823. ERROR_OUT(-6371, out);
  8824. result = wc_AesGcmDecryptFinal(enc, t1, sizeof(t1));
  8825. if (result != 0)
  8826. ERROR_OUT(-6372, out);
  8827. if (XMEMCMP(resultP, p, sizeof(p)) != 0)
  8828. ERROR_OUT(-6373, out);
  8829. #endif
  8830. /* alen is the size to pass in with each update. */
  8831. for (alen = 1; alen < AES_BLOCK_SIZE + 1; alen++) {
  8832. result = wc_AesGcmEncryptInit(enc, k1, sizeof(k1), iv1, sizeof(iv1));
  8833. if (result != 0)
  8834. ERROR_OUT(-6380, out);
  8835. /* plen is the offset into AAD to update with. */
  8836. for (plen = 0; plen < (int)sizeof(a); plen += alen) {
  8837. int len = sizeof(a) - plen;
  8838. if (len > alen) len = alen;
  8839. result = wc_AesGcmEncryptUpdate(enc, NULL, NULL, 0, a + plen, len);
  8840. if (result != 0)
  8841. ERROR_OUT(-6381, out);
  8842. }
  8843. /* plen is the offset into plaintext to update with. */
  8844. for (plen = 0; plen < (int)sizeof(p); plen += alen) {
  8845. int len = sizeof(p) - plen;
  8846. if (len > alen) len = alen;
  8847. result = wc_AesGcmEncryptUpdate(enc, resultC + plen, p + plen, len,
  8848. NULL, 0);
  8849. if (result != 0)
  8850. ERROR_OUT(-6382, out);
  8851. }
  8852. result = wc_AesGcmEncryptFinal(enc, resultT, sizeof(resultT));
  8853. if (result != 0)
  8854. ERROR_OUT(-6383, out);
  8855. if (XMEMCMP(resultC, c1, sizeof(c1)) != 0)
  8856. ERROR_OUT(-6384, out);
  8857. if (XMEMCMP(resultT, t1, sizeof(t1)) != 0)
  8858. ERROR_OUT(-6385, out);
  8859. }
  8860. #ifdef HAVE_AES_DECRYPT
  8861. for (alen = 1; alen < AES_BLOCK_SIZE + 1; alen++) {
  8862. result = wc_AesGcmDecryptInit(enc, k1, sizeof(k1), iv1, sizeof(iv1));
  8863. if (result != 0)
  8864. ERROR_OUT(-6390, out);
  8865. /* plen is the offset into AAD to update with. */
  8866. for (plen = 0; plen < (int)sizeof(a); plen += alen) {
  8867. int len = sizeof(a) - plen;
  8868. if (len > alen) len = alen;
  8869. result = wc_AesGcmDecryptUpdate(enc, NULL, NULL, 0, a + plen, len);
  8870. if (result != 0)
  8871. ERROR_OUT(-6391, out);
  8872. }
  8873. /* plen is the offset into cipher text to update with. */
  8874. for (plen = 0; plen < (int)sizeof(c1); plen += alen) {
  8875. int len = sizeof(c1) - plen;
  8876. if (len > alen) len = alen;
  8877. result = wc_AesGcmDecryptUpdate(enc, resultP + plen, c1 + plen, len,
  8878. NULL, 0);
  8879. if (result != 0)
  8880. ERROR_OUT(-6392, out);
  8881. }
  8882. result = wc_AesGcmDecryptFinal(enc, t1, sizeof(t1));
  8883. if (result != 0)
  8884. ERROR_OUT(-6393, out);
  8885. if (XMEMCMP(resultP, p, sizeof(p)) != 0)
  8886. ERROR_OUT(-6394, out);
  8887. }
  8888. #endif /* HAVE_AES_DECRYPT */
  8889. #endif /* WOLFSSL_AESGCM_STREAM */
  8890. #endif /* WOLFSSL_AES_256 */
  8891. #endif /* !WOLFSSL_AFALG_XILINX_AES && !WOLFSSL_XILINX_CRYPT */
  8892. wc_AesFree(enc);
  8893. wc_AesFree(dec);
  8894. ret = 0;
  8895. out:
  8896. #if !defined(BENCH_EMBEDDED) && !defined(HAVE_CAVIUM)
  8897. if (large_input)
  8898. XFREE(large_input, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  8899. if (large_output)
  8900. XFREE(large_output, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  8901. if (large_outdec)
  8902. XFREE(large_outdec, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  8903. #endif
  8904. #ifdef WOLFSSL_SMALL_STACK
  8905. if (enc)
  8906. XFREE(enc, HEAP_HINT, DYNAMIC_TYPE_AES);
  8907. if (dec)
  8908. XFREE(dec, HEAP_HINT, DYNAMIC_TYPE_AES);
  8909. #endif
  8910. return ret;
  8911. }
  8912. #ifdef WOLFSSL_AES_128
  8913. WOLFSSL_TEST_SUBROUTINE int gmac_test(void)
  8914. {
  8915. int ret;
  8916. #ifdef WOLFSSL_SMALL_STACK
  8917. Gmac *gmac;
  8918. #else
  8919. Gmac gmac[1];
  8920. #endif
  8921. WOLFSSL_SMALL_STACK_STATIC const byte k1[] =
  8922. {
  8923. 0x89, 0xc9, 0x49, 0xe9, 0xc8, 0x04, 0xaf, 0x01,
  8924. 0x4d, 0x56, 0x04, 0xb3, 0x94, 0x59, 0xf2, 0xc8
  8925. };
  8926. WOLFSSL_SMALL_STACK_STATIC const byte iv1[] =
  8927. {
  8928. 0xd1, 0xb1, 0x04, 0xc8, 0x15, 0xbf, 0x1e, 0x94,
  8929. 0xe2, 0x8c, 0x8f, 0x16
  8930. };
  8931. WOLFSSL_SMALL_STACK_STATIC const byte a1[] =
  8932. {
  8933. 0x82, 0xad, 0xcd, 0x63, 0x8d, 0x3f, 0xa9, 0xd9,
  8934. 0xf3, 0xe8, 0x41, 0x00, 0xd6, 0x1e, 0x07, 0x77
  8935. };
  8936. WOLFSSL_SMALL_STACK_STATIC const byte t1[] =
  8937. {
  8938. 0x88, 0xdb, 0x9d, 0x62, 0x17, 0x2e, 0xd0, 0x43,
  8939. 0xaa, 0x10, 0xf1, 0x6d, 0x22, 0x7d, 0xc4, 0x1b
  8940. };
  8941. #if (!defined(HAVE_FIPS) || \
  8942. (defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION >= 2)))
  8943. /* FIPS builds only allow 16-byte auth tags. */
  8944. /* This sample uses a 15-byte auth tag. */
  8945. WOLFSSL_SMALL_STACK_STATIC const byte k2[] =
  8946. {
  8947. 0x40, 0xf7, 0xec, 0xb2, 0x52, 0x6d, 0xaa, 0xd4,
  8948. 0x74, 0x25, 0x1d, 0xf4, 0x88, 0x9e, 0xf6, 0x5b
  8949. };
  8950. WOLFSSL_SMALL_STACK_STATIC const byte iv2[] =
  8951. {
  8952. 0xee, 0x9c, 0x6e, 0x06, 0x15, 0x45, 0x45, 0x03,
  8953. 0x1a, 0x60, 0x24, 0xa7
  8954. };
  8955. WOLFSSL_SMALL_STACK_STATIC const byte a2[] =
  8956. {
  8957. 0x94, 0x81, 0x2c, 0x87, 0x07, 0x4e, 0x15, 0x18,
  8958. 0x34, 0xb8, 0x35, 0xaf, 0x1c, 0xa5, 0x7e, 0x56
  8959. };
  8960. WOLFSSL_SMALL_STACK_STATIC const byte t2[] =
  8961. {
  8962. 0xc6, 0x81, 0x79, 0x8e, 0x3d, 0xda, 0xb0, 0x9f,
  8963. 0x8d, 0x83, 0xb0, 0xbb, 0x14, 0xb6, 0x91
  8964. };
  8965. #endif
  8966. byte tag[16];
  8967. #ifdef WOLFSSL_SMALL_STACK
  8968. if ((gmac = (Gmac *)XMALLOC(sizeof *gmac, HEAP_HINT, DYNAMIC_TYPE_AES)) == NULL)
  8969. return -6409;
  8970. #endif
  8971. XMEMSET(gmac, 0, sizeof *gmac); /* clear context */
  8972. (void)wc_AesInit((Aes*)gmac, HEAP_HINT, INVALID_DEVID); /* Make sure devId updated */
  8973. XMEMSET(tag, 0, sizeof(tag));
  8974. wc_GmacSetKey(gmac, k1, sizeof(k1));
  8975. wc_GmacUpdate(gmac, iv1, sizeof(iv1), a1, sizeof(a1), tag, sizeof(t1));
  8976. if (XMEMCMP(t1, tag, sizeof(t1)) != 0)
  8977. ERROR_OUT(-6400, out);
  8978. #if (!defined(HAVE_FIPS) || \
  8979. (defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION >= 2)) )
  8980. XMEMSET(tag, 0, sizeof(tag));
  8981. wc_GmacSetKey(gmac, k2, sizeof(k2));
  8982. wc_GmacUpdate(gmac, iv2, sizeof(iv2), a2, sizeof(a2), tag, sizeof(t2));
  8983. if (XMEMCMP(t2, tag, sizeof(t2)) != 0)
  8984. ERROR_OUT(-6401, out);
  8985. #if !defined(WC_NO_RNG) && !defined(HAVE_SELFTEST) && !defined(NO_AES_DECRYPT)
  8986. {
  8987. WOLFSSL_SMALL_STACK_STATIC const byte badT[] =
  8988. {
  8989. 0xde, 0xad, 0xbe, 0xef, 0x17, 0x2e, 0xd0, 0x43,
  8990. 0xaa, 0x10, 0xf1, 0x6d, 0x22, 0x7d, 0xc4, 0x1b
  8991. };
  8992. WC_RNG rng;
  8993. byte iv[12];
  8994. #ifndef HAVE_FIPS
  8995. if (wc_InitRng_ex(&rng, HEAP_HINT, devId) != 0)
  8996. ERROR_OUT(-6402, out);
  8997. #else
  8998. if (wc_InitRng(&rng) != 0)
  8999. ERROR_OUT(-6403, out);
  9000. #endif
  9001. if (wc_GmacVerify(k1, sizeof(k1), iv1, sizeof(iv1), a1, sizeof(a1),
  9002. t1, sizeof(t1)) != 0)
  9003. ERROR_OUT(-6404, out);
  9004. if (wc_GmacVerify(k1, sizeof(k1), iv1, sizeof(iv1), a1, sizeof(a1),
  9005. badT, sizeof(badT)) != AES_GCM_AUTH_E)
  9006. ERROR_OUT(-6405, out);
  9007. if (wc_GmacVerify(k2, sizeof(k2), iv2, sizeof(iv2), a2, sizeof(a2),
  9008. t2, sizeof(t2)) != 0)
  9009. ERROR_OUT(-6406, out);
  9010. XMEMSET(tag, 0, sizeof(tag));
  9011. XMEMSET(iv, 0, sizeof(iv));
  9012. if (wc_Gmac(k1, sizeof(k1), iv, sizeof(iv), a1, sizeof(a1),
  9013. tag, sizeof(tag), &rng) != 0)
  9014. ERROR_OUT(-6407, out);
  9015. if (wc_GmacVerify(k1, sizeof(k1), iv, sizeof(iv), a1, sizeof(a1),
  9016. tag, sizeof(tag)) != 0)
  9017. ERROR_OUT(-6408, out);
  9018. wc_FreeRng(&rng);
  9019. }
  9020. #endif /* !WC_NO_RNG && !HAVE_SELFTEST && !NO_AES_DECRYPT */
  9021. #endif /* HAVE_FIPS */
  9022. ret = 0;
  9023. out:
  9024. #ifdef WOLFSSL_SMALL_STACK
  9025. XFREE(gmac, HEAP_HINT, DYNAMIC_TYPE_AES);
  9026. #endif
  9027. return ret;
  9028. }
  9029. #endif /* WOLFSSL_AES_128 */
  9030. #endif /* HAVE_AESGCM */
  9031. #if defined(HAVE_AESCCM) && defined(WOLFSSL_AES_128)
  9032. WOLFSSL_TEST_SUBROUTINE int aesccm_test(void)
  9033. {
  9034. int ret;
  9035. #ifdef WOLFSSL_SMALL_STACK
  9036. Aes *enc;
  9037. #else
  9038. Aes enc[1];
  9039. #endif
  9040. /* key */
  9041. WOLFSSL_SMALL_STACK_STATIC const byte k[] =
  9042. {
  9043. 0xc0, 0xc1, 0xc2, 0xc3, 0xc4, 0xc5, 0xc6, 0xc7,
  9044. 0xc8, 0xc9, 0xca, 0xcb, 0xcc, 0xcd, 0xce, 0xcf
  9045. };
  9046. /* nonce */
  9047. WOLFSSL_SMALL_STACK_STATIC const byte iv[] =
  9048. {
  9049. 0x00, 0x00, 0x00, 0x03, 0x02, 0x01, 0x00, 0xa0,
  9050. 0xa1, 0xa2, 0xa3, 0xa4, 0xa5
  9051. };
  9052. /* plaintext */
  9053. WOLFSSL_SMALL_STACK_STATIC const byte p[] =
  9054. {
  9055. 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f,
  9056. 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17,
  9057. 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e
  9058. };
  9059. /* plaintext - long */
  9060. WOLFSSL_SMALL_STACK_STATIC const byte pl[] =
  9061. {
  9062. 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f,
  9063. 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17,
  9064. 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f,
  9065. 0x20, 0x21, 0x22, 0x23, 0x24, 0x25, 0x26, 0x27,
  9066. 0x28, 0x29, 0x2a, 0x2b, 0x2c, 0x2d, 0x2e, 0x2f,
  9067. 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37,
  9068. 0x38, 0x39, 0x3a, 0x3b, 0x3c, 0x3d, 0x3e, 0x3f,
  9069. 0x40, 0x41, 0x42, 0x43, 0x44, 0x45, 0x46, 0x47,
  9070. 0x48, 0x49, 0x4a, 0x4b, 0x4c, 0x4d, 0x4e, 0x4f,
  9071. 0x50
  9072. };
  9073. WOLFSSL_SMALL_STACK_STATIC const byte a[] =
  9074. {
  9075. 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07
  9076. };
  9077. /* ciphertext */
  9078. WOLFSSL_SMALL_STACK_STATIC const byte c[] =
  9079. {
  9080. 0x58, 0x8c, 0x97, 0x9a, 0x61, 0xc6, 0x63, 0xd2,
  9081. 0xf0, 0x66, 0xd0, 0xc2, 0xc0, 0xf9, 0x89, 0x80,
  9082. 0x6d, 0x5f, 0x6b, 0x61, 0xda, 0xc3, 0x84
  9083. };
  9084. /* tag - authentication */
  9085. WOLFSSL_SMALL_STACK_STATIC const byte t[] =
  9086. {
  9087. 0x17, 0xe8, 0xd1, 0x2c, 0xfd, 0xf9, 0x26, 0xe0
  9088. };
  9089. /* ciphertext - long */
  9090. WOLFSSL_SMALL_STACK_STATIC const byte cl[] =
  9091. {
  9092. 0x58, 0x8c, 0x97, 0x9a, 0x61, 0xc6, 0x63, 0xd2,
  9093. 0xf0, 0x66, 0xd0, 0xc2, 0xc0, 0xf9, 0x89, 0x80,
  9094. 0x6d, 0x5f, 0x6b, 0x61, 0xda, 0xc3, 0x84, 0xe0,
  9095. 0x44, 0x2d, 0xbe, 0x25, 0xfa, 0x48, 0x2b, 0xa8,
  9096. 0x36, 0x0b, 0xbf, 0x01, 0xc0, 0x12, 0x45, 0xa4,
  9097. 0x82, 0x9f, 0x20, 0x6c, 0xc3, 0xd6, 0xae, 0x5b,
  9098. 0x54, 0x8d, 0xd0, 0xb1, 0x69, 0x2c, 0xec, 0x5e,
  9099. 0x95, 0xa5, 0x6b, 0x48, 0xc3, 0xc6, 0xc8, 0x9e,
  9100. 0xc7, 0x92, 0x98, 0x9d, 0x26, 0x7d, 0x2a, 0x10,
  9101. 0x0b
  9102. };
  9103. /* tag - authentication - long */
  9104. WOLFSSL_SMALL_STACK_STATIC const byte tl[] =
  9105. {
  9106. 0x89, 0xd8, 0xd2, 0x02, 0xc5, 0xcf, 0xae, 0xf4
  9107. };
  9108. /* tag - authentication - empty plaintext */
  9109. WOLFSSL_SMALL_STACK_STATIC const byte t_empty[] =
  9110. {
  9111. 0xe4, 0x28, 0x8a, 0xc3, 0x78, 0x00, 0x0f, 0xf5
  9112. };
  9113. byte t2[sizeof(t)];
  9114. byte p2[sizeof(p)];
  9115. byte c2[sizeof(c)];
  9116. byte iv2[sizeof(iv)];
  9117. byte pl2[sizeof(pl)];
  9118. byte cl2[sizeof(cl)];
  9119. byte tl2[sizeof(tl)];
  9120. byte t_empty2[sizeof(t_empty)];
  9121. int result;
  9122. #ifdef WOLFSSL_SMALL_STACK
  9123. if ((enc = (Aes *)XMALLOC(sizeof *enc, HEAP_HINT, DYNAMIC_TYPE_AES)) == NULL)
  9124. return -6521;
  9125. #endif
  9126. XMEMSET(enc, 0, sizeof *enc); /* clear context */
  9127. XMEMSET(t2, 0, sizeof(t2));
  9128. XMEMSET(c2, 0, sizeof(c2));
  9129. XMEMSET(p2, 0, sizeof(p2));
  9130. result = wc_AesCcmSetKey(enc, k, sizeof(k));
  9131. if (result != 0)
  9132. ERROR_OUT(-6500, out);
  9133. /* AES-CCM encrypt and decrypt both use AES encrypt internally */
  9134. result = wc_AesCcmEncrypt(enc, c2, p, sizeof(c2), iv, sizeof(iv),
  9135. t2, sizeof(t2), a, sizeof(a));
  9136. if (result != 0)
  9137. ERROR_OUT(-6501, out);
  9138. if (XMEMCMP(c, c2, sizeof(c2)))
  9139. ERROR_OUT(-6502, out);
  9140. if (XMEMCMP(t, t2, sizeof(t2)))
  9141. ERROR_OUT(-6503, out);
  9142. result = wc_AesCcmDecrypt(enc, p2, c2, sizeof(p2), iv, sizeof(iv),
  9143. t2, sizeof(t2), a, sizeof(a));
  9144. if (result != 0)
  9145. ERROR_OUT(-6504, out);
  9146. if (XMEMCMP(p, p2, sizeof(p2)))
  9147. ERROR_OUT(-6505, out);
  9148. /* Test the authentication failure */
  9149. t2[0]++; /* Corrupt the authentication tag. */
  9150. result = wc_AesCcmDecrypt(enc, p2, c, sizeof(p2), iv, sizeof(iv),
  9151. t2, sizeof(t2), a, sizeof(a));
  9152. if (result == 0)
  9153. ERROR_OUT(-6506, out);
  9154. /* Clear c2 to compare against p2. p2 should be set to zero in case of
  9155. * authentication fail. */
  9156. XMEMSET(c2, 0, sizeof(c2));
  9157. if (XMEMCMP(p2, c2, sizeof(p2)))
  9158. ERROR_OUT(-6507, out);
  9159. XMEMSET(enc, 0, sizeof(Aes)); /* clear context */
  9160. XMEMSET(t2, 0, sizeof(t2));
  9161. XMEMSET(c2, 0, sizeof(c2));
  9162. XMEMSET(p2, 0, sizeof(p2));
  9163. XMEMSET(iv2, 0, sizeof(iv2));
  9164. #ifndef HAVE_SELFTEST
  9165. /* selftest build does not have wc_AesCcmSetNonce() or
  9166. * wc_AesCcmEncrypt_ex() */
  9167. if (wc_AesCcmSetKey(enc, k, sizeof(k)) != 0)
  9168. ERROR_OUT(-6508, out);
  9169. if (wc_AesCcmSetNonce(enc, iv, sizeof(iv)) != 0)
  9170. ERROR_OUT(-6509, out);
  9171. if (wc_AesCcmEncrypt_ex(enc, c2, p, sizeof(c2), iv2, sizeof(iv2),
  9172. t2, sizeof(t2), a, sizeof(a)) != 0)
  9173. ERROR_OUT(-6510, out);
  9174. if (XMEMCMP(iv, iv2, sizeof(iv2)))
  9175. ERROR_OUT(-6511, out);
  9176. if (XMEMCMP(c, c2, sizeof(c2)))
  9177. ERROR_OUT(-6512, out);
  9178. if (XMEMCMP(t, t2, sizeof(t2)))
  9179. ERROR_OUT(-6513, out);
  9180. #endif
  9181. #if !defined(HAVE_FIPS) && !defined(HAVE_SELFTEST)
  9182. /* test fail on invalid IV sizes */
  9183. result = wc_AesCcmSetKey(enc, k, sizeof(k));
  9184. if (result != 0)
  9185. ERROR_OUT(-6514, out);
  9186. /* AES-CCM encrypt and decrypt both use AES encrypt internally */
  9187. result = wc_AesCcmEncrypt(enc, c2, p, sizeof(c2), iv, sizeof(iv),
  9188. t2, 1, a, sizeof(a));
  9189. if (result == 0) {
  9190. ERROR_OUT(-6515, out);
  9191. }
  9192. #endif
  9193. /* AES-CCM encrypt and decrypt both use AES encrypt internally */
  9194. result = wc_AesCcmEncrypt(enc, cl2, pl, sizeof(cl2), iv, sizeof(iv),
  9195. tl2, sizeof(tl2), a, sizeof(a));
  9196. if (result != 0)
  9197. ERROR_OUT(-6516, out);
  9198. if (XMEMCMP(cl, cl2, sizeof(cl2)))
  9199. ERROR_OUT(-6517, out);
  9200. if (XMEMCMP(tl, tl2, sizeof(tl2)))
  9201. ERROR_OUT(-6518, out);
  9202. result = wc_AesCcmDecrypt(enc, pl2, cl2, sizeof(pl2), iv, sizeof(iv),
  9203. tl2, sizeof(tl2), a, sizeof(a));
  9204. if (result != 0)
  9205. ERROR_OUT(-6519, out);
  9206. if (XMEMCMP(pl, pl2, sizeof(pl2)))
  9207. ERROR_OUT(-6520, out);
  9208. /* test empty message as null input or output with nonzero inSz. */
  9209. result = wc_AesCcmEncrypt(enc, pl2 /* out */, NULL /* in */, 1 /* inSz */,
  9210. iv, sizeof(iv), t_empty2, sizeof(t_empty2),
  9211. a, sizeof(a));
  9212. if (result != BAD_FUNC_ARG)
  9213. ERROR_OUT(-6527, out);
  9214. result = wc_AesCcmEncrypt(enc, NULL /* out */, (const byte *)"" /* in */, 1 /* inSz */,
  9215. iv, sizeof(iv), t_empty2, sizeof(t_empty2),
  9216. a, sizeof(a));
  9217. if (result != BAD_FUNC_ARG)
  9218. ERROR_OUT(-6528, out);
  9219. result = wc_AesCcmDecrypt(enc, pl2, NULL /* in */, 1 /* inSz */,
  9220. iv, sizeof(iv), t_empty2, sizeof(t_empty2), a,
  9221. sizeof(a));
  9222. if (result != BAD_FUNC_ARG)
  9223. ERROR_OUT(-6529, out);
  9224. result = wc_AesCcmDecrypt(enc, NULL /* out */, (const byte *)"" /* in */, 1 /* inSz */,
  9225. iv, sizeof(iv), t_empty2, sizeof(t_empty2), a,
  9226. sizeof(a));
  9227. if (result != BAD_FUNC_ARG)
  9228. ERROR_OUT(-6530, out);
  9229. /* test empty message as null input and output with zero inSz --
  9230. * must either succeed, or fail early with BAD_FUNC_ARG.
  9231. */
  9232. result = wc_AesCcmEncrypt(enc, NULL /* out */, NULL /* in */, 0 /* inSz */,
  9233. iv, sizeof(iv), t_empty2, sizeof(t_empty2),
  9234. a, sizeof(a));
  9235. if (result != BAD_FUNC_ARG) {
  9236. if (result != 0)
  9237. ERROR_OUT(-6521, out);
  9238. if (XMEMCMP(t_empty, t_empty2, sizeof(t_empty2)))
  9239. ERROR_OUT(-6522, out);
  9240. result = wc_AesCcmDecrypt(enc, NULL /* out */, NULL /* in */,
  9241. 0 /* inSz */, iv, sizeof(iv), t_empty2,
  9242. sizeof(t_empty2), a, sizeof(a));
  9243. if (result != 0)
  9244. ERROR_OUT(-6523, out);
  9245. }
  9246. /* test empty message as zero-length string -- must work. */
  9247. result = wc_AesCcmEncrypt(enc, pl2, (const byte *)"", 0 /* inSz */, iv,
  9248. sizeof(iv), t_empty2, sizeof(t_empty2), a,
  9249. sizeof(a));
  9250. if (result != 0)
  9251. ERROR_OUT(-6524, out);
  9252. if (XMEMCMP(t_empty, t_empty2, sizeof(t_empty2)))
  9253. ERROR_OUT(-6525, out);
  9254. result = wc_AesCcmDecrypt(enc, pl2, (const byte *)"", 0 /* inSz */,
  9255. iv, sizeof(iv), t_empty2, sizeof(t_empty2), a,
  9256. sizeof(a));
  9257. if (result != 0)
  9258. ERROR_OUT(-6526, out);
  9259. ret = 0;
  9260. out:
  9261. #ifdef WOLFSSL_SMALL_STACK
  9262. XFREE(enc, HEAP_HINT, DYNAMIC_TYPE_AES);
  9263. #endif
  9264. return ret;
  9265. }
  9266. #endif /* HAVE_AESCCM WOLFSSL_AES_128 */
  9267. #ifdef HAVE_AES_KEYWRAP
  9268. #define MAX_KEYWRAP_TEST_OUTLEN 40
  9269. #define MAX_KEYWRAP_TEST_PLAINLEN 32
  9270. typedef struct keywrapVector {
  9271. const byte* kek;
  9272. const byte* data;
  9273. const byte* verify;
  9274. word32 kekLen;
  9275. word32 dataLen;
  9276. word32 verifyLen;
  9277. } keywrapVector;
  9278. WOLFSSL_TEST_SUBROUTINE int aeskeywrap_test(void)
  9279. {
  9280. int wrapSz, plainSz, testSz, i;
  9281. /* test vectors from RFC 3394 (kek, data, verify) */
  9282. #ifdef WOLFSSL_AES_128
  9283. /* Wrap 128 bits of Key Data with a 128-bit KEK */
  9284. WOLFSSL_SMALL_STACK_STATIC const byte k1[] = {
  9285. 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
  9286. 0x08, 0x09, 0x0A, 0x0B, 0x0C, 0x0D, 0x0E, 0x0F
  9287. };
  9288. WOLFSSL_SMALL_STACK_STATIC const byte d1[] = {
  9289. 0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77,
  9290. 0x88, 0x99, 0xAA, 0xBB, 0xCC, 0xDD, 0xEE, 0xFF
  9291. };
  9292. WOLFSSL_SMALL_STACK_STATIC const byte v1[] = {
  9293. 0x1F, 0xA6, 0x8B, 0x0A, 0x81, 0x12, 0xB4, 0x47,
  9294. 0xAE, 0xF3, 0x4B, 0xD8, 0xFB, 0x5A, 0x7B, 0x82,
  9295. 0x9D, 0x3E, 0x86, 0x23, 0x71, 0xD2, 0xCF, 0xE5
  9296. };
  9297. #endif /* WOLFSSL_AES_128 */
  9298. #ifdef WOLFSSL_AES_192
  9299. /* Wrap 128 bits of Key Data with a 192-bit KEK */
  9300. WOLFSSL_SMALL_STACK_STATIC const byte k2[] = {
  9301. 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
  9302. 0x08, 0x09, 0x0A, 0x0B, 0x0C, 0x0D, 0x0E, 0x0F,
  9303. 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17
  9304. };
  9305. WOLFSSL_SMALL_STACK_STATIC const byte d2[] = {
  9306. 0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77,
  9307. 0x88, 0x99, 0xAA, 0xBB, 0xCC, 0xDD, 0xEE, 0xFF
  9308. };
  9309. WOLFSSL_SMALL_STACK_STATIC const byte v2[] = {
  9310. 0x96, 0x77, 0x8B, 0x25, 0xAE, 0x6C, 0xA4, 0x35,
  9311. 0xF9, 0x2B, 0x5B, 0x97, 0xC0, 0x50, 0xAE, 0xD2,
  9312. 0x46, 0x8A, 0xB8, 0xA1, 0x7A, 0xD8, 0x4E, 0x5D
  9313. };
  9314. #endif
  9315. #ifdef WOLFSSL_AES_256
  9316. /* Wrap 128 bits of Key Data with a 256-bit KEK */
  9317. WOLFSSL_SMALL_STACK_STATIC const byte k3[] = {
  9318. 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
  9319. 0x08, 0x09, 0x0A, 0x0B, 0x0C, 0x0D, 0x0E, 0x0F,
  9320. 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17,
  9321. 0x18, 0x19, 0x1A, 0x1B, 0x1C, 0x1D, 0x1E, 0x1F
  9322. };
  9323. WOLFSSL_SMALL_STACK_STATIC const byte d3[] = {
  9324. 0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77,
  9325. 0x88, 0x99, 0xAA, 0xBB, 0xCC, 0xDD, 0xEE, 0xFF
  9326. };
  9327. WOLFSSL_SMALL_STACK_STATIC const byte v3[] = {
  9328. 0x64, 0xE8, 0xC3, 0xF9, 0xCE, 0x0F, 0x5B, 0xA2,
  9329. 0x63, 0xE9, 0x77, 0x79, 0x05, 0x81, 0x8A, 0x2A,
  9330. 0x93, 0xC8, 0x19, 0x1E, 0x7D, 0x6E, 0x8A, 0xE7
  9331. };
  9332. #endif
  9333. #ifdef WOLFSSL_AES_192
  9334. /* Wrap 192 bits of Key Data with a 192-bit KEK */
  9335. WOLFSSL_SMALL_STACK_STATIC const byte k4[] = {
  9336. 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
  9337. 0x08, 0x09, 0x0A, 0x0B, 0x0C, 0x0D, 0x0E, 0x0F,
  9338. 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17
  9339. };
  9340. WOLFSSL_SMALL_STACK_STATIC const byte d4[] = {
  9341. 0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77,
  9342. 0x88, 0x99, 0xAA, 0xBB, 0xCC, 0xDD, 0xEE, 0xFF,
  9343. 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07
  9344. };
  9345. WOLFSSL_SMALL_STACK_STATIC const byte v4[] = {
  9346. 0x03, 0x1D, 0x33, 0x26, 0x4E, 0x15, 0xD3, 0x32,
  9347. 0x68, 0xF2, 0x4E, 0xC2, 0x60, 0x74, 0x3E, 0xDC,
  9348. 0xE1, 0xC6, 0xC7, 0xDD, 0xEE, 0x72, 0x5A, 0x93,
  9349. 0x6B, 0xA8, 0x14, 0x91, 0x5C, 0x67, 0x62, 0xD2
  9350. };
  9351. #endif
  9352. #ifdef WOLFSSL_AES_256
  9353. /* Wrap 192 bits of Key Data with a 256-bit KEK */
  9354. WOLFSSL_SMALL_STACK_STATIC const byte k5[] = {
  9355. 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
  9356. 0x08, 0x09, 0x0A, 0x0B, 0x0C, 0x0D, 0x0E, 0x0F,
  9357. 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17,
  9358. 0x18, 0x19, 0x1A, 0x1B, 0x1C, 0x1D, 0x1E, 0x1F
  9359. };
  9360. WOLFSSL_SMALL_STACK_STATIC const byte d5[] = {
  9361. 0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77,
  9362. 0x88, 0x99, 0xAA, 0xBB, 0xCC, 0xDD, 0xEE, 0xFF,
  9363. 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07
  9364. };
  9365. WOLFSSL_SMALL_STACK_STATIC const byte v5[] = {
  9366. 0xA8, 0xF9, 0xBC, 0x16, 0x12, 0xC6, 0x8B, 0x3F,
  9367. 0xF6, 0xE6, 0xF4, 0xFB, 0xE3, 0x0E, 0x71, 0xE4,
  9368. 0x76, 0x9C, 0x8B, 0x80, 0xA3, 0x2C, 0xB8, 0x95,
  9369. 0x8C, 0xD5, 0xD1, 0x7D, 0x6B, 0x25, 0x4D, 0xA1
  9370. };
  9371. /* Wrap 256 bits of Key Data with a 256-bit KEK */
  9372. WOLFSSL_SMALL_STACK_STATIC const byte k6[] = {
  9373. 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
  9374. 0x08, 0x09, 0x0A, 0x0B, 0x0C, 0x0D, 0x0E, 0x0F,
  9375. 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17,
  9376. 0x18, 0x19, 0x1A, 0x1B, 0x1C, 0x1D, 0x1E, 0x1F
  9377. };
  9378. WOLFSSL_SMALL_STACK_STATIC const byte d6[] = {
  9379. 0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77,
  9380. 0x88, 0x99, 0xAA, 0xBB, 0xCC, 0xDD, 0xEE, 0xFF,
  9381. 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
  9382. 0x08, 0x09, 0x0A, 0x0B, 0x0C, 0x0D, 0x0E, 0x0F
  9383. };
  9384. WOLFSSL_SMALL_STACK_STATIC const byte v6[] = {
  9385. 0x28, 0xC9, 0xF4, 0x04, 0xC4, 0xB8, 0x10, 0xF4,
  9386. 0xCB, 0xCC, 0xB3, 0x5C, 0xFB, 0x87, 0xF8, 0x26,
  9387. 0x3F, 0x57, 0x86, 0xE2, 0xD8, 0x0E, 0xD3, 0x26,
  9388. 0xCB, 0xC7, 0xF0, 0xE7, 0x1A, 0x99, 0xF4, 0x3B,
  9389. 0xFB, 0x98, 0x8B, 0x9B, 0x7A, 0x02, 0xDD, 0x21
  9390. };
  9391. #endif /* WOLFSSL_AES_256 */
  9392. byte output[MAX_KEYWRAP_TEST_OUTLEN];
  9393. byte plain [MAX_KEYWRAP_TEST_PLAINLEN];
  9394. const keywrapVector test_wrap[] =
  9395. {
  9396. #ifdef WOLFSSL_AES_128
  9397. {k1, d1, v1, sizeof(k1), sizeof(d1), sizeof(v1)},
  9398. #endif
  9399. #ifdef WOLFSSL_AES_192
  9400. {k2, d2, v2, sizeof(k2), sizeof(d2), sizeof(v2)},
  9401. #endif
  9402. #ifdef WOLFSSL_AES_256
  9403. {k3, d3, v3, sizeof(k3), sizeof(d3), sizeof(v3)},
  9404. #endif
  9405. #ifdef WOLFSSL_AES_192
  9406. {k4, d4, v4, sizeof(k4), sizeof(d4), sizeof(v4)},
  9407. #endif
  9408. #ifdef WOLFSSL_AES_256
  9409. {k5, d5, v5, sizeof(k5), sizeof(d5), sizeof(v5)},
  9410. {k6, d6, v6, sizeof(k6), sizeof(d6), sizeof(v6)}
  9411. #endif
  9412. };
  9413. testSz = sizeof(test_wrap) / sizeof(keywrapVector);
  9414. XMEMSET(output, 0, sizeof(output));
  9415. XMEMSET(plain, 0, sizeof(plain));
  9416. for (i = 0; i < testSz; i++) {
  9417. wrapSz = wc_AesKeyWrap(test_wrap[i].kek, test_wrap[i].kekLen,
  9418. test_wrap[i].data, test_wrap[i].dataLen,
  9419. output, sizeof(output), NULL);
  9420. if ( (wrapSz < 0) || (wrapSz != (int)test_wrap[i].verifyLen) )
  9421. return -6600;
  9422. if (XMEMCMP(output, test_wrap[i].verify, test_wrap[i].verifyLen) != 0)
  9423. return -6601;
  9424. plainSz = wc_AesKeyUnWrap((byte*)test_wrap[i].kek, test_wrap[i].kekLen,
  9425. output, wrapSz,
  9426. plain, sizeof(plain), NULL);
  9427. if ( (plainSz < 0) || (plainSz != (int)test_wrap[i].dataLen) )
  9428. return -6602;
  9429. if (XMEMCMP(plain, test_wrap[i].data, test_wrap[i].dataLen) != 0)
  9430. return -6603 - i;
  9431. }
  9432. return 0;
  9433. }
  9434. #endif /* HAVE_AES_KEYWRAP */
  9435. #endif /* NO_AES */
  9436. #ifdef HAVE_CAMELLIA
  9437. enum {
  9438. CAM_ECB_ENC, CAM_ECB_DEC, CAM_CBC_ENC, CAM_CBC_DEC
  9439. };
  9440. typedef struct {
  9441. int type;
  9442. const byte* plaintext;
  9443. const byte* iv;
  9444. const byte* ciphertext;
  9445. const byte* key;
  9446. word32 keySz;
  9447. int errorCode;
  9448. } test_vector_t;
  9449. WOLFSSL_TEST_SUBROUTINE int camellia_test(void)
  9450. {
  9451. /* Camellia ECB Test Plaintext */
  9452. WOLFSSL_SMALL_STACK_STATIC const byte pte[] =
  9453. {
  9454. 0x01, 0x23, 0x45, 0x67, 0x89, 0xab, 0xcd, 0xef,
  9455. 0xfe, 0xdc, 0xba, 0x98, 0x76, 0x54, 0x32, 0x10
  9456. };
  9457. /* Camellia ECB Test Initialization Vector */
  9458. WOLFSSL_SMALL_STACK_STATIC const byte ive[] = {0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0};
  9459. /* Test 1: Camellia ECB 128-bit key */
  9460. WOLFSSL_SMALL_STACK_STATIC const byte k1[] =
  9461. {
  9462. 0x01, 0x23, 0x45, 0x67, 0x89, 0xab, 0xcd, 0xef,
  9463. 0xfe, 0xdc, 0xba, 0x98, 0x76, 0x54, 0x32, 0x10
  9464. };
  9465. WOLFSSL_SMALL_STACK_STATIC const byte c1[] =
  9466. {
  9467. 0x67, 0x67, 0x31, 0x38, 0x54, 0x96, 0x69, 0x73,
  9468. 0x08, 0x57, 0x06, 0x56, 0x48, 0xea, 0xbe, 0x43
  9469. };
  9470. /* Test 2: Camellia ECB 192-bit key */
  9471. WOLFSSL_SMALL_STACK_STATIC const byte k2[] =
  9472. {
  9473. 0x01, 0x23, 0x45, 0x67, 0x89, 0xab, 0xcd, 0xef,
  9474. 0xfe, 0xdc, 0xba, 0x98, 0x76, 0x54, 0x32, 0x10,
  9475. 0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77
  9476. };
  9477. WOLFSSL_SMALL_STACK_STATIC const byte c2[] =
  9478. {
  9479. 0xb4, 0x99, 0x34, 0x01, 0xb3, 0xe9, 0x96, 0xf8,
  9480. 0x4e, 0xe5, 0xce, 0xe7, 0xd7, 0x9b, 0x09, 0xb9
  9481. };
  9482. /* Test 3: Camellia ECB 256-bit key */
  9483. WOLFSSL_SMALL_STACK_STATIC const byte k3[] =
  9484. {
  9485. 0x01, 0x23, 0x45, 0x67, 0x89, 0xab, 0xcd, 0xef,
  9486. 0xfe, 0xdc, 0xba, 0x98, 0x76, 0x54, 0x32, 0x10,
  9487. 0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77,
  9488. 0x88, 0x99, 0xaa, 0xbb, 0xcc, 0xdd, 0xee, 0xff
  9489. };
  9490. WOLFSSL_SMALL_STACK_STATIC const byte c3[] =
  9491. {
  9492. 0x9a, 0xcc, 0x23, 0x7d, 0xff, 0x16, 0xd7, 0x6c,
  9493. 0x20, 0xef, 0x7c, 0x91, 0x9e, 0x3a, 0x75, 0x09
  9494. };
  9495. /* Camellia CBC Test Plaintext */
  9496. WOLFSSL_SMALL_STACK_STATIC const byte ptc[] =
  9497. {
  9498. 0x6B, 0xC1, 0xBE, 0xE2, 0x2E, 0x40, 0x9F, 0x96,
  9499. 0xE9, 0x3D, 0x7E, 0x11, 0x73, 0x93, 0x17, 0x2A
  9500. };
  9501. /* Camellia CBC Test Initialization Vector */
  9502. WOLFSSL_SMALL_STACK_STATIC const byte ivc[] =
  9503. {
  9504. 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
  9505. 0x08, 0x09, 0x0A, 0x0B, 0x0C, 0x0D, 0x0E, 0x0F
  9506. };
  9507. /* Test 4: Camellia-CBC 128-bit key */
  9508. WOLFSSL_SMALL_STACK_STATIC const byte k4[] =
  9509. {
  9510. 0x2B, 0x7E, 0x15, 0x16, 0x28, 0xAE, 0xD2, 0xA6,
  9511. 0xAB, 0xF7, 0x15, 0x88, 0x09, 0xCF, 0x4F, 0x3C
  9512. };
  9513. WOLFSSL_SMALL_STACK_STATIC const byte c4[] =
  9514. {
  9515. 0x16, 0x07, 0xCF, 0x49, 0x4B, 0x36, 0xBB, 0xF0,
  9516. 0x0D, 0xAE, 0xB0, 0xB5, 0x03, 0xC8, 0x31, 0xAB
  9517. };
  9518. /* Test 5: Camellia-CBC 192-bit key */
  9519. WOLFSSL_SMALL_STACK_STATIC const byte k5[] =
  9520. {
  9521. 0x8E, 0x73, 0xB0, 0xF7, 0xDA, 0x0E, 0x64, 0x52,
  9522. 0xC8, 0x10, 0xF3, 0x2B, 0x80, 0x90, 0x79, 0xE5,
  9523. 0x62, 0xF8, 0xEA, 0xD2, 0x52, 0x2C, 0x6B, 0x7B
  9524. };
  9525. WOLFSSL_SMALL_STACK_STATIC const byte c5[] =
  9526. {
  9527. 0x2A, 0x48, 0x30, 0xAB, 0x5A, 0xC4, 0xA1, 0xA2,
  9528. 0x40, 0x59, 0x55, 0xFD, 0x21, 0x95, 0xCF, 0x93
  9529. };
  9530. /* Test 6: CBC 256-bit key */
  9531. WOLFSSL_SMALL_STACK_STATIC const byte k6[] =
  9532. {
  9533. 0x60, 0x3D, 0xEB, 0x10, 0x15, 0xCA, 0x71, 0xBE,
  9534. 0x2B, 0x73, 0xAE, 0xF0, 0x85, 0x7D, 0x77, 0x81,
  9535. 0x1F, 0x35, 0x2C, 0x07, 0x3B, 0x61, 0x08, 0xD7,
  9536. 0x2D, 0x98, 0x10, 0xA3, 0x09, 0x14, 0xDF, 0xF4
  9537. };
  9538. WOLFSSL_SMALL_STACK_STATIC const byte c6[] =
  9539. {
  9540. 0xE6, 0xCF, 0xA3, 0x5F, 0xC0, 0x2B, 0x13, 0x4A,
  9541. 0x4D, 0x2C, 0x0B, 0x67, 0x37, 0xAC, 0x3E, 0xDA
  9542. };
  9543. byte out[CAMELLIA_BLOCK_SIZE];
  9544. Camellia cam;
  9545. int i, testsSz, ret;
  9546. WOLFSSL_SMALL_STACK_STATIC const test_vector_t testVectors[] =
  9547. {
  9548. {CAM_ECB_ENC, pte, ive, c1, k1, sizeof(k1), -114},
  9549. {CAM_ECB_ENC, pte, ive, c2, k2, sizeof(k2), -115},
  9550. {CAM_ECB_ENC, pte, ive, c3, k3, sizeof(k3), -116},
  9551. {CAM_ECB_DEC, pte, ive, c1, k1, sizeof(k1), -117},
  9552. {CAM_ECB_DEC, pte, ive, c2, k2, sizeof(k2), -118},
  9553. {CAM_ECB_DEC, pte, ive, c3, k3, sizeof(k3), -119},
  9554. {CAM_CBC_ENC, ptc, ivc, c4, k4, sizeof(k4), -120},
  9555. {CAM_CBC_ENC, ptc, ivc, c5, k5, sizeof(k5), -121},
  9556. {CAM_CBC_ENC, ptc, ivc, c6, k6, sizeof(k6), -122},
  9557. {CAM_CBC_DEC, ptc, ivc, c4, k4, sizeof(k4), -123},
  9558. {CAM_CBC_DEC, ptc, ivc, c5, k5, sizeof(k5), -124},
  9559. {CAM_CBC_DEC, ptc, ivc, c6, k6, sizeof(k6), -125}
  9560. };
  9561. testsSz = sizeof(testVectors)/sizeof(test_vector_t);
  9562. for (i = 0; i < testsSz; i++) {
  9563. if (wc_CamelliaSetKey(&cam, testVectors[i].key, testVectors[i].keySz,
  9564. testVectors[i].iv) != 0)
  9565. return testVectors[i].errorCode;
  9566. switch (testVectors[i].type) {
  9567. case CAM_ECB_ENC:
  9568. ret = wc_CamelliaEncryptDirect(&cam, out,
  9569. testVectors[i].plaintext);
  9570. if (ret != 0 || XMEMCMP(out, testVectors[i].ciphertext,
  9571. CAMELLIA_BLOCK_SIZE))
  9572. return testVectors[i].errorCode;
  9573. break;
  9574. case CAM_ECB_DEC:
  9575. ret = wc_CamelliaDecryptDirect(&cam, out,
  9576. testVectors[i].ciphertext);
  9577. if (ret != 0 || XMEMCMP(out, testVectors[i].plaintext,
  9578. CAMELLIA_BLOCK_SIZE))
  9579. return testVectors[i].errorCode;
  9580. break;
  9581. case CAM_CBC_ENC:
  9582. ret = wc_CamelliaCbcEncrypt(&cam, out, testVectors[i].plaintext,
  9583. CAMELLIA_BLOCK_SIZE);
  9584. if (ret != 0 || XMEMCMP(out, testVectors[i].ciphertext,
  9585. CAMELLIA_BLOCK_SIZE))
  9586. return testVectors[i].errorCode;
  9587. break;
  9588. case CAM_CBC_DEC:
  9589. ret = wc_CamelliaCbcDecrypt(&cam, out,
  9590. testVectors[i].ciphertext, CAMELLIA_BLOCK_SIZE);
  9591. if (ret != 0 || XMEMCMP(out, testVectors[i].plaintext,
  9592. CAMELLIA_BLOCK_SIZE))
  9593. return testVectors[i].errorCode;
  9594. break;
  9595. default:
  9596. break;
  9597. }
  9598. }
  9599. /* Setting the IV and checking it was actually set. */
  9600. ret = wc_CamelliaSetIV(&cam, ivc);
  9601. if (ret != 0 || XMEMCMP(cam.reg, ivc, CAMELLIA_BLOCK_SIZE))
  9602. return -6700;
  9603. /* Setting the IV to NULL should be same as all zeros IV */
  9604. if (wc_CamelliaSetIV(&cam, NULL) != 0 ||
  9605. XMEMCMP(cam.reg, ive, CAMELLIA_BLOCK_SIZE))
  9606. return -6701;
  9607. /* First parameter should never be null */
  9608. if (wc_CamelliaSetIV(NULL, NULL) == 0)
  9609. return -6702;
  9610. /* First parameter should never be null, check it fails */
  9611. if (wc_CamelliaSetKey(NULL, k1, sizeof(k1), NULL) == 0)
  9612. return -6703;
  9613. /* Key should have a size of 16, 24, or 32 */
  9614. if (wc_CamelliaSetKey(&cam, k1, 0, NULL) == 0)
  9615. return -6704;
  9616. return 0;
  9617. }
  9618. #endif /* HAVE_CAMELLIA */
  9619. #ifdef HAVE_IDEA
  9620. WOLFSSL_TEST_SUBROUTINE int idea_test(void)
  9621. {
  9622. int ret;
  9623. word16 i, j;
  9624. Idea idea;
  9625. byte data[IDEA_BLOCK_SIZE];
  9626. /* Project NESSIE test vectors */
  9627. #define IDEA_NB_TESTS 6
  9628. #define IDEA_NB_TESTS_EXTRA 4
  9629. WOLFSSL_SMALL_STACK_STATIC const byte v_key[IDEA_NB_TESTS][IDEA_KEY_SIZE] = {
  9630. { 0x37, 0x37, 0x37, 0x37, 0x37, 0x37, 0x37, 0x37,
  9631. 0x37, 0x37, 0x37, 0x37, 0x37, 0x37, 0x37, 0x37 },
  9632. { 0x57, 0x57, 0x57, 0x57, 0x57, 0x57, 0x57, 0x57,
  9633. 0x57, 0x57, 0x57, 0x57, 0x57, 0x57, 0x57, 0x57 },
  9634. { 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
  9635. 0x08, 0x09, 0x0A, 0x0B, 0x0C, 0x0D, 0x0E, 0x0F },
  9636. { 0x2B, 0xD6, 0x45, 0x9F, 0x82, 0xC5, 0xB3, 0x00,
  9637. 0x95, 0x2C, 0x49, 0x10, 0x48, 0x81, 0xFF, 0x48 },
  9638. { 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
  9639. 0x08, 0x09, 0x0A, 0x0B, 0x0C, 0x0D, 0x0E, 0x0F },
  9640. { 0x2B, 0xD6, 0x45, 0x9F, 0x82, 0xC5, 0xB3, 0x00,
  9641. 0x95, 0x2C, 0x49, 0x10, 0x48, 0x81, 0xFF, 0x48 },
  9642. };
  9643. WOLFSSL_SMALL_STACK_STATIC const byte v1_plain[IDEA_NB_TESTS][IDEA_BLOCK_SIZE] = {
  9644. { 0x37, 0x37, 0x37, 0x37, 0x37, 0x37, 0x37, 0x37 },
  9645. { 0x57, 0x57, 0x57, 0x57, 0x57, 0x57, 0x57, 0x57 },
  9646. { 0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77 },
  9647. { 0xEA, 0x02, 0x47, 0x14, 0xAD, 0x5C, 0x4D, 0x84 },
  9648. { 0xDB, 0x2D, 0x4A, 0x92, 0xAA, 0x68, 0x27, 0x3F },
  9649. { 0xF1, 0x29, 0xA6, 0x60, 0x1E, 0xF6, 0x2A, 0x47 },
  9650. };
  9651. WOLFSSL_SMALL_STACK_STATIC const byte v1_cipher[IDEA_NB_TESTS][IDEA_BLOCK_SIZE] = {
  9652. { 0x54, 0xCF, 0x21, 0xE3, 0x89, 0xD8, 0x73, 0xEC },
  9653. { 0x85, 0x52, 0x4D, 0x41, 0x0E, 0xB4, 0x28, 0xAE },
  9654. { 0xF5, 0x26, 0xAB, 0x9A, 0x62, 0xC0, 0xD2, 0x58 },
  9655. { 0xC8, 0xFB, 0x51, 0xD3, 0x51, 0x66, 0x27, 0xA8 },
  9656. { 0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77 },
  9657. { 0xEA, 0x02, 0x47, 0x14, 0xAD, 0x5C, 0x4D, 0x84 },
  9658. };
  9659. WOLFSSL_SMALL_STACK_STATIC const byte v1_cipher_100[IDEA_NB_TESTS_EXTRA][IDEA_BLOCK_SIZE] = {
  9660. { 0x12, 0x46, 0x2F, 0xD0, 0xFB, 0x3A, 0x63, 0x39 },
  9661. { 0x15, 0x61, 0xE8, 0xC9, 0x04, 0x54, 0x8B, 0xE9 },
  9662. { 0x42, 0x12, 0x2A, 0x94, 0xB0, 0xF6, 0xD2, 0x43 },
  9663. { 0x53, 0x4D, 0xCD, 0x48, 0xDD, 0xD5, 0xF5, 0x9C },
  9664. };
  9665. WOLFSSL_SMALL_STACK_STATIC const byte v1_cipher_1000[IDEA_NB_TESTS_EXTRA][IDEA_BLOCK_SIZE] = {
  9666. { 0x44, 0x1B, 0x38, 0x5C, 0x77, 0x29, 0x75, 0x34 },
  9667. { 0xF0, 0x4E, 0x58, 0x88, 0x44, 0x99, 0x22, 0x2D },
  9668. { 0xB3, 0x5F, 0x93, 0x7F, 0x6A, 0xA0, 0xCD, 0x1F },
  9669. { 0x9A, 0xEA, 0x46, 0x8F, 0x42, 0x9B, 0xBA, 0x15 },
  9670. };
  9671. /* CBC test */
  9672. const char *message = "International Data Encryption Algorithm";
  9673. byte msg_enc[40], msg_dec[40];
  9674. for (i = 0; i < IDEA_NB_TESTS; i++) {
  9675. /* Set encryption key */
  9676. XMEMSET(&idea, 0, sizeof(Idea));
  9677. ret = wc_IdeaSetKey(&idea, v_key[i], IDEA_KEY_SIZE,
  9678. NULL, IDEA_ENCRYPTION);
  9679. if (ret != 0) {
  9680. printf("wc_IdeaSetKey (enc) failed\n");
  9681. return -6800;
  9682. }
  9683. /* Data encryption */
  9684. ret = wc_IdeaCipher(&idea, data, v1_plain[i]);
  9685. if (ret != 0 || XMEMCMP(&v1_cipher[i], data, IDEA_BLOCK_SIZE)) {
  9686. printf("Bad encryption\n");
  9687. return -6801;
  9688. }
  9689. /* Set decryption key */
  9690. XMEMSET(&idea, 0, sizeof(Idea));
  9691. ret = wc_IdeaSetKey(&idea, v_key[i], IDEA_KEY_SIZE,
  9692. NULL, IDEA_DECRYPTION);
  9693. if (ret != 0) {
  9694. printf("wc_IdeaSetKey (dec) failed\n");
  9695. return -6802;
  9696. }
  9697. /* Data decryption */
  9698. ret = wc_IdeaCipher(&idea, data, data);
  9699. if (ret != 0 || XMEMCMP(v1_plain[i], data, IDEA_BLOCK_SIZE)) {
  9700. printf("Bad decryption\n");
  9701. return -6803;
  9702. }
  9703. /* Set encryption key */
  9704. XMEMSET(&idea, 0, sizeof(Idea));
  9705. ret = wc_IdeaSetKey(&idea, v_key[i], IDEA_KEY_SIZE,
  9706. v_key[i], IDEA_ENCRYPTION);
  9707. if (ret != 0) {
  9708. printf("wc_IdeaSetKey (enc) failed\n");
  9709. return -6804;
  9710. }
  9711. XMEMSET(msg_enc, 0, sizeof(msg_enc));
  9712. ret = wc_IdeaCbcEncrypt(&idea, msg_enc, (byte *)message,
  9713. (word32)XSTRLEN(message)+1);
  9714. if (ret != 0) {
  9715. printf("wc_IdeaCbcEncrypt failed\n");
  9716. return -6805;
  9717. }
  9718. /* Set decryption key */
  9719. XMEMSET(&idea, 0, sizeof(Idea));
  9720. ret = wc_IdeaSetKey(&idea, v_key[i], IDEA_KEY_SIZE,
  9721. v_key[i], IDEA_DECRYPTION);
  9722. if (ret != 0) {
  9723. printf("wc_IdeaSetKey (dec) failed\n");
  9724. return -6806;
  9725. }
  9726. XMEMSET(msg_dec, 0, sizeof(msg_dec));
  9727. ret = wc_IdeaCbcDecrypt(&idea, msg_dec, msg_enc,
  9728. (word32)XSTRLEN(message)+1);
  9729. if (ret != 0) {
  9730. printf("wc_IdeaCbcDecrypt failed\n");
  9731. return -6807;
  9732. }
  9733. if (XMEMCMP(message, msg_dec, (word32)XSTRLEN(message))) {
  9734. printf("Bad CBC decryption\n");
  9735. return -6808;
  9736. }
  9737. }
  9738. for (i = 0; i < IDEA_NB_TESTS_EXTRA; i++) {
  9739. /* Set encryption key */
  9740. XMEMSET(&idea, 0, sizeof(Idea));
  9741. ret = wc_IdeaSetKey(&idea, v_key[i], IDEA_KEY_SIZE,
  9742. NULL, IDEA_ENCRYPTION);
  9743. if (ret != 0) {
  9744. printf("wc_IdeaSetKey (enc) failed\n");
  9745. return -6809;
  9746. }
  9747. /* 100 times data encryption */
  9748. XMEMCPY(data, v1_plain[i], IDEA_BLOCK_SIZE);
  9749. for (j = 0; j < 100; j++) {
  9750. ret = wc_IdeaCipher(&idea, data, data);
  9751. if (ret != 0) {
  9752. return -6810;
  9753. }
  9754. }
  9755. if (XMEMCMP(v1_cipher_100[i], data, IDEA_BLOCK_SIZE)) {
  9756. printf("Bad encryption (100 times)\n");
  9757. return -6811;
  9758. }
  9759. /* 1000 times data encryption */
  9760. XMEMCPY(data, v1_plain[i], IDEA_BLOCK_SIZE);
  9761. for (j = 0; j < 1000; j++) {
  9762. ret = wc_IdeaCipher(&idea, data, data);
  9763. if (ret != 0) {
  9764. return -6812;
  9765. }
  9766. }
  9767. if (XMEMCMP(v1_cipher_1000[i], data, IDEA_BLOCK_SIZE)) {
  9768. printf("Bad encryption (100 times)\n");
  9769. return -6813;
  9770. }
  9771. }
  9772. #ifndef WC_NO_RNG
  9773. /* random test for CBC */
  9774. {
  9775. WC_RNG rng;
  9776. byte key[IDEA_KEY_SIZE], iv[IDEA_BLOCK_SIZE],
  9777. rnd[1000], enc[1000], dec[1000];
  9778. /* random values */
  9779. #ifndef HAVE_FIPS
  9780. ret = wc_InitRng_ex(&rng, HEAP_HINT, devId);
  9781. #else
  9782. ret = wc_InitRng(&rng);
  9783. #endif
  9784. if (ret != 0)
  9785. return -6814;
  9786. for (i = 0; i < 1000; i++) {
  9787. /* random key */
  9788. ret = wc_RNG_GenerateBlock(&rng, key, sizeof(key));
  9789. if (ret != 0)
  9790. return -6815;
  9791. /* random iv */
  9792. ret = wc_RNG_GenerateBlock(&rng, iv, sizeof(iv));
  9793. if (ret != 0)
  9794. return -6816;
  9795. /* random data */
  9796. ret = wc_RNG_GenerateBlock(&rng, rnd, sizeof(rnd));
  9797. if (ret != 0)
  9798. return -6817;
  9799. /* Set encryption key */
  9800. XMEMSET(&idea, 0, sizeof(Idea));
  9801. ret = wc_IdeaSetKey(&idea, key, IDEA_KEY_SIZE, iv, IDEA_ENCRYPTION);
  9802. if (ret != 0) {
  9803. printf("wc_IdeaSetKey (enc) failed\n");
  9804. return -6818;
  9805. }
  9806. /* Data encryption */
  9807. XMEMSET(enc, 0, sizeof(enc));
  9808. ret = wc_IdeaCbcEncrypt(&idea, enc, rnd, sizeof(rnd));
  9809. if (ret != 0) {
  9810. printf("wc_IdeaCbcEncrypt failed\n");
  9811. return -6819;
  9812. }
  9813. /* Set decryption key */
  9814. XMEMSET(&idea, 0, sizeof(Idea));
  9815. ret = wc_IdeaSetKey(&idea, key, IDEA_KEY_SIZE, iv, IDEA_DECRYPTION);
  9816. if (ret != 0) {
  9817. printf("wc_IdeaSetKey (enc) failed\n");
  9818. return -6820;
  9819. }
  9820. /* Data decryption */
  9821. XMEMSET(dec, 0, sizeof(dec));
  9822. ret = wc_IdeaCbcDecrypt(&idea, dec, enc, sizeof(enc));
  9823. if (ret != 0) {
  9824. printf("wc_IdeaCbcDecrypt failed\n");
  9825. return -6821;
  9826. }
  9827. if (XMEMCMP(rnd, dec, sizeof(rnd))) {
  9828. printf("Bad CBC decryption\n");
  9829. return -6822;
  9830. }
  9831. }
  9832. wc_FreeRng(&rng);
  9833. }
  9834. #endif /* WC_NO_RNG */
  9835. return 0;
  9836. }
  9837. #endif /* HAVE_IDEA */
  9838. #ifdef HAVE_XCHACHA
  9839. WOLFSSL_TEST_SUBROUTINE int XChaCha_test(void) {
  9840. int ret = -6830;
  9841. WOLFSSL_SMALL_STACK_STATIC const byte Plaintext[] = {
  9842. 0x54, 0x68, 0x65, 0x20, 0x64, 0x68, 0x6f, 0x6c, 0x65, 0x20, 0x28, 0x70, 0x72, 0x6f, 0x6e, 0x6f, /* The dhole (prono */
  9843. 0x75, 0x6e, 0x63, 0x65, 0x64, 0x20, 0x22, 0x64, 0x6f, 0x6c, 0x65, 0x22, 0x29, 0x20, 0x69, 0x73, /* unced "dole") is */
  9844. 0x20, 0x61, 0x6c, 0x73, 0x6f, 0x20, 0x6b, 0x6e, 0x6f, 0x77, 0x6e, 0x20, 0x61, 0x73, 0x20, 0x74, /* also known as t */
  9845. 0x68, 0x65, 0x20, 0x41, 0x73, 0x69, 0x61, 0x74, 0x69, 0x63, 0x20, 0x77, 0x69, 0x6c, 0x64, 0x20, /* he Asiatic wild */
  9846. 0x64, 0x6f, 0x67, 0x2c, 0x20, 0x72, 0x65, 0x64, 0x20, 0x64, 0x6f, 0x67, 0x2c, 0x20, 0x61, 0x6e, /* dog, red dog, an */
  9847. 0x64, 0x20, 0x77, 0x68, 0x69, 0x73, 0x74, 0x6c, 0x69, 0x6e, 0x67, 0x20, 0x64, 0x6f, 0x67, 0x2e, /* d whistling dog. */
  9848. 0x20, 0x49, 0x74, 0x20, 0x69, 0x73, 0x20, 0x61, 0x62, 0x6f, 0x75, 0x74, 0x20, 0x74, 0x68, 0x65, /* It is about the */
  9849. 0x20, 0x73, 0x69, 0x7a, 0x65, 0x20, 0x6f, 0x66, 0x20, 0x61, 0x20, 0x47, 0x65, 0x72, 0x6d, 0x61, /* size of a Germa */
  9850. 0x6e, 0x20, 0x73, 0x68, 0x65, 0x70, 0x68, 0x65, 0x72, 0x64, 0x20, 0x62, 0x75, 0x74, 0x20, 0x6c, /* n shepherd but l */
  9851. 0x6f, 0x6f, 0x6b, 0x73, 0x20, 0x6d, 0x6f, 0x72, 0x65, 0x20, 0x6c, 0x69, 0x6b, 0x65, 0x20, 0x61, /* ooks more like a */
  9852. 0x20, 0x6c, 0x6f, 0x6e, 0x67, 0x2d, 0x6c, 0x65, 0x67, 0x67, 0x65, 0x64, 0x20, 0x66, 0x6f, 0x78, /* long-legged fox */
  9853. 0x2e, 0x20, 0x54, 0x68, 0x69, 0x73, 0x20, 0x68, 0x69, 0x67, 0x68, 0x6c, 0x79, 0x20, 0x65, 0x6c, /* . This highly el */
  9854. 0x75, 0x73, 0x69, 0x76, 0x65, 0x20, 0x61, 0x6e, 0x64, 0x20, 0x73, 0x6b, 0x69, 0x6c, 0x6c, 0x65, /* usive and skille */
  9855. 0x64, 0x20, 0x6a, 0x75, 0x6d, 0x70, 0x65, 0x72, 0x20, 0x69, 0x73, 0x20, 0x63, 0x6c, 0x61, 0x73, /* d jumper is clas */
  9856. 0x73, 0x69, 0x66, 0x69, 0x65, 0x64, 0x20, 0x77, 0x69, 0x74, 0x68, 0x20, 0x77, 0x6f, 0x6c, 0x76, /* sified with wolv */
  9857. 0x65, 0x73, 0x2c, 0x20, 0x63, 0x6f, 0x79, 0x6f, 0x74, 0x65, 0x73, 0x2c, 0x20, 0x6a, 0x61, 0x63, /* es, coyotes, jac */
  9858. 0x6b, 0x61, 0x6c, 0x73, 0x2c, 0x20, 0x61, 0x6e, 0x64, 0x20, 0x66, 0x6f, 0x78, 0x65, 0x73, 0x20, /* kals, and foxes */
  9859. 0x69, 0x6e, 0x20, 0x74, 0x68, 0x65, 0x20, 0x74, 0x61, 0x78, 0x6f, 0x6e, 0x6f, 0x6d, 0x69, 0x63, /* in the taxonomic */
  9860. 0x20, 0x66, 0x61, 0x6d, 0x69, 0x6c, 0x79, 0x20, 0x43, 0x61, 0x6e, 0x69, 0x64, 0x61, 0x65, 0x2e /* family Canidae. */
  9861. };
  9862. WOLFSSL_SMALL_STACK_STATIC const byte Key[] = {
  9863. 0x80, 0x81, 0x82, 0x83, 0x84, 0x85, 0x86, 0x87, 0x88, 0x89, 0x8a, 0x8b, 0x8c, 0x8d, 0x8e, 0x8f,
  9864. 0x90, 0x91, 0x92, 0x93, 0x94, 0x95, 0x96, 0x97, 0x98, 0x99, 0x9a, 0x9b, 0x9c, 0x9d, 0x9e, 0x9f
  9865. };
  9866. WOLFSSL_SMALL_STACK_STATIC const byte IV[] = {
  9867. 0x40, 0x41, 0x42, 0x43, 0x44, 0x45, 0x46, 0x47, 0x48, 0x49, 0x4a, 0x4b, 0x4c, 0x4d, 0x4e, 0x4f, /* @ABCDEFGHIJKLMNO */
  9868. 0x50, 0x51, 0x52, 0x53, 0x54, 0x55, 0x56, 0x58 }; /* PQRSTUVW */
  9869. WOLFSSL_SMALL_STACK_STATIC const byte Ciphertext[] = {
  9870. 0x45, 0x59, 0xab, 0xba, 0x4e, 0x48, 0xc1, 0x61, 0x02, 0xe8, 0xbb, 0x2c, 0x05, 0xe6, 0x94, 0x7f,
  9871. 0x50, 0xa7, 0x86, 0xde, 0x16, 0x2f, 0x9b, 0x0b, 0x7e, 0x59, 0x2a, 0x9b, 0x53, 0xd0, 0xd4, 0xe9,
  9872. 0x8d, 0x8d, 0x64, 0x10, 0xd5, 0x40, 0xa1, 0xa6, 0x37, 0x5b, 0x26, 0xd8, 0x0d, 0xac, 0xe4, 0xfa,
  9873. 0xb5, 0x23, 0x84, 0xc7, 0x31, 0xac, 0xbf, 0x16, 0xa5, 0x92, 0x3c, 0x0c, 0x48, 0xd3, 0x57, 0x5d,
  9874. 0x4d, 0x0d, 0x2c, 0x67, 0x3b, 0x66, 0x6f, 0xaa, 0x73, 0x10, 0x61, 0x27, 0x77, 0x01, 0x09, 0x3a,
  9875. 0x6b, 0xf7, 0xa1, 0x58, 0xa8, 0x86, 0x42, 0x92, 0xa4, 0x1c, 0x48, 0xe3, 0xa9, 0xb4, 0xc0, 0xda,
  9876. 0xec, 0xe0, 0xf8, 0xd9, 0x8d, 0x0d, 0x7e, 0x05, 0xb3, 0x7a, 0x30, 0x7b, 0xbb, 0x66, 0x33, 0x31,
  9877. 0x64, 0xec, 0x9e, 0x1b, 0x24, 0xea, 0x0d, 0x6c, 0x3f, 0xfd, 0xdc, 0xec, 0x4f, 0x68, 0xe7, 0x44,
  9878. 0x30, 0x56, 0x19, 0x3a, 0x03, 0xc8, 0x10, 0xe1, 0x13, 0x44, 0xca, 0x06, 0xd8, 0xed, 0x8a, 0x2b,
  9879. 0xfb, 0x1e, 0x8d, 0x48, 0xcf, 0xa6, 0xbc, 0x0e, 0xb4, 0xe2, 0x46, 0x4b, 0x74, 0x81, 0x42, 0x40,
  9880. 0x7c, 0x9f, 0x43, 0x1a, 0xee, 0x76, 0x99, 0x60, 0xe1, 0x5b, 0xa8, 0xb9, 0x68, 0x90, 0x46, 0x6e,
  9881. 0xf2, 0x45, 0x75, 0x99, 0x85, 0x23, 0x85, 0xc6, 0x61, 0xf7, 0x52, 0xce, 0x20, 0xf9, 0xda, 0x0c,
  9882. 0x09, 0xab, 0x6b, 0x19, 0xdf, 0x74, 0xe7, 0x6a, 0x95, 0x96, 0x74, 0x46, 0xf8, 0xd0, 0xfd, 0x41,
  9883. 0x5e, 0x7b, 0xee, 0x2a, 0x12, 0xa1, 0x14, 0xc2, 0x0e, 0xb5, 0x29, 0x2a, 0xe7, 0xa3, 0x49, 0xae,
  9884. 0x57, 0x78, 0x20, 0xd5, 0x52, 0x0a, 0x1f, 0x3f, 0xb6, 0x2a, 0x17, 0xce, 0x6a, 0x7e, 0x68, 0xfa,
  9885. 0x7c, 0x79, 0x11, 0x1d, 0x88, 0x60, 0x92, 0x0b, 0xc0, 0x48, 0xef, 0x43, 0xfe, 0x84, 0x48, 0x6c,
  9886. 0xcb, 0x87, 0xc2, 0x5f, 0x0a, 0xe0, 0x45, 0xf0, 0xcc, 0xe1, 0xe7, 0x98, 0x9a, 0x9a, 0xa2, 0x20,
  9887. 0xa2, 0x8b, 0xdd, 0x48, 0x27, 0xe7, 0x51, 0xa2, 0x4a, 0x6d, 0x5c, 0x62, 0xd7, 0x90, 0xa6, 0x63,
  9888. 0x93, 0xb9, 0x31, 0x11, 0xc1, 0xa5, 0x5d, 0xd7, 0x42, 0x1a, 0x10, 0x18, 0x49, 0x74, 0xc7, 0xc5
  9889. };
  9890. #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
  9891. struct ChaCha *chacha = (struct ChaCha *)XMALLOC(sizeof *chacha, HEAP_HINT, DYNAMIC_TYPE_CIPHER);
  9892. byte *buf1 = (byte *)XMALLOC(sizeof Plaintext, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  9893. byte *buf2 = (byte *)XMALLOC(sizeof Plaintext, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  9894. if ((chacha == NULL) || (buf1 == NULL) || (buf2 == NULL))
  9895. ERROR_OUT(MEMORY_E, out);
  9896. #else
  9897. struct ChaCha chacha[1];
  9898. byte buf1[sizeof Plaintext];
  9899. byte buf2[sizeof Plaintext];
  9900. #endif
  9901. ret = wc_XChacha_SetKey(chacha, Key, sizeof Key, IV, sizeof IV, 0);
  9902. if (ret < 0)
  9903. ERROR_OUT(-6831, out);
  9904. ret = wc_Chacha_Process(chacha, buf1, Plaintext, sizeof Plaintext);
  9905. if (ret < 0)
  9906. ERROR_OUT(-6832, out);
  9907. if (XMEMCMP(buf1, Ciphertext, sizeof Plaintext))
  9908. ERROR_OUT(-6833, out);
  9909. ret = wc_XChacha_SetKey(chacha, Key, sizeof Key, IV, sizeof IV, 0);
  9910. if (ret < 0)
  9911. ERROR_OUT(-6834, out);
  9912. ret = wc_Chacha_Process(chacha, buf2, buf1, sizeof Plaintext);
  9913. if (ret < 0)
  9914. ERROR_OUT(-6835, out);
  9915. if (XMEMCMP(buf2, Plaintext, sizeof Plaintext))
  9916. ERROR_OUT(-6836, out);
  9917. out:
  9918. #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
  9919. if (chacha)
  9920. XFREE(chacha, HEAP_HINT, DYNAMIC_TYPE_CIPHER);
  9921. if (buf1)
  9922. XFREE(buf1, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  9923. if (buf2)
  9924. XFREE(buf2, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  9925. #endif
  9926. return ret;
  9927. }
  9928. #endif /* HAVE_XCHACHA */
  9929. #if defined(HAVE_XCHACHA) && defined(HAVE_POLY1305)
  9930. WOLFSSL_TEST_SUBROUTINE int XChaCha20Poly1305_test(void) {
  9931. int ret;
  9932. WOLFSSL_SMALL_STACK_STATIC const byte Plaintext[] = {
  9933. 0x4c, 0x61, 0x64, 0x69, 0x65, 0x73, 0x20, 0x61, 0x6e, 0x64, 0x20, 0x47, 0x65, 0x6e, 0x74, 0x6c, /* Ladies and Gentl */
  9934. 0x65, 0x6d, 0x65, 0x6e, 0x20, 0x6f, 0x66, 0x20, 0x74, 0x68, 0x65, 0x20, 0x63, 0x6c, 0x61, 0x73, /* emen of the clas */
  9935. 0x73, 0x20, 0x6f, 0x66, 0x20, 0x27, 0x39, 0x39, 0x3a, 0x20, 0x49, 0x66, 0x20, 0x49, 0x20, 0x63, /* s of '99: If I c */
  9936. 0x6f, 0x75, 0x6c, 0x64, 0x20, 0x6f, 0x66, 0x66, 0x65, 0x72, 0x20, 0x79, 0x6f, 0x75, 0x20, 0x6f, /* ould offer you o */
  9937. 0x6e, 0x6c, 0x79, 0x20, 0x6f, 0x6e, 0x65, 0x20, 0x74, 0x69, 0x70, 0x20, 0x66, 0x6f, 0x72, 0x20, /* nly one tip for */
  9938. 0x74, 0x68, 0x65, 0x20, 0x66, 0x75, 0x74, 0x75, 0x72, 0x65, 0x2c, 0x20, 0x73, 0x75, 0x6e, 0x73, /* the future, suns */
  9939. 0x63, 0x72, 0x65, 0x65, 0x6e, 0x20, 0x77, 0x6f, 0x75, 0x6c, 0x64, 0x20, 0x62, 0x65, 0x20, 0x69, /* creen would be i */
  9940. 0x74, 0x2e }; /* t. */
  9941. WOLFSSL_SMALL_STACK_STATIC const byte AAD[] = { 0x50, 0x51, 0x52, 0x53, 0xc0, 0xc1, 0xc2, 0xc3, 0xc4, 0xc5, 0xc6, 0xc7 }; /* PQRS........ */
  9942. WOLFSSL_SMALL_STACK_STATIC const byte Key[] = {
  9943. 0x80, 0x81, 0x82, 0x83, 0x84, 0x85, 0x86, 0x87, 0x88, 0x89, 0x8a, 0x8b, 0x8c, 0x8d, 0x8e, 0x8f,
  9944. 0x90, 0x91, 0x92, 0x93, 0x94, 0x95, 0x96, 0x97, 0x98, 0x99, 0x9a, 0x9b, 0x9c, 0x9d, 0x9e, 0x9f
  9945. };
  9946. WOLFSSL_SMALL_STACK_STATIC const byte IV[] = {
  9947. 0x40, 0x41, 0x42, 0x43, 0x44, 0x45, 0x46, 0x47, 0x48, 0x49, 0x4a, 0x4b, 0x4c, 0x4d, 0x4e, 0x4f, /* @ABCDEFGHIJKLMNO */
  9948. 0x50, 0x51, 0x52, 0x53, 0x54, 0x55, 0x56, 0x57 }; /* PQRSTUVW */
  9949. WOLFSSL_SMALL_STACK_STATIC const byte Ciphertext[] = {
  9950. 0xbd, 0x6d, 0x17, 0x9d, 0x3e, 0x83, 0xd4, 0x3b, 0x95, 0x76, 0x57, 0x94, 0x93, 0xc0, 0xe9, 0x39,
  9951. 0x57, 0x2a, 0x17, 0x00, 0x25, 0x2b, 0xfa, 0xcc, 0xbe, 0xd2, 0x90, 0x2c, 0x21, 0x39, 0x6c, 0xbb,
  9952. 0x73, 0x1c, 0x7f, 0x1b, 0x0b, 0x4a, 0xa6, 0x44, 0x0b, 0xf3, 0xa8, 0x2f, 0x4e, 0xda, 0x7e, 0x39,
  9953. 0xae, 0x64, 0xc6, 0x70, 0x8c, 0x54, 0xc2, 0x16, 0xcb, 0x96, 0xb7, 0x2e, 0x12, 0x13, 0xb4, 0x52,
  9954. 0x2f, 0x8c, 0x9b, 0xa4, 0x0d, 0xb5, 0xd9, 0x45, 0xb1, 0x1b, 0x69, 0xb9, 0x82, 0xc1, 0xbb, 0x9e,
  9955. 0x3f, 0x3f, 0xac, 0x2b, 0xc3, 0x69, 0x48, 0x8f, 0x76, 0xb2, 0x38, 0x35, 0x65, 0xd3, 0xff, 0xf9,
  9956. 0x21, 0xf9, 0x66, 0x4c, 0x97, 0x63, 0x7d, 0xa9, 0x76, 0x88, 0x12, 0xf6, 0x15, 0xc6, 0x8b, 0x13,
  9957. 0xb5, 0x2e };
  9958. WOLFSSL_SMALL_STACK_STATIC const byte Tag[] = {
  9959. 0xc0, 0x87, 0x59, 0x24, 0xc1, 0xc7, 0x98, 0x79, 0x47, 0xde, 0xaf, 0xd8, 0x78, 0x0a, 0xcf, 0x49
  9960. };
  9961. #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
  9962. byte *buf1 = (byte *)XMALLOC(sizeof Ciphertext + sizeof Tag, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  9963. byte *buf2 = (byte *)XMALLOC(sizeof Plaintext, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  9964. #else
  9965. byte buf1[sizeof Ciphertext + sizeof Tag];
  9966. byte buf2[sizeof Plaintext];
  9967. #endif
  9968. ret = wc_XChaCha20Poly1305_Encrypt(buf1, sizeof Ciphertext + sizeof Tag,
  9969. Plaintext, sizeof Plaintext,
  9970. AAD, sizeof AAD,
  9971. IV, sizeof IV,
  9972. Key, sizeof Key);
  9973. if (ret < 0)
  9974. ERROR_OUT(-6840, out);
  9975. if (XMEMCMP(buf1, Ciphertext, sizeof Plaintext))
  9976. ERROR_OUT(-6841, out);
  9977. if (XMEMCMP(buf1 + sizeof Plaintext, Tag, CHACHA20_POLY1305_AEAD_AUTHTAG_SIZE))
  9978. ERROR_OUT(-6842, out);
  9979. ret = wc_XChaCha20Poly1305_Decrypt(buf2, sizeof Plaintext,
  9980. buf1, sizeof Plaintext + sizeof Tag,
  9981. AAD, sizeof AAD,
  9982. IV, sizeof IV,
  9983. Key, sizeof Key);
  9984. if (ret < 0)
  9985. ERROR_OUT(-6843, out);
  9986. if (XMEMCMP(buf2, Plaintext, sizeof Plaintext))
  9987. ERROR_OUT(-6844, out);
  9988. out:
  9989. #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
  9990. XFREE(buf1, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  9991. XFREE(buf2, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  9992. #endif
  9993. return ret;
  9994. }
  9995. #endif /* defined(HAVE_XCHACHA) && defined(HAVE_POLY1305) */
  9996. #ifndef WC_NO_RNG
  9997. static int _rng_test(WC_RNG* rng, int errorOffset)
  9998. {
  9999. byte block[32];
  10000. int ret, i;
  10001. XMEMSET(block, 0, sizeof(block));
  10002. ret = wc_RNG_GenerateBlock(rng, block, sizeof(block));
  10003. if (ret != 0) {
  10004. ret = -6850;
  10005. goto exit;
  10006. }
  10007. /* Check for 0's */
  10008. for (i=0; i<(int)sizeof(block); i++) {
  10009. if (block[i] == 0) {
  10010. ret++;
  10011. }
  10012. }
  10013. /* All zeros count check */
  10014. if (ret >= (int)sizeof(block)) {
  10015. ret = -6851;
  10016. goto exit;
  10017. }
  10018. ret = wc_RNG_GenerateByte(rng, block);
  10019. if (ret != 0) {
  10020. ret = -6852;
  10021. goto exit;
  10022. }
  10023. /* Parameter validation testing. */
  10024. ret = wc_RNG_GenerateBlock(NULL, block, sizeof(block));
  10025. if (ret != BAD_FUNC_ARG) {
  10026. ret = -6853;
  10027. goto exit;
  10028. }
  10029. ret = wc_RNG_GenerateBlock(rng, NULL, sizeof(block));
  10030. if (ret != BAD_FUNC_ARG) {
  10031. ret = -6854;
  10032. goto exit;
  10033. }
  10034. ret = wc_RNG_GenerateByte(NULL, block);
  10035. if (ret != BAD_FUNC_ARG) {
  10036. ret = -6855;
  10037. goto exit;
  10038. }
  10039. ret = wc_RNG_GenerateByte(rng, NULL);
  10040. if (ret != BAD_FUNC_ARG) {
  10041. ret = -6856;
  10042. goto exit;
  10043. }
  10044. ret = 0;
  10045. exit:
  10046. if (ret != 0)
  10047. ret += errorOffset;
  10048. return ret;
  10049. }
  10050. static int random_rng_test(void)
  10051. {
  10052. WC_RNG localRng;
  10053. WC_RNG* rng;
  10054. int ret;
  10055. rng = &localRng;
  10056. /* Test stack based RNG. */
  10057. #ifndef HAVE_FIPS
  10058. ret = wc_InitRng_ex(rng, HEAP_HINT, devId);
  10059. #else
  10060. ret = wc_InitRng(rng);
  10061. #endif
  10062. if (ret != 0) return -6900;
  10063. ret = _rng_test(rng, -6300);
  10064. /* Make sure and free RNG */
  10065. wc_FreeRng(rng);
  10066. if (ret != 0) return ret;
  10067. #if !defined(HAVE_FIPS) && !defined(HAVE_SELFTEST) && !defined(WOLFSSL_NO_MALLOC)
  10068. {
  10069. byte nonce[8] = { 0 };
  10070. /* Test dynamic RNG. */
  10071. rng = wc_rng_new(nonce, (word32)sizeof(nonce), HEAP_HINT);
  10072. if (rng == NULL) return -6901;
  10073. ret = _rng_test(rng, -6310);
  10074. wc_rng_free(rng);
  10075. }
  10076. #endif
  10077. return ret;
  10078. }
  10079. #if defined(HAVE_HASHDRBG) && !defined(CUSTOM_RAND_GENERATE_BLOCK)
  10080. WOLFSSL_TEST_SUBROUTINE int random_test(void)
  10081. {
  10082. WOLFSSL_SMALL_STACK_STATIC const byte test1Entropy[] =
  10083. {
  10084. 0xa6, 0x5a, 0xd0, 0xf3, 0x45, 0xdb, 0x4e, 0x0e, 0xff, 0xe8, 0x75, 0xc3,
  10085. 0xa2, 0xe7, 0x1f, 0x42, 0xc7, 0x12, 0x9d, 0x62, 0x0f, 0xf5, 0xc1, 0x19,
  10086. 0xa9, 0xef, 0x55, 0xf0, 0x51, 0x85, 0xe0, 0xfb, 0x85, 0x81, 0xf9, 0x31,
  10087. 0x75, 0x17, 0x27, 0x6e, 0x06, 0xe9, 0x60, 0x7d, 0xdb, 0xcb, 0xcc, 0x2e
  10088. };
  10089. WOLFSSL_SMALL_STACK_STATIC const byte test1Output[] =
  10090. {
  10091. 0xd3, 0xe1, 0x60, 0xc3, 0x5b, 0x99, 0xf3, 0x40, 0xb2, 0x62, 0x82, 0x64,
  10092. 0xd1, 0x75, 0x10, 0x60, 0xe0, 0x04, 0x5d, 0xa3, 0x83, 0xff, 0x57, 0xa5,
  10093. 0x7d, 0x73, 0xa6, 0x73, 0xd2, 0xb8, 0xd8, 0x0d, 0xaa, 0xf6, 0xa6, 0xc3,
  10094. 0x5a, 0x91, 0xbb, 0x45, 0x79, 0xd7, 0x3f, 0xd0, 0xc8, 0xfe, 0xd1, 0x11,
  10095. 0xb0, 0x39, 0x13, 0x06, 0x82, 0x8a, 0xdf, 0xed, 0x52, 0x8f, 0x01, 0x81,
  10096. 0x21, 0xb3, 0xfe, 0xbd, 0xc3, 0x43, 0xe7, 0x97, 0xb8, 0x7d, 0xbb, 0x63,
  10097. 0xdb, 0x13, 0x33, 0xde, 0xd9, 0xd1, 0xec, 0xe1, 0x77, 0xcf, 0xa6, 0xb7,
  10098. 0x1f, 0xe8, 0xab, 0x1d, 0xa4, 0x66, 0x24, 0xed, 0x64, 0x15, 0xe5, 0x1c,
  10099. 0xcd, 0xe2, 0xc7, 0xca, 0x86, 0xe2, 0x83, 0x99, 0x0e, 0xea, 0xeb, 0x91,
  10100. 0x12, 0x04, 0x15, 0x52, 0x8b, 0x22, 0x95, 0x91, 0x02, 0x81, 0xb0, 0x2d,
  10101. 0xd4, 0x31, 0xf4, 0xc9, 0xf7, 0x04, 0x27, 0xdf
  10102. };
  10103. WOLFSSL_SMALL_STACK_STATIC const byte test2EntropyA[] =
  10104. {
  10105. 0x63, 0x36, 0x33, 0x77, 0xe4, 0x1e, 0x86, 0x46, 0x8d, 0xeb, 0x0a, 0xb4,
  10106. 0xa8, 0xed, 0x68, 0x3f, 0x6a, 0x13, 0x4e, 0x47, 0xe0, 0x14, 0xc7, 0x00,
  10107. 0x45, 0x4e, 0x81, 0xe9, 0x53, 0x58, 0xa5, 0x69, 0x80, 0x8a, 0xa3, 0x8f,
  10108. 0x2a, 0x72, 0xa6, 0x23, 0x59, 0x91, 0x5a, 0x9f, 0x8a, 0x04, 0xca, 0x68
  10109. };
  10110. WOLFSSL_SMALL_STACK_STATIC const byte test2EntropyB[] =
  10111. {
  10112. 0xe6, 0x2b, 0x8a, 0x8e, 0xe8, 0xf1, 0x41, 0xb6, 0x98, 0x05, 0x66, 0xe3,
  10113. 0xbf, 0xe3, 0xc0, 0x49, 0x03, 0xda, 0xd4, 0xac, 0x2c, 0xdf, 0x9f, 0x22,
  10114. 0x80, 0x01, 0x0a, 0x67, 0x39, 0xbc, 0x83, 0xd3
  10115. };
  10116. WOLFSSL_SMALL_STACK_STATIC const byte test2Output[] =
  10117. {
  10118. 0x04, 0xee, 0xc6, 0x3b, 0xb2, 0x31, 0xdf, 0x2c, 0x63, 0x0a, 0x1a, 0xfb,
  10119. 0xe7, 0x24, 0x94, 0x9d, 0x00, 0x5a, 0x58, 0x78, 0x51, 0xe1, 0xaa, 0x79,
  10120. 0x5e, 0x47, 0x73, 0x47, 0xc8, 0xb0, 0x56, 0x62, 0x1c, 0x18, 0xbd, 0xdc,
  10121. 0xdd, 0x8d, 0x99, 0xfc, 0x5f, 0xc2, 0xb9, 0x20, 0x53, 0xd8, 0xcf, 0xac,
  10122. 0xfb, 0x0b, 0xb8, 0x83, 0x12, 0x05, 0xfa, 0xd1, 0xdd, 0xd6, 0xc0, 0x71,
  10123. 0x31, 0x8a, 0x60, 0x18, 0xf0, 0x3b, 0x73, 0xf5, 0xed, 0xe4, 0xd4, 0xd0,
  10124. 0x71, 0xf9, 0xde, 0x03, 0xfd, 0x7a, 0xea, 0x10, 0x5d, 0x92, 0x99, 0xb8,
  10125. 0xaf, 0x99, 0xaa, 0x07, 0x5b, 0xdb, 0x4d, 0xb9, 0xaa, 0x28, 0xc1, 0x8d,
  10126. 0x17, 0x4b, 0x56, 0xee, 0x2a, 0x01, 0x4d, 0x09, 0x88, 0x96, 0xff, 0x22,
  10127. 0x82, 0xc9, 0x55, 0xa8, 0x19, 0x69, 0xe0, 0x69, 0xfa, 0x8c, 0xe0, 0x07,
  10128. 0xa1, 0x80, 0x18, 0x3a, 0x07, 0xdf, 0xae, 0x17
  10129. };
  10130. byte output[WC_SHA256_DIGEST_SIZE * 4];
  10131. int ret;
  10132. ret = wc_RNG_HealthTest(0, test1Entropy, sizeof(test1Entropy), NULL, 0,
  10133. output, sizeof(output));
  10134. if (ret != 0)
  10135. return -7000;
  10136. if (XMEMCMP(test1Output, output, sizeof(output)) != 0)
  10137. return -7001;
  10138. ret = wc_RNG_HealthTest(1, test2EntropyA, sizeof(test2EntropyA),
  10139. test2EntropyB, sizeof(test2EntropyB),
  10140. output, sizeof(output));
  10141. if (ret != 0)
  10142. return -7002;
  10143. if (XMEMCMP(test2Output, output, sizeof(output)) != 0)
  10144. return -7003;
  10145. /* Basic RNG generate block test */
  10146. if ((ret = random_rng_test()) != 0)
  10147. return ret;
  10148. /* Test the seed check function. */
  10149. #if !(defined(HAVE_FIPS) || defined(HAVE_SELFTEST)) || \
  10150. (defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION >= 2))
  10151. {
  10152. word32 i, outputSz;
  10153. /* Repeat the same byte over and over. Should fail. */
  10154. outputSz = sizeof(output);
  10155. XMEMSET(output, 1, outputSz);
  10156. ret = wc_RNG_TestSeed(output, outputSz);
  10157. if (ret == 0)
  10158. return -7004;
  10159. /* Every byte of the entropy scratch is different,
  10160. * entropy is a single byte that shouldn't match. */
  10161. outputSz = (sizeof(word32) * 2) + 1;
  10162. for (i = 0; i < outputSz; i++)
  10163. output[i] = (byte)i;
  10164. ret = wc_RNG_TestSeed(output, outputSz);
  10165. if (ret != 0)
  10166. return -7005;
  10167. outputSz = sizeof(output);
  10168. for (i = 0; i < outputSz; i++)
  10169. output[i] = (byte)i;
  10170. ret = wc_RNG_TestSeed(output, outputSz);
  10171. if (ret != 0)
  10172. return -7006;
  10173. }
  10174. #endif
  10175. return 0;
  10176. }
  10177. #else
  10178. WOLFSSL_TEST_SUBROUTINE int random_test(void)
  10179. {
  10180. /* Basic RNG generate block test */
  10181. return random_rng_test();
  10182. }
  10183. #endif /* HAVE_HASHDRBG && !CUSTOM_RAND_GENERATE_BLOCK */
  10184. #endif /* WC_NO_RNG */
  10185. #ifndef MEM_TEST_SZ
  10186. #define MEM_TEST_SZ 1024
  10187. #endif
  10188. #if defined(WOLFSSL_STATIC_MEMORY) || !defined(WOLFSSL_NO_MALLOC)
  10189. static int simple_mem_test(int sz)
  10190. {
  10191. int ret = 0;
  10192. byte* b;
  10193. int i;
  10194. b = (byte*)XMALLOC(sz, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  10195. if (b == NULL) {
  10196. return -7110;
  10197. }
  10198. /* utilize memory */
  10199. for (i = 0; i < sz; i++) {
  10200. b[i] = (byte)i;
  10201. }
  10202. /* read back and verify */
  10203. for (i = 0; i < sz; i++) {
  10204. if (b[i] != (byte)i) {
  10205. ret = -7111;
  10206. break;
  10207. }
  10208. }
  10209. XFREE(b, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  10210. return ret;
  10211. }
  10212. #endif
  10213. WOLFSSL_TEST_SUBROUTINE int memory_test(void)
  10214. {
  10215. int ret = 0;
  10216. #if !defined(USE_FAST_MATH) && !defined(WOLFSSL_NO_MALLOC)
  10217. byte* b = NULL;
  10218. #endif
  10219. #if defined(COMPLEX_MEM_TEST) || defined(WOLFSSL_STATIC_MEMORY)
  10220. int i;
  10221. #endif
  10222. #ifdef WOLFSSL_STATIC_MEMORY
  10223. word32 size[] = { WOLFMEM_BUCKETS };
  10224. word32 dist[] = { WOLFMEM_DIST };
  10225. byte buffer[30000]; /* make large enough to involve many bucket sizes */
  10226. int pad = -(int)((wolfssl_word)buffer) & (WOLFSSL_STATIC_ALIGN - 1);
  10227. /* pad to account for if head of buffer is not at set memory
  10228. * alignment when tests are ran */
  10229. #endif
  10230. #ifdef WOLFSSL_STATIC_MEMORY
  10231. /* check macro settings */
  10232. if (sizeof(size)/sizeof(word32) != WOLFMEM_MAX_BUCKETS) {
  10233. return -7200;
  10234. }
  10235. if (sizeof(dist)/sizeof(word32) != WOLFMEM_MAX_BUCKETS) {
  10236. return -7201;
  10237. }
  10238. for (i = 0; i < WOLFMEM_MAX_BUCKETS; i++) {
  10239. if ((size[i] % WOLFSSL_STATIC_ALIGN) != 0) {
  10240. /* each element in array should be divisible by alignment size */
  10241. return -7202;
  10242. }
  10243. }
  10244. for (i = 1; i < WOLFMEM_MAX_BUCKETS; i++) {
  10245. if (size[i - 1] >= size[i]) {
  10246. return -7203; /* sizes should be in increasing order */
  10247. }
  10248. }
  10249. /* check that padding size returned is possible */
  10250. if (wolfSSL_MemoryPaddingSz() < WOLFSSL_STATIC_ALIGN) {
  10251. return -7204; /* no room for wc_Memory struct */
  10252. }
  10253. if (wolfSSL_MemoryPaddingSz() < 0) {
  10254. return -7205;
  10255. }
  10256. if (wolfSSL_MemoryPaddingSz() % WOLFSSL_STATIC_ALIGN != 0) {
  10257. return -7206; /* not aligned! */
  10258. }
  10259. /* check function to return optimum buffer size (rounded down) */
  10260. ret = wolfSSL_StaticBufferSz(buffer, sizeof(buffer), WOLFMEM_GENERAL);
  10261. if ((ret - pad) % WOLFSSL_STATIC_ALIGN != 0) {
  10262. return -7207; /* not aligned! */
  10263. }
  10264. if (ret < 0) {
  10265. return -7208;
  10266. }
  10267. if ((unsigned int)ret > sizeof(buffer)) {
  10268. return -7209; /* did not round down as expected */
  10269. }
  10270. if (ret != wolfSSL_StaticBufferSz(buffer, ret, WOLFMEM_GENERAL)) {
  10271. return -7210; /* return value changed when using suggested value */
  10272. }
  10273. ret = wolfSSL_MemoryPaddingSz();
  10274. ret += pad; /* add space that is going to be needed if buffer not aligned */
  10275. if (wolfSSL_StaticBufferSz(buffer, size[0] + ret + 1, WOLFMEM_GENERAL) !=
  10276. (ret + (int)size[0])) {
  10277. return -7211; /* did not round down to nearest bucket value */
  10278. }
  10279. ret = wolfSSL_StaticBufferSz(buffer, sizeof(buffer), WOLFMEM_IO_POOL);
  10280. if ((ret - pad) < 0) {
  10281. return -7212;
  10282. }
  10283. if (((ret - pad) % (WOLFMEM_IO_SZ + wolfSSL_MemoryPaddingSz())) != 0) {
  10284. return -7213; /* not even chunks of memory for IO size */
  10285. }
  10286. if (((ret - pad) % WOLFSSL_STATIC_ALIGN) != 0) {
  10287. return -7214; /* memory not aligned */
  10288. }
  10289. /* check for passing bad or unknown arguments to functions */
  10290. if (wolfSSL_StaticBufferSz(NULL, 1, WOLFMEM_GENERAL) > 0) {
  10291. return -7215;
  10292. }
  10293. if (wolfSSL_StaticBufferSz(buffer, 1, WOLFMEM_GENERAL) != 0) {
  10294. return -7216; /* should round to 0 since struct + bucket will not fit */
  10295. }
  10296. (void)dist; /* avoid static analysis warning of variable not used */
  10297. #endif
  10298. #if defined(WOLFSSL_STATIC_MEMORY) || !defined(WOLFSSL_NO_MALLOC)
  10299. /* simple test */
  10300. ret = simple_mem_test(MEM_TEST_SZ);
  10301. if (ret != 0)
  10302. return ret;
  10303. #endif
  10304. #ifdef COMPLEX_MEM_TEST
  10305. /* test various size blocks */
  10306. for (i = 1; i < MEM_TEST_SZ; i*=2) {
  10307. ret = simple_mem_test(i);
  10308. if (ret != 0)
  10309. return ret;
  10310. }
  10311. #endif
  10312. #if !defined(USE_FAST_MATH) && !defined(WOLFSSL_NO_MALLOC)
  10313. /* realloc test */
  10314. b = (byte*)XMALLOC(MEM_TEST_SZ, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  10315. if (b) {
  10316. b = (byte*)XREALLOC(b, MEM_TEST_SZ+sizeof(word32), HEAP_HINT,
  10317. DYNAMIC_TYPE_TMP_BUFFER);
  10318. }
  10319. if (b == NULL) {
  10320. return -7217;
  10321. }
  10322. XFREE(b, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  10323. #endif
  10324. return ret;
  10325. }
  10326. #ifdef HAVE_NTRU
  10327. byte GetEntropy(ENTROPY_CMD cmd, byte* out);
  10328. byte GetEntropy(ENTROPY_CMD cmd, byte* out)
  10329. {
  10330. static WC_RNG rng;
  10331. if (cmd == INIT)
  10332. return (wc_InitRng(&rng) == 0) ? 1 : 0;
  10333. if (out == NULL)
  10334. return 0;
  10335. if (cmd == GET_BYTE_OF_ENTROPY)
  10336. return (wc_RNG_GenerateBlock(&rng, out, 1) == 0) ? 1 : 0;
  10337. if (cmd == GET_NUM_BYTES_PER_BYTE_OF_ENTROPY) {
  10338. *out = 1;
  10339. return 1;
  10340. }
  10341. return 0;
  10342. }
  10343. #endif /* HAVE_NTRU */
  10344. #ifndef NO_FILESYSTEM
  10345. /* Cert Paths */
  10346. #ifdef FREESCALE_MQX
  10347. #define CERT_PREFIX "a:\\"
  10348. #define CERT_PATH_SEP "\\"
  10349. #elif defined(WOLFSSL_uTKERNEL2)
  10350. #define CERT_PREFIX "/uda/"
  10351. #define CERT_PATH_SEP "/"
  10352. #elif defined(_WIN32_WCE)
  10353. #define CERT_PREFIX "\\windows\\"
  10354. #define CERT_PATH_SEP "\\"
  10355. #endif
  10356. #ifndef CERT_PREFIX
  10357. #define CERT_PREFIX "./"
  10358. #endif
  10359. #ifndef CERT_PATH_SEP
  10360. #define CERT_PATH_SEP "/"
  10361. #endif
  10362. #ifndef CERT_WRITE_TEMP_DIR
  10363. #define CERT_WRITE_TEMP_DIR CERT_PREFIX
  10364. #endif
  10365. #define CERT_ROOT CERT_PREFIX "certs" CERT_PATH_SEP
  10366. /* Generated Test Certs */
  10367. #if !defined(USE_CERT_BUFFERS_1024) && !defined(USE_CERT_BUFFERS_2048) && \
  10368. !defined(USE_CERT_BUFFERS_3072) && !defined(USE_CERT_BUFFERS_4096)
  10369. #if !defined(NO_RSA) && !defined(NO_ASN)
  10370. static const char* clientKey = CERT_ROOT "client-key.der";
  10371. static const char* clientCert = CERT_ROOT "client-cert.der";
  10372. #ifdef WOLFSSL_CERT_EXT
  10373. static const char* clientKeyPub = CERT_ROOT "client-keyPub.der";
  10374. #endif
  10375. #endif /* !NO_RSA && !NO_ASN */
  10376. #endif
  10377. #if !defined(USE_CERT_BUFFERS_1024) && !defined(USE_CERT_BUFFERS_2048)
  10378. #if !defined(NO_RSA) && !defined(NO_ASN)
  10379. #if defined(WOLFSSL_CERT_GEN) || defined(HAVE_PKCS7)
  10380. static const char* rsaCaKeyFile = CERT_ROOT "ca-key.der";
  10381. #ifdef WOLFSSL_CERT_GEN
  10382. static const char* rsaCaCertFile = CERT_ROOT "ca-cert.pem";
  10383. #endif
  10384. #if defined(WOLFSSL_ALT_NAMES) || defined(HAVE_PKCS7)
  10385. static const char* rsaCaCertDerFile = CERT_ROOT "ca-cert.der";
  10386. #endif
  10387. #ifdef HAVE_PKCS7
  10388. static const char* rsaServerCertDerFile =
  10389. CERT_ROOT "server-cert.der";
  10390. static const char* rsaServerKeyDerFile =
  10391. CERT_ROOT "server-key.der";
  10392. #endif
  10393. #endif
  10394. #endif /* !NO_RSA && !NO_ASN */
  10395. #endif /* !USE_CERT_BUFFER_* */
  10396. #if !defined(USE_CERT_BUFFERS_1024) && !defined(USE_CERT_BUFFERS_2048) && \
  10397. !defined(USE_CERT_BUFFERS_3072) && !defined(USE_CERT_BUFFERS_4096) && \
  10398. !defined(NO_ASN)
  10399. #ifndef NO_DH
  10400. static const char* dhParamsFile = CERT_ROOT "dh2048.der";
  10401. #if defined(WOLFSSL_DH_EXTRA) && (!defined(HAVE_FIPS) || \
  10402. (defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION > 2)))
  10403. static const char* dhKeyFile = CERT_ROOT "statickeys/dh-ffdhe2048.der";
  10404. #endif
  10405. #endif
  10406. #ifndef NO_DSA
  10407. static const char* dsaKey = CERT_ROOT "dsa2048.der";
  10408. #endif
  10409. #endif /* !USE_CERT_BUFFER_* */
  10410. #if !defined(USE_CERT_BUFFERS_256) && !defined(NO_ECC256)
  10411. #ifdef HAVE_ECC
  10412. /* cert files to be used in rsa cert gen test, check if RSA enabled */
  10413. #ifdef HAVE_ECC_KEY_IMPORT
  10414. static const char* eccKeyDerFile = CERT_ROOT "ecc-key.der";
  10415. #endif
  10416. #endif
  10417. #if !defined(USE_CERT_BUFFERS_256) && !defined(NO_ASN)
  10418. #if defined(HAVE_ECC) && defined(WOLFSSL_CERT_GEN)
  10419. #ifndef NO_RSA
  10420. /* eccKeyPubFile is used in a test that requires RSA. */
  10421. static const char* eccKeyPubFile = CERT_ROOT "ecc-keyPub.der";
  10422. #endif
  10423. static const char* eccCaKeyFile = CERT_ROOT "ca-ecc-key.der";
  10424. static const char* eccCaCertFile = CERT_ROOT "ca-ecc-cert.pem";
  10425. #ifdef ENABLE_ECC384_CERT_GEN_TEST
  10426. static const char* eccCaKey384File =
  10427. CERT_ROOT "ca-ecc384-key.der";
  10428. static const char* eccCaCert384File =
  10429. CERT_ROOT "ca-ecc384-cert.pem";
  10430. #endif
  10431. #endif
  10432. #if defined(HAVE_PKCS7) && defined(HAVE_ECC)
  10433. static const char* eccClientKey = CERT_ROOT "ecc-client-key.der";
  10434. static const char* eccClientCert = CERT_ROOT "client-ecc-cert.der";
  10435. #endif
  10436. #endif /* HAVE_ECC */
  10437. #ifdef HAVE_ED25519
  10438. #ifdef WOLFSSL_TEST_CERT
  10439. static const char* serverEd25519Cert =
  10440. CERT_ROOT "ed25519/server-ed25519.der";
  10441. static const char* caEd25519Cert =
  10442. CERT_ROOT "ed25519/ca-ed25519.der";
  10443. #endif
  10444. #endif
  10445. #ifdef HAVE_ED448
  10446. #ifdef WOLFSSL_TEST_CERT
  10447. static const char* serverEd448Cert =
  10448. CERT_ROOT "ed448/server-ed448.der";
  10449. static const char* caEd448Cert = CERT_ROOT "ed448/ca-ed448.der";
  10450. #endif
  10451. #endif
  10452. #endif /* !USE_CERT_BUFFER_* */
  10453. #ifndef NO_WRITE_TEMP_FILES
  10454. #ifdef HAVE_ECC
  10455. #ifdef WOLFSSL_CERT_GEN
  10456. static const char* certEccPemFile = CERT_WRITE_TEMP_DIR "certecc.pem";
  10457. #endif
  10458. #if defined(WOLFSSL_CERT_GEN) && !defined(NO_RSA)
  10459. static const char* certEccRsaPemFile = CERT_WRITE_TEMP_DIR "certeccrsa.pem";
  10460. static const char* certEccRsaDerFile = CERT_WRITE_TEMP_DIR "certeccrsa.der";
  10461. #endif
  10462. #if defined(HAVE_ECC_KEY_EXPORT) && !defined(WC_NO_RNG)
  10463. static const char* eccCaKeyPemFile = CERT_WRITE_TEMP_DIR "ecc-key.pem";
  10464. static const char* eccPubKeyDerFile = CERT_WRITE_TEMP_DIR "ecc-public-key.der";
  10465. static const char* eccCaKeyTempFile = CERT_WRITE_TEMP_DIR "ecc-key.der";
  10466. #if defined(HAVE_PKCS8) && !defined(WC_NO_RNG)
  10467. static const char* eccPkcs8KeyDerFile = CERT_WRITE_TEMP_DIR "ecc-key-pkcs8.der";
  10468. #endif
  10469. #endif /* HAVE_ECC_KEY_EXPORT */
  10470. #if defined(WOLFSSL_CERT_GEN) || \
  10471. (defined(WOLFSSL_CERT_EXT) && defined(WOLFSSL_TEST_CERT))
  10472. static const char* certEccDerFile = CERT_WRITE_TEMP_DIR "certecc.der";
  10473. #endif
  10474. #endif /* HAVE_ECC */
  10475. #ifndef NO_RSA
  10476. #if defined(WOLFSSL_CERT_GEN) || \
  10477. (defined(WOLFSSL_CERT_EXT) && defined(WOLFSSL_TEST_CERT))
  10478. static const char* otherCertDerFile = CERT_WRITE_TEMP_DIR "othercert.der";
  10479. static const char* certDerFile = CERT_WRITE_TEMP_DIR "cert.der";
  10480. #endif
  10481. #ifdef WOLFSSL_CERT_GEN
  10482. static const char* otherCertPemFile = CERT_WRITE_TEMP_DIR "othercert.pem";
  10483. static const char* certPemFile = CERT_WRITE_TEMP_DIR "cert.pem";
  10484. #endif
  10485. #ifdef WOLFSSL_CERT_REQ
  10486. static const char* certReqDerFile = CERT_WRITE_TEMP_DIR "certreq.der";
  10487. static const char* certReqPemFile = CERT_WRITE_TEMP_DIR "certreq.pem";
  10488. #endif
  10489. #endif /* !NO_RSA */
  10490. #if !defined(NO_RSA) || !defined(NO_DSA)
  10491. #ifdef WOLFSSL_KEY_GEN
  10492. static const char* keyDerFile = CERT_WRITE_TEMP_DIR "key.der";
  10493. static const char* keyPemFile = CERT_WRITE_TEMP_DIR "key.pem";
  10494. #endif
  10495. #endif
  10496. #endif /* !NO_WRITE_TEMP_FILES */
  10497. #endif /* !NO_FILESYSTEM */
  10498. #if defined(WOLFSSL_CERT_GEN) && (!defined(NO_RSA) || defined(HAVE_ECC)) || \
  10499. (defined(WOLFSSL_TEST_CERT) && (defined(HAVE_ED25519) || defined(HAVE_ED448)))
  10500. #ifdef WOLFSSL_MULTI_ATTRIB
  10501. static CertName certDefaultName;
  10502. static void initDefaultName(void)
  10503. {
  10504. XMEMCPY(certDefaultName.country, "US", sizeof("US"));
  10505. certDefaultName.countryEnc = CTC_PRINTABLE;
  10506. XMEMCPY(certDefaultName.state, "Oregon", sizeof("Oregon"));
  10507. certDefaultName.stateEnc = CTC_UTF8;
  10508. XMEMCPY(certDefaultName.locality, "Portland", sizeof("Portland"));
  10509. certDefaultName.localityEnc = CTC_UTF8;
  10510. XMEMCPY(certDefaultName.sur, "Test", sizeof("Test"));
  10511. certDefaultName.surEnc = CTC_UTF8;
  10512. XMEMCPY(certDefaultName.org, "wolfSSL", sizeof("wolfSSL"));
  10513. certDefaultName.orgEnc = CTC_UTF8;
  10514. XMEMCPY(certDefaultName.unit, "Development", sizeof("Development"));
  10515. certDefaultName.unitEnc = CTC_UTF8;
  10516. XMEMCPY(certDefaultName.commonName, "www.wolfssl.com", sizeof("www.wolfssl.com"));
  10517. certDefaultName.commonNameEnc = CTC_UTF8;
  10518. XMEMCPY(certDefaultName.serialDev, "wolfSSL12345", sizeof("wolfSSL12345"));
  10519. certDefaultName.serialDevEnc = CTC_PRINTABLE;
  10520. #ifdef WOLFSSL_CERT_EXT
  10521. XMEMCPY(certDefaultName.busCat, "Private Organization", sizeof("Private Organization"));
  10522. certDefaultName.busCatEnc = CTC_UTF8;
  10523. #endif
  10524. XMEMCPY(certDefaultName.email, "info@wolfssl.com", sizeof("info@wolfssl.com"));
  10525. #ifdef WOLFSSL_TEST_CERT
  10526. {
  10527. NameAttrib* n;
  10528. /* test having additional OUs and setting DC */
  10529. n = &certDefaultName.name[0];
  10530. n->id = ASN_ORGUNIT_NAME;
  10531. n->type = CTC_UTF8;
  10532. n->sz = sizeof("Development-2");
  10533. XMEMCPY(n->value, "Development-2", sizeof("Development-2"));
  10534. #if CTC_MAX_ATTRIB > 3
  10535. n = &certDefaultName.name[1];
  10536. n->id = ASN_DOMAIN_COMPONENT;
  10537. n->type = CTC_UTF8;
  10538. n->sz = sizeof("com");
  10539. XMEMCPY(n->value, "com", sizeof("com"));
  10540. n = &certDefaultName.name[2];
  10541. n->id = ASN_DOMAIN_COMPONENT;
  10542. n->type = CTC_UTF8;
  10543. n->sz = sizeof("wolfssl");
  10544. XMEMCPY(n->value, "wolfssl", sizeof("wolfssl"));
  10545. #endif
  10546. }
  10547. #endif /* WOLFSSL_TEST_CERT */
  10548. }
  10549. #else
  10550. static const CertName certDefaultName = {
  10551. "US", CTC_PRINTABLE, /* country */
  10552. "Oregon", CTC_UTF8, /* state */
  10553. "Portland", CTC_UTF8, /* locality */
  10554. "Test", CTC_UTF8, /* sur */
  10555. "wolfSSL", CTC_UTF8, /* org */
  10556. "Development", CTC_UTF8, /* unit */
  10557. "www.wolfssl.com", CTC_UTF8, /* commonName */
  10558. "wolfSSL12345", CTC_PRINTABLE, /* serial number of device */
  10559. #ifdef WOLFSSL_CERT_EXT
  10560. "Private Organization", CTC_UTF8, /* businessCategory */
  10561. "US", CTC_PRINTABLE, /* jurisdiction country */
  10562. "Oregon", CTC_PRINTABLE, /* jurisdiction state */
  10563. #endif
  10564. "info@wolfssl.com" /* email */
  10565. };
  10566. #endif /* WOLFSSL_MULTI_ATTRIB */
  10567. #ifdef WOLFSSL_CERT_EXT
  10568. #if ((defined(HAVE_ED25519) || defined(HAVE_ED448)) && \
  10569. defined(WOLFSSL_TEST_CERT)) || defined(HAVE_ECC)
  10570. WOLFSSL_SMALL_STACK_STATIC const char certKeyUsage[] =
  10571. "digitalSignature,nonRepudiation";
  10572. #endif
  10573. #if (defined(WOLFSSL_CERT_REQ) || defined(HAVE_NTRU)) && !defined(NO_RSA)
  10574. WOLFSSL_SMALL_STACK_STATIC const char certKeyUsage2[] =
  10575. "digitalSignature,nonRepudiation,keyEncipherment,keyAgreement";
  10576. #endif
  10577. #endif /* WOLFSSL_CERT_EXT */
  10578. #endif /* WOLFSSL_CERT_GEN */
  10579. #ifndef NO_RSA
  10580. #if !defined(NO_ASN_TIME) && !defined(NO_RSA) && defined(WOLFSSL_TEST_CERT) && \
  10581. !defined(NO_FILESYSTEM)
  10582. static byte minSerial[] = { 0x02, 0x01, 0x01 };
  10583. static byte minName[] = { 0x30, 0x00 };
  10584. static byte nameBad[] = {
  10585. 0x30, 0x08,
  10586. 0x31, 0x06,
  10587. 0x30, 0x04,
  10588. 0x06, 0x02,
  10589. 0x55, 0x04,
  10590. };
  10591. static byte minDates[] = {
  10592. 0x30, 0x1e,
  10593. 0x17, 0x0d,
  10594. 0x31, 0x38, 0x30, 0x34, 0x31, 0x33, 0x31, 0x35,
  10595. 0x32, 0x33, 0x31, 0x30, 0x5a,
  10596. 0x17, 0x0d,
  10597. 0x32, 0x31, 0x30, 0x31, 0x30, 0x37, 0x31, 0x35,
  10598. 0x32, 0x33, 0x31, 0x30, 0x5a
  10599. };
  10600. static byte minPubKey[] = {
  10601. 0x30, 0x1b,
  10602. 0x30, 0x0d,
  10603. 0x06, 0x09,
  10604. 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01,
  10605. 0x01,
  10606. 0x05, 0x00,
  10607. 0x03, 0x0b,
  10608. 0x00, 0x30, 0x08,
  10609. 0x02, 0x01,
  10610. 0x03,
  10611. 0x02, 0x03,
  10612. 0x01, 0x00, 0x01
  10613. };
  10614. static byte minSigAlg[] = {
  10615. 0x30, 0x0d,
  10616. 0x06, 0x09,
  10617. 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01,
  10618. 0x0b,
  10619. 0x05, 0x00
  10620. };
  10621. static byte minSig[] = {
  10622. 0x03, 0x01,
  10623. 0x00
  10624. };
  10625. static int add_seq(byte* certData, int offset, byte* data, byte length)
  10626. {
  10627. XMEMMOVE(certData + offset + 2, data, length);
  10628. certData[offset++] = 0x30;
  10629. certData[offset++] = length;
  10630. return offset + length;
  10631. }
  10632. static int add_data(byte* certData, int offset, byte* data, byte length)
  10633. {
  10634. XMEMCPY(certData + offset, data, length);
  10635. return offset + length;
  10636. }
  10637. static int cert_asn1_test(void)
  10638. {
  10639. int ret;
  10640. int len[3];
  10641. DecodedCert cert;
  10642. byte certData[106];
  10643. byte* badCert = NULL;
  10644. len[2] = add_data(certData, 0, minSerial, (byte)sizeof(minSerial));
  10645. len[2] = add_data(certData, len[2], minSigAlg, (byte)sizeof(minSigAlg));
  10646. len[2] = add_data(certData, len[2], minName, (byte)sizeof(minName));
  10647. len[2] = add_data(certData, len[2], minDates, (byte)sizeof(minDates));
  10648. len[2] = add_data(certData, len[2], minName, (byte)sizeof(minName));
  10649. len[2] = add_data(certData, len[2], minPubKey, (byte)sizeof(minPubKey));
  10650. len[1] = add_seq(certData, 0, certData, len[2]);
  10651. len[1] = add_data(certData, len[1], minSigAlg, (byte)sizeof(minSigAlg));
  10652. len[1] = add_data(certData, len[1], minSig, (byte)sizeof(minSig));
  10653. len[0] = add_seq(certData, 0, certData, len[1]);
  10654. /* Minimal good certificate */
  10655. InitDecodedCert(&cert, certData, len[0], 0);
  10656. ret = ParseCert(&cert, CERT_TYPE, NO_VERIFY, NULL);
  10657. FreeDecodedCert(&cert);
  10658. if (ret != 0) {
  10659. ERROR_OUT(-7300, done);
  10660. }
  10661. /* Bad issuer name */
  10662. len[2] = add_data(certData, 0, minSerial, (byte)sizeof(minSerial));
  10663. len[2] = add_data(certData, len[2], minSigAlg, (byte)sizeof(minSigAlg));
  10664. len[2] = add_data(certData, len[2], nameBad, (byte)sizeof(nameBad));
  10665. len[1] = add_seq(certData, 0, certData, len[2]);
  10666. len[0] = add_seq(certData, 0, certData, len[1]);
  10667. /* Put data into allocated buffer to allow access error checking. */
  10668. badCert = (byte*)XMALLOC(len[0], HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  10669. XMEMCPY(badCert, certData, len[0]);
  10670. InitDecodedCert(&cert, badCert, len[0], 0);
  10671. ret = ParseCert(&cert, CERT_TYPE, NO_VERIFY, NULL);
  10672. FreeDecodedCert(&cert);
  10673. if (ret != ASN_PARSE_E) {
  10674. ERROR_OUT(-7301, done);
  10675. }
  10676. XFREE(badCert, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  10677. badCert = NULL;
  10678. ret = 0;
  10679. done:
  10680. if (badCert != NULL)
  10681. XFREE(badCert, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  10682. return ret;
  10683. }
  10684. WOLFSSL_TEST_SUBROUTINE int cert_test(void)
  10685. {
  10686. #if !defined(NO_FILESYSTEM)
  10687. DecodedCert cert;
  10688. byte* tmp;
  10689. size_t bytes;
  10690. XFILE file;
  10691. int ret;
  10692. tmp = (byte*)XMALLOC(FOURK_BUF, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  10693. if (tmp == NULL)
  10694. return -7400;
  10695. /* Certificate with Name Constraints extension. */
  10696. #ifdef FREESCALE_MQX
  10697. file = XFOPEN(".\\certs\\test\\cert-ext-nc.der", "rb");
  10698. #else
  10699. file = XFOPEN("./certs/test/cert-ext-nc.der", "rb");
  10700. #endif
  10701. if (!file) {
  10702. ERROR_OUT(-7401, done);
  10703. }
  10704. bytes = XFREAD(tmp, 1, FOURK_BUF, file);
  10705. XFCLOSE(file);
  10706. InitDecodedCert(&cert, tmp, (word32)bytes, 0);
  10707. ret = ParseCert(&cert, CERT_TYPE, NO_VERIFY, NULL);
  10708. if (ret != 0) {
  10709. ERROR_OUT(-7402, done);
  10710. }
  10711. FreeDecodedCert(&cert);
  10712. /* Certificate with Inhibit Any Policy extension. */
  10713. #ifdef FREESCALE_MQX
  10714. file = XFOPEN(".\\certs\\test\\cert-ext-ia.der", "rb");
  10715. #else
  10716. file = XFOPEN("./certs/test/cert-ext-ia.der", "rb");
  10717. #endif
  10718. if (!file) {
  10719. ERROR_OUT(-7403, done);
  10720. }
  10721. bytes = XFREAD(tmp, 1, FOURK_BUF, file);
  10722. XFCLOSE(file);
  10723. InitDecodedCert(&cert, tmp, (word32)bytes, 0);
  10724. ret = ParseCert(&cert, CERT_TYPE, NO_VERIFY, NULL);
  10725. if (ret != 0) {
  10726. ERROR_OUT(-7404, done);
  10727. }
  10728. FreeDecodedCert(&cert);
  10729. /* Certificate with Netscape Certificate Type extension. */
  10730. #ifdef FREESCALE_MQX
  10731. file = XFOPEN(".\\certs\\test\\cert-ext-nct.der", "rb");
  10732. #else
  10733. file = XFOPEN("./certs/test/cert-ext-nct.der", "rb");
  10734. #endif
  10735. if (!file) {
  10736. ERROR_OUT(-7405, done);
  10737. }
  10738. bytes = XFREAD(tmp, 1, FOURK_BUF, file);
  10739. XFCLOSE(file);
  10740. InitDecodedCert(&cert, tmp, (word32)bytes, 0);
  10741. ret = ParseCert(&cert, CERT_TYPE, NO_VERIFY, NULL);
  10742. #ifndef IGNORE_NETSCAPE_CERT_TYPE
  10743. if (ret != 0) {
  10744. ERROR_OUT(-7406, done);
  10745. }
  10746. #else
  10747. if (ret != ASN_CRIT_EXT_E) {
  10748. ERROR_OUT(-7407, done);
  10749. }
  10750. ret = 0;
  10751. #endif
  10752. done:
  10753. FreeDecodedCert(&cert);
  10754. XFREE(tmp, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  10755. #endif /* !NO_FILESYSTEM */
  10756. if (ret == 0)
  10757. ret = cert_asn1_test();
  10758. return ret;
  10759. }
  10760. #endif /* WOLFSSL_TEST_CERT */
  10761. #if defined(WOLFSSL_CERT_EXT) && defined(WOLFSSL_TEST_CERT) && \
  10762. !defined(NO_FILESYSTEM)
  10763. WOLFSSL_TEST_SUBROUTINE int certext_test(void)
  10764. {
  10765. DecodedCert cert;
  10766. byte* tmp;
  10767. size_t bytes;
  10768. XFILE file;
  10769. int ret;
  10770. /* created from rsa_test : othercert.der */
  10771. byte skid_rsa[] = "\x33\xD8\x45\x66\xD7\x68\x87\x18\x7E\x54"
  10772. "\x0D\x70\x27\x91\xC7\x26\xD7\x85\x65\xC0";
  10773. /* created from rsa_test : othercert.der */
  10774. byte akid_rsa[] = "\x27\x8E\x67\x11\x74\xC3\x26\x1D\x3F\xED"
  10775. "\x33\x63\xB3\xA4\xD8\x1D\x30\xE5\xE8\xD5";
  10776. #ifdef HAVE_ECC
  10777. /* created from ecc_test_cert_gen : certecc.der */
  10778. #ifdef ENABLE_ECC384_CERT_GEN_TEST
  10779. /* Authority key id from ./certs/ca-ecc384-cert.pem */
  10780. byte akid_ecc[] = "\xAB\xE0\xC3\x26\x4C\x18\xD4\x72\xBB\xD2"
  10781. "\x84\x8C\x9C\x0A\x05\x92\x80\x12\x53\x52";
  10782. #else
  10783. /* Authority key id from ./certs/ca-ecc-cert.pem */
  10784. byte akid_ecc[] = "\x56\x8E\x9A\xC3\xF0\x42\xDE\x18\xB9\x45"
  10785. "\x55\x6E\xF9\x93\xCF\xEA\xC3\xF3\xA5\x21";
  10786. #endif
  10787. #endif /* HAVE_ECC */
  10788. /* created from rsa_test : cert.der */
  10789. byte kid_ca[] = "\x33\xD8\x45\x66\xD7\x68\x87\x18\x7E\x54"
  10790. "\x0D\x70\x27\x91\xC7\x26\xD7\x85\x65\xC0";
  10791. tmp = (byte*)XMALLOC(FOURK_BUF, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  10792. if (tmp == NULL)
  10793. return -7500;
  10794. /* load othercert.der (Cert signed by an authority) */
  10795. file = XFOPEN(otherCertDerFile, "rb");
  10796. if (!file) {
  10797. XFREE(tmp, HEAP_HINT ,DYNAMIC_TYPE_TMP_BUFFER);
  10798. return -7501;
  10799. }
  10800. bytes = XFREAD(tmp, 1, FOURK_BUF, file);
  10801. XFCLOSE(file);
  10802. InitDecodedCert(&cert, tmp, (word32)bytes, 0);
  10803. ret = ParseCert(&cert, CERT_TYPE, NO_VERIFY, 0);
  10804. if (ret != 0)
  10805. return -7502;
  10806. /* check the SKID from a RSA certificate */
  10807. if (XMEMCMP(skid_rsa, cert.extSubjKeyId, sizeof(cert.extSubjKeyId)))
  10808. return -7503;
  10809. /* check the AKID from an RSA certificate */
  10810. if (XMEMCMP(akid_rsa, cert.extAuthKeyId, sizeof(cert.extAuthKeyId)))
  10811. return -7504;
  10812. /* check the Key Usage from an RSA certificate */
  10813. if (!cert.extKeyUsageSet)
  10814. return -7505;
  10815. if (cert.extKeyUsage != (KEYUSE_KEY_ENCIPHER|KEYUSE_KEY_AGREE))
  10816. return -7506;
  10817. /* check the CA Basic Constraints from an RSA certificate */
  10818. if (cert.isCA)
  10819. return -7507;
  10820. #ifndef WOLFSSL_SEP /* test only if not using SEP policies */
  10821. /* check the Certificate Policies Id */
  10822. if (cert.extCertPoliciesNb != 1)
  10823. return -7508;
  10824. if (strncmp(cert.extCertPolicies[0], "2.16.840.1.101.3.4.1.42", 23))
  10825. return -7509;
  10826. #endif
  10827. FreeDecodedCert(&cert);
  10828. #ifdef HAVE_ECC
  10829. /* load certecc.der (Cert signed by our ECC CA test in ecc_test_cert_gen) */
  10830. file = XFOPEN(certEccDerFile, "rb");
  10831. if (!file) {
  10832. XFREE(tmp, HEAP_HINT ,DYNAMIC_TYPE_TMP_BUFFER);
  10833. return -7510;
  10834. }
  10835. bytes = XFREAD(tmp, 1, FOURK_BUF, file);
  10836. XFCLOSE(file);
  10837. InitDecodedCert(&cert, tmp, (word32)bytes, 0);
  10838. ret = ParseCert(&cert, CERT_TYPE, NO_VERIFY, 0);
  10839. if (ret != 0)
  10840. return -7511;
  10841. /* check the SKID from a ECC certificate - generated dynamically */
  10842. /* check the AKID from an ECC certificate */
  10843. if (XMEMCMP(akid_ecc, cert.extAuthKeyId, sizeof(cert.extAuthKeyId)))
  10844. return -7512;
  10845. /* check the Key Usage from an ECC certificate */
  10846. if (!cert.extKeyUsageSet)
  10847. return -7513;
  10848. if (cert.extKeyUsage != (KEYUSE_DIGITAL_SIG|KEYUSE_CONTENT_COMMIT))
  10849. return -7514;
  10850. /* check the CA Basic Constraints from an ECC certificate */
  10851. if (cert.isCA)
  10852. return -7515;
  10853. #ifndef WOLFSSL_SEP /* test only if not using SEP policies */
  10854. /* check the Certificate Policies Id */
  10855. if (cert.extCertPoliciesNb != 2)
  10856. return -7516;
  10857. if (strncmp(cert.extCertPolicies[0], "2.4.589440.587.101.2.1.9632587.1", 32))
  10858. return -7517;
  10859. if (strncmp(cert.extCertPolicies[1], "1.2.13025.489.1.113549", 22))
  10860. return -7518;
  10861. #endif
  10862. FreeDecodedCert(&cert);
  10863. #endif /* HAVE_ECC */
  10864. /* load cert.der (self signed certificate) */
  10865. file = XFOPEN(certDerFile, "rb");
  10866. if (!file) {
  10867. XFREE(tmp, HEAP_HINT ,DYNAMIC_TYPE_TMP_BUFFER);
  10868. return -7519;
  10869. }
  10870. bytes = XFREAD(tmp, 1, FOURK_BUF, file);
  10871. XFCLOSE(file);
  10872. InitDecodedCert(&cert, tmp, (word32)bytes, 0);
  10873. ret = ParseCert(&cert, CERT_TYPE, NO_VERIFY, 0);
  10874. if (ret != 0)
  10875. return -7520;
  10876. /* check the SKID from a CA certificate */
  10877. if (XMEMCMP(kid_ca, cert.extSubjKeyId, sizeof(cert.extSubjKeyId)))
  10878. return -7521;
  10879. /* check the AKID from an CA certificate */
  10880. if (XMEMCMP(kid_ca, cert.extAuthKeyId, sizeof(cert.extAuthKeyId)))
  10881. return -7522;
  10882. /* check the Key Usage from CA certificate */
  10883. if (!cert.extKeyUsageSet)
  10884. return -7523;
  10885. if (cert.extKeyUsage != (KEYUSE_KEY_CERT_SIGN|KEYUSE_CRL_SIGN))
  10886. return -7524;
  10887. /* check the CA Basic Constraints CA certificate */
  10888. if (!cert.isCA)
  10889. return -7525;
  10890. #ifndef WOLFSSL_SEP /* test only if not using SEP policies */
  10891. /* check the Certificate Policies Id */
  10892. if (cert.extCertPoliciesNb != 2)
  10893. return -7526;
  10894. if (strncmp(cert.extCertPolicies[0], "2.16.840.1.101.3.4.1.42", 23))
  10895. return -7527;
  10896. if (strncmp(cert.extCertPolicies[1], "1.2.840.113549.1.9.16.6.5", 25))
  10897. return -7528;
  10898. #endif
  10899. FreeDecodedCert(&cert);
  10900. XFREE(tmp, HEAP_HINT ,DYNAMIC_TYPE_TMP_BUFFER);
  10901. return 0;
  10902. }
  10903. #endif /* WOLFSSL_CERT_EXT && WOLFSSL_TEST_CERT */
  10904. #if defined(WOLFSSL_CERT_GEN_CACHE) && defined(WOLFSSL_TEST_CERT) && \
  10905. defined(WOLFSSL_CERT_EXT) && defined(WOLFSSL_CERT_GEN)
  10906. WOLFSSL_TEST_SUBROUTINE int decodedCertCache_test(void)
  10907. {
  10908. int ret = 0;
  10909. Cert cert;
  10910. FILE* file;
  10911. byte* der;
  10912. word32 derSz;
  10913. derSz = FOURK_BUF;
  10914. der = (byte *)XMALLOC(FOURK_BUF, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  10915. if (der == NULL)
  10916. ret = -7600;
  10917. if (ret == 0) {
  10918. /* load cert.der */
  10919. file = XFOPEN(certDerFile, "rb");
  10920. if (file != NULL) {
  10921. derSz = (word32)XFREAD(der, 1, FOURK_BUF, file);
  10922. XFCLOSE(file);
  10923. }
  10924. else
  10925. ret = -7601;
  10926. }
  10927. if (ret == 0) {
  10928. if (wc_InitCert(&cert)) {
  10929. ret = -7602;
  10930. }
  10931. }
  10932. if (ret == 0) {
  10933. ret = wc_SetSubjectBuffer(&cert, der, derSz);
  10934. }
  10935. if (ret == 0) {
  10936. if(wc_SetSubjectBuffer(NULL, der, derSz) != BAD_FUNC_ARG)
  10937. ret = -7603;
  10938. }
  10939. if (ret == 0) {
  10940. if (wc_SetSubjectRaw(&cert, der, derSz) != 0)
  10941. ret = -7604;
  10942. }
  10943. if (ret == 0) {
  10944. if(wc_SetSubjectRaw(NULL, der, derSz) != BAD_FUNC_ARG)
  10945. ret = -7605;
  10946. }
  10947. if (ret == 0) {
  10948. if(wc_SetIssuerBuffer(&cert, der, derSz) != 0)
  10949. ret = -7606;
  10950. }
  10951. if (ret == 0) {
  10952. if(wc_SetIssuerBuffer(NULL, der, derSz) != BAD_FUNC_ARG)
  10953. ret = -7607;
  10954. }
  10955. if (ret == 0) {
  10956. if(wc_SetIssuerRaw(&cert, der, derSz) != 0)
  10957. ret = -7608;
  10958. }
  10959. if (ret == 0) {
  10960. if(wc_SetIssuerRaw(NULL, der, derSz) != BAD_FUNC_ARG)
  10961. ret = -7609;
  10962. }
  10963. #ifdef WOLFSSL_ALT_NAMES
  10964. if (ret == 0) {
  10965. if(wc_SetAltNamesBuffer(&cert, der, derSz) != 0)
  10966. ret = -7610;
  10967. }
  10968. if (ret == 0) {
  10969. if(wc_SetAltNamesBuffer(NULL, der, derSz) != BAD_FUNC_ARG)
  10970. ret = -7611;
  10971. }
  10972. if (ret == 0) {
  10973. if(wc_SetDatesBuffer(&cert, der, derSz) != 0)
  10974. ret = -7612;
  10975. }
  10976. if (ret == 0) {
  10977. if(wc_SetDatesBuffer(NULL, der, derSz) != BAD_FUNC_ARG)
  10978. ret = -7613;
  10979. }
  10980. #endif
  10981. if (ret == 0) {
  10982. if(wc_SetAuthKeyIdFromCert(&cert, der, derSz) != 0)
  10983. ret = -7614;
  10984. }
  10985. if (ret == 0) {
  10986. if(wc_SetAuthKeyIdFromCert(NULL, der, derSz) != BAD_FUNC_ARG)
  10987. ret = -7615;
  10988. }
  10989. wc_SetCert_Free(&cert);
  10990. if (ret == 0) {
  10991. if(cert.decodedCert != NULL)
  10992. ret = -7616;
  10993. }
  10994. XFREE(der, HEAP_HINT ,DYNAMIC_TYPE_TMP_BUFFER);
  10995. return ret;
  10996. }
  10997. #endif /* defined(WOLFSSL_CERT_GEN_CACHE) && defined(WOLFSSL_TEST_CERT) &&
  10998. defined(WOLFSSL_CERT_EXT) && defined(WOLFSSL_CERT_GEN) */
  10999. #define RSA_TEST_BYTES 512 /* up to 4096-bit key */
  11000. #if !defined(NO_ASN) && !defined(WOLFSSL_RSA_PUBLIC_ONLY) && \
  11001. !defined(WOLFSSL_RSA_VERIFY_ONLY)
  11002. static int rsa_flatten_test(RsaKey* key)
  11003. {
  11004. int ret;
  11005. byte e[RSA_TEST_BYTES];
  11006. byte n[RSA_TEST_BYTES];
  11007. word32 eSz = sizeof(e);
  11008. word32 nSz = sizeof(n);
  11009. /* Parameter Validation testing. */
  11010. ret = wc_RsaFlattenPublicKey(NULL, e, &eSz, n, &nSz);
  11011. #ifdef HAVE_USER_RSA
  11012. /* Implementation using IPP Libraries returns:
  11013. * -101 = USER_CRYPTO_ERROR
  11014. */
  11015. if (ret == 0)
  11016. #else
  11017. if (ret != BAD_FUNC_ARG)
  11018. #endif
  11019. return -7620;
  11020. ret = wc_RsaFlattenPublicKey(key, NULL, &eSz, n, &nSz);
  11021. #ifdef HAVE_USER_RSA
  11022. /* Implementation using IPP Libraries returns:
  11023. * -101 = USER_CRYPTO_ERROR
  11024. */
  11025. if (ret == 0)
  11026. #else
  11027. if (ret != BAD_FUNC_ARG)
  11028. #endif
  11029. return -7621;
  11030. ret = wc_RsaFlattenPublicKey(key, e, NULL, n, &nSz);
  11031. #ifdef HAVE_USER_RSA
  11032. /* Implementation using IPP Libraries returns:
  11033. * -101 = USER_CRYPTO_ERROR
  11034. */
  11035. if (ret == 0)
  11036. #else
  11037. if (ret != BAD_FUNC_ARG)
  11038. #endif
  11039. return -7622;
  11040. ret = wc_RsaFlattenPublicKey(key, e, &eSz, NULL, &nSz);
  11041. #ifdef HAVE_USER_RSA
  11042. /* Implementation using IPP Libraries returns:
  11043. * -101 = USER_CRYPTO_ERROR
  11044. */
  11045. if (ret == 0)
  11046. #else
  11047. if (ret != BAD_FUNC_ARG)
  11048. #endif
  11049. return -7623;
  11050. ret = wc_RsaFlattenPublicKey(key, e, &eSz, n, NULL);
  11051. #ifdef HAVE_USER_RSA
  11052. /* Implementation using IPP Libraries returns:
  11053. * -101 = USER_CRYPTO_ERROR
  11054. */
  11055. if (ret == 0)
  11056. #else
  11057. if (ret != BAD_FUNC_ARG)
  11058. #endif
  11059. return -7624;
  11060. ret = wc_RsaFlattenPublicKey(key, e, &eSz, n, &nSz);
  11061. if (ret != 0)
  11062. return -7625;
  11063. eSz = 0;
  11064. ret = wc_RsaFlattenPublicKey(key, e, &eSz, n, &nSz);
  11065. #ifdef HAVE_USER_RSA
  11066. /* Implementation using IPP Libraries returns:
  11067. * -101 = USER_CRYPTO_ERROR
  11068. */
  11069. if (ret == 0)
  11070. #elif defined(HAVE_FIPS) && \
  11071. (!defined(HAVE_FIPS_VERSION) || (HAVE_FIPS_VERSION < 2))
  11072. if (ret != 0)
  11073. #else
  11074. if (ret != RSA_BUFFER_E)
  11075. #endif
  11076. return -7626;
  11077. eSz = sizeof(e);
  11078. nSz = 0;
  11079. ret = wc_RsaFlattenPublicKey(key, e, &eSz, n, &nSz);
  11080. #ifdef HAVE_USER_RSA
  11081. /* Implementation using IPP Libraries returns:
  11082. * -101 = USER_CRYPTO_ERROR
  11083. */
  11084. if (ret == 0)
  11085. #else
  11086. if (ret != RSA_BUFFER_E)
  11087. #endif
  11088. return -7627;
  11089. return 0;
  11090. }
  11091. #endif /* NO_ASN */
  11092. #if !defined(HAVE_FIPS) && !defined(HAVE_USER_RSA) && !defined(NO_ASN) \
  11093. && !defined(WOLFSSL_RSA_VERIFY_ONLY)
  11094. static int rsa_export_key_test(RsaKey* key)
  11095. {
  11096. int ret;
  11097. byte e[3];
  11098. word32 eSz = sizeof(e);
  11099. byte n[RSA_TEST_BYTES];
  11100. word32 nSz = sizeof(n);
  11101. byte d[RSA_TEST_BYTES];
  11102. word32 dSz = sizeof(d);
  11103. byte p[RSA_TEST_BYTES/2];
  11104. word32 pSz = sizeof(p);
  11105. byte q[RSA_TEST_BYTES/2];
  11106. word32 qSz = sizeof(q);
  11107. word32 zero = 0;
  11108. ret = wc_RsaExportKey(NULL, e, &eSz, n, &nSz, d, &dSz, p, &pSz, q, &qSz);
  11109. if (ret != BAD_FUNC_ARG)
  11110. return -7630;
  11111. ret = wc_RsaExportKey(key, NULL, &eSz, n, &nSz, d, &dSz, p, &pSz, q, &qSz);
  11112. if (ret != BAD_FUNC_ARG)
  11113. return -7631;
  11114. ret = wc_RsaExportKey(key, e, NULL, n, &nSz, d, &dSz, p, &pSz, q, &qSz);
  11115. if (ret != BAD_FUNC_ARG)
  11116. return -7632;
  11117. ret = wc_RsaExportKey(key, e, &eSz, NULL, &nSz, d, &dSz, p, &pSz, q, &qSz);
  11118. if (ret != BAD_FUNC_ARG)
  11119. return -7633;
  11120. ret = wc_RsaExportKey(key, e, &eSz, n, NULL, d, &dSz, p, &pSz, q, &qSz);
  11121. if (ret != BAD_FUNC_ARG)
  11122. return -7634;
  11123. ret = wc_RsaExportKey(key, e, &eSz, n, &nSz, NULL, &dSz, p, &pSz, q, &qSz);
  11124. if (ret != BAD_FUNC_ARG)
  11125. return -7635;
  11126. ret = wc_RsaExportKey(key, e, &eSz, n, &nSz, d, NULL, p, &pSz, q, &qSz);
  11127. if (ret != BAD_FUNC_ARG)
  11128. return -7636;
  11129. ret = wc_RsaExportKey(key, e, &eSz, n, &nSz, d, &dSz, NULL, &pSz, q, &qSz);
  11130. if (ret != BAD_FUNC_ARG)
  11131. return -7637;
  11132. ret = wc_RsaExportKey(key, e, &eSz, n, &nSz, d, &dSz, p, NULL, q, &qSz);
  11133. if (ret != BAD_FUNC_ARG)
  11134. return -7638;
  11135. ret = wc_RsaExportKey(key, e, &eSz, n, &nSz, d, &dSz, p, &pSz, NULL, &qSz);
  11136. if (ret != BAD_FUNC_ARG)
  11137. return -7639;
  11138. ret = wc_RsaExportKey(key, e, &eSz, n, &nSz, d, &dSz, p, &pSz, q, NULL);
  11139. if (ret != BAD_FUNC_ARG)
  11140. return -7640;
  11141. ret = wc_RsaExportKey(key, e, &zero, n, &nSz, d, &dSz, p, &pSz, q, &qSz);
  11142. if (ret != RSA_BUFFER_E)
  11143. return -7641;
  11144. ret = wc_RsaExportKey(key, e, &eSz, n, &zero, d, &dSz, p, &pSz, q, &qSz);
  11145. if (ret != RSA_BUFFER_E)
  11146. return -7642;
  11147. #ifndef WOLFSSL_RSA_PUBLIC_ONLY
  11148. ret = wc_RsaExportKey(key, e, &eSz, n, &nSz, d, &zero, p, &pSz, q, &qSz);
  11149. if (ret != RSA_BUFFER_E)
  11150. return -7643;
  11151. ret = wc_RsaExportKey(key, e, &eSz, n, &nSz, d, &dSz, p, &zero, q, &qSz);
  11152. if (ret != RSA_BUFFER_E)
  11153. return -7644;
  11154. ret = wc_RsaExportKey(key, e, &eSz, n, &nSz, d, &dSz, p, &pSz, q, &zero);
  11155. if (ret != RSA_BUFFER_E)
  11156. return -7645;
  11157. #endif /* WOLFSSL_RSA_PUBLIC_ONLY */
  11158. ret = wc_RsaExportKey(key, e, &eSz, n, &nSz, d, &dSz, p, &pSz, q, &qSz);
  11159. if (ret != 0)
  11160. return -7646;
  11161. return 0;
  11162. }
  11163. #endif /* !HAVE_FIPS && !USER_RSA && !NO_ASN */
  11164. #ifndef NO_SIG_WRAPPER
  11165. static int rsa_sig_test(RsaKey* key, word32 keyLen, int modLen, WC_RNG* rng)
  11166. {
  11167. int ret;
  11168. word32 sigSz;
  11169. WOLFSSL_SMALL_STACK_STATIC const byte in[] = TEST_STRING;
  11170. WOLFSSL_SMALL_STACK_STATIC const byte hash[] = {
  11171. 0xf2, 0x02, 0x95, 0x65, 0xcb, 0xf6, 0x2a, 0x59,
  11172. 0x39, 0x2c, 0x05, 0xff, 0x0e, 0x29, 0xaf, 0xfe,
  11173. 0x47, 0x33, 0x8c, 0x99, 0x8d, 0x58, 0x64, 0x83,
  11174. 0xa6, 0x58, 0x0a, 0x33, 0x0b, 0x84, 0x5f, 0x5f
  11175. };
  11176. WOLFSSL_SMALL_STACK_STATIC const byte hashEnc[] = {
  11177. 0x30, 0x31, 0x30, 0x0d, 0x06, 0x09, 0x60, 0x86,
  11178. 0x48, 0x01, 0x65, 0x03, 0x04, 0x02, 0x01, 0x05,
  11179. 0x00, 0x04, 0x20,
  11180. 0xf2, 0x02, 0x95, 0x65, 0xcb, 0xf6, 0x2a, 0x59,
  11181. 0x39, 0x2c, 0x05, 0xff, 0x0e, 0x29, 0xaf, 0xfe,
  11182. 0x47, 0x33, 0x8c, 0x99, 0x8d, 0x58, 0x64, 0x83,
  11183. 0xa6, 0x58, 0x0a, 0x33, 0x0b, 0x84, 0x5f, 0x5f
  11184. };
  11185. word32 inLen = (word32)XSTRLEN((char*)in);
  11186. byte out[RSA_TEST_BYTES];
  11187. /* Parameter Validation testing. */
  11188. ret = wc_SignatureGetSize(WC_SIGNATURE_TYPE_NONE, key, keyLen);
  11189. if (ret != BAD_FUNC_ARG)
  11190. return -7650;
  11191. ret = wc_SignatureGetSize(WC_SIGNATURE_TYPE_RSA, key, 0);
  11192. if (ret != BAD_FUNC_ARG)
  11193. return -7651;
  11194. sigSz = (word32)modLen;
  11195. ret = wc_SignatureGenerate(WC_HASH_TYPE_SHA256, WC_SIGNATURE_TYPE_RSA, NULL,
  11196. inLen, out, &sigSz, key, keyLen, rng);
  11197. if (ret != BAD_FUNC_ARG)
  11198. return -7652;
  11199. ret = wc_SignatureGenerate(WC_HASH_TYPE_SHA256, WC_SIGNATURE_TYPE_RSA, in,
  11200. 0, out, &sigSz, key, keyLen, rng);
  11201. if (ret != BAD_FUNC_ARG)
  11202. return -7653;
  11203. ret = wc_SignatureGenerate(WC_HASH_TYPE_SHA256, WC_SIGNATURE_TYPE_RSA, in,
  11204. inLen, NULL, &sigSz, key, keyLen, rng);
  11205. if (ret != BAD_FUNC_ARG)
  11206. return -7654;
  11207. ret = wc_SignatureGenerate(WC_HASH_TYPE_SHA256, WC_SIGNATURE_TYPE_RSA, in,
  11208. inLen, out, NULL, key, keyLen, rng);
  11209. if (ret != BAD_FUNC_ARG)
  11210. return -7655;
  11211. ret = wc_SignatureGenerate(WC_HASH_TYPE_SHA256, WC_SIGNATURE_TYPE_RSA, in,
  11212. inLen, out, &sigSz, NULL, keyLen, rng);
  11213. if (ret != BAD_FUNC_ARG)
  11214. return -7656;
  11215. ret = wc_SignatureGenerate(WC_HASH_TYPE_SHA256, WC_SIGNATURE_TYPE_RSA, in,
  11216. inLen, out, &sigSz, key, 0, rng);
  11217. if (ret != BAD_FUNC_ARG)
  11218. return -7657;
  11219. ret = wc_SignatureGenerate(WC_HASH_TYPE_SHA256, WC_SIGNATURE_TYPE_RSA, in,
  11220. inLen, out, &sigSz, key, keyLen, NULL);
  11221. #ifdef HAVE_USER_RSA
  11222. /* Implementation using IPP Libraries returns:
  11223. * -101 = USER_CRYPTO_ERROR
  11224. */
  11225. if (ret == 0)
  11226. #elif defined(WOLFSSL_AFALG_XILINX_RSA) || defined(WOLFSSL_XILINX_CRYPT)
  11227. /* blinding / rng handled with hardware acceleration */
  11228. if (ret != 0)
  11229. #elif defined(WOLFSSL_ASYNC_CRYPT) || defined(WOLF_CRYPTO_CB)
  11230. /* async may not require RNG */
  11231. if (ret != 0 && ret != MISSING_RNG_E)
  11232. #elif defined(HAVE_FIPS) || !defined(WC_RSA_BLINDING)
  11233. /* FIPS140 implementation does not do blinding */
  11234. if (ret != 0)
  11235. #elif defined(WOLFSSL_RSA_PUBLIC_ONLY) || defined(WOLFSSL_RSA_VERIFY_ONLY)
  11236. if (ret != SIG_TYPE_E)
  11237. #elif defined(WOLFSSL_CRYPTOCELL)
  11238. /* RNG is handled with the cryptocell */
  11239. if (ret != 0)
  11240. #else
  11241. if (ret != MISSING_RNG_E)
  11242. #endif
  11243. return -7658;
  11244. sigSz = 0;
  11245. ret = wc_SignatureGenerate(WC_HASH_TYPE_SHA256, WC_SIGNATURE_TYPE_RSA, in,
  11246. inLen, out, &sigSz, key, keyLen, rng);
  11247. if (ret != BAD_FUNC_ARG)
  11248. return -7659;
  11249. ret = wc_SignatureVerify(WC_HASH_TYPE_SHA256, WC_SIGNATURE_TYPE_RSA, NULL,
  11250. inLen, out, (word32)modLen, key, keyLen);
  11251. if (ret != BAD_FUNC_ARG)
  11252. return -7660;
  11253. ret = wc_SignatureVerify(WC_HASH_TYPE_SHA256, WC_SIGNATURE_TYPE_RSA, in,
  11254. 0, out, (word32)modLen, key, keyLen);
  11255. if (ret != BAD_FUNC_ARG)
  11256. return -7661;
  11257. ret = wc_SignatureVerify(WC_HASH_TYPE_SHA256, WC_SIGNATURE_TYPE_RSA, in,
  11258. inLen, NULL, (word32)modLen, key, keyLen);
  11259. if (ret != BAD_FUNC_ARG)
  11260. return -7662;
  11261. ret = wc_SignatureVerify(WC_HASH_TYPE_SHA256, WC_SIGNATURE_TYPE_RSA, in,
  11262. inLen, out, 0, key, keyLen);
  11263. if (ret != BAD_FUNC_ARG)
  11264. return -7663;
  11265. ret = wc_SignatureVerify(WC_HASH_TYPE_SHA256, WC_SIGNATURE_TYPE_RSA, in,
  11266. inLen, out, (word32)modLen, NULL, keyLen);
  11267. if (ret != BAD_FUNC_ARG)
  11268. return -7664;
  11269. ret = wc_SignatureVerify(WC_HASH_TYPE_SHA256, WC_SIGNATURE_TYPE_RSA, in,
  11270. inLen, out, (word32)modLen, key, 0);
  11271. if (ret != BAD_FUNC_ARG)
  11272. return -7665;
  11273. #ifndef HAVE_ECC
  11274. ret = wc_SignatureGetSize(WC_SIGNATURE_TYPE_ECC, key, keyLen);
  11275. if (ret != SIG_TYPE_E)
  11276. return -7666;
  11277. #endif
  11278. /* Use APIs. */
  11279. ret = wc_SignatureGetSize(WC_SIGNATURE_TYPE_RSA, key, keyLen);
  11280. if (ret != modLen)
  11281. return -7667;
  11282. ret = wc_SignatureGetSize(WC_SIGNATURE_TYPE_RSA_W_ENC, key, keyLen);
  11283. if (ret != modLen)
  11284. return -7668;
  11285. sigSz = (word32)ret;
  11286. #if !defined(WOLFSSL_RSA_PUBLIC_ONLY) && !defined(WOLFSSL_RSA_VERIFY_ONLY)
  11287. XMEMSET(out, 0, sizeof(out));
  11288. ret = wc_SignatureGenerate(WC_HASH_TYPE_SHA256, WC_SIGNATURE_TYPE_RSA, in,
  11289. inLen, out, &sigSz, key, keyLen, rng);
  11290. if (ret != 0)
  11291. return -7669;
  11292. ret = wc_SignatureVerify(WC_HASH_TYPE_SHA256, WC_SIGNATURE_TYPE_RSA, in,
  11293. inLen, out, (word32)modLen, key, keyLen);
  11294. if (ret != 0)
  11295. return -7670;
  11296. sigSz = (word32)sizeof(out);
  11297. ret = wc_SignatureGenerate(WC_HASH_TYPE_SHA256, WC_SIGNATURE_TYPE_RSA_W_ENC,
  11298. in, inLen, out, &sigSz, key, keyLen, rng);
  11299. if (ret != 0)
  11300. return -7671;
  11301. ret = wc_SignatureVerify(WC_HASH_TYPE_SHA256, WC_SIGNATURE_TYPE_RSA_W_ENC,
  11302. in, inLen, out, (word32)modLen, key, keyLen);
  11303. if (ret != 0)
  11304. return -7672;
  11305. /* Wrong signature type. */
  11306. ret = wc_SignatureVerify(WC_HASH_TYPE_SHA256, WC_SIGNATURE_TYPE_RSA, in,
  11307. inLen, out, (word32)modLen, key, keyLen);
  11308. if (ret == 0)
  11309. return -7673;
  11310. /* check hash functions */
  11311. sigSz = (word32)sizeof(out);
  11312. ret = wc_SignatureGenerateHash(WC_HASH_TYPE_SHA256, WC_SIGNATURE_TYPE_RSA,
  11313. hash, (int)sizeof(hash), out, &sigSz, key, keyLen, rng);
  11314. if (ret != 0)
  11315. return -7674;
  11316. ret = wc_SignatureVerifyHash(WC_HASH_TYPE_SHA256, WC_SIGNATURE_TYPE_RSA,
  11317. hash, (int)sizeof(hash), out, (word32)modLen, key, keyLen);
  11318. if (ret != 0)
  11319. return -7675;
  11320. sigSz = (word32)sizeof(out);
  11321. ret = wc_SignatureGenerateHash(WC_HASH_TYPE_SHA256, WC_SIGNATURE_TYPE_RSA_W_ENC,
  11322. hashEnc, (int)sizeof(hashEnc), out, &sigSz, key, keyLen, rng);
  11323. if (ret != 0)
  11324. return -7676;
  11325. ret = wc_SignatureVerifyHash(WC_HASH_TYPE_SHA256, WC_SIGNATURE_TYPE_RSA_W_ENC,
  11326. hashEnc, (int)sizeof(hashEnc), out, (word32)modLen, key, keyLen);
  11327. if (ret != 0)
  11328. return -7677;
  11329. #else
  11330. (void)hash;
  11331. (void)hashEnc;
  11332. #endif /* !WOLFSSL_RSA_PUBLIC_ONLY && !WOLFSSL_RSA_VERIFY_ONLY */
  11333. return 0;
  11334. }
  11335. #endif /* !NO_SIG_WRAPPER */
  11336. #ifdef WC_RSA_NONBLOCK
  11337. static int rsa_nb_test(RsaKey* key, const byte* in, word32 inLen, byte* out,
  11338. word32 outSz, byte* plain, word32 plainSz, WC_RNG* rng)
  11339. {
  11340. int ret = 0, count;
  11341. int signSz = 0;
  11342. RsaNb nb;
  11343. byte* inlinePlain = NULL;
  11344. /* Enable non-blocking RSA mode - provide context */
  11345. ret = wc_RsaSetNonBlock(key, &nb);
  11346. if (ret != 0)
  11347. return ret;
  11348. #ifdef WC_RSA_NONBLOCK_TIME
  11349. /* Enable time based RSA blocking. 8 microseconds max (3.1GHz) */
  11350. ret = wc_RsaSetNonBlockTime(key, 8, 3100);
  11351. if (ret != 0)
  11352. return ret;
  11353. #endif
  11354. count = 0;
  11355. do {
  11356. ret = wc_RsaSSL_Sign(in, inLen, out, outSz, key, rng);
  11357. count++; /* track number of would blocks */
  11358. if (ret == FP_WOULDBLOCK) {
  11359. /* do "other" work here */
  11360. }
  11361. } while (ret == FP_WOULDBLOCK);
  11362. if (ret < 0) {
  11363. return ret;
  11364. }
  11365. #ifdef DEBUG_WOLFSSL
  11366. printf("RSA non-block sign: %d times\n", count);
  11367. #endif
  11368. signSz = ret;
  11369. /* Test non-blocking verify */
  11370. XMEMSET(plain, 0, plainSz);
  11371. count = 0;
  11372. do {
  11373. ret = wc_RsaSSL_Verify(out, (word32)signSz, plain, plainSz, key);
  11374. count++; /* track number of would blocks */
  11375. if (ret == FP_WOULDBLOCK) {
  11376. /* do "other" work here */
  11377. }
  11378. } while (ret == FP_WOULDBLOCK);
  11379. if (ret < 0) {
  11380. return ret;
  11381. }
  11382. #ifdef DEBUG_WOLFSSL
  11383. printf("RSA non-block verify: %d times\n", count);
  11384. #endif
  11385. if (signSz == ret && XMEMCMP(plain, in, (size_t)ret)) {
  11386. return SIG_VERIFY_E;
  11387. }
  11388. /* Test inline non-blocking verify */
  11389. count = 0;
  11390. do {
  11391. ret = wc_RsaSSL_VerifyInline(out, (word32)signSz, &inlinePlain, key);
  11392. count++; /* track number of would blocks */
  11393. if (ret == FP_WOULDBLOCK) {
  11394. /* do "other" work here */
  11395. }
  11396. } while (ret == FP_WOULDBLOCK);
  11397. if (ret < 0) {
  11398. return ret;
  11399. }
  11400. #ifdef DEBUG_WOLFSSL
  11401. printf("RSA non-block inline verify: %d times\n", count);
  11402. #endif
  11403. if (signSz == ret && XMEMCMP(inlinePlain, in, (size_t)ret)) {
  11404. return SIG_VERIFY_E;
  11405. }
  11406. /* Disabling non-block RSA mode */
  11407. ret = wc_RsaSetNonBlock(key, NULL);
  11408. (void)count;
  11409. return 0;
  11410. }
  11411. #endif
  11412. #if !defined(HAVE_USER_RSA) && !defined(NO_ASN)
  11413. static int rsa_decode_test(RsaKey* keyPub)
  11414. {
  11415. int ret;
  11416. word32 inSz;
  11417. word32 inOutIdx;
  11418. WOLFSSL_SMALL_STACK_STATIC const byte n[2] = { 0x00, 0x23 };
  11419. WOLFSSL_SMALL_STACK_STATIC const byte e[2] = { 0x00, 0x03 };
  11420. WOLFSSL_SMALL_STACK_STATIC const byte good[] = { 0x30, 0x06, 0x02, 0x01, 0x23, 0x02, 0x1,
  11421. 0x03 };
  11422. WOLFSSL_SMALL_STACK_STATIC const byte goodAlgId[] = { 0x30, 0x0f, 0x30, 0x0d, 0x06, 0x00,
  11423. 0x03, 0x09, 0x00, 0x30, 0x06, 0x02, 0x01, 0x23, 0x02, 0x1, 0x03 };
  11424. WOLFSSL_SMALL_STACK_STATIC const byte goodAlgIdNull[] = { 0x30, 0x11, 0x30, 0x0f, 0x06, 0x00,
  11425. 0x05, 0x00, 0x03, 0x09, 0x00, 0x30, 0x06, 0x02, 0x01, 0x23,
  11426. 0x02, 0x1, 0x03 };
  11427. WOLFSSL_SMALL_STACK_STATIC const byte badAlgIdNull[] = { 0x30, 0x12, 0x30, 0x10, 0x06, 0x00,
  11428. 0x05, 0x01, 0x00, 0x03, 0x09, 0x00, 0x30, 0x06, 0x02, 0x01, 0x23,
  11429. 0x02, 0x1, 0x03 };
  11430. WOLFSSL_SMALL_STACK_STATIC const byte badNotBitString[] = { 0x30, 0x0f, 0x30, 0x0d, 0x06, 0x00,
  11431. 0x04, 0x09, 0x00, 0x30, 0x06, 0x02, 0x01, 0x23, 0x02, 0x1, 0x03 };
  11432. WOLFSSL_SMALL_STACK_STATIC const byte badBitStringLen[] = { 0x30, 0x0f, 0x30, 0x0d, 0x06, 0x00,
  11433. 0x03, 0x0a, 0x00, 0x30, 0x06, 0x02, 0x01, 0x23, 0x02, 0x1, 0x03 };
  11434. WOLFSSL_SMALL_STACK_STATIC const byte badNoSeq[] = { 0x30, 0x0d, 0x30, 0x0b, 0x06, 0x00, 0x03,
  11435. 0x07, 0x00, 0x02, 0x01, 0x23, 0x02, 0x1, 0x03 };
  11436. WOLFSSL_SMALL_STACK_STATIC const byte badNoObj[] = {
  11437. 0x30, 0x0f, 0x30, 0x0d, 0x05, 0x00, 0x03, 0x09, 0x00, 0x30, 0x06,
  11438. 0x02, 0x01, 0x23, 0x02, 0x1, 0x03 };
  11439. WOLFSSL_SMALL_STACK_STATIC const byte badIntN[] = { 0x30, 0x06, 0x02, 0x05, 0x23, 0x02, 0x1,
  11440. 0x03 };
  11441. WOLFSSL_SMALL_STACK_STATIC const byte badNotIntE[] = { 0x30, 0x06, 0x02, 0x01, 0x23, 0x04, 0x1,
  11442. 0x03 };
  11443. WOLFSSL_SMALL_STACK_STATIC const byte badLength[] = { 0x30, 0x04, 0x02, 0x01, 0x23, 0x02, 0x1,
  11444. 0x03 };
  11445. WOLFSSL_SMALL_STACK_STATIC const byte badBitStrNoZero[] = { 0x30, 0x0e, 0x30, 0x0c, 0x06, 0x00,
  11446. 0x03, 0x08, 0x30, 0x06, 0x02, 0x01, 0x23, 0x02, 0x1, 0x03 };
  11447. ret = wc_InitRsaKey(keyPub, NULL);
  11448. if (ret != 0)
  11449. return -7690;
  11450. /* Parameter Validation testing. */
  11451. ret = wc_RsaPublicKeyDecodeRaw(NULL, sizeof(n), e, sizeof(e), keyPub);
  11452. if (ret != BAD_FUNC_ARG) {
  11453. ret = -7691;
  11454. goto done;
  11455. }
  11456. ret = wc_RsaPublicKeyDecodeRaw(n, sizeof(n), NULL, sizeof(e), keyPub);
  11457. if (ret != BAD_FUNC_ARG) {
  11458. ret = -7692;
  11459. goto done;
  11460. }
  11461. ret = wc_RsaPublicKeyDecodeRaw(n, sizeof(n), e, sizeof(e), NULL);
  11462. if (ret != BAD_FUNC_ARG) {
  11463. ret = -7693;
  11464. goto done;
  11465. }
  11466. ret = wc_RsaPublicKeyDecodeRaw(n, (word32)-1, e, sizeof(e), keyPub);
  11467. #if !defined(WOLFSSL_SP_MATH) & !defined(WOLFSSL_SP_MATH_ALL)
  11468. if (ret != 0) {
  11469. #else
  11470. if (ret != ASN_GETINT_E) {
  11471. #endif
  11472. ret = -7694;
  11473. goto done;
  11474. }
  11475. wc_FreeRsaKey(keyPub);
  11476. ret = wc_InitRsaKey(keyPub, NULL);
  11477. if (ret != 0)
  11478. return -7695;
  11479. ret = wc_RsaPublicKeyDecodeRaw(n, sizeof(n), e, (word32)-1, keyPub);
  11480. #if !defined(WOLFSSL_SP_MATH) & !defined(WOLFSSL_SP_MATH_ALL)
  11481. if (ret != 0) {
  11482. #else
  11483. if (ret != ASN_GETINT_E) {
  11484. #endif
  11485. ret = -7696;
  11486. goto done;
  11487. }
  11488. wc_FreeRsaKey(keyPub);
  11489. ret = wc_InitRsaKey(keyPub, NULL);
  11490. if (ret != 0)
  11491. return -7697;
  11492. /* Use API. */
  11493. ret = wc_RsaPublicKeyDecodeRaw(n, sizeof(n), e, sizeof(e), keyPub);
  11494. if (ret != 0) {
  11495. ret = -7698;
  11496. goto done;
  11497. }
  11498. wc_FreeRsaKey(keyPub);
  11499. ret = wc_InitRsaKey(keyPub, NULL);
  11500. if (ret != 0)
  11501. return -7699;
  11502. /* Parameter Validation testing. */
  11503. inSz = sizeof(good);
  11504. ret = wc_RsaPublicKeyDecode(NULL, &inOutIdx, keyPub, inSz);
  11505. if (ret != BAD_FUNC_ARG) {
  11506. ret = -7700;
  11507. goto done;
  11508. }
  11509. ret = wc_RsaPublicKeyDecode(good, NULL, keyPub, inSz);
  11510. if (ret != BAD_FUNC_ARG) {
  11511. ret = -7701;
  11512. goto done;
  11513. }
  11514. ret = wc_RsaPublicKeyDecode(good, &inOutIdx, NULL, inSz);
  11515. if (ret != BAD_FUNC_ARG) {
  11516. ret = -7702;
  11517. goto done;
  11518. }
  11519. /* Use good data and offset to bad data. */
  11520. inOutIdx = 2;
  11521. inSz = sizeof(good) - inOutIdx;
  11522. ret = wc_RsaPublicKeyDecode(good, &inOutIdx, keyPub, inSz);
  11523. if (ret != ASN_PARSE_E) {
  11524. ret = -7703;
  11525. goto done;
  11526. }
  11527. inOutIdx = 2;
  11528. inSz = sizeof(goodAlgId) - inOutIdx;
  11529. ret = wc_RsaPublicKeyDecode(goodAlgId, &inOutIdx, keyPub, inSz);
  11530. if (ret != ASN_PARSE_E) {
  11531. ret = -7704;
  11532. goto done;
  11533. }
  11534. inOutIdx = 2;
  11535. inSz = sizeof(goodAlgId);
  11536. ret = wc_RsaPublicKeyDecode(goodAlgId, &inOutIdx, keyPub, inSz);
  11537. #ifndef WOLFSSL_NO_DECODE_EXTRA
  11538. if (ret != ASN_PARSE_E)
  11539. #else
  11540. if (ret != ASN_RSA_KEY_E)
  11541. #endif
  11542. {
  11543. ret = -7705;
  11544. goto done;
  11545. }
  11546. /* Try different bad data. */
  11547. inSz = sizeof(badAlgIdNull);
  11548. inOutIdx = 0;
  11549. ret = wc_RsaPublicKeyDecode(badAlgIdNull, &inOutIdx, keyPub, inSz);
  11550. if (ret != ASN_EXPECT_0_E) {
  11551. ret = -7706;
  11552. goto done;
  11553. }
  11554. inSz = sizeof(badNotBitString);
  11555. inOutIdx = 0;
  11556. ret = wc_RsaPublicKeyDecode(badNotBitString, &inOutIdx, keyPub, inSz);
  11557. if (ret != ASN_BITSTR_E) {
  11558. ret = -7707;
  11559. goto done;
  11560. }
  11561. inSz = sizeof(badBitStringLen);
  11562. inOutIdx = 0;
  11563. ret = wc_RsaPublicKeyDecode(badBitStringLen, &inOutIdx, keyPub, inSz);
  11564. if (ret != ASN_PARSE_E) {
  11565. ret = -7708;
  11566. goto done;
  11567. }
  11568. inSz = sizeof(badNoSeq);
  11569. inOutIdx = 0;
  11570. ret = wc_RsaPublicKeyDecode(badNoSeq, &inOutIdx, keyPub, inSz);
  11571. if (ret != ASN_PARSE_E) {
  11572. ret = -7709;
  11573. goto done;
  11574. }
  11575. inSz = sizeof(badNoObj);
  11576. inOutIdx = 0;
  11577. ret = wc_RsaPublicKeyDecode(badNoObj, &inOutIdx, keyPub, inSz);
  11578. if (ret != ASN_PARSE_E) {
  11579. ret = -7710;
  11580. goto done;
  11581. }
  11582. inSz = sizeof(badIntN);
  11583. inOutIdx = 0;
  11584. ret = wc_RsaPublicKeyDecode(badIntN, &inOutIdx, keyPub, inSz);
  11585. if (ret != ASN_RSA_KEY_E) {
  11586. ret = -7711;
  11587. goto done;
  11588. }
  11589. inSz = sizeof(badNotIntE);
  11590. inOutIdx = 0;
  11591. ret = wc_RsaPublicKeyDecode(badNotIntE, &inOutIdx, keyPub, inSz);
  11592. if (ret != ASN_RSA_KEY_E) {
  11593. ret = -7712;
  11594. goto done;
  11595. }
  11596. /* TODO: Shouldn't pass as the sequence length is too small. */
  11597. inSz = sizeof(badLength);
  11598. inOutIdx = 0;
  11599. ret = wc_RsaPublicKeyDecode(badLength, &inOutIdx, keyPub, inSz);
  11600. if (ret != 0) {
  11601. ret = -7713;
  11602. goto done;
  11603. }
  11604. /* TODO: Shouldn't ignore object id's data. */
  11605. wc_FreeRsaKey(keyPub);
  11606. ret = wc_InitRsaKey(keyPub, NULL);
  11607. if (ret != 0)
  11608. return -7714;
  11609. inSz = sizeof(badBitStrNoZero);
  11610. inOutIdx = 0;
  11611. ret = wc_RsaPublicKeyDecode(badBitStrNoZero, &inOutIdx, keyPub, inSz);
  11612. if (ret != ASN_EXPECT_0_E) {
  11613. ret = -7715;
  11614. goto done;
  11615. }
  11616. wc_FreeRsaKey(keyPub);
  11617. ret = wc_InitRsaKey(keyPub, NULL);
  11618. if (ret != 0)
  11619. return -7716;
  11620. /* Valid data cases. */
  11621. inSz = sizeof(good);
  11622. inOutIdx = 0;
  11623. ret = wc_RsaPublicKeyDecode(good, &inOutIdx, keyPub, inSz);
  11624. if (ret != 0) {
  11625. ret = -7717;
  11626. goto done;
  11627. }
  11628. if (inOutIdx != inSz) {
  11629. ret = -7718;
  11630. goto done;
  11631. }
  11632. wc_FreeRsaKey(keyPub);
  11633. ret = wc_InitRsaKey(keyPub, NULL);
  11634. if (ret != 0)
  11635. return -7719;
  11636. inSz = sizeof(goodAlgId);
  11637. inOutIdx = 0;
  11638. ret = wc_RsaPublicKeyDecode(goodAlgId, &inOutIdx, keyPub, inSz);
  11639. if (ret != 0) {
  11640. ret = -7720;
  11641. goto done;
  11642. }
  11643. if (inOutIdx != inSz) {
  11644. ret = -7721;
  11645. goto done;
  11646. }
  11647. wc_FreeRsaKey(keyPub);
  11648. ret = wc_InitRsaKey(keyPub, NULL);
  11649. if (ret != 0)
  11650. return -7722;
  11651. inSz = sizeof(goodAlgIdNull);
  11652. inOutIdx = 0;
  11653. ret = wc_RsaPublicKeyDecode(goodAlgIdNull, &inOutIdx, keyPub, inSz);
  11654. if (ret != 0) {
  11655. ret = -7723;
  11656. goto done;
  11657. }
  11658. if (inOutIdx != inSz) {
  11659. ret = -7724;
  11660. goto done;
  11661. }
  11662. done:
  11663. wc_FreeRsaKey(keyPub);
  11664. return ret;
  11665. }
  11666. #endif
  11667. #if defined(WC_RSA_PSS) && !defined(HAVE_FIPS_VERSION) /* not supported with FIPSv1 */
  11668. /* Need to create known good signatures to test with this. */
  11669. #if !defined(WOLFSSL_RSA_VERIFY_ONLY) && !defined(WOLFSSL_RSA_PUBLIC_ONLY)
  11670. static int rsa_pss_test(WC_RNG* rng, RsaKey* key)
  11671. {
  11672. byte digest[WC_MAX_DIGEST_SIZE];
  11673. int ret = 0;
  11674. const char inStr[] = TEST_STRING;
  11675. word32 inLen = (word32)TEST_STRING_SZ;
  11676. word32 outSz;
  11677. word32 plainSz;
  11678. word32 digestSz;
  11679. int i, j;
  11680. #ifdef RSA_PSS_TEST_WRONG_PARAMS
  11681. int k, l;
  11682. #endif
  11683. int len;
  11684. byte* plain;
  11685. int mgf[] = {
  11686. #ifndef NO_SHA
  11687. WC_MGF1SHA1,
  11688. #endif
  11689. #ifdef WOLFSSL_SHA224
  11690. WC_MGF1SHA224,
  11691. #endif
  11692. WC_MGF1SHA256,
  11693. #ifdef WOLFSSL_SHA384
  11694. WC_MGF1SHA384,
  11695. #endif
  11696. #ifdef WOLFSSL_SHA512
  11697. WC_MGF1SHA512
  11698. #endif
  11699. };
  11700. enum wc_HashType hash[] = {
  11701. #ifndef NO_SHA
  11702. WC_HASH_TYPE_SHA,
  11703. #endif
  11704. #ifdef WOLFSSL_SHA224
  11705. WC_HASH_TYPE_SHA224,
  11706. #endif
  11707. WC_HASH_TYPE_SHA256,
  11708. #ifdef WOLFSSL_SHA384
  11709. WC_HASH_TYPE_SHA384,
  11710. #endif
  11711. #ifdef WOLFSSL_SHA512
  11712. WC_HASH_TYPE_SHA512,
  11713. #endif
  11714. };
  11715. DECLARE_VAR(in, byte, RSA_TEST_BYTES, HEAP_HINT);
  11716. DECLARE_VAR(out, byte, RSA_TEST_BYTES, HEAP_HINT);
  11717. DECLARE_VAR(sig, byte, RSA_TEST_BYTES, HEAP_HINT);
  11718. #ifdef DECLARE_VAR_IS_HEAP_ALLOC
  11719. if (in == NULL || out == NULL || sig == NULL)
  11720. ERROR_OUT(MEMORY_E, exit_rsa_pss);
  11721. #endif
  11722. XMEMCPY(in, inStr, inLen);
  11723. /* Test all combinations of hash and MGF. */
  11724. for (j = 0; j < (int)(sizeof(hash)/sizeof(*hash)); j++) {
  11725. /* Calculate hash of message. */
  11726. ret = wc_Hash(hash[j], in, inLen, digest, sizeof(digest));
  11727. if (ret != 0)
  11728. ERROR_OUT(-7730, exit_rsa_pss);
  11729. digestSz = wc_HashGetDigestSize(hash[j]);
  11730. for (i = 0; i < (int)(sizeof(mgf)/sizeof(*mgf)); i++) {
  11731. outSz = RSA_TEST_BYTES;
  11732. do {
  11733. #if defined(WOLFSSL_ASYNC_CRYPT)
  11734. ret = wc_AsyncWait(ret, &key->asyncDev,
  11735. WC_ASYNC_FLAG_CALL_AGAIN);
  11736. #endif
  11737. if (ret >= 0) {
  11738. ret = wc_RsaPSS_Sign_ex(digest, digestSz, out, outSz,
  11739. hash[j], mgf[i], -1, key, rng);
  11740. }
  11741. } while (ret == WC_PENDING_E);
  11742. if (ret <= 0)
  11743. ERROR_OUT(-7731, exit_rsa_pss);
  11744. outSz = ret;
  11745. XMEMCPY(sig, out, outSz);
  11746. plain = NULL;
  11747. TEST_SLEEP();
  11748. do {
  11749. #if defined(WOLFSSL_ASYNC_CRYPT)
  11750. ret = wc_AsyncWait(ret, &key->asyncDev,
  11751. WC_ASYNC_FLAG_CALL_AGAIN);
  11752. #endif
  11753. if (ret >= 0) {
  11754. ret = wc_RsaPSS_VerifyInline_ex(sig, outSz, &plain, hash[j],
  11755. mgf[i], -1, key);
  11756. }
  11757. } while (ret == WC_PENDING_E);
  11758. if (ret <= 0)
  11759. ERROR_OUT(-7732, exit_rsa_pss);
  11760. plainSz = ret;
  11761. TEST_SLEEP();
  11762. #if defined(HAVE_SELFTEST) && \
  11763. (!defined(HAVE_SELFTEST_VERSION) || (HAVE_SELFTEST_VERSION < 2))
  11764. ret = wc_RsaPSS_CheckPadding_ex(digest, digestSz, plain, plainSz,
  11765. hash[j], -1);
  11766. #else
  11767. ret = wc_RsaPSS_CheckPadding_ex(digest, digestSz, plain, plainSz,
  11768. hash[j], -1, wc_RsaEncryptSize(key)*8);
  11769. #endif
  11770. if (ret != 0)
  11771. ERROR_OUT(-7733, exit_rsa_pss);
  11772. #ifdef RSA_PSS_TEST_WRONG_PARAMS
  11773. for (k = 0; k < (int)(sizeof(mgf)/sizeof(*mgf)); k++) {
  11774. for (l = 0; l < (int)(sizeof(hash)/sizeof(*hash)); l++) {
  11775. if (i == k && j == l)
  11776. continue;
  11777. XMEMCPY(sig, out, outSz);
  11778. do {
  11779. #if defined(WOLFSSL_ASYNC_CRYPT)
  11780. ret = wc_AsyncWait(ret, &key->asyncDev,
  11781. WC_ASYNC_FLAG_CALL_AGAIN);
  11782. #endif
  11783. if (ret >= 0) {
  11784. ret = wc_RsaPSS_VerifyInline_ex(sig, outSz,
  11785. (byte**)&plain, hash[l], mgf[k], -1, key);
  11786. }
  11787. } while (ret == WC_PENDING_E);
  11788. if (ret >= 0)
  11789. ERROR_OUT(-7734, exit_rsa_pss);
  11790. }
  11791. }
  11792. #endif
  11793. }
  11794. }
  11795. /* Test that a salt length of zero works. */
  11796. digestSz = wc_HashGetDigestSize(hash[0]);
  11797. outSz = RSA_TEST_BYTES;
  11798. do {
  11799. #if defined(WOLFSSL_ASYNC_CRYPT)
  11800. ret = wc_AsyncWait(ret, &key->asyncDev,
  11801. WC_ASYNC_FLAG_CALL_AGAIN);
  11802. #endif
  11803. if (ret >= 0) {
  11804. ret = wc_RsaPSS_Sign_ex(digest, digestSz, out, outSz, hash[0],
  11805. mgf[0], 0, key, rng);
  11806. }
  11807. } while (ret == WC_PENDING_E);
  11808. if (ret <= 0)
  11809. ERROR_OUT(-7735, exit_rsa_pss);
  11810. outSz = ret;
  11811. TEST_SLEEP();
  11812. do {
  11813. #if defined(WOLFSSL_ASYNC_CRYPT)
  11814. ret = wc_AsyncWait(ret, &key->asyncDev,
  11815. WC_ASYNC_FLAG_CALL_AGAIN);
  11816. #endif
  11817. if (ret >= 0) {
  11818. ret = wc_RsaPSS_Verify_ex(out, outSz, sig, outSz, hash[0], mgf[0],
  11819. 0, key);
  11820. }
  11821. } while (ret == WC_PENDING_E);
  11822. if (ret <= 0)
  11823. ERROR_OUT(-7736, exit_rsa_pss);
  11824. plainSz = ret;
  11825. TEST_SLEEP();
  11826. do {
  11827. #if defined(WOLFSSL_ASYNC_CRYPT)
  11828. ret = wc_AsyncWait(ret, &key->asyncDev,
  11829. WC_ASYNC_FLAG_CALL_AGAIN);
  11830. #endif
  11831. if (ret >= 0) {
  11832. #if defined(HAVE_SELFTEST) && \
  11833. (!defined(HAVE_SELFTEST_VERSION) || (HAVE_SELFTEST_VERSION < 2))
  11834. ret = wc_RsaPSS_CheckPadding_ex(digest, digestSz, sig, plainSz,
  11835. hash[0], 0);
  11836. #else
  11837. ret = wc_RsaPSS_CheckPadding_ex(digest, digestSz, sig, plainSz,
  11838. hash[0], 0, 0);
  11839. #endif
  11840. }
  11841. } while (ret == WC_PENDING_E);
  11842. if (ret != 0)
  11843. ERROR_OUT(-7737, exit_rsa_pss);
  11844. XMEMCPY(sig, out, outSz);
  11845. plain = NULL;
  11846. do {
  11847. #if defined(WOLFSSL_ASYNC_CRYPT)
  11848. ret = wc_AsyncWait(ret, &key->asyncDev,
  11849. WC_ASYNC_FLAG_CALL_AGAIN);
  11850. #endif
  11851. if (ret >= 0) {
  11852. ret = wc_RsaPSS_VerifyInline_ex(sig, outSz, &plain, hash[0], mgf[0],
  11853. 0, key);
  11854. }
  11855. } while (ret == WC_PENDING_E);
  11856. if (ret <= 0)
  11857. ERROR_OUT(-7738, exit_rsa_pss);
  11858. plainSz = ret;
  11859. TEST_SLEEP();
  11860. #if defined(HAVE_SELFTEST) && \
  11861. (!defined(HAVE_SELFTEST_VERSION) || (HAVE_SELFTEST_VERSION < 2))
  11862. ret = wc_RsaPSS_CheckPadding_ex(digest, digestSz, plain, plainSz, hash[0],
  11863. 0);
  11864. #else
  11865. ret = wc_RsaPSS_CheckPadding_ex(digest, digestSz, plain, plainSz, hash[0],
  11866. 0, 0);
  11867. #endif
  11868. if (ret != 0)
  11869. ERROR_OUT(-7739, exit_rsa_pss);
  11870. /* Test bad salt lengths in various APIs. */
  11871. digestSz = wc_HashGetDigestSize(hash[0]);
  11872. outSz = RSA_TEST_BYTES;
  11873. #ifndef WOLFSSL_PSS_SALT_LEN_DISCOVER
  11874. len = -2;
  11875. #else
  11876. len = -3;
  11877. #endif
  11878. do {
  11879. #if defined(WOLFSSL_ASYNC_CRYPT)
  11880. ret = wc_AsyncWait(ret, &key->asyncDev,
  11881. WC_ASYNC_FLAG_CALL_AGAIN);
  11882. #endif
  11883. if (ret >= 0) {
  11884. ret = wc_RsaPSS_Sign_ex(digest, digestSz, out, outSz, hash[0],
  11885. mgf[0], len, key, rng);
  11886. }
  11887. } while (ret == WC_PENDING_E);
  11888. if (ret != PSS_SALTLEN_E)
  11889. ERROR_OUT(-7740, exit_rsa_pss);
  11890. do {
  11891. #if defined(WOLFSSL_ASYNC_CRYPT)
  11892. ret = wc_AsyncWait(ret, &key->asyncDev,
  11893. WC_ASYNC_FLAG_CALL_AGAIN);
  11894. #endif
  11895. if (ret >= 0) {
  11896. ret = wc_RsaPSS_Sign_ex(digest, digestSz, out, outSz, hash[0],
  11897. mgf[0], digestSz + 1, key, rng);
  11898. }
  11899. } while (ret == WC_PENDING_E);
  11900. if (ret != PSS_SALTLEN_E)
  11901. ERROR_OUT(-7741, exit_rsa_pss);
  11902. TEST_SLEEP();
  11903. do {
  11904. #if defined(WOLFSSL_ASYNC_CRYPT)
  11905. ret = wc_AsyncWait(ret, &key->asyncDev,
  11906. WC_ASYNC_FLAG_CALL_AGAIN);
  11907. #endif
  11908. if (ret >= 0) {
  11909. ret = wc_RsaPSS_VerifyInline_ex(sig, outSz, &plain, hash[0],
  11910. mgf[0], -2, key);
  11911. }
  11912. } while (ret == WC_PENDING_E);
  11913. if (ret != PSS_SALTLEN_E)
  11914. ERROR_OUT(-7742, exit_rsa_pss);
  11915. TEST_SLEEP();
  11916. do {
  11917. #if defined(WOLFSSL_ASYNC_CRYPT)
  11918. ret = wc_AsyncWait(ret, &key->asyncDev,
  11919. WC_ASYNC_FLAG_CALL_AGAIN);
  11920. #endif
  11921. if (ret >= 0) {
  11922. ret = wc_RsaPSS_VerifyInline_ex(sig, outSz, &plain, hash[0], mgf[0],
  11923. digestSz + 1, key);
  11924. }
  11925. } while (ret == WC_PENDING_E);
  11926. if (ret != PSS_SALTLEN_E)
  11927. ERROR_OUT(-7743, exit_rsa_pss);
  11928. TEST_SLEEP();
  11929. #ifndef WOLFSSL_PSS_SALT_LEN_DISCOVER
  11930. len = -2;
  11931. #else
  11932. len = -3;
  11933. #endif
  11934. #if defined(HAVE_SELFTEST) && \
  11935. (!defined(HAVE_SELFTEST_VERSION) || (HAVE_SELFTEST_VERSION < 2))
  11936. ret = wc_RsaPSS_CheckPadding_ex(digest, digestSz, plain, plainSz, hash[0],
  11937. len);
  11938. #else
  11939. ret = wc_RsaPSS_CheckPadding_ex(digest, digestSz, plain, plainSz, hash[0],
  11940. len, 0);
  11941. #endif
  11942. if (ret != PSS_SALTLEN_E)
  11943. ERROR_OUT(-7744, exit_rsa_pss);
  11944. #ifndef WOLFSSL_PSS_LONG_SALT
  11945. len = digestSz + 1;
  11946. #else
  11947. len = plainSz - digestSz - 1;
  11948. #endif
  11949. #if defined(HAVE_SELFTEST) && \
  11950. (!defined(HAVE_SELFTEST_VERSION) || (HAVE_SELFTEST_VERSION < 2))
  11951. ret = wc_RsaPSS_CheckPadding_ex(digest, digestSz, plain, plainSz, hash[0],
  11952. len);
  11953. #else
  11954. ret = wc_RsaPSS_CheckPadding_ex(digest, digestSz, plain, plainSz, hash[0],
  11955. len, 0);
  11956. #endif
  11957. if (ret != PSS_SALTLEN_E)
  11958. ERROR_OUT(-7745, exit_rsa_pss);
  11959. ret = 0;
  11960. exit_rsa_pss:
  11961. FREE_VAR(sig, HEAP_HINT);
  11962. FREE_VAR(in, HEAP_HINT);
  11963. FREE_VAR(out, HEAP_HINT);
  11964. return ret;
  11965. }
  11966. #endif /* !WOLFSSL_RSA_VERIFY_ONLY && !WOLFSSL_RSA_PUBLIC_ONLY */
  11967. #endif
  11968. #ifdef WC_RSA_NO_PADDING
  11969. WOLFSSL_TEST_SUBROUTINE int rsa_no_pad_test(void)
  11970. {
  11971. WC_RNG rng;
  11972. byte* tmp = NULL;
  11973. size_t bytes;
  11974. int ret;
  11975. word32 inLen = 0;
  11976. word32 idx = 0;
  11977. word32 outSz = RSA_TEST_BYTES;
  11978. word32 plainSz = RSA_TEST_BYTES;
  11979. #if !defined(USE_CERT_BUFFERS_1024) && !defined(USE_CERT_BUFFERS_2048) && \
  11980. !defined(USE_CERT_BUFFERS_3072) && !defined(USE_CERT_BUFFERS_4096) && \
  11981. !defined(NO_FILESYSTEM)
  11982. XFILE file;
  11983. #endif
  11984. DECLARE_VAR(key, RsaKey, 1, HEAP_HINT);
  11985. DECLARE_VAR(out, byte, RSA_TEST_BYTES, HEAP_HINT);
  11986. DECLARE_VAR(plain, byte, RSA_TEST_BYTES, HEAP_HINT);
  11987. #ifdef DECLARE_VAR_IS_HEAP_ALLOC
  11988. if (key == NULL || out == NULL || plain == NULL)
  11989. ERROR_OUT(MEMORY_E, exit_rsa_nopadding);
  11990. #endif
  11991. /* initialize stack structures */
  11992. XMEMSET(&rng, 0, sizeof(rng));
  11993. XMEMSET(key, 0, sizeof(RsaKey));
  11994. #ifdef USE_CERT_BUFFERS_1024
  11995. bytes = (size_t)sizeof_client_key_der_1024;
  11996. if (bytes < (size_t)sizeof_client_cert_der_1024)
  11997. bytes = (size_t)sizeof_client_cert_der_1024;
  11998. #elif defined(USE_CERT_BUFFERS_2048)
  11999. bytes = (size_t)sizeof_client_key_der_2048;
  12000. if (bytes < (size_t)sizeof_client_cert_der_2048)
  12001. bytes = (size_t)sizeof_client_cert_der_2048;
  12002. #else
  12003. bytes = FOURK_BUF;
  12004. #endif
  12005. tmp = (byte*)XMALLOC(bytes, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  12006. if (tmp == NULL
  12007. #ifdef WOLFSSL_ASYNC_CRYPT
  12008. || out == NULL || plain == NULL
  12009. #endif
  12010. ) {
  12011. ERROR_OUT(-7800, exit_rsa_nopadding);
  12012. }
  12013. #ifdef USE_CERT_BUFFERS_1024
  12014. XMEMCPY(tmp, client_key_der_1024, (size_t)sizeof_client_key_der_1024);
  12015. #elif defined(USE_CERT_BUFFERS_2048)
  12016. XMEMCPY(tmp, client_key_der_2048, (size_t)sizeof_client_key_der_2048);
  12017. #elif defined(USE_CERT_BUFFERS_3072)
  12018. XMEMCPY(tmp, client_key_der_3072, (size_t)sizeof_client_key_der_3072);
  12019. #elif defined(USE_CERT_BUFFERS_4096)
  12020. XMEMCPY(tmp, client_key_der_4096, (size_t)sizeof_client_key_der_4096);
  12021. #elif !defined(NO_FILESYSTEM)
  12022. file = XFOPEN(clientKey, "rb");
  12023. if (!file) {
  12024. err_sys("can't open clientKey, Please run from wolfSSL home dir", -40);
  12025. ERROR_OUT(-7801, exit_rsa_nopadding);
  12026. }
  12027. bytes = XFREAD(tmp, 1, FOURK_BUF, file);
  12028. XFCLOSE(file);
  12029. #else
  12030. /* No key to use. */
  12031. ERROR_OUT(-7802, exit_rsa_nopadding);
  12032. #endif /* USE_CERT_BUFFERS */
  12033. ret = wc_InitRsaKey_ex(key, HEAP_HINT, devId);
  12034. if (ret != 0) {
  12035. ERROR_OUT(-7803, exit_rsa_nopadding);
  12036. }
  12037. ret = wc_RsaPrivateKeyDecode(tmp, &idx, key, (word32)bytes);
  12038. if (ret != 0) {
  12039. ERROR_OUT(-7804, exit_rsa_nopadding);
  12040. }
  12041. /* after loading in key use tmp as the test buffer */
  12042. #ifndef HAVE_FIPS
  12043. ret = wc_InitRng_ex(&rng, HEAP_HINT, devId);
  12044. #else
  12045. ret = wc_InitRng(&rng);
  12046. #endif
  12047. if (ret != 0) {
  12048. ERROR_OUT(-7805, exit_rsa_nopadding);
  12049. }
  12050. #ifndef WOLFSSL_RSA_VERIFY_ONLY
  12051. inLen = wc_RsaEncryptSize(key);
  12052. outSz = inLen;
  12053. plainSz = inLen;
  12054. XMEMSET(tmp, 7, inLen);
  12055. do {
  12056. #if defined(WOLFSSL_ASYNC_CRYPT)
  12057. ret = wc_AsyncWait(ret, &key->asyncDev, WC_ASYNC_FLAG_CALL_AGAIN);
  12058. #endif
  12059. if (ret >= 0) {
  12060. ret = wc_RsaDirect(tmp, inLen, out, &outSz, key,
  12061. RSA_PRIVATE_ENCRYPT, &rng);
  12062. }
  12063. } while (ret == WC_PENDING_E);
  12064. if (ret <= 0) {
  12065. ERROR_OUT(-7806, exit_rsa_nopadding);
  12066. }
  12067. /* encrypted result should not be the same as input */
  12068. if (XMEMCMP(out, tmp, inLen) == 0) {
  12069. ERROR_OUT(-7807, exit_rsa_nopadding);
  12070. }
  12071. TEST_SLEEP();
  12072. /* decrypt with public key and compare result */
  12073. do {
  12074. #if defined(WOLFSSL_ASYNC_CRYPT)
  12075. ret = wc_AsyncWait(ret, &key->asyncDev, WC_ASYNC_FLAG_CALL_AGAIN);
  12076. #endif
  12077. if (ret >= 0) {
  12078. ret = wc_RsaDirect(out, outSz, plain, &plainSz, key,
  12079. RSA_PUBLIC_DECRYPT, &rng);
  12080. }
  12081. } while (ret == WC_PENDING_E);
  12082. if (ret <= 0) {
  12083. ERROR_OUT(-7808, exit_rsa_nopadding);
  12084. }
  12085. if (XMEMCMP(plain, tmp, inLen) != 0) {
  12086. ERROR_OUT(-7809, exit_rsa_nopadding);
  12087. }
  12088. TEST_SLEEP();
  12089. #endif
  12090. #ifdef WC_RSA_BLINDING
  12091. ret = wc_RsaSetRNG(NULL, &rng);
  12092. if (ret != BAD_FUNC_ARG) {
  12093. ERROR_OUT(-7810, exit_rsa_nopadding);
  12094. }
  12095. ret = wc_RsaSetRNG(key, &rng);
  12096. if (ret < 0) {
  12097. ERROR_OUT(-7811, exit_rsa_nopadding);
  12098. }
  12099. #endif
  12100. /* test encrypt and decrypt using WC_RSA_NO_PAD */
  12101. #ifndef WOLFSSL_RSA_VERIFY_ONLY
  12102. do {
  12103. #if defined(WOLFSSL_ASYNC_CRYPT)
  12104. ret = wc_AsyncWait(ret, &key->asyncDev, WC_ASYNC_FLAG_CALL_AGAIN);
  12105. #endif
  12106. if (ret >= 0) {
  12107. ret = wc_RsaPublicEncrypt_ex(tmp, inLen, out, (int)outSz, key, &rng,
  12108. WC_RSA_NO_PAD, WC_HASH_TYPE_NONE, WC_MGF1NONE, NULL, 0);
  12109. }
  12110. } while (ret == WC_PENDING_E);
  12111. if (ret < 0) {
  12112. ERROR_OUT(-7812, exit_rsa_nopadding);
  12113. }
  12114. TEST_SLEEP();
  12115. #endif /* WOLFSSL_RSA_VERIFY_ONLY */
  12116. #ifndef WOLFSSL_RSA_PUBLIC_ONLY
  12117. do {
  12118. #if defined(WOLFSSL_ASYNC_CRYPT)
  12119. ret = wc_AsyncWait(ret, &key->asyncDev, WC_ASYNC_FLAG_CALL_AGAIN);
  12120. #endif
  12121. if (ret >= 0) {
  12122. ret = wc_RsaPrivateDecrypt_ex(out, outSz, plain, (int)plainSz, key,
  12123. WC_RSA_NO_PAD, WC_HASH_TYPE_NONE, WC_MGF1NONE, NULL, 0);
  12124. }
  12125. } while (ret == WC_PENDING_E);
  12126. if (ret < 0) {
  12127. ERROR_OUT(-7813, exit_rsa_nopadding);
  12128. }
  12129. if (XMEMCMP(plain, tmp, inLen) != 0) {
  12130. ERROR_OUT(-7814, exit_rsa_nopadding);
  12131. }
  12132. TEST_SLEEP();
  12133. #endif /* WOLFSSL_RSA_PUBLIC_ONLY */
  12134. /* test some bad arguments */
  12135. ret = wc_RsaDirect(out, outSz, plain, &plainSz, key, -1,
  12136. &rng);
  12137. if (ret != BAD_FUNC_ARG) {
  12138. ERROR_OUT(-7815, exit_rsa_nopadding);
  12139. }
  12140. ret = wc_RsaDirect(out, outSz, plain, &plainSz, NULL, RSA_PUBLIC_DECRYPT,
  12141. &rng);
  12142. if (ret != BAD_FUNC_ARG) {
  12143. ERROR_OUT(-7816, exit_rsa_nopadding);
  12144. }
  12145. ret = wc_RsaDirect(out, outSz, NULL, &plainSz, key, RSA_PUBLIC_DECRYPT,
  12146. &rng);
  12147. if (ret != LENGTH_ONLY_E || plainSz != inLen) {
  12148. ERROR_OUT(-7817, exit_rsa_nopadding);
  12149. }
  12150. ret = wc_RsaDirect(out, outSz - 10, plain, &plainSz, key,
  12151. RSA_PUBLIC_DECRYPT, &rng);
  12152. if (ret != BAD_FUNC_ARG) {
  12153. ERROR_OUT(-7818, exit_rsa_nopadding);
  12154. }
  12155. /* if making it to this point of code without hitting an ERROR_OUT then
  12156. * all tests have passed */
  12157. ret = 0;
  12158. exit_rsa_nopadding:
  12159. wc_FreeRsaKey(key);
  12160. XFREE(tmp, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  12161. FREE_VAR(key, HEAP_HINT);
  12162. FREE_VAR(out, HEAP_HINT);
  12163. FREE_VAR(plain, HEAP_HINT);
  12164. wc_FreeRng(&rng);
  12165. return ret;
  12166. }
  12167. #endif /* WC_RSA_NO_PADDING */
  12168. #if defined(WOLFSSL_HAVE_SP_RSA) && defined(USE_FAST_MATH)
  12169. static int rsa_even_mod_test(WC_RNG* rng, RsaKey* key)
  12170. {
  12171. byte* tmp = NULL;
  12172. size_t bytes;
  12173. int ret;
  12174. word32 inLen = 0;
  12175. #ifndef NO_ASN
  12176. word32 idx = 0;
  12177. #endif
  12178. word32 outSz = RSA_TEST_BYTES;
  12179. #ifndef WOLFSSL_RSA_PUBLIC_ONLY
  12180. word32 plainSz = RSA_TEST_BYTES;
  12181. #endif
  12182. #if !defined(USE_CERT_BUFFERS_2048) && !defined(USE_CERT_BUFFERS_3072) && \
  12183. !defined(USE_CERT_BUFFERS_4096) && !defined(NO_FILESYSTEM)
  12184. XFILE file;
  12185. #endif
  12186. DECLARE_VAR(out, byte, RSA_TEST_BYTES, HEAP_HINT);
  12187. #ifndef WOLFSSL_RSA_PUBLIC_ONLY
  12188. DECLARE_VAR(plain, byte, RSA_TEST_BYTES, HEAP_HINT);
  12189. #endif
  12190. #ifdef DECLARE_VAR_IS_HEAP_ALLOC
  12191. if (out == NULL
  12192. #ifndef WOLFSSL_RSA_PUBLIC_ONLY
  12193. || plain == NULL
  12194. #endif
  12195. ) {
  12196. ERROR_OUT(MEMORY_E, exit_rsa_even_mod);
  12197. }
  12198. #endif
  12199. #if defined(USE_CERT_BUFFERS_2048)
  12200. bytes = (size_t)sizeof_client_key_der_2048;
  12201. if (bytes < (size_t)sizeof_client_cert_der_2048)
  12202. bytes = (size_t)sizeof_client_cert_der_2048;
  12203. #else
  12204. bytes = FOURK_BUF;
  12205. #endif
  12206. tmp = (byte*)XMALLOC(bytes, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  12207. if (tmp == NULL
  12208. #ifdef WOLFSSL_ASYNC_CRYPT
  12209. || out == NULL || plain == NULL
  12210. #endif
  12211. ) {
  12212. ERROR_OUT(-7800, exit_rsa_even_mod);
  12213. }
  12214. #if defined(USE_CERT_BUFFERS_2048)
  12215. XMEMCPY(tmp, client_key_der_2048, (size_t)sizeof_client_key_der_2048);
  12216. #elif defined(USE_CERT_BUFFERS_3072)
  12217. XMEMCPY(tmp, client_key_der_3072, (size_t)sizeof_client_key_der_3072);
  12218. #elif defined(USE_CERT_BUFFERS_4096)
  12219. XMEMCPY(tmp, client_key_der_4096, (size_t)sizeof_client_key_der_4096);
  12220. #elif !defined(NO_FILESYSTEM)
  12221. file = XFOPEN(clientKey, "rb");
  12222. if (!file) {
  12223. err_sys("can't open ./certs/client-key.der, "
  12224. "Please run from wolfSSL home dir", -40);
  12225. ERROR_OUT(-7801, exit_rsa_even_mod);
  12226. }
  12227. bytes = XFREAD(tmp, 1, FOURK_BUF, file);
  12228. XFCLOSE(file);
  12229. #else
  12230. /* No key to use. */
  12231. ERROR_OUT(-7802, exit_rsa_even_mod);
  12232. #endif /* USE_CERT_BUFFERS */
  12233. #ifndef NO_ASN
  12234. ret = wc_RsaPrivateKeyDecode(tmp, &idx, key, (word32)bytes);
  12235. if (ret != 0) {
  12236. ERROR_OUT(-7804, exit_rsa_even_mod);
  12237. }
  12238. #else
  12239. #ifdef USE_CERT_BUFFERS_2048
  12240. ret = mp_read_unsigned_bin(&key->n, &tmp[12], 256);
  12241. if (ret != 0) {
  12242. ERROR_OUT(-7804, exit_rsa_even_mod);
  12243. }
  12244. ret = mp_set_int(&key->e, WC_RSA_EXPONENT);
  12245. if (ret != 0) {
  12246. ERROR_OUT(-7804, exit_rsa_even_mod);
  12247. }
  12248. #ifndef NO_SIG_WRAPPER
  12249. modLen = 2048;
  12250. #endif
  12251. #else
  12252. #error Not supported yet!
  12253. #endif
  12254. #endif
  12255. key->n.dp[0] &= (mp_digit)-2;
  12256. if (ret != 0) {
  12257. ERROR_OUT(-7804, exit_rsa_even_mod);
  12258. }
  12259. /* after loading in key use tmp as the test buffer */
  12260. #if !defined(WOLFSSL_RSA_VERIFY_ONLY) && !defined(WOLFSSL_RSA_PUBLIC_ONLY)
  12261. inLen = 32;
  12262. outSz = wc_RsaEncryptSize(key);
  12263. XMEMSET(tmp, 7, plainSz);
  12264. ret = wc_RsaSSL_Sign(tmp, inLen, out, outSz, key, rng);
  12265. if (ret != MP_VAL && ret != MP_EXPTMOD_E && ret != MP_INVMOD_E) {
  12266. ERROR_OUT(-7806, exit_rsa_even_mod);
  12267. }
  12268. ret = wc_RsaSSL_Verify(out, outSz, tmp, inLen, key);
  12269. if (ret != MP_VAL && ret != MP_EXPTMOD_E) {
  12270. ERROR_OUT(-7808, exit_rsa_even_mod);
  12271. }
  12272. #endif
  12273. #ifdef WC_RSA_BLINDING
  12274. ret = wc_RsaSetRNG(key, rng);
  12275. if (ret < 0) {
  12276. ERROR_OUT(-7811, exit_rsa_even_mod);
  12277. }
  12278. #endif
  12279. /* test encrypt and decrypt using WC_RSA_NO_PAD */
  12280. #if !defined(WOLFSSL_RSA_VERIFY_ONLY) && !defined(WOLFSSL_RSA_PUBLIC_ONLY)
  12281. ret = wc_RsaPublicEncrypt(tmp, inLen, out, (int)outSz, key, rng);
  12282. if (ret != MP_VAL && ret != MP_EXPTMOD_E) {
  12283. ERROR_OUT(-7812, exit_rsa_even_mod);
  12284. }
  12285. #endif /* WOLFSSL_RSA_VERIFY_ONLY */
  12286. #ifndef WOLFSSL_RSA_PUBLIC_ONLY
  12287. ret = wc_RsaPrivateDecrypt(out, outSz, plain, (int)plainSz, key);
  12288. if (ret != MP_VAL && ret != MP_EXPTMOD_E && ret != MP_INVMOD_E) {
  12289. ERROR_OUT(-7813, exit_rsa_even_mod);
  12290. }
  12291. #endif /* WOLFSSL_RSA_PUBLIC_ONLY */
  12292. /* if making it to this point of code without hitting an ERROR_OUT then
  12293. * all tests have passed */
  12294. ret = 0;
  12295. exit_rsa_even_mod:
  12296. XFREE(tmp, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  12297. FREE_VAR(out, HEAP_HINT);
  12298. #ifndef WOLFSSL_RSA_PUBLIC_ONLY
  12299. FREE_VAR(plain, HEAP_HINT);
  12300. #endif
  12301. (void)out;
  12302. (void)outSz;
  12303. (void)plain;
  12304. (void)plainSz;
  12305. (void)inLen;
  12306. (void)rng;
  12307. return ret;
  12308. }
  12309. #endif /* WOLFSSL_HAVE_SP_RSA */
  12310. #ifdef WOLFSSL_CERT_GEN
  12311. static int rsa_certgen_test(RsaKey* key, RsaKey* keypub, WC_RNG* rng, byte* tmp)
  12312. {
  12313. #ifdef WOLFSSL_SMALL_STACK
  12314. RsaKey *caKey = (RsaKey *)XMALLOC(sizeof *caKey, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  12315. #ifdef WOLFSSL_TEST_CERT
  12316. DecodedCert *decode = (DecodedCert *)XMALLOC(sizeof *decode, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  12317. #endif
  12318. #else
  12319. RsaKey caKey[1];
  12320. #ifdef WOLFSSL_TEST_CERT
  12321. DecodedCert decode[1];
  12322. #endif
  12323. #endif
  12324. byte* der = NULL;
  12325. int ret;
  12326. Cert* myCert = NULL;
  12327. int certSz;
  12328. size_t bytes3;
  12329. word32 idx3 = 0;
  12330. #if !defined(USE_CERT_BUFFERS_1024) && !defined(USE_CERT_BUFFERS_2048)
  12331. XFILE file3;
  12332. #endif
  12333. #if defined(WOLFSSL_ALT_NAMES) && !defined(NO_ASN_TIME)
  12334. struct tm beforeTime;
  12335. struct tm afterTime;
  12336. #endif
  12337. const byte mySerial[8] = {1,2,3,4,5,6,7,8};
  12338. (void)keypub;
  12339. #ifdef WOLFSSL_SMALL_STACK
  12340. if (caKey == NULL)
  12341. ERROR_OUT(MEMORY_E, exit_rsa);
  12342. #ifdef WOLFSSL_TEST_CERT
  12343. if (decode == NULL)
  12344. ERROR_OUT(MEMORY_E, exit_rsa);
  12345. #endif
  12346. #endif
  12347. XMEMSET(caKey, 0, sizeof *caKey);
  12348. der = (byte*)XMALLOC(FOURK_BUF, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  12349. if (der == NULL) {
  12350. ERROR_OUT(-7820, exit_rsa);
  12351. }
  12352. myCert = (Cert*)XMALLOC(sizeof(Cert), HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  12353. if (myCert == NULL) {
  12354. ERROR_OUT(-7821, exit_rsa);
  12355. }
  12356. /* self signed */
  12357. if (wc_InitCert(myCert)) {
  12358. ERROR_OUT(-7822, exit_rsa);
  12359. }
  12360. XMEMCPY(&myCert->subject, &certDefaultName, sizeof(CertName));
  12361. XMEMCPY(myCert->serial, mySerial, sizeof(mySerial));
  12362. myCert->serialSz = (int)sizeof(mySerial);
  12363. myCert->isCA = 1;
  12364. #ifndef NO_SHA256
  12365. myCert->sigType = CTC_SHA256wRSA;
  12366. #else
  12367. myCert->sigType = CTC_SHAwRSA;
  12368. #endif
  12369. #ifdef WOLFSSL_CERT_EXT
  12370. /* add Policies */
  12371. XSTRNCPY(myCert->certPolicies[0], "2.16.840.1.101.3.4.1.42",
  12372. CTC_MAX_CERTPOL_SZ);
  12373. XSTRNCPY(myCert->certPolicies[1], "1.2.840.113549.1.9.16.6.5",
  12374. CTC_MAX_CERTPOL_SZ);
  12375. myCert->certPoliciesNb = 2;
  12376. /* add SKID from the Public Key */
  12377. if (wc_SetSubjectKeyIdFromPublicKey(myCert, keypub, NULL) != 0) {
  12378. ERROR_OUT(-7823, exit_rsa);
  12379. }
  12380. /* add AKID from the Public Key */
  12381. if (wc_SetAuthKeyIdFromPublicKey(myCert, keypub, NULL) != 0) {
  12382. ERROR_OUT(-7824, exit_rsa);
  12383. }
  12384. /* add Key Usage */
  12385. if (wc_SetKeyUsage(myCert,"cRLSign,keyCertSign") != 0) {
  12386. ERROR_OUT(-7825, exit_rsa);
  12387. }
  12388. #ifdef WOLFSSL_EKU_OID
  12389. {
  12390. const char unique[] = "2.16.840.1.111111.100.1.10.1";
  12391. if (wc_SetExtKeyUsageOID(myCert, unique, sizeof(unique), 0,
  12392. HEAP_HINT) != 0) {
  12393. ERROR_OUT(-7826, exit_rsa);
  12394. }
  12395. }
  12396. #endif /* WOLFSSL_EKU_OID */
  12397. #endif /* WOLFSSL_CERT_EXT */
  12398. ret = 0;
  12399. do {
  12400. #if defined(WOLFSSL_ASYNC_CRYPT)
  12401. ret = wc_AsyncWait(ret, &key->asyncDev, WC_ASYNC_FLAG_CALL_AGAIN);
  12402. #endif
  12403. if (ret >= 0) {
  12404. ret = wc_MakeSelfCert(myCert, der, FOURK_BUF, key, rng);
  12405. }
  12406. } while (ret == WC_PENDING_E);
  12407. if (ret < 0) {
  12408. ERROR_OUT(-7827, exit_rsa);
  12409. }
  12410. certSz = ret;
  12411. #ifdef WOLFSSL_TEST_CERT
  12412. InitDecodedCert(decode, der, certSz, HEAP_HINT);
  12413. ret = ParseCert(decode, CERT_TYPE, NO_VERIFY, 0);
  12414. if (ret != 0) {
  12415. FreeDecodedCert(decode);
  12416. ERROR_OUT(-7828, exit_rsa);
  12417. }
  12418. FreeDecodedCert(decode);
  12419. #endif
  12420. ret = SaveDerAndPem(der, certSz, certDerFile, certPemFile,
  12421. CERT_TYPE, -5578);
  12422. if (ret != 0) {
  12423. goto exit_rsa;
  12424. }
  12425. /* Setup Certificate */
  12426. if (wc_InitCert(myCert)) {
  12427. ERROR_OUT(-7829, exit_rsa);
  12428. }
  12429. #ifdef WOLFSSL_ALT_NAMES
  12430. /* Get CA Cert for testing */
  12431. #ifdef USE_CERT_BUFFERS_1024
  12432. XMEMCPY(tmp, ca_cert_der_1024, sizeof_ca_cert_der_1024);
  12433. bytes3 = sizeof_ca_cert_der_1024;
  12434. #elif defined(USE_CERT_BUFFERS_2048)
  12435. XMEMCPY(tmp, ca_cert_der_2048, sizeof_ca_cert_der_2048);
  12436. bytes3 = sizeof_ca_cert_der_2048;
  12437. #else
  12438. file3 = XFOPEN(rsaCaCertDerFile, "rb");
  12439. if (!file3) {
  12440. ERROR_OUT(-7830, exit_rsa);
  12441. }
  12442. bytes3 = XFREAD(tmp, 1, FOURK_BUF, file3);
  12443. XFCLOSE(file3);
  12444. #endif /* USE_CERT_BUFFERS */
  12445. #if !defined(NO_FILESYSTEM) && !defined(USE_CERT_BUFFERS_1024) && \
  12446. !defined(USE_CERT_BUFFERS_2048) && !defined(NO_ASN)
  12447. ret = wc_SetAltNames(myCert, rsaCaCertFile);
  12448. if (ret != 0) {
  12449. ERROR_OUT(-7831, exit_rsa);
  12450. }
  12451. #endif
  12452. /* get alt names from der */
  12453. ret = wc_SetAltNamesBuffer(myCert, tmp, (int)bytes3);
  12454. if (ret != 0) {
  12455. ERROR_OUT(-7832, exit_rsa);
  12456. }
  12457. /* get dates from der */
  12458. ret = wc_SetDatesBuffer(myCert, tmp, (int)bytes3);
  12459. if (ret != 0) {
  12460. ERROR_OUT(-7833, exit_rsa);
  12461. }
  12462. #ifndef NO_ASN_TIME
  12463. ret = wc_GetCertDates(myCert, &beforeTime, &afterTime);
  12464. if (ret < 0) {
  12465. ERROR_OUT(-7834, exit_rsa);
  12466. }
  12467. #endif
  12468. #endif /* WOLFSSL_ALT_NAMES */
  12469. /* Get CA Key */
  12470. #ifdef USE_CERT_BUFFERS_1024
  12471. XMEMCPY(tmp, ca_key_der_1024, sizeof_ca_key_der_1024);
  12472. bytes3 = sizeof_ca_key_der_1024;
  12473. #elif defined(USE_CERT_BUFFERS_2048)
  12474. XMEMCPY(tmp, ca_key_der_2048, sizeof_ca_key_der_2048);
  12475. bytes3 = sizeof_ca_key_der_2048;
  12476. #else
  12477. file3 = XFOPEN(rsaCaKeyFile, "rb");
  12478. if (!file3) {
  12479. ERROR_OUT(-7835, exit_rsa);
  12480. }
  12481. bytes3 = XFREAD(tmp, 1, FOURK_BUF, file3);
  12482. XFCLOSE(file3);
  12483. #endif /* USE_CERT_BUFFERS */
  12484. ret = wc_InitRsaKey(caKey, HEAP_HINT);
  12485. if (ret != 0) {
  12486. ERROR_OUT(-7836, exit_rsa);
  12487. }
  12488. ret = wc_RsaPrivateKeyDecode(tmp, &idx3, caKey, (word32)bytes3);
  12489. if (ret != 0) {
  12490. ERROR_OUT(-7837, exit_rsa);
  12491. }
  12492. #ifndef NO_SHA256
  12493. myCert->sigType = CTC_SHA256wRSA;
  12494. #else
  12495. myCert->sigType = CTC_SHAwRSA;
  12496. #endif
  12497. XMEMCPY(&myCert->subject, &certDefaultName, sizeof(CertName));
  12498. #ifdef WOLFSSL_CERT_EXT
  12499. /* add Policies */
  12500. XSTRNCPY(myCert->certPolicies[0], "2.16.840.1.101.3.4.1.42",
  12501. CTC_MAX_CERTPOL_SZ);
  12502. myCert->certPoliciesNb =1;
  12503. /* add SKID from the Public Key */
  12504. if (wc_SetSubjectKeyIdFromPublicKey(myCert, key, NULL) != 0) {
  12505. ERROR_OUT(-7838, exit_rsa);
  12506. }
  12507. /* add AKID from the CA certificate */
  12508. #if defined(USE_CERT_BUFFERS_2048)
  12509. ret = wc_SetAuthKeyIdFromCert(myCert, ca_cert_der_2048,
  12510. sizeof_ca_cert_der_2048);
  12511. #elif defined(USE_CERT_BUFFERS_1024)
  12512. ret = wc_SetAuthKeyIdFromCert(myCert, ca_cert_der_1024,
  12513. sizeof_ca_cert_der_1024);
  12514. #else
  12515. ret = wc_SetAuthKeyId(myCert, rsaCaCertFile);
  12516. #endif
  12517. if (ret != 0) {
  12518. ERROR_OUT(-7839, exit_rsa);
  12519. }
  12520. /* add Key Usage */
  12521. if (wc_SetKeyUsage(myCert,"keyEncipherment,keyAgreement") != 0) {
  12522. ERROR_OUT(-7840, exit_rsa);
  12523. }
  12524. #endif /* WOLFSSL_CERT_EXT */
  12525. #if defined(USE_CERT_BUFFERS_2048)
  12526. ret = wc_SetIssuerBuffer(myCert, ca_cert_der_2048,
  12527. sizeof_ca_cert_der_2048);
  12528. #elif defined(USE_CERT_BUFFERS_1024)
  12529. ret = wc_SetIssuerBuffer(myCert, ca_cert_der_1024,
  12530. sizeof_ca_cert_der_1024);
  12531. #else
  12532. ret = wc_SetIssuer(myCert, rsaCaCertFile);
  12533. #endif
  12534. if (ret < 0) {
  12535. ERROR_OUT(-7841, exit_rsa);
  12536. }
  12537. certSz = wc_MakeCert(myCert, der, FOURK_BUF, key, NULL, rng);
  12538. if (certSz < 0) {
  12539. ERROR_OUT(-7842, exit_rsa);
  12540. }
  12541. ret = 0;
  12542. do {
  12543. #if defined(WOLFSSL_ASYNC_CRYPT)
  12544. ret = wc_AsyncWait(ret, &caKey->asyncDev, WC_ASYNC_FLAG_CALL_AGAIN);
  12545. #endif
  12546. if (ret >= 0) {
  12547. ret = wc_SignCert(myCert->bodySz, myCert->sigType, der, FOURK_BUF,
  12548. caKey, NULL, rng);
  12549. }
  12550. } while (ret == WC_PENDING_E);
  12551. if (ret < 0) {
  12552. ERROR_OUT(-7843, exit_rsa);
  12553. }
  12554. certSz = ret;
  12555. #ifdef WOLFSSL_TEST_CERT
  12556. InitDecodedCert(decode, der, certSz, HEAP_HINT);
  12557. ret = ParseCert(decode, CERT_TYPE, NO_VERIFY, 0);
  12558. if (ret != 0) {
  12559. FreeDecodedCert(decode);
  12560. ERROR_OUT(-7844, exit_rsa);
  12561. }
  12562. FreeDecodedCert(decode);
  12563. #endif
  12564. ret = SaveDerAndPem(der, certSz, otherCertDerFile, otherCertPemFile,
  12565. CERT_TYPE, -5598);
  12566. if (ret != 0) {
  12567. goto exit_rsa;
  12568. }
  12569. exit_rsa:
  12570. #ifdef WOLFSSL_SMALL_STACK
  12571. if (caKey != NULL) {
  12572. wc_FreeRsaKey(caKey);
  12573. XFREE(caKey, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  12574. }
  12575. #ifdef WOLFSSL_TEST_CERT
  12576. if (decode != NULL)
  12577. XFREE(decode, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  12578. #endif
  12579. #else
  12580. wc_FreeRsaKey(caKey);
  12581. #endif
  12582. XFREE(myCert, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  12583. XFREE(der, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  12584. return ret;
  12585. }
  12586. #endif
  12587. #if !defined(NO_RSA) && defined(HAVE_ECC) && defined(WOLFSSL_CERT_GEN)
  12588. /* Make Cert / Sign example for ECC cert and RSA CA */
  12589. static int rsa_ecc_certgen_test(WC_RNG* rng, byte* tmp)
  12590. {
  12591. #ifdef WOLFSSL_SMALL_STACK
  12592. RsaKey *caKey = (RsaKey *)XMALLOC(sizeof *caKey, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  12593. ecc_key *caEccKey = (ecc_key *)XMALLOC(sizeof *caEccKey, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  12594. ecc_key *caEccKeyPub = (ecc_key *)XMALLOC(sizeof *caEccKeyPub, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  12595. #ifdef WOLFSSL_TEST_CERT
  12596. DecodedCert *decode = (DecodedCert *)XMALLOC(sizeof *decode, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  12597. #endif
  12598. #else
  12599. RsaKey caKey[1];
  12600. ecc_key caEccKey[1];
  12601. ecc_key caEccKeyPub[1];
  12602. #ifdef WOLFSSL_TEST_CERT
  12603. DecodedCert decode[1];
  12604. #endif
  12605. #endif
  12606. byte* der = NULL;
  12607. Cert* myCert = NULL;
  12608. int certSz;
  12609. size_t bytes3;
  12610. word32 idx3 = 0;
  12611. #if (!defined(USE_CERT_BUFFERS_1024) && !defined(USE_CERT_BUFFERS_2048)) \
  12612. || !defined(USE_CERT_BUFFERS_256)
  12613. XFILE file3;
  12614. #endif
  12615. int ret;
  12616. #ifdef WOLFSSL_SMALL_STACK
  12617. if ((caKey == NULL) || (caEccKey == NULL) || (caEccKeyPub == NULL)
  12618. #ifdef WOLFSSL_TEST_CERT
  12619. || (decode == NULL)
  12620. #endif
  12621. )
  12622. ERROR_OUT(MEMORY_E, exit_rsa);
  12623. #endif
  12624. XMEMSET(caKey, 0, sizeof *caKey);
  12625. XMEMSET(caEccKey, 0, sizeof *caEccKey);
  12626. XMEMSET(caEccKeyPub, 0, sizeof *caEccKeyPub);
  12627. der = (byte*)XMALLOC(FOURK_BUF, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  12628. if (der == NULL) {
  12629. ERROR_OUT(-7850, exit_rsa);
  12630. }
  12631. myCert = (Cert*)XMALLOC(sizeof(Cert), HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  12632. if (myCert == NULL) {
  12633. ERROR_OUT(-7851, exit_rsa);
  12634. }
  12635. /* Get CA Key */
  12636. #ifdef USE_CERT_BUFFERS_1024
  12637. XMEMCPY(tmp, ca_key_der_1024, sizeof_ca_key_der_1024);
  12638. bytes3 = sizeof_ca_key_der_1024;
  12639. #elif defined(USE_CERT_BUFFERS_2048)
  12640. XMEMCPY(tmp, ca_key_der_2048, sizeof_ca_key_der_2048);
  12641. bytes3 = sizeof_ca_key_der_2048;
  12642. #else
  12643. file3 = XFOPEN(rsaCaKeyFile, "rb");
  12644. if (!file3) {
  12645. ERROR_OUT(-7852, exit_rsa);
  12646. }
  12647. bytes3 = XFREAD(tmp, 1, FOURK_BUF, file3);
  12648. XFCLOSE(file3);
  12649. #endif /* USE_CERT_BUFFERS */
  12650. ret = wc_InitRsaKey(caKey, HEAP_HINT);
  12651. if (ret != 0) {
  12652. ERROR_OUT(-7853, exit_rsa);
  12653. }
  12654. ret = wc_RsaPrivateKeyDecode(tmp, &idx3, caKey, (word32)bytes3);
  12655. if (ret != 0) {
  12656. ERROR_OUT(-7854, exit_rsa);
  12657. }
  12658. /* Get Cert Key */
  12659. #ifdef USE_CERT_BUFFERS_256
  12660. XMEMCPY(tmp, ecc_key_pub_der_256, sizeof_ecc_key_pub_der_256);
  12661. bytes3 = sizeof_ecc_key_pub_der_256;
  12662. #else
  12663. file3 = XFOPEN(eccKeyPubFile, "rb");
  12664. if (!file3) {
  12665. ERROR_OUT(-7855, exit_rsa);
  12666. }
  12667. bytes3 = XFREAD(tmp, 1, FOURK_BUF, file3);
  12668. XFCLOSE(file3);
  12669. #endif
  12670. ret = wc_ecc_init_ex(caEccKeyPub, HEAP_HINT, devId);
  12671. if (ret != 0) {
  12672. ERROR_OUT(-7856, exit_rsa);
  12673. }
  12674. idx3 = 0;
  12675. ret = wc_EccPublicKeyDecode(tmp, &idx3, caEccKeyPub, (word32)bytes3);
  12676. if (ret != 0) {
  12677. ERROR_OUT(-7857, exit_rsa);
  12678. }
  12679. /* Setup Certificate */
  12680. if (wc_InitCert(myCert)) {
  12681. ERROR_OUT(-7858, exit_rsa);
  12682. }
  12683. #ifndef NO_SHA256
  12684. myCert->sigType = CTC_SHA256wRSA;
  12685. #else
  12686. myCert->sigType = CTC_SHAwRSA;
  12687. #endif
  12688. XMEMCPY(&myCert->subject, &certDefaultName, sizeof(CertName));
  12689. #ifdef WOLFSSL_CERT_EXT
  12690. /* add Policies */
  12691. XSTRNCPY(myCert->certPolicies[0], "2.4.589440.587.101.2.1.9632587.1",
  12692. CTC_MAX_CERTPOL_SZ);
  12693. XSTRNCPY(myCert->certPolicies[1], "1.2.13025.489.1.113549",
  12694. CTC_MAX_CERTPOL_SZ);
  12695. myCert->certPoliciesNb = 2;
  12696. /* add SKID from the Public Key */
  12697. if (wc_SetSubjectKeyIdFromPublicKey(myCert, NULL, caEccKeyPub) != 0) {
  12698. ERROR_OUT(-7859, exit_rsa);
  12699. }
  12700. /* add AKID from the CA certificate */
  12701. #if defined(USE_CERT_BUFFERS_2048)
  12702. ret = wc_SetAuthKeyIdFromCert(myCert, ca_cert_der_2048,
  12703. sizeof_ca_cert_der_2048);
  12704. #elif defined(USE_CERT_BUFFERS_1024)
  12705. ret = wc_SetAuthKeyIdFromCert(myCert, ca_cert_der_1024,
  12706. sizeof_ca_cert_der_1024);
  12707. #else
  12708. ret = wc_SetAuthKeyId(myCert, rsaCaCertFile);
  12709. #endif
  12710. if (ret != 0) {
  12711. ERROR_OUT(-7860, exit_rsa);
  12712. }
  12713. /* add Key Usage */
  12714. if (wc_SetKeyUsage(myCert, certKeyUsage) != 0) {
  12715. ERROR_OUT(-7861, exit_rsa);
  12716. }
  12717. #endif /* WOLFSSL_CERT_EXT */
  12718. #if defined(USE_CERT_BUFFERS_2048)
  12719. ret = wc_SetIssuerBuffer(myCert, ca_cert_der_2048,
  12720. sizeof_ca_cert_der_2048);
  12721. #elif defined(USE_CERT_BUFFERS_1024)
  12722. ret = wc_SetIssuerBuffer(myCert, ca_cert_der_1024,
  12723. sizeof_ca_cert_der_1024);
  12724. #else
  12725. ret = wc_SetIssuer(myCert, rsaCaCertFile);
  12726. #endif
  12727. if (ret < 0) {
  12728. ERROR_OUT(-7862, exit_rsa);
  12729. }
  12730. certSz = wc_MakeCert(myCert, der, FOURK_BUF, NULL, caEccKeyPub, rng);
  12731. if (certSz < 0) {
  12732. ERROR_OUT(-7863, exit_rsa);
  12733. }
  12734. ret = 0;
  12735. do {
  12736. #if defined(WOLFSSL_ASYNC_CRYPT)
  12737. ret = wc_AsyncWait(ret, &caEccKey->asyncDev, WC_ASYNC_FLAG_CALL_AGAIN);
  12738. #endif
  12739. if (ret >= 0) {
  12740. ret = wc_SignCert(myCert->bodySz, myCert->sigType, der,
  12741. FOURK_BUF, caKey, NULL, rng);
  12742. }
  12743. } while (ret == WC_PENDING_E);
  12744. if (ret < 0) {
  12745. ERROR_OUT(-7864, exit_rsa);
  12746. }
  12747. certSz = ret;
  12748. #ifdef WOLFSSL_TEST_CERT
  12749. InitDecodedCert(decode, der, certSz, 0);
  12750. ret = ParseCert(decode, CERT_TYPE, NO_VERIFY, 0);
  12751. if (ret != 0) {
  12752. FreeDecodedCert(decode);
  12753. ERROR_OUT(-7865, exit_rsa);
  12754. }
  12755. FreeDecodedCert(decode);
  12756. #endif
  12757. ret = SaveDerAndPem(der, certSz, certEccRsaDerFile, certEccRsaPemFile,
  12758. CERT_TYPE, -5616);
  12759. if (ret != 0) {
  12760. goto exit_rsa;
  12761. }
  12762. exit_rsa:
  12763. #ifdef WOLFSSL_SMALL_STACK
  12764. if (caKey != NULL) {
  12765. wc_FreeRsaKey(caKey);
  12766. XFREE(caKey, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  12767. }
  12768. if (caEccKey != NULL) {
  12769. wc_ecc_free(caEccKey);
  12770. XFREE(caEccKey, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  12771. }
  12772. if (caEccKeyPub != NULL) {
  12773. wc_ecc_free(caEccKeyPub);
  12774. XFREE(caEccKeyPub, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  12775. }
  12776. #ifdef WOLFSSL_TEST_CERT
  12777. if (decode != NULL)
  12778. XFREE(decode, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  12779. #endif
  12780. #else
  12781. wc_FreeRsaKey(caKey);
  12782. wc_ecc_free(caEccKey);
  12783. wc_ecc_free(caEccKeyPub);
  12784. #endif
  12785. XFREE(myCert, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  12786. myCert = NULL;
  12787. XFREE(der, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  12788. der = NULL;
  12789. if (ret >= 0)
  12790. ret = 0;
  12791. return ret;
  12792. }
  12793. #endif /* !NO_RSA && HAVE_ECC && WOLFSSL_CERT_GEN */
  12794. #ifdef WOLFSSL_KEY_GEN
  12795. static int rsa_keygen_test(WC_RNG* rng)
  12796. {
  12797. #ifdef WOLFSSL_SMALL_STACK
  12798. RsaKey *genKey = (RsaKey *)XMALLOC(sizeof *genKey, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  12799. #else
  12800. RsaKey genKey[1];
  12801. #endif
  12802. int ret;
  12803. byte* der = NULL;
  12804. #ifndef WOLFSSL_CRYPTOCELL
  12805. word32 idx = 0;
  12806. #endif
  12807. int derSz = 0;
  12808. #if !defined(WOLFSSL_SP_MATH) && !defined(HAVE_FIPS)
  12809. int keySz = 1024;
  12810. #else
  12811. int keySz = 2048;
  12812. #endif
  12813. #ifdef WOLFSSL_SMALL_STACK
  12814. if (! genKey)
  12815. ERROR_OUT(MEMORY_E, exit_rsa);
  12816. #endif
  12817. XMEMSET(genKey, 0, sizeof *genKey);
  12818. ret = wc_InitRsaKey_ex(genKey, HEAP_HINT, devId);
  12819. if (ret != 0) {
  12820. ERROR_OUT(-7870, exit_rsa);
  12821. }
  12822. ret = wc_MakeRsaKey(genKey, keySz, WC_RSA_EXPONENT, rng);
  12823. #if defined(WOLFSSL_ASYNC_CRYPT)
  12824. ret = wc_AsyncWait(ret, &genKey->asyncDev, WC_ASYNC_FLAG_NONE);
  12825. #endif
  12826. if (ret != 0) {
  12827. ERROR_OUT(-7871, exit_rsa);
  12828. }
  12829. TEST_SLEEP();
  12830. /* If not using old FIPS, or not using FAST or USER RSA... */
  12831. #if !defined(HAVE_FAST_RSA) && !defined(HAVE_USER_RSA) && \
  12832. (!defined(HAVE_FIPS) || \
  12833. (defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION >= 2))) && \
  12834. !defined(HAVE_SELFTEST) && !defined(HAVE_INTEL_QA)
  12835. ret = wc_CheckRsaKey(genKey);
  12836. if (ret != 0) {
  12837. ERROR_OUT(-7872, exit_rsa);
  12838. }
  12839. #endif
  12840. der = (byte*)XMALLOC(FOURK_BUF, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  12841. if (der == NULL) {
  12842. ERROR_OUT(-7873, exit_rsa);
  12843. }
  12844. derSz = wc_RsaKeyToDer(genKey, der, FOURK_BUF);
  12845. if (derSz < 0) {
  12846. ERROR_OUT(-7874, exit_rsa);
  12847. }
  12848. ret = SaveDerAndPem(der, derSz, keyDerFile, keyPemFile,
  12849. PRIVATEKEY_TYPE, -5555);
  12850. if (ret != 0) {
  12851. goto exit_rsa;
  12852. }
  12853. wc_FreeRsaKey(genKey);
  12854. ret = wc_InitRsaKey(genKey, HEAP_HINT);
  12855. if (ret != 0) {
  12856. ERROR_OUT(-7875, exit_rsa);
  12857. }
  12858. #ifndef WOLFSSL_CRYPTOCELL
  12859. idx = 0;
  12860. /* The private key part of the key gen pairs from cryptocell can't be exported */
  12861. ret = wc_RsaPrivateKeyDecode(der, &idx, genKey, derSz);
  12862. if (ret != 0) {
  12863. ERROR_OUT(-7876, exit_rsa);
  12864. }
  12865. #endif /* WOLFSSL_CRYPTOCELL */
  12866. exit_rsa:
  12867. #ifdef WOLFSSL_SMALL_STACK
  12868. if (genKey) {
  12869. wc_FreeRsaKey(genKey);
  12870. XFREE(genKey, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  12871. }
  12872. #else
  12873. wc_FreeRsaKey(genKey);
  12874. #endif
  12875. if (der != NULL) {
  12876. XFREE(der, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  12877. der = NULL;
  12878. }
  12879. return ret;
  12880. }
  12881. #endif
  12882. WOLFSSL_TEST_SUBROUTINE int rsa_test(void)
  12883. {
  12884. int ret;
  12885. byte* tmp = NULL;
  12886. byte* der = NULL;
  12887. size_t bytes;
  12888. WC_RNG rng;
  12889. #ifdef WOLFSSL_SMALL_STACK
  12890. RsaKey *key = (RsaKey *)XMALLOC(sizeof *key, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  12891. #else
  12892. RsaKey key[1];
  12893. #endif
  12894. #if defined(WOLFSSL_CERT_EXT) || defined(WOLFSSL_CERT_GEN)
  12895. #ifdef WOLFSSL_SMALL_STACK
  12896. RsaKey *keypub = (RsaKey *)XMALLOC(sizeof *keypub, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  12897. #else
  12898. RsaKey keypub[1];
  12899. #endif
  12900. #endif
  12901. #if defined(HAVE_NTRU)
  12902. #ifdef WOLFSSL_SMALL_STACK
  12903. RsaKey *caKey = (RsaKey *)XMALLOC(sizeof *caKey, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  12904. #else
  12905. RsaKey caKey[1];
  12906. #endif
  12907. #endif
  12908. word32 idx = 0;
  12909. const char inStr[] = TEST_STRING;
  12910. const word32 inLen = (word32)TEST_STRING_SZ;
  12911. const word32 outSz = RSA_TEST_BYTES;
  12912. const word32 plainSz = RSA_TEST_BYTES;
  12913. byte* res = NULL;
  12914. #ifndef NO_SIG_WRAPPER
  12915. int modLen;
  12916. #endif
  12917. #if !defined(USE_CERT_BUFFERS_1024) && !defined(USE_CERT_BUFFERS_2048) && \
  12918. !defined(USE_CERT_BUFFERS_3072) && !defined(USE_CERT_BUFFERS_4096) && \
  12919. !defined(NO_FILESYSTEM)
  12920. XFILE file;
  12921. XFILE file2;
  12922. #endif
  12923. #ifdef WOLFSSL_TEST_CERT
  12924. #ifdef WOLFSSL_SMALL_STACK
  12925. DecodedCert *cert = (DecodedCert *)XMALLOC(sizeof *cert, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  12926. #else
  12927. DecodedCert cert[1];
  12928. #endif
  12929. #endif
  12930. DECLARE_VAR(in, byte, TEST_STRING_SZ, HEAP_HINT);
  12931. DECLARE_VAR(out, byte, RSA_TEST_BYTES, HEAP_HINT);
  12932. DECLARE_VAR(plain, byte, RSA_TEST_BYTES, HEAP_HINT);
  12933. #ifdef DECLARE_VAR_IS_HEAP_ALLOC
  12934. if (in == NULL || out == NULL || plain == NULL)
  12935. ERROR_OUT(MEMORY_E, exit_rsa);
  12936. #endif
  12937. XMEMCPY(in, inStr, inLen);
  12938. #ifdef WOLFSSL_SMALL_STACK
  12939. if (key == NULL)
  12940. ERROR_OUT(MEMORY_E, exit_rsa);
  12941. #if defined(WOLFSSL_CERT_EXT) || defined(WOLFSSL_CERT_GEN)
  12942. if (keypub == NULL)
  12943. ERROR_OUT(MEMORY_E, exit_rsa);
  12944. #endif
  12945. #if defined(HAVE_NTRU)
  12946. if (caKey == NULL)
  12947. ERROR_OUT(MEMORY_E, exit_rsa);
  12948. #endif
  12949. #ifdef WOLFSSL_TEST_CERT
  12950. if (cert == NULL)
  12951. ERROR_OUT(MEMORY_E, exit_rsa);
  12952. #endif
  12953. #endif /* WOLFSSL_SMALL_STACK */
  12954. /* initialize stack structures */
  12955. XMEMSET(&rng, 0, sizeof(rng));
  12956. XMEMSET(key, 0, sizeof *key);
  12957. #if defined(WOLFSSL_CERT_EXT) || defined(WOLFSSL_CERT_GEN)
  12958. XMEMSET(keypub, 0, sizeof *keypub);
  12959. #endif
  12960. #if defined(HAVE_NTRU)
  12961. XMEMSET(caKey, 0, sizeof *caKey);
  12962. #endif
  12963. #if !defined(HAVE_USER_RSA) && !defined(NO_ASN)
  12964. ret = rsa_decode_test(key);
  12965. if (ret != 0)
  12966. ERROR_OUT(ret, exit_rsa);
  12967. #endif
  12968. #ifdef USE_CERT_BUFFERS_1024
  12969. bytes = (size_t)sizeof_client_key_der_1024;
  12970. if (bytes < (size_t)sizeof_client_cert_der_1024)
  12971. bytes = (size_t)sizeof_client_cert_der_1024;
  12972. #elif defined(USE_CERT_BUFFERS_2048)
  12973. bytes = (size_t)sizeof_client_key_der_2048;
  12974. if (bytes < (size_t)sizeof_client_cert_der_2048)
  12975. bytes = (size_t)sizeof_client_cert_der_2048;
  12976. #elif defined(USE_CERT_BUFFERS_3072)
  12977. bytes = (size_t)sizeof_client_key_der_3072;
  12978. if (bytes < (size_t)sizeof_client_cert_der_3072)
  12979. bytes = (size_t)sizeof_client_cert_der_3072;
  12980. #elif defined(USE_CERT_BUFFERS_4096)
  12981. bytes = (size_t)sizeof_client_key_der_4096;
  12982. if (bytes < (size_t)sizeof_client_cert_der_4096)
  12983. bytes = (size_t)sizeof_client_cert_der_4096;
  12984. #else
  12985. bytes = FOURK_BUF;
  12986. #endif
  12987. tmp = (byte*)XMALLOC(bytes, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  12988. if (tmp == NULL)
  12989. ERROR_OUT(-7900, exit_rsa);
  12990. #ifdef USE_CERT_BUFFERS_1024
  12991. XMEMCPY(tmp, client_key_der_1024, (size_t)sizeof_client_key_der_1024);
  12992. #elif defined(USE_CERT_BUFFERS_2048)
  12993. XMEMCPY(tmp, client_key_der_2048, (size_t)sizeof_client_key_der_2048);
  12994. #elif defined(USE_CERT_BUFFERS_3072)
  12995. XMEMCPY(tmp, client_key_der_3072, (size_t)sizeof_client_key_der_3072);
  12996. #elif defined(USE_CERT_BUFFERS_4096)
  12997. XMEMCPY(tmp, client_key_der_4096, (size_t)sizeof_client_key_der_4096);
  12998. #elif !defined(NO_FILESYSTEM)
  12999. file = XFOPEN(clientKey, "rb");
  13000. if (!file) {
  13001. err_sys("can't open ./certs/client-key.der, "
  13002. "Please run from wolfSSL home dir", -40);
  13003. ERROR_OUT(-7901, exit_rsa);
  13004. }
  13005. bytes = XFREAD(tmp, 1, FOURK_BUF, file);
  13006. XFCLOSE(file);
  13007. #else
  13008. /* No key to use. */
  13009. ERROR_OUT(-7902, exit_rsa);
  13010. #endif /* USE_CERT_BUFFERS */
  13011. ret = wc_InitRsaKey_ex(key, HEAP_HINT, devId);
  13012. if (ret != 0) {
  13013. ERROR_OUT(-7903, exit_rsa);
  13014. }
  13015. #ifndef NO_ASN
  13016. ret = wc_RsaPrivateKeyDecode(tmp, &idx, key, (word32)bytes);
  13017. if (ret != 0) {
  13018. ERROR_OUT(-7904, exit_rsa);
  13019. }
  13020. #ifndef NO_SIG_WRAPPER
  13021. modLen = wc_RsaEncryptSize(key);
  13022. #endif
  13023. #else
  13024. #ifdef USE_CERT_BUFFERS_2048
  13025. ret = mp_read_unsigned_bin(&key->n, &tmp[12], 256);
  13026. if (ret != 0) {
  13027. ERROR_OUT(-7905, exit_rsa);
  13028. }
  13029. ret = mp_set_int(&key->e, WC_RSA_EXPONENT);
  13030. if (ret != 0) {
  13031. ERROR_OUT(-7906, exit_rsa);
  13032. }
  13033. #ifndef NO_SIG_WRAPPER
  13034. modLen = 2048;
  13035. #endif
  13036. #else
  13037. #error Not supported yet!
  13038. #endif
  13039. #endif
  13040. #ifndef WC_NO_RNG
  13041. #ifndef HAVE_FIPS
  13042. ret = wc_InitRng_ex(&rng, HEAP_HINT, devId);
  13043. #else
  13044. ret = wc_InitRng(&rng);
  13045. #endif
  13046. if (ret != 0) {
  13047. ERROR_OUT(-7907, exit_rsa);
  13048. }
  13049. #endif
  13050. #ifndef NO_SIG_WRAPPER
  13051. ret = rsa_sig_test(key, sizeof *key, modLen, &rng);
  13052. if (ret != 0)
  13053. goto exit_rsa;
  13054. #endif
  13055. #ifdef WC_RSA_NONBLOCK
  13056. ret = rsa_nb_test(key, in, inLen, out, outSz, plain, plainSz, &rng);
  13057. if (ret != 0)
  13058. goto exit_rsa;
  13059. #endif
  13060. #if !defined(WOLFSSL_RSA_VERIFY_ONLY) && !defined(WOLFSSL_RSA_PUBLIC_ONLY) && \
  13061. !defined(WC_NO_RNG)
  13062. do {
  13063. #if defined(WOLFSSL_ASYNC_CRYPT)
  13064. ret = wc_AsyncWait(ret, &key->asyncDev, WC_ASYNC_FLAG_CALL_AGAIN);
  13065. #endif
  13066. if (ret >= 0) {
  13067. ret = wc_RsaPublicEncrypt(in, inLen, out, outSz, key, &rng);
  13068. }
  13069. } while (ret == WC_PENDING_E);
  13070. if (ret < 0) {
  13071. ERROR_OUT(-7908, exit_rsa);
  13072. }
  13073. TEST_SLEEP();
  13074. #ifdef WC_RSA_BLINDING
  13075. {
  13076. int tmpret = ret;
  13077. ret = wc_RsaSetRNG(key, &rng);
  13078. if (ret < 0) {
  13079. ERROR_OUT(-7909, exit_rsa);
  13080. }
  13081. ret = tmpret;
  13082. }
  13083. #endif
  13084. idx = (word32)ret; /* save off encrypted length */
  13085. do {
  13086. #if defined(WOLFSSL_ASYNC_CRYPT)
  13087. ret = wc_AsyncWait(ret, &key->asyncDev, WC_ASYNC_FLAG_CALL_AGAIN);
  13088. #endif
  13089. if (ret >= 0) {
  13090. ret = wc_RsaPrivateDecrypt(out, idx, plain, plainSz, key);
  13091. }
  13092. } while (ret == WC_PENDING_E);
  13093. if (ret < 0) {
  13094. ERROR_OUT(-7910, exit_rsa);
  13095. }
  13096. if (XMEMCMP(plain, in, inLen)) {
  13097. ERROR_OUT(-7911, exit_rsa);
  13098. }
  13099. TEST_SLEEP();
  13100. do {
  13101. #if defined(WOLFSSL_ASYNC_CRYPT)
  13102. ret = wc_AsyncWait(ret, &key->asyncDev, WC_ASYNC_FLAG_CALL_AGAIN);
  13103. #endif
  13104. if (ret >= 0) {
  13105. ret = wc_RsaPrivateDecryptInline(out, idx, &res, key);
  13106. }
  13107. } while (ret == WC_PENDING_E);
  13108. if (ret < 0) {
  13109. ERROR_OUT(-7912, exit_rsa);
  13110. }
  13111. if (ret != (int)inLen) {
  13112. ERROR_OUT(-7913, exit_rsa);
  13113. }
  13114. if (XMEMCMP(res, in, inLen)) {
  13115. ERROR_OUT(-7914, exit_rsa);
  13116. }
  13117. TEST_SLEEP();
  13118. do {
  13119. #if defined(WOLFSSL_ASYNC_CRYPT)
  13120. ret = wc_AsyncWait(ret, &key->asyncDev, WC_ASYNC_FLAG_CALL_AGAIN);
  13121. #endif
  13122. if (ret >= 0) {
  13123. ret = wc_RsaSSL_Sign(in, inLen, out, outSz, key, &rng);
  13124. }
  13125. } while (ret == WC_PENDING_E);
  13126. if (ret < 0) {
  13127. ERROR_OUT(-7915, exit_rsa);
  13128. }
  13129. TEST_SLEEP();
  13130. #elif defined(WOLFSSL_PUBLIC_MP)
  13131. {
  13132. static byte signature_2048[] = {
  13133. 0x07, 0x6f, 0xc9, 0x85, 0x73, 0x9e, 0x21, 0x79,
  13134. 0x47, 0xf1, 0xa3, 0xd7, 0xf4, 0x27, 0x29, 0xbe,
  13135. 0x99, 0x5d, 0xac, 0xb2, 0x10, 0x3f, 0x95, 0xda,
  13136. 0x89, 0x23, 0xb8, 0x96, 0x13, 0x57, 0x72, 0x30,
  13137. 0xa1, 0xfe, 0x5a, 0x68, 0x9c, 0x99, 0x9d, 0x1e,
  13138. 0x05, 0xa4, 0x80, 0xb0, 0xbb, 0xd9, 0xd9, 0xa1,
  13139. 0x69, 0x97, 0x74, 0xb3, 0x41, 0x21, 0x3b, 0x47,
  13140. 0xf5, 0x51, 0xb1, 0xfb, 0xc7, 0xaa, 0xcc, 0xdc,
  13141. 0xcd, 0x76, 0xa0, 0x28, 0x4d, 0x27, 0x14, 0xa4,
  13142. 0xb9, 0x41, 0x68, 0x7c, 0xb3, 0x66, 0xe6, 0x6f,
  13143. 0x40, 0x76, 0xe4, 0x12, 0xfd, 0xae, 0x29, 0xb5,
  13144. 0x63, 0x60, 0x87, 0xce, 0x49, 0x6b, 0xf3, 0x05,
  13145. 0x9a, 0x14, 0xb5, 0xcc, 0xcd, 0xf7, 0x30, 0x95,
  13146. 0xd2, 0x72, 0x52, 0x1d, 0x5b, 0x7e, 0xef, 0x4a,
  13147. 0x02, 0x96, 0x21, 0x6c, 0x55, 0xa5, 0x15, 0xb1,
  13148. 0x57, 0x63, 0x2c, 0xa3, 0x8e, 0x9d, 0x3d, 0x45,
  13149. 0xcc, 0xb8, 0xe6, 0xa1, 0xc8, 0x59, 0xcd, 0xf5,
  13150. 0xdc, 0x0a, 0x51, 0xb6, 0x9d, 0xfb, 0xf4, 0x6b,
  13151. 0xfd, 0x32, 0x71, 0x6e, 0xcf, 0xcb, 0xb3, 0xd9,
  13152. 0xe0, 0x4a, 0x77, 0x34, 0xd6, 0x61, 0xf5, 0x7c,
  13153. 0xf9, 0xa9, 0xa4, 0xb0, 0x8e, 0x3b, 0xd6, 0x04,
  13154. 0xe0, 0xde, 0x2b, 0x5b, 0x5a, 0xbf, 0xd9, 0xef,
  13155. 0x8d, 0xa3, 0xf5, 0xb1, 0x67, 0xf3, 0xb9, 0x72,
  13156. 0x0a, 0x37, 0x12, 0x35, 0x6c, 0x8e, 0x10, 0x8b,
  13157. 0x38, 0x06, 0x16, 0x4b, 0x20, 0x20, 0x13, 0x00,
  13158. 0x2e, 0x6d, 0xc2, 0x59, 0x23, 0x67, 0x4a, 0x6d,
  13159. 0xa1, 0x46, 0x8b, 0xee, 0xcf, 0x44, 0xb4, 0x3e,
  13160. 0x56, 0x75, 0x00, 0x68, 0xb5, 0x7d, 0x0f, 0x20,
  13161. 0x79, 0x5d, 0x7f, 0x12, 0x15, 0x32, 0x89, 0x61,
  13162. 0x6b, 0x29, 0xb7, 0x52, 0xf5, 0x25, 0xd8, 0x98,
  13163. 0xe8, 0x6f, 0xf9, 0x22, 0xb4, 0xbb, 0xe5, 0xff,
  13164. 0xd0, 0x92, 0x86, 0x9a, 0x88, 0xa2, 0xaf, 0x6b
  13165. };
  13166. ret = sizeof(signature_2048);
  13167. XMEMCPY(out, signature_2048, ret);
  13168. }
  13169. #endif
  13170. #if !defined(WC_NO_RNG) && !defined(WC_NO_RSA_OAEP) && \
  13171. ((!defined(WOLFSSL_RSA_VERIFY_ONLY) && !defined(WOLFSSL_RSA_PUBLIC_ONLY)) || \
  13172. defined(WOLFSSL_PUBLIC_MP))
  13173. idx = (word32)ret;
  13174. XMEMSET(plain, 0, plainSz);
  13175. do {
  13176. #if defined(WOLFSSL_ASYNC_CRYPT)
  13177. ret = wc_AsyncWait(ret, &key->asyncDev, WC_ASYNC_FLAG_CALL_AGAIN);
  13178. #endif
  13179. if (ret >= 0) {
  13180. #ifndef WOLFSSL_RSA_VERIFY_INLINE
  13181. #if defined(WOLFSSL_CRYPTOCELL)
  13182. /*
  13183. Cryptocell requires the input data and signature byte array to verify.
  13184. first argument must be the input data
  13185. second argument must be the length of input data
  13186. third argument must be the signature byte array or the output from
  13187. wc_RsaSSL_Sign()
  13188. fourth argument must be the length of the signature byte array
  13189. */
  13190. ret = wc_RsaSSL_Verify(in, inLen, out, outSz, key);
  13191. #else
  13192. ret = wc_RsaSSL_Verify(out, idx, plain, plainSz, key);
  13193. #endif /* WOLFSSL_CRYPTOCELL */
  13194. #else
  13195. byte* dec = NULL;
  13196. ret = wc_RsaSSL_VerifyInline(out, idx, &dec, key);
  13197. if (ret > 0) {
  13198. XMEMCPY(plain, dec, ret);
  13199. }
  13200. #endif
  13201. }
  13202. } while (ret == WC_PENDING_E);
  13203. if (ret < 0) {
  13204. ERROR_OUT(-7916, exit_rsa);
  13205. }
  13206. if (XMEMCMP(plain, in, (size_t)ret)) {
  13207. ERROR_OUT(-7917, exit_rsa);
  13208. }
  13209. TEST_SLEEP();
  13210. #endif
  13211. #ifndef WOLFSSL_RSA_VERIFY_ONLY
  13212. #if !defined(WC_NO_RSA_OAEP) && !defined(WC_NO_RNG)
  13213. /* OAEP padding testing */
  13214. #if !defined(HAVE_FAST_RSA) && !defined(HAVE_USER_RSA) && \
  13215. (!defined(HAVE_FIPS) || \
  13216. (defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION >= 2)))
  13217. #ifndef NO_SHA
  13218. XMEMSET(plain, 0, plainSz);
  13219. do {
  13220. #if defined(WOLFSSL_ASYNC_CRYPT)
  13221. ret = wc_AsyncWait(ret, &key->asyncDev, WC_ASYNC_FLAG_CALL_AGAIN);
  13222. #endif
  13223. if (ret >= 0) {
  13224. ret = wc_RsaPublicEncrypt_ex(in, inLen, out, outSz, key, &rng,
  13225. WC_RSA_OAEP_PAD, WC_HASH_TYPE_SHA, WC_MGF1SHA1, NULL, 0);
  13226. }
  13227. } while (ret == WC_PENDING_E);
  13228. if (ret < 0) {
  13229. ERROR_OUT(-7918, exit_rsa);
  13230. }
  13231. TEST_SLEEP();
  13232. #ifndef WOLFSSL_RSA_PUBLIC_ONLY
  13233. idx = (word32)ret;
  13234. do {
  13235. #if defined(WOLFSSL_ASYNC_CRYPT)
  13236. ret = wc_AsyncWait(ret, &key->asyncDev, WC_ASYNC_FLAG_CALL_AGAIN);
  13237. #endif
  13238. if (ret >= 0) {
  13239. ret = wc_RsaPrivateDecrypt_ex(out, idx, plain, plainSz, key,
  13240. WC_RSA_OAEP_PAD, WC_HASH_TYPE_SHA, WC_MGF1SHA1, NULL, 0);
  13241. }
  13242. } while (ret == WC_PENDING_E);
  13243. if (ret < 0) {
  13244. ERROR_OUT(-7919, exit_rsa);
  13245. }
  13246. if (XMEMCMP(plain, in, inLen)) {
  13247. ERROR_OUT(-7920, exit_rsa);
  13248. }
  13249. TEST_SLEEP();
  13250. #endif /* NO_SHA */
  13251. #endif
  13252. #ifndef NO_SHA256
  13253. XMEMSET(plain, 0, plainSz);
  13254. #ifndef WOLFSSL_RSA_VERIFY_ONLY
  13255. do {
  13256. #if defined(WOLFSSL_ASYNC_CRYPT)
  13257. ret = wc_AsyncWait(ret, &key->asyncDev, WC_ASYNC_FLAG_CALL_AGAIN);
  13258. #endif
  13259. if (ret >= 0) {
  13260. ret = wc_RsaPublicEncrypt_ex(in, inLen, out, outSz, key, &rng,
  13261. WC_RSA_OAEP_PAD, WC_HASH_TYPE_SHA256, WC_MGF1SHA256, NULL, 0);
  13262. }
  13263. } while (ret == WC_PENDING_E);
  13264. if (ret < 0) {
  13265. ERROR_OUT(-7921, exit_rsa);
  13266. }
  13267. TEST_SLEEP();
  13268. #endif /* WOLFSSL_RSA_VERIFY_ONLY */
  13269. idx = (word32)ret;
  13270. #ifndef WOLFSSL_RSA_PUBLIC_ONLY
  13271. do {
  13272. #if defined(WOLFSSL_ASYNC_CRYPT)
  13273. ret = wc_AsyncWait(ret, &key->asyncDev, WC_ASYNC_FLAG_CALL_AGAIN);
  13274. #endif
  13275. if (ret >= 0) {
  13276. ret = wc_RsaPrivateDecrypt_ex(out, idx, plain, plainSz, key,
  13277. WC_RSA_OAEP_PAD, WC_HASH_TYPE_SHA256, WC_MGF1SHA256, NULL, 0);
  13278. }
  13279. } while (ret == WC_PENDING_E);
  13280. if (ret < 0) {
  13281. ERROR_OUT(-7922, exit_rsa);
  13282. }
  13283. if (XMEMCMP(plain, in, inLen)) {
  13284. ERROR_OUT(-7923, exit_rsa);
  13285. }
  13286. TEST_SLEEP();
  13287. #endif /* WOLFSSL_RSA_PUBLIC_ONLY */
  13288. #ifndef WOLFSSL_RSA_PUBLIC_ONLY
  13289. do {
  13290. #if defined(WOLFSSL_ASYNC_CRYPT)
  13291. ret = wc_AsyncWait(ret, &key->asyncDev, WC_ASYNC_FLAG_CALL_AGAIN);
  13292. #endif
  13293. if (ret >= 0) {
  13294. ret = wc_RsaPrivateDecryptInline_ex(out, idx, &res, key,
  13295. WC_RSA_OAEP_PAD, WC_HASH_TYPE_SHA256, WC_MGF1SHA256, NULL, 0);
  13296. }
  13297. } while (ret == WC_PENDING_E);
  13298. if (ret < 0) {
  13299. ERROR_OUT(-7924, exit_rsa);
  13300. }
  13301. if (ret != (int)inLen) {
  13302. ERROR_OUT(-7925, exit_rsa);
  13303. }
  13304. if (XMEMCMP(res, in, inLen)) {
  13305. ERROR_OUT(-7926, exit_rsa);
  13306. }
  13307. TEST_SLEEP();
  13308. #endif /* WOLFSSL_RSA_PUBLIC_ONLY */
  13309. /* check fails if not using the same optional label */
  13310. XMEMSET(plain, 0, plainSz);
  13311. #ifndef WOLFSSL_RSA_VERIFY_ONLY
  13312. do {
  13313. #if defined(WOLFSSL_ASYNC_CRYPT)
  13314. ret = wc_AsyncWait(ret, &key->asyncDev, WC_ASYNC_FLAG_CALL_AGAIN);
  13315. #endif
  13316. if (ret >= 0) {
  13317. ret = wc_RsaPublicEncrypt_ex(in, inLen, out, outSz, key, &rng,
  13318. WC_RSA_OAEP_PAD, WC_HASH_TYPE_SHA256, WC_MGF1SHA256, NULL, 0);
  13319. }
  13320. } while (ret == WC_PENDING_E);
  13321. if (ret < 0) {
  13322. ERROR_OUT(-7927, exit_rsa);
  13323. }
  13324. TEST_SLEEP();
  13325. #endif /* WOLFSSL_RSA_VERIFY_ONLY */
  13326. /* TODO: investigate why Cavium Nitrox doesn't detect decrypt error here */
  13327. #if !defined(HAVE_CAVIUM) && !defined(WOLFSSL_RSA_PUBLIC_ONLY) && \
  13328. !defined(WOLFSSL_CRYPTOCELL)
  13329. /* label is unused in cryptocell so it won't detect decrypt error due to label */
  13330. idx = (word32)ret;
  13331. do {
  13332. #if defined(WOLFSSL_ASYNC_CRYPT)
  13333. ret = wc_AsyncWait(ret, &key->asyncDev, WC_ASYNC_FLAG_CALL_AGAIN);
  13334. #endif
  13335. if (ret >= 0) {
  13336. ret = wc_RsaPrivateDecrypt_ex(out, idx, plain, plainSz, key,
  13337. WC_RSA_OAEP_PAD, WC_HASH_TYPE_SHA256, WC_MGF1SHA256, in, inLen);
  13338. }
  13339. } while (ret == WC_PENDING_E);
  13340. if (ret > 0) { /* in this case decrypt should fail */
  13341. ERROR_OUT(-7928, exit_rsa);
  13342. }
  13343. ret = 0;
  13344. TEST_SLEEP();
  13345. #endif /* !HAVE_CAVIUM */
  13346. /* check using optional label with encrypt/decrypt */
  13347. XMEMSET(plain, 0, plainSz);
  13348. #ifndef WOLFSSL_RSA_VERIFY_ONLY
  13349. do {
  13350. #if defined(WOLFSSL_ASYNC_CRYPT)
  13351. ret = wc_AsyncWait(ret, &key->asyncDev, WC_ASYNC_FLAG_CALL_AGAIN);
  13352. #endif
  13353. if (ret >= 0) {
  13354. ret = wc_RsaPublicEncrypt_ex(in, inLen, out, outSz, key, &rng,
  13355. WC_RSA_OAEP_PAD, WC_HASH_TYPE_SHA256, WC_MGF1SHA256, in, inLen);
  13356. }
  13357. } while (ret == WC_PENDING_E);
  13358. if (ret < 0) {
  13359. ERROR_OUT(-7929, exit_rsa);
  13360. }
  13361. TEST_SLEEP();
  13362. #endif /* WOLFSSL_RSA_VERIFY_ONLY */
  13363. idx = (word32)ret;
  13364. #ifndef WOLFSSL_RSA_PUBLIC_ONLY
  13365. do {
  13366. #if defined(WOLFSSL_ASYNC_CRYPT)
  13367. ret = wc_AsyncWait(ret, &key->asyncDev, WC_ASYNC_FLAG_CALL_AGAIN);
  13368. #endif
  13369. if (ret >= 0) {
  13370. ret = wc_RsaPrivateDecrypt_ex(out, idx, plain, plainSz, key,
  13371. WC_RSA_OAEP_PAD, WC_HASH_TYPE_SHA256, WC_MGF1SHA256, in, inLen);
  13372. }
  13373. } while (ret == WC_PENDING_E);
  13374. if (ret < 0) {
  13375. ERROR_OUT(-7930, exit_rsa);
  13376. }
  13377. if (XMEMCMP(plain, in, inLen)) {
  13378. ERROR_OUT(-7931, exit_rsa);
  13379. }
  13380. TEST_SLEEP();
  13381. #endif /* WOLFSSL_RSA_PUBLIC_ONLY */
  13382. #ifndef WOLFSSL_RSA_VERIFY_ONLY
  13383. #ifndef NO_SHA
  13384. /* check fail using mismatch hash algorithms */
  13385. XMEMSET(plain, 0, plainSz);
  13386. do {
  13387. #if defined(WOLFSSL_ASYNC_CRYPT)
  13388. ret = wc_AsyncWait(ret, &key->asyncDev, WC_ASYNC_FLAG_CALL_AGAIN);
  13389. #endif
  13390. if (ret >= 0) {
  13391. ret = wc_RsaPublicEncrypt_ex(in, inLen, out, outSz, key, &rng,
  13392. WC_RSA_OAEP_PAD, WC_HASH_TYPE_SHA, WC_MGF1SHA1, in, inLen);
  13393. }
  13394. } while (ret == WC_PENDING_E);
  13395. if (ret < 0) {
  13396. ERROR_OUT(-7932, exit_rsa);
  13397. }
  13398. TEST_SLEEP();
  13399. /* TODO: investigate why Cavium Nitrox doesn't detect decrypt error here */
  13400. #if !defined(HAVE_CAVIUM) && !defined(WOLFSSL_RSA_PUBLIC_ONLY) && \
  13401. !defined(WOLFSSL_CRYPTOCELL)
  13402. idx = (word32)ret;
  13403. do {
  13404. #if defined(WOLFSSL_ASYNC_CRYPT)
  13405. ret = wc_AsyncWait(ret, &key->asyncDev, WC_ASYNC_FLAG_CALL_AGAIN);
  13406. #endif
  13407. if (ret >= 0) {
  13408. ret = wc_RsaPrivateDecrypt_ex(out, idx, plain, plainSz, key,
  13409. WC_RSA_OAEP_PAD, WC_HASH_TYPE_SHA256, WC_MGF1SHA256,
  13410. in, inLen);
  13411. }
  13412. } while (ret == WC_PENDING_E);
  13413. if (ret > 0) { /* should fail */
  13414. ERROR_OUT(-7933, exit_rsa);
  13415. }
  13416. ret = 0;
  13417. TEST_SLEEP();
  13418. #endif /* !HAVE_CAVIUM */
  13419. #endif /* NO_SHA */
  13420. #endif /* WOLFSSL_RSA_VERIFY_ONLY */
  13421. #endif /* NO_SHA256 */
  13422. #ifdef WOLFSSL_SHA512
  13423. /* Check valid RSA key size is used while using hash length of SHA512
  13424. If key size is less than (hash length * 2) + 2 then is invalid use
  13425. and test, since OAEP padding requires this.
  13426. BAD_FUNC_ARG is returned when this case is not met */
  13427. if (wc_RsaEncryptSize(key) > ((int)WC_SHA512_DIGEST_SIZE * 2) + 2) {
  13428. XMEMSET(plain, 0, plainSz);
  13429. do {
  13430. #if defined(WOLFSSL_ASYNC_CRYPT)
  13431. ret = wc_AsyncWait(ret, &key->asyncDev, WC_ASYNC_FLAG_CALL_AGAIN);
  13432. #endif
  13433. if (ret >= 0) {
  13434. ret = wc_RsaPublicEncrypt_ex(in, inLen, out, outSz, key, &rng,
  13435. WC_RSA_OAEP_PAD, WC_HASH_TYPE_SHA512, WC_MGF1SHA512, NULL, 0);
  13436. }
  13437. } while (ret == WC_PENDING_E);
  13438. if (ret < 0) {
  13439. ERROR_OUT(-7934, exit_rsa);
  13440. }
  13441. TEST_SLEEP();
  13442. idx = ret;
  13443. #ifndef WOLFSSL_RSA_PUBLIC_ONLY
  13444. do {
  13445. #if defined(WOLFSSL_ASYNC_CRYPT)
  13446. ret = wc_AsyncWait(ret, &key->asyncDev, WC_ASYNC_FLAG_CALL_AGAIN);
  13447. #endif
  13448. if (ret >= 0) {
  13449. ret = wc_RsaPrivateDecrypt_ex(out, idx, plain, plainSz, key,
  13450. WC_RSA_OAEP_PAD, WC_HASH_TYPE_SHA512, WC_MGF1SHA512, NULL, 0);
  13451. }
  13452. } while (ret == WC_PENDING_E);
  13453. if (ret < 0) {
  13454. ERROR_OUT(-7935, exit_rsa);
  13455. }
  13456. if (XMEMCMP(plain, in, inLen)) {
  13457. ERROR_OUT(-7936, exit_rsa);
  13458. }
  13459. TEST_SLEEP();
  13460. #endif /* WOLFSSL_RSA_PUBLIC_ONLY */
  13461. }
  13462. #endif /* WOLFSSL_SHA512 */
  13463. /* check using pkcsv15 padding with _ex API */
  13464. XMEMSET(plain, 0, plainSz);
  13465. do {
  13466. #if defined(WOLFSSL_ASYNC_CRYPT)
  13467. ret = wc_AsyncWait(ret, &key->asyncDev, WC_ASYNC_FLAG_CALL_AGAIN);
  13468. #endif
  13469. if (ret >= 0) {
  13470. ret = wc_RsaPublicEncrypt_ex(in, inLen, out, outSz, key, &rng,
  13471. WC_RSA_PKCSV15_PAD, WC_HASH_TYPE_NONE, 0, NULL, 0);
  13472. }
  13473. } while (ret == WC_PENDING_E);
  13474. if (ret < 0) {
  13475. ERROR_OUT(-7937, exit_rsa);
  13476. }
  13477. TEST_SLEEP();
  13478. idx = (word32)ret;
  13479. #ifndef WOLFSSL_RSA_PUBLIC_ONLY
  13480. do {
  13481. #if defined(WOLFSSL_ASYNC_CRYPT)
  13482. ret = wc_AsyncWait(ret, &key->asyncDev, WC_ASYNC_FLAG_CALL_AGAIN);
  13483. #endif
  13484. if (ret >= 0) {
  13485. ret = wc_RsaPrivateDecrypt_ex(out, idx, plain, plainSz, key,
  13486. WC_RSA_PKCSV15_PAD, WC_HASH_TYPE_NONE, 0, NULL, 0);
  13487. }
  13488. } while (ret == WC_PENDING_E);
  13489. if (ret < 0) {
  13490. ERROR_OUT(-7938, exit_rsa);
  13491. }
  13492. if (XMEMCMP(plain, in, inLen)) {
  13493. ERROR_OUT(-7939, exit_rsa);
  13494. }
  13495. TEST_SLEEP();
  13496. #endif /* WOLFSSL_RSA_PUBLIC_ONLY */
  13497. #endif /* !HAVE_FAST_RSA && !HAVE_FIPS */
  13498. #endif /* WC_NO_RSA_OAEP && !WC_NO_RNG */
  13499. #endif /* WOLFSSL_RSA_VERIFY_ONLY */
  13500. #if !defined(HAVE_FIPS) && !defined(HAVE_USER_RSA) && !defined(NO_ASN) \
  13501. && !defined(WOLFSSL_RSA_VERIFY_ONLY)
  13502. ret = rsa_export_key_test(key);
  13503. if (ret != 0)
  13504. return ret;
  13505. #endif
  13506. #if !defined(NO_ASN) && !defined(WOLFSSL_RSA_PUBLIC_ONLY) && \
  13507. !defined(WOLFSSL_RSA_VERIFY_ONLY)
  13508. ret = rsa_flatten_test(key);
  13509. if (ret != 0)
  13510. return ret;
  13511. #endif
  13512. #if defined(WOLFSSL_MDK_ARM)
  13513. #define sizeof(s) XSTRLEN((char *)(s))
  13514. #endif
  13515. #ifdef USE_CERT_BUFFERS_1024
  13516. XMEMCPY(tmp, client_cert_der_1024, (size_t)sizeof_client_cert_der_1024);
  13517. bytes = (size_t)sizeof_client_cert_der_1024;
  13518. #elif defined(USE_CERT_BUFFERS_2048)
  13519. XMEMCPY(tmp, client_cert_der_2048, (size_t)sizeof_client_cert_der_2048);
  13520. bytes = (size_t)sizeof_client_cert_der_2048;
  13521. #elif defined(USE_CERT_BUFFERS_3072)
  13522. XMEMCPY(tmp, client_cert_der_3072, (size_t)sizeof_client_cert_der_3072);
  13523. bytes = (size_t)sizeof_client_cert_der_3072;
  13524. #elif defined(USE_CERT_BUFFERS_4096)
  13525. XMEMCPY(tmp, client_cert_der_4096, (size_t)sizeof_client_cert_der_4096);
  13526. bytes = (size_t)sizeof_client_cert_der_4096;
  13527. #elif !defined(NO_FILESYSTEM)
  13528. file2 = XFOPEN(clientCert, "rb");
  13529. if (!file2) {
  13530. ERROR_OUT(-7940, exit_rsa);
  13531. }
  13532. bytes = XFREAD(tmp, 1, FOURK_BUF, file2);
  13533. XFCLOSE(file2);
  13534. #else
  13535. /* No certificate to use. */
  13536. ERROR_OUT(-7941, exit_rsa);
  13537. #endif
  13538. #ifdef sizeof
  13539. #undef sizeof
  13540. #endif
  13541. #ifdef WOLFSSL_TEST_CERT
  13542. InitDecodedCert(cert, tmp, (word32)bytes, 0);
  13543. ret = ParseCert(cert, CERT_TYPE, NO_VERIFY, 0);
  13544. if (ret != 0) {
  13545. FreeDecodedCert(cert);
  13546. ERROR_OUT(-7942, exit_rsa);
  13547. }
  13548. FreeDecodedCert(cert);
  13549. #endif
  13550. #ifdef WOLFSSL_CERT_EXT
  13551. #ifdef USE_CERT_BUFFERS_1024
  13552. XMEMCPY(tmp, client_keypub_der_1024, sizeof_client_keypub_der_1024);
  13553. bytes = sizeof_client_keypub_der_1024;
  13554. #elif defined(USE_CERT_BUFFERS_2048)
  13555. XMEMCPY(tmp, client_keypub_der_2048, sizeof_client_keypub_der_2048);
  13556. bytes = sizeof_client_keypub_der_2048;
  13557. #elif defined(USE_CERT_BUFFERS_3072)
  13558. XMEMCPY(tmp, client_keypub_der_3072, sizeof_client_keypub_der_3072);
  13559. bytes = sizeof_client_keypub_der_3072;
  13560. #elif defined(USE_CERT_BUFFERS_4096)
  13561. XMEMCPY(tmp, client_keypub_der_4096, sizeof_client_keypub_der_4096);
  13562. bytes = sizeof_client_keypub_der_4096;
  13563. #else
  13564. file = XFOPEN(clientKeyPub, "rb");
  13565. if (!file) {
  13566. err_sys("can't open ./certs/client-keyPub.der, "
  13567. "Please run from wolfSSL home dir", -40);
  13568. ERROR_OUT(-7943, exit_rsa);
  13569. }
  13570. bytes = XFREAD(tmp, 1, FOURK_BUF, file);
  13571. XFCLOSE(file);
  13572. #endif /* USE_CERT_BUFFERS */
  13573. ret = wc_InitRsaKey(keypub, HEAP_HINT);
  13574. if (ret != 0) {
  13575. ERROR_OUT(-7944, exit_rsa);
  13576. }
  13577. idx = 0;
  13578. ret = wc_RsaPublicKeyDecode(tmp, &idx, keypub, (word32)bytes);
  13579. if (ret != 0) {
  13580. ERROR_OUT(-7945, exit_rsa);
  13581. }
  13582. #endif /* WOLFSSL_CERT_EXT */
  13583. #ifdef WOLFSSL_KEY_GEN
  13584. ret = rsa_keygen_test(&rng);
  13585. if (ret != 0)
  13586. goto exit_rsa;
  13587. #endif
  13588. #ifdef WOLFSSL_CERT_GEN
  13589. /* Make Cert / Sign example for RSA cert and RSA CA */
  13590. ret = rsa_certgen_test(key, keypub, &rng, tmp);
  13591. if (ret != 0)
  13592. goto exit_rsa;
  13593. #if !defined(NO_RSA) && defined(HAVE_ECC)
  13594. ret = rsa_ecc_certgen_test(&rng, tmp);
  13595. if (ret != 0)
  13596. goto exit_rsa;
  13597. #endif
  13598. #ifdef HAVE_NTRU
  13599. {
  13600. Cert myCert;
  13601. #if !defined(USE_CERT_BUFFERS_1024) && !defined(USE_CERT_BUFFERS_2048)
  13602. XFILE caFile;
  13603. #endif
  13604. #if !defined(NO_FILESYSTEM) && !defined(NO_WRITE_TEMP_FILES)
  13605. XFILE ntruPrivFile;
  13606. #endif
  13607. int certSz;
  13608. word32 idx3 = 0;
  13609. #ifdef WOLFSSL_TEST_CERT
  13610. DecodedCert decode;
  13611. #endif
  13612. byte public_key[557]; /* sized for EES401EP2 */
  13613. word16 public_key_len; /* no. of octets in public key */
  13614. byte private_key[607]; /* sized for EES401EP2 */
  13615. word16 private_key_len; /* no. of octets in private key */
  13616. DRBG_HANDLE drbg;
  13617. static uint8_t const pers_str[] = {
  13618. 'C', 'y', 'a', 'S', 'S', 'L', ' ', 't', 'e', 's', 't'
  13619. };
  13620. word32 rc = ntru_crypto_drbg_instantiate(112, pers_str,
  13621. sizeof(pers_str), GetEntropy, &drbg);
  13622. if (rc != DRBG_OK) {
  13623. ERROR_OUT(-7946, exit_rsa);
  13624. }
  13625. rc = ntru_crypto_ntru_encrypt_keygen(drbg, NTRU_EES401EP2,
  13626. &public_key_len, NULL,
  13627. &private_key_len, NULL);
  13628. if (rc != NTRU_OK) {
  13629. ERROR_OUT(-7947, exit_rsa);
  13630. }
  13631. rc = ntru_crypto_ntru_encrypt_keygen(drbg, NTRU_EES401EP2,
  13632. &public_key_len, public_key,
  13633. &private_key_len, private_key);
  13634. if (rc != NTRU_OK) {
  13635. ERROR_OUT(-7948, exit_rsa);
  13636. }
  13637. rc = ntru_crypto_drbg_uninstantiate(drbg);
  13638. if (rc != NTRU_OK) {
  13639. ERROR_OUT(-7949, exit_rsa);
  13640. }
  13641. #ifdef USE_CERT_BUFFERS_1024
  13642. XMEMCPY(tmp, ca_key_der_1024, sizeof_ca_key_der_1024);
  13643. bytes = sizeof_ca_key_der_1024;
  13644. #elif defined(USE_CERT_BUFFERS_2048)
  13645. XMEMCPY(tmp, ca_key_der_2048, sizeof_ca_key_der_2048);
  13646. bytes = sizeof_ca_key_der_2048;
  13647. #else
  13648. caFile = XFOPEN(rsaCaKeyFile, "rb");
  13649. if (!caFile) {
  13650. ERROR_OUT(-7950, exit_rsa);
  13651. }
  13652. bytes = XFREAD(tmp, 1, FOURK_BUF, caFile);
  13653. XFCLOSE(caFile);
  13654. #endif /* USE_CERT_BUFFERS */
  13655. ret = wc_InitRsaKey(caKey, HEAP_HINT);
  13656. if (ret != 0) {
  13657. ERROR_OUT(-7951, exit_rsa);
  13658. }
  13659. ret = wc_RsaPrivateKeyDecode(tmp, &idx3, caKey, (word32)bytes);
  13660. if (ret != 0) {
  13661. ERROR_OUT(-7952, exit_rsa);
  13662. }
  13663. if (wc_InitCert(&myCert)) {
  13664. ERROR_OUT(-7953, exit_rsa);
  13665. }
  13666. XMEMCPY(&myCert.subject, &certDefaultName, sizeof(CertName));
  13667. myCert.daysValid = 1000;
  13668. #ifdef WOLFSSL_CERT_EXT
  13669. /* add SKID from the Public Key */
  13670. if (wc_SetSubjectKeyIdFromNtruPublicKey(&myCert, public_key,
  13671. public_key_len) != 0) {
  13672. ERROR_OUT(-7954, exit_rsa);
  13673. }
  13674. /* add AKID from the CA certificate */
  13675. #if defined(USE_CERT_BUFFERS_2048)
  13676. ret = wc_SetAuthKeyIdFromCert(&myCert, ca_cert_der_2048,
  13677. sizeof_ca_cert_der_2048);
  13678. #elif defined(USE_CERT_BUFFERS_1024)
  13679. ret = wc_SetAuthKeyIdFromCert(&myCert, ca_cert_der_1024,
  13680. sizeof_ca_cert_der_1024);
  13681. #else
  13682. ret = wc_SetAuthKeyId(&myCert, rsaCaCertFile);
  13683. #endif
  13684. if (ret != 0) {
  13685. ERROR_OUT(-7955, exit_rsa);
  13686. }
  13687. /* add Key Usage */
  13688. if (wc_SetKeyUsage(&myCert, certKeyUsage2) != 0) {
  13689. ERROR_OUT(-7956, exit_rsa);
  13690. }
  13691. #endif /* WOLFSSL_CERT_EXT */
  13692. #if defined(USE_CERT_BUFFERS_2048)
  13693. ret = wc_SetIssuerBuffer(&myCert, ca_cert_der_2048,
  13694. sizeof_ca_cert_der_2048);
  13695. #elif defined(USE_CERT_BUFFERS_1024)
  13696. ret = wc_SetIssuerBuffer(&myCert, ca_cert_der_1024,
  13697. sizeof_ca_cert_der_1024);
  13698. #else
  13699. ret = wc_SetIssuer(&myCert, rsaCaCertFile);
  13700. #endif
  13701. if (ret < 0) {
  13702. ERROR_OUT(-7957, exit_rsa);
  13703. }
  13704. der = (byte*)XMALLOC(FOURK_BUF, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  13705. if (der == NULL) {
  13706. ERROR_OUT(-7958, exit_rsa);
  13707. }
  13708. certSz = wc_MakeNtruCert(&myCert, der, FOURK_BUF, public_key,
  13709. public_key_len, &rng);
  13710. if (certSz < 0) {
  13711. ERROR_OUT(-7959, exit_rsa);
  13712. }
  13713. ret = 0;
  13714. do {
  13715. #if defined(WOLFSSL_ASYNC_CRYPT)
  13716. ret = wc_AsyncWait(ret, &caKey->asyncDev, WC_ASYNC_FLAG_CALL_AGAIN);
  13717. #endif
  13718. if (ret >= 0) {
  13719. ret = wc_SignCert(myCert.bodySz, myCert.sigType, der, FOURK_BUF,
  13720. caKey, NULL, &rng);
  13721. }
  13722. } while (ret == WC_PENDING_E);
  13723. wc_FreeRsaKey(caKey);
  13724. if (ret < 0) {
  13725. ERROR_OUT(-7960, exit_rsa);
  13726. }
  13727. certSz = ret;
  13728. #ifdef WOLFSSL_TEST_CERT
  13729. InitDecodedCert(&decode, der, certSz, HEAP_HINT);
  13730. ret = ParseCert(&decode, CERT_TYPE, NO_VERIFY, 0);
  13731. if (ret != 0) {
  13732. FreeDecodedCert(&decode);
  13733. ERROR_OUT(-7961, exit_rsa);
  13734. }
  13735. FreeDecodedCert(&decode);
  13736. #endif
  13737. ret = SaveDerAndPem(der, certSz, "./ntru-cert.der", "./ntru-cert.pem",
  13738. CERT_TYPE, -5637);
  13739. if (ret != 0) {
  13740. goto exit_rsa;
  13741. }
  13742. #if !defined(NO_FILESYSTEM) && !defined(NO_WRITE_TEMP_FILES)
  13743. ntruPrivFile = XFOPEN("./ntru-key.raw", "wb");
  13744. if (!ntruPrivFile) {
  13745. ERROR_OUT(-7962, exit_rsa);
  13746. }
  13747. ret = (int)XFWRITE(private_key, 1, private_key_len, ntruPrivFile);
  13748. XFCLOSE(ntruPrivFile);
  13749. if (ret != private_key_len) {
  13750. ERROR_OUT(-7963, exit_rsa);
  13751. }
  13752. #endif
  13753. XFREE(der, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  13754. der = NULL;
  13755. }
  13756. #endif /* HAVE_NTRU */
  13757. #ifdef WOLFSSL_CERT_REQ
  13758. {
  13759. Cert *req;
  13760. int derSz;
  13761. req = (Cert *)XMALLOC(sizeof *req, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  13762. if (! req)
  13763. ERROR_OUT(MEMORY_E, exit_rsa);
  13764. der = (byte*)XMALLOC(FOURK_BUF, HEAP_HINT,DYNAMIC_TYPE_TMP_BUFFER);
  13765. if (der == NULL) {
  13766. ERROR_OUT(-7964, exit_rsa);
  13767. }
  13768. if (wc_InitCert(req)) {
  13769. ERROR_OUT(-7965, exit_rsa);
  13770. }
  13771. req->version = 0;
  13772. req->isCA = 1;
  13773. XSTRNCPY(req->challengePw, "wolf123", CTC_NAME_SIZE);
  13774. XMEMCPY(&req->subject, &certDefaultName, sizeof(CertName));
  13775. #ifndef NO_SHA256
  13776. req->sigType = CTC_SHA256wRSA;
  13777. #else
  13778. req->sigType = CTC_SHAwRSA;
  13779. #endif
  13780. #ifdef WOLFSSL_CERT_EXT
  13781. /* add SKID from the Public Key */
  13782. if (wc_SetSubjectKeyIdFromPublicKey(req, keypub, NULL) != 0) {
  13783. ERROR_OUT(-7966, exit_rsa);
  13784. }
  13785. /* add Key Usage */
  13786. if (wc_SetKeyUsage(req, certKeyUsage2) != 0) {
  13787. ERROR_OUT(-7967, exit_rsa);
  13788. }
  13789. /* add Extended Key Usage */
  13790. if (wc_SetExtKeyUsage(req, "serverAuth,clientAuth,codeSigning,"
  13791. "emailProtection,timeStamping,OCSPSigning") != 0) {
  13792. ERROR_OUT(-7968, exit_rsa);
  13793. }
  13794. #ifdef WOLFSSL_EKU_OID
  13795. {
  13796. WOLFSSL_SMALL_STACK_STATIC const char unique[] = "2.16.840.1.111111.100.1.10.1";
  13797. if (wc_SetExtKeyUsageOID(req, unique, sizeof(unique), 0,
  13798. HEAP_HINT) != 0) {
  13799. ERROR_OUT(-7969, exit_rsa);
  13800. }
  13801. }
  13802. #endif /* WOLFSSL_EKU_OID */
  13803. #endif /* WOLFSSL_CERT_EXT */
  13804. derSz = wc_MakeCertReq(req, der, FOURK_BUF, key, NULL);
  13805. if (derSz < 0) {
  13806. ERROR_OUT(-7970, exit_rsa);
  13807. }
  13808. #ifdef WOLFSSL_CERT_EXT
  13809. /* Try again with "any" flag set, will override all others */
  13810. if (wc_SetExtKeyUsage(req, "any") != 0) {
  13811. ERROR_OUT(-7971, exit_rsa);
  13812. }
  13813. derSz = wc_MakeCertReq(req, der, FOURK_BUF, key, NULL);
  13814. if (derSz < 0) {
  13815. ERROR_OUT(-7972, exit_rsa);
  13816. }
  13817. #endif /* WOLFSSL_CERT_EXT */
  13818. ret = 0;
  13819. do {
  13820. #if defined(WOLFSSL_ASYNC_CRYPT)
  13821. ret = wc_AsyncWait(ret, &key->asyncDev, WC_ASYNC_FLAG_CALL_AGAIN);
  13822. #endif
  13823. if (ret >= 0) {
  13824. ret = wc_SignCert(req->bodySz, req->sigType, der, FOURK_BUF,
  13825. key, NULL, &rng);
  13826. }
  13827. } while (ret == WC_PENDING_E);
  13828. if (ret < 0) {
  13829. ERROR_OUT(-7973, exit_rsa);
  13830. }
  13831. derSz = ret;
  13832. ret = SaveDerAndPem(der, derSz, certReqDerFile, certReqPemFile,
  13833. CERTREQ_TYPE, -5650);
  13834. if (ret != 0) {
  13835. goto exit_rsa;
  13836. }
  13837. derSz = wc_MakeCertReq_ex(req, der, FOURK_BUF, RSA_TYPE, key);
  13838. if (derSz < 0) {
  13839. ERROR_OUT(-7974, exit_rsa);
  13840. }
  13841. XFREE(der, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  13842. XFREE(req, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  13843. der = NULL;
  13844. }
  13845. #endif /* WOLFSSL_CERT_REQ */
  13846. #endif /* WOLFSSL_CERT_GEN */
  13847. #if defined(WC_RSA_PSS) && !defined(HAVE_FIPS_VERSION) /* not supported with FIPSv1 */
  13848. /* Need to create known good signatures to test with this. */
  13849. #if !defined(WOLFSSL_RSA_VERIFY_ONLY) && !defined(WOLFSSL_RSA_PUBLIC_ONLY)
  13850. ret = rsa_pss_test(&rng, key);
  13851. if (ret != 0)
  13852. goto exit_rsa;
  13853. #endif
  13854. #endif
  13855. #if defined(WOLFSSL_HAVE_SP_RSA) && defined(USE_FAST_MATH)
  13856. #ifdef WOLFSSL_SMALL_STACK
  13857. /* New key to be loaded in rsa_even_mod_test(). */
  13858. if (key != NULL)
  13859. #endif
  13860. wc_FreeRsaKey(key);
  13861. /* New key to be loaded in rsa_even_mod_test(). */
  13862. ret = rsa_even_mod_test(&rng, key);
  13863. #endif
  13864. exit_rsa:
  13865. #ifdef WOLFSSL_SMALL_STACK
  13866. if (key != NULL) {
  13867. wc_FreeRsaKey(key);
  13868. XFREE(key, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  13869. }
  13870. #if defined(WOLFSSL_CERT_EXT) || defined(WOLFSSL_CERT_GEN)
  13871. if (keypub != NULL) {
  13872. wc_FreeRsaKey(keypub);
  13873. XFREE(keypub, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  13874. }
  13875. #endif
  13876. #if defined(HAVE_NTRU)
  13877. if (caKey != NULL) {
  13878. wc_FreeRsaKey(caKey);
  13879. XFREE(caKey, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  13880. }
  13881. #endif
  13882. #ifdef WOLFSSL_TEST_CERT
  13883. if (cert != NULL)
  13884. XFREE(cert, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  13885. #endif
  13886. #else
  13887. wc_FreeRsaKey(key);
  13888. #if defined(WOLFSSL_CERT_EXT) || defined(WOLFSSL_CERT_GEN)
  13889. wc_FreeRsaKey(keypub);
  13890. #endif
  13891. #if defined(HAVE_NTRU)
  13892. wc_FreeRsaKey(caKey);
  13893. #endif
  13894. #endif /* WOLFSSL_SMALL_STACK */
  13895. XFREE(der, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  13896. XFREE(tmp, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  13897. wc_FreeRng(&rng);
  13898. FREE_VAR(in, HEAP_HINT);
  13899. FREE_VAR(out, HEAP_HINT);
  13900. FREE_VAR(plain, HEAP_HINT);
  13901. (void)res;
  13902. (void)bytes;
  13903. (void)in;
  13904. (void)out;
  13905. (void)plain;
  13906. (void)inLen;
  13907. (void)outSz;
  13908. (void)plainSz;
  13909. /* ret can be greater then 0 with certgen but all negative values should
  13910. * be returned and treated as an error */
  13911. if (ret >= 0) {
  13912. return 0;
  13913. }
  13914. else {
  13915. return ret;
  13916. }
  13917. }
  13918. #endif /* !NO_RSA */
  13919. #ifndef NO_DH
  13920. static int dh_fips_generate_test(WC_RNG *rng)
  13921. {
  13922. int ret = 0;
  13923. #ifdef WOLFSSL_SMALL_STACK
  13924. DhKey *key = (DhKey *)XMALLOC(sizeof *key, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);;
  13925. #else
  13926. DhKey key[1];
  13927. #endif
  13928. WOLFSSL_SMALL_STACK_STATIC const byte p[] = {
  13929. 0xc5, 0x7c, 0xa2, 0x4f, 0x4b, 0xd6, 0x8c, 0x3c,
  13930. 0xda, 0xc7, 0xba, 0xaa, 0xea, 0x2e, 0x5c, 0x1e,
  13931. 0x18, 0xb2, 0x7b, 0x8c, 0x55, 0x65, 0x9f, 0xea,
  13932. 0xe0, 0xa1, 0x36, 0x53, 0x2b, 0x36, 0xe0, 0x4e,
  13933. 0x3e, 0x64, 0xa9, 0xe4, 0xfc, 0x8f, 0x32, 0x62,
  13934. 0x97, 0xe4, 0xbe, 0xf7, 0xc1, 0xde, 0x07, 0x5a,
  13935. 0x89, 0x28, 0xf3, 0xfe, 0x4f, 0xfe, 0x68, 0xbc,
  13936. 0xfb, 0x0a, 0x7c, 0xa4, 0xb3, 0x14, 0x48, 0x89,
  13937. 0x9f, 0xaf, 0xb8, 0x43, 0xe2, 0xa0, 0x62, 0x5c,
  13938. 0xb4, 0x88, 0x3f, 0x06, 0x50, 0x11, 0xfe, 0x65,
  13939. 0x8d, 0x49, 0xd2, 0xf5, 0x4b, 0x74, 0x79, 0xdb,
  13940. 0x06, 0x62, 0x92, 0x89, 0xed, 0xda, 0xcb, 0x87,
  13941. 0x37, 0x16, 0xd2, 0xa1, 0x7a, 0xe8, 0xde, 0x92,
  13942. 0xee, 0x3e, 0x41, 0x4a, 0x91, 0x5e, 0xed, 0xf3,
  13943. 0x6c, 0x6b, 0x7e, 0xfd, 0x15, 0x92, 0x18, 0xfc,
  13944. 0xa7, 0xac, 0x42, 0x85, 0x57, 0xe9, 0xdc, 0xda,
  13945. 0x55, 0xc9, 0x8b, 0x28, 0x9e, 0xc1, 0xc4, 0x46,
  13946. 0x4d, 0x88, 0xed, 0x62, 0x8e, 0xdb, 0x3f, 0xb9,
  13947. 0xd7, 0xc8, 0xe3, 0xcf, 0xb8, 0x34, 0x2c, 0xd2,
  13948. 0x6f, 0x28, 0x06, 0x41, 0xe3, 0x66, 0x8c, 0xfc,
  13949. 0x72, 0xff, 0x26, 0x3b, 0x6b, 0x6c, 0x6f, 0x73,
  13950. 0xde, 0xf2, 0x90, 0x29, 0xe0, 0x61, 0x32, 0xc4,
  13951. 0x12, 0x74, 0x09, 0x52, 0xec, 0xf3, 0x1b, 0xa6,
  13952. 0x45, 0x98, 0xac, 0xf9, 0x1c, 0x65, 0x8e, 0x3a,
  13953. 0x91, 0x84, 0x4b, 0x23, 0x8a, 0xb2, 0x3c, 0xc9,
  13954. 0xfa, 0xea, 0xf1, 0x38, 0xce, 0xd8, 0x05, 0xe0,
  13955. 0xfa, 0x44, 0x68, 0x1f, 0xeb, 0xd9, 0x57, 0xb8,
  13956. 0x4a, 0x97, 0x5b, 0x88, 0xc5, 0xf1, 0xbb, 0xb0,
  13957. 0x49, 0xc3, 0x91, 0x7c, 0xd3, 0x13, 0xb9, 0x47,
  13958. 0xbb, 0x91, 0x8f, 0xe5, 0x26, 0x07, 0xab, 0xa9,
  13959. 0xc5, 0xd0, 0x3d, 0x95, 0x41, 0x26, 0x92, 0x9d,
  13960. 0x13, 0x67, 0xf2, 0x7e, 0x11, 0x88, 0xdc, 0x2d
  13961. };
  13962. WOLFSSL_SMALL_STACK_STATIC const byte g[] = {
  13963. 0x4a, 0x1a, 0xf3, 0xa4, 0x92, 0xe9, 0xee, 0x74,
  13964. 0x6e, 0x57, 0xd5, 0x8c, 0x2c, 0x5b, 0x41, 0x41,
  13965. 0x5e, 0xd4, 0x55, 0x19, 0xdc, 0xd9, 0x32, 0x91,
  13966. 0xf7, 0xfd, 0xc2, 0x57, 0xff, 0x03, 0x14, 0xdb,
  13967. 0xf1, 0xb7, 0x60, 0x0c, 0x43, 0x59, 0x3f, 0xff,
  13968. 0xac, 0xf1, 0x80, 0x9a, 0x15, 0x6f, 0xd8, 0x6e,
  13969. 0xb7, 0x85, 0x18, 0xc8, 0xec, 0x4e, 0x59, 0x4a,
  13970. 0xe2, 0x91, 0x43, 0x4c, 0xeb, 0x95, 0xb6, 0x2e,
  13971. 0x9a, 0xea, 0x53, 0x68, 0x80, 0x64, 0x69, 0x40,
  13972. 0xf9, 0xec, 0xbd, 0x85, 0x89, 0x26, 0x97, 0x67,
  13973. 0xaf, 0xb0, 0xad, 0x00, 0x1b, 0xd4, 0xfd, 0x94,
  13974. 0xd3, 0xe9, 0x92, 0xb1, 0xb4, 0xbc, 0x5a, 0xaa,
  13975. 0x92, 0x80, 0x89, 0x3b, 0x39, 0x05, 0x6c, 0x22,
  13976. 0x26, 0xfe, 0x5a, 0x28, 0x6c, 0x37, 0x50, 0x5a,
  13977. 0x38, 0x99, 0xcf, 0xf3, 0xc1, 0x96, 0x45, 0xdc,
  13978. 0x01, 0xcb, 0x20, 0x87, 0xa5, 0x00, 0x8c, 0xf5,
  13979. 0x4d, 0xc2, 0xef, 0xb8, 0x9b, 0xd1, 0x87, 0xbe,
  13980. 0xed, 0xd5, 0x0a, 0x29, 0x15, 0x34, 0x59, 0x4c,
  13981. 0x3a, 0x05, 0x22, 0x05, 0x44, 0x4f, 0x9f, 0xc8,
  13982. 0x47, 0x12, 0x24, 0x8e, 0xa8, 0x79, 0xe4, 0x67,
  13983. 0xba, 0x4d, 0x5b, 0x75, 0x56, 0x95, 0xeb, 0xe8,
  13984. 0x8a, 0xfa, 0x8e, 0x01, 0x8c, 0x1b, 0x74, 0x63,
  13985. 0xd9, 0x2f, 0xf7, 0xd3, 0x44, 0x8f, 0xa8, 0xf5,
  13986. 0xaf, 0x6c, 0x4f, 0xdb, 0xe7, 0xc9, 0x6c, 0x71,
  13987. 0x22, 0xa3, 0x1d, 0xf1, 0x40, 0xb2, 0xe0, 0x9a,
  13988. 0xb6, 0x72, 0xc9, 0xc0, 0x13, 0x16, 0xa2, 0x4a,
  13989. 0xe1, 0x92, 0xc7, 0x54, 0x23, 0xab, 0x9d, 0xa1,
  13990. 0xa1, 0xe5, 0x0b, 0xed, 0xba, 0xe8, 0x84, 0x37,
  13991. 0xb2, 0xe7, 0xfe, 0x32, 0x8d, 0xfa, 0x1c, 0x53,
  13992. 0x77, 0x97, 0xc7, 0xf3, 0x48, 0xc9, 0xdb, 0x2d,
  13993. 0x75, 0x52, 0x9d, 0x42, 0x51, 0x78, 0x62, 0x68,
  13994. 0x05, 0x45, 0x15, 0xf8, 0xa2, 0x4e, 0xf3, 0x0b
  13995. };
  13996. WOLFSSL_SMALL_STACK_STATIC const byte q[] = {
  13997. 0xe0, 0x35, 0x37, 0xaf, 0xb2, 0x50, 0x91, 0x8e,
  13998. 0xf2, 0x62, 0x2b, 0xd9, 0x9f, 0x6c, 0x11, 0x75,
  13999. 0xec, 0x24, 0x5d, 0x78, 0x59, 0xe7, 0x8d, 0xb5,
  14000. 0x40, 0x52, 0xed, 0x41
  14001. };
  14002. WOLFSSL_SMALL_STACK_STATIC const byte q0[] = {
  14003. 0x00,
  14004. 0xe0, 0x35, 0x37, 0xaf, 0xb2, 0x50, 0x91, 0x8e,
  14005. 0xf2, 0x62, 0x2b, 0xd9, 0x9f, 0x6c, 0x11, 0x75,
  14006. 0xec, 0x24, 0x5d, 0x78, 0x59, 0xe7, 0x8d, 0xb5,
  14007. 0x40, 0x52, 0xed, 0x41
  14008. };
  14009. byte priv[256];
  14010. byte pub[256];
  14011. word32 privSz = sizeof(priv);
  14012. word32 pubSz = sizeof(pub);
  14013. #ifdef WOLFSSL_SMALL_STACK
  14014. if (key == NULL)
  14015. ERROR_OUT(MEMORY_E, exit_gen_test);
  14016. #endif
  14017. /* Parameter Validation testing. */
  14018. ret = wc_DhGenerateKeyPair(NULL, rng, priv, &privSz, pub, &pubSz);
  14019. if (ret != BAD_FUNC_ARG)
  14020. ERROR_OUT(-7980, exit_gen_test);
  14021. ret = wc_DhGenerateKeyPair(key, NULL, priv, &privSz, pub, &pubSz);
  14022. if (ret != BAD_FUNC_ARG)
  14023. ERROR_OUT(-7981, exit_gen_test);
  14024. ret = wc_DhGenerateKeyPair(key, rng, NULL, &privSz, pub, &pubSz);
  14025. if (ret != BAD_FUNC_ARG)
  14026. ERROR_OUT(-7982, exit_gen_test);
  14027. ret = wc_DhGenerateKeyPair(key, rng, priv, NULL, pub, &pubSz);
  14028. if (ret != BAD_FUNC_ARG)
  14029. ERROR_OUT(-7983, exit_gen_test);
  14030. ret = wc_DhGenerateKeyPair(key, rng, priv, &privSz, NULL, &pubSz);
  14031. if (ret != BAD_FUNC_ARG)
  14032. ERROR_OUT(-7984, exit_gen_test);
  14033. ret = wc_DhGenerateKeyPair(key, rng, priv, &privSz, pub, NULL);
  14034. if (ret != BAD_FUNC_ARG)
  14035. ERROR_OUT(-7985, exit_gen_test);
  14036. ret = wc_InitDhKey_ex(key, HEAP_HINT, devId);
  14037. if (ret != 0)
  14038. ERROR_OUT(-7986, exit_gen_test);
  14039. ret = wc_DhSetKey_ex(key, p, sizeof(p), g, sizeof(g), q0, sizeof(q0));
  14040. if (ret != 0) {
  14041. ERROR_OUT(-7987, exit_gen_test);
  14042. }
  14043. wc_FreeDhKey(key);
  14044. ret = wc_InitDhKey_ex(key, HEAP_HINT, devId);
  14045. if (ret != 0)
  14046. ERROR_OUT(-7988, exit_gen_test);
  14047. ret = wc_DhSetKey_ex(key, p, sizeof(p), g, sizeof(g), q, sizeof(q));
  14048. if (ret != 0) {
  14049. ERROR_OUT(-7989, exit_gen_test);
  14050. }
  14051. /* Use API. */
  14052. ret = wc_DhGenerateKeyPair(key, rng, priv, &privSz, pub, &pubSz);
  14053. #if defined(WOLFSSL_ASYNC_CRYPT)
  14054. ret = wc_AsyncWait(ret, &key->asyncDev, WC_ASYNC_FLAG_NONE);
  14055. #endif
  14056. if (ret != 0) {
  14057. ERROR_OUT(-7990, exit_gen_test);
  14058. }
  14059. ret = wc_DhCheckPubKey_ex(key, pub, pubSz, q0, sizeof(q0));
  14060. if (ret != 0) {
  14061. ERROR_OUT(-7991, exit_gen_test);
  14062. }
  14063. wc_FreeDhKey(key);
  14064. ret = wc_InitDhKey_ex(key, HEAP_HINT, devId);
  14065. if (ret != 0)
  14066. ERROR_OUT(-7992, exit_gen_test);
  14067. ret = wc_DhSetKey(key, p, sizeof(p), g, sizeof(g));
  14068. if (ret != 0) {
  14069. ERROR_OUT(-7993, exit_gen_test);
  14070. }
  14071. ret = wc_DhCheckPubKey_ex(key, pub, pubSz, q, sizeof(q));
  14072. if (ret != 0) {
  14073. ERROR_OUT(-7994, exit_gen_test);
  14074. }
  14075. #ifndef HAVE_SELFTEST
  14076. ret = wc_DhCheckKeyPair(key, pub, pubSz, priv, privSz);
  14077. if (ret != 0) {
  14078. ERROR_OUT(-7995, exit_gen_test);
  14079. }
  14080. /* Taint the public key so the check fails. */
  14081. pub[0]++;
  14082. ret = wc_DhCheckKeyPair(key, pub, pubSz, priv, privSz);
  14083. if (ret != MP_CMP_E) {
  14084. ERROR_OUT(-7996, exit_gen_test);
  14085. }
  14086. #ifdef WOLFSSL_KEY_GEN
  14087. wc_FreeDhKey(key);
  14088. ret = wc_InitDhKey_ex(key, HEAP_HINT, devId);
  14089. if (ret != 0)
  14090. ERROR_OUT(-7997, exit_gen_test);
  14091. ret = wc_DhGenerateParams(rng, 2048, key);
  14092. if (ret != 0) {
  14093. ERROR_OUT(-7998, exit_gen_test);
  14094. }
  14095. privSz = sizeof(priv);
  14096. pubSz = sizeof(pub);
  14097. ret = wc_DhGenerateKeyPair(key, rng, priv, &privSz, pub, &pubSz);
  14098. #if defined(WOLFSSL_ASYNC_CRYPT)
  14099. ret = wc_AsyncWait(ret, &key->asyncDev, WC_ASYNC_FLAG_NONE);
  14100. #endif
  14101. if (ret != 0) {
  14102. ERROR_OUT(-7999, exit_gen_test);
  14103. }
  14104. #endif /* WOLFSSL_KEY_GEN */
  14105. #endif /* HAVE_SELFTEST */
  14106. ret = 0;
  14107. exit_gen_test:
  14108. #ifdef WOLFSSL_SMALL_STACK
  14109. if (key) {
  14110. wc_FreeDhKey(key);
  14111. XFREE(key, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  14112. }
  14113. #else
  14114. wc_FreeDhKey(key);
  14115. #endif
  14116. return ret;
  14117. }
  14118. static int dh_generate_test(WC_RNG *rng)
  14119. {
  14120. int ret = 0;
  14121. DhKey smallKey;
  14122. byte p[2] = { 0, 5 };
  14123. byte g[2] = { 0, 2 };
  14124. #if !defined(WOLFSSL_SP_MATH)
  14125. #ifdef WOLFSSL_DH_CONST
  14126. /* the table for constant DH lookup will round to the lowest byte size 21 */
  14127. byte priv[21];
  14128. byte pub[21];
  14129. #else
  14130. byte priv[2];
  14131. byte pub[2];
  14132. #endif
  14133. word32 privSz = sizeof(priv);
  14134. word32 pubSz = sizeof(pub);
  14135. #endif
  14136. ret = wc_InitDhKey_ex(&smallKey, HEAP_HINT, devId);
  14137. if (ret != 0)
  14138. return -8010;
  14139. /* Parameter Validation testing. */
  14140. ret = wc_InitDhKey_ex(NULL, HEAP_HINT, devId);
  14141. if (ret != BAD_FUNC_ARG)
  14142. return -8011;
  14143. wc_FreeDhKey(NULL);
  14144. ret = wc_DhSetKey(NULL, p, sizeof(p), g, sizeof(g));
  14145. if (ret != BAD_FUNC_ARG) {
  14146. ERROR_OUT(-8012, exit_gen_test);
  14147. }
  14148. ret = wc_DhSetKey(&smallKey, NULL, sizeof(p), g, sizeof(g));
  14149. if (ret != BAD_FUNC_ARG) {
  14150. ERROR_OUT(-8013, exit_gen_test);
  14151. }
  14152. ret = wc_DhSetKey(&smallKey, p, 0, g, sizeof(g));
  14153. if (ret != BAD_FUNC_ARG) {
  14154. ERROR_OUT(-8014, exit_gen_test);
  14155. }
  14156. ret = wc_DhSetKey(&smallKey, p, sizeof(p), NULL, sizeof(g));
  14157. if (ret != BAD_FUNC_ARG) {
  14158. ERROR_OUT(-8015, exit_gen_test);
  14159. }
  14160. ret = wc_DhSetKey(&smallKey, p, sizeof(p), g, 0);
  14161. if (ret != BAD_FUNC_ARG) {
  14162. ERROR_OUT(-8016, exit_gen_test);
  14163. }
  14164. ret = wc_DhSetKey(&smallKey, p, sizeof(p), g, sizeof(g));
  14165. if (ret != 0) {
  14166. ERROR_OUT(-8017, exit_gen_test);
  14167. }
  14168. #if !defined(WOLFSSL_SP_MATH)
  14169. /* Use API. */
  14170. ret = wc_DhGenerateKeyPair(&smallKey, rng, priv, &privSz, pub, &pubSz);
  14171. #if defined(WOLFSSL_ASYNC_CRYPT)
  14172. ret = wc_AsyncWait(ret, &smallKey.asyncDev, WC_ASYNC_FLAG_NONE);
  14173. #endif
  14174. if (ret != 0) {
  14175. ret = -8018;
  14176. }
  14177. #else
  14178. (void)rng;
  14179. ret = 0;
  14180. #endif
  14181. exit_gen_test:
  14182. wc_FreeDhKey(&smallKey);
  14183. return ret;
  14184. }
  14185. #if !defined(HAVE_FIPS) && !defined(HAVE_SELFTEST)
  14186. typedef struct dh_pubvalue_test {
  14187. const byte* data;
  14188. word32 len;
  14189. } dh_pubvalue_test;
  14190. static int dh_test_check_pubvalue(void)
  14191. {
  14192. int ret;
  14193. word32 i;
  14194. WOLFSSL_SMALL_STACK_STATIC const byte prime[] = {0x01, 0x00, 0x01};
  14195. WOLFSSL_SMALL_STACK_STATIC const byte pubValZero[] = { 0x00 };
  14196. WOLFSSL_SMALL_STACK_STATIC const byte pubValZeroLong[] = { 0x00, 0x00, 0x00 };
  14197. WOLFSSL_SMALL_STACK_STATIC const byte pubValOne[] = { 0x01 };
  14198. WOLFSSL_SMALL_STACK_STATIC const byte pubValOneLong[] = { 0x00, 0x00, 0x01 };
  14199. WOLFSSL_SMALL_STACK_STATIC const byte pubValPrimeMinusOne[] = { 0x01, 0x00, 0x00 };
  14200. WOLFSSL_SMALL_STACK_STATIC const byte pubValPrimeLong[] = {0x00, 0x01, 0x00, 0x01};
  14201. WOLFSSL_SMALL_STACK_STATIC const byte pubValPrimePlusOne[] = { 0x01, 0x00, 0x02 };
  14202. WOLFSSL_SMALL_STACK_STATIC const byte pubValTooBig0[] = { 0x02, 0x00, 0x01 };
  14203. WOLFSSL_SMALL_STACK_STATIC const byte pubValTooBig1[] = { 0x01, 0x01, 0x01 };
  14204. WOLFSSL_SMALL_STACK_STATIC const byte pubValTooLong[] = { 0x01, 0x00, 0x00, 0x01 };
  14205. const dh_pubvalue_test dh_pubval_fail[] = {
  14206. { prime, sizeof(prime) },
  14207. { pubValZero, sizeof(pubValZero) },
  14208. { pubValZeroLong, sizeof(pubValZeroLong) },
  14209. { pubValOne, sizeof(pubValOne) },
  14210. { pubValOneLong, sizeof(pubValOneLong) },
  14211. { pubValPrimeMinusOne, sizeof(pubValPrimeMinusOne) },
  14212. { pubValPrimeLong, sizeof(pubValPrimeLong) },
  14213. { pubValPrimePlusOne, sizeof(pubValPrimePlusOne) },
  14214. { pubValTooBig0, sizeof(pubValTooBig0) },
  14215. { pubValTooBig1, sizeof(pubValTooBig1) },
  14216. { pubValTooLong, sizeof(pubValTooLong) },
  14217. };
  14218. WOLFSSL_SMALL_STACK_STATIC const byte pubValTwo[] = { 0x02 };
  14219. WOLFSSL_SMALL_STACK_STATIC const byte pubValTwoLong[] = { 0x00, 0x00, 0x02 };
  14220. WOLFSSL_SMALL_STACK_STATIC const byte pubValGood[] = { 0x12, 0x34 };
  14221. WOLFSSL_SMALL_STACK_STATIC const byte pubValGoodLen[] = { 0x00, 0x12, 0x34 };
  14222. WOLFSSL_SMALL_STACK_STATIC const byte pubValGoodLong[] = { 0x00, 0x00, 0x12, 0x34 };
  14223. const dh_pubvalue_test dh_pubval_pass[] = {
  14224. { pubValTwo, sizeof(pubValTwo) },
  14225. { pubValTwoLong, sizeof(pubValTwoLong) },
  14226. { pubValGood, sizeof(pubValGood) },
  14227. { pubValGoodLen, sizeof(pubValGoodLen) },
  14228. { pubValGoodLong, sizeof(pubValGoodLong) },
  14229. };
  14230. for (i = 0; i < sizeof(dh_pubval_fail) / sizeof(*dh_pubval_fail); i++) {
  14231. ret = wc_DhCheckPubValue(prime, sizeof(prime), dh_pubval_fail[i].data,
  14232. dh_pubval_fail[i].len);
  14233. if (ret != MP_VAL)
  14234. return -8020 - (int)i;
  14235. }
  14236. for (i = 0; i < sizeof(dh_pubval_pass) / sizeof(*dh_pubval_pass); i++) {
  14237. ret = wc_DhCheckPubValue(prime, sizeof(prime), dh_pubval_pass[i].data,
  14238. dh_pubval_pass[i].len);
  14239. if (ret != 0)
  14240. return -8030 - (int)i;
  14241. }
  14242. return 0;
  14243. }
  14244. #endif
  14245. #if defined(HAVE_FFDHE)
  14246. #ifdef HAVE_FFDHE_3072
  14247. #define FFDHE_KEY_SIZE (3072/8)
  14248. #else
  14249. #define FFDHE_KEY_SIZE (2048/8)
  14250. #endif
  14251. #ifndef WC_NO_RNG
  14252. static int dh_ffdhe_test(WC_RNG *rng, const DhParams* params)
  14253. {
  14254. int ret;
  14255. word32 privSz, pubSz, privSz2, pubSz2;
  14256. #ifdef WOLFSSL_SMALL_STACK
  14257. byte *priv = (byte *)XMALLOC(FFDHE_KEY_SIZE, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  14258. byte *pub = (byte *)XMALLOC(FFDHE_KEY_SIZE, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  14259. byte *priv2 = (byte *)XMALLOC(FFDHE_KEY_SIZE, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  14260. byte *pub2 = (byte *)XMALLOC(FFDHE_KEY_SIZE, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  14261. byte *agree = (byte *)XMALLOC(FFDHE_KEY_SIZE, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  14262. byte *agree2 = (byte *)XMALLOC(FFDHE_KEY_SIZE, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  14263. DhKey *key = (DhKey *)XMALLOC(sizeof *key, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  14264. DhKey *key2 = (DhKey *)XMALLOC(sizeof *key2, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  14265. #else
  14266. byte priv[FFDHE_KEY_SIZE];
  14267. byte pub[FFDHE_KEY_SIZE];
  14268. byte priv2[FFDHE_KEY_SIZE];
  14269. byte pub2[FFDHE_KEY_SIZE];
  14270. byte agree[FFDHE_KEY_SIZE];
  14271. byte agree2[FFDHE_KEY_SIZE];
  14272. DhKey key[1];
  14273. DhKey key2[1];
  14274. #endif
  14275. word32 agreeSz = FFDHE_KEY_SIZE;
  14276. word32 agreeSz2 = FFDHE_KEY_SIZE;
  14277. #ifdef WOLFSSL_SMALL_STACK
  14278. if ((priv == NULL) ||
  14279. (pub == NULL) ||
  14280. (priv2 == NULL) ||
  14281. (pub2 == NULL) ||
  14282. (agree == NULL) ||
  14283. (agree2 == NULL) ||
  14284. (key == NULL) ||
  14285. (key2 == NULL))
  14286. ERROR_OUT(-8050, done);
  14287. #endif
  14288. pubSz = FFDHE_KEY_SIZE;
  14289. pubSz2 = FFDHE_KEY_SIZE;
  14290. privSz = FFDHE_KEY_SIZE;
  14291. privSz2 = FFDHE_KEY_SIZE;
  14292. XMEMSET(key, 0, sizeof *key);
  14293. XMEMSET(key2, 0, sizeof *key2);
  14294. ret = wc_InitDhKey_ex(key, HEAP_HINT, devId);
  14295. if (ret != 0) {
  14296. ERROR_OUT(-8051, done);
  14297. }
  14298. ret = wc_InitDhKey_ex(key2, HEAP_HINT, devId);
  14299. if (ret != 0) {
  14300. ERROR_OUT(-8052, done);
  14301. }
  14302. ret = wc_DhSetKey(key, params->p, params->p_len, params->g, params->g_len);
  14303. if (ret != 0) {
  14304. ERROR_OUT(-8053, done);
  14305. }
  14306. ret = wc_DhSetKey(key2, params->p, params->p_len, params->g,
  14307. params->g_len);
  14308. if (ret != 0) {
  14309. ERROR_OUT(-8054, done);
  14310. }
  14311. ret = wc_DhGenerateKeyPair(key, rng, priv, &privSz, pub, &pubSz);
  14312. #if defined(WOLFSSL_ASYNC_CRYPT)
  14313. ret = wc_AsyncWait(ret, &key->asyncDev, WC_ASYNC_FLAG_NONE);
  14314. #endif
  14315. if (ret != 0) {
  14316. ERROR_OUT(-8055, done);
  14317. }
  14318. ret = wc_DhGenerateKeyPair(key2, rng, priv2, &privSz2, pub2, &pubSz2);
  14319. #if defined(WOLFSSL_ASYNC_CRYPT)
  14320. ret = wc_AsyncWait(ret, &key2->asyncDev, WC_ASYNC_FLAG_NONE);
  14321. #endif
  14322. if (ret != 0) {
  14323. ERROR_OUT(-8056, done);
  14324. }
  14325. ret = wc_DhAgree(key, agree, &agreeSz, priv, privSz, pub2, pubSz2);
  14326. #if defined(WOLFSSL_ASYNC_CRYPT)
  14327. ret = wc_AsyncWait(ret, &key->asyncDev, WC_ASYNC_FLAG_NONE);
  14328. #endif
  14329. if (ret != 0) {
  14330. ERROR_OUT(-8057, done);
  14331. }
  14332. ret = wc_DhAgree(key2, agree2, &agreeSz2, priv2, privSz2, pub, pubSz);
  14333. #if defined(WOLFSSL_ASYNC_CRYPT)
  14334. ret = wc_AsyncWait(ret, &key2->asyncDev, WC_ASYNC_FLAG_NONE);
  14335. #endif
  14336. if (ret != 0) {
  14337. ERROR_OUT(-8058, done);
  14338. }
  14339. if (agreeSz != agreeSz2 || XMEMCMP(agree, agree2, agreeSz)) {
  14340. ERROR_OUT(-8059, done);
  14341. }
  14342. #if defined(WOLFSSL_HAVE_SP_DH) && defined(USE_FAST_MATH)
  14343. /* Make p even */
  14344. key->p.dp[0] &= (mp_digit)-2;
  14345. if (ret != 0) {
  14346. ERROR_OUT(-8058, done);
  14347. }
  14348. ret = wc_DhGenerateKeyPair(key, rng, priv, &privSz, pub, &pubSz);
  14349. if (ret != MP_VAL && ret != MP_EXPTMOD_E) {
  14350. ERROR_OUT(-8058, done);
  14351. }
  14352. ret = wc_DhAgree(key, agree, &agreeSz, priv, privSz, pub2, pubSz2);
  14353. if (ret != MP_VAL && ret != MP_EXPTMOD_E) {
  14354. ERROR_OUT(-8057, done);
  14355. }
  14356. ret = wc_DhCheckKeyPair(key, pub, pubSz, priv, privSz);
  14357. if (ret != MP_VAL && ret != MP_EXPTMOD_E) {
  14358. ERROR_OUT(-8057, done);
  14359. }
  14360. /* Getting here means success - set ret to 0. */
  14361. ret = 0;
  14362. #endif
  14363. done:
  14364. #ifdef WOLFSSL_SMALL_STACK
  14365. if (priv)
  14366. XFREE(priv, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  14367. if (pub)
  14368. XFREE(pub, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  14369. if (priv2)
  14370. XFREE(priv2, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  14371. if (pub2)
  14372. XFREE(pub2, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  14373. if (agree)
  14374. XFREE(agree, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  14375. if (agree2)
  14376. XFREE(agree2, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  14377. if (key) {
  14378. wc_FreeDhKey(key);
  14379. XFREE(key, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  14380. }
  14381. if (key2) {
  14382. wc_FreeDhKey(key2);
  14383. XFREE(key2, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  14384. }
  14385. #else
  14386. wc_FreeDhKey(key);
  14387. wc_FreeDhKey(key2);
  14388. #endif
  14389. return ret;
  14390. }
  14391. #endif /* !WC_NO_RNG */
  14392. #endif /* HAVE_FFDHE */
  14393. WOLFSSL_TEST_SUBROUTINE int dh_test(void)
  14394. {
  14395. int ret;
  14396. word32 bytes;
  14397. word32 idx = 0, privSz, pubSz, privSz2, pubSz2;
  14398. #ifndef WC_NO_RNG
  14399. WC_RNG rng;
  14400. #endif
  14401. int keyInit = 0;
  14402. #define DH_TEST_TMP_SIZE 1024
  14403. #if !defined(USE_CERT_BUFFERS_3072) && !defined(USE_CERT_BUFFERS_4096)
  14404. #define DH_TEST_BUF_SIZE 256
  14405. #else
  14406. #define DH_TEST_BUF_SIZE 512
  14407. #endif
  14408. #ifndef WC_NO_RNG
  14409. word32 agreeSz = DH_TEST_BUF_SIZE;
  14410. word32 agreeSz2 = DH_TEST_BUF_SIZE;
  14411. #endif
  14412. #ifdef WOLFSSL_SMALL_STACK
  14413. DhKey *key = (DhKey *)XMALLOC(sizeof *key, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  14414. DhKey *key2 = (DhKey *)XMALLOC(sizeof *key2, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  14415. byte *tmp = (byte *)XMALLOC(DH_TEST_TMP_SIZE, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  14416. #else
  14417. DhKey key[1];
  14418. DhKey key2[1];
  14419. byte tmp[DH_TEST_TMP_SIZE];
  14420. #endif
  14421. #ifndef WC_NO_RNG
  14422. #ifdef WOLFSSL_SMALL_STACK
  14423. byte *priv = (byte *)XMALLOC(DH_TEST_BUF_SIZE, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  14424. byte *pub = (byte *)XMALLOC(DH_TEST_BUF_SIZE, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  14425. byte *priv2 = (byte *)XMALLOC(DH_TEST_BUF_SIZE, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  14426. byte *pub2 = (byte *)XMALLOC(DH_TEST_BUF_SIZE, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  14427. byte *agree = (byte *)XMALLOC(DH_TEST_BUF_SIZE, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  14428. byte *agree2 = (byte *)XMALLOC(DH_TEST_BUF_SIZE, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  14429. if (priv == NULL || pub == NULL || priv2 == NULL || pub2 == NULL ||
  14430. agree == NULL || agree2 == NULL) {
  14431. ERROR_OUT(-8100, done);
  14432. }
  14433. #else
  14434. byte priv[DH_TEST_BUF_SIZE];
  14435. byte pub[DH_TEST_BUF_SIZE];
  14436. byte priv2[DH_TEST_BUF_SIZE];
  14437. byte pub2[DH_TEST_BUF_SIZE];
  14438. byte agree[DH_TEST_BUF_SIZE];
  14439. byte agree2[DH_TEST_BUF_SIZE];
  14440. #endif
  14441. #endif /* !WC_NO_RNG */
  14442. #ifdef WOLFSSL_SMALL_STACK
  14443. if (key == NULL || key2 == NULL || tmp == NULL) {
  14444. ERROR_OUT(-8100, done);
  14445. }
  14446. #endif
  14447. #ifdef USE_CERT_BUFFERS_1024
  14448. XMEMCPY(tmp, dh_key_der_1024, (size_t)sizeof_dh_key_der_1024);
  14449. bytes = (size_t)sizeof_dh_key_der_1024;
  14450. #elif defined(USE_CERT_BUFFERS_2048)
  14451. XMEMCPY(tmp, dh_key_der_2048, (size_t)sizeof_dh_key_der_2048);
  14452. bytes = (size_t)sizeof_dh_key_der_2048;
  14453. #elif defined(USE_CERT_BUFFERS_3072)
  14454. XMEMCPY(tmp, dh_key_der_3072, (size_t)sizeof_dh_key_der_3072);
  14455. bytes = (size_t)sizeof_dh_key_der_3072;
  14456. #elif defined(USE_CERT_BUFFERS_4096)
  14457. XMEMCPY(tmp, dh_key_der_4096, (size_t)sizeof_dh_key_der_4096);
  14458. bytes = (size_t)sizeof_dh_key_der_4096;
  14459. #elif defined(NO_ASN)
  14460. /* don't use file, no DER parsing */
  14461. #elif !defined(NO_FILESYSTEM)
  14462. {
  14463. XFILE file = XFOPEN(dhParamsFile, "rb");
  14464. if (! file)
  14465. ERROR_OUT(-8101, done);
  14466. bytes = (word32) XFREAD(tmp, 1, DH_TEST_TMP_SIZE, file);
  14467. XFCLOSE(file);
  14468. }
  14469. #else
  14470. /* No DH key to use. */
  14471. ERROR_OUT(-8102, done);
  14472. #endif /* USE_CERT_BUFFERS */
  14473. (void)idx;
  14474. (void)tmp;
  14475. (void)bytes;
  14476. pubSz = DH_TEST_BUF_SIZE;
  14477. pubSz2 = DH_TEST_BUF_SIZE;
  14478. privSz = DH_TEST_BUF_SIZE;
  14479. privSz2 = DH_TEST_BUF_SIZE;
  14480. #ifndef WC_NO_RNG
  14481. XMEMSET(&rng, 0, sizeof(rng));
  14482. #endif
  14483. /* Use API for coverage. */
  14484. ret = wc_InitDhKey(key);
  14485. if (ret != 0) {
  14486. ERROR_OUT(-8103, done);
  14487. }
  14488. wc_FreeDhKey(key);
  14489. ret = wc_InitDhKey_ex(key, HEAP_HINT, devId);
  14490. if (ret != 0) {
  14491. ERROR_OUT(-8104, done);
  14492. }
  14493. keyInit = 1;
  14494. ret = wc_InitDhKey_ex(key2, HEAP_HINT, devId);
  14495. if (ret != 0) {
  14496. ERROR_OUT(-8105, done);
  14497. }
  14498. #ifdef NO_ASN
  14499. ret = wc_DhSetKey(key, dh_p, sizeof(dh_p), dh_g, sizeof(dh_g));
  14500. if (ret != 0) {
  14501. ERROR_OUT(-8106, done);
  14502. }
  14503. ret = wc_DhSetKey(key2, dh_p, sizeof(dh_p), dh_g, sizeof(dh_g));
  14504. if (ret != 0) {
  14505. ERROR_OUT(-8107, done);
  14506. }
  14507. #else
  14508. ret = wc_DhKeyDecode(tmp, &idx, key, bytes);
  14509. if (ret != 0) {
  14510. ERROR_OUT(-8108, done);
  14511. }
  14512. idx = 0;
  14513. ret = wc_DhKeyDecode(tmp, &idx, key2, bytes);
  14514. if (ret != 0) {
  14515. ERROR_OUT(-8109, done);
  14516. }
  14517. #endif
  14518. #ifndef WC_NO_RNG
  14519. #ifndef HAVE_FIPS
  14520. ret = wc_InitRng_ex(&rng, HEAP_HINT, devId);
  14521. #else
  14522. ret = wc_InitRng(&rng);
  14523. #endif
  14524. if (ret != 0) {
  14525. ERROR_OUT(-8110, done);
  14526. }
  14527. ret = wc_DhGenerateKeyPair(key, &rng, priv, &privSz, pub, &pubSz);
  14528. #if defined(WOLFSSL_ASYNC_CRYPT)
  14529. ret = wc_AsyncWait(ret, &key->asyncDev, WC_ASYNC_FLAG_NONE);
  14530. #endif
  14531. if (ret != 0) {
  14532. ERROR_OUT(-8111, done);
  14533. }
  14534. ret = wc_DhGenerateKeyPair(key2, &rng, priv2, &privSz2, pub2, &pubSz2);
  14535. #if defined(WOLFSSL_ASYNC_CRYPT)
  14536. ret = wc_AsyncWait(ret, &key2->asyncDev, WC_ASYNC_FLAG_NONE);
  14537. #endif
  14538. if (ret != 0) {
  14539. ERROR_OUT(-8112, done);
  14540. }
  14541. ret = wc_DhAgree(key, agree, &agreeSz, priv, privSz, pub2, pubSz2);
  14542. #if defined(WOLFSSL_ASYNC_CRYPT)
  14543. ret = wc_AsyncWait(ret, &key->asyncDev, WC_ASYNC_FLAG_NONE);
  14544. #endif
  14545. if (ret != 0) {
  14546. ERROR_OUT(-8113, done);
  14547. }
  14548. ret = wc_DhAgree(key2, agree2, &agreeSz2, priv2, privSz2, pub, pubSz);
  14549. #if defined(WOLFSSL_ASYNC_CRYPT)
  14550. ret = wc_AsyncWait(ret, &key2->asyncDev, WC_ASYNC_FLAG_NONE);
  14551. #endif
  14552. if (ret != 0) {
  14553. ERROR_OUT(-8114, done);
  14554. }
  14555. if (agreeSz != agreeSz2 || XMEMCMP(agree, agree2, agreeSz)) {
  14556. ERROR_OUT(-8115, done);
  14557. }
  14558. #endif /* !WC_NO_RNG */
  14559. #if defined(WOLFSSL_KEY_GEN) && !defined(HAVE_FIPS) && !defined(HAVE_SELFTEST)
  14560. if (wc_DhCheckPrivKey(NULL, NULL, 0) != BAD_FUNC_ARG)
  14561. ERROR_OUT(-8116, done);
  14562. if (wc_DhCheckPrivKey(key, priv, privSz) != 0)
  14563. ERROR_OUT(-8117, done);
  14564. if (wc_DhExportParamsRaw(NULL, NULL, NULL, NULL, NULL, NULL, NULL) != BAD_FUNC_ARG)
  14565. ERROR_OUT(-8118, done);
  14566. {
  14567. word32 pSz, qSz, gSz;
  14568. if (wc_DhExportParamsRaw(key, NULL, &pSz, NULL, &qSz, NULL, &gSz) != LENGTH_ONLY_E)
  14569. ERROR_OUT(-8119, done);
  14570. }
  14571. #endif
  14572. /* Test DH key import / export */
  14573. #if defined(WOLFSSL_DH_EXTRA) && !defined(NO_FILESYSTEM) && \
  14574. (!defined(HAVE_FIPS) || \
  14575. (defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION > 2)))
  14576. wc_FreeDhKey(key);
  14577. ret = wc_InitDhKey_ex(key, HEAP_HINT, devId);
  14578. if (ret != 0) {
  14579. ERROR_OUT(-8120, done);
  14580. }
  14581. #if !defined(NO_ASN) && !defined(NO_FILESYSTEM)
  14582. {
  14583. XFILE file = XFOPEN(dhKeyFile, "rb");
  14584. if (!file)
  14585. ERROR_OUT(-8121, done);
  14586. bytes = (word32)XFREAD(tmp, 1, DH_TEST_TMP_SIZE, file);
  14587. XFCLOSE(file);
  14588. }
  14589. idx = 0;
  14590. ret = wc_DhKeyDecode(tmp, &idx, key, bytes);
  14591. if (ret != 0) {
  14592. ERROR_OUT(-8122, done);
  14593. }
  14594. #else
  14595. ret = wc_DhSetKey(key, dh_p, sizeof(dh_p), dh_g, sizeof(dh_g));
  14596. if (ret != 0) {
  14597. ERROR_OUT(-8123, done);
  14598. }
  14599. #endif
  14600. privSz = DH_TEST_BUF_SIZE;
  14601. pubSz = DH_TEST_BUF_SIZE;
  14602. ret = wc_DhExportKeyPair(key, priv, &privSz, pub, &pubSz);
  14603. if (ret != 0) {
  14604. ERROR_OUT(-8124, done);
  14605. }
  14606. ret = wc_DhImportKeyPair(key2, priv, privSz, pub, pubSz);
  14607. if (ret != 0) {
  14608. ERROR_OUT(-8125, done);
  14609. }
  14610. #endif /* WOLFSSL_DH_EXTRA */
  14611. #ifndef WC_NO_RNG
  14612. ret = dh_generate_test(&rng);
  14613. if (ret != 0)
  14614. ERROR_OUT(-8126, done);
  14615. ret = dh_fips_generate_test(&rng);
  14616. if (ret != 0)
  14617. ERROR_OUT(-8127, done);
  14618. #endif /* !WC_NO_RNG */
  14619. #if !defined(HAVE_FIPS) && !defined(HAVE_SELFTEST)
  14620. ret = dh_test_check_pubvalue();
  14621. if (ret != 0)
  14622. ERROR_OUT(-8128, done);
  14623. #endif
  14624. #ifndef WC_NO_RNG
  14625. /* Specialized code for key gen when using FFDHE-2048 and FFDHE-3072. */
  14626. #ifdef HAVE_FFDHE_2048
  14627. ret = dh_ffdhe_test(&rng, wc_Dh_ffdhe2048_Get());
  14628. if (ret != 0)
  14629. ERROR_OUT(-8129, done);
  14630. #endif
  14631. #ifdef HAVE_FFDHE_3072
  14632. ret = dh_ffdhe_test(&rng, wc_Dh_ffdhe3072_Get());
  14633. if (ret != 0)
  14634. ERROR_OUT(-8130, done);
  14635. #endif
  14636. #endif /* !WC_NO_RNG */
  14637. wc_FreeDhKey(key);
  14638. keyInit = 0;
  14639. #if !defined(HAVE_FIPS) && !defined(HAVE_SELFTEST) && \
  14640. !defined(WOLFSSL_OLD_PRIME_CHECK) && !defined(WC_NO_RNG)
  14641. /* Test Check Key */
  14642. ret = wc_DhSetCheckKey(key, dh_p, sizeof(dh_p), dh_g, sizeof(dh_g),
  14643. NULL, 0, 0, &rng);
  14644. if (ret != 0)
  14645. ERROR_OUT(-8131, done);
  14646. keyInit = 1; /* DhSetCheckKey also initializes the key, free it */
  14647. #endif
  14648. done:
  14649. #ifndef WC_NO_RNG
  14650. wc_FreeRng(&rng);
  14651. #endif
  14652. #ifdef WOLFSSL_SMALL_STACK
  14653. if (key) {
  14654. if (keyInit)
  14655. wc_FreeDhKey(key);
  14656. XFREE(key, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  14657. }
  14658. if (key2) {
  14659. wc_FreeDhKey(key2);
  14660. XFREE(key2, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  14661. }
  14662. if (tmp)
  14663. XFREE(tmp, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  14664. if (priv)
  14665. XFREE(priv, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  14666. if (pub)
  14667. XFREE(pub, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  14668. if (priv2)
  14669. XFREE(priv2, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  14670. if (pub2)
  14671. XFREE(pub2, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  14672. if (agree)
  14673. XFREE(agree, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  14674. if (agree2)
  14675. XFREE(agree2, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  14676. #else
  14677. if (keyInit)
  14678. wc_FreeDhKey(key);
  14679. wc_FreeDhKey(key2);
  14680. #endif
  14681. (void)privSz;
  14682. (void)pubSz;
  14683. (void)pubSz2;
  14684. (void)privSz2;
  14685. return ret;
  14686. #undef DH_TEST_BUF_SIZE
  14687. #undef DH_TEST_TMP_SIZE
  14688. }
  14689. #endif /* NO_DH */
  14690. #ifndef NO_DSA
  14691. WOLFSSL_TEST_SUBROUTINE int dsa_test(void)
  14692. {
  14693. int ret = 0, answer;
  14694. word32 bytes;
  14695. word32 idx = 0;
  14696. WC_RNG rng;
  14697. wc_Sha sha;
  14698. byte hash[WC_SHA_DIGEST_SIZE];
  14699. byte signature[40];
  14700. #ifdef WOLFSSL_KEY_GEN
  14701. byte* der = 0;
  14702. #endif
  14703. #define DSA_TEST_TMP_SIZE 1024
  14704. #ifdef WOLFSSL_SMALL_STACK
  14705. byte *tmp = (byte *)XMALLOC(DSA_TEST_TMP_SIZE, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  14706. DsaKey *key = (DsaKey *)XMALLOC(sizeof *key, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  14707. #ifdef WOLFSSL_KEY_GEN
  14708. DsaKey *derIn = (DsaKey *)XMALLOC(sizeof *derIn, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  14709. DsaKey *genKey = (DsaKey *)XMALLOC(sizeof *genKey, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  14710. #endif
  14711. if ((tmp == NULL) ||
  14712. (key == NULL)
  14713. #ifdef WOLFSSL_KEY_GEN
  14714. || (derIn == NULL)
  14715. || (genKey == NULL)
  14716. #endif
  14717. ) {
  14718. ret = -8216;
  14719. goto out;
  14720. }
  14721. #else
  14722. byte tmp[1024];
  14723. DsaKey key[1];
  14724. #ifdef WOLFSSL_KEY_GEN
  14725. DsaKey derIn[1];
  14726. DsaKey genKey[1];
  14727. #endif
  14728. #endif
  14729. #ifdef USE_CERT_BUFFERS_1024
  14730. XMEMCPY(tmp, dsa_key_der_1024, sizeof_dsa_key_der_1024);
  14731. bytes = sizeof_dsa_key_der_1024;
  14732. #elif defined(USE_CERT_BUFFERS_2048)
  14733. XMEMCPY(tmp, dsa_key_der_2048, sizeof_dsa_key_der_2048);
  14734. bytes = sizeof_dsa_key_der_2048;
  14735. #else
  14736. {
  14737. XFILE file = XFOPEN(dsaKey, "rb");
  14738. if (!file)
  14739. ERROR_OUT(-8200, out);
  14740. bytes = (word32) XFREAD(tmp, 1, DSA_TEST_TMP_SIZE, file);
  14741. XFCLOSE(file);
  14742. }
  14743. #endif /* USE_CERT_BUFFERS */
  14744. ret = wc_InitSha_ex(&sha, HEAP_HINT, devId);
  14745. if (ret != 0)
  14746. ERROR_OUT(-8201, out);
  14747. wc_ShaUpdate(&sha, tmp, bytes);
  14748. wc_ShaFinal(&sha, hash);
  14749. wc_ShaFree(&sha);
  14750. ret = wc_InitDsaKey(key);
  14751. if (ret != 0)
  14752. ERROR_OUT(-8202, out);
  14753. ret = wc_DsaPrivateKeyDecode(tmp, &idx, key, bytes);
  14754. if (ret != 0)
  14755. ERROR_OUT(-8203, out);
  14756. #ifndef HAVE_FIPS
  14757. ret = wc_InitRng_ex(&rng, HEAP_HINT, devId);
  14758. #else
  14759. ret = wc_InitRng(&rng);
  14760. #endif
  14761. if (ret != 0)
  14762. ERROR_OUT(-8204, out);
  14763. ret = wc_DsaSign(hash, signature, key, &rng);
  14764. if (ret != 0)
  14765. ERROR_OUT(-8205, out);
  14766. ret = wc_DsaVerify(hash, signature, key, &answer);
  14767. if (ret != 0)
  14768. ERROR_OUT(-8206, out);
  14769. if (answer != 1)
  14770. ERROR_OUT(-8207, out);
  14771. wc_FreeDsaKey(key);
  14772. #ifdef WOLFSSL_KEY_GEN
  14773. {
  14774. int derSz = 0;
  14775. ret = wc_InitDsaKey(genKey);
  14776. if (ret != 0)
  14777. ERROR_OUT(-8208, out);
  14778. ret = wc_MakeDsaParameters(&rng, 1024, genKey);
  14779. if (ret != 0) {
  14780. wc_FreeDsaKey(genKey);
  14781. ERROR_OUT(-8209, out);
  14782. }
  14783. ret = wc_MakeDsaKey(&rng, genKey);
  14784. if (ret != 0) {
  14785. wc_FreeDsaKey(genKey);
  14786. ERROR_OUT(-8210, out);
  14787. }
  14788. der = (byte*)XMALLOC(FOURK_BUF, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  14789. if (der == NULL) {
  14790. wc_FreeDsaKey(genKey);
  14791. ERROR_OUT(-8211, out);
  14792. }
  14793. derSz = wc_DsaKeyToDer(genKey, der, FOURK_BUF);
  14794. if (derSz < 0) {
  14795. XFREE(der, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  14796. ERROR_OUT(-8212, out);
  14797. }
  14798. ret = SaveDerAndPem(der, derSz, keyDerFile, keyPemFile,
  14799. DSA_PRIVATEKEY_TYPE, -5814);
  14800. if (ret != 0) {
  14801. XFREE(der, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  14802. wc_FreeDsaKey(genKey);
  14803. goto out;
  14804. }
  14805. ret = wc_InitDsaKey(derIn);
  14806. if (ret != 0) {
  14807. XFREE(der, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  14808. wc_FreeDsaKey(genKey);
  14809. ERROR_OUT(-8213, out);
  14810. }
  14811. idx = 0;
  14812. ret = wc_DsaPrivateKeyDecode(der, &idx, derIn, derSz);
  14813. if (ret != 0) {
  14814. XFREE(der, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  14815. wc_FreeDsaKey(derIn);
  14816. wc_FreeDsaKey(genKey);
  14817. ERROR_OUT(-8214, out);
  14818. }
  14819. }
  14820. #endif /* WOLFSSL_KEY_GEN */
  14821. out:
  14822. #ifdef WOLFSSL_SMALL_STACK
  14823. if (key) {
  14824. #endif
  14825. if (wc_InitDsaKey_h(key, NULL) != 0)
  14826. ret = -8215;
  14827. #ifdef WOLFSSL_SMALL_STACK
  14828. }
  14829. #endif
  14830. #ifdef WOLFSSL_KEY_GEN
  14831. if (der)
  14832. XFREE(der, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  14833. #endif
  14834. #ifdef WOLFSSL_SMALL_STACK
  14835. if (tmp)
  14836. XFREE(tmp, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  14837. if (key)
  14838. XFREE(key, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  14839. #ifdef WOLFSSL_KEY_GEN
  14840. if (derIn) {
  14841. wc_FreeDsaKey(derIn);
  14842. XFREE(derIn, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  14843. }
  14844. if (genKey) {
  14845. wc_FreeDsaKey(genKey);
  14846. XFREE(genKey, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  14847. }
  14848. #endif
  14849. #else /* !WOLFSSL_SMALL_STACK */
  14850. #ifdef WOLFSSL_KEY_GEN
  14851. wc_FreeDsaKey(derIn);
  14852. wc_FreeDsaKey(genKey);
  14853. #endif
  14854. #endif
  14855. wc_FreeRng(&rng);
  14856. return ret;
  14857. }
  14858. #endif /* NO_DSA */
  14859. #ifdef WOLFCRYPT_HAVE_SRP
  14860. static int generate_random_salt(byte *buf, word32 size)
  14861. {
  14862. int ret = -8220;
  14863. WC_RNG rng;
  14864. if(NULL == buf || !size)
  14865. return -8221;
  14866. if (buf && size && wc_InitRng_ex(&rng, HEAP_HINT, devId) == 0) {
  14867. ret = wc_RNG_GenerateBlock(&rng, (byte *)buf, size);
  14868. wc_FreeRng(&rng);
  14869. }
  14870. return ret;
  14871. }
  14872. WOLFSSL_TEST_SUBROUTINE int srp_test(void)
  14873. {
  14874. int r;
  14875. byte clientPubKey[80]; /* A */
  14876. byte serverPubKey[80]; /* B */
  14877. word32 clientPubKeySz = 80;
  14878. word32 serverPubKeySz = 80;
  14879. byte username[] = "user";
  14880. word32 usernameSz = 4;
  14881. byte password[] = "password";
  14882. word32 passwordSz = 8;
  14883. WOLFSSL_SMALL_STACK_STATIC const byte N[] = {
  14884. 0xC9, 0x4D, 0x67, 0xEB, 0x5B, 0x1A, 0x23, 0x46, 0xE8, 0xAB, 0x42, 0x2F,
  14885. 0xC6, 0xA0, 0xED, 0xAE, 0xDA, 0x8C, 0x7F, 0x89, 0x4C, 0x9E, 0xEE, 0xC4,
  14886. 0x2F, 0x9E, 0xD2, 0x50, 0xFD, 0x7F, 0x00, 0x46, 0xE5, 0xAF, 0x2C, 0xF7,
  14887. 0x3D, 0x6B, 0x2F, 0xA2, 0x6B, 0xB0, 0x80, 0x33, 0xDA, 0x4D, 0xE3, 0x22,
  14888. 0xE1, 0x44, 0xE7, 0xA8, 0xE9, 0xB1, 0x2A, 0x0E, 0x46, 0x37, 0xF6, 0x37,
  14889. 0x1F, 0x34, 0xA2, 0x07, 0x1C, 0x4B, 0x38, 0x36, 0xCB, 0xEE, 0xAB, 0x15,
  14890. 0x03, 0x44, 0x60, 0xFA, 0xA7, 0xAD, 0xF4, 0x83
  14891. };
  14892. WOLFSSL_SMALL_STACK_STATIC const byte g[] = {
  14893. 0x02
  14894. };
  14895. byte salt[10];
  14896. byte verifier[80];
  14897. word32 v_size = sizeof(verifier);
  14898. word32 clientProofSz = SRP_MAX_DIGEST_SIZE;
  14899. word32 serverProofSz = SRP_MAX_DIGEST_SIZE;
  14900. #ifdef WOLFSSL_SMALL_STACK
  14901. Srp *cli = (Srp *)XMALLOC(sizeof *cli, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  14902. Srp *srv = (Srp *)XMALLOC(sizeof *srv, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  14903. byte *clientProof = (byte *)XMALLOC(SRP_MAX_DIGEST_SIZE, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); /* M1 */
  14904. byte *serverProof = (byte *)XMALLOC(SRP_MAX_DIGEST_SIZE, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); /* M2 */
  14905. if ((cli == NULL) ||
  14906. (srv == NULL) ||
  14907. (clientProof == NULL) ||
  14908. (serverProof == NULL)) {
  14909. r = -8222;
  14910. goto out;
  14911. }
  14912. #else
  14913. Srp cli[1], srv[1];
  14914. byte clientProof[SRP_MAX_DIGEST_SIZE]; /* M1 */
  14915. byte serverProof[SRP_MAX_DIGEST_SIZE]; /* M2 */
  14916. #endif
  14917. /* set as 0's so if second init on srv not called SrpTerm is not on
  14918. * garbage values */
  14919. XMEMSET(srv, 0, sizeof *srv);
  14920. XMEMSET(cli, 0, sizeof *cli);
  14921. /* generating random salt */
  14922. r = generate_random_salt(salt, sizeof(salt));
  14923. /* client knows username and password. */
  14924. /* server knows N, g, salt and verifier. */
  14925. if (!r) r = wc_SrpInit(cli, SRP_TYPE_SHA, SRP_CLIENT_SIDE);
  14926. if (!r) r = wc_SrpSetUsername(cli, username, usernameSz);
  14927. /* loading N, g and salt in advance to generate the verifier. */
  14928. if (!r) r = wc_SrpSetParams(cli, N, sizeof(N),
  14929. g, sizeof(g),
  14930. salt, sizeof(salt));
  14931. if (!r) r = wc_SrpSetPassword(cli, password, passwordSz);
  14932. if (!r) r = wc_SrpGetVerifier(cli, verifier, &v_size);
  14933. /* client sends username to server */
  14934. if (!r) r = wc_SrpInit(srv, SRP_TYPE_SHA, SRP_SERVER_SIDE);
  14935. if (!r) r = wc_SrpSetUsername(srv, username, usernameSz);
  14936. if (!r) r = wc_SrpSetParams(srv, N, sizeof(N),
  14937. g, sizeof(g),
  14938. salt, sizeof(salt));
  14939. if (!r) r = wc_SrpSetVerifier(srv, verifier, v_size);
  14940. if (!r) r = wc_SrpGetPublic(srv, serverPubKey, &serverPubKeySz);
  14941. /* server sends N, g, salt and B to client */
  14942. if (!r) r = wc_SrpGetPublic(cli, clientPubKey, &clientPubKeySz);
  14943. if (!r) r = wc_SrpComputeKey(cli, clientPubKey, clientPubKeySz,
  14944. serverPubKey, serverPubKeySz);
  14945. if (!r) r = wc_SrpGetProof(cli, clientProof, &clientProofSz);
  14946. /* client sends A and M1 to server */
  14947. if (!r) r = wc_SrpComputeKey(srv, clientPubKey, clientPubKeySz,
  14948. serverPubKey, serverPubKeySz);
  14949. if (!r) r = wc_SrpVerifyPeersProof(srv, clientProof, clientProofSz);
  14950. if (!r) r = wc_SrpGetProof(srv, serverProof, &serverProofSz);
  14951. /* server sends M2 to client */
  14952. if (!r) r = wc_SrpVerifyPeersProof(cli, serverProof, serverProofSz);
  14953. wc_SrpTerm(cli);
  14954. wc_SrpTerm(srv);
  14955. #ifdef WOLFSSL_SMALL_STACK
  14956. out:
  14957. if (cli)
  14958. XFREE(cli, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  14959. if (srv)
  14960. XFREE(srv, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  14961. if (clientProof)
  14962. XFREE(clientProof, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  14963. if (serverProof)
  14964. XFREE(serverProof, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  14965. #endif
  14966. return r;
  14967. }
  14968. #endif /* WOLFCRYPT_HAVE_SRP */
  14969. #if defined(OPENSSL_EXTRA) && !defined(WOLFCRYPT_ONLY)
  14970. #if !defined(NO_AES) && !defined(WOLFCRYPT_ONLY)
  14971. static int openssl_aes_test(void)
  14972. {
  14973. #ifdef HAVE_AES_CBC
  14974. #ifdef WOLFSSL_AES_128
  14975. {
  14976. /* EVP_CipherUpdate test */
  14977. WOLFSSL_SMALL_STACK_STATIC const byte cbcPlain[] =
  14978. {
  14979. 0x6b,0xc1,0xbe,0xe2,0x2e,0x40,0x9f,0x96,
  14980. 0xe9,0x3d,0x7e,0x11,0x73,0x93,0x17,0x2a,
  14981. 0xae,0x2d,0x8a,0x57,0x1e,0x03,0xac,0x9c,
  14982. 0x9e,0xb7,0x6f,0xac,0x45,0xaf,0x8e,0x51,
  14983. 0x30,0xc8,0x1c,0x46,0xa3,0x5c,0xe4,0x11,
  14984. 0xe5,0xfb,0xc1,0x19,0x1a,0x0a,0x52,0xef,
  14985. 0xf6,0x9f,0x24,0x45,0xdf,0x4f,0x9b,0x17,
  14986. 0xad,0x2b,0x41,0x7b,0xe6,0x6c,0x37,0x10
  14987. };
  14988. WOLFSSL_SMALL_STACK_STATIC const byte key[] =
  14989. "0123456789abcdef "; /* align */
  14990. WOLFSSL_SMALL_STACK_STATIC const byte iv[] =
  14991. "1234567890abcdef "; /* align */
  14992. byte cipher[AES_BLOCK_SIZE * 4];
  14993. byte plain [AES_BLOCK_SIZE * 4];
  14994. #ifdef WOLFSSL_SMALL_STACK
  14995. EVP_CIPHER_CTX *en = wolfSSL_EVP_CIPHER_CTX_new();
  14996. EVP_CIPHER_CTX *de = wolfSSL_EVP_CIPHER_CTX_new();
  14997. #else
  14998. EVP_CIPHER_CTX en[1];
  14999. EVP_CIPHER_CTX de[1];
  15000. #endif
  15001. int outlen ;
  15002. int total = 0;
  15003. int i;
  15004. #ifdef WOLFSSL_SMALL_STACK
  15005. if ((en == NULL) || (de == NULL))
  15006. return MEMORY_E;
  15007. #endif
  15008. EVP_CIPHER_CTX_init(en);
  15009. if (EVP_CipherInit(en, EVP_aes_128_cbc(),
  15010. (unsigned char*)key, (unsigned char*)iv, 1) == 0)
  15011. return -8400;
  15012. if (EVP_CipherUpdate(en, (byte*)cipher, &outlen,
  15013. (byte*)cbcPlain, 9) == 0)
  15014. return -8401;
  15015. if (outlen != 0)
  15016. return -8402;
  15017. total += outlen;
  15018. if (EVP_CipherUpdate(en, (byte*)&cipher[total], &outlen,
  15019. (byte*)&cbcPlain[9] , 9) == 0)
  15020. return -8403;
  15021. if (outlen != 16)
  15022. return -8404;
  15023. total += outlen;
  15024. if (EVP_CipherFinal(en, (byte*)&cipher[total], &outlen) == 0)
  15025. return -8405;
  15026. if (outlen != 16)
  15027. return -8406;
  15028. total += outlen;
  15029. if (total != 32)
  15030. return 3408;
  15031. total = 0;
  15032. EVP_CIPHER_CTX_init(de);
  15033. if (EVP_CipherInit(de, EVP_aes_128_cbc(),
  15034. (unsigned char*)key, (unsigned char*)iv, 0) == 0)
  15035. return -8407;
  15036. if (EVP_CipherUpdate(de, (byte*)plain, &outlen, (byte*)cipher, 6) == 0)
  15037. return -8408;
  15038. if (outlen != 0)
  15039. return -8409;
  15040. total += outlen;
  15041. if (EVP_CipherUpdate(de, (byte*)&plain[total], &outlen,
  15042. (byte*)&cipher[6], 12) == 0)
  15043. return -8410;
  15044. if (outlen != 0)
  15045. total += outlen;
  15046. if (EVP_CipherUpdate(de, (byte*)&plain[total], &outlen,
  15047. (byte*)&cipher[6+12], 14) == 0)
  15048. return -8411;
  15049. if (outlen != 16)
  15050. return -8412;
  15051. total += outlen;
  15052. if (EVP_CipherFinal(de, (byte*)&plain[total], &outlen) == 0)
  15053. return -8413;
  15054. if (outlen != 2)
  15055. return -8414;
  15056. total += outlen;
  15057. if (total != 18)
  15058. return 3427;
  15059. if (XMEMCMP(plain, cbcPlain, 18))
  15060. return -8415;
  15061. /* test with encrypting/decrypting more than 16 bytes at once */
  15062. total = 0;
  15063. EVP_CIPHER_CTX_init(en);
  15064. if (EVP_CipherInit(en, EVP_aes_128_cbc(),
  15065. (unsigned char*)key, (unsigned char*)iv, 1) == 0)
  15066. return -8416;
  15067. if (EVP_CipherUpdate(en, (byte*)cipher, &outlen,
  15068. (byte*)cbcPlain, 17) == 0)
  15069. return -8417;
  15070. if (outlen != 16)
  15071. return -8418;
  15072. total += outlen;
  15073. if (EVP_CipherUpdate(en, (byte*)&cipher[total], &outlen,
  15074. (byte*)&cbcPlain[17] , 1) == 0)
  15075. return -8419;
  15076. if (outlen != 0)
  15077. return -8420;
  15078. total += outlen;
  15079. if (EVP_CipherFinal(en, (byte*)&cipher[total], &outlen) == 0)
  15080. return -8421;
  15081. if (outlen != 16)
  15082. return -8422;
  15083. total += outlen;
  15084. if (total != 32)
  15085. return -8423;
  15086. total = 0;
  15087. EVP_CIPHER_CTX_init(de);
  15088. if (EVP_CipherInit(de, EVP_aes_128_cbc(),
  15089. (unsigned char*)key, (unsigned char*)iv, 0) == 0)
  15090. return -8424;
  15091. if (EVP_CipherUpdate(de, (byte*)plain, &outlen, (byte*)cipher, 17) == 0)
  15092. return -8425;
  15093. if (outlen != 16)
  15094. return -8426;
  15095. total += outlen;
  15096. /* final call on non block size should fail */
  15097. if (EVP_CipherFinal(de, (byte*)&plain[total], &outlen) != 0)
  15098. return -8427;
  15099. if (EVP_CipherUpdate(de, (byte*)&plain[total], &outlen,
  15100. (byte*)&cipher[17], 1) == 0)
  15101. return -8428;
  15102. if (outlen != 0)
  15103. total += outlen;
  15104. if (EVP_CipherUpdate(de, (byte*)&plain[total], &outlen,
  15105. (byte*)&cipher[17+1], 14) == 0)
  15106. return -8429;
  15107. if (outlen != 0)
  15108. return -8430;
  15109. total += outlen;
  15110. if (EVP_CipherFinal(de, (byte*)&plain[total], &outlen) == 0)
  15111. return -8431;
  15112. if (outlen != 2)
  15113. return -8432;
  15114. total += outlen;
  15115. if (total != 18)
  15116. return -8433;
  15117. if (XMEMCMP(plain, cbcPlain, 18))
  15118. return -8434;
  15119. /* test byte by byte decrypt */
  15120. for (i = 0; i < AES_BLOCK_SIZE * 3; i++) {
  15121. plain[i] = i;
  15122. }
  15123. total = 0;
  15124. EVP_CIPHER_CTX_init(en);
  15125. if (EVP_CipherInit(en, EVP_aes_128_cbc(),
  15126. (unsigned char*)key, (unsigned char*)iv, 1) == 0)
  15127. return -8435;
  15128. if (EVP_CipherUpdate(en, (byte*)cipher, &outlen,
  15129. (byte*)plain, AES_BLOCK_SIZE * 3) == 0)
  15130. return -8436;
  15131. if (outlen != AES_BLOCK_SIZE * 3)
  15132. return -8437;
  15133. total += outlen;
  15134. if (EVP_CipherFinal(en, (byte*)&cipher[total], &outlen) == 0)
  15135. return -8438;
  15136. if (outlen != AES_BLOCK_SIZE)
  15137. return -8439;
  15138. total += outlen;
  15139. if (total != sizeof(plain))
  15140. return -8440;
  15141. total = 0;
  15142. EVP_CIPHER_CTX_init(de);
  15143. if (EVP_CipherInit(de, EVP_aes_128_cbc(),
  15144. (unsigned char*)key, (unsigned char*)iv, 0) == 0)
  15145. return -8441;
  15146. for (i = 0; i < AES_BLOCK_SIZE * 4; i++) {
  15147. if (EVP_CipherUpdate(de, (byte*)plain + total, &outlen,
  15148. (byte*)cipher + i, 1) == 0)
  15149. return -8442;
  15150. if (outlen > 0) {
  15151. int j;
  15152. total += outlen;
  15153. for (j = 0; j < total; j++) {
  15154. if (plain[j] != j) {
  15155. return -8443;
  15156. }
  15157. }
  15158. }
  15159. }
  15160. if (EVP_CipherFinal(de, (byte*)&plain[total], &outlen) == 0)
  15161. return -8444;
  15162. total += outlen;
  15163. if (total != AES_BLOCK_SIZE * 3) {
  15164. return -8445;
  15165. }
  15166. for (i = 0; i < AES_BLOCK_SIZE * 3; i++) {
  15167. if (plain[i] != i) {
  15168. return -8446;
  15169. }
  15170. }
  15171. #ifdef WOLFSSL_SMALL_STACK
  15172. wolfSSL_EVP_CIPHER_CTX_free(en);
  15173. wolfSSL_EVP_CIPHER_CTX_free(de);
  15174. #endif
  15175. }
  15176. /* set buffers to be exact size to catch potential over read/write */
  15177. {
  15178. /* EVP_CipherUpdate test */
  15179. WOLFSSL_SMALL_STACK_STATIC const byte cbcPlain[] =
  15180. {
  15181. 0x6b,0xc1,0xbe,0xe2,0x2e,0x40,0x9f,0x96,
  15182. 0xe9,0x3d,0x7e,0x11,0x73,0x93,0x17,0x2a,
  15183. 0xae,0x2d,0x8a,0x57,0x1e,0x03,0xac,0x9c,
  15184. 0x9e,0xb7,0x6f,0xac,0x45,0xaf,0x8e,0x51,
  15185. 0x30,0xc8,0x1c,0x46,0xa3,0x5c,0xe4,0x11,
  15186. 0xe5,0xfb,0xc1,0x19,0x1a,0x0a,0x52,0xef,
  15187. 0xf6,0x9f,0x24,0x45,0xdf,0x4f,0x9b,0x17,
  15188. 0xad,0x2b,0x41,0x7b,0xe6,0x6c,0x37,0x10
  15189. };
  15190. WOLFSSL_SMALL_STACK_STATIC const byte key[] =
  15191. "0123456789abcdef "; /* align */
  15192. WOLFSSL_SMALL_STACK_STATIC const byte iv[] =
  15193. "1234567890abcdef "; /* align */
  15194. #define EVP_TEST_BUF_SZ 18
  15195. #define EVP_TEST_BUF_PAD 32
  15196. byte cipher[EVP_TEST_BUF_SZ];
  15197. byte plain [EVP_TEST_BUF_SZ];
  15198. byte padded[EVP_TEST_BUF_PAD];
  15199. #ifdef WOLFSSL_SMALL_STACK
  15200. EVP_CIPHER_CTX *en = wolfSSL_EVP_CIPHER_CTX_new();
  15201. EVP_CIPHER_CTX *de = wolfSSL_EVP_CIPHER_CTX_new();
  15202. #else
  15203. EVP_CIPHER_CTX en[1];
  15204. EVP_CIPHER_CTX de[1];
  15205. #endif
  15206. int outlen ;
  15207. int total = 0;
  15208. #ifdef WOLFSSL_SMALL_STACK
  15209. if ((en == NULL) || (de == NULL))
  15210. return MEMORY_E;
  15211. #endif
  15212. EVP_CIPHER_CTX_init(en);
  15213. if (EVP_CipherInit(en, EVP_aes_128_cbc(),
  15214. (unsigned char*)key, (unsigned char*)iv, 1) == 0)
  15215. return -8447;
  15216. if (EVP_CIPHER_CTX_set_padding(en, 0) != 1)
  15217. return -8448;
  15218. if (EVP_CipherUpdate(en, (byte*)cipher, &outlen,
  15219. (byte*)cbcPlain, EVP_TEST_BUF_SZ) == 0)
  15220. return -8449;
  15221. if (outlen != 16)
  15222. return -8450;
  15223. total += outlen;
  15224. /* should fail here */
  15225. if (EVP_CipherFinal(en, (byte*)&cipher[total], &outlen) != 0)
  15226. return -8451;
  15227. /* turn padding back on and do successful encrypt */
  15228. total = 0;
  15229. EVP_CIPHER_CTX_init(en);
  15230. if (EVP_CipherInit(en, EVP_aes_128_cbc(),
  15231. (unsigned char*)key, (unsigned char*)iv, 1) == 0)
  15232. return -8452;
  15233. if (EVP_CIPHER_CTX_set_padding(en, 1) != 1)
  15234. return -8453;
  15235. if (EVP_CipherUpdate(en, (byte*)padded, &outlen,
  15236. (byte*)cbcPlain, EVP_TEST_BUF_SZ) == 0)
  15237. return -8454;
  15238. if (outlen != 16)
  15239. return -8455;
  15240. total += outlen;
  15241. if (EVP_CipherFinal(en, (byte*)&padded[total], &outlen) == 0)
  15242. return -8456;
  15243. total += outlen;
  15244. if (total != 32)
  15245. return -8457;
  15246. XMEMCPY(cipher, padded, EVP_TEST_BUF_SZ);
  15247. /* test out of bounds read on buffers w/o padding during decryption */
  15248. total = 0;
  15249. EVP_CIPHER_CTX_init(de);
  15250. if (EVP_CipherInit(de, EVP_aes_128_cbc(),
  15251. (unsigned char*)key, (unsigned char*)iv, 0) == 0)
  15252. return -8458;
  15253. if (EVP_CIPHER_CTX_set_padding(de, 0) != 1)
  15254. return -8459;
  15255. if (EVP_CipherUpdate(de, (byte*)plain, &outlen, (byte*)cipher,
  15256. EVP_TEST_BUF_SZ) == 0)
  15257. return -8460;
  15258. if (outlen != 16)
  15259. return -8461;
  15260. total += outlen;
  15261. /* should fail since not using padding */
  15262. if (EVP_CipherFinal(de, (byte*)&plain[total], &outlen) != 0)
  15263. return -8462;
  15264. total = 0;
  15265. EVP_CIPHER_CTX_init(de);
  15266. if (EVP_CipherInit(de, EVP_aes_128_cbc(),
  15267. (unsigned char*)key, (unsigned char*)iv, 0) == 0)
  15268. return -8463;
  15269. if (EVP_CIPHER_CTX_set_padding(de, 1) != 1)
  15270. return -8464;
  15271. if (EVP_CipherUpdate(de, (byte*)padded, &outlen, (byte*)padded,
  15272. EVP_TEST_BUF_PAD) == 0)
  15273. return -8465;
  15274. if (outlen != 16)
  15275. return -8466;
  15276. total += outlen;
  15277. if (EVP_CipherFinal(de, (byte*)&padded[total], &outlen) == 0)
  15278. return -8467;
  15279. if (XMEMCMP(padded, cbcPlain, EVP_TEST_BUF_SZ))
  15280. return -8468;
  15281. #ifdef WOLFSSL_SMALL_STACK
  15282. wolfSSL_EVP_CIPHER_CTX_free(en);
  15283. wolfSSL_EVP_CIPHER_CTX_free(de);
  15284. #endif
  15285. }
  15286. { /* evp_cipher test: EVP_aes_128_cbc */
  15287. #ifdef WOLFSSL_SMALL_STACK
  15288. EVP_CIPHER_CTX *ctx = wolfSSL_EVP_CIPHER_CTX_new();
  15289. #else
  15290. EVP_CIPHER_CTX ctx[1];
  15291. #endif
  15292. WOLFSSL_SMALL_STACK_STATIC const byte msg[] = { /* "Now is the time for all " w/o trailing 0 */
  15293. 0x6e,0x6f,0x77,0x20,0x69,0x73,0x20,0x74,
  15294. 0x68,0x65,0x20,0x74,0x69,0x6d,0x65,0x20,
  15295. 0x66,0x6f,0x72,0x20,0x61,0x6c,0x6c,0x20
  15296. };
  15297. WOLFSSL_SMALL_STACK_STATIC const byte verify[] =
  15298. {
  15299. 0x95,0x94,0x92,0x57,0x5f,0x42,0x81,0x53,
  15300. 0x2c,0xcc,0x9d,0x46,0x77,0xa2,0x33,0xcb
  15301. };
  15302. WOLFSSL_SMALL_STACK_STATIC const byte key[] =
  15303. "0123456789abcdef "; /* align */
  15304. WOLFSSL_SMALL_STACK_STATIC const byte iv[] =
  15305. "1234567890abcdef "; /* align */
  15306. byte cipher[AES_BLOCK_SIZE * 4];
  15307. byte plain [AES_BLOCK_SIZE * 4];
  15308. #ifdef WOLFSSL_SMALL_STACK
  15309. if (ctx == NULL)
  15310. return MEMORY_E;
  15311. #endif
  15312. EVP_CIPHER_CTX_init(ctx);
  15313. if (EVP_CipherInit(ctx, EVP_aes_128_cbc(), key, iv, 1) == 0)
  15314. return -8469;
  15315. if (EVP_Cipher(ctx, cipher, (byte*)msg, 16) != 16)
  15316. return -8470;
  15317. if (XMEMCMP(cipher, verify, AES_BLOCK_SIZE))
  15318. return -8471;
  15319. EVP_CIPHER_CTX_init(ctx);
  15320. if (EVP_CipherInit(ctx, EVP_aes_128_cbc(), key, iv, 0) == 0)
  15321. return -8472;
  15322. if (EVP_Cipher(ctx, plain, cipher, 16) != 16)
  15323. return -8473;
  15324. if (XMEMCMP(plain, msg, AES_BLOCK_SIZE))
  15325. return -8474;
  15326. #ifdef WOLFSSL_SMALL_STACK
  15327. wolfSSL_EVP_CIPHER_CTX_free(ctx);
  15328. #endif
  15329. } /* end evp_cipher test: EVP_aes_128_cbc*/
  15330. #endif /* WOLFSSL_AES_128 */
  15331. #endif /* HAVE_AES_CBC */
  15332. #if defined(HAVE_AES_ECB) && defined(WOLFSSL_AES_256)
  15333. { /* evp_cipher test: EVP_aes_256_ecb*/
  15334. #ifdef WOLFSSL_SMALL_STACK
  15335. EVP_CIPHER_CTX *ctx = wolfSSL_EVP_CIPHER_CTX_new();
  15336. #else
  15337. EVP_CIPHER_CTX ctx[1];
  15338. #endif
  15339. WOLFSSL_SMALL_STACK_STATIC const byte msg[] =
  15340. {
  15341. 0x6b,0xc1,0xbe,0xe2,0x2e,0x40,0x9f,0x96,
  15342. 0xe9,0x3d,0x7e,0x11,0x73,0x93,0x17,0x2a
  15343. };
  15344. WOLFSSL_SMALL_STACK_STATIC const byte verify[] =
  15345. {
  15346. 0xf3,0xee,0xd1,0xbd,0xb5,0xd2,0xa0,0x3c,
  15347. 0x06,0x4b,0x5a,0x7e,0x3d,0xb1,0x81,0xf8
  15348. };
  15349. WOLFSSL_SMALL_STACK_STATIC const byte key[] =
  15350. {
  15351. 0x60,0x3d,0xeb,0x10,0x15,0xca,0x71,0xbe,
  15352. 0x2b,0x73,0xae,0xf0,0x85,0x7d,0x77,0x81,
  15353. 0x1f,0x35,0x2c,0x07,0x3b,0x61,0x08,0xd7,
  15354. 0x2d,0x98,0x10,0xa3,0x09,0x14,0xdf,0xf4
  15355. };
  15356. byte cipher[AES_BLOCK_SIZE * 4];
  15357. byte plain [AES_BLOCK_SIZE * 4];
  15358. #ifdef WOLFSSL_SMALL_STACK
  15359. if (ctx == NULL)
  15360. return MEMORY_E;
  15361. #endif
  15362. EVP_CIPHER_CTX_init(ctx);
  15363. if (EVP_CipherInit(ctx, EVP_aes_256_ecb(), (unsigned char*)key, NULL, 1) == 0)
  15364. return -8475;
  15365. if (EVP_Cipher(ctx, cipher, (byte*)msg, 16) != 16)
  15366. return -8476;
  15367. if (XMEMCMP(cipher, verify, AES_BLOCK_SIZE))
  15368. return -8477;
  15369. EVP_CIPHER_CTX_init(ctx);
  15370. if (EVP_CipherInit(ctx, EVP_aes_256_ecb(), (unsigned char*)key, NULL, 0) == 0)
  15371. return -8478;
  15372. if (EVP_Cipher(ctx, plain, cipher, 16) != 16)
  15373. return -8479;
  15374. if (XMEMCMP(plain, msg, AES_BLOCK_SIZE))
  15375. return -8480;
  15376. #ifdef WOLFSSL_SMALL_STACK
  15377. wolfSSL_EVP_CIPHER_CTX_free(ctx);
  15378. #endif
  15379. } /* end evp_cipher test */
  15380. #endif /* HAVE_AES_ECB && WOLFSSL_AES_256 */
  15381. #if defined(WOLFSSL_AES_DIRECT) && defined(WOLFSSL_AES_256)
  15382. /* enable HAVE_AES_DECRYPT for AES_encrypt/decrypt */
  15383. {
  15384. /* Test: AES_encrypt/decrypt/set Key */
  15385. #ifdef WOLFSSL_SMALL_STACK
  15386. AES_KEY *enc = (AES_KEY *)XMALLOC(sizeof *enc, HEAP_HINT, DYNAMIC_TYPE_AES);
  15387. #ifdef HAVE_AES_DECRYPT
  15388. AES_KEY *dec = (AES_KEY *)XMALLOC(sizeof *dec, HEAP_HINT, DYNAMIC_TYPE_AES);
  15389. #endif
  15390. #else
  15391. AES_KEY enc[1];
  15392. #ifdef HAVE_AES_DECRYPT
  15393. AES_KEY dec[1];
  15394. #endif
  15395. #endif
  15396. WOLFSSL_SMALL_STACK_STATIC const byte msg[] =
  15397. {
  15398. 0x6b,0xc1,0xbe,0xe2,0x2e,0x40,0x9f,0x96,
  15399. 0xe9,0x3d,0x7e,0x11,0x73,0x93,0x17,0x2a
  15400. };
  15401. WOLFSSL_SMALL_STACK_STATIC const byte verify[] =
  15402. {
  15403. 0xf3,0xee,0xd1,0xbd,0xb5,0xd2,0xa0,0x3c,
  15404. 0x06,0x4b,0x5a,0x7e,0x3d,0xb1,0x81,0xf8
  15405. };
  15406. WOLFSSL_SMALL_STACK_STATIC const byte key[] =
  15407. {
  15408. 0x60,0x3d,0xeb,0x10,0x15,0xca,0x71,0xbe,
  15409. 0x2b,0x73,0xae,0xf0,0x85,0x7d,0x77,0x81,
  15410. 0x1f,0x35,0x2c,0x07,0x3b,0x61,0x08,0xd7,
  15411. 0x2d,0x98,0x10,0xa3,0x09,0x14,0xdf,0xf4
  15412. };
  15413. byte plain[sizeof(msg)];
  15414. byte cipher[sizeof(msg)];
  15415. #ifdef WOLFSSL_SMALL_STACK
  15416. if (enc == NULL)
  15417. return MEMORY_E;
  15418. #ifdef HAVE_AES_DECRYPT
  15419. if (dec == NULL)
  15420. return MEMORY_E;
  15421. #endif
  15422. #endif
  15423. AES_set_encrypt_key(key, sizeof(key)*8, enc);
  15424. AES_set_decrypt_key(key, sizeof(key)*8, dec);
  15425. AES_encrypt(msg, cipher, enc);
  15426. #ifdef HAVE_AES_DECRYPT
  15427. AES_decrypt(cipher, plain, dec);
  15428. if (XMEMCMP(plain, msg, AES_BLOCK_SIZE))
  15429. return -8481;
  15430. #endif /* HAVE_AES_DECRYPT */
  15431. if (XMEMCMP(cipher, verify, AES_BLOCK_SIZE))
  15432. return -8482;
  15433. #ifdef WOLFSSL_SMALL_STACK
  15434. XFREE(enc, HEAP_HINT, DYNAMIC_TYPE_AES);
  15435. #ifdef HAVE_AES_DECRYPT
  15436. XFREE(dec, HEAP_HINT, DYNAMIC_TYPE_AES);
  15437. #endif
  15438. #endif
  15439. }
  15440. #endif /* WOLFSSL_AES_DIRECT && WOLFSSL_AES_256 */
  15441. /* EVP_Cipher with EVP_aes_xxx_ctr() */
  15442. #ifdef WOLFSSL_AES_COUNTER
  15443. {
  15444. byte plainBuff [64];
  15445. byte cipherBuff[64];
  15446. #ifdef WOLFSSL_AES_128
  15447. WOLFSSL_SMALL_STACK_STATIC const byte ctrKey[] =
  15448. {
  15449. 0x2b,0x7e,0x15,0x16,0x28,0xae,0xd2,0xa6,
  15450. 0xab,0xf7,0x15,0x88,0x09,0xcf,0x4f,0x3c
  15451. };
  15452. WOLFSSL_SMALL_STACK_STATIC const byte ctrIv[] =
  15453. {
  15454. 0xf0,0xf1,0xf2,0xf3,0xf4,0xf5,0xf6,0xf7,
  15455. 0xf8,0xf9,0xfa,0xfb,0xfc,0xfd,0xfe,0xff
  15456. };
  15457. WOLFSSL_SMALL_STACK_STATIC const byte ctrPlain[] =
  15458. {
  15459. 0x6b,0xc1,0xbe,0xe2,0x2e,0x40,0x9f,0x96,
  15460. 0xe9,0x3d,0x7e,0x11,0x73,0x93,0x17,0x2a,
  15461. 0xae,0x2d,0x8a,0x57,0x1e,0x03,0xac,0x9c,
  15462. 0x9e,0xb7,0x6f,0xac,0x45,0xaf,0x8e,0x51,
  15463. 0x30,0xc8,0x1c,0x46,0xa3,0x5c,0xe4,0x11,
  15464. 0xe5,0xfb,0xc1,0x19,0x1a,0x0a,0x52,0xef,
  15465. 0xf6,0x9f,0x24,0x45,0xdf,0x4f,0x9b,0x17,
  15466. 0xad,0x2b,0x41,0x7b,0xe6,0x6c,0x37,0x10
  15467. };
  15468. WOLFSSL_SMALL_STACK_STATIC const byte ctrCipher[] =
  15469. {
  15470. 0x87,0x4d,0x61,0x91,0xb6,0x20,0xe3,0x26,
  15471. 0x1b,0xef,0x68,0x64,0x99,0x0d,0xb6,0xce,
  15472. 0x98,0x06,0xf6,0x6b,0x79,0x70,0xfd,0xff,
  15473. 0x86,0x17,0x18,0x7b,0xb9,0xff,0xfd,0xff,
  15474. 0x5a,0xe4,0xdf,0x3e,0xdb,0xd5,0xd3,0x5e,
  15475. 0x5b,0x4f,0x09,0x02,0x0d,0xb0,0x3e,0xab,
  15476. 0x1e,0x03,0x1d,0xda,0x2f,0xbe,0x03,0xd1,
  15477. 0x79,0x21,0x70,0xa0,0xf3,0x00,0x9c,0xee
  15478. };
  15479. WOLFSSL_SMALL_STACK_STATIC const byte oddCipher[] =
  15480. {
  15481. 0xb9,0xd7,0xcb,0x08,0xb0,0xe1,0x7b,0xa0,
  15482. 0xc2
  15483. };
  15484. #endif
  15485. /* test vector from "Recommendation for Block Cipher Modes of Operation"
  15486. * NIST Special Publication 800-38A */
  15487. #ifdef WOLFSSL_AES_192
  15488. WOLFSSL_SMALL_STACK_STATIC const byte ctr192Key[] =
  15489. {
  15490. 0x8e,0x73,0xb0,0xf7,0xda,0x0e,0x64,0x52,
  15491. 0xc8,0x10,0xf3,0x2b,0x80,0x90,0x79,0xe5,
  15492. 0x62,0xf8,0xea,0xd2,0x52,0x2c,0x6b,0x7b
  15493. };
  15494. WOLFSSL_SMALL_STACK_STATIC const byte ctr192Iv[] =
  15495. {
  15496. 0xf0,0xf1,0xf2,0xf3,0xf4,0xf5,0xf6,0xf7,
  15497. 0xf8,0xf9,0xfa,0xfb,0xfc,0xfd,0xfe,0xff
  15498. };
  15499. WOLFSSL_SMALL_STACK_STATIC const byte ctr192Plain[] =
  15500. {
  15501. 0x6b,0xc1,0xbe,0xe2,0x2e,0x40,0x9f,0x96,
  15502. 0xe9,0x3d,0x7e,0x11,0x73,0x93,0x17,0x2a
  15503. };
  15504. WOLFSSL_SMALL_STACK_STATIC const byte ctr192Cipher[] =
  15505. {
  15506. 0x1a,0xbc,0x93,0x24,0x17,0x52,0x1c,0xa2,
  15507. 0x4f,0x2b,0x04,0x59,0xfe,0x7e,0x6e,0x0b
  15508. };
  15509. #endif /* WOLFSSL_AES_192 */
  15510. #ifdef WOLFSSL_AES_256
  15511. /* test vector from "Recommendation for Block Cipher Modes of Operation"
  15512. * NIST Special Publication 800-38A */
  15513. WOLFSSL_SMALL_STACK_STATIC const byte ctr256Key[] =
  15514. {
  15515. 0x60,0x3d,0xeb,0x10,0x15,0xca,0x71,0xbe,
  15516. 0x2b,0x73,0xae,0xf0,0x85,0x7d,0x77,0x81,
  15517. 0x1f,0x35,0x2c,0x07,0x3b,0x61,0x08,0xd7,
  15518. 0x2d,0x98,0x10,0xa3,0x09,0x14,0xdf,0xf4
  15519. };
  15520. WOLFSSL_SMALL_STACK_STATIC const byte ctr256Iv[] =
  15521. {
  15522. 0xf0,0xf1,0xf2,0xf3,0xf4,0xf5,0xf6,0xf7,
  15523. 0xf8,0xf9,0xfa,0xfb,0xfc,0xfd,0xfe,0xff
  15524. };
  15525. WOLFSSL_SMALL_STACK_STATIC const byte ctr256Plain[] =
  15526. {
  15527. 0x6b,0xc1,0xbe,0xe2,0x2e,0x40,0x9f,0x96,
  15528. 0xe9,0x3d,0x7e,0x11,0x73,0x93,0x17,0x2a
  15529. };
  15530. WOLFSSL_SMALL_STACK_STATIC const byte ctr256Cipher[] =
  15531. {
  15532. 0x60,0x1e,0xc3,0x13,0x77,0x57,0x89,0xa5,
  15533. 0xb7,0xa7,0xf5,0x04,0xbb,0xf3,0xd2,0x28
  15534. };
  15535. #endif /* WOLFSSL_AES_256 */
  15536. #ifdef WOLFSSL_SMALL_STACK
  15537. EVP_CIPHER_CTX *en = wolfSSL_EVP_CIPHER_CTX_new();
  15538. EVP_CIPHER_CTX *de = wolfSSL_EVP_CIPHER_CTX_new();
  15539. #else
  15540. EVP_CIPHER_CTX en[1];
  15541. EVP_CIPHER_CTX de[1];
  15542. #endif
  15543. #ifdef WOLFSSL_AES_128
  15544. #ifndef WOLFSSL_SMALL_STACK
  15545. EVP_CIPHER_CTX *p_en;
  15546. EVP_CIPHER_CTX *p_de;
  15547. #endif
  15548. #ifdef WOLFSSL_SMALL_STACK
  15549. if ((en == NULL) || (de == NULL))
  15550. return MEMORY_E;
  15551. #endif
  15552. EVP_CIPHER_CTX_init(en);
  15553. if (EVP_CipherInit(en, EVP_aes_128_ctr(),
  15554. (unsigned char*)ctrKey, (unsigned char*)ctrIv, 0) == 0)
  15555. return -8483;
  15556. if (EVP_Cipher(en, (byte*)cipherBuff, (byte*)ctrPlain,
  15557. AES_BLOCK_SIZE*4) != AES_BLOCK_SIZE*4)
  15558. return -8484;
  15559. EVP_CIPHER_CTX_init(de);
  15560. if (EVP_CipherInit(de, EVP_aes_128_ctr(),
  15561. (unsigned char*)ctrKey, (unsigned char*)ctrIv, 0) == 0)
  15562. return -8485;
  15563. if (EVP_Cipher(de, (byte*)plainBuff, (byte*)cipherBuff,
  15564. AES_BLOCK_SIZE*4) != AES_BLOCK_SIZE*4)
  15565. return -8486;
  15566. if (XMEMCMP(cipherBuff, ctrCipher, AES_BLOCK_SIZE*4))
  15567. return -8487;
  15568. if (XMEMCMP(plainBuff, ctrPlain, AES_BLOCK_SIZE*4))
  15569. return -8488;
  15570. #ifndef WOLFSSL_SMALL_STACK
  15571. p_en = wolfSSL_EVP_CIPHER_CTX_new();
  15572. if (p_en == NULL)
  15573. return -8489;
  15574. p_de = wolfSSL_EVP_CIPHER_CTX_new();
  15575. if (p_de == NULL)
  15576. return -8490;
  15577. if (EVP_CipherInit(p_en, EVP_aes_128_ctr(),
  15578. (unsigned char*)ctrKey, (unsigned char*)ctrIv, 0) == 0)
  15579. return -8491;
  15580. if (EVP_Cipher(p_en, (byte*)cipherBuff, (byte*)ctrPlain,
  15581. AES_BLOCK_SIZE*4) != AES_BLOCK_SIZE*4)
  15582. return -8492;
  15583. if (EVP_CipherInit(p_de, EVP_aes_128_ctr(),
  15584. (unsigned char*)ctrKey, (unsigned char*)ctrIv, 0) == 0)
  15585. return -8493;
  15586. if (EVP_Cipher(p_de, (byte*)plainBuff, (byte*)cipherBuff,
  15587. AES_BLOCK_SIZE*4) != AES_BLOCK_SIZE*4)
  15588. return -8494;
  15589. wolfSSL_EVP_CIPHER_CTX_free(p_en);
  15590. wolfSSL_EVP_CIPHER_CTX_free(p_de);
  15591. #endif /* !WOLFSSL_SMALL_STACK */
  15592. if (XMEMCMP(cipherBuff, ctrCipher, AES_BLOCK_SIZE*4))
  15593. return -8495;
  15594. if (XMEMCMP(plainBuff, ctrPlain, AES_BLOCK_SIZE*4))
  15595. return -8496;
  15596. EVP_CIPHER_CTX_init(en);
  15597. if (EVP_CipherInit(en, EVP_aes_128_ctr(),
  15598. (unsigned char*)ctrKey, (unsigned char*)ctrIv, 0) == 0)
  15599. return -8497;
  15600. if (EVP_Cipher(en, (byte*)cipherBuff, (byte*)ctrPlain, 9) != 9)
  15601. return -8498;
  15602. EVP_CIPHER_CTX_init(de);
  15603. if (EVP_CipherInit(de, EVP_aes_128_ctr(),
  15604. (unsigned char*)ctrKey, (unsigned char*)ctrIv, 0) == 0)
  15605. return -8499;
  15606. if (EVP_Cipher(de, (byte*)plainBuff, (byte*)cipherBuff, 9) != 9)
  15607. return -8500;
  15608. if (XMEMCMP(plainBuff, ctrPlain, 9))
  15609. return -8501;
  15610. if (XMEMCMP(cipherBuff, ctrCipher, 9))
  15611. return -8502;
  15612. if (EVP_Cipher(en, (byte*)cipherBuff, (byte*)ctrPlain, 9) != 9)
  15613. return -8503;
  15614. if (EVP_Cipher(de, (byte*)plainBuff, (byte*)cipherBuff, 9) != 9)
  15615. return -8504;
  15616. if (XMEMCMP(plainBuff, ctrPlain, 9))
  15617. return -8505;
  15618. if (XMEMCMP(cipherBuff, oddCipher, 9))
  15619. return -8506;
  15620. #endif /* WOLFSSL_AES_128 */
  15621. #ifdef WOLFSSL_AES_192
  15622. EVP_CIPHER_CTX_init(en);
  15623. if (EVP_CipherInit(en, EVP_aes_192_ctr(),
  15624. (unsigned char*)ctr192Key, (unsigned char*)ctr192Iv, 0) == 0)
  15625. return -8507;
  15626. if (EVP_Cipher(en, (byte*)cipherBuff, (byte*)ctr192Plain,
  15627. AES_BLOCK_SIZE) != AES_BLOCK_SIZE)
  15628. return -8508;
  15629. EVP_CIPHER_CTX_init(de);
  15630. if (EVP_CipherInit(de, EVP_aes_192_ctr(),
  15631. (unsigned char*)ctr192Key, (unsigned char*)ctr192Iv, 0) == 0)
  15632. return -8509;
  15633. XMEMSET(plainBuff, 0, sizeof(plainBuff));
  15634. if (EVP_Cipher(de, (byte*)plainBuff, (byte*)cipherBuff,
  15635. AES_BLOCK_SIZE) != AES_BLOCK_SIZE)
  15636. return -8510;
  15637. if (XMEMCMP(plainBuff, ctr192Plain, sizeof(ctr192Plain)))
  15638. return -8511;
  15639. if (XMEMCMP(ctr192Cipher, cipherBuff, sizeof(ctr192Cipher)))
  15640. return -8512;
  15641. #endif /* WOLFSSL_AES_192 */
  15642. #ifdef WOLFSSL_AES_256
  15643. EVP_CIPHER_CTX_init(en);
  15644. if (EVP_CipherInit(en, EVP_aes_256_ctr(),
  15645. (unsigned char*)ctr256Key, (unsigned char*)ctr256Iv, 0) == 0)
  15646. return -8513;
  15647. if (EVP_Cipher(en, (byte*)cipherBuff, (byte*)ctr256Plain,
  15648. AES_BLOCK_SIZE) != AES_BLOCK_SIZE)
  15649. return -8514;
  15650. EVP_CIPHER_CTX_init(de);
  15651. if (EVP_CipherInit(de, EVP_aes_256_ctr(),
  15652. (unsigned char*)ctr256Key, (unsigned char*)ctr256Iv, 0) == 0)
  15653. return -8515;
  15654. XMEMSET(plainBuff, 0, sizeof(plainBuff));
  15655. if (EVP_Cipher(de, (byte*)plainBuff, (byte*)cipherBuff,
  15656. AES_BLOCK_SIZE) != AES_BLOCK_SIZE)
  15657. return -8516;
  15658. if (XMEMCMP(plainBuff, ctr256Plain, sizeof(ctr256Plain)))
  15659. return -8517;
  15660. if (XMEMCMP(ctr256Cipher, cipherBuff, sizeof(ctr256Cipher)))
  15661. return -8518;
  15662. #ifdef WOLFSSL_SMALL_STACK
  15663. wolfSSL_EVP_CIPHER_CTX_free(en);
  15664. wolfSSL_EVP_CIPHER_CTX_free(de);
  15665. #endif
  15666. #endif /* WOLFSSL_AES_256 */
  15667. }
  15668. #endif /* HAVE_AES_COUNTER */
  15669. #if defined(WOLFSSL_AES_CFB) && defined(WOLFSSL_AES_128)
  15670. {
  15671. #ifdef WOLFSSL_SMALL_STACK
  15672. AES_KEY *enc = (AES_KEY *)XMALLOC(sizeof *enc, HEAP_HINT, DYNAMIC_TYPE_AES);
  15673. AES_KEY *dec = (AES_KEY *)XMALLOC(sizeof *dec, HEAP_HINT, DYNAMIC_TYPE_AES);
  15674. #else
  15675. AES_KEY enc[1];
  15676. AES_KEY dec[1];
  15677. #endif
  15678. WOLFSSL_SMALL_STACK_STATIC const byte setIv[] = {
  15679. 0x00,0x01,0x02,0x03,0x04,0x05,0x06,0x07,
  15680. 0x08,0x09,0x0a,0x0b,0x0c,0x0d,0x0e,0x0f
  15681. };
  15682. WOLFSSL_SMALL_STACK_STATIC const byte key[] =
  15683. {
  15684. 0x2b,0x7e,0x15,0x16,0x28,0xae,0xd2,0xa6,
  15685. 0xab,0xf7,0x15,0x88,0x09,0xcf,0x4f,0x3c
  15686. };
  15687. WOLFSSL_SMALL_STACK_STATIC const byte cipher1[] =
  15688. {
  15689. 0x3b,0x3f,0xd9,0x2e,0xb7,0x2d,0xad,0x20,
  15690. 0x33,0x34,0x49,0xf8,0xe8,0x3c,0xfb,0x4a,
  15691. 0xc8,0xa6,0x45,0x37,0xa0,0xb3,0xa9,0x3f,
  15692. 0xcd,0xe3,0xcd,0xad,0x9f,0x1c,0xe5,0x8b
  15693. };
  15694. WOLFSSL_SMALL_STACK_STATIC const byte msg[] =
  15695. {
  15696. 0x6b,0xc1,0xbe,0xe2,0x2e,0x40,0x9f,0x96,
  15697. 0xe9,0x3d,0x7e,0x11,0x73,0x93,0x17,0x2a,
  15698. 0xae,0x2d,0x8a,0x57,0x1e,0x03,0xac,0x9c,
  15699. 0x9e,0xb7,0x6f,0xac,0x45,0xaf,0x8e,0x51
  15700. };
  15701. byte cipher[AES_BLOCK_SIZE * 2];
  15702. byte iv[AES_BLOCK_SIZE]; /* iv buffer is updeated by API */
  15703. int num = 0;
  15704. #ifdef WOLFSSL_SMALL_STACK
  15705. if ((enc == NULL) || (dec == NULL))
  15706. return MEMORY_E;
  15707. #endif
  15708. XMEMCPY(iv, setIv, sizeof(setIv));
  15709. wolfSSL_AES_set_encrypt_key(key, sizeof(key) * 8, enc);
  15710. wolfSSL_AES_set_encrypt_key(key, sizeof(key) * 8, dec);
  15711. wolfSSL_AES_cfb128_encrypt(msg, cipher, AES_BLOCK_SIZE - 1, enc, iv,
  15712. &num, AES_ENCRYPT);
  15713. if (XMEMCMP(cipher, cipher1, AES_BLOCK_SIZE - 1))
  15714. return -8519;
  15715. if (num != 15) /* should have used 15 of the 16 bytes */
  15716. return -8520;
  15717. wolfSSL_AES_cfb128_encrypt(msg + AES_BLOCK_SIZE - 1,
  15718. cipher + AES_BLOCK_SIZE - 1, AES_BLOCK_SIZE + 1, enc, iv,
  15719. &num, AES_ENCRYPT);
  15720. if (XMEMCMP(cipher, cipher1, AES_BLOCK_SIZE * 2))
  15721. return -8521;
  15722. if (num != 0)
  15723. return -8522;
  15724. #ifdef WOLFSSL_SMALL_STACK
  15725. XFREE(enc, HEAP_HINT, DYNAMIC_TYPE_AES);
  15726. XFREE(dec, HEAP_HINT, DYNAMIC_TYPE_AES);
  15727. #endif
  15728. }
  15729. #endif /* WOLFSSL_AES_CFB && WOLFSSL_AES_128 */
  15730. return 0;
  15731. }
  15732. #endif /* !defined(NO_AES) && !defined(WOLFCRYPT_ONLY) */
  15733. WOLFSSL_TEST_SUBROUTINE int openssl_test(void)
  15734. {
  15735. int ret;
  15736. EVP_MD_CTX md_ctx;
  15737. testVector a, b, c, d, e, f;
  15738. byte hash[WC_SHA256_DIGEST_SIZE*2]; /* max size */
  15739. a.inLen = 0;
  15740. b.inLen = c.inLen = d.inLen = e.inLen = f.inLen = a.inLen;
  15741. (void)a;
  15742. (void)b;
  15743. (void)c;
  15744. (void)d;
  15745. (void)e;
  15746. (void)f;
  15747. /* test malloc / free , 10 is an arbitrary amount of memory chosen */
  15748. {
  15749. byte* p;
  15750. p = (byte*)CRYPTO_malloc(10);
  15751. if (p == NULL) {
  15752. return -8600;
  15753. }
  15754. XMEMSET(p, 0, 10);
  15755. CRYPTO_free(p);
  15756. }
  15757. #ifndef NO_MD5
  15758. a.input = "1234567890123456789012345678901234567890123456789012345678"
  15759. "9012345678901234567890";
  15760. a.output = "\x57\xed\xf4\xa2\x2b\xe3\xc9\x55\xac\x49\xda\x2e\x21\x07\xb6"
  15761. "\x7a";
  15762. a.inLen = XSTRLEN(a.input);
  15763. a.outLen = WC_MD5_DIGEST_SIZE;
  15764. EVP_MD_CTX_init(&md_ctx);
  15765. ret = EVP_DigestInit(&md_ctx, EVP_md5());
  15766. if (ret == WOLFSSL_SUCCESS) {
  15767. ret = EVP_DigestUpdate(&md_ctx, a.input, (unsigned long)a.inLen);
  15768. if (ret == WOLFSSL_SUCCESS)
  15769. ret = EVP_DigestFinal(&md_ctx, hash, 0);
  15770. }
  15771. EVP_MD_CTX_cleanup(&md_ctx);
  15772. if (ret != WOLFSSL_SUCCESS ||
  15773. XMEMCMP(hash, a.output, WC_MD5_DIGEST_SIZE) != 0) {
  15774. return -8601;
  15775. }
  15776. #endif /* NO_MD5 */
  15777. #ifndef NO_SHA
  15778. b.input = "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
  15779. "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
  15780. "aaaaaaaaaa";
  15781. b.output = "\xAD\x5B\x3F\xDB\xCB\x52\x67\x78\xC2\x83\x9D\x2F\x15\x1E\xA7"
  15782. "\x53\x99\x5E\x26\xA0";
  15783. b.inLen = XSTRLEN(b.input);
  15784. b.outLen = WC_SHA_DIGEST_SIZE;
  15785. EVP_MD_CTX_init(&md_ctx);
  15786. ret = EVP_DigestInit(&md_ctx, EVP_sha1());
  15787. if (ret == WOLFSSL_SUCCESS) {
  15788. ret = EVP_DigestUpdate(&md_ctx, b.input, (unsigned long)b.inLen);
  15789. if (ret == WOLFSSL_SUCCESS)
  15790. ret = EVP_DigestFinal(&md_ctx, hash, 0);
  15791. }
  15792. EVP_MD_CTX_cleanup(&md_ctx);
  15793. if (ret != WOLFSSL_SUCCESS ||
  15794. XMEMCMP(hash, b.output, WC_SHA_DIGEST_SIZE) != 0) {
  15795. return -8602;
  15796. }
  15797. #endif /* NO_SHA */
  15798. #ifdef WOLFSSL_SHA224
  15799. e.input = "abcdefghbcdefghicdefghijdefghijkefghijklfghijklmghijklmnhi"
  15800. "jklmnoijklmnopjklmnopqklmnopqrlmnopqrsmnopqrstnopqrstu";
  15801. e.output = "\xc9\x7c\xa9\xa5\x59\x85\x0c\xe9\x7a\x04\xa9\x6d\xef\x6d\x99"
  15802. "\xa9\xe0\xe0\xe2\xab\x14\xe6\xb8\xdf\x26\x5f\xc0\xb3";
  15803. e.inLen = XSTRLEN(e.input);
  15804. e.outLen = WC_SHA224_DIGEST_SIZE;
  15805. EVP_MD_CTX_init(&md_ctx);
  15806. ret = EVP_DigestInit(&md_ctx, EVP_sha224());
  15807. if (ret == WOLFSSL_SUCCESS) {
  15808. ret = EVP_DigestUpdate(&md_ctx, e.input, (unsigned long)e.inLen);
  15809. if (ret == WOLFSSL_SUCCESS)
  15810. ret = EVP_DigestFinal(&md_ctx, hash, 0);
  15811. }
  15812. EVP_MD_CTX_cleanup(&md_ctx);
  15813. if (ret != WOLFSSL_SUCCESS ||
  15814. XMEMCMP(hash, e.output, WC_SHA224_DIGEST_SIZE) != 0) {
  15815. return -8603;
  15816. }
  15817. #endif /* WOLFSSL_SHA224 */
  15818. #ifndef NO_SHA256
  15819. d.input = "abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq";
  15820. d.output = "\x24\x8D\x6A\x61\xD2\x06\x38\xB8\xE5\xC0\x26\x93\x0C\x3E\x60"
  15821. "\x39\xA3\x3C\xE4\x59\x64\xFF\x21\x67\xF6\xEC\xED\xD4\x19\xDB"
  15822. "\x06\xC1";
  15823. d.inLen = XSTRLEN(d.input);
  15824. d.outLen = WC_SHA256_DIGEST_SIZE;
  15825. EVP_MD_CTX_init(&md_ctx);
  15826. ret = EVP_DigestInit(&md_ctx, EVP_sha256());
  15827. if (ret == WOLFSSL_SUCCESS) {
  15828. ret = EVP_DigestUpdate(&md_ctx, d.input, (unsigned long)d.inLen);
  15829. if (ret == WOLFSSL_SUCCESS)
  15830. ret = EVP_DigestFinal(&md_ctx, hash, 0);
  15831. }
  15832. EVP_MD_CTX_cleanup(&md_ctx);
  15833. if (ret != WOLFSSL_SUCCESS ||
  15834. XMEMCMP(hash, d.output, WC_SHA256_DIGEST_SIZE) != 0) {
  15835. return -8604;
  15836. }
  15837. #endif /* !NO_SHA256 */
  15838. #ifdef WOLFSSL_SHA384
  15839. e.input = "abcdefghbcdefghicdefghijdefghijkefghijklfghijklmghijklmnhi"
  15840. "jklmnoijklmnopjklmnopqklmnopqrlmnopqrsmnopqrstnopqrstu";
  15841. e.output = "\x09\x33\x0c\x33\xf7\x11\x47\xe8\x3d\x19\x2f\xc7\x82\xcd\x1b"
  15842. "\x47\x53\x11\x1b\x17\x3b\x3b\x05\xd2\x2f\xa0\x80\x86\xe3\xb0"
  15843. "\xf7\x12\xfc\xc7\xc7\x1a\x55\x7e\x2d\xb9\x66\xc3\xe9\xfa\x91"
  15844. "\x74\x60\x39";
  15845. e.inLen = XSTRLEN(e.input);
  15846. e.outLen = WC_SHA384_DIGEST_SIZE;
  15847. EVP_MD_CTX_init(&md_ctx);
  15848. ret = EVP_DigestInit(&md_ctx, EVP_sha384());
  15849. if (ret == WOLFSSL_SUCCESS) {
  15850. ret = EVP_DigestUpdate(&md_ctx, e.input, (unsigned long)e.inLen);
  15851. if (ret == WOLFSSL_SUCCESS)
  15852. ret = EVP_DigestFinal(&md_ctx, hash, 0);
  15853. }
  15854. EVP_MD_CTX_cleanup(&md_ctx);
  15855. if (ret != WOLFSSL_SUCCESS ||
  15856. XMEMCMP(hash, e.output, WC_SHA384_DIGEST_SIZE) != 0) {
  15857. return -8605;
  15858. }
  15859. #endif /* WOLFSSL_SHA384 */
  15860. #ifdef WOLFSSL_SHA512
  15861. f.input = "abcdefghbcdefghicdefghijdefghijkefghijklfghijklmghijklmnhi"
  15862. "jklmnoijklmnopjklmnopqklmnopqrlmnopqrsmnopqrstnopqrstu";
  15863. f.output = "\x8e\x95\x9b\x75\xda\xe3\x13\xda\x8c\xf4\xf7\x28\x14\xfc\x14"
  15864. "\x3f\x8f\x77\x79\xc6\xeb\x9f\x7f\xa1\x72\x99\xae\xad\xb6\x88"
  15865. "\x90\x18\x50\x1d\x28\x9e\x49\x00\xf7\xe4\x33\x1b\x99\xde\xc4"
  15866. "\xb5\x43\x3a\xc7\xd3\x29\xee\xb6\xdd\x26\x54\x5e\x96\xe5\x5b"
  15867. "\x87\x4b\xe9\x09";
  15868. f.inLen = XSTRLEN(f.input);
  15869. f.outLen = WC_SHA512_DIGEST_SIZE;
  15870. EVP_MD_CTX_init(&md_ctx);
  15871. ret = EVP_DigestInit(&md_ctx, EVP_sha512());
  15872. if (ret == WOLFSSL_SUCCESS) {
  15873. ret = EVP_DigestUpdate(&md_ctx, f.input, (unsigned long)f.inLen);
  15874. if (ret == WOLFSSL_SUCCESS)
  15875. ret = EVP_DigestFinal(&md_ctx, hash, 0);
  15876. }
  15877. EVP_MD_CTX_cleanup(&md_ctx);
  15878. if (ret != WOLFSSL_SUCCESS ||
  15879. XMEMCMP(hash, f.output, WC_SHA512_DIGEST_SIZE) != 0) {
  15880. return -8606;
  15881. }
  15882. #endif /* WOLFSSL_SHA512 */
  15883. #ifdef WOLFSSL_SHA3
  15884. #ifndef WOLFSSL_NOSHA3_224
  15885. e.input = "abcdefghbcdefghicdefghijdefghijkefghijklfghijklmghijklmnhi"
  15886. "jklmnoijklmnopjklmnopqklmnopqrlmnopqrsmnopqrstnopqrstu";
  15887. e.output = "\x54\x3e\x68\x68\xe1\x66\x6c\x1a\x64\x36\x30\xdf\x77\x36\x7a"
  15888. "\xe5\xa6\x2a\x85\x07\x0a\x51\xc1\x4c\xbf\x66\x5c\xbc";
  15889. e.inLen = XSTRLEN(e.input);
  15890. e.outLen = WC_SHA3_224_DIGEST_SIZE;
  15891. EVP_MD_CTX_init(&md_ctx);
  15892. ret = EVP_DigestInit(&md_ctx, EVP_sha3_224());
  15893. if (ret == WOLFSSL_SUCCESS) {
  15894. ret = EVP_DigestUpdate(&md_ctx, e.input, (unsigned long)e.inLen);
  15895. if (ret == WOLFSSL_SUCCESS)
  15896. ret = EVP_DigestFinal(&md_ctx, hash, 0);
  15897. }
  15898. EVP_MD_CTX_cleanup(&md_ctx);
  15899. if (ret != WOLFSSL_SUCCESS ||
  15900. XMEMCMP(hash, e.output, WC_SHA3_224_DIGEST_SIZE) != 0) {
  15901. return -8607;
  15902. }
  15903. #endif /* WOLFSSL_NOSHA3_224 */
  15904. #ifndef WOLFSSL_NOSHA3_256
  15905. d.input = "abcdefghbcdefghicdefghijdefghijkefghijklfghijklmghijklmnhi"
  15906. "jklmnoijklmnopjklmnopqklmnopqrlmnopqrsmnopqrstnopqrstu";
  15907. d.output = "\x91\x6f\x60\x61\xfe\x87\x97\x41\xca\x64\x69\xb4\x39\x71\xdf"
  15908. "\xdb\x28\xb1\xa3\x2d\xc3\x6c\xb3\x25\x4e\x81\x2b\xe2\x7a\xad"
  15909. "\x1d\x18";
  15910. d.inLen = XSTRLEN(d.input);
  15911. d.outLen = WC_SHA3_256_DIGEST_SIZE;
  15912. EVP_MD_CTX_init(&md_ctx);
  15913. ret = EVP_DigestInit(&md_ctx, EVP_sha3_256());
  15914. if (ret == WOLFSSL_SUCCESS) {
  15915. ret = EVP_DigestUpdate(&md_ctx, d.input, (unsigned long)d.inLen);
  15916. if (ret == WOLFSSL_SUCCESS)
  15917. ret = EVP_DigestFinal(&md_ctx, hash, 0);
  15918. }
  15919. EVP_MD_CTX_cleanup(&md_ctx);
  15920. if (ret != WOLFSSL_SUCCESS ||
  15921. XMEMCMP(hash, d.output, WC_SHA3_256_DIGEST_SIZE) != 0) {
  15922. return -8608;
  15923. }
  15924. #endif /* WOLFSSL_NOSHA3_256 */
  15925. e.input = "abcdefghbcdefghicdefghijdefghijkefghijklfghijklmghijklmnhi"
  15926. "jklmnoijklmnopjklmnopqklmnopqrlmnopqrsmnopqrstnopqrstu";
  15927. e.output = "\x79\x40\x7d\x3b\x59\x16\xb5\x9c\x3e\x30\xb0\x98\x22\x97\x47"
  15928. "\x91\xc3\x13\xfb\x9e\xcc\x84\x9e\x40\x6f\x23\x59\x2d\x04\xf6"
  15929. "\x25\xdc\x8c\x70\x9b\x98\xb4\x3b\x38\x52\xb3\x37\x21\x61\x79"
  15930. "\xaa\x7f\xc7";
  15931. e.inLen = XSTRLEN(e.input);
  15932. e.outLen = WC_SHA3_384_DIGEST_SIZE;
  15933. EVP_MD_CTX_init(&md_ctx);
  15934. ret = EVP_DigestInit(&md_ctx, EVP_sha3_384());
  15935. if (ret == WOLFSSL_SUCCESS) {
  15936. ret = EVP_DigestUpdate(&md_ctx, e.input, (unsigned long)e.inLen);
  15937. if (ret == WOLFSSL_SUCCESS)
  15938. ret = EVP_DigestFinal(&md_ctx, hash, 0);
  15939. }
  15940. EVP_MD_CTX_cleanup(&md_ctx);
  15941. if (ret != WOLFSSL_SUCCESS ||
  15942. XMEMCMP(hash, e.output, WC_SHA3_384_DIGEST_SIZE) != 0) {
  15943. return -8609;
  15944. }
  15945. #ifndef WOLFSSL_NOSHA3_512
  15946. f.input = "abcdefghbcdefghicdefghijdefghijkefghijklfghijklmghijklmnhi"
  15947. "jklmnoijklmnopjklmnopqklmnopqrlmnopqrsmnopqrstnopqrstu";
  15948. f.output = "\xaf\xeb\xb2\xef\x54\x2e\x65\x79\xc5\x0c\xad\x06\xd2\xe5\x78"
  15949. "\xf9\xf8\xdd\x68\x81\xd7\xdc\x82\x4d\x26\x36\x0f\xee\xbf\x18"
  15950. "\xa4\xfa\x73\xe3\x26\x11\x22\x94\x8e\xfc\xfd\x49\x2e\x74\xe8"
  15951. "\x2e\x21\x89\xed\x0f\xb4\x40\xd1\x87\xf3\x82\x27\x0c\xb4\x55"
  15952. "\xf2\x1d\xd1\x85";
  15953. f.inLen = XSTRLEN(f.input);
  15954. f.outLen = WC_SHA3_512_DIGEST_SIZE;
  15955. EVP_MD_CTX_init(&md_ctx);
  15956. ret = EVP_DigestInit(&md_ctx, EVP_sha3_512());
  15957. if (ret == WOLFSSL_SUCCESS) {
  15958. ret = EVP_DigestUpdate(&md_ctx, f.input, (unsigned long)f.inLen);
  15959. if (ret == WOLFSSL_SUCCESS)
  15960. ret = EVP_DigestFinal(&md_ctx, hash, 0);
  15961. }
  15962. EVP_MD_CTX_cleanup(&md_ctx);
  15963. if (ret != WOLFSSL_SUCCESS ||
  15964. XMEMCMP(hash, f.output, WC_SHA3_512_DIGEST_SIZE) != 0) {
  15965. return -8610;
  15966. }
  15967. #endif /* WOLFSSL_NOSHA3_512 */
  15968. #endif /* WOLFSSL_SHA3 */
  15969. #ifndef WC_NO_RNG
  15970. if (RAND_bytes(hash, sizeof(hash)) != WOLFSSL_SUCCESS)
  15971. return -8611;
  15972. #endif
  15973. #ifndef NO_MD5
  15974. c.input = "what do ya want for nothing?";
  15975. c.output = "\x55\x78\xe8\x48\x4b\xcc\x93\x80\x93\xec\x53\xaf\x22\xd6\x14"
  15976. "\x76";
  15977. c.inLen = XSTRLEN(c.input);
  15978. c.outLen = WC_MD5_DIGEST_SIZE;
  15979. if (HMAC(EVP_md5(), "JefeJefeJefeJefe", 16, (byte*)c.input, (int)c.inLen,
  15980. hash, 0) == NULL ||
  15981. XMEMCMP(hash, c.output, WC_MD5_DIGEST_SIZE) != 0)
  15982. {
  15983. return -8612;
  15984. }
  15985. #endif /* NO_MD5 */
  15986. #ifndef NO_DES3
  15987. { /* des test */
  15988. WOLFSSL_SMALL_STACK_STATIC const byte vector[] = { /* "now is the time for all " w/o trailing 0 */
  15989. 0x6e,0x6f,0x77,0x20,0x69,0x73,0x20,0x74,
  15990. 0x68,0x65,0x20,0x74,0x69,0x6d,0x65,0x20,
  15991. 0x66,0x6f,0x72,0x20,0x61,0x6c,0x6c,0x20
  15992. };
  15993. byte plain[24];
  15994. byte cipher[24];
  15995. const_DES_cblock key = {
  15996. 0x01,0x23,0x45,0x67,0x89,0xab,0xcd,0xef
  15997. };
  15998. DES_cblock iv = {
  15999. 0x12,0x34,0x56,0x78,0x90,0xab,0xcd,0xef
  16000. };
  16001. DES_key_schedule sched;
  16002. WOLFSSL_SMALL_STACK_STATIC const byte verify[] = {
  16003. 0x8b,0x7c,0x52,0xb0,0x01,0x2b,0x6c,0xb8,
  16004. 0x4f,0x0f,0xeb,0xf3,0xfb,0x5f,0x86,0x73,
  16005. 0x15,0x85,0xb3,0x22,0x4b,0x86,0x2b,0x4b
  16006. };
  16007. DES_key_sched(&key, &sched);
  16008. DES_cbc_encrypt(vector, cipher, sizeof(vector), &sched, &iv, DES_ENCRYPT);
  16009. DES_cbc_encrypt(cipher, plain, sizeof(vector), &sched, &iv, DES_DECRYPT);
  16010. if (XMEMCMP(plain, vector, sizeof(vector)) != 0)
  16011. return -8613;
  16012. if (XMEMCMP(cipher, verify, sizeof(verify)) != 0)
  16013. return -8614;
  16014. /* test changing iv */
  16015. DES_ncbc_encrypt(vector, cipher, 8, &sched, &iv, DES_ENCRYPT);
  16016. DES_ncbc_encrypt(vector + 8, cipher + 8, 16, &sched, &iv, DES_ENCRYPT);
  16017. if (XMEMCMP(cipher, verify, sizeof(verify)) != 0)
  16018. return -8615;
  16019. } /* end des test */
  16020. #endif /* NO_DES3 */
  16021. #if !defined(NO_AES) && !defined(WOLFCRYPT_ONLY)
  16022. if (openssl_aes_test() != 0) {
  16023. return -8616;
  16024. }
  16025. #if defined(WOLFSSL_AES_128) && defined(HAVE_AES_CBC)
  16026. { /* evp_cipher test: EVP_aes_128_cbc */
  16027. #ifdef WOLFSSL_SMALL_STACK
  16028. EVP_CIPHER_CTX *ctx = wolfSSL_EVP_CIPHER_CTX_new();
  16029. #else
  16030. EVP_CIPHER_CTX ctx[1];
  16031. #endif
  16032. int idx, cipherSz, plainSz;
  16033. WOLFSSL_SMALL_STACK_STATIC const byte msg[] = { /* "Now is the time for all " w/o trailing 0 */
  16034. 0x6e,0x6f,0x77,0x20,0x69,0x73,0x20,0x74,
  16035. 0x68,0x65,0x20,0x74,0x69,0x6d,0x65,0x20,
  16036. 0x66,0x6f,0x72,0x20,0x61,0x6c,0x6c,0x20
  16037. };
  16038. WOLFSSL_SMALL_STACK_STATIC const byte verify[] = {
  16039. 0x95,0x94,0x92,0x57,0x5f,0x42,0x81,0x53,
  16040. 0x2c,0xcc,0x9d,0x46,0x77,0xa2,0x33,0xcb,
  16041. 0x3b,0x5d,0x41,0x97,0x94,0x25,0xa4,0xb4,
  16042. 0xae,0x7b,0x34,0xd0,0x3f,0x0c,0xbc,0x06
  16043. };
  16044. WOLFSSL_SMALL_STACK_STATIC const byte verify2[] = {
  16045. 0x95,0x94,0x92,0x57,0x5f,0x42,0x81,0x53,
  16046. 0x2c,0xcc,0x9d,0x46,0x77,0xa2,0x33,0xcb,
  16047. 0x7d,0x37,0x7b,0x0b,0x44,0xaa,0xb5,0xf0,
  16048. 0x5f,0x34,0xb4,0xde,0xb5,0xbd,0x2a,0xbb
  16049. };
  16050. WOLFSSL_SMALL_STACK_STATIC const byte key[] =
  16051. "0123456789abcdef "; /* align */
  16052. WOLFSSL_SMALL_STACK_STATIC const byte iv[] =
  16053. "1234567890abcdef "; /* align */
  16054. byte cipher[AES_BLOCK_SIZE * 4];
  16055. byte plain [AES_BLOCK_SIZE * 4];
  16056. #ifdef WOLFSSL_SMALL_STACK
  16057. if (ctx == NULL)
  16058. return MEMORY_E;
  16059. #endif
  16060. cipherSz = 0;
  16061. EVP_CIPHER_CTX_init(ctx);
  16062. ret = EVP_CipherInit(ctx, EVP_aes_128_cbc(), key, iv, 1);
  16063. if (ret == WOLFSSL_SUCCESS) {
  16064. ret = EVP_CipherUpdate(ctx, cipher, &idx, (byte*)msg, sizeof(msg));
  16065. if (ret == WOLFSSL_SUCCESS)
  16066. cipherSz += idx;
  16067. }
  16068. if (ret == WOLFSSL_SUCCESS) {
  16069. ret = EVP_CipherFinal(ctx, cipher + cipherSz, &idx);
  16070. if (ret == WOLFSSL_SUCCESS)
  16071. cipherSz += idx;
  16072. }
  16073. EVP_CIPHER_CTX_cleanup(ctx);
  16074. if (ret != WOLFSSL_SUCCESS)
  16075. return -8617;
  16076. if (cipherSz != (int)sizeof(verify) || XMEMCMP(cipher, verify, cipherSz))
  16077. return -8618;
  16078. /* check partial decrypt (not enough padding for full block) */
  16079. plainSz = 0;
  16080. EVP_CIPHER_CTX_init(ctx);
  16081. ret = EVP_CipherInit(ctx, EVP_aes_128_cbc(), key, iv, 0);
  16082. if (ret == WOLFSSL_SUCCESS) {
  16083. ret = EVP_CipherUpdate(ctx, plain, &idx, cipher, 1);
  16084. if (ret == WOLFSSL_SUCCESS)
  16085. plainSz += idx;
  16086. }
  16087. if (ret == WOLFSSL_SUCCESS) {
  16088. /* this test should fail... not enough padding for full block */
  16089. ret = EVP_CipherFinal(ctx, plain + plainSz, &idx);
  16090. if (plainSz == 0 && ret != WOLFSSL_SUCCESS)
  16091. ret = WOLFSSL_SUCCESS;
  16092. else
  16093. ret = -8619;
  16094. }
  16095. else
  16096. ret = -8620;
  16097. EVP_CIPHER_CTX_cleanup(ctx);
  16098. if (ret != WOLFSSL_SUCCESS)
  16099. return ret;
  16100. plainSz = 0;
  16101. EVP_CIPHER_CTX_init(ctx);
  16102. ret = EVP_CipherInit(ctx, EVP_aes_128_cbc(), key, iv, 0);
  16103. if (ret == WOLFSSL_SUCCESS) {
  16104. ret = EVP_CipherUpdate(ctx, plain, &idx, cipher, cipherSz);
  16105. if (ret == WOLFSSL_SUCCESS)
  16106. plainSz += idx;
  16107. }
  16108. if (ret == WOLFSSL_SUCCESS) {
  16109. ret = EVP_CipherFinal(ctx, plain + plainSz, &idx);
  16110. if (ret == WOLFSSL_SUCCESS)
  16111. plainSz += idx;
  16112. }
  16113. EVP_CIPHER_CTX_cleanup(ctx);
  16114. if (ret != WOLFSSL_SUCCESS)
  16115. return -8621;
  16116. if (plainSz != (int)sizeof(msg) || XMEMCMP(plain, msg, sizeof(msg)))
  16117. return -8622;
  16118. cipherSz = 0;
  16119. EVP_CIPHER_CTX_init(ctx);
  16120. ret = EVP_CipherInit(ctx, EVP_aes_128_cbc(), key, iv, 1);
  16121. if (ret == WOLFSSL_SUCCESS) {
  16122. ret = EVP_CipherUpdate(ctx, cipher, &idx, msg, AES_BLOCK_SIZE);
  16123. if (ret == WOLFSSL_SUCCESS)
  16124. cipherSz += idx;
  16125. }
  16126. if (ret == WOLFSSL_SUCCESS) {
  16127. ret = EVP_CipherFinal(ctx, cipher + cipherSz, &idx);
  16128. if (ret == WOLFSSL_SUCCESS)
  16129. cipherSz += idx;
  16130. }
  16131. EVP_CIPHER_CTX_cleanup(ctx);
  16132. if (ret != WOLFSSL_SUCCESS)
  16133. return -8623;
  16134. if (cipherSz != (int)sizeof(verify2) || XMEMCMP(cipher, verify2, cipherSz))
  16135. return -8624;
  16136. #ifdef WOLFSSL_SMALL_STACK
  16137. wolfSSL_EVP_CIPHER_CTX_free(ctx);
  16138. #endif
  16139. } /* end evp_cipher test: EVP_aes_128_cbc*/
  16140. #endif /* WOLFSSL_AES_128 && HAVE_AES_CBC */
  16141. #if defined(HAVE_AES_ECB) && defined(WOLFSSL_AES_256)
  16142. { /* evp_cipher test: EVP_aes_256_ecb*/
  16143. #ifdef WOLFSSL_SMALL_STACK
  16144. EVP_CIPHER_CTX *ctx = wolfSSL_EVP_CIPHER_CTX_new();
  16145. #else
  16146. EVP_CIPHER_CTX ctx[1];
  16147. #endif
  16148. WOLFSSL_SMALL_STACK_STATIC const byte msg[] = {
  16149. 0x6b,0xc1,0xbe,0xe2,0x2e,0x40,0x9f,0x96,
  16150. 0xe9,0x3d,0x7e,0x11,0x73,0x93,0x17,0x2a
  16151. };
  16152. WOLFSSL_SMALL_STACK_STATIC const byte verify[] = {
  16153. 0xf3,0xee,0xd1,0xbd,0xb5,0xd2,0xa0,0x3c,
  16154. 0x06,0x4b,0x5a,0x7e,0x3d,0xb1,0x81,0xf8
  16155. };
  16156. WOLFSSL_SMALL_STACK_STATIC const byte key[] = {
  16157. 0x60,0x3d,0xeb,0x10,0x15,0xca,0x71,0xbe,
  16158. 0x2b,0x73,0xae,0xf0,0x85,0x7d,0x77,0x81,
  16159. 0x1f,0x35,0x2c,0x07,0x3b,0x61,0x08,0xd7,
  16160. 0x2d,0x98,0x10,0xa3,0x09,0x14,0xdf,0xf4
  16161. };
  16162. byte cipher[AES_BLOCK_SIZE * 4];
  16163. byte plain [AES_BLOCK_SIZE * 4];
  16164. #ifdef WOLFSSL_SMALL_STACK
  16165. if (ctx == NULL)
  16166. return MEMORY_E;
  16167. #endif
  16168. EVP_CIPHER_CTX_init(ctx);
  16169. ret = EVP_CipherInit(ctx, EVP_aes_256_ecb(), (unsigned char*)key, NULL, 1);
  16170. if (ret == WOLFSSL_SUCCESS)
  16171. ret = EVP_Cipher(ctx, cipher, (byte*)msg, 16);
  16172. EVP_CIPHER_CTX_cleanup(ctx);
  16173. if (ret != 16)
  16174. return -8625;
  16175. if (XMEMCMP(cipher, verify, AES_BLOCK_SIZE))
  16176. return -8626;
  16177. EVP_CIPHER_CTX_init(ctx);
  16178. ret = EVP_CipherInit(ctx, EVP_aes_256_ecb(), (unsigned char*)key, NULL, 0);
  16179. if (ret == WOLFSSL_SUCCESS)
  16180. ret = EVP_Cipher(ctx, plain, cipher, 16);
  16181. EVP_CIPHER_CTX_cleanup(ctx);
  16182. if (ret != 16)
  16183. return -8627;
  16184. if (XMEMCMP(plain, msg, AES_BLOCK_SIZE))
  16185. return -8628;
  16186. #ifdef WOLFSSL_SMALL_STACK
  16187. wolfSSL_EVP_CIPHER_CTX_free(ctx);
  16188. #endif
  16189. } /* end evp_cipher test */
  16190. #endif /* HAVE_AES_ECB && WOLFSSL_AES_128 */
  16191. #define OPENSSL_TEST_ERROR (-10000)
  16192. #if defined(WOLFSSL_AES_DIRECT) && defined(WOLFSSL_AES_256)
  16193. /* enable HAVE_AES_DECRYPT for AES_encrypt/decrypt */
  16194. {
  16195. /* Test: AES_encrypt/decrypt/set Key */
  16196. #ifdef WOLFSSL_SMALL_STACK
  16197. AES_KEY *enc = (AES_KEY *)XMALLOC(sizeof *enc, HEAP_HINT, DYNAMIC_TYPE_AES);
  16198. #ifdef HAVE_AES_DECRYPT
  16199. AES_KEY *dec = (AES_KEY *)XMALLOC(sizeof *dec, HEAP_HINT, DYNAMIC_TYPE_AES);
  16200. #endif
  16201. #else
  16202. AES_KEY enc[1];
  16203. #ifdef HAVE_AES_DECRYPT
  16204. AES_KEY dec[1];
  16205. #endif
  16206. #endif
  16207. WOLFSSL_SMALL_STACK_STATIC const byte msg[] =
  16208. {
  16209. 0x6b,0xc1,0xbe,0xe2,0x2e,0x40,0x9f,0x96,
  16210. 0xe9,0x3d,0x7e,0x11,0x73,0x93,0x17,0x2a
  16211. };
  16212. WOLFSSL_SMALL_STACK_STATIC const byte verify[] =
  16213. {
  16214. 0xf3,0xee,0xd1,0xbd,0xb5,0xd2,0xa0,0x3c,
  16215. 0x06,0x4b,0x5a,0x7e,0x3d,0xb1,0x81,0xf8
  16216. };
  16217. WOLFSSL_SMALL_STACK_STATIC const byte key[] =
  16218. {
  16219. 0x60,0x3d,0xeb,0x10,0x15,0xca,0x71,0xbe,
  16220. 0x2b,0x73,0xae,0xf0,0x85,0x7d,0x77,0x81,
  16221. 0x1f,0x35,0x2c,0x07,0x3b,0x61,0x08,0xd7,
  16222. 0x2d,0x98,0x10,0xa3,0x09,0x14,0xdf,0xf4
  16223. };
  16224. byte plain[sizeof(msg)];
  16225. byte cipher[sizeof(msg)];
  16226. printf("openSSL extra test\n") ;
  16227. #ifdef WOLFSSL_SMALL_STACK
  16228. if (enc == NULL)
  16229. return MEMORY_E;
  16230. #ifdef HAVE_AES_DECRYPT
  16231. if (dec == NULL)
  16232. return MEMORY_E;
  16233. #endif
  16234. #endif
  16235. AES_set_encrypt_key(key, sizeof(key)*8, enc);
  16236. AES_set_decrypt_key(key, sizeof(key)*8, dec);
  16237. AES_encrypt(msg, cipher, enc);
  16238. #ifdef HAVE_AES_DECRYPT
  16239. AES_decrypt(cipher, plain, dec);
  16240. if (XMEMCMP(plain, msg, AES_BLOCK_SIZE))
  16241. return OPENSSL_TEST_ERROR-60;
  16242. #endif /* HAVE_AES_DECRYPT */
  16243. if (XMEMCMP(cipher, verify, AES_BLOCK_SIZE))
  16244. return OPENSSL_TEST_ERROR-61;
  16245. #ifdef WOLFSSL_SMALL_STACK
  16246. XFREE(enc, HEAP_HINT, DYNAMIC_TYPE_AES);
  16247. #ifdef HAVE_AES_DECRYPT
  16248. XFREE(dec, HEAP_HINT, DYNAMIC_TYPE_AES);
  16249. #endif
  16250. #endif
  16251. }
  16252. #endif /* WOLFSSL_AES_DIRECT && WOLFSSL_AES_256 */
  16253. /* EVP_Cipher with EVP_aes_xxx_ctr() */
  16254. #ifdef WOLFSSL_AES_COUNTER
  16255. {
  16256. byte plainBuff [64];
  16257. byte cipherBuff[64];
  16258. #ifdef WOLFSSL_AES_128
  16259. WOLFSSL_SMALL_STACK_STATIC const byte ctrKey[] =
  16260. {
  16261. 0x2b,0x7e,0x15,0x16,0x28,0xae,0xd2,0xa6,
  16262. 0xab,0xf7,0x15,0x88,0x09,0xcf,0x4f,0x3c
  16263. };
  16264. WOLFSSL_SMALL_STACK_STATIC const byte ctrIv[] =
  16265. {
  16266. 0xf0,0xf1,0xf2,0xf3,0xf4,0xf5,0xf6,0xf7,
  16267. 0xf8,0xf9,0xfa,0xfb,0xfc,0xfd,0xfe,0xff
  16268. };
  16269. WOLFSSL_SMALL_STACK_STATIC const byte ctrPlain[] =
  16270. {
  16271. 0x6b,0xc1,0xbe,0xe2,0x2e,0x40,0x9f,0x96,
  16272. 0xe9,0x3d,0x7e,0x11,0x73,0x93,0x17,0x2a,
  16273. 0xae,0x2d,0x8a,0x57,0x1e,0x03,0xac,0x9c,
  16274. 0x9e,0xb7,0x6f,0xac,0x45,0xaf,0x8e,0x51,
  16275. 0x30,0xc8,0x1c,0x46,0xa3,0x5c,0xe4,0x11,
  16276. 0xe5,0xfb,0xc1,0x19,0x1a,0x0a,0x52,0xef,
  16277. 0xf6,0x9f,0x24,0x45,0xdf,0x4f,0x9b,0x17,
  16278. 0xad,0x2b,0x41,0x7b,0xe6,0x6c,0x37,0x10
  16279. };
  16280. WOLFSSL_SMALL_STACK_STATIC const byte ctrCipher[] =
  16281. {
  16282. 0x87,0x4d,0x61,0x91,0xb6,0x20,0xe3,0x26,
  16283. 0x1b,0xef,0x68,0x64,0x99,0x0d,0xb6,0xce,
  16284. 0x98,0x06,0xf6,0x6b,0x79,0x70,0xfd,0xff,
  16285. 0x86,0x17,0x18,0x7b,0xb9,0xff,0xfd,0xff,
  16286. 0x5a,0xe4,0xdf,0x3e,0xdb,0xd5,0xd3,0x5e,
  16287. 0x5b,0x4f,0x09,0x02,0x0d,0xb0,0x3e,0xab,
  16288. 0x1e,0x03,0x1d,0xda,0x2f,0xbe,0x03,0xd1,
  16289. 0x79,0x21,0x70,0xa0,0xf3,0x00,0x9c,0xee
  16290. };
  16291. WOLFSSL_SMALL_STACK_STATIC const byte oddCipher[] =
  16292. {
  16293. 0xb9,0xd7,0xcb,0x08,0xb0,0xe1,0x7b,0xa0,
  16294. 0xc2
  16295. };
  16296. #endif /* WOLFSSL_AES_128 */
  16297. #ifdef WOLFSSL_AES_192
  16298. /* test vector from "Recommendation for Block Cipher Modes of Operation"
  16299. * NIST Special Publication 800-38A */
  16300. WOLFSSL_SMALL_STACK_STATIC const byte ctr192Key[] =
  16301. {
  16302. 0x8e,0x73,0xb0,0xf7,0xda,0x0e,0x64,0x52,
  16303. 0xc8,0x10,0xf3,0x2b,0x80,0x90,0x79,0xe5,
  16304. 0x62,0xf8,0xea,0xd2,0x52,0x2c,0x6b,0x7b
  16305. };
  16306. WOLFSSL_SMALL_STACK_STATIC const byte ctr192Iv[] =
  16307. {
  16308. 0xf0,0xf1,0xf2,0xf3,0xf4,0xf5,0xf6,0xf7,
  16309. 0xf8,0xf9,0xfa,0xfb,0xfc,0xfd,0xfe,0xff
  16310. };
  16311. WOLFSSL_SMALL_STACK_STATIC const byte ctr192Plain[] =
  16312. {
  16313. 0x6b,0xc1,0xbe,0xe2,0x2e,0x40,0x9f,0x96,
  16314. 0xe9,0x3d,0x7e,0x11,0x73,0x93,0x17,0x2a
  16315. };
  16316. WOLFSSL_SMALL_STACK_STATIC const byte ctr192Cipher[] =
  16317. {
  16318. 0x1a,0xbc,0x93,0x24,0x17,0x52,0x1c,0xa2,
  16319. 0x4f,0x2b,0x04,0x59,0xfe,0x7e,0x6e,0x0b
  16320. };
  16321. #endif /* WOLFSSL_AES_192 */
  16322. #ifdef WOLFSSL_AES_256
  16323. /* test vector from "Recommendation for Block Cipher Modes of Operation"
  16324. * NIST Special Publication 800-38A */
  16325. WOLFSSL_SMALL_STACK_STATIC const byte ctr256Key[] =
  16326. {
  16327. 0x60,0x3d,0xeb,0x10,0x15,0xca,0x71,0xbe,
  16328. 0x2b,0x73,0xae,0xf0,0x85,0x7d,0x77,0x81,
  16329. 0x1f,0x35,0x2c,0x07,0x3b,0x61,0x08,0xd7,
  16330. 0x2d,0x98,0x10,0xa3,0x09,0x14,0xdf,0xf4
  16331. };
  16332. WOLFSSL_SMALL_STACK_STATIC const byte ctr256Iv[] =
  16333. {
  16334. 0xf0,0xf1,0xf2,0xf3,0xf4,0xf5,0xf6,0xf7,
  16335. 0xf8,0xf9,0xfa,0xfb,0xfc,0xfd,0xfe,0xff
  16336. };
  16337. WOLFSSL_SMALL_STACK_STATIC const byte ctr256Plain[] =
  16338. {
  16339. 0x6b,0xc1,0xbe,0xe2,0x2e,0x40,0x9f,0x96,
  16340. 0xe9,0x3d,0x7e,0x11,0x73,0x93,0x17,0x2a
  16341. };
  16342. WOLFSSL_SMALL_STACK_STATIC const byte ctr256Cipher[] =
  16343. {
  16344. 0x60,0x1e,0xc3,0x13,0x77,0x57,0x89,0xa5,
  16345. 0xb7,0xa7,0xf5,0x04,0xbb,0xf3,0xd2,0x28
  16346. };
  16347. #endif /* WOLFSSL_AES_256 */
  16348. #ifdef WOLFSSL_SMALL_STACK
  16349. EVP_CIPHER_CTX *en = wolfSSL_EVP_CIPHER_CTX_new();
  16350. EVP_CIPHER_CTX *de = wolfSSL_EVP_CIPHER_CTX_new();
  16351. if ((en == NULL) || (de == NULL))
  16352. return MEMORY_E;
  16353. #else
  16354. EVP_CIPHER_CTX en[1];
  16355. EVP_CIPHER_CTX de[1];
  16356. #endif
  16357. #ifdef WOLFSSL_AES_128
  16358. #ifndef WOLFSSL_SMALL_STACK
  16359. EVP_CIPHER_CTX *p_en;
  16360. EVP_CIPHER_CTX *p_de;
  16361. #endif
  16362. EVP_CIPHER_CTX_init(en);
  16363. if (EVP_CipherInit(en, EVP_aes_128_ctr(),
  16364. (unsigned char*)ctrKey, (unsigned char*)ctrIv, 0) == 0)
  16365. return -8629;
  16366. if (EVP_Cipher(en, (byte*)cipherBuff, (byte*)ctrPlain,
  16367. AES_BLOCK_SIZE*4) != AES_BLOCK_SIZE*4)
  16368. return -8630;
  16369. EVP_CIPHER_CTX_init(de);
  16370. if (EVP_CipherInit(de, EVP_aes_128_ctr(),
  16371. (unsigned char*)ctrKey, (unsigned char*)ctrIv, 0) == 0)
  16372. return -8631;
  16373. if (EVP_Cipher(de, (byte*)plainBuff, (byte*)cipherBuff,
  16374. AES_BLOCK_SIZE*4) != AES_BLOCK_SIZE*4)
  16375. return -8632;
  16376. if (XMEMCMP(cipherBuff, ctrCipher, AES_BLOCK_SIZE*4))
  16377. return -8633;
  16378. if (XMEMCMP(plainBuff, ctrPlain, AES_BLOCK_SIZE*4))
  16379. return -8634;
  16380. #ifndef WOLFSSL_SMALL_STACK
  16381. p_en = wolfSSL_EVP_CIPHER_CTX_new();
  16382. if(p_en == NULL)return -8635;
  16383. p_de = wolfSSL_EVP_CIPHER_CTX_new();
  16384. if(p_de == NULL)return -8636;
  16385. if (EVP_CipherInit(p_en, EVP_aes_128_ctr(),
  16386. (unsigned char*)ctrKey, (unsigned char*)ctrIv, 0) == 0)
  16387. return -8637;
  16388. if (EVP_Cipher(p_en, (byte*)cipherBuff, (byte*)ctrPlain,
  16389. AES_BLOCK_SIZE*4) != AES_BLOCK_SIZE*4)
  16390. return -8638;
  16391. if (EVP_CipherInit(p_de, EVP_aes_128_ctr(),
  16392. (unsigned char*)ctrKey, (unsigned char*)ctrIv, 0) == 0)
  16393. return -8639;
  16394. if (EVP_Cipher(p_de, (byte*)plainBuff, (byte*)cipherBuff,
  16395. AES_BLOCK_SIZE*4) != AES_BLOCK_SIZE*4)
  16396. return -8640;
  16397. wolfSSL_EVP_CIPHER_CTX_free(p_en);
  16398. wolfSSL_EVP_CIPHER_CTX_free(p_de);
  16399. #endif /* !WOLFSSL_SMALL_STACK */
  16400. if (XMEMCMP(cipherBuff, ctrCipher, AES_BLOCK_SIZE*4))
  16401. return -8641;
  16402. if (XMEMCMP(plainBuff, ctrPlain, AES_BLOCK_SIZE*4))
  16403. return -8642;
  16404. EVP_CIPHER_CTX_init(en);
  16405. if (EVP_CipherInit(en, EVP_aes_128_ctr(),
  16406. (unsigned char*)ctrKey, (unsigned char*)ctrIv, 0) == 0)
  16407. return -8643;
  16408. if (EVP_Cipher(en, (byte*)cipherBuff, (byte*)ctrPlain, 9) != 9)
  16409. return -8644;
  16410. EVP_CIPHER_CTX_init(de);
  16411. if (EVP_CipherInit(de, EVP_aes_128_ctr(),
  16412. (unsigned char*)ctrKey, (unsigned char*)ctrIv, 0) == 0)
  16413. return -8645;
  16414. if (EVP_Cipher(de, (byte*)plainBuff, (byte*)cipherBuff, 9) != 9)
  16415. return -8646;
  16416. if (XMEMCMP(plainBuff, ctrPlain, 9))
  16417. return -8647;
  16418. if (XMEMCMP(cipherBuff, ctrCipher, 9))
  16419. return -8648;
  16420. if (EVP_Cipher(en, (byte*)cipherBuff, (byte*)ctrPlain, 9) != 9)
  16421. return -8649;
  16422. if (EVP_Cipher(de, (byte*)plainBuff, (byte*)cipherBuff, 9) != 9)
  16423. return -8650;
  16424. if (XMEMCMP(plainBuff, ctrPlain, 9))
  16425. return -8651;
  16426. if (XMEMCMP(cipherBuff, oddCipher, 9))
  16427. return -8652;
  16428. #endif /* WOLFSSL_AES_128 */
  16429. #ifdef WOLFSSL_AES_192
  16430. EVP_CIPHER_CTX_init(en);
  16431. if (EVP_CipherInit(en, EVP_aes_192_ctr(),
  16432. (unsigned char*)ctr192Key, (unsigned char*)ctr192Iv, 0) == 0)
  16433. return -8653;
  16434. if (EVP_Cipher(en, (byte*)cipherBuff, (byte*)ctr192Plain,
  16435. AES_BLOCK_SIZE) != AES_BLOCK_SIZE)
  16436. return -8654;
  16437. EVP_CIPHER_CTX_init(de);
  16438. if (EVP_CipherInit(de, EVP_aes_192_ctr(),
  16439. (unsigned char*)ctr192Key, (unsigned char*)ctr192Iv, 0) == 0)
  16440. return -8655;
  16441. XMEMSET(plainBuff, 0, sizeof(plainBuff));
  16442. if (EVP_Cipher(de, (byte*)plainBuff, (byte*)cipherBuff,
  16443. AES_BLOCK_SIZE) != AES_BLOCK_SIZE)
  16444. return -8656;
  16445. if (XMEMCMP(plainBuff, ctr192Plain, sizeof(ctr192Plain)))
  16446. return -8657;
  16447. if (XMEMCMP(ctr192Cipher, cipherBuff, sizeof(ctr192Cipher)))
  16448. return -8658;
  16449. #endif /* WOLFSSL_AES_192 */
  16450. #ifdef WOLFSSL_AES_256
  16451. EVP_CIPHER_CTX_init(en);
  16452. if (EVP_CipherInit(en, EVP_aes_256_ctr(),
  16453. (unsigned char*)ctr256Key, (unsigned char*)ctr256Iv, 0) == 0)
  16454. return -8659;
  16455. if (EVP_Cipher(en, (byte*)cipherBuff, (byte*)ctr256Plain,
  16456. AES_BLOCK_SIZE) != AES_BLOCK_SIZE)
  16457. return -8660;
  16458. EVP_CIPHER_CTX_init(de);
  16459. if (EVP_CipherInit(de, EVP_aes_256_ctr(),
  16460. (unsigned char*)ctr256Key, (unsigned char*)ctr256Iv, 0) == 0)
  16461. return -8661;
  16462. XMEMSET(plainBuff, 0, sizeof(plainBuff));
  16463. if (EVP_Cipher(de, (byte*)plainBuff, (byte*)cipherBuff,
  16464. AES_BLOCK_SIZE) != AES_BLOCK_SIZE)
  16465. return -8662;
  16466. if (XMEMCMP(plainBuff, ctr256Plain, sizeof(ctr256Plain)))
  16467. return -8663;
  16468. if (XMEMCMP(ctr256Cipher, cipherBuff, sizeof(ctr256Cipher)))
  16469. return -8664;
  16470. #endif /* WOLFSSL_AES_256 */
  16471. #ifdef WOLFSSL_SMALL_STACK
  16472. wolfSSL_EVP_CIPHER_CTX_free(en);
  16473. wolfSSL_EVP_CIPHER_CTX_free(de);
  16474. #endif
  16475. }
  16476. #endif /* HAVE_AES_COUNTER */
  16477. #if defined(HAVE_AES_CBC) && defined(WOLFSSL_AES_128)
  16478. {
  16479. /* EVP_CipherUpdate test */
  16480. WOLFSSL_SMALL_STACK_STATIC const byte cbcPlain[] =
  16481. {
  16482. 0x6b,0xc1,0xbe,0xe2,0x2e,0x40,0x9f,0x96,
  16483. 0xe9,0x3d,0x7e,0x11,0x73,0x93,0x17,0x2a,
  16484. 0xae,0x2d,0x8a,0x57,0x1e,0x03,0xac,0x9c,
  16485. 0x9e,0xb7,0x6f,0xac,0x45,0xaf,0x8e,0x51,
  16486. 0x30,0xc8,0x1c,0x46,0xa3,0x5c,0xe4,0x11,
  16487. 0xe5,0xfb,0xc1,0x19,0x1a,0x0a,0x52,0xef,
  16488. 0xf6,0x9f,0x24,0x45,0xdf,0x4f,0x9b,0x17,
  16489. 0xad,0x2b,0x41,0x7b,0xe6,0x6c,0x37,0x10
  16490. };
  16491. byte key[] = "0123456789abcdef "; /* align */
  16492. byte iv[] = "1234567890abcdef "; /* align */
  16493. byte cipher[AES_BLOCK_SIZE * 4];
  16494. byte plain [AES_BLOCK_SIZE * 4];
  16495. #ifdef WOLFSSL_SMALL_STACK
  16496. EVP_CIPHER_CTX *en = wolfSSL_EVP_CIPHER_CTX_new();
  16497. EVP_CIPHER_CTX *de = wolfSSL_EVP_CIPHER_CTX_new();
  16498. #else
  16499. EVP_CIPHER_CTX en[1];
  16500. EVP_CIPHER_CTX de[1];
  16501. #endif
  16502. int outlen ;
  16503. int total = 0;
  16504. #ifdef WOLFSSL_SMALL_STACK
  16505. if ((en == NULL) || (de == NULL))
  16506. return MEMORY_E;
  16507. #endif
  16508. EVP_CIPHER_CTX_init(en);
  16509. if (EVP_CipherInit(en, EVP_aes_128_cbc(),
  16510. (unsigned char*)key, (unsigned char*)iv, 1) == 0)
  16511. return -8665;
  16512. /* openSSL compatibility, if(inlen == 0)return 1; */
  16513. if (EVP_CipherUpdate(en, (byte*)cipher, &outlen,
  16514. (byte*)cbcPlain, 0) != 1)
  16515. return -8666;
  16516. EVP_CIPHER_CTX_init(en);
  16517. if (EVP_CipherInit(en, EVP_aes_128_cbc(),
  16518. (unsigned char*)key, (unsigned char*)iv, 1) == 0)
  16519. return -8667;
  16520. if (EVP_CipherUpdate(en, (byte*)cipher, &outlen,
  16521. (byte*)cbcPlain, 9) == 0)
  16522. return -8668;
  16523. if(outlen != 0)
  16524. return -8669;
  16525. total += outlen;
  16526. if (EVP_CipherUpdate(en, (byte*)&cipher[total], &outlen,
  16527. (byte*)&cbcPlain[9] , 9) == 0)
  16528. return -8670;
  16529. if(outlen != 16)
  16530. return -8671;
  16531. total += outlen;
  16532. if (EVP_CipherFinal(en, (byte*)&cipher[total], &outlen) == 0)
  16533. return -8672;
  16534. if(outlen != 16)
  16535. return -8673;
  16536. total += outlen;
  16537. if(total != 32)
  16538. return -8674;
  16539. total = 0;
  16540. EVP_CIPHER_CTX_init(de);
  16541. if (EVP_CipherInit(de, EVP_aes_128_cbc(),
  16542. (unsigned char*)key, (unsigned char*)iv, 0) == 0)
  16543. return -8675;
  16544. if (EVP_CipherUpdate(de, (byte*)plain, &outlen, (byte*)cipher, 6) == 0)
  16545. return -8676;
  16546. if(outlen != 0)
  16547. return -8677;
  16548. total += outlen;
  16549. if (EVP_CipherUpdate(de, (byte*)&plain[total], &outlen,
  16550. (byte*)&cipher[6], 12) == 0)
  16551. return -8678;
  16552. if(outlen != 0)
  16553. total += outlen;
  16554. if (EVP_CipherUpdate(de, (byte*)&plain[total], &outlen,
  16555. (byte*)&cipher[6+12], 14) == 0)
  16556. return -8679;
  16557. if(outlen != 16)
  16558. return -8680;
  16559. total += outlen;
  16560. if (EVP_CipherFinal(de, (byte*)&plain[total], &outlen) == 0)
  16561. return -8681;
  16562. if(outlen != 2)
  16563. return -8682;
  16564. total += outlen;
  16565. if(total != 18)
  16566. return -8683;
  16567. if (XMEMCMP(plain, cbcPlain, 18))
  16568. return -8684;
  16569. total = 0;
  16570. EVP_CIPHER_CTX_init(en);
  16571. if (EVP_EncryptInit(en, EVP_aes_128_cbc(),
  16572. (unsigned char*)key, (unsigned char*)iv) == 0)
  16573. return -8685;
  16574. if (EVP_CipherUpdate(en, (byte*)cipher, &outlen, (byte*)cbcPlain, 9) == 0)
  16575. return -8686;
  16576. if(outlen != 0)
  16577. return -8687;
  16578. total += outlen;
  16579. if (EVP_CipherUpdate(en, (byte*)&cipher[total], &outlen, (byte*)&cbcPlain[9] , 9) == 0)
  16580. return -8688;
  16581. if(outlen != 16)
  16582. return -8689;
  16583. total += outlen;
  16584. if (EVP_EncryptFinal(en, (byte*)&cipher[total], &outlen) == 0)
  16585. return -8690;
  16586. if(outlen != 16)
  16587. return -8691;
  16588. total += outlen;
  16589. if(total != 32)
  16590. return 3438;
  16591. total = 0;
  16592. EVP_CIPHER_CTX_init(de);
  16593. if (EVP_DecryptInit(de, EVP_aes_128_cbc(),
  16594. (unsigned char*)key, (unsigned char*)iv) == 0)
  16595. return -8692;
  16596. if (EVP_CipherUpdate(de, (byte*)plain, &outlen, (byte*)cipher, 6) == 0)
  16597. return -8693;
  16598. if(outlen != 0)
  16599. return -8694;
  16600. total += outlen;
  16601. if (EVP_CipherUpdate(de, (byte*)&plain[total], &outlen, (byte*)&cipher[6], 12) == 0)
  16602. return -8695;
  16603. if(outlen != 0)
  16604. total += outlen;
  16605. if (EVP_CipherUpdate(de, (byte*)&plain[total], &outlen, (byte*)&cipher[6+12], 14) == 0)
  16606. return -8696;
  16607. if(outlen != 16)
  16608. return -8697;
  16609. total += outlen;
  16610. if (EVP_DecryptFinal(de, (byte*)&plain[total], &outlen) == 0)
  16611. return -8698;
  16612. if(outlen != 2)
  16613. return -8699;
  16614. total += outlen;
  16615. if(total != 18)
  16616. return 3447;
  16617. if (XMEMCMP(plain, cbcPlain, 18))
  16618. return -8700;
  16619. if (EVP_CIPHER_key_length(NULL) != 0)
  16620. return -8701;
  16621. if (EVP_CIPHER_key_length(EVP_aes_128_cbc()) != 16)
  16622. return -8702;
  16623. if (EVP_CIPHER_CTX_mode(NULL) != 0)
  16624. return -8703;
  16625. if (EVP_CIPHER_CTX_mode(en) != (en->flags & WOLFSSL_EVP_CIPH_MODE))
  16626. return -8704;
  16627. EVP_CIPHER_CTX_init(en);
  16628. if (EVP_CipherInit_ex(en, EVP_aes_128_cbc(), NULL,
  16629. (unsigned char*)key, (unsigned char*)iv, 0) == 0)
  16630. return -8705;
  16631. EVP_CIPHER_CTX_init(en);
  16632. if (EVP_EncryptInit_ex(en, EVP_aes_128_cbc(), NULL,
  16633. (unsigned char*)key, (unsigned char*)iv) == 0)
  16634. return -8706;
  16635. if (wolfSSL_EVP_EncryptFinal_ex(NULL, NULL, NULL) != WOLFSSL_FAILURE)
  16636. return -8707;
  16637. if (wolfSSL_EVP_EncryptFinal(NULL, NULL, NULL) != WOLFSSL_FAILURE)
  16638. return -8708;
  16639. EVP_CIPHER_CTX_init(de);
  16640. if (EVP_DecryptInit_ex(de, EVP_aes_128_cbc(), NULL,
  16641. (unsigned char*)key, (unsigned char*)iv) == 0)
  16642. return -8709;
  16643. if (wolfSSL_EVP_DecryptFinal(NULL, NULL, NULL) != WOLFSSL_FAILURE)
  16644. return -8710;
  16645. if (wolfSSL_EVP_DecryptFinal_ex(NULL, NULL, NULL) != WOLFSSL_FAILURE)
  16646. return -8711;
  16647. if (EVP_CIPHER_CTX_block_size(NULL) != BAD_FUNC_ARG)
  16648. return -8712;
  16649. EVP_CIPHER_CTX_init(en);
  16650. EVP_EncryptInit_ex(en, EVP_aes_128_cbc(), NULL,
  16651. (unsigned char*)key, (unsigned char*)iv);
  16652. if (EVP_CIPHER_CTX_block_size(en) != en->block_size)
  16653. return -8713;
  16654. if (EVP_CIPHER_block_size(NULL) != BAD_FUNC_ARG)
  16655. return -8714;
  16656. if (EVP_CIPHER_block_size(EVP_aes_128_cbc()) != AES_BLOCK_SIZE)
  16657. return -8715;
  16658. if (WOLFSSL_EVP_CIPHER_mode(NULL) != 0)
  16659. return -8716;
  16660. if (EVP_CIPHER_flags(EVP_aes_128_cbc()) != WOLFSSL_EVP_CIPH_CBC_MODE)
  16661. return -8717;
  16662. EVP_CIPHER_CTX_clear_flags(en, 0xFFFFFFFF);
  16663. EVP_CIPHER_CTX_set_flags(en, 42);
  16664. if (en->flags != 42)
  16665. return -8718;
  16666. if (EVP_CIPHER_CTX_set_padding(NULL, 0) != BAD_FUNC_ARG)
  16667. return -8719;
  16668. if (EVP_CIPHER_CTX_set_padding(en, 0) != WOLFSSL_SUCCESS)
  16669. return -8720;
  16670. if (EVP_CIPHER_CTX_set_padding(en, 1) != WOLFSSL_SUCCESS)
  16671. return -8721;
  16672. #ifdef WOLFSSL_SMALL_STACK
  16673. wolfSSL_EVP_CIPHER_CTX_free(en);
  16674. wolfSSL_EVP_CIPHER_CTX_free(de);
  16675. #endif
  16676. }
  16677. #endif /* WOLFSSL_AES_128 && HAVE_AES_CBC */
  16678. #endif /* ifndef NO_AES */
  16679. return 0;
  16680. }
  16681. WOLFSSL_TEST_SUBROUTINE int openSSL_evpMD_test(void)
  16682. {
  16683. int ret = 0;
  16684. #if !defined(NO_SHA256) && !defined(NO_SHA)
  16685. WOLFSSL_EVP_MD_CTX* ctx;
  16686. WOLFSSL_EVP_MD_CTX* ctx2;
  16687. ctx = EVP_MD_CTX_create();
  16688. ctx2 = EVP_MD_CTX_create();
  16689. ret = EVP_DigestInit(ctx, EVP_sha256());
  16690. if (ret != SSL_SUCCESS) {
  16691. ret = -8800;
  16692. goto openSSL_evpMD_test_done;
  16693. }
  16694. ret = EVP_MD_CTX_copy(ctx2, ctx);
  16695. if (ret != SSL_SUCCESS) {
  16696. ret = -8801;
  16697. goto openSSL_evpMD_test_done;
  16698. }
  16699. if (EVP_MD_type(EVP_sha256()) != EVP_MD_CTX_type(ctx2)) {
  16700. ret = -8802;
  16701. goto openSSL_evpMD_test_done;
  16702. }
  16703. ret = EVP_DigestInit(ctx, EVP_sha1());
  16704. if (ret != SSL_SUCCESS) {
  16705. ret = -8803;
  16706. goto openSSL_evpMD_test_done;
  16707. }
  16708. if (EVP_MD_type(EVP_sha256()) != EVP_MD_CTX_type(ctx2)) {
  16709. ret = -8804;
  16710. goto openSSL_evpMD_test_done;
  16711. }
  16712. ret = EVP_MD_CTX_copy_ex(ctx2, ctx);
  16713. if (ret != SSL_SUCCESS) {
  16714. ret = -8805;
  16715. goto openSSL_evpMD_test_done;
  16716. }
  16717. if (EVP_MD_type(EVP_sha256()) == EVP_MD_CTX_type(ctx2)) {
  16718. ret = -8806;
  16719. goto openSSL_evpMD_test_done;
  16720. }
  16721. if (EVP_MD_type(EVP_sha1()) != EVP_MD_CTX_type(ctx2)) {
  16722. ret = -8807;
  16723. goto openSSL_evpMD_test_done;
  16724. }
  16725. if (EVP_DigestInit_ex(ctx, EVP_sha1(), NULL) != SSL_SUCCESS) {
  16726. ret = -8808;
  16727. goto openSSL_evpMD_test_done;
  16728. }
  16729. if (EVP_add_digest(NULL) != 0) {
  16730. ret = -8809;
  16731. goto openSSL_evpMD_test_done;
  16732. }
  16733. if (wolfSSL_EVP_add_cipher(NULL) != 0) {
  16734. ret = -8810;
  16735. goto openSSL_evpMD_test_done;
  16736. }
  16737. ret = 0; /* got to success state without jumping to end with a fail */
  16738. openSSL_evpMD_test_done:
  16739. EVP_MD_CTX_destroy(ctx);
  16740. EVP_MD_CTX_destroy(ctx2);
  16741. #endif /* NO_SHA256 */
  16742. return ret;
  16743. }
  16744. #ifdef DEBUG_SIGN
  16745. static void show(const char *title, const char *p, unsigned int s) {
  16746. char* i;
  16747. printf("%s: ", title);
  16748. for (i = p;
  16749. i < p + s;
  16750. printf("%c", *i), i++);
  16751. printf("\n");
  16752. }
  16753. #else
  16754. #define show(a,b,c)
  16755. #endif
  16756. #define FOURK_BUFF 4096
  16757. #define ERR_BASE_PKEY -5000
  16758. WOLFSSL_TEST_SUBROUTINE int openssl_pkey0_test(void)
  16759. {
  16760. int ret = 0;
  16761. #if !defined(NO_RSA) && !defined(HAVE_USER_RSA) && !defined(NO_SHA)
  16762. byte* prvTmp;
  16763. byte* pubTmp;
  16764. int prvBytes;
  16765. int pubBytes;
  16766. RSA *prvRsa = NULL;
  16767. RSA *pubRsa = NULL;
  16768. EVP_PKEY *prvPkey = NULL;
  16769. EVP_PKEY *pubPkey = NULL;
  16770. EVP_PKEY_CTX *enc = NULL;
  16771. EVP_PKEY_CTX *dec = NULL;
  16772. byte in[] = TEST_STRING;
  16773. byte out[256];
  16774. size_t outlen;
  16775. size_t keySz;
  16776. byte plain[256];
  16777. #if !defined(USE_CERT_BUFFERS_1024) && !defined(USE_CERT_BUFFERS_2048)
  16778. XFILE keyFile;
  16779. XFILE keypubFile;
  16780. char cliKey[] = "./certs/client-key.der";
  16781. char cliKeypub[] = "./certs/client-keyPub.der";
  16782. #endif
  16783. prvTmp = (byte*)XMALLOC(FOURK_BUFF, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  16784. if (prvTmp == NULL)
  16785. return ERR_BASE_PKEY-1;
  16786. pubTmp = (byte*)XMALLOC(FOURK_BUFF, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  16787. if (pubTmp == NULL) {
  16788. XFREE(prvTmp, HEAP_HINT ,DYNAMIC_TYPE_TMP_BUFFER);
  16789. return ERR_BASE_PKEY-2;
  16790. }
  16791. #ifdef USE_CERT_BUFFERS_1024
  16792. XMEMCPY(prvTmp, client_key_der_1024, sizeof_client_key_der_1024);
  16793. prvBytes = sizeof_client_key_der_1024;
  16794. XMEMCPY(pubTmp, client_keypub_der_1024, sizeof_client_keypub_der_1024);
  16795. pubBytes = sizeof_client_keypub_der_1024;
  16796. #elif defined(USE_CERT_BUFFERS_2048)
  16797. XMEMCPY(prvTmp, client_key_der_2048, sizeof_client_key_der_2048);
  16798. prvBytes = sizeof_client_key_der_2048;
  16799. XMEMCPY(pubTmp, client_keypub_der_2048, sizeof_client_keypub_der_2048);
  16800. pubBytes = sizeof_client_keypub_der_2048;
  16801. #else
  16802. keyFile = XFOPEN(cliKey, "rb");
  16803. if (!keyFile) {
  16804. XFREE(prvTmp, HEAP_HINT ,DYNAMIC_TYPE_TMP_BUFFER);
  16805. XFREE(pubTmp, HEAP_HINT ,DYNAMIC_TYPE_TMP_BUFFER);
  16806. err_sys("can't open ./certs/client-key.der, "
  16807. "Please run from wolfSSL home dir", ERR_BASE_PKEY-3);
  16808. return ERR_BASE_PKEY-3;
  16809. }
  16810. prvBytes = (int)XFREAD(prvTmp, 1, (int)FOURK_BUFF, keyFile);
  16811. XFCLOSE(keyFile);
  16812. keypubFile = XFOPEN(cliKeypub, "rb");
  16813. if (!keypubFile) {
  16814. XFREE(prvTmp, HEAP_HINT ,DYNAMIC_TYPE_TMP_BUFFER);
  16815. XFREE(pubTmp, HEAP_HINT ,DYNAMIC_TYPE_TMP_BUFFER);
  16816. err_sys("can't open ./certs/client-cert.der, "
  16817. "Please run from wolfSSL home dir", -4);
  16818. return ERR_BASE_PKEY-4;
  16819. }
  16820. pubBytes = (int)XFREAD(pubTmp, 1, (int)FOURK_BUFF, keypubFile);
  16821. XFCLOSE(keypubFile);
  16822. #endif /* USE_CERT_BUFFERS */
  16823. prvRsa = wolfSSL_RSA_new();
  16824. pubRsa = wolfSSL_RSA_new();
  16825. if((prvRsa == NULL) || (pubRsa == NULL)){
  16826. printf("error with RSA_new\n");
  16827. ret = ERR_BASE_PKEY-10;
  16828. goto openssl_pkey0_test_done;
  16829. }
  16830. ret = wolfSSL_RSA_LoadDer_ex(prvRsa, prvTmp, prvBytes, WOLFSSL_RSA_LOAD_PRIVATE);
  16831. if(ret != SSL_SUCCESS){
  16832. printf("error with RSA_LoadDer_ex\n");
  16833. ret = ERR_BASE_PKEY-11;
  16834. goto openssl_pkey0_test_done;
  16835. }
  16836. ret = wolfSSL_RSA_LoadDer_ex(pubRsa, pubTmp, pubBytes, WOLFSSL_RSA_LOAD_PUBLIC);
  16837. if(ret != SSL_SUCCESS){
  16838. printf("error with RSA_LoadDer_ex\n");
  16839. ret = ERR_BASE_PKEY-12;
  16840. goto openssl_pkey0_test_done;
  16841. }
  16842. keySz = (size_t)RSA_size(pubRsa);
  16843. prvPkey = wolfSSL_EVP_PKEY_new();
  16844. pubPkey = wolfSSL_EVP_PKEY_new();
  16845. if((prvPkey == NULL) || (pubPkey == NULL)){
  16846. printf("error with PKEY_new\n");
  16847. ret = ERR_BASE_PKEY-13;
  16848. goto openssl_pkey0_test_done;
  16849. }
  16850. ret = wolfSSL_EVP_PKEY_set1_RSA(prvPkey, prvRsa);
  16851. ret += wolfSSL_EVP_PKEY_set1_RSA(pubPkey, pubRsa);
  16852. if(ret != 2){
  16853. printf("error with PKEY_set1_RSA\n");
  16854. ret = ERR_BASE_PKEY-14;
  16855. goto openssl_pkey0_test_done;
  16856. }
  16857. dec = EVP_PKEY_CTX_new(prvPkey, NULL);
  16858. enc = EVP_PKEY_CTX_new(pubPkey, NULL);
  16859. if((dec == NULL)||(enc==NULL)){
  16860. printf("error with EVP_PKEY_CTX_new\n");
  16861. ret = ERR_BASE_PKEY-15;
  16862. goto openssl_pkey0_test_done;
  16863. }
  16864. ret = EVP_PKEY_decrypt_init(dec);
  16865. if (ret != 1) {
  16866. printf("error with decrypt init\n");
  16867. ret = ERR_BASE_PKEY-16;
  16868. goto openssl_pkey0_test_done;
  16869. }
  16870. ret = EVP_PKEY_encrypt_init(enc);
  16871. if (ret != 1) {
  16872. printf("error with encrypt init\n");
  16873. ret = ERR_BASE_PKEY-17;
  16874. goto openssl_pkey0_test_done;
  16875. }
  16876. XMEMSET(out, 0, sizeof(out));
  16877. ret = EVP_PKEY_encrypt(enc, out, &outlen, in, sizeof(in));
  16878. if (ret != 1) {
  16879. printf("error encrypting msg\n");
  16880. ret = ERR_BASE_PKEY-18;
  16881. goto openssl_pkey0_test_done;
  16882. }
  16883. show("encrypted msg", out, outlen);
  16884. XMEMSET(plain, 0, sizeof(plain));
  16885. ret = EVP_PKEY_decrypt(dec, plain, &outlen, out, keySz);
  16886. if (ret != 1) {
  16887. printf("error decrypting msg\n");
  16888. ret = ERR_BASE_PKEY-19;
  16889. goto openssl_pkey0_test_done;
  16890. }
  16891. show("decrypted msg", plain, outlen);
  16892. /* RSA_PKCS1_OAEP_PADDING test */
  16893. ret = EVP_PKEY_decrypt_init(dec);
  16894. if (ret != 1) {
  16895. printf("error with decrypt init\n");
  16896. ret = ERR_BASE_PKEY-30;
  16897. goto openssl_pkey0_test_done;
  16898. }
  16899. ret = EVP_PKEY_encrypt_init(enc);
  16900. if (ret != 1) {
  16901. printf("error with encrypt init\n");
  16902. ret = ERR_BASE_PKEY-31;
  16903. goto openssl_pkey0_test_done;
  16904. }
  16905. if (EVP_PKEY_CTX_set_rsa_padding(dec, RSA_PKCS1_PADDING) <= 0) {
  16906. printf("first set rsa padding error\n");
  16907. ret = ERR_BASE_PKEY-32;
  16908. goto openssl_pkey0_test_done;
  16909. }
  16910. #ifndef HAVE_FIPS
  16911. if (EVP_PKEY_CTX_set_rsa_padding(dec, RSA_PKCS1_OAEP_PADDING) <= 0){
  16912. printf("second set rsa padding error\n");
  16913. ret = ERR_BASE_PKEY-33;
  16914. goto openssl_pkey0_test_done;
  16915. }
  16916. if (EVP_PKEY_CTX_set_rsa_padding(enc, RSA_PKCS1_OAEP_PADDING) <= 0) {
  16917. printf("third set rsa padding error\n");
  16918. ret = ERR_BASE_PKEY-34;
  16919. goto openssl_pkey0_test_done;
  16920. }
  16921. #endif
  16922. XMEMSET(out, 0, sizeof(out));
  16923. ret = EVP_PKEY_encrypt(enc, out, &outlen, in, sizeof(in));
  16924. if (ret != 1) {
  16925. printf("error encrypting msg\n");
  16926. ret = ERR_BASE_PKEY-35;
  16927. goto openssl_pkey0_test_done;
  16928. }
  16929. show("encrypted msg", out, outlen);
  16930. XMEMSET(plain, 0, sizeof(plain));
  16931. ret = EVP_PKEY_decrypt(dec, plain, &outlen, out, keySz);
  16932. if (ret != 1) {
  16933. printf("error decrypting msg\n");
  16934. ret = ERR_BASE_PKEY-36;
  16935. goto openssl_pkey0_test_done;
  16936. }
  16937. show("decrypted msg", plain, outlen);
  16938. ret = 0; /* made it to this point without error then set success */
  16939. openssl_pkey0_test_done:
  16940. wolfSSL_RSA_free(prvRsa);
  16941. wolfSSL_RSA_free(pubRsa);
  16942. EVP_PKEY_free(pubPkey);
  16943. EVP_PKEY_free(prvPkey);
  16944. EVP_PKEY_CTX_free(dec);
  16945. EVP_PKEY_CTX_free(enc);
  16946. XFREE(prvTmp, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  16947. XFREE(pubTmp, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  16948. #endif /* NO_RSA */
  16949. return ret;
  16950. }
  16951. WOLFSSL_TEST_SUBROUTINE int openssl_pkey1_test(void)
  16952. {
  16953. int ret = 0;
  16954. #if !defined(NO_FILESYSTEM) && !defined(NO_RSA) && !defined(HAVE_USER_RSA) && \
  16955. !defined(NO_SHA)
  16956. EVP_PKEY_CTX* dec = NULL;
  16957. EVP_PKEY_CTX* enc = NULL;
  16958. EVP_PKEY* pubKey = NULL;
  16959. EVP_PKEY* prvKey = NULL;
  16960. X509* x509 = NULL;
  16961. WOLFSSL_SMALL_STACK_STATIC const unsigned char msg[] = "sugar slapped";
  16962. const unsigned char* clikey;
  16963. long cliKeySz;
  16964. size_t outlen;
  16965. int keyLenBits = 2048;
  16966. #ifdef WOLFSSL_SMALL_STACK
  16967. unsigned char *tmp = (unsigned char *)XMALLOC(FOURK_BUF, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  16968. unsigned char *cipher = (unsigned char *)XMALLOC(RSA_TEST_BYTES, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  16969. unsigned char *plain = (unsigned char *)XMALLOC(RSA_TEST_BYTES, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  16970. if ((tmp == NULL) ||
  16971. (cipher == NULL) ||
  16972. (plain == NULL)) {
  16973. ret = -9015;
  16974. goto openssl_pkey1_test_done;
  16975. }
  16976. #else
  16977. unsigned char tmp[FOURK_BUF];
  16978. unsigned char cipher[RSA_TEST_BYTES];
  16979. unsigned char plain[RSA_TEST_BYTES];
  16980. #endif
  16981. #if defined(USE_CERT_BUFFERS_1024)
  16982. XMEMCPY(tmp, client_key_der_1024, sizeof_client_key_der_1024);
  16983. cliKeySz = (long)sizeof_client_key_der_1024;
  16984. x509 = wolfSSL_X509_load_certificate_buffer(client_cert_der_1024,
  16985. sizeof_client_cert_der_1024, SSL_FILETYPE_ASN1);
  16986. keyLenBits = 1024;
  16987. #elif defined(USE_CERT_BUFFERS_2048)
  16988. XMEMCPY(tmp, client_key_der_2048, sizeof_client_key_der_2048);
  16989. cliKeySz = (long)sizeof_client_key_der_2048;
  16990. x509 = wolfSSL_X509_load_certificate_buffer(client_cert_der_2048,
  16991. sizeof_client_cert_der_2048, SSL_FILETYPE_ASN1);
  16992. #elif defined(USE_CERT_BUFFERS_3072)
  16993. XMEMCPY(tmp, client_key_der_3072, sizeof_client_key_der_3072);
  16994. cliKeySz = (long)sizeof_client_key_der_3072;
  16995. x509 = wolfSSL_X509_load_certificate_buffer(client_cert_der_3072,
  16996. sizeof_client_cert_der_3072, SSL_FILETYPE_ASN1);
  16997. keyLenBits = 3072;
  16998. #elif defined(USE_CERT_BUFFERS_4096)
  16999. XMEMCPY(tmp, client_key_der_4096, sizeof_client_key_der_4096);
  17000. cliKeySz = (long)sizeof_client_key_der_4096;
  17001. x509 = wolfSSL_X509_load_certificate_buffer(client_cert_der_4096,
  17002. sizeof_client_cert_der_4096, SSL_FILETYPE_ASN1);
  17003. keyLenBits = 4096;
  17004. #else
  17005. XFILE f;
  17006. f = XFOPEN(clientKey, "rb");
  17007. if (!f) {
  17008. err_sys("can't open ./certs/client-key.der, "
  17009. "Please run from wolfSSL home dir", -41);
  17010. ret = -9000;
  17011. goto openssl_pkey1_test_done;
  17012. }
  17013. cliKeySz = (long)XFREAD(tmp, 1, FOURK_BUF, f);
  17014. XFCLOSE(f);
  17015. /* using existing wolfSSL api to get public and private key */
  17016. x509 = wolfSSL_X509_load_certificate_file(clientCert, SSL_FILETYPE_ASN1);
  17017. #endif /* USE_CERT_BUFFERS */
  17018. clikey = tmp;
  17019. if ((prvKey = EVP_PKEY_new()) == NULL) {
  17020. ret = -9001;
  17021. goto openssl_pkey1_test_done;
  17022. }
  17023. EVP_PKEY_free(prvKey);
  17024. prvKey = NULL;
  17025. if (x509 == NULL) {
  17026. ret = -9002;
  17027. goto openssl_pkey1_test_done;
  17028. }
  17029. pubKey = X509_get_pubkey(x509);
  17030. if (pubKey == NULL) {
  17031. ret = -9003;
  17032. goto openssl_pkey1_test_done;
  17033. }
  17034. prvKey = d2i_PrivateKey(EVP_PKEY_RSA, NULL, &clikey, cliKeySz);
  17035. if (prvKey == NULL) {
  17036. ret = -9004;
  17037. goto openssl_pkey1_test_done;
  17038. }
  17039. /* phase 2 API to create EVP_PKEY_CTX and encrypt/decrypt */
  17040. if (EVP_PKEY_bits(prvKey) != keyLenBits) {
  17041. ret = -9005;
  17042. goto openssl_pkey1_test_done;
  17043. }
  17044. if (EVP_PKEY_size(prvKey) != keyLenBits/8) {
  17045. ret = -9006;
  17046. goto openssl_pkey1_test_done;
  17047. }
  17048. dec = EVP_PKEY_CTX_new(prvKey, NULL);
  17049. enc = EVP_PKEY_CTX_new(pubKey, NULL);
  17050. if (dec == NULL || enc == NULL) {
  17051. ret = -9007;
  17052. goto openssl_pkey1_test_done;
  17053. }
  17054. if (EVP_PKEY_decrypt_init(dec) != 1) {
  17055. ret = -9008;
  17056. goto openssl_pkey1_test_done;
  17057. }
  17058. if (EVP_PKEY_encrypt_init(enc) != 1) {
  17059. ret = -9009;
  17060. goto openssl_pkey1_test_done;
  17061. }
  17062. if (EVP_PKEY_CTX_set_rsa_padding(dec, RSA_PKCS1_PADDING) <= 0) {
  17063. ret = -9010;
  17064. goto openssl_pkey1_test_done;
  17065. }
  17066. #ifndef HAVE_FIPS
  17067. if (EVP_PKEY_CTX_set_rsa_padding(dec, RSA_PKCS1_OAEP_PADDING) <= 0){
  17068. ret = -9011;
  17069. goto openssl_pkey1_test_done;
  17070. }
  17071. if (EVP_PKEY_CTX_set_rsa_padding(enc, RSA_PKCS1_OAEP_PADDING) <= 0) {
  17072. ret = -9012;
  17073. goto openssl_pkey1_test_done;
  17074. }
  17075. #endif
  17076. XMEMSET(cipher, 0, RSA_TEST_BYTES);
  17077. outlen = keyLenBits/8;
  17078. if (EVP_PKEY_encrypt(enc, cipher, &outlen, msg, sizeof(msg)) < 0) {
  17079. ret = -9013;
  17080. goto openssl_pkey1_test_done;
  17081. }
  17082. XMEMSET(plain, 0, RSA_TEST_BYTES);
  17083. if (EVP_PKEY_decrypt(dec, plain, &outlen, cipher, outlen) != 1) {
  17084. ret = -9014;
  17085. goto openssl_pkey1_test_done;
  17086. }
  17087. openssl_pkey1_test_done:
  17088. if (pubKey != NULL) {
  17089. EVP_PKEY_free(pubKey);
  17090. }
  17091. if (prvKey != NULL) {
  17092. EVP_PKEY_free(prvKey);
  17093. }
  17094. if (dec != NULL) {
  17095. EVP_PKEY_CTX_free(dec);
  17096. }
  17097. if (enc != NULL) {
  17098. EVP_PKEY_CTX_free(enc);
  17099. }
  17100. if (x509 != NULL) {
  17101. X509_free(x509);
  17102. }
  17103. #ifdef WOLFSSL_SMALL_STACK
  17104. if (tmp != NULL)
  17105. XFREE(tmp, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  17106. if (cipher != NULL)
  17107. XFREE(cipher, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  17108. if (plain != NULL)
  17109. XFREE(plain, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  17110. #endif
  17111. #endif
  17112. return ret;
  17113. }
  17114. #define ERR_BASE_EVPSIG -5100
  17115. WOLFSSL_TEST_SUBROUTINE int openssl_evpSig_test(void)
  17116. {
  17117. #if !defined(NO_RSA) && !defined(NO_SHA) && !defined(HAVE_USER_RSA)
  17118. byte* prvTmp;
  17119. byte* pubTmp;
  17120. int prvBytes;
  17121. int pubBytes;
  17122. RSA *prvRsa;
  17123. RSA *pubRsa;
  17124. EVP_PKEY *prvPkey;
  17125. EVP_PKEY *pubPkey;
  17126. EVP_MD_CTX* sign;
  17127. EVP_MD_CTX* verf;
  17128. char msg[] = "see spot run";
  17129. unsigned char sig[256];
  17130. unsigned int sigSz;
  17131. const void* pt;
  17132. unsigned int count;
  17133. int ret, ret1, ret2;
  17134. #if !defined(USE_CERT_BUFFERS_1024) && !defined(USE_CERT_BUFFERS_2048)
  17135. XFILE keyFile;
  17136. XFILE keypubFile;
  17137. char cliKey[] = "./certs/client-key.der";
  17138. char cliKeypub[] = "./certs/client-keyPub.der";
  17139. #endif
  17140. prvTmp = (byte*)XMALLOC(FOURK_BUFF, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  17141. if (prvTmp == NULL)
  17142. return ERR_BASE_EVPSIG-1;
  17143. pubTmp = (byte*)XMALLOC(FOURK_BUFF, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  17144. if (pubTmp == NULL) {
  17145. XFREE(prvTmp, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  17146. return ERR_BASE_EVPSIG-2;
  17147. }
  17148. #ifdef USE_CERT_BUFFERS_1024
  17149. XMEMCPY(prvTmp, client_key_der_1024, sizeof_client_key_der_1024);
  17150. prvBytes = sizeof_client_key_der_1024;
  17151. XMEMCPY(pubTmp, client_keypub_der_1024, sizeof_client_keypub_der_1024);
  17152. pubBytes = sizeof_client_keypub_der_1024;
  17153. #elif defined(USE_CERT_BUFFERS_2048)
  17154. XMEMCPY(prvTmp, client_key_der_2048, sizeof_client_key_der_2048);
  17155. prvBytes = sizeof_client_key_der_2048;
  17156. XMEMCPY(pubTmp, client_keypub_der_2048, sizeof_client_keypub_der_2048);
  17157. pubBytes = sizeof_client_keypub_der_2048;
  17158. #else
  17159. keyFile = XFOPEN(cliKey, "rb");
  17160. if (!keyFile) {
  17161. XFREE(pubTmp, HEAP_HINT ,DYNAMIC_TYPE_TMP_BUFFER);
  17162. XFREE(prvTmp, HEAP_HINT ,DYNAMIC_TYPE_TMP_BUFFER);
  17163. err_sys("can't open ./certs/client-key.der, "
  17164. "Please run from wolfSSL home dir", -40);
  17165. return ERR_BASE_EVPSIG-3;
  17166. }
  17167. prvBytes = (int)XFREAD(prvTmp, 1, (int)FOURK_BUFF, keyFile);
  17168. XFCLOSE(keyFile);
  17169. keypubFile = XFOPEN(cliKeypub, "rb");
  17170. if (!keypubFile) {
  17171. XFREE(pubTmp, HEAP_HINT ,DYNAMIC_TYPE_TMP_BUFFER);
  17172. XFREE(prvTmp, HEAP_HINT ,DYNAMIC_TYPE_TMP_BUFFER);
  17173. err_sys("can't open ./certs/client-cert.der, "
  17174. "Please run from wolfSSL home dir", -41);
  17175. return ERR_BASE_EVPSIG-4;
  17176. }
  17177. pubBytes = (int)XFREAD(pubTmp, 1, (int)FOURK_BUFF, keypubFile);
  17178. XFCLOSE(keypubFile);
  17179. #endif /* USE_CERT_BUFFERS */
  17180. prvRsa = wolfSSL_RSA_new();
  17181. pubRsa = wolfSSL_RSA_new();
  17182. if((prvRsa == NULL) || (pubRsa == NULL)){
  17183. XFREE(pubTmp, HEAP_HINT ,DYNAMIC_TYPE_TMP_BUFFER);
  17184. XFREE(prvTmp, HEAP_HINT ,DYNAMIC_TYPE_TMP_BUFFER);
  17185. err_sys("ERROR with RSA_new", -9100);
  17186. return ERR_BASE_EVPSIG-5;
  17187. }
  17188. ret1 = wolfSSL_RSA_LoadDer_ex(prvRsa, prvTmp, prvBytes, WOLFSSL_RSA_LOAD_PRIVATE);
  17189. ret2 = wolfSSL_RSA_LoadDer_ex(pubRsa, pubTmp, pubBytes, WOLFSSL_RSA_LOAD_PUBLIC);
  17190. if((ret1 != SSL_SUCCESS) || (ret2 != SSL_SUCCESS)){
  17191. printf("error with RSA_LoadDer_ex\n");
  17192. return ERR_BASE_EVPSIG-6;
  17193. }
  17194. prvPkey = wolfSSL_EVP_PKEY_new();
  17195. pubPkey = wolfSSL_EVP_PKEY_new();
  17196. if((prvPkey == NULL) || (pubPkey == NULL)){
  17197. XFREE(pubTmp, HEAP_HINT ,DYNAMIC_TYPE_TMP_BUFFER);
  17198. XFREE(prvTmp, HEAP_HINT ,DYNAMIC_TYPE_TMP_BUFFER);
  17199. printf("error with KEY_new\n");
  17200. return ERR_BASE_EVPSIG-7;
  17201. }
  17202. ret1 = wolfSSL_EVP_PKEY_set1_RSA(prvPkey, prvRsa);
  17203. ret2 = wolfSSL_EVP_PKEY_set1_RSA(pubPkey, pubRsa);
  17204. if((ret1 != 1) || (ret2 != 1)){
  17205. XFREE(pubTmp, HEAP_HINT ,DYNAMIC_TYPE_TMP_BUFFER);
  17206. XFREE(prvTmp, HEAP_HINT ,DYNAMIC_TYPE_TMP_BUFFER);
  17207. printf("error with EVP_PKEY_set1_RSA\n");
  17208. return ERR_BASE_EVPSIG-8;
  17209. }
  17210. /****************** sign and verify *******************/
  17211. sign = EVP_MD_CTX_create();
  17212. verf = EVP_MD_CTX_create();
  17213. if((sign == NULL)||(verf == NULL)){
  17214. printf("error with EVP_MD_CTX_create\n");
  17215. EVP_MD_CTX_destroy(sign);
  17216. EVP_MD_CTX_destroy(verf);
  17217. return ERR_BASE_EVPSIG-10;
  17218. }
  17219. ret = EVP_SignInit(sign, EVP_sha1());
  17220. if (ret != SSL_SUCCESS){
  17221. printf("error with EVP_SignInit\n");
  17222. EVP_MD_CTX_destroy(sign);
  17223. EVP_MD_CTX_destroy(verf);
  17224. return ERR_BASE_EVPSIG-11;
  17225. }
  17226. count = sizeof(msg);
  17227. show("message = ", (char *)msg, count);
  17228. /* sign */
  17229. XMEMSET(sig, 0, sizeof(sig));
  17230. pt = (const void*)msg;
  17231. ret1 = EVP_SignUpdate(sign, pt, count);
  17232. ret2 = EVP_SignFinal(sign, sig, &sigSz, prvPkey);
  17233. if((ret1 != SSL_SUCCESS) || (ret2 != SSL_SUCCESS)){
  17234. XFREE(pubTmp, HEAP_HINT ,DYNAMIC_TYPE_TMP_BUFFER);
  17235. XFREE(prvTmp, HEAP_HINT ,DYNAMIC_TYPE_TMP_BUFFER);
  17236. EVP_MD_CTX_destroy(sign);
  17237. EVP_MD_CTX_destroy(verf);
  17238. printf("error with EVP_MD_CTX_create\n");
  17239. return ERR_BASE_EVPSIG-12;
  17240. }
  17241. show("signature = ", (char *)sig, sigSz);
  17242. /* verify */
  17243. pt = (const void*)msg;
  17244. ret1 = EVP_VerifyInit(verf, EVP_sha1());
  17245. ret2 = EVP_VerifyUpdate(verf, pt, count);
  17246. if((ret1 != SSL_SUCCESS) || (ret2 != SSL_SUCCESS)){
  17247. XFREE(pubTmp, HEAP_HINT ,DYNAMIC_TYPE_TMP_BUFFER);
  17248. XFREE(prvTmp, HEAP_HINT ,DYNAMIC_TYPE_TMP_BUFFER);
  17249. EVP_MD_CTX_destroy(sign);
  17250. EVP_MD_CTX_destroy(verf);
  17251. printf("error with EVP_Verify\n");
  17252. return ERR_BASE_EVPSIG-13;
  17253. }
  17254. if (EVP_VerifyFinal(verf, sig, sigSz, pubPkey) != 1) {
  17255. XFREE(pubTmp, HEAP_HINT ,DYNAMIC_TYPE_TMP_BUFFER);
  17256. XFREE(prvTmp, HEAP_HINT ,DYNAMIC_TYPE_TMP_BUFFER);
  17257. EVP_MD_CTX_destroy(sign);
  17258. EVP_MD_CTX_destroy(verf);
  17259. printf("error with EVP_VerifyFinal\n");
  17260. return ERR_BASE_EVPSIG-14;
  17261. }
  17262. /* expect fail without update */
  17263. EVP_VerifyInit(verf, EVP_sha1());
  17264. if (EVP_VerifyFinal(verf, sig, sigSz, pubPkey) == 1) {
  17265. XFREE(pubTmp, HEAP_HINT ,DYNAMIC_TYPE_TMP_BUFFER);
  17266. XFREE(prvTmp, HEAP_HINT ,DYNAMIC_TYPE_TMP_BUFFER);
  17267. EVP_MD_CTX_destroy(sign);
  17268. EVP_MD_CTX_destroy(verf);
  17269. printf("EVP_VerifyInit without update not detected\n");
  17270. return ERR_BASE_EVPSIG-15;
  17271. }
  17272. XFREE(pubTmp, HEAP_HINT ,DYNAMIC_TYPE_TMP_BUFFER);
  17273. XFREE(prvTmp, HEAP_HINT ,DYNAMIC_TYPE_TMP_BUFFER);
  17274. EVP_MD_CTX_destroy(sign);
  17275. EVP_MD_CTX_destroy(verf);
  17276. wolfSSL_RSA_free(prvRsa);
  17277. wolfSSL_RSA_free(pubRsa);
  17278. EVP_PKEY_free(pubPkey);
  17279. EVP_PKEY_free(prvPkey);
  17280. #endif /* NO_RSA */
  17281. return 0;
  17282. }
  17283. #endif /* OPENSSL_EXTRA */
  17284. #ifndef NO_PWDBASED
  17285. #ifdef HAVE_SCRYPT
  17286. /* Test vectors taken from RFC 7914: scrypt PBKDF - Section 12. */
  17287. WOLFSSL_TEST_SUBROUTINE int scrypt_test(void)
  17288. {
  17289. #ifdef HAVE_FIPS
  17290. /* RFC 7914 test vector keys are too short for FIPS. */
  17291. #else
  17292. int ret;
  17293. byte derived[64];
  17294. WOLFSSL_SMALL_STACK_STATIC const byte verify1[] = {
  17295. 0x77, 0xd6, 0x57, 0x62, 0x38, 0x65, 0x7b, 0x20,
  17296. 0x3b, 0x19, 0xca, 0x42, 0xc1, 0x8a, 0x04, 0x97,
  17297. 0xf1, 0x6b, 0x48, 0x44, 0xe3, 0x07, 0x4a, 0xe8,
  17298. 0xdf, 0xdf, 0xfa, 0x3f, 0xed, 0xe2, 0x14, 0x42,
  17299. 0xfc, 0xd0, 0x06, 0x9d, 0xed, 0x09, 0x48, 0xf8,
  17300. 0x32, 0x6a, 0x75, 0x3a, 0x0f, 0xc8, 0x1f, 0x17,
  17301. 0xe8, 0xd3, 0xe0, 0xfb, 0x2e, 0x0d, 0x36, 0x28,
  17302. 0xcf, 0x35, 0xe2, 0x0c, 0x38, 0xd1, 0x89, 0x06
  17303. };
  17304. WOLFSSL_SMALL_STACK_STATIC const byte verify2[] = {
  17305. 0xfd, 0xba, 0xbe, 0x1c, 0x9d, 0x34, 0x72, 0x00,
  17306. 0x78, 0x56, 0xe7, 0x19, 0x0d, 0x01, 0xe9, 0xfe,
  17307. 0x7c, 0x6a, 0xd7, 0xcb, 0xc8, 0x23, 0x78, 0x30,
  17308. 0xe7, 0x73, 0x76, 0x63, 0x4b, 0x37, 0x31, 0x62,
  17309. 0x2e, 0xaf, 0x30, 0xd9, 0x2e, 0x22, 0xa3, 0x88,
  17310. 0x6f, 0xf1, 0x09, 0x27, 0x9d, 0x98, 0x30, 0xda,
  17311. 0xc7, 0x27, 0xaf, 0xb9, 0x4a, 0x83, 0xee, 0x6d,
  17312. 0x83, 0x60, 0xcb, 0xdf, 0xa2, 0xcc, 0x06, 0x40
  17313. };
  17314. #if !defined(BENCH_EMBEDDED) && !defined(WOLFSSL_LINUXKM) && !defined(HAVE_INTEL_QA)
  17315. WOLFSSL_SMALL_STACK_STATIC const byte verify3[] = {
  17316. 0x70, 0x23, 0xbd, 0xcb, 0x3a, 0xfd, 0x73, 0x48,
  17317. 0x46, 0x1c, 0x06, 0xcd, 0x81, 0xfd, 0x38, 0xeb,
  17318. 0xfd, 0xa8, 0xfb, 0xba, 0x90, 0x4f, 0x8e, 0x3e,
  17319. 0xa9, 0xb5, 0x43, 0xf6, 0x54, 0x5d, 0xa1, 0xf2,
  17320. 0xd5, 0x43, 0x29, 0x55, 0x61, 0x3f, 0x0f, 0xcf,
  17321. 0x62, 0xd4, 0x97, 0x05, 0x24, 0x2a, 0x9a, 0xf9,
  17322. 0xe6, 0x1e, 0x85, 0xdc, 0x0d, 0x65, 0x1e, 0x40,
  17323. 0xdf, 0xcf, 0x01, 0x7b, 0x45, 0x57, 0x58, 0x87
  17324. };
  17325. #endif
  17326. #ifdef SCRYPT_TEST_ALL
  17327. /* Test case is very slow.
  17328. * Use for confirmation after code change or new platform.
  17329. */
  17330. WOLFSSL_SMALL_STACK_STATIC const byte verify4[] = {
  17331. 0x21, 0x01, 0xcb, 0x9b, 0x6a, 0x51, 0x1a, 0xae,
  17332. 0xad, 0xdb, 0xbe, 0x09, 0xcf, 0x70, 0xf8, 0x81,
  17333. 0xec, 0x56, 0x8d, 0x57, 0x4a, 0x2f, 0xfd, 0x4d,
  17334. 0xab, 0xe5, 0xee, 0x98, 0x20, 0xad, 0xaa, 0x47,
  17335. 0x8e, 0x56, 0xfd, 0x8f, 0x4b, 0xa5, 0xd0, 0x9f,
  17336. 0xfa, 0x1c, 0x6d, 0x92, 0x7c, 0x40, 0xf4, 0xc3,
  17337. 0x37, 0x30, 0x40, 0x49, 0xe8, 0xa9, 0x52, 0xfb,
  17338. 0xcb, 0xf4, 0x5c, 0x6f, 0xa7, 0x7a, 0x41, 0xa4
  17339. };
  17340. #endif
  17341. ret = wc_scrypt(derived, NULL, 0, NULL, 0, 4, 1, 1, sizeof(verify1));
  17342. if (ret != 0)
  17343. return -9200;
  17344. if (XMEMCMP(derived, verify1, sizeof(verify1)) != 0)
  17345. return -9201;
  17346. ret = wc_scrypt(derived, (byte*)"password", 8, (byte*)"NaCl", 4, 10, 8, 16,
  17347. sizeof(verify2));
  17348. if (ret != 0)
  17349. return -9202;
  17350. if (XMEMCMP(derived, verify2, sizeof(verify2)) != 0)
  17351. return -9203;
  17352. /* Don't run these test on embedded, since they use large mallocs */
  17353. #if !defined(BENCH_EMBEDDED) && !defined(WOLFSSL_LINUXKM) && !defined(HAVE_INTEL_QA)
  17354. ret = wc_scrypt(derived, (byte*)"pleaseletmein", 13,
  17355. (byte*)"SodiumChloride", 14, 14, 8, 1, sizeof(verify3));
  17356. if (ret != 0)
  17357. return -9204;
  17358. if (XMEMCMP(derived, verify3, sizeof(verify3)) != 0)
  17359. return -9205;
  17360. #ifdef SCRYPT_TEST_ALL
  17361. ret = wc_scrypt(derived, (byte*)"pleaseletmein", 13,
  17362. (byte*)"SodiumChloride", 14, 20, 8, 1, sizeof(verify4));
  17363. if (ret != 0)
  17364. return -9206;
  17365. if (XMEMCMP(derived, verify4, sizeof(verify4)) != 0)
  17366. return -9207;
  17367. #endif
  17368. #endif /* !BENCH_EMBEDDED && !defined(WOLFSSL_LINUXKM) && !HAVE_INTEL_QA */
  17369. ret = wc_scrypt_ex(derived, (byte*)"password", 8, (byte*)"NaCl", 4, 1<<10,
  17370. 8, 16, sizeof(verify2));
  17371. if (ret != 0)
  17372. return -9208;
  17373. if (XMEMCMP(derived, verify2, sizeof(verify2)) != 0)
  17374. return -9209;
  17375. #endif /* !HAVE_FIPS */
  17376. return 0;
  17377. }
  17378. #endif
  17379. #ifdef HAVE_PKCS12
  17380. WOLFSSL_TEST_SUBROUTINE int pkcs12_test(void)
  17381. {
  17382. WOLFSSL_SMALL_STACK_STATIC const byte passwd[] = { 0x00, 0x73, 0x00, 0x6d, 0x00, 0x65, 0x00, 0x67,
  17383. 0x00, 0x00 };
  17384. WOLFSSL_SMALL_STACK_STATIC const byte salt[] = { 0x0a, 0x58, 0xCF, 0x64, 0x53, 0x0d, 0x82, 0x3f };
  17385. WOLFSSL_SMALL_STACK_STATIC const byte passwd2[] = { 0x00, 0x71, 0x00, 0x75, 0x00, 0x65, 0x00, 0x65,
  17386. 0x00, 0x67, 0x00, 0x00 };
  17387. WOLFSSL_SMALL_STACK_STATIC const byte salt2[] = { 0x16, 0x82, 0xC0, 0xfC, 0x5b, 0x3f, 0x7e, 0xc5 };
  17388. byte derived[64];
  17389. WOLFSSL_SMALL_STACK_STATIC const byte verify[] = {
  17390. 0x27, 0xE9, 0x0D, 0x7E, 0xD5, 0xA1, 0xC4, 0x11,
  17391. 0xBA, 0x87, 0x8B, 0xC0, 0x90, 0xF5, 0xCE, 0xBE,
  17392. 0x5E, 0x9D, 0x5F, 0xE3, 0xD6, 0x2B, 0x73, 0xAA
  17393. };
  17394. WOLFSSL_SMALL_STACK_STATIC const byte verify2[] = {
  17395. 0x90, 0x1B, 0x49, 0x70, 0xF0, 0x94, 0xF0, 0xF8,
  17396. 0x45, 0xC0, 0xF3, 0xF3, 0x13, 0x59, 0x18, 0x6A,
  17397. 0x35, 0xE3, 0x67, 0xFE, 0xD3, 0x21, 0xFD, 0x7C
  17398. };
  17399. int id = 1;
  17400. int kLen = 24;
  17401. int iterations = 1;
  17402. int ret = wc_PKCS12_PBKDF(derived, passwd, sizeof(passwd), salt, 8,
  17403. iterations, kLen, WC_SHA256, id);
  17404. if (ret < 0)
  17405. return -9300;
  17406. if (XMEMCMP(derived, verify, kLen) != 0)
  17407. return -9301;
  17408. iterations = 1000;
  17409. ret = wc_PKCS12_PBKDF(derived, passwd2, sizeof(passwd2), salt2, 8,
  17410. iterations, kLen, WC_SHA256, id);
  17411. if (ret < 0)
  17412. return -9302;
  17413. ret = wc_PKCS12_PBKDF_ex(derived, passwd2, sizeof(passwd2), salt2, 8,
  17414. iterations, kLen, WC_SHA256, id, HEAP_HINT);
  17415. if (ret < 0)
  17416. return -9303;
  17417. if (XMEMCMP(derived, verify2, 24) != 0)
  17418. return -9304;
  17419. return 0;
  17420. }
  17421. #endif /* HAVE_PKCS12 */
  17422. #if defined(HAVE_PBKDF2) && !defined(NO_SHA256)
  17423. WOLFSSL_TEST_SUBROUTINE int pbkdf2_test(void)
  17424. {
  17425. char passwd[] = "passwordpassword";
  17426. WOLFSSL_SMALL_STACK_STATIC const byte salt[] = { 0x78, 0x57, 0x8E, 0x5a, 0x5d, 0x63, 0xcb, 0x06 };
  17427. int iterations = 2048;
  17428. int kLen = 24;
  17429. byte derived[64];
  17430. WOLFSSL_SMALL_STACK_STATIC const byte verify[] = {
  17431. 0x43, 0x6d, 0xb5, 0xe8, 0xd0, 0xfb, 0x3f, 0x35, 0x42, 0x48, 0x39, 0xbc,
  17432. 0x2d, 0xd4, 0xf9, 0x37, 0xd4, 0x95, 0x16, 0xa7, 0x2a, 0x9a, 0x21, 0xd1
  17433. };
  17434. int ret = wc_PBKDF2_ex(derived, (byte*)passwd, (int)XSTRLEN(passwd), salt,
  17435. (int)sizeof(salt), iterations, kLen, WC_SHA256, HEAP_HINT, devId);
  17436. if (ret != 0)
  17437. return ret;
  17438. if (XMEMCMP(derived, verify, sizeof(verify)) != 0)
  17439. return -9400;
  17440. return 0;
  17441. }
  17442. #endif /* HAVE_PBKDF2 && !NO_SHA256 */
  17443. #if defined(HAVE_PBKDF1) && !defined(NO_SHA)
  17444. WOLFSSL_TEST_SUBROUTINE int pbkdf1_test(void)
  17445. {
  17446. char passwd[] = "password";
  17447. WOLFSSL_SMALL_STACK_STATIC const byte salt[] = { 0x78, 0x57, 0x8E, 0x5a, 0x5d, 0x63, 0xcb, 0x06 };
  17448. int iterations = 1000;
  17449. int kLen = 16;
  17450. byte derived[16];
  17451. WOLFSSL_SMALL_STACK_STATIC const byte verify[] = {
  17452. 0xDC, 0x19, 0x84, 0x7E, 0x05, 0xC6, 0x4D, 0x2F,
  17453. 0xAF, 0x10, 0xEB, 0xFB, 0x4A, 0x3D, 0x2A, 0x20
  17454. };
  17455. int ret = wc_PBKDF1_ex(derived, kLen, NULL, 0, (byte*)passwd,
  17456. (int)XSTRLEN(passwd), salt, (int)sizeof(salt), iterations, WC_SHA,
  17457. HEAP_HINT);
  17458. if (ret != 0)
  17459. return ret;
  17460. if (XMEMCMP(derived, verify, sizeof(verify)) != 0)
  17461. return -9500;
  17462. return 0;
  17463. }
  17464. #endif /* HAVE_PBKDF2 && !NO_SHA */
  17465. WOLFSSL_TEST_SUBROUTINE int pwdbased_test(void)
  17466. {
  17467. int ret = 0;
  17468. #if defined(HAVE_PBKDF1) && !defined(NO_SHA)
  17469. ret = pbkdf1_test();
  17470. if (ret != 0)
  17471. return ret;
  17472. #endif
  17473. #if defined(HAVE_PBKDF2) && !defined(NO_SHA256)
  17474. ret = pbkdf2_test();
  17475. if (ret != 0)
  17476. return ret;
  17477. #endif
  17478. #ifdef HAVE_PKCS12
  17479. ret = pkcs12_test();
  17480. if (ret != 0)
  17481. return ret;
  17482. #endif
  17483. #ifdef HAVE_SCRYPT
  17484. ret = scrypt_test();
  17485. if (ret != 0)
  17486. return ret;
  17487. #endif
  17488. return ret;
  17489. }
  17490. #endif /* NO_PWDBASED */
  17491. #if defined(HAVE_HKDF) && (!defined(NO_SHA) || !defined(NO_SHA256))
  17492. /* WOLFSSL_TEST_SUBROUTINE */ static int hkdf_test(void)
  17493. {
  17494. int ret;
  17495. int L = 42;
  17496. byte okm1[42];
  17497. byte ikm1[22] = { 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b,
  17498. 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b,
  17499. 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b };
  17500. byte salt1[13] ={ 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
  17501. 0x08, 0x09, 0x0a, 0x0b, 0x0c };
  17502. byte info1[10] ={ 0xf0, 0xf1, 0xf2, 0xf3, 0xf4, 0xf5, 0xf6, 0xf7,
  17503. 0xf8, 0xf9 };
  17504. byte res1[42] = { 0x0a, 0xc1, 0xaf, 0x70, 0x02, 0xb3, 0xd7, 0x61,
  17505. 0xd1, 0xe5, 0x52, 0x98, 0xda, 0x9d, 0x05, 0x06,
  17506. 0xb9, 0xae, 0x52, 0x05, 0x72, 0x20, 0xa3, 0x06,
  17507. 0xe0, 0x7b, 0x6b, 0x87, 0xe8, 0xdf, 0x21, 0xd0,
  17508. 0xea, 0x00, 0x03, 0x3d, 0xe0, 0x39, 0x84, 0xd3,
  17509. 0x49, 0x18 };
  17510. byte res2[42] = { 0x08, 0x5a, 0x01, 0xea, 0x1b, 0x10, 0xf3, 0x69,
  17511. 0x33, 0x06, 0x8b, 0x56, 0xef, 0xa5, 0xad, 0x81,
  17512. 0xa4, 0xf1, 0x4b, 0x82, 0x2f, 0x5b, 0x09, 0x15,
  17513. 0x68, 0xa9, 0xcd, 0xd4, 0xf1, 0x55, 0xfd, 0xa2,
  17514. 0xc2, 0x2e, 0x42, 0x24, 0x78, 0xd3, 0x05, 0xf3,
  17515. 0xf8, 0x96 };
  17516. byte res3[42] = { 0x8d, 0xa4, 0xe7, 0x75, 0xa5, 0x63, 0xc1, 0x8f,
  17517. 0x71, 0x5f, 0x80, 0x2a, 0x06, 0x3c, 0x5a, 0x31,
  17518. 0xb8, 0xa1, 0x1f, 0x5c, 0x5e, 0xe1, 0x87, 0x9e,
  17519. 0xc3, 0x45, 0x4e, 0x5f, 0x3c, 0x73, 0x8d, 0x2d,
  17520. 0x9d, 0x20, 0x13, 0x95, 0xfa, 0xa4, 0xb6, 0x1a,
  17521. 0x96, 0xc8 };
  17522. byte res4[42] = { 0x3c, 0xb2, 0x5f, 0x25, 0xfa, 0xac, 0xd5, 0x7a,
  17523. 0x90, 0x43, 0x4f, 0x64, 0xd0, 0x36, 0x2f, 0x2a,
  17524. 0x2d, 0x2d, 0x0a, 0x90, 0xcf, 0x1a, 0x5a, 0x4c,
  17525. 0x5d, 0xb0, 0x2d, 0x56, 0xec, 0xc4, 0xc5, 0xbf,
  17526. 0x34, 0x00, 0x72, 0x08, 0xd5, 0xb8, 0x87, 0x18,
  17527. 0x58, 0x65 };
  17528. (void)res1;
  17529. (void)res2;
  17530. (void)res3;
  17531. (void)res4;
  17532. (void)salt1;
  17533. (void)info1;
  17534. #ifndef NO_SHA
  17535. ret = wc_HKDF(WC_SHA, ikm1, 22, NULL, 0, NULL, 0, okm1, L);
  17536. if (ret != 0)
  17537. return -9700;
  17538. if (XMEMCMP(okm1, res1, L) != 0)
  17539. return -9701;
  17540. #ifndef HAVE_FIPS
  17541. /* fips can't have key size under 14 bytes, salt is key too */
  17542. ret = wc_HKDF(WC_SHA, ikm1, 11, salt1, 13, info1, 10, okm1, L);
  17543. if (ret != 0)
  17544. return -9702;
  17545. if (XMEMCMP(okm1, res2, L) != 0)
  17546. return -9703;
  17547. #endif /* HAVE_FIPS */
  17548. #endif /* NO_SHA */
  17549. #ifndef NO_SHA256
  17550. ret = wc_HKDF(WC_SHA256, ikm1, 22, NULL, 0, NULL, 0, okm1, L);
  17551. if (ret != 0)
  17552. return -9704;
  17553. if (XMEMCMP(okm1, res3, L) != 0)
  17554. return -9705;
  17555. #ifndef HAVE_FIPS
  17556. /* fips can't have key size under 14 bytes, salt is key too */
  17557. ret = wc_HKDF(WC_SHA256, ikm1, 22, salt1, 13, info1, 10, okm1, L);
  17558. if (ret != 0)
  17559. return -9706;
  17560. if (XMEMCMP(okm1, res4, L) != 0)
  17561. return -9707;
  17562. #endif /* HAVE_FIPS */
  17563. #endif /* NO_SHA256 */
  17564. return 0;
  17565. }
  17566. #endif /* HAVE_HKDF */
  17567. #if defined(HAVE_ECC) && defined(HAVE_X963_KDF)
  17568. WOLFSSL_TEST_SUBROUTINE int x963kdf_test(void)
  17569. {
  17570. int ret;
  17571. byte kek[128];
  17572. #ifndef NO_SHA
  17573. /* SHA-1, COUNT = 0
  17574. * shared secret length: 192
  17575. * SharedInfo length: 0
  17576. * key data length: 128
  17577. */
  17578. WOLFSSL_SMALL_STACK_STATIC const byte Z[] = {
  17579. 0x1c, 0x7d, 0x7b, 0x5f, 0x05, 0x97, 0xb0, 0x3d,
  17580. 0x06, 0xa0, 0x18, 0x46, 0x6e, 0xd1, 0xa9, 0x3e,
  17581. 0x30, 0xed, 0x4b, 0x04, 0xdc, 0x64, 0xcc, 0xdd
  17582. };
  17583. WOLFSSL_SMALL_STACK_STATIC const byte verify[] = {
  17584. 0xbf, 0x71, 0xdf, 0xfd, 0x8f, 0x4d, 0x99, 0x22,
  17585. 0x39, 0x36, 0xbe, 0xb4, 0x6f, 0xee, 0x8c, 0xcc
  17586. };
  17587. #endif
  17588. #ifndef NO_SHA256
  17589. /* SHA-256, COUNT = 3
  17590. * shared secret length: 192
  17591. * SharedInfo length: 0
  17592. * key data length: 128
  17593. */
  17594. WOLFSSL_SMALL_STACK_STATIC const byte Z2[] = {
  17595. 0xd3, 0x8b, 0xdb, 0xe5, 0xc4, 0xfc, 0x16, 0x4c,
  17596. 0xdd, 0x96, 0x7f, 0x63, 0xc0, 0x4f, 0xe0, 0x7b,
  17597. 0x60, 0xcd, 0xe8, 0x81, 0xc2, 0x46, 0x43, 0x8c
  17598. };
  17599. WOLFSSL_SMALL_STACK_STATIC const byte verify2[] = {
  17600. 0x5e, 0x67, 0x4d, 0xb9, 0x71, 0xba, 0xc2, 0x0a,
  17601. 0x80, 0xba, 0xd0, 0xd4, 0x51, 0x4d, 0xc4, 0x84
  17602. };
  17603. #endif
  17604. #ifdef WOLFSSL_SHA512
  17605. /* SHA-512, COUNT = 0
  17606. * shared secret length: 192
  17607. * SharedInfo length: 0
  17608. * key data length: 128
  17609. */
  17610. WOLFSSL_SMALL_STACK_STATIC const byte Z3[] = {
  17611. 0x87, 0xfc, 0x0d, 0x8c, 0x44, 0x77, 0x48, 0x5b,
  17612. 0xb5, 0x74, 0xf5, 0xfc, 0xea, 0x26, 0x4b, 0x30,
  17613. 0x88, 0x5d, 0xc8, 0xd9, 0x0a, 0xd8, 0x27, 0x82
  17614. };
  17615. WOLFSSL_SMALL_STACK_STATIC const byte verify3[] = {
  17616. 0x94, 0x76, 0x65, 0xfb, 0xb9, 0x15, 0x21, 0x53,
  17617. 0xef, 0x46, 0x02, 0x38, 0x50, 0x6a, 0x02, 0x45
  17618. };
  17619. /* SHA-512, COUNT = 0
  17620. * shared secret length: 521
  17621. * SharedInfo length: 128
  17622. * key data length: 1024
  17623. */
  17624. WOLFSSL_SMALL_STACK_STATIC const byte Z4[] = {
  17625. 0x00, 0xaa, 0x5b, 0xb7, 0x9b, 0x33, 0xe3, 0x89,
  17626. 0xfa, 0x58, 0xce, 0xad, 0xc0, 0x47, 0x19, 0x7f,
  17627. 0x14, 0xe7, 0x37, 0x12, 0xf4, 0x52, 0xca, 0xa9,
  17628. 0xfc, 0x4c, 0x9a, 0xdb, 0x36, 0x93, 0x48, 0xb8,
  17629. 0x15, 0x07, 0x39, 0x2f, 0x1a, 0x86, 0xdd, 0xfd,
  17630. 0xb7, 0xc4, 0xff, 0x82, 0x31, 0xc4, 0xbd, 0x0f,
  17631. 0x44, 0xe4, 0x4a, 0x1b, 0x55, 0xb1, 0x40, 0x47,
  17632. 0x47, 0xa9, 0xe2, 0xe7, 0x53, 0xf5, 0x5e, 0xf0,
  17633. 0x5a, 0x2d
  17634. };
  17635. WOLFSSL_SMALL_STACK_STATIC const byte info4[] = {
  17636. 0xe3, 0xb5, 0xb4, 0xc1, 0xb0, 0xd5, 0xcf, 0x1d,
  17637. 0x2b, 0x3a, 0x2f, 0x99, 0x37, 0x89, 0x5d, 0x31
  17638. };
  17639. WOLFSSL_SMALL_STACK_STATIC const byte verify4[] = {
  17640. 0x44, 0x63, 0xf8, 0x69, 0xf3, 0xcc, 0x18, 0x76,
  17641. 0x9b, 0x52, 0x26, 0x4b, 0x01, 0x12, 0xb5, 0x85,
  17642. 0x8f, 0x7a, 0xd3, 0x2a, 0x5a, 0x2d, 0x96, 0xd8,
  17643. 0xcf, 0xfa, 0xbf, 0x7f, 0xa7, 0x33, 0x63, 0x3d,
  17644. 0x6e, 0x4d, 0xd2, 0xa5, 0x99, 0xac, 0xce, 0xb3,
  17645. 0xea, 0x54, 0xa6, 0x21, 0x7c, 0xe0, 0xb5, 0x0e,
  17646. 0xef, 0x4f, 0x6b, 0x40, 0xa5, 0xc3, 0x02, 0x50,
  17647. 0xa5, 0xa8, 0xee, 0xee, 0x20, 0x80, 0x02, 0x26,
  17648. 0x70, 0x89, 0xdb, 0xf3, 0x51, 0xf3, 0xf5, 0x02,
  17649. 0x2a, 0xa9, 0x63, 0x8b, 0xf1, 0xee, 0x41, 0x9d,
  17650. 0xea, 0x9c, 0x4f, 0xf7, 0x45, 0xa2, 0x5a, 0xc2,
  17651. 0x7b, 0xda, 0x33, 0xca, 0x08, 0xbd, 0x56, 0xdd,
  17652. 0x1a, 0x59, 0xb4, 0x10, 0x6c, 0xf2, 0xdb, 0xbc,
  17653. 0x0a, 0xb2, 0xaa, 0x8e, 0x2e, 0xfa, 0x7b, 0x17,
  17654. 0x90, 0x2d, 0x34, 0x27, 0x69, 0x51, 0xce, 0xcc,
  17655. 0xab, 0x87, 0xf9, 0x66, 0x1c, 0x3e, 0x88, 0x16
  17656. };
  17657. #endif
  17658. #ifndef NO_SHA
  17659. ret = wc_X963_KDF(WC_HASH_TYPE_SHA, Z, sizeof(Z), NULL, 0,
  17660. kek, sizeof(verify));
  17661. if (ret != 0)
  17662. return -9800;
  17663. if (XMEMCMP(verify, kek, sizeof(verify)) != 0)
  17664. return -9801;
  17665. #endif
  17666. #ifndef NO_SHA256
  17667. ret = wc_X963_KDF(WC_HASH_TYPE_SHA256, Z2, sizeof(Z2), NULL, 0,
  17668. kek, sizeof(verify2));
  17669. if (ret != 0)
  17670. return -9802;
  17671. if (XMEMCMP(verify2, kek, sizeof(verify2)) != 0)
  17672. return -9803;
  17673. #endif
  17674. #ifdef WOLFSSL_SHA512
  17675. ret = wc_X963_KDF(WC_HASH_TYPE_SHA512, Z3, sizeof(Z3), NULL, 0,
  17676. kek, sizeof(verify3));
  17677. if (ret != 0)
  17678. return -9804;
  17679. if (XMEMCMP(verify3, kek, sizeof(verify3)) != 0)
  17680. return -9805;
  17681. ret = wc_X963_KDF(WC_HASH_TYPE_SHA512, Z4, sizeof(Z4), info4,
  17682. sizeof(info4), kek, sizeof(verify4));
  17683. if (ret != 0)
  17684. return -9806;
  17685. if (XMEMCMP(verify4, kek, sizeof(verify4)) != 0)
  17686. return -9807;
  17687. #endif
  17688. return 0;
  17689. }
  17690. #endif /* HAVE_X963_KDF */
  17691. #ifdef HAVE_ECC
  17692. /* size to use for ECC key gen tests */
  17693. #ifndef ECC_KEYGEN_SIZE
  17694. #ifndef NO_ECC256
  17695. #define ECC_KEYGEN_SIZE 32
  17696. #elif defined(HAVE_ECC384)
  17697. #define ECC_KEYGEN_SIZE 48
  17698. #elif defined(HAVE_ECC224)
  17699. #define ECC_KEYGEN_SIZE 28
  17700. #elif defined(HAVE_ECC521)
  17701. #define ECC_KEYGEN_SIZE 66
  17702. #else
  17703. #error No ECC keygen size defined for test
  17704. #endif
  17705. #endif
  17706. #ifdef BENCH_EMBEDDED
  17707. #define ECC_SHARED_SIZE 128
  17708. #else
  17709. #define ECC_SHARED_SIZE MAX_ECC_BYTES
  17710. #endif
  17711. #define ECC_DIGEST_SIZE MAX_ECC_BYTES
  17712. #define ECC_SIG_SIZE ECC_MAX_SIG_SIZE
  17713. #ifndef NO_ECC_VECTOR_TEST
  17714. #if (defined(HAVE_ECC192) || defined(HAVE_ECC224) ||\
  17715. !defined(NO_ECC256) || defined(HAVE_ECC384) ||\
  17716. defined(HAVE_ECC521) || defined(HAVE_ALL_CURVES))
  17717. #define HAVE_ECC_VECTOR_TEST
  17718. #endif
  17719. #endif
  17720. #ifdef HAVE_ECC_VECTOR_TEST
  17721. typedef struct eccVector {
  17722. const char* msg; /* SHA-1 Encoded Message */
  17723. const char* Qx;
  17724. const char* Qy;
  17725. const char* d; /* Private Key */
  17726. const char* R;
  17727. const char* S;
  17728. const char* curveName;
  17729. word32 msgLen;
  17730. word32 keySize;
  17731. #ifndef NO_ASN
  17732. const byte* r;
  17733. word32 rSz;
  17734. const byte* s;
  17735. word32 sSz;
  17736. #endif
  17737. } eccVector;
  17738. static int ecc_test_vector_item(const eccVector* vector)
  17739. {
  17740. int ret = 0, verify = 0;
  17741. word32 sigSz;
  17742. #ifdef WOLFSSL_SMALL_STACK
  17743. ecc_key *userA = (ecc_key *)XMALLOC(sizeof *userA, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  17744. #else
  17745. ecc_key userA[1];
  17746. #endif
  17747. DECLARE_VAR(sig, byte, ECC_SIG_SIZE, HEAP_HINT);
  17748. #if !defined(NO_ASN) && !defined(HAVE_SELFTEST)
  17749. word32 sigRawSz, rSz = MAX_ECC_BYTES, sSz = MAX_ECC_BYTES;
  17750. DECLARE_VAR(sigRaw, byte, ECC_SIG_SIZE, HEAP_HINT);
  17751. DECLARE_VAR(r, byte, MAX_ECC_BYTES, HEAP_HINT);
  17752. DECLARE_VAR(s, byte, MAX_ECC_BYTES, HEAP_HINT);
  17753. #endif
  17754. #ifdef DECLARE_VAR_IS_HEAP_ALLOC
  17755. if (sig == NULL)
  17756. ERROR_OUT(MEMORY_E, done);
  17757. #if !defined(NO_ASN) && !defined(HAVE_SELFTEST)
  17758. if (sigRaw == NULL || r == NULL || s == NULL)
  17759. ERROR_OUT(MEMORY_E, done);
  17760. #endif
  17761. #endif
  17762. #ifdef WOLFSSL_SMALL_STACK
  17763. if (userA == NULL)
  17764. ERROR_OUT(MEMORY_E, done);
  17765. #endif
  17766. ret = wc_ecc_init_ex(userA, HEAP_HINT, devId);
  17767. if (ret != 0)
  17768. goto done;
  17769. ret = wc_ecc_import_raw(userA, vector->Qx, vector->Qy,
  17770. vector->d, vector->curveName);
  17771. if (ret != 0)
  17772. goto done;
  17773. XMEMSET(sig, 0, ECC_SIG_SIZE);
  17774. sigSz = ECC_SIG_SIZE;
  17775. ret = wc_ecc_rs_to_sig(vector->R, vector->S, sig, &sigSz);
  17776. if (ret != 0)
  17777. goto done;
  17778. #if !defined(NO_ASN) && !defined(HAVE_SELFTEST)
  17779. XMEMSET(sigRaw, 0, ECC_SIG_SIZE);
  17780. sigRawSz = ECC_SIG_SIZE;
  17781. ret = wc_ecc_rs_raw_to_sig(vector->r, vector->rSz, vector->s, vector->sSz,
  17782. sigRaw, &sigRawSz);
  17783. if (ret != 0)
  17784. goto done;
  17785. if (sigSz != sigRawSz || XMEMCMP(sig, sigRaw, sigSz) != 0) {
  17786. ret = -9810;
  17787. goto done;
  17788. }
  17789. ret = wc_ecc_sig_to_rs(sig, sigSz, r, &rSz, s, &sSz);
  17790. if (ret != 0)
  17791. goto done;
  17792. if (rSz != vector->rSz || XMEMCMP(r, vector->r, rSz) != 0 ||
  17793. sSz != vector->sSz || XMEMCMP(s, vector->s, sSz) != 0) {
  17794. ret = -9811;
  17795. goto done;
  17796. }
  17797. #endif
  17798. do {
  17799. #if defined(WOLFSSL_ASYNC_CRYPT)
  17800. ret = wc_AsyncWait(ret, &userA->asyncDev, WC_ASYNC_FLAG_CALL_AGAIN);
  17801. #endif
  17802. if (ret == 0)
  17803. ret = wc_ecc_verify_hash(sig, sigSz, (byte*)vector->msg,
  17804. vector->msgLen, &verify, userA);
  17805. } while (ret == WC_PENDING_E);
  17806. if (ret != 0)
  17807. goto done;
  17808. TEST_SLEEP();
  17809. if (verify != 1)
  17810. ret = -9812;
  17811. done:
  17812. #ifdef WOLFSSL_SMALL_STACK
  17813. if (userA != NULL) {
  17814. wc_ecc_free(userA);
  17815. XFREE(userA, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  17816. }
  17817. #else
  17818. wc_ecc_free(userA);
  17819. #endif
  17820. #if !defined(NO_ASN) && !defined(HAVE_SELFTEST)
  17821. FREE_VAR(sigRaw, HEAP_HINT);
  17822. FREE_VAR(r, HEAP_HINT);
  17823. FREE_VAR(s, HEAP_HINT);
  17824. #endif
  17825. FREE_VAR(sig, HEAP_HINT);
  17826. return ret;
  17827. }
  17828. static int ecc_test_vector(int keySize)
  17829. {
  17830. int ret;
  17831. eccVector vec;
  17832. XMEMSET(&vec, 0, sizeof(vec));
  17833. vec.keySize = (word32)keySize;
  17834. switch(keySize) {
  17835. #if defined(HAVE_ECC112) || defined(HAVE_ALL_CURVES)
  17836. case 14:
  17837. return 0;
  17838. #endif /* HAVE_ECC112 */
  17839. #if defined(HAVE_ECC128) || defined(HAVE_ALL_CURVES)
  17840. case 16:
  17841. return 0;
  17842. #endif /* HAVE_ECC128 */
  17843. #if defined(HAVE_ECC160) || defined(HAVE_ALL_CURVES)
  17844. case 20:
  17845. return 0;
  17846. #endif /* HAVE_ECC160 */
  17847. #if defined(HAVE_ECC192) || defined(HAVE_ALL_CURVES)
  17848. case 24:
  17849. /* first [P-192,SHA-1] vector from FIPS 186-3 NIST vectors */
  17850. #if 1
  17851. vec.msg = "\x60\x80\x79\x42\x3f\x12\x42\x1d\xe6\x16\xb7\x49\x3e\xbe\x55\x1c\xf4\xd6\x5b\x92";
  17852. vec.msgLen = 20;
  17853. #else
  17854. /* This is the raw message prior to SHA-1 */
  17855. vec.msg =
  17856. "\xeb\xf7\x48\xd7\x48\xeb\xbc\xa7\xd2\x9f\xb4\x73\x69\x8a\x6e\x6b"
  17857. "\x4f\xb1\x0c\x86\x5d\x4a\xf0\x24\xcc\x39\xae\x3d\xf3\x46\x4b\xa4"
  17858. "\xf1\xd6\xd4\x0f\x32\xbf\x96\x18\xa9\x1b\xb5\x98\x6f\xa1\xa2\xaf"
  17859. "\x04\x8a\x0e\x14\xdc\x51\xe5\x26\x7e\xb0\x5e\x12\x7d\x68\x9d\x0a"
  17860. "\xc6\xf1\xa7\xf1\x56\xce\x06\x63\x16\xb9\x71\xcc\x7a\x11\xd0\xfd"
  17861. "\x7a\x20\x93\xe2\x7c\xf2\xd0\x87\x27\xa4\xe6\x74\x8c\xc3\x2f\xd5"
  17862. "\x9c\x78\x10\xc5\xb9\x01\x9d\xf2\x1c\xdc\xc0\xbc\xa4\x32\xc0\xa3"
  17863. "\xee\xd0\x78\x53\x87\x50\x88\x77\x11\x43\x59\xce\xe4\xa0\x71\xcf";
  17864. vec.msgLen = 128;
  17865. #endif
  17866. vec.Qx = "07008ea40b08dbe76432096e80a2494c94982d2d5bcf98e6";
  17867. vec.Qy = "76fab681d00b414ea636ba215de26d98c41bd7f2e4d65477";
  17868. vec.d = "e14f37b3d1374ff8b03f41b9b3fdd2f0ebccf275d660d7f3";
  17869. vec.R = "6994d962bdd0d793ffddf855ec5bf2f91a9698b46258a63e";
  17870. vec.S = "02ba6465a234903744ab02bc8521405b73cf5fc00e1a9f41";
  17871. vec.curveName = "SECP192R1";
  17872. #ifndef NO_ASN
  17873. vec.r = (byte*)"\x69\x94\xd9\x62\xbd\xd0\xd7\x93\xff\xdd\xf8\x55"
  17874. "\xec\x5b\xf2\xf9\x1a\x96\x98\xb4\x62\x58\xa6\x3e";
  17875. vec.rSz = 24;
  17876. vec.s = (byte*)"\x02\xba\x64\x65\xa2\x34\x90\x37\x44\xab\x02\xbc"
  17877. "\x85\x21\x40\x5b\x73\xcf\x5f\xc0\x0e\x1a\x9f\x41";
  17878. vec.sSz = 24;
  17879. #endif
  17880. break;
  17881. #endif /* HAVE_ECC192 */
  17882. #if defined(HAVE_ECC224) || defined(HAVE_ALL_CURVES)
  17883. case 28:
  17884. /* first [P-224,SHA-1] vector from FIPS 186-3 NIST vectors */
  17885. #if 1
  17886. vec.msg = "\xb9\xa3\xb8\x6d\xb0\xba\x99\xfd\xc6\xd2\x94\x6b\xfe\xbe\x9c\xe8\x3f\x10\x74\xfc";
  17887. vec.msgLen = 20;
  17888. #else
  17889. /* This is the raw message prior to SHA-1 */
  17890. vec.msg =
  17891. "\x36\xc8\xb2\x29\x86\x48\x7f\x67\x7c\x18\xd0\x97\x2a\x9e\x20\x47"
  17892. "\xb3\xaf\xa5\x9e\xc1\x62\x76\x4e\xc3\x0b\x5b\x69\xe0\x63\x0f\x99"
  17893. "\x0d\x4e\x05\xc2\x73\xb0\xe5\xa9\xd4\x28\x27\xb6\x95\xfc\x2d\x64"
  17894. "\xd9\x13\x8b\x1c\xf4\xc1\x21\x55\x89\x4c\x42\x13\x21\xa7\xbb\x97"
  17895. "\x0b\xdc\xe0\xfb\xf0\xd2\xae\x85\x61\xaa\xd8\x71\x7f\x2e\x46\xdf"
  17896. "\xe3\xff\x8d\xea\xb4\xd7\x93\x23\x56\x03\x2c\x15\x13\x0d\x59\x9e"
  17897. "\x26\xc1\x0f\x2f\xec\x96\x30\x31\xac\x69\x38\xa1\x8d\x66\x45\x38"
  17898. "\xb9\x4d\xac\x55\x34\xef\x7b\x59\x94\x24\xd6\x9b\xe1\xf7\x1c\x20";
  17899. vec.msgLen = 128;
  17900. #endif
  17901. vec.Qx = "8a4dca35136c4b70e588e23554637ae251077d1365a6ba5db9585de7";
  17902. vec.Qy = "ad3dee06de0be8279d4af435d7245f14f3b4f82eb578e519ee0057b1";
  17903. vec.d = "97c4b796e1639dd1035b708fc00dc7ba1682cec44a1002a1a820619f";
  17904. vec.R = "147b33758321e722a0360a4719738af848449e2c1d08defebc1671a7";
  17905. vec.S = "24fc7ed7f1352ca3872aa0916191289e2e04d454935d50fe6af3ad5b";
  17906. vec.curveName = "SECP224R1";
  17907. #ifndef NO_ASN
  17908. vec.r = (byte*)"\x14\x7b\x33\x75\x83\x21\xe7\x22\xa0\x36\x0a\x47"
  17909. "\x19\x73\x8a\xf8\x48\x44\x9e\x2c\x1d\x08\xde\xfe"
  17910. "\xbc\x16\x71\xa7";
  17911. vec.rSz = 28;
  17912. vec.s = (byte*)"\x24\xfc\x7e\xd7\xf1\x35\x2c\xa3\x87\x2a\xa0\x91"
  17913. "\x61\x91\x28\x9e\x2e\x04\xd4\x54\x93\x5d\x50\xfe"
  17914. "\x6a\xf3\xad\x5b";
  17915. vec.sSz = 28;
  17916. #endif
  17917. break;
  17918. #endif /* HAVE_ECC224 */
  17919. #if defined(HAVE_ECC239) || defined(HAVE_ALL_CURVES)
  17920. case 30:
  17921. return 0;
  17922. #endif /* HAVE_ECC239 */
  17923. #if !defined(NO_ECC256) || defined(HAVE_ALL_CURVES)
  17924. case 32:
  17925. /* first [P-256,SHA-1] vector from FIPS 186-3 NIST vectors */
  17926. #if 1
  17927. vec.msg = "\xa3\xf9\x1a\xe2\x1b\xa6\xb3\x03\x98\x64\x47\x2f\x18\x41\x44\xc6\xaf\x62\xcd\x0e";
  17928. vec.msgLen = 20;
  17929. #else
  17930. /* This is the raw message prior to SHA-1 */
  17931. vec.msg =
  17932. "\xa2\x4b\x21\x76\x2e\x6e\xdb\x15\x3c\xc1\x14\x38\xdb\x0e\x92\xcd"
  17933. "\xf5\x2b\x86\xb0\x6c\xa9\x70\x16\x06\x27\x59\xc7\x0d\x36\xd1\x56"
  17934. "\x2c\xc9\x63\x0d\x7f\xc7\xc7\x74\xb2\x8b\x54\xe3\x1e\xf5\x58\x72"
  17935. "\xb2\xa6\x5d\xf1\xd7\xec\x26\xde\xbb\x33\xe7\xd9\x27\xef\xcc\xf4"
  17936. "\x6b\x63\xde\x52\xa4\xf4\x31\xea\xca\x59\xb0\x5d\x2e\xde\xc4\x84"
  17937. "\x5f\xff\xc0\xee\x15\x03\x94\xd6\x1f\x3d\xfe\xcb\xcd\xbf\x6f\x5a"
  17938. "\x73\x38\xd0\xbe\x3f\x2a\x77\x34\x51\x98\x3e\xba\xeb\x48\xf6\x73"
  17939. "\x8f\xc8\x95\xdf\x35\x7e\x1a\x48\xa6\x53\xbb\x35\x5a\x31\xa1\xb4"
  17940. vec.msgLen = 128;
  17941. #endif
  17942. vec.Qx = "fa2737fb93488d19caef11ae7faf6b7f4bcd67b286e3fc54e8a65c2b74aeccb0";
  17943. vec.Qy = "d4ccd6dae698208aa8c3a6f39e45510d03be09b2f124bfc067856c324f9b4d09";
  17944. vec.d = "be34baa8d040a3b991f9075b56ba292f755b90e4b6dc10dad36715c33cfdac25";
  17945. vec.R = "2b826f5d44e2d0b6de531ad96b51e8f0c56fdfead3c236892e4d84eacfc3b75c";
  17946. vec.S = "a2248b62c03db35a7cd63e8a120a3521a89d3d2f61ff99035a2148ae32e3a248";
  17947. #ifndef NO_ASN
  17948. vec.r = (byte*)"\x2b\x82\x6f\x5d\x44\xe2\xd0\xb6\xde\x53\x1a\xd9"
  17949. "\x6b\x51\xe8\xf0\xc5\x6f\xdf\xea\xd3\xc2\x36\x89"
  17950. "\x2e\x4d\x84\xea\xcf\xc3\xb7\x5c";
  17951. vec.rSz = 32;
  17952. vec.s = (byte*)"\xa2\x24\x8b\x62\xc0\x3d\xb3\x5a\x7c\xd6\x3e\x8a"
  17953. "\x12\x0a\x35\x21\xa8\x9d\x3d\x2f\x61\xff\x99\x03"
  17954. "\x5a\x21\x48\xae\x32\xe3\xa2\x48";
  17955. vec.sSz = 32;
  17956. #endif
  17957. vec.curveName = "SECP256R1";
  17958. break;
  17959. #endif /* !NO_ECC256 */
  17960. #if defined(HAVE_ECC320) || defined(HAVE_ALL_CURVES)
  17961. case 40:
  17962. return 0;
  17963. #endif /* HAVE_ECC320 */
  17964. #if defined(HAVE_ECC384) || defined(HAVE_ALL_CURVES)
  17965. case 48:
  17966. /* first [P-384,SHA-1] vector from FIPS 186-3 NIST vectors */
  17967. #if 1
  17968. vec.msg = "\x9b\x9f\x8c\x95\x35\xa5\xca\x26\x60\x5d\xb7\xf2\xfa\x57\x3b\xdf\xc3\x2e\xab\x8b";
  17969. vec.msgLen = 20;
  17970. #else
  17971. /* This is the raw message prior to SHA-1 */
  17972. vec.msg =
  17973. "\xab\xe1\x0a\xce\x13\xe7\xe1\xd9\x18\x6c\x48\xf7\x88\x9d\x51\x47"
  17974. "\x3d\x3a\x09\x61\x98\x4b\xc8\x72\xdf\x70\x8e\xcc\x3e\xd3\xb8\x16"
  17975. "\x9d\x01\xe3\xd9\x6f\xc4\xf1\xd5\xea\x00\xa0\x36\x92\xbc\xc5\xcf"
  17976. "\xfd\x53\x78\x7c\x88\xb9\x34\xaf\x40\x4c\x03\x9d\x32\x89\xb5\xba"
  17977. "\xc5\xae\x7d\xb1\x49\x68\x75\xb5\xdc\x73\xc3\x09\xf9\x25\xc1\x3d"
  17978. "\x1c\x01\xab\xda\xaf\xeb\xcd\xac\x2c\xee\x43\x39\x39\xce\x8d\x4a"
  17979. "\x0a\x5d\x57\xbb\x70\x5f\x3b\xf6\xec\x08\x47\x95\x11\xd4\xb4\xa3"
  17980. "\x21\x1f\x61\x64\x9a\xd6\x27\x43\x14\xbf\x0d\x43\x8a\x81\xe0\x60"
  17981. vec.msgLen = 128;
  17982. #endif
  17983. vec.Qx = "e55fee6c49d8d523f5ce7bf9c0425ce4ff650708b7de5cfb095901523979a7f042602db30854735369813b5c3f5ef868";
  17984. vec.Qy = "28f59cc5dc509892a988d38a8e2519de3d0c4fd0fbdb0993e38f18506c17606c5e24249246f1ce94983a5361c5be983e";
  17985. vec.d = "a492ce8fa90084c227e1a32f7974d39e9ff67a7e8705ec3419b35fb607582bebd461e0b1520ac76ec2dd4e9b63ebae71";
  17986. vec.R = "6820b8585204648aed63bdff47f6d9acebdea62944774a7d14f0e14aa0b9a5b99545b2daee6b3c74ebf606667a3f39b7";
  17987. vec.S = "491af1d0cccd56ddd520b233775d0bc6b40a6255cc55207d8e9356741f23c96c14714221078dbd5c17f4fdd89b32a907";
  17988. vec.curveName = "SECP384R1";
  17989. #ifndef NO_ASN
  17990. vec.r = (byte*)"\x68\x20\xb8\x58\x52\x04\x64\x8a\xed\x63\xbd\xff"
  17991. "\x47\xf6\xd9\xac\xeb\xde\xa6\x29\x44\x77\x4a\x7d"
  17992. "\x14\xf0\xe1\x4a\xa0\xb9\xa5\xb9\x95\x45\xb2\xda"
  17993. "\xee\x6b\x3c\x74\xeb\xf6\x06\x66\x7a\x3f\x39\xb7";
  17994. vec.rSz = 48;
  17995. vec.s = (byte*)"\x49\x1a\xf1\xd0\xcc\xcd\x56\xdd\xd5\x20\xb2\x33"
  17996. "\x77\x5d\x0b\xc6\xb4\x0a\x62\x55\xcc\x55\x20\x7d"
  17997. "\x8e\x93\x56\x74\x1f\x23\xc9\x6c\x14\x71\x42\x21"
  17998. "\x07\x8d\xbd\x5c\x17\xf4\xfd\xd8\x9b\x32\xa9\x07";
  17999. vec.sSz = 48;
  18000. #endif
  18001. break;
  18002. #endif /* HAVE_ECC384 */
  18003. #if defined(HAVE_ECC512) || defined(HAVE_ALL_CURVES)
  18004. case 64:
  18005. return 0;
  18006. #endif /* HAVE_ECC512 */
  18007. #if defined(HAVE_ECC521) || defined(HAVE_ALL_CURVES)
  18008. case 66:
  18009. /* first [P-521,SHA-1] vector from FIPS 186-3 NIST vectors */
  18010. #if 1
  18011. vec.msg = "\x1b\xf7\x03\x9c\xca\x23\x94\x27\x3f\x11\xa1\xd4\x8d\xcc\xb4\x46\x6f\x31\x61\xdf";
  18012. vec.msgLen = 20;
  18013. #else
  18014. /* This is the raw message prior to SHA-1 */
  18015. vec.msg =
  18016. "\x50\x3f\x79\x39\x34\x0a\xc7\x23\xcd\x4a\x2f\x4e\x6c\xcc\x27\x33"
  18017. "\x38\x3a\xca\x2f\xba\x90\x02\x19\x9d\x9e\x1f\x94\x8b\xe0\x41\x21"
  18018. "\x07\xa3\xfd\xd5\x14\xd9\x0c\xd4\xf3\x7c\xc3\xac\x62\xef\x00\x3a"
  18019. "\x2d\xb1\xd9\x65\x7a\xb7\x7f\xe7\x55\xbf\x71\xfa\x59\xe4\xd9\x6e"
  18020. "\xa7\x2a\xe7\xbf\x9d\xe8\x7d\x79\x34\x3b\xc1\xa4\xbb\x14\x4d\x16"
  18021. "\x28\xd1\xe9\xe9\xc8\xed\x80\x8b\x96\x2c\x54\xe5\xf9\x6d\x53\xda"
  18022. "\x14\x7a\x96\x38\xf9\x4a\x91\x75\xd8\xed\x61\x05\x5f\x0b\xa5\x73"
  18023. "\xa8\x2b\xb7\xe0\x18\xee\xda\xc4\xea\x7b\x36\x2e\xc8\x9c\x38\x2b"
  18024. vec.msgLen = 128;
  18025. #endif
  18026. vec.Qx = "12fbcaeffa6a51f3ee4d3d2b51c5dec6d7c726ca353fc014ea2bf7cfbb9b910d32cbfa6a00fe39b6cdb8946f22775398b2e233c0cf144d78c8a7742b5c7a3bb5d23";
  18027. vec.Qy = "09cdef823dd7bf9a79e8cceacd2e4527c231d0ae5967af0958e931d7ddccf2805a3e618dc3039fec9febbd33052fe4c0fee98f033106064982d88f4e03549d4a64d";
  18028. vec.d = "1bd56bd106118eda246155bd43b42b8e13f0a6e25dd3bb376026fab4dc92b6157bc6dfec2d15dd3d0cf2a39aa68494042af48ba9601118da82c6f2108a3a203ad74";
  18029. vec.R = "0bd117b4807710898f9dd7778056485777668f0e78e6ddf5b000356121eb7a220e9493c7f9a57c077947f89ac45d5acb6661bbcd17abb3faea149ba0aa3bb1521be";
  18030. vec.S = "019cd2c5c3f9870ecdeb9b323abdf3a98cd5e231d85c6ddc5b71ab190739f7f226e6b134ba1d5889ddeb2751dabd97911dff90c34684cdbe7bb669b6c3d22f2480c";
  18031. vec.curveName = "SECP521R1";
  18032. #ifndef NO_ASN
  18033. vec.r = (byte*)"\xbd\x11\x7b\x48\x07\x71\x08\x98\xf9\xdd\x77\x78"
  18034. "\x05\x64\x85\x77\x76\x68\xf0\xe7\x8e\x6d\xdf\x5b"
  18035. "\x00\x03\x56\x12\x1e\xb7\xa2\x20\xe9\x49\x3c\x7f"
  18036. "\x9a\x57\xc0\x77\x94\x7f\x89\xac\x45\xd5\xac\xb6"
  18037. "\x66\x1b\xbc\xd1\x7a\xbb\x3f\xae\xa1\x49\xba\x0a"
  18038. "\xa3\xbb\x15\x21\xbe";
  18039. vec.rSz = 65;
  18040. vec.s = (byte*)"\x19\xcd\x2c\x5c\x3f\x98\x70\xec\xde\xb9\xb3\x23"
  18041. "\xab\xdf\x3a\x98\xcd\x5e\x23\x1d\x85\xc6\xdd\xc5"
  18042. "\xb7\x1a\xb1\x90\x73\x9f\x7f\x22\x6e\x6b\x13\x4b"
  18043. "\xa1\xd5\x88\x9d\xde\xb2\x75\x1d\xab\xd9\x79\x11"
  18044. "\xdf\xf9\x0c\x34\x68\x4c\xdb\xe7\xbb\x66\x9b\x6c"
  18045. "\x3d\x22\xf2\x48\x0c";
  18046. vec.sSz = 65;
  18047. #endif
  18048. break;
  18049. #endif /* HAVE_ECC521 */
  18050. default:
  18051. return NOT_COMPILED_IN; /* Invalid key size / Not supported */
  18052. }; /* Switch */
  18053. ret = ecc_test_vector_item(&vec);
  18054. if (ret < 0) {
  18055. return ret;
  18056. }
  18057. return 0;
  18058. }
  18059. #if defined(HAVE_ECC_SIGN) && defined(WOLFSSL_ECDSA_SET_K)
  18060. static int ecc_test_sign_vectors(WC_RNG* rng)
  18061. {
  18062. int ret;
  18063. ecc_key key;
  18064. byte sig[72];
  18065. word32 sigSz;
  18066. unsigned char hash[32] = "test wolfSSL deterministic sign";
  18067. const char* dIUT = "7d7dc5f71eb29ddaf80d6214632eeae03d9058af1fb6d22ed80badb62bc1a534";
  18068. const char* QIUTx = "ead218590119e8876b29146ff89ca61770c4edbbf97d38ce385ed281d8a6b230";
  18069. const char* QIUTy = "28af61281fd35e2fa7002523acc85a429cb06ee6648325389f59edfce1405141";
  18070. const byte k[1] = { 0x02 };
  18071. const byte expSig[71] = {
  18072. 0x30, 0x45, 0x02, 0x20, 0x7c, 0xf2, 0x7b, 0x18,
  18073. 0x8d, 0x03, 0x4f, 0x7e, 0x8a, 0x52, 0x38, 0x03,
  18074. 0x04, 0xb5, 0x1a, 0xc3, 0xc0, 0x89, 0x69, 0xe2,
  18075. 0x77, 0xf2, 0x1b, 0x35, 0xa6, 0x0b, 0x48, 0xfc,
  18076. 0x47, 0x66, 0x99, 0x78, 0x02, 0x21, 0x00, 0xa8,
  18077. 0x43, 0xa0, 0xce, 0x6c, 0x5e, 0x17, 0x8a, 0x53,
  18078. 0x4d, 0xaf, 0xd2, 0x95, 0x78, 0x9f, 0x84, 0x4f,
  18079. 0x94, 0xb8, 0x75, 0xa3, 0x19, 0xa5, 0xd4, 0xdf,
  18080. 0xe1, 0xd4, 0x5e, 0x9d, 0x97, 0xfe, 0x81
  18081. };
  18082. ret = wc_ecc_init_ex(&key, HEAP_HINT, devId);
  18083. if (ret != 0) {
  18084. return ret;
  18085. }
  18086. ret = wc_ecc_import_raw(&key, QIUTx, QIUTy, dIUT, "SECP256R1");
  18087. if (ret != 0) {
  18088. goto done;
  18089. }
  18090. ret = wc_ecc_sign_set_k(k, sizeof(k), &key);
  18091. if (ret != 0) {
  18092. goto done;
  18093. }
  18094. sigSz = sizeof(sig);
  18095. do {
  18096. #if defined(WOLFSSL_ASYNC_CRYPT)
  18097. ret = wc_AsyncWait(ret, &key.asyncDev, WC_ASYNC_FLAG_CALL_AGAIN);
  18098. #endif
  18099. if (ret == 0)
  18100. ret = wc_ecc_sign_hash(hash, sizeof(hash), sig, &sigSz, rng, &key);
  18101. } while (ret == WC_PENDING_E);
  18102. if (ret != 0) {
  18103. goto done;
  18104. }
  18105. TEST_SLEEP();
  18106. if (sigSz != sizeof(expSig)) {
  18107. ret = -9830;
  18108. goto done;
  18109. }
  18110. if (XMEMCMP(sig, expSig, sigSz) != 0) {
  18111. ret = -9831;
  18112. goto done;
  18113. }
  18114. sigSz = sizeof(sig);
  18115. do {
  18116. #if defined(WOLFSSL_ASYNC_CRYPT)
  18117. ret = wc_AsyncWait(ret, &key.asyncDev, WC_ASYNC_FLAG_CALL_AGAIN);
  18118. #endif
  18119. if (ret == 0)
  18120. ret = wc_ecc_sign_hash(hash, sizeof(hash), sig, &sigSz, rng, &key);
  18121. } while (ret == WC_PENDING_E);
  18122. if (ret != 0) {
  18123. goto done;
  18124. }
  18125. TEST_SLEEP();
  18126. done:
  18127. wc_ecc_free(&key);
  18128. return ret;
  18129. }
  18130. #endif
  18131. #ifdef HAVE_ECC_CDH
  18132. static int ecc_test_cdh_vectors(WC_RNG* rng)
  18133. {
  18134. int ret;
  18135. #ifdef WOLFSSL_SMALL_STACK
  18136. ecc_key *pub_key = (ecc_key *)XMALLOC(sizeof *pub_key, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  18137. ecc_key *priv_key = (ecc_key *)XMALLOC(sizeof *priv_key, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  18138. #else
  18139. ecc_key pub_key[1], priv_key[1];
  18140. #endif
  18141. byte sharedA[32] = {0}, sharedB[32] = {0};
  18142. word32 x, z;
  18143. WOLFSSL_SMALL_STACK_STATIC const char* QCAVSx = "700c48f77f56584c5cc632ca65640db91b6bacce3a4df6b42ce7cc838833d287";
  18144. WOLFSSL_SMALL_STACK_STATIC const char* QCAVSy = "db71e509e3fd9b060ddb20ba5c51dcc5948d46fbf640dfe0441782cab85fa4ac";
  18145. WOLFSSL_SMALL_STACK_STATIC const char* dIUT = "7d7dc5f71eb29ddaf80d6214632eeae03d9058af1fb6d22ed80badb62bc1a534";
  18146. WOLFSSL_SMALL_STACK_STATIC const char* QIUTx = "ead218590119e8876b29146ff89ca61770c4edbbf97d38ce385ed281d8a6b230";
  18147. WOLFSSL_SMALL_STACK_STATIC const char* QIUTy = "28af61281fd35e2fa7002523acc85a429cb06ee6648325389f59edfce1405141";
  18148. WOLFSSL_SMALL_STACK_STATIC const char* ZIUT = "46fc62106420ff012e54a434fbdd2d25ccc5852060561e68040dd7778997bd7b";
  18149. #ifdef WOLFSSL_SMALL_STACK
  18150. if ((pub_key == NULL) ||
  18151. (priv_key == NULL)) {
  18152. ret = MEMORY_E;
  18153. goto done;
  18154. }
  18155. #endif
  18156. XMEMSET(pub_key, 0, sizeof *pub_key);
  18157. XMEMSET(priv_key, 0, sizeof *priv_key);
  18158. /* setup private and public keys */
  18159. ret = wc_ecc_init_ex(pub_key, HEAP_HINT, devId);
  18160. if (ret != 0)
  18161. goto done;
  18162. ret = wc_ecc_init_ex(priv_key, HEAP_HINT, devId);
  18163. if (ret != 0)
  18164. goto done;
  18165. wc_ecc_set_flags(pub_key, WC_ECC_FLAG_COFACTOR);
  18166. wc_ecc_set_flags(priv_key, WC_ECC_FLAG_COFACTOR);
  18167. ret = wc_ecc_import_raw(pub_key, QCAVSx, QCAVSy, NULL, "SECP256R1");
  18168. if (ret != 0)
  18169. goto done;
  18170. ret = wc_ecc_import_raw(priv_key, QIUTx, QIUTy, dIUT, "SECP256R1");
  18171. if (ret != 0)
  18172. goto done;
  18173. #if defined(ECC_TIMING_RESISTANT) && (!defined(HAVE_FIPS) || \
  18174. (!defined(HAVE_FIPS_VERSION) || (HAVE_FIPS_VERSION != 2))) && \
  18175. !defined(HAVE_SELFTEST)
  18176. ret = wc_ecc_set_rng(priv_key, rng);
  18177. if (ret != 0)
  18178. goto done;
  18179. #else
  18180. (void)rng;
  18181. #endif
  18182. /* compute ECC Cofactor shared secret */
  18183. x = sizeof(sharedA);
  18184. do {
  18185. #if defined(WOLFSSL_ASYNC_CRYPT)
  18186. ret = wc_AsyncWait(ret, &priv_key->asyncDev, WC_ASYNC_FLAG_CALL_AGAIN);
  18187. #endif
  18188. if (ret == 0)
  18189. ret = wc_ecc_shared_secret(priv_key, pub_key, sharedA, &x);
  18190. } while (ret == WC_PENDING_E);
  18191. if (ret != 0) {
  18192. goto done;
  18193. }
  18194. TEST_SLEEP();
  18195. /* read in expected Z */
  18196. z = sizeof(sharedB);
  18197. ret = Base16_Decode((const byte*)ZIUT, (word32)XSTRLEN(ZIUT), sharedB, &z);
  18198. if (ret != 0)
  18199. goto done;
  18200. /* compare results */
  18201. if (x != z || XMEMCMP(sharedA, sharedB, x)) {
  18202. ERROR_OUT(-9840, done);
  18203. }
  18204. done:
  18205. #ifdef WOLFSSL_SMALL_STACK
  18206. if (priv_key) {
  18207. wc_ecc_free(priv_key);
  18208. XFREE(priv_key, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  18209. }
  18210. if (pub_key) {
  18211. wc_ecc_free(pub_key);
  18212. XFREE(pub_key, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  18213. }
  18214. #else
  18215. wc_ecc_free(priv_key);
  18216. wc_ecc_free(pub_key);
  18217. #endif
  18218. return ret;
  18219. }
  18220. #endif /* HAVE_ECC_CDH */
  18221. #endif /* HAVE_ECC_VECTOR_TEST */
  18222. #ifdef HAVE_ECC_KEY_IMPORT
  18223. /* returns 0 on success */
  18224. static int ecc_test_make_pub(WC_RNG* rng)
  18225. {
  18226. #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
  18227. ecc_key *key = (ecc_key *)XMALLOC(sizeof *key, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  18228. #if defined(HAVE_ECC_DHE) && defined(HAVE_ECC_KEY_EXPORT)
  18229. ecc_key *pub = (ecc_key *)XMALLOC(sizeof *pub, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  18230. #endif
  18231. byte *exportBuf = (byte *)XMALLOC(ECC_BUFSIZE, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  18232. byte *tmp = (byte *)XMALLOC(ECC_BUFSIZE, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  18233. #else
  18234. ecc_key key[1];
  18235. #if defined(HAVE_ECC_DHE) && defined(HAVE_ECC_KEY_EXPORT) && !defined(WC_NO_RNG)
  18236. ecc_key pub[1];
  18237. #endif
  18238. byte exportBuf[ECC_BUFSIZE];
  18239. byte tmp[ECC_BUFSIZE];
  18240. #endif
  18241. const byte* msg = (const byte*)"test wolfSSL ECC public gen";
  18242. #if defined(HAVE_ECC_KEY_EXPORT)
  18243. word32 x;
  18244. #endif
  18245. word32 tmpSz;
  18246. int ret = 0;
  18247. ecc_point* pubPoint = NULL;
  18248. #ifdef HAVE_ECC_VERIFY
  18249. int verify = 0;
  18250. #endif
  18251. #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
  18252. if ((key == NULL) ||
  18253. #if defined(HAVE_ECC_DHE) && defined(HAVE_ECC_KEY_EXPORT)
  18254. (pub == NULL) ||
  18255. #endif
  18256. (exportBuf == NULL) ||
  18257. (tmp == NULL))
  18258. ERROR_OUT(MEMORY_E, done);
  18259. #endif
  18260. (void)msg;
  18261. (void)verify;
  18262. (void)exportBuf;
  18263. (void)rng;
  18264. wc_ecc_init_ex(key, HEAP_HINT, devId);
  18265. #ifndef NO_ECC256
  18266. #ifdef USE_CERT_BUFFERS_256
  18267. XMEMCPY(tmp, ecc_key_der_256, (size_t)sizeof_ecc_key_der_256);
  18268. tmpSz = (size_t)sizeof_ecc_key_der_256;
  18269. #else
  18270. {
  18271. XFILE file = XFOPEN(eccKeyDerFile, "rb");
  18272. if (!file) {
  18273. ERROR_OUT(-9850, done);
  18274. }
  18275. tmpSz = (word32)XFREAD(tmp, 1, ECC_BUFSIZE, file);
  18276. XFCLOSE(file);
  18277. }
  18278. #endif /* USE_CERT_BUFFERS_256 */
  18279. /* import private only then test with */
  18280. ret = wc_ecc_import_private_key(tmp, tmpSz, NULL, 0, NULL);
  18281. if (ret == 0) {
  18282. ERROR_OUT(-9851, done);
  18283. }
  18284. ret = wc_ecc_import_private_key(NULL, tmpSz, NULL, 0, key);
  18285. if (ret == 0) {
  18286. ERROR_OUT(-9852, done);
  18287. }
  18288. x = 0;
  18289. ret = wc_EccPrivateKeyDecode(tmp, &x, key, tmpSz);
  18290. if (ret != 0) {
  18291. ERROR_OUT(-9853, done);
  18292. }
  18293. #ifdef HAVE_ECC_KEY_EXPORT
  18294. x = ECC_BUFSIZE;
  18295. ret = wc_ecc_export_private_only(key, exportBuf, &x);
  18296. if (ret != 0) {
  18297. ERROR_OUT(-9854, done);
  18298. }
  18299. /* make private only key */
  18300. wc_ecc_free(key);
  18301. wc_ecc_init_ex(key, HEAP_HINT, devId);
  18302. ret = wc_ecc_import_private_key(exportBuf, x, NULL, 0, key);
  18303. if (ret != 0) {
  18304. ERROR_OUT(-9855, done);
  18305. }
  18306. x = ECC_BUFSIZE;
  18307. ret = wc_ecc_export_x963_ex(key, exportBuf, &x, 0);
  18308. if (ret == 0) {
  18309. ERROR_OUT(-9856, done);
  18310. }
  18311. #endif /* HAVE_ECC_KEY_EXPORT */
  18312. ret = wc_ecc_make_pub(NULL, NULL);
  18313. if (ret == 0) {
  18314. ERROR_OUT(-9857, done);
  18315. }
  18316. TEST_SLEEP();
  18317. #ifndef WOLFSSL_NO_MALLOC
  18318. pubPoint = wc_ecc_new_point_h(HEAP_HINT);
  18319. if (pubPoint == NULL) {
  18320. ERROR_OUT(-9858, done);
  18321. }
  18322. ret = wc_ecc_make_pub(key, pubPoint);
  18323. if (ret != 0) {
  18324. ERROR_OUT(-9859, done);
  18325. }
  18326. TEST_SLEEP();
  18327. #ifdef HAVE_ECC_KEY_EXPORT
  18328. /* export should still fail, is private only key */
  18329. x = ECC_BUFSIZE;
  18330. ret = wc_ecc_export_x963_ex(key, exportBuf, &x, 0);
  18331. if (ret == 0) {
  18332. ERROR_OUT(-9860, done);
  18333. }
  18334. #endif /* HAVE_ECC_KEY_EXPORT */
  18335. #endif /* !WOLFSSL_NO_MALLOC */
  18336. #endif /* !NO_ECC256 */
  18337. /* create a new key since above test for loading key is not supported */
  18338. #if defined(WOLFSSL_CRYPTOCELL) || defined(NO_ECC256) || \
  18339. defined(WOLFSSL_QNX_CAAM)
  18340. ret = wc_ecc_make_key(rng, ECC_KEYGEN_SIZE, key);
  18341. if (ret != 0) {
  18342. ERROR_OUT(-9861, done);
  18343. }
  18344. #endif
  18345. #if defined(HAVE_ECC_SIGN) && (!defined(ECC_TIMING_RESISTANT) || \
  18346. (defined(ECC_TIMING_RESISTANT) && !defined(WC_NO_RNG)))
  18347. tmpSz = ECC_BUFSIZE;
  18348. ret = 0;
  18349. do {
  18350. #if defined(WOLFSSL_ASYNC_CRYPT)
  18351. ret = wc_AsyncWait(ret, &key->asyncDev, WC_ASYNC_FLAG_CALL_AGAIN);
  18352. #endif
  18353. if (ret == 0)
  18354. ret = wc_ecc_sign_hash(msg, (word32)XSTRLEN((const char* )msg), tmp, &tmpSz, rng, key);
  18355. } while (ret == WC_PENDING_E);
  18356. if (ret != 0) {
  18357. ERROR_OUT(-9862, done);
  18358. }
  18359. TEST_SLEEP();
  18360. #ifdef HAVE_ECC_VERIFY
  18361. /* try verify with private only key */
  18362. ret = 0;
  18363. do {
  18364. #if defined(WOLFSSL_ASYNC_CRYPT)
  18365. ret = wc_AsyncWait(ret, &key->asyncDev, WC_ASYNC_FLAG_CALL_AGAIN);
  18366. #endif
  18367. if (ret == 0)
  18368. ret = wc_ecc_verify_hash(tmp, tmpSz, msg, (word32)XSTRLEN((const char* )msg), &verify, key);
  18369. } while (ret == WC_PENDING_E);
  18370. if (ret != 0) {
  18371. ERROR_OUT(-9863, done);
  18372. }
  18373. if (verify != 1) {
  18374. ERROR_OUT(-9864, done);
  18375. }
  18376. TEST_SLEEP();
  18377. #ifdef HAVE_ECC_KEY_EXPORT
  18378. /* exporting the public part should now work */
  18379. x = ECC_BUFSIZE;
  18380. ret = wc_ecc_export_x963_ex(key, exportBuf, &x, 0);
  18381. if (ret != 0) {
  18382. ERROR_OUT(-9865, done);
  18383. }
  18384. #endif /* HAVE_ECC_KEY_EXPORT */
  18385. #endif /* HAVE_ECC_VERIFY */
  18386. #endif /* HAVE_ECC_SIGN */
  18387. #if defined(HAVE_ECC_DHE) && defined(HAVE_ECC_KEY_EXPORT) && !defined(WC_NO_RNG)
  18388. /* now test private only key with creating a shared secret */
  18389. x = ECC_BUFSIZE;
  18390. ret = wc_ecc_export_private_only(key, exportBuf, &x);
  18391. if (ret != 0) {
  18392. ERROR_OUT(-9866, done);
  18393. }
  18394. #ifndef WOLFSSL_QNX_CAAM
  18395. /* make private only key */
  18396. wc_ecc_free(key);
  18397. wc_ecc_init_ex(key, HEAP_HINT, devId);
  18398. ret = wc_ecc_import_private_key(exportBuf, x, NULL, 0, key);
  18399. if (ret != 0) {
  18400. ERROR_OUT(-9867, done);
  18401. }
  18402. /* check that public export fails with private only key */
  18403. x = ECC_BUFSIZE;
  18404. ret = wc_ecc_export_x963_ex(key, exportBuf, &x, 0);
  18405. if (ret == 0) {
  18406. ERROR_OUT(-9868, done);
  18407. }
  18408. #endif /* WOLFSSL_QNX_CAAM */
  18409. /* make public key for shared secret */
  18410. wc_ecc_init_ex(pub, HEAP_HINT, devId);
  18411. ret = wc_ecc_make_key(rng, ECC_KEYGEN_SIZE, pub);
  18412. #if defined(WOLFSSL_ASYNC_CRYPT)
  18413. ret = wc_AsyncWait(ret, &pub->asyncDev, WC_ASYNC_FLAG_NONE);
  18414. #endif
  18415. if (ret != 0) {
  18416. ERROR_OUT(-9869, done);
  18417. }
  18418. TEST_SLEEP();
  18419. #if defined(ECC_TIMING_RESISTANT) && (!defined(HAVE_FIPS) || \
  18420. (!defined(HAVE_FIPS_VERSION) || (HAVE_FIPS_VERSION != 2))) && \
  18421. !defined(HAVE_SELFTEST)
  18422. ret = wc_ecc_set_rng(key, rng);
  18423. if (ret != 0)
  18424. goto done;
  18425. #endif
  18426. x = ECC_BUFSIZE;
  18427. do {
  18428. #if defined(WOLFSSL_ASYNC_CRYPT)
  18429. ret = wc_AsyncWait(ret, &key->asyncDev, WC_ASYNC_FLAG_CALL_AGAIN);
  18430. #endif
  18431. if (ret == 0) {
  18432. ret = wc_ecc_shared_secret(key, pub, exportBuf, &x);
  18433. }
  18434. } while (ret == WC_PENDING_E);
  18435. wc_ecc_free(pub);
  18436. if (ret != 0) {
  18437. ERROR_OUT(-9870, done);
  18438. }
  18439. TEST_SLEEP();
  18440. #endif /* HAVE_ECC_DHE && HAVE_ECC_KEY_EXPORT && !WC_NO_RNG */
  18441. ret = 0;
  18442. done:
  18443. wc_ecc_del_point_h(pubPoint, HEAP_HINT);
  18444. #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)
  18445. if (key != NULL) {
  18446. wc_ecc_free(key);
  18447. XFREE(key, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  18448. }
  18449. #if defined(HAVE_ECC_DHE) && defined(HAVE_ECC_KEY_EXPORT)
  18450. if (pub != NULL)
  18451. XFREE(pub, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  18452. #endif
  18453. if (exportBuf != NULL)
  18454. XFREE(exportBuf, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  18455. if (tmp != NULL)
  18456. XFREE(tmp, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  18457. #else
  18458. wc_ecc_free(key);
  18459. #endif
  18460. return ret;
  18461. }
  18462. #if defined(HAVE_ECC_KEY_EXPORT) && !defined(NO_ASN_CRYPT) && !defined(WC_NO_RNG)
  18463. static int ecc_test_key_decode(WC_RNG* rng, int keySize)
  18464. {
  18465. int ret;
  18466. #ifdef WOLFSSL_SMALL_STACK
  18467. ecc_key *eccKey = (ecc_key *)XMALLOC(sizeof *eccKey, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  18468. byte *tmpBuf = (byte *)XMALLOC(ECC_BUFSIZE, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  18469. #else
  18470. ecc_key eccKey[1];
  18471. byte tmpBuf[ECC_BUFSIZE];
  18472. #endif
  18473. word32 tmpSz;
  18474. word32 idx;
  18475. #ifdef WOLFSSL_SMALL_STACK
  18476. if ((eccKey == NULL) || (tmpBuf == NULL))
  18477. ERROR_OUT(MEMORY_E, done);
  18478. #endif
  18479. ret = wc_ecc_init(eccKey);
  18480. if (ret != 0) {
  18481. goto done;
  18482. }
  18483. ret = wc_ecc_make_key(rng, keySize, eccKey);
  18484. #if defined(WOLFSSL_ASYNC_CRYPT)
  18485. ret = wc_AsyncWait(ret, &eccKey->asyncDev, WC_ASYNC_FLAG_NONE);
  18486. #endif
  18487. if (ret != 0) {
  18488. goto done;
  18489. }
  18490. tmpSz = ECC_BUFSIZE;
  18491. ret = wc_EccKeyToDer(eccKey, tmpBuf, tmpSz);
  18492. wc_ecc_free(eccKey);
  18493. if (ret < 0) {
  18494. goto done;
  18495. }
  18496. tmpSz = ret;
  18497. ret = wc_ecc_init(eccKey);
  18498. if (ret != 0) {
  18499. goto done;
  18500. }
  18501. idx = 0;
  18502. ret = wc_EccPrivateKeyDecode(tmpBuf, &idx, eccKey, tmpSz);
  18503. if (ret != 0) {
  18504. goto done;
  18505. }
  18506. wc_ecc_free(eccKey);
  18507. ret = wc_ecc_init(eccKey);
  18508. if (ret != 0) {
  18509. goto done;
  18510. }
  18511. idx = 0;
  18512. ret = wc_EccPublicKeyDecode(tmpBuf, &idx, eccKey, tmpSz);
  18513. if (ret != 0) {
  18514. goto done;
  18515. }
  18516. ret = 0;
  18517. done:
  18518. #ifdef WOLFSSL_SMALL_STACK
  18519. if (eccKey != NULL) {
  18520. wc_ecc_free(eccKey);
  18521. XFREE(eccKey, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  18522. }
  18523. if (tmpBuf != NULL)
  18524. XFREE(tmpBuf, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  18525. #else
  18526. wc_ecc_free(eccKey);
  18527. #endif
  18528. return ret;
  18529. }
  18530. #endif /* HAVE_ECC_KEY_EXPORT && !NO_ASN_CRYPT */
  18531. #endif /* HAVE_ECC_KEY_IMPORT */
  18532. #if defined(HAVE_ECC_KEY_EXPORT) && !defined(NO_ASN_CRYPT) && !defined(WC_NO_RNG)
  18533. static int ecc_test_key_gen(WC_RNG* rng, int keySize)
  18534. {
  18535. int ret = 0;
  18536. int derSz;
  18537. #ifdef HAVE_PKCS8
  18538. word32 pkcs8Sz;
  18539. #endif
  18540. #ifdef WOLFSSL_SMALL_STACK
  18541. byte *der = (byte *)XMALLOC(ECC_BUFSIZE, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  18542. ecc_key *userA = (ecc_key *)XMALLOC(sizeof *userA, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  18543. #else
  18544. byte der[ECC_BUFSIZE];
  18545. ecc_key userA[1];
  18546. #endif
  18547. #ifdef WOLFSSL_SMALL_STACK
  18548. if ((der == NULL) || (userA == NULL))
  18549. ERROR_OUT(MEMORY_E, done);
  18550. #endif
  18551. ret = wc_ecc_init_ex(userA, HEAP_HINT, devId);
  18552. if (ret != 0)
  18553. goto done;
  18554. ret = wc_ecc_make_key(rng, keySize, userA);
  18555. #if defined(WOLFSSL_ASYNC_CRYPT)
  18556. ret = wc_AsyncWait(ret, &userA->asyncDev, WC_ASYNC_FLAG_NONE);
  18557. #endif
  18558. if (ret != 0)
  18559. goto done;
  18560. TEST_SLEEP();
  18561. ret = wc_ecc_check_key(userA);
  18562. if (ret != 0)
  18563. goto done;
  18564. TEST_SLEEP();
  18565. derSz = wc_EccKeyToDer(userA, der, ECC_BUFSIZE);
  18566. if (derSz < 0) {
  18567. ERROR_OUT(derSz, done);
  18568. }
  18569. ret = SaveDerAndPem(der, derSz, eccCaKeyTempFile, eccCaKeyPemFile,
  18570. ECC_PRIVATEKEY_TYPE, -8347);
  18571. if (ret != 0) {
  18572. goto done;
  18573. }
  18574. /* test export of public key */
  18575. derSz = wc_EccPublicKeyToDer(userA, der, ECC_BUFSIZE, 1);
  18576. if (derSz < 0) {
  18577. ERROR_OUT(derSz, done);
  18578. }
  18579. if (derSz == 0) {
  18580. ERROR_OUT(-9890, done);
  18581. }
  18582. ret = SaveDerAndPem(der, derSz, eccPubKeyDerFile, NULL, 0, -8348);
  18583. if (ret != 0) {
  18584. goto done;
  18585. }
  18586. #ifdef HAVE_PKCS8
  18587. /* test export of PKCS#8 unencrypted private key */
  18588. pkcs8Sz = FOURK_BUF;
  18589. derSz = wc_EccPrivateKeyToPKCS8(userA, der, &pkcs8Sz);
  18590. if (derSz < 0) {
  18591. ERROR_OUT(derSz, done);
  18592. }
  18593. if (derSz == 0) {
  18594. ERROR_OUT(-9891, done);
  18595. }
  18596. ret = SaveDerAndPem(der, derSz, eccPkcs8KeyDerFile, NULL, 0, -8349);
  18597. if (ret != 0) {
  18598. goto done;
  18599. }
  18600. #endif /* HAVE_PKCS8 */
  18601. done:
  18602. #ifdef WOLFSSL_SMALL_STACK
  18603. if (der != NULL)
  18604. XFREE(der, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  18605. if (userA != NULL) {
  18606. wc_ecc_free(userA);
  18607. XFREE(userA, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  18608. }
  18609. #else
  18610. wc_ecc_free(userA);
  18611. #endif
  18612. return ret;
  18613. }
  18614. #endif /* HAVE_ECC_KEY_EXPORT && !NO_ASN_CRYPT */
  18615. static int ecc_test_curve_size(WC_RNG* rng, int keySize, int testVerifyCount,
  18616. int curve_id, const ecc_set_type* dp)
  18617. {
  18618. #if (defined(HAVE_ECC_DHE) || defined(HAVE_ECC_CDH)) && !defined(WC_NO_RNG) && \
  18619. !defined(WOLFSSL_ATECC508A) && !defined(WOLFSSL_ATECC608A)
  18620. DECLARE_VAR(sharedA, byte, ECC_SHARED_SIZE, HEAP_HINT);
  18621. DECLARE_VAR(sharedB, byte, ECC_SHARED_SIZE, HEAP_HINT);
  18622. #endif
  18623. #ifdef HAVE_ECC_KEY_EXPORT
  18624. #define ECC_KEY_EXPORT_BUF_SIZE (MAX_ECC_BYTES * 2 + 32)
  18625. DECLARE_VAR(exportBuf, byte, ECC_KEY_EXPORT_BUF_SIZE, HEAP_HINT);
  18626. #endif
  18627. word32 x = 0;
  18628. #if (defined(HAVE_ECC_DHE) || defined(HAVE_ECC_CDH)) && !defined(WC_NO_RNG) && \
  18629. !defined(WOLFSSL_ATECC508A) && !defined(WOLFSSL_ATECC608A)
  18630. word32 y;
  18631. #endif
  18632. #ifdef HAVE_ECC_SIGN
  18633. DECLARE_VAR(sig, byte, ECC_SIG_SIZE, HEAP_HINT);
  18634. DECLARE_VAR(digest, byte, ECC_DIGEST_SIZE, HEAP_HINT);
  18635. int i;
  18636. #ifdef HAVE_ECC_VERIFY
  18637. int verify;
  18638. #endif /* HAVE_ECC_VERIFY */
  18639. #endif /* HAVE_ECC_SIGN */
  18640. int ret;
  18641. #ifdef WOLFSSL_SMALL_STACK
  18642. ecc_key *userA = (ecc_key *)XMALLOC(sizeof *userA, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  18643. ecc_key *userB = (ecc_key *)XMALLOC(sizeof *userB, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  18644. ecc_key *pubKey = (ecc_key *)XMALLOC(sizeof *pubKey, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  18645. #else
  18646. ecc_key userA[1];
  18647. ecc_key userB[1];
  18648. ecc_key pubKey[1];
  18649. #endif
  18650. #ifndef WC_NO_RNG
  18651. int curveSize;
  18652. #endif
  18653. #ifdef DECLARE_VAR_IS_HEAP_ALLOC
  18654. #if (defined(HAVE_ECC_DHE) || defined(HAVE_ECC_CDH)) && !defined(WC_NO_RNG) && \
  18655. !defined(WOLFSSL_ATECC508A) && !defined(WOLFSSL_ATECC608A)
  18656. if (sharedA == NULL || sharedB == NULL)
  18657. ERROR_OUT(-9900, done);
  18658. #endif
  18659. #ifdef HAVE_ECC_KEY_EXPORT
  18660. if (exportBuf == NULL)
  18661. ERROR_OUT(-9901, done);
  18662. #endif
  18663. #ifdef HAVE_ECC_SIGN
  18664. if (sig == NULL || digest == NULL)
  18665. ERROR_OUT(-9902, done);
  18666. #endif
  18667. #endif /* WOLFSSL_SMALL_STACK */
  18668. (void)testVerifyCount;
  18669. (void)dp;
  18670. (void)x;
  18671. #ifdef WOLFSSL_SMALL_STACK
  18672. if ((userA == NULL) ||
  18673. (userB == NULL) ||
  18674. (pubKey == NULL))
  18675. ERROR_OUT(-9903, done);
  18676. #endif
  18677. XMEMSET(userA, 0, sizeof *userA);
  18678. XMEMSET(userB, 0, sizeof *userB);
  18679. XMEMSET(pubKey, 0, sizeof *pubKey);
  18680. ret = wc_ecc_init_ex(userA, HEAP_HINT, devId);
  18681. if (ret != 0)
  18682. ERROR_OUT(-9904, done);
  18683. ret = wc_ecc_init_ex(userB, HEAP_HINT, devId);
  18684. if (ret != 0)
  18685. ERROR_OUT(-9905, done);
  18686. ret = wc_ecc_init_ex(pubKey, HEAP_HINT, devId);
  18687. if (ret != 0)
  18688. ERROR_OUT(-9906, done);
  18689. #ifdef WOLFSSL_CUSTOM_CURVES
  18690. if (dp != NULL) {
  18691. ret = wc_ecc_set_custom_curve(userA, dp);
  18692. if (ret != 0)
  18693. ERROR_OUT(-9907, done);
  18694. ret = wc_ecc_set_custom_curve(userB, dp);
  18695. if (ret != 0)
  18696. ERROR_OUT(-9908, done);
  18697. }
  18698. #endif
  18699. #ifndef WC_NO_RNG
  18700. ret = wc_ecc_make_key_ex(rng, keySize, userA, curve_id);
  18701. #if defined(WOLFSSL_ASYNC_CRYPT)
  18702. ret = wc_AsyncWait(ret, &userA->asyncDev, WC_ASYNC_FLAG_NONE);
  18703. #endif
  18704. if (ret != 0)
  18705. ERROR_OUT(-9910, done);
  18706. TEST_SLEEP();
  18707. if (wc_ecc_get_curve_idx(curve_id) != -1) {
  18708. curveSize = wc_ecc_get_curve_size_from_id(userA->dp->id);
  18709. if (curveSize != userA->dp->size)
  18710. ERROR_OUT(-9911, done);
  18711. }
  18712. ret = wc_ecc_check_key(userA);
  18713. if (ret != 0)
  18714. ERROR_OUT(-9912, done);
  18715. TEST_SLEEP();
  18716. /* ATECC508/608 configuration may not support more than one ECDH key */
  18717. #if !defined(WOLFSSL_ATECC508A) && !defined(WOLFSSL_ATECC608A)
  18718. ret = wc_ecc_make_key_ex(rng, keySize, userB, curve_id);
  18719. #if defined(WOLFSSL_ASYNC_CRYPT)
  18720. ret = wc_AsyncWait(ret, &userB->asyncDev, WC_ASYNC_FLAG_NONE);
  18721. #endif
  18722. if (ret != 0)
  18723. ERROR_OUT(-9914, done);
  18724. TEST_SLEEP();
  18725. /* only perform the below tests if the key size matches */
  18726. if (dp == NULL && keySize > 0 && wc_ecc_size(userA) != keySize)
  18727. ERROR_OUT(ECC_CURVE_OID_E, done);
  18728. #ifdef HAVE_ECC_DHE
  18729. #if defined(ECC_TIMING_RESISTANT) && (!defined(HAVE_FIPS) || \
  18730. (!defined(HAVE_FIPS_VERSION) || (HAVE_FIPS_VERSION != 2))) && \
  18731. !defined(HAVE_SELFTEST)
  18732. ret = wc_ecc_set_rng(userA, rng);
  18733. if (ret != 0)
  18734. ERROR_OUT(-9915, done);
  18735. ret = wc_ecc_set_rng(userB, rng);
  18736. if (ret != 0)
  18737. ERROR_OUT(-9916, done);
  18738. #endif
  18739. x = ECC_SHARED_SIZE;
  18740. do {
  18741. #if defined(WOLFSSL_ASYNC_CRYPT)
  18742. ret = wc_AsyncWait(ret, &userA->asyncDev, WC_ASYNC_FLAG_CALL_AGAIN);
  18743. #endif
  18744. if (ret == 0)
  18745. ret = wc_ecc_shared_secret(userA, userB, sharedA, &x);
  18746. } while (ret == WC_PENDING_E);
  18747. if (ret != 0) {
  18748. ERROR_OUT(-9917, done);
  18749. }
  18750. TEST_SLEEP();
  18751. y = ECC_SHARED_SIZE;
  18752. do {
  18753. #if defined(WOLFSSL_ASYNC_CRYPT)
  18754. ret = wc_AsyncWait(ret, &userB->asyncDev, WC_ASYNC_FLAG_CALL_AGAIN);
  18755. #endif
  18756. if (ret == 0)
  18757. ret = wc_ecc_shared_secret(userB, userA, sharedB, &y);
  18758. } while (ret == WC_PENDING_E);
  18759. if (ret != 0)
  18760. ERROR_OUT(-9918, done);
  18761. if (y != x)
  18762. ERROR_OUT(-9919, done);
  18763. if (XMEMCMP(sharedA, sharedB, x))
  18764. ERROR_OUT(-9920, done);
  18765. TEST_SLEEP();
  18766. #endif /* HAVE_ECC_DHE */
  18767. #ifdef HAVE_ECC_CDH
  18768. /* add cofactor flag */
  18769. wc_ecc_set_flags(userA, WC_ECC_FLAG_COFACTOR);
  18770. wc_ecc_set_flags(userB, WC_ECC_FLAG_COFACTOR);
  18771. x = ECC_SHARED_SIZE;
  18772. do {
  18773. #if defined(WOLFSSL_ASYNC_CRYPT)
  18774. ret = wc_AsyncWait(ret, &userA->asyncDev, WC_ASYNC_FLAG_CALL_AGAIN);
  18775. #endif
  18776. if (ret == 0)
  18777. ret = wc_ecc_shared_secret(userA, userB, sharedA, &x);
  18778. } while (ret == WC_PENDING_E);
  18779. if (ret != 0)
  18780. ERROR_OUT(-9921, done);
  18781. TEST_SLEEP();
  18782. y = ECC_SHARED_SIZE;
  18783. do {
  18784. #if defined(WOLFSSL_ASYNC_CRYPT)
  18785. ret = wc_AsyncWait(ret, &userB->asyncDev, WC_ASYNC_FLAG_CALL_AGAIN);
  18786. #endif
  18787. if (ret == 0)
  18788. ret = wc_ecc_shared_secret(userB, userA, sharedB, &y);
  18789. } while (ret == WC_PENDING_E);
  18790. if (ret != 0)
  18791. ERROR_OUT(-9922, done);
  18792. if (y != x)
  18793. ERROR_OUT(-9923, done);
  18794. if (XMEMCMP(sharedA, sharedB, x))
  18795. ERROR_OUT(-9924, done);
  18796. TEST_SLEEP();
  18797. /* remove cofactor flag */
  18798. wc_ecc_set_flags(userA, 0);
  18799. wc_ecc_set_flags(userB, 0);
  18800. #endif /* HAVE_ECC_CDH */
  18801. #endif /* !WOLFSSL_ATECC508A && WOLFSSL_ATECC608A */
  18802. #ifdef HAVE_ECC_KEY_EXPORT
  18803. x = ECC_KEY_EXPORT_BUF_SIZE;
  18804. ret = wc_ecc_export_x963_ex(userA, exportBuf, &x, 0);
  18805. if (ret != 0)
  18806. ERROR_OUT(-9925, done);
  18807. #ifdef HAVE_ECC_KEY_IMPORT
  18808. #ifdef WOLFSSL_CUSTOM_CURVES
  18809. if (dp != NULL) {
  18810. ret = wc_ecc_set_custom_curve(pubKey, dp);
  18811. if (ret != 0)
  18812. ERROR_OUT(-9926, done);
  18813. }
  18814. #endif
  18815. ret = wc_ecc_import_x963_ex(exportBuf, x, pubKey, curve_id);
  18816. if (ret != 0)
  18817. ERROR_OUT(-9927, done);
  18818. #if !defined(WOLFSSL_ATECC508A) && !defined(WOLFSSL_ATECC608A)
  18819. #ifdef HAVE_ECC_DHE
  18820. y = ECC_SHARED_SIZE;
  18821. do {
  18822. #if defined(WOLFSSL_ASYNC_CRYPT)
  18823. ret = wc_AsyncWait(ret, &userB->asyncDev, WC_ASYNC_FLAG_CALL_AGAIN);
  18824. #endif
  18825. if (ret == 0)
  18826. ret = wc_ecc_shared_secret(userB, pubKey, sharedB, &y);
  18827. } while (ret == WC_PENDING_E);
  18828. if (ret != 0)
  18829. ERROR_OUT(-9928, done);
  18830. if (XMEMCMP(sharedA, sharedB, y))
  18831. ERROR_OUT(-9929, done);
  18832. TEST_SLEEP();
  18833. #endif /* HAVE_ECC_DHE */
  18834. #ifdef HAVE_COMP_KEY
  18835. /* try compressed export / import too */
  18836. x = ECC_KEY_EXPORT_BUF_SIZE;
  18837. ret = wc_ecc_export_x963_ex(userA, exportBuf, &x, 1);
  18838. if (ret != 0)
  18839. ERROR_OUT(-9930, done);
  18840. wc_ecc_free(pubKey);
  18841. ret = wc_ecc_init_ex(pubKey, HEAP_HINT, devId);
  18842. if (ret != 0)
  18843. ERROR_OUT(-9931, done);
  18844. #ifdef WOLFSSL_CUSTOM_CURVES
  18845. if (dp != NULL) {
  18846. ret = wc_ecc_set_custom_curve(pubKey, dp);
  18847. if (ret != 0)
  18848. ERROR_OUT(-9932, done);
  18849. }
  18850. #endif
  18851. ret = wc_ecc_import_x963_ex(exportBuf, x, pubKey, curve_id);
  18852. if (ret != 0)
  18853. ERROR_OUT(-9933, done);
  18854. #ifdef HAVE_ECC_DHE
  18855. y = ECC_SHARED_SIZE;
  18856. do {
  18857. #if defined(WOLFSSL_ASYNC_CRYPT)
  18858. ret = wc_AsyncWait(ret, &userB->asyncDev, WC_ASYNC_FLAG_CALL_AGAIN);
  18859. #endif
  18860. if (ret == 0)
  18861. ret = wc_ecc_shared_secret(userB, pubKey, sharedB, &y);
  18862. } while (ret == WC_PENDING_E);
  18863. if (ret != 0)
  18864. ERROR_OUT(-9934, done);
  18865. if (XMEMCMP(sharedA, sharedB, y))
  18866. ERROR_OUT(-9935, done);
  18867. TEST_SLEEP();
  18868. #endif /* HAVE_ECC_DHE */
  18869. #endif /* HAVE_COMP_KEY */
  18870. #endif /* !WOLFSSL_ATECC508A && !WOLFSSL_ATECC608A */
  18871. #endif /* !WC_NO_RNG */
  18872. #endif /* HAVE_ECC_KEY_IMPORT */
  18873. #endif /* HAVE_ECC_KEY_EXPORT */
  18874. #if !defined(ECC_TIMING_RESISTANT) || (defined(ECC_TIMING_RESISTANT) && !defined(WC_NO_RNG))
  18875. #ifdef HAVE_ECC_SIGN
  18876. /* ECC w/out Shamir has issue with all 0 digest */
  18877. /* WC_BIGINT doesn't have 0 len well on hardware */
  18878. /* Cryptocell has issues with all 0 digest */
  18879. #if defined(ECC_SHAMIR) && !defined(WOLFSSL_ASYNC_CRYPT) && \
  18880. !defined(WOLFSSL_CRYPTOCELL)
  18881. /* test DSA sign hash with zeros */
  18882. for (i = 0; i < (int)ECC_DIGEST_SIZE; i++) {
  18883. digest[i] = 0;
  18884. }
  18885. x = ECC_SIG_SIZE;
  18886. do {
  18887. #if defined(WOLFSSL_ASYNC_CRYPT)
  18888. ret = wc_AsyncWait(ret, &userA->asyncDev, WC_ASYNC_FLAG_CALL_AGAIN);
  18889. #endif
  18890. if (ret == 0)
  18891. ret = wc_ecc_sign_hash(digest, ECC_DIGEST_SIZE, sig, &x, rng,
  18892. userA);
  18893. } while (ret == WC_PENDING_E);
  18894. if (ret != 0)
  18895. ERROR_OUT(-9936, done);
  18896. TEST_SLEEP();
  18897. #ifdef HAVE_ECC_VERIFY
  18898. for (i=0; i<testVerifyCount; i++) {
  18899. verify = 0;
  18900. do {
  18901. #if defined(WOLFSSL_ASYNC_CRYPT)
  18902. ret = wc_AsyncWait(ret, &userA->asyncDev, WC_ASYNC_FLAG_CALL_AGAIN);
  18903. #endif
  18904. if (ret == 0)
  18905. ret = wc_ecc_verify_hash(sig, x, digest, ECC_DIGEST_SIZE,
  18906. &verify, userA);
  18907. } while (ret == WC_PENDING_E);
  18908. if (ret != 0)
  18909. ERROR_OUT(-9937, done);
  18910. if (verify != 1)
  18911. ERROR_OUT(-9938, done);
  18912. TEST_SLEEP();
  18913. }
  18914. #endif /* HAVE_ECC_VERIFY */
  18915. #endif /* ECC_SHAMIR && !WOLFSSL_ASYNC_CRYPT && !WOLFSSL_CRYPTOCELL */
  18916. /* test DSA sign hash with sequence (0,1,2,3,4,...) */
  18917. for (i = 0; i < (int)ECC_DIGEST_SIZE; i++) {
  18918. digest[i] = (byte)i;
  18919. }
  18920. x = ECC_SIG_SIZE;
  18921. do {
  18922. #if defined(WOLFSSL_ASYNC_CRYPT)
  18923. ret = wc_AsyncWait(ret, &userA->asyncDev, WC_ASYNC_FLAG_CALL_AGAIN);
  18924. #endif
  18925. if (ret == 0)
  18926. ret = wc_ecc_sign_hash(digest, ECC_DIGEST_SIZE, sig, &x, rng,
  18927. userA);
  18928. } while (ret == WC_PENDING_E);
  18929. if (ret != 0)
  18930. ERROR_OUT(-9939, done);
  18931. TEST_SLEEP();
  18932. #ifdef HAVE_ECC_VERIFY
  18933. for (i=0; i<testVerifyCount; i++) {
  18934. verify = 0;
  18935. do {
  18936. #if defined(WOLFSSL_ASYNC_CRYPT)
  18937. ret = wc_AsyncWait(ret, &userA->asyncDev, WC_ASYNC_FLAG_CALL_AGAIN);
  18938. #endif
  18939. if (ret == 0)
  18940. ret = wc_ecc_verify_hash(sig, x, digest, ECC_DIGEST_SIZE,
  18941. &verify, userA);
  18942. } while (ret == WC_PENDING_E);
  18943. if (ret != 0)
  18944. ERROR_OUT(-9940, done);
  18945. if (verify != 1)
  18946. ERROR_OUT(-9941, done);
  18947. TEST_SLEEP();
  18948. }
  18949. #endif /* HAVE_ECC_VERIFY */
  18950. #endif /* HAVE_ECC_SIGN */
  18951. #endif /* !ECC_TIMING_RESISTANT || (ECC_TIMING_RESISTANT && !WC_NO_RNG) */
  18952. #if defined(HAVE_ECC_KEY_EXPORT) && !defined(WC_NO_RNG) && \
  18953. !defined(WOLFSSL_ATECC508) && !defined(WOLFSSL_ATECC608A)
  18954. x = ECC_KEY_EXPORT_BUF_SIZE;
  18955. ret = wc_ecc_export_private_only(userA, exportBuf, &x);
  18956. if (ret != 0)
  18957. ERROR_OUT(-9942, done);
  18958. #else
  18959. (void)exportBuf;
  18960. #endif /* HAVE_ECC_KEY_EXPORT */
  18961. done:
  18962. #ifdef WOLFSSL_SMALL_STACK
  18963. if (userA != NULL) {
  18964. wc_ecc_free(userA);
  18965. XFREE(userA, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  18966. }
  18967. if (userB != NULL) {
  18968. wc_ecc_free(userB);
  18969. XFREE(userB, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  18970. }
  18971. if (pubKey != NULL) {
  18972. wc_ecc_free(pubKey);
  18973. XFREE(pubKey, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  18974. }
  18975. #else
  18976. wc_ecc_free(pubKey);
  18977. wc_ecc_free(userB);
  18978. wc_ecc_free(userA);
  18979. #endif
  18980. #if defined(HAVE_ECC_DHE) || defined(HAVE_ECC_CDH)
  18981. FREE_VAR(sharedA, HEAP_HINT);
  18982. FREE_VAR(sharedB, HEAP_HINT);
  18983. #endif
  18984. #ifdef HAVE_ECC_KEY_EXPORT
  18985. FREE_VAR(exportBuf, HEAP_HINT);
  18986. #endif
  18987. #ifdef HAVE_ECC_SIGN
  18988. FREE_VAR(sig, HEAP_HINT);
  18989. FREE_VAR(digest, HEAP_HINT);
  18990. #endif
  18991. (void)keySize;
  18992. (void)curve_id;
  18993. (void)rng;
  18994. return ret;
  18995. }
  18996. #undef ECC_TEST_VERIFY_COUNT
  18997. #define ECC_TEST_VERIFY_COUNT 2
  18998. static int ecc_test_curve(WC_RNG* rng, int keySize)
  18999. {
  19000. int ret;
  19001. ret = ecc_test_curve_size(rng, keySize, ECC_TEST_VERIFY_COUNT,
  19002. ECC_CURVE_DEF, NULL);
  19003. if (ret < 0) {
  19004. if (ret == ECC_CURVE_OID_E) {
  19005. /* ignore error for curves not found */
  19006. /* some curve sizes are only available with:
  19007. HAVE_ECC_SECPR2, HAVE_ECC_SECPR3, HAVE_ECC_BRAINPOOL
  19008. and HAVE_ECC_KOBLITZ */
  19009. }
  19010. else {
  19011. printf("ecc_test_curve_size %d failed!: %d\n", keySize, ret);
  19012. return ret;
  19013. }
  19014. }
  19015. #ifdef HAVE_ECC_VECTOR_TEST
  19016. ret = ecc_test_vector(keySize);
  19017. if (ret < 0) {
  19018. printf("ecc_test_vector %d failed!: %d\n", keySize, ret);
  19019. return ret;
  19020. }
  19021. #endif
  19022. #if defined(HAVE_ECC_KEY_IMPORT) && defined(HAVE_ECC_KEY_EXPORT) && \
  19023. !defined(NO_ASN_CRYPT) && !defined(WC_NO_RNG)
  19024. ret = ecc_test_key_decode(rng, keySize);
  19025. if (ret < 0) {
  19026. if (ret == ECC_CURVE_OID_E) {
  19027. /* ignore error for curves not found */
  19028. }
  19029. else {
  19030. printf("ecc_test_key_decode %d failed!: %d\n", keySize, ret);
  19031. return ret;
  19032. }
  19033. }
  19034. #endif
  19035. #if defined(HAVE_ECC_KEY_EXPORT) && !defined(NO_ASN_CRYPT) && !defined(WC_NO_RNG)
  19036. ret = ecc_test_key_gen(rng, keySize);
  19037. if (ret < 0) {
  19038. if (ret == ECC_CURVE_OID_E) {
  19039. /* ignore error for curves not found */
  19040. }
  19041. else {
  19042. printf("ecc_test_key_gen %d failed!: %d\n", keySize, ret);
  19043. return ret;
  19044. }
  19045. }
  19046. #endif
  19047. return 0;
  19048. }
  19049. #if (!defined(NO_ECC256) || defined(HAVE_ALL_CURVES)) && ECC_MIN_KEY_SZ <= 256
  19050. #if !defined(WOLFSSL_ATECC508A) && !defined(WOLFSSL_ATECC608A) && \
  19051. defined(HAVE_ECC_KEY_IMPORT) && defined(HAVE_ECC_KEY_EXPORT) && \
  19052. !defined(WOLFSSL_NO_MALLOC)
  19053. static int ecc_point_test(void)
  19054. {
  19055. int ret;
  19056. ecc_point* point;
  19057. ecc_point* point2;
  19058. #ifdef HAVE_COMP_KEY
  19059. ecc_point* point3;
  19060. ecc_point* point4;
  19061. #endif
  19062. word32 outLen;
  19063. byte out[65];
  19064. byte der[] = { 0x04, /* = Uncompressed */
  19065. 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08,
  19066. 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08,
  19067. 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08,
  19068. 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08,
  19069. 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08,
  19070. 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08,
  19071. 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08,
  19072. 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08 };
  19073. #ifdef HAVE_COMP_KEY
  19074. byte derComp0[] = { 0x02, /* = Compressed, y even */
  19075. 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08,
  19076. 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08,
  19077. 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08,
  19078. 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08 };
  19079. byte derComp1[] = { 0x03, /* = Compressed, y odd */
  19080. 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08,
  19081. 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08,
  19082. 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08,
  19083. 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08 };
  19084. #endif
  19085. byte altDer[] = { 0x04, /* = Uncompressed */
  19086. 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
  19087. 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
  19088. 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
  19089. 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
  19090. 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
  19091. 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
  19092. 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
  19093. 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07 };
  19094. int curve_idx = wc_ecc_get_curve_idx(ECC_SECP256R1);
  19095. /* if curve P256 is not enabled then test should not fail */
  19096. if (curve_idx == ECC_CURVE_INVALID)
  19097. return 0;
  19098. outLen = sizeof(out);
  19099. point = wc_ecc_new_point();
  19100. if (point == NULL)
  19101. return -10000;
  19102. point2 = wc_ecc_new_point();
  19103. if (point2 == NULL) {
  19104. wc_ecc_del_point(point);
  19105. return -10001;
  19106. }
  19107. #ifdef HAVE_COMP_KEY
  19108. point3 = wc_ecc_new_point();
  19109. if (point3 == NULL) {
  19110. wc_ecc_del_point(point2);
  19111. wc_ecc_del_point(point);
  19112. return -10002;
  19113. }
  19114. point4 = wc_ecc_new_point();
  19115. if (point4 == NULL) {
  19116. wc_ecc_del_point(point3);
  19117. wc_ecc_del_point(point2);
  19118. wc_ecc_del_point(point);
  19119. return -10003;
  19120. }
  19121. #endif
  19122. /* Parameter Validation testing. */
  19123. wc_ecc_del_point(NULL);
  19124. ret = wc_ecc_import_point_der(NULL, sizeof(der), curve_idx, point);
  19125. if (ret != ECC_BAD_ARG_E) {
  19126. ret = -10004;
  19127. goto done;
  19128. }
  19129. ret = wc_ecc_import_point_der(der, sizeof(der), ECC_CURVE_INVALID, point);
  19130. if (ret != ECC_BAD_ARG_E) {
  19131. ret = -10005;
  19132. goto done;
  19133. }
  19134. ret = wc_ecc_import_point_der(der, sizeof(der), curve_idx, NULL);
  19135. if (ret != ECC_BAD_ARG_E) {
  19136. ret = -10006;
  19137. goto done;
  19138. }
  19139. ret = wc_ecc_export_point_der(-1, point, out, &outLen);
  19140. if (ret != ECC_BAD_ARG_E) {
  19141. ret = -10007;
  19142. goto done;
  19143. }
  19144. ret = wc_ecc_export_point_der(curve_idx, NULL, out, &outLen);
  19145. if (ret != ECC_BAD_ARG_E) {
  19146. ret = -10008;
  19147. goto done;
  19148. }
  19149. ret = wc_ecc_export_point_der(curve_idx, point, NULL, &outLen);
  19150. if (ret != LENGTH_ONLY_E || outLen != sizeof(out)) {
  19151. ret = -10009;
  19152. goto done;
  19153. }
  19154. ret = wc_ecc_export_point_der(curve_idx, point, out, NULL);
  19155. if (ret != ECC_BAD_ARG_E) {
  19156. ret = -10010;
  19157. goto done;
  19158. }
  19159. outLen = 0;
  19160. ret = wc_ecc_export_point_der(curve_idx, point, out, &outLen);
  19161. if (ret != BUFFER_E) {
  19162. ret = -10011;
  19163. goto done;
  19164. }
  19165. ret = wc_ecc_copy_point(NULL, NULL);
  19166. if (ret != ECC_BAD_ARG_E) {
  19167. ret = -10012;
  19168. goto done;
  19169. }
  19170. ret = wc_ecc_copy_point(NULL, point2);
  19171. if (ret != ECC_BAD_ARG_E) {
  19172. ret = -10013;
  19173. goto done;
  19174. }
  19175. ret = wc_ecc_copy_point(point, NULL);
  19176. if (ret != ECC_BAD_ARG_E) {
  19177. ret = -10014;
  19178. goto done;
  19179. }
  19180. ret = wc_ecc_cmp_point(NULL, NULL);
  19181. if (ret != BAD_FUNC_ARG) {
  19182. ret = -10015;
  19183. goto done;
  19184. }
  19185. ret = wc_ecc_cmp_point(NULL, point2);
  19186. if (ret != BAD_FUNC_ARG) {
  19187. ret = -10016;
  19188. goto done;
  19189. }
  19190. ret = wc_ecc_cmp_point(point, NULL);
  19191. if (ret != BAD_FUNC_ARG) {
  19192. ret = -10017;
  19193. goto done;
  19194. }
  19195. /* Use API. */
  19196. ret = wc_ecc_import_point_der(der, sizeof(der), curve_idx, point);
  19197. if (ret != 0) {
  19198. ret = -10018;
  19199. goto done;
  19200. }
  19201. outLen = sizeof(out);
  19202. ret = wc_ecc_export_point_der(curve_idx, point, out, &outLen);
  19203. if (ret != 0) {
  19204. ret = -10019;
  19205. goto done;
  19206. }
  19207. if (outLen != sizeof(der)) {
  19208. ret = -10020;
  19209. goto done;
  19210. }
  19211. if (XMEMCMP(out, der, outLen) != 0) {
  19212. ret = -10021;
  19213. goto done;
  19214. }
  19215. ret = wc_ecc_copy_point(point2, point);
  19216. if (ret != MP_OKAY) {
  19217. ret = -10022;
  19218. goto done;
  19219. }
  19220. ret = wc_ecc_cmp_point(point2, point);
  19221. if (ret != MP_EQ) {
  19222. ret = -10023;
  19223. goto done;
  19224. }
  19225. ret = wc_ecc_import_point_der(altDer, sizeof(altDer), curve_idx, point2);
  19226. if (ret != 0) {
  19227. ret = -10024;
  19228. goto done;
  19229. }
  19230. ret = wc_ecc_cmp_point(point2, point);
  19231. if (ret != MP_GT) {
  19232. ret = -10025;
  19233. goto done;
  19234. }
  19235. #ifdef HAVE_COMP_KEY
  19236. ret = wc_ecc_import_point_der(derComp0, sizeof(derComp0)*2-1, curve_idx, point3);
  19237. if (ret != 0) {
  19238. ret = -10026;
  19239. goto done;
  19240. }
  19241. #if !defined(HAVE_FIPS) && !defined(HAVE_SELFTEST) || \
  19242. (defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION > 2))
  19243. ret = wc_ecc_import_point_der_ex(derComp0, sizeof(derComp0), curve_idx, point4, 0);
  19244. if (ret != 0) {
  19245. ret = -10027;
  19246. goto done;
  19247. }
  19248. #endif
  19249. ret = wc_ecc_cmp_point(point3, point4);
  19250. if (ret != MP_EQ) {
  19251. ret = -10028;
  19252. goto done;
  19253. }
  19254. ret = wc_ecc_import_point_der(derComp1, sizeof(derComp1)*2-1, curve_idx, point3);
  19255. if (ret != 0) {
  19256. ret = -10029;
  19257. goto done;
  19258. }
  19259. #if !defined(HAVE_FIPS) && !defined(HAVE_SELFTEST) || \
  19260. (defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION > 2))
  19261. ret = wc_ecc_import_point_der_ex(derComp1, sizeof(derComp1), curve_idx, point4, 0);
  19262. if (ret != 0) {
  19263. ret = -10030;
  19264. goto done;
  19265. }
  19266. #endif
  19267. ret = wc_ecc_cmp_point(point3, point4);
  19268. if (ret != MP_EQ) {
  19269. ret = -10031;
  19270. goto done;
  19271. }
  19272. #endif
  19273. done:
  19274. #ifdef HAVE_COMP_KEY
  19275. wc_ecc_del_point(point4);
  19276. wc_ecc_del_point(point3);
  19277. #endif
  19278. wc_ecc_del_point(point2);
  19279. wc_ecc_del_point(point);
  19280. return ret;
  19281. }
  19282. #endif /* !WOLFSSL_ATECC508A && HAVE_ECC_KEY_IMPORT && HAVE_ECC_KEY_EXPORT */
  19283. #ifndef NO_SIG_WRAPPER
  19284. static int ecc_sig_test(WC_RNG* rng, ecc_key* key)
  19285. {
  19286. int ret;
  19287. word32 sigSz;
  19288. int size;
  19289. byte out[ECC_MAX_SIG_SIZE];
  19290. byte in[] = TEST_STRING;
  19291. WOLFSSL_SMALL_STACK_STATIC const byte hash[] = {
  19292. 0xf2, 0x02, 0x95, 0x65, 0xcb, 0xf6, 0x2a, 0x59,
  19293. 0x39, 0x2c, 0x05, 0xff, 0x0e, 0x29, 0xaf, 0xfe,
  19294. 0x47, 0x33, 0x8c, 0x99, 0x8d, 0x58, 0x64, 0x83,
  19295. 0xa6, 0x58, 0x0a, 0x33, 0x0b, 0x84, 0x5f, 0x5f
  19296. };
  19297. word32 inLen = (word32)XSTRLEN((char*)in);
  19298. size = wc_ecc_sig_size(key);
  19299. ret = wc_SignatureGetSize(WC_SIGNATURE_TYPE_ECC, key, sizeof(*key));
  19300. if (ret != size)
  19301. return -10040;
  19302. sigSz = (word32)ret;
  19303. ret = wc_SignatureGenerate(WC_HASH_TYPE_SHA256, WC_SIGNATURE_TYPE_ECC, in,
  19304. inLen, out, &sigSz, key, sizeof(*key), rng);
  19305. if (ret != 0)
  19306. return -10041;
  19307. TEST_SLEEP();
  19308. ret = wc_SignatureVerify(WC_HASH_TYPE_SHA256, WC_SIGNATURE_TYPE_ECC, in,
  19309. inLen, out, sigSz, key, sizeof(*key));
  19310. if (ret != 0)
  19311. return -10042;
  19312. TEST_SLEEP();
  19313. sigSz = (word32)sizeof(out);
  19314. ret = wc_SignatureGenerateHash(WC_HASH_TYPE_SHA256, WC_SIGNATURE_TYPE_ECC,
  19315. hash, (int)sizeof(hash), out, &sigSz, key, sizeof(*key), rng);
  19316. if (ret != 0)
  19317. return -10043;
  19318. TEST_SLEEP();
  19319. ret = wc_SignatureVerifyHash(WC_HASH_TYPE_SHA256, WC_SIGNATURE_TYPE_ECC,
  19320. hash, (int)sizeof(hash), out, sigSz, key, sizeof(*key));
  19321. if (ret != 0)
  19322. return -10044;
  19323. TEST_SLEEP();
  19324. return 0;
  19325. }
  19326. #endif
  19327. #if defined(HAVE_ECC_KEY_IMPORT) && defined(HAVE_ECC_KEY_EXPORT) && \
  19328. !defined(WOLFSSL_ATECC508A) && !defined(WOLFSSL_ATECC608A) && \
  19329. !defined(WOLFSSL_QNX_CAAM)
  19330. static int ecc_exp_imp_test(ecc_key* key)
  19331. {
  19332. int ret;
  19333. int curve_id;
  19334. #ifdef WOLFSSL_SMALL_STACK
  19335. ecc_key *keyImp = (ecc_key *)XMALLOC(sizeof *keyImp, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);;
  19336. #else
  19337. ecc_key keyImp[1];
  19338. #endif
  19339. byte priv[32];
  19340. word32 privLen;
  19341. byte pub[65];
  19342. word32 pubLen, pubLenX, pubLenY;
  19343. const char qx[] = "7a4e287890a1a47ad3457e52f2f76a83"
  19344. "ce46cbc947616d0cbaa82323818a793d";
  19345. const char qy[] = "eec4084f5b29ebf29c44cce3b3059610"
  19346. "922f8b30ea6e8811742ac7238fe87308";
  19347. const char d[] = "8c14b793cb19137e323a6d2e2a870bca"
  19348. "2e7a493ec1153b3a95feb8a4873f8d08";
  19349. #ifdef WOLFSSL_SMALL_STACK
  19350. if (keyImp == NULL)
  19351. ERROR_OUT(-10050, done);
  19352. #endif
  19353. wc_ecc_init_ex(keyImp, HEAP_HINT, devId);
  19354. privLen = sizeof(priv);
  19355. ret = wc_ecc_export_private_only(key, priv, &privLen);
  19356. if (ret != 0) {
  19357. ret = -10051;
  19358. goto done;
  19359. }
  19360. pubLen = sizeof(pub);
  19361. ret = wc_ecc_export_point_der(key->idx, &key->pubkey, pub, &pubLen);
  19362. if (ret != 0) {
  19363. ret = -10052;
  19364. goto done;
  19365. }
  19366. ret = wc_ecc_import_private_key(priv, privLen, pub, pubLen, keyImp);
  19367. if (ret != 0) {
  19368. ret = -10053;
  19369. goto done;
  19370. }
  19371. wc_ecc_free(keyImp);
  19372. wc_ecc_init_ex(keyImp, HEAP_HINT, devId);
  19373. ret = wc_ecc_import_raw_ex(keyImp, qx, qy, d, ECC_SECP256R1);
  19374. if (ret != 0) {
  19375. ret = -10054;
  19376. goto done;
  19377. }
  19378. wc_ecc_free(keyImp);
  19379. wc_ecc_init_ex(keyImp, HEAP_HINT, devId);
  19380. curve_id = wc_ecc_get_curve_id(key->idx);
  19381. if (curve_id < 0) {
  19382. ret = -10055;
  19383. goto done;
  19384. }
  19385. /* test import private only */
  19386. ret = wc_ecc_import_private_key_ex(priv, privLen, NULL, 0, keyImp,
  19387. curve_id);
  19388. if (ret != 0) {
  19389. ret = -10056;
  19390. goto done;
  19391. }
  19392. wc_ecc_free(keyImp);
  19393. wc_ecc_init_ex(keyImp, HEAP_HINT, devId);
  19394. /* test export public raw */
  19395. pubLenX = pubLenY = 32;
  19396. ret = wc_ecc_export_public_raw(key, pub, &pubLenX, &pub[32], &pubLenY);
  19397. if (ret != 0) {
  19398. ret = -10057;
  19399. goto done;
  19400. }
  19401. #ifndef HAVE_SELFTEST
  19402. /* test import of public */
  19403. ret = wc_ecc_import_unsigned(keyImp, pub, &pub[32], NULL, ECC_SECP256R1);
  19404. if (ret != 0) {
  19405. ret = -10058;
  19406. goto done;
  19407. }
  19408. #endif
  19409. wc_ecc_free(keyImp);
  19410. wc_ecc_init_ex(keyImp, HEAP_HINT, devId);
  19411. /* test export private and public raw */
  19412. pubLenX = pubLenY = privLen = 32;
  19413. ret = wc_ecc_export_private_raw(key, pub, &pubLenX, &pub[32], &pubLenY,
  19414. priv, &privLen);
  19415. if (ret != 0) {
  19416. ret = -10059;
  19417. goto done;
  19418. }
  19419. #ifndef HAVE_SELFTEST
  19420. /* test import of private and public */
  19421. ret = wc_ecc_import_unsigned(keyImp, pub, &pub[32], priv, ECC_SECP256R1);
  19422. if (ret != 0) {
  19423. ret = -10060;
  19424. goto done;
  19425. }
  19426. #endif
  19427. done:
  19428. #ifdef WOLFSSL_SMALL_STACK
  19429. if (keyImp != NULL) {
  19430. wc_ecc_free(keyImp);
  19431. XFREE(keyImp, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  19432. }
  19433. #else
  19434. wc_ecc_free(keyImp);
  19435. #endif
  19436. return ret;
  19437. }
  19438. #endif /* HAVE_ECC_KEY_IMPORT && HAVE_ECC_KEY_EXPORT */
  19439. #if !defined(WOLFSSL_ATECC508A) && !defined(WOLFSSL_ATECC608A) && \
  19440. !defined(WOLFSSL_CRYPTOCELL) && !defined(WOLFSSL_QNX_CAAM)
  19441. #if defined(HAVE_ECC_KEY_IMPORT) && !defined(WOLFSSL_VALIDATE_ECC_IMPORT)
  19442. static int ecc_mulmod_test(ecc_key* key1)
  19443. {
  19444. int ret;
  19445. #ifdef WOLFSSL_SMALL_STACK
  19446. ecc_key *key2 = (ecc_key *)XMALLOC(sizeof *key2, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  19447. ecc_key *key3 = (ecc_key *)XMALLOC(sizeof *key3, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  19448. #else
  19449. ecc_key key2[1];
  19450. ecc_key key3[1];
  19451. #endif
  19452. #ifdef WOLFSSL_SMALL_STACK
  19453. if ((key2 == NULL) || (key3 == NULL))
  19454. ERROR_OUT(MEMORY_E, done);
  19455. #endif
  19456. wc_ecc_init_ex(key2, HEAP_HINT, devId);
  19457. wc_ecc_init_ex(key3, HEAP_HINT, devId);
  19458. /* TODO: Use test data, test with WOLFSSL_VALIDATE_ECC_IMPORT. */
  19459. /* Need base point (Gx,Gy) and parameter A - load them as the public and
  19460. * private key in key2.
  19461. */
  19462. ret = wc_ecc_import_raw_ex(key2, key1->dp->Gx, key1->dp->Gy, key1->dp->Af,
  19463. ECC_SECP256R1);
  19464. if (ret != 0)
  19465. goto done;
  19466. /* Need a point (Gx,Gy) and prime - load them as the public and private key
  19467. * in key3.
  19468. */
  19469. ret = wc_ecc_import_raw_ex(key3, key1->dp->Gx, key1->dp->Gy,
  19470. key1->dp->prime, ECC_SECP256R1);
  19471. if (ret != 0)
  19472. goto done;
  19473. ret = wc_ecc_mulmod(&key1->k, &key2->pubkey, &key3->pubkey, &key2->k, &key3->k,
  19474. 1);
  19475. if (ret != 0) {
  19476. ret = -10070;
  19477. goto done;
  19478. }
  19479. done:
  19480. #ifdef WOLFSSL_SMALL_STACK
  19481. if (key2 != NULL) {
  19482. wc_ecc_free(key2);
  19483. XFREE(key2, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  19484. }
  19485. if (key3 != NULL) {
  19486. wc_ecc_free(key3);
  19487. XFREE(key3, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  19488. }
  19489. #else
  19490. wc_ecc_free(key3);
  19491. wc_ecc_free(key2);
  19492. #endif
  19493. return ret;
  19494. }
  19495. #endif
  19496. #if defined(HAVE_ECC_DHE) && !defined(WC_NO_RNG)
  19497. static int ecc_ssh_test(ecc_key* key, WC_RNG* rng)
  19498. {
  19499. int ret;
  19500. byte out[128];
  19501. word32 outLen = sizeof(out);
  19502. /* Parameter Validation testing. */
  19503. ret = wc_ecc_shared_secret_ssh(NULL, &key->pubkey, out, &outLen);
  19504. if (ret != BAD_FUNC_ARG)
  19505. return -10080;
  19506. ret = wc_ecc_shared_secret_ssh(key, NULL, out, &outLen);
  19507. if (ret != BAD_FUNC_ARG)
  19508. return -10081;
  19509. ret = wc_ecc_shared_secret_ssh(key, &key->pubkey, NULL, &outLen);
  19510. if (ret != BAD_FUNC_ARG)
  19511. return -10082;
  19512. ret = wc_ecc_shared_secret_ssh(key, &key->pubkey, out, NULL);
  19513. if (ret != BAD_FUNC_ARG)
  19514. return -10083;
  19515. #if defined(ECC_TIMING_RESISTANT) && (!defined(HAVE_FIPS) || \
  19516. (!defined(HAVE_FIPS_VERSION) || (HAVE_FIPS_VERSION != 2))) && \
  19517. !defined(HAVE_SELFTEST)
  19518. ret = wc_ecc_set_rng(key, rng);
  19519. if (ret != 0)
  19520. return -10084;
  19521. #else
  19522. (void)rng;
  19523. #endif
  19524. /* Use API. */
  19525. ret = 0;
  19526. do {
  19527. #if defined(WOLFSSL_ASYNC_CRYPT)
  19528. ret = wc_AsyncWait(ret, &key->asyncDev, WC_ASYNC_FLAG_CALL_AGAIN);
  19529. #endif
  19530. if (ret == 0)
  19531. ret = wc_ecc_shared_secret_ssh(key, &key->pubkey, out, &outLen);
  19532. } while (ret == WC_PENDING_E);
  19533. if (ret != 0)
  19534. return -10085;
  19535. TEST_SLEEP();
  19536. return 0;
  19537. }
  19538. #endif /* HAVE_ECC_DHE && !WC_NO_RNG */
  19539. #endif
  19540. static int ecc_def_curve_test(WC_RNG *rng)
  19541. {
  19542. int ret;
  19543. #ifdef WOLFSSL_SMALL_STACK
  19544. ecc_key *key = (ecc_key *)XMALLOC(sizeof *key, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  19545. #else
  19546. ecc_key key[1];
  19547. #endif
  19548. #ifdef WC_NO_RNG
  19549. word32 idx = 0;
  19550. #endif
  19551. #ifdef WOLFSSL_SMALL_STACK
  19552. if (key == NULL)
  19553. ERROR_OUT(MEMORY_E, done);
  19554. #endif
  19555. wc_ecc_init_ex(key, HEAP_HINT, devId);
  19556. /* Use API */
  19557. ret = wc_ecc_set_flags(NULL, 0);
  19558. if (ret != BAD_FUNC_ARG) {
  19559. ret = -10090;
  19560. goto done;
  19561. }
  19562. ret = wc_ecc_set_flags(key, 0);
  19563. if (ret != 0) {
  19564. ret = -10091;
  19565. goto done;
  19566. }
  19567. #ifndef WC_NO_RNG
  19568. ret = wc_ecc_make_key(rng, ECC_KEYGEN_SIZE, key);
  19569. #if defined(WOLFSSL_ASYNC_CRYPT)
  19570. ret = wc_AsyncWait(ret, &key->asyncDev, WC_ASYNC_FLAG_NONE);
  19571. #endif
  19572. #else
  19573. /* use test ECC key */
  19574. ret = wc_EccPrivateKeyDecode(ecc_key_der_256, &idx, key,
  19575. (word32)sizeof_ecc_key_der_256);
  19576. (void)rng;
  19577. #endif
  19578. if (ret != 0) {
  19579. ret = -10092;
  19580. goto done;
  19581. }
  19582. TEST_SLEEP();
  19583. #ifndef NO_SIG_WRAPPER
  19584. ret = ecc_sig_test(rng, key);
  19585. if (ret < 0)
  19586. goto done;
  19587. #endif
  19588. #if defined(HAVE_ECC_KEY_IMPORT) && defined(HAVE_ECC_KEY_EXPORT) && \
  19589. !defined(WOLFSSL_ATECC508A) && !defined(WOLFSSL_ATECC608A) && \
  19590. !defined(WOLFSSL_QNX_CAAM)
  19591. ret = ecc_exp_imp_test(key);
  19592. if (ret < 0)
  19593. goto done;
  19594. #endif
  19595. #if !defined(WOLFSSL_ATECC508A) && !defined(WOLFSSL_ATECC608A) && \
  19596. !defined(WOLFSSL_CRYPTOCELL) && !defined(WOLFSSL_QNX_CAAM)
  19597. #if defined(HAVE_ECC_KEY_IMPORT) && !defined(WOLFSSL_VALIDATE_ECC_IMPORT)
  19598. ret = ecc_mulmod_test(key);
  19599. if (ret < 0)
  19600. goto done;
  19601. #endif
  19602. #if defined(HAVE_ECC_DHE) && !defined(WC_NO_RNG)
  19603. ret = ecc_ssh_test(key, rng);
  19604. if (ret < 0)
  19605. goto done;
  19606. #endif
  19607. #endif /* WOLFSSL_ATECC508A */
  19608. done:
  19609. #ifdef WOLFSSL_SMALL_STACK
  19610. if (key != NULL) {
  19611. wc_ecc_free(key);
  19612. XFREE(key, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  19613. }
  19614. #else
  19615. wc_ecc_free(key);
  19616. #endif
  19617. return ret;
  19618. }
  19619. #endif /* !NO_ECC256 || HAVE_ALL_CURVES */
  19620. #ifdef WOLFSSL_CERT_EXT
  19621. static int ecc_decode_test(void)
  19622. {
  19623. int ret;
  19624. word32 inSz;
  19625. word32 inOutIdx;
  19626. #ifdef WOLFSSL_SMALL_STACK
  19627. ecc_key *key = (ecc_key *)XMALLOC(sizeof *key, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  19628. #else
  19629. ecc_key key[1];
  19630. #endif
  19631. /* SECP256R1 OID: 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x03, 0x01, 0x07 */
  19632. /* This is ecc_clikeypub_der_256. */
  19633. WOLFSSL_SMALL_STACK_STATIC const byte good[] = {
  19634. 0x30, 0x59, 0x30, 0x13, 0x06, 0x07, 0x2a, 0x86, 0x48, 0xce,
  19635. 0x3d, 0x02, 0x01, 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d,
  19636. 0x03, 0x01, 0x07, 0x03, 0x42, 0x00, 0x04, 0x55, 0xbf, 0xf4,
  19637. 0x0f, 0x44, 0x50, 0x9a, 0x3d, 0xce, 0x9b, 0xb7, 0xf0, 0xc5,
  19638. 0x4d, 0xf5, 0x70, 0x7b, 0xd4, 0xec, 0x24, 0x8e, 0x19, 0x80,
  19639. 0xec, 0x5a, 0x4c, 0xa2, 0x24, 0x03, 0x62, 0x2c, 0x9b, 0xda,
  19640. 0xef, 0xa2, 0x35, 0x12, 0x43, 0x84, 0x76, 0x16, 0xc6, 0x56,
  19641. 0x95, 0x06, 0xcc, 0x01, 0xa9, 0xbd, 0xf6, 0x75, 0x1a, 0x42,
  19642. 0xf7, 0xbd, 0xa9, 0xb2, 0x36, 0x22, 0x5f, 0xc7, 0x5d, 0x7f,
  19643. 0xb4 };
  19644. WOLFSSL_SMALL_STACK_STATIC const byte badNoObjId[] = { 0x30, 0x08, 0x30, 0x06, 0x03, 0x04,
  19645. 0x00, 0x04, 0x01, 0x01 };
  19646. WOLFSSL_SMALL_STACK_STATIC const byte badOneObjId[] = { 0x30, 0x0a, 0x30, 0x08, 0x06, 0x00,
  19647. 0x03, 0x04, 0x00, 0x04, 0x01, 0x01 };
  19648. WOLFSSL_SMALL_STACK_STATIC const byte badObjId1Len[] = { 0x30, 0x0c, 0x30, 0x0a, 0x06, 0x09,
  19649. 0x06, 0x00, 0x03, 0x04, 0x00, 0x04, 0x01, 0x01 };
  19650. WOLFSSL_SMALL_STACK_STATIC const byte badObj2d1Len[] = { 0x30, 0x0c, 0x30, 0x0a, 0x06, 0x00,
  19651. 0x06, 0x07, 0x03, 0x04, 0x00, 0x04, 0x01, 0x01 };
  19652. WOLFSSL_SMALL_STACK_STATIC const byte badNotBitStr[] = { 0x30, 0x14, 0x30, 0x0b, 0x06, 0x00,
  19653. 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x03, 0x01, 0x07,
  19654. 0x04, 0x04, 0x00, 0x04, 0x01, 0x01 };
  19655. WOLFSSL_SMALL_STACK_STATIC const byte badBitStrLen[] = { 0x30, 0x14, 0x30, 0x0b, 0x06, 0x00,
  19656. 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x03, 0x01, 0x07,
  19657. 0x03, 0x05, 0x00, 0x04, 0x01, 0x01 };
  19658. WOLFSSL_SMALL_STACK_STATIC const byte badNoBitStrZero[] = { 0x30, 0x13, 0x30, 0x0a, 0x06, 0x00,
  19659. 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x03, 0x01, 0x07,
  19660. 0x03, 0x03, 0x04, 0x01, 0x01 };
  19661. WOLFSSL_SMALL_STACK_STATIC const byte badPoint[] = { 0x30, 0x12, 0x30, 0x09, 0x06, 0x00,
  19662. 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x03, 0x01, 0x07,
  19663. 0x03, 0x03, 0x00, 0x04, 0x01 };
  19664. #ifdef WOLFSSL_SMALL_STACK
  19665. if (key == NULL)
  19666. ERROR_OUT(MEMORY_E, done);
  19667. #endif
  19668. XMEMSET(key, 0, sizeof *key);
  19669. wc_ecc_init_ex(key, HEAP_HINT, devId);
  19670. inSz = sizeof(good);
  19671. ret = wc_EccPublicKeyDecode(NULL, &inOutIdx, key, inSz);
  19672. if (ret != BAD_FUNC_ARG) {
  19673. ret = -10100;
  19674. goto done;
  19675. }
  19676. ret = wc_EccPublicKeyDecode(good, NULL, key, inSz);
  19677. if (ret != BAD_FUNC_ARG) {
  19678. ret = -10101;
  19679. goto done;
  19680. }
  19681. ret = wc_EccPublicKeyDecode(good, &inOutIdx, NULL, inSz);
  19682. if (ret != BAD_FUNC_ARG) {
  19683. ret = -10102;
  19684. goto done;
  19685. }
  19686. ret = wc_EccPublicKeyDecode(good, &inOutIdx, key, 0);
  19687. if (ret != BAD_FUNC_ARG) {
  19688. ret = -10103;
  19689. goto done;
  19690. }
  19691. /* Change offset to produce bad input data. */
  19692. inOutIdx = 2;
  19693. inSz = sizeof(good) - inOutIdx;
  19694. ret = wc_EccPublicKeyDecode(good, &inOutIdx, key, inSz);
  19695. if (ret != ASN_PARSE_E) {
  19696. ret = -10104;
  19697. goto done;
  19698. }
  19699. inOutIdx = 4;
  19700. inSz = sizeof(good) - inOutIdx;
  19701. ret = wc_EccPublicKeyDecode(good, &inOutIdx, key, inSz);
  19702. if (ret != ASN_PARSE_E) {
  19703. ret = -10105;
  19704. goto done;
  19705. }
  19706. /* Bad data. */
  19707. inSz = sizeof(badNoObjId);
  19708. inOutIdx = 0;
  19709. ret = wc_EccPublicKeyDecode(badNoObjId, &inOutIdx, key, inSz);
  19710. if (ret != ASN_OBJECT_ID_E) {
  19711. ret = -10106;
  19712. goto done;
  19713. }
  19714. inSz = sizeof(badOneObjId);
  19715. inOutIdx = 0;
  19716. ret = wc_EccPublicKeyDecode(badOneObjId, &inOutIdx, key, inSz);
  19717. if (ret != ASN_OBJECT_ID_E) {
  19718. ret = -10107;
  19719. goto done;
  19720. }
  19721. inSz = sizeof(badObjId1Len);
  19722. inOutIdx = 0;
  19723. ret = wc_EccPublicKeyDecode(badObjId1Len, &inOutIdx, key, inSz);
  19724. if (ret != ASN_PARSE_E) {
  19725. ret = -10108;
  19726. goto done;
  19727. }
  19728. inSz = sizeof(badObj2d1Len);
  19729. inOutIdx = 0;
  19730. ret = wc_EccPublicKeyDecode(badObj2d1Len, &inOutIdx, key, inSz);
  19731. if (ret != ASN_PARSE_E) {
  19732. ret = -10109;
  19733. goto done;
  19734. }
  19735. inSz = sizeof(badNotBitStr);
  19736. inOutIdx = 0;
  19737. ret = wc_EccPublicKeyDecode(badNotBitStr, &inOutIdx, key, inSz);
  19738. if (ret != ASN_BITSTR_E) {
  19739. ret = -10110;
  19740. goto done;
  19741. }
  19742. inSz = sizeof(badBitStrLen);
  19743. inOutIdx = 0;
  19744. ret = wc_EccPublicKeyDecode(badBitStrLen, &inOutIdx, key, inSz);
  19745. if (ret != ASN_PARSE_E) {
  19746. ret = -10111;
  19747. goto done;
  19748. }
  19749. inSz = sizeof(badNoBitStrZero);
  19750. inOutIdx = 0;
  19751. ret = wc_EccPublicKeyDecode(badNoBitStrZero, &inOutIdx, key, inSz);
  19752. if (ret != ASN_EXPECT_0_E) {
  19753. ret = -10112;
  19754. goto done;
  19755. }
  19756. inSz = sizeof(badPoint);
  19757. inOutIdx = 0;
  19758. ret = wc_EccPublicKeyDecode(badPoint, &inOutIdx, key, inSz);
  19759. if (ret != ASN_ECC_KEY_E) {
  19760. ret = -10113;
  19761. goto done;
  19762. }
  19763. inSz = sizeof(good);
  19764. inOutIdx = 0;
  19765. ret = wc_EccPublicKeyDecode(good, &inOutIdx, key, inSz);
  19766. if (ret != 0) {
  19767. ret = -10114;
  19768. goto done;
  19769. }
  19770. done:
  19771. #ifdef WOLFSSL_SMALL_STACK
  19772. if (key != NULL) {
  19773. wc_ecc_free(key);
  19774. XFREE(key, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  19775. }
  19776. #else
  19777. wc_ecc_free(key);
  19778. #endif
  19779. return ret;
  19780. }
  19781. #endif /* WOLFSSL_CERT_EXT */
  19782. #ifdef WOLFSSL_CUSTOM_CURVES
  19783. static const byte eccKeyExplicitCurve[] = {
  19784. 0x30, 0x81, 0xf5, 0x30, 0x81, 0xae, 0x06, 0x07,
  19785. 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x02, 0x01, 0x30,
  19786. 0x81, 0xa2, 0x02, 0x01, 0x01, 0x30, 0x2c, 0x06,
  19787. 0x07, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x01, 0x01,
  19788. 0x02, 0x21, 0x00, 0xff, 0xff, 0xff, 0xff, 0xff,
  19789. 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
  19790. 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
  19791. 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xfe, 0xff,
  19792. 0xff, 0xfc, 0x2f, 0x30, 0x06, 0x04, 0x01, 0x00,
  19793. 0x04, 0x01, 0x07, 0x04, 0x41, 0x04, 0x79, 0xbe,
  19794. 0x66, 0x7e, 0xf9, 0xdc, 0xbb, 0xac, 0x55, 0xa0,
  19795. 0x62, 0x95, 0xce, 0x87, 0x0b, 0x07, 0x02, 0x9b,
  19796. 0xfc, 0xdb, 0x2d, 0xce, 0x28, 0xd9, 0x59, 0xf2,
  19797. 0x81, 0x5b, 0x16, 0xf8, 0x17, 0x98, 0x48, 0x3a,
  19798. 0xda, 0x77, 0x26, 0xa3, 0xc4, 0x65, 0x5d, 0xa4,
  19799. 0xfb, 0xfc, 0x0e, 0x11, 0x08, 0xa8, 0xfd, 0x17,
  19800. 0xb4, 0x48, 0xa6, 0x85, 0x54, 0x19, 0x9c, 0x47,
  19801. 0xd0, 0x8f, 0xfb, 0x10, 0xd4, 0xb8, 0x02, 0x21,
  19802. 0x00, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
  19803. 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
  19804. 0xfe, 0xba, 0xae, 0xdc, 0xe6, 0xaf, 0x48, 0xa0,
  19805. 0x3b, 0xbf, 0xd2, 0x5e, 0x8c, 0xd0, 0x36, 0x41,
  19806. 0x41, 0x02, 0x01, 0x01, 0x03, 0x42, 0x00, 0x04,
  19807. 0x3c, 0x4c, 0xc9, 0x5e, 0x2e, 0xa2, 0x3d, 0x49,
  19808. 0xcc, 0x5b, 0xff, 0x4f, 0xc9, 0x2e, 0x1d, 0x4a,
  19809. 0xc6, 0x21, 0xf6, 0xf3, 0xe6, 0x0b, 0x4f, 0xa9,
  19810. 0x9d, 0x74, 0x99, 0xdd, 0x97, 0xc7, 0x6e, 0xbe,
  19811. 0x14, 0x2b, 0x39, 0x9d, 0x63, 0xc7, 0x97, 0x0d,
  19812. 0x45, 0x25, 0x40, 0x30, 0x77, 0x05, 0x76, 0x88,
  19813. 0x38, 0x96, 0x29, 0x7d, 0x9c, 0xe1, 0x50, 0xbe,
  19814. 0xac, 0xf0, 0x1d, 0x86, 0xf4, 0x2f, 0x65, 0x0b
  19815. };
  19816. static int ecc_test_custom_curves(WC_RNG* rng)
  19817. {
  19818. int ret;
  19819. word32 inOutIdx;
  19820. #ifdef WOLFSSL_SMALL_STACK
  19821. ecc_key *key = (ecc_key *)XMALLOC(sizeof *key, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  19822. #else
  19823. ecc_key key[1];
  19824. #endif
  19825. /* test use of custom curve - using BRAINPOOLP256R1 for test */
  19826. #ifndef WOLFSSL_ECC_CURVE_STATIC
  19827. WOLFSSL_SMALL_STACK_STATIC const ecc_oid_t ecc_oid_brainpoolp256r1[] = {
  19828. 0x2B,0x24,0x03,0x03,0x02,0x08,0x01,0x01,0x07
  19829. };
  19830. #define ecc_oid_brainpoolp256r1_sz \
  19831. (sizeof(ecc_oid_brainpoolp256r1) / sizeof(ecc_oid_t))
  19832. #else
  19833. #define ecc_oid_brainpoolp256r1 { \
  19834. 0x2B,0x24,0x03,0x03,0x02,0x08,0x01,0x01,0x07 \
  19835. }
  19836. #define ecc_oid_brainpoolp256r1_sz 9
  19837. #endif
  19838. #define ecc_oid_brainpoolp256r1_sum 104
  19839. WOLFSSL_SMALL_STACK_STATIC const ecc_set_type ecc_dp_brainpool256r1 = {
  19840. 32, /* size/bytes */
  19841. ECC_CURVE_CUSTOM, /* ID */
  19842. "BRAINPOOLP256R1", /* curve name */
  19843. "A9FB57DBA1EEA9BC3E660A909D838D726E3BF623D52620282013481D1F6E5377", /* prime */
  19844. "7D5A0975FC2C3057EEF67530417AFFE7FB8055C126DC5C6CE94A4B44F330B5D9", /* A */
  19845. "26DC5C6CE94A4B44F330B5D9BBD77CBF958416295CF7E1CE6BCCDC18FF8C07B6", /* B */
  19846. "A9FB57DBA1EEA9BC3E660A909D838D718C397AA3B561A6F7901E0E82974856A7", /* order */
  19847. "8BD2AEB9CB7E57CB2C4B482FFC81B7AFB9DE27E1E3BD23C23A4453BD9ACE3262", /* Gx */
  19848. "547EF835C3DAC4FD97F8461A14611DC9C27745132DED8E545C1D54C72F046997", /* Gy */
  19849. ecc_oid_brainpoolp256r1, /* oid/oidSz */
  19850. ecc_oid_brainpoolp256r1_sz,
  19851. ecc_oid_brainpoolp256r1_sum, /* oid sum */
  19852. 1, /* cofactor */
  19853. };
  19854. #ifdef WOLFSSL_SMALL_STACK
  19855. if (! key) {
  19856. ret = MEMORY_E;
  19857. goto done;
  19858. }
  19859. #endif
  19860. XMEMSET(key, 0, sizeof *key);
  19861. ret = ecc_test_curve_size(rng, 0, ECC_TEST_VERIFY_COUNT, ECC_CURVE_DEF,
  19862. &ecc_dp_brainpool256r1);
  19863. if (ret != 0) {
  19864. printf("ECC test for custom curve failed! %d\n", ret);
  19865. goto done;
  19866. }
  19867. #if defined(HAVE_ECC_BRAINPOOL) || defined(HAVE_ECC_KOBLITZ)
  19868. {
  19869. int curve_id;
  19870. #ifdef HAVE_ECC_BRAINPOOL
  19871. curve_id = ECC_BRAINPOOLP256R1;
  19872. #else
  19873. curve_id = ECC_SECP256K1;
  19874. #endif
  19875. /* Test and demonstrate use of non-SECP curve */
  19876. ret = ecc_test_curve_size(rng, 0, ECC_TEST_VERIFY_COUNT, curve_id, NULL);
  19877. if (ret < 0) {
  19878. printf("ECC test for curve_id %d failed! %d\n", curve_id, ret);
  19879. goto done;
  19880. }
  19881. }
  19882. #endif
  19883. ret = wc_ecc_init_ex(key, HEAP_HINT, devId);
  19884. if (ret != 0) {
  19885. ret = -10120;
  19886. goto done;
  19887. }
  19888. inOutIdx = 0;
  19889. ret = wc_EccPublicKeyDecode(eccKeyExplicitCurve, &inOutIdx, key,
  19890. sizeof(eccKeyExplicitCurve));
  19891. if (ret != 0)
  19892. ret = -10121;
  19893. done:
  19894. #ifdef WOLFSSL_SMALL_STACK
  19895. if (key) {
  19896. wc_ecc_free(key);
  19897. XFREE(key, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  19898. }
  19899. #else
  19900. wc_ecc_free(key);
  19901. #endif
  19902. return ret;
  19903. }
  19904. #endif /* WOLFSSL_CUSTOM_CURVES */
  19905. #ifdef WOLFSSL_CERT_GEN
  19906. /* Make Cert / Sign example for ECC cert and ECC CA */
  19907. static int ecc_test_cert_gen(WC_RNG* rng)
  19908. {
  19909. int ret;
  19910. #ifdef WOLFSSL_SMALL_STACK
  19911. Cert *myCert = (Cert *)XMALLOC(sizeof *myCert, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  19912. #ifdef WOLFSSL_TEST_CERT
  19913. DecodedCert *decode = (DecodedCert *)XMALLOC(sizeof *decode, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  19914. #endif
  19915. ecc_key *caEccKey = (ecc_key *)XMALLOC(sizeof *caEccKey, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  19916. ecc_key *certPubKey = (ecc_key *)XMALLOC(sizeof *certPubKey, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  19917. #else
  19918. Cert myCert[1];
  19919. #ifdef WOLFSSL_TEST_CERT
  19920. DecodedCert decode[1];
  19921. #endif
  19922. ecc_key caEccKey[1];
  19923. ecc_key certPubKey[1];
  19924. #endif
  19925. int certSz;
  19926. size_t bytes;
  19927. word32 idx = 0;
  19928. #ifndef USE_CERT_BUFFERS_256
  19929. XFILE file;
  19930. #endif
  19931. #ifdef WOLFSSL_SMALL_STACK
  19932. byte* der = NULL;
  19933. #else
  19934. byte der[FOURK_BUF];
  19935. #endif
  19936. #ifdef WOLFSSL_SMALL_STACK
  19937. if ((myCert == NULL)
  19938. #ifdef WOLFSSL_TEST_CERT
  19939. || (decode == NULL)
  19940. #endif
  19941. || (caEccKey == NULL) || (certPubKey == NULL))
  19942. ERROR_OUT(MEMORY_E, exit);
  19943. #endif
  19944. XMEMSET(caEccKey, 0, sizeof *caEccKey);
  19945. XMEMSET(certPubKey, 0, sizeof *certPubKey);
  19946. #ifdef WOLFSSL_SMALL_STACK
  19947. der = (byte*)XMALLOC(FOURK_BUF, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  19948. if (der == NULL) {
  19949. ERROR_OUT(-10130, exit);
  19950. }
  19951. #endif
  19952. /* Get cert private key */
  19953. #ifdef ENABLE_ECC384_CERT_GEN_TEST
  19954. /* Get Cert Key 384 */
  19955. #ifdef USE_CERT_BUFFERS_256
  19956. XMEMCPY(der, ca_ecc_key_der_384, sizeof_ca_ecc_key_der_384);
  19957. bytes = sizeof_ca_ecc_key_der_384;
  19958. #else
  19959. file = XFOPEN(eccCaKey384File, "rb");
  19960. if (!file) {
  19961. ERROR_OUT(-10131, exit);
  19962. }
  19963. bytes = XFREAD(der, 1, FOURK_BUF, file);
  19964. XFCLOSE(file);
  19965. (void)eccCaKeyFile;
  19966. #endif /* USE_CERT_BUFFERS_256 */
  19967. #else
  19968. #ifdef USE_CERT_BUFFERS_256
  19969. XMEMCPY(der, ca_ecc_key_der_256, sizeof_ca_ecc_key_der_256);
  19970. bytes = sizeof_ca_ecc_key_der_256;
  19971. #else
  19972. file = XFOPEN(eccCaKeyFile, "rb");
  19973. if (!file) {
  19974. ERROR_OUT(-10132, exit);
  19975. }
  19976. bytes = XFREAD(der, 1, FOURK_BUF, file);
  19977. XFCLOSE(file);
  19978. #ifdef ENABLE_ECC384_CERT_GEN_TEST
  19979. (void)eccCaKey384File;
  19980. #endif
  19981. #endif /* USE_CERT_BUFFERS_256 */
  19982. #endif /* ENABLE_ECC384_CERT_GEN_TEST */
  19983. /* Get CA Key */
  19984. ret = wc_ecc_init_ex(caEccKey, HEAP_HINT, devId);
  19985. if (ret != 0) {
  19986. ERROR_OUT(-10133, exit);
  19987. }
  19988. ret = wc_EccPrivateKeyDecode(der, &idx, caEccKey, (word32)bytes);
  19989. if (ret != 0) {
  19990. ERROR_OUT(-10134, exit);
  19991. }
  19992. /* Make a public key */
  19993. ret = wc_ecc_init_ex(certPubKey, HEAP_HINT, devId);
  19994. if (ret != 0) {
  19995. ERROR_OUT(-10135, exit);
  19996. }
  19997. ret = wc_ecc_make_key(rng, ECC_KEYGEN_SIZE, certPubKey);
  19998. #if defined(WOLFSSL_ASYNC_CRYPT)
  19999. ret = wc_AsyncWait(ret, &certPubKey->asyncDev, WC_ASYNC_FLAG_NONE);
  20000. #endif
  20001. if (ret != 0) {
  20002. ERROR_OUT(-10136, exit);
  20003. }
  20004. TEST_SLEEP();
  20005. /* Setup Certificate */
  20006. if (wc_InitCert(myCert)) {
  20007. ERROR_OUT(-10137, exit);
  20008. }
  20009. #ifndef NO_SHA256
  20010. myCert->sigType = CTC_SHA256wECDSA;
  20011. #else
  20012. myCert->sigType = CTC_SHAwECDSA;
  20013. #endif
  20014. XMEMCPY(&myCert->subject, &certDefaultName, sizeof(CertName));
  20015. #ifdef WOLFSSL_CERT_EXT
  20016. /* add Policies */
  20017. XSTRNCPY(myCert->certPolicies[0], "2.4.589440.587.101.2.1.9632587.1",
  20018. CTC_MAX_CERTPOL_SZ);
  20019. XSTRNCPY(myCert->certPolicies[1], "1.2.13025.489.1.113549",
  20020. CTC_MAX_CERTPOL_SZ);
  20021. myCert->certPoliciesNb = 2;
  20022. /* add SKID from the Public Key */
  20023. if (wc_SetSubjectKeyIdFromPublicKey(myCert, NULL, certPubKey) != 0) {
  20024. ERROR_OUT(-10138, exit);
  20025. }
  20026. /* add AKID from the Public Key */
  20027. if (wc_SetAuthKeyIdFromPublicKey(myCert, NULL, caEccKey) != 0) {
  20028. ERROR_OUT(-10139, exit);
  20029. }
  20030. /* add Key Usage */
  20031. if (wc_SetKeyUsage(myCert, certKeyUsage) != 0) {
  20032. ERROR_OUT(-10140, exit);
  20033. }
  20034. #endif /* WOLFSSL_CERT_EXT */
  20035. #ifdef ENABLE_ECC384_CERT_GEN_TEST
  20036. #if defined(USE_CERT_BUFFERS_256)
  20037. ret = wc_SetIssuerBuffer(myCert, ca_ecc_cert_der_384,
  20038. sizeof_ca_ecc_cert_der_384);
  20039. #else
  20040. ret = wc_SetIssuer(myCert, eccCaCert384File);
  20041. (void)eccCaCertFile;
  20042. #endif
  20043. #else
  20044. #if defined(USE_CERT_BUFFERS_256)
  20045. ret = wc_SetIssuerBuffer(myCert, ca_ecc_cert_der_256,
  20046. sizeof_ca_ecc_cert_der_256);
  20047. #else
  20048. ret = wc_SetIssuer(myCert, eccCaCertFile);
  20049. #ifdef ENABLE_ECC384_CERT_GEN_TEST
  20050. (void)eccCaCert384File;
  20051. #endif
  20052. #endif
  20053. #endif /* ENABLE_ECC384_CERT_GEN_TEST */
  20054. if (ret < 0) {
  20055. ERROR_OUT(-10141, exit);
  20056. }
  20057. certSz = wc_MakeCert(myCert, der, FOURK_BUF, NULL, certPubKey, rng);
  20058. if (certSz < 0) {
  20059. ERROR_OUT(-10142, exit);
  20060. }
  20061. ret = 0;
  20062. do {
  20063. #if defined(WOLFSSL_ASYNC_CRYPT)
  20064. ret = wc_AsyncWait(ret, &caEccKey->asyncDev, WC_ASYNC_FLAG_CALL_AGAIN);
  20065. #endif
  20066. if (ret >= 0) {
  20067. ret = wc_SignCert(myCert->bodySz, myCert->sigType, der,
  20068. FOURK_BUF, NULL, caEccKey, rng);
  20069. }
  20070. } while (ret == WC_PENDING_E);
  20071. if (ret < 0) {
  20072. ERROR_OUT(-10143, exit);
  20073. }
  20074. certSz = ret;
  20075. TEST_SLEEP();
  20076. #ifdef WOLFSSL_TEST_CERT
  20077. InitDecodedCert(decode, der, certSz, 0);
  20078. ret = ParseCert(decode, CERT_TYPE, NO_VERIFY, 0);
  20079. if (ret != 0) {
  20080. FreeDecodedCert(decode);
  20081. ERROR_OUT(-10144, exit);
  20082. }
  20083. FreeDecodedCert(decode);
  20084. #endif
  20085. ret = SaveDerAndPem(der, certSz, certEccDerFile, certEccPemFile,
  20086. CERT_TYPE, -6735);
  20087. if (ret != 0) {
  20088. goto exit;
  20089. }
  20090. exit:
  20091. #ifdef WOLFSSL_SMALL_STACK
  20092. XFREE(der, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  20093. #endif
  20094. #ifdef WOLFSSL_SMALL_STACK
  20095. if (myCert != NULL)
  20096. XFREE(myCert, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  20097. #ifdef WOLFSSL_TEST_CERT
  20098. if (decode != NULL)
  20099. XFREE(decode, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  20100. #endif
  20101. if (caEccKey != NULL) {
  20102. wc_ecc_free(caEccKey);
  20103. XFREE(caEccKey, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  20104. }
  20105. if (certPubKey != NULL) {
  20106. wc_ecc_free(certPubKey);
  20107. XFREE(certPubKey, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  20108. }
  20109. #else
  20110. wc_ecc_free(certPubKey);
  20111. wc_ecc_free(caEccKey);
  20112. #endif
  20113. return ret;
  20114. }
  20115. #endif /* WOLFSSL_CERT_GEN */
  20116. #if !defined(HAVE_FIPS) && !defined(HAVE_SELFTEST) && !defined(WOLFSSL_NO_MALLOC)
  20117. /* Test for the wc_ecc_key_new() and wc_ecc_key_free() functions. */
  20118. static int ecc_test_allocator(WC_RNG* rng)
  20119. {
  20120. int ret = 0;
  20121. ecc_key* key;
  20122. #ifdef WC_NO_RNG
  20123. word32 idx = 0;
  20124. #endif
  20125. key = wc_ecc_key_new(HEAP_HINT);
  20126. if (key == NULL) {
  20127. ERROR_OUT(-10150, exit);
  20128. }
  20129. #ifndef WC_NO_RNG
  20130. ret = wc_ecc_make_key(rng, ECC_KEYGEN_SIZE, key);
  20131. if (ret != 0) {
  20132. ERROR_OUT(-10151, exit);
  20133. }
  20134. #else
  20135. /* use test ECC key */
  20136. ret = wc_EccPrivateKeyDecode(ecc_key_der_256, &idx, key,
  20137. (word32)sizeof_ecc_key_der_256);
  20138. (void)rng;
  20139. #endif
  20140. exit:
  20141. wc_ecc_key_free(key);
  20142. return ret;
  20143. }
  20144. #endif
  20145. /* ECC Non-blocking tests for Sign and Verify */
  20146. /* Requires SP math and supports P384 or P256 */
  20147. /* ./configure --enable-ecc=nonblock --enable-sp=yes,nonblock CFLAGS="-DWOLFSSL_PUBLIC_MP" */
  20148. #if defined(WC_ECC_NONBLOCK) && defined(WOLFSSL_PUBLIC_MP) && \
  20149. defined(HAVE_ECC_SIGN) && defined(HAVE_ECC_VERIFY)
  20150. /* Test Data - Random */
  20151. static const uint8_t kMsg[] = {
  20152. 0x69, 0xbc, 0x9f, 0xce, 0x68, 0x17, 0xc2, 0x10, 0xea, 0xfc, 0x10, 0x65, 0x67, 0x52, 0xed, 0x78,
  20153. 0x6e, 0xb8, 0x83, 0x9c, 0x9a, 0xb4, 0x56, 0x0d, 0xc1, 0x0d, 0x1f, 0x78, 0x6e, 0x75, 0xd7, 0xbe,
  20154. 0x92, 0x6b, 0x12, 0xf6, 0x76, 0x60, 0x8e, 0xb1, 0xf4, 0x19, 0x0c, 0x81, 0xe7, 0x54, 0x5e, 0xbc,
  20155. 0xe0, 0xae, 0xc2, 0x7d, 0x1b, 0xc4, 0x6e, 0xec, 0xb1, 0x99, 0x6c, 0xbf, 0x0e, 0x38, 0xa8, 0x01,
  20156. 0xa6, 0x9a, 0x48, 0x12, 0xe4, 0xc9, 0x3b, 0xf0, 0x63, 0x46, 0x15, 0xb4, 0x61, 0xa8, 0x1a, 0x60,
  20157. 0x71, 0x87, 0x98, 0xd7, 0x6f, 0x98, 0x7b, 0x2d, 0xb9, 0x19, 0x1b, 0x21, 0x9c, 0x70, 0x58, 0xe8,
  20158. 0x0d, 0x0f, 0xe9, 0x2d, 0x9a, 0x9a, 0xf1, 0x55, 0xa0, 0x4c, 0xd3, 0x07, 0xbd, 0x97, 0x48, 0xec,
  20159. 0x88, 0x0a, 0xaf, 0xb3, 0x80, 0x78, 0xa4, 0x59, 0x43, 0x57, 0xd3, 0xa7, 0x01, 0x66, 0x0e, 0xfc
  20160. };
  20161. /* ECC Private Key "d" */
  20162. static const uint8_t kPrivKey[] = {
  20163. #ifdef HAVE_ECC384
  20164. /* SECP384R1 */
  20165. /* d */
  20166. 0xa4, 0xe5, 0x06, 0xe8, 0x06, 0x16, 0x3e, 0xab,
  20167. 0x89, 0xf8, 0x60, 0x43, 0xc0, 0x60, 0x25, 0xdb,
  20168. 0xba, 0x7b, 0xfe, 0x19, 0x35, 0x08, 0x55, 0x65,
  20169. 0x76, 0xe2, 0xdc, 0xe0, 0x01, 0x8b, 0x6b, 0x68,
  20170. 0xdf, 0xcf, 0x6f, 0x80, 0x12, 0xce, 0x79, 0x37,
  20171. 0xeb, 0x2b, 0x9c, 0x7b, 0xc4, 0x68, 0x1c, 0x74
  20172. #else
  20173. /* SECP256R1 */
  20174. /* d */
  20175. 0x1e, 0xe7, 0x70, 0x07, 0xd3, 0x30, 0x94, 0x39,
  20176. 0x28, 0x90, 0xdf, 0x23, 0x88, 0x2c, 0x4a, 0x34,
  20177. 0x15, 0xdb, 0x4c, 0x43, 0xcd, 0xfa, 0xe5, 0x1f,
  20178. 0x3d, 0x4c, 0x37, 0xfe, 0x59, 0x3b, 0x96, 0xd8
  20179. #endif
  20180. };
  20181. /* ECC public key Qx/Qy */
  20182. static const uint8_t kPubKey[] = {
  20183. #ifdef HAVE_ECC384
  20184. /* SECP384R1 */
  20185. /* Qx */
  20186. 0xea, 0xcf, 0x93, 0x4f, 0x2c, 0x09, 0xbb, 0x39,
  20187. 0x14, 0x0f, 0x56, 0x64, 0xc3, 0x40, 0xb4, 0xdf,
  20188. 0x0e, 0x63, 0xae, 0xe5, 0x71, 0x4b, 0x00, 0xcc,
  20189. 0x04, 0x97, 0xff, 0xe1, 0xe9, 0x38, 0x96, 0xbb,
  20190. 0x5f, 0x91, 0xb2, 0x6a, 0xcc, 0xb5, 0x39, 0x5f,
  20191. 0x8f, 0x70, 0x59, 0xf1, 0x01, 0xf6, 0x5a, 0x2b,
  20192. /* Qy */
  20193. 0x01, 0x6c, 0x68, 0x0b, 0xcf, 0x55, 0x25, 0xaf,
  20194. 0x6d, 0x98, 0x48, 0x0a, 0xa8, 0x74, 0xc9, 0xa9,
  20195. 0x17, 0xa0, 0x0c, 0xc3, 0xfb, 0xd3, 0x23, 0x68,
  20196. 0xfe, 0x04, 0x3c, 0x63, 0x50, 0x88, 0x3b, 0xb9,
  20197. 0x4f, 0x7c, 0x67, 0x34, 0xf7, 0x3b, 0xa9, 0x73,
  20198. 0xe7, 0x1b, 0xc3, 0x51, 0x5e, 0x22, 0x18, 0xec
  20199. #else
  20200. /* SECP256R1 */
  20201. /* Qx */
  20202. 0x96, 0x93, 0x1c, 0x53, 0x0b, 0x43, 0x6c, 0x42,
  20203. 0x0c, 0x52, 0x90, 0xe4, 0xa7, 0xec, 0x98, 0xb1,
  20204. 0xaf, 0xd4, 0x14, 0x49, 0xd8, 0xc1, 0x42, 0x82,
  20205. 0x04, 0x78, 0xd1, 0x90, 0xae, 0xa0, 0x6c, 0x07,
  20206. /* Qy */
  20207. 0xf2, 0x3a, 0xb5, 0x10, 0x32, 0x8d, 0xce, 0x9e,
  20208. 0x76, 0xa0, 0xd2, 0x8c, 0xf3, 0xfc, 0xa9, 0x94,
  20209. 0x43, 0x24, 0xe6, 0x82, 0x00, 0x40, 0xc6, 0xdb,
  20210. 0x1c, 0x2f, 0xcd, 0x38, 0x4b, 0x60, 0xdd, 0x61
  20211. #endif
  20212. };
  20213. /* ECC Curve */
  20214. #ifdef HAVE_ECC384
  20215. /* SECP384R1 */
  20216. #define ECC_CURVE_SZ 48
  20217. #define ECC_CURVE_ID ECC_SECP384R1
  20218. #else
  20219. /* SECP256R1 */
  20220. #define ECC_CURVE_SZ 32
  20221. #define ECC_CURVE_ID ECC_SECP256R1
  20222. #endif
  20223. /* Hash Algorithm */
  20224. #if defined(HAVE_ECC384) && defined(WOLFSSL_SHA3)
  20225. #define HASH_DIGEST_SZ WC_SHA3_384_DIGEST_SIZE
  20226. #define HASH_SHA_VER 3
  20227. #define CRYPTO_HASH_FN crypto_sha3_384
  20228. #elif defined(HAVE_ECC384) && defined(WOLFSSL_SHA384)
  20229. #define HASH_DIGEST_SZ WC_SHA384_DIGEST_SIZE
  20230. #define HASH_SHA_VER 2
  20231. #define CRYPTO_HASH_FN crypto_sha2_384
  20232. #elif !defined(NO_SHA256)
  20233. #define HASH_DIGEST_SZ WC_SHA256_DIGEST_SIZE
  20234. #define HASH_SHA_VER 2
  20235. #define CRYPTO_HASH_FN crypto_sha2_256
  20236. #else
  20237. #error test configuration not supported
  20238. #endif
  20239. #if defined(HAVE_ECC384) && defined(WOLFSSL_SHA3)
  20240. /* helper to perform hashing block by block */
  20241. static int crypto_sha3_384(const uint8_t *buf, uint32_t len, uint8_t *hash,
  20242. uint32_t hashSz, uint32_t blkSz)
  20243. {
  20244. int ret;
  20245. uint32_t i = 0, chunk;
  20246. wc_Sha3 sha3;
  20247. /* validate arguments */
  20248. if ((buf == NULL && len > 0) || hash == NULL ||
  20249. hashSz < WC_SHA3_384_DIGEST_SIZE || blkSz == 0)
  20250. {
  20251. return BAD_FUNC_ARG;
  20252. }
  20253. /* Init Sha3_384 structure */
  20254. ret = wc_InitSha3_384(&sha3, NULL, INVALID_DEVID);
  20255. if (ret != 0) {
  20256. return ret;
  20257. }
  20258. while (i < len) {
  20259. chunk = blkSz;
  20260. if ((chunk + i) > len)
  20261. chunk = len - i;
  20262. /* Perform chunked update */
  20263. ret = wc_Sha3_384_Update(&sha3, (buf + i), chunk);
  20264. if (ret != 0) {
  20265. break;
  20266. }
  20267. i += chunk;
  20268. }
  20269. if (ret == 0) {
  20270. /* Get final digest result */
  20271. ret = wc_Sha3_384_Final(&sha3, hash);
  20272. }
  20273. return ret;
  20274. }
  20275. #elif defined(HAVE_ECC384) && defined(WOLFSSL_SHA384)
  20276. /* helper to perform hashing block by block */
  20277. static int crypto_sha2_384(const uint8_t *buf, uint32_t len, uint8_t *hash,
  20278. uint32_t hashSz, uint32_t blkSz)
  20279. {
  20280. int ret;
  20281. uint32_t i = 0, chunk;
  20282. wc_Sha384 sha384;
  20283. /* validate arguments */
  20284. if ((buf == NULL && len > 0) || hash == NULL ||
  20285. hashSz < WC_SHA384_DIGEST_SIZE || blkSz == 0)
  20286. {
  20287. return BAD_FUNC_ARG;
  20288. }
  20289. /* Init Sha384 structure */
  20290. ret = wc_InitSha384(&sha384);
  20291. if (ret != 0) {
  20292. return ret;
  20293. }
  20294. while (i < len) {
  20295. chunk = blkSz;
  20296. if ((chunk + i) > len)
  20297. chunk = len - i;
  20298. /* Perform chunked update */
  20299. ret = wc_Sha384Update(&sha384, (buf + i), chunk);
  20300. if (ret != 0) {
  20301. break;
  20302. }
  20303. i += chunk;
  20304. }
  20305. if (ret == 0) {
  20306. /* Get final digest result */
  20307. ret = wc_Sha384Final(&sha384, hash);
  20308. }
  20309. return ret;
  20310. }
  20311. #elif !defined(NO_SHA256)
  20312. /* helper to perform hashing block by block */
  20313. static int crypto_sha2_256(const uint8_t *buf, uint32_t len, uint8_t *hash,
  20314. uint32_t hashSz, uint32_t blkSz)
  20315. {
  20316. int ret;
  20317. uint32_t i = 0, chunk;
  20318. wc_Sha256 sha256;
  20319. /* validate arguments */
  20320. if ((buf == NULL && len > 0) || hash == NULL ||
  20321. hashSz < WC_SHA256_DIGEST_SIZE || blkSz == 0)
  20322. {
  20323. return BAD_FUNC_ARG;
  20324. }
  20325. /* Init Sha256 structure */
  20326. ret = wc_InitSha256(&sha256);
  20327. if (ret != 0) {
  20328. return ret;
  20329. }
  20330. while (i < len) {
  20331. chunk = blkSz;
  20332. if ((chunk + i) > len)
  20333. chunk = len - i;
  20334. /* Perform chunked update */
  20335. ret = wc_Sha256Update(&sha256, (buf + i), chunk);
  20336. if (ret != 0) {
  20337. break;
  20338. }
  20339. i += chunk;
  20340. }
  20341. if (ret == 0) {
  20342. /* Get final digest result */
  20343. ret = wc_Sha256Final(&sha256, hash);
  20344. }
  20345. return ret;
  20346. }
  20347. #endif
  20348. /* perform verify of signature and hash using public key */
  20349. /* key is public Qx + public Qy */
  20350. /* sig is r + s */
  20351. static int crypto_ecc_verify(const uint8_t *key, uint32_t keySz,
  20352. const uint8_t *hash, uint32_t hashSz, const uint8_t *sig, uint32_t sigSz,
  20353. uint32_t curveSz, int curveId)
  20354. {
  20355. int ret, verify_res = 0, count = 0;
  20356. mp_int r, s;
  20357. ecc_key ecc;
  20358. ecc_nb_ctx_t nb_ctx;
  20359. /* validate arguments */
  20360. if (key == NULL || hash == NULL || sig == NULL || curveSz == 0 ||
  20361. hashSz == 0 || keySz < (curveSz*2) || sigSz < (curveSz*2))
  20362. {
  20363. return BAD_FUNC_ARG;
  20364. }
  20365. /* Setup the ECC key */
  20366. ret = wc_ecc_init(&ecc);
  20367. if (ret < 0) {
  20368. return ret;
  20369. }
  20370. ret = wc_ecc_set_nonblock(&ecc, &nb_ctx);
  20371. if (ret != MP_OKAY) {
  20372. wc_ecc_free(&ecc);
  20373. return ret;
  20374. }
  20375. /* Setup the signature r/s variables */
  20376. ret = mp_init(&r);
  20377. if (ret != MP_OKAY) {
  20378. wc_ecc_free(&ecc);
  20379. return ret;
  20380. }
  20381. ret = mp_init(&s);
  20382. if (ret != MP_OKAY) {
  20383. mp_clear(&r);
  20384. wc_ecc_free(&ecc);
  20385. return ret;
  20386. }
  20387. /* Import public key x/y */
  20388. ret = wc_ecc_import_unsigned(
  20389. &ecc,
  20390. (byte*)key, /* Public "x" Coordinate */
  20391. (byte*)(key + curveSz), /* Public "y" Coordinate */
  20392. NULL, /* Private "d" (optional) */
  20393. curveId /* ECC Curve Id */
  20394. );
  20395. /* Make sure it was a public key imported */
  20396. if (ret == 0 && ecc.type != ECC_PUBLICKEY) {
  20397. ret = ECC_BAD_ARG_E;
  20398. }
  20399. /* Import signature r/s */
  20400. if (ret == 0) {
  20401. ret = mp_read_unsigned_bin(&r, sig, curveSz);
  20402. }
  20403. if (ret == 0) {
  20404. ret = mp_read_unsigned_bin(&s, sig + curveSz, curveSz);
  20405. }
  20406. /* Verify ECC Signature */
  20407. if (ret == 0) {
  20408. do {
  20409. ret = wc_ecc_verify_hash_ex(
  20410. &r, &s, /* r/s as mp_int */
  20411. hash, hashSz, /* computed hash digest */
  20412. &verify_res, /* verification result 1=success */
  20413. &ecc
  20414. );
  20415. count++;
  20416. /* This is where real-time work could be called */
  20417. } while (ret == FP_WOULDBLOCK);
  20418. #ifdef DEBUG_WOLFSSL
  20419. printf("ECC non-block verify: %d times\n", count);
  20420. #endif
  20421. }
  20422. /* check verify result */
  20423. if (ret == 0 && verify_res == 0) {
  20424. ret = SIG_VERIFY_E;
  20425. }
  20426. mp_clear(&r);
  20427. mp_clear(&s);
  20428. wc_ecc_free(&ecc);
  20429. (void)count;
  20430. return ret;
  20431. }
  20432. /* perform signature operation against hash using private key */
  20433. static int crypto_ecc_sign(const uint8_t *key, uint32_t keySz,
  20434. const uint8_t *hash, uint32_t hashSz, uint8_t *sig, uint32_t* sigSz,
  20435. uint32_t curveSz, int curveId, WC_RNG* rng)
  20436. {
  20437. int ret, count = 0;
  20438. mp_int r, s;
  20439. ecc_key ecc;
  20440. ecc_nb_ctx_t nb_ctx;
  20441. /* validate arguments */
  20442. if (key == NULL || hash == NULL || sig == NULL || sigSz == NULL ||
  20443. curveSz == 0 || hashSz == 0 || keySz < curveSz || *sigSz < (curveSz*2))
  20444. {
  20445. return BAD_FUNC_ARG;
  20446. }
  20447. /* Initialize signature result */
  20448. memset(sig, 0, curveSz*2);
  20449. /* Setup the ECC key */
  20450. ret = wc_ecc_init(&ecc);
  20451. if (ret < 0) {
  20452. return ret;
  20453. }
  20454. ret = wc_ecc_set_nonblock(&ecc, &nb_ctx);
  20455. if (ret != MP_OKAY) {
  20456. wc_ecc_free(&ecc);
  20457. return ret;
  20458. }
  20459. /* Setup the signature r/s variables */
  20460. ret = mp_init(&r);
  20461. if (ret != MP_OKAY) {
  20462. wc_ecc_free(&ecc);
  20463. return ret;
  20464. }
  20465. ret = mp_init(&s);
  20466. if (ret != MP_OKAY) {
  20467. mp_clear(&r);
  20468. wc_ecc_free(&ecc);
  20469. return ret;
  20470. }
  20471. /* Import private key "k" */
  20472. ret = wc_ecc_import_private_key_ex(
  20473. key, keySz, /* private key "d" */
  20474. NULL, 0, /* public (optional) */
  20475. &ecc,
  20476. curveId /* ECC Curve Id */
  20477. );
  20478. if (ret == 0) {
  20479. do {
  20480. /* Verify ECC Signature */
  20481. ret = wc_ecc_sign_hash_ex(
  20482. hash, hashSz, /* computed hash digest */
  20483. rng, &ecc, /* random and key context */
  20484. &r, &s /* r/s as mp_int */
  20485. );
  20486. count++;
  20487. /* This is where real-time work could be called */
  20488. } while (ret == FP_WOULDBLOCK);
  20489. #ifdef DEBUG_WOLFSSL
  20490. printf("ECC non-block sign: %d times\n", count);
  20491. #endif
  20492. }
  20493. if (ret == 0) {
  20494. /* export r/s */
  20495. mp_to_unsigned_bin_len(&r, sig, curveSz);
  20496. mp_to_unsigned_bin_len(&s, sig + curveSz, curveSz);
  20497. }
  20498. mp_clear(&r);
  20499. mp_clear(&s);
  20500. wc_ecc_free(&ecc);
  20501. (void)count;
  20502. return ret;
  20503. }
  20504. static int ecc_test_nonblock(WC_RNG* rng)
  20505. {
  20506. int ret;
  20507. uint8_t hash[HASH_DIGEST_SZ];
  20508. uint8_t sig[ECC_CURVE_SZ*2];
  20509. uint32_t sigSz = sizeof(sig);
  20510. ret = CRYPTO_HASH_FN(
  20511. kMsg, sizeof(kMsg), /* input message */
  20512. hash, sizeof(hash), /* hash digest result */
  20513. 32 /* configurable block / chunk size */
  20514. );
  20515. if (ret == 0) {
  20516. /* Sign hash using private key */
  20517. /* Note: result of an ECC sign varies for each call even with same
  20518. private key and hash. This is because a new random public key is
  20519. used for each operation. */
  20520. ret = crypto_ecc_sign(
  20521. kPrivKey, sizeof(kPrivKey), /* private key */
  20522. hash, sizeof(hash), /* computed hash digest */
  20523. sig, &sigSz, /* signature r/s */
  20524. ECC_CURVE_SZ, /* curve size in bytes */
  20525. ECC_CURVE_ID, /* curve id */
  20526. rng
  20527. );
  20528. }
  20529. if (ret == 0) {
  20530. /* Verify generated signature is valid */
  20531. ret = crypto_ecc_verify(
  20532. kPubKey, sizeof(kPubKey), /* public key point x/y */
  20533. hash, sizeof(hash), /* computed hash digest */
  20534. sig, sigSz, /* signature r/s */
  20535. ECC_CURVE_SZ, /* curve size in bytes */
  20536. ECC_CURVE_ID /* curve id */
  20537. );
  20538. }
  20539. return ret;
  20540. }
  20541. #endif /* WC_ECC_NONBLOCK && WOLFSSL_PUBLIC_MP && HAVE_ECC_SIGN && HAVE_ECC_VERIFY */
  20542. WOLFSSL_TEST_SUBROUTINE int ecc_test(void)
  20543. {
  20544. int ret;
  20545. WC_RNG rng;
  20546. #ifdef WOLFSSL_CERT_EXT
  20547. ret = ecc_decode_test();
  20548. if (ret < 0)
  20549. return ret;
  20550. #endif
  20551. #ifndef HAVE_FIPS
  20552. ret = wc_InitRng_ex(&rng, HEAP_HINT, devId);
  20553. #else
  20554. ret = wc_InitRng(&rng);
  20555. #endif
  20556. #ifndef WC_NO_RNG
  20557. if (ret != 0)
  20558. return -10300;
  20559. #endif
  20560. #if (defined(HAVE_ECC112) || defined(HAVE_ALL_CURVES)) && ECC_MIN_KEY_SZ <= 112
  20561. ret = ecc_test_curve(&rng, 14);
  20562. if (ret < 0) {
  20563. goto done;
  20564. }
  20565. #endif /* HAVE_ECC112 */
  20566. #if (defined(HAVE_ECC128) || defined(HAVE_ALL_CURVES)) && ECC_MIN_KEY_SZ <= 128
  20567. ret = ecc_test_curve(&rng, 16);
  20568. if (ret < 0) {
  20569. goto done;
  20570. }
  20571. #endif /* HAVE_ECC128 */
  20572. #if (defined(HAVE_ECC160) || defined(HAVE_ALL_CURVES)) && ECC_MIN_KEY_SZ <= 160
  20573. ret = ecc_test_curve(&rng, 20);
  20574. if (ret < 0) {
  20575. goto done;
  20576. }
  20577. #endif /* HAVE_ECC160 */
  20578. #if (defined(HAVE_ECC192) || defined(HAVE_ALL_CURVES)) && ECC_MIN_KEY_SZ <= 192
  20579. ret = ecc_test_curve(&rng, 24);
  20580. if (ret < 0) {
  20581. goto done;
  20582. }
  20583. #endif /* HAVE_ECC192 */
  20584. #if (defined(HAVE_ECC224) || defined(HAVE_ALL_CURVES)) && ECC_MIN_KEY_SZ <= 224
  20585. ret = ecc_test_curve(&rng, 28);
  20586. if (ret < 0) {
  20587. goto done;
  20588. }
  20589. #endif /* HAVE_ECC224 */
  20590. #if (defined(HAVE_ECC239) || defined(HAVE_ALL_CURVES)) && ECC_MIN_KEY_SZ <= 239
  20591. ret = ecc_test_curve(&rng, 30);
  20592. if (ret < 0) {
  20593. goto done;
  20594. }
  20595. #endif /* HAVE_ECC239 */
  20596. #if (!defined(NO_ECC256) || defined(HAVE_ALL_CURVES)) && ECC_MIN_KEY_SZ <= 256
  20597. ret = ecc_test_curve(&rng, 32);
  20598. if (ret < 0) {
  20599. goto done;
  20600. }
  20601. #if !defined(WOLFSSL_ATECC508A) && !defined(WOLFSSL_ATECC608A) && \
  20602. defined(HAVE_ECC_KEY_IMPORT) && defined(HAVE_ECC_KEY_EXPORT) && \
  20603. !defined(WOLFSSL_NO_MALLOC)
  20604. ret = ecc_point_test();
  20605. if (ret < 0) {
  20606. goto done;
  20607. }
  20608. #endif
  20609. ret = ecc_def_curve_test(&rng);
  20610. if (ret < 0) {
  20611. goto done;
  20612. }
  20613. #endif /* !NO_ECC256 */
  20614. #if (defined(HAVE_ECC320) || defined(HAVE_ALL_CURVES)) && ECC_MIN_KEY_SZ <= 320
  20615. ret = ecc_test_curve(&rng, 40);
  20616. if (ret < 0) {
  20617. goto done;
  20618. }
  20619. #endif /* HAVE_ECC320 */
  20620. #if (defined(HAVE_ECC384) || defined(HAVE_ALL_CURVES)) && ECC_MIN_KEY_SZ <= 384
  20621. ret = ecc_test_curve(&rng, 48);
  20622. if (ret < 0) {
  20623. goto done;
  20624. }
  20625. #endif /* HAVE_ECC384 */
  20626. #if (defined(HAVE_ECC512) || defined(HAVE_ALL_CURVES)) && ECC_MIN_KEY_SZ <= 512
  20627. ret = ecc_test_curve(&rng, 64);
  20628. if (ret < 0) {
  20629. goto done;
  20630. }
  20631. #endif /* HAVE_ECC512 */
  20632. #if (defined(HAVE_ECC521) || defined(HAVE_ALL_CURVES)) && ECC_MIN_KEY_SZ <= 521
  20633. ret = ecc_test_curve(&rng, 66);
  20634. if (ret < 0) {
  20635. goto done;
  20636. }
  20637. #endif /* HAVE_ECC521 */
  20638. #if defined(WOLFSSL_CUSTOM_CURVES)
  20639. ret = ecc_test_custom_curves(&rng);
  20640. if (ret != 0) {
  20641. goto done;
  20642. }
  20643. #endif
  20644. #if defined(HAVE_ECC_SIGN) && defined(WOLFSSL_ECDSA_SET_K)
  20645. ret = ecc_test_sign_vectors(&rng);
  20646. if (ret != 0) {
  20647. printf("ecc_test_sign_vectors failed! %d\n", ret);
  20648. goto done;
  20649. }
  20650. #endif
  20651. #ifdef HAVE_ECC_CDH
  20652. ret = ecc_test_cdh_vectors(&rng);
  20653. if (ret != 0) {
  20654. printf("ecc_test_cdh_vectors failed! %d\n", ret);
  20655. goto done;
  20656. }
  20657. #endif
  20658. #if !defined(WOLFSSL_ATECC508A) && !defined(WOLFSSL_ATECC608A) && \
  20659. !defined(WOLFSSL_STM32_PKA) && !defined(WOLFSSL_SILABS_SE_ACCEL)
  20660. ret = ecc_test_make_pub(&rng);
  20661. if (ret != 0) {
  20662. printf("ecc_test_make_pub failed!: %d\n", ret);
  20663. goto done;
  20664. }
  20665. #elif defined(HAVE_ECC_KEY_IMPORT)
  20666. (void) ecc_test_make_pub;/* for compiler warning */
  20667. #endif
  20668. #ifdef WOLFSSL_CERT_GEN
  20669. ret = ecc_test_cert_gen(&rng);
  20670. if (ret != 0) {
  20671. printf("ecc_test_cert_gen failed!: %d\n", ret);
  20672. goto done;
  20673. }
  20674. #endif
  20675. #if !defined(HAVE_FIPS) && !defined(HAVE_SELFTEST) && !defined(WOLFSSL_NO_MALLOC)
  20676. ret = ecc_test_allocator(&rng);
  20677. if (ret != 0) {
  20678. printf("ecc_test_allocator failed!: %d\n", ret);
  20679. goto done;
  20680. }
  20681. #endif
  20682. #if defined(WC_ECC_NONBLOCK) && defined(WOLFSSL_PUBLIC_MP) && \
  20683. defined(HAVE_ECC_SIGN) && defined(HAVE_ECC_VERIFY)
  20684. ret = ecc_test_nonblock(&rng);
  20685. if (ret != 0) {
  20686. printf("ecc_test_nonblock failed!: %d\n", ret);
  20687. goto done;
  20688. }
  20689. #endif
  20690. done:
  20691. wc_FreeRng(&rng);
  20692. return ret;
  20693. }
  20694. #if defined(HAVE_ECC_ENCRYPT) && defined(WOLFSSL_AES_128)
  20695. WOLFSSL_TEST_SUBROUTINE int ecc_encrypt_test(void)
  20696. {
  20697. WC_RNG rng;
  20698. int ret = 0;
  20699. #ifdef WOLFSSL_SMALL_STACK
  20700. ecc_key *userA = (ecc_key *)XMALLOC(sizeof *userA, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER),
  20701. *userB = (ecc_key *)XMALLOC(sizeof *userB, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  20702. #else
  20703. ecc_key userA[1], userB[1];
  20704. #endif
  20705. byte msg[48];
  20706. byte plain[48];
  20707. byte out[80];
  20708. word32 outSz = sizeof(out);
  20709. word32 plainSz = sizeof(plain);
  20710. int i;
  20711. ecEncCtx* cliCtx = NULL;
  20712. ecEncCtx* srvCtx = NULL;
  20713. byte cliSalt[EXCHANGE_SALT_SZ];
  20714. byte srvSalt[EXCHANGE_SALT_SZ];
  20715. const byte* tmpSalt;
  20716. byte msg2[48];
  20717. byte plain2[48];
  20718. byte out2[80];
  20719. word32 outSz2 = sizeof(out2);
  20720. word32 plainSz2 = sizeof(plain2);
  20721. #ifndef HAVE_FIPS
  20722. ret = wc_InitRng_ex(&rng, HEAP_HINT, devId);
  20723. #else
  20724. ret = wc_InitRng(&rng);
  20725. #endif
  20726. if (ret != 0)
  20727. return -10400;
  20728. #ifdef WOLFSSL_SMALL_STACK
  20729. if ((userA == NULL) ||
  20730. (userB == NULL))
  20731. ERROR_OUT(MEMORY_E, done);
  20732. #endif
  20733. XMEMSET(userA, 0, sizeof *userA);
  20734. XMEMSET(userB, 0, sizeof *userB);
  20735. ret = wc_ecc_init_ex(userA, HEAP_HINT, devId);
  20736. if (ret != 0)
  20737. goto done;
  20738. ret = wc_ecc_init_ex(userB, HEAP_HINT, devId);
  20739. if (ret != 0)
  20740. goto done;
  20741. ret = wc_ecc_make_key(&rng, ECC_KEYGEN_SIZE, userA);
  20742. #if defined(WOLFSSL_ASYNC_CRYPT)
  20743. ret = wc_AsyncWait(ret, &userA->asyncDev, WC_ASYNC_FLAG_NONE);
  20744. #endif
  20745. if (ret != 0){
  20746. ret = -10401; goto done;
  20747. }
  20748. ret = wc_ecc_make_key(&rng, ECC_KEYGEN_SIZE, userB);
  20749. #if defined(WOLFSSL_ASYNC_CRYPT)
  20750. ret = wc_AsyncWait(ret, &userB->asyncDev, WC_ASYNC_FLAG_NONE);
  20751. #endif
  20752. if (ret != 0){
  20753. ret = -10402; goto done;
  20754. }
  20755. /* set message to incrementing 0,1,2,etc... */
  20756. for (i = 0; i < (int)sizeof(msg); i++)
  20757. msg[i] = i;
  20758. #if defined(ECC_TIMING_RESISTANT) && (!defined(HAVE_FIPS) || \
  20759. (!defined(HAVE_FIPS_VERSION) || (HAVE_FIPS_VERSION != 2))) && \
  20760. !defined(HAVE_SELFTEST)
  20761. ret = wc_ecc_set_rng(userA, &rng);
  20762. if (ret != 0) {
  20763. ret = -10403; goto done;
  20764. }
  20765. ret = wc_ecc_set_rng(userB, &rng);
  20766. if (ret != 0) {
  20767. ret = -10404; goto done;
  20768. }
  20769. #endif
  20770. /* encrypt msg to B */
  20771. ret = wc_ecc_encrypt(userA, userB, msg, sizeof(msg), out, &outSz, NULL);
  20772. if (ret != 0) {
  20773. ret = -10405; goto done;
  20774. }
  20775. /* decrypt msg from A */
  20776. ret = wc_ecc_decrypt(userB, userA, out, outSz, plain, &plainSz, NULL);
  20777. if (ret != 0) {
  20778. ret = -10406; goto done;
  20779. }
  20780. if (XMEMCMP(plain, msg, sizeof(msg)) != 0) {
  20781. ret = -10407; goto done;
  20782. }
  20783. /* let's verify message exchange works, A is client, B is server */
  20784. cliCtx = wc_ecc_ctx_new(REQ_RESP_CLIENT, &rng);
  20785. srvCtx = wc_ecc_ctx_new(REQ_RESP_SERVER, &rng);
  20786. if (cliCtx == NULL || srvCtx == NULL) {
  20787. ret = -10408; goto done;
  20788. }
  20789. /* get salt to send to peer */
  20790. tmpSalt = wc_ecc_ctx_get_own_salt(cliCtx);
  20791. if (tmpSalt == NULL) {
  20792. ret = -10409; goto done;
  20793. }
  20794. XMEMCPY(cliSalt, tmpSalt, EXCHANGE_SALT_SZ);
  20795. tmpSalt = wc_ecc_ctx_get_own_salt(srvCtx);
  20796. if (tmpSalt == NULL) {
  20797. ret = -10410; goto done;
  20798. }
  20799. XMEMCPY(srvSalt, tmpSalt, EXCHANGE_SALT_SZ);
  20800. /* in actual use, we'd get the peer's salt over the transport */
  20801. ret = wc_ecc_ctx_set_peer_salt(cliCtx, srvSalt);
  20802. if (ret != 0)
  20803. goto done;
  20804. ret = wc_ecc_ctx_set_peer_salt(srvCtx, cliSalt);
  20805. if (ret != 0)
  20806. goto done;
  20807. ret = wc_ecc_ctx_set_info(cliCtx, (byte*)"wolfSSL MSGE", 11);
  20808. if (ret != 0)
  20809. goto done;
  20810. ret = wc_ecc_ctx_set_info(srvCtx, (byte*)"wolfSSL MSGE", 11);
  20811. if (ret != 0)
  20812. goto done;
  20813. /* get encrypted msg (request) to send to B */
  20814. outSz = sizeof(out);
  20815. ret = wc_ecc_encrypt(userA, userB, msg, sizeof(msg), out, &outSz,cliCtx);
  20816. if (ret != 0)
  20817. goto done;
  20818. /* B decrypts msg (request) from A */
  20819. plainSz = sizeof(plain);
  20820. ret = wc_ecc_decrypt(userB, userA, out, outSz, plain, &plainSz, srvCtx);
  20821. if (ret != 0)
  20822. goto done;
  20823. if (XMEMCMP(plain, msg, sizeof(msg)) != 0) {
  20824. ret = -10411; goto done;
  20825. }
  20826. /* msg2 (response) from B to A */
  20827. for (i = 0; i < (int)sizeof(msg2); i++)
  20828. msg2[i] = i + sizeof(msg2);
  20829. /* get encrypted msg (response) to send to B */
  20830. ret = wc_ecc_encrypt(userB, userA, msg2, sizeof(msg2), out2,
  20831. &outSz2, srvCtx);
  20832. if (ret != 0)
  20833. goto done;
  20834. /* A decrypts msg (response) from B */
  20835. ret = wc_ecc_decrypt(userA, userB, out2, outSz2, plain2, &plainSz2,
  20836. cliCtx);
  20837. if (ret != 0)
  20838. goto done;
  20839. if (XMEMCMP(plain2, msg2, sizeof(msg2)) != 0) {
  20840. ret = -10412; goto done;
  20841. }
  20842. done:
  20843. /* cleanup */
  20844. wc_ecc_ctx_free(srvCtx);
  20845. wc_ecc_ctx_free(cliCtx);
  20846. #ifdef WOLFSSL_SMALL_STACK
  20847. if (userA != NULL) {
  20848. wc_ecc_free(userA);
  20849. XFREE(userA, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  20850. }
  20851. if (userB != NULL) {
  20852. wc_ecc_free(userB);
  20853. XFREE(userB, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  20854. }
  20855. #else
  20856. wc_ecc_free(userB);
  20857. wc_ecc_free(userA);
  20858. #endif
  20859. wc_FreeRng(&rng);
  20860. return ret;
  20861. }
  20862. #endif /* HAVE_ECC_ENCRYPT */
  20863. #if defined(USE_CERT_BUFFERS_256) && !defined(WOLFSSL_ATECC508A) && \
  20864. !defined(WOLFSSL_ATECC608A) && !defined(NO_ECC256) && \
  20865. defined(HAVE_ECC_VERIFY) && defined(HAVE_ECC_SIGN)
  20866. WOLFSSL_TEST_SUBROUTINE int ecc_test_buffers(void)
  20867. {
  20868. size_t bytes;
  20869. #ifdef WOLFSSL_SMALL_STACK
  20870. ecc_key *cliKey = (ecc_key *)XMALLOC(sizeof *cliKey, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  20871. ecc_key *servKey = (ecc_key *)XMALLOC(sizeof *servKey, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  20872. #else
  20873. ecc_key cliKey[1];
  20874. ecc_key servKey[1];
  20875. #endif
  20876. WC_RNG rng;
  20877. word32 idx = 0;
  20878. int ret;
  20879. /* pad our test message to 32 bytes so evenly divisible by AES_BLOCK_SZ */
  20880. byte in[] = "Everyone gets Friday off. ecc p";
  20881. word32 inLen = (word32)XSTRLEN((char*)in);
  20882. byte out[256];
  20883. byte plain[256];
  20884. int verify = 0;
  20885. word32 x;
  20886. #ifdef WOLFSSL_SMALL_STACK
  20887. if ((cliKey == NULL) || (servKey == NULL))
  20888. ERROR_OUT(MEMORY_E, done);
  20889. #endif
  20890. ret = wc_ecc_init_ex(cliKey, HEAP_HINT, devId);
  20891. if (ret != 0)
  20892. ERROR_OUT(-10420, done);
  20893. ret = wc_ecc_init_ex(servKey, HEAP_HINT, devId);
  20894. if (ret != 0)
  20895. ERROR_OUT(-10421, done);
  20896. bytes = (size_t)sizeof_ecc_clikey_der_256;
  20897. /* place client key into ecc_key struct cliKey */
  20898. ret = wc_EccPrivateKeyDecode(ecc_clikey_der_256, &idx, cliKey,
  20899. (word32)bytes);
  20900. if (ret != 0)
  20901. ERROR_OUT(-10422, done);
  20902. idx = 0;
  20903. bytes = (size_t)sizeof_ecc_key_der_256;
  20904. /* place server key into ecc_key struct servKey */
  20905. ret = wc_EccPrivateKeyDecode(ecc_key_der_256, &idx, servKey,
  20906. (word32)bytes);
  20907. if (ret != 0)
  20908. ERROR_OUT(-10423, done);
  20909. #ifndef WC_NO_RNG
  20910. #ifndef HAVE_FIPS
  20911. ret = wc_InitRng_ex(&rng, HEAP_HINT, devId);
  20912. #else
  20913. ret = wc_InitRng(&rng);
  20914. #endif
  20915. if (ret != 0)
  20916. ERROR_OUT(-10424, done);
  20917. #if defined(ECC_TIMING_RESISTANT) && (!defined(HAVE_FIPS) || \
  20918. (!defined(HAVE_FIPS_VERSION) || (HAVE_FIPS_VERSION != 2))) && \
  20919. !defined(HAVE_SELFTEST)
  20920. ret = wc_ecc_set_rng(cliKey, &rng);
  20921. if (ret != 0) {
  20922. ERROR_OUT(-10425, done);
  20923. }
  20924. #endif
  20925. #endif /* !WC_NO_RNG */
  20926. #if defined(HAVE_ECC_ENCRYPT) && defined(HAVE_HKDF)
  20927. {
  20928. word32 y;
  20929. /* test encrypt and decrypt if they're available */
  20930. x = sizeof(out);
  20931. ret = wc_ecc_encrypt(cliKey, servKey, in, sizeof(in), out, &x, NULL);
  20932. if (ret < 0)
  20933. ERROR_OUT(-10426, done);
  20934. y = sizeof(plain);
  20935. ret = wc_ecc_decrypt(cliKey, servKey, out, x, plain, &y, NULL);
  20936. if (ret < 0)
  20937. ERROR_OUT(-10427, done);
  20938. if (XMEMCMP(plain, in, inLen))
  20939. ERROR_OUT(-10428, done);
  20940. }
  20941. #endif
  20942. x = sizeof(out);
  20943. do {
  20944. #if defined(WOLFSSL_ASYNC_CRYPT)
  20945. ret = wc_AsyncWait(ret, cliKey.asyncDev, WC_ASYNC_FLAG_CALL_AGAIN);
  20946. #endif
  20947. if (ret == 0)
  20948. ret = wc_ecc_sign_hash(in, inLen, out, &x, &rng, cliKey);
  20949. } while (ret == WC_PENDING_E);
  20950. if (ret < 0)
  20951. ERROR_OUT(-10429, done);
  20952. TEST_SLEEP();
  20953. XMEMSET(plain, 0, sizeof(plain));
  20954. do {
  20955. #if defined(WOLFSSL_ASYNC_CRYPT)
  20956. ret = wc_AsyncWait(ret, cliKey.asyncDev, WC_ASYNC_FLAG_CALL_AGAIN);
  20957. #endif
  20958. if (ret == 0)
  20959. ret = wc_ecc_verify_hash(out, x, in, inLen, &verify,
  20960. cliKey);
  20961. } while (ret == WC_PENDING_E);
  20962. if (ret < 0)
  20963. ERROR_OUT(-10430, done);
  20964. if (verify != 1)
  20965. ERROR_OUT(-10431, done);
  20966. TEST_SLEEP();
  20967. #ifdef WOLFSSL_CERT_EXT
  20968. idx = 0;
  20969. bytes = sizeof_ecc_clikeypub_der_256;
  20970. ret = wc_EccPublicKeyDecode(ecc_clikeypub_der_256, &idx, cliKey,
  20971. (word32) bytes);
  20972. if (ret != 0)
  20973. ERROR_OUT(-10432, done);
  20974. #endif
  20975. ret = 0;
  20976. done:
  20977. #ifdef WOLFSSL_SMALL_STACK
  20978. if (cliKey != NULL) {
  20979. wc_ecc_free(cliKey);
  20980. XFREE(cliKey, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  20981. }
  20982. if (servKey != NULL) {
  20983. wc_ecc_free(servKey);
  20984. XFREE(servKey, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  20985. }
  20986. #else
  20987. wc_ecc_free(cliKey);
  20988. wc_ecc_free(servKey);
  20989. #endif
  20990. wc_FreeRng(&rng);
  20991. return ret;
  20992. }
  20993. #endif /* USE_CERT_BUFFERS_256 && !WOLFSSL_ATECCX08A && !NO_ECC256 */
  20994. #endif /* HAVE_ECC */
  20995. #ifdef HAVE_CURVE25519
  20996. #if defined(HAVE_CURVE25519_SHARED_SECRET) && \
  20997. defined(HAVE_CURVE25519_KEY_IMPORT)
  20998. #ifdef CURVE25519_OVERFLOW_ALL_TESTS
  20999. #define X25519_TEST_CNT 5
  21000. #else
  21001. #define X25519_TEST_CNT 1
  21002. #endif
  21003. static int curve25519_overflow_test(void)
  21004. {
  21005. /* secret key for party a */
  21006. byte sa[X25519_TEST_CNT][32] = {
  21007. {
  21008. 0x8d,0xaf,0x6e,0x7a,0xc1,0xeb,0x8d,0x30,
  21009. 0x99,0x86,0xd3,0x90,0x47,0x96,0x21,0x3c,
  21010. 0x3a,0x75,0xc0,0x7b,0x75,0x01,0x75,0xa3,
  21011. 0x81,0x4b,0xff,0x5a,0xbc,0x96,0x87,0x28
  21012. },
  21013. #ifdef CURVE25519_OVERFLOW_ALL_TESTS
  21014. {
  21015. 0x9d,0x63,0x5f,0xce,0xe2,0xe8,0xd7,0xfb,
  21016. 0x68,0x77,0x0e,0x44,0xd1,0xad,0x87,0x2b,
  21017. 0xf4,0x65,0x06,0xb7,0xbb,0xdb,0xbe,0x6e,
  21018. 0x02,0x43,0x24,0xc7,0x3d,0x7b,0x88,0x60
  21019. },
  21020. {
  21021. 0x63,0xbf,0x76,0xa9,0x73,0xa0,0x09,0xb9,
  21022. 0xcc,0xc9,0x4d,0x47,0x2d,0x14,0x0e,0x52,
  21023. 0xa3,0x84,0x55,0xb8,0x7c,0xdb,0xce,0xb1,
  21024. 0xe4,0x5b,0x8a,0xb9,0x30,0xf1,0xa4,0xa0
  21025. },
  21026. {
  21027. 0x63,0xbf,0x76,0xa9,0x73,0xa0,0x09,0xb9,
  21028. 0xcc,0xc9,0x4d,0x47,0x2d,0x14,0x0e,0x52,
  21029. 0xa3,0x84,0x55,0xb8,0x7c,0xdb,0xce,0xb1,
  21030. 0xe4,0x5b,0x8a,0xb9,0x30,0xf1,0xa4,0xa0
  21031. },
  21032. {
  21033. 0x63,0xbf,0x76,0xa9,0x73,0xa0,0x09,0xb9,
  21034. 0xcc,0xc9,0x4d,0x47,0x2d,0x14,0x0e,0x52,
  21035. 0xa3,0x84,0x55,0xb8,0x7c,0xdb,0xce,0xb1,
  21036. 0xe4,0x5b,0x8a,0xb9,0x30,0xf1,0xa4,0xa0
  21037. }
  21038. #endif
  21039. };
  21040. /* public key for party b */
  21041. byte pb[X25519_TEST_CNT][32] = {
  21042. {
  21043. 0x7f,0xff,0xff,0xff,0xff,0xff,0xff,0xff,
  21044. 0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,
  21045. 0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,
  21046. 0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xf0
  21047. },
  21048. #ifdef CURVE25519_OVERFLOW_ALL_TESTS
  21049. {
  21050. /* 0xff first byte in original - invalid! */
  21051. 0x7f,0xff,0xff,0xff,0xff,0xff,0xff,0xff,
  21052. 0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,
  21053. 0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff,
  21054. 0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xf0
  21055. },
  21056. {
  21057. 0x36,0x1a,0x74,0x87,0x28,0x59,0xe0,0xb6,
  21058. 0xe4,0x2b,0x17,0x9b,0x16,0xb0,0x3b,0xf8,
  21059. 0xb8,0x9f,0x2a,0x8f,0xc5,0x33,0x68,0x4f,
  21060. 0xde,0x4d,0xd8,0x80,0x63,0xe7,0xb4,0x0a
  21061. },
  21062. {
  21063. 0x00,0x80,0x38,0x59,0x19,0x3a,0x66,0x12,
  21064. 0xfd,0xa1,0xec,0x1c,0x40,0x84,0x40,0xbd,
  21065. 0x64,0x10,0x8b,0x53,0x81,0x21,0x03,0x2d,
  21066. 0x7d,0x33,0xb4,0x01,0x57,0x0d,0xe1,0x89
  21067. },
  21068. {
  21069. 0x1d,0xf8,0xf8,0x33,0x89,0x6c,0xb7,0xba,
  21070. 0x94,0x73,0xfa,0xc2,0x36,0xac,0xbe,0x49,
  21071. 0xaf,0x85,0x3e,0x93,0x5f,0xae,0xb2,0xc0,
  21072. 0xc8,0x80,0x8f,0x4a,0xaa,0xd3,0x55,0x2b
  21073. }
  21074. #endif
  21075. };
  21076. /* expected shared key */
  21077. byte ss[X25519_TEST_CNT][32] = {
  21078. {
  21079. 0x5c,0x4c,0x85,0x5f,0xfb,0x20,0x38,0xcc,
  21080. 0x55,0x16,0x5b,0x8a,0xa7,0xed,0x57,0x6e,
  21081. 0x35,0xaa,0x71,0x67,0x85,0x1f,0xb6,0x28,
  21082. 0x17,0x07,0x7b,0xda,0x76,0xdd,0xe0,0xb4
  21083. },
  21084. #ifdef CURVE25519_OVERFLOW_ALL_TESTS
  21085. {
  21086. 0x33,0xf6,0xc1,0x34,0x62,0x92,0x06,0x02,
  21087. 0x95,0xdb,0x91,0x4c,0x5d,0x52,0x54,0xc7,
  21088. 0xd2,0x5b,0x24,0xb5,0x4f,0x33,0x59,0x79,
  21089. 0x9f,0x6d,0x7e,0x4a,0x4c,0x30,0xd6,0x38
  21090. },
  21091. {
  21092. 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
  21093. 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
  21094. 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
  21095. 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x02
  21096. },
  21097. {
  21098. 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
  21099. 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
  21100. 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
  21101. 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x09
  21102. },
  21103. {
  21104. 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
  21105. 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
  21106. 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
  21107. 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x10
  21108. }
  21109. #endif
  21110. };
  21111. int i;
  21112. word32 y;
  21113. byte shared[32];
  21114. curve25519_key userA;
  21115. wc_curve25519_init(&userA);
  21116. for (i = 0; i < X25519_TEST_CNT; i++) {
  21117. if (wc_curve25519_import_private_raw(sa[i], sizeof(sa[i]), pb[i],
  21118. sizeof(pb[i]), &userA) != 0)
  21119. return -10500 - i;
  21120. /* test against known test vector */
  21121. XMEMSET(shared, 0, sizeof(shared));
  21122. y = sizeof(shared);
  21123. if (wc_curve25519_shared_secret(&userA, &userA, shared, &y) != 0)
  21124. return -10510 - i;
  21125. if (XMEMCMP(ss[i], shared, y))
  21126. return -10520 - i;
  21127. }
  21128. return 0;
  21129. }
  21130. /* Test the wc_curve25519_check_public API.
  21131. *
  21132. * returns 0 on success and -ve on failure.
  21133. */
  21134. static int curve25519_check_public_test(void)
  21135. {
  21136. /* Little-endian values that will fail */
  21137. byte fail_le[][CURVE25519_KEYSIZE] = {
  21138. {
  21139. 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
  21140. 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
  21141. 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
  21142. 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00
  21143. },
  21144. {
  21145. 0x01,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
  21146. 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
  21147. 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
  21148. 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00
  21149. },
  21150. {
  21151. 0x01,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
  21152. 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
  21153. 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
  21154. 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x81
  21155. },
  21156. };
  21157. /* Big-endian values that will fail */
  21158. byte fail_be[][CURVE25519_KEYSIZE] = {
  21159. {
  21160. 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
  21161. 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
  21162. 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
  21163. 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00
  21164. },
  21165. {
  21166. 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
  21167. 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
  21168. 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
  21169. 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x01
  21170. },
  21171. {
  21172. 0x81,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
  21173. 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
  21174. 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
  21175. 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x01
  21176. },
  21177. };
  21178. /* Good or valid public value */
  21179. byte good[CURVE25519_KEYSIZE] = {
  21180. 0x01,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
  21181. 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
  21182. 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
  21183. 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x01
  21184. };
  21185. int i;
  21186. /* Parameter checks */
  21187. /* NULL pointer */
  21188. if (wc_curve25519_check_public(NULL, 0, EC25519_LITTLE_ENDIAN) !=
  21189. BAD_FUNC_ARG) {
  21190. return -10600;
  21191. }
  21192. if (wc_curve25519_check_public(NULL, 0, EC25519_BIG_ENDIAN) !=
  21193. BAD_FUNC_ARG) {
  21194. return -10601;
  21195. }
  21196. /* Length of 0 treated differently to other invalid lengths for TLS */
  21197. if (wc_curve25519_check_public(good, 0, EC25519_LITTLE_ENDIAN) != BUFFER_E)
  21198. return -10602;
  21199. if (wc_curve25519_check_public(good, 0, EC25519_BIG_ENDIAN) != BUFFER_E)
  21200. return -10603;
  21201. /* Length not CURVE25519_KEYSIZE */
  21202. for (i = 1; i < CURVE25519_KEYSIZE + 2; i++) {
  21203. if (i == CURVE25519_KEYSIZE)
  21204. continue;
  21205. if (wc_curve25519_check_public(good, i, EC25519_LITTLE_ENDIAN) !=
  21206. ECC_BAD_ARG_E) {
  21207. return -10604 - i;
  21208. }
  21209. if (wc_curve25519_check_public(good, i, EC25519_BIG_ENDIAN) !=
  21210. ECC_BAD_ARG_E) {
  21211. return -10614 - i;
  21212. }
  21213. }
  21214. /* Little-endian fail cases */
  21215. for (i = 0; i < (int)(sizeof(fail_le) / sizeof(*fail_le)); i++) {
  21216. if (wc_curve25519_check_public(fail_le[i], CURVE25519_KEYSIZE,
  21217. EC25519_LITTLE_ENDIAN) == 0) {
  21218. return -10624 - i;
  21219. }
  21220. }
  21221. /* Big-endian fail cases */
  21222. for (i = 0; i < (int)(sizeof(fail_be) / sizeof(*fail_be)); i++) {
  21223. if (wc_curve25519_check_public(fail_be[i], CURVE25519_KEYSIZE,
  21224. EC25519_BIG_ENDIAN) == 0) {
  21225. return -10634 - i;
  21226. }
  21227. }
  21228. /* Check a valid public value works! */
  21229. if (wc_curve25519_check_public(good, CURVE25519_KEYSIZE,
  21230. EC25519_LITTLE_ENDIAN) != 0) {
  21231. return -10644;
  21232. }
  21233. if (wc_curve25519_check_public(good, CURVE25519_KEYSIZE,
  21234. EC25519_BIG_ENDIAN) != 0) {
  21235. return -10645;
  21236. }
  21237. return 0;
  21238. }
  21239. #endif /* HAVE_CURVE25519_SHARED_SECRET && HAVE_CURVE25519_KEY_IMPORT */
  21240. WOLFSSL_TEST_SUBROUTINE int curve25519_test(void)
  21241. {
  21242. WC_RNG rng;
  21243. int ret;
  21244. #ifdef HAVE_CURVE25519_SHARED_SECRET
  21245. byte sharedA[32];
  21246. byte sharedB[32];
  21247. word32 y;
  21248. #endif
  21249. #ifdef HAVE_CURVE25519_KEY_EXPORT
  21250. byte exportBuf[32];
  21251. #endif
  21252. word32 x = 0;
  21253. curve25519_key userA, userB, pubKey;
  21254. #if defined(HAVE_CURVE25519_SHARED_SECRET) && \
  21255. defined(HAVE_CURVE25519_KEY_IMPORT)
  21256. /* test vectors from
  21257. https://tools.ietf.org/html/draft-josefsson-tls-curve25519-03
  21258. */
  21259. /* secret key for party a */
  21260. byte sa[] = {
  21261. 0x5A,0xC9,0x9F,0x33,0x63,0x2E,0x5A,0x76,
  21262. 0x8D,0xE7,0xE8,0x1B,0xF8,0x54,0xC2,0x7C,
  21263. 0x46,0xE3,0xFB,0xF2,0xAB,0xBA,0xCD,0x29,
  21264. 0xEC,0x4A,0xFF,0x51,0x73,0x69,0xC6,0x60
  21265. };
  21266. /* public key for party a */
  21267. byte pa[] = {
  21268. 0x05,0x7E,0x23,0xEA,0x9F,0x1C,0xBE,0x8A,
  21269. 0x27,0x16,0x8F,0x6E,0x69,0x6A,0x79,0x1D,
  21270. 0xE6,0x1D,0xD3,0xAF,0x7A,0xCD,0x4E,0xEA,
  21271. 0xCC,0x6E,0x7B,0xA5,0x14,0xFD,0xA8,0x63
  21272. };
  21273. /* secret key for party b */
  21274. byte sb[] = {
  21275. 0x47,0xDC,0x3D,0x21,0x41,0x74,0x82,0x0E,
  21276. 0x11,0x54,0xB4,0x9B,0xC6,0xCD,0xB2,0xAB,
  21277. 0xD4,0x5E,0xE9,0x58,0x17,0x05,0x5D,0x25,
  21278. 0x5A,0xA3,0x58,0x31,0xB7,0x0D,0x32,0x60
  21279. };
  21280. /* public key for party b */
  21281. byte pb[] = {
  21282. 0x6E,0xB8,0x9D,0xA9,0x19,0x89,0xAE,0x37,
  21283. 0xC7,0xEA,0xC7,0x61,0x8D,0x9E,0x5C,0x49,
  21284. 0x51,0xDB,0xA1,0xD7,0x3C,0x28,0x5A,0xE1,
  21285. 0xCD,0x26,0xA8,0x55,0x02,0x0E,0xEF,0x04
  21286. };
  21287. /* expected shared key */
  21288. byte ss[] = {
  21289. 0x61,0x45,0x0C,0xD9,0x8E,0x36,0x01,0x6B,
  21290. 0x58,0x77,0x6A,0x89,0x7A,0x9F,0x0A,0xEF,
  21291. 0x73,0x8B,0x99,0xF0,0x94,0x68,0xB8,0xD6,
  21292. 0xB8,0x51,0x11,0x84,0xD5,0x34,0x94,0xAB
  21293. };
  21294. #endif /* HAVE_CURVE25519_SHARED_SECRET */
  21295. (void)x;
  21296. #ifndef HAVE_FIPS
  21297. ret = wc_InitRng_ex(&rng, HEAP_HINT, devId);
  21298. #else
  21299. ret = wc_InitRng(&rng);
  21300. #endif
  21301. if (ret != 0)
  21302. return -10700;
  21303. wc_curve25519_init(&userA);
  21304. wc_curve25519_init(&userB);
  21305. wc_curve25519_init(&pubKey);
  21306. /* make curve25519 keys */
  21307. if (wc_curve25519_make_key(&rng, 32, &userA) != 0)
  21308. return -10701;
  21309. if (wc_curve25519_make_key(&rng, 32, &userB) != 0)
  21310. return -10702;
  21311. #ifdef HAVE_CURVE25519_SHARED_SECRET
  21312. /* find shared secret key */
  21313. x = sizeof(sharedA);
  21314. if (wc_curve25519_shared_secret(&userA, &userB, sharedA, &x) != 0)
  21315. return -10703;
  21316. y = sizeof(sharedB);
  21317. if (wc_curve25519_shared_secret(&userB, &userA, sharedB, &y) != 0)
  21318. return -10704;
  21319. /* compare shared secret keys to test they are the same */
  21320. if (y != x)
  21321. return -10705;
  21322. if (XMEMCMP(sharedA, sharedB, x))
  21323. return -10706;
  21324. #endif
  21325. #ifdef HAVE_CURVE25519_KEY_EXPORT
  21326. /* export a public key and import it for another user */
  21327. x = sizeof(exportBuf);
  21328. if (wc_curve25519_export_public(&userA, exportBuf, &x) != 0)
  21329. return -10707;
  21330. #ifdef HAVE_CURVE25519_KEY_IMPORT
  21331. if (wc_curve25519_import_public(exportBuf, x, &pubKey) != 0)
  21332. return -10708;
  21333. #endif
  21334. #endif
  21335. #if defined(HAVE_CURVE25519_SHARED_SECRET) && \
  21336. defined(HAVE_CURVE25519_KEY_IMPORT)
  21337. /* test shared key after importing a public key */
  21338. XMEMSET(sharedB, 0, sizeof(sharedB));
  21339. y = sizeof(sharedB);
  21340. if (wc_curve25519_shared_secret(&userB, &pubKey, sharedB, &y) != 0)
  21341. return -10709;
  21342. if (XMEMCMP(sharedA, sharedB, y))
  21343. return -10710;
  21344. /* import RFC test vectors and compare shared key */
  21345. if (wc_curve25519_import_private_raw(sa, sizeof(sa), pa, sizeof(pa), &userA)
  21346. != 0)
  21347. return -10711;
  21348. if (wc_curve25519_import_private_raw(sb, sizeof(sb), pb, sizeof(pb), &userB)
  21349. != 0)
  21350. return -10712;
  21351. /* test against known test vector */
  21352. XMEMSET(sharedB, 0, sizeof(sharedB));
  21353. y = sizeof(sharedB);
  21354. if (wc_curve25519_shared_secret(&userA, &userB, sharedB, &y) != 0)
  21355. return -10713;
  21356. if (XMEMCMP(ss, sharedB, y))
  21357. return -10714;
  21358. /* test swapping roles of keys and generating same shared key */
  21359. XMEMSET(sharedB, 0, sizeof(sharedB));
  21360. y = sizeof(sharedB);
  21361. if (wc_curve25519_shared_secret(&userB, &userA, sharedB, &y) != 0)
  21362. return -10715;
  21363. if (XMEMCMP(ss, sharedB, y))
  21364. return -10716;
  21365. /* test with 1 generated key and 1 from known test vector */
  21366. if (wc_curve25519_import_private_raw(sa, sizeof(sa), pa, sizeof(pa), &userA)
  21367. != 0)
  21368. return -10717;
  21369. if (wc_curve25519_make_key(&rng, 32, &userB) != 0)
  21370. return -10718;
  21371. x = sizeof(sharedA);
  21372. if (wc_curve25519_shared_secret(&userA, &userB, sharedA, &x) != 0)
  21373. return -10719;
  21374. y = sizeof(sharedB);
  21375. if (wc_curve25519_shared_secret(&userB, &userA, sharedB, &y) != 0)
  21376. return -10720;
  21377. /* compare shared secret keys to test they are the same */
  21378. if (y != x)
  21379. return -10721;
  21380. if (XMEMCMP(sharedA, sharedB, x))
  21381. return -10722;
  21382. ret = curve25519_overflow_test();
  21383. if (ret != 0)
  21384. return ret;
  21385. ret = curve25519_check_public_test();
  21386. if (ret != 0)
  21387. return ret;
  21388. #endif /* HAVE_CURVE25519_SHARED_SECRET && HAVE_CURVE25519_KEY_IMPORT */
  21389. /* clean up keys when done */
  21390. wc_curve25519_free(&pubKey);
  21391. wc_curve25519_free(&userB);
  21392. wc_curve25519_free(&userA);
  21393. wc_FreeRng(&rng);
  21394. return 0;
  21395. }
  21396. #endif /* HAVE_CURVE25519 */
  21397. #ifdef HAVE_ED25519
  21398. #ifdef WOLFSSL_TEST_CERT
  21399. static int ed25519_test_cert(void)
  21400. {
  21401. DecodedCert cert[2];
  21402. DecodedCert* serverCert = NULL;
  21403. DecodedCert* caCert = NULL;
  21404. #ifdef HAVE_ED25519_VERIFY
  21405. ed25519_key key;
  21406. ed25519_key* pubKey = NULL;
  21407. int verify;
  21408. #endif /* HAVE_ED25519_VERIFY */
  21409. int ret;
  21410. byte* tmp;
  21411. size_t bytes;
  21412. XFILE file;
  21413. tmp = (byte *)XMALLOC(FOURK_BUF, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  21414. if (tmp == NULL) {
  21415. ERROR_OUT(-10730, done);
  21416. }
  21417. #ifdef USE_CERT_BUFFERS_256
  21418. XMEMCPY(tmp, ca_ed25519_cert, sizeof_ca_ed25519_cert);
  21419. bytes = sizeof_ca_ed25519_cert;
  21420. #elif !defined(NO_FILESYSTEM)
  21421. file = XFOPEN(caEd25519Cert, "rb");
  21422. if (file == NULL) {
  21423. ERROR_OUT(-10731, done);
  21424. }
  21425. bytes = XFREAD(tmp, 1, FOURK_BUF, file);
  21426. XFCLOSE(file);
  21427. #else
  21428. /* No certificate to use. */
  21429. ERROR_OUT(-10732, done);
  21430. #endif
  21431. InitDecodedCert(&cert[0], tmp, (word32)bytes, 0);
  21432. caCert = &cert[0];
  21433. ret = ParseCert(caCert, CERT_TYPE, NO_VERIFY, NULL);
  21434. if (ret != 0) {
  21435. ERROR_OUT(-10733, done);
  21436. }
  21437. #ifdef USE_CERT_BUFFERS_256
  21438. XMEMCPY(tmp, server_ed25519_cert, sizeof_server_ed25519_cert);
  21439. bytes = sizeof_server_ed25519_cert;
  21440. #elif !defined(NO_FILESYSTEM)
  21441. file = XFOPEN(serverEd25519Cert, "rb");
  21442. if (file == NULL) {
  21443. ERROR_OUT(-10734, done);
  21444. }
  21445. bytes = XFREAD(tmp, 1, FOURK_BUF, file);
  21446. XFCLOSE(file);
  21447. #else
  21448. /* No certificate to use. */
  21449. ERROR_OUT(-10735, done);
  21450. #endif
  21451. InitDecodedCert(&cert[1], tmp, (word32)bytes, 0);
  21452. serverCert = &cert[1];
  21453. ret = ParseCert(serverCert, CERT_TYPE, NO_VERIFY, NULL);
  21454. if (ret != 0) {
  21455. ERROR_OUT(-10736, done);
  21456. }
  21457. #ifdef HAVE_ED25519_VERIFY
  21458. ret = wc_ed25519_init(&key);
  21459. if (ret < 0) {
  21460. ERROR_OUT(-10737, done);
  21461. }
  21462. pubKey = &key;
  21463. ret = wc_ed25519_import_public(caCert->publicKey, caCert->pubKeySize,
  21464. pubKey);
  21465. if (ret < 0) {
  21466. ERROR_OUT(-10738, done);
  21467. }
  21468. if (wc_ed25519_verify_msg(serverCert->signature, serverCert->sigLength,
  21469. serverCert->source + serverCert->certBegin,
  21470. serverCert->sigIndex - serverCert->certBegin,
  21471. &verify, pubKey) < 0 || verify != 1) {
  21472. ERROR_OUT(-10739, done);
  21473. }
  21474. #endif /* HAVE_ED25519_VERIFY */
  21475. done:
  21476. if (tmp != NULL)
  21477. XFREE(tmp, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  21478. #ifdef HAVE_ED25519_VERIFY
  21479. wc_ed25519_free(pubKey);
  21480. #endif /* HAVE_ED25519_VERIFY */
  21481. if (caCert != NULL)
  21482. FreeDecodedCert(caCert);
  21483. if (serverCert != NULL)
  21484. FreeDecodedCert(serverCert);
  21485. return ret;
  21486. }
  21487. static int ed25519_test_make_cert(void)
  21488. {
  21489. WC_RNG rng;
  21490. Cert cert;
  21491. DecodedCert decode;
  21492. ed25519_key key;
  21493. ed25519_key* privKey = NULL;
  21494. int ret = 0;
  21495. byte* tmp = NULL;
  21496. wc_InitCert(&cert);
  21497. #ifndef HAVE_FIPS
  21498. ret = wc_InitRng_ex(&rng, HEAP_HINT, devId);
  21499. #else
  21500. ret = wc_InitRng(&rng);
  21501. #endif
  21502. if (ret != 0)
  21503. return -10750;
  21504. wc_ed25519_init(&key);
  21505. privKey = &key;
  21506. wc_ed25519_make_key(&rng, ED25519_KEY_SIZE, privKey);
  21507. cert.daysValid = 365 * 2;
  21508. cert.selfSigned = 1;
  21509. XMEMCPY(&cert.issuer, &certDefaultName, sizeof(CertName));
  21510. XMEMCPY(&cert.subject, &certDefaultName, sizeof(CertName));
  21511. cert.isCA = 0;
  21512. #ifdef WOLFSSL_CERT_EXT
  21513. ret = wc_SetKeyUsage(&cert, certKeyUsage);
  21514. if (ret < 0) {
  21515. ERROR_OUT(-10751, done);
  21516. }
  21517. ret = wc_SetSubjectKeyIdFromPublicKey_ex(&cert, ED25519_TYPE, privKey);
  21518. if (ret < 0) {
  21519. ERROR_OUT(-10752, done);
  21520. }
  21521. ret = wc_SetAuthKeyIdFromPublicKey_ex(&cert, ED25519_TYPE, privKey);
  21522. if (ret < 0) {
  21523. ERROR_OUT(-10753, done);
  21524. }
  21525. #endif
  21526. tmp = (byte *)XMALLOC(FOURK_BUF, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  21527. if (tmp == NULL) {
  21528. ERROR_OUT(-10754, done);
  21529. }
  21530. cert.sigType = CTC_ED25519;
  21531. ret = wc_MakeCert_ex(&cert, tmp, FOURK_BUF, ED25519_TYPE, privKey, &rng);
  21532. if (ret < 0) {
  21533. ERROR_OUT(-10755, done);
  21534. }
  21535. ret = wc_SignCert_ex(cert.bodySz, cert.sigType, tmp, FOURK_BUF,
  21536. ED25519_TYPE, privKey, &rng);
  21537. if (ret < 0) {
  21538. ERROR_OUT(-10756, done);
  21539. }
  21540. InitDecodedCert(&decode, tmp, ret, HEAP_HINT);
  21541. ret = ParseCert(&decode, CERT_TYPE, NO_VERIFY, 0);
  21542. FreeDecodedCert(&decode);
  21543. if (ret != 0) {
  21544. ERROR_OUT(-10757, done);
  21545. }
  21546. done:
  21547. if (tmp != NULL)
  21548. XFREE(tmp, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  21549. wc_ed25519_free(privKey);
  21550. wc_FreeRng(&rng);
  21551. return ret;
  21552. }
  21553. #endif /* WOLFSSL_TEST_CERT */
  21554. #if defined(HAVE_ED25519_SIGN) && defined(HAVE_ED25519_KEY_EXPORT) && \
  21555. defined(HAVE_ED25519_KEY_IMPORT)
  21556. static int ed25519ctx_test(void)
  21557. {
  21558. byte out[ED25519_SIG_SIZE];
  21559. word32 outlen;
  21560. #ifdef HAVE_ED25519_VERIFY
  21561. int verify;
  21562. #endif /* HAVE_ED25519_VERIFY */
  21563. ed25519_key key;
  21564. WOLFSSL_SMALL_STACK_STATIC const byte sKeyCtx[] = {
  21565. 0x03,0x05,0x33,0x4e,0x38,0x1a,0xf7,0x8f,
  21566. 0x14,0x1c,0xb6,0x66,0xf6,0x19,0x9f,0x57,
  21567. 0xbc,0x34,0x95,0x33,0x5a,0x25,0x6a,0x95,
  21568. 0xbd,0x2a,0x55,0xbf,0x54,0x66,0x63,0xf6
  21569. };
  21570. WOLFSSL_SMALL_STACK_STATIC const byte pKeyCtx[] = {
  21571. 0xdf,0xc9,0x42,0x5e,0x4f,0x96,0x8f,0x7f,
  21572. 0x0c,0x29,0xf0,0x25,0x9c,0xf5,0xf9,0xae,
  21573. 0xd6,0x85,0x1c,0x2b,0xb4,0xad,0x8b,0xfb,
  21574. 0x86,0x0c,0xfe,0xe0,0xab,0x24,0x82,0x92
  21575. };
  21576. WOLFSSL_SMALL_STACK_STATIC const byte sigCtx1[] = {
  21577. 0x55,0xa4,0xcc,0x2f,0x70,0xa5,0x4e,0x04,
  21578. 0x28,0x8c,0x5f,0x4c,0xd1,0xe4,0x5a,0x7b,
  21579. 0xb5,0x20,0xb3,0x62,0x92,0x91,0x18,0x76,
  21580. 0xca,0xda,0x73,0x23,0x19,0x8d,0xd8,0x7a,
  21581. 0x8b,0x36,0x95,0x0b,0x95,0x13,0x00,0x22,
  21582. 0x90,0x7a,0x7f,0xb7,0xc4,0xe9,0xb2,0xd5,
  21583. 0xf6,0xcc,0xa6,0x85,0xa5,0x87,0xb4,0xb2,
  21584. 0x1f,0x4b,0x88,0x8e,0x4e,0x7e,0xdb,0x0d
  21585. };
  21586. WOLFSSL_SMALL_STACK_STATIC const byte sigCtx2[] = {
  21587. 0xcc,0x5e,0x63,0xa2,0x7e,0x94,0xaf,0xd3,
  21588. 0x41,0x83,0x38,0xd2,0x48,0x6f,0xa9,0x2a,
  21589. 0xf9,0x91,0x7c,0x2d,0x98,0x9e,0x06,0xe5,
  21590. 0x02,0x77,0x72,0x1c,0x34,0x38,0x18,0xb4,
  21591. 0x21,0x96,0xbc,0x29,0x2e,0x68,0xf3,0x4d,
  21592. 0x85,0x9b,0xbe,0xad,0x17,0x9f,0x54,0x54,
  21593. 0x2d,0x4b,0x04,0xdc,0xfb,0xfa,0x4a,0x68,
  21594. 0x4e,0x39,0x50,0xfb,0x1c,0xcd,0x8d,0x0d
  21595. };
  21596. WOLFSSL_SMALL_STACK_STATIC const byte msgCtx[] = {
  21597. 0xf7,0x26,0x93,0x6d,0x19,0xc8,0x00,0x49,
  21598. 0x4e,0x3f,0xda,0xff,0x20,0xb2,0x76,0xa8
  21599. };
  21600. WOLFSSL_SMALL_STACK_STATIC const byte contextCtx[] = {
  21601. 0x66,0x6f,0x6f
  21602. };
  21603. outlen = sizeof(out);
  21604. XMEMSET(out, 0, sizeof(out));
  21605. if (wc_ed25519_import_private_key(sKeyCtx, ED25519_KEY_SIZE, pKeyCtx,
  21606. sizeof(pKeyCtx), &key) != 0)
  21607. return -10800;
  21608. if (wc_ed25519ctx_sign_msg(msgCtx, sizeof(msgCtx), out, &outlen, &key,
  21609. contextCtx, sizeof(contextCtx)) != 0)
  21610. return -10801;
  21611. if (XMEMCMP(out, sigCtx1, 64))
  21612. return -10802;
  21613. #if defined(HAVE_ED25519_VERIFY)
  21614. /* test verify on good msg */
  21615. if (wc_ed25519ctx_verify_msg(out, outlen, msgCtx, sizeof(msgCtx), &verify,
  21616. &key, contextCtx, sizeof(contextCtx)) != 0 ||
  21617. verify != 1)
  21618. return -10803;
  21619. #endif
  21620. if (wc_ed25519ctx_sign_msg(msgCtx, sizeof(msgCtx), out, &outlen, &key, NULL,
  21621. 0) != 0)
  21622. return -10804;
  21623. if (XMEMCMP(out, sigCtx2, 64))
  21624. return -10805;
  21625. #if defined(HAVE_ED25519_VERIFY)
  21626. /* test verify on good msg */
  21627. if (wc_ed25519ctx_verify_msg(out, outlen, msgCtx, sizeof(msgCtx), &verify,
  21628. &key, NULL, 0) != 0 || verify != 1)
  21629. return -10806;
  21630. #endif
  21631. wc_ed25519_free(&key);
  21632. return 0;
  21633. }
  21634. static int ed25519ph_test(void)
  21635. {
  21636. byte out[ED25519_SIG_SIZE];
  21637. word32 outlen;
  21638. #ifdef HAVE_ED25519_VERIFY
  21639. int verify;
  21640. #endif /* HAVE_ED25519_VERIFY */
  21641. ed25519_key key;
  21642. WOLFSSL_SMALL_STACK_STATIC const byte sKeyPh[] = {
  21643. 0x83,0x3f,0xe6,0x24,0x09,0x23,0x7b,0x9d,
  21644. 0x62,0xec,0x77,0x58,0x75,0x20,0x91,0x1e,
  21645. 0x9a,0x75,0x9c,0xec,0x1d,0x19,0x75,0x5b,
  21646. 0x7d,0xa9,0x01,0xb9,0x6d,0xca,0x3d,0x42
  21647. };
  21648. WOLFSSL_SMALL_STACK_STATIC const byte pKeyPh[] = {
  21649. 0xec,0x17,0x2b,0x93,0xad,0x5e,0x56,0x3b,
  21650. 0xf4,0x93,0x2c,0x70,0xe1,0x24,0x50,0x34,
  21651. 0xc3,0x54,0x67,0xef,0x2e,0xfd,0x4d,0x64,
  21652. 0xeb,0xf8,0x19,0x68,0x34,0x67,0xe2,0xbf
  21653. };
  21654. WOLFSSL_SMALL_STACK_STATIC const byte sigPh1[] = {
  21655. 0x98,0xa7,0x02,0x22,0xf0,0xb8,0x12,0x1a,
  21656. 0xa9,0xd3,0x0f,0x81,0x3d,0x68,0x3f,0x80,
  21657. 0x9e,0x46,0x2b,0x46,0x9c,0x7f,0xf8,0x76,
  21658. 0x39,0x49,0x9b,0xb9,0x4e,0x6d,0xae,0x41,
  21659. 0x31,0xf8,0x50,0x42,0x46,0x3c,0x2a,0x35,
  21660. 0x5a,0x20,0x03,0xd0,0x62,0xad,0xf5,0xaa,
  21661. 0xa1,0x0b,0x8c,0x61,0xe6,0x36,0x06,0x2a,
  21662. 0xaa,0xd1,0x1c,0x2a,0x26,0x08,0x34,0x06
  21663. };
  21664. WOLFSSL_SMALL_STACK_STATIC const byte sigPh2[] = {
  21665. 0xe0,0x39,0x70,0x2b,0x4c,0x25,0x95,0xa6,
  21666. 0xa5,0x41,0xac,0x85,0x09,0x23,0x6e,0x29,
  21667. 0x90,0x47,0x47,0x95,0x33,0x0c,0x9b,0x34,
  21668. 0xa7,0x5f,0x58,0xa6,0x60,0x12,0x9e,0x08,
  21669. 0xfd,0x73,0x69,0x43,0xfb,0x19,0x43,0xa5,
  21670. 0x57,0x20,0xb9,0xe0,0x95,0x7b,0x1e,0xd6,
  21671. 0x73,0x48,0x16,0x61,0x9f,0x13,0x88,0xf4,
  21672. 0x3f,0x73,0xe6,0xe3,0xba,0xa8,0x1c,0x0e
  21673. };
  21674. WOLFSSL_SMALL_STACK_STATIC const byte msgPh[] = {
  21675. 0x61,0x62,0x63
  21676. };
  21677. /* SHA-512 hash of msgPh */
  21678. WOLFSSL_SMALL_STACK_STATIC const byte hashPh[] = {
  21679. 0xdd,0xaf,0x35,0xa1,0x93,0x61,0x7a,0xba,
  21680. 0xcc,0x41,0x73,0x49,0xae,0x20,0x41,0x31,
  21681. 0x12,0xe6,0xfa,0x4e,0x89,0xa9,0x7e,0xa2,
  21682. 0x0a,0x9e,0xee,0xe6,0x4b,0x55,0xd3,0x9a,
  21683. 0x21,0x92,0x99,0x2a,0x27,0x4f,0xc1,0xa8,
  21684. 0x36,0xba,0x3c,0x23,0xa3,0xfe,0xeb,0xbd,
  21685. 0x45,0x4d,0x44,0x23,0x64,0x3c,0xe8,0x0e,
  21686. 0x2a,0x9a,0xc9,0x4f,0xa5,0x4c,0xa4,0x9f
  21687. };
  21688. WOLFSSL_SMALL_STACK_STATIC const byte contextPh2[] = {
  21689. 0x66,0x6f,0x6f
  21690. };
  21691. outlen = sizeof(out);
  21692. XMEMSET(out, 0, sizeof(out));
  21693. if (wc_ed25519_import_private_key(sKeyPh, ED25519_KEY_SIZE, pKeyPh,
  21694. sizeof(pKeyPh), &key) != 0) {
  21695. return -10900;
  21696. }
  21697. if (wc_ed25519ph_sign_msg(msgPh, sizeof(msgPh), out, &outlen, &key, NULL,
  21698. 0) != 0) {
  21699. return -10901;
  21700. }
  21701. if (XMEMCMP(out, sigPh1, 64))
  21702. return -10902;
  21703. #if defined(HAVE_ED25519_VERIFY)
  21704. /* test verify on good msg */
  21705. if (wc_ed25519ph_verify_msg(out, outlen, msgPh, sizeof(msgPh), &verify,
  21706. &key, NULL, 0) != 0 ||
  21707. verify != 1) {
  21708. return -10903;
  21709. }
  21710. #endif
  21711. if (wc_ed25519ph_sign_msg(msgPh, sizeof(msgPh), out, &outlen, &key,
  21712. contextPh2, sizeof(contextPh2)) != 0) {
  21713. return -10904;
  21714. }
  21715. if (XMEMCMP(out, sigPh2, 64))
  21716. return -10905;
  21717. #if defined(HAVE_ED25519_VERIFY)
  21718. /* test verify on good msg */
  21719. if (wc_ed25519ph_verify_msg(out, outlen, msgPh, sizeof(msgPh), &verify,
  21720. &key, contextPh2, sizeof(contextPh2)) != 0 ||
  21721. verify != 1) {
  21722. return -10906;
  21723. }
  21724. #endif
  21725. if (wc_ed25519ph_sign_hash(hashPh, sizeof(hashPh), out, &outlen, &key, NULL,
  21726. 0) != 0) {
  21727. return -10907;
  21728. }
  21729. if (XMEMCMP(out, sigPh1, 64))
  21730. return -10908;
  21731. #if defined(HAVE_ED25519_VERIFY)
  21732. if (wc_ed25519ph_verify_hash(out, outlen, hashPh, sizeof(hashPh), &verify,
  21733. &key, NULL, 0) != 0 ||
  21734. verify != 1) {
  21735. return -10909;
  21736. }
  21737. #endif
  21738. if (wc_ed25519ph_sign_hash(hashPh, sizeof(hashPh), out, &outlen, &key,
  21739. contextPh2, sizeof(contextPh2)) != 0) {
  21740. return -10910;
  21741. }
  21742. if (XMEMCMP(out, sigPh2, 64))
  21743. return -10911;
  21744. #if defined(HAVE_ED25519_VERIFY)
  21745. if (wc_ed25519ph_verify_hash(out, outlen, hashPh, sizeof(hashPh), &verify,
  21746. &key, contextPh2, sizeof(contextPh2)) != 0 ||
  21747. verify != 1) {
  21748. return -10912;
  21749. }
  21750. #endif
  21751. wc_ed25519_free(&key);
  21752. return 0;
  21753. }
  21754. #endif /* HAVE_ED25519_SIGN && HAVE_ED25519_KEY_EXPORT && HAVE_ED25519_KEY_IMPORT */
  21755. WOLFSSL_TEST_SUBROUTINE int ed25519_test(void)
  21756. {
  21757. int ret;
  21758. WC_RNG rng;
  21759. #if defined(HAVE_ED25519_SIGN) && defined(HAVE_ED25519_KEY_EXPORT) &&\
  21760. defined(HAVE_ED25519_KEY_IMPORT)
  21761. byte out[ED25519_SIG_SIZE];
  21762. byte exportPKey[ED25519_KEY_SIZE];
  21763. byte exportSKey[ED25519_KEY_SIZE];
  21764. word32 exportPSz;
  21765. word32 exportSSz;
  21766. int i;
  21767. word32 outlen;
  21768. #ifdef HAVE_ED25519_VERIFY
  21769. int verify;
  21770. #endif /* HAVE_ED25519_VERIFY */
  21771. #endif /* HAVE_ED25519_SIGN && HAVE_ED25519_KEY_EXPORT && HAVE_ED25519_KEY_IMPORT */
  21772. word32 keySz, sigSz;
  21773. ed25519_key key;
  21774. ed25519_key key2;
  21775. #if defined(HAVE_ED25519_SIGN) && defined(HAVE_ED25519_KEY_EXPORT) && \
  21776. defined(HAVE_ED25519_KEY_IMPORT)
  21777. /* test vectors from
  21778. https://tools.ietf.org/html/draft-josefsson-eddsa-ed25519-02
  21779. */
  21780. WOLFSSL_SMALL_STACK_STATIC const byte sKey1[] = {
  21781. 0x9d,0x61,0xb1,0x9d,0xef,0xfd,0x5a,0x60,
  21782. 0xba,0x84,0x4a,0xf4,0x92,0xec,0x2c,0xc4,
  21783. 0x44,0x49,0xc5,0x69,0x7b,0x32,0x69,0x19,
  21784. 0x70,0x3b,0xac,0x03,0x1c,0xae,0x7f,0x60
  21785. };
  21786. WOLFSSL_SMALL_STACK_STATIC const byte sKey2[] = {
  21787. 0x4c,0xcd,0x08,0x9b,0x28,0xff,0x96,0xda,
  21788. 0x9d,0xb6,0xc3,0x46,0xec,0x11,0x4e,0x0f,
  21789. 0x5b,0x8a,0x31,0x9f,0x35,0xab,0xa6,0x24,
  21790. 0xda,0x8c,0xf6,0xed,0x4f,0xb8,0xa6,0xfb
  21791. };
  21792. WOLFSSL_SMALL_STACK_STATIC const byte sKey3[] = {
  21793. 0xc5,0xaa,0x8d,0xf4,0x3f,0x9f,0x83,0x7b,
  21794. 0xed,0xb7,0x44,0x2f,0x31,0xdc,0xb7,0xb1,
  21795. 0x66,0xd3,0x85,0x35,0x07,0x6f,0x09,0x4b,
  21796. 0x85,0xce,0x3a,0x2e,0x0b,0x44,0x58,0xf7
  21797. };
  21798. /* uncompressed test */
  21799. WOLFSSL_SMALL_STACK_STATIC const byte sKey4[] = {
  21800. 0x9d,0x61,0xb1,0x9d,0xef,0xfd,0x5a,0x60,
  21801. 0xba,0x84,0x4a,0xf4,0x92,0xec,0x2c,0xc4,
  21802. 0x44,0x49,0xc5,0x69,0x7b,0x32,0x69,0x19,
  21803. 0x70,0x3b,0xac,0x03,0x1c,0xae,0x7f,0x60
  21804. };
  21805. /* compressed prefix test */
  21806. WOLFSSL_SMALL_STACK_STATIC const byte sKey5[] = {
  21807. 0x9d,0x61,0xb1,0x9d,0xef,0xfd,0x5a,0x60,
  21808. 0xba,0x84,0x4a,0xf4,0x92,0xec,0x2c,0xc4,
  21809. 0x44,0x49,0xc5,0x69,0x7b,0x32,0x69,0x19,
  21810. 0x70,0x3b,0xac,0x03,0x1c,0xae,0x7f,0x60
  21811. };
  21812. WOLFSSL_SMALL_STACK_STATIC const byte sKey6[] = {
  21813. 0xf5,0xe5,0x76,0x7c,0xf1,0x53,0x31,0x95,
  21814. 0x17,0x63,0x0f,0x22,0x68,0x76,0xb8,0x6c,
  21815. 0x81,0x60,0xcc,0x58,0x3b,0xc0,0x13,0x74,
  21816. 0x4c,0x6b,0xf2,0x55,0xf5,0xcc,0x0e,0xe5
  21817. };
  21818. WOLFSSL_SMALL_STACK_STATIC const byte* sKeys[] = {sKey1, sKey2, sKey3, sKey4, sKey5, sKey6};
  21819. WOLFSSL_SMALL_STACK_STATIC const byte pKey1[] = {
  21820. 0xd7,0x5a,0x98,0x01,0x82,0xb1,0x0a,0xb7,
  21821. 0xd5,0x4b,0xfe,0xd3,0xc9,0x64,0x07,0x3a,
  21822. 0x0e,0xe1,0x72,0xf3,0xda,0xa6,0x23,0x25,
  21823. 0xaf,0x02,0x1a,0x68,0xf7,0x07,0x51,0x1a
  21824. };
  21825. WOLFSSL_SMALL_STACK_STATIC const byte pKey2[] = {
  21826. 0x3d,0x40,0x17,0xc3,0xe8,0x43,0x89,0x5a,
  21827. 0x92,0xb7,0x0a,0xa7,0x4d,0x1b,0x7e,0xbc,
  21828. 0x9c,0x98,0x2c,0xcf,0x2e,0xc4,0x96,0x8c,
  21829. 0xc0,0xcd,0x55,0xf1,0x2a,0xf4,0x66,0x0c
  21830. };
  21831. WOLFSSL_SMALL_STACK_STATIC const byte pKey3[] = {
  21832. 0xfc,0x51,0xcd,0x8e,0x62,0x18,0xa1,0xa3,
  21833. 0x8d,0xa4,0x7e,0xd0,0x02,0x30,0xf0,0x58,
  21834. 0x08,0x16,0xed,0x13,0xba,0x33,0x03,0xac,
  21835. 0x5d,0xeb,0x91,0x15,0x48,0x90,0x80,0x25
  21836. };
  21837. /* uncompressed test */
  21838. WOLFSSL_SMALL_STACK_STATIC const byte pKey4[] = {
  21839. 0x04,0x55,0xd0,0xe0,0x9a,0x2b,0x9d,0x34,
  21840. 0x29,0x22,0x97,0xe0,0x8d,0x60,0xd0,0xf6,
  21841. 0x20,0xc5,0x13,0xd4,0x72,0x53,0x18,0x7c,
  21842. 0x24,0xb1,0x27,0x86,0xbd,0x77,0x76,0x45,
  21843. 0xce,0x1a,0x51,0x07,0xf7,0x68,0x1a,0x02,
  21844. 0xaf,0x25,0x23,0xa6,0xda,0xf3,0x72,0xe1,
  21845. 0x0e,0x3a,0x07,0x64,0xc9,0xd3,0xfe,0x4b,
  21846. 0xd5,0xb7,0x0a,0xb1,0x82,0x01,0x98,0x5a,
  21847. 0xd7
  21848. };
  21849. /* compressed prefix */
  21850. WOLFSSL_SMALL_STACK_STATIC const byte pKey5[] = {
  21851. 0x40,0xd7,0x5a,0x98,0x01,0x82,0xb1,0x0a,0xb7,
  21852. 0xd5,0x4b,0xfe,0xd3,0xc9,0x64,0x07,0x3a,
  21853. 0x0e,0xe1,0x72,0xf3,0xda,0xa6,0x23,0x25,
  21854. 0xaf,0x02,0x1a,0x68,0xf7,0x07,0x51,0x1a
  21855. };
  21856. WOLFSSL_SMALL_STACK_STATIC const byte pKey6[] = {
  21857. 0x27,0x81,0x17,0xfc,0x14,0x4c,0x72,0x34,
  21858. 0x0f,0x67,0xd0,0xf2,0x31,0x6e,0x83,0x86,
  21859. 0xce,0xff,0xbf,0x2b,0x24,0x28,0xc9,0xc5,
  21860. 0x1f,0xef,0x7c,0x59,0x7f,0x1d,0x42,0x6e
  21861. };
  21862. WOLFSSL_SMALL_STACK_STATIC const byte* pKeys[] = {pKey1, pKey2, pKey3, pKey4, pKey5, pKey6};
  21863. WOLFSSL_SMALL_STACK_STATIC const byte pKeySz[] = {sizeof(pKey1), sizeof(pKey2), sizeof(pKey3),
  21864. sizeof(pKey4), sizeof(pKey5), sizeof(pKey6)};
  21865. WOLFSSL_SMALL_STACK_STATIC const byte sig1[] = {
  21866. 0xe5,0x56,0x43,0x00,0xc3,0x60,0xac,0x72,
  21867. 0x90,0x86,0xe2,0xcc,0x80,0x6e,0x82,0x8a,
  21868. 0x84,0x87,0x7f,0x1e,0xb8,0xe5,0xd9,0x74,
  21869. 0xd8,0x73,0xe0,0x65,0x22,0x49,0x01,0x55,
  21870. 0x5f,0xb8,0x82,0x15,0x90,0xa3,0x3b,0xac,
  21871. 0xc6,0x1e,0x39,0x70,0x1c,0xf9,0xb4,0x6b,
  21872. 0xd2,0x5b,0xf5,0xf0,0x59,0x5b,0xbe,0x24,
  21873. 0x65,0x51,0x41,0x43,0x8e,0x7a,0x10,0x0b
  21874. };
  21875. WOLFSSL_SMALL_STACK_STATIC const byte sig2[] = {
  21876. 0x92,0xa0,0x09,0xa9,0xf0,0xd4,0xca,0xb8,
  21877. 0x72,0x0e,0x82,0x0b,0x5f,0x64,0x25,0x40,
  21878. 0xa2,0xb2,0x7b,0x54,0x16,0x50,0x3f,0x8f,
  21879. 0xb3,0x76,0x22,0x23,0xeb,0xdb,0x69,0xda,
  21880. 0x08,0x5a,0xc1,0xe4,0x3e,0x15,0x99,0x6e,
  21881. 0x45,0x8f,0x36,0x13,0xd0,0xf1,0x1d,0x8c,
  21882. 0x38,0x7b,0x2e,0xae,0xb4,0x30,0x2a,0xee,
  21883. 0xb0,0x0d,0x29,0x16,0x12,0xbb,0x0c,0x00
  21884. };
  21885. WOLFSSL_SMALL_STACK_STATIC const byte sig3[] = {
  21886. 0x62,0x91,0xd6,0x57,0xde,0xec,0x24,0x02,
  21887. 0x48,0x27,0xe6,0x9c,0x3a,0xbe,0x01,0xa3,
  21888. 0x0c,0xe5,0x48,0xa2,0x84,0x74,0x3a,0x44,
  21889. 0x5e,0x36,0x80,0xd7,0xdb,0x5a,0xc3,0xac,
  21890. 0x18,0xff,0x9b,0x53,0x8d,0x16,0xf2,0x90,
  21891. 0xae,0x67,0xf7,0x60,0x98,0x4d,0xc6,0x59,
  21892. 0x4a,0x7c,0x15,0xe9,0x71,0x6e,0xd2,0x8d,
  21893. 0xc0,0x27,0xbe,0xce,0xea,0x1e,0xc4,0x0a
  21894. };
  21895. /* uncompressed test */
  21896. WOLFSSL_SMALL_STACK_STATIC const byte sig4[] = {
  21897. 0xe5,0x56,0x43,0x00,0xc3,0x60,0xac,0x72,
  21898. 0x90,0x86,0xe2,0xcc,0x80,0x6e,0x82,0x8a,
  21899. 0x84,0x87,0x7f,0x1e,0xb8,0xe5,0xd9,0x74,
  21900. 0xd8,0x73,0xe0,0x65,0x22,0x49,0x01,0x55,
  21901. 0x5f,0xb8,0x82,0x15,0x90,0xa3,0x3b,0xac,
  21902. 0xc6,0x1e,0x39,0x70,0x1c,0xf9,0xb4,0x6b,
  21903. 0xd2,0x5b,0xf5,0xf0,0x59,0x5b,0xbe,0x24,
  21904. 0x65,0x51,0x41,0x43,0x8e,0x7a,0x10,0x0b
  21905. };
  21906. /* compressed prefix */
  21907. WOLFSSL_SMALL_STACK_STATIC const byte sig5[] = {
  21908. 0xe5,0x56,0x43,0x00,0xc3,0x60,0xac,0x72,
  21909. 0x90,0x86,0xe2,0xcc,0x80,0x6e,0x82,0x8a,
  21910. 0x84,0x87,0x7f,0x1e,0xb8,0xe5,0xd9,0x74,
  21911. 0xd8,0x73,0xe0,0x65,0x22,0x49,0x01,0x55,
  21912. 0x5f,0xb8,0x82,0x15,0x90,0xa3,0x3b,0xac,
  21913. 0xc6,0x1e,0x39,0x70,0x1c,0xf9,0xb4,0x6b,
  21914. 0xd2,0x5b,0xf5,0xf0,0x59,0x5b,0xbe,0x24,
  21915. 0x65,0x51,0x41,0x43,0x8e,0x7a,0x10,0x0b
  21916. };
  21917. WOLFSSL_SMALL_STACK_STATIC const byte sig6[] = {
  21918. 0x0a,0xab,0x4c,0x90,0x05,0x01,0xb3,0xe2,
  21919. 0x4d,0x7c,0xdf,0x46,0x63,0x32,0x6a,0x3a,
  21920. 0x87,0xdf,0x5e,0x48,0x43,0xb2,0xcb,0xdb,
  21921. 0x67,0xcb,0xf6,0xe4,0x60,0xfe,0xc3,0x50,
  21922. 0xaa,0x53,0x71,0xb1,0x50,0x8f,0x9f,0x45,
  21923. 0x28,0xec,0xea,0x23,0xc4,0x36,0xd9,0x4b,
  21924. 0x5e,0x8f,0xcd,0x4f,0x68,0x1e,0x30,0xa6,
  21925. 0xac,0x00,0xa9,0x70,0x4a,0x18,0x8a,0x03
  21926. };
  21927. WOLFSSL_SMALL_STACK_STATIC const byte* sigs[] = {sig1, sig2, sig3, sig4, sig5, sig6};
  21928. WOLFSSL_SMALL_STACK_STATIC const byte msg1[] = {0x0 };
  21929. WOLFSSL_SMALL_STACK_STATIC const byte msg2[] = {0x72};
  21930. WOLFSSL_SMALL_STACK_STATIC const byte msg3[] = {0xAF,0x82};
  21931. /* test of a 1024 byte long message */
  21932. WOLFSSL_SMALL_STACK_STATIC const byte msg4[] = {
  21933. 0x08,0xb8,0xb2,0xb7,0x33,0x42,0x42,0x43,
  21934. 0x76,0x0f,0xe4,0x26,0xa4,0xb5,0x49,0x08,
  21935. 0x63,0x21,0x10,0xa6,0x6c,0x2f,0x65,0x91,
  21936. 0xea,0xbd,0x33,0x45,0xe3,0xe4,0xeb,0x98,
  21937. 0xfa,0x6e,0x26,0x4b,0xf0,0x9e,0xfe,0x12,
  21938. 0xee,0x50,0xf8,0xf5,0x4e,0x9f,0x77,0xb1,
  21939. 0xe3,0x55,0xf6,0xc5,0x05,0x44,0xe2,0x3f,
  21940. 0xb1,0x43,0x3d,0xdf,0x73,0xbe,0x84,0xd8,
  21941. 0x79,0xde,0x7c,0x00,0x46,0xdc,0x49,0x96,
  21942. 0xd9,0xe7,0x73,0xf4,0xbc,0x9e,0xfe,0x57,
  21943. 0x38,0x82,0x9a,0xdb,0x26,0xc8,0x1b,0x37,
  21944. 0xc9,0x3a,0x1b,0x27,0x0b,0x20,0x32,0x9d,
  21945. 0x65,0x86,0x75,0xfc,0x6e,0xa5,0x34,0xe0,
  21946. 0x81,0x0a,0x44,0x32,0x82,0x6b,0xf5,0x8c,
  21947. 0x94,0x1e,0xfb,0x65,0xd5,0x7a,0x33,0x8b,
  21948. 0xbd,0x2e,0x26,0x64,0x0f,0x89,0xff,0xbc,
  21949. 0x1a,0x85,0x8e,0xfc,0xb8,0x55,0x0e,0xe3,
  21950. 0xa5,0xe1,0x99,0x8b,0xd1,0x77,0xe9,0x3a,
  21951. 0x73,0x63,0xc3,0x44,0xfe,0x6b,0x19,0x9e,
  21952. 0xe5,0xd0,0x2e,0x82,0xd5,0x22,0xc4,0xfe,
  21953. 0xba,0x15,0x45,0x2f,0x80,0x28,0x8a,0x82,
  21954. 0x1a,0x57,0x91,0x16,0xec,0x6d,0xad,0x2b,
  21955. 0x3b,0x31,0x0d,0xa9,0x03,0x40,0x1a,0xa6,
  21956. 0x21,0x00,0xab,0x5d,0x1a,0x36,0x55,0x3e,
  21957. 0x06,0x20,0x3b,0x33,0x89,0x0c,0xc9,0xb8,
  21958. 0x32,0xf7,0x9e,0xf8,0x05,0x60,0xcc,0xb9,
  21959. 0xa3,0x9c,0xe7,0x67,0x96,0x7e,0xd6,0x28,
  21960. 0xc6,0xad,0x57,0x3c,0xb1,0x16,0xdb,0xef,
  21961. 0xef,0xd7,0x54,0x99,0xda,0x96,0xbd,0x68,
  21962. 0xa8,0xa9,0x7b,0x92,0x8a,0x8b,0xbc,0x10,
  21963. 0x3b,0x66,0x21,0xfc,0xde,0x2b,0xec,0xa1,
  21964. 0x23,0x1d,0x20,0x6b,0xe6,0xcd,0x9e,0xc7,
  21965. 0xaf,0xf6,0xf6,0xc9,0x4f,0xcd,0x72,0x04,
  21966. 0xed,0x34,0x55,0xc6,0x8c,0x83,0xf4,0xa4,
  21967. 0x1d,0xa4,0xaf,0x2b,0x74,0xef,0x5c,0x53,
  21968. 0xf1,0xd8,0xac,0x70,0xbd,0xcb,0x7e,0xd1,
  21969. 0x85,0xce,0x81,0xbd,0x84,0x35,0x9d,0x44,
  21970. 0x25,0x4d,0x95,0x62,0x9e,0x98,0x55,0xa9,
  21971. 0x4a,0x7c,0x19,0x58,0xd1,0xf8,0xad,0xa5,
  21972. 0xd0,0x53,0x2e,0xd8,0xa5,0xaa,0x3f,0xb2,
  21973. 0xd1,0x7b,0xa7,0x0e,0xb6,0x24,0x8e,0x59,
  21974. 0x4e,0x1a,0x22,0x97,0xac,0xbb,0xb3,0x9d,
  21975. 0x50,0x2f,0x1a,0x8c,0x6e,0xb6,0xf1,0xce,
  21976. 0x22,0xb3,0xde,0x1a,0x1f,0x40,0xcc,0x24,
  21977. 0x55,0x41,0x19,0xa8,0x31,0xa9,0xaa,0xd6,
  21978. 0x07,0x9c,0xad,0x88,0x42,0x5d,0xe6,0xbd,
  21979. 0xe1,0xa9,0x18,0x7e,0xbb,0x60,0x92,0xcf,
  21980. 0x67,0xbf,0x2b,0x13,0xfd,0x65,0xf2,0x70,
  21981. 0x88,0xd7,0x8b,0x7e,0x88,0x3c,0x87,0x59,
  21982. 0xd2,0xc4,0xf5,0xc6,0x5a,0xdb,0x75,0x53,
  21983. 0x87,0x8a,0xd5,0x75,0xf9,0xfa,0xd8,0x78,
  21984. 0xe8,0x0a,0x0c,0x9b,0xa6,0x3b,0xcb,0xcc,
  21985. 0x27,0x32,0xe6,0x94,0x85,0xbb,0xc9,0xc9,
  21986. 0x0b,0xfb,0xd6,0x24,0x81,0xd9,0x08,0x9b,
  21987. 0xec,0xcf,0x80,0xcf,0xe2,0xdf,0x16,0xa2,
  21988. 0xcf,0x65,0xbd,0x92,0xdd,0x59,0x7b,0x07,
  21989. 0x07,0xe0,0x91,0x7a,0xf4,0x8b,0xbb,0x75,
  21990. 0xfe,0xd4,0x13,0xd2,0x38,0xf5,0x55,0x5a,
  21991. 0x7a,0x56,0x9d,0x80,0xc3,0x41,0x4a,0x8d,
  21992. 0x08,0x59,0xdc,0x65,0xa4,0x61,0x28,0xba,
  21993. 0xb2,0x7a,0xf8,0x7a,0x71,0x31,0x4f,0x31,
  21994. 0x8c,0x78,0x2b,0x23,0xeb,0xfe,0x80,0x8b,
  21995. 0x82,0xb0,0xce,0x26,0x40,0x1d,0x2e,0x22,
  21996. 0xf0,0x4d,0x83,0xd1,0x25,0x5d,0xc5,0x1a,
  21997. 0xdd,0xd3,0xb7,0x5a,0x2b,0x1a,0xe0,0x78,
  21998. 0x45,0x04,0xdf,0x54,0x3a,0xf8,0x96,0x9b,
  21999. 0xe3,0xea,0x70,0x82,0xff,0x7f,0xc9,0x88,
  22000. 0x8c,0x14,0x4d,0xa2,0xaf,0x58,0x42,0x9e,
  22001. 0xc9,0x60,0x31,0xdb,0xca,0xd3,0xda,0xd9,
  22002. 0xaf,0x0d,0xcb,0xaa,0xaf,0x26,0x8c,0xb8,
  22003. 0xfc,0xff,0xea,0xd9,0x4f,0x3c,0x7c,0xa4,
  22004. 0x95,0xe0,0x56,0xa9,0xb4,0x7a,0xcd,0xb7,
  22005. 0x51,0xfb,0x73,0xe6,0x66,0xc6,0xc6,0x55,
  22006. 0xad,0xe8,0x29,0x72,0x97,0xd0,0x7a,0xd1,
  22007. 0xba,0x5e,0x43,0xf1,0xbc,0xa3,0x23,0x01,
  22008. 0x65,0x13,0x39,0xe2,0x29,0x04,0xcc,0x8c,
  22009. 0x42,0xf5,0x8c,0x30,0xc0,0x4a,0xaf,0xdb,
  22010. 0x03,0x8d,0xda,0x08,0x47,0xdd,0x98,0x8d,
  22011. 0xcd,0xa6,0xf3,0xbf,0xd1,0x5c,0x4b,0x4c,
  22012. 0x45,0x25,0x00,0x4a,0xa0,0x6e,0xef,0xf8,
  22013. 0xca,0x61,0x78,0x3a,0xac,0xec,0x57,0xfb,
  22014. 0x3d,0x1f,0x92,0xb0,0xfe,0x2f,0xd1,0xa8,
  22015. 0x5f,0x67,0x24,0x51,0x7b,0x65,0xe6,0x14,
  22016. 0xad,0x68,0x08,0xd6,0xf6,0xee,0x34,0xdf,
  22017. 0xf7,0x31,0x0f,0xdc,0x82,0xae,0xbf,0xd9,
  22018. 0x04,0xb0,0x1e,0x1d,0xc5,0x4b,0x29,0x27,
  22019. 0x09,0x4b,0x2d,0xb6,0x8d,0x6f,0x90,0x3b,
  22020. 0x68,0x40,0x1a,0xde,0xbf,0x5a,0x7e,0x08,
  22021. 0xd7,0x8f,0xf4,0xef,0x5d,0x63,0x65,0x3a,
  22022. 0x65,0x04,0x0c,0xf9,0xbf,0xd4,0xac,0xa7,
  22023. 0x98,0x4a,0x74,0xd3,0x71,0x45,0x98,0x67,
  22024. 0x80,0xfc,0x0b,0x16,0xac,0x45,0x16,0x49,
  22025. 0xde,0x61,0x88,0xa7,0xdb,0xdf,0x19,0x1f,
  22026. 0x64,0xb5,0xfc,0x5e,0x2a,0xb4,0x7b,0x57,
  22027. 0xf7,0xf7,0x27,0x6c,0xd4,0x19,0xc1,0x7a,
  22028. 0x3c,0xa8,0xe1,0xb9,0x39,0xae,0x49,0xe4,
  22029. 0x88,0xac,0xba,0x6b,0x96,0x56,0x10,0xb5,
  22030. 0x48,0x01,0x09,0xc8,0xb1,0x7b,0x80,0xe1,
  22031. 0xb7,0xb7,0x50,0xdf,0xc7,0x59,0x8d,0x5d,
  22032. 0x50,0x11,0xfd,0x2d,0xcc,0x56,0x00,0xa3,
  22033. 0x2e,0xf5,0xb5,0x2a,0x1e,0xcc,0x82,0x0e,
  22034. 0x30,0x8a,0xa3,0x42,0x72,0x1a,0xac,0x09,
  22035. 0x43,0xbf,0x66,0x86,0xb6,0x4b,0x25,0x79,
  22036. 0x37,0x65,0x04,0xcc,0xc4,0x93,0xd9,0x7e,
  22037. 0x6a,0xed,0x3f,0xb0,0xf9,0xcd,0x71,0xa4,
  22038. 0x3d,0xd4,0x97,0xf0,0x1f,0x17,0xc0,0xe2,
  22039. 0xcb,0x37,0x97,0xaa,0x2a,0x2f,0x25,0x66,
  22040. 0x56,0x16,0x8e,0x6c,0x49,0x6a,0xfc,0x5f,
  22041. 0xb9,0x32,0x46,0xf6,0xb1,0x11,0x63,0x98,
  22042. 0xa3,0x46,0xf1,0xa6,0x41,0xf3,0xb0,0x41,
  22043. 0xe9,0x89,0xf7,0x91,0x4f,0x90,0xcc,0x2c,
  22044. 0x7f,0xff,0x35,0x78,0x76,0xe5,0x06,0xb5,
  22045. 0x0d,0x33,0x4b,0xa7,0x7c,0x22,0x5b,0xc3,
  22046. 0x07,0xba,0x53,0x71,0x52,0xf3,0xf1,0x61,
  22047. 0x0e,0x4e,0xaf,0xe5,0x95,0xf6,0xd9,0xd9,
  22048. 0x0d,0x11,0xfa,0xa9,0x33,0xa1,0x5e,0xf1,
  22049. 0x36,0x95,0x46,0x86,0x8a,0x7f,0x3a,0x45,
  22050. 0xa9,0x67,0x68,0xd4,0x0f,0xd9,0xd0,0x34,
  22051. 0x12,0xc0,0x91,0xc6,0x31,0x5c,0xf4,0xfd,
  22052. 0xe7,0xcb,0x68,0x60,0x69,0x37,0x38,0x0d,
  22053. 0xb2,0xea,0xaa,0x70,0x7b,0x4c,0x41,0x85,
  22054. 0xc3,0x2e,0xdd,0xcd,0xd3,0x06,0x70,0x5e,
  22055. 0x4d,0xc1,0xff,0xc8,0x72,0xee,0xee,0x47,
  22056. 0x5a,0x64,0xdf,0xac,0x86,0xab,0xa4,0x1c,
  22057. 0x06,0x18,0x98,0x3f,0x87,0x41,0xc5,0xef,
  22058. 0x68,0xd3,0xa1,0x01,0xe8,0xa3,0xb8,0xca,
  22059. 0xc6,0x0c,0x90,0x5c,0x15,0xfc,0x91,0x08,
  22060. 0x40,0xb9,0x4c,0x00,0xa0,0xb9,0xd0
  22061. };
  22062. WOLFSSL_SMALL_STACK_STATIC const byte* msgs[] = {msg1, msg2, msg3, msg1, msg1, msg4};
  22063. WOLFSSL_SMALL_STACK_STATIC const word16 msgSz[] = {0 /*sizeof(msg1)*/,
  22064. sizeof(msg2),
  22065. sizeof(msg3),
  22066. 0 /*sizeof(msg1)*/,
  22067. 0 /*sizeof(msg1)*/,
  22068. sizeof(msg4)
  22069. };
  22070. #ifndef NO_ASN
  22071. static byte privateEd25519[] = {
  22072. 0x30,0x2e,0x02,0x01,0x00,0x30,0x05,0x06,
  22073. 0x03,0x2b,0x65,0x70,0x04,0x22,0x04,0x20,
  22074. 0x9d,0x61,0xb1,0x9d,0xef,0xfd,0x5a,0x60,
  22075. 0xba,0x84,0x4a,0xf4,0x92,0xec,0x2c,0xc4,
  22076. 0x44,0x49,0xc5,0x69,0x7b,0x32,0x69,0x19,
  22077. 0x70,0x3b,0xac,0x03,0x1c,0xae,0x7f,0x60
  22078. };
  22079. static byte publicEd25519[] = {
  22080. 0x30,0x2a,0x30,0x05,0x06,0x03,0x2b,0x65,
  22081. 0x70,0x03,0x21,0x00,0xd7,0x5a,0x98,0x01,
  22082. 0x82,0xb1,0x0a,0xb7,0xd5,0x4b,0xfe,0xd3,
  22083. 0xc9,0x64,0x07,0x3a,0x0e,0xe1,0x72,0xf3,
  22084. 0xda,0xa6,0x23,0x25,0xaf,0x02,0x1a,0x68,
  22085. 0xf7,0x07,0x51,0x1a
  22086. };
  22087. static byte privPubEd25519[] = {
  22088. 0x30,0x52,0x02,0x01,0x00,0x30,0x05,0x06,
  22089. 0x03,0x2b,0x65,0x70,0x04,0x22,0x04,0x20,
  22090. 0x9d,0x61,0xb1,0x9d,0xef,0xfd,0x5a,0x60,
  22091. 0xba,0x84,0x4a,0xf4,0x92,0xec,0x2c,0xc4,
  22092. 0x44,0x49,0xc5,0x69,0x7b,0x32,0x69,0x19,
  22093. 0x70,0x3b,0xac,0x03,0x1c,0xae,0x7f,0x60,
  22094. 0xa1,0x22,0x04,0x20,0xd7,0x5a,0x98,0x01,
  22095. 0x82,0xb1,0x0a,0xb7,0xd5,0x4b,0xfe,0xd3,
  22096. 0xc9,0x64,0x07,0x3a,0x0e,0xe1,0x72,0xf3,
  22097. 0xda,0xa6,0x23,0x25,0xaf,0x02,0x1a,0x68,
  22098. 0xf7,0x07,0x51,0x1a
  22099. };
  22100. word32 idx;
  22101. ed25519_key key3;
  22102. #endif /* NO_ASN */
  22103. #endif /* HAVE_ED25519_SIGN && HAVE_ED25519_KEY_EXPORT && HAVE_ED25519_KEY_IMPORT */
  22104. /* create ed25519 keys */
  22105. #ifndef HAVE_FIPS
  22106. ret = wc_InitRng_ex(&rng, HEAP_HINT, devId);
  22107. #else
  22108. ret = wc_InitRng(&rng);
  22109. #endif
  22110. if (ret != 0)
  22111. return -11000;
  22112. wc_ed25519_init(&key);
  22113. wc_ed25519_init(&key2);
  22114. #ifndef NO_ASN
  22115. wc_ed25519_init(&key3);
  22116. #endif
  22117. wc_ed25519_make_key(&rng, ED25519_KEY_SIZE, &key);
  22118. wc_ed25519_make_key(&rng, ED25519_KEY_SIZE, &key2);
  22119. /* helper functions for signature and key size */
  22120. keySz = wc_ed25519_size(&key);
  22121. sigSz = wc_ed25519_sig_size(&key);
  22122. #if defined(HAVE_ED25519_SIGN) && defined(HAVE_ED25519_KEY_EXPORT) &&\
  22123. defined(HAVE_ED25519_KEY_IMPORT)
  22124. for (i = 0; i < 6; i++) {
  22125. outlen = sizeof(out);
  22126. XMEMSET(out, 0, sizeof(out));
  22127. if (wc_ed25519_import_private_key(sKeys[i], ED25519_KEY_SIZE, pKeys[i],
  22128. pKeySz[i], &key) != 0)
  22129. return -11001 - i;
  22130. if (wc_ed25519_sign_msg(msgs[i], msgSz[i], out, &outlen, &key) != 0)
  22131. return -11011 - i;
  22132. if (XMEMCMP(out, sigs[i], 64))
  22133. return -11021 - i;
  22134. #if defined(HAVE_ED25519_VERIFY)
  22135. /* test verify on good msg */
  22136. if (wc_ed25519_verify_msg(out, outlen, msgs[i], msgSz[i], &verify,
  22137. &key) != 0 || verify != 1)
  22138. return -11031 - i;
  22139. /* test verify on bad msg */
  22140. out[outlen-1] = out[outlen-1] + 1;
  22141. if (wc_ed25519_verify_msg(out, outlen, msgs[i], msgSz[i], &verify,
  22142. &key) == 0 || verify == 1)
  22143. return -11041 - i;
  22144. #endif /* HAVE_ED25519_VERIFY */
  22145. /* test api for import/exporting keys */
  22146. exportPSz = sizeof(exportPKey);
  22147. exportSSz = sizeof(exportSKey);
  22148. if (wc_ed25519_export_public(&key, exportPKey, &exportPSz) != 0)
  22149. return -11051 - i;
  22150. if (wc_ed25519_import_public(exportPKey, exportPSz, &key2) != 0)
  22151. return -11061 - i;
  22152. if (wc_ed25519_export_private_only(&key, exportSKey, &exportSSz) != 0)
  22153. return -11071 - i;
  22154. if (wc_ed25519_import_private_key(exportSKey, exportSSz,
  22155. exportPKey, exportPSz, &key2) != 0)
  22156. return -11081 - i;
  22157. /* clear "out" buffer and test sign with imported keys */
  22158. outlen = sizeof(out);
  22159. XMEMSET(out, 0, sizeof(out));
  22160. if (wc_ed25519_sign_msg(msgs[i], msgSz[i], out, &outlen, &key2) != 0)
  22161. return -11091 - i;
  22162. #if defined(HAVE_ED25519_VERIFY)
  22163. if (wc_ed25519_verify_msg(out, outlen, msgs[i], msgSz[i], &verify,
  22164. &key2) != 0 || verify != 1)
  22165. return -11101 - i;
  22166. if (XMEMCMP(out, sigs[i], 64))
  22167. return -11111 - i;
  22168. #endif /* HAVE_ED25519_VERIFY */
  22169. }
  22170. ret = ed25519ctx_test();
  22171. if (ret != 0)
  22172. return ret;
  22173. ret = ed25519ph_test();
  22174. if (ret != 0)
  22175. return ret;
  22176. #ifndef NO_ASN
  22177. /* Try ASN.1 encoded private-only key and public key. */
  22178. idx = 0;
  22179. if (wc_Ed25519PrivateKeyDecode(privateEd25519, &idx, &key3,
  22180. sizeof(privateEd25519)) != 0)
  22181. return -11121 - i;
  22182. if (wc_ed25519_sign_msg(msgs[0], msgSz[0], out, &outlen, &key3)
  22183. != BAD_FUNC_ARG)
  22184. return -11131 - i;
  22185. idx = 0;
  22186. if (wc_Ed25519PublicKeyDecode(publicEd25519, &idx, &key3,
  22187. sizeof(publicEd25519)) != 0)
  22188. return -11141 - i;
  22189. if (wc_ed25519_sign_msg(msgs[0], msgSz[0], out, &outlen, &key3) != 0)
  22190. return -11151 - i;
  22191. if (XMEMCMP(out, sigs[0], 64))
  22192. return -11161 - i;
  22193. #if defined(HAVE_ED25519_VERIFY)
  22194. /* test verify on good msg */
  22195. if (wc_ed25519_verify_msg(out, outlen, msgs[0], msgSz[0], &verify, &key3)
  22196. != 0 || verify != 1)
  22197. return -11171 - i;
  22198. #endif /* HAVE_ED25519_VERIFY */
  22199. wc_ed25519_free(&key3);
  22200. wc_ed25519_init(&key3);
  22201. idx = 0;
  22202. if (wc_Ed25519PrivateKeyDecode(privPubEd25519, &idx, &key3,
  22203. sizeof(privPubEd25519)) != 0)
  22204. return -11181 - i;
  22205. if (wc_ed25519_sign_msg(msgs[0], msgSz[0], out, &outlen, &key3) != 0)
  22206. return -11191 - i;
  22207. if (XMEMCMP(out, sigs[0], 64))
  22208. return -11201 - i;
  22209. wc_ed25519_free(&key3);
  22210. #endif /* NO_ASN */
  22211. #endif /* HAVE_ED25519_SIGN && HAVE_ED25519_KEY_EXPORT && HAVE_ED25519_KEY_IMPORT */
  22212. /* clean up keys when done */
  22213. wc_ed25519_free(&key);
  22214. wc_ed25519_free(&key2);
  22215. #if defined(HAVE_HASHDRBG) || defined(NO_RC4)
  22216. wc_FreeRng(&rng);
  22217. #endif
  22218. /* hush warnings of unused keySz and sigSz */
  22219. (void)keySz;
  22220. (void)sigSz;
  22221. #ifdef WOLFSSL_TEST_CERT
  22222. ret = ed25519_test_cert();
  22223. if (ret < 0)
  22224. return ret;
  22225. #ifdef WOLFSSL_CERT_GEN
  22226. ret = ed25519_test_make_cert();
  22227. if (ret < 0)
  22228. return ret;
  22229. #endif /* WOLFSSL_CERT_GEN */
  22230. #endif /* WOLFSSL_TEST_CERT */
  22231. return 0;
  22232. }
  22233. #endif /* HAVE_ED25519 */
  22234. #ifdef HAVE_CURVE448
  22235. #if defined(HAVE_CURVE448_SHARED_SECRET) && \
  22236. defined(HAVE_CURVE448_KEY_IMPORT)
  22237. /* Test the wc_curve448_check_public API.
  22238. *
  22239. * returns 0 on success and -ve on failure.
  22240. */
  22241. static int curve448_check_public_test(void)
  22242. {
  22243. /* Little-endian values that will fail */
  22244. byte fail_le[][CURVE448_KEY_SIZE] = {
  22245. {
  22246. 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
  22247. 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
  22248. 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
  22249. 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
  22250. 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
  22251. 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
  22252. 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00
  22253. },
  22254. {
  22255. 0x01,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
  22256. 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
  22257. 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
  22258. 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
  22259. 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
  22260. 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
  22261. 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00
  22262. },
  22263. };
  22264. /* Big-endian values that will fail */
  22265. byte fail_be[][CURVE448_KEY_SIZE] = {
  22266. {
  22267. 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
  22268. 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
  22269. 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
  22270. 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
  22271. 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
  22272. 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
  22273. 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00
  22274. },
  22275. {
  22276. 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
  22277. 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
  22278. 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
  22279. 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
  22280. 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
  22281. 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
  22282. 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x01
  22283. },
  22284. };
  22285. /* Good or valid public value */
  22286. byte good[CURVE448_KEY_SIZE] = {
  22287. 0x01,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
  22288. 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
  22289. 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
  22290. 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
  22291. 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
  22292. 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
  22293. 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x01
  22294. };
  22295. int i;
  22296. /* Parameter checks */
  22297. /* NULL pointer */
  22298. if (wc_curve448_check_public(NULL, 0, EC448_LITTLE_ENDIAN) !=
  22299. BAD_FUNC_ARG) {
  22300. return -11300;
  22301. }
  22302. if (wc_curve448_check_public(NULL, 0, EC448_BIG_ENDIAN) != BAD_FUNC_ARG) {
  22303. return -11301;
  22304. }
  22305. /* Length of 0 treated differently to other invalid lengths for TLS */
  22306. if (wc_curve448_check_public(good, 0, EC448_LITTLE_ENDIAN) != BUFFER_E)
  22307. return -11302;
  22308. if (wc_curve448_check_public(good, 0, EC448_BIG_ENDIAN) != BUFFER_E)
  22309. return -11303;
  22310. /* Length not CURVE448_KEY_SIZE */
  22311. for (i = 1; i < CURVE448_KEY_SIZE + 2; i++) {
  22312. if (i == CURVE448_KEY_SIZE)
  22313. continue;
  22314. if (wc_curve448_check_public(good, i, EC448_LITTLE_ENDIAN) !=
  22315. ECC_BAD_ARG_E) {
  22316. return -11304 - i;
  22317. }
  22318. if (wc_curve448_check_public(good, i, EC448_BIG_ENDIAN) !=
  22319. ECC_BAD_ARG_E) {
  22320. return -11314 - i;
  22321. }
  22322. }
  22323. /* Little-endian fail cases */
  22324. for (i = 0; i < (int)(sizeof(fail_le) / sizeof(*fail_le)); i++) {
  22325. if (wc_curve448_check_public(fail_le[i], CURVE448_KEY_SIZE,
  22326. EC448_LITTLE_ENDIAN) == 0) {
  22327. return -11324 - i;
  22328. }
  22329. }
  22330. /* Big-endian fail cases */
  22331. for (i = 0; i < (int)(sizeof(fail_be) / sizeof(*fail_be)); i++) {
  22332. if (wc_curve448_check_public(fail_be[i], CURVE448_KEY_SIZE,
  22333. EC448_BIG_ENDIAN) == 0) {
  22334. return -11334 - i;
  22335. }
  22336. }
  22337. /* Check a valid public value works! */
  22338. if (wc_curve448_check_public(good, CURVE448_KEY_SIZE,
  22339. EC448_LITTLE_ENDIAN) != 0) {
  22340. return -11344;
  22341. }
  22342. if (wc_curve448_check_public(good, CURVE448_KEY_SIZE,
  22343. EC448_BIG_ENDIAN) != 0) {
  22344. return -11345;
  22345. }
  22346. return 0;
  22347. }
  22348. #endif /* HAVE_CURVE448_SHARED_SECRET && HAVE_CURVE448_KEY_IMPORT */
  22349. WOLFSSL_TEST_SUBROUTINE int curve448_test(void)
  22350. {
  22351. WC_RNG rng;
  22352. int ret;
  22353. #ifdef HAVE_CURVE448_SHARED_SECRET
  22354. byte sharedA[CURVE448_KEY_SIZE];
  22355. byte sharedB[CURVE448_KEY_SIZE];
  22356. word32 y;
  22357. #endif
  22358. #ifdef HAVE_CURVE448_KEY_EXPORT
  22359. byte exportBuf[CURVE448_KEY_SIZE];
  22360. #endif
  22361. word32 x;
  22362. curve448_key userA, userB, pubKey;
  22363. #if defined(HAVE_CURVE448_SHARED_SECRET) && \
  22364. defined(HAVE_CURVE448_KEY_IMPORT)
  22365. /* test vectors from
  22366. https://www.rfc-editor.org/rfc/rfc7748.html
  22367. */
  22368. /* secret key for party a */
  22369. byte sa[] = {
  22370. 0x6b, 0x72, 0x98, 0xa5, 0xc0, 0xd8, 0xc2, 0x9a,
  22371. 0x1d, 0xab, 0x27, 0xf1, 0xa6, 0x82, 0x63, 0x00,
  22372. 0x91, 0x73, 0x89, 0x44, 0x97, 0x41, 0xa9, 0x74,
  22373. 0xf5, 0xba, 0xc9, 0xd9, 0x8d, 0xc2, 0x98, 0xd4,
  22374. 0x65, 0x55, 0xbc, 0xe8, 0xba, 0xe8, 0x9e, 0xee,
  22375. 0xd4, 0x00, 0x58, 0x4b, 0xb0, 0x46, 0xcf, 0x75,
  22376. 0x57, 0x9f, 0x51, 0xd1, 0x25, 0x49, 0x8f, 0x9a,
  22377. };
  22378. /* public key for party a */
  22379. byte pa[] = {
  22380. 0xa0, 0x1f, 0xc4, 0x32, 0xe5, 0x80, 0x7f, 0x17,
  22381. 0x53, 0x0d, 0x12, 0x88, 0xda, 0x12, 0x5b, 0x0c,
  22382. 0xd4, 0x53, 0xd9, 0x41, 0x72, 0x64, 0x36, 0xc8,
  22383. 0xbb, 0xd9, 0xc5, 0x22, 0x2c, 0x3d, 0xa7, 0xfa,
  22384. 0x63, 0x9c, 0xe0, 0x3d, 0xb8, 0xd2, 0x3b, 0x27,
  22385. 0x4a, 0x07, 0x21, 0xa1, 0xae, 0xd5, 0x22, 0x7d,
  22386. 0xe6, 0xe3, 0xb7, 0x31, 0xcc, 0xf7, 0x08, 0x9b,
  22387. };
  22388. /* secret key for party b */
  22389. byte sb[] = {
  22390. 0x2d, 0x99, 0x73, 0x51, 0xb6, 0x10, 0x6f, 0x36,
  22391. 0xb0, 0xd1, 0x09, 0x1b, 0x92, 0x9c, 0x4c, 0x37,
  22392. 0x21, 0x3e, 0x0d, 0x2b, 0x97, 0xe8, 0x5e, 0xbb,
  22393. 0x20, 0xc1, 0x27, 0x69, 0x1d, 0x0d, 0xad, 0x8f,
  22394. 0x1d, 0x81, 0x75, 0xb0, 0x72, 0x37, 0x45, 0xe6,
  22395. 0x39, 0xa3, 0xcb, 0x70, 0x44, 0x29, 0x0b, 0x99,
  22396. 0xe0, 0xe2, 0xa0, 0xc2, 0x7a, 0x6a, 0x30, 0x1c,
  22397. };
  22398. /* public key for party b */
  22399. byte pb[] = {
  22400. 0x09, 0x36, 0xf3, 0x7b, 0xc6, 0xc1, 0xbd, 0x07,
  22401. 0xae, 0x3d, 0xec, 0x7a, 0xb5, 0xdc, 0x06, 0xa7,
  22402. 0x3c, 0xa1, 0x32, 0x42, 0xfb, 0x34, 0x3e, 0xfc,
  22403. 0x72, 0xb9, 0xd8, 0x27, 0x30, 0xb4, 0x45, 0xf3,
  22404. 0xd4, 0xb0, 0xbd, 0x07, 0x71, 0x62, 0xa4, 0x6d,
  22405. 0xcf, 0xec, 0x6f, 0x9b, 0x59, 0x0b, 0xfc, 0xbc,
  22406. 0xf5, 0x20, 0xcd, 0xb0, 0x29, 0xa8, 0xb7, 0x3e,
  22407. };
  22408. /* expected shared key */
  22409. byte ss[] = {
  22410. 0x9d, 0x87, 0x4a, 0x51, 0x37, 0x50, 0x9a, 0x44,
  22411. 0x9a, 0xd5, 0x85, 0x30, 0x40, 0x24, 0x1c, 0x52,
  22412. 0x36, 0x39, 0x54, 0x35, 0xc3, 0x64, 0x24, 0xfd,
  22413. 0x56, 0x0b, 0x0c, 0xb6, 0x2b, 0x28, 0x1d, 0x28,
  22414. 0x52, 0x75, 0xa7, 0x40, 0xce, 0x32, 0xa2, 0x2d,
  22415. 0xd1, 0x74, 0x0f, 0x4a, 0xa9, 0x16, 0x1c, 0xec,
  22416. 0x95, 0xcc, 0xc6, 0x1a, 0x18, 0xf4, 0xff, 0x07,
  22417. };
  22418. #endif /* HAVE_CURVE448_SHARED_SECRET */
  22419. (void)x;
  22420. #ifndef HAVE_FIPS
  22421. ret = wc_InitRng_ex(&rng, HEAP_HINT, devId);
  22422. #else
  22423. ret = wc_InitRng(&rng);
  22424. #endif
  22425. if (ret != 0)
  22426. return -11400;
  22427. wc_curve448_init(&userA);
  22428. wc_curve448_init(&userB);
  22429. wc_curve448_init(&pubKey);
  22430. /* make curve448 keys */
  22431. if (wc_curve448_make_key(&rng, CURVE448_KEY_SIZE, &userA) != 0)
  22432. return -11401;
  22433. if (wc_curve448_make_key(&rng, CURVE448_KEY_SIZE, &userB) != 0)
  22434. return -11402;
  22435. #ifdef HAVE_CURVE448_SHARED_SECRET
  22436. /* find shared secret key */
  22437. x = sizeof(sharedA);
  22438. if (wc_curve448_shared_secret(&userA, &userB, sharedA, &x) != 0)
  22439. return -11403;
  22440. y = sizeof(sharedB);
  22441. if (wc_curve448_shared_secret(&userB, &userA, sharedB, &y) != 0)
  22442. return -11404;
  22443. /* compare shared secret keys to test they are the same */
  22444. if (y != x)
  22445. return -11405;
  22446. if (XMEMCMP(sharedA, sharedB, x))
  22447. return -11406;
  22448. #endif
  22449. #ifdef HAVE_CURVE448_KEY_EXPORT
  22450. /* export a public key and import it for another user */
  22451. x = sizeof(exportBuf);
  22452. if (wc_curve448_export_public(&userA, exportBuf, &x) != 0)
  22453. return -11407;
  22454. #ifdef HAVE_CURVE448_KEY_IMPORT
  22455. if (wc_curve448_import_public(exportBuf, x, &pubKey) != 0)
  22456. return -11408;
  22457. #endif
  22458. #endif
  22459. #if defined(HAVE_CURVE448_SHARED_SECRET) && \
  22460. defined(HAVE_CURVE448_KEY_IMPORT)
  22461. /* test shared key after importing a public key */
  22462. XMEMSET(sharedB, 0, sizeof(sharedB));
  22463. y = sizeof(sharedB);
  22464. if (wc_curve448_shared_secret(&userB, &pubKey, sharedB, &y) != 0)
  22465. return -11409;
  22466. if (XMEMCMP(sharedA, sharedB, y))
  22467. return -11410;
  22468. /* import RFC test vectors and compare shared key */
  22469. if (wc_curve448_import_private_raw(sa, sizeof(sa), pa, sizeof(pa), &userA)
  22470. != 0)
  22471. return -11411;
  22472. if (wc_curve448_import_private_raw(sb, sizeof(sb), pb, sizeof(pb), &userB)
  22473. != 0)
  22474. return -11412;
  22475. /* test against known test vector */
  22476. XMEMSET(sharedB, 0, sizeof(sharedB));
  22477. y = sizeof(sharedB);
  22478. if (wc_curve448_shared_secret(&userA, &userB, sharedB, &y) != 0)
  22479. return -11413;
  22480. if (XMEMCMP(ss, sharedB, y))
  22481. return -11414;
  22482. /* test swapping roles of keys and generating same shared key */
  22483. XMEMSET(sharedB, 0, sizeof(sharedB));
  22484. y = sizeof(sharedB);
  22485. if (wc_curve448_shared_secret(&userB, &userA, sharedB, &y) != 0)
  22486. return -11415;
  22487. if (XMEMCMP(ss, sharedB, y))
  22488. return -11416;
  22489. /* test with 1 generated key and 1 from known test vector */
  22490. if (wc_curve448_import_private_raw(sa, sizeof(sa), pa, sizeof(pa), &userA)
  22491. != 0)
  22492. return -11417;
  22493. if (wc_curve448_make_key(&rng, 56, &userB) != 0)
  22494. return -11418;
  22495. x = sizeof(sharedA);
  22496. if (wc_curve448_shared_secret(&userA, &userB, sharedA, &x) != 0)
  22497. return -11419;
  22498. y = sizeof(sharedB);
  22499. if (wc_curve448_shared_secret(&userB, &userA, sharedB, &y) != 0)
  22500. return -11420;
  22501. /* compare shared secret keys to test they are the same */
  22502. if (y != x)
  22503. return -11421;
  22504. if (XMEMCMP(sharedA, sharedB, x))
  22505. return -11422;
  22506. ret = curve448_check_public_test();
  22507. if (ret != 0)
  22508. return ret;
  22509. #endif /* HAVE_CURVE448_SHARED_SECRET && HAVE_CURVE448_KEY_IMPORT */
  22510. /* clean up keys when done */
  22511. wc_curve448_free(&pubKey);
  22512. wc_curve448_free(&userB);
  22513. wc_curve448_free(&userA);
  22514. wc_FreeRng(&rng);
  22515. return 0;
  22516. }
  22517. #endif /* HAVE_CURVE448 */
  22518. #ifdef HAVE_ED448
  22519. #ifdef WOLFSSL_TEST_CERT
  22520. static int ed448_test_cert(void)
  22521. {
  22522. DecodedCert cert[2];
  22523. DecodedCert* serverCert = NULL;
  22524. DecodedCert* caCert = NULL;
  22525. #ifdef HAVE_ED448_VERIFY
  22526. ed448_key key;
  22527. ed448_key* pubKey = NULL;
  22528. int verify;
  22529. #endif /* HAVE_ED448_VERIFY */
  22530. int ret;
  22531. byte* tmp;
  22532. size_t bytes;
  22533. XFILE file;
  22534. tmp = (byte *)XMALLOC(FOURK_BUF, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  22535. if (tmp == NULL) {
  22536. ERROR_OUT(-11430, done);
  22537. }
  22538. #ifdef USE_CERT_BUFFERS_256
  22539. XMEMCPY(tmp, ca_ed448_cert, sizeof_ca_ed448_cert);
  22540. bytes = sizeof_ca_ed448_cert;
  22541. #elif !defined(NO_FILESYSTEM)
  22542. file = XFOPEN(caEd448Cert, "rb");
  22543. if (file == NULL) {
  22544. ERROR_OUT(-11431, done);
  22545. }
  22546. bytes = XFREAD(tmp, 1, FOURK_BUF, file);
  22547. XFCLOSE(file);
  22548. #else
  22549. /* No certificate to use. */
  22550. ERROR_OUT(-11432, done);
  22551. #endif
  22552. InitDecodedCert(&cert[0], tmp, (word32)bytes, 0);
  22553. caCert = &cert[0];
  22554. ret = ParseCert(caCert, CERT_TYPE, NO_VERIFY, NULL);
  22555. if (ret != 0) {
  22556. ERROR_OUT(-11433, done);
  22557. }
  22558. #ifdef USE_CERT_BUFFERS_256
  22559. XMEMCPY(tmp, server_ed448_cert, sizeof_server_ed448_cert);
  22560. bytes = sizeof_server_ed448_cert;
  22561. #elif !defined(NO_FILESYSTEM)
  22562. file = XFOPEN(serverEd448Cert, "rb");
  22563. if (file == NULL) {
  22564. ERROR_OUT(-11434, done);
  22565. }
  22566. bytes = XFREAD(tmp, 1, FOURK_BUF, file);
  22567. XFCLOSE(file);
  22568. #else
  22569. /* No certificate to use. */
  22570. ERROR_OUT(-11435, done);
  22571. #endif
  22572. InitDecodedCert(&cert[1], tmp, (word32)bytes, 0);
  22573. serverCert = &cert[1];
  22574. ret = ParseCert(serverCert, CERT_TYPE, NO_VERIFY, NULL);
  22575. if (ret != 0) {
  22576. ERROR_OUT(-11436, done);
  22577. }
  22578. #ifdef HAVE_ED448_VERIFY
  22579. ret = wc_ed448_init(&key);
  22580. if (ret < 0) {
  22581. ERROR_OUT(-11437, done);
  22582. }
  22583. pubKey = &key;
  22584. ret = wc_ed448_import_public(caCert->publicKey, caCert->pubKeySize, pubKey);
  22585. if (ret < 0) {
  22586. ERROR_OUT(-11438, done);
  22587. }
  22588. if (wc_ed448_verify_msg(serverCert->signature, serverCert->sigLength,
  22589. serverCert->source + serverCert->certBegin,
  22590. serverCert->sigIndex - serverCert->certBegin,
  22591. &verify, pubKey, NULL, 0) < 0 || verify != 1) {
  22592. ERROR_OUT(-11439, done);
  22593. }
  22594. #endif /* HAVE_ED448_VERIFY */
  22595. done:
  22596. if (tmp != NULL)
  22597. XFREE(tmp, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  22598. #ifdef HAVE_ED448_VERIFY
  22599. wc_ed448_free(pubKey);
  22600. #endif /* HAVE_ED448_VERIFY */
  22601. if (caCert != NULL)
  22602. FreeDecodedCert(caCert);
  22603. if (serverCert != NULL)
  22604. FreeDecodedCert(serverCert);
  22605. return ret;
  22606. }
  22607. static int ed448_test_make_cert(void)
  22608. {
  22609. WC_RNG rng;
  22610. Cert cert;
  22611. DecodedCert decode;
  22612. ed448_key key;
  22613. ed448_key* privKey = NULL;
  22614. int ret = 0;
  22615. byte* tmp = NULL;
  22616. wc_InitCert(&cert);
  22617. #ifndef HAVE_FIPS
  22618. ret = wc_InitRng_ex(&rng, HEAP_HINT, devId);
  22619. #else
  22620. ret = wc_InitRng(&rng);
  22621. #endif
  22622. if (ret != 0)
  22623. return -11450;
  22624. wc_ed448_init(&key);
  22625. privKey = &key;
  22626. wc_ed448_make_key(&rng, ED448_KEY_SIZE, privKey);
  22627. cert.daysValid = 365 * 2;
  22628. cert.selfSigned = 1;
  22629. XMEMCPY(&cert.issuer, &certDefaultName, sizeof(CertName));
  22630. XMEMCPY(&cert.subject, &certDefaultName, sizeof(CertName));
  22631. cert.isCA = 0;
  22632. #ifdef WOLFSSL_CERT_EXT
  22633. ret = wc_SetKeyUsage(&cert, certKeyUsage);
  22634. if (ret < 0) {
  22635. ERROR_OUT(-11451, done);
  22636. }
  22637. ret = wc_SetSubjectKeyIdFromPublicKey_ex(&cert, ED448_TYPE, privKey);
  22638. if (ret < 0) {
  22639. ERROR_OUT(-11452, done);
  22640. }
  22641. ret = wc_SetAuthKeyIdFromPublicKey_ex(&cert, ED448_TYPE, privKey);
  22642. if (ret < 0) {
  22643. ERROR_OUT(-11453, done);
  22644. }
  22645. #endif
  22646. tmp = (byte *)XMALLOC(FOURK_BUF, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  22647. if (tmp == NULL) {
  22648. ERROR_OUT(-11454, done);
  22649. }
  22650. cert.sigType = CTC_ED448;
  22651. ret = wc_MakeCert_ex(&cert, tmp, FOURK_BUF, ED448_TYPE, privKey, &rng);
  22652. if (ret < 0) {
  22653. ERROR_OUT(-11455, done);
  22654. }
  22655. ret = wc_SignCert_ex(cert.bodySz, cert.sigType, tmp, FOURK_BUF, ED448_TYPE,
  22656. privKey, &rng);
  22657. if (ret < 0) {
  22658. ERROR_OUT(-11456, done);
  22659. }
  22660. InitDecodedCert(&decode, tmp, ret, HEAP_HINT);
  22661. ret = ParseCert(&decode, CERT_TYPE, NO_VERIFY, 0);
  22662. FreeDecodedCert(&decode);
  22663. if (ret != 0) {
  22664. ERROR_OUT(-11457, done);
  22665. }
  22666. done:
  22667. if (tmp != NULL)
  22668. XFREE(tmp, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  22669. wc_ed448_free(privKey);
  22670. wc_FreeRng(&rng);
  22671. return ret;
  22672. }
  22673. #endif /* WOLFSSL_TEST_CERT */
  22674. #if defined(HAVE_ED448_SIGN) && defined(HAVE_ED448_KEY_EXPORT) && \
  22675. defined(HAVE_ED448_KEY_IMPORT)
  22676. static int ed448_ctx_test(void)
  22677. {
  22678. byte out[ED448_SIG_SIZE];
  22679. word32 outlen;
  22680. #ifdef HAVE_ED448_VERIFY
  22681. int verify;
  22682. #endif /* HAVE_ED448_VERIFY */
  22683. ed448_key key;
  22684. WOLFSSL_SMALL_STACK_STATIC const byte sKeyCtx[] = {
  22685. 0xc4, 0xea, 0xb0, 0x5d, 0x35, 0x70, 0x07, 0xc6,
  22686. 0x32, 0xf3, 0xdb, 0xb4, 0x84, 0x89, 0x92, 0x4d,
  22687. 0x55, 0x2b, 0x08, 0xfe, 0x0c, 0x35, 0x3a, 0x0d,
  22688. 0x4a, 0x1f, 0x00, 0xac, 0xda, 0x2c, 0x46, 0x3a,
  22689. 0xfb, 0xea, 0x67, 0xc5, 0xe8, 0xd2, 0x87, 0x7c,
  22690. 0x5e, 0x3b, 0xc3, 0x97, 0xa6, 0x59, 0x94, 0x9e,
  22691. 0xf8, 0x02, 0x1e, 0x95, 0x4e, 0x0a, 0x12, 0x27,
  22692. 0x4e
  22693. };
  22694. WOLFSSL_SMALL_STACK_STATIC const byte pKeyCtx[] = {
  22695. 0x43, 0xba, 0x28, 0xf4, 0x30, 0xcd, 0xff, 0x45,
  22696. 0x6a, 0xe5, 0x31, 0x54, 0x5f, 0x7e, 0xcd, 0x0a,
  22697. 0xc8, 0x34, 0xa5, 0x5d, 0x93, 0x58, 0xc0, 0x37,
  22698. 0x2b, 0xfa, 0x0c, 0x6c, 0x67, 0x98, 0xc0, 0x86,
  22699. 0x6a, 0xea, 0x01, 0xeb, 0x00, 0x74, 0x28, 0x02,
  22700. 0xb8, 0x43, 0x8e, 0xa4, 0xcb, 0x82, 0x16, 0x9c,
  22701. 0x23, 0x51, 0x60, 0x62, 0x7b, 0x4c, 0x3a, 0x94,
  22702. 0x80
  22703. };
  22704. WOLFSSL_SMALL_STACK_STATIC const byte sigCtx[] = {
  22705. 0xd4, 0xf8, 0xf6, 0x13, 0x17, 0x70, 0xdd, 0x46,
  22706. 0xf4, 0x08, 0x67, 0xd6, 0xfd, 0x5d, 0x50, 0x55,
  22707. 0xde, 0x43, 0x54, 0x1f, 0x8c, 0x5e, 0x35, 0xab,
  22708. 0xbc, 0xd0, 0x01, 0xb3, 0x2a, 0x89, 0xf7, 0xd2,
  22709. 0x15, 0x1f, 0x76, 0x47, 0xf1, 0x1d, 0x8c, 0xa2,
  22710. 0xae, 0x27, 0x9f, 0xb8, 0x42, 0xd6, 0x07, 0x21,
  22711. 0x7f, 0xce, 0x6e, 0x04, 0x2f, 0x68, 0x15, 0xea,
  22712. 0x00, 0x0c, 0x85, 0x74, 0x1d, 0xe5, 0xc8, 0xda,
  22713. 0x11, 0x44, 0xa6, 0xa1, 0xab, 0xa7, 0xf9, 0x6d,
  22714. 0xe4, 0x25, 0x05, 0xd7, 0xa7, 0x29, 0x85, 0x24,
  22715. 0xfd, 0xa5, 0x38, 0xfc, 0xcb, 0xbb, 0x75, 0x4f,
  22716. 0x57, 0x8c, 0x1c, 0xad, 0x10, 0xd5, 0x4d, 0x0d,
  22717. 0x54, 0x28, 0x40, 0x7e, 0x85, 0xdc, 0xbc, 0x98,
  22718. 0xa4, 0x91, 0x55, 0xc1, 0x37, 0x64, 0xe6, 0x6c,
  22719. 0x3c, 0x00
  22720. };
  22721. WOLFSSL_SMALL_STACK_STATIC const byte msgCtx[] = {
  22722. 0x03
  22723. };
  22724. WOLFSSL_SMALL_STACK_STATIC const byte contextCtx[] = {
  22725. 0x66,0x6f,0x6f
  22726. };
  22727. outlen = sizeof(out);
  22728. XMEMSET(out, 0, sizeof(out));
  22729. if (wc_ed448_import_private_key(sKeyCtx, ED448_KEY_SIZE, pKeyCtx,
  22730. sizeof(pKeyCtx), &key) != 0)
  22731. return -11500;
  22732. if (wc_ed448_sign_msg(msgCtx, sizeof(msgCtx), out, &outlen, &key,
  22733. contextCtx, sizeof(contextCtx)) != 0)
  22734. return -11501;
  22735. if (XMEMCMP(out, sigCtx, sizeof(sigCtx)))
  22736. return -11502;
  22737. #if defined(HAVE_ED448_VERIFY)
  22738. /* test verify on good msg */
  22739. if (wc_ed448_verify_msg(out, outlen, msgCtx, sizeof(msgCtx), &verify, &key,
  22740. contextCtx, sizeof(contextCtx)) != 0 || verify != 1)
  22741. return -11503;
  22742. #endif
  22743. wc_ed448_free(&key);
  22744. return 0;
  22745. }
  22746. static int ed448ph_test(void)
  22747. {
  22748. byte out[ED448_SIG_SIZE];
  22749. word32 outlen;
  22750. #ifdef HAVE_ED448_VERIFY
  22751. int verify;
  22752. #endif /* HAVE_ED448_VERIFY */
  22753. ed448_key key;
  22754. WOLFSSL_SMALL_STACK_STATIC const byte sKeyPh[] = {
  22755. 0x83, 0x3f, 0xe6, 0x24, 0x09, 0x23, 0x7b, 0x9d,
  22756. 0x62, 0xec, 0x77, 0x58, 0x75, 0x20, 0x91, 0x1e,
  22757. 0x9a, 0x75, 0x9c, 0xec, 0x1d, 0x19, 0x75, 0x5b,
  22758. 0x7d, 0xa9, 0x01, 0xb9, 0x6d, 0xca, 0x3d, 0x42,
  22759. 0xef, 0x78, 0x22, 0xe0, 0xd5, 0x10, 0x41, 0x27,
  22760. 0xdc, 0x05, 0xd6, 0xdb, 0xef, 0xde, 0x69, 0xe3,
  22761. 0xab, 0x2c, 0xec, 0x7c, 0x86, 0x7c, 0x6e, 0x2c,
  22762. 0x49
  22763. };
  22764. WOLFSSL_SMALL_STACK_STATIC const byte pKeyPh[] = {
  22765. 0x25, 0x9b, 0x71, 0xc1, 0x9f, 0x83, 0xef, 0x77,
  22766. 0xa7, 0xab, 0xd2, 0x65, 0x24, 0xcb, 0xdb, 0x31,
  22767. 0x61, 0xb5, 0x90, 0xa4, 0x8f, 0x7d, 0x17, 0xde,
  22768. 0x3e, 0xe0, 0xba, 0x9c, 0x52, 0xbe, 0xb7, 0x43,
  22769. 0xc0, 0x94, 0x28, 0xa1, 0x31, 0xd6, 0xb1, 0xb5,
  22770. 0x73, 0x03, 0xd9, 0x0d, 0x81, 0x32, 0xc2, 0x76,
  22771. 0xd5, 0xed, 0x3d, 0x5d, 0x01, 0xc0, 0xf5, 0x38,
  22772. 0x80
  22773. };
  22774. WOLFSSL_SMALL_STACK_STATIC const byte sigPh1[] = {
  22775. 0x82, 0x2f, 0x69, 0x01, 0xf7, 0x48, 0x0f, 0x3d,
  22776. 0x5f, 0x56, 0x2c, 0x59, 0x29, 0x94, 0xd9, 0x69,
  22777. 0x36, 0x02, 0x87, 0x56, 0x14, 0x48, 0x32, 0x56,
  22778. 0x50, 0x56, 0x00, 0xbb, 0xc2, 0x81, 0xae, 0x38,
  22779. 0x1f, 0x54, 0xd6, 0xbc, 0xe2, 0xea, 0x91, 0x15,
  22780. 0x74, 0x93, 0x2f, 0x52, 0xa4, 0xe6, 0xca, 0xdd,
  22781. 0x78, 0x76, 0x93, 0x75, 0xec, 0x3f, 0xfd, 0x1b,
  22782. 0x80, 0x1a, 0x0d, 0x9b, 0x3f, 0x40, 0x30, 0xcd,
  22783. 0x43, 0x39, 0x64, 0xb6, 0x45, 0x7e, 0xa3, 0x94,
  22784. 0x76, 0x51, 0x12, 0x14, 0xf9, 0x74, 0x69, 0xb5,
  22785. 0x7d, 0xd3, 0x2d, 0xbc, 0x56, 0x0a, 0x9a, 0x94,
  22786. 0xd0, 0x0b, 0xff, 0x07, 0x62, 0x04, 0x64, 0xa3,
  22787. 0xad, 0x20, 0x3d, 0xf7, 0xdc, 0x7c, 0xe3, 0x60,
  22788. 0xc3, 0xcd, 0x36, 0x96, 0xd9, 0xd9, 0xfa, 0xb9,
  22789. 0x0f, 0x00
  22790. };
  22791. WOLFSSL_SMALL_STACK_STATIC const byte sigPh2[] = {
  22792. 0xc3, 0x22, 0x99, 0xd4, 0x6e, 0xc8, 0xff, 0x02,
  22793. 0xb5, 0x45, 0x40, 0x98, 0x28, 0x14, 0xdc, 0xe9,
  22794. 0xa0, 0x58, 0x12, 0xf8, 0x19, 0x62, 0xb6, 0x49,
  22795. 0xd5, 0x28, 0x09, 0x59, 0x16, 0xa2, 0xaa, 0x48,
  22796. 0x10, 0x65, 0xb1, 0x58, 0x04, 0x23, 0xef, 0x92,
  22797. 0x7e, 0xcf, 0x0a, 0xf5, 0x88, 0x8f, 0x90, 0xda,
  22798. 0x0f, 0x6a, 0x9a, 0x85, 0xad, 0x5d, 0xc3, 0xf2,
  22799. 0x80, 0xd9, 0x12, 0x24, 0xba, 0x99, 0x11, 0xa3,
  22800. 0x65, 0x3d, 0x00, 0xe4, 0x84, 0xe2, 0xce, 0x23,
  22801. 0x25, 0x21, 0x48, 0x1c, 0x86, 0x58, 0xdf, 0x30,
  22802. 0x4b, 0xb7, 0x74, 0x5a, 0x73, 0x51, 0x4c, 0xdb,
  22803. 0x9b, 0xf3, 0xe1, 0x57, 0x84, 0xab, 0x71, 0x28,
  22804. 0x4f, 0x8d, 0x07, 0x04, 0xa6, 0x08, 0xc5, 0x4a,
  22805. 0x6b, 0x62, 0xd9, 0x7b, 0xeb, 0x51, 0x1d, 0x13,
  22806. 0x21, 0x00
  22807. };
  22808. WOLFSSL_SMALL_STACK_STATIC const byte msgPh[] = {
  22809. 0x61,0x62,0x63
  22810. };
  22811. /* SHA-512 hash of msgPh */
  22812. WOLFSSL_SMALL_STACK_STATIC const byte hashPh[] = {
  22813. 0x48, 0x33, 0x66, 0x60, 0x13, 0x60, 0xa8, 0x77,
  22814. 0x1c, 0x68, 0x63, 0x08, 0x0c, 0xc4, 0x11, 0x4d,
  22815. 0x8d, 0xb4, 0x45, 0x30, 0xf8, 0xf1, 0xe1, 0xee,
  22816. 0x4f, 0x94, 0xea, 0x37, 0xe7, 0x8b, 0x57, 0x39,
  22817. 0xd5, 0xa1, 0x5b, 0xef, 0x18, 0x6a, 0x53, 0x86,
  22818. 0xc7, 0x57, 0x44, 0xc0, 0x52, 0x7e, 0x1f, 0xaa,
  22819. 0x9f, 0x87, 0x26, 0xe4, 0x62, 0xa1, 0x2a, 0x4f,
  22820. 0xeb, 0x06, 0xbd, 0x88, 0x01, 0xe7, 0x51, 0xe4
  22821. };
  22822. WOLFSSL_SMALL_STACK_STATIC const byte contextPh2[] = {
  22823. 0x66,0x6f,0x6f
  22824. };
  22825. outlen = sizeof(out);
  22826. XMEMSET(out, 0, sizeof(out));
  22827. if (wc_ed448_import_private_key(sKeyPh, ED448_KEY_SIZE, pKeyPh,
  22828. sizeof(pKeyPh), &key) != 0) {
  22829. return -11600;
  22830. }
  22831. if (wc_ed448ph_sign_msg(msgPh, sizeof(msgPh), out, &outlen, &key, NULL,
  22832. 0) != 0) {
  22833. return -11601;
  22834. }
  22835. if (XMEMCMP(out, sigPh1, sizeof(sigPh1)))
  22836. return -11602;
  22837. #if defined(HAVE_ED448_VERIFY)
  22838. /* test verify on good msg */
  22839. if (wc_ed448ph_verify_msg(out, outlen, msgPh, sizeof(msgPh), &verify, &key,
  22840. NULL, 0) != 0 || verify != 1) {
  22841. return -11603;
  22842. }
  22843. #endif
  22844. if (wc_ed448ph_sign_msg(msgPh, sizeof(msgPh), out, &outlen, &key,
  22845. contextPh2, sizeof(contextPh2)) != 0) {
  22846. return -11604;
  22847. }
  22848. if (XMEMCMP(out, sigPh2, sizeof(sigPh2)))
  22849. return -11605;
  22850. #if defined(HAVE_ED448_VERIFY)
  22851. /* test verify on good msg */
  22852. if (wc_ed448ph_verify_msg(out, outlen, msgPh, sizeof(msgPh), &verify, &key,
  22853. contextPh2, sizeof(contextPh2)) != 0 ||
  22854. verify != 1) {
  22855. return -11606;
  22856. }
  22857. #endif
  22858. if (wc_ed448ph_sign_hash(hashPh, sizeof(hashPh), out, &outlen, &key, NULL,
  22859. 0) != 0) {
  22860. return -11607;
  22861. }
  22862. if (XMEMCMP(out, sigPh1, sizeof(sigPh1)))
  22863. return -11608;
  22864. #if defined(HAVE_ED448_VERIFY)
  22865. if (wc_ed448ph_verify_hash(out, outlen, hashPh, sizeof(hashPh), &verify,
  22866. &key, NULL, 0) != 0 || verify != 1) {
  22867. return -11609;
  22868. }
  22869. #endif
  22870. if (wc_ed448ph_sign_hash(hashPh, sizeof(hashPh), out, &outlen, &key,
  22871. contextPh2, sizeof(contextPh2)) != 0) {
  22872. return -11610;
  22873. }
  22874. if (XMEMCMP(out, sigPh2, sizeof(sigPh2)))
  22875. return -11611;
  22876. #if defined(HAVE_ED448_VERIFY)
  22877. if (wc_ed448ph_verify_hash(out, outlen, hashPh, sizeof(hashPh), &verify,
  22878. &key, contextPh2, sizeof(contextPh2)) != 0 ||
  22879. verify != 1) {
  22880. return -11612;
  22881. }
  22882. #endif
  22883. wc_ed448_free(&key);
  22884. return 0;
  22885. }
  22886. #endif /* HAVE_ED448_SIGN && HAVE_ED448_KEY_EXPORT && HAVE_ED448_KEY_IMPORT */
  22887. WOLFSSL_TEST_SUBROUTINE int ed448_test(void)
  22888. {
  22889. int ret;
  22890. WC_RNG rng;
  22891. #if defined(HAVE_ED448_SIGN) && defined(HAVE_ED448_KEY_EXPORT) &&\
  22892. defined(HAVE_ED448_KEY_IMPORT)
  22893. byte out[ED448_SIG_SIZE];
  22894. byte exportPKey[ED448_KEY_SIZE];
  22895. byte exportSKey[ED448_KEY_SIZE];
  22896. word32 exportPSz;
  22897. word32 exportSSz;
  22898. int i;
  22899. word32 outlen;
  22900. #ifdef HAVE_ED448_VERIFY
  22901. int verify;
  22902. #endif /* HAVE_ED448_VERIFY */
  22903. #endif /* HAVE_ED448_SIGN && HAVE_ED448_KEY_EXPORT && HAVE_ED448_KEY_IMPORT */
  22904. word32 keySz, sigSz;
  22905. ed448_key key;
  22906. ed448_key key2;
  22907. #if defined(HAVE_ED448_SIGN) && defined(HAVE_ED448_KEY_EXPORT) && \
  22908. defined(HAVE_ED448_KEY_IMPORT)
  22909. /* test vectors from
  22910. https://tools.ietf.org/html/rfc8032
  22911. */
  22912. WOLFSSL_SMALL_STACK_STATIC const byte sKey1[] = {
  22913. 0x6c, 0x82, 0xa5, 0x62, 0xcb, 0x80, 0x8d, 0x10,
  22914. 0xd6, 0x32, 0xbe, 0x89, 0xc8, 0x51, 0x3e, 0xbf,
  22915. 0x6c, 0x92, 0x9f, 0x34, 0xdd, 0xfa, 0x8c, 0x9f,
  22916. 0x63, 0xc9, 0x96, 0x0e, 0xf6, 0xe3, 0x48, 0xa3,
  22917. 0x52, 0x8c, 0x8a, 0x3f, 0xcc, 0x2f, 0x04, 0x4e,
  22918. 0x39, 0xa3, 0xfc, 0x5b, 0x94, 0x49, 0x2f, 0x8f,
  22919. 0x03, 0x2e, 0x75, 0x49, 0xa2, 0x00, 0x98, 0xf9,
  22920. 0x5b
  22921. };
  22922. WOLFSSL_SMALL_STACK_STATIC const byte sKey2[] = {
  22923. 0xc4, 0xea, 0xb0, 0x5d, 0x35, 0x70, 0x07, 0xc6,
  22924. 0x32, 0xf3, 0xdb, 0xb4, 0x84, 0x89, 0x92, 0x4d,
  22925. 0x55, 0x2b, 0x08, 0xfe, 0x0c, 0x35, 0x3a, 0x0d,
  22926. 0x4a, 0x1f, 0x00, 0xac, 0xda, 0x2c, 0x46, 0x3a,
  22927. 0xfb, 0xea, 0x67, 0xc5, 0xe8, 0xd2, 0x87, 0x7c,
  22928. 0x5e, 0x3b, 0xc3, 0x97, 0xa6, 0x59, 0x94, 0x9e,
  22929. 0xf8, 0x02, 0x1e, 0x95, 0x4e, 0x0a, 0x12, 0x27,
  22930. 0x4e
  22931. };
  22932. WOLFSSL_SMALL_STACK_STATIC const byte sKey3[] = {
  22933. 0x25, 0x8c, 0xdd, 0x4a, 0xda, 0x32, 0xed, 0x9c,
  22934. 0x9f, 0xf5, 0x4e, 0x63, 0x75, 0x6a, 0xe5, 0x82,
  22935. 0xfb, 0x8f, 0xab, 0x2a, 0xc7, 0x21, 0xf2, 0xc8,
  22936. 0xe6, 0x76, 0xa7, 0x27, 0x68, 0x51, 0x3d, 0x93,
  22937. 0x9f, 0x63, 0xdd, 0xdb, 0x55, 0x60, 0x91, 0x33,
  22938. 0xf2, 0x9a, 0xdf, 0x86, 0xec, 0x99, 0x29, 0xdc,
  22939. 0xcb, 0x52, 0xc1, 0xc5, 0xfd, 0x2f, 0xf7, 0xe2,
  22940. 0x1b
  22941. };
  22942. /* uncompressed test */
  22943. WOLFSSL_SMALL_STACK_STATIC const byte sKey4[] = {
  22944. 0x6c, 0x82, 0xa5, 0x62, 0xcb, 0x80, 0x8d, 0x10,
  22945. 0xd6, 0x32, 0xbe, 0x89, 0xc8, 0x51, 0x3e, 0xbf,
  22946. 0x6c, 0x92, 0x9f, 0x34, 0xdd, 0xfa, 0x8c, 0x9f,
  22947. 0x63, 0xc9, 0x96, 0x0e, 0xf6, 0xe3, 0x48, 0xa3,
  22948. 0x52, 0x8c, 0x8a, 0x3f, 0xcc, 0x2f, 0x04, 0x4e,
  22949. 0x39, 0xa3, 0xfc, 0x5b, 0x94, 0x49, 0x2f, 0x8f,
  22950. 0x03, 0x2e, 0x75, 0x49, 0xa2, 0x00, 0x98, 0xf9,
  22951. 0x5b
  22952. };
  22953. /* compressed prefix test */
  22954. WOLFSSL_SMALL_STACK_STATIC const byte sKey5[] = {
  22955. 0x6c, 0x82, 0xa5, 0x62, 0xcb, 0x80, 0x8d, 0x10,
  22956. 0xd6, 0x32, 0xbe, 0x89, 0xc8, 0x51, 0x3e, 0xbf,
  22957. 0x6c, 0x92, 0x9f, 0x34, 0xdd, 0xfa, 0x8c, 0x9f,
  22958. 0x63, 0xc9, 0x96, 0x0e, 0xf6, 0xe3, 0x48, 0xa3,
  22959. 0x52, 0x8c, 0x8a, 0x3f, 0xcc, 0x2f, 0x04, 0x4e,
  22960. 0x39, 0xa3, 0xfc, 0x5b, 0x94, 0x49, 0x2f, 0x8f,
  22961. 0x03, 0x2e, 0x75, 0x49, 0xa2, 0x00, 0x98, 0xf9,
  22962. 0x5b
  22963. };
  22964. WOLFSSL_SMALL_STACK_STATIC const byte sKey6[] = {
  22965. 0x87, 0x2d, 0x09, 0x37, 0x80, 0xf5, 0xd3, 0x73,
  22966. 0x0d, 0xf7, 0xc2, 0x12, 0x66, 0x4b, 0x37, 0xb8,
  22967. 0xa0, 0xf2, 0x4f, 0x56, 0x81, 0x0d, 0xaa, 0x83,
  22968. 0x82, 0xcd, 0x4f, 0xa3, 0xf7, 0x76, 0x34, 0xec,
  22969. 0x44, 0xdc, 0x54, 0xf1, 0xc2, 0xed, 0x9b, 0xea,
  22970. 0x86, 0xfa, 0xfb, 0x76, 0x32, 0xd8, 0xbe, 0x19,
  22971. 0x9e, 0xa1, 0x65, 0xf5, 0xad, 0x55, 0xdd, 0x9c,
  22972. 0xe8
  22973. };
  22974. WOLFSSL_SMALL_STACK_STATIC const byte* sKeys[] = {sKey1, sKey2, sKey3, sKey4, sKey5, sKey6};
  22975. WOLFSSL_SMALL_STACK_STATIC const byte pKey1[] = {
  22976. 0x5f, 0xd7, 0x44, 0x9b, 0x59, 0xb4, 0x61, 0xfd,
  22977. 0x2c, 0xe7, 0x87, 0xec, 0x61, 0x6a, 0xd4, 0x6a,
  22978. 0x1d, 0xa1, 0x34, 0x24, 0x85, 0xa7, 0x0e, 0x1f,
  22979. 0x8a, 0x0e, 0xa7, 0x5d, 0x80, 0xe9, 0x67, 0x78,
  22980. 0xed, 0xf1, 0x24, 0x76, 0x9b, 0x46, 0xc7, 0x06,
  22981. 0x1b, 0xd6, 0x78, 0x3d, 0xf1, 0xe5, 0x0f, 0x6c,
  22982. 0xd1, 0xfa, 0x1a, 0xbe, 0xaf, 0xe8, 0x25, 0x61,
  22983. 0x80
  22984. };
  22985. WOLFSSL_SMALL_STACK_STATIC const byte pKey2[] = {
  22986. 0x43, 0xba, 0x28, 0xf4, 0x30, 0xcd, 0xff, 0x45,
  22987. 0x6a, 0xe5, 0x31, 0x54, 0x5f, 0x7e, 0xcd, 0x0a,
  22988. 0xc8, 0x34, 0xa5, 0x5d, 0x93, 0x58, 0xc0, 0x37,
  22989. 0x2b, 0xfa, 0x0c, 0x6c, 0x67, 0x98, 0xc0, 0x86,
  22990. 0x6a, 0xea, 0x01, 0xeb, 0x00, 0x74, 0x28, 0x02,
  22991. 0xb8, 0x43, 0x8e, 0xa4, 0xcb, 0x82, 0x16, 0x9c,
  22992. 0x23, 0x51, 0x60, 0x62, 0x7b, 0x4c, 0x3a, 0x94,
  22993. 0x80
  22994. };
  22995. WOLFSSL_SMALL_STACK_STATIC const byte pKey3[] = {
  22996. 0x3b, 0xa1, 0x6d, 0xa0, 0xc6, 0xf2, 0xcc, 0x1f,
  22997. 0x30, 0x18, 0x77, 0x40, 0x75, 0x6f, 0x5e, 0x79,
  22998. 0x8d, 0x6b, 0xc5, 0xfc, 0x01, 0x5d, 0x7c, 0x63,
  22999. 0xcc, 0x95, 0x10, 0xee, 0x3f, 0xd4, 0x4a, 0xdc,
  23000. 0x24, 0xd8, 0xe9, 0x68, 0xb6, 0xe4, 0x6e, 0x6f,
  23001. 0x94, 0xd1, 0x9b, 0x94, 0x53, 0x61, 0x72, 0x6b,
  23002. 0xd7, 0x5e, 0x14, 0x9e, 0xf0, 0x98, 0x17, 0xf5,
  23003. 0x80
  23004. };
  23005. /* uncompressed test */
  23006. WOLFSSL_SMALL_STACK_STATIC const byte pKey4[] = {
  23007. 0x5f, 0xd7, 0x44, 0x9b, 0x59, 0xb4, 0x61, 0xfd,
  23008. 0x2c, 0xe7, 0x87, 0xec, 0x61, 0x6a, 0xd4, 0x6a,
  23009. 0x1d, 0xa1, 0x34, 0x24, 0x85, 0xa7, 0x0e, 0x1f,
  23010. 0x8a, 0x0e, 0xa7, 0x5d, 0x80, 0xe9, 0x67, 0x78,
  23011. 0xed, 0xf1, 0x24, 0x76, 0x9b, 0x46, 0xc7, 0x06,
  23012. 0x1b, 0xd6, 0x78, 0x3d, 0xf1, 0xe5, 0x0f, 0x6c,
  23013. 0xd1, 0xfa, 0x1a, 0xbe, 0xaf, 0xe8, 0x25, 0x61,
  23014. 0x80
  23015. };
  23016. /* compressed prefix */
  23017. WOLFSSL_SMALL_STACK_STATIC const byte pKey5[] = {
  23018. 0x5f, 0xd7, 0x44, 0x9b, 0x59, 0xb4, 0x61, 0xfd,
  23019. 0x2c, 0xe7, 0x87, 0xec, 0x61, 0x6a, 0xd4, 0x6a,
  23020. 0x1d, 0xa1, 0x34, 0x24, 0x85, 0xa7, 0x0e, 0x1f,
  23021. 0x8a, 0x0e, 0xa7, 0x5d, 0x80, 0xe9, 0x67, 0x78,
  23022. 0xed, 0xf1, 0x24, 0x76, 0x9b, 0x46, 0xc7, 0x06,
  23023. 0x1b, 0xd6, 0x78, 0x3d, 0xf1, 0xe5, 0x0f, 0x6c,
  23024. 0xd1, 0xfa, 0x1a, 0xbe, 0xaf, 0xe8, 0x25, 0x61,
  23025. 0x80
  23026. };
  23027. WOLFSSL_SMALL_STACK_STATIC const byte pKey6[] = {
  23028. 0xa8, 0x1b, 0x2e, 0x8a, 0x70, 0xa5, 0xac, 0x94,
  23029. 0xff, 0xdb, 0xcc, 0x9b, 0xad, 0xfc, 0x3f, 0xeb,
  23030. 0x08, 0x01, 0xf2, 0x58, 0x57, 0x8b, 0xb1, 0x14,
  23031. 0xad, 0x44, 0xec, 0xe1, 0xec, 0x0e, 0x79, 0x9d,
  23032. 0xa0, 0x8e, 0xff, 0xb8, 0x1c, 0x5d, 0x68, 0x5c,
  23033. 0x0c, 0x56, 0xf6, 0x4e, 0xec, 0xae, 0xf8, 0xcd,
  23034. 0xf1, 0x1c, 0xc3, 0x87, 0x37, 0x83, 0x8c, 0xf4,
  23035. 0x00
  23036. };
  23037. WOLFSSL_SMALL_STACK_STATIC const byte* pKeys[] = {pKey1, pKey2, pKey3, pKey4, pKey5, pKey6};
  23038. WOLFSSL_SMALL_STACK_STATIC const byte pKeySz[] = {sizeof(pKey1), sizeof(pKey2), sizeof(pKey3),
  23039. sizeof(pKey4), sizeof(pKey5), sizeof(pKey6)};
  23040. WOLFSSL_SMALL_STACK_STATIC const byte sig1[] = {
  23041. 0x53, 0x3a, 0x37, 0xf6, 0xbb, 0xe4, 0x57, 0x25,
  23042. 0x1f, 0x02, 0x3c, 0x0d, 0x88, 0xf9, 0x76, 0xae,
  23043. 0x2d, 0xfb, 0x50, 0x4a, 0x84, 0x3e, 0x34, 0xd2,
  23044. 0x07, 0x4f, 0xd8, 0x23, 0xd4, 0x1a, 0x59, 0x1f,
  23045. 0x2b, 0x23, 0x3f, 0x03, 0x4f, 0x62, 0x82, 0x81,
  23046. 0xf2, 0xfd, 0x7a, 0x22, 0xdd, 0xd4, 0x7d, 0x78,
  23047. 0x28, 0xc5, 0x9b, 0xd0, 0xa2, 0x1b, 0xfd, 0x39,
  23048. 0x80, 0xff, 0x0d, 0x20, 0x28, 0xd4, 0xb1, 0x8a,
  23049. 0x9d, 0xf6, 0x3e, 0x00, 0x6c, 0x5d, 0x1c, 0x2d,
  23050. 0x34, 0x5b, 0x92, 0x5d, 0x8d, 0xc0, 0x0b, 0x41,
  23051. 0x04, 0x85, 0x2d, 0xb9, 0x9a, 0xc5, 0xc7, 0xcd,
  23052. 0xda, 0x85, 0x30, 0xa1, 0x13, 0xa0, 0xf4, 0xdb,
  23053. 0xb6, 0x11, 0x49, 0xf0, 0x5a, 0x73, 0x63, 0x26,
  23054. 0x8c, 0x71, 0xd9, 0x58, 0x08, 0xff, 0x2e, 0x65,
  23055. 0x26, 0x00
  23056. };
  23057. WOLFSSL_SMALL_STACK_STATIC const byte sig2[] = {
  23058. 0x26, 0xb8, 0xf9, 0x17, 0x27, 0xbd, 0x62, 0x89,
  23059. 0x7a, 0xf1, 0x5e, 0x41, 0xeb, 0x43, 0xc3, 0x77,
  23060. 0xef, 0xb9, 0xc6, 0x10, 0xd4, 0x8f, 0x23, 0x35,
  23061. 0xcb, 0x0b, 0xd0, 0x08, 0x78, 0x10, 0xf4, 0x35,
  23062. 0x25, 0x41, 0xb1, 0x43, 0xc4, 0xb9, 0x81, 0xb7,
  23063. 0xe1, 0x8f, 0x62, 0xde, 0x8c, 0xcd, 0xf6, 0x33,
  23064. 0xfc, 0x1b, 0xf0, 0x37, 0xab, 0x7c, 0xd7, 0x79,
  23065. 0x80, 0x5e, 0x0d, 0xbc, 0xc0, 0xaa, 0xe1, 0xcb,
  23066. 0xce, 0xe1, 0xaf, 0xb2, 0xe0, 0x27, 0xdf, 0x36,
  23067. 0xbc, 0x04, 0xdc, 0xec, 0xbf, 0x15, 0x43, 0x36,
  23068. 0xc1, 0x9f, 0x0a, 0xf7, 0xe0, 0xa6, 0x47, 0x29,
  23069. 0x05, 0xe7, 0x99, 0xf1, 0x95, 0x3d, 0x2a, 0x0f,
  23070. 0xf3, 0x34, 0x8a, 0xb2, 0x1a, 0xa4, 0xad, 0xaf,
  23071. 0xd1, 0xd2, 0x34, 0x44, 0x1c, 0xf8, 0x07, 0xc0,
  23072. 0x3a, 0x00
  23073. };
  23074. WOLFSSL_SMALL_STACK_STATIC const byte sig3[] = {
  23075. 0x7e, 0xee, 0xab, 0x7c, 0x4e, 0x50, 0xfb, 0x79,
  23076. 0x9b, 0x41, 0x8e, 0xe5, 0xe3, 0x19, 0x7f, 0xf6,
  23077. 0xbf, 0x15, 0xd4, 0x3a, 0x14, 0xc3, 0x43, 0x89,
  23078. 0xb5, 0x9d, 0xd1, 0xa7, 0xb1, 0xb8, 0x5b, 0x4a,
  23079. 0xe9, 0x04, 0x38, 0xac, 0xa6, 0x34, 0xbe, 0xa4,
  23080. 0x5e, 0x3a, 0x26, 0x95, 0xf1, 0x27, 0x0f, 0x07,
  23081. 0xfd, 0xcd, 0xf7, 0xc6, 0x2b, 0x8e, 0xfe, 0xaf,
  23082. 0x00, 0xb4, 0x5c, 0x2c, 0x96, 0xba, 0x45, 0x7e,
  23083. 0xb1, 0xa8, 0xbf, 0x07, 0x5a, 0x3d, 0xb2, 0x8e,
  23084. 0x5c, 0x24, 0xf6, 0xb9, 0x23, 0xed, 0x4a, 0xd7,
  23085. 0x47, 0xc3, 0xc9, 0xe0, 0x3c, 0x70, 0x79, 0xef,
  23086. 0xb8, 0x7c, 0xb1, 0x10, 0xd3, 0xa9, 0x98, 0x61,
  23087. 0xe7, 0x20, 0x03, 0xcb, 0xae, 0x6d, 0x6b, 0x8b,
  23088. 0x82, 0x7e, 0x4e, 0x6c, 0x14, 0x30, 0x64, 0xff,
  23089. 0x3c, 0x00
  23090. };
  23091. /* uncompressed test */
  23092. WOLFSSL_SMALL_STACK_STATIC const byte sig4[] = {
  23093. 0x53, 0x3a, 0x37, 0xf6, 0xbb, 0xe4, 0x57, 0x25,
  23094. 0x1f, 0x02, 0x3c, 0x0d, 0x88, 0xf9, 0x76, 0xae,
  23095. 0x2d, 0xfb, 0x50, 0x4a, 0x84, 0x3e, 0x34, 0xd2,
  23096. 0x07, 0x4f, 0xd8, 0x23, 0xd4, 0x1a, 0x59, 0x1f,
  23097. 0x2b, 0x23, 0x3f, 0x03, 0x4f, 0x62, 0x82, 0x81,
  23098. 0xf2, 0xfd, 0x7a, 0x22, 0xdd, 0xd4, 0x7d, 0x78,
  23099. 0x28, 0xc5, 0x9b, 0xd0, 0xa2, 0x1b, 0xfd, 0x39,
  23100. 0x80, 0xff, 0x0d, 0x20, 0x28, 0xd4, 0xb1, 0x8a,
  23101. 0x9d, 0xf6, 0x3e, 0x00, 0x6c, 0x5d, 0x1c, 0x2d,
  23102. 0x34, 0x5b, 0x92, 0x5d, 0x8d, 0xc0, 0x0b, 0x41,
  23103. 0x04, 0x85, 0x2d, 0xb9, 0x9a, 0xc5, 0xc7, 0xcd,
  23104. 0xda, 0x85, 0x30, 0xa1, 0x13, 0xa0, 0xf4, 0xdb,
  23105. 0xb6, 0x11, 0x49, 0xf0, 0x5a, 0x73, 0x63, 0x26,
  23106. 0x8c, 0x71, 0xd9, 0x58, 0x08, 0xff, 0x2e, 0x65,
  23107. 0x26, 0x00
  23108. };
  23109. /* compressed prefix */
  23110. WOLFSSL_SMALL_STACK_STATIC const byte sig5[] = {
  23111. 0x53, 0x3a, 0x37, 0xf6, 0xbb, 0xe4, 0x57, 0x25,
  23112. 0x1f, 0x02, 0x3c, 0x0d, 0x88, 0xf9, 0x76, 0xae,
  23113. 0x2d, 0xfb, 0x50, 0x4a, 0x84, 0x3e, 0x34, 0xd2,
  23114. 0x07, 0x4f, 0xd8, 0x23, 0xd4, 0x1a, 0x59, 0x1f,
  23115. 0x2b, 0x23, 0x3f, 0x03, 0x4f, 0x62, 0x82, 0x81,
  23116. 0xf2, 0xfd, 0x7a, 0x22, 0xdd, 0xd4, 0x7d, 0x78,
  23117. 0x28, 0xc5, 0x9b, 0xd0, 0xa2, 0x1b, 0xfd, 0x39,
  23118. 0x80, 0xff, 0x0d, 0x20, 0x28, 0xd4, 0xb1, 0x8a,
  23119. 0x9d, 0xf6, 0x3e, 0x00, 0x6c, 0x5d, 0x1c, 0x2d,
  23120. 0x34, 0x5b, 0x92, 0x5d, 0x8d, 0xc0, 0x0b, 0x41,
  23121. 0x04, 0x85, 0x2d, 0xb9, 0x9a, 0xc5, 0xc7, 0xcd,
  23122. 0xda, 0x85, 0x30, 0xa1, 0x13, 0xa0, 0xf4, 0xdb,
  23123. 0xb6, 0x11, 0x49, 0xf0, 0x5a, 0x73, 0x63, 0x26,
  23124. 0x8c, 0x71, 0xd9, 0x58, 0x08, 0xff, 0x2e, 0x65,
  23125. 0x26, 0x00
  23126. };
  23127. WOLFSSL_SMALL_STACK_STATIC const byte sig6[] = {
  23128. 0xe3, 0x01, 0x34, 0x5a, 0x41, 0xa3, 0x9a, 0x4d,
  23129. 0x72, 0xff, 0xf8, 0xdf, 0x69, 0xc9, 0x80, 0x75,
  23130. 0xa0, 0xcc, 0x08, 0x2b, 0x80, 0x2f, 0xc9, 0xb2,
  23131. 0xb6, 0xbc, 0x50, 0x3f, 0x92, 0x6b, 0x65, 0xbd,
  23132. 0xdf, 0x7f, 0x4c, 0x8f, 0x1c, 0xb4, 0x9f, 0x63,
  23133. 0x96, 0xaf, 0xc8, 0xa7, 0x0a, 0xbe, 0x6d, 0x8a,
  23134. 0xef, 0x0d, 0xb4, 0x78, 0xd4, 0xc6, 0xb2, 0x97,
  23135. 0x00, 0x76, 0xc6, 0xa0, 0x48, 0x4f, 0xe7, 0x6d,
  23136. 0x76, 0xb3, 0xa9, 0x76, 0x25, 0xd7, 0x9f, 0x1c,
  23137. 0xe2, 0x40, 0xe7, 0xc5, 0x76, 0x75, 0x0d, 0x29,
  23138. 0x55, 0x28, 0x28, 0x6f, 0x71, 0x9b, 0x41, 0x3d,
  23139. 0xe9, 0xad, 0xa3, 0xe8, 0xeb, 0x78, 0xed, 0x57,
  23140. 0x36, 0x03, 0xce, 0x30, 0xd8, 0xbb, 0x76, 0x17,
  23141. 0x85, 0xdc, 0x30, 0xdb, 0xc3, 0x20, 0x86, 0x9e,
  23142. 0x1a, 0x00
  23143. };
  23144. WOLFSSL_SMALL_STACK_STATIC const byte* sigs[] = {sig1, sig2, sig3, sig4, sig5, sig6};
  23145. #define SIGSZ sizeof(sig1)
  23146. WOLFSSL_SMALL_STACK_STATIC const byte msg1[] = { };
  23147. WOLFSSL_SMALL_STACK_STATIC const byte msg2[] = { 0x03 };
  23148. WOLFSSL_SMALL_STACK_STATIC const byte msg3[] = { 0x64, 0xa6, 0x5f, 0x3c, 0xde, 0xdc, 0xdd,
  23149. 0x66, 0x81, 0x1e, 0x29, 0x15 };
  23150. /* test of a 1023 byte long message */
  23151. WOLFSSL_SMALL_STACK_STATIC const byte msg4[] = {
  23152. 0x6d, 0xdf, 0x80, 0x2e, 0x1a, 0xae, 0x49, 0x86,
  23153. 0x93, 0x5f, 0x7f, 0x98, 0x1b, 0xa3, 0xf0, 0x35,
  23154. 0x1d, 0x62, 0x73, 0xc0, 0xa0, 0xc2, 0x2c, 0x9c,
  23155. 0x0e, 0x83, 0x39, 0x16, 0x8e, 0x67, 0x54, 0x12,
  23156. 0xa3, 0xde, 0xbf, 0xaf, 0x43, 0x5e, 0xd6, 0x51,
  23157. 0x55, 0x80, 0x07, 0xdb, 0x43, 0x84, 0xb6, 0x50,
  23158. 0xfc, 0xc0, 0x7e, 0x3b, 0x58, 0x6a, 0x27, 0xa4,
  23159. 0xf7, 0xa0, 0x0a, 0xc8, 0xa6, 0xfe, 0xc2, 0xcd,
  23160. 0x86, 0xae, 0x4b, 0xf1, 0x57, 0x0c, 0x41, 0xe6,
  23161. 0xa4, 0x0c, 0x93, 0x1d, 0xb2, 0x7b, 0x2f, 0xaa,
  23162. 0x15, 0xa8, 0xce, 0xdd, 0x52, 0xcf, 0xf7, 0x36,
  23163. 0x2c, 0x4e, 0x6e, 0x23, 0xda, 0xec, 0x0f, 0xbc,
  23164. 0x3a, 0x79, 0xb6, 0x80, 0x6e, 0x31, 0x6e, 0xfc,
  23165. 0xc7, 0xb6, 0x81, 0x19, 0xbf, 0x46, 0xbc, 0x76,
  23166. 0xa2, 0x60, 0x67, 0xa5, 0x3f, 0x29, 0x6d, 0xaf,
  23167. 0xdb, 0xdc, 0x11, 0xc7, 0x7f, 0x77, 0x77, 0xe9,
  23168. 0x72, 0x66, 0x0c, 0xf4, 0xb6, 0xa9, 0xb3, 0x69,
  23169. 0xa6, 0x66, 0x5f, 0x02, 0xe0, 0xcc, 0x9b, 0x6e,
  23170. 0xdf, 0xad, 0x13, 0x6b, 0x4f, 0xab, 0xe7, 0x23,
  23171. 0xd2, 0x81, 0x3d, 0xb3, 0x13, 0x6c, 0xfd, 0xe9,
  23172. 0xb6, 0xd0, 0x44, 0x32, 0x2f, 0xee, 0x29, 0x47,
  23173. 0x95, 0x2e, 0x03, 0x1b, 0x73, 0xab, 0x5c, 0x60,
  23174. 0x33, 0x49, 0xb3, 0x07, 0xbd, 0xc2, 0x7b, 0xc6,
  23175. 0xcb, 0x8b, 0x8b, 0xbd, 0x7b, 0xd3, 0x23, 0x21,
  23176. 0x9b, 0x80, 0x33, 0xa5, 0x81, 0xb5, 0x9e, 0xad,
  23177. 0xeb, 0xb0, 0x9b, 0x3c, 0x4f, 0x3d, 0x22, 0x77,
  23178. 0xd4, 0xf0, 0x34, 0x36, 0x24, 0xac, 0xc8, 0x17,
  23179. 0x80, 0x47, 0x28, 0xb2, 0x5a, 0xb7, 0x97, 0x17,
  23180. 0x2b, 0x4c, 0x5c, 0x21, 0xa2, 0x2f, 0x9c, 0x78,
  23181. 0x39, 0xd6, 0x43, 0x00, 0x23, 0x2e, 0xb6, 0x6e,
  23182. 0x53, 0xf3, 0x1c, 0x72, 0x3f, 0xa3, 0x7f, 0xe3,
  23183. 0x87, 0xc7, 0xd3, 0xe5, 0x0b, 0xdf, 0x98, 0x13,
  23184. 0xa3, 0x0e, 0x5b, 0xb1, 0x2c, 0xf4, 0xcd, 0x93,
  23185. 0x0c, 0x40, 0xcf, 0xb4, 0xe1, 0xfc, 0x62, 0x25,
  23186. 0x92, 0xa4, 0x95, 0x88, 0x79, 0x44, 0x94, 0xd5,
  23187. 0x6d, 0x24, 0xea, 0x4b, 0x40, 0xc8, 0x9f, 0xc0,
  23188. 0x59, 0x6c, 0xc9, 0xeb, 0xb9, 0x61, 0xc8, 0xcb,
  23189. 0x10, 0xad, 0xde, 0x97, 0x6a, 0x5d, 0x60, 0x2b,
  23190. 0x1c, 0x3f, 0x85, 0xb9, 0xb9, 0xa0, 0x01, 0xed,
  23191. 0x3c, 0x6a, 0x4d, 0x3b, 0x14, 0x37, 0xf5, 0x20,
  23192. 0x96, 0xcd, 0x19, 0x56, 0xd0, 0x42, 0xa5, 0x97,
  23193. 0xd5, 0x61, 0xa5, 0x96, 0xec, 0xd3, 0xd1, 0x73,
  23194. 0x5a, 0x8d, 0x57, 0x0e, 0xa0, 0xec, 0x27, 0x22,
  23195. 0x5a, 0x2c, 0x4a, 0xaf, 0xf2, 0x63, 0x06, 0xd1,
  23196. 0x52, 0x6c, 0x1a, 0xf3, 0xca, 0x6d, 0x9c, 0xf5,
  23197. 0xa2, 0xc9, 0x8f, 0x47, 0xe1, 0xc4, 0x6d, 0xb9,
  23198. 0xa3, 0x32, 0x34, 0xcf, 0xd4, 0xd8, 0x1f, 0x2c,
  23199. 0x98, 0x53, 0x8a, 0x09, 0xeb, 0xe7, 0x69, 0x98,
  23200. 0xd0, 0xd8, 0xfd, 0x25, 0x99, 0x7c, 0x7d, 0x25,
  23201. 0x5c, 0x6d, 0x66, 0xec, 0xe6, 0xfa, 0x56, 0xf1,
  23202. 0x11, 0x44, 0x95, 0x0f, 0x02, 0x77, 0x95, 0xe6,
  23203. 0x53, 0x00, 0x8f, 0x4b, 0xd7, 0xca, 0x2d, 0xee,
  23204. 0x85, 0xd8, 0xe9, 0x0f, 0x3d, 0xc3, 0x15, 0x13,
  23205. 0x0c, 0xe2, 0xa0, 0x03, 0x75, 0xa3, 0x18, 0xc7,
  23206. 0xc3, 0xd9, 0x7b, 0xe2, 0xc8, 0xce, 0x5b, 0x6d,
  23207. 0xb4, 0x1a, 0x62, 0x54, 0xff, 0x26, 0x4f, 0xa6,
  23208. 0x15, 0x5b, 0xae, 0xe3, 0xb0, 0x77, 0x3c, 0x0f,
  23209. 0x49, 0x7c, 0x57, 0x3f, 0x19, 0xbb, 0x4f, 0x42,
  23210. 0x40, 0x28, 0x1f, 0x0b, 0x1f, 0x4f, 0x7b, 0xe8,
  23211. 0x57, 0xa4, 0xe5, 0x9d, 0x41, 0x6c, 0x06, 0xb4,
  23212. 0xc5, 0x0f, 0xa0, 0x9e, 0x18, 0x10, 0xdd, 0xc6,
  23213. 0xb1, 0x46, 0x7b, 0xae, 0xac, 0x5a, 0x36, 0x68,
  23214. 0xd1, 0x1b, 0x6e, 0xca, 0xa9, 0x01, 0x44, 0x00,
  23215. 0x16, 0xf3, 0x89, 0xf8, 0x0a, 0xcc, 0x4d, 0xb9,
  23216. 0x77, 0x02, 0x5e, 0x7f, 0x59, 0x24, 0x38, 0x8c,
  23217. 0x7e, 0x34, 0x0a, 0x73, 0x2e, 0x55, 0x44, 0x40,
  23218. 0xe7, 0x65, 0x70, 0xf8, 0xdd, 0x71, 0xb7, 0xd6,
  23219. 0x40, 0xb3, 0x45, 0x0d, 0x1f, 0xd5, 0xf0, 0x41,
  23220. 0x0a, 0x18, 0xf9, 0xa3, 0x49, 0x4f, 0x70, 0x7c,
  23221. 0x71, 0x7b, 0x79, 0xb4, 0xbf, 0x75, 0xc9, 0x84,
  23222. 0x00, 0xb0, 0x96, 0xb2, 0x16, 0x53, 0xb5, 0xd2,
  23223. 0x17, 0xcf, 0x35, 0x65, 0xc9, 0x59, 0x74, 0x56,
  23224. 0xf7, 0x07, 0x03, 0x49, 0x7a, 0x07, 0x87, 0x63,
  23225. 0x82, 0x9b, 0xc0, 0x1b, 0xb1, 0xcb, 0xc8, 0xfa,
  23226. 0x04, 0xea, 0xdc, 0x9a, 0x6e, 0x3f, 0x66, 0x99,
  23227. 0x58, 0x7a, 0x9e, 0x75, 0xc9, 0x4e, 0x5b, 0xab,
  23228. 0x00, 0x36, 0xe0, 0xb2, 0xe7, 0x11, 0x39, 0x2c,
  23229. 0xff, 0x00, 0x47, 0xd0, 0xd6, 0xb0, 0x5b, 0xd2,
  23230. 0xa5, 0x88, 0xbc, 0x10, 0x97, 0x18, 0x95, 0x42,
  23231. 0x59, 0xf1, 0xd8, 0x66, 0x78, 0xa5, 0x79, 0xa3,
  23232. 0x12, 0x0f, 0x19, 0xcf, 0xb2, 0x96, 0x3f, 0x17,
  23233. 0x7a, 0xeb, 0x70, 0xf2, 0xd4, 0x84, 0x48, 0x26,
  23234. 0x26, 0x2e, 0x51, 0xb8, 0x02, 0x71, 0x27, 0x20,
  23235. 0x68, 0xef, 0x5b, 0x38, 0x56, 0xfa, 0x85, 0x35,
  23236. 0xaa, 0x2a, 0x88, 0xb2, 0xd4, 0x1f, 0x2a, 0x0e,
  23237. 0x2f, 0xda, 0x76, 0x24, 0xc2, 0x85, 0x02, 0x72,
  23238. 0xac, 0x4a, 0x2f, 0x56, 0x1f, 0x8f, 0x2f, 0x7a,
  23239. 0x31, 0x8b, 0xfd, 0x5c, 0xaf, 0x96, 0x96, 0x14,
  23240. 0x9e, 0x4a, 0xc8, 0x24, 0xad, 0x34, 0x60, 0x53,
  23241. 0x8f, 0xdc, 0x25, 0x42, 0x1b, 0xee, 0xc2, 0xcc,
  23242. 0x68, 0x18, 0x16, 0x2d, 0x06, 0xbb, 0xed, 0x0c,
  23243. 0x40, 0xa3, 0x87, 0x19, 0x23, 0x49, 0xdb, 0x67,
  23244. 0xa1, 0x18, 0xba, 0xda, 0x6c, 0xd5, 0xab, 0x01,
  23245. 0x40, 0xee, 0x27, 0x32, 0x04, 0xf6, 0x28, 0xaa,
  23246. 0xd1, 0xc1, 0x35, 0xf7, 0x70, 0x27, 0x9a, 0x65,
  23247. 0x1e, 0x24, 0xd8, 0xc1, 0x4d, 0x75, 0xa6, 0x05,
  23248. 0x9d, 0x76, 0xb9, 0x6a, 0x6f, 0xd8, 0x57, 0xde,
  23249. 0xf5, 0xe0, 0xb3, 0x54, 0xb2, 0x7a, 0xb9, 0x37,
  23250. 0xa5, 0x81, 0x5d, 0x16, 0xb5, 0xfa, 0xe4, 0x07,
  23251. 0xff, 0x18, 0x22, 0x2c, 0x6d, 0x1e, 0xd2, 0x63,
  23252. 0xbe, 0x68, 0xc9, 0x5f, 0x32, 0xd9, 0x08, 0xbd,
  23253. 0x89, 0x5c, 0xd7, 0x62, 0x07, 0xae, 0x72, 0x64,
  23254. 0x87, 0x56, 0x7f, 0x9a, 0x67, 0xda, 0xd7, 0x9a,
  23255. 0xbe, 0xc3, 0x16, 0xf6, 0x83, 0xb1, 0x7f, 0x2d,
  23256. 0x02, 0xbf, 0x07, 0xe0, 0xac, 0x8b, 0x5b, 0xc6,
  23257. 0x16, 0x2c, 0xf9, 0x46, 0x97, 0xb3, 0xc2, 0x7c,
  23258. 0xd1, 0xfe, 0xa4, 0x9b, 0x27, 0xf2, 0x3b, 0xa2,
  23259. 0x90, 0x18, 0x71, 0x96, 0x25, 0x06, 0x52, 0x0c,
  23260. 0x39, 0x2d, 0xa8, 0xb6, 0xad, 0x0d, 0x99, 0xf7,
  23261. 0x01, 0x3f, 0xbc, 0x06, 0xc2, 0xc1, 0x7a, 0x56,
  23262. 0x95, 0x00, 0xc8, 0xa7, 0x69, 0x64, 0x81, 0xc1,
  23263. 0xcd, 0x33, 0xe9, 0xb1, 0x4e, 0x40, 0xb8, 0x2e,
  23264. 0x79, 0xa5, 0xf5, 0xdb, 0x82, 0x57, 0x1b, 0xa9,
  23265. 0x7b, 0xae, 0x3a, 0xd3, 0xe0, 0x47, 0x95, 0x15,
  23266. 0xbb, 0x0e, 0x2b, 0x0f, 0x3b, 0xfc, 0xd1, 0xfd,
  23267. 0x33, 0x03, 0x4e, 0xfc, 0x62, 0x45, 0xed, 0xdd,
  23268. 0x7e, 0xe2, 0x08, 0x6d, 0xda, 0xe2, 0x60, 0x0d,
  23269. 0x8c, 0xa7, 0x3e, 0x21, 0x4e, 0x8c, 0x2b, 0x0b,
  23270. 0xdb, 0x2b, 0x04, 0x7c, 0x6a, 0x46, 0x4a, 0x56,
  23271. 0x2e, 0xd7, 0x7b, 0x73, 0xd2, 0xd8, 0x41, 0xc4,
  23272. 0xb3, 0x49, 0x73, 0x55, 0x12, 0x57, 0x71, 0x3b,
  23273. 0x75, 0x36, 0x32, 0xef, 0xba, 0x34, 0x81, 0x69,
  23274. 0xab, 0xc9, 0x0a, 0x68, 0xf4, 0x26, 0x11, 0xa4,
  23275. 0x01, 0x26, 0xd7, 0xcb, 0x21, 0xb5, 0x86, 0x95,
  23276. 0x56, 0x81, 0x86, 0xf7, 0xe5, 0x69, 0xd2, 0xff,
  23277. 0x0f, 0x9e, 0x74, 0x5d, 0x04, 0x87, 0xdd, 0x2e,
  23278. 0xb9, 0x97, 0xca, 0xfc, 0x5a, 0xbf, 0x9d, 0xd1,
  23279. 0x02, 0xe6, 0x2f, 0xf6, 0x6c, 0xba, 0x87
  23280. };
  23281. WOLFSSL_SMALL_STACK_STATIC const byte* msgs[] = {msg1, msg2, msg3, msg1, msg1, msg4};
  23282. WOLFSSL_SMALL_STACK_STATIC const word16 msgSz[] = {0 /*sizeof(msg1)*/,
  23283. sizeof(msg2),
  23284. sizeof(msg3),
  23285. 0 /*sizeof(msg1)*/,
  23286. 0 /*sizeof(msg1)*/,
  23287. sizeof(msg4)
  23288. };
  23289. #ifndef NO_ASN
  23290. static byte privateEd448[] = {
  23291. 0x30, 0x47, 0x02, 0x01, 0x00, 0x30, 0x05, 0x06,
  23292. 0x03, 0x2b, 0x65, 0x71, 0x04, 0x3b, 0x04, 0x39,
  23293. 0x6c, 0x82, 0xa5, 0x62, 0xcb, 0x80, 0x8d, 0x10,
  23294. 0xd6, 0x32, 0xbe, 0x89, 0xc8, 0x51, 0x3e, 0xbf,
  23295. 0x6c, 0x92, 0x9f, 0x34, 0xdd, 0xfa, 0x8c, 0x9f,
  23296. 0x63, 0xc9, 0x96, 0x0e, 0xf6, 0xe3, 0x48, 0xa3,
  23297. 0x52, 0x8c, 0x8a, 0x3f, 0xcc, 0x2f, 0x04, 0x4e,
  23298. 0x39, 0xa3, 0xfc, 0x5b, 0x94, 0x49, 0x2f, 0x8f,
  23299. 0x03, 0x2e, 0x75, 0x49, 0xa2, 0x00, 0x98, 0xf9,
  23300. 0x5b
  23301. };
  23302. static byte publicEd448[] = {
  23303. 0x30, 0x43, 0x30, 0x05, 0x06, 0x03, 0x2b, 0x65,
  23304. 0x71, 0x03, 0x3a, 0x00, 0x5f, 0xd7, 0x44, 0x9b,
  23305. 0x59, 0xb4, 0x61, 0xfd, 0x2c, 0xe7, 0x87, 0xec,
  23306. 0x61, 0x6a, 0xd4, 0x6a, 0x1d, 0xa1, 0x34, 0x24,
  23307. 0x85, 0xa7, 0x0e, 0x1f, 0x8a, 0x0e, 0xa7, 0x5d,
  23308. 0x80, 0xe9, 0x67, 0x78, 0xed, 0xf1, 0x24, 0x76,
  23309. 0x9b, 0x46, 0xc7, 0x06, 0x1b, 0xd6, 0x78, 0x3d,
  23310. 0xf1, 0xe5, 0x0f, 0x6c, 0xd1, 0xfa, 0x1a, 0xbe,
  23311. 0xaf, 0xe8, 0x25, 0x61, 0x80
  23312. };
  23313. static byte privPubEd448[] = {
  23314. 0x30, 0x81, 0x84, 0x02, 0x01, 0x00, 0x30, 0x05,
  23315. 0x06, 0x03, 0x2b, 0x65, 0x71, 0x04, 0x3b, 0x04,
  23316. 0x39, 0x6c, 0x82, 0xa5, 0x62, 0xcb, 0x80, 0x8d,
  23317. 0x10, 0xd6, 0x32, 0xbe, 0x89, 0xc8, 0x51, 0x3e,
  23318. 0xbf, 0x6c, 0x92, 0x9f, 0x34, 0xdd, 0xfa, 0x8c,
  23319. 0x9f, 0x63, 0xc9, 0x96, 0x0e, 0xf6, 0xe3, 0x48,
  23320. 0xa3, 0x52, 0x8c, 0x8a, 0x3f, 0xcc, 0x2f, 0x04,
  23321. 0x4e, 0x39, 0xa3, 0xfc, 0x5b, 0x94, 0x49, 0x2f,
  23322. 0x8f, 0x03, 0x2e, 0x75, 0x49, 0xa2, 0x00, 0x98,
  23323. 0xf9, 0x5b, 0xa1, 0x3b, 0x04, 0x39, 0x5f, 0xd7,
  23324. 0x44, 0x9b, 0x59, 0xb4, 0x61, 0xfd, 0x2c, 0xe7,
  23325. 0x87, 0xec, 0x61, 0x6a, 0xd4, 0x6a, 0x1d, 0xa1,
  23326. 0x34, 0x24, 0x85, 0xa7, 0x0e, 0x1f, 0x8a, 0x0e,
  23327. 0xa7, 0x5d, 0x80, 0xe9, 0x67, 0x78, 0xed, 0xf1,
  23328. 0x24, 0x76, 0x9b, 0x46, 0xc7, 0x06, 0x1b, 0xd6,
  23329. 0x78, 0x3d, 0xf1, 0xe5, 0x0f, 0x6c, 0xd1, 0xfa,
  23330. 0x1a, 0xbe, 0xaf, 0xe8, 0x25, 0x61, 0x80
  23331. };
  23332. word32 idx;
  23333. ed448_key key3;
  23334. #endif /* NO_ASN */
  23335. #endif /* HAVE_ED448_SIGN && HAVE_ED448_KEY_EXPORT && HAVE_ED448_KEY_IMPORT */
  23336. /* create ed448 keys */
  23337. #ifndef HAVE_FIPS
  23338. ret = wc_InitRng_ex(&rng, HEAP_HINT, devId);
  23339. #else
  23340. ret = wc_InitRng(&rng);
  23341. #endif
  23342. if (ret != 0)
  23343. return -11700;
  23344. wc_ed448_init(&key);
  23345. wc_ed448_init(&key2);
  23346. #ifndef NO_ASN
  23347. wc_ed448_init(&key3);
  23348. #endif
  23349. wc_ed448_make_key(&rng, ED448_KEY_SIZE, &key);
  23350. wc_ed448_make_key(&rng, ED448_KEY_SIZE, &key2);
  23351. /* helper functions for signature and key size */
  23352. keySz = wc_ed448_size(&key);
  23353. sigSz = wc_ed448_sig_size(&key);
  23354. #if defined(HAVE_ED448_SIGN) && defined(HAVE_ED448_KEY_EXPORT) &&\
  23355. defined(HAVE_ED448_KEY_IMPORT)
  23356. for (i = 0; i < 6; i++) {
  23357. outlen = sizeof(out);
  23358. XMEMSET(out, 0, sizeof(out));
  23359. if (wc_ed448_import_private_key(sKeys[i], ED448_KEY_SIZE, pKeys[i],
  23360. pKeySz[i], &key) != 0)
  23361. return -11701 - i;
  23362. if (wc_ed448_sign_msg(msgs[i], msgSz[i], out, &outlen, &key, NULL,
  23363. 0) != 0) {
  23364. return -11711 - i;
  23365. }
  23366. if (XMEMCMP(out, sigs[i], 114))
  23367. return -11721 - i;
  23368. #if defined(HAVE_ED448_VERIFY)
  23369. /* test verify on good msg */
  23370. if (wc_ed448_verify_msg(out, outlen, msgs[i], msgSz[i], &verify, &key,
  23371. NULL, 0) != 0 || verify != 1) {
  23372. return -11731 - i;
  23373. }
  23374. /* test verify on bad msg */
  23375. out[outlen-2] = out[outlen-2] + 1;
  23376. if (wc_ed448_verify_msg(out, outlen, msgs[i], msgSz[i], &verify, &key,
  23377. NULL, 0) == 0 || verify == 1) {
  23378. return -11741 - i;
  23379. }
  23380. #endif /* HAVE_ED448_VERIFY */
  23381. /* test api for import/exporting keys */
  23382. exportPSz = sizeof(exportPKey);
  23383. exportSSz = sizeof(exportSKey);
  23384. if (wc_ed448_export_public(&key, exportPKey, &exportPSz) != 0)
  23385. return -11751 - i;
  23386. if (wc_ed448_import_public(exportPKey, exportPSz, &key2) != 0)
  23387. return -11761 - i;
  23388. if (wc_ed448_export_private_only(&key, exportSKey, &exportSSz) != 0)
  23389. return -11771 - i;
  23390. if (wc_ed448_import_private_key(exportSKey, exportSSz,
  23391. exportPKey, exportPSz, &key2) != 0)
  23392. return -11781 - i;
  23393. /* clear "out" buffer and test sign with imported keys */
  23394. outlen = sizeof(out);
  23395. XMEMSET(out, 0, sizeof(out));
  23396. if (wc_ed448_sign_msg(msgs[i], msgSz[i], out, &outlen, &key2, NULL,
  23397. 0) != 0) {
  23398. return -11791 - i;
  23399. }
  23400. #if defined(HAVE_ED448_VERIFY)
  23401. if (wc_ed448_verify_msg(out, outlen, msgs[i], msgSz[i], &verify, &key2,
  23402. NULL, 0) != 0 || verify != 1)
  23403. return -11801 - i;
  23404. if (XMEMCMP(out, sigs[i], SIGSZ))
  23405. return -11811 - i;
  23406. #endif /* HAVE_ED448_VERIFY */
  23407. }
  23408. ret = ed448_ctx_test();
  23409. if (ret != 0)
  23410. return ret;
  23411. ret = ed448ph_test();
  23412. if (ret != 0)
  23413. return ret;
  23414. #ifndef NO_ASN
  23415. /* Try ASN.1 encoded private-only key and public key. */
  23416. idx = 0;
  23417. if (wc_Ed448PrivateKeyDecode(privateEd448, &idx, &key3,
  23418. sizeof(privateEd448)) != 0)
  23419. return -11821 - i;
  23420. if (wc_ed448_sign_msg(msgs[0], msgSz[0], out, &outlen, &key3, NULL, 0)
  23421. != BAD_FUNC_ARG)
  23422. return -11831 - i;
  23423. idx = 0;
  23424. if (wc_Ed448PublicKeyDecode(publicEd448, &idx, &key3,
  23425. sizeof(publicEd448)) != 0)
  23426. return -11841 - i;
  23427. if (wc_ed448_sign_msg(msgs[0], msgSz[0], out, &outlen, &key3, NULL, 0) != 0)
  23428. return -11851 - i;
  23429. if (XMEMCMP(out, sigs[0], SIGSZ))
  23430. return -11861 - i;
  23431. #if defined(HAVE_ED448_VERIFY)
  23432. /* test verify on good msg */
  23433. if (wc_ed448_verify_msg(out, outlen, msgs[0], msgSz[0], &verify, &key3,
  23434. NULL, 0) != 0 || verify != 1)
  23435. return -11871 - i;
  23436. #endif /* HAVE_ED448_VERIFY */
  23437. wc_ed448_free(&key3);
  23438. wc_ed448_init(&key3);
  23439. idx = 0;
  23440. if (wc_Ed448PrivateKeyDecode(privPubEd448, &idx, &key3,
  23441. sizeof(privPubEd448)) != 0)
  23442. return -11881 - i;
  23443. if (wc_ed448_sign_msg(msgs[0], msgSz[0], out, &outlen, &key3, NULL, 0) != 0)
  23444. return -11891 - i;
  23445. if (XMEMCMP(out, sigs[0], SIGSZ))
  23446. return -11901 - i;
  23447. wc_ed448_free(&key3);
  23448. #endif /* NO_ASN */
  23449. #endif /* HAVE_ED448_SIGN && HAVE_ED448_KEY_EXPORT && HAVE_ED448_KEY_IMPORT */
  23450. /* clean up keys when done */
  23451. wc_ed448_free(&key);
  23452. wc_ed448_free(&key2);
  23453. #if defined(HAVE_HASHDRBG) || defined(NO_RC4)
  23454. wc_FreeRng(&rng);
  23455. #endif
  23456. /* hush warnings of unused keySz and sigSz */
  23457. (void)keySz;
  23458. (void)sigSz;
  23459. #ifdef WOLFSSL_TEST_CERT
  23460. ret = ed448_test_cert();
  23461. if (ret < 0)
  23462. return ret;
  23463. #ifdef WOLFSSL_CERT_GEN
  23464. ret = ed448_test_make_cert();
  23465. if (ret < 0)
  23466. return ret;
  23467. #endif /* WOLFSSL_CERT_GEN */
  23468. #endif /* WOLFSSL_TEST_CERT */
  23469. return 0;
  23470. }
  23471. #endif /* HAVE_ED448 */
  23472. #ifdef WOLFCRYPT_HAVE_ECCSI
  23473. static int eccsi_api_test(WC_RNG* rng, EccsiKey* key, mp_int* ssk,
  23474. ecc_point* pvt)
  23475. {
  23476. int ret;
  23477. byte id[1] = { 0x00 };
  23478. int valid;
  23479. word32 sz;
  23480. byte data[256];
  23481. byte hash[WC_MAX_DIGEST_SIZE];
  23482. byte hashSz;
  23483. byte sig[257];
  23484. word32 sigSz;
  23485. ret = wc_InitEccsiKey_ex(NULL, 32, ECC_SECP256R1, HEAP_HINT, INVALID_DEVID);
  23486. if (ret != BAD_FUNC_ARG)
  23487. return -10023;
  23488. ret = wc_InitEccsiKey_ex(NULL, 32, ECC_SECP256R1, HEAP_HINT, INVALID_DEVID);
  23489. if (ret != BAD_FUNC_ARG)
  23490. return -10024;
  23491. ret = wc_InitEccsiKey(NULL, NULL, INVALID_DEVID);
  23492. if (ret != BAD_FUNC_ARG)
  23493. return -10025;
  23494. ret = wc_InitEccsiKey(NULL, HEAP_HINT, INVALID_DEVID);
  23495. if (ret != BAD_FUNC_ARG)
  23496. return -10026;
  23497. wc_FreeEccsiKey(NULL);
  23498. /* Create a valid key. */
  23499. ret = wc_InitEccsiKey(key, NULL, INVALID_DEVID);
  23500. if (ret != 0)
  23501. return -10027;
  23502. ret = wc_MakeEccsiKey(NULL, NULL);
  23503. if (ret != BAD_FUNC_ARG)
  23504. return -10028;
  23505. ret = wc_MakeEccsiKey(key, NULL);
  23506. if (ret != BAD_FUNC_ARG)
  23507. return -10029;
  23508. ret = wc_MakeEccsiKey(NULL, rng);
  23509. if (ret != BAD_FUNC_ARG)
  23510. return -10030;
  23511. ret = wc_MakeEccsiPair(NULL, NULL, WC_HASH_TYPE_SHA256, NULL, 1, NULL,
  23512. NULL);
  23513. if (ret != BAD_FUNC_ARG)
  23514. return -10031;
  23515. ret = wc_MakeEccsiPair(key, rng, WC_HASH_TYPE_SHA256, id, 1, ssk, NULL);
  23516. if (ret != BAD_FUNC_ARG)
  23517. return -10032;
  23518. ret = wc_MakeEccsiPair(key, rng, WC_HASH_TYPE_SHA256, id, 1, NULL, pvt);
  23519. if (ret != BAD_FUNC_ARG)
  23520. return -10033;
  23521. ret = wc_MakeEccsiPair(key, rng, WC_HASH_TYPE_SHA256, NULL, 1, ssk, pvt);
  23522. if (ret != BAD_FUNC_ARG)
  23523. return -10034;
  23524. ret = wc_MakeEccsiPair(key, NULL, WC_HASH_TYPE_SHA256, id, 1, ssk, pvt);
  23525. if (ret != BAD_FUNC_ARG)
  23526. return -10035;
  23527. ret = wc_MakeEccsiPair(NULL, rng, WC_HASH_TYPE_SHA256, id, 1, ssk, pvt);
  23528. if (ret != BAD_FUNC_ARG)
  23529. return -10036;
  23530. /* No key set */
  23531. ret = wc_MakeEccsiPair(key, rng, WC_HASH_TYPE_SHA256, id, 1, ssk, pvt);
  23532. if (ret != BAD_STATE_E)
  23533. return -10037;
  23534. ret = wc_ValidateEccsiPair(NULL, WC_HASH_TYPE_SHA256, NULL, 1, NULL, NULL,
  23535. NULL);
  23536. if (ret != BAD_FUNC_ARG)
  23537. return -10038;
  23538. ret = wc_ValidateEccsiPair(key, WC_HASH_TYPE_SHA256, id, 1, ssk, pvt,
  23539. NULL);
  23540. if (ret != BAD_FUNC_ARG)
  23541. return -10039;
  23542. ret = wc_ValidateEccsiPair(key, WC_HASH_TYPE_SHA256, id, 1, ssk, NULL,
  23543. &valid);
  23544. if (ret != BAD_FUNC_ARG)
  23545. return -10040;
  23546. ret = wc_ValidateEccsiPair(key, WC_HASH_TYPE_SHA256, id, 1, NULL, pvt,
  23547. &valid);
  23548. if (ret != BAD_FUNC_ARG)
  23549. return -10041;
  23550. ret = wc_ValidateEccsiPair(key, WC_HASH_TYPE_SHA256, NULL, 1, ssk, pvt,
  23551. &valid);
  23552. if (ret != BAD_FUNC_ARG)
  23553. return -10042;
  23554. ret = wc_ValidateEccsiPair(NULL, WC_HASH_TYPE_SHA256, id, 1, ssk, pvt,
  23555. &valid);
  23556. if (ret != BAD_FUNC_ARG)
  23557. return -10043;
  23558. /* No key set */
  23559. ret = wc_ValidateEccsiPair(key, WC_HASH_TYPE_SHA256, id, 1, ssk, pvt,
  23560. &valid);
  23561. if (ret != BAD_STATE_E)
  23562. return -10044;
  23563. ret = wc_ValidateEccsiPvt(NULL, NULL, NULL);
  23564. if (ret != BAD_FUNC_ARG)
  23565. return -10045;
  23566. ret = wc_ValidateEccsiPvt(key, NULL, NULL);
  23567. if (ret != BAD_FUNC_ARG)
  23568. return -10046;
  23569. ret = wc_ValidateEccsiPvt(NULL, pvt, NULL);
  23570. if (ret != BAD_FUNC_ARG)
  23571. return -10047;
  23572. ret = wc_ValidateEccsiPvt(NULL, NULL, &valid);
  23573. if (ret != BAD_FUNC_ARG)
  23574. return -10048;
  23575. ret = wc_ValidateEccsiPvt(key, pvt, NULL);
  23576. if (ret != BAD_FUNC_ARG)
  23577. return -10049;
  23578. ret = wc_ValidateEccsiPvt(key, NULL, &valid);
  23579. if (ret != BAD_FUNC_ARG)
  23580. return -10050;
  23581. ret = wc_ValidateEccsiPvt(NULL, pvt, &valid);
  23582. if (ret != BAD_FUNC_ARG)
  23583. return -10051;
  23584. ret = wc_EncodeEccsiPair(NULL, NULL, NULL, data, NULL);
  23585. if (ret != BAD_FUNC_ARG)
  23586. return -10052;
  23587. ret = wc_EncodeEccsiPair(key, ssk, pvt, data, NULL);
  23588. if (ret != BAD_FUNC_ARG)
  23589. return -10053;
  23590. ret = wc_EncodeEccsiPair(key, ssk, NULL, data, &sz);
  23591. if (ret != BAD_FUNC_ARG)
  23592. return -10054;
  23593. ret = wc_EncodeEccsiPair(key, NULL, pvt, data, &sz);
  23594. if (ret != BAD_FUNC_ARG)
  23595. return -10055;
  23596. ret = wc_EncodeEccsiPair(NULL, ssk, pvt, data, &sz);
  23597. if (ret != BAD_FUNC_ARG)
  23598. return -10056;
  23599. /* No key created so no curve information. */
  23600. ret = wc_EncodeEccsiPair(key, ssk, pvt, NULL, &sz);
  23601. if (ret != LENGTH_ONLY_E)
  23602. return -10057;
  23603. ret = wc_EncodeEccsiSsk(NULL, NULL, data, NULL);
  23604. if (ret != BAD_FUNC_ARG)
  23605. return -10058;
  23606. ret = wc_EncodeEccsiSsk(key, ssk, data, NULL);
  23607. if (ret != BAD_FUNC_ARG)
  23608. return -10059;
  23609. ret = wc_EncodeEccsiSsk(key, NULL, data, &sz);
  23610. if (ret != BAD_FUNC_ARG)
  23611. return -10060;
  23612. ret = wc_EncodeEccsiSsk(NULL, ssk, data, &sz);
  23613. if (ret != BAD_FUNC_ARG)
  23614. return -10061;
  23615. ret = wc_EncodeEccsiPvt(NULL, NULL, data, NULL, 1);
  23616. if (ret != BAD_FUNC_ARG)
  23617. return -10058;
  23618. ret = wc_EncodeEccsiPvt(key, pvt, data, NULL, 1);
  23619. if (ret != BAD_FUNC_ARG)
  23620. return -10059;
  23621. ret = wc_EncodeEccsiPvt(key, NULL, data, &sz, 1);
  23622. if (ret != BAD_FUNC_ARG)
  23623. return -10060;
  23624. ret = wc_EncodeEccsiPvt(NULL, pvt, data, &sz, 1);
  23625. if (ret != BAD_FUNC_ARG)
  23626. return -10061;
  23627. ret = wc_DecodeEccsiPair(NULL, NULL, 0, NULL, NULL);
  23628. if (ret != BAD_FUNC_ARG)
  23629. return -10062;
  23630. ret = wc_DecodeEccsiPair(key, data, 0, ssk, NULL);
  23631. if (ret != BAD_FUNC_ARG)
  23632. return -10063;
  23633. ret = wc_DecodeEccsiPair(key, data, 0, NULL, pvt);
  23634. if (ret != BAD_FUNC_ARG)
  23635. return -10064;
  23636. ret = wc_DecodeEccsiPair(key, NULL, 0, ssk, pvt);
  23637. if (ret != BAD_FUNC_ARG)
  23638. return -10065;
  23639. ret = wc_DecodeEccsiPair(NULL, data, 0, ssk, pvt);
  23640. if (ret != BAD_FUNC_ARG)
  23641. return -10066;
  23642. ret = wc_DecodeEccsiSsk(NULL, NULL, 0, NULL);
  23643. if (ret != BAD_FUNC_ARG)
  23644. return -10067;
  23645. ret = wc_DecodeEccsiSsk(key, data, 0, NULL);
  23646. if (ret != BAD_FUNC_ARG)
  23647. return -10068;
  23648. ret = wc_DecodeEccsiSsk(key, NULL, 0, ssk);
  23649. if (ret != BAD_FUNC_ARG)
  23650. return -10069;
  23651. ret = wc_DecodeEccsiSsk(NULL, data, 0, ssk);
  23652. if (ret != BAD_FUNC_ARG)
  23653. return -10070;
  23654. ret = wc_DecodeEccsiPvt(NULL, NULL, 0, NULL);
  23655. if (ret != BAD_FUNC_ARG)
  23656. return -10067;
  23657. ret = wc_DecodeEccsiPvt(key, data, 0, NULL);
  23658. if (ret != BAD_FUNC_ARG)
  23659. return -10068;
  23660. ret = wc_DecodeEccsiPvt(key, NULL, 0, pvt);
  23661. if (ret != BAD_FUNC_ARG)
  23662. return -10069;
  23663. ret = wc_DecodeEccsiPvt(NULL, data, 0, pvt);
  23664. if (ret != BAD_FUNC_ARG)
  23665. return -10070;
  23666. ret = wc_DecodeEccsiPvtFromSig(NULL, NULL, 0, NULL);
  23667. if (ret != BAD_FUNC_ARG)
  23668. return -10067;
  23669. ret = wc_DecodeEccsiPvtFromSig(key, data, 0, NULL);
  23670. if (ret != BAD_FUNC_ARG)
  23671. return -10068;
  23672. ret = wc_DecodeEccsiPvtFromSig(key, NULL, 0, pvt);
  23673. if (ret != BAD_FUNC_ARG)
  23674. return -10069;
  23675. ret = wc_DecodeEccsiPvtFromSig(NULL, data, 0, pvt);
  23676. if (ret != BAD_FUNC_ARG)
  23677. return -10070;
  23678. ret = wc_ExportEccsiKey(NULL, data, NULL);
  23679. if (ret != BAD_FUNC_ARG)
  23680. return -10071;
  23681. ret = wc_ExportEccsiKey(key, data, NULL);
  23682. if (ret != BAD_FUNC_ARG)
  23683. return -10072;
  23684. ret = wc_ExportEccsiKey(NULL, data, &sz);
  23685. if (ret != BAD_FUNC_ARG)
  23686. return -10073;
  23687. /* No key to export */
  23688. ret = wc_ExportEccsiKey(key, NULL, &sz);
  23689. if (ret != BAD_STATE_E)
  23690. return -10074;
  23691. ret = wc_ImportEccsiKey(NULL, NULL, 0);
  23692. if (ret != BAD_FUNC_ARG)
  23693. return -10075;
  23694. ret = wc_ImportEccsiKey(key, NULL, 0);
  23695. if (ret != BAD_FUNC_ARG)
  23696. return -10076;
  23697. ret = wc_ImportEccsiKey(NULL, data, 0);
  23698. if (ret != BAD_FUNC_ARG)
  23699. return -10077;
  23700. ret = wc_ExportEccsiPrivateKey(NULL, data, NULL);
  23701. if (ret != BAD_FUNC_ARG)
  23702. return -10071;
  23703. ret = wc_ExportEccsiPrivateKey(key, data, NULL);
  23704. if (ret != BAD_FUNC_ARG)
  23705. return -10072;
  23706. ret = wc_ExportEccsiPrivateKey(NULL, data, &sz);
  23707. if (ret != BAD_FUNC_ARG)
  23708. return -10073;
  23709. /* No key to export */
  23710. ret = wc_ExportEccsiPrivateKey(key, NULL, &sz);
  23711. if (ret != BAD_STATE_E)
  23712. return -10074;
  23713. ret = wc_ImportEccsiPrivateKey(NULL, NULL, 0);
  23714. if (ret != BAD_FUNC_ARG)
  23715. return -10075;
  23716. ret = wc_ImportEccsiPrivateKey(key, NULL, 0);
  23717. if (ret != BAD_FUNC_ARG)
  23718. return -10076;
  23719. ret = wc_ImportEccsiPrivateKey(NULL, data, 0);
  23720. if (ret != BAD_FUNC_ARG)
  23721. return -10077;
  23722. ret = wc_ExportEccsiPublicKey(NULL, data, NULL, 1);
  23723. if (ret != BAD_FUNC_ARG)
  23724. return -10078;
  23725. ret = wc_ExportEccsiPublicKey(key, data, NULL, 1);
  23726. if (ret != BAD_FUNC_ARG)
  23727. return -10079;
  23728. ret = wc_ExportEccsiPublicKey(NULL, data, &sz, 1);
  23729. if (ret != BAD_FUNC_ARG)
  23730. return -10080;
  23731. /* No key to export */
  23732. ret = wc_ExportEccsiPublicKey(key, data, &sz, 1);
  23733. if (ret != BAD_STATE_E)
  23734. return -10081;
  23735. ret = wc_ImportEccsiPublicKey(NULL, NULL, 0, 1);
  23736. if (ret != BAD_FUNC_ARG)
  23737. return -10082;
  23738. ret = wc_ImportEccsiPublicKey(key, NULL, 0, 1);
  23739. if (ret != BAD_FUNC_ARG)
  23740. return -10083;
  23741. ret = wc_ImportEccsiPublicKey(NULL, data, 0, 1);
  23742. if (ret != BAD_FUNC_ARG)
  23743. return -10084;
  23744. ret = wc_HashEccsiId(NULL, WC_HASH_TYPE_SHA256, NULL, 1, NULL, NULL, NULL);
  23745. if (ret != BAD_FUNC_ARG)
  23746. return -10085;
  23747. ret = wc_HashEccsiId(key, WC_HASH_TYPE_SHA256, id, 1, pvt, hash, NULL);
  23748. if (ret != BAD_FUNC_ARG)
  23749. return -10086;
  23750. ret = wc_HashEccsiId(key, WC_HASH_TYPE_SHA256, id, 1, pvt, NULL, &hashSz);
  23751. if (ret != BAD_FUNC_ARG)
  23752. return -10087;
  23753. ret = wc_HashEccsiId(key, WC_HASH_TYPE_SHA256, id, 1, NULL, hash, &hashSz);
  23754. if (ret != BAD_FUNC_ARG)
  23755. return -10088;
  23756. ret = wc_HashEccsiId(key, WC_HASH_TYPE_SHA256, NULL, 1, pvt, hash,
  23757. &hashSz);
  23758. if (ret != BAD_FUNC_ARG)
  23759. return -10089;
  23760. ret = wc_HashEccsiId(NULL, WC_HASH_TYPE_SHA256, id, 1, pvt, hash, &hashSz);
  23761. if (ret != BAD_FUNC_ARG)
  23762. return -10090;
  23763. ret = wc_HashEccsiId(key, WC_HASH_TYPE_SHA256, id, 1, pvt, hash, &hashSz);
  23764. if (ret != BAD_STATE_E)
  23765. return -10091;
  23766. ret = wc_SetEccsiHash(NULL, NULL, 1);
  23767. if (ret != BAD_FUNC_ARG)
  23768. return -10090;
  23769. ret = wc_SetEccsiHash(key, NULL, 1);
  23770. if (ret != BAD_FUNC_ARG)
  23771. return -10090;
  23772. ret = wc_SetEccsiHash(NULL, hash, 1);
  23773. if (ret != BAD_FUNC_ARG)
  23774. return -10090;
  23775. ret = wc_SetEccsiPair(NULL, NULL, NULL);
  23776. if (ret != BAD_FUNC_ARG)
  23777. return -10090;
  23778. ret = wc_SetEccsiPair(key, NULL, NULL);
  23779. if (ret != BAD_FUNC_ARG)
  23780. return -10090;
  23781. ret = wc_SetEccsiPair(NULL, ssk, NULL);
  23782. if (ret != BAD_FUNC_ARG)
  23783. return -10090;
  23784. ret = wc_SetEccsiPair(NULL, NULL, pvt);
  23785. if (ret != BAD_FUNC_ARG)
  23786. return -10090;
  23787. ret = wc_SetEccsiPair(key, ssk, NULL);
  23788. if (ret != BAD_FUNC_ARG)
  23789. return -10090;
  23790. ret = wc_SetEccsiPair(key, NULL, pvt);
  23791. if (ret != BAD_FUNC_ARG)
  23792. return -10090;
  23793. ret = wc_SetEccsiPair(NULL, ssk, pvt);
  23794. if (ret != BAD_FUNC_ARG)
  23795. return -10090;
  23796. ret = wc_SignEccsiHash(NULL, NULL, WC_HASH_TYPE_SHA256, NULL, 0, sig, NULL);
  23797. if (ret != BAD_FUNC_ARG)
  23798. return -10092;
  23799. ret = wc_SignEccsiHash(key, rng, WC_HASH_TYPE_SHA256, data, 0, sig, NULL);
  23800. if (ret != BAD_FUNC_ARG)
  23801. return -10093;
  23802. ret = wc_SignEccsiHash(key, rng, WC_HASH_TYPE_SHA256, NULL, 0, sig,
  23803. &sigSz);
  23804. if (ret != BAD_FUNC_ARG)
  23805. return -10096;
  23806. ret = wc_SignEccsiHash(key, NULL, WC_HASH_TYPE_SHA256, data, 0, sig,
  23807. &sigSz);
  23808. if (ret != BAD_FUNC_ARG)
  23809. return -10098;
  23810. ret = wc_SignEccsiHash(NULL, rng, WC_HASH_TYPE_SHA256, data, 0, sig,
  23811. &sigSz);
  23812. if (ret != BAD_FUNC_ARG)
  23813. return -10099;
  23814. /* Key not set. */
  23815. ret = wc_SignEccsiHash(key, rng, WC_HASH_TYPE_SHA256, data, 0, NULL,
  23816. &sigSz);
  23817. if (ret != BAD_STATE_E)
  23818. return -10100;
  23819. ret = wc_VerifyEccsiHash(NULL, WC_HASH_TYPE_SHA256, NULL, 0, NULL, 0, NULL);
  23820. if (ret != BAD_FUNC_ARG)
  23821. return -10101;
  23822. ret = wc_VerifyEccsiHash(key, WC_HASH_TYPE_SHA256, NULL, 0, NULL, 0, NULL);
  23823. if (ret != BAD_FUNC_ARG)
  23824. return -10101;
  23825. ret = wc_VerifyEccsiHash(NULL, WC_HASH_TYPE_SHA256, data, 0, NULL, 0, NULL);
  23826. if (ret != BAD_FUNC_ARG)
  23827. return -10101;
  23828. ret = wc_VerifyEccsiHash(NULL, WC_HASH_TYPE_SHA256, NULL, 0, sig, 0, NULL);
  23829. if (ret != BAD_FUNC_ARG)
  23830. return -10101;
  23831. ret = wc_VerifyEccsiHash(NULL, WC_HASH_TYPE_SHA256, NULL, 0, NULL, 0,
  23832. &valid);
  23833. if (ret != BAD_FUNC_ARG)
  23834. return -10101;
  23835. ret = wc_VerifyEccsiHash(key, WC_HASH_TYPE_SHA256, data, 0, sig, 0, NULL);
  23836. if (ret != BAD_FUNC_ARG)
  23837. return -10102;
  23838. ret = wc_VerifyEccsiHash(key, WC_HASH_TYPE_SHA256, data, 0, NULL, 0,
  23839. &valid);
  23840. if (ret != BAD_FUNC_ARG)
  23841. return -10103;
  23842. ret = wc_VerifyEccsiHash(key, WC_HASH_TYPE_SHA256, NULL, 0, sig, 0,
  23843. &valid);
  23844. if (ret != BAD_FUNC_ARG)
  23845. return -10104;
  23846. ret = wc_VerifyEccsiHash(NULL, WC_HASH_TYPE_SHA256, data, 0, sig, 0,
  23847. &valid);
  23848. if (ret != BAD_FUNC_ARG)
  23849. return -10106;
  23850. ret = wc_VerifyEccsiHash(key, WC_HASH_TYPE_SHA256, data, 0, sig, 0,
  23851. &valid);
  23852. if (ret != BAD_STATE_E)
  23853. return -10106;
  23854. ret = wc_SetEccsiPair(key, ssk, pvt);
  23855. if (ret != 0)
  23856. return -10107;
  23857. /* Identity hash not set. */
  23858. ret = wc_SignEccsiHash(key, rng, WC_HASH_TYPE_SHA256, data, 0, NULL,
  23859. &sigSz);
  23860. if (ret != BAD_STATE_E)
  23861. return -10108;
  23862. wc_FreeEccsiKey(key);
  23863. return 0;
  23864. }
  23865. /* RFC 6507: Appendix A */
  23866. static int eccsi_kat_verify_test(EccsiKey* key, ecc_point* pvt)
  23867. {
  23868. int ret;
  23869. int verified;
  23870. const byte msg[] = { 0x6D, 0x65, 0x73, 0x73, 0x61, 0x67, 0x65, 0x00 };
  23871. word32 msgSz = sizeof(msg);
  23872. byte hash[WC_SHA256_DIGEST_SIZE];
  23873. byte hashSz = WC_SHA256_DIGEST_SIZE;
  23874. static const byte id[] = {
  23875. 0x32, 0x30, 0x31, 0x31, 0x2D, 0x30, 0x32, 0x00,
  23876. 0x74, 0x65, 0x6C, 0x3A, 0x2B, 0x34, 0x34, 0x37,
  23877. 0x37, 0x30, 0x30, 0x39, 0x30, 0x30, 0x31, 0x32,
  23878. 0x33, 0x00
  23879. };
  23880. word32 idSz = sizeof(id);
  23881. static const byte sig[] = {
  23882. 0x26, 0x9D, 0x4C, 0x8F, 0xDE, 0xB6, 0x6A, 0x74,
  23883. 0xE4, 0xEF, 0x8C, 0x0D, 0x5D, 0xCC, 0x59, 0x7D,
  23884. 0xDF, 0xE6, 0x02, 0x9C, 0x2A, 0xFF, 0xC4, 0x93,
  23885. 0x60, 0x08, 0xCD, 0x2C, 0xC1, 0x04, 0x5D, 0x81,
  23886. 0xE0, 0x9B, 0x52, 0x8D, 0x0E, 0xF8, 0xD6, 0xDF,
  23887. 0x1A, 0xA3, 0xEC, 0xBF, 0x80, 0x11, 0x0C, 0xFC,
  23888. 0xEC, 0x9F, 0xC6, 0x82, 0x52, 0xCE, 0xBB, 0x67,
  23889. 0x9F, 0x41, 0x34, 0x84, 0x69, 0x40, 0xCC, 0xFD,
  23890. 0x04,
  23891. 0x75, 0x8A, 0x14, 0x27, 0x79, 0xBE, 0x89, 0xE8,
  23892. 0x29, 0xE7, 0x19, 0x84, 0xCB, 0x40, 0xEF, 0x75,
  23893. 0x8C, 0xC4, 0xAD, 0x77, 0x5F, 0xC5, 0xB9, 0xA3,
  23894. 0xE1, 0xC8, 0xED, 0x52, 0xF6, 0xFA, 0x36, 0xD9,
  23895. 0xA7, 0x9D, 0x24, 0x76, 0x92, 0xF4, 0xED, 0xA3,
  23896. 0xA6, 0xBD, 0xAB, 0x77, 0xD6, 0xAA, 0x64, 0x74,
  23897. 0xA4, 0x64, 0xAE, 0x49, 0x34, 0x66, 0x3C, 0x52,
  23898. 0x65, 0xBA, 0x70, 0x18, 0xBA, 0x09, 0x1F, 0x79
  23899. };
  23900. word32 sigSz = sizeof(sig);
  23901. static const byte pubData[] = {
  23902. 0x50, 0xD4, 0x67, 0x0B, 0xDE, 0x75, 0x24, 0x4F,
  23903. 0x28, 0xD2, 0x83, 0x8A, 0x0D, 0x25, 0x55, 0x8A,
  23904. 0x7A, 0x72, 0x68, 0x6D, 0x45, 0x22, 0xD4, 0xC8,
  23905. 0x27, 0x3F, 0xB6, 0x44, 0x2A, 0xEB, 0xFA, 0x93,
  23906. 0xDB, 0xDD, 0x37, 0x55, 0x1A, 0xFD, 0x26, 0x3B,
  23907. 0x5D, 0xFD, 0x61, 0x7F, 0x39, 0x60, 0xC6, 0x5A,
  23908. 0x8C, 0x29, 0x88, 0x50, 0xFF, 0x99, 0xF2, 0x03,
  23909. 0x66, 0xDC, 0xE7, 0xD4, 0x36, 0x72, 0x17, 0xF4
  23910. };
  23911. static const byte expHash[] = {
  23912. 0x49, 0x0f, 0x3f, 0xeb, 0xbc, 0x1c, 0x90, 0x2f,
  23913. 0x62, 0x89, 0x72, 0x3d, 0x7f, 0x8c, 0xbf, 0x79,
  23914. 0xdb, 0x88, 0x93, 0x08, 0x49, 0xd1, 0x9f, 0x38,
  23915. 0xf0, 0x29, 0x5b, 0x5c, 0x27, 0x6c, 0x14, 0xd1
  23916. };
  23917. ret = wc_ImportEccsiPublicKey(key, pubData, sizeof(pubData), 0);
  23918. if (ret != 0)
  23919. return -10108;
  23920. ret = wc_DecodeEccsiPvtFromSig(key, sig, sigSz, pvt);
  23921. if (ret != 0)
  23922. return -10109;
  23923. ret = wc_HashEccsiId(key, WC_HASH_TYPE_SHA256, id, idSz, pvt, hash,
  23924. &hashSz);
  23925. if (ret != 0)
  23926. return -10112;
  23927. if (hashSz != sizeof(expHash))
  23928. return -10113;
  23929. if (XMEMCMP(hash, expHash, hashSz) != 0)
  23930. return -10114;
  23931. ret = wc_SetEccsiHash(key, hash, hashSz);
  23932. if (ret != 0)
  23933. return -10112;
  23934. ret = wc_VerifyEccsiHash(key, WC_HASH_TYPE_SHA256, msg, msgSz, sig, sigSz,
  23935. &verified);
  23936. if (ret != 0)
  23937. return -10115;
  23938. if (!verified)
  23939. return -10116;
  23940. return 0;
  23941. }
  23942. static int eccsi_enc_dec_pair_test(EccsiKey* priv, mp_int* ssk, ecc_point* pvt)
  23943. {
  23944. int ret;
  23945. byte data[32 * 3];
  23946. word32 sz;
  23947. mp_int decSsk;
  23948. ecc_point* decPvt = NULL;
  23949. ret = mp_init(&decSsk);
  23950. if (ret != 0)
  23951. return -10117;
  23952. decPvt = wc_ecc_new_point();
  23953. if (decPvt == NULL)
  23954. return -10118;
  23955. ret = wc_EncodeEccsiPair(priv, ssk, pvt, NULL, &sz);
  23956. if (ret != LENGTH_ONLY_E)
  23957. return -10119;
  23958. if (sz != 32 * 3)
  23959. return -10120;
  23960. ret = wc_EncodeEccsiPair(priv, ssk, pvt, data, &sz);
  23961. if (ret != 0)
  23962. return -10121;
  23963. if (sz != 32* 3)
  23964. return -10122;
  23965. ret = wc_DecodeEccsiPair(priv, data, sz, &decSsk, decPvt);
  23966. if (ret != 0)
  23967. return -10123;
  23968. if (mp_cmp(ssk, &decSsk) != MP_EQ)
  23969. return -10124;
  23970. if (wc_ecc_cmp_point(pvt, decPvt) != MP_EQ)
  23971. return -10125;
  23972. ret = wc_EncodeEccsiSsk(priv, ssk, NULL, &sz);
  23973. if (ret != LENGTH_ONLY_E)
  23974. return -10119;
  23975. if (sz != 32)
  23976. return -10120;
  23977. ret = wc_EncodeEccsiSsk(priv, ssk, data, &sz);
  23978. if (ret != 0)
  23979. return -10121;
  23980. if (sz != 32)
  23981. return -10122;
  23982. ret = wc_DecodeEccsiSsk(priv, data, sz, &decSsk);
  23983. if (ret != 0)
  23984. return -10123;
  23985. if (mp_cmp(ssk, &decSsk) != MP_EQ)
  23986. return -10124;
  23987. ret = wc_EncodeEccsiPvt(priv, pvt, NULL, &sz, 1);
  23988. if (ret != LENGTH_ONLY_E)
  23989. return -10126;
  23990. if (sz != 32 * 2)
  23991. return -10127;
  23992. ret = wc_EncodeEccsiPvt(priv, pvt, data, &sz, 1);
  23993. if (ret != 0)
  23994. return -10128;
  23995. if (sz != 32 * 2)
  23996. return -10129;
  23997. ret = wc_DecodeEccsiPvt(priv, data, sz, decPvt);
  23998. if (ret != 0)
  23999. return -10130;
  24000. if (wc_ecc_cmp_point(pvt, decPvt) != MP_EQ)
  24001. return -10131;
  24002. sz = sizeof(data);
  24003. ret = wc_EncodeEccsiPvt(priv, pvt, data, &sz, 0);
  24004. if (ret != 0)
  24005. return -10128;
  24006. if (sz != 32 * 2 + 1)
  24007. return -10129;
  24008. ret = wc_DecodeEccsiPvt(priv, data, sz, decPvt);
  24009. if (ret != 0)
  24010. return -10130;
  24011. if (wc_ecc_cmp_point(pvt, decPvt) != MP_EQ)
  24012. return -10131;
  24013. wc_ecc_del_point(decPvt);
  24014. mp_free(&decSsk);
  24015. return 0;
  24016. }
  24017. static int eccsi_imp_exp_key_test(EccsiKey* priv)
  24018. {
  24019. int ret;
  24020. byte data[32 * 3];
  24021. byte out[32 * 3];
  24022. word32 sz;
  24023. ret = wc_ExportEccsiKey(priv, NULL, &sz);
  24024. if (ret != LENGTH_ONLY_E)
  24025. return -10132;
  24026. if (sz != 32 * 3)
  24027. return -10133;
  24028. ret = wc_ExportEccsiKey(priv, data, &sz);
  24029. if (ret != 0)
  24030. return -10134;
  24031. ret = wc_ImportEccsiKey(priv, data, sz);
  24032. if (ret != 0)
  24033. return -10135;
  24034. ret = wc_ExportEccsiKey(priv, NULL, &sz);
  24035. if (ret != LENGTH_ONLY_E)
  24036. return -10132;
  24037. if (sz != 32 * 3)
  24038. return -10143;
  24039. ret = wc_ExportEccsiKey(priv, out, &sz);
  24040. if (ret != 0)
  24041. return -10144;
  24042. if (sz != 32 * 3)
  24043. return -10145;
  24044. if (XMEMCMP(data, out, sz) != 0)
  24045. return -10146;
  24046. ret = wc_ExportEccsiPrivateKey(priv, NULL, &sz);
  24047. if (ret != LENGTH_ONLY_E)
  24048. return -10156;
  24049. if (sz != 32)
  24050. return -10157;
  24051. ret = wc_ExportEccsiPrivateKey(priv, data, &sz);
  24052. if (ret != 0)
  24053. return -10158;
  24054. ret = wc_ImportEccsiPrivateKey(priv, data, sz);
  24055. if (ret != 0)
  24056. return -10159;
  24057. ret = wc_ExportEccsiPrivateKey(priv, NULL, &sz);
  24058. if (ret != LENGTH_ONLY_E)
  24059. return -10152;
  24060. if (sz != 32)
  24061. return -10163;
  24062. ret = wc_ExportEccsiPrivateKey(priv, out, &sz);
  24063. if (ret != 0)
  24064. return -10164;
  24065. if (sz != 32)
  24066. return -10165;
  24067. if (XMEMCMP(data, out, sz) != 0)
  24068. return -10166;
  24069. return 0;
  24070. }
  24071. static int eccsi_imp_exp_pubkey_test(EccsiKey* key1, EccsiKey* key2)
  24072. {
  24073. int ret;
  24074. byte data[32 * 2 + 1];
  24075. byte pubData[32 * 2 + 1];
  24076. word32 sz;
  24077. ret = wc_ExportEccsiPublicKey(key1, NULL, &sz, 1);
  24078. if (ret != LENGTH_ONLY_E)
  24079. return -10136;
  24080. if (sz != 32 * 2)
  24081. return -10137;
  24082. ret = wc_ExportEccsiPublicKey(key1, data, &sz, 1);
  24083. if (ret != 0)
  24084. return -10138;
  24085. ret = wc_ImportEccsiPublicKey(key2, data, sz, 1);
  24086. if (ret != 0)
  24087. return -10139;
  24088. sz = sizeof(pubData);
  24089. ret = wc_ExportEccsiPublicKey(key2, pubData, &sz, 1);
  24090. if (ret != 0)
  24091. return -10140;
  24092. if (sz != 32 * 2)
  24093. return -10141;
  24094. if (XMEMCMP(data, pubData, sz) != 0)
  24095. return -10142;
  24096. sz = sizeof(pubData);
  24097. ret = wc_ExportEccsiPublicKey(key2, pubData, &sz, 0);
  24098. if (ret != 0)
  24099. return -10140;
  24100. if (sz != 32 * 2 + 1)
  24101. return -10141;
  24102. if (pubData[0] != 0x04)
  24103. return -10140;
  24104. if (XMEMCMP(pubData + 1, data, sz - 1) != 0)
  24105. return -10142;
  24106. ret = wc_ImportEccsiPublicKey(key2, pubData, sz, 0);
  24107. if (ret != 0)
  24108. return -10139;
  24109. return 0;
  24110. }
  24111. static int eccsi_make_key_test(EccsiKey* priv, EccsiKey* pub, WC_RNG* rng,
  24112. mp_int* ssk, ecc_point* pvt)
  24113. {
  24114. int ret;
  24115. char mail[] = "test@wolfssl.com";
  24116. byte* id = (byte*)mail;
  24117. word32 idSz = (word32) XSTRLEN(mail);
  24118. int valid;
  24119. ret = wc_MakeEccsiKey(priv, rng);
  24120. if (ret != 0)
  24121. return -10143;
  24122. ret = eccsi_imp_exp_key_test(priv);
  24123. if (ret < 0)
  24124. return ret;
  24125. ret = eccsi_imp_exp_pubkey_test(priv, pub);
  24126. if (ret < 0)
  24127. return ret;
  24128. ret = wc_MakeEccsiPair(priv, rng, WC_HASH_TYPE_SHA256, id, idSz, ssk, pvt);
  24129. if (ret != 0)
  24130. return -10144;
  24131. ret = wc_ValidateEccsiPair(pub, WC_HASH_TYPE_SHA256, id, idSz, ssk, pvt,
  24132. &valid);
  24133. if (ret != 0)
  24134. return -10145;
  24135. if (!valid)
  24136. return -10146;
  24137. ret = eccsi_enc_dec_pair_test(priv, ssk, pvt);
  24138. if (ret != 0)
  24139. return ret;
  24140. return 0;
  24141. }
  24142. static int eccsi_sign_verify_test(EccsiKey* priv, EccsiKey* pub, WC_RNG* rng,
  24143. mp_int* ssk, ecc_point* pvt)
  24144. {
  24145. int ret;
  24146. byte hashPriv[WC_MAX_DIGEST_SIZE];
  24147. byte hashPub[WC_MAX_DIGEST_SIZE];
  24148. byte hashSz;
  24149. byte sig[144];
  24150. word32 sigSz;
  24151. int verified, valid;
  24152. char mail[] = "test@wolfssl.com";
  24153. byte* id = (byte*)mail;
  24154. word32 idSz = (word32) XSTRLEN(mail);
  24155. byte msg[] = { 0x00 };
  24156. word32 msgSz = sizeof(msg);
  24157. ret = wc_HashEccsiId(priv, WC_HASH_TYPE_SHA256, id, idSz, pvt, hashPriv,
  24158. &hashSz);
  24159. if (ret != 0)
  24160. return -10147;
  24161. if (hashSz != 32)
  24162. return -10148;
  24163. ret = wc_HashEccsiId(priv, WC_HASH_TYPE_SHA256, id, idSz, pvt, hashPub,
  24164. &hashSz);
  24165. if (ret != 0)
  24166. return -10149;
  24167. if (hashSz != 32)
  24168. return -10150;
  24169. if (XMEMCMP(hashPriv, hashPub, hashSz) != 0)
  24170. return -10151;
  24171. ret = wc_SetEccsiHash(priv, hashPriv, hashSz);
  24172. if (ret != 0)
  24173. return -10149;
  24174. ret = wc_SetEccsiPair(priv, ssk, pvt);
  24175. if (ret != 0)
  24176. return -10149;
  24177. ret = wc_SignEccsiHash(priv, rng, WC_HASH_TYPE_SHA256, msg, msgSz, NULL,
  24178. &sigSz);
  24179. if (ret != LENGTH_ONLY_E)
  24180. return -10152;
  24181. if (sigSz != 129)
  24182. return -10153;
  24183. ret = wc_SignEccsiHash(priv, rng, WC_HASH_TYPE_SHA256, msg, msgSz, sig,
  24184. &sigSz);
  24185. if (ret != 0)
  24186. return -10154;
  24187. ret = wc_SetEccsiHash(pub, hashPub, hashSz);
  24188. if (ret != 0)
  24189. return -10149;
  24190. ret = wc_VerifyEccsiHash(pub, WC_HASH_TYPE_SHA256, msg, msgSz, sig, sigSz,
  24191. &verified);
  24192. if (ret != 0)
  24193. return -10155;
  24194. if (!verified)
  24195. return -10156;
  24196. /* Check that changing HS results in verification failure. */
  24197. hashPub[0] ^= 0x80;
  24198. ret = wc_SetEccsiHash(pub, hashPub, hashSz);
  24199. if (ret != 0)
  24200. return -10149;
  24201. ret = wc_VerifyEccsiHash(pub, WC_HASH_TYPE_SHA256, msg, msgSz, sig, sigSz,
  24202. &verified);
  24203. if (ret != 0)
  24204. return -10157;
  24205. if (verified)
  24206. return -10158;
  24207. hashPub[0] ^= 0x80;
  24208. ret = wc_SetEccsiHash(pub, hashPub, hashSz);
  24209. if (ret != 0)
  24210. return -10149;
  24211. /* Check that changing msg results in verification failure. */
  24212. msg[0] ^= 0x80;
  24213. ret = wc_VerifyEccsiHash(pub, WC_HASH_TYPE_SHA256, msg, msgSz, sig, sigSz,
  24214. &verified);
  24215. if (ret != 0)
  24216. return -10159;
  24217. if (verified)
  24218. return -10160;
  24219. msg[0] ^= 0x80;
  24220. /* Check that changing signature results in verification failure. */
  24221. sig[0] ^= 0x80;
  24222. ret = wc_VerifyEccsiHash(pub, WC_HASH_TYPE_SHA256, msg, msgSz, sig, sigSz,
  24223. &verified);
  24224. if (ret != 0)
  24225. return -10161;
  24226. if (verified)
  24227. return -10162;
  24228. sig[0] ^= 0x80;
  24229. /* Check that key state hasn't been invalidated. */
  24230. ret = wc_VerifyEccsiHash(pub, WC_HASH_TYPE_SHA256, msg, msgSz, sig, sigSz,
  24231. &verified);
  24232. if (ret != 0)
  24233. return -10163;
  24234. if (!verified)
  24235. return -10164;
  24236. /* Check that verifying with the private key works. */
  24237. ret = wc_VerifyEccsiHash(priv, WC_HASH_TYPE_SHA256, msg, msgSz, sig, sigSz,
  24238. &verified);
  24239. if (ret != 0)
  24240. return -10165;
  24241. if (!verified)
  24242. return -10166;
  24243. /* Check that the KPAK is converted from montogmery form. */
  24244. ret = eccsi_imp_exp_key_test(priv);
  24245. if (ret != 0)
  24246. return ret;
  24247. /* Check that KPAK can converted to Montogmery form again. */
  24248. ret = wc_VerifyEccsiHash(priv, WC_HASH_TYPE_SHA256, msg, msgSz, sig, sigSz,
  24249. &verified);
  24250. if (ret != 0)
  24251. return -10167;
  24252. if (!verified)
  24253. return -10168;
  24254. /* Check that the KPAK is converted from montogmery form. */
  24255. ret = wc_ValidateEccsiPair(pub, WC_HASH_TYPE_SHA256, id, idSz, ssk, pvt,
  24256. &valid);
  24257. if (ret != 0)
  24258. return -10169;
  24259. if (!valid)
  24260. return -10170;
  24261. /* Check that KPAK can converted to Montogmery form again. */
  24262. ret = wc_VerifyEccsiHash(priv, WC_HASH_TYPE_SHA256, msg, msgSz, sig, sigSz,
  24263. &verified);
  24264. if (ret != 0)
  24265. return -10171;
  24266. if (!verified)
  24267. return -10172;
  24268. /* Check that the KPAK is converted from montogmery form. */
  24269. ret = eccsi_imp_exp_pubkey_test(priv, pub);
  24270. if (ret != 0)
  24271. return ret;
  24272. return 0;
  24273. }
  24274. int eccsi_test(void)
  24275. {
  24276. int ret = 0;
  24277. WC_RNG rng;
  24278. EccsiKey* priv = NULL;
  24279. EccsiKey* pub = NULL;
  24280. mp_int* ssk = NULL;
  24281. ecc_point* pvt = NULL;
  24282. priv = (EccsiKey*)XMALLOC(sizeof(EccsiKey), HEAP_HINT,
  24283. DYNAMIC_TYPE_TMP_BUFFER);
  24284. if (priv == NULL) {
  24285. ret = -10205;
  24286. }
  24287. if (ret == 0) {
  24288. pub = (EccsiKey*)XMALLOC(sizeof(EccsiKey), HEAP_HINT,
  24289. DYNAMIC_TYPE_TMP_BUFFER);
  24290. if (pub == NULL) {
  24291. ret = -10206;
  24292. }
  24293. }
  24294. if (ret == 0) {
  24295. ssk = (mp_int*)XMALLOC(sizeof(mp_int), HEAP_HINT,
  24296. DYNAMIC_TYPE_TMP_BUFFER);
  24297. if (ssk == NULL) {
  24298. ret = -10207;
  24299. }
  24300. }
  24301. if (ret == 0) {
  24302. #ifndef HAVE_FIPS
  24303. ret = wc_InitRng_ex(&rng, HEAP_HINT, devId);
  24304. #else
  24305. ret = wc_InitRng(&rng);
  24306. #endif
  24307. if (ret != 0)
  24308. ret = -10200;
  24309. }
  24310. if (ret == 0) {
  24311. pvt = wc_ecc_new_point();
  24312. if (pvt == NULL)
  24313. ret = -10201;
  24314. }
  24315. if (ret == 0) {
  24316. ret = mp_init(ssk);
  24317. if (ret != 0)
  24318. ret = -10202;
  24319. }
  24320. if (ret == 0) {
  24321. ret = eccsi_api_test(&rng, priv, ssk, pvt);
  24322. }
  24323. if (ret == 0) {
  24324. ret = wc_InitEccsiKey(pub, HEAP_HINT, INVALID_DEVID);
  24325. if (ret != 0)
  24326. ret = -10203;
  24327. }
  24328. if (ret == 0) {
  24329. ret = wc_InitEccsiKey(priv, HEAP_HINT, INVALID_DEVID);
  24330. if (ret != 0)
  24331. ret = -10204;
  24332. }
  24333. if (ret == 0) {
  24334. ret = eccsi_kat_verify_test(pub, pvt);
  24335. }
  24336. if (ret == 0) {
  24337. ret = eccsi_make_key_test(priv, pub, &rng, ssk, pvt);
  24338. }
  24339. if (ret == 0) {
  24340. ret = eccsi_sign_verify_test(priv, pub, &rng, ssk, pvt);
  24341. }
  24342. wc_FreeEccsiKey(priv);
  24343. wc_FreeEccsiKey(pub);
  24344. mp_free(ssk);
  24345. wc_ecc_del_point(pvt);
  24346. if (ret != -10200)
  24347. wc_FreeRng(&rng);
  24348. if (ssk != NULL)
  24349. XFREE(ssk, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  24350. if (pub != NULL)
  24351. XFREE(pub, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  24352. if (priv != NULL)
  24353. XFREE(priv, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  24354. return ret;
  24355. }
  24356. #endif /* WOLFCRYPT_HAVE_ECCSI */
  24357. #ifdef WOLFCRYPT_HAVE_SAKKE
  24358. static int sakke_api_test(WC_RNG* rng, SakkeKey* key, ecc_point* rsk)
  24359. {
  24360. int ret;
  24361. byte id[1] = { 0x00 };
  24362. int valid;
  24363. byte data[256];
  24364. word32 sz;
  24365. byte auth[257];
  24366. word16 authSz;
  24367. byte ssv[256];
  24368. word16 ssvSz;
  24369. word32 len;
  24370. ret = wc_InitSakkeKey_ex(NULL, 128, ECC_SAKKE_1, NULL, INVALID_DEVID);
  24371. if (ret != BAD_FUNC_ARG)
  24372. return -10205;
  24373. ret = wc_InitSakkeKey_ex(NULL, 128, ECC_SAKKE_1, HEAP_HINT, INVALID_DEVID);
  24374. if (ret != BAD_FUNC_ARG)
  24375. return -10206;
  24376. wc_FreeSakkeKey(NULL);
  24377. XMEMSET(key, 0, sizeof(*key));
  24378. wc_FreeSakkeKey(key);
  24379. ret = wc_InitSakkeKey_ex(key, 128, ECC_SAKKE_1, HEAP_HINT, INVALID_DEVID);
  24380. if (ret != 0)
  24381. return -10207;
  24382. ret = wc_MakeSakkeKey(NULL, NULL);
  24383. if (ret != BAD_FUNC_ARG)
  24384. return -10208;
  24385. ret = wc_MakeSakkeKey(key, NULL);
  24386. if (ret != BAD_FUNC_ARG)
  24387. return -10209;
  24388. ret = wc_MakeSakkeKey(NULL, rng);
  24389. if (ret != BAD_FUNC_ARG)
  24390. return -10210;
  24391. ret = wc_MakeSakkePublicKey(NULL, NULL);
  24392. if (ret != BAD_FUNC_ARG)
  24393. return -10211;
  24394. ret = wc_MakeSakkePublicKey(key, NULL);
  24395. if (ret != BAD_FUNC_ARG)
  24396. return -10212;
  24397. ret = wc_MakeSakkePublicKey(NULL, rsk);
  24398. if (ret != BAD_FUNC_ARG)
  24399. return -10213;
  24400. ret = wc_MakeSakkeRsk(NULL, NULL, 1, NULL);
  24401. if (ret != BAD_FUNC_ARG)
  24402. return -10214;
  24403. ret = wc_MakeSakkeRsk(key, id, 1, NULL);
  24404. if (ret != BAD_FUNC_ARG)
  24405. return -10215;
  24406. ret = wc_MakeSakkeRsk(key, NULL, 1, rsk);
  24407. if (ret != BAD_FUNC_ARG)
  24408. return -10216;
  24409. ret = wc_MakeSakkeRsk(NULL, id, 1, rsk);
  24410. if (ret != BAD_FUNC_ARG)
  24411. return -10217;
  24412. ret = wc_ValidateSakkeRsk(NULL, NULL, 1, NULL, NULL);
  24413. if (ret != BAD_FUNC_ARG)
  24414. return -10218;
  24415. ret = wc_ValidateSakkeRsk(key, id, 1, rsk, NULL);
  24416. if (ret != BAD_FUNC_ARG)
  24417. return -10219;
  24418. ret = wc_ValidateSakkeRsk(NULL, id, 1, rsk, &valid);
  24419. if (ret != BAD_FUNC_ARG)
  24420. return -10220;
  24421. ret = wc_ExportSakkeKey(NULL, NULL, NULL);
  24422. if (ret != BAD_FUNC_ARG)
  24423. return -10221;
  24424. ret = wc_ExportSakkeKey(key, data, NULL);
  24425. if (ret != BAD_FUNC_ARG)
  24426. return -10222;
  24427. ret = wc_ExportSakkeKey(NULL, data, &sz);
  24428. if (ret != BAD_FUNC_ARG)
  24429. return -10223;
  24430. ret = wc_ImportSakkeKey(NULL, NULL, 1);
  24431. if (ret != BAD_FUNC_ARG)
  24432. return -10224;
  24433. ret = wc_ImportSakkeKey(key, NULL, 1);
  24434. if (ret != BAD_FUNC_ARG)
  24435. return -10225;
  24436. ret = wc_ImportSakkeKey(NULL, data, 1);
  24437. if (ret != BAD_FUNC_ARG)
  24438. return -10226;
  24439. ret = wc_ExportSakkePrivateKey(NULL, NULL, NULL);
  24440. if (ret != BAD_FUNC_ARG)
  24441. return -10227;
  24442. ret = wc_ExportSakkePrivateKey(key, data, NULL);
  24443. if (ret != BAD_FUNC_ARG)
  24444. return -10228;
  24445. ret = wc_ExportSakkePrivateKey(NULL, data, &sz);
  24446. if (ret != BAD_FUNC_ARG)
  24447. return -10229;
  24448. ret = wc_ImportSakkePrivateKey(NULL, NULL, 1);
  24449. if (ret != BAD_FUNC_ARG)
  24450. return -10230;
  24451. ret = wc_ImportSakkePrivateKey(key, NULL, 1);
  24452. if (ret != BAD_FUNC_ARG)
  24453. return -10231;
  24454. ret = wc_ImportSakkePrivateKey(NULL, data, 1);
  24455. if (ret != BAD_FUNC_ARG)
  24456. return -10232;
  24457. sz = sizeof(data);
  24458. ret = wc_EncodeSakkeRsk(NULL, NULL, data, NULL, 1);
  24459. if (ret != BAD_FUNC_ARG)
  24460. return -10233;
  24461. ret = wc_EncodeSakkeRsk(key, rsk, data, NULL, 1);
  24462. if (ret != BAD_FUNC_ARG)
  24463. return -10234;
  24464. ret = wc_EncodeSakkeRsk(key, NULL, data, &sz, 1);
  24465. if (ret != BAD_FUNC_ARG)
  24466. return -10235;
  24467. ret = wc_EncodeSakkeRsk(NULL, rsk, data, &sz, 1);
  24468. if (ret != BAD_FUNC_ARG)
  24469. return -10236;
  24470. ret = wc_DecodeSakkeRsk(NULL, NULL, sz, NULL);
  24471. if (ret != BAD_FUNC_ARG)
  24472. return -10237;
  24473. ret = wc_DecodeSakkeRsk(key, data, sz, NULL);
  24474. if (ret != BAD_FUNC_ARG)
  24475. return -10238;
  24476. ret = wc_DecodeSakkeRsk(key, NULL, sz, rsk);
  24477. if (ret != BAD_FUNC_ARG)
  24478. return -10239;
  24479. ret = wc_DecodeSakkeRsk(NULL, data, sz, rsk);
  24480. if (ret != BAD_FUNC_ARG)
  24481. return -10240;
  24482. ret = wc_ImportSakkeRsk(NULL, NULL, sz);
  24483. if (ret != BAD_FUNC_ARG)
  24484. return -10237;
  24485. ret = wc_ImportSakkeRsk(key, NULL, sz);
  24486. if (ret != BAD_FUNC_ARG)
  24487. return -10237;
  24488. ret = wc_ImportSakkeRsk(NULL, data, sz);
  24489. if (ret != BAD_FUNC_ARG)
  24490. return -10237;
  24491. ret = wc_ImportSakkeRsk(key, data, 1);
  24492. if (ret != BUFFER_E)
  24493. return -10237;
  24494. ret = wc_GenerateSakkeRskTable(NULL, NULL, data, NULL);
  24495. if (ret != BAD_FUNC_ARG)
  24496. return -10241;
  24497. ret = wc_GenerateSakkeRskTable(key, NULL, data, NULL);
  24498. if (ret != BAD_FUNC_ARG)
  24499. return -10242;
  24500. ret = wc_GenerateSakkeRskTable(NULL, rsk, data, NULL);
  24501. if (ret != BAD_FUNC_ARG)
  24502. return -10243;
  24503. ret = wc_GenerateSakkeRskTable(NULL, NULL, data, &len);
  24504. if (ret != BAD_FUNC_ARG)
  24505. return -10244;
  24506. ret = wc_GenerateSakkeRskTable(key, rsk, data, NULL);
  24507. if (ret != BAD_FUNC_ARG)
  24508. return -10245;
  24509. ret = wc_GenerateSakkeRskTable(key, NULL, data, &len);
  24510. if (ret != BAD_FUNC_ARG)
  24511. return -10246;
  24512. ret = wc_GenerateSakkeRskTable(NULL, rsk, data, &len);
  24513. if (ret != BAD_FUNC_ARG)
  24514. return -10247;
  24515. ret = wc_GenerateSakkeRskTable(key, rsk, NULL, &len);
  24516. if (ret != LENGTH_ONLY_E)
  24517. return -10248;
  24518. len--;
  24519. ret = wc_GenerateSakkeRskTable(key, rsk, data, &len);
  24520. if (ret != BUFFER_E)
  24521. return -10249;
  24522. ret = wc_ExportSakkePublicKey(NULL, data, NULL, 1);
  24523. if (ret != BAD_FUNC_ARG)
  24524. return -10250;
  24525. ret = wc_ExportSakkePublicKey(key, data, NULL, 1);
  24526. if (ret != BAD_FUNC_ARG)
  24527. return -10251;
  24528. ret = wc_ExportSakkePublicKey(NULL, data, &sz, 1);
  24529. if (ret != BAD_FUNC_ARG)
  24530. return -10252;
  24531. ret = wc_ImportSakkePublicKey(NULL, NULL, sz, 1);
  24532. if (ret != BAD_FUNC_ARG)
  24533. return -10253;
  24534. ret = wc_ImportSakkePublicKey(key, NULL, sz, 1);
  24535. if (ret != BAD_FUNC_ARG)
  24536. return -10254;
  24537. ret = wc_ImportSakkePublicKey(NULL, data, sz, 1);
  24538. if (ret != BAD_FUNC_ARG)
  24539. return -10255;
  24540. ret = wc_GetSakkeAuthSize(NULL, NULL);
  24541. if (ret != BAD_FUNC_ARG)
  24542. return -10256;
  24543. ret = wc_GetSakkeAuthSize(key, NULL);
  24544. if (ret != BAD_FUNC_ARG)
  24545. return -10257;
  24546. ret = wc_GetSakkeAuthSize(NULL, &authSz);
  24547. if (ret != BAD_FUNC_ARG)
  24548. return -10258;
  24549. ret = wc_MakeSakkePointI(NULL, NULL, SAKKE_ID_MAX_SIZE + 1);
  24550. if (ret != BAD_FUNC_ARG)
  24551. return -10259;
  24552. ret = wc_MakeSakkePointI(key, NULL, SAKKE_ID_MAX_SIZE + 1);
  24553. if (ret != BAD_FUNC_ARG)
  24554. return -10260;
  24555. ret = wc_MakeSakkePointI(NULL, id, 1);
  24556. if (ret != BAD_FUNC_ARG)
  24557. return -10261;
  24558. ret = wc_MakeSakkePointI(NULL, NULL, 1);
  24559. if (ret != BAD_FUNC_ARG)
  24560. return -10262;
  24561. ret = wc_MakeSakkePointI(key, id, SAKKE_ID_MAX_SIZE + 1);
  24562. if (ret != BAD_FUNC_ARG)
  24563. return -10263;
  24564. ret = wc_MakeSakkePointI(key, NULL, 1);
  24565. if (ret != BAD_FUNC_ARG)
  24566. return -10264;
  24567. ret = wc_MakeSakkePointI(NULL, id, 1);
  24568. if (ret != BAD_FUNC_ARG)
  24569. return -10265;
  24570. ret = wc_GenerateSakkePointITable(NULL, data, NULL);
  24571. if (ret != BAD_FUNC_ARG)
  24572. return -10266;
  24573. ret = wc_GenerateSakkePointITable(key, data, NULL);
  24574. if (ret != BAD_FUNC_ARG)
  24575. return -10267;
  24576. ret = wc_GenerateSakkePointITable(NULL, data, &len);
  24577. if (ret != BAD_FUNC_ARG)
  24578. return -10268;
  24579. ret = wc_GenerateSakkePointITable(key, NULL, &len);
  24580. if (ret != LENGTH_ONLY_E)
  24581. return -10269;
  24582. len--;
  24583. ret = wc_GenerateSakkePointITable(key, data, &len);
  24584. if (ret != BUFFER_E)
  24585. return -10270;
  24586. ret = wc_SetSakkePointITable(NULL, NULL, 1);
  24587. if (ret != BAD_FUNC_ARG)
  24588. return -10271;
  24589. ret = wc_SetSakkePointITable(key, NULL, 1);
  24590. if (ret != BAD_FUNC_ARG)
  24591. return -10272;
  24592. ret = wc_SetSakkePointITable(NULL, data, 1);
  24593. if (ret != BAD_FUNC_ARG)
  24594. return -10273;
  24595. ret = wc_SetSakkePointITable(key, data, 1);
  24596. if (ret != BUFFER_E)
  24597. return -10274;
  24598. ret = wc_ClearSakkePointITable(NULL);
  24599. if (ret != BAD_FUNC_ARG)
  24600. return -10275;
  24601. ret = wc_GetSakkePointI(NULL, data, NULL);
  24602. if (ret != BAD_FUNC_ARG)
  24603. return -10276;
  24604. ret = wc_GetSakkePointI(key, data, NULL);
  24605. if (ret != BAD_FUNC_ARG)
  24606. return -10277;
  24607. ret = wc_GetSakkePointI(NULL, data, &sz);
  24608. if (ret != BAD_FUNC_ARG)
  24609. return -10278;
  24610. sz = 1;
  24611. ret = wc_GetSakkePointI(key, data, &sz);
  24612. if (ret != BUFFER_E)
  24613. return -10279;
  24614. sz = 256;
  24615. ret = wc_SetSakkePointI(NULL, NULL, 1, NULL, sz);
  24616. if (ret != BAD_FUNC_ARG)
  24617. return -10280;
  24618. ret = wc_SetSakkePointI(key, NULL, 1, NULL, sz);
  24619. if (ret != BAD_FUNC_ARG)
  24620. return -10281;
  24621. ret = wc_SetSakkePointI(NULL, id, 1, NULL, sz);
  24622. if (ret != BAD_FUNC_ARG)
  24623. return -10282;
  24624. ret = wc_SetSakkePointI(NULL, NULL, 1, data, sz);
  24625. if (ret != BAD_FUNC_ARG)
  24626. return -10283;
  24627. ret = wc_SetSakkePointI(key, id, 1, NULL, sz);
  24628. if (ret != BAD_FUNC_ARG)
  24629. return -10284;
  24630. ret = wc_SetSakkePointI(key, NULL, 1, data, sz);
  24631. if (ret != BAD_FUNC_ARG)
  24632. return -10285;
  24633. ret = wc_SetSakkePointI(NULL, id, 1, data, sz);
  24634. if (ret != BAD_FUNC_ARG)
  24635. return -10286;
  24636. ret = wc_SetSakkePointI(key, id, SAKKE_ID_MAX_SIZE + 1, data, sz);
  24637. if (ret != BUFFER_E)
  24638. return -10287;
  24639. ret = wc_SetSakkePointI(key, id, 1, data, sz - 1);
  24640. if (ret != BUFFER_E)
  24641. return -10288;
  24642. ret = wc_SetSakkeIdentity(NULL, NULL, 1);
  24643. if (ret != BAD_FUNC_ARG)
  24644. return -10286;
  24645. ret = wc_SetSakkeIdentity(key, NULL, 1);
  24646. if (ret != BAD_FUNC_ARG)
  24647. return -10286;
  24648. ret = wc_SetSakkeIdentity(NULL, id, 1);
  24649. if (ret != BAD_FUNC_ARG)
  24650. return -10286;
  24651. ssvSz = sizeof(ssv);
  24652. ret = wc_MakeSakkeEncapsulatedSSV(NULL, WC_HASH_TYPE_SHA256, NULL, ssvSz,
  24653. auth, NULL);
  24654. if (ret != BAD_FUNC_ARG)
  24655. return -10289;
  24656. ret = wc_MakeSakkeEncapsulatedSSV(key, WC_HASH_TYPE_SHA256, NULL, ssvSz,
  24657. auth, NULL);
  24658. if (ret != BAD_FUNC_ARG)
  24659. return -10290;
  24660. ret = wc_MakeSakkeEncapsulatedSSV(NULL, WC_HASH_TYPE_SHA256, ssv, ssvSz,
  24661. auth, NULL);
  24662. if (ret != BAD_FUNC_ARG)
  24663. return -10291;
  24664. ret = wc_MakeSakkeEncapsulatedSSV(NULL, WC_HASH_TYPE_SHA256, NULL, ssvSz,
  24665. auth, &authSz);
  24666. if (ret != BAD_FUNC_ARG)
  24667. return -10292;
  24668. ret = wc_MakeSakkeEncapsulatedSSV(key, WC_HASH_TYPE_SHA256, ssv, ssvSz,
  24669. auth, NULL);
  24670. if (ret != BAD_FUNC_ARG)
  24671. return -10293;
  24672. ret = wc_MakeSakkeEncapsulatedSSV(key, WC_HASH_TYPE_SHA256, NULL, ssvSz,
  24673. auth, &authSz);
  24674. if (ret != BAD_FUNC_ARG)
  24675. return -10294;
  24676. ret = wc_MakeSakkeEncapsulatedSSV(NULL, WC_HASH_TYPE_SHA256, ssv, ssvSz,
  24677. auth, &authSz);
  24678. if (ret != BAD_FUNC_ARG)
  24679. return -10295;
  24680. ret = wc_MakeSakkeEncapsulatedSSV(key, WC_HASH_TYPE_SHA256, ssv, ssvSz,
  24681. auth, &authSz);
  24682. if (ret != BAD_STATE_E)
  24683. return -10295;
  24684. ret = wc_GenerateSakkeSSV(NULL, NULL, data, NULL);
  24685. if (ret != BAD_FUNC_ARG)
  24686. return -10296;
  24687. ret = wc_GenerateSakkeSSV(key, rng, data, NULL);
  24688. if (ret != BAD_FUNC_ARG)
  24689. return -10297;
  24690. ret = wc_GenerateSakkeSSV(key, NULL, data, &ssvSz);
  24691. if (ret != BAD_FUNC_ARG)
  24692. return -10298;
  24693. ret = wc_GenerateSakkeSSV(NULL, rng, data, &ssvSz);
  24694. if (ret != BAD_FUNC_ARG)
  24695. return -10299;
  24696. ret = wc_SetSakkeRsk(NULL, NULL, data, 1);
  24697. if (ret != BAD_FUNC_ARG)
  24698. return -10286;
  24699. ret = wc_SetSakkeRsk(key, NULL, data, 1);
  24700. if (ret != BAD_FUNC_ARG)
  24701. return -10286;
  24702. ret = wc_SetSakkeRsk(NULL, rsk, data, 1);
  24703. if (ret != BAD_FUNC_ARG)
  24704. return -10286;
  24705. ssvSz = sizeof(ssv);
  24706. authSz = sizeof(auth);
  24707. ret = wc_DeriveSakkeSSV(NULL, WC_HASH_TYPE_SHA256, NULL, ssvSz, NULL,
  24708. authSz);
  24709. if (ret != BAD_FUNC_ARG)
  24710. return -10300;
  24711. ret = wc_DeriveSakkeSSV(key, WC_HASH_TYPE_SHA256, NULL, ssvSz, NULL,
  24712. authSz);
  24713. if (ret != BAD_FUNC_ARG)
  24714. return -10300;
  24715. ret = wc_DeriveSakkeSSV(NULL, WC_HASH_TYPE_SHA256, ssv, ssvSz, NULL,
  24716. authSz);
  24717. if (ret != BAD_FUNC_ARG)
  24718. return -10300;
  24719. ret = wc_DeriveSakkeSSV(NULL, WC_HASH_TYPE_SHA256, NULL, ssvSz, auth,
  24720. authSz);
  24721. if (ret != BAD_FUNC_ARG)
  24722. return -10300;
  24723. ret = wc_DeriveSakkeSSV(key, WC_HASH_TYPE_SHA256, ssv, ssvSz, NULL,
  24724. authSz);
  24725. if (ret != BAD_FUNC_ARG)
  24726. return -10300;
  24727. ret = wc_DeriveSakkeSSV(key, WC_HASH_TYPE_SHA256, NULL, ssvSz, auth,
  24728. authSz);
  24729. if (ret != BAD_FUNC_ARG)
  24730. return -10300;
  24731. ret = wc_DeriveSakkeSSV(NULL, WC_HASH_TYPE_SHA256, ssv, ssvSz, auth,
  24732. authSz);
  24733. if (ret != BAD_FUNC_ARG)
  24734. return -10300;
  24735. ret = wc_DeriveSakkeSSV(key, WC_HASH_TYPE_SHA256, ssv, ssvSz, auth,
  24736. authSz);
  24737. if (ret != BAD_STATE_E)
  24738. return -10300;
  24739. ret = wc_SetSakkeIdentity(key, id, 1);
  24740. if (ret != 0)
  24741. return -10286;
  24742. ret = wc_DeriveSakkeSSV(key, WC_HASH_TYPE_SHA256, ssv, ssvSz, auth,
  24743. authSz);
  24744. if (ret != BAD_STATE_E)
  24745. return -10300;
  24746. ret = wc_SetSakkeIdentity(key, id, 0);
  24747. if (ret != 0)
  24748. return -10286;
  24749. ret = wc_SetSakkeRsk(key, rsk, data, 1);
  24750. if (ret != 0)
  24751. return -10286;
  24752. ret = wc_DeriveSakkeSSV(key, WC_HASH_TYPE_SHA256, ssv, ssvSz, auth,
  24753. authSz);
  24754. if (ret != BAD_STATE_E)
  24755. return -10300;
  24756. wc_FreeSakkeKey(key);
  24757. return 0;
  24758. }
  24759. static int sakke_kat_derive_test(SakkeKey* key, ecc_point* rsk)
  24760. {
  24761. static const byte pubData[] = {
  24762. 0x59, 0x58, 0xEF, 0x1B, 0x16, 0x79, 0xBF, 0x09,
  24763. 0x9B, 0x3A, 0x03, 0x0D, 0xF2, 0x55, 0xAA, 0x6A,
  24764. 0x23, 0xC1, 0xD8, 0xF1, 0x43, 0xD4, 0xD2, 0x3F,
  24765. 0x75, 0x3E, 0x69, 0xBD, 0x27, 0xA8, 0x32, 0xF3,
  24766. 0x8C, 0xB4, 0xAD, 0x53, 0xDD, 0xEF, 0x42, 0x60,
  24767. 0xB0, 0xFE, 0x8B, 0xB4, 0x5C, 0x4C, 0x1F, 0xF5,
  24768. 0x10, 0xEF, 0xFE, 0x30, 0x03, 0x67, 0xA3, 0x7B,
  24769. 0x61, 0xF7, 0x01, 0xD9, 0x14, 0xAE, 0xF0, 0x97,
  24770. 0x24, 0x82, 0x5F, 0xA0, 0x70, 0x7D, 0x61, 0xA6,
  24771. 0xDF, 0xF4, 0xFB, 0xD7, 0x27, 0x35, 0x66, 0xCD,
  24772. 0xDE, 0x35, 0x2A, 0x0B, 0x04, 0xB7, 0xC1, 0x6A,
  24773. 0x78, 0x30, 0x9B, 0xE6, 0x40, 0x69, 0x7D, 0xE7,
  24774. 0x47, 0x61, 0x3A, 0x5F, 0xC1, 0x95, 0xE8, 0xB9,
  24775. 0xF3, 0x28, 0x85, 0x2A, 0x57, 0x9D, 0xB8, 0xF9,
  24776. 0x9B, 0x1D, 0x00, 0x34, 0x47, 0x9E, 0xA9, 0xC5,
  24777. 0x59, 0x5F, 0x47, 0xC4, 0xB2, 0xF5, 0x4F, 0xF2,
  24778. 0x15, 0x08, 0xD3, 0x75, 0x14, 0xDC, 0xF7, 0xA8,
  24779. 0xE1, 0x43, 0xA6, 0x05, 0x8C, 0x09, 0xA6, 0xBF,
  24780. 0x2C, 0x98, 0x58, 0xCA, 0x37, 0xC2, 0x58, 0x06,
  24781. 0x5A, 0xE6, 0xBF, 0x75, 0x32, 0xBC, 0x8B, 0x5B,
  24782. 0x63, 0x38, 0x38, 0x66, 0xE0, 0x75, 0x3C, 0x5A,
  24783. 0xC0, 0xE7, 0x27, 0x09, 0xF8, 0x44, 0x5F, 0x2E,
  24784. 0x61, 0x78, 0xE0, 0x65, 0x85, 0x7E, 0x0E, 0xDA,
  24785. 0x10, 0xF6, 0x82, 0x06, 0xB6, 0x35, 0x05, 0xED,
  24786. 0x87, 0xE5, 0x34, 0xFB, 0x28, 0x31, 0xFF, 0x95,
  24787. 0x7F, 0xB7, 0xDC, 0x61, 0x9D, 0xAE, 0x61, 0x30,
  24788. 0x1E, 0xEA, 0xCC, 0x2F, 0xDA, 0x36, 0x80, 0xEA,
  24789. 0x49, 0x99, 0x25, 0x8A, 0x83, 0x3C, 0xEA, 0x8F,
  24790. 0xC6, 0x7C, 0x6D, 0x19, 0x48, 0x7F, 0xB4, 0x49,
  24791. 0x05, 0x9F, 0x26, 0xCC, 0x8A, 0xAB, 0x65, 0x5A,
  24792. 0xB5, 0x8B, 0x7C, 0xC7, 0x96, 0xE2, 0x4E, 0x9A,
  24793. 0x39, 0x40, 0x95, 0x75, 0x4F, 0x5F, 0x8B, 0xAE
  24794. };
  24795. static const byte rskData[] = {
  24796. 0x93, 0xAF, 0x67, 0xE5, 0x00, 0x7B, 0xA6, 0xE6,
  24797. 0xA8, 0x0D, 0xA7, 0x93, 0xDA, 0x30, 0x0F, 0xA4,
  24798. 0xB5, 0x2D, 0x0A, 0x74, 0xE2, 0x5E, 0x6E, 0x7B,
  24799. 0x2B, 0x3D, 0x6E, 0xE9, 0xD1, 0x8A, 0x9B, 0x5C,
  24800. 0x50, 0x23, 0x59, 0x7B, 0xD8, 0x2D, 0x80, 0x62,
  24801. 0xD3, 0x40, 0x19, 0x56, 0x3B, 0xA1, 0xD2, 0x5C,
  24802. 0x0D, 0xC5, 0x6B, 0x7B, 0x97, 0x9D, 0x74, 0xAA,
  24803. 0x50, 0xF2, 0x9F, 0xBF, 0x11, 0xCC, 0x2C, 0x93,
  24804. 0xF5, 0xDF, 0xCA, 0x61, 0x5E, 0x60, 0x92, 0x79,
  24805. 0xF6, 0x17, 0x5C, 0xEA, 0xDB, 0x00, 0xB5, 0x8C,
  24806. 0x6B, 0xEE, 0x1E, 0x7A, 0x2A, 0x47, 0xC4, 0xF0,
  24807. 0xC4, 0x56, 0xF0, 0x52, 0x59, 0xA6, 0xFA, 0x94,
  24808. 0xA6, 0x34, 0xA4, 0x0D, 0xAE, 0x1D, 0xF5, 0x93,
  24809. 0xD4, 0xFE, 0xCF, 0x68, 0x8D, 0x5F, 0xC6, 0x78,
  24810. 0xBE, 0x7E, 0xFC, 0x6D, 0xF3, 0xD6, 0x83, 0x53,
  24811. 0x25, 0xB8, 0x3B, 0x2C, 0x6E, 0x69, 0x03, 0x6B,
  24812. 0x15, 0x5F, 0x0A, 0x27, 0x24, 0x10, 0x94, 0xB0,
  24813. 0x4B, 0xFB, 0x0B, 0xDF, 0xAC, 0x6C, 0x67, 0x0A,
  24814. 0x65, 0xC3, 0x25, 0xD3, 0x9A, 0x06, 0x9F, 0x03,
  24815. 0x65, 0x9D, 0x44, 0xCA, 0x27, 0xD3, 0xBE, 0x8D,
  24816. 0xF3, 0x11, 0x17, 0x2B, 0x55, 0x41, 0x60, 0x18,
  24817. 0x1C, 0xBE, 0x94, 0xA2, 0xA7, 0x83, 0x32, 0x0C,
  24818. 0xED, 0x59, 0x0B, 0xC4, 0x26, 0x44, 0x70, 0x2C,
  24819. 0xF3, 0x71, 0x27, 0x1E, 0x49, 0x6B, 0xF2, 0x0F,
  24820. 0x58, 0x8B, 0x78, 0xA1, 0xBC, 0x01, 0xEC, 0xBB,
  24821. 0x65, 0x59, 0x93, 0x4B, 0xDD, 0x2F, 0xB6, 0x5D,
  24822. 0x28, 0x84, 0x31, 0x8A, 0x33, 0xD1, 0xA4, 0x2A,
  24823. 0xDF, 0x5E, 0x33, 0xCC, 0x58, 0x00, 0x28, 0x0B,
  24824. 0x28, 0x35, 0x64, 0x97, 0xF8, 0x71, 0x35, 0xBA,
  24825. 0xB9, 0x61, 0x2A, 0x17, 0x26, 0x04, 0x24, 0x40,
  24826. 0x9A, 0xC1, 0x5F, 0xEE, 0x99, 0x6B, 0x74, 0x4C,
  24827. 0x33, 0x21, 0x51, 0x23, 0x5D, 0xEC, 0xB0, 0xF5
  24828. };
  24829. static const byte id[] = {
  24830. 0x32, 0x30, 0x31, 0x31, 0x2D, 0x30, 0x32, 0x00,
  24831. 0x74, 0x65, 0x6C, 0x3A, 0x2B, 0x34, 0x34, 0x37,
  24832. 0x37, 0x30, 0x30, 0x39, 0x30, 0x30, 0x31, 0x32,
  24833. 0x33, 0x00
  24834. };
  24835. static const byte ssv[] = {
  24836. 0x12, 0x34, 0x56, 0x78, 0x9A, 0xBC, 0xDE, 0xF0,
  24837. 0x12, 0x34, 0x56, 0x78, 0x9A, 0xBC, 0xDE, 0xF0
  24838. };
  24839. static const byte auth[] = {
  24840. 0x04,
  24841. 0x44, 0xE8, 0xAD, 0x44, 0xAB, 0x85, 0x92, 0xA6,
  24842. 0xA5, 0xA3, 0xDD, 0xCA, 0x5C, 0xF8, 0x96, 0xC7,
  24843. 0x18, 0x04, 0x36, 0x06, 0xA0, 0x1D, 0x65, 0x0D,
  24844. 0xEF, 0x37, 0xA0, 0x1F, 0x37, 0xC2, 0x28, 0xC3,
  24845. 0x32, 0xFC, 0x31, 0x73, 0x54, 0xE2, 0xC2, 0x74,
  24846. 0xD4, 0xDA, 0xF8, 0xAD, 0x00, 0x10, 0x54, 0xC7,
  24847. 0x6C, 0xE5, 0x79, 0x71, 0xC6, 0xF4, 0x48, 0x6D,
  24848. 0x57, 0x23, 0x04, 0x32, 0x61, 0xC5, 0x06, 0xEB,
  24849. 0xF5, 0xBE, 0x43, 0x8F, 0x53, 0xDE, 0x04, 0xF0,
  24850. 0x67, 0xC7, 0x76, 0xE0, 0xDD, 0x3B, 0x71, 0xA6,
  24851. 0x29, 0x01, 0x33, 0x28, 0x37, 0x25, 0xA5, 0x32,
  24852. 0xF2, 0x1A, 0xF1, 0x45, 0x12, 0x6D, 0xC1, 0xD7,
  24853. 0x77, 0xEC, 0xC2, 0x7B, 0xE5, 0x08, 0x35, 0xBD,
  24854. 0x28, 0x09, 0x8B, 0x8A, 0x73, 0xD9, 0xF8, 0x01,
  24855. 0xD8, 0x93, 0x79, 0x3A, 0x41, 0xFF, 0x5C, 0x49,
  24856. 0xB8, 0x7E, 0x79, 0xF2, 0xBE, 0x4D, 0x56, 0xCE,
  24857. 0x55, 0x7E, 0x13, 0x4A, 0xD8, 0x5B, 0xB1, 0xD4,
  24858. 0xB9, 0xCE, 0x4F, 0x8B, 0xE4, 0xB0, 0x8A, 0x12,
  24859. 0xBA, 0xBF, 0x55, 0xB1, 0xD6, 0xF1, 0xD7, 0xA6,
  24860. 0x38, 0x01, 0x9E, 0xA2, 0x8E, 0x15, 0xAB, 0x1C,
  24861. 0x9F, 0x76, 0x37, 0x5F, 0xDD, 0x12, 0x10, 0xD4,
  24862. 0xF4, 0x35, 0x1B, 0x9A, 0x00, 0x94, 0x86, 0xB7,
  24863. 0xF3, 0xED, 0x46, 0xC9, 0x65, 0xDE, 0xD2, 0xD8,
  24864. 0x0D, 0xAD, 0xE4, 0xF3, 0x8C, 0x67, 0x21, 0xD5,
  24865. 0x2C, 0x3A, 0xD1, 0x03, 0xA1, 0x0E, 0xBD, 0x29,
  24866. 0x59, 0x24, 0x8B, 0x4E, 0xF0, 0x06, 0x83, 0x6B,
  24867. 0xF0, 0x97, 0x44, 0x8E, 0x61, 0x07, 0xC9, 0xED,
  24868. 0xEE, 0x9F, 0xB7, 0x04, 0x82, 0x3D, 0xF1, 0x99,
  24869. 0xF8, 0x32, 0xC9, 0x05, 0xAE, 0x45, 0xF8, 0xA2,
  24870. 0x47, 0xA0, 0x72, 0xD8, 0xEF, 0x72, 0x9E, 0xAB,
  24871. 0xC5, 0xE2, 0x75, 0x74, 0xB0, 0x77, 0x39, 0xB3,
  24872. 0x4B, 0xE7, 0x4A, 0x53, 0x2F, 0x74, 0x7B, 0x86
  24873. };
  24874. byte encSsv[] = {
  24875. 0x89, 0xE0, 0xBC, 0x66, 0x1A, 0xA1, 0xE9, 0x16,
  24876. 0x38, 0xE6, 0xAC, 0xC8, 0x4E, 0x49, 0x65, 0x07
  24877. };
  24878. int ret;
  24879. int valid;
  24880. byte pubKey[sizeof(pubData) + 1];
  24881. word32 sz = sizeof(pubKey);
  24882. byte tmpSsv[sizeof(encSsv)];
  24883. byte* iTable = NULL;
  24884. word32 iTableLen;
  24885. byte* table = NULL;
  24886. word32 len;
  24887. ret = wc_ImportSakkePublicKey(key, pubData, sizeof(pubData), 0);
  24888. if (ret != 0)
  24889. return -10315;
  24890. ret = wc_DecodeSakkeRsk(key, rskData, sizeof(rskData), rsk);
  24891. if (ret != 0)
  24892. return -10316;
  24893. ret = wc_ValidateSakkeRsk(key, id, sizeof(id), rsk, &valid);
  24894. if (ret != 0)
  24895. return -10317;
  24896. if (valid != 1)
  24897. return -10318;
  24898. ret = wc_SetSakkeRsk(key, rsk, NULL, 0);
  24899. if (ret != 0)
  24900. return -10319;
  24901. ret = wc_SetSakkeIdentity(key, id, sizeof(id));
  24902. if (ret != 0)
  24903. return -10319;
  24904. XMEMCPY(tmpSsv, encSsv, sizeof(encSsv));
  24905. ret = wc_DeriveSakkeSSV(key, WC_HASH_TYPE_SHA256, tmpSsv, sizeof(tmpSsv),
  24906. auth, sizeof(auth));
  24907. if (ret != 0)
  24908. return -10322;
  24909. if (XMEMCMP(tmpSsv, ssv, sizeof(ssv)) != 0)
  24910. return -10320;
  24911. ret = wc_MakeSakkePointI(key, id, sizeof(id));
  24912. if (ret != 0)
  24913. return -10321;
  24914. iTableLen = 0;
  24915. ret = wc_GenerateSakkePointITable(key, NULL, &iTableLen);
  24916. if (ret != LENGTH_ONLY_E)
  24917. return -10322;
  24918. if (iTableLen != 0) {
  24919. iTable = (byte*)XMALLOC(iTableLen, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  24920. if (iTable == NULL)
  24921. return -10323;
  24922. ret = wc_GenerateSakkePointITable(key, iTable, &iTableLen);
  24923. if (ret != 0)
  24924. return -10324;
  24925. }
  24926. len = 0;
  24927. ret = wc_GenerateSakkeRskTable(key, rsk, NULL, &len);
  24928. if (ret != LENGTH_ONLY_E)
  24929. return -10325;
  24930. if (len > 0) {
  24931. table = (byte*)XMALLOC(len, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  24932. if (table == NULL)
  24933. return -10326;
  24934. ret = wc_GenerateSakkeRskTable(key, rsk, table, &len);
  24935. if (ret != 0)
  24936. return -10327;
  24937. }
  24938. ret = wc_SetSakkeRsk(key, rsk, table, len);
  24939. if (ret != 0)
  24940. return -10319;
  24941. XMEMCPY(tmpSsv, encSsv, sizeof(encSsv));
  24942. ret = wc_DeriveSakkeSSV(key, WC_HASH_TYPE_SHA256, tmpSsv, sizeof(tmpSsv),
  24943. auth, sizeof(auth));
  24944. if (ret != 0)
  24945. return -10328;
  24946. if (XMEMCMP(tmpSsv, ssv, sizeof(ssv)) != 0)
  24947. return -10329;
  24948. /* Don't reference table that is about to be freed. */
  24949. ret = wc_ClearSakkePointITable(key);
  24950. if (ret != 0)
  24951. return -10330;
  24952. /* Dispose of tables */
  24953. if (iTable != NULL)
  24954. XFREE(iTable, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  24955. if (table != NULL)
  24956. XFREE(table, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  24957. /* Make sure the key public key is exportable - convert to Montgomery form
  24958. * in Validation.
  24959. */
  24960. ret = wc_ExportSakkePublicKey(key, pubKey, &sz, 1);
  24961. if (ret != 0)
  24962. return -10331;
  24963. if (sz != sizeof(pubData))
  24964. return -10332;
  24965. if (XMEMCMP(pubKey, pubData, sizeof(pubData)) != 0)
  24966. return -10333;
  24967. sz = sizeof(pubData) + 1;
  24968. ret = wc_ExportSakkePublicKey(key, pubKey, &sz, 0);
  24969. if (ret != 0)
  24970. return -10334;
  24971. if (sz != sizeof(pubData) + 1)
  24972. return -10335;
  24973. if (pubKey[0] != 0x04)
  24974. return -10336;
  24975. if (XMEMCMP(pubKey + 1, pubData, sizeof(pubData)) != 0)
  24976. return -10337;
  24977. return 0;
  24978. }
  24979. static int sakke_kat_encapsulate_test(SakkeKey* key)
  24980. {
  24981. static const byte pubData[] = {
  24982. 0x59, 0x58, 0xEF, 0x1B, 0x16, 0x79, 0xBF, 0x09,
  24983. 0x9B, 0x3A, 0x03, 0x0D, 0xF2, 0x55, 0xAA, 0x6A,
  24984. 0x23, 0xC1, 0xD8, 0xF1, 0x43, 0xD4, 0xD2, 0x3F,
  24985. 0x75, 0x3E, 0x69, 0xBD, 0x27, 0xA8, 0x32, 0xF3,
  24986. 0x8C, 0xB4, 0xAD, 0x53, 0xDD, 0xEF, 0x42, 0x60,
  24987. 0xB0, 0xFE, 0x8B, 0xB4, 0x5C, 0x4C, 0x1F, 0xF5,
  24988. 0x10, 0xEF, 0xFE, 0x30, 0x03, 0x67, 0xA3, 0x7B,
  24989. 0x61, 0xF7, 0x01, 0xD9, 0x14, 0xAE, 0xF0, 0x97,
  24990. 0x24, 0x82, 0x5F, 0xA0, 0x70, 0x7D, 0x61, 0xA6,
  24991. 0xDF, 0xF4, 0xFB, 0xD7, 0x27, 0x35, 0x66, 0xCD,
  24992. 0xDE, 0x35, 0x2A, 0x0B, 0x04, 0xB7, 0xC1, 0x6A,
  24993. 0x78, 0x30, 0x9B, 0xE6, 0x40, 0x69, 0x7D, 0xE7,
  24994. 0x47, 0x61, 0x3A, 0x5F, 0xC1, 0x95, 0xE8, 0xB9,
  24995. 0xF3, 0x28, 0x85, 0x2A, 0x57, 0x9D, 0xB8, 0xF9,
  24996. 0x9B, 0x1D, 0x00, 0x34, 0x47, 0x9E, 0xA9, 0xC5,
  24997. 0x59, 0x5F, 0x47, 0xC4, 0xB2, 0xF5, 0x4F, 0xF2,
  24998. 0x15, 0x08, 0xD3, 0x75, 0x14, 0xDC, 0xF7, 0xA8,
  24999. 0xE1, 0x43, 0xA6, 0x05, 0x8C, 0x09, 0xA6, 0xBF,
  25000. 0x2C, 0x98, 0x58, 0xCA, 0x37, 0xC2, 0x58, 0x06,
  25001. 0x5A, 0xE6, 0xBF, 0x75, 0x32, 0xBC, 0x8B, 0x5B,
  25002. 0x63, 0x38, 0x38, 0x66, 0xE0, 0x75, 0x3C, 0x5A,
  25003. 0xC0, 0xE7, 0x27, 0x09, 0xF8, 0x44, 0x5F, 0x2E,
  25004. 0x61, 0x78, 0xE0, 0x65, 0x85, 0x7E, 0x0E, 0xDA,
  25005. 0x10, 0xF6, 0x82, 0x06, 0xB6, 0x35, 0x05, 0xED,
  25006. 0x87, 0xE5, 0x34, 0xFB, 0x28, 0x31, 0xFF, 0x95,
  25007. 0x7F, 0xB7, 0xDC, 0x61, 0x9D, 0xAE, 0x61, 0x30,
  25008. 0x1E, 0xEA, 0xCC, 0x2F, 0xDA, 0x36, 0x80, 0xEA,
  25009. 0x49, 0x99, 0x25, 0x8A, 0x83, 0x3C, 0xEA, 0x8F,
  25010. 0xC6, 0x7C, 0x6D, 0x19, 0x48, 0x7F, 0xB4, 0x49,
  25011. 0x05, 0x9F, 0x26, 0xCC, 0x8A, 0xAB, 0x65, 0x5A,
  25012. 0xB5, 0x8B, 0x7C, 0xC7, 0x96, 0xE2, 0x4E, 0x9A,
  25013. 0x39, 0x40, 0x95, 0x75, 0x4F, 0x5F, 0x8B, 0xAE
  25014. };
  25015. static const byte id[] = {
  25016. 0x32, 0x30, 0x31, 0x31, 0x2D, 0x30, 0x32, 0x00,
  25017. 0x74, 0x65, 0x6C, 0x3A, 0x2B, 0x34, 0x34, 0x37,
  25018. 0x37, 0x30, 0x30, 0x39, 0x30, 0x30, 0x31, 0x32,
  25019. 0x33, 0x00
  25020. };
  25021. static word32 idSz = sizeof(id);
  25022. byte ssv[] = {
  25023. 0x12, 0x34, 0x56, 0x78, 0x9A, 0xBC, 0xDE, 0xF0,
  25024. 0x12, 0x34, 0x56, 0x78, 0x9A, 0xBC, 0xDE, 0xF0
  25025. };
  25026. static word16 ssvSz = sizeof(ssv);
  25027. static const byte expAuth[] = {
  25028. 0x04,
  25029. 0x44, 0xE8, 0xAD, 0x44, 0xAB, 0x85, 0x92, 0xA6,
  25030. 0xA5, 0xA3, 0xDD, 0xCA, 0x5C, 0xF8, 0x96, 0xC7,
  25031. 0x18, 0x04, 0x36, 0x06, 0xA0, 0x1D, 0x65, 0x0D,
  25032. 0xEF, 0x37, 0xA0, 0x1F, 0x37, 0xC2, 0x28, 0xC3,
  25033. 0x32, 0xFC, 0x31, 0x73, 0x54, 0xE2, 0xC2, 0x74,
  25034. 0xD4, 0xDA, 0xF8, 0xAD, 0x00, 0x10, 0x54, 0xC7,
  25035. 0x6C, 0xE5, 0x79, 0x71, 0xC6, 0xF4, 0x48, 0x6D,
  25036. 0x57, 0x23, 0x04, 0x32, 0x61, 0xC5, 0x06, 0xEB,
  25037. 0xF5, 0xBE, 0x43, 0x8F, 0x53, 0xDE, 0x04, 0xF0,
  25038. 0x67, 0xC7, 0x76, 0xE0, 0xDD, 0x3B, 0x71, 0xA6,
  25039. 0x29, 0x01, 0x33, 0x28, 0x37, 0x25, 0xA5, 0x32,
  25040. 0xF2, 0x1A, 0xF1, 0x45, 0x12, 0x6D, 0xC1, 0xD7,
  25041. 0x77, 0xEC, 0xC2, 0x7B, 0xE5, 0x08, 0x35, 0xBD,
  25042. 0x28, 0x09, 0x8B, 0x8A, 0x73, 0xD9, 0xF8, 0x01,
  25043. 0xD8, 0x93, 0x79, 0x3A, 0x41, 0xFF, 0x5C, 0x49,
  25044. 0xB8, 0x7E, 0x79, 0xF2, 0xBE, 0x4D, 0x56, 0xCE,
  25045. 0x55, 0x7E, 0x13, 0x4A, 0xD8, 0x5B, 0xB1, 0xD4,
  25046. 0xB9, 0xCE, 0x4F, 0x8B, 0xE4, 0xB0, 0x8A, 0x12,
  25047. 0xBA, 0xBF, 0x55, 0xB1, 0xD6, 0xF1, 0xD7, 0xA6,
  25048. 0x38, 0x01, 0x9E, 0xA2, 0x8E, 0x15, 0xAB, 0x1C,
  25049. 0x9F, 0x76, 0x37, 0x5F, 0xDD, 0x12, 0x10, 0xD4,
  25050. 0xF4, 0x35, 0x1B, 0x9A, 0x00, 0x94, 0x86, 0xB7,
  25051. 0xF3, 0xED, 0x46, 0xC9, 0x65, 0xDE, 0xD2, 0xD8,
  25052. 0x0D, 0xAD, 0xE4, 0xF3, 0x8C, 0x67, 0x21, 0xD5,
  25053. 0x2C, 0x3A, 0xD1, 0x03, 0xA1, 0x0E, 0xBD, 0x29,
  25054. 0x59, 0x24, 0x8B, 0x4E, 0xF0, 0x06, 0x83, 0x6B,
  25055. 0xF0, 0x97, 0x44, 0x8E, 0x61, 0x07, 0xC9, 0xED,
  25056. 0xEE, 0x9F, 0xB7, 0x04, 0x82, 0x3D, 0xF1, 0x99,
  25057. 0xF8, 0x32, 0xC9, 0x05, 0xAE, 0x45, 0xF8, 0xA2,
  25058. 0x47, 0xA0, 0x72, 0xD8, 0xEF, 0x72, 0x9E, 0xAB,
  25059. 0xC5, 0xE2, 0x75, 0x74, 0xB0, 0x77, 0x39, 0xB3,
  25060. 0x4B, 0xE7, 0x4A, 0x53, 0x2F, 0x74, 0x7B, 0x86
  25061. };
  25062. static const byte encSsv[] = {
  25063. 0x89, 0xE0, 0xBC, 0x66, 0x1A, 0xA1, 0xE9, 0x16,
  25064. 0x38, 0xE6, 0xAC, 0xC8, 0x4E, 0x49, 0x65, 0x07
  25065. };
  25066. int ret;
  25067. byte auth[257];
  25068. word16 authSz = sizeof(auth);
  25069. ret = wc_ImportSakkePublicKey(key, pubData, sizeof(pubData), 0);
  25070. if (ret != 0)
  25071. return -10334;
  25072. ret = wc_SetSakkeIdentity(key, id, idSz);
  25073. if (ret != 0)
  25074. return -10335;
  25075. ret = wc_MakeSakkeEncapsulatedSSV(key, WC_HASH_TYPE_SHA256, ssv, ssvSz,
  25076. auth, &authSz);
  25077. if (ret != 0)
  25078. return -10336;
  25079. if (authSz != 257)
  25080. return -10337;
  25081. if (XMEMCMP(ssv, encSsv, ssvSz) != 0)
  25082. return -10338;
  25083. if (XMEMCMP(auth, expAuth, authSz) != 0)
  25084. return -10339;
  25085. return 0;
  25086. }
  25087. static int sakke_make_key_test(SakkeKey* priv, SakkeKey* pub, SakkeKey* key,
  25088. WC_RNG* rng, ecc_point* rsk)
  25089. {
  25090. int ret;
  25091. byte data[440];
  25092. byte pubData[257];
  25093. word32 sz;
  25094. char mail[] = "test@wolfssl.com";
  25095. byte* id = (byte*)mail;
  25096. word32 idSz = (word32)XSTRLEN(mail);
  25097. int valid;
  25098. ecc_point* pubKey = rsk;
  25099. ret = wc_InitSakkeKey_ex(key, 128, ECC_SAKKE_1, NULL, INVALID_DEVID);
  25100. if (ret != 0)
  25101. return -10339;
  25102. ret = wc_MakeSakkeKey(priv, rng);
  25103. if (ret != 0)
  25104. return -10340;
  25105. ret = wc_ExportSakkeKey(priv, NULL, &sz);
  25106. if (ret != LENGTH_ONLY_E)
  25107. return -10341;
  25108. if (sz != 384)
  25109. return -10342;
  25110. sz--;
  25111. ret = wc_ExportSakkeKey(priv, data, &sz);
  25112. if (ret == 0)
  25113. return -10343;
  25114. sz++;
  25115. ret = wc_ExportSakkeKey(priv, data, &sz);
  25116. if (ret != 0)
  25117. return -10344;
  25118. if (sz != 384)
  25119. return -10345;
  25120. ret = wc_ImportSakkeKey(key, data, sz - 1);
  25121. if (ret == 0)
  25122. return -10346;
  25123. ret = wc_ImportSakkeKey(key, data, sz);
  25124. if (ret != 0)
  25125. return -10347;
  25126. wc_FreeSakkeKey(key);
  25127. ret = wc_InitSakkeKey_ex(key, 128, ECC_SAKKE_1, NULL, INVALID_DEVID);
  25128. if (ret != 0)
  25129. return -10348;
  25130. ret = wc_ExportSakkePrivateKey(priv, NULL, &sz);
  25131. if (ret != LENGTH_ONLY_E)
  25132. return -10349;
  25133. if (sz != 128)
  25134. return -10350;
  25135. sz--;
  25136. ret = wc_ExportSakkePrivateKey(priv, data, &sz);
  25137. if (ret == 0)
  25138. return -10351;
  25139. sz++;
  25140. ret = wc_ExportSakkePrivateKey(priv, data, &sz);
  25141. if (ret != 0)
  25142. return -10352;
  25143. if (sz != 128)
  25144. return -10353;
  25145. ret = wc_ImportSakkePrivateKey(key, data, sz - 1);
  25146. if (ret == 0)
  25147. return -10354;
  25148. ret = wc_ImportSakkePrivateKey(key, data, sz);
  25149. if (ret != 0)
  25150. return -10355;
  25151. ret = wc_MakeSakkePublicKey(key, pubKey);
  25152. if (ret != 0)
  25153. return -10356;
  25154. ret = wc_ExportSakkePublicKey(priv, NULL, &sz, 1);
  25155. if (ret != LENGTH_ONLY_E)
  25156. return -10357;
  25157. if (sz != 256)
  25158. return -10358;
  25159. sz--;
  25160. ret = wc_ExportSakkePublicKey(priv, data, &sz, 1);
  25161. if (ret == 0)
  25162. return -10359;
  25163. sz++;
  25164. ret = wc_ExportSakkePublicKey(priv, data, &sz, 1);
  25165. if (ret != 0)
  25166. return -10360;
  25167. if (sz != 256)
  25168. return -10361;
  25169. ret = wc_ImportSakkePublicKey(pub, data, sz - 1, 1);
  25170. if (ret == 0)
  25171. return -10362;
  25172. ret = wc_ImportSakkePublicKey(pub, data, sz, 1);
  25173. if (ret != 0)
  25174. return -10363;
  25175. ret = wc_ExportSakkePublicKey(pub, pubData, &sz, 1);
  25176. if (ret != 0)
  25177. return -10364;
  25178. if (sz != 256)
  25179. return -10365;
  25180. if (XMEMCMP(data, pubData, sz) != 0)
  25181. return -10366;
  25182. ret = wc_MakeSakkeRsk(priv, id, idSz, rsk);
  25183. if (ret != 0)
  25184. return -10367;
  25185. ret = wc_ValidateSakkeRsk(priv, id, idSz, rsk, &valid);
  25186. if (ret != 0)
  25187. return -10368;
  25188. if (valid != 1)
  25189. return -10369;
  25190. ret = wc_ValidateSakkeRsk(pub, id, idSz, rsk, &valid);
  25191. if (ret != 0)
  25192. return -10370;
  25193. if (valid != 1)
  25194. return -10371;
  25195. sz = sizeof(data);
  25196. ret = wc_EncodeSakkeRsk(priv, rsk, data, &sz, 1);
  25197. if (ret != 0)
  25198. return -10372;
  25199. if (sz != 256)
  25200. return -10373;
  25201. ret = wc_DecodeSakkeRsk(priv, data, sz, rsk);
  25202. if (ret != 0)
  25203. return -10374;
  25204. sz = sizeof(pubData);
  25205. ret = wc_EncodeSakkeRsk(priv, rsk, pubData, &sz, 0);
  25206. if (ret != 0)
  25207. return -10375;
  25208. if (sz != sizeof(pubData))
  25209. return -10376;
  25210. ret = wc_DecodeSakkeRsk(priv, pubData, sz, rsk);
  25211. if (ret != 0)
  25212. return -10377;
  25213. wc_FreeSakkeKey(key);
  25214. return 0;
  25215. }
  25216. static int sakke_op_test(SakkeKey* priv, SakkeKey* pub, WC_RNG* rng,
  25217. ecc_point* rsk)
  25218. {
  25219. int ret;
  25220. byte ssv[16];
  25221. word16 ssvSz;
  25222. byte auth[257];
  25223. word16 authSz;
  25224. char mail[] = "test@wolfssl.com";
  25225. byte* id = (byte*)mail;
  25226. word32 idSz = (word32)XSTRLEN(mail);
  25227. byte pointI[256];
  25228. word32 sz;
  25229. ret = wc_GenerateSakkeSSV(pub, rng, NULL, &ssvSz);
  25230. if (ret != LENGTH_ONLY_E)
  25231. return -10375;
  25232. if (ssvSz != 16)
  25233. return -10376;
  25234. ssvSz += 128;
  25235. ret = wc_GenerateSakkeSSV(pub, rng, ssv, &ssvSz);
  25236. if (ret == 0)
  25237. return -10377;
  25238. ssvSz -= 128;
  25239. ret = wc_GenerateSakkeSSV(pub, rng, ssv, &ssvSz);
  25240. if (ret != 0)
  25241. return -10378;
  25242. if (ssvSz != 16)
  25243. return -10379;
  25244. ret = wc_GetSakkeAuthSize(pub, &authSz);
  25245. if (ret != 0)
  25246. return -10380;
  25247. ret = wc_SetSakkeIdentity(pub, id, idSz);
  25248. if (ret != 0)
  25249. return -10380;
  25250. ret = wc_MakeSakkeEncapsulatedSSV(pub, WC_HASH_TYPE_SHA256, ssv, ssvSz,
  25251. NULL, &authSz);
  25252. if (ret != LENGTH_ONLY_E)
  25253. return -10381;
  25254. if (authSz != 257)
  25255. return -10382;
  25256. authSz--;
  25257. ret = wc_MakeSakkeEncapsulatedSSV(pub, WC_HASH_TYPE_SHA256, ssv, ssvSz,
  25258. auth, &authSz);
  25259. if (ret == 0)
  25260. return -10383;
  25261. authSz++;
  25262. ret = wc_MakeSakkeEncapsulatedSSV(pub, WC_HASH_TYPE_SHA256, ssv, ssvSz,
  25263. auth, &authSz);
  25264. if (ret != 0)
  25265. return -10384;
  25266. if (authSz != 257)
  25267. return -10385;
  25268. ret = wc_GetSakkePointI(pub, NULL, &sz);
  25269. if (ret != LENGTH_ONLY_E)
  25270. return -10386;
  25271. if (sz != 256)
  25272. return -10387;
  25273. ret = wc_GetSakkePointI(pub, pointI, &sz);
  25274. if (ret != 0)
  25275. return -10388;
  25276. if (sz != 256)
  25277. return -10389;
  25278. /* Bogus identity - make it check and regenerate I. */
  25279. ret = wc_MakeSakkePointI(pub, ssv, ssvSz);
  25280. if (ret != 0)
  25281. return -10391;
  25282. ret = wc_MakeSakkeEncapsulatedSSV(pub, WC_HASH_TYPE_SHA256, ssv, ssvSz,
  25283. auth, &authSz);
  25284. if (ret != 0)
  25285. return -10392;
  25286. if (authSz != 257)
  25287. return -10393;
  25288. ret = wc_SetSakkeRsk(priv, rsk, NULL, 0);
  25289. if (ret != 0)
  25290. return -10392;
  25291. ret = wc_SetSakkeIdentity(priv, id, idSz);
  25292. if (ret != 0)
  25293. return -10392;
  25294. authSz--;
  25295. ret = wc_DeriveSakkeSSV(priv, WC_HASH_TYPE_SHA256, ssv, ssvSz, auth,
  25296. authSz);
  25297. if (ret == 0)
  25298. return -10394;
  25299. authSz++;
  25300. ret = wc_DeriveSakkeSSV(priv, WC_HASH_TYPE_SHA256, ssv, ssvSz, auth,
  25301. authSz);
  25302. if (ret != 0)
  25303. return -10395;
  25304. ssv[0] ^= 0x80;
  25305. ret = wc_DeriveSakkeSSV(priv, WC_HASH_TYPE_SHA256, ssv, ssvSz, auth,
  25306. authSz);
  25307. if (ret != SAKKE_VERIFY_FAIL_E)
  25308. return -10396;
  25309. ssv[0] ^= 0x80;
  25310. /* Bogus identity - make it check and regenerate I. */
  25311. ret = wc_MakeSakkePointI(pub, ssv, idSz);
  25312. if (ret != 0)
  25313. return -10397;
  25314. ret = wc_DeriveSakkeSSV(priv, WC_HASH_TYPE_SHA256, ssv, ssvSz, auth,
  25315. authSz);
  25316. if (ret != 0)
  25317. return -10398;
  25318. return 0;
  25319. }
  25320. int sakke_test(void)
  25321. {
  25322. int ret = 0;
  25323. WC_RNG rng;
  25324. SakkeKey* priv = NULL;
  25325. SakkeKey* pub = NULL;
  25326. SakkeKey* key = NULL;
  25327. ecc_point* rsk = NULL;
  25328. priv = (SakkeKey*)XMALLOC(sizeof(SakkeKey), HEAP_HINT,
  25329. DYNAMIC_TYPE_TMP_BUFFER);
  25330. if (priv == NULL) {
  25331. ret = -10404;
  25332. }
  25333. if (ret == 0) {
  25334. pub = (SakkeKey*)XMALLOC(sizeof(SakkeKey), HEAP_HINT,
  25335. DYNAMIC_TYPE_TMP_BUFFER);
  25336. if (pub == NULL) {
  25337. ret = -10405;
  25338. }
  25339. }
  25340. if (ret == 0) {
  25341. key = (SakkeKey*)XMALLOC(sizeof(SakkeKey), HEAP_HINT,
  25342. DYNAMIC_TYPE_TMP_BUFFER);
  25343. if (key == NULL) {
  25344. ret = -10406;
  25345. }
  25346. }
  25347. if (ret == 0) {
  25348. #ifndef HAVE_FIPS
  25349. ret = wc_InitRng_ex(&rng, HEAP_HINT, devId);
  25350. #else
  25351. ret = wc_InitRng(&rng);
  25352. #endif
  25353. if (ret != 0)
  25354. ret = -10400;
  25355. }
  25356. if (ret == 0) {
  25357. rsk = wc_ecc_new_point();
  25358. if (rsk == NULL)
  25359. ret = -10401;
  25360. }
  25361. if (ret == 0) {
  25362. ret = wc_InitSakkeKey(pub, HEAP_HINT, INVALID_DEVID);
  25363. if (ret != 0)
  25364. ret = -10402;
  25365. }
  25366. if (ret == 0) {
  25367. ret = wc_InitSakkeKey(priv, HEAP_HINT, INVALID_DEVID);
  25368. if (ret != 0)
  25369. ret = -10403;
  25370. }
  25371. if (ret == 0) {
  25372. ret = sakke_api_test(&rng, key, rsk);
  25373. }
  25374. if (ret == 0) {
  25375. ret = sakke_kat_derive_test(pub, rsk);
  25376. }
  25377. if (ret == 0) {
  25378. ret = sakke_kat_encapsulate_test(pub);
  25379. }
  25380. if (ret == 0) {
  25381. ret = sakke_make_key_test(priv, pub, key, &rng, rsk);
  25382. }
  25383. if (ret == 0) {
  25384. ret = sakke_op_test(priv, pub, &rng, rsk);
  25385. }
  25386. wc_FreeSakkeKey(priv);
  25387. wc_FreeSakkeKey(pub);
  25388. wc_ecc_forcezero_point(rsk);
  25389. wc_ecc_del_point(rsk);
  25390. if (ret != -10400)
  25391. wc_FreeRng(&rng);
  25392. if (key != NULL)
  25393. XFREE(key, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  25394. if (pub != NULL)
  25395. XFREE(pub, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  25396. if (priv != NULL)
  25397. XFREE(priv, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  25398. return ret;
  25399. }
  25400. #endif /* WOLFCRYPT_HAVE_SAKKE */
  25401. #if defined(WOLFSSL_CMAC) && !defined(NO_AES)
  25402. typedef struct CMAC_Test_Case {
  25403. int type;
  25404. int partial;
  25405. const byte* m;
  25406. word32 mSz;
  25407. const byte* k;
  25408. word32 kSz;
  25409. const byte* t;
  25410. word32 tSz;
  25411. } CMAC_Test_Case;
  25412. WOLFSSL_TEST_SUBROUTINE int cmac_test(void)
  25413. {
  25414. #ifdef WOLFSSL_AES_128
  25415. WOLFSSL_SMALL_STACK_STATIC const byte k128[] =
  25416. {
  25417. 0x2b, 0x7e, 0x15, 0x16, 0x28, 0xae, 0xd2, 0xa6,
  25418. 0xab, 0xf7, 0x15, 0x88, 0x09, 0xcf, 0x4f, 0x3c
  25419. };
  25420. #define KLEN_128 (sizeof(k128))
  25421. #endif
  25422. #ifdef WOLFSSL_AES_192
  25423. WOLFSSL_SMALL_STACK_STATIC const byte k192[] =
  25424. {
  25425. 0x8e, 0x73, 0xb0, 0xf7, 0xda, 0x0e, 0x64, 0x52,
  25426. 0xc8, 0x10, 0xf3, 0x2b, 0x80, 0x90, 0x79, 0xe5,
  25427. 0x62, 0xf8, 0xea, 0xd2, 0x52, 0x2c, 0x6b, 0x7b
  25428. };
  25429. #define KLEN_192 (sizeof(k192))
  25430. #endif
  25431. #ifdef WOLFSSL_AES_256
  25432. WOLFSSL_SMALL_STACK_STATIC const byte k256[] =
  25433. {
  25434. 0x60, 0x3d, 0xeb, 0x10, 0x15, 0xca, 0x71, 0xbe,
  25435. 0x2b, 0x73, 0xae, 0xf0, 0x85, 0x7d, 0x77, 0x81,
  25436. 0x1f, 0x35, 0x2c, 0x07, 0x3b, 0x61, 0x08, 0xd7,
  25437. 0x2d, 0x98, 0x10, 0xa3, 0x09, 0x14, 0xdf, 0xf4
  25438. };
  25439. #define KLEN_256 (sizeof(k256))
  25440. #endif
  25441. WOLFSSL_SMALL_STACK_STATIC const byte m[] =
  25442. {
  25443. 0x6b, 0xc1, 0xbe, 0xe2, 0x2e, 0x40, 0x9f, 0x96,
  25444. 0xe9, 0x3d, 0x7e, 0x11, 0x73, 0x93, 0x17, 0x2a,
  25445. 0xae, 0x2d, 0x8a, 0x57, 0x1e, 0x03, 0xac, 0x9c,
  25446. 0x9e, 0xb7, 0x6f, 0xac, 0x45, 0xaf, 0x8e, 0x51,
  25447. 0x30, 0xc8, 0x1c, 0x46, 0xa3, 0x5c, 0xe4, 0x11,
  25448. 0xe5, 0xfb, 0xc1, 0x19, 0x1a, 0x0a, 0x52, 0xef,
  25449. 0xf6, 0x9f, 0x24, 0x45, 0xdf, 0x4f, 0x9b, 0x17,
  25450. 0xad, 0x2b, 0x41, 0x7b, 0xe6, 0x6c, 0x37, 0x10
  25451. };
  25452. #define MLEN_0 (0)
  25453. #define MLEN_128 (128/8)
  25454. #define MLEN_320 (320/8)
  25455. #define MLEN_319 (MLEN_320 - 1)
  25456. #define MLEN_512 (512/8)
  25457. #ifdef WOLFSSL_AES_128
  25458. WOLFSSL_SMALL_STACK_STATIC const byte t128_0[] =
  25459. {
  25460. 0xbb, 0x1d, 0x69, 0x29, 0xe9, 0x59, 0x37, 0x28,
  25461. 0x7f, 0xa3, 0x7d, 0x12, 0x9b, 0x75, 0x67, 0x46
  25462. };
  25463. WOLFSSL_SMALL_STACK_STATIC const byte t128_128[] =
  25464. {
  25465. 0x07, 0x0a, 0x16, 0xb4, 0x6b, 0x4d, 0x41, 0x44,
  25466. 0xf7, 0x9b, 0xdd, 0x9d, 0xd0, 0x4a, 0x28, 0x7c
  25467. };
  25468. WOLFSSL_SMALL_STACK_STATIC const byte t128_319[] =
  25469. {
  25470. 0x2c, 0x17, 0x84, 0x4c, 0x93, 0x1c, 0x07, 0x95,
  25471. 0x15, 0x92, 0x73, 0x0a, 0x34, 0xd0, 0xd9, 0xd2
  25472. };
  25473. WOLFSSL_SMALL_STACK_STATIC const byte t128_320[] =
  25474. {
  25475. 0xdf, 0xa6, 0x67, 0x47, 0xde, 0x9a, 0xe6, 0x30,
  25476. 0x30, 0xca, 0x32, 0x61, 0x14, 0x97, 0xc8, 0x27
  25477. };
  25478. WOLFSSL_SMALL_STACK_STATIC const byte t128_512[] =
  25479. {
  25480. 0x51, 0xf0, 0xbe, 0xbf, 0x7e, 0x3b, 0x9d, 0x92,
  25481. 0xfc, 0x49, 0x74, 0x17, 0x79, 0x36, 0x3c, 0xfe
  25482. };
  25483. #endif
  25484. #ifdef WOLFSSL_AES_192
  25485. WOLFSSL_SMALL_STACK_STATIC const byte t192_0[] =
  25486. {
  25487. 0xd1, 0x7d, 0xdf, 0x46, 0xad, 0xaa, 0xcd, 0xe5,
  25488. 0x31, 0xca, 0xc4, 0x83, 0xde, 0x7a, 0x93, 0x67
  25489. };
  25490. WOLFSSL_SMALL_STACK_STATIC const byte t192_128[] =
  25491. {
  25492. 0x9e, 0x99, 0xa7, 0xbf, 0x31, 0xe7, 0x10, 0x90,
  25493. 0x06, 0x62, 0xf6, 0x5e, 0x61, 0x7c, 0x51, 0x84
  25494. };
  25495. WOLFSSL_SMALL_STACK_STATIC const byte t192_320[] =
  25496. {
  25497. 0x8a, 0x1d, 0xe5, 0xbe, 0x2e, 0xb3, 0x1a, 0xad,
  25498. 0x08, 0x9a, 0x82, 0xe6, 0xee, 0x90, 0x8b, 0x0e
  25499. };
  25500. WOLFSSL_SMALL_STACK_STATIC const byte t192_512[] =
  25501. {
  25502. 0xa1, 0xd5, 0xdf, 0x0e, 0xed, 0x79, 0x0f, 0x79,
  25503. 0x4d, 0x77, 0x58, 0x96, 0x59, 0xf3, 0x9a, 0x11
  25504. };
  25505. #endif
  25506. #ifdef WOLFSSL_AES_256
  25507. WOLFSSL_SMALL_STACK_STATIC const byte t256_0[] =
  25508. {
  25509. 0x02, 0x89, 0x62, 0xf6, 0x1b, 0x7b, 0xf8, 0x9e,
  25510. 0xfc, 0x6b, 0x55, 0x1f, 0x46, 0x67, 0xd9, 0x83
  25511. };
  25512. WOLFSSL_SMALL_STACK_STATIC const byte t256_128[] =
  25513. {
  25514. 0x28, 0xa7, 0x02, 0x3f, 0x45, 0x2e, 0x8f, 0x82,
  25515. 0xbd, 0x4b, 0xf2, 0x8d, 0x8c, 0x37, 0xc3, 0x5c
  25516. };
  25517. WOLFSSL_SMALL_STACK_STATIC const byte t256_320[] =
  25518. {
  25519. 0xaa, 0xf3, 0xd8, 0xf1, 0xde, 0x56, 0x40, 0xc2,
  25520. 0x32, 0xf5, 0xb1, 0x69, 0xb9, 0xc9, 0x11, 0xe6
  25521. };
  25522. WOLFSSL_SMALL_STACK_STATIC const byte t256_512[] =
  25523. {
  25524. 0xe1, 0x99, 0x21, 0x90, 0x54, 0x9f, 0x6e, 0xd5,
  25525. 0x69, 0x6a, 0x2c, 0x05, 0x6c, 0x31, 0x54, 0x10
  25526. };
  25527. #endif
  25528. const CMAC_Test_Case testCases[] =
  25529. {
  25530. #ifdef WOLFSSL_AES_128
  25531. {WC_CMAC_AES, 0, m, MLEN_0, k128, KLEN_128, t128_0, AES_BLOCK_SIZE},
  25532. {WC_CMAC_AES, 0, m, MLEN_128, k128, KLEN_128, t128_128, AES_BLOCK_SIZE},
  25533. {WC_CMAC_AES, 0, m, MLEN_320, k128, KLEN_128, t128_320, AES_BLOCK_SIZE},
  25534. {WC_CMAC_AES, 0, m, MLEN_512, k128, KLEN_128, t128_512, AES_BLOCK_SIZE},
  25535. {WC_CMAC_AES, 5, m, MLEN_512, k128, KLEN_128, t128_512, AES_BLOCK_SIZE},
  25536. #endif
  25537. #ifdef WOLFSSL_AES_192
  25538. {WC_CMAC_AES, 0, m, MLEN_0, k192, KLEN_192, t192_0, AES_BLOCK_SIZE},
  25539. {WC_CMAC_AES, 0, m, MLEN_128, k192, KLEN_192, t192_128, AES_BLOCK_SIZE},
  25540. {WC_CMAC_AES, 0, m, MLEN_320, k192, KLEN_192, t192_320, AES_BLOCK_SIZE},
  25541. {WC_CMAC_AES, 0, m, MLEN_512, k192, KLEN_192, t192_512, AES_BLOCK_SIZE},
  25542. #endif
  25543. #ifdef WOLFSSL_AES_256
  25544. {WC_CMAC_AES, 0, m, MLEN_0, k256, KLEN_256, t256_0, AES_BLOCK_SIZE},
  25545. {WC_CMAC_AES, 0, m, MLEN_128, k256, KLEN_256, t256_128, AES_BLOCK_SIZE},
  25546. {WC_CMAC_AES, 0, m, MLEN_320, k256, KLEN_256, t256_320, AES_BLOCK_SIZE},
  25547. {WC_CMAC_AES, 0, m, MLEN_512, k256, KLEN_256, t256_512, AES_BLOCK_SIZE},
  25548. #endif
  25549. #ifdef WOLFSSL_AES_128
  25550. {WC_CMAC_AES, 0, m, MLEN_319, k128, KLEN_128, t128_319, AES_BLOCK_SIZE}
  25551. #endif
  25552. };
  25553. #ifdef WOLFSSL_SMALL_STACK
  25554. Cmac *cmac;
  25555. #else
  25556. Cmac cmac[1];
  25557. #endif
  25558. byte tag[AES_BLOCK_SIZE];
  25559. const CMAC_Test_Case* tc;
  25560. word32 i, tagSz;
  25561. int ret;
  25562. #ifdef WOLFSSL_SMALL_STACK
  25563. if ((cmac = (Cmac *)XMALLOC(sizeof *cmac, HEAP_HINT, DYNAMIC_TYPE_CMAC)) == NULL)
  25564. ERROR_OUT(-12009, out);
  25565. #endif
  25566. for (i = 0, tc = testCases;
  25567. i < sizeof(testCases)/sizeof(CMAC_Test_Case);
  25568. i++, tc++) {
  25569. XMEMSET(tag, 0, sizeof(tag));
  25570. tagSz = AES_BLOCK_SIZE;
  25571. #if !defined(HAVE_FIPS) || \
  25572. defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION >= 3)
  25573. if (wc_InitCmac_ex(cmac, tc->k, tc->kSz, tc->type, NULL, HEAP_HINT, devId) != 0)
  25574. #else
  25575. if (wc_InitCmac(cmac, tc->k, tc->kSz, tc->type, NULL) != 0)
  25576. #endif
  25577. {
  25578. ERROR_OUT(-12000, out);
  25579. }
  25580. if (tc->partial) {
  25581. if (wc_CmacUpdate(cmac, tc->m,
  25582. tc->mSz/2 - tc->partial) != 0)
  25583. ERROR_OUT(-12001, out);
  25584. if (wc_CmacUpdate(cmac, tc->m + tc->mSz/2 - tc->partial,
  25585. tc->mSz/2 + tc->partial) != 0)
  25586. ERROR_OUT(-12002, out);
  25587. }
  25588. else {
  25589. if (wc_CmacUpdate(cmac, tc->m, tc->mSz) != 0)
  25590. ERROR_OUT(-12003, out);
  25591. }
  25592. if (wc_CmacFinal(cmac, tag, &tagSz) != 0)
  25593. ERROR_OUT(-12004, out);
  25594. if (XMEMCMP(tag, tc->t, AES_BLOCK_SIZE) != 0)
  25595. ERROR_OUT(-12005, out);
  25596. XMEMSET(tag, 0, sizeof(tag));
  25597. tagSz = sizeof(tag);
  25598. if (wc_AesCmacGenerate(tag, &tagSz, tc->m, tc->mSz,
  25599. tc->k, tc->kSz) != 0)
  25600. ERROR_OUT(-12006, out);
  25601. if (XMEMCMP(tag, tc->t, AES_BLOCK_SIZE) != 0)
  25602. ERROR_OUT(-12007, out);
  25603. if (wc_AesCmacVerify(tc->t, tc->tSz, tc->m, tc->mSz,
  25604. tc->k, tc->kSz) != 0)
  25605. ERROR_OUT(-12008, out);
  25606. }
  25607. ret = 0;
  25608. out:
  25609. #ifdef WOLFSSL_SMALL_STACK
  25610. if (cmac)
  25611. XFREE(cmac, HEAP_HINT, DYNAMIC_TYPE_CMAC);
  25612. #endif
  25613. return ret;
  25614. }
  25615. #endif /* NO_AES && WOLFSSL_CMAC */
  25616. #ifdef HAVE_LIBZ
  25617. static const byte sample_text[] =
  25618. "Biodiesel cupidatat marfa, cliche aute put a bird on it incididunt elit\n"
  25619. "polaroid. Sunt tattooed bespoke reprehenderit. Sint twee organic id\n"
  25620. "marfa. Commodo veniam ad esse gastropub. 3 wolf moon sartorial vero,\n"
  25621. "plaid delectus biodiesel squid +1 vice. Post-ironic keffiyeh leggings\n"
  25622. "selfies cray fap hoodie, forage anim. Carles cupidatat shoreditch, VHS\n"
  25623. "small batch meggings kogi dolore food truck bespoke gastropub.\n"
  25624. "\n"
  25625. "Terry richardson adipisicing actually typewriter tumblr, twee whatever\n"
  25626. "four loko you probably haven't heard of them high life. Messenger bag\n"
  25627. "whatever tattooed deep v mlkshk. Brooklyn pinterest assumenda chillwave\n"
  25628. "et, banksy ullamco messenger bag umami pariatur direct trade forage.\n"
  25629. "Typewriter culpa try-hard, pariatur sint brooklyn meggings. Gentrify\n"
  25630. "food truck next level, tousled irony non semiotics PBR ethical anim cred\n"
  25631. "readymade. Mumblecore brunch lomo odd future, portland organic terry\n"
  25632. "richardson elit leggings adipisicing ennui raw denim banjo hella. Godard\n"
  25633. "mixtape polaroid, pork belly readymade organic cray typewriter helvetica\n"
  25634. "four loko whatever street art yr farm-to-table.\n"
  25635. "\n"
  25636. "Vinyl keytar vice tofu. Locavore you probably haven't heard of them pug\n"
  25637. "pickled, hella tonx labore truffaut DIY mlkshk elit cosby sweater sint\n"
  25638. "et mumblecore. Elit swag semiotics, reprehenderit DIY sartorial nisi ugh\n"
  25639. "nesciunt pug pork belly wayfarers selfies delectus. Ethical hoodie\n"
  25640. "seitan fingerstache kale chips. Terry richardson artisan williamsburg,\n"
  25641. "eiusmod fanny pack irony tonx ennui lo-fi incididunt tofu YOLO\n"
  25642. "readymade. 8-bit sed ethnic beard officia. Pour-over iphone DIY butcher,\n"
  25643. "ethnic art party qui letterpress nisi proident jean shorts mlkshk\n"
  25644. "locavore.\n"
  25645. "\n"
  25646. "Narwhal flexitarian letterpress, do gluten-free voluptate next level\n"
  25647. "banh mi tonx incididunt carles DIY. Odd future nulla 8-bit beard ut\n"
  25648. "cillum pickled velit, YOLO officia you probably haven't heard of them\n"
  25649. "trust fund gastropub. Nisi adipisicing tattooed, Austin mlkshk 90's\n"
  25650. "small batch american apparel. Put a bird on it cosby sweater before they\n"
  25651. "sold out pork belly kogi hella. Street art mollit sustainable polaroid,\n"
  25652. "DIY ethnic ea pug beard dreamcatcher cosby sweater magna scenester nisi.\n"
  25653. "Sed pork belly skateboard mollit, labore proident eiusmod. Sriracha\n"
  25654. "excepteur cosby sweater, anim deserunt laborum eu aliquip ethical et\n"
  25655. "neutra PBR selvage.\n"
  25656. "\n"
  25657. "Raw denim pork belly truffaut, irony plaid sustainable put a bird on it\n"
  25658. "next level jean shorts exercitation. Hashtag keytar whatever, nihil\n"
  25659. "authentic aliquip disrupt laborum. Tattooed selfies deserunt trust fund\n"
  25660. "wayfarers. 3 wolf moon synth church-key sartorial, gastropub leggings\n"
  25661. "tattooed. Labore high life commodo, meggings raw denim fingerstache pug\n"
  25662. "trust fund leggings seitan forage. Nostrud ullamco duis, reprehenderit\n"
  25663. "incididunt flannel sustainable helvetica pork belly pug banksy you\n"
  25664. "probably haven't heard of them nesciunt farm-to-table. Disrupt nostrud\n"
  25665. "mollit magna, sriracha sartorial helvetica.\n"
  25666. "\n"
  25667. "Nulla kogi reprehenderit, skateboard sustainable duis adipisicing viral\n"
  25668. "ad fanny pack salvia. Fanny pack trust fund you probably haven't heard\n"
  25669. "of them YOLO vice nihil. Keffiyeh cray lo-fi pinterest cardigan aliqua,\n"
  25670. "reprehenderit aute. Culpa tousled williamsburg, marfa lomo actually anim\n"
  25671. "skateboard. Iphone aliqua ugh, semiotics pariatur vero readymade\n"
  25672. "organic. Marfa squid nulla, in laborum disrupt laboris irure gastropub.\n"
  25673. "Veniam sunt food truck leggings, sint vinyl fap.\n"
  25674. "\n"
  25675. "Hella dolore pork belly, truffaut carles you probably haven't heard of\n"
  25676. "them PBR helvetica in sapiente. Fashion axe ugh bushwick american\n"
  25677. "apparel. Fingerstache sed iphone, jean shorts blue bottle nisi bushwick\n"
  25678. "flexitarian officia veniam plaid bespoke fap YOLO lo-fi. Blog\n"
  25679. "letterpress mumblecore, food truck id cray brooklyn cillum ad sed.\n"
  25680. "Assumenda chambray wayfarers vinyl mixtape sustainable. VHS vinyl\n"
  25681. "delectus, culpa williamsburg polaroid cliche swag church-key synth kogi\n"
  25682. "magna pop-up literally. Swag thundercats ennui shoreditch vegan\n"
  25683. "pitchfork neutra truffaut etsy, sed single-origin coffee craft beer.\n"
  25684. "\n"
  25685. "Odio letterpress brooklyn elit. Nulla single-origin coffee in occaecat\n"
  25686. "meggings. Irony meggings 8-bit, chillwave lo-fi adipisicing cred\n"
  25687. "dreamcatcher veniam. Put a bird on it irony umami, trust fund bushwick\n"
  25688. "locavore kale chips. Sriracha swag thundercats, chillwave disrupt\n"
  25689. "tousled beard mollit mustache leggings portland next level. Nihil esse\n"
  25690. "est, skateboard art party etsy thundercats sed dreamcatcher ut iphone\n"
  25691. "swag consectetur et. Irure skateboard banjo, nulla deserunt messenger\n"
  25692. "bag dolor terry richardson sapiente.\n";
  25693. static const byte sample_text_gz[] = {
  25694. 0x1F, 0x8B, 0x08, 0x08, 0xC5, 0x49, 0xB5, 0x5B, 0x00, 0x03, 0x63, 0x69, 0x70,
  25695. 0x68, 0x65, 0x72, 0x74, 0x65, 0x78, 0x74, 0x2E, 0x74, 0x78, 0x74, 0x00, 0x8D,
  25696. 0x58, 0xCB, 0x92, 0xE4, 0xB6, 0x11, 0xBC, 0xE3, 0x2B, 0xEA, 0xA6, 0x83, 0xD9,
  25697. 0x1D, 0x72, 0xF8, 0x22, 0x1F, 0xB5, 0x96, 0xA5, 0xDD, 0x90, 0xBC, 0xAB, 0xD0,
  25698. 0x28, 0x36, 0x42, 0x47, 0x90, 0x2C, 0x36, 0xA1, 0x06, 0x09, 0x0A, 0x8F, 0xEE,
  25699. 0xE1, 0xDF, 0x3B, 0x0B, 0xE0, 0x73, 0x2C, 0x4B, 0xBA, 0xCD, 0xCE, 0x80, 0x78,
  25700. 0x64, 0x65, 0x65, 0x66, 0xED, 0x3B, 0xE3, 0x5A, 0xC3, 0x81, 0x2D, 0x35, 0x69,
  25701. 0x32, 0xAD, 0x8E, 0x3A, 0xD2, 0xA0, 0x7D, 0xA7, 0x2B, 0x6A, 0xAC, 0x69, 0x7A,
  25702. 0x26, 0x9D, 0x22, 0xD3, 0x94, 0x22, 0x69, 0xAA, 0x8D, 0x6F, 0xC9, 0x8D, 0x64,
  25703. 0x22, 0x99, 0xB1, 0x31, 0xAD, 0x69, 0xD3, 0x18, 0x89, 0xAD, 0x89, 0x6A, 0x72,
  25704. 0x56, 0x7B, 0x67, 0xDA, 0x2B, 0xBD, 0xC8, 0xEF, 0xB0, 0x4D, 0x74, 0x8E, 0x5B,
  25705. 0xAA, 0x39, 0x4C, 0xEE, 0xCE, 0xE4, 0x79, 0xF2, 0xDC, 0xF3, 0xD8, 0xB2, 0x37,
  25706. 0x11, 0x8B, 0x8C, 0x2C, 0x7A, 0x32, 0x93, 0xF3, 0x37, 0x3D, 0x9A, 0x86, 0x4C,
  25707. 0xAB, 0xF2, 0xB9, 0x57, 0xFA, 0x97, 0x1B, 0x06, 0xD7, 0x3A, 0x7A, 0xF0, 0x68,
  25708. 0xF4, 0x40, 0xBA, 0x25, 0x0E, 0x81, 0xE9, 0xA6, 0x43, 0xF4, 0x6E, 0x4A, 0xF5,
  25709. 0x95, 0xFE, 0x41, 0x4F, 0x67, 0x3B, 0x1A, 0x1C, 0xEE, 0x12, 0xB4, 0x8F, 0xCE,
  25710. 0x1B, 0x6D, 0xB1, 0xDE, 0xBB, 0x4A, 0x4D, 0x56, 0x9B, 0x96, 0x5A, 0xB6, 0xDC,
  25711. 0xC4, 0x14, 0x70, 0xE5, 0xF5, 0x7D, 0xE1, 0xB7, 0x84, 0x3F, 0xFC, 0xED, 0xEF,
  25712. 0xF4, 0x30, 0x0D, 0x5F, 0xE9, 0x47, 0x17, 0xE2, 0xC5, 0x78, 0x27, 0x67, 0xDF,
  25713. 0xB9, 0xEB, 0xCC, 0xCC, 0x3D, 0x59, 0xBE, 0xDD, 0xCC, 0x78, 0x0B, 0x0A, 0x1F,
  25714. 0x74, 0xF8, 0x8C, 0x1A, 0xAF, 0x67, 0xEA, 0xF4, 0x44, 0xBD, 0x93, 0x7D, 0x2A,
  25715. 0xEA, 0x9C, 0xD7, 0x37, 0x80, 0x32, 0x9A, 0x01, 0x37, 0xD5, 0xDE, 0xCA, 0xA2,
  25716. 0x0D, 0xB9, 0xD0, 0x3B, 0xCF, 0xAD, 0x89, 0x4D, 0x5F, 0xD1, 0xE7, 0xF7, 0x2F,
  25717. 0x2A, 0x0C, 0xDA, 0x5A, 0xAA, 0x35, 0x7E, 0x41, 0xC3, 0xB2, 0x37, 0xDD, 0xDD,
  25718. 0xCD, 0x50, 0xEB, 0x2C, 0x96, 0x62, 0x3B, 0xD7, 0x52, 0xF4, 0xA9, 0xB9, 0x6F,
  25719. 0x48, 0xED, 0xEF, 0x54, 0xEA, 0x67, 0xF6, 0x7E, 0x26, 0x8F, 0x3A, 0x68, 0xDF,
  25720. 0x06, 0xBC, 0x56, 0xB7, 0x66, 0x32, 0xC1, 0x34, 0xD8, 0x88, 0x34, 0x1E, 0x88,
  25721. 0xED, 0x67, 0x8A, 0xF3, 0xC4, 0x4F, 0xC0, 0xCA, 0x9E, 0x62, 0x1A, 0x6A, 0xEB,
  25722. 0xAB, 0x02, 0xED, 0xB3, 0xD7, 0x91, 0x81, 0x8A, 0xEA, 0x5C, 0xF2, 0x64, 0xDD,
  25723. 0xDD, 0xD1, 0xEC, 0x12, 0x4D, 0xDE, 0xD5, 0xBA, 0xC6, 0x77, 0xBD, 0x06, 0xC4,
  25724. 0x5F, 0x44, 0xEA, 0x59, 0x4B, 0x5D, 0x3B, 0x8A, 0x3D, 0x0F, 0xD4, 0x9B, 0x1B,
  25725. 0x80, 0x30, 0x1D, 0x30, 0xFA, 0x8F, 0x00, 0x3F, 0xDE, 0xB0, 0x6F, 0xAD, 0x6F,
  25726. 0x6A, 0xDD, 0x6E, 0x2F, 0x6E, 0xCB, 0x3C, 0xD1, 0x83, 0x06, 0x7B, 0x0F, 0xFD,
  25727. 0xFD, 0x4A, 0xEF, 0xBC, 0x73, 0x77, 0x3B, 0x8F, 0x34, 0xA1, 0xBA, 0xEC, 0x39,
  25728. 0x80, 0x33, 0x21, 0xA4, 0x01, 0x55, 0xD7, 0xD4, 0xF4, 0xC6, 0xDA, 0x27, 0x4E,
  25729. 0x54, 0x1C, 0x2B, 0xEC, 0x37, 0xDE, 0xC3, 0x4C, 0xC9, 0x5A, 0x3D, 0x34, 0x0E,
  25730. 0xD8, 0x1C, 0x0E, 0xA2, 0x34, 0xE8, 0xC1, 0xD0, 0xA4, 0x51, 0xD5, 0x88, 0x8B,
  25731. 0xB7, 0xC6, 0xA3, 0x96, 0x40, 0x49, 0xB7, 0xBC, 0xE0, 0x7F, 0x55, 0x3F, 0xEF,
  25732. 0x6F, 0x6E, 0x92, 0x9D, 0x34, 0xFE, 0x3C, 0x5F, 0x04, 0xA5, 0x6A, 0xFF, 0x30,
  25733. 0x08, 0xC9, 0xEA, 0xF5, 0x52, 0x2B, 0xFE, 0x57, 0xFA, 0x8E, 0xC7, 0xE8, 0x4D,
  25734. 0x37, 0xAB, 0x03, 0xFA, 0x23, 0xBF, 0x46, 0x94, 0xFF, 0xC1, 0x16, 0xE0, 0xB9,
  25735. 0x14, 0x2C, 0x9E, 0x27, 0xEC, 0x98, 0x69, 0x14, 0x92, 0xF1, 0x60, 0x5C, 0x34,
  25736. 0x4D, 0xA0, 0x1F, 0xDF, 0xFD, 0x44, 0x1C, 0x7B, 0xD3, 0x80, 0x70, 0x42, 0x02,
  25737. 0x30, 0x84, 0x5B, 0xE5, 0x59, 0xB7, 0xF3, 0x80, 0xFB, 0x01, 0x33, 0xA9, 0x00,
  25738. 0x37, 0x52, 0xDC, 0xDA, 0xA7, 0x11, 0x85, 0xB7, 0x6E, 0x70, 0xE4, 0xDA, 0x96,
  25739. 0xBA, 0x84, 0x5B, 0x81, 0x43, 0x93, 0xF3, 0xD1, 0xEA, 0xB1, 0xDD, 0xB8, 0x1F,
  25740. 0xA5, 0xCC, 0xEA, 0x50, 0x66, 0x69, 0xA9, 0x8D, 0x8C, 0xA7, 0xA2, 0xF3, 0x38,
  25741. 0x26, 0x43, 0x5E, 0x3F, 0x01, 0xBE, 0x1C, 0x0F, 0x20, 0x7F, 0x75, 0xA8, 0x20,
  25742. 0x80, 0xC4, 0xC3, 0x5C, 0x8B, 0x0D, 0xD4, 0x60, 0x5E, 0xA3, 0x9E, 0xD0, 0xB4,
  25743. 0x4B, 0x4F, 0xE6, 0x13, 0x85, 0x60, 0x42, 0x96, 0xED, 0xAA, 0xDB, 0xE9, 0x99,
  25744. 0xE3, 0x07, 0x0E, 0x61, 0xB3, 0x07, 0xE3, 0xB1, 0xFA, 0xC0, 0x9B, 0xAD, 0xF6,
  25745. 0xE0, 0x26, 0x33, 0xEA, 0xEA, 0x23, 0xCD, 0x1E, 0x9D, 0xE1, 0x87, 0x4B, 0x74,
  25746. 0x97, 0x08, 0x3E, 0xA1, 0x28, 0xEA, 0xB3, 0x19, 0x67, 0x8B, 0x76, 0x9A, 0xA3,
  25747. 0xF6, 0xB9, 0xCF, 0x80, 0x65, 0x97, 0xAE, 0xF4, 0x83, 0x6B, 0xF4, 0x43, 0x20,
  25748. 0xF9, 0x0B, 0xFC, 0x9B, 0xD2, 0x4D, 0x4D, 0xA6, 0xB9, 0xA3, 0x02, 0x55, 0x79,
  25749. 0x18, 0x36, 0x19, 0x5F, 0xC9, 0xEA, 0x5A, 0x76, 0x40, 0xB9, 0xBA, 0x0E, 0x9A,
  25750. 0x44, 0xDF, 0x7C, 0xF8, 0x65, 0x61, 0x5E, 0x81, 0xAB, 0x71, 0xA1, 0x9E, 0x29,
  25751. 0x3C, 0x59, 0xCB, 0x23, 0xA4, 0xF6, 0x60, 0x1A, 0x0D, 0x5B, 0x39, 0xAE, 0xF4,
  25752. 0x6F, 0x59, 0x16, 0x9E, 0x60, 0xD8, 0x56, 0xCF, 0xEA, 0x2C, 0x4C, 0x79, 0xD3,
  25753. 0x5D, 0x51, 0x46, 0xA0, 0x4E, 0xE9, 0xD6, 0xAB, 0x91, 0x43, 0x63, 0x44, 0xD7,
  25754. 0x70, 0xB9, 0x23, 0x98, 0x4F, 0x3D, 0x03, 0x02, 0xF6, 0x81, 0x56, 0xC1, 0x58,
  25755. 0x85, 0x07, 0xA7, 0x2D, 0x2C, 0x29, 0xCA, 0x01, 0x45, 0x31, 0x51, 0x8F, 0xD4,
  25756. 0x19, 0xA1, 0x79, 0x88, 0x5A, 0xA4, 0xF5, 0xAE, 0x2D, 0x4B, 0x63, 0x4C, 0x58,
  25757. 0xFE, 0xBF, 0xAD, 0xEE, 0xA3, 0x09, 0xF8, 0xE2, 0x89, 0xBE, 0x81, 0x0E, 0x86,
  25758. 0x3A, 0xF9, 0x5B, 0xA5, 0xD8, 0xA4, 0x00, 0x75, 0x04, 0xF2, 0x23, 0xB8, 0x39,
  25759. 0x69, 0x50, 0xB7, 0xD0, 0x34, 0x63, 0x54, 0xD8, 0x61, 0xDD, 0xA5, 0x33, 0x47,
  25760. 0x85, 0x96, 0x22, 0xD0, 0x2F, 0x9F, 0x7E, 0xF8, 0x74, 0x24, 0xEA, 0x57, 0x97,
  25761. 0x5A, 0xE0, 0x00, 0xCF, 0xC1, 0x67, 0xE1, 0x41, 0xBD, 0x94, 0xA1, 0x03, 0xD3,
  25762. 0xB4, 0x08, 0x64, 0xF2, 0x17, 0x27, 0x35, 0x37, 0x53, 0xEF, 0x46, 0xCE, 0xD8,
  25763. 0xD4, 0x09, 0x52, 0xC6, 0x1E, 0xF7, 0x28, 0xDF, 0x08, 0x0F, 0xD0, 0x6F, 0x71,
  25764. 0xA6, 0xDF, 0xE4, 0x60, 0x8E, 0xC0, 0x1E, 0x78, 0x86, 0x50, 0xB0, 0x9B, 0x84,
  25765. 0x7E, 0xE8, 0x36, 0xFA, 0x95, 0xF1, 0x12, 0x51, 0xC7, 0x18, 0x96, 0xA2, 0x29,
  25766. 0xBB, 0x70, 0x02, 0xB4, 0xF9, 0xA8, 0x3D, 0x08, 0x66, 0xA9, 0xB3, 0xFC, 0x0A,
  25767. 0x94, 0x80, 0xFD, 0x78, 0xDC, 0xAB, 0x82, 0x5A, 0xD2, 0xCD, 0xC2, 0x87, 0xC6,
  25768. 0x4B, 0x07, 0xFA, 0xD1, 0xC3, 0xD9, 0x34, 0x41, 0x85, 0xF8, 0xD0, 0xB6, 0x0A,
  25769. 0x9D, 0x00, 0x91, 0x35, 0x05, 0x88, 0xC3, 0xE3, 0x9B, 0x22, 0xD2, 0xB8, 0xFD,
  25770. 0x95, 0x3E, 0x6D, 0x5D, 0x48, 0xA3, 0x68, 0xCF, 0x02, 0x42, 0x79, 0x79, 0x8A,
  25771. 0xAA, 0x01, 0xD6, 0x09, 0x14, 0x2C, 0xF4, 0x83, 0xA3, 0x80, 0x31, 0x55, 0x46,
  25772. 0x6E, 0xC5, 0xE5, 0x2F, 0x30, 0x58, 0x81, 0xA2, 0x90, 0xBE, 0x2E, 0xA1, 0xC3,
  25773. 0x0F, 0xA6, 0xF5, 0x51, 0x00, 0x39, 0xB6, 0xF2, 0x2A, 0xA3, 0x15, 0x7D, 0x8D,
  25774. 0xF5, 0x66, 0x5C, 0xD9, 0xFC, 0xCF, 0x2F, 0xBF, 0x08, 0x27, 0xE7, 0xD0, 0x03,
  25775. 0xB8, 0xD9, 0x00, 0x13, 0x3D, 0x01, 0x6B, 0xB6, 0xA8, 0xCD, 0x5B, 0x3B, 0x3E,
  25776. 0x93, 0xBF, 0xE6, 0x2E, 0xB7, 0x4A, 0xCF, 0xB3, 0x0A, 0xCE, 0x62, 0x11, 0xD6,
  25777. 0x1F, 0x68, 0x9B, 0x1D, 0x68, 0xD1, 0x8C, 0x97, 0xBD, 0xA1, 0x07, 0x67, 0x73,
  25778. 0x87, 0xE0, 0x36, 0xDA, 0x8C, 0xD2, 0xD2, 0xBB, 0x84, 0x28, 0xA9, 0xFE, 0x52,
  25779. 0x74, 0xD6, 0xB9, 0x0F, 0x0A, 0x6A, 0x2D, 0x28, 0x35, 0x34, 0x3A, 0xD3, 0xE2,
  25780. 0xCD, 0x35, 0x06, 0x7D, 0x1B, 0x35, 0x85, 0x86, 0xD1, 0x3E, 0xF2, 0x6F, 0xA1,
  25781. 0xC4, 0x55, 0xBD, 0x00, 0xD8, 0xC3, 0x5D, 0xC2, 0x1D, 0x6B, 0x6B, 0x27, 0x5B,
  25782. 0x95, 0xF3, 0xAB, 0xB5, 0xD3, 0x37, 0xF2, 0x2C, 0x9C, 0xC7, 0x5D, 0xBD, 0xF1,
  25783. 0x68, 0x1C, 0xAD, 0xF8, 0xB5, 0xE1, 0x29, 0x72, 0x7A, 0x73, 0x62, 0x55, 0x24,
  25784. 0xB9, 0x85, 0xDF, 0x7B, 0x29, 0x7D, 0xDE, 0x08, 0xF5, 0xE4, 0x44, 0xDA, 0x1A,
  25785. 0x30, 0x74, 0xDA, 0xB4, 0x9B, 0x23, 0x9A, 0x3A, 0xC1, 0x53, 0xB2, 0xA2, 0xA3,
  25786. 0x7B, 0x1F, 0xD9, 0x56, 0xD4, 0x4F, 0x9B, 0xB2, 0x1E, 0xEE, 0xB8, 0x6A, 0x4E,
  25787. 0xB5, 0xF4, 0x5A, 0xC9, 0x18, 0x27, 0x9C, 0xDE, 0x14, 0x44, 0xED, 0xC4, 0x3C,
  25788. 0x71, 0x9F, 0x5F, 0xD9, 0x37, 0xA0, 0x78, 0x34, 0x6E, 0xBC, 0xD2, 0x7B, 0x1D,
  25789. 0xFA, 0x08, 0x39, 0x5A, 0x04, 0x73, 0x15, 0xD9, 0x0A, 0x48, 0xC1, 0x2D, 0x15,
  25790. 0x4E, 0x84, 0x30, 0x45, 0x69, 0xB3, 0xE5, 0xF6, 0xAD, 0x09, 0x1E, 0xCC, 0x5F,
  25791. 0x1F, 0x06, 0xD5, 0x58, 0xAD, 0x78, 0xD7, 0x9F, 0xE5, 0xED, 0x3B, 0x09, 0xD5,
  25792. 0xA6, 0x52, 0x6F, 0x92, 0xD3, 0x3C, 0xC6, 0x1E, 0xF2, 0x93, 0x7C, 0xD3, 0x5F,
  25793. 0x70, 0x85, 0x5D, 0xF8, 0xAA, 0x9D, 0xB7, 0x7B, 0x24, 0x5A, 0xE9, 0x0A, 0x35,
  25794. 0x2F, 0xF5, 0xD9, 0x82, 0x02, 0x8A, 0x90, 0x13, 0x5B, 0xB5, 0x67, 0x9C, 0xDD,
  25795. 0xA0, 0x4E, 0x82, 0x27, 0xDA, 0x7E, 0xE8, 0x8E, 0xCD, 0xE1, 0x56, 0x71, 0x2C,
  25796. 0xE6, 0x4E, 0x1F, 0x91, 0xCD, 0x7C, 0x6A, 0xB7, 0x78, 0xD0, 0x26, 0xF3, 0x56,
  25797. 0xA9, 0xD5, 0xA1, 0xC3, 0x3B, 0x98, 0xE9, 0x28, 0x09, 0xEF, 0x50, 0x90, 0xCD,
  25798. 0xC4, 0x8E, 0x75, 0xCC, 0xAC, 0x2D, 0xC9, 0x03, 0x6D, 0xAC, 0xFE, 0xC4, 0x88,
  25799. 0x36, 0xD1, 0x3F, 0xBB, 0x1C, 0x7D, 0xB3, 0x14, 0x61, 0x2C, 0xB7, 0x54, 0x4B,
  25800. 0xDB, 0x64, 0xB6, 0x57, 0x14, 0x16, 0x8E, 0x1E, 0x6C, 0x64, 0xBB, 0x8B, 0x48,
  25801. 0x5D, 0x96, 0x9D, 0xDC, 0x80, 0xA7, 0xF7, 0x54, 0xC7, 0x46, 0x38, 0x3E, 0x44,
  25802. 0xDE, 0x7E, 0x92, 0x8D, 0x07, 0xF6, 0x07, 0x37, 0x4E, 0x16, 0x10, 0xB4, 0x7D,
  25803. 0x88, 0x66, 0x7F, 0xBB, 0xFF, 0xEA, 0x00, 0xF3, 0xFF, 0x97, 0x2C, 0xB5, 0xBE,
  25804. 0x35, 0x4B, 0x5C, 0x36, 0xEC, 0x4C, 0xBD, 0x2B, 0x7D, 0xBF, 0x46, 0xE2, 0x9C,
  25805. 0x0E, 0x8A, 0xA3, 0xEC, 0xB1, 0x0E, 0x9A, 0xDA, 0x9A, 0x9B, 0x28, 0x92, 0x10,
  25806. 0x53, 0x57, 0xEA, 0xEC, 0xA2, 0x32, 0x32, 0x20, 0x1D, 0x97, 0x5C, 0xB6, 0x84,
  25807. 0xA9, 0x93, 0x8D, 0x95, 0x11, 0xA3, 0x24, 0xA3, 0x2D, 0xC6, 0x4A, 0xEF, 0xAA,
  25808. 0x1D, 0x85, 0x2B, 0x7D, 0x28, 0xBE, 0x53, 0xCE, 0x10, 0x1F, 0xAE, 0x0E, 0x41,
  25809. 0x6C, 0x4B, 0x79, 0x12, 0xFB, 0xF7, 0x54, 0xA3, 0x96, 0x54, 0x83, 0x20, 0x96,
  25810. 0x8F, 0x28, 0xA9, 0x3F, 0x8B, 0x3D, 0xBA, 0x77, 0xDC, 0x24, 0xE1, 0xD4, 0x49,
  25811. 0x40, 0xD8, 0x78, 0x31, 0x85, 0x43, 0xF6, 0xFE, 0x5C, 0xA6, 0x8F, 0x90, 0x09,
  25812. 0xB0, 0xE7, 0xC4, 0x95, 0xB2, 0x55, 0x49, 0x97, 0x8F, 0x1C, 0x78, 0x30, 0x20,
  25813. 0xA0, 0xB4, 0xEF, 0x73, 0x56, 0x59, 0x82, 0xFD, 0xCE, 0xBA, 0x6A, 0x8F, 0x2C,
  25814. 0x8B, 0x15, 0xFD, 0xA1, 0x85, 0xA8, 0x5C, 0x0F, 0x11, 0xA5, 0x9D, 0xC2, 0x46,
  25815. 0xC6, 0x9C, 0xC9, 0x40, 0x0B, 0x58, 0x6A, 0x1C, 0x7A, 0x23, 0xF9, 0xE0, 0x95,
  25816. 0x05, 0x13, 0x58, 0x72, 0xE8, 0x9F, 0x30, 0xAC, 0xCD, 0x26, 0xD4, 0x66, 0x13,
  25817. 0xDF, 0x1E, 0x7B, 0x4F, 0x9C, 0xBE, 0x38, 0x79, 0x75, 0x92, 0xA4, 0xDA, 0x26,
  25818. 0x44, 0x55, 0x17, 0xA3, 0xE5, 0x62, 0xDA, 0xEB, 0x86, 0xEA, 0x68, 0xC7, 0xAB,
  25819. 0xFD, 0x2D, 0x43, 0x59, 0x51, 0xC0, 0x75, 0x64, 0x91, 0x01, 0x29, 0x33, 0x28,
  25820. 0xF3, 0x04, 0x83, 0x80, 0x75, 0x37, 0x75, 0x0C, 0x03, 0x7B, 0x0A, 0xAB, 0x8E,
  25821. 0x60, 0x62, 0x8B, 0x4C, 0xAF, 0x2D, 0xA3, 0x2F, 0xFE, 0xAB, 0x45, 0xCF, 0xDA,
  25822. 0xAB, 0xFA, 0xFA, 0x30, 0x3D, 0xE8, 0xA1, 0x96, 0xA5, 0x7B, 0xE2, 0x2A, 0xD0,
  25823. 0xAF, 0x59, 0xF7, 0xD0, 0x32, 0x57, 0x19, 0xBD, 0xCA, 0x9F, 0xD5, 0x1A, 0xC7,
  25824. 0xAA, 0x65, 0x4A, 0x38, 0xB2, 0x70, 0x33, 0xB7, 0x75, 0xD2, 0xCD, 0xD1, 0xF0,
  25825. 0xA8, 0x87, 0x59, 0x20, 0xA5, 0x57, 0x55, 0xB1, 0xB2, 0xC9, 0x4D, 0x97, 0x34,
  25826. 0x41, 0xF3, 0xF0, 0x30, 0xA1, 0x2C, 0x1C, 0x49, 0x3E, 0x89, 0x7D, 0x12, 0xE2,
  25827. 0xC3, 0x04, 0xC3, 0x92, 0xC0, 0xF6, 0x39, 0x10, 0x80, 0x81, 0x8F, 0x08, 0xB4,
  25828. 0xF8, 0xB9, 0x13, 0x4E, 0x2C, 0xAE, 0xB3, 0x71, 0x82, 0x63, 0x98, 0xAB, 0x5C,
  25829. 0x1C, 0x10, 0xEA, 0x66, 0xF9, 0x02, 0x3A, 0x82, 0x61, 0xD0, 0xD4, 0xAE, 0x43,
  25830. 0xD4, 0x01, 0x3E, 0x9D, 0x04, 0x14, 0xF6, 0x60, 0xD8, 0xA7, 0xD6, 0xB8, 0x53,
  25831. 0xC8, 0xDA, 0x80, 0x93, 0xA0, 0x02, 0xDD, 0xCC, 0xE2, 0xF2, 0xBB, 0xFB, 0xE0,
  25832. 0x27, 0xD7, 0x34, 0x9A, 0x71, 0x49, 0xB5, 0x4F, 0x42, 0x1F, 0xB2, 0x9D, 0x6D,
  25833. 0xAA, 0x9D, 0xD3, 0x50, 0xB5, 0x8F, 0x6A, 0x4B, 0xDF, 0x1F, 0xD5, 0x27, 0x8F,
  25834. 0x3B, 0x27, 0xCF, 0x2F, 0x8C, 0xF8, 0x9D, 0x4C, 0x52, 0xBC, 0x32, 0x0F, 0x73,
  25835. 0xD5, 0x51, 0x8E, 0x36, 0x7E, 0xAD, 0x09, 0xF0, 0x94, 0x83, 0x5F, 0x36, 0xFD,
  25836. 0x7C, 0x03, 0xED, 0xF1, 0x5E, 0x4B, 0xF7, 0xAA, 0x55, 0x5C, 0x4A, 0x14, 0x59,
  25837. 0x85, 0x38, 0x2D, 0x8C, 0xDF, 0xEC, 0x65, 0x1B, 0xB8, 0x76, 0x57, 0x96, 0x3C,
  25838. 0x86, 0xED, 0xF2, 0x7F, 0x2D, 0x28, 0x48, 0xDA, 0x49, 0x7F, 0xF7, 0x54, 0x2B,
  25839. 0xD5, 0x39, 0xD5, 0x57, 0x0A, 0x75, 0x7A, 0x3E, 0x5E, 0x5D, 0xBA, 0x4A, 0x15,
  25840. 0xFA, 0xB8, 0x31, 0x80, 0x71, 0x2C, 0xCA, 0xC4, 0x51, 0x10, 0x16, 0x5D, 0x39,
  25841. 0xEC, 0x9D, 0x07, 0xB6, 0x6A, 0x89, 0x9F, 0x9B, 0x5B, 0x6F, 0x03, 0xB0, 0x92,
  25842. 0x01, 0x38, 0x6B, 0x48, 0x99, 0x0A, 0x8F, 0x13, 0xC1, 0xA6, 0x01, 0xEA, 0xBF,
  25843. 0x6F, 0x86, 0x43, 0x51, 0xB6, 0x11, 0x00, 0x00
  25844. };
  25845. WOLFSSL_TEST_SUBROUTINE int compress_test(void)
  25846. {
  25847. int ret = 0;
  25848. word32 dSz = sizeof(sample_text);
  25849. word32 cSz = (dSz + (word32)(dSz * 0.001) + 12);
  25850. byte *c;
  25851. byte *d;
  25852. c = (byte *)XMALLOC(cSz * sizeof(byte), HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  25853. d = (byte *)XMALLOC(dSz * sizeof(byte), HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  25854. if (c == NULL || d == NULL) {
  25855. ERROR_OUT(-12100, exit);
  25856. }
  25857. /* follow calloc and initialize to 0 */
  25858. XMEMSET(c, 0, cSz);
  25859. XMEMSET(d, 0, dSz);
  25860. if ((ret = wc_Compress(c, cSz, sample_text, dSz, 0)) < 0) {
  25861. ERROR_OUT(-12101, exit);
  25862. }
  25863. cSz = (word32)ret;
  25864. if ((ret = wc_DeCompress(d, dSz, c, cSz)) != (int)dSz) {
  25865. ERROR_OUT(-12102, exit);
  25866. }
  25867. if (XMEMCMP(d, sample_text, dSz) != 0) {
  25868. ERROR_OUT(-12103, exit);
  25869. }
  25870. /* GZIP tests */
  25871. cSz = (dSz + (word32)(dSz * 0.001) + 12); /* reset cSz */
  25872. XMEMSET(c, 0, cSz);
  25873. XMEMSET(d, 0, dSz);
  25874. ret = wc_Compress_ex(c, cSz, sample_text, dSz, 0, LIBZ_WINBITS_GZIP);
  25875. if (ret < 0) {
  25876. ERROR_OUT(-12104, exit);
  25877. }
  25878. cSz = (word32)ret;
  25879. ret = wc_DeCompress_ex(d, dSz, c, cSz, LIBZ_WINBITS_GZIP);
  25880. if (ret < 0) {
  25881. ERROR_OUT(-12105, exit);
  25882. }
  25883. if (XMEMCMP(d, sample_text, dSz) != 0) {
  25884. ERROR_OUT(-12106, exit);
  25885. }
  25886. /* Try with gzip generated output */
  25887. XMEMSET(d, 0, dSz);
  25888. ret = wc_DeCompress_ex(d, dSz, sample_text_gz, sizeof(sample_text_gz),
  25889. LIBZ_WINBITS_GZIP);
  25890. if (ret < 0) {
  25891. ERROR_OUT(-12107, exit);
  25892. }
  25893. dSz = (word32)ret;
  25894. if (XMEMCMP(d, sample_text, dSz) != 0) {
  25895. ERROR_OUT(-12108, exit);
  25896. }
  25897. ret = 0; /* success */
  25898. exit:
  25899. if (c) XFREE(c, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  25900. if (d) XFREE(d, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  25901. return ret;
  25902. }
  25903. #endif /* HAVE_LIBZ */
  25904. #ifdef HAVE_PKCS7
  25905. /* External Debugging/Testing Note:
  25906. *
  25907. * PKCS#7 test functions can output generated PKCS#7/CMS bundles for
  25908. * additional testing. To dump bundles to files DER encoded files, please
  25909. * define:
  25910. *
  25911. * #define PKCS7_OUTPUT_TEST_BUNDLES
  25912. */
  25913. /* Loads certs and keys for use with PKCS7 tests, from either files
  25914. * or buffers.
  25915. *
  25916. * rsaClientCertBuf - output buffer for RSA client cert
  25917. * rsaClientCertBufSz - IN/OUT size of output buffer, size of RSA client cert
  25918. * rsaClientPrivKeyBuf - output buffer for RSA client private key
  25919. * rsaClientPrivKeyBufSz - IN/OUT size of output buffer, size of RSA client key
  25920. *
  25921. * rsaServerCertBuf - output buffer for RSA server cert
  25922. * rsaServerCertBufSz - IN/OUT size of output buffer, size of RSA server cert
  25923. * rsaServerPrivKeyBuf - output buffer for RSA server private key
  25924. * rsaServerPrivKeyBufSz - IN/OUT size of output buffer, size of RSA server key
  25925. *
  25926. * rsaCaCertBuf - output buffer for RSA CA cert
  25927. * rsaCaCertBufSz - IN/OUT size of output buffer, size of RSA ca cert
  25928. * rsaCaPrivKeyBuf - output buffer for RSA CA private key
  25929. * rsaCaPrivKeyBufSz - IN/OUT size of output buffer, size of RSA CA key
  25930. *
  25931. * eccClientCertBuf - output buffer for ECC cert
  25932. * eccClientCertBufSz - IN/OUT size of output buffer, size of ECC cert
  25933. * eccClientPrivKeyBuf - output buffer for ECC private key
  25934. * eccClientPrivKeyBufSz - IN/OUT size of output buffer, size of ECC private key
  25935. *
  25936. * Returns 0 on success, negative on error
  25937. */
  25938. static int pkcs7_load_certs_keys(
  25939. byte* rsaClientCertBuf, word32* rsaClientCertBufSz,
  25940. byte* rsaClientPrivKeyBuf, word32* rsaClientPrivKeyBufSz,
  25941. byte* rsaServerCertBuf, word32* rsaServerCertBufSz,
  25942. byte* rsaServerPrivKeyBuf, word32* rsaServerPrivKeyBufSz,
  25943. byte* rsaCaCertBuf, word32* rsaCaCertBufSz,
  25944. byte* rsaCaPrivKeyBuf, word32* rsaCaPrivKeyBufSz,
  25945. byte* eccClientCertBuf, word32* eccClientCertBufSz,
  25946. byte* eccClientPrivKeyBuf, word32* eccClientPrivKeyBufSz)
  25947. {
  25948. #ifndef NO_FILESYSTEM
  25949. XFILE certFile;
  25950. XFILE keyFile;
  25951. (void)certFile;
  25952. (void)keyFile;
  25953. #endif
  25954. #ifndef NO_RSA
  25955. if (rsaClientCertBuf == NULL || rsaClientCertBufSz == NULL ||
  25956. rsaClientPrivKeyBuf == NULL || rsaClientPrivKeyBufSz == NULL)
  25957. return BAD_FUNC_ARG;
  25958. #endif
  25959. #ifdef HAVE_ECC
  25960. if (eccClientCertBuf == NULL || eccClientCertBufSz == NULL ||
  25961. eccClientPrivKeyBuf == NULL || eccClientPrivKeyBufSz == NULL)
  25962. return BAD_FUNC_ARG;
  25963. #endif
  25964. /* RSA */
  25965. #ifndef NO_RSA
  25966. #ifdef USE_CERT_BUFFERS_1024
  25967. if (*rsaClientCertBufSz < (word32)sizeof_client_cert_der_1024)
  25968. return -12110;
  25969. XMEMCPY(rsaClientCertBuf, client_cert_der_1024,
  25970. sizeof_client_cert_der_1024);
  25971. *rsaClientCertBufSz = sizeof_client_cert_der_1024;
  25972. if (rsaServerCertBuf != NULL) {
  25973. if (*rsaServerCertBufSz < (word32)sizeof_server_cert_der_1024)
  25974. return -12111;
  25975. XMEMCPY(rsaServerCertBuf, server_cert_der_1024,
  25976. sizeof_server_cert_der_1024);
  25977. *rsaServerCertBufSz = sizeof_server_cert_der_1024;
  25978. }
  25979. if (rsaCaCertBuf != NULL) {
  25980. if (*rsaCaCertBufSz < (word32)sizeof_ca_cert_der_1024)
  25981. return -12112;
  25982. XMEMCPY(rsaCaCertBuf, ca_cert_der_1024, sizeof_ca_cert_der_1024);
  25983. *rsaCaCertBufSz = sizeof_ca_cert_der_1024;
  25984. }
  25985. #elif defined(USE_CERT_BUFFERS_2048)
  25986. if (*rsaClientCertBufSz < (word32)sizeof_client_cert_der_2048)
  25987. return -12113;
  25988. XMEMCPY(rsaClientCertBuf, client_cert_der_2048,
  25989. sizeof_client_cert_der_2048);
  25990. *rsaClientCertBufSz = sizeof_client_cert_der_2048;
  25991. if (rsaServerCertBuf != NULL) {
  25992. if (*rsaServerCertBufSz < (word32)sizeof_server_cert_der_2048)
  25993. return -12114;
  25994. XMEMCPY(rsaServerCertBuf, server_cert_der_2048,
  25995. sizeof_server_cert_der_2048);
  25996. *rsaServerCertBufSz = sizeof_server_cert_der_2048;
  25997. }
  25998. if (rsaCaCertBuf != NULL) {
  25999. if (*rsaCaCertBufSz < (word32)sizeof_ca_cert_der_2048)
  26000. return -12115;
  26001. XMEMCPY(rsaCaCertBuf, ca_cert_der_2048, sizeof_ca_cert_der_2048);
  26002. *rsaCaCertBufSz = sizeof_ca_cert_der_2048;
  26003. }
  26004. #else
  26005. certFile = XFOPEN(clientCert, "rb");
  26006. if (!certFile)
  26007. return -12116;
  26008. *rsaClientCertBufSz = (word32)XFREAD(rsaClientCertBuf, 1,
  26009. *rsaClientCertBufSz, certFile);
  26010. XFCLOSE(certFile);
  26011. if (rsaServerCertBuf != NULL) {
  26012. certFile = XFOPEN(rsaServerCertDerFile, "rb");
  26013. if (!certFile)
  26014. return -12117;
  26015. *rsaServerCertBufSz = (word32)XFREAD(rsaServerCertBuf, 1,
  26016. *rsaServerCertBufSz, certFile);
  26017. XFCLOSE(certFile);
  26018. }
  26019. if (rsaCaCertBuf != NULL) {
  26020. certFile = XFOPEN(rsaCaCertDerFile, "rb");
  26021. if (!certFile)
  26022. return -12118;
  26023. *rsaCaCertBufSz = (word32)XFREAD(rsaCaCertBuf, 1, *rsaCaCertBufSz,
  26024. certFile);
  26025. XFCLOSE(certFile);
  26026. }
  26027. #endif
  26028. #ifdef USE_CERT_BUFFERS_1024
  26029. if (*rsaClientPrivKeyBufSz < (word32)sizeof_client_key_der_1024)
  26030. return -12119;
  26031. XMEMCPY(rsaClientPrivKeyBuf, client_key_der_1024,
  26032. sizeof_client_key_der_1024);
  26033. *rsaClientPrivKeyBufSz = sizeof_client_key_der_1024;
  26034. if (rsaServerPrivKeyBuf != NULL) {
  26035. if (*rsaServerPrivKeyBufSz < (word32)sizeof_server_key_der_1024)
  26036. return -12120;
  26037. XMEMCPY(rsaServerPrivKeyBuf, server_key_der_1024,
  26038. sizeof_server_key_der_1024);
  26039. *rsaServerPrivKeyBufSz = sizeof_server_key_der_1024;
  26040. }
  26041. if (rsaCaPrivKeyBuf != NULL) {
  26042. if (*rsaCaPrivKeyBufSz < (word32)sizeof_ca_key_der_1024)
  26043. return -12121;
  26044. XMEMCPY(rsaCaPrivKeyBuf, ca_key_der_1024, sizeof_ca_key_der_1024);
  26045. *rsaCaPrivKeyBufSz = sizeof_ca_key_der_1024;
  26046. }
  26047. #elif defined(USE_CERT_BUFFERS_2048)
  26048. if (*rsaClientPrivKeyBufSz < (word32)sizeof_client_key_der_2048)
  26049. return -12122;
  26050. XMEMCPY(rsaClientPrivKeyBuf, client_key_der_2048,
  26051. sizeof_client_key_der_2048);
  26052. *rsaClientPrivKeyBufSz = sizeof_client_key_der_2048;
  26053. if (rsaServerPrivKeyBuf != NULL) {
  26054. if (*rsaServerPrivKeyBufSz < (word32)sizeof_server_key_der_2048)
  26055. return -12123;
  26056. XMEMCPY(rsaServerPrivKeyBuf, server_key_der_2048,
  26057. sizeof_server_key_der_2048);
  26058. *rsaServerPrivKeyBufSz = sizeof_server_key_der_2048;
  26059. }
  26060. if (rsaCaPrivKeyBuf != NULL) {
  26061. if (*rsaCaPrivKeyBufSz < (word32)sizeof_ca_key_der_2048)
  26062. return -12124;
  26063. XMEMCPY(rsaCaPrivKeyBuf, ca_key_der_2048, sizeof_ca_key_der_2048);
  26064. *rsaCaPrivKeyBufSz = sizeof_ca_key_der_2048;
  26065. }
  26066. #else
  26067. keyFile = XFOPEN(clientKey, "rb");
  26068. if (!keyFile)
  26069. return -12125;
  26070. *rsaClientPrivKeyBufSz = (word32)XFREAD(rsaClientPrivKeyBuf, 1,
  26071. *rsaClientPrivKeyBufSz, keyFile);
  26072. XFCLOSE(keyFile);
  26073. if (rsaServerPrivKeyBuf != NULL) {
  26074. keyFile = XFOPEN(rsaServerKeyDerFile, "rb");
  26075. if (!keyFile)
  26076. return -12126;
  26077. *rsaServerPrivKeyBufSz = (word32)XFREAD(rsaServerPrivKeyBuf, 1,
  26078. *rsaServerPrivKeyBufSz, keyFile);
  26079. XFCLOSE(keyFile);
  26080. }
  26081. if (rsaCaPrivKeyBuf != NULL) {
  26082. keyFile = XFOPEN(rsaCaKeyFile, "rb");
  26083. if (!keyFile)
  26084. return -12127;
  26085. *rsaCaPrivKeyBufSz = (word32)XFREAD(rsaCaPrivKeyBuf, 1,
  26086. *rsaCaPrivKeyBufSz, keyFile);
  26087. XFCLOSE(keyFile);
  26088. }
  26089. #endif /* USE_CERT_BUFFERS */
  26090. #endif /* NO_RSA */
  26091. /* ECC */
  26092. #ifdef HAVE_ECC
  26093. #ifdef USE_CERT_BUFFERS_256
  26094. if (*eccClientCertBufSz < (word32)sizeof_cliecc_cert_der_256)
  26095. return -12128;
  26096. XMEMCPY(eccClientCertBuf, cliecc_cert_der_256, sizeof_cliecc_cert_der_256);
  26097. *eccClientCertBufSz = sizeof_cliecc_cert_der_256;
  26098. #else
  26099. certFile = XFOPEN(eccClientCert, "rb");
  26100. if (!certFile)
  26101. return -12129;
  26102. *eccClientCertBufSz = (word32)XFREAD(eccClientCertBuf, 1,
  26103. *eccClientCertBufSz, certFile);
  26104. XFCLOSE(certFile);
  26105. #endif /* USE_CERT_BUFFERS_256 */
  26106. #ifdef USE_CERT_BUFFERS_256
  26107. if (*eccClientPrivKeyBufSz < (word32)sizeof_ecc_clikey_der_256)
  26108. return -12130;
  26109. XMEMCPY(eccClientPrivKeyBuf, ecc_clikey_der_256, sizeof_ecc_clikey_der_256);
  26110. *eccClientPrivKeyBufSz = sizeof_ecc_clikey_der_256;
  26111. #else
  26112. keyFile = XFOPEN(eccClientKey, "rb");
  26113. if (!keyFile)
  26114. return -12131;
  26115. *eccClientPrivKeyBufSz = (word32)XFREAD(eccClientPrivKeyBuf, 1,
  26116. *eccClientPrivKeyBufSz, keyFile);
  26117. XFCLOSE(keyFile);
  26118. #endif /* USE_CERT_BUFFERS_256 */
  26119. #endif /* HAVE_ECC */
  26120. #ifdef NO_RSA
  26121. (void)rsaClientCertBuf;
  26122. (void)rsaClientCertBufSz;
  26123. (void)rsaClientPrivKeyBuf;
  26124. (void)rsaClientPrivKeyBufSz;
  26125. (void)rsaServerCertBuf;
  26126. (void)rsaServerCertBufSz;
  26127. (void)rsaServerPrivKeyBuf;
  26128. (void)rsaServerPrivKeyBufSz;
  26129. (void)rsaCaCertBuf;
  26130. (void)rsaCaCertBufSz;
  26131. (void)rsaCaPrivKeyBuf;
  26132. (void)rsaCaPrivKeyBufSz;
  26133. #endif
  26134. #ifndef HAVE_ECC
  26135. (void)eccClientCertBuf;
  26136. (void)eccClientCertBufSz;
  26137. (void)eccClientPrivKeyBuf;
  26138. (void)eccClientPrivKeyBufSz;
  26139. #endif
  26140. #ifndef NO_FILESYSTEM
  26141. (void)certFile;
  26142. (void)keyFile;
  26143. #endif
  26144. return 0;
  26145. }
  26146. typedef struct {
  26147. const byte* content;
  26148. word32 contentSz;
  26149. int contentOID;
  26150. int encryptOID;
  26151. int keyWrapOID;
  26152. int keyAgreeOID;
  26153. byte* cert;
  26154. size_t certSz;
  26155. byte* privateKey;
  26156. word32 privateKeySz;
  26157. byte* optionalUkm;
  26158. word32 optionalUkmSz;
  26159. int ktriOptions; /* KTRI options flags */
  26160. int kariOptions; /* KARI options flags */
  26161. /* KEKRI specific */
  26162. byte* secretKey; /* key, only for kekri RecipientInfo types */
  26163. word32 secretKeySz; /* size of secretKey, bytes */
  26164. byte* secretKeyId; /* key identifier */
  26165. word32 secretKeyIdSz; /* size of key identifier, bytes */
  26166. void* timePtr; /* time_t pointer */
  26167. byte* otherAttrOID; /* OPTIONAL, other attribute OID */
  26168. word32 otherAttrOIDSz; /* size of otherAttrOID, bytes */
  26169. byte* otherAttr; /* OPTIONAL, other attribute, ASN.1 encoded */
  26170. word32 otherAttrSz; /* size of otherAttr, bytes */
  26171. int kekriOptions; /* KEKRI options flags */
  26172. /* PWRI specific */
  26173. char* password;
  26174. word32 passwordSz;
  26175. byte* salt;
  26176. word32 saltSz;
  26177. int kdfOID;
  26178. int hashOID;
  26179. int kdfIterations;
  26180. int pwriOptions; /* PWRI options flags */
  26181. /* ORI specific */
  26182. int isOri;
  26183. int oriOptions; /* ORI options flags */
  26184. const char* outFileName;
  26185. } pkcs7EnvelopedVector;
  26186. static const byte asnDataOid[] = {
  26187. 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x07, 0x01
  26188. };
  26189. /* ORI encrypt callback, responsible for encrypting content-encryption key (CEK)
  26190. * and giving wolfCrypt the value for oriOID and oriValue to place in
  26191. * OtherRecipientInfo.
  26192. *
  26193. * Returns 0 on success, negative upon error. */
  26194. static int myOriEncryptCb(PKCS7* pkcs7, byte* cek, word32 cekSz, byte* oriType,
  26195. word32* oriTypeSz, byte* oriValue, word32* oriValueSz,
  26196. void* ctx)
  26197. {
  26198. int i;
  26199. /* make sure buffers are large enough */
  26200. if ((*oriValueSz < (2 + cekSz)) || (*oriTypeSz < sizeof(oriType)))
  26201. return -12140;
  26202. /* our simple encryption algorithm will be take the bitwise complement */
  26203. oriValue[0] = 0x04; /*ASN OCTET STRING */
  26204. oriValue[1] = (byte)cekSz; /* length */
  26205. for (i = 0; i < (int)cekSz; i++) {
  26206. oriValue[2 + i] = ~cek[i];
  26207. }
  26208. *oriValueSz = 2 + cekSz;
  26209. /* set oriType to ASN.1 encoded data OID */
  26210. XMEMCPY(oriType, asnDataOid, sizeof(asnDataOid));
  26211. *oriTypeSz = sizeof(asnDataOid);
  26212. (void)pkcs7;
  26213. (void)ctx;
  26214. return 0;
  26215. }
  26216. /* ORI decrypt callback, responsible for providing a decrypted content
  26217. * encryption key (CEK) placed into decryptedKey and size placed into
  26218. * decryptedKeySz. oriOID and oriValue are given to the callback to help
  26219. * in decrypting the encrypted CEK.
  26220. *
  26221. * Returns 0 on success, negative upon error. */
  26222. static int myOriDecryptCb(PKCS7* pkcs7, byte* oriType, word32 oriTypeSz,
  26223. byte* oriValue, word32 oriValueSz, byte* decryptedKey,
  26224. word32* decryptedKeySz, void* ctx)
  26225. {
  26226. int i;
  26227. /* make sure oriType matches what we expect */
  26228. if (oriTypeSz != sizeof(asnDataOid))
  26229. return -12150;
  26230. if (XMEMCMP(oriType, asnDataOid, sizeof(asnDataOid)) != 0)
  26231. return -12151;
  26232. /* make sure decrypted buffer is large enough */
  26233. if (*decryptedKeySz < oriValueSz)
  26234. return -12152;
  26235. /* decrypt encrypted CEK using simple bitwise complement,
  26236. only for example */
  26237. for (i = 0; i < (int)oriValueSz - 2; i++) {
  26238. decryptedKey[i] = ~oriValue[2 + i];
  26239. }
  26240. *decryptedKeySz = oriValueSz - 2;
  26241. (void)pkcs7;
  26242. (void)ctx;
  26243. return 0;
  26244. }
  26245. #ifndef NO_AES
  26246. /* returns 0 on success */
  26247. static int myDecryptionFunc(PKCS7* pkcs7, int encryptOID, byte* iv, int ivSz,
  26248. byte* aad, word32 aadSz, byte* authTag, word32 authTagSz,
  26249. byte* in, int inSz, byte* out, void* usrCtx)
  26250. {
  26251. int keyId = -1, ret, keySz;
  26252. word32 keyIdSz = 8;
  26253. const byte* key;
  26254. byte keyIdRaw[8];
  26255. #ifdef WOLFSSL_SMALL_STACK
  26256. Aes *aes;
  26257. #else
  26258. Aes aes[1];
  26259. #endif
  26260. /* looking for KEY ID
  26261. * fwDecryptKeyID OID "1.2.840.113549.1.9.16.2.37
  26262. */
  26263. WOLFSSL_SMALL_STACK_STATIC const unsigned char OID[] = {
  26264. /* 0x06, 0x0B do not pass in tag and length */
  26265. 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D,
  26266. 0x01, 0x09, 0x10, 0x02, 0x25
  26267. };
  26268. WOLFSSL_SMALL_STACK_STATIC const byte defKey[] = {
  26269. 0x01,0x02,0x03,0x04,0x05,0x06,0x07,0x08,
  26270. 0x01,0x02,0x03,0x04,0x05,0x06,0x07,0x08,
  26271. 0x01,0x02,0x03,0x04,0x05,0x06,0x07,0x08,
  26272. 0x01,0x02,0x03,0x04,0x05,0x06,0x07,0x08
  26273. };
  26274. WOLFSSL_SMALL_STACK_STATIC const byte altKey[] = {
  26275. 0x01,0x02,0x03,0x04,0x05,0x06,0x07,0x08,
  26276. 0x01,0x02,0x03,0x04,0x05,0x06,0x07,0x08
  26277. };
  26278. /* test user context passed in */
  26279. if (usrCtx == NULL || *(int*)usrCtx != 1) {
  26280. return -12160;
  26281. }
  26282. #ifdef WOLFSSL_SMALL_STACK
  26283. if ((aes = (Aes *)XMALLOC(sizeof *aes, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER)) == NULL)
  26284. return -12164;
  26285. #endif
  26286. /* if needing to find keyIdSz can call with NULL */
  26287. ret = wc_PKCS7_GetAttributeValue(pkcs7, OID, sizeof(OID), NULL,
  26288. &keyIdSz);
  26289. if (ret != LENGTH_ONLY_E) {
  26290. printf("Unexpected error %d when getting keyIdSz\n", ret);
  26291. printf("Possibly no KEY ID attribute set\n");
  26292. ERROR_OUT(-12161, out);
  26293. }
  26294. else {
  26295. XMEMSET(keyIdRaw, 0, sizeof(keyIdRaw));
  26296. ret = wc_PKCS7_GetAttributeValue(pkcs7, OID, sizeof(OID), keyIdRaw,
  26297. &keyIdSz);
  26298. if (ret < 0) {
  26299. goto out;
  26300. }
  26301. if (keyIdSz < 3) {
  26302. printf("keyIdSz is smaller than expected\n");
  26303. ERROR_OUT(-12162, out);
  26304. }
  26305. if (keyIdSz > 2 + sizeof(int)) {
  26306. printf("example case was only expecting a keyId of int size\n");
  26307. ERROR_OUT(-12163, out);
  26308. }
  26309. /* keyIdRaw[0] OCTET TAG */
  26310. /* keyIdRaw[1] Length */
  26311. #ifdef BIG_ENDIAN_ORDER
  26312. if (keyIdRaw[1] == 0x01) {
  26313. keyId = 1;
  26314. }
  26315. #else
  26316. keyId = *(int*)(keyIdRaw + 2);
  26317. #endif
  26318. }
  26319. /* Use keyID here if found to select key and decrypt in HSM or in this
  26320. * example just select key and do software decryption */
  26321. if (keyId == 1) {
  26322. key = altKey;
  26323. keySz = sizeof(altKey);
  26324. }
  26325. else {
  26326. key = defKey;
  26327. keySz = sizeof(defKey);
  26328. }
  26329. switch (encryptOID) {
  26330. case AES256CBCb:
  26331. if ((keySz != 32 ) || (ivSz != AES_BLOCK_SIZE))
  26332. ERROR_OUT(BAD_FUNC_ARG, out);
  26333. break;
  26334. case AES128CBCb:
  26335. if ((keySz != 16 ) || (ivSz != AES_BLOCK_SIZE))
  26336. ERROR_OUT(BAD_FUNC_ARG, out);
  26337. break;
  26338. default:
  26339. printf("Unsupported content cipher type for example");
  26340. ERROR_OUT(ALGO_ID_E, out);
  26341. };
  26342. ret = wc_AesInit(aes, HEAP_HINT, INVALID_DEVID);
  26343. if (ret == 0) {
  26344. ret = wc_AesSetKey(aes, key, keySz, iv, AES_DECRYPTION);
  26345. if (ret == 0)
  26346. ret = wc_AesCbcDecrypt(aes, out, in, inSz);
  26347. wc_AesFree(aes);
  26348. }
  26349. out:
  26350. #ifdef WOLFSSL_SMALL_STACK
  26351. XFREE(aes, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  26352. #endif
  26353. (void)aad;
  26354. (void)aadSz;
  26355. (void)authTag;
  26356. (void)authTagSz;
  26357. return ret;
  26358. }
  26359. #endif /* NO_AES */
  26360. #define PKCS7_BUF_SIZE 2048
  26361. static int pkcs7enveloped_run_vectors(byte* rsaCert, word32 rsaCertSz,
  26362. byte* rsaPrivKey, word32 rsaPrivKeySz,
  26363. byte* eccCert, word32 eccCertSz,
  26364. byte* eccPrivKey, word32 eccPrivKeySz)
  26365. {
  26366. int ret = 0, testSz, i;
  26367. int envelopedSz, decodedSz;
  26368. byte *enveloped;
  26369. byte *decoded;
  26370. PKCS7* pkcs7;
  26371. #ifdef ECC_TIMING_RESISTANT
  26372. WC_RNG rng;
  26373. #endif
  26374. #ifdef PKCS7_OUTPUT_TEST_BUNDLES
  26375. XFILE pkcs7File;
  26376. #endif
  26377. WOLFSSL_SMALL_STACK_STATIC const byte data[] = { /* Hello World */
  26378. 0x48,0x65,0x6c,0x6c,0x6f,0x20,0x57,0x6f,
  26379. 0x72,0x6c,0x64
  26380. };
  26381. #if !defined(NO_AES) && defined(WOLFSSL_AES_256) && defined(HAVE_ECC) && \
  26382. defined(WOLFSSL_SHA512)
  26383. byte optionalUkm[] = {
  26384. 0x00,0x01,0x02,0x03,0x04,0x05,0x06,0x07
  26385. };
  26386. #endif /* NO_AES */
  26387. #if !defined(NO_AES) && !defined(NO_SHA) && defined(WOLFSSL_AES_128)
  26388. /* encryption key for kekri recipient types */
  26389. byte secretKey[] = {
  26390. 0x00,0x01,0x02,0x03,0x04,0x05,0x06,0x07,
  26391. 0x00,0x01,0x02,0x03,0x04,0x05,0x06,0x07
  26392. };
  26393. /* encryption key identifier */
  26394. byte secretKeyId[] = {
  26395. 0x02,0x02,0x03,0x04
  26396. };
  26397. #endif
  26398. #if !defined(NO_PWDBASED) && !defined(NO_AES) && \
  26399. !defined(NO_SHA) && defined(WOLFSSL_AES_128)
  26400. #ifndef HAVE_FIPS
  26401. char password[] = "password"; /* NOTE: Password is too short for FIPS */
  26402. #else
  26403. char password[] = "passwordFIPS_MODE";
  26404. #endif
  26405. byte salt[] = {
  26406. 0x12, 0x34, 0x56, 0x78, 0x78, 0x56, 0x34, 0x12
  26407. };
  26408. #endif
  26409. const pkcs7EnvelopedVector testVectors[] =
  26410. {
  26411. /* key transport key encryption technique */
  26412. #ifndef NO_RSA
  26413. #ifndef NO_DES3
  26414. {data, (word32)sizeof(data), DATA, DES3b, 0, 0, rsaCert, rsaCertSz,
  26415. rsaPrivKey, rsaPrivKeySz, NULL, 0, 0, 0, NULL, 0, NULL, 0, NULL, NULL,
  26416. 0, NULL, 0, 0, NULL, 0, NULL, 0, 0, 0, 0, 0, 0, 0,
  26417. "pkcs7envelopedDataDES3.der"},
  26418. #endif
  26419. #ifndef NO_AES
  26420. #ifdef WOLFSSL_AES_128
  26421. {data, (word32)sizeof(data), DATA, AES128CBCb, 0, 0, rsaCert, rsaCertSz,
  26422. rsaPrivKey, rsaPrivKeySz, NULL, 0, 0, 0, NULL, 0, NULL, 0, NULL, NULL,
  26423. 0, NULL, 0, 0, NULL, 0, NULL, 0, 0, 0, 0, 0, 0, 0,
  26424. "pkcs7envelopedDataAES128CBC.der"},
  26425. #endif
  26426. #ifdef WOLFSSL_AES_192
  26427. {data, (word32)sizeof(data), DATA, AES192CBCb, 0, 0, rsaCert, rsaCertSz,
  26428. rsaPrivKey, rsaPrivKeySz, NULL, 0, 0, 0, NULL, 0, NULL, 0, NULL, NULL,
  26429. 0, NULL, 0, 0, NULL, 0, NULL, 0, 0, 0, 0, 0, 0, 0,
  26430. "pkcs7envelopedDataAES192CBC.der"},
  26431. #endif
  26432. #ifdef WOLFSSL_AES_256
  26433. {data, (word32)sizeof(data), DATA, AES256CBCb, 0, 0, rsaCert, rsaCertSz,
  26434. rsaPrivKey, rsaPrivKeySz, NULL, 0, 0, 0, NULL, 0, NULL, 0, NULL, NULL,
  26435. 0, NULL, 0, 0, NULL, 0, NULL, 0, 0, 0, 0, 0, 0, 0,
  26436. "pkcs7envelopedDataAES256CBC.der"},
  26437. /* explicitly using SKID for SubjectKeyIdentifier */
  26438. {data, (word32)sizeof(data), DATA, AES256CBCb, 0, 0, rsaCert, rsaCertSz,
  26439. rsaPrivKey, rsaPrivKeySz, NULL, 0, CMS_SKID, 0, NULL, 0, NULL, 0, NULL,
  26440. NULL, 0, NULL, 0, 0, NULL, 0, NULL, 0, 0, 0, 0, 0, 0, 0,
  26441. "pkcs7envelopedDataAES256CBC_SKID.der"},
  26442. /* explicitly using IssuerAndSerialNumber for SubjectKeyIdentifier */
  26443. {data, (word32)sizeof(data), DATA, AES256CBCb, 0, 0, rsaCert, rsaCertSz,
  26444. rsaPrivKey, rsaPrivKeySz, NULL, 0, CMS_ISSUER_AND_SERIAL_NUMBER, 0,
  26445. NULL, 0, NULL, 0, NULL, NULL, 0, NULL, 0, 0, NULL, 0, NULL, 0, 0, 0,
  26446. 0, 0, 0, 0, "pkcs7envelopedDataAES256CBC_IANDS.der"},
  26447. #endif
  26448. #endif /* NO_AES */
  26449. #endif
  26450. /* key agreement key encryption technique*/
  26451. #ifdef HAVE_ECC
  26452. #ifndef NO_AES
  26453. #if !defined(NO_SHA) && defined(WOLFSSL_AES_128)
  26454. {data, (word32)sizeof(data), DATA, AES128CBCb, AES128_WRAP,
  26455. dhSinglePass_stdDH_sha1kdf_scheme, eccCert, eccCertSz, eccPrivKey,
  26456. eccPrivKeySz, NULL, 0, 0, 0, NULL, 0, NULL, 0, NULL, NULL, 0, NULL, 0,
  26457. 0, NULL, 0, NULL, 0, 0, 0, 0, 0, 0, 0,
  26458. "pkcs7envelopedDataAES128CBC_ECDH_SHA1KDF.der"},
  26459. #endif
  26460. #if !defined(NO_SHA256) && defined(WOLFSSL_AES_256)
  26461. {data, (word32)sizeof(data), DATA, AES256CBCb, AES256_WRAP,
  26462. dhSinglePass_stdDH_sha256kdf_scheme, eccCert, eccCertSz, eccPrivKey,
  26463. eccPrivKeySz, NULL, 0, 0, 0, NULL, 0, NULL, 0, NULL, NULL, 0, NULL, 0,
  26464. 0, NULL, 0, NULL, 0, 0, 0, 0, 0, 0, 0,
  26465. "pkcs7envelopedDataAES256CBC_ECDH_SHA256KDF.der"},
  26466. #endif /* NO_SHA256 && WOLFSSL_AES_256 */
  26467. #if defined(WOLFSSL_SHA512) && defined(WOLFSSL_AES_256)
  26468. {data, (word32)sizeof(data), DATA, AES256CBCb, AES256_WRAP,
  26469. dhSinglePass_stdDH_sha512kdf_scheme, eccCert, eccCertSz, eccPrivKey,
  26470. eccPrivKeySz, NULL, 0, 0, 0, NULL, 0, NULL, 0, NULL, NULL, 0, NULL, 0,
  26471. 0, NULL, 0, NULL, 0, 0, 0, 0, 0, 0, 0,
  26472. "pkcs7envelopedDataAES256CBC_ECDH_SHA512KDF.der"},
  26473. /* with optional user keying material (ukm) */
  26474. {data, (word32)sizeof(data), DATA, AES256CBCb, AES256_WRAP,
  26475. dhSinglePass_stdDH_sha512kdf_scheme, eccCert, eccCertSz, eccPrivKey,
  26476. eccPrivKeySz, optionalUkm, sizeof(optionalUkm), 0, 0, NULL, 0,
  26477. NULL, 0, NULL, NULL, 0, NULL, 0, 0, NULL, 0, NULL, 0, 0, 0, 0, 0, 0, 0,
  26478. "pkcs7envelopedDataAES256CBC_ECDH_SHA512KDF_ukm.der"},
  26479. #endif /* WOLFSSL_SHA512 && WOLFSSL_AES_256 */
  26480. #endif /* NO_AES */
  26481. #endif
  26482. /* kekri (KEKRecipientInfo) recipient types */
  26483. #ifndef NO_AES
  26484. #if !defined(NO_SHA) && defined(WOLFSSL_AES_128)
  26485. {data, (word32)sizeof(data), DATA, AES128CBCb, AES128_WRAP, 0,
  26486. NULL, 0, NULL, 0, NULL, 0, 0, 0, secretKey, sizeof(secretKey),
  26487. secretKeyId, sizeof(secretKeyId), NULL, NULL, 0, NULL, 0,
  26488. 0, NULL, 0, NULL, 0, 0, 0, 0, 0, 0, 0,
  26489. "pkcs7envelopedDataAES128CBC_KEKRI.der"},
  26490. #endif
  26491. #endif
  26492. /* pwri (PasswordRecipientInfo) recipient types */
  26493. #if !defined(NO_PWDBASED) && !defined(NO_AES)
  26494. #if !defined(NO_SHA) && defined(WOLFSSL_AES_128)
  26495. {data, (word32)sizeof(data), DATA, AES128CBCb, 0, 0,
  26496. NULL, 0, NULL, 0, NULL, 0, 0, 0, NULL, 0,
  26497. NULL, 0, NULL, NULL, 0, NULL, 0, 0, password,
  26498. (word32)XSTRLEN(password), salt, sizeof(salt), PBKDF2_OID, WC_SHA, 5,
  26499. 0, 0, 0, "pkcs7envelopedDataAES128CBC_PWRI.der"},
  26500. #endif
  26501. #endif
  26502. #if !defined(NO_AES) && !defined(NO_AES_128)
  26503. /* ori (OtherRecipientInfo) recipient types */
  26504. {data, (word32)sizeof(data), DATA, AES128CBCb, 0, 0, NULL, 0, NULL, 0,
  26505. NULL, 0, 0, 0, NULL, 0, NULL, 0, NULL, NULL, 0, NULL, 0, 0, NULL, 0,
  26506. NULL, 0, 0, 0, 0, 0, 1, 0, "pkcs7envelopedDataAES128CBC_ORI.der"},
  26507. #endif
  26508. };
  26509. enveloped = (byte *)XMALLOC(PKCS7_BUF_SIZE, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  26510. decoded = (byte *)XMALLOC(PKCS7_BUF_SIZE, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  26511. if ((! enveloped) || (! decoded)) {
  26512. ERROR_OUT(-12170, out);
  26513. }
  26514. testSz = sizeof(testVectors) / sizeof(pkcs7EnvelopedVector);
  26515. #ifdef ECC_TIMING_RESISTANT
  26516. #ifndef HAVE_FIPS
  26517. ret = wc_InitRng_ex(&rng, HEAP_HINT, devId);
  26518. #else
  26519. ret = wc_InitRng(&rng);
  26520. #endif
  26521. if (ret != 0) {
  26522. ERROR_OUT(-12171, out);
  26523. }
  26524. #endif
  26525. for (i = 0; i < testSz; i++) {
  26526. pkcs7 = wc_PKCS7_New(HEAP_HINT,
  26527. #ifdef WOLFSSL_ASYNC_CRYPT
  26528. INVALID_DEVID /* async PKCS7 is not supported */
  26529. #else
  26530. devId
  26531. #endif
  26532. );
  26533. if (pkcs7 == NULL) {
  26534. ERROR_OUT(-12172, out);
  26535. }
  26536. if (testVectors[i].secretKey != NULL) {
  26537. /* KEKRI recipient type */
  26538. ret = wc_PKCS7_Init(pkcs7, pkcs7->heap, pkcs7->devId);
  26539. if (ret != 0) {
  26540. ERROR_OUT(-12173, out);
  26541. }
  26542. pkcs7->content = (byte*)testVectors[i].content;
  26543. pkcs7->contentSz = testVectors[i].contentSz;
  26544. pkcs7->contentOID = testVectors[i].contentOID;
  26545. pkcs7->encryptOID = testVectors[i].encryptOID;
  26546. pkcs7->ukm = testVectors[i].optionalUkm;
  26547. pkcs7->ukmSz = testVectors[i].optionalUkmSz;
  26548. ret = wc_PKCS7_AddRecipient_KEKRI(pkcs7, testVectors[i].keyWrapOID,
  26549. testVectors[i].secretKey, testVectors[i].secretKeySz,
  26550. testVectors[i].secretKeyId, testVectors[i].secretKeyIdSz,
  26551. testVectors[i].timePtr, testVectors[i].otherAttrOID,
  26552. testVectors[i].otherAttrOIDSz, testVectors[i].otherAttr,
  26553. testVectors[i].otherAttrSz, testVectors[i].kekriOptions);
  26554. if (ret < 0) {
  26555. wc_PKCS7_Free(pkcs7);
  26556. ERROR_OUT(-12174, out);
  26557. }
  26558. /* set key, for decryption */
  26559. ret = wc_PKCS7_SetKey(pkcs7, testVectors[i].secretKey,
  26560. testVectors[i].secretKeySz);
  26561. if (ret != 0) {
  26562. wc_PKCS7_Free(pkcs7);
  26563. ERROR_OUT(-12175, out);
  26564. }
  26565. } else if (testVectors[i].password != NULL) {
  26566. #ifndef NO_PWDBASED
  26567. /* PWRI recipient type */
  26568. ret = wc_PKCS7_Init(pkcs7, pkcs7->heap, pkcs7->devId);
  26569. if (ret != 0) {
  26570. ERROR_OUT(-12176, out);
  26571. }
  26572. pkcs7->content = (byte*)testVectors[i].content;
  26573. pkcs7->contentSz = testVectors[i].contentSz;
  26574. pkcs7->contentOID = testVectors[i].contentOID;
  26575. pkcs7->encryptOID = testVectors[i].encryptOID;
  26576. pkcs7->ukm = testVectors[i].optionalUkm;
  26577. pkcs7->ukmSz = testVectors[i].optionalUkmSz;
  26578. ret = wc_PKCS7_AddRecipient_PWRI(pkcs7,
  26579. (byte*)testVectors[i].password,
  26580. testVectors[i].passwordSz, testVectors[i].salt,
  26581. testVectors[i].saltSz, testVectors[i].kdfOID,
  26582. testVectors[i].hashOID, testVectors[i].kdfIterations,
  26583. testVectors[i].encryptOID, testVectors[i].pwriOptions);
  26584. if (ret < 0) {
  26585. wc_PKCS7_Free(pkcs7);
  26586. ERROR_OUT(-12177, out);
  26587. }
  26588. /* set password, for decryption */
  26589. ret = wc_PKCS7_SetPassword(pkcs7, (byte*)testVectors[i].password,
  26590. testVectors[i].passwordSz);
  26591. if (ret < 0) {
  26592. wc_PKCS7_Free(pkcs7);
  26593. ERROR_OUT(-12178, out);
  26594. }
  26595. #endif /* NO_PWDBASED */
  26596. } else if (testVectors[i].isOri == 1) {
  26597. /* ORI recipient type */
  26598. ret = wc_PKCS7_Init(pkcs7, pkcs7->heap, pkcs7->devId);
  26599. if (ret != 0) {
  26600. ERROR_OUT(-12179, out);
  26601. }
  26602. pkcs7->content = (byte*)testVectors[i].content;
  26603. pkcs7->contentSz = testVectors[i].contentSz;
  26604. pkcs7->contentOID = testVectors[i].contentOID;
  26605. pkcs7->encryptOID = testVectors[i].encryptOID;
  26606. ret = wc_PKCS7_AddRecipient_ORI(pkcs7, myOriEncryptCb,
  26607. testVectors[i].oriOptions);
  26608. if (ret < 0) {
  26609. wc_PKCS7_Free(pkcs7);
  26610. ERROR_OUT(-12180, out);
  26611. }
  26612. /* set decrypt callback for decryption */
  26613. ret = wc_PKCS7_SetOriDecryptCb(pkcs7, myOriDecryptCb);
  26614. if (ret < 0) {
  26615. wc_PKCS7_Free(pkcs7);
  26616. ERROR_OUT(-12181, out);
  26617. }
  26618. } else {
  26619. /* KTRI or KARI recipient types */
  26620. ret = wc_PKCS7_Init(pkcs7, pkcs7->heap, pkcs7->devId);
  26621. if (ret != 0) {
  26622. ERROR_OUT(-12182, out);
  26623. }
  26624. ret = wc_PKCS7_InitWithCert(pkcs7, testVectors[i].cert,
  26625. (word32)testVectors[i].certSz);
  26626. if (ret != 0) {
  26627. wc_PKCS7_Free(pkcs7);
  26628. ERROR_OUT(-12183, out);
  26629. }
  26630. pkcs7->keyWrapOID = testVectors[i].keyWrapOID;
  26631. pkcs7->keyAgreeOID = testVectors[i].keyAgreeOID;
  26632. pkcs7->privateKey = testVectors[i].privateKey;
  26633. pkcs7->privateKeySz = testVectors[i].privateKeySz;
  26634. pkcs7->content = (byte*)testVectors[i].content;
  26635. pkcs7->contentSz = testVectors[i].contentSz;
  26636. pkcs7->contentOID = testVectors[i].contentOID;
  26637. pkcs7->encryptOID = testVectors[i].encryptOID;
  26638. pkcs7->ukm = testVectors[i].optionalUkm;
  26639. pkcs7->ukmSz = testVectors[i].optionalUkmSz;
  26640. /* set SubjectIdentifier type for KTRI types */
  26641. if (testVectors[i].ktriOptions & CMS_SKID) {
  26642. ret = wc_PKCS7_SetSignerIdentifierType(pkcs7, CMS_SKID);
  26643. if (ret != 0) {
  26644. wc_PKCS7_Free(pkcs7);
  26645. ERROR_OUT(-12184, out);
  26646. }
  26647. } else if (testVectors[i].ktriOptions &
  26648. CMS_ISSUER_AND_SERIAL_NUMBER) {
  26649. ret = wc_PKCS7_SetSignerIdentifierType(pkcs7,
  26650. CMS_ISSUER_AND_SERIAL_NUMBER);
  26651. if (ret != 0) {
  26652. wc_PKCS7_Free(pkcs7);
  26653. ERROR_OUT(-12185, out);
  26654. }
  26655. }
  26656. }
  26657. #ifdef ECC_TIMING_RESISTANT
  26658. pkcs7->rng = &rng;
  26659. #endif
  26660. /* encode envelopedData */
  26661. envelopedSz = wc_PKCS7_EncodeEnvelopedData(pkcs7, enveloped,
  26662. PKCS7_BUF_SIZE);
  26663. if (envelopedSz <= 0) {
  26664. wc_PKCS7_Free(pkcs7);
  26665. ERROR_OUT(-12186, out);
  26666. }
  26667. /* decode envelopedData */
  26668. decodedSz = wc_PKCS7_DecodeEnvelopedData(pkcs7, enveloped, envelopedSz,
  26669. decoded, PKCS7_BUF_SIZE);
  26670. if (decodedSz <= 0) {
  26671. wc_PKCS7_Free(pkcs7);
  26672. ERROR_OUT(-12187, out);
  26673. }
  26674. /* test decode result */
  26675. if (XMEMCMP(decoded, data, sizeof(data)) != 0){
  26676. wc_PKCS7_Free(pkcs7);
  26677. ERROR_OUT(-12188, out);
  26678. }
  26679. #ifndef NO_PKCS7_STREAM
  26680. { /* test reading byte by byte */
  26681. int z;
  26682. for (z = 0; z < envelopedSz; z++) {
  26683. decodedSz = wc_PKCS7_DecodeEnvelopedData(pkcs7, enveloped + z, 1,
  26684. decoded, PKCS7_BUF_SIZE);
  26685. if (decodedSz <= 0 && decodedSz != WC_PKCS7_WANT_READ_E) {
  26686. printf("unexpected error %d\n", decodedSz);
  26687. ERROR_OUT(-12189, out);
  26688. }
  26689. }
  26690. /* test decode result */
  26691. if (XMEMCMP(decoded, data, sizeof(data)) != 0) {
  26692. printf("stream read compare failed\n");
  26693. wc_PKCS7_Free(pkcs7);
  26694. ERROR_OUT(-12190, out);
  26695. }
  26696. }
  26697. #endif
  26698. #ifdef PKCS7_OUTPUT_TEST_BUNDLES
  26699. /* output pkcs7 envelopedData for external testing */
  26700. pkcs7File = XFOPEN(testVectors[i].outFileName, "wb");
  26701. if (!pkcs7File) {
  26702. wc_PKCS7_Free(pkcs7);
  26703. ERROR_OUT(-12191, out);
  26704. }
  26705. ret = (int)XFWRITE(enveloped, 1, envelopedSz, pkcs7File);
  26706. XFCLOSE(pkcs7File);
  26707. if (ret != envelopedSz) {
  26708. wc_PKCS7_Free(pkcs7);
  26709. ERROR_OUT(-12192, out);
  26710. } else {
  26711. /* reset ret to 0 for success */
  26712. ret = 0;
  26713. }
  26714. #endif /* PKCS7_OUTPUT_TEST_BUNDLES */
  26715. wc_PKCS7_Free(pkcs7);
  26716. pkcs7 = NULL;
  26717. }
  26718. #ifdef ECC_TIMING_RESISTANT
  26719. wc_FreeRng(&rng);
  26720. #endif
  26721. (void)eccCert;
  26722. (void)eccCertSz;
  26723. (void)eccPrivKey;
  26724. (void)eccPrivKeySz;
  26725. (void)rsaCert;
  26726. (void)rsaCertSz;
  26727. (void)rsaPrivKey;
  26728. (void)rsaPrivKeySz;
  26729. out:
  26730. if (enveloped)
  26731. XFREE(enveloped, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  26732. if (decoded)
  26733. XFREE(decoded, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  26734. return ret;
  26735. }
  26736. WOLFSSL_TEST_SUBROUTINE int pkcs7enveloped_test(void)
  26737. {
  26738. int ret = 0;
  26739. byte* rsaCert = NULL;
  26740. byte* rsaPrivKey = NULL;
  26741. word32 rsaCertSz = 0;
  26742. word32 rsaPrivKeySz = 0;
  26743. byte* eccCert = NULL;
  26744. byte* eccPrivKey = NULL;
  26745. word32 eccCertSz = 0;
  26746. word32 eccPrivKeySz = 0;
  26747. #ifndef NO_RSA
  26748. /* read client RSA cert and key in DER format */
  26749. rsaCert = (byte*)XMALLOC(FOURK_BUF, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  26750. if (rsaCert == NULL)
  26751. return -12200;
  26752. rsaPrivKey = (byte*)XMALLOC(FOURK_BUF, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  26753. if (rsaPrivKey == NULL) {
  26754. XFREE(rsaCert, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  26755. return -12201;
  26756. }
  26757. rsaCertSz = FOURK_BUF;
  26758. rsaPrivKeySz = FOURK_BUF;
  26759. #endif /* NO_RSA */
  26760. #ifdef HAVE_ECC
  26761. /* read client ECC cert and key in DER format */
  26762. eccCert = (byte*)XMALLOC(FOURK_BUF, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  26763. if (eccCert == NULL) {
  26764. #ifndef NO_RSA
  26765. XFREE(rsaCert, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  26766. XFREE(rsaPrivKey, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  26767. #endif
  26768. return -12202;
  26769. }
  26770. eccPrivKey =(byte*)XMALLOC(FOURK_BUF, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  26771. if (eccPrivKey == NULL) {
  26772. #ifndef NO_RSA
  26773. XFREE(rsaCert, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  26774. XFREE(rsaPrivKey, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  26775. #endif
  26776. XFREE(eccCert, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  26777. return -12203;
  26778. }
  26779. eccCertSz = FOURK_BUF;
  26780. eccPrivKeySz = FOURK_BUF;
  26781. #endif /* HAVE_ECC */
  26782. ret = pkcs7_load_certs_keys(rsaCert, &rsaCertSz, rsaPrivKey,
  26783. &rsaPrivKeySz, NULL, NULL, NULL, NULL,
  26784. NULL, NULL, NULL, NULL, eccCert, &eccCertSz,
  26785. eccPrivKey, &eccPrivKeySz);
  26786. if (ret < 0) {
  26787. #ifndef NO_RSA
  26788. XFREE(rsaCert, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  26789. XFREE(rsaPrivKey, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  26790. #endif
  26791. #ifdef HAVE_ECC
  26792. XFREE(eccCert, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  26793. XFREE(eccPrivKey, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  26794. #endif
  26795. return -12204;
  26796. }
  26797. ret = pkcs7enveloped_run_vectors(rsaCert, (word32)rsaCertSz,
  26798. rsaPrivKey, (word32)rsaPrivKeySz,
  26799. eccCert, (word32)eccCertSz,
  26800. eccPrivKey, (word32)eccPrivKeySz);
  26801. #ifndef NO_RSA
  26802. XFREE(rsaCert, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  26803. XFREE(rsaPrivKey, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  26804. #endif
  26805. #ifdef HAVE_ECC
  26806. XFREE(eccCert, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  26807. XFREE(eccPrivKey, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  26808. #endif
  26809. return ret;
  26810. }
  26811. #if defined(HAVE_AESGCM) || defined(HAVE_AESCCM)
  26812. typedef struct {
  26813. const byte* content;
  26814. word32 contentSz;
  26815. int contentOID;
  26816. int encryptOID;
  26817. int keyWrapOID;
  26818. int keyAgreeOID;
  26819. byte* cert;
  26820. size_t certSz;
  26821. byte* privateKey;
  26822. word32 privateKeySz;
  26823. PKCS7Attrib* authAttribs;
  26824. word32 authAttribsSz;
  26825. PKCS7Attrib* unauthAttribs;
  26826. word32 unauthAttribsSz;
  26827. /* KARI / KTRI specific */
  26828. byte* optionalUkm;
  26829. word32 optionalUkmSz;
  26830. int ktriOptions; /* KTRI options flags */
  26831. int kariOptions; /* KARI options flags */
  26832. /* KEKRI specific */
  26833. byte* secretKey; /* key, only for kekri RecipientInfo types */
  26834. word32 secretKeySz; /* size of secretKey, bytes */
  26835. byte* secretKeyId; /* key identifier */
  26836. word32 secretKeyIdSz; /* size of key identifier, bytes */
  26837. void* timePtr; /* time_t pointer */
  26838. byte* otherAttrOID; /* OPTIONAL, other attribute OID */
  26839. word32 otherAttrOIDSz; /* size of otherAttrOID, bytes */
  26840. byte* otherAttr; /* OPTIONAL, other attribute, ASN.1 encoded */
  26841. word32 otherAttrSz; /* size of otherAttr, bytes */
  26842. int kekriOptions; /* KEKRI options flags */
  26843. /* PWRI specific */
  26844. char* password; /* password */
  26845. word32 passwordSz; /* password size, bytes */
  26846. byte* salt; /* KDF salt */
  26847. word32 saltSz; /* KDF salt size, bytes */
  26848. int kdfOID; /* KDF OID */
  26849. int hashOID; /* KDF hash algorithm OID */
  26850. int kdfIterations; /* KDF iterations */
  26851. int kekEncryptOID; /* KEK encryption algorithm OID */
  26852. int pwriOptions; /* PWRI options flags */
  26853. /* ORI specific */
  26854. int isOri;
  26855. int oriOptions; /* ORI options flags */
  26856. const char* outFileName;
  26857. } pkcs7AuthEnvelopedVector;
  26858. static int pkcs7authenveloped_run_vectors(byte* rsaCert, word32 rsaCertSz,
  26859. byte* rsaPrivKey, word32 rsaPrivKeySz,
  26860. byte* eccCert, word32 eccCertSz,
  26861. byte* eccPrivKey, word32 eccPrivKeySz)
  26862. {
  26863. int ret = 0, testSz = 0, i;
  26864. int envelopedSz, decodedSz;
  26865. byte *enveloped = NULL;
  26866. byte *decoded = NULL;
  26867. WC_RNG rng;
  26868. PKCS7* pkcs7;
  26869. #ifdef PKCS7_OUTPUT_TEST_BUNDLES
  26870. XFILE pkcs7File;
  26871. #endif
  26872. WOLFSSL_SMALL_STACK_STATIC const byte data[] = { /* Hello World */
  26873. 0x48,0x65,0x6c,0x6c,0x6f,0x20,0x57,0x6f,
  26874. 0x72,0x6c,0x64
  26875. };
  26876. byte senderNonce[PKCS7_NONCE_SZ + 2];
  26877. #ifdef HAVE_ECC
  26878. WOLFSSL_SMALL_STACK_STATIC const byte senderNonceOid[] =
  26879. { 0x06, 0x0a, 0x60, 0x86, 0x48, 0x01, 0x86, 0xF8, 0x45, 0x01,
  26880. 0x09, 0x05 };
  26881. PKCS7Attrib attribs[] =
  26882. {
  26883. { senderNonceOid, sizeof(senderNonceOid), senderNonce,
  26884. sizeof(senderNonce) }
  26885. };
  26886. #endif
  26887. #if !defined(NO_AES) && defined(WOLFSSL_AES_256) && defined(HAVE_ECC) && \
  26888. defined(WOLFSSL_SHA512)
  26889. WOLFSSL_SMALL_STACK_STATIC const byte optionalUkm[] = {
  26890. 0x00,0x01,0x02,0x03,0x04,0x05,0x06,0x07
  26891. };
  26892. #endif /* NO_AES */
  26893. #if !defined(NO_AES) && !defined(NO_SHA) && defined(WOLFSSL_AES_128)
  26894. /* encryption key for kekri recipient types */
  26895. WOLFSSL_SMALL_STACK_STATIC const byte secretKey[] = {
  26896. 0x00,0x01,0x02,0x03,0x04,0x05,0x06,0x07,
  26897. 0x00,0x01,0x02,0x03,0x04,0x05,0x06,0x07
  26898. };
  26899. /* encryption key identifier */
  26900. WOLFSSL_SMALL_STACK_STATIC const byte secretKeyId[] = {
  26901. 0x02,0x02,0x03,0x04
  26902. };
  26903. #endif
  26904. #if !defined(NO_PWDBASED) && !defined(NO_AES) && defined(HAVE_AESGCM) && \
  26905. !defined(NO_SHA) && defined(WOLFSSL_AES_128)
  26906. #ifndef HAVE_FIPS
  26907. WOLFSSL_SMALL_STACK_STATIC const char password[] = "password";
  26908. #else
  26909. WOLFSSL_SMALL_STACK_STATIC const char password[] = "passwordFIPS_MODE";
  26910. #endif
  26911. WOLFSSL_SMALL_STACK_STATIC const byte salt[] = {
  26912. 0x12, 0x34, 0x56, 0x78, 0x78, 0x56, 0x34, 0x12
  26913. };
  26914. #endif
  26915. pkcs7AuthEnvelopedVector *testVectors = NULL;
  26916. {
  26917. #define ADD_PKCS7_TEST_VEC(...) { \
  26918. const pkcs7AuthEnvelopedVector vec = __VA_ARGS__; \
  26919. testVectors = (pkcs7AuthEnvelopedVector *) \
  26920. XREALLOC(testVectors, \
  26921. sizeof *testVectors * (testSz + 1), \
  26922. HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); \
  26923. if (testVectors == NULL) \
  26924. ERROR_OUT(-12233, out); \
  26925. XMEMCPY(&testVectors[testSz++], &vec, sizeof *testVectors); \
  26926. }
  26927. /* key transport key encryption technique */
  26928. #ifndef NO_RSA
  26929. #if !defined(NO_AES) && defined(HAVE_AESGCM)
  26930. #ifdef WOLFSSL_AES_128
  26931. ADD_PKCS7_TEST_VEC(
  26932. {data, (word32)sizeof(data), DATA, AES128GCMb, 0, 0, rsaCert, rsaCertSz,
  26933. rsaPrivKey, rsaPrivKeySz, NULL, 0, NULL, 0, NULL, 0, 0, 0, NULL, 0,
  26934. NULL, 0, NULL, NULL, 0, NULL, 0, 0, NULL, 0, NULL, 0, 0, 0, 0, 0, 0,
  26935. 0, 0, "pkcs7authEnvelopedDataAES128GCM.der"});
  26936. #endif
  26937. #ifdef WOLFSSL_AES_192
  26938. ADD_PKCS7_TEST_VEC(
  26939. {data, (word32)sizeof(data), DATA, AES192GCMb, 0, 0, rsaCert, rsaCertSz,
  26940. rsaPrivKey, rsaPrivKeySz, NULL, 0, NULL, 0, NULL, 0, 0, 0, NULL, 0,
  26941. NULL, 0, NULL, NULL, 0, NULL, 0, 0, NULL, 0, NULL, 0, 0, 0, 0, 0, 0,
  26942. 0, 0, "pkcs7authEnvelopedDataAES192GCM.der"});
  26943. #endif
  26944. #ifdef WOLFSSL_AES_256
  26945. ADD_PKCS7_TEST_VEC(
  26946. {data, (word32)sizeof(data), DATA, AES256GCMb, 0, 0, rsaCert, rsaCertSz,
  26947. rsaPrivKey, rsaPrivKeySz, NULL, 0, NULL, 0, NULL, 0, 0, 0, NULL, 0,
  26948. NULL, 0, NULL, NULL, 0, NULL, 0, 0, NULL, 0, NULL, 0, 0, 0, 0, 0, 0,
  26949. 0, 0, "pkcs7authEnvelopedDataAES256GCM.der"});
  26950. /* test with contentType set to FirmwarePkgData */
  26951. ADD_PKCS7_TEST_VEC(
  26952. {data, (word32)sizeof(data), FIRMWARE_PKG_DATA, AES256GCMb, 0, 0,
  26953. rsaCert, rsaCertSz, rsaPrivKey, rsaPrivKeySz, NULL, 0, NULL, 0, NULL,
  26954. 0, 0, 0, NULL, 0, NULL, 0, NULL, NULL, 0, NULL, 0, 0, NULL, 0, NULL,
  26955. 0, 0, 0, 0, 0, 0, 0, 0,
  26956. "pkcs7authEnvelopedDataAES256GCM_firmwarePkgData.der"});
  26957. /* explicitly using SKID for SubjectKeyIdentifier */
  26958. ADD_PKCS7_TEST_VEC(
  26959. {data, (word32)sizeof(data), DATA, AES256GCMb, 0, 0, rsaCert, rsaCertSz,
  26960. rsaPrivKey, rsaPrivKeySz, NULL, 0, NULL, 0, NULL, 0, CMS_SKID, 0,
  26961. NULL, 0, NULL, 0, NULL, NULL, 0, NULL, 0, 0, NULL, 0, NULL, 0, 0, 0,
  26962. 0, 0, 0, 0, 0, "pkcs7authEnvelopedDataAES256GCM_SKID.der"});
  26963. /* explicitly using IssuerAndSerialNumber for SubjectKeyIdentifier */
  26964. ADD_PKCS7_TEST_VEC(
  26965. {data, (word32)sizeof(data), DATA, AES256GCMb, 0, 0, rsaCert, rsaCertSz,
  26966. rsaPrivKey, rsaPrivKeySz, NULL, 0, NULL, 0, NULL, 0,
  26967. CMS_ISSUER_AND_SERIAL_NUMBER, 0, NULL, 0, NULL, 0, NULL, NULL, 0,
  26968. NULL, 0, 0, NULL, 0, NULL, 0, 0, 0, 0, 0, 0, 0, 0,
  26969. "pkcs7authEnvelopedDataAES256GCM_IANDS.der"});
  26970. #endif
  26971. #endif /* NO_AES */
  26972. #endif
  26973. /* key agreement key encryption technique*/
  26974. #ifdef HAVE_ECC
  26975. #if !defined(NO_AES) && defined(HAVE_AESGCM)
  26976. #if !defined(NO_SHA) && defined(WOLFSSL_AES_128)
  26977. ADD_PKCS7_TEST_VEC(
  26978. {data, (word32)sizeof(data), DATA, AES128GCMb, AES128_WRAP,
  26979. dhSinglePass_stdDH_sha1kdf_scheme, eccCert, eccCertSz, eccPrivKey,
  26980. eccPrivKeySz, NULL, 0, NULL, 0, NULL, 0, 0, 0, NULL, 0, NULL, 0,
  26981. NULL, NULL, 0, NULL, 0, 0, NULL, 0, NULL, 0, 0, 0, 0, 0, 0, 0, 0,
  26982. "pkcs7authEnvelopedDataAES128GCM_ECDH_SHA1KDF.der"});
  26983. #endif
  26984. #if !defined(NO_SHA256) && defined(WOLFSSL_AES_256)
  26985. ADD_PKCS7_TEST_VEC(
  26986. {data, (word32)sizeof(data), DATA, AES256GCMb, AES256_WRAP,
  26987. dhSinglePass_stdDH_sha256kdf_scheme, eccCert, eccCertSz, eccPrivKey,
  26988. eccPrivKeySz, NULL, 0, NULL, 0, NULL, 0, 0, 0, NULL, 0, NULL, 0,
  26989. NULL, NULL, 0, NULL, 0, 0, NULL, 0, NULL, 0, 0, 0, 0, 0, 0, 0, 0,
  26990. "pkcs7authEnvelopedDataAES256GCM_ECDH_SHA256KDF.der"});
  26991. /* with authenticated attributes */
  26992. ADD_PKCS7_TEST_VEC(
  26993. {data, (word32)sizeof(data), DATA, AES256GCMb, AES256_WRAP,
  26994. dhSinglePass_stdDH_sha256kdf_scheme, eccCert, eccCertSz, eccPrivKey,
  26995. eccPrivKeySz, attribs, (sizeof(attribs) / sizeof(PKCS7Attrib)),
  26996. NULL, 0, NULL, 0, 0, 0, NULL, 0,
  26997. NULL, 0, NULL, NULL, 0, NULL, 0, 0, NULL, 0, NULL, 0, 0, 0, 0, 0,
  26998. 0, 0, 0,
  26999. "pkcs7authEnvelopedDataAES256GCM_ECDH_SHA256KDF_authAttribs.der"});
  27000. /* with unauthenticated attributes */
  27001. ADD_PKCS7_TEST_VEC(
  27002. {data, (word32)sizeof(data), DATA, AES256GCMb, AES256_WRAP,
  27003. dhSinglePass_stdDH_sha256kdf_scheme, eccCert, eccCertSz, eccPrivKey,
  27004. eccPrivKeySz, NULL, 0, attribs,
  27005. (sizeof(attribs) / sizeof(PKCS7Attrib)), NULL, 0, 0, 0, NULL, 0,
  27006. NULL, 0, NULL, NULL, 0, NULL, 0, 0, NULL, 0, NULL, 0, 0, 0, 0, 0,
  27007. 0, 0, 0,
  27008. "pkcs7authEnvelopedDataAES256GCM_ECDH_SHA256KDF_unauthAttribs.der"});
  27009. /* with authenticated AND unauthenticated attributes */
  27010. ADD_PKCS7_TEST_VEC(
  27011. {data, (word32)sizeof(data), DATA, AES256GCMb, AES256_WRAP,
  27012. dhSinglePass_stdDH_sha256kdf_scheme, eccCert, eccCertSz, eccPrivKey,
  27013. eccPrivKeySz, attribs, (sizeof(attribs) / sizeof(PKCS7Attrib)),
  27014. attribs, (sizeof(attribs) / sizeof(PKCS7Attrib)), NULL, 0, 0, 0,
  27015. NULL, 0, NULL, 0, NULL, NULL, 0, NULL, 0, 0, NULL, 0, NULL, 0, 0,
  27016. 0, 0, 0, 0, 0, 0,
  27017. "pkcs7authEnvelopedDataAES256GCM_ECDH_SHA256KDF_bothAttribs.der"});
  27018. /* with authenticated AND unauthenticated attributes AND
  27019. * contentType of FirmwarePkgData */
  27020. ADD_PKCS7_TEST_VEC(
  27021. {data, (word32)sizeof(data), FIRMWARE_PKG_DATA, AES256GCMb, AES256_WRAP,
  27022. dhSinglePass_stdDH_sha256kdf_scheme, eccCert, eccCertSz, eccPrivKey,
  27023. eccPrivKeySz, attribs, (sizeof(attribs) / sizeof(PKCS7Attrib)),
  27024. attribs, (sizeof(attribs) / sizeof(PKCS7Attrib)), NULL, 0, 0, 0,
  27025. NULL, 0, NULL, 0, NULL, NULL, 0, NULL, 0, 0, NULL, 0, NULL, 0, 0,
  27026. 0, 0, 0, 0, 0, 0,
  27027. "pkcs7authEnvelopedDataAES256GCM_ECDH_SHA256KDF_fw_bothAttribs.der"});
  27028. #endif /* NO_SHA256 && WOLFSSL_AES_256 */
  27029. #if defined(WOLFSSL_SHA512) && defined(WOLFSSL_AES_256)
  27030. ADD_PKCS7_TEST_VEC(
  27031. {data, (word32)sizeof(data), DATA, AES256GCMb, AES256_WRAP,
  27032. dhSinglePass_stdDH_sha512kdf_scheme, eccCert, eccCertSz, eccPrivKey,
  27033. eccPrivKeySz, NULL, 0, NULL, 0, NULL, 0, 0, 0, NULL, 0, NULL, 0, NULL,
  27034. NULL, 0, NULL, 0, 0, NULL, 0, NULL, 0, 0, 0, 0, 0, 0, 0, 0,
  27035. "pkcs7authEnvelopedDataAES256GCM_ECDH_SHA512KDF.der"});
  27036. /* with optional user keying material (ukm) */
  27037. ADD_PKCS7_TEST_VEC(
  27038. {data, (word32)sizeof(data), DATA, AES256GCMb, AES256_WRAP,
  27039. dhSinglePass_stdDH_sha512kdf_scheme, eccCert, eccCertSz, eccPrivKey,
  27040. eccPrivKeySz, NULL, 0, NULL, 0, (byte *)optionalUkm, sizeof(optionalUkm), 0,
  27041. 0, NULL, 0, NULL, 0, NULL, NULL, 0, NULL, 0, 0, NULL, 0, NULL, 0, 0,
  27042. 0, 0, 0, 0, 0, 0,
  27043. "pkcs7authEnvelopedDataAES256GCM_ECDH_SHA512KDF_ukm.der"});
  27044. #endif /* WOLFSSL_SHA512 && WOLFSSL_AES_256 */
  27045. #endif /* NO_AES */
  27046. #endif
  27047. /* kekri (KEKRecipientInfo) recipient types */
  27048. #if !defined(NO_AES) && defined(HAVE_AESGCM)
  27049. #if !defined(NO_SHA) && defined(WOLFSSL_AES_128)
  27050. ADD_PKCS7_TEST_VEC(
  27051. {data, (word32)sizeof(data), DATA, AES128GCMb, AES128_WRAP, 0,
  27052. NULL, 0, NULL, 0, NULL, 0, NULL, 0, NULL, 0, 0, 0,
  27053. (byte *)secretKey, sizeof(secretKey), (byte *)secretKeyId, sizeof(secretKeyId),
  27054. NULL, NULL, 0, NULL, 0, 0, NULL, 0, NULL, 0, 0, 0, 0, 0, 0, 0, 0,
  27055. "pkcs7authEnvelopedDataAES128GCM_KEKRI.der"});
  27056. #endif
  27057. #endif
  27058. /* pwri (PasswordRecipientInfo) recipient types */
  27059. #if !defined(NO_PWDBASED) && !defined(NO_AES) && defined(HAVE_AESGCM)
  27060. #if !defined(NO_SHA) && defined(WOLFSSL_AES_128)
  27061. ADD_PKCS7_TEST_VEC(
  27062. {data, (word32)sizeof(data), DATA, AES128GCMb, 0, 0,
  27063. NULL, 0, NULL, 0, NULL, 0, NULL, 0, NULL, 0, 0, 0, NULL, 0,
  27064. NULL, 0, NULL, NULL, 0, NULL, 0, 0, (char *)password,
  27065. (word32)XSTRLEN(password), (byte *)salt, sizeof(salt), PBKDF2_OID, WC_SHA, 5,
  27066. AES128CBCb, 0, 0, 0, "pkcs7authEnvelopedDataAES128GCM_PWRI.der"});
  27067. #endif
  27068. #endif
  27069. #if !defined(NO_AES) && defined(HAVE_AESGCM)
  27070. #ifdef WOLFSSL_AES_128
  27071. /* ori (OtherRecipientInfo) recipient types */
  27072. ADD_PKCS7_TEST_VEC(
  27073. {data, (word32)sizeof(data), DATA, AES128GCMb, 0, 0, NULL, 0, NULL, 0,
  27074. NULL, 0, NULL, 0, NULL, 0, 0, 0, NULL, 0, NULL, 0, NULL, NULL, 0,
  27075. NULL, 0, 0, NULL, 0, NULL, 0, 0, 0, 0, 0, 0, 1, 0,
  27076. "pkcs7authEnvelopedDataAES128GCM_ORI.der"});
  27077. #endif
  27078. #endif
  27079. }
  27080. enveloped = (byte *)XMALLOC(PKCS7_BUF_SIZE, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  27081. decoded = (byte *)XMALLOC(PKCS7_BUF_SIZE, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  27082. if ((! enveloped) || (! decoded)) {
  27083. ERROR_OUT(-12210, out);
  27084. }
  27085. /* generate senderNonce */
  27086. {
  27087. #ifndef HAVE_FIPS
  27088. ret = wc_InitRng_ex(&rng, HEAP_HINT, devId);
  27089. #else
  27090. ret = wc_InitRng(&rng);
  27091. #endif
  27092. if (ret != 0) {
  27093. ERROR_OUT(-12211, out);
  27094. }
  27095. senderNonce[0] = 0x04;
  27096. senderNonce[1] = PKCS7_NONCE_SZ;
  27097. ret = wc_RNG_GenerateBlock(&rng, &senderNonce[2], PKCS7_NONCE_SZ);
  27098. if (ret != 0) {
  27099. wc_FreeRng(&rng);
  27100. ERROR_OUT(-12212, out);
  27101. }
  27102. }
  27103. for (i = 0; i < testSz; i++) {
  27104. pkcs7 = wc_PKCS7_New(HEAP_HINT,
  27105. #ifdef WOLFSSL_ASYNC_CRYPT
  27106. INVALID_DEVID /* async PKCS7 is not supported */
  27107. #else
  27108. devId
  27109. #endif
  27110. );
  27111. if (pkcs7 == NULL) {
  27112. ERROR_OUT(-12213, out);
  27113. }
  27114. if (testVectors[i].secretKey != NULL) {
  27115. /* KEKRI recipient type */
  27116. ret = wc_PKCS7_Init(pkcs7, pkcs7->heap, pkcs7->devId);
  27117. if (ret != 0) {
  27118. ERROR_OUT(-12214, out);
  27119. }
  27120. pkcs7->content = (byte*)testVectors[i].content;
  27121. pkcs7->contentSz = testVectors[i].contentSz;
  27122. pkcs7->contentOID = testVectors[i].contentOID;
  27123. pkcs7->encryptOID = testVectors[i].encryptOID;
  27124. pkcs7->ukm = testVectors[i].optionalUkm;
  27125. pkcs7->ukmSz = testVectors[i].optionalUkmSz;
  27126. pkcs7->authAttribs = testVectors[i].authAttribs;
  27127. pkcs7->authAttribsSz = testVectors[i].authAttribsSz;
  27128. pkcs7->unauthAttribs = testVectors[i].unauthAttribs;
  27129. pkcs7->unauthAttribsSz = testVectors[i].unauthAttribsSz;
  27130. ret = wc_PKCS7_AddRecipient_KEKRI(pkcs7, testVectors[i].keyWrapOID,
  27131. testVectors[i].secretKey, testVectors[i].secretKeySz,
  27132. testVectors[i].secretKeyId, testVectors[i].secretKeyIdSz,
  27133. testVectors[i].timePtr, testVectors[i].otherAttrOID,
  27134. testVectors[i].otherAttrOIDSz, testVectors[i].otherAttr,
  27135. testVectors[i].otherAttrSz, testVectors[i].kekriOptions);
  27136. if (ret < 0) {
  27137. wc_PKCS7_Free(pkcs7);
  27138. ERROR_OUT(-12215, out);
  27139. }
  27140. /* set key, for decryption */
  27141. ret = wc_PKCS7_SetKey(pkcs7, testVectors[i].secretKey,
  27142. testVectors[i].secretKeySz);
  27143. if (ret != 0) {
  27144. wc_PKCS7_Free(pkcs7);
  27145. ERROR_OUT(-12216, out);
  27146. }
  27147. } else if (testVectors[i].password != NULL) {
  27148. #ifndef NO_PWDBASED
  27149. /* PWRI recipient type */
  27150. ret = wc_PKCS7_Init(pkcs7, pkcs7->heap, pkcs7->devId);
  27151. if (ret != 0) {
  27152. ERROR_OUT(-12217, out);
  27153. }
  27154. pkcs7->content = (byte*)testVectors[i].content;
  27155. pkcs7->contentSz = testVectors[i].contentSz;
  27156. pkcs7->contentOID = testVectors[i].contentOID;
  27157. pkcs7->encryptOID = testVectors[i].encryptOID;
  27158. pkcs7->ukm = testVectors[i].optionalUkm;
  27159. pkcs7->ukmSz = testVectors[i].optionalUkmSz;
  27160. pkcs7->authAttribs = testVectors[i].authAttribs;
  27161. pkcs7->authAttribsSz = testVectors[i].authAttribsSz;
  27162. pkcs7->unauthAttribs = testVectors[i].unauthAttribs;
  27163. pkcs7->unauthAttribsSz = testVectors[i].unauthAttribsSz;
  27164. ret = wc_PKCS7_AddRecipient_PWRI(pkcs7,
  27165. (byte*)testVectors[i].password,
  27166. testVectors[i].passwordSz, testVectors[i].salt,
  27167. testVectors[i].saltSz, testVectors[i].kdfOID,
  27168. testVectors[i].hashOID, testVectors[i].kdfIterations,
  27169. testVectors[i].kekEncryptOID, testVectors[i].pwriOptions);
  27170. if (ret < 0) {
  27171. wc_PKCS7_Free(pkcs7);
  27172. ERROR_OUT(-12218, out);
  27173. }
  27174. /* set password, for decryption */
  27175. ret = wc_PKCS7_SetPassword(pkcs7, (byte*)testVectors[i].password,
  27176. testVectors[i].passwordSz);
  27177. if (ret < 0) {
  27178. wc_PKCS7_Free(pkcs7);
  27179. ERROR_OUT(-12219, out);
  27180. }
  27181. #endif /* NO_PWDBASED */
  27182. } else if (testVectors[i].isOri == 1) {
  27183. /* ORI recipient type */
  27184. ret = wc_PKCS7_Init(pkcs7, pkcs7->heap, pkcs7->devId);
  27185. if (ret != 0) {
  27186. ERROR_OUT(-12220, out);
  27187. }
  27188. pkcs7->content = (byte*)testVectors[i].content;
  27189. pkcs7->contentSz = testVectors[i].contentSz;
  27190. pkcs7->contentOID = testVectors[i].contentOID;
  27191. pkcs7->encryptOID = testVectors[i].encryptOID;
  27192. pkcs7->authAttribs = testVectors[i].authAttribs;
  27193. pkcs7->authAttribsSz = testVectors[i].authAttribsSz;
  27194. pkcs7->unauthAttribs = testVectors[i].unauthAttribs;
  27195. pkcs7->unauthAttribsSz = testVectors[i].unauthAttribsSz;
  27196. ret = wc_PKCS7_AddRecipient_ORI(pkcs7, myOriEncryptCb,
  27197. testVectors[i].oriOptions);
  27198. if (ret < 0) {
  27199. wc_PKCS7_Free(pkcs7);
  27200. ERROR_OUT(-12221, out);
  27201. }
  27202. /* set decrypt callback for decryption */
  27203. ret = wc_PKCS7_SetOriDecryptCb(pkcs7, myOriDecryptCb);
  27204. if (ret < 0) {
  27205. wc_PKCS7_Free(pkcs7);
  27206. ERROR_OUT(-12222, out);
  27207. }
  27208. } else {
  27209. /* KTRI or KARI recipient types */
  27210. ret = wc_PKCS7_InitWithCert(pkcs7, testVectors[i].cert,
  27211. (word32)testVectors[i].certSz);
  27212. if (ret != 0) {
  27213. wc_PKCS7_Free(pkcs7);
  27214. ERROR_OUT(-12223, out);
  27215. }
  27216. pkcs7->keyWrapOID = testVectors[i].keyWrapOID;
  27217. pkcs7->keyAgreeOID = testVectors[i].keyAgreeOID;
  27218. pkcs7->privateKey = testVectors[i].privateKey;
  27219. pkcs7->privateKeySz = testVectors[i].privateKeySz;
  27220. pkcs7->content = (byte*)testVectors[i].content;
  27221. pkcs7->contentSz = testVectors[i].contentSz;
  27222. pkcs7->contentOID = testVectors[i].contentOID;
  27223. pkcs7->encryptOID = testVectors[i].encryptOID;
  27224. pkcs7->ukm = testVectors[i].optionalUkm;
  27225. pkcs7->ukmSz = testVectors[i].optionalUkmSz;
  27226. pkcs7->authAttribs = testVectors[i].authAttribs;
  27227. pkcs7->authAttribsSz = testVectors[i].authAttribsSz;
  27228. pkcs7->unauthAttribs = testVectors[i].unauthAttribs;
  27229. pkcs7->unauthAttribsSz = testVectors[i].unauthAttribsSz;
  27230. /* set SubjectIdentifier type for KTRI types */
  27231. if (testVectors[i].ktriOptions & CMS_SKID) {
  27232. ret = wc_PKCS7_SetSignerIdentifierType(pkcs7, CMS_SKID);
  27233. if (ret != 0) {
  27234. wc_PKCS7_Free(pkcs7);
  27235. ERROR_OUT(-12224, out);
  27236. }
  27237. } else if (testVectors[i].ktriOptions &
  27238. CMS_ISSUER_AND_SERIAL_NUMBER) {
  27239. ret = wc_PKCS7_SetSignerIdentifierType(pkcs7,
  27240. CMS_ISSUER_AND_SERIAL_NUMBER);
  27241. if (ret != 0) {
  27242. wc_PKCS7_Free(pkcs7);
  27243. ERROR_OUT(-12225, out);
  27244. }
  27245. }
  27246. }
  27247. #ifdef ECC_TIMING_RESISTANT
  27248. pkcs7->rng = &rng;
  27249. #endif
  27250. /* encode envelopedData */
  27251. envelopedSz = wc_PKCS7_EncodeAuthEnvelopedData(pkcs7, enveloped,
  27252. PKCS7_BUF_SIZE);
  27253. if (envelopedSz <= 0) {
  27254. wc_PKCS7_Free(pkcs7);
  27255. ERROR_OUT(-12226, out);
  27256. }
  27257. #ifndef NO_PKCS7_STREAM
  27258. { /* test reading byte by byte */
  27259. int z;
  27260. for (z = 0; z < envelopedSz; z++) {
  27261. decodedSz = wc_PKCS7_DecodeAuthEnvelopedData(pkcs7,
  27262. enveloped + z, 1, decoded, PKCS7_BUF_SIZE);
  27263. if (decodedSz <= 0 && decodedSz != WC_PKCS7_WANT_READ_E) {
  27264. printf("unexpected error %d\n", decodedSz);
  27265. ERROR_OUT(-12227, out);
  27266. }
  27267. }
  27268. /* test decode result */
  27269. if (XMEMCMP(decoded, data, sizeof(data)) != 0) {
  27270. printf("stream read compare failed\n");
  27271. wc_PKCS7_Free(pkcs7);
  27272. ERROR_OUT(-12228, out);
  27273. }
  27274. }
  27275. #endif
  27276. /* decode envelopedData */
  27277. decodedSz = wc_PKCS7_DecodeAuthEnvelopedData(pkcs7, enveloped,
  27278. envelopedSz, decoded,
  27279. PKCS7_BUF_SIZE);
  27280. if (decodedSz <= 0) {
  27281. wc_PKCS7_Free(pkcs7);
  27282. ERROR_OUT(-12229, out);
  27283. }
  27284. /* test decode result */
  27285. if (XMEMCMP(decoded, data, sizeof(data)) != 0){
  27286. wc_PKCS7_Free(pkcs7);
  27287. ERROR_OUT(-12230, out);
  27288. }
  27289. #ifdef PKCS7_OUTPUT_TEST_BUNDLES
  27290. /* output pkcs7 envelopedData for external testing */
  27291. pkcs7File = XFOPEN(testVectors[i].outFileName, "wb");
  27292. if (!pkcs7File) {
  27293. wc_PKCS7_Free(pkcs7);
  27294. ERROR_OUT(-12231, out);
  27295. }
  27296. ret = (int)XFWRITE(enveloped, 1, envelopedSz, pkcs7File);
  27297. XFCLOSE(pkcs7File);
  27298. if (ret != envelopedSz) {
  27299. wc_PKCS7_Free(pkcs7);
  27300. ERROR_OUT(-12232, out);
  27301. } else {
  27302. /* reset ret to 0 for success */
  27303. ret = 0;
  27304. }
  27305. #endif /* PKCS7_OUTPUT_TEST_BUNDLES */
  27306. wc_PKCS7_Free(pkcs7);
  27307. pkcs7 = NULL;
  27308. }
  27309. wc_FreeRng(&rng);
  27310. #if !defined(HAVE_ECC) || defined(NO_AES)
  27311. (void)eccCert;
  27312. (void)eccCertSz;
  27313. (void)eccPrivKey;
  27314. (void)eccPrivKeySz;
  27315. (void)secretKey;
  27316. (void)secretKeyId;
  27317. #endif
  27318. #ifdef NO_RSA
  27319. (void)rsaCert;
  27320. (void)rsaCertSz;
  27321. (void)rsaPrivKey;
  27322. (void)rsaPrivKeySz;
  27323. #endif
  27324. out:
  27325. if (testVectors)
  27326. XFREE(testVectors, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  27327. if (enveloped)
  27328. XFREE(enveloped, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  27329. if (decoded)
  27330. XFREE(decoded, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  27331. return ret;
  27332. }
  27333. WOLFSSL_TEST_SUBROUTINE int pkcs7authenveloped_test(void)
  27334. {
  27335. int ret = 0;
  27336. byte* rsaCert = NULL;
  27337. byte* rsaPrivKey = NULL;
  27338. word32 rsaCertSz = 0;
  27339. word32 rsaPrivKeySz = 0;
  27340. byte* eccCert = NULL;
  27341. byte* eccPrivKey = NULL;
  27342. word32 eccCertSz = 0;
  27343. word32 eccPrivKeySz = 0;
  27344. #ifndef NO_RSA
  27345. /* read client RSA cert and key in DER format */
  27346. rsaCert = (byte*)XMALLOC(FOURK_BUF, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  27347. if (rsaCert == NULL)
  27348. return -12300;
  27349. rsaPrivKey = (byte*)XMALLOC(FOURK_BUF, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  27350. if (rsaPrivKey == NULL) {
  27351. XFREE(rsaCert, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  27352. return -12301;
  27353. }
  27354. rsaCertSz = FOURK_BUF;
  27355. rsaPrivKeySz = FOURK_BUF;
  27356. #endif /* NO_RSA */
  27357. #ifdef HAVE_ECC
  27358. /* read client ECC cert and key in DER format */
  27359. eccCert = (byte*)XMALLOC(FOURK_BUF, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  27360. if (eccCert == NULL) {
  27361. #ifndef NO_RSA
  27362. XFREE(rsaCert, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  27363. XFREE(rsaPrivKey, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  27364. #endif
  27365. return -12302;
  27366. }
  27367. eccPrivKey =(byte*)XMALLOC(FOURK_BUF, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  27368. if (eccPrivKey == NULL) {
  27369. #ifndef NO_RSA
  27370. XFREE(rsaCert, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  27371. XFREE(rsaPrivKey, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  27372. #endif
  27373. XFREE(eccCert, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  27374. return -12303;
  27375. }
  27376. eccCertSz = FOURK_BUF;
  27377. eccPrivKeySz = FOURK_BUF;
  27378. #endif /* HAVE_ECC */
  27379. ret = pkcs7_load_certs_keys(rsaCert, &rsaCertSz, rsaPrivKey,
  27380. &rsaPrivKeySz, NULL, NULL, NULL, NULL,
  27381. NULL, NULL, NULL, NULL, eccCert, &eccCertSz,
  27382. eccPrivKey, &eccPrivKeySz);
  27383. if (ret < 0) {
  27384. #ifndef NO_RSA
  27385. XFREE(rsaCert, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  27386. XFREE(rsaPrivKey, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  27387. #endif
  27388. #ifdef HAVE_ECC
  27389. XFREE(eccCert, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  27390. XFREE(eccPrivKey, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  27391. #endif
  27392. return -12304;
  27393. }
  27394. ret = pkcs7authenveloped_run_vectors(rsaCert, (word32)rsaCertSz,
  27395. rsaPrivKey, (word32)rsaPrivKeySz,
  27396. eccCert, (word32)eccCertSz,
  27397. eccPrivKey, (word32)eccPrivKeySz);
  27398. #ifndef NO_RSA
  27399. XFREE(rsaCert, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  27400. XFREE(rsaPrivKey, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  27401. #endif
  27402. #ifdef HAVE_ECC
  27403. XFREE(eccCert, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  27404. XFREE(eccPrivKey, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  27405. #endif
  27406. return ret;
  27407. }
  27408. #endif /* HAVE_AESGCM || HAVE_AESCCM */
  27409. #ifndef NO_AES
  27410. static const byte p7DefKey[] = {
  27411. 0x01,0x02,0x03,0x04,0x05,0x06,0x07,0x08,
  27412. 0x01,0x02,0x03,0x04,0x05,0x06,0x07,0x08,
  27413. 0x01,0x02,0x03,0x04,0x05,0x06,0x07,0x08,
  27414. 0x01,0x02,0x03,0x04,0x05,0x06,0x07,0x08
  27415. };
  27416. static const byte p7AltKey[] = {
  27417. 0x01,0x02,0x03,0x04,0x05,0x06,0x07,0x08,
  27418. 0x01,0x02,0x03,0x04,0x05,0x06,0x07,0x08
  27419. };
  27420. static int myCEKwrapFunc(PKCS7* pkcs7, byte* cek, word32 cekSz, byte* keyId,
  27421. word32 keyIdSz, byte* orginKey, word32 orginKeySz,
  27422. byte* out, word32 outSz, int keyWrapAlgo, int type, int direction)
  27423. {
  27424. int ret;
  27425. if (cek == NULL || out == NULL)
  27426. return BAD_FUNC_ARG;
  27427. /* test case sanity checks */
  27428. if (keyIdSz != 1) {
  27429. return -12310;
  27430. }
  27431. if (keyId[0] != 0x00) {
  27432. return -12311;
  27433. }
  27434. if (type != (int)PKCS7_KEKRI) {
  27435. return -12312;
  27436. }
  27437. switch (keyWrapAlgo) {
  27438. case AES256_WRAP:
  27439. ret = wc_AesKeyUnWrap(p7DefKey, sizeof(p7DefKey), cek, cekSz,
  27440. out, outSz, NULL);
  27441. if (ret <= 0)
  27442. return ret;
  27443. break;
  27444. default:
  27445. WOLFSSL_MSG("Unsupported key wrap algorithm in example");
  27446. return BAD_KEYWRAP_ALG_E;
  27447. };
  27448. (void)pkcs7;
  27449. (void)direction;
  27450. (void)orginKey; /* used with KAKRI */
  27451. (void)orginKeySz;
  27452. return ret;
  27453. }
  27454. /* returns key size on success */
  27455. static int getFirmwareKey(PKCS7* pkcs7, byte* key, word32 keySz)
  27456. {
  27457. int ret;
  27458. word32 atrSz;
  27459. byte atr[256];
  27460. /* Additionally can look for fwWrappedFirmwareKey
  27461. * 1.2.840.113529.1.9.16.1.16 */
  27462. const unsigned char fwWrappedFirmwareKey[] = {
  27463. /* 0x06, 0x0B */
  27464. 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D,
  27465. 0x01, 0x09, 0x10, 0x02, 0x27
  27466. };
  27467. /* find keyID in fwWrappedFirmwareKey */
  27468. ret = wc_PKCS7_GetAttributeValue(pkcs7, fwWrappedFirmwareKey,
  27469. sizeof(fwWrappedFirmwareKey), NULL, &atrSz);
  27470. if (ret == LENGTH_ONLY_E) {
  27471. XMEMSET(atr, 0, sizeof(atr));
  27472. ret = wc_PKCS7_GetAttributeValue(pkcs7, fwWrappedFirmwareKey,
  27473. sizeof(fwWrappedFirmwareKey), atr, &atrSz);
  27474. /* keyIdRaw[0] OCTET TAG */
  27475. /* keyIdRaw[1] Length */
  27476. if (ret > 0) {
  27477. PKCS7* envPkcs7;
  27478. envPkcs7 = wc_PKCS7_New(NULL, 0);
  27479. if (envPkcs7 == NULL) {
  27480. return MEMORY_E;
  27481. }
  27482. wc_PKCS7_Init(envPkcs7, NULL, 0);
  27483. ret = wc_PKCS7_SetWrapCEKCb(envPkcs7, myCEKwrapFunc);
  27484. if (ret == 0) {
  27485. /* expecting FIRMWARE_PKG_DATA content */
  27486. envPkcs7->contentOID = FIRMWARE_PKG_DATA;
  27487. ret = wc_PKCS7_DecodeEnvelopedData(envPkcs7, atr, atrSz,
  27488. key, keySz);
  27489. }
  27490. wc_PKCS7_Free(envPkcs7);
  27491. }
  27492. }
  27493. return ret;
  27494. }
  27495. /* create a KEKRI enveloped data
  27496. * return size on success */
  27497. static int envelopedData_encrypt(byte* in, word32 inSz, byte* out,
  27498. word32 outSz)
  27499. {
  27500. int ret;
  27501. PKCS7* pkcs7;
  27502. WOLFSSL_SMALL_STACK_STATIC const byte keyId[] = { 0x00 };
  27503. pkcs7 = wc_PKCS7_New(NULL, INVALID_DEVID);
  27504. if (pkcs7 == NULL)
  27505. return -12330;
  27506. pkcs7->content = in;
  27507. pkcs7->contentSz = inSz;
  27508. pkcs7->contentOID = FIRMWARE_PKG_DATA;
  27509. pkcs7->encryptOID = AES256CBCb;
  27510. pkcs7->ukm = NULL;
  27511. pkcs7->ukmSz = 0;
  27512. /* add recipient (KEKRI type) */
  27513. ret = wc_PKCS7_AddRecipient_KEKRI(pkcs7, AES256_WRAP, (byte*)p7DefKey,
  27514. sizeof(p7DefKey), (byte*)keyId,
  27515. sizeof(keyId), NULL, NULL, 0, NULL, 0, 0);
  27516. if (ret < 0) {
  27517. printf("wc_PKCS7_AddRecipient_KEKRI() failed, ret = %d\n", ret);
  27518. wc_PKCS7_Free(pkcs7);
  27519. return -12331;
  27520. }
  27521. /* encode envelopedData, returns size */
  27522. ret = wc_PKCS7_EncodeEnvelopedData(pkcs7, out, outSz);
  27523. if (ret <= 0) {
  27524. printf("wc_PKCS7_EncodeEnvelopedData() failed, ret = %d\n", ret);
  27525. wc_PKCS7_Free(pkcs7);
  27526. return -12332;
  27527. }
  27528. wc_PKCS7_Free(pkcs7);
  27529. return ret;
  27530. }
  27531. /*
  27532. * keyHint is the KeyID to be set in the fwDecryptKeyID attribute
  27533. * returns size of buffer output on success
  27534. */
  27535. static int generateBundle(byte* out, word32 *outSz, const byte* encryptKey,
  27536. word32 encryptKeySz, byte keyHint, byte* cert, word32 certSz,
  27537. byte* key, word32 keySz)
  27538. {
  27539. int ret, attribNum = 1;
  27540. PKCS7* pkcs7;
  27541. /* KEY ID
  27542. * fwDecryptKeyID OID 1.2.840.113549.1.9.16.2.37
  27543. */
  27544. const unsigned char fwDecryptKeyID[] = {
  27545. 0x06, 0x0B,
  27546. 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D,
  27547. 0x01, 0x09, 0x10, 0x02, 0x25
  27548. };
  27549. /* fwWrappedFirmwareKey 1.2.840.113529.1.9.16.1.16 */
  27550. const unsigned char fwWrappedFirmwareKey[] = {
  27551. 0x06, 0x0B, 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D,
  27552. 0x01, 0x09, 0x10, 0x02, 0x27
  27553. };
  27554. byte keyID[] = { 0x04, 0x01, 0x00 };
  27555. byte env[256];
  27556. char data[] = "Test of wolfSSL PKCS7 decrypt callback";
  27557. PKCS7Attrib attribs[] =
  27558. {
  27559. { fwDecryptKeyID, sizeof(fwDecryptKeyID), keyID, sizeof(keyID) },
  27560. { fwWrappedFirmwareKey, sizeof(fwWrappedFirmwareKey), env, 0 }
  27561. };
  27562. keyID[2] = keyHint;
  27563. /* If using keyHint 0 then create a bundle with fwWrappedFirmwareKey */
  27564. if (keyHint == 0) {
  27565. ret = envelopedData_encrypt((byte*)p7DefKey, sizeof(p7DefKey), env,
  27566. sizeof(env));
  27567. if (ret <= 0) {
  27568. return ret;
  27569. }
  27570. attribs[1].valueSz = ret;
  27571. attribNum++;
  27572. }
  27573. /* init PKCS7 */
  27574. pkcs7 = wc_PKCS7_New(NULL, INVALID_DEVID);
  27575. if (pkcs7 == NULL)
  27576. return -12340;
  27577. ret = wc_PKCS7_InitWithCert(pkcs7, cert, certSz);
  27578. if (ret != 0) {
  27579. printf("ERROR: wc_PKCS7_InitWithCert() failed, ret = %d\n", ret);
  27580. wc_PKCS7_Free(pkcs7);
  27581. return -12341;
  27582. }
  27583. ret = wc_PKCS7_SetSignerIdentifierType(pkcs7, CMS_SKID);
  27584. if (ret != 0) {
  27585. wc_PKCS7_Free(pkcs7);
  27586. return -12342;
  27587. }
  27588. /* encode Signed Encrypted FirmwarePkgData */
  27589. if (encryptKeySz == 16) {
  27590. ret = wc_PKCS7_EncodeSignedEncryptedFPD(pkcs7, (byte*)encryptKey,
  27591. encryptKeySz, key, keySz, AES128CBCb, RSAk, SHA256h,
  27592. (byte*)data, sizeof(data), NULL, 0,
  27593. attribs, attribNum, out, *outSz);
  27594. }
  27595. else {
  27596. ret = wc_PKCS7_EncodeSignedEncryptedFPD(pkcs7, (byte*)encryptKey,
  27597. encryptKeySz, key, keySz, AES256CBCb, RSAk, SHA256h,
  27598. (byte*)data, sizeof(data), NULL, 0,
  27599. attribs, attribNum, out, *outSz);
  27600. }
  27601. if (ret <= 0) {
  27602. printf("ERROR: wc_PKCS7_EncodeSignedEncryptedFPD() failed, "
  27603. "ret = %d\n", ret);
  27604. wc_PKCS7_Free(pkcs7);
  27605. return -12343;
  27606. } else {
  27607. *outSz = ret;
  27608. }
  27609. wc_PKCS7_Free(pkcs7);
  27610. return ret;
  27611. }
  27612. /* test verification and decryption of PKCS7 bundle
  27613. * return 0 on success
  27614. */
  27615. static int verifyBundle(byte* derBuf, word32 derSz, int keyHint)
  27616. {
  27617. int ret = 0;
  27618. int usrCtx = 1; /* test value to pass as user context to callback */
  27619. PKCS7* pkcs7;
  27620. byte* sid;
  27621. word32 sidSz;
  27622. byte key[256];
  27623. word32 keySz = sizeof(key);
  27624. byte decoded[FOURK_BUF/2];
  27625. int decodedSz = FOURK_BUF/2;
  27626. WOLFSSL_SMALL_STACK_STATIC const byte expectedSid[] = {
  27627. 0x33, 0xD8, 0x45, 0x66, 0xD7, 0x68, 0x87, 0x18,
  27628. 0x7E, 0x54, 0x0D, 0x70, 0x27, 0x91, 0xC7, 0x26,
  27629. 0xD7, 0x85, 0x65, 0xC0
  27630. };
  27631. pkcs7 = wc_PKCS7_New(HEAP_HINT, INVALID_DEVID);
  27632. if (pkcs7 == NULL) {
  27633. return MEMORY_E;
  27634. }
  27635. /* Test verify */
  27636. ret = wc_PKCS7_Init(pkcs7, HEAP_HINT, INVALID_DEVID);
  27637. if (ret != 0) {
  27638. wc_PKCS7_Free(pkcs7);
  27639. return ret;
  27640. }
  27641. ret = wc_PKCS7_InitWithCert(pkcs7, NULL, 0);
  27642. if (ret != 0) {
  27643. wc_PKCS7_Free(pkcs7);
  27644. return ret;
  27645. }
  27646. ret = wc_PKCS7_VerifySignedData(pkcs7, derBuf, derSz);
  27647. if (ret != 0) {
  27648. wc_PKCS7_Free(pkcs7);
  27649. return ret;
  27650. }
  27651. /* Get size of SID and print it out */
  27652. ret = wc_PKCS7_GetSignerSID(pkcs7, NULL, &sidSz);
  27653. if (ret != LENGTH_ONLY_E) {
  27654. wc_PKCS7_Free(pkcs7);
  27655. return ret;
  27656. }
  27657. sid = (byte*)XMALLOC(sidSz, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  27658. if (sid == NULL) {
  27659. wc_PKCS7_Free(pkcs7);
  27660. return ret;
  27661. }
  27662. ret = wc_PKCS7_GetSignerSID(pkcs7, sid, &sidSz);
  27663. if (ret != 0) {
  27664. wc_PKCS7_Free(pkcs7);
  27665. XFREE(sid, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  27666. return ret;
  27667. }
  27668. ret = XMEMCMP(sid, expectedSid, sidSz);
  27669. XFREE(sid, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  27670. if (ret != 0) {
  27671. wc_PKCS7_Free(pkcs7);
  27672. return ret;
  27673. }
  27674. /* get expected fwWrappedFirmwareKey */
  27675. if (keyHint == 0) {
  27676. ret = getFirmwareKey(pkcs7, key, keySz);
  27677. if (ret < 0) {
  27678. wc_PKCS7_Free(pkcs7);
  27679. return ret;
  27680. }
  27681. pkcs7->encryptionKey = key;
  27682. pkcs7->encryptionKeySz = ret;
  27683. }
  27684. else {
  27685. decodedSz = PKCS7_BUF_SIZE;
  27686. ret = wc_PKCS7_SetDecodeEncryptedCb(pkcs7, myDecryptionFunc);
  27687. if (ret != 0) {
  27688. wc_PKCS7_Free(pkcs7);
  27689. return ret;
  27690. }
  27691. ret = wc_PKCS7_SetDecodeEncryptedCtx(pkcs7, (void*)&usrCtx);
  27692. if (ret != 0) {
  27693. wc_PKCS7_Free(pkcs7);
  27694. return ret;
  27695. }
  27696. }
  27697. decodedSz = wc_PKCS7_DecodeEncryptedData(pkcs7, pkcs7->content,
  27698. pkcs7->contentSz, decoded, decodedSz);
  27699. if (decodedSz < 0) {
  27700. ret = decodedSz;
  27701. wc_PKCS7_Free(pkcs7);
  27702. return ret;
  27703. }
  27704. wc_PKCS7_Free(pkcs7);
  27705. return 0;
  27706. }
  27707. WOLFSSL_TEST_SUBROUTINE int pkcs7callback_test(byte* cert, word32 certSz, byte* key, word32 keySz)
  27708. {
  27709. int ret = 0;
  27710. word32 derSz;
  27711. byte *derBuf = (byte *)XMALLOC(FOURK_BUF, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  27712. if (! derBuf)
  27713. ERROR_OUT(-12360, out);
  27714. /* Doing default generation and verify */
  27715. derSz = FOURK_BUF;
  27716. ret = generateBundle(derBuf, &derSz, p7DefKey, sizeof(p7DefKey), 0, cert,
  27717. certSz, key, keySz);
  27718. if (ret <= 0) {
  27719. ERROR_OUT(-12361, out);
  27720. }
  27721. ret = verifyBundle(derBuf, derSz, 0);
  27722. if (ret != 0) {
  27723. ERROR_OUT(-12362, out);
  27724. }
  27725. /* test choosing other key with keyID */
  27726. derSz = FOURK_BUF;
  27727. ret = generateBundle(derBuf, &derSz, p7AltKey, sizeof(p7AltKey), 1,
  27728. cert, certSz, key, keySz);
  27729. if (ret <= 0) {
  27730. ERROR_OUT(-12363, out);
  27731. }
  27732. ret = verifyBundle(derBuf, derSz, 1);
  27733. if (ret != 0) {
  27734. ERROR_OUT(-12364, out);
  27735. }
  27736. /* test fail case with wrong keyID */
  27737. derSz = FOURK_BUF;
  27738. ret = generateBundle(derBuf, &derSz, p7DefKey, sizeof(p7DefKey), 1,
  27739. cert, certSz, key, keySz);
  27740. if (ret <= 0) {
  27741. ERROR_OUT(-12365, out);
  27742. }
  27743. ret = verifyBundle(derBuf, derSz, 1);
  27744. if (ret == 0) {
  27745. ERROR_OUT(-12366, out);
  27746. }
  27747. ret = 0;
  27748. out:
  27749. if (derBuf)
  27750. XFREE(derBuf, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  27751. return ret;
  27752. }
  27753. #endif /* NO_AES */
  27754. #ifndef NO_PKCS7_ENCRYPTED_DATA
  27755. typedef struct {
  27756. const byte* content;
  27757. word32 contentSz;
  27758. int contentOID;
  27759. int encryptOID;
  27760. byte* encryptionKey;
  27761. word32 encryptionKeySz;
  27762. PKCS7Attrib* attribs;
  27763. word32 attribsSz;
  27764. const char* outFileName;
  27765. } pkcs7EncryptedVector;
  27766. WOLFSSL_TEST_SUBROUTINE int pkcs7encrypted_test(void)
  27767. {
  27768. int ret = 0;
  27769. int i, testSz;
  27770. int encryptedSz, decodedSz, attribIdx;
  27771. PKCS7* pkcs7;
  27772. byte *encrypted;
  27773. byte *decoded;
  27774. #ifdef PKCS7_OUTPUT_TEST_BUNDLES
  27775. XFILE pkcs7File;
  27776. #endif
  27777. PKCS7Attrib* expectedAttrib;
  27778. PKCS7DecodedAttrib* decodedAttrib;
  27779. WOLFSSL_SMALL_STACK_STATIC const byte data[] = { /* Hello World */
  27780. 0x48,0x65,0x6c,0x6c,0x6f,0x20,0x57,0x6f,
  27781. 0x72,0x6c,0x64
  27782. };
  27783. #ifndef NO_DES3
  27784. byte desKey[] = {
  27785. 0x01,0x23,0x45,0x67,0x89,0xab,0xcd,0xef
  27786. };
  27787. byte des3Key[] = {
  27788. 0x01,0x23,0x45,0x67,0x89,0xab,0xcd,0xef,
  27789. 0xfe,0xde,0xba,0x98,0x76,0x54,0x32,0x10,
  27790. 0x89,0xab,0xcd,0xef,0x01,0x23,0x45,0x67
  27791. };
  27792. #endif
  27793. #ifndef NO_AES
  27794. #ifdef WOLFSSL_AES_128
  27795. byte aes128Key[] = {
  27796. 0x01,0x02,0x03,0x04,0x05,0x06,0x07,0x08,
  27797. 0x01,0x02,0x03,0x04,0x05,0x06,0x07,0x08
  27798. };
  27799. #endif
  27800. #ifdef WOLFSSL_AES_192
  27801. byte aes192Key[] = {
  27802. 0x01,0x02,0x03,0x04,0x05,0x06,0x07,0x08,
  27803. 0x01,0x02,0x03,0x04,0x05,0x06,0x07,0x08,
  27804. 0x01,0x02,0x03,0x04,0x05,0x06,0x07,0x08
  27805. };
  27806. #endif
  27807. #ifdef WOLFSSL_AES_256
  27808. byte aes256Key[] = {
  27809. 0x01,0x02,0x03,0x04,0x05,0x06,0x07,0x08,
  27810. 0x01,0x02,0x03,0x04,0x05,0x06,0x07,0x08,
  27811. 0x01,0x02,0x03,0x04,0x05,0x06,0x07,0x08,
  27812. 0x01,0x02,0x03,0x04,0x05,0x06,0x07,0x08
  27813. };
  27814. #endif
  27815. #ifdef WOLFSSL_AES_256
  27816. /* Attribute example from RFC 4134, Section 7.2
  27817. * OID = 1.2.5555
  27818. * OCTET STRING = 'This is a test General ASN Attribute, number 1.' */
  27819. static byte genAttrOid[] = { 0x06, 0x03, 0x2a, 0xab, 0x33 };
  27820. static byte genAttr[] = { 0x04, 47,
  27821. 0x54, 0x68, 0x69, 0x73, 0x20, 0x69, 0x73, 0x20,
  27822. 0x61, 0x20, 0x74, 0x65, 0x73, 0x74, 0x20, 0x47,
  27823. 0x65, 0x6e, 0x65, 0x72, 0x61, 0x6c, 0x20, 0x41,
  27824. 0x53, 0x4e, 0x20, 0x41, 0x74, 0x74, 0x72, 0x69,
  27825. 0x62, 0x75, 0x74, 0x65, 0x2c, 0x20, 0x6e, 0x75,
  27826. 0x6d, 0x62, 0x65, 0x72, 0x20, 0x31, 0x2e };
  27827. static byte genAttrOid2[] = { 0x06, 0x03, 0x2a, 0xab, 0x34 };
  27828. static byte genAttr2[] = { 0x04, 47,
  27829. 0x54, 0x68, 0x69, 0x73, 0x20, 0x69, 0x73, 0x20,
  27830. 0x61, 0x20, 0x74, 0x65, 0x73, 0x74, 0x20, 0x47,
  27831. 0x65, 0x6e, 0x65, 0x72, 0x61, 0x6c, 0x20, 0x41,
  27832. 0x53, 0x4e, 0x20, 0x41, 0x74, 0x74, 0x72, 0x69,
  27833. 0x62, 0x75, 0x74, 0x65, 0x2c, 0x20, 0x6e, 0x75,
  27834. 0x6d, 0x62, 0x65, 0x72, 0x20, 0x32, 0x2e };
  27835. PKCS7Attrib attribs[] =
  27836. {
  27837. { genAttrOid, sizeof(genAttrOid), genAttr, sizeof(genAttr) }
  27838. };
  27839. PKCS7Attrib multiAttribs[] =
  27840. {
  27841. { genAttrOid, sizeof(genAttrOid), genAttr, sizeof(genAttr) },
  27842. { genAttrOid2, sizeof(genAttrOid2), genAttr2, sizeof(genAttr2) }
  27843. };
  27844. #endif
  27845. #endif /* NO_AES */
  27846. const pkcs7EncryptedVector testVectors[] =
  27847. {
  27848. #ifndef NO_DES3
  27849. {data, (word32)sizeof(data), DATA, DES3b, des3Key, sizeof(des3Key),
  27850. NULL, 0, "pkcs7encryptedDataDES3.der"},
  27851. {data, (word32)sizeof(data), DATA, DESb, desKey, sizeof(desKey),
  27852. NULL, 0, "pkcs7encryptedDataDES.der"},
  27853. #endif /* NO_DES3 */
  27854. #ifndef NO_AES
  27855. #ifdef WOLFSSL_AES_128
  27856. {data, (word32)sizeof(data), DATA, AES128CBCb, aes128Key,
  27857. sizeof(aes128Key), NULL, 0, "pkcs7encryptedDataAES128CBC.der"},
  27858. #endif
  27859. #ifdef WOLFSSL_AES_192
  27860. {data, (word32)sizeof(data), DATA, AES192CBCb, aes192Key,
  27861. sizeof(aes192Key), NULL, 0, "pkcs7encryptedDataAES192CBC.der"},
  27862. #endif
  27863. #ifdef WOLFSSL_AES_256
  27864. {data, (word32)sizeof(data), DATA, AES256CBCb, aes256Key,
  27865. sizeof(aes256Key), NULL, 0, "pkcs7encryptedDataAES256CBC.der"},
  27866. /* test with optional unprotected attributes */
  27867. {data, (word32)sizeof(data), DATA, AES256CBCb, aes256Key,
  27868. sizeof(aes256Key), attribs, (sizeof(attribs)/sizeof(PKCS7Attrib)),
  27869. "pkcs7encryptedDataAES256CBC_attribs.der"},
  27870. /* test with multiple optional unprotected attributes */
  27871. {data, (word32)sizeof(data), DATA, AES256CBCb, aes256Key,
  27872. sizeof(aes256Key), multiAttribs,
  27873. (sizeof(multiAttribs)/sizeof(PKCS7Attrib)),
  27874. "pkcs7encryptedDataAES256CBC_multi_attribs.der"},
  27875. /* test with contentType set to FirmwarePkgData */
  27876. {data, (word32)sizeof(data), FIRMWARE_PKG_DATA, AES256CBCb, aes256Key,
  27877. sizeof(aes256Key), NULL, 0,
  27878. "pkcs7encryptedDataAES256CBC_firmwarePkgData.der"},
  27879. #endif
  27880. #endif /* NO_AES */
  27881. };
  27882. encrypted = (byte *)XMALLOC(PKCS7_BUF_SIZE, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  27883. decoded = (byte *)XMALLOC(PKCS7_BUF_SIZE, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  27884. if ((! encrypted) || (! decoded)) {
  27885. ERROR_OUT(MEMORY_E, out);
  27886. }
  27887. testSz = sizeof(testVectors) / sizeof(pkcs7EncryptedVector);
  27888. for (i = 0; i < testSz; i++) {
  27889. pkcs7 = wc_PKCS7_New(HEAP_HINT, devId);
  27890. if (pkcs7 == NULL) {
  27891. ERROR_OUT(-12400, out);
  27892. }
  27893. pkcs7->content = (byte*)testVectors[i].content;
  27894. pkcs7->contentSz = testVectors[i].contentSz;
  27895. pkcs7->contentOID = testVectors[i].contentOID;
  27896. pkcs7->encryptOID = testVectors[i].encryptOID;
  27897. pkcs7->encryptionKey = testVectors[i].encryptionKey;
  27898. pkcs7->encryptionKeySz = testVectors[i].encryptionKeySz;
  27899. pkcs7->unprotectedAttribs = testVectors[i].attribs;
  27900. pkcs7->unprotectedAttribsSz = testVectors[i].attribsSz;
  27901. /* encode encryptedData */
  27902. encryptedSz = wc_PKCS7_EncodeEncryptedData(pkcs7, encrypted,
  27903. PKCS7_BUF_SIZE);
  27904. if (encryptedSz <= 0) {
  27905. wc_PKCS7_Free(pkcs7);
  27906. ERROR_OUT(-12401, out);
  27907. }
  27908. /* decode encryptedData */
  27909. #ifndef NO_PKCS7_STREAM
  27910. { /* test reading byte by byte */
  27911. int z;
  27912. for (z = 0; z < encryptedSz; z++) {
  27913. decodedSz = wc_PKCS7_DecodeEncryptedData(pkcs7, encrypted + z, 1,
  27914. decoded, PKCS7_BUF_SIZE);
  27915. if (decodedSz <= 0 && decodedSz != WC_PKCS7_WANT_READ_E) {
  27916. printf("unexpected error %d\n", decodedSz);
  27917. ERROR_OUT(-12402, out);
  27918. }
  27919. }
  27920. /* test decode result */
  27921. if (XMEMCMP(decoded, data, sizeof(data)) != 0) {
  27922. printf("stream read failed\n");
  27923. wc_PKCS7_Free(pkcs7);
  27924. ERROR_OUT(-12403, out);
  27925. }
  27926. }
  27927. #endif
  27928. decodedSz = wc_PKCS7_DecodeEncryptedData(pkcs7, encrypted, encryptedSz,
  27929. decoded, PKCS7_BUF_SIZE);
  27930. if (decodedSz <= 0){
  27931. wc_PKCS7_Free(pkcs7);
  27932. ERROR_OUT(-12404, out);
  27933. }
  27934. /* test decode result */
  27935. if (XMEMCMP(decoded, data, sizeof(data)) != 0) {
  27936. wc_PKCS7_Free(pkcs7);
  27937. ERROR_OUT(-12405, out);
  27938. }
  27939. /* verify decoded unprotected attributes */
  27940. if (pkcs7->decodedAttrib != NULL) {
  27941. decodedAttrib = pkcs7->decodedAttrib;
  27942. attribIdx = 1;
  27943. while (decodedAttrib != NULL) {
  27944. /* expected attribute, stored list is reversed */
  27945. expectedAttrib = &(pkcs7->unprotectedAttribs
  27946. [pkcs7->unprotectedAttribsSz - attribIdx]);
  27947. /* verify oid */
  27948. if (XMEMCMP(decodedAttrib->oid, expectedAttrib->oid,
  27949. decodedAttrib->oidSz) != 0) {
  27950. wc_PKCS7_Free(pkcs7);
  27951. ERROR_OUT(-12406, out);
  27952. }
  27953. /* verify value */
  27954. if (XMEMCMP(decodedAttrib->value, expectedAttrib->value,
  27955. decodedAttrib->valueSz) != 0) {
  27956. wc_PKCS7_Free(pkcs7);
  27957. ERROR_OUT(-12407, out);
  27958. }
  27959. decodedAttrib = decodedAttrib->next;
  27960. attribIdx++;
  27961. }
  27962. }
  27963. #ifdef PKCS7_OUTPUT_TEST_BUNDLES
  27964. /* output pkcs7 envelopedData for external testing */
  27965. pkcs7File = XFOPEN(testVectors[i].outFileName, "wb");
  27966. if (!pkcs7File) {
  27967. wc_PKCS7_Free(pkcs7);
  27968. ERROR_OUT(-12408, out);
  27969. }
  27970. ret = (int)XFWRITE(encrypted, encryptedSz, 1, pkcs7File);
  27971. XFCLOSE(pkcs7File);
  27972. if (ret > 0)
  27973. ret = 0;
  27974. #endif
  27975. wc_PKCS7_Free(pkcs7);
  27976. }
  27977. out:
  27978. if (encrypted)
  27979. XFREE(encrypted, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  27980. if (decoded)
  27981. XFREE(decoded, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  27982. return ret;
  27983. }
  27984. #endif /* NO_PKCS7_ENCRYPTED_DATA */
  27985. #if defined(HAVE_LIBZ) && !defined(NO_PKCS7_COMPRESSED_DATA)
  27986. typedef struct {
  27987. const byte* content;
  27988. word32 contentSz;
  27989. int contentOID;
  27990. const char* outFileName;
  27991. } pkcs7CompressedVector;
  27992. WOLFSSL_TEST_SUBROUTINE int pkcs7compressed_test(void)
  27993. {
  27994. int ret = 0;
  27995. int i, testSz;
  27996. int compressedSz, decodedSz;
  27997. PKCS7* pkcs7;
  27998. #ifdef WOLFSSL_SMALL_STACK
  27999. byte *compressed;
  28000. byte *decoded;
  28001. #else
  28002. byte compressed[PKCS7_BUF_SIZE];
  28003. byte decoded[PKCS7_BUF_SIZE];
  28004. #endif
  28005. #ifdef PKCS7_OUTPUT_TEST_BUNDLES
  28006. XFILE pkcs7File;
  28007. #endif
  28008. WOLFSSL_SMALL_STACK_STATIC const byte data[] = { /* Hello World */
  28009. 0x48,0x65,0x6c,0x6c,0x6f,0x20,0x57,0x6f,
  28010. 0x72,0x6c,0x64
  28011. };
  28012. const pkcs7CompressedVector testVectors[] =
  28013. {
  28014. {data, (word32)sizeof(data), DATA,
  28015. "pkcs7compressedData_data_zlib.der"},
  28016. {data, (word32)sizeof(data), FIRMWARE_PKG_DATA,
  28017. "pkcs7compressedData_firmwarePkgData_zlib.der"},
  28018. };
  28019. #ifdef WOLFSSL_SMALL_STACK
  28020. compressed = (byte *)XMALLOC(PKCS7_BUF_SIZE, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  28021. decoded = (byte *)XMALLOC(PKCS7_BUF_SIZE, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  28022. if ((! compressed) || (! decoded)) {
  28023. ERROR_OUT(MEMORY_E, out);
  28024. }
  28025. #endif
  28026. testSz = sizeof(testVectors) / sizeof(pkcs7CompressedVector);
  28027. for (i = 0; i < testSz; i++) {
  28028. pkcs7 = wc_PKCS7_New(HEAP_HINT, devId);
  28029. if (pkcs7 == NULL) {
  28030. ERROR_OUT(-12500, out);
  28031. }
  28032. pkcs7->content = (byte*)testVectors[i].content;
  28033. pkcs7->contentSz = testVectors[i].contentSz;
  28034. pkcs7->contentOID = testVectors[i].contentOID;
  28035. /* encode compressedData */
  28036. compressedSz = wc_PKCS7_EncodeCompressedData(pkcs7, compressed,
  28037. PKCS7_BUF_SIZE);
  28038. if (compressedSz <= 0) {
  28039. wc_PKCS7_Free(pkcs7);
  28040. ERROR_OUT(-12501, out);
  28041. }
  28042. /* decode compressedData */
  28043. decodedSz = wc_PKCS7_DecodeCompressedData(pkcs7, compressed,
  28044. compressedSz, decoded,
  28045. PKCS7_BUF_SIZE);
  28046. if (decodedSz <= 0){
  28047. wc_PKCS7_Free(pkcs7);
  28048. ERROR_OUT(-12502, out);
  28049. }
  28050. /* test decode result */
  28051. if (XMEMCMP(decoded, testVectors[i].content,
  28052. testVectors[i].contentSz) != 0) {
  28053. wc_PKCS7_Free(pkcs7);
  28054. ERROR_OUT(-12503, out);
  28055. }
  28056. /* make sure content type is the same */
  28057. if (testVectors[i].contentOID != pkcs7->contentOID) {
  28058. ERROR_OUT(-12504, out);
  28059. }
  28060. #ifdef PKCS7_OUTPUT_TEST_BUNDLES
  28061. /* output pkcs7 compressedData for external testing */
  28062. pkcs7File = XFOPEN(testVectors[i].outFileName, "wb");
  28063. if (!pkcs7File) {
  28064. wc_PKCS7_Free(pkcs7);
  28065. ERROR_OUT(-12505, out);
  28066. }
  28067. ret = (int)XFWRITE(compressed, compressedSz, 1, pkcs7File);
  28068. XFCLOSE(pkcs7File);
  28069. if (ret > 0)
  28070. ret = 0;
  28071. #endif
  28072. wc_PKCS7_Free(pkcs7);
  28073. }
  28074. out:
  28075. #ifdef WOLFSSL_SMALL_STACK
  28076. if (compressed)
  28077. XFREE(compressed, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  28078. if (decoded)
  28079. XFREE(decoded, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  28080. #endif
  28081. return ret;
  28082. } /* pkcs7compressed_test() */
  28083. #undef PKCS7_BUF_SIZE
  28084. #endif /* HAVE_LIBZ */
  28085. typedef struct {
  28086. const byte* content;
  28087. word32 contentSz;
  28088. int hashOID;
  28089. int signOID;
  28090. byte* privateKey;
  28091. word32 privateKeySz;
  28092. byte* cert;
  28093. size_t certSz;
  28094. byte* caCert;
  28095. size_t caCertSz;
  28096. PKCS7Attrib* signedAttribs;
  28097. word32 signedAttribsSz;
  28098. const char* outFileName;
  28099. int contentOID;
  28100. byte* contentType;
  28101. word32 contentTypeSz;
  28102. int sidType;
  28103. int encryptOID; /* for single-shot encrypt alg OID */
  28104. int encCompFlag; /* for single-shot. 1 = enc, 2 = comp, 3 = both*/
  28105. byte* encryptKey; /* for single-shot, encryptedData */
  28106. word32 encryptKeySz; /* for single-shot, encryptedData */
  28107. PKCS7Attrib* unprotectedAttribs; /* for single-shot, encryptedData */
  28108. word32 unprotectedAttribsSz; /* for single-shot, encryptedData */
  28109. word16 detachedSignature; /* generate detached signature (0:1) */
  28110. } pkcs7SignedVector;
  28111. static int pkcs7signed_run_vectors(
  28112. byte* rsaClientCertBuf, word32 rsaClientCertBufSz,
  28113. byte* rsaClientPrivKeyBuf, word32 rsaClientPrivKeyBufSz,
  28114. byte* rsaServerCertBuf, word32 rsaServerCertBufSz,
  28115. byte* rsaServerPrivKeyBuf, word32 rsaServerPrivKeyBufSz,
  28116. byte* rsaCaCertBuf, word32 rsaCaCertBufSz,
  28117. byte* rsaCaPrivKeyBuf, word32 rsaCaPrivKeyBufSz,
  28118. byte* eccClientCertBuf, word32 eccClientCertBufSz,
  28119. byte* eccClientPrivKeyBuf, word32 eccClientPrivKeyBufSz)
  28120. {
  28121. int ret, testSz, i;
  28122. int encodedSz;
  28123. byte* out;
  28124. word32 outSz;
  28125. WC_RNG rng;
  28126. PKCS7* pkcs7;
  28127. #ifdef PKCS7_OUTPUT_TEST_BUNDLES
  28128. XFILE file;
  28129. #endif
  28130. WOLFSSL_SMALL_STACK_STATIC const byte data[] = { /* Hello World */
  28131. 0x48,0x65,0x6c,0x6c,0x6f,0x20,0x57,0x6f,
  28132. 0x72,0x6c,0x64
  28133. };
  28134. static byte transIdOid[] =
  28135. { 0x06, 0x0a, 0x60, 0x86, 0x48, 0x01, 0x86, 0xF8, 0x45, 0x01,
  28136. 0x09, 0x07 };
  28137. static byte messageTypeOid[] =
  28138. { 0x06, 0x0a, 0x60, 0x86, 0x48, 0x01, 0x86, 0xF8, 0x45, 0x01,
  28139. 0x09, 0x02 };
  28140. static byte senderNonceOid[] =
  28141. { 0x06, 0x0a, 0x60, 0x86, 0x48, 0x01, 0x86, 0xF8, 0x45, 0x01,
  28142. 0x09, 0x05 };
  28143. #ifndef NO_SHA
  28144. static byte transId[(WC_SHA_DIGEST_SIZE + 1) * 2 + 1];
  28145. #else
  28146. static byte transId[(WC_SHA256_DIGEST_SIZE + 1) * 2 + 1];
  28147. #endif
  28148. static byte messageType[] = { 0x13, 2, '1', '9' };
  28149. static byte senderNonce[PKCS7_NONCE_SZ + 2];
  28150. static PKCS7Attrib attribs[] =
  28151. {
  28152. { transIdOid, sizeof(transIdOid), transId,
  28153. sizeof(transId) - 1 }, /* take off the null */
  28154. { messageTypeOid, sizeof(messageTypeOid), messageType,
  28155. sizeof(messageType) },
  28156. { senderNonceOid, sizeof(senderNonceOid), senderNonce,
  28157. sizeof(senderNonce) }
  28158. };
  28159. /* for testing custom contentType, FirmwarePkgData */
  28160. static byte customContentType[] = { 0x06, 0x0B, 0x2A, 0x86,
  28161. 0x48, 0x86, 0xF7, 0x0D,
  28162. 0x01, 0x09, 0x10, 0x01, 0x10 };
  28163. const pkcs7SignedVector testVectors[] =
  28164. {
  28165. #ifndef NO_RSA
  28166. #ifndef NO_SHA
  28167. /* RSA with SHA */
  28168. {data, (word32)sizeof(data), SHAh, RSAk, rsaClientPrivKeyBuf,
  28169. rsaClientPrivKeyBufSz, rsaClientCertBuf, rsaClientCertBufSz, NULL, 0,
  28170. attribs, (sizeof(attribs)/sizeof(PKCS7Attrib)),
  28171. "pkcs7signedData_RSA_SHA.der", 0, NULL, 0, 0, 0, 0, NULL, 0, NULL,
  28172. 0, 0},
  28173. /* RSA with SHA, no signed attributes */
  28174. {data, (word32)sizeof(data), SHAh, RSAk, rsaClientPrivKeyBuf,
  28175. rsaClientPrivKeyBufSz, rsaClientCertBuf, rsaClientCertBufSz,
  28176. NULL, 0, NULL, 0,
  28177. "pkcs7signedData_RSA_SHA_noattr.der", 0, NULL, 0, 0, 0, 0, NULL, 0,
  28178. NULL, 0, 0},
  28179. #endif
  28180. #ifdef WOLFSSL_SHA224
  28181. /* RSA with SHA224 */
  28182. {data, (word32)sizeof(data), SHA224h, RSAk, rsaClientPrivKeyBuf,
  28183. rsaClientPrivKeyBufSz, rsaClientCertBuf, rsaClientCertBufSz, NULL, 0,
  28184. attribs, (sizeof(attribs)/sizeof(PKCS7Attrib)),
  28185. "pkcs7signedData_RSA_SHA224.der", 0, NULL, 0, 0, 0, 0, NULL, 0,
  28186. NULL, 0, 0},
  28187. #endif
  28188. #ifndef NO_SHA256
  28189. /* RSA with SHA256 */
  28190. {data, (word32)sizeof(data), SHA256h, RSAk, rsaClientPrivKeyBuf,
  28191. rsaClientPrivKeyBufSz, rsaClientCertBuf, rsaClientCertBufSz, NULL, 0,
  28192. attribs, (sizeof(attribs)/sizeof(PKCS7Attrib)),
  28193. "pkcs7signedData_RSA_SHA256.der", 0, NULL, 0, 0, 0, 0, NULL, 0,
  28194. NULL, 0, 0},
  28195. /* RSA with SHA256, detached signature */
  28196. {data, (word32)sizeof(data), SHA256h, RSAk, rsaClientPrivKeyBuf,
  28197. rsaClientPrivKeyBufSz, rsaClientCertBuf, rsaClientCertBufSz, NULL, 0,
  28198. attribs, (sizeof(attribs)/sizeof(PKCS7Attrib)),
  28199. "pkcs7signedData_RSA_SHA256_detachedSig.der", 0, NULL, 0, 0, 0, 0,
  28200. NULL, 0, NULL, 0, 1},
  28201. /* RSA with SHA256 and SubjectKeyIdentifier in SignerIdentifier */
  28202. {data, (word32)sizeof(data), SHA256h, RSAk, rsaClientPrivKeyBuf,
  28203. rsaClientPrivKeyBufSz, rsaClientCertBuf, rsaClientCertBufSz, NULL, 0,
  28204. attribs, (sizeof(attribs)/sizeof(PKCS7Attrib)),
  28205. "pkcs7signedData_RSA_SHA256_SKID.der", 0, NULL, 0, CMS_SKID, 0, 0,
  28206. NULL, 0, NULL, 0, 0},
  28207. /* RSA with SHA256 and custom contentType */
  28208. {data, (word32)sizeof(data), SHA256h, RSAk, rsaClientPrivKeyBuf,
  28209. rsaClientPrivKeyBufSz, rsaClientCertBuf, rsaClientCertBufSz, NULL, 0,
  28210. attribs, (sizeof(attribs)/sizeof(PKCS7Attrib)),
  28211. "pkcs7signedData_RSA_SHA256_custom_contentType.der", 0,
  28212. customContentType, sizeof(customContentType), 0, 0, 0, NULL, 0,
  28213. NULL, 0, 0},
  28214. /* RSA with SHA256 and FirmwarePkgData contentType */
  28215. {data, (word32)sizeof(data), SHA256h, RSAk, rsaClientPrivKeyBuf,
  28216. rsaClientPrivKeyBufSz, rsaClientCertBuf, rsaClientCertBufSz, NULL, 0,
  28217. attribs, (sizeof(attribs)/sizeof(PKCS7Attrib)),
  28218. "pkcs7signedData_RSA_SHA256_firmwarePkgData.der",
  28219. FIRMWARE_PKG_DATA, NULL, 0, 0, 0, 0, NULL, 0, NULL, 0, 0},
  28220. /* RSA with SHA256 using server cert and ca cert */
  28221. {data, (word32)sizeof(data), SHA256h, RSAk, rsaServerPrivKeyBuf,
  28222. rsaServerPrivKeyBufSz, rsaServerCertBuf, rsaServerCertBufSz,
  28223. rsaCaCertBuf, rsaCaCertBufSz,
  28224. attribs, (sizeof(attribs)/sizeof(PKCS7Attrib)),
  28225. "pkcs7signedData_RSA_SHA256_with_ca_cert.der", 0, NULL, 0, 0, 0, 0,
  28226. NULL, 0, NULL, 0, 0},
  28227. #endif
  28228. #if defined(WOLFSSL_SHA384)
  28229. /* RSA with SHA384 */
  28230. {data, (word32)sizeof(data), SHA384h, RSAk, rsaClientPrivKeyBuf,
  28231. rsaClientPrivKeyBufSz, rsaClientCertBuf, rsaClientCertBufSz, NULL, 0,
  28232. attribs, (sizeof(attribs)/sizeof(PKCS7Attrib)),
  28233. "pkcs7signedData_RSA_SHA384.der", 0, NULL, 0, 0, 0, 0, NULL, 0,
  28234. NULL, 0, 0},
  28235. #endif
  28236. #if defined(WOLFSSL_SHA512)
  28237. /* RSA with SHA512 */
  28238. {data, (word32)sizeof(data), SHA512h, RSAk, rsaClientPrivKeyBuf,
  28239. rsaClientPrivKeyBufSz, rsaClientCertBuf, rsaClientCertBufSz, NULL, 0,
  28240. attribs, (sizeof(attribs)/sizeof(PKCS7Attrib)),
  28241. "pkcs7signedData_RSA_SHA512.der", 0, NULL, 0, 0, 0, 0, NULL, 0,
  28242. NULL, 0, 0},
  28243. #endif
  28244. #endif /* NO_RSA */
  28245. #ifdef HAVE_ECC
  28246. #ifndef NO_SHA
  28247. /* ECDSA with SHA */
  28248. {data, (word32)sizeof(data), SHAh, ECDSAk, eccClientPrivKeyBuf,
  28249. eccClientPrivKeyBufSz, eccClientCertBuf, eccClientCertBufSz, NULL, 0,
  28250. attribs, (sizeof(attribs)/sizeof(PKCS7Attrib)),
  28251. "pkcs7signedData_ECDSA_SHA.der", 0, NULL, 0, 0, 0, 0, NULL, 0,
  28252. NULL, 0, 0},
  28253. /* ECDSA with SHA, no signed attributes */
  28254. {data, (word32)sizeof(data), SHAh, ECDSAk, eccClientPrivKeyBuf,
  28255. eccClientPrivKeyBufSz, eccClientCertBuf, eccClientCertBufSz,
  28256. NULL, 0, NULL, 0,
  28257. "pkcs7signedData_ECDSA_SHA_noattr.der", 0, NULL, 0, 0, 0, 0, NULL, 0,
  28258. NULL, 0, 0},
  28259. #endif
  28260. #ifdef WOLFSSL_SHA224
  28261. /* ECDSA with SHA224 */
  28262. {data, (word32)sizeof(data), SHA224h, ECDSAk, eccClientPrivKeyBuf,
  28263. eccClientPrivKeyBufSz, eccClientCertBuf, eccClientCertBufSz, NULL, 0,
  28264. attribs, (sizeof(attribs)/sizeof(PKCS7Attrib)),
  28265. "pkcs7signedData_ECDSA_SHA224.der", 0, NULL, 0, 0, 0, 0, NULL, 0,
  28266. NULL, 0, 0},
  28267. #endif
  28268. #ifndef NO_SHA256
  28269. /* ECDSA with SHA256 */
  28270. {data, (word32)sizeof(data), SHA256h, ECDSAk, eccClientPrivKeyBuf,
  28271. eccClientPrivKeyBufSz, eccClientCertBuf, eccClientCertBufSz, NULL, 0,
  28272. attribs, (sizeof(attribs)/sizeof(PKCS7Attrib)),
  28273. "pkcs7signedData_ECDSA_SHA256.der", 0, NULL, 0, 0, 0, 0, NULL, 0,
  28274. NULL, 0, 0},
  28275. /* ECDSA with SHA256 and SubjectKeyIdentifier in SigherIdentifier */
  28276. {data, (word32)sizeof(data), SHA256h, ECDSAk, eccClientPrivKeyBuf,
  28277. eccClientPrivKeyBufSz, eccClientCertBuf, eccClientCertBufSz, NULL, 0,
  28278. attribs, (sizeof(attribs)/sizeof(PKCS7Attrib)),
  28279. "pkcs7signedData_ECDSA_SHA256_SKID.der", 0, NULL, 0, CMS_SKID, 0, 0,
  28280. NULL, 0, NULL, 0, 0},
  28281. /* ECDSA with SHA256 and custom contentType */
  28282. {data, (word32)sizeof(data), SHA256h, ECDSAk, eccClientPrivKeyBuf,
  28283. eccClientPrivKeyBufSz, eccClientCertBuf, eccClientCertBufSz, NULL, 0,
  28284. attribs, (sizeof(attribs)/sizeof(PKCS7Attrib)),
  28285. "pkcs7signedData_ECDSA_SHA256_custom_contentType.der", 0,
  28286. customContentType, sizeof(customContentType), 0, 0, 0, NULL, 0,
  28287. NULL, 0, 0},
  28288. /* ECDSA with SHA256 and FirmwarePkgData contentType */
  28289. {data, (word32)sizeof(data), SHA256h, ECDSAk, eccClientPrivKeyBuf,
  28290. eccClientPrivKeyBufSz, eccClientCertBuf, eccClientCertBufSz, NULL, 0,
  28291. attribs, (sizeof(attribs)/sizeof(PKCS7Attrib)),
  28292. "pkcs7signedData_ECDSA_SHA256_firmwarePkgData.der",
  28293. FIRMWARE_PKG_DATA, NULL, 0, 0, 0, 0, NULL, 0, NULL, 0, 0},
  28294. #endif
  28295. #ifdef WOLFSSL_SHA384
  28296. /* ECDSA with SHA384 */
  28297. {data, (word32)sizeof(data), SHA384h, ECDSAk, eccClientPrivKeyBuf,
  28298. eccClientPrivKeyBufSz, eccClientCertBuf, eccClientCertBufSz, NULL, 0,
  28299. attribs, (sizeof(attribs)/sizeof(PKCS7Attrib)),
  28300. "pkcs7signedData_ECDSA_SHA384.der", 0, NULL, 0, 0, 0, 0, NULL, 0,
  28301. NULL, 0, 0},
  28302. #endif
  28303. #ifdef WOLFSSL_SHA512
  28304. /* ECDSA with SHA512 */
  28305. {data, (word32)sizeof(data), SHA512h, ECDSAk, eccClientPrivKeyBuf,
  28306. eccClientPrivKeyBufSz, eccClientCertBuf, eccClientCertBufSz, NULL, 0,
  28307. attribs, (sizeof(attribs)/sizeof(PKCS7Attrib)),
  28308. "pkcs7signedData_ECDSA_SHA512.der", 0, NULL, 0, 0, 0, 0, NULL, 0,
  28309. NULL, 0, 0},
  28310. #endif
  28311. #endif /* HAVE_ECC */
  28312. };
  28313. testSz = sizeof(testVectors) / sizeof(pkcs7SignedVector);
  28314. outSz = FOURK_BUF;
  28315. out = (byte*)XMALLOC(outSz, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  28316. if (out == NULL)
  28317. return -12510;
  28318. XMEMSET(out, 0, outSz);
  28319. ret = wc_PKCS7_PadData((byte*)data, sizeof(data), out, outSz, 16);
  28320. if (ret < 0) {
  28321. XFREE(out, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  28322. return -12511;
  28323. }
  28324. #ifndef HAVE_FIPS
  28325. ret = wc_InitRng_ex(&rng, HEAP_HINT, devId);
  28326. #else
  28327. ret = wc_InitRng(&rng);
  28328. #endif
  28329. if (ret != 0) {
  28330. XFREE(out, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  28331. return -12512;
  28332. }
  28333. for (i = 0; i < testSz; i++) {
  28334. pkcs7 = wc_PKCS7_New(HEAP_HINT, devId);
  28335. if (pkcs7 == NULL)
  28336. return -12513;
  28337. ret = wc_PKCS7_InitWithCert(pkcs7, testVectors[i].cert,
  28338. (word32)testVectors[i].certSz);
  28339. if (ret != 0) {
  28340. XFREE(out, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  28341. wc_PKCS7_Free(pkcs7);
  28342. return -12514;
  28343. }
  28344. /* load CA certificate, if present */
  28345. if (testVectors[i].caCert != NULL) {
  28346. ret = wc_PKCS7_AddCertificate(pkcs7, testVectors[i].caCert,
  28347. (word32)testVectors[i].caCertSz);
  28348. if (ret != 0) {
  28349. XFREE(out, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  28350. wc_PKCS7_Free(pkcs7);
  28351. return -12515;
  28352. }
  28353. }
  28354. pkcs7->rng = &rng;
  28355. pkcs7->content = (byte*)testVectors[i].content;
  28356. pkcs7->contentSz = testVectors[i].contentSz;
  28357. pkcs7->contentOID = testVectors[i].contentOID;
  28358. pkcs7->hashOID = testVectors[i].hashOID;
  28359. pkcs7->encryptOID = testVectors[i].signOID;
  28360. pkcs7->privateKey = testVectors[i].privateKey;
  28361. pkcs7->privateKeySz = testVectors[i].privateKeySz;
  28362. pkcs7->signedAttribs = testVectors[i].signedAttribs;
  28363. pkcs7->signedAttribsSz = testVectors[i].signedAttribsSz;
  28364. /* optional custom contentType, default is DATA,
  28365. overrides contentOID if set */
  28366. if (testVectors[i].contentType != NULL) {
  28367. ret = wc_PKCS7_SetContentType(pkcs7, testVectors[i].contentType,
  28368. testVectors[i].contentTypeSz);
  28369. if (ret != 0) {
  28370. XFREE(out, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  28371. wc_PKCS7_Free(pkcs7);
  28372. return -12516;
  28373. }
  28374. }
  28375. /* set SignerIdentifier to use SubjectKeyIdentifier if desired,
  28376. default is IssuerAndSerialNumber */
  28377. if (testVectors[i].sidType == CMS_SKID) {
  28378. ret = wc_PKCS7_SetSignerIdentifierType(pkcs7, CMS_SKID);
  28379. if (ret != 0) {
  28380. XFREE(out, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  28381. wc_PKCS7_Free(pkcs7);
  28382. return -12517;
  28383. }
  28384. }
  28385. /* generate senderNonce */
  28386. {
  28387. senderNonce[0] = 0x04;
  28388. senderNonce[1] = PKCS7_NONCE_SZ;
  28389. ret = wc_RNG_GenerateBlock(&rng, &senderNonce[2], PKCS7_NONCE_SZ);
  28390. if (ret != 0) {
  28391. XFREE(out, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  28392. wc_PKCS7_Free(pkcs7);
  28393. return -12518;
  28394. }
  28395. }
  28396. /* generate transactionID (used with SCEP) */
  28397. {
  28398. #ifndef NO_SHA
  28399. wc_Sha sha;
  28400. byte digest[WC_SHA_DIGEST_SIZE];
  28401. #else
  28402. wc_Sha256 sha;
  28403. byte digest[WC_SHA256_DIGEST_SIZE];
  28404. #endif
  28405. int j,k;
  28406. transId[0] = 0x13;
  28407. transId[1] = sizeof(digest) * 2;
  28408. #ifndef NO_SHA
  28409. ret = wc_InitSha_ex(&sha, HEAP_HINT, devId);
  28410. if (ret != 0) {
  28411. XFREE(out, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  28412. wc_PKCS7_Free(pkcs7);
  28413. return -12519;
  28414. }
  28415. wc_ShaUpdate(&sha, pkcs7->publicKey, pkcs7->publicKeySz);
  28416. wc_ShaFinal(&sha, digest);
  28417. wc_ShaFree(&sha);
  28418. #else
  28419. ret = wc_InitSha256_ex(&sha, HEAP_HINT, devId);
  28420. if (ret != 0) {
  28421. XFREE(out, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  28422. wc_PKCS7_Free(pkcs7);
  28423. return -12520;
  28424. }
  28425. wc_Sha256Update(&sha, pkcs7->publicKey, pkcs7->publicKeySz);
  28426. wc_Sha256Final(&sha, digest);
  28427. wc_Sha256Free(&sha);
  28428. #endif
  28429. for (j = 0, k = 2; j < (int)sizeof(digest); j++, k += 2) {
  28430. XSNPRINTF((char*)&transId[k], 3, "%02x", digest[j]);
  28431. }
  28432. }
  28433. /* enable detached signature generation, if set */
  28434. if (testVectors[i].detachedSignature == 1) {
  28435. ret = wc_PKCS7_SetDetached(pkcs7, 1);
  28436. if (ret != 0) {
  28437. XFREE(out, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  28438. wc_PKCS7_Free(pkcs7);
  28439. return -12521;
  28440. }
  28441. }
  28442. encodedSz = wc_PKCS7_EncodeSignedData(pkcs7, out, outSz);
  28443. if (encodedSz < 0) {
  28444. XFREE(out, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  28445. wc_PKCS7_Free(pkcs7);
  28446. return -12522;
  28447. }
  28448. #ifdef PKCS7_OUTPUT_TEST_BUNDLES
  28449. /* write PKCS#7 to output file for more testing */
  28450. file = XFOPEN(testVectors[i].outFileName, "wb");
  28451. if (!file) {
  28452. XFREE(out, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  28453. wc_PKCS7_Free(pkcs7);
  28454. return -12523;
  28455. }
  28456. ret = (int)XFWRITE(out, 1, encodedSz, file);
  28457. XFCLOSE(file);
  28458. if (ret != (int)encodedSz) {
  28459. XFREE(out, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  28460. wc_PKCS7_Free(pkcs7);
  28461. return -12524;
  28462. }
  28463. #endif /* PKCS7_OUTPUT_TEST_BUNDLES */
  28464. wc_PKCS7_Free(pkcs7);
  28465. pkcs7 = wc_PKCS7_New(HEAP_HINT, devId);
  28466. if (pkcs7 == NULL)
  28467. return -12525;
  28468. wc_PKCS7_InitWithCert(pkcs7, NULL, 0);
  28469. if (testVectors[i].detachedSignature == 1) {
  28470. /* set content for verifying detached signatures */
  28471. pkcs7->content = (byte*)testVectors[i].content;
  28472. pkcs7->contentSz = testVectors[i].contentSz;
  28473. }
  28474. ret = wc_PKCS7_VerifySignedData(pkcs7, out, outSz);
  28475. if (ret < 0) {
  28476. XFREE(out, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  28477. wc_PKCS7_Free(pkcs7);
  28478. return -12526;
  28479. }
  28480. /* verify contentType extracted successfully for custom content types */
  28481. if (testVectors[i].contentTypeSz > 0) {
  28482. if (pkcs7->contentTypeSz != testVectors[i].contentTypeSz) {
  28483. return -12527;
  28484. } else if (XMEMCMP(pkcs7->contentType, testVectors[i].contentType,
  28485. pkcs7->contentTypeSz) != 0) {
  28486. return -12528;
  28487. }
  28488. }
  28489. if (pkcs7->singleCert == NULL || pkcs7->singleCertSz == 0) {
  28490. XFREE(out, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  28491. wc_PKCS7_Free(pkcs7);
  28492. return -12529;
  28493. }
  28494. {
  28495. /* check getting signed attributes */
  28496. #ifndef NO_SHA
  28497. byte buf[(WC_SHA_DIGEST_SIZE + 1) * 2 + 1];
  28498. #else
  28499. byte buf[(WC_SHA256_DIGEST_SIZE + 1) * 2 + 1];
  28500. #endif
  28501. byte* oidPt = transIdOid + 2; /* skip object id tag and size */
  28502. int oidSz = (int)sizeof(transIdOid) - 2;
  28503. int bufSz = 0;
  28504. if (testVectors[i].signedAttribs != NULL &&
  28505. wc_PKCS7_GetAttributeValue(pkcs7, oidPt, oidSz,
  28506. NULL, (word32*)&bufSz) != LENGTH_ONLY_E) {
  28507. XFREE(out, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  28508. wc_PKCS7_Free(pkcs7);
  28509. return -12530;
  28510. }
  28511. if (bufSz > (int)sizeof(buf)) {
  28512. XFREE(out, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  28513. wc_PKCS7_Free(pkcs7);
  28514. return -12531;
  28515. }
  28516. bufSz = wc_PKCS7_GetAttributeValue(pkcs7, oidPt, oidSz,
  28517. buf, (word32*)&bufSz);
  28518. if ((testVectors[i].signedAttribs != NULL && bufSz < 0) ||
  28519. (testVectors[i].signedAttribs == NULL && bufSz > 0)) {
  28520. XFREE(out, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  28521. wc_PKCS7_Free(pkcs7);
  28522. return -12532;
  28523. }
  28524. }
  28525. #ifdef PKCS7_OUTPUT_TEST_BUNDLES
  28526. file = XFOPEN("./pkcs7cert.der", "wb");
  28527. if (!file) {
  28528. XFREE(out, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  28529. wc_PKCS7_Free(pkcs7);
  28530. return -12533;
  28531. }
  28532. ret = (int)XFWRITE(pkcs7->singleCert, 1, pkcs7->singleCertSz, file);
  28533. XFCLOSE(file);
  28534. #endif /* PKCS7_OUTPUT_TEST_BUNDLES */
  28535. wc_PKCS7_Free(pkcs7);
  28536. }
  28537. XFREE(out, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  28538. wc_FreeRng(&rng);
  28539. if (ret > 0)
  28540. return 0;
  28541. (void)rsaClientCertBuf;
  28542. (void)rsaClientCertBufSz;
  28543. (void)rsaClientPrivKeyBuf;
  28544. (void)rsaClientPrivKeyBufSz;
  28545. (void)rsaServerCertBuf;
  28546. (void)rsaServerCertBufSz;
  28547. (void)rsaServerPrivKeyBuf;
  28548. (void)rsaServerPrivKeyBufSz;
  28549. (void)rsaCaCertBuf;
  28550. (void)rsaCaCertBufSz;
  28551. (void)rsaCaPrivKeyBuf;
  28552. (void)rsaCaPrivKeyBufSz;
  28553. (void)eccClientCertBuf;
  28554. (void)eccClientCertBufSz;
  28555. (void)eccClientPrivKeyBuf;
  28556. (void)eccClientPrivKeyBufSz;
  28557. return ret;
  28558. }
  28559. static int pkcs7signed_run_SingleShotVectors(
  28560. byte* rsaClientCertBuf, word32 rsaClientCertBufSz,
  28561. byte* rsaClientPrivKeyBuf, word32 rsaClientPrivKeyBufSz,
  28562. byte* rsaServerCertBuf, word32 rsaServerCertBufSz,
  28563. byte* rsaServerPrivKeyBuf, word32 rsaServerPrivKeyBufSz,
  28564. byte* rsaCaCertBuf, word32 rsaCaCertBufSz,
  28565. byte* rsaCaPrivKeyBuf, word32 rsaCaPrivKeyBufSz,
  28566. byte* eccClientCertBuf, word32 eccClientCertBufSz,
  28567. byte* eccClientPrivKeyBuf, word32 eccClientPrivKeyBufSz)
  28568. {
  28569. int ret, testSz, i;
  28570. int encodedSz;
  28571. byte* out;
  28572. word32 outSz;
  28573. WC_RNG rng;
  28574. PKCS7* pkcs7;
  28575. #ifdef PKCS7_OUTPUT_TEST_BUNDLES
  28576. XFILE file;
  28577. #endif
  28578. WOLFSSL_SMALL_STACK_STATIC const byte data[] = { /* Hello World */
  28579. 0x48,0x65,0x6c,0x6c,0x6f,0x20,0x57,0x6f,
  28580. 0x72,0x6c,0x64
  28581. };
  28582. #if defined(WOLFSSL_AES_256) && !defined(NO_PKCS7_ENCRYPTED_DATA)
  28583. static byte aes256Key[] = {
  28584. 0x01,0x02,0x03,0x04,0x05,0x06,0x07,0x08,
  28585. 0x01,0x02,0x03,0x04,0x05,0x06,0x07,0x08,
  28586. 0x01,0x02,0x03,0x04,0x05,0x06,0x07,0x08,
  28587. 0x01,0x02,0x03,0x04,0x05,0x06,0x07,0x08
  28588. };
  28589. #endif
  28590. static byte messageTypeOid[] =
  28591. { 0x06, 0x0a, 0x60, 0x86, 0x48, 0x01, 0x86, 0xF8, 0x45, 0x01,
  28592. 0x09, 0x02 };
  28593. static byte messageType[] = { 0x13, 2, '1', '9' };
  28594. PKCS7Attrib attribs[] =
  28595. {
  28596. { messageTypeOid, sizeof(messageTypeOid), messageType,
  28597. sizeof(messageType) },
  28598. };
  28599. const pkcs7SignedVector testVectors[] =
  28600. {
  28601. #ifndef NO_RSA
  28602. #ifndef NO_SHA256
  28603. /* Signed FirmwarePkgData, RSA, SHA256, no attribs */
  28604. {data, (word32)sizeof(data), SHA256h, RSAk, rsaClientPrivKeyBuf,
  28605. rsaClientPrivKeyBufSz, rsaClientCertBuf, rsaClientCertBufSz, NULL, 0,
  28606. NULL, 0,
  28607. "pkcs7signedFirmwarePkgData_RSA_SHA256_noattr.der", 0, NULL, 0, 0,
  28608. 0, 0, NULL, 0, NULL, 0, 0},
  28609. /* Signed FirmwarePkgData, RSA, SHA256, attrs */
  28610. {data, (word32)sizeof(data), SHA256h, RSAk, rsaClientPrivKeyBuf,
  28611. rsaClientPrivKeyBufSz, rsaClientCertBuf, rsaClientCertBufSz, NULL, 0,
  28612. attribs, (sizeof(attribs)/sizeof(PKCS7Attrib)),
  28613. "pkcs7signedFirmwarePkgData_RSA_SHA256.der", 0, NULL, 0, 0, 0, 0,
  28614. NULL, 0, NULL, 0, 0},
  28615. /* Signed FirmwarePkgData, RSA, SHA256, SubjectKeyIdentifier, attrs */
  28616. {data, (word32)sizeof(data), SHA256h, RSAk, rsaClientPrivKeyBuf,
  28617. rsaClientPrivKeyBufSz, rsaClientCertBuf, rsaClientCertBufSz, NULL, 0,
  28618. attribs, (sizeof(attribs)/sizeof(PKCS7Attrib)),
  28619. "pkcs7signedFirmwarePkgData_RSA_SHA256_SKID.der", 0, NULL,
  28620. 0, CMS_SKID, 0, 0, NULL, 0, NULL, 0, 0},
  28621. /* Signed FirmwraePkgData, RSA, SHA256, server cert and ca cert, attr */
  28622. {data, (word32)sizeof(data), SHA256h, RSAk, rsaServerPrivKeyBuf,
  28623. rsaServerPrivKeyBufSz, rsaServerCertBuf, rsaServerCertBufSz,
  28624. rsaCaCertBuf, rsaCaCertBufSz,
  28625. attribs, (sizeof(attribs)/sizeof(PKCS7Attrib)),
  28626. "pkcs7signedFirmwarePkgData_RSA_SHA256_with_ca_cert.der", 0, NULL,
  28627. 0, 0, 0, 0, NULL, 0, NULL, 0, 0},
  28628. #if defined(WOLFSSL_AES_256) && !defined(NO_PKCS7_ENCRYPTED_DATA)
  28629. /* Signed Encrypted FirmwarePkgData, RSA, SHA256, no attribs */
  28630. {data, (word32)sizeof(data), SHA256h, RSAk, rsaClientPrivKeyBuf,
  28631. rsaClientPrivKeyBufSz, rsaClientCertBuf, rsaClientCertBufSz, NULL, 0,
  28632. NULL, 0,
  28633. "pkcs7signedEncryptedFirmwarePkgData_RSA_SHA256_noattr.der", 0,
  28634. NULL, 0, 0, AES256CBCb, 1, aes256Key, sizeof(aes256Key), NULL, 0, 0},
  28635. /* Signed Encrypted FirmwarePkgData, RSA, SHA256, attribs */
  28636. {data, (word32)sizeof(data), SHA256h, RSAk, rsaClientPrivKeyBuf,
  28637. rsaClientPrivKeyBufSz, rsaClientCertBuf, rsaClientCertBufSz, NULL, 0,
  28638. attribs, (sizeof(attribs)/sizeof(PKCS7Attrib)),
  28639. "pkcs7signedEncryptedFirmwarePkgData_RSA_SHA256.der", 0,
  28640. NULL, 0, 0, AES256CBCb, 1, aes256Key, sizeof(aes256Key),
  28641. attribs, (sizeof(attribs)/sizeof(PKCS7Attrib)), 0},
  28642. #endif /* WOLFSSL_AES_256 && !NO_PKCS7_ENCRYPTED_DATA */
  28643. #if defined(HAVE_LIBZ) && !defined(NO_PKCS7_COMPRESSED_DATA)
  28644. /* Signed Compressed FirmwarePkgData, RSA, SHA256, no attribs */
  28645. {data, (word32)sizeof(data), SHA256h, RSAk, rsaClientPrivKeyBuf,
  28646. rsaClientPrivKeyBufSz, rsaClientCertBuf, rsaClientCertBufSz, NULL, 0,
  28647. NULL, 0,
  28648. "pkcs7signedCompressedFirmwarePkgData_RSA_SHA256_noattr.der", 0,
  28649. NULL, 0, 0, 0, 2, NULL, 0, NULL, 0, 0},
  28650. /* Signed Compressed FirmwarePkgData, RSA, SHA256, attribs */
  28651. {data, (word32)sizeof(data), SHA256h, RSAk, rsaClientPrivKeyBuf,
  28652. rsaClientPrivKeyBufSz, rsaClientCertBuf, rsaClientCertBufSz, NULL, 0,
  28653. attribs, (sizeof(attribs)/sizeof(PKCS7Attrib)),
  28654. "pkcs7signedCompressedFirmwarePkgData_RSA_SHA256.der", 0,
  28655. NULL, 0, 0, 0, 2, NULL, 0, NULL, 0, 0},
  28656. #ifndef NO_PKCS7_ENCRYPTED_DATA
  28657. /* Signed Encrypted Compressed FirmwarePkgData, RSA, SHA256,
  28658. no attribs */
  28659. {data, (word32)sizeof(data), SHA256h, RSAk, rsaClientPrivKeyBuf,
  28660. rsaClientPrivKeyBufSz, rsaClientCertBuf, rsaClientCertBufSz, NULL, 0,
  28661. NULL, 0,
  28662. "pkcs7signedEncryptedCompressedFirmwarePkgData_RSA_SHA256_noattr.der",
  28663. 0, NULL, 0, 0, AES256CBCb, 3, aes256Key, sizeof(aes256Key), NULL,
  28664. 0, 0},
  28665. /* Signed Encrypted Compressed FirmwarePkgData, RSA, SHA256,
  28666. attribs */
  28667. {data, (word32)sizeof(data), SHA256h, RSAk, rsaClientPrivKeyBuf,
  28668. rsaClientPrivKeyBufSz, rsaClientCertBuf, rsaClientCertBufSz, NULL, 0,
  28669. attribs, (sizeof(attribs)/sizeof(PKCS7Attrib)),
  28670. "pkcs7signedEncryptedCompressedFirmwarePkgData_RSA_SHA256.der",
  28671. 0, NULL, 0, 0, AES256CBCb, 3, aes256Key, sizeof(aes256Key),
  28672. attribs, (sizeof(attribs)/sizeof(PKCS7Attrib)), 0},
  28673. #endif /* !NO_PKCS7_ENCRYPTED_DATA */
  28674. #endif /* HAVE_LIBZ && !NO_PKCS7_COMPRESSED_DATA */
  28675. #endif /* NO_SHA256 */
  28676. #endif /* NO_RSA */
  28677. #ifdef HAVE_ECC
  28678. #ifndef NO_SHA256
  28679. /* Signed FirmwarePkgData, ECDSA, SHA256, no attribs */
  28680. {data, (word32)sizeof(data), SHA256h, ECDSAk, eccClientPrivKeyBuf,
  28681. eccClientPrivKeyBufSz, eccClientCertBuf, eccClientCertBufSz, NULL, 0,
  28682. NULL, 0,
  28683. "pkcs7signedFirmwarePkgData_ECDSA_SHA256_noattr.der", 0, NULL,
  28684. 0, 0, 0, 0, NULL, 0, NULL, 0, 0},
  28685. /* Signed FirmwarePkgData, ECDSA, SHA256, attribs */
  28686. {data, (word32)sizeof(data), SHA256h, ECDSAk, eccClientPrivKeyBuf,
  28687. eccClientPrivKeyBufSz, eccClientCertBuf, eccClientCertBufSz, NULL, 0,
  28688. attribs, (sizeof(attribs)/sizeof(PKCS7Attrib)),
  28689. "pkcs7signedFirmwarePkgData_ECDSA_SHA256.der", 0, NULL,
  28690. 0, 0, 0, 0, NULL, 0, NULL, 0, 0},
  28691. /* Signed FirmwarePkgData, ECDSA, SHA256, SubjectKeyIdentifier, attr */
  28692. {data, (word32)sizeof(data), SHA256h, ECDSAk, eccClientPrivKeyBuf,
  28693. eccClientPrivKeyBufSz, eccClientCertBuf, eccClientCertBufSz, NULL, 0,
  28694. attribs, (sizeof(attribs)/sizeof(PKCS7Attrib)),
  28695. "pkcs7signedFirmwarePkgData_ECDSA_SHA256_SKID.der", 0, NULL,
  28696. 0, CMS_SKID, 0, 0, NULL, 0, NULL, 0, 0},
  28697. #if defined(WOLFSSL_AES_256) && !defined(NO_PKCS7_ENCRYPTED_DATA)
  28698. /* Signed Encrypted FirmwarePkgData, ECDSA, SHA256, no attribs */
  28699. {data, (word32)sizeof(data), SHA256h, ECDSAk, eccClientPrivKeyBuf,
  28700. eccClientPrivKeyBufSz, eccClientCertBuf, eccClientCertBufSz, NULL, 0,
  28701. NULL, 0,
  28702. "pkcs7signedEncryptedFirmwarePkgData_ECDSA_SHA256_noattr.der", 0, NULL,
  28703. 0, 0, AES256CBCb, 1, aes256Key, sizeof(aes256Key), NULL, 0, 0},
  28704. /* Signed Encrypted FirmwarePkgData, ECDSA, SHA256, attribs */
  28705. {data, (word32)sizeof(data), SHA256h, ECDSAk, eccClientPrivKeyBuf,
  28706. eccClientPrivKeyBufSz, eccClientCertBuf, eccClientCertBufSz, NULL, 0,
  28707. attribs, (sizeof(attribs)/sizeof(PKCS7Attrib)),
  28708. "pkcs7signedEncryptedFirmwarePkgData_ECDSA_SHA256.der", 0, NULL,
  28709. 0, 0, AES256CBCb, 1, aes256Key, sizeof(aes256Key),
  28710. attribs, (sizeof(attribs)/sizeof(PKCS7Attrib)), 0},
  28711. #endif /* WOLFSSL_AES_256 && !NO_PKCS7_ENCRYPTED_DATA */
  28712. #if defined(HAVE_LIBZ) && !defined(NO_PKCS7_COMPRESSED_DATA)
  28713. /* Signed Compressed FirmwarePkgData, ECDSA, SHA256, no attribs */
  28714. {data, (word32)sizeof(data), SHA256h, ECDSAk, eccClientPrivKeyBuf,
  28715. eccClientPrivKeyBufSz, eccClientCertBuf, eccClientCertBufSz, NULL, 0,
  28716. NULL, 0,
  28717. "pkcs7signedCompressedFirmwarePkgData_ECDSA_SHA256_noattr.der", 0, NULL,
  28718. 0, 0, 0, 2, NULL, 0, NULL, 0, 0},
  28719. /* Signed Compressed FirmwarePkgData, ECDSA, SHA256, attrib */
  28720. {data, (word32)sizeof(data), SHA256h, ECDSAk, eccClientPrivKeyBuf,
  28721. eccClientPrivKeyBufSz, eccClientCertBuf, eccClientCertBufSz, NULL, 0,
  28722. attribs, (sizeof(attribs)/sizeof(PKCS7Attrib)),
  28723. "pkcs7signedCompressedFirmwarePkgData_ECDSA_SHA256.der", 0, NULL,
  28724. 0, 0, 0, 2, NULL, 0, NULL, 0, 0},
  28725. #ifndef NO_PKCS7_ENCRYPTED_DATA
  28726. /* Signed Encrypted Compressed FirmwarePkgData, ECDSA, SHA256,
  28727. no attribs */
  28728. {data, (word32)sizeof(data), SHA256h, ECDSAk, eccClientPrivKeyBuf,
  28729. eccClientPrivKeyBufSz, eccClientCertBuf, eccClientCertBufSz, NULL, 0,
  28730. NULL, 0,
  28731. "pkcs7signedEncryptedCompressedFirmwarePkgData_ECDSA_SHA256_noattr.der",
  28732. 0, NULL, 0, 0, AES256CBCb, 3, aes256Key, sizeof(aes256Key), NULL,
  28733. 0, 0},
  28734. /* Signed Encrypted Compressed FirmwarePkgData, ECDSA, SHA256,
  28735. attribs */
  28736. {data, (word32)sizeof(data), SHA256h, ECDSAk, eccClientPrivKeyBuf,
  28737. eccClientPrivKeyBufSz, eccClientCertBuf, eccClientCertBufSz, NULL, 0,
  28738. attribs, (sizeof(attribs)/sizeof(PKCS7Attrib)),
  28739. "pkcs7signedEncryptedCompressedFirmwarePkgData_ECDSA_SHA256.der",
  28740. 0, NULL, 0, 0, AES256CBCb, 3, aes256Key, sizeof(aes256Key),
  28741. attribs, (sizeof(attribs)/sizeof(PKCS7Attrib)), 0},
  28742. #endif /* !NO_PKCS7_ENCRYPTED_DATA */
  28743. #endif /* HAVE_LIBZ && !NO_PKCS7_COMPRESSED_DATA */
  28744. #endif /* NO_SHA256 */
  28745. #endif /* HAVE_ECC */
  28746. };
  28747. testSz = sizeof(testVectors) / sizeof(pkcs7SignedVector);
  28748. outSz = FOURK_BUF;
  28749. out = (byte*)XMALLOC(outSz, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  28750. if (out == NULL)
  28751. return -12540;
  28752. XMEMSET(out, 0, outSz);
  28753. ret = wc_PKCS7_PadData((byte*)data, sizeof(data), out, outSz, 16);
  28754. if (ret < 0) {
  28755. XFREE(out, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  28756. return -12541;
  28757. }
  28758. #ifndef HAVE_FIPS
  28759. ret = wc_InitRng_ex(&rng, HEAP_HINT, devId);
  28760. #else
  28761. ret = wc_InitRng(&rng);
  28762. #endif
  28763. if (ret != 0) {
  28764. XFREE(out, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  28765. return -12542;
  28766. }
  28767. for (i = 0; i < testSz; i++) {
  28768. pkcs7 = wc_PKCS7_New(HEAP_HINT, devId);
  28769. if (pkcs7 == NULL)
  28770. return -12543;
  28771. ret = wc_PKCS7_InitWithCert(pkcs7, testVectors[i].cert,
  28772. (word32)testVectors[i].certSz);
  28773. if (ret != 0) {
  28774. XFREE(out, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  28775. wc_PKCS7_Free(pkcs7);
  28776. return -12544;
  28777. }
  28778. /* load CA certificate, if present */
  28779. if (testVectors[i].caCert != NULL) {
  28780. ret = wc_PKCS7_AddCertificate(pkcs7, testVectors[i].caCert,
  28781. (word32)testVectors[i].caCertSz);
  28782. if (ret != 0) {
  28783. XFREE(out, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  28784. wc_PKCS7_Free(pkcs7);
  28785. return -12545;
  28786. }
  28787. }
  28788. /* set SignerIdentifier to use SubjectKeyIdentifier if desired,
  28789. default is IssuerAndSerialNumber */
  28790. if (testVectors[i].sidType == CMS_SKID) {
  28791. ret = wc_PKCS7_SetSignerIdentifierType(pkcs7, CMS_SKID);
  28792. if (ret != 0) {
  28793. XFREE(out, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  28794. wc_PKCS7_Free(pkcs7);
  28795. return -12546;
  28796. }
  28797. }
  28798. if (testVectors[i].encCompFlag == 0) {
  28799. /* encode Signed FirmwarePkgData */
  28800. encodedSz = wc_PKCS7_EncodeSignedFPD(pkcs7,
  28801. testVectors[i].privateKey, testVectors[i].privateKeySz,
  28802. testVectors[i].signOID, testVectors[i].hashOID,
  28803. (byte*)testVectors[i].content, testVectors[i].contentSz,
  28804. testVectors[i].signedAttribs,
  28805. testVectors[i].signedAttribsSz, out, outSz);
  28806. if (encodedSz < 0) {
  28807. XFREE(out, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  28808. wc_PKCS7_Free(pkcs7);
  28809. return -12547;
  28810. }
  28811. #ifndef NO_PKCS7_ENCRYPTED_DATA
  28812. } else if (testVectors[i].encCompFlag == 1) {
  28813. /* encode Signed Encrypted FirmwarePkgData */
  28814. encodedSz = wc_PKCS7_EncodeSignedEncryptedFPD(pkcs7,
  28815. testVectors[i].encryptKey, testVectors[i].encryptKeySz,
  28816. testVectors[i].privateKey, testVectors[i].privateKeySz,
  28817. testVectors[i].encryptOID, testVectors[i].signOID,
  28818. testVectors[i].hashOID, (byte*)testVectors[i].content,
  28819. testVectors[i].contentSz, testVectors[i].unprotectedAttribs,
  28820. testVectors[i].unprotectedAttribsSz,
  28821. testVectors[i].signedAttribs,
  28822. testVectors[i].signedAttribsSz, out, outSz);
  28823. if (encodedSz <= 0) {
  28824. XFREE(out, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  28825. wc_PKCS7_Free(pkcs7);
  28826. return -12548;
  28827. }
  28828. #endif
  28829. #if defined(HAVE_LIBZ) && !defined(NO_PKCS7_COMPRESSED_DATA)
  28830. } else if (testVectors[i].encCompFlag == 2) {
  28831. /* encode Signed Compressed FirmwarePkgData */
  28832. encodedSz = wc_PKCS7_EncodeSignedCompressedFPD(pkcs7,
  28833. testVectors[i].privateKey, testVectors[i].privateKeySz,
  28834. testVectors[i].signOID, testVectors[i].hashOID,
  28835. (byte*)testVectors[i].content, testVectors[i].contentSz,
  28836. testVectors[i].signedAttribs,
  28837. testVectors[i].signedAttribsSz, out, outSz);
  28838. if (encodedSz <= 0) {
  28839. XFREE(out, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  28840. wc_PKCS7_Free(pkcs7);
  28841. return -12549;
  28842. }
  28843. #ifndef NO_PKCS7_ENCRYPTED_DATA
  28844. } else if (testVectors[i].encCompFlag == 3) {
  28845. /* encode Signed Encrypted Compressed FirmwarePkgData */
  28846. encodedSz = wc_PKCS7_EncodeSignedEncryptedCompressedFPD(pkcs7,
  28847. testVectors[i].encryptKey, testVectors[i].encryptKeySz,
  28848. testVectors[i].privateKey, testVectors[i].privateKeySz,
  28849. testVectors[i].encryptOID, testVectors[i].signOID,
  28850. testVectors[i].hashOID, (byte*)testVectors[i].content,
  28851. testVectors[i].contentSz, testVectors[i].unprotectedAttribs,
  28852. testVectors[i].unprotectedAttribsSz,
  28853. testVectors[i].signedAttribs,
  28854. testVectors[i].signedAttribsSz, out, outSz);
  28855. if (encodedSz <= 0) {
  28856. XFREE(out, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  28857. wc_PKCS7_Free(pkcs7);
  28858. return -12550;
  28859. }
  28860. #endif /* NO_PKCS7_ENCRYPTED_DATA */
  28861. #endif /* HAVE_LIBZ && !NO_PKCS7_COMPRESSED_DATA */
  28862. } else {
  28863. /* unsupported SignedData single-shot combination */
  28864. XFREE(out, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  28865. wc_PKCS7_Free(pkcs7);
  28866. return -12551;
  28867. }
  28868. #ifdef PKCS7_OUTPUT_TEST_BUNDLES
  28869. /* write PKCS#7 to output file for more testing */
  28870. file = XFOPEN(testVectors[i].outFileName, "wb");
  28871. if (!file) {
  28872. XFREE(out, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  28873. wc_PKCS7_Free(pkcs7);
  28874. return -12552;
  28875. }
  28876. ret = (int)XFWRITE(out, 1, encodedSz, file);
  28877. XFCLOSE(file);
  28878. if (ret != (int)encodedSz) {
  28879. XFREE(out, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  28880. wc_PKCS7_Free(pkcs7);
  28881. return -12553;
  28882. }
  28883. #endif /* PKCS7_OUTPUT_TEST_BUNDLES */
  28884. wc_PKCS7_Free(pkcs7);
  28885. pkcs7 = wc_PKCS7_New(HEAP_HINT, devId);
  28886. if (pkcs7 == NULL)
  28887. return -12554;
  28888. wc_PKCS7_InitWithCert(pkcs7, NULL, 0);
  28889. ret = wc_PKCS7_VerifySignedData(pkcs7, out, outSz);
  28890. if (ret < 0) {
  28891. XFREE(out, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  28892. wc_PKCS7_Free(pkcs7);
  28893. return -12555;
  28894. }
  28895. #ifndef NO_PKCS7_STREAM
  28896. {
  28897. word32 z;
  28898. for (z = 0; z < outSz && ret != 0; z++) {
  28899. ret = wc_PKCS7_VerifySignedData(pkcs7, out + z, 1);
  28900. if (ret < 0 && ret != WC_PKCS7_WANT_READ_E) {
  28901. XFREE(out, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  28902. wc_PKCS7_Free(pkcs7);
  28903. printf("unexpected error %d\n", ret);
  28904. return -12556;
  28905. }
  28906. }
  28907. }
  28908. #endif
  28909. if (pkcs7->singleCert == NULL || pkcs7->singleCertSz == 0) {
  28910. XFREE(out, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  28911. wc_PKCS7_Free(pkcs7);
  28912. return -12557;
  28913. }
  28914. if (testVectors[i].encCompFlag == 0) {
  28915. /* verify decoded content matches expected */
  28916. if ((pkcs7->contentSz != testVectors[i].contentSz) ||
  28917. XMEMCMP(pkcs7->content, testVectors[i].content,
  28918. pkcs7->contentSz)) {
  28919. XFREE(out, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  28920. wc_PKCS7_Free(pkcs7);
  28921. return -12558;
  28922. }
  28923. }
  28924. #ifndef NO_PKCS7_ENCRYPTED_DATA
  28925. else if (testVectors[i].encCompFlag == 1) {
  28926. /* decrypt inner encryptedData */
  28927. pkcs7->encryptionKey = testVectors[i].encryptKey;
  28928. pkcs7->encryptionKeySz = testVectors[i].encryptKeySz;
  28929. ret = wc_PKCS7_DecodeEncryptedData(pkcs7, pkcs7->content,
  28930. pkcs7->contentSz, out, outSz);
  28931. if (ret < 0) {
  28932. XFREE(out, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  28933. wc_PKCS7_Free(pkcs7);
  28934. return -12559;
  28935. }
  28936. /* compare decrypted to expected */
  28937. if (((word32)ret != testVectors[i].contentSz) ||
  28938. XMEMCMP(out, testVectors[i].content, ret)) {
  28939. XFREE(out, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  28940. wc_PKCS7_Free(pkcs7);
  28941. return -12560;
  28942. }
  28943. }
  28944. #endif
  28945. #if defined(HAVE_LIBZ) && !defined(NO_PKCS7_COMPRESSED_DATA)
  28946. else if (testVectors[i].encCompFlag == 2) {
  28947. /* decompress inner compressedData */
  28948. ret = wc_PKCS7_DecodeCompressedData(pkcs7, pkcs7->content,
  28949. pkcs7->contentSz, out, outSz);
  28950. if (ret < 0) {
  28951. XFREE(out, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  28952. wc_PKCS7_Free(pkcs7);
  28953. return -12561;
  28954. }
  28955. /* compare decompressed to expected */
  28956. if (((word32)ret != testVectors[i].contentSz) ||
  28957. XMEMCMP(out, testVectors[i].content, ret)) {
  28958. XFREE(out, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  28959. wc_PKCS7_Free(pkcs7);
  28960. return -12562;
  28961. }
  28962. }
  28963. #ifndef NO_PKCS7_ENCRYPTED_DATA
  28964. else if (testVectors[i].encCompFlag == 3) {
  28965. byte* encryptedTmp;
  28966. int encryptedTmpSz;
  28967. encryptedTmpSz = FOURK_BUF;
  28968. encryptedTmp = (byte*)XMALLOC(encryptedTmpSz, HEAP_HINT,
  28969. DYNAMIC_TYPE_TMP_BUFFER);
  28970. if (encryptedTmp == NULL) {
  28971. XFREE(out, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  28972. wc_PKCS7_Free(pkcs7);
  28973. return -12563;
  28974. }
  28975. XMEMSET(encryptedTmp, 0, encryptedTmpSz);
  28976. /* decrypt inner encryptedData */
  28977. pkcs7->encryptionKey = testVectors[i].encryptKey;
  28978. pkcs7->encryptionKeySz = testVectors[i].encryptKeySz;
  28979. encryptedTmpSz = wc_PKCS7_DecodeEncryptedData(pkcs7, pkcs7->content,
  28980. pkcs7->contentSz, encryptedTmp,
  28981. encryptedTmpSz);
  28982. if (encryptedTmpSz < 0) {
  28983. XFREE(encryptedTmp, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  28984. XFREE(out, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  28985. wc_PKCS7_Free(pkcs7);
  28986. return -12564;
  28987. }
  28988. /* decompress inner compressedData */
  28989. ret = wc_PKCS7_DecodeCompressedData(pkcs7, encryptedTmp,
  28990. encryptedTmpSz, out, outSz);
  28991. if (ret < 0) {
  28992. XFREE(encryptedTmp, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  28993. XFREE(out, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  28994. wc_PKCS7_Free(pkcs7);
  28995. return -12565;
  28996. }
  28997. XFREE(encryptedTmp, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  28998. /* compare decompressed to expected */
  28999. if (((word32)ret != testVectors[i].contentSz) ||
  29000. XMEMCMP(out, testVectors[i].content, ret)) {
  29001. XFREE(out, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  29002. wc_PKCS7_Free(pkcs7);
  29003. return -12566;
  29004. }
  29005. }
  29006. #endif /* NO_PKCS7_ENCRYPTED_DATA */
  29007. #endif /* HAVE_LIBZ && !NO_PKCS7_COMPRESSED_DATA */
  29008. wc_PKCS7_Free(pkcs7);
  29009. }
  29010. XFREE(out, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  29011. wc_FreeRng(&rng);
  29012. if (ret > 0)
  29013. return 0;
  29014. (void)eccClientCertBuf;
  29015. (void)eccClientCertBufSz;
  29016. (void)eccClientPrivKeyBuf;
  29017. (void)eccClientPrivKeyBufSz;
  29018. (void)rsaClientCertBuf;
  29019. (void)rsaClientCertBufSz;
  29020. (void)rsaClientPrivKeyBuf;
  29021. (void)rsaClientPrivKeyBufSz;
  29022. (void)rsaServerCertBuf;
  29023. (void)rsaServerCertBufSz;
  29024. (void)rsaServerPrivKeyBuf;
  29025. (void)rsaServerPrivKeyBufSz;
  29026. (void)rsaCaCertBuf;
  29027. (void)rsaCaCertBufSz;
  29028. (void)rsaCaPrivKeyBuf;
  29029. (void)rsaCaPrivKeyBufSz;
  29030. return ret;
  29031. }
  29032. WOLFSSL_TEST_SUBROUTINE int pkcs7signed_test(void)
  29033. {
  29034. int ret = 0;
  29035. byte* rsaClientCertBuf = NULL;
  29036. byte* rsaServerCertBuf = NULL;
  29037. byte* rsaCaCertBuf = NULL;
  29038. byte* eccClientCertBuf = NULL;
  29039. byte* rsaClientPrivKeyBuf = NULL;
  29040. byte* rsaServerPrivKeyBuf = NULL;
  29041. byte* rsaCaPrivKeyBuf = NULL;
  29042. byte* eccClientPrivKeyBuf = NULL;
  29043. word32 rsaClientCertBufSz = 0;
  29044. word32 rsaServerCertBufSz = 0;
  29045. word32 rsaCaCertBufSz = 0;
  29046. word32 eccClientCertBufSz = 0;
  29047. word32 rsaClientPrivKeyBufSz = 0;
  29048. word32 rsaServerPrivKeyBufSz = 0;
  29049. word32 rsaCaPrivKeyBufSz = 0;
  29050. word32 eccClientPrivKeyBufSz = 0;
  29051. #ifndef NO_RSA
  29052. /* read client RSA cert and key in DER format */
  29053. rsaClientCertBuf = (byte*)XMALLOC(FOURK_BUF, HEAP_HINT,
  29054. DYNAMIC_TYPE_TMP_BUFFER);
  29055. if (rsaClientCertBuf == NULL)
  29056. ret = -12600;
  29057. rsaClientPrivKeyBuf = (byte*)XMALLOC(FOURK_BUF, HEAP_HINT,
  29058. DYNAMIC_TYPE_TMP_BUFFER);
  29059. if (ret == 0 && rsaClientPrivKeyBuf == NULL) {
  29060. ret = -12601;
  29061. }
  29062. rsaClientCertBufSz = FOURK_BUF;
  29063. rsaClientPrivKeyBufSz = FOURK_BUF;
  29064. /* read server RSA cert and key in DER format */
  29065. rsaServerCertBuf = (byte*)XMALLOC(FOURK_BUF, HEAP_HINT,
  29066. DYNAMIC_TYPE_TMP_BUFFER);
  29067. if (ret == 0 && rsaServerCertBuf == NULL)
  29068. ret = -12602;
  29069. rsaServerPrivKeyBuf = (byte*)XMALLOC(FOURK_BUF, HEAP_HINT,
  29070. DYNAMIC_TYPE_TMP_BUFFER);
  29071. if (ret == 0 && rsaServerPrivKeyBuf == NULL) {
  29072. ret = -12603;
  29073. }
  29074. rsaServerCertBufSz = FOURK_BUF;
  29075. rsaServerPrivKeyBufSz = FOURK_BUF;
  29076. /* read CA RSA cert and key in DER format, for use with server cert */
  29077. rsaCaCertBuf = (byte*)XMALLOC(FOURK_BUF, HEAP_HINT,
  29078. DYNAMIC_TYPE_TMP_BUFFER);
  29079. if (ret == 0 && rsaCaCertBuf == NULL)
  29080. ret = -12604;
  29081. rsaCaPrivKeyBuf = (byte*)XMALLOC(FOURK_BUF, HEAP_HINT,
  29082. DYNAMIC_TYPE_TMP_BUFFER);
  29083. if (ret == 0 && rsaCaPrivKeyBuf == NULL) {
  29084. ret = -12605;
  29085. }
  29086. rsaCaCertBufSz = FOURK_BUF;
  29087. rsaCaPrivKeyBufSz = FOURK_BUF;
  29088. #endif /* NO_RSA */
  29089. #ifdef HAVE_ECC
  29090. /* read client ECC cert and key in DER format */
  29091. eccClientCertBuf = (byte*)XMALLOC(FOURK_BUF, HEAP_HINT,
  29092. DYNAMIC_TYPE_TMP_BUFFER);
  29093. if (ret == 0 && eccClientCertBuf == NULL) {
  29094. ret = -12606;
  29095. }
  29096. eccClientPrivKeyBuf =(byte*)XMALLOC(FOURK_BUF, HEAP_HINT,
  29097. DYNAMIC_TYPE_TMP_BUFFER);
  29098. if (ret == 0 && eccClientPrivKeyBuf == NULL) {
  29099. ret = -12607;
  29100. }
  29101. eccClientCertBufSz = FOURK_BUF;
  29102. eccClientPrivKeyBufSz = FOURK_BUF;
  29103. #endif /* HAVE_ECC */
  29104. if (ret >= 0)
  29105. ret = pkcs7_load_certs_keys(rsaClientCertBuf, &rsaClientCertBufSz,
  29106. rsaClientPrivKeyBuf, &rsaClientPrivKeyBufSz,
  29107. rsaServerCertBuf, &rsaServerCertBufSz,
  29108. rsaServerPrivKeyBuf, &rsaServerPrivKeyBufSz,
  29109. rsaCaCertBuf, &rsaCaCertBufSz,
  29110. rsaCaPrivKeyBuf, &rsaCaPrivKeyBufSz,
  29111. eccClientCertBuf, &eccClientCertBufSz,
  29112. eccClientPrivKeyBuf, &eccClientPrivKeyBufSz);
  29113. if (ret < 0) {
  29114. ret = -12608;
  29115. }
  29116. if (ret >= 0)
  29117. ret = pkcs7signed_run_vectors(rsaClientCertBuf, (word32)rsaClientCertBufSz,
  29118. rsaClientPrivKeyBuf, (word32)rsaClientPrivKeyBufSz,
  29119. rsaServerCertBuf, (word32)rsaServerCertBufSz,
  29120. rsaServerPrivKeyBuf, (word32)rsaServerPrivKeyBufSz,
  29121. rsaCaCertBuf, (word32)rsaCaCertBufSz,
  29122. rsaCaPrivKeyBuf, (word32)rsaCaPrivKeyBufSz,
  29123. eccClientCertBuf, (word32)eccClientCertBufSz,
  29124. eccClientPrivKeyBuf, (word32)eccClientPrivKeyBufSz);
  29125. if (ret >= 0)
  29126. ret = pkcs7signed_run_SingleShotVectors(
  29127. rsaClientCertBuf, (word32)rsaClientCertBufSz,
  29128. rsaClientPrivKeyBuf, (word32)rsaClientPrivKeyBufSz,
  29129. rsaServerCertBuf, (word32)rsaServerCertBufSz,
  29130. rsaServerPrivKeyBuf, (word32)rsaServerPrivKeyBufSz,
  29131. rsaCaCertBuf, (word32)rsaCaCertBufSz,
  29132. rsaCaPrivKeyBuf, (word32)rsaCaPrivKeyBufSz,
  29133. eccClientCertBuf, (word32)eccClientCertBufSz,
  29134. eccClientPrivKeyBuf, (word32)eccClientPrivKeyBufSz);
  29135. #ifndef NO_AES
  29136. if (ret >= 0)
  29137. ret = pkcs7callback_test(
  29138. rsaClientCertBuf, (word32)rsaClientCertBufSz,
  29139. rsaClientPrivKeyBuf, (word32)rsaClientPrivKeyBufSz);
  29140. #endif
  29141. XFREE(rsaClientCertBuf, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  29142. XFREE(rsaClientPrivKeyBuf, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  29143. XFREE(rsaServerCertBuf, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  29144. XFREE(rsaServerPrivKeyBuf, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  29145. XFREE(rsaCaCertBuf, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  29146. XFREE(rsaCaPrivKeyBuf, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  29147. XFREE(eccClientCertBuf, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  29148. XFREE(eccClientPrivKeyBuf, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  29149. return ret;
  29150. }
  29151. #endif /* HAVE_PKCS7 */
  29152. #ifdef HAVE_VALGRIND
  29153. /* Need a static build to have access to symbols. */
  29154. /* Maximum number of bytes in a number to test. */
  29155. #define MP_MAX_TEST_BYTE_LEN 32
  29156. static int randNum(mp_int* n, int len, WC_RNG* rng, void* heap)
  29157. {
  29158. byte d[MP_MAX_TEST_BYTE_LEN];
  29159. int ret;
  29160. (void)heap;
  29161. do {
  29162. ret = wc_RNG_GenerateBlock(rng, d, len);
  29163. if (ret != 0)
  29164. return ret;
  29165. ret = mp_read_unsigned_bin(n, d, len);
  29166. if (ret != 0)
  29167. return ret;
  29168. } while (mp_iszero(n));
  29169. return 0;
  29170. }
  29171. #if defined(WOLFSSL_SP_MATH_ALL) || !defined(USE_FAST_MATH)
  29172. static int mp_test_div_3(mp_int* a, mp_int* r, WC_RNG* rng)
  29173. {
  29174. int i, j;
  29175. mp_digit rem;
  29176. mp_digit rem2;
  29177. for (i = 0; i < 10; i++) {
  29178. for (j = 1; j < 10; j++) {
  29179. if (randNum(a, j, rng, NULL) != 0)
  29180. return -12620;
  29181. if (mp_div_3(a, r, &rem) != 0)
  29182. return -12621;
  29183. if (mp_mul_d(r, 3, r) != 0)
  29184. return -12622;
  29185. if (mp_add_d(r, rem, r) != 0)
  29186. return -12623;
  29187. if (mp_cmp(r, a) != MP_EQ)
  29188. return -12624;
  29189. }
  29190. }
  29191. if (mp_div_3(a, r, &rem) != 0)
  29192. return -12625;
  29193. if (mp_div_3(a, a, NULL) != 0)
  29194. return -12626;
  29195. if (mp_cmp(r, a) != MP_EQ)
  29196. return -12627;
  29197. #if defined(WOLFSSL_SP_MATH_ALL)
  29198. if (mp_div_d(a, 10, r, &rem) != 0)
  29199. return -12628;
  29200. if (mp_div_d(a, 10, a, NULL) != 0)
  29201. return -12629;
  29202. if (mp_cmp(r, a) != MP_EQ)
  29203. return -12630;
  29204. if (mp_div_d(a, 12, r, &rem) != 0)
  29205. return -12631;
  29206. if (mp_div_d(a, 12, a, NULL) != 0)
  29207. return -12632;
  29208. if (mp_cmp(r, a) != MP_EQ)
  29209. return -12633;
  29210. if (mp_div_d(a, (mp_digit)1 << (DIGIT_BIT / 2), r, &rem) != 0)
  29211. return -12634;
  29212. if (mp_div_d(a, (mp_digit)1 << (DIGIT_BIT / 2), NULL, &rem2) != 0)
  29213. return -12635;
  29214. if (mp_div_d(a, (mp_digit)1 << (DIGIT_BIT / 2), a, NULL) != 0)
  29215. return -12636;
  29216. if (mp_cmp(r, a) != MP_EQ)
  29217. return -12637;
  29218. if (rem != rem2)
  29219. return -12638;
  29220. #else
  29221. (void)rem2;
  29222. #endif
  29223. return 0;
  29224. }
  29225. #endif /* WOLFSSL_SP_MATH || !USE_FAST_MATH */
  29226. #if defined(WOLFSSL_SP_MATH_ALL) || (!defined WOLFSSL_SP_MATH && \
  29227. (defined(WOLFSSL_KEY_GEN) || defined(HAVE_COMP_KEY)))
  29228. static int mp_test_radix_10(mp_int* a, mp_int* r, WC_RNG* rng)
  29229. {
  29230. int ret;
  29231. int i, j;
  29232. int size;
  29233. char str[30];
  29234. WOLFSSL_SMALL_STACK_STATIC const char* badStr1 = "A";
  29235. WOLFSSL_SMALL_STACK_STATIC const char* badStr2 = "a";
  29236. WOLFSSL_SMALL_STACK_STATIC const char* badStr3 = " ";
  29237. WOLFSSL_SMALL_STACK_STATIC const char* zeros = "000";
  29238. WOLFSSL_SMALL_STACK_STATIC const char* empty = "";
  29239. for (i = 0; i < 10; i++) {
  29240. for (j = 2; j < 12; j++) {
  29241. if (randNum(a, j, rng, NULL) != 0)
  29242. return -12640;
  29243. if (mp_radix_size(a, MP_RADIX_DEC, &size) != MP_OKAY)
  29244. return -12641;
  29245. mp_toradix(a, str, MP_RADIX_DEC);
  29246. if ((int)XSTRLEN(str) != size - 1)
  29247. return -12642;
  29248. mp_read_radix(r, str, MP_RADIX_DEC);
  29249. if (mp_cmp(a, r) != MP_EQ)
  29250. return -12643;
  29251. }
  29252. }
  29253. if (mp_read_radix(r, badStr1, MP_RADIX_DEC) != MP_VAL)
  29254. return -12644;
  29255. if (mp_read_radix(r, badStr2, MP_RADIX_DEC) != MP_VAL)
  29256. return -12645;
  29257. if (mp_read_radix(r, badStr3, MP_RADIX_DEC) != MP_VAL)
  29258. return -12646;
  29259. if (mp_read_radix(r, zeros, MP_RADIX_DEC) != MP_OKAY)
  29260. return -12647;
  29261. if (!mp_iszero(r))
  29262. return -12648;
  29263. mp_set(r, 1);
  29264. if (mp_read_radix(r, empty, MP_RADIX_DEC) != MP_OKAY)
  29265. return -12649;
  29266. if (!mp_iszero(r))
  29267. return -12650;
  29268. mp_zero(a);
  29269. ret = mp_radix_size(a, MP_RADIX_DEC, &size);
  29270. if (ret != 0)
  29271. return -12651;
  29272. if (size != 2)
  29273. return -12652;
  29274. ret = mp_toradix(a, str, MP_RADIX_DEC);
  29275. if (ret != 0)
  29276. return -12653;
  29277. if ((int)XSTRLEN(str) != size - 1)
  29278. return -12654;
  29279. ret = mp_read_radix(r, str, MP_RADIX_DEC);
  29280. if (ret != 0)
  29281. return -12655;
  29282. if (!mp_iszero(r))
  29283. return -12656;
  29284. return 0;
  29285. }
  29286. #endif
  29287. #if defined(WOLFSSL_SP_MATH_ALL) || defined(HAVE_ECC)
  29288. static int mp_test_radix_16(mp_int* a, mp_int* r, WC_RNG* rng)
  29289. {
  29290. int ret;
  29291. int i, j;
  29292. int size;
  29293. char str[30];
  29294. #if defined(WOLFSSL_SP_MATH) || defined(USE_FAST_MATH)
  29295. static char longStr[2 * sizeof(a->dp) + 2];
  29296. #endif
  29297. WOLFSSL_SMALL_STACK_STATIC const char* badStr1 = " ";
  29298. WOLFSSL_SMALL_STACK_STATIC const char* badStr2 = "}";
  29299. WOLFSSL_SMALL_STACK_STATIC const char* empty = "";
  29300. for (i = 0; i < 10; i++) {
  29301. for (j = 2; j < 12; j++) {
  29302. if (randNum(a, j, rng, NULL) != 0)
  29303. return -12660;
  29304. mp_radix_size(a, MP_RADIX_HEX, &size);
  29305. mp_toradix(a, str, MP_RADIX_HEX);
  29306. if ((int)XSTRLEN(str) != size - 1)
  29307. return -12661;
  29308. mp_read_radix(r, str, MP_RADIX_HEX);
  29309. if (mp_cmp(a, r) != MP_EQ)
  29310. return -12662;
  29311. }
  29312. }
  29313. if (mp_read_radix(r, badStr1, MP_RADIX_HEX) != MP_VAL)
  29314. return -12663;
  29315. if (mp_read_radix(r, badStr2, MP_RADIX_HEX) != MP_VAL)
  29316. return -12664;
  29317. mp_set(r, 1);
  29318. if (mp_read_radix(r, empty, MP_RADIX_HEX) != MP_OKAY)
  29319. return -12665;
  29320. if (!mp_iszero(r))
  29321. return -12666;
  29322. #if defined(WOLFSSL_SP_MATH) || defined(USE_FAST_MATH)
  29323. /* Fixed MP data size - string can be too long. */
  29324. longStr[0] = '8';
  29325. XMEMSET(longStr+1, '0', sizeof(longStr) - 2);
  29326. longStr[sizeof(longStr)-1] = '\0';
  29327. if (mp_read_radix(r, longStr, MP_RADIX_HEX) != MP_VAL)
  29328. return -12667;
  29329. #endif
  29330. mp_zero(a);
  29331. ret = mp_radix_size(a, MP_RADIX_HEX, &size);
  29332. if (ret != 0)
  29333. return -12668;
  29334. #ifndef WC_DISABLE_RADIX_ZERO_PAD
  29335. if (size != 3)
  29336. #else
  29337. if (size != 2)
  29338. #endif
  29339. return -12669;
  29340. ret = mp_toradix(a, str, MP_RADIX_HEX);
  29341. if (ret != 0)
  29342. return -12670;
  29343. if ((int)XSTRLEN(str) != size - 1)
  29344. return -12671;
  29345. ret = mp_read_radix(r, str, MP_RADIX_HEX);
  29346. if (ret != 0)
  29347. return -12672;
  29348. if (!mp_iszero(r))
  29349. return -12673;
  29350. #ifdef WOLFSSL_SP_MATH
  29351. ret = mp_toradix(a, str, 8);
  29352. if (ret != MP_VAL)
  29353. return -12674;
  29354. ret = mp_radix_size(a, 8, &size);
  29355. if (ret != MP_VAL)
  29356. return -12675;
  29357. #endif
  29358. return 0;
  29359. }
  29360. #endif
  29361. static int mp_test_shift(mp_int* a, mp_int* r1, WC_RNG* rng)
  29362. {
  29363. int i;
  29364. if (randNum(a, 4, rng, NULL) != 0)
  29365. return -12680;
  29366. for (i = 0; i < 4; i++) {
  29367. mp_copy(r1, a);
  29368. if (mp_lshd(r1, i) != MP_OKAY)
  29369. return -12681;
  29370. mp_rshd(r1, i);
  29371. if (mp_cmp(a, r1) != MP_EQ)
  29372. return -12682;
  29373. }
  29374. for (i = 0; i < DIGIT_BIT+1; i++) {
  29375. if (mp_mul_2d(a, i, r1) != MP_OKAY)
  29376. return -12683;
  29377. mp_rshb(r1, i);
  29378. if (mp_cmp(a, r1) != MP_EQ)
  29379. return -12684;
  29380. }
  29381. return 0;
  29382. }
  29383. static int mp_test_add_sub_d(mp_int* a, mp_int* r1)
  29384. {
  29385. int i, j;
  29386. for (i = 0; i <= DIGIT_BIT * 2; i++) {
  29387. mp_zero(a);
  29388. mp_set_bit(a, i);
  29389. if (a->used != (i + DIGIT_BIT) / DIGIT_BIT)
  29390. return -12690;
  29391. for (j = 0; j < i && j < DIGIT_BIT; j++) {
  29392. mp_zero(r1);
  29393. mp_set_bit(r1, i);
  29394. if (mp_sub_d(r1, (mp_digit)1 << j, r1) != MP_OKAY)
  29395. return -12691;
  29396. if (mp_add_d(r1, (mp_digit)1 << j, r1) != MP_OKAY)
  29397. return -12692;
  29398. if (mp_cmp(a, r1) != MP_EQ)
  29399. return -12693;
  29400. }
  29401. }
  29402. mp_zero(r1);
  29403. if (mp_add_d(r1, 1, r1) != MP_OKAY)
  29404. return -12694;
  29405. if (r1->used != 1)
  29406. return -12695;
  29407. if (mp_sub_d(r1, 1, r1) != MP_OKAY)
  29408. return -12696;
  29409. if (r1->used != 0)
  29410. return -12697;
  29411. #ifdef WOLFSSL_SP_MATH
  29412. if (mp_set(r1, 1) != MP_OKAY)
  29413. return -12698;
  29414. if (mp_mul_2d(r1, SP_INT_MAX_BITS - 1, r1) != MP_OKAY)
  29415. return -12699;
  29416. if (mp_sub_d(r1, 1, r1) != MP_OKAY)
  29417. return -12700;
  29418. if (mp_mul_2d(r1, 1, r1) != MP_OKAY)
  29419. return -12701;
  29420. if (mp_add_d(r1, 1, r1) != MP_OKAY)
  29421. return -12702;
  29422. if (mp_add_d(r1, 1, r1) == MP_OKAY)
  29423. return -12703;
  29424. #endif
  29425. return 0;
  29426. }
  29427. static int mp_test_read_to_bin(mp_int* a)
  29428. {
  29429. WOLFSSL_SMALL_STACK_STATIC const byte in[16] = {
  29430. 0x91, 0xa2, 0xb3, 0xc4, 0xd5, 0xe6, 0xf7, 0x08,
  29431. 0x93, 0xa4, 0xb4, 0xc5, 0xd6, 0xe7, 0xf8, 0x09
  29432. };
  29433. byte out[24];
  29434. int i, j, k;
  29435. const byte* p;
  29436. int ret;
  29437. for (i = 0; i < (int)sizeof(in); i++) {
  29438. p = in + sizeof(in) - i;
  29439. ret = mp_read_unsigned_bin(a, p, i);
  29440. if (ret != 0)
  29441. return -12710;
  29442. for (j = i; j < (int)sizeof(out); j++) {
  29443. XMEMSET(out, 0xff, sizeof(out));
  29444. ret = mp_to_unsigned_bin_len(a, out, j);
  29445. if (ret != 0)
  29446. return -12711;
  29447. for (k = 0; k < j - i; k++) {
  29448. if (out[k] != 0)
  29449. return -12712;
  29450. }
  29451. for (; k < j; k++) {
  29452. if (out[k] != p[k - (j - i)])
  29453. return -12713;
  29454. }
  29455. }
  29456. }
  29457. ret = mp_read_unsigned_bin(a, NULL, 0);
  29458. if (ret != 0)
  29459. return -12714;
  29460. if (!mp_iszero(a))
  29461. return -12715;
  29462. return 0;
  29463. }
  29464. #if defined(WOLFSSL_SP_MATH) || defined(WOLFSSL_SP_MATH_ALL)
  29465. static int mp_test_set_int(mp_int* a)
  29466. {
  29467. #if SP_ULONG_BITS == 64
  29468. unsigned long n = 0xfedcba9876543210UL;
  29469. byte exp[8] = { 0xfe, 0xdc, 0xba, 0x98, 0x76, 0x54, 0x32, 0x10 };
  29470. byte out[8] = { 0 };
  29471. #elif SP_ULONG_BITS == 32
  29472. unsigned long n = 0xfedcba98UL;
  29473. byte exp[4] = { 0xfe, 0xdc, 0xba, 0x98 };
  29474. byte out[4] = { 0 };
  29475. #elif SP_ULONG_BITS == 16
  29476. unsigned long n = 0xfedc;
  29477. byte exp[2] = { 0xfe, 0xdc };
  29478. byte out[2] = { 0 };
  29479. #elif SP_ULONG_BITS == 8
  29480. unsigned long n = 0xfe;
  29481. byte exp[1] = { 0xfe };
  29482. byte out[1] = { 0 };
  29483. #endif
  29484. int ret;
  29485. ret = mp_set_int(a, n);
  29486. if (ret != 0)
  29487. return -12720;
  29488. ret = mp_unsigned_bin_size(a);
  29489. if (ret != sizeof(exp))
  29490. return -12721;
  29491. ret = mp_to_unsigned_bin(a, out);
  29492. if (ret != 0)
  29493. return -12722;
  29494. if (XMEMCMP(exp, out, sizeof(exp)) != 0)
  29495. return -12723;
  29496. return 0;
  29497. }
  29498. #endif
  29499. #if defined(WOLFSSL_SP_MATH) || defined(WOLFSSL_SP_MATH_ALL)
  29500. static int mp_test_param(mp_int* a, mp_int* b, mp_int* r, WC_RNG* rng)
  29501. {
  29502. byte buffer[16];
  29503. #if defined(HAVE_ECC) || defined(WOLFSSL_SP_MATH_ALL)
  29504. char hexStr[] = "abcdef0123456789";
  29505. #ifndef WOLFSSL_SP_INT_NEGATIVE
  29506. char negStr[] = "-1234";
  29507. #endif
  29508. #endif
  29509. #if !defined(WOLFSSL_SP_MATH_ALL) || defined(WOLFSSL_KEY_GEN) || \
  29510. defined(HAVE_COMP_KEY)
  29511. char decStr[] = "0987654321";
  29512. #endif
  29513. int ret;
  29514. #ifdef WOLFSSL_SP_MATH_ALL
  29515. mp_digit rho;
  29516. int size;
  29517. #endif
  29518. #if defined(WOLFSSL_SP_MATH_ALL) || defined(WOLFSSL_HAVE_SP_DH)
  29519. int result;
  29520. #endif
  29521. #if (defined(HAVE_ECC) && defined(HAVE_COMP_KEY)) || \
  29522. (defined(OPENSSL_EXTRA) && defined(WOLFSSL_KEY_GEN))
  29523. mp_digit rd;
  29524. #endif
  29525. (void)rng;
  29526. (void)r;
  29527. ret = mp_init(NULL);
  29528. if (ret != MP_VAL)
  29529. return -12730;
  29530. #if !defined(WOLFSSL_RSA_PUBLIC_ONLY) || (!defined(NO_DH) || defined(HAVE_ECC))
  29531. ret = mp_init_multi(NULL, NULL, NULL, NULL, NULL, NULL);
  29532. if (ret != MP_OKAY)
  29533. return -12731;
  29534. #endif
  29535. mp_free(NULL);
  29536. #if !defined(WOLFSSL_RSA_VERIFY_ONLY) || !defined(NO_DH) || defined(HAVE_ECC)
  29537. ret = mp_grow(NULL, 1);
  29538. if (ret != MP_VAL)
  29539. return -12732;
  29540. #ifdef WOLFSSL_SP_MATH
  29541. ret = mp_grow(a, SP_INT_DIGITS + 1);
  29542. if (ret != MP_MEM)
  29543. return -12733;
  29544. #endif
  29545. #endif
  29546. mp_clear(NULL);
  29547. ret = mp_abs(NULL, NULL);
  29548. if (ret != MP_VAL)
  29549. return -12734;
  29550. ret = mp_abs(a, NULL);
  29551. if (ret != MP_VAL)
  29552. return -12735;
  29553. ret = mp_abs(NULL, b);
  29554. if (ret != MP_VAL)
  29555. return -12736;
  29556. ret = mp_unsigned_bin_size(NULL);
  29557. if (ret != 0)
  29558. return -12737;
  29559. ret = mp_read_unsigned_bin(NULL, NULL, sizeof(buffer));
  29560. if (ret != MP_VAL)
  29561. return -12738;
  29562. ret = mp_read_unsigned_bin(NULL, buffer, sizeof(buffer));
  29563. if (ret != MP_VAL)
  29564. return -12739;
  29565. ret = mp_read_unsigned_bin(a, NULL, sizeof(buffer));
  29566. if (ret != MP_VAL)
  29567. return -12740;
  29568. ret = mp_read_unsigned_bin(a, buffer,
  29569. (SP_INT_DIGITS - 1) * SP_WORD_SIZEOF + 1);
  29570. if (ret != MP_VAL)
  29571. return -12741;
  29572. #if defined(HAVE_ECC) || defined(WOLFSSL_SP_MATH_ALL)
  29573. ret = mp_read_radix(NULL, NULL, 16);
  29574. if (ret != MP_VAL)
  29575. return -12742;
  29576. ret = mp_read_radix(a, NULL, 16);
  29577. if (ret != MP_VAL)
  29578. return -12743;
  29579. ret = mp_read_radix(NULL, hexStr, 16);
  29580. if (ret != MP_VAL)
  29581. return -12744;
  29582. #ifndef WOLFSSL_SP_INT_NEGATIVE
  29583. ret = mp_read_radix(a, negStr, 16);
  29584. if (ret != MP_VAL)
  29585. return -12745;
  29586. #ifdef WOLFSSL_SP_MATH_ALL
  29587. ret = mp_read_radix(a, negStr, 10);
  29588. if (ret != MP_VAL)
  29589. return -12746;
  29590. #endif /* WOLFSSL_SP_MATH_ALL */
  29591. #endif /* WOLFSSL_SP_INT_NEGATIVE */
  29592. #endif
  29593. #ifndef WOLFSSL_SP_MATH_ALL
  29594. /* Radix 10 only supported with ALL. */
  29595. ret = mp_read_radix(a, decStr, 10);
  29596. if (ret != MP_VAL)
  29597. return -12747;
  29598. #endif
  29599. /* Radix 8 not supported SP_INT. */
  29600. ret = mp_read_radix(a, "0123", 8);
  29601. if (ret != MP_VAL)
  29602. return -12748;
  29603. ret = mp_count_bits(NULL);
  29604. if (ret != 0)
  29605. return -12749;
  29606. ret = mp_is_bit_set(NULL, 0);
  29607. if (ret != 0)
  29608. return -12750;
  29609. ret = mp_leading_bit(NULL);
  29610. if (ret != 0)
  29611. return -12751;
  29612. mp_zero(a);
  29613. ret = mp_leading_bit(a);
  29614. if (ret != 0)
  29615. return -12752;
  29616. #if defined(WOLFSSL_SP_MATH_ALL) || defined(WOLFSSL_HAVE_SP_DH) || \
  29617. defined(HAVE_ECC) || defined(WOLFSSL_KEY_GEN) || defined(OPENSSL_EXTRA) || \
  29618. !defined(NO_RSA)
  29619. ret = mp_set_bit(NULL, 1);
  29620. if (ret != MP_VAL)
  29621. return -12753;
  29622. #endif
  29623. #if !defined(NO_DH) || defined(HAVE_ECC) || defined(WC_RSA_BLINDING) || \
  29624. !defined(WOLFSSL_RSA_VERIFY_ONLY)
  29625. ret = mp_to_unsigned_bin(NULL, NULL);
  29626. if (ret != MP_VAL)
  29627. return -12754;
  29628. ret = mp_to_unsigned_bin(a, NULL);
  29629. if (ret != MP_VAL)
  29630. return -12755;
  29631. ret = mp_to_unsigned_bin(NULL, buffer);
  29632. if (ret != MP_VAL)
  29633. return -12756;
  29634. #endif
  29635. ret = mp_to_unsigned_bin_len(NULL, NULL, 1);
  29636. if (ret != MP_VAL)
  29637. return -12757;
  29638. ret = mp_to_unsigned_bin_len(a, NULL, 1);
  29639. if (ret != MP_VAL)
  29640. return -12758;
  29641. ret = mp_to_unsigned_bin_len(NULL, buffer, 1);
  29642. if (ret != MP_VAL)
  29643. return -12759;
  29644. #ifdef WOLFSSL_SP_MATH_ALL
  29645. ret = mp_to_unsigned_bin_at_pos(0, NULL, NULL);
  29646. if (ret != MP_VAL)
  29647. return -12760;
  29648. ret = mp_to_unsigned_bin_at_pos(0, a, NULL);
  29649. if (ret != MP_VAL)
  29650. return -12761;
  29651. ret = mp_to_unsigned_bin_at_pos(0, NULL, buffer);
  29652. if (ret != MP_VAL)
  29653. return -12762;
  29654. ret = mp_to_unsigned_bin_at_pos(0, a, buffer);
  29655. if (ret != MP_OKAY)
  29656. return -12763;
  29657. #endif
  29658. #if !defined(WOLFSSL_RSA_VERIFY_ONLY) || (!defined(NO_DH) || defined(HAVE_ECC))
  29659. ret = mp_copy(NULL, NULL);
  29660. if (ret != MP_VAL)
  29661. return -12764;
  29662. ret = mp_copy(a, NULL);
  29663. if (ret != MP_VAL)
  29664. return -12765;
  29665. ret = mp_copy(NULL, b);
  29666. if (ret != MP_VAL)
  29667. return -12766;
  29668. #endif
  29669. #if defined(WOLFSSL_KEY_GEN)
  29670. ret = sp_2expt(NULL, 1);
  29671. if (ret != MP_VAL)
  29672. return -12767;
  29673. #endif
  29674. ret = mp_set(NULL, 0);
  29675. if (ret != MP_VAL)
  29676. return -12768;
  29677. ret = mp_cmp_d(NULL, 0);
  29678. if (ret != MP_LT)
  29679. return -12769;
  29680. ret = mp_cmp(NULL, NULL);
  29681. if (ret != MP_EQ)
  29682. return -12770;
  29683. ret = mp_cmp(a, NULL);
  29684. if (ret != MP_GT)
  29685. return -12771;
  29686. ret = mp_cmp(NULL, b);
  29687. if (ret != MP_LT)
  29688. return -12772;
  29689. #if !defined(NO_DH) || defined(HAVE_ECC) || !defined(WOLFSSL_RSA_VERIFY_ONLY)
  29690. mp_rshd(NULL, 1);
  29691. #endif
  29692. mp_zero(NULL);
  29693. #if !defined(NO_DH) || defined(HAVE_ECC) || defined(WC_RSA_BLINDING) || \
  29694. !defined(WOLFSSL_RSA_VERIFY_ONLY)
  29695. ret = mp_lshd(NULL, 0);
  29696. if (ret != MP_VAL)
  29697. return -12773;
  29698. ret = mp_lshd(a, SP_INT_DIGITS + 1);
  29699. if (ret != MP_VAL)
  29700. return -12774;
  29701. #endif
  29702. #if defined(WOLFSSL_SP_MATH_ALL)
  29703. ret = mp_div(NULL, NULL, a, b);
  29704. if (ret != MP_VAL)
  29705. return -12775;
  29706. ret = mp_div(a, NULL, a, b);
  29707. if (ret != MP_VAL)
  29708. return -12776;
  29709. ret = mp_div(NULL, b, a, b);
  29710. if (ret != MP_VAL)
  29711. return -12777;
  29712. ret = mp_div(a, b, NULL, NULL);
  29713. if (ret != MP_VAL)
  29714. return -12778;
  29715. #endif
  29716. #if defined(WOLFSSL_SP_MATH_ALL) || !defined(NO_DH) || defined(HAVE_ECC) || \
  29717. (!defined(NO_RSA) && !defined(WOLFSSL_RSA_VERIFY_ONLY))
  29718. ret = mp_mod(NULL, NULL, NULL);
  29719. if (ret != MP_VAL)
  29720. return -12779;
  29721. ret = mp_mod(a, NULL, NULL);
  29722. if (ret != MP_VAL)
  29723. return -12780;
  29724. ret = mp_mod(NULL, b, NULL);
  29725. if (ret != MP_VAL)
  29726. return -12781;
  29727. ret = mp_mod(NULL, NULL, r);
  29728. if (ret != MP_VAL)
  29729. return -12782;
  29730. ret = mp_mod(a, b, NULL);
  29731. if (ret != MP_VAL)
  29732. return -12783;
  29733. ret = mp_mod(a, NULL, r);
  29734. if (ret != MP_VAL)
  29735. return -12784;
  29736. ret = mp_mod(NULL, b, r);
  29737. if (ret != MP_VAL)
  29738. return -12785;
  29739. #endif
  29740. #if !defined(NO_RSA) || defined(WOLFSSL_SP_MATH_ALL)
  29741. ret = mp_set_int(NULL, 0);
  29742. if (ret != MP_VAL)
  29743. return -12786;
  29744. #endif
  29745. #if !defined(NO_RSA) || !defined(NO_DSA) || !defined(NO_DH) || \
  29746. (defined(HAVE_ECC) && defined(HAVE_COMP_KEY)) || defined(OPENSSL_EXTRA)
  29747. ret = mp_exptmod_ex(NULL, NULL, 1, NULL, NULL);
  29748. if (ret != MP_VAL)
  29749. return 9950;
  29750. ret = mp_exptmod_ex(a, NULL, 1, NULL, NULL);
  29751. if (ret != MP_VAL)
  29752. return 9951;
  29753. ret = mp_exptmod_ex(NULL, a, 1, NULL, NULL);
  29754. if (ret != MP_VAL)
  29755. return 9952;
  29756. ret = mp_exptmod_ex(NULL, NULL, 1, a, NULL);
  29757. if (ret != MP_VAL)
  29758. return 9953;
  29759. ret = mp_exptmod_ex(NULL, NULL, 1, NULL, a);
  29760. if (ret != MP_VAL)
  29761. return 9954;
  29762. ret = mp_exptmod_ex(a, a, 1, a, NULL);
  29763. if (ret != MP_VAL)
  29764. return 9955;
  29765. ret = mp_exptmod_ex(a, a, 1, NULL, a);
  29766. if (ret != MP_VAL)
  29767. return 9956;
  29768. ret = mp_exptmod_ex(a, NULL, 1, a, a);
  29769. if (ret != MP_VAL)
  29770. return 9957;
  29771. ret = mp_exptmod_ex(NULL, a, 1, a, a);
  29772. if (ret != MP_VAL)
  29773. return 9958;
  29774. ret = mp_exptmod_nct(NULL, NULL, NULL, NULL);
  29775. if (ret != MP_VAL)
  29776. return 9960;
  29777. ret = mp_exptmod_nct(a, NULL, NULL, NULL);
  29778. if (ret != MP_VAL)
  29779. return 9961;
  29780. ret = mp_exptmod_nct(NULL, a, NULL, NULL);
  29781. if (ret != MP_VAL)
  29782. return 9962;
  29783. ret = mp_exptmod_nct(NULL, NULL, a, NULL);
  29784. if (ret != MP_VAL)
  29785. return 9963;
  29786. ret = mp_exptmod_nct(NULL, NULL, NULL, a);
  29787. if (ret != MP_VAL)
  29788. return 9964;
  29789. ret = mp_exptmod_nct(a, a, a, NULL);
  29790. if (ret != MP_VAL)
  29791. return 9965;
  29792. ret = mp_exptmod_nct(a, a, NULL, a);
  29793. if (ret != MP_VAL)
  29794. return 9966;
  29795. ret = mp_exptmod_nct(a, NULL, a, a);
  29796. if (ret != MP_VAL)
  29797. return 9967;
  29798. ret = mp_exptmod_nct(NULL, a, a, a);
  29799. if (ret != MP_VAL)
  29800. return 9968;
  29801. #endif
  29802. #if defined(WOLFSSL_KEY_GEN) && (!defined(NO_DH) || !defined(NO_DSA)) && \
  29803. !defined(WC_NO_RNG)
  29804. ret = mp_rand_prime(NULL, 32, NULL, NULL);
  29805. if (ret != MP_VAL)
  29806. return -12787;
  29807. ret = mp_rand_prime(a, 32, NULL, NULL);
  29808. if (ret != MP_VAL)
  29809. return -12788;
  29810. ret = mp_rand_prime(NULL, 32, rng, NULL);
  29811. if (ret != MP_VAL)
  29812. return -12789;
  29813. ret = mp_rand_prime(a, 0, rng, NULL);
  29814. if (ret != MP_VAL)
  29815. return -9969;
  29816. #endif
  29817. #if defined(WOLFSSL_SP_MATH_ALL) && !defined(WOLFSSL_RSA_VERIFY_ONLY)
  29818. ret = mp_mul(NULL, NULL, NULL);
  29819. if (ret != MP_VAL)
  29820. return -12790;
  29821. ret = mp_mul(a, NULL, NULL);
  29822. if (ret != MP_VAL)
  29823. return -12791;
  29824. ret = mp_mul(NULL, b, NULL);
  29825. if (ret != MP_VAL)
  29826. return -12792;
  29827. ret = mp_mul(NULL, NULL, r);
  29828. if (ret != MP_VAL)
  29829. return -12793;
  29830. ret = mp_mul(a, b, NULL);
  29831. if (ret != MP_VAL)
  29832. return -12794;
  29833. ret = mp_mul(a, NULL, r);
  29834. if (ret != MP_VAL)
  29835. return -12795;
  29836. ret = mp_mul(NULL, b, r);
  29837. if (ret != MP_VAL)
  29838. return -12796;
  29839. #endif
  29840. #if defined(WOLFSSL_SP_MATH_ALL) || defined(WOLFSSL_HAVE_SP_DH) || \
  29841. defined(HAVE_ECC) || (!defined(NO_RSA) && !defined(WOLFSSL_RSA_VERIFY_ONLY))
  29842. ret = mp_sqr(NULL, NULL);
  29843. if (ret != MP_VAL)
  29844. return -12797;
  29845. ret = mp_sqr(a, NULL);
  29846. if (ret != MP_VAL)
  29847. return -12798;
  29848. ret = mp_sqr(NULL, r);
  29849. if (ret != MP_VAL)
  29850. return -12799;
  29851. #endif
  29852. #if !defined(WOLFSSL_RSA_VERIFY_ONLY)
  29853. ret = mp_sqrmod(NULL, NULL, NULL);
  29854. if (ret != MP_VAL)
  29855. return -12800;
  29856. ret = mp_sqrmod(a, NULL, NULL);
  29857. if (ret != MP_VAL)
  29858. return -12801;
  29859. ret = mp_sqrmod(NULL, a, NULL);
  29860. if (ret != MP_VAL)
  29861. return -12802;
  29862. ret = mp_sqrmod(NULL, NULL, a);
  29863. if (ret != MP_VAL)
  29864. return -12803;
  29865. ret = mp_sqrmod(a, b, NULL);
  29866. if (ret != MP_VAL)
  29867. return -12804;
  29868. ret = mp_sqrmod(a, NULL, b);
  29869. if (ret != MP_VAL)
  29870. return -12805;
  29871. ret = mp_sqrmod(NULL, a, b);
  29872. if (ret != MP_VAL)
  29873. return -12806;
  29874. ret = mp_mulmod(NULL, NULL, NULL, NULL);
  29875. if (ret != MP_VAL)
  29876. return -12807;
  29877. ret = mp_mulmod(a, NULL, NULL, NULL);
  29878. if (ret != MP_VAL)
  29879. return -12808;
  29880. ret = mp_mulmod(NULL, a, NULL, NULL);
  29881. if (ret != MP_VAL)
  29882. return -12809;
  29883. ret = mp_mulmod(NULL, NULL, a, NULL);
  29884. if (ret != MP_VAL)
  29885. return -12810;
  29886. ret = mp_mulmod(NULL, NULL, NULL, a);
  29887. if (ret != MP_VAL)
  29888. return -12811;
  29889. ret = mp_mulmod(a, b, b, NULL);
  29890. if (ret != MP_VAL)
  29891. return -12812;
  29892. ret = mp_mulmod(a, b, NULL, a);
  29893. if (ret != MP_VAL)
  29894. return -12813;
  29895. ret = mp_mulmod(a, NULL, b, a);
  29896. if (ret != MP_VAL)
  29897. return -12814;
  29898. ret = mp_mulmod(NULL, b, b, a);
  29899. if (ret != MP_VAL)
  29900. return -12815;
  29901. #endif
  29902. #if !defined(NO_PWDBASED) || defined(WOLFSSL_KEY_GEN) || !defined(NO_DH) || \
  29903. !defined(NO_RSA) || !defined(NO_DSA)
  29904. ret = mp_add_d(NULL, 1, NULL);
  29905. if (ret != MP_VAL)
  29906. return -12816;
  29907. ret = mp_add_d(a, 1, NULL);
  29908. if (ret != MP_VAL)
  29909. return -12817;
  29910. ret = mp_add_d(NULL, 1, b);
  29911. if (ret != MP_VAL)
  29912. return -12818;
  29913. #endif
  29914. #if (!defined(NO_RSA) && !defined(WOLFSSL_RSA_VERIFY_ONLY)) || \
  29915. !defined(NO_DH) || defined(HAVE_ECC) || !defined(NO_DSA)
  29916. ret = mp_sub_d(NULL, 1, NULL);
  29917. if (ret != MP_VAL)
  29918. return -12819;
  29919. ret = mp_sub_d(a, 1, NULL);
  29920. if (ret != MP_VAL)
  29921. return -12820;
  29922. ret = mp_sub_d(NULL, 1, b);
  29923. if (ret != MP_VAL)
  29924. return -12821;
  29925. #endif
  29926. #if defined(WOLFSSL_SP_MATH_ALL) || defined(WOLFSSL_HAVE_SP_DH) || \
  29927. (defined(HAVE_ECC) && defined(FP_ECC))
  29928. ret = mp_div_d(NULL, 0, NULL, NULL);
  29929. if (ret != MP_VAL)
  29930. return -12822;
  29931. ret = mp_div_d(a, 0, NULL, NULL);
  29932. if (ret != MP_VAL)
  29933. return -12823;
  29934. ret = mp_div_d(NULL, 1, NULL, NULL);
  29935. if (ret != MP_VAL)
  29936. return -12824;
  29937. #endif
  29938. #if (defined(HAVE_ECC) && defined(HAVE_COMP_KEY)) || \
  29939. (defined(OPENSSL_EXTRA) && defined(WOLFSSL_KEY_GEN))
  29940. ret = mp_mod_d(NULL, 0, NULL);
  29941. if (ret != MP_VAL)
  29942. return -12825;
  29943. ret = mp_mod_d(a, 0, NULL);
  29944. if (ret != MP_VAL)
  29945. return -12826;
  29946. ret = mp_mod_d(NULL, 0, &rd);
  29947. if (ret != MP_VAL)
  29948. return -12827;
  29949. #endif
  29950. #if defined(WOLFSSL_SP_MATH_ALL) && !defined(NO_RSA) && defined(WOLFSSL_KEY_GEN)
  29951. ret = mp_gcd(NULL, NULL, NULL);
  29952. if (ret != MP_VAL)
  29953. return -12828;
  29954. ret = mp_gcd(a, NULL, NULL);
  29955. if (ret != MP_VAL)
  29956. return -12829;
  29957. ret = mp_gcd(NULL, a, NULL);
  29958. if (ret != MP_VAL)
  29959. return -12830;
  29960. ret = mp_gcd(NULL, NULL, a);
  29961. if (ret != MP_VAL)
  29962. return -12831;
  29963. ret = mp_gcd(a, b, NULL);
  29964. if (ret != MP_VAL)
  29965. return -12832;
  29966. ret = mp_gcd(a, NULL, b);
  29967. if (ret != MP_VAL)
  29968. return -12833;
  29969. ret = mp_gcd(NULL, a, b);
  29970. if (ret != MP_VAL)
  29971. return -12834;
  29972. #endif
  29973. #ifdef HAVE_ECC
  29974. ret = mp_div_2_mod_ct(NULL, NULL, NULL);
  29975. if (ret != MP_VAL)
  29976. return -12835;
  29977. ret = mp_div_2_mod_ct(a, NULL, NULL);
  29978. if (ret != MP_VAL)
  29979. return -12836;
  29980. ret = mp_div_2_mod_ct(NULL, b, NULL);
  29981. if (ret != MP_VAL)
  29982. return -12837;
  29983. ret = mp_div_2_mod_ct(NULL, NULL, a);
  29984. if (ret != MP_VAL)
  29985. return -12838;
  29986. ret = mp_div_2_mod_ct(a, b, NULL);
  29987. if (ret != MP_VAL)
  29988. return -12839;
  29989. ret = mp_div_2_mod_ct(a, b, NULL);
  29990. if (ret != MP_VAL)
  29991. return -12840;
  29992. ret = mp_div_2_mod_ct(NULL, b, a);
  29993. if (ret != MP_VAL)
  29994. return -12841;
  29995. ret = mp_div_2(NULL, NULL);
  29996. if (ret != MP_VAL)
  29997. return -12842;
  29998. ret = mp_div_2(a, NULL);
  29999. if (ret != MP_VAL)
  30000. return -12843;
  30001. ret = mp_div_2(NULL, a);
  30002. if (ret != MP_VAL)
  30003. return -12844;
  30004. #endif
  30005. #if (!defined(NO_RSA) && !defined(WOLFSSL_RSA_VERIFY_ONLY)) || \
  30006. defined(HAVE_ECC) || !defined(NO_DSA) || defined(OPENSSL_EXTRA)
  30007. ret = mp_invmod(NULL, NULL, NULL);
  30008. if (ret != MP_VAL)
  30009. return -12845;
  30010. ret = mp_invmod(a, NULL, NULL);
  30011. if (ret != MP_VAL)
  30012. return -12846;
  30013. ret = mp_invmod(NULL, b, NULL);
  30014. if (ret != MP_VAL)
  30015. return -12847;
  30016. ret = mp_invmod(NULL, NULL, a);
  30017. if (ret != MP_VAL)
  30018. return -12848;
  30019. ret = mp_invmod(a, b, NULL);
  30020. if (ret != MP_VAL)
  30021. return -12849;
  30022. ret = mp_invmod(a, NULL, a);
  30023. if (ret != MP_VAL)
  30024. return -12850;
  30025. ret = mp_invmod(NULL, b, a);
  30026. if (ret != MP_VAL)
  30027. return -12851;
  30028. #endif
  30029. #ifdef HAVE_ECC
  30030. ret = mp_invmod_mont_ct(NULL, NULL, NULL, 1);
  30031. if (ret != MP_VAL)
  30032. return -12852;
  30033. ret = mp_invmod_mont_ct(a, NULL, NULL, 1);
  30034. if (ret != MP_VAL)
  30035. return -12853;
  30036. ret = mp_invmod_mont_ct(NULL, b, NULL, 1);
  30037. if (ret != MP_VAL)
  30038. return -12854;
  30039. ret = mp_invmod_mont_ct(NULL, NULL, a, 1);
  30040. if (ret != MP_VAL)
  30041. return -12855;
  30042. ret = mp_invmod_mont_ct(a, b, NULL, 1);
  30043. if (ret != MP_VAL)
  30044. return -12856;
  30045. ret = mp_invmod_mont_ct(a, NULL, a, 1);
  30046. if (ret != MP_VAL)
  30047. return -12857;
  30048. ret = mp_invmod_mont_ct(NULL, b, a, 1);
  30049. if (ret != MP_VAL)
  30050. return -12858;
  30051. #endif
  30052. #if defined(WOLFSSL_SP_MATH_ALL) && !defined(NO_RSA) && defined(WOLFSSL_KEY_GEN)
  30053. ret = mp_lcm(NULL, NULL, NULL);
  30054. if (ret != MP_VAL)
  30055. return -12859;
  30056. ret = mp_lcm(a, NULL, NULL);
  30057. if (ret != MP_VAL)
  30058. return -12860;
  30059. ret = mp_lcm(NULL, b, NULL);
  30060. if (ret != MP_VAL)
  30061. return -12861;
  30062. ret = mp_lcm(NULL, NULL, a);
  30063. if (ret != MP_VAL)
  30064. return -12862;
  30065. ret = mp_lcm(a, b, NULL);
  30066. if (ret != MP_VAL)
  30067. return -12863;
  30068. ret = mp_lcm(a, NULL, a);
  30069. if (ret != MP_VAL)
  30070. return -12864;
  30071. ret = mp_lcm(NULL, b, a);
  30072. if (ret != MP_VAL)
  30073. return -12865;
  30074. #endif
  30075. #if defined(WOLFSSL_SP_MATH_ALL) || defined(WOLFSSL_HAVE_SP_DH)
  30076. ret = mp_exptmod_ex(NULL, NULL, 1, NULL, NULL);
  30077. if (ret != MP_VAL)
  30078. return -12866;
  30079. ret = mp_exptmod_ex(a, NULL, 1, NULL, NULL);
  30080. if (ret != MP_VAL)
  30081. return -12867;
  30082. ret = mp_exptmod_ex(NULL, b, 1, NULL, NULL);
  30083. if (ret != MP_VAL)
  30084. return -12868;
  30085. ret = mp_exptmod_ex(NULL, NULL, 1, b, NULL);
  30086. if (ret != MP_VAL)
  30087. return -12869;
  30088. ret = mp_exptmod_ex(NULL, NULL, 1, NULL, a);
  30089. if (ret != MP_VAL)
  30090. return -12870;
  30091. ret = mp_exptmod_ex(a, b, 1, b, NULL);
  30092. if (ret != MP_VAL)
  30093. return -12871;
  30094. ret = mp_exptmod_ex(a, b, 1, NULL, a);
  30095. if (ret != MP_VAL)
  30096. return -12872;
  30097. ret = mp_exptmod_ex(a, NULL, 1, b, a);
  30098. if (ret != MP_VAL)
  30099. return -12873;
  30100. ret = mp_exptmod_ex(NULL, b, 1, b, a);
  30101. if (ret != MP_VAL)
  30102. return -12874;
  30103. ret = mp_exptmod(NULL, NULL, NULL, NULL);
  30104. if (ret != MP_VAL)
  30105. return -12875;
  30106. ret = mp_exptmod(a, NULL, NULL, NULL);
  30107. if (ret != MP_VAL)
  30108. return -12876;
  30109. ret = mp_exptmod(NULL, b, NULL, NULL);
  30110. if (ret != MP_VAL)
  30111. return -12877;
  30112. ret = mp_exptmod(NULL, NULL, b, NULL);
  30113. if (ret != MP_VAL)
  30114. return -12878;
  30115. ret = mp_exptmod(NULL, NULL, NULL, a);
  30116. if (ret != MP_VAL)
  30117. return -12879;
  30118. ret = mp_exptmod(a, b, b, NULL);
  30119. if (ret != MP_VAL)
  30120. return -12880;
  30121. ret = mp_exptmod(a, b, NULL, a);
  30122. if (ret != MP_VAL)
  30123. return -12881;
  30124. ret = mp_exptmod(a, NULL, b, a);
  30125. if (ret != MP_VAL)
  30126. return -12882;
  30127. ret = mp_exptmod(NULL, b, b, a);
  30128. if (ret != MP_VAL)
  30129. return -12883;
  30130. ret = mp_exptmod_nct(NULL, NULL, NULL, NULL);
  30131. if (ret != MP_VAL)
  30132. return -12884;
  30133. ret = mp_exptmod_nct(a, NULL, NULL, NULL);
  30134. if (ret != MP_VAL)
  30135. return -12885;
  30136. ret = mp_exptmod_nct(NULL, b, NULL, NULL);
  30137. if (ret != MP_VAL)
  30138. return -12886;
  30139. ret = mp_exptmod_nct(NULL, NULL, b, NULL);
  30140. if (ret != MP_VAL)
  30141. return -12887;
  30142. ret = mp_exptmod_nct(NULL, NULL, NULL, a);
  30143. if (ret != MP_VAL)
  30144. return -12888;
  30145. ret = mp_exptmod_nct(a, b, b, NULL);
  30146. if (ret != MP_VAL)
  30147. return -12889;
  30148. ret = mp_exptmod_nct(a, b, NULL, a);
  30149. if (ret != MP_VAL)
  30150. return -12890;
  30151. ret = mp_exptmod_nct(a, NULL, b, a);
  30152. if (ret != MP_VAL)
  30153. return -12891;
  30154. ret = mp_exptmod_nct(NULL, b, b, a);
  30155. if (ret != MP_VAL)
  30156. return -12892;
  30157. #endif
  30158. #if defined(HAVE_ECC) && defined(HAVE_COMP_KEY)
  30159. ret = mp_cnt_lsb(NULL);
  30160. if (ret != 0)
  30161. return -12893;
  30162. #endif
  30163. #if defined(WOLFSSL_SP_MATH_ALL) || defined(WOLFSSL_HAVE_SP_DH)
  30164. ret = mp_prime_is_prime(NULL, 1, NULL);
  30165. if (ret != MP_VAL)
  30166. return -12894;
  30167. ret = mp_prime_is_prime(a, 1, NULL);
  30168. if (ret != MP_VAL)
  30169. return -12895;
  30170. ret = mp_prime_is_prime(NULL, 1, &result);
  30171. if (ret != MP_VAL)
  30172. return -12896;
  30173. ret = mp_prime_is_prime(a, 0, &result);
  30174. if (ret != MP_VAL)
  30175. return -12897;
  30176. ret = mp_prime_is_prime(a, 1024, &result);
  30177. if (ret != MP_VAL)
  30178. return -12898;
  30179. ret = mp_prime_is_prime_ex(NULL, 1, NULL, NULL);
  30180. if (ret != MP_VAL)
  30181. return -12899;
  30182. ret = mp_prime_is_prime_ex(a, 1, NULL, NULL);
  30183. if (ret != MP_VAL)
  30184. return -12900;
  30185. ret = mp_prime_is_prime_ex(NULL, 1, &result, NULL);
  30186. if (ret != MP_VAL)
  30187. return -12901;
  30188. ret = mp_prime_is_prime_ex(NULL, 1, NULL, rng);
  30189. if (ret != MP_VAL)
  30190. return -12902;
  30191. ret = mp_prime_is_prime_ex(a, 1, &result, NULL);
  30192. if (ret != MP_VAL)
  30193. return -12903;
  30194. ret = mp_prime_is_prime_ex(a, 1, NULL, rng);
  30195. if (ret != MP_VAL)
  30196. return -12904;
  30197. ret = mp_prime_is_prime_ex(NULL, 1, &result, rng);
  30198. if (ret != MP_VAL)
  30199. return -12905;
  30200. #endif
  30201. #if defined(WOLFSSL_SP_MATH_ALL) || !defined(NO_DH) || !defined(NO_DSA)
  30202. ret = mp_exch(NULL, NULL);
  30203. if (ret != MP_VAL)
  30204. return -12906;
  30205. ret = mp_exch(a, NULL);
  30206. if (ret != MP_VAL)
  30207. return -12907;
  30208. ret = mp_exch(NULL, b);
  30209. if (ret != MP_VAL)
  30210. return -12908;
  30211. #endif
  30212. #if (defined(WOLFSSL_KEY_GEN) && !defined(NO_RSA)) || \
  30213. defined(WOLFSSL_SP_MATH_ALL)
  30214. ret = mp_mul_d(NULL, 1, NULL);
  30215. if (ret != MP_VAL)
  30216. return -12909;
  30217. ret = mp_mul_d(a, 1, NULL);
  30218. if (ret != MP_VAL)
  30219. return -12910;
  30220. ret = mp_mul_d(NULL, 1, b);
  30221. if (ret != MP_VAL)
  30222. return -12911;
  30223. #endif
  30224. #if !defined(WOLFSSL_RSA_VERIFY_ONLY)
  30225. ret = mp_add(NULL, NULL, NULL);
  30226. if (ret != MP_VAL)
  30227. return -12912;
  30228. ret = mp_add(a, NULL, NULL);
  30229. if (ret != MP_VAL)
  30230. return -12913;
  30231. ret = mp_add(NULL, b, NULL);
  30232. if (ret != MP_VAL)
  30233. return -12914;
  30234. ret = mp_add(NULL, NULL, r);
  30235. if (ret != MP_VAL)
  30236. return -12915;
  30237. ret = mp_add(a, b, NULL);
  30238. if (ret != MP_VAL)
  30239. return -12916;
  30240. ret = mp_add(a, NULL, r);
  30241. if (ret != MP_VAL)
  30242. return -12917;
  30243. ret = mp_add(NULL, b, r);
  30244. if (ret != MP_VAL)
  30245. return -12918;
  30246. #endif
  30247. #if defined(WOLFSSL_SP_MATH_ALL) || !defined(NO_DH) || defined(HAVE_ECC) || \
  30248. (!defined(NO_RSA) && !defined(WOLFSSL_RSA_VERIFY_ONLY))
  30249. ret = mp_sub(NULL, NULL, NULL);
  30250. if (ret != MP_VAL)
  30251. return -12919;
  30252. ret = mp_sub(a, NULL, NULL);
  30253. if (ret != MP_VAL)
  30254. return -12920;
  30255. ret = mp_sub(NULL, b, NULL);
  30256. if (ret != MP_VAL)
  30257. return -12921;
  30258. ret = mp_sub(NULL, NULL, r);
  30259. if (ret != MP_VAL)
  30260. return -12922;
  30261. ret = mp_sub(a, b, NULL);
  30262. if (ret != MP_VAL)
  30263. return -12923;
  30264. ret = mp_sub(a, NULL, r);
  30265. if (ret != MP_VAL)
  30266. return -12924;
  30267. ret = mp_sub(NULL, b, r);
  30268. if (ret != MP_VAL)
  30269. return -12925;
  30270. #endif
  30271. #if defined(WOLFSSL_SP_MATH_ALL) || (!defined(WOLFSSL_SP_MATH) && \
  30272. defined(WOLFSSL_CUSTOM_CURVES))
  30273. ret = mp_addmod(NULL, NULL, NULL, NULL);
  30274. if (ret != MP_VAL)
  30275. return -12926;
  30276. ret = mp_addmod(a, NULL, NULL, NULL);
  30277. if (ret != MP_VAL)
  30278. return -12927;
  30279. ret = mp_addmod(NULL, b, NULL, NULL);
  30280. if (ret != MP_VAL)
  30281. return -12928;
  30282. ret = mp_addmod(NULL, NULL, b, NULL);
  30283. if (ret != MP_VAL)
  30284. return -12929;
  30285. ret = mp_addmod(NULL, NULL, NULL, a);
  30286. if (ret != MP_VAL)
  30287. return -12930;
  30288. ret = mp_addmod(a, b, b, NULL);
  30289. if (ret != MP_VAL)
  30290. return -12931;
  30291. ret = mp_addmod(a, b, NULL, a);
  30292. if (ret != MP_VAL)
  30293. return -12932;
  30294. ret = mp_addmod(a, NULL, b, a);
  30295. if (ret != MP_VAL)
  30296. return -12933;
  30297. ret = mp_addmod(NULL, b, b, a);
  30298. if (ret != MP_VAL)
  30299. return -12934;
  30300. #endif
  30301. #ifdef WOLFSSL_SP_MATH_ALL
  30302. ret = mp_submod(NULL, NULL, NULL, NULL);
  30303. if (ret != MP_VAL)
  30304. return -12935;
  30305. ret = mp_submod(a, NULL, NULL, NULL);
  30306. if (ret != MP_VAL)
  30307. return -12936;
  30308. ret = mp_submod(NULL, b, NULL, NULL);
  30309. if (ret != MP_VAL)
  30310. return -12937;
  30311. ret = mp_submod(NULL, NULL, b, NULL);
  30312. if (ret != MP_VAL)
  30313. return -12938;
  30314. ret = mp_submod(NULL, NULL, NULL, a);
  30315. if (ret != MP_VAL)
  30316. return -12939;
  30317. ret = mp_submod(a, b, b, NULL);
  30318. if (ret != MP_VAL)
  30319. return -12940;
  30320. ret = mp_submod(a, b, NULL, a);
  30321. if (ret != MP_VAL)
  30322. return -12941;
  30323. ret = mp_submod(a, NULL, b, a);
  30324. if (ret != MP_VAL)
  30325. return -12942;
  30326. ret = mp_submod(NULL, b, b, a);
  30327. if (ret != MP_VAL)
  30328. return -12943;
  30329. #endif
  30330. #ifdef WOLFSSL_SP_MATH_ALL
  30331. ret = mp_div_2d(NULL, 1, a, b);
  30332. if (ret != MP_VAL)
  30333. return -12944;
  30334. ret = mp_mod_2d(NULL, 1, NULL);
  30335. if (ret != MP_VAL)
  30336. return -12945;
  30337. ret = mp_mod_2d(a, 1, NULL);
  30338. if (ret != MP_VAL)
  30339. return -12946;
  30340. ret = mp_mod_2d(NULL, 1, b);
  30341. if (ret != MP_VAL)
  30342. return -12947;
  30343. ret = mp_mul_2d(NULL, 1, NULL);
  30344. if (ret != MP_VAL)
  30345. return -12948;
  30346. ret = mp_mul_2d(a, 1, NULL);
  30347. if (ret != MP_VAL)
  30348. return -12949;
  30349. ret = mp_mul_2d(NULL, 1, b);
  30350. if (ret != MP_VAL)
  30351. return -12950;
  30352. #endif
  30353. #if defined(WOLFSSL_SP_MATH_ALL) || defined(WOLFSSL_HAVE_SP_DH) || \
  30354. defined(HAVE_ECC) || (!defined(NO_RSA) && !defined(WOLFSSL_RSA_VERIFY_ONLY))
  30355. ret = mp_montgomery_reduce(NULL, NULL, 1);
  30356. if (ret != MP_VAL)
  30357. return -12951;
  30358. ret = mp_montgomery_reduce(a, NULL, 1);
  30359. if (ret != MP_VAL)
  30360. return -12952;
  30361. ret = mp_montgomery_reduce(NULL, b, 1);
  30362. if (ret != MP_VAL)
  30363. return -12953;
  30364. mp_zero(b);
  30365. ret = mp_montgomery_reduce(a, b, 1);
  30366. if (ret != MP_VAL)
  30367. return -12954;
  30368. #endif
  30369. #ifdef WOLFSSL_SP_MATH_ALL
  30370. ret = mp_montgomery_setup(NULL, NULL);
  30371. if (ret != MP_VAL)
  30372. return -12955;
  30373. ret = mp_montgomery_setup(a, NULL);
  30374. if (ret != MP_VAL)
  30375. return -12956;
  30376. ret = mp_montgomery_setup(NULL, &rho);
  30377. if (ret != MP_VAL)
  30378. return -12957;
  30379. ret = mp_montgomery_calc_normalization(NULL, NULL);
  30380. if (ret != MP_VAL)
  30381. return -12958;
  30382. ret = mp_montgomery_calc_normalization(a, NULL);
  30383. if (ret != MP_VAL)
  30384. return -12959;
  30385. ret = mp_montgomery_calc_normalization(NULL, b);
  30386. if (ret != MP_VAL)
  30387. return -12960;
  30388. #endif
  30389. ret = mp_unsigned_bin_size(NULL);
  30390. if (ret != 0)
  30391. return -12961;
  30392. #if defined(WC_MP_TO_RADIX) || defined(WOLFSSL_SP_MATH_ALL)
  30393. ret = mp_tohex(NULL, NULL);
  30394. if (ret != MP_VAL)
  30395. return -12962;
  30396. ret = mp_tohex(a, NULL);
  30397. if (ret != MP_VAL)
  30398. return -12963;
  30399. ret = mp_tohex(NULL, hexStr);
  30400. if (ret != MP_VAL)
  30401. return -12964;
  30402. #endif
  30403. #if defined(WOLFSSL_KEY_GEN) || defined(HAVE_COMP_KEY)
  30404. ret = mp_todecimal(NULL, NULL);
  30405. if (ret != MP_VAL)
  30406. return -12965;
  30407. ret = mp_todecimal(a, NULL);
  30408. if (ret != MP_VAL)
  30409. return -12966;
  30410. ret = mp_todecimal(NULL, decStr);
  30411. if (ret != MP_VAL)
  30412. return -12967;
  30413. #endif
  30414. #ifdef WOLFSSL_SP_MATH_ALL
  30415. ret = mp_toradix(NULL, NULL, MP_RADIX_HEX);
  30416. if (ret != MP_VAL)
  30417. return -12968;
  30418. ret = mp_toradix(a, NULL, MP_RADIX_HEX);
  30419. if (ret != MP_VAL)
  30420. return -12969;
  30421. ret = mp_toradix(NULL, hexStr, MP_RADIX_HEX);
  30422. if (ret != MP_VAL)
  30423. return -12970;
  30424. ret = mp_toradix(a, hexStr, 3);
  30425. if (ret != MP_VAL)
  30426. return -12971;
  30427. ret = mp_radix_size(NULL, MP_RADIX_HEX, NULL);
  30428. if (ret != MP_VAL)
  30429. return -12972;
  30430. ret = mp_radix_size(a, MP_RADIX_HEX, NULL);
  30431. if (ret != MP_VAL)
  30432. return -12973;
  30433. ret = mp_radix_size(NULL, MP_RADIX_HEX, &size);
  30434. if (ret != MP_VAL)
  30435. return -12974;
  30436. ret = mp_radix_size(a, 3, &size);
  30437. if (ret != MP_VAL)
  30438. return -12975;
  30439. #endif
  30440. return 0;
  30441. }
  30442. #endif
  30443. #if !defined(WOLFSSL_SP_MATH) || defined(WOLFSSL_SP_MATH_ALL)
  30444. static int mp_test_set_is_bit(mp_int* a)
  30445. {
  30446. int i, j;
  30447. mp_zero(a);
  30448. for (i = 0; i <= DIGIT_BIT * 2; i++) {
  30449. if (mp_is_bit_set(a, i))
  30450. return -12980;
  30451. for (j = 0; j < i; j++) {
  30452. if (!mp_is_bit_set(a, j))
  30453. return -12981;
  30454. }
  30455. if (mp_set_bit(a, i) != 0)
  30456. return -12982;
  30457. if (!mp_is_bit_set(a, i))
  30458. return -12983;
  30459. }
  30460. mp_zero(a);
  30461. for (i = 0; i <= DIGIT_BIT * 2; i++) {
  30462. if (mp_is_bit_set(a, i))
  30463. return -12984;
  30464. }
  30465. for (i = 0; i <= DIGIT_BIT * 2; i++) {
  30466. mp_zero(a);
  30467. if (mp_set_bit(a, i) != 0)
  30468. return -12985;
  30469. for (j = 0; j < i; j++) {
  30470. if (mp_is_bit_set(a, j))
  30471. return -12986;
  30472. }
  30473. if (!mp_is_bit_set(a, i))
  30474. return -12987;
  30475. }
  30476. #ifdef WOLFSSL_KEY_GEN
  30477. for (i = 0; i < DIGIT_BIT * 2; i++) {
  30478. mp_set(a, 1);
  30479. if (mp_2expt(a, i) != 0)
  30480. return -12988;
  30481. for (j = 0; j < i; j++) {
  30482. if (mp_is_bit_set(a, j))
  30483. return -12989;
  30484. }
  30485. if (!mp_is_bit_set(a, i))
  30486. return -12990;
  30487. }
  30488. #endif
  30489. #ifdef WOLFSSL_SP_MATH
  30490. mp_zero(a);
  30491. for (j = 1; j <= 3; j++) {
  30492. i = SP_INT_MAX_BITS - j;
  30493. if (mp_is_bit_set(a, i))
  30494. return -12991;
  30495. if (mp_set_bit(a, i) != 0)
  30496. return -12992;
  30497. if (!mp_is_bit_set(a, i))
  30498. return -12993;
  30499. #ifdef WOLFSSL_KEY_GEN
  30500. if (mp_2expt(a, i) != 0)
  30501. return -12994;
  30502. if (!mp_is_bit_set(a, i))
  30503. return -12995;
  30504. #endif
  30505. }
  30506. mp_zero(a);
  30507. for (j = 0; j <= 3; j++) {
  30508. i = SP_INT_MAX_BITS + j;
  30509. if (mp_is_bit_set(a, i))
  30510. return -12996;
  30511. if (mp_set_bit(a, i) != MP_VAL)
  30512. return -12997;
  30513. #ifdef WOLFSSL_KEY_GEN
  30514. if (mp_2expt(a, i) != MP_VAL)
  30515. return -12998;
  30516. #endif
  30517. }
  30518. #endif
  30519. return 0;
  30520. }
  30521. #endif /* !WOLFSSL_SP_MATH || WOLFSSL_SP_MATH_ALL */
  30522. static int mp_test_cmp(mp_int* a, mp_int* b)
  30523. {
  30524. int ret;
  30525. mp_zero(a);
  30526. mp_zero(b);
  30527. ret = mp_cmp_d(a, 0);
  30528. if (ret != MP_EQ)
  30529. return -13000;
  30530. ret = mp_cmp_d(a, 1);
  30531. if (ret != MP_LT)
  30532. return -13001;
  30533. ret = mp_cmp(a, b);
  30534. if (ret != MP_EQ)
  30535. return -13002;
  30536. mp_set(a, 1);
  30537. ret = mp_cmp_d(a, 0);
  30538. if (ret != MP_GT)
  30539. return -13003;
  30540. ret = mp_cmp_d(a, 1);
  30541. if (ret != MP_EQ)
  30542. return -13004;
  30543. ret = mp_cmp_d(a, 2);
  30544. if (ret != MP_LT)
  30545. return -13005;
  30546. ret = mp_cmp(a, b);
  30547. if (ret != MP_GT)
  30548. return -13006;
  30549. mp_read_radix(b, "1234567890123456789", MP_RADIX_HEX);
  30550. ret = mp_cmp_d(b, -1);
  30551. if (ret != MP_GT)
  30552. return -13007;
  30553. ret = mp_cmp(a, b);
  30554. if (ret != MP_LT)
  30555. return -13008;
  30556. ret = mp_cmp(b, a);
  30557. if (ret != MP_GT)
  30558. return -13009;
  30559. ret = mp_cmp(b, b);
  30560. if (ret != MP_EQ)
  30561. return -13010;
  30562. return 0;
  30563. }
  30564. #if !defined(NO_DH) || defined(HAVE_ECC) || !defined(WOLFSSL_RSA_VERIFY_ONLY)
  30565. static int mp_test_shbd(mp_int* a, mp_int* b, WC_RNG* rng)
  30566. {
  30567. int ret;
  30568. int i, j, k;
  30569. for (i = 0; i < 10; i++) {
  30570. for (j = 1; j < (DIGIT_BIT + 7) / 8 * 3; j++) {
  30571. ret = randNum(a, j, rng, NULL);
  30572. if (ret != MP_OKAY)
  30573. return -13020;
  30574. mp_copy(a, b);
  30575. for (k = 0; k <= DIGIT_BIT * 2; k++) {
  30576. ret = mp_mul_2d(a, k, a);
  30577. if (ret != MP_OKAY)
  30578. return -13021;
  30579. mp_rshb(a, k);
  30580. if (mp_cmp(a, b) != MP_EQ)
  30581. return -13022;
  30582. }
  30583. }
  30584. }
  30585. for (i = 0; i < 10; i++) {
  30586. for (j = 1; j < (DIGIT_BIT + 7) / 8 * 3; j++) {
  30587. ret = randNum(a, j, rng, NULL);
  30588. if (ret != MP_OKAY)
  30589. return -13023;
  30590. mp_copy(a, b);
  30591. for (k = 0; k < 10; k++) {
  30592. ret = mp_lshd(a, k);
  30593. if (ret != MP_OKAY)
  30594. return -13024;
  30595. mp_rshd(a, k);
  30596. if (mp_cmp(a, b) != MP_EQ)
  30597. return -13025;
  30598. }
  30599. }
  30600. }
  30601. mp_zero(a);
  30602. mp_rshd(a, 1);
  30603. if (!mp_iszero(a))
  30604. return -13026;
  30605. mp_set(a, 1);
  30606. mp_rshd(a, 1);
  30607. if (!mp_iszero(a))
  30608. return -13027;
  30609. mp_set(a, 1);
  30610. mp_rshd(a, 2);
  30611. if (!mp_iszero(a))
  30612. return -13028;
  30613. return 0;
  30614. }
  30615. #endif
  30616. static int mp_test_div(mp_int* a, mp_int* d, mp_int* r, mp_int* rem,
  30617. WC_RNG* rng)
  30618. {
  30619. int ret;
  30620. int i, j, k;
  30621. mp_zero(a);
  30622. mp_zero(d);
  30623. ret = mp_div(a, d, r, rem);
  30624. if (ret != MP_VAL)
  30625. return -13030;
  30626. mp_set(d, 1);
  30627. ret = mp_div(a, d, r, rem);
  30628. if (ret != MP_OKAY)
  30629. return -13031;
  30630. if (!mp_iszero(r))
  30631. return -13032;
  30632. if (!mp_iszero(rem))
  30633. return -13033;
  30634. mp_set(a, 1);
  30635. ret = mp_div(a, d, r, rem);
  30636. if (ret != MP_OKAY)
  30637. return -13034;
  30638. if (!mp_isone(r))
  30639. return -13035;
  30640. if (!mp_iszero(rem))
  30641. return -13036;
  30642. for (i = 0; i < 100; i++) {
  30643. for (j = 1; j < (DIGIT_BIT + 7) / 8 * 2; j++) {
  30644. ret = randNum(d, j, rng, NULL);
  30645. if (ret != MP_OKAY)
  30646. return -13037;
  30647. for (k = 1; k < (DIGIT_BIT + 7) / 8 * 2 + 1; k++) {
  30648. ret = randNum(a, k, rng, NULL);
  30649. if (ret != MP_OKAY)
  30650. return -13038;
  30651. ret = mp_div(a, d, NULL, rem);
  30652. if (ret != MP_OKAY)
  30653. return -13039;
  30654. ret = mp_div(a, d, r, NULL);
  30655. if (ret != MP_OKAY)
  30656. return -13040;
  30657. ret = mp_div(a, d, r, rem);
  30658. if (ret != MP_OKAY)
  30659. return -13041;
  30660. mp_mul(r, d, r);
  30661. mp_add(r, rem, r);
  30662. if (mp_cmp(r, a) != MP_EQ)
  30663. return -13042;
  30664. }
  30665. }
  30666. }
  30667. ret = randNum(d, (DIGIT_BIT + 7) / 8 * 2, rng, NULL);
  30668. if (ret != MP_OKAY)
  30669. return -13043;
  30670. mp_add(d, d, a);
  30671. mp_set(rem, 1);
  30672. mp_div(a, d, NULL, rem);
  30673. if (ret != MP_OKAY)
  30674. return -13044;
  30675. if (!mp_iszero(rem))
  30676. return -13045;
  30677. mp_set(r, 1);
  30678. mp_div(a, d, r, NULL);
  30679. if (ret != MP_OKAY)
  30680. return -13046;
  30681. if (mp_cmp_d(r, 2) != MP_EQ)
  30682. return -13047;
  30683. mp_set(r, 1);
  30684. mp_set(rem, 1);
  30685. mp_div(a, d, r, rem);
  30686. if (ret != MP_OKAY)
  30687. return -13048;
  30688. if (mp_cmp_d(r, 2) != MP_EQ)
  30689. return -13049;
  30690. if (!mp_iszero(rem))
  30691. return -13050;
  30692. mp_set(a, 0xfe);
  30693. mp_lshd(a, 3);
  30694. mp_add_d(a, 0xff, a);
  30695. mp_set(d, 0xfe);
  30696. mp_lshd(d, 2);
  30697. ret = mp_div(a, d, r, rem);
  30698. if (ret != MP_OKAY)
  30699. return -13051;
  30700. mp_mul(r, d, d);
  30701. mp_add(rem, d, d);
  30702. if (mp_cmp(a, d) != MP_EQ)
  30703. return -13052;
  30704. /* Force (hi | lo) / d to be (d | 0) / d which will would not fit in
  30705. * a digit. So mp_div must detect and handle.
  30706. * For example: 0x800000 / 0x8001, DIGIT_BIT = 8
  30707. */
  30708. mp_set(a, 1);
  30709. mp_mul_2d(a, DIGIT_BIT * 3 - 1, a);
  30710. mp_set(d, 1);
  30711. mp_mul_2d(d, DIGIT_BIT * 2 - 1, d);
  30712. mp_add_d(d, 1, d);
  30713. ret = mp_div(a, d, r, rem);
  30714. if (ret != MP_OKAY)
  30715. return -13053;
  30716. return 0;
  30717. }
  30718. #if defined(WOLFSSL_KEY_GEN) && (!defined(NO_DH) || !defined(NO_DSA)) && \
  30719. !defined(WC_NO_RNG)
  30720. static int mp_test_prime(mp_int* a, WC_RNG* rng)
  30721. {
  30722. int ret;
  30723. int res;
  30724. ret = mp_rand_prime(a, 1, rng, NULL);
  30725. #if defined(WOLFSSL_SP_MATH) || defined(WOLFSSL_SP_MATH_ALL)
  30726. if (ret != 0)
  30727. #else
  30728. if (ret != MP_VAL)
  30729. #endif
  30730. return -13060;
  30731. ret = mp_rand_prime(a, -5, rng, NULL);
  30732. if (ret != 0)
  30733. return -13061;
  30734. ret = mp_prime_is_prime(a, 1, &res);
  30735. if (ret != MP_OKAY)
  30736. return -13062;
  30737. if (res != MP_YES)
  30738. return -13063;
  30739. ret = mp_prime_is_prime(a, 0, &res);
  30740. if (ret != MP_VAL)
  30741. return -13064;
  30742. ret = mp_prime_is_prime(a, -1, &res);
  30743. if (ret != MP_VAL)
  30744. return -13065;
  30745. ret = mp_prime_is_prime(a, 257, &res);
  30746. if (ret != MP_VAL)
  30747. return -13066;
  30748. mp_set(a, 1);
  30749. ret = mp_prime_is_prime(a, 1, &res);
  30750. if (ret != MP_OKAY)
  30751. return -13067;
  30752. if (res != MP_NO)
  30753. return -13068;
  30754. ret = mp_prime_is_prime_ex(a, 1, &res, rng);
  30755. if (ret != MP_OKAY)
  30756. return -13069;
  30757. if (res != MP_NO)
  30758. return -13070;
  30759. mp_set(a, 2);
  30760. ret = mp_prime_is_prime(a, 1, &res);
  30761. if (ret != MP_OKAY)
  30762. return -13071;
  30763. if (res != MP_YES)
  30764. return -13072;
  30765. ret = mp_prime_is_prime_ex(a, 1, &res, rng);
  30766. if (ret != MP_OKAY)
  30767. return -13073;
  30768. if (res != MP_YES)
  30769. return -13074;
  30770. mp_set(a, 0xfb);
  30771. ret = mp_prime_is_prime(a, 1, &res);
  30772. if (ret != MP_OKAY)
  30773. return -13075;
  30774. if (res != MP_YES)
  30775. return -13076;
  30776. ret = mp_prime_is_prime_ex(a, 1, &res, rng);
  30777. if (ret != MP_OKAY)
  30778. return -13077;
  30779. if (res != MP_YES)
  30780. return -13078;
  30781. mp_set(a, 0x6);
  30782. ret = mp_prime_is_prime(a, 1, &res);
  30783. if (ret != MP_OKAY)
  30784. return -13079;
  30785. if (res != MP_NO)
  30786. return -13080;
  30787. ret = mp_prime_is_prime_ex(a, 1, &res, rng);
  30788. if (ret != MP_OKAY)
  30789. return -13081;
  30790. if (res != MP_NO)
  30791. return -13082;
  30792. mp_set_int(a, 0x655 * 0x65b);
  30793. ret = mp_prime_is_prime(a, 10, &res);
  30794. if (ret != MP_OKAY)
  30795. return -13083;
  30796. if (res != MP_NO)
  30797. return -13084;
  30798. ret = mp_prime_is_prime_ex(a, 10, &res, rng);
  30799. if (ret != MP_OKAY)
  30800. return -13085;
  30801. if (res != MP_NO)
  30802. return -13086;
  30803. return 0;
  30804. }
  30805. #endif
  30806. #if defined(WOLFSSL_KEY_GEN) && (!defined(WOLFSSL_SP_MATH_ALL) || \
  30807. !defined(NO_RSA))
  30808. static int mp_test_lcm_gcd(mp_int* a, mp_int* b, mp_int* r, mp_int* exp,
  30809. WC_RNG* rng)
  30810. {
  30811. int ret;
  30812. int i;
  30813. WOLFSSL_SMALL_STACK_STATIC const int kat[][3] = {
  30814. { 1, 1, 1 }, { 2, 1, 2 }, { 1, 2, 2 }, { 2, 4, 4 }, { 4, 2, 4 },
  30815. { 12, 56, 168 }, { 56, 12, 168 }
  30816. };
  30817. (void)exp;
  30818. mp_set(a, 0);
  30819. mp_set(b, 1);
  30820. ret = mp_lcm(a, a, r);
  30821. if (ret != MP_VAL)
  30822. return -13090;
  30823. ret = mp_lcm(a, b, r);
  30824. if (ret != MP_VAL)
  30825. return -13091;
  30826. ret = mp_lcm(b, a, r);
  30827. if (ret != MP_VAL)
  30828. return -13092;
  30829. for (i = 0; i < (int)(sizeof(kat) / sizeof(*kat)); i++) {
  30830. mp_set(a, kat[i][0]);
  30831. mp_set(b, kat[i][1]);
  30832. ret = mp_lcm(a, b, r);
  30833. if (ret != MP_OKAY)
  30834. return -13093;
  30835. mp_set(exp, kat[i][2]);
  30836. if (mp_cmp(r, exp) != MP_EQ)
  30837. return -13094;
  30838. }
  30839. (void)rng;
  30840. #if defined(WOLFSSL_KEY_GEN) && (!defined(NO_DH) || !defined(NO_DSA)) && \
  30841. !defined(WC_NO_RNG)
  30842. if (mp_rand_prime(a, 20, rng, NULL) != MP_OKAY)
  30843. return -13095;
  30844. if (mp_rand_prime(b, 20, rng, NULL) != MP_OKAY)
  30845. return -13096;
  30846. if (mp_mul(a, b, exp) != MP_OKAY)
  30847. return -13097;
  30848. ret = mp_lcm(a, b, r);
  30849. if (ret != MP_OKAY)
  30850. return -13098;
  30851. if (mp_cmp(r, exp) != MP_EQ)
  30852. return -13099;
  30853. ret = mp_lcm(b, a, r);
  30854. if (ret != MP_OKAY)
  30855. return -13100;
  30856. if (mp_cmp(r, exp) != MP_EQ)
  30857. return -13101;
  30858. #endif
  30859. mp_set(a, 11);
  30860. mp_zero(b);
  30861. ret = mp_gcd(a, b, r);
  30862. if (ret != MP_OKAY)
  30863. return -13102;
  30864. if (mp_cmp_d(r, 11) != MP_EQ)
  30865. return -13103;
  30866. ret = mp_gcd(b, a, r);
  30867. if (ret != MP_OKAY)
  30868. return -13104;
  30869. if (mp_cmp_d(r, 11) != MP_EQ)
  30870. return -13105;
  30871. ret = mp_gcd(b, b, r);
  30872. if (ret != MP_VAL)
  30873. return -13106;
  30874. return 0;
  30875. }
  30876. #endif
  30877. #if (!defined(WOLFSSL_SP_MATH) && !defined(USE_FAST_MATH)) || \
  30878. defined(WOLFSSL_SP_MATH_ALL)
  30879. static int mp_test_mod_2d(mp_int* a, mp_int* r, mp_int* t, WC_RNG* rng)
  30880. {
  30881. int ret;
  30882. int i;
  30883. int j;
  30884. mp_set(a, 10);
  30885. ret = mp_mod_2d(a, 0, r);
  30886. if (ret != MP_OKAY)
  30887. return -13110;
  30888. if (!mp_iszero(r))
  30889. return -13111;
  30890. ret = mp_mod_2d(a, 1, r);
  30891. if (ret != MP_OKAY)
  30892. return -13112;
  30893. if (!mp_iszero(r))
  30894. return -13113;
  30895. ret = mp_mod_2d(a, 2, r);
  30896. if (ret != MP_OKAY)
  30897. return -13114;
  30898. if (mp_cmp_d(r, 2))
  30899. return -13115;
  30900. for (i = 2; i < 20; i++) {
  30901. ret = randNum(a, i, rng, NULL);
  30902. if (ret != 0)
  30903. return -13116;
  30904. for (j = 1; j <= mp_count_bits(a); j++) {
  30905. /* Get top part */
  30906. ret = mp_div_2d(a, j, t, NULL);
  30907. if (ret != 0)
  30908. return -13117;
  30909. ret = mp_mul_2d(t, j, t);
  30910. if (ret != 0)
  30911. return -13118;
  30912. /* Get bottom part */
  30913. ret = mp_mod_2d(a, j, r);
  30914. if (ret != 0)
  30915. return -13119;
  30916. /* Reassemble */
  30917. ret = mp_add(t, r, r);
  30918. if (ret != 0)
  30919. return -13120;
  30920. if (mp_cmp(a, r) != MP_EQ)
  30921. return -13121;
  30922. }
  30923. }
  30924. return 0;
  30925. }
  30926. #endif
  30927. #if (defined(HAVE_ECC) && defined(HAVE_COMP_KEY)) || \
  30928. (defined(OPENSSL_EXTRA) && defined(WOLFSSL_KEY_GEN))
  30929. static int mp_test_mod_d(mp_int* a)
  30930. {
  30931. int ret;
  30932. mp_digit r;
  30933. if (mp_set(a, 1) != MP_OKAY)
  30934. return -13130;
  30935. ret = mp_mod_d(a, 0, &r);
  30936. if (ret != MP_VAL)
  30937. return -13131;
  30938. mp_zero(a);
  30939. ret = mp_mod_d(a, 1, &r);
  30940. if (ret != MP_OKAY)
  30941. return -13132;
  30942. ret = mp_mod_d(a, 3, &r);
  30943. if (ret != MP_OKAY)
  30944. return -13133;
  30945. ret = mp_mod_d(a, 5, &r);
  30946. if (ret != MP_OKAY)
  30947. return -13134;
  30948. return 0;
  30949. }
  30950. #endif
  30951. static int mp_test_mul_sqr(mp_int* a, mp_int* b, mp_int* r1, mp_int* r2,
  30952. WC_RNG* rng)
  30953. {
  30954. int ret;
  30955. int i;
  30956. for (i = 1; i < 16; i++) {
  30957. ret = randNum(a, i, rng, NULL);
  30958. if (ret != 0)
  30959. return -13140;
  30960. ret = mp_mul(a, a, r1);
  30961. if (ret != 0)
  30962. return -13141;
  30963. ret = mp_sqr(a, r2);
  30964. if (ret != 0)
  30965. return -13142;
  30966. if (mp_cmp(r1, r2) != MP_EQ)
  30967. return -13143;
  30968. }
  30969. ret = mp_set(b, 0);
  30970. if (ret != MP_OKAY)
  30971. return -13144;
  30972. ret = mp_mul(a, b, r1);
  30973. if (ret != MP_OKAY)
  30974. return -13145;
  30975. if (!mp_iszero(r1))
  30976. return -13146;
  30977. ret = mp_sqr(b, r1);
  30978. if (ret != MP_OKAY)
  30979. return -13147;
  30980. if (!mp_iszero(r1))
  30981. return -13148;
  30982. #ifdef WOLFSSL_SP_MATH
  30983. ret = mp_set(a, 1);
  30984. if (ret != MP_OKAY)
  30985. return -13149;
  30986. i = (SP_INT_DIGITS + 1) / 2;
  30987. ret = mp_mul_2d(a, i * SP_WORD_SIZE - 1, a);
  30988. if (ret != MP_OKAY)
  30989. return -13150;
  30990. ret = mp_set(b, 1);
  30991. if (ret != MP_OKAY)
  30992. return -13151;
  30993. ret = mp_mul_2d(b, (SP_INT_DIGITS - 1 - i) * SP_WORD_SIZE - 1, b);
  30994. if (ret != MP_OKAY)
  30995. return -13152;
  30996. ret = mp_mul(a, b, r1);
  30997. if (ret != MP_OKAY)
  30998. return -13153;
  30999. ret = mp_mul(a, a, r1);
  31000. if (ret == MP_OKAY)
  31001. return -13154;
  31002. ret = mp_sqr(a, r1);
  31003. if (ret == MP_OKAY)
  31004. return -13155;
  31005. ret = mp_sqr(b, r1);
  31006. if (ret != MP_OKAY)
  31007. return -13156;
  31008. #if defined(WOLFSSL_SP_MATH_ALL) || defined(WOLFSSL_HAVE_SP_DH) || \
  31009. (defined(HAVE_ECC) && defined(FP_ECC))
  31010. ret = mp_mulmod(a, b, b, r1);
  31011. if (ret != MP_OKAY)
  31012. return -13157;
  31013. ret = mp_mulmod(a, a, b, r1);
  31014. if (ret == MP_OKAY)
  31015. return -13158;
  31016. #if defined(HAVE_ECC) && (defined(ECC_SHAMIR) || defined(FP_ECC))
  31017. ret = mp_sqrmod(a, b, r1);
  31018. if (ret == MP_OKAY)
  31019. return -13159;
  31020. ret = mp_sqrmod(b, a, r1);
  31021. if (ret != MP_OKAY)
  31022. return -13160;
  31023. #endif /* HAVE_ECC && (ECC_SHAMIR || FP_ECC) */
  31024. #endif /* WOLFSSL_SP_MATH_ALL || WOLFSSL_HAVE_SP_DH || (HAVE_ECC && FP_ECC) */
  31025. #endif /* WOLFSSL_SP_MATH */
  31026. return 0;
  31027. }
  31028. #if !defined(NO_RSA) || defined(HAVE_ECC) || !defined(NO_DSA) || \
  31029. defined(OPENSSL_EXTRA)
  31030. static int mp_test_invmod(mp_int* a, mp_int* m, mp_int* r)
  31031. {
  31032. int ret;
  31033. mp_set(a, 0);
  31034. mp_set(m, 1);
  31035. ret = mp_invmod(a, m, r);
  31036. if (ret != MP_VAL)
  31037. return -13170;
  31038. ret = mp_invmod(m, a, r);
  31039. if (ret != MP_VAL)
  31040. return -13171;
  31041. mp_set(a, 2);
  31042. mp_set(m, 4);
  31043. ret = mp_invmod(a, m, r);
  31044. if (ret != MP_VAL)
  31045. return -13172;
  31046. mp_set(a, 1);
  31047. mp_set(m, 4);
  31048. ret = mp_invmod(a, m, r);
  31049. if (ret != MP_OKAY)
  31050. return -13173;
  31051. if (!mp_isone(r))
  31052. return -13174;
  31053. mp_set(a, 3);
  31054. mp_set(m, 4);
  31055. ret = mp_invmod(a, m, r);
  31056. if (ret != MP_OKAY)
  31057. return -13175;
  31058. mp_set(a, 3);
  31059. mp_set(m, 5);
  31060. ret = mp_invmod(a, m, r);
  31061. if (ret != MP_OKAY)
  31062. return -13176;
  31063. #if !defined(WOLFSSL_SP_MATH) || defined(WOLFSSL_SP_INT_NEGATIVE)
  31064. mp_read_radix(a, "-3", 16);
  31065. ret = mp_invmod(a, m, r);
  31066. if (ret != MP_OKAY)
  31067. return -13177;
  31068. #endif
  31069. #if defined(WOLFSSL_SP_MATH) || defined(WOLFSSL_SP_MATH_ALL)
  31070. #ifdef HAVE_ECC
  31071. mp_set(a, 0);
  31072. mp_set(m, 3);
  31073. ret = mp_invmod_mont_ct(a, m, r, 1);
  31074. if (ret != MP_VAL)
  31075. return -13178;
  31076. mp_set(a, 1);
  31077. mp_set(m, 0);
  31078. ret = mp_invmod_mont_ct(a, m, r, 1);
  31079. if (ret != MP_VAL)
  31080. return -13179;
  31081. mp_set(a, 1);
  31082. mp_set(m, 1);
  31083. ret = mp_invmod_mont_ct(a, m, r, 1);
  31084. if (ret != MP_VAL)
  31085. return -13180;
  31086. mp_set(a, 1);
  31087. mp_set(m, 2);
  31088. ret = mp_invmod_mont_ct(a, m, r, 1);
  31089. if (ret != MP_VAL)
  31090. return -13181;
  31091. mp_set(a, 1);
  31092. mp_set(m, 3);
  31093. ret = mp_invmod_mont_ct(a, m, r, 1);
  31094. if (ret != MP_OKAY)
  31095. return -13182;
  31096. #endif
  31097. #endif
  31098. return 0;
  31099. }
  31100. #endif /* !NO_RSA || HAVE_ECC || !NO_DSA || OPENSSL_EXTRA */
  31101. #if !defined(NO_RSA) || !defined(NO_DSA) || !defined(NO_DH) || \
  31102. (defined(HAVE_ECC) && defined(HAVE_COMP_KEY)) || defined(OPENSSL_EXTRA)
  31103. static int mp_test_exptmod(mp_int* b, mp_int* e, mp_int* m, mp_int* r)
  31104. {
  31105. int ret;
  31106. mp_set(b, 0x2);
  31107. mp_set(e, 0x3);
  31108. mp_set(m, 0x0);
  31109. ret = mp_exptmod_ex(b, e, 1, m, r);
  31110. if (ret != MP_VAL)
  31111. return -13190;
  31112. ret = mp_exptmod_nct(b, e, m, r);
  31113. if (ret != MP_VAL)
  31114. return -13191;
  31115. mp_set(b, 0x2);
  31116. mp_set(e, 0x3);
  31117. mp_set(m, 0x1);
  31118. ret = mp_exptmod_ex(b, e, 1, m, r);
  31119. if (ret != MP_OKAY)
  31120. return -13192;
  31121. if (!mp_iszero(r))
  31122. return -13193;
  31123. ret = mp_exptmod_nct(b, e, m, r);
  31124. if (ret != MP_OKAY)
  31125. return -13194;
  31126. if (!mp_iszero(r))
  31127. return -13195;
  31128. mp_set(b, 0x2);
  31129. mp_set(e, 0x0);
  31130. mp_set(m, 0x7);
  31131. ret = mp_exptmod_ex(b, e, 1, m, r);
  31132. if (ret != MP_OKAY)
  31133. return -13196;
  31134. if (!mp_isone(r))
  31135. return -13197;
  31136. ret = mp_exptmod_nct(b, e, m, r);
  31137. if (ret != MP_OKAY)
  31138. return -13198;
  31139. if (!mp_isone(r))
  31140. return -13199;
  31141. mp_set(b, 0x0);
  31142. mp_set(e, 0x3);
  31143. mp_set(m, 0x7);
  31144. ret = mp_exptmod_ex(b, e, 1, m, r);
  31145. if (ret != MP_OKAY)
  31146. return -13200;
  31147. if (!mp_iszero(r))
  31148. return -13201;
  31149. ret = mp_exptmod_nct(b, e, m, r);
  31150. if (ret != MP_OKAY)
  31151. return -13202;
  31152. if (!mp_iszero(r))
  31153. return -13203;
  31154. mp_set(b, 0x10);
  31155. mp_set(e, 0x3);
  31156. mp_set(m, 0x7);
  31157. ret = mp_exptmod_ex(b, e, 1, m, r);
  31158. if (ret != MP_OKAY)
  31159. return -13204;
  31160. ret = mp_exptmod_nct(b, e, m, r);
  31161. if (ret != MP_OKAY)
  31162. return -13205;
  31163. mp_set(b, 0x7);
  31164. mp_set(e, 0x3);
  31165. mp_set(m, 0x7);
  31166. ret = mp_exptmod_ex(b, e, 1, m, r);
  31167. if (ret != MP_OKAY)
  31168. return -13206;
  31169. if (!mp_iszero(r))
  31170. return -13207;
  31171. ret = mp_exptmod_nct(b, e, m, r);
  31172. if (ret != MP_OKAY)
  31173. return -13208;
  31174. if (!mp_iszero(r))
  31175. return -13209;
  31176. mp_set(b, 0x01);
  31177. mp_mul_2d(b, DIGIT_BIT, b);
  31178. mp_add_d(b, 1, b);
  31179. mp_set(e, 0x3);
  31180. mp_copy(b, m);
  31181. ret = mp_exptmod_ex(b, e, 1, m, r);
  31182. if (ret != MP_OKAY)
  31183. return -13210;
  31184. if (!mp_iszero(r))
  31185. return -13211;
  31186. ret = mp_exptmod_nct(b, e, m, r);
  31187. if (ret != MP_OKAY)
  31188. return -13212;
  31189. if (!mp_iszero(r))
  31190. return -13213;
  31191. mp_set(b, 0x2);
  31192. mp_set(e, 0x3);
  31193. mp_set(m, 0x7);
  31194. ret = mp_exptmod_ex(b, e, 1, m, r);
  31195. if (ret != MP_OKAY)
  31196. return -13214;
  31197. ret = mp_exptmod_nct(b, e, m, r);
  31198. if (ret != MP_OKAY)
  31199. return -13215;
  31200. #ifdef WOLFSSL_SP_MATH
  31201. mp_set(b, 0x2);
  31202. mp_set(e, 0x3);
  31203. mp_set(m, 0x01);
  31204. mp_mul_2d(m, SP_WORD_SIZE * SP_INT_DIGITS / 2, m);
  31205. mp_add_d(m, 0x01, m);
  31206. ret = mp_exptmod_ex(b, e, 1, m, r);
  31207. if (ret != MP_VAL)
  31208. return -13216;
  31209. ret = mp_exptmod_nct(b, e, m, r);
  31210. if (ret != MP_VAL)
  31211. return -13217;
  31212. #endif
  31213. return 0;
  31214. }
  31215. #endif /* !NO_RSA || !NO_DSA || !NO_DH || (HAVE_ECC && HAVE_COMP_KEY) ||
  31216. * OPENSSL_EXTRA */
  31217. #if defined(WOLFSSL_SP_MATH_ALL) || defined(WOLFSSL_HAVE_SP_DH) || \
  31218. defined(HAVE_ECC) || (!defined(NO_RSA) && !defined(WOLFSSL_RSA_VERIFY_ONLY))
  31219. static int mp_test_mont(mp_int* a, mp_int* m, mp_int* n, mp_int* r, WC_RNG* rng)
  31220. {
  31221. int ret;
  31222. mp_digit mp;
  31223. static int exp[] = { 7, 8, 16, 27, 32, 64,
  31224. 127, 128, 255, 256,
  31225. 383, 384, 2033, 2048
  31226. };
  31227. static mp_digit sub[] = { 0x01, 0x05, 0x0f, 0x27, 0x05, 0x3b,
  31228. 0x01, 0x9f, 0x13, 0xbd,
  31229. 0x1f, 0x13d, 0x45, 0x615
  31230. };
  31231. int i;
  31232. int j;
  31233. for (i = 0; i < (int)(sizeof(exp) / sizeof(*exp)); i++) {
  31234. if (exp[i] >= DIGIT_BIT)
  31235. continue;
  31236. mp_zero(m);
  31237. ret = mp_set_bit(m, exp[i]);
  31238. if (ret != MP_OKAY)
  31239. return -13220;
  31240. ret = mp_sub_d(m, sub[i], m);
  31241. if (ret != MP_OKAY)
  31242. return -13221;
  31243. ret = mp_montgomery_setup(m, &mp);
  31244. if (ret != MP_OKAY)
  31245. return -13222;
  31246. ret = mp_montgomery_calc_normalization(n, m);
  31247. if (ret != MP_OKAY)
  31248. return -13223;
  31249. for (j = 0; j < 10; j++) {
  31250. ret = randNum(a, (exp[i] + DIGIT_BIT - 1) / DIGIT_BIT, rng, NULL);
  31251. if (ret != 0)
  31252. return -13224;
  31253. ret = mp_mod(a, m, a);
  31254. if (ret != 0)
  31255. return -13225;
  31256. /* r = a * a */
  31257. ret = mp_sqrmod(a, m, r);
  31258. if (ret != MP_OKAY)
  31259. return -13226;
  31260. /* Convert to Montgomery form = a*n */
  31261. ret = mp_mulmod(a, n, m, a);
  31262. if (ret != MP_OKAY)
  31263. return -13227;
  31264. /* a*a mod m == ((a*n) * (a*n)) / n / n */
  31265. ret = mp_sqr(a, a);
  31266. if (ret != MP_OKAY)
  31267. return -13228;
  31268. ret = mp_montgomery_reduce(a, m, mp);
  31269. if (ret != MP_OKAY)
  31270. return -13229;
  31271. ret = mp_montgomery_reduce(a, m, mp);
  31272. if (ret != MP_OKAY)
  31273. return -13230;
  31274. if (mp_cmp(a, r) != MP_EQ)
  31275. return -13231;
  31276. }
  31277. }
  31278. return 0;
  31279. }
  31280. #endif
  31281. WOLFSSL_TEST_SUBROUTINE int mp_test(void)
  31282. {
  31283. WC_RNG rng;
  31284. int ret;
  31285. #if defined(HAVE_ECC) || defined(WOLFSSL_KEY_GEN)
  31286. int i, j, k;
  31287. mp_digit d;
  31288. #endif
  31289. mp_int a, b, r1, r2, p;
  31290. ret = mp_init_multi(&a, &b, &r1, &r2, NULL, NULL);
  31291. if (ret != 0)
  31292. return -13300;
  31293. #ifdef WOLFSSL_SP_MATH_ALL
  31294. mp_init_copy(&p, &a);
  31295. #else
  31296. ret = mp_init(&p);
  31297. if (ret != 0)
  31298. return -13301;
  31299. #endif
  31300. #ifndef HAVE_FIPS
  31301. ret = wc_InitRng_ex(&rng, HEAP_HINT, devId);
  31302. #else
  31303. ret = wc_InitRng(&rng);
  31304. #endif
  31305. if (ret != 0)
  31306. goto done;
  31307. #if defined(HAVE_ECC) || defined(WOLFSSL_KEY_GEN)
  31308. mp_set_int(&a, 0);
  31309. if (a.used != 0 || a.dp[0] != 0)
  31310. return -13302;
  31311. for (j = 1; j <= MP_MAX_TEST_BYTE_LEN; j++) {
  31312. for (i = 0; i < 4 * j; i++) {
  31313. /* New values to use. */
  31314. ret = randNum(&p, j, &rng, NULL);
  31315. if (ret != 0)
  31316. return -13303;
  31317. ret = randNum(&a, j, &rng, NULL);
  31318. if (ret != 0)
  31319. return -13304;
  31320. ret = randNum(&b, j, &rng, NULL);
  31321. if (ret != 0)
  31322. return -13305;
  31323. ret = wc_RNG_GenerateBlock(&rng, (byte*)&d, sizeof(d));
  31324. if (ret != 0)
  31325. return -13306;
  31326. d &= MP_MASK;
  31327. #if !defined(WOLFSSL_SP_MATH) || (defined(HAVE_ECC) && \
  31328. (defined(ECC_SHAMIR) || defined(FP_ECC)))
  31329. /* Ensure sqrmod produce same result as mulmod. */
  31330. ret = mp_sqrmod(&a, &p, &r1);
  31331. if (ret != 0)
  31332. return -13307;
  31333. ret = mp_mulmod(&a, &a, &p, &r2);
  31334. if (ret != 0)
  31335. return -13308;
  31336. if (mp_cmp(&r1, &r2) != 0)
  31337. return -13309;
  31338. #endif
  31339. #if defined(WOLFSSL_SP_MATH) || (defined(WOLFSSL_SP_MATH_ALL) && \
  31340. !defined(WOLFSSL_SP_INT_NEGATIVE))
  31341. ret = mp_addmod(&a, &b, &p, &r1);
  31342. if (ret != 0)
  31343. return -13310;
  31344. ret = mp_submod(&r1, &b, &p, &r2);
  31345. if (ret != 0)
  31346. return -13311;
  31347. ret = mp_mod(&a, &p, &r1);
  31348. if (ret != 0)
  31349. return -13312;
  31350. if (mp_cmp(&r1, &r2) != MP_EQ)
  31351. return -13313;
  31352. #else
  31353. /* Ensure add with mod produce same result as sub with mod. */
  31354. ret = mp_addmod(&a, &b, &p, &r1);
  31355. if (ret != 0)
  31356. return -13314;
  31357. b.sign ^= 1;
  31358. ret = mp_submod(&a, &b, &p, &r2);
  31359. if (ret != 0)
  31360. return -13315;
  31361. if (mp_cmp(&r1, &r2) != 0)
  31362. return -13316;
  31363. #endif
  31364. /* Ensure add digit produce same result as sub digit. */
  31365. ret = mp_add_d(&a, d, &r1);
  31366. if (ret != 0)
  31367. return -13317;
  31368. ret = mp_sub_d(&r1, d, &r2);
  31369. if (ret != 0)
  31370. return -13318;
  31371. if (mp_cmp(&a, &r2) != 0)
  31372. return -13319;
  31373. /* Invert - if p is even it will use the slow impl.
  31374. * - if p and a are even it will fail.
  31375. */
  31376. ret = mp_invmod(&a, &p, &r1);
  31377. if (ret != 0 && ret != MP_VAL)
  31378. return -13320;
  31379. ret = 0;
  31380. /* Shift up and down number all bits in a digit. */
  31381. for (k = 0; k < DIGIT_BIT; k++) {
  31382. mp_mul_2d(&a, k, &r1);
  31383. mp_div_2d(&r1, k, &r2, &p);
  31384. if (mp_cmp(&a, &r2) != 0)
  31385. return -13321;
  31386. if (!mp_iszero(&p))
  31387. return -13322;
  31388. mp_rshb(&r1, k);
  31389. if (mp_cmp(&a, &r1) != 0)
  31390. return -13323;
  31391. }
  31392. }
  31393. }
  31394. #if DIGIT_BIT >= 32
  31395. /* Check that setting a 32-bit digit works. */
  31396. d &= 0xffffffffU;
  31397. mp_set_int(&a, d);
  31398. if (a.used != 1 || a.dp[0] != d)
  31399. return -13324;
  31400. #endif
  31401. /* Check setting a bit and testing a bit works. */
  31402. for (i = 0; i < MP_MAX_TEST_BYTE_LEN * 8; i++) {
  31403. mp_zero(&a);
  31404. mp_set_bit(&a, i);
  31405. if (!mp_is_bit_set(&a, i))
  31406. return -13325;
  31407. }
  31408. #endif
  31409. #if defined(HAVE_ECC) && defined(HAVE_COMP_KEY)
  31410. mp_zero(&a);
  31411. i = mp_cnt_lsb(&a);
  31412. if (i != 0)
  31413. return -13326;
  31414. mp_set(&a, 1);
  31415. i = mp_cnt_lsb(&a);
  31416. if (i != 0)
  31417. return -13327;
  31418. #endif
  31419. #if defined(WOLFSSL_SP_MATH) || defined(WOLFSSL_SP_MATH_ALL)
  31420. if ((ret = mp_test_param(&a, &b, &r1, &rng)) != 0)
  31421. return ret;
  31422. #endif
  31423. #if defined(WOLFSSL_SP_MATH_ALL) || !defined(USE_FAST_MATH)
  31424. if ((ret = mp_test_div_3(&a, &r1, &rng)) != 0)
  31425. return ret;
  31426. #endif
  31427. #if defined(WOLFSSL_SP_MATH_ALL) || (!defined WOLFSSL_SP_MATH && \
  31428. (defined(WOLFSSL_KEY_GEN) || defined(HAVE_COMP_KEY)))
  31429. if ((ret = mp_test_radix_10(&a, &r1, &rng)) != 0)
  31430. return ret;
  31431. #endif
  31432. #if defined(WOLFSSL_SP_MATH_ALL) || defined(HAVE_ECC)
  31433. if ((ret = mp_test_radix_16(&a, &r1, &rng)) != 0)
  31434. return ret;
  31435. #endif
  31436. if ((ret = mp_test_shift(&a, &r1, &rng)) != 0)
  31437. return ret;
  31438. if ((ret = mp_test_add_sub_d(&a, &r1)) != 0)
  31439. return ret;
  31440. if ((ret = mp_test_read_to_bin(&a)) != 0)
  31441. return ret;
  31442. #if defined(WOLFSSL_SP_MATH) || defined(WOLFSSL_SP_MATH_ALL)
  31443. if ((ret = mp_test_set_int(&a)) != 0)
  31444. return ret;
  31445. #endif
  31446. if ((ret = mp_test_cmp(&a, &r1)) != 0)
  31447. return ret;
  31448. #if !defined(NO_DH) || defined(HAVE_ECC) || !defined(WOLFSSL_RSA_VERIFY_ONLY)
  31449. if ((ret = mp_test_shbd(&a, &b, &rng)) != 0)
  31450. return ret;
  31451. #endif
  31452. #if !defined(WOLFSSL_SP_MATH) || defined(WOLFSSL_SP_MATH_ALL)
  31453. if ((ret = mp_test_set_is_bit(&a)) != 0)
  31454. return ret;
  31455. #endif
  31456. if ((ret = mp_test_div(&a, &b, &r1, &r2, &rng)) != 0)
  31457. return ret;
  31458. #if defined(WOLFSSL_KEY_GEN) && (!defined(NO_DH) || !defined(NO_DSA)) && \
  31459. !defined(WC_NO_RNG)
  31460. if ((ret = mp_test_prime(&a, &rng)) != 0)
  31461. return ret;
  31462. #endif
  31463. #if defined(WOLFSSL_KEY_GEN) && (!defined(WOLFSSL_SP_MATH_ALL) || \
  31464. !defined(NO_RSA))
  31465. if ((ret = mp_test_lcm_gcd(&a, &b, &r1, &r2, &rng)) != 0)
  31466. return ret;
  31467. #endif
  31468. #if (!defined(WOLFSSL_SP_MATH) && !defined(USE_FAST_MATH)) || \
  31469. defined(WOLFSSL_SP_MATH_ALL)
  31470. if ((ret = mp_test_mod_2d(&a, &r1, &p, &rng)) != 0)
  31471. return ret;
  31472. #endif
  31473. #if (defined(HAVE_ECC) && defined(HAVE_COMP_KEY)) || \
  31474. (defined(OPENSSL_EXTRA) && defined(WOLFSSL_KEY_GEN))
  31475. if ((ret = mp_test_mod_d(&a)) != 0)
  31476. return ret;
  31477. #endif
  31478. if ((ret = mp_test_mul_sqr(&a, &b, &r1, &r2, &rng)) != 0)
  31479. return ret;
  31480. #if !defined(NO_RSA) || defined(HAVE_ECC) || !defined(NO_DSA) || \
  31481. defined(OPENSSL_EXTRA)
  31482. if ((ret = mp_test_invmod(&a, &b, &r1)) != 0)
  31483. return ret;
  31484. #endif
  31485. #if !defined(NO_RSA) || !defined(NO_DSA) || !defined(NO_DH) || \
  31486. (defined(HAVE_ECC) && defined(HAVE_COMP_KEY)) || defined(OPENSSL_EXTRA)
  31487. if ((ret = mp_test_exptmod(&a, &b, &r1, &r2)) != 0)
  31488. return ret;
  31489. #endif
  31490. #if defined(WOLFSSL_SP_MATH_ALL) || defined(WOLFSSL_HAVE_SP_DH) || \
  31491. defined(HAVE_ECC) || (!defined(NO_RSA) && !defined(WOLFSSL_RSA_VERIFY_ONLY))
  31492. if ((ret = mp_test_mont(&a, &b, &r1, &r2, &rng)) != 0)
  31493. return ret;
  31494. #endif
  31495. done:
  31496. mp_clear(&p);
  31497. mp_clear(&r2);
  31498. mp_clear(&r1);
  31499. mp_clear(&b);
  31500. mp_clear(&a);
  31501. wc_FreeRng(&rng);
  31502. return ret;
  31503. }
  31504. #endif
  31505. #if defined(WOLFSSL_PUBLIC_MP) && defined(WOLFSSL_KEY_GEN)
  31506. typedef struct pairs_t {
  31507. const unsigned char* coeff;
  31508. int coeffSz;
  31509. int exp;
  31510. } pairs_t;
  31511. /*
  31512. n =p1p2p3, where pi = ki(p1−1)+1 with (k2,k3) = (173,293)
  31513. p1 = 2^192 * 0x000000000000e24fd4f6d6363200bf2323ec46285cac1d3a
  31514. + 2^0 * 0x0b2488b0c29d96c5e67f8bec15b54b189ae5636efe89b45b
  31515. */
  31516. static const unsigned char c192a[] =
  31517. {
  31518. 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0xe2, 0x4f,
  31519. 0xd4, 0xf6, 0xd6, 0x36, 0x32, 0x00, 0xbf, 0x23,
  31520. 0x23, 0xec, 0x46, 0x28, 0x5c, 0xac, 0x1d, 0x3a
  31521. };
  31522. static const unsigned char c0a[] =
  31523. {
  31524. 0x0b, 0x24, 0x88, 0xb0, 0xc2, 0x9d, 0x96, 0xc5,
  31525. 0xe6, 0x7f, 0x8b, 0xec, 0x15, 0xb5, 0x4b, 0x18,
  31526. 0x9a, 0xe5, 0x63, 0x6e, 0xfe, 0x89, 0xb4, 0x5b
  31527. };
  31528. static const pairs_t ecPairsA[] =
  31529. {
  31530. {c192a, sizeof(c192a), 192},
  31531. {c0a, sizeof(c0a), 0}
  31532. };
  31533. static const int kA[] = {173, 293};
  31534. static const unsigned char controlPrime[] = {
  31535. 0xe1, 0x76, 0x45, 0x80, 0x59, 0xb6, 0xd3, 0x49,
  31536. 0xdf, 0x0a, 0xef, 0x12, 0xd6, 0x0f, 0xf0, 0xb7,
  31537. 0xcb, 0x2a, 0x37, 0xbf, 0xa7, 0xf8, 0xb5, 0x4d,
  31538. 0xf5, 0x31, 0x35, 0xad, 0xe4, 0xa3, 0x94, 0xa1,
  31539. 0xdb, 0xf1, 0x96, 0xad, 0xb5, 0x05, 0x64, 0x85,
  31540. 0x83, 0xfc, 0x1b, 0x5b, 0x29, 0xaa, 0xbe, 0xf8,
  31541. 0x26, 0x3f, 0x76, 0x7e, 0xad, 0x1c, 0xf0, 0xcb,
  31542. 0xd7, 0x26, 0xb4, 0x1b, 0x05, 0x8e, 0x56, 0x86,
  31543. 0x7e, 0x08, 0x62, 0x21, 0xc1, 0x86, 0xd6, 0x47,
  31544. 0x79, 0x3e, 0xb7, 0x5d, 0xa4, 0xc6, 0x3a, 0xd7,
  31545. 0xb1, 0x74, 0x20, 0xf6, 0x50, 0x97, 0x41, 0x04,
  31546. 0x53, 0xed, 0x3f, 0x26, 0xd6, 0x6f, 0x91, 0xfa,
  31547. 0x68, 0x26, 0xec, 0x2a, 0xdc, 0x9a, 0xf1, 0xe7,
  31548. 0xdc, 0xfb, 0x73, 0xf0, 0x79, 0x43, 0x1b, 0x21,
  31549. 0xa3, 0x59, 0x04, 0x63, 0x52, 0x07, 0xc9, 0xd7,
  31550. 0xe6, 0xd1, 0x1b, 0x5d, 0x5e, 0x96, 0xfa, 0x53
  31551. };
  31552. static const unsigned char testOne[] = { 1 };
  31553. static int GenerateNextP(mp_int* p1, mp_int* p2, int k)
  31554. {
  31555. int ret;
  31556. mp_int ki;
  31557. ret = mp_init(&ki);
  31558. if (ret == 0)
  31559. ret = mp_set(&ki, k);
  31560. if (ret == 0)
  31561. ret = mp_sub_d(p1, 1, p2);
  31562. if (ret == 0)
  31563. ret = mp_mul(p2, &ki, p2);
  31564. if (ret == 0)
  31565. ret = mp_add_d(p2, 1, p2);
  31566. mp_clear(&ki);
  31567. return ret;
  31568. }
  31569. static int GenerateP(mp_int* p1, mp_int* p2, mp_int* p3,
  31570. const pairs_t* ecPairs, int ecPairsSz,
  31571. const int* k)
  31572. {
  31573. mp_int x,y;
  31574. int ret, i;
  31575. ret = mp_init(&x);
  31576. if (ret == 0) {
  31577. ret = mp_init(&y);
  31578. if (ret != 0) {
  31579. mp_clear(&x);
  31580. return MP_MEM;
  31581. }
  31582. }
  31583. for (i = 0; ret == 0 && i < ecPairsSz; i++) {
  31584. ret = mp_read_unsigned_bin(&x, ecPairs[i].coeff, ecPairs[i].coeffSz);
  31585. /* p1 = 2^exp */
  31586. if (ret == 0)
  31587. ret = mp_2expt(&y, ecPairs[i].exp);
  31588. /* p1 = p1 * m */
  31589. if (ret == 0)
  31590. ret = mp_mul(&x, &y, &x);
  31591. /* p1 += */
  31592. if (ret == 0)
  31593. ret = mp_add(p1, &x, p1);
  31594. mp_zero(&x);
  31595. mp_zero(&y);
  31596. }
  31597. mp_clear(&x);
  31598. mp_clear(&y);
  31599. if (ret == 0)
  31600. ret = GenerateNextP(p1, p2, k[0]);
  31601. if (ret == 0)
  31602. ret = GenerateNextP(p1, p3, k[1]);
  31603. return ret;
  31604. }
  31605. WOLFSSL_TEST_SUBROUTINE int prime_test(void)
  31606. {
  31607. #ifdef WOLFSSL_SMALL_STACK
  31608. mp_int *n = (mp_int *)XMALLOC(sizeof *n, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER),
  31609. *p1 = (mp_int *)XMALLOC(sizeof *p1, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER),
  31610. *p2 = (mp_int *)XMALLOC(sizeof *p2, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER),
  31611. *p3 = (mp_int *)XMALLOC(sizeof *p3, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  31612. #else
  31613. mp_int n[1],
  31614. p1[1],
  31615. p2[1],
  31616. p3[1];
  31617. #endif
  31618. int ret, isPrime = 0;
  31619. WC_RNG rng;
  31620. #ifdef WOLFSSL_SMALL_STACK
  31621. if ((n == NULL) ||
  31622. (p1 == NULL) ||
  31623. (p2 == NULL) ||
  31624. (p3 == NULL))
  31625. ERROR_OUT(MEMORY_E, out);
  31626. #endif
  31627. ret = wc_InitRng(&rng);
  31628. if (ret == 0)
  31629. ret = mp_init_multi(n, p1, p2, p3, NULL, NULL);
  31630. if (ret == 0)
  31631. ret = GenerateP(p1, p2, p3,
  31632. ecPairsA, sizeof(ecPairsA) / sizeof(ecPairsA[0]), kA);
  31633. if (ret == 0)
  31634. ret = mp_mul(p1, p2, n);
  31635. if (ret == 0)
  31636. ret = mp_mul(n, p3, n);
  31637. if (ret != 0)
  31638. ERROR_OUT(-13400, out);
  31639. /* Check the old prime test using the number that false positives.
  31640. * This test result should indicate as not prime. */
  31641. ret = mp_prime_is_prime(n, 40, &isPrime);
  31642. if (ret != 0)
  31643. ERROR_OUT(-13401, out);
  31644. if (isPrime)
  31645. ERROR_OUT(-13402, out);
  31646. /* This test result should fail. It should indicate the value as prime. */
  31647. ret = mp_prime_is_prime(n, 8, &isPrime);
  31648. if (ret != 0)
  31649. ERROR_OUT(-13403, out);
  31650. if (!isPrime)
  31651. ERROR_OUT(-13404, out);
  31652. /* This test result should indicate the value as not prime. */
  31653. ret = mp_prime_is_prime_ex(n, 8, &isPrime, &rng);
  31654. if (ret != 0)
  31655. ERROR_OUT(-13405, out);
  31656. if (isPrime)
  31657. ERROR_OUT(-13406, out);
  31658. ret = mp_read_unsigned_bin(n, controlPrime, sizeof(controlPrime));
  31659. if (ret != 0)
  31660. ERROR_OUT(-13407, out);
  31661. /* This test result should indicate the value as prime. */
  31662. ret = mp_prime_is_prime_ex(n, 8, &isPrime, &rng);
  31663. if (ret != 0)
  31664. ERROR_OUT(-13408, out);
  31665. if (!isPrime)
  31666. ERROR_OUT(-13409, out);
  31667. /* This test result should indicate the value as prime. */
  31668. isPrime = -1;
  31669. ret = mp_prime_is_prime(n, 8, &isPrime);
  31670. if (ret != 0)
  31671. ERROR_OUT(-13410, out);
  31672. if (!isPrime)
  31673. ERROR_OUT(-13411, out);
  31674. ret = mp_read_unsigned_bin(n, testOne, sizeof(testOne));
  31675. if (ret != 0)
  31676. ERROR_OUT(-13412, out);
  31677. /* This test result should indicate the value as not prime. */
  31678. ret = mp_prime_is_prime_ex(n, 8, &isPrime, &rng);
  31679. if (ret != 0)
  31680. ERROR_OUT(-13413, out);
  31681. if (isPrime)
  31682. ERROR_OUT(-13414, out);
  31683. ret = mp_prime_is_prime(n, 8, &isPrime);
  31684. if (ret != 0)
  31685. ERROR_OUT(-13415, out);
  31686. if (isPrime)
  31687. ERROR_OUT(-13416, out);
  31688. ret = 0;
  31689. out:
  31690. #ifdef WOLFSSL_SMALL_STACK
  31691. if (n != NULL) {
  31692. mp_clear(n);
  31693. XFREE(n, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  31694. }
  31695. if (p1 != NULL) {
  31696. mp_clear(p1);
  31697. XFREE(p1, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  31698. }
  31699. if (p2 != NULL) {
  31700. mp_clear(p2);
  31701. XFREE(p2, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  31702. }
  31703. if (p3 != NULL) {
  31704. mp_clear(p3);
  31705. XFREE(p3, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  31706. }
  31707. #else
  31708. mp_clear(p3);
  31709. mp_clear(p2);
  31710. mp_clear(p1);
  31711. mp_clear(n);
  31712. #endif
  31713. wc_FreeRng(&rng);
  31714. return ret;
  31715. }
  31716. #endif /* WOLFSSL_PUBLIC_MP */
  31717. #if defined(ASN_BER_TO_DER) && \
  31718. (defined(WOLFSSL_TEST_CERT) || defined(OPENSSL_EXTRA) || \
  31719. defined(OPENSSL_EXTRA_X509_SMALL))
  31720. /* wc_BerToDer is only public facing in the case of test cert or opensslextra */
  31721. typedef struct berDerTestData {
  31722. const byte *in;
  31723. word32 inSz;
  31724. const byte *out;
  31725. word32 outSz;
  31726. } berDerTestData;
  31727. WOLFSSL_TEST_SUBROUTINE int berder_test(void)
  31728. {
  31729. int ret;
  31730. int i;
  31731. word32 len = 0, l;
  31732. byte out[32];
  31733. WOLFSSL_SMALL_STACK_STATIC const byte good1_in[] = { 0x30, 0x80, 0x00, 0x00 };
  31734. WOLFSSL_SMALL_STACK_STATIC const byte good1_out[] = { 0x30, 0x00 };
  31735. WOLFSSL_SMALL_STACK_STATIC const byte good2_in[] = { 0x30, 0x80, 0x02, 0x01, 0x01, 0x00, 0x00 };
  31736. WOLFSSL_SMALL_STACK_STATIC const byte good2_out[] = { 0x30, 0x03, 0x02, 0x01, 0x01 };
  31737. WOLFSSL_SMALL_STACK_STATIC const byte good3_in[] = {
  31738. 0x24, 0x80, 0x04, 0x01, 0x01, 0x00, 0x00
  31739. };
  31740. WOLFSSL_SMALL_STACK_STATIC const byte good3_out[] = { 0x04, 0x1, 0x01 };
  31741. WOLFSSL_SMALL_STACK_STATIC const byte good4_in[] = {
  31742. 0x30, 0x80,
  31743. 0x02, 0x01, 0x01,
  31744. 0x30, 0x80,
  31745. 0x24, 0x80,
  31746. 0x04, 0x01, 0x01,
  31747. 0x04, 0x02, 0x02, 0x03,
  31748. 0x00, 0x00,
  31749. 0x06, 0x01, 0x01,
  31750. 0x00, 0x00,
  31751. 0x31, 0x80,
  31752. 0x06, 0x01, 0x01,
  31753. 0x00, 0x00,
  31754. 0x00, 0x00,
  31755. };
  31756. WOLFSSL_SMALL_STACK_STATIC const byte good4_out[] = {
  31757. 0x30, 0x12,
  31758. 0x02, 0x01, 0x01,
  31759. 0x30, 0x08,
  31760. 0x04, 0x03, 0x01, 0x02, 0x03,
  31761. 0x06, 0x01, 0x01,
  31762. 0x31, 0x03,
  31763. 0x06, 0x01, 0x01
  31764. };
  31765. WOLFSSL_SMALL_STACK_STATIC const byte good5_in[] = { 0x30, 0x03, 0x02, 0x01, 0x01 };
  31766. berDerTestData testData[] = {
  31767. { good1_in, sizeof(good1_in), good1_out, sizeof(good1_out) },
  31768. { good2_in, sizeof(good2_in), good2_out, sizeof(good2_out) },
  31769. { good3_in, sizeof(good3_in), good3_out, sizeof(good3_out) },
  31770. { good4_in, sizeof(good4_in), good4_out, sizeof(good4_out) },
  31771. { good5_in, sizeof(good5_in), good5_in , sizeof(good5_in ) },
  31772. };
  31773. for (i = 0; i < (int)(sizeof(testData) / sizeof(*testData)); i++) {
  31774. ret = wc_BerToDer(testData[i].in, testData[i].inSz, NULL, &len);
  31775. if (ret != LENGTH_ONLY_E)
  31776. return -13500 - i;
  31777. if (len != testData[i].outSz)
  31778. return -13510 - i;
  31779. len = testData[i].outSz;
  31780. ret = wc_BerToDer(testData[i].in, testData[i].inSz, out, &len);
  31781. if (ret != 0)
  31782. return -13520 - i;
  31783. if (XMEMCMP(out, testData[i].out, len) != 0)
  31784. return -13530 - i;
  31785. for (l = 1; l < testData[i].inSz; l++) {
  31786. ret = wc_BerToDer(testData[i].in, l, NULL, &len);
  31787. if (ret != ASN_PARSE_E)
  31788. return -13540;
  31789. len = testData[i].outSz;
  31790. ret = wc_BerToDer(testData[i].in, l, out, &len);
  31791. if (ret != ASN_PARSE_E)
  31792. return -13541;
  31793. }
  31794. for (l = 0; l < testData[i].outSz-1; l++) {
  31795. ret = wc_BerToDer(testData[i].in, testData[i].inSz, out, &l);
  31796. if (ret != BUFFER_E)
  31797. return -13542;
  31798. }
  31799. }
  31800. ret = wc_BerToDer(NULL, 4, NULL, NULL);
  31801. if (ret != BAD_FUNC_ARG)
  31802. return -13543;
  31803. ret = wc_BerToDer(out, 4, NULL, NULL);
  31804. if (ret != BAD_FUNC_ARG)
  31805. return -13544;
  31806. ret = wc_BerToDer(NULL, 4, NULL, &len);
  31807. if (ret != BAD_FUNC_ARG)
  31808. return -13545;
  31809. ret = wc_BerToDer(NULL, 4, out, NULL);
  31810. if (ret != BAD_FUNC_ARG)
  31811. return -13546;
  31812. ret = wc_BerToDer(out, 4, out, NULL);
  31813. if (ret != BAD_FUNC_ARG)
  31814. return -13547;
  31815. ret = wc_BerToDer(NULL, 4, out, &len);
  31816. if (ret != BAD_FUNC_ARG)
  31817. return -13548;
  31818. for (l = 1; l < sizeof(good4_out); l++) {
  31819. len = l;
  31820. ret = wc_BerToDer(good4_in, sizeof(good4_in), out, &len);
  31821. if (ret != BUFFER_E)
  31822. return -13549;
  31823. }
  31824. return 0;
  31825. }
  31826. #endif
  31827. #ifdef DEBUG_WOLFSSL
  31828. static THREAD_LS_T int log_cnt = 0;
  31829. static void my_Logging_cb(const int logLevel, const char *const logMessage)
  31830. {
  31831. (void)logLevel;
  31832. (void)logMessage;
  31833. log_cnt++;
  31834. }
  31835. #endif /* DEBUG_WOLFSSL */
  31836. WOLFSSL_TEST_SUBROUTINE int logging_test(void)
  31837. {
  31838. #ifdef DEBUG_WOLFSSL
  31839. const char* msg = "Testing, testing. 1, 2, 3, 4 ...";
  31840. byte a[8] = { 1, 2, 3, 4, 5, 6, 7, 8 };
  31841. byte b[256];
  31842. int i;
  31843. for (i = 0; i < (int)sizeof(b); i++)
  31844. b[i] = i;
  31845. if (wolfSSL_Debugging_ON() != 0)
  31846. return -13600;
  31847. if (wolfSSL_SetLoggingCb(my_Logging_cb) != 0)
  31848. return -13601;
  31849. WOLFSSL_MSG(msg);
  31850. WOLFSSL_BUFFER(a, sizeof(a));
  31851. WOLFSSL_BUFFER(b, sizeof(b));
  31852. WOLFSSL_BUFFER(NULL, 0);
  31853. WOLFSSL_ERROR(MEMORY_E);
  31854. WOLFSSL_ERROR_MSG(msg);
  31855. /* turn off logs */
  31856. wolfSSL_Debugging_OFF();
  31857. /* capture log count */
  31858. i = log_cnt;
  31859. /* validate no logs are output when disabled */
  31860. WOLFSSL_MSG(msg);
  31861. WOLFSSL_BUFFER(a, sizeof(a));
  31862. WOLFSSL_BUFFER(b, sizeof(b));
  31863. WOLFSSL_BUFFER(NULL, 0);
  31864. WOLFSSL_ERROR(MEMORY_E);
  31865. WOLFSSL_ERROR_MSG(msg);
  31866. /* check the logs were disabled */
  31867. if (i != log_cnt)
  31868. return -13602;
  31869. /* restore callback and leave logging enabled */
  31870. wolfSSL_SetLoggingCb(NULL);
  31871. wolfSSL_Debugging_ON();
  31872. /* suppress unused args */
  31873. (void)a;
  31874. (void)b;
  31875. #else
  31876. if (wolfSSL_Debugging_ON() != NOT_COMPILED_IN)
  31877. return -13603;
  31878. wolfSSL_Debugging_OFF();
  31879. if (wolfSSL_SetLoggingCb(NULL) != NOT_COMPILED_IN)
  31880. return -13604;
  31881. #endif /* DEBUG_WOLFSSL */
  31882. return 0;
  31883. }
  31884. WOLFSSL_TEST_SUBROUTINE int mutex_test(void)
  31885. {
  31886. #ifdef WOLFSSL_PTHREADS
  31887. wolfSSL_Mutex m;
  31888. #endif
  31889. #if !defined(WOLFSSL_NO_MALLOC) && !defined(WOLFSSL_USER_MUTEX)
  31890. wolfSSL_Mutex *mm = wc_InitAndAllocMutex();
  31891. if (mm == NULL)
  31892. return -13700;
  31893. wc_FreeMutex(mm);
  31894. XFREE(mm, HEAP_HINT, DYNAMIC_TYPE_MUTEX);
  31895. #endif
  31896. /* Can optionally enable advanced pthread tests using "ENABLE_PTHREAD_LOCKFREE_TESTS" */
  31897. #ifdef WOLFSSL_PTHREADS
  31898. if (wc_InitMutex(&m) != 0)
  31899. return -13701;
  31900. if (wc_LockMutex(&m) != 0)
  31901. return -13702;
  31902. #if !defined(WOLFSSL_SOLARIS) && defined(ENABLE_PTHREAD_LOCKFREE_TESTS)
  31903. /* trying to free a locked mutex is not portable behavior with pthread */
  31904. /* Attempting to destroy a locked mutex results in undefined behavior */
  31905. if (wc_FreeMutex(&m) != BAD_MUTEX_E)
  31906. return -13703;
  31907. #endif
  31908. if (wc_UnLockMutex(&m) != 0)
  31909. return -13704;
  31910. if (wc_FreeMutex(&m) != 0)
  31911. return -13705;
  31912. #if !defined(WOLFSSL_SOLARIS) && defined(ENABLE_PTHREAD_LOCKFREE_TESTS)
  31913. /* Trying to use a pthread after free'ing is not portable behavior */
  31914. if (wc_LockMutex(&m) != BAD_MUTEX_E)
  31915. return -13706;
  31916. if (wc_UnLockMutex(&m) != BAD_MUTEX_E)
  31917. return -13707;
  31918. #endif
  31919. #endif
  31920. return 0;
  31921. }
  31922. #if defined(USE_WOLFSSL_MEMORY) && !defined(FREERTOS)
  31923. #ifndef WOLFSSL_NO_MALLOC
  31924. static int malloc_cnt = 0;
  31925. static int realloc_cnt = 0;
  31926. static int free_cnt = 0;
  31927. static void *my_Malloc_cb(size_t size)
  31928. {
  31929. malloc_cnt++;
  31930. #ifndef WOLFSSL_NO_MALLOC
  31931. return malloc(size);
  31932. #else
  31933. WOLFSSL_MSG("No malloc available");
  31934. (void)size;
  31935. return NULL;
  31936. #endif
  31937. }
  31938. static void my_Free_cb(void *ptr)
  31939. {
  31940. free_cnt++;
  31941. #ifndef WOLFSSL_NO_MALLOC
  31942. free(ptr);
  31943. #else
  31944. WOLFSSL_MSG("No free available");
  31945. (void)ptr;
  31946. #endif
  31947. }
  31948. static void *my_Realloc_cb(void *ptr, size_t size)
  31949. {
  31950. realloc_cnt++;
  31951. #ifndef WOLFSSL_NO_MALLOC
  31952. return realloc(ptr, size);
  31953. #else
  31954. WOLFSSL_MSG("No realloc available");
  31955. (void)ptr;
  31956. (void)size;
  31957. return NULL;
  31958. #endif
  31959. }
  31960. #endif /* !WOLFSSL_NO_MALLOC */
  31961. WOLFSSL_TEST_SUBROUTINE int memcb_test(void)
  31962. {
  31963. int ret = 0;
  31964. #if !defined(WOLFSSL_NO_MALLOC) && !defined(WOLFSSL_LINUXKM)
  31965. byte* b = NULL;
  31966. #endif
  31967. wolfSSL_Malloc_cb mc;
  31968. wolfSSL_Free_cb fc;
  31969. wolfSSL_Realloc_cb rc;
  31970. /* Save existing memory callbacks */
  31971. if (wolfSSL_GetAllocators(&mc, &fc, &rc) != 0)
  31972. return -13800;
  31973. #if !defined(WOLFSSL_NO_MALLOC) && !defined(WOLFSSL_LINUXKM)
  31974. /* test realloc */
  31975. b = (byte*)XREALLOC(b, 1024, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  31976. if (b == NULL) {
  31977. ERROR_OUT(-13801, exit_memcb);
  31978. }
  31979. XFREE(b, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  31980. b = NULL;
  31981. /* Use API. */
  31982. if (wolfSSL_SetAllocators((wolfSSL_Malloc_cb)(void*)&my_Malloc_cb,
  31983. (wolfSSL_Free_cb)(void*)&my_Free_cb,
  31984. (wolfSSL_Realloc_cb)(void*)&my_Realloc_cb) != 0) {
  31985. ERROR_OUT(-13802, exit_memcb);
  31986. }
  31987. b = (byte*)XMALLOC(1024, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  31988. b = (byte*)XREALLOC(b, 1024, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  31989. XFREE(b, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
  31990. #ifndef WOLFSSL_STATIC_MEMORY
  31991. if (malloc_cnt != 1 || free_cnt != 1 || realloc_cnt != 1)
  31992. #else
  31993. if (malloc_cnt != 0 || free_cnt != 0 || realloc_cnt != 0)
  31994. #endif
  31995. ret = -13803;
  31996. #endif /* !WOLFSSL_NO_MALLOC */
  31997. #if !defined(WOLFSSL_NO_MALLOC) && !defined(WOLFSSL_LINUXKM)
  31998. exit_memcb:
  31999. #endif
  32000. /* restore memory callbacks */
  32001. wolfSSL_SetAllocators(mc, fc, rc);
  32002. return ret;
  32003. }
  32004. #endif /* USE_WOLFSSL_MEMORY && !WOLFSSL_NO_MALLOC */
  32005. #ifdef WOLFSSL_IMX6_CAAM_BLOB
  32006. WOLFSSL_TEST_SUBROUTINE int blob_test(void)
  32007. {
  32008. int ret = 0;
  32009. byte out[112];
  32010. byte blob[112];
  32011. word32 outSz;
  32012. WOLFSSL_SMALL_STACK_STATIC const byte iv[] =
  32013. {
  32014. 0xf0,0xf1,0xf2,0xf3,0xf4,0xf5,0xf6,0xf7,
  32015. 0xf8,0xf9,0xfa,0xfb,0xfc,0xfd,0xfe,0xff
  32016. };
  32017. WOLFSSL_SMALL_STACK_STATIC const byte text[] =
  32018. {
  32019. 0x6b,0xc1,0xbe,0xe2,0x2e,0x40,0x9f,0x96,
  32020. 0xe9,0x3d,0x7e,0x11,0x73,0x93,0x17,0x2a,
  32021. 0xae,0x2d,0x8a,0x57,0x1e,0x03,0xac,0x9c,
  32022. 0x9e,0xb7,0x6f,0xac,0x45,0xaf,0x8e,0x51,
  32023. 0x30,0xc8,0x1c,0x46,0xa3,0x5c,0xe4,0x11,
  32024. 0xe5,0xfb,0xc1,0x19,0x1a,0x0a,0x52,0xef,
  32025. 0xf6,0x9f,0x24,0x45,0xdf,0x4f,0x9b,0x17,
  32026. 0xad,0x2b,0x41,0x7b,0xe6,0x6c,0x37,0x10
  32027. };
  32028. XMEMSET(blob, 0, sizeof(blob));
  32029. XMEMSET(out, 0, sizeof(out));
  32030. outSz = sizeof(blob);
  32031. ret = wc_caamCreateBlob((byte*)iv, sizeof(iv), blob, &outSz);
  32032. if (ret != 0) {
  32033. ERROR_OUT(-13900, exit_blob);
  32034. }
  32035. blob[outSz - 2] += 1;
  32036. ret = wc_caamOpenBlob(blob, outSz, out, &outSz);
  32037. if (ret == 0) { /* should fail with altered blob */
  32038. ERROR_OUT(-13901, exit_blob);
  32039. }
  32040. XMEMSET(blob, 0, sizeof(blob));
  32041. outSz = sizeof(blob);
  32042. ret = wc_caamCreateBlob((byte*)iv, sizeof(iv), blob, &outSz);
  32043. if (ret != 0) {
  32044. ERROR_OUT(-13902, exit_blob);
  32045. }
  32046. ret = wc_caamOpenBlob(blob, outSz, out, &outSz);
  32047. if (ret != 0) {
  32048. ERROR_OUT(-13903, exit_blob);
  32049. }
  32050. if (XMEMCMP(out, iv, sizeof(iv))) {
  32051. ERROR_OUT(-13904, exit_blob);
  32052. }
  32053. XMEMSET(blob, 0, sizeof(blob));
  32054. outSz = sizeof(blob);
  32055. ret = wc_caamCreateBlob((byte*)text, sizeof(text), blob, &outSz);
  32056. if (ret != 0) {
  32057. ERROR_OUT(-13905, exit_blob);
  32058. }
  32059. ret = wc_caamOpenBlob(blob, outSz, out, &outSz);
  32060. if (ret != 0) {
  32061. ERROR_OUT(-13906, exit_blob);
  32062. }
  32063. if (XMEMCMP(out, text, sizeof(text))) {
  32064. ERROR_OUT(-13907, exit_blob);
  32065. }
  32066. exit_blob:
  32067. return ret;
  32068. }
  32069. #endif /* WOLFSSL_IMX6_CAAM_BLOB */
  32070. #ifdef WOLF_CRYPTO_CB
  32071. /* Example custom context for crypto callback */
  32072. typedef struct {
  32073. int exampleVar; /* example, not used */
  32074. } myCryptoDevCtx;
  32075. /* Example crypto dev callback function that calls software version */
  32076. static int myCryptoDevCb(int devIdArg, wc_CryptoInfo* info, void* ctx)
  32077. {
  32078. int ret = NOT_COMPILED_IN; /* return this to bypass HW and use SW */
  32079. myCryptoDevCtx* myCtx = (myCryptoDevCtx*)ctx;
  32080. if (info == NULL)
  32081. return BAD_FUNC_ARG;
  32082. #ifdef DEBUG_WOLFSSL
  32083. printf("CryptoDevCb: Algo Type %d\n", info->algo_type);
  32084. #endif
  32085. if (info->algo_type == WC_ALGO_TYPE_RNG) {
  32086. #ifndef WC_NO_RNG
  32087. /* set devId to invalid, so software is used */
  32088. info->rng.rng->devId = INVALID_DEVID;
  32089. ret = wc_RNG_GenerateBlock(info->rng.rng,
  32090. info->rng.out, info->rng.sz);
  32091. /* reset devId */
  32092. info->rng.rng->devId = devIdArg;
  32093. #endif
  32094. }
  32095. else if (info->algo_type == WC_ALGO_TYPE_SEED) {
  32096. #ifndef WC_NO_RNG
  32097. static byte seed[sizeof(word32)] = { 0x00, 0x00, 0x00, 0x01 };
  32098. word32* seedWord32 = (word32*)seed;
  32099. word32 len;
  32100. /* wc_GenerateSeed is a local symbol so we need to fake the entropy. */
  32101. while (info->seed.sz > 0) {
  32102. len = (word32)sizeof(seed);
  32103. if (info->seed.sz < len)
  32104. len = info->seed.sz;
  32105. XMEMCPY(info->seed.seed, seed, sizeof(seed));
  32106. info->seed.seed += len;
  32107. info->seed.sz -= len;
  32108. (*seedWord32)++;
  32109. }
  32110. ret = 0;
  32111. #endif
  32112. }
  32113. else if (info->algo_type == WC_ALGO_TYPE_PK) {
  32114. #ifdef DEBUG_WOLFSSL
  32115. printf("CryptoDevCb: Pk Type %d\n", info->pk.type);
  32116. #endif
  32117. #ifndef NO_RSA
  32118. if (info->pk.type == WC_PK_TYPE_RSA) {
  32119. /* set devId to invalid, so software is used */
  32120. info->pk.rsa.key->devId = INVALID_DEVID;
  32121. switch (info->pk.rsa.type) {
  32122. case RSA_PUBLIC_ENCRYPT:
  32123. case RSA_PUBLIC_DECRYPT:
  32124. /* perform software based RSA public op */
  32125. ret = wc_RsaFunction(
  32126. info->pk.rsa.in, info->pk.rsa.inLen,
  32127. info->pk.rsa.out, info->pk.rsa.outLen,
  32128. info->pk.rsa.type, info->pk.rsa.key, info->pk.rsa.rng);
  32129. break;
  32130. case RSA_PRIVATE_ENCRYPT:
  32131. case RSA_PRIVATE_DECRYPT:
  32132. /* perform software based RSA private op */
  32133. ret = wc_RsaFunction(
  32134. info->pk.rsa.in, info->pk.rsa.inLen,
  32135. info->pk.rsa.out, info->pk.rsa.outLen,
  32136. info->pk.rsa.type, info->pk.rsa.key, info->pk.rsa.rng);
  32137. break;
  32138. }
  32139. /* reset devId */
  32140. info->pk.rsa.key->devId = devIdArg;
  32141. }
  32142. #ifdef WOLFSSL_KEY_GEN
  32143. else if (info->pk.type == WC_PK_TYPE_RSA_KEYGEN) {
  32144. info->pk.rsakg.key->devId = INVALID_DEVID;
  32145. ret = wc_MakeRsaKey(info->pk.rsakg.key, info->pk.rsakg.size,
  32146. info->pk.rsakg.e, info->pk.rsakg.rng);
  32147. /* reset devId */
  32148. info->pk.rsakg.key->devId = devIdArg;
  32149. }
  32150. #endif
  32151. #endif /* !NO_RSA */
  32152. #ifdef HAVE_ECC
  32153. if (info->pk.type == WC_PK_TYPE_EC_KEYGEN) {
  32154. /* set devId to invalid, so software is used */
  32155. info->pk.eckg.key->devId = INVALID_DEVID;
  32156. ret = wc_ecc_make_key_ex(info->pk.eckg.rng, info->pk.eckg.size,
  32157. info->pk.eckg.key, info->pk.eckg.curveId);
  32158. /* reset devId */
  32159. info->pk.eckg.key->devId = devIdArg;
  32160. }
  32161. else if (info->pk.type == WC_PK_TYPE_ECDSA_SIGN) {
  32162. /* set devId to invalid, so software is used */
  32163. info->pk.eccsign.key->devId = INVALID_DEVID;
  32164. ret = wc_ecc_sign_hash(
  32165. info->pk.eccsign.in, info->pk.eccsign.inlen,
  32166. info->pk.eccsign.out, info->pk.eccsign.outlen,
  32167. info->pk.eccsign.rng, info->pk.eccsign.key);
  32168. /* reset devId */
  32169. info->pk.eccsign.key->devId = devIdArg;
  32170. }
  32171. else if (info->pk.type == WC_PK_TYPE_ECDSA_VERIFY) {
  32172. /* set devId to invalid, so software is used */
  32173. info->pk.eccverify.key->devId = INVALID_DEVID;
  32174. ret = wc_ecc_verify_hash(
  32175. info->pk.eccverify.sig, info->pk.eccverify.siglen,
  32176. info->pk.eccverify.hash, info->pk.eccverify.hashlen,
  32177. info->pk.eccverify.res, info->pk.eccverify.key);
  32178. /* reset devId */
  32179. info->pk.eccverify.key->devId = devIdArg;
  32180. }
  32181. else if (info->pk.type == WC_PK_TYPE_ECDH) {
  32182. /* set devId to invalid, so software is used */
  32183. info->pk.ecdh.private_key->devId = INVALID_DEVID;
  32184. ret = wc_ecc_shared_secret(
  32185. info->pk.ecdh.private_key, info->pk.ecdh.public_key,
  32186. info->pk.ecdh.out, info->pk.ecdh.outlen);
  32187. /* reset devId */
  32188. info->pk.ecdh.private_key->devId = devIdArg;
  32189. }
  32190. #endif /* HAVE_ECC */
  32191. }
  32192. else if (info->algo_type == WC_ALGO_TYPE_CIPHER) {
  32193. #if !defined(NO_AES) || !defined(NO_DES3)
  32194. #ifdef HAVE_AESGCM
  32195. if (info->cipher.type == WC_CIPHER_AES_GCM) {
  32196. if (info->cipher.enc) {
  32197. /* set devId to invalid, so software is used */
  32198. info->cipher.aesgcm_enc.aes->devId = INVALID_DEVID;
  32199. ret = wc_AesGcmEncrypt(
  32200. info->cipher.aesgcm_enc.aes,
  32201. info->cipher.aesgcm_enc.out,
  32202. info->cipher.aesgcm_enc.in,
  32203. info->cipher.aesgcm_enc.sz,
  32204. info->cipher.aesgcm_enc.iv,
  32205. info->cipher.aesgcm_enc.ivSz,
  32206. info->cipher.aesgcm_enc.authTag,
  32207. info->cipher.aesgcm_enc.authTagSz,
  32208. info->cipher.aesgcm_enc.authIn,
  32209. info->cipher.aesgcm_enc.authInSz);
  32210. /* reset devId */
  32211. info->cipher.aesgcm_enc.aes->devId = devIdArg;
  32212. }
  32213. else {
  32214. /* set devId to invalid, so software is used */
  32215. info->cipher.aesgcm_dec.aes->devId = INVALID_DEVID;
  32216. ret = wc_AesGcmDecrypt(
  32217. info->cipher.aesgcm_dec.aes,
  32218. info->cipher.aesgcm_dec.out,
  32219. info->cipher.aesgcm_dec.in,
  32220. info->cipher.aesgcm_dec.sz,
  32221. info->cipher.aesgcm_dec.iv,
  32222. info->cipher.aesgcm_dec.ivSz,
  32223. info->cipher.aesgcm_dec.authTag,
  32224. info->cipher.aesgcm_dec.authTagSz,
  32225. info->cipher.aesgcm_dec.authIn,
  32226. info->cipher.aesgcm_dec.authInSz);
  32227. /* reset devId */
  32228. info->cipher.aesgcm_dec.aes->devId = devIdArg;
  32229. }
  32230. }
  32231. #endif /* HAVE_AESGCM */
  32232. #ifdef HAVE_AES_CBC
  32233. if (info->cipher.type == WC_CIPHER_AES_CBC) {
  32234. if (info->cipher.enc) {
  32235. /* set devId to invalid, so software is used */
  32236. info->cipher.aescbc.aes->devId = INVALID_DEVID;
  32237. ret = wc_AesCbcEncrypt(
  32238. info->cipher.aescbc.aes,
  32239. info->cipher.aescbc.out,
  32240. info->cipher.aescbc.in,
  32241. info->cipher.aescbc.sz);
  32242. /* reset devId */
  32243. info->cipher.aescbc.aes->devId = devIdArg;
  32244. }
  32245. else {
  32246. /* set devId to invalid, so software is used */
  32247. info->cipher.aescbc.aes->devId = INVALID_DEVID;
  32248. ret = wc_AesCbcDecrypt(
  32249. info->cipher.aescbc.aes,
  32250. info->cipher.aescbc.out,
  32251. info->cipher.aescbc.in,
  32252. info->cipher.aescbc.sz);
  32253. /* reset devId */
  32254. info->cipher.aescbc.aes->devId = devIdArg;
  32255. }
  32256. }
  32257. #endif /* HAVE_AES_CBC */
  32258. #ifndef NO_DES3
  32259. if (info->cipher.type == WC_CIPHER_DES3) {
  32260. if (info->cipher.enc) {
  32261. /* set devId to invalid, so software is used */
  32262. info->cipher.des3.des->devId = INVALID_DEVID;
  32263. ret = wc_Des3_CbcEncrypt(
  32264. info->cipher.des3.des,
  32265. info->cipher.des3.out,
  32266. info->cipher.des3.in,
  32267. info->cipher.des3.sz);
  32268. /* reset devId */
  32269. info->cipher.des3.des->devId = devIdArg;
  32270. }
  32271. else {
  32272. /* set devId to invalid, so software is used */
  32273. info->cipher.des3.des->devId = INVALID_DEVID;
  32274. ret = wc_Des3_CbcDecrypt(
  32275. info->cipher.des3.des,
  32276. info->cipher.des3.out,
  32277. info->cipher.des3.in,
  32278. info->cipher.des3.sz);
  32279. /* reset devId */
  32280. info->cipher.des3.des->devId = devIdArg;
  32281. }
  32282. }
  32283. #endif /* !NO_DES3 */
  32284. #endif /* !NO_AES || !NO_DES3 */
  32285. }
  32286. #if !defined(NO_SHA) || !defined(NO_SHA256)
  32287. else if (info->algo_type == WC_ALGO_TYPE_HASH) {
  32288. #if !defined(NO_SHA)
  32289. if (info->hash.type == WC_HASH_TYPE_SHA) {
  32290. if (info->hash.sha1 == NULL)
  32291. return NOT_COMPILED_IN;
  32292. /* set devId to invalid, so software is used */
  32293. info->hash.sha1->devId = INVALID_DEVID;
  32294. if (info->hash.in != NULL) {
  32295. ret = wc_ShaUpdate(
  32296. info->hash.sha1,
  32297. info->hash.in,
  32298. info->hash.inSz);
  32299. }
  32300. if (info->hash.digest != NULL) {
  32301. ret = wc_ShaFinal(
  32302. info->hash.sha1,
  32303. info->hash.digest);
  32304. }
  32305. /* reset devId */
  32306. info->hash.sha1->devId = devIdArg;
  32307. }
  32308. else
  32309. #endif
  32310. #if !defined(NO_SHA256)
  32311. if (info->hash.type == WC_HASH_TYPE_SHA256) {
  32312. if (info->hash.sha256 == NULL)
  32313. return NOT_COMPILED_IN;
  32314. /* set devId to invalid, so software is used */
  32315. info->hash.sha256->devId = INVALID_DEVID;
  32316. if (info->hash.in != NULL) {
  32317. ret = wc_Sha256Update(
  32318. info->hash.sha256,
  32319. info->hash.in,
  32320. info->hash.inSz);
  32321. }
  32322. if (info->hash.digest != NULL) {
  32323. ret = wc_Sha256Final(
  32324. info->hash.sha256,
  32325. info->hash.digest);
  32326. }
  32327. /* reset devId */
  32328. info->hash.sha256->devId = devIdArg;
  32329. }
  32330. else
  32331. #endif
  32332. {
  32333. }
  32334. }
  32335. #endif /* !NO_SHA || !NO_SHA256 */
  32336. #ifndef NO_HMAC
  32337. else if (info->algo_type == WC_ALGO_TYPE_HMAC) {
  32338. if (info->hmac.hmac == NULL)
  32339. return NOT_COMPILED_IN;
  32340. /* set devId to invalid, so software is used */
  32341. info->hmac.hmac->devId = INVALID_DEVID;
  32342. if (info->hash.in != NULL) {
  32343. ret = wc_HmacUpdate(
  32344. info->hmac.hmac,
  32345. info->hmac.in,
  32346. info->hmac.inSz);
  32347. }
  32348. else if (info->hash.digest != NULL) {
  32349. ret = wc_HmacFinal(
  32350. info->hmac.hmac,
  32351. info->hmac.digest);
  32352. }
  32353. /* reset devId */
  32354. info->hmac.hmac->devId = devIdArg;
  32355. }
  32356. #endif
  32357. (void)devIdArg;
  32358. (void)myCtx;
  32359. return ret;
  32360. }
  32361. WOLFSSL_TEST_SUBROUTINE int cryptocb_test(void)
  32362. {
  32363. int ret = 0;
  32364. myCryptoDevCtx myCtx;
  32365. /* example data for callback */
  32366. myCtx.exampleVar = 1;
  32367. /* set devId to something other than INVALID_DEVID */
  32368. devId = 1;
  32369. ret = wc_CryptoCb_RegisterDevice(devId, myCryptoDevCb, &myCtx);
  32370. #ifndef WC_NO_RNG
  32371. if (ret == 0)
  32372. ret = random_test();
  32373. #endif /* WC_NO_RNG */
  32374. #ifndef NO_RSA
  32375. if (ret == 0)
  32376. ret = rsa_test();
  32377. #endif
  32378. #ifdef HAVE_ECC
  32379. if (ret == 0)
  32380. ret = ecc_test();
  32381. #endif
  32382. #ifndef NO_AES
  32383. #ifdef HAVE_AESGCM
  32384. if (ret == 0)
  32385. ret = aesgcm_test();
  32386. #endif
  32387. #ifdef HAVE_AES_CBC
  32388. if (ret == 0)
  32389. ret = aes_test();
  32390. #endif
  32391. #endif /* !NO_AES */
  32392. #ifndef NO_DES3
  32393. if (ret == 0)
  32394. ret = des3_test();
  32395. #endif /* !NO_DES3 */
  32396. #if !defined(NO_SHA) || !defined(NO_SHA256)
  32397. #ifndef NO_SHA
  32398. if (ret == 0)
  32399. ret = sha_test();
  32400. #endif
  32401. #ifndef NO_SHA256
  32402. if (ret == 0)
  32403. ret = sha256_test();
  32404. #endif
  32405. #endif
  32406. #ifndef NO_HMAC
  32407. #ifndef NO_SHA
  32408. if (ret == 0)
  32409. ret = hmac_sha_test();
  32410. #endif
  32411. #ifndef NO_SHA256
  32412. if (ret == 0)
  32413. ret = hmac_sha256_test();
  32414. #endif
  32415. #endif
  32416. #ifndef NO_PWDBASED
  32417. #if defined(HAVE_PBKDF2) && !defined(NO_SHA256)
  32418. if (ret == 0)
  32419. ret = pbkdf2_test();
  32420. #endif
  32421. #endif
  32422. #if defined(WOLFSSL_CMAC) && !defined(NO_AES)
  32423. if (ret == 0)
  32424. ret = cmac_test();
  32425. #endif
  32426. /* reset devId */
  32427. devId = INVALID_DEVID;
  32428. return ret;
  32429. }
  32430. #endif /* WOLF_CRYPTO_CB */
  32431. #ifdef WOLFSSL_CERT_PIV
  32432. WOLFSSL_TEST_SUBROUTINE int certpiv_test(void)
  32433. {
  32434. int ret;
  32435. wc_CertPIV piv;
  32436. /* Template for Identiv PIV cert, nonce and signature */
  32437. WOLFSSL_SMALL_STACK_STATIC const byte pivCertIdentiv[] = {
  32438. 0x0A, 0x0D,
  32439. 0x53, 0x04, /* NIST PIV Cert */
  32440. 0x70, 0x02, /* Certificate */
  32441. 0x30, 0x00,
  32442. 0x71, 0x01, 0x00, /* Cert Info */
  32443. 0xFE, 0x00, /* Error Detection */
  32444. 0x0B, 0x01, 0x00, /* Nonce */
  32445. 0x0C, 0x01, 0x00, /* Signed Nonce */
  32446. };
  32447. WOLFSSL_SMALL_STACK_STATIC const byte pivCert[] = {
  32448. 0x53, 0x04, /* NIST PIV Cert */
  32449. 0x70, 0x02, /* Certificate */
  32450. 0x30, 0x00,
  32451. 0x71, 0x01, 0x00, /* Cert Info */
  32452. 0xFE, 0x00, /* Error Detection */
  32453. };
  32454. /* Test with identiv 0x0A, 0x0B and 0x0C markers */
  32455. ret = wc_ParseCertPIV(&piv, pivCertIdentiv, sizeof(pivCertIdentiv));
  32456. if (ret == 0) {
  32457. /* Test with NIST PIV format */
  32458. ret = wc_ParseCertPIV(&piv, pivCert, sizeof(pivCert));
  32459. }
  32460. return ret;
  32461. }
  32462. #endif /* WOLFSSL_CERT_PIV */
  32463. #undef ERROR_OUT
  32464. #else
  32465. #ifndef NO_MAIN_DRIVER
  32466. int main() { return 0; }
  32467. #endif
  32468. #endif /* NO_CRYPT_TEST */